diff --git a/Makefile.am b/Makefile.am index b7bbd4057..104a8fb86 100644 --- a/Makefile.am +++ b/Makefile.am @@ -128,92 +128,6 @@ src_libbitcoin_network_la_SOURCES = \ src/sessions/session_peer.cpp \ src/sessions/session_seed.cpp \ src/sessions/session_server.cpp \ - src/ssl/wolfcrypt/aes.c \ - src/ssl/wolfcrypt/arc4.c \ - src/ssl/wolfcrypt/ascon.c \ - src/ssl/wolfcrypt/asm.c \ - src/ssl/wolfcrypt/asn.c \ - src/ssl/wolfcrypt/blake2b.c \ - src/ssl/wolfcrypt/blake2s.c \ - src/ssl/wolfcrypt/camellia.c \ - src/ssl/wolfcrypt/chacha.c \ - src/ssl/wolfcrypt/chacha20_poly1305.c \ - src/ssl/wolfcrypt/cmac.c \ - src/ssl/wolfcrypt/coding.c \ - src/ssl/wolfcrypt/compress.c \ - src/ssl/wolfcrypt/cpuid.c \ - src/ssl/wolfcrypt/cryptocb.c \ - src/ssl/wolfcrypt/curve25519.c \ - src/ssl/wolfcrypt/curve448.c \ - src/ssl/wolfcrypt/des3.c \ - src/ssl/wolfcrypt/dh.c \ - src/ssl/wolfcrypt/dilithium.c \ - src/ssl/wolfcrypt/dsa.c \ - src/ssl/wolfcrypt/ecc.c \ - src/ssl/wolfcrypt/eccsi.c \ - src/ssl/wolfcrypt/ed25519.c \ - src/ssl/wolfcrypt/ed448.c \ - src/ssl/wolfcrypt/error1.c \ - src/ssl/wolfcrypt/ext_lms.c \ - src/ssl/wolfcrypt/ext_mlkem.c \ - src/ssl/wolfcrypt/ext_xmss.c \ - src/ssl/wolfcrypt/falcon.c \ - src/ssl/wolfcrypt/fe_448.c \ - src/ssl/wolfcrypt/fe_low_mem.c \ - src/ssl/wolfcrypt/fe_operations.c \ - src/ssl/wolfcrypt/fe_x25519_128.h \ - src/ssl/wolfcrypt/ge_448.c \ - src/ssl/wolfcrypt/ge_low_mem.c \ - src/ssl/wolfcrypt/ge_operations.c \ - src/ssl/wolfcrypt/hash.c \ - src/ssl/wolfcrypt/hmac.c \ - src/ssl/wolfcrypt/hpke.c \ - src/ssl/wolfcrypt/integer.c \ - src/ssl/wolfcrypt/kdf.c \ - src/ssl/wolfcrypt/logging.c \ - src/ssl/wolfcrypt/md2.c \ - src/ssl/wolfcrypt/md4.c \ - src/ssl/wolfcrypt/md5.c \ - src/ssl/wolfcrypt/memory1.c \ - src/ssl/wolfcrypt/pkcs12.c \ - src/ssl/wolfcrypt/pkcs7.c \ - src/ssl/wolfcrypt/poly1305.c \ - src/ssl/wolfcrypt/pwdbased.c \ - src/ssl/wolfcrypt/random.c \ - src/ssl/wolfcrypt/rc2.c \ - src/ssl/wolfcrypt/ripemd.c \ - src/ssl/wolfcrypt/rsa.c \ - src/ssl/wolfcrypt/sakke.c \ - src/ssl/wolfcrypt/sha.c \ - src/ssl/wolfcrypt/sha256.c \ - src/ssl/wolfcrypt/sha3.c \ - src/ssl/wolfcrypt/sha512.c \ - src/ssl/wolfcrypt/signature.c \ - src/ssl/wolfcrypt/siphash.c \ - src/ssl/wolfcrypt/sp_arm32.c \ - src/ssl/wolfcrypt/sp_arm64.c \ - src/ssl/wolfcrypt/sp_armthumb.c \ - src/ssl/wolfcrypt/sp_c32.c \ - src/ssl/wolfcrypt/sp_c64.c \ - src/ssl/wolfcrypt/sp_cortexm.c \ - src/ssl/wolfcrypt/sp_dsp32.c \ - src/ssl/wolfcrypt/sp_int.c \ - src/ssl/wolfcrypt/sp_x86_64.c \ - src/ssl/wolfcrypt/sphincs.c \ - src/ssl/wolfcrypt/srp.c \ - src/ssl/wolfcrypt/tfm.c \ - src/ssl/wolfcrypt/wc_dsp.c \ - src/ssl/wolfcrypt/wc_encrypt.c \ - src/ssl/wolfcrypt/wc_lms.c \ - src/ssl/wolfcrypt/wc_lms_impl.c \ - src/ssl/wolfcrypt/wc_mlkem.c \ - src/ssl/wolfcrypt/wc_mlkem_poly.c \ - src/ssl/wolfcrypt/wc_pkcs11.c \ - src/ssl/wolfcrypt/wc_port.c \ - src/ssl/wolfcrypt/wc_xmss.c \ - src/ssl/wolfcrypt/wc_xmss_impl.c \ - src/ssl/wolfcrypt/wolfevent.c \ - src/ssl/wolfcrypt/wolfmath.c \ src/ssl/wolfssl/crl.c \ src/ssl/wolfssl/dtls.c \ src/ssl/wolfssl/dtls13.c \ @@ -240,7 +154,93 @@ src_libbitcoin_network_la_SOURCES = \ src/ssl/wolfssl/src/ssl_sess.c \ src/ssl/wolfssl/src/ssl_sk.c \ src/ssl/wolfssl/src/x509.c \ - src/ssl/wolfssl/src/x509_str.c + src/ssl/wolfssl/src/x509_str.c \ + src/ssl/wolfssl/wolfcrypt/aes.c \ + src/ssl/wolfssl/wolfcrypt/arc4.c \ + src/ssl/wolfssl/wolfcrypt/ascon.c \ + src/ssl/wolfssl/wolfcrypt/asm.c \ + src/ssl/wolfssl/wolfcrypt/asn.c \ + src/ssl/wolfssl/wolfcrypt/blake2b.c \ + src/ssl/wolfssl/wolfcrypt/blake2s.c \ + src/ssl/wolfssl/wolfcrypt/camellia.c \ + src/ssl/wolfssl/wolfcrypt/chacha.c \ + src/ssl/wolfssl/wolfcrypt/chacha20_poly1305.c \ + src/ssl/wolfssl/wolfcrypt/cmac.c \ + src/ssl/wolfssl/wolfcrypt/coding.c \ + src/ssl/wolfssl/wolfcrypt/compress.c \ + src/ssl/wolfssl/wolfcrypt/cpuid.c \ + src/ssl/wolfssl/wolfcrypt/cryptocb.c \ + src/ssl/wolfssl/wolfcrypt/curve25519.c \ + src/ssl/wolfssl/wolfcrypt/curve448.c \ + src/ssl/wolfssl/wolfcrypt/des3.c \ + src/ssl/wolfssl/wolfcrypt/dh.c \ + src/ssl/wolfssl/wolfcrypt/dilithium.c \ + src/ssl/wolfssl/wolfcrypt/dsa.c \ + src/ssl/wolfssl/wolfcrypt/ecc.c \ + src/ssl/wolfssl/wolfcrypt/eccsi.c \ + src/ssl/wolfssl/wolfcrypt/ed25519.c \ + src/ssl/wolfssl/wolfcrypt/ed448.c \ + src/ssl/wolfssl/wolfcrypt/error.c \ + src/ssl/wolfssl/wolfcrypt/ext_lms.c \ + src/ssl/wolfssl/wolfcrypt/ext_mlkem.c \ + src/ssl/wolfssl/wolfcrypt/ext_xmss.c \ + src/ssl/wolfssl/wolfcrypt/falcon.c \ + src/ssl/wolfssl/wolfcrypt/fe_448.c \ + src/ssl/wolfssl/wolfcrypt/fe_low_mem.c \ + src/ssl/wolfssl/wolfcrypt/fe_operations.c \ + src/ssl/wolfssl/wolfcrypt/fe_x25519_128.h \ + src/ssl/wolfssl/wolfcrypt/ge_448.c \ + src/ssl/wolfssl/wolfcrypt/ge_low_mem.c \ + src/ssl/wolfssl/wolfcrypt/ge_operations.c \ + src/ssl/wolfssl/wolfcrypt/hash.c \ + src/ssl/wolfssl/wolfcrypt/hmac.c \ + src/ssl/wolfssl/wolfcrypt/hpke.c \ + src/ssl/wolfssl/wolfcrypt/integer.c \ + src/ssl/wolfssl/wolfcrypt/kdf.c \ + src/ssl/wolfssl/wolfcrypt/logging.c \ + src/ssl/wolfssl/wolfcrypt/md2.c \ + src/ssl/wolfssl/wolfcrypt/md4.c \ + src/ssl/wolfssl/wolfcrypt/md5.c \ + src/ssl/wolfssl/wolfcrypt/memory.c \ + src/ssl/wolfssl/wolfcrypt/pkcs12.c \ + src/ssl/wolfssl/wolfcrypt/pkcs7.c \ + src/ssl/wolfssl/wolfcrypt/poly1305.c \ + src/ssl/wolfssl/wolfcrypt/pwdbased.c \ + src/ssl/wolfssl/wolfcrypt/random.c \ + src/ssl/wolfssl/wolfcrypt/rc2.c \ + src/ssl/wolfssl/wolfcrypt/ripemd.c \ + src/ssl/wolfssl/wolfcrypt/rsa.c \ + src/ssl/wolfssl/wolfcrypt/sakke.c \ + src/ssl/wolfssl/wolfcrypt/sha.c \ + src/ssl/wolfssl/wolfcrypt/sha256.c \ + src/ssl/wolfssl/wolfcrypt/sha3.c \ + src/ssl/wolfssl/wolfcrypt/sha512.c \ + src/ssl/wolfssl/wolfcrypt/signature.c \ + src/ssl/wolfssl/wolfcrypt/siphash.c \ + src/ssl/wolfssl/wolfcrypt/sp_arm32.c \ + src/ssl/wolfssl/wolfcrypt/sp_arm64.c \ + src/ssl/wolfssl/wolfcrypt/sp_armthumb.c \ + src/ssl/wolfssl/wolfcrypt/sp_c32.c \ + src/ssl/wolfssl/wolfcrypt/sp_c64.c \ + src/ssl/wolfssl/wolfcrypt/sp_cortexm.c \ + src/ssl/wolfssl/wolfcrypt/sp_dsp32.c \ + src/ssl/wolfssl/wolfcrypt/sp_int.c \ + src/ssl/wolfssl/wolfcrypt/sp_x86_64.c \ + src/ssl/wolfssl/wolfcrypt/sphincs.c \ + src/ssl/wolfssl/wolfcrypt/srp.c \ + src/ssl/wolfssl/wolfcrypt/tfm.c \ + src/ssl/wolfssl/wolfcrypt/wc_dsp.c \ + src/ssl/wolfssl/wolfcrypt/wc_encrypt.c \ + src/ssl/wolfssl/wolfcrypt/wc_lms.c \ + src/ssl/wolfssl/wolfcrypt/wc_lms_impl.c \ + src/ssl/wolfssl/wolfcrypt/wc_mlkem.c \ + src/ssl/wolfssl/wolfcrypt/wc_mlkem_poly.c \ + src/ssl/wolfssl/wolfcrypt/wc_pkcs11.c \ + src/ssl/wolfssl/wolfcrypt/wc_port.c \ + src/ssl/wolfssl/wolfcrypt/wc_xmss.c \ + src/ssl/wolfssl/wolfcrypt/wc_xmss_impl.c \ + src/ssl/wolfssl/wolfcrypt/wolfevent.c \ + src/ssl/wolfssl/wolfcrypt/wolfmath.c # local: test/libbitcoin-network-test #------------------------------------------------------------------------------ @@ -249,7 +249,7 @@ if WITH_TESTS TESTS = libbitcoin-network-test_runner.sh check_PROGRAMS = test/libbitcoin-network-test -test_libbitcoin_network_test_CPPFLAGS = -I${srcdir}/include -I${srcdir}/include/bitcoin/ssl ${bitcoin_system_BUILD_CPPFLAGS} +test_libbitcoin_network_test_CPPFLAGS = -I${srcdir}/include -I${srcdir}/include/bitcoin/ssl -I${srcdir}/test/ssl/wolfssl ${bitcoin_system_BUILD_CPPFLAGS} test_libbitcoin_network_test_LDADD = src/libbitcoin-network.la ${boost_unit_test_framework_LIBS} ${bitcoin_system_LIBS} test_libbitcoin_network_test_SOURCES = \ test/error.cpp \ @@ -370,7 +370,152 @@ test_libbitcoin_network_test_SOURCES = \ test/sessions/session_manual.cpp \ test/sessions/session_outbound.cpp \ test/sessions/session_seed.cpp \ - test/sessions/session_server.cpp + test/sessions/session_server.cpp \ + test/ssl/wolfssl.cpp \ + test/ssl/wolfssl/examples/client/client.c \ + test/ssl/wolfssl/examples/client/client.h \ + test/ssl/wolfssl/examples/server/server.c \ + test/ssl/wolfssl/examples/server/server.h \ + test/ssl/wolfssl/tests/api.c \ + test/ssl/wolfssl/tests/quic.c \ + test/ssl/wolfssl/tests/srp.c \ + test/ssl/wolfssl/tests/suites.c \ + test/ssl/wolfssl/tests/unit.c \ + test/ssl/wolfssl/tests/unit.h \ + test/ssl/wolfssl/tests/utils.c \ + test/ssl/wolfssl/tests/utils.h \ + test/ssl/wolfssl/tests/w64wrapper.c \ + test/ssl/wolfssl/tests/api/api.h \ + test/ssl/wolfssl/tests/api/api_decl.h \ + test/ssl/wolfssl/tests/api/test_aes.c \ + test/ssl/wolfssl/tests/api/test_aes.h \ + test/ssl/wolfssl/tests/api/test_arc4.c \ + test/ssl/wolfssl/tests/api/test_arc4.h \ + test/ssl/wolfssl/tests/api/test_ascon.c \ + test/ssl/wolfssl/tests/api/test_ascon.h \ + test/ssl/wolfssl/tests/api/test_ascon_kats.h \ + test/ssl/wolfssl/tests/api/test_asn.c \ + test/ssl/wolfssl/tests/api/test_asn.h \ + test/ssl/wolfssl/tests/api/test_blake2.c \ + test/ssl/wolfssl/tests/api/test_blake2.h \ + test/ssl/wolfssl/tests/api/test_camellia.c \ + test/ssl/wolfssl/tests/api/test_camellia.h \ + test/ssl/wolfssl/tests/api/test_chacha.c \ + test/ssl/wolfssl/tests/api/test_chacha.h \ + test/ssl/wolfssl/tests/api/test_chacha20_poly1305.c \ + test/ssl/wolfssl/tests/api/test_chacha20_poly1305.h \ + test/ssl/wolfssl/tests/api/test_cmac.c \ + test/ssl/wolfssl/tests/api/test_cmac.h \ + test/ssl/wolfssl/tests/api/test_curve25519.c \ + test/ssl/wolfssl/tests/api/test_curve25519.h \ + test/ssl/wolfssl/tests/api/test_curve448.c \ + test/ssl/wolfssl/tests/api/test_curve448.h \ + test/ssl/wolfssl/tests/api/test_des3.c \ + test/ssl/wolfssl/tests/api/test_des3.h \ + test/ssl/wolfssl/tests/api/test_dh.c \ + test/ssl/wolfssl/tests/api/test_dh.h \ + test/ssl/wolfssl/tests/api/test_digest.h \ + test/ssl/wolfssl/tests/api/test_dsa.c \ + test/ssl/wolfssl/tests/api/test_dsa.h \ + test/ssl/wolfssl/tests/api/test_dtls.c \ + test/ssl/wolfssl/tests/api/test_dtls.h \ + test/ssl/wolfssl/tests/api/test_ecc.c \ + test/ssl/wolfssl/tests/api/test_ecc.h \ + test/ssl/wolfssl/tests/api/test_ed25519.c \ + test/ssl/wolfssl/tests/api/test_ed25519.h \ + test/ssl/wolfssl/tests/api/test_ed448.c \ + test/ssl/wolfssl/tests/api/test_ed448.h \ + test/ssl/wolfssl/tests/api/test_evp.c \ + test/ssl/wolfssl/tests/api/test_evp.h \ + test/ssl/wolfssl/tests/api/test_hash.c \ + test/ssl/wolfssl/tests/api/test_hash.h \ + test/ssl/wolfssl/tests/api/test_hmac.c \ + test/ssl/wolfssl/tests/api/test_hmac.h \ + test/ssl/wolfssl/tests/api/test_md2.c \ + test/ssl/wolfssl/tests/api/test_md2.h \ + test/ssl/wolfssl/tests/api/test_md4.c \ + test/ssl/wolfssl/tests/api/test_md4.h \ + test/ssl/wolfssl/tests/api/test_md5.c \ + test/ssl/wolfssl/tests/api/test_md5.h \ + test/ssl/wolfssl/tests/api/test_mldsa.c \ + test/ssl/wolfssl/tests/api/test_mldsa.h \ + test/ssl/wolfssl/tests/api/test_mlkem.c \ + test/ssl/wolfssl/tests/api/test_mlkem.h \ + test/ssl/wolfssl/tests/api/test_ocsp.c \ + test/ssl/wolfssl/tests/api/test_ocsp.h \ + test/ssl/wolfssl/tests/api/test_ocsp_test_blobs.h \ + test/ssl/wolfssl/tests/api/test_ossl_asn1.c \ + test/ssl/wolfssl/tests/api/test_ossl_asn1.h \ + test/ssl/wolfssl/tests/api/test_ossl_bio.c \ + test/ssl/wolfssl/tests/api/test_ossl_bio.h \ + test/ssl/wolfssl/tests/api/test_ossl_bn.c \ + test/ssl/wolfssl/tests/api/test_ossl_bn.h \ + test/ssl/wolfssl/tests/api/test_ossl_cipher.c \ + test/ssl/wolfssl/tests/api/test_ossl_cipher.h \ + test/ssl/wolfssl/tests/api/test_ossl_dgst.c \ + test/ssl/wolfssl/tests/api/test_ossl_dgst.h \ + test/ssl/wolfssl/tests/api/test_ossl_dh.c \ + test/ssl/wolfssl/tests/api/test_ossl_dh.h \ + test/ssl/wolfssl/tests/api/test_ossl_dsa.c \ + test/ssl/wolfssl/tests/api/test_ossl_dsa.h \ + test/ssl/wolfssl/tests/api/test_ossl_ec.c \ + test/ssl/wolfssl/tests/api/test_ossl_ec.h \ + test/ssl/wolfssl/tests/api/test_ossl_ecx.c \ + test/ssl/wolfssl/tests/api/test_ossl_ecx.h \ + test/ssl/wolfssl/tests/api/test_ossl_mac.c \ + test/ssl/wolfssl/tests/api/test_ossl_mac.h \ + test/ssl/wolfssl/tests/api/test_ossl_rsa.c \ + test/ssl/wolfssl/tests/api/test_ossl_rsa.h \ + test/ssl/wolfssl/tests/api/test_ossl_sk.c \ + test/ssl/wolfssl/tests/api/test_ossl_sk.h \ + test/ssl/wolfssl/tests/api/test_pkcs12.c \ + test/ssl/wolfssl/tests/api/test_pkcs12.h \ + test/ssl/wolfssl/tests/api/test_pkcs7.c \ + test/ssl/wolfssl/tests/api/test_pkcs7.h \ + test/ssl/wolfssl/tests/api/test_poly1305.c \ + test/ssl/wolfssl/tests/api/test_poly1305.h \ + test/ssl/wolfssl/tests/api/test_random.c \ + test/ssl/wolfssl/tests/api/test_random.h \ + test/ssl/wolfssl/tests/api/test_rc2.c \ + test/ssl/wolfssl/tests/api/test_rc2.h \ + test/ssl/wolfssl/tests/api/test_ripemd.c \ + test/ssl/wolfssl/tests/api/test_ripemd.h \ + test/ssl/wolfssl/tests/api/test_rsa.c \ + test/ssl/wolfssl/tests/api/test_rsa.h \ + test/ssl/wolfssl/tests/api/test_sha.c \ + test/ssl/wolfssl/tests/api/test_sha.h \ + test/ssl/wolfssl/tests/api/test_sha256.c \ + test/ssl/wolfssl/tests/api/test_sha256.h \ + test/ssl/wolfssl/tests/api/test_sha3.c \ + test/ssl/wolfssl/tests/api/test_sha3.h \ + test/ssl/wolfssl/tests/api/test_sha512.c \ + test/ssl/wolfssl/tests/api/test_sha512.h \ + test/ssl/wolfssl/tests/api/test_signature.c \ + test/ssl/wolfssl/tests/api/test_signature.h \ + test/ssl/wolfssl/tests/api/test_sm2.c \ + test/ssl/wolfssl/tests/api/test_sm2.h \ + test/ssl/wolfssl/tests/api/test_sm3.c \ + test/ssl/wolfssl/tests/api/test_sm3.h \ + test/ssl/wolfssl/tests/api/test_sm4.c \ + test/ssl/wolfssl/tests/api/test_sm4.h \ + test/ssl/wolfssl/tests/api/test_tls.c \ + test/ssl/wolfssl/tests/api/test_tls.h \ + test/ssl/wolfssl/tests/api/test_tls13.c \ + test/ssl/wolfssl/tests/api/test_tls13.h \ + test/ssl/wolfssl/tests/api/test_tls_ext.c \ + test/ssl/wolfssl/tests/api/test_tls_ext.h \ + test/ssl/wolfssl/tests/api/test_wc_encrypt.c \ + test/ssl/wolfssl/tests/api/test_wc_encrypt.h \ + test/ssl/wolfssl/tests/api/test_wolfmath.c \ + test/ssl/wolfssl/tests/api/test_wolfmath.h \ + test/ssl/wolfssl/tests/api/test_x509.c \ + test/ssl/wolfssl/tests/api/test_x509.h \ + test/ssl/wolfssl/testsuite/utils.h \ + test/ssl/wolfssl/testsuite/utils1.c \ + test/ssl/wolfssl/wolfcrypt/benchmark/benchmark.c \ + test/ssl/wolfssl/wolfcrypt/benchmark/benchmark.h \ + test/ssl/wolfssl/wolfcrypt/test/test.c \ + test/ssl/wolfssl/wolfcrypt/test/test.h endif WITH_TESTS @@ -624,10 +769,6 @@ include_bitcoin_ssl_openssl_HEADERS = \ include/bitcoin/ssl/openssl/x509.h \ include/bitcoin/ssl/openssl/x509v3.h -include_bitcoin_ssl_wolfcryptdir = ${includedir}/bitcoin/ssl/wolfcrypt -include_bitcoin_ssl_wolfcrypt_HEADERS = \ - include/bitcoin/ssl/wolfcrypt/wolfcrypt.h - include_bitcoin_ssl_wolfssldir = ${includedir}/bitcoin/ssl/wolfssl include_bitcoin_ssl_wolfssl_HEADERS = \ include/bitcoin/ssl/wolfssl/callbacks.h \ diff --git a/builds/cmake/CMakeLists.txt b/builds/cmake/CMakeLists.txt index fc9e0dd51..6977e3063 100644 --- a/builds/cmake/CMakeLists.txt +++ b/builds/cmake/CMakeLists.txt @@ -311,92 +311,6 @@ add_library( ${CANONICAL_LIB_NAME} "../../src/sessions/session_peer.cpp" "../../src/sessions/session_seed.cpp" "../../src/sessions/session_server.cpp" - "../../src/ssl/wolfcrypt/aes.c" - "../../src/ssl/wolfcrypt/arc4.c" - "../../src/ssl/wolfcrypt/ascon.c" - "../../src/ssl/wolfcrypt/asm.c" - "../../src/ssl/wolfcrypt/asn.c" - "../../src/ssl/wolfcrypt/blake2b.c" - "../../src/ssl/wolfcrypt/blake2s.c" - "../../src/ssl/wolfcrypt/camellia.c" - "../../src/ssl/wolfcrypt/chacha.c" - "../../src/ssl/wolfcrypt/chacha20_poly1305.c" - "../../src/ssl/wolfcrypt/cmac.c" - "../../src/ssl/wolfcrypt/coding.c" - "../../src/ssl/wolfcrypt/compress.c" - "../../src/ssl/wolfcrypt/cpuid.c" - "../../src/ssl/wolfcrypt/cryptocb.c" - "../../src/ssl/wolfcrypt/curve25519.c" - "../../src/ssl/wolfcrypt/curve448.c" - "../../src/ssl/wolfcrypt/des3.c" - "../../src/ssl/wolfcrypt/dh.c" - "../../src/ssl/wolfcrypt/dilithium.c" - "../../src/ssl/wolfcrypt/dsa.c" - "../../src/ssl/wolfcrypt/ecc.c" - "../../src/ssl/wolfcrypt/eccsi.c" - "../../src/ssl/wolfcrypt/ed25519.c" - "../../src/ssl/wolfcrypt/ed448.c" - "../../src/ssl/wolfcrypt/error1.c" - "../../src/ssl/wolfcrypt/ext_lms.c" - "../../src/ssl/wolfcrypt/ext_mlkem.c" - "../../src/ssl/wolfcrypt/ext_xmss.c" - "../../src/ssl/wolfcrypt/falcon.c" - "../../src/ssl/wolfcrypt/fe_448.c" - "../../src/ssl/wolfcrypt/fe_low_mem.c" - "../../src/ssl/wolfcrypt/fe_operations.c" - "../../src/ssl/wolfcrypt/fe_x25519_128.h" - "../../src/ssl/wolfcrypt/ge_448.c" - "../../src/ssl/wolfcrypt/ge_low_mem.c" - "../../src/ssl/wolfcrypt/ge_operations.c" - "../../src/ssl/wolfcrypt/hash.c" - "../../src/ssl/wolfcrypt/hmac.c" - "../../src/ssl/wolfcrypt/hpke.c" - "../../src/ssl/wolfcrypt/integer.c" - "../../src/ssl/wolfcrypt/kdf.c" - "../../src/ssl/wolfcrypt/logging.c" - "../../src/ssl/wolfcrypt/md2.c" - "../../src/ssl/wolfcrypt/md4.c" - "../../src/ssl/wolfcrypt/md5.c" - "../../src/ssl/wolfcrypt/memory1.c" - "../../src/ssl/wolfcrypt/pkcs12.c" - "../../src/ssl/wolfcrypt/pkcs7.c" - "../../src/ssl/wolfcrypt/poly1305.c" - "../../src/ssl/wolfcrypt/pwdbased.c" - "../../src/ssl/wolfcrypt/random.c" - "../../src/ssl/wolfcrypt/rc2.c" - "../../src/ssl/wolfcrypt/ripemd.c" - "../../src/ssl/wolfcrypt/rsa.c" - "../../src/ssl/wolfcrypt/sakke.c" - "../../src/ssl/wolfcrypt/sha.c" - "../../src/ssl/wolfcrypt/sha256.c" - "../../src/ssl/wolfcrypt/sha3.c" - "../../src/ssl/wolfcrypt/sha512.c" - "../../src/ssl/wolfcrypt/signature.c" - "../../src/ssl/wolfcrypt/siphash.c" - "../../src/ssl/wolfcrypt/sp_arm32.c" - "../../src/ssl/wolfcrypt/sp_arm64.c" - "../../src/ssl/wolfcrypt/sp_armthumb.c" - "../../src/ssl/wolfcrypt/sp_c32.c" - "../../src/ssl/wolfcrypt/sp_c64.c" - "../../src/ssl/wolfcrypt/sp_cortexm.c" - "../../src/ssl/wolfcrypt/sp_dsp32.c" - "../../src/ssl/wolfcrypt/sp_int.c" - "../../src/ssl/wolfcrypt/sp_x86_64.c" - "../../src/ssl/wolfcrypt/sphincs.c" - "../../src/ssl/wolfcrypt/srp.c" - "../../src/ssl/wolfcrypt/tfm.c" - "../../src/ssl/wolfcrypt/wc_dsp.c" - "../../src/ssl/wolfcrypt/wc_encrypt.c" - "../../src/ssl/wolfcrypt/wc_lms.c" - "../../src/ssl/wolfcrypt/wc_lms_impl.c" - "../../src/ssl/wolfcrypt/wc_mlkem.c" - "../../src/ssl/wolfcrypt/wc_mlkem_poly.c" - "../../src/ssl/wolfcrypt/wc_pkcs11.c" - "../../src/ssl/wolfcrypt/wc_port.c" - "../../src/ssl/wolfcrypt/wc_xmss.c" - "../../src/ssl/wolfcrypt/wc_xmss_impl.c" - "../../src/ssl/wolfcrypt/wolfevent.c" - "../../src/ssl/wolfcrypt/wolfmath.c" "../../src/ssl/wolfssl/crl.c" "../../src/ssl/wolfssl/dtls.c" "../../src/ssl/wolfssl/dtls13.c" @@ -423,7 +337,93 @@ add_library( ${CANONICAL_LIB_NAME} "../../src/ssl/wolfssl/src/ssl_sess.c" "../../src/ssl/wolfssl/src/ssl_sk.c" "../../src/ssl/wolfssl/src/x509.c" - "../../src/ssl/wolfssl/src/x509_str.c" ) + "../../src/ssl/wolfssl/src/x509_str.c" + "../../src/ssl/wolfssl/wolfcrypt/aes.c" + "../../src/ssl/wolfssl/wolfcrypt/arc4.c" + "../../src/ssl/wolfssl/wolfcrypt/ascon.c" + "../../src/ssl/wolfssl/wolfcrypt/asm.c" + "../../src/ssl/wolfssl/wolfcrypt/asn.c" + "../../src/ssl/wolfssl/wolfcrypt/blake2b.c" + "../../src/ssl/wolfssl/wolfcrypt/blake2s.c" + "../../src/ssl/wolfssl/wolfcrypt/camellia.c" + "../../src/ssl/wolfssl/wolfcrypt/chacha.c" + "../../src/ssl/wolfssl/wolfcrypt/chacha20_poly1305.c" + "../../src/ssl/wolfssl/wolfcrypt/cmac.c" + "../../src/ssl/wolfssl/wolfcrypt/coding.c" + "../../src/ssl/wolfssl/wolfcrypt/compress.c" + "../../src/ssl/wolfssl/wolfcrypt/cpuid.c" + "../../src/ssl/wolfssl/wolfcrypt/cryptocb.c" + "../../src/ssl/wolfssl/wolfcrypt/curve25519.c" + "../../src/ssl/wolfssl/wolfcrypt/curve448.c" + "../../src/ssl/wolfssl/wolfcrypt/des3.c" + "../../src/ssl/wolfssl/wolfcrypt/dh.c" + "../../src/ssl/wolfssl/wolfcrypt/dilithium.c" + "../../src/ssl/wolfssl/wolfcrypt/dsa.c" + "../../src/ssl/wolfssl/wolfcrypt/ecc.c" + "../../src/ssl/wolfssl/wolfcrypt/eccsi.c" + "../../src/ssl/wolfssl/wolfcrypt/ed25519.c" + "../../src/ssl/wolfssl/wolfcrypt/ed448.c" + "../../src/ssl/wolfssl/wolfcrypt/error.c" + "../../src/ssl/wolfssl/wolfcrypt/ext_lms.c" + "../../src/ssl/wolfssl/wolfcrypt/ext_mlkem.c" + "../../src/ssl/wolfssl/wolfcrypt/ext_xmss.c" + "../../src/ssl/wolfssl/wolfcrypt/falcon.c" + "../../src/ssl/wolfssl/wolfcrypt/fe_448.c" + "../../src/ssl/wolfssl/wolfcrypt/fe_low_mem.c" + "../../src/ssl/wolfssl/wolfcrypt/fe_operations.c" + "../../src/ssl/wolfssl/wolfcrypt/fe_x25519_128.h" + "../../src/ssl/wolfssl/wolfcrypt/ge_448.c" + "../../src/ssl/wolfssl/wolfcrypt/ge_low_mem.c" + "../../src/ssl/wolfssl/wolfcrypt/ge_operations.c" + "../../src/ssl/wolfssl/wolfcrypt/hash.c" + "../../src/ssl/wolfssl/wolfcrypt/hmac.c" + "../../src/ssl/wolfssl/wolfcrypt/hpke.c" + "../../src/ssl/wolfssl/wolfcrypt/integer.c" + "../../src/ssl/wolfssl/wolfcrypt/kdf.c" + "../../src/ssl/wolfssl/wolfcrypt/logging.c" + "../../src/ssl/wolfssl/wolfcrypt/md2.c" + "../../src/ssl/wolfssl/wolfcrypt/md4.c" + "../../src/ssl/wolfssl/wolfcrypt/md5.c" + "../../src/ssl/wolfssl/wolfcrypt/memory.c" + "../../src/ssl/wolfssl/wolfcrypt/pkcs12.c" + "../../src/ssl/wolfssl/wolfcrypt/pkcs7.c" + "../../src/ssl/wolfssl/wolfcrypt/poly1305.c" + "../../src/ssl/wolfssl/wolfcrypt/pwdbased.c" + "../../src/ssl/wolfssl/wolfcrypt/random.c" + "../../src/ssl/wolfssl/wolfcrypt/rc2.c" + "../../src/ssl/wolfssl/wolfcrypt/ripemd.c" + "../../src/ssl/wolfssl/wolfcrypt/rsa.c" + "../../src/ssl/wolfssl/wolfcrypt/sakke.c" + "../../src/ssl/wolfssl/wolfcrypt/sha.c" + "../../src/ssl/wolfssl/wolfcrypt/sha256.c" + "../../src/ssl/wolfssl/wolfcrypt/sha3.c" + "../../src/ssl/wolfssl/wolfcrypt/sha512.c" + "../../src/ssl/wolfssl/wolfcrypt/signature.c" + "../../src/ssl/wolfssl/wolfcrypt/siphash.c" + "../../src/ssl/wolfssl/wolfcrypt/sp_arm32.c" + "../../src/ssl/wolfssl/wolfcrypt/sp_arm64.c" + "../../src/ssl/wolfssl/wolfcrypt/sp_armthumb.c" + "../../src/ssl/wolfssl/wolfcrypt/sp_c32.c" + "../../src/ssl/wolfssl/wolfcrypt/sp_c64.c" + "../../src/ssl/wolfssl/wolfcrypt/sp_cortexm.c" + "../../src/ssl/wolfssl/wolfcrypt/sp_dsp32.c" + "../../src/ssl/wolfssl/wolfcrypt/sp_int.c" + "../../src/ssl/wolfssl/wolfcrypt/sp_x86_64.c" + "../../src/ssl/wolfssl/wolfcrypt/sphincs.c" + "../../src/ssl/wolfssl/wolfcrypt/srp.c" + "../../src/ssl/wolfssl/wolfcrypt/tfm.c" + "../../src/ssl/wolfssl/wolfcrypt/wc_dsp.c" + "../../src/ssl/wolfssl/wolfcrypt/wc_encrypt.c" + "../../src/ssl/wolfssl/wolfcrypt/wc_lms.c" + "../../src/ssl/wolfssl/wolfcrypt/wc_lms_impl.c" + "../../src/ssl/wolfssl/wolfcrypt/wc_mlkem.c" + "../../src/ssl/wolfssl/wolfcrypt/wc_mlkem_poly.c" + "../../src/ssl/wolfssl/wolfcrypt/wc_pkcs11.c" + "../../src/ssl/wolfssl/wolfcrypt/wc_port.c" + "../../src/ssl/wolfssl/wolfcrypt/wc_xmss.c" + "../../src/ssl/wolfssl/wolfcrypt/wc_xmss_impl.c" + "../../src/ssl/wolfssl/wolfcrypt/wolfevent.c" + "../../src/ssl/wolfssl/wolfcrypt/wolfmath.c" ) # ${CANONICAL_LIB_NAME} project specific include directory normalization for build. #------------------------------------------------------------------------------ @@ -578,7 +578,185 @@ if (with-tests) "../../test/sessions/session_manual.cpp" "../../test/sessions/session_outbound.cpp" "../../test/sessions/session_seed.cpp" - "../../test/sessions/session_server.cpp" ) + "../../test/sessions/session_server.cpp" + "../../test/ssl/wolfssl.cpp" + "../../test/ssl/vectors/certs/ca-ecc-cert.pem" + "../../test/ssl/vectors/certs/ca-ecc384-cert.pem" + "../../test/ssl/vectors/certs/ca-ecc384-key.der" + "../../test/ssl/vectors/certs/ca-ecc384-key.pem" + "../../test/ssl/vectors/certs/client-ecc384-cert.pem" + "../../test/ssl/vectors/certs/client-ecc384-key.pem" + "../../test/ssl/vectors/certs/ecc-key.der" + "../../test/ssl/vectors/certs/ecc-key.pem" + "../../test/ssl/vectors/certs/ecc-privOnlyCert.pem" + "../../test/ssl/vectors/certs/ecc-privOnlyKey.pem" + "../../test/ssl/vectors/certs/entity-no-ca-bool-cert.pem" + "../../test/ssl/vectors/certs/entity-no-ca-bool-key.pem" + "../../test/ssl/vectors/certs/server-cert.pem" + "../../test/ssl/vectors/certs/server-ecc-rsa.pem" + "../../test/ssl/vectors/certs/server-ecc.pem" + "../../test/ssl/vectors/certs/server-ecc384-cert.pem" + "../../test/ssl/vectors/certs/server-ecc384-key.pem" + "../../test/ssl/vectors/certs/server-key.pem" + "../../test/ssl/vectors/certs/test/server-cert-ecc-badsig.pem" + "../../test/ssl/vectors/certs/test/server-cert-rsa-badsig.pem" + "../../test/ssl/vectors/certs/test/server-goodalt.pem" + "../../test/ssl/vectors/certs/test/server-goodaltwild.pem" + "../../test/ssl/vectors/certs/test/server-goodcn.pem" + "../../test/ssl/vectors/certs/test/server-goodcnwild.pem" + "../../test/ssl/vectors/certs/test/server-localhost.pem" + "../../test/ssl/vectors/tests/test-chains.conf" + "../../test/ssl/vectors/tests/test-dhprime.conf" + "../../test/ssl/vectors/tests/test-fails.conf" + "../../test/ssl/vectors/tests/test-tls13-down.conf" + "../../test/ssl/vectors/tests/test-tls13-ecc.conf" + "../../test/ssl/vectors/tests/test-tls13.conf" + "../../test/ssl/vectors/tests/test.conf" + "../../test/ssl/wolfssl/examples/client/client.c" + "../../test/ssl/wolfssl/examples/client/client.h" + "../../test/ssl/wolfssl/examples/server/server.c" + "../../test/ssl/wolfssl/examples/server/server.h" + "../../test/ssl/wolfssl/tests/api.c" + "../../test/ssl/wolfssl/tests/quic.c" + "../../test/ssl/wolfssl/tests/srp.c" + "../../test/ssl/wolfssl/tests/suites.c" + "../../test/ssl/wolfssl/tests/unit.c" + "../../test/ssl/wolfssl/tests/unit.h" + "../../test/ssl/wolfssl/tests/utils.c" + "../../test/ssl/wolfssl/tests/utils.h" + "../../test/ssl/wolfssl/tests/w64wrapper.c" + "../../test/ssl/wolfssl/tests/api/api.h" + "../../test/ssl/wolfssl/tests/api/api_decl.h" + "../../test/ssl/wolfssl/tests/api/test_aes.c" + "../../test/ssl/wolfssl/tests/api/test_aes.h" + "../../test/ssl/wolfssl/tests/api/test_arc4.c" + "../../test/ssl/wolfssl/tests/api/test_arc4.h" + "../../test/ssl/wolfssl/tests/api/test_ascon.c" + "../../test/ssl/wolfssl/tests/api/test_ascon.h" + "../../test/ssl/wolfssl/tests/api/test_ascon_kats.h" + "../../test/ssl/wolfssl/tests/api/test_asn.c" + "../../test/ssl/wolfssl/tests/api/test_asn.h" + "../../test/ssl/wolfssl/tests/api/test_blake2.c" + "../../test/ssl/wolfssl/tests/api/test_blake2.h" + "../../test/ssl/wolfssl/tests/api/test_camellia.c" + "../../test/ssl/wolfssl/tests/api/test_camellia.h" + "../../test/ssl/wolfssl/tests/api/test_chacha.c" + "../../test/ssl/wolfssl/tests/api/test_chacha.h" + "../../test/ssl/wolfssl/tests/api/test_chacha20_poly1305.c" + "../../test/ssl/wolfssl/tests/api/test_chacha20_poly1305.h" + "../../test/ssl/wolfssl/tests/api/test_cmac.c" + "../../test/ssl/wolfssl/tests/api/test_cmac.h" + "../../test/ssl/wolfssl/tests/api/test_curve25519.c" + "../../test/ssl/wolfssl/tests/api/test_curve25519.h" + "../../test/ssl/wolfssl/tests/api/test_curve448.c" + "../../test/ssl/wolfssl/tests/api/test_curve448.h" + "../../test/ssl/wolfssl/tests/api/test_des3.c" + "../../test/ssl/wolfssl/tests/api/test_des3.h" + "../../test/ssl/wolfssl/tests/api/test_dh.c" + "../../test/ssl/wolfssl/tests/api/test_dh.h" + "../../test/ssl/wolfssl/tests/api/test_digest.h" + "../../test/ssl/wolfssl/tests/api/test_dsa.c" + "../../test/ssl/wolfssl/tests/api/test_dsa.h" + "../../test/ssl/wolfssl/tests/api/test_dtls.c" + "../../test/ssl/wolfssl/tests/api/test_dtls.h" + "../../test/ssl/wolfssl/tests/api/test_ecc.c" + "../../test/ssl/wolfssl/tests/api/test_ecc.h" + "../../test/ssl/wolfssl/tests/api/test_ed25519.c" + "../../test/ssl/wolfssl/tests/api/test_ed25519.h" + "../../test/ssl/wolfssl/tests/api/test_ed448.c" + "../../test/ssl/wolfssl/tests/api/test_ed448.h" + "../../test/ssl/wolfssl/tests/api/test_evp.c" + "../../test/ssl/wolfssl/tests/api/test_evp.h" + "../../test/ssl/wolfssl/tests/api/test_hash.c" + "../../test/ssl/wolfssl/tests/api/test_hash.h" + "../../test/ssl/wolfssl/tests/api/test_hmac.c" + "../../test/ssl/wolfssl/tests/api/test_hmac.h" + "../../test/ssl/wolfssl/tests/api/test_md2.c" + "../../test/ssl/wolfssl/tests/api/test_md2.h" + "../../test/ssl/wolfssl/tests/api/test_md4.c" + "../../test/ssl/wolfssl/tests/api/test_md4.h" + "../../test/ssl/wolfssl/tests/api/test_md5.c" + "../../test/ssl/wolfssl/tests/api/test_md5.h" + "../../test/ssl/wolfssl/tests/api/test_mldsa.c" + "../../test/ssl/wolfssl/tests/api/test_mldsa.h" + "../../test/ssl/wolfssl/tests/api/test_mlkem.c" + "../../test/ssl/wolfssl/tests/api/test_mlkem.h" + "../../test/ssl/wolfssl/tests/api/test_ocsp.c" + "../../test/ssl/wolfssl/tests/api/test_ocsp.h" + "../../test/ssl/wolfssl/tests/api/test_ocsp_test_blobs.h" + "../../test/ssl/wolfssl/tests/api/test_ossl_asn1.c" + "../../test/ssl/wolfssl/tests/api/test_ossl_asn1.h" + "../../test/ssl/wolfssl/tests/api/test_ossl_bio.c" + "../../test/ssl/wolfssl/tests/api/test_ossl_bio.h" + "../../test/ssl/wolfssl/tests/api/test_ossl_bn.c" + "../../test/ssl/wolfssl/tests/api/test_ossl_bn.h" + "../../test/ssl/wolfssl/tests/api/test_ossl_cipher.c" + "../../test/ssl/wolfssl/tests/api/test_ossl_cipher.h" + "../../test/ssl/wolfssl/tests/api/test_ossl_dgst.c" + "../../test/ssl/wolfssl/tests/api/test_ossl_dgst.h" + "../../test/ssl/wolfssl/tests/api/test_ossl_dh.c" + "../../test/ssl/wolfssl/tests/api/test_ossl_dh.h" + "../../test/ssl/wolfssl/tests/api/test_ossl_dsa.c" + "../../test/ssl/wolfssl/tests/api/test_ossl_dsa.h" + "../../test/ssl/wolfssl/tests/api/test_ossl_ec.c" + "../../test/ssl/wolfssl/tests/api/test_ossl_ec.h" + "../../test/ssl/wolfssl/tests/api/test_ossl_ecx.c" + "../../test/ssl/wolfssl/tests/api/test_ossl_ecx.h" + "../../test/ssl/wolfssl/tests/api/test_ossl_mac.c" + "../../test/ssl/wolfssl/tests/api/test_ossl_mac.h" + "../../test/ssl/wolfssl/tests/api/test_ossl_rsa.c" + "../../test/ssl/wolfssl/tests/api/test_ossl_rsa.h" + "../../test/ssl/wolfssl/tests/api/test_ossl_sk.c" + "../../test/ssl/wolfssl/tests/api/test_ossl_sk.h" + "../../test/ssl/wolfssl/tests/api/test_pkcs12.c" + "../../test/ssl/wolfssl/tests/api/test_pkcs12.h" + "../../test/ssl/wolfssl/tests/api/test_pkcs7.c" + "../../test/ssl/wolfssl/tests/api/test_pkcs7.h" + "../../test/ssl/wolfssl/tests/api/test_poly1305.c" + "../../test/ssl/wolfssl/tests/api/test_poly1305.h" + "../../test/ssl/wolfssl/tests/api/test_random.c" + "../../test/ssl/wolfssl/tests/api/test_random.h" + "../../test/ssl/wolfssl/tests/api/test_rc2.c" + "../../test/ssl/wolfssl/tests/api/test_rc2.h" + "../../test/ssl/wolfssl/tests/api/test_ripemd.c" + "../../test/ssl/wolfssl/tests/api/test_ripemd.h" + "../../test/ssl/wolfssl/tests/api/test_rsa.c" + "../../test/ssl/wolfssl/tests/api/test_rsa.h" + "../../test/ssl/wolfssl/tests/api/test_sha.c" + "../../test/ssl/wolfssl/tests/api/test_sha.h" + "../../test/ssl/wolfssl/tests/api/test_sha256.c" + "../../test/ssl/wolfssl/tests/api/test_sha256.h" + "../../test/ssl/wolfssl/tests/api/test_sha3.c" + "../../test/ssl/wolfssl/tests/api/test_sha3.h" + "../../test/ssl/wolfssl/tests/api/test_sha512.c" + "../../test/ssl/wolfssl/tests/api/test_sha512.h" + "../../test/ssl/wolfssl/tests/api/test_signature.c" + "../../test/ssl/wolfssl/tests/api/test_signature.h" + "../../test/ssl/wolfssl/tests/api/test_sm2.c" + "../../test/ssl/wolfssl/tests/api/test_sm2.h" + "../../test/ssl/wolfssl/tests/api/test_sm3.c" + "../../test/ssl/wolfssl/tests/api/test_sm3.h" + "../../test/ssl/wolfssl/tests/api/test_sm4.c" + "../../test/ssl/wolfssl/tests/api/test_sm4.h" + "../../test/ssl/wolfssl/tests/api/test_tls.c" + "../../test/ssl/wolfssl/tests/api/test_tls.h" + "../../test/ssl/wolfssl/tests/api/test_tls13.c" + "../../test/ssl/wolfssl/tests/api/test_tls13.h" + "../../test/ssl/wolfssl/tests/api/test_tls_ext.c" + "../../test/ssl/wolfssl/tests/api/test_tls_ext.h" + "../../test/ssl/wolfssl/tests/api/test_wc_encrypt.c" + "../../test/ssl/wolfssl/tests/api/test_wc_encrypt.h" + "../../test/ssl/wolfssl/tests/api/test_wolfmath.c" + "../../test/ssl/wolfssl/tests/api/test_wolfmath.h" + "../../test/ssl/wolfssl/tests/api/test_x509.c" + "../../test/ssl/wolfssl/tests/api/test_x509.h" + "../../test/ssl/wolfssl/testsuite/utils.h" + "../../test/ssl/wolfssl/testsuite/utils1.c" + "../../test/ssl/wolfssl/wolfcrypt/benchmark/README.md" + "../../test/ssl/wolfssl/wolfcrypt/benchmark/benchmark.c" + "../../test/ssl/wolfssl/wolfcrypt/benchmark/benchmark.h" + "../../test/ssl/wolfssl/wolfcrypt/test/test.c" + "../../test/ssl/wolfssl/wolfcrypt/test/test.h" ) add_test( NAME libbitcoin-network-test COMMAND libbitcoin-network-test --run_test=* @@ -592,7 +770,8 @@ if (with-tests) #------------------------------------------------------------------------------ target_include_directories( libbitcoin-network-test PRIVATE "../../include" - "../../include/bitcoin/ssl" ) + "../../include/bitcoin/ssl" + "../../test/ssl/wolfssl" ) # libbitcoin-network-test project specific libraries/linker flags. #------------------------------------------------------------------------------ diff --git a/builds/msvc/vs2022/libbitcoin-network-test/libbitcoin-network-test.props b/builds/msvc/vs2022/libbitcoin-network-test/libbitcoin-network-test.props index 661a8a406..25f340480 100644 --- a/builds/msvc/vs2022/libbitcoin-network-test/libbitcoin-network-test.props +++ b/builds/msvc/vs2022/libbitcoin-network-test/libbitcoin-network-test.props @@ -11,13 +11,23 @@ + $(ProjectDir)..\..\..\..\..\libbitcoin-network\test\ssl\wolfssl\;%(AdditionalIncludeDirectories) false + CERT_PREFIX="$(RepoRoot.Replace("\", "/"))test/ssl/vectors/";%(PreprocessorDefinitions) "$(TargetPath)" --log_level=warning --run_test=* --show_progress=no --build_info=yes + + + + /wd4005 /wd4189 /wd4245 /wd4267 /wd4701 /wd4702 /wd4703 %(AdditionalOptions) + + + + diff --git a/builds/msvc/vs2022/libbitcoin-network-test/libbitcoin-network-test.vcxproj b/builds/msvc/vs2022/libbitcoin-network-test/libbitcoin-network-test.vcxproj index cb73b5d37..3c33064ea 100644 --- a/builds/msvc/vs2022/libbitcoin-network-test/libbitcoin-network-test.vcxproj +++ b/builds/msvc/vs2022/libbitcoin-network-test/libbitcoin-network-test.vcxproj @@ -247,9 +247,290 @@ - + + + $(IntDir)test_ssl_wolfssl_examples_client_client.c.obj + + + $(IntDir)test_ssl_wolfssl_examples_server_server.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_aes.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_arc4.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ascon.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_asn.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_blake2.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_camellia.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_chacha.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_chacha20_poly1305.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_cmac.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_curve25519.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_curve448.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_des3.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_dh.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_dsa.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_dtls.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ecc.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ed25519.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ed448.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_evp.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_hash.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_hmac.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_md2.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_md4.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_md5.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_mldsa.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_mlkem.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ocsp.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ossl_asn1.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ossl_bio.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ossl_bn.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ossl_cipher.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ossl_dgst.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ossl_dh.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ossl_dsa.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ossl_ec.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ossl_ecx.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ossl_mac.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ossl_rsa.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ossl_sk.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_pkcs12.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_pkcs7.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_poly1305.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_random.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_rc2.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_ripemd.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_rsa.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_sha.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_sha256.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_sha3.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_sha512.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_signature.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_sm2.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_sm3.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_sm4.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_tls.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_tls13.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_tls_ext.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_wc_encrypt.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_wolfmath.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_api_test_x509.c.obj + + + + + + $(IntDir)test_ssl_wolfssl_tests_unit.c.obj + + + $(IntDir)test_ssl_wolfssl_tests_utils.c.obj + + + + + $(IntDir)test_ssl_wolfssl_wolfcrypt_benchmark_benchmark.c.obj + + + $(IntDir)test_ssl_wolfssl_wolfcrypt_test_test.c.obj + + + $(IntDir)test_test.obj + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/builds/msvc/vs2022/libbitcoin-network-test/libbitcoin-network-test.vcxproj.filters b/builds/msvc/vs2022/libbitcoin-network-test/libbitcoin-network-test.vcxproj.filters index fa0cda05d..b3b63e611 100644 --- a/builds/msvc/vs2022/libbitcoin-network-test/libbitcoin-network-test.vcxproj.filters +++ b/builds/msvc/vs2022/libbitcoin-network-test/libbitcoin-network-test.vcxproj.filters @@ -14,7 +14,7 @@ {D28FC18A-8B81-4247-0000-000000000001} - {D28FC18A-8B81-4247-0000-000000000009} + {D28FC18A-8B81-4247-0000-00000000000A} {D28FC18A-8B81-4247-0000-000000000002} @@ -29,22 +29,22 @@ {D28FC18A-8B81-4247-0000-000000000005} - {D28FC18A-8B81-4247-0000-00000000000A} + {D28FC18A-8B81-4247-0000-00000000000B} - {D28FC18A-8B81-4247-0000-00000000000D} + {D28FC18A-8B81-4247-0000-00000000000E} - {D28FC18A-8B81-4247-0000-00000000000B} + {D28FC18A-8B81-4247-0000-00000000000C} - {D28FC18A-8B81-4247-0000-00000000000E} + {D28FC18A-8B81-4247-0000-00000000000F} - {D28FC18A-8B81-4247-0000-00000000000F} + {D28FC18A-8B81-4247-0000-000000000001} - {D28FC18A-8B81-4247-0000-00000000000C} + {D28FC18A-8B81-4247-0000-00000000000D} {D28FC18A-8B81-4247-0000-000000000006} @@ -55,6 +55,51 @@ {D28FC18A-8B81-4247-0000-000000000008} + + {D28FC18A-8B81-4247-0000-000000000009} + + + {D28FC18A-8B81-4247-0000-000000000002} + + + {D28FC18A-8B81-4247-0000-000000000004} + + + {D28FC18A-8B81-4247-0000-000000000006} + + + {D28FC18A-8B81-4247-0000-000000000005} + + + {D28FC18A-8B81-4247-0000-000000000003} + + + {D28FC18A-8B81-4247-0000-000000000007} + + + {D28FC18A-8B81-4247-0000-0000000000A1} + + + {D28FC18A-8B81-4247-0000-0000000000B1} + + + {D28FC18A-8B81-4247-0000-000000000008} + + + {D28FC18A-8B81-4247-0000-0000000000C1} + + + {D28FC18A-8B81-4247-0000-000000000009} + + + {D28FC18A-8B81-4247-0000-000000000010} + + + {D28FC18A-8B81-4247-0000-0000000000D1} + + + {D28FC18A-8B81-4247-0000-0000000000E1} + @@ -408,11 +453,446 @@ src + + src\ssl + + + src\ssl\wolfssl\examples\client + + + src\ssl\wolfssl\examples\server + + + src\ssl\wolfssl\tests + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests + + + src\ssl\wolfssl\tests + + + src\ssl\wolfssl\tests + + + src\ssl\wolfssl\tests + + + src\ssl\wolfssl\tests + + + src\ssl\wolfssl\tests + + + src\ssl\wolfssl\testsuite + + + src\ssl\wolfssl\wolfcrypt\benchmark + + + src\ssl\wolfssl\wolfcrypt\test + src + + src\ssl\wolfssl\examples\client + + + src\ssl\wolfssl\examples\server + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests\api + + + src\ssl\wolfssl\tests + + + src\ssl\wolfssl\tests + + + src\ssl\wolfssl\testsuite + + + src\ssl\wolfssl\wolfcrypt\benchmark + + + src\ssl\wolfssl\wolfcrypt\test + src diff --git a/builds/msvc/vs2022/libbitcoin-network.import.props b/builds/msvc/vs2022/libbitcoin-network.import.props index d963a1a34..81b0d3dc8 100644 --- a/builds/msvc/vs2022/libbitcoin-network.import.props +++ b/builds/msvc/vs2022/libbitcoin-network.import.props @@ -15,12 +15,10 @@ - - $(ProjectDir)..\..\..\..\..\libbitcoin-network\include\bitcoin\ssl\;%(AdditionalIncludeDirectories) $(ProjectDir)..\..\..\..\..\libbitcoin-network\include\;%(AdditionalIncludeDirectories) + $(ProjectDir)..\..\..\..\..\libbitcoin-network\include\bitcoin\ssl\;%(AdditionalIncludeDirectories) /bigobj %(AdditionalOptions) BCT_STATIC;%(PreprocessorDefinitions) - WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) diff --git a/builds/msvc/vs2022/libbitcoin-network/libbitcoin-network.props b/builds/msvc/vs2022/libbitcoin-network/libbitcoin-network.props index 5dbf3d3a7..03d786e64 100644 --- a/builds/msvc/vs2022/libbitcoin-network/libbitcoin-network.props +++ b/builds/msvc/vs2022/libbitcoin-network/libbitcoin-network.props @@ -11,18 +11,24 @@ - - $(RepoRoot)include\bitcoin\ssl\;%(AdditionalIncludeDirectories) $(RepoRoot)include\;%(AdditionalIncludeDirectories) + $(RepoRoot)include\bitcoin\ssl\;%(AdditionalIncludeDirectories) /bigobj %(AdditionalOptions) false BCT_DLL;%(PreprocessorDefinitions) BCT_STATIC;%(PreprocessorDefinitions) - WOLFSSL_USER_SETTINGS;%(PreprocessorDefinitions) + + + + /wd4189 /wd4245 /wd4267 /wd4701 /wd4702 /wd4703 %(AdditionalOptions) + + + + diff --git a/builds/msvc/vs2022/libbitcoin-network/libbitcoin-network.vcxproj b/builds/msvc/vs2022/libbitcoin-network/libbitcoin-network.vcxproj index 77e5837d4..256690245 100644 --- a/builds/msvc/vs2022/libbitcoin-network/libbitcoin-network.vcxproj +++ b/builds/msvc/vs2022/libbitcoin-network/libbitcoin-network.vcxproj @@ -135,11 +135,15 @@ - + + $(IntDir)src_error.obj + - + + $(IntDir)src_memory.obj + @@ -219,91 +223,6 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - @@ -330,6 +249,95 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + $(IntDir)src_ssl_wolfssl_wolfcrypt_error.c.obj + + + + + + + + + + + + + + + + + + + + + + $(IntDir)src_ssl_wolfssl_wolfcrypt_memory.c.obj + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + @@ -489,7 +497,6 @@ - @@ -650,7 +657,7 @@ - + @@ -695,4 +702,4 @@ - + \ No newline at end of file diff --git a/builds/msvc/vs2022/libbitcoin-network/libbitcoin-network.vcxproj.filters b/builds/msvc/vs2022/libbitcoin-network/libbitcoin-network.vcxproj.filters index bcd62f3f8..b6bea5c5e 100644 --- a/builds/msvc/vs2022/libbitcoin-network/libbitcoin-network.vcxproj.filters +++ b/builds/msvc/vs2022/libbitcoin-network/libbitcoin-network.vcxproj.filters @@ -157,13 +157,13 @@ {564EB540-D6B6-425C-0000-000000000009} - + {564EB540-D6B6-425C-0000-00000000000F} - + {564EB540-D6B6-425C-0000-000000000001} - + {564EB540-D6B6-425C-0000-000000000002} @@ -450,338 +450,338 @@ src - - src\ssl\wolfcrypt + + src\ssl\wolfssl - - src\ssl\wolfcrypt + + src\ssl\wolfssl - - src\ssl\wolfcrypt + + src\ssl\wolfssl - - src\ssl\wolfcrypt + + src\ssl\wolfssl - - src\ssl\wolfcrypt + + src\ssl\wolfssl - - src\ssl\wolfcrypt + + src\ssl\wolfssl - - src\ssl\wolfcrypt + + src\ssl\wolfssl - - src\ssl\wolfcrypt + + src\ssl\wolfssl - - src\ssl\wolfcrypt + + src\ssl\wolfssl\src - - src\ssl\wolfcrypt + + src\ssl\wolfssl\src - - src\ssl\wolfcrypt + + src\ssl\wolfssl\src - - src\ssl\wolfcrypt + + src\ssl\wolfssl\src - - src\ssl\wolfcrypt + + src\ssl\wolfssl\src - - src\ssl\wolfcrypt + + src\ssl\wolfssl\src - - src\ssl\wolfcrypt + + src\ssl\wolfssl\src - - src\ssl\wolfcrypt + + src\ssl\wolfssl\src - - src\ssl\wolfcrypt + + src\ssl\wolfssl\src - - src\ssl\wolfcrypt + + src\ssl\wolfssl\src - - src\ssl\wolfcrypt + + src\ssl\wolfssl\src - - src\ssl\wolfcrypt + + src\ssl\wolfssl\src - - src\ssl\wolfcrypt + + src\ssl\wolfssl\src - - src\ssl\wolfcrypt + + src\ssl\wolfssl\src - - src\ssl\wolfcrypt + + src\ssl\wolfssl\src - - src\ssl\wolfcrypt + + src\ssl\wolfssl - - src\ssl\wolfcrypt + + src\ssl\wolfssl - - src\ssl\wolfcrypt + + src\ssl\wolfssl - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl\src + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl\src + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl\src + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl\src + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl\src + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl\src + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl\src + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl\src + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl\src + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl\src + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl\src + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl\src + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl\src + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl\src + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl\src + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl + + src\ssl\wolfssl\wolfcrypt - - src\ssl\wolfssl + + src\ssl\wolfssl\wolfcrypt src\ssl\wolfssl @@ -1256,9 +1256,6 @@ include\bitcoin\ssl\openssl - - include\bitcoin\ssl\wolfcrypt - include\bitcoin\ssl\wolfssl @@ -1739,8 +1736,8 @@ include\bitcoin\ssl\wolfssl - - src\ssl\wolfcrypt + + src\ssl\wolfssl\wolfcrypt @@ -1791,4 +1788,4 @@ - + \ No newline at end of file diff --git a/include/bitcoin/network/async/asio.hpp b/include/bitcoin/network/async/asio.hpp index c2123fc04..4854be022 100644 --- a/include/bitcoin/network/async/asio.hpp +++ b/include/bitcoin/network/async/asio.hpp @@ -60,6 +60,7 @@ constexpr auto max_connections = boost::asio::socket_base::max_listen_connections; /// ssl +#if defined(HAVE_SSL) namespace ssl { typedef boost::asio::ssl::context context; @@ -74,6 +75,8 @@ inline void foobar() THROWS } } // namespace ssl +#endif // HAVE_SSL + } // namespace asio } // namespace network } // namespace libbitcoin diff --git a/include/bitcoin/network/boost.hpp b/include/bitcoin/network/boost.hpp index 2c98f2645..6671465e1 100644 --- a/include/bitcoin/network/boost.hpp +++ b/include/bitcoin/network/boost.hpp @@ -21,18 +21,22 @@ #include -// See for wolf/openssl includes. -#define BOOST_ASIO_USE_WOLFSSL -#define BOOST_ASIO_NO_DEPRECATED - -// The /ssl/openssl/ directory is provided for direct ssl import by boost, -// which is required because is included. -#include -#include #include #include #include #include #include +#define BOOST_ASIO_NO_DEPRECATED +#include + +// TODO: Hoist this out to build config. +#define WITH_SSL + +#if defined(WITH_SSL) +#define HAVE_SSL +#define BOOST_ASIO_USE_WOLFSSL +#include +#endif // WITH_SSL + #endif diff --git a/include/bitcoin/ssl/openssl/conf.h b/include/bitcoin/ssl/openssl/conf.h index cc8e42ed5..4f3b3712c 100644 --- a/include/bitcoin/ssl/openssl/conf.h +++ b/include/bitcoin/ssl/openssl/conf.h @@ -19,7 +19,7 @@ #ifndef LIBBITCOIN_NETWORK_SSL_OPENSSL_CONF_H #define LIBBITCOIN_NETWORK_SSL_OPENSSL_CONF_H -// Forward load of . +/* Forward load of . */ #include #endif diff --git a/include/bitcoin/ssl/openssl/dh.h b/include/bitcoin/ssl/openssl/dh.h index 37a73e70d..b7ef5b276 100644 --- a/include/bitcoin/ssl/openssl/dh.h +++ b/include/bitcoin/ssl/openssl/dh.h @@ -19,7 +19,7 @@ #ifndef LIBBITCOIN_NETWORK_SSL_OPENSSL_DH_H #define LIBBITCOIN_NETWORK_SSL_OPENSSL_DH_H -// Forward load of . +/* Forward load of . */ #include #endif diff --git a/include/bitcoin/ssl/openssl/err.h b/include/bitcoin/ssl/openssl/err.h index 4ee222fba..dfb5468ee 100644 --- a/include/bitcoin/ssl/openssl/err.h +++ b/include/bitcoin/ssl/openssl/err.h @@ -19,7 +19,7 @@ #ifndef LIBBITCOIN_NETWORK_SSL_OPENSSL_ERR_H #define LIBBITCOIN_NETWORK_SSL_OPENSSL_ERR_H -// Forward load of . +/* Forward load of . */ #include #endif diff --git a/include/bitcoin/ssl/openssl/openssl.h b/include/bitcoin/ssl/openssl/openssl.h index 5a20df777..4c5d46ab8 100644 --- a/include/bitcoin/ssl/openssl/openssl.h +++ b/include/bitcoin/ssl/openssl/openssl.h @@ -19,8 +19,8 @@ #ifndef LIBBITCOIN_NETWORK_SSL_OPENSSL_OPENSSL_H #define LIBBITCOIN_NETWORK_SSL_OPENSSL_OPENSSL_H -// This directory is defined by libbitcoin to provide the expected path for -// boost::asio to #include the contained headers. Each header forwards to: -// #include +/* This directory is defined by libbitcoin to provide the expected path for */ +/* boost::asio to #include the contained headers. Each header forwards to: */ +/* #include */ #endif diff --git a/include/bitcoin/ssl/openssl/rsa.h b/include/bitcoin/ssl/openssl/rsa.h index c4e5164e5..1791c6be7 100644 --- a/include/bitcoin/ssl/openssl/rsa.h +++ b/include/bitcoin/ssl/openssl/rsa.h @@ -19,7 +19,7 @@ #ifndef LIBBITCOIN_NETWORK_SSL_OPENSSL_RSA_H #define LIBBITCOIN_NETWORK_SSL_OPENSSL_RSA_H -// Forward load of . +/* Forward load of . */ #include #endif diff --git a/include/bitcoin/ssl/openssl/ssl.h b/include/bitcoin/ssl/openssl/ssl.h index cc2149aa8..20da14052 100644 --- a/include/bitcoin/ssl/openssl/ssl.h +++ b/include/bitcoin/ssl/openssl/ssl.h @@ -19,7 +19,7 @@ #ifndef LIBBITCOIN_NETWORK_SSL_OPENSSL_SSL_H #define LIBBITCOIN_NETWORK_SSL_OPENSSL_SSL_H -// Forward load of . +/* Forward load of . */ #include #endif diff --git a/include/bitcoin/ssl/openssl/x509.h b/include/bitcoin/ssl/openssl/x509.h index 92bd52737..def26deee 100644 --- a/include/bitcoin/ssl/openssl/x509.h +++ b/include/bitcoin/ssl/openssl/x509.h @@ -19,7 +19,7 @@ #ifndef LIBBITCOIN_NETWORK_SSL_OPENSSL_X509_H #define LIBBITCOIN_NETWORK_SSL_OPENSSL_X509_H -// Forward load of . +/* Forward load of . */ #include #endif diff --git a/include/bitcoin/ssl/openssl/x509v3.h b/include/bitcoin/ssl/openssl/x509v3.h index 2d1713450..14782bb39 100644 --- a/include/bitcoin/ssl/openssl/x509v3.h +++ b/include/bitcoin/ssl/openssl/x509v3.h @@ -19,7 +19,7 @@ #ifndef LIBBITCOIN_NETWORK_SSL_OPENSSL_X509V3_H #define LIBBITCOIN_NETWORK_SSL_OPENSSL_X509V3_H -// Forward load of . +/* Forward load of . */ #include #endif diff --git a/include/bitcoin/ssl/wolfcrypt/wolfcrypt.h b/include/bitcoin/ssl/wolfcrypt/wolfcrypt.h deleted file mode 100644 index 1ff8271d2..000000000 --- a/include/bitcoin/ssl/wolfcrypt/wolfcrypt.h +++ /dev/null @@ -1,26 +0,0 @@ -/** - * Copyright (c) 2011-2025 libbitcoin developers (see AUTHORS) - * - * This file is part of libbitcoin. - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ -#ifndef LIBBITCOIN_NETWORK_SSL_WOLFCRYPT_WOLFCRYPT_H -#define LIBBITCOIN_NETWORK_SSL_WOLFCRYPT_WOLFCRYPT_H - -// This directory is defined by libbitcoin to provide the expected path so that -// wolfssl sources may remain unmodified and specify: -// #include - -#endif diff --git a/include/bitcoin/ssl/wolfssl/options.h b/include/bitcoin/ssl/wolfssl/options.h index 4774966c8..dab724fba 100644 --- a/include/bitcoin/ssl/wolfssl/options.h +++ b/include/bitcoin/ssl/wolfssl/options.h @@ -19,12 +19,14 @@ #ifndef LIBBITCOIN_NETWORK_SSL_WOLFSSL_OPTIONS_H #define LIBBITCOIN_NETWORK_SSL_WOLFSSL_OPTIONS_H -// This ensures boost sees all configuration, but probably not used. +/* This ensures boost sees all configuration, but probably not used. */ #include -// Boost ASIO pulls in this file when BOOST_ASIO_USE_WOLFSSL is defined. -////#if defined(BOOST_ASIO_USE_WOLFSSL) -//// #include -////#endif +/* Boost ASIO pulls in this file when BOOST_ASIO_USE_WOLFSSL is defined. */ +/* +#if defined(BOOST_ASIO_USE_WOLFSSL) +#include +#endif +*/ #endif diff --git a/include/bitcoin/ssl/wolfssl/test.h b/include/bitcoin/ssl/wolfssl/test.h index f67b02919..237ec5e76 100644 --- a/include/bitcoin/ssl/wolfssl/test.h +++ b/include/bitcoin/ssl/wolfssl/test.h @@ -2199,7 +2199,11 @@ static WC_INLINE unsigned int my_psk_client_cs_cb(WOLFSSL* ssl, #elif defined(USE_WINDOWS_API) +/* LIBBITCOIN: fix warning when WIN32_LEAN_AND_MEAN is already defined. */ +#ifndef WIN32_LEAN_AND_MEAN #define WIN32_LEAN_AND_MEAN +#endif + #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */ #include #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */ diff --git a/include/bitcoin/ssl/wolfssl/wolfcrypt/user_settings.h b/include/bitcoin/ssl/wolfssl/wolfcrypt/user_settings.h index 80a8b784e..5fb4c1ba2 100644 --- a/include/bitcoin/ssl/wolfssl/wolfcrypt/user_settings.h +++ b/include/bitcoin/ssl/wolfssl/wolfcrypt/user_settings.h @@ -19,93 +19,90 @@ #ifndef LIBBITCOIN_NETWORK_SSL_WOLFSSL_WOLFCRYPT_USER_SETINGS_H #define LIBBITCOIN_NETWORK_SSL_WOLFSSL_WOLFCRYPT_USER_SETINGS_H -// This file is imported into all wolfssl sources when WOLFSSL_USER_SETTINGS -// is defined, which is done at project scope. This is also imported by boost -// asio via options.h import when BOOST_ASIO_USE_WOLFSSL is defined. -// The /ssl/openssl/ directory is provided for direct import by boost when -// #include is specified, forwarding to wolfssl headers. - -// This build has no dependency on any libbitcoin sources. -////#include +/* This file is imported into all wolfssl sources when WOLFSSL_USER_SETTINGS */ +/* is defined, which is done at project scope. This is also imported by boost */ +/* asio via options.h import when BOOST_ASIO_USE_WOLFSSL is defined. */ +/* The /ssl/openssl/ directory is provided for direct import by boost when */ +/* #include is specified, forwarding to wolfssl headers. */ + +/* This build has no dependency on any libbitcoin sources. */ +/* #include */ #if defined(_MSC_VER) - // C99 variable-length arrays (VLAs) are not supported by MSVC. + /* C99 variable-length arrays (VLAs) are not supported by MSVC. */ #define WOLFSSL_SP_NO_DYN_STACK - // Avoid conflict with min/max compatibility macros. + /* Avoid conflict with min/max compatibility macros. */ #define WOLFSSL_HAVE_MIN #define WOLFSSL_HAVE_MAX #endif -// Documentation for the options below. -// wolfssl.com/documentation/manuals/wolfssl/chapter02.html +/* Documentation for the options below. */ +/* wolfssl.com/documentation/manuals/wolfssl/chapter02.html */ -// In a library build, "HAVE_" symbols are set on the command line. But since -// this is embedded they are set here just as with "NO_", "WC_" and "WOLFSSL_". +/* In a library build, "HAVE_" symbols are set on the command line. But since */ +/* this is embedded they are set here just as with "NO_", "WC_" and "WOLFSSL_". */ -// Suppress warnings on unnecessary file inclusions. -#define WOLFSSL_IGNORE_FILE_WARN - -// Side-channel protection is not required. -////#define WOLFSSL_HARDEN_TLS 128 -#define NO_ECC_TIMING_RESISTANT -#define NO_TFM_TIMING_RESISTANT -#define NO_WC_RSA_BLINDING -#define WC_NO_HARDEN +/* Used with BOOST_ASIO_USE_WOLFSSL to optimize boost integration. */ +/* wolfssl.com/wolfssl-support-asio-boost-asio-c-libraries */ +#define WOLFSSL_ASIO -// On Windows OS APIs are used. -////#define NO_DEV_RANDOM -////#define NO_DEV_URANDOM +/* Suppress warnings on unnecessary file inclusions. */ +#define WOLFSSL_IGNORE_FILE_WARN -// Keep control over socket. -// wolfssl.com/documentation/manuals/wolfssl/chapter05.html -#define WOLFSSL_USER_IO -#define WOLFSSL_NO_SOCK +/* wolfssl.com/documentation/manuals/wolfssl/chapter05.html */ +/* Requires that send and receive data copy functions be defined. */ +/* #define WOLFSSL_USER_IO */ -// Required for certificate management via filesystem. -////#define NO_FILESYSTEM +/* No reason to define this as the library does not use sockets (test only). */ +/* #define WOLFSSL_NO_SOCK */ -// TODO: keygen. -////#define WOLFSSL_PEM_TO_DER +/* Required by boost for certificate management via filesystem. */ +/* #define NO_FILESYSTEM */ +#define WOLFSSL_PEM_TO_DER #define WOLFSSL_CERT_GEN #define WOLFSSL_DER_LOAD #define WOLFSSL_KEY_GEN -// TLS is required, not just cryptographic functions. -////#define WOLFSSL_AEAD_ONLY +/* TLS is required, not just cryptographic functions. */ #define WOLFSSL_TLS13 + +/* At least one encryption method is required. */ +/* ECC is needed for Curve25519-based key exchange in modern TLS. */ +#define HAVE_SUPPORTED_CURVES #define HAVE_TLS_EXTENSIONS -#define HAVE_FFDHE_2048 +#define HAVE_CURVE25519 #define HAVE_POLY1305 #define HAVE_CHACHA +#define HAVE_SHA256 #define HAVE_HKDF #define HAVE_HMAC -#define HAVE_SHA256 - -// At least one encryption method is required. -// ECC is needed for Curve25519-based key exchange in modern TLS. -#define HAVE_CURVE25519 #define HAVE_ECC -// Callback requires at least one union element to be defined. +/* Callback requires at least one union element to be defined. */ #define WOLF_CRYPTO_CB - -// Used with BOOST_ASIO_USE_WOLFSSL to optimize boost integration. -// wolfssl.com/wolfssl-support-asio-boost-asio-c-libraries -#define WOLFSSL_ASIO - -// This is an openssl setting that affects wolfssl. -#define OPENSSL_EXTRA - -// These are openssl settings that affect boost asio. +/* This removes default RNG fallback (must set a callback RNG). */ +/* #define WC_NO_HASHDRBG */ +/* On Windows OS RNG APIs are used, these on others. */ +/* #define NO_DEV_RANDOM */ +/* #define NO_DEV_URANDOM */ + +/* These are openssl settings that affect wolfssl and/or boost asio. */ +#define OPENSSL_VERSION_NUMBER 0x10101000L #define OPENSSL_NO_ENGINE #define OPENSSL_NO_SSL3 #define OPENSSL_NO_SSL2 +#define OPENSSL_EXTRA + +/* Side-channel protection is not required. */ +/* #define WOLFSSL_HARDEN_TLS 128 */ +#define NO_ECC_TIMING_RESISTANT +#define NO_TFM_TIMING_RESISTANT +#define WC_NO_HARDEN -// Remove unused or undesired components. -#define WC_NO_HASHDRBG -#define NO_PWDBASED +/* Remove unused or undesired components. */ +#define WOLFSSL_NO_CLIENT_AUTH +#define NO_SESSION_CACHE #define NO_OLD_TLS -#define NO_AESGCM #define NO_OCSP #define NO_DES3 #define NO_PSK @@ -113,20 +110,37 @@ #define NO_SHA #define NO_DSA #define NO_RSA -#define NO_DH #define NO_MD4 #define NO_MD5 #define NO_RC4 -#define NO_TLS_DH -#define NO_CAMELLIA_CBC -#define NO_SESSION_CACHE -#define NO_ED448_CLIENT_AUTH -#define NO_ED25519_CLIENT_AUTH -#define NO_OLD_SSL_NAMES -#define NO_OLD_WC_NAMES -#define NO_OLD_POLY1305 -#define WOLFSSL_NO_SOCK -#define WOLFSSL_NO_CLIENT_AUTH -#define NO_WOLFSSL_RENESAS_TSIP_TLS_SESSION +#define NO_DH + +#ifdef _MSC_VER + /* Warnings emitted due to missing define in vc++. */ + #define WC_MAYBE_UNUSED __pragma(warning(suppress:4505)) + + /* Build break in test_ossl_bio.c due to missing define in vc++. */ + #ifndef STDERR_FILENO + #define STDERR_FILENO _fileno(stderr) + #endif +#endif + +#ifndef NDEBUG + #define DEBUG_WOLFSSL + #define DEBUG_SUITE_TESTS + ////#define WOLFSSL_VERBOSE_ERRORS + #define WOLFSSL_HAVE_ERROR_QUEUE + + #ifndef WOLFSSL_LOGGINGENABLED_DEFAULT + #define WOLFSSL_LOGGINGENABLED_DEFAULT 1 + #endif + #ifndef WOLFSSL_CERT_LOG_ENABLED_DEFAULT + #define WOLFSSL_CERT_LOG_ENABLED_DEFAULT 1 + #endif +#endif + +#define NO_MAIN_DRIVER +#define NO_TESTSUITE_MAIN_DRIVER +#define CERT_WRITE_TEMP_DIR "./" #endif diff --git a/include/bitcoin/ssl/wolfssl/wolfssl.h b/include/bitcoin/ssl/wolfssl/wolfssl.h index a0d4e3d3d..d24b754d4 100644 --- a/include/bitcoin/ssl/wolfssl/wolfssl.h +++ b/include/bitcoin/ssl/wolfssl/wolfssl.h @@ -19,10 +19,12 @@ #ifndef LIBBITCOIN_NETWORK_SSL_WOLFSSL_WOLFSSL_H #define LIBBITCOIN_NETWORK_SSL_WOLFSSL_WOLFSSL_H -// This directory is defined by libbitcoin to provide the expected path so that -// wolfssl sources may remain unmodified and specify: -// #include -// #include -// #include +/* This directory is defined by libbitcoin to provide the expected path so that */ +/* wolfssl sources may remain unmodified and specify: */ +/* +#include +#include +#include +*/ #endif diff --git a/libbitcoin-network.pc.in b/libbitcoin-network.pc.in index 1e6133fec..ec8b5efda 100644 --- a/libbitcoin-network.pc.in +++ b/libbitcoin-network.pc.in @@ -29,7 +29,7 @@ Requires: libbitcoin-system >= 4.0.0 # Include directory and any other required compiler flags. #------------------------------------------------------------------------------ -Cflags: -I${includedir} +Cflags: -I${includedir} -DWOLFSSL_USER_SETTINGS # Lib directory, lib and any required that do not publish pkg-config. #------------------------------------------------------------------------------ diff --git a/src/ssl/wolfssl/internal.c b/src/ssl/wolfssl/internal.c index 5a67083ee..30c27fbcb 100644 --- a/src/ssl/wolfssl/internal.c +++ b/src/ssl/wolfssl/internal.c @@ -25591,23 +25591,8 @@ static int ModifyForMTU(WOLFSSL* ssl, int buffSz, int outputSz, int mtuSz) */ static int CheckTLS13AEADSendLimit(WOLFSSL* ssl) { -////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// -// LIBBITCOIN: fix unused variable warning. -#if defined(BUILD_AESGCM) | defined(HAVE_AESCCM) || defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) || defined(WOLFSSL_DTLS13) -/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// w64wrapper seq; -//////////////////////////////////////////////////////////////////////////////////////////////////////// -#endif // unused variable -//////////////////////////////////////////////////////////////////////////////////////////////////////// - -//////////////////////////////////////////////////////////////////////////////////////////////////////// -// LIBBITCOIN: fix unused variable warning. -#if defined(BUILD_AESGCM) | defined(HAVE_AESCCM) || defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) -//////////////////////////////////////////////////////////////////////////////////////////////////////// w64wrapper limit; -//////////////////////////////////////////////////////////////////////////////////////////////////////// -#endif // unused variable -//////////////////////////////////////////////////////////////////////////////////////////////////////// switch (ssl->specs.bulk_cipher_algorithm) { #ifdef BUILD_AESGCM @@ -25660,11 +25645,6 @@ static int CheckTLS13AEADSendLimit(WOLFSSL* ssl) } else #endif - -//////////////////////////////////////////////////////////////////////////////////////////////////////// -// LIBBITCOIN: fix unreachable code warnings. -#if defined(BUILD_AESGCM) | defined(HAVE_AESCCM) || defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM) -//////////////////////////////////////////////////////////////////////////////////////////////////////// { seq = w64From32(ssl->keys.sequence_number_hi, ssl->keys.sequence_number_lo); @@ -25677,9 +25657,6 @@ static int CheckTLS13AEADSendLimit(WOLFSSL* ssl) } return 0; -//////////////////////////////////////////////////////////////////////////////////////////////////////// -#endif // unreachable code -//////////////////////////////////////////////////////////////////////////////////////////////////////// } #endif /* WOLFSSL_TLS13 && !WOLFSSL_TLS13_IGNORE_AEAD_LIMITS */ diff --git a/src/ssl/wolfssl/src/x509.c b/src/ssl/wolfssl/src/x509.c index 8aa5b5f55..801e8a214 100644 --- a/src/ssl/wolfssl/src/x509.c +++ b/src/ssl/wolfssl/src/x509.c @@ -10630,11 +10630,7 @@ static int CertFromX509(Cert* cert, WOLFSSL_X509* x509) cert->isCA = wolfSSL_X509_get_isCA(x509); cert->basicConstCrit = x509->basicConstCrit; cert->basicConstSet = x509->basicConstSet; -/////////////////////////////////////////////////////////////////////////////// -// LIBBITCOIN: implicit cast (4 bytes to 1 byte). Added runtime guard and cast: - if (x509->pathLength > (byte)~0) return WOLFSSL_FAILURE; cert->pathLen = (byte)x509->pathLength; -/////////////////////////////////////////////////////////////////////////////// cert->pathLenSet = x509->pathLengthSet; #ifdef WOLFSSL_CERT_EXT diff --git a/src/ssl/wolfssl/ssl.c b/src/ssl/wolfssl/ssl.c index d08650f57..436c039ba 100644 --- a/src/ssl/wolfssl/ssl.c +++ b/src/ssl/wolfssl/ssl.c @@ -19,13 +19,13 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ -/////////////////////////////////////////////////////////////////////////////// -// LIBBITCOIN: Four lines in this file have been modified as follows. -// #include -> "src/ssl_load.c" -// #include -> "src/conf.c" -// #include -> "src/x509_str.c" -// #include -> "src/ssl_p7p12.c" -/////////////////////////////////////////////////////////////////////////////// +/* LIBBITCOIN: Four lines in this file have been modified as follows. */ +/* + #include -> "src/ssl_load.c" + #include -> "src/conf.c" + #include -> "src/x509_str.c" + #include -> "src/ssl_p7p12.c" +*/ #include @@ -186,11 +186,11 @@ #include "src/ssl_misc.c" #define WOLFSSL_EVP_INCLUDED -/////////////////////////////////////////////////////////////////////////////// -// LIBBITCOIN: one line modified as follows. -// #include "wolfcrypt/src/evp.c" -> "src/evp.c" +/* LIBBITCOIN: One line modified as follows. */ +/* + #include "wolfcrypt/src/evp.c" -> "src/evp.c" +*/ #include "src/evp.c" -/////////////////////////////////////////////////////////////////////////////// /* Crypto code uses EVP APIs. */ #define WOLFSSL_SSL_CRYPTO_INCLUDED @@ -5979,11 +5979,7 @@ int AddCA(WOLFSSL_CERT_MANAGER* cm, DerBuffer** pDer, int type, int verify) { int ret; Signer* signer = NULL; -/////////////////////////////////////////////////////////////////////////////// -// LIBBITCOIN: fix (bogus) potentially uninitialized variable warning. - word32 row = 0; -// word32 row; -/////////////////////////////////////////////////////////////////////////////// + word32 row; byte* subjectHash; WC_DECLARE_VAR(cert, DecodedCert, 1, 0); DerBuffer* der = *pDer; diff --git a/src/ssl/wolfcrypt/aes.c b/src/ssl/wolfssl/wolfcrypt/aes.c similarity index 100% rename from src/ssl/wolfcrypt/aes.c rename to src/ssl/wolfssl/wolfcrypt/aes.c diff --git a/src/ssl/wolfcrypt/arc4.c b/src/ssl/wolfssl/wolfcrypt/arc4.c similarity index 100% rename from src/ssl/wolfcrypt/arc4.c rename to src/ssl/wolfssl/wolfcrypt/arc4.c diff --git a/src/ssl/wolfcrypt/ascon.c b/src/ssl/wolfssl/wolfcrypt/ascon.c similarity index 100% rename from src/ssl/wolfcrypt/ascon.c rename to src/ssl/wolfssl/wolfcrypt/ascon.c diff --git a/src/ssl/wolfcrypt/asm.c b/src/ssl/wolfssl/wolfcrypt/asm.c similarity index 100% rename from src/ssl/wolfcrypt/asm.c rename to src/ssl/wolfssl/wolfcrypt/asm.c diff --git a/src/ssl/wolfcrypt/asn.c b/src/ssl/wolfssl/wolfcrypt/asn.c similarity index 100% rename from src/ssl/wolfcrypt/asn.c rename to src/ssl/wolfssl/wolfcrypt/asn.c diff --git a/src/ssl/wolfcrypt/blake2b.c b/src/ssl/wolfssl/wolfcrypt/blake2b.c similarity index 100% rename from src/ssl/wolfcrypt/blake2b.c rename to src/ssl/wolfssl/wolfcrypt/blake2b.c diff --git a/src/ssl/wolfcrypt/blake2s.c b/src/ssl/wolfssl/wolfcrypt/blake2s.c similarity index 100% rename from src/ssl/wolfcrypt/blake2s.c rename to src/ssl/wolfssl/wolfcrypt/blake2s.c diff --git a/src/ssl/wolfcrypt/camellia.c b/src/ssl/wolfssl/wolfcrypt/camellia.c similarity index 100% rename from src/ssl/wolfcrypt/camellia.c rename to src/ssl/wolfssl/wolfcrypt/camellia.c diff --git a/src/ssl/wolfcrypt/chacha.c b/src/ssl/wolfssl/wolfcrypt/chacha.c similarity index 100% rename from src/ssl/wolfcrypt/chacha.c rename to src/ssl/wolfssl/wolfcrypt/chacha.c diff --git a/src/ssl/wolfcrypt/chacha20_poly1305.c b/src/ssl/wolfssl/wolfcrypt/chacha20_poly1305.c similarity index 100% rename from src/ssl/wolfcrypt/chacha20_poly1305.c rename to src/ssl/wolfssl/wolfcrypt/chacha20_poly1305.c diff --git a/src/ssl/wolfcrypt/cmac.c b/src/ssl/wolfssl/wolfcrypt/cmac.c similarity index 100% rename from src/ssl/wolfcrypt/cmac.c rename to src/ssl/wolfssl/wolfcrypt/cmac.c diff --git a/src/ssl/wolfcrypt/coding.c b/src/ssl/wolfssl/wolfcrypt/coding.c similarity index 100% rename from src/ssl/wolfcrypt/coding.c rename to src/ssl/wolfssl/wolfcrypt/coding.c diff --git a/src/ssl/wolfcrypt/compress.c b/src/ssl/wolfssl/wolfcrypt/compress.c similarity index 100% rename from src/ssl/wolfcrypt/compress.c rename to src/ssl/wolfssl/wolfcrypt/compress.c diff --git a/src/ssl/wolfcrypt/cpuid.c b/src/ssl/wolfssl/wolfcrypt/cpuid.c similarity index 100% rename from src/ssl/wolfcrypt/cpuid.c rename to src/ssl/wolfssl/wolfcrypt/cpuid.c diff --git a/src/ssl/wolfcrypt/cryptocb.c b/src/ssl/wolfssl/wolfcrypt/cryptocb.c similarity index 100% rename from src/ssl/wolfcrypt/cryptocb.c rename to src/ssl/wolfssl/wolfcrypt/cryptocb.c diff --git a/src/ssl/wolfcrypt/curve25519.c b/src/ssl/wolfssl/wolfcrypt/curve25519.c similarity index 100% rename from src/ssl/wolfcrypt/curve25519.c rename to src/ssl/wolfssl/wolfcrypt/curve25519.c diff --git a/src/ssl/wolfcrypt/curve448.c b/src/ssl/wolfssl/wolfcrypt/curve448.c similarity index 100% rename from src/ssl/wolfcrypt/curve448.c rename to src/ssl/wolfssl/wolfcrypt/curve448.c diff --git a/src/ssl/wolfcrypt/des3.c b/src/ssl/wolfssl/wolfcrypt/des3.c similarity index 100% rename from src/ssl/wolfcrypt/des3.c rename to src/ssl/wolfssl/wolfcrypt/des3.c diff --git a/src/ssl/wolfcrypt/dh.c b/src/ssl/wolfssl/wolfcrypt/dh.c similarity index 100% rename from src/ssl/wolfcrypt/dh.c rename to src/ssl/wolfssl/wolfcrypt/dh.c diff --git a/src/ssl/wolfcrypt/dilithium.c b/src/ssl/wolfssl/wolfcrypt/dilithium.c similarity index 100% rename from src/ssl/wolfcrypt/dilithium.c rename to src/ssl/wolfssl/wolfcrypt/dilithium.c diff --git a/src/ssl/wolfcrypt/dsa.c b/src/ssl/wolfssl/wolfcrypt/dsa.c similarity index 100% rename from src/ssl/wolfcrypt/dsa.c rename to src/ssl/wolfssl/wolfcrypt/dsa.c diff --git a/src/ssl/wolfcrypt/ecc.c b/src/ssl/wolfssl/wolfcrypt/ecc.c similarity index 100% rename from src/ssl/wolfcrypt/ecc.c rename to src/ssl/wolfssl/wolfcrypt/ecc.c diff --git a/src/ssl/wolfcrypt/eccsi.c b/src/ssl/wolfssl/wolfcrypt/eccsi.c similarity index 100% rename from src/ssl/wolfcrypt/eccsi.c rename to src/ssl/wolfssl/wolfcrypt/eccsi.c diff --git a/src/ssl/wolfcrypt/ed25519.c b/src/ssl/wolfssl/wolfcrypt/ed25519.c similarity index 100% rename from src/ssl/wolfcrypt/ed25519.c rename to src/ssl/wolfssl/wolfcrypt/ed25519.c diff --git a/src/ssl/wolfcrypt/ed448.c b/src/ssl/wolfssl/wolfcrypt/ed448.c similarity index 100% rename from src/ssl/wolfcrypt/ed448.c rename to src/ssl/wolfssl/wolfcrypt/ed448.c diff --git a/src/ssl/wolfcrypt/error1.c b/src/ssl/wolfssl/wolfcrypt/error.c similarity index 100% rename from src/ssl/wolfcrypt/error1.c rename to src/ssl/wolfssl/wolfcrypt/error.c diff --git a/src/ssl/wolfcrypt/ext_lms.c b/src/ssl/wolfssl/wolfcrypt/ext_lms.c similarity index 100% rename from src/ssl/wolfcrypt/ext_lms.c rename to src/ssl/wolfssl/wolfcrypt/ext_lms.c diff --git a/src/ssl/wolfcrypt/ext_mlkem.c b/src/ssl/wolfssl/wolfcrypt/ext_mlkem.c similarity index 100% rename from src/ssl/wolfcrypt/ext_mlkem.c rename to src/ssl/wolfssl/wolfcrypt/ext_mlkem.c diff --git a/src/ssl/wolfcrypt/ext_xmss.c b/src/ssl/wolfssl/wolfcrypt/ext_xmss.c similarity index 100% rename from src/ssl/wolfcrypt/ext_xmss.c rename to src/ssl/wolfssl/wolfcrypt/ext_xmss.c diff --git a/src/ssl/wolfcrypt/falcon.c b/src/ssl/wolfssl/wolfcrypt/falcon.c similarity index 100% rename from src/ssl/wolfcrypt/falcon.c rename to src/ssl/wolfssl/wolfcrypt/falcon.c diff --git a/src/ssl/wolfcrypt/fe_448.c b/src/ssl/wolfssl/wolfcrypt/fe_448.c similarity index 100% rename from src/ssl/wolfcrypt/fe_448.c rename to src/ssl/wolfssl/wolfcrypt/fe_448.c diff --git a/src/ssl/wolfcrypt/fe_low_mem.c b/src/ssl/wolfssl/wolfcrypt/fe_low_mem.c similarity index 100% rename from src/ssl/wolfcrypt/fe_low_mem.c rename to src/ssl/wolfssl/wolfcrypt/fe_low_mem.c diff --git a/src/ssl/wolfcrypt/fe_operations.c b/src/ssl/wolfssl/wolfcrypt/fe_operations.c similarity index 100% rename from src/ssl/wolfcrypt/fe_operations.c rename to src/ssl/wolfssl/wolfcrypt/fe_operations.c diff --git a/src/ssl/wolfcrypt/fe_x25519_128.h b/src/ssl/wolfssl/wolfcrypt/fe_x25519_128.h similarity index 100% rename from src/ssl/wolfcrypt/fe_x25519_128.h rename to src/ssl/wolfssl/wolfcrypt/fe_x25519_128.h diff --git a/src/ssl/wolfcrypt/ge_448.c b/src/ssl/wolfssl/wolfcrypt/ge_448.c similarity index 100% rename from src/ssl/wolfcrypt/ge_448.c rename to src/ssl/wolfssl/wolfcrypt/ge_448.c diff --git a/src/ssl/wolfcrypt/ge_low_mem.c b/src/ssl/wolfssl/wolfcrypt/ge_low_mem.c similarity index 100% rename from src/ssl/wolfcrypt/ge_low_mem.c rename to src/ssl/wolfssl/wolfcrypt/ge_low_mem.c diff --git a/src/ssl/wolfcrypt/ge_operations.c b/src/ssl/wolfssl/wolfcrypt/ge_operations.c similarity index 100% rename from src/ssl/wolfcrypt/ge_operations.c rename to src/ssl/wolfssl/wolfcrypt/ge_operations.c diff --git a/src/ssl/wolfcrypt/hash.c b/src/ssl/wolfssl/wolfcrypt/hash.c similarity index 100% rename from src/ssl/wolfcrypt/hash.c rename to src/ssl/wolfssl/wolfcrypt/hash.c diff --git a/src/ssl/wolfcrypt/hmac.c b/src/ssl/wolfssl/wolfcrypt/hmac.c similarity index 100% rename from src/ssl/wolfcrypt/hmac.c rename to src/ssl/wolfssl/wolfcrypt/hmac.c diff --git a/src/ssl/wolfcrypt/hpke.c b/src/ssl/wolfssl/wolfcrypt/hpke.c similarity index 100% rename from src/ssl/wolfcrypt/hpke.c rename to src/ssl/wolfssl/wolfcrypt/hpke.c diff --git a/src/ssl/wolfcrypt/integer.c b/src/ssl/wolfssl/wolfcrypt/integer.c similarity index 100% rename from src/ssl/wolfcrypt/integer.c rename to src/ssl/wolfssl/wolfcrypt/integer.c diff --git a/src/ssl/wolfcrypt/kdf.c b/src/ssl/wolfssl/wolfcrypt/kdf.c similarity index 100% rename from src/ssl/wolfcrypt/kdf.c rename to src/ssl/wolfssl/wolfcrypt/kdf.c diff --git a/src/ssl/wolfcrypt/logging.c b/src/ssl/wolfssl/wolfcrypt/logging.c similarity index 100% rename from src/ssl/wolfcrypt/logging.c rename to src/ssl/wolfssl/wolfcrypt/logging.c diff --git a/src/ssl/wolfcrypt/md2.c b/src/ssl/wolfssl/wolfcrypt/md2.c similarity index 100% rename from src/ssl/wolfcrypt/md2.c rename to src/ssl/wolfssl/wolfcrypt/md2.c diff --git a/src/ssl/wolfcrypt/md4.c b/src/ssl/wolfssl/wolfcrypt/md4.c similarity index 100% rename from src/ssl/wolfcrypt/md4.c rename to src/ssl/wolfssl/wolfcrypt/md4.c diff --git a/src/ssl/wolfcrypt/md5.c b/src/ssl/wolfssl/wolfcrypt/md5.c similarity index 100% rename from src/ssl/wolfcrypt/md5.c rename to src/ssl/wolfssl/wolfcrypt/md5.c diff --git a/src/ssl/wolfcrypt/memory1.c b/src/ssl/wolfssl/wolfcrypt/memory.c similarity index 100% rename from src/ssl/wolfcrypt/memory1.c rename to src/ssl/wolfssl/wolfcrypt/memory.c diff --git a/src/ssl/wolfcrypt/pkcs12.c b/src/ssl/wolfssl/wolfcrypt/pkcs12.c similarity index 100% rename from src/ssl/wolfcrypt/pkcs12.c rename to src/ssl/wolfssl/wolfcrypt/pkcs12.c diff --git a/src/ssl/wolfcrypt/pkcs7.c b/src/ssl/wolfssl/wolfcrypt/pkcs7.c similarity index 100% rename from src/ssl/wolfcrypt/pkcs7.c rename to src/ssl/wolfssl/wolfcrypt/pkcs7.c diff --git a/src/ssl/wolfcrypt/poly1305.c b/src/ssl/wolfssl/wolfcrypt/poly1305.c similarity index 100% rename from src/ssl/wolfcrypt/poly1305.c rename to src/ssl/wolfssl/wolfcrypt/poly1305.c diff --git a/src/ssl/wolfcrypt/pwdbased.c b/src/ssl/wolfssl/wolfcrypt/pwdbased.c similarity index 100% rename from src/ssl/wolfcrypt/pwdbased.c rename to src/ssl/wolfssl/wolfcrypt/pwdbased.c diff --git a/src/ssl/wolfcrypt/random.c b/src/ssl/wolfssl/wolfcrypt/random.c similarity index 100% rename from src/ssl/wolfcrypt/random.c rename to src/ssl/wolfssl/wolfcrypt/random.c diff --git a/src/ssl/wolfcrypt/rc2.c b/src/ssl/wolfssl/wolfcrypt/rc2.c similarity index 100% rename from src/ssl/wolfcrypt/rc2.c rename to src/ssl/wolfssl/wolfcrypt/rc2.c diff --git a/src/ssl/wolfcrypt/ripemd.c b/src/ssl/wolfssl/wolfcrypt/ripemd.c similarity index 100% rename from src/ssl/wolfcrypt/ripemd.c rename to src/ssl/wolfssl/wolfcrypt/ripemd.c diff --git a/src/ssl/wolfcrypt/rsa.c b/src/ssl/wolfssl/wolfcrypt/rsa.c similarity index 100% rename from src/ssl/wolfcrypt/rsa.c rename to src/ssl/wolfssl/wolfcrypt/rsa.c diff --git a/src/ssl/wolfcrypt/sakke.c b/src/ssl/wolfssl/wolfcrypt/sakke.c similarity index 100% rename from src/ssl/wolfcrypt/sakke.c rename to src/ssl/wolfssl/wolfcrypt/sakke.c diff --git a/src/ssl/wolfcrypt/sha.c b/src/ssl/wolfssl/wolfcrypt/sha.c similarity index 100% rename from src/ssl/wolfcrypt/sha.c rename to src/ssl/wolfssl/wolfcrypt/sha.c diff --git a/src/ssl/wolfcrypt/sha256.c b/src/ssl/wolfssl/wolfcrypt/sha256.c similarity index 100% rename from src/ssl/wolfcrypt/sha256.c rename to src/ssl/wolfssl/wolfcrypt/sha256.c diff --git a/src/ssl/wolfcrypt/sha3.c b/src/ssl/wolfssl/wolfcrypt/sha3.c similarity index 100% rename from src/ssl/wolfcrypt/sha3.c rename to src/ssl/wolfssl/wolfcrypt/sha3.c diff --git a/src/ssl/wolfcrypt/sha512.c b/src/ssl/wolfssl/wolfcrypt/sha512.c similarity index 100% rename from src/ssl/wolfcrypt/sha512.c rename to src/ssl/wolfssl/wolfcrypt/sha512.c diff --git a/src/ssl/wolfcrypt/signature.c b/src/ssl/wolfssl/wolfcrypt/signature.c similarity index 100% rename from src/ssl/wolfcrypt/signature.c rename to src/ssl/wolfssl/wolfcrypt/signature.c diff --git a/src/ssl/wolfcrypt/siphash.c b/src/ssl/wolfssl/wolfcrypt/siphash.c similarity index 100% rename from src/ssl/wolfcrypt/siphash.c rename to src/ssl/wolfssl/wolfcrypt/siphash.c diff --git a/src/ssl/wolfcrypt/sp_arm32.c b/src/ssl/wolfssl/wolfcrypt/sp_arm32.c similarity index 100% rename from src/ssl/wolfcrypt/sp_arm32.c rename to src/ssl/wolfssl/wolfcrypt/sp_arm32.c diff --git a/src/ssl/wolfcrypt/sp_arm64.c b/src/ssl/wolfssl/wolfcrypt/sp_arm64.c similarity index 100% rename from src/ssl/wolfcrypt/sp_arm64.c rename to src/ssl/wolfssl/wolfcrypt/sp_arm64.c diff --git a/src/ssl/wolfcrypt/sp_armthumb.c b/src/ssl/wolfssl/wolfcrypt/sp_armthumb.c similarity index 100% rename from src/ssl/wolfcrypt/sp_armthumb.c rename to src/ssl/wolfssl/wolfcrypt/sp_armthumb.c diff --git a/src/ssl/wolfcrypt/sp_c32.c b/src/ssl/wolfssl/wolfcrypt/sp_c32.c similarity index 100% rename from src/ssl/wolfcrypt/sp_c32.c rename to src/ssl/wolfssl/wolfcrypt/sp_c32.c diff --git a/src/ssl/wolfcrypt/sp_c64.c b/src/ssl/wolfssl/wolfcrypt/sp_c64.c similarity index 100% rename from src/ssl/wolfcrypt/sp_c64.c rename to src/ssl/wolfssl/wolfcrypt/sp_c64.c diff --git a/src/ssl/wolfcrypt/sp_cortexm.c b/src/ssl/wolfssl/wolfcrypt/sp_cortexm.c similarity index 100% rename from src/ssl/wolfcrypt/sp_cortexm.c rename to src/ssl/wolfssl/wolfcrypt/sp_cortexm.c diff --git a/src/ssl/wolfcrypt/sp_dsp32.c b/src/ssl/wolfssl/wolfcrypt/sp_dsp32.c similarity index 100% rename from src/ssl/wolfcrypt/sp_dsp32.c rename to src/ssl/wolfssl/wolfcrypt/sp_dsp32.c diff --git a/src/ssl/wolfcrypt/sp_int.c b/src/ssl/wolfssl/wolfcrypt/sp_int.c similarity index 100% rename from src/ssl/wolfcrypt/sp_int.c rename to src/ssl/wolfssl/wolfcrypt/sp_int.c diff --git a/src/ssl/wolfcrypt/sp_x86_64.c b/src/ssl/wolfssl/wolfcrypt/sp_x86_64.c similarity index 100% rename from src/ssl/wolfcrypt/sp_x86_64.c rename to src/ssl/wolfssl/wolfcrypt/sp_x86_64.c diff --git a/src/ssl/wolfcrypt/sphincs.c b/src/ssl/wolfssl/wolfcrypt/sphincs.c similarity index 100% rename from src/ssl/wolfcrypt/sphincs.c rename to src/ssl/wolfssl/wolfcrypt/sphincs.c diff --git a/src/ssl/wolfcrypt/srp.c b/src/ssl/wolfssl/wolfcrypt/srp.c similarity index 100% rename from src/ssl/wolfcrypt/srp.c rename to src/ssl/wolfssl/wolfcrypt/srp.c diff --git a/src/ssl/wolfcrypt/tfm.c b/src/ssl/wolfssl/wolfcrypt/tfm.c similarity index 100% rename from src/ssl/wolfcrypt/tfm.c rename to src/ssl/wolfssl/wolfcrypt/tfm.c diff --git a/src/ssl/wolfcrypt/wc_dsp.c b/src/ssl/wolfssl/wolfcrypt/wc_dsp.c similarity index 100% rename from src/ssl/wolfcrypt/wc_dsp.c rename to src/ssl/wolfssl/wolfcrypt/wc_dsp.c diff --git a/src/ssl/wolfcrypt/wc_encrypt.c b/src/ssl/wolfssl/wolfcrypt/wc_encrypt.c similarity index 100% rename from src/ssl/wolfcrypt/wc_encrypt.c rename to src/ssl/wolfssl/wolfcrypt/wc_encrypt.c diff --git a/src/ssl/wolfcrypt/wc_lms.c b/src/ssl/wolfssl/wolfcrypt/wc_lms.c similarity index 100% rename from src/ssl/wolfcrypt/wc_lms.c rename to src/ssl/wolfssl/wolfcrypt/wc_lms.c diff --git a/src/ssl/wolfcrypt/wc_lms_impl.c b/src/ssl/wolfssl/wolfcrypt/wc_lms_impl.c similarity index 100% rename from src/ssl/wolfcrypt/wc_lms_impl.c rename to src/ssl/wolfssl/wolfcrypt/wc_lms_impl.c diff --git a/src/ssl/wolfcrypt/wc_mlkem.c b/src/ssl/wolfssl/wolfcrypt/wc_mlkem.c similarity index 100% rename from src/ssl/wolfcrypt/wc_mlkem.c rename to src/ssl/wolfssl/wolfcrypt/wc_mlkem.c diff --git a/src/ssl/wolfcrypt/wc_mlkem_poly.c b/src/ssl/wolfssl/wolfcrypt/wc_mlkem_poly.c similarity index 100% rename from src/ssl/wolfcrypt/wc_mlkem_poly.c rename to src/ssl/wolfssl/wolfcrypt/wc_mlkem_poly.c diff --git a/src/ssl/wolfcrypt/wc_pkcs11.c b/src/ssl/wolfssl/wolfcrypt/wc_pkcs11.c similarity index 100% rename from src/ssl/wolfcrypt/wc_pkcs11.c rename to src/ssl/wolfssl/wolfcrypt/wc_pkcs11.c diff --git a/src/ssl/wolfcrypt/wc_port.c b/src/ssl/wolfssl/wolfcrypt/wc_port.c similarity index 100% rename from src/ssl/wolfcrypt/wc_port.c rename to src/ssl/wolfssl/wolfcrypt/wc_port.c diff --git a/src/ssl/wolfcrypt/wc_xmss.c b/src/ssl/wolfssl/wolfcrypt/wc_xmss.c similarity index 100% rename from src/ssl/wolfcrypt/wc_xmss.c rename to src/ssl/wolfssl/wolfcrypt/wc_xmss.c diff --git a/src/ssl/wolfcrypt/wc_xmss_impl.c b/src/ssl/wolfssl/wolfcrypt/wc_xmss_impl.c similarity index 100% rename from src/ssl/wolfcrypt/wc_xmss_impl.c rename to src/ssl/wolfssl/wolfcrypt/wc_xmss_impl.c diff --git a/src/ssl/wolfcrypt/wolfevent.c b/src/ssl/wolfssl/wolfcrypt/wolfevent.c similarity index 100% rename from src/ssl/wolfcrypt/wolfevent.c rename to src/ssl/wolfssl/wolfcrypt/wolfevent.c diff --git a/src/ssl/wolfcrypt/wolfmath.c b/src/ssl/wolfssl/wolfcrypt/wolfmath.c similarity index 100% rename from src/ssl/wolfcrypt/wolfmath.c rename to src/ssl/wolfssl/wolfcrypt/wolfmath.c diff --git a/test/.gitattributes b/test/.gitattributes new file mode 100644 index 000000000..783feddac --- /dev/null +++ b/test/.gitattributes @@ -0,0 +1 @@ +ssl/vectors/tests/*.conf eol=lf diff --git a/test/main.cpp b/test/main.cpp index 0a381a003..6b3cc88be 100644 --- a/test/main.cpp +++ b/test/main.cpp @@ -17,4 +17,5 @@ * along with this program. If not, see . */ #define BOOST_TEST_MODULE libbitcoin_network_test + #include diff --git a/test/ssl/vectors/certs/ca-ecc-cert.pem b/test/ssl/vectors/certs/ca-ecc-cert.pem new file mode 100644 index 000000000..6987fbd5e --- /dev/null +++ b/test/ssl/vectors/certs/ca-ecc-cert.pem @@ -0,0 +1,53 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 29:66:97:2b:07:5d:f1:5b:37:1e:e8:5f:10:1c:c4:e9:aa:99:b7:73 + Signature Algorithm: ecdsa-with-SHA256 + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Validity + Not Before: Nov 13 20:41:12 2025 GMT + Not After : Aug 9 20:41:12 2028 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:02:d3:d9:6e:d6:01:8e:45:c8:b9:90:31:e5:c0: + 4c:e3:9e:ad:29:38:98:ba:10:d6:e9:09:2a:80:a9: + 2e:17:2a:b9:8a:bf:33:83:46:e3:95:0b:e4:77:40: + b5:3b:43:45:33:0f:61:53:7c:37:44:c1:cb:fc:80: + ca:e8:43:ea:a7 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Subject Key Identifier: + 56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21 + X509v3 Authority Key Identifier: + 56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Signature Algorithm: ecdsa-with-SHA256 + Signature Value: + 30:44:02:20:40:55:70:46:7a:a1:eb:b5:c8:53:a7:78:b3:f3: + b7:16:92:c5:9b:34:90:d5:44:68:a7:03:9b:9f:db:78:f0:51: + 02:20:61:a8:3a:c9:ff:ff:e9:63:c7:a7:14:d4:19:d2:9e:77: + 55:47:93:d1:7a:68:50:86:48:8f:3b:97:87:50:f5:42 +-----BEGIN CERTIFICATE----- +MIIClDCCAjugAwIBAgIUKWaXKwdd8Vs3HuhfEBzE6aqZt3MwCgYIKoZIzj0EAwIw +gZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT +ZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEY +MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv +bGZzc2wuY29tMB4XDTI1MTExMzIwNDExMloXDTI4MDgwOTIwNDExMlowgZcxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl +MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UE +AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEAtPZbtYBjkXIuZAx5cBM456t +KTiYuhDW6QkqgKkuFyq5ir8zg0bjlQvkd0C1O0NFMw9hU3w3RMHL/IDK6EPqp6Nj +MGEwHQYDVR0OBBYEFFaOmsPwQt4YuUVVbvmTz+rD86UhMB8GA1UdIwQYMBaAFFaO +msPwQt4YuUVVbvmTz+rD86UhMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQD +AgGGMAoGCCqGSM49BAMCA0cAMEQCIEBVcEZ6oeu1yFOneLPztxaSxZs0kNVEaKcD +m5/bePBRAiBhqDrJ///pY8enFNQZ0p53VUeT0XpoUIZIjzuXh1D1Qg== +-----END CERTIFICATE----- diff --git a/test/ssl/vectors/certs/ca-ecc384-cert.pem b/test/ssl/vectors/certs/ca-ecc384-cert.pem new file mode 100644 index 000000000..3ee5a91c3 --- /dev/null +++ b/test/ssl/vectors/certs/ca-ecc384-cert.pem @@ -0,0 +1,59 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 5f:b1:4e:91:98:c0:60:33:b2:ae:31:e4:61:c7:80:1a:f5:be:40:b7 + Signature Algorithm: ecdsa-with-SHA384 + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Validity + Not Before: Nov 13 20:41:12 2025 GMT + Not After : Aug 9 20:41:12 2028 GMT + Subject: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (384 bit) + pub: + 04:ee:82:d4:39:9a:b1:27:82:f4:d7:ea:c6:bc:03: + 1d:4d:83:61:f4:03:ae:7e:bd:d8:5a:a5:b9:f0:8e: + a2:a5:da:ce:87:3b:5a:ab:44:16:9c:f5:9f:62:dd: + f6:20:cd:9c:76:3c:40:b1:3f:97:17:df:59:f6:cd: + de:cd:46:35:c0:ed:5e:2e:48:b6:66:91:71:74:b7: + 0c:3f:b9:9a:b7:83:bd:93:3f:5f:50:2d:70:3f:de: + 35:25:e1:90:3b:86:e0 + ASN1 OID: secp384r1 + NIST CURVE: P-384 + X509v3 extensions: + X509v3 Subject Key Identifier: + AB:E0:C3:26:4C:18:D4:72:BB:D2:84:8C:9C:0A:05:92:80:12:53:52 + X509v3 Authority Key Identifier: + AB:E0:C3:26:4C:18:D4:72:BB:D2:84:8C:9C:0A:05:92:80:12:53:52 + X509v3 Basic Constraints: critical + CA:TRUE + X509v3 Key Usage: critical + Digital Signature, Certificate Sign, CRL Sign + Signature Algorithm: ecdsa-with-SHA384 + Signature Value: + 30:65:02:31:00:a8:5a:b8:bb:38:90:e1:3e:39:e0:28:66:19: + 69:39:3b:ac:94:a8:5d:d8:03:60:76:29:88:f9:23:3e:22:31: + 19:df:0d:c4:c0:11:ec:89:38:a1:a5:01:96:87:e5:29:66:02: + 30:42:c8:cc:cf:fe:c1:33:f3:a4:79:f2:6a:df:6a:69:d9:bd: + 18:f0:13:ae:f8:0d:d4:8f:02:e7:b1:43:89:ae:2a:f8:cb:30: + 0e:96:7d:06:22:83:06:75:8c:4d:ff:c4:59 +-----BEGIN CERTIFICATE----- +MIIC0jCCAligAwIBAgIUX7FOkZjAYDOyrjHkYceAGvW+QLcwCgYIKoZIzj0EAwMw +gZcxCzAJBgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdT +ZWF0dGxlMRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEY +MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv +bGZzc2wuY29tMB4XDTI1MTExMzIwNDExMloXDTI4MDgwOTIwNDExMlowgZcxCzAJ +BgNVBAYTAlVTMRMwEQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxl +MRAwDgYDVQQKDAd3b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UE +AwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wu +Y29tMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAE7oLUOZqxJ4L01+rGvAMdTYNh9AOu +fr3YWqW58I6ipdrOhztaq0QWnPWfYt32IM2cdjxAsT+XF99Z9s3ezUY1wO1eLki2 +ZpFxdLcMP7mat4O9kz9fUC1wP941JeGQO4bgo2MwYTAdBgNVHQ4EFgQUq+DDJkwY +1HK70oSMnAoFkoASU1IwHwYDVR0jBBgwFoAUq+DDJkwY1HK70oSMnAoFkoASU1Iw +DwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwMDaAAw +ZQIxAKhauLs4kOE+OeAoZhlpOTuslKhd2ANgdimI+SM+IjEZ3w3EwBHsiTihpQGW +h+UpZgIwQsjMz/7BM/OkefJq32pp2b0Y8BOu+A3UjwLnsUOJrir4yzAOln0GIoMG +dYxN/8RZ +-----END CERTIFICATE----- diff --git a/test/ssl/vectors/certs/ca-ecc384-key.der b/test/ssl/vectors/certs/ca-ecc384-key.der new file mode 100644 index 000000000..073ddfdd6 Binary files /dev/null and b/test/ssl/vectors/certs/ca-ecc384-key.der differ diff --git a/test/ssl/vectors/certs/ca-ecc384-key.pem b/test/ssl/vectors/certs/ca-ecc384-key.pem new file mode 100644 index 000000000..7201cd5ee --- /dev/null +++ b/test/ssl/vectors/certs/ca-ecc384-key.pem @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB7FuPW0oGUbIrdqHju +x36zxdHbLvPtDkiFsfLhejlWwPFiEg81tzm8nCXAduv+VXChZANiAATugtQ5mrEn +gvTX6sa8Ax1Ng2H0A65+vdhapbnwjqKl2s6HO1qrRBac9Z9i3fYgzZx2PECxP5cX +31n2zd7NRjXA7V4uSLZmkXF0tww/uZq3g72TP19QLXA/3jUl4ZA7huA= +-----END PRIVATE KEY----- diff --git a/test/ssl/vectors/certs/client-ecc384-cert.pem b/test/ssl/vectors/certs/client-ecc384-cert.pem new file mode 100644 index 000000000..0a357061c --- /dev/null +++ b/test/ssl/vectors/certs/client-ecc384-cert.pem @@ -0,0 +1,18 @@ +-----BEGIN CERTIFICATE----- +MIIC8DCCAnagAwIBAgICEAIwCgYIKoZIzj0EAwMwgZcxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCAXDTI1MTEx +MzIwNDEwN1oYDzIwNTUxMTA2MjA0MTA3WjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlw +dGljMRMwEQYDVQQLDApFQ0MzODRDbGl0MRgwFgYDVQQDDA93d3cud29sZnNzbC5j +b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wdjAQBgcqhkjOPQIB +BgUrgQQAIgNiAARmxAg9ZqehFdRTCiOzrQvOj8j0mB2m2LJuIhH6ue+ZwPopPkgA ++f7CpkobpxKoa5BMHLusXW4OYs5wIPdDd9iXx3TTaP6J7HfLGS+JSh13+ZdLZgJo +pWKvlYHL4yQ264WjgZAwgY0wCQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAw +HQYDVR0OBBYEFB7y0Bv4/KXLP9yK9ZcqQlOwQvnUMB8GA1UdIwQYMBaAFKvgwyZM +GNRyu9KEjJwKBZKAElNSMA4GA1UdDwEB/wQEAwIF4DAdBgNVHSUEFjAUBggrBgEF +BQcDAgYIKwYBBQUHAwQwCgYIKoZIzj0EAwMDaAAwZQIwNYNL+eFhS245CekwHZcO +hqtr/n3pV6UvAoVIEWGd8FNcvh+LoH3xIqX75i3P7eDKAjEA/CKA7PyQ3hGgHPA6 +PsMjXhW+VTShvuH8iJ5qJBSSRAiIwkakqLN0+Yl5Ev6bkNYf +-----END CERTIFICATE----- diff --git a/test/ssl/vectors/certs/client-ecc384-key.pem b/test/ssl/vectors/certs/client-ecc384-key.pem new file mode 100644 index 000000000..c12526d3d --- /dev/null +++ b/test/ssl/vectors/certs/client-ecc384-key.pem @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDB1nVO7/TbLqFdjldpO +TH23WVi/DIOkNaLUNEpfkh3gbrWk1AQ2OgnmrBSgMI8FN5ahZANiAARmxAg9Zqeh +FdRTCiOzrQvOj8j0mB2m2LJuIhH6ue+ZwPopPkgA+f7CpkobpxKoa5BMHLusXW4O +Ys5wIPdDd9iXx3TTaP6J7HfLGS+JSh13+ZdLZgJopWKvlYHL4yQ264U= +-----END PRIVATE KEY----- diff --git a/test/ssl/vectors/certs/ecc-key.der b/test/ssl/vectors/certs/ecc-key.der new file mode 100644 index 000000000..a88d141e0 Binary files /dev/null and b/test/ssl/vectors/certs/ecc-key.der differ diff --git a/test/ssl/vectors/certs/ecc-key.pem b/test/ssl/vectors/certs/ecc-key.pem new file mode 100644 index 000000000..03e7a617c --- /dev/null +++ b/test/ssl/vectors/certs/ecc-key.pem @@ -0,0 +1,9 @@ +ASN1 OID: prime256v1 +-----BEGIN EC PARAMETERS----- +BggqhkjOPQMBBw== +-----END EC PARAMETERS----- +-----BEGIN EC PRIVATE KEY----- +MHcCAQEEIEW2aQJznGyFoThbcujox6zEA41TNQT6bCjcNI3hqAmMoAoGCCqGSM49 +AwEHoUQDQgAEuzOsTCdQSsZKpQTDPN6fNttyLc6U6iv6yyAJOSwW6GEC6a9N0wKT +mjFbl5Ihf/DPGNqREQI0huggWDMLgDSJ2A== +-----END EC PRIVATE KEY----- diff --git a/test/ssl/vectors/certs/ecc-privOnlyCert.pem b/test/ssl/vectors/certs/ecc-privOnlyCert.pem new file mode 100644 index 000000000..056b8a06c --- /dev/null +++ b/test/ssl/vectors/certs/ecc-privOnlyCert.pem @@ -0,0 +1,10 @@ +-----BEGIN CERTIFICATE----- +MIIBVzCB/aADAgECAhQ4ukTJqclv2S12DIvPILd3l7T3MTAKBggqhkjOPQQDAjAa +MQswCQYDVQQKDAJXUjELMAkGA1UEAwwCREUwHhcNMjUxMTEzMjA0MTE2WhcNMjgw +ODA5MjA0MTE2WjAaMQswCQYDVQQKDAJXUjELMAkGA1UEAwwCREUwWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAAQlwP0WuCvyuAoe3azOYlJ8WApgfVd12r0RwdUq6lRr +duY9NvfdUZdrqCb+e6a9llWFUJ2afmkB2ENFidn+SismoyEwHzAdBgNVHQ4EFgQU +srENBaxqDKGtkgp+x+FoVjVAGeowCgYIKoZIzj0EAwIDSQAwRgIhAPNFDJz5zhDc +7PP+zNWwsMqLKF7CX0YjKL8f9aCOAqZTAiEA374DH7CDzDXOdsQsaucqCLDYCtA8 +S8qvfyNKHeqoHgU= +-----END CERTIFICATE----- diff --git a/test/ssl/vectors/certs/ecc-privOnlyKey.pem b/test/ssl/vectors/certs/ecc-privOnlyKey.pem new file mode 100644 index 000000000..6c1070152 --- /dev/null +++ b/test/ssl/vectors/certs/ecc-privOnlyKey.pem @@ -0,0 +1,4 @@ +-----BEGIN PRIVATE KEY----- +MEECAQAwEwYHKoZIzj0CAQYIKoZIzj0DAQcEJzAlAgEBBCBmlE/nixmHCpmplUopbqNEo+jJE40p +wfkxzH01tAWqcQ== +-----END PRIVATE KEY----- diff --git a/test/ssl/vectors/certs/entity-no-ca-bool-cert.pem b/test/ssl/vectors/certs/entity-no-ca-bool-cert.pem new file mode 100644 index 000000000..2700c53fb --- /dev/null +++ b/test/ssl/vectors/certs/entity-no-ca-bool-cert.pem @@ -0,0 +1,184 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Validity + Not Before: Nov 13 20:41:16 2025 GMT + Not After : Aug 9 20:41:16 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=NoCaBool, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:eb:52:8d:b0:d8:01:6b:f7:16:50:fe:34:a3:86: + 1b:e8:49:50:b1:6f:6a:3f:af:de:6c:d1:af:25:9c: + ab:21:fc:d1:3f:45:dc:86:1d:57:04:9e:9c:56:ff: + 66:af:78:4b:85:7c:71:bc:6b:79:a9:63:21:f4:88: + 1e:6f:b9:53:58:b0:4d:93:b5:a7:e5:9c:80:3b:d9: + fb:f4:47:fe:46:f1:e7:7e:59:1d:e7:21:11:6b:96: + a0:d7:3b:de:ba:06:61:eb:03:d4:74:b7:b4:93:f4: + 38:34:db:9f:58:dc:d7:fa:ee:fe:56:69:b8:97:af: + 5b:ca:56:40:30:11:1c:26:40:a6:1f:1c:bb:d6:e0: + ff:1e:a4:57:35:e3:74:ab:49:a1:87:95:2f:8a:77: + 0a:b1:65:a0:8f:d3:5a:ac:04:93:cc:50:83:42:64: + ab:12:fa:2e:af:2b:ea:b1:73:7b:ce:33:c3:68:23: + 27:f0:75:f4:0b:82:1e:ae:21:00:4f:fc:26:17:75: + 84:9b:e0:31:de:59:83:aa:45:f9:82:cb:3e:dd:22: + ee:ce:7c:0c:06:dc:cc:61:25:7e:7a:64:e9:c5:06: + 57:d3:c1:61:53:59:82:32:c6:cf:1d:70:87:44:3d: + b7:52:e5:56:67:e3:16:7b:bb:48:98:8d:54:c1:85: + aa:57 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + EF:F4:8B:86:CE:75:EF:DC:E1:F8:23:1E:1A:B8:3B:8D:98:09:88:E7 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:3F:29:11:20:57:71:E7:8E:F9:18:0D:CA:70:4D:5B:15:2A:43:D6:24 + X509v3 Basic Constraints: + CA:FALSE, pathlen:0 + X509v3 Key Usage: + Digital Signature + X509v3 Extended Key Usage: + TLS Web Client Authentication, TLS Web Server Authentication + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 95:6e:d9:b6:c8:ba:6b:24:bc:5a:f6:87:09:b0:39:4b:1c:8d: + 6a:a9:b6:c7:86:a9:e2:5d:9e:ae:27:a5:03:4c:cb:2b:65:6c: + c1:fe:8a:90:c8:8d:53:bb:8e:c7:ac:c0:53:90:a9:4c:ba:db: + f0:24:08:4e:bc:31:e4:e7:d7:81:31:00:9e:f4:32:06:fc:26: + 95:4f:12:34:62:ba:c2:dc:0a:5c:54:c0:6d:60:33:0e:21:99: + 63:7f:46:09:dc:22:32:f6:cd:fb:6c:9c:96:94:39:d1:c9:e4: + 98:83:a0:c4:56:88:d9:fe:5a:cc:01:ca:18:a1:fc:a8:6a:40: + 8f:4a:23:f7:ed:9d:b6:c7:43:46:5c:13:b6:65:be:0e:ce:63: + 1b:f8:c9:7a:44:32:f4:b8:f0:fc:d3:7e:39:6a:55:de:bc:f4: + 3d:cc:70:1a:f1:ff:11:c8:a3:81:1b:8c:54:4e:bd:06:01:7f: + 7d:2e:1b:bd:4b:a4:ff:a3:19:aa:4c:d6:0d:41:09:6d:65:31: + ed:bd:fd:ab:43:b9:a0:93:ca:15:ae:22:d4:81:e5:21:d8:e0: + aa:da:01:40:fe:3e:5d:78:e4:71:50:5c:61:63:48:d6:ec:92: + 6e:45:64:85:ac:d3:b5:0b:f3:fc:2e:fc:2c:5d:e2:39:bc:64: + b8:65:cc:22 +-----BEGIN CERTIFICATE----- +MIIE2DCCA8CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh +d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjUxMTEz +MjA0MTE2WhcNMjgwODA5MjA0MTE2WjCBkTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxETAP +BgNVBAsMCE5vQ2FCb29sMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkq +hkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IB +DwAwggEKAoIBAQDrUo2w2AFr9xZQ/jSjhhvoSVCxb2o/r95s0a8lnKsh/NE/RdyG +HVcEnpxW/2aveEuFfHG8a3mpYyH0iB5vuVNYsE2TtaflnIA72fv0R/5G8ed+WR3n +IRFrlqDXO966BmHrA9R0t7ST9Dg0259Y3Nf67v5WabiXr1vKVkAwERwmQKYfHLvW +4P8epFc143SrSaGHlS+KdwqxZaCP01qsBJPMUINCZKsS+i6vK+qxc3vOM8NoIyfw +dfQLgh6uIQBP/CYXdYSb4DHeWYOqRfmCyz7dIu7OfAwG3MxhJX56ZOnFBlfTwWFT +WYIyxs8dcIdEPbdS5VZn4xZ7u0iYjVTBhapXAgMBAAGjggE0MIIBMDAdBgNVHQ4E +FgQU7/SLhs5179zh+CMeGrg7jZgJiOcwgdQGA1UdIwSBzDCByYAUJ45nEXTDJh0/ +7TNjs6TYHTDl6NWhgZqkgZcwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250 +YW5hMRAwDgYDVQQHDAdCb3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UE +CwwKQ29uc3VsdGluZzEYMBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZI +hvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tghQ/KREgV3HnjvkYDcpwTVsVKkPWJDAM +BgNVHRMEBTADAgEAMAsGA1UdDwQEAwIHgDAdBgNVHSUEFjAUBggrBgEFBQcDAgYI +KwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAJVu2bbIumskvFr2hwmwOUscjWqp +tseGqeJdnq4npQNMyytlbMH+ipDIjVO7jseswFOQqUy62/AkCE68MeTn14ExAJ70 +Mgb8JpVPEjRiusLcClxUwG1gMw4hmWN/RgncIjL2zftsnJaUOdHJ5JiDoMRWiNn+ +WswByhih/KhqQI9KI/ftnbbHQ0ZcE7Zlvg7OYxv4yXpEMvS48PzTfjlqVd689D3M +cBrx/xHIo4EbjFROvQYBf30uG71LpP+jGapM1g1BCW1lMe29/atDuaCTyhWuItSB +5SHY4KraAUD+Pl145HFQXGFjSNbskm5FZIWs07UL8/wu/Cxd4jm8ZLhlzCI= +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3f:29:11:20:57:71:e7:8e:f9:18:0d:ca:70:4d:5b:15:2a:43:d6:24 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Validity + Not Before: Nov 13 20:41:11 2025 GMT + Not After : Aug 9 20:41:11 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: + f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: + de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: + 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: + 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: + 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: + a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: + a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: + 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: + 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: + 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: + 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: + de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: + cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: + b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: + 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: + ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: + 36:79 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:3F:29:11:20:57:71:E7:8E:F9:18:0D:CA:70:4D:5B:15:2A:43:D6:24 + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Alternative Name: + DNS:example.com, IP Address:127.0.0.1 + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 0f:ae:89:d5:68:e4:41:f8:9b:e0:c5:61:06:57:ff:a0:92:0f: + b2:ed:d3:99:5b:99:5e:32:7e:97:c7:af:6c:fe:8c:a6:ae:32: + a1:0d:ca:cd:fc:18:e5:d1:f8:20:5b:5a:38:81:46:5b:48:87: + a5:3f:3b:7b:c7:ea:f5:35:29:31:15:39:38:5d:48:e6:01:81: + 5c:5e:7c:10:f5:16:e3:59:af:44:c8:b5:8d:c1:32:23:b3:b8: + 12:6e:5c:8d:e6:c2:d2:41:03:eb:17:42:e2:7f:bc:00:5d:a5: + 31:ef:c6:48:ee:db:cc:e0:f1:56:f5:d4:ca:45:a1:59:b5:e4: + d7:60:9c:57:e0:a7:5a:f2:35:1e:a0:22:db:5e:1c:0c:61:bd: + a1:c5:7b:9f:69:f2:d5:95:e2:bc:52:b9:1d:9c:2c:da:b6:73: + 75:4a:84:e5:94:b8:19:4d:dd:70:bd:7f:4c:b9:17:6a:58:16: + 89:22:44:37:57:55:26:42:e3:b7:e5:c7:2b:40:0c:e9:e4:7f: + 52:75:df:06:c9:fb:01:44:34:ac:20:3c:b4:be:2b:3e:ef:85: + 38:96:5b:9b:1e:25:86:18:4c:a4:06:70:06:6a:c8:4b:6f:5f: + c4:05:1f:03:62:30:11:61:bc:c1:40:31:66:dc:64:f0:4f:6b: + b9:ec:c8:29 +-----BEGIN CERTIFICATE----- +MIIE/zCCA+egAwIBAgIUPykRIFdx5475GA3KcE1bFSpD1iQwDQYJKoZIhvcNAQEL +BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC +b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY +MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv +bGZzc2wuY29tMB4XDTI1MTExMzIwNDExMVoXDTI4MDgwOTIwNDExMVowgZQxCzAJ +BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw +DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP +d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRCW804H0ry +TXUQ8bY1n9/KfQOY06zeA2buKvHYsH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQ +u2lSEAMvqPOVxfGLYlYb72dvpBBBla0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkc +rMft8nyVsJWCfUlcOM13Je+9gHVTlDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfa +QG/YIdxzG0ItU5z+Gvx9q3o2P5jehHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+j +JtK3b7FaF9c4mQj+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02 +eQIDAQABo4IBRTCCAUEwHQYDVR0OBBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHU +BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU +PykRIFdx5475GA3KcE1bFSpD1iQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl +eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw +DQYJKoZIhvcNAQELBQADggEBAA+uidVo5EH4m+DFYQZX/6CSD7Lt05lbmV4yfpfH +r2z+jKauMqENys38GOXR+CBbWjiBRltIh6U/O3vH6vU1KTEVOThdSOYBgVxefBD1 +FuNZr0TItY3BMiOzuBJuXI3mwtJBA+sXQuJ/vABdpTHvxkju28zg8Vb11MpFoVm1 +5NdgnFfgp1ryNR6gItteHAxhvaHFe59p8tWV4rxSuR2cLNq2c3VKhOWUuBlN3XC9 +f0y5F2pYFokiRDdXVSZC47flxytADOnkf1J13wbJ+wFENKwgPLS+Kz7vhTiWW5se +JYYYTKQGcAZqyEtvX8QFHwNiMBFhvMFAMWbcZPBPa7nsyCk= +-----END CERTIFICATE----- diff --git a/test/ssl/vectors/certs/entity-no-ca-bool-key.pem b/test/ssl/vectors/certs/entity-no-ca-bool-key.pem new file mode 100644 index 000000000..30c2f630a --- /dev/null +++ b/test/ssl/vectors/certs/entity-no-ca-bool-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpAIBAAKCAQEA61KNsNgBa/cWUP40o4Yb6ElQsW9qP6/ebNGvJZyrIfzRP0Xc +hh1XBJ6cVv9mr3hLhXxxvGt5qWMh9Igeb7lTWLBNk7Wn5ZyAO9n79Ef+RvHnflkd +5yERa5ag1zveugZh6wPUdLe0k/Q4NNufWNzX+u7+Vmm4l69bylZAMBEcJkCmHxy7 +1uD/HqRXNeN0q0mhh5UvincKsWWgj9NarASTzFCDQmSrEvouryvqsXN7zjPDaCMn +8HX0C4IeriEAT/wmF3WEm+Ax3lmDqkX5gss+3SLuznwMBtzMYSV+emTpxQZX08Fh +U1mCMsbPHXCHRD23UuVWZ+MWe7tImI1UwYWqVwIDAQABAoIBAQCbAnw3O3JkThSz +MWA3P0Xu0yyGVN/mJ9EaWV1IJ1VLRCAJz9kdtwH1Fw3g+MgJWfJVcc3x0dIIVDav +v2JdMfTG/Qt8+zInu9l0k3i2Rx4mWX6l6coaz9uLxWMZpGRooX+qsZEneUNIGp1T +pD/o50CWGQwMnANuV6LdO8d4YizqvHO7N3QQqYLb80KnvbjOdqR3hApV2B/fehqP +ye+b7ThJpiSSxcY/CA0bBDFU8fZUyDxgaqyu5NbkFnT2m6JUfpQXef3FaYb2934Z +EkvsLMciWYQJ4jNtaUFoFxYADw8ZDp8d9VV6BxxykcdwAbd6F9y5pmYPq8/hkLDJ +9AbXXTLxAoGBAPuyE7i4ktHwFDNLKKp2olF49dYr8onr9JuuIwWihRNnR7I4CyFq +/vcyatLysGwWRZtqwPIjBoqSdN+TvY763fyIn8gtFFlGNk1YLDNb3cXV8MBaaXhm +niJDvVg+mdj8tFUzjQVyv+CJV2Ow9LWVk1wU1wbKIdzIWInchc0aLhI9AoGBAO9Y +y3x+bAsEI4isnbq6J2t9EowJQ7mSUxuSEa7v+GDXeEnIVZ4rWo8mmEq/p9jHM+YF +JVBfI6OhFVpBoUOHL4u2MrMscXhPqGgSB7eSvlhJntpnjwpfF+COel2sNW6MNAbk +WZRGnfs4ImyEI0BBSKXto0mLH5M2ZpXrjEZwTJwjAoGAeTLo+Dw4xsr6jzCT5nG1 ++9FpX7ZN1kg+w3B5AM+fkRZcmd8OzQq+t74ZXnbqqUGYRxyCyJZBIh0gFkEIOH9o +wZ/wgO3kLJD4uQnKTvjfs9IvWhCvVQDlCM7hsEqEvs4A8D4gnA0DhFXeNO0TCRV7 +ng2S9XwEDlKS/9+mtnry0GkCgYAweWJU52HIZWEw+AzF2ZfMPDt6YxH1Tn5Ici/k +pzM9ocX543n7m7oujdmAIgrDa6zGJDqnaW1VYXVqnyoi/AkUGaVxBkpA3Jk14pjv +g+fLB7YFc73TkujKEPEVcaAssHaFAtBlqFusmnTWV3iwNciZ2mQcq/GMJhNmv5rc +VTge0wKBgQD2abpREDn7GCEwDrE5y/47Hcx/Godd0dkaYt/fZyokypspQS+nFyjp +BkUR7C7slMR4iO7uXWCQO8fw81TvE6ZX5MuAdpmbavORWNhQSfijTyhV4+WvE0E2 +KBN8G0ctKOZ3e5RpYIuzYRSzMaj38vAFVtVdiPDpjyiSzbXkjqm+Hw== +-----END RSA PRIVATE KEY----- diff --git a/test/ssl/vectors/certs/server-cert.pem b/test/ssl/vectors/certs/server-cert.pem new file mode 100644 index 000000000..4058c2db1 --- /dev/null +++ b/test/ssl/vectors/certs/server-cert.pem @@ -0,0 +1,185 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Validity + Not Before: Nov 13 20:41:13 2025 GMT + Not After : Aug 9 20:41:13 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:3F:29:11:20:57:71:E7:8E:F9:18:0D:CA:70:4D:5B:15:2A:43:D6:24 + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Alternative Name: + DNS:example.com, IP Address:127.0.0.1 + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + bb:de:9b:8d:eb:6b:17:42:a4:de:1f:9d:61:80:80:7d:f3:3a: + 5e:c1:b9:a2:b4:0d:28:5a:92:4e:d6:02:47:2f:99:1a:43:fa: + a4:8b:d8:56:45:22:c3:bb:f3:7d:d4:07:db:9b:99:0b:01:35: + 04:d3:13:d9:ad:6e:88:b9:89:db:35:ed:e4:bf:12:6e:66:bd: + c2:a6:8f:0a:95:8d:f7:6e:6e:4c:ff:fc:d0:b4:d7:ee:c9:5f: + c3:44:ef:2a:9b:6f:fa:69:fe:2e:d6:10:64:da:9f:9b:33:f0: + 5f:49:e3:6f:e1:9e:d5:f7:4a:2a:1d:4c:c8:d0:82:d0:c7:a6: + 54:c0:57:f1:a8:e8:d2:24:c9:59:7d:dc:3c:21:cf:2d:ff:36: + 5d:14:ed:3c:4b:74:53:f6:3a:25:2f:42:9d:76:fb:dc:60:2c: + 28:eb:2d:c5:35:65:b5:bc:f1:dc:70:5d:fd:76:ce:8c:b6:da: + bb:de:d7:b1:ff:f0:56:db:1f:7b:41:e8:6f:3c:4b:92:4d:ed: + 2f:23:46:91:aa:7c:73:98:c1:bf:28:6e:7f:50:30:e8:b5:51: + 3c:ac:ce:b4:b4:c8:83:36:b7:40:6f:68:d0:8f:12:63:93:d5: + a4:42:b9:c5:c6:93:55:33:ed:84:c1:fc:19:ad:70:98:15:68: + 03:9e:65:c9 +-----BEGIN CERTIFICATE----- +MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh +d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjUxMTEz +MjA0MTEzWhcNMjgwODA5MjA0MTEzWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO +BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn +f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X +GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM +QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq +0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ +6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOCAUUwggFBMB0GA1UdDgQW +BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t +M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh +bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL +DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG +9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFD8pESBXceeO+RgNynBNWxUqQ9YkMAwG +A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQC73puN +62sXQqTeH51hgIB98zpewbmitA0oWpJO1gJHL5kaQ/qki9hWRSLDu/N91Afbm5kL +ATUE0xPZrW6IuYnbNe3kvxJuZr3Cpo8KlY33bm5M//zQtNfuyV/DRO8qm2/6af4u +1hBk2p+bM/BfSeNv4Z7V90oqHUzI0ILQx6ZUwFfxqOjSJMlZfdw8Ic8t/zZdFO08 +S3RT9jolL0KddvvcYCwo6y3FNWW1vPHccF39ds6Mttq73tex//BW2x97QehvPEuS +Te0vI0aRqnxzmMG/KG5/UDDotVE8rM60tMiDNrdAb2jQjxJjk9WkQrnFxpNVM+2E +wfwZrXCYFWgDnmXJ +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3f:29:11:20:57:71:e7:8e:f9:18:0d:ca:70:4d:5b:15:2a:43:d6:24 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Validity + Not Before: Nov 13 20:41:11 2025 GMT + Not After : Aug 9 20:41:11 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: + f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: + de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: + 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: + 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: + 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: + a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: + a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: + 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: + 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: + 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: + 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: + de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: + cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: + b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: + 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: + ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: + 36:79 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:3F:29:11:20:57:71:E7:8E:F9:18:0D:CA:70:4D:5B:15:2A:43:D6:24 + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Alternative Name: + DNS:example.com, IP Address:127.0.0.1 + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 0f:ae:89:d5:68:e4:41:f8:9b:e0:c5:61:06:57:ff:a0:92:0f: + b2:ed:d3:99:5b:99:5e:32:7e:97:c7:af:6c:fe:8c:a6:ae:32: + a1:0d:ca:cd:fc:18:e5:d1:f8:20:5b:5a:38:81:46:5b:48:87: + a5:3f:3b:7b:c7:ea:f5:35:29:31:15:39:38:5d:48:e6:01:81: + 5c:5e:7c:10:f5:16:e3:59:af:44:c8:b5:8d:c1:32:23:b3:b8: + 12:6e:5c:8d:e6:c2:d2:41:03:eb:17:42:e2:7f:bc:00:5d:a5: + 31:ef:c6:48:ee:db:cc:e0:f1:56:f5:d4:ca:45:a1:59:b5:e4: + d7:60:9c:57:e0:a7:5a:f2:35:1e:a0:22:db:5e:1c:0c:61:bd: + a1:c5:7b:9f:69:f2:d5:95:e2:bc:52:b9:1d:9c:2c:da:b6:73: + 75:4a:84:e5:94:b8:19:4d:dd:70:bd:7f:4c:b9:17:6a:58:16: + 89:22:44:37:57:55:26:42:e3:b7:e5:c7:2b:40:0c:e9:e4:7f: + 52:75:df:06:c9:fb:01:44:34:ac:20:3c:b4:be:2b:3e:ef:85: + 38:96:5b:9b:1e:25:86:18:4c:a4:06:70:06:6a:c8:4b:6f:5f: + c4:05:1f:03:62:30:11:61:bc:c1:40:31:66:dc:64:f0:4f:6b: + b9:ec:c8:29 +-----BEGIN CERTIFICATE----- +MIIE/zCCA+egAwIBAgIUPykRIFdx5475GA3KcE1bFSpD1iQwDQYJKoZIhvcNAQEL +BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC +b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY +MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv +bGZzc2wuY29tMB4XDTI1MTExMzIwNDExMVoXDTI4MDgwOTIwNDExMVowgZQxCzAJ +BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw +DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP +d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRCW804H0ry +TXUQ8bY1n9/KfQOY06zeA2buKvHYsH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQ +u2lSEAMvqPOVxfGLYlYb72dvpBBBla0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkc +rMft8nyVsJWCfUlcOM13Je+9gHVTlDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfa +QG/YIdxzG0ItU5z+Gvx9q3o2P5jehHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+j +JtK3b7FaF9c4mQj+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02 +eQIDAQABo4IBRTCCAUEwHQYDVR0OBBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHU +BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU +PykRIFdx5475GA3KcE1bFSpD1iQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl +eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw +DQYJKoZIhvcNAQELBQADggEBAA+uidVo5EH4m+DFYQZX/6CSD7Lt05lbmV4yfpfH +r2z+jKauMqENys38GOXR+CBbWjiBRltIh6U/O3vH6vU1KTEVOThdSOYBgVxefBD1 +FuNZr0TItY3BMiOzuBJuXI3mwtJBA+sXQuJ/vABdpTHvxkju28zg8Vb11MpFoVm1 +5NdgnFfgp1ryNR6gItteHAxhvaHFe59p8tWV4rxSuR2cLNq2c3VKhOWUuBlN3XC9 +f0y5F2pYFokiRDdXVSZC47flxytADOnkf1J13wbJ+wFENKwgPLS+Kz7vhTiWW5se +JYYYTKQGcAZqyEtvX8QFHwNiMBFhvMFAMWbcZPBPa7nsyCk= +-----END CERTIFICATE----- diff --git a/test/ssl/vectors/certs/server-ecc-rsa.pem b/test/ssl/vectors/certs/server-ecc-rsa.pem new file mode 100644 index 000000000..900c634d0 --- /dev/null +++ b/test/ssl/vectors/certs/server-ecc-rsa.pem @@ -0,0 +1,76 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Validity + Not Before: Nov 13 20:41:14 2025 GMT + Not After : Aug 9 20:41:14 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Elliptic - RSAsig, OU=ECC-RSAsig, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de: + 9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c: + 16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92: + 21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33: + 0b:80:34:89:d8 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Subject Key Identifier: + 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:3F:29:11:20:57:71:E7:8E:F9:18:0D:CA:70:4D:5B:15:2A:43:D6:24 + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Alternative Name: + DNS:example.com, IP Address:127.0.0.1 + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 01:53:08:5b:e2:1a:b9:c6:e3:a8:2b:51:19:de:1b:12:c0:d0: + b0:b7:ce:ad:27:5c:c7:b6:93:c4:84:84:19:6e:e4:28:8f:43: + 36:79:28:fd:c5:fb:52:24:5a:85:7b:3e:a9:1f:8f:2b:d2:ac: + f4:4e:cc:68:86:bb:01:ce:83:b5:cd:32:6b:32:a8:ca:9e:79: + 95:57:2b:1d:7d:0d:70:63:7f:4f:a7:f3:08:4c:71:00:fe:36: + 51:e8:29:46:2c:91:23:42:e1:47:d8:ac:52:92:09:d3:02:ad: + c2:1c:c2:ca:cc:df:79:cf:1d:da:1d:cb:6c:d2:b8:a3:34:a2: + c1:11:17:c9:5b:4b:8b:76:4a:d1:d6:06:46:ca:9c:0d:5b:c2: + 5d:6e:5b:e6:00:6d:e2:3b:3f:03:d6:a0:3e:cf:31:c8:19:0d: + 85:1f:6a:5f:76:80:d4:8c:26:73:d0:27:06:cb:49:49:62:b9: + 7f:6e:77:56:c4:68:5b:64:11:68:f4:37:9c:82:b2:c8:4f:b2: + 20:8a:6f:49:b1:4e:54:e0:f2:83:97:1d:55:c0:4d:a9:84:48: + 70:61:33:bd:ca:1c:f5:d0:a8:24:b6:f7:36:35:b1:4c:7c:e5: + 3b:52:32:cb:9f:32:e2:a1:12:30:43:60:1f:97:b0:6e:07:6a: + 94:72:f5:61 +-----BEGIN CERTIFICATE----- +MIIEKjCCAxKgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh +d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjUxMTEz +MjA0MTE0WhcNMjgwODA5MjA0MTE0WjCBnTELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xGjAYBgNVBAoMEUVsbGlwdGljIC0g +UlNBc2lnMRMwEQYDVQQLDApFQ0MtUlNBc2lnMRgwFgYDVQQDDA93d3cud29sZnNz +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wWTATBgcqhkjO +PQIBBggqhkjOPQMBBwNCAAS7M6xMJ1BKxkqlBMM83p8223ItzpTqK/rLIAk5LBbo +YQLpr03TApOaMVuXkiF/8M8Y2pERAjSG6CBYMwuANInYo4IBRTCCAUEwHQYDVR0O +BBYEFF1dJu+sfjb5m3YVK0olAiPvsokwMIHUBgNVHSMEgcwwgcmAFCeOZxF0wyYd +P+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9u +dGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8GA1UECgwIU2F3dG9vdGgxEzARBgNV +BAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIUPykRIFdx5475GA3KcE1bFSpD1iQw +DAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtleGFtcGxlLmNvbYcEfwAAATAdBgNV +HSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAAFT +CFviGrnG46grURneGxLA0LC3zq0nXMe2k8SEhBlu5CiPQzZ5KP3F+1IkWoV7Pqkf +jyvSrPROzGiGuwHOg7XNMmsyqMqeeZVXKx19DXBjf0+n8whMcQD+NlHoKUYskSNC +4UfYrFKSCdMCrcIcwsrM33nPHdody2zSuKM0osERF8lbS4t2StHWBkbKnA1bwl1u +W+YAbeI7PwPWoD7PMcgZDYUfal92gNSMJnPQJwbLSUliuX9ud1bEaFtkEWj0N5yC +sshPsiCKb0mxTlTg8oOXHVXATamESHBhM73KHPXQqCS29zY1sUx85TtSMsufMuKh +EjBDYB+XsG4HapRy9WE= +-----END CERTIFICATE----- diff --git a/test/ssl/vectors/certs/server-ecc.pem b/test/ssl/vectors/certs/server-ecc.pem new file mode 100644 index 000000000..49d54fd08 --- /dev/null +++ b/test/ssl/vectors/certs/server-ecc.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Validity + Not Before: Nov 13 20:41:15 2025 GMT + Not After : Aug 9 20:41:15 2028 GMT + Subject: C=US, ST=Washington, L=Seattle, O=Elliptic, OU=ECC, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de: + 9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c: + 16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92: + 21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33: + 0b:80:34:89:d8 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Subject Key Identifier: + 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 + X509v3 Authority Key Identifier: + 56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21 + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Key Agreement + X509v3 Extended Key Usage: + TLS Web Server Authentication + Netscape Cert Type: + SSL Server + Signature Algorithm: ecdsa-with-SHA256 + Signature Value: + 30:46:02:21:00:f8:2f:f4:39:99:19:97:11:37:9f:d8:d7:7f: + 04:a6:ca:74:59:9a:fe:30:5b:4d:e5:31:06:55:9c:e8:f6:b4: + 71:02:21:00:a1:52:c9:72:89:c6:4f:22:e7:bf:97:68:dc:ff: + 7d:97:15:05:9d:d8:56:29:f5:df:de:a7:2d:90:d1:c5:27:30 +-----BEGIN CERTIFICATE----- +MIICozCCAkigAwIBAgIBAzAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzAR +BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dv +bGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNz +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjUxMTEz +MjA0MTE1WhcNMjgwODA5MjA0MTE1WjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM +Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlwdGlj +MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eS +IX/wzxjakRECNIboIFgzC4A0idijgYkwgYYwHQYDVR0OBBYEFF1dJu+sfjb5m3YV +K0olAiPvsokwMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD86UhMAwGA1Ud +EwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEG +CWCGSAGG+EIBAQQEAwIGQDAKBggqhkjOPQQDAgNJADBGAiEA+C/0OZkZlxE3n9jX +fwSmynRZmv4wW03lMQZVnOj2tHECIQChUslyicZPIue/l2jc/32XFQWd2FYp9d/e +py2Q0cUnMA== +-----END CERTIFICATE----- diff --git a/test/ssl/vectors/certs/server-ecc384-cert.pem b/test/ssl/vectors/certs/server-ecc384-cert.pem new file mode 100644 index 000000000..10dd806a8 --- /dev/null +++ b/test/ssl/vectors/certs/server-ecc384-cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDoDCCAyagAwIBAgICEAEwCgYIKoZIzj0EAwMwgZcxCzAJBgNVBAYTAlVTMRMw +EQYDVQQIDApXYXNoaW5ndG9uMRAwDgYDVQQHDAdTZWF0dGxlMRAwDgYDVQQKDAd3 +b2xmU1NMMRQwEgYDVQQLDAtEZXZlbG9wbWVudDEYMBYGA1UEAwwPd3d3LndvbGZz +c2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMCAXDTI1MTEx +MzIwNDEwNloYDzIwNTUxMTA2MjA0MTA2WjCBljELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlw +dGljMRIwEAYDVQQLDAlFQ0MzODRTcnYxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNv +bTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTB2MBAGByqGSM49AgEG +BSuBBAAiA2IABOrPk08sCbs5FA9WZMNAtN8OY67lcUsAzASX/+HpOJa7X5Gyasy1 +OV+PcFnxAfZaKwFsaAvPVSWvbZhICqh0yakXoAzD+9MjaP4EPGNQiDu5T3xnNPc7 +qXPnG8NRXiIY7KOCAUAwggE8MAkGA1UdEwQCMAAwEQYJYIZIAYb4QgEBBAQDAgZA +MB0GA1UdDgQWBBSCO/JlL/O0AMa8Bv15QnVLZdHOvDCB1wYDVR0jBIHPMIHMgBSr +4MMmTBjUcrvShIycCgWSgBJTUqGBnaSBmjCBlzELMAkGA1UEBhMCVVMxEzARBgNV +BAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dvbGZT +U0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNzbC5j +b20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFCneXF5mcNk0Pu0y +084/37VrndgZMA4GA1UdDwEB/wQEAwIDqDATBgNVHSUEDDAKBggrBgEFBQcDATAK +BggqhkjOPQQDAwNoADBlAjAkCetD06AxczyUg24KVWTlZ6lBSjcRwkILppSJplIb +PNMFg8uV8W0VjSu9C+h9kH0CMQCYp6dbhcYS/JJPGwV0STPLoy4LE8b4wAnREK8E +TxXuxtiKg8yN3FLlu774DXJSjiM= +-----END CERTIFICATE----- diff --git a/test/ssl/vectors/certs/server-ecc384-key.pem b/test/ssl/vectors/certs/server-ecc384-key.pem new file mode 100644 index 000000000..5d3d61d0c --- /dev/null +++ b/test/ssl/vectors/certs/server-ecc384-key.pem @@ -0,0 +1,6 @@ +-----BEGIN PRIVATE KEY----- +MIG2AgEAMBAGByqGSM49AgEGBSuBBAAiBIGeMIGbAgEBBDCk5QboBhY+q4n4YEPA +YCXbunv+GTUIVWV24tzgAYtraN/Pb4ASznk36yuce8RoHHShZANiAATqz5NPLAm7 +ORQPVmTDQLTfDmOu5XFLAMwEl//h6TiWu1+RsmrMtTlfj3BZ8QH2WisBbGgLz1Ul +r22YSAqodMmpF6AMw/vTI2j+BDxjUIg7uU98ZzT3O6lz5xvDUV4iGOw= +-----END PRIVATE KEY----- diff --git a/test/ssl/vectors/certs/server-key.pem b/test/ssl/vectors/certs/server-key.pem new file mode 100644 index 000000000..d1627f4d4 --- /dev/null +++ b/test/ssl/vectors/certs/server-key.pem @@ -0,0 +1,27 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIEpQIBAAKCAQEAwJUI4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7 +qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lf +P9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDj +xsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlk +wyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlC +Qgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t1wIDAQABAoIBAQCa0DQPUmIFUAHv +n+1kbsLE2hryhNeSEEiSxOlq64t1bMZ5OPLJckqGZFSVd8vDmp231B2kAMieTuTd +x7pnFsF0vKnWlI8rMBr77d8hBSPZSjm9mGtlmrjcxH3upkMVLj2+HSJgKnMw1T7Y +oqyGQy7E9WReP4l1DxHYUSVOn9iqo85gs+KK2X4b8GTKmlsFC1uqy+XjP24yIgXz +0PrvdFKB4l90073/MYNFdfpjepcu1rYZxpIm5CgGUFAOeC6peA0Ul7QS2DFAq6EB +QcIw+AdfFuRhd9Jg8p+N6PS662PeKpeB70xs5lU0USsoNPRTHMRYCj+7r7X3SoVD +LTzxWFiBAoGBAPIsVHY5I2PJEDK3k62vvhl1loFk5rW4iUJB0W3QHBv4G6xpyzY8 +ZH3c9Bm4w2CxV0hfUk9ZOlV/MsAZQ1A/rs5vF/MOn0DKTq0VO8l56cBZOHNwnAp8 +yTpIMqfYSXUKhcLC/RVz2pkJKmmanwpxv7AEpox6Wm9IWlQ7xrFTF9/nAoGBAMuT +3ncVXbdcXHzYkKmYLdZpDmOzo9ymzItqpKISjI57SCyySzfcBhh96v52odSh6T8N +zRtfr1+elltbD6F8r7ObkNtXczrtsCNErkFPHwdCEyNMy/r0FKTV9542fFufqDzB +hV900jkt/9CE3/uzIHoumxeu5roLrl9TpFLtG8SRAoGBAOyY2rvV/vlSSn0CVUlv +VW5SL4SjK7OGYrNU0mNS2uOIdqDvixWl0xgUcndex6MEH54ZYrUbG57D8rUy+UzB +qusMJn3UX0pRXKRFBnBEp1bA1CIUdp7YY1CJkNPiv4GVkjFBhzkaQwsYpVMfORpf +H0O8h2rfbtMiAP4imHBOGhkpAoGBAIpBVihRnl/Ungs7mKNU8mxW1KrpaTOFJAza +1AwtxL9PAmk4fNTm3Ezt1xYRwz4A58MmwFEC3rt1nG9WnHrzju/PisUr0toGakTJ +c/5umYf4W77xfOZltU9s8MnF/xbKixsX4lg9ojerAby/QM5TjI7t7+5ZneBj5nxe +9Y5L8TvBAoGATUX5QIzFW/QqGoq08hysa+kMVja3TnKW1eWK0uL/8fEYEz2GCbjY +dqfJHHFSlDBD4PF4dP1hG0wJzOZoKnGtHN9DvFbbpaS+NXCkXs9P/ABVmTo9I89n +WvUi+LUp0EQR6zUuRr79jhiyX6i/GTKh9dwD5nyaHwx8qbAOITc78bA= +-----END RSA PRIVATE KEY----- diff --git a/test/ssl/vectors/certs/test/server-cert-ecc-badsig.pem b/test/ssl/vectors/certs/test/server-cert-ecc-badsig.pem new file mode 100644 index 000000000..a4f9800b7 --- /dev/null +++ b/test/ssl/vectors/certs/test/server-cert-ecc-badsig.pem @@ -0,0 +1,57 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 3 (0x3) + Signature Algorithm: ecdsa-with-SHA256 + Issuer: C=US, ST=Washington, L=Seattle, O=wolfSSL, OU=Development, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Validity + Not Before: Nov 13 20:41:15 2025 GMT + Not After : Aug 9 20:41:15 2028 GMT + Subject: C=US, ST=Washington, L=Seattle, O=Elliptic, OU=ECC, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: id-ecPublicKey + Public-Key: (256 bit) + pub: + 04:bb:33:ac:4c:27:50:4a:c6:4a:a5:04:c3:3c:de: + 9f:36:db:72:2d:ce:94:ea:2b:fa:cb:20:09:39:2c: + 16:e8:61:02:e9:af:4d:d3:02:93:9a:31:5b:97:92: + 21:7f:f0:cf:18:da:91:11:02:34:86:e8:20:58:33: + 0b:80:34:89:d8 + ASN1 OID: prime256v1 + NIST CURVE: P-256 + X509v3 extensions: + X509v3 Subject Key Identifier: + 5D:5D:26:EF:AC:7E:36:F9:9B:76:15:2B:4A:25:02:23:EF:B2:89:30 + X509v3 Authority Key Identifier: + 56:8E:9A:C3:F0:42:DE:18:B9:45:55:6E:F9:93:CF:EA:C3:F3:A5:21 + X509v3 Basic Constraints: critical + CA:FALSE + X509v3 Key Usage: critical + Digital Signature, Key Encipherment, Key Agreement + X509v3 Extended Key Usage: + TLS Web Server Authentication + Netscape Cert Type: + SSL Server + Signature Algorithm: ecdsa-with-SHA256 + Signature Value: + 30:46:02:21:00:f8:2f:f4:39:99:19:97:11:37:9f:d8:d7:7f: + 04:a6:ca:74:59:9a:fe:30:5b:4d:e5:31:06:55:9c:e8:f6:b4: + 71:02:21:00:a1:52:c9:72:89:c6:4f:22:e7:bf:97:68:dc:ff: + 7d:97:15:05:9d:d8:56:29:f5:df:de:a7:2d:90:d1:c5:27:30 +-----BEGIN CERTIFICATE----- +MIICozCCAkigAwIBAgIBAzAKBggqhkjOPQQDAjCBlzELMAkGA1UEBhMCVVMxEzAR +BgNVBAgMCldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxEDAOBgNVBAoMB3dv +bGZTU0wxFDASBgNVBAsMC0RldmVsb3BtZW50MRgwFgYDVQQDDA93d3cud29sZnNz +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjUxMTEz +MjA0MTE1WhcNMjgwODA5MjA0MTE1WjCBkDELMAkGA1UEBhMCVVMxEzARBgNVBAgM +Cldhc2hpbmd0b24xEDAOBgNVBAcMB1NlYXR0bGUxETAPBgNVBAoMCEVsbGlwdGlj +MQwwCgYDVQQLDANFQ0MxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTBZMBMGByqGSM49AgEGCCqGSM49AwEH +A0IABLszrEwnUErGSqUEwzzenzbbci3OlOor+ssgCTksFuhhAumvTdMCk5oxW5eS +IX/wzxjakRECNIboIFgzC4A0idijgYkwgYYwHQYDVR0OBBYEFF1dJu+sfjb5m3YV +K0olAiPvsokwMB8GA1UdIwQYMBaAFFaOmsPwQt4YuUVVbvmTz+rD86UhMAwGA1Ud +EwEB/wQCMAAwDgYDVR0PAQH/BAQDAgOoMBMGA1UdJQQMMAoGCCsGAQUFBwMBMBEG +CWCGSAGG+EIBAQQEAwIGQDAKBggqhkjOPQQDAgNJADBGAiEA+C/0OZkZlxE3n9jX +fwSmynRZmv4wW03lMQZVnOj2tHECIQChUslyicZPIue/l2jc/32XFQWd2FYp9d/e +py2Q0cUnxA== +-----END CERTIFICATE----- diff --git a/test/ssl/vectors/certs/test/server-cert-rsa-badsig.pem b/test/ssl/vectors/certs/test/server-cert-rsa-badsig.pem new file mode 100644 index 000000000..a87fb3a5c --- /dev/null +++ b/test/ssl/vectors/certs/test/server-cert-rsa-badsig.pem @@ -0,0 +1,185 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: 1 (0x1) + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Validity + Not Before: Nov 13 20:41:13 2025 GMT + Not After : Aug 9 20:41:13 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=wolfSSL, OU=Support, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:3F:29:11:20:57:71:E7:8E:F9:18:0D:CA:70:4D:5B:15:2A:43:D6:24 + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Alternative Name: + DNS:example.com, IP Address:127.0.0.1 + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + bb:de:9b:8d:eb:6b:17:42:a4:de:1f:9d:61:80:80:7d:f3:3a: + 5e:c1:b9:a2:b4:0d:28:5a:92:4e:d6:02:47:2f:99:1a:43:fa: + a4:8b:d8:56:45:22:c3:bb:f3:7d:d4:07:db:9b:99:0b:01:35: + 04:d3:13:d9:ad:6e:88:b9:89:db:35:ed:e4:bf:12:6e:66:bd: + c2:a6:8f:0a:95:8d:f7:6e:6e:4c:ff:fc:d0:b4:d7:ee:c9:5f: + c3:44:ef:2a:9b:6f:fa:69:fe:2e:d6:10:64:da:9f:9b:33:f0: + 5f:49:e3:6f:e1:9e:d5:f7:4a:2a:1d:4c:c8:d0:82:d0:c7:a6: + 54:c0:57:f1:a8:e8:d2:24:c9:59:7d:dc:3c:21:cf:2d:ff:36: + 5d:14:ed:3c:4b:74:53:f6:3a:25:2f:42:9d:76:fb:dc:60:2c: + 28:eb:2d:c5:35:65:b5:bc:f1:dc:70:5d:fd:76:ce:8c:b6:da: + bb:de:d7:b1:ff:f0:56:db:1f:7b:41:e8:6f:3c:4b:92:4d:ed: + 2f:23:46:91:aa:7c:73:98:c1:bf:28:6e:7f:50:30:e8:b5:51: + 3c:ac:ce:b4:b4:c8:83:36:b7:40:6f:68:d0:8f:12:63:93:d5: + a4:42:b9:c5:c6:93:55:33:ed:84:c1:fc:19:ad:70:98:15:68: + 03:9e:65:c9 +-----BEGIN CERTIFICATE----- +MIIE6DCCA9CgAwIBAgIBATANBgkqhkiG9w0BAQsFADCBlDELMAkGA1UEBhMCVVMx +EDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNh +d3Rvb3RoMRMwEQYDVQQLDApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNz +bC5jb20xHzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjUxMTEz +MjA0MTEzWhcNMjgwODA5MjA0MTEzWjCBkDELMAkGA1UEBhMCVVMxEDAOBgNVBAgM +B01vbnRhbmExEDAOBgNVBAcMB0JvemVtYW4xEDAOBgNVBAoMB3dvbGZTU0wxEDAO +BgNVBAsMB1N1cHBvcnQxGDAWBgNVBAMMD3d3dy53b2xmc3NsLmNvbTEfMB0GCSqG +SIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXGRa7yvCQwuJXOL07W9hyIvHyf+6hn +f/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpde7rgIeVyLm8uhtiVc9qsG1O5Xz/X +GQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/C1loeHOmjBipAm2vwxkBLrgQ48bM +QLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEMvVSz4W1fHLwjc9EJA4kU0hC5ZMMq +0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3uhPSl3PiXSXJag3DOWCktLBpQkIJ +6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcCAwEAAaOCAUUwggFBMB0GA1UdDgQW +BBSzETLJkpiE4sn40DtuA0LKHw6OPDCB1AYDVR0jBIHMMIHJgBQnjmcRdMMmHT/t +M2OzpNgdMOXo1aGBmqSBlzCBlDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh +bmExEDAOBgNVBAcMB0JvemVtYW4xETAPBgNVBAoMCFNhd3Rvb3RoMRMwEQYDVQQL +DApDb25zdWx0aW5nMRgwFgYDVQQDDA93d3cud29sZnNzbC5jb20xHzAdBgkqhkiG +9w0BCQEWEGluZm9Ad29sZnNzbC5jb22CFD8pESBXceeO+RgNynBNWxUqQ9YkMAwG +A1UdEwQFMAMBAf8wHAYDVR0RBBUwE4ILZXhhbXBsZS5jb22HBH8AAAEwHQYDVR0l +BBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IBAQC73puN +62sXQqTeH51hgIB98zpewbmitA0oWpJO1gJHL5kaQ/qki9hWRSLDu/N91Afbm5kL +ATUE0xPZrW6IuYnbNe3kvxJuZr3Cpo8KlY33bm5M//zQtNfuyV/DRO8qm2/6af4u +1hBk2p+bM/BfSeNv4Z7V90oqHUzI0ILQx6ZUwFfxqOjSJMlZfdw8Ic8t/zZdFO08 +S3RT9jolL0KddvvcYCwo6y3FNWW1vPHccF39ds6Mttq73tex//BW2x97QehvPEuS +Te0vI0aRqnxzmMG/KG5/UDDotVE8rM60tMiDNrdAb2jQjxJjk9WkQrnFxpNVM+2E +wfwZrXCYFWgDnmXJ +-----END CERTIFICATE----- +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 3f:29:11:20:57:71:e7:8e:f9:18:0d:ca:70:4d:5b:15:2a:43:d6:24 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Validity + Not Before: Nov 13 20:41:11 2025 GMT + Not After : Aug 9 20:41:11 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, O=Sawtooth, OU=Consulting, CN=www.wolfssl.com, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:bf:0c:ca:2d:14:b2:1e:84:42:5b:cd:38:1f:4a: + f2:4d:75:10:f1:b6:35:9f:df:ca:7d:03:98:d3:ac: + de:03:66:ee:2a:f1:d8:b0:7d:6e:07:54:0b:10:98: + 21:4d:80:cb:12:20:e7:cc:4f:de:45:7d:c9:72:77: + 32:ea:ca:90:bb:69:52:10:03:2f:a8:f3:95:c5:f1: + 8b:62:56:1b:ef:67:6f:a4:10:41:95:ad:0a:9b:e3: + a5:c0:b0:d2:70:76:50:30:5b:a8:e8:08:2c:7c:ed: + a7:a2:7a:8d:38:29:1c:ac:c7:ed:f2:7c:95:b0:95: + 82:7d:49:5c:38:cd:77:25:ef:bd:80:75:53:94:3c: + 3d:ca:63:5b:9f:15:b5:d3:1d:13:2f:19:d1:3c:db: + 76:3a:cc:b8:7d:c9:e5:c2:d7:da:40:6f:d8:21:dc: + 73:1b:42:2d:53:9c:fe:1a:fc:7d:ab:7a:36:3f:98: + de:84:7c:05:67:ce:6a:14:38:87:a9:f1:8c:b5:68: + cb:68:7f:71:20:2b:f5:a0:63:f5:56:2f:a3:26:d2: + b7:6f:b1:5a:17:d7:38:99:08:fe:93:58:6f:fe:c3: + 13:49:08:16:0b:a7:4d:67:00:52:31:67:23:4e:98: + ed:51:45:1d:b9:04:d9:0b:ec:d8:28:b3:4b:bd:ed: + 36:79 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + 27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + X509v3 Authority Key Identifier: + keyid:27:8E:67:11:74:C3:26:1D:3F:ED:33:63:B3:A4:D8:1D:30:E5:E8:D5 + DirName:/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/CN=www.wolfssl.com/emailAddress=info@wolfssl.com + serial:3F:29:11:20:57:71:E7:8E:F9:18:0D:CA:70:4D:5B:15:2A:43:D6:24 + X509v3 Basic Constraints: + CA:TRUE + X509v3 Subject Alternative Name: + DNS:example.com, IP Address:127.0.0.1 + X509v3 Extended Key Usage: + TLS Web Server Authentication, TLS Web Client Authentication + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 0f:ae:89:d5:68:e4:41:f8:9b:e0:c5:61:06:57:ff:a0:92:0f: + b2:ed:d3:99:5b:99:5e:32:7e:97:c7:af:6c:fe:8c:a6:ae:32: + a1:0d:ca:cd:fc:18:e5:d1:f8:20:5b:5a:38:81:46:5b:48:87: + a5:3f:3b:7b:c7:ea:f5:35:29:31:15:39:38:5d:48:e6:01:81: + 5c:5e:7c:10:f5:16:e3:59:af:44:c8:b5:8d:c1:32:23:b3:b8: + 12:6e:5c:8d:e6:c2:d2:41:03:eb:17:42:e2:7f:bc:00:5d:a5: + 31:ef:c6:48:ee:db:cc:e0:f1:56:f5:d4:ca:45:a1:59:b5:e4: + d7:60:9c:57:e0:a7:5a:f2:35:1e:a0:22:db:5e:1c:0c:61:bd: + a1:c5:7b:9f:69:f2:d5:95:e2:bc:52:b9:1d:9c:2c:da:b6:73: + 75:4a:84:e5:94:b8:19:4d:dd:70:bd:7f:4c:b9:17:6a:58:16: + 89:22:44:37:57:55:26:42:e3:b7:e5:c7:2b:40:0c:e9:e4:7f: + 52:75:df:06:c9:fb:01:44:34:ac:20:3c:b4:be:2b:3e:ef:85: + 38:96:5b:9b:1e:25:86:18:4c:a4:06:70:06:6a:c8:4b:6f:5f: + c4:05:1f:03:62:30:11:61:bc:c1:40:31:66:dc:64:f0:4f:6b: + b9:ec:c8:29 +-----BEGIN CERTIFICATE----- +MIIE/zCCA+egAwIBAgIUPykRIFdx5475GA3KcE1bFSpD1iQwDQYJKoZIhvcNAQEL +BQAwgZQxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC +b3plbWFuMREwDwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEY +MBYGA1UEAwwPd3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdv +bGZzc2wuY29tMB4XDTI1MTExMzIwNDExMVoXDTI4MDgwOTIwNDExMVowgZQxCzAJ +BgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMREw +DwYDVQQKDAhTYXd0b290aDETMBEGA1UECwwKQ29uc3VsdGluZzEYMBYGA1UEAwwP +d3d3LndvbGZzc2wuY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvwzKLRSyHoRCW804H0ry +TXUQ8bY1n9/KfQOY06zeA2buKvHYsH1uB1QLEJghTYDLEiDnzE/eRX3Jcncy6sqQ +u2lSEAMvqPOVxfGLYlYb72dvpBBBla0Km+OlwLDScHZQMFuo6AgsfO2nonqNOCkc +rMft8nyVsJWCfUlcOM13Je+9gHVTlDw9ymNbnxW10x0TLxnRPNt2Osy4fcnlwtfa +QG/YIdxzG0ItU5z+Gvx9q3o2P5jehHwFZ85qFDiHqfGMtWjLaH9xICv1oGP1Vi+j +JtK3b7FaF9c4mQj+k1hv/sMTSQgWC6dNZwBSMWcjTpjtUUUduQTZC+zYKLNLve02 +eQIDAQABo4IBRTCCAUEwHQYDVR0OBBYEFCeOZxF0wyYdP+0zY7Ok2B0w5ejVMIHU +BgNVHSMEgcwwgcmAFCeOZxF0wyYdP+0zY7Ok2B0w5ejVoYGapIGXMIGUMQswCQYD +VQQGEwJVUzEQMA4GA1UECAwHTW9udGFuYTEQMA4GA1UEBwwHQm96ZW1hbjERMA8G +A1UECgwIU2F3dG9vdGgxEzARBgNVBAsMCkNvbnN1bHRpbmcxGDAWBgNVBAMMD3d3 +dy53b2xmc3NsLmNvbTEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbYIU +PykRIFdx5475GA3KcE1bFSpD1iQwDAYDVR0TBAUwAwEB/zAcBgNVHREEFTATggtl +eGFtcGxlLmNvbYcEfwAAATAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw +DQYJKoZIhvcNAQELBQADggEBAA+uidVo5EH4m+DFYQZX/6CSD7Lt05lbmV4yfpfH +r2z+jKauMqENys38GOXR+CBbWjiBRltIh6U/O3vH6vU1KTEVOThdSOYBgVxefBD1 +FuNZr0TItY3BMiOzuBJuXI3mwtJBA+sXQuJ/vABdpTHvxkju28zg8Vb11MpFoVm1 +5NdgnFfgp1ryNR6gItteHAxhvaHFe59p8tWV4rxSuR2cLNq2c3VKhOWUuBlN3XC9 +f0y5F2pYFokiRDdXVSZC47flxytADOnkf1J13wbJ+wFENKwgPLS+Kz7vhTiWW5se +JYYYTKQGcAZqyEtvX8QFHwNiMBFhvMFAMWbcZPBPa7nsxCk= +-----END CERTIFICATE----- diff --git a/test/ssl/vectors/certs/test/server-goodalt.pem b/test/ssl/vectors/certs/test/server-goodalt.pem new file mode 100644 index 000000000..078732c03 --- /dev/null +++ b/test/ssl/vectors/certs/test/server-goodalt.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 78:8e:15:da:c6:d8:82:d8:0f:65:96:64:60:9e:6d:90:71:da:cf:49 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com, emailAddress=info@wolfssl.com + Validity + Not Before: Nov 13 20:41:28 2025 GMT + Not After : Aug 9 20:41:28 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:localhost + X509v3 Subject Key Identifier: + B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 2c:6d:e6:50:9c:7c:79:c9:f0:d8:7b:0e:ca:9c:32:09:44:70: + b0:2b:07:05:02:3a:18:01:3a:ac:ad:53:4b:65:2f:1a:6f:c1: + 03:e5:86:3b:d8:a0:fe:d8:d8:89:88:3a:d6:e9:72:56:16:3b: + bd:d8:7e:2c:d6:ea:69:59:47:ad:cd:4a:12:42:25:65:10:eb: + 78:13:85:a2:65:d8:d7:c4:c3:71:80:74:c1:00:bd:b9:4e:be: + 2d:08:f3:a7:c4:43:6f:47:9c:c9:a6:7a:7b:38:4a:23:70:8b: + 61:4e:24:16:23:32:bf:d5:ba:1b:c0:7e:a6:eb:f4:01:f9:5f: + 60:ef:f0:42:fa:13:2d:17:ce:da:f5:da:6f:9c:b0:b6:80:0d: + da:03:3f:35:95:cd:83:22:11:65:dd:7a:03:68:42:ad:54:97: + 59:71:86:b5:74:88:99:74:1a:2f:28:46:ea:ff:8c:b9:d7:8e: + 4b:dc:15:75:33:f7:d6:cf:29:7e:20:7a:6a:d6:20:d9:14:85: + df:cb:9a:1b:3b:45:3d:86:85:b8:7e:cc:0c:43:94:88:87:44: + c7:8c:74:fe:d5:38:45:62:f7:89:78:2c:02:89:fa:3d:1a:1c: + d5:c8:2c:8a:88:df:27:03:25:4d:ce:26:be:d7:ed:7f:82:eb: + 0b:c4:04:34 +-----BEGIN CERTIFICATE----- +MIIDyzCCArOgAwIBAgIUeI4V2sbYgtgPZZZkYJ5tkHHaz0kwDQYJKoZIhvcNAQEL +BQAwgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC +b3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3Lm5vbWF0 +Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI1MTEx +MzIwNDEyOFoXDTI4MDgwOTIwNDEyOFowgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI +DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd3d3Lm5vbWF0Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI +4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7qGd//lycUXX3isoH5zUv +j+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+t +Q7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem +8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDB +Y3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE +4eZhg8XSlt/Z0E+t1wIDAQABozcwNTAUBgNVHREEDTALgglsb2NhbGhvc3QwHQYD +VR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MA0GCSqGSIb3DQEBCwUAA4IBAQAs +beZQnHx5yfDYew7KnDIJRHCwKwcFAjoYATqsrVNLZS8ab8ED5YY72KD+2NiJiDrW +6XJWFju92H4s1uppWUetzUoSQiVlEOt4E4WiZdjXxMNxgHTBAL25Tr4tCPOnxENv +R5zJpnp7OEojcIthTiQWIzK/1bobwH6m6/QB+V9g7/BC+hMtF87a9dpvnLC2gA3a +Az81lc2DIhFl3XoDaEKtVJdZcYa1dIiZdBovKEbq/4y5145L3BV1M/fWzyl+IHpq +1iDZFIXfy5obO0U9hoW4fswMQ5SIh0THjHT+1ThFYveJeCwCifo9GhzVyCyKiN8n +AyVNzia+1+1/gusLxAQ0 +-----END CERTIFICATE----- diff --git a/test/ssl/vectors/certs/test/server-goodaltwild.pem b/test/ssl/vectors/certs/test/server-goodaltwild.pem new file mode 100644 index 000000000..e5108ab55 --- /dev/null +++ b/test/ssl/vectors/certs/test/server-goodaltwild.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 77:f0:7a:e3:b9:07:5c:49:0d:05:03:01:ea:13:42:36:15:7f:24:f0 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com, emailAddress=info@wolfssl.com + Validity + Not Before: Nov 13 20:41:29 2025 GMT + Not After : Aug 9 20:41:29 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=www.nomatch.com, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:*localhost + X509v3 Subject Key Identifier: + B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 9a:1e:e4:0b:44:ea:1a:c9:4d:15:ca:f6:c2:2a:5d:1a:e9:64: + 15:1c:83:d4:ba:7e:40:0b:fe:25:60:dc:53:66:58:a8:77:37: + ab:c3:46:68:72:92:70:10:35:da:d2:f0:bb:74:bb:98:06:3b: + 1e:76:e7:36:d1:7d:4b:d0:4b:c9:73:8e:e6:f9:2c:f6:33:c1: + 39:f8:a1:85:95:9f:82:18:76:b8:f3:c9:85:5e:f0:ac:eb:5c: + aa:46:ab:04:06:49:8a:1c:1c:6d:ab:02:fc:58:85:39:34:97: + 2d:39:88:6d:f1:d1:c6:eb:fc:6e:f1:e7:47:4e:63:ad:8b:96: + a7:92:ce:64:d5:1a:70:ac:01:21:b2:41:10:cb:bf:bc:bb:5b: + c6:20:4b:db:28:40:78:93:a8:df:92:73:44:41:ab:2e:76:df: + 1e:2e:20:9f:82:24:79:3b:05:ce:3c:00:6c:bc:67:43:2e:fc: + 16:42:1a:b0:6f:2d:bf:55:61:32:4a:c1:64:a6:56:42:56:29: + 19:6b:12:cb:84:27:0e:5f:92:b4:e5:11:60:71:38:1b:45:4b: + eb:29:69:b7:44:0b:e9:79:cd:54:d8:32:d5:77:ed:53:21:c1: + 7e:1c:ec:04:fb:25:09:34:dc:a7:8b:9e:38:8b:b3:ff:95:5e: + 93:81:7c:72 +-----BEGIN CERTIFICATE----- +MIIDzDCCArSgAwIBAgIUd/B647kHXEkNBQMB6hNCNhV/JPAwDQYJKoZIhvcNAQEL +BQAwgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQIDAdNb250YW5hMRAwDgYDVQQHDAdC +b3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmluZzEYMBYGA1UEAwwPd3d3Lm5vbWF0 +Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI1MTEx +MzIwNDEyOVoXDTI4MDgwOTIwNDEyOVowgYIxCzAJBgNVBAYTAlVTMRAwDgYDVQQI +DAdNb250YW5hMRAwDgYDVQQHDAdCb3plbWFuMRQwEgYDVQQLDAtFbmdpbmVlcmlu +ZzEYMBYGA1UEAwwPd3d3Lm5vbWF0Y2guY29tMR8wHQYJKoZIhvcNAQkBFhBpbmZv +QHdvbGZzc2wuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI +4VdB8nFtt9JFQScBZcZFrvK8JDC4lc4vTtb2HIi8fJ/7qGd//lycUXX3isoH5zUv +j+G9e8AvfKtkqBf8yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+t +Q7ilHFw0s64AoGPF9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem +8+jdrXO8ey8htf1mUQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDB +Y3gPRDcwMpaAMiOVoXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE +4eZhg8XSlt/Z0E+t1wIDAQABozgwNjAVBgNVHREEDjAMggoqbG9jYWxob3N0MB0G +A1UdDgQWBBSzETLJkpiE4sn40DtuA0LKHw6OPDANBgkqhkiG9w0BAQsFAAOCAQEA +mh7kC0TqGslNFcr2wipdGulkFRyD1Lp+QAv+JWDcU2ZYqHc3q8NGaHKScBA12tLw +u3S7mAY7HnbnNtF9S9BLyXOO5vks9jPBOfihhZWfghh2uPPJhV7wrOtcqkarBAZJ +ihwcbasC/FiFOTSXLTmIbfHRxuv8bvHnR05jrYuWp5LOZNUacKwBIbJBEMu/vLtb +xiBL2yhAeJOo35JzREGrLnbfHi4gn4IkeTsFzjwAbLxnQy78FkIasG8tv1VhMkrB +ZKZWQlYpGWsSy4QnDl+StOURYHE4G0VL6ylpt0QL6XnNVNgy1XftUyHBfhzsBPsl +CTTcp4ueOIuz/5Vek4F8cg== +-----END CERTIFICATE----- diff --git a/test/ssl/vectors/certs/test/server-goodcn.pem b/test/ssl/vectors/certs/test/server-goodcn.pem new file mode 100644 index 000000000..7c8a0f52a --- /dev/null +++ b/test/ssl/vectors/certs/test/server-goodcn.pem @@ -0,0 +1,76 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 42:82:bd:f1:a2:49:28:42:27:94:65:7f:2a:e0:6a:3e:18:e4:6d:d1 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost, emailAddress=info@wolfssl.com + Validity + Not Before: Nov 13 20:41:27 2025 GMT + Not After : Aug 9 20:41:27 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + a1:03:8f:c0:51:fa:a2:7c:78:0a:af:68:e3:04:e5:0c:f4:af: + 02:64:62:e7:2b:8a:96:1d:2c:c3:1a:f1:11:6f:ad:f8:aa:4e: + 25:37:ac:e3:f6:93:24:6f:c9:65:6f:62:63:0c:9d:cd:16:19: + 4b:1a:a8:a2:32:65:fe:2a:87:08:85:a0:b5:fa:71:4d:60:91: + 39:e7:30:80:e8:75:17:bf:31:50:5b:be:b2:65:3d:5c:ce:39: + f5:ab:90:b1:38:85:74:53:70:f3:75:90:c1:a3:c3:8f:67:7d: + 05:25:5f:f6:04:3e:9a:18:15:29:7d:9f:90:75:1d:7b:c0:5b: + cb:48:21:c7:7c:1c:ec:12:82:08:19:15:bb:65:7a:40:e7:a9: + 4f:e7:84:b6:1b:2b:88:03:e2:23:ef:cf:77:59:95:fc:00:bb: + 09:41:b3:d1:77:fd:9d:fa:47:8b:23:22:dc:44:a8:b6:db:dc: + fa:1c:55:31:da:90:16:26:3d:89:34:21:5c:3e:b6:31:5d:d3: + 85:9d:c1:dd:ec:cb:0a:d9:2e:2e:6c:7f:e6:8d:09:c9:a9:c6: + a9:e6:10:e4:22:b3:90:4f:bb:10:5d:ef:c2:1b:8b:84:6b:4e: + 08:8d:17:e9:df:46:2c:21:ac:13:79:04:2e:6b:b7:d5:da:67: + e5:3d:93:15 +-----BEGIN CERTIFICATE----- +MIIDpzCCAo+gAwIBAgIUQoK98aJJKEInlGV/KuBqPhjkbdEwDQYJKoZIhvcNAQEL +BQAwfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv +emVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhvc3Qx +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjUxMTEzMjA0MTI3 +WhcNMjgwODA5MjA0MTI3WjB8MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFu +YTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEjAQBgNV +BAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXG +Ra7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpd +e7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/ +C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEM +vVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3 +uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcC +AwEAAaMhMB8wHQYDVR0OBBYEFLMRMsmSmITiyfjQO24DQsofDo48MA0GCSqGSIb3 +DQEBCwUAA4IBAQChA4/AUfqifHgKr2jjBOUM9K8CZGLnK4qWHSzDGvERb634qk4l +N6zj9pMkb8llb2JjDJ3NFhlLGqiiMmX+KocIhaC1+nFNYJE55zCA6HUXvzFQW76y +ZT1czjn1q5CxOIV0U3DzdZDBo8OPZ30FJV/2BD6aGBUpfZ+QdR17wFvLSCHHfBzs +EoIIGRW7ZXpA56lP54S2GyuIA+Ij7893WZX8ALsJQbPRd/2d+keLIyLcRKi229z6 +HFUx2pAWJj2JNCFcPrYxXdOFncHd7MsK2S4ubH/mjQnJqcap5hDkIrOQT7sQXe/C +G4uEa04IjRfp30YsIawTeQQua7fV2mflPZMV +-----END CERTIFICATE----- diff --git a/test/ssl/vectors/certs/test/server-goodcnwild.pem b/test/ssl/vectors/certs/test/server-goodcnwild.pem new file mode 100644 index 000000000..db0b94aa5 --- /dev/null +++ b/test/ssl/vectors/certs/test/server-goodcnwild.pem @@ -0,0 +1,76 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 11:4c:a8:ce:f8:a7:2e:27:82:b2:60:85:a5:c2:bf:09:a2:23:e9:a4 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=*localhost, emailAddress=info@wolfssl.com + Validity + Not Before: Nov 13 20:41:29 2025 GMT + Not After : Aug 9 20:41:29 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=*localhost, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Key Identifier: + B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + 4a:47:47:f0:f6:8e:ed:e1:65:15:68:43:d7:64:b5:9f:8a:8d: + 8a:4a:da:6f:68:22:44:9d:1e:77:33:be:60:df:af:e1:14:24: + 55:47:82:c3:b4:9c:2b:0d:69:64:d0:c9:d0:ef:19:a8:c0:54: + 3d:39:6b:69:6c:09:9d:5b:3c:7d:f6:18:22:6a:68:16:bb:dc: + b0:01:ab:ed:94:e7:17:4c:8e:52:13:0f:dc:bc:b3:9f:9e:87: + 36:01:e5:e9:71:d5:19:5e:47:7c:b5:9d:42:72:67:17:26:31: + 40:54:f8:dd:1e:f9:76:2b:e5:88:cd:5f:07:8f:94:cb:c7:2a: + 0b:0b:69:4d:b6:6b:27:07:0e:55:a2:56:f9:db:57:95:c6:28: + 50:8b:bc:28:85:9b:b7:41:d7:fe:e3:1d:33:84:91:aa:55:e1: + f8:09:11:29:f1:0f:92:ae:d9:c9:5f:a3:98:5b:2a:09:93:45: + 09:92:cb:58:e7:6e:e1:2a:2d:e7:70:17:f7:e5:14:0e:b8:89: + 83:c3:ce:16:41:7a:0f:bb:99:ec:f5:b7:3b:c0:39:8a:74:00: + b6:8f:dd:28:d4:85:c3:af:a4:fb:a3:b3:7d:e0:ea:66:c6:8f: + 4d:e2:a6:a0:f0:1a:de:5f:b1:bd:cb:28:8c:c0:9a:71:84:3a: + d1:0f:c4:d1 +-----BEGIN CERTIFICATE----- +MIIDqTCCApGgAwIBAgIUEUyozvinLieCsmCFpcK/CaIj6aQwDQYJKoZIhvcNAQEL +BQAwfTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv +emVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRMwEQYDVQQDDAoqbG9jYWxob3N0 +MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29tMB4XDTI1MTExMzIwNDEy +OVoXDTI4MDgwOTIwNDEyOVowfTELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRh +bmExEDAOBgNVBAcMB0JvemVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRMwEQYD +VQQDDAoqbG9jYWxob3N0MR8wHQYJKoZIhvcNAQkBFhBpbmZvQHdvbGZzc2wuY29t +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwJUI4VdB8nFtt9JFQScB +ZcZFrvK8JDC4lc4vTtb2HIi8fJ/7qGd//lycUXX3isoH5zUvj+G9e8AvfKtkqBf8 +yl17uuAh5XIuby6G2JVz2qwbU7lfP9cZDSVP4WNjUYsLZD+tQ7ilHFw0s64AoGPF +9n8LWWh4c6aMGKkCba/DGQEuuBDjxsxAtGmjRjNph27Euxem8+jdrXO8ey8htf1m +UQy9VLPhbV8cvCNz0QkDiRTSELlkwyrQoZZKvOHUGlvHoMDBY3gPRDcwMpaAMiOV +oXe6E9KXc+JdJclqDcM5YKS0sGlCQgnp2Ai8MyCzWCKnquvE4eZhg8XSlt/Z0E+t +1wIDAQABoyEwHzAdBgNVHQ4EFgQUsxEyyZKYhOLJ+NA7bgNCyh8OjjwwDQYJKoZI +hvcNAQELBQADggEBAEpHR/D2ju3hZRVoQ9dktZ+KjYpK2m9oIkSdHnczvmDfr+EU +JFVHgsO0nCsNaWTQydDvGajAVD05a2lsCZ1bPH32GCJqaBa73LABq+2U5xdMjlIT +D9y8s5+ehzYB5elx1RleR3y1nUJyZxcmMUBU+N0e+XYr5YjNXwePlMvHKgsLaU22 +aycHDlWiVvnbV5XGKFCLvCiFm7dB1/7jHTOEkapV4fgJESnxD5Ku2clfo5hbKgmT +RQmSy1jnbuEqLedwF/flFA64iYPDzhZBeg+7mez1tzvAOYp0ALaP3SjUhcOvpPuj +s33g6mbGj03ipqDwGt5fsb3LKIzAmnGEOtEPxNE= +-----END CERTIFICATE----- diff --git a/test/ssl/vectors/certs/test/server-localhost.pem b/test/ssl/vectors/certs/test/server-localhost.pem new file mode 100644 index 000000000..0dcfabd3b --- /dev/null +++ b/test/ssl/vectors/certs/test/server-localhost.pem @@ -0,0 +1,79 @@ +Certificate: + Data: + Version: 3 (0x2) + Serial Number: + 21:0e:4e:8a:39:de:07:ee:c4:06:ef:e7:28:81:47:e7:2b:13:42:52 + Signature Algorithm: sha256WithRSAEncryption + Issuer: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost, emailAddress=info@wolfssl.com + Validity + Not Before: Nov 13 20:41:32 2025 GMT + Not After : Aug 9 20:41:32 2028 GMT + Subject: C=US, ST=Montana, L=Bozeman, OU=Engineering, CN=localhost, emailAddress=info@wolfssl.com + Subject Public Key Info: + Public Key Algorithm: rsaEncryption + Public-Key: (2048 bit) + Modulus: + 00:c0:95:08:e1:57:41:f2:71:6d:b7:d2:45:41:27: + 01:65:c6:45:ae:f2:bc:24:30:b8:95:ce:2f:4e:d6: + f6:1c:88:bc:7c:9f:fb:a8:67:7f:fe:5c:9c:51:75: + f7:8a:ca:07:e7:35:2f:8f:e1:bd:7b:c0:2f:7c:ab: + 64:a8:17:fc:ca:5d:7b:ba:e0:21:e5:72:2e:6f:2e: + 86:d8:95:73:da:ac:1b:53:b9:5f:3f:d7:19:0d:25: + 4f:e1:63:63:51:8b:0b:64:3f:ad:43:b8:a5:1c:5c: + 34:b3:ae:00:a0:63:c5:f6:7f:0b:59:68:78:73:a6: + 8c:18:a9:02:6d:af:c3:19:01:2e:b8:10:e3:c6:cc: + 40:b4:69:a3:46:33:69:87:6e:c4:bb:17:a6:f3:e8: + dd:ad:73:bc:7b:2f:21:b5:fd:66:51:0c:bd:54:b3: + e1:6d:5f:1c:bc:23:73:d1:09:03:89:14:d2:10:b9: + 64:c3:2a:d0:a1:96:4a:bc:e1:d4:1a:5b:c7:a0:c0: + c1:63:78:0f:44:37:30:32:96:80:32:23:95:a1:77: + ba:13:d2:97:73:e2:5d:25:c9:6a:0d:c3:39:60:a4: + b4:b0:69:42:42:09:e9:d8:08:bc:33:20:b3:58:22: + a7:aa:eb:c4:e1:e6:61:83:c5:d2:96:df:d9:d0:4f: + ad:d7 + Exponent: 65537 (0x10001) + X509v3 extensions: + X509v3 Subject Alternative Name: + DNS:localhost + X509v3 Subject Key Identifier: + B3:11:32:C9:92:98:84:E2:C9:F8:D0:3B:6E:03:42:CA:1F:0E:8E:3C + Signature Algorithm: sha256WithRSAEncryption + Signature Value: + a6:97:75:8b:75:a5:53:95:c2:cf:d5:0f:68:b6:29:bb:70:89: + 84:24:52:1a:7e:b1:3e:b1:c6:0a:ab:41:0a:93:db:d3:b5:ce: + ab:e9:1b:f3:ed:4f:e9:23:30:29:e9:65:7a:b2:c0:2b:bc:de: + 31:ca:06:90:42:3c:ba:09:e7:b7:f8:c8:1c:22:81:14:b7:f0: + 1e:3b:d8:03:4c:6e:0e:40:f4:a2:dd:57:69:fb:4b:b9:5e:67: + 5d:8e:b6:d4:d5:91:b1:12:d8:1a:8c:3c:2b:06:b0:91:b2:53: + 84:49:ca:b3:ad:0b:d1:8d:03:91:14:c8:58:1c:9b:30:5c:8d: + a0:20:6d:04:14:95:e8:b3:fe:69:9a:b1:22:44:d6:14:e6:a2: + 89:28:25:0e:f0:23:fd:af:44:d7:57:6e:8f:32:a5:41:5b:98: + cb:d6:9f:b6:20:17:fa:f6:ef:75:86:c4:f9:10:95:55:27:ba: + bc:e9:78:d1:c6:4b:e3:3b:9b:22:97:71:0e:86:f8:ac:10:68: + 19:a7:ad:e2:62:11:f0:13:0b:77:c5:09:b1:2d:ec:43:34:59: + 54:13:bc:48:bb:1a:3e:59:7e:d6:38:98:c6:90:5a:58:46:c3: + 06:24:62:c2:e0:c2:84:4a:f7:4b:e9:22:36:a1:eb:10:40:cf: + 48:5b:5b:5f +-----BEGIN CERTIFICATE----- +MIIDvTCCAqWgAwIBAgIUIQ5OijneB+7EBu/nKIFH5ysTQlIwDQYJKoZIhvcNAQEL +BQAwfDELMAkGA1UEBhMCVVMxEDAOBgNVBAgMB01vbnRhbmExEDAOBgNVBAcMB0Jv +emVtYW4xFDASBgNVBAsMC0VuZ2luZWVyaW5nMRIwEAYDVQQDDAlsb2NhbGhvc3Qx +HzAdBgkqhkiG9w0BCQEWEGluZm9Ad29sZnNzbC5jb20wHhcNMjUxMTEzMjA0MTMy +WhcNMjgwODA5MjA0MTMyWjB8MQswCQYDVQQGEwJVUzEQMA4GA1UECAwHTW9udGFu +YTEQMA4GA1UEBwwHQm96ZW1hbjEUMBIGA1UECwwLRW5naW5lZXJpbmcxEjAQBgNV +BAMMCWxvY2FsaG9zdDEfMB0GCSqGSIb3DQEJARYQaW5mb0B3b2xmc3NsLmNvbTCC +ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMCVCOFXQfJxbbfSRUEnAWXG +Ra7yvCQwuJXOL07W9hyIvHyf+6hnf/5cnFF194rKB+c1L4/hvXvAL3yrZKgX/Mpd +e7rgIeVyLm8uhtiVc9qsG1O5Xz/XGQ0lT+FjY1GLC2Q/rUO4pRxcNLOuAKBjxfZ/ +C1loeHOmjBipAm2vwxkBLrgQ48bMQLRpo0YzaYduxLsXpvPo3a1zvHsvIbX9ZlEM +vVSz4W1fHLwjc9EJA4kU0hC5ZMMq0KGWSrzh1Bpbx6DAwWN4D0Q3MDKWgDIjlaF3 +uhPSl3PiXSXJag3DOWCktLBpQkIJ6dgIvDMgs1gip6rrxOHmYYPF0pbf2dBPrdcC +AwEAAaM3MDUwFAYDVR0RBA0wC4IJbG9jYWxob3N0MB0GA1UdDgQWBBSzETLJkpiE +4sn40DtuA0LKHw6OPDANBgkqhkiG9w0BAQsFAAOCAQEAppd1i3WlU5XCz9UPaLYp +u3CJhCRSGn6xPrHGCqtBCpPb07XOq+kb8+1P6SMwKellerLAK7zeMcoGkEI8ugnn +t/jIHCKBFLfwHjvYA0xuDkD0ot1XaftLuV5nXY621NWRsRLYGow8KwawkbJThEnK +s60L0Y0DkRTIWBybMFyNoCBtBBSV6LP+aZqxIkTWFOaiiSglDvAj/a9E11dujzKl +QVuYy9aftiAX+vbvdYbE+RCVVSe6vOl40cZL4zubIpdxDob4rBBoGaet4mIR8BML +d8UJsS3sQzRZVBO8SLsaPll+1jiYxpBaWEbDBiRiwuDChEr3S+kiNqHrEEDPSFtb +Xw== +-----END CERTIFICATE----- diff --git a/test/ssl/vectors/tests/test-chains.conf b/test/ssl/vectors/tests/test-chains.conf new file mode 100644 index 000000000..cf99d214d --- /dev/null +++ b/test/ssl/vectors/tests/test-chains.conf @@ -0,0 +1,384 @@ +# Tests will use complete chain with intermediate CA for testing +# The tests with chains have the CRL checking disabled +# CRL's only load for trusted CA's, for a chain you must load the root and intermediate as trusted +# For these tests we are loading root and sending intermediate and peer certs +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem +-V + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem +-C + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem +-V + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem +-C + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-ecc.pem +-V + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-ecc.pem +-C + +# server TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/test-pathlen/chainA-entity-key.pem +-c ./certs/test-pathlen/chainA-assembled.pem +-V + +# client TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-C + +# server TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/test-pathlen/chainB-entity-key.pem +-c ./certs/test-pathlen/chainB-assembled.pem +-V + +# client TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-C + +# server TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/test-pathlen/chainC-entity-key.pem +-c ./certs/test-pathlen/chainC-assembled.pem +-V + +# client TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-C + +# server TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/test-pathlen/chainD-entity-key.pem +-c ./certs/test-pathlen/chainD-assembled.pem +-V + +# client TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-C + +# server TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/test-pathlen/chainE-entity-key.pem +-c ./certs/test-pathlen/chainE-assembled.pem +-H exitWithRet +-V + +# client TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-H exitWithRet +-C + +# server TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/test-pathlen/chainF-entity-key.pem +-c ./certs/test-pathlen/chainF-assembled.pem +-H exitWithRet +-V + +# client TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-H exitWithRet +-C + +# server TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/test-pathlen/chainG-entity-key.pem +-c ./certs/test-pathlen/chainG-assembled.pem +-V + +# client TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-C + +# server TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/test-pathlen/chainH-entity-key.pem +-c ./certs/test-pathlen/chainH-assembled.pem +-H exitWithRet +-V + +# client TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-H exitWithRet +-C + +# server TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/test-pathlen/chainI-entity-key.pem +-c ./certs/test-pathlen/chainI-assembled.pem +-V + +# client TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-C + +# server TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/test-pathlen/chainJ-entity-key.pem +-c ./certs/test-pathlen/chainJ-assembled.pem +-H exitWithRet +-V + +# client TLSv1.2 pathLen constraint test +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-H exitWithRet +-C + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain.pem +-V + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain.pem +-C + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-ecc.pem +-V + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-ecc.pem +-C + +# Test will load intermediate CA as trusted and only present the peer cert (partial chain) +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem +-V + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem +-C + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem +-V + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Partial Chain +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem +-C + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem +-V + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Partial Chain +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem +-C + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-int-cert.pem +-V + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-int-cert.pem +-C + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-int-ecc-cert.pem +-V + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Partial Chain +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/intermediate/ca-int2-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-int-ecc-cert.pem +-C + +# Test will use alternate chain where chain contains extra cert +# These tests should fail +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem +-H exitWithRet +-V + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem +-H exitWithRet +-C + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem +-H exitWithRet +-V + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem +-H exitWithRet +-C + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain Fail +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-alt-ecc.pem +-H exitWithRet +-V + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 ECC Alt Chain Fail +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-alt-ecc.pem +-H exitWithRet +-C + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/server-key.pem +-c ./certs/intermediate/server-chain-alt.pem +-H exitWithRet +-V + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 RSA Alt Chain Fail +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-cert.pem +-k ./certs/client-key.pem +-c ./certs/intermediate/client-chain-alt.pem +-H exitWithRet +-C + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain Fail +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-key.pem +-c ./certs/intermediate/server-chain-alt-ecc.pem +-H exitWithRet +-V + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 ECC Alt Chain Fail +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-k ./certs/ecc-client-key.pem +-c ./certs/intermediate/client-chain-alt-ecc.pem +-H exitWithRet +-C diff --git a/test/ssl/vectors/tests/test-dhprime.conf b/test/ssl/vectors/tests/test-dhprime.conf new file mode 100644 index 000000000..f43739ed0 --- /dev/null +++ b/test/ssl/vectors/tests/test-dhprime.conf @@ -0,0 +1,25 @@ +# server TLSv1.2 DHE AES128 (DHE prime test) +-v 3 +-l DHE-RSA-AES128-SHA + +# client TLSv1.2 DHE AES128 (DHE prime test) +-v 3 +-l DHE-RSA-AES128-SHA + +# server TLSv1.2 DHE AES256-SHA256 (DHE prime test) +-v 3 +-l DHE-RSA-AES256-SHA256 + +# client TLSv1.2 DHE AES256-SHA256 (DHE prime test) +-v 3 +-l DHE-RSA-AES256-SHA256 + +# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) +-s +-v 3 +-l DHE-PSK-AES128-CBC-SHA256 + +# client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 (DHE prime test) +-s +-v 3 +-l DHE-PSK-AES128-CBC-SHA256 diff --git a/test/ssl/vectors/tests/test-fails.conf b/test/ssl/vectors/tests/test-fails.conf new file mode 100644 index 000000000..66edd321b --- /dev/null +++ b/test/ssl/vectors/tests/test-fails.conf @@ -0,0 +1,214 @@ +# server bad certificate common name has null +# DG: Have not found a way to properly encode null in common name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-badcnnull.pem +-d + +# client bad certificate common name has null +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-badcnnull.pem +-m +-x + +# server bad certificate alternate name has null +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-badaltnull.pem +-d + +# client bad certificate alternate name has null +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-badaltnull.pem +-m +-x + +# server nomatch common name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-badcn.pem +-d + +# client nomatch common name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-badcn.pem +-m +-x + +# server nomatch alternate name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-badaltname.pem +-d + +# client nomatch alternate name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-badaltname.pem +-m +-x + +# server RSA no signer error +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 + +# client RSA no signer error +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-A ./certs/client-cert.pem + +# server ECC no signer error +#-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client ECC no signer error +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/client-ecc-cert.pem + +# server RSA bad sig error +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-c ./certs/test/server-cert-rsa-badsig.pem + +# client RSA bad sig error +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 + +# server ECC bad sig error +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/test/server-cert-ecc-badsig.pem + +# client ECC bad sig error +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 + +# server missing CN from alternate names list +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-c ./certs/test/server-garbage.pem + +# client missing CN from alternate names list +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-garbage.pem +-m + +# Verify Callback Failure Tests +# no error going into callback, return error +# server +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-H verifyFail + +# client verify should fail +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-H verifyFail + +# server verify should fail +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-H verifyFail + +# client +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-H verifyFail + +# server +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-H verifyFail + +# client verify should fail +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-H verifyFail + +# server verify should fail +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-H verifyFail + +# client +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-H verifyFail + +# error going into callback, return error +# server +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-c ./certs/test/server-cert-rsa-badsig.pem +-k ./certs/server-key.pem +-H verifyFail + +# client verify should fail +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-H verifyFail + +# server +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/test/server-cert-ecc-badsig.pem +-k ./certs/ecc-key.pem +-H verifyFail + +# client verify should fail +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-H verifyFail + +# Client is using RSA certificate with ECDSA cipher suite. Server will fail. +# server +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem +-A ./certs/client-cert.pem +-H exitWithRet + +# client +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/client-cert.pem +-k ./certs/client-key.pem +-A ./certs/ca-ecc-cert.pem +-H exitWithRet + +# server send alert on no mutual authentication +-v 3 +-F +-H verifyFail + +# client send alert on no mutual authentication +-v 3 +-x +-H verifyFail + +# server TLSv1.3 fail on no client certificate +# server always sets WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT unless using -d +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 no client certificate +-v 4 +-l TLS13-AES128-GCM-SHA256 +-x diff --git a/test/ssl/vectors/tests/test-tls13-down.conf b/test/ssl/vectors/tests/test-tls13-down.conf new file mode 100644 index 000000000..3b388a026 --- /dev/null +++ b/test/ssl/vectors/tests/test-tls13-down.conf @@ -0,0 +1,128 @@ +# THIS TEST IS BROKEN +# server TLSv1.3 downgrade +#-v d +#-l TLS13-CHACHA20-POLY1305-SHA256 + +# client TLSv1.2 +#-v 3 + +# server TLSv1.2 +-v 3 + +# client TLSv1.3 downgrade +-v d + +# server TLSv1.3 downgrade +-v d + +# client TLSv1.3 downgrade +-v d + +# server TLSv1.3 downgrade but don't and resume +-v d +-r + +# client TLSv1.3 downgrade but don't and resume +-v d +-r + +# server TLSv1.3 downgrade and resume +-v d +-r + +# client TLSv1.2 and resume +-v 3 +-r + +# server TLSv1.2 and resume +-v d +-r + +# cient TLSv1.3 downgrade and resume +-v 3 +-r + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 +-H exitWithRet + +# client TLSv1.2, should fail +-v 3 +-H exitWithRet + +# server TLSv1.2 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-H exitWithRet + +# client TLSv1.3, should fail +-v 4 +-H exitWithRet + +# server TLSv1.2 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-H exitWithRet + +# client +# enable downgrade +# minimum downgradable TLSv 1.3 +# expect to be failure +-7 4 +-v d +-H exitWithRet + +# server +# enable downgrade +# minimum downgradable TLSv 1.3 +-7 4 +-v d +-l TLS13-AES128-GCM-SHA256 + +# client +# enable downgrade +# minimum downgradable TLSv 1.3 +-7 4 +-v d + +# server +# enable downgrade +# minimum downgradable TLSv 1.2 +-7 3 +-v d +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client TLSv 1.2 +-v 3 + +# server +# enable downgrade +# minimum downgradable TLSv 1.3 +# expect to be failure +-7 4 +-v d +-l TLS13-AES128-GCM-SHA256 +-H exitWithRet + +# client TLSv 1.2 +-v 3 +-H exitWithRet + +# server TLSv1.2 - PSK +-v 3 +-s +-l ECDHE-PSK-AES128-GCM-SHA256 + +# client TLS PSK multiversion, allow downgrade +-v d +-7 3 +-s +-l ECDHE-PSK-AES128-GCM-SHA256 + +# server TLSv1.3 +-v 4 + +# client downgrade with trusted ca +-v d +-5 diff --git a/test/ssl/vectors/tests/test-tls13-ecc.conf b/test/ssl/vectors/tests/test-tls13-ecc.conf new file mode 100644 index 000000000..160df27bd --- /dev/null +++ b/test/ssl/vectors/tests/test-tls13-ecc.conf @@ -0,0 +1,104 @@ +# server TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 +-v 4 +-l TLS13-CHACHA20-POLY1305-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 +-v 4 +-l TLS13-CHACHA20-POLY1305-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 +-v 4 +-l TLS13-AES128-GCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.3 TLS13-AES256-GCM-SHA384 +-v 4 +-l TLS13-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.3 TLS13-AES256-GCM-SHA384 +-v 4 +-l TLS13-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-CCM-SHA256 +-v 4 +-l TLS13-AES128-CCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.3 TLS13-AES128-CCM-SHA256 +-v 4 +-l TLS13-AES128-CCM-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-CCM-8-SHA256 +-v 4 +-l TLS13-AES128-CCM-8-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.3 TLS13-AES128-CCM-8-SHA256 +-v 4 +-l TLS13-AES128-CCM-8-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-CCM8-SHA256 (OpenSSL-compat alias) +-v 4 +-l TLS13-AES128-CCM8-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.3 TLS13-AES128-CCM8-SHA256 (OpenSSL-compat alias) +-v 4 +-l TLS13-AES128-CCM8-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 +-v 4 +-l TLS13-AES128-GCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem +-t + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-t + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 +-v 4 +-l TLS13-AES128-GCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem +-8 + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-8 + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 +-v 4 +-l TLS13-AES128-GCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem +-Y + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 +-v 4 +-l TLS13-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-y diff --git a/test/ssl/vectors/tests/test-tls13.conf b/test/ssl/vectors/tests/test-tls13.conf new file mode 100644 index 000000000..266f37321 --- /dev/null +++ b/test/ssl/vectors/tests/test-tls13.conf @@ -0,0 +1,231 @@ +# server TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 +-v 4 +-l TLS13-CHACHA20-POLY1305-SHA256 + +# client TLSv1.3 TLS13-CHACHA20-POLY1305-SHA256 +-v 4 +-l TLS13-CHACHA20-POLY1305-SHA256 + +# server TLSv1.3 TLS13-AES128-GCM-SHA256 +-v 4 +-l TLS13-AES128-GCM-SHA256 +-6 + +# client TLSv1.3 TLS13-AES128-GCM-SHA256 +-v 4 +-l TLS13-AES128-GCM-SHA256 +-6 + +# server TLSv1.3 TLS13-AES256-GCM-SHA384 +-v 4 +-l TLS13-AES256-GCM-SHA384 + +# client TLSv1.3 TLS13-AES256-GCM-SHA384 +-v 4 +-l TLS13-AES256-GCM-SHA384 + +# server TLSv1.3 TLS13-AES128-CCM-SHA256 +-v 4 +-l TLS13-AES128-CCM-SHA256 + +# client TLSv1.3 TLS13-AES128-CCM-SHA256 +-v 4 +-l TLS13-AES128-CCM-SHA256 + +# server TLSv1.3 TLS13-AES128-CCM-8-SHA256 +-v 4 +-l TLS13-AES128-CCM-8-SHA256 + +# client TLSv1.3 TLS13-AES128-CCM-8-SHA256 +-v 4 +-l TLS13-AES128-CCM-8-SHA256 + +# server TLSv1.3 TLS13-AES128-CCM8-SHA256 (OpenSSL-compat alias) +-v 4 +-l TLS13-AES128-CCM8-SHA256 + +# client TLSv1.3 TLS13-AES128-CCM8-SHA256 (OpenSSL-compat alias) +-v 4 +-l TLS13-AES128-CCM8-SHA256 + +# server TLSv1.3 resumption +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r + +# client TLSv1.3 resumption +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r + +# server TLSv1.3 resumption - SHA384 +-v 4 +-l TLS13-AES256-GCM-SHA384 +-r + +# client TLSv1.3 resumption - SHA384 +-v 4 +-l TLS13-AES256-GCM-SHA384 +-r + +# server TLSv1.3 PSK without (EC)DHE +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r + +# client TLSv1.3 PSK without (EC)DHE +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r +-K + +# server TLSv1.3 accepting EarlyData +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r +-0 + +# client TLSv1.3 sending EarlyData +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r +-0 + +# server TLSv1.3 not accepting EarlyData +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r + +# client TLSv1.3 sending EarlyData +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r +-0 + +# server TLSv1.3 accepting EarlyData +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r +-0 + +# client TLSv1.3 not sending EarlyData +-v 4 +-l TLS13-AES128-GCM-SHA256 +-r + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 Fragments +-v 4 +-l TLS13-AES128-GCM-SHA256 +-F 1 + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 HelloRetryRequest to negotiate Key Exchange algorithm +-v 4 +-l TLS13-AES128-GCM-SHA256 +-J + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 +-J + +# client TLSv1.3 HelloRetryRequest with cookie +-v 4 +-l TLS13-AES128-GCM-SHA256 +-J + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 DH key exchange +-v 4 +-l TLS13-AES128-GCM-SHA256 +-y + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 ECC key exchange +-v 4 +-l TLS13-AES128-GCM-SHA256 +-Y + +# server TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# client TLSv1.3 ECC key exchange +-v 4 +-l TLS13-AES128-GCM-SHA256 +-Y + +# server TLSv1.3 multiple cipher suites +-v 4 +-l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 + +# client TLSv1.3 +-v 4 +-l TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-8-SHA256 + +# server TLSv1.3 KeyUpdate +-v 4 +-l TLS13-AES128-GCM-SHA256 +-U + +# client TLSv1.3 KeyUpdate +-v 4 +-l TLS13-AES128-GCM-SHA256 +-I + +# server TLSv1.3 No session ticket +-v 4 +-l TLS13-AES128-GCM-SHA256 +-T + +# client TLSv1.3 No session ticket +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# server TLSv1.3 Post-Handshake Authentication +-v 4 +-l TLS13-AES128-GCM-SHA256 +-Q + +# client TLSv1.3 Post-Handshake Authentication +-v 4 +-l TLS13-AES128-GCM-SHA256 +-Q + +# server TLSv1.3 Send Ticket explicitly +-v 4 +-l TLS13-AES128-GCM-SHA256 +--send-ticket + +# client TLSv1.3 Send Ticket explicitly +-v 4 +-l TLS13-AES128-GCM-SHA256 + +# server TLSv1.3 Integrity-only SHA256 +-v 4 +-l TLS13-SHA256-SHA256 + +# client TLSv1.3 Integrity-only SHA256 +-v 4 +-l TLS13-SHA256-SHA256 + +# server TLSv1.3 Integrity-only SHA384 +-v 4 +-l TLS13-SHA384-SHA384 + +# client TLSv1.3 Integrity-only SHA384 +-v 4 +-l TLS13-SHA384-SHA384 diff --git a/test/ssl/vectors/tests/test.conf b/test/ssl/vectors/tests/test.conf new file mode 100644 index 000000000..73d40f000 --- /dev/null +++ b/test/ssl/vectors/tests/test.conf @@ -0,0 +1,2094 @@ +# server TLSv1.2 DHE-RSA-CHACHA20-POLY1305 +-v 3 +-l DHE-RSA-CHACHA20-POLY1305 + +# client TLSv1.2 DHE-RSA-CHACHA20-POLY1305 +-v 3 +-l DHE-RSA-CHACHA20-POLY1305 + +# server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 +-v 3 +-l ECDHE-RSA-CHACHA20-POLY1305 + +# client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305 +-v 3 +-l ECDHE-RSA-CHACHA20-POLY1305 + +# server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-v 3 +-s +-l DHE-PSK-CHACHA20-POLY1305 + +# client TLSv1.2 DHE-PSK-CHACHA20-POLY1305 +-v 3 +-s +-l DHE-PSK-CHACHA20-POLY1305 + +# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-v 3 +-s +-l ECDHE-PSK-CHACHA20-POLY1305 + +# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 +-v 3 +-s +-l ECDHE-PSK-CHACHA20-POLY1305 + +# server TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 x25519 +-v 3 +-s +-t +-l ECDHE-PSK-CHACHA20-POLY1305 + +# client TLSv1.2 ECDHE-PSK-CHACHA20-POLY1305 x25519 +-v 3 +-s +-t +-l ECDHE-PSK-CHACHA20-POLY1305 + +# server TLSv1.2 PSK-CHACHA20-POLY1305 +-v 3 +-s +-l PSK-CHACHA20-POLY1305 + +# client TLSv1.2 PSK-CHACHA20-POLY1305 +-v 3 +-s +-l PSK-CHACHA20-POLY1305 + +# server TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD +-v 3 +-l DHE-RSA-CHACHA20-POLY1305-OLD + +# client TLSv1.2 DHE-RSA-CHACHA20-POLY1305-OLD +-v 3 +-l DHE-RSA-CHACHA20-POLY1305-OLD + +# server TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD +-v 3 +-l ECDHE-RSA-CHACHA20-POLY1305-OLD + +# client TLSv1.2 ECDHE-RSA-CHACHA20-POLY1305-OLD +-v 3 +-l ECDHE-RSA-CHACHA20-POLY1305-OLD + +# server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305-OLD +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305-OLD +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305-OLD +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305-OLD +-A ./certs/ca-ecc-cert.pem + +# server SSLv3 RC4-SHA +-v 0 +-l RC4-SHA + +# client SSLv3 RC4-SHA +-v 0 +-l RC4-SHA + +# server SSLv3 RC4-MD5 +-v 0 +-l RC4-MD5 + +# client SSLv3 RC4-MD5 +-v 0 +-l RC4-MD5 + +# server SSLv3 DES-CBC3-SHA +-v 0 +-l DES-CBC3-SHA + +# client SSLv3 DES-CBC3-SHA +-v 0 +-l DES-CBC3-SHA + +# server TLSv1 RC4-SHA +-v 1 +-l RC4-SHA + +# client TLSv1 RC4-SHA +-v 1 +-l RC4-SHA + +# server TLSv1 RC4-MD5 +-v 1 +-l RC4-MD5 + +# client TLSv1 RC4-MD5 +-v 1 +-l RC4-MD5 + +# server TLSv1 DES-CBC3-SHA +-v 1 +-l DES-CBC3-SHA + +# client TLSv1 DES-CBC3-SHA +-v 1 +-l DES-CBC3-SHA + +# server TLSv1 AES128-SHA +-v 1 +-l AES128-SHA + +# client TLSv1 AES128-SHA +-v 1 +-l AES128-SHA + +# server TLSv1 AES256-SHA +-v 1 +-l AES256-SHA + +# client TLSv1 AES256-SHA +-v 1 +-l AES256-SHA + +# server TLSv1.1 RC4-SHA +-v 2 +-l RC4-SHA + +# client TLSv1.1 RC4-SHA +-v 2 +-l RC4-SHA + +# server TLSv1.1 RC4-MD5 +-v 2 +-l RC4-MD5 + +# client TLSv1.1 RC4-MD5 +-v 2 +-l RC4-MD5 + +# server TLSv1.1 DES-CBC3-SHA +-v 2 +-l DES-CBC3-SHA + +# client TLSv1.1 DES-CBC3-SHA +-v 2 +-l DES-CBC3-SHA + +# server TLSv1.1 AES128-SHA +-v 2 +-l AES128-SHA + +# client TLSv1.1 AES128-SHA +-v 2 +-l AES128-SHA + +# server TLSv1.1 AES256-SHA +-v 2 +-l AES256-SHA + +# client TLSv1.1 AES256-SHA +-v 2 +-l AES256-SHA + +# server TLSv1.2 RC4-SHA +-v 3 +-l RC4-SHA + +# client TLSv1.2 RC4-SHA +-v 3 +-l RC4-SHA + +# server TLSv1.2 RC4-MD5 +-v 3 +-l RC4-MD5 + +# client TLSv1.2 RC4-MD5 +-v 3 +-l RC4-MD5 + +# server TLSv1.2 DES-CBC3-SHA +-v 3 +-l DES-CBC3-SHA + +# client TLSv1.2 DES-CBC3-SHA +-v 3 +-l DES-CBC3-SHA + +# server TLSv1.2 AES128-SHA +-v 3 +-l AES128-SHA + +# client TLSv1.2 AES128-SHA +-v 3 +-l AES128-SHA + +# server TLSv1.2 AES256-SHA +-v 3 +-l AES256-SHA + +# client TLSv1.2 AES256-SHA +-v 3 +-l AES256-SHA + +# server TLSv1.2 AES128-SHA256 +-v 3 +-l AES128-SHA256 + +# client TLSv1.2 AES128-SHA256 +-v 3 +-l AES128-SHA256 + +# server TLSv1.2 AES256-SHA256 +-v 3 +-l AES256-SHA256 + +# client TLSv1.2 AES256-SHA256 +-v 3 +-l AES256-SHA256 + +# server TLSv1 ECDHE-RSA-RC4 +-v 1 +-l ECDHE-RSA-RC4-SHA + +# client TLSv1 ECDHE-RSA-RC4 +-v 1 +-l ECDHE-RSA-RC4-SHA + +# server TLSv1 ECDHE-RSA-DES3 +-v 1 +-l ECDHE-RSA-DES-CBC3-SHA + +# client TLSv1 ECDHE-RSA-DES3 +-v 1 +-l ECDHE-RSA-DES-CBC3-SHA + +# server TLSv1 ECDHE-RSA-AES128 +-v 1 +-l ECDHE-RSA-AES128-SHA + +# client TLSv1 ECDHE-RSA-AES128 +-v 1 +-l ECDHE-RSA-AES128-SHA + +# server TLSv1 ECDHE-RSA-AES256 +-v 1 +-l ECDHE-RSA-AES256-SHA + +# client TLSv1 ECDHE-RSA-AES256 +-v 1 +-l ECDHE-RSA-AES256-SHA + +# server TLSv1.1 ECDHE-RSA-RC4 +-v 2 +-l ECDHE-RSA-RC4-SHA + +# client TLSv1.1 ECDHE-RSA-RC4 +-v 2 +-l ECDHE-RSA-RC4-SHA + +# server TLSv1.1 ECDHE-RSA-DES3 +-v 2 +-l ECDHE-RSA-DES-CBC3-SHA + +# client TLSv1.1 ECDHE-RSA-DES3 +-v 2 +-l ECDHE-RSA-DES-CBC3-SHA + +# server TLSv1.1 ECDHE-RSA-AES128 +-v 2 +-l ECDHE-RSA-AES128-SHA + +# client TLSv1.1 ECDHE-RSA-AES128 +-v 2 +-l ECDHE-RSA-AES128-SHA + +# server TLSv1.1 ECDHE-RSA-AES256 +-v 2 +-l ECDHE-RSA-AES256-SHA + +# client TLSv1.1 ECDHE-RSA-AES256 +-v 2 +-l ECDHE-RSA-AES256-SHA + +# server TLSv1.2 ECDHE-RSA-RC4 +-v 3 +-l ECDHE-RSA-RC4-SHA + +# client TLSv1.2 ECDHE-RSA-RC4 +-v 3 +-l ECDHE-RSA-RC4-SHA + +# server TLSv1.2 ECDHE-RSA-DES3 +-v 3 +-l ECDHE-RSA-DES-CBC3-SHA + +# client TLSv1.2 ECDHE-RSA-DES3 +-v 3 +-l ECDHE-RSA-DES-CBC3-SHA + +# server TLSv1.2 ECDHE-RSA-AES128 +-v 3 +-l ECDHE-RSA-AES128-SHA + +# client TLSv1.2 ECDHE-RSA-AES128 +-v 3 +-l ECDHE-RSA-AES128-SHA + +# server TLSv1.2 ECDHE-RSA-AES128-SHA256 +-v 3 +-l ECDHE-RSA-AES128-SHA256 + +# client TLSv1.2 ECDHE-RSA-AES128-SHA256 +-v 3 +-l ECDHE-RSA-AES128-SHA256 + +# server TLSv1.2 ECDHE-RSA-AES256 +-v 3 +-l ECDHE-RSA-AES256-SHA + +# client TLSv1.2 ECDHE-RSA-AES256 +-v 3 +-l ECDHE-RSA-AES256-SHA + +# server TLSv1 ECDHE-ECDSA-NULL-SHA +-v 1 +-l ECDHE-ECDSA-NULL-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-NULL-SHA +-v 1 +-l ECDHE-ECDSA-NULL-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.1 ECDHE-ECDSA-NULL-SHA +-v 2 +-l ECDHE-ECDSA-NULL-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-NULL-SHA +-v 2 +-l ECDHE-ECDSA-NULL-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-NULL-SHA +-v 3 +-l ECDHE-ECDSA-NULL-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-NULL-SHA +-v 3 +-l ECDHE-ECDSA-NULL-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1 ECDHE-ECDSA-RC4 +-v 1 +-l ECDHE-ECDSA-RC4-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-RC4 +-v 1 +-l ECDHE-ECDSA-RC4-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1 ECDHE-ECDSA-DES3 +-v 1 +-l ECDHE-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-DES3 +-v 1 +-l ECDHE-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1 ECDHE-ECDSA-AES128 +-v 1 +-l ECDHE-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-AES128 +-v 1 +-l ECDHE-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1 ECDHE-ECDSA-AES256 +-v 1 +-l ECDHE-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDHE-ECDSA-AES256 +-v 1 +-l ECDHE-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.1 ECDHE-EDCSA-RC4 +-v 2 +-l ECDHE-ECDSA-RC4-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDHE-ECDSA-RC4 +-v 2 +-l ECDHE-ECDSA-RC4-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.1 ECDHE-ECDSA-DES3 +-v 2 +-l ECDHE-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDHE-ECDSA-DES3 +-v 2 +-l ECDHE-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.1 ECDHE-ECDSA-AES128 +-v 2 +-l ECDHE-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDHE-ECDSA-AES128 +-v 2 +-l ECDHE-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.1 ECDHE-ECDSA-AES256 +-v 2 +-l ECDHE-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDHE-ECDSA-AES256 +-v 2 +-l ECDHE-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-RC4 +-v 3 +-l ECDHE-ECDSA-RC4-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-RC4 +-v 3 +-l ECDHE-ECDSA-RC4-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-DES3 +-v 3 +-l ECDHE-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-DES3 +-v 3 +-l ECDHE-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128 +-v 3 +-l ECDHE-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128 +-v 3 +-l ECDHE-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-SHA256 +-v 3 +-l ECDHE-ECDSA-AES128-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-SHA256 +-v 3 +-l ECDHE-ECDSA-AES128-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES256 +-v 3 +-l ECDHE-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES256 +-v 3 +-l ECDHE-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1 ECDH-RSA-RC4 +-v 1 +-l ECDH-RSA-RC4-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDH-RSA-RC4 +-v 1 +-l ECDH-RSA-RC4-SHA + +# server TLSv1 ECDH-RSA-DES3 +-v 1 +-l ECDH-RSA-DES-CBC3-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDH-RSA-DES3 +-v 1 +-l ECDH-RSA-DES-CBC3-SHA + +# server TLSv1 ECDH-RSA-AES128 +-v 1 +-l ECDH-RSA-AES128-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDH-RSA-AES128 +-v 1 +-l ECDH-RSA-AES128-SHA + +# server TLSv1 ECDH-RSA-AES256 +-v 1 +-l ECDH-RSA-AES256-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDH-RSA-AES256 +-v 1 +-l ECDH-RSA-AES256-SHA + +# server TLSv1.1 ECDH-RSA-RC4 +-v 2 +-l ECDH-RSA-RC4-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDH-RSA-RC4 +-v 2 +-l ECDH-RSA-RC4-SHA + +# server TLSv1.1 ECDH-RSA-DES3 +-v 2 +-l ECDH-RSA-DES-CBC3-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDH-RSA-DES3 +-v 2 +-l ECDH-RSA-DES-CBC3-SHA + +# server TLSv1.1 ECDH-RSA-AES128 +-v 2 +-l ECDH-RSA-AES128-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDH-RSA-AES128 +-v 2 +-l ECDH-RSA-AES128-SHA + +# server TLSv1.1 ECDH-RSA-AES256 +-v 2 +-l ECDH-RSA-AES256-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDH-RSA-AES256 +-v 2 +-l ECDH-RSA-AES256-SHA + +# server TLSv1.2 ECDH-RSA-RC4 +-v 3 +-l ECDH-RSA-RC4-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-RSA-RC4 +-v 3 +-l ECDH-RSA-RC4-SHA + +# server TLSv1.2 ECDH-RSA-DES3 +-v 3 +-l ECDH-RSA-DES-CBC3-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-RSA-DES3 +-v 3 +-l ECDH-RSA-DES-CBC3-SHA + +# server TLSv1.2 ECDH-RSA-AES128 +-v 3 +-l ECDH-RSA-AES128-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-RSA-AES128 +-v 3 +-l ECDH-RSA-AES128-SHA + +# server TLSv1.2 ECDH-RSA-AES128-SHA256 +-v 3 +-l ECDH-RSA-AES128-SHA256 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-RSA-AES128-SHA256 +-v 3 +-l ECDH-RSA-AES128-SHA256 + +# server TLSv1.2 ECDH-RSA-AES256 +-v 3 +-l ECDH-RSA-AES256-SHA +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-RSA-AES256 +-v 3 +-l ECDH-RSA-AES256-SHA + +# server TLSv1 ECDH-ECDSA-RC4 +-v 1 +-l ECDH-ECDSA-RC4-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDH-ECDSA-RC4 +-v 1 +-l ECDH-ECDSA-RC4-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1 ECDH-ECDSA-DES3 +-v 1 +-l ECDH-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDH-ECDSA-DES3 +-v 1 +-l ECDH-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1 ECDH-ECDSA-AES128 +-v 1 +-l ECDH-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDH-ECDSA-AES128 +-v 1 +-l ECDH-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1 ECDH-ECDSA-AES256 +-v 1 +-l ECDH-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1 ECDH-ECDSA-AES256 +-v 1 +-l ECDH-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.1 ECDH-EDCSA-RC4 +-v 2 +-l ECDH-ECDSA-RC4-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDH-ECDSA-RC4 +-v 2 +-l ECDH-ECDSA-RC4-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.1 ECDH-ECDSA-DES3 +-v 2 +-l ECDH-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDH-ECDSA-DES3 +-v 2 +-l ECDH-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.1 ECDH-ECDSA-AES128 +-v 2 +-l ECDH-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDH-ECDSA-AES128 +-v 2 +-l ECDH-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.1 ECDH-ECDSA-AES256 +-v 2 +-l ECDH-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.1 ECDH-ECDSA-AES256 +-v 2 +-l ECDH-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-RC4 +-v 3 +-l ECDH-ECDSA-RC4-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-ECDSA-RC4 +-v 3 +-l ECDH-ECDSA-RC4-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDH-ECDSA-DES3 +-v 3 +-l ECDH-ECDSA-DES-CBC3-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-ECDSA-DES3 +-v 3 +-l ECDH-ECDSA-DES-CBC3-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDH-ECDSA-AES128 +-v 3 +-l ECDH-ECDSA-AES128-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-ECDSA-AES128 +-v 3 +-l ECDH-ECDSA-AES128-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDH-ECDSA-AES128-SHA256 +-v 3 +-l ECDH-ECDSA-AES128-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-ECDSA-AES128-SHA256 +-v 3 +-l ECDH-ECDSA-AES128-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDH-ECDSA-AES256 +-v 3 +-l ECDH-ECDSA-AES256-SHA +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-ECDSA-AES256 +-v 3 +-l ECDH-ECDSA-AES256-SHA +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-RSA-AES256-SHA384 +-v 3 +-l ECDHE-RSA-AES256-SHA384 + +# client TLSv1.2 ECDHE-RSA-AES256-SHA384 +-v 3 +-l ECDHE-RSA-AES256-SHA384 + +# server TLSv1.2 ECDHE-ECDSA-AES256-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES256-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDH-RSA-AES256-SHA384 +-v 3 +-l ECDH-RSA-AES256-SHA384 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-RSA-AES256-SHA384 +-v 3 +-l ECDH-RSA-AES256-SHA384 + +# server TLSv1.2 ECDH-ECDSA-AES256-SHA384 +-v 3 +-l ECDH-ECDSA-AES256-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-ECDSA-AES256-SHA384 +-v 3 +-l ECDH-ECDSA-AES256-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1 DHE AES128 +-v 1 +-l DHE-RSA-AES128-SHA + +# client TLSv1 DHE AES128 +-v 1 +-l DHE-RSA-AES128-SHA + +# server TLSv1 DHE AES256 +-v 1 +-l DHE-RSA-AES256-SHA + +# client TLSv1 DHE AES256 +-v 1 +-l DHE-RSA-AES256-SHA + +# server TLSv1.1 DHE AES128 +-v 2 +-l DHE-RSA-AES128-SHA + +# client TLSv1.1 DHE AES128 +-v 2 +-l DHE-RSA-AES128-SHA + +# server TLSv1.1 DHE AES256 +-v 2 +-l DHE-RSA-AES256-SHA + +# client TLSv1.1 DHE AES256 +-v 2 +-l DHE-RSA-AES256-SHA + +# server TLSv1.1 DHE 3DES +-v 2 +-l EDH-RSA-DES-CBC3-SHA + +# client TLSv1.1 DHE 3DES +-v 2 +-l EDH-RSA-DES-CBC3-SHA + +# server TLSv1.2 DHE 3DES +-v 3 +-l EDH-RSA-DES-CBC3-SHA + +# client TLSv1.2 DHE 3DES +-v 3 +-l EDH-RSA-DES-CBC3-SHA + +# server TLSv1.2 DHE AES128 +-v 3 +-l DHE-RSA-AES128-SHA + +# client TLSv1.2 DHE AES128 +-v 3 +-l DHE-RSA-AES128-SHA + +# server TLSv1.2 DHE AES256 +-v 3 +-l DHE-RSA-AES256-SHA + +# client TLSv1.2 DHE AES256 +-v 3 +-l DHE-RSA-AES256-SHA + +# server TLSv1.2 DHE AES128-SHA256 +-v 3 +-l DHE-RSA-AES128-SHA256 + +# client TLSv1.2 DHE AES128-SHA256 +-v 3 +-l DHE-RSA-AES128-SHA256 + +# server TLSv1.2 DHE AES256-SHA256 +-v 3 +-l DHE-RSA-AES256-SHA256 + +# client TLSv1.2 DHE AES256-SHA256 +-v 3 +-l DHE-RSA-AES256-SHA256 + +# server TLSv1.2 ECDHE-PSK-NULL-SHA256 +-s +-v 3 +-l ECDHE-PSK-NULL-SHA256 + +# client TLSv1.2 ECDHE-PSK-NULL-SHA256 +-s +-v 3 +-l ECDHE-PSK-NULL-SHA256 + +# server TLSv1.2 ECDHE-PSK-AES128-SHA256 +-s +-v 3 +-l ECDHE-PSK-AES128-SHA256 + +# client TLSv1.2 ECDHE-PSK-AES128-SHA256 +-s +-v 3 +-l ECDHE-PSK-AES128-SHA256 + +# server TLSv1 PSK-AES128 +-s +-v 1 +-l PSK-AES128-CBC-SHA + +# client TLSv1 PSK-AES128 +-s +-v 1 +-l PSK-AES128-CBC-SHA + +# server TLSv1 PSK-AES256 +-s +-v 1 +-l PSK-AES256-CBC-SHA + +# client TLSv1 PSK-AES256 +-s +-v 1 +-l PSK-AES256-CBC-SHA + +# server TLSv1.1 PSK-AES128 +-s +-v 2 +-l PSK-AES128-CBC-SHA + +# client TLSv1.1 PSK-AES128 +-s +-v 2 +-l PSK-AES128-CBC-SHA + +# server TLSv1.1 PSK-AES256 +-s +-v 2 +-l PSK-AES256-CBC-SHA + +# client TLSv1.1 PSK-AES256 +-s +-v 2 +-l PSK-AES256-CBC-SHA + +# server TLSv1.2 PSK-AES128 +-s +-v 3 +-l PSK-AES128-CBC-SHA + +# client TLSv1.2 PSK-AES128 +-s +-v 3 +-l PSK-AES128-CBC-SHA + +# server TLSv1.2 PSK-AES256 +-s +-v 3 +-l PSK-AES256-CBC-SHA + +# client TLSv1.2 PSK-AES256 +-s +-v 3 +-l PSK-AES256-CBC-SHA + +# server TLSv1.2 PSK-AES128-SHA256 +-s +-v 3 +-l PSK-AES128-CBC-SHA256 + +# client TLSv1.2 PSK-AES128-SHA256 +-s +-v 3 +-l PSK-AES128-CBC-SHA256 + +# server TLSv1.2 PSK-AES256-SHA384 +-s +-v 3 +-l PSK-AES256-CBC-SHA384 + +# client TLSv1.2 PSK-AES256-SHA384 +-s +-v 3 +-l PSK-AES256-CBC-SHA384 + +# server TLSv1.0 PSK-NULL +-s +-v 1 +-l PSK-NULL-SHA + +# client TLSv1.0 PSK-NULL +-s +-v 1 +-l PSK-NULL-SHA + +# server TLSv1.1 PSK-NULL +-s +-v 2 +-l PSK-NULL-SHA + +# client TLSv1.1 PSK-NULL +-s +-v 2 +-l PSK-NULL-SHA + +# server TLSv1.2 PSK-NULL +-s +-v 3 +-l PSK-NULL-SHA + +# client TLSv1.2 PSK-NULL +-s +-v 3 +-l PSK-NULL-SHA + +# server TLSv1.2 PSK-NULL-SHA256 +-s +-v 3 +-l PSK-NULL-SHA256 + +# client TLSv1.2 PSK-NULL-SHA256 +-s +-v 3 +-l PSK-NULL-SHA256 + +# server TLSv1.2 PSK-NULL-SHA384 +-s +-v 3 +-l PSK-NULL-SHA384 + +# client TLSv1.2 PSK-NULL-SHA384 +-s +-v 3 +-l PSK-NULL-SHA384 + +# server TLSv1.2 PSK-NULL +-s +-v 3 +-l PSK-NULL-SHA + +# client TLSv1.2 PSK-NULL +-s +-v 3 +-l PSK-NULL-SHA + +# server TLSv1.2 PSK-NULL-SHA256 +-s +-v 3 +-l PSK-NULL-SHA256 + +# client TLSv1.2 PSK-NULL-SHA256 +-s +-v 3 +-l PSK-NULL-SHA256 + +# server TLSv1.0 RSA-NULL-MD5 +-v 1 +-l NULL-MD5 + +# client TLSv1.0 RSA-NULL-MD5 +-v 1 +-l NULL-MD5 + +# server TLSv1.1 RSA-NULL-MD5 +-v 2 +-l NULL-MD5 + +# client TLSv1.1 RSA-NULL-MD5 +-v 2 +-l NULL-MD5 + +# server TLSv1.2 RSA-NULL-MD5 +-v 3 +-l NULL-MD5 + +# client TLSv1.2 RSA-NULL-MD5 +-v 3 +-l NULL-MD5 + +# server TLSv1.0 RSA-NULL-SHA +-v 1 +-l NULL-SHA + +# client TLSv1.0 RSA-NULL-SHA +-v 1 +-l NULL-SHA + +# server TLSv1.1 RSA-NULL-SHA +-v 2 +-l NULL-SHA + +# client TLSv1.1 RSA-NULL-SHA +-v 2 +-l NULL-SHA + +# server TLSv1.2 RSA-NULL-SHA +-v 3 +-l NULL-SHA + +# client TLSv1.2 RSA-NULL-SHA +-v 3 +-l NULL-SHA + +# server TLSv1.2 RSA-NULL-SHA256 +-v 3 +-l NULL-SHA256 + +# client TLSv1.2 RSA-NULL-SHA256 +-v 3 +-l NULL-SHA256 + +# server TLSv1 CAMELLIA128-SHA +-v 1 +-l CAMELLIA128-SHA + +# client TLSv1 CAMELLIA128-SHA +-v 1 +-l CAMELLIA128-SHA + +# server TLSv1 CAMELLIA256-SHA +-v 1 +-l CAMELLIA256-SHA + +# client TLSv1 CAMELLIA256-SHA +-v 1 +-l CAMELLIA256-SHA + +# server TLSv1.1 CAMELLIA128-SHA +-v 2 +-l CAMELLIA128-SHA + +# client TLSv1.1 CAMELLIA128-SHA +-v 2 +-l CAMELLIA128-SHA + +# server TLSv1.1 CAMELLIA256-SHA +-v 2 +-l CAMELLIA256-SHA + +# client TLSv1.1 CAMELLIA256-SHA +-v 2 +-l CAMELLIA256-SHA + +# server TLSv1.2 CAMELLIA128-SHA +-v 3 +-l CAMELLIA128-SHA + +# client TLSv1.2 CAMELLIA128-SHA +-v 3 +-l CAMELLIA128-SHA + +# server TLSv1.2 CAMELLIA256-SHA +-v 3 +-l CAMELLIA256-SHA + +# client TLSv1.2 CAMELLIA256-SHA +-v 3 +-l CAMELLIA256-SHA + +# server TLSv1.2 CAMELLIA128-SHA256 +-v 3 +-l CAMELLIA128-SHA256 + +# client TLSv1.2 CAMELLIA128-SHA256 +-v 3 +-l CAMELLIA128-SHA256 + +# server TLSv1.2 CAMELLIA256-SHA256 +-v 3 +-l CAMELLIA256-SHA256 + +# client TLSv1.2 CAMELLIA256-SHA256 +-v 3 +-l CAMELLIA256-SHA256 + +# server TLSv1 DHE-RSA-CAMELLIA128-SHA +-v 1 +-l DHE-RSA-CAMELLIA128-SHA + +# client TLSv1 DHE-RSA-CAMELLIA128-SHA +-v 1 +-l DHE-RSA-CAMELLIA128-SHA + +# server TLSv1 DHE-RSA-CAMELLIA256-SHA +-v 1 +-l DHE-RSA-CAMELLIA256-SHA + +# client TLSv1 DHE-RSA-CAMELLIA256-SHA +-v 1 +-l DHE-RSA-CAMELLIA256-SHA + +# server TLSv1.1 DHE-RSA-CAMELLIA128-SHA +-v 2 +-l DHE-RSA-CAMELLIA128-SHA + +# client TLSv1.1 DHE-RSA-CAMELLIA128-SHA +-v 2 +-l DHE-RSA-CAMELLIA128-SHA + +# server TLSv1.1 DHE-RSA-CAMELLIA256-SHA +-v 2 +-l DHE-RSA-CAMELLIA256-SHA + +# client TLSv1.1 DHE-RSA-CAMELLIA256-SHA +-v 2 +-l DHE-RSA-CAMELLIA256-SHA + +# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA +-v 3 +-l DHE-RSA-CAMELLIA128-SHA + +# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA +-v 3 +-l DHE-RSA-CAMELLIA128-SHA + +# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA +-v 3 +-l DHE-RSA-CAMELLIA256-SHA + +# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA +-v 3 +-l DHE-RSA-CAMELLIA256-SHA + +# server TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 +-v 3 +-l DHE-RSA-CAMELLIA128-SHA256 + +# client TLSv1.2 DHE-RSA-CAMELLIA128-SHA256 +-v 3 +-l DHE-RSA-CAMELLIA128-SHA256 + +# server TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 +-v 3 +-l DHE-RSA-CAMELLIA256-SHA256 + +# client TLSv1.2 DHE-RSA-CAMELLIA256-SHA256 +-v 3 +-l DHE-RSA-CAMELLIA256-SHA256 + +# server TLSv1.2 RSA-AES128-GCM-SHA256 +-v 3 +-l AES128-GCM-SHA256 + +# client TLSv1.2 RSA-AES128-GCM-SHA256 +-v 3 +-l AES128-GCM-SHA256 + +# server TLSv1.2 RSA-AES256-GCM-SHA384 +-v 3 +-l AES256-GCM-SHA384 + +# client TLSv1.2 RSA-AES256-GCM-SHA384 +-v 3 +-l AES256-GCM-SHA384 + +# server TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-GCM-SHA256 +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 +-v 3 +-l ECDH-ECDSA-AES128-GCM-SHA256 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-ECDSA-AES128-GCM-SHA256 +-v 3 +-l ECDH-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDH-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-ECDSA-AES256-GCM-SHA384 +-v 3 +-l ECDH-ECDSA-AES256-GCM-SHA384 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 + +# client TLSv1.2 ECDHE-RSA-AES128-GCM-SHA256 +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 + +# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# server TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 +-v 3 +-l ECDH-RSA-AES128-GCM-SHA256 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-RSA-AES128-GCM-SHA256 +-v 3 +-l ECDH-RSA-AES128-GCM-SHA256 + +# server TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDH-RSA-AES256-GCM-SHA384 +-c ./certs/server-ecc-rsa.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDH-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDH-RSA-AES256-GCM-SHA384 + +# server TLSv1.2 DHE-RSA-AES128-GCM-SHA256 +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 + +# client TLSv1.2 DHE-RSA-AES128-GCM-SHA256 +-v 3 +-l DHE-RSA-AES128-GCM-SHA256 + +# server TLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 + +# client TLSv1.2 DHE-RSA-AES256-GCM-SHA384 +-v 3 +-l DHE-RSA-AES256-GCM-SHA384 + +# server TLSv1.2 PSK-AES128-GCM-SHA256 +-s +-v 3 +-l PSK-AES128-GCM-SHA256 + +# client TLSv1.2 PSK-AES128-GCM-SHA256 +-s +-v 3 +-l PSK-AES128-GCM-SHA256 + +# server TLSv1.2 PSK-AES256-GCM-SHA384 +-s +-v 3 +-l PSK-AES256-GCM-SHA384 + +# client TLSv1.2 PSK-AES256-GCM-SHA384 +-s +-v 3 +-l PSK-AES256-GCM-SHA384 + +# server TLSv1.2 AES128-CCM-8 +-v 3 +-l AES128-CCM-8 + +# client TLSv1.2 AES128-CCM-8 +-v 3 +-l AES128-CCM-8 + +# server TLSv1.2 AES256-CCM-8 +-v 3 +-l AES256-CCM-8 + +# client TLSv1.2 AES256-CCM-8 +-v 3 +-l AES256-CCM-8 + +# server TLSv1.2 AES128-CCM8 (OpenSSL-compat alias) +-v 3 +-l AES128-CCM8 + +# client TLSv1.2 AES128-CCM8 (OpenSSL-compat alias) +-v 3 +-l AES128-CCM8 + +# server TLSv1.2 AES256-CCM8 (OpenSSL-compat alias) +-v 3 +-l AES256-CCM8 + +# client TLSv1.2 AES256-CCM8 (OpenSSL-compat alias) +-v 3 +-l AES256-CCM8 + +# server TLSv1.2 ECDHE-ECDSA-AES128-CCM +-v 3 +-l ECDHE-ECDSA-AES128-CCM +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-CCM +-v 3 +-l ECDHE-ECDSA-AES128-CCM +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-CCM-8 +-v 3 +-l ECDHE-ECDSA-AES128-CCM-8 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES256-CCM-8 +-v 3 +-l ECDHE-ECDSA-AES256-CCM-8 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias) +-v 3 +-l ECDHE-ECDSA-AES128-CCM8 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES128-CCM8 (OpenSSL-compat alias) +-v 3 +-l ECDHE-ECDSA-AES128-CCM8 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias) +-v 3 +-l ECDHE-ECDSA-AES256-CCM8 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-AES256-CCM8 (OpenSSL-compat alias) +-v 3 +-l ECDHE-ECDSA-AES256-CCM8 +-A ./certs/ca-ecc-cert.pem + +# server TLSv1.2 PSK-AES128-CCM +-s +-v 3 +-l PSK-AES128-CCM + +# client TLSv1.2 PSK-AES128-CCM +-s +-v 3 +-l PSK-AES128-CCM + +# server TLSv1.2 PSK-AES256-CCM +-s +-v 3 +-l PSK-AES256-CCM + +# client TLSv1.2 PSK-AES256-CCM +-s +-v 3 +-l PSK-AES256-CCM + +# server TLSv1.2 PSK-AES128-CCM-8 +-s +-v 3 +-l PSK-AES128-CCM-8 + +# client TLSv1.2 PSK-AES128-CCM-8 +-s +-v 3 +-l PSK-AES128-CCM-8 + +# server TLSv1.2 PSK-AES256-CCM-8 +-s +-v 3 +-l PSK-AES256-CCM-8 + +# client TLSv1.2 PSK-AES256-CCM-8 +-s +-v 3 +-l PSK-AES256-CCM-8 + +# server TLSv1.2 PSK-AES128-CCM8 (OpenSSL-compat alias) +-s +-v 3 +-l PSK-AES128-CCM8 + +# client TLSv1.2 PSK-AES128-CCM8 (OpenSSL-compat alias) +-s +-v 3 +-l PSK-AES128-CCM8 + +# server TLSv1.2 PSK-AES256-CCM8 (OpenSSL-compat alias) +-s +-v 3 +-l PSK-AES256-CCM8 + +# client TLSv1.2 PSK-AES256-CCM8 (OpenSSL-compat alias) +-s +-v 3 +-l PSK-AES256-CCM8 + +# server TLSv1.2 DHE-PSK-AES128-CBC-SHA256 +-s +-v 3 +-l DHE-PSK-AES128-CBC-SHA256 + +# client TLSv1.2 DHE-PSK-AES128-CBC-SHA256 +-s +-v 3 +-l DHE-PSK-AES128-CBC-SHA256 + +# server TLSv1.2 DHE-PSK-AES256-CBC-SHA384 +-s +-v 3 +-l DHE-PSK-AES256-CBC-SHA384 + +# client TLSv1.2 DHE-PSK-AES256-CBC-SHA384 +-s +-v 3 +-l DHE-PSK-AES256-CBC-SHA384 + +# server TLSv1.2 DHE-PSK-NULL-SHA256 +-s +-v 3 +-l DHE-PSK-NULL-SHA256 + +# client TLSv1.2 DHE-PSK-NULL-SHA256 +-s +-v 3 +-l DHE-PSK-NULL-SHA256 + +# server TLSv1.2 DHE-PSK-NULL-SHA384 +-s +-v 3 +-l DHE-PSK-NULL-SHA384 + +# client TLSv1.2 DHE-PSK-NULL-SHA384 +-s +-v 3 +-l DHE-PSK-NULL-SHA384 + +# server TLSv1.2 DHE-PSK-AES128-GCM-SHA256 +-s +-v 3 +-l DHE-PSK-AES128-GCM-SHA256 + +# client TLSv1.2 DHE-PSK-AES128-GCM-SHA256 +-s +-v 3 +-l DHE-PSK-AES128-GCM-SHA256 + +# server TLSv1.2 DHE-PSK-AES256-GCM-SHA384 +-s +-v 3 +-l DHE-PSK-AES256-GCM-SHA384 + +# client TLSv1.2 DHE-PSK-AES256-GCM-SHA384 +-s +-v 3 +-l DHE-PSK-AES256-GCM-SHA384 + +# server TLSv1.2 DHE-PSK-AES128-CCM +-s +-v 3 +-l DHE-PSK-AES128-CCM + +# client TLSv1.2 DHE-PSK-AES128-CCM +-s +-v 3 +-l DHE-PSK-AES128-CCM + +# server TLSv1.2 DHE-PSK-AES256-CCM +-s +-v 3 +-l DHE-PSK-AES256-CCM + +# client TLSv1.2 DHE-PSK-AES256-CCM +-s +-v 3 +-l DHE-PSK-AES256-CCM + +# server TLSv1.2 ADH-AES128-SHA +-a +-v 3 +-l ADH-AES128-SHA + +# client TLSv1.2 ADH-AES128-SHA +-a +-v 3 +-l ADH-AES128-SHA + +# server TLSv1.1 ADH-AES128-SHA +-a +-v 2 +-l ADH-AES128-SHA + +# client TLSv1.1 ADH-AES128-SHA +-a +-v 2 +-l ADH-AES128-SHA + +# server TLSv1.0 ADH-AES128-SHA +-a +-v 1 +-l ADH-AES128-SHA + +# client TLSv1.0 ADH-AES128-SHA +-a +-v 1 +-l ADH-AES128-SHA + +# server TLSv1.2 ADH-AES256-GCM-SHA384 +-a +-v 3 +-l ADH-AES256-GCM-SHA384 + +# client TLSv1.2 ADH-AES256-GCM-SHA384 +-a +-v 3 +-l ADH-AES256-GCM-SHA384 + +# server TLSv1.1 ADH-AES256-GCM-SHA384 +-a +-v 2 +-l ADH-AES256-GCM-SHA384 +-H exitWithRet + +# client TLSv1.1 ADH-AES256-GCM-SHA384 +-a +-v 2 +-l ADH-AES256-GCM-SHA384 +-H exitWithRet + +# server TLSv1.0 ADH-AES256-GCM-SHA384 +-a +-v 1 +-l ADH-AES256-GCM-SHA384 +-H exitWithRet + +# client TLSv1.0 ADH-AES256-GCM-SHA384 +-a +-v 1 +-l ADH-AES256-GCM-SHA384 +-H exitWithRet + +# server TLSv1.1 DHE-RSA-AES256-GCM-SHA384 +-a +-v 2 +-l DHE-RSA-AES256-GCM-SHA384 +-H exitWithRet + +# client TLSv1.1 DHE-RSA-AES256-GCM-SHA384 +-a +-v 2 +-l DHE-RSA-AES256-GCM-SHA384 +-H exitWithRet + +# server TLSv1.0 DHE-RSA-AES256-GCM-SHA384 +-a +-v 1 +-l DHE-RSA-AES256-GCM-SHA384 +-H exitWithRet + +# client TLSv1.0 DHE-RSA-AES256-GCM-SHA384 +-a +-v 1 +-l DHE-RSA-AES256-GCM-SHA384 +-H exitWithRet + +# server TLSv1.1 +-a +-v 2 + +# client TLSv1.1 DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA +-a +-v 2 +-l DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA + +# error going into callback, return ok +# server TLSv1.2 verify callback override +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-c ./certs/test/server-cert-rsa-badsig.pem + +# client TLSv1.2 verify callback override +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-j + +# server TLSv1.2 verify callback override +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-c ./certs/test/server-cert-ecc-badsig.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 verify callback override +-v 3 +-l ECDHE-ECDSA-AES128-GCM-SHA256 +-A ./certs/ca-ecc-cert.pem +-j + +# no error going into callback, return ok +# server TLSv1.2 verify callback override +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-c ./certs/server-cert.pem + +# client TLSv1.2 verify callback override +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-j + +# server TLSv1.2 verify callback override +#-v 3 +#-l ECDHE-ECDSA-AES128-GCM-SHA256 +#-c ./certs/test/server-ecc.pem #This cert no longer exists +#-k ./certs/ecc-key.pem + +# client TLSv1.2 verify callback override +#-v 3 +#-l ECDHE-ECDSA-AES128-GCM-SHA256 +#-A ./certs/ca-ecc-cert.pem +#-j + +# server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-A ./certs/ca-ecc-cert.pem +-t + +# server TLSv1.2 ECDHE-EDCSA-CHACHA20-POLY1305 +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-c ./certs/server-ecc.pem +-k ./certs/ecc-key.pem + +# client TLSv1.2 ECDHE-ECDSA-CHACHA20-POLY1305 +-v 3 +-l ECDHE-ECDSA-CHACHA20-POLY1305 +-A ./certs/ca-ecc-cert.pem +-8 + +# server TLSv1.2 private-only key +-v 3 +-c ./certs/ecc-privOnlyCert.pem +-k ./certs/ecc-privOnlyKey.pem + +# client TLSv1.2 private-only key on server +-v 3 +-d + +# server TLSv1.2 with fragment +-v 3 + +# client TLSv1.2 with fragment +-v 3 +-F 1 + +# server TLSv1.2 RSA 3072-bit DH 3072-bit +-v 3 +-D certs/dh3072.pem +-A certs/3072/client-cert.pem + +# client TLSv1.2 RSA 3072-bit DH 3072-bit +-v 3 +-D certs/dh3072.pem +-c certs/3072/client-cert.pem +-k certs/3072/client-key.pem + +# server good certificate common name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodcn.pem +-d + +# client good certificate common name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodcn.pem +-m +-C + +# server good certificate alt name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodalt.pem +-d + +# client good certificate alt name +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodalt.pem +-m +-C + +# server good certificate common name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodcnwild.pem +-d + +# client good certificate common name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodcnwild.pem +-m +-C + +# server good certificate alt name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-k ./certs/server-key.pem +-c ./certs/test/server-goodaltwild.pem +-d + +# client good certificate alt name wild +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-goodaltwild.pem +-m +-C + +# server CN in alternate names list +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-c ./certs/test/server-localhost.pem + +# client CN in alternate names list +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-h localhost +-A ./certs/test/server-localhost.pem +-m + +# server TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 + +# client TLSv1.2 ECDHE-RSA-AES256-GCM-SHA384 with user curve (384 or 256) +-v 3 +-l ECDHE-RSA-AES256-GCM-SHA384 +-H useSupCurve + +# server TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 with P-384 Certs and CA +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/server-ecc384-cert.pem +-k ./certs/server-ecc384-key.pem +-A ./certs/ca-ecc384-cert.pem + +# client TLSv1.2 ECDHE-ECDSA-AES256-GCM-SHA384 with P-384 Certs and CA +-v 3 +-l ECDHE-ECDSA-AES256-GCM-SHA384 +-c ./certs/client-ecc384-cert.pem +-k ./certs/client-ecc384-key.pem +-A ./certs/ca-ecc384-cert.pem + +# server TLSv1.2 default with secure renegotiation (renegotiation available) +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-M + +# client TLSv1.2 default with secure renegotiation (client initiated) +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-i + +# server TLSv1.2 default with secure renegotiation (renegotiation available) +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-M + +# client TLSv1.2 default with secure renegotiation (client initiated as resume) +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-i -4 + +# server TLSv1.2 default with secure renegotiation (server initiated) +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-m + +# client TLSv1.2 default with secure renegotiation (renegotiation available) +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-R + +# server TLSv1.2 default with secure renegotiation (server initiated) +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-m + +# client TLSv1.2 default with secure renegotiation (renegotiation available as resume) +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-R -4 + +# server TLSv1.2 default with secure renegotiation (server initiated) +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-m + +# client TLSv1.2 default with secure renegotiation (client initiated) +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-i + +# server TLSv1.2 default with secure renegotiation (server initiated) +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-m + +# client TLSv1.2 default with secure renegotiation (client initiated as resume) +-v 3 +-l ECDHE-RSA-AES128-GCM-SHA256 +-i -4 + +# server TLSv1.2 with Trusted CA Indication (pre-shared) +-v 3 +-5 + +# client TLSv1.2 with Trusted CA Indication (pre-shared) +-v 3 +-5 + +# server TLSv1.2 with block cipher and no ETM +-v 3 +-l ECDHE-RSA-AES128-SHA256 +-H disallowETM + +# client TLSv1.2 with block cipher +-v 3 +-l ECDHE-RSA-AES128-SHA256 +-6 + +# server TLSv1.2 with block cipher +-v 3 +-l ECDHE-RSA-AES128-SHA256 +-6 + +# client TLSv1.2 with block cipher and no ETM +-v 3 +-l ECDHE-RSA-AES128-SHA256 +-H disallowETM + +# server TLSv1.2 with block cipher and no ETM +-v 3 +-l ECDHE-RSA-AES128-SHA256 +-H disallowETM + +# client TLSv1.2 with block cipher and no ETM +-v 3 +-l ECDHE-RSA-AES128-SHA256 +-H disallowETM + +# server TLSv1.2 with block cipher and SHA-1 and no ETM +-v 3 +-l ECDHE-RSA-AES128-SHA +-H disallowETM + +# client TLSv1.2 with block cipher and SHA-1 and no ETM +-v 3 +-l ECDHE-RSA-AES128-SHA +-H disallowETM + +# server TLSv1.2 with block cipher +-v 3 +-l ECDHE-RSA-AES128-SHA256 + +# client TLSv1.2 with block cipher - atomic user (use callback) +-v 3 +-l ECDHE-RSA-AES128-SHA256 +-U + +# server TLSv1.2 with block cipher and no ETM +-v 3 +-l ECDHE-RSA-AES128-SHA256 +-H disallowETM + +# client TLSv1.2 with block cipher - atomic user (use callback) +-v 3 +-l ECDHE-RSA-AES128-SHA256 +-U + +# server with bidirectional shutdown +-l ECDHE-RSA-AES128-SHA256 +-w + +# client with bidirectional shutdown +-l ECDHE-RSA-AES128-SHA256 +-w + +# server TLSv1.2 No Session ticket +-v 3 +-l ECDHE-RSA-AES128-SHA256 +-T o + +# client TLSv1.2 No Session ticket +-v 3 +-l ECDHE-RSA-AES128-SHA256 + +# server load an entity cert without ca boolean set +-c ./certs/entity-no-ca-bool-cert.pem +-k ./certs/entity-no-ca-bool-key.pem +-l ECDHE-RSA-AES128-SHA256 + +# client checks default ca bool value used when processing the peers chain +-v 3 +-l ECDHE-RSA-AES128-SHA256 + +# server test with a blocking write socket +-v 3 +-6 +-l TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + +# client test with a blocking write socket +-v 3 +-6 +-l TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 + diff --git a/test/ssl/wolfssl.cpp b/test/ssl/wolfssl.cpp new file mode 100644 index 000000000..37bfcd1d6 --- /dev/null +++ b/test/ssl/wolfssl.cpp @@ -0,0 +1,129 @@ +/** + * Copyright (c) 2011-2025 libbitcoin developers (see AUTHORS) + * + * This file is part of libbitcoin. + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + */ +#include "../test.hpp" + +extern "C" { +#include "tests/unit.h" +#include "wolfcrypt/test/test.h" +} + +// If not defined in build config match wolfcrypt/test/test.c. +#ifndef CERT_PREFIX +#define CERT_PREFIX "./" +#endif + +// These can be set, but are disabled in `unit_tests()` given current config. +// wolfSSL_Debugging_ON() +// wolfSSL_SetMemFailCount(memFailCount) +// wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT) +// wc_InitNetRandom(wnrConfig, NULL, 5000) +// wc_RunCast_fips(setting) +// wc_RunAllCast_fips() + +BOOST_FIXTURE_TEST_SUITE(wolfssl_tests, test::current_directory_setup_fixture) + +#if defined(WOLFSSL_W64_WRAPPER) +BOOST_AUTO_TEST_CASE(wolfssl__w64wrapper__always__success) +{ + BOOST_REQUIRE(is_zero(w64wrapper_test())); +} +#endif + +#if defined(WOLFCRYPT_HAVE_SRP) && defined(WOLFSSL_SHA512) +BOOST_AUTO_TEST_CASE(wolfssl__srp__always__success) +{ + BOOST_REQUIRE_NO_THROW(SrpTest()); +} +#endif + +#if defined(WOLFSSL_QUIC) +BOOST_AUTO_TEST_CASE(wolfssl__quic__always__success) +{ + BOOST_REQUIRE(is_zero(QuicTest())); +} +#endif + +// Disabled until setting CERT_PREFIX is worked out. +#if defined(HAVE_MSC) + +#if !defined(NO_CRYPT_TEST) +BOOST_AUTO_TEST_CASE(wolfssl__wolfcrypt__always__success) +{ + // requires: + // /vectors/certs/ecc-key.der + // /vectors/certs/ca-ecc384-key.der + // /vectors/certs/ca-ecc384-cert.pem + // cert paths are wired in "test.c" as: + + // By default CERT_PREFIX is "./" (relative), + // and combined as: CERT_PREFIX "certs" CERT_PATH_SEP + // but CERT_PREFIX is defined as absolute in the project build. + + // By default CERT_WRITE_TEMP_DIR is CERT_PREFIX, but this is absolute, so + // CERT_WRITE_TEMP_DIR is predefined as relative ("./") in user_settings.h + // Working directory is then controlled by current_directory_setup_fixture. + + func_args arguments{}; + wolfCrypt_Init(); + BOOST_REQUIRE(is_zero(wolfcrypt_test(&arguments))); + BOOST_REQUIRE(is_zero(arguments.return_code)); + wolfCrypt_Cleanup(); +} +#endif + +#if !defined(NO_WOLFSSL_CIPHER_SUITE_TEST) && \ + !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_WOLFSSL_SERVER) && \ + !defined(NO_TLS) && \ + !defined(SINGLE_THREADED) && \ + defined(WOLFSSL_PEM_TO_DER) +BOOST_AUTO_TEST_CASE(wolfssl__suite__always__success) +{ + // "test.conf" must have only '\n' line termination (not '\r\n'). + // Otherwise the file will be read as a single line and bypass all tests. + // SuiteTest also bypasses any test for which the cert file is not found. + + // requires: + // /vectors/certs/*.pem + // /vectors/certs/test/*.pem + // /vectors/tests/test.conf + + // cert paths are configured in "test.conf" only as: "./certs" (relative). + // test.conf defaults to "tests/test.conf" (parameterizable). Since we need + // to set the working directory for certs, we can use it for both. + // Working directory is restored by current_directory_setup_fixture, + + code ec{}; + std::filesystem::current_path(CERT_PREFIX, ec); + BOOST_REQUIRE(!ec); + + constexpr int argc{}; + const char* args[]{ "", nullptr }; + BC_PUSH_WARNING(NO_CONST_CAST) + BC_PUSH_WARNING(NO_CONST_CAST_REQUIRED) + auto argv = const_cast(args); + BC_POP_WARNING() + BC_POP_WARNING() + BOOST_REQUIRE(is_zero(SuiteTest(argc, argv))); +} +#endif + +#endif // HAVE_MSC + +BOOST_AUTO_TEST_SUITE_END() diff --git a/test/ssl/wolfssl/examples/client/client.c b/test/ssl/wolfssl/examples/client/client.c new file mode 100644 index 000000000..c7b1b952f --- /dev/null +++ b/test/ssl/wolfssl/examples/client/client.c @@ -0,0 +1,4885 @@ +/* client.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* For simpler wolfSSL TLS client examples, visit + * https://github.com/wolfSSL/wolfssl-examples/tree/master/tls + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#ifndef WOLFSSL_USER_SETTINGS + #include +#endif +#include + +#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */ +#undef OPENSSL_COEXIST /* can't use this option with this example */ + +#include + +#ifdef WOLFSSL_WOLFSENTRY_HOOKS +#include +#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON) +static const char *wolfsentry_config_path = NULL; +#endif +#endif /* WOLFSSL_WOLFSENTRY_HOOKS */ + +#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) + #include + #include + #include "rl_fs.h" + #include "rl_net.h" +#endif + +#include + +#include +#include + +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) + + +#ifdef NO_FILESYSTEM +#ifdef NO_RSA +#error currently the example only tries to load in a RSA buffer +#endif +#undef USE_CERT_BUFFERS_256 +#define USE_CERT_BUFFERS_256 +#undef USE_CERT_BUFFERS_2048 +#define USE_CERT_BUFFERS_2048 +#include +#endif + +#include /* for max bits */ + +#ifdef HAVE_ECC + #include +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + static int devId = INVALID_DEVID; +#endif + +#define DEFAULT_TIMEOUT_SEC 2 +#ifndef MAX_NON_BLOCK_SEC +#define MAX_NON_BLOCK_SEC 10 +#endif + +#define OCSP_STAPLING 1 +#define OCSP_STAPLINGV2 2 +#define OCSP_STAPLINGV2_MULTI 3 +#define OCSP_STAPLING_OPT_MAX OCSP_STAPLINGV2_MULTI + +#ifdef WOLFSSL_ALT_TEST_STRINGS + #define TEST_STR_TERM "\n" +#else + #define TEST_STR_TERM +#endif + +static const char kHelloMsg[] = "hello wolfssl!" TEST_STR_TERM; +#ifndef NO_SESSION_CACHE +static const char kResumeMsg[] = "resuming wolfssl!" TEST_STR_TERM; +#endif + +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_EARLY_DATA) + static const char kEarlyMsg[] = "A drop of info" TEST_STR_TERM; +#endif +static const char kHttpGetMsg[] = "GET /index.html HTTP/1.0\r\n\r\n"; + +/* Write needs to be largest of the above strings (29) */ +#define CLI_MSG_SZ 32 +/* Read needs to be at least sizeof server.c `webServerMsg` (226) */ +#define CLI_REPLY_SZ 256 + +#if defined(XSLEEP_US) && defined(NO_MAIN_DRIVER) + /* This is to force the server's thread to get a chance to + * execute before continuing the resume in non-blocking + * DTLS test cases. */ + #define TEST_DELAY() XSLEEP_US(10000) +#else + #define TEST_DELAY() XSLEEP_MS(1000) +#endif + +/* Note on using port 0: the client standalone example doesn't utilize the + * port 0 port sharing; that is used by (1) the server in external control + * test mode and (2) the testsuite which uses this code and sets up the correct + * port numbers when the internal thread using the server code using port 0. */ + +static int lng_index = 0; +#ifdef WOLFSSL_CALLBACKS + WOLFSSL_TIMEVAL timeoutConnect; + static int handShakeCB(HandShakeInfo* info) + { + (void)info; + return 0; + } + + static int timeoutCB(TimeoutInfo* info) + { + (void)info; + return 0; + } + +#endif + +static int quieter = 0; /* Print fewer messages. This is helpful with overly + * ambitious log parsers. */ + +#define LOG_ERROR(...) \ + do { \ + if (!quieter) \ + fprintf(stderr, __VA_ARGS__); \ + } while(0) + +#ifdef HAVE_SESSION_TICKET + +#ifndef SESSION_TICKET_LEN +#define SESSION_TICKET_LEN 256 +#endif + static int sessionTicketCB(WOLFSSL* ssl, + const unsigned char* ticket, int ticketSz, + void* ctx) + { + (void)ssl; + (void)ticket; + printf("Session Ticket CB: ticketSz = %d, ctx = %s\n", + ticketSz, (char*)ctx); + return 0; + } +#endif + +static int NonBlockingSSL_Connect(WOLFSSL* ssl) +{ + int ret; + int error; + SOCKET_T sockfd; + int select_ret = 0; + int elapsedSec = 0; + +#ifndef WOLFSSL_CALLBACKS + ret = wolfSSL_connect(ssl); +#else + ret = wolfSSL_connect_ex(ssl, handShakeCB, timeoutCB, timeoutConnect); +#endif + error = wolfSSL_get_error(ssl, 0); + sockfd = (SOCKET_T)wolfSSL_get_fd(ssl); + + while (ret != WOLFSSL_SUCCESS && + (error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE + #ifdef WOLFSSL_ASYNC_CRYPT + || error == WC_NO_ERR_TRACE(WC_PENDING_E) + #endif + #ifdef WOLFSSL_NONBLOCK_OCSP + || error == WC_NO_ERR_TRACE(OCSP_WANT_READ) + #endif + )) { + int currTimeout = 1; + + if (error == WOLFSSL_ERROR_WANT_READ) + printf("... client would read block\n"); + else if (error == WOLFSSL_ERROR_WANT_WRITE) + printf("... client would write block\n"); + +#ifdef WOLFSSL_ASYNC_CRYPT + if (error == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + else +#endif + { + if (error == WOLFSSL_ERROR_WANT_WRITE) { + select_ret = tcp_select_tx(sockfd, currTimeout); + + } + else + { + #ifdef WOLFSSL_DTLS + if (wolfSSL_dtls(ssl)) + currTimeout = wolfSSL_dtls_get_current_timeout(ssl); + #endif + select_ret = tcp_select(sockfd, currTimeout); + } + } + + if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_SEND_READY) + || (select_ret == TEST_ERROR_READY) + #ifdef WOLFSSL_ASYNC_CRYPT + || error == WC_NO_ERR_TRACE(WC_PENDING_E) + #endif + #ifdef WOLFSSL_NONBLOCK_OCSP + || error == WC_NO_ERR_TRACE(OCSP_WANT_READ) + #endif + ) { + #ifndef WOLFSSL_CALLBACKS + ret = wolfSSL_connect(ssl); + #else + ret = wolfSSL_connect_ex(ssl, handShakeCB, timeoutCB, + timeoutConnect); + #endif + error = wolfSSL_get_error(ssl, 0); + elapsedSec = 0; /* reset elapsed */ + } + else if (select_ret == TEST_TIMEOUT && !wolfSSL_dtls(ssl)) { + error = WOLFSSL_ERROR_WANT_READ; + + elapsedSec += currTimeout; + if (elapsedSec > MAX_NON_BLOCK_SEC) { + printf("Nonblocking connect timeout\n"); + error = WOLFSSL_FATAL_ERROR; + } + } +#ifdef WOLFSSL_DTLS + else if (select_ret == TEST_TIMEOUT && wolfSSL_dtls(ssl)) { + ret = wolfSSL_dtls_got_timeout(ssl); + if (ret != WOLFSSL_SUCCESS) + error = wolfSSL_get_error(ssl, ret); + else + error = WOLFSSL_ERROR_WANT_READ; + ret = WOLFSSL_FAILURE; /* Reset error so we loop */ + } +#endif + else { + error = WOLFSSL_FATAL_ERROR; + } + } + + return ret; +} + + +static void ShowCiphers(void) +{ + static char ciphers[WOLFSSL_CIPHER_LIST_MAX_SIZE]; + int ret = wolfSSL_get_ciphers(ciphers, (int)sizeof(ciphers)); + if (ret == WOLFSSL_SUCCESS) { + printf("%s\n", ciphers); + } +} + +/* Shows which versions are valid */ +static void ShowVersions(void) +{ + char verStr[100]; + XMEMSET(verStr, 0, sizeof(verStr)); +#ifndef NO_OLD_TLS + #ifdef WOLFSSL_ALLOW_SSLV3 + XSTRNCAT(verStr, "0:", 3); + #endif + #ifdef WOLFSSL_ALLOW_TLSV10 + XSTRNCAT(verStr, "1:", 3); + #endif + XSTRNCAT(verStr, "2:", 3); +#endif /* NO_OLD_TLS */ +#ifndef WOLFSSL_NO_TLS12 + XSTRNCAT(verStr, "3:", 3); +#endif +#ifdef WOLFSSL_TLS13 + XSTRNCAT(verStr, "4:", 3); +#endif + XSTRNCAT(verStr, "d(downgrade):", 14); +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + XSTRNCAT(verStr, "e(either):", 11); +#endif + /* print all strings at same time on stdout to avoid any flush issues */ + printf("%s\n", verStr); +} + +#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) +#define MAX_GROUP_NUMBER 4 +static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, + int useX448, int usePqc, char* pqcAlg, int setGroups) +{ + int ret; + int groups[MAX_GROUP_NUMBER] = {0}; + int count = 0; + + (void)useX25519; + (void)useX448; + (void)usePqc; + (void)pqcAlg; + + WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND); + if (onlyKeyShare == 0 || onlyKeyShare == 2) { + if (useX25519) { + #ifdef HAVE_CURVE25519 + do { + ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519); + if (ret == WOLFSSL_SUCCESS) + groups[count++] = WOLFSSL_ECC_X25519; + #ifdef WOLFSSL_ASYNC_CRYPT + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + #endif + else + err_sys("unable to use curve x25519"); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + #endif + } + else if (useX448) { + #ifdef HAVE_CURVE448 + do { + ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X448); + if (ret == WOLFSSL_SUCCESS) + groups[count++] = WOLFSSL_ECC_X448; + #ifdef WOLFSSL_ASYNC_CRYPT + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + #endif + else + err_sys("unable to use curve x448"); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + #endif + } + else { + #ifdef HAVE_ECC + #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) + do { + ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1); + if (ret == WOLFSSL_SUCCESS) + groups[count++] = WOLFSSL_ECC_SECP256R1; + #ifdef WOLFSSL_ASYNC_CRYPT + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + #endif + else + err_sys("unable to use curve secp256r1"); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + #endif + #ifdef WOLFSSL_SM2 + do { + ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SM2P256V1); + if (ret == WOLFSSL_SUCCESS) + groups[count++] = WOLFSSL_ECC_SM2P256V1; + #ifdef WOLFSSL_ASYNC_CRYPT + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + #endif + else + err_sys("unable to use curve sm2p256v1"); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + #endif + #endif + } + } + if (onlyKeyShare == 0 || onlyKeyShare == 1) { + #ifdef HAVE_FFDHE_2048 + do { + ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048); + if (ret == WOLFSSL_SUCCESS) + groups[count++] = WOLFSSL_FFDHE_2048; + #ifdef WOLFSSL_ASYNC_CRYPT + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + #endif + else + err_sys("unable to use DH 2048-bit parameters"); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + #endif + } + #ifdef HAVE_PQC + if (onlyKeyShare == 0 || onlyKeyShare == 3) { + if (usePqc) { + int group = 0; + + #ifndef WOLFSSL_NO_ML_KEM + #ifndef WOLFSSL_NO_ML_KEM_512 + if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) { + group = WOLFSSL_ML_KEM_512; + } + else + #endif + #ifndef WOLFSSL_NO_ML_KEM_768 + if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) { + group = WOLFSSL_ML_KEM_768; + } + else + #endif + #ifndef WOLFSSL_NO_ML_KEM_1024 + if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) { + group = WOLFSSL_ML_KEM_1024; + } + else + #endif + #ifndef WOLFSSL_NO_ML_KEM_512 + if (XSTRCMP(pqcAlg, "SecP256r1MLKEM512") == 0) { + group = WOLFSSL_SECP256R1MLKEM512; + } + else + #endif + #ifndef WOLFSSL_NO_ML_KEM_768 + if (XSTRCMP(pqcAlg, "SecP384r1MLKEM768") == 0) { + group = WOLFSSL_SECP384R1MLKEM768; + } + else if (XSTRCMP(pqcAlg, "SecP256r1MLKEM768") == 0) { + group = WOLFSSL_SECP256R1MLKEM768; + } + else + #endif + #ifndef WOLFSSL_NO_ML_KEM_1024 + if (XSTRCMP(pqcAlg, "SecP521r1MLKEM1024") == 0) { + group = WOLFSSL_SECP521R1MLKEM1024; + } + else if (XSTRCMP(pqcAlg, "SecP384r1MLKEM1024") == 0) { + group = WOLFSSL_SECP384R1MLKEM1024; + } + else + #endif + #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519) + if (XSTRCMP(pqcAlg, "X25519MLKEM512") == 0) { + group = WOLFSSL_X25519MLKEM512; + } + else + #endif + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) + if (XSTRCMP(pqcAlg, "X25519MLKEM768") == 0) { + group = WOLFSSL_X25519MLKEM768; + } + else + #endif + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448) + if (XSTRCMP(pqcAlg, "X448MLKEM768") == 0) { + group = WOLFSSL_X448MLKEM768; + } + else + #endif + #endif /* WOLFSSL_NO_ML_KEM */ + #ifdef WOLFSSL_MLKEM_KYBER + #ifndef WOLFSSL_NO_KYBER512 + if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) { + group = WOLFSSL_KYBER_LEVEL1; + } + else + #endif + #ifndef WOLFSSL_NO_KYBER768 + if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) { + group = WOLFSSL_KYBER_LEVEL3; + } + else + #endif + #ifndef WOLFSSL_NO_KYBER1024 + if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) { + group = WOLFSSL_KYBER_LEVEL5; + } + else + #endif + #ifndef WOLFSSL_NO_KYBER512 + if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) { + group = WOLFSSL_P256_KYBER_LEVEL1; + } + else + #endif + #ifndef WOLFSSL_NO_KYBER768 + if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) { + group = WOLFSSL_P384_KYBER_LEVEL3; + } + else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL3") == 0) { + group = WOLFSSL_P256_KYBER_LEVEL3; + } + else + #endif + #ifndef WOLFSSL_NO_KYBER1024 + if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) { + group = WOLFSSL_P521_KYBER_LEVEL5; + } + else + #endif + #if !defined(WOLFSSL_NO_KYBER512) && defined(HAVE_CURVE25519) + if (XSTRCMP(pqcAlg, "X25519_KYBER_LEVEL1") == 0) { + group = WOLFSSL_X25519_KYBER_LEVEL1; + } + else + #endif + #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE25519) + if (XSTRCMP(pqcAlg, "X25519_KYBER_LEVEL3") == 0) { + group = WOLFSSL_X25519_KYBER_LEVEL3; + } + else + #endif + #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE448) + if (XSTRCMP(pqcAlg, "X448_KYBER_LEVEL3") == 0) { + group = WOLFSSL_X448_KYBER_LEVEL3; + } + else + #endif + #endif /* WOLFSSL_MLKEM_KYBER */ + { + err_sys("invalid post-quantum KEM specified"); + } + + printf("Using Post-Quantum KEM: %s\n", pqcAlg); + if (wolfSSL_UseKeyShare(ssl, group) == WOLFSSL_SUCCESS) { + groups[count++] = group; + } + else { + err_sys("unable to use post-quantum KEM"); + } + } + } + #endif + if (count >= MAX_GROUP_NUMBER) + err_sys("example group array size error"); + if (setGroups && count > 0) { + if (wolfSSL_set_groups(ssl, groups, count) != WOLFSSL_SUCCESS) + err_sys("unable to set groups"); + } + WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND); +} +#endif /* WOLFSSL_TLS13 && HAVE_SUPPORTED_CURVES */ + +#ifdef WOLFSSL_EARLY_DATA +static void EarlyData(WOLFSSL_CTX* ctx, WOLFSSL* ssl, const char* msg, + int msgSz, char* buffer) +{ + int err; + int ret; + + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_write_early_data(ssl, msg, msgSz, &msgSz), + ret <= 0); + if (ret != msgSz) { + LOG_ERROR("SSL_write_early_data msg error %d, %s\n", err, + wolfSSL_ERR_error_string((unsigned long)err, buffer)); + wolfSSL_free(ssl); ssl = NULL; + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("SSL_write_early_data failed"); + } +} +#endif + +/* Measures average time to create, connect and disconnect a connection (TPS). +Benchmark = number of connections. */ +static const char* client_bench_conmsg[][5] = { + /* English */ + { + "wolfSSL_resume avg took:", "milliseconds\n", + "wolfSSL_connect avg took:", "milliseconds\n", + NULL + }, + #ifndef NO_MULTIBYTE_PRINT + /* Japanese */ + { + "wolfSSL_resume 平均時間:", "ミリ秒\n", + "wolfSSL_connect 平均時間:", "ミリ秒\n", + } + #endif +}; + +static int ClientBenchmarkConnections(WOLFSSL_CTX* ctx, char* host, word16 port, + int dtlsUDP, int dtlsSCTP, int benchmark, int resumeSession, int useX25519, + int useX448, int usePqc, char* pqcAlg, int helloRetry, int onlyKeyShare, + int version, int earlyData) +{ + /* time passed in number of connects give average */ + int times = benchmark, skip = (int)((double)times * 0.1); + int loops = resumeSession ? 2 : 1; + int i = 0, err, ret; +#ifndef NO_SESSION_CACHE + WOLFSSL_SESSION* benchSession = NULL; +#endif +#ifdef WOLFSSL_TLS13 + byte reply[CLI_REPLY_SZ]; +#endif + const char** words = client_bench_conmsg[lng_index]; + + (void)resumeSession; + (void)useX25519; + (void)useX448; + (void)usePqc; + (void)pqcAlg; + (void)helloRetry; + (void)onlyKeyShare; + (void)version; + (void)earlyData; + + while (loops--) { + #ifndef NO_SESSION_CACHE + int benchResume = resumeSession && loops == 0; + #endif + double start = current_time(1), avg; + + for (i = 0; i < times; i++) { + SOCKET_T sockfd; + WOLFSSL* ssl; + + if (i == skip) + start = current_time(1); + + ssl = wolfSSL_new(ctx); + if (ssl == NULL) + err_sys("unable to get SSL object"); + + #ifndef NO_SESSION_CACHE + if (benchResume) + wolfSSL_set_session(ssl, benchSession); + #endif + #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) + else if (version >= 4) { + if (!helloRetry) + SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, + usePqc, pqcAlg, 1); + else + wolfSSL_NoKeyShares(ssl); + } + #endif + + tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl); + + if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { + err_sys("error in setting fd"); + } + + #if defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \ + defined(WOLFSSL_EARLY_DATA) + if (version >= 4 && benchResume && earlyData) { + char buffer[WOLFSSL_MAX_ERROR_SZ]; + EarlyData(ctx, ssl, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer); + } + #endif + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl), + ret != WOLFSSL_SUCCESS); + #ifdef WOLFSSL_EARLY_DATA + EarlyDataStatus(ssl); + #endif + if (ret != WOLFSSL_SUCCESS) { + err_sys("SSL_connect failed"); + } + + #ifdef WOLFSSL_TLS13 + #ifndef NO_SESSION_CACHE + if (version >= 4 && resumeSession && !benchResume) + #else + if (version >= 4 && resumeSession) + #endif + { + /* no null term */ + if (wolfSSL_write(ssl, kHttpGetMsg, sizeof(kHttpGetMsg)-1) <= 0) + err_sys("SSL_write failed"); + + if (wolfSSL_read(ssl, reply, sizeof(reply)-1) <= 0) + err_sys("SSL_read failed"); + } + #endif + + + wolfSSL_shutdown(ssl); + #ifndef NO_SESSION_CACHE + if (i == (times-1) && resumeSession) { + if (benchSession != NULL) + wolfSSL_SESSION_free(benchSession); + benchSession = wolfSSL_get1_session(ssl); + } + #endif + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + } + avg = current_time(0) - start; + avg /= (times - skip); + avg *= 1000; /* milliseconds */ + #ifndef NO_SESSION_CACHE + if (benchResume) + printf("%s %8.3f %s\n", words[0],avg, words[1]); + else + #endif + printf("%s %8.3f %s\n", words[2],avg, words[3]); + + WOLFSSL_TIME(times); + } + +#ifndef NO_SESSION_CACHE + if (benchSession != NULL) + wolfSSL_SESSION_free(benchSession); +#endif + + return EXIT_SUCCESS; +} + +/* Measures throughput in mbps. Throughput = number of bytes */ +static int ClientBenchmarkThroughput(WOLFSSL_CTX* ctx, char* host, word16 port, + int dtlsUDP, int dtlsSCTP, int block, size_t throughput, int useX25519, + int useX448, int usePqc, char* pqcAlg, int exitWithRet, int version, + int onlyKeyShare) +{ + double start, conn_time = 0, tx_time = 0, rx_time = 0; + SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID; + WOLFSSL* ssl; + int ret = 0, err = 0; + + start = current_time(1); + ssl = wolfSSL_new(ctx); + if (ssl == NULL) + err_sys("unable to get SSL object"); + + tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl); + if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { + err_sys("error in setting fd"); + } + + (void)useX25519; + (void)useX448; + (void)usePqc; + (void)pqcAlg; + (void)version; + (void)onlyKeyShare; +#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) + if (version >= 4) { + SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, usePqc, + pqcAlg, 1); + } +#endif + + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl), + ret != WOLFSSL_SUCCESS); + if (ret == WOLFSSL_SUCCESS) { + /* Perform throughput test */ + char *tx_buffer, *rx_buffer; + + /* Record connection time */ + conn_time = current_time(0) - start; + + /* Allocate TX/RX buffers */ + tx_buffer = (char*)XMALLOC((size_t)block, NULL, DYNAMIC_TYPE_TMP_BUFFER); + rx_buffer = (char*)XMALLOC((size_t)block, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (tx_buffer && rx_buffer) { + WC_RNG rng; + + /* Startup the RNG */ + #if !defined(HAVE_FIPS) && defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_InitRng_ex(&rng, NULL, devId); + #else + ret = wc_InitRng(&rng); + #endif + if (ret == 0) { + size_t xfer_bytes; + + /* Generate random data to send */ + ret = wc_RNG_GenerateBlock(&rng, (byte*)tx_buffer, (word32)block); + wc_FreeRng(&rng); + if(ret != 0) { + err_sys("wc_RNG_GenerateBlock failed"); + } + + /* Perform TX and RX of bytes */ + xfer_bytes = 0; + while (throughput > xfer_bytes) { + int len, rx_pos, select_ret; + + /* Determine packet size */ + len = (int)min((word32)block, (word32)(throughput - xfer_bytes)); + + /* Perform TX */ + start = current_time(1); + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_write(ssl, tx_buffer, len), + ret <= 0); + if (ret != len) { + LOG_ERROR("SSL_write bench error %d!\n", err); + if (!exitWithRet) + err_sys("SSL_write failed"); + goto doExit; + } + tx_time += current_time(0) - start; + + /* Perform RX */ + select_ret = tcp_select(sockfd, DEFAULT_TIMEOUT_SEC); + if (select_ret == TEST_RECV_READY) { + start = current_time(1); + rx_pos = 0; + while (rx_pos < len) { + ret = wolfSSL_read(ssl, &rx_buffer[rx_pos], + len - rx_pos); + if (ret <= 0) { + err = wolfSSL_get_error(ssl, 0); + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + else + #endif + if (err != WOLFSSL_ERROR_WANT_READ && + err != WOLFSSL_ERROR_WANT_WRITE) { + LOG_ERROR("SSL_read bench error %d\n", err); + err_sys("SSL_read failed"); + } + } + else { + rx_pos += ret; + } + } + rx_time += current_time(0) - start; + } + + /* Compare TX and RX buffers */ + if (XMEMCMP(tx_buffer, rx_buffer, (size_t)len) != 0) { + XFREE(tx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + tx_buffer = NULL; + XFREE(rx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + rx_buffer = NULL; + err_sys("Compare TX and RX buffers failed"); + } + + /* Update overall position */ + xfer_bytes += (size_t)len; + } + } + else { + err_sys("wc_InitRng failed"); + } + (void)rng; /* for WC_NO_RNG case */ + } + else { + err_sys("Client buffer malloc failed"); + } +doExit: + XFREE(tx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rx_buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + else { + err_sys("wolfSSL_connect failed"); + } + + wolfSSL_shutdown(ssl); + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + + if (exitWithRet) + return err; + +#if defined(__MINGW32__) || defined(_WIN32) +#define SIZE_FMT "%d" +#define SIZE_TYPE int +#else +#define SIZE_FMT "%zu" +#define SIZE_TYPE size_t +#endif + printf( + "wolfSSL Client Benchmark " SIZE_FMT " bytes\n" + "\tConnect %8.3f ms\n" + "\tTX %8.3f ms (%8.3f MBps)\n" + "\tRX %8.3f ms (%8.3f MBps)\n", + (SIZE_TYPE)throughput, + conn_time * 1000, + (double)tx_time * 1000, (double)throughput / tx_time / 1024 / 1024, + (double)rx_time * 1000, (double)throughput / rx_time / 1024 / 1024 + ); + + return EXIT_SUCCESS; +} + +const char* starttlsCmd[6] = { + "220", + "EHLO mail.example.com\r\n", + "250", + "STARTTLS\r\n", + "220", + "QUIT\r\n", +}; + +/* Initiates the STARTTLS command sequence over TCP */ +static int StartTLS_Init(SOCKET_T* sockfd) +{ + char tmpBuf[512]; + + if (sockfd == NULL) + return BAD_FUNC_ARG; + + /* S: 220 SMTP service ready */ + XMEMSET(tmpBuf, 0, sizeof(tmpBuf)); + if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0) + err_sys("failed to read STARTTLS command\n"); + + if ((!XSTRNCMP(tmpBuf, starttlsCmd[0], XSTRLEN(starttlsCmd[0]))) && + (tmpBuf[XSTRLEN(starttlsCmd[0])] == ' ')) { + printf("%s\n", tmpBuf); + } else { + err_sys("incorrect STARTTLS command received"); + } + + /* C: EHLO mail.example.com */ + if (send(*sockfd, starttlsCmd[1], (SIZE_TYPE)XSTRLEN(starttlsCmd[1]), 0) != + (int)XSTRLEN(starttlsCmd[1])) + err_sys("failed to send STARTTLS EHLO command\n"); + + /* S: 250 offers a warm hug of welcome */ + XMEMSET(tmpBuf, 0, sizeof(tmpBuf)); + if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0) + err_sys("failed to read STARTTLS command\n"); + + if ((!XSTRNCMP(tmpBuf, starttlsCmd[2], XSTRLEN(starttlsCmd[2]))) && + (tmpBuf[XSTRLEN(starttlsCmd[2])] == '-')) { + printf("%s\n", tmpBuf); + } else { + err_sys("incorrect STARTTLS command received"); + } + + /* C: STARTTLS */ + if (send(*sockfd, starttlsCmd[3], (SIZE_TYPE)XSTRLEN(starttlsCmd[3]), 0) != + (int)XSTRLEN(starttlsCmd[3])) { + err_sys("failed to send STARTTLS command\n"); + } + + /* S: 220 Go ahead */ + XMEMSET(tmpBuf, 0, sizeof(tmpBuf)); + if (recv(*sockfd, tmpBuf, sizeof(tmpBuf)-1, 0) < 0) + err_sys("failed to read STARTTLS command\n"); + tmpBuf[sizeof(tmpBuf)-1] = '\0'; + + if ((!XSTRNCMP(tmpBuf, starttlsCmd[4], XSTRLEN(starttlsCmd[4]))) && + (tmpBuf[XSTRLEN(starttlsCmd[4])] == ' ')) { + printf("%s\n", tmpBuf); + } else { + err_sys("incorrect STARTTLS command received, expected 220"); + } + + return WOLFSSL_SUCCESS; +} + +/* Closes down the SMTP connection */ +static int SMTP_Shutdown(WOLFSSL* ssl, int wc_shutdown) +{ + int ret, err = 0; + char tmpBuf[256]; + + if (ssl == NULL) + return BAD_FUNC_ARG; + + printf("\nwolfSSL client shutting down SMTP connection\n"); + + XMEMSET(tmpBuf, 0, sizeof(tmpBuf)); + + /* C: QUIT */ + WOLFSSL_ASYNC_WHILE_PENDING( + ret = wolfSSL_write(ssl, starttlsCmd[5], (int)XSTRLEN(starttlsCmd[5])), + ret < 0); + if (ret != (int)XSTRLEN(starttlsCmd[5])) { + err_sys("failed to send SMTP QUIT command\n"); + } + + /* S: 221 2.0.0 Service closing transmission channel */ + WOLFSSL_ASYNC_WHILE_PENDING( + ret = wolfSSL_read(ssl, tmpBuf, sizeof(tmpBuf)-1), + ret < 0); + if (ret < 0) { + err_sys("failed to read SMTP closing down response\n"); + } + tmpBuf[ret] = 0; /* null terminate message */ + printf("%s\n", tmpBuf); + + ret = wolfSSL_shutdown(ssl); + if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + if (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) == + TEST_RECV_READY) { + ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ + if (ret == WOLFSSL_SUCCESS) + printf("Bidirectional shutdown complete\n"); + } + if (ret != WOLFSSL_SUCCESS) + LOG_ERROR("Bidirectional shutdown failed\n"); + } + + return WOLFSSL_SUCCESS; +} + +static int ClientWrite(WOLFSSL* ssl, const char* msg, int msgSz, const char* str, + int exitWithRet) +{ + int ret, err; + + do { + err = 0; /* reset error */ + ret = wolfSSL_write(ssl, msg, msgSz); + if (ret <= 0) { + err = wolfSSL_get_error(ssl, 0); + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + #endif + } + } while (err == WOLFSSL_ERROR_WANT_WRITE || + err == WOLFSSL_ERROR_WANT_READ + #ifdef WOLFSSL_ASYNC_CRYPT + || err == WC_NO_ERR_TRACE(WC_PENDING_E) + #endif + ); + if (ret != msgSz) { + char buffer[WOLFSSL_MAX_ERROR_SZ]; + LOG_ERROR("SSL_write%s msg error %d, %s\n", str, err, + wolfSSL_ERR_error_string((unsigned long)err, buffer)); + if (!exitWithRet) { + err_sys("SSL_write failed"); + } + } + + return err; +} + +static int ClientRead(WOLFSSL* ssl, char* reply, int replyLen, int mustRead, + const char* str, int exitWithRet) +{ + int ret, err; + char buffer[WOLFSSL_MAX_ERROR_SZ]; + double start = current_time(1), elapsed; + + do { + err = 0; /* reset error */ + ret = wolfSSL_read(ssl, reply, replyLen); + if (ret <= 0) { + err = wolfSSL_get_error(ssl, 0); + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + else + #endif + if (err != WOLFSSL_ERROR_WANT_READ && + err != WOLFSSL_ERROR_WANT_WRITE && + err != WC_NO_ERR_TRACE(APP_DATA_READY)) + { + LOG_ERROR("SSL_read reply error %d, %s\n", err, + wolfSSL_ERR_error_string((unsigned long)err, buffer)); + if (!exitWithRet) { + err_sys("SSL_read failed"); + } + else { + break; + } + } + } + + if (mustRead && + (err == WOLFSSL_ERROR_WANT_READ + || err == WOLFSSL_ERROR_WANT_WRITE)) { + elapsed = current_time(0) - start; + if (elapsed > MAX_NON_BLOCK_SEC) { + LOG_ERROR("Nonblocking read timeout\n"); + ret = WOLFSSL_FATAL_ERROR; + break; + } + } + } while ((mustRead && err == WOLFSSL_ERROR_WANT_READ) + || err == WOLFSSL_ERROR_WANT_WRITE + #ifdef WOLFSSL_ASYNC_CRYPT + || err == WC_NO_ERR_TRACE(WC_PENDING_E) + #endif + || err == WC_NO_ERR_TRACE(APP_DATA_READY) + ); + if (ret > 0) { + reply[ret] = 0; /* null terminate */ + printf("%s%s\n", str, reply); + } + + return err; +} + +static int ClientWriteRead(WOLFSSL* ssl, const char* msg, int msgSz, + char* reply, int replyLen, int mustRead, + const char* str, int exitWithRet) +{ + int ret = 0; + + do { + ret = ClientWrite(ssl, msg, msgSz, str, exitWithRet); + if (ret != 0) { + if (!exitWithRet) + err_sys("ClientWrite failed"); + else + break; + } + if (wolfSSL_dtls(ssl)) { + ret = tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC); + if (ret == TEST_TIMEOUT) { + continue; + } + else if (ret == TEST_RECV_READY) { + /* Ready to read */ + } + else { + LOG_ERROR("%s tcp_select error\n", str); + if (!exitWithRet) + err_sys("tcp_select failed"); + else + ret = WOLFSSL_FATAL_ERROR; + break; + } + } + ret = ClientRead(ssl, reply, replyLen, mustRead, str, exitWithRet); + if (mustRead && ret != 0) { + if (!exitWithRet) + err_sys("ClientRead failed"); + else + break; + } + break; + } while (1); + + if (ret != 0) { + char buffer[WOLFSSL_MAX_ERROR_SZ]; + LOG_ERROR("SSL_write%s msg error %d, %s\n", str, ret, + wolfSSL_ERR_error_string((unsigned long)ret, buffer)); + } + + return ret; +} + +/* when adding new option, please follow the steps below: */ +/* 1. add new option message in English section */ +/* 2. increase the number of the second column */ +/* 3. increase the array dimension */ +/* 4. add the same message into Japanese section */ +/* (will be translated later) */ +/* 5. add printf() into suitable position of Usage() */ +static const char* client_usage_msg[][78] = { + /* English */ + { + " NOTE: All files relative to wolfSSL home dir\n", /* 0 */ + "Max RSA key size in bits for build is set at : ", /* 1 */ +#ifdef NO_RSA + "RSA not supported\n", /* 2 */ +#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */ +#ifdef WOLFSSL_SP_4096 + "4096\n", /* 2 */ +#elif !defined(WOLFSSL_SP_NO_3072) + "3072\n", /* 2 */ +#elif !defined(WOLFSSL_SP_NO_2048) + "2048\n", /* 2 */ +#else + "0\n", /* 2 */ +#endif +#elif defined(USE_FAST_MATH) +#else + "INFINITE\n", /* 2 */ +#endif + "-? Help, print this usage\n" + " 0: English, 1: Japanese\n" + "--help Help, in English\n", /* 3 */ + "-h Host to connect to, default", /* 4 */ + "-p Port to connect on, not 0, default", /* 5 */ + +#ifndef WOLFSSL_TLS13 + "-v SSL version [0-3], SSLv3(0) - TLS1.2(3)), default", /* 6 */ + "-V Prints valid ssl version numbers" + ", SSLv3(0) - TLS1.2(3)\n", /* 7 */ +#else + "-v SSL version [0-4], SSLv3(0) - TLS1.3(4)), default", /* 6 */ + "-V Prints valid ssl version numbers," + " SSLv3(0) - TLS1.3(4)\n", /* 7 */ +#endif + "-l Cipher suite list (: delimited)\n", /* 8 */ +#ifndef NO_CERTS + "-c Certificate file, default", /* 9 */ + "-k Key file, default", /* 10 */ + "-A Certificate Authority file, default", /* 11 */ +#endif +#ifndef NO_DH + "-Z Minimum DH key bits, default", /* 12 */ +#endif + "-b Benchmark connections and print stats\n", /* 13 */ +#ifdef HAVE_ALPN + "-L Application-Layer Protocol" + " Negotiation ({C,F}:)\n", /* 14 */ +#endif + "-B Benchmark throughput" + " using bytes and print stats\n", /* 15 */ +#ifndef NO_PSK + "-s Use pre Shared keys\n", /* 16 */ +#endif + "-d Disable peer checks\n", /* 17 */ + "-D Override Date Errors example\n", /* 18 */ + "-e List Every cipher suite available, \n", /* 19 */ + "-g Send server HTTP GET\n", /* 20 */ +#ifdef WOLFSSL_DTLS +#ifndef WOLFSSL_DTLS13 + "-u Use UDP DTLS, add -v 2 for DTLSv1, -v 3 for DTLSv1.2" + " (default)\n", /* 21 */ +#else + "-u Use UDP DTLS, add -v 2 for DTLSv1, -v 3 for DTLSv1.2" + " (default), -v 4 for DTLSv1.3\n", /* 21 */ +#endif /* !WOLFSSL_DTLS13 */ +#endif +#ifdef WOLFSSL_SCTP + "-G Use SCTP DTLS," + " add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 22 */ +#endif +#ifndef NO_CERTS + "-m Match domain name in cert\n", /* 23 */ +#endif + "-N Use Non-blocking sockets\n", /* 24 */ +#ifndef NO_SESSION_CACHE + "-r Resume session\n", /* 25 */ +#endif + "-w Wait for bidirectional shutdown\n", /* 26 */ + "-M Use STARTTLS, using protocol (smtp)\n", /* 27 */ +#ifdef HAVE_SECURE_RENEGOTIATION + "-R Allow Secure Renegotiation\n", /* 28 */ + "-i Force client Initiated Secure Renegotiation. If the\n" + " string 'scr-app-data' is passed in as the value and\n" + " Non-blocking sockets are enabled ('-N') then wolfSSL\n" + " sends a test message during the secure renegotiation.\n" + " The string parameter is optional.\n", /* 29 */ +#endif + "-f Fewer packets/group messages\n", /* 30 */ +#ifndef NO_CERTS + "-x Disable client cert/key loading\n", /* 31 */ +#endif + "-X Driven by eXternal test case\n", /* 32 */ + "-j Use verify callback override\n", /* 33 */ +#ifdef SHOW_SIZES + "-z Print structure sizes\n", /* 34 */ +#endif +#ifdef HAVE_SNI + "-S Use Host Name Indication\n", /* 35 */ +#endif +#ifdef HAVE_MAX_FRAGMENT + "-F Use Maximum Fragment Length [1-6]\n", /* 36 */ +#endif +#ifdef HAVE_TRUNCATED_HMAC + "-T Use Truncated HMAC\n", /* 37 */ +#endif +#ifdef HAVE_EXTENDED_MASTER + "-n Disable Extended Master Secret\n", /* 38 */ +#endif +#ifdef HAVE_OCSP + "-o Perform OCSP lookup on peer certificate\n", /* 39 */ + "-O Perform OCSP lookup using as responder\n", /* 40 */ +#endif +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + "-W Use OCSP Stapling (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */ + " With 'm' at end indicates MUST staple\n", /* 42 */ +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI) + " -W 1 -v 4, Perform multi OCSP stapling for TLS13\n", + /* 43 */ +#endif +#endif +#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) + "-U Atomic User Record Layer Callbacks\n", /* 44 */ +#endif +#ifdef HAVE_PK_CALLBACKS + "-P Public Key Callbacks\n", /* 45 */ +#endif +#ifdef HAVE_ANON + "-a Anonymous client\n", /* 46 */ +#endif +#ifdef HAVE_CRL + "-C Disable CRL\n", /* 47 */ +#endif +#ifdef WOLFSSL_TRUST_PEER_CERT + "-E Path to load trusted peer cert\n", /* 48 */ +#endif +#ifdef HAVE_WNR + "-q Whitewood config file, defaults\n", /* 49 */ +#endif + "-H Internal tests" + " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n" + " loadSSL, disallowETM]\n", /* 50 */ +#ifdef WOLFSSL_TLS13 + "-J Use HelloRetryRequest to choose group for KE\n", /* 51 */ + "-K Key Exchange for PSK not using (EC)DHE\n", /* 52 */ + "-I Update keys and IVs before sending data\n", /* 53 */ +#ifndef NO_DH + "-y Key Share with FFDHE named groups only\n", /* 54 */ +#endif +#ifdef HAVE_ECC + "-Y Key Share with ECC named groups only\n", /* 55 */ +#endif +#endif /* WOLFSSL_TLS13 */ +#ifdef HAVE_CURVE25519 + "-t Use X25519 for key exchange\n", /* 56 */ +#endif +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + "-Q Support requesting certificate post-handshake\n", /* 57 */ +#endif +#ifdef WOLFSSL_EARLY_DATA + "-0 Early data sent to server (0-RTT handshake)\n", /* 58 */ +#endif +#ifdef WOLFSSL_MULTICAST + "-3 Multicast, grpid < 256\n", /* 59 */ +#endif + "-1 Display a result by specified language.\n" + " 0: English, 1: Japanese\n", /* 60 */ +#if !defined(NO_DH) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) + "-2 Disable DH Prime check\n", /* 61 */ +#endif +#ifdef HAVE_SECURE_RENEGOTIATION + "-4 Use resumption for renegotiation\n", /* 62 */ +#endif +#ifdef HAVE_TRUSTED_CA + "-5 Use Trusted CA Key Indication\n", /* 63 */ +#endif + "-6 Simulate WANT_WRITE errors on every other IO send\n", /* 64 */ +#ifdef HAVE_CURVE448 + "-8 Use X448 for key exchange\n", /* 65 */ +#endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + "-9 Use hash dir look up for certificate loading\n" + " loading from /certs folder\n" + " files in the folder would have the form \"hash.N\" file name\n" + " e.g symbolic link to the file at certs folder\n" + " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n", + /* 66 */ +#endif +#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \ + !defined(WOLFSENTRY_NO_JSON) + "--wolfsentry-config Path for JSON wolfSentry config\n", + /* 67 */ +#endif +#ifndef WOLFSSL_TLS13 + "-7 Set minimum downgrade protocol version [0-3] " + " SSLv3(0) - TLS1.2(3)\n", +#else + "-7 Set minimum downgrade protocol version [0-4] " + " SSLv3(0) - TLS1.3(4)\n", /* 68 */ +#endif +#ifdef HAVE_PQC + "--pqc Key Share with specified post-quantum algorithm only:\n" +#ifndef WOLFSSL_NO_ML_KEM + " ML_KEM_512, ML_KEM_768, ML_KEM_1024,\n" + " SecP256r1MLKEM512,\n" + " SecP384r1MLKEM768,\n" + " SecP521r1MLKEM1024,\n" + " SecP256r1MLKEM768,\n" + " SecP521r1MLKEM1024,\n" + " SecP384r1MLKEM1024,\n" + " X25519MLKEM512,\n" + " X25519MLKEM768,\n" + " X448MLKEM768\n" +#endif +#ifdef WOLFSSL_MLKEM_KYBER + " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, " + "P256_KYBER_LEVEL1,\n" + " P384_KYBER_LEVEL3, P256_KYBER_LEVEL3, " + "P521_KYBER_LEVEL5,\n" + " X25519_KYBER_LEVEL1, X25519_KYBER_LEVEL3, " + "X448_KYBER_LEVEL3\n" +#endif + "", + /* 69 */ +#endif +#ifdef WOLFSSL_SRTP + "--srtp (default is SRTP_AES128_CM_SHA1_80)\n", /* 70 */ +#endif +#ifdef WOLFSSL_SYS_CA_CERTS + "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */ +#endif +#ifdef HAVE_SUPPORTED_CURVES + "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 72 */ +#endif +#ifndef NO_PSK + "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */ +#endif +#ifdef HAVE_RPK + "--rpk Use RPK for the defined certificates\n", /* 74 */ +#endif + "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */ +#ifdef WOLFSSL_SYS_CRYPTO_POLICY + "--crypto-policy \n", /* 76 */ +#endif + "\n" + "For simpler wolfSSL TLS client examples, visit\n" + "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */ + NULL, + }, +#ifndef NO_MULTIBYTE_PRINT + /* Japanese */ + { + " 注意 : 全てのファイルは wolfSSL ホーム・ディレクトリからの相対です。" + "\n", /* 0 */ + "RSAの最大ビットは次のように設定されています: ", /* 1 */ +#ifdef NO_RSA + "RSAはサポートされていません。\n", /* 2 */ +#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */ +#ifndef WOLFSSL_SP_NO_3072 + "3072\n", /* 2 */ +#elif !defined(WOLFSSL_SP_NO_2048) + "2048\n", /* 2 */ +#else + "0\n", /* 2 */ +#endif +#elif defined(USE_FAST_MATH) +#else + "無限\n", /* 2 */ +#endif + "-? ヘルプ, 使い方を表示\n" + " 0: 英語、 1: 日本語\n" + "--ヘルプ 日本語で使い方を表示\n", /* 3 */ + "-h 接続先ホスト, 既定値", /* 4 */ + "-p 接続先ポート, 0は無効, 既定値", /* 5 */ + +#ifndef WOLFSSL_TLS13 + "-v SSL バージョン [0-3], SSLv3(0) - TLS1.2(3))," + " 既定値", /* 6 */ + "-V 有効な ssl バージョン番号を出力, SSLv3(0) -" + " TLS1.2(3)\n", /* 7 */ +#else + "-v SSL バージョン [0-4], SSLv3(0) - TLS1.3(4))," + " 既定値", /* 6 */ + "-V 有効な ssl バージョン番号を出力, SSLv3(0) -" + " TLS1.3(4)\n", /* 7 */ +#endif + "-l 暗号スイートリスト (区切り文字 :)\n", /* 8 */ +#ifndef NO_CERTS + "-c 証明書ファイル, 既定値", /* 9 */ + "-k 鍵ファイル, 既定値", /* 10 */ + "-A 認証局ファイル, 既定値", /* 11 */ +#endif +#ifndef NO_DH + "-Z 最小 DH 鍵 ビット, 既定値", /* 12 */ +#endif + "-b ベンチマーク 接続及び結果出力する\n", /* 13 */ +#ifdef HAVE_ALPN + "-L アプリケーション層プロトコルネゴシエーションを行う" + " ({C,F}:)\n", /* 14 */ +#endif + "-B バイトを用いてのベンチマーク・スループット測定" + "と結果を出力する\n", /* 15 */ +#ifndef NO_PSK + "-s 事前共有鍵を使用する\n", /* 16 */ +#endif + "-d ピア確認を無効とする\n", /* 17 */ + "-D 日付エラー用コールバック例の上書きを行う\n", /* 18 */ + "-e 利用可能な全ての暗号スイートをリスト, \n", /* 19 */ + "-g サーバーへ HTTP GET を送信\n", /* 20 */ +#ifdef WOLFSSL_DTLS + "-u UDP DTLSを使用する。\n" +#ifndef WOLFSSL_DTLS13 + " -v 2 を追加指定するとDTLSv1, " + "-v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 21 */ +#else + " -v 2 を追加指定するとDTLSv1, " + "-v 3 を追加指定すると DTLSv1.2 (既定値),\n" + " -v 4 を追加指定すると DTLSv1.3\n", /* 21 */ +#endif /* !WOLFSSL_DTLS13 */ +#endif /* WOLFSSL_DTLS */ +#ifdef WOLFSSL_SCTP + "-G SCTP DTLSを使用する。-v 2 を追加指定すると" + " DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 22 */ +#endif +#ifndef NO_CERTS + "-m 証明書内のドメイン名一致を確認する\n", /* 23 */ +#endif + "-N ノンブロッキング・ソケットを使用する\n", /* 24 */ +#ifndef NO_SESSION_CACHE + "-r セッションを継続する\n", /* 25 */ +#endif + "-w 双方向シャットダウンを待つ\n", /* 26 */ + "-M STARTTLSを使用する, プロトコル(smtp)を" + "使用する\n", /* 27 */ +#ifdef HAVE_SECURE_RENEGOTIATION + "-R セキュアな再ネゴシエーションを許可する\n", /* 28 */ + "-i クライアント主導のネゴシエーションを強制する\n", /* 29 */ +#endif + "-f より少ないパケット/グループメッセージを使用する\n",/* 30 */ +#ifndef NO_CERTS + "-x クライアントの証明書/鍵のロードを無効する\n", /* 31 */ +#endif + "-X 外部テスト・ケースにより動作する\n", /* 32 */ + "-j コールバック・オーバーライドの検証を使用する\n", /* 33 */ +#ifdef SHOW_SIZES + "-z 構造体のサイズを表示する\n", /* 34 */ +#endif +#ifdef HAVE_SNI + "-S ホスト名表示を使用する\n", /* 35 */ +#endif +#ifdef HAVE_MAX_FRAGMENT + "-F 最大フラグメント長[1-6]を設定する\n", /* 36 */ +#endif +#ifdef HAVE_TRUNCATED_HMAC + "-T Truncated HMACを使用する\n", /* 37 */ +#endif +#ifdef HAVE_EXTENDED_MASTER + "-n マスターシークレット拡張を無効にする\n", /* 38 */ +#endif +#ifdef HAVE_OCSP + "-o OCSPルックアップをピア証明書で実施する\n", /* 39 */ + "-O OCSPルックアップを、を使用し" + "応答者として実施する\n", /* 40 */ +#endif +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + "-W OCSP Staplingを使用する" + " (1 v1, 2 v2, 3 v2 multi)\n", /* 41 */ + " 'm' を最後に指定すると必ず staple を使用する\n" /* 42 */ +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_TLS_OCSP_MULTI) + " -W 1 -v 4, " + "TLS13 使用時に複数(Multi)の OCSP を実施します\n" /* 43 */ +#endif +#endif +#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) + "-U アトミック・ユーザー記録の" + "コールバックを利用する\n", /* 44 */ +#endif +#ifdef HAVE_PK_CALLBACKS + "-P 公開鍵コールバック\n", /* 45 */ +#endif +#ifdef HAVE_ANON + "-a 匿名クライアント\n", /* 46 */ +#endif +#ifdef HAVE_CRL + "-C CRLを無効\n", /* 47 */ +#endif +#ifdef WOLFSSL_TRUST_PEER_CERT + "-E 信頼出来るピアの証明書ロードの為のパス\n", /* 48 */ +#endif +#ifdef HAVE_WNR + "-q Whitewood コンフィグファイル, 既定値\n", /* 49 */ +#endif + "-H 内部テスト" + " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n" + " loadSSL, disallowETM]\n", /* 50 */ +#ifdef WOLFSSL_TLS13 + "-J HelloRetryRequestをKEのグループ選択に使用する\n", /* 51 */ + "-K 鍵交換にPSKを使用、(EC)DHEは使用しない\n", /* 52 */ + "-I データ送信前に、鍵とIVを更新する\n", /* 53 */ +#ifndef NO_DH + "-y FFDHE名前付きグループとの鍵共有のみ\n", /* 54 */ +#endif +#ifdef HAVE_ECC + "-Y ECC名前付きグループとの鍵共有のみ\n", /* 55 */ +#endif +#endif /* WOLFSSL_TLS13 */ +#ifdef HAVE_CURVE25519 + "-t X25519を鍵交換に使用する\n", /* 56 */ +#endif +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + "-Q ポストハンドシェークの証明要求をサポートする\n", /* 57 */ +#endif +#ifdef WOLFSSL_EARLY_DATA + "-0 Early data をサーバーへ送信する" + "(0-RTTハンドシェイク)\n", /* 58 */ +#endif +#ifdef WOLFSSL_MULTICAST + "-3 マルチキャスト, grpid < 256\n", /* 59 */ +#endif + "-1 指定された言語で結果を表示します。\n" + " 0: 英語、 1: 日本語\n", /* 60 */ +#if !defined(NO_DH) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) + "-2 DHプライム番号チェックを無効にする\n", /* 61 */ +#endif +#ifdef HAVE_SECURE_RENEGOTIATION + "-4 再交渉に再開を使用\n", /* 62 */ +#endif +#ifdef HAVE_TRUSTED_CA + "-5 信頼できる認証局の鍵表示を使用する\n", /* 63 */ +#endif + "-6 WANT_WRITE エラーを全てのIO 送信でシミュレートします\n", /* 64 */ +#ifdef HAVE_CURVE448 + "-8 鍵交換に X448 を使用する\n", /* 65 */ +#endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + "-9 証明書の読み込みに hash dir 機能を使用する\n" + " /certs フォルダーからロードします\n" + " フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n" + " 以下の例ではca-cert.pemにシンボリックリンクを設定します\n" + " ln -s ca-cert.pem `openssl x509 -in ca-cert.pem -hash -noout`.0\n", + /* 66 */ +#endif +#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \ + !defined(WOLFSENTRY_NO_JSON) + "--wolfsentry-config wolfSentry コンフィグファイル\n", + /* 67 */ +#endif +#ifndef WOLFSSL_TLS13 + "-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-3] " + " SSLv3(0) - TLS1.2(3)\n", +#else + "-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-4] " + " SSLv3(0) - TLS1.3(4)\n", /* 68 */ +#endif +#ifdef HAVE_PQC + "--pqc post-quantum 名前付きグループとの鍵共有のみ:\n" +#ifndef WOLFSSL_NO_ML_KEM + " ML_KEM_512, ML_KEM_768, ML_KEM_1024,\n" + " SecP256r1MLKEM512,\n" + " SecP384r1MLKEM768,\n" + " SecP521r1MLKEM1024,\n" + " SecP256r1MLKEM768,\n" + " SecP521r1MLKEM1024,\n" + " SecP384r1MLKEM1024,\n" + " X25519MLKEM512,\n" + " X25519MLKEM768,\n" + " X448MLKEM768\n" +#endif +#ifdef WOLFSSL_MLKEM_KYBER + " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, " + "P256_KYBER_LEVEL1,\n" + " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n" +#endif + "", + /* 69 */ +#endif +#ifdef WOLFSSL_SRTP + "--srtp (デフォルトは SRTP_AES128_CM_SHA1_80)\n", /* 70 */ +#endif +#ifdef WOLFSSL_SYS_CA_CERTS + "--sys-ca-certs Load system CA certs for server cert verification\n", /* 71 */ +#endif +#ifdef HAVE_SUPPORTED_CURVES + "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 72 */ +#endif +#ifndef NO_PSK + "--openssl-psk Use TLS 1.3 PSK callback compatible with OpenSSL\n", /* 73 */ +#endif +#ifdef HAVE_RPK + "--rpk Use RPK for the defined certificates\n", /* 74 */ +#endif + "--files-are-der Specified files are in DER, not PEM format\n", /* 75 */ +#ifdef WOLFSSL_SYS_CRYPTO_POLICY + "--crypto-policy \n", /* 76 */ +#endif + "\n" + "より簡単なwolfSSL TLS クライアントの例については" + "下記にアクセスしてください\n" + "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", /* 77 */ + NULL, + }, +#endif + +}; + +static void showPeerPEM(WOLFSSL* ssl) +{ +#if defined(OPENSSL_EXTRA) && defined(KEEP_PEER_CERT) && !defined(NO_BIO) && \ + defined(WOLFSSL_CERT_GEN) + WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl); + if (peer) { + WOLFSSL_BIO* bioOut = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); + if (bioOut == NULL) { + LOG_ERROR("failed to get bio on stdout\n"); + } + else { + if (wolfSSL_BIO_set_fp(bioOut, stdout, BIO_NOCLOSE) + != WOLFSSL_SUCCESS) { + LOG_ERROR("failed to set stdout to bio output\n"); + wolfSSL_BIO_free(bioOut); + bioOut = NULL; + } + } + + if (bioOut) { + wolfSSL_BIO_write(bioOut, "---\nServer certificate\n", + XSTRLEN("---\nServer certificate\n")); + wolfSSL_PEM_write_bio_X509(bioOut, peer); + } + wolfSSL_BIO_free(bioOut); + } + wolfSSL_FreeX509(peer); +#endif + (void)ssl; +} + + +static void Usage(void) +{ + int msgid = 0; + const char** msg = client_usage_msg[lng_index]; + + printf("%s%s%s", "wolfSSL client ", LIBWOLFSSL_VERSION_STRING, + msg[msgid]); + + /* print out so that scripts can know what the max supported key size is */ + printf("%s", msg[++msgid]); +#ifdef NO_RSA + printf("%s", msg[++msgid]); +#elif defined(WOLFSSL_SP_MATH) /* case of SP math only */ + #ifndef WOLFSSL_SP_NO_3072 + printf("%s", msg[++msgid]); + #elif !defined(WOLFSSL_SP_NO_2048) + printf("%s", msg[++msgid]); + #else + printf("%s", msg[++msgid]); + #endif +#elif defined(USE_FAST_MATH) + #if !defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_SP_MATH) + printf("%d\n", FP_MAX_BITS/2); + #else + printf("%d\n", SP_INT_MAX_BITS/2); + #endif +#else + /* normal math has unlimited max size */ + printf("%s", msg[++msgid]); +#endif + + printf("%s", msg[++msgid]); /* ? */ + printf("%s %s\n", msg[++msgid], wolfSSLIP); /* -h */ + printf("%s %d\n", msg[++msgid], wolfSSLPort); /* -p */ +#ifndef WOLFSSL_TLS13 + printf("%s %d\n", msg[++msgid], CLIENT_DEFAULT_VERSION); /* -v */ + printf("%s", msg[++msgid]); /* -V */ +#else + printf("%s %d\n", msg[++msgid], CLIENT_DEFAULT_VERSION); /* -v */ + printf("%s", msg[++msgid]); /* -V */ +#endif + printf("%s", msg[++msgid]); /* -l */ +#ifndef NO_CERTS + printf("%s %s\n", msg[++msgid], cliCertFile); /* -c */ + printf("%s %s\n", msg[++msgid], cliKeyFile); /* -k */ + printf("%s %s\n", msg[++msgid], caCertFile); /* -A */ +#endif +#ifndef NO_DH + printf("%s %d\n", msg[++msgid], DEFAULT_MIN_DHKEY_BITS); +#endif + printf("%s", msg[++msgid]); /* -b */ +#ifdef HAVE_ALPN + printf("%s", msg[++msgid]); /* -L */ +#endif + printf("%s", msg[++msgid]); /* -B */ +#ifndef NO_PSK + printf("%s", msg[++msgid]); /* -s */ +#endif + printf("%s", msg[++msgid]); /* -d */ + printf("%s", msg[++msgid]); /* -D */ + printf("%s", msg[++msgid]); /* -e */ + printf("%s", msg[++msgid]); /* -g */ +#ifdef WOLFSSL_DTLS + printf("%s", msg[++msgid]); /* -u */ +#endif +#ifdef WOLFSSL_SCTP + printf("%s", msg[++msgid]); /* -G */ +#endif +#ifndef NO_CERTS + printf("%s", msg[++msgid]); /* -m */ +#endif + printf("%s", msg[++msgid]); /* -N */ +#ifndef NO_SESSION_CACHE + printf("%s", msg[++msgid]); /* -r */ +#endif + printf("%s", msg[++msgid]); /* -w */ + printf("%s", msg[++msgid]); /* -M */ +#ifdef HAVE_SECURE_RENEGOTIATION + printf("%s", msg[++msgid]); /* -R */ + printf("%s", msg[++msgid]); /* -i */ +#endif + printf("%s", msg[++msgid]); /* -f */ +#ifndef NO_CERTS + printf("%s", msg[++msgid]); /* -x */ +#endif + printf("%s", msg[++msgid]); /* -X */ + printf("%s", msg[++msgid]); /* -j */ +#ifdef SHOW_SIZES + printf("%s", msg[++msgid]); /* -z */ +#endif +#ifdef HAVE_SNI + printf("%s", msg[++msgid]); /* -S */ +#endif +#ifdef HAVE_MAX_FRAGMENT + printf("%s", msg[++msgid]); /* -F */ +#endif +#ifdef HAVE_TRUNCATED_HMAC + printf("%s", msg[++msgid]); /* -T */ +#endif +#ifdef HAVE_EXTENDED_MASTER + printf("%s", msg[++msgid]); /* -n */ +#endif +#ifdef HAVE_OCSP + printf("%s", msg[++msgid]); /* -o */ + printf("%s", msg[++msgid]); /* -O */ +#endif +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + printf("%s", msg[++msgid]); /* -W */ + printf("%s", msg[++msgid]); /* note for -W */ +#endif +#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) + printf("%s", msg[++msgid]); /* -U */ +#endif +#ifdef HAVE_PK_CALLBACKS + printf("%s", msg[++msgid]); /* -P */ +#endif +#ifdef HAVE_ANON + printf("%s", msg[++msgid]); /* -a */ +#endif +#ifdef HAVE_CRL + printf("%s", msg[++msgid]); /* -C */ +#endif +#ifdef WOLFSSL_TRUST_PEER_CERT + printf("%s", msg[++msgid]); /* -E */ +#endif +#ifdef HAVE_WNR + printf("%s %s\n", msg[++msgid], wnrConfig); /* -q */ +#endif + printf("%s", msg[++msgid]); /* -H */ + printf("%s", msg[++msgid]); /* more -H options */ +#ifdef WOLFSSL_TLS13 + printf("%s", msg[++msgid]); /* -J */ + printf("%s", msg[++msgid]); /* -K */ + printf("%s", msg[++msgid]); /* -I */ +#ifndef NO_DH + printf("%s", msg[++msgid]); /* -y */ +#endif +#ifdef HAVE_ECC + printf("%s", msg[++msgid]); /* -Y */ +#endif +#endif /* WOLFSSL_TLS13 */ +#ifdef HAVE_CURVE25519 + printf("%s", msg[++msgid]); /* -t */ +#endif +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + printf("%s", msg[++msgid]); /* -Q */ +#endif +#ifdef WOLFSSL_EARLY_DATA + printf("%s", msg[++msgid]); /* -0 */ +#endif +#ifdef WOLFSSL_MULTICAST + printf("%s", msg[++msgid]); /* -3 */ +#endif + printf("%s", msg[++msgid]); /* -1 */ +#if !defined(NO_DH) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) + printf("%s", msg[++msgid]); /* -2 */ +#endif +#ifdef HAVE_SECURE_RENEGOTIATION + printf("%s", msg[++msgid]); /* -4 */ +#endif +#ifdef HAVE_TRUSTED_CA + printf("%s", msg[++msgid]); /* -5 */ +#endif + printf("%s", msg[++msgid]); /* -6 */ +#ifdef HAVE_CURVE448 + printf("%s", msg[++msgid]); /* -8 */ +#endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + printf("%s", msg[++msgid]); /* -9 */ +#endif +#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \ + !defined(WOLFSENTRY_NO_JSON) + printf("%s", msg[++msgid]); /* --wolfsentry-config */ +#endif + printf("%s", msg[++msgid]); /* -7 */ +#ifdef HAVE_PQC + printf("%s", msg[++msgid]); /* --pqc */ +#endif +#ifdef WOLFSSL_SRTP + printf("%s", msg[++msgid]); /* dtls-srtp */ +#endif +#ifdef WOLFSSL_SYS_CA_CERTS + printf("%s", msg[++msgid]); /* --sys-ca-certs */ +#endif +#ifdef HAVE_SUPPORTED_CURVES + printf("%s", msg[++msgid]); /* --onlyPskDheKe */ +#endif +#ifndef NO_PSK + printf("%s", msg[++msgid]); /* --openssl-psk */ +#endif +#ifdef HAVE_RPK + printf("%s", msg[++msgid]); /* --rpk */ +#endif + printf("%s", msg[++msgid]); /* --files-are-der */ + printf("%s", msg[++msgid]); /* Documentation Hint */ +} + +#ifdef WOLFSSL_SRTP +/** + * client_srtp_test() - test that the computed ekm matches with the server one + * @ssl: ssl context + * @srtp_helper: srtp_test_helper struct shared with the server + * + * if @srtp_helper is NULL no check is made, but the ekm is printed. + * + * calls srtp_helper_get_ekm() to wait and then get the ekm computed by the + * server, then check if it matches the one computed by itself. + */ +static int client_srtp_test(WOLFSSL *ssl, func_args *args) +{ + size_t srtp_secret_length; + byte *srtp_secret, *p; + int ret; +#ifdef WOLFSSL_COND + srtp_test_helper *srtp_helper = args->srtp_helper; + byte *other_secret = NULL; + size_t other_size = 0; +#else + (void)args; +#endif + + ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL, + &srtp_secret_length); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + LOG_ERROR("DTLS SRTP: Error getting keying material length\n"); + return ret; + } + + srtp_secret = (byte*)XMALLOC(srtp_secret_length, + NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (srtp_secret == NULL) { + err_sys("DTLS SRTP: Low memory"); + } + + ret = wolfSSL_export_dtls_srtp_keying_material(ssl, srtp_secret, + &srtp_secret_length); + if (ret != WOLFSSL_SUCCESS) { + XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + LOG_ERROR("DTLS SRTP: Error getting keying material\n"); + return ret; + } + + printf("DTLS SRTP: Exported key material: "); + for (p = srtp_secret; p < srtp_secret + srtp_secret_length; p++) + printf("%02X", *p); + printf("\n"); + +#ifdef WOLFSSL_COND + if (srtp_helper != NULL) { + srtp_helper_get_ekm(srtp_helper, &other_secret, &other_size); + + if (other_size != srtp_secret_length || + (XMEMCMP(other_secret, srtp_secret, srtp_secret_length) != 0)) { + + /* we are delegated from server to free this buffer */ + XFREE(other_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + printf("DTLS SRTP: Exported Keying Material mismatch\n"); + return WOLFSSL_UNKNOWN; + } + + /* we are delegated from server to free this buffer */ + XFREE(other_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } +#endif /* WOLFSSL_COND */ + + XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return 0; +} +#endif /* WOLFSSL_SRTP */ + +#if defined(WOLFSSL_STATIC_MEMORY) && \ + defined(WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK) +static void ExampleDebugMemoryCb(size_t sz, int bucketSz, byte st, int type) { + switch (st) { + case WOLFSSL_DEBUG_MEMORY_ALLOC: + if (type == DYNAMIC_TYPE_IN_BUFFER) { + printf("IN BUFFER: "); + } + + if (type == DYNAMIC_TYPE_OUT_BUFFER) { + printf("OUT BUFFER: "); + } + + printf("Alloc'd %d bytes using bucket size %d\n", (int)sz, + bucketSz); + break; + + case WOLFSSL_DEBUG_MEMORY_FAIL: + printf("Failed when trying to allocate %d bytes\n", (int)sz); + break; + + case WOLFSSL_DEBUG_MEMORY_FREE: + printf("Free'ing : %d\n", (int)sz); + break; + + case WOLFSSL_DEBUG_MEMORY_INIT: + printf("Creating memory bucket of size : %d\n", bucketSz); + break; + } +} +#endif + + + +THREAD_RETURN WOLFSSL_THREAD client_test(void* args) +{ + SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID; + + wolfSSL_method_func method = NULL; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + +#ifdef WOLFSSL_WOLFSENTRY_HOOKS + wolfsentry_errcode_t wolfsentry_ret; +#endif + + WOLFSSL* sslResume = NULL; + WOLFSSL_SESSION* session = NULL; +#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \ + defined(HAVE_EXT_CACHE)) + byte* flatSession = NULL; + int flatSessionSz = 0; +#endif + + char msg[CLI_MSG_SZ]; + int msgSz = 0; + char reply[CLI_REPLY_SZ]; + + word16 port = wolfSSLPort; + char* host = (char*)wolfSSLIP; + const char* domain = "localhost"; /* can't default to www.wolfssl.com + because can't tell if we're really + going there to detect old chacha-poly + */ +#ifndef WOLFSSL_VXWORKS + int ch; + static const struct mygetopt_long_config long_options[] = { +#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \ + !defined(WOLFSENTRY_NO_JSON) + { "wolfsentry-config", 1, 256 }, +#endif + { "help", 0, 257 }, +#ifndef NO_MULTIBYTE_PRINT + { "ヘルプ", 0, 258 }, +#endif +#if defined(HAVE_PQC) + { "pqc", 1, 259 }, +#endif +#ifdef WOLFSSL_SRTP + { "srtp", 2, 260 }, /* optional argument */ +#endif +#ifdef WOLFSSL_DTLS13 + /* allow waitTicket option even when HAVE_SESSION_TICKET is 0. Otherwise + * tests that use this option will ignore the options following + * --waitTicket in the command line and fail */ + {"waitTicket", 0, 261}, +#endif /* WOLFSSL_DTLS13 */ +#ifdef WOLFSSL_DTLS_CID + {"cid", 2, 262}, +#endif /* WOLFSSL_DTLS_CID */ +#ifdef WOLFSSL_SYS_CA_CERTS + { "sys-ca-certs", 0, 263 }, +#endif +#ifdef HAVE_SUPPORTED_CURVES + { "onlyPskDheKe", 0, 264 }, +#endif +#ifndef NO_PSK + { "openssl-psk", 0, 265 }, +#endif + { "quieter", 0, 266 }, +#ifdef HAVE_RPK + { "rpk", 0, 267 }, +#endif /* HAVE_RPK */ + { "files-are-der", 0, 268 }, +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + { "crypto-policy", 1, 269 }, +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + { 0, 0, 0 } + }; +#endif + int version = CLIENT_INVALID_VERSION; + int minVersion = CLIENT_INVALID_VERSION; + int usePsk = 0; + int opensslPsk = 0; + int useAnon = 0; + int sendGET = 0; + int benchmark = 0; + int block = TEST_BUFFER_SIZE; + size_t throughput = 0; + int doDTLS = 0; + int dtlsUDP = 0; +#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ + defined(WOLFSSL_DTLS) + int dtlsMTU = 0; +#endif + int dtlsSCTP = 0; + int doMcast = 0; + int matchName = 0; + int doPeerCheck = 1; + int nonBlocking = 0; + int simulateWantWrite = 0; + int resumeSession = 0; + int wc_shutdown = 0; + int disableCRL = 0; + int externalTest = 0; + int ret; + int err = 0; + int scr = 0; /* allow secure renegotiation */ + int forceScr = 0; /* force client initiated scr */ + int scrAppData = 0; + int resumeScr = 0; /* use resumption for renegotiation */ +#ifndef WOLFSSL_NO_CLIENT_AUTH + int useClientCert = 1; +#else + int useClientCert = 0; +#endif + int fewerPackets = 0; + int atomicUser = 0; +#ifdef HAVE_PK_CALLBACKS + int pkCallbacks = 0; + PkCbInfo pkCbInfo; +#endif + int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS; + char* alpnList = NULL; + unsigned char alpn_opt = 0; + char* cipherList = NULL; + int useDefCipherList = 0; + int customVerifyCert = 0; + const char* verifyCert; + const char* ourCert; + const char* ourKey; + + int doSTARTTLS = 0; + char* starttlsProt = NULL; + int useVerifyCb = 0; + int useSupCurve = 0; + +#ifdef WOLFSSL_TRUST_PEER_CERT + const char* trustCert = NULL; +#endif + +#ifdef HAVE_SNI + char* sniHostName = NULL; +#endif +#ifdef HAVE_TRUSTED_CA + int trustedCaKeyId = 0; +#endif +#ifdef HAVE_MAX_FRAGMENT + byte maxFragment = 0; +#endif +#ifdef HAVE_TRUNCATED_HMAC + byte truncatedHMAC = 0; +#endif +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + byte statusRequest = 0; + byte mustStaple = 0; +#endif +#ifdef HAVE_EXTENDED_MASTER + byte disableExtMasterSecret = 0; +#endif + int helloRetry = 0; + int onlyKeyShare = 0; +#ifdef WOLFSSL_TLS13 + int noPskDheKe = 0; +#ifdef HAVE_SUPPORTED_CURVES + int onlyPskDheKe = 0; +#endif + int postHandAuth = 0; +#endif + int updateKeysIVs = 0; + int earlyData = 0; +#ifdef WOLFSSL_MULTICAST + byte mcastID = 0; +#endif +#if !defined(NO_DH) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) + int doDhKeyCheck = 1; +#endif + +#ifdef HAVE_OCSP + int useOcsp = 0; + char* ocspUrl = NULL; +#endif + int useX25519 = 0; + int useX448 = 0; + int usePqc = 0; + char* pqcAlg = NULL; + int exitWithRet = 0; + int loadCertKeyIntoSSLObj = 0; +#ifdef WOLFSSL_SYS_CA_CERTS + byte loadSysCaCerts = 0; +#endif + +#ifdef HAVE_ENCRYPT_THEN_MAC + int disallowETM = 0; +#endif + +#ifdef HAVE_WNR + const char* wnrConfigFile = wnrConfig; +#endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + int useCertFolder = 0; +#endif +#ifdef WOLFSSL_SRTP + const char* dtlsSrtpProfiles = NULL; +#endif + +#ifdef HAVE_SESSION_TICKET + int waitTicket = 0; +#endif /* HAVE_SESSION_TICKET */ +#ifdef WOLFSSL_DTLS_CID + int useDtlsCID = 0; + char dtlsCID[DTLS_CID_BUFFER_SIZE] = { 0 }; +#endif /* WOLFSSL_DTLS_CID */ +#ifdef HAVE_RPK + int useRPK = 0; +#endif /* HAVE_RPK */ +#ifdef WOLFSSL_PEM_TO_DER + int fileFormat = WOLFSSL_FILETYPE_PEM; +#else + int fileFormat = WOLFSSL_FILETYPE_ASN1; +#endif +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + const char * policy = NULL; +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + + + char buffer[WOLFSSL_MAX_ERROR_SZ]; + + int argc = ((func_args*)args)->argc; + char** argv = ((func_args*)args)->argv; + + +#ifdef WOLFSSL_STATIC_MEMORY + #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \ + || defined(SESSION_CERTS) + /* big enough to handle most cases including session certs */ + byte memory[320000]; + #else + byte memory[80000]; + #endif + byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */ + #if !defined(WOLFSSL_STATIC_MEMORY_LEAN) + WOLFSSL_MEM_CONN_STATS ssl_stats; + #if defined(DEBUG_WOLFSSL) + WOLFSSL_MEM_STATS mem_stats; + #endif + #endif + WOLFSSL_HEAP_HINT *heap = NULL; +#endif + +#ifdef WOLFSSL_DUAL_ALG_CERTS + /* Set our preference for verification to be for both the native and + * alternative chains. Ultimately, its the server's choice. This will be + * used in the call to wolfSSL_UseCKS(). */ + byte cks_order[3] = { + WOLFSSL_CKS_SIGSPEC_BOTH, + WOLFSSL_CKS_SIGSPEC_ALTERNATIVE, + WOLFSSL_CKS_SIGSPEC_NATIVE, + }; +#endif /* WOLFSSL_DUAL_ALG_CERTS */ + + ((func_args*)args)->return_code = -1; /* error state */ + +#ifndef NO_RSA + verifyCert = caCertFile; + ourCert = cliCertFile; + ourKey = cliKeyFile; +#else + #ifdef HAVE_ECC + verifyCert = caEccCertFile; + ourCert = cliEccCertFile; + ourKey = cliEccKeyFile; + #elif defined(HAVE_ED25519) + verifyCert = caEdCertFile; + ourCert = cliEdCertFile; + ourKey = cliEdKeyFile; + #elif defined(HAVE_ED448) + verifyCert = caEd448CertFile; + ourCert = cliEd448CertFile; + ourKey = cliEd448KeyFile; + #else + verifyCert = NULL; + ourCert = NULL; + ourKey = NULL; + #endif +#endif + + (void)session; + (void)sslResume; + (void)atomicUser; + (void)scr; + (void)forceScr; + (void)scrAppData; + (void)resumeScr; + (void)ourKey; + (void)ourCert; + (void)verifyCert; + (void)useClientCert; + (void)disableCRL; + (void)minDhKeyBits; + (void)alpnList; + (void)alpn_opt; + (void)updateKeysIVs; + (void)earlyData; + (void)useX25519; + (void)useX448; + (void)helloRetry; + (void)onlyKeyShare; + (void)useSupCurve; + (void)loadCertKeyIntoSSLObj; + (void)usePqc; + (void)pqcAlg; + (void)opensslPsk; + (void)fileFormat; + StackTrap(); + + /* Reinitialize the global myVerifyAction. */ + myVerifyAction = VERIFY_OVERRIDE_ERROR; + +#ifndef WOLFSSL_VXWORKS + /* Not used: All used */ + while ((ch = mygetopt_long(argc, argv, "?:" + "ab:c:defgh:i;jk:l:mnop:q:rstu;v:wxyz" + "A:B:CDE:F:GH:IJKL:M:NO:PQRS:TUVW:XYZ:" + "01:23:4567:89" + "@#", long_options, 0)) != -1) { + switch (ch) { + case '?' : + if(myoptarg!=NULL) { + lng_index = atoi(myoptarg); + if(lng_index<0||lng_index>1){ + lng_index = 0; + } + } + Usage(); + XEXIT_T(EXIT_SUCCESS); + + case 257 : + lng_index = 0; + Usage(); + XEXIT_T(EXIT_SUCCESS); + + case 258 : + lng_index = 1; + Usage(); + XEXIT_T(EXIT_SUCCESS); + + case 'g' : + sendGET = 1; + break; + + case 'd' : + doPeerCheck = 0; + break; + + case 'e' : + ShowCiphers(); + XEXIT_T(EXIT_SUCCESS); + + case 'D' : + myVerifyAction = VERIFY_OVERRIDE_DATE_ERR; + break; + + case 'C' : + #ifdef HAVE_CRL + disableCRL = 1; + #endif + break; + + case 'u' : + doDTLS = 1; + dtlsUDP = 1; + #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ + defined(WOLFSSL_DTLS) + dtlsMTU = atoi(myoptarg); + #endif + break; + + #ifdef WOLFSSL_SRTP + case 260: + doDTLS = 1; + dtlsUDP = 1; + dtlsSrtpProfiles = myoptarg != NULL ? myoptarg : + "SRTP_AES128_CM_SHA1_80"; + printf("Using SRTP Profile(s): %s\n", dtlsSrtpProfiles); + break; + #endif + +#ifdef WOLFSSL_DTLS13 + case 261: +#ifdef HAVE_SESSION_TICKET + waitTicket = 1; +#endif /* HAVE_SESSION_TICKET */ + break; +#endif /* WOLFSSL_DTLS13 */ +#ifdef WOLFSSL_DTLS_CID + case 262: + useDtlsCID = 1; + if (myoptarg != NULL) { + if (XSTRLEN(myoptarg) >= DTLS_CID_BUFFER_SIZE) { + err_sys("provided connection ID is too big"); + } + else { + XSTRLCPY(dtlsCID, myoptarg, DTLS_CID_BUFFER_SIZE); + } + } + break; +#endif /* WOLFSSL_CID */ + case 'G' : + #ifdef WOLFSSL_SCTP + doDTLS = 1; + dtlsUDP = 1; + dtlsSCTP = 1; + #endif + break; + + case 's' : + usePsk = 1; + break; + + #ifdef WOLFSSL_TRUST_PEER_CERT + case 'E' : + trustCert = myoptarg; + break; + #endif + + case 'm' : + matchName = 1; + break; + + case 'x' : + useClientCert = 0; + break; + + case 'X' : + externalTest = 1; + break; + + case 'f' : + fewerPackets = 1; + break; + + case 'U' : + #if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) + atomicUser = 1; + #endif + break; + + case 'P' : + #ifdef HAVE_PK_CALLBACKS + pkCallbacks = 1; + #endif + break; + + case 'h' : + host = myoptarg; + domain = myoptarg; + break; + + case 'p' : + port = (word16)atoi(myoptarg); + #if !defined(NO_MAIN_DRIVER) || defined(USE_WINDOWS_API) + if (port == 0) + err_sys("port number cannot be 0"); + #endif + break; + + case 'v' : + if (myoptarg[0] == 'd') { + version = CLIENT_DOWNGRADE_VERSION; + break; + } + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + else if (myoptarg[0] == 'e') { + version = EITHER_DOWNGRADE_VERSION; + #ifndef NO_CERTS + loadCertKeyIntoSSLObj = 1; + #endif + break; + } + #endif + version = atoi(myoptarg); + if (version < 0 || version > 4) { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + break; + + case 'V' : + ShowVersions(); + XEXIT_T(EXIT_SUCCESS); + + case 'l' : + cipherList = myoptarg; + break; + + case 'H' : + if (XSTRCMP(myoptarg, "defCipherList") == 0) { + printf("Using default cipher list for testing\n"); + useDefCipherList = 1; + } + else if (XSTRCMP(myoptarg, "exitWithRet") == 0) { + printf("Skip exit() for testing\n"); + exitWithRet = 1; + } + else if (XSTRCMP(myoptarg, "verifyFail") == 0) { + printf("Verify should fail\n"); + myVerifyAction = VERIFY_FORCE_FAIL; + } + else if (XSTRCMP(myoptarg, "verifyInfo") == 0) { + printf("Verify should not override error\n"); + myVerifyAction = VERIFY_USE_PREVERIFY; + } + else if (XSTRCMP(myoptarg, "useSupCurve") == 0) { + printf("Attempting to test use supported curve\n"); + #if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) + useSupCurve = 1; + #else + printf("Supported curves not compiled in!\n"); + #endif + } + else if (XSTRCMP(myoptarg, "loadSSL") == 0) { + printf("Load cert/key into wolfSSL object\n"); + #ifndef NO_CERTS + loadCertKeyIntoSSLObj = 1; + #else + printf("Certs turned off with NO_CERTS!\n"); + #endif + } + else if (XSTRCMP(myoptarg, "disallowETM") == 0) { + printf("Disallow Encrypt-Then-MAC\n"); + #ifdef HAVE_ENCRYPT_THEN_MAC + disallowETM = 1; + #endif + } + else { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + break; + + case 'A' : + customVerifyCert = 1; + verifyCert = myoptarg; + break; + + case 'c' : + ourCert = myoptarg; + break; + + case 'k' : + ourKey = myoptarg; + break; + + case 'Z' : + #ifndef NO_DH + minDhKeyBits = atoi(myoptarg); + if (minDhKeyBits <= 0 || minDhKeyBits > 16000) { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + #endif + break; + + case 'b' : + benchmark = atoi(myoptarg); + if (benchmark < 0 || benchmark > 1000000) { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + break; + + case 'B' : + throughput = (size_t)atol(myoptarg); + for (; *myoptarg != '\0'; myoptarg++) { + if (*myoptarg == ',') { + block = atoi(myoptarg + 1); + break; + } + } + if (throughput == 0 || block <= 0) { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + break; + + case 'N' : + nonBlocking = 1; + break; + + case 'r' : + resumeSession = 1; + break; + + case 'w' : + wc_shutdown = 1; + break; + + case 'R' : + #ifdef HAVE_SECURE_RENEGOTIATION + scr = 1; + #endif + break; + + case 'i' : + #ifdef HAVE_SECURE_RENEGOTIATION + scr = 1; + forceScr = 1; + if (XSTRCMP(myoptarg, "scr-app-data") == 0) { + scrAppData = 1; + } + #endif + break; + + case 'z' : + #ifndef WOLFSSL_LEANPSK + wolfSSL_GetObjectSize(); + #endif + break; + + case 'S' : + if (XSTRCMP(myoptarg, "check") == 0) { + #ifdef HAVE_SNI + printf("SNI is: ON\n"); + #else + printf("SNI is: OFF\n"); + #endif + XEXIT_T(EXIT_SUCCESS); + } + #ifdef HAVE_SNI + sniHostName = myoptarg; + #endif + break; + + case 'F' : + #ifdef HAVE_MAX_FRAGMENT + maxFragment = (byte)atoi(myoptarg); + if (maxFragment < WOLFSSL_MFL_MIN || + maxFragment > WOLFSSL_MFL_MAX) { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + #endif + break; + + case 'T' : + #ifdef HAVE_TRUNCATED_HMAC + truncatedHMAC = 1; + #endif + break; + + case 'n' : + #ifdef HAVE_EXTENDED_MASTER + disableExtMasterSecret = 1; + #endif + break; + + case 'W' : + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + { + word32 myoptargSz; + + statusRequest = (byte)atoi(myoptarg); + if (statusRequest > OCSP_STAPLING_OPT_MAX) { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + + myoptargSz = (word32)XSTRLEN(myoptarg); + if (myoptargSz > 0 && + XTOUPPER((unsigned char)myoptarg[myoptargSz-1]) == 'M') { + mustStaple = 1; + } + } + #endif + break; + + case 'o' : + #ifdef HAVE_OCSP + useOcsp = 1; + #endif + break; + + case 'O' : + #ifdef HAVE_OCSP + useOcsp = 1; + ocspUrl = myoptarg; + #endif + break; + + case 'a' : + #ifdef HAVE_ANON + useAnon = 1; + #endif + break; + + case 'L' : + #ifdef HAVE_ALPN + alpnList = myoptarg; + + if (alpnList[0] == 'C' && alpnList[1] == ':') + alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH; + else if (alpnList[0] == 'F' && alpnList[1] == ':') + alpn_opt = WOLFSSL_ALPN_FAILED_ON_MISMATCH; + else { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + + alpnList += 2; + + #endif + break; + + case 'M' : + doSTARTTLS = 1; + starttlsProt = myoptarg; + + if (XSTRCMP(starttlsProt, "smtp") != 0) { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + + break; + + case 'q' : + #ifdef HAVE_WNR + wnrConfigFile = myoptarg; + #endif + break; + + case 'J' : + #ifdef WOLFSSL_TLS13 + helloRetry = 1; + #endif + break; + + case 'K' : + #ifdef WOLFSSL_TLS13 + noPskDheKe = 1; + #endif + break; + + case 'I' : + #ifdef WOLFSSL_TLS13 + updateKeysIVs = 1; + #endif + break; + + case 'y' : + #if defined(WOLFSSL_TLS13) && \ + defined(HAVE_SUPPORTED_CURVES) && !defined(NO_DH) + onlyKeyShare = 1; + #endif + break; + + case 'Y' : + #if defined(WOLFSSL_TLS13) && \ + defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC) + onlyKeyShare = 2; + #endif + break; + + case 'j' : + useVerifyCb = 1; + break; + + case 't' : + #ifdef HAVE_CURVE25519 + useX25519 = 1; + #ifdef HAVE_ECC + useSupCurve = 1; + #if defined(WOLFSSL_TLS13) && \ + defined(HAVE_SUPPORTED_CURVES) + onlyKeyShare = 2; + #endif + #endif + #endif + break; + + case 'Q' : + #if defined(WOLFSSL_TLS13) && \ + defined(WOLFSSL_POST_HANDSHAKE_AUTH) + postHandAuth = 1; + #endif + break; + + case '0' : + #ifdef WOLFSSL_EARLY_DATA + earlyData = 1; + #endif + break; + + case '1' : + lng_index = atoi(myoptarg); + if(lng_index<0||lng_index>1){ + lng_index = 0; + } + break; + + case '2' : + #if !defined(NO_DH) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) + doDhKeyCheck = 0; + #endif + break; + + case '3' : + #ifdef WOLFSSL_MULTICAST + doMcast = 1; + mcastID = (byte)(atoi(myoptarg) & 0xFF); + #endif + break; + + case '4' : + #ifdef HAVE_SECURE_RENEGOTIATION + scr = 1; + forceScr = 1; + resumeScr = 1; + #endif + break; + + case '5' : + #ifdef HAVE_TRUSTED_CA + trustedCaKeyId = 1; + #endif /* HAVE_TRUSTED_CA */ + break; + + case '6' : +#ifdef WOLFSSL_ASYNC_IO + nonBlocking = 1; + simulateWantWrite = 1; +#else + LOG_ERROR("Ignoring -6 since async I/O support not " + "compiled in.\n"); +#endif + break; + + case '7' : + minVersion = atoi(myoptarg); + if (minVersion < 0 || minVersion > 4) { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + break; + + case '8' : + #ifdef HAVE_CURVE448 + useX448 = 1; + #ifdef HAVE_ECC + useSupCurve = 1; + #if defined(WOLFSSL_TLS13) && \ + defined(HAVE_SUPPORTED_CURVES) + onlyKeyShare = 2; + #endif + #endif + #endif + break; + case '9' : +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + useCertFolder = 1; +#endif + break; + case '@' : + { +#ifdef HAVE_WC_INTROSPECTION + const char *conf_args = wolfSSL_configure_args(); + if (conf_args) { + puts(conf_args); + XEXIT_T(EXIT_SUCCESS); + } else { + fputs("configure args not compiled in.\n",stderr); + XEXIT_T(MY_EX_USAGE); + } +#else + fputs("compiled without BUILD_INTROSPECTION.\n",stderr); + XEXIT_T(MY_EX_USAGE); +#endif + } + + case '#' : + { +#ifdef HAVE_WC_INTROSPECTION + const char *cflags = wolfSSL_global_cflags(); + if (cflags) { + puts(cflags); + XEXIT_T(EXIT_SUCCESS); + } else { + fputs("CFLAGS not compiled in.\n",stderr); + XEXIT_T(MY_EX_USAGE); + } +#else + fputs("compiled without BUILD_INTROSPECTION.\n",stderr); + XEXIT_T(MY_EX_USAGE); +#endif + } + +#ifdef WOLFSSL_WOLFSENTRY_HOOKS + case 256: +#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON) + wolfsentry_config_path = myoptarg; +#endif + break; +#endif + +#if defined(HAVE_PQC) + case 259: + { + usePqc = 1; + #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) + onlyKeyShare = 3; + #endif + pqcAlg = myoptarg; + } + break; +#endif +#ifdef WOLFSSL_SYS_CA_CERTS + case 263: + loadSysCaCerts = 1; + break; +#endif + case 264: +#ifdef HAVE_SUPPORTED_CURVES + #ifdef WOLFSSL_TLS13 + onlyPskDheKe = 1; + #endif +#endif + break; + case 265: +#ifndef NO_PSK + opensslPsk = 1; +#endif + break; + case 266: + quieter = 1; + break; + case 267: +#ifdef HAVE_RPK + useRPK = 1; +#endif /* HAVE_RPK */ + break; + case 268: +#ifndef NO_CERTS + fileFormat = WOLFSSL_FILETYPE_ASN1; +#endif + break; + case 269: +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + policy = myoptarg; +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + break; + + default: + Usage(); + XEXIT_T(MY_EX_USAGE); + } + } + + myoptind = 0; /* reset for test cases */ +#endif /* !WOLFSSL_VXWORKS */ + + if (externalTest) { + /* detect build cases that wouldn't allow test against wolfssl.com */ + int done = 0; + + #ifdef NO_RSA + done += 1; /* require RSA for external tests */ + #endif + + if (!XSTRCMP(domain, "www.globalsign.com")) { + /* www.globalsign.com does not respond to ipv6 ocsp requests */ + #if defined(TEST_IPV6) && defined(HAVE_OCSP) + done += 1; + #endif + + /* www.globalsign.com has limited supported cipher suites */ + #if defined(NO_AES) && defined(HAVE_OCSP) + done += 1; + #endif + + /* www.globalsign.com only supports static RSA or ECDHE with AES */ + /* We cannot expect users to have on static RSA so test for ECC only + * as some users will most likely be on 32-bit systems where ECC + * is not enabled by default */ + #if defined(HAVE_OCSP) && !defined(HAVE_ECC) + done += 1; + #endif + } + + #ifndef NO_PSK + if (usePsk) { + done += 1; /* don't perform external tests if PSK is enabled */ + } + #endif + + #ifdef NO_SHA + done += 1; /* external cert chain most likely has SHA */ + #endif + + #if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) \ + || ( defined(HAVE_ECC) && !defined(HAVE_SUPPORTED_CURVES) \ + && !defined(WOLFSSL_STATIC_RSA) ) + /* google needs ECDHE+Supported Curves or static RSA */ + if (!XSTRCASECMP(domain, "www.google.com")) + done += 1; + #endif + + #if !defined(HAVE_ECC) && !defined(WOLFSSL_STATIC_RSA) + /* wolfssl needs ECDHE or static RSA */ + if (!XSTRCASECMP(domain, "www.wolfssl.com")) + done += 1; + #endif + + #if !defined(WOLFSSL_SHA384) + if (!XSTRCASECMP(domain, "www.wolfssl.com")) { + /* wolfssl need sha384 for cert chain verify */ + done += 1; + } + #endif + + #if !defined(HAVE_AESGCM) && defined(NO_AES) && \ + !(defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) + /* need at least one of these for external tests */ + done += 1; + #endif + + /* For the external test, if we disable AES, GoDaddy will reject the + * connection. They only currently support AES suites, RC4 and 3DES + * suites. With AES disabled we only offer PolyChacha suites. */ + #if defined(NO_AES) && !defined(HAVE_AESGCM) + if (!XSTRCASECMP(domain, "www.wolfssl.com")) { + done += 1; + } + #endif + + if (done) { + LOG_ERROR("external test can't be run in this mode\n"); + + ((func_args*)args)->return_code = 0; + XEXIT_T(EXIT_SUCCESS); + } + } + + /* sort out DTLS versus TLS versions */ + if (version == CLIENT_INVALID_VERSION) { + if (doDTLS) + version = CLIENT_DTLS_DEFAULT_VERSION; + else + version = CLIENT_DEFAULT_VERSION; + } + else { + if (doDTLS) { + if (version == 3) { + version = -2; + } + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + else if (version == EITHER_DOWNGRADE_VERSION) { + version = -3; + } + #endif + else if (version == 4) { +#ifdef WOLFSSL_DTLS13 + version = -4; +#else + err_sys("Bad DTLS version"); +#endif /* WOLFSSL_DTLS13 */ + } + else if (version == 2) + version = -1; + } + } + +#ifndef HAVE_SESSION_TICKET + if ((version >= 4) && resumeSession) { + LOG_ERROR("Can't do TLS 1.3 resumption; need session tickets!\n"); + } +#endif + +#ifdef HAVE_WNR + if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) + err_sys("can't load whitewood net random config file"); +#endif + +#ifdef HAVE_PQC + if (usePqc) { + if (version == CLIENT_DOWNGRADE_VERSION || + version == EITHER_DOWNGRADE_VERSION) + LOG_ERROR( + "WARNING: If a TLS 1.3 connection is not negotiated, you " + "will not be using a post-quantum group.\n"); + else if (version != 4 && version != -4) + err_sys("can only use post-quantum groups with TLS 1.3 or DTLS 1.3"); + } +#endif + + switch (version) { +#ifndef NO_OLD_TLS + #ifdef WOLFSSL_ALLOW_SSLV3 + case 0: + method = wolfSSLv3_client_method_ex; + break; + #endif + + #ifndef NO_TLS + #ifdef WOLFSSL_ALLOW_TLSV10 + case 1: + method = wolfTLSv1_client_method_ex; + break; + #endif + + case 2: + method = wolfTLSv1_1_client_method_ex; + break; + #endif /* !NO_TLS */ +#endif /* !NO_OLD_TLS */ + +#ifndef NO_TLS + #ifndef WOLFSSL_NO_TLS12 + case 3: + method = wolfTLSv1_2_client_method_ex; + break; + #endif + + #ifdef WOLFSSL_TLS13 + case 4: + method = wolfTLSv1_3_client_method_ex; + break; + #endif + + case CLIENT_DOWNGRADE_VERSION: + if (!doDTLS) { + method = wolfSSLv23_client_method_ex; + } + else { +#ifdef WOLFSSL_DTLS + method = wolfDTLS_client_method_ex; +#else + err_sys("version not supported"); +#endif /* WOLFSSL_DTLS */ + } + break; + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + case EITHER_DOWNGRADE_VERSION: + method = wolfSSLv23_method_ex; + break; + #endif +#endif /* NO_TLS */ + +#ifdef WOLFSSL_DTLS + #ifndef NO_OLD_TLS + case -1: + method = wolfDTLSv1_client_method_ex; + break; + #endif + + #ifndef WOLFSSL_NO_TLS12 + case -2: + method = wolfDTLSv1_2_client_method_ex; + break; + #endif +#ifdef WOLFSSL_DTLS13 + case -4: + method = wolfDTLSv1_3_client_method_ex; + break; +#endif /* WOLFSSL_DTLS13 */ + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + case -3: + method = wolfDTLSv1_2_method_ex; + break; + #endif +#endif + + default: + err_sys("Bad SSL version"); + } + + if (method == NULL) + err_sys("unable to get method"); + +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + if (policy != NULL) { + if (wolfSSL_crypto_policy_enable(policy) != WOLFSSL_SUCCESS) { + err_sys("wolfSSL_crypto_policy_enable failed"); + } + } +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + +#ifdef WOLFSSL_STATIC_MEMORY + #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) + /* print off helper buffer sizes for use with static memory + * printing to stderr in case of debug mode turned on */ + LOG_ERROR("static memory management size = %d\n", + wolfSSL_MemoryPaddingSz()); + LOG_ERROR("calculated optimum general buffer size = %d\n", + wolfSSL_StaticBufferSz(memory, sizeof(memory), 0)); + LOG_ERROR("calculated optimum IO buffer size = %d\n", + wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO), + WOLFMEM_IO_POOL_FIXED)); + #endif /* DEBUG_WOLFSSL */ + + if (wc_LoadStaticMemory(&heap, memory, sizeof(memory), WOLFMEM_GENERAL, 1) + != 0) { + err_sys("unable to load static memory"); + } + +#if defined(WOLFSSL_STATIC_MEMORY) && \ + defined(WOLFSSL_STATIC_MEMORY_DEBUG_CALLBACK) + wolfSSL_SetDebugMemoryCb(ExampleDebugMemoryCb); +#endif + ctx = wolfSSL_CTX_new_ex(method(heap), heap); + if (ctx == NULL) + err_sys("unable to get ctx"); +#ifdef WOLFSSL_CALLBACKS + wolfSSL_CTX_set_msg_callback(ctx, msgDebugCb); +#endif + + if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO), + WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1) != WOLFSSL_SUCCESS) { + err_sys("unable to load static memory"); + } +#else + if (method != NULL) { + ctx = wolfSSL_CTX_new(method(NULL)); + if (ctx == NULL) + err_sys("unable to get ctx"); + } +#endif + +#ifdef WOLFSSL_SYS_CA_CERTS + if (loadSysCaCerts && + wolfSSL_CTX_load_system_CA_certs(ctx) != WOLFSSL_SUCCESS) { + err_sys("wolfSSL_CTX_load_system_CA_certs failed"); + } +#endif /* WOLFSSL_SYS_CA_CERTS */ + + if (minVersion != CLIENT_INVALID_VERSION) { +#ifdef WOLFSSL_DTLS + if (doDTLS) { + switch (minVersion) { + case 4: +#ifdef WOLFSSL_DTLS13 + minVersion = WOLFSSL_DTLSV1_3; + break; +#else + err_sys("invalid minimum downgrade version"); +#endif /* WOLFSSL_DTLS13 */ + case 3: + minVersion = WOLFSSL_DTLSV1_2; + break; + case 2: + minVersion = WOLFSSL_DTLSV1; + break; + } + } +#endif /* WOLFSSL_DTLS */ + if (wolfSSL_CTX_SetMinVersion(ctx, minVersion) != WOLFSSL_SUCCESS) + err_sys("can't set minimum downgrade version"); + } + if (simulateWantWrite) { + #ifdef USE_WOLFSSL_IO + wolfSSL_CTX_SetIOSend(ctx, SimulateWantWriteIOSendCb); + #endif + } + +#ifdef SINGLE_THREADED + if (wolfSSL_CTX_new_rng(ctx) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("Single Threaded new rng at CTX failed"); + } +#endif + +#ifdef OPENSSL_COMPATIBLE_DEFAULTS + /* Restore wolfSSL verify defaults */ + if (ctx) { + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_DEFAULT, NULL); + } +#endif + +#ifdef WOLFSSL_SRTP + if (dtlsSrtpProfiles != NULL) { + if (wolfSSL_CTX_set_tlsext_use_srtp(ctx, dtlsSrtpProfiles) + != 0) { + err_sys("unable to set DTLS SRTP profile"); + } + } +#endif + +#ifdef WOLFSSL_WOLFSENTRY_HOOKS + if (wolfsentry_setup(&wolfsentry, wolfsentry_config_path, + WOLFSENTRY_ROUTE_FLAG_DIRECTION_OUT) < 0) { + err_sys("unable to initialize wolfSentry"); + } + + if (wolfSSL_CTX_set_ConnectFilter( + ctx, + (NetworkFilterCallback_t)wolfSentry_NetworkFilterCallback, + wolfsentry) < 0) { + err_sys("unable to install wolfSentry_NetworkFilterCallback"); + } +#endif + + if (cipherList && !useDefCipherList) { + if (wolfSSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("client can't set cipher list 1"); + } + } + +#ifdef WOLFSSL_LEANPSK + if (!usePsk) { + usePsk = 1; + } +#endif + +#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \ + !defined(HAVE_ED448) + if (!usePsk) { + usePsk = 1; + } +#endif + + if (fewerPackets) + wolfSSL_CTX_set_group_messages(ctx); +#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ + defined(WOLFSSL_DTLS) + if (dtlsMTU) + wolfSSL_CTX_dtls_set_mtu(ctx, (unsigned short)dtlsMTU); +#endif + +#ifndef NO_DH + if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits) + != WOLFSSL_SUCCESS) { + err_sys("Error setting minimum DH key size"); + } +#endif + +#ifdef HAVE_RPK + if (useRPK) { + char ctype[] = {WOLFSSL_CERT_TYPE_RPK}; + char stype[] = {WOLFSSL_CERT_TYPE_RPK}; + + wolfSSL_CTX_set_client_cert_type(ctx, ctype, sizeof(ctype)/sizeof(ctype[0])); + wolfSSL_CTX_set_server_cert_type(ctx, stype, sizeof(stype)/sizeof(stype[0])); + usePsk = 0; + #ifdef HAVE_CRL + disableCRL = 1; + #endif + doPeerCheck = 0; + } +#endif /* HAVE_RPK */ + + if (usePsk) { +#ifndef NO_PSK + const char *defaultCipherList = cipherList; + + wolfSSL_CTX_set_psk_client_callback(ctx, my_psk_client_cb); +#ifdef WOLFSSL_TLS13 + #if !defined(WOLFSSL_PSK_TLS13_CB) && !defined(WOLFSSL_PSK_ONE_ID) + if (!opensslPsk) { + wolfSSL_CTX_set_psk_client_cs_callback(ctx, my_psk_client_cs_cb); + } + else + #endif + { + wolfSSL_CTX_set_psk_client_tls13_callback(ctx, + my_psk_client_tls13_cb); + } +#endif + if (defaultCipherList == NULL) { + #if defined(HAVE_AESGCM) && !defined(NO_DH) + #ifdef WOLFSSL_TLS13 + defaultCipherList = "TLS13-AES128-GCM-SHA256" + #ifndef WOLFSSL_NO_TLS12 + ":DHE-PSK-AES128-GCM-SHA256" + #endif + ; + #else + defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; + #endif + #elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13) + defaultCipherList = "TLS13-AES128-GCM-SHA256" + #ifndef WOLFSSL_NO_TLS12 + ":PSK-AES128-GCM-SHA256" + #endif + ; + #elif defined(HAVE_NULL_CIPHER) + defaultCipherList = "PSK-NULL-SHA256"; + #elif !defined(NO_AES_CBC) + defaultCipherList = "PSK-AES128-CBC-SHA256"; + #else + defaultCipherList = "PSK-AES128-GCM-SHA256"; + #endif + if (wolfSSL_CTX_set_cipher_list(ctx, defaultCipherList) + !=WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("client can't set cipher list 2"); + } + } + wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList); +#endif + if (useClientCert) { + useClientCert = 0; + } + } + + if (useAnon) { +#ifdef HAVE_ANON + if (cipherList == NULL || (cipherList && useDefCipherList)) { + const char* defaultCipherList; + wolfSSL_CTX_allow_anon_cipher(ctx); + defaultCipherList = "ADH-AES256-GCM-SHA384:" + "ADH-AES128-SHA"; + if (wolfSSL_CTX_set_cipher_list(ctx,defaultCipherList) + != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("client can't set cipher list 4"); + } + } +#endif + if (useClientCert) { + useClientCert = 0; + } + } + +#ifdef WOLFSSL_SCTP + if (dtlsSCTP) + wolfSSL_CTX_dtls_set_sctp(ctx); +#endif + +#ifdef WOLFSSL_ENCRYPTED_KEYS + wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); +#endif + +#ifdef WOLFSSL_SNIFFER + if (cipherList == NULL && version < 4) { + /* static RSA or ECC cipher suites */ + const char* staticCipherList = "AES128-SHA:ECDH-ECDSA-AES128-SHA"; + if (wolfSSL_CTX_set_cipher_list(ctx, staticCipherList) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("client can't set cipher list 3"); + } + } +#endif + +#ifdef HAVE_OCSP + if (useOcsp) { + #if defined(HAVE_IO_TIMEOUT) && defined(HAVE_HTTP_CLIENT) + wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC); + #endif + + if (ocspUrl != NULL) { + wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl); + wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE + | WOLFSSL_OCSP_URL_OVERRIDE); + } + else { + wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL); + } + + #ifdef WOLFSSL_NONBLOCK_OCSP + wolfSSL_CTX_SetOCSP_Cb(ctx, OCSPIOCb, OCSPRespFreeCb, NULL); + #endif + } +#endif + +#ifdef USER_CA_CB + wolfSSL_CTX_SetCACb(ctx, CaCb); +#endif + +#if defined(HAVE_EXT_CACHE) && !defined(NO_SESSION_CACHE) + wolfSSL_CTX_sess_set_get_cb(ctx, mySessGetCb); + wolfSSL_CTX_sess_set_new_cb(ctx, mySessNewCb); + wolfSSL_CTX_sess_set_remove_cb(ctx, mySessRemCb); +#endif + +#ifndef NO_CERTS + if (useClientCert && !loadCertKeyIntoSSLObj){ + #if defined(NO_FILESYSTEM) && defined(USE_CERT_BUFFERS_2048) + if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, + client_cert_der_2048, sizeof_client_cert_der_2048, + WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + err_sys("can't load client cert buffer"); + #elif !defined(TEST_LOAD_BUFFER) + if (wolfSSL_CTX_use_certificate_chain_file_format(ctx, ourCert, fileFormat) + != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't load client cert file, check file and run from" + " wolfSSL home dir"); + } + #else + load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN); + #endif + } + + #ifdef HAVE_PK_CALLBACKS + pkCbInfo.ourKey = ourKey; + #endif + if (useClientCert && !loadCertKeyIntoSSLObj + #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY) + && !pkCallbacks + #endif + ) { + #ifdef NO_FILESYSTEM + if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048, + sizeof_client_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + err_sys("can't load client private key buffer"); + #elif !defined(TEST_LOAD_BUFFER) + if (wolfSSL_CTX_use_PrivateKey_file(ctx, ourKey, fileFormat) + != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't load client private key file, check file and run " + "from wolfSSL home dir"); + } + #else + load_buffer(ctx, ourKey, WOLFSSL_KEY); + #endif + } + + if (!usePsk && !useAnon && !useVerifyCb && myVerifyAction != VERIFY_FORCE_FAIL) { + #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + if (useCertFolder) { + WOLFSSL_X509_STORE *store; + WOLFSSL_X509_LOOKUP *lookup; + + store = wolfSSL_CTX_get_cert_store(ctx); + if (store == NULL) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't get WOLFSSL_X509_STORE"); + } + lookup = wolfSSL_X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); + if (lookup == NULL) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't add lookup"); + } + if (wolfSSL_X509_LOOKUP_ctrl(lookup, WOLFSSL_X509_L_ADD_DIR, caCertFolder, + X509_FILETYPE_PEM, NULL) != WOLFSSL_SUCCESS) { + err_sys("X509_LOOKUP_ctrl w/ L_ADD_DIR failed"); + } + } else { + #endif + #ifdef NO_FILESYSTEM + if (wolfSSL_CTX_load_verify_buffer(ctx, ca_cert_der_2048, + sizeof_ca_cert_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't load ca buffer, Please run from wolfSSL home dir"); + } + #elif !defined(TEST_LOAD_BUFFER) + unsigned int verify_flags = 0; + #ifdef TEST_BEFORE_DATE + verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY; + #endif + if (doPeerCheck != 0 && + wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0, verify_flags) + != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't load ca file, Please run from wolfSSL home dir"); + } + #else + load_buffer(ctx, verifyCert, WOLFSSL_CA); + #endif /* !NO_FILESYSTEM */ + + #ifdef HAVE_ECC + /* load ecc verify too, echoserver uses it by default w/ ecc */ + #ifdef NO_FILESYSTEM + if (doPeerCheck != 0 && + wolfSSL_CTX_load_verify_buffer(ctx, ca_ecc_cert_der_256, + sizeof_ca_ecc_cert_der_256, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't load ecc ca buffer"); + } + #elif !defined(TEST_LOAD_BUFFER) + if (doPeerCheck != 0 && !customVerifyCert && + wolfSSL_CTX_load_verify_locations_ex(ctx, eccCertFile, 0, verify_flags) + != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't load ecc ca file, Please run from wolfSSL home dir"); + } + #else + load_buffer(ctx, eccCertFile, WOLFSSL_CA); + #endif /* !TEST_LOAD_BUFFER */ + #endif /* HAVE_ECC */ + #if defined(WOLFSSL_TRUST_PEER_CERT) && !defined(NO_FILESYSTEM) + if (trustCert) { + if (wolfSSL_CTX_trust_peer_cert(ctx, trustCert, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't load trusted peer cert file"); + } + } + #endif /* WOLFSSL_TRUST_PEER_CERT && !NO_FILESYSTEM */ + #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + } + #endif + } + if (useVerifyCb || myVerifyAction == VERIFY_FORCE_FAIL || + myVerifyAction == VERIFY_USE_PREVERIFY) { + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify); + } + else if (!usePsk && !useAnon && doPeerCheck == 0) { + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); + } + else if (!usePsk && !useAnon && myVerifyAction == VERIFY_OVERRIDE_DATE_ERR) { + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify); + } +#endif /* !NO_CERTS */ + +#ifdef WOLFSSL_ASYNC_CRYPT + ret = wolfAsync_DevOpen(&devId); + if (ret < 0) { + LOG_ERROR("Async device open failed\nRunning without async\n"); + } + wolfSSL_CTX_SetDevId(ctx, devId); +#endif /* WOLFSSL_ASYNC_CRYPT */ + +#ifdef HAVE_SNI + if (sniHostName) { + if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName, + (word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("UseSNI failed"); + } + } +#endif +#ifdef HAVE_MAX_FRAGMENT + if (maxFragment) + if (wolfSSL_CTX_UseMaxFragment(ctx, maxFragment) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("UseMaxFragment failed"); + } +#endif +#ifdef HAVE_TRUNCATED_HMAC + if (truncatedHMAC) + if (wolfSSL_CTX_UseTruncatedHMAC(ctx) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("UseTruncatedHMAC failed"); + } +#endif +#ifdef HAVE_SESSION_TICKET + if (wolfSSL_CTX_UseSessionTicket(ctx) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("UseSessionTicket failed"); + } +#endif +#ifdef HAVE_EXTENDED_MASTER + if (disableExtMasterSecret) + if (wolfSSL_CTX_DisableExtendedMasterSecret(ctx) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("DisableExtendedMasterSecret failed"); + } +#endif +#if defined(HAVE_SUPPORTED_CURVES) + #if defined(HAVE_CURVE25519) + if (useX25519) { + if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X25519) + != WOLFSSL_SUCCESS) { + err_sys("unable to support X25519"); + } + } + #endif /* HAVE_CURVE25519 */ + #if defined(HAVE_CURVE448) + if (useX448) { + if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_X448) + != WOLFSSL_SUCCESS) { + err_sys("unable to support X448"); + } + } + #endif /* HAVE_CURVE448 */ + #ifdef HAVE_ECC + if (useSupCurve) { + #if !defined(NO_ECC_SECP) && \ + (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) + if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP384R1) + != WOLFSSL_SUCCESS) { + err_sys("unable to support secp384r1"); + } + #endif + #if !defined(NO_ECC_SECP) && \ + (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) + if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1) + != WOLFSSL_SUCCESS) { + err_sys("unable to support secp256r1"); + } + #endif + } + #endif /* HAVE_ECC */ + #ifdef HAVE_FFDHE_2048 + if (useSupCurve) { + if (wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_FFDHE_2048) + != WOLFSSL_SUCCESS) { + err_sys("unable to support FFDHE 2048"); + } + } + #endif +#endif /* HAVE_SUPPORTED_CURVES */ + +#ifdef WOLFSSL_TLS13 + if (noPskDheKe) + wolfSSL_CTX_no_dhe_psk(ctx); +#ifdef HAVE_SUPPORTED_CURVES + if (onlyPskDheKe) + wolfSSL_CTX_only_dhe_psk(ctx); +#endif +#endif +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + if (postHandAuth) { + if (wolfSSL_CTX_allow_post_handshake_auth(ctx) != 0) { + err_sys("unable to support post handshake auth"); + } + } +#endif + + if (benchmark) { + ((func_args*)args)->return_code = + ClientBenchmarkConnections(ctx, host, port, dtlsUDP, dtlsSCTP, + benchmark, resumeSession, useX25519, + useX448, usePqc, pqcAlg, helloRetry, + onlyKeyShare, version, earlyData); + wolfSSL_CTX_free(ctx); ctx = NULL; + XEXIT_T(EXIT_SUCCESS); + } + + if (throughput) { + ((func_args*)args)->return_code = + ClientBenchmarkThroughput(ctx, host, port, dtlsUDP, dtlsSCTP, + block, throughput, useX25519, useX448, + usePqc, pqcAlg, exitWithRet, version, + onlyKeyShare); + wolfSSL_CTX_free(ctx); ctx = NULL; + if (((func_args*)args)->return_code != EXIT_SUCCESS && !exitWithRet) + XEXIT_T(EXIT_SUCCESS); + else + goto exit; + } + + #if defined(WOLFSSL_MDK_ARM) + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); + #endif + + #if defined(OPENSSL_EXTRA) + if (wolfSSL_CTX_get_read_ahead(ctx) != 0) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("bad read ahead default value"); + } + if (wolfSSL_CTX_set_read_ahead(ctx, 1) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("error setting read ahead value"); + } + #endif + +#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) && \ + !defined(WOLFSSL_STATIC_MEMORY_LEAN) + LOG_ERROR("Before creating SSL\n"); + if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1) + err_sys("ctx not using static memory"); + if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */ + err_sys("error printing out memory stats"); +#endif + + if (doMcast) { +#ifdef WOLFSSL_MULTICAST + wolfSSL_CTX_mcast_set_member_id(ctx, mcastID); + if (wolfSSL_CTX_set_cipher_list(ctx, "WDM-NULL-SHA256") + != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("Couldn't set multicast cipher list."); + } +#endif + } + +#ifdef HAVE_PK_CALLBACKS + if (pkCallbacks) + SetupPkCallbacks(ctx); +#endif + + ssl = wolfSSL_new(ctx); + if (ssl == NULL) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("unable to get SSL object"); + } + +#ifdef WOLFSSL_DUAL_ALG_CERTS + if (!wolfSSL_UseCKS(ssl, cks_order, sizeof(cks_order))) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("unable to set the CKS order."); + } +#endif /* WOLFSSL_DUAL_ALG_CERTS */ + +#ifndef NO_PSK + if (usePsk) { + #if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && \ + defined(TEST_PSK_USE_SESSION) + SSL_set_psk_use_session_callback(ssl, my_psk_use_session_cb); + #endif + } +#endif + +#ifndef NO_CERTS + if (useClientCert && loadCertKeyIntoSSLObj){ + #ifdef NO_FILESYSTEM + if (wolfSSL_use_certificate_buffer(ssl, client_cert_der_2048, + sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't load client cert buffer"); + } + #elif !defined(TEST_LOAD_BUFFER) + if (wolfSSL_use_certificate_chain_file_format(ssl, ourCert, fileFormat) + != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't load client cert file, check file and run from" + " wolfSSL home dir"); + } + #else + load_ssl_buffer(ssl, ourCert, WOLFSSL_CERT_CHAIN); + #endif + } + + if (loadCertKeyIntoSSLObj + #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY) + && !pkCallbacks + #endif + ) { + #ifdef NO_FILESYSTEM + if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, client_key_der_2048, + sizeof_client_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + err_sys("can't load client private key buffer"); + #elif !defined(TEST_LOAD_BUFFER) + if (wolfSSL_use_PrivateKey_file(ssl, ourKey, fileFormat) + != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't load client private key file, check file and run " + "from wolfSSL home dir"); + } + #else + load_ssl_buffer(ssl, ourKey, WOLFSSL_KEY); + #endif + } +#endif /* !NO_CERTS */ + +#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK) + wolfSSL_KeepArrays(ssl); +#endif + +#ifdef HAVE_PK_CALLBACKS + /* This must be before SetKeyShare */ + if (pkCallbacks) { + SetupPkCallbackContexts(ssl, &pkCbInfo); + } +#endif + +#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) && \ + !defined(WOLFSSL_STATIC_MEMORY_LEAN) + LOG_ERROR("After creating SSL\n"); + if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1) + err_sys("ctx not using static memory"); + if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */ + err_sys("error printing out memory stats"); +#endif + +#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) + if (!helloRetry && (version >= 4 || version <= -4)) { + SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, usePqc, + pqcAlg, 0); + } + else { + wolfSSL_NoKeyShares(ssl); + } +#endif + + if (doMcast) { +#ifdef WOLFSSL_MULTICAST + /* DTLS multicast secret for testing only */ + #define CLI_SRV_RANDOM_SZ 32 /* RAN_LEN (see internal.h) */ + #define PMS_SZ 512 /* ENCRYPT_LEN (see internal.h) */ + byte pms[PMS_SZ]; /* pre master secret */ + byte cr[CLI_SRV_RANDOM_SZ]; /* client random */ + byte sr[CLI_SRV_RANDOM_SZ]; /* server random */ + const byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */ + + XMEMSET(pms, 0x23, sizeof(pms)); + XMEMSET(cr, 0xA5, sizeof(cr)); + XMEMSET(sr, 0x5A, sizeof(sr)); + + if (wolfSSL_set_secret(ssl, 1, pms, sizeof(pms), cr, sr, suite) + != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("unable to set mcast secret"); + } +#endif + } + + #ifdef HAVE_SESSION_TICKET + wolfSSL_set_SessionTicket_cb(ssl, sessionTicketCB, (void*)"initial session"); + #endif + +#ifdef HAVE_TRUSTED_CA + if (trustedCaKeyId) { + if (wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_PRE_AGREED, + NULL, 0) != WOLFSSL_SUCCESS) { + err_sys("UseTrustedCA failed"); + } + } +#endif +#ifdef HAVE_ALPN + if (alpnList != NULL) { + printf("ALPN accepted protocols list : %s\n", alpnList); + wolfSSL_UseALPN(ssl, alpnList, (word32)XSTRLEN(alpnList), alpn_opt); + } +#endif + +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + if (statusRequest) { + if (version == 4 && + (statusRequest == OCSP_STAPLINGV2 || \ + statusRequest == OCSP_STAPLINGV2_MULTI)) { + err_sys("Cannot use OCSP Stapling V2 with TLSv1.3"); + } + + if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS) + err_sys("can't enable OCSP Stapling Certificate Manager"); + if (mustStaple) { + if (wolfSSL_CTX_EnableOCSPMustStaple(ctx) != WOLFSSL_SUCCESS) + err_sys("can't enable OCSP Must Staple"); + } + + switch (statusRequest) { + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST + case OCSP_STAPLING: + if (wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR_OCSP, + WOLFSSL_CSR_OCSP_USE_NONCE) != WOLFSSL_SUCCESS) { + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("UseCertificateStatusRequest failed"); + } + break; + #endif + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + case OCSP_STAPLINGV2: + if (wolfSSL_UseOCSPStaplingV2(ssl, + WOLFSSL_CSR2_OCSP, WOLFSSL_CSR2_OCSP_USE_NONCE) + != WOLFSSL_SUCCESS) { + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("UseCertificateStatusRequest failed"); + } + break; + case OCSP_STAPLINGV2_MULTI: + if (wolfSSL_UseOCSPStaplingV2(ssl, + WOLFSSL_CSR2_OCSP_MULTI, 0) + != WOLFSSL_SUCCESS) { + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("UseCertificateStatusRequest failed"); + } + break; + #endif + default: + err_sys("Invalid OCSP Stapling option"); + } + + wolfSSL_CTX_EnableOCSP(ctx, 0); + } +#endif + +#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \ + !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + if (!doDhKeyCheck) + wolfSSL_SetEnableDhKeyTest(ssl, 0); +#endif + +#ifdef HAVE_ENCRYPT_THEN_MAC + if (disallowETM) + wolfSSL_AllowEncryptThenMac(ssl, 0); +#endif + + + tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, ssl); + if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("error in setting fd"); + } + + if (simulateWantWrite) { + if (dtlsUDP) { + wolfSSL_SetIOWriteCtx(ssl, (void*)&sockfd); + udp_connect(&sockfd, host, port); + } + } + + /* STARTTLS */ + if (doSTARTTLS) { + if (StartTLS_Init(&sockfd) != WOLFSSL_SUCCESS) { + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("error during STARTTLS protocol"); + } + } + +#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM) + if (disableCRL == 0 && !useVerifyCb) { + #if defined(HAVE_IO_TIMEOUT) && defined(HAVE_HTTP_CLIENT) + wolfIO_SetTimeout(DEFAULT_TIMEOUT_SEC); + #endif + + if (wolfSSL_EnableCRL(ssl, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS) { + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't enable crl check"); + } + if (wolfSSL_LoadCRL(ssl, crlPemDir, WOLFSSL_FILETYPE_PEM, 0) + != WOLFSSL_SUCCESS) { + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't load crl, check crlfile and date validity"); + } + if (wolfSSL_SetCRL_Cb(ssl, CRL_CallBack) != WOLFSSL_SUCCESS) { + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't set crl callback"); + } + } +#endif +#ifdef HAVE_SECURE_RENEGOTIATION + if (scr) { + if (wolfSSL_UseSecureRenegotiation(ssl) != WOLFSSL_SUCCESS) { + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't enable secure renegotiation"); + } + } +#endif +#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) + if (atomicUser) + SetupAtomicUser(ctx, ssl); +#endif + +#ifdef WOLFSSL_DTLS_CID + if (useDtlsCID) { + ret = wolfSSL_dtls_cid_use(ssl); + if (ret != WOLFSSL_SUCCESS) + err_sys("Can't enable DTLS ConnectionID"); + ret = wolfSSL_dtls_cid_set(ssl, (unsigned char*)dtlsCID, + (word32)XSTRLEN(dtlsCID)); + if (ret != WOLFSSL_SUCCESS) + err_sys("Can't set DTLS ConnectionID"); + } +#endif /* WOLFSSL_DTLS_CID */ + + if (matchName && doPeerCheck) + wolfSSL_check_domain_name(ssl, domain); +#ifndef WOLFSSL_CALLBACKS + if (nonBlocking) { +#ifdef WOLFSSL_DTLS + if (doDTLS) { + wolfSSL_dtls_set_using_nonblock(ssl, 1); + } +#endif + tcp_set_nonblocking(&sockfd); + ret = NonBlockingSSL_Connect(ssl); + } + else { +#ifdef WOLFSSL_EARLY_DATA + if (usePsk && earlyData) + EarlyData(ctx, ssl, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer); +#endif + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl), + ret != WOLFSSL_SUCCESS); + } +#else + timeoutConnect.tv_sec = DEFAULT_TIMEOUT_SEC; + timeoutConnect.tv_usec = 0; + ret = NonBlockingSSL_Connect(ssl); /* will keep retrying on timeout */ +#endif + if (ret != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); + LOG_ERROR("wolfSSL_connect error %d, %s\n", err, + wolfSSL_ERR_error_string((unsigned long)err, buffer)); + + /* cleanup */ + wolfSSL_free(ssl); ssl = NULL; + wolfSSL_CTX_free(ctx); ctx = NULL; + CloseSocket(sockfd); + + if (!exitWithRet) + err_sys("wolfSSL_connect failed"); + /* see note at top of README */ + /* if you're getting an error here */ + + ((func_args*)args)->return_code = err; + goto exit; + } + + showPeerEx(ssl, lng_index); + showPeerPEM(ssl); + + /* if the caller requested a particular cipher, check here that either + * a canonical name of the established cipher matches the requested + * cipher name, or the requested cipher name is marked as an alias + * that matches the established cipher. + */ + if (cipherList && !useDefCipherList && (! XSTRSTR(cipherList, ":"))) { + WOLFSSL_CIPHER* established_cipher = wolfSSL_get_current_cipher(ssl); + byte requested_cipherSuite0, requested_cipherSuite; + int requested_cipherFlags; + if (established_cipher && + /* don't test for pseudo-ciphers like "ALL" and "DEFAULT". */ + (wolfSSL_get_cipher_suite_from_name(cipherList, + &requested_cipherSuite0, + &requested_cipherSuite, + &requested_cipherFlags) == 0)) { + word32 established_cipher_id = + wolfSSL_CIPHER_get_id(established_cipher); + byte established_cipherSuite0 = (established_cipher_id >> 8) & 0xff; + byte established_cipherSuite = established_cipher_id & 0xff; + const char *established_cipher_name = + wolfSSL_get_cipher_name_from_suite(established_cipherSuite0, + established_cipherSuite); + const char *established_cipher_name_iana = + wolfSSL_get_cipher_name_iana_from_suite(established_cipherSuite0, + established_cipherSuite); + + if (established_cipher_name == NULL) + err_sys("error looking up name of established cipher"); + + if (strcmp(cipherList, established_cipher_name) && + ((established_cipher_name_iana == NULL) || + strcmp(cipherList, established_cipher_name_iana))) { + if (! (requested_cipherFlags & WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS)) + err_sys("Unexpected mismatch between names of requested and established ciphers."); + else if ((requested_cipherSuite0 != established_cipherSuite0) || + (requested_cipherSuite != established_cipherSuite)) + err_sys("Mismatch between IDs of requested and established ciphers."); + } + } + } + +#if defined(HAVE_OCSP) && !defined(NO_ASN_TIME) +#ifdef HAVE_STRFTIME + { + struct tm tm; + char date[32]; + ret = wolfSSL_get_ocsp_producedDate_tm(ssl, &tm); + if ((ret == 0) && (strftime(date, sizeof date, "%Y-%m-%d %H:%M:%S %z", &tm) > 0)) + printf("OCSP response timestamp: %s\n", date); + } +#else + { + byte date[MAX_DATE_SIZE]; + int asn_date_format; + ret = wolfSSL_get_ocsp_producedDate(ssl, date, sizeof date, &asn_date_format); + if (ret == 0) + printf("OCSP response timestamp: %s (ASN.1 type %d)\n", (char *)date, asn_date_format); + } +#endif +#endif + +#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK) + printf("Session timeout set to %ld seconds\n", wolfSSL_get_timeout(ssl)); + { + byte* rnd; + byte* pt; + size_t size; + + /* get size of buffer then print */ + size = wolfSSL_get_client_random(NULL, NULL, 0); + if (size == 0) { + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("error getting client random buffer size"); + } + + rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (rnd == NULL) { + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("error creating client random buffer"); + } + + size = wolfSSL_get_client_random(ssl, rnd, size); + if (size == 0) { + XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("error getting client random buffer"); + } + + printf("Client Random : "); + for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt); + printf("\n"); + XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + } +#endif + +#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && (defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_OPENSSH))) +#if !defined(NO_SESSION_CACHE) && \ + (defined(HAVE_SESSION_TICKET) || defined(SESSION_CERTS)) && \ + !defined(NO_FILESYSTEM) + #ifndef NO_BIO + /* print out session to stdout */ + { + WOLFSSL_BIO* bio = wolfSSL_BIO_new_fp(stdout, BIO_NOCLOSE); + if (bio != NULL) { + if (wolfSSL_SESSION_print(bio, wolfSSL_get_session(ssl)) != + WOLFSSL_SUCCESS) { + wolfSSL_BIO_printf(bio, "BIO error printing session\n"); + } + } + wolfSSL_BIO_free(bio); + } + #endif /* !NO_BIO */ +#endif +#endif + + if (doSTARTTLS && starttlsProt != NULL) { + if (XSTRCMP(starttlsProt, "smtp") == 0) { + if (SMTP_Shutdown(ssl, wc_shutdown) != WOLFSSL_SUCCESS) { + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("error closing STARTTLS connection"); + } + } + + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + + wolfSSL_CTX_free(ctx); ctx = NULL; + + ((func_args*)args)->return_code = 0; + WOLFSSL_RETURN_FROM_THREAD(0); + } + +#ifdef HAVE_ALPN + if (alpnList != NULL) { + char *protocol_name = NULL; + word16 protocol_nameSz = 0; + + err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, &protocol_nameSz); + if (err == WOLFSSL_SUCCESS) + printf("Received ALPN protocol : %s (%d)\n", + protocol_name, protocol_nameSz); + else if (err == WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND)) + printf("No ALPN response received (no match with server)\n"); + else + printf("Getting ALPN protocol name failed\n"); + } +#endif + +#ifdef WOLFSSL_DTLS_CID + if (useDtlsCID && wolfSSL_dtls_cid_is_enabled(ssl)) { + unsigned char receivedCID[DTLS_CID_BUFFER_SIZE]; + unsigned int receivedCIDSz; + + printf("CID extension was negotiated\n"); + ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz); + if (ret == WOLFSSL_SUCCESS && receivedCIDSz > 0) { + ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID, + DTLS_CID_BUFFER_SIZE - 1); + if (ret != WOLFSSL_SUCCESS) + err_sys("Can't get negotiated DTLS CID\n"); + + printf("Sending CID is "); + printBuffer(receivedCID, receivedCIDSz); + printf("\n"); + } + else { + printf("other peer provided empty CID\n"); + } + } +#endif /* WOLFSSL_DTLS_CID */ + +#ifdef HAVE_SECURE_RENEGOTIATION + if (scr && forceScr) { + if (nonBlocking) { + if (!resumeScr) { + if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); + if (err == WOLFSSL_ERROR_WANT_READ || + err == WOLFSSL_ERROR_WANT_WRITE) { + if (scrAppData) { + ret = ClientWrite(ssl, + "msg sent during renegotiation", + sizeof("msg sent during renegotiation") - 1, + "", 1); + } + else { + ret = 0; + } + if (ret != 0) { + ret = WOLFSSL_FAILURE; + } + else { + do { + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + #endif + if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) { + if (wolfSSL_read(ssl, reply, + sizeof(reply)-1) < 0) { + err_sys("APP DATA should be present " + "but error returned"); + } + printf("Received message during " + "renegotiation: %s\n", reply); + } + err = 0; + if ((ret = wolfSSL_connect(ssl)) + != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, ret); + } + } while (ret != WOLFSSL_SUCCESS && + (err == WOLFSSL_ERROR_WANT_READ || + err == WOLFSSL_ERROR_WANT_WRITE || + err == WC_NO_ERR_TRACE(APP_DATA_READY) || + err == WC_NO_ERR_TRACE(WC_PENDING_E))); + } + + if (ret == WOLFSSL_SUCCESS) { + printf("NON-BLOCKING RENEGOTIATION SUCCESSFUL\n"); + } + } + if (ret != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); + LOG_ERROR("wolfSSL_Rehandshake error %d, %s\n", err, + wolfSSL_ERR_error_string(err, buffer)); + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("non-blocking wolfSSL_Rehandshake failed"); + } + } + } + else { + LOG_ERROR("not doing secure resumption with non-blocking"); + } + } else { + if (!resumeScr) { + printf("Beginning secure renegotiation.\n"); + if ((ret = wolfSSL_Rehandshake(ssl)) != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); +#ifdef WOLFSSL_ASYNC_CRYPT + while (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + err = 0; + ret = wolfSSL_negotiate(ssl); + if (ret != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + } + } +#endif + if (ret != WOLFSSL_SUCCESS) { + printf("err = %d, %s\n", err, + wolfSSL_ERR_error_string(err, buffer)); + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("wolfSSL_Rehandshake failed"); + } + } + else { + printf("RENEGOTIATION SUCCESSFUL\n"); + } + } + else { + printf("Beginning secure resumption.\n"); + if ((ret = wolfSSL_SecureResume(ssl)) != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); +#ifdef WOLFSSL_ASYNC_CRYPT + while (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + err = 0; + ret = wolfSSL_negotiate(ssl); + if (ret != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + } + } +#endif + if (ret != WOLFSSL_SUCCESS) { + printf("err = %d, %s\n", err, + wolfSSL_ERR_error_string(err, buffer)); + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("wolfSSL_SecureResume failed"); + } + } + else { + printf("SECURE RESUMPTION SUCCESSFUL\n"); + } + } + } + } +#endif /* HAVE_SECURE_RENEGOTIATION */ + + XMEMSET(msg, 0, sizeof(msg)); + if (sendGET) { + printf("SSL connect ok, sending GET...\n"); + + msgSz = (int)XSTRLEN(kHttpGetMsg); + XMEMCPY(msg, kHttpGetMsg, (size_t)msgSz); + } + else { + msgSz = (int)XSTRLEN(kHelloMsg); + XMEMCPY(msg, kHelloMsg, (size_t)msgSz); + } + +/* allow some time for exporting the session */ +#ifdef WOLFSSL_SESSION_EXPORT_DEBUG + TEST_DELAY(); +#endif /* WOLFSSL_SESSION_EXPORT_DEBUG */ + +#ifdef WOLFSSL_SRTP + if (dtlsSrtpProfiles != NULL) { + err = client_srtp_test(ssl, (func_args*)args); + if (err != 0) { + if (exitWithRet) { + ((func_args*)args)->return_code = err; + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + goto exit; + } + /* else */ + err_sys("SRTP check failed"); + } + } +#endif /* WOLFSSL_SRTP */ + +#ifdef WOLFSSL_TLS13 + if (updateKeysIVs) + wolfSSL_update_keys(ssl); +#endif + + err = ClientWriteRead(ssl, msg, msgSz, reply, sizeof(reply)-1, 1, "", + exitWithRet); + if (exitWithRet && (err != 0)) { + ((func_args*)args)->return_code = err; + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + goto exit; + } + +#if defined(WOLFSSL_TLS13) + if (updateKeysIVs || postHandAuth) + (void)ClientWrite(ssl, msg, msgSz, "", 0); +#endif + +#if defined(HAVE_SESSION_TICKET) + while (waitTicket == 1) { + unsigned char ticketBuf[SESSION_TICKET_LEN]; + int zeroReturn = 0; + word32 size; + + (void)zeroReturn; + size = sizeof(ticketBuf); + err = wolfSSL_get_SessionTicket(ssl, ticketBuf, &size); + if (err < 0) + err_sys("wolfSSL_get_SessionTicket failed"); + + if (size == 0) { + err = process_handshake_messages(ssl, !nonBlocking, &zeroReturn); + if (err < 0) + err_sys("error waiting for session ticket "); + } + else { + waitTicket = 0; + } + } +#endif + +#ifndef NO_SESSION_CACHE + if (resumeSession) { + session = wolfSSL_get1_session(ssl); + } +#endif + +#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \ + defined(HAVE_EXT_CACHE)) + if (session != NULL && resumeSession) { + flatSessionSz = wolfSSL_i2d_SSL_SESSION(session, NULL); + if (flatSessionSz != 0) { + int checkSz = wolfSSL_i2d_SSL_SESSION(session, &flatSession); + if (flatSession == NULL) + err_sys("error creating flattened session buffer"); + if (checkSz != flatSessionSz) { + XFREE(flatSession, NULL, DYNAMIC_TYPE_TMP_BUFFER); + err_sys("flat session size check failure"); + } + /* using heap based flat session, free original session */ + wolfSSL_SESSION_free(session); + session = NULL; + } + } +#endif + + ret = wolfSSL_shutdown(ssl); + if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) == + TEST_RECV_READY) { + ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ + if (ret == WOLFSSL_SUCCESS) { + printf("Bidirectional shutdown complete\n"); + break; + } + else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) { + LOG_ERROR("Bidirectional shutdown failed\n"); + break; + } + } + if (ret != WOLFSSL_SUCCESS) + LOG_ERROR("Bidirectional shutdown failed\n"); + } +#if defined(ATOMIC_USER) && !defined(WOLFSSL_AEAD_ONLY) + if (atomicUser) + FreeAtomicUser(ssl); +#endif + + /* display collected statistics */ +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) + if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1) + err_sys("static memory was not used with ssl"); + + LOG_ERROR("\nprint off SSL memory stats\n"); + LOG_ERROR("*** This is memory state before wolfSSL_free is called\n"); + wolfSSL_PrintStatsConn(&ssl_stats); +#endif + + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(sockfd); + +#ifndef NO_SESSION_CACHE + if (resumeSession) { + sslResume = wolfSSL_new(ctx); + if (sslResume == NULL) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("unable to get SSL object"); + } + +#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \ + !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + if (!doDhKeyCheck) + wolfSSL_SetEnableDhKeyTest(sslResume, 0); +#endif +#ifdef HAVE_PK_CALLBACKS + if (pkCallbacks) { + SetupPkCallbackContexts(sslResume, &pkCbInfo); + } +#endif + + if (dtlsUDP) { + TEST_DELAY(); + } + tcp_connect(&sockfd, host, port, dtlsUDP, dtlsSCTP, sslResume); + if (wolfSSL_set_fd(sslResume, sockfd) != WOLFSSL_SUCCESS) { + wolfSSL_free(sslResume); sslResume = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("error in setting fd"); + } + if (simulateWantWrite) { + if (dtlsUDP) { + wolfSSL_SetIOWriteCtx(ssl, (void*)&sockfd); + udp_connect(&sockfd, host, port); + } + } +#ifdef HAVE_ALPN + if (alpnList != NULL) { + printf("ALPN accepted protocols list : %s\n", alpnList); + wolfSSL_UseALPN(sslResume, alpnList, (word32)XSTRLEN(alpnList), + alpn_opt); + } +#endif +#ifdef HAVE_SECURE_RENEGOTIATION + if (scr) { + if (wolfSSL_UseSecureRenegotiation(sslResume) != WOLFSSL_SUCCESS) { + wolfSSL_free(sslResume); sslResume = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't enable secure renegotiation"); + } + } +#endif + +#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \ + defined(HAVE_EXT_CACHE)) + if (flatSession) { + const byte* constFlatSession = flatSession; + session = wolfSSL_d2i_SSL_SESSION(NULL, + &constFlatSession, flatSessionSz); + } +#endif + + wolfSSL_set_session(sslResume, session); + +#if !defined(NO_SESSION_CACHE) && (defined(OPENSSL_EXTRA) || \ + defined(HAVE_EXT_CACHE)) + XFREE(flatSession, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + wolfSSL_SESSION_free(session); + session = NULL; + +#ifdef HAVE_SESSION_TICKET + wolfSSL_set_SessionTicket_cb(sslResume, sessionTicketCB, + (void*)"resumed session"); +#endif + +#ifndef WOLFSSL_CALLBACKS + if (nonBlocking) { +#ifdef WOLFSSL_DTLS + if (doDTLS) { + wolfSSL_dtls_set_using_nonblock(sslResume, 1); + } +#endif + tcp_set_nonblocking(&sockfd); + ret = NonBlockingSSL_Connect(sslResume); + } + else { + #ifdef WOLFSSL_EARLY_DATA + #ifndef HAVE_SESSION_TICKET + if (!usePsk) { + } + else + #endif + if (earlyData) { + EarlyData(ctx, sslResume, kEarlyMsg, sizeof(kEarlyMsg)-1, buffer); + } + #endif + do { + err = 0; /* reset error */ + ret = wolfSSL_connect(sslResume); + if (ret != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(sslResume, 0); + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(sslResume, + WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + #endif + } + } while (err == WC_NO_ERR_TRACE(WC_PENDING_E)); + } +#else + timeoutConnect.tv_sec = DEFAULT_TIMEOUT_SEC; + timeoutConnect.tv_usec = 0; + ret = NonBlockingSSL_Connect(sslResume); /* will keep retrying on timeout */ +#endif + if (ret != WOLFSSL_SUCCESS) { + LOG_ERROR("wolfSSL_connect resume error %d, %s\n", err, + wolfSSL_ERR_error_string((unsigned long)err, buffer)); + wolfSSL_free(sslResume); sslResume = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("wolfSSL_connect resume failed"); + } + + showPeerEx(sslResume, lng_index); + showPeerPEM(sslResume); + + if (wolfSSL_session_reused(sslResume)) + printf("reused session id\n"); + else + LOG_ERROR("didn't reuse session id!!!\n"); + +#ifdef HAVE_ALPN + if (alpnList != NULL) { + char *protocol_name = NULL; + word16 protocol_nameSz = 0; + + printf("Sending ALPN accepted list : %s\n", alpnList); + err = wolfSSL_ALPN_GetProtocol(sslResume, &protocol_name, + &protocol_nameSz); + if (err == WOLFSSL_SUCCESS) + printf("Received ALPN protocol : %s (%d)\n", + protocol_name, protocol_nameSz); + else if (err == WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND)) + printf("Not received ALPN response (no match with server)\n"); + else + printf("Getting ALPN protocol name failed\n"); + } +#endif + + /* allow some time for exporting the session */ + #ifdef WOLFSSL_SESSION_EXPORT_DEBUG + TEST_DELAY(); + #endif /* WOLFSSL_SESSION_EXPORT_DEBUG */ + +#ifdef HAVE_SECURE_RENEGOTIATION + if (scr && forceScr) { + if (nonBlocking) { + printf("not doing secure renegotiation on example with" + " nonblocking yet\n"); + } else { + if (!resumeScr) { + printf("Beginning secure renegotiation.\n"); + if (wolfSSL_Rehandshake(sslResume) != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(sslResume, 0); + LOG_ERROR("err = %d, %s\n", err, + wolfSSL_ERR_error_string(err, buffer)); + wolfSSL_free(sslResume); sslResume = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("wolfSSL_Rehandshake failed"); + } + else { + printf("RENEGOTIATION SUCCESSFUL\n"); + } + } + else { + printf("Beginning secure resumption.\n"); + if (wolfSSL_SecureResume(sslResume) != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(sslResume, 0); + LOG_ERROR("err = %d, %s\n", err, + wolfSSL_ERR_error_string(err, buffer)); + wolfSSL_free(sslResume); sslResume = NULL; + CloseSocket(sockfd); + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("wolfSSL_SecureResume failed"); + } + else { + printf("SECURE RESUMPTION SUCCESSFUL\n"); + } + } + } + } +#endif /* HAVE_SECURE_RENEGOTIATION */ + + XMEMSET(msg, 0, sizeof(msg)); + if (sendGET) { + msgSz = (int)XSTRLEN(kHttpGetMsg); + XMEMCPY(msg, kHttpGetMsg, (size_t)msgSz); + } + else { + msgSz = (int)XSTRLEN(kResumeMsg); + XMEMCPY(msg, kResumeMsg, (size_t)msgSz); + } + + (void)ClientWriteRead(sslResume, msg, msgSz, reply, sizeof(reply)-1, + sendGET, " resume", 0); + + ret = wolfSSL_shutdown(sslResume); + if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) + wolfSSL_shutdown(sslResume); /* bidirectional shutdown */ + + /* display collected statistics */ + #if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) + if (wolfSSL_is_static_memory(sslResume, &ssl_stats) != 1) + err_sys("static memory was not used with ssl"); + + LOG_ERROR("\nprint off SSLresume memory stats\n"); + LOG_ERROR("*** This is memory state before wolfSSL_free is called\n"); + wolfSSL_PrintStatsConn(&ssl_stats); + #endif + + wolfSSL_free(sslResume); sslResume = NULL; + CloseSocket(sockfd); + } +#endif /* !NO_SESSION_CACHE */ + + wolfSSL_CTX_free(ctx); ctx = NULL; + + ((func_args*)args)->return_code = 0; + +exit: + +#ifdef WOLFSSL_WOLFSENTRY_HOOKS + wolfsentry_ret = + wolfsentry_shutdown(WOLFSENTRY_CONTEXT_ARGS_OUT_EX4(&wolfsentry, NULL)); + if (wolfsentry_ret < 0) { + LOG_ERROR( + "wolfsentry_shutdown() returned " WOLFSENTRY_ERROR_FMT "\n", + WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret)); + } +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + wolfAsync_DevClose(&devId); +#endif + +#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \ + && defined(HAVE_STACK_SIZE) + wc_ecc_fp_free(); /* free per thread cache */ +#endif + + /* There are use cases when these assignments are not read. To avoid + * potential confusion those warnings have been handled here. + */ + (void) useClientCert; + (void) verifyCert; + (void) ourCert; + (void) ourKey; + (void) useVerifyCb; + (void) customVerifyCert; + + WOLFSSL_RETURN_FROM_THREAD(0); +} + +#endif /* !NO_WOLFSSL_CLIENT && !NO_TLS */ + + +/* so overall tests can pull in test function */ +#ifndef NO_MAIN_DRIVER + + int main(int argc, char** argv) + { + func_args args; + + StartTCP(); + +#if defined(WOLFSSL_SRTP) && defined(WOLFSSL_COND) + args.srtp_helper = NULL; +#endif + args.argc = argc; + args.argv = argv; + args.return_code = 0; + +#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL) && !defined(STACK_TRAP) + wolfSSL_Debugging_ON(); +#endif + wolfSSL_Init(); + ChangeToWolfRoot(); + +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) +#ifdef HAVE_STACK_SIZE + StackSizeCheck(&args, client_test); +#else + client_test(&args); +#endif +#else + fprintf(stderr, "Client not compiled in!\n"); +#endif + wolfSSL_Cleanup(); + +#ifdef HAVE_WNR + if (wc_FreeNetRandom() < 0) + err_sys("Failed to free netRandom context"); +#endif /* HAVE_WNR */ + + return args.return_code; + } + + int myoptind = 0; + char* myoptarg = NULL; + +#endif /* NO_MAIN_DRIVER */ diff --git a/test/ssl/wolfssl/examples/client/client.h b/test/ssl/wolfssl/examples/client/client.h new file mode 100644 index 000000000..1ac2ae032 --- /dev/null +++ b/test/ssl/wolfssl/examples/client/client.h @@ -0,0 +1,31 @@ +/* client.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLFSSL_CLIENT_H +#define WOLFSSL_CLIENT_H + + +THREAD_RETURN WOLFSSL_THREAD client_test(void* args); + + +#endif /* WOLFSSL_CLIENT_H */ + diff --git a/test/ssl/wolfssl/examples/server/server.c b/test/ssl/wolfssl/examples/server/server.c new file mode 100644 index 000000000..06e0aeb6a --- /dev/null +++ b/test/ssl/wolfssl/examples/server/server.c @@ -0,0 +1,4124 @@ +/* server.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* For simpler wolfSSL TLS server examples, visit + * https://github.com/wolfSSL/wolfssl-examples/tree/master/tls + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#ifndef WOLFSSL_USER_SETTINGS + #include +#endif +#include + +#undef TEST_OPENSSL_COEXIST /* can't use this option with this example */ +#undef OPENSSL_COEXIST /* can't use this option with this example */ + +/* Force enable the compatibility macros for this example */ +#ifndef OPENSSL_EXTRA_X509_SMALL +#define OPENSSL_EXTRA_X509_SMALL +#endif +#include + +#undef OPENSSL_EXTRA_X509_SMALL +#include /* name change portability layer */ + +#ifdef HAVE_ECC + #include /* wc_ecc_fp_free */ +#endif + +#ifdef WOLFSSL_WOLFSENTRY_HOOKS +#include +#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON) +static const char *wolfsentry_config_path = NULL; +#endif +#endif /* WOLFSSL_WOLFSENTRY_HOOKS */ +#if defined(WOLFSSL_MDK_ARM) || defined(WOLFSSL_KEIL_TCP_NET) + #include + #include + #include "rl_fs.h" + #include "rl_net.h" +#endif + +#ifdef NO_FILESYSTEM + #ifdef NO_RSA + #error currently the example only tries to load in a RSA buffer + #endif + #undef USE_CERT_BUFFERS_2048 + #define USE_CERT_BUFFERS_2048 + #include +#endif + +#include +#include + +#include "examples/server/server.h" + +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) + +#if defined(WOLFSSL_TLS13) && ( \ + defined(HAVE_ECC) \ + || defined(HAVE_CURVE25519) \ + || defined(HAVE_CURVE448) \ + || defined(HAVE_FFDHE_2048)) + #define CAN_FORCE_CURVE +#endif +#if defined(CAN_FORCE_CURVE) && defined(HAVE_ECC) +struct group_info { + word16 group; + const char *name; +}; +static struct group_info group_id_to_text[] = { + { WOLFSSL_ECC_SECP160K1, "SECP160K1" }, + { WOLFSSL_ECC_SECP160R1, "SECP160R1" }, + { WOLFSSL_ECC_SECP160R2, "SECP160R2" }, + { WOLFSSL_ECC_SECP192K1, "SECP192K1" }, + { WOLFSSL_ECC_SECP192R1, "SECP192R1" }, + { WOLFSSL_ECC_SECP224K1, "SECP224K1" }, + { WOLFSSL_ECC_SECP224R1, "SECP224R1" }, + { WOLFSSL_ECC_SECP256K1, "SECP256K1" }, + { WOLFSSL_ECC_SECP256R1, "SECP256R1" }, + { WOLFSSL_ECC_SECP384R1, "SECP384R1" }, + { WOLFSSL_ECC_SECP521R1, "SECP521R1" }, + { WOLFSSL_ECC_BRAINPOOLP256R1, "BRAINPOOLP256R1" }, + { WOLFSSL_ECC_BRAINPOOLP384R1, "BRAINPOOLP384R1" }, + { WOLFSSL_ECC_BRAINPOOLP512R1, "BRAINPOOLP512R1" }, + { 0, NULL } +}; +#endif /* CAN_FORCE_CURVE && HAVE_ECC */ + +#ifdef WOLFSSL_ASYNC_CRYPT + static int devId = INVALID_DEVID; +#endif + +#define DEFAULT_TIMEOUT_SEC 2 + +/* Note on using port 0: if the server uses port 0 to bind an ephemeral port + * number and is using the ready file for scripted testing, the code in + * test.h will write the actual port number into the ready file for use + * by the client. */ + +#ifndef WOLFSSL_ALT_TEST_STRINGS +static const char kReplyMsg[] = "I hear you fa shizzle!"; +#else +static const char kReplyMsg[] = "I hear you fa shizzle!\n"; +#endif + +static const char kHttpServerMsg[] = + "HTTP/1.1 200 OK\r\n" + "Content-Type: text/html\r\n" + "Connection: close\r\n" + "Content-Length: 141\r\n" + "\r\n" + "\r\n" + "\r\n" + "Welcome to wolfSSL!\r\n" + "\r\n" + "\r\n" + "

wolfSSL has successfully performed handshake!

\r\n" + "\r\n" + "\r\n"; + +/* Read needs to be largest of the client.c message strings (29) */ +#define SRV_READ_SZ 32 + + +int runWithErrors = 0; /* Used with -x flag to run err_sys vs. print errors */ +int catastrophic = 0; /* Use with -x flag to still exit when an error is + * considered catastrophic EG the servers own cert failing + * to load would be catastrophic since there would be no + * cert to send to clients attempting to connect. The + * server should error out completely in that case + */ +static int quieter = 0; /* Print fewer messages. This is helpful with overly + * ambitious log parsers. */ +static int lng_index = 0; + +#define LOG_ERROR(...) \ + do { \ + if (!quieter) \ + fprintf(stderr, __VA_ARGS__); \ + } while(0) + +#ifdef WOLFSSL_CALLBACKS + #if !defined(NO_OLD_TIMEVAL_NAME) + Timeval srvTo; + #else + WOLFSSL_TIMEVAL srvTo; + #endif + static int srvHandShakeCB(HandShakeInfo* info) + { + (void)info; + return 0; + } + + static int srvTimeoutCB(TimeoutInfo* info) + { + (void)info; + return 0; + } + +#endif + +#ifndef NO_HANDSHAKE_DONE_CB + static int myHsDoneCb(WOLFSSL* ssl, void* user_ctx) + { + (void)user_ctx; + (void)ssl; + + /* printf("Notified HandShake done\n"); */ + + /* return negative number to end TLS connection now */ + return 0; + } +#endif + +static void err_sys_ex(int out, const char* msg) +{ + if (out == 1) { /* if server is running w/ -x flag, print error w/o exit */ + LOG_ERROR("wolfSSL error: %s\n", msg); + LOG_ERROR("Continuing server execution...\n\n"); + } else { + err_sys(msg); + } +} + + +#if defined(WOLFSSL_DTLS) && defined(USE_WOLFSSL_IO) + +/* Translates return codes returned from + * send() and recv() if need be. + */ +static WC_INLINE int TranslateReturnCode(int old, int sd) +{ + (void)sd; + +#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + if (old == 0) { + errno = SOCKET_EWOULDBLOCK; + return -1; /* convert to BSD style wouldblock as error */ + } + + if (old < 0) { + errno = RTCS_geterror(sd); + if (errno == RTCSERR_TCP_CONN_CLOSING) + return 0; /* convert to BSD style closing */ + if (errno == RTCSERR_TCP_CONN_RLSD) + errno = SOCKET_ECONNRESET; + if (errno == RTCSERR_TCP_TIMED_OUT) + errno = SOCKET_EAGAIN; + } +#endif + + return old; +} + +static WC_INLINE int wolfSSL_LastError(void) +{ +#ifdef USE_WINDOWS_API + return WSAGetLastError(); +#elif defined(EBSNET) + return xn_getlasterror(); +#else + return errno; +#endif +} + +/* wolfSSL Sock Addr */ +struct WOLFSSL_TEST_SOCKADDR { + unsigned int sz; /* sockaddr size */ + SOCKADDR_IN_T sa; /* pointer to the sockaddr_in or sockaddr_in6 */ +}; + +typedef struct WOLFSSL_TEST_DTLS_CTX { + struct WOLFSSL_TEST_SOCKADDR peer; + int rfd; + int wfd; + int failOnce; + word32 blockSeq; +} WOLFSSL_TEST_DTLS_CTX; + + +static WC_INLINE int PeekSeq(const char* buf, word32* seq) +{ + const char* c = buf + 3; + + if ((c[0] | c[1] | c[2] | c[3]) == 0) { + *seq = ((word32)c[4] << 24) | ((word32)c[5] << 16) | + ((word32)c[6] << 8) | (word32)c[7]; + return 1; + } + + return 0; +} + +/* The send embedded callback + * return : nb bytes sent, or error + */ +static int TestEmbedSendTo(WOLFSSL* ssl, char *buf, int sz, void *ctx) +{ + WOLFSSL_TEST_DTLS_CTX* dtlsCtx = (WOLFSSL_TEST_DTLS_CTX*)ctx; + int sd = dtlsCtx->wfd; + int sent; + + (void)ssl; + + WOLFSSL_ENTER("TestEmbedSendTo"); + + if (dtlsCtx->failOnce) { + word32 seq = 0; + + if (PeekSeq(buf, &seq) && seq == dtlsCtx->blockSeq) { + dtlsCtx->failOnce = 0; + WOLFSSL_MSG("Forcing WANT_WRITE"); + return WOLFSSL_CBIO_ERR_WANT_WRITE; + } + } + + sent = (int)sendto(sd, buf, (size_t)sz, 0, + (const SOCKADDR*)&dtlsCtx->peer.sa, dtlsCtx->peer.sz); + + sent = TranslateReturnCode(sent, sd); + + if (sent < 0) { + int err = wolfSSL_LastError(); + WOLFSSL_MSG("Embed Send To error"); + + if (err == SOCKET_EWOULDBLOCK || err == SOCKET_EAGAIN) { + WOLFSSL_MSG("\tWould Block"); + return WOLFSSL_CBIO_ERR_WANT_WRITE; + } + else if (err == SOCKET_ECONNRESET) { + WOLFSSL_MSG("\tConnection reset"); + return WOLFSSL_CBIO_ERR_CONN_RST; + } + else if (err == SOCKET_EINTR) { + WOLFSSL_MSG("\tSocket interrupted"); + return WOLFSSL_CBIO_ERR_ISR; + } + else if (err == SOCKET_EPIPE) { + WOLFSSL_MSG("\tSocket EPIPE"); + return WOLFSSL_CBIO_ERR_CONN_CLOSE; + } + else { + WOLFSSL_MSG("\tGeneral error"); + return WOLFSSL_CBIO_ERR_GENERAL; + } + } + + return sent; +} +#endif /* WOLFSSL_DTLS && USE_WOLFSSL_IO */ + +static int NonBlockingSSL_Accept(SSL* ssl) +{ +#ifndef WOLFSSL_CALLBACKS + int ret = SSL_accept(ssl); +#else + int ret = wolfSSL_accept_ex(ssl, srvHandShakeCB, srvTimeoutCB, srvTo); +#endif + int error = SSL_get_error(ssl, 0); + SOCKET_T sockfd = (SOCKET_T)SSL_get_fd(ssl); + int select_ret = 0; + + while (ret != WOLFSSL_SUCCESS && + (error == WOLFSSL_ERROR_WANT_READ || error == WOLFSSL_ERROR_WANT_WRITE + #ifdef WOLFSSL_ASYNC_CRYPT + || error == WC_NO_ERR_TRACE(WC_PENDING_E) + #endif + )) { + if (error == WOLFSSL_ERROR_WANT_READ) { + /* printf("... server would read block\n"); */ + } + else if (error == WOLFSSL_ERROR_WANT_WRITE) { + /* printf("... server would write block\n"); */ + } + + #ifdef WOLFSSL_ASYNC_CRYPT + if (error == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + else + #endif + { + int currTimeout = 1; + + if (error == WOLFSSL_ERROR_WANT_WRITE) + { + select_ret = tcp_select_tx(sockfd, currTimeout); + } + else { + #ifdef WOLFSSL_DTLS + if (wolfSSL_dtls(ssl)) + currTimeout = wolfSSL_dtls_get_current_timeout(ssl); + #endif + select_ret = tcp_select(sockfd, currTimeout); + } + } + + if ((select_ret == TEST_RECV_READY) || (select_ret == TEST_SEND_READY) + || (select_ret == TEST_ERROR_READY) + #ifdef WOLFSSL_ASYNC_CRYPT + || error == WC_NO_ERR_TRACE(WC_PENDING_E) + #endif + ) { + #ifndef WOLFSSL_CALLBACKS + ret = SSL_accept(ssl); + #else + ret = wolfSSL_accept_ex(ssl, + srvHandShakeCB, srvTimeoutCB, srvTo); + #endif + error = SSL_get_error(ssl, 0); + } + else if (select_ret == TEST_TIMEOUT && !wolfSSL_dtls(ssl)) { + error = WOLFSSL_ERROR_WANT_READ; + } + #ifdef WOLFSSL_DTLS + else if (select_ret == TEST_TIMEOUT && wolfSSL_dtls(ssl)) { + ret = wolfSSL_dtls_got_timeout(ssl); + if (ret != WOLFSSL_SUCCESS) + error = wolfSSL_get_error(ssl, ret); + else + error = WOLFSSL_ERROR_WANT_READ; + ret = WOLFSSL_FAILURE; /* Reset error so we loop */ + } + #endif + else { + error = WOLFSSL_FATAL_ERROR; + } + } + + return ret; +} + +/* Echo number of bytes specified by -B arg */ +int ServerEchoData(SSL* ssl, int clientfd, int echoData, int block, + size_t throughput) +{ + int ret = 0, err; + double start = 0, rx_time = 0, tx_time = 0; + int len, rx_pos; + size_t xfer_bytes = 0; + char* buffer; + + buffer = (char*)XMALLOC((size_t)block, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (!buffer) { + err_sys_ex(runWithErrors, "Server buffer malloc failed"); + } + + while ((echoData && throughput == 0) || + (!echoData && xfer_bytes < throughput)) + { + int select_ret = tcp_select(clientfd, 1); /* Timeout=1 second */ + if (select_ret == TEST_RECV_READY) { + + if (throughput) + len = (int)min((word32)block, (word32)(throughput - xfer_bytes)); + else + len = block; + rx_pos = 0; + + if (throughput) { + start = current_time(1); + } + + /* Read data */ + while (rx_pos < len) { + ret = SSL_read(ssl, &buffer[rx_pos], len - rx_pos); + if (ret <= 0) { + err = SSL_get_error(ssl, 0); + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + else + #endif + if (err != WOLFSSL_ERROR_WANT_READ && + err != WOLFSSL_ERROR_WANT_WRITE && + err != WOLFSSL_ERROR_ZERO_RETURN && + err != WC_NO_ERR_TRACE(APP_DATA_READY)) + { + LOG_ERROR("SSL_read echo error %d\n", err); + err_sys_ex(runWithErrors, "SSL_read failed"); + break; + } + if (err == WOLFSSL_ERROR_ZERO_RETURN) { + XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return WOLFSSL_ERROR_ZERO_RETURN; + } + } + else { + rx_pos += ret; + if (!throughput) + break; + } + } + if (throughput) { + rx_time += current_time(0) - start; + start = current_time(1); + } + + /* Write data */ + WOLFSSL_ASYNC_WHILE_PENDING( + ret = SSL_write(ssl, buffer, (int)min((word32)len, (word32)rx_pos)), + ret <= 0); + if (ret != (int)min((word32)len, (word32)rx_pos)) { + LOG_ERROR("SSL_write echo error %d\n", err); + err_sys_ex(runWithErrors, "SSL_write failed"); + } + + if (throughput) { + tx_time += current_time(0) - start; + } + + xfer_bytes += (size_t)len; + } + } + + XFREE(buffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + if (throughput) { +#ifdef __MINGW32__ +#define SIZE_FMT "%d" +#define SIZE_TYPE int +#else +#define SIZE_FMT "%zu" +#define SIZE_TYPE size_t +#endif + if (rx_time > 0.0 && tx_time > 0.0) { + printf( + "wolfSSL Server Benchmark " SIZE_FMT " bytes\n" + "\tRX %8.3f ms (%8.3f MBps)\n" + "\tTX %8.3f ms (%8.3f MBps)\n", + (SIZE_TYPE)throughput, + (double)rx_time * 1000, (double)throughput / rx_time / 1024 / 1024, + (double)tx_time * 1000, (double)throughput / tx_time / 1024 / 1024 + ); + } + else { + printf("Invalid rx_time: %f or tx_time: %f\n", rx_time, tx_time); + } + } + + return 0; +} + +static void ServerRead(WOLFSSL* ssl, char* input, int inputLen) +{ + int ret, err; + char buffer[WOLFSSL_MAX_ERROR_SZ]; + + /* Read data */ + do { + err = 0; /* reset error */ + ret = SSL_read(ssl, input, inputLen); + if (ret < 0) { + err = SSL_get_error(ssl, ret); + + #ifdef HAVE_SECURE_RENEGOTIATION + if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) { + /* If we receive a message during renegotiation + * then just print it. We return the message sent + * after the renegotiation. */ + ret = SSL_read(ssl, input, inputLen); + if (ret >= 0) { + /* null terminate message */ + input[ret] = '\0'; + printf("Client message received during " + "secure renegotiation: %s\n", input); + err = WOLFSSL_ERROR_WANT_READ; + } + else { + err = SSL_get_error(ssl, ret); + } + } + #endif + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + else + #endif + #ifdef WOLFSSL_DTLS + if (wolfSSL_dtls(ssl) && err == WC_NO_ERR_TRACE(DECRYPT_ERROR)) { + LOG_ERROR("Dropped client's message due to a bad MAC\n"); + } + else + #endif + if (err != WOLFSSL_ERROR_WANT_READ + && err != WOLFSSL_ERROR_WANT_WRITE /* Can happen during + * handshake */ + #ifdef HAVE_SECURE_RENEGOTIATION + && err != WC_NO_ERR_TRACE(APP_DATA_READY) + #endif + ) { + LOG_ERROR("SSL_read input error %d, %s\n", err, + ERR_error_string((unsigned long)err, buffer)); + err_sys_ex(runWithErrors, "SSL_read failed"); + } + } + else if (SSL_get_error(ssl, 0) == 0 && + tcp_select(SSL_get_fd(ssl), 0) == TEST_RECV_READY) { + /* do a peek and check for "pending" */ + #ifdef WOLFSSL_ASYNC_CRYPT + err = 0; + #endif + do { + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + #endif + ret = wolfSSL_peek(ssl, buffer, 0); + err = SSL_get_error(ssl, ret); + } while (err == WC_NO_ERR_TRACE(WC_PENDING_E) + || err == WOLFSSL_ERROR_WANT_READ + || err == WOLFSSL_ERROR_WANT_WRITE); + if (err < 0) { + err_sys_ex(runWithErrors, "wolfSSL_peek failed"); + } + if (wolfSSL_pending(ssl)) + err = WOLFSSL_ERROR_WANT_READ; + } + } while (err == WC_NO_ERR_TRACE(WC_PENDING_E) + || err == WOLFSSL_ERROR_WANT_READ + || err == WOLFSSL_ERROR_WANT_WRITE); + if (ret > 0) { + /* null terminate message */ + input[ret] = '\0'; + printf("Client message: %s\n", input); + } +} + +static void ServerWrite(WOLFSSL* ssl, const char* output, int outputLen) +{ + int ret, err; + int len; + +#ifdef OPENSSL_ALL + /* Fuzz testing expects reply split over two msgs when TLSv1.0 or below */ + if (wolfSSL_GetVersion(ssl) <= WOLFSSL_TLSV1) + len = outputLen / 2; + else +#endif + len = outputLen; + + do { + err = 0; /* reset error */ + ret = SSL_write(ssl, output, len); + if (ret <= 0) { + err = SSL_get_error(ssl, 0); + + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + #endif + } + else if (ret != outputLen) { + output += ret; + len = (outputLen -= ret); + err = WOLFSSL_ERROR_WANT_WRITE; + } + } while (err == WC_NO_ERR_TRACE(WC_PENDING_E) || + err == WOLFSSL_ERROR_WANT_WRITE); + if (ret != outputLen) { + char buffer[WOLFSSL_MAX_ERROR_SZ]; + LOG_ERROR("SSL_write msg error %d, %s\n", err, + ERR_error_string((unsigned long)err, buffer)); + err_sys_ex(runWithErrors, "SSL_write failed"); + } +} + +#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) +#define MAX_GROUP_NUMBER 4 +static void SetKeyShare(WOLFSSL* ssl, int onlyKeyShare, int useX25519, + int useX448, int usePqc, char* pqcAlg) +{ + int ret; + int groups[MAX_GROUP_NUMBER] = {0}; + int count = 0; + + (void)useX25519; + (void)useX448; + (void)usePqc; + (void)pqcAlg; + + WOLFSSL_START(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND); + if (onlyKeyShare == 2) { + if (useX25519) { + #ifdef HAVE_CURVE25519 + do { + ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X25519); + if (ret == WOLFSSL_SUCCESS) + groups[count++] = WOLFSSL_ECC_X25519; + #ifdef WOLFSSL_ASYNC_CRYPT + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + #endif + else + err_sys("unable to use curve x25519"); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + #endif + } + else if (useX448) { + #ifdef HAVE_CURVE448 + do { + ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_X448); + if (ret == WOLFSSL_SUCCESS) + groups[count++] = WOLFSSL_ECC_X448; + #ifdef WOLFSSL_ASYNC_CRYPT + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + #endif + else + err_sys("unable to use curve x448"); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + #endif + } + else if (usePqc == 1) { + #ifdef HAVE_PQC + groups[count] = 0; + #ifndef WOLFSSL_NO_ML_KEM + #ifndef WOLFSSL_NO_ML_KEM_512 + if (XSTRCMP(pqcAlg, "ML_KEM_512") == 0) { + groups[count] = WOLFSSL_ML_KEM_512; + } + else + #endif + #ifndef WOLFSSL_NO_ML_KEM_768 + if (XSTRCMP(pqcAlg, "ML_KEM_768") == 0) { + groups[count] = WOLFSSL_ML_KEM_768; + } + else + #endif + #ifndef WOLFSSL_NO_ML_KEM_1024 + if (XSTRCMP(pqcAlg, "ML_KEM_1024") == 0) { + groups[count] = WOLFSSL_ML_KEM_1024; + } + else + #endif + #ifndef WOLFSSL_NO_ML_KEM_512 + if (XSTRCMP(pqcAlg, "SecP256r1MLKEM512") == 0) { + groups[count] = WOLFSSL_SECP256R1MLKEM512; + } + else + #endif + #ifndef WOLFSSL_NO_ML_KEM_768 + if (XSTRCMP(pqcAlg, "SecP384r1MLKEM768") == 0) { + groups[count] = WOLFSSL_SECP384R1MLKEM768; + } + else if (XSTRCMP(pqcAlg, "SecP256r1MLKEM768") == 0) { + groups[count] = WOLFSSL_SECP256R1MLKEM768; + } + else + #endif + #ifndef WOLFSSL_NO_ML_KEM_1024 + if (XSTRCMP(pqcAlg, "SecP521r1MLKEM1024") == 0) { + groups[count] = WOLFSSL_SECP521R1MLKEM1024; + } + else if (XSTRCMP(pqcAlg, "SecP384r1MLKEM1024") == 0) { + groups[count] = WOLFSSL_SECP384R1MLKEM1024; + } + else + #endif + #if !defined(WOLFSSL_NO_ML_KEM_512) && defined(HAVE_CURVE25519) + if (XSTRCMP(pqcAlg, "X25519MLKEM512") == 0) { + groups[count] = WOLFSSL_X25519MLKEM512; + } + else + #endif + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE25519) + if (XSTRCMP(pqcAlg, "X25519MLKEM768") == 0) { + groups[count] = WOLFSSL_X25519MLKEM768; + } + else + #endif + #if !defined(WOLFSSL_NO_ML_KEM_768) && defined(HAVE_CURVE448) + if (XSTRCMP(pqcAlg, "X448MLKEM768") == 0) { + groups[count] = WOLFSSL_X448MLKEM768; + } + else + #endif + #endif /* WOLFSSL_NO_ML_KEM */ + #ifdef WOLFSSL_MLKEM_KYBER + #ifndef WOLFSSL_NO_KYBER512 + if (XSTRCMP(pqcAlg, "KYBER_LEVEL1") == 0) { + groups[count] = WOLFSSL_KYBER_LEVEL1; + } + else + #endif + #ifndef WOLFSSL_NO_KYBER768 + if (XSTRCMP(pqcAlg, "KYBER_LEVEL3") == 0) { + groups[count] = WOLFSSL_KYBER_LEVEL3; + } + else + #endif + #ifndef WOLFSSL_NO_KYBER1024 + if (XSTRCMP(pqcAlg, "KYBER_LEVEL5") == 0) { + groups[count] = WOLFSSL_KYBER_LEVEL5; + } + else + #endif + #ifndef WOLFSSL_NO_KYBER512 + if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL1") == 0) { + groups[count] = WOLFSSL_P256_KYBER_LEVEL1; + } + else + #endif + #ifndef WOLFSSL_NO_KYBER768 + if (XSTRCMP(pqcAlg, "P384_KYBER_LEVEL3") == 0) { + groups[count] = WOLFSSL_P384_KYBER_LEVEL3; + } + else if (XSTRCMP(pqcAlg, "P256_KYBER_LEVEL3") == 0) { + groups[count] = WOLFSSL_P256_KYBER_LEVEL3; + } + else + #endif + #ifndef WOLFSSL_NO_KYBER1024 + if (XSTRCMP(pqcAlg, "P521_KYBER_LEVEL5") == 0) { + groups[count] = WOLFSSL_P521_KYBER_LEVEL5; + } + else + #endif + #if !defined(WOLFSSL_NO_KYBER512) && defined(HAVE_CURVE25519) + if (XSTRCMP(pqcAlg, "X25519_KYBER_LEVEL1") == 0) { + groups[count] = WOLFSSL_X25519_KYBER_LEVEL1; + } + else + #endif + #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE25519) + if (XSTRCMP(pqcAlg, "X25519_KYBER_LEVEL3") == 0) { + groups[count] = WOLFSSL_X25519_KYBER_LEVEL3; + } + else + #endif + #if !defined(WOLFSSL_NO_KYBER768) && defined(HAVE_CURVE448) + if (XSTRCMP(pqcAlg, "X448_KYBER_LEVEL3") == 0) { + groups[count] = WOLFSSL_X448_KYBER_LEVEL3; + } + else + #endif + #endif + { + err_sys("invalid post-quantum KEM specified"); + } + + if (groups[count] == 0) { + err_sys("invalid post-quantum KEM specified"); + } + else { + if (wolfSSL_UseKeyShare(ssl, groups[count]) == WOLFSSL_SUCCESS) { + printf("Using Post-Quantum KEM: %s\n", pqcAlg); + count++; + } + else { + groups[count] = 0; + err_sys("unable to use post-quantum algorithm"); + } + } + #endif + } + else { + #ifdef HAVE_ECC + #if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) + do { + ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SECP256R1); + if (ret == WOLFSSL_SUCCESS) + groups[count++] = WOLFSSL_ECC_SECP256R1; + #ifdef WOLFSSL_ASYNC_CRYPT + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + #endif + else + err_sys("unable to use curve secp256r1"); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + #elif defined(WOLFSSL_SM2) + do { + ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_ECC_SM2P256V1); + if (ret == WOLFSSL_SUCCESS) + groups[count++] = WOLFSSL_ECC_SM2P256V1; + #ifdef WOLFSSL_ASYNC_CRYPT + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + #endif + else + err_sys("unable to use curve sm2p256r1"); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + #endif + #endif + } + } + if (onlyKeyShare == 1) { + #ifdef HAVE_FFDHE_2048 + do { + ret = wolfSSL_UseKeyShare(ssl, WOLFSSL_FFDHE_2048); + if (ret == WOLFSSL_SUCCESS) + groups[count++] = WOLFSSL_FFDHE_2048; + #ifdef WOLFSSL_ASYNC_CRYPT + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + #endif + else + err_sys("unable to use DH 2048-bit parameters"); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + #endif + } + if (count >= MAX_GROUP_NUMBER) + err_sys("example group array size error"); + if (count > 0) { + if (wolfSSL_set_groups(ssl, groups, count) != WOLFSSL_SUCCESS) + err_sys("unable to set groups"); + } + WOLFSSL_END(WC_FUNC_CLIENT_KEY_EXCHANGE_SEND); +} +#endif /* WOLFSSL_TLS13 && HAVE_SUPPORTED_CURVES */ + + +/* when adding new option, please follow the steps below: */ +/* 1. add new option message in English section */ +/* 2. increase the number of the second column */ +/* 3. increase the array dimension */ +/* 4. add the same message into Japanese section */ +/* (will be translated later) */ +/* 5. add printf() into suitable position of Usage() */ +static const char* server_usage_msg[][66] = { + /* English */ + { + " NOTE: All files relative to wolfSSL home dir\n", /* 0 */ + "-? Help, print this usage\n" + " 0: English, 1: Japanese\n" + "--help Help, in English\n", /* 1 */ + "-p Port to listen on, not 0, default", /* 2 */ +#ifndef WOLFSSL_TLS13 + "-v SSL version [0-3], SSLv3(0) - TLS1.2(3)), default", /* 3 */ +#else + "-v SSL version [0-4], SSLv3(0) - TLS1.3(4)), default", /* 3 */ +#endif + "-l Cipher suite list (: delimited)\n", /* 4 */ + "-c Certificate file, default", /* 5 */ + "-k Key file, default", /* 6 */ + "-A Certificate Authority file, default", /* 7 */ + "-R Create Ready file for external monitor" + " default none\n", /* 8 */ +#ifndef NO_DH + "-D Diffie-Hellman Params file, default", /* 9 */ + "-Z Minimum DH key bits, default", /* 10 */ +#endif +#ifdef HAVE_ALPN + "-L Application-Layer Protocol Negotiation" + " ({C,F}:)\n", /* 11 */ +#endif + "-d Disable client cert check\n", /* 12 */ + "-b Bind to any interface instead of localhost only\n",/* 13 */ + "-s Use pre Shared keys\n", /* 14 */ +#ifndef WOLFSSL_DTLS13 + "-u Use UDP DTLS, add -v 2 for DTLSv1, -v 3 for DTLSv1.2" + " (default)\n", /* 15 */ +#else + "-u Use UDP DTLS, add -v 2 for DTLSv1, -v 3 for DTLSv1.2" + " (default), -v 4 for DTLSv1.3\n", /* 15 */ +#endif /* !WOLFSSL_DTLS13 */ +#ifdef WOLFSSL_SCTP + "-G Use SCTP DTLS," + " add -v 2 for DTLSv1, -v 3 for DTLSv1.2 (default)\n", /* 16 */ +#endif + "-f Fewer packets/group messages\n", /* 17 */ + "-r Allow one client Resumption\n", /* 18 */ + "-N Use Non-blocking sockets\n", /* 19 */ + "-S Use Host Name Indication\n", /* 20 */ + "-w Wait for bidirectional shutdown\n", /* 21 */ +#ifdef HAVE_OCSP + "-o Perform OCSP lookup on peer certificate\n", /* 22 */ + "-O Perform OCSP lookup using as responder\n", /* 23 */ +#endif +#ifdef HAVE_PK_CALLBACKS + "-P Public Key Callbacks\n", /* 24 */ +#endif +#ifdef HAVE_ANON + "-a Anonymous server\n", /* 25 */ +#endif +#ifndef NO_PSK + "-I Do not send PSK identity hint\n", /* 26 */ +#endif + "-x Print server errors but do not close connection\n",/* 27 */ + "-i Loop indefinitely (allow repeated connections)\n", /* 28 */ + "-e Echo data mode (return raw bytes received)\n", /* 29 */ + "-B Benchmark throughput" + " using bytes and print stats\n", /* 31 */ +#ifdef HAVE_CRL + "-V Disable CRL\n", /* 32 */ +#endif +#ifdef WOLFSSL_TRUST_PEER_CERT + "-E Path to load trusted peer cert\n", /* 33 */ +#endif +#ifdef HAVE_WNR + "-q Whitewood config file, default", /* 34 */ +#endif + "-g Return basic HTML web page\n", /* 35 */ + "-C The number of connections to accept, default: 1\n",/* 36 */ + "-H Internal tests" + " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 37 */ + " loadSSL, disallowETM]\n", /* 38 */ +#ifdef WOLFSSL_TLS13 + "-U Update keys and IVs before sending\n", /* 39 */ + "-K Key Exchange for PSK not using (EC)DHE\n", /* 40 */ +#ifndef NO_DH + "-y Pre-generate Key Share using FFDHE_2048 only\n", /* 41 */ +#endif +#ifdef HAVE_ECC + "-Y Pre-generate Key Share using P-256 only \n", /* 42 */ +#endif +#ifdef HAVE_CURVE25519 + "-t Pre-generate Key share using Curve25519 only\n", /* 43 */ +#endif +#endif /* WOLFSSL_TLS13 */ +#ifdef HAVE_SESSION_TICKET +#if defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) + "-T Do not generate session ticket\n", /* 44 */ +#else + "-T [aon] Do not generate session ticket\n", /* 44 */ + " No option affects TLS 1.3 only, 'a' affects all" + " protocol versions,\n", /* 45 */ + " 'o' affects TLS 1.2 and below only\n", /* 46 */ + " 'n' affects TLS 1.3 only\n", /* 47 */ +#endif +#endif +#ifdef WOLFSSL_TLS13 + "-F Send alert if no mutual authentication\n", /* 48 */ +#ifdef WOLFSSL_POST_HANDSHAKE_AUTH + "-Q Request certificate from client post-handshake\n", /* 49 */ +#endif +#ifdef WOLFSSL_SEND_HRR_COOKIE + "-J [n] Server sends Cookie Extension containing state (n to " + "disable)\n", /* 50 */ +#endif +#endif /* WOLFSSL_TLS13 */ +#ifdef WOLFSSL_EARLY_DATA + "-0 Early data read from client (0-RTT handshake)\n", /* 51 */ +#endif +#ifdef WOLFSSL_MULTICAST + "-3 Multicast, grpid < 256\n", /* 52 */ +#endif + "-1 Display a result by specified language." + "\n 0: English, 1: Japanese\n", /* 53 */ +#ifdef HAVE_TRUSTED_CA + "-5 Use Trusted CA Key Indication\n", /* 54 */ +#endif + "-6 Simulate WANT_WRITE errors on every other IO send\n", + /* 55 */ +#ifdef HAVE_CURVE448 + "-8 Pre-generate Key share using Curve448 only\n", /* 56 */ +#endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + "-9 Use hash dir look up for certificate loading\n" + " loading from /certs folder\n" + " files in the folder would have the form \"hash.N\" file name\n" + " e.g symbolic link to the file at certs folder\n" + " ln -s client-ca.pem `openssl x509 -in client-ca.pem -hash -noout`.0\n", + /* 57 */ +#endif +#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON) + "--wolfsentry-config Path for JSON wolfSentry config\n", + /* 58 */ +#endif +#ifndef WOLFSSL_TLS13 + "-7 Set minimum downgrade protocol version [0-3] " + " SSLv3(0) - TLS1.2(3)\n", +#else + "-7 Set minimum downgrade protocol version [0-4] " + " SSLv3(0) - TLS1.3(4)\n", /* 59 */ +#endif +#ifdef HAVE_PQC + "--pqc Key Share with specified post-quantum algorithm only:\n" +#ifndef WOLFSSL_NO_ML_KEM + " ML_KEM_512, ML_KEM_768, ML_KEM_1024,\n" + " SecP256r1MLKEM512,\n" + " SecP384r1MLKEM768,\n" + " SecP521r1MLKEM1024,\n" + " SecP256r1MLKEM768,\n" + " SecP521r1MLKEM1024,\n" + " SecP384r1MLKEM1024,\n" + " X25519MLKEM512,\n" + " X25519MLKEM768,\n" + " X448MLKEM768\n" +#endif +#ifdef WOLFSSL_MLKEM_KYBER + " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, " + "P256_KYBER_LEVEL1,\n" + " P384_KYBER_LEVEL3, P256_KYBER_LEVEL3, " + "P521_KYBER_LEVEL5,\n" + " X25519_KYBER_LEVEL1, X25519_KYBER_LEVEL3, " + "X448_KYBER_LEVEL3\n" +#endif + "", + /* 60 */ +#endif +#ifdef WOLFSSL_SRTP + "--srtp (default is SRTP_AES128_CM_SHA1_80)\n", /* 61 */ +#endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) + "--send-ticket Send a new session ticket during application data\n", + /* 62 */ +#endif +#ifdef CAN_FORCE_CURVE + "--force-curve [] Pre-generate a Key Share using .\n" + " Leave blank to list all curves.\n" + " Note: requires TLS1.3\n", + /* 63 */ +#endif +#ifdef HAVE_SUPPORTED_CURVES + "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 64 */ +#endif +#ifdef WOLFSSL_DUAL_ALG_CERTS + "--altPrivKey Generate alternative signature with this key.\n", + /* 65 */ +#endif +#ifdef WOLFSSL_SYS_CRYPTO_POLICY + "--crypto-policy \n", /* 66 */ +#endif + "\n" + "For simpler wolfSSL TLS server examples, visit\n" + "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", + /* 67 */ + NULL, + }, +#ifndef NO_MULTIBYTE_PRINT + /* Japanese */ + { + " 注意 : 全てのファイルは" + " wolfSSL ホーム・ディレクトリからの相対です。\n", /* 0 */ + "-? ヘルプ, 使い方を表示\n" + " 0: 英語、 1: 日本語\n" + "--ヘルプ 日本語で使い方を表示\n", /* 1 */ + "-p 接続先ポート, 0は無効, 既定値", /* 2 */ +#ifndef WOLFSSL_TLS13 + "-v SSL バージョン [0-3], SSLv3(0) - TLS1.2(3))," + " 既定値", /* 3 */ +#else + "-v SSL バージョン [0-4], SSLv3(0) - TLS1.3(4))," + " 既定値", /* 3 */ +#endif + "-l 暗号スイートリスト (区切り文字 :)\n", /* 4 */ + "-c 証明書ファイル, 既定値", /* 5 */ + "-k 鍵ファイル, 既定値", /* 6 */ + "-A 認証局ファイル, 既定値", /* 7 */ + "-R 外部モニタ用の準備完了ファイルを作成する。" + "既定値 なし\n", /* 8 */ +#ifndef NO_DH + "-D ディフィー・ヘルマンのパラメータファイル," + " 既定値", /* 9 */ + "-Z 最小 DH 鍵 ビット, 既定値", /* 10 */ +#endif +#ifdef HAVE_ALPN + "-L アプリケーション層プロトコルネゴシエーションを行う" + " ({C,F}:)\n", /* 11 */ +#endif + "-d クライアント認証を無効とする\n", /* 12 */ + "-b ローカルホスト以外のインターフェースへも" + "バインドする\n", /* 13 */ + "-s 事前共有鍵を使用する\n", /* 14 */ + "-u UDP DTLSを使用する。\n" + +#ifndef WOLFSSL_DTLS13 + " -v 2 を追加指定するとDTLSv1, " + "-v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 15 */ +#else + " -v 2 を追加指定するとDTLSv1, " + "-v 3 を追加指定すると DTLSv1.2 (既定値),\n" + " -v 4 を追加指定すると DTLSv1.3\n", /* 15 */ +#endif /* !WOLFSSL_DTLS13 */ +#ifdef WOLFSSL_SCTP + "-G SCTP DTLSを使用する。-v 2 を追加指定すると" + " DTLSv1, -v 3 を追加指定すると DTLSv1.2 (既定値)\n", /* 16 */ +#endif + "-f より少ないパケット/グループメッセージを使用する\n",/* 17 */ + "-r クライアントの再開を許可する\n", /* 18 */ + "-N ノンブロッキング・ソケットを使用する\n", /* 19 */ + "-S ホスト名表示を使用する\n", /* 20 */ + "-w 双方向シャットダウンを待つ\n", /* 21 */ +#ifdef HAVE_OCSP + "-o OCSPルックアップをピア証明書で実施する\n", /* 22 */ + "-O OCSPルックアップを、" + "を使用し応答者として実施する\n", /* 23 */ +#endif +#ifdef HAVE_PK_CALLBACKS + "-P 公開鍵コールバック\n", /* 24 */ +#endif +#ifdef HAVE_ANON + "-a 匿名サーバー\n", /* 25 */ +#endif +#ifndef NO_PSK + "-I PSKアイデンティティのヒントを送信しない\n", /* 26 */ +#endif + "-x サーバーエラーを出力するが接続を切断しない\n", /* 27 */ + "-i 無期限にループする(繰り返し接続を許可)\n", /* 28 */ + "-e エコー・データモード" + "(受け取ったバイトデータを返す)\n", /* 29 */ + "-B バイトを用いてのベンチマーク・スループット" + "測定と結果を出力する\n", /* 31 */ +#ifdef HAVE_CRL + "-V CRLを無効とする\n", /* 32 */ +#endif +#ifdef WOLFSSL_TRUST_PEER_CERT + "-E 信頼出来るピアの証明書ロードの為のパス\n\n", /* 33 */ +#endif +#ifdef HAVE_WNR + "-q Whitewood コンフィグファイル, 既定値", /* 34 */ +#endif + "-g 基本的な Web ページを返す\n", /* 35 */ + "-C アクセプト可能な接続数を指定する。既定値: 1\n", /* 36 */ + "-H 内部テスト" + " [defCipherList, exitWithRet, verifyFail, useSupCurve,\n", /* 37 */ + " loadSSL, disallowETM]\n", /* 38 */ +#ifdef WOLFSSL_TLS13 + "-U データ送信前に、鍵とIVを更新する\n", /* 39 */ + "-K 鍵交換にPSKを使用、(EC)DHEは使用しない\n", /* 40 */ +#ifndef NO_DH + "-y FFDHE_2048のみを使用して鍵共有を事前生成する\n", /* 41 */ +#endif +#ifdef HAVE_ECC + "-Y P-256のみを使用したキー共有の事前生成\n", /* 42 */ +#endif +#ifdef HAVE_CURVE25519 + "-t Curve25519のみを使用して鍵共有を事前生成する\n", /* 43 */ +#endif +#endif /* WOLFSSL_TLS13 */ +#if defined(WOLFSSL_NO_TLS12) && defined(NO_OLD_TLS) + "-T セッションチケットを生成しない\n", /* 44 */ +#else + "-T [aon] セッションチケットを生成しない\n", /* 44 */ + " オプション指定なしの場合、TLS 1.3 にだけ有効\n" + " 'a' を指定した場合、" + "全てのプロトコルバージョンに有効\n" /* 45 */ + " 'o' を指定した場合、TLS 1.2 及び" + "それ以下のプロトコルバージョンに有効\n" /* 46 */ + " 'n' を指定した場合、TLS 1.3 にのみ有効\n", /* 47 */ + +#endif +#ifdef WOLFSSL_TLS13 + "-F 相互認証が無い場合にalert を送信\n", /* 48 */ +#ifdef WOLFSSL_POST_HANDSHAKE_AUTH + "-Q クライアントのポストハンドシェイクから" + "証明書を要求する\n", /* 49 */ +#endif +#ifdef WOLFSSL_SEND_HRR_COOKIE + "-J サーバーの状態を含むTLS Cookie 拡張を送信する\n", /* 50 */ +#endif +#endif /* WOLFSSL_TLS13 */ +#ifdef WOLFSSL_EARLY_DATA + "-0 クライアントからの Early Data 読み取り" + "(0-RTTハンドシェイク)\n", /* 51 */ +#endif +#ifdef WOLFSSL_MULTICAST + "-3 マルチキャスト, grpid < 256\n", /* 52 */ +#endif + "-1 指定された言語で結果を表示します。" + "\n 0: 英語、 1: 日本語\n", /* 53 */ +#ifdef HAVE_TRUSTED_CA + "-5 信頼できる認証局の鍵表示を使用する\n", /* 54 */ +#endif + "-6 交互の IO 送信で WANT_WRITE エラー" + "をシュミレート\n", + /* 55 */ +#ifdef HAVE_CURVE448 + "-8 Curve448のみを使用して鍵共有を事前生成する\n", /* 56 */ +#endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + "-9 証明書の読み込みに hash dir 機能を使用する\n" + " /certs フォルダーからロードします\n" + " フォルダー中のファイルは、\"hash.N\"[N:0-9]名である必要があります\n" + " 以下の例ではca-cert.pemにシンボリックリンクを設定します\n" + " ln -s client-ca.pem `openssl x509 -in client-ca.pem -hash -noout`.0\n", + /* 57 */ +#endif +#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON) + "--wolfsentry-config wolfSentry コンフィグファイル\n", + /* 58 */ +#endif +#ifndef WOLFSSL_TLS13 + "-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-3] " + " SSLv3(0) - TLS1.2(3)\n", +#else + "-7 最小ダウングレード可能なプロトコルバージョンを設定します [0-4] " + " SSLv3(0) - TLS1.3(4)\n", /* 59 */ +#endif +#ifdef HAVE_PQC + "--pqc post-quantum 名前付きグループとの鍵共有のみ:\n" +#ifndef WOLFSSL_NO_ML_KEM + " ML_KEM_512, ML_KEM_768, ML_KEM_1024," + " SecP256r1MLKEM512,\n" + " SecP384r1MLKEM768,\n" + " SecP521r1MLKEM1024,\n" + " SecP256r1MLKEM768,\n" + " SecP521r1MLKEM1024,\n" + " SecP384r1MLKEM1024,\n" + " X25519MLKEM512,\n" + " X25519MLKEM768,\n" + " X448MLKEM768\n" +#endif +#ifdef WOLFSSL_MLKEM_KYBER + " KYBER_LEVEL1, KYBER_LEVEL3, KYBER_LEVEL5, " + "P256_KYBER_LEVEL1,\n" + " P384_KYBER_LEVEL3, P521_KYBER_LEVEL5\n" +#endif + "", + /* 60 */ +#endif +#ifdef WOLFSSL_SRTP + "--srtp (デフォルトはSRTP_AES128_CM_SHA1_80)\n", /* 61 */ +#endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) + "--send-ticket Application data 中に新しい" + "セッションチケットを送信します\n", + /* 62 */ +#endif +#ifdef CAN_FORCE_CURVE + /* TODO: Need Japanese translation */ + "--force-curve [] Pre-generate a Key Share using .\n" + " Leave blank to list all curves.\n" + " Note: requires TLS1.3\n", + /* 63 */ +#endif +#ifdef HAVE_SUPPORTED_CURVES + "--onlyPskDheKe Must use DHE key exchange with PSK\n", /* 64 */ +#endif +#ifdef WOLFSSL_DUAL_ALG_CERTS + "--altPrivKey Generate alternative signature with this key.\n", + /* 65 */ +#endif +#ifdef WOLFSSL_SYS_CRYPTO_POLICY + "--crypto-policy \n", /* 66 */ +#endif + "\n" + "より簡単なwolfSSL TSL クライアントの例については" + "下記にアクセスしてください\n" + "https://github.com/wolfSSL/wolfssl-examples/tree/master/tls\n", + /* 67 */ + NULL, + }, +#endif +}; + +static void Usage(void) +{ + int msgId = 0; + const char** msg = server_usage_msg[lng_index]; + + printf("%s%s%s", "server ", LIBWOLFSSL_VERSION_STRING, + msg[msgId]); + printf("%s", msg[++msgId]); /* ? */ + printf("%s %d\n", msg[++msgId], wolfSSLPort); /* -p */ +#ifndef WOLFSSL_TLS13 + printf("%s %d\n", msg[++msgId], SERVER_DEFAULT_VERSION); /* -v */ +#else + printf("%s %d\n", msg[++msgId], SERVER_DEFAULT_VERSION); /* -v */ +#endif + printf("%s", msg[++msgId]); /* -l */ + printf("%s %s\n", msg[++msgId], svrCertFile); /* -c */ + printf("%s %s\n", msg[++msgId], svrKeyFile); /* -k */ + printf("%s %s\n", msg[++msgId], cliCertFile); /* -A */ + printf("%s", msg[++msgId]); /* -R */ +#ifndef NO_DH + printf("%s %s\n", msg[++msgId], dhParamFile); /* -D */ + printf("%s %d\n", msg[++msgId], DEFAULT_MIN_DHKEY_BITS);/* -Z */ +#endif +#ifdef HAVE_ALPN + printf("%s", msg[++msgId]); /* -L */ +#endif + printf("%s", msg[++msgId]); /* -d */ + printf("%s", msg[++msgId]); /* -b */ + printf("%s", msg[++msgId]); /* -s */ + printf("%s", msg[++msgId]); /* -u */ +#ifdef WOLFSSL_SCTP + printf("%s", msg[++msgId]); /* -G */ +#endif + printf("%s", msg[++msgId]); /* -f */ + printf("%s", msg[++msgId]); /* -r */ + printf("%s", msg[++msgId]); /* -N */ + printf("%s", msg[++msgId]); /* -S */ + printf("%s", msg[++msgId]); /* -w */ +#ifdef HAVE_SECURE_RENEGOTIATION + printf("-M Allow Secure Renegotiation\n"); + printf("-m Force Server Initiated Secure Renegotiation\n"); +#endif /* HAVE_SECURE_RENEGOTIATION */ +#ifdef HAVE_OCSP + printf("%s", msg[++msgId]); /* -o */ + printf("%s", msg[++msgId]); /* -O */ +#endif +#ifdef HAVE_PK_CALLBACKS + printf("%s", msg[++msgId]); /* -P */ +#endif +#ifdef HAVE_ANON + printf("%s", msg[++msgId]); /* -a */ +#endif +#ifndef NO_PSK + printf("%s", msg[++msgId]); /* -I */ +#endif + printf("%s", msg[++msgId]); /* -x */ + printf("%s", msg[++msgId]); /* -i */ + printf("%s", msg[++msgId]); /* -e */ + printf("%s", msg[++msgId]); /* -B */ +#ifdef HAVE_CRL + printf("%s", msg[++msgId]); /* -V */ +#endif +#ifdef WOLFSSL_TRUST_PEER_CERT + printf("%s", msg[++msgId]); /* -E */ +#endif +#ifdef HAVE_WNR + printf("%s %s\n", msg[++msgId], wnrConfig); /* -q */ +#endif + printf("%s", msg[++msgId]); /* -g */ + printf("%s", msg[++msgId]); /* -C */ + printf("%s", msg[++msgId]); /* -H */ + printf("%s", msg[++msgId]); /* more -H options */ +#ifdef WOLFSSL_TLS13 + printf("%s", msg[++msgId]); /* -U */ + printf("%s", msg[++msgId]); /* -K */ +#ifndef NO_DH + printf("%s", msg[++msgId]); /* -y */ +#endif +#ifdef HAVE_ECC + printf("%s", msg[++msgId]); /* -Y */ +#endif +#ifdef HAVE_CURVE25519 + printf("%s", msg[++msgId]); /* -t */ +#endif +#endif /* WOLFSSL_TLS13 */ +#ifdef HAVE_SESSION_TICKET + printf("%s", msg[++msgId]); /* -T */ + #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) + printf("%s", msg[++msgId]); /* -T */ + printf("%s", msg[++msgId]); /* -T */ + printf("%s", msg[++msgId]); /* -T */ + #endif +#endif +#ifdef WOLFSSL_TLS13 + printf("%s", msg[++msgId]); /* -F */ +#ifdef WOLFSSL_POST_HANDSHAKE_AUTH + printf("%s", msg[++msgId]); /* -Q */ +#endif +#ifdef WOLFSSL_SEND_HRR_COOKIE + printf("%s", msg[++msgId]); /* -J */ +#endif +#endif /* WOLFSSL_TLS13 */ +#ifdef WOLFSSL_EARLY_DATA + printf("%s", msg[++msgId]); /* -0 */ +#endif +#if !defined(NO_DH) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) + printf("-2 Disable DH Prime check\n"); +#endif +#ifdef WOLFSSL_DTLS + printf("-4 DTLS fake would-block for message seq\n"); +#endif +#ifdef WOLFSSL_MULTICAST + printf("%s", msg[++msgId]); /* -3 */ +#endif + printf("%s", msg[++msgId]); /* -1 */ +#ifdef HAVE_TRUSTED_CA + printf("%s", msg[++msgId]); /* -5 */ +#endif /* HAVE_TRUSTED_CA */ + printf("%s", msg[++msgId]); /* -6 */ +#ifdef HAVE_CURVE448 + printf("%s", msg[++msgId]); /* -8 */ +#endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + printf("%s", msg[++msgId]); /* -9 */ +#endif +#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \ + !defined(WOLFSENTRY_NO_JSON) + printf("%s", msg[++msgId]); /* --wolfsentry-config */ +#endif + printf("%s", msg[++msgId]); /* -7 */ +#ifdef HAVE_PQC + printf("%s", msg[++msgId]); /* --pqc */ + printf("%s", msg[++msgId]); /* --pqc options */ + printf("%s", msg[++msgId]); /* more --pqc options */ + printf("%s", msg[++msgId]); /* more --pqc options */ +#endif +#ifdef WOLFSSL_SRTP + printf("%s", msg[++msgId]); /* dtls-srtp */ +#endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) + printf("%s", msg[++msgId]); /* send-ticket */ +#endif +#ifdef CAN_FORCE_CURVE + printf("%s", msg[++msgId]); /* force-curve */ +#endif +#ifdef HAVE_SUPPORTED_CURVES + printf("%s", msg[++msgId]); /* --onlyPskDheKe */ +#endif +#ifdef WOLFSSL_DUAL_ALG_CERTS + printf("%s", msg[++msgId]); /* --altPrivKey */ +#endif + printf("%s", msg[++msgId]); /* Examples repo link */ +} + +#ifdef WOLFSSL_SRTP +/** + * server_srtp_test() - print the ekm and share it with the client + * @ssl: ssl context + * @srtp_helper: srtp_test_helper shared struct with the client + * + * if @srtp_helper is NULL the ekm isn't shared, but it is still printed. + * + * calls srtp_helper_set_ekm() to wake the client and share the ekm with + * him. The client will check that the ekm matches the one computed by itself. + */ +static int server_srtp_test(WOLFSSL *ssl, func_args *args) +{ + size_t srtp_secret_length; + byte *srtp_secret, *p; + int ret; +#ifdef WOLFSSL_COND + srtp_test_helper *srtp_helper = args->srtp_helper; +#else + (void)args; +#endif + + ret = wolfSSL_export_dtls_srtp_keying_material(ssl, NULL, + &srtp_secret_length); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + LOG_ERROR("DTLS SRTP: Error getting key material length\n"); + return ret; + } + + srtp_secret = (byte*)XMALLOC(srtp_secret_length, + NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (srtp_secret == NULL) { + err_sys("DTLS SRTP: Memory error"); + } + + ret = wolfSSL_export_dtls_srtp_keying_material(ssl, srtp_secret, + &srtp_secret_length); + if (ret != WOLFSSL_SUCCESS) { + XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + LOG_ERROR("DTLS SRTP: Error getting key material\n"); + return ret; + } + + printf("DTLS SRTP: Exported key material: "); + for (p = srtp_secret; p < srtp_secret + srtp_secret_length; p++) + printf("%02X", *p); + printf("\n"); + +#ifdef WOLFSSL_COND + if (srtp_helper != NULL) { + srtp_helper_set_ekm(srtp_helper, srtp_secret, srtp_secret_length); + + /* client code will free srtp_secret buffer after checking for + correctness */ + return 0; + } +#endif /* WOLFSSL_COND */ + + XFREE(srtp_secret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + return 0; +} +#endif + + +THREAD_RETURN WOLFSSL_THREAD server_test(void* args) +{ + SOCKET_T sockfd = WOLFSSL_SOCKET_INVALID; + SOCKET_T clientfd = WOLFSSL_SOCKET_INVALID; + SOCKADDR_IN_T client_addr; + socklen_t client_len; + + wolfSSL_method_func method = NULL; + SSL_CTX* ctx = 0; + SSL* ssl = 0; +#ifdef WOLFSSL_WOLFSENTRY_HOOKS + wolfsentry_errcode_t wolfsentry_ret; +#endif + int minVersion = SERVER_INVALID_VERSION; + int useWebServerMsg = 0; + char input[SRV_READ_SZ]; +#ifndef WOLFSSL_VXWORKS + int ch; + static const struct mygetopt_long_config long_options[] = { +#if defined(WOLFSSL_WOLFSENTRY_HOOKS) && !defined(NO_FILESYSTEM) && \ + !defined(WOLFSENTRY_NO_JSON) + { "wolfsentry-config", 1, 256 }, +#endif + { "help", 0, 257 }, +#ifndef NO_MULTIBYTE_PRINT + { "ヘルプ", 0, 258 }, +#endif +#if defined(HAVE_PQC) + { "pqc", 1, 259 }, +#endif +#ifdef WOLFSSL_SRTP + { "srtp", 2, 260 }, /* optional argument */ +#endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) + { "send-ticket", 0, 261 }, +#endif +#ifdef CAN_FORCE_CURVE + { "force-curve", 2, 262}, +#endif +#ifdef WOLFSSL_DTLS_CID + {"cid", 2, 263}, +#endif /* WOLFSSL_DTLS_CID */ +#ifdef HAVE_SUPPORTED_CURVES + {"onlyPskDheKe", 2, 264}, +#endif /* HAVE_SUPPORTED_CURVES */ +#ifdef HAVE_CRL + {"crl-dir", 1, 265}, +#endif + {"quieter", 0, 266}, +#ifdef WOLFSSL_DUAL_ALG_CERTS + { "altPrivKey", 1, 267}, +#endif +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + { "crypto-policy", 1, 268 }, +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + { 0, 0, 0 } + }; +#endif + int version = SERVER_DEFAULT_VERSION; +#ifndef WOLFSSL_NO_CLIENT_AUTH + int doCliCertCheck = 1; +#else + int doCliCertCheck = 0; +#endif +#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM) + int disableCRL = 0; +#endif + int useAnyAddr = 0; + word16 port = wolfSSLPort; + int usePsk = 0; + int usePskPlus = 0; + int useAnon = 0; + int doDTLS = 0; + int dtlsUDP = 0; +#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ + defined(WOLFSSL_DTLS) + int dtlsMTU = 0; +#endif + int dtlsSCTP = 0; + int doMcast = 0; +#if defined(WOLFSSL_DTLS) && defined(USE_WOLFSSL_IO) + int doBlockSeq = 0; + WOLFSSL_TEST_DTLS_CTX dtlsCtx; +#endif + int needDH = 0; + int nonBlocking = 0; + int simulateWantWrite = 0; + int fewerPackets = 0; +#ifdef HAVE_PK_CALLBACKS + int pkCallbacks = 0; + PkCbInfo pkCbInfo; +#endif + int wc_shutdown = 0; + int resume = 0; + int resumeCount = 0; + int loops = 1; + int cnt = 0; + int echoData = 0; + int block = TEST_BUFFER_SIZE; + size_t throughput = 0; + int minDhKeyBits = DEFAULT_MIN_DHKEY_BITS; + short minRsaKeyBits = DEFAULT_MIN_RSAKEY_BITS; + short minEccKeyBits = DEFAULT_MIN_ECCKEY_BITS; + int doListen = 1; + int crlFlags = 0; + int ret; + int err = 0; + char* serverReadyFile = NULL; + char* alpnList = NULL; + unsigned char alpn_opt = 0; + char* cipherList = NULL; + int useDefCipherList = 0; + const char* verifyCert; + const char* ourCert; + const char* ourKey; + const char* ourDhParam = dhParamFile; + tcp_ready* readySignal = NULL; + int argc = ((func_args*)args)->argc; + char** argv = ((func_args*)args)->argv; + +#ifdef WOLFSSL_TRUST_PEER_CERT + const char* trustCert = NULL; +#endif + +#ifndef NO_PSK + int sendPskIdentityHint = 1; +#endif + +#ifdef HAVE_SNI + char* sniHostName = NULL; +#endif + +#ifdef HAVE_TRUSTED_CA + int trustedCaKeyId = 0; +#endif /* HAVE_TRUSTED_CA */ + +#ifdef HAVE_OCSP + int useOcsp = 0; + char* ocspUrl = NULL; +#endif + +#ifdef HAVE_WNR + const char* wnrConfigFile = wnrConfig; +#endif + char buffer[WOLFSSL_MAX_ERROR_SZ]; +#ifdef WOLFSSL_TLS13 + int noPskDheKe = 0; +#ifdef HAVE_SUPPORTED_CURVES + int onlyPskDheKe = 0; +#endif +#endif + int updateKeysIVs = 0; +#ifndef NO_CERTS + int mutualAuth = 0; +#endif + int postHandAuth = 0; + int sendTicket = 0; +#ifdef WOLFSSL_EARLY_DATA + int earlyData = 0; +#endif +#ifdef HAVE_SECURE_RENEGOTIATION + int scr = 0; + int forceScr = 0; +#endif /* HAVE_SECURE_RENEGOTIATION */ +#ifdef WOLFSSL_SEND_HRR_COOKIE + int hrrCookie = 0; +#endif + byte mcastID = 0; +#if !defined(NO_DH) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) + int doDhKeyCheck = 1; +#endif +#ifdef WOLFSSL_DTLS_CID + int useDtlsCID = 0; + char dtlsCID[DTLS_CID_BUFFER_SIZE] = { 0 }; +#endif /* WOLFSSL_DTLS_CID */ +#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM) + char* crlDir = NULL; +#endif +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + const char * policy = NULL; +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + +#ifdef WOLFSSL_STATIC_MEMORY + /* Note: Actual memory used is much less, this is the entire buffer buckets, + * which is partitioned into pools of common sizes. To adjust the buckets + * sizes see WOLFMEM_BUCKETS in memory.h */ + #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) \ + || defined(SESSION_CERTS) + /* big enough to handle most cases including session certs */ + #if !defined(WOLFSSL_NO_CLIENT_AUTH) && \ + ((defined(HAVE_ED25519) && !defined(NO_ED25519_CLIENT_AUTH)) || \ + (defined(HAVE_ED448) && !defined(NO_ED448_CLIENT_AUTH))) + /* increase is due to EdDSA_Update */ + byte memory[440000]; + #else + byte memory[320000]; + #endif + #else + byte memory[80000]; + #endif + byte memoryIO[34500]; /* max for IO buffer (TLS packet can be 16k) */ + #if !defined(WOLFSSL_STATIC_MEMORY_LEAN) + WOLFSSL_MEM_CONN_STATS ssl_stats; + #if defined(DEBUG_WOLFSSL) + WOLFSSL_MEM_STATS mem_stats; + #endif + #endif +#endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) + int onlyKeyShare = 0; +#endif +#if defined(HAVE_SESSION_TICKET) +#ifdef WOLFSSL_TLS13 + int noTicketTls13 = 0; +#endif +#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) + int noTicketTls12 = 0; +#endif +#endif + int useX25519 = 0; + int useX448 = 0; + int usePqc = 0; + char* pqcAlg = NULL; + char* altPrivKey = NULL; + int exitWithRet = 0; + int loadCertKeyIntoSSLObj = 0; + +#ifdef HAVE_ENCRYPT_THEN_MAC + int disallowETM = 0; +#endif +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + int useCertFolder = 0; +#endif + +#ifdef WOLFSSL_SRTP + const char* dtlsSrtpProfiles = NULL; +#endif + +#ifdef HAVE_TEST_SESSION_TICKET + MyTicketCtx myTicketCtx; +#endif + +#ifdef CAN_FORCE_CURVE + int force_curve_group_id = 0; +#endif + + ((func_args*)args)->return_code = -1; /* error state */ + +#ifndef NO_RSA + verifyCert = cliCertFile; + ourCert = svrCertFile; + ourKey = svrKeyFile; +#else + #ifdef HAVE_ECC + verifyCert = cliEccCertFile; + ourCert = eccCertFile; + ourKey = eccKeyFile; + #elif defined(HAVE_ED25519) + verifyCert = cliEdCertFile; + ourCert = edCertFile; + ourKey = edKeyFile; + #elif defined(HAVE_ED448) + verifyCert = cliEd448CertFile; + ourCert = ed448CertFile; + ourKey = ed448KeyFile; + #else + verifyCert = NULL; + ourCert = NULL; + ourKey = NULL; + #endif +#endif + + (void)needDH; + (void)ourKey; + (void)ourCert; + (void)ourDhParam; + (void)verifyCert; + (void)doCliCertCheck; + (void)minDhKeyBits; + (void)minRsaKeyBits; + (void)minEccKeyBits; + (void)alpnList; + (void)alpn_opt; + (void)crlFlags; + (void)readySignal; + (void)updateKeysIVs; +#ifndef NO_CERTS + (void)mutualAuth; +#endif + (void)postHandAuth; + (void)sendTicket; + (void)mcastID; + (void)loadCertKeyIntoSSLObj; + (void)nonBlocking; + (void)pqcAlg; + (void)usePqc; + (void)altPrivKey; + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + +#ifdef WOLFSSL_VXWORKS + useAnyAddr = 1; +#else + + /* Reinitialize the global myVerifyAction. */ + myVerifyAction = VERIFY_OVERRIDE_ERROR; + + /* Not Used: h, z, W, X */ + while ((ch = mygetopt_long(argc, argv, "?:" + "abc:defgijk:l:mop:q:rstu;v:wxy" + "A:B:C:D:E:FGH:IJ;KL:MNO:PQR:S:T;UVYZ:" + "01:23:4:567:89" + "@#", long_options, 0)) != -1) { + switch (ch) { + case '?' : + if(myoptarg!=NULL) { + lng_index = atoi(myoptarg); + if(lng_index<0||lng_index>1){ + lng_index = 0; + } + } + Usage(); + XEXIT_T(EXIT_SUCCESS); + + case 257 : + lng_index = 0; + Usage(); + XEXIT_T(EXIT_SUCCESS); + + case 258 : + lng_index = 1; + Usage(); + XEXIT_T(EXIT_SUCCESS); + + case 'x' : + runWithErrors = 1; + break; + + case 'd' : + doCliCertCheck = 0; + break; + + case 'V' : + #if defined(HAVE_CRL) && !defined(NO_FILESYSTEM) + disableCRL = 1; + #endif + break; + + case 'b' : + useAnyAddr = 1; + break; + + case 's' : + usePsk = 1; + break; + + case 'j' : + usePskPlus = 1; + break; + + case 'u' : + doDTLS = 1; + dtlsUDP = 1; + #if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ + defined(WOLFSSL_DTLS) + dtlsMTU = atoi(myoptarg); + #endif + break; + + #ifdef WOLFSSL_SRTP + case 260: + doDTLS = 1; + dtlsUDP = 1; + dtlsSrtpProfiles = myoptarg != NULL ? myoptarg : + "SRTP_AES128_CM_SHA1_80"; + printf("Using SRTP Profile(s): %s\n", dtlsSrtpProfiles); + break; + #endif + + case 'G' : + #ifdef WOLFSSL_SCTP + doDTLS = 1; + dtlsUDP = 1; + dtlsSCTP = 1; + #endif + break; + + case 'f' : + fewerPackets = 1; + break; + + case 'R' : + serverReadyFile = myoptarg; + break; + + case 'r' : + #ifndef NO_SESSION_CACHE + resume = 1; + #endif + break; + + case 'P' : + #ifdef HAVE_PK_CALLBACKS + pkCallbacks = 1; + #endif + break; + + case 'p' : + port = (word16)atoi(myoptarg); + break; + + case 'w' : + wc_shutdown = 1; + break; + + case 'v' : + if (myoptarg[0] == 'd') { + version = SERVER_DOWNGRADE_VERSION; + break; + } + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + else if (myoptarg[0] == 'e') { + version = EITHER_DOWNGRADE_VERSION; + #ifndef NO_CERTS + loadCertKeyIntoSSLObj = 1; + #endif + break; + } + #endif + version = atoi(myoptarg); + if (version < 0 || version > 4) { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + break; + + case 'l' : + cipherList = myoptarg; + break; + + case 'H' : + if (XSTRCMP(myoptarg, "defCipherList") == 0) { + printf("Using default cipher list for testing\n"); + useDefCipherList = 1; + } + else if (XSTRCMP(myoptarg, "exitWithRet") == 0) { + printf("Skip exit() for testing\n"); + exitWithRet = 1; + } + else if (XSTRCMP(myoptarg, "verifyFail") == 0) { + printf("Verify should fail\n"); + myVerifyAction = VERIFY_FORCE_FAIL; + } + else if (XSTRCMP(myoptarg, "verifyInfo") == 0) { + printf("Verify should use preverify (just show info)\n"); + myVerifyAction = VERIFY_USE_PREVERIFY; + } + else if (XSTRCMP(myoptarg, "loadSSL") == 0) { + printf("Also load cert/key into wolfSSL object\n"); + #ifndef NO_CERTS + loadCertKeyIntoSSLObj = 2; + #endif + } + else if (XSTRCMP(myoptarg, "loadSSLOnly") == 0) { + printf("Only load cert/key into wolfSSL object\n"); + #ifndef NO_CERTS + loadCertKeyIntoSSLObj = 1; + #endif + } + else if (XSTRCMP(myoptarg, "disallowETM") == 0) { + printf("Disallow Encrypt-Then-MAC\n"); + #ifdef HAVE_ENCRYPT_THEN_MAC + disallowETM = 1; + #endif + } + else if (XSTRCMP(myoptarg, "overrideDateErr") == 0) { + #if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + myVerifyAction = VERIFY_OVERRIDE_DATE_ERR; + #endif + } + else { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + break; + + case 'A' : + verifyCert = myoptarg; + break; + + case 'c' : + ourCert = myoptarg; + break; + + case 'k' : + ourKey = myoptarg; + break; + + case 'D' : + #ifndef NO_DH + ourDhParam = myoptarg; + #endif + break; + + case 'Z' : + #ifndef NO_DH + minDhKeyBits = atoi(myoptarg); + if (minDhKeyBits <= 0 || minDhKeyBits > 16000) { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + #endif + break; + + case 'N': + nonBlocking = 1; + break; + + case 'S' : + #ifdef HAVE_SNI + sniHostName = myoptarg; + #endif + break; + + case 'o' : + #ifdef HAVE_OCSP + useOcsp = 1; + #endif + break; + + case 'O' : + #ifdef HAVE_OCSP + useOcsp = 1; + ocspUrl = myoptarg; + #endif + break; + + case 'a' : + #ifdef HAVE_ANON + useAnon = 1; + #endif + break; + case 'I': + #ifndef NO_PSK + sendPskIdentityHint = 0; + #endif + break; + + case 'L' : + #ifdef HAVE_ALPN + alpnList = myoptarg; + + if (alpnList[0] == 'C' && alpnList[1] == ':') + alpn_opt = WOLFSSL_ALPN_CONTINUE_ON_MISMATCH; + else if (alpnList[0] == 'F' && alpnList[1] == ':') + alpn_opt = WOLFSSL_ALPN_FAILED_ON_MISMATCH; + else { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + + alpnList += 2; + + #endif + break; + + case 'i' : + loops = -1; + break; + + case 'C' : + loops = atoi(myoptarg); + if (loops <= 0) { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + break; + + case 'e' : + echoData = 1; + break; + + case 'B': + throughput = (size_t)atol(myoptarg); + for (; *myoptarg != '\0'; myoptarg++) { + if (*myoptarg == ',') { + block = atoi(myoptarg + 1); + break; + } + } + if (throughput == 0 || block <= 0) { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + break; + + #ifdef WOLFSSL_TRUST_PEER_CERT + case 'E' : + trustCert = myoptarg; + break; + #endif + + case 'q' : + #ifdef HAVE_WNR + wnrConfigFile = myoptarg; + #endif + break; + + case 'g' : + useWebServerMsg = 1; + break; + + case 'y' : + #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) \ + && !defined(NO_DH) + onlyKeyShare = 1; + #endif + break; + + case 'Y' : + #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) \ + && defined(HAVE_ECC) + onlyKeyShare = 2; + #endif + break; + + case 't' : + #ifdef HAVE_CURVE25519 + useX25519 = 1; + #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) + onlyKeyShare = 2; + #endif + #endif + break; + + case 'K' : + #ifdef WOLFSSL_TLS13 + noPskDheKe = 1; + #endif + break; + + case 'T' : + #if defined(HAVE_SESSION_TICKET) + if (XSTRLEN(myoptarg) == 0) { + #if defined(WOLFSSL_TLS13) + noTicketTls13 = 1; + #endif + } + #if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) + else if (XSTRCMP(myoptarg, "a") == 0) { + noTicketTls12 = 1; + #if defined(WOLFSSL_TLS13) + noTicketTls13 = 1; + #endif + } + else if (XSTRCMP(myoptarg, "o") == 0) { + noTicketTls12 = 1; + } + else if (XSTRCMP(myoptarg, "n") == 0) { + #if defined(WOLFSSL_TLS13) + noTicketTls13 = 1; + #endif + } + #endif + else { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + #endif + break; + + case 'U' : + #ifdef WOLFSSL_TLS13 + updateKeysIVs = 1; + #endif + break; + + #ifndef NO_CERTS + case 'F' : + mutualAuth = 1; + break; + #endif + + case 'Q' : + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + postHandAuth = 1; + doCliCertCheck = 0; + #endif + break; + + case 'J' : + #ifdef WOLFSSL_SEND_HRR_COOKIE + hrrCookie = 1; + if (XSTRCMP(myoptarg, "n") == 0) + hrrCookie = -1; + #endif + break; + + case 'M' : + #ifdef HAVE_SECURE_RENEGOTIATION + scr = 1; + #endif /* HAVE_SECURE_RENEGOTIATION */ + break; + + case 'm' : + #ifdef HAVE_SECURE_RENEGOTIATION + scr = 1; + forceScr = 1; + #endif /* HAVE_SECURE_RENEGOTIATION */ + break; + + case '0' : + #ifdef WOLFSSL_EARLY_DATA + earlyData = 1; + #endif + break; + + case '1' : + lng_index = atoi(myoptarg); + if(lng_index<0||lng_index>1){ + lng_index = 0; + } + break; + + case '2' : + #if !defined(NO_DH) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_OLD_PRIME_CHECK) + doDhKeyCheck = 0; + #endif + break; + + case '3' : + #ifdef WOLFSSL_MULTICAST + doMcast = 1; + mcastID = (byte)(atoi(myoptarg) & 0xFF); + #endif + break; + + case '4' : + #if defined(WOLFSSL_DTLS) && defined(USE_WOLFSSL_IO) + XMEMSET(&dtlsCtx, 0, sizeof(dtlsCtx)); + doBlockSeq = 1; + dtlsCtx.blockSeq = (word32)atoi(myoptarg); + #endif + break; + + case '5' : + #ifdef HAVE_TRUSTED_CA + trustedCaKeyId = 1; + #endif /* HAVE_TRUSTED_CA */ + break; + + case '6' : +#ifdef WOLFSSL_ASYNC_IO + nonBlocking = 1; + simulateWantWrite = 1; +#else + LOG_ERROR("Ignoring -6 since async I/O support not " + "compiled in.\n"); +#endif + break; + case '7' : + minVersion = atoi(myoptarg); + if (minVersion < 0 || minVersion > 4) { + Usage(); + XEXIT_T(MY_EX_USAGE); + } + break; + case '8' : + #ifdef HAVE_CURVE448 + useX448 = 1; + #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) + onlyKeyShare = 2; + #endif + #endif + break; + case '9' : +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + useCertFolder = 1; + break; +#endif + case '@' : + { +#ifdef HAVE_WC_INTROSPECTION + const char *conf_args = wolfSSL_configure_args(); + if (conf_args) { + puts(conf_args); + XEXIT_T(EXIT_SUCCESS); + } else { + fputs("configure args not compiled in.\n",stderr); + XEXIT_T(MY_EX_USAGE); + } +#else + fputs("compiled without BUILD_INTROSPECTION.\n",stderr); + XEXIT_T(MY_EX_USAGE); +#endif + } + + case '#' : + { +#ifdef HAVE_WC_INTROSPECTION + const char *cflags = wolfSSL_global_cflags(); + if (cflags) { + puts(cflags); + XEXIT_T(EXIT_SUCCESS); + } else { + fputs("CFLAGS not compiled in.\n",stderr); + XEXIT_T(MY_EX_USAGE); + } +#else + fputs("compiled without BUILD_INTROSPECTION.\n",stderr); + XEXIT_T(MY_EX_USAGE); +#endif + } + +#ifdef WOLFSSL_WOLFSENTRY_HOOKS + case 256: +#if !defined(NO_FILESYSTEM) && !defined(WOLFSENTRY_NO_JSON) + wolfsentry_config_path = myoptarg; +#endif + break; +#endif + +#ifdef HAVE_PQC + case 259: + { + usePqc = 1; + #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) + onlyKeyShare = 2; + #endif + pqcAlg = myoptarg; + } break; +#endif + +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) + case 261: + sendTicket = 1; + break; +#endif +#ifdef CAN_FORCE_CURVE + case 262: { + /* Note: this requires TSL1.3 (version >= 4) */ + #ifdef HAVE_ECC + int j = 0; /* our group index */ + #endif + if (NULL == myoptarg) { + #ifdef HAVE_ECC + int idx = 0; /* ecc curve index */ + #endif + Usage(); + if (lng_index == 1) { + /* TODO: Need Japanese translation */ + printf("\nAvailable choices for --force-curve:\n"); + } else { + printf("\nAvailable choices for --force-curve:\n"); + } + #ifdef HAVE_ECC + for (idx=0; ; ++idx) { + int id = wc_ecc_get_curve_id(idx); + if (ECC_CURVE_INVALID == id) { + break; + } + for (j=0; group_id_to_text[j].group != 0; ++j) { + if (XSTRCMP(group_id_to_text[j].name, + wc_ecc_get_curve_name_from_id(id)) == 0) { + printf("\t%s\n", group_id_to_text[j].name); + } + } + } + #endif + #ifdef HAVE_CURVE25519 + printf("\tCURVE25519\n"); + #endif + #ifdef HAVE_CURVE448 + printf("\tCURVE448\n"); + #endif + printf("\n"); + XEXIT_T(EXIT_SUCCESS); + } + #ifdef HAVE_ECC + for (j=0; group_id_to_text[j].group != 0; ++j) { + if (XSTRCMP(group_id_to_text[j].name, myoptarg) == 0) { + force_curve_group_id = group_id_to_text[j].group; + } + } + #endif + #ifdef HAVE_CURVE25519 + if (force_curve_group_id <= 0) { + if (XSTRCMP(myoptarg, "CURVE25519") == 0) { + force_curve_group_id = WOLFSSL_ECC_X25519; + } + } + #endif + #ifdef HAVE_CURVE448 + if (force_curve_group_id <= 0) { + if (XSTRCMP(myoptarg, "CURVE448") == 0) { + force_curve_group_id = WOLFSSL_ECC_X448; + } + } + #endif + if (force_curve_group_id <= 0) { + if (lng_index == 1) { + /* TODO: Need Japanese translation */ + LOG_ERROR("Invalid curve '%s'\n", myoptarg); + } else { + LOG_ERROR("Invalid curve '%s'\n", myoptarg); + } + XEXIT_T(EXIT_FAILURE); + } + } + break; +#endif /* CAN_FORCE_CURVE */ +#ifdef WOLFSSL_DTLS_CID + case 263: + useDtlsCID = 1; + if (myoptarg != NULL) { + if (XSTRLEN(myoptarg) >= DTLS_CID_BUFFER_SIZE) { + err_sys("provided connection ID is too big"); + } + else { + XSTRLCPY(dtlsCID, myoptarg, DTLS_CID_BUFFER_SIZE); + } + } + break; +#endif /* WOLFSSL_CID */ + case 264: +#ifdef HAVE_SUPPORTED_CURVES + #ifdef WOLFSSL_TLS13 + onlyPskDheKe = 1; + #endif +#endif + break; + case 265: +#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM) + crlDir = myoptarg; +#endif + break; + + case 266: + quieter = 1; + break; + +#ifdef WOLFSSL_DUAL_ALG_CERTS + case 267: + altPrivKey = myoptarg; + break; +#endif + case 268: +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + policy = myoptarg; +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + break; + + case -1: + default: + Usage(); + XEXIT_T(MY_EX_USAGE); + } + } + + myoptind = 0; /* reset for test cases */ +#endif /* !WOLFSSL_VXWORKS */ + + /* Can only use DTLS over UDP or SCTP, can't do both. */ + if (dtlsUDP && dtlsSCTP) { + err_sys_ex(runWithErrors, "Cannot use DTLS with both UDP and SCTP."); + } + + /* sort out DTLS versus TLS versions */ + if (version == CLIENT_INVALID_VERSION) { + if (doDTLS) + version = CLIENT_DTLS_DEFAULT_VERSION; + else + version = CLIENT_DEFAULT_VERSION; + } + else { + if (doDTLS) { + if (version == 3) { + version = -2; + } + else if (version == 4) { +#ifdef WOLFSSL_DTLS13 + version = -4; +#else + err_sys_ex(runWithErrors, "Bad DTLS version"); +#endif /* WOLFSSL_DTLS13 */ + } + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + else if (version == EITHER_DOWNGRADE_VERSION) { + version = -3; + } + #endif + else if (version == 2) + version = -1; + } + } + +#ifndef HAVE_SESSION_TICKET + if ((version >= 4) && resume) { + LOG_ERROR("Can't do TLS 1.3 resumption; need session tickets!\n"); + } +#endif + +#ifdef HAVE_WNR + if (wc_InitNetRandom(wnrConfigFile, NULL, 5000) != 0) + err_sys_ex(runWithErrors, "can't load whitewood net random config " + "file"); +#endif + +#ifdef HAVE_PQC + if (usePqc) { + if (version == SERVER_DOWNGRADE_VERSION || + version == EITHER_DOWNGRADE_VERSION) { + LOG_ERROR( + "WARNING: If a TLS 1.3 connection is not negotiated, you " + "will not be using a post-quantum group.\n"); + } else if (version != 4 && version != -4) { + err_sys("can only use post-quantum groups with TLS 1.3 or DTLS 1.3"); + } + } +#endif + + switch (version) { +#ifndef NO_OLD_TLS + #ifdef WOLFSSL_ALLOW_SSLV3 + case 0: + method = wolfSSLv3_server_method_ex; + break; + #endif + + #ifndef NO_TLS + #ifdef WOLFSSL_ALLOW_TLSV10 + case 1: + method = wolfTLSv1_server_method_ex; + break; + #endif + + case 2: + method = wolfTLSv1_1_server_method_ex; + break; + #endif /* !NO_TLS */ +#endif /* !NO_OLD_TLS */ + +#ifndef NO_TLS + #ifndef WOLFSSL_NO_TLS12 + case 3: + method = wolfTLSv1_2_server_method_ex; + break; + #endif + + #ifdef WOLFSSL_TLS13 + case 4: + method = wolfTLSv1_3_server_method_ex; + break; + #endif + + case SERVER_DOWNGRADE_VERSION: + if (!doDTLS) { + method = wolfSSLv23_server_method_ex; + } + else { +#ifdef WOLFSSL_DTLS + method = wolfDTLS_server_method_ex; +#else + err_sys_ex(runWithErrors, "version not supported"); +#endif /* WOLFSSL_DTLS */ + } + break; + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + case EITHER_DOWNGRADE_VERSION: + method = wolfSSLv23_method_ex; + break; + #endif +#endif /* NO_TLS */ + +#ifdef WOLFSSL_DTLS + #ifndef NO_OLD_TLS + case -1: + method = wolfDTLSv1_server_method_ex; + break; + #endif + + #ifndef WOLFSSL_NO_TLS12 + case -2: + method = wolfDTLSv1_2_server_method_ex; + break; + #endif +#ifdef WOLFSSL_DTLS13 + case -4: + method = wolfDTLSv1_3_server_method_ex; + break; +#endif + #if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + case -3: + method = wolfDTLSv1_2_method_ex; + break; + #endif +#endif + + default: + err_sys_ex(runWithErrors, "Bad SSL version"); + } + + if (method == NULL) + err_sys_ex(runWithErrors, "unable to get method"); + +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) + if (policy != NULL) { + if (wolfSSL_crypto_policy_enable(policy) != WOLFSSL_SUCCESS) { + err_sys("wolfSSL_crypto_policy_enable failed"); + } + } +#endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + +#ifdef WOLFSSL_STATIC_MEMORY + #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) + /* print off helper buffer sizes for use with static memory + * printing to stderr in case of debug mode turned on */ + LOG_ERROR("static memory management size = %d\n", + wolfSSL_MemoryPaddingSz()); + LOG_ERROR("calculated optimum general buffer size = %d\n", + wolfSSL_StaticBufferSz(memory, sizeof(memory), 0)); + LOG_ERROR("calculated optimum IO buffer size = %d\n", + wolfSSL_StaticBufferSz(memoryIO, sizeof(memoryIO), + WOLFMEM_IO_POOL_FIXED)); + #endif /* DEBUG_WOLFSSL */ + + if (wolfSSL_CTX_load_static_memory(&ctx, method, memory, sizeof(memory),0,1) + != WOLFSSL_SUCCESS) + err_sys_ex(catastrophic, "unable to load static memory and create ctx"); + + /* load in a buffer for IO */ + if (wolfSSL_CTX_load_static_memory(&ctx, NULL, memoryIO, sizeof(memoryIO), + WOLFMEM_IO_POOL_FIXED | WOLFMEM_TRACK_STATS, 1) + != WOLFSSL_SUCCESS) + err_sys_ex(catastrophic, "unable to load static memory and create ctx"); +#else + if (method != NULL) { + ctx = SSL_CTX_new(method(NULL)); + } +#ifdef WOLFSSL_CALLBACKS + wolfSSL_CTX_set_msg_callback(ctx, msgDebugCb); +#endif +#endif /* WOLFSSL_STATIC_MEMORY */ + if (ctx == NULL) + err_sys_ex(catastrophic, "unable to get ctx"); + + if (minVersion != SERVER_INVALID_VERSION) { +#ifdef WOLFSSL_DTLS + if (doDTLS) { + switch (minVersion) { +#ifdef WOLFSSL_DTLS13 + case 4: + minVersion = WOLFSSL_DTLSV1_3; + break; +#endif /* WOLFSSL_DTLS13 */ + case 3: + minVersion = WOLFSSL_DTLSV1_2; + break; + case 2: + minVersion = WOLFSSL_DTLSV1; + break; + } + } +#endif /* WOLFSSL_DTLS13 */ + if (wolfSSL_CTX_SetMinVersion(ctx, minVersion) != WOLFSSL_SUCCESS) + err_sys_ex(catastrophic, "can't set minimum downgrade version"); + } + +#ifdef OPENSSL_COMPATIBLE_DEFAULTS + /* Restore wolfSSL verify defaults */ + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_DEFAULT, NULL); +#endif + +#ifdef WOLFSSL_SRTP + if (dtlsSrtpProfiles != NULL) { + if (wolfSSL_CTX_set_tlsext_use_srtp(ctx, dtlsSrtpProfiles) + != 0) { + err_sys_ex(catastrophic, "unable to set DTLS SRTP profile"); + } + } +#endif + +#ifdef WOLFSSL_WOLFSENTRY_HOOKS + if (wolfsentry_setup(&wolfsentry, wolfsentry_config_path, + WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN) < 0) { + err_sys("unable to initialize wolfSentry"); + } + + if (wolfSSL_CTX_set_AcceptFilter( + ctx, + (NetworkFilterCallback_t)wolfSentry_NetworkFilterCallback, + wolfsentry) < 0) { + err_sys_ex(catastrophic, + "unable to install wolfSentry_NetworkFilterCallback"); + } +#endif + + if (simulateWantWrite) + { + #ifdef USE_WOLFSSL_IO + wolfSSL_CTX_SetIOSend(ctx, SimulateWantWriteIOSendCb); + #endif + } + +#ifdef HAVE_TEST_SESSION_TICKET + if (TicketInit() != 0) + err_sys_ex(catastrophic, "unable to setup Session Ticket Key context"); + wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); + XMEMSET(&myTicketCtx, 0, sizeof(myTicketCtx)); + wolfSSL_CTX_set_TicketEncCtx(ctx, &myTicketCtx); +#endif + +#if defined(WOLFSSL_SNIFFER) && defined(WOLFSSL_STATIC_EPHEMERAL) && \ + defined(WOLFSSL_PEM_TO_DER) + /* used for testing only to set a static/fixed ephemeral key + for use with the sniffer */ +#if defined(HAVE_ECC) && !defined(NO_ECC_SECP) && \ + (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) + ret = wolfSSL_CTX_set_ephemeral_key(ctx, WC_PK_TYPE_ECDH, + "./certs/statickeys/ecc-secp256r1.pem", 0, WOLFSSL_FILETYPE_PEM); + if (ret != 0) { + err_sys_ex(runWithErrors, "error loading static ECDH key"); + } + { + const byte* key = NULL; + word32 keySz = 0; + /* example for getting pointer to loaded static ephemeral key */ + wolfSSL_CTX_get_ephemeral_key(ctx, WC_PK_TYPE_ECDH, &key, &keySz); + (void)key; + (void)keySz; + } +#endif +#ifndef NO_DH + ret = wolfSSL_CTX_set_ephemeral_key(ctx, WC_PK_TYPE_DH, + "./certs/statickeys/dh-ffdhe2048.pem", 0, WOLFSSL_FILETYPE_PEM); + if (ret != 0) { + err_sys_ex(runWithErrors, "error loading static DH key"); + } +#endif +#ifdef HAVE_CURVE25519 + ret = wolfSSL_CTX_set_ephemeral_key(ctx, WC_PK_TYPE_CURVE25519, + "./certs/statickeys/x25519.pem", 0, WOLFSSL_FILETYPE_PEM); + if (ret != 0) { + err_sys_ex(runWithErrors, "error loading static X25519 key"); + } +#endif +#endif /* WOLFSSL_SNIFFER && WOLFSSL_STATIC_EPHEMERAL && WOLFSSL_PEM_TO_DER */ + + if (cipherList && !useDefCipherList) { + if (SSL_CTX_set_cipher_list(ctx, cipherList) != WOLFSSL_SUCCESS) + err_sys_ex(runWithErrors, "server can't set custom cipher list"); + } + +#ifdef WOLFSSL_LEANPSK + if (!usePsk) { + usePsk = 1; + } +#endif + +#if defined(NO_RSA) && !defined(HAVE_ECC) && !defined(HAVE_ED25519) && \ + !defined(HAVE_ED448) + if (!usePsk) { + usePsk = 1; + } +#endif + + if (fewerPackets) + wolfSSL_CTX_set_group_messages(ctx); +#if (defined(WOLFSSL_SCTP) || defined(WOLFSSL_DTLS_MTU)) && \ + defined(WOLFSSL_DTLS) + if (dtlsMTU) + wolfSSL_CTX_dtls_set_mtu(ctx, (unsigned short)dtlsMTU); +#endif + +#ifdef WOLFSSL_SCTP + if (dtlsSCTP) + wolfSSL_CTX_dtls_set_sctp(ctx); +#endif + +#ifdef WOLFSSL_ENCRYPTED_KEYS + SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); +#endif + +#if !defined(NO_CERTS) + if ((!usePsk || usePskPlus) && !useAnon && !(loadCertKeyIntoSSLObj == 1)) { + #if defined(NO_FILESYSTEM) && defined(USE_CERT_BUFFERS_2048) + if (wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, + server_cert_der_2048, sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + err_sys_ex(catastrophic, "can't load server cert buffer"); + #elif !defined(TEST_LOAD_BUFFER) + #if defined(WOLFSSL_PEM_TO_DER) + if (SSL_CTX_use_certificate_chain_file(ctx, ourCert) + != WOLFSSL_SUCCESS) + #else + if (wolfSSL_CTX_use_certificate_chain_file_format(ctx, ourCert, + WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + #endif + err_sys_ex(catastrophic, "can't load server cert file, check file " + "and run from wolfSSL home dir"); + #else + /* loads cert chain file using buffer API */ + load_buffer(ctx, ourCert, WOLFSSL_CERT_CHAIN); + #endif + } +#endif + +#ifndef NO_DH + if (wolfSSL_CTX_SetMinDhKey_Sz(ctx, (word16)minDhKeyBits) + != WOLFSSL_SUCCESS) { + err_sys_ex(runWithErrors, "Error setting minimum DH key size"); + } +#endif +#ifndef NO_RSA + if (wolfSSL_CTX_SetMinRsaKey_Sz(ctx, minRsaKeyBits) != WOLFSSL_SUCCESS){ + err_sys_ex(runWithErrors, "Error setting minimum RSA key size"); + } +#endif +#ifdef HAVE_ECC + if (wolfSSL_CTX_SetMinEccKey_Sz(ctx, minEccKeyBits) != WOLFSSL_SUCCESS){ + err_sys_ex(runWithErrors, "Error setting minimum ECC key size"); + } +#endif + +#if !defined(NO_CERTS) + #ifdef HAVE_PK_CALLBACKS + pkCbInfo.ourKey = ourKey; + #endif + if ((!usePsk || usePskPlus) && !useAnon + && !(loadCertKeyIntoSSLObj == 1) + #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY) + && !pkCallbacks + #endif /* HAVE_PK_CALLBACKS && TEST_PK_PRIVKEY */ + ) { + #ifdef NO_FILESYSTEM + if (wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, + sizeof_server_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + err_sys_ex(catastrophic, "can't load server private key buffer"); + #elif !defined(TEST_LOAD_BUFFER) + #if defined(WOLFSSL_PEM_TO_DER) + if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_PEM) + != WOLFSSL_SUCCESS) + #else + if (SSL_CTX_use_PrivateKey_file(ctx, ourKey, WOLFSSL_FILETYPE_ASN1) + != WOLFSSL_SUCCESS) + #endif + err_sys_ex(catastrophic, "can't load server private key file, " + "check file and run from wolfSSL home dir"); + #ifdef WOLFSSL_DUAL_ALG_CERTS + if ((altPrivKey != NULL) && + wolfSSL_CTX_use_AltPrivateKey_file(ctx, altPrivKey, + WOLFSSL_FILETYPE_PEM) + != WOLFSSL_SUCCESS) + err_sys_ex(catastrophic, "can't load alt private key file, " + "check file and run from wolfSSL home dir"); + #endif /* WOLFSSL_DUAL_ALG_CERTS */ + #else + /* loads private key file using buffer API */ + load_buffer(ctx, ourKey, WOLFSSL_KEY); + #endif + } +#endif + + if (usePsk || usePskPlus) { +#ifndef NO_PSK + const char *defaultCipherList = cipherList; + + SSL_CTX_set_psk_server_callback(ctx, my_psk_server_cb); + #ifdef WOLFSSL_TLS13 + wolfSSL_CTX_set_psk_server_tls13_callback(ctx, my_psk_server_tls13_cb); + #endif + if (sendPskIdentityHint == 1) + SSL_CTX_use_psk_identity_hint(ctx, "cyassl server"); + + if (defaultCipherList == NULL && !usePskPlus) { + #if defined(HAVE_AESGCM) && !defined(NO_DH) + #ifdef WOLFSSL_TLS13 + defaultCipherList = "TLS13-AES128-GCM-SHA256" + #ifndef WOLFSSL_NO_TLS12 + ":DHE-PSK-AES128-GCM-SHA256" + #endif + ; + #else + defaultCipherList = "DHE-PSK-AES128-GCM-SHA256"; + #endif + needDH = 1; + #elif defined(HAVE_AESGCM) && defined(WOLFSSL_TLS13) + defaultCipherList = "TLS13-AES128-GCM-SHA256" + #ifndef WOLFSSL_NO_TLS12 + ":PSK-AES128-GCM-SHA256" + #endif + ; + #elif defined(HAVE_NULL_CIPHER) + defaultCipherList = "PSK-NULL-SHA256"; + #elif !defined(NO_AES_CBC) + defaultCipherList = "PSK-AES128-CBC-SHA256"; + #else + defaultCipherList = "PSK-AES128-GCM-SHA256"; + #endif + if (SSL_CTX_set_cipher_list(ctx, defaultCipherList) + != WOLFSSL_SUCCESS) + err_sys_ex(runWithErrors, "server can't set cipher list 2"); + } + wolfSSL_CTX_set_psk_callback_ctx(ctx, (void*)defaultCipherList); +#endif /* !NO_PSK */ + } +#ifndef NO_CERTS + if (mutualAuth) + wolfSSL_CTX_mutual_auth(ctx, 1); +#endif + + +#ifdef HAVE_ECC + /* Use ECDHE key size that matches long term key. + * Zero means use ctx->privateKeySz. + * Default ECDHE_SIZE is 32 bytes + */ + if (wolfSSL_CTX_SetTmpEC_DHE_Sz(ctx, 0) != WOLFSSL_SUCCESS){ + err_sys_ex(runWithErrors, "Error setting ECDHE size"); + } +#endif + + if (useAnon) { +#ifdef HAVE_ANON + wolfSSL_CTX_allow_anon_cipher(ctx); + if (cipherList == NULL || (cipherList && useDefCipherList)) { + const char* defaultCipherList; + defaultCipherList = "ADH-AES256-GCM-SHA384:" + "ADH-AES128-SHA"; + if (SSL_CTX_set_cipher_list(ctx, defaultCipherList) + != WOLFSSL_SUCCESS) + err_sys_ex(runWithErrors, "server can't set cipher list 4"); + } +#endif + } + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + /* if not using PSK, verify peer with certs + if using PSK Plus then verify peer certs except PSK suites */ + if (doCliCertCheck && (usePsk == 0 || usePskPlus) && useAnon == 0) { + unsigned int verify_flags = 0; + SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | + (usePskPlus ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK : + WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), + (myVerifyAction == VERIFY_OVERRIDE_DATE_ERR || + myVerifyAction == VERIFY_FORCE_FAIL) ? myVerify : NULL); + + #ifdef TEST_BEFORE_DATE + verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY; + #endif + #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + if (useCertFolder) { + WOLFSSL_X509_STORE *store; + WOLFSSL_X509_LOOKUP *lookup; + + store = wolfSSL_CTX_get_cert_store(ctx); + if (store == NULL) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't get WOLFSSL_X509_STORE"); + } + lookup = wolfSSL_X509_STORE_add_lookup(store, X509_LOOKUP_hash_dir()); + if (lookup == NULL) { + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("can't add lookup"); + } + if (wolfSSL_X509_LOOKUP_ctrl(lookup, WOLFSSL_X509_L_ADD_DIR, caCertFolder, + X509_FILETYPE_PEM, NULL) != WOLFSSL_SUCCESS) { + err_sys("X509_LOOKUP_ctrl w/ L_ADD_DIR failed"); + } + } else { + #endif + if (wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0, + verify_flags) != WOLFSSL_SUCCESS) { + err_sys_ex(catastrophic, + "can't load ca file, Please run from wolfSSL home dir"); + } + #ifdef WOLFSSL_TRUST_PEER_CERT + if (trustCert) { + if (wolfSSL_CTX_trust_peer_cert(ctx, trustCert, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + err_sys_ex(runWithErrors, "can't load trusted peer cert file"); + } + } + #endif /* WOLFSSL_TRUST_PEER_CERT */ + #if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + } + #endif + } +#endif + +#ifdef WOLFSSL_SNIFFER + if (cipherList == NULL && version < 4) { + /* static RSA or static ECC cipher suites */ + const char* staticCipherList = "AES128-SHA:ECDH-ECDSA-AES128-SHA"; + if (SSL_CTX_set_cipher_list(ctx, staticCipherList) != WOLFSSL_SUCCESS) { + err_sys_ex(runWithErrors, "server can't set cipher list 3"); + } + } +#endif + +#ifdef HAVE_SNI + if (sniHostName) + if (wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, sniHostName, + (word16) XSTRLEN(sniHostName)) != WOLFSSL_SUCCESS) + err_sys_ex(runWithErrors, "UseSNI failed"); +#endif + +#ifdef USE_WINDOWS_API + if (port == 0) { + /* Generate random port for testing */ + port = GetRandomPort(); + } +#endif /* USE_WINDOWS_API */ + +#ifdef WOLFSSL_ASYNC_CRYPT + ret = wolfAsync_DevOpen(&devId); + if (ret < 0) { + LOG_ERROR("Async device open failed\nRunning without async\n"); + } + wolfSSL_CTX_SetDevId(ctx, devId); +#endif /* WOLFSSL_ASYNC_CRYPT */ + +#ifdef WOLFSSL_TLS13 + if (noPskDheKe) + wolfSSL_CTX_no_dhe_psk(ctx); +#ifdef HAVE_SUPPORTED_CURVES + if (onlyPskDheKe) + wolfSSL_CTX_only_dhe_psk(ctx); +#endif +#endif +#ifdef HAVE_SESSION_TICKET +#ifdef WOLFSSL_TLS13 + if (noTicketTls13) + wolfSSL_CTX_no_ticket_TLSv13(ctx); +#endif +#if !defined(WOLFSSL_NO_TLS12) || !defined(NO_OLD_TLS) + if (noTicketTls12) + wolfSSL_CTX_NoTicketTLSv12(ctx); +#endif +#endif +#if defined(HAVE_CRL) && !defined(NO_FILESYSTEM) + if (!disableCRL) { + /* Need to load CA's to confirm CRL signatures */ + unsigned int verify_flags = 0; +#ifdef TEST_BEFORE_DATE + verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY; +#endif + if (wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0, + verify_flags) != WOLFSSL_SUCCESS) { + err_sys_ex(catastrophic, + "can't load ca file, Please run from wolfSSL home dir"); + } +#ifdef HAVE_CRL_MONITOR + crlFlags = WOLFSSL_CRL_MONITOR | WOLFSSL_CRL_START_MON; +#endif + if (wolfSSL_CTX_EnableCRL(ctx, 0) != WOLFSSL_SUCCESS) + err_sys_ex(runWithErrors, "unable to enable CRL"); + if (wolfSSL_CTX_LoadCRL(ctx, crlDir != NULL ? crlDir : crlPemDir, + WOLFSSL_FILETYPE_PEM, crlFlags) != WOLFSSL_SUCCESS) + err_sys_ex(runWithErrors, "unable to load CRL"); + if (wolfSSL_CTX_SetCRL_Cb(ctx, CRL_CallBack) != WOLFSSL_SUCCESS) + err_sys_ex(runWithErrors, "unable to set CRL callback url"); + } +#endif + + + while (1) { + /* allow resume option */ + if (resumeCount > 1) { + if (dtlsUDP == 0) { + client_len = sizeof client_addr; + clientfd = accept(sockfd, (struct sockaddr*)&client_addr, + (ACCEPT_THIRD_T)&client_len); + } + else { + tcp_listen(&sockfd, &port, useAnyAddr, dtlsUDP, dtlsSCTP); + clientfd = sockfd; + } + if (WOLFSSL_SOCKET_IS_INVALID(clientfd)) { + err_sys_ex(runWithErrors, "tcp accept failed"); + } + } +#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) && \ + !defined(WOLFSSL_STATIC_MEMORY_LEAN) + LOG_ERROR("Before creating SSL\n"); + if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1) + err_sys_ex(runWithErrors, "ctx not using static memory"); + if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */ + err_sys_ex(runWithErrors, "error printing out memory stats"); +#endif + + if (doMcast) { +#ifdef WOLFSSL_MULTICAST + wolfSSL_CTX_mcast_set_member_id(ctx, mcastID); + if (wolfSSL_CTX_set_cipher_list(ctx, "WDM-NULL-SHA256") + != WOLFSSL_SUCCESS) + err_sys("Couldn't set multicast cipher list."); +#endif + } + + if (doDTLS && dtlsUDP) { +#if defined(WOLFSSL_DTLS) && defined(USE_WOLFSSL_IO) + if (doBlockSeq) { + wolfSSL_CTX_SetIOSend(ctx, TestEmbedSendTo); + } +#endif + } + +#ifdef HAVE_PK_CALLBACKS + if (pkCallbacks) + SetupPkCallbacks(ctx); +#endif + + ssl = SSL_new(ctx); + if (ssl == NULL) + err_sys_ex(catastrophic, "unable to create an SSL object"); + +#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK) + wolfSSL_KeepArrays(ssl); +#endif + + /* Support for loading private key and cert using WOLFSSL object */ +#if !defined(NO_CERTS) + if ((!usePsk || usePskPlus) && !useAnon && loadCertKeyIntoSSLObj) { + #if defined(NO_FILESYSTEM) && defined(USE_CERT_BUFFERS_2048) + if (wolfSSL_use_certificate_chain_buffer_format(ssl, + server_cert_der_2048, sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + err_sys_ex(catastrophic, "can't load server cert buffer"); + #elif !defined(TEST_LOAD_BUFFER) + if (SSL_use_certificate_chain_file(ssl, ourCert) + != WOLFSSL_SUCCESS) + err_sys_ex(catastrophic, "can't load server cert file, check file " + "and run from wolfSSL home dir"); + #else + /* loads cert chain file using buffer API */ + load_ssl_buffer(ssl, ourCert, WOLFSSL_CERT_CHAIN); + #endif + } + + if ((!usePsk || usePskPlus) && !useAnon && + loadCertKeyIntoSSLObj + #if defined(HAVE_PK_CALLBACKS) && defined(TEST_PK_PRIVKEY) + && !pkCallbacks + #endif /* HAVE_PK_CALLBACKS && TEST_PK_PRIVKEY */ + ) { + #if defined(NO_FILESYSTEM) + if (wolfSSL_use_PrivateKey_buffer(ssl, server_key_der_2048, + sizeof_server_key_der_2048, SSL_FILETYPE_ASN1) != WOLFSSL_SUCCESS) + err_sys_ex(catastrophic, "can't load server private key buffer"); + #elif !defined(TEST_LOAD_BUFFER) + if (SSL_use_PrivateKey_file(ssl, ourKey, WOLFSSL_FILETYPE_PEM) + != WOLFSSL_SUCCESS) + err_sys_ex(catastrophic, "can't load server private key file, check" + "file and run from wolfSSL home dir"); + #else + /* loads private key file using buffer API */ + load_ssl_buffer(ssl, ourKey, WOLFSSL_KEY); + #endif + } +#endif /* !NO_CERTS */ + +#ifdef WOLFSSL_SEND_HRR_COOKIE + if (hrrCookie == 1 && wolfSSL_send_hrr_cookie(ssl, NULL, 0) + != WOLFSSL_SUCCESS) { + err_sys("unable to set use of cookie with HRR msg"); + } + else if (hrrCookie == -1) { + wolfSSL_disable_hrr_cookie(ssl); + } +#endif + +#if defined(WOLFSSL_STATIC_MEMORY) && defined(DEBUG_WOLFSSL) && \ + !defined(WOLFSSL_STATIC_MEMORY_LEAN) + LOG_ERROR("After creating SSL\n"); + if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) != 1) + err_sys_ex(runWithErrors, "ctx not using static memory"); + if (wolfSSL_PrintStats(&mem_stats) != 1) /* function in test.h */ + err_sys_ex(runWithErrors, "error printing out memory stats"); +#endif + + if (doMcast) { +#ifdef WOLFSSL_MULTICAST + /* DTLS multicast secret for testing only */ + #define CLI_SRV_RANDOM_SZ 32 /* RAN_LEN (see internal.h) */ + #define PMS_SZ 512 /* ENCRYPT_LEN (see internal.h) */ + byte pms[PMS_SZ]; /* pre master secret */ + byte cr[CLI_SRV_RANDOM_SZ]; /* client random */ + byte sr[CLI_SRV_RANDOM_SZ]; /* server random */ + const byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */ + + XMEMSET(pms, 0x23, sizeof(pms)); + XMEMSET(cr, 0xA5, sizeof(cr)); + XMEMSET(sr, 0x5A, sizeof(sr)); + + if (wolfSSL_set_secret(ssl, 1, pms, sizeof(pms), cr, sr, suite) + != WOLFSSL_SUCCESS) { + err_sys("unable to set mcast secret"); + } +#endif + } + +#ifdef HAVE_SECURE_RENEGOTIATION + if (scr) { + if (wolfSSL_UseSecureRenegotiation(ssl) != WOLFSSL_SUCCESS) { + err_sys_ex(runWithErrors, "can't enable secure renegotiation"); + } + } +#endif /* HAVE_SECURE_RENEGOTIATION */ + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + if (postHandAuth) { + unsigned int verify_flags = 0; + + #ifdef TEST_BEFORE_DATE + verify_flags |= WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY; + #endif + + if (wolfSSL_CTX_load_verify_locations_ex(ctx, verifyCert, 0, + verify_flags) + != WOLFSSL_SUCCESS) { + err_sys_ex(runWithErrors, "can't load ca file, Please run from " + "wolfSSL home dir"); + } + #ifdef WOLFSSL_TRUST_PEER_CERT + if (trustCert) { + if (wolfSSL_trust_peer_cert(ssl, trustCert, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + err_sys_ex(runWithErrors, "can't load trusted peer cert " + "file"); + } + } + #endif /* WOLFSSL_TRUST_PEER_CERT */ + } + #endif +#endif + + +#ifndef NO_HANDSHAKE_DONE_CB + wolfSSL_SetHsDoneCb(ssl, myHsDoneCb, NULL); +#endif +#ifdef HAVE_OCSP + if (useOcsp) { + if (ocspUrl != NULL) { + wolfSSL_CTX_SetOCSP_OverrideURL(ctx, ocspUrl); + wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE + | WOLFSSL_OCSP_URL_OVERRIDE); + } + else + wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE); + } +#ifndef NO_RSA + /* All the OCSP Stapling test certs are RSA. */ +#if !defined(NO_FILESYSTEM) && (\ + defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) + { /* scope start */ + const char* ca1 = "certs/ocsp/intermediate1-ca-cert.pem"; + const char* ca2 = "certs/ocsp/intermediate2-ca-cert.pem"; + const char* ca3 = "certs/ocsp/intermediate3-ca-cert.pem"; + int fails = 0; + + if (wolfSSL_CTX_EnableOCSPStapling(ctx) != WOLFSSL_SUCCESS) { + err_sys_ex(catastrophic, "can't enable OCSP Stapling " + "Certificate Manager"); + } + if (SSL_CTX_load_verify_locations(ctx, ca1, 0) != WOLFSSL_SUCCESS) { + fails++; + err_sys_ex(runWithErrors, "can't load ca file, Please run from " + "wolfSSL home dir"); + } + if (SSL_CTX_load_verify_locations(ctx, ca2, 0) != WOLFSSL_SUCCESS) { + fails++; + err_sys_ex(runWithErrors, "can't load ca file, Please run from " + "wolfSSL home dir"); + } + if (SSL_CTX_load_verify_locations(ctx, ca3, 0) != WOLFSSL_SUCCESS) { + fails++; + err_sys_ex(runWithErrors, "can't load ca file, Please run from " + "wolfSSL home dir"); + } + if (fails > 2) { + err_sys_ex(catastrophic, "Failed to load any intermediates for " + "OCSP stapling test"); + } + } /* scope end */ +#endif /* HAVE_CERTIFICATE_STATUS_REQUEST HAVE_CERTIFICATE_STATUS_REQUEST_V2 */ +#endif /* NO_RSA */ +#endif /* HAVE_OCSP */ + + #ifdef HAVE_PK_CALLBACKS + /* This must be before SetKeyShare */ + if (pkCallbacks) { + SetupPkCallbackContexts(ssl, &pkCbInfo); + } + #endif + + #if defined(WOLFSSL_TLS13) && defined(HAVE_SUPPORTED_CURVES) + if (version >= 4 || version == -4) { + #ifdef CAN_FORCE_CURVE + if (force_curve_group_id > 0) { + do { + ret = wolfSSL_UseKeyShare(ssl, (word16)force_curve_group_id); + if (ret == WOLFSSL_SUCCESS) { + + } + #ifdef WOLFSSL_ASYNC_CRYPT + else if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + } + #endif + else { + err_sys("Failed wolfSSL_UseKeyShare in force-curve"); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + ret = wolfSSL_set_groups(ssl, &force_curve_group_id, 1); + if (WOLFSSL_SUCCESS != ret) { + err_sys("Failed wolfSSL_set_groups in force-curve"); + } + } + else + #endif + SetKeyShare(ssl, onlyKeyShare, useX25519, useX448, usePqc, + pqcAlg); + } + #endif + + #ifdef HAVE_ENCRYPT_THEN_MAC + if (disallowETM) + wolfSSL_AllowEncryptThenMac(ssl, 0); + #endif + + + /* do accept */ + readySignal = ((func_args*)args)->signal; + if (readySignal) { + readySignal->srfName = serverReadyFile; + } + + client_len = sizeof client_addr; + tcp_accept(&sockfd, &clientfd, (func_args*)args, port, useAnyAddr, + dtlsUDP, dtlsSCTP, serverReadyFile ? 1 : 0, doListen, + &client_addr, &client_len); + + doListen = 0; /* Don't listen next time */ + + if (port == 0) { + port = readySignal->port; + } + + if (SSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) { + err_sys_ex(catastrophic, "error in setting fd"); + } + +#ifdef HAVE_TRUSTED_CA + if (trustedCaKeyId) { + if (wolfSSL_UseTrustedCA(ssl, WOLFSSL_TRUSTED_CA_PRE_AGREED, + NULL, 0) != WOLFSSL_SUCCESS) { + err_sys_ex(runWithErrors, "UseTrustedCA failed"); + } + } +#endif /* HAVE_TRUSTED_CA */ + +#ifdef HAVE_ALPN + if (alpnList != NULL) { + printf("ALPN accepted protocols list : %s\n", alpnList); + wolfSSL_UseALPN(ssl, alpnList, (word32)XSTRLEN(alpnList), alpn_opt); + } +#endif + +#if defined(WOLFSSL_DTLS) && defined(USE_WOLFSSL_IO) + if (doDTLS && dtlsUDP) { + byte b[1500]; + int isClientHello = 0; + + while (!isClientHello) { + int n; + + client_len = sizeof client_addr; + + /* For DTLS, peek at the next datagram so we can get the + * client's address and set it into the ssl object later to + * generate the cookie. */ + n = (int)recvfrom(clientfd, (char*)b, sizeof(b), MSG_PEEK, + (struct sockaddr*)&client_addr, &client_len); + + if (n <= 0) + err_sys_ex(runWithErrors, "recvfrom failed"); + + /* when doing resumption, it may happen that we receive the + alert used to shutdown the first connection as the first + packet of the second accept: + + Client | Server + | WolfSSL_Shutdown() + | <- Alert + | recvfrom(peek) + WolfSSL_Shutdown() | + Alert-> | + | wolfSSL_set_dtls_peer() + + but this will set the wrong src port, making the test fail. + Discard not-handshake message to avoid this. + */ + if (b[0] != 0x16) { + /* discard the packet */ + n = (int)recvfrom(clientfd, (char *)b, sizeof(b), 0, + (struct sockaddr *)&client_addr, &client_len); + + if (n <= 0) + err_sys_ex(runWithErrors, "recvfrom failed"); + } + else { + isClientHello = 1; + } + } + + if (doBlockSeq) { + XMEMCPY(&dtlsCtx.peer.sa, &client_addr, client_len); + dtlsCtx.peer.sz = client_len; + dtlsCtx.wfd = clientfd; + dtlsCtx.failOnce = 1; + + wolfSSL_SetIOWriteCtx(ssl, &dtlsCtx); + } + else { + wolfSSL_dtls_set_peer(ssl, &client_addr, client_len); + } + if (simulateWantWrite) { +#ifdef USE_WOLFSSL_IO + /* connect on a udp to associate peer with this fd to make it + * simpler for SimulateWantWriteIOSendCb */ + if (connect(clientfd, (struct sockaddr*)&client_addr, + client_len) != 0) { + err_sys_ex(catastrophic, "error in connecting to peer"); + } + wolfSSL_SetIOWriteCtx(ssl, (void*)&sockfd); +#endif + } + } +#endif + +#ifdef WOLFSSL_WOLFSENTRY_HOOKS + { + SOCKADDR_IN_T local_addr; + socklen_t local_len = sizeof(local_addr); + getsockname(clientfd, (struct sockaddr *)&local_addr, + (socklen_t *)&local_len); + + if (((struct sockaddr *)&client_addr)->sa_family != + ((struct sockaddr *)&local_addr)->sa_family) + err_sys_ex(catastrophic, + "client_addr.sa_family != local_addr.sa_family"); + + if (wolfsentry_store_endpoints( + ssl, &client_addr, &local_addr, + dtlsUDP ? IPPROTO_UDP : IPPROTO_TCP, + WOLFSENTRY_ROUTE_FLAG_DIRECTION_IN, NULL) != WOLFSSL_SUCCESS) + err_sys_ex(catastrophic, + "error in wolfsentry_store_endpoints()"); + } +#endif /* WOLFSSL_WOLFSENTRY_HOOKS */ + + if ((usePsk == 0 || usePskPlus) || useAnon == 1 || cipherList != NULL + || needDH == 1) { + #if !defined(NO_FILESYSTEM) && !defined(NO_DH) && !defined(NO_ASN) + wolfSSL_SetTmpDH_file(ssl, ourDhParam, WOLFSSL_FILETYPE_PEM); + #elif !defined(NO_DH) + SetDH(ssl); /* repick suites with DHE, higher priority than + * PSK */ + #endif +#if !defined(NO_DH) && !defined(WOLFSSL_OLD_PRIME_CHECK) && \ + !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + if (!doDhKeyCheck) + wolfSSL_SetEnableDhKeyTest(ssl, 0); +#endif + } + +#ifdef WOLFSSL_DTLS_CID + if (useDtlsCID) { + ret = wolfSSL_dtls_cid_use(ssl); + if (ret != WOLFSSL_SUCCESS) + err_sys("Can't enable DTLS ConnectionID"); + ret = wolfSSL_dtls_cid_set(ssl, (byte*)dtlsCID, + (word32)XSTRLEN(dtlsCID)); + if (ret != WOLFSSL_SUCCESS) + err_sys("Can't set DTLS ConnectionID"); + } +#endif /* WOLFSSL_DTLS_CID */ + +#ifdef WOLFSSL_DTLS_CH_FRAG + if (doDTLS) + wolfSSL_dtls13_allow_ch_frag(ssl, 1); +#endif + +#ifndef WOLFSSL_CALLBACKS + if (nonBlocking) { + #ifdef WOLFSSL_DTLS + if (doDTLS) { + wolfSSL_dtls_set_using_nonblock(ssl, 1); + } + #endif + tcp_set_nonblocking(&clientfd); + + ret = NonBlockingSSL_Accept(ssl); + } + else { + #ifdef WOLFSSL_EARLY_DATA + if (earlyData) { + do { + int len; + err = 0; /* reset error */ + ret = wolfSSL_read_early_data(ssl, input, sizeof(input)-1, + &len); + if (ret <= 0) { + err = SSL_get_error(ssl, 0); + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + /* returns the number of polled items or <0 for + * error */ + ret = wolfSSL_AsyncPoll(ssl, + WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + #endif + } + else if (ret > 0) { + input[ret] = 0; /* null terminate message */ + printf("Early Data Client message: %s\n", input); + } + } while (err == WC_NO_ERR_TRACE(WC_PENDING_E) || ret > 0); + } + #endif + WOLFSSL_ASYNC_WHILE_PENDING(ret = SSL_accept(ssl), + ret != WOLFSSL_SUCCESS); + } +#else + if (nonBlocking) { + #ifdef WOLFSSL_DTLS + if (doDTLS) { + wolfSSL_dtls_set_using_nonblock(ssl, 1); + } + #endif + tcp_set_nonblocking(&clientfd); + } + ret = NonBlockingSSL_Accept(ssl); +#endif +#ifdef WOLFSSL_EARLY_DATA + EarlyDataStatus(ssl); +#endif + if (ret != WOLFSSL_SUCCESS) { + err = SSL_get_error(ssl, 0); + LOG_ERROR("SSL_accept error %d, %s\n", err, + ERR_error_string((unsigned long)err, buffer)); + if (!exitWithRet) { + err_sys_ex(runWithErrors, "SSL_accept failed"); + } else { + /* cleanup */ + SSL_free(ssl); ssl = NULL; + SSL_CTX_free(ctx); ctx = NULL; + CloseSocket(clientfd); + CloseSocket(sockfd); + ((func_args*)args)->return_code = err; + goto exit; + } + } + + showPeerEx(ssl, lng_index); + if (SSL_state(ssl) != 0) { + err_sys_ex(runWithErrors, "SSL in error state"); + } + + /* if the caller requested a particular cipher, check here that either + * a canonical name of the established cipher matches the requested + * cipher name, or the requested cipher name is marked as an alias + * that matches the established cipher. + */ + if (cipherList && !useDefCipherList && (! XSTRSTR(cipherList, ":"))) { + WOLFSSL_CIPHER* established_cipher = wolfSSL_get_current_cipher(ssl); + byte requested_cipherSuite0, requested_cipherSuite; + int requested_cipherFlags; + if (established_cipher && + /* don't test for pseudo-ciphers like "ALL" and "DEFAULT". */ + (wolfSSL_get_cipher_suite_from_name(cipherList, + &requested_cipherSuite0, + &requested_cipherSuite, + &requested_cipherFlags) == 0)) { + word32 established_cipher_id = wolfSSL_CIPHER_get_id(established_cipher); + byte established_cipherSuite0 = (established_cipher_id >> 8) & 0xff; + byte established_cipherSuite = established_cipher_id & 0xff; + const char *established_cipher_name = + wolfSSL_get_cipher_name_from_suite(established_cipherSuite0, + established_cipherSuite); + const char *established_cipher_name_iana = + wolfSSL_get_cipher_name_iana_from_suite(established_cipherSuite0, + established_cipherSuite); + + if (established_cipher_name == NULL) + err_sys_ex(catastrophic, "error looking up name of established cipher"); + + if (strcmp(cipherList, established_cipher_name) && + ((established_cipher_name_iana == NULL) || + strcmp(cipherList, established_cipher_name_iana))) { + if (! (requested_cipherFlags & WOLFSSL_CIPHER_SUITE_FLAG_NAMEALIAS)) + err_sys_ex( + catastrophic, + "Unexpected mismatch between names of requested and established ciphers."); + else if ((requested_cipherSuite0 != established_cipherSuite0) || + (requested_cipherSuite != established_cipherSuite)) + err_sys_ex( + catastrophic, + "Mismatch between IDs of requested and established ciphers."); + } + } + } + +#if defined(OPENSSL_EXTRA) || defined(HAVE_SECRET_CALLBACK) + { + byte* rnd = NULL; + size_t size; + + /* get size of buffer then print */ + size = wolfSSL_get_server_random(NULL, NULL, 0); + if (size == 0) { + err_sys_ex(runWithErrors, "error getting server random buffer " + "size"); + } + else { + rnd = (byte*)XMALLOC(size, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } + + if (rnd == NULL) { + err_sys_ex(runWithErrors, "error creating server random buffer"); + } + + size = wolfSSL_get_server_random(ssl, rnd, size); + if (size == 0) { + XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + rnd = NULL; + err_sys_ex(runWithErrors, "error getting server random buffer"); + } + + if (rnd) { + byte* pt; + printf("Server Random : "); + for (pt = rnd; pt < rnd + size; pt++) printf("%02X", *pt); + printf("\n"); + + XFREE(rnd, NULL, DYNAMIC_TYPE_TMP_BUFFER); + rnd = NULL; + } + } +#endif + +#ifdef WOLFSSL_SRTP + if (dtlsSrtpProfiles != NULL) { + err = server_srtp_test(ssl, (func_args*)args); + if (err != 0) { + if (exitWithRet) { + ((func_args*)args)->return_code = err; + wolfSSL_free(ssl); ssl = NULL; + wolfSSL_CTX_free(ctx); ctx = NULL; + goto exit; + } + /* else */ + err_sys("SRTP check failed"); + } + } +#endif /* WOLFSSL_SRTP */ + +#ifdef WOLFSSL_DTLS_CID + if (useDtlsCID && wolfSSL_dtls_cid_is_enabled(ssl)) { + byte receivedCID[DTLS_CID_BUFFER_SIZE]; + unsigned int receivedCIDSz; + printf("CID extension was negotiated\n"); + ret = wolfSSL_dtls_cid_get_tx_size(ssl, &receivedCIDSz); + if (ret == WOLFSSL_SUCCESS && receivedCIDSz > 0) { + ret = wolfSSL_dtls_cid_get_tx(ssl, receivedCID, + DTLS_CID_BUFFER_SIZE - 1); + if (ret != WOLFSSL_SUCCESS) + err_sys("Can't get negotiated DTLS CID\n"); + + printf("Sending CID is "); + printBuffer(receivedCID, receivedCIDSz); + printf("\n"); + } + else { + printf("other peer provided empty CID\n"); + } + } +#endif + +#ifdef HAVE_ALPN + if (alpnList != NULL) { + char *protocol_name = NULL, *list = NULL; + word16 protocol_nameSz = 0, listSz = 0; + + err = wolfSSL_ALPN_GetProtocol(ssl, &protocol_name, + &protocol_nameSz); + if (err == WOLFSSL_SUCCESS) + printf("Sent ALPN protocol : %s (%d)\n", + protocol_name, protocol_nameSz); + else if (err == WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND)) + printf("No ALPN response sent (no match)\n"); + else + printf("Getting ALPN protocol name failed\n"); + + err = wolfSSL_ALPN_GetPeerProtocol(ssl, &list, &listSz); + if (err == WOLFSSL_SUCCESS) + printf("List of protocol names sent by Client: %s (%d)\n", + list, listSz); + else + printf("Get list of client's protocol name failed\n"); + + (void)wolfSSL_ALPN_FreePeerProtocol(ssl, &list); + } +#endif + + if (echoData == 0 && throughput == 0) { + ServerRead(ssl, input, sizeof(input)-1); + err = SSL_get_error(ssl, 0); + } + +#if defined(HAVE_SECURE_RENEGOTIATION) && \ + defined(HAVE_SERVER_RENEGOTIATION_INFO) + if (scr && forceScr) { + if (nonBlocking) { + if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); + if (err == WOLFSSL_ERROR_WANT_READ || + err == WOLFSSL_ERROR_WANT_WRITE) { + do { + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + #endif + if (err == WC_NO_ERR_TRACE(APP_DATA_READY)) { + if (wolfSSL_read(ssl, input, sizeof(input)-1) < 0) { + err_sys("APP DATA should be present but error returned"); + } + printf("Received message: %s\n", input); + } + err = 0; + if ((ret = wolfSSL_accept(ssl)) != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, ret); + } + } while (ret != WOLFSSL_SUCCESS && + (err == WOLFSSL_ERROR_WANT_READ || + err == WOLFSSL_ERROR_WANT_WRITE || + err == WC_NO_ERR_TRACE(APP_DATA_READY) || + err == WC_NO_ERR_TRACE(WC_PENDING_E))); + + if (ret == WOLFSSL_SUCCESS) { + printf("NON-BLOCKING RENEGOTIATION SUCCESSFUL\n"); + err = 0; + } + } + if (ret != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); + LOG_ERROR( + "wolfSSL_Rehandshake error %d, %s\n", err, + wolfSSL_ERR_error_string(err, buffer)); + wolfSSL_free(ssl); ssl = NULL; + wolfSSL_CTX_free(ctx); ctx = NULL; + err_sys("non-blocking wolfSSL_Rehandshake failed"); + } + } + } else { + if (wolfSSL_Rehandshake(ssl) != WOLFSSL_SUCCESS) { +#ifdef WOLFSSL_ASYNC_CRYPT + err = wolfSSL_get_error(ssl, 0); + while (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + err = 0; + ret = wolfSSL_negotiate(ssl); + if (ret != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) break; + } + } + } + if (ret != WOLFSSL_SUCCESS) +#endif + printf("not doing secure renegotiation\n"); + } + else { + printf("RENEGOTIATION SUCCESSFUL\n"); + } + } + } +#endif /* HAVE_SECURE_RENEGOTIATION */ + + if (err == 0 && echoData == 0 && throughput == 0) { + const char* write_msg; + int write_msg_sz; + +#ifdef WOLFSSL_TLS13 + if (updateKeysIVs) + wolfSSL_update_keys(ssl); +#endif + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + #if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + if (postHandAuth) { + + SSL_set_verify(ssl, WOLFSSL_VERIFY_PEER | + ((usePskPlus) ? WOLFSSL_VERIFY_FAIL_EXCEPT_PSK : + WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT), 0); + + if (wolfSSL_request_certificate(ssl) != WOLFSSL_SUCCESS) { + LOG_ERROR("Request for post-hs certificate failed\n"); + } + else { + LOG_ERROR("Successfully requested post-hs certificate\n"); + } + } + + #endif +#endif +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) + if (sendTicket) { + if (wolfSSL_send_SessionTicket(ssl) != WOLFSSL_SUCCESS) { + LOG_ERROR("Sending new session ticket failed\n"); + } + else { + LOG_ERROR("New session ticket sent\n"); + } + } +#endif + + /* Write data */ + if (!useWebServerMsg) { + write_msg = kReplyMsg; + write_msg_sz = (int)XSTRLEN(kReplyMsg); + } + else { + write_msg = kHttpServerMsg; + write_msg_sz = (int)XSTRLEN(kHttpServerMsg); + } + ServerWrite(ssl, write_msg, write_msg_sz); + +#ifdef WOLFSSL_TLS13 + if (updateKeysIVs || postHandAuth) + ServerRead(ssl, input, sizeof(input)-1); +#endif + } + else if (err == 0 || + err == WOLFSSL_ERROR_ZERO_RETURN) + { + err = ServerEchoData(ssl, clientfd, echoData, block, throughput); + /* Got close notify. Ignore it if not expecting a failure. */ + if (err == WOLFSSL_ERROR_ZERO_RETURN && + exitWithRet == 0) + { + err = 0; + } + if (err != 0) { + SSL_free(ssl); ssl = NULL; + SSL_CTX_free(ctx); ctx = NULL; + CloseSocket(clientfd); + CloseSocket(sockfd); + ((func_args*)args)->return_code = err; + goto exit; + } + } + +#if defined(WOLFSSL_MDK_SHELL) && defined(HAVE_MDK_RTX) + os_dly_wait(500) ; +#elif defined (WOLFSSL_TIRTOS) + Task_yield(); +#endif + +#if defined(WOLFSSL_DTLS13) + if (wolfSSL_dtls(ssl) && version == -4) { + int zero_return = 0; + while (wolfSSL_dtls13_has_pending_msg(ssl)) { + err = + process_handshake_messages(ssl, !nonBlocking, &zero_return); + if (err < 0) { + /* other peer closes the connection, non fatal */ + if (zero_return) + break; + + err_sys("Error while processing pending DTLSv1.3 messages"); + } + } + } +#endif /* WOLFSSL_DTLS13 */ + + ret = SSL_shutdown(ssl); + if (wc_shutdown && ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + while (tcp_select(wolfSSL_get_fd(ssl), DEFAULT_TIMEOUT_SEC) == + TEST_RECV_READY) { + ret = wolfSSL_shutdown(ssl); /* bidirectional shutdown */ + if (ret == WOLFSSL_SUCCESS) { + printf("Bidirectional shutdown complete\n"); + break; + } + else if (ret != WOLFSSL_SHUTDOWN_NOT_DONE) { + LOG_ERROR("Bidirectional shutdown failed\n"); + break; + } + } + if (ret != WOLFSSL_SUCCESS) + LOG_ERROR("Bidirectional shutdown failed\n"); + } + + /* display collected statistics */ +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) + if (wolfSSL_is_static_memory(ssl, &ssl_stats) != 1) + err_sys_ex(runWithErrors, "static memory was not used with ssl"); + + LOG_ERROR("\nprint off SSL memory stats\n"); + LOG_ERROR("*** This is memory state before wolfSSL_free is " + "called\n"); + wolfSSL_PrintStatsConn(&ssl_stats); + +#endif + SSL_free(ssl); ssl = NULL; + + CloseSocket(clientfd); + + if (resume == 1 && resumeCount == 0) { + resumeCount++; /* only do one resume for testing */ + continue; + } + resumeCount = 0; + + cnt++; + if (loops > 0) { + if (--loops == 0) { + break; /* out of while loop, done with normal and resume + * option + */ + } + } + } /* while(1) */ + + WOLFSSL_TIME(cnt); + (void)cnt; + +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + wolfSSL_CTX_DisableOCSPStapling(ctx); +#endif + + CloseSocket(sockfd); + SSL_CTX_free(ctx); ctx = NULL; + + ((func_args*)args)->return_code = 0; + +exit: + +#ifdef WOLFSSL_WOLFSENTRY_HOOKS + wolfsentry_ret = + wolfsentry_shutdown(WOLFSENTRY_CONTEXT_ARGS_OUT_EX4(&wolfsentry, NULL)); + if (wolfsentry_ret < 0) { + LOG_ERROR( + "wolfsentry_shutdown() returned " WOLFSENTRY_ERROR_FMT "\n", + WOLFSENTRY_ERROR_FMT_ARGS(wolfsentry_ret)); + } +#endif + +#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \ + && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE)) + wc_ecc_fp_free(); /* free per thread cache */ +#endif + +#ifdef WOLFSSL_TIRTOS + fdCloseSession(Task_self()); +#endif + +#ifdef HAVE_TEST_SESSION_TICKET + TicketCleanup(); +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + wolfAsync_DevClose(&devId); +#endif + + /* There are use cases when these assignments are not read. To avoid + * potential confusion those warnings have been handled here. + */ + (void) ourKey; + (void) verifyCert; + (void) doCliCertCheck; + (void) ourDhParam; + (void) ourCert; + (void) useX25519; + (void) useX448; +#ifdef HAVE_SECURE_RENEGOTIATION + (void) forceScr; +#endif +#if defined(WOLFSSL_CALLBACKS) && defined(WOLFSSL_EARLY_DATA) + (void) earlyData; +#endif + WOLFSSL_RETURN_FROM_THREAD(0); +} + +#endif /* !NO_WOLFSSL_SERVER && !NO_TLS */ + + +/* so overall tests can pull in test function */ +#ifndef NO_MAIN_DRIVER + + int main(int argc, char** argv) + { + func_args args; + tcp_ready ready; + + StartTCP(); + + args.argc = argc; + args.argv = argv; + args.signal = &ready; + args.return_code = 0; +#if defined(WOLFSSL_SRTP) && defined(WOLFSSL_COND) + args.srtp_helper = NULL; +#endif + InitTcpReady(&ready); + +#if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_MDK_SHELL) + wolfSSL_Debugging_ON(); +#endif + wolfSSL_Init(); +#ifdef WC_RNG_SEED_CB + wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT); +#endif + ChangeToWolfRoot(); + +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) +#ifdef HAVE_STACK_SIZE + StackSizeCheck(&args, server_test); +#else + server_test(&args); +#endif +#else + fprintf(stderr, "Server not compiled in!\n"); +#endif + + wolfSSL_Cleanup(); + FreeTcpReady(&ready); + +#ifdef HAVE_WNR + if (wc_FreeNetRandom() < 0) + err_sys_ex(runWithErrors, "Failed to free netRandom context"); +#endif /* HAVE_WNR */ + + return args.return_code; + } + + int myoptind = 0; + char* myoptarg = NULL; + +#endif /* NO_MAIN_DRIVER */ diff --git a/test/ssl/wolfssl/examples/server/server.h b/test/ssl/wolfssl/examples/server/server.h new file mode 100644 index 000000000..e5f5975fd --- /dev/null +++ b/test/ssl/wolfssl/examples/server/server.h @@ -0,0 +1,35 @@ +/* server.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLFSSL_SERVER_H +#define WOLFSSL_SERVER_H + + +THREAD_RETURN WOLFSSL_THREAD server_test(void* args); + +/* Echo bytes using buffer of blockSize until [echoData] bytes are complete. */ +/* If [benchmarkThroughput] set the statistics will be output at the end */ +int ServerEchoData(WOLFSSL* ssl, int clientfd, int echoData, int blockSize, + size_t benchmarkThroughput); + + +#endif /* WOLFSSL_SERVER_H */ diff --git a/test/ssl/wolfssl/tests/api.c b/test/ssl/wolfssl/tests/api.c new file mode 100644 index 000000000..d56ddc2a1 --- /dev/null +++ b/test/ssl/wolfssl/tests/api.c @@ -0,0 +1,52079 @@ +/* api.c API unit tests + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* For AES-CBC, input lengths can optionally be validated to be a + * multiple of the block size, by defining WOLFSSL_AES_CBC_LENGTH_CHECKS, + * also available via the configure option --enable-aescbc-length-checks. + */ + + +/*----------------------------------------------------------------------------* + | Includes + *----------------------------------------------------------------------------*/ + +#include + +#include +#include + +#if defined(WOLFSSL_STATIC_MEMORY) + #include +#endif +#ifdef WOLFSSL_ASNC_CRYPT + #include +#endif +#ifdef HAVE_ECC + #include /* wc_ecc_fp_free */ + #ifdef WOLFSSL_SM2 + #include + #endif +#endif +#ifndef NO_ASN + #include +#endif + +#include + +#ifdef __linux__ +#include +#include +#endif + +#include /* compatibility layer */ +#include + +#include +#include +#include + +/* for testing compatibility layer callbacks */ +#include "examples/server/server.h" + +#ifndef NO_SIG_WRAPPER + #include +#endif + +#ifdef WOLFSSL_SMALL_CERT_VERIFY + #include +#endif + +#ifndef NO_DSA + #include +#endif + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(OPENSSL_ALL) + #include + #ifndef NO_ASN + /* for ASN_COMMON_NAME DN_tags enum */ + #include + #endif + #ifdef HAVE_OCSP + #include + #endif +#endif +#ifdef OPENSSL_EXTRA + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include + #include +#ifdef OPENSSL_ALL + #include + #include +#endif +#ifndef NO_AES + #include +#endif +#ifndef NO_DES3 + #include +#endif +#ifndef NO_RC4 + #include +#endif +#ifdef HAVE_ECC + #include +#endif +#ifdef HAVE_CURVE25519 + #include +#endif +#ifdef HAVE_ED25519 + #include +#endif +#ifdef HAVE_CURVE448 + #include +#endif +#ifdef HAVE_ED448 + #include +#endif +#endif /* OPENSSL_EXTRA */ + +#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && \ + !defined(NO_SHA256) && !defined(RC_NO_RNG) + #include +#endif + +#if (defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN)) || \ + defined(HAVE_SESSION_TICKET) || (defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)) || \ + defined(WOLFSSL_TEST_STATIC_BUILD) || defined(WOLFSSL_DTLS) || \ + defined(HAVE_ECH) || defined(HAVE_EX_DATA) || !defined(NO_SESSION_CACHE) \ + || !defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13) + /* for testing SSL_get_peer_cert_chain, or SESSION_TICKET_HINT_DEFAULT, + * for setting authKeyIdSrc in WOLFSSL_X509, or testing DTLS sequence + * number tracking */ + #include "wolfssl/internal.h" +#endif + +/* include misc.c here regardless of NO_INLINE, because misc.c implementations + * have default (hidden) visibility, and in the absence of visibility, it's + * benign to mask out the library implementation. + */ +#define WOLFSSL_MISC_INCLUDED +#include + +#include +#include + +/* Gather test declarations to include them in the testCases array */ +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_RSA) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(WOLFSSL_TIRTOS) + #define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES +#endif + +#if !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_FILESYSTEM) && \ + !defined(NO_CERTS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) + #define HAVE_CERT_CHAIN_VALIDATION +#endif + +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) + #if (defined(HAVE_ECC) && !defined(ALT_ECC_SIZE)) || defined(SESSION_CERTS) + #ifdef OPENSSL_EXTRA + #define TEST_TLS_STATIC_MEMSZ (400000) + #else + #define TEST_TLS_STATIC_MEMSZ (320000) + #endif + #else + #define TEST_TLS_STATIC_MEMSZ (80000) + #endif +#endif + +#ifdef WOLFSSL_DUMP_MEMIO_STREAM +const char* currentTestName; +char tmpDirName[16]; +int tmpDirNameSet = 0; +#endif + +/*----------------------------------------------------------------------------* + | Constants + *----------------------------------------------------------------------------*/ + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)) + static const char* bogusFile = + #ifdef _WIN32 + "NUL" + #else + "/dev/null" + #endif + ; +#endif /* !NO_FILESYSTEM && !NO_CERTS && (!NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT) */ + +enum { + TESTING_RSA = 1, + TESTING_ECC = 2 +}; + +#ifdef WOLFSSL_QNX_CAAM +#include +int testDevId = WOLFSSL_CAAM_DEVID; +#else +int testDevId = INVALID_DEVID; +#endif + +#ifdef USE_WINDOWS_API + #define MESSAGE_TYPE_CAST char* +#else + #define MESSAGE_TYPE_CAST void* +#endif + +/*----------------------------------------------------------------------------* + | BIO with fixed read/write size + *----------------------------------------------------------------------------*/ + +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) + +static int wolfssl_bio_s_fixed_mem_write(WOLFSSL_BIO* bio, const char* data, + int len) +{ + if ((bio == NULL) || (bio->ptr.mem_buf_data == NULL) || (data == NULL)) { + len = 0; + } + else { + if (bio->wrSz - bio->wrIdx < len) { + len = bio->wrSz - bio->wrIdx; + } + XMEMCPY(bio->ptr.mem_buf_data + bio->wrIdx, data, (size_t)len); + bio->wrIdx += len; + } + + return len; +} + +static int wolfssl_bio_s_fixed_mem_read(WOLFSSL_BIO* bio, char* data, int len) +{ + if ((bio == NULL) || (bio->ptr.mem_buf_data == NULL) || (data == NULL)) { + len = 0; + } + else { + if (bio->wrSz - bio->rdIdx < len) { + len = bio->wrSz - bio->rdIdx; + } + XMEMCPY(data, bio->ptr.mem_buf_data + bio->rdIdx, (size_t)len); + bio->rdIdx += len; + } + + return len; +} + +WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_fixed_mem(void) +{ + static WOLFSSL_BIO_METHOD meth; + + meth.type = WOLFSSL_BIO_BIO; + XMEMCPY(meth.name, "Fixed Memory Size", 18); + meth.writeCb = wolfssl_bio_s_fixed_mem_write; + meth.readCb = wolfssl_bio_s_fixed_mem_read; + + return &meth; +} + +#endif + +/*----------------------------------------------------------------------------* + | Setup + *----------------------------------------------------------------------------*/ + +static int test_wolfSSL_Init(void) +{ + EXPECT_DECLS; + ExpectIntEQ(wolfSSL_Init(), WOLFSSL_SUCCESS); + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_Cleanup(void) +{ + EXPECT_DECLS; + ExpectIntEQ(wolfSSL_Cleanup(), WOLFSSL_SUCCESS); + return EXPECT_RESULT(); +} + + +/* Initialize the wolfCrypt state. + * POST: 0 success. + */ +static int test_wolfCrypt_Init(void) +{ + EXPECT_DECLS; + ExpectIntEQ(wolfCrypt_Init(), 0); + return EXPECT_RESULT(); + +} /* END test_wolfCrypt_Init */ + +static int test_wolfCrypt_Cleanup(void) +{ + EXPECT_DECLS; + ExpectIntEQ(wolfCrypt_Cleanup(), 0); + return EXPECT_RESULT(); +} + + +#ifdef WOLFSSL_STATIC_MEMORY + #define TEST_LSM_STATIC_SIZE 440000 + /* Create new bucket list, using the default list, adding + * one dang large buffer size. */ + #define TEST_LSM_DEF_BUCKETS (WOLFMEM_DEF_BUCKETS+1) + #define TEST_LSM_BUCKETS WOLFMEM_BUCKETS,(LARGEST_MEM_BUCKET*2) + #define TEST_LSM_DIST WOLFMEM_DIST,1 +#endif + +static int test_wc_LoadStaticMemory_ex(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_STATIC_MEMORY + byte staticMemory[TEST_LSM_STATIC_SIZE]; + word32 sizeList[TEST_LSM_DEF_BUCKETS] = { TEST_LSM_BUCKETS }; + word32 distList[TEST_LSM_DEF_BUCKETS] = { TEST_LSM_DIST }; + WOLFSSL_HEAP_HINT* heap; + + /* For this test, the size and dist lists will be the ones configured + * for the build, or default. The value of WOLFMEM_DEF_BUCKETS is 9, + * so these lists are 10 long. For most tests, the value of + * WOLFMEM_DEF_BUCKETS is used. There's a test case where one is added + * to that, to make sure the list size is larger than + * WOLFMEM_MAX_BUCKETS. */ + + /* Pass in zero everything. */ + ExpectIntEQ(wc_LoadStaticMemory_ex(NULL, 0, NULL, NULL, NULL, 0, 0, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Set the heap pointer to NULL. */ + ExpectIntEQ(wc_LoadStaticMemory_ex(NULL, + WOLFMEM_DEF_BUCKETS, sizeList, distList, + staticMemory, (word32)sizeof(staticMemory), + 0, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Set other pointer values to NULL one at a time. */ + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS, NULL, distList, + staticMemory, (word32)sizeof(staticMemory), + 0, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS, sizeList, NULL, + staticMemory, (word32)sizeof(staticMemory), + 0, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS, sizeList, distList, + NULL, (word32)sizeof(staticMemory), + 0, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Set the size of the static buffer to 0. */ + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS, sizeList, distList, + staticMemory, 0, + 0, 1), + WC_NO_ERR_TRACE(BUFFER_E)); + + /* Set the size of the static buffer to one less than minimum allowed. */ + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS, sizeList, distList, + staticMemory, + (word32)(sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT)) - 1, + 0, 1), + WC_NO_ERR_TRACE(BUFFER_E)); + + /* Set the size of the static buffer to exactly the minimum size. */ + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS, sizeList, distList, + staticMemory, + (word32)(sizeof(WOLFSSL_HEAP) + sizeof(WOLFSSL_HEAP_HINT)), + 0, 1), + 0); + wc_UnloadStaticMemory(heap); + + /* Use more buckets than able. Success case. */ + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS*2, sizeList, distList, + staticMemory, (word32)sizeof(staticMemory), + 0, 1), + 0); + wc_UnloadStaticMemory(heap); + + /* Success case. */ + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS, sizeList, distList, + staticMemory, (word32)sizeof(staticMemory), + 0, 1), + 0); + wc_UnloadStaticMemory(heap); +#endif /* WOLFSSL_STATIC_MEMORY */ + return EXPECT_RESULT(); +} + + +static int test_wc_LoadStaticMemory_CTX(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(NO_WOLFSSL_CLIENT) + byte staticMemory[TEST_LSM_STATIC_SIZE]; + word32 sizeList[TEST_LSM_DEF_BUCKETS] = { TEST_LSM_BUCKETS }; + word32 distList[TEST_LSM_DEF_BUCKETS] = { TEST_LSM_DIST }; + WOLFSSL_HEAP_HINT* heap; + WOLFSSL_CTX *ctx1 = NULL, *ctx2 = NULL; + + + /* Set the size of the static buffer to exactly the minimum size. */ + heap = NULL; + ExpectIntEQ(wc_LoadStaticMemory_ex(&heap, + WOLFMEM_DEF_BUCKETS, sizeList, distList, + staticMemory, sizeof(staticMemory), 0, 1), + 0); + + /* Creating two WOLFSSL_CTX objects from the same heap hint and free'ing + * them should not cause issues. */ + ExpectNotNull((ctx1 = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heap), + heap))); + wolfSSL_CTX_free(ctx1); + ExpectNotNull((ctx2 = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heap), + heap))); + wolfSSL_CTX_free(ctx2); + + /* two CTX's at once */ + ExpectNotNull((ctx1 = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heap), + heap))); + ExpectNotNull((ctx2 = wolfSSL_CTX_new_ex(wolfSSLv23_client_method_ex(heap), + heap))); + wolfSSL_CTX_free(ctx1); + wolfSSL_CTX_free(ctx2); + + wc_UnloadStaticMemory(heap); +#endif /* WOLFSSL_STATIC_MEMORY */ + return EXPECT_RESULT(); +} + + +/*----------------------------------------------------------------------------* + | Platform dependent function test + *----------------------------------------------------------------------------*/ +static int test_fileAccess(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TEST_PLATFORMDEPEND) && !defined(NO_FILESYSTEM) + const char *fname[] = { + svrCertFile, svrKeyFile, caCertFile, + eccCertFile, eccKeyFile, eccRsaCertFile, + cliCertFile, cliCertDerFile, cliKeyFile, + dhParamFile, + cliEccKeyFile, cliEccCertFile, caEccCertFile, edCertFile, edKeyFile, + cliEdCertFile, cliEdKeyFile, caEdCertFile, + NULL + }; + const char derfile[] = "./certs/server-cert.der"; + XFILE f = XBADFILE; + size_t sz; + byte *buff = NULL; + int i; + + ExpectTrue(XFOPEN("badfilename", "rb") == XBADFILE); + for (i=0; EXPECT_SUCCESS() && fname[i] != NULL ; i++) { + ExpectTrue((f = XFOPEN(fname[i], "rb")) != XBADFILE); + XFCLOSE(f); + } + + ExpectTrue((f = XFOPEN(derfile, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(f, 0, XSEEK_END) == 0); + ExpectIntGE(sz = (size_t) XFTELL(f), sizeof_server_cert_der_2048); + ExpectTrue(XFSEEK(f, 0, XSEEK_SET) == 0); + ExpectTrue((buff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL); + ExpectTrue(XFREAD(buff, 1, sz, f) == sz); + ExpectIntEQ(XMEMCMP(server_cert_der_2048, buff, sz), 0); + XFREE(buff, NULL, DYNAMIC_TYPE_FILE); + XFCLOSE(f); +#endif + return EXPECT_RESULT(); +} +static int test_wc_FreeCertList(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS12) && !defined(NO_ASN) && \ +!defined(NO_PWDBASED) && !defined(NO_HMAC) && !defined(NO_CERTS) && \ +defined(USE_CERT_BUFFERS_2048) + WC_DerCertList* list = NULL; + void* heap = NULL; + /* Test freeing a list with a single node */ + list = (WC_DerCertList*)XMALLOC(sizeof(WC_DerCertList), + heap, DYNAMIC_TYPE_PKCS); + ExpectNotNull(list); + if (list != NULL) { + list->buffer = (byte*)XMALLOC(10, heap, DYNAMIC_TYPE_PKCS); + ExpectNotNull(list->buffer); + if (list->buffer != NULL) { + list->bufferSz = 10; + list->next = NULL; + wc_FreeCertList(list, heap); + } + else { + XFREE(list, heap, DYNAMIC_TYPE_PKCS); + list = NULL; + } + } +#endif + return EXPECT_RESULT(); +} + +/*----------------------------------------------------------------------------* + | Method Allocators + *----------------------------------------------------------------------------*/ + +static int test_wolfSSL_Method_Allocators(void) +{ + EXPECT_DECLS; + + #define TEST_METHOD_ALLOCATOR(allocator, condition) \ + do { \ + WOLFSSL_METHOD *method = NULL; \ + condition(method = allocator()); \ + XFREE(method, 0, DYNAMIC_TYPE_METHOD); \ + } while (0) + + #define TEST_VALID_METHOD_ALLOCATOR(a) \ + TEST_METHOD_ALLOCATOR(a, ExpectNotNull) + + #define TEST_INVALID_METHOD_ALLOCATOR(a) \ + TEST_METHOD_ALLOCATOR(a, ExpectNull) + +#ifndef NO_TLS +#ifndef NO_OLD_TLS + #ifdef WOLFSSL_ALLOW_SSLV3 + #ifndef NO_WOLFSSL_SERVER + TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT + TEST_VALID_METHOD_ALLOCATOR(wolfSSLv3_client_method); + #endif + #endif + #ifdef WOLFSSL_ALLOW_TLSV10 + #ifndef NO_WOLFSSL_SERVER + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_client_method); + #endif + #endif + #ifndef NO_WOLFSSL_SERVER + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_client_method); + #endif +#endif /* !NO_OLD_TLS */ + +#ifndef WOLFSSL_NO_TLS12 + #ifndef NO_WOLFSSL_SERVER + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_client_method); + #endif +#endif /* !WOLFSSL_NO_TLS12 */ + +#ifdef WOLFSSL_TLS13 + #ifndef NO_WOLFSSL_SERVER + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_client_method); + #endif +#endif /* WOLFSSL_TLS13 */ + +#ifndef NO_WOLFSSL_SERVER + TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_server_method); +#endif +#ifndef NO_WOLFSSL_CLIENT + TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_client_method); +#endif + +#ifdef WOLFSSL_DTLS + #ifndef NO_OLD_TLS + #ifndef NO_WOLFSSL_SERVER + TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT + TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_client_method); + #endif + #endif + #ifndef WOLFSSL_NO_TLS12 + #ifndef NO_WOLFSSL_SERVER + TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT + TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_client_method); + #endif + #endif +#endif /* WOLFSSL_DTLS */ + +#if !defined(NO_OLD_TLS) && defined(OPENSSL_EXTRA) + /* Stubs */ + #ifndef NO_WOLFSSL_SERVER + TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_server_method); + #endif + #ifndef NO_WOLFSSL_CLIENT + TEST_INVALID_METHOD_ALLOCATOR(wolfSSLv2_client_method); + #endif +#endif + + /* Test Either Method (client or server) */ +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + TEST_VALID_METHOD_ALLOCATOR(wolfSSLv23_method); + #ifndef NO_OLD_TLS + #ifdef WOLFSSL_ALLOW_TLSV10 + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_method); + #endif + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_1_method); + #endif /* !NO_OLD_TLS */ + #ifndef WOLFSSL_NO_TLS12 + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_2_method); + #endif /* !WOLFSSL_NO_TLS12 */ + #ifdef WOLFSSL_TLS13 + TEST_VALID_METHOD_ALLOCATOR(wolfTLSv1_3_method); + #endif /* WOLFSSL_TLS13 */ + #ifdef WOLFSSL_DTLS + TEST_VALID_METHOD_ALLOCATOR(wolfDTLS_method); + #ifndef NO_OLD_TLS + TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_method); + #endif /* !NO_OLD_TLS */ + #ifndef WOLFSSL_NO_TLS12 + TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_2_method); + #endif /* !WOLFSSL_NO_TLS12 */ + #ifdef WOLFSSL_DTLS13 + TEST_VALID_METHOD_ALLOCATOR(wolfDTLSv1_3_method); + #endif /* WOLFSSL_DTLS13 */ + #endif /* WOLFSSL_DTLS */ +#endif /* OPENSSL_EXTRA || WOLFSSL_EITHER_SIDE */ +#endif /* !NO_TLS */ + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_DUAL_ALG_CERTS) && !defined(NO_FILESYSTEM) +/*----------------------------------------------------------------------------* + | Dual algorithm Certificate Tests + *----------------------------------------------------------------------------*/ +#define LARGE_TEMP_SZ 4096 + +/* To better understand this, please see the X9.146 example in wolfssl-examples + * repo. */ +static int do_dual_alg_root_certgen(byte **out, char *caKeyFile, + char *sapkiFile, char *altPrivFile) +{ + EXPECT_DECLS; + FILE* file = NULL; + Cert newCert; + DecodedCert preTBS; + + byte caKeyBuf[LARGE_TEMP_SZ]; + word32 caKeySz = LARGE_TEMP_SZ; + byte sapkiBuf[LARGE_TEMP_SZ]; + word32 sapkiSz = LARGE_TEMP_SZ; + byte altPrivBuf[LARGE_TEMP_SZ]; + word32 altPrivSz = LARGE_TEMP_SZ; + byte altSigAlgBuf[LARGE_TEMP_SZ]; + word32 altSigAlgSz = LARGE_TEMP_SZ; + byte scratchBuf[LARGE_TEMP_SZ]; + word32 scratchSz = LARGE_TEMP_SZ; + byte preTbsBuf[LARGE_TEMP_SZ]; + word32 preTbsSz = LARGE_TEMP_SZ; + byte altSigValBuf[LARGE_TEMP_SZ]; + word32 altSigValSz = LARGE_TEMP_SZ; + byte *outBuf = NULL; + word32 outSz = LARGE_TEMP_SZ; + WC_RNG rng; + RsaKey caKey; + ecc_key altCaKey; + word32 idx = 0; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(&caKey, 0, sizeof(RsaKey)); + XMEMSET(&altCaKey, 0, sizeof(ecc_key)); + + ExpectNotNull(outBuf = (byte*)XMALLOC(outSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(wc_InitRng(&rng), 0); + XMEMSET(caKeyBuf, 0, caKeySz); + ExpectNotNull(file = fopen(caKeyFile, "rb")); + ExpectIntGT(caKeySz = (word32)fread(caKeyBuf, 1, caKeySz, file), 0); + if (file) { + fclose(file); + file = NULL; + } + ExpectIntEQ(wc_InitRsaKey_ex(&caKey, NULL, INVALID_DEVID), 0); + idx = 0; + ExpectIntEQ(wc_RsaPrivateKeyDecode(caKeyBuf, &idx, &caKey, caKeySz), + 0); + XMEMSET(sapkiBuf, 0, sapkiSz); + ExpectNotNull(file = fopen(sapkiFile, "rb")); + ExpectIntGT(sapkiSz = (word32)fread(sapkiBuf, 1, sapkiSz, file), 0); + if (file) { + fclose(file); + file = NULL; + } + XMEMSET(altPrivBuf, 0, altPrivSz); + ExpectNotNull(file = fopen(altPrivFile, "rb")); + ExpectIntGT(altPrivSz = (word32)fread(altPrivBuf, 1, altPrivSz, file), 0); + if (file) { + fclose(file); + file = NULL; + } + wc_ecc_init(&altCaKey); + idx = 0; + ExpectIntEQ(wc_EccPrivateKeyDecode(altPrivBuf, &idx, &altCaKey, + (word32)altPrivSz), 0); + XMEMSET(altSigAlgBuf, 0, altSigAlgSz); + ExpectIntGT(altSigAlgSz = SetAlgoID(CTC_SHA256wECDSA, altSigAlgBuf, + oidSigType, 0), 0); + wc_InitCert(&newCert); + strncpy(newCert.subject.country, "US", CTC_NAME_SIZE); + strncpy(newCert.subject.state, "MT", CTC_NAME_SIZE); + strncpy(newCert.subject.locality, "Bozeman", CTC_NAME_SIZE); + strncpy(newCert.subject.org, "wolfSSL", CTC_NAME_SIZE); + strncpy(newCert.subject.unit, "Engineering", CTC_NAME_SIZE); + strncpy(newCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE); + strncpy(newCert.subject.email, "root@wolfssl.com", CTC_NAME_SIZE); + strncpy((char*)newCert.beforeDate, "\x18\x0f""20250101000000Z", + CTC_DATE_SIZE); + newCert.beforeDateSz = 17; + strncpy((char*)newCert.afterDate, "\x18\x0f""20493112115959Z", + CTC_DATE_SIZE); + newCert.afterDateSz = 17; + newCert.sigType = CTC_SHA256wRSA; + newCert.isCA = 1; + + ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "1.2.3.4.5", + (const byte *)"This is NOT a critical extension", 32), 0); + ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.72", sapkiBuf, + sapkiSz), 0); + ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.73", altSigAlgBuf, + altSigAlgSz), 0); + + XMEMSET(scratchBuf, 0, scratchSz); + ExpectIntGT(scratchSz = wc_MakeSelfCert(&newCert, scratchBuf, scratchSz, + &caKey, &rng), 0); + + wc_InitDecodedCert(&preTBS, scratchBuf, scratchSz, 0); + ExpectIntEQ(wc_ParseCert(&preTBS, CERT_TYPE, NO_VERIFY, NULL), 0); + + XMEMSET(preTbsBuf, 0, preTbsSz); + ExpectIntGT(preTbsSz = wc_GeneratePreTBS(&preTBS, preTbsBuf, preTbsSz), 0); + XMEMSET(altSigValBuf, 0, altSigValSz); + ExpectIntGT(altSigValSz = wc_MakeSigWithBitStr(altSigValBuf, altSigValSz, + CTC_SHA256wECDSA, preTbsBuf, preTbsSz, ECC_TYPE, &altCaKey, + &rng), 0); + ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.74", altSigValBuf, + altSigValSz), 0); + + /* Finally, generate the new certificate. */ + if (outBuf != NULL) { + XMEMSET(outBuf, 0, outSz); + } + ExpectIntGT(outSz = wc_MakeSelfCert(&newCert, outBuf, outSz, &caKey, &rng), + 0); + *out = outBuf; + + wc_FreeRsaKey(&caKey); + wc_FreeRng(&rng); + wc_FreeDecodedCert(&preTBS); + return outSz; +} + +static int do_dual_alg_server_certgen(byte **out, char *caKeyFile, + char *sapkiFile, char *altPrivFile, + char *serverKeyFile, + byte *caCertBuf, int caCertSz) +{ + EXPECT_DECLS; + FILE* file = NULL; + Cert newCert; + DecodedCert preTBS; + + byte serverKeyBuf[LARGE_TEMP_SZ]; + word32 serverKeySz = LARGE_TEMP_SZ; + byte caKeyBuf[LARGE_TEMP_SZ]; + word32 caKeySz = LARGE_TEMP_SZ; + byte sapkiBuf[LARGE_TEMP_SZ]; + word32 sapkiSz = LARGE_TEMP_SZ; + byte altPrivBuf[LARGE_TEMP_SZ]; + word32 altPrivSz = LARGE_TEMP_SZ; + byte altSigAlgBuf[LARGE_TEMP_SZ]; + word32 altSigAlgSz = LARGE_TEMP_SZ; + byte scratchBuf[LARGE_TEMP_SZ]; + word32 scratchSz = LARGE_TEMP_SZ; + byte preTbsBuf[LARGE_TEMP_SZ]; + word32 preTbsSz = LARGE_TEMP_SZ; + byte altSigValBuf[LARGE_TEMP_SZ]; + word32 altSigValSz = LARGE_TEMP_SZ; + byte *outBuf = NULL; + word32 outSz = LARGE_TEMP_SZ; + WC_RNG rng; + RsaKey caKey; + RsaKey serverKey; + ecc_key altCaKey; + word32 idx = 0; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(&caKey, 0, sizeof(RsaKey)); + XMEMSET(&serverKey, 0, sizeof(RsaKey)); + XMEMSET(&altCaKey, 0, sizeof(ecc_key)); + + ExpectNotNull(outBuf = (byte*)XMALLOC(outSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(wc_InitRng(&rng), 0); + XMEMSET(serverKeyBuf, 0, serverKeySz); + ExpectNotNull(file = fopen(serverKeyFile, "rb")); + ExpectIntGT(serverKeySz = (word32)fread(serverKeyBuf, 1, serverKeySz, file), + 0); + if (file) { + fclose(file); + file = NULL; + } + ExpectIntEQ(wc_InitRsaKey_ex(&serverKey, NULL, INVALID_DEVID), 0); + idx = 0; + ExpectIntEQ(wc_RsaPrivateKeyDecode(serverKeyBuf, &idx, &serverKey, + (word32)serverKeySz), 0); + XMEMSET(caKeyBuf, 0, caKeySz); + ExpectNotNull(file = fopen(caKeyFile, "rb")); + ExpectIntGT(caKeySz = (word32)fread(caKeyBuf, 1, caKeySz, file), 0); + if (file) { + fclose(file); + file = NULL; + } + ExpectIntEQ(wc_InitRsaKey_ex(&caKey, NULL, INVALID_DEVID), 0); + idx = 0; + ExpectIntEQ(wc_RsaPrivateKeyDecode(caKeyBuf, &idx, &caKey, + (word32)caKeySz), 0); + XMEMSET(sapkiBuf, 0, sapkiSz); + ExpectNotNull(file = fopen(sapkiFile, "rb")); + ExpectIntGT(sapkiSz = (word32)fread(sapkiBuf, 1, sapkiSz, file), 0); + if (file) { + fclose(file); + file = NULL; + } + XMEMSET(altPrivBuf, 0, altPrivSz); + ExpectNotNull(file = fopen(altPrivFile, "rb")); + ExpectIntGT(altPrivSz = (word32)fread(altPrivBuf, 1, altPrivSz, file), 0); + if (file) { + fclose(file); + file = NULL; + } + wc_ecc_init(&altCaKey); + idx = 0; + ExpectIntEQ(wc_EccPrivateKeyDecode(altPrivBuf, &idx, &altCaKey, + (word32)altPrivSz), 0); + XMEMSET(altSigAlgBuf, 0, altSigAlgSz); + ExpectIntGT(altSigAlgSz = SetAlgoID(CTC_SHA256wECDSA, altSigAlgBuf, + oidSigType, 0), 0); + wc_InitCert(&newCert); + strncpy(newCert.subject.country, "US", CTC_NAME_SIZE); + strncpy(newCert.subject.state, "MT", CTC_NAME_SIZE); + strncpy(newCert.subject.locality, "Bozeman", CTC_NAME_SIZE); + strncpy(newCert.subject.org, "wolfSSL", CTC_NAME_SIZE); + strncpy(newCert.subject.unit, "Engineering", CTC_NAME_SIZE); + strncpy(newCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE); + strncpy(newCert.subject.email, "server@wolfssl.com", CTC_NAME_SIZE); + strncpy((char*)newCert.beforeDate, "\x18\x0f""20250101000000Z", + CTC_DATE_SIZE); + newCert.beforeDateSz = 17; + strncpy((char*)newCert.afterDate, "\x18\x0f""20493112115959Z", + CTC_DATE_SIZE); + newCert.afterDateSz = 17; + + newCert.sigType = CTC_SHA256wRSA; + newCert.isCA = 0; + ExpectIntEQ(wc_SetIssuerBuffer(&newCert, caCertBuf, caCertSz), 0); + ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.72", sapkiBuf, + sapkiSz), 0); + ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.73", altSigAlgBuf, + altSigAlgSz), 0); + XMEMSET(scratchBuf, 0, scratchSz); + ExpectIntGT(wc_MakeCert(&newCert, scratchBuf, scratchSz, &serverKey, NULL, + &rng), 0); + ExpectIntGT(scratchSz = wc_SignCert(newCert.bodySz, newCert.sigType, + scratchBuf, scratchSz, &caKey, NULL, &rng), 0); + wc_InitDecodedCert(&preTBS, scratchBuf, scratchSz, 0); + ExpectIntEQ(wc_ParseCert(&preTBS, CERT_TYPE, NO_VERIFY, NULL), 0); + XMEMSET(preTbsBuf, 0, preTbsSz); + ExpectIntGT(preTbsSz = wc_GeneratePreTBS(&preTBS, preTbsBuf, preTbsSz), 0); + XMEMSET(altSigValBuf, 0, altSigValSz); + ExpectIntGT(altSigValSz = wc_MakeSigWithBitStr(altSigValBuf, altSigValSz, + CTC_SHA256wECDSA, preTbsBuf, preTbsSz, ECC_TYPE, &altCaKey, + &rng), 0); + ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "2.5.29.74", + altSigValBuf, altSigValSz), 0); + /* Finally, generate the new certificate. */ + if (outBuf != NULL) { + XMEMSET(outBuf, 0, outSz); + } + ExpectIntGT(wc_MakeCert(&newCert, outBuf, outSz, &serverKey, NULL, &rng), + 0); + ExpectIntGT(outSz = wc_SignCert(newCert.bodySz, newCert.sigType, outBuf, + outSz, &caKey, NULL, &rng), 0); + *out = outBuf; + wc_FreeRsaKey(&caKey); + wc_FreeRsaKey(&serverKey); + wc_FreeRng(&rng); + wc_FreeDecodedCert(&preTBS); + return outSz; +} + +static int do_dual_alg_tls13_connection(byte *caCert, word32 caCertSz, + byte *serverCert, word32 serverCertSz, + byte *serverKey, word32 serverKeySz, + int negative_test) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup_ex(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + caCert, caCertSz, serverCert, serverCertSz, + serverKey, serverKeySz), 0); + if (negative_test) { + ExpectTrue(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0); + } + else { + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + } + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + return EXPECT_RESULT(); +} + +/** + * Function to generate a root certificate with dual algorithm support and + * configurable criticality for extensions and path length constraints. + * + * @param out [out] Pointer to store the generated certificate + * @param caKeyFile [in] Path to the CA key file + * @param sapkiFile [in] Path to the subject alternative public key info file + * @param altPrivFile [in] Path to the alternative private key file + * @param setCrit [in] Flag to set criticality of extensions (1=critical, 0=non-critical) + * @param setPathLen [in] Flag to set path length constraint (1=set, 0=don't set) + * @param pathLen [in] Path length value (only used if setPathLen=1) + * @return Size of the generated certificate or negative on error + */ +static int do_dual_alg_root_certgen_crit(byte **out, char *caKeyFile, + char *sapkiFile, char *altPrivFile, + int setCrit, int setPathLen, int pathLen) +{ + EXPECT_DECLS; + FILE* file = NULL; + Cert newCert; + DecodedCert preTBS; + + byte caKeyBuf[LARGE_TEMP_SZ]; + word32 caKeySz = LARGE_TEMP_SZ; + byte sapkiBuf[LARGE_TEMP_SZ]; + word32 sapkiSz = LARGE_TEMP_SZ; + byte altPrivBuf[LARGE_TEMP_SZ]; + word32 altPrivSz = LARGE_TEMP_SZ; + byte altSigAlgBuf[LARGE_TEMP_SZ]; + word32 altSigAlgSz = LARGE_TEMP_SZ; + byte scratchBuf[LARGE_TEMP_SZ]; + word32 scratchSz = LARGE_TEMP_SZ; + byte preTbsBuf[LARGE_TEMP_SZ]; + word32 preTbsSz = LARGE_TEMP_SZ; + byte altSigValBuf[LARGE_TEMP_SZ]; + word32 altSigValSz = LARGE_TEMP_SZ; + byte *outBuf = NULL; + word32 outSz = LARGE_TEMP_SZ; + WC_RNG rng; + RsaKey caKey; + ecc_key altCaKey; + word32 idx = 0; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(&caKey, 0, sizeof(RsaKey)); + XMEMSET(&altCaKey, 0, sizeof(ecc_key)); + + ExpectNotNull(outBuf = (byte*)XMALLOC(outSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(wc_InitRng(&rng), 0); + XMEMSET(caKeyBuf, 0, caKeySz); + ExpectNotNull(file = fopen(caKeyFile, "rb")); + ExpectIntGT(caKeySz = (word32)fread(caKeyBuf, 1, caKeySz, file), 0); + if (file) { + fclose(file); + file = NULL; + } + ExpectIntEQ(wc_InitRsaKey_ex(&caKey, NULL, INVALID_DEVID), 0); + idx = 0; + ExpectIntEQ(wc_RsaPrivateKeyDecode(caKeyBuf, &idx, &caKey, caKeySz), + 0); + XMEMSET(sapkiBuf, 0, sapkiSz); + ExpectNotNull(file = fopen(sapkiFile, "rb")); + ExpectIntGT(sapkiSz = (word32)fread(sapkiBuf, 1, sapkiSz, file), 0); + if (file) { + fclose(file); + file = NULL; + } + XMEMSET(altPrivBuf, 0, altPrivSz); + ExpectNotNull(file = fopen(altPrivFile, "rb")); + ExpectIntGT(altPrivSz = (word32)fread(altPrivBuf, 1, altPrivSz, file), 0); + if (file) { + fclose(file); + file = NULL; + } + wc_ecc_init(&altCaKey); + idx = 0; + ExpectIntEQ(wc_EccPrivateKeyDecode(altPrivBuf, &idx, &altCaKey, + (word32)altPrivSz), 0); + XMEMSET(altSigAlgBuf, 0, altSigAlgSz); + ExpectIntGT(altSigAlgSz = SetAlgoID(CTC_SHA256wECDSA, altSigAlgBuf, + oidSigType, 0), 0); + wc_InitCert(&newCert); + strncpy(newCert.subject.country, "US", CTC_NAME_SIZE); + strncpy(newCert.subject.state, "MT", CTC_NAME_SIZE); + strncpy(newCert.subject.locality, "Bozeman", CTC_NAME_SIZE); + strncpy(newCert.subject.org, "wolfSSL", CTC_NAME_SIZE); + strncpy(newCert.subject.unit, "Engineering", CTC_NAME_SIZE); + strncpy(newCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE); + strncpy(newCert.subject.email, "root@wolfssl.com", CTC_NAME_SIZE); + strncpy((char*)newCert.beforeDate, "\x18\x0f""20250101000000Z", + CTC_DATE_SIZE); + newCert.beforeDateSz = 17; + strncpy((char*)newCert.afterDate, "\x18\x0f""20493112115959Z", + CTC_DATE_SIZE); + newCert.afterDateSz = 17; + newCert.sigType = CTC_SHA256wRSA; + newCert.isCA = 1; + + /* Set criticality of basic constraint extension if requested */ + if (setCrit) { + newCert.basicConstCrit = 1; + } + + /* Set pathlen if requested */ + if (setPathLen) { + newCert.pathLen = pathLen; + newCert.pathLenSet = 1; + } + + ExpectIntEQ(wc_SetCustomExtension(&newCert, 0, "1.2.3.4.5", + (const byte *)"This is NOT a critical extension", 32), 0); + ExpectIntEQ(wc_SetCustomExtension(&newCert, setCrit, "2.5.29.72", sapkiBuf, + sapkiSz), 0); + ExpectIntEQ(wc_SetCustomExtension(&newCert, setCrit, "2.5.29.73", + altSigAlgBuf, altSigAlgSz), 0); + + XMEMSET(scratchBuf, 0, scratchSz); + ExpectIntGT(scratchSz = wc_MakeSelfCert(&newCert, scratchBuf, scratchSz, + &caKey, &rng), 0); + + wc_InitDecodedCert(&preTBS, scratchBuf, scratchSz, 0); + ExpectIntEQ(wc_ParseCert(&preTBS, CERT_TYPE, NO_VERIFY, NULL), 0); + + XMEMSET(preTbsBuf, 0, preTbsSz); + ExpectIntGT(preTbsSz = wc_GeneratePreTBS(&preTBS, preTbsBuf, preTbsSz), 0); + XMEMSET(altSigValBuf, 0, altSigValSz); + ExpectIntGT(altSigValSz = wc_MakeSigWithBitStr(altSigValBuf, altSigValSz, + CTC_SHA256wECDSA, preTbsBuf, preTbsSz, ECC_TYPE, &altCaKey, + &rng), 0); + ExpectIntEQ(wc_SetCustomExtension(&newCert, setCrit, "2.5.29.74", + altSigValBuf, altSigValSz), 0); + + /* Finally, generate the new certificate. */ + if (outBuf != NULL) { + XMEMSET(outBuf, 0, outSz); + ExpectIntGT(outSz = wc_MakeSelfCert(&newCert, outBuf, outSz, &caKey, + &rng), 0); + *out = outBuf; + } + else { + outSz = 0; + } + + wc_FreeDecodedCert(&preTBS); + wc_ecc_free(&altCaKey); + wc_FreeRsaKey(&caKey); + wc_FreeRng(&rng); + + return (int)outSz; +} + +/** + * Function to generate a server certificate with dual algorithm support and + * configurable criticality for extensions and path length constraints. + * + * @param out [out] Pointer to store the generated certificate + * @param caKeyFile [in] Path to the CA key file + * @param sapkiFile [in] Path to the subject alternative public key info file + * @param altPrivFile [in] Path to the alternative private key file + * @param serverKeyFile [in] Path to the server key file + * @param caCertBuf [in] Buffer containing the CA certificate + * @param caCertSz [in] Size of the CA certificate buffer + * @param setCrit [in] Flag to set criticality of extensions (1=critical, 0=non-critical) + * @param setPathLen [in] Flag to set path length constraint (1=set, 0=don't set) + * @param pathLen [in] Path length value (only used if setPathLen=1) + * @return Size of the generated certificate or negative on error + */ +static int do_dual_alg_server_certgen_crit(byte **out, char *caKeyFile, + char *sapkiFile, char *altPrivFile, + char *serverKeyFile, + byte *caCertBuf, int caCertSz, + int setCrit) +{ + EXPECT_DECLS; + FILE* file = NULL; + Cert newCert; + DecodedCert preTBS; + + byte serverKeyBuf[LARGE_TEMP_SZ]; + word32 serverKeySz = LARGE_TEMP_SZ; + byte caKeyBuf[LARGE_TEMP_SZ]; + word32 caKeySz = LARGE_TEMP_SZ; + byte sapkiBuf[LARGE_TEMP_SZ]; + word32 sapkiSz = LARGE_TEMP_SZ; + byte altPrivBuf[LARGE_TEMP_SZ]; + word32 altPrivSz = LARGE_TEMP_SZ; + byte altSigAlgBuf[LARGE_TEMP_SZ]; + word32 altSigAlgSz = LARGE_TEMP_SZ; + byte scratchBuf[LARGE_TEMP_SZ]; + word32 scratchSz = LARGE_TEMP_SZ; + byte preTbsBuf[LARGE_TEMP_SZ]; + word32 preTbsSz = LARGE_TEMP_SZ; + byte altSigValBuf[LARGE_TEMP_SZ]; + word32 altSigValSz = LARGE_TEMP_SZ; + byte *outBuf = NULL; + word32 outSz = LARGE_TEMP_SZ; + WC_RNG rng; + RsaKey caKey; + RsaKey serverKey; + ecc_key altCaKey; + word32 idx = 0; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(&caKey, 0, sizeof(RsaKey)); + XMEMSET(&serverKey, 0, sizeof(RsaKey)); + XMEMSET(&altCaKey, 0, sizeof(ecc_key)); + + ExpectNotNull(outBuf = (byte*)XMALLOC(outSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(wc_InitRng(&rng), 0); + XMEMSET(serverKeyBuf, 0, serverKeySz); + ExpectNotNull(file = fopen(serverKeyFile, "rb")); + ExpectIntGT(serverKeySz = (word32)fread(serverKeyBuf, 1, serverKeySz, file), + 0); + if (file) { + fclose(file); + file = NULL; + } + ExpectIntEQ(wc_InitRsaKey_ex(&serverKey, NULL, INVALID_DEVID), 0); + idx = 0; + ExpectIntEQ(wc_RsaPrivateKeyDecode(serverKeyBuf, &idx, &serverKey, + serverKeySz), 0); + XMEMSET(caKeyBuf, 0, caKeySz); + ExpectNotNull(file = fopen(caKeyFile, "rb")); + ExpectIntGT(caKeySz = (word32)fread(caKeyBuf, 1, caKeySz, file), 0); + if (file) { + fclose(file); + file = NULL; + } + ExpectIntEQ(wc_InitRsaKey_ex(&caKey, NULL, INVALID_DEVID), 0); + idx = 0; + ExpectIntEQ(wc_RsaPrivateKeyDecode(caKeyBuf, &idx, &caKey, caKeySz), 0); + XMEMSET(sapkiBuf, 0, sapkiSz); + ExpectNotNull(file = fopen(sapkiFile, "rb")); + ExpectIntGT(sapkiSz = (word32)fread(sapkiBuf, 1, sapkiSz, file), 0); + if (file) { + fclose(file); + file = NULL; + } + XMEMSET(altPrivBuf, 0, altPrivSz); + ExpectNotNull(file = fopen(altPrivFile, "rb")); + ExpectIntGT(altPrivSz = (word32)fread(altPrivBuf, 1, altPrivSz, file), 0); + if (file) { + fclose(file); + file = NULL; + } + wc_ecc_init(&altCaKey); + idx = 0; + ExpectIntEQ(wc_EccPrivateKeyDecode(altPrivBuf, &idx, &altCaKey, + (word32)altPrivSz), 0); + XMEMSET(altSigAlgBuf, 0, altSigAlgSz); + ExpectIntGT(altSigAlgSz = SetAlgoID(CTC_SHA256wECDSA, altSigAlgBuf, + oidSigType, 0), 0); + wc_InitCert(&newCert); + strncpy(newCert.subject.country, "US", CTC_NAME_SIZE); + strncpy(newCert.subject.state, "MT", CTC_NAME_SIZE); + strncpy(newCert.subject.locality, "Bozeman", CTC_NAME_SIZE); + strncpy(newCert.subject.org, "wolfSSL", CTC_NAME_SIZE); + strncpy(newCert.subject.unit, "Engineering", CTC_NAME_SIZE); + strncpy(newCert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE); + strncpy(newCert.subject.email, "server@wolfssl.com", CTC_NAME_SIZE); + strncpy((char*)newCert.beforeDate, "\x18\x0f""20250101000000Z", + CTC_DATE_SIZE); + newCert.beforeDateSz = 17; + strncpy((char*)newCert.afterDate, "\x18\x0f""20493112115959Z", + CTC_DATE_SIZE); + newCert.afterDateSz = 17; + + newCert.sigType = CTC_SHA256wRSA; + newCert.isCA = 0; + ExpectIntEQ(wc_SetIssuerBuffer(&newCert, caCertBuf, caCertSz), 0); + ExpectIntEQ(wc_SetCustomExtension(&newCert, setCrit, "2.5.29.72", sapkiBuf, + sapkiSz), 0); + ExpectIntEQ(wc_SetCustomExtension(&newCert, setCrit, "2.5.29.73", + altSigAlgBuf, altSigAlgSz), 0); + XMEMSET(scratchBuf, 0, scratchSz); + ExpectIntGT(wc_MakeCert(&newCert, scratchBuf, scratchSz, &serverKey, NULL, + &rng), 0); + ExpectIntGT(scratchSz = wc_SignCert(newCert.bodySz, newCert.sigType, + scratchBuf, scratchSz, &caKey, NULL, &rng), 0); + wc_InitDecodedCert(&preTBS, scratchBuf, scratchSz, 0); + ExpectIntEQ(wc_ParseCert(&preTBS, CERT_TYPE, NO_VERIFY, NULL), 0); + XMEMSET(preTbsBuf, 0, preTbsSz); + ExpectIntGT(preTbsSz = wc_GeneratePreTBS(&preTBS, preTbsBuf, preTbsSz), 0); + XMEMSET(altSigValBuf, 0, altSigValSz); + ExpectIntGT(altSigValSz = wc_MakeSigWithBitStr(altSigValBuf, altSigValSz, + CTC_SHA256wECDSA, preTbsBuf, preTbsSz, ECC_TYPE, &altCaKey, + &rng), 0); + ExpectIntEQ(wc_SetCustomExtension(&newCert, setCrit, "2.5.29.74", + altSigValBuf, altSigValSz), 0); + + /* Finally, generate the new certificate. */ + if (outBuf != NULL) { + XMEMSET(outBuf, 0, outSz); + ExpectIntGT(outSz = wc_SignCert(newCert.bodySz, newCert.sigType, scratchBuf, + outSz, &caKey, NULL, &rng), 0); + *out = outBuf; + } + else { + outSz = 0; + } + + wc_FreeDecodedCert(&preTBS); + wc_ecc_free(&altCaKey); + wc_FreeRsaKey(&serverKey); + wc_FreeRsaKey(&caKey); + wc_FreeRng(&rng); + + return (int)outSz; +} + +/** + * Test dual-alg ECDSA + ML-DSA with critical extensions and path length + * constraints: + * - keygen + certgen + * + * TLS tests not designed to pass with these extensions marked critical. No + * TLS connection. + * */ +static int test_dual_alg_crit_ext_support(void) +{ + EXPECT_DECLS; + /* Root CA and server keys will be the same. This is only appropriate for + * testing. */ + char keyFile[] = "./certs/ca-key.der"; + char sapkiFile[] = "./certs/ecc-keyPub.der"; + char altPrivFile[] = "./certs/ecc-key.der"; + byte *serverKey = NULL; + size_t serverKeySz = 0; + byte *root = NULL; + int rootSz = 0; + byte *server = NULL; + int serverSz = 0; + + ExpectIntEQ(load_file(keyFile, &serverKey, &serverKeySz), 0); + + /* Test with critical extensions and pathlen set to 1 */ + if (EXPECT_SUCCESS()) { + rootSz = do_dual_alg_root_certgen_crit(&root, keyFile, sapkiFile, + altPrivFile, 1, 1, 1); + } + ExpectNotNull(root); + ExpectIntGT(rootSz, 0); + if (EXPECT_SUCCESS()) { + serverSz = do_dual_alg_server_certgen_crit(&server, keyFile, sapkiFile, + altPrivFile, keyFile, root, rootSz, 1); + } + ExpectNotNull(server); + ExpectIntGT(serverSz, 0); + XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER); + root = NULL; + XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER); + server = NULL; + + /* Test with critical extensions and pathlen set to 0 */ + if (EXPECT_SUCCESS()) { + rootSz = do_dual_alg_root_certgen_crit(&root, keyFile, sapkiFile, + altPrivFile, 1, 1, 0); + } + ExpectNotNull(root); + ExpectIntGT(rootSz, 0); + if (EXPECT_SUCCESS()) { + serverSz = do_dual_alg_server_certgen_crit(&server, keyFile, sapkiFile, + altPrivFile, keyFile, root, rootSz, 1); + } + ExpectNotNull(server); + ExpectIntGT(serverSz, 0); + XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER); + root = NULL; + XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER); + server = NULL; + + /* Test with critical alt extensions and no pathlen set */ + if (EXPECT_SUCCESS()) { + rootSz = do_dual_alg_root_certgen_crit(&root, keyFile, sapkiFile, + altPrivFile, 1, 0, 0); + } + ExpectNotNull(root); + ExpectIntGT(rootSz, 0); + if (EXPECT_SUCCESS()) { + serverSz = do_dual_alg_server_certgen_crit(&server, keyFile, sapkiFile, + altPrivFile, keyFile, root, rootSz, 0); + } + ExpectNotNull(server); + ExpectIntGT(serverSz, 0); + XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + free(serverKey); + + return EXPECT_RESULT(); +} + +static int test_dual_alg_support(void) +{ + EXPECT_DECLS; + /* Root CA and server keys will be the same. This is only appropriate for + * testing. */ + char keyFile[] = "./certs/ca-key.der"; + char sapkiFile[] = "./certs/ecc-keyPub.der"; + char altPrivFile[] = "./certs/ecc-key.der"; + char wrongPrivFile[] = "./certs/ecc-client-key.der"; + byte *serverKey = NULL; + size_t serverKeySz = 0; + byte *root = NULL; + int rootSz = 0; + byte *server = NULL; + int serverSz = 0; + + ExpectIntEQ(load_file(keyFile, &serverKey, &serverKeySz), 0); + + /* Base normal case. */ + if (EXPECT_SUCCESS()) { + rootSz = do_dual_alg_root_certgen(&root, keyFile, sapkiFile, + altPrivFile); + } + ExpectNotNull(root); + ExpectIntGT(rootSz, 0); + if (EXPECT_SUCCESS()) { + serverSz = do_dual_alg_server_certgen(&server, keyFile, sapkiFile, + altPrivFile, keyFile, root, rootSz); + } + ExpectNotNull(server); + ExpectIntGT(serverSz, 0); + ExpectIntEQ(do_dual_alg_tls13_connection(root, rootSz, + server, serverSz, serverKey, (word32)serverKeySz, 0), + TEST_SUCCESS); + XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER); + root = NULL; + XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER); + server = NULL; + + /* Now we try a negative case. Note that we use wrongPrivFile to generate + * the alternative signature and then set negative_test to true for the + * call to do_dual_alg_tls13_connection(). Its expecting a failed connection + * because the signature won't verify. The exception is if + * WOLFSSL_TRUST_PEER_CERT is defined. In that case, no verification happens + * and this is no longer a negative test. */ + if (EXPECT_SUCCESS()) { + rootSz = do_dual_alg_root_certgen(&root, keyFile, sapkiFile, + wrongPrivFile); + } + ExpectNotNull(root); + ExpectIntGT(rootSz, 0); + if (EXPECT_SUCCESS()) { + serverSz = do_dual_alg_server_certgen(&server, keyFile, sapkiFile, + wrongPrivFile, keyFile, root, rootSz); + } + ExpectNotNull(server); + ExpectIntGT(serverSz, 0); +#ifdef WOLFSSL_TRUST_PEER_CERT + ExpectIntEQ(do_dual_alg_tls13_connection(root, rootSz, + server, serverSz, serverKey, (word32)serverKeySz, 0), + TEST_SUCCESS); +#else + ExpectIntEQ(do_dual_alg_tls13_connection(root, rootSz, + server, serverSz, serverKey, (word32)serverKeySz, 1), + TEST_SUCCESS); +#endif + + XFREE(root, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(server, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + free(serverKey); + + return EXPECT_RESULT(); +} +#else +static int test_dual_alg_support(void) +{ + return TEST_SKIPPED; +} + +static int test_dual_alg_crit_ext_support(void) +{ + return TEST_SKIPPED; +} + +#endif /* WOLFSSL_DUAL_ALG_CERTS && !NO_FILESYSTEM */ + +/** + * Test dual-alg ECDSA + ML-DSA: + * - keygen + certgen + cert manager load + * */ +static int test_dual_alg_ecdsa_mldsa(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_DUAL_ALG_CERTS) && defined(HAVE_DILITHIUM) && \ + defined(HAVE_ECC) && !defined(WC_NO_RNG) && \ + defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_SMALL_STACK) + WOLFSSL_CERT_MANAGER * cm = NULL; + MlDsaKey alt_ca_key; + ecc_key ca_key; + WC_RNG rng; + int ret = 0; + DecodedCert d_cert; + Cert new_cert; + /* various tmp buffs. */ + byte alt_pub_der[LARGE_TEMP_SZ]; + word32 alt_pub_sz = LARGE_TEMP_SZ; + byte alt_sig_alg[LARGE_TEMP_SZ]; + word32 alt_sig_alg_sz = LARGE_TEMP_SZ; + byte tbs_der[LARGE_TEMP_SZ]; + word32 tbs_der_sz = LARGE_TEMP_SZ; + byte alt_sig[LARGE_TEMP_SZ]; + word32 alt_sig_sz = LARGE_TEMP_SZ; + /* Intermediate der. */ + byte der[LARGE_TEMP_SZ]; + word32 der_sz = LARGE_TEMP_SZ; + /* The final der will be large because of ML-DSA signature. */ + byte final_der[2 * LARGE_TEMP_SZ]; + word32 final_der_sz = 2 * LARGE_TEMP_SZ; + + XMEMSET(alt_pub_der, 0, alt_pub_sz); + XMEMSET(alt_sig_alg, 0, alt_sig_alg_sz); + XMEMSET(tbs_der, 0, tbs_der_sz); + XMEMSET(alt_sig, 0, alt_sig_sz); + XMEMSET(der, 0, der_sz); + XMEMSET(final_der, 0, final_der_sz); + + ExpectIntEQ(wc_InitRng(&rng), 0); + + /** + * ML-DSA key gen. + * */ + ret = wc_MlDsaKey_Init(&alt_ca_key, NULL, INVALID_DEVID); + ExpectIntEQ(ret, 0); + ret = wc_MlDsaKey_SetParams(&alt_ca_key, WC_ML_DSA_44); + ExpectIntEQ(ret, 0); + ret = wc_MlDsaKey_MakeKey(&alt_ca_key, &rng); + ExpectIntEQ(ret, 0); + alt_pub_sz = wc_MlDsaKey_PublicKeyToDer(&alt_ca_key, alt_pub_der, + alt_pub_sz, 1); + ExpectIntGT(alt_pub_sz, 0); + + alt_sig_alg_sz = SetAlgoID(CTC_SHA256wECDSA, alt_sig_alg, oidSigType, 0); + ExpectIntGT(alt_sig_alg_sz, 0); + + /** + * ECC key gen. + * */ + ret = wc_ecc_init(&ca_key); + ExpectIntEQ(ret, 0); + ret = wc_ecc_make_key(&rng, KEY32, &ca_key); + ExpectIntEQ(ret, 0); + + /** + * Cert gen. + * */ + wc_InitCert(&new_cert); + strncpy(new_cert.subject.country, "US", CTC_NAME_SIZE); + strncpy(new_cert.subject.state, "MT", CTC_NAME_SIZE); + strncpy(new_cert.subject.locality, "Bozeman", CTC_NAME_SIZE); + strncpy(new_cert.subject.org, "wolfSSL", CTC_NAME_SIZE); + strncpy(new_cert.subject.unit, "Engineering", CTC_NAME_SIZE); + strncpy(new_cert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE); + strncpy(new_cert.subject.email, "root@wolfssl.com", CTC_NAME_SIZE); + new_cert.sigType = CTC_SHA256wECDSA; + new_cert.isCA = 1; + + ret = wc_SetCustomExtension(&new_cert, 0, "1.2.3.4.5", + (const byte *)"This is NOT a critical extension", 32); + ExpectIntEQ(ret, 0); + + ExpectIntEQ(wc_SetCustomExtension(&new_cert, 0, "2.5.29.72", alt_pub_der, + alt_pub_sz), 0); + ExpectIntEQ(wc_SetCustomExtension(&new_cert, 0, "2.5.29.73", alt_sig_alg, + alt_sig_alg_sz), 0); + + ret = wc_MakeCert_ex(&new_cert, der, der_sz, ECC_TYPE, &ca_key, &rng); + ExpectIntGT(ret, 0); + + der_sz = wc_SignCert_ex(new_cert.bodySz, new_cert.sigType, der, der_sz, + ECC_TYPE, &ca_key, &rng); + ExpectIntGT(der_sz, 0); + + wc_InitDecodedCert(&d_cert, der, der_sz, 0); + ret = wc_ParseCert(&d_cert, CERT_TYPE, NO_VERIFY, NULL); + ExpectIntEQ(ret, 0); + + tbs_der_sz = wc_GeneratePreTBS(&d_cert, tbs_der, tbs_der_sz); + ExpectIntGT(tbs_der_sz, 0); + + alt_sig_sz = wc_MakeSigWithBitStr(alt_sig, alt_sig_sz, + CTC_ML_DSA_LEVEL2, tbs_der, tbs_der_sz, + ML_DSA_LEVEL2_TYPE, &alt_ca_key, &rng); + ExpectIntGT(alt_sig_sz, 0); + + ret = wc_SetCustomExtension(&new_cert, 0, "2.5.29.74", alt_sig, alt_sig_sz); + ExpectIntEQ(ret, 0); + + /* Finally generate the new certificate. */ + ret = wc_MakeCert_ex(&new_cert, final_der, final_der_sz, ECC_TYPE, &ca_key, + &rng); + ExpectIntGT(ret, 0); + + final_der_sz = wc_SignCert_ex(new_cert.bodySz, new_cert.sigType, final_der, + final_der_sz, ECC_TYPE, &ca_key, &rng); + ExpectIntGT(final_der_sz, 0); + + cm = wolfSSL_CertManagerNew(); + ExpectNotNull(cm); + + /* Load the certificate into CertManager. */ + if (cm != NULL && final_der_sz > 0) { + ret = wolfSSL_CertManagerLoadCABuffer(cm, final_der, final_der_sz, + WOLFSSL_FILETYPE_ASN1); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + } + + if (cm != NULL) { + wolfSSL_CertManagerFree(cm); + cm = NULL; + } + + wc_FreeDecodedCert(&d_cert); + wc_ecc_free(&ca_key); + wc_MlDsaKey_Free(&alt_ca_key); + wc_FreeRng(&rng); + +#endif /* WOLFSSL_DUAL_ALG_CERTS && DILITHIUM and more */ + return EXPECT_RESULT(); +} + + +/*----------------------------------------------------------------------------* + | Context + *----------------------------------------------------------------------------*/ +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) +static int test_wolfSSL_CTX_new(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx; + WOLFSSL_METHOD* method = NULL; + + ExpectNull(ctx = wolfSSL_CTX_new(NULL)); + ExpectNotNull(method = wolfSSLv23_server_method()); + if (method != NULL) + ExpectNotNull(ctx = wolfSSL_CTX_new(method)); + + wolfSSL_CTX_free(ctx); + + return EXPECT_RESULT(); +} +#endif + +#if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ + !defined(NO_TLS) && \ + (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM) +static int test_for_double_Free(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + int skipTest = 0; + const char* testCertFile; + const char* testKeyFile; + char optionsCiphers[] = "RC4-SHA:RC4-MD5:DES-CBC3-SHA:AES128-SHA:AES256-SHA" +":NULL-SHA:NULL-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-PSK-AES256-GCM" +"-SHA384:DHE-PSK-AES128-GCM-SHA256:PSK-AES256-GCM-SHA384:PSK-AES128-GCM-SHA256:" +"DHE-PSK-AES256-CBC-SHA384:DHE-PSK-AES128-CBC-SHA256:PSK-AES256-CBC-SHA384:PSK-" +"AES128-CBC-SHA256:PSK-AES128-CBC-SHA:PSK-AES256-CBC-SHA:DHE-PSK-AES128-CCM:DHE" +"-PSK-AES256-CCM:PSK-AES128-CCM:PSK-AES256-CCM:PSK-AES128-CCM-8:PSK-AES256-CCM-" +"8:DHE-PSK-NULL-SHA384:DHE-PSK-NULL-SHA256:PSK-NULL-SHA384:PSK-NULL-SHA256:PSK-" +"NULL-SHA:AES128-CCM-8:AES256-CCM-8:ECDHE-ECDSA-" +"AES128-CCM:ECDHE-ECDSA-AES128-CCM-8:ECDHE-ECDSA-AES256-CCM-8:ECDHE-RSA-AES128-" +"SHA:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-R" +"SA-RC4-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-RC4-SHA:ECDHE-ECDSA-DES-CBC3-SHA" +":AES128-SHA256:AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:ECDH-" +"RSA-AES128-SHA:ECDH-RSA-AES256-SHA:ECDH-ECDSA-AES128-SHA:ECDH-ECDSA-AES256-SHA" +":ECDH-RSA-RC4-SHA:ECDH-RSA-DES-CBC3-SHA:ECDH-ECDSA-RC4-SHA:ECDH-ECDSA-DES-CBC3" +"-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES" +"256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-E" +"CDSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH-RSA-AES128-GCM-SHA25" +"6:ECDH-RSA-AES256-GCM-SHA384:ECDH-ECDSA-AES128-GCM-SHA256:ECDH-ECDSA-AES256-GC" +"M-SHA384:CAMELLIA128-SHA:DHE-RSA-CAMELLIA128-SHA:CAMELLIA256-SHA:DHE-RSA-CAMEL" +"LIA256-SHA:CAMELLIA128-SHA256:DHE-RSA-CAMELLIA128-SHA256:CAMELLIA256-SHA256:DH" +"E-RSA-CAMELLIA256-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECD" +"H-RSA-AES128-SHA256:ECDH-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECD" +"SA-AES256-SHA384:ECDH-RSA-AES256-SHA384:ECDH-ECDSA-AES256-SHA384:ECDHE-RSA-CHA" +"CHA20-POLY1305:ECDHE-ECDSA-CHACHA20-POLY1305:DHE-RSA-CHACHA20-POLY1305:ECDHE-R" +"SA-CHACHA20-POLY1305-OLD:ECDHE-ECDSA-CHACHA20-POLY1305-OLD:DHE-RSA-CHACHA20-PO" +"LY1305-OLD:ECDHE-ECDSA-NULL-SHA:ECDHE-PSK-NULL-SHA256:ECDHE-PSK-A" +"ES128-CBC-SHA256:PSK-CHACHA20-POLY1305:ECDHE-PSK-CHACHA20-POLY1305:DHE-PSK-CHA" +"CHA20-POLY1305:EDH-RSA-DES-CBC3-SHA:TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-S" +"HA384:TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-CCM-SHA256:TLS13-AES128-CCM-" +"8-SHA256:TLS13-SHA256-SHA256:TLS13-SHA384-SHA384"; + /* OpenVPN uses a "blacklist" method to specify which ciphers NOT to use */ +#ifdef OPENSSL_EXTRA + char openvpnCiphers[] = "DEFAULT:!EXP:!LOW:!MEDIUM:!kDH:!kECDH:!DSS:!PSK:" + "!SRP:!kRSA:!aNULL:!eNULL"; +#endif + +#ifndef NO_RSA + testCertFile = svrCertFile; + testKeyFile = svrKeyFile; +#elif defined(HAVE_ECC) + testCertFile = eccCertFile; + testKeyFile = eccKeyFile; +#else + skipTest = 1; +#endif + + if (skipTest != 1) { +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + CERT_FILETYPE)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* First test freeing SSL, then CTX */ + wolfSSL_free(ssl); + ssl = NULL; + wolfSSL_CTX_free(ctx); + ctx = NULL; + +#ifndef NO_WOLFSSL_CLIENT + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#endif + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + CERT_FILETYPE)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Next test freeing CTX then SSL */ + wolfSSL_CTX_free(ctx); + ctx = NULL; + wolfSSL_free(ssl); + ssl = NULL; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + /* Test setting ciphers at ctx level */ + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, optionsCiphers)); +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \ + defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + /* only update TLSv13 suites */ + ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, "TLS13-AES256-GCM-SHA384")); +#endif +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \ + !defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \ + defined(WOLFSSL_AES_128) && !defined(NO_RSA) + /* only update pre-TLSv13 suites */ + ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, + "ECDHE-RSA-AES128-GCM-SHA256")); +#endif +#ifdef OPENSSL_EXTRA + ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, openvpnCiphers)); +#endif + ExpectNotNull(ssl = wolfSSL_new(ctx)); + wolfSSL_CTX_free(ctx); + ctx = NULL; + wolfSSL_free(ssl); + ssl = NULL; + +#ifndef NO_WOLFSSL_CLIENT + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#endif + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + CERT_FILETYPE)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + /* test setting ciphers at SSL level */ + ExpectTrue(wolfSSL_set_cipher_list(ssl, optionsCiphers)); +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_TLS13) && defined(HAVE_AESGCM) && \ + defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + /* only update TLSv13 suites */ + ExpectTrue(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384")); +#endif +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \ + !defined(NO_SHA256) && !defined(WOLFSSL_NO_TLS12) && \ + defined(WOLFSSL_AES_128) && !defined(NO_RSA) + /* only update pre-TLSv13 suites */ + ExpectTrue(wolfSSL_set_cipher_list(ssl, "ECDHE-RSA-AES128-GCM-SHA256")); +#endif + wolfSSL_CTX_free(ctx); + ctx = NULL; + wolfSSL_free(ssl); + ssl = NULL; + } + + return EXPECT_RESULT(); +} +#endif + + +static int test_wolfSSL_CTX_set_cipher_list_bytes(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES)) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ + (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM) && \ + !defined(NO_TLS) + const char* testCertFile; + const char* testKeyFile; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + const byte cipherList[] = + { + /* TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0x00, 0x16, + /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA */ 0x00, 0x39, + /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ 0x00, 0x33, + /* TLS_DH_anon_WITH_AES_128_CBC_SHA */ 0x00, 0x34, + /* TLS_RSA_WITH_AES_256_CBC_SHA */ 0x00, 0x35, + /* TLS_RSA_WITH_AES_128_CBC_SHA */ 0x00, 0x2F, + /* TLS_RSA_WITH_NULL_MD5 */ 0x00, 0x01, + /* TLS_RSA_WITH_NULL_SHA */ 0x00, 0x02, + /* TLS_PSK_WITH_AES_256_CBC_SHA */ 0x00, 0x8d, + /* TLS_PSK_WITH_AES_128_CBC_SHA256 */ 0x00, 0xae, + /* TLS_PSK_WITH_AES_256_CBC_SHA384 */ 0x00, 0xaf, + /* TLS_PSK_WITH_AES_128_CBC_SHA */ 0x00, 0x8c, + /* TLS_PSK_WITH_NULL_SHA256 */ 0x00, 0xb0, + /* TLS_PSK_WITH_NULL_SHA384 */ 0x00, 0xb1, + /* TLS_PSK_WITH_NULL_SHA */ 0x00, 0x2c, + /* SSL_RSA_WITH_RC4_128_SHA */ 0x00, 0x05, + /* SSL_RSA_WITH_RC4_128_MD5 */ 0x00, 0x04, + /* SSL_RSA_WITH_3DES_EDE_CBC_SHA */ 0x00, 0x0A, + + /* ECC suites, first byte is 0xC0 (ECC_BYTE) */ + /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x14, + /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x13, + /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x0A, + /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x09, + /* TLS_ECDHE_RSA_WITH_RC4_128_SHA */ 0xC0, 0x11, + /* TLS_ECDHE_ECDSA_WITH_RC4_128_SHA */ 0xC0, 0x07, + /* TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x12, + /* TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x08, + /* TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x27, + /* TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256*/ 0xC0, 0x23, + /* TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x28, + /* TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384*/ 0xC0, 0x24, + /* TLS_ECDHE_ECDSA_WITH_NULL_SHA */ 0xC0, 0x06, + /* TLS_ECDHE_PSK_WITH_NULL_SHA256 */ 0xC0, 0x3a, + /* TLS_ECDHE_PSK_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x37, + + /* static ECDH, first byte is 0xC0 (ECC_BYTE) */ + /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x0F, + /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x0E, + /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA */ 0xC0, 0x05, + /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA */ 0xC0, 0x04, + /* TLS_ECDH_RSA_WITH_RC4_128_SHA */ 0xC0, 0x0C, + /* TLS_ECDH_ECDSA_WITH_RC4_128_SHA */ 0xC0, 0x02, + /* TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x0D, + /* TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA */ 0xC0, 0x03, + /* TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x29, + /* TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 */ 0xC0, 0x25, + /* TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x2A, + /* TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 */ 0xC0, 0x26, + + /* WDM_WITH_NULL_SHA256 */ 0x00, 0xFE, /* wolfSSL DTLS Multicast */ + + /* SHA256 */ + /* TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 */ 0x00, 0x6b, + /* TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 */ 0x00, 0x67, + /* TLS_RSA_WITH_AES_256_CBC_SHA256 */ 0x00, 0x3d, + /* TLS_RSA_WITH_AES_128_CBC_SHA256 */ 0x00, 0x3c, + /* TLS_RSA_WITH_NULL_SHA256 */ 0x00, 0x3b, + /* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256 */ 0x00, 0xb2, + /* TLS_DHE_PSK_WITH_NULL_SHA256 */ 0x00, 0xb4, + + /* SHA384 */ + /* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384 */ 0x00, 0xb3, + /* TLS_DHE_PSK_WITH_NULL_SHA384 */ 0x00, 0xb5, + + /* AES-GCM */ + /* TLS_RSA_WITH_AES_128_GCM_SHA256 */ 0x00, 0x9c, + /* TLS_RSA_WITH_AES_256_GCM_SHA384 */ 0x00, 0x9d, + /* TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 */ 0x00, 0x9e, + /* TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 */ 0x00, 0x9f, + /* TLS_DH_anon_WITH_AES_256_GCM_SHA384 */ 0x00, 0xa7, + /* TLS_PSK_WITH_AES_128_GCM_SHA256 */ 0x00, 0xa8, + /* TLS_PSK_WITH_AES_256_GCM_SHA384 */ 0x00, 0xa9, + /* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256 */ 0x00, 0xaa, + /* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384 */ 0x00, 0xab, + + /* ECC AES-GCM, first byte is 0xC0 (ECC_BYTE) */ + /* TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2b, + /* TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x2c, + /* TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2d, + /* TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x2e, + /* TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x2f, + /* TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x30, + /* TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 */ 0xC0, 0x31, + /* TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 */ 0xC0, 0x32, + + /* AES-CCM, first byte is 0xC0 but isn't ECC, + * also, in some of the other AES-CCM suites + * there will be second byte number conflicts + * with non-ECC AES-GCM */ + /* TLS_RSA_WITH_AES_128_CCM_8 */ 0xC0, 0xa0, + /* TLS_RSA_WITH_AES_256_CCM_8 */ 0xC0, 0xa1, + /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM */ 0xC0, 0xac, + /* TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 */ 0xC0, 0xae, + /* TLS_ECDHE_ECDSA_WITH_AES_256_CCM_8 */ 0xC0, 0xaf, + /* TLS_PSK_WITH_AES_128_CCM */ 0xC0, 0xa4, + /* TLS_PSK_WITH_AES_256_CCM */ 0xC0, 0xa5, + /* TLS_PSK_WITH_AES_128_CCM_8 */ 0xC0, 0xa8, + /* TLS_PSK_WITH_AES_256_CCM_8 */ 0xC0, 0xa9, + /* TLS_DHE_PSK_WITH_AES_128_CCM */ 0xC0, 0xa6, + /* TLS_DHE_PSK_WITH_AES_256_CCM */ 0xC0, 0xa7, + + /* Camellia */ + /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA */ 0x00, 0x41, + /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA */ 0x00, 0x84, + /* TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ 0x00, 0xba, + /* TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ 0x00, 0xc0, + /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA */ 0x00, 0x45, + /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA */ 0x00, 0x88, + /* TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA256 */ 0x00, 0xbe, + /* TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA256 */ 0x00, 0xc4, + + /* chacha20-poly1305 suites first byte is 0xCC (CHACHA_BYTE) */ + /* TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xa8, + /* TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xa9, + /* TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xaa, + /* TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xac, + /* TLS_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xab, + /* TLS_DHE_PSK_WITH_CHACHA20_POLY1305_SHA256 */ 0xCC, 0xad, + + /* chacha20-poly1305 earlier version of nonce and padding (CHACHA_BYTE) */ + /* TLS_ECDHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x13, + /* TLS_ECDHE_ECDSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x14, + /* TLS_DHE_RSA_WITH_CHACHA20_OLD_POLY1305_SHA256 */ 0xCC, 0x15, + + /* ECDHE_PSK RFC8442, first byte is 0xD0 (ECDHE_PSK_BYTE) */ + /* TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256 */ 0xD0, 0x01, + + /* TLS v1.3 cipher suites */ + /* TLS_AES_128_GCM_SHA256 */ 0x13, 0x01, + /* TLS_AES_256_GCM_SHA384 */ 0x13, 0x02, + /* TLS_CHACHA20_POLY1305_SHA256 */ 0x13, 0x03, + /* TLS_AES_128_CCM_SHA256 */ 0x13, 0x04, + /* TLS_AES_128_CCM_8_SHA256 */ 0x13, 0x05, + + /* TLS v1.3 Integrity only cipher suites - 0xC0 (ECC) first byte */ + /* TLS_SHA256_SHA256 */ 0xC0, 0xB4, + /* TLS_SHA384_SHA384 */ 0xC0, 0xB5 + }; + +#ifndef NO_RSA + testCertFile = svrCertFile; + testKeyFile = svrKeyFile; +#elif defined(HAVE_ECC) + testCertFile = eccCertFile; + testKeyFile = eccKeyFile; +#endif + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectTrue(wolfSSL_CTX_set_cipher_list_bytes(ctx, &cipherList[0U], + sizeof(cipherList))); + + wolfSSL_CTX_free(ctx); + ctx = NULL; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + CERT_FILETYPE)); + + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + ExpectTrue(wolfSSL_set_cipher_list_bytes(ssl, &cipherList[0U], + sizeof(cipherList))); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif /* (OPENSSL_EXTRA || WOLFSSL_SET_CIPHER_BYTES) && + (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) && (!NO_RSA || HAVE_ECC) */ + + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_CTX_use_certificate(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) || defined(HAVE_LIGHTY) || \ + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(HAVE_STUNNEL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_POCO_LIB) || \ + defined(WOLFSSL_HAPROXY) +#if !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + WOLFSSL_CTX* ctx = NULL; + X509* x509 = NULL; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectNotNull(x509 = wolfSSL_X509_new()); + + /* Negative tests. */ + ExpectIntEQ(SSL_CTX_use_certificate(NULL, NULL), 0); + ExpectIntEQ(SSL_CTX_use_certificate(ctx, NULL), 0); + ExpectIntEQ(SSL_CTX_use_certificate(NULL, x509), 0); + /* Empty certificate */ + ExpectIntEQ(SSL_CTX_use_certificate(ctx, x509), 0); + + wolfSSL_X509_free(x509); + wolfSSL_CTX_free(ctx); +#endif /* !NO_TLS && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) */ +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_use_certificate_file(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_SERVER) + WOLFSSL_CTX *ctx = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + /* invalid context */ + ExpectFalse(wolfSSL_CTX_use_certificate_file(NULL, svrCertFile, + CERT_FILETYPE)); + /* invalid cert file */ + ExpectFalse(wolfSSL_CTX_use_certificate_file(ctx, bogusFile, + CERT_FILETYPE)); + /* invalid cert type */ + ExpectFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, 9999)); + +#ifdef NO_RSA + /* rsa needed */ + ExpectFalse(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + CERT_FILETYPE)); +#else + /* success */ + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + CERT_FILETYPE)); +#endif + + wolfSSL_CTX_free(ctx); +#endif + + return EXPECT_RESULT(); +} + +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) +static int test_wolfSSL_CTX_use_certificate_ASN1(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_WOLFSSL_SERVER) && !defined(NO_ASN) && \ + !defined(NO_TLS) + WOLFSSL_CTX* ctx = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + /* Failure cases. */ + ExpectIntEQ(SSL_CTX_use_certificate_ASN1(NULL, 0, NULL ), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx , 0, NULL ), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_CTX_use_certificate_ASN1(NULL, 0, server_cert_der_2048), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx , 0, server_cert_der_2048), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(SSL_CTX_use_certificate_ASN1(ctx, sizeof_server_cert_der_2048, + server_cert_der_2048), WOLFSSL_SUCCESS); + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} +#endif /* (OPENSSL_ALL || WOLFSSL_ASIO) && !NO_RSA */ + +/* Test function for wolfSSL_CTX_use_certificate_buffer. Load cert into + * context using buffer. + * PRE: NO_CERTS not defined; USE_CERT_BUFFERS_2048 defined; compile with + * --enable-testcert flag. + */ +static int test_wolfSSL_CTX_use_certificate_buffer(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_WOLFSSL_SERVER) && \ + defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) + WOLFSSL_CTX* ctx = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + /* Invalid parameters. */ + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(NULL, NULL, 0, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, NULL, 0, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E)); + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(NULL, server_cert_der_2048, + 0, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, 0, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E)); + + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, + server_cert_der_2048, sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); + +} /* END test_wolfSSL_CTX_use_certificate_buffer */ + +static int test_wolfSSL_use_certificate_buffer(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) && \ + defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Invalid parameters. */ + ExpectIntEQ(wolfSSL_use_certificate_buffer(NULL, NULL, 0, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl, NULL, 0, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E)); + ExpectIntEQ(wolfSSL_use_certificate_buffer(NULL, client_cert_der_2048, 0, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl, client_cert_der_2048, 0, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E)); + + ExpectIntEQ(wolfSSL_use_certificate_buffer(ssl, + client_cert_der_2048, sizeof_client_cert_der_2048, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_use_PrivateKey_file(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_SERVER) + WOLFSSL_CTX *ctx = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + /* invalid context */ + ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(NULL, svrKeyFile, + CERT_FILETYPE)); + /* invalid key file */ + ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, bogusFile, + CERT_FILETYPE)); + /* invalid key type */ + ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, 9999)); + + /* invalid key format */ +#ifdef WOLFSSL_PEM_TO_DER + ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, "./certs/dh-priv-2048.pem", + WOLFSSL_FILETYPE_PEM)); +#else + ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, "./certs/dh-priv-2048.der", + WOLFSSL_FILETYPE_ASN1)); +#endif + + /* success */ +#ifdef NO_RSA + /* rsa needed */ + ExpectFalse(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + CERT_FILETYPE)); +#else + /* success */ + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + CERT_FILETYPE)); +#endif + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_use_RSAPrivateKey_file(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_SERVER) && defined(OPENSSL_EXTRA) + WOLFSSL_CTX *ctx = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + /* invalid context */ + ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(NULL, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* invalid key file */ + ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, bogusFile, + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* invalid key type */ + ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile, 9999), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* success */ +#ifdef NO_RSA + /* rsa needed */ + ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#else + /* success */ + ExpectIntEQ(wolfSSL_CTX_use_RSAPrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_use_RSAPrivateKey_file(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_CLIENT) && defined(OPENSSL_EXTRA) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = SSL_new(ctx)); + + /* invalid context */ + ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(NULL, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* invalid key file */ + ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, bogusFile, + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* invalid key type */ + ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile, 9999), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* success */ +#ifdef NO_RSA + /* rsa needed */ + ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#else + /* success */ + ExpectIntEQ(wolfSSL_use_RSAPrivateKey_file(ssl, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_use_PrivateKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_SERVER) && defined(OPENSSL_EXTRA) + WOLFSSL_CTX *ctx = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + const unsigned char* p; + + (void)p; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* No data. */ + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + +#if defined(USE_CERT_BUFFERS_2048) +#if !defined(NO_RSA) + p = client_key_der_2048; + ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, + sizeof_client_key_der_2048)); +#if defined(WOLFSSL_KEY_GEN) + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS); +#else + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) +#ifndef NO_DSA + p = dsa_key_der_2048; + ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_DSA, NULL, &p, + sizeof_dsa_key_der_2048)); +#if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ + defined(WOLFSSL_CERT_GEN)) + /* Not supported in ProcessBuffer. */ + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE)); +#else + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#endif /* WOLFSSL_QT || OPENSSL_ALL || WOLFSSL_OPENSSH */ +#if !defined(NO_DH) && defined(OPENSSL_ALL) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + p = dh_ffdhe_statickey_der_2048; + ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &p, + sizeof_dh_ffdhe_statickey_der_2048)); + /* Not supported. */ + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#endif /* USE_CERT_BUFFERS_2048 */ +#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + p = ecc_clikey_der_256; + ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p, + sizeof_ecc_clikey_der_256)); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, + (unsigned char*)"01234567012345670123456701234567", 32)); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey(ctx, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +/* test both file and buffer versions along with unloading trusted peer certs */ +static int test_wolfSSL_CTX_trust_peer_cert(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && defined(WOLFSSL_TRUST_PEER_CERT) && \ + !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA) + WOLFSSL_CTX *ctx = NULL; + WOLFSSL* ssl = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + +#if !defined(NO_FILESYSTEM) + /* invalid file */ + ExpectIntNE(wolfSSL_CTX_trust_peer_cert(ctx, NULL, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CTX_trust_peer_cert(ctx, bogusFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* success */ + ExpectIntEQ(wolfSSL_CTX_trust_peer_cert(ctx, cliCertFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + + /* unload cert */ + ExpectIntNE(wolfSSL_CTX_Unload_trust_peers(NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_Unload_trust_peers(ctx), WOLFSSL_SUCCESS); + + /* invalid file */ + ExpectIntNE(wolfSSL_trust_peer_cert(ssl, NULL, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_trust_peer_cert(ssl, bogusFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_trust_peer_cert(ssl, cliCertFile, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* success */ + ExpectIntEQ(wolfSSL_trust_peer_cert(ssl, cliCertFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + + #ifdef WOLFSSL_LOCAL_X509_STORE + /* unload cert */ + ExpectIntNE(wolfSSL_Unload_trust_peers(NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_Unload_trust_peers(ssl), WOLFSSL_SUCCESS); + #endif +#endif + + /* Test of loading certs from buffers */ + + /* invalid buffer */ + ExpectIntNE(wolfSSL_CTX_trust_peer_buffer(ctx, NULL, -1, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* success */ +#ifdef USE_CERT_BUFFERS_1024 + ExpectIntEQ(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_1024, + sizeof_client_cert_der_1024, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#endif +#ifdef USE_CERT_BUFFERS_2048 + ExpectIntEQ(wolfSSL_CTX_trust_peer_buffer(ctx, client_cert_der_2048, + sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#endif + + /* unload cert */ + ExpectIntNE(wolfSSL_CTX_Unload_trust_peers(NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_Unload_trust_peers(ctx), WOLFSSL_SUCCESS); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_load_verify_locations(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_CLIENT) + WOLFSSL_CTX *ctx = NULL; +#ifndef NO_RSA + WOLFSSL_CERT_MANAGER* cm = NULL; +#ifdef PERSIST_CERT_CACHE + int cacheSz = 0; + unsigned char* cache = NULL; + int used = 0; +#ifndef NO_FILESYSTEM + const char* cacheFile = "./tests/cert_cache.tmp"; +#endif + int i; + int t; + int* p; +#endif +#endif +#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \ + defined(WOLFSSL_PEM_TO_DER) + const char* load_certs_path = "./certs/external"; + const char* load_no_certs_path = "./examples"; + const char* load_expired_path = "./certs/test/expired"; +#endif + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + + /* invalid arguments */ + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(NULL, caCertFile, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* invalid ca file */ + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, bogusFile, NULL), + WS_RETURN_CODE(WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE))); + + +#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \ + ((defined(WOLFSSL_QT) || defined(WOLFSSL_IGNORE_BAD_CERT_PATH)) && \ + !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR)) + /* invalid path */ + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, NULL, bogusFile), + WS_RETURN_CODE(WC_NO_ERR_TRACE(BAD_PATH_ERROR),WC_NO_ERR_TRACE(WOLFSSL_FAILURE))); +#endif +#if defined(WOLFSSL_QT) || defined(WOLFSSL_IGNORE_BAD_CERT_PATH) + /* test ignoring the invalid path */ + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, bogusFile, + WOLFSSL_LOAD_FLAG_IGNORE_BAD_PATH_ERR), WOLFSSL_SUCCESS); +#endif + + /* load ca cert */ +#ifdef NO_RSA + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), + WS_RETURN_CODE(WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E),WC_NO_ERR_TRACE(WOLFSSL_FAILURE))); +#else /* Skip the following test without RSA certs. */ + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), + WOLFSSL_SUCCESS); + +#ifdef PERSIST_CERT_CACHE + /* Get cert cache size */ + ExpectIntGT(cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx), 0); + + ExpectNotNull(cache = (byte*)XMALLOC((size_t)cacheSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + + ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, NULL, -1, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, NULL, -1, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, cache, -1, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, NULL, cacheSz, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, NULL, -1, &used), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(NULL, cache, cacheSz, &used), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, NULL, cacheSz, &used), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, -1, &used), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, cacheSz, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, cacheSz - 10, &used), + WC_NO_ERR_TRACE(BUFFER_E)); + ExpectIntEQ(wolfSSL_CTX_memsave_cert_cache(ctx, cache, cacheSz, &used), 1); + ExpectIntEQ(cacheSz, used); + + ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, NULL, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, NULL, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, cache, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, NULL, cacheSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(NULL, cache, cacheSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, NULL, cacheSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Smaller than header. */ + ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, 1), WC_NO_ERR_TRACE(BUFFER_E)); + for (i = 1; i < cacheSz; i++) { + ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz - i), + WC_NO_ERR_TRACE(BUFFER_E)); + } + if (EXPECT_SUCCESS()) { + /* Modify header for bad results! */ + p = (int*)cache; + /* version */ + t = p[0]; p[0] = 0xff; + ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz), + WC_NO_ERR_TRACE(CACHE_MATCH_ERROR)); + p[0] = t; p++; + /* rows */ + t = p[0]; p[0] = 0xff; + ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz), + WC_NO_ERR_TRACE(CACHE_MATCH_ERROR)); + p[0] = t; p++; + /* columns[0] */ + t = p[0]; p[0] = -1; + ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz), + WC_NO_ERR_TRACE(PARSE_ERROR)); + p[0] = t; p += CA_TABLE_SIZE; + /* signerSz*/ + t = p[0]; p[0] = 0xff; + ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz), + WC_NO_ERR_TRACE(CACHE_MATCH_ERROR)); + p[0] = t; + } + + ExpectIntEQ(wolfSSL_CTX_memrestore_cert_cache(ctx, cache, cacheSz), 1); + ExpectIntEQ(cacheSz = wolfSSL_CTX_get_cert_cache_memsize(ctx), used); + +#ifndef NO_FILESYSTEM + ExpectIntEQ(wolfSSL_CTX_save_cert_cache(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_save_cert_cache(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_save_cert_cache(NULL, cacheFile), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_save_cert_cache(ctx, cacheFile), 1); + + ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(NULL, cacheFile), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, "no-file"), + WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE)); + ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, cacheFile), 1); + /* File contents is not a cache. */ + ExpectIntEQ(wolfSSL_CTX_restore_cert_cache(ctx, "./certs/ca-cert.pem"), + WC_NO_ERR_TRACE(CACHE_MATCH_ERROR)); +#endif + + XFREE(cache, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + /* Test unloading CA's */ + ExpectIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS); + +#ifdef PERSIST_CERT_CACHE + /* Verify no certs (result is less than cacheSz) */ + ExpectIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx)); +#endif + + /* load ca cert again */ + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, NULL), + WOLFSSL_SUCCESS); + + /* Test getting CERT_MANAGER */ + ExpectNotNull(cm = wolfSSL_CTX_GetCertManager(ctx)); + + /* Test unloading CA's using CM */ + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); + +#ifdef PERSIST_CERT_CACHE + /* Verify no certs (result is less than cacheSz) */ + ExpectIntGT(cacheSz, wolfSSL_CTX_get_cert_cache_memsize(ctx)); +#endif +#endif + +#if !defined(NO_WOLFSSL_DIR) && !defined(WOLFSSL_TIRTOS) && \ + defined(WOLFSSL_PEM_TO_DER) + /* Test loading CA certificates using a path */ + #ifdef NO_RSA + /* failure here okay since certs in external directory are RSA */ + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, + WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); + #else + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, + WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), WOLFSSL_SUCCESS); + #endif + + /* Test loading path with no files */ + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, + load_no_certs_path, WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Test loading expired CA certificates */ + #ifdef NO_RSA + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, + load_expired_path, + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), + WOLFSSL_SUCCESS); + #else + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, + load_expired_path, + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY | WOLFSSL_LOAD_FLAG_PEM_CA_ONLY), + WOLFSSL_SUCCESS); + #endif + + /* Test loading CA certificates and ignoring all errors */ + #ifdef NO_RSA + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, + WOLFSSL_LOAD_FLAG_IGNORE_ERR), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + #else + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, NULL, load_certs_path, + WOLFSSL_LOAD_FLAG_IGNORE_ERR), WOLFSSL_SUCCESS); + #endif +#endif + + wolfSSL_CTX_free(ctx); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_load_system_CA_certs(void) +{ + int res = TEST_SKIPPED; +#if defined(WOLFSSL_SYS_CA_CERTS) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_TLS) && (!defined(NO_RSA) || defined(HAVE_ECC)) && \ + defined(WOLFSSL_PEM_TO_DER) + WOLFSSL_CTX* ctx; + byte dirValid = 0; + int ret = 0; + + ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + if (ctx == NULL) { + fprintf(stderr, "wolfSSL_CTX_new failed.\n"); + ret = -1; + } + if (ret == 0) { + #if defined(USE_WINDOWS_API) || defined(__APPLE__) || \ + defined(NO_WOLFSSL_DIR) + dirValid = 1; + #else + word32 numDirs; + const char** caDirs = wolfSSL_get_system_CA_dirs(&numDirs); + + if (caDirs == NULL || numDirs == 0) { + fprintf(stderr, "wolfSSL_get_system_CA_dirs failed.\n"); + ret = -1; + } + else { + ReadDirCtx dirCtx; + word32 i; + + for (i = 0; i < numDirs; ++i) { + if (wc_ReadDirFirst(&dirCtx, caDirs[i], NULL) == 0) { + /* Directory isn't empty. */ + dirValid = 1; + wc_ReadDirClose(&dirCtx); + break; + } + } + } + #endif + } + /* + * If the directory isn't empty, we should be able to load CA + * certs from it. On Windows/Mac, we assume the CA cert stores are + * usable. + */ + if (ret == 0 && dirValid && wolfSSL_CTX_load_system_CA_certs(ctx) != + WOLFSSL_SUCCESS) { + fprintf(stderr, "wolfSSL_CTX_load_system_CA_certs failed.\n"); + ret = -1; + } +#ifdef OPENSSL_EXTRA + if (ret == 0 && + wolfSSL_CTX_set_default_verify_paths(ctx) != WOLFSSL_SUCCESS) { + fprintf(stderr, "wolfSSL_CTX_set_default_verify_paths failed.\n"); + ret = -1; + } +#endif /* OPENSSL_EXTRA */ + + wolfSSL_CTX_free(ctx); + + res = TEST_RES_CHECK(ret == 0); +#endif /* WOLFSSL_SYS_CA_CERTS && !NO_WOLFSSL_CLIENT */ + + return res; +} + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) +static int test_cm_load_ca_buffer(const byte* cert_buf, size_t cert_sz, + int file_type) +{ + int ret; + WOLFSSL_CERT_MANAGER* cm; + + cm = wolfSSL_CertManagerNew(); + if (cm == NULL) { + fprintf(stderr, "test_cm_load_ca failed\n"); + return -1; + } + + ret = wolfSSL_CertManagerLoadCABuffer(cm, cert_buf, (sword32)cert_sz, file_type); + + wolfSSL_CertManagerFree(cm); + + return ret; +} + +static int test_cm_load_ca_file(const char* ca_cert_file) +{ + int ret = 0; + byte* cert_buf = NULL; + size_t cert_sz = 0; +#if defined(WOLFSSL_PEM_TO_DER) + DerBuffer* pDer = NULL; +#endif + + ret = load_file(ca_cert_file, &cert_buf, &cert_sz); + if (ret == 0) { + /* normal test */ + ret = test_cm_load_ca_buffer(cert_buf, cert_sz, CERT_FILETYPE); + + if (ret == WOLFSSL_SUCCESS) { + /* test including null terminator in length */ + byte* tmp = (byte*)realloc(cert_buf, cert_sz+1); + if (tmp == NULL) { + ret = MEMORY_E; + } + else { + cert_buf = tmp; + cert_buf[cert_sz] = '\0'; + ret = test_cm_load_ca_buffer(cert_buf, cert_sz+1, + CERT_FILETYPE); + } + + } + + #if defined(WOLFSSL_PEM_TO_DER) + if (ret == WOLFSSL_SUCCESS) { + /* test loading DER */ + ret = wc_PemToDer(cert_buf, (sword32)cert_sz, CA_TYPE, &pDer, + NULL, NULL, NULL); + if (ret == 0 && pDer != NULL) { + ret = test_cm_load_ca_buffer(pDer->buffer, pDer->length, + WOLFSSL_FILETYPE_ASN1); + + wc_FreeDer(&pDer); + } + } + #endif + + } + free(cert_buf); + + return ret; +} + +static int test_cm_load_ca_buffer_ex(const byte* cert_buf, size_t cert_sz, + int file_type, word32 flags) +{ + int ret; + WOLFSSL_CERT_MANAGER* cm; + + cm = wolfSSL_CertManagerNew(); + if (cm == NULL) { + fprintf(stderr, "test_cm_load_ca failed\n"); + return -1; + } + + ret = wolfSSL_CertManagerLoadCABuffer_ex(cm, cert_buf, (sword32)cert_sz, file_type, + 0, flags); + + wolfSSL_CertManagerFree(cm); + + return ret; +} + +static int test_cm_load_ca_file_ex(const char* ca_cert_file, word32 flags) +{ + int ret = 0; + byte* cert_buf = NULL; + size_t cert_sz = 0; +#if defined(WOLFSSL_PEM_TO_DER) + DerBuffer* pDer = NULL; +#endif + + ret = load_file(ca_cert_file, &cert_buf, &cert_sz); + if (ret == 0) { + /* normal test */ + ret = test_cm_load_ca_buffer_ex(cert_buf, cert_sz, + CERT_FILETYPE, flags); + + if (ret == WOLFSSL_SUCCESS) { + /* test including null terminator in length */ + byte* tmp = (byte*)realloc(cert_buf, cert_sz+1); + if (tmp == NULL) { + ret = MEMORY_E; + } + else { + cert_buf = tmp; + cert_buf[cert_sz] = '\0'; + ret = test_cm_load_ca_buffer_ex(cert_buf, cert_sz+1, + CERT_FILETYPE, flags); + } + + } + + #if defined(WOLFSSL_PEM_TO_DER) + if (ret == WOLFSSL_SUCCESS) { + /* test loading DER */ + ret = wc_PemToDer(cert_buf, (sword32)cert_sz, CA_TYPE, &pDer, + NULL, NULL, NULL); + if (ret == 0 && pDer != NULL) { + ret = test_cm_load_ca_buffer_ex(pDer->buffer, pDer->length, + WOLFSSL_FILETYPE_ASN1, flags); + + wc_FreeDer(&pDer); + } + } + #endif + + } + free(cert_buf); + + return ret; +} + +#endif /* !NO_FILESYSTEM && !NO_CERTS */ + +static int test_wolfSSL_CertManagerAPI(void) +{ + EXPECT_DECLS; +#ifndef NO_CERTS + WOLFSSL_CERT_MANAGER* cm = NULL; + unsigned char c = 0; + + ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); + + wolfSSL_CertManagerFree(NULL); + ExpectIntEQ(wolfSSL_CertManager_up_ref(NULL), 0); + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifdef WOLFSSL_TRUST_PEER_CERT + ExpectIntEQ(wolfSSL_CertManagerUnload_trust_peers(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer_ex(NULL, &c, 1, + WOLFSSL_FILETYPE_ASN1, 0, 0), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + +#if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, NULL, -1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, NULL, -1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, &c, -1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, NULL, 1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(NULL, &c, 1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, NULL, 1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, &c, -1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, &c, 1, -1), + WC_NO_ERR_TRACE(WOLFSSL_BAD_FILETYPE)); +#endif + +#if !defined(NO_FILESYSTEM) + { + #ifdef WOLFSSL_PEM_TO_DER + const char* ca_cert = "./certs/ca-cert.pem"; + #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) + const char* ca_cert_der = "./certs/ca-cert.der"; + #endif + #else + const char* ca_cert = "./certs/ca-cert.der"; + #endif + const char* ca_path = "./certs"; + + #if !defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH) + ExpectIntEQ(wolfSSL_CertManagerVerify(NULL, NULL, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerify(cm, NULL, WOLFSSL_FILETYPE_ASN1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerify(NULL, ca_cert, + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert, -1), + WC_NO_ERR_TRACE(WOLFSSL_BAD_FILETYPE)); +#ifdef WOLFSSL_PEM_TO_DER + ExpectIntEQ(wolfSSL_CertManagerVerify(cm, ca_cert_der, + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); +#endif + ExpectIntEQ(wolfSSL_CertManagerVerify(cm, "no-file", + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE)); + #endif + + ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, ca_cert, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, NULL, ca_path), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(NULL, ca_cert, ca_path), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + } +#endif + +#ifdef OPENSSL_COMPATIBLE_DEFAULTS + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), 1); +#elif !defined(HAVE_CRL) + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 0), WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif + + ExpectIntEQ(wolfSSL_CertManagerDisableCRL(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerDisableCRL(cm), 1); +#ifdef HAVE_CRL + /* Test APIs when CRL is disabled. */ +#ifdef HAVE_CRL_IO + ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(cm, NULL), 1); +#endif + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, + sizeof_server_cert_der_2048), 1); + ExpectIntEQ(wolfSSL_CertManagerFreeCRL(cm), 1); +#endif + + /* OCSP */ + ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#if !defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ + !defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(cm), WC_NO_ERR_TRACE(NOT_COMPILED_IN)); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(cm), WC_NO_ERR_TRACE(NOT_COMPILED_IN)); + ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(cm), WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif + +#ifdef HAVE_OCSP + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(NULL, &c, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, &c, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(NULL, NULL, 0, + NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, NULL, 1, + NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(NULL, &c, 1, + NULL, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(NULL, ""), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, NULL), 1); + + ExpectIntEQ(wolfSSL_CertManagerSetOCSP_Cb(NULL, NULL, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerSetOCSP_Cb(cm, NULL, NULL, NULL), 1); + + ExpectIntEQ(wolfSSL_CertManagerDisableOCSP(cm), 1); + /* Test APIs when OCSP is disabled. */ + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, &c, 1, + NULL, NULL, NULL, NULL), 1); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, &c, 1), 1); + +#endif + + ExpectIntEQ(wolfSSL_CertManager_up_ref(cm), 1); + if (EXPECT_SUCCESS()) { + wolfSSL_CertManagerFree(cm); + } + wolfSSL_CertManagerFree(cm); + cm = NULL; + + ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); + +#ifdef HAVE_OCSP + ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(cm, WOLFSSL_OCSP_URL_OVERRIDE | + WOLFSSL_OCSP_CHECKALL), 1); +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(cm), 1); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(cm), 1); + ExpectIntEQ(wolfSSL_CertManagerDisableOCSPStapling(cm), 1); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSPStapling(cm), 1); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSPMustStaple(cm), 1); + ExpectIntEQ(wolfSSL_CertManagerDisableOCSPMustStaple(cm), 1); +#endif + + ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, ""), 1); + ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, ""), 1); +#endif + +#ifdef WOLFSSL_TRUST_PEER_CERT + ExpectIntEQ(wolfSSL_CertManagerUnload_trust_peers(cm), 1); +#endif + wolfSSL_CertManagerFree(cm); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CertManagerLoadCABuffer(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) +#if defined(WOLFSSL_PEM_TO_DER) + const char* ca_cert = "./certs/ca-cert.pem"; + const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; +#else + const char* ca_cert = "./certs/ca-cert.der"; + const char* ca_expired_cert = "./certs/test/expired/expired-ca.der"; +#endif + int ret; + + ExpectIntLE(ret = test_cm_load_ca_file(ca_cert), 1); +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); +#elif defined(NO_RSA) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)); +#else + ExpectIntEQ(ret, WOLFSSL_SUCCESS); +#endif + + ExpectIntLE(ret = test_cm_load_ca_file(ca_expired_cert), 1); +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); +#elif defined(NO_RSA) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)); +#elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \ + !defined(NO_ASN_TIME) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)); +#else + ExpectIntEQ(ret, WOLFSSL_SUCCESS); +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CertManagerLoadCABuffer_ex(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) +#if defined(WOLFSSL_PEM_TO_DER) + const char* ca_cert = "./certs/ca-cert.pem"; + const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; +#else + const char* ca_cert = "./certs/ca-cert.der"; + const char* ca_expired_cert = "./certs/test/expired/expired-ca.der"; +#endif + int ret; + + ExpectIntLE(ret = test_cm_load_ca_file_ex(ca_cert, WOLFSSL_LOAD_FLAG_NONE), + 1); +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); +#elif defined(NO_RSA) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)); +#else + ExpectIntEQ(ret, WOLFSSL_SUCCESS); +#endif + + ExpectIntLE(ret = test_cm_load_ca_file_ex(ca_expired_cert, + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), 1); +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); +#elif defined(NO_RSA) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_UNKNOWN_OID_E)); +#elif !(WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS & WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY) && \ + !defined(NO_ASN_TIME) && defined(WOLFSSL_TRUST_PEER_CERT) && \ + defined(OPENSSL_COMPATIBLE_DEFAULTS) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_AFTER_DATE_E)); +#else + ExpectIntEQ(ret, WOLFSSL_SUCCESS); +#endif + +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CertManagerLoadCABufferType(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_RSA) && !defined(NO_SHA256) && \ + !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) +#if defined(WOLFSSL_PEM_TO_DER) + const char* ca_cert = "./certs/ca-cert.pem"; + const char* int1_cert = "./certs/intermediate/ca-int-cert.pem"; + const char* int2_cert = "./certs/intermediate/ca-int2-cert.pem"; + const char* client_cert = "./certs/intermediate/client-int-cert.pem"; +#else + const char* ca_cert = "./certs/ca-cert.der"; + const char* int1_cert = "./certs/intermediate/ca-int-cert.der"; + const char* int2_cert = "./certs/intermediate/ca-int2-cert.der"; + const char* client_cert = "./certs/intermediate/client-int-cert.der"; +#endif + byte* ca_cert_buf = NULL; + byte* int1_cert_buf = NULL; + byte* int2_cert_buf = NULL; + byte* client_cert_buf = NULL; + size_t ca_cert_sz = 0; + size_t int1_cert_sz = 0; + size_t int2_cert_sz = 0; + size_t client_cert_sz = 0; + WOLFSSL_CERT_MANAGER* cm = NULL; + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(load_file(ca_cert, &ca_cert_buf, &ca_cert_sz), 0); + ExpectIntEQ(load_file(int1_cert, &int1_cert_buf, &int1_cert_sz), 0); + ExpectIntEQ(load_file(int2_cert, &int2_cert_buf, &int2_cert_sz), 0); + ExpectIntEQ(load_file(client_cert, &client_cert_buf, &client_cert_sz), 0); + + ExpectIntNE(wolfSSL_CertManagerLoadCABufferType(cm, ca_cert_buf, + (sword32)ca_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, 0), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerLoadCABufferType(cm, ca_cert_buf, + (sword32)ca_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, 5), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, ca_cert_buf, + (sword32)ca_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_CA), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int1_cert_buf, + (sword32)int1_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int2_cert_buf, + (sword32)int2_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, client_cert_buf, + (sword32)client_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER), + WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_USER_INTER), + WOLFSSL_SUCCESS); + + /* Intermediate certs have been unloaded, but CA cert is still + loaded. Expect first level intermediate to verify, rest to fail. */ + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int1_cert_buf, + (sword32)int1_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_TEMP_CA), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, int2_cert_buf, + (sword32)int2_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_CHAIN_CA), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerLoadCABufferType(cm, client_cert_buf, + (sword32)client_cert_sz, CERT_FILETYPE, 0, + WOLFSSL_LOAD_VERIFY_DEFAULT_FLAGS, WOLFSSL_USER_INTER), + WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_USER_INTER), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_CHAIN_CA), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_TEMP_CA), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CertManagerUnloadTypeCerts(cm, WOLFSSL_USER_CA), + WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int1_cert_buf, + int1_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, int2_cert_buf, + int2_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerifyBuffer(cm, client_cert_buf, + client_cert_sz, CERT_FILETYPE), WOLFSSL_SUCCESS); + + if (cm) + wolfSSL_CertManagerFree(cm); + if (ca_cert_buf) + free(ca_cert_buf); + if (int1_cert_buf) + free(int1_cert_buf); + if (int2_cert_buf) + free(int2_cert_buf); + if (client_cert_buf) + free(client_cert_buf); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CertManagerGetCerts(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + defined(WOLFSSL_SIGNER_DER_CERT) + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_STACK* sk = NULL; + X509* x509 = NULL; + X509* cert1 = NULL; + FILE* file1 = NULL; +#ifdef DEBUG_WOLFSSL_VERBOSE + WOLFSSL_BIO* bio = NULL; +#endif + int i = 0; + int ret = 0; + const byte* der = NULL; + int derSz = 0; + + ExpectNotNull(file1 = fopen("./certs/ca-cert.pem", "rb")); + + ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); + if (file1 != NULL) { + fclose(file1); + } + + ExpectNull(sk = wolfSSL_CertManagerGetCerts(NULL)); + ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); + ExpectNull(sk = wolfSSL_CertManagerGetCerts(cm)); + + ExpectNotNull(der = wolfSSL_X509_get_der(cert1, &derSz)); +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) + /* Check that ASN_SELF_SIGNED_E is returned for a self-signed cert for QT + * and full OpenSSL compatibility */ + ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)); +#else + ExpectIntEQ(ret = wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); +#endif + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, + "./certs/ca-cert.pem", NULL)); + + ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(cm)); + + for (i = 0; EXPECT_SUCCESS() && i < sk_X509_num(sk); i++) { + ExpectNotNull(x509 = sk_X509_value(sk, i)); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509, cert1)); + +#ifdef DEBUG_WOLFSSL_VERBOSE + bio = BIO_new(wolfSSL_BIO_s_file()); + if (bio != NULL) { + BIO_set_fp(bio, stderr, BIO_NOCLOSE); + X509_print(bio, x509); + BIO_free(bio); + } +#endif /* DEBUG_WOLFSSL_VERBOSE */ + } + wolfSSL_X509_free(cert1); + sk_X509_pop_free(sk, NULL); + wolfSSL_CertManagerFree(cm); +#endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + defined(WOLFSSL_SIGNER_DER_CERT) */ + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CertManagerSetVerify(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) + WOLFSSL_CERT_MANAGER* cm = NULL; + int tmp = myVerifyAction; +#ifdef WOLFSSL_PEM_TO_DER + const char* ca_cert = "./certs/ca-cert.pem"; + const char* expiredCert = "./certs/test/expired/expired-cert.pem"; +#else + const char* ca_cert = "./certs/ca-cert.der"; + const char* expiredCert = "./certs/test/expired/expired-cert.der"; +#endif + + wolfSSL_CertManagerSetVerify(NULL, NULL); + wolfSSL_CertManagerSetVerify(NULL, myVerify); + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + + wolfSSL_CertManagerSetVerify(cm, myVerify); + +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL), -1); +#else + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL), + WOLFSSL_SUCCESS); +#endif + /* Use the test CB that always accepts certs */ + myVerifyAction = VERIFY_OVERRIDE_ERROR; + + ExpectIntEQ(wolfSSL_CertManagerVerify(cm, expiredCert, + CERT_FILETYPE), WOLFSSL_SUCCESS); + +#ifdef WOLFSSL_ALWAYS_VERIFY_CB + { + const char* verifyCert = "./certs/server-cert.der"; + /* Use the test CB that always fails certs */ + myVerifyAction = VERIFY_FORCE_FAIL; + + ExpectIntEQ(wolfSSL_CertManagerVerify(cm, verifyCert, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(VERIFY_CERT_ERROR)); + } +#endif + + wolfSSL_CertManagerFree(cm); + myVerifyAction = tmp; +#endif + + return EXPECT_RESULT(); +} + +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ + defined(DEBUG_UNIT_TEST_CERTS) +/* Used when debugging name constraint tests. Not static to allow use in + * multiple locations with complex define guards. */ +void DEBUG_WRITE_CERT_X509(WOLFSSL_X509* x509, const char* fileName) +{ + BIO* out = BIO_new_file(fileName, "wb"); + if (out != NULL) { + PEM_write_bio_X509(out, x509); + BIO_free(out); + } +} +void DEBUG_WRITE_DER(const byte* der, int derSz, const char* fileName) +{ + BIO* out = BIO_new_file(fileName, "wb"); + if (out != NULL) { + BIO_write(out, der, derSz); + BIO_free(out); + } +} +#else +#define DEBUG_WRITE_CERT_X509(x509, fileName) WC_DO_NOTHING +#define DEBUG_WRITE_DER(der, derSz, fileName) WC_DO_NOTHING +#endif + + +static int test_wolfSSL_CertManagerNameConstraint(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ + defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ + !defined(NO_SHA256) + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME* name = NULL; + const char* ca_cert = "./certs/test/cert-ext-nc.der"; + const char* server_cert = "./certs/test/server-goodcn.pem"; + int i = 0; + static const byte extNameConsOid[] = {85, 29, 30}; + + RsaKey key; + WC_RNG rng; + byte *der = NULL; + int derSz = 0; + word32 idx = 0; + byte *pt; + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; + + wc_InitRng(&rng); + + /* load in CA private key for signing */ + ExpectIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, testDevId), 0); + ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key, + sizeof_server_key_der_2048), 0); + + /* get ca certificate then alter it */ + ExpectNotNull(der = + (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ca_cert, + WOLFSSL_FILETYPE_ASN1)); + ExpectNotNull(pt = (byte*)wolfSSL_X509_get_tbs(x509, &derSz)); + if (EXPECT_SUCCESS() && (der != NULL)) { + XMEMCPY(der, pt, (size_t)derSz); + + /* find the name constraint extension and alter it */ + pt = der; + for (i = 0; i < derSz - 3; i++) { + if (XMEMCMP(pt, extNameConsOid, 3) == 0) { + pt += 3; + break; + } + pt++; + } + ExpectIntNE(i, derSz - 3); /* did not find OID if this case is hit */ + + /* go to the length value and set it to 0 */ + while (i < derSz && *pt != 0x81) { + pt++; + i++; + } + ExpectIntNE(i, derSz); /* did not place to alter */ + pt++; + *pt = 0x00; + } + + /* resign the altered certificate */ + ExpectIntGT((derSz = wc_SignCert(derSz, CTC_SHA256wRSA, der, + FOURK_BUF, &key, NULL, &rng)), 0); + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E)); + wolfSSL_CertManagerFree(cm); + + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_X509_free(x509); + wc_FreeRsaKey(&key); + wc_FreeRng(&rng); + + /* add email alt name to satisfy constraint */ + pt = (byte*)server_key_der_2048; + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + (const unsigned char**)&pt, sizeof_server_key_der_2048)); + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, + WOLFSSL_FILETYPE_ASN1)); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); + DEBUG_WRITE_DER(der, derSz, "ca.der"); + + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* Good cert test with proper alt email name */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); + + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "good-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + x509 = NULL; + + + /* Cert with bad alt name list */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + + wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE); + wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); + + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); + + wolfSSL_CertManagerFree(cm); + wolfSSL_X509_free(x509); + wolfSSL_X509_free(ca); + wolfSSL_EVP_PKEY_free(priv); +#endif + + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_CertManagerNameConstraint2(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ + defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) + const char* ca_cert = "./certs/test/cert-ext-ndir.der"; + const char* ca_cert2 = "./certs/test/cert-ext-ndir-exc.der"; + const char* server_cert = "./certs/server-cert.pem"; + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; + + const unsigned char *der = NULL; + const unsigned char *pt; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME* name = NULL; + int derSz = 0; + + /* C=US*/ + char altName[] = { + 0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53 + }; + + /* C=ID */ + char altNameFail[] = { + 0x30, 0x0D, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x49, 0x44 + }; + + /* C=US ST=California*/ + char altNameExc[] = { + 0x30, 0x22, + 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x13, + 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x0A, + 0x43, 0x61, 0x6c, 0x69, 0x66, 0x6f, 0x72, 0x6e, 0x69, 0x61 + }; + /* load in CA private key for signing */ + pt = ca_key_der_2048; + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt, + sizeof_ca_key_der_2048)); + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, + WOLFSSL_FILETYPE_ASN1)); + ExpectNotNull((der = wolfSSL_X509_get_der(ca, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); +#else + wolfSSL_X509_sign(x509, priv, EVP_sha256()); +#endif + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* Test no name case. */ + ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, NULL, 0, ASN_DIR_TYPE), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname(x509, "", ASN_DIR_TYPE), + WOLFSSL_SUCCESS); + /* IP not supported. */ + ExpectIntEQ(wolfSSL_X509_add_altname(x509, "127.0.0.1", ASN_IP_TYPE), + WOLFSSL_FAILURE); + + /* add in matching DIR alt name and resign */ + wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); +#else + wolfSSL_X509_sign(x509, priv, EVP_sha256()); +#endif + + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* check verify fail */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + + /* add in miss matching DIR alt name and resign */ + wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), + ASN_DIR_TYPE); + +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); +#else + wolfSSL_X509_sign(x509, priv, EVP_sha256()); +#endif + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); +#ifndef WOLFSSL_NO_ASN_STRICT + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); +#else + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#endif + + /* check that it still fails if one bad altname and one good altname is in + * the certificate */ + wolfSSL_X509_free(x509); + x509 = NULL; + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); + wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), + ASN_DIR_TYPE); + +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); +#else + wolfSSL_X509_sign(x509, priv, EVP_sha256()); +#endif + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); +#ifndef WOLFSSL_NO_ASN_STRICT + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); +#else + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#endif + + /* check it fails with switching position of bad altname */ + wolfSSL_X509_free(x509); + x509 = NULL; + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + wolfSSL_X509_add_altname_ex(x509, altNameFail, sizeof(altNameFail), + ASN_DIR_TYPE); + wolfSSL_X509_add_altname_ex(x509, altName, sizeof(altName), ASN_DIR_TYPE); + +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); +#else + wolfSSL_X509_sign(x509, priv, EVP_sha256()); +#endif + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); +#ifndef WOLFSSL_NO_ASN_STRICT + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); +#else + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#endif + wolfSSL_CertManagerFree(cm); + + wolfSSL_X509_free(x509); + x509 = NULL; + wolfSSL_X509_free(ca); + ca = NULL; + + /* now test with excluded name constraint */ + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert2, + WOLFSSL_FILETYPE_ASN1)); + ExpectNotNull((der = wolfSSL_X509_get_der(ca, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + wolfSSL_X509_add_altname_ex(x509, altNameExc, sizeof(altNameExc), + ASN_DIR_TYPE); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + wolfSSL_X509_sign(x509, priv, EVP_sha3_256()); +#else + wolfSSL_X509_sign(x509, priv, EVP_sha256()); +#endif + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); +#ifndef WOLFSSL_NO_ASN_STRICT + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); +#else + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#endif + wolfSSL_CertManagerFree(cm); + wolfSSL_X509_free(x509); + wolfSSL_X509_free(ca); + wolfSSL_EVP_PKEY_free(priv); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CertManagerNameConstraint3(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ + defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ + !defined(NO_SHA256) + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME* name = NULL; + const char* ca_cert = "./certs/test/cert-ext-mnc.der"; + const char* server_cert = "./certs/test/server-goodcn.pem"; + + byte *der = NULL; + int derSz = 0; + byte *pt; + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; + + pt = (byte*)server_key_der_2048; + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + (const unsigned char**)&pt, sizeof_server_key_der_2048)); + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, + WOLFSSL_FILETYPE_ASN1)); + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); + DEBUG_WRITE_DER(der, derSz, "ca.der"); + + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* check satisfying .wolfssl.com constraint passes */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@info.wolfssl.com", 24, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "wolfssl@info.wolfssl.com", ASN_RFC822_TYPE); + + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* check satisfying .random.com constraint passes */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@info.example.com", 24, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "wolfssl@info.example.com", ASN_RFC822_TYPE); + + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* check fail case when neither constraint is matched */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@info.com", 16, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + + wolfSSL_X509_add_altname(x509, "wolfssl@info.com", ASN_RFC822_TYPE); + + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); + + wolfSSL_CertManagerFree(cm); + wolfSSL_X509_free(x509); + wolfSSL_X509_free(ca); + wolfSSL_EVP_PKEY_free(priv); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CertManagerNameConstraint4(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ + defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ + !defined(NO_SHA256) + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME* name = NULL; + const char* ca_cert = "./certs/test/cert-ext-ncdns.der"; + const char* server_cert = "./certs/test/server-goodcn.pem"; + + byte *der = NULL; + int derSz; + byte *pt; + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; + + pt = (byte*)server_key_der_2048; + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + (const unsigned char**)&pt, sizeof_server_key_der_2048)); + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, + WOLFSSL_FILETYPE_ASN1)); + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); + DEBUG_WRITE_DER(der, derSz, "ca.der"); + + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* check satisfying wolfssl.com constraint passes */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "good-1st-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* check satisfying example.com constraint passes */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"example.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "www.example.com", ASN_DNS_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "good-2nd-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* check satisfying wolfssl.com constraint passes with list of DNS's */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "extra.wolfssl.com", ASN_DNS_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "good-multiple-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* check fail when one DNS in the list is bad */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "www.wolfssl.com", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "www.nomatch.com", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "www.info.wolfssl.com", ASN_DNS_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "bad-multiple-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* check fail case when neither constraint is matched */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"common", 6, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + + wolfSSL_X509_add_altname(x509, "www.random.com", ASN_DNS_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "bad-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); + + wolfSSL_CertManagerFree(cm); + wolfSSL_X509_free(x509); + wolfSSL_X509_free(ca); + wolfSSL_EVP_PKEY_free(priv); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CertManagerNameConstraint5(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_CM_VERIFY) && !defined(NO_RSA) && \ + defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_ALT_NAMES) && \ + !defined(NO_SHA256) + WOLFSSL_CERT_MANAGER* cm = NULL; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME* name = NULL; + const char* ca_cert = "./certs/test/cert-ext-ncmixed.der"; + const char* server_cert = "./certs/test/server-goodcn.pem"; + + byte *der = NULL; + int derSz; + byte *pt; + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; + + pt = (byte*)server_key_der_2048; + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + (const unsigned char**)&pt, sizeof_server_key_der_2048)); + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(ca_cert, + WOLFSSL_FILETYPE_ASN1)); + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(ca, &derSz))); + DEBUG_WRITE_DER(der, derSz, "ca.der"); + + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* check satisfying wolfssl.com constraint passes */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"example", 7, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "good.example", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "facts@into.wolfssl.com", ASN_RFC822_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "good-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* fail with DNS check because of common name */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "facts@wolfssl.com", ASN_RFC822_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "bad-cn-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* fail on permitted DNS name constraint */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "www.example", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "www.wolfssl", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "bad-1st-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* fail on permitted email name constraint */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + + wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); + wolfSSL_X509_add_altname(x509, "info@wolfssl.com", ASN_RFC822_TYPE); + wolfSSL_X509_add_altname(x509, "info@example.com", ASN_RFC822_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "bad-2nd-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_NAME_INVALID_E)); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* success with empty email name */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(server_cert, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + X509_NAME_free(name); + + wolfSSL_X509_add_altname(x509, "example", ASN_DNS_TYPE); + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + DEBUG_WRITE_CERT_X509(x509, "good-missing-constraint-cert.pem"); + + ExpectNotNull((der = (byte*)wolfSSL_X509_get_der(x509, &derSz))); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + wolfSSL_X509_free(x509); + + wolfSSL_CertManagerFree(cm); + wolfSSL_X509_free(ca); + wolfSSL_EVP_PKEY_free(priv); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CRL_duplicate_extensions(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_CERTS) && \ + defined(HAVE_CRL) && !defined(NO_RSA) && !defined(WOLFSSL_NO_ASN_STRICT) && \ + (defined(WC_ASN_RUNTIME_DATE_CHECK_CONTROL) || defined(NO_ASN_TIME_CHECK)) + const unsigned char crl_duplicate_akd[] = + "-----BEGIN X509 CRL-----\n" + "MIICCDCB8QIBATANBgkqhkiG9w0BAQsFADB5MQswCQYDVQQGEwJVUzETMBEGA1UE\n" + "CAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwNU2FuIEZyYW5jaXNjbzETMBEGA1UECgwK\n" + "TXkgQ29tcGFueTETMBEGA1UEAwwKTXkgUm9vdCBDQTETMBEGA1UECwwKTXkgUm9v\n" + "dCBDQRcNMjQwOTAxMDAwMDAwWhcNMjUxMjAxMDAwMDAwWqBEMEIwHwYDVR0jBBgw\n" + "FoAU72ng99Ud5pns3G3Q9+K5XGRxgzUwHwYDVR0jBBgwFoAU72ng99Ud5pns3G3Q\n" + "9+K5XGRxgzUwDQYJKoZIhvcNAQELBQADggEBAIFVw4jrS4taSXR/9gPzqGrqFeHr\n" + "IXCnFtHJTLxqa8vUOAqSwqysvNpepVKioMVoGrLjFMjANjWQqTEiMROAnLfJ/+L8\n" + "FHZkV/mZwOKAXMhIC9MrJzifxBICwmvD028qnwQm09EP8z4ICZptD6wPdRTDzduc\n" + "KBuAX+zn8pNrJgyrheRKpPgno9KsbCzK4D/RIt1sTK2M3vVOtY+vpsN70QYUXvQ4\n" + "r2RZac3omlT43x5lddPxIlcouQpwWcVvr/K+Va770MRrjn88PBrJmvsEw/QYVBXp\n" + "Gxv2b78HFDacba80sMIm8ltRdqUCa5qIc6OATsz7izCQXEbkTEeESrcK1MA=\n" + "-----END X509 CRL-----\n"; + + WOLFSSL_CERT_MANAGER* cm = NULL; + int ret; + + (void)wc_AsnSetSkipDateCheck(1); + + cm = wolfSSL_CertManagerNew(); + ExpectNotNull(cm); + + /* Test loading CRL with duplicate extensions */ + WOLFSSL_MSG("Testing CRL with duplicate Authority Key Identifier extensions"); + ret = wolfSSL_CertManagerLoadCRLBuffer(cm, crl_duplicate_akd, + sizeof(crl_duplicate_akd), + WOLFSSL_FILETYPE_PEM); + ExpectIntEQ(ret, ASN_PARSE_E); + + wolfSSL_CertManagerFree(cm); + + (void)wc_AsnSetSkipDateCheck(0); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CertManagerCRL(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(HAVE_CRL) && \ + !defined(NO_RSA) + const char* ca_cert = "./certs/ca-cert.pem"; + const char* crl1 = "./certs/crl/crl.pem"; + const char* crl2 = "./certs/crl/crl2.pem"; +#ifdef WC_RSA_PSS + const char* crl_rsapss = "./certs/crl/crl_rsapss.pem"; + const char* ca_rsapss = "./certs/rsapss/ca-rsapss.pem"; +#endif + /* ./certs/crl/crl.der */ + const unsigned char crl_buff[] = { + 0x30, 0x82, 0x02, 0x04, 0x30, 0x81, 0xED, 0x02, + 0x01, 0x01, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, + 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, + 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, + 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, + 0x0F, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x08, + 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, 0x68, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x0B, 0x0C, 0x0A, 0x43, 0x6F, 0x6E, 0x73, 0x75, + 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, 0x30, + 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, + 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, + 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, + 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, + 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, + 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x17, 0x0D, 0x32, 0x34, 0x30, 0x31, 0x30, 0x39, + 0x30, 0x30, 0x33, 0x34, 0x33, 0x30, 0x5A, 0x17, + 0x0D, 0x32, 0x36, 0x31, 0x30, 0x30, 0x35, 0x30, + 0x30, 0x33, 0x34, 0x33, 0x30, 0x5A, 0x30, 0x14, + 0x30, 0x12, 0x02, 0x01, 0x02, 0x17, 0x0D, 0x32, + 0x34, 0x30, 0x31, 0x30, 0x39, 0x30, 0x30, 0x33, + 0x34, 0x33, 0x30, 0x5A, 0xA0, 0x0E, 0x30, 0x0C, + 0x30, 0x0A, 0x06, 0x03, 0x55, 0x1D, 0x14, 0x04, + 0x03, 0x02, 0x01, 0x02, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, + 0x0B, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, + 0xB3, 0x6F, 0xED, 0x72, 0xD2, 0x73, 0x6A, 0x77, + 0xBF, 0x3A, 0x55, 0xBC, 0x54, 0x18, 0x6A, 0x71, + 0xBC, 0x6A, 0xCC, 0xCD, 0x5D, 0x90, 0xF5, 0x64, + 0x8D, 0x1B, 0xF0, 0xE0, 0x48, 0x7B, 0xF2, 0x7B, + 0x06, 0x86, 0x53, 0x63, 0x9B, 0xD8, 0x24, 0x15, + 0x10, 0xB1, 0x19, 0x96, 0x9B, 0xD2, 0x75, 0xA8, + 0x25, 0xA2, 0x35, 0xA9, 0x14, 0xD6, 0xD5, 0x5E, + 0x53, 0xE3, 0x34, 0x9D, 0xF2, 0x8B, 0x07, 0x19, + 0x9B, 0x1F, 0xF1, 0x02, 0x0F, 0x04, 0x46, 0xE8, + 0xB8, 0xB6, 0xF2, 0x8D, 0xC7, 0xC0, 0x15, 0x3E, + 0x3E, 0x8E, 0x96, 0x73, 0x15, 0x1E, 0x62, 0xF6, + 0x4E, 0x2A, 0xF7, 0xAA, 0xA0, 0x91, 0x80, 0x12, + 0x7F, 0x81, 0x0C, 0x65, 0xCC, 0x38, 0xBE, 0x58, + 0x6C, 0x14, 0xA5, 0x21, 0xA1, 0x8D, 0xF7, 0x8A, + 0xB9, 0x24, 0xF4, 0x2D, 0xCA, 0xC0, 0x67, 0x43, + 0x0B, 0xC8, 0x1C, 0xB4, 0x7D, 0x12, 0x7F, 0xA2, + 0x1B, 0x19, 0x0E, 0x94, 0xCF, 0x7B, 0x9F, 0x75, + 0xA0, 0x08, 0x9A, 0x67, 0x3F, 0x87, 0x89, 0x3E, + 0xF8, 0x58, 0xA5, 0x8A, 0x1B, 0x2D, 0xDA, 0x9B, + 0xD0, 0x1B, 0x18, 0x92, 0xC3, 0xD2, 0x6A, 0xD7, + 0x1C, 0xFC, 0x45, 0x69, 0x77, 0xC3, 0x57, 0x65, + 0x75, 0x99, 0x9E, 0x47, 0x2A, 0x20, 0x25, 0xEF, + 0x90, 0xF2, 0x5F, 0x3B, 0x7D, 0x9C, 0x7D, 0x00, + 0xEA, 0x92, 0x54, 0xEB, 0x0B, 0xE7, 0x17, 0xAF, + 0x24, 0x1A, 0xF9, 0x7C, 0x83, 0x50, 0x68, 0x1D, + 0xDC, 0x5B, 0x60, 0x12, 0xA7, 0x52, 0x78, 0xD9, + 0xA9, 0xB0, 0x1F, 0x59, 0x48, 0x36, 0xC7, 0xA6, + 0x97, 0x34, 0xC7, 0x87, 0x3F, 0xAE, 0xFD, 0xA9, + 0x56, 0x5D, 0x48, 0xCC, 0x89, 0x7A, 0x79, 0x60, + 0x8F, 0x9B, 0x2B, 0x63, 0x3C, 0xB3, 0x04, 0x1D, + 0x5F, 0xF7, 0x20, 0xD2, 0xFD, 0xF2, 0x51, 0xB1, + 0x96, 0x93, 0x13, 0x5B, 0xAB, 0x74, 0x82, 0x8B + }; + + WOLFSSL_CERT_MANAGER* cm = NULL; + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL), 1); + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECK), 1); + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, + WOLFSSL_CRL_CHECK | WOLFSSL_CRL_CHECKALL), 1); + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, 16), 1); + ExpectIntEQ(wolfSSL_CertManagerEnableCRL(cm, WOLFSSL_CRL_CHECKALL), 1); + + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, -1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, server_cert_der_2048, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(NULL, server_cert_der_2048, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, + sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); + + ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerSetCRL_Cb(cm, NULL), 1); +#ifdef HAVE_CRL_IO + ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerSetCRL_IOCb(cm, NULL), 1); +#endif + +#ifndef NO_FILESYSTEM + ExpectIntEQ(wolfSSL_CertManagerLoadCRL(NULL, NULL, WOLFSSL_FILETYPE_ASN1, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRL(cm, NULL, WOLFSSL_FILETYPE_ASN1, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* -1 seen as !WOLFSSL_FILETYPE_PEM */ + ExpectIntEQ(wolfSSL_CertManagerLoadCRL(cm, "./certs/crl", -1, 0), 1); + + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(NULL, NULL, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, NULL, WOLFSSL_FILETYPE_ASN1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* -1 seen as !WOLFSSL_FILETYPE_PEM */ + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, "./certs/crl/crl.pem", -1), + WC_NO_ERR_TRACE(ASN_PARSE_E)); +#endif + + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, NULL, -1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, NULL, -1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, crl_buff, -1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, NULL, 1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(NULL, crl_buff, 1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, NULL, 1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, -1, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_CertManagerFreeCRL(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + DoExpectIntEQ(wolfSSL_CertManagerFreeCRL(cm), 1); + + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CertManagerLoadCRL(cm, crl2, WOLFSSL_FILETYPE_PEM, 0)); + wolfSSL_CertManagerFreeCRL(cm); + +#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CertManagerLoadCRL(cm, crl1, WOLFSSL_FILETYPE_PEM, 0)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL)); + ExpectIntEQ(wolfSSL_CertManagerCheckCRL(cm, server_cert_der_2048, + sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(CRL_MISSING)); + ExpectIntEQ(wolfSSL_CertManagerVerifyBuffer(cm, server_cert_der_2048, + sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(CRL_MISSING)); +#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ + + ExpectIntEQ(wolfSSL_CertManagerLoadCRLBuffer(cm, crl_buff, sizeof(crl_buff), + WOLFSSL_FILETYPE_ASN1), 1); + +#if !defined(NO_FILESYSTEM) && defined(WC_RSA_PSS) + /* loading should fail without the CA set */ + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_rsapss, + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_CRL_NO_SIGNER_E)); + + /* now successfully load the RSA-PSS crl once loading in it's CA */ + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CertManagerLoadCA(cm, ca_rsapss, NULL)); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl_rsapss, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif + + wolfSSL_CertManagerFree(cm); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CertManagerCheckOCSPResponse(void) +{ + EXPECT_DECLS; +#if defined(HAVE_OCSP) && !defined(NO_RSA) && !defined(NO_SHA) +/* Need one of these for wolfSSL_OCSP_REQUEST_new. */ +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_APACHE_HTTPD) || \ + defined(HAVE_LIGHTY) + WOLFSSL_CERT_MANAGER* cm = NULL; + /* Raw OCSP response bytes captured using the following setup: + * - Run responder with + * openssl ocsp -port 9999 -ndays 9999 + * -index certs/ocsp/index-intermediate1-ca-issued-certs.txt + * -rsigner certs/ocsp/ocsp-responder-cert.pem + * -rkey certs/ocsp/ocsp-responder-key.pem + * -CA certs/ocsp/intermediate1-ca-cert.pem + * - Run client with + * openssl ocsp -host 127.0.0.1:9999 -respout resp.out + * -issuer certs/ocsp/intermediate1-ca-cert.pem + * -cert certs/ocsp/server1-cert.pem + * -CAfile certs/ocsp/root-ca-cert.pem -noverify + * - Select the response packet in Wireshark, and export it using + * "File->Export Packet Dissection->As "C" Arrays". Select "Selected + * packets only". After importing into the editor, remove the initial + * ~148 bytes of header, ending with the Content-Length and the \r\n\r\n. + */ + static const byte response[] = { + 0x30, 0x82, 0x07, 0x40, /* ....0..@ */ + 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x39, 0x30, /* ......90 */ + 0x82, 0x07, 0x35, 0x06, 0x09, 0x2b, 0x06, 0x01, /* ..5..+.. */ + 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04, 0x82, /* ...0.... */ + 0x07, 0x26, 0x30, 0x82, 0x07, 0x22, 0x30, 0x82, /* .&0.."0. */ + 0x01, 0x40, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, /* .@...0.. */ + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, /* 1.0...U. */ + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, /* ...US1.0 */ + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, /* ...U.... */ + 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, /* Washingt */ + 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, /* on1.0... */ + 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, /* U....Sea */ + 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, /* ttle1.0. */ + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, /* ..U....w */ + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, /* olfSSL1. */ + 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, /* 0...U... */ + 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, /* .Enginee */ + 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, /* ring1.0. */ + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, /* ..U....w */ + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, /* olfSSL O */ + 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, /* CSP Resp */ + 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, /* onder1.0 */ + 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, /* ...*.H.. */ + 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, /* ......in */ + 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, /* fo@wolfs */ + 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, /* sl.com.. */ + 0x32, 0x30, 0x32, 0x34, 0x31, 0x32, 0x32, 0x30, /* 20241220 */ + 0x31, 0x37, 0x30, 0x37, 0x30, 0x34, 0x5a, 0x30, /* 170704Z0 */ + 0x64, 0x30, 0x62, 0x30, 0x3a, 0x30, 0x09, 0x06, /* d0b0:0.. */ + 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, 0x00, /* .+...... */ + 0x04, 0x14, 0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, /* ..qM.#@Y */ + 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, /* ...7C.1. */ + 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04, 0x04, 0x14, /* ..C..... */ + 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, /* ..:.,... */ + 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, /* ..L.*.q. */ + 0x64, 0x44, 0xda, 0x0e, 0x02, 0x01, 0x05, 0x80, /* dD...... */ + 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x31, /* ...20241 */ + 0x32, 0x32, 0x30, 0x31, 0x37, 0x30, 0x37, 0x30, /* 22017070 */ + 0x34, 0x5a, 0xa0, 0x11, 0x18, 0x0f, 0x32, 0x30, /* 4Z....20 */ + 0x35, 0x32, 0x30, 0x35, 0x30, 0x36, 0x31, 0x37, /* 52050617 */ + 0x30, 0x37, 0x30, 0x34, 0x5a, 0xa1, 0x23, 0x30, /* 0704Z.#0 */ + 0x21, 0x30, 0x1f, 0x06, 0x09, 0x2b, 0x06, 0x01, /* !0...+.. */ + 0x05, 0x05, 0x07, 0x30, 0x01, 0x02, 0x04, 0x12, /* ...0.... */ + 0x04, 0x10, 0x12, 0x7c, 0x27, 0xbd, 0x22, 0x28, /* ...|'."( */ + 0x5e, 0x62, 0x81, 0xed, 0x6d, 0x2c, 0x2d, 0x59, /* ^b..m,-Y */ + 0x42, 0xd7, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, /* B.0...*. */ + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, /* H....... */ + 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x6c, 0xce, /* ......l. */ + 0xa8, 0xe8, 0xfe, 0xaf, 0x33, 0xe2, 0xce, 0x4e, /* ....3..N */ + 0x63, 0x8d, 0x61, 0x16, 0x0f, 0x70, 0xb2, 0x0c, /* c.a..p.. */ + 0x9a, 0xe3, 0x01, 0xd5, 0xca, 0xe5, 0x9b, 0x70, /* .......p */ + 0x81, 0x6f, 0x94, 0x09, 0xe8, 0x88, 0x98, 0x1a, /* .o...... */ + 0x67, 0xa0, 0xc2, 0xe7, 0x8f, 0x9b, 0x5f, 0x13, /* g....._. */ + 0x17, 0x8d, 0x93, 0x8c, 0x31, 0x61, 0x7d, 0x72, /* ....1a}r */ + 0x34, 0xbd, 0x21, 0x48, 0xca, 0xb2, 0xc9, 0xae, /* 4.!H.... */ + 0x28, 0x5f, 0x97, 0x19, 0xcb, 0xdf, 0xed, 0xd4, /* (_...... */ + 0x6e, 0x89, 0x30, 0x89, 0x11, 0xd1, 0x05, 0x08, /* n.0..... */ + 0x81, 0xe9, 0xa7, 0xba, 0xf7, 0x16, 0x0c, 0xbe, /* ........ */ + 0x48, 0x2e, 0xc0, 0x05, 0xac, 0x90, 0xc2, 0x35, /* H......5 */ + 0xce, 0x6c, 0x94, 0x5d, 0x2b, 0xad, 0x4f, 0x19, /* .l.]+.O. */ + 0xea, 0x7b, 0xd9, 0x4f, 0x49, 0x20, 0x8d, 0x98, /* .{.OI .. */ + 0xa9, 0xe4, 0x53, 0x6d, 0xca, 0x34, 0xdb, 0x4a, /* ..Sm.4.J */ + 0x28, 0xb3, 0x33, 0xfb, 0xfd, 0xcc, 0x4b, 0xfa, /* (.3...K. */ + 0xdb, 0x70, 0xe1, 0x96, 0xc8, 0xd4, 0xf1, 0x85, /* .p...... */ + 0x99, 0xaf, 0x06, 0xeb, 0xfd, 0x96, 0x21, 0x86, /* ......!. */ + 0x81, 0xee, 0xcf, 0xd2, 0xf4, 0x83, 0xc9, 0x1d, /* ........ */ + 0x8f, 0x42, 0xd1, 0xc1, 0xbc, 0x50, 0x0a, 0xfb, /* .B...P.. */ + 0x95, 0x39, 0x4c, 0x36, 0xa8, 0xfe, 0x2b, 0x8e, /* .9L6..+. */ + 0xc5, 0xb5, 0xe0, 0xab, 0xdb, 0xc0, 0xbf, 0x1d, /* ........ */ + 0x35, 0x4d, 0xc0, 0x52, 0xfb, 0x08, 0x04, 0x4c, /* 5M.R...L */ + 0x98, 0xf0, 0xb5, 0x5b, 0xff, 0x99, 0x74, 0xce, /* ...[..t. */ + 0xb7, 0xc9, 0xe3, 0xe5, 0x70, 0x2e, 0xd3, 0x1d, /* ....p... */ + 0x46, 0x38, 0xf9, 0x51, 0x17, 0x73, 0xd1, 0x08, /* F8.Q.s.. */ + 0x8d, 0x3d, 0x12, 0x47, 0xd0, 0x66, 0x77, 0xaf, /* .=.G.fw. */ + 0xfd, 0x4c, 0x75, 0x1f, 0xe9, 0x6c, 0xf4, 0x5a, /* .Lu..l.Z */ + 0xde, 0xec, 0x37, 0xc7, 0xc4, 0x0a, 0xbe, 0x91, /* ..7..... */ + 0xbc, 0x05, 0x08, 0x86, 0x47, 0x30, 0x2a, 0xc6, /* ....G0*. */ + 0x85, 0x4b, 0x55, 0x6c, 0xef, 0xdf, 0x2d, 0x5a, /* .KUl..-Z */ + 0xf7, 0x5b, 0xb5, 0xba, 0xed, 0x38, 0xb0, 0xcb, /* .[...8.. */ + 0xeb, 0x7e, 0x84, 0x3a, 0x69, 0x2c, 0xa0, 0x82, /* .~.:i,.. */ + 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, /* ..0...0. */ + 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, /* ..0..... */ + 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, /* ......0. */ + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, /* ..*.H... */ + 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, /* .....0.. */ + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, /* 1.0...U. */ + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, /* ...US1.0 */ + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, /* ...U.... */ + 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, /* Washingt */ + 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, /* on1.0... */ + 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, /* U....Sea */ + 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, /* ttle1.0. */ + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, /* ..U....w */ + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, /* olfSSL1. */ + 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, /* 0...U... */ + 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, /* .Enginee */ + 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, /* ring1.0. */ + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, /* ..U....w */ + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, /* olfSSL r */ + 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, /* oot CA1. */ + 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, /* 0...*.H. */ + 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, /* .......i */ + 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, /* nfo@wolf */ + 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, /* ssl.com0 */ + 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x31, 0x32, 0x31, /* ...24121 */ + 0x38, 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, /* 8212531Z */ + 0x17, 0x0d, 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, /* ..270914 */ + 0x32, 0x31, 0x32, 0x35, 0x33, 0x31, 0x5a, 0x30, /* 212531Z0 */ + 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, /* ..1.0... */ + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, /* U....US1 */ + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, /* .0...U.. */ + 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, /* ..Washin */ + 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, /* gton1.0. */ + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, /* ..U....S */ + 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, /* eattle1. */ + 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, /* 0...U... */ + 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, /* .wolfSSL */ + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, /* 1.0...U. */ + 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, /* ...Engin */ + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, /* eering1. */ + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, /* 0...U... */ + 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, /* .wolfSSL */ + 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, /* OCSP Re */ + 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, /* sponder1 */ + 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, /* .0...*.H */ + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, /* ........ */ + 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, /* info@wol */ + 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, /* fssl.com */ + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, /* 0.."0... */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, /* *.H..... */ + 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, /* ........ */ + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, /* 0....... */ + 0x00, 0xb8, 0xba, 0x23, 0xb4, 0xf6, 0xc3, 0x7b, /* ...#...{ */ + 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, /* .....a.. */ + 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, 0x50, 0x6d, /* .c..#4Pm */ + 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, /* .|.....u */ + 0x5c, 0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, /* \-.c...z */ + 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, /* ..E5+... */ + 0x22, 0xb4, 0x94, 0x41, 0x38, 0xe2, 0x9d, 0x74, /* "..A8..t */ + 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, /* ..0".Q.. */ + 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, 0x5a, 0x3f, /* .?F+..Z? */ + 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, /* Atgu.... */ + 0xc3, 0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, /* ..B..... */ + 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, /* ..e.C... */ + 0x16, 0x80, 0x90, 0xce, 0x24, 0x35, 0x21, 0xc4, /* ....$5!. */ + 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, /* U.ZQ..-. */ + 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, 0x50, 0xee, /* .ZOJs1P. */ + 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, /* J..9...H */ + 0x87, 0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, /* .......r */ + 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, /* g.\..... */ + 0x76, 0xf8, 0xe0, 0x4a, 0xec, 0xbc, 0x93, 0xf4, /* v..J.... */ + 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, /* fL(q..f. */ + 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, 0xfe, 0x97, /* ..0..... */ + 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, /* ....]... */ + 0x19, 0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, /* ..<..qx. */ + 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, /* .?2..q.. */ + 0x8c, 0x27, 0xac, 0x11, 0xb8, 0xd8, 0x43, 0x49, /* .'....CI */ + 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, /* ..p..... */ + 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, 0x65, 0x6c, /* $..;..el */ + 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, /* .vP..... */ + 0x73, 0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, /* sh&...._ */ + 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, /* na...... */ + 0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, /* ......ND */ + 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, /* .et|qTe. */ + 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, /* 9....... */ + 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, /* ..0...0. */ + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, /* ..U....0 */ + 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, /* .0...U.. */ + 0x04, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, /* ....2g.. */ + 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, /* y....#.p */ + 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, /* @P.FV.06 */ + 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, /* 0....U.# */ + 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, /* ...0.... */ + 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, /* s.../... */ + 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, /* G.8....: */ + 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, /* ~r.!.... */ + 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, /* ..0..1.0 */ + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, /* ...U.... */ + 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, /* US1.0... */ + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, /* U....Was */ + 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, /* hington1 */ + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, /* .0...U.. */ + 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, /* ..Seattl */ + 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, /* e1.0...U */ + 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, /* ....wolf */ + 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, /* SSL1.0.. */ + 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, /* .U....En */ + 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, /* gineerin */ + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, /* g1.0...U */ + 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, /* ....wolf */ + 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, /* SSL root */ + 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, /* CA1.0.. */ + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, /* .*.H.... */ + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, /* ....info */ + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, /* @wolfssl */ + 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, /* .com..c0 */ + 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, /* ...U.%.. */ + 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, /* 0...+... */ + 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, /* ....0... */ + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, /* *.H..... */ + 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, /* ........ */ + 0x4d, 0xa2, 0xd8, 0x55, 0xe0, 0x2b, 0xf4, 0xad, /* M..U.+.. */ + 0x65, 0xe2, 0x92, 0x35, 0xcb, 0x60, 0xa0, 0xa2, /* e..5.`.. */ + 0x6b, 0xa6, 0x88, 0xc1, 0x86, 0x58, 0x57, 0x37, /* k....XW7 */ + 0xbd, 0x2e, 0x28, 0x6e, 0x1c, 0x56, 0x2a, 0x35, /* ..(n.V*5 */ + 0xde, 0xff, 0x3e, 0x8e, 0x3d, 0x47, 0x21, 0x1a, /* ..>.=G!. */ + 0xe9, 0xd3, 0xc6, 0xb4, 0xe2, 0xcb, 0x3e, 0xc6, /* ......>. */ + 0xaf, 0x9b, 0xef, 0x23, 0x88, 0x56, 0x95, 0x73, /* ...#.V.s */ + 0x2e, 0xb3, 0xed, 0xc5, 0x11, 0x4b, 0x69, 0xf7, /* .....Ki. */ + 0x13, 0x3a, 0x05, 0xe1, 0xaf, 0xba, 0xc9, 0x59, /* .:.....Y */ + 0xfd, 0xe2, 0xa0, 0x81, 0xa0, 0x4c, 0x0c, 0x2c, /* .....L., */ + 0xcb, 0x57, 0xad, 0x96, 0x3a, 0x8c, 0x32, 0xa6, /* .W..:.2. */ + 0x4a, 0xf8, 0x72, 0xb8, 0xec, 0xb3, 0x26, 0x69, /* J.r...&i */ + 0xd6, 0x6a, 0x4c, 0x4c, 0x78, 0x18, 0x3c, 0xca, /* .jLLx.<. */ + 0x19, 0xf1, 0xb5, 0x8e, 0x23, 0x81, 0x5b, 0x27, /* ....#.[' */ + 0x90, 0xe0, 0x5c, 0x2b, 0x17, 0x4d, 0x78, 0x99, /* ..\+.Mx. */ + 0x6b, 0x25, 0xbd, 0x2f, 0xae, 0x1b, 0xaa, 0xce, /* k%./.... */ + 0x84, 0xb9, 0x44, 0x21, 0x46, 0xc0, 0x34, 0x6b, /* ..D!F.4k */ + 0x5b, 0xb9, 0x1b, 0xca, 0x5c, 0x60, 0xf1, 0xef, /* [...\`.. */ + 0xe6, 0x66, 0xbc, 0x84, 0x63, 0x56, 0x50, 0x7d, /* .f..cVP} */ + 0xbb, 0x2c, 0x2f, 0x7b, 0x47, 0xb4, 0xfd, 0x58, /* .,/{G..X */ + 0x77, 0x87, 0xee, 0x27, 0x20, 0x96, 0x72, 0x8e, /* w..' .r. */ + 0x4c, 0x7e, 0x4f, 0x93, 0xeb, 0x5f, 0x8f, 0x9c, /* L~O.._.. */ + 0x1e, 0x59, 0x7a, 0x96, 0xaa, 0x53, 0x77, 0x22, /* .Yz..Sw" */ + 0x41, 0xd8, 0xd3, 0xf9, 0x89, 0x8f, 0xe8, 0x9d, /* A....... */ + 0x65, 0xbd, 0x0c, 0x71, 0x3c, 0xbb, 0xa3, 0x07, /* e..q<... */ + 0xbf, 0xfb, 0xa8, 0xd1, 0x18, 0x0a, 0xb4, 0xc4, /* ........ */ + 0xf7, 0x83, 0xb3, 0x86, 0x2b, 0xf0, 0x5b, 0x05, /* ....+.[. */ + 0x28, 0xc1, 0x01, 0x31, 0x73, 0x5c, 0x2b, 0xbd, /* (..1s\+. */ + 0x60, 0x97, 0xa3, 0x36, 0x82, 0x96, 0xd7, 0x83, /* `..6.... */ + 0xdf, 0x75, 0xee, 0x29, 0x42, 0x97, 0x86, 0x41, /* .u.)B..A */ + 0x55, 0xb9, 0x70, 0x87, 0xd5, 0x02, 0x85, 0x13, /* U.p..... */ + 0x41, 0xf8, 0x25, 0x05, 0xab, 0x6a, 0xaa, 0x57 /* A.%..j.W */ + }; + OcspEntry entry[1]; + CertStatus status[1]; + OcspRequest* request = NULL; +#ifndef NO_FILESYSTEM + const char* ca_cert = "./certs/ca-cert.pem"; +#endif + + byte serial[] = {0x05}; + byte issuerHash[] = {0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18, 0xda, 0x04}; + byte issuerKeyHash[] = {0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e}; + + + XMEMSET(entry, 0, sizeof(OcspEntry)); + XMEMSET(status, 0, sizeof(CertStatus)); + + ExpectNotNull(request = wolfSSL_OCSP_REQUEST_new()); + ExpectNotNull(request->serial = (byte*)XMALLOC(sizeof(serial), NULL, + DYNAMIC_TYPE_OCSP_REQUEST)); + + if ((request != NULL) && (request->serial != NULL)) { + request->serialSz = sizeof(serial); + XMEMCPY(request->serial, serial, sizeof(serial)); + XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash)); + XMEMCPY(request->issuerKeyHash, issuerKeyHash, sizeof(issuerKeyHash)); + } + + ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, + "./certs/ocsp/intermediate1-ca-cert.pem", NULL), WOLFSSL_SUCCESS); + + /* Response should be valid. */ + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, (byte *)response, + sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS); + + /* Flip a byte in the request serial number, response should be invalid + * now. */ + if ((request != NULL) && (request->serial != NULL)) + request->serial[0] ^= request->serial[0]; + ExpectIntNE(wolfSSL_CertManagerCheckOCSPResponse(cm, (byte *)response, + sizeof(response), NULL, status, entry, request), WOLFSSL_SUCCESS); + +#ifndef NO_FILESYSTEM + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, server_cert_der_2048, + sizeof(server_cert_der_2048)), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CertManagerLoadCA(cm, ca_cert, NULL)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSP(cm, server_cert_der_2048, + sizeof(server_cert_der_2048)), 1); +#endif + + wolfSSL_OCSP_REQUEST_free(request); + wolfSSL_CertManagerFree(cm); +#endif /* OPENSSL_ALL || WOLFSSL_NGINX || WOLFSSL_HAPROXY || + * WOLFSSL_APACHE_HTTPD || HAVE_LIGHTY */ +#endif /* HAVE_OCSP */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CheckOCSPResponse(void) +{ + EXPECT_DECLS; +#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) && \ + !defined(NO_RSA) && !defined(NO_SHA) + const char* responseFile = "./certs/ocsp/test-response.der"; + const char* responseMultiFile = "./certs/ocsp/test-multi-response.der"; + const char* responseNoInternFile = + "./certs/ocsp/test-response-nointern.der"; + const char* caFile = "./certs/ocsp/root-ca-cert.pem"; + OcspResponse* res = NULL; + byte data[4096]; + const unsigned char* pt; + int dataSz = 0; /* initialize to mitigate spurious maybe-uninitialized from + * gcc sanitizer with --enable-heapmath. + */ + XFILE f = XBADFILE; + WOLFSSL_OCSP_BASICRESP* bs = NULL; + WOLFSSL_X509_STORE* st = NULL; + WOLFSSL_X509* issuer = NULL; + + + ExpectTrue((f = XFOPEN(responseFile, "rb")) != XBADFILE); + ExpectIntGT(dataSz = (word32)XFREAD(data, 1, sizeof(data), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + pt = data; + ExpectNotNull(res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz)); + ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file(caFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(st = wolfSSL_X509_STORE_new()); + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(st, issuer), WOLFSSL_SUCCESS); + ExpectNotNull(bs = wolfSSL_OCSP_response_get1_basic(res)); + ExpectIntEQ(wolfSSL_OCSP_basic_verify(bs, NULL, st, 0), WOLFSSL_SUCCESS); + wolfSSL_OCSP_BASICRESP_free(bs); + bs = NULL; + wolfSSL_OCSP_RESPONSE_free(res); + res = NULL; + wolfSSL_X509_STORE_free(st); + st = NULL; + wolfSSL_X509_free(issuer); + issuer = NULL; + + /* check loading a response with optional certs */ + ExpectTrue((f = XFOPEN(responseNoInternFile, "rb")) != XBADFILE); + ExpectIntGT(dataSz = (word32)XFREAD(data, 1, sizeof(data), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + f = XBADFILE; + + pt = data; + ExpectNotNull(res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz)); + wolfSSL_OCSP_RESPONSE_free(res); + res = NULL; + + /* check loading a response with multiple certs */ + { + WOLFSSL_CERT_MANAGER* cm = NULL; + OcspEntry *entry = NULL; + CertStatus* status = NULL; + OcspRequest* request = NULL; + + byte serial1[] = {0x01}; + byte serial[] = {0x02}; + + byte issuerHash[] = { + 0x44, 0xA8, 0xDB, 0xD1, 0xBC, 0x97, 0x0A, 0x83, + 0x3B, 0x5B, 0x31, 0x9A, 0x4C, 0xB8, 0xD2, 0x52, + 0x37, 0x15, 0x8A, 0x88 + }; + byte issuerKeyHash[] = { + 0x73, 0xB0, 0x1C, 0xA4, 0x2F, 0x82, 0xCB, 0xCF, + 0x47, 0xA5, 0x38, 0xD7, 0xB0, 0x04, 0x82, 0x3A, + 0x7E, 0x72, 0x15, 0x21 + }; + + ExpectNotNull(entry = (OcspEntry*)XMALLOC(sizeof(OcspEntry), NULL, + DYNAMIC_TYPE_OPENSSL)); + + ExpectNotNull(status = (CertStatus*)XMALLOC(sizeof(CertStatus), NULL, + DYNAMIC_TYPE_OPENSSL)); + + if (entry != NULL) + XMEMSET(entry, 0, sizeof(OcspEntry)); + if (status != NULL) + XMEMSET(status, 0, sizeof(CertStatus)); + + ExpectNotNull(request = wolfSSL_OCSP_REQUEST_new()); + ExpectNotNull(request->serial = (byte*)XMALLOC(sizeof(serial), NULL, + DYNAMIC_TYPE_OCSP_REQUEST)); + + if (request != NULL && request->serial != NULL) { + request->serialSz = sizeof(serial); + XMEMCPY(request->serial, serial, sizeof(serial)); + XMEMCPY(request->issuerHash, issuerHash, sizeof(issuerHash)); + XMEMCPY(request->issuerKeyHash, issuerKeyHash, + sizeof(issuerKeyHash)); + } + + ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(cm, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, caFile, NULL), + WOLFSSL_SUCCESS); + + ExpectTrue((f = XFOPEN(responseMultiFile, "rb")) != XBADFILE); + ExpectIntGT(dataSz = (word32)XFREAD(data, 1, sizeof(data), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + f = XBADFILE; + + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data, + dataSz, NULL, status, entry, request), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data, + dataSz, NULL, entry->status, entry, request), WOLFSSL_SUCCESS); + ExpectNotNull(entry->status); + + if (request != NULL && request->serial != NULL) + XMEMCPY(request->serial, serial1, sizeof(serial1)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data, + dataSz, NULL, status, entry, request), WOLFSSL_SUCCESS); + + /* store both status's in the entry to check that "next" is not + * overwritten */ + if (EXPECT_SUCCESS() && status != NULL && entry != NULL) { + status->next = entry->status; + entry->status = status; + } + + if (request != NULL && request->serial != NULL) + XMEMCPY(request->serial, serial, sizeof(serial)); + ExpectIntEQ(wolfSSL_CertManagerCheckOCSPResponse(cm, data, + dataSz, NULL, entry->status, entry, request), WOLFSSL_SUCCESS); + ExpectNotNull(entry->status->next); + + /* compare the status found */ + ExpectIntEQ(status->serialSz, entry->status->serialSz); + ExpectIntEQ(XMEMCMP(status->serial, entry->status->serial, + status->serialSz), 0); + + if (status != NULL && entry != NULL && entry->status != status) { + XFREE(status, NULL, DYNAMIC_TYPE_OPENSSL); + } + wolfSSL_OCSP_CERTID_free(entry); + wolfSSL_OCSP_REQUEST_free(request); + wolfSSL_CertManagerFree(cm); + } + +/* FIPS v2 and below don't support long salts. */ +#if defined(WC_RSA_PSS) && \ + (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2))) && (!defined(HAVE_SELFTEST) || \ + (defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION > 2))) + { + const char* responsePssFile = "./certs/ocsp/test-response-rsapss.der"; + + /* check loading a response with RSA-PSS signature */ + ExpectTrue((f = XFOPEN(responsePssFile, "rb")) != XBADFILE); + ExpectIntGT(dataSz = (word32)XFREAD(data, 1, sizeof(data), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + pt = data; + ExpectNotNull(res = wolfSSL_d2i_OCSP_RESPONSE(NULL, &pt, dataSz)); + + /* try to verify the response */ + ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file(caFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(st = wolfSSL_X509_STORE_new()); + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(st, issuer), WOLFSSL_SUCCESS); + ExpectNotNull(bs = wolfSSL_OCSP_response_get1_basic(res)); + ExpectIntEQ(wolfSSL_OCSP_basic_verify(bs, NULL, st, 0), + WOLFSSL_SUCCESS); + wolfSSL_OCSP_BASICRESP_free(bs); + wolfSSL_OCSP_RESPONSE_free(res); + wolfSSL_X509_STORE_free(st); + wolfSSL_X509_free(issuer); + } +#endif +#endif /* HAVE_OCSP */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_FPKI(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_FPKI) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + XFILE f = XBADFILE; + const char* fpkiCert = "./certs/fpki-cert.der"; + const char* fpkiCertPolCert = "./certs/fpki-certpol-cert.der"; + DecodedCert cert; + byte buf[4096]; + byte* uuid = NULL; + byte* fascn = NULL; + word32 fascnSz; + word32 uuidSz; + int bytes = 0; + + ExpectTrue((f = XFOPEN(fpkiCert, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL); + ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0); + ExpectIntEQ(wc_GetFASCNFromCert(&cert, NULL, &fascnSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + ExpectNotNull(fascn = (byte*)XMALLOC(fascnSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(wc_GetFASCNFromCert(&cert, fascn, &fascnSz), 0); + XFREE(fascn, NULL, DYNAMIC_TYPE_TMP_BUFFER); + fascn = NULL; + + ExpectIntEQ(wc_GetUUIDFromCert(&cert, NULL, &uuidSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + ExpectNotNull(uuid = (byte*)XMALLOC(uuidSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(wc_GetUUIDFromCert(&cert, uuid, &uuidSz), 0); + XFREE(uuid, NULL, DYNAMIC_TYPE_TMP_BUFFER); + uuid = NULL; + wc_FreeDecodedCert(&cert); + + XMEMSET(buf, 0, 4096); + fascnSz = uuidSz = bytes = 0; + f = XBADFILE; + + ExpectTrue((f = XFOPEN(fpkiCertPolCert, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL); + ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0); + ExpectIntEQ(wc_GetFASCNFromCert(&cert, NULL, &fascnSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + ExpectNotNull(fascn = (byte*)XMALLOC(fascnSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(wc_GetFASCNFromCert(&cert, fascn, &fascnSz), 0); + XFREE(fascn, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + ExpectIntEQ(wc_GetUUIDFromCert(&cert, NULL, &uuidSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + ExpectNotNull(uuid = (byte*)XMALLOC(uuidSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(wc_GetUUIDFromCert(&cert, uuid, &uuidSz), 0); + XFREE(uuid, NULL, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeDecodedCert(&cert); +#endif + + return EXPECT_RESULT(); +} + +/* use RID in confuncture with other names to test parsing of unknown other + * names */ +static int test_wolfSSL_OtherName(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && !defined(NO_FILESYSTEM) + XFILE f = XBADFILE; + const char* ridCert = "./certs/rid-cert.der"; + DecodedCert cert; + byte buf[4096]; + int bytes = 0; + + ExpectTrue((f = XFOPEN(ridCert, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL); + ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0); + wc_FreeDecodedCert(&cert); +#endif + + return EXPECT_RESULT(); +} + +#ifdef HAVE_CERT_CHAIN_VALIDATION +#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION +static int test_wolfSSL_CertRsaPss(void) +{ + EXPECT_DECLS; +/* FIPS v2 and below don't support long salts. */ +#if !defined(NO_RSA) && defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && \ + (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2))) && (!defined(HAVE_SELFTEST) || \ + (defined(HAVE_SELFTEST_VERSION) && (HAVE_SELFTEST_VERSION > 2))) + XFILE f = XBADFILE; +#ifndef NO_SHA256 + const char* rsaPssSha256Cert = "./certs/rsapss/ca-rsapss.der"; +#ifdef WOLFSSL_PEM_TO_DER + const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.pem"; +#else + const char* rsaPssRootSha256Cert = "./certs/rsapss/root-rsapss.der"; +#endif +#endif +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \ + RSA_MAX_SIZE >= 3072 + const char* rsaPssSha384Cert = "./certs/rsapss/ca-3072-rsapss.der"; +#endif +#if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072 +#ifdef WOLFSSL_PEM_TO_DER + const char* rsaPssRootSha384Cert = "./certs/rsapss/root-3072-rsapss.pem"; +#else + const char* rsaPssRootSha384Cert = "./certs/rsapss/root-3072-rsapss.der"; +#endif +#endif + DecodedCert cert; + byte buf[4096]; + int bytes = 0; + WOLFSSL_CERT_MANAGER* cm = NULL; + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); +#ifndef NO_SHA256 + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha256Cert, NULL)); +#endif +#if defined(WOLFSSL_SHA384) && RSA_MAX_SIZE >= 3072 + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CertManagerLoadCA(cm, rsaPssRootSha384Cert, NULL)); +#endif + +#ifndef NO_SHA256 + ExpectTrue((f = XFOPEN(rsaPssSha256Cert, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL); + ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0); + wc_FreeDecodedCert(&cert); +#endif + +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_PSS_LONG_SALT) && \ + RSA_MAX_SIZE >= 3072 + ExpectTrue((f = XFOPEN(rsaPssSha384Cert, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + wc_InitDecodedCert(&cert, buf, (word32)bytes, NULL); + ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm), 0); + wc_FreeDecodedCert(&cert); +#endif + + wolfSSL_CertManagerFree(cm); + + (void)buf; + (void)bytes; +#endif + + return EXPECT_RESULT(); +} +#endif /* WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */ +#endif /* HAVE_CERT_CHAIN_VALIDATION */ + + +/* Test RSA-PSS digital signature creation and verification */ +static int test_wc_RsaPSS_DigitalSignVerify(void) +{ + EXPECT_DECLS; + + /* Early FIPS did not support PSS. */ +#if (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2))) && \ + (!defined(HAVE_SELFTEST) || (defined(HAVE_SELFTEST_VERSION) && \ + (HAVE_SELFTEST_VERSION > 2))) && \ + !defined(NO_RSA) && defined(WC_RSA_PSS) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_KEY_GEN) && defined(WC_RSA_NO_PADDING) && \ + !defined(NO_SHA256) + + /* Test digest */ + const unsigned char test_digest[32] = { + 0x08, 0x09, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, + 0x06, 0x07, 0x08, 0x09, 0x00, 0x01, 0x02, 0x03, + 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x00, 0x01, + 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09 + }; + const unsigned int digest_len = sizeof(test_digest); + + /* Variables for RSA key generation and signature operations */ + EVP_PKEY_CTX *pkctx = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX *sign_ctx = NULL; + EVP_PKEY_CTX *verify_ctx = NULL; + unsigned char signature[256+MAX_DER_DIGEST_ASN_SZ] = {0}; + size_t signature_len = sizeof(signature); + int modulus_bits = 2048; + + /* Generate RSA key pair to avoid file dependencies */ + ExpectNotNull(pkctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)); + ExpectIntEQ(EVP_PKEY_keygen_init(pkctx), 1); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_keygen_bits(pkctx, modulus_bits), 1); + ExpectIntEQ(EVP_PKEY_keygen(pkctx, &pkey), 1); + + /* Create signing context */ + ExpectNotNull(sign_ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_sign_init(sign_ctx), 1); + + /* Configure RSA-PSS parameters for signing. */ + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(sign_ctx, RSA_PKCS1_PSS_PADDING), + 1); + /* Default salt length matched hash so use 32 for SHA256 */ + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_pss_saltlen(sign_ctx, 32), 1); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_mgf1_md(sign_ctx, EVP_sha256()), 1); + ExpectIntEQ(EVP_PKEY_CTX_set_signature_md(sign_ctx, EVP_sha256()), 1); + + /* Create the digital signature */ + ExpectIntEQ(EVP_PKEY_sign(sign_ctx, signature, &signature_len, test_digest, + digest_len), 1); + ExpectIntGT((int)signature_len, 0); + + /* Create verification context */ + ExpectNotNull(verify_ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_verify_init(verify_ctx), 1); + + /* Configure RSA-PSS parameters for verification */ + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(verify_ctx, RSA_PKCS1_PSS_PADDING), + 1); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_pss_saltlen(verify_ctx, 32), 1); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_mgf1_md(verify_ctx, EVP_sha256()), 1); + ExpectIntEQ(EVP_PKEY_CTX_set_signature_md(verify_ctx, EVP_sha256()), 1); + + /* Verify the digital signature */ + ExpectIntEQ(EVP_PKEY_verify(verify_ctx, signature, signature_len, + test_digest, digest_len), 1); + + /* Test with wrong digest to ensure verification fails (negative test) */ + { + const unsigned char wrong_digest[32] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, + 0x07, 0x08, 0x09, 0x00, 0x01, 0x02, 0x03, 0x04, + 0x05, 0x06, 0x07, 0x08, 0x09, 0x00, 0x01, 0x02 + }; + ExpectIntNE(EVP_PKEY_verify(verify_ctx, signature, signature_len, + wrong_digest, digest_len), 1); + } + + /* Clean up */ + if (verify_ctx) + EVP_PKEY_CTX_free(verify_ctx); + if (sign_ctx) + EVP_PKEY_CTX_free(sign_ctx); + if (pkey) + EVP_PKEY_free(pkey); + if (pkctx) + EVP_PKEY_CTX_free(pkctx); + +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_load_verify_locations_ex(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA) + WOLFSSL_CTX* ctx = NULL; +#ifdef WOLFSSL_PEM_TO_DER + const char* ca_cert = "./certs/ca-cert.pem"; + const char* ca_expired_cert = "./certs/test/expired/expired-ca.pem"; +#else + const char* ca_cert = "./certs/ca-cert.der"; + const char* ca_expired_cert = "./certs/test/expired/expired-ca.der"; +#endif + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + + /* test good CA */ + ExpectTrue(WOLFSSL_SUCCESS == + wolfSSL_CTX_load_verify_locations_ex(ctx, ca_cert, NULL, + WOLFSSL_LOAD_FLAG_NONE)); + + /* test expired CA */ +#if !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_ASN_TIME) + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL, + WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); +#else + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL, + WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, ca_expired_cert, NULL, + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS); + + wolfSSL_CTX_free(ctx); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_load_verify_buffer_ex(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_RSA) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + WOLFSSL_CTX* ctx; + const char* ca_expired_cert_file = "./certs/test/expired/expired-ca.der"; + byte ca_expired_cert[TWOK_BUF]; + word32 sizeof_ca_expired_cert = 0; + XFILE fp = XBADFILE; + +#ifndef NO_WOLFSSL_CLIENT + ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); +#else + ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); +#endif + ExpectNotNull(ctx); + +#if defined(USE_CERT_BUFFERS_2048) + /* test good CA */ + ExpectTrue(WOLFSSL_SUCCESS == + wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_cert_der_2048, + sizeof_ca_cert_der_2048, WOLFSSL_FILETYPE_ASN1, 0, + WOLFSSL_LOAD_FLAG_NONE)); +#endif + + /* load expired CA */ + XMEMSET(ca_expired_cert, 0, sizeof(ca_expired_cert)); + ExpectTrue((fp = XFOPEN(ca_expired_cert_file, "rb")) != XBADFILE); + ExpectIntGT(sizeof_ca_expired_cert = (word32)XFREAD(ca_expired_cert, 1, + sizeof(ca_expired_cert), fp), 0); + if (fp != XBADFILE) + XFCLOSE(fp); + + /* test expired CA failure */ + + +#if !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_ASN_TIME) + ExpectIntNE(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, + sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, + WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); +#else + ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, + sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, + WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); +#endif + /* test expired CA success */ + ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, + sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WOLFSSL_SUCCESS); + + /* Fail when ctx is NULL. */ + ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(NULL, ca_expired_cert, + sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 0, + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Load as modified cert - bad initial length. */ + ca_expired_cert[2] = 0x7f; + ExpectIntEQ(wolfSSL_CTX_load_verify_buffer_ex(ctx, ca_expired_cert, + sizeof_ca_expired_cert, WOLFSSL_FILETYPE_ASN1, 1, + WOLFSSL_LOAD_FLAG_DATE_ERR_OKAY), WC_NO_ERR_TRACE(ASN_PARSE_E)); + + wolfSSL_CTX_free(ctx); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_load_verify_chain_buffer_format(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) && \ + defined(USE_CERT_BUFFERS_2048) && (WOLFSSL_MIN_RSA_BITS <= 1024) && \ + !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + WOLFSSL_CTX* ctx = NULL; + + #ifndef NO_WOLFSSL_CLIENT + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + #endif + + /* Public key 140 bytes??? */ + ExpectIntEQ(wolfSSL_CTX_load_verify_chain_buffer_format(ctx, + ca_cert_chain_der, sizeof_ca_cert_chain_der, WOLFSSL_FILETYPE_ASN1), + WOLFSSL_SUCCESS); + + wolfSSL_CTX_free(ctx); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_add1_chain_cert(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && \ + defined(KEEP_OUR_CERT) && !defined(NO_RSA) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_CLIENT) + WOLFSSL_CTX* ctx; + WOLFSSL* ssl = NULL; + const char *certChain[] = { + "./certs/intermediate/client-int-cert.pem", + "./certs/intermediate/ca-int2-cert.pem", + "./certs/intermediate/ca-int-cert.pem", + "./certs/ca-cert.pem", + NULL + }; + const char** cert; + WOLFSSL_X509* x509 = NULL; + WOLF_STACK_OF(X509)* chain = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 0); + ExpectIntEQ(SSL_CTX_add0_chain_cert(ctx, x509), 0); + ExpectIntEQ(SSL_add1_chain_cert(ssl, x509), 0); + ExpectIntEQ(SSL_add0_chain_cert(ssl, x509), 0); + wolfSSL_X509_free(x509); + x509 = NULL; + + for (cert = certChain; EXPECT_SUCCESS() && *cert != NULL; cert++) { + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(*cert, + WOLFSSL_FILETYPE_PEM)); + + /* Do negative tests once */ + if (cert == certChain) { + /* Negative tests. */ + ExpectIntEQ(SSL_CTX_add1_chain_cert(NULL, NULL), 0); + ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, NULL), 0); + ExpectIntEQ(SSL_CTX_add1_chain_cert(NULL, x509), 0); + ExpectIntEQ(SSL_CTX_add0_chain_cert(NULL, NULL), 0); + ExpectIntEQ(SSL_CTX_add0_chain_cert(ctx, NULL), 0); + ExpectIntEQ(SSL_CTX_add0_chain_cert(NULL, x509), 0); + } + + ExpectIntEQ(SSL_CTX_add1_chain_cert(ctx, x509), 1); + X509_free(x509); + x509 = NULL; + } + for (cert = certChain; EXPECT_SUCCESS() && *cert != NULL; cert++) { + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(*cert, + WOLFSSL_FILETYPE_PEM)); + + /* Do negative tests once */ + if (cert == certChain) { + /* Negative tests. */ + ExpectIntEQ(SSL_add1_chain_cert(NULL, NULL), 0); + ExpectIntEQ(SSL_add1_chain_cert(ssl, NULL), 0); + ExpectIntEQ(SSL_add1_chain_cert(NULL, x509), 0); + ExpectIntEQ(SSL_add0_chain_cert(NULL, NULL), 0); + ExpectIntEQ(SSL_add0_chain_cert(ssl, NULL), 0); + ExpectIntEQ(SSL_add0_chain_cert(NULL, x509), 0); + } + + ExpectIntEQ(SSL_add1_chain_cert(ssl, x509), 1); + X509_free(x509); + x509 = NULL; + } + + ExpectIntEQ(SSL_CTX_get0_chain_certs(ctx, &chain), 1); + ExpectIntEQ(sk_X509_num(chain), 3); + ExpectIntEQ(SSL_get0_chain_certs(ssl, &chain), 1); + ExpectIntEQ(sk_X509_num(chain), 3); + + SSL_free(ssl); + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_use_certificate_chain_buffer_format(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA) && \ + (!defined(NO_FILESYSTEM) || defined(USE_CERT_BUFFERS_2048)) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; +#ifndef NO_FILESYSTEM + const char* cert = svrCertFile; + unsigned char* buf = NULL; + size_t len = 0; + + ExpectIntEQ(load_file(cert, &buf, &len), 0); +#endif + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Invalid parameters. */ +#ifndef NO_FILESYSTEM + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(NULL, + NULL, 0, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, + NULL, 0, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(ASN_PARSE_E)); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifdef WOLFSSL_PEM_TO_DER + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, NULL, 0), + WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); +#endif + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(NULL, buf, + (sword32)len), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifdef WOLFSSL_PEM_TO_DER + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, NULL, 0), + WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); +#endif + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(NULL, buf, (sword32)len), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, buf, + (sword32)len, CERT_FILETYPE), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, buf, (sword32)len), + WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, buf, (sword32)len), + WOLFSSL_SUCCESS); +#endif /* !NO_FILESYSTEM */ + + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(NULL, + server_cert_der_2048, sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer_format(ctx, + server_cert_der_2048, sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + +#ifdef WOLFSSL_PEM_TO_DER + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_buffer(ctx, + server_cert_der_2048, sizeof_server_cert_der_2048), + WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); + + ExpectIntEQ(wolfSSL_use_certificate_chain_buffer(ssl, server_cert_der_2048, + sizeof_server_cert_der_2048), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); +#endif + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#ifndef NO_FILESYSTEM + if (buf != NULL) { + free(buf); + } +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_use_certificate_chain_file_format(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_RSA) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + const char* server_chain_der = "./certs/server-cert-chain.der"; + const char* client_single_pem = cliCertFile; + WOLFSSL_CTX* ctx = NULL; + + (void)server_chain_der; + (void)client_single_pem; + (void)ctx; + + #ifndef NO_WOLFSSL_CLIENT + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + #endif + + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx, + server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file_format(ctx, + client_single_pem, CERT_FILETYPE), WOLFSSL_SUCCESS); + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_use_certificate_chain_file(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA) + const char* server_chain_der = "./certs/server-cert-chain.der"; + const char* client_single_pem = cliCertFile; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + (void)server_chain_der; + (void)client_single_pem; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* Invalid parameters. */ + ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(NULL, NULL, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl, NULL, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(NULL, + server_chain_der, WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_use_certificate_chain_file(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_use_certificate_chain_file(NULL, client_single_pem), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifdef WOLFSSL_PEM_TO_DER + ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, server_chain_der), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + + ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl, + server_chain_der, WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_certificate_chain_file_format(ssl, + client_single_pem, CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_certificate_chain_file(ssl, client_single_pem), + WOLFSSL_SUCCESS); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_SetTmpDH_file(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_DH) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + WOLFSSL_CTX *ctx = NULL; +#if defined(WOLFSSL_WPAS) && !defined(NO_DSA) +#if defined(WOLFSSL_PEM_TO_DER) + const char* dsaParamFile = "./certs/dsaparams.pem"; +#else + const char* dsaParamFile = "./certs/dsaparams.der"; +#endif +#endif + + (void)ctx; + + #ifndef NO_WOLFSSL_CLIENT + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + #endif + + /* invalid context */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(NULL, + dhParamFile, CERT_FILETYPE)); + + /* invalid dhParamFile file */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, + NULL, CERT_FILETYPE)); + + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, + bogusFile, CERT_FILETYPE)); + + /* success */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, + CERT_FILETYPE)); +#if defined(WOLFSSL_WPAS) && !defined(NO_DSA) + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile, + CERT_FILETYPE)); +#endif + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_SetTmpDH_buffer(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_DH) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + WOLFSSL_CTX *ctx = NULL; + + #ifndef NO_WOLFSSL_CLIENT + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + #endif + + /* invalid context */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, + dh_key_der_2048, sizeof_dh_key_der_2048, + WOLFSSL_FILETYPE_ASN1)); + + /* invalid dhParamFile file */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(NULL, NULL, + 0, WOLFSSL_FILETYPE_ASN1)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, NULL, + 0, WOLFSSL_FILETYPE_ASN1)); + + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, + dsa_key_der_2048, sizeof_dsa_key_der_2048, + WOLFSSL_FILETYPE_ASN1)); + + /* invalid file format */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, + dh_key_der_2048, sizeof_dh_key_der_2048, -1)); + + /* success */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, + dh_key_der_2048, sizeof_dh_key_der_2048, + WOLFSSL_FILETYPE_ASN1)); + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_DhSetNamedKey(void) +{ + EXPECT_DECLS; +#if !defined(HAVE_SELFTEST) && !defined(NO_DH) && \ + !defined(WOLFSSL_NO_MALLOC) && defined(HAVE_FFDHE) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + DhKey *key = NULL; + key = (DhKey*)XMALLOC(sizeof(DhKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + if (key != NULL){ + #ifdef HAVE_FFDHE_2048 + if (wc_InitDhKey_ex(key, HEAP_HINT, INVALID_DEVID) == 0){ + ExpectIntEQ(wc_DhSetNamedKey(key, WC_FFDHE_2048), 0); + ExpectIntEQ(wc_DhGetNamedKeyMinSize(WC_FFDHE_2048), 29); + wc_FreeDhKey(key); + } + #endif + #ifdef HAVE_FFDHE_3072 + if (wc_InitDhKey_ex(key, HEAP_HINT, INVALID_DEVID) == 0){ + ExpectIntEQ(wc_DhSetNamedKey(key, WC_FFDHE_3072), 0); + ExpectIntEQ(wc_DhGetNamedKeyMinSize(WC_FFDHE_3072), 34); + wc_FreeDhKey(key); + } + #endif + #ifdef HAVE_FFDHE_4096 + if (wc_InitDhKey_ex(key, HEAP_HINT, INVALID_DEVID) == 0){ + ExpectIntEQ(wc_DhSetNamedKey(key, WC_FFDHE_4096), 0); + ExpectIntEQ(wc_DhGetNamedKeyMinSize(WC_FFDHE_4096), 39); + wc_FreeDhKey(key); + } + #endif + #ifdef HAVE_FFDHE_6144 + if (wc_InitDhKey_ex(key, HEAP_HINT, INVALID_DEVID) == 0){ + ExpectIntEQ(wc_DhSetNamedKey(key, WC_FFDHE_6144), 0); + ExpectIntEQ(wc_DhGetNamedKeyMinSize(WC_FFDHE_6144), 46); + wc_FreeDhKey(key); + } + #endif + #ifdef HAVE_FFDHE_8192 + if (wc_InitDhKey_ex(key, HEAP_HINT, INVALID_DEVID) == 0){ + ExpectIntEQ(wc_DhSetNamedKey(key, WC_FFDHE_8192), 0); + ExpectIntEQ(wc_DhGetNamedKeyMinSize(WC_FFDHE_8192), 52); + wc_FreeDhKey(key); + } + #endif + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_SetMinMaxDhKey_Sz(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_DH) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + WOLFSSL_CTX *ctx; + + (void)ctx; + + #ifndef NO_WOLFSSL_CLIENT + ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + #else + ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); + #endif + ExpectNotNull(ctx); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072)); + + ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_CTX_SetTmpDH_buffer(ctx, dh_key_der_2048, + sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 2048)); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, + dh_key_der_2048, sizeof_dh_key_der_2048, + WOLFSSL_FILETYPE_ASN1)); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024)); + + ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_CTX_SetTmpDH_buffer(ctx, + dh_key_der_2048, sizeof_dh_key_der_2048, + WOLFSSL_FILETYPE_ASN1)); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 2048)); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_buffer(ctx, + dh_key_der_2048, sizeof_dh_key_der_2048, + WOLFSSL_FILETYPE_ASN1)); + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_der_load_verify_locations(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(WOLFSSL_DER_LOAD) && \ + !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + WOLFSSL_CTX* ctx = NULL; + const char* derCert = "./certs/server-cert.der"; + const char* nullPath = NULL; + const char* invalidPath = "./certs/this-cert-does-not-exist.der"; + const char* emptyPath = ""; + + /* der load Case 1 ctx NULL */ + ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + #ifndef NO_WOLFSSL_CLIENT + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + #endif + + /* Case 2 filePath NULL */ + ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, nullPath, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Case 3 invalid format */ + ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert, + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Case 4 filePath not valid */ + ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, invalidPath, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Case 5 filePath empty */ + ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, emptyPath, + WOLFSSL_FILETYPE_ASN1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#ifndef NO_RSA + /* Case 6 success case */ + ExpectIntEQ(wolfSSL_CTX_der_load_verify_locations(ctx, derCert, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#endif + + wolfSSL_CTX_free(ctx); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_enable_disable(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_TLS) + WOLFSSL_CTX* ctx = NULL; + + #ifdef HAVE_CRL + ExpectIntEQ(wolfSSL_CTX_DisableCRL(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif + + #ifdef HAVE_OCSP + ExpectIntEQ(wolfSSL_CTX_DisableOCSP(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif + + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + ExpectIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif + + #ifndef NO_WOLFSSL_CLIENT + + #ifdef HAVE_EXTENDED_MASTER + ExpectIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + + #ifdef HAVE_EXTENDED_MASTER + ExpectIntEQ(wolfSSL_CTX_DisableExtendedMasterSecret(ctx), WOLFSSL_SUCCESS); + #endif + + #elif !defined(NO_WOLFSSL_SERVER) + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + #endif + + #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) + + #ifdef HAVE_CRL + ExpectIntEQ(wolfSSL_CTX_DisableCRL(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, 0), WOLFSSL_SUCCESS); + #endif + + #ifdef HAVE_OCSP + ExpectIntEQ(wolfSSL_CTX_DisableOCSP(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_URL_OVERRIDE), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_NO_NONCE), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL), + WOLFSSL_SUCCESS); + #endif + + #if defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + ExpectIntEQ(wolfSSL_CTX_DisableOCSPStapling(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_DisableOCSPMustStaple(ctx), WOLFSSL_SUCCESS); + #endif + wolfSSL_CTX_free(ctx); + #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ +#endif /* !NO_CERTS && !NO_CERTS */ + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_ticket_API(void) +{ + EXPECT_DECLS; +#if defined(HAVE_SESSION_TICKET) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(NO_TLS) + WOLFSSL_CTX* ctx = NULL; + void *userCtx = (void*)"this is my ctx"; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(ctx, userCtx)); + ExpectTrue(userCtx == wolfSSL_CTX_get_TicketEncCtx(ctx)); + + wolfSSL_CTX_free(ctx); + + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_set_TicketEncCtx(NULL, userCtx)); + ExpectNull(wolfSSL_CTX_get_TicketEncCtx(NULL)); +#endif /* HAVE_SESSION_TICKET && !NO_WOLFSSL_SERVER && !NO_TLS */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_set_minmax_proto_version(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_TLS) + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + + (void)ssl; + +#ifndef NO_WOLFSSL_CLIENT + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS); + + ExpectIntEQ(wolfSSL_set_min_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_set_min_proto_version(ssl, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_set_max_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_set_max_proto_version(ssl, 0), SSL_SUCCESS); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + ctx = NULL; +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, 0), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, 0), SSL_SUCCESS); + + wolfSSL_CTX_free(ctx); +#endif +#endif + + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12) && \ + defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +static int test_wolfSSL_CTX_set_max_proto_version_on_result(WOLFSSL* ssl) +{ + EXPECT_DECLS; + ExpectStrEQ(wolfSSL_get_version(ssl), "TLSv1.2"); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_set_max_proto_version_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + /* Set TLS 1.2 */ + ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION), + WOLFSSL_SUCCESS); + return EXPECT_RESULT(); +} + +/* Test using wolfSSL_CTX_set_max_proto_version to limit the version below + * what was set at ctx creation. */ +static int test_wolfSSL_CTX_set_max_proto_version(void) +{ + EXPECT_DECLS; + test_ssl_cbf client_cbs; + test_ssl_cbf server_cbs; + + XMEMSET(&client_cbs, 0, sizeof(client_cbs)); + XMEMSET(&server_cbs, 0, sizeof(server_cbs)); + + client_cbs.method = wolfTLS_client_method; + server_cbs.method = wolfTLS_server_method; + + server_cbs.ctx_ready = test_wolfSSL_CTX_set_max_proto_version_ctx_ready; + + client_cbs.on_result = test_wolfSSL_CTX_set_max_proto_version_on_result; + server_cbs.on_result = test_wolfSSL_CTX_set_max_proto_version_on_result; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs, + &server_cbs, NULL), TEST_SUCCESS); + + return EXPECT_RESULT(); +} +#else +static int test_wolfSSL_CTX_set_max_proto_version(void) +{ + return TEST_SKIPPED; +} +#endif + +/*----------------------------------------------------------------------------* + | SSL + *----------------------------------------------------------------------------*/ + +static int test_server_wolfSSL_new(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(NO_RSA) + + WOLFSSL_CTX *ctx = NULL; + WOLFSSL_CTX *ctx_nocert = NULL; + WOLFSSL *ssl = NULL; + + ExpectNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + CERT_FILETYPE)); + + /* invalid context */ + ExpectNull(ssl = wolfSSL_new(NULL)); +#if !defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_QT) && \ + !defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_INIT_CTX_KEY) + ExpectNull(ssl = wolfSSL_new(ctx_nocert)); +#endif + + /* success */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + wolfSSL_CTX_free(ctx_nocert); +#endif + + return EXPECT_RESULT(); +} + + +static int test_client_wolfSSL_new(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_RSA) + + WOLFSSL_CTX *ctx = NULL; + WOLFSSL_CTX *ctx_nocert = NULL; + WOLFSSL *ssl = NULL; + + ExpectNotNull(ctx_nocert = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + + ExpectTrue(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); + + /* invalid context */ + ExpectNull(ssl = wolfSSL_new(NULL)); + + /* success */ + ExpectNotNull(ssl = wolfSSL_new(ctx_nocert)); + wolfSSL_free(ssl); + ssl = NULL; + + /* success */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + wolfSSL_free(ssl); + + wolfSSL_CTX_free(ctx); + wolfSSL_CTX_free(ctx_nocert); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_SetTmpDH_file(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(NO_DH) + + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; +#ifdef WOLFSSL_PEM_TO_DER + const char* dhX942ParamFile = "./certs/x942dh2048.pem"; +#if defined(WOLFSSL_WPAS) && !defined(NO_DSA) + const char* dsaParamFile = "./certs/dsaparams.pem"; +#endif +#else + const char* dhX942ParamFile = "./certs/x942dh2048.der"; +#if defined(WOLFSSL_WPAS) && !defined(NO_DSA) + const char* dsaParamFile = "./certs/dsaparams.der"; +#endif +#endif + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#ifndef NO_RSA + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + CERT_FILETYPE)); +#elif defined(HAVE_ECC) + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, + CERT_FILETYPE)); +#elif defined(HAVE_ED25519) + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, edCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, edKeyFile, + CERT_FILETYPE)); +#elif defined(HAVE_ED448) + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, ed448CertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile, + CERT_FILETYPE)); +#endif + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* invalid ssl */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(NULL, + dhParamFile, CERT_FILETYPE)); + + /* invalid dhParamFile file */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, + NULL, CERT_FILETYPE)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, + bogusFile, CERT_FILETYPE)); + + /* success */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhParamFile, + CERT_FILETYPE)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_file(ssl, dhX942ParamFile, + CERT_FILETYPE)); +#if defined(WOLFSSL_WPAS) && !defined(NO_DSA) + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpDH_file(ctx, dsaParamFile, + CERT_FILETYPE)); +#endif + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_SetTmpDH_buffer(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(NO_DH) + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, + sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, + sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* invalid ssl */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, dh_key_der_2048, + sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + + /* invalid dhParamFile file */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(NULL, NULL, + 0, WOLFSSL_FILETYPE_ASN1)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, NULL, 0, + WOLFSSL_FILETYPE_ASN1)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dsa_key_der_2048, + sizeof_dsa_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + + /* success */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, + sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_SetMinMaxDhKey_Sz(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(NO_DH) + WOLFSSL_CTX *ctx = NULL; + WOLFSSL_CTX *ctx2 = NULL; + WOLFSSL *ssl = NULL; + WOLFSSL *ssl2 = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_buffer(ctx, server_cert_der_2048, + sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx, server_key_der_2048, + sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMinDhKey_Sz(ctx, 3072)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectNotNull(ctx2 = wolfSSL_CTX_new(wolfSSLv23_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_buffer(ctx2, server_cert_der_2048, + sizeof_server_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_buffer(ctx2, server_key_der_2048, + sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetMaxDhKey_Sz(ctx, 1024)); + ExpectNotNull(ssl2 = wolfSSL_new(ctx2)); + + ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, + sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 2048)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, + sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMinDhKey_Sz(ssl, 3072)); + ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, + sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048, + sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 2048)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpDH_buffer(ssl2, dh_key_der_2048, + sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetMaxDhKey_Sz(ssl2, 1024)); + ExpectIntEQ(WC_NO_ERR_TRACE(DH_KEY_SIZE_E), wolfSSL_SetTmpDH_buffer(ssl, dh_key_der_2048, + sizeof_dh_key_der_2048, WOLFSSL_FILETYPE_ASN1)); + + wolfSSL_free(ssl2); + wolfSSL_CTX_free(ctx2); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + + +/* Test function for wolfSSL_SetMinVersion. Sets the minimum downgrade version + * allowed. + * POST: return 1 on success. + */ +static int test_wolfSSL_SetMinVersion(void) +{ + int res = TEST_SKIPPED; +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) + int failFlag = WOLFSSL_SUCCESS; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + int itr; + + #ifndef NO_OLD_TLS + const int versions[] = { + #ifdef WOLFSSL_ALLOW_TLSV10 + WOLFSSL_TLSV1, + #endif + WOLFSSL_TLSV1_1, + WOLFSSL_TLSV1_2}; + #elif !defined(WOLFSSL_NO_TLS12) + const int versions[] = { WOLFSSL_TLSV1_2 }; + #else + const int versions[] = { WOLFSSL_TLSV1_3 }; + #endif + + ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + ssl = wolfSSL_new(ctx); + + for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++) { + if (wolfSSL_SetMinVersion(ssl, *(versions + itr)) != WOLFSSL_SUCCESS) { + failFlag = WOLFSSL_FAILURE; + } + } + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + + res = TEST_RES_CHECK(failFlag == WOLFSSL_SUCCESS); +#endif + return res; + +} /* END test_wolfSSL_SetMinVersion */ + + +#include +/*----------------------------------------------------------------------------* + | EVP + *----------------------------------------------------------------------------*/ + +static int test_wolfSSL_EVP_PKEY_print_public(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) + WOLFSSL_BIO* rbio = NULL; + WOLFSSL_BIO* wbio = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + char line[256] = { 0 }; + char line1[256] = { 0 }; + int i = 0; + + /* test error cases */ + ExpectIntEQ( EVP_PKEY_print_public(NULL,NULL,0,NULL),0L); + + /* + * test RSA public key print + * in this test, pass '3' for indent + */ +#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_1024) + + ExpectNotNull(rbio = BIO_new_mem_buf( client_keypub_der_1024, + sizeof_client_keypub_der_1024)); + + ExpectNotNull(wolfSSL_d2i_PUBKEY_bio(rbio, &pkey)); + + ExpectNotNull(wbio = BIO_new(BIO_s_mem())); + + ExpectIntEQ(EVP_PKEY_print_public(wbio, pkey,3,NULL),1); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, " RSA Public-Key: (1024 bit)\n"); + ExpectIntEQ(XSTRNCMP(line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, " Modulus:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, " 00:bc:73:0e:a8:49:f3:74:a2:a9:ef:18:a5:da:55:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + + /* skip to the end of modulus element*/ + for (i = 0; i < 8 ;i++) { + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + } + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, " Exponent: 65537 (0x010001)\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + + /* should reach EOF */ + ExpectIntLE(BIO_gets(wbio, line, sizeof(line)), 0); + + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(rbio); + BIO_free(wbio); + rbio = NULL; + wbio = NULL; + +#endif /* !NO_RSA && USE_CERT_BUFFERS_1024*/ + + /* + * test DSA public key print + */ +#if !defined(NO_DSA) && defined(USE_CERT_BUFFERS_2048) + ExpectNotNull(rbio = BIO_new_mem_buf( dsa_pub_key_der_2048, + sizeof_dsa_pub_key_der_2048)); + + ExpectNotNull(wolfSSL_d2i_PUBKEY_bio(rbio, &pkey)); + + ExpectNotNull(wbio = BIO_new(BIO_s_mem())); + + ExpectIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "DSA Public-Key: (2048 bit)\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "pub:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, + " 00:C2:35:2D:EC:83:83:6C:73:13:9E:52:7C:74:C8:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* skip to the end of pub element*/ + for (i = 0; i < 17 ;i++) { + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + } + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "P:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* skip to the end of P element*/ + for (i = 0; i < 18 ;i++) { + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + } + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "Q:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* skip to the end of Q element*/ + for (i = 0; i < 3 ;i++) { + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + } + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "G:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* skip to the end of G element*/ + for (i = 0; i < 18 ;i++) { + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + } + /* should reach EOF */ + ExpectIntLE(BIO_gets(wbio, line, sizeof(line)), 0); + + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(rbio); + BIO_free(wbio); + rbio = NULL; + wbio = NULL; + +#endif /* !NO_DSA && USE_CERT_BUFFERS_2048 */ + + /* + * test ECC public key print + */ +#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + + ExpectNotNull(rbio = BIO_new_mem_buf( ecc_clikeypub_der_256, + sizeof_ecc_clikeypub_der_256)); + + ExpectNotNull(wolfSSL_d2i_PUBKEY_bio(rbio, &pkey)); + + ExpectNotNull(wbio = BIO_new(BIO_s_mem())); + + ExpectIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL),1); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + ExpectStrEQ(line, "Public-Key: (256 bit)\n"); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "pub:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, + " 04:55:BF:F4:0F:44:50:9A:3D:CE:9B:B7:F0:C5:4D:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* skip to the end of pub element*/ + for (i = 0; i < 4 ;i++) { + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + } + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "ASN1 OID: prime256v1\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "NIST CURVE: P-256\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + + /* should reach EOF */ + ExpectIntLE(BIO_gets(wbio, line, sizeof(line)), 0); + + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(rbio); + BIO_free(wbio); + rbio = NULL; + wbio = NULL; + +#endif /* HAVE_ECC && USE_CERT_BUFFERS_256 */ + + /* + * test DH public key print + */ +#if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) + + ExpectNotNull(rbio = BIO_new_mem_buf( dh_pub_key_der_2048, + sizeof_dh_pub_key_der_2048)); + + ExpectNotNull(wolfSSL_d2i_PUBKEY_bio(rbio, &pkey)); + + ExpectNotNull(wbio = BIO_new(BIO_s_mem())); + + ExpectIntEQ(EVP_PKEY_print_public(wbio, pkey,0,NULL), 1); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "DH Public-Key: (2048 bit)\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "public-key:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, + " 34:41:BF:E9:F2:11:BF:05:DB:B2:72:A8:29:CC:BD:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* skip to the end of public-key element*/ + for (i = 0; i < 17 ;i++) { + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + } + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "prime:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, + " 00:D3:B2:99:84:5C:0A:4C:E7:37:CC:FC:18:37:01:\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* skip to the end of prime element*/ + for (i = 0; i < 17 ;i++) { + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + } + + ExpectIntGT(BIO_gets(wbio, line, sizeof(line)), 0); + strcpy(line1, "generator: 2 (0x02)\n"); + ExpectIntEQ(XSTRNCMP( line, line1, XSTRLEN(line1)), 0); + + /* should reach EOF */ + ExpectIntLE(BIO_gets(wbio, line, sizeof(line)), 0); + + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(rbio); + BIO_free(wbio); + rbio = NULL; + wbio = NULL; + +#endif /* WOLFSSL_DH_EXTRA && USE_CERT_BUFFERS_2048 */ + + /* to prevent "unused variable" warning */ + (void)pkey; + (void)wbio; + (void)rbio; + (void)line; + (void)line1; + (void)i; +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} +/* Test functions for base64 encode/decode */ +static int test_wolfSSL_EVP_ENCODE_CTX_new(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && \ +( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)) + EVP_ENCODE_CTX* ctx = NULL; + + ExpectNotNull(ctx = EVP_ENCODE_CTX_new()); + ExpectIntEQ(ctx->remaining,0); + ExpectIntEQ(ctx->data[0],0); + ExpectIntEQ(ctx->data[sizeof(ctx->data) -1],0); + EVP_ENCODE_CTX_free(ctx); +#endif /* OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE) */ + return EXPECT_RESULT(); +} +static int test_wolfSSL_EVP_ENCODE_CTX_free(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && \ +( defined(WOLFSSL_BASE64_ENCODE) || defined(WOLFSSL_BASE64_DECODE)) + EVP_ENCODE_CTX* ctx = NULL; + + ExpectNotNull(ctx = EVP_ENCODE_CTX_new()); + EVP_ENCODE_CTX_free(ctx); +#endif /* OPENSSL_EXTRA && (WOLFSSL_BASE64_ENCODE || WOLFSSL_BASE64_DECODE) */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_EncodeInit(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) + EVP_ENCODE_CTX* ctx = NULL; + + ExpectNotNull(ctx = EVP_ENCODE_CTX_new()); + ExpectIntEQ(ctx->remaining, 0); + ExpectIntEQ(ctx->data[0], 0); + ExpectIntEQ(ctx->data[sizeof(ctx->data) -1], 0); + + if (ctx != NULL) { + /* make ctx dirty */ + ctx->remaining = 10; + XMEMSET(ctx->data, 0x77, sizeof(ctx->data)); + } + + EVP_EncodeInit(ctx); + + ExpectIntEQ(ctx->remaining, 0); + ExpectIntEQ(ctx->data[0], 0); + ExpectIntEQ(ctx->data[sizeof(ctx->data) -1], 0); + + EVP_ENCODE_CTX_free(ctx); +#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/ + return EXPECT_RESULT(); +} +static int test_wolfSSL_EVP_EncodeUpdate(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) + int outl; + int total; + + const unsigned char plain0[] = {"Th"}; + const unsigned char plain1[] = {"This is a base64 encodeing test."}; + const unsigned char plain2[] = {"This is additional data."}; + + const unsigned char encBlock0[] = {"VGg="}; + const unsigned char enc0[] = {"VGg=\n"}; + /* expected encoded result for the first output 64 chars plus trailing LF*/ + const unsigned char enc1[] = {"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\n"}; + + const unsigned char enc2[] = + {"VGhpcyBpcyBhIGJhc2U2NCBlbmNvZGVpbmcgdGVzdC5UaGlzIGlzIGFkZGl0aW9u\nYWwgZGF0YS4=\n"}; + + unsigned char encOutBuff[300]; + + EVP_ENCODE_CTX* ctx = NULL; + + ExpectNotNull(ctx = EVP_ENCODE_CTX_new()); + + EVP_EncodeInit(ctx); + + /* illegal parameter test */ + ExpectIntEQ( + EVP_EncodeUpdate( + NULL, /* pass NULL as ctx */ + encOutBuff, + &outl, + plain1, + sizeof(plain1)-1), + 0 /* expected result code 0: fail */ + ); + + ExpectIntEQ( + EVP_EncodeUpdate( + ctx, + NULL, /* pass NULL as out buff */ + &outl, + plain1, + sizeof(plain1)-1), + 0 /* expected result code 0: fail */ + ); + + ExpectIntEQ( + EVP_EncodeUpdate( + ctx, + encOutBuff, + NULL, /* pass NULL as outl */ + plain1, + sizeof(plain1)-1), + 0 /* expected result code 0: fail */ + ); + + ExpectIntEQ( + EVP_EncodeUpdate( + ctx, + encOutBuff, + &outl, + NULL, /* pass NULL as in */ + sizeof(plain1)-1), + 0 /* expected result code 0: fail */ + ); + + ExpectIntEQ(EVP_EncodeBlock(NULL, NULL, 0), -1); + + /* meaningless parameter test */ + + ExpectIntEQ( + EVP_EncodeUpdate( + ctx, + encOutBuff, + &outl, + plain1, + 0), /* pass zero input */ + 1 /* expected result code 1: success */ + ); + + /* very small data encoding test */ + + EVP_EncodeInit(ctx); + + ExpectIntEQ( + EVP_EncodeUpdate( + ctx, + encOutBuff, + &outl, + plain0, + sizeof(plain0)-1), + 1 /* expected result code 1: success */ + ); + ExpectIntEQ(outl,0); + + if (EXPECT_SUCCESS()) { + EVP_EncodeFinal( + ctx, + encOutBuff + outl, + &outl); + } + + ExpectIntEQ( outl, sizeof(enc0)-1); + ExpectIntEQ( + XSTRNCMP( + (const char*)encOutBuff, + (const char*)enc0,sizeof(enc0) ), + 0); + + XMEMSET( encOutBuff,0, sizeof(encOutBuff)); + ExpectIntEQ(EVP_EncodeBlock(encOutBuff, plain0, sizeof(plain0)-1), + sizeof(encBlock0)-1); + ExpectStrEQ(encOutBuff, encBlock0); + + /* pass small size( < 48bytes ) input, then make sure they are not + * encoded and just stored in ctx + */ + + EVP_EncodeInit(ctx); + + total = 0; + outl = 0; + XMEMSET( encOutBuff,0, sizeof(encOutBuff)); + + ExpectIntEQ( + EVP_EncodeUpdate( + ctx, + encOutBuff, /* buffer for output */ + &outl, /* size of output */ + plain1, /* input */ + sizeof(plain1)-1), /* size of input */ + 1); /* expected result code 1:success */ + + total += outl; + + ExpectIntEQ(outl, 0); /* no output expected */ + ExpectIntEQ(ctx->remaining, sizeof(plain1) -1); + ExpectTrue( + XSTRNCMP((const char*)(ctx->data), + (const char*)plain1, + ctx->remaining) ==0 ); + ExpectTrue(encOutBuff[0] == 0); + + /* call wolfSSL_EVP_EncodeUpdate again to make it encode + * the stored data and the new input together + */ + ExpectIntEQ( + EVP_EncodeUpdate( + ctx, + encOutBuff + outl, /* buffer for output */ + &outl, /* size of output */ + plain2, /* additional input */ + sizeof(plain2) -1), /* size of additional input */ + 1); /* expected result code 1:success */ + + total += outl; + + ExpectIntNE(outl, 0); /* some output is expected this time*/ + ExpectIntEQ(outl, BASE64_ENCODE_RESULT_BLOCK_SIZE +1); /* 64 bytes and LF */ + ExpectIntEQ( + XSTRNCMP((const char*)encOutBuff,(const char*)enc1,sizeof(enc1) ),0); + + /* call wolfSSL_EVP_EncodeFinal to flush all the unprocessed input */ + EVP_EncodeFinal( + ctx, + encOutBuff + outl, + &outl); + + total += outl; + + ExpectIntNE(total,0); + ExpectIntNE(outl,0); + ExpectIntEQ(XSTRNCMP( + (const char*)encOutBuff,(const char*)enc2,sizeof(enc2) ),0); + + /* test with illeagal parameters */ + outl = 1; + EVP_EncodeFinal(NULL, encOutBuff + outl, &outl); + ExpectIntEQ(outl, 0); + outl = 1; + EVP_EncodeFinal(ctx, NULL, &outl); + ExpectIntEQ(outl, 0); + EVP_EncodeFinal(ctx, encOutBuff + outl, NULL); + EVP_EncodeFinal(NULL, NULL, NULL); + + EVP_ENCODE_CTX_free(ctx); +#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/ + return EXPECT_RESULT(); +} +static int test_wolfSSL_EVP_EncodeFinal(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) + /* tests for wolfSSL_EVP_EncodeFinal are included in + * test_wolfSSL_EVP_EncodeUpdate + */ + res = TEST_SUCCESS; +#endif /* OPENSSL_EXTRA && WOLFSSL_BASE64_ENCODE*/ + return res; +} + + +static int test_wolfSSL_EVP_DecodeInit(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE) + EVP_ENCODE_CTX* ctx = NULL; + + ExpectNotNull( ctx = EVP_ENCODE_CTX_new()); + ExpectIntEQ( ctx->remaining,0); + ExpectIntEQ( ctx->data[0],0); + ExpectIntEQ( ctx->data[sizeof(ctx->data) -1],0); + + if (ctx != NULL) { + /* make ctx dirty */ + ctx->remaining = 10; + XMEMSET( ctx->data, 0x77, sizeof(ctx->data)); + } + + EVP_DecodeInit(ctx); + + ExpectIntEQ( ctx->remaining,0); + ExpectIntEQ( ctx->data[0],0); + ExpectIntEQ( ctx->data[sizeof(ctx->data) -1],0); + + EVP_ENCODE_CTX_free(ctx); +#endif /* OPENSSL && WOLFSSL_BASE_DECODE */ + return EXPECT_RESULT(); +} +static int test_wolfSSL_EVP_DecodeUpdate(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE) + int outl; + unsigned char decOutBuff[300]; + + EVP_ENCODE_CTX* ctx = NULL; + + static const unsigned char enc1[] = + {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"}; +/* const unsigned char plain1[] = + {"This is a base64 decoding test."} */ + + ExpectNotNull(ctx = EVP_ENCODE_CTX_new()); + + EVP_DecodeInit(ctx); + + /* illegal parameter tests */ + + /* pass NULL as ctx */ + ExpectIntEQ( + EVP_DecodeUpdate( + NULL, /* pass NULL as ctx */ + decOutBuff, + &outl, + enc1, + sizeof(enc1)-1), + -1 /* expected result code -1: fail */ + ); + ExpectIntEQ( outl, 0); + + /* pass NULL as output */ + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + NULL, /* pass NULL as out buff */ + &outl, + enc1, + sizeof(enc1)-1), + -1 /* expected result code -1: fail */ + ); + ExpectIntEQ( outl, 0); + + /* pass NULL as outl */ + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + decOutBuff, + NULL, /* pass NULL as outl */ + enc1, + sizeof(enc1)-1), + -1 /* expected result code -1: fail */ + ); + + /* pass NULL as input */ + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + decOutBuff, + &outl, + NULL, /* pass NULL as in */ + sizeof(enc1)-1), + -1 /* expected result code -1: fail */ + ); + ExpectIntEQ( outl, 0); + + ExpectIntEQ(EVP_DecodeBlock(NULL, NULL, 0), -1); + + /* pass zero length input */ + + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + decOutBuff, + &outl, + enc1, + 0), /* pass zero as input len */ + 1 /* expected result code 1: success */ + ); + + /* decode correct base64 string */ + + { + static const unsigned char enc2[] = + {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg==\n"}; + static const unsigned char plain2[] = + {"This is a base64 decoding test."}; + + EVP_EncodeInit(ctx); + + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + decOutBuff, + &outl, + enc2, + sizeof(enc2)-1), + 0 /* expected result code 0: success */ + ); + + ExpectIntEQ(outl,sizeof(plain2) -1); + + ExpectIntEQ( + EVP_DecodeFinal( + ctx, + decOutBuff + outl, + &outl), + 1 /* expected result code 1: success */ + ); + ExpectIntEQ(outl, 0); /* expected DecodeFinal output no data */ + + ExpectIntEQ(XSTRNCMP( (const char*)plain2,(const char*)decOutBuff, + sizeof(plain2) -1 ),0); + ExpectIntEQ(EVP_DecodeBlock(decOutBuff, enc2, sizeof(enc2)), + sizeof(plain2)-1); + ExpectIntEQ(XSTRNCMP( (const char*)plain2,(const char*)decOutBuff, + sizeof(plain2) -1 ),0); + } + + /* decode correct base64 string which does not have '\n' in its last*/ + + { + static const unsigned char enc3[] = + {"VGhpcyBpcyBhIGJhc2U2NCBkZWNvZGluZyB0ZXN0Lg=="}; /* 44 chars */ + static const unsigned char plain3[] = + {"This is a base64 decoding test."}; /* 31 chars */ + + EVP_EncodeInit(ctx); + + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + decOutBuff, + &outl, + enc3, + sizeof(enc3)-1), + 0 /* expected result code 0: success */ + ); + + ExpectIntEQ(outl,sizeof(plain3)-1); /* 31 chars should be output */ + + ExpectIntEQ(XSTRNCMP( (const char*)plain3,(const char*)decOutBuff, + sizeof(plain3) -1 ),0); + + ExpectIntEQ( + EVP_DecodeFinal( + ctx, + decOutBuff + outl, + &outl), + 1 /* expected result code 1: success */ + ); + + ExpectIntEQ(outl,0 ); + + ExpectIntEQ(EVP_DecodeBlock(decOutBuff, enc3, sizeof(enc3)-1), + sizeof(plain3)-1); + ExpectIntEQ(XSTRNCMP( (const char*)plain3,(const char*)decOutBuff, + sizeof(plain3) -1 ),0); + } + + /* decode string which has a padding char ('=') in the illegal position*/ + + { + static const unsigned char enc4[] = + {"VGhpcyBpcyBhIGJhc2U2N=CBkZWNvZGluZyB0ZXN0Lg==\n"}; + + EVP_EncodeInit(ctx); + + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + decOutBuff, + &outl, + enc4, + sizeof(enc4)-1), + -1 /* expected result code -1: error */ + ); + ExpectIntEQ(outl,0); + ExpectIntEQ(EVP_DecodeBlock(decOutBuff, enc4, sizeof(enc4)-1), -1); + } + + /* small data decode test */ + + { + static const unsigned char enc00[] = {"VG"}; + static const unsigned char enc01[] = {"g=\n"}; + static const unsigned char plain4[] = {"Th"}; + + EVP_EncodeInit(ctx); + + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + decOutBuff, + &outl, + enc00, + sizeof(enc00)-1), + 1 /* expected result code 1: success */ + ); + ExpectIntEQ(outl,0); + + ExpectIntEQ( + EVP_DecodeUpdate( + ctx, + decOutBuff + outl, + &outl, + enc01, + sizeof(enc01)-1), + 0 /* expected result code 0: success */ + ); + + ExpectIntEQ(outl,sizeof(plain4)-1); + + /* test with illegal parameters */ + ExpectIntEQ(EVP_DecodeFinal(NULL,decOutBuff + outl,&outl), -1); + ExpectIntEQ(EVP_DecodeFinal(ctx,NULL,&outl), -1); + ExpectIntEQ(EVP_DecodeFinal(ctx,decOutBuff + outl, NULL), -1); + ExpectIntEQ(EVP_DecodeFinal(NULL,NULL, NULL), -1); + + if (EXPECT_SUCCESS()) { + EVP_DecodeFinal( + ctx, + decOutBuff + outl, + &outl); + } + + ExpectIntEQ( outl, 0); + ExpectIntEQ( + XSTRNCMP( + (const char*)decOutBuff, + (const char*)plain4,sizeof(plain4)-1 ), + 0); + } + + EVP_ENCODE_CTX_free(ctx); +#endif /* OPENSSL && WOLFSSL_BASE_DECODE */ + return EXPECT_RESULT(); +} +static int test_wolfSSL_EVP_DecodeFinal(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_DECODE) + /* tests for wolfSSL_EVP_DecodeFinal are included in + * test_wolfSSL_EVP_DecodeUpdate + */ + res = TEST_SUCCESS; +#endif /* OPENSSL && WOLFSSL_BASE_DECODE */ + return res; +} + +/* Test function for wolfSSL_EVP_get_cipherbynid. + */ + +#ifdef OPENSSL_EXTRA +static int test_wolfSSL_EVP_get_cipherbynid(void) +{ + EXPECT_DECLS; +#ifndef NO_AES + const WOLFSSL_EVP_CIPHER* c; + + c = wolfSSL_EVP_get_cipherbynid(419); + #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ + defined(WOLFSSL_AES_128) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_128_CBC", c)); + #else + ExpectNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(423); + #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ + defined(WOLFSSL_AES_192) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_192_CBC", c)); + #else + ExpectNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(427); + #if (defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT)) && \ + defined(WOLFSSL_AES_256) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_256_CBC", c)); + #else + ExpectNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(904); + #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_128) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_128_CTR", c)); + #else + ExpectNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(905); + #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_192) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_192_CTR", c)); + #else + ExpectNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(906); + #if defined(WOLFSSL_AES_COUNTER) && defined(WOLFSSL_AES_256) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_256_CTR", c)); + #else + ExpectNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(418); + #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_128) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_128_ECB", c)); + #else + ExpectNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(422); + #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_192) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_192_ECB", c)); + #else + ExpectNull(c); + #endif + + c = wolfSSL_EVP_get_cipherbynid(426); + #if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_256) + ExpectNotNull(c); + ExpectNotNull(XSTRCMP("EVP_AES_256_ECB", c)); + #else + ExpectNull(c); + #endif +#endif /* !NO_AES */ + +#ifndef NO_DES3 + ExpectNotNull(XSTRCMP("EVP_DES_CBC", wolfSSL_EVP_get_cipherbynid(31))); +#ifdef WOLFSSL_DES_ECB + ExpectNotNull(XSTRCMP("EVP_DES_ECB", wolfSSL_EVP_get_cipherbynid(29))); +#endif + ExpectNotNull(XSTRCMP("EVP_DES_EDE3_CBC", wolfSSL_EVP_get_cipherbynid(44))); +#ifdef WOLFSSL_DES_ECB + ExpectNotNull(XSTRCMP("EVP_DES_EDE3_ECB", wolfSSL_EVP_get_cipherbynid(33))); +#endif +#endif /* !NO_DES3 */ + +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + ExpectNotNull(XSTRCMP("EVP_CHACHA20_POLY13O5", EVP_get_cipherbynid(1018))); +#endif + + /* test for nid is out of range */ + ExpectNull(wolfSSL_EVP_get_cipherbynid(1)); + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_CIPHER_CTX(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); + const EVP_CIPHER *init = EVP_aes_128_cbc(); + const EVP_CIPHER *test; + byte key[AES_BLOCK_SIZE] = {0}; + byte iv[AES_BLOCK_SIZE] = {0}; + + ExpectNotNull(ctx); + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); + test = EVP_CIPHER_CTX_cipher(ctx); + ExpectTrue(init == test); + ExpectIntEQ(EVP_CIPHER_nid(test), NID_aes_128_cbc); + + ExpectIntEQ(EVP_CIPHER_CTX_reset(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_CIPHER_CTX_reset(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + EVP_CIPHER_CTX_free(ctx); + /* test EVP_CIPHER_CTX_cleanup with NULL */ + ExpectIntEQ(EVP_CIPHER_CTX_cleanup(NULL), WOLFSSL_SUCCESS); +#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_128 */ + return EXPECT_RESULT(); +} +#endif /* OPENSSL_EXTRA */ + +/*----------------------------------------------------------------------------* + | IO + *----------------------------------------------------------------------------*/ + +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) || \ + defined(HAVE_IO_TESTS_DEPENDENCIES) +#ifdef WOLFSSL_HAVE_TLS_UNIQUE + byte server_side_msg1[WC_MAX_DIGEST_SIZE]; /* msg sent by server */ + byte server_side_msg2[WC_MAX_DIGEST_SIZE]; /* msg received from client */ + byte client_side_msg1[WC_MAX_DIGEST_SIZE]; /* msg sent by client */ + byte client_side_msg2[WC_MAX_DIGEST_SIZE]; /* msg received from server */ +#endif /* WOLFSSL_HAVE_TLS_UNIQUE */ + +/* TODO: Expand and enable this when EVP_chacha20_poly1305 is supported */ +#if defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \ + defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) + + typedef struct openssl_key_ctx { + byte name[WOLFSSL_TICKET_NAME_SZ]; /* server name */ + byte key[WOLFSSL_TICKET_KEY_SZ]; /* cipher key */ + byte hmacKey[WOLFSSL_TICKET_NAME_SZ]; /* hmac key */ + byte iv[WOLFSSL_TICKET_IV_SZ]; /* cipher iv */ + } openssl_key_ctx; + + static THREAD_LS_T openssl_key_ctx myOpenSSLKey_ctx; + static THREAD_LS_T WC_RNG myOpenSSLKey_rng; + + static WC_INLINE int OpenSSLTicketInit(void) + { + int ret = wc_InitRng(&myOpenSSLKey_rng); + if (ret != 0) return ret; + + ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.name, + sizeof(myOpenSSLKey_ctx.name)); + if (ret != 0) return ret; + + ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.key, + sizeof(myOpenSSLKey_ctx.key)); + if (ret != 0) return ret; + + ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.hmacKey, + sizeof(myOpenSSLKey_ctx.hmacKey)); + if (ret != 0) return ret; + + ret = wc_RNG_GenerateBlock(&myOpenSSLKey_rng, myOpenSSLKey_ctx.iv, + sizeof(myOpenSSLKey_ctx.iv)); + if (ret != 0) return ret; + + return 0; + } + + static int myTicketEncCbOpenSSL(WOLFSSL* ssl, + byte name[WOLFSSL_TICKET_NAME_SZ], + byte iv[WOLFSSL_TICKET_IV_SZ], + WOLFSSL_EVP_CIPHER_CTX *ectx, + WOLFSSL_HMAC_CTX *hctx, int enc) { + (void)ssl; + if (enc) { + XMEMCPY(name, myOpenSSLKey_ctx.name, sizeof(myOpenSSLKey_ctx.name)); + XMEMCPY(iv, myOpenSSLKey_ctx.iv, sizeof(myOpenSSLKey_ctx.iv)); + } + else if (XMEMCMP(name, myOpenSSLKey_ctx.name, + sizeof(myOpenSSLKey_ctx.name)) != 0 || + XMEMCMP(iv, myOpenSSLKey_ctx.iv, + sizeof(myOpenSSLKey_ctx.iv)) != 0) { + return 0; + } + HMAC_Init_ex(hctx, myOpenSSLKey_ctx.hmacKey, WOLFSSL_TICKET_NAME_SZ, EVP_sha256(), NULL); + if (enc) + EVP_EncryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv); + else + EVP_DecryptInit_ex(ectx, EVP_aes_256_cbc(), NULL, myOpenSSLKey_ctx.key, iv); + return 1; + } + + static WC_INLINE void OpenSSLTicketCleanup(void) + { + wc_FreeRng(&myOpenSSLKey_rng); + } +#endif +#endif + +/* helper functions */ +#ifdef HAVE_SSL_MEMIO_TESTS_DEPENDENCIES +static WC_INLINE int test_ssl_memio_write_cb(WOLFSSL *ssl, char *data, int sz, + void *ctx) +{ + struct test_ssl_memio_ctx *test_ctx; + byte *buf; + int *len; + int *msg_sizes; + int *msg_count; + + test_ctx = (struct test_ssl_memio_ctx*)ctx; + + if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) { + buf = test_ctx->c_buff; + len = &test_ctx->c_len; + msg_sizes = test_ctx->c_msg_sizes; + msg_count = &test_ctx->c_msg_count; + } + else { + buf = test_ctx->s_buff; + len = &test_ctx->s_len; + msg_sizes = test_ctx->s_msg_sizes; + msg_count = &test_ctx->s_msg_count; + } + + if ((unsigned)(*len + sz) > TEST_SSL_MEMIO_BUF_SZ) + return WOLFSSL_CBIO_ERR_WANT_WRITE; + + if (*msg_count >= TEST_MEMIO_MAX_MSGS) + return WOLFSSL_CBIO_ERR_WANT_WRITE; + + XMEMCPY(buf + *len, data, sz); + msg_sizes[*msg_count] = sz; + (*msg_count)++; + *len += sz; + +#ifdef WOLFSSL_DUMP_MEMIO_STREAM + { + /* This can be imported into Wireshark by transforming the file with + * od -Ax -tx1 -v test_output.dump > test_output.dump.hex + * And then loading test_output.dump.hex into Wireshark using the + * "Import from Hex Dump..." option ion and selecting the TCP + * encapsulation option. */ + char dump_file_name[64]; + WOLFSSL_BIO *dump_file; + sprintf(dump_file_name, "%s/%s.dump", tmpDirName, currentTestName); + dump_file = wolfSSL_BIO_new_file(dump_file_name, "a"); + if (dump_file != NULL) { + (void)wolfSSL_BIO_write(dump_file, data, sz); + wolfSSL_BIO_free(dump_file); + } + } +#endif + + return sz; +} + +static WC_INLINE int test_ssl_memio_read_cb(WOLFSSL *ssl, char *data, int sz, + void *ctx) +{ + struct test_ssl_memio_ctx *test_ctx; + int read_sz; + byte *buf; + int *len; + int *msg_sizes; + int *msg_count; + int *msg_pos; + int is_dtls; + + test_ctx = (struct test_ssl_memio_ctx*)ctx; + is_dtls = wolfSSL_dtls(ssl); + + if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) { + buf = test_ctx->s_buff; + len = &test_ctx->s_len; + msg_sizes = test_ctx->s_msg_sizes; + msg_count = &test_ctx->s_msg_count; + msg_pos = &test_ctx->s_msg_pos; + } + else { + buf = test_ctx->c_buff; + len = &test_ctx->c_len; + msg_sizes = test_ctx->c_msg_sizes; + msg_count = &test_ctx->c_msg_count; + msg_pos = &test_ctx->c_msg_pos; + } + + if (*len == 0 || *msg_pos >= *msg_count) + return WOLFSSL_CBIO_ERR_WANT_READ; + + /* Calculate how much we can read from current message */ + read_sz = msg_sizes[*msg_pos]; + if (read_sz > sz) + read_sz = sz; + + if (read_sz > *len) + return WOLFSSL_CBIO_ERR_GENERAL; + + /* Copy data from current message */ + XMEMCPY(data, buf, (size_t)read_sz); + /* remove the read data from the buffer */ + XMEMMOVE(buf, buf + read_sz, (size_t)(*len - read_sz)); + *len -= read_sz; + msg_sizes[*msg_pos] -= read_sz; + + /* if we are on dtls, discard the rest of the message */ + if (is_dtls && msg_sizes[*msg_pos] > 0) { + XMEMMOVE(buf, buf + msg_sizes[*msg_pos], (size_t)(*len - msg_sizes[*msg_pos])); + *len -= msg_sizes[*msg_pos]; + msg_sizes[*msg_pos] = 0; + } + + /* If we've read the entire message */ + if (msg_sizes[*msg_pos] == 0) { + /* Move to next message */ + (*msg_pos)++; + if (*msg_pos >= *msg_count) { + *msg_pos = 0; + *msg_count = 0; + } + } + + return read_sz; +} + +int test_ssl_memio_setup(test_ssl_memio_ctx *ctx) +{ + EXPECT_DECLS_NO_MSGS(-2000); +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + int c_sharedCtx = 0; + int s_sharedCtx = 0; +#endif + const char* clientCertFile = cliCertFile; + const char* clientKeyFile = cliKeyFile; + const char* serverCertFile = svrCertFile; + const char* serverKeyFile = svrKeyFile; + + /******************************** + * Create WOLFSSL_CTX for client. + ********************************/ +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (ctx->c_ctx != NULL) { + c_sharedCtx = ctx->c_cb.isSharedCtx; + } + else +#endif + { + WOLFSSL_METHOD* method = NULL; + if (ctx->c_cb.method != NULL) { + method = ctx->c_cb.method(); + } + else { + method = wolfSSLv23_client_method(); + } + ExpectNotNull(ctx->c_ctx = wolfSSL_CTX_new(method)); + } + wolfSSL_SetIORecv(ctx->c_ctx, test_ssl_memio_read_cb); + wolfSSL_SetIOSend(ctx->c_ctx, test_ssl_memio_write_cb); +#ifdef WOLFSSL_ENCRYPTED_KEYS + wolfSSL_CTX_set_default_passwd_cb(ctx->c_ctx, PasswordCallBack); +#endif + if (ctx->c_cb.caPemFile == NULL) + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx->c_ctx, + caCertFile, 0), WOLFSSL_SUCCESS); + else if (*ctx->c_cb.caPemFile != '\0') + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx->c_ctx, + ctx->c_cb.caPemFile, 0), WOLFSSL_SUCCESS); + if (ctx->c_cb.certPemFile != NULL) { + clientCertFile = ctx->c_cb.certPemFile; + } + if (ctx->c_cb.keyPemFile != NULL) { + clientKeyFile = ctx->c_cb.keyPemFile; + } +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (!c_sharedCtx) +#endif + { + if (*clientCertFile != '\0') { + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx->c_ctx, + clientCertFile), WOLFSSL_SUCCESS); + } + if (*clientKeyFile != '\0') { + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->c_ctx, clientKeyFile, + CERT_FILETYPE), WOLFSSL_SUCCESS); + } + } +#ifdef HAVE_CRL + if (ctx->c_cb.crlPemFile != NULL) { + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx->c_ctx, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx->c_ctx, ctx->c_cb.crlPemFile, + CERT_FILETYPE), WOLFSSL_SUCCESS); + } +#endif + if (ctx->c_ciphers != NULL) { + ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx->c_ctx, ctx->c_ciphers), + WOLFSSL_SUCCESS); + } + if (ctx->c_cb.ctx_ready != NULL) { + ExpectIntEQ(ctx->c_cb.ctx_ready(ctx->c_ctx), TEST_SUCCESS); + } + + + /******************************** + * Create WOLFSSL_CTX for server. + ********************************/ + if (ctx->s_ctx != NULL) { +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + s_sharedCtx = 1; +#endif + ctx->s_cb.isSharedCtx = 1; + } + else + { + WOLFSSL_METHOD* method = NULL; + if (ctx->s_cb.method != NULL) { + method = ctx->s_cb.method(); + } + else { + method = wolfSSLv23_server_method(); + } + ExpectNotNull(ctx->s_ctx = wolfSSL_CTX_new(method)); + ctx->s_cb.isSharedCtx = 0; + } + if (!ctx->s_cb.ticNoInit && (ctx->s_ctx != NULL)) { +#if defined(HAVE_SESSION_TICKET) && \ + ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) +#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) + OpenSSLTicketInit(); + wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx->s_ctx, myTicketEncCbOpenSSL); +#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) + TicketInit(); + wolfSSL_CTX_set_TicketEncCb(ctx->s_ctx, myTicketEncCb); +#endif +#endif + } + wolfSSL_SetIORecv(ctx->s_ctx, test_ssl_memio_read_cb); + wolfSSL_SetIOSend(ctx->s_ctx, test_ssl_memio_write_cb); + wolfSSL_CTX_set_verify(ctx->s_ctx, WOLFSSL_VERIFY_PEER | + WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + if (ctx->s_cb.caPemFile == NULL) + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx->s_ctx, + cliCertFile, 0), WOLFSSL_SUCCESS); + else if (*ctx->s_cb.caPemFile != '\0') + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx->s_ctx, + ctx->s_cb.caPemFile, 0), WOLFSSL_SUCCESS); +#ifdef WOLFSSL_ENCRYPTED_KEYS + wolfSSL_CTX_set_default_passwd_cb(ctx->s_ctx, PasswordCallBack); +#endif + if (ctx->s_cb.certPemFile != NULL) { + serverCertFile = ctx->s_cb.certPemFile; + } +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (!s_sharedCtx) +#endif + { + if (*serverCertFile != '\0') { + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx->s_ctx, + serverCertFile), WOLFSSL_SUCCESS); + } + } + if (ctx->s_cb.keyPemFile != NULL) { + serverKeyFile = ctx->s_cb.keyPemFile; + } +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (!s_sharedCtx) +#endif + { + if (*serverKeyFile != '\0') { + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx->s_ctx, serverKeyFile, + CERT_FILETYPE), WOLFSSL_SUCCESS); + } + } + if (ctx->s_ciphers != NULL) { + ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx->s_ctx, ctx->s_ciphers), + WOLFSSL_SUCCESS); + } + if (ctx->s_cb.ctx_ready != NULL) { + ExpectIntEQ(ctx->s_cb.ctx_ready(ctx->s_ctx), TEST_SUCCESS); + } + + + /**************************** + * Create WOLFSSL for client. + ****************************/ + ExpectNotNull(ctx->c_ssl = wolfSSL_new(ctx->c_ctx)); + wolfSSL_SetIOWriteCtx(ctx->c_ssl, ctx); + wolfSSL_SetIOReadCtx(ctx->c_ssl, ctx); +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (c_sharedCtx) { + if (*clientCertFile != '\0') { + ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->c_ssl, + clientCertFile), WOLFSSL_SUCCESS); + } + if (*clientKeyFile != '\0') { + ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->c_ssl, clientKeyFile, + CERT_FILETYPE), WOLFSSL_SUCCESS); + } + } +#endif + if (ctx->c_cb.ssl_ready != NULL) { + ExpectIntEQ(ctx->c_cb.ssl_ready(ctx->c_ssl), TEST_SUCCESS); + } + + /**************************** + * Create WOLFSSL for server. + ****************************/ + ExpectNotNull(ctx->s_ssl = wolfSSL_new(ctx->s_ctx)); + wolfSSL_SetIOWriteCtx(ctx->s_ssl, ctx); + wolfSSL_SetIOReadCtx(ctx->s_ssl, ctx); +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (s_sharedCtx) { + if (*serverCertFile != '\0') { + ExpectIntEQ(wolfSSL_use_certificate_chain_file(ctx->s_ssl, + serverCertFile), WOLFSSL_SUCCESS); + } + if (*serverKeyFile != '\0') { + ExpectIntEQ(wolfSSL_use_PrivateKey_file(ctx->s_ssl, serverKeyFile, + CERT_FILETYPE), WOLFSSL_SUCCESS); + } + } +#endif +#if !defined(NO_FILESYSTEM) && !defined(NO_DH) + wolfSSL_SetTmpDH_file(ctx->s_ssl, dhParamFile, CERT_FILETYPE); +#elif !defined(NO_DH) + /* will repick suites with DHE, higher priority than PSK */ + SetDH(ctx->s_ssl); +#endif + if (ctx->s_cb.ssl_ready != NULL) { + ExpectIntEQ(ctx->s_cb.ssl_ready(ctx->s_ssl), TEST_SUCCESS); + } + + return EXPECT_RESULT(); +} + +int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds, + int* rounds) +{ + int handshake_complete = 0; + int hs_c = 0; + int hs_s = 0; + int failing_s = 0; + int failing_c = 0; + int ret; + int err; + + if (rounds != NULL) { + *rounds = 0; + } + while ((!handshake_complete) && (max_rounds > 0)) { + if (!hs_c) { + wolfSSL_SetLoggingPrefix("client"); + ret = wolfSSL_connect(ctx->c_ssl); + wolfSSL_SetLoggingPrefix(NULL); + if (ret == WOLFSSL_SUCCESS) { + hs_c = 1; + } + else { + err = wolfSSL_get_error(ctx->c_ssl, ret); + if (err != WOLFSSL_ERROR_WANT_READ && + err != WOLFSSL_ERROR_WANT_WRITE) { + char buff[WOLFSSL_MAX_ERROR_SZ]; + fprintf(stderr, "error = %d, %s\n", err, + wolfSSL_ERR_error_string((word32)err, buff)); + failing_c = 1; + hs_c = 1; + if (failing_c && failing_s) { + break; + } + } + } + } + if (!hs_s) { + wolfSSL_SetLoggingPrefix("server"); + ret = wolfSSL_accept(ctx->s_ssl); + wolfSSL_SetLoggingPrefix(NULL); + if (ret == WOLFSSL_SUCCESS) { + hs_s = 1; + } + else { + err = wolfSSL_get_error(ctx->s_ssl, ret); + if (err != WOLFSSL_ERROR_WANT_READ && + err != WOLFSSL_ERROR_WANT_WRITE) { + char buff[WOLFSSL_MAX_ERROR_SZ]; + fprintf(stderr, "error = %d, %s\n", err, + wolfSSL_ERR_error_string((word32)err, buff)); + failing_s = 1; + hs_s = 1; + if (failing_c && failing_s) { + break; + } + } + } + } + handshake_complete = hs_c && hs_s; + max_rounds--; + if (rounds != NULL) { + *rounds += 1; + } + } + + if (!handshake_complete || failing_c || failing_s) { + return TEST_FAIL; + } + + return TEST_SUCCESS; +} + +static int test_ssl_memio_read_write(test_ssl_memio_ctx* ctx) +{ + EXPECT_DECLS_NO_MSGS(-3000); + char input[1024]; + int idx = 0; + const char* msg_c = "hello wolfssl!"; + int msglen_c = (int)XSTRLEN(msg_c); + const char* msg_s = "I hear you fa shizzle!"; + int msglen_s = (int)XSTRLEN(msg_s); + + if (ctx->c_msg != NULL) { + msg_c = ctx->c_msg; + msglen_c = ctx->c_msglen; + } + if (ctx->s_msg != NULL) { + msg_s = ctx->s_msg; + msglen_s = ctx->s_msglen; + } + + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write(ctx->c_ssl, msg_c, msglen_c), msglen_c); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntGT(idx = wolfSSL_read(ctx->s_ssl, input, sizeof(input) - 1), 0); + if (idx >= 0) { + input[idx] = '\0'; + } + ExpectIntGT(fprintf(stderr, "Client message: %s\n", input), 0); + ExpectIntEQ(wolfSSL_write(ctx->s_ssl, msg_s, msglen_s), msglen_s); + ctx->s_cb.return_code = EXPECT_RESULT(); + wolfSSL_SetLoggingPrefix("client"); + ExpectIntGT(idx = wolfSSL_read(ctx->c_ssl, input, sizeof(input) - 1), 0); + wolfSSL_SetLoggingPrefix(NULL); + if (idx >= 0) { + input[idx] = '\0'; + } + ExpectIntGT(fprintf(stderr, "Server response: %s\n", input), 0); + ctx->c_cb.return_code = EXPECT_RESULT(); + if (ctx->c_cb.on_result != NULL) { + ExpectIntEQ(ctx->c_cb.on_result(ctx->c_ssl), TEST_SUCCESS); + } + if (ctx->s_cb.on_result != NULL) { + ExpectIntEQ(ctx->s_cb.on_result(ctx->s_ssl), TEST_SUCCESS); + } + + return EXPECT_RESULT(); +} + +void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx) +{ + ctx->c_cb.last_err = wolfSSL_get_error(ctx->c_ssl, 0); + ctx->s_cb.last_err = wolfSSL_get_error(ctx->s_ssl, 0); + if (ctx->c_cb.on_cleanup != NULL) { + ctx->c_cb.on_cleanup(ctx->c_ssl); + } + if (ctx->s_cb.on_cleanup != NULL) { + ctx->s_cb.on_cleanup(ctx->s_ssl); + } + wolfSSL_shutdown(ctx->s_ssl); + wolfSSL_shutdown(ctx->c_ssl); + wolfSSL_free(ctx->s_ssl); + wolfSSL_free(ctx->c_ssl); + if (ctx->c_cb.on_ctx_cleanup != NULL) { + ctx->c_cb.on_ctx_cleanup(ctx->c_ctx); + } + if (!ctx->c_cb.isSharedCtx) { + wolfSSL_CTX_free(ctx->c_ctx); + ctx->c_ctx = NULL; + } + if (ctx->s_cb.on_ctx_cleanup != NULL) { + ctx->s_cb.on_ctx_cleanup(ctx->s_ctx); + } + if (!ctx->s_cb.isSharedCtx) { + wolfSSL_CTX_free(ctx->s_ctx); + ctx->s_ctx = NULL; + } + + if (!ctx->s_cb.ticNoInit) { +#if defined(HAVE_SESSION_TICKET) && \ + ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) +#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) + OpenSSLTicketCleanup(); +#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) + TicketCleanup(); +#endif +#endif + } +} + +static int test_wolfSSL_client_server_nofail_memio_ex(test_ssl_cbf* client_cb, + test_ssl_cbf* server_cb, cbType client_on_handshake, + cbType server_on_handshake) +{ + /* We use EXPECT_DECLS_NO_MSGS() here because this helper routine is used + * for numerous but varied expected-to-fail scenarios that should not emit + * error messages on the expected failures. Instead, we return a distinct + * code for each failure point, allowing the caller to assert on a + * particular mode of expected failure. On success, the usual TEST_SUCCESS + * is returned. + */ + EXPECT_DECLS_NO_MSGS(-1000); + struct test_ssl_memio_ctx test_ctx; +#ifdef WOLFSSL_HAVE_TLS_UNIQUE + size_t msg_len; +#endif /* WOLFSSL_HAVE_TLS_UNIQUE */ + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + XMEMCPY(&test_ctx.c_cb, client_cb, sizeof(test_ssl_cbf)); + XMEMCPY(&test_ctx.s_cb, server_cb, sizeof(test_ssl_cbf)); + + test_ctx.c_ctx = client_cb->ctx; + test_ctx.s_ctx = server_cb->ctx; + test_ctx.c_cb.return_code = EXPECT_FAILURE_CODEPOINT_ID; + test_ctx.s_cb.return_code = EXPECT_FAILURE_CODEPOINT_ID; + + ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS); + ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS); + + if (client_on_handshake != NULL) { + ExpectIntEQ(client_on_handshake(test_ctx.c_ctx, test_ctx.c_ssl), + TEST_SUCCESS); + } + if (server_on_handshake != NULL) { + ExpectIntEQ(server_on_handshake(test_ctx.s_ctx, test_ctx.s_ssl), + TEST_SUCCESS); + } + if (client_cb->on_handshake != NULL) { + ExpectIntEQ(client_cb->on_handshake(&test_ctx.c_ctx, &test_ctx.c_ssl), + TEST_SUCCESS); + } + if (server_cb->on_handshake != NULL) { + ExpectIntEQ(server_cb->on_handshake(&test_ctx.s_ctx, &test_ctx.s_ssl), + TEST_SUCCESS); + } +#ifdef WOLFSSL_HAVE_TLS_UNIQUE + XMEMSET(server_side_msg2, 0, WC_MAX_DIGEST_SIZE); + msg_len = wolfSSL_get_peer_finished(test_ctx.s_ssl, server_side_msg2, + WC_MAX_DIGEST_SIZE); + ExpectIntGE(msg_len, 0); + + XMEMSET(server_side_msg1, 0, WC_MAX_DIGEST_SIZE); + msg_len = wolfSSL_get_finished(test_ctx.s_ssl, server_side_msg1, + WC_MAX_DIGEST_SIZE); + ExpectIntGE(msg_len, 0); +#endif /* WOLFSSL_HAVE_TLS_UNIQUE */ + + ExpectIntEQ(test_ssl_memio_read_write(&test_ctx), TEST_SUCCESS); + test_ssl_memio_cleanup(&test_ctx); + + client_cb->return_code = test_ctx.c_cb.return_code; + client_cb->last_err = test_ctx.c_cb.last_err; + server_cb->return_code = test_ctx.s_cb.return_code; + server_cb->last_err = test_ctx.s_cb.last_err; + + return EXPECT_RESULT(); +} + +int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb, + test_ssl_cbf* server_cb, cbType client_on_handshake) +{ + return (test_wolfSSL_client_server_nofail_memio_ex(client_cb, server_cb, + client_on_handshake, NULL)); +} +#endif + +#ifdef HAVE_IO_TESTS_DEPENDENCIES + +#ifdef WOLFSSL_SESSION_EXPORT +#ifdef WOLFSSL_DTLS +/* set up function for sending session information */ +static int test_export(WOLFSSL* inSsl, byte* buf, word32 sz, void* userCtx) +{ + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + + AssertNotNull(inSsl); + AssertNotNull(buf); + AssertIntNE(0, sz); + + /* Set ctx to DTLS 1.2 */ + ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method()); + AssertNotNull(ctx); + + ssl = wolfSSL_new(ctx); + AssertNotNull(ssl); + + AssertIntGE(wolfSSL_dtls_import(ssl, buf, sz), 0); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + (void)userCtx; + return 0; +} +#endif + +/* returns negative value on fail and positive (including 0) on success */ +static int nonblocking_accept_read(void* args, WOLFSSL* ssl, SOCKET_T* sockfd) +{ + int ret, err, loop_count, count, timeout = 10; + char msg[] = "I hear you fa shizzle!"; + char input[1024]; + + loop_count = ((func_args*)args)->argc; + + #ifdef WOLFSSL_ASYNC_CRYPT + err = 0; /* Reset error */ + #endif + do { + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) { break; } else if (ret == 0) { continue; } + } + #endif + ret = wolfSSL_accept(ssl); + err = wolfSSL_get_error(ssl, 0); + + if (err == WOLFSSL_ERROR_WANT_READ || + err == WOLFSSL_ERROR_WANT_WRITE) { + int select_ret; + + err = WC_PENDING_E; + select_ret = tcp_select(*sockfd, timeout); + if (select_ret == TEST_TIMEOUT) { + return WOLFSSL_FATAL_ERROR; + } + } + } while (err == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != WOLFSSL_SUCCESS) { + char buff[WOLFSSL_MAX_ERROR_SZ]; + fprintf(stderr, "error = %d, %s\n", err, + wolfSSL_ERR_error_string(err, buff)); + return ret; + } + + for (count = 0; count < loop_count; count++) { + int select_ret; + + select_ret = tcp_select(*sockfd, timeout); + if (select_ret == TEST_TIMEOUT) { + ret = WOLFSSL_FATAL_ERROR; + break; + } + + do { + ret = wolfSSL_read(ssl, input, sizeof(input)-1); + if (ret > 0) { + input[ret] = '\0'; + fprintf(stderr, "Client message: %s\n", input); + } + } while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS); + + do { + if ((ret = wolfSSL_write(ssl, msg, sizeof(msg))) != sizeof(msg)) { + return WOLFSSL_FATAL_ERROR; + } + err = wolfSSL_get_error(ssl, ret); + } while (err == WOLFSSL_ERROR_WANT_READ && ret != WOLFSSL_SUCCESS); + } + return ret; +} +#endif /* WOLFSSL_SESSION_EXPORT */ + +THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args) +{ + SOCKET_T sockfd = 0; + SOCKET_T clientfd = 0; + word16 port; + + callback_functions* cbf; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + func_args* opts = (func_args*)args; + + char msg[] = "I hear you fa shizzle!"; + char input[1024]; + int idx; + int ret, err = 0; + int sharedCtx = 0; + int doUdp = 0; + SOCKADDR_IN_T cliAddr; + socklen_t cliLen; + const char* certFile = svrCertFile; + const char* keyFile = svrKeyFile; + +#ifdef WOLFSSL_HAVE_TLS_UNIQUE + size_t msg_len = 0; +#endif + + wolfSSL_SetLoggingPrefix("server"); + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + opts->return_code = TEST_FAIL; + cbf = opts->callbacks; + + if (cbf != NULL && cbf->ctx) { + ctx = cbf->ctx; + sharedCtx = 1; + } + else + { + WOLFSSL_METHOD* method = NULL; + if (cbf != NULL && cbf->method != NULL) { + method = cbf->method(); + + } + else { + method = wolfSSLv23_server_method(); + } + ctx = wolfSSL_CTX_new(method); + } + if (ctx == NULL) { + /* Release the wait for TCP ready. */ + signal_ready(opts->signal); + goto done; + } + + if (cbf == NULL || !cbf->ticNoInit) { +#if defined(HAVE_SESSION_TICKET) && \ + ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) +#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) + OpenSSLTicketInit(); + wolfSSL_CTX_set_tlsext_ticket_key_cb(ctx, myTicketEncCbOpenSSL); +#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) + TicketInit(); + wolfSSL_CTX_set_TicketEncCb(ctx, myTicketEncCb); +#endif +#endif + } + +#if defined(USE_WINDOWS_API) + port = opts->signal->port; +#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ + !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) + /* Let tcp_listen assign port */ + port = 0; +#else + /* Use default port */ + port = wolfSSLPort; +#endif + + if (cbf != NULL) + doUdp = cbf->doUdp; + + /* do it here to detect failure */ + tcp_accept( + &sockfd, &clientfd, opts, port, 0, doUdp, 0, 0, 1, 0, 0); + + if (doUdp) { + cliLen = sizeof(cliAddr); + + idx = (int)recvfrom(sockfd, input, sizeof(input), MSG_PEEK, + (struct sockaddr*)&cliAddr, &cliLen); + + AssertIntGT(idx, 0); + } + else { + CloseSocket(sockfd); + } + + wolfSSL_CTX_set_verify(ctx, + WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + +#ifdef WOLFSSL_ENCRYPTED_KEYS + wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); +#endif + + if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0) + != WOLFSSL_SUCCESS) { + /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/ + goto done; + } + + if (cbf != NULL && cbf->certPemFile != NULL) + certFile = cbf->certPemFile; +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, certFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { +#else + if (wolfSSL_CTX_use_certificate_file(ctx, certFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { +#endif + /*err_sys("can't load server cert chain file, " + "Please run from wolfSSL home dir");*/ + goto done; + } + + if (cbf != NULL && cbf->keyPemFile != NULL) + keyFile = cbf->keyPemFile; +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, keyFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { +#else + if (wolfSSL_CTX_use_PrivateKey_file(ctx, keyFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { +#endif + /*err_sys("can't load server key file, " + "Please run from wolfSSL home dir");*/ + goto done; + } + +#ifdef HAVE_CRL + if (cbf != NULL && cbf->crlPemFile != NULL) { + if (wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS) + goto done; + if (wolfSSL_CTX_LoadCRLFile(ctx, cbf->crlPemFile, CERT_FILETYPE) + != WOLFSSL_SUCCESS) + goto done; + } +#endif + + /* call ctx setup callback */ + if (cbf != NULL && cbf->ctx_ready != NULL) { + cbf->ctx_ready(ctx); + } + + ssl = wolfSSL_new(ctx); + if (ssl == NULL) { + goto done; + } + + if (doUdp) { + err = wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen); + if (err != WOLFSSL_SUCCESS) + goto done; + } + +#ifdef WOLFSSL_SESSION_EXPORT + /* only add in more complex nonblocking case with session export tests */ + if (args && opts->argc > 0) { + /* set as nonblock and time out for waiting on read/write */ + tcp_set_nonblocking(&clientfd); + wolfSSL_dtls_set_using_nonblock(ssl, 1); + } +#endif +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (sharedCtx && wolfSSL_use_certificate_file(ssl, certFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { +#else + if (wolfSSL_use_certificate_file(ssl, certFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { +#endif + /*err_sys("can't load server cert chain file, " + "Please run from wolfSSL home dir");*/ + goto done; + } +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, keyFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { +#else + if (wolfSSL_use_PrivateKey_file(ssl, keyFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { +#endif + /*err_sys("can't load server key file, " + "Please run from wolfSSL home dir");*/ + goto done; + } + + if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) { + /*err_sys("SSL_set_fd failed");*/ + goto done; + } + +#if !defined(NO_FILESYSTEM) && !defined(NO_DH) + wolfSSL_SetTmpDH_file(ssl, dhParamFile, CERT_FILETYPE); +#elif !defined(NO_DH) + SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ +#endif + + /* call ssl setup callback */ + if (cbf != NULL && cbf->ssl_ready != NULL) { + cbf->ssl_ready(ssl); + } + +#ifdef WOLFSSL_SESSION_EXPORT + /* only add in more complex nonblocking case with session export tests */ + if (opts->argc > 0) { + ret = nonblocking_accept_read(args, ssl, &clientfd); + if (ret >= 0) { + opts->return_code = TEST_SUCCESS; + } + #ifdef WOLFSSL_TIRTOS + Task_yield(); + #endif + goto done; + } +#endif + + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_negotiate(ssl), + ret != WOLFSSL_SUCCESS); + if (ret != WOLFSSL_SUCCESS) { + char buff[WOLFSSL_MAX_ERROR_SZ]; + fprintf(stderr, "error = %d, %s\n", err, + wolfSSL_ERR_error_string((word32)err, buff)); + /*err_sys("SSL_accept failed");*/ + goto done; + } + +#ifdef WOLFSSL_HAVE_TLS_UNIQUE + XMEMSET(server_side_msg2, 0, WC_MAX_DIGEST_SIZE); + msg_len = wolfSSL_get_peer_finished(ssl, server_side_msg2, WC_MAX_DIGEST_SIZE); + AssertIntGE(msg_len, 0); + + XMEMSET(server_side_msg1, 0, WC_MAX_DIGEST_SIZE); + msg_len = wolfSSL_get_finished(ssl, server_side_msg1, WC_MAX_DIGEST_SIZE); + AssertIntGE(msg_len, 0); +#endif /* WOLFSSL_HAVE_TLS_UNIQUE */ + + idx = wolfSSL_read(ssl, input, sizeof(input)-1); + if (idx > 0) { + input[idx] = '\0'; + fprintf(stderr, "Client message: %s\n", input); + } + else if (idx < 0) { + goto done; + } + + if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { + /*err_sys("SSL_write failed");*/ + goto done; + } + + if (cbf != NULL && cbf->on_result != NULL) + cbf->on_result(ssl); + +#ifdef WOLFSSL_TIRTOS + Task_yield(); +#endif + + opts->return_code = TEST_SUCCESS; + +done: + if (cbf != NULL) + cbf->last_err = err; + if (cbf != NULL && cbf->on_cleanup != NULL) + cbf->on_cleanup(ssl); + + wolfSSL_shutdown(ssl); + wolfSSL_free(ssl); + if (!sharedCtx) + wolfSSL_CTX_free(ctx); + + CloseSocket(clientfd); + +#ifdef WOLFSSL_TIRTOS + fdCloseSession(Task_self()); +#endif + +#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ + && defined(HAVE_THREAD_LS) + wc_ecc_fp_free(); /* free per thread cache */ +#endif + + if (cbf == NULL || !cbf->ticNoInit) { +#if defined(HAVE_SESSION_TICKET) && \ + ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) +#if defined(OPENSSL_EXTRA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) + OpenSSLTicketCleanup(); +#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) + TicketCleanup(); +#endif +#endif + } + + wolfSSL_SetLoggingPrefix(NULL); + + WOLFSSL_RETURN_FROM_THREAD(0); +} + +#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \ + !defined(WOLFSSL_NO_TLS12) +static THREAD_RETURN WOLFSSL_THREAD test_server_loop(void* args) +{ + SOCKET_T sockfd; + SOCKET_T clientfd = -1; + word16 port; + + callback_functions* cbf; + WOLFSSL_CTX* ctx = 0; + WOLFSSL* ssl = 0; + + char msg[] = "I hear you fa shizzle!"; + char input[1024]; + int idx; + int ret, err = 0; + int sharedCtx = 0; + func_args* opts = (func_args*)args; + int loop_count = opts->argc; + int count = 0; + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + opts->return_code = TEST_FAIL; + cbf = opts->callbacks; + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (cbf != NULL && cbf->ctx) { + ctx = cbf->ctx; + sharedCtx = 1; + } + else +#endif + { + WOLFSSL_METHOD* method = NULL; + if (cbf != NULL && cbf->method != NULL) { + method = cbf->method(); + } + else { + method = wolfSSLv23_server_method(); + } + ctx = wolfSSL_CTX_new(method); + } + +#if defined(USE_WINDOWS_API) + port = opts->signal->port; +#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ + !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) + /* Let tcp_listen assign port */ + port = 0; +#else + /* Use default port */ + port = wolfSSLPort; +#endif + + wolfSSL_CTX_set_verify(ctx, + WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + +#ifdef WOLFSSL_ENCRYPTED_KEYS + wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); +#endif + + if (wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0) + != WOLFSSL_SUCCESS) { + /*err_sys("can't load ca file, Please run from wolfSSL home dir");*/ + /* Release the wait for TCP ready. */ + signal_ready(opts->signal); + goto done; + } + if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { + /*err_sys("can't load server cert chain file, " + "Please run from wolfSSL home dir");*/ + /* Release the wait for TCP ready. */ + signal_ready(opts->signal); + goto done; + } + if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { + /*err_sys("can't load server key file, " + "Please run from wolfSSL home dir");*/ + /* Release the wait for TCP ready. */ + signal_ready(opts->signal); + goto done; + } + /* call ctx setup callback */ + if (cbf != NULL && cbf->ctx_ready != NULL) { + cbf->ctx_ready(ctx); + } + + while (count != loop_count) { + ssl = wolfSSL_new(ctx); + if (ssl == NULL) { + signal_ready(opts->signal); + goto done; + } + if (sharedCtx && wolfSSL_use_certificate_file(ssl, svrCertFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { + /*err_sys("can't load server cert chain file, " + "Please run from wolfSSL home dir");*/ + /* Release the wait for TCP ready. */ + signal_ready(opts->signal); + goto done; + } + if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, svrKeyFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { + /*err_sys("can't load server key file, " + "Please run from wolfSSL home dir");*/ + /* Release the wait for TCP ready. */ + signal_ready(opts->signal); + goto done; + } + +#if !defined(NO_FILESYSTEM) && !defined(NO_DH) + wolfSSL_SetTmpDH_file(ssl, dhParamFile, CERT_FILETYPE); +#elif !defined(NO_DH) + SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ +#endif + /* call ssl setup callback */ + if (cbf != NULL && cbf->ssl_ready != NULL) { + cbf->ssl_ready(ssl); + } + /* do it here to detect failure */ + tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, + 0); + CloseSocket(sockfd); + if (wolfSSL_set_fd(ssl, clientfd) != WOLFSSL_SUCCESS) { + /*err_sys("SSL_set_fd failed");*/ + goto done; + } + + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_accept(ssl), + ret != WOLFSSL_SUCCESS); + if (ret != WOLFSSL_SUCCESS) { + char buff[WOLFSSL_MAX_ERROR_SZ]; + fprintf(stderr, "error = %d, %s\n", err, + wolfSSL_ERR_error_string(err, buff)); + /*err_sys("SSL_accept failed");*/ + goto done; + } + + idx = wolfSSL_read(ssl, input, sizeof(input)-1); + if (idx > 0) { + input[idx] = '\0'; + fprintf(stderr, "Client message: %s\n", input); + } + + if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { + /*err_sys("SSL_write failed");*/ + goto done; + } + /* free ssl for this connection */ + wolfSSL_shutdown(ssl); + wolfSSL_free(ssl); ssl = NULL; + CloseSocket(clientfd); + clientfd = -1; + + count++; + } +#ifdef WOLFSSL_TIRTOS + Task_yield(); +#endif + + opts->return_code = TEST_SUCCESS; + +done: + if (ssl != NULL) { + wolfSSL_shutdown(ssl); + wolfSSL_free(ssl); + } + if (!sharedCtx) + wolfSSL_CTX_free(ctx); + + if (clientfd != SOCKET_INVALID) + CloseSocket(clientfd); + +#ifdef WOLFSSL_TIRTOS + fdCloseSession(Task_self()); +#endif + +#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ + && defined(HAVE_THREAD_LS) + wc_ecc_fp_free(); /* free per thread cache */ +#endif + + WOLFSSL_RETURN_FROM_THREAD(0); +} +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && !defined(WOLFSSL_TLS13) */ + +int test_client_nofail(void* args, cbType cb) +{ +#if !defined(NO_WOLFSSL_CLIENT) + SOCKET_T sockfd = 0; + callback_functions* cbf; + + WOLFSSL_CTX* ctx = 0; + WOLFSSL* ssl = 0; + WOLFSSL_CIPHER* cipher; + + char msg[64] = "hello wolfssl!"; + char reply[1024]; + int input; + int msgSz = (int)XSTRLEN(msg); + int ret, err = 0; + int cipherSuite; + int sharedCtx = 0; + int doUdp = 0; + const char* cipherName1, *cipherName2; + + wolfSSL_SetLoggingPrefix("client"); + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + ((func_args*)args)->return_code = TEST_FAIL; + cbf = ((func_args*)args)->callbacks; + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (cbf != NULL && cbf->ctx) { + ctx = cbf->ctx; + sharedCtx = cbf->isSharedCtx; + } + else +#endif + { + WOLFSSL_METHOD* method = NULL; + if (cbf != NULL && cbf->method != NULL) { + method = cbf->method(); + } + else { + method = wolfSSLv23_client_method(); + } + ctx = wolfSSL_CTX_new(method); + } + + if (cbf != NULL) + doUdp = cbf->doUdp; + +#ifdef WOLFSSL_ENCRYPTED_KEYS + wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); +#endif + + /* Do connect here so server detects failures */ + tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, + doUdp, 0, NULL); + /* Connect the socket so that we don't have to set the peer later on */ + if (doUdp) + udp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port); + + if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != WOLFSSL_SUCCESS) + { + /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/ + goto done; + } +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { +#else + if (wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { +#endif + /*err_sys("can't load client cert file, " + "Please run from wolfSSL home dir");*/ + goto done; + } +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { +#else + if (wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { +#endif + + /*err_sys("can't load client key file, " + "Please run from wolfSSL home dir");*/ + goto done; + } + +#ifdef WOLFSSL_SRTP + /* make sure that NULL (error condition) returns 1 */ + if (wolfSSL_CTX_set_tlsext_use_srtp(ctx, NULL) != 1) { + goto done; + } +#endif + +#ifdef HAVE_CRL + if (cbf != NULL && cbf->crlPemFile != NULL) { + if (wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL) != WOLFSSL_SUCCESS) + goto done; + if (wolfSSL_CTX_LoadCRLFile(ctx, cbf->crlPemFile, CERT_FILETYPE) + != WOLFSSL_SUCCESS) + goto done; + } +#endif + + /* call ctx setup callback */ + if (cbf != NULL && cbf->ctx_ready != NULL) { + cbf->ctx_ready(ctx); + } + + ssl = wolfSSL_new(ctx); + if (ssl == NULL) { + goto done; + } +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { +#else + if (wolfSSL_use_certificate_file(ssl, cliCertFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { +#endif + /*err_sys("can't load client cert file, " + "Please run from wolfSSL home dir");*/ + goto done; + } +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { +#else + if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { +#endif + /*err_sys("can't load client key file, " + "Please run from wolfSSL home dir");*/ + goto done; + } + +#ifdef WOLFSSL_SRTP + /* make sure that NULL (error condition) returns 1 */ + if (wolfSSL_set_tlsext_use_srtp(ssl, NULL) != 1) { + goto done; + } +#endif + + if (!doUdp) { + if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { + /*err_sys("SSL_set_fd failed");*/ + goto done; + } + } + else { +#ifdef WOLFSSL_DTLS + if (wolfSSL_set_dtls_fd_connected(ssl, sockfd) != WOLFSSL_SUCCESS) { + /*err_sys("SSL_set_fd failed");*/ + goto done; + } +#else + goto done; +#endif + } + + /* call ssl setup callback */ + if (cbf != NULL && cbf->ssl_ready != NULL) { + cbf->ssl_ready(ssl); + } + + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_negotiate(ssl), + ret != WOLFSSL_SUCCESS); + if (ret != WOLFSSL_SUCCESS) { + char buff[WOLFSSL_MAX_ERROR_SZ]; + fprintf(stderr, "error = %d, %s\n", err, + wolfSSL_ERR_error_string((word32)err, buff)); + /*err_sys("SSL_connect failed");*/ + goto done; + } + + /* test the various get cipher methods */ + /* Internal cipher suite names */ + cipherSuite = wolfSSL_get_current_cipher_suite(ssl); + cipherName1 = wolfSSL_get_cipher_name(ssl); + cipherName2 = wolfSSL_get_cipher_name_from_suite( + (byte)(cipherSuite >> 8), cipherSuite & 0xFF); + AssertStrEQ(cipherName1, cipherName2); + + /* IANA Cipher Suites Names */ + /* Unless WOLFSSL_CIPHER_INTERNALNAME or NO_ERROR_STRINGS, + then it's the internal cipher suite name */ + cipher = wolfSSL_get_current_cipher(ssl); + cipherName1 = wolfSSL_CIPHER_get_name(cipher); + cipherName2 = wolfSSL_get_cipher(ssl); + AssertStrEQ(cipherName1, cipherName2); +#if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \ + !defined(WOLFSSL_QT) + cipherName1 = wolfSSL_get_cipher_name_iana_from_suite( + (byte)(cipherSuite >> 8), cipherSuite & 0xFF); + AssertStrEQ(cipherName1, cipherName2); +#endif + + if (cb != NULL) + (cb)(ctx, ssl); + + if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { + /*err_sys("SSL_write failed");*/ + goto done; + } + + input = wolfSSL_read(ssl, reply, sizeof(reply)-1); + if (input > 0) { + reply[input] = '\0'; + fprintf(stderr, "Server response: %s\n", reply); + } + + if (cbf != NULL && cbf->on_result != NULL) + cbf->on_result(ssl); + + ((func_args*)args)->return_code = TEST_SUCCESS; + +done: + if (cbf != NULL) + cbf->last_err = err; + if (cbf != NULL && cbf->on_cleanup != NULL) + cbf->on_cleanup(ssl); + + wolfSSL_free(ssl); + if (!sharedCtx) + wolfSSL_CTX_free(ctx); + + CloseSocket(sockfd); + +#ifdef WOLFSSL_TIRTOS + fdCloseSession(Task_self()); +#endif + +#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ + && defined(HAVE_THREAD_LS) + wc_ecc_fp_free(); /* free per thread cache */ +#endif + +#else + (void)args; + (void)cb; +#endif /* !NO_WOLFSSL_CLIENT */ + + wolfSSL_SetLoggingPrefix(NULL); + + return 0; +} + +void test_wolfSSL_client_server_nofail_ex(callback_functions* client_cb, + callback_functions* server_cb, cbType client_on_handshake) +{ + func_args client_args; + func_args server_args; + tcp_ready ready; + THREAD_TYPE serverThread; + + XMEMSET(&client_args, 0, sizeof(func_args)); + XMEMSET(&server_args, 0, sizeof(func_args)); + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + StartTCP(); + InitTcpReady(&ready); + +#if defined(USE_WINDOWS_API) + /* use RNG to get random port if using windows */ + ready.port = GetRandomPort(); +#endif + + server_args.signal = &ready; + server_args.callbacks = server_cb; + client_args.signal = &ready; + client_args.callbacks = client_cb; + + start_thread(test_server_nofail, &server_args, &serverThread); + wait_tcp_ready(&server_args); + test_client_nofail(&client_args, client_on_handshake); + join_thread(serverThread); + + client_cb->return_code = client_args.return_code; + server_cb->return_code = server_args.return_code; + + FreeTcpReady(&ready); + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif +} + +void test_wolfSSL_client_server_nofail(callback_functions* client_cb, + callback_functions* server_cb) +{ + test_wolfSSL_client_server_nofail_ex(client_cb, server_cb, NULL); +} + + +#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \ + !defined(WOLFSSL_NO_TLS12) && !defined(NO_WOLFSSL_CLIENT) +static void test_client_reuse_WOLFSSLobj(void* args, cbType cb, + void* server_args) +{ + SOCKET_T sockfd = 0; + callback_functions* cbf; + + WOLFSSL_CTX* ctx = 0; + WOLFSSL* ssl = 0; + WOLFSSL_SESSION* session = NULL; + + char msg[64] = "hello wolfssl!"; + char reply[1024]; + int input; + int msgSz = (int)XSTRLEN(msg); + int ret, err = 0; + int sharedCtx = 0; + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + ((func_args*)args)->return_code = TEST_FAIL; + cbf = ((func_args*)args)->callbacks; + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE) + if (cbf != NULL && cbf->ctx) { + ctx = cbf->ctx; + sharedCtx = 1; + } + else +#endif + { + WOLFSSL_METHOD* method = NULL; + if (cbf != NULL && cbf->method != NULL) { + method = cbf->method(); + } + else { + method = wolfSSLv23_client_method(); + } + ctx = wolfSSL_CTX_new(method); + } + +#ifdef WOLFSSL_ENCRYPTED_KEYS + wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); +#endif + + /* Do connect here so server detects failures */ + tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, + 0, 0, NULL); + + if (wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0) != + WOLFSSL_SUCCESS) { + /* err_sys("can't load ca file, Please run from wolfSSL home dir");*/ + goto done; + } + if (!sharedCtx && wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + /*err_sys("can't load client cert file, " + "Please run from wolfSSL home dir");*/ + goto done; + } + if (!sharedCtx && wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + /*err_sys("can't load client key file, " + "Please run from wolfSSL home dir");*/ + goto done; + } + + /* call ctx setup callback */ + if (cbf != NULL && cbf->ctx_ready != NULL) { + cbf->ctx_ready(ctx); + } + + ssl = wolfSSL_new(ctx); + if (ssl == NULL) { + goto done; + } + /* keep handshake resources for reusing WOLFSSL obj */ + wolfSSL_KeepArrays(ssl); + if (wolfSSL_KeepHandshakeResources(ssl)) { + /* err_sys("SSL_KeepHandshakeResources failed"); */ + goto done; + } + if (sharedCtx && wolfSSL_use_certificate_file(ssl, cliCertFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + /*err_sys("can't load client cert file, " + "Please run from wolfSSL home dir");*/ + goto done; + } + if (sharedCtx && wolfSSL_use_PrivateKey_file(ssl, cliKeyFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) { + /*err_sys("can't load client key file, " + "Please run from wolfSSL home dir");*/ + goto done; + } + + if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { + /*err_sys("SSL_set_fd failed");*/ + goto done; + } + + /* call ssl setup callback */ + if (cbf != NULL && cbf->ssl_ready != NULL) { + cbf->ssl_ready(ssl); + } + + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl), + ret != WOLFSSL_SUCCESS); + if (ret != WOLFSSL_SUCCESS) { + char buff[WOLFSSL_MAX_ERROR_SZ]; + fprintf(stderr, "error = %d, %s\n", err, + wolfSSL_ERR_error_string(err, buff)); + /*err_sys("SSL_connect failed");*/ + goto done; + } + /* Build first session */ + if (cb != NULL) + cb(ctx, ssl); + + if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { + /*err_sys("SSL_write failed");*/ + goto done; + } + + input = wolfSSL_read(ssl, reply, sizeof(reply)-1); + if (input > 0) { + reply[input] = '\0'; + fprintf(stderr, "Server response: %s\n", reply); + } + + /* Session Resumption by reusing WOLFSSL object */ + wolfSSL_set_quiet_shutdown(ssl, 1); + if (wolfSSL_shutdown(ssl) != WOLFSSL_SUCCESS) { + /* err_sys ("SSL shutdown failed"); */ + goto done; + } + session = wolfSSL_get1_session(ssl); + if (wolfSSL_clear(ssl) != WOLFSSL_SUCCESS) { + wolfSSL_SESSION_free(session); + /* err_sys ("SSL_clear failed"); */ + goto done; + } + wolfSSL_set_session(ssl, session); + wolfSSL_SESSION_free(session); + session = NULL; + /* close socket once */ + CloseSocket(sockfd); + sockfd = 0; + /* wait until server ready */ + wait_tcp_ready((func_args*)server_args); + fprintf(stderr, "session resumption\n"); + /* Do re-connect */ + tcp_connect(&sockfd, wolfSSLIP, ((func_args*)args)->signal->port, + 0, 0, NULL); + if (wolfSSL_set_fd(ssl, sockfd) != WOLFSSL_SUCCESS) { + /*err_sys("SSL_set_fd failed");*/ + goto done; + } + + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl), + ret != WOLFSSL_SUCCESS); + if (ret != WOLFSSL_SUCCESS) { + char buff[WOLFSSL_MAX_ERROR_SZ]; + fprintf(stderr, "error = %d, %s\n", err, + wolfSSL_ERR_error_string(err, buff)); + /*err_sys("SSL_connect failed");*/ + goto done; + } + /* Build first session */ + if (cb != NULL) + cb(ctx, ssl); + + if (wolfSSL_write(ssl, msg, msgSz) != msgSz) { + /*err_sys("SSL_write failed");*/ + goto done; + } + + input = wolfSSL_read(ssl, reply, sizeof(reply)-1); + if (input > 0) { + reply[input] = '\0'; + fprintf(stderr, "Server response: %s\n", reply); + } + + ((func_args*)args)->return_code = TEST_SUCCESS; + +done: + wolfSSL_free(ssl); + if (!sharedCtx) + wolfSSL_CTX_free(ctx); + + CloseSocket(sockfd); + +#ifdef WOLFSSL_TIRTOS + fdCloseSession(Task_self()); +#endif + + return; +} +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && + !defined(WOLFSSL_TLS13) && !defined(NO_WOLFSSL_CLIENT) */ + +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY)) && \ + defined(HAVE_ALPN) && defined(HAVE_SNI) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_BIO) + #define HAVE_ALPN_PROTOS_SUPPORT +#endif + +/* Generic TLS client / server with callbacks for API unit tests + * Used by SNI / ALPN / crypto callback helper functions */ +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && \ + (defined(HAVE_SNI) || defined(HAVE_ALPN) || defined(WOLF_CRYPTO_CB) || \ + defined(HAVE_ALPN_PROTOS_SUPPORT)) || defined(WOLFSSL_STATIC_MEMORY) + #define ENABLE_TLS_CALLBACK_TEST +#endif + +#if defined(ENABLE_TLS_CALLBACK_TEST) || \ + (defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT)) +/* TLS server for API unit testing - generic */ +static THREAD_RETURN WOLFSSL_THREAD run_wolfssl_server(void* args) +{ + callback_functions* callbacks = ((func_args*)args)->callbacks; + + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + SOCKET_T sfd = 0; + SOCKET_T cfd = 0; + word16 port; + + char msg[] = "I hear you fa shizzle!"; + int len = (int) XSTRLEN(msg); + char input[1024]; + int idx; + int ret, err = 0; + + ((func_args*)args)->return_code = TEST_FAIL; + +#if defined(USE_WINDOWS_API) + port = ((func_args*)args)->signal->port; +#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ + !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) + /* Let tcp_listen assign port */ + port = 0; +#else + /* Use default port */ + port = wolfSSLPort; +#endif + +#ifdef WOLFSSL_DTLS + if (callbacks->method == wolfDTLS_server_method +#ifdef WOLFSSL_STATIC_MEMORY + || callbacks->method_ex == wolfDTLS_server_method_ex +#endif +#ifndef NO_OLD_TLS + || callbacks->method == wolfDTLSv1_server_method +#ifdef WOLFSSL_STATIC_MEMORY + || callbacks->method_ex == wolfDTLSv1_server_method_ex +#endif +#endif +#ifndef WOLFSSL_NO_TLS12 + || callbacks->method == wolfDTLSv1_2_server_method +#ifdef WOLFSSL_STATIC_MEMORY + || callbacks->method_ex == wolfDTLSv1_2_server_method_ex +#endif +#endif +#ifdef WOLFSSL_DTLS13 + || callbacks->method == wolfDTLSv1_3_server_method +#ifdef WOLFSSL_STATIC_MEMORY + || callbacks->method_ex == wolfDTLSv1_3_server_method_ex +#endif +#endif + ) { + tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 1, 0, 0, 0, 0, 0); + } + else +#endif + { + tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0); + } + +#ifdef WOLFSSL_STATIC_MEMORY + if (callbacks->method_ex != NULL && callbacks->mem != NULL && + callbacks->memSz > 0) { + ret = wolfSSL_CTX_load_static_memory(&ctx, callbacks->method_ex, + callbacks->mem, callbacks->memSz, 0, 1); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, "CTX static new failed %d\n", ret); + goto cleanup; + } + } +#else + ctx = wolfSSL_CTX_new(callbacks->method()); +#endif + if (ctx == NULL) { + fprintf(stderr, "CTX new failed\n"); + goto cleanup; + } + + /* set defaults */ + if (callbacks->caPemFile == NULL) + callbacks->caPemFile = cliCertFile; + if (callbacks->certPemFile == NULL) + callbacks->certPemFile = svrCertFile; + if (callbacks->keyPemFile == NULL) + callbacks->keyPemFile = svrKeyFile; + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + wolfSSL_CTX_SetDevId(ctx, callbacks->devId); + + wolfSSL_CTX_set_verify(ctx, + WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + +#ifdef WOLFSSL_ENCRYPTED_KEYS + wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); +#endif +#if defined(WOLFSSL_SESSION_EXPORT) && defined(WOLFSSL_DTLS) + if (callbacks->method == wolfDTLSv1_2_server_method) { + if (wolfSSL_CTX_dtls_set_export(ctx, test_export) != WOLFSSL_SUCCESS) + goto cleanup; + } +#endif + + + if (wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0) != + WOLFSSL_SUCCESS) { + goto cleanup; + } + + if (wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { + goto cleanup; + } + + if (wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { + goto cleanup; + } + +#ifdef HAVE_CRL + if (callbacks->crlPemFile != NULL) { + if (wolfSSL_CTX_LoadCRLFile(ctx, callbacks->crlPemFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { + goto cleanup; + } + } +#endif + + if (callbacks->ctx_ready) + callbacks->ctx_ready(ctx); + + ssl = wolfSSL_new(ctx); + if (ssl == NULL) { + fprintf(stderr, "SSL new failed\n"); + goto cleanup; + } + if (wolfSSL_dtls(ssl)) { + SOCKADDR_IN_T cliAddr; + socklen_t cliLen; + + cliLen = sizeof(cliAddr); + idx = (int)recvfrom(sfd, input, sizeof(input), MSG_PEEK, + (struct sockaddr*)&cliAddr, &cliLen); + if (idx <= 0) { + goto cleanup; + } + wolfSSL_dtls_set_peer(ssl, &cliAddr, cliLen); + } + else { + CloseSocket(sfd); + } + + if (wolfSSL_set_fd(ssl, cfd) != WOLFSSL_SUCCESS) { + goto cleanup; + } + + if (callbacks->loadToSSL) { + wolfSSL_SetDevId(ssl, callbacks->devId); + + if (wolfSSL_use_certificate_file(ssl, callbacks->certPemFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { + goto cleanup; + } + + if (wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { + goto cleanup; + } + } + +#ifdef NO_PSK + #if !defined(NO_FILESYSTEM) && !defined(NO_DH) + wolfSSL_SetTmpDH_file(ssl, dhParamFile, CERT_FILETYPE); + #elif !defined(NO_DH) + SetDH(ssl); /* will repick suites with DHE, higher priority than PSK */ + #endif +#endif + + if (callbacks->ssl_ready) + callbacks->ssl_ready(ssl); + + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_accept(ssl), + ret != WOLFSSL_SUCCESS); + if (ret != WOLFSSL_SUCCESS) { + char buff[WOLFSSL_MAX_ERROR_SZ]; + fprintf(stderr, "accept error = %d, %s\n", err, + wolfSSL_ERR_error_string((word32)err, buff)); + /*err_sys("SSL_accept failed");*/ + } + else { + WOLFSSL_ASYNC_WHILE_PENDING(idx = wolfSSL_read(ssl, input, sizeof(input)-1), + idx <= 0); + if (idx > 0) { + input[idx] = 0; + fprintf(stderr, "Client message: %s\n", input); + } + + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_write(ssl, msg, len), + len != ret); + if (len != ret) { + goto cleanup; + } + +#if defined(WOLFSSL_SESSION_EXPORT) && !defined(HAVE_IO_POOL) && \ + defined(WOLFSSL_DTLS) + if (wolfSSL_dtls(ssl)) { + byte* import; + word32 sz; + + wolfSSL_dtls_export(ssl, NULL, &sz); + import = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (import == NULL) { + goto cleanup; + } + idx = wolfSSL_dtls_export(ssl, import, &sz); + if (idx < 0) { + goto cleanup; + } + if (wolfSSL_dtls_import(ssl, import, idx) < 0) { + goto cleanup; + } + XFREE(import, NULL, DYNAMIC_TYPE_TMP_BUFFER); + } +#endif +#ifdef WOLFSSL_TIRTOS + Task_yield(); +#endif + ((func_args*)args)->return_code = TEST_SUCCESS; + } + + if (callbacks->on_result) + callbacks->on_result(ssl); + + wolfSSL_shutdown(ssl); + +cleanup: + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + CloseSocket(cfd); + + +#ifdef WOLFSSL_TIRTOS + fdCloseSession(Task_self()); +#endif + +#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ + && defined(HAVE_THREAD_LS) + wc_ecc_fp_free(); /* free per thread cache */ +#endif + + WOLFSSL_RETURN_FROM_THREAD(0); +} + +/* TLS Client for API unit testing - generic */ +static void run_wolfssl_client(void* args) +{ + callback_functions* callbacks = ((func_args*)args)->callbacks; + + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + SOCKET_T sfd = 0; + + char msg[] = "hello wolfssl server!"; + int len = (int) XSTRLEN(msg); + char input[1024]; + int ret, err = 0; + + ((func_args*)args)->return_code = TEST_FAIL; + + /* set defaults */ + if (callbacks->caPemFile == NULL) + callbacks->caPemFile = caCertFile; + if (callbacks->certPemFile == NULL) + callbacks->certPemFile = cliCertFile; + if (callbacks->keyPemFile == NULL) + callbacks->keyPemFile = cliKeyFile; + +#ifdef WOLFSSL_STATIC_MEMORY + if (callbacks->method_ex != NULL && callbacks->mem != NULL && + callbacks->memSz > 0) { + ret = wolfSSL_CTX_load_static_memory(&ctx, callbacks->method_ex, + callbacks->mem, callbacks->memSz, 0, 1); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, "CTX static new failed %d\n", ret); + goto cleanup; + } + } +#else + ctx = wolfSSL_CTX_new(callbacks->method()); +#endif + if (ctx == NULL) { + fprintf(stderr, "CTX new failed\n"); + goto cleanup; + } + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + if (!callbacks->loadToSSL) { + wolfSSL_CTX_SetDevId(ctx, callbacks->devId); + } + +#ifdef WOLFSSL_ENCRYPTED_KEYS + wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); +#endif + + if (wolfSSL_CTX_load_verify_locations(ctx, callbacks->caPemFile, 0) != + WOLFSSL_SUCCESS) { + goto cleanup; + } + + if (!callbacks->loadToSSL) { + if (wolfSSL_CTX_use_certificate_file(ctx, callbacks->certPemFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { + goto cleanup; + } + + if (wolfSSL_CTX_use_PrivateKey_file(ctx, callbacks->keyPemFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { + goto cleanup; + } + } + +#ifdef HAVE_CRL + if (callbacks->crlPemFile != NULL) { + if (wolfSSL_CTX_LoadCRLFile(ctx, callbacks->crlPemFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { + goto cleanup; + } + } +#endif + + if (callbacks->ctx_ready) + callbacks->ctx_ready(ctx); + + ssl = wolfSSL_new(ctx); + if (wolfSSL_dtls(ssl)) { + tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, + 1, 0, ssl); + } + else { + tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, + 0, 0, ssl); + } + if (wolfSSL_set_fd(ssl, sfd) != WOLFSSL_SUCCESS) { + goto cleanup; + } + + if (callbacks->loadToSSL) { + wolfSSL_SetDevId(ssl, callbacks->devId); + + if (wolfSSL_use_certificate_file(ssl, callbacks->certPemFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { + goto cleanup; + } + + if (wolfSSL_use_PrivateKey_file(ssl, callbacks->keyPemFile, + CERT_FILETYPE) != WOLFSSL_SUCCESS) { + goto cleanup; + } + } + + if (callbacks->ssl_ready) + callbacks->ssl_ready(ssl); + + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl), + ret != WOLFSSL_SUCCESS); + if (ret != WOLFSSL_SUCCESS) { + char buff[WOLFSSL_MAX_ERROR_SZ]; + fprintf(stderr, "error = %d, %s\n", err, + wolfSSL_ERR_error_string((word32)err, buff)); + /*err_sys("SSL_connect failed");*/ + } + else { + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_write(ssl, msg, len), + ret != len); + if (len != ret) + goto cleanup; + + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_read(ssl, input, sizeof(input)-1), + ret <= 0); + if (ret > 0) { + input[ret] = '\0'; /* null term */ + fprintf(stderr, "Server response: %s\n", input); + } + ((func_args*)args)->return_code = TEST_SUCCESS; + } + + if (callbacks->on_result) + callbacks->on_result(ssl); + +cleanup: + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + CloseSocket(sfd); + +#ifdef WOLFSSL_TIRTOS + fdCloseSession(Task_self()); +#endif +} + +#endif /* ENABLE_TLS_CALLBACK_TEST */ + + +static int test_wolfSSL_read_write(void) +{ + EXPECT_DECLS; +#ifndef NO_SHA256 + /* The unit testing for read and write shall happen simultaneously, since + * one can't do anything with one without the other. (Except for a failure + * test case.) This function will call all the others that will set up, + * execute, and report their test findings. + * + * Set up the success case first. This function will become the template + * for the other tests. This should eventually be renamed + * + * The success case isn't interesting, how can this fail? + * - Do not give the client context a CA certificate. The connect should + * fail. Do not need server for this? + * - Using NULL for the ssl object on server. Do not need client for this. + * - Using NULL for the ssl object on client. Do not need server for this. + * - Good ssl objects for client and server. Client write() without server + * read(). + * - Good ssl objects for client and server. Server write() without client + * read(). + * - Forgetting the password callback? + */ + tcp_ready ready; + func_args client_args; + func_args server_args; + THREAD_TYPE serverThread; + + XMEMSET(&client_args, 0, sizeof(func_args)); + XMEMSET(&server_args, 0, sizeof(func_args)); +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + StartTCP(); + InitTcpReady(&ready); + +#if defined(USE_WINDOWS_API) + /* use RNG to get random port if using windows */ + ready.port = GetRandomPort(); +#endif + + server_args.signal = &ready; + client_args.signal = &ready; + + start_thread(test_server_nofail, &server_args, &serverThread); + wait_tcp_ready(&server_args); + test_client_nofail(&client_args, NULL); + join_thread(serverThread); + + ExpectTrue(client_args.return_code); + ExpectTrue(server_args.return_code); + + FreeTcpReady(&ready); + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_read_write_ex(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + const char *test_str = "test"; + int test_str_size; + size_t count; + byte buf[255]; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfSSLv23_client_method, wolfSSLv23_server_method), 0); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + test_str_size = XSTRLEN("test") + 1; + ExpectIntEQ(wolfSSL_write_ex(ssl_c, test_str, test_str_size, &count), + WOLFSSL_SUCCESS); + ExpectIntEQ(count, test_str_size); + count = 0; + ExpectIntEQ(wolfSSL_read_ex(ssl_s, buf, sizeof(buf), &count), WOLFSSL_SUCCESS); + ExpectIntEQ(count, test_str_size); + ExpectIntEQ(XSTRCMP((char*)buf, test_str), 0); + + + ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE); + ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE); + ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1); + ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + return TEST_SUCCESS; +} + +static int test_wolfSSL_reuse_WOLFSSLobj(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && \ + !defined(WOLFSSL_NO_TLS12) + /* The unit test for session resumption by reusing WOLFSSL object. + * WOLFSSL object is not cleared after first session. It reuse the object + * for second connection. + */ + tcp_ready ready; + func_args client_args; + func_args server_args; + THREAD_TYPE serverThread; + callback_functions client_cbf; + callback_functions server_cbf; + + XMEMSET(&client_args, 0, sizeof(func_args)); + XMEMSET(&server_args, 0, sizeof(func_args)); + XMEMSET(&client_cbf, 0, sizeof(callback_functions)); + XMEMSET(&server_cbf, 0, sizeof(callback_functions)); +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + StartTCP(); + InitTcpReady(&ready); + +#if defined(USE_WINDOWS_API) + /* use RNG to get random port if using windows */ + ready.port = GetRandomPort(); +#endif + + client_cbf.method = wolfTLSv1_2_client_method; + server_cbf.method = wolfTLSv1_2_server_method; + client_args.callbacks = &client_cbf; + server_args.callbacks = &server_cbf; + + server_args.signal = &ready; + client_args.signal = &ready; + /* the var is used for loop number */ + server_args.argc = 2; + + start_thread(test_server_loop, &server_args, &serverThread); + wait_tcp_ready(&server_args); + test_client_reuse_WOLFSSLobj(&client_args, NULL, &server_args); + join_thread(serverThread); + + ExpectTrue(client_args.return_code); + ExpectTrue(server_args.return_code); + + FreeTcpReady(&ready); + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SESSION_CACHE) && + * !defined(WOLFSSL_TLS13) */ + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +static int test_wolfSSL_CTX_verifyDepth_ServerClient_1_ctx_ready( + WOLFSSL_CTX* ctx) +{ + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); + myVerifyAction = VERIFY_USE_PREVERIFY; + wolfSSL_CTX_set_verify_depth(ctx, 2); + return TEST_SUCCESS; +} +#endif + +static int test_wolfSSL_CTX_verifyDepth_ServerClient_1(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) + test_ssl_cbf client_cbf; + test_ssl_cbf server_cbf; + + XMEMSET(&client_cbf, 0, sizeof(client_cbf)); + XMEMSET(&server_cbf, 0, sizeof(server_cbf)); + +#ifdef WOLFSSL_TLS13 + client_cbf.method = wolfTLSv1_3_client_method; +#endif /* WOLFSSL_TLS13 */ + client_cbf.ctx_ready = + test_wolfSSL_CTX_verifyDepth_ServerClient_1_ctx_ready; + + /* test case 1 verify depth is equal to peer chain */ + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, + &server_cbf, NULL), TEST_SUCCESS); + + ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS); + ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS); +#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ + + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +static int test_wolfSSL_CTX_verifyDepth_ServerClient_2_ctx_ready( + WOLFSSL_CTX* ctx) +{ + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); + myVerifyAction = VERIFY_OVERRIDE_ERROR; + wolfSSL_CTX_set_verify_depth(ctx, 0); + return TEST_SUCCESS; +} +#endif + +static int test_wolfSSL_CTX_verifyDepth_ServerClient_2(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) + test_ssl_cbf client_cbf; + test_ssl_cbf server_cbf; + + XMEMSET(&client_cbf, 0, sizeof(client_cbf)); + XMEMSET(&server_cbf, 0, sizeof(server_cbf)); + +#ifdef WOLFSSL_TLS13 + client_cbf.method = wolfTLSv1_3_client_method; +#endif /* WOLFSSL_TLS13 */ + client_cbf.ctx_ready = + test_wolfSSL_CTX_verifyDepth_ServerClient_2_ctx_ready; + + /* test case 2 + * verify depth is zero, number of peer's chain is 2. + * verify result becomes MAX_CHAIN_ERROR, but it is overridden in + * callback. + */ + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, + &server_cbf, NULL), TEST_SUCCESS); + + ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS); + ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS); +#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ + + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +static int test_wolfSSL_CTX_verifyDepth_ServerClient_3_ctx_ready( + WOLFSSL_CTX* ctx) +{ + wolfSSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, myVerify); + myVerifyAction = VERIFY_USE_PREVERIFY; + wolfSSL_CTX_set_verify_depth(ctx, 0); + return TEST_SUCCESS; +} +#endif + +static int test_wolfSSL_CTX_verifyDepth_ServerClient_3(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) + test_ssl_cbf client_cbf; + test_ssl_cbf server_cbf; + + XMEMSET(&client_cbf, 0, sizeof(client_cbf)); + XMEMSET(&server_cbf, 0, sizeof(server_cbf)); + +#ifdef WOLFSSL_TLS13 + client_cbf.method = wolfTLSv1_3_client_method; +#endif /* WOLFSSL_TLS13 */ + client_cbf.ctx_ready = + test_wolfSSL_CTX_verifyDepth_ServerClient_3_ctx_ready; + + /* test case 3 + * verify depth is zero, number of peer's chain is 2 + * verify result becomes MAX_CHAIN_ERRO. call-back returns failure. + * therefore, handshake becomes failure. + */ + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, + &server_cbf, NULL), -1001); + + ExpectIntEQ(client_cbf.return_code, -1000); + ExpectIntEQ(server_cbf.return_code, -1000); + ExpectIntEQ(client_cbf.last_err, WC_NO_ERR_TRACE(MAX_CHAIN_ERROR)); + ExpectIntEQ(server_cbf.last_err, WC_NO_ERR_TRACE(FATAL_ERROR)); +#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ + + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_ALL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_NO_TLS12) && \ + defined(HAVE_ECC) && !defined(NO_AES) && !defined(NO_SHA256) +static int test_wolfSSL_CTX_set_cipher_list_server_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, "DEFAULT:!NULL")); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_set_cipher_list_client_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256")); + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_CTX_set_cipher_list(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(HAVE_ECC) && !defined(NO_AES) && !defined(NO_SHA256) + + #if !defined(WOLFSSL_NO_TLS12) + WOLFSSL_CTX* ctxClient = NULL; + WOLFSSL* sslClient = NULL; + test_ssl_cbf client_cbf; + test_ssl_cbf server_cbf; + + XMEMSET(&client_cbf, 0, sizeof(client_cbf)); + XMEMSET(&server_cbf, 0, sizeof(server_cbf)); + + server_cbf.method = wolfTLSv1_2_server_method; + server_cbf.ctx_ready = test_wolfSSL_CTX_set_cipher_list_server_ctx_ready; + client_cbf.method = wolfTLSv1_2_client_method; + client_cbf.ctx_ready = test_wolfSSL_CTX_set_cipher_list_client_ctx_ready; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, + &server_cbf, NULL), TEST_SUCCESS); + + ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS); + ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS); + + /* check with cipher string that has '+' */ + ExpectNotNull((ctxClient = wolfSSL_CTX_new(wolfTLSv1_2_client_method()))); + /* Use trailing : with nothing to test for ASAN */ + ExpectTrue(wolfSSL_CTX_set_cipher_list(ctxClient, "ECDHE+AESGCM:")); + ExpectNotNull((sslClient = wolfSSL_new(ctxClient))); + + /* check for the existence of an ECDHE ECDSA cipher suite */ + if (EXPECT_SUCCESS()) { + int i = 0; + int found = 0; + const char* suite; + + WOLF_STACK_OF(WOLFSSL_CIPHER)* sk = NULL; + WOLFSSL_CIPHER* current; + + ExpectNotNull((sk = wolfSSL_get_ciphers_compat(sslClient))); + do { + current = wolfSSL_sk_SSL_CIPHER_value(sk, i++); + if (current) { + suite = wolfSSL_CIPHER_get_name(current); + if (suite && XSTRSTR(suite, "ECDSA")) { + found = 1; + break; + } + } + } while (current); + ExpectIntEQ(found, 1); + } + + wolfSSL_free(sslClient); + wolfSSL_CTX_free(ctxClient); + + #endif /* !WOLFSSL_NO_TLS12 */ +#endif + return EXPECT_RESULT(); +} + +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_HAVE_TLS_UNIQUE) +static int test_wolfSSL_get_finished_client_on_handshake(WOLFSSL_CTX* ctx, + WOLFSSL* ssl) +{ + EXPECT_DECLS; + size_t msg_len; + + (void)ctx; + + /* get_finished test */ + /* 1. get own sent message */ + XMEMSET(client_side_msg1, 0, WC_MAX_DIGEST_SIZE); + msg_len = wolfSSL_get_finished(ssl, client_side_msg1, WC_MAX_DIGEST_SIZE); + ExpectIntGE(msg_len, 0); + /* 2. get peer message */ + XMEMSET(client_side_msg2, 0, WC_MAX_DIGEST_SIZE); + msg_len = wolfSSL_get_peer_finished(ssl, client_side_msg2, WC_MAX_DIGEST_SIZE); + ExpectIntGE(msg_len, 0); + + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_get_finished(void) +{ + EXPECT_DECLS; +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_HAVE_TLS_UNIQUE) + test_ssl_cbf client_cbf; + test_ssl_cbf server_cbf; + + XMEMSET(&client_cbf, 0, sizeof(client_cbf)); + XMEMSET(&server_cbf, 0, sizeof(server_cbf)); + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, + &server_cbf, test_wolfSSL_get_finished_client_on_handshake), + TEST_SUCCESS); + + /* test received msg vs sent msg */ + ExpectIntEQ(0, XMEMCMP(client_side_msg1, server_side_msg2, WC_MAX_DIGEST_SIZE)); + ExpectIntEQ(0, XMEMCMP(client_side_msg2, server_side_msg1, WC_MAX_DIGEST_SIZE)); +#endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES && WOLFSSL_HAVE_TLS_UNIQUE */ + + return EXPECT_RESULT(); +} + +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \ + !defined(SINGLE_THREADED) && defined(WOLFSSL_TLS13) && \ + !defined(NO_SESSION_CACHE) + +/* Sessions to restore/store */ +static WOLFSSL_SESSION* test_wolfSSL_CTX_add_session_client_sess; +static WOLFSSL_SESSION* test_wolfSSL_CTX_add_session_server_sess; +static WOLFSSL_CTX* test_wolfSSL_CTX_add_session_server_ctx; + +static void test_wolfSSL_CTX_add_session_ctx_ready(WOLFSSL_CTX* ctx) +{ + /* Don't store sessions. Lookup is still enabled. */ + AssertIntEQ(wolfSSL_CTX_set_session_cache_mode(ctx, + WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE), WOLFSSL_SUCCESS); +#ifdef OPENSSL_EXTRA + AssertIntEQ(wolfSSL_CTX_get_session_cache_mode(ctx) & + WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE, + WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE); +#endif + /* Require both peers to provide certs */ + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); +} + +static void test_wolfSSL_CTX_add_session_on_result(WOLFSSL* ssl) +{ + WOLFSSL_SESSION** sess; +#ifdef WOLFSSL_MUTEX_INITIALIZER + static wolfSSL_Mutex m = WOLFSSL_MUTEX_INITIALIZER(m); + + (void)wc_LockMutex(&m); +#endif + if (wolfSSL_is_server(ssl)) + sess = &test_wolfSSL_CTX_add_session_server_sess; + else + sess = &test_wolfSSL_CTX_add_session_client_sess; + if (*sess == NULL) { +#ifdef NO_SESSION_CACHE_REF + *sess = wolfSSL_get1_session(ssl); + AssertNotNull(*sess); +#else + /* Test for backwards compatibility */ + if (wolfSSL_is_server(ssl)) { + *sess = wolfSSL_get1_session(ssl); + AssertNotNull(*sess); + } + else { + *sess = wolfSSL_get_session(ssl); + AssertNotNull(*sess); + } +#endif + /* Now save the session in the internal store to make it available + * for lookup. For TLS 1.3, we can't save the session without + * WOLFSSL_TICKET_HAVE_ID because there is no way to retrieve the + * session from cache. */ + if (wolfSSL_is_server(ssl) +#ifndef WOLFSSL_TICKET_HAVE_ID + && wolfSSL_version(ssl) != TLS1_3_VERSION +#endif + ) + AssertIntEQ(wolfSSL_CTX_add_session(wolfSSL_get_SSL_CTX(ssl), + *sess), WOLFSSL_SUCCESS); + } + else { + /* If we have a session retrieved then remaining connections should be + * resuming on that session */ + AssertIntEQ(wolfSSL_session_reused(ssl), 1); + } +#ifdef WOLFSSL_MUTEX_INITIALIZER + wc_UnLockMutex(&m); +#endif + + /* Save CTX to be able to decrypt tickets */ + if (wolfSSL_is_server(ssl) && + test_wolfSSL_CTX_add_session_server_ctx == NULL) { + test_wolfSSL_CTX_add_session_server_ctx = wolfSSL_get_SSL_CTX(ssl); + AssertNotNull(test_wolfSSL_CTX_add_session_server_ctx); + AssertIntEQ(wolfSSL_CTX_up_ref(wolfSSL_get_SSL_CTX(ssl)), + WOLFSSL_SUCCESS); + } +#ifdef SESSION_CERTS +#ifndef WOLFSSL_TICKET_HAVE_ID + if (wolfSSL_version(ssl) != TLS1_3_VERSION && + wolfSSL_session_reused(ssl)) +#endif + { + /* With WOLFSSL_TICKET_HAVE_ID the peer certs should be available + * for all connections. TLS 1.3 only has tickets so if we don't + * include the session id in the ticket then the certificates + * will not be available on resumption. */ + #ifdef KEEP_PEER_CERT + WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl); + AssertNotNull(peer); + wolfSSL_X509_free(peer); + #endif + AssertNotNull(wolfSSL_SESSION_get_peer_chain(*sess)); + #ifdef OPENSSL_EXTRA + AssertNotNull(SSL_SESSION_get0_peer(*sess)); + #endif + } +#endif /* SESSION_CERTS */ +} + +static void test_wolfSSL_CTX_add_session_ssl_ready(WOLFSSL* ssl) +{ + /* Set the session to reuse for the client */ + AssertIntEQ(wolfSSL_set_session(ssl, + test_wolfSSL_CTX_add_session_client_sess), WOLFSSL_SUCCESS); +} +#endif + +static int test_wolfSSL_CTX_add_session(void) +{ + EXPECT_DECLS; +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \ + !defined(SINGLE_THREADED) && defined(WOLFSSL_TLS13) && \ + !defined(NO_SESSION_CACHE) + tcp_ready ready; + func_args client_args; + func_args server_args; + THREAD_TYPE serverThread; + callback_functions client_cb; + callback_functions server_cb; + method_provider methods[][2] = { +#if !defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \ + !defined(NO_DES3)) + /* Without AES there are almost no ciphersuites available. This leads + * to no ciphersuites being available and an error. */ + { wolfTLSv1_1_client_method, wolfTLSv1_1_server_method }, +#endif +#ifndef WOLFSSL_NO_TLS12 + { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method }, +#endif + /* Needs the default ticket callback since it is tied to the + * connection context and this makes it easy to carry over the ticket + * crypto context between connections */ +#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ + defined(HAVE_SESSION_TICKET) + { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method }, +#endif + }; + const size_t methodsLen = sizeof(methods)/sizeof(*methods); + size_t i, j; + + for (i = 0; i < methodsLen; i++) { + /* First run creates a connection while the second+ run will attempt + * to resume the connection. The trick is that the internal cache + * is turned off. wolfSSL_CTX_add_session should put the session in + * the cache anyway. */ + test_wolfSSL_CTX_add_session_client_sess = NULL; + test_wolfSSL_CTX_add_session_server_sess = NULL; + test_wolfSSL_CTX_add_session_server_ctx = NULL; + +#ifdef NO_SESSION_CACHE_REF + for (j = 0; j < 4; j++) { +#else + /* The session may be overwritten in this case. Do only one resumption + * to stop this test from failing intermittently. */ + for (j = 0; j < 2; j++) { +#endif +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + StartTCP(); + InitTcpReady(&ready); + + XMEMSET(&client_args, 0, sizeof(func_args)); + XMEMSET(&server_args, 0, sizeof(func_args)); + + XMEMSET(&client_cb, 0, sizeof(callback_functions)); + XMEMSET(&server_cb, 0, sizeof(callback_functions)); + client_cb.method = methods[i][0]; + server_cb.method = methods[i][1]; + + server_args.signal = &ready; + server_args.callbacks = &server_cb; + client_args.signal = &ready; + client_args.callbacks = &client_cb; + + if (test_wolfSSL_CTX_add_session_server_ctx != NULL) { + server_cb.ctx = test_wolfSSL_CTX_add_session_server_ctx; + server_cb.isSharedCtx = 1; + } + server_cb.ctx_ready = test_wolfSSL_CTX_add_session_ctx_ready; + client_cb.ctx_ready = test_wolfSSL_CTX_add_session_ctx_ready; + if (j != 0) + client_cb.ssl_ready = test_wolfSSL_CTX_add_session_ssl_ready; + server_cb.on_result = test_wolfSSL_CTX_add_session_on_result; + client_cb.on_result = test_wolfSSL_CTX_add_session_on_result; + server_cb.ticNoInit = 1; /* Use default builtin */ + + start_thread(test_server_nofail, &server_args, &serverThread); + wait_tcp_ready(&server_args); + test_client_nofail(&client_args, NULL); + join_thread(serverThread); + + ExpectTrue(client_args.return_code); + ExpectTrue(server_args.return_code); + + FreeTcpReady(&ready); + + if (EXPECT_FAIL()) + break; + } + wolfSSL_SESSION_free(test_wolfSSL_CTX_add_session_client_sess); + wolfSSL_SESSION_free(test_wolfSSL_CTX_add_session_server_sess); + wolfSSL_CTX_free(test_wolfSSL_CTX_add_session_server_ctx); + + if (EXPECT_FAIL()) + break; + } +#endif + + return EXPECT_RESULT(); +} +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \ + defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \ + defined(OPENSSL_EXTRA) && defined(SESSION_CERTS) && \ + defined(HAVE_SESSION_TICKET) && \ + !defined(TITAN_SESSION_CACHE) && \ + !defined(HUGE_SESSION_CACHE) && \ + !defined(BIG_SESSION_CACHE) && \ + !defined(MEDIUM_SESSION_CACHE) + +/* twcase - prefix for test_wolfSSL_CTX_add_session_ext */ +/* Sessions to restore/store */ +static WOLFSSL_SESSION* twcase_server_first_session_ptr; +static WOLFSSL_SESSION* twcase_client_first_session_ptr; +static WOLFSSL_CTX* twcase_server_current_ctx_ptr; +static int twcase_new_session_called = 0; +static int twcase_remove_session_called = 0; +static int twcase_get_session_called = 0; + +/* Test default, SESSIONS_PER_ROW*SESSION_ROWS = 3*11, see ssl.c */ +#define SESSION_CACHE_SIZE 33 + +typedef struct { + const byte* key; /* key, altSessionID, session ID, NULL if empty */ + WOLFSSL_SESSION* value; +} hashTable_entry; + +typedef struct { + hashTable_entry entries[SESSION_CACHE_SIZE]; /* hash slots */ + size_t capacity; /* size of entries */ + size_t length; /* number of items in the hash table */ + wolfSSL_Mutex htLock; /* lock */ +}hashTable; + +static hashTable server_sessionCache; + +static int twcase_new_sessionCb(WOLFSSL *ssl, WOLFSSL_SESSION *sess) +{ + int i; + unsigned int len; + (void)ssl; + + /* + * This example uses a hash table. + * Steps you should take for a non-demo code: + * - acquire a lock for the file named according to the session id + * - open the file + * - encrypt and write the SSL_SESSION object to the file + * - release the lock + * + * Return: + * 0: The callback does not wish to hold a reference of the sess + * 1: The callback wants to hold a reference of the sess. The callback is + * now also responsible for calling wolfSSL_SESSION_free() on sess. + */ + if (sess == NULL) + return 0; + + if (wc_LockMutex(&server_sessionCache.htLock) != 0) { + return 0; + } + for (i = 0; i < SESSION_CACHE_SIZE; i++) { + if (server_sessionCache.entries[i].value == NULL) { + server_sessionCache.entries[i].key = SSL_SESSION_get_id(sess, &len); + server_sessionCache.entries[i].value = sess; + server_sessionCache.length++; + break; + } + } + ++twcase_new_session_called; + wc_UnLockMutex(&server_sessionCache.htLock); + fprintf(stderr, "\t\ttwcase_new_session_called %d\n", + twcase_new_session_called); + return 1; +} + +static void twcase_remove_sessionCb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess) +{ + int i; + (void)ctx; + (void)sess; + + if (sess == NULL) + return; + /* + * This example uses a hash table. + * Steps you should take for a non-demo code: + * - acquire a lock for the file named according to the session id + * - remove the file + * - release the lock + */ + if (wc_LockMutex(&server_sessionCache.htLock) != 0) { + return; + } + for (i = 0; i < SESSION_CACHE_SIZE; i++) { + if (server_sessionCache.entries[i].key != NULL && + XMEMCMP(server_sessionCache.entries[i].key, + sess->sessionID, SSL_MAX_SSL_SESSION_ID_LENGTH) == 0) { + wolfSSL_SESSION_free(server_sessionCache.entries[i].value); + server_sessionCache.entries[i].value = NULL; + server_sessionCache.entries[i].key = NULL; + server_sessionCache.length--; + break; + } + } + ++twcase_remove_session_called; + wc_UnLockMutex(&server_sessionCache.htLock); + fprintf(stderr, "\t\ttwcase_remove_session_called %d\n", + twcase_remove_session_called); +} + +static WOLFSSL_SESSION *twcase_get_sessionCb(WOLFSSL *ssl, + const unsigned char *id, int len, int *ref) +{ + int i; + (void)ssl; + (void)id; + (void)len; + + /* + * This example uses a hash table. + * Steps you should take for a non-demo code: + * - acquire a lock for the file named according to the session id in the + * 2nd arg + * - read and decrypt contents of file and create a new SSL_SESSION + * - object release the lock + * - return the new session object + */ + fprintf(stderr, "\t\ttwcase_get_session_called %d\n", + ++twcase_get_session_called); + /* This callback want to retain a copy of the object. If we want wolfSSL to + * be responsible for the pointer then set to 0. */ + *ref = 1; + + for (i = 0; i < SESSION_CACHE_SIZE; i++) { + if (server_sessionCache.entries[i].key != NULL && + XMEMCMP(server_sessionCache.entries[i].key, id, + SSL_MAX_SSL_SESSION_ID_LENGTH) == 0) { + return server_sessionCache.entries[i].value; + } + } + return NULL; +} +static int twcase_get_sessionCb_cleanup(void) +{ + int i; + int cnt = 0; + + /* If twcase_get_sessionCb sets *ref = 1, the application is responsible + * for freeing sessions */ + + for (i = 0; i < SESSION_CACHE_SIZE; i++) { + if (server_sessionCache.entries[i].value != NULL) { + wolfSSL_SESSION_free(server_sessionCache.entries[i].value); + cnt++; + } + } + + fprintf(stderr, "\t\ttwcase_get_sessionCb_cleanup freed %d sessions\n", + cnt); + + return TEST_SUCCESS; +} + +static int twcase_cache_intOff_extOff(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + /* off - Disable internal cache */ + ExpectIntEQ(wolfSSL_CTX_set_session_cache_mode(ctx, + WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE), WOLFSSL_SUCCESS); +#ifdef OPENSSL_EXTRA + ExpectIntEQ(wolfSSL_CTX_get_session_cache_mode(ctx) & + WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE, + WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE); +#endif + /* off - Do not setup external cache */ + + /* Require both peers to provide certs */ + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); + return EXPECT_RESULT(); +} + +static int twcase_cache_intOn_extOff(WOLFSSL_CTX* ctx) +{ + /* on - internal cache is on by default */ + /* off - Do not setup external cache */ + /* Require both peers to provide certs */ + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); + return TEST_SUCCESS; +} + +static int twcase_cache_intOff_extOn(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + /* off - Disable internal cache */ + ExpectIntEQ(wolfSSL_CTX_set_session_cache_mode(ctx, + WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE), WOLFSSL_SUCCESS); +#ifdef OPENSSL_EXTRA + ExpectIntEQ(wolfSSL_CTX_get_session_cache_mode(ctx) & + WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE, + WOLFSSL_SESS_CACHE_NO_INTERNAL_STORE); +#endif + /* on - Enable external cache */ + wolfSSL_CTX_sess_set_new_cb(ctx, twcase_new_sessionCb); + wolfSSL_CTX_sess_set_remove_cb(ctx, twcase_remove_sessionCb); + wolfSSL_CTX_sess_set_get_cb(ctx, twcase_get_sessionCb); + + /* Require both peers to provide certs */ + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); + return EXPECT_RESULT(); +} + +static int twcase_cache_intOn_extOn(WOLFSSL_CTX* ctx) +{ + /* on - internal cache is on by default */ + /* on - Enable external cache */ + wolfSSL_CTX_sess_set_new_cb(ctx, twcase_new_sessionCb); + wolfSSL_CTX_sess_set_remove_cb(ctx, twcase_remove_sessionCb); + wolfSSL_CTX_sess_set_get_cb(ctx, twcase_get_sessionCb); + + /* Require both peers to provide certs */ + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); + return TEST_SUCCESS; +} +static int twcase_cache_intOn_extOn_noTicket(WOLFSSL_CTX* ctx) +{ + /* on - internal cache is on by default */ + /* on - Enable external cache */ + wolfSSL_CTX_sess_set_new_cb(ctx, twcase_new_sessionCb); + wolfSSL_CTX_sess_set_remove_cb(ctx, twcase_remove_sessionCb); + wolfSSL_CTX_sess_set_get_cb(ctx, twcase_get_sessionCb); + + wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TICKET); + /* Require both peers to provide certs */ + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); + return TEST_SUCCESS; +} +static int twcase_server_sess_ctx_pre_shutdown(WOLFSSL* ssl) +{ + EXPECT_DECLS; + WOLFSSL_SESSION** sess; + if (wolfSSL_is_server(ssl)) + sess = &twcase_server_first_session_ptr; + else + return TEST_SUCCESS; + + if (*sess == NULL) { + ExpectNotNull(*sess = wolfSSL_get1_session(ssl)); + /* Now save the session in the internal store to make it available + * for lookup. For TLS 1.3, we can't save the session without + * WOLFSSL_TICKET_HAVE_ID because there is no way to retrieve the + * session from cache. */ + if (wolfSSL_is_server(ssl) +#ifndef WOLFSSL_TICKET_HAVE_ID + && wolfSSL_version(ssl) != TLS1_3_VERSION + && wolfSSL_version(ssl) != DTLS1_3_VERSION +#endif + ) { + ExpectIntEQ(wolfSSL_CTX_add_session(wolfSSL_get_SSL_CTX(ssl), + *sess), WOLFSSL_SUCCESS); + } + } + /* Save CTX to be able to decrypt tickets */ + if (twcase_server_current_ctx_ptr == NULL) { + ExpectNotNull(twcase_server_current_ctx_ptr = wolfSSL_get_SSL_CTX(ssl)); + ExpectIntEQ(wolfSSL_CTX_up_ref(wolfSSL_get_SSL_CTX(ssl)), + WOLFSSL_SUCCESS); + } +#ifdef SESSION_CERTS +#ifndef WOLFSSL_TICKET_HAVE_ID + if (wolfSSL_version(ssl) != TLS1_3_VERSION && + wolfSSL_session_reused(ssl)) +#endif + { + /* With WOLFSSL_TICKET_HAVE_ID the peer certs should be available + * for all connections. TLS 1.3 only has tickets so if we don't + * include the session id in the ticket then the certificates + * will not be available on resumption. */ + #ifdef KEEP_PEER_CERT + WOLFSSL_X509* peer = NULL; + ExpectNotNull(peer = wolfSSL_get_peer_certificate(ssl)); + wolfSSL_X509_free(peer); + #endif + ExpectNotNull(wolfSSL_SESSION_get_peer_chain(*sess)); + } +#endif + return EXPECT_RESULT(); +} + +static int twcase_client_sess_ctx_pre_shutdown(WOLFSSL* ssl) +{ + EXPECT_DECLS; + WOLFSSL_SESSION** sess; + sess = &twcase_client_first_session_ptr; + if (*sess == NULL) { + ExpectNotNull(*sess = wolfSSL_get1_session(ssl)); + } + else { + /* If we have a session retrieved then remaining connections should be + * resuming on that session */ + ExpectIntEQ(wolfSSL_session_reused(ssl), 1); + } + +#ifdef SESSION_CERTS +#ifndef WOLFSSL_TICKET_HAVE_ID + if (wolfSSL_version(ssl) != TLS1_3_VERSION && + wolfSSL_session_reused(ssl)) +#endif + { + #ifdef KEEP_PEER_CERT + WOLFSSL_X509* peer = wolfSSL_get_peer_certificate(ssl); + ExpectNotNull(peer); + wolfSSL_X509_free(peer); + #endif + ExpectNotNull(wolfSSL_SESSION_get_peer_chain(*sess)); +#ifdef OPENSSL_EXTRA + ExpectNotNull(wolfSSL_SESSION_get0_peer(*sess)); +#endif + } +#endif + return EXPECT_RESULT(); +} +static int twcase_client_set_sess_ssl_ready(WOLFSSL* ssl) +{ + EXPECT_DECLS; + /* Set the session to reuse for the client */ + ExpectNotNull(ssl); + ExpectNotNull(twcase_client_first_session_ptr); + ExpectIntEQ(wolfSSL_set_session(ssl,twcase_client_first_session_ptr), + WOLFSSL_SUCCESS); + return EXPECT_RESULT(); +} + +struct test_add_session_ext_params { + method_provider client_meth; + method_provider server_meth; + const char* tls_version; +}; + +static int test_wolfSSL_CTX_add_session_ext( + struct test_add_session_ext_params* param) +{ + EXPECT_DECLS; + /* Test the default 33 sessions */ + int j; + + /* Clear cache before starting */ + wolfSSL_CTX_flush_sessions(NULL, -1); + + XMEMSET(&server_sessionCache, 0, sizeof(hashTable)); + if (wc_InitMutex(&server_sessionCache.htLock) != 0) + return BAD_MUTEX_E; + server_sessionCache.capacity = SESSION_CACHE_SIZE; + + fprintf(stderr, "\tBegin %s\n", param->tls_version); + for (j = 0; j < 5; j++) { + int tls13 = XSTRSTR(param->tls_version, "TLSv1_3") != NULL; + int dtls = XSTRSTR(param->tls_version, "DTLS") != NULL; + test_ssl_cbf client_cb; + test_ssl_cbf server_cb; + + (void)dtls; + + /* Test five cache configurations */ + twcase_client_first_session_ptr = NULL; + twcase_server_first_session_ptr = NULL; + twcase_server_current_ctx_ptr = NULL; + twcase_new_session_called = 0; + twcase_remove_session_called = 0; + twcase_get_session_called = 0; + + /* connection 1 - first connection */ + fprintf(stderr, "\tconnect: %s: j=%d\n", param->tls_version, j); + + XMEMSET(&client_cb, 0, sizeof(client_cb)); + XMEMSET(&server_cb, 0, sizeof(server_cb)); + client_cb.method = param->client_meth; + server_cb.method = param->server_meth; + + if (dtls) + client_cb.doUdp = server_cb.doUdp = 1; + + /* Setup internal and external cache */ + switch (j) { + case 0: + /* SSL_OP_NO_TICKET stateful ticket case */ + server_cb.ctx_ready = twcase_cache_intOn_extOn_noTicket; + break; + case 1: + server_cb.ctx_ready = twcase_cache_intOn_extOn; + break; + case 2: + server_cb.ctx_ready = twcase_cache_intOff_extOn; + break; + case 3: + server_cb.ctx_ready = twcase_cache_intOn_extOff; + break; + case 4: + server_cb.ctx_ready = twcase_cache_intOff_extOff; + break; + } + client_cb.ctx_ready = twcase_cache_intOff_extOff; + + /* Add session to internal cache and save SSL session for testing */ + server_cb.on_result = twcase_server_sess_ctx_pre_shutdown; + /* Save client SSL session for testing */ + client_cb.on_result = twcase_client_sess_ctx_pre_shutdown; + server_cb.ticNoInit = 1; /* Use default builtin */ + /* Don't free/release ctx */ + server_cb.ctx = twcase_server_current_ctx_ptr; + server_cb.isSharedCtx = 1; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cb, + &server_cb, NULL), TEST_SUCCESS); + + ExpectIntEQ(twcase_get_session_called, 0); + if (EXPECT_FAIL()) { + wolfSSL_SESSION_free(twcase_client_first_session_ptr); + wolfSSL_SESSION_free(twcase_server_first_session_ptr); + wolfSSL_CTX_free(twcase_server_current_ctx_ptr); + break; + } + + switch (j) { + case 0: + case 1: + case 2: + /* cache cannot be searched with out a connection */ + /* Add a new session */ + ExpectIntEQ(twcase_new_session_called, 1); + /* In twcase_server_sess_ctx_pre_shutdown + * wolfSSL_CTX_add_session which evicts the existing session + * in cache and adds it back in */ + ExpectIntLE(twcase_remove_session_called, 1); + break; + case 3: + case 4: + /* no external cache */ + ExpectIntEQ(twcase_new_session_called, 0); + ExpectIntEQ(twcase_remove_session_called, 0); + break; + } + + /* connection 2 - session resume */ + fprintf(stderr, "\tresume: %s: j=%d\n", param->tls_version, j); + twcase_new_session_called = 0; + twcase_remove_session_called = 0; + twcase_get_session_called = 0; + server_cb.on_result = 0; + client_cb.on_result = 0; + server_cb.ticNoInit = 1; /* Use default builtin */ + + server_cb.ctx = twcase_server_current_ctx_ptr; + + /* try session resumption */ + client_cb.ssl_ready = twcase_client_set_sess_ssl_ready; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cb, + &server_cb, NULL), TEST_SUCCESS); + + /* Clear cache before checking */ + wolfSSL_CTX_flush_sessions(NULL, -1); + + switch (j) { + case 0: + if (tls13) { + /* (D)TLSv1.3 stateful case */ + /* cache hit */ + /* DTLS accesses cache once for stateless parsing and + * once for stateful parsing */ + ExpectIntEQ(twcase_get_session_called, !dtls ? 1 : 2); + + /* (D)TLSv1.3 creates a new ticket, + * updates both internal and external cache */ + ExpectIntEQ(twcase_new_session_called, 1); + /* A new session ID is created for a new ticket */ + ExpectIntEQ(twcase_remove_session_called, 2); + + } + else { + /* non (D)TLSv1.3 case, no update */ + /* DTLS accesses cache once for stateless parsing and + * once for stateful parsing */ +#ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME + ExpectIntEQ(twcase_get_session_called, !dtls ? 1 : 2); +#else + ExpectIntEQ(twcase_get_session_called, 1); +#endif + ExpectIntEQ(twcase_new_session_called, 0); + /* Called on session added in + * twcase_server_sess_ctx_pre_shutdown */ + ExpectIntEQ(twcase_remove_session_called, 1); + } + break; + case 1: + if (tls13) { + /* (D)TLSv1.3 case */ + /* cache hit */ + ExpectIntEQ(twcase_get_session_called, 1); + /* (D)TLSv1.3 creates a new ticket, + * updates both internal and external cache */ + ExpectIntEQ(twcase_new_session_called, 1); + /* Called on session added in + * twcase_server_sess_ctx_pre_shutdown and by wolfSSL */ + ExpectIntEQ(twcase_remove_session_called, 1); + } + else { + /* non (D)TLSv1.3 case */ + /* cache hit */ + /* DTLS accesses cache once for stateless parsing and + * once for stateful parsing */ +#ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME + ExpectIntEQ(twcase_get_session_called, !dtls ? 1 : 2); +#else + ExpectIntEQ(twcase_get_session_called, 1); +#endif + ExpectIntEQ(twcase_new_session_called, 0); + /* Called on session added in + * twcase_server_sess_ctx_pre_shutdown */ + ExpectIntEQ(twcase_remove_session_called, 1); + } + break; + case 2: + if (tls13) { + /* (D)TLSv1.3 case */ + /* cache hit */ + ExpectIntEQ(twcase_get_session_called, 1); + /* (D)TLSv1.3 creates a new ticket, + * updates both internal and external cache */ + ExpectIntEQ(twcase_new_session_called, 1); + /* Called on session added in + * twcase_server_sess_ctx_pre_shutdown and by wolfSSL */ + ExpectIntEQ(twcase_remove_session_called, 1); + } + else { + /* non (D)TLSv1.3 case */ + /* cache hit */ + /* DTLS accesses cache once for stateless parsing and + * once for stateful parsing */ +#ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME + ExpectIntEQ(twcase_get_session_called, !dtls ? 1 : 2); +#else + ExpectIntEQ(twcase_get_session_called, 1); +#endif + ExpectIntEQ(twcase_new_session_called, 0); + /* Called on session added in + * twcase_server_sess_ctx_pre_shutdown */ + ExpectIntEQ(twcase_remove_session_called, 1); + } + break; + case 3: + case 4: + /* no external cache */ + ExpectIntEQ(twcase_get_session_called, 0); + ExpectIntEQ(twcase_new_session_called, 0); + ExpectIntEQ(twcase_remove_session_called, 0); + break; + } + wolfSSL_SESSION_free(twcase_client_first_session_ptr); + wolfSSL_SESSION_free(twcase_server_first_session_ptr); + wolfSSL_CTX_free(twcase_server_current_ctx_ptr); + + if (EXPECT_FAIL()) + break; + } + twcase_get_sessionCb_cleanup(); + XMEMSET(&server_sessionCache.entries, 0, + sizeof(server_sessionCache.entries)); + fprintf(stderr, "\tEnd %s\n", param->tls_version); + + wc_FreeMutex(&server_sessionCache.htLock); + + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_CTX_add_session_ext_tls13(void) +{ + EXPECT_DECLS; +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \ + defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \ + defined(OPENSSL_EXTRA) && defined(SESSION_CERTS) && \ + defined(HAVE_SESSION_TICKET) && \ + !defined(TITAN_SESSION_CACHE) && \ + !defined(HUGE_SESSION_CACHE) && \ + !defined(BIG_SESSION_CACHE) && \ + !defined(MEDIUM_SESSION_CACHE) +#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ + defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TICKET_HAVE_ID) + struct test_add_session_ext_params param[1] = { + { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLSv1_3" } + }; + ExpectIntEQ(test_wolfSSL_CTX_add_session_ext(param), TEST_SUCCESS); +#endif +#endif + return EXPECT_RESULT(); +} +static int test_wolfSSL_CTX_add_session_ext_dtls13(void) +{ + EXPECT_DECLS; +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \ + defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \ + defined(OPENSSL_EXTRA) && defined(SESSION_CERTS) && \ + defined(HAVE_SESSION_TICKET) && \ + !defined(TITAN_SESSION_CACHE) && \ + !defined(HUGE_SESSION_CACHE) && \ + !defined(BIG_SESSION_CACHE) && \ + !defined(MEDIUM_SESSION_CACHE) +#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ + defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TICKET_HAVE_ID) +#ifdef WOLFSSL_DTLS13 + struct test_add_session_ext_params param[1] = { + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLSv1_3" } + }; + ExpectIntEQ(test_wolfSSL_CTX_add_session_ext(param), TEST_SUCCESS); +#endif +#endif +#endif + return EXPECT_RESULT(); +} +static int test_wolfSSL_CTX_add_session_ext_tls12(void) +{ + EXPECT_DECLS; +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \ + defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \ + defined(OPENSSL_EXTRA) && defined(SESSION_CERTS) && \ + defined(HAVE_SESSION_TICKET) && \ + !defined(TITAN_SESSION_CACHE) && \ + !defined(HUGE_SESSION_CACHE) && \ + !defined(BIG_SESSION_CACHE) && \ + !defined(MEDIUM_SESSION_CACHE) +#ifndef WOLFSSL_NO_TLS12 + struct test_add_session_ext_params param[1] = { + { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2" } + }; + ExpectIntEQ(test_wolfSSL_CTX_add_session_ext(param), TEST_SUCCESS); +#endif +#endif + return EXPECT_RESULT(); +} +static int test_wolfSSL_CTX_add_session_ext_dtls12(void) +{ + EXPECT_DECLS; +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \ + defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \ + defined(OPENSSL_EXTRA) && defined(SESSION_CERTS) && \ + defined(HAVE_SESSION_TICKET) && \ + !defined(TITAN_SESSION_CACHE) && \ + !defined(HUGE_SESSION_CACHE) && \ + !defined(BIG_SESSION_CACHE) && \ + !defined(MEDIUM_SESSION_CACHE) +#ifndef WOLFSSL_NO_TLS12 +#ifdef WOLFSSL_DTLS + struct test_add_session_ext_params param[1] = { + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2" } + }; + ExpectIntEQ(test_wolfSSL_CTX_add_session_ext(param), TEST_SUCCESS); +#endif +#endif +#endif + return EXPECT_RESULT(); +} +static int test_wolfSSL_CTX_add_session_ext_tls11(void) +{ + EXPECT_DECLS; +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \ + defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \ + defined(OPENSSL_EXTRA) && defined(SESSION_CERTS) && \ + defined(HAVE_SESSION_TICKET) && \ + !defined(TITAN_SESSION_CACHE) && \ + !defined(HUGE_SESSION_CACHE) && \ + !defined(BIG_SESSION_CACHE) && \ + !defined(MEDIUM_SESSION_CACHE) +#if !defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \ + !defined(NO_DES3)) + struct test_add_session_ext_params param[1] = { + { wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLSv1_1" } + }; + ExpectIntEQ(test_wolfSSL_CTX_add_session_ext(param), TEST_SUCCESS); +#endif +#endif + return EXPECT_RESULT(); +} +static int test_wolfSSL_CTX_add_session_ext_dtls1(void) +{ + EXPECT_DECLS; +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_EXT_CACHE) && \ + defined(WOLFSSL_TLS13) && !defined(NO_SESSION_CACHE) && \ + defined(OPENSSL_EXTRA) && defined(SESSION_CERTS) && \ + defined(HAVE_SESSION_TICKET) && \ + !defined(TITAN_SESSION_CACHE) && \ + !defined(HUGE_SESSION_CACHE) && \ + !defined(BIG_SESSION_CACHE) && \ + !defined(MEDIUM_SESSION_CACHE) +#if !defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \ + !defined(NO_DES3)) +#ifdef WOLFSSL_DTLS + struct test_add_session_ext_params param[1] = { + { wolfDTLSv1_client_method, wolfDTLSv1_server_method, "DTLSv1_0" } + }; + ExpectIntEQ(test_wolfSSL_CTX_add_session_ext(param), TEST_SUCCESS); +#endif +#endif +#endif + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) +/* canned export of a session using older version 3 */ +static unsigned char version_3[] = { + 0xA5, 0xA3, 0x01, 0x88, 0x00, 0x3c, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x80, 0x0C, 0x00, 0x00, 0x00, + 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, 0x30, + 0x05, 0x09, 0x0A, 0x01, 0x01, 0x00, 0x0D, 0x05, + 0xFE, 0xFD, 0x01, 0x25, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x06, 0x00, 0x05, 0x00, 0x06, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x06, 0x00, 0x01, 0x00, 0x07, 0x00, 0x00, + 0x00, 0x30, 0x00, 0x00, 0x00, 0x10, 0x01, 0x01, + 0x00, 0x02, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x3F, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x30, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x20, 0x05, + 0x12, 0xCF, 0x22, 0xA1, 0x9F, 0x1C, 0x39, 0x1D, + 0x31, 0x11, 0x12, 0x1D, 0x11, 0x18, 0x0D, 0x0B, + 0xF3, 0xE1, 0x4D, 0xDC, 0xB1, 0xF1, 0x39, 0x98, + 0x91, 0x6C, 0x48, 0xE5, 0xED, 0x11, 0x12, 0xA0, + 0x00, 0xF2, 0x25, 0x4C, 0x09, 0x26, 0xD1, 0x74, + 0xDF, 0x23, 0x40, 0x15, 0x6A, 0x42, 0x2A, 0x26, + 0xA5, 0xAC, 0x56, 0xD5, 0x4A, 0x20, 0xB7, 0xE9, + 0xEF, 0xEB, 0xAF, 0xA8, 0x1E, 0x23, 0x7C, 0x04, + 0xAA, 0xA1, 0x6D, 0x92, 0x79, 0x7B, 0xFA, 0x80, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x0C, 0x79, 0x7B, 0xFA, 0x80, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0xAA, 0xA1, 0x6D, + 0x92, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x10, 0x00, 0x20, 0x00, 0x04, 0x00, + 0x10, 0x00, 0x10, 0x08, 0x02, 0x05, 0x08, 0x01, + 0x30, 0x28, 0x00, 0x00, 0x0F, 0x00, 0x02, 0x00, + 0x09, 0x31, 0x32, 0x37, 0x2E, 0x30, 0x2E, 0x30, + 0x2E, 0x31, 0xED, 0x4F +}; +#endif /* defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) */ + +static int test_wolfSSL_dtls_export(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) + tcp_ready ready; + func_args client_args; + func_args server_args; + THREAD_TYPE serverThread; + callback_functions server_cbf; + callback_functions client_cbf; +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + InitTcpReady(&ready); + +#if defined(USE_WINDOWS_API) + /* use RNG to get random port if using windows */ + ready.port = GetRandomPort(); +#endif + + /* set using dtls */ + XMEMSET(&client_args, 0, sizeof(func_args)); + XMEMSET(&server_args, 0, sizeof(func_args)); + XMEMSET(&server_cbf, 0, sizeof(callback_functions)); + XMEMSET(&client_cbf, 0, sizeof(callback_functions)); + server_cbf.method = wolfDTLSv1_2_server_method; + client_cbf.method = wolfDTLSv1_2_client_method; + server_args.callbacks = &server_cbf; + client_args.callbacks = &client_cbf; + + server_args.signal = &ready; + client_args.signal = &ready; + + start_thread(run_wolfssl_server, &server_args, &serverThread); + wait_tcp_ready(&server_args); + run_wolfssl_client(&client_args); + join_thread(serverThread); + + ExpectTrue(client_args.return_code); + ExpectTrue(server_args.return_code); + + FreeTcpReady(&ready); + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + if (EXPECT_SUCCESS()) { + SOCKET_T sockfd = 0; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + char msg[64] = "hello wolfssl!"; + char reply[1024]; + int msgSz = (int)XSTRLEN(msg); + byte *session, *window; + unsigned int sessionSz = 0; + unsigned int windowSz = 0; + +#ifndef TEST_IPV6 + struct sockaddr_in peerAddr; +#else + struct sockaddr_in6 peerAddr; +#endif /* TEST_IPV6 */ + + int i; + + + /* Set ctx to DTLS 1.2 */ + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* test importing version 3 */ + ExpectIntGE(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0); + + /* test importing bad length and bad version */ + version_3[2]++; + ExpectIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0); + version_3[2]--; version_3[1] = 0XA0; + ExpectIntLT(wolfSSL_dtls_import(ssl, version_3, sizeof(version_3)), 0); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + + + /* check storing client state after connection and storing window only */ +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + InitTcpReady(&ready); + +#if defined(USE_WINDOWS_API) + /* use RNG to get random port if using windows */ + ready.port = GetRandomPort(); +#endif + + /* set using dtls */ + XMEMSET(&server_args, 0, sizeof(func_args)); + XMEMSET(&server_cbf, 0, sizeof(callback_functions)); + server_cbf.method = wolfDTLSv1_2_server_method; + server_cbf.doUdp = 1; + server_args.callbacks = &server_cbf; + server_args.argc = 3; /* set loop_count to 3 */ + + + server_args.signal = &ready; + start_thread(test_server_nofail, &server_args, &serverThread); + wait_tcp_ready(&server_args); + + /* create and connect with client */ + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method())); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); + tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 1, 0, NULL); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); + + /* store server information connected too */ + XMEMSET(&peerAddr, 0, sizeof(peerAddr)); +#ifndef TEST_IPV6 + peerAddr.sin_family = AF_INET; + ExpectIntEQ(XINET_PTON(AF_INET, wolfSSLIP, &peerAddr.sin_addr),1); + peerAddr.sin_port = XHTONS(server_args.signal->port); +#else + peerAddr.sin6_family = AF_INET6; + ExpectIntEQ( + XINET_PTON(AF_INET6, wolfSSLIP, &peerAddr.sin6_addr),1); + peerAddr.sin6_port = XHTONS(server_args.signal->port); +#endif + + ExpectIntEQ(wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr)), + WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls_export(ssl, NULL, &sessionSz), 0); + session = (byte*)XMALLOC(sessionSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ExpectIntGT(wolfSSL_dtls_export(ssl, session, &sessionSz), 0); + ExpectIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); + ExpectIntGT(wolfSSL_read(ssl, reply, sizeof(reply)), 0); + ExpectIntEQ(wolfSSL_dtls_export_state_only(ssl, NULL, &windowSz), 0); + window = (byte*)XMALLOC(windowSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ExpectIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0); + wolfSSL_free(ssl); + + for (i = 1; EXPECT_SUCCESS() && i < server_args.argc; i++) { + /* restore state */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectIntGT(wolfSSL_dtls_import(ssl, session, sessionSz), 0); + ExpectIntGT(wolfSSL_dtls_import(ssl, window, windowSz), 0); + ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls_set_peer(ssl, &peerAddr, sizeof(peerAddr)), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); + ExpectIntGE(wolfSSL_read(ssl, reply, sizeof(reply)), 0); + ExpectIntGT(wolfSSL_dtls_export_state_only(ssl, window, &windowSz), 0); + wolfSSL_free(ssl); + } + XFREE(session, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(window, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_CTX_free(ctx); + + fprintf(stderr, "done and waiting for server\n"); + join_thread(serverThread); + ExpectIntEQ(server_args.return_code, TEST_SUCCESS); + + FreeTcpReady(&ready); + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + } +#endif + + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12) +#ifdef WOLFSSL_TLS13 +static const byte canned_client_tls13_session_v4[] = { + 0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00, + 0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x01, + 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, + 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, + 0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x09, 0x00, + 0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00, + 0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x00, 0x27, 0x00, 0x00, 0x00, + 0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18, + 0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31, + 0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4, + 0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B, + 0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7, + 0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01, + 0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2, + 0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48, + 0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C, + 0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73, + 0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E, + 0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77, + 0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35, + 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F, + 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0, + 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, + 0x35, 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, + 0x6F, 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, + 0xA0, 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, + 0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10, + 0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20, + 0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x03 +}; + +static const byte canned_client_tls13_session_v5[] = { + 0xa7, 0xa5, 0x01, 0x19, 0x00, 0x42, 0x00, 0x00, 0x01, 0x00, 0x00, 0x80, + 0x04, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1c, 0x01, 0x00, 0x00, 0x01, + 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, 0x01, 0x0a, 0x0f, 0x10, + 0x01, 0x02, 0x09, 0x00, 0x05, 0x00, 0x00, 0x00, 0x00, 0x01, 0x03, 0x04, + 0x00, 0xb7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x27, 0x00, 0x00, + 0x00, 0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4f, 0x18, 0xd8, 0xc1, 0x24, + 0xd8, 0xbb, 0x17, 0x9e, 0x31, 0xa3, 0xf8, 0xa7, 0x3c, 0xba, 0xec, 0xfa, + 0xb4, 0x7f, 0xc5, 0x78, 0xeb, 0x6d, 0xe3, 0x2b, 0x7b, 0x94, 0xbe, 0x20, + 0x11, 0x7e, 0x17, 0x10, 0xa7, 0x10, 0x19, 0xec, 0x62, 0xcc, 0xbe, 0xf5, + 0x01, 0x35, 0x3c, 0xea, 0xef, 0x44, 0x3c, 0x40, 0xa2, 0xbc, 0x18, 0x43, + 0xa1, 0xa1, 0x65, 0x5c, 0x48, 0xe2, 0xf9, 0x38, 0xeb, 0x11, 0x10, 0x72, + 0x7c, 0x78, 0x22, 0x13, 0x3b, 0x19, 0x40, 0xf0, 0x73, 0xbe, 0x96, 0x14, + 0x78, 0x26, 0xb9, 0x6b, 0x2e, 0x72, 0x22, 0x0d, 0x90, 0x94, 0xdd, 0x78, + 0x77, 0xfc, 0x0c, 0x2e, 0x63, 0x6e, 0xf0, 0x0c, 0x35, 0x41, 0xcd, 0xf3, + 0x49, 0x31, 0x08, 0xd0, 0x6f, 0x02, 0x3d, 0xc1, 0xd3, 0xb7, 0xee, 0x3a, + 0xa0, 0x8e, 0xa1, 0x4d, 0xc3, 0x2e, 0x5e, 0x06, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x0c, 0x35, 0x41, 0xcd, 0xf3, 0x49, 0x31, 0x08, + 0xd0, 0x6f, 0x02, 0x3d, 0xc1, 0xd3, 0xb7, 0xee, 0x3a, 0xa0, 0x8e, 0xa1, + 0x4d, 0xc3, 0x2e, 0x5e, 0x06, 0x00, 0x10, 0x00, 0x10, 0x00, 0x0c, 0x00, + 0x10, 0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20, 0x28, 0x00, 0x00, + 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 +}; + +static const byte canned_server_tls13_session[] = { + 0xA7, 0xA4, 0x01, 0x18, 0x00, 0x41, 0x01, 0x00, + 0x01, 0x00, 0x00, 0x80, 0x04, 0x00, 0x00, 0x00, + 0x00, 0x80, 0x00, 0x1C, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x13, + 0x01, 0x0A, 0x0F, 0x10, 0x01, 0x02, 0x00, 0x0F, + 0x05, 0x00, 0x00, 0x00, 0x00, 0x03, 0x04, 0x00, + 0xB7, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, 0x00, + 0x11, 0x01, 0x01, 0x00, 0x20, 0x84, 0x4F, 0x18, + 0xD8, 0xC1, 0x24, 0xD8, 0xBB, 0x17, 0x9E, 0x31, + 0xA3, 0xF8, 0xA7, 0x3C, 0xBA, 0xEC, 0xFA, 0xB4, + 0x7F, 0xC5, 0x78, 0xEB, 0x6D, 0xE3, 0x2B, 0x7B, + 0x94, 0xBE, 0x20, 0x11, 0x7E, 0x17, 0x10, 0xA7, + 0x10, 0x19, 0xEC, 0x62, 0xCC, 0xBE, 0xF5, 0x01, + 0x35, 0x3C, 0xEA, 0xEF, 0x44, 0x3C, 0x40, 0xA2, + 0xBC, 0x18, 0x43, 0xA1, 0xA1, 0x65, 0x5C, 0x48, + 0xE2, 0xF9, 0x38, 0xEB, 0x11, 0x10, 0x72, 0x7C, + 0x78, 0x22, 0x13, 0x3B, 0x19, 0x40, 0xF0, 0x73, + 0xBE, 0x96, 0x14, 0x78, 0x26, 0xB9, 0x6B, 0x2E, + 0x72, 0x22, 0x0D, 0x90, 0x94, 0xDD, 0x78, 0x77, + 0xFC, 0x0C, 0x2E, 0x63, 0x6E, 0xF0, 0x0C, 0x35, + 0x41, 0xCD, 0xF3, 0x49, 0x31, 0x08, 0xD0, 0x6F, + 0x02, 0x3D, 0xC1, 0xD3, 0xB7, 0xEE, 0x3A, 0xA0, + 0x8E, 0xA1, 0x4D, 0xC3, 0x2E, 0x5E, 0x06, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, + 0xD3, 0xB7, 0xEE, 0x3A, 0xA0, 0x8E, 0xA1, 0x4D, + 0xC3, 0x2E, 0x5E, 0x06, 0x35, 0x41, 0xCD, 0xF3, + 0x49, 0x31, 0x08, 0xD0, 0x6F, 0x02, 0x3D, 0xC1, + 0x00, 0x10, 0x00, 0x10, 0x00, 0x0C, 0x00, 0x10, + 0x00, 0x10, 0x07, 0x02, 0x04, 0x00, 0x00, 0x20, + 0x28, 0x00, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x04 +}; +#endif /* WOLFSSL_TLS13 */ + +static const byte canned_client_session_v4[] = { + 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00, + 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x01, + 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, + 0x27, 0x0A, 0x0D, 0x10, 0x01, 0x01, 0x0A, 0x00, + 0x05, 0x00, 0x01, 0x01, 0x01, 0x03, 0x03, 0x00, + 0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, 0x00, + 0x0A, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6D, + 0x97, 0x15, 0x6E, 0x52, 0x27, 0xD6, 0x1D, 0x1D, + 0xF5, 0x0D, 0x59, 0xA5, 0xAC, 0x2E, 0x8C, 0x0E, + 0xCB, 0x26, 0x1E, 0xE2, 0xCE, 0xBB, 0xCE, 0xE1, + 0x7D, 0xD7, 0xEF, 0xA5, 0x44, 0x80, 0x2A, 0xDE, + 0xBB, 0x75, 0xB0, 0x1D, 0x75, 0x17, 0x20, 0x4C, + 0x08, 0x05, 0x1B, 0xBA, 0x60, 0x1F, 0x6C, 0x91, + 0x8C, 0xAA, 0xBB, 0xE5, 0xA3, 0x0B, 0x12, 0x3E, + 0xC0, 0x35, 0x43, 0x1D, 0xE2, 0x10, 0xE2, 0x02, + 0x92, 0x4B, 0x8F, 0x05, 0xA9, 0x4B, 0xCC, 0x90, + 0xC3, 0x0E, 0xC2, 0x0F, 0xE9, 0x33, 0x85, 0x9B, + 0x3C, 0x19, 0x21, 0xD5, 0x62, 0xE5, 0xE1, 0x17, + 0x8F, 0x8C, 0x19, 0x52, 0xD8, 0x59, 0x10, 0x2D, + 0x20, 0x6F, 0xBA, 0xC1, 0x1C, 0xD1, 0x82, 0xC7, + 0x32, 0x1B, 0xBB, 0xCC, 0x30, 0x03, 0xD7, 0x3A, + 0xC8, 0x18, 0xED, 0x58, 0xC8, 0x11, 0xFE, 0x71, + 0x9C, 0x71, 0xD8, 0x6B, 0xE0, 0x25, 0x64, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, + 0x00, 0x00, 0x06, 0x01, 0x04, 0x08, 0x01, 0x20, + 0x28, 0x00, 0x09, 0xE1, 0x50, 0x70, 0x02, 0x2F, + 0x7E, 0xDA, 0xBD, 0x40, 0xC5, 0x58, 0x87, 0xCE, + 0x43, 0xF3, 0xC5, 0x8F, 0xA1, 0x59, 0x93, 0xEF, + 0x7E, 0xD3, 0xD0, 0xB5, 0x87, 0x1D, 0x81, 0x54, + 0x14, 0x63, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x03 +}; + +static const byte canned_client_session_v5[] = { + 0xa7, 0xa5, 0x01, 0x41, 0x00, 0x42, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, + 0x02, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00, 0x1c, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xc0, 0x27, 0x0a, 0x0d, 0x10, + 0x01, 0x01, 0x0a, 0x00, 0x05, 0x00, 0x01, 0x01, 0x01, 0x01, 0x03, 0x03, + 0x00, 0xbf, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0x00, 0x00, 0x50, 0x00, 0x00, + 0x00, 0x0a, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6d, 0x97, 0x15, 0x6e, + 0x52, 0x27, 0xd6, 0x1d, 0x1d, 0xf5, 0x0d, 0x59, 0xa5, 0xac, 0x2e, 0x8c, + 0x0e, 0xcb, 0x26, 0x1e, 0xe2, 0xce, 0xbb, 0xce, 0xe1, 0x7d, 0xd7, 0xef, + 0xa5, 0x44, 0x80, 0x2a, 0xde, 0xbb, 0x75, 0xb0, 0x1d, 0x75, 0x17, 0x20, + 0x4c, 0x08, 0x05, 0x1b, 0xba, 0x60, 0x1f, 0x6c, 0x91, 0x8c, 0xaa, 0xbb, + 0xe5, 0xa3, 0x0b, 0x12, 0x3e, 0xc0, 0x35, 0x43, 0x1d, 0xe2, 0x10, 0xe2, + 0x02, 0x92, 0x4b, 0x8f, 0x05, 0xa9, 0x4b, 0xcc, 0x90, 0xc3, 0x0e, 0xc2, + 0x0f, 0xe9, 0x33, 0x85, 0x9b, 0x3c, 0x19, 0x21, 0xd5, 0x62, 0xe5, 0xe1, + 0x17, 0x8f, 0x8c, 0x19, 0x52, 0xd8, 0x59, 0x10, 0x2d, 0x20, 0x6f, 0xba, + 0xc1, 0x1c, 0xd1, 0x82, 0xc7, 0x32, 0x1b, 0xbb, 0xcc, 0x30, 0x03, 0xd7, + 0x3a, 0xc8, 0x18, 0xed, 0x58, 0xc8, 0x11, 0xfe, 0x71, 0x9c, 0x71, 0xd8, + 0x6b, 0xe0, 0x25, 0x64, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x00, 0x06, + 0x01, 0x04, 0x08, 0x01, 0x20, 0x28, 0x00, 0x09, 0xe1, 0x50, 0x70, 0x02, + 0x2f, 0x7e, 0xda, 0xbd, 0x40, 0xc5, 0x58, 0x87, 0xce, 0x43, 0xf3, 0xc5, + 0x8f, 0xa1, 0x59, 0x93, 0xef, 0x7e, 0xd3, 0xd0, 0xb5, 0x87, 0x1d, 0x81, + 0x54, 0x14, 0x63, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03 +}; + + +static const byte canned_server_session[] = { + 0xA7, 0xA4, 0x01, 0x40, 0x00, 0x41, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x80, 0x02, 0x00, 0x00, 0x00, + 0x00, 0x80, 0x00, 0x1C, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xC0, + 0x27, 0x08, 0x0F, 0x10, 0x01, 0x01, 0x00, 0x11, + 0x05, 0x00, 0x01, 0x01, 0x01, 0x03, 0x03, 0x00, + 0xBF, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x02, 0x00, 0x00, 0x00, 0x40, 0x00, 0x00, 0x00, + 0x0A, 0x01, 0x01, 0x00, 0x20, 0x69, 0x11, 0x6D, + 0x97, 0x15, 0x6E, 0x52, 0x27, 0xD6, 0x1D, 0x1D, + 0xF5, 0x0D, 0x59, 0xA5, 0xAC, 0x2E, 0x8C, 0x0E, + 0xCB, 0x26, 0x1E, 0xE2, 0xCE, 0xBB, 0xCE, 0xE1, + 0x7D, 0xD7, 0xEF, 0xA5, 0x44, 0x80, 0x2A, 0xDE, + 0xBB, 0x75, 0xB0, 0x1D, 0x75, 0x17, 0x20, 0x4C, + 0x08, 0x05, 0x1B, 0xBA, 0x60, 0x1F, 0x6C, 0x91, + 0x8C, 0xAA, 0xBB, 0xE5, 0xA3, 0x0B, 0x12, 0x3E, + 0xC0, 0x35, 0x43, 0x1D, 0xE2, 0x10, 0xE2, 0x02, + 0x92, 0x4B, 0x8F, 0x05, 0xA9, 0x4B, 0xCC, 0x90, + 0xC3, 0x0E, 0xC2, 0x0F, 0xE9, 0x33, 0x85, 0x9B, + 0x3C, 0x19, 0x21, 0xD5, 0x62, 0xE5, 0xE1, 0x17, + 0x8F, 0x8C, 0x19, 0x52, 0xD8, 0x59, 0x10, 0x2D, + 0x20, 0x6F, 0xBA, 0xC1, 0x1C, 0xD1, 0x82, 0xC7, + 0x32, 0x1B, 0xBB, 0xCC, 0x30, 0x03, 0xD7, 0x3A, + 0xC8, 0x18, 0xED, 0x58, 0xC8, 0x11, 0xFE, 0x71, + 0x9C, 0x71, 0xD8, 0x6B, 0xE0, 0x25, 0x64, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x0C, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, 0x00, 0x10, + 0x00, 0x00, 0x06, 0x01, 0x04, 0x08, 0x01, 0x20, + 0x28, 0x00, 0xC5, 0x8F, 0xA1, 0x59, 0x93, 0xEF, + 0x7E, 0xD3, 0xD0, 0xB5, 0x87, 0x1D, 0x81, 0x54, + 0x14, 0x63, 0x09, 0xE1, 0x50, 0x70, 0x02, 0x2F, + 0x7E, 0xDA, 0xBD, 0x40, 0xC5, 0x58, 0x87, 0xCE, + 0x43, 0xF3, 0x00, 0x06, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x04 +}; + +static THREAD_RETURN WOLFSSL_THREAD tls_export_server(void* args) +{ + SOCKET_T sockfd = 0; + SOCKET_T clientfd = 0; + word16 port; + + callback_functions* cbf; + WOLFSSL_CTX* ctx = 0; + WOLFSSL* ssl = 0; + + char msg[] = "I hear you fa shizzle!"; + char input[1024]; + int idx; + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + ((func_args*)args)->return_code = TEST_FAIL; + cbf = ((func_args*)args)->callbacks; + +#if defined(USE_WINDOWS_API) + port = ((func_args*)args)->signal->port; +#elif defined(NO_MAIN_DRIVER) && !defined(WOLFSSL_SNIFFER) && \ + !defined(WOLFSSL_MDK_SHELL) && !defined(WOLFSSL_TIRTOS) + /* Let tcp_listen assign port */ + port = 0; +#else + /* Use default port */ + port = wolfSSLPort; +#endif + + /* do it here to detect failure */ + tcp_accept(&sockfd, &clientfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0); + CloseSocket(sockfd); + + { + WOLFSSL_METHOD* method = NULL; + if (cbf != NULL && cbf->method != NULL) { + method = cbf->method(); + } + else { + method = wolfTLSv1_2_server_method(); + } + ctx = wolfSSL_CTX_new(method); + } + if (ctx == NULL) { + goto done; + } + wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-SHA256"); + + /* call ctx setup callback */ + if (cbf != NULL && cbf->ctx_ready != NULL) { + cbf->ctx_ready(ctx); + } + + ssl = wolfSSL_new(ctx); + if (ssl == NULL) { + goto done; + } + wolfSSL_set_fd(ssl, clientfd); + + /* call ssl setup callback */ + if (cbf != NULL && cbf->ssl_ready != NULL) { + cbf->ssl_ready(ssl); + } + idx = wolfSSL_read(ssl, input, sizeof(input)-1); + if (idx > 0) { + input[idx] = '\0'; + fprintf(stderr, "Client message export/import: %s\n", input); + } + else { + fprintf(stderr, "ret = %d error = %d\n", idx, + wolfSSL_get_error(ssl, idx)); + goto done; + } + + if (wolfSSL_write(ssl, msg, sizeof(msg)) != sizeof(msg)) { + /*err_sys("SSL_write failed");*/ + WOLFSSL_RETURN_FROM_THREAD(0); + } + +#ifdef WOLFSSL_TIRTOS + Task_yield(); +#endif + + ((func_args*)args)->return_code = TEST_SUCCESS; + +done: + wolfSSL_shutdown(ssl); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + + CloseSocket(clientfd); + +#ifdef WOLFSSL_TIRTOS + fdCloseSession(Task_self()); +#endif + +#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ + && defined(HAVE_THREAD_LS) + wc_ecc_fp_free(); /* free per thread cache */ +#endif + +#if defined(HAVE_SESSION_TICKET) && \ + ((defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)) +#if defined(OPENSSL_EXTRA) && defined(HAVE_AESGCM) + OpenSSLTicketCleanup(); +#elif defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) + TicketCleanup(); +#endif +#endif + + WOLFSSL_RETURN_FROM_THREAD(0); +} + + +static void load_tls12_canned_server(WOLFSSL* ssl) +{ + int clientfd = wolfSSL_get_fd(ssl); + AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_session, + sizeof(canned_server_session)), sizeof(canned_server_session)); + wolfSSL_set_fd(ssl, clientfd); +} + + +#ifdef WOLFSSL_TLS13 +static void load_tls13_canned_server(WOLFSSL* ssl) +{ + int clientfd = wolfSSL_get_fd(ssl); + AssertIntEQ(wolfSSL_tls_import(ssl, canned_server_tls13_session, + sizeof(canned_server_tls13_session)), + sizeof(canned_server_tls13_session)); + wolfSSL_set_fd(ssl, clientfd); +} +#endif + + +/* v is for version WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */ +static int test_wolfSSL_tls_export_run(method_provider server_method, + method_provider client_method, ssl_callback ssl_ready, + const byte* clientSession, int clientSessionSz, int cmpSess) +{ + EXPECT_DECLS; + SOCKET_T sockfd = 0; + WOLFSSL_CTX* ctx = 0; + WOLFSSL* ssl = 0; + char msg[64] = "hello wolfssl!"; + char reply[1024]; + word32 replySz; + int msgSz = (int)XSTRLEN(msg); + + tcp_ready ready; + func_args server_args; + THREAD_TYPE serverThread; + callback_functions server_cbf; + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + (void)cmpSess; + + InitTcpReady(&ready); + +#if defined(USE_WINDOWS_API) + /* use RNG to get random port if using windows */ + ready.port = GetRandomPort(); +#endif + + XMEMSET(&server_args, 0, sizeof(func_args)); + XMEMSET(&server_cbf, 0, sizeof(callback_functions)); + server_cbf.method = server_method; + server_cbf.ssl_ready = ssl_ready; + ExpectNotNull(ctx = wolfSSL_CTX_new(client_method())); + server_args.callbacks = &server_cbf; + server_args.signal = &ready; + + start_thread(tls_export_server, &server_args, &serverThread); + wait_tcp_ready(&server_args); + + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + ExpectNotNull(ssl = wolfSSL_new(ctx)); + tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl); + ExpectIntEQ(wolfSSL_tls_import(ssl, clientSession, clientSessionSz), + clientSessionSz); + replySz = sizeof(reply); + ExpectIntGT(wolfSSL_tls_export(ssl, (byte*)reply, &replySz), 0); +#if !defined(NO_PSK) && defined(HAVE_ANON) + if (cmpSess) { + /* index 20 has is setting if PSK was on and 49 is if anon is allowed */ + ExpectIntEQ(replySz, clientSessionSz); + ExpectBufEQ(reply, clientSession, replySz); + } +#endif + wolfSSL_set_fd(ssl, sockfd); + + ExpectIntEQ(wolfSSL_write(ssl, msg, msgSz), msgSz); + ExpectIntGT(wolfSSL_read(ssl, reply, sizeof(reply)-1), 0); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + + CloseSocket(sockfd); + +#ifdef WOLFSSL_TIRTOS + fdCloseSession(Task_self()); +#endif + +#if defined(NO_MAIN_DRIVER) && defined(HAVE_ECC) && defined(FP_ECC) \ + && defined(HAVE_THREAD_LS) + wc_ecc_fp_free(); /* free per thread cache */ +#endif + + join_thread(serverThread); + + ExpectIntEQ(server_args.return_code, TEST_SUCCESS); + FreeTcpReady(&ready); + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_tls_export(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SESSION_EXPORT) && !defined(WOLFSSL_NO_TLS12) + EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_2_server_method, + wolfTLSv1_2_client_method, load_tls12_canned_server, + canned_client_session_v4, sizeof(canned_client_session_v4), 0)); + EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_2_server_method, + wolfTLSv1_2_client_method, load_tls12_canned_server, + canned_client_session_v5, sizeof(canned_client_session_v5), 1)); + #ifdef WOLFSSL_TLS13 + EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_3_server_method, + wolfTLSv1_3_client_method, load_tls13_canned_server, + canned_client_tls13_session_v4, sizeof(canned_client_tls13_session_v4), + 0)); + EXPECT_TEST(test_wolfSSL_tls_export_run(wolfTLSv1_3_server_method, + wolfTLSv1_3_client_method, load_tls13_canned_server, + canned_client_tls13_session_v5, sizeof(canned_client_tls13_session_v5), + 1)); + #endif +#endif + + return EXPECT_RESULT(); +} + +/*----------------------------------------------------------------------------* + | TLS extensions tests + *----------------------------------------------------------------------------*/ + +#ifdef ENABLE_TLS_CALLBACK_TEST +/* Connection test runner - generic */ +static void test_wolfSSL_client_server(callback_functions* client_callbacks, + callback_functions* server_callbacks) +{ + tcp_ready ready; + func_args client_args; + func_args server_args; + THREAD_TYPE serverThread; + + XMEMSET(&client_args, 0, sizeof(func_args)); + XMEMSET(&server_args, 0, sizeof(func_args)); + + StartTCP(); + + client_args.callbacks = client_callbacks; + server_args.callbacks = server_callbacks; + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + /* RUN Server side */ + InitTcpReady(&ready); + +#if defined(USE_WINDOWS_API) + /* use RNG to get random port if using windows */ + ready.port = GetRandomPort(); +#endif + + server_args.signal = &ready; + client_args.signal = &ready; + start_thread(run_wolfssl_server, &server_args, &serverThread); + wait_tcp_ready(&server_args); + + /* RUN Client side */ + run_wolfssl_client(&client_args); + join_thread(serverThread); + + FreeTcpReady(&ready); +#ifdef WOLFSSL_TIRTOS + fdCloseSession(Task_self()); +#endif + + client_callbacks->return_code = client_args.return_code; + server_callbacks->return_code = server_args.return_code; +} +#endif /* ENABLE_TLS_CALLBACK_TEST */ + + +#ifdef HAVE_SNI +static int test_wolfSSL_UseSNI_params(void) +{ + EXPECT_DECLS; +#if !defined(NO_WOLFSSL_CLIENT) + WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + WOLFSSL *ssl = wolfSSL_new(ctx); + + ExpectNotNull(ctx); + ExpectNotNull(ssl); + + /* invalid [ctx|ssl] */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(NULL, 0, "ctx", 3)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( NULL, 0, "ssl", 3)); + /* invalid type */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, (byte)-1, "ctx", 3)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, (byte)-1, "ssl", 3)); + /* invalid data */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, NULL, 3)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, NULL, 3)); + /* success case */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSNI(ctx, 0, "ctx", 3)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI( ssl, 0, "ssl", 3)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT */ + + return EXPECT_RESULT(); +} + +/* BEGIN of connection tests callbacks */ +static void use_SNI_at_ctx(WOLFSSL_CTX* ctx) +{ + AssertIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_UseSNI(ctx, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15)); +} + +static void use_SNI_at_ssl(WOLFSSL* ssl) +{ + AssertIntEQ(WOLFSSL_SUCCESS, + wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "www.wolfssl.com", 15)); +} + +static void different_SNI_at_ssl(WOLFSSL* ssl) +{ + AssertIntEQ(WOLFSSL_SUCCESS, + wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, "ww2.wolfssl.com", 15)); +} + +static void use_SNI_WITH_CONTINUE_at_ssl(WOLFSSL* ssl) +{ + use_SNI_at_ssl(ssl); + wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME, + WOLFSSL_SNI_CONTINUE_ON_MISMATCH); +} + +static void use_SNI_WITH_FAKE_ANSWER_at_ssl(WOLFSSL* ssl) +{ + use_SNI_at_ssl(ssl); + wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME, + WOLFSSL_SNI_ANSWER_ON_MISMATCH); +} + +static void use_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx) +{ + use_SNI_at_ctx(ctx); + wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME, + WOLFSSL_SNI_ABORT_ON_ABSENCE); +} + +static void use_MANDATORY_SNI_at_ssl(WOLFSSL* ssl) +{ + use_SNI_at_ssl(ssl); + wolfSSL_SNI_SetOptions(ssl, WOLFSSL_SNI_HOST_NAME, + WOLFSSL_SNI_ABORT_ON_ABSENCE); +} + +static void use_PSEUDO_MANDATORY_SNI_at_ctx(WOLFSSL_CTX* ctx) +{ + use_SNI_at_ctx(ctx); + wolfSSL_CTX_SNI_SetOptions(ctx, WOLFSSL_SNI_HOST_NAME, + WOLFSSL_SNI_ANSWER_ON_MISMATCH | WOLFSSL_SNI_ABORT_ON_ABSENCE); +} + +static void verify_UNKNOWN_SNI_on_server(WOLFSSL* ssl) +{ + AssertIntEQ(WC_NO_ERR_TRACE(UNKNOWN_SNI_HOST_NAME_E), + wolfSSL_get_error(ssl, 0)); +} + +static void verify_SNI_ABSENT_on_server(WOLFSSL* ssl) +{ + AssertIntEQ(WC_NO_ERR_TRACE(SNI_ABSENT_ERROR), wolfSSL_get_error(ssl, 0)); +} + +static void verify_SNI_no_matching(WOLFSSL* ssl) +{ + byte type = WOLFSSL_SNI_HOST_NAME; + void* request = (void*) &type; /* to be overwritten */ + + AssertIntEQ(WOLFSSL_SNI_NO_MATCH, wolfSSL_SNI_Status(ssl, type)); + AssertNotNull(request); + AssertIntEQ(0, wolfSSL_SNI_GetRequest(ssl, type, &request)); + AssertNull(request); +} + +static void verify_SNI_real_matching(WOLFSSL* ssl) +{ + byte type = WOLFSSL_SNI_HOST_NAME; + void* request = NULL; + + AssertIntEQ(WOLFSSL_SNI_REAL_MATCH, wolfSSL_SNI_Status(ssl, type)); + AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, &request)); + AssertNotNull(request); + AssertStrEQ("www.wolfssl.com", (char*)request); +} + +static void verify_SNI_fake_matching(WOLFSSL* ssl) +{ + byte type = WOLFSSL_SNI_HOST_NAME; + void* request = NULL; + + AssertIntEQ(WOLFSSL_SNI_FAKE_MATCH, wolfSSL_SNI_Status(ssl, type)); + AssertIntEQ(15, wolfSSL_SNI_GetRequest(ssl, type, &request)); + AssertNotNull(request); + AssertStrEQ("ww2.wolfssl.com", (char*)request); +} + +static void verify_FATAL_ERROR_on_client(WOLFSSL* ssl) +{ + AssertIntEQ(WC_NO_ERR_TRACE(FATAL_ERROR), wolfSSL_get_error(ssl, 0)); +} +/* END of connection tests callbacks */ + +static int test_wolfSSL_UseSNI_connection(void) +{ + int res = TEST_SKIPPED; +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) + callback_functions client_cb; + callback_functions server_cb; + size_t i; +#ifdef WOLFSSL_STATIC_MEMORY + byte cliMem[TEST_TLS_STATIC_MEMSZ]; + byte svrMem[TEST_TLS_STATIC_MEMSZ]; +#endif + struct { + method_provider client_meth; + method_provider server_meth; + #ifdef WOLFSSL_STATIC_MEMORY + wolfSSL_method_func client_meth_ex; + wolfSSL_method_func server_meth_ex; + #endif + } methods[] = { +#if defined(WOLFSSL_NO_TLS12) && !defined(WOLFSSL_TLS13) + {wolfSSLv23_client_method, wolfSSLv23_server_method + #ifdef WOLFSSL_STATIC_MEMORY + ,wolfSSLv23_client_method_ex, wolfSSLv23_server_method_ex + #endif + }, +#endif +#ifndef WOLFSSL_NO_TLS12 + {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method + #ifdef WOLFSSL_STATIC_MEMORY + ,wolfTLSv1_2_client_method_ex, wolfTLSv1_2_server_method_ex + #endif + }, +#endif +#ifdef WOLFSSL_TLS13 + {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method + #ifdef WOLFSSL_STATIC_MEMORY + ,wolfTLSv1_3_client_method_ex, wolfTLSv1_3_server_method_ex + #endif + }, +#endif + }; + size_t methodsSz = sizeof(methods) / sizeof(*methods); + + for (i = 0; i < methodsSz; i++) { + XMEMSET(&client_cb, 0, sizeof(callback_functions)); + XMEMSET(&server_cb, 0, sizeof(callback_functions)); + client_cb.method = methods[i].client_meth; + server_cb.method = methods[i].server_meth; + client_cb.devId = testDevId; + server_cb.devId = testDevId; + #ifdef WOLFSSL_STATIC_MEMORY + client_cb.method_ex = methods[i].client_meth_ex; + server_cb.method_ex = methods[i].server_meth_ex; + client_cb.mem = cliMem; + client_cb.memSz = (word32)sizeof(cliMem); + server_cb.mem = svrMem; + server_cb.memSz = (word32)sizeof(svrMem);; + #endif + + /* success case at ctx */ + fprintf(stderr, "\n\tsuccess case at ctx\n"); + client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; + server_cb.ctx_ready = use_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* success case at ssl */ + fprintf(stderr, "\tsuccess case at ssl\n"); + client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_SNI_at_ssl; client_cb.on_result = verify_SNI_real_matching; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_real_matching; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* default mismatch behavior */ + fprintf(stderr, "\tdefault mismatch behavior\n"); + client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = verify_FATAL_ERROR_on_client; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_UNKNOWN_SNI_on_server; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* continue on mismatch */ + fprintf(stderr, "\tcontinue on mismatch\n"); + client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_CONTINUE_at_ssl; server_cb.on_result = verify_SNI_no_matching; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* fake answer on mismatch */ + fprintf(stderr, "\tfake answer on mismatch\n"); + client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_SNI_WITH_FAKE_ANSWER_at_ssl; server_cb.on_result = verify_SNI_fake_matching; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* sni abort - success */ + fprintf(stderr, "\tsni abort - success\n"); + client_cb.ctx_ready = use_SNI_at_ctx; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; + server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_real_matching; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* sni abort - abort when absent (ctx) */ + fprintf(stderr, "\tsni abort - abort when absent (ctx)\n"); + client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client; + server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_ABSENT_on_server; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* sni abort - abort when absent (ssl) */ + fprintf(stderr, "\tsni abort - abort when absent (ssl)\n"); + client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = verify_FATAL_ERROR_on_client; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_MANDATORY_SNI_at_ssl; server_cb.on_result = verify_SNI_ABSENT_on_server; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* sni abort - success when overwritten */ + fprintf(stderr, "\tsni abort - success when overwritten\n"); + client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; + server_cb.ctx_ready = use_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = use_SNI_at_ssl; server_cb.on_result = verify_SNI_no_matching; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* sni abort - success when allowing mismatches */ + fprintf(stderr, "\tsni abort - success when allowing mismatches\n"); + client_cb.ctx_ready = NULL; client_cb.ssl_ready = different_SNI_at_ssl; client_cb.on_result = NULL; + server_cb.ctx_ready = use_PSEUDO_MANDATORY_SNI_at_ctx; server_cb.ssl_ready = NULL; server_cb.on_result = verify_SNI_fake_matching; + test_wolfSSL_client_server(&client_cb, &server_cb); + } + + res = TEST_RES_CHECK(1); +#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ + + return res; +} + +static int test_wolfSSL_SNI_GetFromBuffer(void) +{ + EXPECT_DECLS; + byte buff[] = { /* www.paypal.com */ + 0x00, 0x00, 0x00, 0x00, 0xff, 0x01, 0x00, 0x00, 0x60, 0x03, 0x03, 0x5c, + 0xc4, 0xb3, 0x8c, 0x87, 0xef, 0xa4, 0x09, 0xe0, 0x02, 0xab, 0x86, 0xca, + 0x76, 0xf0, 0x9e, 0x01, 0x65, 0xf6, 0xa6, 0x06, 0x13, 0x1d, 0x0f, 0xa5, + 0x79, 0xb0, 0xd4, 0x77, 0x22, 0xeb, 0x1a, 0x00, 0x00, 0x16, 0x00, 0x6b, + 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35, + 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x21, + 0x00, 0x00, 0x00, 0x13, 0x00, 0x11, 0x00, 0x00, 0x0e, 0x77, 0x77, 0x77, + 0x2e, 0x70, 0x61, 0x79, 0x70, 0x61, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x00, + 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01 + }; + + byte buff2[] = { /* api.textmate.org */ + 0x16, 0x03, 0x01, 0x00, 0xc6, 0x01, 0x00, 0x00, 0xc2, 0x03, 0x03, 0x52, + 0x8b, 0x7b, 0xca, 0x69, 0xec, 0x97, 0xd5, 0x08, 0x03, 0x50, 0xfe, 0x3b, + 0x99, 0xc3, 0x20, 0xce, 0xa5, 0xf6, 0x99, 0xa5, 0x71, 0xf9, 0x57, 0x7f, + 0x04, 0x38, 0xf6, 0x11, 0x0b, 0xb8, 0xd3, 0x00, 0x00, 0x5e, 0x00, 0xff, + 0xc0, 0x24, 0xc0, 0x23, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x07, 0xc0, 0x08, + 0xc0, 0x28, 0xc0, 0x27, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x11, 0xc0, 0x12, + 0xc0, 0x26, 0xc0, 0x25, 0xc0, 0x2a, 0xc0, 0x29, 0xc0, 0x05, 0xc0, 0x04, + 0xc0, 0x02, 0xc0, 0x03, 0xc0, 0x0f, 0xc0, 0x0e, 0xc0, 0x0c, 0xc0, 0x0d, + 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x35, + 0x00, 0x0a, 0x00, 0x67, 0x00, 0x6b, 0x00, 0x33, 0x00, 0x39, 0x00, 0x16, + 0x00, 0xaf, 0x00, 0xae, 0x00, 0x8d, 0x00, 0x8c, 0x00, 0x8a, 0x00, 0x8b, + 0x00, 0xb1, 0x00, 0xb0, 0x00, 0x2c, 0x00, 0x3b, 0x01, 0x00, 0x00, 0x3b, + 0x00, 0x00, 0x00, 0x15, 0x00, 0x13, 0x00, 0x00, 0x10, 0x61, 0x70, 0x69, + 0x2e, 0x74, 0x65, 0x78, 0x74, 0x6d, 0x61, 0x74, 0x65, 0x2e, 0x6f, 0x72, + 0x67, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, 0x18, 0x00, + 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x0d, 0x00, 0x0c, 0x00, + 0x0a, 0x05, 0x01, 0x04, 0x01, 0x02, 0x01, 0x04, 0x03, 0x02, 0x03 + }; + + byte buff3[] = { /* no sni extension */ + 0x16, 0x03, 0x03, 0x00, 0x4d, 0x01, 0x00, 0x00, 0x49, 0x03, 0x03, 0xea, + 0xa1, 0x9f, 0x60, 0xdd, 0x52, 0x12, 0x13, 0xbd, 0x84, 0x34, 0xd5, 0x1c, + 0x38, 0x25, 0xa8, 0x97, 0xd2, 0xd5, 0xc6, 0x45, 0xaf, 0x1b, 0x08, 0xe4, + 0x1e, 0xbb, 0xdf, 0x9d, 0x39, 0xf0, 0x65, 0x00, 0x00, 0x16, 0x00, 0x6b, + 0x00, 0x67, 0x00, 0x39, 0x00, 0x33, 0x00, 0x3d, 0x00, 0x3c, 0x00, 0x35, + 0x00, 0x2f, 0x00, 0x05, 0x00, 0x04, 0x00, 0x0a, 0x01, 0x00, 0x00, 0x0a, + 0x00, 0x0d, 0x00, 0x06, 0x00, 0x04, 0x04, 0x01, 0x02, 0x01 + }; + + byte buff4[] = { /* last extension has zero size */ + 0x16, 0x03, 0x01, 0x00, 0xba, 0x01, 0x00, 0x00, + 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45, + 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2, + 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00, + 0x00, 0x28, 0xcc, 0x14, 0xcc, 0x13, 0xc0, 0x2b, 0xc0, 0x2f, 0x00, 0x9e, + 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x13, 0xc0, 0x14, 0xc0, 0x07, 0xc0, 0x11, + 0x00, 0x33, 0x00, 0x32, 0x00, 0x39, 0x00, 0x9c, 0x00, 0x2f, 0x00, 0x35, + 0x00, 0x0a, 0x00, 0x05, 0x00, 0x04, 0x01, 0x00, 0x00, 0x65, 0xff, 0x01, + 0x00, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x08, 0x00, 0x06, 0x00, 0x17, 0x00, + 0x18, 0x00, 0x19, 0x00, 0x0b, 0x00, 0x02, 0x01, 0x00, 0x00, 0x23, 0x00, + 0x00, 0x33, 0x74, 0x00, 0x00, 0x00, 0x10, 0x00, 0x1b, 0x00, 0x19, 0x06, + 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33, 0x08, 0x73, 0x70, 0x64, 0x79, 0x2f, + 0x33, 0x2e, 0x31, 0x08, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, + 0x75, 0x50, 0x00, 0x00, 0x00, 0x05, 0x00, 0x05, 0x01, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x0d, 0x00, 0x12, 0x00, 0x10, 0x04, 0x01, 0x05, 0x01, 0x02, + 0x01, 0x04, 0x03, 0x05, 0x03, 0x02, 0x03, 0x04, 0x02, 0x02, 0x02, 0x00, + 0x12, 0x00, 0x00 + }; + + byte buff5[] = { /* SSL v2.0 client hello */ + 0x00, 0x2b, 0x01, 0x03, 0x01, 0x00, 0x09, 0x00, 0x00, + /* dummy bytes below, just to pass size check */ + 0xb6, 0x03, 0x03, 0x83, 0xa3, 0xe6, 0xdc, 0x16, 0xa1, 0x43, 0xe9, 0x45, + 0x15, 0xbd, 0x64, 0xa9, 0xb6, 0x07, 0xb4, 0x50, 0xc6, 0xdd, 0xff, 0xc2, + 0xd3, 0x0d, 0x4f, 0x36, 0xb4, 0x41, 0x51, 0x61, 0xc1, 0xa5, 0x9e, 0x00, + }; + + byte result[32] = {0}; + word32 length = 32; + + ExpectIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff4, sizeof(buff4), + 0, result, &length)); + + ExpectIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff3, sizeof(buff3), + 0, result, &length)); + + ExpectIntEQ(0, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2), + 1, result, &length)); + + ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), + 0, result, &length)); + buff[0] = 0x16; + + ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), + 0, result, &length)); + buff[1] = 0x03; + + ExpectIntEQ(WC_NO_ERR_TRACE(SNI_UNSUPPORTED), wolfSSL_SNI_GetFromBuffer(buff, + sizeof(buff), 0, result, &length)); + buff[2] = 0x03; + + ExpectIntEQ(WC_NO_ERR_TRACE(INCOMPLETE_DATA), wolfSSL_SNI_GetFromBuffer(buff, + sizeof(buff), 0, result, &length)); + buff[4] = 0x64; + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff, sizeof(buff), + 0, result, &length)); + if (EXPECT_SUCCESS()) + result[length] = 0; + ExpectStrEQ("www.paypal.com", (const char*) result); + + length = 32; + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SNI_GetFromBuffer(buff2, sizeof(buff2), + 0, result, &length)); + if (EXPECT_SUCCESS()) + result[length] = 0; + ExpectStrEQ("api.textmate.org", (const char*) result); + + /* SSL v2.0 tests */ + ExpectIntEQ(WC_NO_ERR_TRACE(SNI_UNSUPPORTED), wolfSSL_SNI_GetFromBuffer(buff5, + sizeof(buff5), 0, result, &length)); + + buff5[2] = 0x02; + ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff5, + sizeof(buff5), 0, result, &length)); + + buff5[2] = 0x01; buff5[6] = 0x08; + ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff5, + sizeof(buff5), 0, result, &length)); + + buff5[6] = 0x09; buff5[8] = 0x01; + ExpectIntEQ(WC_NO_ERR_TRACE(BUFFER_ERROR), wolfSSL_SNI_GetFromBuffer(buff5, + sizeof(buff5), 0, result, &length)); + + return EXPECT_RESULT(); +} + +#endif /* HAVE_SNI */ + +#endif /* HAVE_IO_TESTS_DEPENDENCIES */ + + +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +/* Dummy peer functions to satisfy the exporter/importer */ +static int test_wolfSSL_dtls_export_peers_get_peer(WOLFSSL* ssl, char* ip, + int* ipSz, unsigned short* port, int* fam) +{ + (void)ssl; + ip[0] = -1; + *ipSz = 1; + *port = 1; + *fam = 2; + return 1; +} + +static int test_wolfSSL_dtls_export_peers_set_peer(WOLFSSL* ssl, char* ip, + int ipSz, unsigned short port, int fam) +{ + (void)ssl; + if (ip[0] != -1 || ipSz != 1 || port != 1 || fam != 2) + return 0; + return 1; +} + +static int test_wolfSSL_dtls_export_peers_on_handshake(WOLFSSL_CTX **ctx, + WOLFSSL **ssl) +{ + EXPECT_DECLS; + unsigned char* sessionBuf = NULL; + unsigned int sessionSz = 0; + void* ioWriteCtx = wolfSSL_GetIOWriteCtx(*ssl); + void* ioReadCtx = wolfSSL_GetIOReadCtx(*ssl); + + wolfSSL_CTX_SetIOGetPeer(*ctx, test_wolfSSL_dtls_export_peers_get_peer); + wolfSSL_CTX_SetIOSetPeer(*ctx, test_wolfSSL_dtls_export_peers_set_peer); + ExpectIntGE(wolfSSL_dtls_export(*ssl, NULL, &sessionSz), 0); + ExpectNotNull(sessionBuf = + (unsigned char*)XMALLOC(sessionSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntGE(wolfSSL_dtls_export(*ssl, sessionBuf, &sessionSz), 0); + wolfSSL_free(*ssl); + *ssl = NULL; + ExpectNotNull(*ssl = wolfSSL_new(*ctx)); + ExpectIntGE(wolfSSL_dtls_import(*ssl, sessionBuf, sessionSz), 0); + wolfSSL_SetIOWriteCtx(*ssl, ioWriteCtx); + wolfSSL_SetIOReadCtx(*ssl, ioReadCtx); + + XFREE(sessionBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_dtls_export_peers(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_SESSION_EXPORT) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) + test_ssl_cbf client_cbf; + test_ssl_cbf server_cbf; + size_t i, j; + struct test_params { + method_provider client_meth; + method_provider server_meth; + const char* dtls_version; + } params[] = { +#ifndef NO_OLD_TLS + {wolfDTLSv1_client_method, wolfDTLSv1_server_method, "1.0"}, +#endif + {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "1.2"}, + /* TODO DTLS 1.3 exporting not supported +#ifdef WOLFSSL_DTLS13 + {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "1.3"}, +#endif + */ + }; + + for (i = 0; i < sizeof(params)/sizeof(*params); i++) { + for (j = 0; j <= 0b11; j++) { + XMEMSET(&client_cbf, 0, sizeof(client_cbf)); + XMEMSET(&server_cbf, 0, sizeof(server_cbf)); + + printf("\n\tTesting DTLS %s connection;", params[i].dtls_version); + + client_cbf.method = params[i].client_meth; + server_cbf.method = params[i].server_meth; + + if (j & 0b01) { + client_cbf.on_handshake = + test_wolfSSL_dtls_export_peers_on_handshake; + printf(" With client export;"); + } + if (j & 0b10) { + server_cbf.on_handshake = + test_wolfSSL_dtls_export_peers_on_handshake; + printf(" With server export;"); + } + + printf("\n"); + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, + &server_cbf, NULL), TEST_SUCCESS); + if (!EXPECT_SUCCESS()) + break; + } + } +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_UseTrustedCA(void) +{ + EXPECT_DECLS; +#if defined(HAVE_TRUSTED_CA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ + && !defined(NO_RSA) +#if !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + byte id[20]; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()))); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); +#else + ExpectNotNull((ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()))); +#endif + ExpectNotNull((ssl = wolfSSL_new(ctx))); + XMEMSET(id, 0, sizeof(id)); + + /* error cases */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(NULL, 0, NULL, 0)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + WOLFSSL_TRUSTED_CA_CERT_SHA1+1, NULL, 0)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + WOLFSSL_TRUSTED_CA_CERT_SHA1, NULL, 0)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + WOLFSSL_TRUSTED_CA_CERT_SHA1, id, 5)); +#ifdef NO_SHA + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id))); +#endif + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + WOLFSSL_TRUSTED_CA_X509_NAME, id, 0)); + + /* success cases */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + WOLFSSL_TRUSTED_CA_PRE_AGREED, NULL, 0)); +#ifndef NO_SHA + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + WOLFSSL_TRUSTED_CA_KEY_SHA1, id, sizeof(id))); +#endif + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTrustedCA(ssl, + WOLFSSL_TRUSTED_CA_X509_NAME, id, 5)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif /* !NO_TLS && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) */ +#endif /* HAVE_TRUSTED_CA */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_UseMaxFragment(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MAX_FRAGMENT) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + +#if !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + #ifndef NO_WOLFSSL_SERVER + WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); + #else + WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + #endif + WOLFSSL *ssl = NULL; + #ifdef OPENSSL_EXTRA + int (*UseMaxFragment)(SSL *s, unsigned char mode); + int (*CTX_UseMaxFragment)(SSL_CTX *c, unsigned char mode); + #else + int (*UseMaxFragment)(WOLFSSL *s, unsigned char mode); + int (*CTX_UseMaxFragment)(WOLFSSL_CTX *c, unsigned char mode); + #endif + + #ifndef NO_WOLFSSL_SERVER + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); + #endif + + ExpectNotNull(ctx); + + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + #ifdef OPENSSL_EXTRA + CTX_UseMaxFragment = SSL_CTX_set_tlsext_max_fragment_length; + UseMaxFragment = SSL_set_tlsext_max_fragment_length; + #else + UseMaxFragment = wolfSSL_UseMaxFragment; + CTX_UseMaxFragment = wolfSSL_CTX_UseMaxFragment; + #endif + + /* error cases */ + ExpectIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(NULL, WOLFSSL_MFL_2_9)); + ExpectIntNE(WOLFSSL_SUCCESS, UseMaxFragment( NULL, WOLFSSL_MFL_2_9)); + ExpectIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MIN-1)); + ExpectIntNE(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_MAX+1)); + ExpectIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MIN-1)); + ExpectIntNE(WOLFSSL_SUCCESS, UseMaxFragment(ssl, WOLFSSL_MFL_MAX+1)); + + /* success case */ + #ifdef OPENSSL_EXTRA + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8)); + #else + ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_8)); + #endif + ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_9)); + ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_10)); + ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_11)); + ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_12)); + #ifdef OPENSSL_EXTRA + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13)); + + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), UseMaxFragment( ssl, WOLFSSL_MFL_2_8)); + #else + ExpectIntEQ(WOLFSSL_SUCCESS, CTX_UseMaxFragment(ctx, WOLFSSL_MFL_2_13)); + + ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_8)); + #endif + ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_9)); + ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_10)); + ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_11)); + ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_12)); + + #ifdef OPENSSL_EXTRA + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), UseMaxFragment( ssl, WOLFSSL_MFL_2_13)); + #else + ExpectIntEQ(WOLFSSL_SUCCESS, UseMaxFragment( ssl, WOLFSSL_MFL_2_13)); + #endif + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + +#if defined(OPENSSL_EXTRA) && defined(HAVE_MAX_FRAGMENT) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) + /* check negotiated max fragment size */ + { + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + ExpectIntEQ(wolfSSL_UseMaxFragment(ssl_c, WOLFSSL_MFL_2_8), + WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); +#ifndef NO_SESSION_CACHE + ExpectIntEQ(SSL_SESSION_get_max_fragment_length( + wolfSSL_get_session(ssl_c)), WOLFSSL_MFL_2_8); +#endif + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + } +#endif +#endif /* !NO_TLS && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) */ +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_UseTruncatedHMAC(void) +{ + EXPECT_DECLS; +#if defined(HAVE_TRUNCATED_HMAC) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) + #ifndef NO_WOLFSSL_SERVER + WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_server_method()); + #else + WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + #endif + WOLFSSL *ssl = NULL; + + ExpectNotNull(ctx); + + #ifndef NO_WOLFSSL_SERVER + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, WOLFSSL_FILETYPE_PEM)); + #endif + + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* error cases */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(NULL)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(NULL)); + + /* success case */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseTruncatedHMAC(ctx)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseTruncatedHMAC(ssl)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_UseSupportedCurve(void) +{ + EXPECT_DECLS; +#if defined(HAVE_SUPPORTED_CURVES) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_TLS) + WOLFSSL_CTX* ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + WOLFSSL *ssl = wolfSSL_new(ctx); + + ExpectNotNull(ctx); + ExpectNotNull(ssl); + + /* error cases */ + ExpectIntNE(WOLFSSL_SUCCESS, + wolfSSL_CTX_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSupportedCurve(ctx, 0)); + + ExpectIntNE(WOLFSSL_SUCCESS, + wolfSSL_UseSupportedCurve(NULL, WOLFSSL_ECC_SECP256R1)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSupportedCurve(ssl, 0)); + + /* success case */ + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_UseSupportedCurve(ctx, WOLFSSL_ECC_SECP256R1)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_UseSupportedCurve(ssl, WOLFSSL_ECC_SECP256R1)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + + return EXPECT_RESULT(); +} + +#if defined(HAVE_ALPN) && defined(HAVE_IO_TESTS_DEPENDENCIES) + +static void verify_ALPN_FATAL_ERROR_on_client(WOLFSSL* ssl) +{ + AssertIntEQ(WC_NO_ERR_TRACE(UNKNOWN_ALPN_PROTOCOL_NAME_E), wolfSSL_get_error(ssl, 0)); +} + +static void use_ALPN_all(WOLFSSL* ssl) +{ + /* http/1.1,spdy/1,spdy/2,spdy/3 */ + char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c, + 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c, + 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c, + 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; + AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list), + WOLFSSL_ALPN_FAILED_ON_MISMATCH)); +} + +static void use_ALPN_all_continue(WOLFSSL* ssl) +{ + /* http/1.1,spdy/1,spdy/2,spdy/3 */ + char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c, + 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c, + 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c, + 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; + AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, alpn_list, sizeof(alpn_list), + WOLFSSL_ALPN_CONTINUE_ON_MISMATCH)); +} + +static void use_ALPN_one(WOLFSSL* ssl) +{ + /* spdy/2 */ + char proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32}; + + AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto), + WOLFSSL_ALPN_FAILED_ON_MISMATCH)); +} + +static void use_ALPN_unknown(WOLFSSL* ssl) +{ + /* http/2.0 */ + char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30}; + + AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto), + WOLFSSL_ALPN_FAILED_ON_MISMATCH)); +} + +static void use_ALPN_unknown_continue(WOLFSSL* ssl) +{ + /* http/2.0 */ + char proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x32, 0x2e, 0x30}; + + AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, proto, sizeof(proto), + WOLFSSL_ALPN_CONTINUE_ON_MISMATCH)); +} + +static void verify_ALPN_not_matching_spdy3(WOLFSSL* ssl) +{ + /* spdy/3 */ + char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; + + char *proto = NULL; + word16 protoSz = 0; + + AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz)); + + /* check value */ + AssertIntNE(1, sizeof(nego_proto) == protoSz); + if (proto) { + AssertIntNE(0, XMEMCMP(nego_proto, proto, sizeof(nego_proto))); + } +} + +static void verify_ALPN_not_matching_continue(WOLFSSL* ssl) +{ + char *proto = NULL; + word16 protoSz = 0; + + AssertIntEQ(WC_NO_ERR_TRACE(WOLFSSL_ALPN_NOT_FOUND), + wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz)); + + /* check value */ + AssertIntEQ(1, (0 == protoSz)); + AssertIntEQ(1, (NULL == proto)); +} + +static void verify_ALPN_matching_http1(WOLFSSL* ssl) +{ + /* http/1.1 */ + char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31}; + char *proto; + word16 protoSz = 0; + + AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz)); + + /* check value */ + AssertIntEQ(1, sizeof(nego_proto) == protoSz); + AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz)); +} + +static void verify_ALPN_matching_spdy2(WOLFSSL* ssl) +{ + /* spdy/2 */ + char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32}; + char *proto; + word16 protoSz = 0; + + AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetProtocol(ssl, &proto, &protoSz)); + + /* check value */ + AssertIntEQ(1, sizeof(nego_proto) == protoSz); + AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz)); +} + +static void verify_ALPN_client_list(WOLFSSL* ssl) +{ + /* http/1.1,spdy/1,spdy/2,spdy/3 */ + char alpn_list[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31, 0x2c, + 0x73, 0x70, 0x64, 0x79, 0x2f, 0x31, 0x2c, + 0x73, 0x70, 0x64, 0x79, 0x2f, 0x32, 0x2c, + 0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; + char *clist = NULL; + word16 clistSz = 0; + + AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_GetPeerProtocol(ssl, &clist, + &clistSz)); + + /* check value */ + AssertIntEQ(1, sizeof(alpn_list) == clistSz); + AssertIntEQ(0, XMEMCMP(alpn_list, clist, clistSz)); + + AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_ALPN_FreePeerProtocol(ssl, &clist)); +} + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) + +/* ALPN select callback, success with spdy/2 */ +static int select_ALPN_spdy2(WOLFSSL *ssl, const unsigned char **out, + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg) +{ + /* spdy/2 */ + const char proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32}; + + (void)ssl; + (void)arg; + + /* adding +1 since LEN byte comes first */ + if (inlen < sizeof(proto) + 1) { + return SSL_TLSEXT_ERR_ALERT_FATAL; + } + + if (XMEMCMP(in + 1, proto, sizeof(proto)) == 0) { + *out = in + 1; + *outlen = (unsigned char)sizeof(proto); + return SSL_TLSEXT_ERR_OK; + } + + return SSL_TLSEXT_ERR_ALERT_FATAL; +} + +/* ALPN select callback, force failure */ +static int select_ALPN_failure(WOLFSSL *ssl, const unsigned char **out, + unsigned char *outlen, const unsigned char *in, + unsigned int inlen, void *arg) +{ + (void)ssl; + (void)out; + (void)outlen; + (void)in; + (void)inlen; + (void)arg; + + return SSL_TLSEXT_ERR_ALERT_FATAL; +} + +static void use_ALPN_spdy2_callback(WOLFSSL* ssl) +{ + wolfSSL_set_alpn_select_cb(ssl, select_ALPN_spdy2, NULL); +} + +static void use_ALPN_failure_callback(WOLFSSL* ssl) +{ + wolfSSL_set_alpn_select_cb(ssl, select_ALPN_failure, NULL); +} +#endif /* OPENSSL_ALL | NGINX | HAPROXY | LIGHTY | QUIC */ + +static int test_wolfSSL_UseALPN_connection(void) +{ + int res = TEST_SKIPPED; +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) + callback_functions client_cb; + callback_functions server_cb; + + XMEMSET(&client_cb, 0, sizeof(callback_functions)); + XMEMSET(&server_cb, 0, sizeof(callback_functions)); + client_cb.method = wolfSSLv23_client_method; + server_cb.method = wolfSSLv23_server_method; + client_cb.devId = testDevId; + server_cb.devId = testDevId; + + /* success case same list */ + client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_matching_http1; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* success case only one for server */ + client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_one; server_cb.on_result = verify_ALPN_matching_spdy2; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* success case only one for client */ + client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_one; client_cb.on_result = NULL; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_matching_spdy2; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* success case none for client */ + client_cb.ctx_ready = NULL; client_cb.ssl_ready = NULL; client_cb.on_result = NULL; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = NULL; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* success case mismatch behavior but option 'continue' set */ + client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all_continue; client_cb.on_result = verify_ALPN_not_matching_continue; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown_continue; server_cb.on_result = NULL; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* success case read protocol send by client */ + client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_one; server_cb.on_result = verify_ALPN_client_list; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* mismatch behavior with same list + * the first and only this one must be taken */ + client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_all; server_cb.on_result = verify_ALPN_not_matching_spdy3; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* default mismatch behavior */ + client_cb.ctx_ready = NULL; client_cb.ssl_ready = use_ALPN_all; client_cb.on_result = NULL; + server_cb.ctx_ready = NULL; server_cb.ssl_ready = use_ALPN_unknown; server_cb.on_result = verify_ALPN_FATAL_ERROR_on_client; + test_wolfSSL_client_server(&client_cb, &server_cb); + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(HAVE_LIGHTY) + + /* WOLFSSL-level ALPN select callback tests */ + /* Callback: success (one protocol, spdy/2) */ + client_cb.ctx_ready = NULL; + client_cb.ssl_ready = use_ALPN_one; + client_cb.on_result = verify_ALPN_matching_spdy2; + server_cb.ctx_ready = NULL; + server_cb.ssl_ready = use_ALPN_spdy2_callback; + server_cb.on_result = verify_ALPN_matching_spdy2; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* Callback: failure (one client protocol, spdy/2) */ + client_cb.ctx_ready = NULL; + client_cb.ssl_ready = use_ALPN_one; + client_cb.on_result = NULL; + server_cb.ctx_ready = NULL; + server_cb.ssl_ready = use_ALPN_failure_callback; + server_cb.on_result = verify_ALPN_FATAL_ERROR_on_client; + test_wolfSSL_client_server(&client_cb, &server_cb); + +#endif /* OPENSSL_ALL | NGINX | HAPROXY | LIGHTY */ + + res = TEST_RES_CHECK(1); +#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ + return res; +} + +static int test_wolfSSL_UseALPN_params(void) +{ + EXPECT_DECLS; +#ifndef NO_WOLFSSL_CLIENT + /* "http/1.1" */ + char http1[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31}; + /* "spdy/1" */ + char spdy1[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x31}; + /* "spdy/2" */ + char spdy2[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x32}; + /* "spdy/3" */ + char spdy3[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; + char buff[256]; + word32 idx; + + WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + WOLFSSL *ssl = wolfSSL_new(ctx); + + ExpectNotNull(ctx); + ExpectNotNull(ssl); + + /* error cases */ + ExpectIntNE(WOLFSSL_SUCCESS, + wolfSSL_UseALPN(NULL, http1, sizeof(http1), + WOLFSSL_ALPN_FAILED_ON_MISMATCH)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, NULL, 0, + WOLFSSL_ALPN_FAILED_ON_MISMATCH)); + + /* success case */ + /* http1 only */ + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_UseALPN(ssl, http1, sizeof(http1), + WOLFSSL_ALPN_FAILED_ON_MISMATCH)); + + /* http1, spdy1 */ + XMEMCPY(buff, http1, sizeof(http1)); + idx = sizeof(http1); + buff[idx++] = ','; + XMEMCPY(buff+idx, spdy1, sizeof(spdy1)); + idx += sizeof(spdy1); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, + WOLFSSL_ALPN_FAILED_ON_MISMATCH)); + + /* http1, spdy2, spdy1 */ + XMEMCPY(buff, http1, sizeof(http1)); + idx = sizeof(http1); + buff[idx++] = ','; + XMEMCPY(buff+idx, spdy2, sizeof(spdy2)); + idx += sizeof(spdy2); + buff[idx++] = ','; + XMEMCPY(buff+idx, spdy1, sizeof(spdy1)); + idx += sizeof(spdy1); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, + WOLFSSL_ALPN_FAILED_ON_MISMATCH)); + + /* spdy3, http1, spdy2, spdy1 */ + XMEMCPY(buff, spdy3, sizeof(spdy3)); + idx = sizeof(spdy3); + buff[idx++] = ','; + XMEMCPY(buff+idx, http1, sizeof(http1)); + idx += sizeof(http1); + buff[idx++] = ','; + XMEMCPY(buff+idx, spdy2, sizeof(spdy2)); + idx += sizeof(spdy2); + buff[idx++] = ','; + XMEMCPY(buff+idx, spdy1, sizeof(spdy1)); + idx += sizeof(spdy1); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseALPN(ssl, buff, idx, + WOLFSSL_ALPN_CONTINUE_ON_MISMATCH)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} +#endif /* HAVE_ALPN */ + +#ifdef HAVE_ALPN_PROTOS_SUPPORT +static void CTX_set_alpn_protos(SSL_CTX *ctx) +{ + unsigned char p[] = { + 8, 'h', 't', 't', 'p', '/', '1', '.', '1', + 6, 's', 'p', 'd', 'y', '/', '2', + 6, 's', 'p', 'd', 'y', '/', '1', + }; + + unsigned char p_len = sizeof(p); + int ret; + + ret = SSL_CTX_set_alpn_protos(ctx, p, p_len); + +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + AssertIntEQ(ret, 0); +#else + AssertIntEQ(ret, SSL_SUCCESS); +#endif +} + +static void set_alpn_protos(SSL* ssl) +{ + unsigned char p[] = { + 6, 's', 'p', 'd', 'y', '/', '3', + 8, 'h', 't', 't', 'p', '/', '1', '.', '1', + 6, 's', 'p', 'd', 'y', '/', '2', + 6, 's', 'p', 'd', 'y', '/', '1', + }; + + unsigned char p_len = sizeof(p); + int ret; + + ret = SSL_set_alpn_protos(ssl, p, p_len); + +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + AssertIntEQ(ret, 0); +#else + AssertIntEQ(ret, SSL_SUCCESS); +#endif + +} + +static void verify_alpn_matching_spdy3(WOLFSSL* ssl) +{ + /* "spdy/3" */ + char nego_proto[] = {0x73, 0x70, 0x64, 0x79, 0x2f, 0x33}; + const unsigned char *proto; + unsigned int protoSz = 0; + + SSL_get0_alpn_selected(ssl, &proto, &protoSz); + + /* check value */ + AssertIntEQ(1, sizeof(nego_proto) == protoSz); + AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz)); +} + +static void verify_alpn_matching_http1(WOLFSSL* ssl) +{ + /* "http/1.1" */ + char nego_proto[] = {0x68, 0x74, 0x74, 0x70, 0x2f, 0x31, 0x2e, 0x31}; + const unsigned char *proto; + unsigned int protoSz = 0; + + SSL_get0_alpn_selected(ssl, &proto, &protoSz); + + /* check value */ + AssertIntEQ(1, sizeof(nego_proto) == protoSz); + AssertIntEQ(0, XMEMCMP(nego_proto, proto, protoSz)); +} + +static int test_wolfSSL_set_alpn_protos(void) +{ + int res = TEST_SKIPPED; +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) + callback_functions client_cb; + callback_functions server_cb; + + XMEMSET(&client_cb, 0, sizeof(callback_functions)); + XMEMSET(&server_cb, 0, sizeof(callback_functions)); + client_cb.method = wolfSSLv23_client_method; + server_cb.method = wolfSSLv23_server_method; + client_cb.devId = testDevId; + server_cb.devId = testDevId; + + /* use CTX_alpn_protos */ + client_cb.ctx_ready = CTX_set_alpn_protos; + client_cb.ssl_ready = NULL; + client_cb.on_result = NULL; + server_cb.ctx_ready = CTX_set_alpn_protos; + server_cb.ssl_ready = NULL; + server_cb.on_result = verify_alpn_matching_http1; + test_wolfSSL_client_server(&client_cb, &server_cb); + + /* use set_alpn_protos */ + client_cb.ctx_ready = NULL; + client_cb.ssl_ready = set_alpn_protos; + client_cb.on_result = NULL; + server_cb.ctx_ready = NULL; + server_cb.ssl_ready = set_alpn_protos; + server_cb.on_result = verify_alpn_matching_spdy3; + test_wolfSSL_client_server(&client_cb, &server_cb); + + res = TEST_SUCCESS; +#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ + return res; +} + +#endif /* HAVE_ALPN_PROTOS_SUPPORT */ + +static int test_wolfSSL_wolfSSL_UseSecureRenegotiation(void) +{ + EXPECT_DECLS; +#if defined(HAVE_SECURE_RENEGOTIATION) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_TLS) + WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + WOLFSSL *ssl = wolfSSL_new(ctx); + + ExpectNotNull(ctx); + ExpectNotNull(ssl); + + /* error cases */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(NULL)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(NULL)); + + /* success cases */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +/* Test reconnecting with a different ciphersuite after a renegotiation. */ +static int test_wolfSSL_SCR_Reconnect(void) +{ + EXPECT_DECLS; +#if defined(HAVE_SECURE_RENEGOTIATION) && \ + defined(BUILD_TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) && \ + defined(BUILD_TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + byte data; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + test_ctx.c_ciphers = "ECDHE-RSA-AES256-GCM-SHA384"; + test_ctx.s_ciphers = + "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305"; + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_c)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_UseSecureRenegotiation(ctx_s)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_c)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSecureRenegotiation(ssl_s)); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + /* WOLFSSL_FATAL_ERROR since it will block */ + ExpectIntEQ(wolfSSL_Rehandshake(ssl_s), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_read(ssl_c, &data, 1), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + wolfSSL_free(ssl_c); + ssl_c = NULL; + wolfSSL_free(ssl_s); + ssl_s = NULL; + wolfSSL_CTX_free(ctx_c); + ctx_c = NULL; + test_ctx.c_ciphers = "ECDHE-RSA-CHACHA20-POLY1305"; + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + wolfSSL_free(ssl_s); + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_s); + wolfSSL_CTX_free(ctx_c); +#endif + return EXPECT_RESULT(); +} + +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) && \ + !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC)) +/* Called when writing. */ +static int DummySend(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + (void)ssl; + (void)buf; + (void)sz; + (void)ctx; + + /* Force error return from wolfSSL_accept_TLSv13(). */ + return WANT_WRITE; +} +/* Called when reading. */ +static int BufferInfoRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx; + int len = (int)msg->length; + + (void)ssl; + (void)sz; + + /* Pass back as much of message as will fit in buffer. */ + if (len > sz) + len = sz; + XMEMCPY(buf, msg->buffer, len); + /* Move over returned data. */ + msg->buffer += len; + msg->length -= (word32)len; + + /* Amount actually copied. */ + return len; +} +#endif + +/* Test the detection of duplicate known TLS extensions. + * Specifically in a ClientHello. + */ +static int test_tls_ext_duplicate(void) +{ + EXPECT_DECLS; +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) && \ + !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC)) + const unsigned char clientHelloDupTlsExt[] = { + 0x16, 0x03, 0x03, 0x00, 0x6a, 0x01, 0x00, 0x00, + 0x66, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe, + 0x6e, 0xab, 0x66, 0xdd, 0xcf, 0xe9, 0x65, 0x55, + 0xe8, 0xdf, 0xc3, 0x8e, 0x4b, 0x00, 0xbc, 0xf8, + 0x23, 0x57, 0x1b, 0xa0, 0xc8, 0xa9, 0xe2, 0x8c, + 0x91, 0x6e, 0xf9, 0x20, 0xf7, 0x5c, 0xc5, 0x5b, + 0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda, + 0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x13, 0x01, + 0x00, 0x9e, 0x01, 0x00, + /* Extensions - duplicate signature algorithms. */ + 0x00, 0x19, 0x00, 0x0d, + 0x00, 0x04, 0x00, 0x02, 0x04, 0x01, 0x00, 0x0d, + 0x00, 0x04, 0x00, 0x02, 0x04, 0x01, + /* Supported Versions extension for TLS 1.3. */ + 0x00, 0x2b, + 0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03 + }; + WOLFSSL_BUFFER_INFO msg; + const char* testCertFile; + const char* testKeyFile; + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + +#ifndef NO_RSA + testCertFile = svrCertFile; + testKeyFile = svrKeyFile; +#elif defined(HAVE_ECC) + testCertFile = eccCertFile; + testKeyFile = eccKeyFile; +#endif + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + CERT_FILETYPE)); + + /* Read from 'msg'. */ + wolfSSL_SetIORecv(ctx, BufferInfoRecv); + /* No where to send to - dummy sender. */ + wolfSSL_SetIOSend(ctx, DummySend); + + ssl = wolfSSL_new(ctx); + ExpectNotNull(ssl); + + msg.buffer = (unsigned char*)clientHelloDupTlsExt; + msg.length = (unsigned int)sizeof(clientHelloDupTlsExt); + wolfSSL_SetIOReadCtx(ssl, &msg); + + ExpectIntNE(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); + /* can return duplicate ext error or socket error if the peer closed down + * while sending alert */ + if (wolfSSL_get_error(ssl, 0) != WC_NO_ERR_TRACE(SOCKET_ERROR_E)) { + ExpectIntEQ(wolfSSL_get_error(ssl, 0), WC_NO_ERR_TRACE(DUPLICATE_TLS_EXT_E)); + } + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + + +/* Test TLS connection abort when legacy version field indicates TLS 1.3 or + * higher. Based on test_tls_ext_duplicate() but with legacy version modified + * to 0x0304. + */ +static int test_tls_bad_legacy_version(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION) +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) && \ + !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC)) + /* This buffer (prior to Extensions) is exactly the same as the buffer in + * test_tls_ext_duplicate() except the 11th byte is set to 0x04. That + * change means the legacy protocol version field is invalid. That will be + * caught before the dulplicate signature algorithms extension. */ + const unsigned char clientHelloBadLegacyVersion[] = { + 0x16, 0x03, 0x03, 0x00, 0x6a, 0x01, 0x00, 0x00, + 0x66, 0x03, 0x04, 0xf4, 0x65, 0xbd, 0x22, 0xfe, + 0x6e, 0xab, 0x66, 0xdd, 0xcf, 0xe9, 0x65, 0x55, + 0xe8, 0xdf, 0xc3, 0x8e, 0x4b, 0x00, 0xbc, 0xf8, + 0x23, 0x57, 0x1b, 0xa0, 0xc8, 0xa9, 0xe2, 0x8c, + 0x91, 0x6e, 0xf9, 0x20, 0xf7, 0x5c, 0xc5, 0x5b, + 0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda, + 0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, 0x13, 0x01, + 0x00, 0x9e, 0x01, 0x00, + /* Extensions */ + 0x00, 0x19, 0x00, 0x0d, + 0x00, 0x04, 0x00, 0x02, 0x04, 0x01, 0x00, 0x15, + 0x00, 0x04, 0x00, 0x02, 0x04, 0x01, + /* Supported Versions extension for TLS 1.3. */ + 0x00, 0x2b, + 0x00, 0x05, 0x04, 0x03, 0x04, 0x03, 0x03 + }; + + WOLFSSL_BUFFER_INFO msg; + const char* testCertFile; + const char* testKeyFile; + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + +#ifndef NO_RSA + testCertFile = svrCertFile; + testKeyFile = svrKeyFile; +#elif defined(HAVE_ECC) + testCertFile = eccCertFile; + testKeyFile = eccKeyFile; +#endif + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + CERT_FILETYPE)); + + /* Read from 'msg'. */ + wolfSSL_SetIORecv(ctx, BufferInfoRecv); + /* No where to send to - dummy sender. */ + wolfSSL_SetIOSend(ctx, DummySend); + + ssl = wolfSSL_new(ctx); + ExpectNotNull(ssl); + + msg.buffer = (unsigned char*)clientHelloBadLegacyVersion; + msg.length = (unsigned int)sizeof(clientHelloBadLegacyVersion); + wolfSSL_SetIOReadCtx(ssl, &msg); + + ExpectIntNE(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); + /* Connection should fail due to bad legacy version field. When that + * happens the return code is VERSION_ERROR but that gets transformed into + * SOCKET_ERROR_E. */ + ExpectIntEQ(wolfSSL_get_error(ssl, 0), WC_NO_ERR_TRACE(SOCKET_ERROR_E)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif +#endif + return EXPECT_RESULT(); +} +/*----------------------------------------------------------------------------* + | X509 Tests + *----------------------------------------------------------------------------*/ +static int test_wolfSSL_X509_NAME_get_entry(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) +#if defined(OPENSSL_ALL) || \ + (defined(OPENSSL_EXTRA) && \ + (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS))) + /* use openssl like name to test mapping */ + X509_NAME_ENTRY* ne = NULL; + X509_NAME* name = NULL; + X509* x509 = NULL; + ASN1_STRING* asn = NULL; + char* subCN = NULL; + int idx = 0; + ASN1_OBJECT *object = NULL; +#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) +#ifndef NO_BIO + BIO* bio = NULL; +#endif +#endif + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = X509_get_subject_name(x509)); + ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); + ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); + ExpectNull(X509_NAME_ENTRY_get_data(NULL)); + ExpectNotNull(asn = X509_NAME_ENTRY_get_data(ne)); + ExpectNotNull(subCN = (char*)ASN1_STRING_data(asn)); + wolfSSL_FreeX509(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = X509_get_subject_name(x509)); + ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); + +#if defined(WOLFSSL_APACHE_HTTPD) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) +#ifndef NO_BIO + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(bio, name, 4, + (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_print_ex_fp(XBADFILE, name, 4, + (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_print_ex_fp(stderr, name, 4, + (XN_FLAG_RFC2253 & ~XN_FLAG_DN_REV)), WOLFSSL_SUCCESS); + BIO_free(bio); +#endif +#endif + + ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); + ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne)); + wolfSSL_FreeX509(x509); +#endif /* OPENSSL_ALL || (OPENSSL_EXTRA && (KEEP_PEER_CERT || SESSION_CERTS) */ +#endif /* !NO_CERTS && !NO_RSA && !NO_FILESYSTEM */ + + return EXPECT_RESULT(); +} + +/* Testing functions dealing with PKCS12 parsing out X509 certs */ +static int test_wolfSSL_PKCS12(void) +{ + EXPECT_DECLS; + /* .p12 file is encrypted with DES3 */ +#ifndef HAVE_FIPS /* Password used in cert "wolfSSL test" is only 12-bytes + * (96-bit) FIPS mode requires Minimum of 14-byte (112-bit) + * Password Key + */ +#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) && !defined(NO_TLS) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_RSA) && \ + !defined(NO_SHA) && defined(HAVE_PKCS12) && !defined(NO_BIO) && \ + defined(WOLFSSL_AES_256) + byte buf[6000]; + char file[] = "./certs/test-servercert.p12"; + char order[] = "./certs/ecc-rsa-server.p12"; +#ifdef WC_RC2 + char rc2p12[] = "./certs/test-servercert-rc2.p12"; +#endif + char pass[] = "a password"; + const char goodPsw[] = "wolfSSL test"; + const char badPsw[] = "bad"; +#ifdef HAVE_ECC + WOLFSSL_X509_NAME *subject = NULL; + WOLFSSL_X509 *x509 = NULL; +#endif + XFILE f = XBADFILE; + int bytes = 0, ret = 0, goodPswLen = 0, badPswLen = 0; + WOLFSSL_BIO *bio = NULL; + WOLFSSL_EVP_PKEY *pkey = NULL; + WC_PKCS12 *pkcs12 = NULL; + WC_PKCS12 *pkcs12_2 = NULL; + WOLFSSL_X509 *cert = NULL; + WOLFSSL_X509 *tmp = NULL; + WOLF_STACK_OF(WOLFSSL_X509) *ca = NULL; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ + || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + WOLF_STACK_OF(WOLFSSL_X509) *tmp_ca = NULL; +#endif + + ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + goodPswLen = (int)XSTRLEN(goodPsw); + badPswLen = (int)XSTRLEN(badPsw); + + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + + ExpectIntEQ(BIO_write(bio, buf, bytes), bytes); /* d2i consumes BIO */ + ExpectNotNull(d2i_PKCS12_bio(bio, &pkcs12)); + ExpectNotNull(pkcs12); + BIO_free(bio); + bio = NULL; + + /* check verify MAC directly */ + ExpectIntEQ(ret = PKCS12_verify_mac(pkcs12, goodPsw, goodPswLen), 1); + + /* check verify MAC fail case directly */ + ExpectIntEQ(ret = PKCS12_verify_mac(pkcs12, badPsw, badPswLen), 0); + + /* check verify MAC fail case */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0); + ExpectNull(pkey); + ExpectNull(cert); + + /* check parse with no extra certs kept */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL), + 1); + ExpectNotNull(pkey); + ExpectNotNull(cert); + + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + wolfSSL_X509_free(cert); + cert = NULL; + + /* check parse with extra certs kept */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), + 1); + ExpectNotNull(pkey); + ExpectNotNull(cert); + ExpectNotNull(ca); + +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ + || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) + + /* Check that SSL_CTX_set0_chain correctly sets the certChain buffer */ +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) +#if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS) + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#endif + /* Copy stack structure */ + ExpectNotNull(tmp_ca = X509_chain_up_ref(ca)); + ExpectIntEQ(SSL_CTX_set0_chain(ctx, tmp_ca), 1); + /* CTX now owns the tmp_ca stack structure */ + tmp_ca = NULL; + ExpectIntEQ(wolfSSL_CTX_get_extra_chain_certs(ctx, &tmp_ca), 1); + ExpectNotNull(tmp_ca); + ExpectIntEQ(sk_X509_num(tmp_ca), sk_X509_num(ca)); + /* Check that the main cert is also set */ + ExpectNotNull(SSL_CTX_get0_certificate(ctx)); + ExpectNotNull(ssl = SSL_new(ctx)); + ExpectNotNull(SSL_get_certificate(ssl)); + SSL_free(ssl); + SSL_CTX_free(ctx); + ctx = NULL; +#endif +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ + /* should be 2 other certs on stack */ + ExpectNotNull(tmp = sk_X509_pop(ca)); + X509_free(tmp); + ExpectNotNull(tmp = sk_X509_pop(ca)); + X509_free(tmp); + ExpectNull(sk_X509_pop(ca)); + + EVP_PKEY_free(pkey); + pkey = NULL; + X509_free(cert); + cert = NULL; + sk_X509_pop_free(ca, X509_free); + ca = NULL; + + /* check PKCS12_create */ + ExpectNull(PKCS12_create(pass, NULL, NULL, NULL, NULL, -1, -1, -1, -1,0)); + ExpectIntEQ(PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), + SSL_SUCCESS); + ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca, + -1, -1, 100, -1, 0))); + EVP_PKEY_free(pkey); + pkey = NULL; + X509_free(cert); + cert = NULL; + sk_X509_pop_free(ca, NULL); + ca = NULL; + + ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), + SSL_SUCCESS); + PKCS12_free(pkcs12_2); + pkcs12_2 = NULL; + ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, ca, + NID_pbe_WithSHA1And3_Key_TripleDES_CBC, + NID_pbe_WithSHA1And3_Key_TripleDES_CBC, + 2000, 1, 0))); + EVP_PKEY_free(pkey); + pkey = NULL; + X509_free(cert); + cert = NULL; + sk_X509_pop_free(ca, NULL); + ca = NULL; + + /* convert to DER then back and parse */ + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(i2d_PKCS12_bio(bio, pkcs12_2), SSL_SUCCESS); + PKCS12_free(pkcs12_2); + pkcs12_2 = NULL; + + ExpectNotNull(pkcs12_2 = d2i_PKCS12_bio(bio, NULL)); + BIO_free(bio); + bio = NULL; + ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), + SSL_SUCCESS); + + /* should be 2 other certs on stack */ + ExpectNotNull(tmp = sk_X509_pop(ca)); + X509_free(tmp); + ExpectNotNull(tmp = sk_X509_pop(ca)); + X509_free(tmp); + ExpectNull(sk_X509_pop(ca)); + + +#ifndef NO_RC4 + PKCS12_free(pkcs12_2); + pkcs12_2 = NULL; + ExpectNotNull((pkcs12_2 = PKCS12_create(pass, NULL, pkey, cert, NULL, + NID_pbe_WithSHA1And128BitRC4, + NID_pbe_WithSHA1And128BitRC4, + 2000, 1, 0))); + EVP_PKEY_free(pkey); + pkey = NULL; + X509_free(cert); + cert = NULL; + sk_X509_pop_free(ca, NULL); + ca = NULL; + + ExpectIntEQ(PKCS12_parse(pkcs12_2, "a password", &pkey, &cert, &ca), + SSL_SUCCESS); + +#endif /* NO_RC4 */ + + EVP_PKEY_free(pkey); + pkey = NULL; + X509_free(cert); + cert = NULL; + PKCS12_free(pkcs12); + pkcs12 = NULL; + PKCS12_free(pkcs12_2); + pkcs12_2 = NULL; + sk_X509_pop_free(ca, NULL); + ca = NULL; + +#ifdef HAVE_ECC + /* test order of parsing */ + ExpectTrue((f = XFOPEN(order, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); + ExpectNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); + ExpectIntEQ((ret = PKCS12_parse(pkcs12, "", &pkey, &cert, &ca)), + WOLFSSL_SUCCESS); + + /* check use of pkey after parse */ +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) || defined(WOLFSSL_HAPROXY) \ + || defined(WOLFSSL_NGINX)) && defined(SESSION_CERTS) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) +#if !defined(NO_WOLFSSL_CLIENT) && defined(SESSION_CERTS) + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#endif + ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), WOLFSSL_SUCCESS); + SSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ +#endif + + ExpectNotNull(pkey); + ExpectNotNull(cert); + ExpectNotNull(ca); + + /* compare subject lines of certificates */ + ExpectNotNull(subject = wolfSSL_X509_get_subject_name(cert)); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccRsaCertFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, + (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); + X509_free(x509); + x509 = NULL; + + /* test expected fail case */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile, + SSL_FILETYPE_PEM)); + ExpectIntNE(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, + (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); + X509_free(x509); + x509 = NULL; + X509_free(cert); + cert = NULL; + + /* get subject line from ca stack */ + ExpectNotNull(cert = sk_X509_pop(ca)); + ExpectNotNull(subject = wolfSSL_X509_get_subject_name(cert)); + + /* compare subject from certificate in ca to expected */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(eccCertFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, + (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); + + /* modify case and compare subject from certificate in ca to expected. + * The first bit of the name is: + * /C=US/ST=Washington + * So we'll change subject->name[1] to 'c' (lower case) */ + if (subject != NULL) { + subject->name[1] = 'c'; + ExpectIntEQ(wolfSSL_X509_NAME_cmp((const WOLFSSL_X509_NAME*)subject, + (const WOLFSSL_X509_NAME*)wolfSSL_X509_get_subject_name(x509)), 0); + } + + EVP_PKEY_free(pkey); + pkey = NULL; + X509_free(x509); + x509 = NULL; + X509_free(cert); + cert = NULL; + BIO_free(bio); + bio = NULL; + PKCS12_free(pkcs12); + pkcs12 = NULL; + sk_X509_pop_free(ca, NULL); /* TEST d2i_PKCS12_fp */ + ca = NULL; + + /* test order of parsing */ + ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); + ExpectNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + /* check verify MAC fail case */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0); + ExpectNull(pkey); + ExpectNull(cert); + + /* check parse with no extra certs kept */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL), + 1); + ExpectNotNull(pkey); + ExpectNotNull(cert); + + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + wolfSSL_X509_free(cert); + cert = NULL; + + /* check parse with extra certs kept */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), + 1); + ExpectNotNull(pkey); + ExpectNotNull(cert); + ExpectNotNull(ca); + + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + wolfSSL_X509_free(cert); + cert = NULL; + sk_X509_pop_free(ca, NULL); + ca = NULL; + + PKCS12_free(pkcs12); + pkcs12 = NULL; +#endif /* HAVE_ECC */ + +#ifdef WC_RC2 + /* test PKCS#12 with RC2 encryption */ + ExpectTrue((f = XFOPEN(rc2p12, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); + ExpectNotNull(pkcs12 = d2i_PKCS12_bio(bio, NULL)); + + /* check verify MAC fail case */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "bad", &pkey, &cert, NULL), 0); + ExpectNull(pkey); + ExpectNull(cert); + + /* check parse with not extra certs kept */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, NULL), + WOLFSSL_SUCCESS); + ExpectNotNull(pkey); + ExpectNotNull(cert); + + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + wolfSSL_X509_free(cert); + cert = NULL; + + /* check parse with extra certs kept */ + ExpectIntEQ(ret = PKCS12_parse(pkcs12, "wolfSSL test", &pkey, &cert, &ca), + WOLFSSL_SUCCESS); + ExpectNotNull(pkey); + ExpectNotNull(cert); + ExpectNotNull(ca); + + wolfSSL_EVP_PKEY_free(pkey); + wolfSSL_X509_free(cert); + sk_X509_pop_free(ca, NULL); + + BIO_free(bio); + bio = NULL; + PKCS12_free(pkcs12); + pkcs12 = NULL; +#endif /* WC_RC2 */ + + /* Test i2d_PKCS12_bio */ + ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); + ExpectNotNull(pkcs12 = d2i_PKCS12_fp(f, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + + ExpectIntEQ(ret = i2d_PKCS12_bio(bio, pkcs12), 1); + + ExpectIntEQ(ret = i2d_PKCS12_bio(NULL, pkcs12), 0); + + ExpectIntEQ(ret = i2d_PKCS12_bio(bio, NULL), 0); + + PKCS12_free(pkcs12); + BIO_free(bio); + + (void)order; +#endif /* OPENSSL_EXTRA */ +#endif /* HAVE_FIPS */ + return EXPECT_RESULT(); +} + + +#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_PWDBASED) && \ + (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_MD5) + #define TEST_PKCS8_ENC +#endif + +#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_TLS) + +/* used to keep track if FailTestCallback was called */ +static int failTestCallbackCalled = 0; + +static WC_INLINE int FailTestCallBack(char* passwd, int sz, int rw, void* userdata) +{ + (void)passwd; + (void)sz; + (void)rw; + (void)userdata; + + /* mark called, test_wolfSSL_no_password_cb() will check and fail if set */ + failTestCallbackCalled = 1; + + return -1; +} +#endif + +static int test_wolfSSL_no_password_cb(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + defined(HAVE_ECC) && defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_TLS) + WOLFSSL_CTX* ctx = NULL; + byte buff[FOURK_BUF]; + const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der"; + const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem"; + XFILE f = XBADFILE; + int bytes = 0; + +#ifndef NO_WOLFSSL_CLIENT + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLS_client_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLS_server_method())); +#endif + wolfSSL_CTX_set_default_passwd_cb(ctx, FailTestCallBack); + + ExpectTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + ExpectIntLE(bytes, sizeof(buff)); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + ExpectTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + ExpectIntLE(bytes, sizeof(buff)); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + + wolfSSL_CTX_free(ctx); + + /* Password callback should not be called by default */ + ExpectIntEQ(failTestCallbackCalled, 0); +#endif + return EXPECT_RESULT(); +} + +#if defined(TEST_PKCS8_ENC) && !defined(NO_TLS) +/* for PKCS8 test case */ +static int PKCS8TestCallBack(char* passwd, int sz, int rw, void* userdata) +{ + int flag = 0; + + (void)rw; + if (userdata != NULL) { + flag = *((int*)userdata); /* user set data */ + } + + switch (flag) { + case 1: /* flag set for specific WOLFSSL_CTX structure, note userdata + * can be anything the user wishes to be passed to the callback + * associated with the WOLFSSL_CTX */ + XSTRNCPY(passwd, "yassl123", sz); + return 8; + + default: + return BAD_FUNC_ARG; + } +} +#endif /* TEST_PKCS8_ENC && !NO_TLS */ + +/* Testing functions dealing with PKCS8 */ +static int test_wolfSSL_PKCS8(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + !defined(WOLFCRYPT_ONLY) && !defined(NO_TLS) && \ + (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13)) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) + byte buff[FOURK_BUF]; + byte der[FOURK_BUF]; + #ifndef NO_RSA +#ifdef WOLFSSL_PEM_TO_DER + const char serverKeyPkcs8PemFile[] = "./certs/server-keyPkcs8.pem"; +#endif + const char serverKeyPkcs8DerFile[] = "./certs/server-keyPkcs8.der"; + #endif +#ifdef WOLFSSL_PEM_TO_DER + const char eccPkcs8PrivKeyPemFile[] = "./certs/ecc-privkeyPkcs8.pem"; +#endif + #ifdef HAVE_ECC + const char eccPkcs8PrivKeyDerFile[] = "./certs/ecc-privkeyPkcs8.der"; + #endif + XFILE f = XBADFILE; + int bytes = 0; + WOLFSSL_CTX* ctx = NULL; +#if defined(HAVE_ECC) && !defined(NO_CODING) && !defined(WOLFSSL_NO_PEM) + int ret; + ecc_key key; + word32 x = 0; +#endif +#ifdef TEST_PKCS8_ENC + #if !defined(NO_RSA) && !defined(NO_SHA) + const char serverKeyPkcs8EncPemFile[] = "./certs/server-keyPkcs8Enc.pem"; + const char serverKeyPkcs8EncDerFile[] = "./certs/server-keyPkcs8Enc.der"; + #endif + #if defined(HAVE_ECC) && !defined(NO_SHA) + const char eccPkcs8EncPrivKeyPemFile[] = "./certs/ecc-keyPkcs8Enc.pem"; + const char eccPkcs8EncPrivKeyDerFile[] = "./certs/ecc-keyPkcs8Enc.der"; + #endif + int flag; +#endif + + (void)der; + +#ifndef NO_WOLFSSL_CLIENT + #ifndef WOLFSSL_NO_TLS12 + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + #endif +#else + #ifndef WOLFSSL_NO_TLS12 + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + #endif +#endif + +#ifdef TEST_PKCS8_ENC + wolfSSL_CTX_set_default_passwd_cb(ctx, PKCS8TestCallBack); + wolfSSL_CTX_set_default_passwd_cb_userdata(ctx, (void*)&flag); + flag = 1; /* used by password callback as return code */ + + #if !defined(NO_RSA) && !defined(NO_SHA) + #if defined(WOLFSSL_PEM_TO_DER) + /* test loading PEM PKCS8 encrypted file */ + ExpectTrue((f = XFOPEN(serverKeyPkcs8EncPemFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + + /* this next case should fail because of password callback return code */ + flag = 0; /* used by password callback as return code */ + ExpectIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + + /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */ + ExpectIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), + "yassl123"), 0); + + /* test that error value is returned with a bad password */ + ExpectIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), + "bad"), 0); + #endif + + /* test loading PEM PKCS8 encrypted file */ + ExpectTrue((f = XFOPEN(serverKeyPkcs8EncDerFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + flag = 1; /* used by password callback as return code */ + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* this next case should fail because of password callback return code */ + flag = 0; /* used by password callback as return code */ + ExpectIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + #endif /* !NO_RSA && !NO_SHA */ + + #if defined(HAVE_ECC) && !defined(NO_SHA) + #if defined(WOLFSSL_PEM_TO_DER) + /* test loading PEM PKCS8 encrypted ECC Key file */ + ExpectTrue((f = XFOPEN(eccPkcs8EncPrivKeyPemFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + flag = 1; /* used by password callback as return code */ + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + + /* this next case should fail because of password callback return code */ + flag = 0; /* used by password callback as return code */ + ExpectIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + + /* decrypt PKCS8 PEM to key in DER format with not using WOLFSSL_CTX */ + ExpectIntGT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), + "yassl123"), 0); + + /* test that error value is returned with a bad password */ + ExpectIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), + "bad"), 0); + #endif + + /* test loading DER PKCS8 encrypted ECC Key file */ + ExpectTrue((f = XFOPEN(eccPkcs8EncPrivKeyDerFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + flag = 1; /* used by password callback as return code */ + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* this next case should fail because of password callback return code */ + flag = 0; /* used by password callback as return code */ + ExpectIntNE(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + /* leave flag as "okay" */ + flag = 1; + #endif /* HAVE_ECC && !NO_SHA */ +#endif /* TEST_PKCS8_ENC */ + + +#ifndef NO_RSA + /* test loading ASN.1 (DER) PKCS8 private key file (not encrypted) */ + ExpectTrue((f = XFOPEN(serverKeyPkcs8DerFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + #ifdef WOLFSSL_PEM_TO_DER + /* test loading PEM PKCS8 private key file (not encrypted) */ + ExpectTrue((f = XFOPEN(serverKeyPkcs8PemFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + #endif +#endif /* !NO_RSA */ + +#ifdef WOLFSSL_PEM_TO_DER + /* Test PKCS8 PEM ECC key no crypt */ + ExpectTrue((f = XFOPEN(eccPkcs8PrivKeyPemFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } +#endif +#ifdef HAVE_ECC +#ifdef WOLFSSL_PEM_TO_DER + /* Test PKCS8 PEM ECC key no crypt */ + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + + /* decrypt PKCS8 PEM to key in DER format */ + ExpectIntGT((bytes = wc_KeyPemToDer(buff, bytes, der, + (word32)sizeof(der), NULL)), 0); + ret = wc_ecc_init(&key); + if (ret == 0) { + ret = wc_EccPrivateKeyDecode(der, &x, &key, (word32)bytes); + wc_ecc_free(&key); + } + ExpectIntEQ(ret, 0); +#endif + + /* Test PKCS8 DER ECC key no crypt */ + ExpectTrue((f = XFOPEN(eccPkcs8PrivKeyDerFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + /* Test using a PKCS8 ECC PEM */ + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, buff, bytes, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); +#else +#ifdef WOLFSSL_PEM_TO_DER + /* if HAVE_ECC is not defined then BEGIN EC PRIVATE KEY is not found */ + ExpectIntEQ((bytes = wc_KeyPemToDer(buff, bytes, der, + (word32)sizeof(der), NULL)), WC_NO_ERR_TRACE(ASN_NO_PEM_HEADER)); +#endif +#endif /* HAVE_ECC */ + + wolfSSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ +#endif /* !NO_FILESYSTEM && !NO_ASN && HAVE_PKCS8 */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PKCS8_ED25519(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \ + defined(WOLFSSL_AES_256) && \ + defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED25519) && \ + defined(HAVE_ED25519_KEY_IMPORT) + const byte encPrivKey[] = \ + "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" + "MIGbMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAheCGLmWGh7+AICCAAw\n" + "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEC4L5P6GappsTyhOOoQfvh8EQJMX\n" + "OAdlsYKCOcFo4djg6AI1lRdeBRwVFWkha7gBdoCJOzS8wDvTbYcJMPvANu5ft3nl\n" + "2L9W4v7swXkV+X+a1ww=\n" + "-----END ENCRYPTED PRIVATE KEY-----\n"; + const char password[] = "abcdefghijklmnopqrstuvwxyz"; + byte der[FOURK_BUF]; +#if !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + WOLFSSL_CTX* ctx = NULL; +#endif + int bytes; + + XMEMSET(der, 0, sizeof(der)); + ExpectIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der, + (word32)sizeof(der), password)), 0); +#if !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + wolfSSL_CTX_free(ctx); +#endif /* !NO_TLS && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) */ +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PKCS8_ED448(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && defined(HAVE_AES_CBC) && \ + defined(WOLFSSL_AES_256) && \ + defined(WOLFSSL_ENCRYPTED_KEYS) && defined(HAVE_ED448) && \ + defined(HAVE_ED448_KEY_IMPORT) + const byte encPrivKey[] = \ + "-----BEGIN ENCRYPTED PRIVATE KEY-----\n" + "MIGrMFcGCSqGSIb3DQEFDTBKMCkGCSqGSIb3DQEFDDAcBAjSbZKnG4EPggICCAAw\n" + "DAYIKoZIhvcNAgkFADAdBglghkgBZQMEASoEEFvCFWBBHBlJBsYleBJlJWcEUNC7\n" + "Tf5pZviT5Btar4D/MNg6BsQHSDf5KW4ix871EsgDY2Zz+euaoWspiMntz7gU+PQu\n" + "T/JJcbD2Ly8BbE3l5WHMifAQqNLxJBfXrHkfYtAo\n" + "-----END ENCRYPTED PRIVATE KEY-----\n"; + const char password[] = "abcdefghijklmnopqrstuvwxyz"; + byte der[FOURK_BUF]; +#if !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + WOLFSSL_CTX* ctx = NULL; +#endif + int bytes; + + XMEMSET(der, 0, sizeof(der)); + ExpectIntGT((bytes = wc_KeyPemToDer(encPrivKey, sizeof(encPrivKey), der, + (word32)sizeof(der), password)), 0); +#if !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, bytes, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + wolfSSL_CTX_free(ctx); +#endif /* !NO_TLS && (!NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER) */ +#endif + return EXPECT_RESULT(); +} + +/* Testing functions dealing with PKCS5 */ +static int test_wolfSSL_PKCS5(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_SHA) && !defined(NO_PWDBASED) +#ifdef HAVE_FIPS /* Password minimum length is 14 (112-bit) in FIPS MODE */ + const char* passwd = "myfipsPa$$W0rd"; +#else + const char *passwd = "pass1234"; +#endif + const unsigned char *salt = (unsigned char *)"salt1234"; + unsigned char *out = (unsigned char *)XMALLOC(WC_SHA_DIGEST_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + int ret = 0; + + ExpectNotNull(out); + ExpectIntEQ(ret = PKCS5_PBKDF2_HMAC_SHA1(passwd,(int)XSTRLEN(passwd), salt, + (int)XSTRLEN((const char *) salt), 10, WC_SHA_DIGEST_SIZE,out), + WOLFSSL_SUCCESS); + +#ifdef WOLFSSL_SHA512 + ExpectIntEQ(ret = PKCS5_PBKDF2_HMAC(passwd,(int)XSTRLEN(passwd), salt, + (int)XSTRLEN((const char *) salt), 10, wolfSSL_EVP_sha512(), + WC_SHA_DIGEST_SIZE, out), SSL_SUCCESS); +#endif + + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_SHA) */ + return EXPECT_RESULT(); +} + +/* test parsing URI from certificate */ +static int test_wolfSSL_URI(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ + && (defined(KEEP_PEER_CERT) || defined(SESSION_CERTS) || \ + defined(OPENSSL_EXTRA)) + WOLFSSL_X509* x509 = NULL; + const char uri[] = "./certs/client-uri-cert.pem"; + const char urn[] = "./certs/client-absolute-urn.pem"; + const char badUri[] = "./certs/client-relative-uri.pem"; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(uri, + WOLFSSL_FILETYPE_PEM)); + wolfSSL_FreeX509(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(urn, + WOLFSSL_FILETYPE_PEM)); + wolfSSL_FreeX509(x509); + x509 = NULL; + +#if !defined(IGNORE_NAME_CONSTRAINTS) && !defined(WOLFSSL_NO_ASN_STRICT) \ + && !defined(WOLFSSL_FPKI) + ExpectNull(x509 = wolfSSL_X509_load_certificate_file(badUri, + WOLFSSL_FILETYPE_PEM)); +#else + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(badUri, + WOLFSSL_FILETYPE_PEM)); +#endif + wolfSSL_FreeX509(x509); +#endif + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_TBS(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) \ + && defined(OPENSSL_EXTRA) + WOLFSSL_X509* x509 = NULL; + const unsigned char* tbs; + int tbsSz; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz)); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caCertFile, + WOLFSSL_FILETYPE_PEM)); + + ExpectNull(tbs = wolfSSL_X509_get_tbs(NULL, &tbsSz)); + ExpectNull(tbs = wolfSSL_X509_get_tbs(x509, NULL)); + ExpectNotNull(tbs = wolfSSL_X509_get_tbs(x509, &tbsSz)); + ExpectIntEQ(tbsSz, 1003); + + wolfSSL_FreeX509(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_verify(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \ + defined(OPENSSL_EXTRA) + WOLFSSL_X509* ca = NULL; + WOLFSSL_X509* serv = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + unsigned char buf[2048]; + const unsigned char* pt = NULL; + int bufSz = 0; + + ExpectNotNull(ca = wolfSSL_X509_load_certificate_file(caCertFile, + WOLFSSL_FILETYPE_PEM)); + + ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, NULL), + WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(NULL, buf, &bufSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, NULL, &bufSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(bufSz, 294); + + bufSz--; + ExpectIntNE(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz), + WOLFSSL_SUCCESS); + bufSz = 2048; + ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(ca, buf, &bufSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_get_pubkey_type(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_get_pubkey_type(ca), RSAk); + + + ExpectNotNull(serv = wolfSSL_X509_load_certificate_file(svrCertFile, + WOLFSSL_FILETYPE_PEM)); + + /* success case */ + pt = buf; + ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); + + ExpectIntEQ(i2d_PUBKEY(pkey, NULL), bufSz); + + ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + + /* fail case */ + bufSz = 2048; + ExpectIntEQ(wolfSSL_X509_get_pubkey_buffer(serv, buf, &bufSz), + WOLFSSL_SUCCESS); + pt = buf; + ExpectNotNull(pkey = wolfSSL_d2i_PUBKEY(NULL, &pt, bufSz)); + ExpectIntEQ(wolfSSL_X509_verify(serv, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(wolfSSL_X509_verify(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_X509_verify(serv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + +#ifndef NO_WOLFSSL_STUB + ExpectNull(wolfSSL_X509_get0_pubkey_bitstr(NULL)); + ExpectNull(wolfSSL_X509_get0_pubkey_bitstr(serv)); +#endif + + wolfSSL_EVP_PKEY_free(pkey); + + wolfSSL_FreeX509(ca); + wolfSSL_FreeX509(serv); +#endif + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) +/* Given acert file and its pubkey file, read them and then + * attempt to verify signed acert. + * + * If expect_pass is true, then verification should pass. + * If expect_pass is false, then verification should fail. + * */ +static int do_acert_verify_test(const char * acert_file, + const char * pkey_file, + size_t expect_pass) +{ + X509_ACERT * x509 = NULL; + EVP_PKEY * pkey = NULL; + BIO * bp = NULL; + int verify_rc = 0; + + /* First read the attribute certificate. */ + bp = BIO_new_file(acert_file, "r"); + if (bp == NULL) { + return -1; + } + + x509 = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL); + BIO_free(bp); + bp = NULL; + + if (x509 == NULL) { + return -1; + } + + /* Next read the associated pub key. */ + bp = BIO_new_file(pkey_file, "r"); + + if (bp == NULL) { + X509_ACERT_free(x509); + x509 = NULL; + return -1; + } + + pkey = PEM_read_bio_PUBKEY(bp, &pkey, NULL, NULL); + BIO_free(bp); + bp = NULL; + + if (pkey == NULL) { + X509_ACERT_free(x509); + x509 = NULL; + return -1; + } + + /* Finally, do verification. */ + verify_rc = X509_ACERT_verify(x509, pkey); + + X509_ACERT_free(x509); + x509 = NULL; + + EVP_PKEY_free(pkey); + pkey = NULL; + + if (expect_pass && verify_rc != 1) { + return -1; + } + + if (!expect_pass && verify_rc == 1) { + return -1; + } + + return 0; +} +#endif + +static int test_wolfSSL_X509_ACERT_verify(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) + /* Walk over list of signed ACERTs and their pubkeys. + * All should load and pass verification. */ + const char * acerts[4] = {"certs/acert/acert.pem", + "certs/acert/acert_ietf.pem", + "certs/acert/rsa_pss/acert.pem", + "certs/acert/rsa_pss/acert_ietf.pem"}; + const char * pkeys[4] = {"certs/acert/acert_pubkey.pem", + "certs/acert/acert_ietf_pubkey.pem", + "certs/acert/rsa_pss/acert_pubkey.pem", + "certs/acert/rsa_pss/acert_ietf_pubkey.pem"}; + int rc = 0; + size_t i = 0; + size_t j = 0; + + for (i = 0; i < 4; ++i) { + for (j = i; j < 4; ++j) { + rc = do_acert_verify_test(acerts[i], pkeys[j], i == j); + + if (rc) { + fprintf(stderr, "error: %s: i = %zu, j = %zu, rc = %d\n", + "do_acert_verify_test", i, j, rc); + break; + } + } + + if (rc) { break; } + } + + ExpectIntEQ(rc, 0); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_ACERT_misc_api(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) + const char * acerts[4] = {"certs/acert/acert.pem", + "certs/acert/acert_ietf.pem", + "certs/acert/rsa_pss/acert.pem", + "certs/acert/rsa_pss/acert_ietf.pem"}; + int rc = 0; + X509_ACERT * x509 = NULL; + BIO * bp = NULL; + long ver_long = 0; + int ver = 0; + int nid = 0; + const byte * raw_attr = NULL; + word32 attr_len = 0; + size_t i = 0; + int buf_len = 0; + byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, + 0xa2, 0xaa, 0xb5, 0x40, 0x21, + 0x44, 0xb8, 0x2c, 0x4f, 0xd9, + 0x80, 0x1b, 0x5f, 0x57, 0xc2}; + + for (i = 0; i < 4; ++i) { + const char * acert_file = acerts[i]; + int is_rsa_pss = 0; + int is_ietf_acert = 0; + byte serial[64]; + int serial_len = sizeof(serial); + + XMEMSET(serial, 0, sizeof(serial)); + + is_rsa_pss = XSTRSTR(acert_file, "rsa_pss") != NULL ? 1 : 0; + is_ietf_acert = XSTRSTR(acert_file, "ietf.pem") != NULL ? 1 : 0; + + /* First read the attribute certificate. */ + bp = BIO_new_file(acert_file, "r"); + ExpectNotNull(bp); + + x509 = PEM_read_bio_X509_ACERT(bp, NULL, NULL, NULL); + ExpectNotNull(x509); + + /* We're done with the bio for now. */ + if (bp != NULL) { + BIO_free(bp); + bp = NULL; + } + + /* Check version and signature NID. */ + ver_long = X509_ACERT_get_version(x509); + ExpectIntEQ(ver_long, 1); + + ver = wolfSSL_X509_ACERT_version(x509); + ExpectIntEQ(ver, 2); + + nid = X509_ACERT_get_signature_nid(x509); + + if (is_rsa_pss) { + ExpectIntEQ(nid, NID_rsassaPss); + } + else { + ExpectIntEQ(nid, NID_sha256WithRSAEncryption); + } + + /* Get the serial number buffer. + * The ietf acert example has a 20 byte serial number. */ + rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + if (is_ietf_acert) { + ExpectIntEQ(serial_len, 20); + ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0); + } + else { + ExpectIntEQ(serial_len, 1); + ExpectTrue(serial[0] == 0x01); + } + + /* Repeat the same but with null serial buffer. This is ok. */ + rc = wolfSSL_X509_ACERT_get_serial_number(x509, NULL, &serial_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + if (is_ietf_acert) { + ExpectIntEQ(serial_len, 20); + } + else { + ExpectIntEQ(serial_len, 1); + ExpectTrue(serial[0] == 0x01); + } + + /* Get the attributes buffer. */ + rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + if (is_ietf_acert) { + /* This cert has a 65 byte attributes field. */ + ExpectNotNull(raw_attr); + ExpectIntEQ(attr_len, 65); + } + else { + /* This cert has a 237 byte attributes field. */ + ExpectNotNull(raw_attr); + ExpectIntEQ(attr_len, 237); + } + + /* Test printing acert to memory bio. */ + ExpectNotNull(bp = BIO_new(BIO_s_mem())); + rc = X509_ACERT_print(bp, x509); + ExpectIntEQ(rc, SSL_SUCCESS); + + /* Now do a bunch of invalid stuff with partially valid inputs. */ + rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, NULL); + ExpectIntEQ(rc, BAD_FUNC_ARG); + + rc = wolfSSL_X509_ACERT_get_attr_buf(x509, NULL, &attr_len); + ExpectIntEQ(rc, BAD_FUNC_ARG); + + rc = wolfSSL_X509_ACERT_get_attr_buf(NULL, &raw_attr, &attr_len); + ExpectIntEQ(rc, BAD_FUNC_ARG); + + ver_long = X509_ACERT_get_version(NULL); + ExpectIntEQ(ver_long, 0); + + ver = wolfSSL_X509_ACERT_version(NULL); + ExpectIntEQ(ver, 0); + + rc = wolfSSL_X509_ACERT_get_signature(x509, NULL, NULL); + ExpectIntEQ(rc, WOLFSSL_FATAL_ERROR); + + rc = wolfSSL_X509_ACERT_get_signature(x509, NULL, &buf_len); + ExpectIntEQ(rc, SSL_SUCCESS); + ExpectIntEQ(buf_len, 256); + + rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, NULL); + ExpectIntEQ(rc, BAD_FUNC_ARG); + + rc = X509_ACERT_print(bp, NULL); + ExpectIntEQ(rc, WOLFSSL_FAILURE); + + rc = X509_ACERT_print(NULL, x509); + ExpectIntEQ(rc, WOLFSSL_FAILURE); + + /* Finally free the acert and bio, we're done with them. */ + if (x509 != NULL) { + X509_ACERT_free(x509); + x509 = NULL; + } + + if (bp != NULL) { + BIO_free(bp); + bp = NULL; + } + } +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_ACERT_buffer(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && defined(WC_RSA_PSS) && \ + (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) + const byte acert_ietf[] = \ + "-----BEGIN ATTRIBUTE CERTIFICATE-----\n" + "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n" + "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n" + "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n" + "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n" + "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n" + "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n" + "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n" + "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n" + "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" + "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n" + "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n" + "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n" + "Bw==\n" + "-----END ATTRIBUTE CERTIFICATE-----\n"; + X509_ACERT * x509 = NULL; + int rc = 0; + byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, + 0xa2, 0xaa, 0xb5, 0x40, 0x21, + 0x44, 0xb8, 0x2c, 0x4f, 0xd9, + 0x80, 0x1b, 0x5f, 0x57, 0xc2}; + byte serial[64]; + int serial_len = sizeof(serial); + const byte * raw_attr = NULL; + word32 attr_len = 0; + + x509 = wolfSSL_X509_ACERT_load_certificate_buffer_ex(acert_ietf, + sizeof(acert_ietf), + WOLFSSL_FILETYPE_PEM, + HEAP_HINT); + + rc = wolfSSL_X509_ACERT_get_serial_number(x509, serial, &serial_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + ExpectIntEQ(serial_len, 20); + ExpectIntEQ(XMEMCMP(serial, ietf_serial, sizeof(ietf_serial)), 0); + + /* Get the attributes buffer. */ + rc = wolfSSL_X509_ACERT_get_attr_buf(x509, &raw_attr, &attr_len); + ExpectIntEQ(rc, SSL_SUCCESS); + + /* This cert has a 65 byte attributes field. */ + ExpectNotNull(raw_attr); + ExpectIntEQ(attr_len, 65); + + ExpectNotNull(x509); + + if (x509 != NULL) { + wolfSSL_X509_ACERT_free(x509); + x509 = NULL; + } +#endif + return EXPECT_RESULT(); +} + +/* note: when ACERT generation and signing are implemented, + * this test will be filled out appropriately. + * */ +static int test_wolfSSL_X509_ACERT_new_and_sign(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && defined(WC_RSA_PSS) && \ + (defined(OPENSSL_EXTRA_X509_SMALL) || defined(OPENSSL_EXTRA)) + X509_ACERT * x509 = NULL; + int rc = 0; + + x509 = X509_ACERT_new(); + ExpectNotNull(x509); + + if (x509 != NULL) { + wolfSSL_X509_ACERT_free(x509); + x509 = NULL; + } + + /* Same but with static memory hint. */ + x509 = wolfSSL_X509_ACERT_new_ex(HEAP_HINT); + ExpectNotNull(x509); + + #ifndef NO_WOLFSSL_STUB + /* ACERT sign not implemented yet. */ + if (x509 != NULL) { + rc = wolfSSL_X509_ACERT_sign(x509, NULL, NULL); + ExpectIntEQ(rc, WOLFSSL_NOT_IMPLEMENTED); + } + #else + (void) rc; + #endif /* NO_WOLFSSL_STUB */ + + if (x509 != NULL) { + wolfSSL_X509_ACERT_free(x509); + x509 = NULL; + } + +#endif + return EXPECT_RESULT(); +} + +/* Test ACERT support, but with ASN functions only. + * + * This example acert_ietf has both Holder IssuerSerial + * and Holder entityName fields. + * */ +static int test_wolfSSL_X509_ACERT_asn(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ACERT) && !defined(NO_CERTS) + const byte acert_ietf[] = \ + "-----BEGIN ATTRIBUTE CERTIFICATE-----\n" + "MIICPTCCASUCAQEwN6AWMBGkDzANMQswCQYDVQQDDAJDQQIBAqEdpBswGTEXMBUG\n" + "A1UEAwwOc2VydmVyLmV4YW1wbGWgLTArpCkwJzElMCMGA1UEAwwcQXR0cmlidXRl\n" + "IENlcnRpZmljYXRlIElzc3VlcjANBgkqhkiG9w0BAQsFAAIUA7WQWQKiqrVAIUS4\n" + "LE/ZgBtfV8IwIhgPMjAyMTA2MTUxMjM1MDBaGA8yMDMxMDYxMzEyMzUwMFowQTAj\n" + "BggrBgEFBQcKBDEXMBWgCYYHVGVzdHZhbDAIDAZncm91cDEwGgYDVQRIMRMwEaEP\n" + "gw1hZG1pbmlzdHJhdG9yMCwwHwYDVR0jBBgwFoAUYm7JaGdsZLtTgt0tqoCK2MrI\n" + "i10wCQYDVR04BAIFADANBgkqhkiG9w0BAQsFAAOCAQEAlIOJ2Dj3TEUj6BIv6vUs\n" + "GqFWms05i+d10XSzWrunlUTQPoJcUjYkifOWp/7RpZ2XnRl+6hH+nIbmwSmXWwBn\n" + "ERw2bQMmw/""/nWuN4Qv9t7ltuovWC0pJX6VMT1IRTuTV4SxuZpFL37vkmnFlPBlb+\n" + "mn3ESSxLTjThWFIq1tip4IaxE/i5Uh32GlJglatFHM1PCGoJtyLtYb6KHDlvknw6\n" + "coDyjIcj0FZwtQw41jLwxI8jWNmrpt978wdpprB/URrRs+m02HmeQoiHFi/qvdv8\n" + "d+5vHf3Pi/ulhz/+dvr0p1vEQSoFnYxLXuty2p5m3PJPZCFmT3gURgmgR3BN9d7A\n" + "Bw==\n" + "-----END ATTRIBUTE CERTIFICATE-----\n"; + int rc = 0; + int n_diff = 0; + byte ietf_serial[] = {0x03, 0xb5, 0x90, 0x59, 0x02, + 0xa2, 0xaa, 0xb5, 0x40, 0x21, + 0x44, 0xb8, 0x2c, 0x4f, 0xd9, + 0x80, 0x1b, 0x5f, 0x57, 0xc2}; + byte holderIssuerName[] = {0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x02, 0x43, 0x41}; + byte holderEntityName[] = {0x31, 0x17, 0x30, 0x15, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x0e, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x2e, 0x65, 0x78, + 0x61, 0x6d, 0x70, 0x6c, 0x65}; + DerBuffer * der = NULL; + WC_DECLARE_VAR(acert, DecodedAcert, 1, 0); + + rc = wc_PemToDer(acert_ietf, sizeof(acert_ietf), ACERT_TYPE, &der, + HEAP_HINT, NULL, NULL); + + ExpectIntEQ(rc, 0); + ExpectNotNull(der); + + if (der != NULL) { + ExpectNotNull(der->buffer); + } + +#ifdef WOLFSSL_SMALL_STACK + acert = (DecodedAcert*)XMALLOC(sizeof(DecodedAcert), HEAP_HINT, + DYNAMIC_TYPE_DCERT); + ExpectNotNull(acert); +#else + XMEMSET(acert, 0, sizeof(DecodedAcert)); +#endif + + if (der != NULL && der->buffer != NULL +#ifdef WOLFSSL_SMALL_STACK + && acert != NULL +#endif + ) { + wc_InitDecodedAcert(acert, der->buffer, der->length, HEAP_HINT); + rc = wc_ParseX509Acert(acert, VERIFY_SKIP_DATE); + ExpectIntEQ(rc, 0); + + ExpectIntEQ(acert->serialSz, 20); + ExpectIntEQ(XMEMCMP(acert->serial, ietf_serial, sizeof(ietf_serial)), + 0); + + /* This cert has a 65 byte attributes field. */ + ExpectNotNull(acert->rawAttr); + ExpectIntEQ(acert->rawAttrLen, 65); + + ExpectNotNull(acert->holderIssuerName); + ExpectNotNull(acert->holderEntityName); + + if ((acert->holderIssuerName != NULL) && + (acert->holderEntityName != NULL)) { + ExpectNotNull(acert->holderEntityName->name); + ExpectNotNull(acert->holderIssuerName->name); + } + + if ((acert->holderIssuerName != NULL) && + (acert->holderEntityName != NULL) && + (acert->holderIssuerName->name != NULL) && + (acert->holderEntityName->name != NULL)) { + ExpectIntEQ(acert->holderIssuerName->len, + sizeof(holderIssuerName)); + ExpectIntEQ(acert->holderEntityName->len, + sizeof(holderEntityName)); + + ExpectIntEQ(acert->holderIssuerName->type, ASN_DIR_TYPE); + ExpectIntEQ(acert->holderEntityName->type, ASN_DIR_TYPE); + + n_diff = XMEMCMP(acert->holderIssuerName->name, holderIssuerName, + sizeof(holderIssuerName)); + ExpectIntEQ(n_diff, 0); + + n_diff = XMEMCMP(acert->holderEntityName->name, holderEntityName, + sizeof(holderEntityName)); + ExpectIntEQ(n_diff, 0); + } + + wc_FreeDecodedAcert(acert); + } + +#ifdef WOLFSSL_SMALL_STACK + if (acert != NULL) { + XFREE(acert, HEAP_HINT, DYNAMIC_TYPE_DCERT); + acert = NULL; + } +#endif + + if (der != NULL) { + wc_FreeDer(&der); + der = NULL; + } + +#endif + return EXPECT_RESULT(); +} + +#if !defined(NO_DH) && !defined(NO_AES) && defined(WOLFSSL_CERT_GEN) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) +/* create certificate with version 2 */ +static int test_set_x509_badversion(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + WOLFSSL_X509 *x509 = NULL, *x509v2 = NULL; + WOLFSSL_EVP_PKEY *priv = NULL, *pub = NULL; + unsigned char *der = NULL, *key = NULL, *pt; + char *header = NULL, *name = NULL; + int derSz; + long keySz; + XFILE fp = XBADFILE; + WOLFSSL_ASN1_TIME *notBefore = NULL, *notAfter = NULL; + time_t t; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + + ExpectTrue((fp = XFOPEN(cliKeyFile, "rb")) != XBADFILE); + ExpectIntEQ(wolfSSL_PEM_read(fp, &name, &header, &key, &keySz), + WOLFSSL_SUCCESS); + if (fp != XBADFILE) + XFCLOSE(fp); + pt = key; + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + (const unsigned char**)&pt, keySz)); + + + /* create the version 2 certificate */ + ExpectNotNull(x509v2 = X509_new()); + ExpectIntEQ(wolfSSL_X509_set_version(x509v2, 1), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_X509_set_subject_name(x509v2, + wolfSSL_X509_get_subject_name(x509)), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509v2, + wolfSSL_X509_get_issuer_name(x509)), WOLFSSL_SUCCESS); + ExpectNotNull(pub = wolfSSL_X509_get_pubkey(x509)); + ExpectIntEQ(X509_set_pubkey(x509v2, pub), WOLFSSL_SUCCESS); + + t = time(NULL); + ExpectNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0)); + ExpectNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0)); + ExpectTrue(wolfSSL_X509_set_notBefore(x509v2, notBefore)); + ExpectTrue(wolfSSL_X509_set_notAfter(x509v2, notAfter)); + + ExpectIntGT(wolfSSL_X509_sign(x509v2, priv, EVP_sha256()), 0); + derSz = wolfSSL_i2d_X509(x509v2, &der); + ExpectIntGT(derSz, 0); + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + /* TODO: Replace with API call */ + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(name, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(header, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_X509_free(x509); + wolfSSL_X509_free(x509v2); + wolfSSL_EVP_PKEY_free(priv); + wolfSSL_EVP_PKEY_free(pub); + wolfSSL_ASN1_TIME_free(notBefore); + wolfSSL_ASN1_TIME_free(notAfter); + + return EXPECT_RESULT(); +} + + +/* override certificate version error */ +static int test_override_x509(int preverify, WOLFSSL_X509_STORE_CTX* store) +{ + EXPECT_DECLS; +#ifndef OPENSSL_COMPATIBLE_DEFAULTS + ExpectIntEQ(store->error, WC_NO_ERR_TRACE(ASN_VERSION_E)); +#else + ExpectIntEQ(store->error, 0); +#endif + ExpectIntEQ((int)wolfSSL_X509_get_version(store->current_cert), 1); + (void)preverify; + return EXPECT_RESULT() == TEST_SUCCESS; +} + + +/* set verify callback that will override bad certificate version */ +static int test_set_override_x509(WOLFSSL_CTX* ctx) +{ + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, test_override_x509); + return TEST_SUCCESS; +} +#endif + + +static int test_wolfSSL_X509_TLS_version_test_1(void) +{ + EXPECT_DECLS; +#if !defined(NO_DH) && !defined(NO_AES) && defined(WOLFSSL_CERT_GEN) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) + test_ssl_cbf func_cb_client; + test_ssl_cbf func_cb_server; + + /* test server rejects a client certificate that is not version 3 */ + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + func_cb_client.ctx_ready = &test_set_x509_badversion; +#ifndef WOLFSSL_NO_TLS12 + func_cb_client.method = wolfTLSv1_2_client_method; +#else + func_cb_client.method = wolfTLSv1_3_client_method; +#endif + +#ifndef WOLFSSL_NO_TLS12 + func_cb_server.method = wolfTLSv1_2_server_method; +#else + func_cb_server.method = wolfTLSv1_3_server_method; +#endif + +#ifndef OPENSSL_COMPATIBLE_DEFAULTS + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), -1001); +#else + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); +#endif +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_TLS_version_test_2(void) +{ + EXPECT_DECLS; +#if !defined(NO_DH) && !defined(NO_AES) && defined(WOLFSSL_CERT_GEN) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) + test_ssl_cbf func_cb_client; + test_ssl_cbf func_cb_server; + + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + func_cb_client.ctx_ready = &test_set_x509_badversion; + func_cb_server.ctx_ready = &test_set_override_x509; +#ifndef WOLFSSL_NO_TLS12 + func_cb_client.method = wolfTLSv1_2_client_method; +#else + func_cb_client.method = wolfTLSv1_3_client_method; +#endif + +#ifndef WOLFSSL_NO_TLS12 + func_cb_server.method = wolfTLSv1_2_server_method; +#else + func_cb_server.method = wolfTLSv1_3_server_method; +#endif + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); +#endif + + return EXPECT_RESULT(); +} + +/* Testing function wolfSSL_CTX_SetMinVersion; sets the minimum downgrade + * version allowed. + * POST: 1 on success. + */ +static int test_wolfSSL_CTX_SetMinVersion(void) +{ + int res = TEST_SKIPPED; +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) + int failFlag = WOLFSSL_SUCCESS; + WOLFSSL_CTX* ctx; + int itr; + + #ifndef NO_OLD_TLS + const int versions[] = { + #ifdef WOLFSSL_ALLOW_TLSV10 + WOLFSSL_TLSV1, + #endif + WOLFSSL_TLSV1_1, + WOLFSSL_TLSV1_2 }; + #elif !defined(WOLFSSL_NO_TLS12) + const int versions[] = { WOLFSSL_TLSV1_2 }; + #elif defined(WOLFSSL_TLS13) + const int versions[] = { WOLFSSL_TLSV1_3 }; + #else + const int versions[0]; + #endif + + ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + + for (itr = 0; itr < (int)(sizeof(versions)/sizeof(int)); itr++) { + if (wolfSSL_CTX_SetMinVersion(ctx, *(versions + itr)) + != WOLFSSL_SUCCESS) { + failFlag = WOLFSSL_FAILURE; + } + } + + wolfSSL_CTX_free(ctx); + + res = TEST_RES_CHECK(failFlag == WOLFSSL_SUCCESS); +#endif + return res; + +} /* END test_wolfSSL_CTX_SetMinVersion */ + + +/*----------------------------------------------------------------------------* + | OCSP Stapling + *----------------------------------------------------------------------------*/ + + +/* Testing wolfSSL_UseOCSPStapling function. OCSP stapling eliminates the need + * need to contact the CA, lowering the cost of cert revocation checking. + * PRE: HAVE_OCSP and HAVE_CERTIFICATE_STATUS_REQUEST + * POST: 1 returned for success. + */ +static int test_wolfSSL_UseOCSPStapling(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) && defined(HAVE_OCSP) && \ + !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + +#ifndef NO_WOLFSSL_CLIENT + #ifndef WOLFSSL_NO_TLS12 + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + #endif +#else + #ifndef WOLFSSL_NO_TLS12 + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + #endif +#endif + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + ExpectIntEQ(wolfSSL_UseOCSPStapling(NULL, WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE), 1); +#else + ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl, WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} /* END test_wolfSSL_UseOCSPStapling */ + + +/* Testing OCSP stapling version 2, wolfSSL_UseOCSPStaplingV2 function. OCSP + * stapling eliminates the need to contact the CA and lowers cert revocation + * check. + * PRE: HAVE_CERTIFICATE_STATUS_REQUEST_V2 and HAVE_OCSP defined. + */ +static int test_wolfSSL_UseOCSPStaplingV2(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) && defined(HAVE_OCSP) && \ + !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + +#ifndef NO_WOLFSSL_CLIENT + #ifndef WOLFSSL_NO_TLS12 + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + #endif +#else + #ifndef WOLFSSL_NO_TLS12 + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + #endif +#endif + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(NULL, WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE), 1); +#else + ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(ssl, WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); + +} /* END test_wolfSSL_UseOCSPStaplingV2 */ + +/*----------------------------------------------------------------------------* + | Multicast Tests + *----------------------------------------------------------------------------*/ +static int test_wolfSSL_mcast(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_MULTICAST) && \ + (defined(WOLFSSL_TLS13) || defined(WOLFSSL_SNIFFER)) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + byte preMasterSecret[512]; + byte clientRandom[32]; + byte serverRandom[32]; + byte suite[2] = {0, 0xfe}; /* WDM_WITH_NULL_SHA256 */ + byte buf[256]; + word16 newId; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_client_method())); + + ExpectIntEQ(wolfSSL_CTX_mcast_set_member_id(ctx, 0), WOLFSSL_SUCCESS); + + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + XMEMSET(preMasterSecret, 0x23, sizeof(preMasterSecret)); + XMEMSET(clientRandom, 0xA5, sizeof(clientRandom)); + XMEMSET(serverRandom, 0x5A, sizeof(serverRandom)); + ExpectIntEQ(wolfSSL_set_secret(ssl, 23, preMasterSecret, + sizeof(preMasterSecret), clientRandom, serverRandom, suite), + WOLFSSL_SUCCESS); + + ExpectIntLE(wolfSSL_mcast_read(ssl, &newId, buf, sizeof(buf)), 0); + ExpectIntLE(newId, 100); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif /* WOLFSSL_DTLS && WOLFSSL_MULTICAST && (WOLFSSL_TLS13 || + * WOLFSSL_SNIFFER) */ + return EXPECT_RESULT(); +} + + +/*----------------------------------------------------------------------------* + | Wolfcrypt + *----------------------------------------------------------------------------*/ + +/* + * Testing wc_SetKeyUsage() + */ +static int test_wc_SetKeyUsage(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) && !defined(HAVE_FIPS) + Cert myCert; + + ExpectIntEQ(wc_InitCert(&myCert), 0); + + ExpectIntEQ(wc_SetKeyUsage(&myCert, "keyEncipherment,keyAgreement"), 0); + ExpectIntEQ(wc_SetKeyUsage(&myCert, "digitalSignature,nonRepudiation"), 0); + ExpectIntEQ(wc_SetKeyUsage(&myCert, "contentCommitment,encipherOnly"), 0); + ExpectIntEQ(wc_SetKeyUsage(&myCert, "decipherOnly"), 0); + ExpectIntEQ(wc_SetKeyUsage(&myCert, "cRLSign,keyCertSign"), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_SetKeyUsage(NULL, "decipherOnly"), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SetKeyUsage(&myCert, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_SetKeyUsage(&myCert, ""), WC_NO_ERR_TRACE(KEYUSAGE_E)); + ExpectIntEQ(wc_SetKeyUsage(&myCert, ","), WC_NO_ERR_TRACE(KEYUSAGE_E)); + ExpectIntEQ(wc_SetKeyUsage(&myCert, "digitalSignature, cRLSign"), + WC_NO_ERR_TRACE(KEYUSAGE_E)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_SetKeyUsage */ + +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) +static void sample_mutex_cb (int flag, int type, const char* file, int line) +{ + (void)flag; + (void)type; + (void)file; + (void)line; +} +#endif +/* + * Testing wc_LockMutex_ex + */ +static int test_wc_LockMutex_ex(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + int flag = CRYPTO_LOCK; + int type = 0; + const char* file = "./test-LockMutex_ex.txt"; + int line = 0; + + /* without SetMutexCb */ + ExpectIntEQ(wc_LockMutex_ex(flag, type, file, line), WC_NO_ERR_TRACE(BAD_STATE_E)); + /* with SetMutexCb */ + ExpectIntEQ(wc_SetMutexCb(sample_mutex_cb), 0); + ExpectIntEQ(wc_LockMutex_ex(flag, type, file, line), 0); + ExpectIntEQ(wc_SetMutexCb(NULL), 0); +#endif + return EXPECT_RESULT(); +} /* End test_wc_LockMutex_ex*/ +/* + * Testing wc_SetMutexCb + */ +static int test_wc_SetMutexCb(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) || defined(HAVE_WEBSERVER) + ExpectIntEQ(wc_SetMutexCb(sample_mutex_cb), 0); + ExpectIntEQ(wc_SetMutexCb(NULL), 0); +#endif + return EXPECT_RESULT(); +} /* End test_wc_SetMutexCb*/ + + +/* + * Testing ToTraditional + */ +static int test_ToTraditional(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && (defined(HAVE_PKCS8) || defined(HAVE_PKCS12)) && \ + (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) && !defined(NO_FILESYSTEM) + XFILE f = XBADFILE; + byte input[TWOK_BUF]; + word32 sz = 0; + + ExpectTrue((f = XFOPEN("./certs/server-keyPkcs8.der", "rb")) != XBADFILE); + ExpectTrue((sz = (word32)XFREAD(input, 1, sizeof(input), f)) > 0); + if (f != XBADFILE) + XFCLOSE(f); + + /* Good case */ + ExpectIntGT(ToTraditional(input, sz), 0); + /* Bad cases */ + ExpectIntEQ(ToTraditional(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(ToTraditional(NULL, sz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifdef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(ToTraditional(input, 0), WC_NO_ERR_TRACE(BUFFER_E)); +#else + ExpectIntEQ(ToTraditional(input, 0), WC_NO_ERR_TRACE(ASN_PARSE_E)); +#endif +#endif + return EXPECT_RESULT(); +} /* End test_ToTraditional*/ + + +/* + * Testing wc_SetSubjectBuffer + */ +static int test_wc_SetSubjectBuffer(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + Cert cert; + XFILE file = XBADFILE; + byte* der = NULL; + word32 derSz; + + derSz = FOURK_BUF; + ExpectNotNull(der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectTrue((file = XFOPEN("./certs/ca-cert.der", "rb")) != XBADFILE); + ExpectTrue((derSz = (word32)XFREAD(der, 1, FOURK_BUF, file)) > 0); + if (file != XBADFILE) + XFCLOSE(file); + + ExpectIntEQ(wc_InitCert(&cert), 0); + ExpectIntEQ(wc_SetSubjectBuffer(&cert, der, (int)derSz), 0); + ExpectIntEQ(wc_SetSubjectBuffer(NULL, der, (int)derSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} /* End test_wc_SetSubjectBuffer*/ + +/* + * Testing wc_SetSubjectKeyIdFromPublicKey_ex + */ +static int test_wc_SetSubjectKeyIdFromPublicKey_ex(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) + WC_RNG rng; + Cert cert; +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + RsaKey rsaKey; + int bits = 2048; +#endif +#if defined(HAVE_ECC) + ecc_key eccKey; + int ret; +#endif +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) + ed25519_key ed25519Key; +#endif +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) + ed448_key ed448Key; +#endif + +#ifndef HAVE_FIPS + ExpectIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, testDevId), 0); +#else + ExpectIntEQ(wc_InitRng(&rng), 0); +#endif + + ExpectIntEQ(wc_InitCert(&cert), 0); + +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + /* RSA */ + XMEMSET(&rsaKey, 0, sizeof(RsaKey)); + ExpectIntEQ(wc_InitRsaKey(&rsaKey, HEAP_HINT), 0); + ExpectIntEQ(MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng), 0); + ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey), + 0); + DoExpectIntEQ(wc_FreeRsaKey(&rsaKey), 0); +#endif + +#if defined(HAVE_ECC) + /* ECC */ + XMEMSET(&eccKey, 0, sizeof(ecc_key)); + ExpectIntEQ(wc_ecc_init(&eccKey), 0); + ret = wc_ecc_make_key(&rng, KEY14, &eccKey); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey), + 0); + DoExpectIntEQ(wc_ecc_free(&eccKey), 0); +#endif + +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) + /* ED25519 */ + XMEMSET(&ed25519Key, 0, sizeof(ed25519_key)); + ExpectIntEQ(wc_ed25519_init(&ed25519Key), 0); + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key), 0); + ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, + &ed25519Key), 0); + wc_ed25519_free(&ed25519Key); +#endif + +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) + /* ED448 */ + XMEMSET(&ed448Key, 0, sizeof(ed448_key)); + ExpectIntEQ(wc_ed448_init(&ed448Key), 0); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key), 0); + ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, + &ed448Key), 0); + wc_ed448_free(&ed448Key); +#endif + + wc_FreeRng(&rng); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif /* WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */ + return EXPECT_RESULT(); +} /* End test_wc_SetSubjectKeyIdFromPublicKey_ex*/ + +/* + * Testing wc_SetAuthKeyIdFromPublicKey_ex + */ +static int test_wc_SetAuthKeyIdFromPublicKey_ex(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) + WC_RNG rng; + Cert cert; +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + RsaKey rsaKey; + int bits = 2048; +#endif +#if defined(HAVE_ECC) + ecc_key eccKey; + int ret; +#endif +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) + ed25519_key ed25519Key; +#endif +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) + ed448_key ed448Key; +#endif + +#ifndef HAVE_FIPS + ExpectIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, testDevId), 0); +#else + ExpectIntEQ(wc_InitRng(&rng), 0); +#endif + + ExpectIntEQ(wc_InitCert(&cert), 0); + +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + /* RSA */ + XMEMSET(&rsaKey, 0, sizeof(RsaKey)); + ExpectIntEQ(wc_InitRsaKey(&rsaKey, HEAP_HINT), 0); + ExpectIntEQ(MAKE_RSA_KEY(&rsaKey, bits, WC_RSA_EXPONENT, &rng), 0); + ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey_ex(&cert, RSA_TYPE, &rsaKey), 0); + DoExpectIntEQ(wc_FreeRsaKey(&rsaKey), 0); +#endif + +#if defined(HAVE_ECC) + /* ECC */ + XMEMSET(&eccKey, 0, sizeof(ecc_key)); + ExpectIntEQ(wc_ecc_init(&eccKey), 0); + ret = wc_ecc_make_key(&rng, KEY14, &eccKey); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey_ex(&cert, ECC_TYPE, &eccKey), 0); + DoExpectIntEQ(wc_ecc_free(&eccKey), 0); +#endif + +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) + /* ED25519 */ + XMEMSET(&ed25519Key, 0, sizeof(ed25519_key)); + ExpectIntEQ(wc_ed25519_init(&ed25519Key), 0); + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key), 0); + ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, + &ed25519Key), 0); + wc_ed25519_free(&ed25519Key); +#endif + +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) + /* ED448 */ + XMEMSET(&ed448Key, 0, sizeof(ed448_key)); + ExpectIntEQ(wc_ed448_init(&ed448Key), 0); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key), 0); + ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, &ed448Key), + 0); + wc_ed448_free(&ed448Key); +#endif + + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif /* defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)*/ + return EXPECT_RESULT(); +} /* End test_wc_SetAuthKeyIdFromPublicKey_ex*/ + +static int test_wolfSSL_lhash(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + const char testStr[] = "Like a true nature's child\n" + "We were born\n" + "Born to be wild"; + +#ifdef NO_SHA + ExpectIntEQ(lh_strhash(testStr), 0xf9dc8a43); +#else + ExpectIntEQ(lh_strhash(testStr), 0x5b7541dc); +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_NAME(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT) || \ + defined(OPENSSL_EXTRA)) + X509* x509 = NULL; +#ifndef OPENSSL_EXTRA + const unsigned char* c = NULL; + int bytes = 0; +#endif + unsigned char buf[4096]; + XFILE f = XBADFILE; + const X509_NAME* a = NULL; + const X509_NAME* b = NULL; + X509_NAME* d2i_name = NULL; + int sz = 0; + unsigned char* tmp = NULL; + char file[] = "./certs/ca-cert.der"; +#ifndef OPENSSL_EXTRA_X509_SMALL + byte empty[] = { /* CN=empty emailAddress= */ + 0x30, 0x21, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0C, 0x05, 0x65, 0x6D, 0x70, + 0x74, 0x79, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, + 0x01, 0x16, 0x00 + }; +#endif +#if defined(OPENSSL_EXTRA) && !defined(NO_PWDBASED) + byte digest[64]; /* max digest size */ + word32 digestSz; +#endif + +#ifndef OPENSSL_EXTRA_X509_SMALL + /* test compile of deprecated function, returns 0 */ + ExpectIntEQ(CRYPTO_thread_id(), 0); +#endif + + ExpectNotNull(a = X509_NAME_new()); + ExpectNotNull(b = X509_NAME_new()); +#ifndef OPENSSL_EXTRA_X509_SMALL + ExpectIntEQ(X509_NAME_cmp(a, b), 0); +#endif + X509_NAME_free((X509_NAME*)b); + X509_NAME_free((X509_NAME*)a); + a = NULL; + + ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); +#ifndef OPENSSL_EXTRA + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + c = buf; + ExpectNotNull(x509 = wolfSSL_X509_d2i_ex(NULL, c, bytes, HEAP_HINT)); +#else + ExpectNull(wolfSSL_X509_d2i_fp(NULL, XBADFILE)); + ExpectNotNull(wolfSSL_X509_d2i_fp(&x509, f)); + if (f != XBADFILE) + XFCLOSE(f); +#endif + + /* test cmp function */ + ExpectNull(X509_get_issuer_name(NULL)); + ExpectNotNull(a = X509_get_issuer_name(x509)); + ExpectNull(X509_get_subject_name(NULL)); + ExpectNotNull(b = X509_get_subject_name(x509)); +#ifdef KEEP_PEER_CERT + ExpectNull(wolfSSL_X509_get_subjectCN(NULL)); + ExpectNotNull(wolfSSL_X509_get_subjectCN(x509)); +#endif + +#if defined(OPENSSL_EXTRA) + ExpectIntEQ(X509_check_issued(NULL, NULL), + WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH); + ExpectIntEQ(X509_check_issued(x509, NULL), + WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH); + ExpectIntEQ(X509_check_issued(NULL, x509), + WOLFSSL_X509_V_ERR_SUBJECT_ISSUER_MISMATCH); + ExpectIntEQ(X509_check_issued(x509, x509), WOLFSSL_X509_V_OK); + + ExpectIntEQ(X509_NAME_cmp(NULL, NULL), -2); + ExpectIntEQ(X509_NAME_cmp(NULL, b), -2); + ExpectIntEQ(X509_NAME_cmp(a, NULL), -2); + ExpectIntEQ(X509_NAME_cmp(a, b), 0); /* self signed should be 0 */ + +#if !defined(NO_PWDBASED) + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_X509_NAME_digest(a, NULL, NULL, NULL), 0); +#ifndef NO_SHA256 + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, wolfSSL_EVP_sha256(), NULL, + NULL), 0); +#endif + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, digest, NULL), 0); + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, &digestSz), 0); + ExpectIntEQ(wolfSSL_X509_NAME_digest(a, NULL, digest, + &digestSz), 0); +#ifndef NO_SHA256 + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, wolfSSL_EVP_sha256(), digest, + &digestSz), 0); + ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), NULL, + &digestSz), 0); + ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), digest, + NULL), 1); + ExpectIntEQ(wolfSSL_X509_NAME_digest(a, wolfSSL_EVP_sha256(), digest, + &digestSz), 1); + ExpectTrue(digestSz == 32); +#endif +#else + ExpectIntEQ(wolfSSL_X509_NAME_digest(NULL, NULL, NULL, NULL), + NOT_COMPILED_IN); +#endif +#endif /* OPENSSL_EXTRA */ + + tmp = buf; + ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)a, &tmp)), 0); + if (sz > 0 && tmp == buf) { + fprintf(stderr, "\nERROR - %s line %d failed with:", __FILE__, + __LINE__); + fprintf(stderr, " Expected pointer to be incremented\n"); + abort(); + } + +#ifndef OPENSSL_EXTRA_X509_SMALL + tmp = buf; + ExpectNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz)); +#endif + + /* if output parameter is NULL, should still return required size. */ + ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, NULL)), 0); + /* retry but with the function creating a buffer */ + tmp = NULL; + ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0); + XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); + tmp = NULL; + +#ifdef WOLFSSL_CERT_NAME_ALL + /* test for givenName and name */ + { + WOLFSSL_X509_NAME_ENTRY* entry = NULL; + WOLFSSL_X509_NAME_ENTRY empty; + const byte gName[] = "test-given-name"; + const byte name[] = "test-name"; + + XMEMSET(&empty, 0, sizeof(empty)); + + ExpectNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, + NID_givenName, ASN_UTF8STRING, NULL, sizeof(gName))); + ExpectNotNull(entry = wolfSSL_X509_NAME_ENTRY_create_by_NID(NULL, + NID_givenName, ASN_UTF8STRING, gName, sizeof(gName))); + ExpectNotNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(&entry, + NID_givenName, ASN_UTF8STRING, gName, sizeof(gName))); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry(NULL , NULL , -1, 0), + 0); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, NULL , -1, 0), + 0); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry(NULL , entry , -1, 0), + 0); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, &empty, -1, 0), + 0); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry , 99, 0), + 0); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry , -1, 0), + 1); + wolfSSL_X509_NAME_ENTRY_free(entry); + entry = NULL; + + ExpectNotNull(wolfSSL_X509_NAME_ENTRY_create_by_NID(&entry, + NID_name, ASN_UTF8STRING, name, sizeof(name))); + ExpectIntEQ(wolfSSL_X509_NAME_add_entry((X509_NAME*)b, entry, -1, 0), + 1); + wolfSSL_X509_NAME_ENTRY_free(entry); + + tmp = NULL; + ExpectIntGT((sz = i2d_X509_NAME((X509_NAME*)b, &tmp)), 0); + XFREE(tmp, NULL, DYNAMIC_TYPE_OPENSSL); + } +#endif + + b = NULL; + ExpectNull(X509_NAME_dup(NULL)); + ExpectNotNull(b = X509_NAME_dup((X509_NAME*)a)); +#ifndef OPENSSL_EXTRA_X509_SMALL + ExpectIntEQ(X509_NAME_cmp(a, b), 0); +#endif + ExpectIntEQ(X509_NAME_entry_count(NULL), 0); + ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 7); + X509_NAME_free((X509_NAME*)b); + ExpectNotNull(b = wolfSSL_X509_NAME_new()); + ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 0); + ExpectIntEQ(wolfSSL_X509_NAME_copy(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_NAME_copy((X509_NAME*)a, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_NAME_copy(NULL, (X509_NAME*)b), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_NAME_copy((X509_NAME*)a, (X509_NAME*)b), 1); + ExpectIntEQ(X509_NAME_entry_count((X509_NAME*)b), 7); + X509_NAME_free((X509_NAME*)b); + X509_NAME_free(d2i_name); + d2i_name = NULL; + X509_free(x509); + +#ifndef OPENSSL_EXTRA_X509_SMALL + /* test with an empty domain component */ + tmp = empty; + sz = sizeof(empty); + ExpectNotNull(d2i_name = d2i_X509_NAME(NULL, &tmp, sz)); + ExpectIntEQ(X509_NAME_entry_count(d2i_name), 2); + + /* size of empty emailAddress will be 0 */ + tmp = buf; + ExpectIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_emailAddress, + (char*)tmp, sizeof(buf)), 0); + + /* should contain no organization name */ + tmp = buf; + ExpectIntEQ(X509_NAME_get_text_by_NID(d2i_name, NID_organizationName, + (char*)tmp, sizeof(buf)), -1); + X509_NAME_free(d2i_name); +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_NAME_hash(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && !defined(NO_SHA) && !defined(NO_BIO) + BIO* bio = NULL; + X509* x509 = NULL; + X509_NAME* name = NULL; + + ExpectIntEQ(X509_NAME_hash(NULL), 0); + ExpectNotNull(name = wolfSSL_X509_NAME_new_ex(NULL)); + ExpectIntEQ(X509_NAME_hash(name), 0); + X509_NAME_free(name); + + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); + ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); + ExpectIntEQ(X509_NAME_hash(X509_get_subject_name(x509)), 0x137DC03F); + ExpectIntEQ(X509_NAME_hash(X509_get_issuer_name(x509)), 0xFDB2DA4); + X509_free(x509); + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_NAME_print_ex(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ + (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))) && \ + !defined(NO_BIO) && !defined(NO_RSA) + int memSz = 0; + byte* mem = NULL; + BIO* bio = NULL; + BIO* membio = NULL; + X509* x509 = NULL; + X509_NAME* name = NULL; + X509_NAME* empty = NULL; + + const char* expNormal = "C=US, CN=wolfssl.com"; + const char* expEqSpace = "C = US, CN = wolfssl.com"; + const char* expReverse = "CN=wolfssl.com, C=US"; + + const char* expNotEscaped = "C= US,+\"\\ , CN=#wolfssl.com<>;"; + const char* expNotEscapedRev = "CN=#wolfssl.com<>;, C= US,+\"\\ "; + const char* expRFC5523 = + "CN=\\#wolfssl.com\\<\\>\\;, C=\\ US\\,\\+\\\"\\\\\\ "; + + /* Test with real cert (svrCertFile) first */ + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); + ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); + ExpectNotNull(name = X509_get_subject_name(x509)); + + /* Test without flags */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectNotNull(empty = wolfSSL_X509_NAME_new()); + ExpectIntEQ(X509_NAME_print_ex(NULL, NULL, 0, 0), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_print_ex(membio, NULL, 0, 0), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_print_ex(NULL, name, 0, 0), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_print_ex(membio, empty, 0, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); + wolfSSL_X509_NAME_free(empty); + BIO_free(membio); + membio = NULL; + + /* Test flag: XN_FLAG_RFC2253 */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_RFC2253), WOLFSSL_SUCCESS); + BIO_free(membio); + membio = NULL; + + /* Test flag: XN_FLAG_RFC2253 | XN_FLAG_DN_REV */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_RFC2253 | XN_FLAG_DN_REV), WOLFSSL_SUCCESS); + BIO_free(membio); + membio = NULL; + + X509_free(x509); + BIO_free(bio); + name = NULL; + + /* Test with empty issuer cert empty-issuer-cert.pem. + * See notes in certs/test/gen-testcerts.sh for how it was generated. */ + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, noIssuerCertFile), 0); + ExpectNotNull(PEM_read_bio_X509(bio, &x509, NULL, NULL)); + ExpectNotNull(name = X509_get_subject_name(x509)); + + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); + /* Should be empty string "" */ + ExpectIntEQ((memSz = BIO_get_mem_data(membio, &mem)), 0); + + BIO_free(membio); + membio = NULL; + X509_free(x509); + BIO_free(bio); + name = NULL; + + /* Test normal case without escaped characters */ + { + /* Create name: "/C=US/CN=wolfssl.com" */ + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", + MBSTRING_UTF8, (byte*)"US", 2, -1, 0), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", + MBSTRING_UTF8, (byte*)"wolfssl.com", 11, -1, 0), + WOLFSSL_SUCCESS); + + /* Test without flags */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expNormal)); + ExpectIntEQ(XSTRNCMP((char*)mem, expNormal, XSTRLEN(expNormal)), 0); + BIO_free(membio); + membio = NULL; + + /* Test with XN_FLAG_ONELINE which should enable XN_FLAG_SPC_EQ for + spaces around '=' */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, XN_FLAG_ONELINE), + WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expEqSpace)); + ExpectIntEQ(XSTRNCMP((char*)mem, expEqSpace, XSTRLEN(expEqSpace)), 0); + BIO_free(membio); + membio = NULL; + + /* Test flags: XN_FLAG_RFC2253 - should be reversed */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_RFC2253), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expReverse)); + BIO_free(membio); + membio = NULL; + + /* Test flags: XN_FLAG_DN_REV - reversed */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_DN_REV), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expReverse)); + ExpectIntEQ(XSTRNCMP((char*)mem, expReverse, XSTRLEN(expReverse)), 0); + BIO_free(membio); + membio = NULL; + + X509_NAME_free(name); + name = NULL; + } + + /* Test RFC2253 characters are escaped with backslashes */ + { + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", + /* space at beginning and end, and: ,+"\ */ + MBSTRING_UTF8, (byte*)" US,+\"\\ ", 8, -1, 0), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", + /* # at beginning, and: <>;*/ + MBSTRING_UTF8, (byte*)"#wolfssl.com<>;", 15, -1, 0), + WOLFSSL_SUCCESS); + + /* Test without flags */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, 0), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expNotEscaped)); + ExpectIntEQ(XSTRNCMP((char*)mem, expNotEscaped, + XSTRLEN(expNotEscaped)), 0); + BIO_free(membio); + membio = NULL; + + /* Test flags: XN_FLAG_RFC5523 - should be reversed and escaped */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_RFC2253), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expRFC5523)); + ExpectIntEQ(XSTRNCMP((char*)mem, expRFC5523, XSTRLEN(expRFC5523)), 0); + BIO_free(membio); + membio = NULL; + + /* Test flags: XN_FLAG_DN_REV - reversed but not escaped */ + ExpectNotNull(membio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_NAME_print_ex(membio, name, 0, + XN_FLAG_DN_REV), WOLFSSL_SUCCESS); + ExpectIntGE((memSz = BIO_get_mem_data(membio, &mem)), 0); + ExpectIntEQ(memSz, XSTRLEN(expNotEscapedRev)); + ExpectIntEQ(XSTRNCMP((char*)mem, expNotEscapedRev, + XSTRLEN(expNotEscapedRev)), 0); + BIO_free(membio); + + X509_NAME_free(name); + } +#endif + return EXPECT_RESULT(); +} + +#ifndef NO_BIO +static int test_wolfSSL_X509_INFO_multiple_info(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + STACK_OF(X509_INFO) *info_stack = NULL; + X509_INFO *info = NULL; + int len; + int i; + const char* files[] = { + cliCertFile, + cliKeyFile, + /* This needs to be the order as svrCertFile contains the + * intermediate cert as well. */ + svrKeyFile, + svrCertFile, + NULL, + }; + const char** curFile; + BIO *fileBIO = NULL; + BIO *concatBIO = NULL; + byte tmp[FOURK_BUF]; + + /* concatenate the cert and the key file to force PEM_X509_INFO_read_bio + * to group objects together. */ + ExpectNotNull(concatBIO = BIO_new(BIO_s_mem())); + for (curFile = files; EXPECT_SUCCESS() && *curFile != NULL; curFile++) { + int fileLen = 0; + ExpectNotNull(fileBIO = BIO_new_file(*curFile, "rb")); + ExpectIntGT(fileLen = wolfSSL_BIO_get_len(fileBIO), 0); + if (EXPECT_SUCCESS()) { + while ((len = BIO_read(fileBIO, tmp, sizeof(tmp))) > 0) { + ExpectIntEQ(BIO_write(concatBIO, tmp, len), len); + fileLen -= len; + if (EXPECT_FAIL()) + break; + } + /* Make sure we read the entire file */ + ExpectIntEQ(fileLen, 0); + } + BIO_free(fileBIO); + fileBIO = NULL; + } + + ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(concatBIO, NULL, NULL, + NULL)); + ExpectIntEQ(sk_X509_INFO_num(info_stack), 3); + for (i = 0; i < sk_X509_INFO_num(info_stack); i++) { + ExpectNotNull(info = sk_X509_INFO_value(info_stack, i)); + ExpectNotNull(info->x509); + ExpectNull(info->crl); + if (i != 2) { + ExpectNotNull(info->x_pkey); + ExpectIntEQ(X509_check_private_key(info->x509, + info->x_pkey->dec_pkey), 1); + } + else { + ExpectNull(info->x_pkey); + } + } + + sk_X509_INFO_pop_free(info_stack, X509_INFO_free); + BIO_free(concatBIO); +#endif + return EXPECT_RESULT(); +} +#endif + +#ifndef NO_BIO +static int test_wolfSSL_X509_INFO(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + STACK_OF(X509_INFO) *info_stack = NULL; + X509_INFO *info = NULL; + BIO *cert = NULL; + int i; + /* PEM in hex format to avoid null terminator */ + byte data[] = { + 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x42, 0x45, 0x47, + 0x49, 0x4e, 0x20, 0x43, 0x45, 0x52, 0x54, 0x63, 0x2d, 0x2d, 0x2d, 0x2d, + 0x2d, 0x0a, 0x4d, 0x49, 0x49, 0x44, 0x4d, 0x54, 0x42, 0x75, 0x51, 0x3d, + 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d, 0x45, 0x4e, 0x44, 0x20, 0x2d, 0x2d, + 0x2d, 0x2d, 0x2d + }; + /* PEM in hex format to avoid null terminator */ + byte data2[] = { + 0x41, 0x53, 0x4e, 0x31, 0x20, 0x4f, 0x49, 0x44, 0x3a, 0x20, 0x70, 0x72, + 0x69, 0x6d, 0x65, 0x32, 0x35, 0x36, 0x76, 0x31, 0x0a, 0x2d, 0x2d, 0x2d, + 0x2d, 0x2d, 0x42, 0x45, 0x47, 0x49, 0x4e, 0x20, 0x45, 0x43, 0x20, 0x50, + 0x41, 0x52, 0x41, 0x4d, 0x45, 0x54, 0x45, 0x52, 0x53, 0x2d, 0x2d, 0x2d, + 0x2d, 0x43, 0x65, 0x72, 0x74, 0x69, 0x2d, 0x0a, 0x42, 0x67, 0x67, 0x71, + 0x68, 0x6b, 0x6a, 0x4f, 0x50, 0x51, 0x4d, 0x42, 0x42, 0x77, 0x3d, 0x3d, + 0x0a, 0x2d, 0x2d, 0x2d, 0x2d, 0x2d + }; + + ExpectNotNull(cert = BIO_new_file(cliCertFileExt, "rb")); + ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); + for (i = 0; i < sk_X509_INFO_num(info_stack); i++) { + ExpectNotNull(info = sk_X509_INFO_value(info_stack, i)); + ExpectNotNull(info->x509); + ExpectNull(info->crl); + ExpectNull(info->x_pkey); + } + sk_X509_INFO_pop_free(info_stack, X509_INFO_free); + info_stack = NULL; + BIO_free(cert); + cert = NULL; + + ExpectNotNull(cert = BIO_new_file(cliCertFileExt, "rb")); + ExpectNotNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); + sk_X509_INFO_pop_free(info_stack, X509_INFO_free); + info_stack = NULL; + BIO_free(cert); + cert = NULL; + + /* This case should fail due to invalid input. */ + ExpectNotNull(cert = BIO_new(BIO_s_mem())); + ExpectIntEQ(BIO_write(cert, data, sizeof(data)), sizeof(data)); + ExpectNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); + sk_X509_INFO_pop_free(info_stack, X509_INFO_free); + info_stack = NULL; + BIO_free(cert); + cert = NULL; + ExpectNotNull(cert = BIO_new(BIO_s_mem())); + ExpectIntEQ(BIO_write(cert, data2, sizeof(data2)), sizeof(data2)); + ExpectNull(info_stack = PEM_X509_INFO_read_bio(cert, NULL, NULL, NULL)); + sk_X509_INFO_pop_free(info_stack, X509_INFO_free); + BIO_free(cert); +#endif + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_X509_subject_name_hash(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256)) + X509* x509 = NULL; + X509_NAME* subjectName = NULL; + unsigned long ret1 = 0; + unsigned long ret2 = 0; + + ExpectNotNull(x509 = X509_new()); + ExpectIntEQ(X509_subject_name_hash(NULL), 0); + ExpectIntEQ(X509_subject_name_hash(x509), 0); + X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(subjectName = wolfSSL_X509_get_subject_name(x509)); + + /* These two + * - X509_subject_name_hash(x509) + * - X509_NAME_hash(X509_get_subject_name(x509)) + * should give the same hash, if !defined(NO_SHA) is true. */ + + ret1 = X509_subject_name_hash(x509); + ExpectIntNE(ret1, 0); + +#if !defined(NO_SHA) + ret2 = X509_NAME_hash(X509_get_subject_name(x509)); + ExpectIntNE(ret2, 0); + + ExpectIntEQ(ret1, ret2); +#else + (void) ret2; +#endif + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_issuer_name_hash(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ + && !defined(NO_RSA) && (!defined(NO_SHA) || !defined(NO_SHA256)) + X509* x509 = NULL; + X509_NAME* issuertName = NULL; + unsigned long ret1 = 0; + unsigned long ret2 = 0; + + ExpectNotNull(x509 = X509_new()); + ExpectIntEQ(X509_issuer_name_hash(NULL), 0); + ExpectIntEQ(X509_issuer_name_hash(x509), 0); + X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(issuertName = wolfSSL_X509_get_issuer_name(x509)); + + /* These two + * - X509_issuer_name_hash(x509) + * - X509_NAME_hash(X509_get_issuer_name(x509)) + * should give the same hash, if !defined(NO_SHA) is true. */ + + ret1 = X509_issuer_name_hash(x509); + ExpectIntNE(ret1, 0); + +#if !defined(NO_SHA) + ret2 = X509_NAME_hash(X509_get_issuer_name(x509)); + ExpectIntNE(ret2, 0); + + ExpectIntEQ(ret1, ret2); +#else + (void) ret2; +#endif + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_check_host(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) \ + && !defined(NO_SHA) && !defined(NO_RSA) + X509* x509 = NULL; + const char altName[] = "example.com"; + const char badAltName[] = "a.example.com"; + + ExpectIntEQ(X509_check_host(NULL, NULL, XSTRLEN(altName), 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* cliCertFile has subjectAltName set to 'example.com', '127.0.0.1' */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + + ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), 0, NULL), + WOLFSSL_SUCCESS); + + ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(X509_check_host(x509, NULL, 0, 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Check WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */ + ExpectIntEQ(X509_check_host(x509, altName, XSTRLEN(altName), + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), WOLFSSL_SUCCESS); + + ExpectIntEQ(X509_check_host(x509, NULL, 0, + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(X509_check_host(x509, badAltName, XSTRLEN(badAltName), + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName), + WOLFSSL_NO_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName), + WOLFSSL_NO_PARTIAL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_check_host(x509, altName, XSTRLEN(altName), + WOLFSSL_MULTI_LABEL_WILDCARDS, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + X509_free(x509); + + ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Check again with WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag set */ + ExpectIntEQ(X509_check_host(NULL, altName, XSTRLEN(altName), + WOLFSSL_LEFT_MOST_WILDCARD_ONLY, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_check_email(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) + X509* x509 = NULL; + X509* empty = NULL; + const char goodEmail[] = "info@wolfssl.com"; + const char badEmail[] = "disinfo@wolfssl.com"; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(empty = wolfSSL_X509_new()); + + ExpectIntEQ(wolfSSL_X509_check_email(NULL, NULL, 0, 0), 0); + ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), 0); + ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, XSTRLEN(goodEmail), + 0), 0); + ExpectIntEQ(wolfSSL_X509_check_email(empty, goodEmail, XSTRLEN(goodEmail), + 0), 0); + + /* Should fail on non-matching email address */ + ExpectIntEQ(wolfSSL_X509_check_email(x509, badEmail, XSTRLEN(badEmail), 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Should succeed on matching email address */ + ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, XSTRLEN(goodEmail), 0), + WOLFSSL_SUCCESS); + /* Should compute length internally when not provided */ + ExpectIntEQ(wolfSSL_X509_check_email(x509, goodEmail, 0, 0), + WOLFSSL_SUCCESS); + /* Should fail when email address is NULL */ + ExpectIntEQ(wolfSSL_X509_check_email(x509, NULL, 0, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + X509_free(empty); + X509_free(x509); + + /* Should fail when x509 is NULL */ + ExpectIntEQ(wolfSSL_X509_check_email(NULL, goodEmail, 0, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_GEN */ + return EXPECT_RESULT(); +} + +static int test_wc_PemToDer(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) + int ret; + DerBuffer* pDer = NULL; + const char* ca_cert = "./certs/server-cert.pem"; + const char* trusted_cert = "./certs/test/ossl-trusted-cert.pem"; + byte* cert_buf = NULL; + size_t cert_sz = 0; + int eccKey = 0; + EncryptedInfo info; + + XMEMSET(&info, 0, sizeof(info)); + + ExpectIntEQ(ret = load_file(ca_cert, &cert_buf, &cert_sz), 0); + ExpectIntEQ(ret = wc_PemToDer(cert_buf, (long int)cert_sz, CERT_TYPE, &pDer, NULL, + &info, &eccKey), 0); + wc_FreeDer(&pDer); + pDer = NULL; + + if (cert_buf != NULL) { + free(cert_buf); + cert_buf = NULL; + } + + /* Test that -----BEGIN TRUSTED CERTIFICATE----- banner parses OK */ + ExpectIntEQ(ret = load_file(trusted_cert, &cert_buf, &cert_sz), 0); + ExpectIntEQ(ret = wc_PemToDer(cert_buf, (long int)cert_sz, TRUSTED_CERT_TYPE, &pDer, NULL, + &info, &eccKey), 0); + wc_FreeDer(&pDer); + pDer = NULL; + + if (cert_buf != NULL) { + free(cert_buf); + cert_buf = NULL; + } + +#ifdef HAVE_ECC + { + const char* ecc_private_key = "./certs/ecc-privOnlyKey.pem"; + byte key_buf[256] = {0}; + + /* Test fail of loading a key with cert type */ + ExpectIntEQ(load_file(ecc_private_key, &cert_buf, &cert_sz), 0); + key_buf[0] = '\n'; + ExpectNotNull(XMEMCPY(key_buf + 1, cert_buf, cert_sz)); + ExpectIntNE((ret = wc_PemToDer(key_buf, (long int)cert_sz + 1, CERT_TYPE, + &pDer, NULL, &info, &eccKey)), 0); + + #ifdef OPENSSL_EXTRA + ExpectIntEQ((ret = wc_PemToDer(key_buf, cert_sz + 1, PRIVATEKEY_TYPE, + &pDer, NULL, &info, &eccKey)), 0); + #endif + wc_FreeDer(&pDer); + if (cert_buf != NULL) + free(cert_buf); + } +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wc_AllocDer(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) + DerBuffer* pDer = NULL; + word32 testSize = 1024; + + ExpectIntEQ(wc_AllocDer(NULL, testSize, CERT_TYPE, HEAP_HINT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AllocDer(&pDer, testSize, CERT_TYPE, HEAP_HINT), 0); + ExpectNotNull(pDer); + wc_FreeDer(&pDer); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_CertPemToDer(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) + const char* ca_cert = "./certs/ca-cert.pem"; + byte* cert_buf = NULL; + size_t cert_sz = 0; + size_t cert_dersz = 0; + byte* cert_der = NULL; + + ExpectIntEQ(load_file(ca_cert, &cert_buf, &cert_sz), 0); + cert_dersz = cert_sz; /* DER will be smaller than PEM */ + ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); + ExpectIntGE(wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der, + (int)cert_dersz, CERT_TYPE), 0); + + ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, NULL, -1, CERT_TYPE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, NULL, -1, CERT_TYPE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, cert_der, -1, CERT_TYPE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, NULL, (int)cert_dersz, + CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CertPemToDer(NULL, (int)cert_sz, cert_der, + (int)cert_dersz, CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, NULL, + (int)cert_dersz, CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der, -1, + CERT_TYPE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + if (cert_der != NULL) + free(cert_der); + if (cert_buf != NULL) + free(cert_buf); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_KeyPemToDer(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + int ret = 0; + const byte cert_buf[] = \ + "-----BEGIN PRIVATE KEY-----\n" + "MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDMG5KgWxP002pA\n" + "QJIdA4H5N0oM1Wf0LrHcos5RYUlrHDkC2b5p2BUpVRPmgDAFD2+8leim98x0BvcB\n" + "k48TNzrVynuwyVEY664+iQyzEBO5v27HPRydOddprbLCvRO036XINGIjauy1jHFi\n" + "HaDVx3bexSwgp9aefUGAszFXi4q1J4GacV7Cr2b/wBqUHqWv4ZXPu6R9/UYngTkD\n" + "UDJL5gLlLfcLzNyyodKPHPCIAKdWn6mSVdcHk8XVpK4y9lgz4E7YDWA6ohKZgWgG\n" + "2RDha8CMilFMDgYa0G0SiS9g3PQx0qh3AMXJJsKSVhScFCZufAE0kV6KvjP7jAqP\n" + "XBiSkRGPAgMBAAECggEAW7hmRyY2jRX2UMJThrM9VIs6fRLnYI0dQ0tsEJj536ay\n" + "nevQjArc05KWW0Yujg+WRDZPcry3RUqd9Djlmhp/F3Si6dpF1b+PMS3wJYVrf9Sd\n" + "SO5W7faArU4vnyBNe0HnY1Ta5xSVI65lg1RSIs88RTZwsooJwXYDGf0shq0/21CE\n" + "V8HOb27DDYNcEnm35lzaONjFnMqQQT2Vs9anRrPiSEXNleEvTgLVXZtGTyCGTz6v\n" + "x86Y8eSWL9YNHvPE1I+mDPuocfSR7eRNgRu7SK3mn94W5mqd7Ns072YKX/2XN1mO\n" + "66+ZFHO6v4dK1u7cSjuwrU1EhLHpUsgDz6Bna5InyQKBgQDv5l8RPy8UneKSADaf\n" + "M5L/5675I/5t4nqVjvbnQje00YveLTAEjlJBNR93Biln3sYgnvNamYDCxyEuUZ/I\n" + "S/vmBL9PoxfGZow4FcsIBOEbIn3E0SYJgCBNWthquUvGpKsYDnThJuhO+1cVmxAJ\n" + "BUOjLFnJYHM0a+Vmk9GexT2OBwKBgQDZzkUBOK7Im3eiYytFocUJyhqMH30d49X9\n" + "ujC7kGw4UWAqVe7YCSvlBa8nzWpRWK2kRpu3M0272RU0V4geyWqT+nr/SvRRPtNP\n" + "F5dY8l3yR7hjtSejqqjOfBcZT6ETJxI4tiG0+Nl5BlfM5M+0nxnkWpRcHuOR3j79\n" + "YUFERyN+OQKBgQCjlOKeUAc6d65W/+4/AFvsQ378Q57qLtSHxsR1TKHPmlNVXFqx\n" + "wJo1/JNIBduWCEHxXHF0BdfW+RGXE/FwEt/hKLuLAhrkHmjelX2sKieU6R/5ZOQa\n" + "9lMQbDHGFDOncAF6leD85hriQGBRSzrT69MDIOrYdfwYcroqCAGX0cb3YQKBgQC8\n" + "iIFQylj5SyHmjcMSNjKSA8CxFDzAV8yPIdE3Oo+CvGXqn5HsrRuy1hXE9VmXapR8\n" + "A6ackSszdHiXY0FvrNe1mfdH7wDHJwPQjdIzazCJHS3uGQxj7sDKY7226ie6pXJv\n" + "ZrCMr2/IBAaSVGm6ppHKCeIsT4ybYm7R85KEYLPHeQKBgBeJOMBinXQfWN/1jT9b\n" + "6Ywrutvp2zP8hVxQGSZJ0WG4iewZyFLsPUlbWRXOSYNPElHmdD0ZomdLVm+lSpAA\n" + "XSH5FJ/IFCwqq7Eft6Gf8NFRV+NjPMUny+PnjHe4oFP8YK/Ek22K3ttNG8Hw69Aw\n" + "AQue5o6oVfhgLiJzMdo/77gw\n" + "-----END PRIVATE KEY-----\n"; + const int cert_sz = sizeof(cert_buf); + const char cert_pw[] = "password"; + int cert_dersz = 0; + byte* cert_der = NULL; + + /* Bad arg: Cert buffer is NULL */ + ExpectIntEQ(wc_KeyPemToDer(NULL, cert_sz, cert_der, cert_dersz, ""), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Bad arg: Cert DER buffer non-NULL but size zero (or less) */ + ExpectIntEQ(wc_KeyPemToDer(cert_buf, cert_sz, (byte*)&cert_der, 0, ""), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test normal operation */ + cert_dersz = cert_sz; /* DER will be smaller than PEM */ + ExpectNotNull(cert_der = (byte*)malloc((size_t)cert_dersz)); + ExpectIntGE(ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz, + cert_pw), 0); + ExpectIntLE(ret, cert_sz); + if (cert_der != NULL) { + free(cert_der); + cert_der = NULL; + } + + /* Test NULL for DER buffer to return needed DER buffer size */ + ExpectIntGT(ret = wc_KeyPemToDer(cert_buf, cert_sz, NULL, 0, ""), 0); + ExpectIntLE(ret, cert_sz); + if (EXPECT_SUCCESS()) + cert_dersz = ret; + ExpectNotNull(cert_der = (byte*)malloc((size_t)cert_dersz)); + ExpectIntGE(ret = wc_KeyPemToDer(cert_buf, cert_sz, cert_der, cert_dersz, + cert_pw), 0); + ExpectIntLE(ret, cert_sz); + if (cert_der != NULL) + free(cert_der); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_PubKeyPemToDer(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_PEM_TO_DER) && !defined(NO_FILESYSTEM) && \ + (defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)) + int ret = 0; + const char* key = "./certs/ecc-client-keyPub.pem"; + byte* cert_buf = NULL; + size_t cert_sz = 0, cert_dersz = 0; + byte* cert_der = NULL; + + ExpectIntEQ(wc_PubKeyPemToDer(cert_buf, (int)cert_sz, + cert_der, (int)cert_dersz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(load_file(key, &cert_buf, &cert_sz), 0); + cert_dersz = cert_sz; /* DER will be smaller than PEM */ + ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); + ExpectIntGE(wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der, + (int)cert_dersz), 0); + if (cert_der != NULL) { + free(cert_der); + cert_der = NULL; + } + + /* Test NULL for DER buffer to return needed DER buffer size */ + ExpectIntGT(ret = wc_PubKeyPemToDer(cert_buf, (int)cert_sz, NULL, 0), 0); + ExpectIntLE(ret, cert_sz); + cert_dersz = (size_t)ret; + ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); + ExpectIntGE(wc_PubKeyPemToDer(cert_buf, (int)cert_sz, cert_der, + (int)cert_dersz), 0); + if (cert_der != NULL) { + free(cert_der); + } + + if (cert_buf != NULL) { + free(cert_buf); + } +#endif + return EXPECT_RESULT(); +} + +static int test_wc_PemPubKeyToDer(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && \ + (defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_PUB_PEM_TO_DER)) + const char* key = "./certs/ecc-client-keyPub.pem"; + size_t cert_dersz = 1024; + byte* cert_der = NULL; + + ExpectIntGE(wc_PemPubKeyToDer(NULL, cert_der, (int)cert_dersz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); + ExpectIntGE(wc_PemPubKeyToDer(key, cert_der, (int)cert_dersz), 0); + if (cert_der != NULL) { + free(cert_der); + } +#endif + return EXPECT_RESULT(); +} + +static int test_wc_GetPubKeyDerFromCert(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) || defined(HAVE_ECC) + int ret; + word32 idx = 0; + byte keyDer[TWOK_BUF]; /* large enough for up to RSA 2048 */ + word32 keyDerSz = (word32)sizeof(keyDer); + DecodedCert decoded; +#if !defined(NO_RSA) && defined(WOLFSSL_CERT_REQ) && !defined(NO_FILESYSTEM) + byte certBuf[6000]; /* for PEM and CSR, client-cert.pem is 5-6kB */ + word32 certBufSz = sizeof(certBuf); +#endif +#if ((!defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_1024)) || \ + defined(WOLFSSL_CERT_REQ)) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + XFILE fp = XBADFILE; +#endif +#ifndef NO_RSA + RsaKey rsaKey; + #if defined(USE_CERT_BUFFERS_2048) + byte* rsaCertDer = (byte*)client_cert_der_2048; + word32 rsaCertDerSz = sizeof_client_cert_der_2048; + #elif defined(USE_CERT_BUFFERS_1024) + byte* rsaCertDer = (byte*)client_cert_der_1024; + word32 rsaCertDerSz = sizeof_client_cert_der_1024; + #else + unsigned char rsaCertDer[TWOK_BUF]; + word32 rsaCertDerSz; + #endif +#endif +#ifdef HAVE_ECC + ecc_key eccKey; + #if defined(USE_CERT_BUFFERS_256) + byte* eccCert = (byte*)cliecc_cert_der_256; + word32 eccCertSz = sizeof_cliecc_cert_der_256; + #else + unsigned char eccCert[ONEK_BUF]; + word32 eccCertSz; + XFILE fp2 = XBADFILE; + #endif +#endif + +#ifndef NO_RSA + +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) != XBADFILE); + ExpectIntGT(rsaCertDerSz = (word32)XFREAD(rsaCertDer, 1, sizeof(rsaCertDer), + fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } +#endif + + /* good test case - RSA DER cert */ + wc_InitDecodedCert(&decoded, rsaCertDer, rsaCertDerSz, NULL); + ExpectIntEQ(wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL), 0); + + ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz), 0); + ExpectIntGT(keyDerSz, 0); + + /* sanity check, verify we can import DER public key */ + ret = wc_InitRsaKey(&rsaKey, HEAP_HINT); + ExpectIntEQ(ret, 0); + ExpectIntEQ(wc_RsaPublicKeyDecode(keyDer, &idx, &rsaKey, keyDerSz), 0); + if (ret == 0) { + wc_FreeRsaKey(&rsaKey); + } + + /* test LENGTH_ONLY_E case */ + keyDerSz = 0; + ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz), + WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + ExpectIntGT(keyDerSz, 0); + + /* bad args: DecodedCert NULL */ + ExpectIntEQ(wc_GetPubKeyDerFromCert(NULL, keyDer, &keyDerSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* bad args: output key buff size */ + ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* bad args: zero size output key buffer */ + keyDerSz = 0; + ExpectIntEQ(ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_FreeDecodedCert(&decoded); + + /* Certificate Request Tests */ + #if defined(WOLFSSL_CERT_REQ) && !defined(NO_FILESYSTEM) + { + XMEMSET(certBuf, 0, sizeof(certBuf)); + ExpectTrue((fp = XFOPEN("./certs/csr.signed.der", "rb")) != XBADFILE); + ExpectIntGT(certBufSz = (word32)XFREAD(certBuf, 1, certBufSz, fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + } + + wc_InitDecodedCert(&decoded, certBuf, certBufSz, NULL); + ExpectIntEQ(wc_ParseCert(&decoded, CERTREQ_TYPE, VERIFY, NULL), 0); + + /* good test case - RSA DER certificate request */ + keyDerSz = sizeof(keyDer); + ExpectIntEQ(ret = wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz), + 0); + ExpectIntGT(keyDerSz, 0); + + /* sanity check, verify we can import DER public key */ + ret = wc_InitRsaKey(&rsaKey, HEAP_HINT); + ExpectIntEQ(ret, 0); + idx = 0; + ExpectIntEQ(wc_RsaPublicKeyDecode(keyDer, &idx, &rsaKey, keyDerSz), 0); + if (ret == 0) { + wc_FreeRsaKey(&rsaKey); + } + + wc_FreeDecodedCert(&decoded); + } + #endif /* WOLFSSL_CERT_REQ */ +#endif /* NO_RSA */ + +#ifdef HAVE_ECC + #ifndef USE_CERT_BUFFERS_256 + ExpectTrue((fp2 = XFOPEN("./certs/client-ecc-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(eccCertSz = (word32)XFREAD(eccCert, 1, ONEK_BUF, fp2), 0); + if (fp2 != XBADFILE) { + XFCLOSE(fp2); + } + #endif + + wc_InitDecodedCert(&decoded, eccCert, eccCertSz, NULL); + ExpectIntEQ(wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL), 0); + + /* good test case - ECC */ + XMEMSET(keyDer, 0, sizeof(keyDer)); + keyDerSz = sizeof(keyDer); + ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz), 0); + ExpectIntGT(keyDerSz, 0); + + /* sanity check, verify we can import DER public key */ + ret = wc_ecc_init(&eccKey); + ExpectIntEQ(ret, 0); + idx = 0; /* reset idx to 0, used above in RSA case */ + ExpectIntEQ(wc_EccPublicKeyDecode(keyDer, &idx, &eccKey, keyDerSz), 0); + if (ret == 0) { + wc_ecc_free(&eccKey); + } + + /* test LENGTH_ONLY_E case */ + keyDerSz = 0; + ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, NULL, &keyDerSz), + WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + ExpectIntGT(keyDerSz, 0); + + wc_FreeDecodedCert(&decoded); +#endif +#endif /* !NO_RSA || HAVE_ECC */ + return EXPECT_RESULT(); +} + +static int test_wc_GetSubjectPubKeyInfoDerFromCert(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) || defined(HAVE_ECC) + int ret; + word32 idx = 0; + byte keyDer[TWOK_BUF]; /* large enough for up to RSA 2048 */ + word32 keyDerSz = (word32)sizeof(keyDer); +#if !defined(NO_RSA) && defined(WOLFSSL_CERT_REQ) && !defined(NO_FILESYSTEM) + byte certBuf[6000]; /* for PEM and CSR, client-cert.pem is 5-6kB */ + word32 certBufSz = sizeof(certBuf); +#endif +#if ((!defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_1024)) || \ + defined(WOLFSSL_CERT_REQ)) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + XFILE fp = XBADFILE; +#endif +#ifndef NO_RSA + RsaKey rsaKey; + #if defined(USE_CERT_BUFFERS_2048) + byte* rsaCertDer = (byte*)client_cert_der_2048; + word32 rsaCertDerSz = sizeof_client_cert_der_2048; + #elif defined(USE_CERT_BUFFERS_1024) + byte* rsaCertDer = (byte*)client_cert_der_1024; + word32 rsaCertDerSz = sizeof_client_cert_der_1024; + #else + unsigned char rsaCertDer[TWOK_BUF]; + word32 rsaCertDerSz; + #endif +#endif +#ifdef HAVE_ECC + ecc_key eccKey; + #if defined(USE_CERT_BUFFERS_256) + byte* eccCert = (byte*)cliecc_cert_der_256; + word32 eccCertSz = sizeof_cliecc_cert_der_256; + #else + unsigned char eccCert[ONEK_BUF]; + word32 eccCertSz; + XFILE fp2 = XBADFILE; + #endif +#endif + +#ifndef NO_RSA + +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) != XBADFILE); + ExpectIntGT(rsaCertDerSz = (word32)XFREAD(rsaCertDer, 1, sizeof(rsaCertDer), + fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } +#endif + + /* good test case - RSA DER cert */ + ExpectIntEQ(wc_GetSubjectPubKeyInfoDerFromCert(rsaCertDer, rsaCertDerSz, + keyDer, &keyDerSz), 0); + ExpectIntGT(keyDerSz, 0); + + /* sanity check, verify we can import DER public key */ + ret = wc_InitRsaKey(&rsaKey, HEAP_HINT); + ExpectIntEQ(ret, 0); + ExpectIntEQ(wc_RsaPublicKeyDecode(keyDer, &idx, &rsaKey, keyDerSz), 0); + if (ret == 0) { + wc_FreeRsaKey(&rsaKey); + } + + /* bad args: certDer */ + keyDerSz = (word32)sizeof(keyDer); + ExpectIntEQ(wc_GetSubjectPubKeyInfoDerFromCert(NULL, rsaCertDerSz, keyDer, + &keyDerSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* bad args: 0 sized certSz */ + keyDerSz = (word32)sizeof(keyDer); + ExpectIntEQ(wc_GetSubjectPubKeyInfoDerFromCert(rsaCertDer, 0, keyDer, + &keyDerSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* bad args: NULL inout size */ + ExpectIntEQ(ret = wc_GetSubjectPubKeyInfoDerFromCert(rsaCertDer, + rsaCertDerSz, keyDer, + NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Certificate Request Tests */ + #if defined(WOLFSSL_CERT_REQ) && !defined(NO_FILESYSTEM) + { + XMEMSET(certBuf, 0, sizeof(certBuf)); + ExpectTrue((fp = XFOPEN("./certs/csr.signed.der", "rb")) != XBADFILE); + ExpectIntGT(certBufSz = (word32)XFREAD(certBuf, 1, certBufSz, fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + } + + /* good test case - RSA DER certificate request */ + keyDerSz = sizeof(keyDer); + ExpectIntEQ(ret = wc_GetSubjectPubKeyInfoDerFromCert(rsaCertDer, + rsaCertDerSz, + keyDer, + &keyDerSz), 0); + ExpectIntGT(keyDerSz, 0); + + /* sanity check, verify we can import DER public key */ + ret = wc_InitRsaKey(&rsaKey, HEAP_HINT); + ExpectIntEQ(ret, 0); + idx = 0; + ExpectIntEQ(wc_RsaPublicKeyDecode(keyDer, &idx, &rsaKey, keyDerSz), 0); + if (ret == 0) { + wc_FreeRsaKey(&rsaKey); + } + } + #endif /* WOLFSSL_CERT_REQ */ +#endif /* NO_RSA */ + +#ifdef HAVE_ECC + #ifndef USE_CERT_BUFFERS_256 + ExpectTrue((fp2 = XFOPEN("./certs/client-ecc-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(eccCertSz = (word32)XFREAD(eccCert, 1, ONEK_BUF, fp2), 0); + if (fp2 != XBADFILE) { + XFCLOSE(fp2); + } + #endif + + /* good test case - ECC */ + XMEMSET(keyDer, 0, sizeof(keyDer)); + keyDerSz = sizeof(keyDer); + ExpectIntEQ(wc_GetSubjectPubKeyInfoDerFromCert(eccCert, eccCertSz, keyDer, + &keyDerSz), 0); + ExpectIntGT(keyDerSz, 0); + + /* sanity check, verify we can import DER public key */ + ret = wc_ecc_init(&eccKey); + ExpectIntEQ(ret, 0); + idx = 0; /* reset idx to 0, used above in RSA case */ + ExpectIntEQ(wc_EccPublicKeyDecode(keyDer, &idx, &eccKey, keyDerSz), 0); + if (ret == 0) { + wc_ecc_free(&eccKey); + } + +#endif +#endif /* !NO_RSA || HAVE_ECC */ + return EXPECT_RESULT(); +} + +static int test_wc_CheckCertSigPubKey(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && defined(WOLFSSL_PEM_TO_DER) && defined(HAVE_ECC) + int ret = 0; + const char* ca_cert = "./certs/ca-cert.pem"; + byte* cert_buf = NULL; + size_t cert_sz = 0; + byte* cert_der = NULL; + word32 cert_dersz = 0; + byte keyDer[TWOK_BUF]; /* large enough for up to RSA 2048 */ + word32 keyDerSz = (word32)sizeof(keyDer); + DecodedCert decoded; + + ExpectIntEQ(load_file(ca_cert, &cert_buf, &cert_sz), 0); + cert_dersz = (word32)cert_sz; /* DER will be smaller than PEM */ + ExpectNotNull(cert_der = (byte*)malloc(cert_dersz)); + ExpectIntGE(ret = wc_CertPemToDer(cert_buf, (int)cert_sz, cert_der, + (int)cert_dersz, CERT_TYPE), 0); + + wc_InitDecodedCert(&decoded, cert_der, cert_dersz, NULL); + ExpectIntEQ(wc_ParseCert(&decoded, CERT_TYPE, NO_VERIFY, NULL), 0); + + ExpectIntEQ(wc_GetPubKeyDerFromCert(&decoded, keyDer, &keyDerSz), 0); + ExpectIntGT(keyDerSz, 0); + + /* Good test case. */ + ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, + keyDerSz, RSAk), 0); + + /* No certificate. */ + ExpectIntEQ(wc_CheckCertSigPubKey(NULL, cert_dersz, NULL, keyDer, keyDerSz, + ECDSAk), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Bad cert size. */ + ExpectIntNE(ret = wc_CheckCertSigPubKey(cert_der, 0, NULL, keyDer, keyDerSz, + RSAk), 0); + ExpectTrue(ret == WC_NO_ERR_TRACE(ASN_PARSE_E) || ret == WC_NO_ERR_TRACE(BUFFER_E)); + + /* No public key. */ + ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, NULL, + keyDerSz, RSAk), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); + + /* Bad public key size. */ + ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, 0, + RSAk), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Wrong aglo. */ + ExpectIntEQ(wc_CheckCertSigPubKey(cert_der, cert_dersz, NULL, keyDer, + keyDerSz, ECDSAk), WC_NO_ERR_TRACE(ASN_PARSE_E)); + + wc_FreeDecodedCert(&decoded); + if (cert_der != NULL) + free(cert_der); + if (cert_buf != NULL) + free(cert_buf); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_ext_d2i(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) + X509* x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + + ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_basic_constraints, + NULL, NULL)); + ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_subject_alt_name, + NULL, NULL)); + ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_authority_key_identifier, + NULL, NULL)); + ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_subject_key_identifier, + NULL, NULL)); + ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_key_usage, + NULL, NULL)); + ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_crl_distribution_points, + NULL, NULL)); + ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_ext_key_usage, + NULL, NULL)); + ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_info_access, + NULL, NULL)); + ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_certificate_policies, + NULL, NULL)); + /* Invalid NID for an extension. */ + ExpectNull(wolfSSL_X509_get_ext_d2i(x509, NID_description, + NULL, NULL)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_certs(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_TLS) && !defined(NO_RSA) + X509* x509ext = NULL; + X509* x509 = NULL; +#ifdef OPENSSL_ALL + WOLFSSL_X509_EXTENSION* ext = NULL; + ASN1_OBJECT* obj = NULL; +#endif + WOLFSSL* ssl = NULL; + WOLFSSL_CTX* ctx = NULL; + STACK_OF(ASN1_OBJECT)* sk = NULL; + ASN1_STRING* asn1_str = NULL; + AUTHORITY_KEYID* akey = NULL; + WOLFSSL_STACK* skid = NULL; + BASIC_CONSTRAINTS* bc = NULL; + int crit = 0; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); +#else + ExpectNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); +#endif + ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); + #if !defined(NO_CHECK_PRIVATE_KEY) + ExpectIntEQ(SSL_CTX_check_private_key(ctx), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + #endif + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); + #if !defined(NO_CHECK_PRIVATE_KEY) + ExpectIntEQ(SSL_CTX_check_private_key(ctx), SSL_SUCCESS); + #endif + ExpectNotNull(ssl = SSL_new(ctx)); + + /* Invalid parameters. */ + ExpectIntEQ(SSL_use_certificate_file(NULL, NULL, WOLFSSL_FILETYPE_PEM), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(SSL_use_certificate_file(ssl, NULL, WOLFSSL_FILETYPE_PEM), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_use_certificate_file(NULL, "./certs/server-cert.pem", + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + #if !defined(NO_CHECK_PRIVATE_KEY) + ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif + + #ifdef HAVE_PK_CALLBACKS + ExpectIntEQ((int)SSL_set_tlsext_debug_arg(ssl, NULL), WOLFSSL_SUCCESS); + #endif /* HAVE_PK_CALLBACKS */ + + /* Invalid parameters. */ + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(SSL_use_certificate(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_use_certificate(ssl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_use_certificate(NULL, x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* No data in certificate. */ + ExpectIntEQ(SSL_use_certificate(ssl, x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* create and use x509 */ + ExpectNull(wolfSSL_X509_load_certificate_file(cliCertFileExt, -1)); + ExpectNull(wolfSSL_X509_load_certificate_file("/tmp/badfile", + WOLFSSL_FILETYPE_PEM)); + ExpectNull(wolfSSL_X509_load_certificate_file(NULL, WOLFSSL_FILETYPE_PEM)); + ExpectNull(wolfSSL_X509_load_certificate_file(cliCertFileExt, + WOLFSSL_FILETYPE_ASN1)); +#ifdef OPENSSL_ALL + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); +#endif + ExpectNotNull(x509ext = wolfSSL_X509_load_certificate_file(cliCertFileExt, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(SSL_use_certificate(ssl, x509ext), WOLFSSL_SUCCESS); + + #if !defined(NO_CHECK_PRIVATE_KEY) + /* with loading in a new cert the check on private key should now fail */ + ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif + + + #if defined(USE_CERT_BUFFERS_2048) + /* Invalid parameters. */ + ExpectIntEQ(SSL_use_certificate_ASN1(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_use_certificate_ASN1(ssl, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_use_certificate_ASN1(NULL, + (unsigned char*)server_cert_der_2048, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* No data. */ + ExpectIntEQ(SSL_use_certificate_ASN1(ssl, + (unsigned char*)server_cert_der_2048, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(SSL_use_certificate_ASN1(ssl, + (unsigned char*)server_cert_der_2048, + sizeof_server_cert_der_2048), WOLFSSL_SUCCESS); + #endif + + #if !defined(NO_SHA) && !defined(NO_SHA256) && !defined(NO_PWDBASED) + /************* Get Digest of Certificate ******************/ + { + byte digest[64]; /* max digest size */ + word32 digestSz; + X509* x509Empty = NULL; + + XMEMSET(digest, 0, sizeof(digest)); + ExpectIntEQ(X509_digest(NULL, wolfSSL_EVP_sha1(), digest, &digestSz), + WOLFSSL_FAILURE); + ExpectIntEQ(X509_digest(x509ext, NULL, digest, &digestSz), + WOLFSSL_FAILURE); + ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), NULL, &digestSz), + WOLFSSL_FAILURE); + ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha1(), digest, &digestSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_digest(x509ext, wolfSSL_EVP_sha256(), digest, + &digestSz), WOLFSSL_SUCCESS); + + ExpectNotNull(x509Empty = wolfSSL_X509_new()); + ExpectIntEQ(X509_digest(x509Empty, wolfSSL_EVP_sha256(), digest, + &digestSz), WOLFSSL_FAILURE); + wolfSSL_X509_free(x509Empty); + } + #endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */ + + #if !defined(NO_SHA) && !defined(NO_SHA256) && !defined(NO_PWDBASED) + /************* Get Digest of Certificate ******************/ + { + byte digest[64]; /* max digest size */ + word32 digestSz; + X509* x509Empty = NULL; + + XMEMSET(digest, 0, sizeof(digest)); + ExpectIntEQ(X509_pubkey_digest(NULL, wolfSSL_EVP_sha1(), digest, + &digestSz), WOLFSSL_FAILURE); + ExpectIntEQ(X509_pubkey_digest(x509ext, NULL, digest, &digestSz), + WOLFSSL_FAILURE); + ExpectIntEQ(X509_pubkey_digest(x509ext, wolfSSL_EVP_sha1(), NULL, + &digestSz), WOLFSSL_FAILURE); + ExpectIntEQ(X509_pubkey_digest(x509ext, wolfSSL_EVP_sha1(), digest, + NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_pubkey_digest(x509ext, wolfSSL_EVP_sha1(), digest, + &digestSz), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_pubkey_digest(x509ext, wolfSSL_EVP_sha256(), digest, + &digestSz), WOLFSSL_SUCCESS); + + ExpectNotNull(x509Empty = wolfSSL_X509_new()); + ExpectIntEQ(X509_pubkey_digest(x509Empty, wolfSSL_EVP_sha256(), digest, + &digestSz), WOLFSSL_FAILURE); + wolfSSL_X509_free(x509Empty); + } + #endif /* !NO_SHA && !NO_SHA256 && !NO_PWDBASED */ + + /* test and checkout X509 extensions */ + ExpectNotNull(bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext, + NID_basic_constraints, NULL, NULL)); + BASIC_CONSTRAINTS_free(bc); + bc = NULL; + ExpectNotNull(bc = (BASIC_CONSTRAINTS*)X509_get_ext_d2i(x509ext, + NID_basic_constraints, &crit, NULL)); + ExpectIntEQ(crit, 0); + +#ifdef OPENSSL_ALL + ExpectNull(X509V3_EXT_i2d(NID_basic_constraints, crit, NULL)); + { + int i; + int unsupportedNid[] = { + 0, + NID_inhibit_any_policy, + NID_certificate_policies, + NID_policy_mappings, + NID_name_constraints, + NID_policy_constraints, + NID_crl_distribution_points + }; + int unsupportedNidCnt = (int)(sizeof(unsupportedNid) / + sizeof(*unsupportedNid)); + + for (i = 0; i < unsupportedNidCnt; i++) { + ExpectNotNull(ext = X509V3_EXT_i2d(unsupportedNid[i], crit, bc)); + X509_EXTENSION_free(ext); + ext = NULL; + } + } + ExpectNotNull(ext = X509V3_EXT_i2d(NID_basic_constraints, crit, bc)); + X509_EXTENSION_free(ext); + ext = NULL; + + ExpectNotNull(ext = X509_EXTENSION_new()); + ExpectIntEQ(X509_EXTENSION_set_critical(NULL, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_EXTENSION_set_critical(ext, 1), WOLFSSL_SUCCESS); + ExpectNotNull(obj = OBJ_nid2obj(NID_basic_constraints)); + ExpectIntEQ(X509_EXTENSION_set_object(NULL, NULL), SSL_FAILURE); + ExpectIntEQ(X509_EXTENSION_set_object(NULL, obj), SSL_FAILURE); + ExpectIntEQ(X509_EXTENSION_set_object(ext, NULL), SSL_SUCCESS); + ExpectIntEQ(X509_EXTENSION_set_object(ext, obj), SSL_SUCCESS); + /* Check old object is being freed. */ + ExpectIntEQ(X509_EXTENSION_set_object(ext, obj), SSL_SUCCESS); + ASN1_OBJECT_free(obj); + obj = NULL; + X509_EXTENSION_free(ext); + ext = NULL; + + ExpectNotNull(ext = X509_EXTENSION_new()); + ExpectIntEQ(X509_EXTENSION_set_critical(ext, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_EXTENSION_set_data(ext, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, + NID_key_usage, NULL, NULL)); + ASN1_STRING_free(asn1_str); + asn1_str = NULL; + ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, + NID_key_usage, &crit, NULL)); + ExpectIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS); + ExpectIntEQ(X509_EXTENSION_set_data(ext, asn1_str), SSL_SUCCESS); + ASN1_STRING_free(asn1_str); /* X509_EXTENSION_set_data has made a copy + * and X509_get_ext_d2i has created new */ + asn1_str = NULL; + X509_EXTENSION_free(ext); + ext = NULL; + +#endif + BASIC_CONSTRAINTS_free(NULL); + BASIC_CONSTRAINTS_free(bc); + bc = NULL; + + ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, + NID_key_usage, NULL, NULL)); + ASN1_STRING_free(asn1_str); + asn1_str = NULL; + ExpectNotNull(asn1_str = (ASN1_STRING*)X509_get_ext_d2i(x509ext, + NID_key_usage, &crit, NULL)); + ExpectIntEQ(crit, 1); + ExpectIntEQ(asn1_str->type, NID_key_usage); +#ifdef OPENSSL_ALL + ExpectNotNull(ext = X509V3_EXT_i2d(NID_key_usage, crit, asn1_str)); + X509_EXTENSION_free(ext); + ext = NULL; +#endif + ASN1_STRING_free(asn1_str); + asn1_str = NULL; + +#ifdef OPENSSL_ALL + ExpectNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, + NID_ext_key_usage, NULL, NULL)); + EXTENDED_KEY_USAGE_free(NULL); + EXTENDED_KEY_USAGE_free(sk); + sk = NULL; + ExpectNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, + NID_ext_key_usage, &crit, NULL)); + ExpectNotNull(ext = X509V3_EXT_i2d(NID_ext_key_usage, crit, sk)); + X509_EXTENSION_free(ext); + ext = NULL; + EXTENDED_KEY_USAGE_free(sk); + sk = NULL; +#else + sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, NID_ext_key_usage, + &crit, NULL); + ExpectNull(sk); +#endif + + ExpectNotNull(akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext, + NID_authority_key_identifier, NULL, NULL)); + wolfSSL_AUTHORITY_KEYID_free(NULL); + wolfSSL_AUTHORITY_KEYID_free(akey); + akey = NULL; + ExpectNotNull(akey = (AUTHORITY_KEYID*)X509_get_ext_d2i(x509ext, + NID_authority_key_identifier, &crit, NULL)); +#ifdef OPENSSL_ALL + ExpectNotNull(ext = X509V3_EXT_i2d(NID_authority_key_identifier, crit, + akey)); + X509_EXTENSION_free(ext); + ext = NULL; +#endif + wolfSSL_AUTHORITY_KEYID_free(akey); + akey = NULL; + + ExpectNotNull(skid = (WOLFSSL_STACK*)X509_get_ext_d2i(x509ext, + NID_subject_key_identifier, NULL, NULL)); + wolfSSL_sk_ASN1_OBJECT_pop_free(skid, wolfSSL_ASN1_OBJECT_free); + skid = NULL; + ExpectNotNull(skid = (WOLFSSL_STACK*)X509_get_ext_d2i(x509ext, + NID_subject_key_identifier, &crit, NULL)); +#ifdef OPENSSL_ALL + ExpectNotNull(ext = X509V3_EXT_i2d(NID_subject_key_identifier, crit, + skid)); + X509_EXTENSION_free(ext); + ext = NULL; +#endif + wolfSSL_sk_ASN1_OBJECT_pop_free(skid, wolfSSL_ASN1_OBJECT_free); + skid = NULL; + + /* NID not yet supported */ + ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, + NID_private_key_usage_period, &crit, NULL)); + ExpectIntEQ(crit, -1); + sk_ASN1_OBJECT_free(sk); + sk = NULL; + + ExpectNotNull(sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext, + NID_subject_alt_name, NULL, NULL)); + sk_GENERAL_NAME_free(sk); + sk = NULL; + ExpectNotNull(sk = (STACK_OF(GENERAL_NAME)*)X509_get_ext_d2i(x509ext, + NID_subject_alt_name, &crit, NULL)); + { + int i; + for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) { + GENERAL_NAME* gen = sk_GENERAL_NAME_value(sk, i); + ExpectIntEQ(gen->type, GEN_DNS); + ExpectIntEQ(gen->d.dNSName->type, V_ASN1_IA5STRING); + } + } + sk_GENERAL_NAME_free(sk); + sk = NULL; + + /* NID not yet supported */ + ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, + NID_issuer_alt_name, &crit, NULL)); + ExpectIntEQ(crit, -1); + sk_ASN1_OBJECT_free(sk); + sk = NULL; + + /* NID not yet supported */ + ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, + NID_info_access, &crit, NULL)); + sk_ASN1_OBJECT_free(sk); + sk = NULL; + + /* NID not yet supported */ + ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, + NID_sinfo_access, &crit, NULL)); + ExpectIntEQ(crit, -1); + sk_ASN1_OBJECT_free(sk); + sk = NULL; + + /* NID not yet supported */ + ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, + NID_name_constraints, &crit, NULL)); + ExpectIntEQ(crit, -1); + sk_ASN1_OBJECT_free(sk); + sk = NULL; + + /* no cert policy set */ + ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, + NID_certificate_policies, &crit, NULL)); + sk_ASN1_OBJECT_free(sk); + sk = NULL; + + /* NID not yet supported */ + ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, + NID_policy_mappings, &crit, NULL)); + ExpectIntEQ(crit, -1); + sk_ASN1_OBJECT_free(sk); + sk = NULL; + + /* NID not yet supported */ + ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, + NID_policy_constraints, &crit, NULL)); + ExpectIntEQ(crit, -1); + sk_ASN1_OBJECT_free(sk); + sk = NULL; + + /* NID not yet supported */ + ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, + NID_inhibit_any_policy, &crit, NULL)); + ExpectIntEQ(crit, -1); + sk_ASN1_OBJECT_free(sk); + sk = NULL; + + /* NID not yet supported */ + ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, + NID_tlsfeature, &crit, NULL)); + ExpectIntEQ(crit, -1); + sk_ASN1_OBJECT_free(sk); + sk = NULL; + + /* test invalid cases */ + crit = 0; + ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509ext, -1, &crit, + NULL)); + ExpectIntEQ(crit, -1); + /* NULL passed for criticality. */ + ExpectNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(NULL, + NID_tlsfeature, NULL, NULL)); + + ExpectIntEQ(SSL_get_hit(ssl), 0); +#ifdef OPENSSL_ALL + X509_free(x509); +#endif + X509_free(x509ext); + SSL_free(ssl); + SSL_CTX_free(ctx); +#endif /* OPENSSL_EXTRA && !NO_CERTS */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_check_private_key(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + defined(USE_CERT_BUFFERS_2048) && !defined(NO_CHECK_PRIVATE_KEY) && \ + !defined(NO_FILESYSTEM) + X509* x509 = NULL; + EVP_PKEY* pkey = NULL; + const byte* key; + + /* Check with correct key */ + ExpectNotNull((x509 = X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM))); + key = client_key_der_2048; + ExpectNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &key, + (long)sizeof_client_key_der_2048)); + ExpectIntEQ(X509_check_private_key(x509, pkey), 1); + EVP_PKEY_free(pkey); + pkey = NULL; + + /* Check with wrong key */ + key = server_key_der_2048; + ExpectNotNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &key, + (long)sizeof_server_key_der_2048)); + ExpectIntEQ(X509_check_private_key(x509, pkey), 0); + + /* test for incorrect parameter */ + ExpectIntEQ(X509_check_private_key(NULL, pkey), 0); + ExpectIntEQ(X509_check_private_key(x509, NULL), 0); + ExpectIntEQ(X509_check_private_key(NULL, NULL), 0); + + EVP_PKEY_free(pkey); + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_private_keys(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_FILESYSTEM) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) + WOLFSSL* ssl = NULL; + WOLFSSL_CTX* ctx = NULL; + EVP_PKEY* pkey = NULL; + + OpenSSL_add_all_digests(); + OpenSSL_add_all_algorithms(); + +#ifndef NO_RSA + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); + #endif + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + /* Have to load a cert before you can check the private key against that + * certificates public key! */ + #if !defined(NO_CHECK_PRIVATE_KEY) + ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + #endif + ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + #if !defined(NO_CHECK_PRIVATE_KEY) + ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS); + #endif + ExpectNotNull(ssl = SSL_new(ctx)); + + #if !defined(NO_CHECK_PRIVATE_KEY) + ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif + + /* Invalid parameters. */ + ExpectIntEQ(SSL_use_PrivateKey_file(NULL, NULL, WOLFSSL_FILETYPE_PEM), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(SSL_use_PrivateKey_file(NULL, svrKeyFile, WOLFSSL_FILETYPE_PEM), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(SSL_use_PrivateKey_file(ssl, NULL, WOLFSSL_FILETYPE_PEM), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + +#ifdef USE_CERT_BUFFERS_2048 + { + const unsigned char* server_key = (const unsigned char*)server_key_der_2048; + unsigned char buf[FOURK_BUF]; + word32 bufSz; + + /* Invalid parameters. */ + ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(NULL, + (unsigned char*)client_key_der_2048, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, ssl, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, NULL, (unsigned char*)server_key, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, NULL, (unsigned char*)server_key, + 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(SSL_use_RSAPrivateKey_ASN1(ssl, + (unsigned char*)client_key_der_2048, + sizeof_client_key_der_2048), WOLFSSL_SUCCESS); + #if !defined(NO_CHECK_PRIVATE_KEY) + /* Should mismatch now that a different private key loaded */ + ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif + + ExpectIntEQ(SSL_use_PrivateKey_ASN1(0, ssl, + (unsigned char*)server_key, + sizeof_server_key_der_2048), WOLFSSL_SUCCESS); + #if !defined(NO_CHECK_PRIVATE_KEY) + /* After loading back in DER format of original key, should match */ + ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif + + /* test loading private key to the WOLFSSL_CTX */ + ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx, + (unsigned char*)client_key_der_2048, + sizeof_client_key_der_2048), WOLFSSL_SUCCESS); + + #if !defined(NO_CHECK_PRIVATE_KEY) + /* Should mismatch now that a different private key loaded */ + ExpectIntNE(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS); + #endif + + ExpectIntEQ(SSL_CTX_use_PrivateKey_ASN1(0, ctx, + (unsigned char*)server_key, + sizeof_server_key_der_2048), WOLFSSL_SUCCESS); + #if !defined(NO_CHECK_PRIVATE_KEY) + /* After loading back in DER format of original key, should match */ + ExpectIntEQ(wolfSSL_CTX_check_private_key(ctx), WOLFSSL_SUCCESS); + #endif + + /* Invalid parameters. */ + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectIntEQ(SSL_use_PrivateKey(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_use_PrivateKey(ssl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_use_PrivateKey(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* pkey is empty - no key data to use. */ + ExpectIntEQ(SSL_use_PrivateKey(ssl, pkey), WC_NO_ERR_TRACE(ASN_PARSE_E)); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + + /* set PKEY and test again */ + ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, + &server_key, (long)sizeof_server_key_der_2048)); + ExpectIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS); + + /* reuse PKEY structure and test + * this should be checked with a memory management sanity checker */ + ExpectFalse(server_key == (const unsigned char*)server_key_der_2048); + server_key = (const unsigned char*)server_key_der_2048; + ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, + &server_key, (long)sizeof_server_key_der_2048)); + ExpectIntEQ(SSL_use_PrivateKey(ssl, pkey), WOLFSSL_SUCCESS); + + /* check striping PKCS8 header with wolfSSL_d2i_PrivateKey */ + bufSz = FOURK_BUF; + ExpectIntGT((bufSz = (word32)wc_CreatePKCS8Key(buf, &bufSz, + (byte*)server_key_der_2048, sizeof_server_key_der_2048, + RSAk, NULL, 0)), 0); + server_key = (const unsigned char*)buf; + ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, + (long)bufSz)); + } +#endif + + + EVP_PKEY_free(pkey); + pkey = NULL; + SSL_free(ssl); /* frees x509 also since loaded into ssl */ + ssl = NULL; + SSL_CTX_free(ctx); + ctx = NULL; +#endif /* end of RSA private key match tests */ + + +#ifdef HAVE_ECC + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); + #endif + ExpectTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(ssl = SSL_new(ctx)); + + #if !defined(NO_CHECK_PRIVATE_KEY) + ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif + SSL_free(ssl); + ssl = NULL; + + + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEccKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(ssl = SSL_new(ctx)); + + #ifdef WOLFSSL_VALIDATE_ECC_IMPORT + ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif + + SSL_free(ssl); + ssl = NULL; + SSL_CTX_free(ctx); + ctx = NULL; +#endif /* end of ECC private key match tests */ + +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); + #endif + ExpectTrue(SSL_CTX_use_certificate_file(ctx, edCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, edKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(ssl = SSL_new(ctx)); + + #if !defined(NO_CHECK_PRIVATE_KEY) + ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif + SSL_free(ssl); + ssl = NULL; + + + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEdKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(ssl = SSL_new(ctx)); + + #if !defined(NO_CHECK_PRIVATE_KEY) + #ifdef HAVE_ED25519_MAKE_KEY + ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #else + ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif + #endif + + SSL_free(ssl); + ssl = NULL; + SSL_CTX_free(ctx); + ctx = NULL; +#endif /* end of Ed25519 private key match tests */ + +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); + #endif + ExpectTrue(SSL_CTX_use_certificate_file(ctx, ed448CertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, ed448KeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(ssl = SSL_new(ctx)); + + #if !defined(NO_CHECK_PRIVATE_KEY) + ExpectIntEQ(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif + SSL_free(ssl); + ssl = NULL; + + + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, cliEd448KeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(ssl = SSL_new(ctx)); + + #if !defined(NO_CHECK_PRIVATE_KEY) + ExpectIntNE(wolfSSL_check_private_key(ssl), WOLFSSL_SUCCESS); + #endif + + SSL_free(ssl); + ssl = NULL; + SSL_CTX_free(ctx); + ctx = NULL; +#endif /* end of Ed448 private key match tests */ + + EVP_cleanup(); + + /* test existence of no-op macros in wolfssl/openssl/ssl.h */ + CONF_modules_free(); + ENGINE_cleanup(); + CONF_modules_unload(); + + (void)ssl; + (void)ctx; + (void)pkey; +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_def_callback(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + char buf[10]; + const char* defpwd = "DEF PWD"; + int defpwdLen = (int)XSTRLEN(defpwd); + int smallLen = 1; + + /* Bad parameters. */ + ExpectIntEQ(wolfSSL_PEM_def_callback(NULL, sizeof(buf), 0, NULL), 0); + ExpectIntEQ(wolfSSL_PEM_def_callback(NULL, sizeof(buf), 0, (void*)defpwd), + 0); + ExpectIntEQ(wolfSSL_PEM_def_callback(buf, sizeof(buf), 0, NULL), 0); + + XMEMSET(buf, 0, sizeof(buf)); + ExpectIntEQ(wolfSSL_PEM_def_callback(buf, sizeof(buf), 0, (void*)defpwd), + defpwdLen); + ExpectIntEQ(XMEMCMP(buf, defpwd, defpwdLen), 0); + ExpectIntEQ(buf[defpwdLen], 0); + /* Size of buffer is smaller than default password. */ + XMEMSET(buf, 0, sizeof(buf)); + ExpectIntEQ(wolfSSL_PEM_def_callback(buf, smallLen, 0, (void*)defpwd), + smallLen); + ExpectIntEQ(XMEMCMP(buf, defpwd, smallLen), 0); + ExpectIntEQ(buf[smallLen], 0); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_read_PrivateKey(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || \ + !defined(NO_DSA) || defined(HAVE_ECC) || !defined(NO_DH)) + XFILE file = XBADFILE; +#if !defined(NO_RSA) + const char* fname_rsa = "./certs/server-key.pem"; + RSA* rsa = NULL; + WOLFSSL_EVP_PKEY_CTX* ctx = NULL; + unsigned char* sig = NULL; + size_t sigLen = 0; + const unsigned char tbs[] = {0, 1, 2, 3, 4, 5, 6, 7}; + size_t tbsLen = sizeof(tbs); +#endif +#if !defined(NO_DSA) + const char* fname_dsa = "./certs/dsa2048.pem"; +#endif +#if defined(HAVE_ECC) + const char* fname_ec = "./certs/ecc-key.pem"; +#endif +#if !defined(NO_DH) + const char* fname_dh = "./certs/dh-priv-2048.pem"; +#endif + EVP_PKEY* pkey = NULL; + + /* Check error case. */ + ExpectNull(pkey = PEM_read_PrivateKey(NULL, NULL, NULL, NULL)); + + /* not a PEM key. */ + ExpectTrue((file = XFOPEN("./certs/ecc-key.der", "rb")) != XBADFILE); + ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; + +#ifndef NO_RSA + /* Read in an RSA key. */ + ExpectTrue((file = XFOPEN(fname_rsa, "rb")) != XBADFILE); + ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; + + /* Make sure the key is usable by signing some data with it. */ + ExpectNotNull(rsa = EVP_PKEY_get0_RSA(pkey)); + ExpectIntGT((sigLen = RSA_size(rsa)), 0); + ExpectNotNull(sig = (unsigned char*)XMALLOC(sigLen, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_sign(ctx, sig, &sigLen, tbs, tbsLen), + WOLFSSL_SUCCESS); + + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + pkey = NULL; +#endif + +#ifndef NO_DSA + /* Read in a DSA key. */ + ExpectTrue((file = XFOPEN(fname_dsa, "rb")) != XBADFILE); +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) + ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); + EVP_PKEY_free(pkey); + pkey = NULL; +#else + ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); +#endif + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; +#endif + +#ifdef HAVE_ECC + /* Read in an EC key. */ + ExpectTrue((file = XFOPEN(fname_ec, "rb")) != XBADFILE); + ExpectNotNull(pkey = EVP_PKEY_new()); + ExpectPtrEq(PEM_read_PrivateKey(file, &pkey, NULL, NULL), pkey); + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; + EVP_PKEY_free(pkey); + pkey = NULL; +#endif + +#ifndef NO_DH + /* Read in a DH key. */ + ExpectTrue((file = XFOPEN(fname_dh, "rb")) != XBADFILE); +#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_OPENSSH)) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + ExpectNotNull(pkey = PEM_read_PrivateKey(file, NULL, NULL, NULL)); + EVP_PKEY_free(pkey); + pkey = NULL; +#else + ExpectNull(PEM_read_PrivateKey(file, NULL, NULL, NULL)); +#endif + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_read_PUBKEY(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) \ + && !defined(NO_FILESYSTEM) + XFILE file = XBADFILE; + const char* fname = "./certs/client-keyPub.pem"; + EVP_PKEY* pkey = NULL; + + /* Check error case. */ + ExpectNull(pkey = PEM_read_PUBKEY(NULL, NULL, NULL, NULL)); + + /* Read in an RSA key. */ + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectNotNull(pkey = PEM_read_PUBKEY(file, NULL, NULL, NULL)); + EVP_PKEY_free(pkey); + pkey = NULL; + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectNotNull(pkey = EVP_PKEY_new()); + ExpectPtrEq(PEM_read_PUBKEY(file, &pkey, NULL, NULL), pkey); + EVP_PKEY_free(pkey); + if (file != XBADFILE) + XFCLOSE(file); +#endif + return EXPECT_RESULT(); +} + +/* test loading RSA key using BIO */ +static int test_wolfSSL_PEM_PrivateKey_rsa(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + defined(USE_CERT_BUFFERS_2048) && !defined(NO_FILESYSTEM) && \ + !defined(NO_BIO) + BIO* bio = NULL; + XFILE file = XBADFILE; + const char* fname = "./certs/server-key.pem"; + const char* fname_rsa_p8 = "./certs/server-keyPkcs8.pem"; + EVP_PKEY* pkey = NULL; + size_t sz = 0; + byte* buf = NULL; + EVP_PKEY* pkey2 = NULL; + EVP_PKEY* pkey3 = NULL; + RSA* rsa_key = NULL; +#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) + unsigned char extra[10]; + int i; + BIO* pub_bio = NULL; + const unsigned char* server_key = (const unsigned char*)server_key_der_2048; +#endif + + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf != NULL) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + + /* Test using BIO new mem and loading PEM private key */ + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + buf = NULL; + BIO_free(bio); + bio = NULL; + + /* New empty EVP_PKEY */ + ExpectNotNull(pkey2 = EVP_PKEY_new()); + if (pkey2 != NULL) { + pkey2->type = EVP_PKEY_RSA; + } + /* Test parameter copy */ + ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 0); + EVP_PKEY_free(pkey2); + EVP_PKEY_free(pkey); + pkey = NULL; + + /* Qt unit test case : rsa pkcs8 key */ + ExpectTrue((file = XFOPEN(fname_rsa_p8, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + buf = NULL; + BIO_free(bio); + bio = NULL; + ExpectNotNull(pkey3 = EVP_PKEY_new()); + + ExpectNotNull(rsa_key = EVP_PKEY_get1_RSA(pkey)); + ExpectIntEQ(EVP_PKEY_set1_RSA(pkey3, rsa_key), WOLFSSL_SUCCESS); + +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); +#else + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); +#endif + + RSA_free(rsa_key); + EVP_PKEY_free(pkey3); + EVP_PKEY_free(pkey); + pkey = NULL; + pkey2 = NULL; + +#if defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN) + #define BIO_PEM_TEST_CHAR 'a' + XMEMSET(extra, BIO_PEM_TEST_CHAR, sizeof(extra)); + + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(BIO_set_write_buf_size(bio, 4096), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(BIO_set_write_buf_size(pub_bio, 4096), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, + (long)sizeof_server_key_der_2048)); + ExpectNull(pkey); + + ExpectNotNull(wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, + (long)sizeof_server_key_der_2048)); + ExpectIntEQ(PEM_write_bio_PrivateKey(NULL, pkey, NULL, NULL, 0, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, NULL, NULL, NULL, 0, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectIntGT(BIO_pending(bio), 0); + ExpectIntEQ(BIO_pending(bio), 1679); + /* Check if the pubkey API writes only the public key */ +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(NULL, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS); + ExpectIntGT(BIO_pending(pub_bio), 0); + /* Previously both the private key and the pubkey calls would write + * out the private key and the PEM header was the only difference. + * The public PEM should be significantly shorter than the + * private key versison. */ + ExpectIntEQ(BIO_pending(pub_bio), 451); +#else + /* Not supported. */ + ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), 0); +#endif + + /* test creating new EVP_PKEY with good args */ + ExpectNotNull((pkey2 = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) { + ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, + pkey->pkey_sz), 0); + } + + /* test of reuse of EVP_PKEY */ + ExpectNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); + ExpectIntEQ(BIO_pending(bio), 0); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + SSL_SUCCESS); + /* add 10 extra bytes after PEM */ + ExpectIntEQ(BIO_write(bio, extra, 10), 10); + ExpectNotNull(PEM_read_bio_PrivateKey(bio, &pkey, NULL, NULL)); + ExpectNotNull(pkey); + if (pkey && pkey->pkey.ptr && pkey2 && pkey2->pkey.ptr) { + ExpectIntEQ((int)XMEMCMP(pkey->pkey.ptr, pkey2->pkey.ptr, + pkey->pkey_sz), 0); + } + /* check 10 extra bytes still there */ + ExpectIntEQ(BIO_pending(bio), 10); + ExpectIntEQ(BIO_read(bio, extra, 10), 10); + for (i = 0; i < 10; i++) { + ExpectIntEQ(extra[i], BIO_PEM_TEST_CHAR); + } + + BIO_free(pub_bio); + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + EVP_PKEY_free(pkey2); +#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */ +#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 && + * !NO_FILESYSTEM && !NO_BIO */ + return EXPECT_RESULT(); +} + +/* test loading ECC key using BIO */ +static int test_wolfSSL_PEM_PrivateKey_ecc(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_ECC) && \ + !defined(NO_FILESYSTEM) && !defined(NO_BIO) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + XFILE file = XBADFILE; + const char* fname = "./certs/ecc-key.pem"; + const char* fname_ecc_p8 = "./certs/ecc-keyPkcs8.pem"; + + size_t sz = 0; + byte* buf = NULL; + EVP_PKEY* pkey2 = NULL; + EVP_PKEY* pkey3 = NULL; + EC_KEY* ec_key = NULL; + int nid = 0; + BIO* pub_bio = NULL; + + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + + /* Test using BIO new mem and loading PEM private key */ + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + buf = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectNotNull(pub_bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectIntGT(BIO_pending(bio), 0); + /* No parameters. */ + ExpectIntEQ(BIO_pending(bio), 227); + /* Check if the pubkey API writes only the public key */ +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(pub_bio, pkey), WOLFSSL_SUCCESS); + ExpectIntGT(BIO_pending(pub_bio), 0); + /* Previously both the private key and the pubkey calls would write + * out the private key and the PEM header was the only difference. + * The public PEM should be significantly shorter than the + * private key versison. */ + ExpectIntEQ(BIO_pending(pub_bio), 178); +#endif + BIO_free(pub_bio); + BIO_free(bio); + bio = NULL; + ExpectNotNull(pkey2 = EVP_PKEY_new()); + ExpectNotNull(pkey3 = EVP_PKEY_new()); + if (pkey2 != NULL) { + pkey2->type = EVP_PKEY_EC; + } + /* Test parameter copy */ + ExpectIntEQ(EVP_PKEY_copy_parameters(pkey2, pkey), 1); + + + /* Qt unit test case 1*/ + ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); + ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); + #ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); + #else + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); + #endif + /* Test default digest */ + ExpectIntEQ(EVP_PKEY_get_default_digest_nid(pkey, &nid), 1); + ExpectIntEQ(nid, NID_sha256); + EC_KEY_free(ec_key); + ec_key = NULL; + EVP_PKEY_free(pkey3); + pkey3 = NULL; + EVP_PKEY_free(pkey2); + pkey2 = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + + /* Qt unit test case ec pkcs8 key */ + ExpectTrue((file = XFOPEN(fname_ecc_p8, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL))); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + buf = NULL; + BIO_free(bio); + bio = NULL; + ExpectNotNull(pkey3 = EVP_PKEY_new()); + /* Qt unit test case */ + ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); + ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey3, ec_key), WOLFSSL_SUCCESS); +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 1/* match */); +#else + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey3), 0); +#endif + EC_KEY_free(ec_key); + EVP_PKEY_free(pkey3); + EVP_PKEY_free(pkey); + pkey = NULL; +#endif + return EXPECT_RESULT(); +} + +/* test loading DSA key using BIO */ +static int test_wolfSSL_PEM_PrivateKey_dsa(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_DSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_BIO) +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + + ExpectNotNull(bio = BIO_new_file("./certs/dsa2048.pem", "rb")); + /* Private DSA EVP_PKEY */ + ExpectNotNull(pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, NULL, + NULL)); + BIO_free(bio); + bio = NULL; + + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); +#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) +#ifdef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), 1216); +#else + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), 1212); +#endif +#endif + +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 1); +#ifdef WOLFSSL_ASN_TEMPLATE + ExpectIntEQ(BIO_pending(bio), 2394); +#else + ExpectIntEQ(BIO_pending(bio), 2390); +#endif + BIO_reset(bio); +#endif + + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + 1); + ExpectIntEQ(BIO_pending(bio), 1196); + + BIO_free(bio); + bio = NULL; + + EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#endif + return EXPECT_RESULT(); +} + +/* test loading DH key using BIO */ +static int test_wolfSSL_PEM_PrivateKey_dh(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_DH) && \ + !defined(NO_FILESYSTEM) && !defined(NO_BIO) +#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_OPENSSH)) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + int expectedBytes = 0; + + ExpectNotNull(bio = BIO_new_file("./certs/dh-priv-2048.pem", "rb")); + /* Private DH EVP_PKEY */ + ExpectNotNull(pkey = wolfSSL_PEM_read_bio_PrivateKey(bio, NULL, NULL, + NULL)); + BIO_free(bio); + bio = NULL; + + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + +#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + expectedBytes += 806; + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), expectedBytes); +#endif +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), 0); +#endif + + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + 1); + expectedBytes += 806; + ExpectIntEQ(BIO_pending(bio), expectedBytes); + + BIO_free(bio); + bio = NULL; + + EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_PrivateKey(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(USE_CERT_BUFFERS_2048) +#ifndef NO_BIO + BIO* bio = NULL; +#endif + EVP_PKEY* pkey = NULL; + const unsigned char* server_key = (const unsigned char*)server_key_der_2048; + +#ifndef NO_BIO + + /* test creating new EVP_PKEY with bad arg */ + ExpectNull((pkey = PEM_read_bio_PrivateKey(NULL, NULL, NULL, NULL))); + + /* Test bad EVP_PKEY type. */ + /* New HMAC EVP_PKEY */ + ExpectNotNull(bio = BIO_new_mem_buf("", 1)); + ExpectNotNull(pkey = EVP_PKEY_new()); + if (pkey != NULL) { + pkey->type = EVP_PKEY_HMAC; + } + ExpectIntEQ(PEM_write_bio_PrivateKey(bio, pkey, NULL, NULL, 0, NULL, NULL), + 0); +#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), 0); +#endif +#ifdef WOLFSSL_KEY_GEN + ExpectIntEQ(PEM_write_bio_PUBKEY(bio, pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(bio); + bio = NULL; + + + /* key is DES encrypted */ + #if !defined(NO_DES3) && defined(WOLFSSL_ENCRYPTED_KEYS) && \ + !defined(NO_RSA) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) && \ + !defined(NO_MD5) && defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) + { + XFILE f = XBADFILE; + wc_pem_password_cb* passwd_cb = NULL; + void* passwd_cb_userdata; + SSL_CTX* ctx = NULL; + char passwd[] = "bad password"; + + #ifndef WOLFSSL_NO_TLS12 + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method())); + #endif + #else + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_3_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_3_client_method())); + #endif + #endif + + ExpectNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb")); + SSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); + ExpectNotNull(passwd_cb = SSL_CTX_get_default_passwd_cb(ctx)); + ExpectNull(passwd_cb_userdata = + SSL_CTX_get_default_passwd_cb_userdata(ctx)); + + /* fail case with password call back */ + ExpectNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, + (void*)passwd)); + BIO_free(bio); + ExpectNotNull(bio = BIO_new_file("./certs/server-keyEnc.pem", "rb")); + ExpectNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb, + (void*)passwd)); + BIO_free(bio); + + ExpectTrue((f = XFOPEN("./certs/server-keyEnc.pem", "rb")) != XBADFILE); + ExpectNotNull(bio = BIO_new_fp(f, BIO_CLOSE)); + if ((bio == NULL) && (f != XBADFILE)) { + XFCLOSE(f); + } + + /* use callback that works */ + ExpectNotNull(pkey = PEM_read_bio_PrivateKey(bio, NULL, passwd_cb, + (void*)"yassl123")); + + ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); + + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(bio); + bio = NULL; + SSL_CTX_free(ctx); + } + #endif /* !defined(NO_DES3) */ + +#endif /* !NO_BIO */ + + #if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) + { + unsigned char buf[2048]; + size_t bytes = 0; + XFILE f = XBADFILE; + SSL_CTX* ctx = NULL; + + #ifndef WOLFSSL_NO_TLS12 + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(TLSv1_2_client_method())); + #endif + #else + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(wolfTLSv1_3_client_method())); + #endif + #endif + + ExpectTrue((f = XFOPEN("./certs/ecc-key.der", "rb")) != XBADFILE); + ExpectIntGT(bytes = (size_t)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + server_key = buf; + pkey = NULL; + ExpectNull(d2i_PrivateKey(EVP_PKEY_RSA, &pkey, &server_key, (long int)bytes)); + ExpectNull(pkey); + ExpectNotNull(d2i_PrivateKey(EVP_PKEY_EC, &pkey, &server_key, (long int)bytes)); + ExpectIntEQ(SSL_CTX_use_PrivateKey(ctx, pkey), SSL_SUCCESS); + + EVP_PKEY_free(pkey); + pkey = NULL; + SSL_CTX_free(ctx); + server_key = NULL; + } + #endif + +#ifndef NO_BIO + (void)bio; +#endif + (void)pkey; + (void)server_key; +#endif /* OPENSSL_EXTRA && !NO_CERTS && !NO_RSA && USE_CERT_BUFFERS_2048 */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_file_RSAKey(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + RSA* rsa = NULL; + XFILE fp = XBADFILE; + + ExpectTrue((fp = XFOPEN("./certs/rsa-pub-2048.pem", "rb")) != XBADFILE); + ExpectNotNull((rsa = PEM_read_RSA_PUBKEY(fp, NULL, NULL, NULL))); + if (fp != XBADFILE) + XFCLOSE(fp); + ExpectIntEQ(RSA_size(rsa), 256); + + ExpectIntEQ(PEM_write_RSAPublicKey(XBADFILE, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSAPublicKey(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSAPublicKey(stderr, rsa), WOLFSSL_SUCCESS); + + ExpectIntEQ(PEM_write_RSA_PUBKEY(XBADFILE, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSA_PUBKEY(stderr, rsa), WOLFSSL_SUCCESS); + + RSA_free(rsa); +#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_file_RSAPrivateKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(NO_FILESYSTEM) && \ + (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) + RSA* rsa = NULL; + XFILE f = NULL; + + ExpectTrue((f = XFOPEN(svrKeyFile, "rb")) != XBADFILE); + ExpectNotNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL))); + ExpectIntEQ(RSA_size(rsa), 256); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + ExpectIntEQ(PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + + RSA_free(rsa); + +#ifdef HAVE_ECC + ExpectTrue((f = XFOPEN(eccKeyFile, "rb")) != XBADFILE); + ExpectNull((rsa = PEM_read_RSAPrivateKey(f, NULL, NULL, NULL))); + if (f != XBADFILE) + XFCLOSE(f); +#endif /* HAVE_ECC */ +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_read_RSA_PUBKEY(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + XFILE file = XBADFILE; + const char* fname = "./certs/client-keyPub.pem"; + RSA *rsa = NULL; + + ExpectNull(wolfSSL_PEM_read_RSA_PUBKEY(XBADFILE, NULL, NULL, NULL)); + + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectNotNull((rsa = PEM_read_RSA_PUBKEY(file, NULL, NULL, NULL))); + ExpectIntEQ(RSA_size(rsa), 256); + RSA_free(rsa); + if (file != XBADFILE) + XFCLOSE(file); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ + return EXPECT_RESULT(); +} + +#ifndef NO_BIO +static int test_wolfSSL_PEM_bio_RSAKey(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + RSA* rsa = NULL; + BIO* bio = NULL; + + /* PrivateKey */ + ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb")); + ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(NULL, NULL, NULL, NULL))); + ExpectNotNull(PEM_read_bio_RSAPrivateKey(bio, &rsa, NULL, NULL)); + ExpectNotNull(rsa); + ExpectIntEQ(RSA_size(rsa), 256); + ExpectIntEQ(PEM_write_bio_RSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, \ + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsa, NULL, NULL, 0, NULL, \ + NULL), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + RSA_free(rsa); + rsa = NULL; + + /* PUBKEY */ + ExpectNotNull(bio = BIO_new_file("./certs/rsa-pub-2048.pem", "rb")); + ExpectNull((rsa = PEM_read_bio_RSA_PUBKEY(NULL, NULL, NULL, NULL))); + ExpectNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); + ExpectIntEQ(RSA_size(rsa), 256); + ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_RSA_PUBKEY(bio, rsa), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + + RSA_free(rsa); + rsa = NULL; + + /* Ensure that keys beginning with BEGIN RSA PUBLIC KEY can be read, too. */ + ExpectNotNull(bio = BIO_new_file("./certs/server-keyPub.pem", "rb")); + ExpectNotNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + RSA_free(rsa); + rsa = NULL; + + #ifdef HAVE_ECC + /* ensure that non-rsa keys do not work */ + ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ + ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); + ExpectNull((rsa = PEM_read_bio_RSA_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + RSA_free(rsa); + rsa = NULL; + #endif /* HAVE_ECC */ +#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + (defined(WOLFSSL_KEY_GEN) || WOLFSSL_CERT_GEN) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_CERTS) */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_bio_RSAPrivateKey(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + RSA* rsa = NULL; + RSA* rsa_dup = NULL; + BIO* bio = NULL; + + ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb")); + ExpectNotNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); + ExpectIntEQ(RSA_size(rsa), 256); + +#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) + ExpectNull(rsa_dup = RSAPublicKey_dup(NULL)); + /* Test duplicating empty key. */ + ExpectNotNull(rsa_dup = RSA_new()); + ExpectNull(RSAPublicKey_dup(rsa_dup)); + RSA_free(rsa_dup); + rsa_dup = NULL; + ExpectNotNull(rsa_dup = RSAPublicKey_dup(rsa)); + ExpectPtrNE(rsa_dup, rsa); +#endif + + /* test if valgrind complains about unreleased memory */ + RSA_up_ref(rsa); + RSA_free(rsa); + + BIO_free(bio); + bio = NULL; + RSA_free(rsa); + rsa = NULL; + RSA_free(rsa_dup); + rsa_dup = NULL; + +#ifdef HAVE_ECC + ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); + ExpectNull((rsa = PEM_read_bio_RSAPrivateKey(bio, NULL, NULL, NULL))); + + BIO_free(bio); +#endif /* HAVE_ECC */ +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_bio_DSAKey(void) +{ + EXPECT_DECLS; +#ifndef HAVE_SELFTEST +#if (defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && !defined(NO_CERTS) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && !defined(NO_DSA) + DSA* dsa = NULL; + BIO* bio = NULL; + + /* PrivateKey */ + ExpectNotNull(bio = BIO_new_file("./certs/1024/dsa1024.pem", "rb")); + ExpectNull((dsa = PEM_read_bio_DSAPrivateKey(NULL, NULL, NULL, NULL))); + ExpectNotNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL))); + ExpectIntEQ(BN_num_bytes(dsa->g), 128); + ExpectIntEQ(PEM_write_bio_DSAPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_DSAPrivateKey(bio, dsa, NULL, NULL, 0, NULL, + NULL), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + DSA_free(dsa); + dsa = NULL; + + /* PUBKEY */ + ExpectNotNull(bio = BIO_new_file("./certs/1024/dsa-pub-1024.pem", "rb")); + ExpectNull((dsa = PEM_read_bio_DSA_PUBKEY(NULL, NULL, NULL, NULL))); + ExpectNotNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL))); + ExpectIntEQ(BN_num_bytes(dsa->g), 128); + ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_DSA_PUBKEY(bio, dsa), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + DSA_free(dsa); + dsa = NULL; + + #ifdef HAVE_ECC + /* ensure that non-dsa keys do not work */ + ExpectNotNull(bio = BIO_new_file(eccKeyFile, "rb")); /* ecc key */ + ExpectNull((dsa = PEM_read_bio_DSAPrivateKey(bio, NULL, NULL, NULL))); + ExpectNull((dsa = PEM_read_bio_DSA_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + DSA_free(dsa); + dsa = NULL; + #endif /* HAVE_ECC */ +#endif /* defined(WOLFSSL_QT) || defined(OPENSSL_ALL)) && \ + !defined(NO_CERTS) && defined(WOLFSSL_KEY_GEN) && \ + !defined(NO_FILESYSTEM) && !defined(NO_DSA) */ +#endif /* HAVE_SELFTEST */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_bio_ECKey(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) + EC_KEY* ec = NULL; + EC_KEY* ec2; + BIO* bio = NULL; +#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) + unsigned char* pem = NULL; + int pLen; +#endif + static char ec_key_bad_1[] = "-----BEGIN PUBLIC KEY-----\n" + "MAA=\n" + "-----END PUBLIC KEY-----"; + static char ec_priv_key_bad_1[] = "-----BEGIN EC PRIVATE KEY-----\n" + "MAA=\n" + "-----END EC PRIVATE KEY-----"; + + /* PrivateKey */ + ExpectNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb")); + ExpectNull((ec = PEM_read_bio_ECPrivateKey(NULL, NULL, NULL, NULL))); + ec2 = NULL; + ExpectNotNull((ec = PEM_read_bio_ECPrivateKey(bio, &ec2, NULL, NULL))); + ExpectIntEQ(ec == ec2, 1); + ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32); + ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, NULL, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_ECPrivateKey(bio, NULL, NULL, NULL, 0, NULL, + NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_bio_ECPrivateKey(NULL, ec, NULL, NULL, 0, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + /* Public key data - fail. */ + ExpectNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb")); + ExpectNull(PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_ECPrivateKey(bio, ec, NULL, NULL, 0, NULL, \ + NULL), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + + ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, NULL, NULL, NULL, 0, NULL, + NULL),WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_ECPrivateKey(stderr, NULL, NULL, NULL, 0, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_ECPrivateKey(XBADFILE, ec, NULL, NULL, 0, NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_ECPrivateKey(stderr, ec, NULL, NULL, 0, NULL, NULL), + WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, NULL, + NULL), 0); +#if defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM) + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, NULL, + NULL), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, &pem, + NULL), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, NULL, + &pLen), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(NULL, NULL, NULL, 0, &pem, + &pLen), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, NULL, + &pLen), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, &pem, + NULL), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_ECPrivateKey(ec, NULL, NULL, 0, &pem, + &pLen), 1); + ExpectIntGT(pLen, 0); + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + EC_KEY_free(ec); + ec = NULL; + + /* PUBKEY */ + ExpectNotNull(bio = BIO_new_file("./certs/ecc-client-keyPub.pem", "rb")); + ExpectNull((ec = PEM_read_bio_EC_PUBKEY(NULL, NULL, NULL, NULL))); + ec2 = NULL; + ExpectNotNull((ec = PEM_read_bio_EC_PUBKEY(bio, &ec2, NULL, NULL))); + ExpectIntEQ(ec == ec2, 1); + ExpectIntEQ(wc_ecc_size((ecc_key*)ec->internal), 32); + ExpectIntEQ(PEM_write_bio_EC_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio); + bio = NULL; + /* Test 0x30, 0x00 fails. */ + ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_key_bad_1, + sizeof(ec_key_bad_1))); + ExpectNull(PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; + + /* Private key data - fail. */ + ExpectNotNull(bio = BIO_new_file("./certs/ecc-key.pem", "rb")); + ExpectNull(PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_EC_PUBKEY(bio, ec), WOLFSSL_SUCCESS); + BIO_free(bio); + bio = NULL; + + /* Same test as above, but with a file pointer rather than a BIO. */ + ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_EC_PUBKEY(NULL, ec), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_write_EC_PUBKEY(stderr, ec), WOLFSSL_SUCCESS); + + EC_KEY_free(ec); + ec = NULL; + + #ifndef NO_RSA + /* ensure that non-ec keys do not work */ + ExpectNotNull(bio = BIO_new_file(svrKeyFile, "rb")); /* rsa key */ + ExpectNull((ec = PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL))); + ExpectNull((ec = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + EC_KEY_free(ec); + ec = NULL; + #endif /* !NO_RSA */ + /* Test 0x30, 0x00 fails. */ + ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_priv_key_bad_1, + sizeof(ec_priv_key_bad_1))); + ExpectNull(PEM_read_bio_ECPrivateKey(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_PUBKEY(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + + /* test creating new EVP_PKEY with bad arg */ + ExpectNull((pkey = PEM_read_bio_PUBKEY(NULL, NULL, NULL, NULL))); + + /* test loading ECC key using BIO */ +#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) + { + XFILE file = XBADFILE; + const char* fname = "./certs/ecc-client-keyPub.pem"; + size_t sz = 0; + byte* buf = NULL; + + EVP_PKEY* pkey2 = NULL; + EC_KEY* ec_key = NULL; + + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectIntEQ(XFSEEK(file, 0, XSEEK_END), 0); + ExpectIntGT(sz = XFTELL(file), 0); + ExpectIntEQ(XFSEEK(file, 0, XSEEK_SET), 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + if (buf != NULL) { + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + } + if (file != XBADFILE) { + XFCLOSE(file); + } + + /* Test using BIO new mem and loading PEM private key */ + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = PEM_read_bio_PUBKEY(bio, NULL, NULL, NULL))); + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull(pkey = EVP_PKEY_new()); + ExpectPtrEq(PEM_read_bio_PUBKEY(bio, &pkey, NULL, NULL), pkey); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); + BIO_free(bio); + bio = NULL; + + /* Qt unit test case*/ + ExpectNotNull(pkey2 = EVP_PKEY_new()); + ExpectNotNull(ec_key = EVP_PKEY_get1_EC_KEY(pkey)); + ExpectIntEQ(EVP_PKEY_set1_EC_KEY(pkey2, ec_key), WOLFSSL_SUCCESS); + #ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey2), 1/* match */); + #else + ExpectIntEQ(EVP_PKEY_cmp(pkey, pkey2), 0); + #endif + + EC_KEY_free(ec_key); + EVP_PKEY_free(pkey2); + EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif + + (void)bio; + (void)pkey; +#endif + return EXPECT_RESULT(); +} + +#endif /* !NO_BIO */ + +static int test_wolfSSL_tmp_dh(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && !defined(NO_DH) && !defined(NO_BIO) && \ + !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + byte buff[6000]; + static const unsigned char p[] = { + 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, 0xba, + 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5, 0x00, + 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a, 0xc6, + 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53, 0x0a, + 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84, 0xbf, + 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1, 0x8a, + 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91, 0xe6, + 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66, 0x48, + 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9, 0x3d, + 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e, 0x19, + 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d, 0x9f, + 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d, 0x2a, + 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75, 0xe6, + 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa, 0x04, + 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93, 0x38, + 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c, 0xe5, + 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35, 0x8e, + 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e, 0x5a, + 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76, 0xcc, + 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62, 0xa7, + 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0, 0x36, + 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40, 0x90, + 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a, 0xc3, + 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4, 0x48, + 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4, 0x9a, + 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90, 0xab, + 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58, 0x4b, + 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f, 0x08, + 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6, 0xb6, + 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67, 0x6b, + 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7, 0xfa, + 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f, 0x93 + }; + int pSz = (int)sizeof(p); +#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + static const unsigned char bad_p[] = { + 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, 0xba, + 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5, 0x00, + 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a, 0xc6, + 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53, 0x0a, + 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84, 0xbf, + 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1, 0x8a, + 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91, 0xe6, + 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66, 0x48, + 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9, 0x3d, + 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e, 0x19, + 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d, 0x9f, + 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d, 0x2a, + 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75, 0xe6, + 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa, 0x04, + 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93, 0x38, + 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c, 0xe5, + 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35, 0x8e, + 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e, 0x5a, + 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76, 0xcc, + 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62, 0xa7, + 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0, 0x36, + 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40, 0x90, + 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a, 0xc3, + 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4, 0x48, + 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4, 0x9a, + 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90, 0xab, + 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58, 0x4b, + 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f, 0x08, + 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6, 0xb6, + 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67, 0x6b, + 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7, 0xfa, + 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f, 0x91 + }; +#endif + static const unsigned char g[] = { 0x02 }; + int gSz = (int)sizeof(g); +#if !defined(NO_DSA) + char file[] = "./certs/dsaparams.pem"; + DSA* dsa = NULL; +#else + char file[] = "./certs/dh2048.pem"; +#endif + XFILE f = XBADFILE; + int bytes = 0; + DH* dh = NULL; + DH* dh2 = NULL; + BIO* bio = NULL; + SSL* ssl = NULL; + SSL_CTX* ctx = NULL; +#ifndef NO_WOLFSSL_CLIENT + SSL* ssl_c = NULL; + SSL_CTX* ctx_c = NULL; +#endif + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(ssl = SSL_new(ctx)); +#endif +#ifndef NO_WOLFSSL_CLIENT + ExpectNotNull(ctx_c = SSL_CTX_new(wolfSSLv23_client_method())); + ExpectTrue(SSL_CTX_use_certificate_file(ctx_c, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx_c, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(ssl_c = SSL_new(ctx_c)); +#ifdef NO_WOLFSSL_SERVER + ctx = ctx_c; + ssl = ssl_c; +#endif +#endif + + XMEMSET(buff, 0, sizeof(buff)); + ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectNotNull(bio = BIO_new_mem_buf((void*)buff, bytes)); + +#if !defined(NO_DSA) + dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL); + ExpectNotNull(dsa); + + dh = wolfSSL_DSA_dup_DH(dsa); +#else + dh = wolfSSL_PEM_read_bio_DHparams(bio, NULL, NULL, NULL); +#endif + ExpectNotNull(dh); +#if defined(WOLFSSL_DH_EXTRA) && \ + (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH)) + ExpectNotNull(dh2 = wolfSSL_DH_dup(dh)); + DH_free(dh2); + dh2 = NULL; +#endif + + /* Failure cases */ + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, NULL, 0, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , NULL, 0, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, p , 0, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, NULL, 0, g , 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , p , 0, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , NULL, 0, g , 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(NULL, p , 0, g , 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , p , 1, g , 1), + WC_NO_ERR_TRACE(DH_KEY_SIZE_E)); + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx , buff, 6000, g , 1), + WC_NO_ERR_TRACE(DH_KEY_SIZE_E)); +#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx, bad_p, pSz, g, gSz), + WC_NO_ERR_TRACE(DH_CHECK_PUB_E)); +#endif + ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, NULL, 0, NULL, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , NULL, 0, NULL, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, p , 0, NULL, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, NULL, 0, g , 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , p , 0, NULL, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , NULL, 0, g , 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ((int)wolfSSL_SetTmpDH(NULL, p , 0, g , 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , p , 1, g , 1), + WC_NO_ERR_TRACE(DH_KEY_SIZE_E)); + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl , buff, 6000, g , 1), + WC_NO_ERR_TRACE(DH_KEY_SIZE_E)); +#if !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) +#ifndef NO_WOLFSSL_SERVER + /* Parameters will be tested later so it passes now. */ + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl, bad_p, pSz, g, gSz), + WOLFSSL_SUCCESS); +#endif +#endif +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ((int)wolfSSL_SetTmpDH(ssl_c, p, pSz, g, gSz), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif + ExpectIntEQ((int)SSL_CTX_set_tmp_dh(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx , NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ((int)SSL_CTX_set_tmp_dh(NULL, dh ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ((int)SSL_set_tmp_dh(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ((int)SSL_set_tmp_dh(ssl , NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ((int)SSL_set_tmp_dh(NULL, dh ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* No p/g to use. */ + dh2 = wolfSSL_DH_new(); + ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx , dh2 ), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ((int)SSL_set_tmp_dh(ssl , dh2 ), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + DH_free(dh2); + dh2 = NULL; + + ExpectIntEQ((int)wolfSSL_CTX_SetTmpDH(ctx, p, pSz, g, gSz), + WOLFSSL_SUCCESS); + ExpectIntEQ((int)SSL_CTX_set_tmp_dh(ctx, dh), WOLFSSL_SUCCESS); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ((int)SSL_set_tmp_dh(ssl, dh), WOLFSSL_SUCCESS); +#else + ExpectIntEQ((int)SSL_set_tmp_dh(ssl, dh), WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif + + BIO_free(bio); +#if !defined(NO_DSA) + DSA_free(dsa); +#endif + DH_free(dh); + dh = NULL; +#ifndef NO_WOLFSSL_CLIENT + if (ssl != ssl_c) { + SSL_free(ssl_c); + } +#endif + SSL_free(ssl); +#ifndef NO_WOLFSSL_CLIENT + if (ctx != ctx_c) { + SSL_CTX_free(ctx_c); + } +#endif + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_ctrl(void) +{ + EXPECT_DECLS; +#if defined (OPENSSL_EXTRA) && !defined(NO_BIO) + byte buff[6000]; + BIO* bio = NULL; + int bytes; + BUF_MEM* ptr = NULL; + + XMEMSET(buff, 0, sizeof(buff)); + + bytes = sizeof(buff); + ExpectNotNull(bio = BIO_new_mem_buf((void*)buff, bytes)); + ExpectNotNull(BIO_s_socket()); + + ExpectIntEQ((int)wolfSSL_BIO_get_mem_ptr(bio, &ptr), WOLFSSL_SUCCESS); + + /* needs tested after stubs filled out @TODO + SSL_ctrl + SSL_CTX_ctrl + */ + + BIO_free(bio); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_BIO) */ + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_EVP_PKEY_new_mac_key(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + static const unsigned char pw[] = "password"; + static const int pwSz = sizeof(pw) - 1; + size_t checkPwSz = 0; + const unsigned char* checkPw = NULL; + WOLFSSL_EVP_PKEY* key = NULL; + + ExpectNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, pw, pwSz)); + ExpectNull(key = wolfSSL_EVP_PKEY_new_mac_key(0, NULL, NULL, pwSz)); + + ExpectNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, + pwSz)); + if (key != NULL) { + ExpectIntEQ(key->type, EVP_PKEY_HMAC); + ExpectIntEQ(key->save_type, EVP_PKEY_HMAC); + ExpectIntEQ(key->pkey_sz, pwSz); + ExpectIntEQ(XMEMCMP(key->pkey.ptr, pw, pwSz), 0); + } + ExpectNotNull(checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz)); + ExpectIntEQ((int)checkPwSz, pwSz); + ExpectIntEQ(XMEMCMP(checkPw, pw, pwSz), 0); + wolfSSL_EVP_PKEY_free(key); + key = NULL; + + ExpectNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, pw, + 0)); + ExpectIntEQ(key->pkey_sz, 0); + if (EXPECT_SUCCESS()) { + /* Allocation for key->pkey.ptr may fail - OK key len is 0 */ + checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz); + } + ExpectTrue((checkPwSz == 0) || (checkPw != NULL)); + ExpectIntEQ((int)checkPwSz, 0); + wolfSSL_EVP_PKEY_free(key); + key = NULL; + + ExpectNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, NULL, + 0)); + ExpectIntEQ(key->pkey_sz, 0); + if (EXPECT_SUCCESS()) { + /* Allocation for key->pkey.ptr may fail - OK key len is 0 */ + checkPw = wolfSSL_EVP_PKEY_get0_hmac(key, &checkPwSz); + } + ExpectTrue((checkPwSz == 0) || (checkPw != NULL)); + ExpectIntEQ((int)checkPwSz, 0); + wolfSSL_EVP_PKEY_free(key); + key = NULL; +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_EVP_PKEY_new_CMAC_key(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && \ + defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_128) + const char *priv = "ABCDEFGHIJKLMNOP"; + const WOLFSSL_EVP_CIPHER* cipher = EVP_aes_128_cbc(); + WOLFSSL_EVP_PKEY* key = NULL; + + ExpectNull(key = wolfSSL_EVP_PKEY_new_CMAC_key( + NULL, NULL, AES_128_KEY_SIZE, cipher)); + ExpectNull(key = wolfSSL_EVP_PKEY_new_CMAC_key( + NULL, (const unsigned char *)priv, 0, cipher)); + ExpectNull(key = wolfSSL_EVP_PKEY_new_CMAC_key( + NULL, (const unsigned char *)priv, AES_128_KEY_SIZE, NULL)); + + ExpectNotNull(key = wolfSSL_EVP_PKEY_new_CMAC_key( + NULL, (const unsigned char *)priv, AES_128_KEY_SIZE, cipher)); + wolfSSL_EVP_PKEY_free(key); +#endif /* WOLFSSL_CMAC && !NO_AES && WOLFSSL_AES_DIRECT && WOLFSSL_AES_128 */ +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_Digest(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_PWDBASED) + const char* in = "abc"; + int inLen = (int)XSTRLEN(in); + byte out[WC_SHA256_DIGEST_SIZE]; + unsigned int outLen; + const char* expOut = + "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" + "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" + "\x15\xAD"; + + ExpectIntEQ(wolfSSL_EVP_Digest((unsigned char*)in, inLen, out, &outLen, + "SHA256", NULL), 1); + ExpectIntEQ(outLen, WC_SHA256_DIGEST_SIZE); + ExpectIntEQ(XMEMCMP(out, expOut, WC_SHA256_DIGEST_SIZE), 0); +#endif /* OPEN_EXTRA && ! NO_SHA256 */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_Digest_all(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + const char* digests[] = { +#ifndef NO_MD5 + "MD5", +#endif +#ifndef NO_SHA + "SHA", +#endif +#ifdef WOLFSSL_SHA224 + "SHA224", +#endif +#ifndef NO_SHA256 + "SHA256", +#endif +#ifdef WOLFSSL_SHA384 + "SHA384", +#endif +#ifdef WOLFSSL_SHA512 + "SHA512", +#endif +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + "SHA512-224", +#endif +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + "SHA512-256", +#endif +#ifdef WOLFSSL_SHA3 +#ifndef WOLFSSL_NOSHA3_224 + "SHA3-224", +#endif +#ifndef WOLFSSL_NOSHA3_256 + "SHA3-256", +#endif + "SHA3-384", +#ifndef WOLFSSL_NOSHA3_512 + "SHA3-512", +#endif +#endif /* WOLFSSL_SHA3 */ + NULL + }; + const char** d; + const unsigned char in[] = "abc"; + int inLen = XSTR_SIZEOF(in); + byte out[WC_MAX_DIGEST_SIZE]; + unsigned int outLen; + + for (d = digests; *d != NULL; d++) { + ExpectIntEQ(EVP_Digest(in, inLen, out, &outLen, *d, NULL), 1); + ExpectIntGT(outLen, 0); + ExpectIntEQ(EVP_MD_size(*d), outLen); + } +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_MD_size(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + WOLFSSL_EVP_MD_CTX mdCtx; + +#ifdef WOLFSSL_SHA3 +#ifndef WOLFSSL_NOSHA3_224 + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-224"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_224_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_224_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); +#endif +#ifndef WOLFSSL_NOSHA3_256 + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-256"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_256_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_256_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); +#endif + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-384"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_384_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_384_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); +#ifndef WOLFSSL_NOSHA3_512 + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA3-512"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA3_512_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA3_512_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); +#endif +#endif /* WOLFSSL_SHA3 */ + +#ifndef NO_SHA256 + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA256"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA256_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA256_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA256_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA256_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + +#endif + +#ifndef NO_MD5 + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "MD5"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_MD5_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_MD5_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_MD5_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_MD5_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + +#endif + +#ifdef WOLFSSL_SHA224 + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA224"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA224_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA224_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA224_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA224_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + +#endif + +#ifdef WOLFSSL_SHA384 + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA384"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA384_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA384_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA384_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA384_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + +#endif + +#ifdef WOLFSSL_SHA512 + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA512"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA512_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA512_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA512_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA512_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + +#endif + +#ifndef NO_SHA + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, "SHA1"), 1); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_block_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), + WC_SHA_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_size(&mdCtx), WC_SHA_DIGEST_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), WC_SHA_BLOCK_SIZE); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); +#endif + /* error case */ + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, ""), 0); + ExpectIntEQ(wolfSSL_EVP_MD_size(wolfSSL_EVP_MD_CTX_md(&mdCtx)), 0); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_block_size(&mdCtx), 0); + /* Cleanup is valid on uninit'ed struct */ + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_MD_pkey_type(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + const WOLFSSL_EVP_MD* md; + +#ifndef NO_MD5 + ExpectNotNull(md = EVP_md5()); + ExpectIntEQ(EVP_MD_pkey_type(md), NID_md5WithRSAEncryption); +#endif +#ifndef NO_SHA + ExpectNotNull(md = EVP_sha1()); + ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha1WithRSAEncryption); +#endif +#ifdef WOLFSSL_SHA224 + ExpectNotNull(md = EVP_sha224()); + ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha224WithRSAEncryption); +#endif + ExpectNotNull(md = EVP_sha256()); + ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha256WithRSAEncryption); +#ifdef WOLFSSL_SHA384 + ExpectNotNull(md = EVP_sha384()); + ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha384WithRSAEncryption); +#endif +#ifdef WOLFSSL_SHA512 + ExpectNotNull(md = EVP_sha512()); + ExpectIntEQ(EVP_MD_pkey_type(md), NID_sha512WithRSAEncryption); +#endif +#endif + return EXPECT_RESULT(); +} + +#ifdef OPENSSL_EXTRA +static int test_hmac_signing(const WOLFSSL_EVP_MD *type, const byte* testKey, + size_t testKeySz, const char* testData, size_t testDataSz, + const byte* testResult, size_t testResultSz) +{ + EXPECT_DECLS; + unsigned char check[WC_MAX_DIGEST_SIZE]; + size_t checkSz = 0; + WOLFSSL_EVP_PKEY* key = NULL; + WOLFSSL_EVP_MD_CTX mdCtx; + + ExpectNotNull(key = wolfSSL_EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, + testKey, (int)testKeySz)); + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, + (unsigned int)testDataSz), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); + ExpectIntEQ((int)checkSz, (int)testResultSz); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ExpectIntEQ((int)checkSz,(int)testResultSz); + ExpectIntEQ(XMEMCMP(testResult, check, testResultSz), 0); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + + ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, + (unsigned int)testDataSz), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1); + + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, type, NULL, key), 1); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); + ExpectIntEQ((int)checkSz, (int)testResultSz); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ExpectIntEQ((int)checkSz,(int)testResultSz); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4, + (unsigned int)testDataSz - 4), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ExpectIntEQ((int)checkSz,(int)testResultSz); + ExpectIntEQ(XMEMCMP(testResult, check, testResultSz), 0); + + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, type, NULL, key), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4, + (unsigned int)testDataSz - 4), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, testResult, checkSz), 1); + + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + + wolfSSL_EVP_PKEY_free(key); + + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_EVP_MD_hmac_signing(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + static const unsigned char testKey[] = + { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b + }; + static const char testData[] = "Hi There"; +#ifdef WOLFSSL_SHA224 + static const unsigned char testResultSha224[] = + { + 0x89, 0x6f, 0xb1, 0x12, 0x8a, 0xbb, 0xdf, 0x19, + 0x68, 0x32, 0x10, 0x7c, 0xd4, 0x9d, 0xf3, 0x3f, + 0x47, 0xb4, 0xb1, 0x16, 0x99, 0x12, 0xba, 0x4f, + 0x53, 0x68, 0x4b, 0x22 + }; +#endif +#ifndef NO_SHA256 + static const unsigned char testResultSha256[] = + { + 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, + 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, + 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, + 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 + }; +#endif +#ifdef WOLFSSL_SHA384 + static const unsigned char testResultSha384[] = + { + 0xaf, 0xd0, 0x39, 0x44, 0xd8, 0x48, 0x95, 0x62, + 0x6b, 0x08, 0x25, 0xf4, 0xab, 0x46, 0x90, 0x7f, + 0x15, 0xf9, 0xda, 0xdb, 0xe4, 0x10, 0x1e, 0xc6, + 0x82, 0xaa, 0x03, 0x4c, 0x7c, 0xeb, 0xc5, 0x9c, + 0xfa, 0xea, 0x9e, 0xa9, 0x07, 0x6e, 0xde, 0x7f, + 0x4a, 0xf1, 0x52, 0xe8, 0xb2, 0xfa, 0x9c, 0xb6 + }; +#endif +#ifdef WOLFSSL_SHA512 + static const unsigned char testResultSha512[] = + { + 0x87, 0xaa, 0x7c, 0xde, 0xa5, 0xef, 0x61, 0x9d, + 0x4f, 0xf0, 0xb4, 0x24, 0x1a, 0x1d, 0x6c, 0xb0, + 0x23, 0x79, 0xf4, 0xe2, 0xce, 0x4e, 0xc2, 0x78, + 0x7a, 0xd0, 0xb3, 0x05, 0x45, 0xe1, 0x7c, 0xde, + 0xda, 0xa8, 0x33, 0xb7, 0xd6, 0xb8, 0xa7, 0x02, + 0x03, 0x8b, 0x27, 0x4e, 0xae, 0xa3, 0xf4, 0xe4, + 0xbe, 0x9d, 0x91, 0x4e, 0xeb, 0x61, 0xf1, 0x70, + 0x2e, 0x69, 0x6c, 0x20, 0x3a, 0x12, 0x68, 0x54 + }; +#endif +#ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + static const unsigned char testResultSha3_224[] = + { + 0x3b, 0x16, 0x54, 0x6b, 0xbc, 0x7b, 0xe2, 0x70, + 0x6a, 0x03, 0x1d, 0xca, 0xfd, 0x56, 0x37, 0x3d, + 0x98, 0x84, 0x36, 0x76, 0x41, 0xd8, 0xc5, 0x9a, + 0xf3, 0xc8, 0x60, 0xf7 + }; + #endif + #ifndef WOLFSSL_NOSHA3_256 + static const unsigned char testResultSha3_256[] = + { + 0xba, 0x85, 0x19, 0x23, 0x10, 0xdf, 0xfa, 0x96, + 0xe2, 0xa3, 0xa4, 0x0e, 0x69, 0x77, 0x43, 0x51, + 0x14, 0x0b, 0xb7, 0x18, 0x5e, 0x12, 0x02, 0xcd, + 0xcc, 0x91, 0x75, 0x89, 0xf9, 0x5e, 0x16, 0xbb + }; + #endif + #ifndef WOLFSSL_NOSHA3_384 + static const unsigned char testResultSha3_384[] = + { + 0x68, 0xd2, 0xdc, 0xf7, 0xfd, 0x4d, 0xdd, 0x0a, + 0x22, 0x40, 0xc8, 0xa4, 0x37, 0x30, 0x5f, 0x61, + 0xfb, 0x73, 0x34, 0xcf, 0xb5, 0xd0, 0x22, 0x6e, + 0x1b, 0xc2, 0x7d, 0xc1, 0x0a, 0x2e, 0x72, 0x3a, + 0x20, 0xd3, 0x70, 0xb4, 0x77, 0x43, 0x13, 0x0e, + 0x26, 0xac, 0x7e, 0x3d, 0x53, 0x28, 0x86, 0xbd + }; + #endif + #ifndef WOLFSSL_NOSHA3_512 + static const unsigned char testResultSha3_512[] = + { + 0xeb, 0x3f, 0xbd, 0x4b, 0x2e, 0xaa, 0xb8, 0xf5, + 0xc5, 0x04, 0xbd, 0x3a, 0x41, 0x46, 0x5a, 0xac, + 0xec, 0x15, 0x77, 0x0a, 0x7c, 0xab, 0xac, 0x53, + 0x1e, 0x48, 0x2f, 0x86, 0x0b, 0x5e, 0xc7, 0xba, + 0x47, 0xcc, 0xb2, 0xc6, 0xf2, 0xaf, 0xce, 0x8f, + 0x88, 0xd2, 0x2b, 0x6d, 0xc6, 0x13, 0x80, 0xf2, + 0x3a, 0x66, 0x8f, 0xd3, 0x88, 0x8b, 0xb8, 0x05, + 0x37, 0xc0, 0xa0, 0xb8, 0x64, 0x07, 0x68, 0x9e + }; + #endif +#endif + +#ifndef NO_SHA256 + ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha256(), testKey, + sizeof(testKey), testData, XSTRLEN(testData), testResultSha256, + sizeof(testResultSha256)), TEST_SUCCESS); +#endif +#ifdef WOLFSSL_SHA224 + ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha224(), testKey, + sizeof(testKey), testData, XSTRLEN(testData), testResultSha224, + sizeof(testResultSha224)), TEST_SUCCESS); +#endif +#ifdef WOLFSSL_SHA384 + ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha384(), testKey, + sizeof(testKey), testData, XSTRLEN(testData), testResultSha384, + sizeof(testResultSha384)), TEST_SUCCESS); +#endif +#ifdef WOLFSSL_SHA512 + ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha512(), testKey, + sizeof(testKey), testData, XSTRLEN(testData), testResultSha512, + sizeof(testResultSha512)), TEST_SUCCESS); +#endif +#ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha3_224(), testKey, + sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_224, + sizeof(testResultSha3_224)), TEST_SUCCESS); + #endif + #ifndef WOLFSSL_NOSHA3_256 + ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha3_256(), testKey, + sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_256, + sizeof(testResultSha3_256)), TEST_SUCCESS); + #endif + #ifndef WOLFSSL_NOSHA3_384 + ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha3_384(), testKey, + sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_384, + sizeof(testResultSha3_384)), TEST_SUCCESS); + #endif + #ifndef WOLFSSL_NOSHA3_512 + ExpectIntEQ(test_hmac_signing(wolfSSL_EVP_sha3_512(), testKey, + sizeof(testKey), testData, XSTRLEN(testData), testResultSha3_512, + sizeof(testResultSha3_512)), TEST_SUCCESS); + #endif +#endif +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_EVP_MD_rsa_signing(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) + WOLFSSL_EVP_PKEY* privKey = NULL; + WOLFSSL_EVP_PKEY* pubKey = NULL; + WOLFSSL_EVP_PKEY_CTX* keyCtx = NULL; + const char testData[] = "Hi There"; + WOLFSSL_EVP_MD_CTX mdCtx; + WOLFSSL_EVP_MD_CTX mdCtxCopy; + int ret; + size_t checkSz = -1; + int sz = 2048 / 8; + const unsigned char* cp; + const unsigned char* p; + unsigned char check[2048/8]; + size_t i; + int paddings[] = { + RSA_PKCS1_PADDING, +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && defined(WC_RSA_PSS) + RSA_PKCS1_PSS_PADDING, +#endif + }; + + + cp = client_key_der_2048; + ExpectNotNull((privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &cp, + sizeof_client_key_der_2048))); + p = client_keypub_der_2048; + ExpectNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p, + sizeof_client_keypub_der_2048))); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + wolfSSL_EVP_MD_CTX_init(&mdCtxCopy); + ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), + NULL, privKey), 1); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); + ExpectIntEQ((int)checkSz, sz); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ExpectIntEQ((int)checkSz,sz); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_copy_ex(&mdCtxCopy, &mdCtx), 1); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_copy_ex(&mdCtxCopy, &mdCtx), 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtxCopy); + ExpectIntEQ(ret, 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), + NULL, pubKey), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)), + 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), + NULL, privKey), 1); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); + ExpectIntEQ((int)checkSz, sz); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ExpectIntEQ((int)checkSz, sz); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4, + (unsigned int)XSTRLEN(testData) - 4), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ExpectIntEQ((int)checkSz, sz); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), + NULL, pubKey), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4, + (unsigned int)XSTRLEN(testData) - 4), + 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + /* Check all signing padding types */ + for (i = 0; i < sizeof(paddings)/sizeof(int); i++) { + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, &keyCtx, + wolfSSL_EVP_sha256(), NULL, privKey), 1); + ExpectIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx, + paddings[i]), 1); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); + ExpectIntEQ((int)checkSz, sz); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ExpectIntEQ((int)checkSz,sz); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, &keyCtx, + wolfSSL_EVP_sha256(), NULL, pubKey), 1); + ExpectIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_padding(keyCtx, + paddings[i]), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + } + + wolfSSL_EVP_PKEY_free(pubKey); + wolfSSL_EVP_PKEY_free(privKey); +#endif + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_EVP_MD_ecc_signing(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + WOLFSSL_EVP_PKEY* privKey = NULL; + WOLFSSL_EVP_PKEY* pubKey = NULL; + const char testData[] = "Hi There"; + WOLFSSL_EVP_MD_CTX mdCtx; + int ret; + const unsigned char* cp; + const unsigned char* p; + unsigned char check[2048/8]; + size_t checkSz = sizeof(check); + + XMEMSET(check, 0, sizeof(check)); + + cp = ecc_clikey_der_256; + ExpectNotNull(privKey = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &cp, + sizeof_ecc_clikey_der_256)); + p = ecc_clikeypub_der_256; + ExpectNotNull((pubKey = wolfSSL_d2i_PUBKEY(NULL, &p, + sizeof_ecc_clikeypub_der_256))); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), + NULL, privKey), 1); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), + NULL, pubKey), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)), + 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), + NULL, privKey), 1); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData, 4), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, NULL, &checkSz), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ExpectIntEQ(wolfSSL_EVP_DigestSignUpdate(&mdCtx, testData + 4, + (unsigned int)XSTRLEN(testData) - 4), 1); + checkSz = sizeof(check); + ExpectIntEQ(wolfSSL_EVP_DigestSignFinal(&mdCtx, check, &checkSz), 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), + NULL, pubKey), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData, 4), 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyUpdate(&mdCtx, testData + 4, + (unsigned int)XSTRLEN(testData) - 4), + 1); + ExpectIntEQ(wolfSSL_EVP_DigestVerifyFinal(&mdCtx, check, checkSz), 1); + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + ExpectIntEQ(ret, 1); + + wolfSSL_EVP_PKEY_free(pubKey); + wolfSSL_EVP_PKEY_free(privKey); +#endif + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_CTX_add_extra_chain_cert(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) + char caFile[] = "./certs/client-ca.pem"; + char clientFile[] = "./certs/client-cert.pem"; + SSL_CTX* ctx = NULL; + X509* x509 = NULL; + BIO *bio = NULL; + X509 *cert = NULL; + X509 *ca = NULL; + STACK_OF(X509) *chain = NULL; + STACK_OF(X509) *chain2 = NULL; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caFile, + WOLFSSL_FILETYPE_PEM)); + + /* Negative tests. */ + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(NULL, x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS); + + ExpectNotNull(x509 = wolfSSL_X509_new()); + /* Empty certificate. */ + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(clientFile, + WOLFSSL_FILETYPE_PEM)); + + /* additional test of getting EVP_PKEY key size from X509 + * Do not run with user RSA because wolfSSL_RSA_size is not currently + * allowed with user RSA */ + { + EVP_PKEY* pkey = NULL; + #if defined(HAVE_ECC) + X509* ecX509 = NULL; + #endif /* HAVE_ECC */ + + ExpectNotNull(pkey = X509_get_pubkey(x509)); + /* current RSA key is 2048 bit (256 bytes) */ + ExpectIntEQ(EVP_PKEY_size(pkey), 256); + + EVP_PKEY_free(pkey); + pkey = NULL; + +#if defined(HAVE_ECC) + #if defined(USE_CERT_BUFFERS_256) + ExpectNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer( + cliecc_cert_der_256, sizeof_cliecc_cert_der_256, + SSL_FILETYPE_ASN1)); + #else + ExpectNotNull(ecX509 = wolfSSL_X509_load_certificate_file( + cliEccCertFile, SSL_FILETYPE_PEM)); + #endif + pkey = X509_get_pubkey(ecX509); + ExpectNotNull(pkey); + /* current ECC key is 256 bit (32 bytes) */ + ExpectIntGE(EVP_PKEY_size(pkey), 72); + + X509_free(ecX509); + ecX509 = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; +#endif /* HAVE_ECC */ + } + + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), SSL_SUCCESS); + if (EXPECT_SUCCESS()) { + x509 = NULL; + } + +#ifdef WOLFSSL_ENCRYPTED_KEYS + ExpectNull(SSL_CTX_get_default_passwd_cb(ctx)); + ExpectNull(SSL_CTX_get_default_passwd_cb_userdata(ctx)); +#endif + SSL_CTX_free(ctx); + ctx = NULL; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); +#endif + /* Test haproxy use case */ + ExpectNotNull(bio = BIO_new_file(svrCertFile, "r")); + /* Read Certificate */ + ExpectNotNull(cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); + ExpectNotNull(ca = PEM_read_bio_X509(bio, NULL, NULL, NULL)); + ExpectNotNull(chain = sk_X509_new_null()); + ExpectIntEQ(sk_X509_push(chain, ca), 1); + if (EXPECT_SUCCESS()) { + ca = NULL; + } + ExpectNotNull(chain2 = X509_chain_up_ref(chain)); + ExpectNotNull(ca = sk_X509_shift(chain2)); + ExpectIntEQ(SSL_CTX_use_certificate(ctx, cert), 1); + ExpectIntEQ(SSL_CTX_add_extra_chain_cert(ctx, ca), 1); + if (EXPECT_SUCCESS()) { + ca = NULL; + } + + BIO_free(bio); + X509_free(cert); + X509_free(ca); + X509_free(x509); + sk_X509_pop_free(chain, X509_free); + sk_X509_pop_free(chain2, X509_free); + SSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined (NO_BIO) */ + return EXPECT_RESULT(); +} + +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) +static int test_wolfSSL_ERR_peek_last_error_line(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL) && \ + !defined(NO_OLD_TLS) && !defined(WOLFSSL_NO_TLS12) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_ERROR_QUEUE) + callback_functions client_cb; + callback_functions server_cb; + int line = 0; + int flag = ERR_TXT_STRING; + const char* file = NULL; + const char* data = NULL; + + /* create a failed connection and inspect the error */ + XMEMSET(&client_cb, 0, sizeof(callback_functions)); + XMEMSET(&server_cb, 0, sizeof(callback_functions)); + client_cb.method = wolfTLSv1_1_client_method; + server_cb.method = wolfTLSv1_2_server_method; + + test_wolfSSL_client_server_nofail(&client_cb, &server_cb); + + ExpectIntGT(ERR_get_error_line_data(NULL, NULL, &data, &flag), 0); + ExpectNotNull(data); + + /* check clearing error state */ + ERR_remove_state(0); + ExpectIntEQ((int)ERR_peek_last_error_line(NULL, NULL), 0); + ERR_peek_last_error_line(NULL, &line); + ExpectIntEQ(line, 0); + ERR_peek_last_error_line(&file, NULL); + ExpectNull(file); + + /* retry connection to fill error queue */ + XMEMSET(&client_cb, 0, sizeof(callback_functions)); + XMEMSET(&server_cb, 0, sizeof(callback_functions)); + client_cb.method = wolfTLSv1_1_client_method; + server_cb.method = wolfTLSv1_2_server_method; + + test_wolfSSL_client_server_nofail(&client_cb, &server_cb); + + /* check that error code was stored */ + ExpectIntNE((int)ERR_peek_last_error_line(NULL, NULL), 0); + ERR_peek_last_error_line(NULL, &line); + ExpectIntNE(line, 0); + ERR_peek_last_error_line(&file, NULL); + ExpectNotNull(file); + + fprintf(stderr, "\nTesting error print out\n"); + ERR_print_errors_fp(stderr); + fprintf(stderr, "Done testing print out\n\n"); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && + * !defined(NO_FILESYSTEM) && !defined(DEBUG_WOLFSSL) */ + return EXPECT_RESULT(); +} +#endif /* !NO_WOLFSSL_CLIENT && !NO_WOLFSSL_SERVER */ + +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) +static int verify_cb(int ok, X509_STORE_CTX *ctx) +{ + (void) ok; + (void) ctx; + fprintf(stderr, "ENTER verify_cb\n"); + return SSL_SUCCESS; +} +#endif + +static int test_wolfSSL_X509_Name_canon(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_SHA) && \ + defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && !defined(NO_RSA) + const long ex_hash1 = 0x0fdb2da4; + const long ex_hash2 = 0x9f3e8c9e; + X509_NAME *name = NULL; + X509 *x509 = NULL; + XFILE file = XBADFILE; + unsigned long hash = 0; + byte digest[WC_MAX_DIGEST_SIZE] = {0}; + byte *pbuf = NULL; + word32 len = 0; + (void) ex_hash2; + + ExpectTrue((file = XFOPEN(caCertFile, "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); + ExpectNotNull(name = X509_get_issuer_name(x509)); + + /* When output buffer is NULL, should return necessary output buffer + * length.*/ + ExpectIntEQ(wolfSSL_i2d_X509_NAME_canon(NULL, NULL), BAD_FUNC_ARG); + ExpectIntGT(wolfSSL_i2d_X509_NAME_canon(name, NULL), 0); + ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); + ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); + + hash = (((unsigned long)digest[3] << 24) | + ((unsigned long)digest[2] << 16) | + ((unsigned long)digest[1] << 8) | + ((unsigned long)digest[0])); + ExpectIntEQ(hash, ex_hash1); + + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + X509_free(x509); + x509 = NULL; + XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL); + pbuf = NULL; + + ExpectTrue((file = XFOPEN(cliCertFile, "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(file, NULL, NULL, NULL)); + ExpectNotNull(name = X509_get_issuer_name(x509)); + + ExpectIntGT((len = (word32)wolfSSL_i2d_X509_NAME_canon(name, &pbuf)), 0); + ExpectIntEQ(wc_ShaHash((const byte*)pbuf, (word32)len, digest), 0); + + hash = (((unsigned long)digest[3] << 24) | + ((unsigned long)digest[2] << 16) | + ((unsigned long)digest[1] << 8) | + ((unsigned long)digest[0])); + + ExpectIntEQ(hash, ex_hash2); + + if (file != XBADFILE) + XFCLOSE(file); + X509_free(x509); + XFREE(pbuf, NULL, DYNAMIC_TYPE_OPENSSL); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_LOOKUP_ctrl_hash_dir(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) + const int MAX_DIR = 4; + const char paths[][32] = { + "./certs/ed25519", + "./certs/ecc", + "./certs/crl", + "./certs/", + }; + + char CertCrl_path[MAX_FILENAME_SZ]; + char *p; + X509_STORE* str = NULL; + X509_LOOKUP* lookup = NULL; + WOLFSSL_STACK* sk = NULL; + int len, total_len, i; + + (void)sk; + + XMEMSET(CertCrl_path, 0, MAX_FILENAME_SZ); + + /* illegal string */ + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "", + SSL_FILETYPE_PEM, NULL), 0); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_STORE, "", + SSL_FILETYPE_PEM, NULL), WOLFSSL_NOT_IMPLEMENTED); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_LOAD_STORE, "", + SSL_FILETYPE_PEM, NULL), WOLFSSL_NOT_IMPLEMENTED); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, 0, "", + SSL_FILETYPE_PEM, NULL), WOLFSSL_FAILURE); + + /* free store */ + X509_STORE_free(str); + str = NULL; + + /* short folder string */ + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, "./", + SSL_FILETYPE_PEM,NULL), 1); + #if defined(WOLFSSL_INT_H) + /* only available when including internal.h */ + ExpectNotNull(sk = lookup->dirs->dir_entry); + #endif + /* free store */ + X509_STORE_free(str); + str = NULL; + + /* typical function check */ + p = &CertCrl_path[0]; + total_len = 0; + + for (i = MAX_DIR - 1; i>=0 && total_len < MAX_FILENAME_SZ; i--) { + len = (int)XSTRLEN((const char*)&paths[i]); + total_len += len; + XSTRNCPY(p, paths[i], MAX_FILENAME_SZ - total_len); + p += len; + if (i != 0) *(p++) = SEPARATOR_CHAR; + } + + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, CertCrl_path, + SSL_FILETYPE_PEM,NULL), 1); + #if defined(WOLFSSL_INT_H) + /* only available when including internal.h */ + ExpectNotNull(sk = lookup->dirs->dir_entry); + #endif + + X509_STORE_free(str); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_LOOKUP_ctrl_file(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + defined(WOLFSSL_SIGNER_DER_CERT) + X509_STORE_CTX* ctx = NULL; + X509_STORE* str = NULL; + X509_LOOKUP* lookup = NULL; + + X509* cert1 = NULL; + X509* x509Ca = NULL; + X509* x509Svr = NULL; + X509* issuer = NULL; + + WOLFSSL_STACK* sk = NULL; + X509_NAME* caName = NULL; + X509_NAME* issuerName = NULL; + + XFILE file1 = XBADFILE; + int i; + int cert_count = 0; + int cmp; + + char der[] = "certs/ca-cert.der"; + +#ifdef HAVE_CRL + char pem[][100] = { + "./certs/crl/crl.pem", + "./certs/crl/crl2.pem", + "./certs/crl/caEccCrl.pem", + "./certs/crl/eccCliCRL.pem", + "./certs/crl/eccSrvCRL.pem", + "" + }; +#endif + ExpectTrue((file1 = XFOPEN("./certs/ca-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); + if (file1 != XBADFILE) + XFCLOSE(file1); + + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, NULL, + WOLFSSL_FILETYPE_PEM), 0); + ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(lookup, NULL, + WOLFSSL_FILETYPE_PEM), 0); + ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, caCertFile, + WOLFSSL_FILETYPE_PEM), 0); + ExpectIntEQ(wolfSSL_X509_load_cert_crl_file(NULL, der , + WOLFSSL_FILETYPE_PEM), 0); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, + SSL_FILETYPE_PEM,NULL), 1); + ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); + ExpectIntEQ((cert_count = sk_X509_num(sk)), 1); + + /* check if CA cert is loaded into the store */ + for (i = 0; i < cert_count; i++) { + x509Ca = sk_X509_value(sk, i); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); + } + + ExpectNotNull((x509Svr = + wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); + + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); + + ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL)); + issuer = X509_STORE_CTX_get0_current_issuer(ctx); + ExpectNull(issuer); + + ExpectIntEQ(X509_verify_cert(ctx), 1); + + issuer = X509_STORE_CTX_get0_current_issuer(ctx); + ExpectNotNull(issuer); + caName = X509_get_subject_name(x509Ca); + ExpectNotNull(caName); + issuerName = X509_get_subject_name(issuer); + ExpectNotNull(issuerName); + cmp = X509_NAME_cmp(caName, issuerName); + ExpectIntEQ(cmp, 0); + + /* load der format */ + issuer = NULL; + X509_STORE_CTX_free(ctx); + ctx = NULL; + X509_STORE_free(str); + str = NULL; + sk_X509_pop_free(sk, NULL); + sk = NULL; + X509_free(x509Svr); + x509Svr = NULL; + + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, der, + SSL_FILETYPE_ASN1,NULL), 1); + ExpectNotNull(sk = wolfSSL_CertManagerGetCerts(str->cm)); + ExpectIntEQ((cert_count = sk_X509_num(sk)), 1); + /* check if CA cert is loaded into the store */ + for (i = 0; i < cert_count; i++) { + x509Ca = sk_X509_value(sk, i); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509Ca, cert1)); + } + + X509_STORE_free(str); + str = NULL; + sk_X509_pop_free(sk, NULL); + sk = NULL; + X509_free(cert1); + cert1 = NULL; + +#ifdef HAVE_CRL + ExpectNotNull(str = wolfSSL_X509_STORE_new()); + ExpectNotNull(lookup = X509_STORE_add_lookup(str, X509_LOOKUP_file())); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, caCertFile, + SSL_FILETYPE_PEM,NULL), 1); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, + "certs/server-revoked-cert.pem", + SSL_FILETYPE_PEM,NULL), 1); + if (str) { + ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), 1); + /* since store hasn't yet known the revoked cert*/ + ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm, + "certs/server-revoked-cert.pem", + WOLFSSL_FILETYPE_PEM), 1); + } + for (i = 0; pem[i][0] != '\0'; i++) + { + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_FILE_LOAD, pem[i], + SSL_FILETYPE_PEM, NULL), 1); + } + + if (str) { + /* since store knows crl list */ + ExpectIntEQ(wolfSSL_CertManagerVerify(str->cm, + "certs/server-revoked-cert.pem", + WOLFSSL_FILETYPE_PEM ), WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); + } + + ExpectIntEQ(X509_LOOKUP_ctrl(NULL, 0, NULL, 0, NULL), 0); + X509_STORE_free(str); +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) + X509_STORE_CTX_cleanup(NULL); + X509_STORE_CTX_trusted_stack(NULL, NULL); + + res = TEST_SUCCESS; +#endif + return res; +} + +static int test_wolfSSL_X509_STORE_CTX_get_issuer(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + X509_STORE_CTX* ctx = NULL; + X509_STORE* str = NULL; + X509* x509Ca = NULL; + X509* x509Svr = NULL; + X509* issuer = NULL; + X509_NAME* caName = NULL; + X509_NAME* issuerName = NULL; + + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull((x509Ca = + wolfSSL_X509_load_certificate_file(caCertFile, SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(str, x509Ca), SSL_SUCCESS); + ExpectNotNull((x509Svr = + wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); + + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509Svr, NULL), SSL_SUCCESS); + + /* Issuer0 is not set until chain is built for verification */ + ExpectNull(X509_STORE_CTX_get0_current_issuer(NULL)); + ExpectNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx)); + + /* Issuer1 will use the store to make a new issuer */ + ExpectIntEQ(X509_STORE_CTX_get1_issuer(&issuer, ctx, x509Svr), 1); + ExpectNotNull(issuer); + X509_free(issuer); + + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(issuer = X509_STORE_CTX_get0_current_issuer(ctx)); + ExpectNotNull(caName = X509_get_subject_name(x509Ca)); + ExpectNotNull(issuerName = X509_get_subject_name(issuer)); +#ifdef WOLFSSL_SIGNER_DER_CERT + ExpectIntEQ(X509_NAME_cmp(caName, issuerName), 0); +#endif + + X509_STORE_CTX_free(ctx); + X509_free(x509Svr); + X509_STORE_free(str); + X509_free(x509Ca); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PKCS7_certs(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_BIO) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) + STACK_OF(X509)* sk = NULL; + STACK_OF(X509_INFO)* info_sk = NULL; + PKCS7 *p7 = NULL; + BIO* bio = NULL; + const byte* p = NULL; + int buflen = 0; + int i; + + /* Test twice. Once with d2i and once without to test + * that everything is free'd correctly. */ + for (i = 0; i < 2; i++) { + ExpectNotNull(p7 = PKCS7_new()); + if (p7 != NULL) { + p7->version = 1; + #ifdef NO_SHA + p7->hashOID = SHA256h; + #else + p7->hashOID = SHAh; + #endif + } + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); + ExpectNotNull(info_sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)); + ExpectIntEQ(sk_X509_INFO_num(info_sk), 2); + ExpectNotNull(sk = sk_X509_new_null()); + while (EXPECT_SUCCESS() && (sk_X509_INFO_num(info_sk) > 0)) { + X509_INFO* info = NULL; + ExpectNotNull(info = sk_X509_INFO_shift(info_sk)); + if (EXPECT_SUCCESS() && info != NULL) { + ExpectIntGT(sk_X509_push(sk, info->x509), 0); + info->x509 = NULL; + } + X509_INFO_free(info); + } + sk_X509_INFO_pop_free(info_sk, X509_INFO_free); + info_sk = NULL; + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(wolfSSL_PKCS7_encode_certs(p7, sk, bio), 1); + if ((sk != NULL) && ((p7 == NULL) || (bio == NULL))) { + sk_X509_pop_free(sk, X509_free); + } + sk = NULL; + ExpectIntGT((buflen = BIO_get_mem_data(bio, &p)), 0); + + if (i == 0) { + PKCS7_free(p7); + p7 = NULL; + ExpectNotNull(d2i_PKCS7(&p7, &p, buflen)); + if (p7 != NULL) { + /* Reset certs to force wolfSSL_PKCS7_to_stack to regenerate + * them */ + ((WOLFSSL_PKCS7*)p7)->certs = NULL; + } + /* PKCS7_free free's the certs */ + ExpectNotNull(wolfSSL_PKCS7_to_stack(p7)); + } + + BIO_free(bio); + bio = NULL; + PKCS7_free(p7); + p7 = NULL; + } +#endif /* defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_PKCS7) */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509_STORE_CTX* ctx = NULL; + X509_STORE* str = NULL; + X509* x509 = NULL; +#ifdef OPENSSL_ALL + X509* x5092 = NULL; + STACK_OF(X509) *sk = NULL; + STACK_OF(X509) *sk2 = NULL; + STACK_OF(X509) *sk3 = NULL; +#endif + + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull((str = wolfSSL_X509_STORE_new())); + ExpectNotNull((x509 = + wolfSSL_X509_load_certificate_file(svrCertFile, SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(str, x509), SSL_SUCCESS); +#ifdef OPENSSL_ALL + /* sk_X509_new only in OPENSSL_ALL */ + sk = sk_X509_new_null(); + ExpectNotNull(sk); + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509, sk), SSL_SUCCESS); +#else + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x509, NULL), SSL_SUCCESS); +#endif + ExpectIntEQ(SSL_get_ex_data_X509_STORE_CTX_idx(), 0); + X509_STORE_CTX_set_error(ctx, -5); + X509_STORE_CTX_set_error(NULL, -5); + + X509_STORE_CTX_free(ctx); + ctx = NULL; +#ifdef OPENSSL_ALL + sk_X509_pop_free(sk, NULL); + sk = NULL; +#endif + X509_STORE_free(str); + str = NULL; + X509_free(x509); + x509 = NULL; + + ExpectNotNull(ctx = X509_STORE_CTX_new()); + X509_STORE_CTX_set_verify_cb(ctx, verify_cb); + X509_STORE_CTX_free(ctx); + ctx = NULL; + +#ifdef OPENSSL_ALL + /* test X509_STORE_CTX_get(1)_chain */ + ExpectNotNull((x509 = X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM))); + ExpectNotNull((x5092 = X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM))); + ExpectNotNull((sk = sk_X509_new_null())); + ExpectIntEQ(sk_X509_push(sk, x509), 1); + if (EXPECT_FAIL()) { + X509_free(x509); + x509 = NULL; + } + ExpectNotNull((str = X509_STORE_new())); + ExpectNotNull((ctx = X509_STORE_CTX_new())); + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, x5092, sk), 1); + ExpectNull((sk2 = X509_STORE_CTX_get_chain(NULL))); + ExpectNull((sk2 = X509_STORE_CTX_get_chain(ctx))); + ExpectNull((sk3 = X509_STORE_CTX_get1_chain(NULL))); + ExpectNull((sk3 = X509_STORE_CTX_get1_chain(ctx))); + X509_STORE_CTX_free(ctx); + ctx = NULL; + X509_STORE_free(str); + str = NULL; + /* CTX certs not freed yet */ + X509_free(x5092); + x5092 = NULL; + sk_X509_pop_free(sk, NULL); + sk = NULL; + /* sk3 is dup so free here */ + sk_X509_pop_free(sk3, NULL); + sk3 = NULL; +#endif + + /* test X509_STORE_CTX_get/set_ex_data */ + { + int i = 0, tmpData = 5; + void* tmpDataRet; + ExpectNotNull(ctx = X509_STORE_CTX_new()); + #ifdef HAVE_EX_DATA + for (i = 0; i < MAX_EX_DATA; i++) { + ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData), + WOLFSSL_SUCCESS); + tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i); + ExpectNotNull(tmpDataRet); + ExpectIntEQ(tmpData, *(int*)tmpDataRet); + } + #else + ExpectIntEQ(X509_STORE_CTX_set_ex_data(ctx, i, &tmpData), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + tmpDataRet = (int*)X509_STORE_CTX_get_ex_data(ctx, i); + ExpectNull(tmpDataRet); + #endif + X509_STORE_CTX_free(ctx); + ctx = NULL; + } + + /* test X509_STORE_get/set_ex_data */ + { + int i = 0, tmpData = 99; + void* tmpDataRet; + ExpectNotNull(str = X509_STORE_new()); + #ifdef HAVE_EX_DATA + for (i = 0; i < MAX_EX_DATA; i++) { + ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData), + WOLFSSL_SUCCESS); + tmpDataRet = (int*)X509_STORE_get_ex_data(str, i); + ExpectNotNull(tmpDataRet); + ExpectIntEQ(tmpData, *(int*)tmpDataRet); + } + #else + ExpectIntEQ(X509_STORE_set_ex_data(str, i, &tmpData), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + tmpDataRet = (int*)X509_STORE_get_ex_data(str, i); + ExpectNull(tmpDataRet); + #endif + X509_STORE_free(str); + str = NULL; + } + +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + +typedef struct { + const char *caFile; + const char *caIntFile; + const char *caInt2File; + const char *leafFile; + X509 *x509Ca; + X509 *x509CaInt; + X509 *x509CaInt2; + X509 *x509Leaf; + STACK_OF(X509)* expectedChain; +} X509_STORE_test_data; + +static X509 * test_wolfSSL_X509_STORE_CTX_ex_helper(const char *file) +{ + XFILE fp = XBADFILE; + X509 *x = NULL; + + fp = XFOPEN(file, "rb"); + if (fp == NULL) { + return NULL; + } + x = PEM_read_X509(fp, 0, 0, 0); + XFCLOSE(fp); + + return x; +} + +static int test_wolfSSL_X509_STORE_CTX_ex1(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 1, add X509 certs to store and verify */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex2(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 2, add certs by filename to store and verify */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caFile, NULL), 1); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caIntFile, NULL), 1); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caInt2File, NULL), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex3(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 3, mix and match X509 with files */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caFile, NULL), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex4(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + STACK_OF(X509)* inter = NULL; + int i = 0; + + /* Test case 4, CA loaded by file, intermediates passed on init */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_load_locations( + store, testData->caFile, NULL), 1); + ExpectNotNull(inter = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + sk_X509_free(inter); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex5(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + STACK_OF(X509)* trusted = NULL; + int i = 0; + + /* Test case 5, manually set trusted stack */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(trusted = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + X509_STORE_CTX_trusted_stack(ctx, trusted); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + sk_X509_free(trusted); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex6(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + STACK_OF(X509)* trusted = NULL; + STACK_OF(X509)* inter = NULL; + int i = 0; + + /* Test case 6, manually set trusted stack will be unified with + * any intermediates provided on init */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(trusted = sk_X509_new_null()); + ExpectNotNull(inter = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(inter, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, inter), 1); + X509_STORE_CTX_trusted_stack(ctx, trusted); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + sk_X509_free(trusted); + sk_X509_free(inter); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex7(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 7, certs added to store after ctx init are still used */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex8(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + int i = 0; + + /* Test case 8, Only full chain verifies */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + ExpectIntEQ(sk_X509_num(chain), sk_X509_num(testData->expectedChain)); + for (i = 0; i < sk_X509_num(chain); i++) { + ExpectIntEQ(X509_cmp(sk_X509_value(chain, i), + sk_X509_value(testData->expectedChain, i)), 0); + } + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex9(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + X509_STORE_CTX* ctx2 = NULL; + STACK_OF(X509)* trusted = NULL; + + /* Test case 9, certs added to store should not be reflected in ctx that + * has been manually set with a trusted stack, but are reflected in ctx + * that has not set trusted stack */ + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(ctx2 = X509_STORE_CTX_new()); + ExpectNotNull(trusted = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(trusted, testData->x509Ca), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt), 1); + ExpectIntGE(sk_X509_push(trusted, testData->x509CaInt2), 1); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + ExpectIntEQ(X509_STORE_CTX_init(ctx2, store, testData->x509Leaf, NULL), 1); + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntNE(X509_verify_cert(ctx2), 1); + X509_STORE_CTX_trusted_stack(ctx, trusted); + /* CTX1 should now verify */ + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectIntNE(X509_verify_cert(ctx2), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509Ca), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + /* CTX2 should now verify */ + ExpectIntEQ(X509_verify_cert(ctx2), 1); + X509_STORE_CTX_free(ctx); + X509_STORE_CTX_free(ctx2); + X509_STORE_free(store); + sk_X509_free(trusted); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex10(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + + /* Test case 10, ensure partial chain flag works */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + /* Fails because chain is incomplete */ + ExpectIntNE(X509_verify_cert(ctx), 1); + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN), 1); + /* Partial chain now OK */ + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex11(X509_STORE_test_data *testData) +{ + EXPECT_DECLS; + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + + /* Test case 11, test partial chain flag on ctx itself */ + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt), 1); + ExpectIntEQ(X509_STORE_add_cert(store, testData->x509CaInt2), 1); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, testData->x509Leaf, NULL), 1); + /* Fails because chain is incomplete */ + ExpectIntNE(X509_verify_cert(ctx), 1); + X509_STORE_CTX_set_flags(ctx, X509_V_FLAG_PARTIAL_CHAIN); + /* Partial chain now OK */ + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_ex12(void) +{ + EXPECT_DECLS; +#ifdef HAVE_ECC + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + STACK_OF(X509)* chain = NULL; + X509* rootEccX509 = NULL; + X509* badAkiX509 = NULL; + X509* ca1X509 = NULL; + + const char* intCARootECCFile = "./certs/ca-ecc-cert.pem"; + const char* intCA1ECCFile = "./certs/intermediate/ca-int-ecc-cert.pem"; + const char* intCABadAKIECCFile = "./certs/intermediate/ca-ecc-bad-aki.pem"; + + /* Test case 12, multiple CAs with the same SKI including 1 with intentionally + bad/unregistered AKI. x509_verify_cert should still form a valid chain + using the valid CA, ignoring the bad CA. Developed from customer provided + reproducer. */ + + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(rootEccX509 = test_wolfSSL_X509_STORE_CTX_ex_helper(intCARootECCFile)); + ExpectIntEQ(X509_STORE_add_cert(store, rootEccX509), 1); + ExpectNotNull(badAkiX509 = test_wolfSSL_X509_STORE_CTX_ex_helper(intCABadAKIECCFile)); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, badAkiX509, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 0); + X509_STORE_CTX_cleanup(ctx); + + ExpectIntEQ(X509_STORE_add_cert(store, badAkiX509), 1); + ExpectNotNull(ca1X509 = test_wolfSSL_X509_STORE_CTX_ex_helper(intCA1ECCFile)); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, ca1X509, NULL), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectNotNull(chain = X509_STORE_CTX_get_chain(ctx)); + + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + X509_free(rootEccX509); + X509_free(badAkiX509); + X509_free(ca1X509); +#endif + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_X509_STORE_CTX_ex(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509_STORE_test_data testData; + XMEMSET((void *)&testData, 0, sizeof(X509_STORE_test_data)); + testData.caFile = "./certs/ca-cert.pem"; + testData.caIntFile = "./certs/intermediate/ca-int-cert.pem"; + testData.caInt2File = "./certs/intermediate/ca-int2-cert.pem"; + testData.leafFile = "./certs/intermediate/server-chain.pem"; + + ExpectNotNull(testData.x509Ca = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caFile)); + ExpectNotNull(testData.x509CaInt = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caIntFile)); + ExpectNotNull(testData.x509CaInt2 = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.caInt2File)); + ExpectNotNull(testData.x509Leaf = \ + test_wolfSSL_X509_STORE_CTX_ex_helper(testData.leafFile)); + ExpectNotNull(testData.expectedChain = sk_X509_new_null()); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Leaf), 1); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt2), 1); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509CaInt), 1); + ExpectIntGE(sk_X509_push(testData.expectedChain, testData.x509Ca), 1); + + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex1(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex2(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex3(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex4(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex5(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex6(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex7(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex8(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex9(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex10(&testData), 1); + ExpectIntEQ(test_wolfSSL_X509_STORE_CTX_ex11(&testData), 1); + test_wolfSSL_X509_STORE_CTX_ex12(); + + if(testData.x509Ca) { + X509_free(testData.x509Ca); + } + if(testData.x509CaInt) { + X509_free(testData.x509CaInt); + } + if(testData.x509CaInt2) { + X509_free(testData.x509CaInt2); + } + if(testData.x509Leaf) { + X509_free(testData.x509Leaf); + } + if (testData.expectedChain) { + sk_X509_free(testData.expectedChain); + } + +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + + return EXPECT_RESULT(); +} + + +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) +static int test_X509_STORE_untrusted_load_cert_to_stack(const char* filename, + STACK_OF(X509)* chain) +{ + EXPECT_DECLS; + XFILE fp = XBADFILE; + X509* cert = NULL; + + ExpectTrue((fp = XFOPEN(filename, "rb")) + != XBADFILE); + ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(sk_X509_push(chain, cert), 0); + if (EXPECT_FAIL()) + X509_free(cert); + + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_ALL) + +static int last_errcode; +static int last_errdepth; + +static int X509Callback(int ok, X509_STORE_CTX *ctx) +{ + + if (!ok) { + last_errcode = X509_STORE_CTX_get_error(ctx); + last_errdepth = X509_STORE_CTX_get_error_depth(ctx); + } + /* Always return OK to allow verification to continue.*/ + return 1; +} + +static int test_X509_STORE_InvalidCa(void) +{ + EXPECT_DECLS; + const char* filename = "./certs/intermediate/ca_false_intermediate/" + "test_int_not_cacert.pem"; + const char* srvfile = "./certs/intermediate/ca_false_intermediate/" + "test_sign_bynoca_srv.pem"; + X509_STORE_CTX* ctx = NULL; + X509_STORE* str = NULL; + XFILE fp = XBADFILE; + X509* cert = NULL; + STACK_OF(X509)* untrusted = NULL; + + last_errcode = 0; + last_errdepth = 0; + + ExpectTrue((fp = XFOPEN(srvfile, "rb")) + != XBADFILE); + ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectNotNull(str = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(untrusted = sk_X509_new_null()); + + /* create cert chain stack */ + ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(filename, + untrusted), TEST_SUCCESS); + + X509_STORE_set_verify_cb(str, X509Callback); + + ExpectIntEQ(X509_STORE_load_locations(str, + "./certs/intermediate/ca_false_intermediate/test_ca.pem", + NULL), 1); + + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1); + ExpectIntEQ(X509_verify_cert(ctx), 1); + ExpectIntEQ(last_errcode, X509_V_ERR_INVALID_CA); + + X509_free(cert); + X509_STORE_free(str); + X509_STORE_CTX_free(ctx); + sk_X509_pop_free(untrusted, NULL); + + return EXPECT_RESULT(); +} +#endif /* OPENSSL_ALL */ + + + +static int test_X509_STORE_untrusted_certs(const char** filenames, int ret, + int err, int loadCA) +{ + EXPECT_DECLS; + X509_STORE_CTX* ctx = NULL; + X509_STORE* str = NULL; + XFILE fp = XBADFILE; + X509* cert = NULL; + STACK_OF(X509)* untrusted = NULL; + + ExpectTrue((fp = XFOPEN("./certs/intermediate/server-int-cert.pem", "rb")) + != XBADFILE); + ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectNotNull(str = X509_STORE_new()); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(untrusted = sk_X509_new_null()); + + ExpectIntEQ(X509_STORE_set_flags(str, 0), 1); + if (loadCA) { + ExpectIntEQ(X509_STORE_load_locations(str, "./certs/ca-cert.pem", NULL), + 1); + } + for (; *filenames; filenames++) { + ExpectIntEQ(test_X509_STORE_untrusted_load_cert_to_stack(*filenames, + untrusted), TEST_SUCCESS); + } + + ExpectIntEQ(X509_STORE_CTX_init(ctx, str, cert, untrusted), 1); + ExpectIntEQ(X509_verify_cert(ctx), ret); + ExpectIntEQ(X509_STORE_CTX_get_error(ctx), err); + + X509_free(cert); + X509_STORE_free(str); + X509_STORE_CTX_free(ctx); + sk_X509_pop_free(untrusted, NULL); + + return EXPECT_RESULT(); +} +#endif + +static int test_X509_STORE_untrusted(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + const char* untrusted1[] = { + "./certs/intermediate/ca-int2-cert.pem", + NULL + }; + const char* untrusted2[] = { + "./certs/intermediate/ca-int-cert.pem", + "./certs/intermediate/ca-int2-cert.pem", + NULL + }; + const char* untrusted3[] = { + "./certs/intermediate/ca-int-cert.pem", + "./certs/intermediate/ca-int2-cert.pem", + "./certs/ca-cert.pem", + NULL + }; + /* Adding unrelated certs that should be ignored */ + const char* untrusted4[] = { + "./certs/client-ca.pem", + "./certs/intermediate/ca-int-cert.pem", + "./certs/server-cert.pem", + "./certs/intermediate/ca-int2-cert.pem", + NULL + }; + + /* Only immediate issuer in untrusted chain. Fails since can't build chain + * to loaded CA. */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted1, 0, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 1), TEST_SUCCESS); + /* Succeeds because path to loaded CA is available. */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted2, 1, 0, 1), + TEST_SUCCESS); + /* Root CA in untrusted chain is OK so long as CA has been loaded + * properly */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 1, 0, 1), + TEST_SUCCESS); + /* Still needs properly loaded CA, while including it in untrusted + * list is not an error, it also doesn't count for verify */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted3, 0, + X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY, 0), + TEST_SUCCESS); + /* Succeeds because path to loaded CA is available. */ + ExpectIntEQ(test_X509_STORE_untrusted_certs(untrusted4, 1, 0, 1), + TEST_SUCCESS); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_set_flags(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509_STORE* store = NULL; + X509* x509 = NULL; + + ExpectNotNull((store = wolfSSL_X509_STORE_new())); + ExpectNotNull((x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + WOLFSSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, x509), WOLFSSL_SUCCESS); + +#ifdef HAVE_CRL + ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); +#else + ExpectIntEQ(X509_STORE_set_flags(store, WOLFSSL_CRL_CHECKALL), + WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif + + wolfSSL_X509_free(x509); + wolfSSL_X509_STORE_free(store); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && + * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_LOOKUP_load_file(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(HAVE_ECC) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(WOLFSSL_NO_CLIENT_AUTH)) + WOLFSSL_X509_STORE* store = NULL; + WOLFSSL_X509_LOOKUP* lookup = NULL; + + ExpectNotNull(store = wolfSSL_X509_STORE_new()); + ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); + /* One RSA and one ECC certificate in file. */ + ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/client-ca.pem", + X509_FILETYPE_PEM), 1); + ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/crl/crl2.pem", + X509_FILETYPE_PEM), 1); + + if (store != NULL) { + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, cliCertFile, + WOLFSSL_FILETYPE_PEM), 1); + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); + } + ExpectIntEQ(wolfSSL_X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", + X509_FILETYPE_PEM), 1); + if (store != NULL) { + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), 1); + } + + wolfSSL_X509_STORE_free(store); +#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && + * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_set_time(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + WOLFSSL_X509_STORE_CTX* ctx = NULL; + time_t c_time; + + ExpectNotNull(ctx = wolfSSL_X509_STORE_CTX_new()); + c_time = 365*24*60*60; + wolfSSL_X509_STORE_CTX_set_time(ctx, 0, c_time); + ExpectTrue((ctx->param->flags & WOLFSSL_USE_CHECK_TIME) == + WOLFSSL_USE_CHECK_TIME); + ExpectTrue(ctx->param->check_time == c_time); + wolfSSL_X509_STORE_CTX_free(ctx); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_get0_set1_param(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) +#if !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + SSL_CTX* ctx = NULL; + WOLFSSL_X509_VERIFY_PARAM* pParam = NULL; + WOLFSSL_X509_VERIFY_PARAM* pvpm = NULL; + char testIPv4[] = "127.0.0.1"; + char testhostName[] = "foo.hoge.com"; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectNull(SSL_CTX_get0_param(NULL)); + ExpectNotNull(pParam = SSL_CTX_get0_param(ctx)); + + ExpectNotNull(pvpm = (WOLFSSL_X509_VERIFY_PARAM *)XMALLOC( + sizeof(WOLFSSL_X509_VERIFY_PARAM), NULL, DYNAMIC_TYPE_OPENSSL)); + ExpectNotNull(XMEMSET(pvpm, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM))); + + ExpectIntEQ(wolfSSL_X509_VERIFY_PARAM_set1_host(pvpm, testhostName, + (int)XSTRLEN(testhostName)), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_VERIFY_PARAM_set1_ip_asc(pvpm, testIPv4), + WOLFSSL_SUCCESS); + wolfSSL_X509_VERIFY_PARAM_set_hostflags(pvpm, 0x01); + + ExpectIntEQ(SSL_CTX_set1_param(ctx, pvpm), 1); + ExpectIntEQ(0, XSTRNCMP(pParam->hostName, testhostName, + (int)XSTRLEN(testhostName))); + ExpectIntEQ(0x01, pParam->hostFlags); + ExpectIntEQ(0, XSTRNCMP(pParam->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); + + /* test for incorrect parameter */ + ExpectIntEQ(1,SSL_CTX_set1_param(ctx, NULL)); + ExpectIntEQ(1,SSL_CTX_set1_param(NULL, pvpm)); + ExpectIntEQ(1,SSL_CTX_set1_param(NULL, NULL)); + + SSL_CTX_free(ctx); + + XFREE(pvpm, NULL, DYNAMIC_TYPE_OPENSSL); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ +#endif /* OPENSSL_EXTRA && !defined(NO_RSA)*/ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_get0_param(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ + !defined(NO_FILESYSTEM) + SSL_CTX* ctx = NULL; + SSL* ssl = NULL; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); +#endif + ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, + SSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); + ExpectNotNull(ssl = SSL_new(ctx)); + + ExpectNotNull(SSL_get0_param(ssl)); + + SSL_free(ssl); + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_VERIFY_PARAM_set1_host(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + const char host[] = "www.example.com"; + WOLFSSL_X509_VERIFY_PARAM* pParam = NULL; + + ExpectNotNull(pParam = (WOLFSSL_X509_VERIFY_PARAM*)XMALLOC( + sizeof(WOLFSSL_X509_VERIFY_PARAM), HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); + if (pParam != NULL) { + XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_host(NULL, host, sizeof(host)), + WOLFSSL_FAILURE); + + X509_VERIFY_PARAM_set1_host(pParam, host, sizeof(host)); + + ExpectIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); + + XMEMSET(pParam, 0, sizeof(WOLFSSL_X509_VERIFY_PARAM)); + + ExpectIntNE(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); + + XFREE(pParam, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + } +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_set1_host(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ + !defined(NO_FILESYSTEM) + const char host[] = "www.test_wolfSSL_set1_host.com"; + const char emptyStr[] = ""; + SSL_CTX* ctx = NULL; + SSL* ssl = NULL; + WOLFSSL_X509_VERIFY_PARAM* pParam = NULL; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); +#endif + ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, + SSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); + ExpectNotNull(ssl = SSL_new(ctx)); + + pParam = SSL_get0_param(ssl); + + /* we should get back host string */ + ExpectIntEQ(SSL_set1_host(ssl, host), WOLFSSL_SUCCESS); + ExpectIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); + + /* we should get back empty string */ + ExpectIntEQ(SSL_set1_host(ssl, emptyStr), WOLFSSL_SUCCESS); + ExpectIntEQ(XMEMCMP(pParam->hostName, emptyStr, sizeof(emptyStr)), 0); + + /* we should get back host string */ + ExpectIntEQ(SSL_set1_host(ssl, host), WOLFSSL_SUCCESS); + ExpectIntEQ(XMEMCMP(pParam->hostName, host, sizeof(host)), 0); + + /* we should get back empty string */ + ExpectIntEQ(SSL_set1_host(ssl, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(XMEMCMP(pParam->hostName, emptyStr, sizeof(emptyStr)), 0); + + SSL_free(ssl); + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_VERIFY_PARAM_set1_ip(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) + unsigned char buf[16] = {0}; + WOLFSSL_X509_VERIFY_PARAM* param = NULL; + + ExpectNotNull(param = X509_VERIFY_PARAM_new()); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 16), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 4), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, buf, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 16), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 4), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 16), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 4), WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(NULL, buf, 0), WOLFSSL_FAILURE); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, NULL, 0), WOLFSSL_SUCCESS); + + /* test 127.0.0.1 */ + buf[0] =0x7f; buf[1] = 0; buf[2] = 0; buf[3] = 1; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 4), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, "127.0.0.1", sizeof(param->ipasc)), 0); + + /* test 2001:db8:3333:4444:5555:6666:7777:8888 */ + buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; + buf[4]=51;buf[5]=51;buf[6]=68;buf[7]=68; + buf[8]=85;buf[9]=85;buf[10]=102;buf[11]=102; + buf[12]=119;buf[13]=119;buf[14]=136;buf[15]=136; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, + "2001:db8:3333:4444:5555:6666:7777:8888", sizeof(param->ipasc)), 0); + + /* test 2001:db8:: */ + buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; + buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; + buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; + buf[12]=0;buf[13]=0;buf[14]=0;buf[15]=0; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8::", sizeof(param->ipasc)), 0); + + /* test ::1234:5678 */ + buf[0]=0;buf[1]=0;buf[2]=0;buf[3]=0; + buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; + buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; + buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, "::1234:5678", sizeof(param->ipasc)), 0); + + + /* test 2001:db8::1234:5678 */ + buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; + buf[4]=0;buf[5]=0;buf[6]=0;buf[7]=0; + buf[8]=0;buf[9]=0;buf[10]=0;buf[11]=0; + buf[12]=18;buf[13]=52;buf[14]=86;buf[15]=120; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8::1234:5678", + sizeof(param->ipasc)), 0); + + /* test 2001:0db8:0001:0000:0000:0ab9:c0a8:0102*/ + /* 2001:db8:1::ab9:c0a8:102 */ + buf[0]=32;buf[1]=1;buf[2]=13;buf[3]=184; + buf[4]=0;buf[5]=1;buf[6]=0;buf[7]=0; + buf[8]=0;buf[9]=0;buf[10]=10;buf[11]=185; + buf[12]=192;buf[13]=168;buf[14]=1;buf[15]=2; + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip(param, &buf[0], 16), SSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(param->ipasc, "2001:db8:1::ab9:c0a8:102", + sizeof(param->ipasc)), 0); + + XFREE(param, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_CTX_get0_store(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + X509_STORE* store = NULL; + X509_STORE_CTX* ctx = NULL; + X509_STORE_CTX* ctx_no_init = NULL; + + ExpectNotNull((store = X509_STORE_new())); + ExpectNotNull(ctx = X509_STORE_CTX_new()); + ExpectNotNull(ctx_no_init = X509_STORE_CTX_new()); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, NULL, NULL), SSL_SUCCESS); + + ExpectNull(X509_STORE_CTX_get0_store(NULL)); + /* should return NULL if ctx has not bee initialized */ + ExpectNull(X509_STORE_CTX_get0_store(ctx_no_init)); + ExpectNotNull(X509_STORE_CTX_get0_store(ctx)); + + wolfSSL_X509_STORE_CTX_free(ctx); + wolfSSL_X509_STORE_CTX_free(ctx_no_init); + X509_STORE_free(store); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + defined(HAVE_ECC) && !defined(NO_TLS) && defined(HAVE_AESGCM) +static int test_wolfSSL_get_client_ciphers_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + ExpectTrue(wolfSSL_CTX_set_cipher_list(ctx, "ECDHE-RSA-AES128-GCM-SHA256")); + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_get_client_ciphers_on_result(WOLFSSL* ssl) { + EXPECT_DECLS; + WOLF_STACK_OF(WOLFSSL_CIPHER)* ciphers; + + ciphers = SSL_get_client_ciphers(ssl); + if (wolfSSL_is_server(ssl) == 0) { + ExpectNull(ciphers); + } + else { + WOLFSSL_CIPHER* current; + + /* client should have only sent over one cipher suite */ + ExpectNotNull(ciphers); + ExpectIntEQ(sk_SSL_CIPHER_num(ciphers), 1); + current = sk_SSL_CIPHER_value(ciphers, 0); + ExpectNotNull(current); + #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && !defined(NO_ERROR_STRINGS) && \ + !defined(WOLFSSL_QT) + ExpectStrEQ("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", + SSL_CIPHER_get_name(current)); + #else + ExpectStrEQ("ECDHE-RSA-AES128-GCM-SHA256", + SSL_CIPHER_get_name(current)); + #endif + } + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_get_client_ciphers(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + defined(HAVE_ECC) && !defined(NO_TLS) && defined(HAVE_AESGCM) + test_ssl_cbf server_cb; + test_ssl_cbf client_cb; + + XMEMSET(&client_cb, 0, sizeof(test_ssl_cbf)); + XMEMSET(&server_cb, 0, sizeof(test_ssl_cbf)); + client_cb.method = wolfTLSv1_2_client_method; + server_cb.method = wolfTLSv1_2_server_method; + client_cb.devId = testDevId; + server_cb.devId = testDevId; + client_cb.ctx_ready = test_wolfSSL_get_client_ciphers_ctx_ready; + client_cb.on_result = test_wolfSSL_get_client_ciphers_on_result; + server_cb.on_result = test_wolfSSL_get_client_ciphers_on_result; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cb, + &server_cb, NULL), TEST_SUCCESS); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_set_client_CA_list(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(NO_BIO) && !defined(NO_TLS) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + X509_NAME* name = NULL; + STACK_OF(X509_NAME)* names = NULL; + STACK_OF(X509_NAME)* ca_list = NULL; + int names_len = 0; + int i; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + /* Send two X501 names in cert request */ + names = SSL_load_client_CA_file(cliCertFile); + ExpectNotNull(names); + ca_list = SSL_load_client_CA_file(caCertFile); + ExpectNotNull(ca_list); + ExpectNotNull(name = sk_X509_NAME_value(ca_list, 0)); + ExpectIntEQ(sk_X509_NAME_push(names, name), 2); + if (EXPECT_FAIL()) { + wolfSSL_X509_NAME_free(name); + name = NULL; + } + SSL_CTX_set_client_CA_list(ctx, names); + /* This should only free the stack structure */ + sk_X509_NAME_free(ca_list); + ca_list = NULL; + ExpectNotNull(ca_list = SSL_CTX_get_client_CA_list(ctx)); + ExpectIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names)); + + ExpectIntEQ(sk_X509_NAME_find(NULL, name), BAD_FUNC_ARG); + ExpectIntEQ(sk_X509_NAME_find(names, NULL), WOLFSSL_FATAL_ERROR); + ExpectIntGT((names_len = sk_X509_NAME_num(names)), 0); + for (i = 0; i < names_len; i++) { + ExpectNotNull(name = sk_X509_NAME_value(names, i)); + ExpectIntEQ(sk_X509_NAME_find(names, name), i); + } + + /* Needed to be able to create ssl object */ + ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, + SSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + /* load again as old names are responsibility of ctx to free*/ + names = SSL_load_client_CA_file(cliCertFile); + ExpectNotNull(names); + SSL_set_client_CA_list(ssl, names); + ExpectNotNull(ca_list = SSL_get_client_CA_list(ssl)); + ExpectIntEQ(sk_X509_NAME_num(ca_list), sk_X509_NAME_num(names)); + + ExpectIntGT((names_len = sk_X509_NAME_num(names)), 0); + for (i = 0; i < names_len; i++) { + ExpectNotNull(name = sk_X509_NAME_value(names, i)); + ExpectIntEQ(sk_X509_NAME_find(names, name), i); + } + +#if !defined(SINGLE_THREADED) && defined(SESSION_CERTS) + { + tcp_ready ready; + func_args server_args; + callback_functions server_cb; + THREAD_TYPE serverThread; + WOLFSSL* ssl_client = NULL; + WOLFSSL_CTX* ctx_client = NULL; + SOCKET_T sockfd = 0; + + /* wolfSSL_get_client_CA_list() with handshake */ + + StartTCP(); + InitTcpReady(&ready); + + XMEMSET(&server_args, 0, sizeof(func_args)); + XMEMSET(&server_cb, 0, sizeof(callback_functions)); + + server_args.signal = &ready; + server_args.callbacks = &server_cb; + + /* we are responsible for free'ing WOLFSSL_CTX */ + server_cb.ctx = ctx; + server_cb.isSharedCtx = 1; + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, + cliCertFile, 0)); + + start_thread(test_server_nofail, &server_args, &serverThread); + wait_tcp_ready(&server_args); + + tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL); + ExpectNotNull(ctx_client = + wolfSSL_CTX_new(wolfTLSv1_2_client_method())); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations( + ctx_client, caCertFile, 0)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file( + ctx_client, cliCertFile, SSL_FILETYPE_PEM)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file( + ctx_client, cliKeyFile, SSL_FILETYPE_PEM)); + + ExpectNotNull(ssl_client = wolfSSL_new(ctx_client)); + ExpectIntEQ(wolfSSL_set_fd(ssl_client, sockfd), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_connect(ssl_client), WOLFSSL_SUCCESS); + + ExpectNotNull(ca_list = SSL_get_client_CA_list(ssl_client)); + /* We are expecting two cert names to be sent */ + ExpectIntEQ(sk_X509_NAME_num(ca_list), 2); + + ExpectNotNull(names = SSL_CTX_get_client_CA_list(ctx)); + for (i=0; icallbacks; + WOLFSSL_CTX* ctx = callbacks->ctx; + WOLFSSL* ssl = NULL; + SOCKET_T sfd = 0; + SOCKET_T cfd = 0; + word16 port; + char input[1024]; + int idx; + int ret, err = 0; + const char* privateName = "ech-private-name.com"; + int privateNameLen = (int)XSTRLEN(privateName); + + ((func_args*)args)->return_code = TEST_FAIL; + port = ((func_args*)args)->signal->port; + + AssertIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_load_verify_locations(ctx, cliCertFile, 0)); + + AssertIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + + AssertIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + + if (callbacks->ctx_ready) + callbacks->ctx_ready(ctx); + + ssl = wolfSSL_new(ctx); + + /* set the sni for the server */ + wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, privateName, privateNameLen); + + tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, NULL, NULL); + CloseSocket(sfd); + AssertIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd)); + + if (callbacks->ssl_ready) + callbacks->ssl_ready(ssl); + + do { + err = 0; /* Reset error */ + ret = wolfSSL_accept(ssl); + if (ret != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); + } + } while (ret != WOLFSSL_SUCCESS && err == WC_NO_ERR_TRACE(WC_PENDING_E)); + + if (ret != WOLFSSL_SUCCESS) { + char buff[WOLFSSL_MAX_ERROR_SZ]; + fprintf(stderr, "error = %d, %s\n", err, wolfSSL_ERR_error_string(err, buff)); + } + else { + if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) { + input[idx] = 0; + fprintf(stderr, "Client message: %s\n", input); + } + + AssertIntEQ(privateNameLen, wolfSSL_write(ssl, privateName, + privateNameLen)); + ((func_args*)args)->return_code = TEST_SUCCESS; + } + + if (callbacks->on_result) + callbacks->on_result(ssl); + + wolfSSL_shutdown(ssl); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + CloseSocket(cfd); + +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif + + WOLFSSL_RETURN_FROM_THREAD(0); +} +#endif /* HAVE_ECH && WOLFSSL_TLS13 */ + +#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) +static void keyLog_callback(const WOLFSSL* ssl, const char* line) +{ + XFILE fp; + const byte lf = '\n'; + + AssertNotNull(ssl); + AssertNotNull(line); + + fp = XFOPEN("./MyKeyLog.txt", "a"); + XFWRITE(line, 1, XSTRLEN(line), fp); + XFWRITE((void*)&lf, 1, 1, fp); + XFFLUSH(fp); + XFCLOSE(fp); +} +#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ +static int test_wolfSSL_CTX_set_keylog_callback(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) && \ + !defined(NO_WOLFSSL_CLIENT) + SSL_CTX* ctx = NULL; + + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); + SSL_CTX_set_keylog_callback(ctx, keyLog_callback ); + SSL_CTX_free(ctx); + SSL_CTX_set_keylog_callback(NULL, NULL); +#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && !NO_WOLFSSL_CLIENT */ + return EXPECT_RESULT(); +} +static int test_wolfSSL_CTX_get_keylog_callback(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) && \ + !defined(NO_WOLFSSL_CLIENT) + SSL_CTX* ctx = NULL; + + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); + ExpectPtrEq(SSL_CTX_get_keylog_callback(ctx),NULL); + SSL_CTX_set_keylog_callback(ctx, keyLog_callback ); + ExpectPtrEq(SSL_CTX_get_keylog_callback(ctx),keyLog_callback); + SSL_CTX_set_keylog_callback(ctx, NULL ); + ExpectPtrEq(SSL_CTX_get_keylog_callback(ctx),NULL); + SSL_CTX_free(ctx); +#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && !NO_WOLFSSL_CLIENT */ + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) +static int test_wolfSSL_Tls12_Key_Logging_client_ctx_ready(WOLFSSL_CTX* ctx) +{ + /* set keylog callback */ + wolfSSL_CTX_set_keylog_callback(ctx, keyLog_callback); + return TEST_SUCCESS; +} +#endif + +static int test_wolfSSL_Tls12_Key_Logging_test(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_SECRET_CALLBACK) + /* This test is intended for checking whether keylog callback is called + * in client during TLS handshake between the client and a server. + */ + test_ssl_cbf server_cbf; + test_ssl_cbf client_cbf; + XFILE fp = XBADFILE; + char buff[500]; + int found = 0; + + XMEMSET(&server_cbf, 0, sizeof(test_ssl_cbf)); + XMEMSET(&client_cbf, 0, sizeof(test_ssl_cbf)); + server_cbf.method = wolfTLSv1_2_server_method; + client_cbf.ctx_ready = &test_wolfSSL_Tls12_Key_Logging_client_ctx_ready; + + /* clean up keylog file */ + ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "w")) != XBADFILE); + if (fp != XBADFILE) { + XFFLUSH(fp); + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, + &server_cbf, NULL), TEST_SUCCESS); + + /* check if the keylog file exists */ + ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "rb")) != XBADFILE); + XFFLUSH(fp); /* Just to make sure any buffers get flushed */ + + XMEMSET(buff, 0, sizeof(buff)); + while (EXPECT_SUCCESS() && XFGETS(buff, (int)sizeof(buff), fp) != NULL) { + if (0 == strncmp(buff,"CLIENT_RANDOM ", sizeof("CLIENT_RANDOM ")-1)) { + found = 1; + break; + } + } + if (fp != XBADFILE) { + XFCLOSE(fp); + } + /* a log starting with "CLIENT_RANDOM " should exit in the file */ + ExpectIntEQ(found, 1); + /* clean up */ + ExpectIntEQ(rem_file("./MyKeyLog.txt"), 0); +#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK */ + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_TLS13) && defined(OPENSSL_EXTRA) && \ + defined(HAVE_SECRET_CALLBACK) +static int test_wolfSSL_Tls13_Key_Logging_client_ctx_ready(WOLFSSL_CTX* ctx) +{ + /* set keylog callback */ + wolfSSL_CTX_set_keylog_callback(ctx, keyLog_callback); + return TEST_SUCCESS; +} +#endif + +static int test_wolfSSL_Tls13_Key_Logging_test(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && defined(OPENSSL_EXTRA) && \ + defined(HAVE_SECRET_CALLBACK) +/* This test is intended for checking whether keylog callback is called + * in client during TLS handshake between the client and a server. + */ + test_ssl_cbf server_cbf; + test_ssl_cbf client_cbf; + XFILE fp = XBADFILE; + + XMEMSET(&server_cbf, 0, sizeof(test_ssl_cbf)); + XMEMSET(&client_cbf, 0, sizeof(test_ssl_cbf)); + server_cbf.method = wolfTLSv1_3_server_method; /* TLS1.3 */ + client_cbf.ctx_ready = &test_wolfSSL_Tls13_Key_Logging_client_ctx_ready; + + /* clean up keylog file */ + ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "w")) != XBADFILE); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, + &server_cbf, NULL), TEST_SUCCESS); + + /* check if the keylog file exists */ + { + char buff[300] = {0}; + int found[4] = {0}; + int numfnd = 0; + int i; + + ExpectTrue((fp = XFOPEN("./MyKeyLog.txt", "rb")) != XBADFILE); + + while (EXPECT_SUCCESS() && + XFGETS(buff, (int)sizeof(buff), fp) != NULL) { + if (0 == strncmp(buff, "CLIENT_HANDSHAKE_TRAFFIC_SECRET ", + sizeof("CLIENT_HANDSHAKE_TRAFFIC_SECRET ")-1)) { + found[0] = 1; + continue; + } + else if (0 == strncmp(buff, "SERVER_HANDSHAKE_TRAFFIC_SECRET ", + sizeof("SERVER_HANDSHAKE_TRAFFIC_SECRET ")-1)) { + found[1] = 1; + continue; + } + else if (0 == strncmp(buff, "CLIENT_TRAFFIC_SECRET_0 ", + sizeof("CLIENT_TRAFFIC_SECRET_0 ")-1)) { + found[2] = 1; + continue; + } + else if (0 == strncmp(buff, "SERVER_TRAFFIC_SECRET_0 ", + sizeof("SERVER_TRAFFIC_SECRET_0 ")-1)) { + found[3] = 1; + continue; + } + } + if (fp != XBADFILE) + XFCLOSE(fp); + for (i = 0; i < 4; i++) { + if (found[i] != 0) + numfnd++; + } + ExpectIntEQ(numfnd, 4); + } +#endif /* OPENSSL_EXTRA && HAVE_SECRET_CALLBACK && WOLFSSL_TLS13 */ + return EXPECT_RESULT(); +} +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) +static int test_wolfSSL_Tls13_ECH_params(void) +{ + EXPECT_DECLS; +#if !defined(NO_WOLFSSL_CLIENT) + word32 outputLen = 0; + byte testBuf[72]; + WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + WOLFSSL *ssl = wolfSSL_new(ctx); + + ExpectNotNull(ctx); + ExpectNotNull(ssl); + + /* invalid ctx */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(NULL, + "ech-public-name.com", 0, 0, 0)); + /* invalid public name */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx, NULL, 0, + 0, 0)); + /* invalid algorithms */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(ctx, + "ech-public-name.com", 1000, 1000, 1000)); + + /* invalid ctx */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(NULL, + (char*)testBuf, sizeof(testBuf))); + /* invalid base64 configs */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(ctx, + NULL, sizeof(testBuf))); + /* invalid length */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigsBase64(ctx, + (char*)testBuf, 0)); + + /* invalid ctx */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigs(NULL, + testBuf, sizeof(testBuf))); + /* invalid configs */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigs(ctx, + NULL, sizeof(testBuf))); + /* invalid length */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_SetEchConfigs(ctx, + testBuf, 0)); + + /* invalid ctx */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(NULL, NULL, + &outputLen)); + /* invalid output len */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_GetEchConfigs(ctx, NULL, NULL)); + + /* invalid ssl */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(NULL, + (char*)testBuf, sizeof(testBuf))); + /* invalid configs64 */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, NULL, + sizeof(testBuf))); + /* invalid size */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigsBase64(ssl, + (char*)testBuf, 0)); + + /* invalid ssl */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(NULL, testBuf, + sizeof(testBuf))); + /* invalid configs */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, NULL, + sizeof(testBuf))); + /* invalid size */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, testBuf, 0)); + + /* invalid ssl */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(NULL, NULL, &outputLen)); + /* invalid size */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_GetEchConfigs(ssl, NULL, NULL)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT */ + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_Tls13_ECH_ex(int hrr) +{ + EXPECT_DECLS; + tcp_ready ready; + func_args client_args; + func_args server_args; + THREAD_TYPE serverThread; + callback_functions server_cbf; + callback_functions client_cbf; + SOCKET_T sockfd = 0; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + const char* publicName = "ech-public-name.com"; + const char* privateName = "ech-private-name.com"; + int privateNameLen = 20; + char reply[1024]; + int replyLen = 0; + byte rawEchConfig[128]; + word32 rawEchConfigLen = sizeof(rawEchConfig); + + InitTcpReady(&ready); + ready.port = 22222; + + XMEMSET(&client_args, 0, sizeof(func_args)); + XMEMSET(&server_args, 0, sizeof(func_args)); + XMEMSET(&server_cbf, 0, sizeof(callback_functions)); + XMEMSET(&client_cbf, 0, sizeof(callback_functions)); + server_cbf.method = wolfTLSv1_3_server_method; /* TLS1.3 */ + + /* create the server context here so we can get the ech config */ + ExpectNotNull(server_cbf.ctx = + wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + + /* generate ech config */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_GenerateEchConfig(server_cbf.ctx, + publicName, 0, 0, 0)); + + /* get the config for the client to use */ + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_GetEchConfigs(server_cbf.ctx, rawEchConfig, + &rawEchConfigLen)); + + server_args.callbacks = &server_cbf; + server_args.signal = &ready; + + /* start server task */ + start_thread(server_task_ech, &server_args, &serverThread); + wait_tcp_ready(&server_args); + + /* run as a TLS1.3 client */ + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); + + tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL); + + /* get connected the server task */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* set the ech configs for the client */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetEchConfigs(ssl, rawEchConfig, + rawEchConfigLen)); + + /* set the sni for the client */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_UseSNI(ssl, WOLFSSL_SNI_HOST_NAME, + privateName, privateNameLen)); + + /* force hello retry request */ + if (hrr) + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_NoKeyShares(ssl)); + + /* connect like normal */ + ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); + ExpectIntEQ(ssl->options.echAccepted, 1); + ExpectIntEQ(wolfSSL_write(ssl, privateName, privateNameLen), + privateNameLen); + ExpectIntGT((replyLen = wolfSSL_read(ssl, reply, sizeof(reply))), 0); + /* add th null terminator for string compare */ + reply[replyLen] = 0; + /* check that the server replied with the private name */ + ExpectStrEQ(privateName, reply); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + + CloseSocket(sockfd); + + join_thread(serverThread); + + FreeTcpReady(&ready); + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_Tls13_ECH(void) +{ + return test_wolfSSL_Tls13_ECH_ex(0); +} + +static int test_wolfSSL_Tls13_ECH_HRR(void) +{ + return test_wolfSSL_Tls13_ECH_ex(1); +} +#endif /* HAVE_ECH && WOLFSSL_TLS13 */ + +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && \ +defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) +static int post_auth_version_cb(WOLFSSL* ssl) +{ + EXPECT_DECLS; + /* do handshake and then test version error */ + ExpectIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); + ExpectStrEQ("TLSv1.2", wolfSSL_get_version(ssl)); + return EXPECT_RESULT(); +} + +static int post_auth_version_client_cb(WOLFSSL* ssl) +{ + EXPECT_DECLS; + /* do handshake and then test version error */ + ExpectIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); + ExpectStrEQ("TLSv1.2", wolfSSL_get_version(ssl)); + ExpectIntEQ(wolfSSL_verify_client_post_handshake(ssl), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#if defined(OPENSSL_ALL) && !defined(NO_ERROR_QUEUE) + /* check was added to error queue */ + ExpectIntEQ(wolfSSL_ERR_get_error(), -WC_NO_ERR_TRACE(UNSUPPORTED_PROTO_VERSION)); + + /* check the string matches expected string */ + #ifndef NO_ERROR_STRINGS + ExpectStrEQ(wolfSSL_ERR_error_string(-WC_NO_ERR_TRACE(UNSUPPORTED_PROTO_VERSION), NULL), + "WRONG_SSL_VERSION"); + #endif +#endif + return EXPECT_RESULT(); +} + +static int post_auth_cb(WOLFSSL* ssl) +{ + EXPECT_DECLS; + WOLFSSL_X509* x509 = NULL; + /* do handshake and then test version error */ + ExpectIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); + ExpectStrEQ("TLSv1.3", wolfSSL_get_version(ssl)); + ExpectNull(x509 = wolfSSL_get_peer_certificate(ssl)); + wolfSSL_X509_free(x509); + ExpectIntEQ(wolfSSL_verify_client_post_handshake(ssl), WOLFSSL_SUCCESS); + return EXPECT_RESULT(); +} + +static int set_post_auth_cb(WOLFSSL* ssl) +{ + if (!wolfSSL_is_server(ssl)) { + EXPECT_DECLS; + ExpectIntEQ(wolfSSL_allow_post_handshake_auth(ssl), 0); + return EXPECT_RESULT(); + } + wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_POST_HANDSHAKE, NULL); + return TEST_SUCCESS; +} +#endif + +static int test_wolfSSL_Tls13_postauth(void) +{ + EXPECT_DECLS; +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && \ + defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + test_ssl_cbf server_cbf; + test_ssl_cbf client_cbf; + + /* test version failure doing post auth with TLS 1.2 connection */ + XMEMSET(&server_cbf, 0, sizeof(server_cbf)); + XMEMSET(&client_cbf, 0, sizeof(client_cbf)); + server_cbf.method = wolfTLSv1_2_server_method; + server_cbf.ssl_ready = set_post_auth_cb; + server_cbf.on_result = post_auth_version_cb; + client_cbf.ssl_ready = set_post_auth_cb; + client_cbf.on_result = post_auth_version_client_cb; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, + &server_cbf, NULL), TEST_SUCCESS); + + /* tests on post auth with TLS 1.3 */ + XMEMSET(&server_cbf, 0, sizeof(server_cbf)); + XMEMSET(&client_cbf, 0, sizeof(client_cbf)); + server_cbf.method = wolfTLSv1_3_server_method; + server_cbf.ssl_ready = set_post_auth_cb; + client_cbf.ssl_ready = set_post_auth_cb; + server_cbf.on_result = post_auth_cb; + client_cbf.on_result = NULL; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, + &server_cbf, NULL), TEST_SUCCESS); +#endif + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_X509_NID(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL)) && \ + !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN) + int sigType; + int nameSz = 0; + + X509* cert = NULL; + EVP_PKEY* pubKeyTmp = NULL; + X509_NAME* name = NULL; + + char commonName[80]; + char countryName[80]; + char localityName[80]; + char stateName[80]; + char orgName[80]; + char orgUnit[80]; + + /* ------ PARSE ORIGINAL SELF-SIGNED CERTIFICATE ------ */ + + /* convert cert from DER to internal WOLFSSL_X509 struct */ + ExpectNotNull(cert = wolfSSL_X509_d2i_ex(&cert, client_cert_der_2048, + sizeof_client_cert_der_2048, HEAP_HINT)); + + /* ------ EXTRACT CERTIFICATE ELEMENTS ------ */ + + /* extract PUBLIC KEY from cert */ + ExpectNotNull(pubKeyTmp = X509_get_pubkey(cert)); + + /* extract signatureType */ + ExpectIntEQ(wolfSSL_X509_get_signature_type(NULL), 0); + ExpectIntNE((sigType = wolfSSL_X509_get_signature_type(cert)), 0); + + /* extract subjectName info */ + ExpectNotNull(name = X509_get_subject_name(cert)); + ExpectIntEQ(X509_NAME_get_text_by_NID(name, -1, NULL, 0), -1); + ExpectIntEQ(X509_NAME_get_text_by_NID(NULL, NID_commonName, NULL, 0), -1); + ExpectIntEQ(X509_NAME_get_text_by_NID(name, NID_commonName, + commonName, -2), 0); + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, + NULL, 0)), 0); + ExpectIntEQ(nameSz, 15); + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, + commonName, sizeof(commonName))), 0); + ExpectIntEQ(nameSz, 15); + ExpectIntEQ(XMEMCMP(commonName, "www.wolfssl.com", nameSz), 0); + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_commonName, + commonName, 9)), 0); + ExpectIntEQ(nameSz, 8); + ExpectIntEQ(XMEMCMP(commonName, "www.wolf", nameSz), 0); + + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_countryName, + countryName, sizeof(countryName))), 0); + ExpectIntEQ(XMEMCMP(countryName, "US", nameSz), 0); + + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_localityName, + localityName, sizeof(localityName))), 0); + ExpectIntEQ(XMEMCMP(localityName, "Bozeman", nameSz), 0); + + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, + NID_stateOrProvinceName, stateName, sizeof(stateName))), 0); + ExpectIntEQ(XMEMCMP(stateName, "Montana", nameSz), 0); + + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, NID_organizationName, + orgName, sizeof(orgName))), 0); + ExpectIntEQ(XMEMCMP(orgName, "wolfSSL_2048", nameSz), 0); + + ExpectIntGT((nameSz = X509_NAME_get_text_by_NID(name, + NID_organizationalUnitName, orgUnit, sizeof(orgUnit))), 0); + ExpectIntEQ(XMEMCMP(orgUnit, "Programming-2048", nameSz), 0); + + EVP_PKEY_free(pubKeyTmp); + X509_free(cert); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_set_srp_username(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && \ + !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_CLIENT) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + const char *username = "TESTUSER"; + const char *password = "TESTPASSWORD"; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectIntEQ(wolfSSL_CTX_set_srp_username(ctx, (char *)username), + SSL_SUCCESS); + wolfSSL_CTX_free(ctx); + ctx = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectIntEQ(wolfSSL_CTX_set_srp_password(ctx, (char *)password), + SSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_set_srp_username(ctx, (char *)username), + SSL_SUCCESS); + + ExpectNotNull(ssl = SSL_new(ctx)); + ExpectNotNull(SSL_get_srp_username(ssl)); + ExpectStrEQ(SSL_get_srp_username(ssl), username); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */ + /* && !NO_SHA256 && !WC_NO_RNG && !NO_WOLFSSL_CLIENT */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_set_srp_password(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFCRYPT_HAVE_SRP) && \ + !defined(NO_SHA256) && !defined(WC_NO_RNG) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_CLIENT) + WOLFSSL_CTX* ctx = NULL; + const char *username = "TESTUSER"; + const char *password = "TESTPASSWORD"; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectIntEQ(wolfSSL_CTX_set_srp_password(ctx, (char *)password), + SSL_SUCCESS); + wolfSSL_CTX_free(ctx); + ctx = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectIntEQ(wolfSSL_CTX_set_srp_username(ctx, (char *)username), + SSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_set_srp_password(ctx, (char *)password), + SSL_SUCCESS); + wolfSSL_CTX_free(ctx); +#endif /* OPENSSL_EXTRA && WOLFCRYPT_HAVE_SRP */ + /* && !NO_SHA256 && !WC_NO_RNG && !NO_WOLFSSL_CLIENT */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \ + !defined(NO_FILESYSTEM) + X509_STORE *store = NULL; + +#ifdef HAVE_CRL + X509_STORE_CTX *storeCtx = NULL; + X509 *ca = NULL; + X509 *cert = NULL; + const char srvCert[] = "./certs/server-revoked-cert.pem"; + const char caCert[] = "./certs/ca-cert.pem"; +#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP + X509_CRL *crl = NULL; + const char crlPem[] = "./certs/crl/crl.revoked"; + XFILE fp = XBADFILE; +#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ + + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); + ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, + SSL_FILETYPE_PEM))); + ExpectNotNull((storeCtx = X509_STORE_CTX_new())); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); + ExpectIntEQ(X509_verify_cert(storeCtx), SSL_SUCCESS); + X509_STORE_free(store); + store = NULL; + X509_STORE_CTX_free(storeCtx); + storeCtx = NULL; + X509_free(cert); + cert = NULL; + X509_free(ca); + ca = NULL; + +#ifndef WOLFSSL_CRL_ALLOW_MISSING_CDP + /* should fail to verify now after adding in CRL */ + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); + ExpectTrue((fp = XFOPEN(crlPem, "rb")) != XBADFILE); + ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, + NULL, NULL)); + if (fp != XBADFILE) + XFCLOSE(fp); + ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK),SSL_SUCCESS); + ExpectNotNull((storeCtx = X509_STORE_CTX_new())); + ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); + ExpectIntNE(X509_verify_cert(storeCtx), SSL_SUCCESS); + ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx), + WOLFSSL_X509_V_ERR_CERT_REVOKED); + X509_CRL_free(crl); + crl = NULL; + X509_STORE_free(store); + store = NULL; + X509_STORE_CTX_free(storeCtx); + storeCtx = NULL; + X509_free(cert); + cert = NULL; + X509_free(ca); + ca = NULL; +#endif /* !WOLFSSL_CRL_ALLOW_MISSING_CDP */ +#endif /* HAVE_CRL */ + + + +#if !defined(WOLFCRYPT_ONLY) && !defined(NO_FILESYSTEM) + { + #if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) + SSL_CTX* ctx = NULL; + SSL* ssl = NULL; + int i; + for (i = 0; i < 2; i++) { + #ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + #else + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); + #endif + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + SSL_CTX_set_cert_store(ctx, store); + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + SSL_CTX_set_cert_store(ctx, store); + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + ExpectIntEQ(SSL_CTX_use_certificate_file(ctx, svrCertFile, + SSL_FILETYPE_PEM), SSL_SUCCESS); + ExpectIntEQ(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + SSL_FILETYPE_PEM), SSL_SUCCESS); + ExpectNotNull(ssl = SSL_new(ctx)); + if (i == 0) { + ExpectIntEQ(SSL_set0_verify_cert_store(ssl, store), + SSL_SUCCESS); + } + else { + ExpectIntEQ(SSL_set1_verify_cert_store(ssl, store), SSL_SUCCESS); + #ifdef OPENSSL_ALL + ExpectIntEQ(SSL_CTX_set1_verify_cert_store(ctx, store), SSL_SUCCESS); + #endif + } + if (EXPECT_FAIL() || (i == 1)) { + X509_STORE_free(store); + store = NULL; + } + SSL_free(ssl); + ssl = NULL; + SSL_CTX_free(ctx); + ctx = NULL; + } + #endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ + } +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_load_locations(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) && \ + !defined(NO_TLS) + SSL_CTX *ctx = NULL; + X509_STORE *store = NULL; + + const char ca_file[] = "./certs/ca-cert.pem"; + const char client_pem_file[] = "./certs/client-cert.pem"; + const char client_der_file[] = "./certs/client-cert.der"; + const char ecc_file[] = "./certs/ecc-key.pem"; + const char certs_path[] = "./certs/"; + const char bad_path[] = "./bad-path/"; +#ifdef HAVE_CRL + const char crl_path[] = "./certs/crl/"; + const char crl_file[] = "./certs/crl/crl.pem"; +#endif + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); +#else + ExpectNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); +#endif + ExpectNotNull(store = SSL_CTX_get_cert_store(ctx)); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(store->cm, ca_file, NULL), + WOLFSSL_SUCCESS); + + /* Test bad arguments */ + ExpectIntEQ(X509_STORE_load_locations(NULL, ca_file, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_STORE_load_locations(store, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_STORE_load_locations(store, client_der_file, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_STORE_load_locations(store, ecc_file, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_STORE_load_locations(store, NULL, bad_path), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + +#ifdef HAVE_CRL + /* Test with CRL */ + ExpectIntEQ(X509_STORE_load_locations(store, crl_file, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_STORE_load_locations(store, NULL, crl_path), + WOLFSSL_SUCCESS); +#endif + + /* Test with CA */ + ExpectIntEQ(X509_STORE_load_locations(store, ca_file, NULL), + WOLFSSL_SUCCESS); + + /* Test with client_cert and certs path */ + ExpectIntEQ(X509_STORE_load_locations(store, client_pem_file, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_STORE_load_locations(store, NULL, certs_path), + WOLFSSL_SUCCESS); + +#if defined(XGETENV) && !defined(NO_GETENV) && defined(_POSIX_C_SOURCE) && \ + _POSIX_C_SOURCE >= 200112L + ExpectIntEQ(wolfSSL_CTX_UnloadCAs(ctx), WOLFSSL_SUCCESS); + /* Test with env vars */ + ExpectIntEQ(setenv("SSL_CERT_FILE", client_pem_file, 1), 0); + ExpectIntEQ(setenv("SSL_CERT_DIR", certs_path, 1), 0); + ExpectIntEQ(X509_STORE_set_default_paths(store), WOLFSSL_SUCCESS); +#endif + +#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) + /* Clear nodes */ + ERR_clear_error(); +#endif + + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_X509_STORE_get0_objects(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_DIR) && !defined(NO_RSA) + X509_STORE *store = NULL; + X509_STORE *store_cpy = NULL; + SSL_CTX *ctx = NULL; + X509_OBJECT *obj = NULL; +#ifdef HAVE_CRL + X509_OBJECT *objCopy = NULL; +#endif + STACK_OF(X509_OBJECT) *objs = NULL; + STACK_OF(X509_OBJECT) *objsCopy = NULL; + int i; + + /* Setup store */ +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(SSLv23_server_method())); +#else + ExpectNotNull(ctx = SSL_CTX_new(SSLv23_client_method())); +#endif + ExpectNotNull(store_cpy = X509_STORE_new()); + ExpectNotNull(store = SSL_CTX_get_cert_store(ctx)); + ExpectIntEQ(X509_STORE_load_locations(store, cliCertFile, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_STORE_load_locations(store, caCertFile, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_STORE_load_locations(store, svrCertFile, NULL), + WOLFSSL_SUCCESS); +#ifdef HAVE_CRL + ExpectIntEQ(X509_STORE_load_locations(store, NULL, crlPemDir), + WOLFSSL_SUCCESS); +#endif + /* Store ready */ + + /* Similar to HaProxy ssl_set_cert_crl_file use case */ + ExpectNotNull(objs = X509_STORE_get0_objects(store)); +#ifdef HAVE_CRL +#ifdef WOLFSSL_SIGNER_DER_CERT + ExpectIntEQ(sk_X509_OBJECT_num(objs), 4); +#else + ExpectIntEQ(sk_X509_OBJECT_num(objs), 1); +#endif +#else +#ifdef WOLFSSL_SIGNER_DER_CERT + ExpectIntEQ(sk_X509_OBJECT_num(objs), 3); +#else + ExpectIntEQ(sk_X509_OBJECT_num(objs), 0); +#endif +#endif + ExpectIntEQ(sk_X509_OBJECT_num(NULL), 0); + ExpectNull(sk_X509_OBJECT_value(NULL, 0)); + ExpectNull(sk_X509_OBJECT_value(NULL, 1)); + ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs))); + ExpectNull(sk_X509_OBJECT_value(objs, sk_X509_OBJECT_num(objs) + 1)); +#ifndef NO_WOLFSSL_STUB + ExpectNull(sk_X509_OBJECT_delete(objs, 0)); +#endif + ExpectNotNull(objsCopy = sk_X509_OBJECT_deep_copy(objs, NULL, NULL)); + ExpectIntEQ(sk_X509_OBJECT_num(objs), sk_X509_OBJECT_num(objsCopy)); + for (i = 0; i < sk_X509_OBJECT_num(objs) && EXPECT_SUCCESS(); i++) { + obj = (X509_OBJECT*)sk_X509_OBJECT_value(objs, i); + #ifdef HAVE_CRL + objCopy = (X509_OBJECT*)sk_X509_OBJECT_value(objsCopy, i); + #endif + switch (X509_OBJECT_get_type(obj)) { + case X509_LU_X509: + { + X509* x509 = NULL; + X509_NAME *subj_name = NULL; + ExpectNull(X509_OBJECT_get0_X509_CRL(NULL)); + ExpectNull(X509_OBJECT_get0_X509_CRL(obj)); + ExpectNotNull(x509 = X509_OBJECT_get0_X509(obj)); + ExpectIntEQ(X509_STORE_add_cert(store_cpy, x509), WOLFSSL_SUCCESS); + ExpectNotNull(subj_name = X509_get_subject_name(x509)); + ExpectPtrEq(obj, X509_OBJECT_retrieve_by_subject(objs, X509_LU_X509, + subj_name)); + + break; + } + case X509_LU_CRL: +#ifdef HAVE_CRL + { + X509_CRL* crl = NULL; + ExpectNull(X509_OBJECT_get0_X509(NULL)); + ExpectNull(X509_OBJECT_get0_X509(obj)); + ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(obj)); + ExpectIntEQ(X509_STORE_add_crl(store_cpy, crl), WOLFSSL_SUCCESS); + + ExpectNotNull(crl = X509_OBJECT_get0_X509_CRL(objCopy)); + break; + } +#endif + case X509_LU_NONE: + default: + Fail(("X509_OBJECT_get_type should return x509 or crl " + "(when built with crl support)"), + ("Unrecognized X509_OBJECT type or none")); + } + } + + X509_STORE_free(store_cpy); + SSL_CTX_free(ctx); + + wolfSSL_sk_X509_OBJECT_free(NULL); + objs = NULL; + wolfSSL_sk_pop_free(objsCopy, NULL); + objsCopy = NULL; + ExpectNotNull(objs = wolfSSL_sk_X509_OBJECT_new()); + ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(objs, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_sk_X509_OBJECT_push(NULL, obj), WOLFSSL_FAILURE); + ExpectNotNull(objsCopy = sk_X509_OBJECT_deep_copy(objs, NULL, NULL)); + wolfSSL_sk_X509_OBJECT_free(objsCopy); + wolfSSL_sk_X509_OBJECT_free(objs); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) +#define TEST_ARG 0x1234 +static void msg_cb(int write_p, int version, int content_type, + const void *buf, size_t len, SSL *ssl, void *arg) +{ + (void)write_p; + (void)version; + (void)content_type; + (void)buf; + (void)len; + (void)ssl; + + AssertTrue(arg == (void*)TEST_ARG); +} +#endif + +#if defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +#if defined(SESSION_CERTS) +#include "wolfssl/internal.h" +#endif +static int msgSrvCb(SSL_CTX *ctx, SSL *ssl) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(SESSION_CERTS) && !defined(NO_BIO) + STACK_OF(X509)* sk = NULL; + X509* x509 = NULL; + int i, num; + BIO* bio = NULL; +#endif + + ExpectNotNull(ctx); + ExpectNotNull(ssl); + + fprintf(stderr, "\n===== msgSrvCb called ====\n"); +#if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN) + ExpectTrue(SSL_get_peer_cert_chain(ssl) != NULL); + ExpectIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 2); + ExpectNotNull(SSL_get0_verified_chain(ssl)); +#endif + +#if defined(OPENSSL_ALL) && defined(SESSION_CERTS) && !defined(NO_BIO) +#ifdef KEEP_PEER_CERT + { + WOLFSSL_X509* peer = NULL; + ExpectNotNull(peer= wolfSSL_get_peer_certificate(ssl)); + ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE)); + fprintf(stderr, "Peer Certificate = :\n"); + X509_print(bio, peer); + X509_free(peer); + } +#endif + + ExpectNotNull(sk = SSL_get_peer_cert_chain(ssl)); + if (sk == NULL) { + BIO_free(bio); + return TEST_FAIL; + } + num = sk_X509_num(sk); + ExpectTrue(num > 0); + for (i = 0; i < num; i++) { + ExpectNotNull(x509 = sk_X509_value(sk,i)); + if (x509 == NULL) + break; + fprintf(stderr, "Certificate at index [%d] = :\n",i); + X509_print(bio,x509); + fprintf(stderr, "\n\n"); + } + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +static int msgCb(SSL_CTX *ctx, SSL *ssl) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(SESSION_CERTS) && !defined(NO_BIO) + STACK_OF(X509)* sk = NULL; + X509* x509 = NULL; + int i, num; + BIO* bio = NULL; +#endif + + ExpectNotNull(ctx); + ExpectNotNull(ssl); + + fprintf(stderr, "\n===== msgcb called ====\n"); +#if defined(SESSION_CERTS) && defined(TEST_PEER_CERT_CHAIN) + ExpectTrue(SSL_get_peer_cert_chain(ssl) != NULL); + ExpectIntEQ(((WOLFSSL_X509_CHAIN *)SSL_get_peer_cert_chain(ssl))->count, 2); + ExpectNotNull(SSL_get0_verified_chain(ssl)); +#endif + +#if defined(OPENSSL_ALL) && defined(SESSION_CERTS) && !defined(NO_BIO) + ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE)); + ExpectNotNull(sk = SSL_get_peer_cert_chain(ssl)); + if (sk == NULL) { + BIO_free(bio); + return TEST_FAIL; + } + num = sk_X509_num(sk); + ExpectTrue(num > 0); + for (i = 0; i < num; i++) { + ExpectNotNull(x509 = sk_X509_value(sk,i)); + if (x509 == NULL) + break; + fprintf(stderr, "Certificate at index [%d] = :\n",i); + X509_print(bio,x509); + fprintf(stderr, "\n\n"); + } + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_msgCb(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(DEBUG_WOLFSSL) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) + test_ssl_cbf client_cb; + test_ssl_cbf server_cb; + + XMEMSET(&client_cb, 0, sizeof(client_cb)); + XMEMSET(&server_cb, 0, sizeof(server_cb)); +#ifndef WOLFSSL_NO_TLS12 + client_cb.method = wolfTLSv1_2_client_method; + server_cb.method = wolfTLSv1_2_server_method; +#else + client_cb.method = wolfTLSv1_3_client_method; + server_cb.method = wolfTLSv1_3_server_method; +#endif + server_cb.caPemFile = caCertFile; + client_cb.certPemFile = "./certs/intermediate/client-chain.pem"; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio_ex(&client_cb, + &server_cb, msgCb, msgSrvCb), TEST_SUCCESS); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_either_side(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) + test_ssl_cbf client_cb; + test_ssl_cbf server_cb; + + XMEMSET(&client_cb, 0, sizeof(client_cb)); + XMEMSET(&server_cb, 0, sizeof(server_cb)); + + /* Use different CTX for client and server */ + client_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method()); + ExpectNotNull(client_cb.ctx); + server_cb.ctx = wolfSSL_CTX_new(wolfSSLv23_method()); + ExpectNotNull(server_cb.ctx); + /* we are responsible for free'ing WOLFSSL_CTX */ + server_cb.isSharedCtx = client_cb.isSharedCtx = 1; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cb, + &server_cb, NULL), TEST_SUCCESS); + + wolfSSL_CTX_free(client_cb.ctx); + wolfSSL_CTX_free(server_cb.ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_DTLS_either_side(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_EITHER_SIDE)) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) + test_ssl_cbf client_cb; + test_ssl_cbf server_cb; + + XMEMSET(&client_cb, 0, sizeof(client_cb)); + XMEMSET(&server_cb, 0, sizeof(server_cb)); + + /* Use different CTX for client and server */ + client_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method()); + ExpectNotNull(client_cb.ctx); + server_cb.ctx = wolfSSL_CTX_new(wolfDTLS_method()); + ExpectNotNull(server_cb.ctx); + /* we are responsible for free'ing WOLFSSL_CTX */ + server_cb.isSharedCtx = client_cb.isSharedCtx = 1; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cb, + &server_cb, NULL), TEST_SUCCESS); + + wolfSSL_CTX_free(client_cb.ctx); + wolfSSL_CTX_free(server_cb.ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_generate_cookie(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_DTLS) && defined(OPENSSL_EXTRA) && defined(USE_WOLFSSL_IO) + SSL_CTX* ctx = NULL; + SSL* ssl = NULL; + byte buf[FOURK_BUF] = {0}; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLS_method())); + ExpectNotNull(ssl = SSL_new(ctx)); + + /* Test unconnected */ + ExpectIntEQ(EmbedGenerateCookie(ssl, buf, FOURK_BUF, NULL), WC_NO_ERR_TRACE(GEN_COOKIE_E)); + + wolfSSL_CTX_SetGenCookie(ctx, EmbedGenerateCookie); + + wolfSSL_SetCookieCtx(ssl, ctx); + + ExpectNotNull(wolfSSL_GetCookieCtx(ssl)); + + ExpectNull(wolfSSL_GetCookieCtx(NULL)); + + SSL_free(ssl); + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_set_options(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_TLS) && !defined(NO_FILESYSTEM) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ + !defined(NO_RSA) + WOLFSSL* ssl = NULL; + WOLFSSL_CTX* ctx = NULL; +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) + char appData[] = "extra msg"; +#endif +#ifdef OPENSSL_EXTRA + unsigned char protos[] = { + 7, 't', 'l', 's', '/', '1', '.', '2', + 8, 'h', 't', 't', 'p', '/', '1', '.', '1' + }; + unsigned int len = sizeof(protos); + void *arg = (void *)TEST_ARG; +#endif + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + CERT_FILETYPE)); + + ExpectTrue(wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1) + == WOLFSSL_OP_NO_TLSv1); + ExpectTrue(wolfSSL_CTX_get_options(ctx) == WOLFSSL_OP_NO_TLSv1); + + ExpectIntGT((int)wolfSSL_CTX_set_options(ctx, (WOLFSSL_OP_COOKIE_EXCHANGE | + WOLFSSL_OP_NO_SSLv2)), 0); + ExpectTrue((wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_COOKIE_EXCHANGE) & + WOLFSSL_OP_COOKIE_EXCHANGE) == WOLFSSL_OP_COOKIE_EXCHANGE); + ExpectTrue((wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_TLSv1_2) & + WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2); + ExpectTrue((wolfSSL_CTX_set_options(ctx, WOLFSSL_OP_NO_COMPRESSION) & + WOLFSSL_OP_NO_COMPRESSION) == WOLFSSL_OP_NO_COMPRESSION); + ExpectFalse((wolfSSL_CTX_clear_options(ctx, WOLFSSL_OP_NO_COMPRESSION) & + WOLFSSL_OP_NO_COMPRESSION)); + + wolfSSL_CTX_free(ctx); + ctx = NULL; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + CERT_FILETYPE)); +#ifdef OPENSSL_EXTRA + ExpectTrue(wolfSSL_CTX_set_msg_callback(ctx, msg_cb) == WOLFSSL_SUCCESS); +#endif + + ExpectNotNull(ssl = wolfSSL_new(ctx)); +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) +#ifdef HAVE_EX_DATA + ExpectIntEQ(wolfSSL_set_app_data(ssl, (void*)appData), WOLFSSL_SUCCESS); + ExpectNotNull(wolfSSL_get_app_data((const WOLFSSL*)ssl)); + if (ssl != NULL) { + ExpectIntEQ(XMEMCMP(wolfSSL_get_app_data((const WOLFSSL*)ssl), + appData, sizeof(appData)), 0); + } +#else + ExpectIntEQ(wolfSSL_set_app_data(ssl, (void*)appData), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectNull(wolfSSL_get_app_data((const WOLFSSL*)ssl)); +#endif +#endif + + ExpectTrue(wolfSSL_set_options(ssl, WOLFSSL_OP_NO_TLSv1) == + WOLFSSL_OP_NO_TLSv1); + + ExpectTrue(wolfSSL_get_options(ssl) == WOLFSSL_OP_NO_TLSv1); + + ExpectIntGT((int)wolfSSL_set_options(ssl, (WOLFSSL_OP_COOKIE_EXCHANGE | + WOLFSSL_OP_NO_SSLv2)), 0); + + ExpectTrue((wolfSSL_set_options(ssl, WOLFSSL_OP_COOKIE_EXCHANGE) & + WOLFSSL_OP_COOKIE_EXCHANGE) == WOLFSSL_OP_COOKIE_EXCHANGE); + + ExpectTrue((wolfSSL_set_options(ssl, WOLFSSL_OP_NO_TLSv1_2) & + WOLFSSL_OP_NO_TLSv1_2) == WOLFSSL_OP_NO_TLSv1_2); + + ExpectTrue((wolfSSL_set_options(ssl, WOLFSSL_OP_NO_COMPRESSION) & + WOLFSSL_OP_NO_COMPRESSION) == WOLFSSL_OP_NO_COMPRESSION); + +#ifdef OPENSSL_EXTRA + ExpectFalse((wolfSSL_clear_options(ssl, WOLFSSL_OP_NO_COMPRESSION) & + WOLFSSL_OP_NO_COMPRESSION)); +#endif + +#ifdef OPENSSL_EXTRA + ExpectTrue(wolfSSL_set_msg_callback(ssl, msg_cb) == WOLFSSL_SUCCESS); + wolfSSL_set_msg_callback_arg(ssl, arg); +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectTrue(wolfSSL_CTX_set_alpn_protos(ctx, protos, len) == 0); +#else + ExpectTrue(wolfSSL_CTX_set_alpn_protos(ctx, protos, len) == WOLFSSL_SUCCESS); +#endif +#endif + +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(OPENSSL_ALL) || \ + defined(HAVE_LIGHTY) || defined(HAVE_STUNNEL) + +#if defined(HAVE_ALPN) && !defined(NO_BIO) + +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectTrue(wolfSSL_set_alpn_protos(ssl, protos, len) == 0); +#else + ExpectTrue(wolfSSL_set_alpn_protos(ssl, protos, len) == WOLFSSL_SUCCESS); +#endif + +#endif /* HAVE_ALPN && !NO_BIO */ +#endif + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_sk_SSL_CIPHER(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) +#if !defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER) + SSL* ssl = NULL; + SSL_CTX* ctx = NULL; + STACK_OF(SSL_CIPHER) *sk = NULL; + STACK_OF(SSL_CIPHER) *dupSk = NULL; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); +#endif + ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, SSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); + ExpectNotNull(ssl = SSL_new(ctx)); + ExpectNotNull(sk = SSL_get_ciphers(ssl)); + ExpectNotNull(dupSk = sk_SSL_CIPHER_dup(sk)); + ExpectIntGT(sk_SSL_CIPHER_num(sk), 0); + ExpectIntEQ(sk_SSL_CIPHER_num(sk), sk_SSL_CIPHER_num(dupSk)); + + /* error case because connection has not been established yet */ + ExpectIntEQ(sk_SSL_CIPHER_find(sk, SSL_get_current_cipher(ssl)), -1); + sk_SSL_CIPHER_free(dupSk); + + /* sk is pointer to internal struct that should be free'd in SSL_free */ + SSL_free(ssl); + SSL_CTX_free(ctx); +#endif /* !NO_WOLFSSL_CLIENT || !NO_WOLFSSL_SERVER */ +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_set1_curves_list(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ + !defined(NO_FILESYSTEM) + SSL* ssl = NULL; + SSL_CTX* ctx = NULL; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); +#endif + ExpectTrue(SSL_CTX_use_certificate_file(ctx, eccCertFile, + SSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, SSL_FILETYPE_PEM)); + ExpectNotNull(ssl = SSL_new(ctx)); + + ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#ifdef HAVE_ECC + ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "P-25X"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "P-256"), WOLFSSL_SUCCESS); +#endif +#ifdef HAVE_CURVE25519 + ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WOLFSSL_SUCCESS); +#else + ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X25519"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif +#ifdef HAVE_CURVE448 + ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WOLFSSL_SUCCESS); +#else + ExpectIntEQ(SSL_CTX_set1_curves_list(ctx, "X448"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + + ExpectIntEQ(SSL_set1_curves_list(ssl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#ifdef HAVE_ECC + ExpectIntEQ(SSL_set1_curves_list(ssl, "P-25X"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_set1_curves_list(ssl, "P-256"), WOLFSSL_SUCCESS); +#endif + +#ifdef HAVE_CURVE25519 + ExpectIntEQ(SSL_set1_curves_list(ssl, "X25519"), WOLFSSL_SUCCESS); +#else + ExpectIntEQ(SSL_set1_curves_list(ssl, "X25519"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif +#ifdef HAVE_CURVE448 + ExpectIntEQ(SSL_set1_curves_list(ssl, "X448"), WOLFSSL_SUCCESS); +#else + ExpectIntEQ(SSL_set1_curves_list(ssl, "X448"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + + SSL_free(ssl); + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && defined(HAVE_ECC) +static int test_wolfSSL_curves_mismatch_ctx_ready(WOLFSSL_CTX* ctx) +{ + static int counter = 0; + EXPECT_DECLS; + + if (counter % 2) { + ExpectIntEQ(wolfSSL_CTX_set1_curves_list(ctx, "P-256"), + WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(wolfSSL_CTX_set1_curves_list(ctx, "P-384"), + WOLFSSL_SUCCESS); + } + + /* Ciphersuites that require curves */ + wolfSSL_CTX_set_cipher_list(ctx, "TLS13-AES256-GCM-SHA384:" + "TLS13-CHACHA20-POLY1305-SHA256:TLS13-AES128-GCM-SHA256:" + "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:" + "ECDHE-ECDSA-AES128-GCM-SHA256:" + "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:" + "ECDHE-ECDSA-CHACHA20-POLY1305"); + + counter++; + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_curves_mismatch(void) +{ + EXPECT_DECLS; +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && defined(HAVE_ECC) + test_ssl_cbf func_cb_client; + test_ssl_cbf func_cb_server; + size_t i; + struct { + method_provider client_meth; + method_provider server_meth; + const char* desc; + int client_last_err; + int server_last_err; + } test_params[] = { +#ifdef WOLFSSL_TLS13 + {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLS 1.3", + /* Client gets error because server will attempt HRR */ + WC_NO_ERR_TRACE(BAD_KEY_SHARE_DATA), + WC_NO_ERR_TRACE(FATAL_ERROR) + }, +#endif +#ifndef WOLFSSL_NO_TLS12 + {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLS 1.2", + WC_NO_ERR_TRACE(FATAL_ERROR), + /* Server gets error because <=1.2 doesn't have a mechanism + * to negotiate curves. */ +#ifdef OPENSSL_EXTRA + WC_NO_ERR_TRACE(WOLFSSL_ERROR_SYSCALL) +#else + WC_NO_ERR_TRACE(MATCH_SUITE_ERROR) +#endif + }, +#endif +#ifndef NO_OLD_TLS + {wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLS 1.1", + WC_NO_ERR_TRACE(FATAL_ERROR), +#ifdef OPENSSL_EXTRA + WC_NO_ERR_TRACE(WOLFSSL_ERROR_SYSCALL) +#else + WC_NO_ERR_TRACE(MATCH_SUITE_ERROR) +#endif + }, +#endif + }; + + for (i = 0; i < XELEM_CNT(test_params) && !EXPECT_FAIL(); i++) { + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + printf("\tTesting with %s...\n", test_params[i].desc); + + func_cb_client.ctx_ready = &test_wolfSSL_curves_mismatch_ctx_ready; + func_cb_server.ctx_ready = &test_wolfSSL_curves_mismatch_ctx_ready; + + func_cb_client.method = test_params[i].client_meth; + func_cb_server.method = test_params[i].server_meth; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), -1001); + ExpectIntEQ(func_cb_client.last_err, test_params[i].client_last_err); + ExpectIntEQ(func_cb_server.last_err, test_params[i].server_last_err); + + if (!EXPECT_SUCCESS()) + break; + printf("\t%s passed\n", test_params[i].desc); + } +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_set1_sigalgs_list(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ + !defined(NO_FILESYSTEM) + SSL* ssl = NULL; + SSL_CTX* ctx = NULL; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); +#endif + ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, + SSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); + ExpectNotNull(ssl = SSL_new(ctx)); + + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, ""), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, ""), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + +#ifndef NO_RSA + #ifndef NO_SHA256 + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(NULL, "RSA+SHA256"), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(NULL, "RSA+SHA256"), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256"), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256"), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-SHA256"), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-SHA256"), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + #ifdef WC_RSA_PSS + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA-PSS+SHA256"), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA-PSS+SHA256"), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "PSS+SHA256"), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "PSS+SHA256"), + WOLFSSL_SUCCESS); + #endif + #ifdef WOLFSSL_SHA512 + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, + "RSA+SHA256:RSA+SHA512"), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, + "RSA+SHA256:RSA+SHA512"), WOLFSSL_SUCCESS); + #elif defined(WOLFSSL_SHA384) + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, + "RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, + "RSA+SHA256:RSA+SHA384"), WOLFSSL_SUCCESS); + #endif + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA:RSA+SHA256"), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA:RSA+SHA256"), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "RSA+SHA256+SHA256"), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "RSA+SHA256+RSA"), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + #endif +#endif +#ifdef HAVE_ECC + #ifndef NO_SHA256 + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ECDSA+SHA256"), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ECDSA+SHA256"), + WOLFSSL_SUCCESS); + #ifdef WOLFSSL_SHA512 + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, + "ECDSA+SHA256:ECDSA+SHA512"), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, + "ECDSA+SHA256:ECDSA+SHA512"), WOLFSSL_SUCCESS); + #elif defined(WOLFSSL_SHA384) + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, + "ECDSA+SHA256:ECDSA+SHA384"), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, + "ECDSA+SHA256:ECDSA+SHA384"), WOLFSSL_SUCCESS); + #endif + #endif +#endif +#ifdef HAVE_ED25519 + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ED25519"), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ED25519"), WOLFSSL_SUCCESS); +#endif +#ifdef HAVE_ED448 + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "ED448"), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "ED448"), WOLFSSL_SUCCESS); +#endif +#ifndef NO_DSA + #ifndef NO_SHA256 + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "DSA+SHA256"), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "DSA+SHA256"), + WOLFSSL_SUCCESS); + #endif + #if !defined(NO_SHA) && (!defined(NO_OLD_TLS) || \ + defined(WOLFSSL_ALLOW_TLS_SHA1)) + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, "DSA+SHA1"), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, "DSA+SHA1"), + WOLFSSL_SUCCESS); + #endif +#endif + + SSL_free(ssl); + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +/* Testing wolfSSL_set_tlsext_status_type function. + * PRE: OPENSSL and HAVE_CERTIFICATE_STATUS_REQUEST defined. + */ +static int test_wolfSSL_set_tlsext_status_type(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ + !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER) + SSL* ssl = NULL; + SSL_CTX* ctx = NULL; + + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + ExpectTrue(SSL_CTX_use_certificate_file(ctx, svrCertFile, + SSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, SSL_FILETYPE_PEM)); + ExpectNotNull(ssl = SSL_new(ctx)); + ExpectIntEQ(SSL_set_tlsext_status_type(ssl,TLSEXT_STATUSTYPE_ocsp), + SSL_SUCCESS); + ExpectIntEQ(SSL_get_tlsext_status_type(ssl), TLSEXT_STATUSTYPE_ocsp); + SSL_free(ssl); + SSL_CTX_free(ctx); +#endif /* OPENSSL_EXTRA && HAVE_CERTIFICATE_STATUS_REQUEST && !NO_RSA */ + return EXPECT_RESULT(); +} + +#ifndef NO_BIO + +static int test_wolfSSL_PEM_read_bio(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + byte buff[6000]; + XFILE f = XBADFILE; + int bytes = 0; + X509* x509 = NULL; + BIO* bio = NULL; + BUF_MEM* buf = NULL; + + ExpectTrue((f = XFOPEN(cliCertFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); + ExpectNotNull(bio = BIO_new_mem_buf((void*)buff, bytes)); + ExpectIntEQ(BIO_set_mem_eof_return(bio, -0xDEAD), 1); + ExpectNotNull(x509 = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL)); + ExpectIntEQ((int)BIO_set_fd(bio, 0, BIO_CLOSE), 1); + /* BIO should return the set EOF value */ + ExpectIntEQ(BIO_read(bio, buff, sizeof(buff)), -0xDEAD); + ExpectIntEQ(BIO_set_close(bio, BIO_NOCLOSE), 1); + ExpectIntEQ(BIO_set_close(NULL, BIO_NOCLOSE), 1); + ExpectIntEQ(SSL_SUCCESS, BIO_get_mem_ptr(bio, &buf)); + + BIO_free(bio); + BUF_MEM_free(buf); + X509_free(x509); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && + * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + return EXPECT_RESULT(); +} + + +#if defined(OPENSSL_EXTRA) +static long bioCallback(BIO *bio, int cmd, const char* argp, int argi, + long argl, long ret) +{ + (void)bio; + (void)cmd; + (void)argp; + (void)argi; + (void)argl; + return ret; +} +#endif + + +static int test_wolfSSL_BIO(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + const unsigned char* p = NULL; + byte buff[20]; + BIO* bio1 = NULL; + BIO* bio2 = NULL; + BIO* bio3 = NULL; + char* bufPt = NULL; + int i; + + for (i = 0; i < 20; i++) { + buff[i] = i; + } + /* test BIO_free with NULL */ + ExpectIntEQ(BIO_free(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Creating and testing type BIO_s_bio */ + ExpectNotNull(bio1 = BIO_new(BIO_s_bio())); + ExpectNotNull(bio2 = BIO_new(BIO_s_bio())); + ExpectNotNull(bio3 = BIO_new(BIO_s_bio())); + + /* read/write before set up */ + ExpectIntEQ(BIO_read(bio1, buff, 2), WOLFSSL_BIO_UNSET); + ExpectIntEQ(BIO_write(bio1, buff, 2), WOLFSSL_BIO_UNSET); + + ExpectIntEQ(BIO_set_nbio(bio1, 1), 1); + ExpectIntEQ(BIO_set_write_buf_size(bio1, 20), WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_set_write_buf_size(bio2, 8), WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS); + + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 10), 10); + ExpectNotNull(XMEMCPY(bufPt, buff, 10)); + ExpectIntEQ(BIO_write(bio1, buff + 10, 10), 10); + /* write buffer full */ + ExpectIntEQ(BIO_write(bio1, buff, 10), WOLFSSL_BIO_ERROR); + ExpectIntEQ(BIO_flush(bio1), WOLFSSL_SUCCESS); + ExpectIntEQ((int)BIO_ctrl_pending(bio1), 0); + + /* write the other direction with pair */ + ExpectIntEQ((int)BIO_nwrite(bio2, &bufPt, 10), 8); + ExpectNotNull(XMEMCPY(bufPt, buff, 8)); + ExpectIntEQ(BIO_write(bio2, buff, 10), WOLFSSL_BIO_ERROR); + + /* try read */ + ExpectIntEQ((int)BIO_ctrl_pending(bio1), 8); + ExpectIntEQ((int)BIO_ctrl_pending(bio2), 20); + + /* try read using ctrl function */ + ExpectIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_WPENDING, 0, NULL), 8); + ExpectIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_PENDING, 0, NULL), 8); + ExpectIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_WPENDING, 0, NULL), 20); + ExpectIntEQ((int)BIO_ctrl(bio2, BIO_CTRL_PENDING, 0, NULL), 20); + + ExpectIntEQ(BIO_nread(bio2, &bufPt, (int)BIO_ctrl_pending(bio2)), 20); + for (i = 0; i < 20; i++) { + ExpectIntEQ((int)bufPt[i], i); + } + ExpectIntEQ(BIO_nread(bio2, &bufPt, 1), 0); + ExpectIntEQ(BIO_nread(bio1, &bufPt, (int)BIO_ctrl_pending(bio1)), 8); + for (i = 0; i < 8; i++) { + ExpectIntEQ((int)bufPt[i], i); + } + ExpectIntEQ(BIO_nread(bio1, &bufPt, 1), 0); + ExpectIntEQ(BIO_ctrl_reset_read_request(bio1), 1); + + /* new pair */ + ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + BIO_free(bio2); /* free bio2 and automatically remove from pair */ + bio2 = NULL; + ExpectIntEQ(BIO_make_bio_pair(bio1, bio3), WOLFSSL_SUCCESS); + ExpectIntEQ((int)BIO_ctrl_pending(bio3), 0); + ExpectIntEQ(BIO_nread(bio3, &bufPt, 10), 0); + + /* test wrap around... */ + ExpectIntEQ(BIO_reset(bio1), 1); + ExpectIntEQ(BIO_reset(bio3), 1); + + /* fill write buffer, read only small amount then write again */ + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); + ExpectNotNull(XMEMCPY(bufPt, buff, 20)); + ExpectIntEQ(BIO_nread(bio3, &bufPt, 4), 4); + for (i = 0; i < 4; i++) { + ExpectIntEQ(bufPt[i], i); + } + + /* try writing over read index */ + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 5), 4); + ExpectNotNull(XMEMSET(bufPt, 0, 4)); + ExpectIntEQ((int)BIO_ctrl_pending(bio3), 20); + + /* read and write 0 bytes */ + ExpectIntEQ(BIO_nread(bio3, &bufPt, 0), 0); + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 0), 0); + + /* should read only to end of write buffer then need to read again */ + ExpectIntEQ(BIO_nread(bio3, &bufPt, 20), 16); + for (i = 0; i < 16; i++) { + ExpectIntEQ(bufPt[i], buff[4 + i]); + } + + ExpectIntEQ(BIO_nread(bio3, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(BIO_nread0(bio3, &bufPt), 4); + for (i = 0; i < 4; i++) { + ExpectIntEQ(bufPt[i], 0); + } + + /* read index should not have advanced with nread0 */ + ExpectIntEQ(BIO_nread(bio3, &bufPt, 5), 4); + for (i = 0; i < 4; i++) { + ExpectIntEQ(bufPt[i], 0); + } + + /* write and fill up buffer checking reset of index state */ + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); + ExpectNotNull(XMEMCPY(bufPt, buff, 20)); + + /* test reset on data in bio1 write buffer */ + ExpectIntEQ(BIO_reset(bio1), 1); + ExpectIntEQ((int)BIO_ctrl_pending(bio3), 0); + ExpectIntEQ(BIO_nread(bio3, &bufPt, 3), 0); + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 20), 20); + ExpectIntEQ((int)BIO_ctrl(bio1, BIO_CTRL_INFO, 0, &p), 20); + ExpectNotNull(p); + ExpectNotNull(XMEMCPY(bufPt, buff, 20)); + ExpectIntEQ(BIO_nread(bio3, &bufPt, 6), 6); + for (i = 0; i < 6; i++) { + ExpectIntEQ(bufPt[i], i); + } + + /* test case of writing twice with offset read index */ + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 3), 3); + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), 3); /* try overwriting */ + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); + ExpectIntEQ(BIO_nread(bio3, &bufPt, 0), 0); + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); + ExpectIntEQ(BIO_nread(bio3, &bufPt, 1), 1); + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), 1); + ExpectIntEQ(BIO_nwrite(bio1, &bufPt, 4), WOLFSSL_BIO_ERROR); + + BIO_free(bio1); + bio1 = NULL; + BIO_free(bio3); + bio3 = NULL; + + #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) + { + BIO* bioA = NULL; + BIO* bioB = NULL; + ExpectIntEQ(BIO_new_bio_pair(NULL, 256, NULL, 256), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(BIO_new_bio_pair(&bioA, 256, &bioB, 256), WOLFSSL_SUCCESS); + BIO_free(bioA); + bioA = NULL; + BIO_free(bioB); + bioB = NULL; + } + #endif /* OPENSSL_ALL || WOLFSSL_ASIO */ + + /* BIOs with file pointers */ + #if !defined(NO_FILESYSTEM) + { + XFILE f1 = XBADFILE; + XFILE f2 = XBADFILE; + BIO* f_bio1 = NULL; + BIO* f_bio2 = NULL; + unsigned char cert[300]; + char testFile[] = "tests/bio_write_test.txt"; + char msg[] = "bio_write_test.txt contains the first 300 bytes of certs/server-cert.pem\ncreated by tests/unit.test\n\n"; + + ExpectNotNull(f_bio1 = BIO_new(BIO_s_file())); + ExpectNotNull(f_bio2 = BIO_new(BIO_s_file())); + + /* Failure due to wrong BIO type */ + ExpectIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0); + ExpectIntEQ((int)BIO_set_mem_eof_return(NULL, -1), 0); + + ExpectTrue((f1 = XFOPEN(svrCertFile, "rb+")) != XBADFILE); + ExpectIntEQ((int)BIO_set_fp(f_bio1, f1, BIO_CLOSE), WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_write_filename(f_bio2, testFile), + WOLFSSL_SUCCESS); + + ExpectIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert)); + ExpectIntEQ(BIO_tell(f_bio1),sizeof(cert)); + ExpectIntEQ(BIO_write(f_bio2, msg, sizeof(msg)), sizeof(msg)); + ExpectIntEQ(BIO_tell(f_bio2),sizeof(msg)); + ExpectIntEQ(BIO_write(f_bio2, cert, sizeof(cert)), sizeof(cert)); + ExpectIntEQ(BIO_tell(f_bio2),sizeof(cert) + sizeof(msg)); + + ExpectIntEQ((int)BIO_get_fp(f_bio2, &f2), WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_reset(f_bio2), 1); + ExpectIntEQ(BIO_tell(NULL),-1); + ExpectIntEQ(BIO_tell(f_bio2),0); + ExpectIntEQ(BIO_seek(f_bio2, 4), 0); + ExpectIntEQ(BIO_tell(f_bio2),4); + + BIO_free(f_bio1); + f_bio1 = NULL; + BIO_free(f_bio2); + f_bio2 = NULL; + + ExpectNotNull(f_bio1 = BIO_new_file(svrCertFile, "rb+")); + ExpectIntEQ((int)BIO_set_mem_eof_return(f_bio1, -1), 0); + ExpectIntEQ(BIO_read(f_bio1, cert, sizeof(cert)), sizeof(cert)); + BIO_free(f_bio1); + f_bio1 = NULL; + } + #endif /* !defined(NO_FILESYSTEM) */ + + /* BIO info callback */ + { + const char* testArg = "test"; + BIO* cb_bio = NULL; + ExpectNotNull(cb_bio = BIO_new(BIO_s_mem())); + + BIO_set_callback(cb_bio, bioCallback); + ExpectNotNull(BIO_get_callback(cb_bio)); + BIO_set_callback(cb_bio, NULL); + ExpectNull(BIO_get_callback(cb_bio)); + + BIO_set_callback_arg(cb_bio, (char*)testArg); + ExpectStrEQ(BIO_get_callback_arg(cb_bio), testArg); + ExpectNull(BIO_get_callback_arg(NULL)); + + BIO_free(cb_bio); + cb_bio = NULL; + } + + /* BIO_vfree */ + ExpectNotNull(bio1 = BIO_new(BIO_s_bio())); + BIO_vfree(NULL); + BIO_vfree(bio1); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_BIO_BIO_ring_read(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) + BIO* bio1 = NULL; + BIO* bio2 = NULL; + byte data[50]; + byte tmp[50]; + + XMEMSET(data, 42, sizeof(data)); + + + ExpectIntEQ(BIO_new_bio_pair(&bio1, sizeof(data), &bio2, sizeof(data)), + SSL_SUCCESS); + + ExpectIntEQ(BIO_write(bio1, data, 40), 40); + ExpectIntEQ(BIO_read(bio1, tmp, 20), -1); + ExpectIntEQ(BIO_read(bio2, tmp, 20), 20); + ExpectBufEQ(tmp, data, 20); + ExpectIntEQ(BIO_write(bio1, data, 20), 20); + ExpectIntEQ(BIO_read(bio2, tmp, 40), 40); + ExpectBufEQ(tmp, data, 40); + + BIO_free(bio1); + BIO_free(bio2); +#endif + return EXPECT_RESULT(); +} + +#endif /* !NO_BIO */ + + +static int test_wolfSSL_a2i_IPADDRESS(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(WOLFSSL_USER_IO) + const unsigned char* data = NULL; + int dataSz = 0; + ASN1_OCTET_STRING *st = NULL; + + const unsigned char ipv4_exp[] = {0x7F, 0, 0, 1}; + const unsigned char ipv6_exp[] = { + 0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77 + }; + const unsigned char ipv6_home[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01 + }; + + ExpectNull(st = a2i_IPADDRESS("127.0.0.1bad")); + ExpectNotNull(st = a2i_IPADDRESS("127.0.0.1")); + ExpectNotNull(data = ASN1_STRING_get0_data(st)); + ExpectIntEQ(dataSz = ASN1_STRING_length(st), WOLFSSL_IP4_ADDR_LEN); + ExpectIntEQ(XMEMCMP(data, ipv4_exp, dataSz), 0); + ASN1_STRING_free(st); + st = NULL; + + ExpectNotNull(st = a2i_IPADDRESS("::1")); + ExpectNotNull(data = ASN1_STRING_get0_data(st)); + ExpectIntEQ(dataSz = ASN1_STRING_length(st), WOLFSSL_IP6_ADDR_LEN); + ExpectIntEQ(XMEMCMP(data, ipv6_home, dataSz), 0); + ASN1_STRING_free(st); + st = NULL; + + ExpectNotNull(st = a2i_IPADDRESS("2021:db8::ff00:42:7777")); + ExpectNotNull(data = ASN1_STRING_get0_data(st)); + ExpectIntEQ(dataSz = ASN1_STRING_length(st), WOLFSSL_IP6_ADDR_LEN); + ExpectIntEQ(XMEMCMP(data, ipv6_exp, dataSz), 0); + ASN1_STRING_free(st); +#endif + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_X509_cmp_time(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) \ +&& !defined(USER_TIME) && !defined(TIME_OVERRIDES) + WOLFSSL_ASN1_TIME asn_time; + time_t t; + + ExpectIntEQ(0, wolfSSL_X509_cmp_time(NULL, &t)); + XMEMSET(&asn_time, 0, sizeof(WOLFSSL_ASN1_TIME)); + ExpectIntEQ(0, wolfSSL_X509_cmp_time(&asn_time, &t)); + + ExpectIntEQ(ASN1_TIME_set_string(&asn_time, "000222211515Z"), 1); + ExpectIntEQ(-1, wolfSSL_X509_cmp_time(&asn_time, NULL)); + ExpectIntEQ(-1, wolfSSL_X509_cmp_current_time(&asn_time)); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_time_adj(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \ + !defined(USER_TIME) && !defined(TIME_OVERRIDES) && \ + defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) && \ + !defined(NO_ASN_TIME) + X509* x509 = NULL; + time_t t; + time_t not_before; + time_t not_after; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + client_cert_der_2048, sizeof_client_cert_der_2048, + WOLFSSL_FILETYPE_ASN1)); + + t = 0; + not_before = wc_Time(0); + not_after = wc_Time(0) + (60 * 24 * 30); /* 30 days after */ + ExpectNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, &t)); + ExpectNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, &t)); + /* Check X509_gmtime_adj, too. */ + ExpectNotNull(X509_gmtime_adj(X509_get_notAfter(x509), not_after)); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_bad_altname(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + const unsigned char malformed_alt_name_cert[] = { + 0x30, 0x82, 0x02, 0xf9, 0x30, 0x82, 0x01, 0xe1, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x02, 0x10, 0x21, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x0f, 0x31, 0x0d, + 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61, 0x31, + 0x31, 0x30, 0x1e, 0x17, 0x0d, 0x31, 0x36, 0x30, 0x32, 0x30, 0x37, 0x31, + 0x37, 0x32, 0x34, 0x30, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34, 0x30, 0x32, + 0x31, 0x34, 0x30, 0x36, 0x32, 0x36, 0x35, 0x33, 0x5a, 0x30, 0x0f, 0x31, + 0x0d, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x04, 0x03, 0x13, 0x04, 0x61, 0x61, + 0x61, 0x61, 0x30, 0x82, 0x01, 0x20, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x0d, 0x00, 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa8, + 0x8a, 0x5e, 0x26, 0x23, 0x1b, 0x31, 0xd3, 0x37, 0x1a, 0x70, 0xb2, 0xec, + 0x3f, 0x74, 0xd4, 0xb4, 0x44, 0xe3, 0x7a, 0xa5, 0xc0, 0xf5, 0xaa, 0x97, + 0x26, 0x9a, 0x04, 0xff, 0xda, 0xbe, 0xe5, 0x09, 0x03, 0x98, 0x3d, 0xb5, + 0xbf, 0x01, 0x2c, 0x9a, 0x0a, 0x3a, 0xfb, 0xbc, 0x3c, 0xe7, 0xbe, 0x83, + 0x5c, 0xb3, 0x70, 0xe8, 0x5c, 0xe3, 0xd1, 0x83, 0xc3, 0x94, 0x08, 0xcd, + 0x1a, 0x87, 0xe5, 0xe0, 0x5b, 0x9c, 0x5c, 0x6e, 0xb0, 0x7d, 0xe2, 0x58, + 0x6c, 0xc3, 0xb5, 0xc8, 0x9d, 0x11, 0xf1, 0x5d, 0x96, 0x0d, 0x66, 0x1e, + 0x56, 0x7f, 0x8f, 0x59, 0xa7, 0xa5, 0xe1, 0xc5, 0xe7, 0x81, 0x4c, 0x09, + 0x9d, 0x5e, 0x96, 0xf0, 0x9a, 0xc2, 0x8b, 0x70, 0xd5, 0xab, 0x79, 0x58, + 0x5d, 0xb7, 0x58, 0xaa, 0xfd, 0x75, 0x52, 0xaa, 0x4b, 0xa7, 0x25, 0x68, + 0x76, 0x59, 0x00, 0xee, 0x78, 0x2b, 0x91, 0xc6, 0x59, 0x91, 0x99, 0x38, + 0x3e, 0xa1, 0x76, 0xc3, 0xf5, 0x23, 0x6b, 0xe6, 0x07, 0xea, 0x63, 0x1c, + 0x97, 0x49, 0xef, 0xa0, 0xfe, 0xfd, 0x13, 0xc9, 0xa9, 0x9f, 0xc2, 0x0b, + 0xe6, 0x87, 0x92, 0x5b, 0xcc, 0xf5, 0x42, 0x95, 0x4a, 0xa4, 0x6d, 0x64, + 0xba, 0x7d, 0xce, 0xcb, 0x04, 0xd0, 0xf8, 0xe7, 0xe3, 0xda, 0x75, 0x60, + 0xd3, 0x8b, 0x6a, 0x64, 0xfc, 0x78, 0x56, 0x21, 0x69, 0x5a, 0xe8, 0xa7, + 0x8f, 0xfb, 0x8f, 0x82, 0xe3, 0xae, 0x36, 0xa2, 0x93, 0x66, 0x92, 0xcb, + 0x82, 0xa3, 0xbe, 0x84, 0x00, 0x86, 0xdc, 0x7e, 0x6d, 0x53, 0x77, 0x84, + 0x17, 0xb9, 0x55, 0x43, 0x0d, 0xf1, 0x16, 0x1f, 0xd5, 0x43, 0x75, 0x99, + 0x66, 0x19, 0x52, 0xd0, 0xac, 0x5f, 0x74, 0xad, 0xb2, 0x90, 0x15, 0x50, + 0x04, 0x74, 0x43, 0xdf, 0x6c, 0x35, 0xd0, 0xfd, 0x32, 0x37, 0xb3, 0x8d, + 0xf5, 0xe5, 0x09, 0x02, 0x01, 0x03, 0xa3, 0x61, 0x30, 0x5f, 0x30, 0x0c, + 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x02, 0x30, 0x00, + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82, + 0x04, 0x61, 0x2a, 0x00, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, + 0x04, 0x16, 0x04, 0x14, 0x92, 0x6a, 0x1e, 0x52, 0x3a, 0x1a, 0x57, 0x9f, + 0xc9, 0x82, 0x9a, 0xce, 0xc8, 0xc0, 0xa9, 0x51, 0x9d, 0x2f, 0xc7, 0x72, + 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, 0x30, 0x16, 0x80, + 0x14, 0x6b, 0xf9, 0xa4, 0x2d, 0xa5, 0xe9, 0x39, 0x89, 0xa8, 0x24, 0x58, + 0x79, 0x87, 0x11, 0xfc, 0x6f, 0x07, 0x91, 0xef, 0xa6, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, + 0x03, 0x82, 0x01, 0x01, 0x00, 0x3f, 0xd5, 0x37, 0x2f, 0xc7, 0xf8, 0x8b, + 0x39, 0x1c, 0xe3, 0xdf, 0x77, 0xee, 0xc6, 0x4b, 0x5f, 0x84, 0xcf, 0xfa, + 0x33, 0x2c, 0xb2, 0xb5, 0x4b, 0x09, 0xee, 0x56, 0xc0, 0xf2, 0xf0, 0xeb, + 0xad, 0x1c, 0x02, 0xef, 0xae, 0x09, 0x53, 0xc0, 0x06, 0xad, 0x4e, 0xfd, + 0x3e, 0x8c, 0x13, 0xb3, 0xbf, 0x80, 0x05, 0x36, 0xb5, 0x3f, 0x2b, 0xc7, + 0x60, 0x53, 0x14, 0xbf, 0x33, 0x63, 0x47, 0xc3, 0xc6, 0x28, 0xda, 0x10, + 0x12, 0xe2, 0xc4, 0xeb, 0xc5, 0x64, 0x66, 0xc0, 0xcc, 0x6b, 0x84, 0xda, + 0x0c, 0xe9, 0xf6, 0xe3, 0xf8, 0x8e, 0x3d, 0x95, 0x5f, 0xba, 0x9f, 0xe1, + 0xc7, 0xed, 0x6e, 0x97, 0xcc, 0xbd, 0x7d, 0xe5, 0x4e, 0xab, 0xbc, 0x1b, + 0xf1, 0x3a, 0x09, 0x33, 0x09, 0xe1, 0xcc, 0xec, 0x21, 0x16, 0x8e, 0xb1, + 0x74, 0x9e, 0xc8, 0x13, 0x7c, 0xdf, 0x07, 0xaa, 0xeb, 0x70, 0xd7, 0x91, + 0x5c, 0xc4, 0xef, 0x83, 0x88, 0xc3, 0xe4, 0x97, 0xfa, 0xe4, 0xdf, 0xd7, + 0x0d, 0xff, 0xba, 0x78, 0x22, 0xfc, 0x3f, 0xdc, 0xd8, 0x02, 0x8d, 0x93, + 0x57, 0xf9, 0x9e, 0x39, 0x3a, 0x77, 0x00, 0xd9, 0x19, 0xaa, 0x68, 0xa1, + 0xe6, 0x9e, 0x13, 0xeb, 0x37, 0x16, 0xf5, 0x77, 0xa4, 0x0b, 0x40, 0x04, + 0xd3, 0xa5, 0x49, 0x78, 0x35, 0xfa, 0x3b, 0xf6, 0x02, 0xab, 0x85, 0xee, + 0xcb, 0x9b, 0x62, 0xda, 0x05, 0x00, 0x22, 0x2f, 0xf8, 0xbd, 0x0b, 0xe5, + 0x2c, 0xb2, 0x53, 0x78, 0x0a, 0xcb, 0x69, 0xc0, 0xb6, 0x9f, 0x96, 0xff, + 0x58, 0x22, 0x70, 0x9c, 0x01, 0x2e, 0x56, 0x60, 0x5d, 0x37, 0xe3, 0x40, + 0x25, 0xc9, 0x90, 0xc8, 0x0f, 0x41, 0x68, 0xb4, 0xfd, 0x10, 0xe2, 0x09, + 0x99, 0x08, 0x5d, 0x7b, 0xc9, 0xe3, 0x29, 0xd4, 0x5a, 0xcf, 0xc9, 0x34, + 0x55, 0xa1, 0x40, 0x44, 0xd6, 0x88, 0x16, 0xbb, 0xdd + }; + + X509* x509 = NULL; + int certSize = (int)sizeof(malformed_alt_name_cert) / sizeof(unsigned char); + const char *name = "aaaaa"; + int nameLen = (int)XSTRLEN(name); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + malformed_alt_name_cert, certSize, SSL_FILETYPE_ASN1)); + + /* malformed_alt_name_cert has a malformed alternative + * name of "a*\0*". Ensure that it does not match "aaaaa" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1); + + /* Also make sure WOLFSSL_LEFT_MOST_WILDCARD_ONLY fails too */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name, nameLen, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), 1); + + X509_free(x509); + +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_name_match(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + /* A certificate with the subject alternative name a* */ + const unsigned char cert_der[] = { + 0x30, 0x82, 0x03, 0xac, 0x30, 0x82, 0x02, 0x94, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x0f, 0xa5, 0x10, 0x85, 0xef, 0x58, 0x10, 0x59, 0xfc, + 0x0f, 0x20, 0x1f, 0x53, 0xf5, 0x30, 0x39, 0x34, 0x49, 0x54, 0x05, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, + 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, + 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, + 0x30, 0x32, 0x30, 0x31, 0x35, 0x35, 0x38, 0x5a, 0x17, 0x0d, 0x33, 0x34, + 0x30, 0x35, 0x32, 0x38, 0x32, 0x30, 0x31, 0x35, 0x35, 0x38, 0x5a, 0x30, + 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, + 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, + 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, + 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xf4, 0xca, 0x3d, + 0xd4, 0xbc, 0x9b, 0xea, 0x74, 0xfe, 0x73, 0xf4, 0x16, 0x23, 0x0b, 0x4a, + 0x09, 0x54, 0xf6, 0x7b, 0x10, 0x99, 0x11, 0x93, 0xb2, 0xdb, 0x4d, 0x7d, + 0x23, 0xab, 0xf9, 0xcd, 0xf6, 0x54, 0xd4, 0xf6, 0x39, 0x57, 0xee, 0x97, + 0xb2, 0xb9, 0xfc, 0x7e, 0x9c, 0xb3, 0xfb, 0x56, 0xb6, 0x84, 0xd6, 0x2d, + 0x59, 0x1c, 0xed, 0xda, 0x9b, 0x19, 0xf5, 0x8a, 0xa7, 0x8a, 0x89, 0xd6, + 0xa1, 0xc0, 0xe6, 0x16, 0xad, 0x04, 0xcf, 0x5a, 0x1f, 0xdf, 0x62, 0x6c, + 0x68, 0x45, 0xe9, 0x55, 0x2e, 0x42, 0xa3, 0x1b, 0x3b, 0x86, 0x23, 0x22, + 0xa1, 0x20, 0x48, 0xd1, 0x52, 0xc0, 0x8b, 0xab, 0xe2, 0x8a, 0x15, 0x68, + 0xbd, 0x89, 0x6f, 0x9f, 0x45, 0x75, 0xb4, 0x27, 0xc1, 0x72, 0x41, 0xfd, + 0x79, 0x89, 0xb0, 0x74, 0xa2, 0xe9, 0x61, 0x48, 0x4c, 0x54, 0xad, 0x6b, + 0x61, 0xbf, 0x0e, 0x27, 0x58, 0xb4, 0xf6, 0x9c, 0x2c, 0x9f, 0xc2, 0x3e, + 0x3b, 0xb3, 0x90, 0x41, 0xbc, 0x61, 0xcd, 0x01, 0x57, 0x90, 0x82, 0xec, + 0x46, 0xba, 0x4f, 0x89, 0x8e, 0x7f, 0x49, 0x4f, 0x46, 0x69, 0x37, 0x8b, + 0xa0, 0xba, 0x85, 0xe8, 0x42, 0xff, 0x9a, 0xa1, 0x53, 0x81, 0x5c, 0xf3, + 0x8e, 0x85, 0x1c, 0xd4, 0x90, 0x60, 0xa0, 0x37, 0x59, 0x04, 0x65, 0xa6, + 0xb5, 0x12, 0x00, 0xc3, 0x04, 0x51, 0xa7, 0x83, 0x96, 0x62, 0x3d, 0x49, + 0x97, 0xe8, 0x6b, 0x9a, 0x5d, 0x51, 0x24, 0xee, 0xad, 0x45, 0x18, 0x0f, + 0x3f, 0x97, 0xec, 0xdf, 0xcf, 0x42, 0x8a, 0x96, 0xc7, 0xd8, 0x82, 0x87, + 0x7f, 0x57, 0x70, 0x22, 0xfb, 0x29, 0x3e, 0x3c, 0xa3, 0xc1, 0xd5, 0x71, + 0xb3, 0x84, 0x06, 0x53, 0xa3, 0x86, 0x20, 0x35, 0xe3, 0x41, 0xb9, 0xd8, + 0x00, 0x22, 0x4f, 0x6d, 0xe6, 0xfd, 0xf0, 0xf4, 0xa2, 0x39, 0x0a, 0x1a, + 0x23, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x30, 0x30, 0x2e, 0x30, 0x0d, + 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x06, 0x30, 0x04, 0x82, 0x02, 0x61, + 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0x45, 0x05, 0xf3, 0x4d, 0x3e, 0x7e, 0x9c, 0xf5, 0x08, 0xee, 0x2c, 0x13, + 0x32, 0xe3, 0xf2, 0x14, 0xe8, 0x0e, 0x71, 0x21, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0xa8, 0x28, 0xe5, 0x22, 0x65, 0xcf, 0x47, 0xfe, + 0x82, 0x17, 0x99, 0x20, 0xdb, 0xb1, 0x57, 0xd4, 0x91, 0x1a, 0x83, 0xde, + 0xc1, 0xaf, 0xc4, 0x1f, 0xfb, 0xa4, 0x6a, 0xad, 0xdc, 0x58, 0x72, 0xd9, + 0x9b, 0xab, 0xa5, 0xbb, 0xf4, 0x98, 0xd4, 0xdf, 0x36, 0xcb, 0xb5, 0x78, + 0xce, 0x4b, 0x25, 0x5b, 0x24, 0x92, 0xfe, 0xe8, 0xd4, 0xe4, 0xbd, 0x6f, + 0x71, 0x1a, 0x81, 0x2a, 0x6f, 0x35, 0x93, 0xf7, 0xcc, 0xed, 0xe5, 0x06, + 0xd2, 0x96, 0x41, 0xb5, 0xa9, 0x8a, 0xc0, 0xc9, 0x17, 0xe3, 0x13, 0x5e, + 0x94, 0x5e, 0xfa, 0xfc, 0xf0, 0x00, 0x2e, 0xe1, 0xd8, 0x1b, 0x23, 0x3f, + 0x7c, 0x4d, 0x9f, 0xfb, 0xb7, 0x95, 0xc1, 0x94, 0x7f, 0x7f, 0xb5, 0x4f, + 0x93, 0x6d, 0xc3, 0x2b, 0xb2, 0x28, 0x36, 0xd2, 0x7c, 0x01, 0x3c, 0xae, + 0x35, 0xdb, 0xc8, 0x95, 0x1b, 0x5f, 0x6c, 0x0f, 0x57, 0xb3, 0xcc, 0x97, + 0x98, 0x80, 0x06, 0xaa, 0xe4, 0x93, 0x1f, 0xb7, 0xa0, 0x54, 0xf1, 0x4f, + 0x6f, 0x11, 0xdf, 0xab, 0xd3, 0xbf, 0xf0, 0x3a, 0x81, 0x60, 0xaf, 0x7a, + 0xf7, 0x09, 0xd5, 0xae, 0x0c, 0x7d, 0xae, 0x8d, 0x47, 0x06, 0xbe, 0x11, + 0x6e, 0xf8, 0x7e, 0x49, 0xf8, 0xac, 0x24, 0x0a, 0x4b, 0xc2, 0xf6, 0xe8, + 0x2c, 0xec, 0x35, 0xef, 0xa9, 0x13, 0xb8, 0xd2, 0x9c, 0x92, 0x61, 0x91, + 0xec, 0x7b, 0x0c, 0xea, 0x9a, 0x71, 0x36, 0x15, 0x34, 0x2b, 0x7a, 0x25, + 0xac, 0xfe, 0xc7, 0x26, 0x89, 0x70, 0x3e, 0x64, 0x68, 0x97, 0x4b, 0xaa, + 0xc1, 0x24, 0x14, 0xbd, 0x45, 0x2f, 0xe0, 0xfe, 0xf4, 0x2b, 0x8e, 0x08, + 0x3e, 0xe4, 0xb5, 0x3d, 0x5d, 0xf4, 0xc3, 0xd6, 0x9c, 0xb5, 0x33, 0x1b, + 0x3b, 0xda, 0x6e, 0x99, 0x7b, 0x09, 0xd1, 0x30, 0x97, 0x23, 0x52, 0x6d, + 0x1b, 0x71, 0x3a, 0xf4, 0x54, 0xf0, 0xe5, 0x9e + }; + + WOLFSSL_X509* x509 = NULL; + int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); + const char *name1 = "aaaaa"; + int nameLen1 = (int)(XSTRLEN(name1)); + const char *name2 = "a"; + int nameLen2 = (int)(XSTRLEN(name2)); + const char *name3 = "abbbb"; + int nameLen3 = (int)(XSTRLEN(name3)); + const char *name4 = "bbb"; + int nameLen4 = (int)(XSTRLEN(name4)); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); + + /* Ensure that "a*" matches "aaaaa" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" matches "a" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" matches "abbbb" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "bbb" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), 1); + + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since + * 'a*' alt name does not have wildcard left-most */ + + /* Ensure that "a*" does not match "aaaaa" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "a" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "abbbb" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*" does not match "bbb" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + + wolfSSL_X509_free(x509); + +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_name_match2(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + /* A certificate with the subject alternative name a*b* */ + const unsigned char cert_der[] = { + 0x30, 0x82, 0x03, 0xae, 0x30, 0x82, 0x02, 0x96, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x41, 0x8c, 0x8b, 0xaa, 0x0e, 0xd8, 0x5a, 0xc0, 0x52, + 0x46, 0x0e, 0xe5, 0xd8, 0xb9, 0x48, 0x93, 0x7e, 0x8a, 0x7c, 0x65, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, + 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, + 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, + 0x30, 0x32, 0x30, 0x34, 0x33, 0x34, 0x30, 0x5a, 0x17, 0x0d, 0x33, 0x34, + 0x30, 0x35, 0x32, 0x38, 0x32, 0x30, 0x34, 0x33, 0x34, 0x30, 0x5a, 0x30, + 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, + 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, + 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, + 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xa5, 0x60, 0x80, + 0xf3, 0xee, 0x19, 0xd2, 0xe4, 0x15, 0x94, 0x54, 0x12, 0x88, 0xee, 0xda, + 0x11, 0x11, 0x87, 0x99, 0x88, 0xb3, 0x71, 0xc7, 0x97, 0x78, 0x1b, 0x57, + 0x37, 0x1d, 0x0b, 0x1f, 0x2f, 0x2c, 0x35, 0x13, 0x75, 0xd3, 0x31, 0x3e, + 0x6f, 0x80, 0x21, 0xa5, 0xa3, 0xad, 0x10, 0x81, 0xb6, 0x37, 0xd4, 0x55, + 0x2e, 0xc1, 0xb8, 0x37, 0xa3, 0x3c, 0xe8, 0x81, 0x03, 0x3c, 0xda, 0x5f, + 0x6f, 0x45, 0x32, 0x2b, 0x0e, 0x99, 0x27, 0xfd, 0xe5, 0x6c, 0x07, 0xd9, + 0x4e, 0x0a, 0x8b, 0x23, 0x74, 0x96, 0x25, 0x97, 0xae, 0x6d, 0x19, 0xba, + 0xbf, 0x0f, 0xc8, 0xa1, 0xe5, 0xea, 0xa8, 0x00, 0x09, 0xc3, 0x9a, 0xef, + 0x09, 0x33, 0xc1, 0x33, 0x2e, 0x7b, 0x6d, 0xa7, 0x66, 0x87, 0xb6, 0x3a, + 0xb9, 0xdb, 0x4c, 0x5e, 0xb5, 0x55, 0x69, 0x37, 0x17, 0x92, 0x1f, 0xe3, + 0x53, 0x1a, 0x2d, 0x25, 0xd0, 0xcf, 0x72, 0x37, 0xc2, 0x89, 0x83, 0x78, + 0xcf, 0xac, 0x2e, 0x46, 0x92, 0x5c, 0x4a, 0xba, 0x7d, 0xa0, 0x22, 0x34, + 0xb1, 0x22, 0x26, 0x99, 0xda, 0xe8, 0x97, 0xe2, 0x0c, 0xd3, 0xbc, 0x97, + 0x7e, 0xa8, 0xb9, 0xe3, 0xe2, 0x7f, 0x56, 0xef, 0x22, 0xee, 0x15, 0x95, + 0xa6, 0xd1, 0xf4, 0xa7, 0xac, 0x4a, 0xab, 0xc1, 0x1a, 0xda, 0xc5, 0x5f, + 0xa5, 0x5e, 0x2f, 0x15, 0x9c, 0x36, 0xbe, 0xd3, 0x47, 0xb6, 0x86, 0xb9, + 0xc6, 0x59, 0x39, 0x36, 0xad, 0x84, 0x53, 0x95, 0x72, 0x91, 0x89, 0x51, + 0x32, 0x77, 0xf1, 0xa5, 0x93, 0xfe, 0xf0, 0x41, 0x7c, 0x64, 0xf1, 0xb0, + 0x8b, 0x81, 0x8d, 0x3a, 0x2c, 0x9e, 0xbe, 0x2e, 0x8b, 0xf7, 0x80, 0x63, + 0x35, 0x32, 0xfa, 0x26, 0xe0, 0x63, 0xbf, 0x5e, 0xaf, 0xf0, 0x08, 0xe0, + 0x80, 0x65, 0x38, 0xfa, 0x21, 0xaa, 0x91, 0x34, 0x48, 0x3d, 0x32, 0x5c, + 0xbf, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x32, 0x30, 0x30, 0x30, 0x0f, + 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x08, 0x30, 0x06, 0x82, 0x04, 0x61, + 0x2a, 0x62, 0x2a, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, + 0x04, 0x14, 0x3d, 0x55, 0x74, 0xf8, 0x3a, 0x26, 0x03, 0x8c, 0x6a, 0x2e, + 0x91, 0x0e, 0x18, 0x70, 0xb4, 0xa4, 0xcc, 0x04, 0x00, 0xd3, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x8f, 0x3b, 0xff, 0x46, 0x0c, 0xb5, + 0x21, 0xdc, 0xcf, 0x61, 0x9a, 0x25, 0x93, 0x99, 0x68, 0x2f, 0x16, 0x71, + 0x15, 0x00, 0x5f, 0xb0, 0x9b, 0x43, 0x5c, 0x47, 0xe2, 0x8e, 0xc8, 0xea, + 0xb3, 0x30, 0x4d, 0x87, 0x90, 0xcf, 0x24, 0x37, 0x5c, 0xfd, 0xc8, 0xc6, + 0x09, 0x36, 0xb2, 0xfb, 0xfd, 0xc1, 0x82, 0x92, 0x77, 0x5b, 0x9d, 0xeb, + 0xac, 0x47, 0xbc, 0xda, 0x7c, 0x89, 0x19, 0x03, 0x9e, 0xcd, 0x96, 0x2a, + 0x90, 0x55, 0x23, 0x19, 0xac, 0x9d, 0x49, 0xfb, 0xa0, 0x31, 0x7d, 0x6b, + 0x1a, 0x16, 0x13, 0xb1, 0xa9, 0xc9, 0xc4, 0xaf, 0xf1, 0xb4, 0xa7, 0x9b, + 0x08, 0x64, 0x6a, 0x09, 0xcd, 0x4a, 0x03, 0x4c, 0x93, 0xb6, 0xcf, 0x29, + 0xdb, 0x56, 0x88, 0x8e, 0xed, 0x08, 0x6d, 0x8d, 0x76, 0xa3, 0xd7, 0xc6, + 0x69, 0xa1, 0xf5, 0xd2, 0xd0, 0x0a, 0x4b, 0xfa, 0x88, 0x66, 0x6c, 0xe5, + 0x4a, 0xee, 0x13, 0xad, 0xad, 0x22, 0x25, 0x73, 0x39, 0x56, 0x74, 0x0e, + 0xda, 0xcd, 0x35, 0x67, 0xe3, 0x81, 0x5c, 0xc5, 0xae, 0x3c, 0x4f, 0x47, + 0x3e, 0x97, 0xde, 0xac, 0xf6, 0xe1, 0x26, 0xe2, 0xe0, 0x66, 0x48, 0x20, + 0x7c, 0x02, 0x81, 0x3e, 0x7d, 0x34, 0xb7, 0x73, 0x3e, 0x2e, 0xd6, 0x20, + 0x1c, 0xdf, 0xf1, 0xae, 0x86, 0x8b, 0xb2, 0xc2, 0x9b, 0x68, 0x9c, 0xf6, + 0x1a, 0x5e, 0x30, 0x06, 0x39, 0x0a, 0x1f, 0x7b, 0xd7, 0x18, 0x4b, 0x06, + 0x9d, 0xff, 0x84, 0x57, 0xcc, 0x92, 0xad, 0x81, 0x0a, 0x19, 0x11, 0xc4, + 0xac, 0x59, 0x00, 0xe8, 0x5a, 0x70, 0x78, 0xd6, 0x9f, 0xe0, 0x82, 0x2a, + 0x1f, 0x09, 0x36, 0x1c, 0x52, 0x98, 0xf7, 0x95, 0x8f, 0xf9, 0x48, 0x4f, + 0x30, 0x52, 0xb5, 0xf3, 0x8d, 0x13, 0x93, 0x27, 0xbe, 0xb4, 0x75, 0x39, + 0x65, 0xc6, 0x48, 0x4e, 0x32, 0xd7, 0xf4, 0xc3, 0x26, 0x8d + }; + + WOLFSSL_X509* x509 = NULL; + int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); + const char *name1 = "ab"; + int nameLen1 = (int)(XSTRLEN(name1)); + const char *name2 = "acccbccc"; + int nameLen2 = (int)(XSTRLEN(name2)); + const char *name3 = "accb"; + int nameLen3 = (int)(XSTRLEN(name3)); + const char *name4 = "accda"; + int nameLen4 = (int)(XSTRLEN(name4)); + const char *name5 = "acc\0bcc"; + int nameLen5 = 7; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); + + /* Ensure that "a*b*" matches "ab" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*b*" matches "acccbccc" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*b*" matches "accb" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "a*b*" does not match "accda" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY flag should fail on all cases, since + * 'a*b*' alt name does not have wildcard left-most */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_check_host(x509, name4, nameLen4, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_FAILURE); + + /* Ensure that "a*b*" matches "ab", testing openssl behavior replication + * on check len input handling, 0 for len is OK as it should then use + * strlen(name1) */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, 0, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Openssl also allows for len to include NULL terminator */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1 + 1, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that check string with NULL terminator in middle is + * rejected */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name5, nameLen5, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + + wolfSSL_X509_free(x509); + +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_name_match3(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) + /* A certificate with the subject alternative name *.example.com */ + const unsigned char cert_der[] = { + 0x30, 0x82, 0x03, 0xb7, 0x30, 0x82, 0x02, 0x9f, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x59, 0xbb, 0xf6, 0xde, 0xb8, 0x3d, 0x0e, 0x8c, 0xe4, + 0xbd, 0x98, 0xa3, 0xbe, 0x3e, 0x8f, 0xdc, 0xbd, 0x7f, 0xcc, 0xae, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, + 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, + 0x49, 0x6e, 0x63, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, 0x30, 0x35, 0x33, + 0x31, 0x30, 0x30, 0x33, 0x37, 0x34, 0x39, 0x5a, 0x17, 0x0d, 0x33, 0x34, + 0x30, 0x35, 0x32, 0x39, 0x30, 0x30, 0x33, 0x37, 0x34, 0x39, 0x5a, 0x30, + 0x77, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, + 0x61, 0x6e, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x0b, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x49, 0x6e, 0x63, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, + 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, + 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xda, 0x78, 0x16, + 0x05, 0x65, 0xf2, 0x85, 0xf2, 0x61, 0x7f, 0xb1, 0x4d, 0x73, 0xe2, 0x82, + 0xb5, 0x3d, 0xf7, 0x9d, 0x05, 0x65, 0xed, 0x9d, 0xc3, 0x29, 0x7a, 0x92, + 0x2c, 0x06, 0x5f, 0xc8, 0x13, 0x55, 0x42, 0x4e, 0xbd, 0xe2, 0x56, 0x2a, + 0x4b, 0xac, 0xe6, 0x1b, 0x10, 0xc9, 0xdb, 0x9a, 0x45, 0x36, 0xed, 0xf3, + 0x26, 0x8c, 0x22, 0x88, 0x1e, 0x6d, 0x2b, 0x41, 0xfa, 0x0d, 0x43, 0x88, + 0x88, 0xde, 0x8d, 0x2e, 0xca, 0x6e, 0x7c, 0x62, 0x66, 0x3e, 0xfa, 0x4e, + 0x71, 0xea, 0x7d, 0x3b, 0x32, 0x33, 0x5c, 0x7a, 0x7e, 0xea, 0x74, 0xbd, + 0xb6, 0x8f, 0x4c, 0x1c, 0x7a, 0x79, 0x94, 0xf1, 0xe8, 0x02, 0x67, 0x98, + 0x25, 0xb4, 0x31, 0x80, 0xc1, 0xae, 0xbf, 0xef, 0xf2, 0x6c, 0x78, 0x42, + 0xef, 0xb5, 0xc6, 0x01, 0x47, 0x79, 0x8d, 0x92, 0xce, 0xc1, 0xb5, 0x98, + 0x76, 0xf0, 0x84, 0xa2, 0x53, 0x90, 0xe5, 0x39, 0xc7, 0xbd, 0xf2, 0xbb, + 0xe3, 0x3f, 0x00, 0xf6, 0xf0, 0x46, 0x86, 0xee, 0x55, 0xbd, 0x2c, 0x1f, + 0x97, 0x24, 0x7c, 0xbc, 0xda, 0x2f, 0x1b, 0x53, 0xef, 0x26, 0x56, 0xcc, + 0xb7, 0xd8, 0xca, 0x17, 0x20, 0x4e, 0x62, 0x03, 0x66, 0x32, 0xb3, 0xd1, + 0x71, 0x26, 0x6c, 0xff, 0xd1, 0x9e, 0x44, 0x86, 0x2a, 0xae, 0xba, 0x43, + 0x00, 0x13, 0x7e, 0x50, 0xdd, 0x3e, 0x27, 0x39, 0x70, 0x1c, 0x0c, 0x0b, + 0xe8, 0xa2, 0xae, 0x03, 0x09, 0x2e, 0xd8, 0x71, 0xee, 0x7b, 0x1a, 0x09, + 0x2d, 0xe1, 0xd5, 0xde, 0xf5, 0xa3, 0x36, 0x77, 0x90, 0x97, 0x99, 0xd7, + 0x6c, 0xb7, 0x5c, 0x9d, 0xf7, 0x7e, 0x41, 0x89, 0xfe, 0xe4, 0x08, 0xc6, + 0x0b, 0xe4, 0x9b, 0x5f, 0x51, 0xa6, 0x08, 0xb8, 0x99, 0x81, 0xe9, 0xce, + 0xb4, 0x2d, 0xb2, 0x92, 0x9f, 0xe5, 0x1a, 0x98, 0x76, 0x20, 0x70, 0x54, + 0x93, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x3b, 0x30, 0x39, 0x30, 0x18, + 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x11, 0x30, 0x0f, 0x82, 0x0d, 0x2a, + 0x2e, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x60, + 0xd4, 0x26, 0xbb, 0xcc, 0x7c, 0x29, 0xa2, 0x88, 0x3c, 0x76, 0x7d, 0xb4, + 0x86, 0x8b, 0x47, 0x64, 0x5b, 0x87, 0xe0, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0xc3, 0x0d, 0x03, 0x67, 0xbb, 0x47, 0x8b, 0xf3, 0x20, + 0xdc, 0x7d, 0x2e, 0xe1, 0xd9, 0xf0, 0x01, 0xc4, 0x66, 0xc2, 0xe1, 0xcd, + 0xc3, 0x4a, 0x72, 0xf0, 0x6e, 0x38, 0xcf, 0x63, 0x01, 0x96, 0x9e, 0x84, + 0xb9, 0xce, 0x1d, 0xba, 0x4b, 0xe0, 0x70, 0x86, 0x2b, 0x5a, 0xab, 0xec, + 0xbf, 0xc2, 0xaa, 0x64, 0xa2, 0x6c, 0xd2, 0x42, 0x52, 0xd4, 0xbe, 0x8a, + 0xca, 0x9c, 0x03, 0xf3, 0xd6, 0x5f, 0xcd, 0x23, 0x9f, 0xf5, 0xa9, 0x04, + 0x40, 0x5b, 0x66, 0x78, 0xc0, 0xac, 0xa1, 0xdb, 0x5d, 0xd1, 0x94, 0xfc, + 0x47, 0x94, 0xf5, 0x45, 0xe3, 0x70, 0x13, 0x3f, 0x66, 0x6d, 0xdd, 0x73, + 0x68, 0x68, 0xe2, 0xd2, 0x89, 0xcb, 0x7f, 0xc6, 0xca, 0xd6, 0x96, 0x0b, + 0xcc, 0xdd, 0xa1, 0x74, 0xda, 0x33, 0xe8, 0x9e, 0xda, 0xb7, 0xd9, 0x12, + 0xab, 0x85, 0x9d, 0x0c, 0xde, 0xa0, 0x7d, 0x7e, 0xa1, 0x91, 0xed, 0xe5, + 0x32, 0x7c, 0xc5, 0xea, 0x1d, 0x4a, 0xb5, 0x38, 0x63, 0x17, 0xf3, 0x4f, + 0x2c, 0x4a, 0x58, 0x86, 0x09, 0x33, 0x86, 0xc4, 0xe7, 0x56, 0x6f, 0x32, + 0x71, 0xb7, 0xd0, 0x83, 0x12, 0x9e, 0x26, 0x0a, 0x3a, 0x45, 0xcb, 0xd7, + 0x4e, 0xab, 0xa4, 0xc3, 0xee, 0x4c, 0xc0, 0x38, 0xa1, 0xfa, 0xba, 0xfa, + 0xb7, 0x80, 0x69, 0x67, 0xa3, 0xef, 0x89, 0xba, 0xce, 0x89, 0x91, 0x3d, + 0x6a, 0x76, 0xe9, 0x3b, 0x32, 0x86, 0x76, 0x85, 0x6b, 0x4f, 0x7f, 0xbc, + 0x7a, 0x5b, 0x31, 0x92, 0x79, 0x35, 0xf8, 0xb9, 0xb1, 0xd7, 0xdb, 0xa9, + 0x6a, 0x8a, 0x91, 0x60, 0x65, 0xd4, 0x76, 0x54, 0x55, 0x57, 0xb9, 0x35, + 0xe0, 0xf5, 0xbb, 0x8f, 0xd4, 0x40, 0x75, 0xbb, 0x47, 0xa8, 0xf9, 0x0f, + 0xea, 0xc9, 0x6e, 0x84, 0xd5, 0xf5, 0x58, 0x2d, 0xe5, 0x76, 0x7b, 0xdf, + 0x97, 0x05, 0x5e, 0xaf, 0x50, 0xf5, 0x48 + }; + + WOLFSSL_X509* x509 = NULL; + int certSize = (int)(sizeof(cert_der) / sizeof(unsigned char)); + const char *name1 = "foo.example.com"; + int nameLen1 = (int)(XSTRLEN(name1)); + const char *name2 = "x.y.example.com"; + int nameLen2 = (int)(XSTRLEN(name2)); + const char *name3 = "example.com"; + int nameLen3 = (int)(XSTRLEN(name3)); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer( + cert_der, certSize, WOLFSSL_FILETYPE_ASN1)); + + /* Ensure that "*.example.com" matches "foo.example.com" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "*.example.com" does NOT match "x.y.example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + /* Ensure that "*.example.com" does NOT match "example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT, NULL), WOLFSSL_SUCCESS); + + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should match "foo.example.com" */ + ExpectIntEQ(wolfSSL_X509_check_host(x509, name1, nameLen1, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "x.y.example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name2, nameLen2, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + /* WOLFSSL_LEFT_MOST_WILDCARD_ONLY, should NOT match "example.com" */ + ExpectIntNE(wolfSSL_X509_check_host(x509, name3, nameLen3, + WOLFSSL_ALWAYS_CHECK_SUBJECT | WOLFSSL_LEFT_MOST_WILDCARD_ONLY, + NULL), WOLFSSL_SUCCESS); + + wolfSSL_X509_free(x509); + +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_max_altnames(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_RSA) + + /* Only test if max alt names has not been modified */ +#if WOLFSSL_MAX_ALT_NAMES <= 1024 + + WOLFSSL_CTX* ctx = NULL; + /* File contains a certificate encoded with 130 subject alternative names */ + const char* over_max_altnames_cert = \ + "./certs/test/cert-over-max-altnames.pem"; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, + over_max_altnames_cert, NULL, WOLFSSL_LOAD_FLAG_NONE), + WOLFSSL_SUCCESS); + wolfSSL_CTX_free(ctx); +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_max_name_constraints(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_RSA) && !defined(IGNORE_NAME_CONSTRAINTS) + + /* Only test if max name constraints has not been modified */ +#if WOLFSSL_MAX_NAME_CONSTRAINTS == 128 + + WOLFSSL_CTX* ctx = NULL; + /* File contains a certificate with 130 name constraints */ + const char* over_max_nc = "./certs/test/cert-over-max-nc.pem"; + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectIntNE(wolfSSL_CTX_load_verify_locations_ex(ctx, over_max_nc, + NULL, WOLFSSL_LOAD_FLAG_NONE), WOLFSSL_SUCCESS); + wolfSSL_CTX_free(ctx); +#endif + +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) + X509* x509 = NULL; +#ifndef NO_BIO + BIO* bio = NULL; + X509_STORE_CTX* ctx = NULL; + X509_STORE* store = NULL; +#endif + char der[] = "certs/ca-cert.der"; + XFILE fp = XBADFILE; + int derSz = 0; + +#ifndef NO_BIO + ExpectNotNull(bio = BIO_new(BIO_s_mem())); +#endif + + ExpectNotNull(x509 = X509_new()); + ExpectNull(wolfSSL_X509_get_der(x509, &derSz)); +#if !defined(NO_BIO) && defined(WOLFSSL_CERT_GEN) + ExpectIntEQ(i2d_X509_bio(bio, x509), WOLFSSL_FAILURE); +#endif + ExpectNull(wolfSSL_X509_dup(x509)); + X509_free(x509); + x509 = NULL; + +#ifndef NO_BIO + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + +#ifdef WOLFSSL_CERT_GEN + ExpectIntEQ(i2d_X509_bio(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(i2d_X509_bio(bio, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(i2d_X509_bio(NULL, x509), WOLFSSL_FAILURE); + ExpectIntEQ(i2d_X509_bio(bio, x509), SSL_SUCCESS); +#endif + + ExpectNotNull(ctx = X509_STORE_CTX_new()); + + ExpectIntEQ(X509_verify_cert(ctx), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectNotNull(wolfSSL_X509_verify_cert_error_string(CRL_MISSING)); + + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, x509), SSL_SUCCESS); + ExpectIntEQ(X509_STORE_CTX_init(ctx, store, x509, NULL), SSL_SUCCESS); + ExpectIntEQ(X509_verify_cert(ctx), SSL_SUCCESS); + +#ifndef NO_WOLFSSL_STUB + ExpectNull(X509_get_default_cert_file_env()); + ExpectNull(X509_get_default_cert_file()); + ExpectNull(X509_get_default_cert_dir_env()); + ExpectNull(X509_get_default_cert_dir()); +#endif + + ExpectNull(wolfSSL_X509_get_der(NULL, NULL)); + ExpectNull(wolfSSL_X509_get_der(x509, NULL)); + ExpectNull(wolfSSL_X509_get_der(NULL, &derSz)); + + ExpectIntEQ(wolfSSL_X509_version(NULL), 0); + ExpectIntEQ(wolfSSL_X509_version(x509), 3); + + X509_STORE_CTX_free(ctx); + X509_STORE_free(store); + X509_free(x509); + x509 = NULL; + BIO_free(bio); + bio = NULL; +#endif + + /** d2i_X509_fp test **/ + ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE); + ExpectNotNull(x509 = (X509 *)d2i_X509_fp(fp, (X509 **)NULL)); + ExpectNotNull(x509); + +#ifdef HAVE_EX_DATA_CRYPTO + ExpectIntEQ(wolfSSL_X509_get_ex_new_index(1, NULL, NULL, NULL, NULL), 0); +#endif + ExpectNull(wolfSSL_X509_get_ex_data(NULL, 1)); + ExpectNull(wolfSSL_X509_get_ex_data(x509, 1)); +#ifdef HAVE_EX_DATA + ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0); + ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 1); + ExpectPtrEq(wolfSSL_X509_get_ex_data(x509, 1), der); +#else + ExpectIntEQ(wolfSSL_X509_set_ex_data(NULL, 1, der), 0); + ExpectIntEQ(wolfSSL_X509_set_ex_data(x509, 1, der), 0); + ExpectNull(wolfSSL_X509_get_ex_data(x509, 1)); +#endif + + X509_free(x509); + x509 = NULL; + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectTrue((fp = XFOPEN(der, "rb")) != XBADFILE); + ExpectNull((X509 *)d2i_X509_fp(XBADFILE, (X509 **)&x509)); + ExpectNotNull((X509 *)d2i_X509_fp(fp, (X509 **)&x509)); + ExpectNotNull(x509); + X509_free(x509); + x509 = NULL; + if (fp != XBADFILE) + XFCLOSE(fp); + +#ifndef NO_BIO + ExpectNotNull(bio = BIO_new_file(der, "rb")); + ExpectNull(d2i_X509_bio(NULL, &x509)); + ExpectNotNull(x509 = d2i_X509_bio(bio, NULL)); + ExpectNotNull(x509); + X509_free(x509); + BIO_free(bio); + bio = NULL; +#endif + + /* X509_up_ref test */ + ExpectIntEQ(X509_up_ref(NULL), 0); + ExpectNotNull(x509 = X509_new()); /* refCount = 1 */ + ExpectIntEQ(X509_up_ref(x509), 1); /* refCount = 2 */ + ExpectIntEQ(X509_up_ref(x509), 1); /* refCount = 3 */ + X509_free(x509); /* refCount = 2 */ + X509_free(x509); /* refCount = 1 */ + X509_free(x509); /* refCount = 0, free */ + +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_get_ext_count(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) + int ret = 0; + WOLFSSL_X509* x509 = NULL; + const char ocspRootCaFile[] = "./certs/ocsp/root-ca-cert.pem"; + XFILE f = XBADFILE; + + /* NULL parameter check */ + ExpectIntEQ(X509_get_ext_count(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(X509_get_ext_count(x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(X509_get_ext_count(x509), 5); + wolfSSL_X509_free(x509); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(ocspRootCaFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(X509_get_ext_count(x509), 5); + wolfSSL_X509_free(x509); + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + /* wolfSSL_X509_get_ext_count() valid input */ + ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + + +/* Tests X509v3_get_ext_count, X509v3_get_ext_by_NID, and X509v3_get_ext + * working with a stack retrieved from wolfSSL_X509_get0_extensions(). + */ +static int test_wolfSSL_X509_stack_extensions(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) + WOLFSSL_X509* x509 = NULL; + const WOLFSSL_STACK* ext_stack = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + int idx = -1; + int count = 0; + XFILE f = XBADFILE; + + /* Load a certificate */ + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + /* Get the stack of extensions */ + ExpectNotNull(ext_stack = wolfSSL_X509_get0_extensions(x509)); + + /* Test X509v3_get_ext_count */ + ExpectIntGT((count = X509v3_get_ext_count(ext_stack)), 0); + + /* Test X509v3_get_ext_by_NID - find Basic Constraints extension */ + ExpectIntGE((idx = X509v3_get_ext_by_NID(ext_stack, NID_basic_constraints, + -1)), 0); + + /* Test X509v3_get_ext - get extension by index */ + ExpectNotNull(ext = X509v3_get_ext(ext_stack, idx)); + + /* Verify that the extension is the correct one */ + ExpectIntEQ(wolfSSL_OBJ_obj2nid(wolfSSL_X509_EXTENSION_get_object(ext)), + NID_basic_constraints); + + /* Test negative cases */ + ExpectIntEQ(X509v3_get_ext_by_NID(NULL, NID_basic_constraints, -1), + WOLFSSL_FATAL_ERROR); + ExpectNull(X509v3_get_ext(NULL, 0)); + ExpectNull(X509v3_get_ext(ext_stack, -1)); + ExpectNull(X509v3_get_ext(ext_stack, count)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_sign2(void) +{ + EXPECT_DECLS; + /* test requires WOLFSSL_AKID_NAME to match expected output */ +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_ALT_NAMES) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_AKID_NAME) && \ + (defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || \ + defined(WOLFSSL_IP_ALT_NAME)) + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *ca = NULL; + const unsigned char *der = NULL; + const unsigned char *pt = NULL; + WOLFSSL_EVP_PKEY *priv = NULL; + WOLFSSL_X509_NAME *name = NULL; + int derSz; +#ifndef NO_ASN_TIME + WOLFSSL_ASN1_TIME *notBefore = NULL; + WOLFSSL_ASN1_TIME *notAfter = NULL; + + const int year = 365*24*60*60; + const int day = 24*60*60; + const int hour = 60*60; + const int mini = 60; + time_t t; +#endif + + const unsigned char expected[] = { + 0x30, 0x82, 0x05, 0x13, 0x30, 0x82, 0x03, 0xFB, 0xA0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x6B, 0x61, 0x49, 0x45, 0xFF, 0x4A, 0xD1, 0x54, 0x16, + 0xB4, 0x35, 0x37, 0xC4, 0x98, 0x5D, 0xA9, 0xF6, 0x67, 0x60, 0x91, 0x30, + 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, + 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, + 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x11, 0x30, 0x0F, 0x06, 0x03, + 0x55, 0x04, 0x0A, 0x0C, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6F, 0x6F, 0x74, + 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x0A, + 0x43, 0x6F, 0x6E, 0x73, 0x75, 0x6C, 0x74, 0x69, 0x6E, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, + 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, + 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, + 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x1E, 0x17, + 0x0D, 0x30, 0x30, 0x30, 0x32, 0x31, 0x35, 0x32, 0x30, 0x33, 0x30, 0x30, + 0x30, 0x5A, 0x17, 0x0D, 0x30, 0x31, 0x30, 0x32, 0x31, 0x34, 0x32, 0x30, + 0x33, 0x30, 0x30, 0x30, 0x5A, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, + 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, 0x74, + 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, 0x30, + 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, 0x77, 0x6F, 0x6C, 0x66, + 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, 0x31, 0x19, 0x30, 0x17, + 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, 0x72, 0x6F, 0x67, 0x72, + 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, 0x30, 0x34, 0x38, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, + 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, + 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, + 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x82, + 0x01, 0x22, 0x30, 0x0D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0F, 0x00, 0x30, 0x82, + 0x01, 0x0A, 0x02, 0x82, 0x01, 0x01, 0x00, 0xC3, 0x03, 0xD1, 0x2B, 0xFE, + 0x39, 0xA4, 0x32, 0x45, 0x3B, 0x53, 0xC8, 0x84, 0x2B, 0x2A, 0x7C, 0x74, + 0x9A, 0xBD, 0xAA, 0x2A, 0x52, 0x07, 0x47, 0xD6, 0xA6, 0x36, 0xB2, 0x07, + 0x32, 0x8E, 0xD0, 0xBA, 0x69, 0x7B, 0xC6, 0xC3, 0x44, 0x9E, 0xD4, 0x81, + 0x48, 0xFD, 0x2D, 0x68, 0xA2, 0x8B, 0x67, 0xBB, 0xA1, 0x75, 0xC8, 0x36, + 0x2C, 0x4A, 0xD2, 0x1B, 0xF7, 0x8B, 0xBA, 0xCF, 0x0D, 0xF9, 0xEF, 0xEC, + 0xF1, 0x81, 0x1E, 0x7B, 0x9B, 0x03, 0x47, 0x9A, 0xBF, 0x65, 0xCC, 0x7F, + 0x65, 0x24, 0x69, 0xA6, 0xE8, 0x14, 0x89, 0x5B, 0xE4, 0x34, 0xF7, 0xC5, + 0xB0, 0x14, 0x93, 0xF5, 0x67, 0x7B, 0x3A, 0x7A, 0x78, 0xE1, 0x01, 0x56, + 0x56, 0x91, 0xA6, 0x13, 0x42, 0x8D, 0xD2, 0x3C, 0x40, 0x9C, 0x4C, 0xEF, + 0xD1, 0x86, 0xDF, 0x37, 0x51, 0x1B, 0x0C, 0xA1, 0x3B, 0xF5, 0xF1, 0xA3, + 0x4A, 0x35, 0xE4, 0xE1, 0xCE, 0x96, 0xDF, 0x1B, 0x7E, 0xBF, 0x4E, 0x97, + 0xD0, 0x10, 0xE8, 0xA8, 0x08, 0x30, 0x81, 0xAF, 0x20, 0x0B, 0x43, 0x14, + 0xC5, 0x74, 0x67, 0xB4, 0x32, 0x82, 0x6F, 0x8D, 0x86, 0xC2, 0x88, 0x40, + 0x99, 0x36, 0x83, 0xBA, 0x1E, 0x40, 0x72, 0x22, 0x17, 0xD7, 0x52, 0x65, + 0x24, 0x73, 0xB0, 0xCE, 0xEF, 0x19, 0xCD, 0xAE, 0xFF, 0x78, 0x6C, 0x7B, + 0xC0, 0x12, 0x03, 0xD4, 0x4E, 0x72, 0x0D, 0x50, 0x6D, 0x3B, 0xA3, 0x3B, + 0xA3, 0x99, 0x5E, 0x9D, 0xC8, 0xD9, 0x0C, 0x85, 0xB3, 0xD9, 0x8A, 0xD9, + 0x54, 0x26, 0xDB, 0x6D, 0xFA, 0xAC, 0xBB, 0xFF, 0x25, 0x4C, 0xC4, 0xD1, + 0x79, 0xF4, 0x71, 0xD3, 0x86, 0x40, 0x18, 0x13, 0xB0, 0x63, 0xB5, 0x72, + 0x4E, 0x30, 0xC4, 0x97, 0x84, 0x86, 0x2D, 0x56, 0x2F, 0xD7, 0x15, 0xF7, + 0x7F, 0xC0, 0xAE, 0xF5, 0xFC, 0x5B, 0xE5, 0xFB, 0xA1, 0xBA, 0xD3, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xA3, 0x82, 0x01, 0x4F, 0x30, 0x82, 0x01, 0x4B, + 0x30, 0x0C, 0x06, 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xFF, 0x30, 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, + 0x13, 0x82, 0x0B, 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, + 0x6F, 0x6D, 0x87, 0x04, 0x7F, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, + 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, + 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, + 0x85, 0x65, 0xC0, 0x30, 0x81, 0xDE, 0x06, 0x03, 0x55, 0x1D, 0x23, 0x04, + 0x81, 0xD6, 0x30, 0x81, 0xD3, 0x80, 0x14, 0x33, 0xD8, 0x45, 0x66, 0xD7, + 0x68, 0x87, 0x18, 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, 0xD7, + 0x85, 0x65, 0xC0, 0xA1, 0x81, 0xA4, 0xA4, 0x81, 0xA1, 0x30, 0x81, 0x9E, + 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x07, + 0x4D, 0x6F, 0x6E, 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, 0x06, + 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, 0x6F, 0x7A, 0x65, 0x6D, 0x61, + 0x6E, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0C, + 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, 0x5F, 0x32, 0x30, 0x34, 0x38, + 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, 0x50, + 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, 0x69, 0x6E, 0x67, 0x2D, 0x32, + 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, + 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x82, 0x14, 0x6B, 0x61, 0x49, 0x45, 0xFF, 0x4A, 0xD1, 0x54, + 0x16, 0xB4, 0x35, 0x37, 0xC4, 0x98, 0x5D, 0xA9, 0xF6, 0x67, 0x60, 0x91, + 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, 0x04, 0x16, 0x30, 0x14, 0x06, + 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2B, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, 0x0D, 0x06, 0x09, 0x2A, + 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x01, 0x0B, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0x2F, 0x9F, 0x83, 0x05, 0x15, 0x1E, 0x5D, 0x7C, 0x22, + 0x12, 0x20, 0xEE, 0x07, 0x35, 0x25, 0x39, 0xDD, 0x34, 0x06, 0xD3, 0x89, + 0x31, 0x51, 0x8B, 0x9A, 0xE5, 0xE8, 0x60, 0x30, 0x07, 0x7A, 0xBB, 0x17, + 0xB9, 0x54, 0x72, 0x83, 0xA2, 0x1F, 0x62, 0xE0, 0x18, 0xAC, 0x93, 0x5E, + 0x63, 0xC7, 0xDD, 0x12, 0x58, 0x96, 0xC7, 0x90, 0x8B, 0x12, 0x50, 0xD2, + 0x60, 0x0E, 0x24, 0x07, 0x53, 0x55, 0xD7, 0x8E, 0xC9, 0x56, 0x12, 0x28, + 0xD8, 0xFD, 0x47, 0xE3, 0x13, 0xFB, 0x3C, 0xD6, 0x3D, 0x82, 0x09, 0x7E, + 0x10, 0x19, 0xE1, 0xCD, 0xCC, 0x4C, 0x78, 0xDF, 0xE5, 0xFB, 0x2C, 0x8C, + 0x88, 0xF7, 0x5B, 0x99, 0x93, 0xC6, 0xC7, 0x22, 0xA5, 0xFA, 0x76, 0x6C, + 0xE9, 0xBC, 0x69, 0xBA, 0x02, 0x82, 0x18, 0xAF, 0x47, 0xD0, 0x9C, 0x5F, + 0xED, 0xAE, 0x5A, 0x95, 0x59, 0x78, 0x86, 0x24, 0x22, 0xB6, 0x81, 0x03, + 0x58, 0x9A, 0x14, 0x93, 0xDC, 0x24, 0x58, 0xF3, 0xD2, 0x6C, 0x8E, 0xD2, + 0x6D, 0x8B, 0xE8, 0x4E, 0xC6, 0xA0, 0x2B, 0x0D, 0xDB, 0x1A, 0x76, 0x28, + 0xA9, 0x8D, 0xFB, 0x51, 0xA6, 0xF0, 0x82, 0x30, 0xEE, 0x78, 0x1C, 0x71, + 0xA8, 0x11, 0x8A, 0xA5, 0xC3, 0x91, 0xAB, 0x9A, 0x46, 0xFF, 0x8D, 0xCD, + 0x82, 0x3F, 0x5D, 0xB6, 0x28, 0x46, 0x6D, 0x66, 0xE2, 0xEE, 0x1E, 0x82, + 0x0D, 0x1A, 0x74, 0x87, 0xFB, 0xFD, 0x96, 0x26, 0x50, 0x09, 0xEC, 0xA7, + 0x73, 0x89, 0x43, 0x3B, 0x42, 0x2D, 0xA9, 0x6B, 0x0F, 0x61, 0x81, 0x97, + 0x11, 0x71, 0xF9, 0xDB, 0x9B, 0x69, 0x4B, 0x6E, 0xD3, 0x7D, 0xDA, 0xC6, + 0x61, 0x9F, 0x39, 0x87, 0x53, 0x52, 0xA8, 0x4D, 0xAD, 0x80, 0x29, 0x6C, + 0x19, 0xF0, 0x8D, 0xB1, 0x0D, 0x4E, 0xFB, 0x1B, 0xB7, 0xF1, 0x85, 0x49, + 0x08, 0x2A, 0x94, 0xD0, 0x4E, 0x0B, 0x8F + }; + + pt = ca_key_der_2048; + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &pt, + sizeof_ca_key_der_2048)); + + pt = client_cert_der_2048; + ExpectNotNull(x509 = wolfSSL_d2i_X509(NULL, &pt, + sizeof_client_cert_der_2048)); + + pt = ca_cert_der_2048; + ExpectNotNull(ca = wolfSSL_d2i_X509(NULL, &pt, sizeof_ca_cert_der_2048)); + ExpectNotNull(name = wolfSSL_X509_get_subject_name(ca)); + ExpectIntEQ(wolfSSL_X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + +#ifndef NO_ASN_TIME + t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day; + ExpectNotNull(notBefore = wolfSSL_ASN1_TIME_adj(NULL, t, 0, 0)); + ExpectNotNull(notAfter = wolfSSL_ASN1_TIME_adj(NULL, t, 365, 0)); + ExpectIntEQ(notAfter->length, 13); + + ExpectTrue(wolfSSL_X509_set_notBefore(x509, notBefore)); + ExpectTrue(wolfSSL_X509_set1_notBefore(x509, notBefore)); + ExpectTrue(wolfSSL_X509_set_notAfter(x509, notAfter)); + ExpectTrue(wolfSSL_X509_set1_notAfter(x509, notAfter)); +#endif + + ExpectNull(wolfSSL_X509_notBefore(NULL)); + ExpectNotNull(wolfSSL_X509_notBefore(x509)); + ExpectNull(wolfSSL_X509_notAfter(NULL)); + ExpectNotNull(wolfSSL_X509_notAfter(x509)); + + ExpectIntGT(wolfSSL_X509_sign(x509, priv, EVP_sha256()), 0); + ExpectNotNull((der = wolfSSL_X509_get_der(x509, &derSz))); + + ExpectIntEQ(derSz, sizeof(expected)); +#ifndef NO_ASN_TIME + ExpectIntEQ(XMEMCMP(der, expected, derSz), 0); +#endif + + wolfSSL_X509_free(ca); + wolfSSL_X509_free(x509); + wolfSSL_EVP_PKEY_free(priv); +#ifndef NO_ASN_TIME + wolfSSL_ASN1_TIME_free(notBefore); + wolfSSL_ASN1_TIME_free(notAfter); +#endif +#endif + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_X509_sign(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_ASN_TIME) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) + int ret = 0; + char *cn = NULL; + word32 cnSz = 0; + X509_NAME *name = NULL; + X509_NAME *emptyName = NULL; + X509 *x509 = NULL; + X509 *ca = NULL; + DecodedCert dCert; + EVP_PKEY *pub = NULL; + EVP_PKEY *priv = NULL; + EVP_MD_CTX *mctx = NULL; +#if defined(USE_CERT_BUFFERS_1024) + const unsigned char* rsaPriv = client_key_der_1024; + const unsigned char* rsaPub = client_keypub_der_1024; + const unsigned char* certIssuer = client_cert_der_1024; + long clientKeySz = (long)sizeof_client_key_der_1024; + long clientPubKeySz = (long)sizeof_client_keypub_der_1024; + long certIssuerSz = (long)sizeof_client_cert_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + const unsigned char* rsaPriv = client_key_der_2048; + const unsigned char* rsaPub = client_keypub_der_2048; + const unsigned char* certIssuer = client_cert_der_2048; + long clientKeySz = (long)sizeof_client_key_der_2048; + long clientPubKeySz = (long)sizeof_client_keypub_der_2048; + long certIssuerSz = (long)sizeof_client_cert_der_2048; +#endif + byte sn[16]; + int snSz = sizeof(sn); + int sigSz = 0; +#ifndef NO_WOLFSSL_STUB + const WOLFSSL_ASN1_BIT_STRING* sig = NULL; + const WOLFSSL_X509_ALGOR* alg = NULL; +#endif + + /* Set X509_NAME fields */ + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "countryName", MBSTRING_UTF8, + (byte*)"US", 2, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, 0), SSL_SUCCESS); + + /* Get private and public keys */ + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv, + clientKeySz)); + ExpectNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &rsaPub, clientPubKeySz)); + ExpectNotNull(x509 = X509_new()); + ExpectIntEQ(X509_sign(x509, priv, EVP_sha256()), 0); + /* Set version 3 */ + ExpectIntNE(X509_set_version(x509, 2L), 0); + /* Set subject name, add pubkey, and sign certificate */ + ExpectIntEQ(X509_set_subject_name(x509, name), SSL_SUCCESS); + X509_NAME_free(name); + name = NULL; + ExpectIntEQ(X509_set_pubkey(x509, pub), SSL_SUCCESS); +#ifdef WOLFSSL_ALT_NAMES + ExpectNull(wolfSSL_X509_get_next_altname(NULL)); + ExpectNull(wolfSSL_X509_get_next_altname(x509)); + + /* Add some subject alt names */ + ExpectIntNE(wolfSSL_X509_add_altname(NULL, + "ipsum", ASN_DNS_TYPE), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname(x509, + NULL, ASN_DNS_TYPE), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname(x509, + "sphygmomanometer", + ASN_DNS_TYPE), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname(x509, + "supercalifragilisticexpialidocious", + ASN_DNS_TYPE), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname(x509, + "Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch", + ASN_DNS_TYPE), SSL_SUCCESS); +#ifdef WOLFSSL_IP_ALT_NAME + { + unsigned char ip4_type[] = {127,128,0,255}; + unsigned char ip6_type[] = {0xdd, 0xcc, 0xba, 0xab, + 0xff, 0xee, 0x99, 0x88, + 0x77, 0x66, 0x55, 0x44, + 0x00, 0x33, 0x22, 0x11}; + ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip4_type, + sizeof(ip4_type), ASN_IP_TYPE), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_altname_ex(x509, (char*)ip6_type, + sizeof(ip6_type), ASN_IP_TYPE), SSL_SUCCESS); + } +#endif + + { + int i; + + if (x509 != NULL) { + x509->altNamesNext = x509->altNames; + } +#ifdef WOLFSSL_IP_ALT_NAME + /* No names in IP address. */ + ExpectNull(wolfSSL_X509_get_next_altname(x509)); + ExpectNull(wolfSSL_X509_get_next_altname(x509)); +#endif + for (i = 0; i < 3; i++) { + ExpectNotNull(wolfSSL_X509_get_next_altname(x509)); + } + ExpectNull(wolfSSL_X509_get_next_altname(x509)); +#ifdef WOLFSSL_MULTICIRCULATE_ALTNAMELIST + ExpectNotNull(wolfSSL_X509_get_next_altname(x509)); +#endif + } +#endif /* WOLFSSL_ALT_NAMES */ + + { + ASN1_UTCTIME* infinite_past = NULL; + ExpectNotNull(infinite_past = ASN1_UTCTIME_set(NULL, 0)); + ExpectIntEQ(X509_set1_notBefore(x509, infinite_past), 1); + ASN1_UTCTIME_free(infinite_past); + } + + /* test valid sign case */ + ExpectIntGT(ret = X509_sign(x509, priv, EVP_sha256()), 0); + /* test getting signature */ +#ifndef NO_WOLFSSL_STUB + wolfSSL_X509_get0_signature(&sig, &alg, x509); +#endif + ExpectIntEQ(wolfSSL_X509_get_signature(x509, NULL, &sigSz), + WOLFSSL_SUCCESS); + ExpectIntGT(sigSz, 0); + ExpectIntEQ(wolfSSL_X509_get_signature(NULL, NULL, NULL), + WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_X509_get_signature(x509, NULL, NULL), + WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_X509_get_signature(NULL, NULL, &sigSz), + WOLFSSL_FATAL_ERROR); + sigSz = 0; + ExpectIntEQ(wolfSSL_X509_get_signature(x509, sn, &sigSz), + WOLFSSL_FATAL_ERROR); + + /* test valid X509_sign_ctx case */ + ExpectNotNull(mctx = EVP_MD_CTX_new()); + ExpectIntEQ(EVP_DigestSignInit(mctx, NULL, EVP_sha256(), NULL, priv), 1); + ExpectIntGT(X509_sign_ctx(x509, mctx), 0); + +#if defined(OPENSSL_ALL) && defined(WOLFSSL_ALT_NAMES) + ExpectIntEQ(X509_get_ext_count(x509), 1); +#endif +#if defined(WOLFSSL_ALT_NAMES) && defined(WOLFSSL_IP_ALT_NAME) + ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.128.0.255", 0), 1); + ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "DDCC:BAAB:FFEE:9988:7766:5544:0033:2211", 0), 1); +#endif + + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, sn, &snSz), + WOLFSSL_SUCCESS); + DEBUG_WRITE_CERT_X509(x509, "signed.pem"); + + /* Variation in size depends on ASN.1 encoding when MSB is set. + * WOLFSSL_ASN_TEMPLATE code does not generate a serial number + * with the MSB set. See GenerateInteger in asn.c */ +#ifndef USE_CERT_BUFFERS_1024 +#ifndef WOLFSSL_ALT_NAMES + /* Valid case - size should be 781-786 with 16 byte serial number */ + ExpectTrue((781 + snSz <= ret) && (ret <= 781 + 5 + snSz)); +#elif defined(WOLFSSL_IP_ALT_NAME) + /* Valid case - size should be 955-960 with 16 byte serial number */ + ExpectTrue((939 + snSz <= ret) && (ret <= 939 + 5 + snSz)); +#else + /* Valid case - size should be 926-931 with 16 byte serial number */ + ExpectTrue((910 + snSz <= ret) && (ret <= 910 + 5 + snSz)); +#endif +#else +#ifndef WOLFSSL_ALT_NAMES + /* Valid case - size should be 537-542 with 16 byte serial number */ + ExpectTrue((521 + snSz <= ret) && (ret <= 521 + 5 + snSz)); +#elif defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + /* Valid case - size should be 695-670 with 16 byte serial number */ + ExpectTrue((679 + snSz <= ret) && (ret <= 679 + 5 + snSz)); +#else + /* Valid case - size should be 666-671 with 16 byte serial number */ + ExpectTrue((650 + snSz <= ret) && (ret <= 650 + 5 + snSz)); +#endif +#endif + /* check that issuer name is as expected after signature */ + InitDecodedCert(&dCert, certIssuer, (word32)certIssuerSz, 0); + ExpectIntEQ(ParseCert(&dCert, CERT_TYPE, NO_VERIFY, NULL), 0); + + ExpectNotNull(emptyName = X509_NAME_new()); + ExpectNotNull(ca = d2i_X509(NULL, &certIssuer, (int)certIssuerSz)); + ExpectIntEQ(wolfSSL_X509_get_isCA(NULL), 0); + ExpectIntEQ(wolfSSL_X509_get_isCA(ca), 1); + ExpectNotNull(name = X509_get_subject_name(ca)); + ExpectIntEQ(X509_NAME_get_sz(NULL), WOLFSSL_FATAL_ERROR); + ExpectIntGT(cnSz = X509_NAME_get_sz(name), 0); + ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); + ExpectNull(X509_NAME_oneline(NULL, cn, (int)cnSz)); + ExpectPtrEq(X509_NAME_oneline(name, cn, 0), cn); + ExpectPtrEq(X509_NAME_oneline(emptyName, cn, (int)cnSz), cn); + ExpectNull(X509_NAME_oneline(emptyName, NULL, 0)); + ExpectPtrEq(X509_NAME_oneline(name, cn, (int)cnSz), cn); + ExpectIntEQ(0, XSTRNCMP(cn, dCert.subject, XSTRLEN(cn))); + XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + cn = NULL; + +#if defined(XSNPRINTF) + ExpectNull(wolfSSL_X509_get_name_oneline(NULL, NULL, 0)); + ExpectNotNull(cn = wolfSSL_X509_get_name_oneline(name, NULL, 0)); + ExpectIntGT((int)(cnSz = (word32)XSTRLEN(cn) + 1), 0); + ExpectPtrEq(wolfSSL_X509_get_name_oneline(name, cn, (int)cnSz), cn); + ExpectNull(wolfSSL_X509_get_name_oneline(NULL, cn, (int)cnSz)); + ExpectNull(wolfSSL_X509_get_name_oneline(name, cn, cnSz - 1)); + ExpectPtrEq(wolfSSL_X509_get_name_oneline(name, cn, (int)cnSz), cn); + ExpectPtrEq(wolfSSL_X509_get_name_oneline(emptyName, cn, (int)cnSz), cn); + XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + cn = NULL; +#endif + X509_NAME_free(emptyName); + +#ifdef WOLFSSL_MULTI_ATTRIB + /* test adding multiple OU's to the signer */ + ExpectNotNull(name = X509_get_subject_name(ca)); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8, + (byte*)"OU1", 3, -1, 0), SSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "OU", MBSTRING_UTF8, + (byte*)"OU2", 3, -1, 0), SSL_SUCCESS); + ExpectIntGT(X509_sign(ca, priv, EVP_sha256()), 0); +#endif + + ExpectNotNull(name = X509_get_subject_name(ca)); + ExpectIntEQ(X509_set_issuer_name(x509, name), SSL_SUCCESS); + + ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0); + ExpectNotNull(name = X509_get_issuer_name(x509)); + cnSz = X509_NAME_get_sz(name); + ExpectNotNull(cn = (char*)XMALLOC(cnSz, HEAP_HINT, DYNAMIC_TYPE_OPENSSL)); + ExpectNotNull(cn = X509_NAME_oneline(name, cn, (int)cnSz)); + /* compare and don't include the multi-attrib "/OU=OU1/OU=OU2" above */ + ExpectIntEQ(0, XSTRNCMP(cn, dCert.issuer, XSTRLEN(dCert.issuer))); + XFREE(cn, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + cn = NULL; + + FreeDecodedCert(&dCert); + + /* Test invalid parameters */ + ExpectIntEQ(X509_sign(NULL, priv, EVP_sha256()), 0); + ExpectIntEQ(X509_sign(x509, NULL, EVP_sha256()), 0); + ExpectIntEQ(X509_sign(x509, priv, NULL), 0); + + ExpectIntEQ(X509_sign_ctx(NULL, mctx), 0); + EVP_MD_CTX_free(mctx); + mctx = NULL; + ExpectNotNull(mctx = EVP_MD_CTX_new()); + ExpectIntEQ(X509_sign_ctx(x509, mctx), 0); + ExpectIntEQ(X509_sign_ctx(x509, NULL), 0); + + /* test invalid version number */ +#if defined(OPENSSL_ALL) + ExpectIntNE(X509_set_version(x509, 6L), 0); + ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0); + + /* uses ParseCert which fails on bad version number */ + ExpectIntEQ(X509_get_ext_count(x509), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + + EVP_MD_CTX_free(mctx); + EVP_PKEY_free(priv); + EVP_PKEY_free(pub); + X509_free(x509); + X509_free(ca); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_get0_tbs_sigalg(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) + X509* x509 = NULL; + const X509_ALGOR* alg; + + ExpectNotNull(x509 = X509_new()); + + ExpectNull(alg = X509_get0_tbs_sigalg(NULL)); + ExpectNotNull(alg = X509_get0_tbs_sigalg(x509)); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_ALGOR_get0(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ + !defined(NO_SHA256) && !defined(NO_RSA) + X509* x509 = NULL; + const ASN1_OBJECT* obj = NULL; + const X509_ALGOR* alg = NULL; + X509_ALGOR* alg2 = NULL; + int pptype = 0; + const void *ppval = NULL; + byte* der = NULL; + const byte* tmp = NULL; + const byte badObj[] = { 0x06, 0x00 }; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(alg = X509_get0_tbs_sigalg(x509)); + + /* Invalid case */ + X509_ALGOR_get0(&obj, NULL, NULL, NULL); + ExpectNull(obj); + + /* Valid case */ + X509_ALGOR_get0(NULL, NULL, NULL, alg); + X509_ALGOR_get0(&obj, &pptype, &ppval, alg); + ExpectNotNull(obj); + ExpectNull(ppval); + ExpectIntNE(pptype, 0); + /* Make sure NID of X509_ALGOR is Sha256 with RSA */ + ExpectIntEQ(OBJ_obj2nid(obj), NID_sha256WithRSAEncryption); + + ExpectIntEQ(i2d_X509_ALGOR(NULL, NULL), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(i2d_X509_ALGOR(alg, &der), 15); + ExpectNull(d2i_X509_ALGOR(NULL, NULL, 0)); + /* tmp is NULL. */ + ExpectNull(d2i_X509_ALGOR(NULL, &tmp, 0)); + tmp = badObj; + ExpectNull(d2i_X509_ALGOR(NULL, &tmp, (long)sizeof(badObj))); + tmp = der; + ExpectNull(d2i_X509_ALGOR(NULL, &tmp, 0)); + ExpectNotNull(d2i_X509_ALGOR(&alg2, &tmp, 15)); + tmp = der; + ExpectNotNull(d2i_X509_ALGOR(&alg2, &tmp, 15)); + + XFREE(der, NULL, DYNAMIC_TYPE_ASN1); + X509_free(x509); + X509_ALGOR_free(NULL); + X509_ALGOR_free(alg2); + alg2 = NULL; +#endif + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_X509_VERIFY_PARAM(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + X509_VERIFY_PARAM *paramTo = NULL; + X509_VERIFY_PARAM *paramFrom = NULL; + char testIPv4[] = "127.0.0.1"; + char testIPv6[] = "0001:0000:0000:0000:0000:0000:0000:0000/32"; + char testhostName1[] = "foo.hoge.com"; + char testhostName2[] = "foobar.hoge.com"; + + ExpectNotNull(paramTo = X509_VERIFY_PARAM_new()); + ExpectNotNull(XMEMSET(paramTo, 0, sizeof(X509_VERIFY_PARAM))); + + ExpectNotNull(paramFrom = X509_VERIFY_PARAM_new()); + ExpectNotNull(XMEMSET(paramFrom, 0, sizeof(X509_VERIFY_PARAM))); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramFrom, testhostName1, + (int)XSTRLEN(testhostName1)), 1); + ExpectIntEQ(0, XSTRNCMP(paramFrom->hostName, testhostName1, + (int)XSTRLEN(testhostName1))); + + X509_VERIFY_PARAM_set_hostflags(NULL, 0x00); + + X509_VERIFY_PARAM_set_hostflags(paramFrom, 0x01); + ExpectIntEQ(0x01, paramFrom->hostFlags); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(NULL, testIPv4), 0); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv4), 1); + ExpectIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, NULL), 1); + + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramFrom, testIPv6), 1); + ExpectIntEQ(0, XSTRNCMP(paramFrom->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); + + /* null pointer */ + ExpectIntEQ(X509_VERIFY_PARAM_set1(NULL, paramFrom), 0); + /* in the case of "from" null, returns success */ + ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, NULL), 1); + + ExpectIntEQ(X509_VERIFY_PARAM_set1(NULL, NULL), 0); + + /* inherit flags test : VPARAM_DEFAULT */ + ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); + ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, + (int)XSTRLEN(testhostName1))); + ExpectIntEQ(0x01, paramTo->hostFlags); + ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); + + /* inherit flags test : VPARAM OVERWRITE */ + ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, + (int)XSTRLEN(testhostName2)), 1); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1); + X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00); + + if (paramTo != NULL) { + paramTo->inherit_flags = X509_VP_FLAG_OVERWRITE; + } + + ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); + ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, + (int)XSTRLEN(testhostName1))); + ExpectIntEQ(0x01, paramTo->hostFlags); + ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); + + /* inherit flags test : VPARAM_RESET_FLAGS */ + ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, + (int)XSTRLEN(testhostName2)), 1); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1); + X509_VERIFY_PARAM_set_hostflags(paramTo, 0x10); + + if (paramTo != NULL) { + paramTo->inherit_flags = X509_VP_FLAG_RESET_FLAGS; + } + + ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); + ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName1, + (int)XSTRLEN(testhostName1))); + ExpectIntEQ(0x01, paramTo->hostFlags); + ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv6, WOLFSSL_MAX_IPSTR)); + + /* inherit flags test : VPARAM_LOCKED */ + ExpectIntEQ(X509_VERIFY_PARAM_set1_host(paramTo, testhostName2, + (int)XSTRLEN(testhostName2)), 1); + ExpectIntEQ(X509_VERIFY_PARAM_set1_ip_asc(paramTo, testIPv4), 1); + X509_VERIFY_PARAM_set_hostflags(paramTo, 0x00); + + if (paramTo != NULL) { + paramTo->inherit_flags = X509_VP_FLAG_LOCKED; + } + + ExpectIntEQ(X509_VERIFY_PARAM_set1(paramTo, paramFrom), 1); + ExpectIntEQ(0, XSTRNCMP(paramTo->hostName, testhostName2, + (int)XSTRLEN(testhostName2))); + ExpectIntEQ(0x00, paramTo->hostFlags); + ExpectIntEQ(0, XSTRNCMP(paramTo->ipasc, testIPv4, WOLFSSL_MAX_IPSTR)); + + /* test for incorrect parameters */ + ExpectIntEQ(X509_VERIFY_PARAM_set_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL), + 0); + + ExpectIntEQ(X509_VERIFY_PARAM_set_flags(NULL, 0), 0); + + /* inherit flags test : VPARAM_ONCE, not testable yet */ + + ExpectIntEQ(X509_VERIFY_PARAM_set_flags(paramTo, X509_V_FLAG_CRL_CHECK_ALL), + 1); + + ExpectIntEQ(X509_VERIFY_PARAM_get_flags(NULL), 0); + ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo), + X509_V_FLAG_CRL_CHECK_ALL); + + ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(NULL, X509_V_FLAG_CRL_CHECK_ALL), + WOLFSSL_FAILURE); + ExpectIntEQ(X509_VERIFY_PARAM_clear_flags(paramTo, + X509_V_FLAG_CRL_CHECK_ALL), 1); + + ExpectIntEQ(X509_VERIFY_PARAM_get_flags(paramTo), 0); + + ExpectNull(wolfSSL_X509_VERIFY_PARAM_lookup(NULL)); + ExpectNull(wolfSSL_X509_VERIFY_PARAM_lookup("")); + ExpectNotNull(wolfSSL_X509_VERIFY_PARAM_lookup("ssl_client")); + ExpectNotNull(wolfSSL_X509_VERIFY_PARAM_lookup("ssl_server")); + + X509_VERIFY_PARAM_free(paramTo); + X509_VERIFY_PARAM_free(paramFrom); + X509_VERIFY_PARAM_free(NULL); /* to confirm NULL parameter gives no harm */ +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY) + +static int test_wolfSSL_check_domain_verify_count = 0; + +static WC_INLINE int test_wolfSSL_check_domain_verify_cb(int preverify, + WOLFSSL_X509_STORE_CTX* store) +{ + EXPECT_DECLS; + ExpectIntEQ(X509_STORE_CTX_get_error(store), 0); + ExpectIntEQ(preverify, 1); + ExpectIntGT(++test_wolfSSL_check_domain_verify_count, 0); + return EXPECT_SUCCESS(); +} + +static int test_wolfSSL_check_domain_client_cb(WOLFSSL* ssl) +{ + EXPECT_DECLS; + X509_VERIFY_PARAM *param = NULL; + + ExpectNotNull(param = SSL_get0_param(ssl)); + + /* Domain check should only be done on the leaf cert */ + X509_VERIFY_PARAM_set_hostflags(param, + X509_CHECK_FLAG_NO_PARTIAL_WILDCARDS); + ExpectIntEQ(X509_VERIFY_PARAM_set1_host(param, + "wolfSSL Server Chain", 0), 1); + wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_PEER, + test_wolfSSL_check_domain_verify_cb); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_check_domain_server_cb(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + /* Use a cert with different domains in chain */ + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx, + "certs/intermediate/server-chain.pem"), WOLFSSL_SUCCESS); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_check_domain(void) +{ + EXPECT_DECLS; + test_ssl_cbf func_cb_client; + test_ssl_cbf func_cb_server; + + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + func_cb_client.ssl_ready = &test_wolfSSL_check_domain_client_cb; + func_cb_server.ctx_ready = &test_wolfSSL_check_domain_server_cb; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); + + /* Should have been called once for each cert in sent chain */ +#ifdef WOLFSSL_VERIFY_CB_ALL_CERTS + ExpectIntEQ(test_wolfSSL_check_domain_verify_count, 3); +#else + ExpectIntEQ(test_wolfSSL_check_domain_verify_count, 1); +#endif + + return EXPECT_RESULT(); +} + +#else + +static int test_wolfSSL_check_domain(void) +{ + EXPECT_DECLS; + return EXPECT_RESULT(); +} + +#endif /* OPENSSL_EXTRA && HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(OPENSSL_COMPATIBLE_DEFAULTS) && !defined(NO_SHA256) +static const char* dn = NULL; +static int test_wolfSSL_check_domain_basic_client_ssl(WOLFSSL* ssl) +{ + EXPECT_DECLS; + + ExpectIntEQ(wolfSSL_check_domain_name(ssl, dn), WOLFSSL_SUCCESS); + + return EXPECT_RESULT(); +} +static int test_wolfSSL_check_domain_basic(void) +{ + EXPECT_DECLS; + test_ssl_cbf func_cb_client; + test_ssl_cbf func_cb_server; + + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + dn = "invalid.com"; + func_cb_client.ssl_ready = &test_wolfSSL_check_domain_basic_client_ssl; + + /* Expect to fail */ + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), -1001); + + dn = "example.com"; + + /* Expect to succeed */ + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); + + return EXPECT_RESULT(); +} +#else +static int test_wolfSSL_check_domain_basic(void) +{ + EXPECT_DECLS; + return EXPECT_RESULT(); +} +#endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ + +static int test_wolfSSL_X509_get_X509_PUBKEY(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) + X509* x509 = NULL; + X509_PUBKEY* pubKey; + + ExpectNotNull(x509 = X509_new()); + + ExpectNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(NULL)); + ExpectNotNull(pubKey = wolfSSL_X509_get_X509_PUBKEY(x509)); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_PUBKEY_RSA(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ + !defined(NO_SHA256) && !defined(NO_RSA) + X509* x509 = NULL; + ASN1_OBJECT* obj = NULL; + const ASN1_OBJECT* pa_oid = NULL; + X509_PUBKEY* pubKey = NULL; + X509_PUBKEY* pubKey2 = NULL; + EVP_PKEY* evpKey = NULL; + byte buf[1024]; + byte* tmp; + + const unsigned char *pk = NULL; + int ppklen; + int pptype; + X509_ALGOR *pa = NULL; + const void *pval; + + ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile, + SSL_FILETYPE_PEM)); + + ExpectNotNull(pubKey = X509_get_X509_PUBKEY(x509)); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1); + ExpectNotNull(pk); + ExpectNotNull(pa); + ExpectNotNull(pubKey); + ExpectIntGT(ppklen, 0); + + tmp = buf; + ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(NULL, NULL), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(NULL, &tmp), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(pubKey, NULL), 294); + ExpectIntEQ(wolfSSL_i2d_X509_PUBKEY(pubKey, &tmp), 294); + + ExpectIntEQ(OBJ_obj2nid(obj), NID_rsaEncryption); + + ExpectNotNull(evpKey = X509_PUBKEY_get(pubKey)); + ExpectNotNull(pubKey2 = X509_PUBKEY_new()); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, NULL), 0); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 0); + ExpectIntEQ(X509_PUBKEY_set(NULL, NULL), 0); + ExpectIntEQ(X509_PUBKEY_set(&pubKey2, NULL), 0); + ExpectIntEQ(X509_PUBKEY_set(NULL, evpKey), 0); + ExpectIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1); + ExpectIntEQ(X509_PUBKEY_get0_param(NULL, NULL, NULL, NULL, pubKey2), 1); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1); + ExpectNotNull(pk); + ExpectNotNull(pa); + ExpectIntGT(ppklen, 0); + X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); + ExpectNotNull(pa_oid); + ExpectNull(pval); + ExpectIntEQ(pptype, V_ASN1_NULL); + ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_RSA); + + X509_PUBKEY_free(NULL); + X509_PUBKEY_free(pubKey2); + X509_free(x509); + EVP_PKEY_free(evpKey); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_PUBKEY_EC(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && defined(HAVE_ECC) + X509* x509 = NULL; + ASN1_OBJECT* obj = NULL; + ASN1_OBJECT* poid = NULL; + const ASN1_OBJECT* pa_oid = NULL; + X509_PUBKEY* pubKey = NULL; + X509_PUBKEY* pubKey2 = NULL; + EVP_PKEY* evpKey = NULL; + + const unsigned char *pk = NULL; + int ppklen; + int pptype; + X509_ALGOR *pa = NULL; + const void *pval; + char buf[50]; + + ExpectNotNull(x509 = X509_load_certificate_file(cliEccCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(pubKey = X509_get_X509_PUBKEY(x509)); + ExpectNotNull(evpKey = X509_PUBKEY_get(pubKey)); + ExpectNotNull(pubKey2 = X509_PUBKEY_new()); + ExpectIntEQ(X509_PUBKEY_set(&pubKey2, evpKey), 1); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey2), 1); + ExpectNotNull(pk); + ExpectNotNull(pa); + ExpectIntGT(ppklen, 0); + X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); + ExpectNotNull(pa_oid); + ExpectNotNull(pval); + ExpectIntEQ(pptype, V_ASN1_OBJECT); + ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_EC); + poid = (ASN1_OBJECT *)pval; + ExpectIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), poid, 0), 0); + ExpectIntEQ(OBJ_txt2nid(buf), NID_X9_62_prime256v1); + + X509_PUBKEY_free(pubKey2); + X509_free(x509); + EVP_PKEY_free(evpKey); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_PUBKEY_DSA(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && !defined(NO_DSA) + word32 bytes; +#ifdef USE_CERT_BUFFERS_1024 + byte tmp[ONEK_BUF]; +#elif defined(USE_CERT_BUFFERS_2048) + byte tmp[TWOK_BUF]; +#else + byte tmp[TWOK_BUF]; +#endif /* END USE_CERT_BUFFERS_1024 */ + const unsigned char* dsaKeyDer = tmp; + + ASN1_OBJECT* obj = NULL; + ASN1_STRING* str; + const ASN1_OBJECT* pa_oid = NULL; + X509_PUBKEY* pubKey = NULL; + EVP_PKEY* evpKey = NULL; + + const unsigned char *pk = NULL; + int ppklen, pptype; + X509_ALGOR *pa = NULL; + const void *pval; + +#ifdef USE_CERT_BUFFERS_1024 + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); + bytes = sizeof_dsa_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); + bytes = sizeof_dsa_key_der_2048; +#else + { + XFILE fp = XBADFILE; + XMEMSET(tmp, 0, sizeof(tmp)); + ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE); + ExpectIntGT(bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp), 0); + if (fp != XBADFILE) + XFCLOSE(fp); + } +#endif + + /* Initialize pkey with der format dsa key */ + ExpectNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &evpKey, &dsaKeyDer, bytes)); + + ExpectNotNull(pubKey = X509_PUBKEY_new()); + ExpectIntEQ(X509_PUBKEY_set(&pubKey, evpKey), 1); + ExpectIntEQ(X509_PUBKEY_get0_param(&obj, &pk, &ppklen, &pa, pubKey), 1); + ExpectNotNull(pk); + ExpectNotNull(pa); + ExpectIntGT(ppklen, 0); + X509_ALGOR_get0(&pa_oid, &pptype, &pval, pa); + ExpectNotNull(pa_oid); + ExpectNotNull(pval); + ExpectIntEQ(pptype, V_ASN1_SEQUENCE); + ExpectIntEQ(OBJ_obj2nid(pa_oid), EVP_PKEY_DSA); + str = (ASN1_STRING *)pval; + DEBUG_WRITE_DER(ASN1_STRING_data(str), ASN1_STRING_length(str), "str.der"); +#ifdef USE_CERT_BUFFERS_1024 + ExpectIntEQ(ASN1_STRING_length(str), 291); +#else + ExpectIntEQ(ASN1_STRING_length(str), 549); +#endif /* END USE_CERT_BUFFERS_1024 */ + + X509_PUBKEY_free(pubKey); + EVP_PKEY_free(evpKey); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_BUF(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + BUF_MEM* buf = NULL; + ExpectNotNull(buf = BUF_MEM_new()); + ExpectIntEQ(BUF_MEM_grow(buf, 10), 10); + ExpectIntEQ(BUF_MEM_grow(buf, -1), 0); + BUF_MEM_free(buf); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) +static int stub_rand_seed(const void *buf, int num) +{ + (void)buf; + (void)num; + + return 123; +} + +static int stub_rand_bytes(unsigned char *buf, int num) +{ + (void)buf; + (void)num; + + return 456; +} + +static byte* was_stub_rand_cleanup_called(void) +{ + static byte was_called = 0; + + return &was_called; +} + +static void stub_rand_cleanup(void) +{ + byte* was_called = was_stub_rand_cleanup_called(); + + *was_called = 1; + + return; +} + +static byte* was_stub_rand_add_called(void) +{ + static byte was_called = 0; + + return &was_called; +} + +static int stub_rand_add(const void *buf, int num, double entropy) +{ + byte* was_called = was_stub_rand_add_called(); + + (void)buf; + (void)num; + (void)entropy; + + *was_called = 1; + + return 0; +} + +static int stub_rand_pseudo_bytes(unsigned char *buf, int num) +{ + (void)buf; + (void)num; + + return 9876; +} + +static int stub_rand_status(void) +{ + return 5432; +} +#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */ + +static int test_wolfSSL_RAND_set_rand_method(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(WOLFSSL_NO_OPENSSL_RAND_CB) + RAND_METHOD rand_methods = {NULL, NULL, NULL, NULL, NULL, NULL}; + unsigned char* buf = NULL; + int num = 0; + double entropy = 0; + int ret; + byte* was_cleanup_called = was_stub_rand_cleanup_called(); + byte* was_add_called = was_stub_rand_add_called(); + + ExpectNotNull(buf = (byte*)XMALLOC(32 * sizeof(byte), NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + + ExpectIntNE(wolfSSL_RAND_status(), 5432); + ExpectIntEQ(*was_cleanup_called, 0); + RAND_cleanup(); + ExpectIntEQ(*was_cleanup_called, 0); + + + rand_methods.seed = &stub_rand_seed; + rand_methods.bytes = &stub_rand_bytes; + rand_methods.cleanup = &stub_rand_cleanup; + rand_methods.add = &stub_rand_add; + rand_methods.pseudorand = &stub_rand_pseudo_bytes; + rand_methods.status = &stub_rand_status; + + ExpectIntEQ(RAND_set_rand_method(&rand_methods), WOLFSSL_SUCCESS); + ExpectIntEQ(RAND_seed(buf, num), 123); + ExpectIntEQ(RAND_bytes(buf, num), 456); + ExpectIntEQ(RAND_pseudo_bytes(buf, num), 9876); + ExpectIntEQ(RAND_status(), 5432); + + ExpectIntEQ(*was_add_called, 0); + /* The function pointer for RAND_add returns int, but RAND_add itself + * returns void. */ + RAND_add(buf, num, entropy); + ExpectIntEQ(*was_add_called, 1); + was_add_called = 0; + ExpectIntEQ(*was_cleanup_called, 0); + RAND_cleanup(); + ExpectIntEQ(*was_cleanup_called, 1); + *was_cleanup_called = 0; + + + ret = RAND_set_rand_method(NULL); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + ExpectIntNE(RAND_status(), 5432); + ExpectIntEQ(*was_cleanup_called, 0); + RAND_cleanup(); + ExpectIntEQ(*was_cleanup_called, 0); + + RAND_set_rand_method(NULL); + + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* OPENSSL_EXTRA && !WOLFSSL_NO_OPENSSL_RAND_CB */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_RAND_bytes(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + const int size1 = RNG_MAX_BLOCK_LEN; /* in bytes */ + const int size2 = RNG_MAX_BLOCK_LEN + 1; /* in bytes */ + const int size3 = RNG_MAX_BLOCK_LEN * 2; /* in bytes */ + const int size4 = RNG_MAX_BLOCK_LEN * 4; /* in bytes */ + int max_bufsize; + byte *my_buf = NULL; +#if defined(OPENSSL_EXTRA) && defined(HAVE_GETPID) && !defined(__MINGW64__) && \ + !defined(__MINGW32__) + byte seed[16] = {0}; + byte randbuf[8] = {0}; + int pipefds[2] = {0}; + pid_t pid = 0; +#endif + + /* sanity check */ + ExpectIntEQ(RAND_bytes(NULL, 16), 0); + ExpectIntEQ(RAND_bytes(NULL, 0), 0); + + max_bufsize = size4; + + ExpectNotNull(my_buf = (byte*)XMALLOC(max_bufsize * sizeof(byte), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + + ExpectIntEQ(RAND_bytes(my_buf, 0), 1); + ExpectIntEQ(RAND_bytes(my_buf, -1), 0); + + ExpectNotNull(XMEMSET(my_buf, 0, max_bufsize)); + ExpectIntEQ(RAND_bytes(my_buf, size1), 1); + ExpectIntEQ(RAND_bytes(my_buf, size2), 1); + ExpectIntEQ(RAND_bytes(my_buf, size3), 1); + ExpectIntEQ(RAND_bytes(my_buf, size4), 1); + XFREE(my_buf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + +#if defined(OPENSSL_EXTRA) && defined(HAVE_GETPID) && !defined(__MINGW64__) && \ + !defined(__MINGW32__) + XMEMSET(seed, 0, sizeof(seed)); + RAND_cleanup(); + + /* No global methods set. */ + ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); + + ExpectIntEQ(pipe(pipefds), 0); + pid = fork(); + ExpectIntGE(pid, 0); + if (pid == 0) { + ssize_t n_written = 0; + + /* Child process. */ + close(pipefds[0]); + RAND_bytes(randbuf, sizeof(randbuf)); + n_written = write(pipefds[1], randbuf, sizeof(randbuf)); + close(pipefds[1]); + exit(n_written == sizeof(randbuf) ? 0 : 1); + } + else { + /* Parent process. */ + byte childrand[8] = {0}; + int waitstatus = 0; + + close(pipefds[1]); + ExpectIntEQ(RAND_bytes(randbuf, sizeof(randbuf)), 1); + ExpectIntEQ(read(pipefds[0], childrand, sizeof(childrand)), + sizeof(childrand)); + #ifdef WOLFSSL_NO_GETPID + ExpectBufEQ(randbuf, childrand, sizeof(randbuf)); + #else + ExpectBufNE(randbuf, childrand, sizeof(randbuf)); + #endif + close(pipefds[0]); + waitpid(pid, &waitstatus, 0); + } + RAND_cleanup(); +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_RAND(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + byte seed[16]; + + XMEMSET(seed, 0, sizeof(seed)); + + /* No global methods set. */ + ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); + ExpectIntEQ(RAND_poll(), 1); + RAND_cleanup(); + + ExpectIntEQ(RAND_egd(NULL), -1); +#ifndef NO_FILESYSTEM + { + char fname[100]; + + ExpectNotNull(RAND_file_name(fname, (sizeof(fname) - 1))); + ExpectIntEQ(RAND_write_file(NULL), 0); + } +#endif +#endif + return EXPECT_RESULT(); +} + + +#if defined(WC_RNG_SEED_CB) && defined(OPENSSL_EXTRA) +static int wc_DummyGenerateSeed(OS_Seed* os, byte* output, word32 sz) +{ + word32 i; + for (i = 0; i < sz; i++ ) + output[i] = (byte)i; + + (void)os; + + return 0; +} +#endif /* WC_RNG_SEED_CB */ + + +static int test_wolfSSL_RAND_poll(void) +{ + EXPECT_DECLS; + +#if defined(OPENSSL_EXTRA) + byte seed[16]; + byte rand1[16]; +#ifdef WC_RNG_SEED_CB + byte rand2[16]; +#endif + + XMEMSET(seed, 0, sizeof(seed)); + ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); + ExpectIntEQ(RAND_poll(), 1); + ExpectIntEQ(RAND_bytes(rand1, 16), 1); + RAND_cleanup(); + +#ifdef WC_RNG_SEED_CB + /* Test with custom seed and poll */ + wc_SetSeed_Cb(wc_DummyGenerateSeed); + + ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); + ExpectIntEQ(RAND_bytes(rand1, 16), 1); + RAND_cleanup(); + + /* test that the same value is generated twice with dummy seed function */ + ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); + ExpectIntEQ(RAND_bytes(rand2, 16), 1); + ExpectIntEQ(XMEMCMP(rand1, rand2, 16), 0); + RAND_cleanup(); + + /* test that doing a poll is reseeding RNG */ + ExpectIntEQ(RAND_seed(seed, sizeof(seed)), 1); + ExpectIntEQ(RAND_poll(), 1); + ExpectIntEQ(RAND_bytes(rand2, 16), 1); + ExpectIntNE(XMEMCMP(rand1, rand2, 16), 0); + + /* reset the seed function used */ + wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT); +#endif + RAND_cleanup(); + + ExpectIntEQ(RAND_egd(NULL), -1); +#endif + + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_PKCS8_Compat(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) && \ + !defined(NO_BIO) + PKCS8_PRIV_KEY_INFO* pt = NULL; + PKCS8_PRIV_KEY_INFO* pt2 = NULL; + BIO* bio = NULL; + XFILE f = XBADFILE; + int bytes = 0; + char pkcs8_buffer[512]; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL) + EVP_PKEY *pkey = NULL; +#endif + + /* file from wolfssl/certs/ directory */ + ExpectTrue((f = XFOPEN("./certs/ecc-keyPkcs8.pem", "rb")) != XBADFILE); + ExpectIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), f)), + 0); + if (f != XBADFILE) + XFCLOSE(f); + ExpectNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes)); + ExpectNotNull(pt = d2i_PKCS8_PRIV_KEY_INFO_bio(bio, NULL)); + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_WPAS_SMALL) + ExpectNotNull(pkey = EVP_PKCS82PKEY(pt)); + ExpectIntEQ(EVP_PKEY_type(pkey->type), EVP_PKEY_EC); + + /* gets PKCS8 pointer to pkey */ + ExpectNotNull(pt2 = EVP_PKEY2PKCS8(pkey)); + + EVP_PKEY_free(pkey); +#endif + + BIO_free(bio); + PKCS8_PRIV_KEY_INFO_free(pt); + PKCS8_PRIV_KEY_INFO_free(pt2); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_BIO) +static int NoPasswordCallBack(char* passwd, int sz, int rw, void* userdata) +{ + (void)passwd; + (void)sz; + (void)rw; + (void)userdata; + + return -1; +} +#endif + +static int test_wolfSSL_PKCS8_d2i(void) +{ + EXPECT_DECLS; +#if !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA) + /* This test ends up using HMAC as a part of PBKDF2, and HMAC + * requires a 12 byte password in FIPS mode. This test ends up + * trying to use an 8 byte password. */ + +#ifndef NO_FILESYSTEM + unsigned char pkcs8_buffer[2048]; + const unsigned char* p = NULL; + int bytes = 0; + XFILE file = XBADFILE; + WOLFSSL_EVP_PKEY* pkey = NULL; +#ifndef NO_BIO + BIO* bio = NULL; + #if defined(OPENSSL_ALL) && \ + ((!defined(NO_RSA) && !defined(NO_DES3)) || \ + defined(HAVE_ECC)) && \ + !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + WOLFSSL_EVP_PKEY* evpPkey = NULL; + #endif +#endif +#ifndef NO_RSA + const char rsaDerPkcs8File[] = "./certs/server-keyPkcs8.der"; + const char rsaPemPkcs8File[] = "./certs/server-keyPkcs8.pem"; + #ifndef NO_DES3 + const char rsaDerPkcs8EncFile[] = "./certs/server-keyPkcs8Enc.der"; + #endif +#endif /* NO_RSA */ +#ifdef HAVE_ECC + const char ecDerPkcs8File[] = "certs/ecc-keyPkcs8.der"; + const char ecPemPkcs8File[] = "certs/ecc-keyPkcs8.pem"; + #ifndef NO_DES3 + const char ecDerPkcs8EncFile[] = "certs/ecc-keyPkcs8Enc.der"; + #endif +#endif /* HAVE_ECC */ +#endif /* !NO_FILESYSTEM */ + +#if defined(OPENSSL_ALL) && (!defined(NO_RSA) || defined(HAVE_ECC)) +#ifndef NO_RSA + #ifdef USE_CERT_BUFFERS_1024 + const unsigned char* rsa = (unsigned char*)server_key_der_1024; + int rsaSz = sizeof_server_key_der_1024; + #else + const unsigned char* rsa = (unsigned char*)server_key_der_2048; + int rsaSz = sizeof_server_key_der_2048; + #endif +#endif +#ifdef HAVE_ECC + const unsigned char* ec = (unsigned char*)ecc_key_der_256; + int ecSz = sizeof_ecc_key_der_256; +#endif +#endif /* OPENSSL_ALL && (!NO_RSA || HAVE_ECC) */ + + +#ifndef NO_FILESYSTEM + (void)pkcs8_buffer; + (void)p; + (void)bytes; + (void)file; +#ifndef NO_BIO + (void)bio; +#endif +#endif + +#ifdef OPENSSL_ALL +#ifndef NO_RSA + /* Try to auto-detect normal RSA private key */ + ExpectNotNull(pkey = d2i_AutoPrivateKey(NULL, &rsa, rsaSz)); + EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#ifdef HAVE_ECC + /* Try to auto-detect normal EC private key */ + ExpectNotNull(pkey = d2i_AutoPrivateKey(NULL, &ec, ecSz)); + EVP_PKEY_free(pkey); + pkey = NULL; +#endif +#endif /* OPENSSL_ALL */ + +#ifndef NO_FILESYSTEM +#if defined(OPENSSL_ALL) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + ExpectIntEQ(PEM_write_PKCS8PrivateKey(XBADFILE, pkey, NULL, NULL, 0, NULL, + NULL), 0); + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, NULL, NULL, NULL, 0, NULL, + NULL), 0); +#endif + +#ifndef NO_RSA + /* Get DER encoded RSA PKCS#8 data. */ + ExpectTrue((file = XFOPEN(rsaDerPkcs8File, "rb")) != XBADFILE); + ExpectNotNull(XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer))); + ExpectIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), + file)), 0); + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + + p = pkcs8_buffer; +#ifdef OPENSSL_ALL + /* Try to decode - auto-detect key type. */ + ExpectNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes)); +#else + ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &p, bytes)); +#endif + + /* Get PEM encoded RSA PKCS#8 data. */ + ExpectTrue((file = XFOPEN(rsaPemPkcs8File, "rb")) != XBADFILE); + ExpectIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), + file)), 0); + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } +#if defined(OPENSSL_ALL) && \ + !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(NULL, pkey, NULL, NULL, 0, NULL, + NULL), 0); + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, NULL, NULL, NULL, 0, NULL, + NULL), 0); + /* Write PKCS#8 PEM to BIO. */ + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), bytes); + /* Write PKCS#8 PEM to stderr. */ + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, NULL, NULL, 0, NULL, + NULL), bytes); + /* Compare file and written data */ + ExpectIntEQ(BIO_get_mem_data(bio, &p), bytes); + ExpectIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0); + BIO_free(bio); + bio = NULL; +#if !defined(NO_AES) && defined(HAVE_AESGCM) + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_128_gcm(), + NULL, 0, PasswordCallBack, (void*)"yassl123"), 0); +#endif +#if !defined(NO_DES3) && !defined(NO_SHA) + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + /* Write Encrypted PKCS#8 PEM to BIO. */ + bytes = 1834; + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_des_ede3_cbc(), + NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes); + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_des_ede3_cbc(), + NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes); + ExpectNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack, + (void*)"yassl123")); + EVP_PKEY_free(evpPkey); + evpPkey = NULL; + BIO_free(bio); + bio = NULL; +#endif /* !NO_DES3 && !NO_SHA */ +#endif /* !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ + EVP_PKEY_free(pkey); + pkey = NULL; + + /* PKCS#8 encrypted RSA key */ +#ifndef NO_DES3 + ExpectTrue((file = XFOPEN(rsaDerPkcs8EncFile, "rb")) != XBADFILE); + ExpectNotNull(XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer))); + ExpectIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), + file)), 0); + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } +#if defined(OPENSSL_ALL) && \ + !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + ExpectNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes)); + ExpectNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack, + (void*)"yassl123")); + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(bio); + bio = NULL; +#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ +#endif /* !NO_DES3 */ +#endif /* NO_RSA */ + +#ifdef HAVE_ECC + /* PKCS#8 encode EC key */ + ExpectTrue((file = XFOPEN(ecDerPkcs8File, "rb")) != XBADFILE); + ExpectNotNull(XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer))); + ExpectIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), + file)), 0); + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } + + p = pkcs8_buffer; +#ifdef OPENSSL_ALL + /* Try to decode - auto-detect key type. */ + ExpectNotNull(pkey = d2i_AutoPrivateKey(NULL, &p, bytes)); +#else + ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &p, bytes)); +#endif + + /* Get PEM encoded RSA PKCS#8 data. */ + ExpectTrue((file = XFOPEN(ecPemPkcs8File, "rb")) != XBADFILE); + ExpectNotNull(XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer))); + ExpectIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), + file)), 0); + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } +#if defined(OPENSSL_ALL) && \ + !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) && \ + defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + /* Write PKCS#8 PEM to BIO. */ + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, NULL, NULL, 0, NULL, + NULL), bytes); + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, NULL, NULL, 0, NULL, + NULL), bytes); + /* Compare file and written data */ + ExpectIntEQ(BIO_get_mem_data(bio, &p), bytes); + ExpectIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0); + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + /* Write Encrypted PKCS#8 PEM to BIO (test write 0 then 379) */ + bytes = 379; + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(), + NULL, 0, NoPasswordCallBack, (void*)"yassl123"), 0); + ExpectIntEQ(PEM_write_bio_PKCS8PrivateKey(bio, pkey, EVP_aes_256_cbc(), + NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes); + + /* invalid cases to stderr */ + #ifdef WOLFSSL_AES_128 + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_128_cbc(), + NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes); + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_128_cbc(), + (char*)"yassl123", 8, PasswordCallBack, NULL), bytes); + #endif + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_256_cbc(), + NULL, 0, PasswordCallBack, (void*)"yassl123"), bytes); + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, pkey, EVP_aes_256_cbc(), + (char*)"yassl123", 8, PasswordCallBack, NULL), bytes); + + /* read/decode private key with password */ + ExpectNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, PasswordCallBack, + (void*)"yassl123")); + EVP_PKEY_free(evpPkey); + evpPkey = NULL; + BIO_free(bio); + bio = NULL; + + /* https://github.com/wolfSSL/wolfssl/issues/8610 */ + bytes = (int)XSTRLEN((char *)pkcs8_buffer); + ExpectNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes)); + ExpectIntEQ(BIO_get_mem_data(bio, &p), bytes); + ExpectIntEQ(XMEMCMP(p, pkcs8_buffer, bytes), 0); + + ExpectNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, + (void*)"yassl123")); + ExpectIntEQ(PEM_write_PKCS8PrivateKey(stderr, evpPkey, NULL, + NULL, 0, NULL, NULL), bytes); + EVP_PKEY_free(evpPkey); + evpPkey = NULL; + BIO_free(bio); + bio = NULL; +#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 && HAVE_AES_CBC */ + EVP_PKEY_free(pkey); + pkey = NULL; + + /* PKCS#8 encrypted EC key */ +#ifndef NO_DES3 + ExpectTrue((file = XFOPEN(ecDerPkcs8EncFile, "rb")) != XBADFILE); + ExpectNotNull(XMEMSET(pkcs8_buffer, 0, sizeof(pkcs8_buffer))); + ExpectIntGT((bytes = (int)XFREAD(pkcs8_buffer, 1, sizeof(pkcs8_buffer), + file)), 0); + if (file != XBADFILE) { + XFCLOSE(file); + file = XBADFILE; + } +#if defined(OPENSSL_ALL) && \ + !defined(NO_BIO) && !defined(NO_PWDBASED) && defined(HAVE_PKCS8) + ExpectNotNull(bio = BIO_new_mem_buf((void*)pkcs8_buffer, bytes)); + ExpectNotNull(pkey = d2i_PKCS8PrivateKey_bio(bio, NULL, PasswordCallBack, + (void*)"yassl123")); + EVP_PKEY_free(pkey); + pkey = NULL; + BIO_free(bio); + bio = NULL; +#endif /* OPENSSL_ALL && !NO_BIO && !NO_PWDBASED && HAVE_PKCS8 */ +#endif /* !NO_DES3 */ +#endif /* HAVE_ECC */ + +#endif /* !NO_FILESYSTEM */ +#endif /* HAVE_FIPS && OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +#if !defined(SINGLE_THREADED) && defined(ERROR_QUEUE_PER_THREAD) && \ + !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ + defined(DEBUG_WOLFSSL) +#define LOGGING_THREADS 5 +#define ERROR_COUNT 10 +/* copied from logging.c since this is not exposed otherwise */ +#ifndef ERROR_QUEUE_MAX +#ifdef ERROR_QUEUE_PER_THREAD + #define ERROR_QUEUE_MAX 16 +#else + /* this breaks from compat of unlimited error queue size */ + #define ERROR_QUEUE_MAX 100 +#endif +#endif + +static volatile int loggingThreadsReady; +static THREAD_RETURN WOLFSSL_THREAD test_logging(void* args) +{ + const char* file; + int line; + unsigned long err; + int errorCount = 0; + int i; + + (void)args; + + while (!loggingThreadsReady); + for (i = 0; i < ERROR_COUNT; i++) + ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__); + + while ((err = ERR_get_error_line(&file, &line))) { + AssertIntEQ(err, 990 + errorCount); + errorCount++; + } + AssertIntEQ(errorCount, ERROR_COUNT); + + /* test max queue behavior, trying to add an arbitrary 3 errors over */ + ERR_clear_error(); /* ERR_get_error_line() does not remove */ + errorCount = 0; + for (i = 0; i < ERROR_QUEUE_MAX + 3; i++) + ERR_put_error(ERR_LIB_PEM, SYS_F_ACCEPT, -990 - i, __FILE__, __LINE__); + + while ((err = ERR_get_error_line(&file, &line))) { + AssertIntEQ(err, 990 + errorCount); + errorCount++; + } + + /* test that the 3 errors over the max were dropped */ + AssertIntEQ(errorCount, ERROR_QUEUE_MAX); + + WOLFSSL_RETURN_FROM_THREAD(0); +} +#endif + +static int test_error_queue_per_thread(void) +{ + int res = TEST_SKIPPED; +#if !defined(SINGLE_THREADED) && defined(ERROR_QUEUE_PER_THREAD) && \ + !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ + defined(DEBUG_WOLFSSL) + THREAD_TYPE loggingThreads[LOGGING_THREADS]; + int i; + + ERR_clear_error(); /* clear out any error nodes */ + + loggingThreadsReady = 0; + for (i = 0; i < LOGGING_THREADS; i++) + start_thread(test_logging, NULL, &loggingThreads[i]); + loggingThreadsReady = 1; + for (i = 0; i < LOGGING_THREADS; i++) + join_thread(loggingThreads[i]); + + res = TEST_SUCCESS; +#endif + return res; +} + +static int test_wolfSSL_ERR_put_error(void) +{ + EXPECT_DECLS; +#if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ + defined(DEBUG_WOLFSSL) + const char* file; + int line; + + ERR_clear_error(); /* clear out any error nodes */ + ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0); + ExpectIntEQ(ERR_get_error_line(&file, &line), 0); + ERR_put_error(0,SYS_F_BIND, 1, "this file", 1); + ExpectIntEQ(ERR_get_error_line(&file, &line), 1); + ERR_put_error(0,SYS_F_CONNECT, 2, "this file", 2); + ExpectIntEQ(ERR_get_error_line(&file, &line), 2); + ERR_put_error(0,SYS_F_FOPEN, 3, "this file", 3); + ExpectIntEQ(ERR_get_error_line(&file, &line), 3); + ERR_put_error(0,SYS_F_FREAD, 4, "this file", 4); + ExpectIntEQ(ERR_get_error_line(&file, &line), 4); + ERR_put_error(0,SYS_F_GETADDRINFO, 5, "this file", 5); + ExpectIntEQ(ERR_get_error_line(&file, &line), 5); + ERR_put_error(0,SYS_F_GETSOCKOPT, 6, "this file", 6); + ExpectIntEQ(ERR_get_error_line(&file, &line), 6); + ERR_put_error(0,SYS_F_GETSOCKNAME, 7, "this file", 7); + ExpectIntEQ(ERR_get_error_line(&file, &line), 7); + ERR_put_error(0,SYS_F_GETHOSTBYNAME, 8, "this file", 8); + ExpectIntEQ(ERR_get_error_line(&file, &line), 8); + ERR_put_error(0,SYS_F_GETNAMEINFO, 9, "this file", 9); + ExpectIntEQ(ERR_get_error_line(&file, &line), 9); + ERR_put_error(0,SYS_F_GETSERVBYNAME, 10, "this file", 10); + ExpectIntEQ(ERR_get_error_line(&file, &line), 10); + ERR_put_error(0,SYS_F_IOCTLSOCKET, 11, "this file", 11); + ExpectIntEQ(ERR_get_error_line(&file, &line), 11); + ERR_put_error(0,SYS_F_LISTEN, 12, "this file", 12); + ExpectIntEQ(ERR_get_error_line(&file, &line), 12); + ERR_put_error(0,SYS_F_OPENDIR, 13, "this file", 13); + ExpectIntEQ(ERR_get_error_line(&file, &line), 13); + ERR_put_error(0,SYS_F_SETSOCKOPT, 14, "this file", 14); + ExpectIntEQ(ERR_get_error_line(&file, &line), 14); + ERR_put_error(0,SYS_F_SOCKET, 15, "this file", 15); + ExpectIntEQ(ERR_get_error_line(&file, &line), 15); + +#if defined(OPENSSL_ALL) && defined(WOLFSSL_PYTHON) + ERR_put_error(ERR_LIB_ASN1, SYS_F_ACCEPT, ASN1_R_HEADER_TOO_LONG, + "this file", 100); + ExpectIntEQ(wolfSSL_ERR_peek_last_error_line(&file, &line), + (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG); + ExpectIntEQ(line, 100); + ExpectIntEQ(wolfSSL_ERR_peek_error(), + (ERR_LIB_ASN1 << 24) | ASN1_R_HEADER_TOO_LONG); + ExpectIntEQ(ERR_get_error_line(&file, &line), ASN1_R_HEADER_TOO_LONG); +#endif + + /* try reading past end of error queue */ + file = NULL; + ExpectIntEQ(ERR_get_error_line(&file, &line), 0); + ExpectNull(file); + ExpectIntEQ(ERR_get_error_line_data(&file, &line, NULL, NULL), 0); + + PEMerr(4,4); + ExpectIntEQ(ERR_get_error(), 4); + /* Empty and free up all error nodes */ + ERR_clear_error(); + + /* Verify all nodes are cleared */ + ERR_put_error(0,SYS_F_ACCEPT, 0, "this file", 0); + ERR_clear_error(); + ExpectIntEQ(ERR_get_error_line(&file, &line), 0); +#endif + return EXPECT_RESULT(); +} + +/* + * This is a regression test for a bug where the peek/get error functions were + * drawing from the end of the queue rather than the front. + */ +static int test_wolfSSL_ERR_get_error_order(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_HAVE_ERROR_QUEUE) && defined(OPENSSL_EXTRA) + /* Empty the queue. */ + wolfSSL_ERR_clear_error(); + + wolfSSL_ERR_put_error(0, 0, WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), "test", 0); + wolfSSL_ERR_put_error(0, 0, WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E), "test", 0); + + ExpectIntEQ(wolfSSL_ERR_peek_error(), -WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); + ExpectIntEQ(wolfSSL_ERR_get_error(), -WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); + ExpectIntEQ(wolfSSL_ERR_peek_error(), -WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)); + ExpectIntEQ(wolfSSL_ERR_get_error(), -WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E)); +#endif /* WOLFSSL_HAVE_ERROR_QUEUE && OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +#ifndef NO_BIO + +static int test_wolfSSL_ERR_print_errors(void) +{ + EXPECT_DECLS; +#if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ + defined(DEBUG_WOLFSSL) && !defined(NO_ERROR_STRINGS) + BIO* bio = NULL; + char buf[1024]; + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ERR_clear_error(); /* clear out any error nodes */ + ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0); + /* Choosing -600 as an unused errno. */ + ERR_put_error(0,SYS_F_BIND, -600, "asn.c", 100); + + ERR_print_errors(bio); + ExpectIntEQ(BIO_gets(bio, buf, sizeof(buf)), 56); + ExpectIntEQ(XSTRNCMP( + "error:173:wolfSSL library:Bad function argument:ssl.c:0", + buf, 55), 0); + ExpectIntEQ(BIO_gets(bio, buf, sizeof(buf)), 57); + ExpectIntEQ(XSTRNCMP( + "error:600:wolfSSL library:unknown error number:asn.c:100", + buf, 56), 0); + ExpectIntEQ(BIO_gets(bio, buf, sizeof(buf)), 1); + ExpectIntEQ(buf[0], '\0'); + ExpectIntEQ(ERR_get_error_line(NULL, NULL), 0); + + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +#if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ + defined(DEBUG_WOLFSSL) +static int test_wolfSSL_error_cb(const char *str, size_t len, void *u) +{ + if (u != NULL) { + wolfSSL_BIO_write((BIO*)u, str, (int)len); + } + return 0; +} +#endif + +static int test_wolfSSL_ERR_print_errors_cb(void) +{ + EXPECT_DECLS; +#if !defined(NO_ERROR_QUEUE) && defined(OPENSSL_EXTRA) && \ + defined(DEBUG_WOLFSSL) + BIO* bio = NULL; + char buf[1024]; + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ERR_clear_error(); /* clear out any error nodes */ + ERR_put_error(0,SYS_F_ACCEPT, -173, "ssl.c", 0); + ERR_put_error(0,SYS_F_BIND, -275, "asn.c", 100); + + ERR_print_errors_cb(test_wolfSSL_error_cb, bio); + ExpectIntEQ(BIO_gets(bio, buf, sizeof(buf)), 108); + ExpectIntEQ(XSTRNCMP( + "wolfSSL error occurred, error = 173 line:0 file:ssl.c", + buf, 53), 0); + ExpectIntEQ(XSTRNCMP( + "wolfSSL error occurred, error = 275 line:100 file:asn.c", + buf + 53, 55), 0); + ExpectIntEQ(BIO_gets(bio, buf, sizeof(buf)), 0); + + BIO_free(bio); +#endif + + return EXPECT_RESULT(); +} +/* + * Testing WOLFSSL_ERROR_MSG + */ +static int test_WOLFSSL_ERROR_MSG(void) +{ + int res = TEST_SKIPPED; +#if defined(DEBUG_WOLFSSL) || defined(OPENSSL_ALL) || defined(WOLFSSL_NGINX) ||\ + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) + const char* msg = TEST_STRING; + + WOLFSSL_ERROR_MSG(msg); + + res = TEST_SUCCESS; +#endif + return res; +} /* End test_WOLFSSL_ERROR_MSG */ +/* + * Testing wc_ERR_remove_state + */ +static int test_wc_ERR_remove_state(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) + wc_ERR_remove_state(); + + res = TEST_SUCCESS; +#endif + return res; +} /* End test_wc_ERR_remove_state */ +/* + * Testing wc_ERR_print_errors_fp + */ +static int test_wc_ERR_print_errors_fp(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE)) && \ + (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)) + long sz; + XFILE fp = XBADFILE; + + WOLFSSL_ERROR(WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectTrue((fp = XFOPEN("./tests/test-log-dump-to-file.txt", "a+")) != + XBADFILE); + wc_ERR_print_errors_fp(fp); +#if defined(DEBUG_WOLFSSL) + ExpectTrue(XFSEEK(fp, 0, XSEEK_END) == 0); + #ifdef NO_ERROR_QUEUE + ExpectIntEQ(sz = XFTELL(fp), 0); + #else + ExpectIntNE(sz = XFTELL(fp), 0); + #endif +#endif + if (fp != XBADFILE) + XFCLOSE(fp); + (void)sz; +#endif + return EXPECT_RESULT(); +} /* End test_wc_ERR_print_errors_fp */ +#ifdef DEBUG_WOLFSSL +static void Logging_cb(const int logLevel, const char *const logMessage) +{ + (void)logLevel; + (void)logMessage; +} +#endif +/* + * Testing wolfSSL_GetLoggingCb + */ +static int test_wolfSSL_GetLoggingCb(void) +{ + EXPECT_DECLS; +#ifdef DEBUG_WOLFSSL + /* Testing without wolfSSL_SetLoggingCb() */ + ExpectNull(wolfSSL_GetLoggingCb()); + /* Testing with wolfSSL_SetLoggingCb() */ + ExpectIntEQ(wolfSSL_SetLoggingCb(Logging_cb), 0); + ExpectNotNull(wolfSSL_GetLoggingCb()); + ExpectIntEQ(wolfSSL_SetLoggingCb(NULL), 0); +#endif + ExpectNull(wolfSSL_GetLoggingCb()); + + return EXPECT_RESULT(); +} /* End test_wolfSSL_GetLoggingCb */ + +#endif /* !NO_BIO */ + +static int test_wolfSSL_OBJ(void) +{ +/* Password "wolfSSL test" is only 12 (96-bit) too short for testing in FIPS + * mode + */ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && !defined(NO_ASN) && \ + !defined(HAVE_FIPS) && !defined(NO_SHA) && defined(WOLFSSL_CERT_EXT) && \ + defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && \ + !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) + ASN1_OBJECT *obj = NULL; + ASN1_OBJECT *obj2 = NULL; + char buf[50]; + + XFILE fp = XBADFILE; + X509 *x509 = NULL; + X509_NAME *x509Name = NULL; + X509_NAME_ENTRY *x509NameEntry = NULL; + ASN1_OBJECT *asn1Name = NULL; + int numNames = 0; + BIO *bio = NULL; + int nid; + int i, j; + const char *f[] = { + #ifndef NO_RSA + "./certs/ca-cert.der", + #endif + #ifdef HAVE_ECC + "./certs/ca-ecc-cert.der", + "./certs/ca-ecc384-cert.der", + #endif + NULL}; + ASN1_OBJECT *field_name_obj = NULL; + int lastpos = -1; + int tmp = -1; + ASN1_STRING *asn1 = NULL; + unsigned char *buf_dyn = NULL; + + ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectNotNull(obj = OBJ_nid2obj(NID_any_policy)); + ExpectIntEQ(OBJ_obj2nid(obj), NID_any_policy); + ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 11); + ExpectIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0); + ASN1_OBJECT_free(obj); + obj = NULL; + + ExpectNotNull(obj = OBJ_nid2obj(NID_sha256)); + ExpectIntEQ(OBJ_obj2nid(obj), NID_sha256); + ExpectIntEQ(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1), 22); +#ifdef WOLFSSL_CERT_EXT + ExpectIntEQ(OBJ_txt2nid(buf), NID_sha256); +#endif + ExpectIntGT(OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0), 0); + ExpectNotNull(obj2 = OBJ_dup(obj)); + ExpectIntEQ(OBJ_cmp(obj, obj2), 0); + ASN1_OBJECT_free(obj); + obj = NULL; + ASN1_OBJECT_free(obj2); + obj2 = NULL; + + for (i = 0; f[i] != NULL; i++) + { + ExpectTrue((fp = XFOPEN(f[i], "rb")) != XBADFILE); + ExpectNotNull(x509 = d2i_X509_fp(fp, NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectNotNull(x509Name = X509_get_issuer_name(x509)); + ExpectIntNE((numNames = X509_NAME_entry_count(x509Name)), 0); + + /* Get the Common Name by using OBJ_txt2obj */ + ExpectNotNull(field_name_obj = OBJ_txt2obj("CN", 0)); + ExpectIntEQ(X509_NAME_get_index_by_OBJ(NULL, NULL, 99), + WOLFSSL_FATAL_ERROR); + ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, NULL, 99), + WOLFSSL_FATAL_ERROR); + ExpectIntEQ(X509_NAME_get_index_by_OBJ(NULL, field_name_obj, 99), + WOLFSSL_FATAL_ERROR); + ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, 99), + WOLFSSL_FATAL_ERROR); + ExpectIntEQ(X509_NAME_get_index_by_OBJ(x509Name, NULL, 0), + WOLFSSL_FATAL_ERROR); + do + { + lastpos = tmp; + tmp = X509_NAME_get_index_by_OBJ(x509Name, field_name_obj, lastpos); + } while (tmp > -1); + ExpectIntNE(lastpos, -1); + ASN1_OBJECT_free(field_name_obj); + field_name_obj = NULL; + ExpectNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, lastpos)); + ExpectNotNull(asn1 = X509_NAME_ENTRY_get_data(x509NameEntry)); + ExpectIntGE(ASN1_STRING_to_UTF8(&buf_dyn, asn1), 0); + /* + * All Common Names should be www.wolfssl.com + * This makes testing easier as we can test for the expected value. + */ + ExpectStrEQ((char*)buf_dyn, "www.wolfssl.com"); + OPENSSL_free(buf_dyn); + buf_dyn = NULL; + bio = BIO_new(BIO_s_mem()); + ExpectTrue(bio != NULL); + for (j = 0; j < numNames; j++) + { + ExpectNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j)); + ExpectNotNull(asn1Name = X509_NAME_ENTRY_get_object(x509NameEntry)); + ExpectTrue((nid = OBJ_obj2nid(asn1Name)) > 0); + } + BIO_free(bio); + bio = NULL; + X509_free(x509); + x509 = NULL; + + } + +#ifdef HAVE_PKCS12 + { + PKCS12 *p12 = NULL; + int boolRet; + EVP_PKEY *pkey = NULL; + const char *p12_f[] = { + /* bundle uses AES-CBC 256 and PKCS7 key uses DES3 */ + #if !defined(NO_DES3) && defined(WOLFSSL_AES_256) && !defined(NO_RSA) + "./certs/test-servercert.p12", + #endif + NULL + }; + + for (i = 0; p12_f[i] != NULL; i++) + { + ExpectTrue((fp = XFOPEN(p12_f[i], "rb")) != XBADFILE); + ExpectNotNull(p12 = d2i_PKCS12_fp(fp, NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectTrue((boolRet = PKCS12_parse(p12, "wolfSSL test", + &pkey, &x509, NULL)) > 0); + wc_PKCS12_free(p12); + p12 = NULL; + EVP_PKEY_free(pkey); + x509Name = X509_get_issuer_name(x509); + ExpectNotNull(x509Name); + ExpectIntNE((numNames = X509_NAME_entry_count(x509Name)), 0); + ExpectTrue((bio = BIO_new(BIO_s_mem())) != NULL); + for (j = 0; j < numNames; j++) + { + ExpectNotNull(x509NameEntry = X509_NAME_get_entry(x509Name, j)); + ExpectNotNull(asn1Name = + X509_NAME_ENTRY_get_object(x509NameEntry)); + ExpectTrue((nid = OBJ_obj2nid(asn1Name)) > 0); + } + BIO_free(bio); + bio = NULL; + X509_free(x509); + x509 = NULL; + } + } +#endif /* HAVE_PKCS12 */ +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_OBJ_cmp(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) + ASN1_OBJECT *obj = NULL; + ASN1_OBJECT *obj2 = NULL; + + ExpectNotNull(obj = OBJ_nid2obj(NID_any_policy)); + ExpectNotNull(obj2 = OBJ_nid2obj(NID_sha256)); + + ExpectIntEQ(OBJ_cmp(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(OBJ_cmp(obj, NULL), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(OBJ_cmp(NULL, obj2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(OBJ_cmp(obj, obj2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(OBJ_cmp(obj, obj), 0); + ExpectIntEQ(OBJ_cmp(obj2, obj2), 0); + + ASN1_OBJECT_free(obj); + ASN1_OBJECT_free(obj2); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_OBJ_txt2nid(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(WOLFSSL_APACHE_HTTPD) + int i; + static const struct { + const char* sn; + const char* ln; + const char* oid; + int nid; + } testVals[] = { +#ifdef WOLFSSL_APACHE_HTTPD + { "tlsfeature", "TLS Feature", "1.3.6.1.5.5.7.1.24", NID_tlsfeature }, + { "id-on-dnsSRV", "SRVName", "1.3.6.1.5.5.7.8.7", + NID_id_on_dnsSRV }, + { "msUPN", "Microsoft User Principal Name", + "1.3.6.1.4.1.311.20.2.3", NID_ms_upn }, +#endif + { NULL, NULL, NULL, NID_undef } + }; + + /* Invalid cases */ + ExpectIntEQ(OBJ_txt2nid(NULL), NID_undef); + ExpectIntEQ(OBJ_txt2nid("Bad name"), NID_undef); + + /* Valid cases */ + for (i = 0; testVals[i].sn != NULL; i++) { + ExpectIntEQ(OBJ_txt2nid(testVals[i].sn), testVals[i].nid); + ExpectIntEQ(OBJ_txt2nid(testVals[i].ln), testVals[i].nid); + ExpectIntEQ(OBJ_txt2nid(testVals[i].oid), testVals[i].nid); + } +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_OBJ_txt2obj(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_APACHE_HTTPD) || (defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN)) + int i; + char buf[50]; + ASN1_OBJECT* obj = NULL; + static const struct { + const char* oidStr; + const char* sn; + const char* ln; + } objs_list[] = { + #if defined(WOLFSSL_APACHE_HTTPD) + { "1.3.6.1.5.5.7.1.24", "tlsfeature", "TLS Feature" }, + { "1.3.6.1.5.5.7.8.7", "id-on-dnsSRV", "SRVName" }, + #endif + { "2.5.29.19", "basicConstraints", "X509v3 Basic Constraints"}, + { NULL, NULL, NULL } + }; + static const struct { + const char* numeric; + const char* name; + } objs_named[] = { + /* In dictionary but not in normal list. */ + { "1.3.6.1.5.5.7.3.8", "Time Stamping" }, + /* Made up OID. */ + { "1.3.5.7", "1.3.5.7" }, + { NULL, NULL } + }; + + ExpectNull(obj = OBJ_txt2obj("Bad name", 0)); + ASN1_OBJECT_free(obj); + obj = NULL; + ExpectNull(obj = OBJ_txt2obj(NULL, 0)); + ASN1_OBJECT_free(obj); + obj = NULL; + + for (i = 0; objs_list[i].oidStr != NULL; i++) { + /* Test numerical value of oid (oidStr) */ + ExpectNotNull(obj = OBJ_txt2obj(objs_list[i].oidStr, 1)); + /* Convert object back to text to confirm oid is correct */ + wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); + ExpectIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0); + ASN1_OBJECT_free(obj); + obj = NULL; + XMEMSET(buf, 0, sizeof(buf)); + + /* Test short name (sn) */ + ExpectNull(obj = OBJ_txt2obj(objs_list[i].sn, 1)); + ExpectNotNull(obj = OBJ_txt2obj(objs_list[i].sn, 0)); + /* Convert object back to text to confirm oid is correct */ + wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); + ExpectIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0); + ASN1_OBJECT_free(obj); + obj = NULL; + XMEMSET(buf, 0, sizeof(buf)); + + /* Test long name (ln) - should fail when no_name = 1 */ + ExpectNull(obj = OBJ_txt2obj(objs_list[i].ln, 1)); + ExpectNotNull(obj = OBJ_txt2obj(objs_list[i].ln, 0)); + /* Convert object back to text to confirm oid is correct */ + wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); + ExpectIntEQ(XSTRNCMP(buf, objs_list[i].oidStr, (int)XSTRLEN(buf)), 0); + ASN1_OBJECT_free(obj); + obj = NULL; + XMEMSET(buf, 0, sizeof(buf)); + } + + for (i = 0; objs_named[i].numeric != NULL; i++) { + ExpectNotNull(obj = OBJ_txt2obj(objs_named[i].numeric, 1)); + wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 0); + ExpectIntEQ(XSTRNCMP(buf, objs_named[i].name, (int)XSTRLEN(buf)), 0); + wolfSSL_OBJ_obj2txt(buf, (int)sizeof(buf), obj, 1); + ExpectIntEQ(XSTRNCMP(buf, objs_named[i].numeric, (int)XSTRLEN(buf)), 0); + ASN1_OBJECT_free(obj); + obj = NULL; + } +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_write_bio_X509(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(OPENSSL_ALL) && \ + defined(WOLFSSL_AKID_NAME) && defined(WOLFSSL_CERT_EXT) && \ + defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) + /* This test contains the hard coded expected + * lengths. Update if necessary */ + XFILE fp = XBADFILE; + WOLFSSL_EVP_PKEY *priv = NULL; + + BIO* input = NULL; + BIO* output = NULL; + X509* x509a = NULL; + X509* x509b = NULL; + X509* empty = NULL; + + ASN1_TIME* notBeforeA = NULL; + ASN1_TIME* notAfterA = NULL; +#ifndef NO_ASN_TIME + ASN1_TIME* notBeforeB = NULL; + ASN1_TIME* notAfterB = NULL; +#endif + int expectedLen; + + ExpectTrue((fp = XFOPEN("certs/server-key.pem", "rb")) != XBADFILE); + ExpectNotNull(priv = wolfSSL_PEM_read_PrivateKey(fp, NULL, NULL, NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectNotNull(input = BIO_new_file("certs/test/cert-ext-multiple.pem", + "rb")); + ExpectIntEQ(wolfSSL_BIO_get_len(input), 2000); + + /* read PEM into X509 struct, get notBefore / notAfter to verify against */ + ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); + ExpectNotNull(notBeforeA = X509_get_notBefore(x509a)); + ExpectNotNull(notAfterA = X509_get_notAfter(x509a)); + + /* write X509 back to PEM BIO; no need to sign as nothing changed. */ + ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); + ExpectNotNull(empty = wolfSSL_X509_new()); + ExpectIntEQ(PEM_write_bio_X509(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509(output, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509(NULL, x509a), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509(output, empty), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); + /* compare length against expected */ + expectedLen = 2000; + ExpectIntEQ(wolfSSL_BIO_get_len(output), expectedLen); + wolfSSL_X509_free(empty); + +#ifndef NO_ASN_TIME + /* read exported X509 PEM back into struct, sanity check on export, + * make sure notBefore/notAfter are the same and certs are identical. */ + ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); + ExpectNotNull(notBeforeB = X509_get_notBefore(x509b)); + ExpectNotNull(notAfterB = X509_get_notAfter(x509b)); + ExpectIntEQ(ASN1_TIME_compare(notBeforeA, notBeforeB), 0); + ExpectIntEQ(ASN1_TIME_compare(notAfterA, notAfterB), 0); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); + X509_free(x509b); + x509b = NULL; +#endif + + /* Reset output buffer */ + BIO_free(output); + output = NULL; + ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); + + /* Test forcing the AKID to be generated just from KeyIdentifier */ + if (EXPECT_SUCCESS() && x509a->authKeyIdSrc != NULL) { + XMEMMOVE(x509a->authKeyIdSrc, x509a->authKeyId, x509a->authKeyIdSz); + x509a->authKeyId = x509a->authKeyIdSrc; + x509a->authKeyIdSrc = NULL; + x509a->authKeyIdSrcSz = 0; + } + + /* Resign to re-generate the der */ + ExpectIntGT(wolfSSL_X509_sign(x509a, priv, EVP_sha256()), 0); + + ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); + + /* Check that we generate a smaller output since the AKID will + * only contain the KeyIdentifier without any additional + * information */ + + /* Here we copy the validity struct from the original */ + expectedLen = 1688; + ExpectIntEQ(wolfSSL_BIO_get_len(output), expectedLen); + + /* Reset buffers and x509 */ + BIO_free(input); + input = NULL; + BIO_free(output); + output = NULL; + X509_free(x509a); + x509a = NULL; + + /* test CA and basicConstSet values are encoded when + * the cert is a CA */ + ExpectNotNull(input = BIO_new_file("certs/server-cert.pem", "rb")); + + /* read PEM into X509 struct */ + ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); + + /* write X509 back to PEM BIO; no need to sign as nothing changed */ + ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); + + /* read exported X509 PEM back into struct, ensure isCa and basicConstSet + * values are maintained and certs are identical.*/ + ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); + ExpectIntEQ(x509b->isCa, 1); + ExpectIntEQ(x509b->basicConstSet, 1); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); + + X509_free(x509a); + x509a = NULL; + X509_free(x509b); + x509b = NULL; + BIO_free(input); + input = NULL; + BIO_free(output); + output = NULL; + + /* test CA and basicConstSet values are encoded when + * the cert is not CA */ + ExpectNotNull(input = BIO_new_file("certs/client-uri-cert.pem", "rb")); + + /* read PEM into X509 struct */ + ExpectNotNull(PEM_read_bio_X509(input, &x509a, NULL, NULL)); + + /* write X509 back to PEM BIO; no need to sign as nothing changed */ + ExpectNotNull(output = BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_X509(output, x509a), WOLFSSL_SUCCESS); + + /* read exported X509 PEM back into struct, ensure isCa and + * basicConstSet values are maintained and certs are identical */ + ExpectNotNull(PEM_read_bio_X509(output, &x509b, NULL, NULL)); + ExpectIntEQ(x509b->isCa, 0); + ExpectIntEQ(x509b->basicConstSet, 1); + ExpectIntEQ(0, wolfSSL_X509_cmp(x509a, x509b)); + + wolfSSL_EVP_PKEY_free(priv); + X509_free(x509a); + X509_free(x509b); + BIO_free(input); + BIO_free(output); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_NAME_ENTRY(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && defined(WOLFSSL_CERT_GEN) + X509* x509 = NULL; +#ifndef NO_BIO + X509* empty = NULL; + BIO* bio = NULL; +#endif + X509_NAME* nm = NULL; + X509_NAME_ENTRY* entry = NULL; + WOLF_STACK_OF(WOLFSSL_X509_NAME_ENTRY)* entries = NULL; + unsigned char cn[] = "another name to add"; +#ifdef OPENSSL_ALL + int i; + int names_len = 0; +#endif + + ExpectNotNull(x509 = + wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); +#ifndef NO_BIO + ExpectNotNull(empty = wolfSSL_X509_new()); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_X509_AUX(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_AUX(bio, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_AUX(NULL, x509), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_AUX(bio, empty), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_AUX(bio, x509), SSL_SUCCESS); + wolfSSL_X509_free(empty); +#endif + +#ifdef WOLFSSL_CERT_REQ + { + X509_REQ* req = NULL; +#ifndef NO_BIO + X509_REQ* emptyReq = NULL; + BIO* bReq = NULL; +#endif + + ExpectNotNull(req = + wolfSSL_X509_load_certificate_file(cliCertFile, SSL_FILETYPE_PEM)); +#ifndef NO_BIO + ExpectNotNull(emptyReq = wolfSSL_X509_REQ_new()); + ExpectNotNull(bReq = BIO_new(BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_X509_REQ(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_REQ(NULL, req), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, emptyReq), WOLFSSL_FAILURE); + ExpectIntEQ(PEM_write_bio_X509_REQ(bReq, req), SSL_SUCCESS); + + BIO_free(bReq); + X509_REQ_free(emptyReq); +#endif + X509_free(req); + } +#endif + + ExpectNotNull(nm = X509_get_subject_name(x509)); + + /* Test add entry */ + ExpectNotNull(entry = X509_NAME_ENTRY_create_by_NID(NULL, NID_commonName, + 0x0c, cn, (int)sizeof(cn))); + ExpectIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS); + + /* @TODO the internal name entry set value needs investigated for matching + * behavior with OpenSSL. At the moment the getter function for the set + * value is being tested only in that it succeeds in getting the internal + * value. */ + ExpectIntGT(X509_NAME_ENTRY_set(X509_NAME_get_entry(nm, 1)), 0); + +#ifdef WOLFSSL_CERT_EXT + ExpectIntEQ(X509_NAME_add_entry_by_txt(NULL, NULL, MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, NULL, MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_add_entry_by_txt(NULL, "emailAddress", MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_FAILURE); + ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "emailAddress", MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(nm, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, 0, 1), WOLFSSL_SUCCESS); + ExpectNull(wolfSSL_X509_NAME_delete_entry(NULL, -1)); + ExpectNull(wolfSSL_X509_NAME_delete_entry(nm, -1)); + ExpectNotNull(wolfSSL_X509_NAME_delete_entry(nm, 0)); +#endif + X509_NAME_ENTRY_free(entry); + entry = NULL; + +#ifdef WOLFSSL_CERT_REQ + { + unsigned char srv_pkcs9p[] = "Server"; + unsigned char rfc822Mlbx[] = "support@wolfssl.com"; + unsigned char fvrtDrnk[] = "tequila"; + unsigned char* der = NULL; + char* subject = NULL; + + ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_pkcs9_contentType, + MBSTRING_ASC, srv_pkcs9p, -1, -1, 0), SSL_SUCCESS); + + ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_rfc822Mailbox, + MBSTRING_ASC, rfc822Mlbx, -1, -1, 0), SSL_SUCCESS); + + ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_favouriteDrink, + MBSTRING_ASC, fvrtDrnk, -1, -1, 0), SSL_SUCCESS); + + ExpectIntEQ(wolfSSL_i2d_X509_NAME(NULL, &der), BAD_FUNC_ARG); + ExpectIntGT(wolfSSL_i2d_X509_NAME(nm, &der), 0); + ExpectNotNull(der); + + ExpectNotNull(subject = X509_NAME_oneline(nm, NULL, 0)); + ExpectNotNull(XSTRSTR(subject, "rfc822Mailbox=support@wolfssl.com")); + ExpectNotNull(XSTRSTR(subject, "favouriteDrink=tequila")); + ExpectNotNull(XSTRSTR(subject, "contentType=Server")); + #ifdef DEBUG_WOLFSSL + if (subject != NULL) { + fprintf(stderr, "\n\t%s\n", subject); + } + #endif + XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); + XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + } +#endif + + ExpectNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, NULL, 0x0c, cn, + (int)sizeof(cn))); + /* Test add entry by text */ + ExpectNotNull(entry = X509_NAME_ENTRY_create_by_txt(NULL, "commonName", + 0x0c, cn, (int)sizeof(cn))); + ExpectPtrEq(X509_NAME_ENTRY_create_by_txt(&entry, "commonName", + 0x0c, cn, (int)sizeof(cn)), entry); + #if defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO) \ + || defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_NGINX) + ExpectNull(X509_NAME_ENTRY_create_by_txt(&entry, "unknown", + V_ASN1_UTF8STRING, cn, (int)sizeof(cn))); + #endif + ExpectIntEQ(X509_NAME_add_entry(nm, entry, -1, 0), SSL_SUCCESS); + X509_NAME_ENTRY_free(entry); + entry = NULL; + + /* Test add entry by NID */ + ExpectIntEQ(X509_NAME_add_entry_by_NID(nm, NID_commonName, MBSTRING_UTF8, + cn, -1, -1, 0), SSL_SUCCESS); + +#ifdef OPENSSL_ALL + /* stack of name entry */ + ExpectIntGT((names_len = sk_X509_NAME_ENTRY_num(nm->entries)), 0); + for (i = 0; i < names_len; i++) { + ExpectNotNull(entry = sk_X509_NAME_ENTRY_value(nm->entries, i)); + } +#endif + + ExpectNotNull(entries = wolfSSL_sk_X509_NAME_ENTRY_new(NULL)); + ExpectIntEQ(sk_X509_NAME_ENTRY_num(NULL), BAD_FUNC_ARG); + ExpectIntEQ(sk_X509_NAME_ENTRY_num(entries), 0); + ExpectNull(sk_X509_NAME_ENTRY_value(NULL, 0)); + ExpectNull(sk_X509_NAME_ENTRY_value(entries, 0)); + wolfSSL_sk_X509_NAME_ENTRY_free(entries); + +#ifndef NO_BIO + BIO_free(bio); +#endif + X509_free(x509); /* free's nm */ +#endif + return EXPECT_RESULT(); +} + +/* Note the lack of wolfSSL_ prefix...this is a compatibility layer test. */ +static int test_GENERAL_NAME_set0_othername(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \ + defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \ + defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \ + defined(WOLFSSL_FPKI) && !defined(NO_RSA) + /* ./configure --enable-opensslall --enable-certgen --enable-certreq + * --enable-certext --enable-debug 'CPPFLAGS=-DWOLFSSL_CUSTOM_OID + * -DWOLFSSL_ALT_NAMES -DWOLFSSL_FPKI' */ + const char * cert_fname = "./certs/server-cert.der"; + const char * key_fname = "./certs/server-key.der"; + X509* x509 = NULL; + GENERAL_NAME* gn = NULL; + GENERAL_NAMES* gns = NULL; + ASN1_OBJECT* upn_oid = NULL; + ASN1_UTF8STRING *utf8str = NULL; + ASN1_TYPE *value = NULL; + X509_EXTENSION * ext = NULL; + + byte* pt = NULL; + byte der[4096]; + int derSz = 0; + EVP_PKEY* priv = NULL; + XFILE f = XBADFILE; + + ExpectTrue((f = XFOPEN(cert_fname, "rb")) != XBADFILE); + ExpectNotNull(x509 = d2i_X509_fp(f, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + ExpectNotNull(gn = GENERAL_NAME_new()); + ExpectNotNull(upn_oid = OBJ_txt2obj("1.3.6.1.4.1.311.20.2.3", 1)); + ExpectNotNull(utf8str = ASN1_UTF8STRING_new()); + ExpectIntEQ(ASN1_STRING_set(utf8str, "othername@wolfssl.com", -1), 1); + ExpectNotNull(value = ASN1_TYPE_new()); + ASN1_TYPE_set(value, V_ASN1_UTF8STRING, utf8str); + if ((value == NULL) || (value->value.ptr != (char*)utf8str)) { + wolfSSL_ASN1_STRING_free(utf8str); + } + ExpectIntEQ(GENERAL_NAME_set0_othername(NULL, NULL , NULL ), + WOLFSSL_FAILURE); + ExpectIntEQ(GENERAL_NAME_set0_othername(gn , NULL , NULL ), + WOLFSSL_FAILURE); + ExpectIntEQ(GENERAL_NAME_set0_othername(NULL, upn_oid, NULL ), + WOLFSSL_FAILURE); + ExpectIntEQ(GENERAL_NAME_set0_othername(NULL, NULL , value), + WOLFSSL_FAILURE); + ExpectIntEQ(GENERAL_NAME_set0_othername(gn , upn_oid, NULL ), + WOLFSSL_FAILURE); + ExpectIntEQ(GENERAL_NAME_set0_othername(gn , NULL , value), + WOLFSSL_FAILURE); + ExpectIntEQ(GENERAL_NAME_set0_othername(NULL, upn_oid, value ), + WOLFSSL_FAILURE); + ExpectIntEQ(GENERAL_NAME_set0_othername(gn, upn_oid, value), 1); + if (EXPECT_FAIL()) { + ASN1_TYPE_free(value); + } + ExpectNotNull(gns = sk_GENERAL_NAME_new(NULL)); + ExpectIntEQ(sk_GENERAL_NAME_push(gns, gn), 1); + if (EXPECT_FAIL()) { + GENERAL_NAME_free(gn); + gn = NULL; + } + ExpectNotNull(ext = X509V3_EXT_i2d(NID_subject_alt_name, 0, gns)); + ExpectIntEQ(X509_add_ext(x509, ext, -1), 1); + ExpectTrue((f = XFOPEN(key_fname, "rb")) != XBADFILE); + ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + pt = der; + ExpectNotNull(priv = d2i_PrivateKey(EVP_PKEY_RSA, NULL, + (const unsigned char**)&pt, derSz)); + ExpectIntGT(X509_sign(x509, priv, EVP_sha256()), 0); + sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free); + gns = NULL; + ExpectNotNull(gns = (GENERAL_NAMES*)X509_get_ext_d2i(x509, + NID_subject_alt_name, NULL, NULL)); + + ExpectIntEQ(sk_GENERAL_NAME_num(NULL), 0); + ExpectIntEQ(sk_GENERAL_NAME_num(gns), 3); + + ExpectNull(sk_GENERAL_NAME_value(NULL, 0)); + ExpectNull(sk_GENERAL_NAME_value(gns, 20)); + ExpectNotNull(gn = sk_GENERAL_NAME_value(gns, 2)); + ExpectIntEQ(gn->type, 0); + + sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free); + + ASN1_OBJECT_free(upn_oid); + X509_EXTENSION_free(ext); + X509_free(x509); + EVP_PKEY_free(priv); +#endif + return EXPECT_RESULT(); +} + +/* Note the lack of wolfSSL_ prefix...this is a compatibility layer test. */ +static int test_othername_and_SID_ext(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \ + defined(WOLFSSL_CUSTOM_OID) && defined(WOLFSSL_ALT_NAMES) && \ + defined(WOLFSSL_CERT_EXT) && !defined(NO_FILESYSTEM) && \ + defined(WOLFSSL_FPKI) && defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_RSA) + /* ./configure --enable-opensslall --enable-certgen --enable-certreq + * --enable-certext --enable-debug 'CPPFLAGS=-DWOLFSSL_CUSTOM_OID + * -DWOLFSSL_ALT_NAMES -DWOLFSSL_FPKI' */ + const char* csr_fname = "./certs/csr.signed.der"; + const char* key_fname = "./certs/server-key.der"; + + byte der[4096]; + int derSz = 0; + byte badDer[2] = { 0x30, 0x00 }; + X509_REQ* x509 = NULL; + STACK_OF(X509_EXTENSION) *exts = NULL; + + X509_EXTENSION * san_ext = NULL; + X509_EXTENSION * ext = NULL; + GENERAL_NAME* gn = NULL; + GENERAL_NAMES* gns = NULL; + ASN1_OBJECT* upn_oid = NULL; + ASN1_UTF8STRING *utf8str = NULL; + ASN1_TYPE *value = NULL; + ASN1_STRING *extval = NULL; + + /* SID extension. SID data format explained here: + * https://blog.qdsecurity.se/2022/05/27/manually-injecting-a-sid-in-a-certificate/ + */ + byte SidExtension[] = { + 48, 64, 160, 62, 6, 10, 43, 6, 1, 4, 1, 130, 55, 25, 2, 1, 160, + 48, 4, 46, 83, 45, 49, 45, 53, 45, 50, 49, 45, 50, 56, 52, 51, 57, + 48, 55, 52, 49, 56, 45, 51, 57, 50, 54, 50, 55, 55, 52, 50, 49, 45, + 51, 56, 49, 53, 57, 57, 51, 57, 55, 50, 45, 52, 54, 48, 49}; + + byte expectedAltName[] = { + 0x30, 0x27, 0xA0, 0x25, 0x06, 0x0A, 0x2B, 0x06, 0x01, 0x04, 0x01, 0x82, + 0x37, 0x14, 0x02, 0x03, 0xA0, 0x17, 0x0C, 0x15, 0x6F, 0x74, 0x68, 0x65, + 0x72, 0x6E, 0x61, 0x6D, 0x65, 0x40, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, + 0x6C, 0x2E, 0x63, 0x6F, 0x6D}; + + X509_EXTENSION *sid_ext = NULL; + ASN1_OBJECT* sid_oid = NULL; + ASN1_OCTET_STRING *sid_data = NULL; + + ASN1_OBJECT* alt_names_oid = NULL; + + EVP_PKEY* priv = NULL; + XFILE f = XBADFILE; + byte* pt = NULL; + BIO* bio = NULL; + + ExpectTrue((f = XFOPEN(csr_fname, "rb")) != XBADFILE); + ExpectNotNull(x509 = d2i_X509_REQ_fp(f, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + ExpectIntEQ(X509_REQ_set_version(x509, 2), 1); + ExpectNotNull(gn = GENERAL_NAME_new()); + ExpectNotNull(upn_oid = OBJ_txt2obj("1.3.6.1.4.1.311.20.2.3", 1)); + ExpectNotNull(utf8str = ASN1_UTF8STRING_new()); + ExpectIntEQ(ASN1_STRING_set(utf8str, "othername@wolfssl.com", -1), 1); + ExpectNotNull(value = ASN1_TYPE_new()); + ASN1_TYPE_set(value, V_ASN1_UTF8STRING, utf8str); + if (EXPECT_FAIL()) { + ASN1_UTF8STRING_free(utf8str); + } + ExpectIntEQ(GENERAL_NAME_set0_othername(gn, upn_oid, value), 1); + if (EXPECT_FAIL()) { + ASN1_TYPE_free(value); + GENERAL_NAME_free(gn); + gn = NULL; + } + ExpectNotNull(gns = sk_GENERAL_NAME_new(NULL)); + ExpectIntEQ(sk_GENERAL_NAME_push(gns, gn), 1); + if (EXPECT_FAIL()) { + GENERAL_NAME_free(gn); + } + ExpectNotNull(san_ext = X509V3_EXT_i2d(NID_subject_alt_name, 0, gns)); + ExpectNotNull(sid_oid = OBJ_txt2obj("1.3.6.1.4.1.311.25.2", 1)); + ExpectNotNull(sid_data = ASN1_OCTET_STRING_new()); + ASN1_OCTET_STRING_set(sid_data, SidExtension, sizeof(SidExtension)); + ExpectNotNull(sid_ext = X509_EXTENSION_create_by_OBJ(NULL, sid_oid, 0, + sid_data)); + ExpectNotNull(exts = sk_X509_EXTENSION_new_null()); + wolfSSL_sk_X509_EXTENSION_free(exts); + exts = NULL; + ExpectNotNull(exts = sk_X509_EXTENSION_new_null()); + /* Ensure an empty stack doesn't raise an error. */ + ExpectIntEQ(X509_REQ_add_extensions(NULL, NULL), 0); + ExpectIntEQ(X509_REQ_add_extensions(x509, NULL), 0); + ExpectIntEQ(X509_REQ_add_extensions(NULL, exts), 0); + ExpectIntEQ(X509_REQ_add_extensions(x509, exts), 1); + ExpectIntEQ(sk_X509_EXTENSION_push(exts, san_ext), 1); + if (EXPECT_FAIL()) { + X509_EXTENSION_free(san_ext); + } + ExpectIntEQ(sk_X509_EXTENSION_push(exts, sid_ext), 2); + if (EXPECT_FAIL()) { + X509_EXTENSION_free(sid_ext); + } + ExpectIntEQ(X509_REQ_add_extensions(x509, exts), 1); + ExpectTrue((f = XFOPEN(key_fname, "rb")) != XBADFILE); + ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + pt = der; + ExpectNotNull(priv = d2i_PrivateKey(EVP_PKEY_RSA, NULL, + (const unsigned char**)&pt, derSz)); + ExpectIntGT(X509_REQ_sign(x509, priv, EVP_sha256()), 0); + pt = der; + ExpectIntGT(derSz = i2d_X509_REQ(x509, &pt), 0); + X509_REQ_free(x509); + x509 = NULL; + ExpectNull(d2i_X509_REQ_INFO(&x509, NULL, derSz)); + pt = badDer; + ExpectNull(d2i_X509_REQ_INFO(&x509, (const unsigned char**)&pt, + sizeof(badDer))); + pt = der; + ExpectNotNull(d2i_X509_REQ_INFO(&x509, (const unsigned char**)&pt, derSz)); + sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free); + gns = NULL; + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); + exts = NULL; + ASN1_OBJECT_free(upn_oid); + ASN1_OBJECT_free(sid_oid); + sid_oid = NULL; + ASN1_OCTET_STRING_free(sid_data); + X509_REQ_free(x509); + EVP_PKEY_free(priv); + + /* At this point everything used to generate what is in der is cleaned up. + * We now read back from der to confirm the extensions were inserted + * correctly. */ + bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem()); + ExpectNotNull(bio); + + ExpectIntEQ(BIO_write(bio, der, derSz), derSz); /* d2i consumes BIO */ + ExpectNotNull(d2i_X509_REQ_bio(bio, &x509)); + ExpectNotNull(x509); + BIO_free(bio); + ExpectNotNull(exts = (STACK_OF(X509_EXTENSION)*)X509_REQ_get_extensions( + x509)); + ExpectIntEQ(sk_X509_EXTENSION_num(NULL), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(sk_X509_EXTENSION_num(exts), 2); + + /* Check the SID extension. */ + ExpectNotNull(sid_oid = OBJ_txt2obj("1.3.6.1.4.1.311.25.2", 1)); + ExpectNotNull(ext = sk_X509_EXTENSION_value(exts, + X509_get_ext_by_OBJ(x509, sid_oid, -1))); + ExpectNotNull(extval = X509_EXTENSION_get_data(ext)); + ExpectIntEQ(extval->length, sizeof(SidExtension)); + ExpectIntEQ(XMEMCMP(SidExtension, extval->data, sizeof(SidExtension)), 0); + ASN1_OBJECT_free(sid_oid); + + /* Check the AltNames extension. */ + ExpectNotNull(alt_names_oid = OBJ_txt2obj("subjectAltName", 0)); + ExpectNotNull(ext = sk_X509_EXTENSION_value(exts, + X509_get_ext_by_OBJ(x509, alt_names_oid, -1))); + ExpectNotNull(extval = X509_EXTENSION_get_data(ext)); + ExpectIntEQ(extval->length, sizeof(expectedAltName)); + ExpectIntEQ(XMEMCMP(expectedAltName, extval->data, sizeof(expectedAltName)), + 0); + ASN1_OBJECT_free(alt_names_oid); + + /* Cleanup */ + ExpectNotNull(gns = (GENERAL_NAMES*)X509_get_ext_d2i(x509, + NID_subject_alt_name, NULL, NULL)); + ExpectIntEQ(sk_GENERAL_NAME_num(gns), 1); + ExpectNotNull(gn = sk_GENERAL_NAME_value(gns, 0)); + ExpectIntEQ(gn->type, 0); + + sk_GENERAL_NAME_pop_free(gns, GENERAL_NAME_free); + + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); + X509_REQ_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_set_name(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) + X509* x509 = NULL; + X509_NAME* name = NULL; + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, 0, 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, + 1), WOLFSSL_SUCCESS); + ExpectNotNull(x509 = X509_new()); + + ExpectIntEQ(X509_set_subject_name(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_subject_name(x509, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_subject_name(NULL, name), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_subject_name(x509, name), WOLFSSL_SUCCESS); + + ExpectIntEQ(X509_set_issuer_name(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_issuer_name(x509, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_issuer_name(NULL, name), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_set_issuer_name(x509, name), WOLFSSL_SUCCESS); + + X509_free(x509); + X509_NAME_free(name); +#endif /* OPENSSL_ALL && !NO_CERTS */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_set_notAfter(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \ + && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ + !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) &&\ + !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) && !defined(NO_BIO) + /* Generalized time will overflow time_t if not long */ + X509* x = NULL; + BIO* bio = NULL; + ASN1_TIME *asn_time = NULL; + ASN1_TIME *time_check = NULL; + const int year = 365*24*60*60; + const int day = 24*60*60; + const int hour = 60*60; + const int mini = 60; + int offset_day; + unsigned char buf[25]; + time_t t; + + /* + * Setup asn_time. APACHE HTTPD uses time(NULL) + */ + t = (time_t)107 * year + 31 * day + 34 * hour + 30 * mini + 7 * day; + offset_day = 7; + /* + * Free these. + */ + asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0); + ExpectNotNull(asn_time); + ExpectNotNull(x = X509_new()); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + /* + * Tests + */ + ExpectTrue(wolfSSL_X509_set_notAfter(x, asn_time)); + /* time_check is simply (ANS1_TIME*)x->notAfter */ + ExpectNotNull(time_check = X509_get_notAfter(x)); + /* ANS1_TIME_check validates by checking if argument can be parsed */ + ExpectIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS); + /* Convert to human readable format and compare to intended date */ + ExpectIntEQ(ASN1_TIME_print(bio, time_check), 1); + ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); + ExpectIntEQ(XMEMCMP(buf, "Jan 20 10:30:00 2077 GMT", sizeof(buf) - 1), 0); + + ExpectFalse(wolfSSL_X509_set_notAfter(NULL, NULL)); + ExpectFalse(wolfSSL_X509_set_notAfter(x, NULL)); + ExpectFalse(wolfSSL_X509_set_notAfter(NULL, asn_time)); + + /* + * Cleanup + */ + XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); + X509_free(x); + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_set_notBefore(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) \ + && !defined(NO_ASN_TIME) && !defined(USER_TIME) && \ + !defined(TIME_OVERRIDES) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO) + X509* x = NULL; + BIO* bio = NULL; + ASN1_TIME *asn_time = NULL; + ASN1_TIME *time_check = NULL; + const int year = 365*24*60*60; + const int day = 24*60*60; + const int hour = 60*60; + const int mini = 60; + int offset_day; + unsigned char buf[25]; + time_t t; + + /* + * Setup asn_time. APACHE HTTPD uses time(NULL) + */ + t = (time_t)49 * year + 125 * day + 20 * hour + 30 * mini + 7 * day; + offset_day = 7; + + /* + * Free these. + */ + asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, 0); + ExpectNotNull(asn_time); + ExpectNotNull(x = X509_new()); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(ASN1_TIME_check(asn_time), WOLFSSL_SUCCESS); + + /* + * Main Tests + */ + ExpectTrue(wolfSSL_X509_set_notBefore(x, asn_time)); + /* time_check == (ANS1_TIME*)x->notBefore */ + ExpectNotNull(time_check = X509_get_notBefore(x)); + /* ANS1_TIME_check validates by checking if argument can be parsed */ + ExpectIntEQ(ASN1_TIME_check(time_check), WOLFSSL_SUCCESS); + /* Convert to human readable format and compare to intended date */ + ExpectIntEQ(ASN1_TIME_print(bio, time_check), 1); + ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); + ExpectIntEQ(XMEMCMP(buf, "May 8 20:30:00 2019 GMT", sizeof(buf) - 1), 0); + + ExpectFalse(wolfSSL_X509_set_notBefore(NULL, NULL)); + ExpectFalse(wolfSSL_X509_set_notBefore(x, NULL)); + ExpectFalse(wolfSSL_X509_set_notBefore(NULL, asn_time)); + + ExpectNull(X509_get_notBefore(NULL)); + ExpectNull(X509_get_notAfter(NULL)); + + /* + * Cleanup + */ + XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); + X509_free(x); + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_set_version(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD)) && \ + !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) + X509* x509 = NULL; + long v = 2L; + long maxInt = INT_MAX; + + ExpectNotNull(x509 = X509_new()); + /* These should pass. */ + ExpectTrue(wolfSSL_X509_set_version(x509, v)); + ExpectIntEQ(0, wolfSSL_X509_get_version(NULL)); + ExpectIntEQ(v, wolfSSL_X509_get_version(x509)); + /* Fail Case: When v(long) is greater than x509->version(int). */ + v = maxInt+1; + ExpectFalse(wolfSSL_X509_set_version(x509, v)); + + ExpectIntEQ(wolfSSL_X509_set_version(NULL, -1), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_set_version(NULL, 1), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_set_version(x509, -1), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_set_version(NULL, maxInt+1), WOLFSSL_FAILURE); + + /* Cleanup */ + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) + +/* test that the callback arg is correct */ +static int certCbArg = 0; + +static int certCb(WOLFSSL* ssl, void* arg) +{ + if (ssl == NULL || arg != &certCbArg) + return 0; + if (wolfSSL_is_server(ssl)) { + if (wolfSSL_use_certificate_file(ssl, svrCertFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) + return 0; + if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) + return 0; + } + else { + if (wolfSSL_use_certificate_file(ssl, cliCertFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) + return 0; + if (wolfSSL_use_PrivateKey_file(ssl, cliKeyFile, + WOLFSSL_FILETYPE_PEM) != WOLFSSL_SUCCESS) + return 0; + } + return 1; +} + +static int certSetupCb(WOLFSSL_CTX* ctx) +{ + SSL_CTX_set_cert_cb(ctx, certCb, &certCbArg); + return TEST_SUCCESS; +} + +/** + * This is only done because test_wolfSSL_client_server_nofail_memio has no way + * to stop certificate and key loading + */ +static int certClearCb(WOLFSSL* ssl) +{ + /* Clear the loaded certs to force the callbacks to set them up */ + SSL_certs_clear(ssl); + return TEST_SUCCESS; +} + +#endif + +static int test_wolfSSL_cert_cb(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) + test_ssl_cbf func_cb_client; + test_ssl_cbf func_cb_server; + size_t i; + struct { + method_provider client_meth; + method_provider server_meth; + const char* desc; + } test_params[] = { +#ifdef WOLFSSL_TLS13 + {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLS 1.3"}, +#endif +#ifndef WOLFSSL_NO_TLS12 + {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLS 1.2"}, +#endif +#ifndef NO_OLD_TLS + {wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLS 1.1"}, +#ifdef WOLFSSL_ALLOW_TLSV10 + {wolfTLSv1_client_method, wolfTLSv1_server_method, "TLS 1.0"}, +#endif +#endif + }; + + for (i = 0; i < XELEM_CNT(test_params) && !EXPECT_FAIL(); i++) { + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + printf("\tTesting with %s...\n", test_params[i].desc); + + func_cb_client.method = test_params[i].client_meth; + func_cb_server.method = test_params[i].server_meth; + func_cb_client.ctx_ready = certSetupCb; + func_cb_client.ssl_ready = certClearCb; + func_cb_server.ctx_ready = certSetupCb; + func_cb_server.ssl_ready = certClearCb; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); + } +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) + +static const char* test_wolfSSL_cert_cb_dyn_ciphers_client_cipher = NULL; +static const char* test_wolfSSL_cert_cb_dyn_ciphers_client_sigalgs = NULL; +static int test_wolfSSL_cert_cb_dyn_ciphers_client_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx, + test_wolfSSL_cert_cb_dyn_ciphers_client_cipher), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_set1_sigalgs_list(ctx, + test_wolfSSL_cert_cb_dyn_ciphers_client_sigalgs), WOLFSSL_SUCCESS); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_cert_cb_dyn_ciphers_certCB(WOLFSSL* ssl, void* arg) +{ + const byte* suites = NULL; + word16 suiteSz = 0; + const byte* hashSigAlgo = NULL; + word16 hashSigAlgoSz = 0; + word16 idx = 0; + int haveRSA = 0; + int haveECC = 0; + + (void)arg; + + if (wolfSSL_get_client_suites_sigalgs(ssl, &suites, &suiteSz, &hashSigAlgo, + &hashSigAlgoSz) != WOLFSSL_SUCCESS) + return 0; + if (suites == NULL || suiteSz == 0 || hashSigAlgo == NULL || + hashSigAlgoSz == 0) + return 0; + + for (idx = 0; idx < suiteSz; idx += 2) { + WOLFSSL_CIPHERSUITE_INFO info = + wolfSSL_get_ciphersuite_info(suites[idx], suites[idx+1]); + + if (info.rsaAuth) + haveRSA = 1; + else if (info.eccAuth) + haveECC = 1; + } + + if (hashSigAlgoSz > 0) { + /* sigalgs extension takes precedence over ciphersuites */ + haveRSA = 0; + haveECC = 0; + } + for (idx = 0; idx < hashSigAlgoSz; idx += 2) { + int hashAlgo = 0; + int sigAlgo = 0; + + if (wolfSSL_get_sigalg_info(hashSigAlgo[idx+0], hashSigAlgo[idx+1], + &hashAlgo, &sigAlgo) != 0) + return 0; + + if (sigAlgo == RSAk || sigAlgo == RSAPSSk) + haveRSA = 1; + else if (sigAlgo == ECDSAk) + haveECC = 1; + } + + if (haveRSA) { + if (wolfSSL_use_certificate_file(ssl, svrCertFile, WOLFSSL_FILETYPE_PEM) + != WOLFSSL_SUCCESS) + return 0; + if (wolfSSL_use_PrivateKey_file(ssl, svrKeyFile, WOLFSSL_FILETYPE_PEM) + != WOLFSSL_SUCCESS) + return 0; + } + else if (haveECC) { + if (wolfSSL_use_certificate_file(ssl, eccCertFile, WOLFSSL_FILETYPE_PEM) + != WOLFSSL_SUCCESS) + return 0; + if (wolfSSL_use_PrivateKey_file(ssl, eccKeyFile, WOLFSSL_FILETYPE_PEM) + != WOLFSSL_SUCCESS) + return 0; + } + + return 1; +} + +static int test_wolfSSL_cert_cb_dyn_ciphers_server_ctx_ready(WOLFSSL_CTX* ctx) +{ + SSL_CTX_set_cert_cb(ctx, test_wolfSSL_cert_cb_dyn_ciphers_certCB, NULL); + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); + return TEST_SUCCESS; +} + +#endif + +/* Testing dynamic ciphers offered by client */ +static int test_wolfSSL_cert_cb_dyn_ciphers(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) + test_ssl_cbf func_cb_client; + test_ssl_cbf func_cb_server; + struct { + method_provider client_meth; + const char* client_ciphers; + const char* client_sigalgs; + const char* client_ca; + method_provider server_meth; + } test_params[] = { +#if !defined(NO_SHA256) && defined(HAVE_AESGCM) +#ifdef WOLFSSL_TLS13 +#if !defined(NO_RSA) && defined(WC_RSA_PSS) + {wolfTLSv1_3_client_method, + "TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256", + "RSA-PSS+SHA256", caCertFile, wolfTLSv1_3_server_method}, +#endif +#ifdef HAVE_ECC + {wolfTLSv1_3_client_method, + "TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256", + "ECDSA+SHA256", caEccCertFile, wolfTLSv1_3_server_method}, +#endif +#endif +#ifndef WOLFSSL_NO_TLS12 +#if !defined(NO_RSA) && defined(WC_RSA_PSS) && !defined(NO_DH) + {wolfTLSv1_2_client_method, + "DHE-RSA-AES128-GCM-SHA256", + "RSA-PSS+SHA256", caCertFile, wolfTLSv1_2_server_method}, +#endif +#ifdef HAVE_ECC + {wolfTLSv1_2_client_method, + "ECDHE-ECDSA-AES128-GCM-SHA256", + "ECDSA+SHA256", caEccCertFile, wolfTLSv1_2_server_method}, +#endif +#endif +#endif + }; + size_t i; + size_t testCount = sizeof(test_params)/sizeof(*test_params); + + if (testCount > 0) { + for (i = 0; i < testCount; i++) { + printf("\tTesting %s ciphers with %s sigalgs\n", + test_params[i].client_ciphers, + test_params[i].client_sigalgs); + + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + test_wolfSSL_cert_cb_dyn_ciphers_client_cipher = + test_params[i].client_ciphers; + test_wolfSSL_cert_cb_dyn_ciphers_client_sigalgs = + test_params[i].client_sigalgs; + func_cb_client.method = test_params[i].client_meth; + func_cb_client.caPemFile = test_params[i].client_ca; + func_cb_client.ctx_ready = + test_wolfSSL_cert_cb_dyn_ciphers_client_ctx_ready; + + func_cb_server.ctx_ready = + test_wolfSSL_cert_cb_dyn_ciphers_server_ctx_ready; + func_cb_server.ssl_ready = certClearCb; /* Reuse from prev test */ + func_cb_server.method = test_params[i].server_meth; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); + } + } +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_ciphersuite_auth(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + WOLFSSL_CIPHERSUITE_INFO info; + + (void)info; + +#ifndef WOLFSSL_NO_TLS12 +#ifdef HAVE_CHACHA + info = wolfSSL_get_ciphersuite_info(CHACHA_BYTE, + TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256); + ExpectIntEQ(info.rsaAuth, 1); + ExpectIntEQ(info.eccAuth, 0); + ExpectIntEQ(info.eccStatic, 0); + ExpectIntEQ(info.psk, 0); + + info = wolfSSL_get_ciphersuite_info(CHACHA_BYTE, + TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256); + ExpectIntEQ(info.rsaAuth, 0); + ExpectIntEQ(info.eccAuth, 1); + ExpectIntEQ(info.eccStatic, 0); + ExpectIntEQ(info.psk, 0); + + info = wolfSSL_get_ciphersuite_info(CHACHA_BYTE, + TLS_ECDHE_PSK_WITH_CHACHA20_POLY1305_SHA256); + ExpectIntEQ(info.rsaAuth, 0); + ExpectIntEQ(info.eccAuth, 0); + ExpectIntEQ(info.eccStatic, 0); + ExpectIntEQ(info.psk, 1); +#endif +#if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) +#ifndef NO_RSA + info = wolfSSL_get_ciphersuite_info(ECC_BYTE, + TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA); + ExpectIntEQ(info.rsaAuth, 1); + ExpectIntEQ(info.eccAuth, 0); + ExpectIntEQ(info.eccStatic, 0); + ExpectIntEQ(info.psk, 0); + + info = wolfSSL_get_ciphersuite_info(ECC_BYTE, + TLS_ECDH_RSA_WITH_AES_128_CBC_SHA); + ExpectIntEQ(info.rsaAuth, 1); + ExpectIntEQ(info.eccAuth, 0); + ExpectIntEQ(info.eccStatic, 1); + ExpectIntEQ(info.psk, 0); + + info = wolfSSL_get_ciphersuite_info(ECC_BYTE, + TLS_ECDH_RSA_WITH_AES_256_CBC_SHA); + ExpectIntEQ(info.rsaAuth, 1); + ExpectIntEQ(info.eccAuth, 0); + ExpectIntEQ(info.eccStatic, 1); + ExpectIntEQ(info.psk, 0); +#endif + info = wolfSSL_get_ciphersuite_info(ECC_BYTE, + TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA); + ExpectIntEQ(info.rsaAuth, 0); + ExpectIntEQ(info.eccAuth, 1); + ExpectIntEQ(info.eccStatic, 0); + ExpectIntEQ(info.psk, 0); + + info = wolfSSL_get_ciphersuite_info(ECC_BYTE, + TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA); + ExpectIntEQ(info.rsaAuth, 0); + ExpectIntEQ(info.eccAuth, 1); + ExpectIntEQ(info.eccStatic, 1); + ExpectIntEQ(info.psk, 0); + + info = wolfSSL_get_ciphersuite_info(ECDHE_PSK_BYTE, + TLS_ECDHE_PSK_WITH_AES_128_GCM_SHA256); + ExpectIntEQ(info.rsaAuth, 0); + ExpectIntEQ(info.eccAuth, 0); + ExpectIntEQ(info.eccStatic, 0); + ExpectIntEQ(info.psk, 1); +#endif +#endif + +#ifdef WOLFSSL_TLS13 + info = wolfSSL_get_ciphersuite_info(TLS13_BYTE, + TLS_AES_128_GCM_SHA256); + ExpectIntEQ(info.rsaAuth, 0); + ExpectIntEQ(info.eccAuth, 0); + ExpectIntEQ(info.eccStatic, 0); + ExpectIntEQ(info.psk, 0); +#endif + +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_sigalg_info(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + byte hashSigAlgo[WOLFSSL_MAX_SIGALGO]; + word16 len = 0; + word16 idx = 0; + int allSigAlgs = SIG_ECDSA | SIG_RSA | SIG_SM2 | SIG_FALCON | SIG_DILITHIUM; + + InitSuitesHashSigAlgo(hashSigAlgo, allSigAlgs, 1, 0xFFFFFFFF, &len); + for (idx = 0; idx < len; idx += 2) { + int hashAlgo = 0; + int sigAlgo = 0; + + ExpectIntEQ(wolfSSL_get_sigalg_info(hashSigAlgo[idx+0], + hashSigAlgo[idx+1], &hashAlgo, &sigAlgo), 0); + + ExpectIntNE(hashAlgo, 0); + ExpectIntNE(sigAlgo, 0); + } + + InitSuitesHashSigAlgo(hashSigAlgo, allSigAlgs | SIG_ANON, 1, + 0xFFFFFFFF, &len); + for (idx = 0; idx < len; idx += 2) { + int hashAlgo = 0; + int sigAlgo = 0; + + ExpectIntEQ(wolfSSL_get_sigalg_info(hashSigAlgo[idx+0], + hashSigAlgo[idx+1], &hashAlgo, &sigAlgo), 0); + + ExpectIntNE(hashAlgo, 0); + } + +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_SESSION(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && !defined(NO_SHA256) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(NO_SESSION_CACHE) + WOLFSSL* ssl = NULL; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL_SESSION* sess = NULL; + WOLFSSL_SESSION* sess_copy = NULL; +#ifdef OPENSSL_EXTRA +#ifdef HAVE_EXT_CACHE + unsigned char* sessDer = NULL; + unsigned char* ptr = NULL; + int sz = 0; +#endif + const unsigned char context[] = "user app context"; + unsigned int contextSz = (unsigned int)sizeof(context); +#endif + int ret = 0, err = 0; + SOCKET_T sockfd; + tcp_ready ready; + func_args server_args; + THREAD_TYPE serverThread; + char msg[80]; + const char* sendGET = "GET"; + + /* TLS v1.3 requires session tickets */ + /* CHACHA and POLY1305 required for myTicketEncCb */ +#if !defined(WOLFSSL_NO_TLS12) && (!defined(WOLFSSL_TLS13) || \ + !(defined(HAVE_SESSION_TICKET) && ((defined(HAVE_CHACHA) && \ + defined(HAVE_POLY1305)) || defined(HAVE_AESGCM)))) + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif + + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, + CERT_FILETYPE)); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), + WOLFSSL_SUCCESS); +#ifdef WOLFSSL_ENCRYPTED_KEYS + wolfSSL_CTX_set_default_passwd_cb(ctx, PasswordCallBack); +#endif +#ifdef HAVE_SESSION_TICKET + /* Use session tickets, for ticket tests below */ + ExpectIntEQ(wolfSSL_CTX_UseSessionTicket(ctx), WOLFSSL_SUCCESS); +#endif + + XMEMSET(&server_args, 0, sizeof(func_args)); +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + StartTCP(); + InitTcpReady(&ready); + +#if defined(USE_WINDOWS_API) + /* use RNG to get random port if using windows */ + ready.port = GetRandomPort(); +#endif + + server_args.signal = &ready; + start_thread(test_server_nofail, &server_args, &serverThread); + wait_tcp_ready(&server_args); + + /* client connection */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + tcp_connect(&sockfd, wolfSSLIP, ready.port, 0, 0, ssl); + ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); + + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_connect(ssl), + ret != WOLFSSL_SUCCESS); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + + WOLFSSL_ASYNC_WHILE_PENDING( + ret = wolfSSL_write(ssl, sendGET, (int)XSTRLEN(sendGET)), + ret <= 0); + ExpectIntEQ(ret, (int)XSTRLEN(sendGET)); + + WOLFSSL_ASYNC_WHILE_PENDING(ret = wolfSSL_read(ssl, msg, sizeof(msg)), + ret != 23); + ExpectIntEQ(ret, 23); + + ExpectPtrNE((sess = wolfSSL_get1_session(ssl)), NULL); /* ref count 1 */ + ExpectPtrNE((sess_copy = wolfSSL_get1_session(ssl)), NULL); /* ref count 2 */ + ExpectIntEQ(wolfSSL_SessionIsSetup(sess), 1); +#ifdef HAVE_EXT_CACHE + ExpectPtrEq(sess, sess_copy); /* they should be the same pointer but without + * HAVE_EXT_CACHE we get new objects each time */ +#endif + wolfSSL_SESSION_free(sess_copy); sess_copy = NULL; + wolfSSL_SESSION_free(sess); sess = NULL; /* free session ref */ + + sess = wolfSSL_get_session(ssl); + +#ifdef OPENSSL_EXTRA + ExpectIntEQ(SSL_SESSION_is_resumable(NULL), 0); + ExpectIntEQ(SSL_SESSION_is_resumable(sess), 1); + + ExpectIntEQ(wolfSSL_SESSION_has_ticket(NULL), 0); + ExpectIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(NULL), 0); + #ifdef HAVE_SESSION_TICKET + ExpectIntEQ(wolfSSL_SESSION_has_ticket(sess), 1); + ExpectIntEQ(wolfSSL_SESSION_get_ticket_lifetime_hint(sess), + SESSION_TICKET_HINT_DEFAULT); + #else + ExpectIntEQ(wolfSSL_SESSION_has_ticket(sess), 0); + #endif +#else + (void)sess; +#endif /* OPENSSL_EXTRA */ + + /* Retain copy of the session for later testing */ + ExpectNotNull(sess = wolfSSL_get1_session(ssl)); + + wolfSSL_shutdown(ssl); + wolfSSL_free(ssl); ssl = NULL; + + CloseSocket(sockfd); + + join_thread(serverThread); + + FreeTcpReady(&ready); + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + +#if defined(SESSION_CERTS) && defined(OPENSSL_EXTRA) + { + X509 *x509 = NULL; + char buf[30]; + int bufSz = 0; + + ExpectNotNull(x509 = SSL_SESSION_get0_peer(sess)); + ExpectIntGT((bufSz = X509_NAME_get_text_by_NID( + X509_get_subject_name(x509), NID_organizationalUnitName, buf, + sizeof(buf))), 0); + ExpectIntNE((bufSz == 7 || bufSz == 16), 0); /* should be one of these*/ + if (bufSz == 7) { + ExpectIntEQ(XMEMCMP(buf, "Support", bufSz), 0); + } + if (bufSz == 16) { + ExpectIntEQ(XMEMCMP(buf, "Programming-2048", bufSz), 0); + } + } +#endif + +#ifdef HAVE_EXT_CACHE + ExpectNotNull(sess_copy = wolfSSL_SESSION_dup(sess)); + wolfSSL_SESSION_free(sess_copy); sess_copy = NULL; + sess_copy = NULL; +#endif + +#if defined(OPENSSL_EXTRA) && defined(HAVE_EXT_CACHE) + /* get session from DER and update the timeout */ + ExpectIntEQ(wolfSSL_i2d_SSL_SESSION(NULL, &sessDer), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntGT((sz = wolfSSL_i2d_SSL_SESSION(sess, &sessDer)), 0); + wolfSSL_SESSION_free(sess); sess = NULL; + sess = NULL; + ptr = sessDer; + ExpectNull(sess = wolfSSL_d2i_SSL_SESSION(NULL, NULL, sz)); + ExpectNotNull(sess = wolfSSL_d2i_SSL_SESSION(NULL, + (const unsigned char**)&ptr, sz)); + XFREE(sessDer, NULL, DYNAMIC_TYPE_OPENSSL); + sessDer = NULL; + + ExpectIntGT(wolfSSL_SESSION_get_time(sess), 0); + ExpectIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS); +#endif + + /* successful set session test */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectIntEQ(wolfSSL_set_session(ssl, sess), WOLFSSL_SUCCESS); + +#ifdef HAVE_SESSION_TICKET + /* Test set/get session ticket */ + { + const char* ticket = "This is a session ticket"; + char buf[64] = {0}; + word32 bufSz = (word32)sizeof(buf); + word32 retSz = 0; + + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_set_SessionTicket(ssl, (byte *)ticket, + (word32)XSTRLEN(ticket))); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_get_SessionTicket(ssl, (byte *)buf, &bufSz)); + ExpectStrEQ(ticket, buf); + + /* return ticket length if buffer parameter is null */ + wolfSSL_get_SessionTicket(ssl, NULL, &retSz); + ExpectIntEQ(bufSz, retSz); + } +#endif + +#ifdef OPENSSL_EXTRA + /* session timeout case */ + /* make the session to be expired */ + ExpectIntEQ(SSL_SESSION_set_timeout(sess,1), SSL_SUCCESS); + XSLEEP_MS(1200); + + /* SSL_set_session should reject specified session but return success + * if WOLFSSL_ERROR_CODE_OPENSSL macro is defined for OpenSSL compatibility. + */ +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + ExpectIntEQ(wolfSSL_set_session(ssl,sess), SSL_SUCCESS); +#else + ExpectIntEQ(wolfSSL_set_session(ssl,sess), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + ExpectIntEQ(wolfSSL_SSL_SESSION_set_timeout(sess, 500), SSL_SUCCESS); + +#ifdef WOLFSSL_SESSION_ID_CTX + /* fail case with miss match session context IDs (use compatibility API) */ + ExpectIntEQ(SSL_set_session_id_context(ssl, context, contextSz), + SSL_SUCCESS); + ExpectIntEQ(wolfSSL_set_session(ssl, sess), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + wolfSSL_free(ssl); ssl = NULL; + + ExpectIntEQ(SSL_CTX_set_session_id_context(NULL, context, contextSz), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_CTX_set_session_id_context(ctx, context, contextSz), + SSL_SUCCESS); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectIntEQ(wolfSSL_set_session(ssl, sess), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif +#endif /* OPENSSL_EXTRA */ + + wolfSSL_free(ssl); + wolfSSL_SESSION_free(sess); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ + !defined(NO_SESSION_CACHE) && defined(OPENSSL_EXTRA) && \ + !defined(WOLFSSL_NO_TLS12) +static WOLFSSL_SESSION* test_wolfSSL_SESSION_expire_sess = NULL; + +static void test_wolfSSL_SESSION_expire_downgrade_ctx_ready(WOLFSSL_CTX* ctx) +{ + #ifdef WOLFSSL_ERROR_CODE_OPENSSL + /* returns previous timeout value */ + AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 1), 500); + #else + AssertIntEQ(wolfSSL_CTX_set_timeout(ctx, 1), WOLFSSL_SUCCESS); + #endif +} + + +/* set the session to timeout in a second */ +static void test_wolfSSL_SESSION_expire_downgrade_ssl_ready(WOLFSSL* ssl) +{ + AssertIntEQ(wolfSSL_set_timeout(ssl, 2), 1); +} + + +/* store the client side session from the first successful connection */ +static void test_wolfSSL_SESSION_expire_downgrade_ssl_result(WOLFSSL* ssl) +{ + AssertPtrNE((test_wolfSSL_SESSION_expire_sess = wolfSSL_get1_session(ssl)), + NULL); /* ref count 1 */ +} + + +/* wait till session is expired then set it in the WOLFSSL struct for use */ +static void test_wolfSSL_SESSION_expire_downgrade_ssl_ready_wait(WOLFSSL* ssl) +{ + AssertIntEQ(wolfSSL_set_timeout(ssl, 1), 1); + AssertIntEQ(wolfSSL_set_session(ssl, test_wolfSSL_SESSION_expire_sess), + WOLFSSL_SUCCESS); + XSLEEP_MS(2000); /* wait 2 seconds for session to expire */ +} + + +/* set expired session in the WOLFSSL struct for use */ +static void test_wolfSSL_SESSION_expire_downgrade_ssl_ready_set(WOLFSSL* ssl) +{ + XSLEEP_MS(1200); /* wait a second for session to expire */ + + /* set the expired session, call to set session fails but continuing on + after failure should be handled here */ +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL) + AssertIntEQ(wolfSSL_set_session(ssl, test_wolfSSL_SESSION_expire_sess), + WOLFSSL_SUCCESS); +#else + AssertIntNE(wolfSSL_set_session(ssl, test_wolfSSL_SESSION_expire_sess), + WOLFSSL_SUCCESS); +#endif +} + + +/* check that the expired session was not reused */ +static void test_wolfSSL_SESSION_expire_downgrade_ssl_result_reuse(WOLFSSL* ssl) +{ + /* since the session has expired it should not have been reused */ + AssertIntEQ(wolfSSL_session_reused(ssl), 0); +} +#endif + +static int test_wolfSSL_SESSION_expire_downgrade(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ + !defined(NO_SESSION_CACHE) && defined(OPENSSL_EXTRA) && \ + !defined(WOLFSSL_NO_TLS12) + callback_functions server_cbf, client_cbf; + + XMEMSET(&server_cbf, 0, sizeof(callback_functions)); + XMEMSET(&client_cbf, 0, sizeof(callback_functions)); + + /* force server side to use TLS 1.2 */ + server_cbf.method = wolfTLSv1_2_server_method; + + client_cbf.method = wolfSSLv23_client_method; + server_cbf.ctx_ready = test_wolfSSL_SESSION_expire_downgrade_ctx_ready; + client_cbf.ssl_ready = test_wolfSSL_SESSION_expire_downgrade_ssl_ready; + client_cbf.on_result = test_wolfSSL_SESSION_expire_downgrade_ssl_result; + + test_wolfSSL_client_server_nofail(&client_cbf, &server_cbf); + ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS); + ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS); + + client_cbf.method = wolfSSLv23_client_method; + server_cbf.ctx_ready = test_wolfSSL_SESSION_expire_downgrade_ctx_ready; + client_cbf.ssl_ready = test_wolfSSL_SESSION_expire_downgrade_ssl_ready_wait; + client_cbf.on_result = + test_wolfSSL_SESSION_expire_downgrade_ssl_result_reuse; + + test_wolfSSL_client_server_nofail(&client_cbf, &server_cbf); + ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS); + ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS); + + client_cbf.method = wolfSSLv23_client_method; + server_cbf.ctx_ready = test_wolfSSL_SESSION_expire_downgrade_ctx_ready; + client_cbf.ssl_ready = test_wolfSSL_SESSION_expire_downgrade_ssl_ready_set; + client_cbf.on_result = + test_wolfSSL_SESSION_expire_downgrade_ssl_result_reuse; + + test_wolfSSL_client_server_nofail(&client_cbf, &server_cbf); + ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS); + ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS); + + wolfSSL_SESSION_free(test_wolfSSL_SESSION_expire_sess); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE) +#ifdef WOLFSSL_ATOMIC_OPS + typedef wolfSSL_Atomic_Int SessRemCounter_t; +#else + typedef int SessRemCounter_t; +#endif +static SessRemCounter_t clientSessRemCountMalloc; +static SessRemCounter_t serverSessRemCountMalloc; +static SessRemCounter_t clientSessRemCountFree; +static SessRemCounter_t serverSessRemCountFree; + +static WOLFSSL_CTX* serverSessCtx = NULL; +static WOLFSSL_SESSION* serverSess = NULL; +#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \ + !defined(NO_SESSION_CACHE_REF) +static WOLFSSL_CTX* clientSessCtx = NULL; +static WOLFSSL_SESSION* clientSess = NULL; +#endif +static int serverSessRemIdx = 3; +static int sessRemCtx_Server = WOLFSSL_SERVER_END; +static int sessRemCtx_Client = WOLFSSL_CLIENT_END; + +static void SessRemCtxCb(WOLFSSL_CTX *ctx, WOLFSSL_SESSION *sess) +{ + int* side; + + (void)ctx; + + side = (int*)SSL_SESSION_get_ex_data(sess, serverSessRemIdx); + if (side != NULL) { + if (*side == WOLFSSL_CLIENT_END) + (void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountFree, 1); + else + (void)wolfSSL_Atomic_Int_FetchAdd(&serverSessRemCountFree, 1); + + SSL_SESSION_set_ex_data(sess, serverSessRemIdx, NULL); + } +} + +static int SessRemCtxSetupCb(WOLFSSL_CTX* ctx) +{ + SSL_CTX_sess_set_remove_cb(ctx, SessRemCtxCb); +#if defined(WOLFSSL_TLS13) && !defined(HAVE_SESSION_TICKET) && \ + !defined(NO_SESSION_CACHE_REF) + { + EXPECT_DECLS; + /* Allow downgrade, set min version, and disable TLS 1.3. + * Do this because without NO_SESSION_CACHE_REF we will want to return a + * reference to the session cache. But with WOLFSSL_TLS13 and without + * HAVE_SESSION_TICKET we won't have a session ID to be able to place + * the session in the cache. In this case we need to downgrade to + * previous versions to just use the legacy session ID field. */ + ExpectIntEQ(SSL_CTX_set_min_proto_version(ctx, SSL3_VERSION), + SSL_SUCCESS); + ExpectIntEQ(SSL_CTX_set_max_proto_version(ctx, TLS1_2_VERSION), + SSL_SUCCESS); + return EXPECT_RESULT(); + } +#else + return TEST_SUCCESS; +#endif +} + +static int SessRemSslSetupCb(WOLFSSL* ssl) +{ + EXPECT_DECLS; + int* side; + + if (SSL_is_server(ssl)) { + side = &sessRemCtx_Server; + (void)wolfSSL_Atomic_Int_FetchAdd(&serverSessRemCountMalloc, 1); + ExpectNotNull(serverSess = SSL_get1_session(ssl)); + ExpectIntEQ(SSL_CTX_up_ref(serverSessCtx = SSL_get_SSL_CTX(ssl)), + SSL_SUCCESS); + } + else { + side = &sessRemCtx_Client; + (void)wolfSSL_Atomic_Int_FetchAdd(&clientSessRemCountMalloc, 1); +#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \ + !defined(NO_SESSION_CACHE_REF) + ExpectNotNull(clientSess = SSL_get1_session(ssl)); + ExpectIntEQ(SSL_CTX_up_ref(clientSessCtx = SSL_get_SSL_CTX(ssl)), + SSL_SUCCESS); +#endif + } + ExpectIntEQ(SSL_SESSION_set_ex_data(SSL_get_session(ssl), + serverSessRemIdx, side), SSL_SUCCESS); + + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_CTX_sess_set_remove_cb(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(HAVE_EX_DATA) && !defined(NO_SESSION_CACHE) + /* Check that the remove callback gets called for external data in a + * session object */ + test_ssl_cbf func_cb; + + wolfSSL_Atomic_Int_Init(&clientSessRemCountMalloc, 0); + wolfSSL_Atomic_Int_Init(&serverSessRemCountMalloc, 0); + wolfSSL_Atomic_Int_Init(&clientSessRemCountFree, 0); + wolfSSL_Atomic_Int_Init(&serverSessRemCountFree, 0); + + XMEMSET(&func_cb, 0, sizeof(func_cb)); + func_cb.ctx_ready = SessRemCtxSetupCb; + func_cb.on_result = SessRemSslSetupCb; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb, &func_cb, + NULL), TEST_SUCCESS); + + /* Both should have been allocated */ + ExpectIntEQ(clientSessRemCountMalloc, 1); + ExpectIntEQ(serverSessRemCountMalloc, 1); + + /* This should not be called yet. Session wasn't evicted from cache yet. */ + ExpectIntEQ(clientSessRemCountFree, 0); +#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \ + !defined(NO_SESSION_CACHE_REF) + /* Force a cache lookup */ + ExpectNotNull(SSL_SESSION_get_ex_data(clientSess, serverSessRemIdx)); + /* Force a cache update */ + ExpectNotNull(SSL_SESSION_set_ex_data(clientSess, serverSessRemIdx - 1, 0)); + /* This should set the timeout to 0 and call the remove callback from within + * the session cache. */ + ExpectIntEQ(SSL_CTX_remove_session(clientSessCtx, clientSess), 0); + ExpectNull(SSL_SESSION_get_ex_data(clientSess, serverSessRemIdx)); + ExpectIntEQ(clientSessRemCountFree, 1); +#endif + /* Server session is in the cache so ex_data isn't free'd with the SSL + * object */ + ExpectIntEQ(serverSessRemCountFree, 0); + /* Force a cache lookup */ + ExpectNotNull(SSL_SESSION_get_ex_data(serverSess, serverSessRemIdx)); + /* Force a cache update */ + ExpectNotNull(SSL_SESSION_set_ex_data(serverSess, serverSessRemIdx - 1, 0)); + /* This should set the timeout to 0 and call the remove callback from within + * the session cache. */ + ExpectIntEQ(SSL_CTX_remove_session(serverSessCtx, serverSess), 0); + ExpectNull(SSL_SESSION_get_ex_data(serverSess, serverSessRemIdx)); + ExpectIntEQ(serverSessRemCountFree, 1); + /* Need to free the references that we kept */ + SSL_CTX_free(serverSessCtx); + SSL_SESSION_free(serverSess); +#if (defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET)) || \ + !defined(NO_SESSION_CACHE_REF) + SSL_CTX_free(clientSessCtx); + SSL_SESSION_free(clientSess); +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_ticket_keys(void) +{ + EXPECT_DECLS; +#if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) + WOLFSSL_CTX* ctx = NULL; + byte keys[WOLFSSL_TICKET_KEYS_SZ]; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + + ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, NULL, sizeof(keys)), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, NULL, sizeof(keys)), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(NULL, keys, sizeof(keys)), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, NULL, sizeof(keys)), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, NULL, sizeof(keys)), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(NULL, keys, sizeof(keys)), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(wolfSSL_CTX_get_tlsext_ticket_keys(ctx, keys, sizeof(keys)), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_set_tlsext_ticket_keys(ctx, keys, sizeof(keys)), + WOLFSSL_SUCCESS); + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +#ifndef NO_BIO + +static int test_wolfSSL_d2i_PUBKEY(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectNull(d2i_PUBKEY_bio(NULL, NULL)); + +#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) + /* RSA PUBKEY test */ + ExpectIntGT(BIO_write(bio, client_keypub_der_2048, + sizeof_client_keypub_der_2048), 0); + ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL)); + EVP_PKEY_free(pkey); + pkey = NULL; +#endif + +#if defined(USE_CERT_BUFFERS_256) && defined(HAVE_ECC) + /* ECC PUBKEY test */ + ExpectIntGT(BIO_write(bio, ecc_clikeypub_der_256, + sizeof_ecc_clikeypub_der_256), 0); + ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL)); + EVP_PKEY_free(pkey); + pkey = NULL; +#endif + +#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DSA) + /* DSA PUBKEY test */ + ExpectIntGT(BIO_write(bio, dsa_pub_key_der_2048, + sizeof_dsa_pub_key_der_2048), 0); + ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL)); + EVP_PKEY_free(pkey); + pkey = NULL; +#endif + +#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DH) && \ +defined(OPENSSL_EXTRA) && defined(WOLFSSL_DH_EXTRA) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2)) + /* DH PUBKEY test */ + ExpectIntGT(BIO_write(bio, dh_pub_key_der_2048, + sizeof_dh_pub_key_der_2048), 0); + ExpectNotNull(pkey = d2i_PUBKEY_bio(bio, NULL)); + EVP_PKEY_free(pkey); + pkey = NULL; +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* USE_CERT_BUFFERS_2048 && !NO_DH && && OPENSSL_EXTRA */ + + BIO_free(bio); + + (void)pkey; +#endif + + return EXPECT_RESULT(); +} + +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) && \ + !defined(NO_TLS) +static int test_wolfSSL_d2i_PrivateKeys_bio(void) +{ + EXPECT_DECLS; + BIO* bio = NULL; + EVP_PKEY* pkey = NULL; + WOLFSSL_CTX* ctx = NULL; + +#if defined(WOLFSSL_KEY_GEN) + unsigned char buff[4096]; + unsigned char* bufPtr = buff; +#endif + + /* test creating new EVP_PKEY with bad arg */ + ExpectNull((pkey = d2i_PrivateKey_bio(NULL, NULL))); + + /* test loading RSA key using BIO */ +#if !defined(NO_RSA) && !defined(NO_FILESYSTEM) + { + XFILE file = XBADFILE; + const char* fname = "./certs/server-key.der"; + long lsz = 0; + size_t sz = 0; + byte* buf = NULL; + + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectTrue((lsz = XFTELL(file)) > 0); + sz = (size_t)lsz; + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE)); + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + if (file != XBADFILE) { + XFCLOSE(file); + } + + /* Test using BIO new mem and loading DER private key */ + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = d2i_PrivateKey_bio(bio, NULL))); + XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE); + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif + + /* test loading ECC key using BIO */ +#if defined(HAVE_ECC) && !defined(NO_FILESYSTEM) + { + XFILE file = XBADFILE; + const char* fname = "./certs/ecc-key.der"; + long lsz = 0; + size_t sz = 0; + byte* buf = NULL; + + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectTrue(XFSEEK(file, 0, XSEEK_END) == 0); + ExpectTrue((lsz = XFTELL(file)) > 0); + sz = (size_t)lsz; + ExpectTrue(XFSEEK(file, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_FILE)); + ExpectIntEQ(XFREAD(buf, 1, sz, file), sz); + if (file != XBADFILE) + XFCLOSE(file); + + /* Test using BIO new mem and loading DER private key */ + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull((pkey = d2i_PrivateKey_bio(bio, NULL))); + XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE); + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_client_method())); +#endif + +#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) + { + const unsigned char seqOnly[] = { 0x30, 0x00, 0x00, 0x00, 0x00, 0x00 }; + RSA* rsa = NULL; + /* Tests bad parameters */ + ExpectNull(d2i_RSAPrivateKey_bio(NULL, NULL)); + + /* Test using bad data. */ + ExpectIntGT(BIO_write(bio, seqOnly, sizeof(seqOnly)), 0); + ExpectNull(d2i_RSAPrivateKey_bio(bio, NULL)); + + /* RSA not set yet, expecting to fail*/ + rsa = wolfSSL_RSA_new(); + ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + wolfSSL_RSA_free(rsa); + rsa = NULL; + +#if defined(USE_CERT_BUFFERS_2048) && defined(WOLFSSL_KEY_GEN) + /* set RSA using bio*/ + ExpectIntGT(BIO_write(bio, client_key_der_2048, + sizeof_client_key_der_2048), 0); + ExpectNotNull(d2i_RSAPrivateKey_bio(bio, &rsa)); + ExpectNotNull(rsa); + + /* Tests bad parameters */ + ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(NULL, rsa), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(SSL_CTX_use_RSAPrivateKey(ctx, rsa), WOLFSSL_SUCCESS); + + /* i2d RSAprivate key tests */ + ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 1192); + ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr), + sizeof_client_key_der_2048); + bufPtr -= sizeof_client_key_der_2048; + ExpectIntEQ(XMEMCMP(bufPtr, client_key_der_2048, + sizeof_client_key_der_2048), 0); + bufPtr = NULL; + ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, &bufPtr), + sizeof_client_key_der_2048); + ExpectNotNull(bufPtr); + ExpectIntEQ(XMEMCMP(bufPtr, client_key_der_2048, + sizeof_client_key_der_2048), 0); + XFREE(bufPtr, NULL, DYNAMIC_TYPE_OPENSSL); + + RSA_free(rsa); + rsa = NULL; + ExpectIntGT(BIO_write(bio, client_key_der_2048, + sizeof_client_key_der_2048), 0); + ExpectNotNull(d2i_RSA_PUBKEY_bio(bio, &rsa)); + (void)BIO_reset(bio); + + RSA_free(rsa); + rsa = RSA_new(); + ExpectIntEQ(wolfSSL_i2d_RSAPrivateKey(rsa, NULL), 0); +#endif /* USE_CERT_BUFFERS_2048 WOLFSSL_KEY_GEN */ + RSA_free(rsa); + } +#endif /* WOLFSSL_KEY_GEN && !NO_RSA */ + SSL_CTX_free(ctx); + ctx = NULL; + BIO_free(bio); + bio = NULL; + + return EXPECT_RESULT(); +} +#endif /* OPENSSL_ALL || (WOLFSSL_ASIO && !NO_RSA) */ + +#endif /* !NO_BIO */ + + +static int test_wolfSSL_sk_GENERAL_NAME(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) + X509* x509 = NULL; + GENERAL_NAME* gn = NULL; + GENERAL_NAME* dup_gn = NULL; + unsigned char buf[4096]; + const unsigned char* bufPt = NULL; + int bytes = 0; + int i; + int j; + XFILE f = XBADFILE; + STACK_OF(GENERAL_NAME)* sk = NULL; + + ExpectTrue((f = XFOPEN(cliCertDerFileExt, "rb")) != XBADFILE); + ExpectIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0); + if (f != XBADFILE) + XFCLOSE(f); + + for (j = 0; j < 2; ++j) { + bufPt = buf; + ExpectNotNull(x509 = d2i_X509(NULL, &bufPt, bytes)); + + ExpectNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, + NID_subject_alt_name, NULL, NULL)); + + ExpectIntEQ(sk_GENERAL_NAME_num(sk), 1); + for (i = 0; i < sk_GENERAL_NAME_num(sk); i++) { + ExpectNotNull(gn = sk_GENERAL_NAME_value(sk, i)); + + if (gn != NULL) { + switch (gn->type) { + case GEN_DNS: + fprintf(stderr, "found type GEN_DNS\n"); + break; + case GEN_EMAIL: + fprintf(stderr, "found type GEN_EMAIL\n"); + break; + case GEN_URI: + fprintf(stderr, "found type GEN_URI\n"); + break; + } + } + + ExpectNotNull(dup_gn = wolfSSL_GENERAL_NAME_dup(gn)); + wolfSSL_GENERAL_NAME_free(dup_gn); + dup_gn = NULL; + } + X509_free(x509); + x509 = NULL; + if (j == 0) { + sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free); + } + else { + /* + * We had a bug where GENERAL_NAMES_free didn't free all the memory + * it was supposed to. This is a regression test for that bug. + */ + GENERAL_NAMES_free(sk); + } + sk = NULL; + } + + ExpectNull(wolfSSL_GENERAL_NAME_dup(NULL)); + ExpectIntEQ(wolfSSL_GENERAL_NAME_set_type(NULL, WOLFSSL_GEN_IA5), + BAD_FUNC_ARG); + wolfSSL_GENERAL_NAMES_free(NULL); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_GENERAL_NAME_print(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_BIO) && !defined(NO_RSA) + X509* x509 = NULL; + GENERAL_NAME* gn = NULL; + GENERAL_NAME* dup_gn = NULL; + unsigned char buf[4096]; + const unsigned char* bufPt = NULL; + int bytes = 0; + XFILE f = XBADFILE; + STACK_OF(GENERAL_NAME)* sk = NULL; + BIO* out = NULL; + unsigned char outbuf[128]; + + X509_EXTENSION* ext = NULL; + AUTHORITY_INFO_ACCESS* aia = NULL; + ACCESS_DESCRIPTION* ad = NULL; + ASN1_IA5STRING *dnsname = NULL; + ASN1_OBJECT* ridObj = NULL; + + const unsigned char v4Addr[] = {192,168,53,1}; + const unsigned char v6Addr[] = + {0x20, 0x21, 0x0d, 0xb8, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0xff, 0x00, 0x00, 0x42, 0x77, 0x77}; + const unsigned char email[] = + {'i', 'n', 'f', 'o', '@', 'w', 'o', 'l', + 'f', 's', 's', 'l', '.', 'c', 'o', 'm'}; + const unsigned char ridData[] = { 0x06, 0x04, 0x2a, 0x03, 0x04, 0x05 }; + const unsigned char* p; + unsigned long len; + + const char* dnsStr = "DNS:example.com"; + const char* uriStr = "URI:http://127.0.0.1:22220"; + const char* v4addStr = "IP Address:192.168.53.1"; + const char* v6addStr = "IP Address:2021:DB8:0:0:0:FF00:42:7777"; + const char* emailStr = "email:info@wolfssl.com"; + const char* othrStr = "othername:"; + const char* x400Str = "X400Name:"; + const char* ediStr = "EdiPartyName:"; + const char* dirNameStr = "DirName:"; + const char* ridStr = "Registered ID:1.2.3.4.5"; + + /* BIO to output */ + ExpectNotNull(out = BIO_new(BIO_s_mem())); + + /* test for NULL param */ + gn = NULL; + + ExpectIntEQ(GENERAL_NAME_print(NULL, NULL), 0); + ExpectIntEQ(GENERAL_NAME_print(NULL, gn), 0); + ExpectIntEQ(GENERAL_NAME_print(out, NULL), 0); + + + /* test for GEN_DNS */ + ExpectTrue((f = XFOPEN(cliCertDerFileExt, "rb")) != XBADFILE); + ExpectIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + bufPt = buf; + ExpectNotNull(x509 = d2i_X509(NULL, &bufPt, bytes)); + ExpectNotNull(sk = (STACK_OF(ASN1_OBJECT)*)X509_get_ext_d2i(x509, + NID_subject_alt_name, NULL, NULL)); + + ExpectNotNull(gn = sk_GENERAL_NAME_value(sk, 0)); + ExpectIntEQ(GENERAL_NAME_print(out, gn), 1); + + XMEMSET(outbuf, 0, sizeof(outbuf)); + ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); + ExpectIntEQ(XSTRNCMP((const char*)outbuf, dnsStr, XSTRLEN(dnsStr)), 0); + + sk_GENERAL_NAME_pop_free(sk, GENERAL_NAME_free); + gn = NULL; + sk = NULL; + X509_free(x509); + x509 = NULL; + + /* Lets test for setting as well. */ + ExpectNotNull(gn = GENERAL_NAME_new()); + ExpectNotNull(dnsname = ASN1_IA5STRING_new()); + ExpectIntEQ(ASN1_STRING_set(dnsname, "example.com", -1), 1); + GENERAL_NAME_set0_value(gn, GEN_DNS, dnsname); + dnsname = NULL; + ExpectIntEQ(GENERAL_NAME_print(out, gn), 1); + XMEMSET(outbuf, 0, sizeof(outbuf)); + ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); + ExpectIntEQ(XSTRNCMP((const char*)outbuf, dnsStr, XSTRLEN(dnsStr)), 0); + ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn)); + wolfSSL_GENERAL_NAME_set0_value(NULL, WOLFSSL_GEN_IA5, NULL); + wolfSSL_GENERAL_NAME_set0_value(dup_gn, WOLFSSL_GEN_IA5, NULL); + wolfSSL_GENERAL_NAME_set0_value(NULL, WOLFSSL_GEN_DNS, NULL); + wolfSSL_GENERAL_NAME_set0_value(NULL, WOLFSSL_GEN_IA5, outbuf); + wolfSSL_GENERAL_NAME_set0_value(dup_gn, WOLFSSL_GEN_DNS, NULL); + wolfSSL_GENERAL_NAME_set0_value(dup_gn, WOLFSSL_GEN_IA5, outbuf); + wolfSSL_GENERAL_NAME_set0_value(NULL, WOLFSSL_GEN_DNS, outbuf); + GENERAL_NAME_free(dup_gn); + dup_gn = NULL; + GENERAL_NAME_free(gn); + + /* test for GEN_URI */ + + ExpectTrue((f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 4)); + ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i( + ext)); + ExpectNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION *)wolfSSL_sk_value(aia, 0)); + + if (ad != NULL) { + gn = ad->location; + } + ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn)); + GENERAL_NAME_free(dup_gn); + dup_gn = NULL; + ExpectIntEQ(GENERAL_NAME_print(out, gn), 1); + gn = NULL; + + XMEMSET(outbuf,0,sizeof(outbuf)); + ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); + ExpectIntEQ(XSTRNCMP((const char*)outbuf, uriStr, XSTRLEN(uriStr)), 0); + + wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL); + aia = NULL; + aia = (AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i(ext); + ExpectNotNull(aia); + AUTHORITY_INFO_ACCESS_pop_free(aia, NULL); + aia = NULL; + X509_free(x509); + x509 = NULL; + + /* test for GEN_IPADD */ + + /* ip v4 address */ + ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new()); + if (gn != NULL) { + gn->type = GEN_IPADD; + if (gn->d.iPAddress != NULL) { + gn->d.iPAddress->length = sizeof(v4Addr); + } + } + ExpectIntEQ(wolfSSL_ASN1_STRING_set(gn->d.iPAddress, v4Addr, + sizeof(v4Addr)), 1); + + ExpectIntEQ(GENERAL_NAME_print(out, gn), 1); + XMEMSET(outbuf,0,sizeof(outbuf)); + ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); + ExpectIntEQ(XSTRNCMP((const char*)outbuf, v4addStr, XSTRLEN(v4addStr)), 0); + + ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn)); + GENERAL_NAME_free(dup_gn); + dup_gn = NULL; + + GENERAL_NAME_free(gn); + gn = NULL; + + /* ip v6 address */ + + ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new()); + if (gn != NULL) { + gn->type = GEN_IPADD; + if (gn->d.iPAddress != NULL) { + gn->d.iPAddress->length = sizeof(v6Addr); + } + } + ExpectIntEQ(wolfSSL_ASN1_STRING_set(gn->d.iPAddress, v6Addr, + sizeof(v6Addr)), 1); + + ExpectIntEQ(GENERAL_NAME_print(out, gn), 1); + XMEMSET(outbuf,0,sizeof(outbuf)); + ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); + ExpectIntEQ(XSTRNCMP((const char*)outbuf, v6addStr, XSTRLEN(v6addStr)), 0); + + ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn)); + GENERAL_NAME_free(dup_gn); + dup_gn = NULL; + + GENERAL_NAME_free(gn); + gn = NULL; + + /* test for GEN_EMAIL */ + + ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new()); + if (gn != NULL) { + gn->type = GEN_EMAIL; + if (gn->d.rfc822Name != NULL) { + gn->d.rfc822Name->length = sizeof(email); + } + } + ExpectIntEQ(wolfSSL_ASN1_STRING_set(gn->d.rfc822Name, email, sizeof(email)), + 1); + + ExpectIntEQ(GENERAL_NAME_print(out, gn), 1); + XMEMSET(outbuf,0,sizeof(outbuf)); + ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); + ExpectIntEQ(XSTRNCMP((const char*)outbuf, emailStr, XSTRLEN(emailStr)), 0); + + ExpectNotNull(dup_gn = GENERAL_NAME_dup(gn)); + GENERAL_NAME_free(dup_gn); + dup_gn = NULL; + + GENERAL_NAME_free(gn); + gn = NULL; + + /* test for GEN_OTHERNAME */ + + ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new()); + if (gn != NULL) { + gn->type = GEN_OTHERNAME; + } + + ExpectIntEQ(GENERAL_NAME_print(out, gn), 1); + XMEMSET(outbuf,0,sizeof(outbuf)); + ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); + ExpectIntEQ(XSTRNCMP((const char*)outbuf, othrStr, XSTRLEN(othrStr)), 0); + + GENERAL_NAME_free(gn); + gn = NULL; + + /* test for GEN_X400 */ + + ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new()); + if (gn != NULL) { + gn->type = GEN_X400; + } + + ExpectIntEQ(GENERAL_NAME_print(out, gn), 1); + XMEMSET(outbuf,0,sizeof(outbuf)); + ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); + ExpectIntEQ(XSTRNCMP((const char*)outbuf, x400Str, XSTRLEN(x400Str)), 0); + + /* Restore to GEN_IA5 (default) to avoid memory leak. */ + if (gn != NULL) { + gn->type = GEN_IA5; + } + + /* Duplicating GEN_X400 not supported. */ + ExpectNull(GENERAL_NAME_dup(gn)); + + GENERAL_NAME_free(gn); + gn = NULL; + + /* test for GEN_EDIPARTY */ + + ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new()); + if (gn != NULL) { + gn->type = GEN_EDIPARTY; + } + + ExpectIntEQ(GENERAL_NAME_print(out, gn), 1); + XMEMSET(outbuf,0,sizeof(outbuf)); + ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); + ExpectIntEQ(XSTRNCMP((const char*)outbuf, ediStr, XSTRLEN(ediStr)), 0); + + /* Restore to GEN_IA5 (default) to avoid memory leak. */ + if (gn != NULL) { + gn->type = GEN_IA5; + } + + /* Duplicating GEN_EDIPARTY not supported. */ + ExpectNull(dup_gn = GENERAL_NAME_dup(gn)); + + GENERAL_NAME_free(gn); + gn = NULL; + + /* test for GEN_DIRNAME */ + ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new()); + if (gn != NULL) { + gn->type = GEN_DIRNAME; + } + ExpectIntEQ(GENERAL_NAME_print(out, gn), 1); + XMEMSET(outbuf,0,sizeof(outbuf)); + ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); + ExpectIntEQ(XSTRNCMP((const char*)outbuf, dirNameStr, XSTRLEN(dirNameStr)), + 0); + /* Duplicating GEN_DIRNAME not supported. */ + ExpectNull(dup_gn = GENERAL_NAME_dup(gn)); + /* Restore to GEN_IA5 (default) to avoid memory leak. */ + if (gn != NULL) { + gn->type = GEN_IA5; + } + GENERAL_NAME_free(gn); + gn = NULL; + + /* test for GEN_RID */ + p = ridData; + len = sizeof(ridData); + ExpectNotNull(ridObj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, len)); + ExpectNotNull(gn = wolfSSL_GENERAL_NAME_new()); + if (gn != NULL) { + gn->type = GEN_RID; + wolfSSL_ASN1_STRING_free(gn->d.ia5); + gn->d.registeredID = ridObj; + } + else { + wolfSSL_ASN1_OBJECT_free(ridObj); + } + ExpectIntEQ(GENERAL_NAME_print(out, gn), 1); + XMEMSET(outbuf,0,sizeof(outbuf)); + ExpectIntGT(BIO_read(out, outbuf, sizeof(outbuf)), 0); + ExpectIntEQ(XSTRNCMP((const char*)outbuf, ridStr, XSTRLEN(ridStr)), 0); + /* Duplicating GEN_DIRNAME not supported. */ + ExpectNull(dup_gn = GENERAL_NAME_dup(gn)); + GENERAL_NAME_free(gn); + gn = NULL; + + BIO_free(out); +#endif /* OPENSSL_ALL */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_sk_DIST_POINT(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) + X509* x509 = NULL; + unsigned char buf[4096]; + const unsigned char* bufPt; + int bytes = 0; + int i = 0; + int j = 0; + XFILE f = XBADFILE; + DIST_POINT* dp = NULL; + DIST_POINT_NAME* dpn = NULL; + GENERAL_NAME* gn = NULL; + ASN1_IA5STRING* uri = NULL; + STACK_OF(DIST_POINT)* dps = NULL; + STACK_OF(GENERAL_NAME)* gns = NULL; + const char cliCertDerCrlDistPoint[] = "./certs/client-crl-dist.der"; + + ExpectTrue((f = XFOPEN(cliCertDerCrlDistPoint, "rb")) != XBADFILE); + ExpectIntGT((bytes = (int)XFREAD(buf, 1, sizeof(buf), f)), 0); + if (f != XBADFILE) + XFCLOSE(f); + + bufPt = buf; + ExpectNotNull(x509 = d2i_X509(NULL, &bufPt, bytes)); + + ExpectNotNull(dps = (STACK_OF(DIST_POINT)*)X509_get_ext_d2i(x509, + NID_crl_distribution_points, NULL, NULL)); + + ExpectIntEQ(sk_DIST_POINT_num(dps), 1); + for (i = 0; i < sk_DIST_POINT_num(dps); i++) { + ExpectNotNull(dp = sk_DIST_POINT_value(dps, i)); + ExpectNotNull(dpn = dp->distpoint); + + /* this should be type 0, fullname */ + ExpectIntEQ(dpn->type, 0); + + ExpectNotNull(gns = dp->distpoint->name.fullname); + ExpectIntEQ(sk_GENERAL_NAME_num(gns), 1); + + for (j = 0; j < sk_GENERAL_NAME_num(gns); j++) { + ExpectNotNull(gn = sk_GENERAL_NAME_value(gns, j)); + ExpectIntEQ(gn->type, GEN_URI); + ExpectNotNull(uri = gn->d.uniformResourceIdentifier); + ExpectNotNull(uri->data); + ExpectIntGT(uri->length, 0); + } + } + + ExpectNotNull(dp = wolfSSL_DIST_POINT_new()); + wolfSSL_DIST_POINT_free(NULL); + wolfSSL_DIST_POINTS_free(NULL); + wolfSSL_sk_DIST_POINT_free(NULL); + ExpectIntEQ(wolfSSL_sk_DIST_POINT_push(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_sk_DIST_POINT_push(dps, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_sk_DIST_POINT_push(NULL, dp), WOLFSSL_FAILURE); + ExpectNull(wolfSSL_sk_DIST_POINT_value(NULL, 0)); + ExpectIntEQ(wolfSSL_sk_DIST_POINT_num(NULL), WOLFSSL_FATAL_ERROR); + wolfSSL_DIST_POINT_free(dp); + + X509_free(x509); + CRL_DIST_POINTS_free(dps); + +#endif + return EXPECT_RESULT(); +} + + + +static int test_wolfSSL_verify_mode(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && !defined(NO_TLS) && (defined(OPENSSL_ALL) || \ + defined(HAVE_STUNNEL) || defined(WOLFSSL_MYSQL_COMPATIBLE) || \ + defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY)) + WOLFSSL* ssl = NULL; + WOLFSSL_CTX* ctx = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + + ExpectNotNull(ssl = SSL_new(ctx)); + ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx)); + SSL_free(ssl); + ssl = NULL; + + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); + ExpectNotNull(ssl = SSL_new(ctx)); + ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx)); + ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER); + + wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0); + ExpectIntEQ(SSL_CTX_get_verify_mode(ctx), SSL_VERIFY_PEER); + ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE); + + SSL_free(ssl); + ssl = NULL; + + wolfSSL_CTX_set_verify(ctx, + WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + ExpectNotNull(ssl = SSL_new(ctx)); + ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_CTX_get_verify_mode(ctx)); + ExpectIntEQ(SSL_get_verify_mode(ssl), + WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT); + + wolfSSL_set_verify(ssl, SSL_VERIFY_PEER, 0); + ExpectIntEQ(SSL_CTX_get_verify_mode(ctx), + WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT); + ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_PEER); + + wolfSSL_set_verify(ssl, SSL_VERIFY_NONE, 0); + ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_NONE); + + wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_IF_NO_PEER_CERT); + + wolfSSL_set_verify(ssl, SSL_VERIFY_FAIL_EXCEPT_PSK, 0); + ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_FAIL_EXCEPT_PSK); + +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + wolfSSL_set_verify(ssl, SSL_VERIFY_POST_HANDSHAKE, 0); + ExpectIntEQ(SSL_get_verify_mode(ssl), SSL_VERIFY_POST_HANDSHAKE); +#endif + + ExpectIntEQ(SSL_CTX_get_verify_mode(ctx), + WOLFSSL_VERIFY_PEER | WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT); + + SSL_free(ssl); + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_verify_depth(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_CLIENT) + WOLFSSL* ssl = NULL; + WOLFSSL_CTX* ctx = NULL; + long depth = 0; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectIntGT((depth = SSL_CTX_get_verify_depth(ctx)), 0); + + ExpectNotNull(ssl = SSL_new(ctx)); + ExpectIntEQ(SSL_get_verify_depth(ssl), SSL_CTX_get_verify_depth(ctx)); + SSL_free(ssl); + ssl = NULL; + + SSL_CTX_set_verify_depth(ctx, -1); + ExpectIntEQ(depth, SSL_CTX_get_verify_depth(ctx)); + + SSL_CTX_set_verify_depth(ctx, 2); + ExpectIntEQ(2, SSL_CTX_get_verify_depth(ctx)); + ExpectNotNull(ssl = SSL_new(ctx)); + ExpectIntEQ(2, SSL_get_verify_depth(ssl)); + + SSL_free(ssl); + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_verify_result(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(OPENSSL_ALL)) && !defined(NO_TLS) && !defined(NO_WOLFSSL_CLIENT) + WOLFSSL* ssl = NULL; + WOLFSSL_CTX* ctx = NULL; + long result = 0xDEADBEEF; + + ExpectIntEQ(WC_NO_ERR_TRACE(WOLFSSL_FAILURE), wolfSSL_get_verify_result(ssl)); + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = SSL_new(ctx)); + + wolfSSL_set_verify_result(ssl, result); + ExpectIntEQ(result, wolfSSL_get_verify_result(ssl)); + + SSL_free(ssl); + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_CLIENT) +static void sslMsgCb(int w, int version, int type, const void* buf, + size_t sz, SSL* ssl, void* arg) +{ + int i; + unsigned char* pt = (unsigned char*)buf; + + fprintf(stderr, "%s %d bytes of version %d , type %d : ", + (w)?"Writing":"Reading", (int)sz, version, type); + for (i = 0; i < (int)sz; i++) fprintf(stderr, "%02X", pt[i]); + fprintf(stderr, "\n"); + (void)ssl; + (void)arg; +} +#endif /* OPENSSL_EXTRA */ + +static int test_wolfSSL_msg_callback(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_TLS) && \ + !defined(NO_WOLFSSL_CLIENT) + WOLFSSL* ssl = NULL; + WOLFSSL_CTX* ctx = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectNotNull(ssl = SSL_new(ctx)); + ExpectIntEQ(SSL_set_msg_callback(ssl, NULL), SSL_SUCCESS); + ExpectIntEQ(SSL_set_msg_callback(ssl, &sslMsgCb), SSL_SUCCESS); + ExpectIntEQ(SSL_set_msg_callback(NULL, &sslMsgCb), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + SSL_free(ssl); + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +/* test_EVP_Cipher_extra, Extra-test on EVP_CipherUpdate/Final. see also test.c */ +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) &&\ + (!defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128)) +static void binary_dump(void *ptr, int size) +{ + #ifdef WOLFSSL_EVP_PRINT + int i = 0; + unsigned char *p = (unsigned char *) ptr; + + fprintf(stderr, "{"); + while ((p != NULL) && (i < size)) { + if ((i % 8) == 0) { + fprintf(stderr, "\n"); + fprintf(stderr, " "); + } + fprintf(stderr, "0x%02x, ", p[i]); + i++; + } + fprintf(stderr, "\n};\n"); + #else + (void) ptr; + (void) size; + #endif +} + +static int last_val = 0x0f; + +static int check_result(unsigned char *data, int len) +{ + int i; + + for ( ; len; ) { + last_val = (last_val + 1) % 16; + for (i = 0; i < 16; len--, i++, data++) + if (*data != last_val) { + return -1; + } + } + return 0; +} + +static int r_offset; +static int w_offset; + +static void init_offset(void) +{ + r_offset = 0; + w_offset = 0; +} +static void get_record(unsigned char *data, unsigned char *buf, int len) +{ + XMEMCPY(buf, data+r_offset, len); + r_offset += len; +} + +static void set_record(unsigned char *data, unsigned char *buf, int len) +{ + XMEMCPY(data+w_offset, buf, len); + w_offset += len; +} + +static void set_plain(unsigned char *plain, int rec) +{ + int i, j; + unsigned char *p = plain; + + #define BLOCKSZ 16 + + for (i=0; i<(rec/BLOCKSZ); i++) { + for (j=0; j 0 && keylen != klen) { + ExpectIntNE(EVP_CIPHER_CTX_set_key_length(evp, keylen), 0); + } + ilen = EVP_CIPHER_CTX_iv_length(evp); + if (ilen > 0 && ivlen != ilen) { + ExpectIntNE(EVP_CIPHER_CTX_set_iv_length(evp, ivlen), 0); + } + + ExpectIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0); + + for (j = 0; j 0) + set_record(cipher, outb, outl); + } + + for (i = 0; test_drive[i]; i++) { + last_val = 0x0f; + + ExpectIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 0)), 0); + + init_offset(); + + for (j = 0; test_drive[i][j]; j++) { + inl = test_drive[i][j]; + get_record(cipher, inb, inl); + + ExpectIntNE((ret = EVP_DecryptUpdate(evp, outb, &outl, inb, inl)), + 0); + + binary_dump(outb, outl); + ExpectIntEQ((ret = check_result(outb, outl)), 0); + ExpectFalse(outl > ((inl/16+1)*16) && outl > 16); + } + + ret = EVP_CipherFinal(evp, outb, &outl); + + binary_dump(outb, outl); + + ret = (((test_drive_len[i] % 16) != 0) && (ret == 0)) || + (((test_drive_len[i] % 16) == 0) && (ret == 1)); + ExpectTrue(ret); + } + + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(evp), WOLFSSL_SUCCESS); + + EVP_CIPHER_CTX_free(evp); + evp = NULL; + + /* Do an extra test to verify correct behavior with empty input. */ + + ExpectNotNull(evp = EVP_CIPHER_CTX_new()); + ExpectIntNE((ret = EVP_CipherInit(evp, type, NULL, iv, 0)), 0); + + ExpectIntEQ(EVP_CIPHER_CTX_nid(evp), NID_aes_128_cbc); + + klen = EVP_CIPHER_CTX_key_length(evp); + if (klen > 0 && keylen != klen) { + ExpectIntNE(EVP_CIPHER_CTX_set_key_length(evp, keylen), 0); + } + ilen = EVP_CIPHER_CTX_iv_length(evp); + if (ilen > 0 && ivlen != ilen) { + ExpectIntNE(EVP_CIPHER_CTX_set_iv_length(evp, ivlen), 0); + } + + ExpectIntNE((ret = EVP_CipherInit(evp, NULL, key, iv, 1)), 0); + + /* outl should be set to 0 after passing NULL, 0 for input args. */ + outl = -1; + ExpectIntNE((ret = EVP_CipherUpdate(evp, outb, &outl, NULL, 0)), 0); + ExpectIntEQ(outl, 0); + + EVP_CIPHER_CTX_free(evp); +#endif /* test_EVP_Cipher */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_get_serialNumber(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) + ASN1_INTEGER* a = NULL; + BIGNUM* bn = NULL; + X509* x509 = NULL; + X509* empty = NULL; + char *serialHex = NULL; + byte serial[3]; + int serialSz; + + ExpectNotNull(empty = wolfSSL_X509_new()); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM)); + ExpectNull(X509_get_serialNumber(NULL)); + ExpectNotNull(X509_get_serialNumber(empty)); + ExpectNotNull(a = X509_get_serialNumber(x509)); + + /* check on value of ASN1 Integer */ + ExpectNotNull(bn = ASN1_INTEGER_to_BN(a, NULL)); + a = NULL; + + /* test setting serial number and then retrieving it */ + ExpectNotNull(a = ASN1_INTEGER_new()); + ExpectIntEQ(ASN1_INTEGER_set(a, 3), 1); + ExpectIntEQ(X509_set_serialNumber(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(X509_set_serialNumber(x509, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(X509_set_serialNumber(NULL, a), WOLFSSL_FAILURE); + ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_get_serial_number(NULL, serial, &serialSz), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, NULL), + BAD_FUNC_ARG); + serialSz = 0; + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), + BUFFER_E); + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, NULL, &serialSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(serialSz, 1); + serialSz = sizeof(serial); + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(serialSz, 1); + ExpectIntEQ(serial[0], 3); + ASN1_INTEGER_free(a); + a = NULL; + + /* test setting serial number with 0's in it */ + serial[0] = 0x01; + serial[1] = 0x00; + serial[2] = 0x02; + + ExpectNotNull(a = wolfSSL_ASN1_INTEGER_new()); + if (a != NULL) { + a->data[0] = ASN_INTEGER; + a->data[1] = sizeof(serial); + XMEMCPY(&a->data[2], serial, sizeof(serial)); + a->length = sizeof(serial) + 2; + } + ExpectIntEQ(X509_set_serialNumber(x509, a), WOLFSSL_SUCCESS); + + XMEMSET(serial, 0, sizeof(serial)); + serialSz = sizeof(serial); + ExpectIntEQ(wolfSSL_X509_get_serial_number(x509, serial, &serialSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(serialSz, 3); + ExpectIntEQ(serial[0], 0x01); + ExpectIntEQ(serial[1], 0x00); + ExpectIntEQ(serial[2], 0x02); + ASN1_INTEGER_free(a); + a = NULL; + + X509_free(x509); /* free's a */ + X509_free(empty); + + ExpectNotNull(serialHex = BN_bn2hex(bn)); +#ifndef WC_DISABLE_RADIX_ZERO_PAD + ExpectStrEQ(serialHex, "01"); +#else + ExpectStrEQ(serialHex, "1"); +#endif + OPENSSL_free(serialHex); + ExpectIntEQ(BN_get_word(bn), 1); + BN_free(bn); + + /* hard test free'ing with dynamic buffer to make sure there is no leaks */ + ExpectNotNull(a = ASN1_INTEGER_new()); + if (a != NULL) { + ExpectNotNull(a->data = (unsigned char*)XMALLOC(100, NULL, + DYNAMIC_TYPE_OPENSSL)); + a->isDynamic = 1; + ASN1_INTEGER_free(a); + } +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_ext_get_critical_by_NID(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) + WOLFSSL_X509* x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(NULL, + WC_NID_basic_constraints), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_basic_constraints), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_subject_alt_name), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_authority_key_identifier), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_subject_key_identifier), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_key_usage), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_crl_distribution_points), 0); + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_ext_key_usage), 0); +#ifdef WOLFSSL_SEP + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_certificate_policies), 0); +#endif + ExpectIntEQ(wolfSSL_X509_ext_get_critical_by_NID(x509, + WC_NID_info_access), 0); + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_CRL_distribution_points(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) + WOLFSSL_X509* x509 = NULL; + const char* file = "./certs/client-crl-dist.pem"; + + ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(NULL, + WC_NID_crl_distribution_points), 0); + + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509, + WC_NID_crl_distribution_points), 0); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(file, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509, + WC_NID_crl_distribution_points), 1); + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_SEP(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(WOLFSSL_SEP) + WOLFSSL_X509* x509 = NULL; +#if 0 + byte* out; +#endif + int outSz; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + + outSz = 0; + ExpectNull(wolfSSL_X509_get_device_type(NULL, NULL, NULL)); + ExpectNull(wolfSSL_X509_get_device_type(x509, NULL, NULL)); + ExpectNull(wolfSSL_X509_get_device_type(NULL, NULL, &outSz)); + ExpectNull(wolfSSL_X509_get_device_type(x509, NULL, &outSz)); + + outSz = 0; + ExpectNull(wolfSSL_X509_get_hw_type(NULL, NULL, NULL)); + ExpectNull(wolfSSL_X509_get_hw_type(x509, NULL, NULL)); + ExpectNull(wolfSSL_X509_get_hw_type(NULL, NULL, &outSz)); + ExpectNull(wolfSSL_X509_get_hw_type(x509, NULL, &outSz)); + + outSz = 0; + ExpectNull(wolfSSL_X509_get_hw_serial_number(NULL, NULL, NULL)); + ExpectNull(wolfSSL_X509_get_hw_serial_number(x509, NULL, NULL)); + ExpectNull(wolfSSL_X509_get_hw_serial_number(NULL, NULL, &outSz)); + ExpectNull(wolfSSL_X509_get_hw_serial_number(x509, NULL, &outSz)); + + ExpectIntEQ(wolfSSL_X509_ext_isSet_by_NID(x509, + WC_NID_certificate_policies), 0); + + wolfSSL_X509_free(x509); + x509 = NULL; + +#if 0 + /* Use certificate with the extension here. */ + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM)); + + outSz = 0; + ExpectNotNull(out = wolfSSL_X509_get_device_type(x509, NULL, &outSz)); + ExpectIntGT(outSz, 0); + XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL); + + outSz = 0; + ExpectNotNull(out = wolfSSL_X509_get_hw_type(x509, NULL, &outSz)); + ExpectIntGT(outSz, 0); + XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL); + + outSz = 0; + ExpectNotNull(out = wolfSSL_X509_get_hw_serial_number(x509, NULL, &outSz)); + ExpectIntGT(outSz, 0); + XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL); + + wolfSSL_X509_free(x509); +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_OpenSSL_add_all_algorithms(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + ExpectIntEQ(wolfSSL_add_all_algorithms(), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_OpenSSL_add_all_algorithms_noconf(), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_OpenSSL_add_all_algorithms_conf(), WOLFSSL_SUCCESS); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_OPENSSL_hexstr2buf(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + #define MAX_HEXSTR_BUFSZ 9 + #define NUM_CASES 5 + struct Output { + const unsigned char buffer[MAX_HEXSTR_BUFSZ]; + long ret; + }; + int i; + int j; + + const char* inputs[NUM_CASES] = { + "aabcd1357e", + "01:12:23:34:a5:b6:c7:d8:e9", + ":01:02", + "012", + ":ab:ac:d" + }; + struct Output expectedOutputs[NUM_CASES] = { + {{0xaa, 0xbc, 0xd1, 0x35, 0x7e}, 5}, + {{0x01, 0x12, 0x23, 0x34, 0xa5, 0xb6, 0xc7, 0xd8, 0xe9}, 9}, + {{0x01, 0x02}, 2}, + {{0x00}, 0}, + {{0x00}, 0} + }; + long len = 0; + unsigned char* returnedBuf = NULL; + + for (i = 0; i < NUM_CASES && !EXPECT_FAIL(); ++i) { + returnedBuf = wolfSSL_OPENSSL_hexstr2buf(inputs[i], &len); + if (returnedBuf == NULL) { + ExpectIntEQ(expectedOutputs[i].ret, 0); + continue; + } + + ExpectIntEQ(expectedOutputs[i].ret, len); + + for (j = 0; j < len; ++j) { + ExpectIntEQ(expectedOutputs[i].buffer[j], returnedBuf[j]); + } + OPENSSL_free(returnedBuf); + } +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_CA_num(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_FILESYSTEM) && \ + defined(HAVE_ECC) && !defined(NO_RSA) + WOLFSSL_X509_STORE *store = NULL; + WOLFSSL_X509 *x509_1 = NULL; + WOLFSSL_X509 *x509_2 = NULL; + int ca_num = 0; + + ExpectNotNull(store = wolfSSL_X509_STORE_new()); + ExpectNotNull(x509_1 = wolfSSL_X509_load_certificate_file(svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, x509_1), 1); + ExpectIntEQ(ca_num = wolfSSL_X509_CA_num(store), 1); + + ExpectNotNull(x509_2 = wolfSSL_X509_load_certificate_file(eccCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(store, x509_2), 1); + ExpectIntEQ(ca_num = wolfSSL_X509_CA_num(store), 2); + + wolfSSL_X509_free(x509_1); + wolfSSL_X509_free(x509_2); + wolfSSL_X509_STORE_free(store); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_check_ca(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + WOLFSSL_X509 *x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_X509_check_ca(NULL), 0); + ExpectIntEQ(wolfSSL_X509_check_ca(x509), 1); + wolfSSL_X509_free(x509); + + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(wolfSSL_X509_check_ca(x509), 0); + if (x509 != NULL) { + x509->extKeyUsageCrit = 1; + } + ExpectIntEQ(wolfSSL_X509_check_ca(x509), 4); + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_check_ip_asc(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) + WOLFSSL_X509 *x509 = NULL; + WOLFSSL_X509 *empty = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(empty = wolfSSL_X509_new()); + +#if 0 + /* TODO: add cert gen for testing positive case */ + ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "127.0.0.1", 0), 1); +#endif + ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, "0.0.0.0", 0), 0); + ExpectIntEQ(wolfSSL_X509_check_ip_asc(x509, NULL, 0), 0); + ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, NULL, 0), 0); + ExpectIntEQ(wolfSSL_X509_check_ip_asc(NULL, "0.0.0.0", 0), 0); + ExpectIntEQ(wolfSSL_X509_check_ip_asc(empty, "127.128.0.255", 0), 0); + + wolfSSL_X509_free(empty); + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_make_cert(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && !defined(NO_ASN_TIME) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_EXT) + int ret = 0; + Cert cert; + CertName name; + RsaKey key; + WC_RNG rng; + byte der[FOURK_BUF]; + word32 idx = 0; + const byte mySerial[8] = {1,2,3,4,5,6,7,8}; + +#ifdef OPENSSL_EXTRA + const unsigned char* pt = NULL; + int certSz = 0; + X509* x509 = NULL; + X509_NAME* x509name = NULL; + X509_NAME_ENTRY* entry = NULL; + ASN1_STRING* entryValue = NULL; +#endif + + XMEMSET(&name, 0, sizeof(CertName)); + + /* set up cert name */ + XMEMCPY(name.country, "US", sizeof("US")); + name.countryEnc = CTC_PRINTABLE; + XMEMCPY(name.state, "Oregon", sizeof("Oregon")); + name.stateEnc = CTC_UTF8; + XMEMCPY(name.locality, "Portland", sizeof("Portland")); + name.localityEnc = CTC_UTF8; + XMEMCPY(name.sur, "Test", sizeof("Test")); + name.surEnc = CTC_UTF8; + XMEMCPY(name.org, "wolfSSL", sizeof("wolfSSL")); + name.orgEnc = CTC_UTF8; + XMEMCPY(name.unit, "Development", sizeof("Development")); + name.unitEnc = CTC_UTF8; + XMEMCPY(name.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com")); + name.commonNameEnc = CTC_UTF8; + XMEMCPY(name.serialDev, "wolfSSL12345", sizeof("wolfSSL12345")); + name.serialDevEnc = CTC_PRINTABLE; + XMEMCPY(name.userId, "TestUserID", sizeof("TestUserID")); + name.userIdEnc = CTC_PRINTABLE; +#ifdef WOLFSSL_MULTI_ATTRIB + #if CTC_MAX_ATTRIB > 2 + { + NameAttrib* n; + n = &name.name[0]; + n->id = ASN_DOMAIN_COMPONENT; + n->type = CTC_UTF8; + n->sz = sizeof("com"); + XMEMCPY(n->value, "com", sizeof("com")); + + n = &name.name[1]; + n->id = ASN_DOMAIN_COMPONENT; + n->type = CTC_UTF8; + n->sz = sizeof("wolfssl"); + XMEMCPY(n->value, "wolfssl", sizeof("wolfssl")); + } + #endif +#endif /* WOLFSSL_MULTI_ATTRIB */ + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); +#ifndef HAVE_FIPS + ExpectIntEQ(wc_InitRng_ex(&rng, HEAP_HINT, testDevId), 0); +#else + ExpectIntEQ(wc_InitRng(&rng), 0); +#endif + + /* load test RSA key */ + idx = 0; +#if defined(USE_CERT_BUFFERS_1024) + ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_1024, &idx, &key, + sizeof_server_key_der_1024), 0); +#elif defined(USE_CERT_BUFFERS_2048) + ExpectIntEQ(wc_RsaPrivateKeyDecode(server_key_der_2048, &idx, &key, + sizeof_server_key_der_2048), 0); +#else + /* error case, no RSA key loaded, happens later */ + (void)idx; +#endif + + XMEMSET(&cert, 0 , sizeof(Cert)); + ExpectIntEQ(wc_InitCert(&cert), 0); + + XMEMCPY(&cert.subject, &name, sizeof(CertName)); + XMEMCPY(cert.serial, mySerial, sizeof(mySerial)); + cert.serialSz = (int)sizeof(mySerial); + cert.isCA = 1; +#ifndef NO_SHA256 + cert.sigType = CTC_SHA256wRSA; +#else + cert.sigType = CTC_SHAwRSA; +#endif + + /* add SKID from the Public Key */ + ExpectIntEQ(wc_SetSubjectKeyIdFromPublicKey(&cert, &key, NULL), 0); + + /* add AKID from the Public Key */ + ExpectIntEQ(wc_SetAuthKeyIdFromPublicKey(&cert, &key, NULL), 0); + + ret = 0; + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_MakeSelfCert(&cert, der, FOURK_BUF, &key, &rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + ExpectIntGT(ret, 0); + +#ifdef OPENSSL_EXTRA + /* der holds a certificate with DC's now check X509 parsing of it */ + certSz = ret; + pt = der; + ExpectNotNull(x509 = d2i_X509(NULL, &pt, certSz)); + ExpectNotNull(x509name = X509_get_subject_name(x509)); +#ifdef WOLFSSL_MULTI_ATTRIB + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, + -1)), 5); + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, + (int)idx)), 6); + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, + (int)idx)), -1); +#endif /* WOLFSSL_MULTI_ATTRIB */ + + /* compare DN at index 0 */ + ExpectNotNull(entry = X509_NAME_get_entry(x509name, 0)); + ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); + ExpectIntEQ(ASN1_STRING_length(entryValue), 2); + ExpectStrEQ((const char*)ASN1_STRING_data(entryValue), "US"); + +#ifndef WOLFSSL_MULTI_ATTRIB + /* compare Serial Number */ + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_serialNumber, + -1)), 7); + ExpectNotNull(entry = X509_NAME_get_entry(x509name, idx)); + ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); + ExpectIntEQ(ASN1_STRING_length(entryValue), XSTRLEN("wolfSSL12345")); + ExpectStrEQ((const char*)ASN1_STRING_data(entryValue), "wolfSSL12345"); +#endif + +#ifdef WOLFSSL_MULTI_ATTRIB + /* get first and second DC and compare result */ + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, + -1)), 5); + ExpectNotNull(entry = X509_NAME_get_entry(x509name, (int)idx)); + ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); + ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "com"); + + ExpectIntEQ((idx = X509_NAME_get_index_by_NID(x509name, NID_domainComponent, + (int)idx)), 6); + ExpectNotNull(entry = X509_NAME_get_entry(x509name, (int)idx)); + ExpectNotNull(entryValue = X509_NAME_ENTRY_get_data(entry)); + ExpectStrEQ((const char *)ASN1_STRING_data(entryValue), "wolfssl"); +#endif /* WOLFSSL_MULTI_ATTRIB */ + + ExpectNull(X509_NAME_get_entry(NULL, 0)); + /* try invalid index locations for regression test and sanity check */ + ExpectNull(X509_NAME_get_entry(x509name, 11)); + ExpectNull(X509_NAME_get_entry(x509name, 20)); + + X509_free(x509); +#endif /* OPENSSL_EXTRA */ + + wc_FreeRsaKey(&key); + wc_FreeRng(&rng); +#endif + return EXPECT_RESULT(); +} + +static int test_x509_get_key_id(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509 *x509 = NULL; + const ASN1_STRING* str = NULL; + byte* keyId = NULL; + byte keyIdData[32]; + int len; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + len = (int)sizeof(keyIdData); + ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL)); + ExpectNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len)); + ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL)); + ExpectNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len)); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectNotNull(x509 = X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + + ExpectNotNull(str = X509_get0_subject_key_id(x509)); + ExpectNull(wolfSSL_X509_get_subjectKeyID(NULL, NULL, NULL)); + ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, NULL)); + ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), + ASN1_STRING_length(str)); + ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, keyIdData, NULL)); + ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), + ASN1_STRING_length(str)); + len = (int)sizeof(keyIdData); + ExpectNotNull(keyId = wolfSSL_X509_get_subjectKeyID(x509, NULL, &len)); + ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), + ASN1_STRING_length(str)); + ExpectNotNull(wolfSSL_X509_get_subjectKeyID(x509, keyIdData, &len)); + ExpectIntEQ(len, ASN1_STRING_length(str)); + ExpectBufEQ(keyIdData, ASN1_STRING_data((ASN1_STRING*)str), + ASN1_STRING_length(str)); + ExpectBufEQ(keyId, ASN1_STRING_data((ASN1_STRING*)str), + ASN1_STRING_length(str)); + + ExpectNull(wolfSSL_X509_get_authorityKeyID(NULL, NULL, NULL)); + ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, NULL)); + ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, NULL)); + len = (int)sizeof(keyIdData); + ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, NULL, &len)); + ExpectNotNull(wolfSSL_X509_get_authorityKeyID(x509, keyIdData, &len)); + ExpectIntEQ(len, 20); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_X509_get_version(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + WOLFSSL_X509 *x509 = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ((int)wolfSSL_X509_get_version(x509), 2); + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_ALL) +static int test_wolfSSL_sk_CIPHER_description(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && !defined(NO_TLS) + const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION; + int i; + int numCiphers = 0; + const SSL_METHOD *method = NULL; + const SSL_CIPHER *cipher = NULL; + STACK_OF(SSL_CIPHER) *supportedCiphers = NULL; + SSL_CTX *ctx = NULL; + SSL *ssl = NULL; + char buf[256]; + char test_str[9] = "0000000"; + const char badStr[] = "unknown"; + const char certPath[] = "./certs/client-cert.pem"; + XMEMSET(buf, 0, sizeof(buf)); + + ExpectNotNull(method = TLSv1_2_client_method()); + ExpectNotNull(ctx = SSL_CTX_new(method)); + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); + SSL_CTX_set_verify_depth(ctx, 4); + SSL_CTX_set_options(ctx, flags); + ExpectIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL), + WOLFSSL_SUCCESS); + + ExpectNotNull(ssl = SSL_new(ctx)); + /* SSL_get_ciphers returns a stack of all configured ciphers + * A flag, getCipherAtOffset, is set to later have SSL_CIPHER_description + */ + ExpectNotNull(supportedCiphers = SSL_get_ciphers(ssl)); + + /* loop through the amount of supportedCiphers */ + numCiphers = sk_num(supportedCiphers); + for (i = 0; i < numCiphers; ++i) { + int j; + /* sk_value increments "sk->data.cipher->cipherOffset". + * wolfSSL_sk_CIPHER_description sets the description for + * the cipher based on the provided offset. + */ + if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) { + SSL_CIPHER_description(cipher, buf, sizeof(buf)); + } + + /* Search cipher description string for "unknown" descriptor */ + for (j = 0; j < (int)XSTRLEN(buf); j++) { + int k = 0; + while ((k < (int)XSTRLEN(badStr)) && (buf[j] == badStr[k])) { + test_str[k] = badStr[k]; + j++; + k++; + } + } + /* Fail if test_str == badStr == "unknown" */ + ExpectStrNE(test_str,badStr); + } + SSL_free(ssl); + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_get_ciphers_compat(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && !defined(NO_TLS) + const SSL_METHOD *method = NULL; + const char certPath[] = "./certs/client-cert.pem"; + STACK_OF(SSL_CIPHER) *supportedCiphers = NULL; + SSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + const long flags = SSL_OP_NO_SSLv2 | SSL_OP_NO_COMPRESSION; + + ExpectNotNull(method = SSLv23_client_method()); + ExpectNotNull(ctx = SSL_CTX_new(method)); + SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, 0); + SSL_CTX_set_verify_depth(ctx, 4); + SSL_CTX_set_options(ctx, flags); + ExpectIntEQ(SSL_CTX_load_verify_locations(ctx, certPath, NULL), + WOLFSSL_SUCCESS); + + ExpectNotNull(ssl = SSL_new(ctx)); + + /* Test Bad NULL input */ + ExpectNull(supportedCiphers = SSL_get_ciphers(NULL)); + /* Test for Good input */ + ExpectNotNull(supportedCiphers = SSL_get_ciphers(ssl)); + /* Further usage of SSL_get_ciphers/wolfSSL_get_ciphers_compat is + * tested in test_wolfSSL_sk_CIPHER_description according to Qt usage */ + + SSL_free(ssl); + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_PUBKEY_get(void) +{ + EXPECT_DECLS; + WOLFSSL_X509_PUBKEY pubkey; + WOLFSSL_X509_PUBKEY* key; + WOLFSSL_EVP_PKEY evpkey ; + WOLFSSL_EVP_PKEY* evpPkey; + WOLFSSL_EVP_PKEY* retEvpPkey; + + XMEMSET(&pubkey, 0, sizeof(WOLFSSL_X509_PUBKEY)); + XMEMSET(&evpkey, 0, sizeof(WOLFSSL_EVP_PKEY)); + + key = &pubkey; + evpPkey = &evpkey; + + evpPkey->type = WOLFSSL_SUCCESS; + key->pkey = evpPkey; + + ExpectNotNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key)); + ExpectIntEQ(retEvpPkey->type, WOLFSSL_SUCCESS); + + ExpectNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(NULL)); + + key->pkey = NULL; + ExpectNull(retEvpPkey = wolfSSL_X509_PUBKEY_get(key)); + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_set_pubkey(void) +{ + EXPECT_DECLS; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + +#if !defined(NO_RSA) + { + WOLFSSL_RSA* rsa = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + if (pkey != NULL) { + pkey->type = WC_EVP_PKEY_RSA; + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); + ExpectNotNull(rsa = wolfSSL_RSA_new()); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_RSA, rsa), + WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_RSA_free(rsa); + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif +#if !defined(HAVE_SELFTEST) && (defined(WOLFSSL_KEY_GEN) || \ + defined(WOLFSSL_CERT_GEN)) && !defined(NO_DSA) + { + WOLFSSL_DSA* dsa = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + if (pkey != NULL) { + pkey->type = WC_EVP_PKEY_DSA; + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); + ExpectNotNull(dsa = wolfSSL_DSA_new()); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_DSA, dsa), + WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_DSA_free(dsa); + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif +#if defined(HAVE_ECC) + { + WOLFSSL_EC_KEY* ec = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + if (pkey != NULL) { + pkey->type = WC_EVP_PKEY_EC; + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); + ExpectNotNull(ec = wolfSSL_EC_KEY_new()); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ec), 1); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, EVP_PKEY_EC, ec), + WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_EC_KEY_free(ec); + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_SUCCESS); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; + } +#endif +#if !defined(NO_DH) + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + if (pkey != NULL) { + pkey->type = WC_EVP_PKEY_DH; + } + ExpectIntEQ(wolfSSL_X509_set_pubkey(x509, pkey), WOLFSSL_FAILURE); + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif + + wolfSSL_X509_free(x509); + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_PKEY_set1_get1_DSA(void) +{ + EXPECT_DECLS; +#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) + DSA *dsa = NULL; + DSA *setDsa = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY *set1Pkey = NULL; + + SHA_CTX sha; + byte signature[DSA_SIG_SIZE]; + byte hash[WC_SHA_DIGEST_SIZE]; + word32 bytes; + int answer; +#ifdef USE_CERT_BUFFERS_1024 + const unsigned char* dsaKeyDer = dsa_key_der_1024; + int dsaKeySz = sizeof_dsa_key_der_1024; + byte tmp[ONEK_BUF]; + + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsaKeyDer , dsaKeySz); + bytes = dsaKeySz; +#elif defined(USE_CERT_BUFFERS_2048) + const unsigned char* dsaKeyDer = dsa_key_der_2048; + int dsaKeySz = sizeof_dsa_key_der_2048; + byte tmp[TWOK_BUF]; + + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsaKeyDer , dsaKeySz); + bytes = (word32)dsaKeySz; +#else + byte tmp[TWOK_BUF]; + const unsigned char* dsaKeyDer = (const unsigned char*)tmp; + int dsaKeySz; + XFILE fp = XBADFILE; + + XMEMSET(tmp, 0, sizeof(tmp)); + ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE); + ExpectIntGT(dsaKeySz = bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp), 0); + if (fp != XBADFILE) + XFCLOSE(fp); +#endif /* END USE_CERT_BUFFERS_1024 */ + + /* Create hash to later Sign and Verify */ + ExpectIntEQ(SHA1_Init(&sha), WOLFSSL_SUCCESS); + ExpectIntEQ(SHA1_Update(&sha, tmp, bytes), WOLFSSL_SUCCESS); + ExpectIntEQ(SHA1_Final(hash,&sha), WOLFSSL_SUCCESS); + + /* Initialize pkey with der format dsa key */ + ExpectNotNull(d2i_PrivateKey(EVP_PKEY_DSA, &pkey, &dsaKeyDer, + (long)dsaKeySz)); + + /* Test wolfSSL_EVP_PKEY_get1_DSA */ + /* Should Fail: NULL argument */ + ExpectNull(dsa = EVP_PKEY_get0_DSA(NULL)); + ExpectNull(dsa = EVP_PKEY_get1_DSA(NULL)); + /* Should Pass: Initialized pkey argument */ + ExpectNotNull(dsa = EVP_PKEY_get0_DSA(pkey)); + ExpectNotNull(dsa = EVP_PKEY_get1_DSA(pkey)); + +#ifdef USE_CERT_BUFFERS_1024 + ExpectIntEQ(DSA_bits(dsa), 1024); +#else + ExpectIntEQ(DSA_bits(dsa), 2048); +#endif + + /* Sign */ + ExpectIntEQ(wolfSSL_DSA_do_sign(hash, signature, dsa), WOLFSSL_SUCCESS); + /* Verify. */ + ExpectIntEQ(wolfSSL_DSA_do_verify(hash, signature, dsa, &answer), + WOLFSSL_SUCCESS); + + /* Test wolfSSL_EVP_PKEY_set1_DSA */ + /* Should Fail: set1Pkey not initialized */ + ExpectIntNE(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); + + /* Initialize set1Pkey */ + set1Pkey = EVP_PKEY_new(); + + /* Should Fail Verify: setDsa not initialized from set1Pkey */ + ExpectIntNE(wolfSSL_DSA_do_verify(hash,signature,setDsa,&answer), + WOLFSSL_SUCCESS); + + /* Should Pass: set dsa into set1Pkey */ + ExpectIntEQ(EVP_PKEY_set1_DSA(set1Pkey, dsa), WOLFSSL_SUCCESS); + + DSA_free(dsa); + DSA_free(setDsa); + EVP_PKEY_free(pkey); + EVP_PKEY_free(set1Pkey); +#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ + return EXPECT_RESULT(); +} /* END test_EVP_PKEY_set1_get1_DSA */ + +static int test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY (void) +{ + EXPECT_DECLS; +#ifdef HAVE_ECC + WOLFSSL_EC_KEY* ecKey = NULL; + WOLFSSL_EC_KEY* ecGet1 = NULL; + EVP_PKEY* pkey = NULL; + + ExpectNotNull(ecKey = wolfSSL_EC_KEY_new()); + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + + /* Test wolfSSL_EVP_PKEY_set1_EC_KEY */ + ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(NULL, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Should fail since ecKey is empty */ + ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); + ExpectIntEQ(wolfSSL_EVP_PKEY_set1_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); + + /* Test wolfSSL_EVP_PKEY_get1_EC_KEY */ + ExpectNull(wolfSSL_EVP_PKEY_get1_EC_KEY(NULL)); + ExpectNotNull(ecGet1 = wolfSSL_EVP_PKEY_get1_EC_KEY(pkey)); + + wolfSSL_EC_KEY_free(ecKey); + wolfSSL_EC_KEY_free(ecGet1); + EVP_PKEY_free(pkey); +#endif /* HAVE_ECC */ + return EXPECT_RESULT(); +} /* END test_EVP_PKEY_set1_get1_EC_KEY */ + +static int test_wolfSSL_EVP_PKEY_set1_get1_DH (void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) +#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) + DH *dh = NULL; + DH *setDh = NULL; + EVP_PKEY *pkey = NULL; + + XFILE f = XBADFILE; + unsigned char buf[4096]; + const unsigned char* pt = buf; + const char* dh2048 = "./certs/dh2048.der"; + long len = 0; + int code = -1; + + XMEMSET(buf, 0, sizeof(buf)); + + ExpectTrue((f = XFOPEN(dh2048, "rb")) != XBADFILE); + ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0); + if (f != XBADFILE) + XFCLOSE(f); + + /* Load dh2048.der into DH with internal format */ + ExpectNotNull(setDh = wolfSSL_d2i_DHparams(NULL, &pt, len)); + + ExpectIntEQ(wolfSSL_DH_check(setDh, &code), WOLFSSL_SUCCESS); + ExpectIntEQ(code, 0); + code = -1; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + + /* Set DH into PKEY */ + ExpectIntEQ(wolfSSL_EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS); + + /* Get DH from PKEY */ + ExpectNotNull(dh = wolfSSL_EVP_PKEY_get1_DH(pkey)); + + ExpectIntEQ(wolfSSL_DH_check(dh, &code), WOLFSSL_SUCCESS); + ExpectIntEQ(code, 0); + + EVP_PKEY_free(pkey); + DH_free(setDh); + setDh = NULL; + DH_free(dh); + dh = NULL; +#endif /* !NO_DH && WOLFSSL_DH_EXTRA && !NO_FILESYSTEM */ +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */ + return EXPECT_RESULT(); +} /* END test_EVP_PKEY_set1_get1_DH */ + +static int test_wolfSSL_CTX_ctrl(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER) + char caFile[] = "./certs/client-ca.pem"; + char clientFile[] = "./certs/client-cert.pem"; + SSL_CTX* ctx = NULL; + X509* x509 = NULL; +#if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO) + byte buf[6000]; + char file[] = "./certs/dsaparams.pem"; + XFILE f = XBADFILE; + int bytes = 0; + BIO* bio = NULL; + DSA* dsa = NULL; + DH* dh = NULL; +#endif +#ifdef HAVE_ECC + WOLFSSL_EC_KEY* ecKey = NULL; +#endif + + ExpectNotNull(ctx = SSL_CTX_new(wolfSSLv23_server_method())); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(caFile, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ((int)SSL_CTX_add_extra_chain_cert(ctx, x509), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_X509_free(x509); + } + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(clientFile, + WOLFSSL_FILETYPE_PEM)); + +#if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO) + /* Initialize DH */ + ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); + + ExpectNotNull(dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL)); + + ExpectNotNull(dh = wolfSSL_DSA_dup_DH(dsa)); +#endif +#ifdef HAVE_ECC + /* Initialize WOLFSSL_EC_KEY */ + ExpectNotNull(ecKey = wolfSSL_EC_KEY_new()); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); +#endif + + /* additional test of getting EVP_PKEY key size from X509 + * Do not run with user RSA because wolfSSL_RSA_size is not currently + * allowed with user RSA */ + { + EVP_PKEY* pkey = NULL; +#if defined(HAVE_ECC) + X509* ecX509 = NULL; +#endif /* HAVE_ECC */ + + ExpectNotNull(pkey = X509_get_pubkey(x509)); + /* current RSA key is 2048 bit (256 bytes) */ + ExpectIntEQ(EVP_PKEY_size(pkey), 256); + + EVP_PKEY_free(pkey); + pkey = NULL; + +#if defined(HAVE_ECC) +#if defined(USE_CERT_BUFFERS_256) + ExpectNotNull(ecX509 = wolfSSL_X509_load_certificate_buffer( + cliecc_cert_der_256, sizeof_cliecc_cert_der_256, + SSL_FILETYPE_ASN1)); +#else + ExpectNotNull(ecX509 = wolfSSL_X509_load_certificate_file( + cliEccCertFile, SSL_FILETYPE_PEM)); +#endif + ExpectNotNull(pkey = X509_get_pubkey(ecX509)); + /* current ECC key is 256 bit (32 bytes) */ + ExpectIntGE(EVP_PKEY_size(pkey), 72); + + X509_free(ecX509); + EVP_PKEY_free(pkey); +#endif /* HAVE_ECC */ + } + + /* Tests should fail with passed in NULL pointer */ + ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#if !defined(NO_DH) && !defined(NO_DSA) + ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif +#ifdef HAVE_ECC + ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + + /* Test with SSL_CTRL_EXTRA_CHAIN_CERT + * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_add_extra_chain_cert + */ + ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_EXTRA_CHAIN_CERT, 0, x509), + SSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_X509_free(x509); + } + + /* Test with SSL_CTRL_OPTIONS + * wolfSSL_CTX_ctrl should succesffuly call SSL_CTX_set_options + */ + ExpectTrue(wolfSSL_CTX_ctrl(ctx, SSL_CTRL_OPTIONS, SSL_OP_NO_TLSv1, + NULL) == SSL_OP_NO_TLSv1); + ExpectTrue(SSL_CTX_get_options(ctx) == SSL_OP_NO_TLSv1); + + /* Test with SSL_CTRL_SET_TMP_DH + * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_dh + */ +#if !defined(NO_DH) && !defined(NO_DSA) && !defined(NO_BIO) + ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_DH, 0, dh), + SSL_SUCCESS); +#endif + + /* Test with SSL_CTRL_SET_TMP_ECDH + * wolfSSL_CTX_ctrl should succesffuly call wolfSSL_SSL_CTX_set_tmp_ecdh + */ +#ifdef HAVE_ECC + ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_TMP_ECDH, 0, ecKey), + SSL_SUCCESS); +#endif + +#ifdef WOLFSSL_ENCRYPTED_KEYS + ExpectNull(SSL_CTX_get_default_passwd_cb(ctx)); + ExpectNull(SSL_CTX_get_default_passwd_cb_userdata(ctx)); +#endif + + /* Test for min/max proto */ +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, + 0, NULL), SSL_SUCCESS); + ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MIN_PROTO_VERSION, + TLS1_2_VERSION, NULL), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION); +#endif +#ifdef WOLFSSL_TLS13 + ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, + 0, NULL), SSL_SUCCESS); + + ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, + TLS1_3_VERSION, NULL), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_get_max_proto_version(ctx), TLS1_3_VERSION); +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ((int)wolfSSL_CTX_ctrl(ctx, SSL_CTRL_SET_MAX_PROTO_VERSION, + TLS1_2_VERSION, NULL), SSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_get_max_proto_version(ctx), TLS1_2_VERSION); +#endif +#endif + /* Cleanup and Pass */ +#if !defined(NO_DH) && !defined(NO_DSA) +#ifndef NO_BIO + BIO_free(bio); + DSA_free(dsa); + DH_free(dh); + dh = NULL; +#endif +#endif +#ifdef HAVE_ECC + wolfSSL_EC_KEY_free(ecKey); +#endif + SSL_CTX_free(ctx); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + * !defined(NO_FILESYSTEM) && !defined(NO_RSA) */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_PKEY_assign(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) || !defined(NO_DSA) || defined(HAVE_ECC) + int type; + WOLFSSL_EVP_PKEY* pkey = NULL; +#ifndef NO_RSA + WOLFSSL_RSA* rsa = NULL; +#endif +#ifndef NO_DSA + WOLFSSL_DSA* dsa = NULL; +#endif +#ifdef HAVE_ECC + WOLFSSL_EC_KEY* ecKey = NULL; +#endif + +#ifndef NO_RSA + type = EVP_PKEY_RSA; + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(rsa = wolfSSL_RSA_new()); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, rsa), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_RSA_free(rsa); + } + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif /* NO_RSA */ + +#ifndef NO_DSA + type = EVP_PKEY_DSA; + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(dsa = wolfSSL_DSA_new()); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, dsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, dsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, dsa), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_DSA_free(dsa); + } + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif /* NO_DSA */ + +#ifdef HAVE_ECC + type = EVP_PKEY_EC; + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(ecKey = wolfSSL_EC_KEY_new()); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(NULL, type, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, -1, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign(pkey, type, ecKey), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_EC_KEY_free(ecKey); + } + wolfSSL_EVP_PKEY_free(pkey); + pkey = NULL; +#endif /* HAVE_ECC */ +#endif /* !NO_RSA || !NO_DSA || HAVE_ECC */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_PKEY_assign_DH(void) +{ + EXPECT_DECLS; +#if !defined(NO_DH) && \ + !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + XFILE f = XBADFILE; + unsigned char buf[4096]; + const unsigned char* pt = buf; + const char* params1 = "./certs/dh2048.der"; + long len = 0; + WOLFSSL_DH* dh = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + XMEMSET(buf, 0, sizeof(buf)); + + /* Load DH parameters DER. */ + ExpectTrue((f = XFOPEN(params1, "rb")) != XBADFILE); + ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); + ExpectIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS); + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + + /* Bad cases */ + ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, dh), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Good case */ + ExpectIntEQ(wolfSSL_EVP_PKEY_assign_DH(pkey, dh), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_DH_free(dh); + } + + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_PKEY_base_id(void) +{ + EXPECT_DECLS; + WOLFSSL_EVP_PKEY* pkey = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + + ExpectIntEQ(wolfSSL_EVP_PKEY_base_id(NULL), NID_undef); + + ExpectIntEQ(wolfSSL_EVP_PKEY_base_id(pkey), EVP_PKEY_RSA); + + EVP_PKEY_free(pkey); + + return EXPECT_RESULT(); +} +static int test_wolfSSL_EVP_PKEY_id(void) +{ + EXPECT_DECLS; + WOLFSSL_EVP_PKEY* pkey = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + + ExpectIntEQ(wolfSSL_EVP_PKEY_id(NULL), 0); + + ExpectIntEQ(wolfSSL_EVP_PKEY_id(pkey), EVP_PKEY_RSA); + + EVP_PKEY_free(pkey); + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_PKEY_paramgen(void) +{ + EXPECT_DECLS; + /* ECC check taken from ecc.c. It is the condition that defines ECC256 */ +#if defined(OPENSSL_ALL) && !defined(NO_ECC_SECP) && \ + ((!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 256) + EVP_PKEY_CTX* ctx = NULL; + EVP_PKEY* pkey = NULL; + + /* Test error conditions. */ + ExpectIntEQ(EVP_PKEY_paramgen(NULL, &pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)); + ExpectIntEQ(EVP_PKEY_paramgen(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + +#ifndef NO_RSA + EVP_PKEY_CTX_free(ctx); + /* Parameter generation for RSA not supported yet. */ + ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL)); + ExpectIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + +#ifdef HAVE_ECC + EVP_PKEY_CTX_free(ctx); + ExpectNotNull(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL)); + ExpectIntEQ(EVP_PKEY_paramgen_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, + NID_X9_62_prime256v1), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_paramgen(ctx, &pkey), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_ec_param_enc(ctx, OPENSSL_EC_NAMED_CURVE), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_keygen(ctx, &pkey), WOLFSSL_SUCCESS); +#endif + + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_PKEY_keygen(void) +{ + EXPECT_DECLS; + WOLFSSL_EVP_PKEY* pkey = NULL; + EVP_PKEY_CTX* ctx = NULL; +#if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + WOLFSSL_EVP_PKEY* params = NULL; + DH* dh = NULL; + const BIGNUM* pubkey = NULL; + const BIGNUM* privkey = NULL; + ASN1_INTEGER* asn1int = NULL; + unsigned int length = 0; + byte* derBuffer = NULL; +#endif + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + + /* Bad cases */ + ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, &pkey), 0); + ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, NULL), 0); + ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(NULL, NULL), 0); + + /* Good case */ + ExpectIntEQ(wolfSSL_EVP_PKEY_keygen(ctx, &pkey), 0); + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + +#if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + /* Test DH keygen */ + { + ExpectNotNull(params = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(dh = DH_get_2048_256()); + ExpectIntEQ(EVP_PKEY_set1_DH(params, dh), WOLFSSL_SUCCESS); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(params, NULL)); + ExpectIntEQ(EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_keygen(ctx, &pkey), WOLFSSL_SUCCESS); + + DH_free(dh); + dh = NULL; + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(params); + + /* try exporting generated key to DER, to verify */ + ExpectNotNull(dh = EVP_PKEY_get1_DH(pkey)); + DH_get0_key(dh, &pubkey, &privkey); + ExpectNotNull(pubkey); + ExpectNotNull(privkey); + ExpectNotNull(asn1int = BN_to_ASN1_INTEGER(pubkey, NULL)); + ExpectIntGT((length = i2d_ASN1_INTEGER(asn1int, &derBuffer)), 0); + + ASN1_INTEGER_free(asn1int); + DH_free(dh); + dh = NULL; + XFREE(derBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + EVP_PKEY_free(pkey); + } +#endif + + return EXPECT_RESULT(); +} +static int test_wolfSSL_EVP_PKEY_keygen_init(void) +{ + EXPECT_DECLS; + WOLFSSL_EVP_PKEY* pkey = NULL; + EVP_PKEY_CTX *ctx = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + + ExpectIntEQ(wolfSSL_EVP_PKEY_keygen_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_PKEY_keygen_init(NULL), WOLFSSL_SUCCESS); + + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + + return EXPECT_RESULT(); +} +static int test_wolfSSL_EVP_PKEY_missing_parameters(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_STUB) + WOLFSSL_EVP_PKEY* pkey = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + + ExpectIntEQ(wolfSSL_EVP_PKEY_missing_parameters(pkey), 0); + ExpectIntEQ(wolfSSL_EVP_PKEY_missing_parameters(NULL), 0); + + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} +static int test_wolfSSL_EVP_PKEY_copy_parameters(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_DH) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_SELFTEST) && (defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || \ + defined(WOLFSSL_OPENSSH)) && defined(WOLFSSL_DH_EXTRA) && \ + !defined(NO_FILESYSTEM) + WOLFSSL_EVP_PKEY* params = NULL; + WOLFSSL_EVP_PKEY* copy = NULL; + DH* dh = NULL; + BIGNUM* p1; + BIGNUM* g1; + BIGNUM* q1; + BIGNUM* p2; + BIGNUM* g2; + BIGNUM* q2; + + /* create DH with DH_get_2048_256 params */ + ExpectNotNull(params = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(dh = DH_get_2048_256()); + ExpectIntEQ(EVP_PKEY_set1_DH(params, dh), WOLFSSL_SUCCESS); + DH_get0_pqg(dh, (const BIGNUM**)&p1, + (const BIGNUM**)&q1, + (const BIGNUM**)&g1); + DH_free(dh); + dh = NULL; + + /* create DH with random generated DH params */ + ExpectNotNull(copy = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL)); + ExpectIntEQ(EVP_PKEY_set1_DH(copy, dh), WOLFSSL_SUCCESS); + DH_free(dh); + dh = NULL; + + ExpectIntEQ(EVP_PKEY_copy_parameters(copy, params), WOLFSSL_SUCCESS); + ExpectNotNull(dh = EVP_PKEY_get1_DH(copy)); + ExpectNotNull(dh->p); + ExpectNotNull(dh->g); + ExpectNotNull(dh->q); + DH_get0_pqg(dh, (const BIGNUM**)&p2, + (const BIGNUM**)&q2, + (const BIGNUM**)&g2); + + ExpectIntEQ(BN_cmp(p1, p2), 0); + ExpectIntEQ(BN_cmp(q1, q2), 0); + ExpectIntEQ(BN_cmp(g1, g2), 0); + + DH_free(dh); + dh = NULL; + EVP_PKEY_free(copy); + EVP_PKEY_free(params); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(void) +{ + EXPECT_DECLS; + WOLFSSL_EVP_PKEY* pkey = NULL; + EVP_PKEY_CTX* ctx = NULL; + int bits = 2048; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + + ExpectIntEQ(wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits), + WOLFSSL_SUCCESS); + + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_CIPHER_CTX_iv_length(void) +{ + EXPECT_DECLS; + /* This is large enough to be used for all key sizes */ + byte key[AES_256_KEY_SIZE] = {0}; + byte iv[AES_BLOCK_SIZE] = {0}; + int i; + int nids[] = { + #ifdef HAVE_AES_CBC + NID_aes_128_cbc, + #endif + #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + #ifdef HAVE_AESGCM + NID_aes_128_gcm, + #endif + #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ + #ifdef WOLFSSL_AES_COUNTER + NID_aes_128_ctr, + #endif + #ifndef NO_DES3 + NID_des_cbc, + NID_des_ede3_cbc, + #endif + }; + int iv_lengths[] = { + #ifdef HAVE_AES_CBC + AES_BLOCK_SIZE, + #endif + #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + #ifdef HAVE_AESGCM + GCM_NONCE_MID_SZ, + #endif + #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ + #ifdef WOLFSSL_AES_COUNTER + AES_BLOCK_SIZE, + #endif + #ifndef NO_DES3 + DES_BLOCK_SIZE, + DES_BLOCK_SIZE, + #endif + }; + int nidsLen = (sizeof(nids)/sizeof(int)); + + for (i = 0; i < nidsLen; i++) { + const EVP_CIPHER* init = wolfSSL_EVP_get_cipherbynid(nids[i]); + EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); + wolfSSL_EVP_CIPHER_CTX_init(ctx); + + ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_iv_length(ctx), iv_lengths[i]); + + EVP_CIPHER_CTX_free(ctx); + } + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_CIPHER_CTX_key_length(void) +{ + EXPECT_DECLS; + byte key[AES_256_KEY_SIZE] = {0}; + byte iv[AES_BLOCK_SIZE] = {0}; + int i; + int nids[] = { + #ifdef HAVE_AES_CBC + NID_aes_128_cbc, + #ifdef WOLFSSL_AES_256 + NID_aes_256_cbc, + #endif + #endif + #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + #ifdef HAVE_AESGCM + NID_aes_128_gcm, + #ifdef WOLFSSL_AES_256 + NID_aes_256_gcm, + #endif + #endif + #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ + #ifdef WOLFSSL_AES_COUNTER + NID_aes_128_ctr, + #ifdef WOLFSSL_AES_256 + NID_aes_256_ctr, + #endif + #endif + #ifndef NO_DES3 + NID_des_cbc, + NID_des_ede3_cbc, + #endif + }; + int key_lengths[] = { + #ifdef HAVE_AES_CBC + AES_128_KEY_SIZE, + #ifdef WOLFSSL_AES_256 + AES_256_KEY_SIZE, + #endif + #endif + #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + #ifdef HAVE_AESGCM + AES_128_KEY_SIZE, + #ifdef WOLFSSL_AES_256 + AES_256_KEY_SIZE, + #endif + #endif + #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ + #ifdef WOLFSSL_AES_COUNTER + AES_128_KEY_SIZE, + #ifdef WOLFSSL_AES_256 + AES_256_KEY_SIZE, + #endif + #endif + #ifndef NO_DES3 + DES_KEY_SIZE, + DES3_KEY_SIZE, + #endif + }; + int nidsLen = (sizeof(nids)/sizeof(int)); + + for (i = 0; i < nidsLen; i++) { + const EVP_CIPHER *init = wolfSSL_EVP_get_cipherbynid(nids[i]); + EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); + wolfSSL_EVP_CIPHER_CTX_init(ctx); + + ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_key_length(ctx), key_lengths[i]); + + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_key_length(ctx, key_lengths[i]), + WOLFSSL_SUCCESS); + + EVP_CIPHER_CTX_free(ctx); + } + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_CIPHER_CTX_set_iv(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESGCM) && !defined(NO_DES3) + int ivLen, keyLen; + EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); +#ifdef HAVE_AESGCM + byte key[AES_128_KEY_SIZE] = {0}; + byte iv[AES_BLOCK_SIZE] = {0}; + const EVP_CIPHER *init = EVP_aes_128_gcm(); +#else + byte key[DES3_KEY_SIZE] = {0}; + byte iv[DES_BLOCK_SIZE] = {0}; + const EVP_CIPHER *init = EVP_des_ede3_cbc(); +#endif + + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); + + ivLen = wolfSSL_EVP_CIPHER_CTX_iv_length(ctx); + keyLen = wolfSSL_EVP_CIPHER_CTX_key_length(ctx); + + /* Bad cases */ + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, iv, ivLen), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, NULL, ivLen), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, keyLen), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Good case */ + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_set_iv(ctx, iv, ivLen), 1); + + EVP_CIPHER_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_PKEY_CTX_new_id(void) +{ + EXPECT_DECLS; + WOLFSSL_ENGINE* e = NULL; + int id = 0; + EVP_PKEY_CTX *ctx = NULL; + + ExpectNotNull(ctx = wolfSSL_EVP_PKEY_CTX_new_id(id, e)); + + EVP_PKEY_CTX_free(ctx); + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_rc4(void) +{ + EXPECT_DECLS; +#if !defined(NO_RC4) + ExpectNotNull(wolfSSL_EVP_rc4()); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_enc_null(void) +{ + EXPECT_DECLS; + ExpectNotNull(wolfSSL_EVP_enc_null()); + return EXPECT_RESULT(); +} +static int test_wolfSSL_EVP_rc2_cbc(void) + +{ + EXPECT_DECLS; +#if defined(WOLFSSL_QT) && !defined(NO_WOLFSSL_STUB) + ExpectNull(wolfSSL_EVP_rc2_cbc()); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_mdc2(void) +{ + EXPECT_DECLS; +#if !defined(NO_WOLFSSL_STUB) + ExpectNull(wolfSSL_EVP_mdc2()); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_md4(void) +{ + EXPECT_DECLS; +#if !defined(NO_MD4) + ExpectNotNull(wolfSSL_EVP_md4()); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_aes_256_gcm(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) + ExpectNotNull(wolfSSL_EVP_aes_256_gcm()); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_aes_192_gcm(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_192) + ExpectNotNull(wolfSSL_EVP_aes_192_gcm()); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_aes_256_ccm(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_256) + ExpectNotNull(wolfSSL_EVP_aes_256_ccm()); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_aes_192_ccm(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_192) + ExpectNotNull(wolfSSL_EVP_aes_192_ccm()); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_aes_128_ccm(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) + ExpectNotNull(wolfSSL_EVP_aes_128_ccm()); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_ripemd160(void) +{ + EXPECT_DECLS; +#if !defined(NO_WOLFSSL_STUB) + ExpectNull(wolfSSL_EVP_ripemd160()); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_get_digestbynid(void) +{ + EXPECT_DECLS; + +#ifndef NO_MD5 + ExpectNotNull(wolfSSL_EVP_get_digestbynid(NID_md5)); +#endif +#ifndef NO_SHA + ExpectNotNull(wolfSSL_EVP_get_digestbynid(NID_sha1)); +#endif +#ifndef NO_SHA256 + ExpectNotNull(wolfSSL_EVP_get_digestbynid(NID_sha256)); +#endif + ExpectNull(wolfSSL_EVP_get_digestbynid(0)); + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_MD_nid(void) +{ + EXPECT_DECLS; + +#ifndef NO_MD5 + ExpectIntEQ(EVP_MD_nid(EVP_md5()), NID_md5); +#endif +#ifndef NO_SHA + ExpectIntEQ(EVP_MD_nid(EVP_sha1()), NID_sha1); +#endif +#ifndef NO_SHA256 + ExpectIntEQ(EVP_MD_nid(EVP_sha256()), NID_sha256); +#endif + ExpectIntEQ(EVP_MD_nid(NULL), NID_undef); + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_PKEY_get0_EC_KEY(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) + WOLFSSL_EVP_PKEY* pkey = NULL; + + ExpectNull(EVP_PKEY_get0_EC_KEY(NULL)); + + ExpectNotNull(pkey = EVP_PKEY_new()); + ExpectNull(EVP_PKEY_get0_EC_KEY(pkey)); + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_X_STATE(void) +{ + EXPECT_DECLS; +#if !defined(NO_DES3) && !defined(NO_RC4) + byte key[DES3_KEY_SIZE] = {0}; + byte iv[DES_IV_SIZE] = {0}; + EVP_CIPHER_CTX *ctx = NULL; + const EVP_CIPHER *init = NULL; + + /* Bad test cases */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + ExpectNotNull(init = EVP_des_ede3_cbc()); + + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); + + ExpectNull(wolfSSL_EVP_X_STATE(NULL)); + ExpectNull(wolfSSL_EVP_X_STATE(ctx)); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* Good test case */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + ExpectNotNull(init = wolfSSL_EVP_rc4()); + + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); + + ExpectNotNull(wolfSSL_EVP_X_STATE(ctx)); + EVP_CIPHER_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} +static int test_wolfSSL_EVP_X_STATE_LEN(void) +{ + EXPECT_DECLS; +#if !defined(NO_DES3) && !defined(NO_RC4) + byte key[DES3_KEY_SIZE] = {0}; + byte iv[DES_IV_SIZE] = {0}; + EVP_CIPHER_CTX *ctx = NULL; + const EVP_CIPHER *init = NULL; + + /* Bad test cases */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + ExpectNotNull(init = EVP_des_ede3_cbc()); + + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_EVP_X_STATE_LEN(NULL), 0); + ExpectIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), 0); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* Good test case */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + ExpectNotNull(init = wolfSSL_EVP_rc4()); + + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ExpectIntEQ(EVP_CipherInit(ctx, init, key, iv, 1), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_EVP_X_STATE_LEN(ctx), sizeof(Arc4)); + EVP_CIPHER_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_CIPHER_block_size(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AES_CBC) || defined(HAVE_AESGCM) || \ + defined(WOLFSSL_AES_COUNTER) || defined(HAVE_AES_ECB) || \ + defined(WOLFSSL_AES_OFB) || !defined(NO_RC4) || \ + (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) + +#ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_cbc()), AES_BLOCK_SIZE); + #endif + #ifdef WOLFSSL_AES_192 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_cbc()), AES_BLOCK_SIZE); + #endif + #ifdef WOLFSSL_AES_256 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_cbc()), AES_BLOCK_SIZE); + #endif +#endif + +#ifdef HAVE_AESGCM + #ifdef WOLFSSL_AES_128 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_gcm()), 1); + #endif + #ifdef WOLFSSL_AES_192 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_gcm()), 1); + #endif + #ifdef WOLFSSL_AES_256 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_gcm()), 1); + #endif +#endif + +#ifdef HAVE_AESCCM + #ifdef WOLFSSL_AES_128 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ccm()), 1); + #endif + #ifdef WOLFSSL_AES_192 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ccm()), 1); + #endif + #ifdef WOLFSSL_AES_256 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ccm()), 1); + #endif +#endif + +#ifdef WOLFSSL_AES_COUNTER + #ifdef WOLFSSL_AES_128 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ctr()), 1); + #endif + #ifdef WOLFSSL_AES_192 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ctr()), 1); + #endif + #ifdef WOLFSSL_AES_256 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ctr()), 1); + #endif +#endif + +#ifdef HAVE_AES_ECB + #ifdef WOLFSSL_AES_128 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ecb()), AES_BLOCK_SIZE); + #endif + #ifdef WOLFSSL_AES_192 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ecb()), AES_BLOCK_SIZE); + #endif + #ifdef WOLFSSL_AES_256 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ecb()), AES_BLOCK_SIZE); + #endif +#endif + +#ifdef WOLFSSL_AES_OFB + #ifdef WOLFSSL_AES_128 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_128_ofb()), 1); + #endif + #ifdef WOLFSSL_AES_192 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_192_ofb()), 1); + #endif + #ifdef WOLFSSL_AES_256 + ExpectIntEQ(EVP_CIPHER_block_size(EVP_aes_256_ofb()), 1); + #endif +#endif + +#ifndef NO_RC4 + ExpectIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_rc4()), 1); +#endif + +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + ExpectIntEQ(EVP_CIPHER_block_size(wolfSSL_EVP_chacha20_poly1305()), 1); +#endif +#endif + +#ifdef WOLFSSL_SM4_ECB + ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_ecb()), SM4_BLOCK_SIZE); +#endif +#ifdef WOLFSSL_SM4_CBC + ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_cbc()), SM4_BLOCK_SIZE); +#endif +#ifdef WOLFSSL_SM4_CTR + ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_ctr()), 1); +#endif +#ifdef WOLFSSL_SM4_GCM + ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_gcm()), 1); +#endif +#ifdef WOLFSSL_SM4_CCM + ExpectIntEQ(EVP_CIPHER_block_size(EVP_sm4_ccm()), 1); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_CIPHER_iv_length(void) +{ + EXPECT_DECLS; + int nids[] = { + #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) + #ifdef WOLFSSL_AES_128 + NID_aes_128_cbc, + #endif + #ifdef WOLFSSL_AES_192 + NID_aes_192_cbc, + #endif + #ifdef WOLFSSL_AES_256 + NID_aes_256_cbc, + #endif + #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ + #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + #ifdef HAVE_AESGCM + #ifdef WOLFSSL_AES_128 + NID_aes_128_gcm, + #endif + #ifdef WOLFSSL_AES_192 + NID_aes_192_gcm, + #endif + #ifdef WOLFSSL_AES_256 + NID_aes_256_gcm, + #endif + #endif /* HAVE_AESGCM */ + #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ + #ifdef WOLFSSL_AES_COUNTER + #ifdef WOLFSSL_AES_128 + NID_aes_128_ctr, + #endif + #ifdef WOLFSSL_AES_192 + NID_aes_192_ctr, + #endif + #ifdef WOLFSSL_AES_256 + NID_aes_256_ctr, + #endif + #endif + #ifndef NO_DES3 + NID_des_cbc, + NID_des_ede3_cbc, + #endif + #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + NID_chacha20_poly1305, + #endif + }; + int iv_lengths[] = { + #if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_DIRECT) + #ifdef WOLFSSL_AES_128 + AES_BLOCK_SIZE, + #endif + #ifdef WOLFSSL_AES_192 + AES_BLOCK_SIZE, + #endif + #ifdef WOLFSSL_AES_256 + AES_BLOCK_SIZE, + #endif + #endif /* HAVE_AES_CBC || WOLFSSL_AES_DIRECT */ + #if (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + #ifdef HAVE_AESGCM + #ifdef WOLFSSL_AES_128 + GCM_NONCE_MID_SZ, + #endif + #ifdef WOLFSSL_AES_192 + GCM_NONCE_MID_SZ, + #endif + #ifdef WOLFSSL_AES_256 + GCM_NONCE_MID_SZ, + #endif + #endif /* HAVE_AESGCM */ + #endif /* (HAVE_FIPS && !HAVE_SELFTEST) || HAVE_FIPS_VERSION > 2 */ + #ifdef WOLFSSL_AES_COUNTER + #ifdef WOLFSSL_AES_128 + AES_BLOCK_SIZE, + #endif + #ifdef WOLFSSL_AES_192 + AES_BLOCK_SIZE, + #endif + #ifdef WOLFSSL_AES_256 + AES_BLOCK_SIZE, + #endif + #endif + #ifndef NO_DES3 + DES_BLOCK_SIZE, + DES_BLOCK_SIZE, + #endif + #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + CHACHA20_POLY1305_AEAD_IV_SIZE, + #endif + }; + int i; + int nidsLen = (sizeof(nids)/sizeof(int)); + + for (i = 0; i < nidsLen; i++) { + const EVP_CIPHER *c = EVP_get_cipherbynid(nids[i]); + ExpectIntEQ(EVP_CIPHER_iv_length(c), iv_lengths[i]); + } + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_SignInit_ex(void) +{ + EXPECT_DECLS; + WOLFSSL_EVP_MD_CTX mdCtx; + WOLFSSL_ENGINE* e = 0; + const EVP_MD* md = EVP_sha256(); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_SignInit_ex(&mdCtx, md, e), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_DigestFinalXOF(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) && defined(OPENSSL_ALL) + WOLFSSL_EVP_MD_CTX mdCtx; + unsigned char shake[256]; + unsigned char zeros[10]; + unsigned char data[] = "Test data"; + unsigned int sz; + + XMEMSET(zeros, 0, sizeof(zeros)); + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(EVP_DigestInit(&mdCtx, EVP_shake256()), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_MD_flags(EVP_shake256()), EVP_MD_FLAG_XOF); + ExpectIntEQ(EVP_MD_flags(EVP_sha3_256()), 0); + ExpectIntEQ(EVP_DigestUpdate(&mdCtx, data, 1), WOLFSSL_SUCCESS); + XMEMSET(shake, 0, sizeof(shake)); + ExpectIntEQ(EVP_DigestFinalXOF(&mdCtx, shake, 10), WOLFSSL_SUCCESS); + + /* make sure was only size of 10 */ + ExpectIntEQ(XMEMCMP(&shake[11], zeros, 10), 0); + ExpectIntEQ(EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); + + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(EVP_DigestInit(&mdCtx, EVP_shake256()), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestUpdate(&mdCtx, data, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestFinal(&mdCtx, shake, &sz), WOLFSSL_SUCCESS); + ExpectIntEQ(sz, 32); + ExpectIntEQ(EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); + + #if defined(WOLFSSL_SHAKE128) + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(EVP_DigestInit(&mdCtx, EVP_shake128()), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestUpdate(&mdCtx, data, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestFinal(&mdCtx, shake, &sz), WOLFSSL_SUCCESS); + ExpectIntEQ(sz, 16); + ExpectIntEQ(EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); + #endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_DigestFinal_ex(void) +{ + EXPECT_DECLS; +#if !defined(NO_SHA256) + WOLFSSL_EVP_MD_CTX mdCtx; + unsigned int s = 0; + unsigned char md[WC_SHA256_DIGEST_SIZE]; + unsigned char md2[WC_SHA256_DIGEST_SIZE]; + + /* Bad Case */ +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2)) + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), 0); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), 1); + +#else + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md, &s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); + +#endif + + /* Good Case */ + wolfSSL_EVP_MD_CTX_init(&mdCtx); + ExpectIntEQ(wolfSSL_EVP_DigestInit(&mdCtx, EVP_sha256()), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_DigestFinal_ex(&mdCtx, md2, &s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_MD_CTX_cleanup(&mdCtx), WOLFSSL_SUCCESS); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_QT_EVP_PKEY_CTX_free(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + EVP_PKEY* pkey = NULL; + EVP_PKEY_CTX* ctx = NULL; + + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L + /* void */ + EVP_PKEY_CTX_free(ctx); +#else + /* int */ + ExpectIntEQ(EVP_PKEY_CTX_free(ctx), WOLFSSL_SUCCESS); +#endif + + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_PKEY_param_check(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) +#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) + + DH *dh = NULL; + DH *setDh = NULL; + EVP_PKEY *pkey = NULL; + EVP_PKEY_CTX* ctx = NULL; + + FILE* f = NULL; + unsigned char buf[512]; + const unsigned char* pt = buf; + const char* dh2048 = "./certs/dh2048.der"; + long len = 0; + int code = -1; + + XMEMSET(buf, 0, sizeof(buf)); + + ExpectTrue((f = XFOPEN(dh2048, "rb")) != XBADFILE); + ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0); + if (f != XBADFILE) + XFCLOSE(f); + + /* Load dh2048.der into DH with internal format */ + ExpectNotNull(setDh = d2i_DHparams(NULL, &pt, len)); + ExpectIntEQ(DH_check(setDh, &code), WOLFSSL_SUCCESS); + ExpectIntEQ(code, 0); + code = -1; + + pkey = wolfSSL_EVP_PKEY_new(); + /* Set DH into PKEY */ + ExpectIntEQ(EVP_PKEY_set1_DH(pkey, setDh), WOLFSSL_SUCCESS); + /* create ctx from pkey */ + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_param_check(ctx), 1/* valid */); + + /* TODO: more invalid cases */ + ExpectIntEQ(EVP_PKEY_param_check(NULL), 0); + + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(pkey); + DH_free(setDh); + setDh = NULL; + DH_free(dh); + dh = NULL; +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_BytesToKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AES_CBC) + byte key[AES_BLOCK_SIZE] = {0}; + byte iv[AES_BLOCK_SIZE] = {0}; + int count = 0; + const EVP_MD* md = EVP_sha256(); + const EVP_CIPHER *type; + const unsigned char *salt = (unsigned char *)"salt1234"; + int sz = 5; + const byte data[] = { + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + + type = wolfSSL_EVP_get_cipherbynid(NID_aes_128_cbc); + + /* Bad cases */ + ExpectIntEQ(EVP_BytesToKey(NULL, md, salt, data, sz, count, key, iv), + 0); + ExpectIntEQ(EVP_BytesToKey(type, md, salt, NULL, sz, count, key, iv), + 16); + md = "2"; + ExpectIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Good case */ + md = EVP_sha256(); + ExpectIntEQ(EVP_BytesToKey(type, md, salt, data, sz, count, key, iv), + 16); +#endif + return EXPECT_RESULT(); +} + +static int test_evp_cipher_aes_gcm(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESGCM) && ((!defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST)) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION >= 2))) && defined(WOLFSSL_AES_256) + /* + * This test checks data at various points in the encrypt/decrypt process + * against known values produced using the same test with OpenSSL. This + * interop testing is critical for verifying the correctness of our + * EVP_Cipher implementation with AES-GCM. Specifically, this test exercises + * a flow supported by OpenSSL that uses the control command + * EVP_CTRL_GCM_IV_GEN to increment the IV between cipher operations without + * the need to call EVP_CipherInit. OpenSSH uses this flow, for example. We + * had a bug with OpenSSH where wolfSSL OpenSSH servers could only talk to + * wolfSSL OpenSSH clients because there was a bug in this flow that + * happened to "cancel out" if both sides of the connection had the bug. + */ + enum { + NUM_ENCRYPTIONS = 3, + AAD_SIZE = 4 + }; + static const byte plainText1[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23 + }; + static const byte plainText2[] = { + 0x42, 0x49, 0x3b, 0x27, 0x03, 0x35, 0x59, 0x14, 0x41, 0x47, 0x37, 0x14, + 0x0e, 0x34, 0x0d, 0x28, 0x63, 0x09, 0x0a, 0x5b, 0x22, 0x57, 0x42, 0x22, + 0x0f, 0x5c, 0x1e, 0x53, 0x45, 0x15, 0x62, 0x08, 0x60, 0x43, 0x50, 0x2c + }; + static const byte plainText3[] = { + 0x36, 0x0d, 0x2b, 0x09, 0x4a, 0x56, 0x3b, 0x4c, 0x21, 0x22, 0x58, 0x0e, + 0x5b, 0x57, 0x10 + }; + static const byte* plainTexts[NUM_ENCRYPTIONS] = { + plainText1, + plainText2, + plainText3 + }; + static const int plainTextSzs[NUM_ENCRYPTIONS] = { + sizeof(plainText1), + sizeof(plainText2), + sizeof(plainText3) + }; + static const byte aad1[AAD_SIZE] = { + 0x00, 0x00, 0x00, 0x01 + }; + static const byte aad2[AAD_SIZE] = { + 0x00, 0x00, 0x00, 0x10 + }; + static const byte aad3[AAD_SIZE] = { + 0x00, 0x00, 0x01, 0x00 + }; + static const byte* aads[NUM_ENCRYPTIONS] = { + aad1, + aad2, + aad3 + }; + const byte iv[GCM_NONCE_MID_SZ] = { + 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF + }; + byte currentIv[GCM_NONCE_MID_SZ]; + const byte key[] = { + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, + 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f + }; + const byte expIvs[NUM_ENCRYPTIONS][GCM_NONCE_MID_SZ] = { + { + 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, + 0xEF + }, + { + 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, + 0xF0 + }, + { + 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, + 0xF1 + } + }; + const byte expTags[NUM_ENCRYPTIONS][AES_BLOCK_SIZE] = { + { + 0x65, 0x4F, 0xF7, 0xA0, 0xBB, 0x7B, 0x90, 0xB7, 0x9C, 0xC8, 0x14, + 0x3D, 0x32, 0x18, 0x34, 0xA9 + }, + { + 0x50, 0x3A, 0x13, 0x8D, 0x91, 0x1D, 0xEC, 0xBB, 0xBA, 0x5B, 0x57, + 0xA2, 0xFD, 0x2D, 0x6B, 0x7F + }, + { + 0x3B, 0xED, 0x18, 0x9C, 0xB3, 0xE3, 0x61, 0x1E, 0x11, 0xEB, 0x13, + 0x5B, 0xEC, 0x52, 0x49, 0x32, + } + }; + static const byte expCipherText1[] = { + 0xCB, 0x93, 0x4F, 0xC8, 0x22, 0xE2, 0xC0, 0x35, 0xAA, 0x6B, 0x41, 0x15, + 0x17, 0x30, 0x2F, 0x97, 0x20, 0x74, 0x39, 0x28, 0xF8, 0xEB, 0xC5, 0x51, + 0x7B, 0xD9, 0x8A, 0x36, 0xB8, 0xDA, 0x24, 0x80, 0xE7, 0x9E, 0x09, 0xDE + }; + static const byte expCipherText2[] = { + 0xF9, 0x32, 0xE1, 0x87, 0x37, 0x0F, 0x04, 0xC1, 0xB5, 0x59, 0xF0, 0x45, + 0x3A, 0x0D, 0xA0, 0x26, 0xFF, 0xA6, 0x8D, 0x38, 0xFE, 0xB8, 0xE5, 0xC2, + 0x2A, 0x98, 0x4A, 0x54, 0x8F, 0x1F, 0xD6, 0x13, 0x03, 0xB2, 0x1B, 0xC0 + }; + static const byte expCipherText3[] = { + 0xD0, 0x37, 0x59, 0x1C, 0x2F, 0x85, 0x39, 0x4D, 0xED, 0xC2, 0x32, 0x5B, + 0x80, 0x5E, 0x6B, + }; + static const byte* expCipherTexts[NUM_ENCRYPTIONS] = { + expCipherText1, + expCipherText2, + expCipherText3 + }; + byte* cipherText = NULL; + byte* calcPlainText = NULL; + byte tag[AES_BLOCK_SIZE]; + EVP_CIPHER_CTX* encCtx = NULL; + EVP_CIPHER_CTX* decCtx = NULL; + int i, j, outl; + + /****************************************************/ + for (i = 0; i < 3; ++i) { + ExpectNotNull(encCtx = EVP_CIPHER_CTX_new()); + ExpectNotNull(decCtx = EVP_CIPHER_CTX_new()); + + /* First iteration, set key before IV. */ + if (i == 0) { + ExpectIntEQ(EVP_CipherInit(encCtx, EVP_aes_256_gcm(), key, NULL, 1), + SSL_SUCCESS); + + /* + * The call to EVP_CipherInit below (with NULL key) should clear the + * authIvGenEnable flag set by EVP_CTRL_GCM_SET_IV_FIXED. As such, a + * subsequent EVP_CTRL_GCM_IV_GEN should fail. This matches OpenSSL + * behavior. + */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1, + (void*)iv), SSL_SUCCESS); + ExpectIntEQ(EVP_CipherInit(encCtx, NULL, NULL, iv, 1), + SSL_SUCCESS); + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1, + currentIv), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), key, NULL, 0), + SSL_SUCCESS); + ExpectIntEQ(EVP_CipherInit(decCtx, NULL, NULL, iv, 0), + SSL_SUCCESS); + } + /* Second iteration, IV before key. */ + else { + ExpectIntEQ(EVP_CipherInit(encCtx, EVP_aes_256_gcm(), NULL, iv, 1), + SSL_SUCCESS); + ExpectIntEQ(EVP_CipherInit(encCtx, NULL, key, NULL, 1), + SSL_SUCCESS); + ExpectIntEQ(EVP_CipherInit(decCtx, EVP_aes_256_gcm(), NULL, iv, 0), + SSL_SUCCESS); + ExpectIntEQ(EVP_CipherInit(decCtx, NULL, key, NULL, 0), + SSL_SUCCESS); + } + + /* + * EVP_CTRL_GCM_IV_GEN should fail if EVP_CTRL_GCM_SET_IV_FIXED hasn't + * been issued first. + */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1, + currentIv), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1, + (void*)iv), SSL_SUCCESS); + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_IV_FIXED, -1, + (void*)iv), SSL_SUCCESS); + + for (j = 0; j < NUM_ENCRYPTIONS; ++j) { + /*************** Encrypt ***************/ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, -1, + currentIv), SSL_SUCCESS); + /* Check current IV against expected. */ + ExpectIntEQ(XMEMCMP(currentIv, expIvs[j], GCM_NONCE_MID_SZ), 0); + + /* Add AAD. */ + if (i == 2) { + /* Test streaming API. */ + ExpectIntEQ(EVP_CipherUpdate(encCtx, NULL, &outl, aads[j], + AAD_SIZE), SSL_SUCCESS); + } + else { + ExpectIntEQ(EVP_Cipher(encCtx, NULL, (byte *)aads[j], AAD_SIZE), + AAD_SIZE); + } + + ExpectNotNull(cipherText = (byte*)XMALLOC(plainTextSzs[j], NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + + /* Encrypt plaintext. */ + if (i == 2) { + ExpectIntEQ(EVP_CipherUpdate(encCtx, cipherText, &outl, + plainTexts[j], plainTextSzs[j]), + SSL_SUCCESS); + } + else { + ExpectIntEQ(EVP_Cipher(encCtx, cipherText, (byte *)plainTexts[j], + plainTextSzs[j]), plainTextSzs[j]); + } + + if (i == 2) { + ExpectIntEQ(EVP_CipherFinal(encCtx, cipherText, &outl), + SSL_SUCCESS); + } + else { + /* + * Calling EVP_Cipher with NULL input and output for AES-GCM is + * akin to calling EVP_CipherFinal. + */ + ExpectIntGE(EVP_Cipher(encCtx, NULL, NULL, 0), 0); + } + + /* Check ciphertext against expected. */ + ExpectIntEQ(XMEMCMP(cipherText, expCipherTexts[j], plainTextSzs[j]), + 0); + + /* Get and check tag against expected. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_GET_TAG, + sizeof(tag), tag), SSL_SUCCESS); + ExpectIntEQ(XMEMCMP(tag, expTags[j], sizeof(tag)), 0); + + /*************** Decrypt ***************/ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_IV_GEN, -1, + currentIv), SSL_SUCCESS); + /* Check current IV against expected. */ + ExpectIntEQ(XMEMCMP(currentIv, expIvs[j], GCM_NONCE_MID_SZ), 0); + + /* Add AAD. */ + if (i == 2) { + /* Test streaming API. */ + ExpectIntEQ(EVP_CipherUpdate(decCtx, NULL, &outl, aads[j], + AAD_SIZE), SSL_SUCCESS); + } + else { + ExpectIntEQ(EVP_Cipher(decCtx, NULL, (byte *)aads[j], AAD_SIZE), + AAD_SIZE); + } + + /* Set expected tag. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_TAG, + sizeof(tag), tag), SSL_SUCCESS); + + /* Decrypt ciphertext. */ + ExpectNotNull(calcPlainText = (byte*)XMALLOC(plainTextSzs[j], NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + if (i == 2) { + ExpectIntEQ(EVP_CipherUpdate(decCtx, calcPlainText, &outl, + cipherText, plainTextSzs[j]), + SSL_SUCCESS); + } + else { + /* This first EVP_Cipher call will check the tag, too. */ + ExpectIntEQ(EVP_Cipher(decCtx, calcPlainText, cipherText, + plainTextSzs[j]), plainTextSzs[j]); + } + + if (i == 2) { + ExpectIntEQ(EVP_CipherFinal(decCtx, calcPlainText, &outl), + SSL_SUCCESS); + } + else { + ExpectIntGE(EVP_Cipher(decCtx, NULL, NULL, 0), 0); + } + + /* Check plaintext against expected. */ + ExpectIntEQ(XMEMCMP(calcPlainText, plainTexts[j], plainTextSzs[j]), + 0); + + XFREE(cipherText, NULL, DYNAMIC_TYPE_TMP_BUFFER); + cipherText = NULL; + XFREE(calcPlainText, NULL, DYNAMIC_TYPE_TMP_BUFFER); + calcPlainText = NULL; + } + + EVP_CIPHER_CTX_free(encCtx); + encCtx = NULL; + EVP_CIPHER_CTX_free(decCtx); + decCtx = NULL; + } +#endif + return EXPECT_RESULT(); +} +static int test_wolfSSL_OBJ_ln(void) +{ + EXPECT_DECLS; + const int nid_set[] = { + NID_commonName, + NID_serialNumber, + NID_countryName, + NID_localityName, + NID_stateOrProvinceName, + NID_organizationName, + NID_organizationalUnitName, + NID_domainComponent, + NID_businessCategory, + NID_jurisdictionCountryName, + NID_jurisdictionStateOrProvinceName, + NID_emailAddress + }; + const char* ln_set[] = { + "commonName", + "serialNumber", + "countryName", + "localityName", + "stateOrProvinceName", + "organizationName", + "organizationalUnitName", + "domainComponent", + "businessCategory", + "jurisdictionCountryName", + "jurisdictionStateOrProvinceName", + "emailAddress", + }; + size_t i = 0, maxIdx = sizeof(ln_set)/sizeof(char*); + + ExpectIntEQ(OBJ_ln2nid(NULL), NID_undef); + +#ifdef HAVE_ECC +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + { + EC_builtin_curve r[27]; + size_t nCurves = sizeof(r) / sizeof(r[0]); + nCurves = EC_get_builtin_curves(r, nCurves); + + for (i = 0; i < nCurves; i++) { + /* skip ECC_CURVE_INVALID */ + if (r[i].nid != ECC_CURVE_INVALID) { + ExpectIntEQ(OBJ_ln2nid(r[i].comment), r[i].nid); + ExpectStrEQ(OBJ_nid2ln(r[i].nid), r[i].comment); + } + } + } +#endif +#endif + + for (i = 0; i < maxIdx; i++) { + ExpectIntEQ(OBJ_ln2nid(ln_set[i]), nid_set[i]); + ExpectStrEQ(OBJ_nid2ln(nid_set[i]), ln_set[i]); + } + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_OBJ_sn(void) +{ + EXPECT_DECLS; + int i = 0, maxIdx = 7; + const int nid_set[] = {NID_commonName,NID_countryName,NID_localityName, + NID_stateOrProvinceName,NID_organizationName, + NID_organizationalUnitName,NID_emailAddress}; + const char* sn_open_set[] = {"CN","C","L","ST","O","OU","emailAddress"}; + + ExpectIntEQ(wolfSSL_OBJ_sn2nid(NULL), NID_undef); + for (i = 0; i < maxIdx; i++) { + ExpectIntEQ(wolfSSL_OBJ_sn2nid(sn_open_set[i]), nid_set[i]); + ExpectStrEQ(wolfSSL_OBJ_nid2sn(nid_set[i]), sn_open_set[i]); + } + + return EXPECT_RESULT(); +} + +#if !defined(NO_BIO) +static word32 TXT_DB_hash(const WOLFSSL_STRING *s) +{ + return (word32)lh_strhash(s[3]); +} + +static int TXT_DB_cmp(const WOLFSSL_STRING *a, const WOLFSSL_STRING *b) +{ + return XSTRCMP(a[3], b[3]); +} +#endif + +static int test_wolfSSL_TXT_DB(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_BIO) + BIO *bio = NULL; + TXT_DB *db = NULL; + const int columns = 6; + const char *fields[6] = { + "V", + "320926161116Z", + "", + "12BD", + "unknown", + "/CN=rsa doe", + }; + char** fields_copy = NULL; + + /* Test read */ + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, "./tests/TXT_DB.txt"), 0); + ExpectNotNull(db = TXT_DB_read(bio, columns)); + ExpectNotNull(fields_copy = (char**)XMALLOC(sizeof(fields), NULL, + DYNAMIC_TYPE_OPENSSL)); + if (fields_copy != NULL) { + XMEMCPY(fields_copy, fields, sizeof(fields)); + } + ExpectIntEQ(TXT_DB_insert(db, fields_copy), 1); + if (EXPECT_FAIL()) { + XFREE(fields_copy, NULL, DYNAMIC_TYPE_OPENSSL); + } + BIO_free(bio); + bio = NULL; + + /* Test write */ + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(TXT_DB_write(bio, db), 1484); + BIO_free(bio); + + /* Test index */ + ExpectIntEQ(TXT_DB_create_index(db, 3, NULL, + (wolf_sk_hash_cb)(wc_ptr_t)TXT_DB_hash, + (wolf_lh_compare_cb)TXT_DB_cmp), 1); + ExpectNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields)); + fields[3] = "12DA"; + ExpectNotNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields)); + fields[3] = "FFFF"; + ExpectNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields)); + fields[3] = ""; + ExpectNull(TXT_DB_get_by_index(db, 3, (WOLFSSL_STRING*)fields)); + + TXT_DB_free(db); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_NCONF(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_BIO) + const char* confFile = "./tests/NCONF_test.cnf"; + CONF* conf = NULL; + long eline = 0; + long num = 0; + + ExpectNotNull(conf = NCONF_new(NULL)); + + ExpectIntEQ(NCONF_load(conf, confFile, &eline), 1); + ExpectIntEQ(NCONF_get_number(conf, NULL, "port", &num), 1); + ExpectIntEQ(num, 1234); + ExpectIntEQ(NCONF_get_number(conf, "section2", "port", &num), 1); + ExpectIntEQ(num, 4321); + ExpectStrEQ(NCONF_get_string(conf, NULL, "dir"), "./test-dir"); + ExpectStrEQ(NCONF_get_string(conf, "section1", "file1_copy"), + "./test-dir/file1"); + ExpectStrEQ(NCONF_get_string(conf, "section2", "file_list"), + "./test-dir/file1:./test-dir/file2:./section1:file2"); + + NCONF_free(conf); +#endif + return EXPECT_RESULT(); +} +#endif /* OPENSSL_ALL */ + +static int test_wolfSSL_X509V3_set_ctx(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \ + defined(HAVE_CRL) + WOLFSSL_X509V3_CTX ctx; + WOLFSSL_X509* issuer = NULL; + WOLFSSL_X509* subject = NULL; + WOLFSSL_X509 req; + WOLFSSL_X509_CRL crl; + + XMEMSET(&ctx, 0, sizeof(ctx)); + ExpectNotNull(issuer = wolfSSL_X509_new()); + ExpectNotNull(subject = wolfSSL_X509_new()); + XMEMSET(&req, 0, sizeof(req)); + XMEMSET(&crl, 0, sizeof(crl)); + + wolfSSL_X509V3_set_ctx(NULL, NULL, NULL, NULL, NULL, 0); + wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + wolfSSL_X509V3_set_ctx(&ctx, issuer, NULL, NULL, NULL, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + wolfSSL_X509V3_set_ctx(&ctx, NULL, subject, NULL, NULL, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, &req, NULL, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, &crl, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 1); + /* X509 allocated in context results in 'failure' (but not return). */ + wolfSSL_X509V3_set_ctx(&ctx, NULL, NULL, NULL, NULL, 0); + wolfSSL_X509_free(ctx.x509); + ctx.x509 = NULL; + + wolfSSL_X509_free(subject); + wolfSSL_X509_free(issuer); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509V3_EXT_get(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + XFILE f = XBADFILE; + int numOfExt =0; + int extNid = 0; + int i = 0; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + const WOLFSSL_v3_ext_method* method = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + /* No object in extension. */ + ExpectNull(wolfSSL_X509V3_EXT_get(ext)); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + /* NID is zero. */ + ExpectNull(wolfSSL_X509V3_EXT_get(ext)); + /* NID is not known. */ + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = 1; + } + ExpectNull(wolfSSL_X509V3_EXT_get(ext)); + + /* NIDs not in certificate. */ + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = NID_certificate_policies; + } + ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); + ExpectIntEQ(method->ext_nid, NID_certificate_policies); + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = NID_crl_distribution_points; + } + ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); + ExpectIntEQ(method->ext_nid, NID_crl_distribution_points); + + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + ext = NULL; + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + /* wolfSSL_X509V3_EXT_get() return struct and nid test */ + ExpectIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5); + for (i = 0; i < numOfExt; i++) { + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectIntNE((extNid = ext->obj->nid), NID_undef); + ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); + ExpectIntEQ(method->ext_nid, extNid); + if (EXPECT_SUCCESS()) { + if (method->ext_nid == NID_subject_key_identifier) { + ExpectNotNull(method->i2s); + } + } + } + + /* wolfSSL_X509V3_EXT_get() NULL argument test */ + ExpectNull(method = wolfSSL_X509V3_EXT_get(NULL)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509V3_EXT_nconf(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL + const char *ext_names[] = { + "subjectKeyIdentifier", + "authorityKeyIdentifier", + "subjectAltName", + "keyUsage", + "extendedKeyUsage", + }; + size_t ext_names_count = sizeof(ext_names)/sizeof(*ext_names); + int ext_nids[] = { + NID_subject_key_identifier, + NID_authority_key_identifier, + NID_subject_alt_name, + NID_key_usage, + NID_ext_key_usage, + }; + size_t ext_nids_count = sizeof(ext_nids)/sizeof(*ext_nids); + const char *ext_values[] = { + "hash", + "hash", + "DNS:example.com, IP:127.0.0.1", + "digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment," + "keyAgreement,keyCertSign,cRLSign,encipherOnly,decipherOnly", + "serverAuth,clientAuth,codeSigning,emailProtection,timeStamping," + "OCSPSigning", + }; + size_t i; + X509_EXTENSION* ext = NULL; + X509* x509 = NULL; + unsigned int keyUsageFlags; + unsigned int extKeyUsageFlags; + WOLFSSL_CONF conf; + WOLFSSL_X509V3_CTX ctx; +#ifndef NO_WOLFSSL_STUB + WOLFSSL_LHASH lhash; +#endif + + ExpectNotNull(x509 = X509_new()); + ExpectNull(X509V3_EXT_nconf(NULL, NULL, ext_names[0], NULL)); + ExpectNull(X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[0], NULL)); + ExpectNull(X509V3_EXT_nconf(NULL, NULL, "", ext_values[0])); + ExpectNull(X509V3_EXT_nconf_nid(NULL, NULL, 0, ext_values[0])); + + /* conf and ctx ignored. */ + ExpectNull(X509V3_EXT_nconf_nid(&conf, NULL, 0, ext_values[0])); + ExpectNull(X509V3_EXT_nconf_nid(NULL , &ctx, 0, ext_values[0])); + ExpectNull(X509V3_EXT_nconf_nid(&conf, &ctx, 0, ext_values[0])); + + /* keyUsage / extKeyUsage should match string above */ + keyUsageFlags = KU_DIGITAL_SIGNATURE + | KU_NON_REPUDIATION + | KU_KEY_ENCIPHERMENT + | KU_DATA_ENCIPHERMENT + | KU_KEY_AGREEMENT + | KU_KEY_CERT_SIGN + | KU_CRL_SIGN + | KU_ENCIPHER_ONLY + | KU_DECIPHER_ONLY; + extKeyUsageFlags = XKU_SSL_CLIENT + | XKU_SSL_SERVER + | XKU_CODE_SIGN + | XKU_SMIME + | XKU_TIMESTAMP + | XKU_OCSP_SIGN; + + for (i = 0; i < ext_names_count; i++) { + ExpectNotNull(ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i], + ext_values[i])); + X509_EXTENSION_free(ext); + ext = NULL; + } + + for (i = 0; i < ext_nids_count; i++) { + ExpectNotNull(ext = X509V3_EXT_nconf_nid(NULL, NULL, ext_nids[i], + ext_values[i])); + X509_EXTENSION_free(ext); + ext = NULL; + } + + /* Test adding extension to X509 */ + for (i = 0; i < ext_nids_count; i++) { + ExpectNotNull(ext = X509V3_EXT_nconf(NULL, NULL, ext_names[i], + ext_values[i])); + ExpectIntEQ(X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + + if (ext_nids[i] == NID_key_usage) { + ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags); + } + else if (ext_nids[i] == NID_ext_key_usage) { + ExpectIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags); + } + X509_EXTENSION_free(ext); + ext = NULL; + } + X509_free(x509); + +#ifndef NO_WOLFSSL_STUB + ExpectIntEQ(wolfSSL_X509V3_EXT_add_nconf(NULL, NULL, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectNull(wolfSSL_X509V3_EXT_conf_nid(NULL, NULL, 0, NULL)); + ExpectNull(wolfSSL_X509V3_EXT_conf_nid(&lhash, NULL, 0, NULL)); + wolfSSL_X509V3_set_ctx_nodb(NULL); +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509V3_EXT_bc(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_BASIC_CONSTRAINTS* bc = NULL; + WOLFSSL_ASN1_INTEGER* pathLen = NULL; + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new()); + if (pathLen != NULL) { + pathLen->length = 2; + } + + if (obj != NULL) { + obj->type = NID_basic_constraints; + obj->nid = NID_basic_constraints; + } + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectNotNull(wolfSSL_X509V3_EXT_get(ext)); + /* No pathlen set. */ + ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); + wolfSSL_BASIC_CONSTRAINTS_free(bc); + bc = NULL; + + if ((ext != NULL) && (ext->obj != NULL)) { + ext->obj->pathlen = pathLen; + pathLen = NULL; + } + /* pathlen set. */ + ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); + + wolfSSL_ASN1_INTEGER_free(pathLen); + wolfSSL_BASIC_CONSTRAINTS_free(bc); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509V3_EXT_san(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_STACK* sk = NULL; + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + + if (obj != NULL) { + obj->type = NID_subject_alt_name; + obj->nid = NID_subject_alt_name; + } + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectNotNull(wolfSSL_X509V3_EXT_get(ext)); + /* No extension stack set. */ + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + + ExpectNotNull(sk = wolfSSL_sk_new_null()); + if (ext != NULL) { + ext->ext_sk = sk; + sk = NULL; + } + /* Extension stack set. */ + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + + wolfSSL_sk_free(sk); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509V3_EXT_aia(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_STACK* sk = NULL; + WOLFSSL_STACK* node = NULL; + WOLFSSL_AUTHORITY_INFO_ACCESS* aia = NULL; + WOLFSSL_ASN1_OBJECT* entry = NULL; + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + + if (obj != NULL) { + obj->type = NID_info_access; + obj->nid = NID_info_access; + } + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectNotNull(wolfSSL_X509V3_EXT_get(ext)); + /* No extension stack set. */ + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + + ExpectNotNull(sk = wolfSSL_sk_new_null()); + if (ext != NULL) { + ext->ext_sk = sk; + sk = NULL; + } + /* Extension stack set but empty. */ + ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS *)wolfSSL_X509V3_EXT_d2i(ext)); + wolfSSL_AUTHORITY_INFO_ACCESS_free(aia); + aia = NULL; + + ExpectNotNull(entry = wolfSSL_ASN1_OBJECT_new()); + if (entry != NULL) { + entry->nid = WC_NID_ad_OCSP; + entry->obj = (const unsigned char*)"http://127.0.0.1"; + entry->objSz = 16; + } + ExpectNotNull(node = wolfSSL_sk_new_node(NULL)); + if ((node != NULL) && (ext != NULL)) { + node->type = STACK_TYPE_OBJ; + node->data.obj = entry; + entry = NULL; + ExpectIntEQ(wolfSSL_sk_push_node(&ext->ext_sk, node), WOLFSSL_SUCCESS); + if (EXPECT_SUCCESS()) { + node = NULL; + } + } + ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS *)wolfSSL_X509V3_EXT_d2i(ext)); + wolfSSL_ACCESS_DESCRIPTION_free(NULL); + + wolfSSL_AUTHORITY_INFO_ACCESS_pop_free(aia, + wolfSSL_ACCESS_DESCRIPTION_free); + wolfSSL_ASN1_OBJECT_free(entry); + wolfSSL_sk_free(node); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509V3_EXT(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + XFILE f = XBADFILE; + int numOfExt = 0, nid = 0, i = 0, expected, actual = 0; + char* str = NULL; + unsigned char* data = NULL; + const WOLFSSL_v3_ext_method* method = NULL; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_X509_EXTENSION* ext2 = NULL; + WOLFSSL_ASN1_OBJECT *obj = NULL; + WOLFSSL_ASN1_OBJECT *adObj = NULL; + WOLFSSL_ASN1_STRING* asn1str = NULL; + WOLFSSL_AUTHORITY_KEYID* aKeyId = NULL; + WOLFSSL_AUTHORITY_INFO_ACCESS* aia = NULL; + WOLFSSL_BASIC_CONSTRAINTS* bc = NULL; + WOLFSSL_ACCESS_DESCRIPTION* ad = NULL; + WOLFSSL_GENERAL_NAME* gn = NULL; + + /* Check NULL argument */ + ExpectNull(wolfSSL_X509V3_EXT_d2i(NULL)); + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = ext->obj->type = NID_ext_key_usage; + } + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = ext->obj->type = NID_certificate_policies; + } + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = ext->obj->type = NID_crl_distribution_points; + } + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = ext->obj->type = NID_subject_alt_name; + } + ExpectNull(wolfSSL_X509V3_EXT_d2i(ext)); + + wolfSSL_ASN1_OBJECT_free(obj); + obj = NULL; + wolfSSL_X509_EXTENSION_free(ext); + ext = NULL; + + /* Using OCSP cert with X509V3 extensions */ + ExpectTrue((f = XFOPEN("./certs/ocsp/root-ca-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectIntEQ((numOfExt = wolfSSL_X509_get_ext_count(x509)), 5); + + /* Basic Constraints */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_basic_constraints); + ExpectNotNull(bc = (WOLFSSL_BASIC_CONSTRAINTS*)wolfSSL_X509V3_EXT_d2i(ext)); + + ExpectIntEQ(bc->ca, 1); + ExpectNull(bc->pathlen); + wolfSSL_BASIC_CONSTRAINTS_free(bc); + bc = NULL; + i++; + + /* Subject Key Identifier */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_subject_key_identifier); + + ExpectNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext)); + ExpectNotNull(ext2 = wolfSSL_X509V3_EXT_i2d(NID_subject_key_identifier, 0, + asn1str)); + X509_EXTENSION_free(ext2); + ext2 = NULL; + ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); + ExpectNotNull(method->i2s); + ExpectNotNull(str = method->i2s((WOLFSSL_v3_ext_method*)method, asn1str)); + wolfSSL_ASN1_STRING_free(asn1str); + asn1str = NULL; + if (str != NULL) { + actual = strcmp(str, + "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21"); + } + ExpectIntEQ(actual, 0); + XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); + str = NULL; + i++; + + /* Authority Key Identifier */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_authority_key_identifier); + + ExpectNotNull(aKeyId = (WOLFSSL_AUTHORITY_KEYID*)wolfSSL_X509V3_EXT_d2i( + ext)); + ExpectNotNull(method = wolfSSL_X509V3_EXT_get(ext)); + ExpectNotNull(asn1str = aKeyId->keyid); + ExpectNotNull(str = wolfSSL_i2s_ASN1_STRING((WOLFSSL_v3_ext_method*)method, + asn1str)); + asn1str = NULL; + if (str != NULL) { + actual = strcmp(str, + "73:B0:1C:A4:2F:82:CB:CF:47:A5:38:D7:B0:04:82:3A:7E:72:15:21"); + } + ExpectIntEQ(actual, 0); + XFREE(str, NULL, DYNAMIC_TYPE_TMP_BUFFER); + str = NULL; + wolfSSL_AUTHORITY_KEYID_free(aKeyId); + aKeyId = NULL; + i++; + + /* Key Usage */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_key_usage); + + ExpectNotNull(asn1str = (WOLFSSL_ASN1_STRING*)wolfSSL_X509V3_EXT_d2i(ext)); +#if defined(WOLFSSL_QT) + ExpectNotNull(data = (unsigned char*)ASN1_STRING_get0_data(asn1str)); +#else + ExpectNotNull(data = wolfSSL_ASN1_STRING_data(asn1str)); +#endif + expected = KEYUSE_KEY_CERT_SIGN | KEYUSE_CRL_SIGN; + if (data != NULL) { + #ifdef BIG_ENDIAN_ORDER + actual = data[1]; + #else + actual = data[0]; + #endif + } + ExpectIntEQ(actual, expected); + wolfSSL_ASN1_STRING_free(asn1str); + asn1str = NULL; + ExpectIntEQ(wolfSSL_X509_get_keyUsage(NULL), 0); + ExpectIntEQ(wolfSSL_X509_get_keyUsage(x509), expected); + i++; + + /* Authority Info Access */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, i)); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ((nid = wolfSSL_OBJ_obj2nid(obj)), NID_info_access); + ExpectNotNull(aia = (WOLFSSL_AUTHORITY_INFO_ACCESS*)wolfSSL_X509V3_EXT_d2i( + ext)); +#if defined(WOLFSSL_QT) + ExpectIntEQ(OPENSSL_sk_num(aia), 1); /* Only one URI entry for this cert */ +#else + ExpectIntEQ(wolfSSL_sk_num(aia), 1); /* Only one URI entry for this cert */ +#endif + /* URI entry is an ACCESS_DESCRIPTION type */ +#if defined(WOLFSSL_QT) + ExpectNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)wolfSSL_sk_value(aia, 0)); +#else + ExpectNotNull(ad = (WOLFSSL_ACCESS_DESCRIPTION*)OPENSSL_sk_value(aia, 0)); +#endif + ExpectNotNull(adObj = ad->method); + /* Make sure nid is OCSP */ + ExpectIntEQ(wolfSSL_OBJ_obj2nid(adObj), NID_ad_OCSP); + + /* GENERAL_NAME stores URI as an ASN1_STRING */ + ExpectNotNull(gn = ad->location); + ExpectIntEQ(gn->type, GEN_URI); /* Type should always be GEN_URI */ + ExpectNotNull(asn1str = gn->d.uniformResourceIdentifier); + ExpectIntEQ(wolfSSL_ASN1_STRING_length(asn1str), 22); +#if defined(WOLFSSL_QT) + ExpectNotNull(str = (char*)ASN1_STRING_get0_data(asn1str)); +#else + ExpectNotNull(str = (char*)wolfSSL_ASN1_STRING_data(asn1str)); +#endif + if (str != NULL) { + actual = strcmp(str, "http://127.0.0.1:22220"); + } + ExpectIntEQ(actual, 0); + + ExpectIntEQ(wolfSSL_sk_ACCESS_DESCRIPTION_num(NULL), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_sk_ACCESS_DESCRIPTION_num(aia), 1); + ExpectNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(NULL, 0)); + ExpectNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(aia, 1)); + ExpectNotNull(wolfSSL_sk_ACCESS_DESCRIPTION_value(aia, 0)); + wolfSSL_sk_ACCESS_DESCRIPTION_pop_free(aia, NULL); + aia = NULL; + +#ifndef NO_WOLFSSL_STUB + ExpectNull(wolfSSL_X509_delete_ext(x509, 0)); +#endif + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_get_extension_flags(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + XFILE f = XBADFILE; + X509* x509 = NULL; + unsigned int extFlags; + unsigned int keyUsageFlags; + unsigned int extKeyUsageFlags; + + ExpectIntEQ(X509_get_extension_flags(NULL), 0); + ExpectIntEQ(X509_get_key_usage(NULL), 0); + ExpectIntEQ(X509_get_extended_key_usage(NULL), 0); + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(X509_get_extension_flags(x509), 0); + ExpectIntEQ(X509_get_key_usage(x509), -1); + ExpectIntEQ(X509_get_extended_key_usage(x509), 0); + wolfSSL_X509_free(x509); + x509 = NULL; + + /* client-int-cert.pem has the following extension flags. */ + extFlags = EXFLAG_KUSAGE | EXFLAG_XKUSAGE; + /* and the following key usage flags. */ + keyUsageFlags = KU_DIGITAL_SIGNATURE + | KU_NON_REPUDIATION + | KU_KEY_ENCIPHERMENT; + /* and the following extended key usage flags. */ + extKeyUsageFlags = XKU_SSL_CLIENT | XKU_SMIME; + + ExpectTrue((f = XFOPEN("./certs/intermediate/client-int-cert.pem", "rb")) != + XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + ExpectIntEQ(X509_get_extension_flags(x509), extFlags); + ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags); + ExpectIntEQ(X509_get_extended_key_usage(x509), extKeyUsageFlags); + X509_free(x509); + x509 = NULL; + + /* client-cert-ext.pem has the following extension flags. */ + extFlags = EXFLAG_KUSAGE; + /* and the following key usage flags. */ + keyUsageFlags = KU_DIGITAL_SIGNATURE + | KU_KEY_CERT_SIGN + | KU_CRL_SIGN; + + ExpectTrue((f = fopen("./certs/client-cert-ext.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + ExpectIntEQ(X509_get_extension_flags(x509), extFlags); + ExpectIntEQ(X509_get_key_usage(x509), keyUsageFlags); + X509_free(x509); +#endif /* OPENSSL_ALL */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_get_ext(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + int ret = 0; + XFILE f = XBADFILE; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* foundExtension; + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + ExpectIntEQ((ret = wolfSSL_X509_get_ext_count(x509)), 5); + + /* wolfSSL_X509_get_ext() valid input */ + ExpectNotNull(foundExtension = wolfSSL_X509_get_ext(x509, 0)); + + /* wolfSSL_X509_get_ext() valid x509, idx out of bounds */ + ExpectNull(foundExtension = wolfSSL_X509_get_ext(x509, -1)); + ExpectNull(foundExtension = wolfSSL_X509_get_ext(x509, 100)); + + /* wolfSSL_X509_get_ext() NULL x509, idx out of bounds */ + ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, -1)); + ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, 100)); + + /* wolfSSL_X509_get_ext() NULL x509, valid idx */ + ExpectNull(foundExtension = wolfSSL_X509_get_ext(NULL, 0)); + + ExpectNull(wolfSSL_X509_get0_extensions(NULL)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_get_ext_by_NID(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + int rc = 0; + XFILE f = XBADFILE; + WOLFSSL_X509* x509 = NULL; + ASN1_OBJECT* obj = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + ExpectIntEQ(wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, -1), + WOLFSSL_FATAL_ERROR); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, + -1), 0); + ExpectIntGE(wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, 20), + -1); + + /* Start search from last location (should fail) */ + ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, + rc), -1); + + ExpectIntGE(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_basic_constraints, + -2), -1); + + ExpectIntEQ(rc = wolfSSL_X509_get_ext_by_NID(NULL, NID_basic_constraints, + -1), -1); + + ExpectIntEQ(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_undef, -1), -1); + + /* NID_ext_key_usage, check also its nid and oid */ + ExpectIntGT(rc = wolfSSL_X509_get_ext_by_NID(x509, NID_ext_key_usage, -1), + -1); + ExpectNotNull(obj = wolfSSL_X509_EXTENSION_get_object(wolfSSL_X509_get_ext( + x509, rc))); + ExpectIntEQ(obj->nid, NID_ext_key_usage); + ExpectIntEQ(obj->type, EXT_KEY_USAGE_OID); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_get_ext_subj_alt_name(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + int rc = 0; + XFILE f = XBADFILE; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_STRING* sanString = NULL; + byte* sanDer = NULL; + + const byte expectedDer[] = { + 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, + 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01}; + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectIntNE(rc = X509_get_ext_by_NID(x509, NID_subject_alt_name, -1), -1); + ExpectNotNull(ext = X509_get_ext(x509, rc)); + ExpectNotNull(sanString = X509_EXTENSION_get_data(ext)); + ExpectIntEQ(ASN1_STRING_length(sanString), sizeof(expectedDer)); + ExpectNotNull(sanDer = ASN1_STRING_data(sanString)); + ExpectIntEQ(XMEMCMP(sanDer, expectedDer, sizeof(expectedDer)), 0); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_set_ext(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509* x509 = NULL; + XFILE f = XBADFILE; + int loc; + + ExpectNull(wolfSSL_X509_set_ext(NULL, 0)); + + ExpectNotNull(x509 = wolfSSL_X509_new()); + /* Location too small. */ + ExpectNull(wolfSSL_X509_set_ext(x509, -1)); + /* Location too big. */ + ExpectNull(wolfSSL_X509_set_ext(x509, 1)); + /* No DER encoding. */ + ExpectNull(wolfSSL_X509_set_ext(x509, 0)); + wolfSSL_X509_free(x509); + x509 = NULL; + + ExpectTrue((f = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) { + XFCLOSE(f); + } + for (loc = 0; loc < wolfSSL_X509_get_ext_count(x509); loc++) { + ExpectNotNull(wolfSSL_X509_set_ext(x509, loc)); + } + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_ALL) +static int test_X509_add_basic_constraints(WOLFSSL_X509* x509) +{ + EXPECT_DECLS; + const byte basicConsObj[] = { 0x06, 0x03, 0x55, 0x1d, 0x13 }; + const byte* p; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + ASN1_INTEGER* pathLen = NULL; + + p = basicConsObj; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, + sizeof(basicConsObj))); + if (obj != NULL) { + obj->type = NID_basic_constraints; + } + ExpectNotNull(pathLen = wolfSSL_ASN1_INTEGER_new()); + if (pathLen != NULL) { + pathLen->length = 2; + } + if (obj != NULL) { + obj->ca = 0; + } + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + if (ext != NULL && ext->obj != NULL) { + ext->obj->ca = 0; + ext->obj->pathlen = pathLen; + } + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->isCa, 0); + ExpectIntEQ(x509->pathLength, 2); + if (ext != NULL && ext->obj != NULL) { + /* Add second time to without path length. */ + ext->obj->ca = 1; + ext->obj->pathlen = NULL; + } + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->isCa, 1); + ExpectIntEQ(x509->pathLength, 2); + ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(NULL), 0); + ExpectIntEQ(wolfSSL_X509_get_isSet_pathLength(x509), 1); + ExpectIntEQ(wolfSSL_X509_get_pathLength(NULL), 0); + ExpectIntEQ(wolfSSL_X509_get_pathLength(x509), 2); + + wolfSSL_ASN1_INTEGER_free(pathLen); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + + return EXPECT_RESULT(); +} + +static int test_X509_add_key_usage(WOLFSSL_X509* x509) +{ + EXPECT_DECLS; + const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x0f }; + const byte data[] = { 0x04, 0x02, 0x01, 0x80 }; + const byte emptyData[] = { 0x04, 0x00 }; + const char* strData = "digitalSignature,keyCertSign"; + const byte* p; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_ASN1_STRING* str = NULL; + + p = objData; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); + if (obj != NULL) { + obj->type = NID_key_usage; + } + p = data; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + /* No Data - no change. */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->keyUsage, KEYUSE_DECIPHER_ONLY | KEYUSE_ENCIPHER_ONLY); + + /* Add second time with string to interpret. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectIntEQ(ASN1_STRING_set(str, strData, (word32)XSTRLEN(strData) + 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->keyUsage, KEYUSE_DIGITAL_SIG | KEYUSE_KEY_CERT_SIGN); + + /* Empty data. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + p = emptyData; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, + (long)sizeof(emptyData))); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); + + /* Invalid string to parse. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectIntEQ(ASN1_STRING_set(str, "bad", 4), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); + + wolfSSL_ASN1_STRING_free(str); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + + return EXPECT_RESULT(); +} + +static int test_X509_add_ext_key_usage(WOLFSSL_X509* x509) +{ + EXPECT_DECLS; + const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x25 }; + const byte data[] = { 0x04, 0x01, 0x01 }; + const byte emptyData[] = { 0x04, 0x00 }; + const char* strData = "serverAuth,codeSigning"; + const byte* p; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_ASN1_STRING* str = NULL; + + p = objData; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); + if (obj != NULL) { + obj->type = NID_ext_key_usage; + } + p = data; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + /* No Data - no change. */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->extKeyUsage, EXTKEYUSE_ANY); + + /* Add second time with string to interpret. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectIntEQ(ASN1_STRING_set(str, strData, (word32)XSTRLEN(strData) + 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + ExpectIntEQ(x509->extKeyUsage, EXTKEYUSE_SERVER_AUTH | EXTKEYUSE_CODESIGN); + + /* Empty data. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + p = emptyData; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, + (long)sizeof(emptyData))); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); + + /* Invalid string to parse. */ + wolfSSL_ASN1_STRING_free(str); + str = NULL; + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ExpectIntEQ(ASN1_STRING_set(str, "bad", 4), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_FAILURE); + + wolfSSL_ASN1_STRING_free(str); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + + return EXPECT_RESULT(); +} + +static int test_x509_add_auth_key_id(WOLFSSL_X509* x509) +{ + EXPECT_DECLS; + const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x23 }; + const byte data[] = { + 0x04, 0x81, 0xcc, 0x30, 0x81, 0xc9, 0x80, 0x14, + 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, + 0x3f, 0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, + 0x30, 0xe5, 0xe8, 0xd5, 0xa1, 0x81, 0x9a, 0xa4, + 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, + 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, + 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74, + 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, + 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, + 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, + 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, + 0x6d, 0x82, 0x14, 0x33, 0x44, 0x1a, 0xa8, 0x6c, + 0x01, 0xec, 0xf6, 0x60, 0xf2, 0x70, 0x51, 0x0a, + 0x4c, 0xd1, 0x14, 0xfa, 0xbc, 0xe9, 0x44 + }; + const byte* p; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_ASN1_STRING* str = NULL; + + p = objData; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); + if (obj != NULL) { + obj->type = NID_authority_key_identifier; + } + p = data; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + + /* Add second time with string to interpret. */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + + wolfSSL_ASN1_STRING_free(str); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + + return EXPECT_RESULT(); +} + +static int test_x509_add_subj_key_id(WOLFSSL_X509* x509) +{ + EXPECT_DECLS; + const byte objData[] = { 0x06, 0x03, 0x55, 0x1d, 0x0e }; + const byte data[] = { + 0x04, 0x16, 0x04, 0x14, 0xb3, 0x11, 0x32, 0xc9, + 0x92, 0x98, 0x84, 0xe2, 0xc9, 0xf8, 0xd0, 0x3b, + 0x6e, 0x03, 0x42, 0xca, 0x1f, 0x0e, 0x8e, 0x3c + }; + const byte* p; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_ASN1_STRING* str = NULL; + + p = objData; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, sizeof(objData))); + if (obj != NULL) { + obj->type = NID_subject_key_identifier; + } + p = data; + ExpectNotNull(str = d2i_ASN1_OCTET_STRING(NULL, &p, (long)sizeof(data))); + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, str), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + /* Add second time with string to interpret. */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + + wolfSSL_ASN1_STRING_free(str); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_X509_EXTENSION_free(ext); + + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_X509_add_ext(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext_empty = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + WOLFSSL_ASN1_STRING* data = NULL; + const byte* p; + const byte subjAltNameObj[] = { 0x06, 0x03, 0x55, 0x1d, 0x11 }; + const byte subjAltName[] = { + 0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, + 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01 + }; + + ExpectNotNull(x509 = wolfSSL_X509_new()); + + /* Create extension: Subject Alternative Name */ + ExpectNotNull(ext_empty = wolfSSL_X509_EXTENSION_new()); + p = subjAltName; + ExpectNotNull(data = d2i_ASN1_OCTET_STRING(NULL, &p, + (long)sizeof(subjAltName))); + p = subjAltNameObj; + ExpectNotNull(obj = wolfSSL_d2i_ASN1_OBJECT(NULL, &p, + sizeof(subjAltNameObj))); + if (obj != NULL) { + obj->type = NID_subject_alt_name; + } + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_data(ext, data), WOLFSSL_SUCCESS); + + /* Failure cases. */ + ExpectIntEQ(wolfSSL_X509_add_ext(NULL, NULL, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, NULL, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(NULL, ext, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(NULL, NULL, -1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(NULL, ext, -1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, NULL, -1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, 0), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext_empty, -1), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Add: Subject Alternative Name */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + /* Add second time to ensure no memory leaks. */ + ExpectIntEQ(wolfSSL_X509_add_ext(x509, ext, -1), WOLFSSL_SUCCESS); + + wolfSSL_X509_EXTENSION_free(ext); + wolfSSL_ASN1_OBJECT_free(obj); + wolfSSL_ASN1_STRING_free(data); + wolfSSL_X509_EXTENSION_free(ext_empty); + + EXPECT_TEST(test_X509_add_basic_constraints(x509)); + EXPECT_TEST(test_X509_add_key_usage(x509)); + EXPECT_TEST(test_X509_add_ext_key_usage(x509)); + EXPECT_TEST(test_x509_add_auth_key_id(x509)); + EXPECT_TEST(test_x509_add_subj_key_id(x509)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_EXTENSION_new(void) +{ + EXPECT_DECLS; +#if defined (OPENSSL_ALL) + WOLFSSL_X509_EXTENSION* ext = NULL; + + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(ext->obj = wolfSSL_ASN1_OBJECT_new()); + + wolfSSL_X509_EXTENSION_free(NULL); + wolfSSL_X509_EXTENSION_free(ext); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_EXTENSION_dup(void) +{ + EXPECT_DECLS; +#if defined (OPENSSL_ALL) + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_X509_EXTENSION* dup = NULL; + + ExpectNull(wolfSSL_X509_EXTENSION_dup(NULL)); + ExpectNotNull(ext = wolfSSL_X509_EXTENSION_new()); + ExpectNotNull(dup = wolfSSL_X509_EXTENSION_dup(ext)); + + wolfSSL_X509_EXTENSION_free(dup); + wolfSSL_X509_EXTENSION_free(ext); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_EXTENSION_get_object(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_X509_EXTENSION* dup = NULL; + WOLFSSL_ASN1_OBJECT* o = NULL; + XFILE file = XBADFILE; + + ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + + /* wolfSSL_X509_EXTENSION_get_object() testing ext idx 0 */ + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); + ExpectNull(wolfSSL_X509_EXTENSION_get_object(NULL)); + ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ(o->nid, SUBJ_KEY_OID); + ExpectNotNull(dup = wolfSSL_X509_EXTENSION_dup(ext)); + wolfSSL_X509_EXTENSION_free(dup); + + /* wolfSSL_X509_EXTENSION_get_object() NULL argument */ + ExpectNull(o = wolfSSL_X509_EXTENSION_get_object(NULL)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_EXTENSION_get_data(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_STRING* str = NULL; + XFILE file = XBADFILE; +#ifndef WOLFSSL_OLD_EXTDATA_FMT + const byte ext_data[] = { + 0x04, 0x14, 0xB3, 0x11, 0x32, 0xC9, 0x92, 0x98, + 0x84, 0xE2, 0xC9, 0xF8, 0xD0, 0x3B, 0x6E, 0x03, + 0x42, 0xCA, 0x1F, 0x0E, 0x8E, 0x3C, + }; +#endif + + ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); + + ExpectNull(str = wolfSSL_X509_EXTENSION_get_data(NULL)); + ExpectNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext)); + +#ifndef WOLFSSL_OLD_EXTDATA_FMT + ExpectIntEQ(str->length, sizeof (ext_data)); + ExpectBufEQ(str->data, ext_data, sizeof (ext_data)); +#endif + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_EXTENSION_get_critical(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + XFILE file = XBADFILE; + int crit = 0; + + ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); + + ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_EXTENSION_create_by_OBJ(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_RSA) + XFILE file = XBADFILE; + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509* empty = NULL; + WOLFSSL_X509_EXTENSION* ext = NULL; + WOLFSSL_X509_EXTENSION* ext2 = NULL; + WOLFSSL_X509_EXTENSION* ext3 = NULL; + WOLFSSL_ASN1_OBJECT* o = NULL; + int crit = 0; + WOLFSSL_ASN1_STRING* str = NULL; + + ExpectTrue((file = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); + if (file != XBADFILE) + XFCLOSE(file); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, 0)); + + ExpectNotNull(o = wolfSSL_X509_EXTENSION_get_object(ext)); + ExpectIntEQ(crit = wolfSSL_X509_EXTENSION_get_critical(ext), 0); + ExpectNotNull(str = wolfSSL_X509_EXTENSION_get_data(ext)); + + ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, NULL, 0, NULL)); + ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, o, 0, NULL)); + ExpectNull(wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, NULL, 0, str)); + ExpectNotNull(ext2 = wolfSSL_X509_EXTENSION_create_by_OBJ(NULL, o, crit, + str)); + ExpectNotNull(ext3 = wolfSSL_X509_EXTENSION_create_by_OBJ(ext2, o, crit, + str)); + if (ext3 == NULL) { + wolfSSL_X509_EXTENSION_free(ext2); + } + wolfSSL_X509_EXTENSION_free(ext3); + + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(NULL, NULL, -1), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(NULL, o, -1), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectNotNull(empty = wolfSSL_X509_new()); + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(empty, NULL, -1), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(empty, o, -1), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + wolfSSL_X509_free(empty); + empty = NULL; + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(x509, o, -2), 0); + ExpectIntEQ(wolfSSL_X509_get_ext_by_OBJ(x509, o, 0), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + + wolfSSL_X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509V3_EXT_print(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_ALL) && !defined(NO_BIO) && \ + !defined(NO_RSA) + + { + XFILE f = XBADFILE; + WOLFSSL_X509* x509 = NULL; + X509_EXTENSION * ext = NULL; + int loc = 0; + BIO *bio = NULL; + + ExpectTrue((f = XFOPEN(svrCertFile, "rb")) != XBADFILE); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(f, NULL, NULL, NULL)); + if (f != XBADFILE) + fclose(f); + + ExpectNotNull(bio = wolfSSL_BIO_new(BIO_s_mem())); + + ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509, + NID_basic_constraints, -1), -1); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); + + /* Failure cases. */ + ExpectIntEQ(wolfSSL_X509V3_EXT_print(NULL, NULL, 0, 0), + WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio , NULL, 0, 0), + WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509V3_EXT_print(NULL, ext , 0, 0), + WOLFSSL_FAILURE); + /* Good case. */ + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); + + ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509, + NID_subject_key_identifier, -1), -1); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); + + ExpectIntGT(loc = wolfSSL_X509_get_ext_by_NID(x509, + NID_authority_key_identifier, -1), -1); + ExpectNotNull(ext = wolfSSL_X509_get_ext(x509, loc)); + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_SUCCESS); + + wolfSSL_BIO_free(bio); + wolfSSL_X509_free(x509); + } + + { + X509 *x509 = NULL; + BIO *bio = NULL; + X509_EXTENSION *ext = NULL; + unsigned int i = 0; + unsigned int idx = 0; + /* Some NIDs to test with */ + int nids[] = { + /* NID_key_usage, currently X509_get_ext returns this as a bit + * string, which messes up X509V3_EXT_print */ + /* NID_ext_key_usage, */ + NID_subject_alt_name, + }; + int* n = NULL; + + ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE)); + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFileExt, + WOLFSSL_FILETYPE_PEM)); + + ExpectIntGT(fprintf(stderr, "\nPrinting extension values:\n"), 0); + + for (i = 0, n = nids; i<(sizeof(nids)/sizeof(int)); i++, n++) { + /* X509_get_ext_by_NID should return 3 for now. If that changes then + * update the index */ + ExpectIntEQ((idx = X509_get_ext_by_NID(x509, *n, -1)), 3); + ExpectNotNull(ext = X509_get_ext(x509, (int)idx)); + ExpectIntEQ(X509V3_EXT_print(bio, ext, 0, 0), 1); + ExpectIntGT(fprintf(stderr, "\n"), 0); + } + + BIO_free(bio); + X509_free(x509); + } + + { + BIO* bio = NULL; + X509_EXTENSION* ext = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; + + ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE)); + ExpectNotNull(ext = X509_EXTENSION_new()); + + /* No object. */ + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), WOLFSSL_FAILURE); + + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + ExpectIntEQ(wolfSSL_X509_EXTENSION_set_object(ext, obj), + WOLFSSL_SUCCESS); + + /* NID not supported yet - just doesn't write anything. */ + if (ext != NULL && ext->obj != NULL) { + ext->obj->nid = AUTH_INFO_OID; + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), + WOLFSSL_SUCCESS); + ext->obj->nid = CERT_POLICY_OID; + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), + WOLFSSL_SUCCESS); + ext->obj->nid = CRL_DIST_OID; + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), + WOLFSSL_SUCCESS); + ext->obj->nid = KEY_USAGE_OID; + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), + WOLFSSL_SUCCESS); + + ext->obj->nid = EXT_KEY_USAGE_OID; + ExpectIntEQ(wolfSSL_X509V3_EXT_print(bio, ext, 0, 0), + WOLFSSL_SUCCESS); + } + + wolfSSL_ASN1_OBJECT_free(obj); + X509_EXTENSION_free(ext); + BIO_free(bio); + } +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_cmp(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + XFILE file1 = XBADFILE; + XFILE file2 = XBADFILE; + WOLFSSL_X509* cert1 = NULL; + WOLFSSL_X509* cert2 = NULL; + WOLFSSL_X509* empty = NULL; + + ExpectTrue((file1 = XFOPEN("./certs/server-cert.pem", "rb")) != XBADFILE); + ExpectTrue((file2 = XFOPEN("./certs/3072/client-cert.pem", "rb")) != + XBADFILE); + + ExpectNotNull(cert1 = wolfSSL_PEM_read_X509(file1, NULL, NULL, NULL)); + ExpectNotNull(cert2 = wolfSSL_PEM_read_X509(file2, NULL, NULL, NULL)); + if (file1 != XBADFILE) + fclose(file1); + if (file2 != XBADFILE) + fclose(file2); + + ExpectNotNull(empty = wolfSSL_X509_new()); + + /* wolfSSL_X509_cmp() testing matching certs */ + ExpectIntEQ(0, wolfSSL_X509_cmp(cert1, cert1)); + + /* wolfSSL_X509_cmp() testing mismatched certs */ + ExpectIntEQ(-1, wolfSSL_X509_cmp(cert1, cert2)); + + /* wolfSSL_X509_cmp() testing NULL, valid args */ + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, cert2)); + + /* wolfSSL_X509_cmp() testing valid, NULL args */ + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(cert1, NULL)); + + /* wolfSSL_X509_cmp() testing NULL, NULL args */ + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wolfSSL_X509_cmp(NULL, NULL)); + + /* wolfSSL_X509_cmp() testing empty cert */ + ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(empty, cert2)); + ExpectIntEQ(WOLFSSL_FATAL_ERROR, wolfSSL_X509_cmp(cert1, empty)); + + wolfSSL_X509_free(empty); + wolfSSL_X509_free(cert2); + wolfSSL_X509_free(cert1); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_PKEY_up_ref(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) + EVP_PKEY* pkey; + + pkey = EVP_PKEY_new(); + ExpectNotNull(pkey); + ExpectIntEQ(EVP_PKEY_up_ref(NULL), 0); + ExpectIntEQ(EVP_PKEY_up_ref(pkey), 1); + EVP_PKEY_free(pkey); + ExpectIntEQ(EVP_PKEY_up_ref(pkey), 1); + EVP_PKEY_free(pkey); + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_d2i_and_i2d_PublicKey(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) + EVP_PKEY* pkey = NULL; + const unsigned char* p; + unsigned char *der = NULL; + unsigned char *tmp = NULL; + int derLen; + + p = client_keypub_der_2048; + /* Check that key can be successfully decoded. */ + ExpectNotNull(pkey = wolfSSL_d2i_PublicKey(EVP_PKEY_RSA, NULL, &p, + sizeof_client_keypub_der_2048)); + /* Check that key can be successfully encoded. */ + ExpectIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &der)), 0); + /* Ensure that the encoded version matches the original. */ + ExpectIntEQ(derLen, sizeof_client_keypub_der_2048); + ExpectIntEQ(XMEMCMP(der, client_keypub_der_2048, derLen), 0); + + /* Do same test except with pre-allocated buffer to ensure the der pointer + * is advanced. */ + tmp = der; + ExpectIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &tmp)), 0); + ExpectIntEQ(derLen, sizeof_client_keypub_der_2048); + ExpectIntEQ(XMEMCMP(der, client_keypub_der_2048, derLen), 0); + ExpectTrue(der + derLen == tmp); + + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_d2i_and_i2d_PublicKey_ecc(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(NO_CERTS) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) + EVP_PKEY* pkey = NULL; + const unsigned char* p; + unsigned char *der = NULL; + unsigned char *tmp = NULL; + int derLen; + unsigned char pub_buf[65]; + unsigned char pub_spki_buf[91]; + const int pub_len = 65; + const int pub_spki_len = 91; + BN_CTX* ctx = NULL; + EC_GROUP* curve = NULL; + EC_KEY* ephemeral_key = NULL; + const EC_POINT* h = NULL; + ecc_key *eccKey = NULL; + + /* Generate an x963 key pair and get public part into pub_buf */ + ExpectNotNull(ctx = BN_CTX_new()); + ExpectNotNull(curve = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); + ExpectNotNull(ephemeral_key = EC_KEY_new_by_curve_name( + NID_X9_62_prime256v1)); + ExpectIntEQ(EC_KEY_generate_key(ephemeral_key), 1); + ExpectNotNull(h = EC_KEY_get0_public_key(ephemeral_key)); + ExpectIntEQ(pub_len, EC_POINT_point2oct(curve, h, + POINT_CONVERSION_UNCOMPRESSED, pub_buf, pub_len, ctx)); + /* Create an ecc key struct from the point. + Use it to create a DER with the appropriate + SubjectPublicKeyInfo format. */ + ExpectNotNull(eccKey = (ecc_key *)XMALLOC(sizeof(*eccKey), NULL, + DYNAMIC_TYPE_ECC)); + ExpectIntEQ(wc_ecc_init(eccKey), 0); + ExpectIntEQ(wc_ecc_import_x963(pub_buf, pub_len, eccKey), 0); + ExpectIntEQ(derLen = wc_EccPublicKeyDerSize(eccKey, 1), + pub_spki_len); + ExpectIntEQ(derLen = wc_EccPublicKeyToDer(eccKey, pub_spki_buf, + pub_spki_len, 1), pub_spki_len); + /* Prepare the EVP_PKEY */ + ExpectNotNull(pkey = EVP_PKEY_new()); + + p = pub_buf; + /* Check that key can be successfully decoded. */ + ExpectNotNull(wolfSSL_d2i_PublicKey(EVP_PKEY_EC, &pkey, &p, + pub_len)); + + /* Check that key can be successfully encoded. */ + ExpectIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &der)), 0); + /* Ensure that the encoded version matches the original. */ + ExpectIntEQ(derLen, pub_spki_len); + ExpectIntEQ(XMEMCMP(der, pub_spki_buf, derLen), 0); + + /* Do same test except with pre-allocated buffer to ensure the der pointer + * is advanced. */ + tmp = der; + ExpectIntGE((derLen = wolfSSL_i2d_PublicKey(pkey, &tmp)), 0); + ExpectIntEQ(derLen, pub_spki_len); + ExpectIntEQ(XMEMCMP(der, pub_spki_buf, derLen), 0); + ExpectTrue(der + derLen == tmp); + + wc_ecc_free(eccKey); + XFREE(eccKey, NULL, DYNAMIC_TYPE_ECC); + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + EVP_PKEY_free(pkey); + EC_KEY_free(ephemeral_key); + EC_GROUP_free(curve); + BN_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_d2i_and_i2d_DSAparams(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_DSA) + DSA* dsa = NULL; + byte derIn[] = { + 0x30, 0x82, 0x01, 0x1f, 0x02, 0x81, 0x81, 0x00, + 0xcd, 0xde, 0x25, 0x68, 0x80, 0x53, 0x0d, 0xe5, + 0x77, 0xd6, 0xd2, 0x90, 0x39, 0x3f, 0x90, 0xa2, + 0x3f, 0x33, 0x94, 0x6e, 0xe8, 0x4f, 0x2b, 0x63, + 0xab, 0x30, 0xab, 0x15, 0xba, 0x11, 0xea, 0x8a, + 0x5d, 0x8d, 0xcc, 0xb8, 0xd4, 0xa1, 0xd5, 0xc1, + 0x47, 0x9d, 0x5a, 0x73, 0x6a, 0x62, 0x49, 0xd1, + 0x06, 0x07, 0x67, 0xf6, 0x2f, 0xa3, 0x39, 0xbd, + 0x4e, 0x0d, 0xb4, 0xd3, 0x22, 0x23, 0x84, 0xec, + 0x93, 0x26, 0x5a, 0x49, 0xee, 0x7c, 0x89, 0x48, + 0x66, 0x4d, 0xe8, 0xe8, 0xd8, 0x50, 0xfb, 0xa5, + 0x71, 0x9f, 0x22, 0x18, 0xe5, 0xe6, 0x0b, 0x46, + 0x87, 0x66, 0xee, 0x52, 0x8f, 0x46, 0x4f, 0xb5, + 0x03, 0xce, 0xed, 0xe3, 0xbe, 0xe5, 0xb5, 0x81, + 0xd2, 0x59, 0xe9, 0xc0, 0xad, 0x4d, 0xd0, 0x4d, + 0x26, 0xf7, 0xba, 0x50, 0xe8, 0xc9, 0x8f, 0xfe, + 0x24, 0x19, 0x3d, 0x2e, 0xa7, 0x52, 0x3c, 0x6d, + 0x02, 0x15, 0x00, 0xfb, 0x47, 0xfb, 0xec, 0x81, + 0x20, 0xc8, 0x1c, 0xe9, 0x4a, 0xba, 0x04, 0x6f, + 0x19, 0x9b, 0x94, 0xee, 0x82, 0x67, 0xd3, 0x02, + 0x81, 0x81, 0x00, 0x9b, 0x95, 0xbb, 0x85, 0xc5, + 0x58, 0x4a, 0x32, 0x9c, 0xaa, 0x44, 0x85, 0xd6, + 0x68, 0xdc, 0x3e, 0x14, 0xf4, 0xce, 0x6d, 0xa3, + 0x49, 0x38, 0xea, 0xd6, 0x61, 0x48, 0x92, 0x5a, + 0x40, 0x95, 0x49, 0x38, 0xaa, 0xe1, 0x39, 0x29, + 0x68, 0x58, 0x47, 0x8a, 0x4b, 0x01, 0xe1, 0x2e, + 0x8e, 0x6c, 0x63, 0x6f, 0x40, 0xca, 0x50, 0x3f, + 0x8c, 0x0b, 0x99, 0xe4, 0x72, 0x42, 0xb8, 0xb1, + 0xc2, 0x26, 0x48, 0xf1, 0x9c, 0x83, 0xc6, 0x37, + 0x2e, 0x5a, 0xae, 0x11, 0x09, 0xd9, 0xf3, 0xad, + 0x1f, 0x6f, 0xad, 0xad, 0x50, 0xe3, 0x78, 0x32, + 0xe6, 0xde, 0x8e, 0xaa, 0xbf, 0xd1, 0x00, 0x9f, + 0xb3, 0x02, 0x12, 0x19, 0xa2, 0x15, 0xec, 0x14, + 0x18, 0x5c, 0x0e, 0x26, 0xce, 0xf9, 0xae, 0xcc, + 0x7b, 0xb5, 0xd1, 0x26, 0xfc, 0x85, 0xfe, 0x14, + 0x93, 0xb6, 0x9d, 0x7d, 0x76, 0xe3, 0x35, 0x97, + 0x1e, 0xde, 0xc4 + }; + int derInLen = sizeof(derIn); + byte* derOut = NULL; + int derOutLen; + byte* p = derIn; + + /* Check that params can be successfully decoded. */ + ExpectNotNull(dsa = d2i_DSAparams(NULL, (const byte**)&p, derInLen)); + /* Check that params can be successfully encoded. */ + ExpectIntGE((derOutLen = i2d_DSAparams(dsa, &derOut)), 0); + /* Ensure that the encoded version matches the original. */ + ExpectIntEQ(derInLen, derOutLen); + ExpectIntEQ(XMEMCMP(derIn, derOut, derInLen), 0); + + XFREE(derOut, HEAP_HINT, DYNAMIC_TYPE_OPENSSL); + DSA_free(dsa); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_i2d_PrivateKey(void) +{ + EXPECT_DECLS; +#if (!defined(NO_RSA) || defined(HAVE_ECC)) && defined(OPENSSL_EXTRA) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) + +#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) + { + EVP_PKEY* pkey = NULL; + const unsigned char* server_key = + (const unsigned char*)server_key_der_2048; + unsigned char buf[FOURK_BUF]; + unsigned char* pt = NULL; + int bufSz = 0; + + ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &server_key, + (long)sizeof_server_key_der_2048)); + ExpectIntEQ(i2d_PrivateKey(pkey, NULL), 1193); + pt = buf; + ExpectIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 1193); + ExpectIntNE((pt - buf), 0); + ExpectIntEQ(XMEMCMP(buf, server_key_der_2048, bufSz), 0); + EVP_PKEY_free(pkey); + } +#endif +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + { + EVP_PKEY* pkey = NULL; + const unsigned char* client_key = + (const unsigned char*)ecc_clikey_der_256; + unsigned char buf[FOURK_BUF]; + unsigned char* pt = NULL; + int bufSz = 0; + + ExpectNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &client_key, + (long)sizeof_ecc_clikey_der_256))); + ExpectIntEQ(i2d_PrivateKey(pkey, NULL), 121); + pt = buf; + ExpectIntEQ((bufSz = i2d_PrivateKey(pkey, &pt)), 121); + ExpectIntNE((pt - buf), 0); + ExpectIntEQ(XMEMCMP(buf, ecc_clikey_der_256, bufSz), 0); + EVP_PKEY_free(pkey); + } +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_OCSP_id_get0_info(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && \ + defined(HAVE_OCSP) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) && \ + !defined(WOLFSSL_SM2) && !defined(WOLFSSL_SM3) + X509* cert = NULL; + X509* issuer = NULL; + OCSP_CERTID* id = NULL; + OCSP_CERTID* id2 = NULL; + + ASN1_STRING* name = NULL; + ASN1_OBJECT* pmd = NULL; + ASN1_STRING* keyHash = NULL; + ASN1_INTEGER* serial = NULL; + ASN1_INTEGER* x509Int = NULL; + + ExpectNotNull(cert = wolfSSL_X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file(caCertFile, + SSL_FILETYPE_PEM)); + + ExpectNotNull(id = OCSP_cert_to_id(NULL, cert, issuer)); + ExpectNotNull(id2 = OCSP_cert_to_id(NULL, cert, issuer)); + + ExpectIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, NULL, id), 1); + + /* name, pmd, keyHash not supported yet, expect failure if not NULL */ + ExpectIntEQ(OCSP_id_get0_info(&name, NULL, NULL, NULL, id), 0); + ExpectIntEQ(OCSP_id_get0_info(NULL, &pmd, NULL, NULL, id), 0); + ExpectIntEQ(OCSP_id_get0_info(NULL, NULL, &keyHash, NULL, id), 0); + + ExpectIntEQ(OCSP_id_get0_info(NULL, NULL, NULL, &serial, id), 1); + ExpectNotNull(serial); + + /* compare serial number to one in cert, should be equal */ + ExpectNotNull(x509Int = X509_get_serialNumber(cert)); + ExpectIntEQ(x509Int->length, serial->length); + ExpectIntEQ(XMEMCMP(x509Int->data, serial->data, serial->length), 0); + ExpectNotNull(x509Int = X509_get_serialNumber(cert)); + + /* test OCSP_id_cmp */ + ExpectIntNE(OCSP_id_cmp(NULL, NULL), 0); + ExpectIntNE(OCSP_id_cmp(id, NULL), 0); + ExpectIntNE(OCSP_id_cmp(NULL, id2), 0); + ExpectIntEQ(OCSP_id_cmp(id, id2), 0); + if (id != NULL) { + id->issuerHash[0] = ~id->issuerHash[0]; + } + ExpectIntNE(OCSP_id_cmp(id, id2), 0); + + OCSP_CERTID_free(id); + OCSP_CERTID_free(id2); + X509_free(cert); /* free's x509Int */ + X509_free(issuer); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_i2d_OCSP_CERTID(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP) + WOLFSSL_OCSP_CERTID certId; + byte* targetBuffer = NULL; + byte* p; + /* OCSP CertID bytes taken from PCAP */ + byte rawCertId[] = { + 0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, + 0x00, 0x04, 0x14, 0x80, 0x51, 0x06, 0x01, 0x32, 0xad, 0x9a, 0xc2, 0x7d, + 0x51, 0x87, 0xa0, 0xe8, 0x87, 0xfb, 0x01, 0x62, 0x01, 0x55, 0xee, 0x04, + 0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3, + 0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x02, 0x10, 0x01, + 0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, 0x43, 0x8b, 0x72, 0x4b, + 0xcf, 0xbc, 0x91 + }; + int ret = 0; + int i; + + XMEMSET(&certId, 0, sizeof(WOLFSSL_OCSP_CERTID)); + certId.rawCertId = rawCertId; + certId.rawCertIdSize = sizeof(rawCertId); + + ExpectNotNull(targetBuffer = (byte*)XMALLOC(sizeof(rawCertId), NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + p = targetBuffer; + /* Function returns the size of the encoded data. */ + ExpectIntEQ(ret = wolfSSL_i2d_OCSP_CERTID(&certId, &p), sizeof(rawCertId)); + /* If target buffer is not null, function increments targetBuffer to point + * just past the end of the encoded data. */ + ExpectPtrEq(p, (targetBuffer + sizeof(rawCertId))); + for (i = 0; EXPECT_SUCCESS() && i < ret; ++i) { + ExpectIntEQ(targetBuffer[i], rawCertId[i]); + } + XFREE(targetBuffer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + targetBuffer = NULL; + + /* If target buffer is null, function allocates memory for a buffer and + * copies the encoded data into it. targetBuffer then points to the start of + * this newly allocate buffer. */ + ExpectIntEQ(ret = wolfSSL_i2d_OCSP_CERTID(&certId, &targetBuffer), + sizeof(rawCertId)); + for (i = 0; EXPECT_SUCCESS() && i < ret; ++i) { + ExpectIntEQ(targetBuffer[i], rawCertId[i]); + } + XFREE(targetBuffer, NULL, DYNAMIC_TYPE_OPENSSL); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_d2i_OCSP_CERTID(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_HAPROXY)) && defined(HAVE_OCSP) + WOLFSSL_OCSP_CERTID* certIdGood; + WOLFSSL_OCSP_CERTID* certIdBad; + const unsigned char* rawCertIdPtr; + + const unsigned char rawCertId[] = { + 0x30, 0x49, 0x30, 0x09, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x05, + 0x00, 0x04, 0x14, 0x80, 0x51, 0x06, 0x01, 0x32, 0xad, 0x9a, 0xc2, 0x7d, + 0x51, 0x87, 0xa0, 0xe8, 0x87, 0xfb, 0x01, 0x62, 0x01, 0x55, 0xee, 0x04, + 0x14, 0x03, 0xde, 0x50, 0x35, 0x56, 0xd1, 0x4c, 0xbb, 0x66, 0xf0, 0xa3, + 0xe2, 0x1b, 0x1b, 0xc3, 0x97, 0xb2, 0x3d, 0xd1, 0x55, 0x02, 0x10, 0x01, + 0xfd, 0xa3, 0xeb, 0x6e, 0xca, 0x75, 0xc8, 0x88, 0x43, 0x8b, 0x72, 0x4b, + 0xcf, 0xbc, 0x91 + }; + + rawCertIdPtr = &rawCertId[0]; + + /* If the cert ID is NULL the function should allocate it and copy the + * data to it. */ + { + WOLFSSL_OCSP_CERTID* certId = NULL; + ExpectNotNull(certId = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, + sizeof(rawCertId))); + if (certId != NULL) { + XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL); + wolfSSL_OCSP_CERTID_free(certId); + } + } + + /* If the cert ID is not NULL the function will just copy the data to it. */ + { + WOLFSSL_OCSP_CERTID* certId = NULL; + ExpectNotNull(certId = (WOLFSSL_OCSP_CERTID*)XMALLOC(sizeof(*certId), NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectNotNull(certId); + if (certId != NULL) + XMEMSET(certId, 0, sizeof(*certId)); + + /* Reset rawCertIdPtr since it was push forward in the previous call. */ + rawCertIdPtr = &rawCertId[0]; + ExpectNotNull(certIdGood = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, + sizeof(rawCertId))); + ExpectPtrEq(certIdGood, certId); + if (certId != NULL) { + XFREE(certId->rawCertId, NULL, DYNAMIC_TYPE_OPENSSL); + wolfSSL_OCSP_CERTID_free(certId); + certId = NULL; + } + } + + /* The below tests should fail when passed bad parameters. NULL should + * always be returned. */ + { + WOLFSSL_OCSP_CERTID* certId = NULL; + ExpectNull(certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, NULL, + sizeof(rawCertId))); + ExpectNull(certIdBad = wolfSSL_d2i_OCSP_CERTID(&certId, &rawCertIdPtr, 0)); + } +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_OCSP_id_cmp(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) + OCSP_CERTID id1; + OCSP_CERTID id2; + + XMEMSET(&id1, 0, sizeof(id1)); + XMEMSET(&id2, 0, sizeof(id2)); + ExpectIntEQ(OCSP_id_cmp(&id1, &id2), 0); + ExpectIntNE(OCSP_id_cmp(NULL, NULL), 0); + ExpectIntNE(OCSP_id_cmp(&id1, NULL), 0); + ExpectIntNE(OCSP_id_cmp(NULL, &id2), 0); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_OCSP_SINGLERESP_get0_id(void) +{ + EXPECT_DECLS; +#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) + WOLFSSL_OCSP_SINGLERESP single; + const WOLFSSL_OCSP_CERTID* certId; + + XMEMSET(&single, 0, sizeof(single)); + + certId = wolfSSL_OCSP_SINGLERESP_get0_id(&single); + ExpectPtrEq(&single, certId); + + ExpectNull(wolfSSL_OCSP_SINGLERESP_get0_id(NULL)); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_OCSP_single_get0_status(void) +{ + EXPECT_DECLS; +#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_OCSP_PARSE_STATUS) + WOLFSSL_OCSP_SINGLERESP single; + CertStatus certStatus; + WOLFSSL_ASN1_TIME* thisDate; + WOLFSSL_ASN1_TIME* nextDate; + int ret, i; + + XMEMSET(&single, 0, sizeof(WOLFSSL_OCSP_SINGLERESP)); + XMEMSET(&certStatus, 0, sizeof(CertStatus)); + + /* Fill the date fields with some dummy data. */ + for (i = 0; i < CTC_DATE_SIZE; ++i) { + certStatus.thisDateParsed.data[i] = i; + certStatus.nextDateParsed.data[i] = i; + } + certStatus.status = CERT_GOOD; + single.status = &certStatus; + + ret = wolfSSL_OCSP_single_get0_status(&single, NULL, NULL, &thisDate, + &nextDate); + ExpectIntEQ(ret, CERT_GOOD); + ExpectPtrEq(thisDate, &certStatus.thisDateParsed); + ExpectPtrEq(nextDate, &certStatus.nextDateParsed); + + ExpectIntEQ(wolfSSL_OCSP_single_get0_status(NULL, NULL, NULL, NULL, NULL), + CERT_GOOD); + ExpectIntEQ(wolfSSL_OCSP_single_get0_status(&single, NULL, NULL, NULL, + NULL), CERT_GOOD); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_OCSP_resp_count(void) +{ + EXPECT_DECLS; +#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) + WOLFSSL_OCSP_BASICRESP basicResp; + WOLFSSL_OCSP_SINGLERESP singleRespOne; + WOLFSSL_OCSP_SINGLERESP singleRespTwo; + + XMEMSET(&basicResp, 0, sizeof(WOLFSSL_OCSP_BASICRESP)); + XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP)); + XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP)); + + ExpectIntEQ(wolfSSL_OCSP_resp_count(&basicResp), 0); + basicResp.single = &singleRespOne; + ExpectIntEQ(wolfSSL_OCSP_resp_count(&basicResp), 1); + singleRespOne.next = &singleRespTwo; + ExpectIntEQ(wolfSSL_OCSP_resp_count(&basicResp), 2); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_OCSP_resp_get0(void) +{ + EXPECT_DECLS; +#if defined(HAVE_OCSP) && defined(OPENSSL_EXTRA) + WOLFSSL_OCSP_BASICRESP basicResp; + WOLFSSL_OCSP_SINGLERESP singleRespOne; + WOLFSSL_OCSP_SINGLERESP singleRespTwo; + + XMEMSET(&basicResp, 0, sizeof(WOLFSSL_OCSP_BASICRESP)); + XMEMSET(&singleRespOne, 0, sizeof(WOLFSSL_OCSP_SINGLERESP)); + XMEMSET(&singleRespTwo, 0, sizeof(WOLFSSL_OCSP_SINGLERESP)); + + basicResp.single = &singleRespOne; + singleRespOne.next = &singleRespTwo; + ExpectPtrEq(wolfSSL_OCSP_resp_get0(&basicResp, 0), &singleRespOne); + ExpectPtrEq(wolfSSL_OCSP_resp_get0(&basicResp, 1), &singleRespTwo); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_OCSP_parse_url(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_OCSP) +#define CK_OPU_OK(u, h, po, pa, s) do { \ + char* host = NULL; \ + char* port = NULL; \ + char* path = NULL; \ + int isSsl = 0; \ + ExpectIntEQ(OCSP_parse_url(u, &host, &port, &path, &isSsl), 1); \ + ExpectStrEQ(host, h); \ + ExpectStrEQ(port, po); \ + ExpectStrEQ(path, pa); \ + ExpectIntEQ(isSsl, s); \ + XFREE(host, NULL, DYNAMIC_TYPE_OPENSSL); \ + XFREE(port, NULL, DYNAMIC_TYPE_OPENSSL); \ + XFREE(path, NULL, DYNAMIC_TYPE_OPENSSL); \ +} while(0) + +#define CK_OPU_FAIL(u) do { \ + char* host = NULL; \ + char* port = NULL; \ + char* path = NULL; \ + int isSsl = 0; \ + ExpectIntEQ(OCSP_parse_url(u, &host, &port, &path, &isSsl), 0); \ + XFREE(host, NULL, DYNAMIC_TYPE_OPENSSL); \ + XFREE(port, NULL, DYNAMIC_TYPE_OPENSSL); \ + XFREE(path, NULL, DYNAMIC_TYPE_OPENSSL); \ +} while(0) + + CK_OPU_OK("http://localhost", "localhost", "80", "/", 0); + CK_OPU_OK("https://wolfssl.com", "wolfssl.com", "443", "/", 1); + CK_OPU_OK("https://www.wolfssl.com/fips-140-3-announcement-to-the-world/", + "www.wolfssl.com", "443", "/fips-140-3-announcement-to-the-world/", 1); + CK_OPU_OK("http://localhost:1234", "localhost", "1234", "/", 0); + CK_OPU_OK("https://localhost:1234", "localhost", "1234", "/", 1); + + CK_OPU_FAIL("ftp://localhost"); + /* two strings to cppcheck doesn't mark it as a c++ style comment */ + CK_OPU_FAIL("http/""/localhost"); + CK_OPU_FAIL("http:/localhost"); + CK_OPU_FAIL("https://localhost/path:1234"); + +#undef CK_OPU_OK +#undef CK_OPU_FAIL +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && \ + defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) && \ + !defined(NO_ASN_TIME) && \ + !defined(WOLFSSL_SM2) && !defined(WOLFSSL_SM3) +static time_t test_wolfSSL_OCSP_REQ_CTX_time_cb(time_t* t) +{ + if (t != NULL) { + *t = 1722006780; + } + + return 1722006780; +} +#endif + +static int test_wolfSSL_OCSP_REQ_CTX(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_OCSP) && \ + defined(WOLFSSL_SIGNER_DER_CERT) && !defined(NO_FILESYSTEM) && \ + !defined(WOLFSSL_SM2) && !defined(WOLFSSL_SM3) + /* This buffer was taken from the ocsp-stapling.test test case 1. The ocsp + * response was captured in wireshark. It contains both the http and binary + * parts. The time test_wolfSSL_OCSP_REQ_CTX_time_cb is set exactly so that + * the time check passes. */ + unsigned char ocspRespBin[] = { + 0x48, 0x54, 0x54, 0x50, 0x2f, 0x31, 0x2e, 0x30, 0x20, 0x32, 0x30, 0x30, + 0x20, 0x4f, 0x4b, 0x0d, 0x0a, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x6e, 0x74, + 0x2d, 0x74, 0x79, 0x70, 0x65, 0x3a, 0x20, 0x61, 0x70, 0x70, 0x6c, 0x69, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x2f, 0x6f, 0x63, 0x73, 0x70, 0x2d, + 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x0d, 0x0a, 0x43, 0x6f, + 0x6e, 0x74, 0x65, 0x6e, 0x74, 0x2d, 0x4c, 0x65, 0x6e, 0x67, 0x74, 0x68, + 0x3a, 0x20, 0x31, 0x38, 0x32, 0x31, 0x0d, 0x0a, 0x0d, 0x0a, 0x30, 0x82, + 0x07, 0x19, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x12, 0x30, 0x82, 0x07, + 0x0e, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, + 0x04, 0x82, 0x06, 0xff, 0x30, 0x82, 0x06, 0xfb, 0x30, 0x82, 0x01, 0x19, + 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, + 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, + 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, + 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, + 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, + 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, + 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, + 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, + 0x32, 0x34, 0x30, 0x37, 0x32, 0x36, 0x31, 0x35, 0x31, 0x32, 0x30, 0x35, + 0x5a, 0x30, 0x62, 0x30, 0x60, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, + 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x71, 0x4d, 0x82, 0x23, 0x40, 0x59, + 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, 0x43, 0x18, + 0xda, 0x04, 0x04, 0x14, 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, + 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e, + 0x02, 0x01, 0x05, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x30, + 0x37, 0x32, 0x36, 0x31, 0x35, 0x31, 0x32, 0x30, 0x35, 0x5a, 0xa0, 0x11, + 0x18, 0x0f, 0x32, 0x30, 0x32, 0x34, 0x30, 0x37, 0x32, 0x36, 0x31, 0x35, + 0x31, 0x33, 0x30, 0x35, 0x5a, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, + 0x00, 0x89, 0x7a, 0xe9, 0x6b, 0x66, 0x47, 0x8e, 0x52, 0x16, 0xf9, 0x8a, + 0x5a, 0x1e, 0x7a, 0x35, 0xbb, 0x1d, 0x6c, 0xd8, 0x31, 0xbb, 0x24, 0xd2, + 0xd7, 0xa4, 0x30, 0x27, 0x06, 0x17, 0x66, 0xd1, 0xf9, 0x8d, 0x24, 0xb0, + 0x49, 0x37, 0x62, 0x13, 0x78, 0x5e, 0xa6, 0x6d, 0xea, 0xe3, 0xd0, 0x30, + 0x82, 0x7d, 0xb6, 0xf6, 0x55, 0x82, 0x11, 0xdc, 0xe7, 0x0f, 0xd6, 0x24, + 0xb4, 0x80, 0x23, 0x4f, 0xfd, 0xa7, 0x9a, 0x4b, 0xac, 0xf2, 0xd3, 0xde, + 0x42, 0x10, 0xfb, 0x4b, 0x29, 0x06, 0x02, 0x7b, 0x47, 0x36, 0x70, 0x75, + 0x45, 0x38, 0x8d, 0x3e, 0x55, 0x9c, 0xce, 0x78, 0xd8, 0x18, 0x45, 0x47, + 0x2d, 0x2a, 0x46, 0x65, 0x13, 0x93, 0x1a, 0x98, 0x90, 0xc6, 0x2d, 0xd5, + 0x05, 0x2a, 0xfc, 0xcb, 0xac, 0x53, 0x73, 0x93, 0x42, 0x4e, 0xdb, 0x17, + 0x91, 0xcb, 0xe1, 0x08, 0x03, 0xd1, 0x33, 0x57, 0x4b, 0x1d, 0xb8, 0x71, + 0x84, 0x01, 0x04, 0x47, 0x6f, 0x06, 0xfa, 0x76, 0x7d, 0xd9, 0x37, 0x64, + 0x57, 0x37, 0x3a, 0x8f, 0x4d, 0x88, 0x11, 0xa5, 0xd4, 0xaa, 0xcb, 0x49, + 0x47, 0x86, 0xdd, 0xcf, 0x46, 0xa6, 0xfa, 0x8e, 0xf2, 0x62, 0x0f, 0xc9, + 0x25, 0xf2, 0x39, 0x62, 0x3e, 0x2d, 0x35, 0xc4, 0x76, 0x7b, 0xae, 0xd5, + 0xe8, 0x85, 0xa1, 0xa6, 0x2d, 0x41, 0xd6, 0x8e, 0x3c, 0xfa, 0xdc, 0x6c, + 0x66, 0xe2, 0x61, 0xe7, 0xe5, 0x90, 0xa1, 0xfd, 0x7f, 0xdb, 0x18, 0xd0, + 0xeb, 0x6d, 0x73, 0x08, 0x5f, 0x6a, 0x65, 0x44, 0x50, 0xad, 0x38, 0x9d, + 0xb6, 0xfb, 0xbf, 0x28, 0x55, 0x84, 0x65, 0xfa, 0x0e, 0x34, 0xfc, 0x43, + 0x19, 0x80, 0x5c, 0x7d, 0x2d, 0x5b, 0xd8, 0x60, 0xec, 0x0e, 0xf9, 0x1e, + 0x6e, 0x32, 0x3f, 0x35, 0xf7, 0xec, 0x7e, 0x47, 0xba, 0xb5, 0xd2, 0xaa, + 0x5a, 0x9d, 0x07, 0x2c, 0xc5, 0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82, 0x04, + 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, + 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, + 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, + 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, + 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, + 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, + 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, + 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, + 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, + 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, + 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x34, + 0x30, 0x37, 0x32, 0x36, 0x31, 0x35, 0x31, 0x32, 0x30, 0x34, 0x5a, 0x17, + 0x0d, 0x32, 0x37, 0x30, 0x34, 0x32, 0x32, 0x31, 0x35, 0x31, 0x32, 0x30, + 0x34, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, + 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, + 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, + 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50, + 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, + 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, + 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, + 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, + 0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23, 0xb4, 0xf6, 0xc3, 0x7b, 0x14, + 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, 0x1e, 0x63, 0xb9, 0x85, 0x23, + 0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, 0x5c, + 0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, 0xea, 0x0b, 0x45, 0x35, 0x2b, + 0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41, 0x38, 0xe2, 0x9d, 0x74, 0xd6, + 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, 0xca, 0x3f, 0x46, 0x2b, 0xfe, + 0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, 0xc3, + 0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, 0xe1, 0xd9, 0x65, 0xb7, 0x43, + 0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce, 0x24, 0x35, 0x21, 0xc4, 0x55, + 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, 0x0a, 0x5a, 0x4f, 0x4a, 0x73, + 0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, 0x87, + 0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, 0x67, 0xca, 0x5c, 0xd1, 0x97, + 0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a, 0xec, 0xbc, 0x93, 0xf4, 0x66, + 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, 0xb4, 0x90, 0x30, 0xbb, 0x17, + 0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, 0x19, + 0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, 0xae, 0x3f, 0x32, 0xb2, 0x08, + 0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11, 0xb8, 0xd8, 0x43, 0x49, 0xcf, + 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, 0x24, 0x87, 0x17, 0x3b, 0xd8, + 0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, 0x73, + 0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, 0x6e, 0x61, 0xb8, 0x87, 0x84, + 0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, 0x1c, + 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, 0x39, 0x02, 0x03, 0x01, 0x00, + 0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, + 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, + 0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, + 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, + 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, + 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81, 0x97, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, + 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, + 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, + 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, + 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, + 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, + 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, + 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, + 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, + 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x13, + 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0x37, 0xb9, 0x66, 0xd3, 0xa1, 0x08, 0xfc, 0x37, 0x58, + 0x4e, 0xe0, 0x8c, 0xd3, 0x7f, 0xa6, 0x0f, 0x59, 0xd3, 0x14, 0xf7, 0x4b, + 0x36, 0xf7, 0x2e, 0x98, 0xeb, 0x7c, 0x03, 0x3f, 0x3a, 0xd6, 0x9c, 0xcd, + 0xb4, 0x9e, 0x8d, 0x5f, 0x92, 0xa6, 0x6f, 0x63, 0x87, 0x34, 0xe8, 0x83, + 0xfd, 0x6d, 0x34, 0x64, 0xb5, 0xf0, 0x9c, 0x71, 0x02, 0xb8, 0xf6, 0x2f, + 0x10, 0xa0, 0x92, 0x8f, 0x3f, 0x86, 0x3e, 0xe2, 0x01, 0x5a, 0x56, 0x39, + 0x0a, 0x8d, 0xb1, 0xbe, 0x03, 0xf7, 0xf8, 0xa7, 0x88, 0x46, 0xef, 0x81, + 0xa0, 0xad, 0x86, 0xc9, 0xe6, 0x23, 0x89, 0x1d, 0xa6, 0x24, 0x45, 0xf2, + 0x6a, 0x83, 0x2d, 0x8e, 0x92, 0x17, 0x1e, 0x44, 0x19, 0xfa, 0x0f, 0x47, + 0x6b, 0x8f, 0x4a, 0xa2, 0xda, 0xab, 0xd5, 0x2b, 0xcd, 0xcb, 0x14, 0xf0, + 0xb5, 0xcf, 0x7c, 0x76, 0x42, 0x32, 0x90, 0x21, 0xdc, 0xdd, 0x52, 0xfc, + 0x53, 0x7e, 0xff, 0x7f, 0xd9, 0x58, 0x6b, 0x1f, 0x73, 0xee, 0x83, 0xf4, + 0x67, 0xfa, 0x4a, 0x4f, 0x24, 0xe4, 0x2b, 0x10, 0x74, 0x89, 0x52, 0x9a, + 0xf7, 0xa4, 0xe0, 0xaf, 0xf5, 0x63, 0xd7, 0xfa, 0x0b, 0x2c, 0xc9, 0x39, + 0x5d, 0xbd, 0x44, 0x93, 0x69, 0xa4, 0x1d, 0x01, 0xe2, 0x66, 0xe7, 0xc1, + 0x11, 0x44, 0x7d, 0x0a, 0x7e, 0x5d, 0x1d, 0x26, 0xc5, 0x4a, 0x26, 0x2e, + 0xa3, 0x58, 0xc4, 0xf7, 0x10, 0xcb, 0xba, 0xe6, 0x27, 0xfc, 0xdb, 0x54, + 0xe2, 0x60, 0x08, 0xc2, 0x0e, 0x4b, 0xd4, 0xaa, 0x22, 0x23, 0x93, 0x9f, + 0xe1, 0xcb, 0x85, 0xa4, 0x41, 0x6f, 0x26, 0xa7, 0x77, 0x8a, 0xef, 0x66, + 0xd0, 0xf8, 0x33, 0xf6, 0xfd, 0x6d, 0x37, 0x7a, 0x89, 0xcc, 0x88, 0x3b, + 0x82, 0xd0, 0xa9, 0xdf, 0xf1, 0x3d, 0xdc, 0xb0, 0x06, 0x1c, 0xe4, 0x4b, + 0x57, 0xb4, 0x0c, 0x65, 0xb9, 0xb4, 0x6c + }; + OCSP_REQ_CTX *ctx = NULL; + OCSP_REQUEST *req = NULL; + OCSP_CERTID *cid = NULL; + OCSP_RESPONSE *rsp = NULL; + BIO* bio1 = NULL; + BIO* bio2 = NULL; + X509* cert = NULL; + X509* empty = NULL; + X509 *issuer = NULL; + X509_LOOKUP *lookup = NULL; + X509_STORE *store = NULL; + STACK_OF(X509_OBJECT) *str_objs = NULL; + X509_OBJECT *x509_obj = NULL; + STACK_OF(WOLFSSL_STRING) *skStr = NULL; + + ExpectNotNull(bio1 = BIO_new(BIO_s_bio())); + ExpectNotNull(bio2 = BIO_new(BIO_s_bio())); + ExpectIntEQ(BIO_make_bio_pair(bio1, bio2), WOLFSSL_SUCCESS); + + /* Load the leaf cert */ + ExpectNotNull(cert = wolfSSL_X509_load_certificate_file( + "certs/ocsp/server1-cert.pem", WOLFSSL_FILETYPE_PEM)); + ExpectNull(wolfSSL_X509_get1_ocsp(NULL)); + ExpectNotNull(skStr = wolfSSL_X509_get1_ocsp(cert)); + wolfSSL_X509_email_free(NULL); + wolfSSL_X509_email_free(skStr); + ExpectNotNull(empty = wolfSSL_X509_new()); + ExpectNull(wolfSSL_X509_get1_ocsp(empty)); + wolfSSL_X509_free(empty); + + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); + ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ocsp/server1-cert.pem", + X509_FILETYPE_PEM), 1); + ExpectNotNull(str_objs = X509_STORE_get0_objects(store)); + ExpectNull(X509_OBJECT_retrieve_by_subject(NULL, X509_LU_X509, NULL)); + ExpectNull(X509_OBJECT_retrieve_by_subject(str_objs, X509_LU_X509, NULL)); + ExpectNull(X509_OBJECT_retrieve_by_subject(NULL, X509_LU_X509, + X509_get_issuer_name(cert))); + ExpectNull(X509_OBJECT_retrieve_by_subject(str_objs, + X509_LU_CRL, X509_get_issuer_name(cert))); + ExpectNotNull(x509_obj = X509_OBJECT_retrieve_by_subject(str_objs, + X509_LU_X509, X509_get_issuer_name(cert))); + ExpectNotNull(issuer = X509_OBJECT_get0_X509(x509_obj)); + ExpectTrue(wolfSSL_X509_OBJECT_get_type(NULL) == WOLFSSL_X509_LU_NONE); +#ifndef NO_WOLFSSL_STUB + /* Not implemented and not in OpenSSL 1.1.0+ */ + wolfSSL_X509_OBJECT_free_contents(x509_obj); +#endif + wolfSSL_X509_OBJECT_free(NULL); + + ExpectNotNull(req = OCSP_REQUEST_new()); + ExpectNotNull(cid = OCSP_cert_to_id(EVP_sha1(), cert, issuer)); + ExpectNotNull(OCSP_request_add0_id(req, cid)); + ExpectIntEQ(OCSP_request_add1_nonce(req, NULL, -1), 1); + + ExpectNotNull(ctx = OCSP_sendreq_new(bio1, "/", NULL, -1)); + ExpectIntEQ(OCSP_REQ_CTX_add1_header(ctx, "Host", "127.0.0.1"), 1); + ExpectIntEQ(OCSP_REQ_CTX_set1_req(ctx, req), 1); + ExpectIntEQ(OCSP_sendreq_nbio(&rsp, ctx), -1); + ExpectIntEQ(BIO_write(bio2, ocspRespBin, sizeof(ocspRespBin)), + sizeof(ocspRespBin)); +#ifndef NO_ASN_TIME + ExpectIntEQ(wc_SetTimeCb(test_wolfSSL_OCSP_REQ_CTX_time_cb), 0); + ExpectIntEQ(OCSP_sendreq_nbio(&rsp, ctx), 1); + ExpectIntEQ(wc_SetTimeCb(NULL), 0); + ExpectNotNull(rsp); +#endif + + OCSP_REQ_CTX_free(ctx); + OCSP_REQUEST_free(req); + OCSP_RESPONSE_free(rsp); + BIO_free(bio1); + BIO_free(bio2); + X509_free(cert); + X509_STORE_free(store); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_PKEY_derive(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_QT) || defined(WOLFSSL_OPENSSH) +#if (!defined(NO_DH) && defined(WOLFSSL_DH_EXTRA)) || defined(HAVE_ECC) + EVP_PKEY_CTX *ctx = NULL; + unsigned char *skey = NULL; + size_t skeylen; + EVP_PKEY *pkey = NULL; + EVP_PKEY *peerkey = NULL; + const unsigned char* key; + +#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) + /* DH */ + key = dh_key_der_2048; + ExpectNotNull((pkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key, + sizeof_dh_key_der_2048))); + ExpectIntEQ(DH_generate_key(EVP_PKEY_get0_DH(pkey)), 1); + key = dh_key_der_2048; + ExpectNotNull((peerkey = d2i_PrivateKey(EVP_PKEY_DH, NULL, &key, + sizeof_dh_key_der_2048))); + ExpectIntEQ(DH_generate_key(EVP_PKEY_get0_DH(peerkey)), 1); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_derive_init(ctx), 1); + ExpectIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1); + ExpectIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1); + ExpectNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, + DYNAMIC_TYPE_OPENSSL)); + ExpectIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1); + + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + EVP_PKEY_free(peerkey); + peerkey = NULL; + EVP_PKEY_free(pkey); + pkey = NULL; + XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL); + skey = NULL; +#endif + +#ifdef HAVE_ECC + /* ECDH */ + key = ecc_clikey_der_256; + ExpectNotNull((pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &key, + sizeof_ecc_clikey_der_256))); + key = ecc_clikeypub_der_256; + ExpectNotNull((peerkey = d2i_PUBKEY(NULL, &key, + sizeof_ecc_clikeypub_der_256))); + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_derive_init(ctx), 1); + ExpectIntEQ(EVP_PKEY_derive_set_peer(ctx, peerkey), 1); + ExpectIntEQ(EVP_PKEY_derive(ctx, NULL, &skeylen), 1); + ExpectNotNull(skey = (unsigned char*)XMALLOC(skeylen, NULL, + DYNAMIC_TYPE_OPENSSL)); + ExpectIntEQ(EVP_PKEY_derive(ctx, skey, &skeylen), 1); + + EVP_PKEY_CTX_free(ctx); + EVP_PKEY_free(peerkey); + EVP_PKEY_free(pkey); + XFREE(skey, NULL, DYNAMIC_TYPE_OPENSSL); +#endif /* HAVE_ECC */ +#endif /* (!NO_DH && WOLFSSL_DH_EXTRA) || HAVE_ECC */ +#endif /* OPENSSL_ALL || WOLFSSL_QT || WOLFSSL_OPENSSH */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_PBE_scrypt(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_SCRYPT) && defined(HAVE_PBKDF2) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 5)) +#if !defined(NO_PWDBASED) && !defined(NO_SHA256) + int ret; + + const char pwd[] = {'p','a','s','s','w','o','r','d'}; + int pwdlen = sizeof(pwd); + const byte salt[] = {'N','a','C','l'}; + int saltlen = sizeof(salt); + byte key[80]; + word64 numOvr32 = (word64)INT32_MAX + 1; + + /* expected derived key for N:16, r:1, p:1 */ + const byte expectedKey[] = { + 0xAE, 0xC6, 0xB7, 0x48, 0x3E, 0xD2, 0x6E, 0x08, 0x80, 0x2B, + 0x41, 0xF4, 0x03, 0x20, 0x86, 0xA0, 0xE8, 0x86, 0xBE, 0x7A, + 0xC4, 0x8F, 0xCF, 0xD9, 0x2F, 0xF0, 0xCE, 0xF8, 0x10, 0x97, + 0x52, 0xF4, 0xAC, 0x74, 0xB0, 0x77, 0x26, 0x32, 0x56, 0xA6, + 0x5A, 0x99, 0x70, 0x1B, 0x7A, 0x30, 0x4D, 0x46, 0x61, 0x1C, + 0x8A, 0xA3, 0x91, 0xE7, 0x99, 0xCE, 0x10, 0xA2, 0x77, 0x53, + 0xE7, 0xE9, 0xC0, 0x9A}; + + /* N r p mx key keylen */ + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 0, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 0); /* N must be greater than 1 */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 3, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 0); /* N must be power of 2 */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 0, 1, 0, key, 64); + ExpectIntEQ(ret, 0); /* r must be greater than 0 */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 0, 0, key, 64); + ExpectIntEQ(ret, 0); /* p must be greater than 0 */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 0); + ExpectIntEQ(ret, 0); /* keylen must be greater than 0 */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 9, 1, 0, key, 64); + ExpectIntEQ(ret, 0); /* r must be smaller than 9 */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, NULL, 64); + ExpectIntEQ(ret, 1); /* should succeed if key is NULL */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 1); /* should succeed */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, numOvr32, 1, 0, + key, 64); + ExpectIntEQ(ret, 0); /* should fail since r is greater than INT32_MAC */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 2, 1, numOvr32, 0, + key, 64); + ExpectIntEQ(ret, 0); /* should fail since p is greater than INT32_MAC */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 0, 2, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 1); /* should succeed even if salt is NULL */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, NULL, 4, 2, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 0); /* if salt is NULL, saltlen must be 0, otherwise fail*/ + + ret = EVP_PBE_scrypt(NULL, 0, salt, saltlen, 2, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 1); /* should succeed if pwd is NULL and pwdlen is 0*/ + + ret = EVP_PBE_scrypt(NULL, 4, salt, saltlen, 2, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 0); /* if pwd is NULL, pwdlen must be 0 */ + + ret = EVP_PBE_scrypt(NULL, 0, NULL, 0, 2, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 1); /* should succeed even both pwd and salt are NULL */ + + ret = EVP_PBE_scrypt(pwd, pwdlen, salt, saltlen, 16, 1, 1, 0, key, 64); + ExpectIntEQ(ret, 1); + + ret = XMEMCMP(expectedKey, key, sizeof(expectedKey)); + ExpectIntEQ(ret, 0); /* derived key must be the same as expected-key */ +#endif /* !NO_PWDBASED && !NO_SHA256 */ +#endif /* OPENSSL_EXTRA && HAVE_SCRYPT && HAVE_PBKDF2 */ + return EXPECT_RESULT(); +} + +static int test_no_op_functions(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + /* this makes sure wolfSSL can compile and run these no-op functions */ + SSL_load_error_strings(); + ENGINE_load_builtin_engines(); + OpenSSL_add_all_ciphers(); + ExpectIntEQ(CRYPTO_malloc_init(), 0); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CRYPTO_memcmp(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + char a[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable " + "implementation of TLS/SSL for embedded devices to the cloud."; + char b[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable " + "implementation of TLS/SSL for embedded devices to the cloud."; + char c[] = "wolfSSL (formerly CyaSSL) is a small, fast, portable " + "implementation of TLS/SSL for embedded devices to the cloud!"; + + ExpectIntEQ(CRYPTO_memcmp(a, b, sizeof(a)), 0); + ExpectIntNE(CRYPTO_memcmp(a, c, sizeof(a)), 0); +#endif + return EXPECT_RESULT(); +} + +/*----------------------------------------------------------------------------* + | wolfCrypt ASN + *----------------------------------------------------------------------------*/ + +static int test_wc_CreateEncryptedPKCS8Key(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS8) && !defined(NO_PWDBASED) && defined(WOLFSSL_AES_256) \ + && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA) && \ + !defined(NO_ASN_CRYPT) + WC_RNG rng; + byte* encKey = NULL; + word32 encKeySz = 0; + word32 decKeySz = 0; + const char password[] = "Lorem ipsum dolor sit amet"; + word32 passwordSz = (word32)XSTRLEN(password); + word32 tradIdx = 0; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + ExpectIntEQ(wc_InitRng(&rng), 0); + PRIVATE_KEY_UNLOCK(); + /* Call with NULL for out buffer to get necessary length. */ + ExpectIntEQ(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048, + sizeof_server_key_der_2048, NULL, &encKeySz, password, (int)passwordSz, + PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL), + WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + ExpectNotNull(encKey = (byte*)XMALLOC(encKeySz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + /* Call with the allocated out buffer. */ + ExpectIntGT(wc_CreateEncryptedPKCS8Key((byte*)server_key_der_2048, + sizeof_server_key_der_2048, encKey, &encKeySz, password, (int)passwordSz, + PKCS5, PBES2, AES256CBCb, NULL, 0, WC_PKCS12_ITT_DEFAULT, &rng, NULL), + 0); + /* Decrypt the encrypted PKCS8 key we just made. */ + ExpectIntGT((decKeySz = (word32)wc_DecryptPKCS8Key(encKey, encKeySz, password, + (int)passwordSz)), 0); + /* encKey now holds the decrypted key (decrypted in place). */ + ExpectIntGT(wc_GetPkcs8TraditionalOffset(encKey, &tradIdx, decKeySz), 0); + /* Check that the decrypted key matches the key prior to encryption. */ + ExpectIntEQ(XMEMCMP(encKey + tradIdx, server_key_der_2048, + sizeof_server_key_der_2048), 0); + PRIVATE_KEY_LOCK(); + + XFREE(encKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRng(&rng); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_DecryptedPKCS8Key(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS8) && !defined(NO_PWDBASED) && defined(WOLFSSL_AES_256) \ + && !defined(NO_AES_CBC) && !defined(NO_RSA) && !defined(NO_SHA) && \ + !defined(NO_ASN_CRYPT) + static byte badPkcs5RsaEnc[] = { + 0x30, 0x82, 0x05, 0x2d, 0x30, 0x57, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, + 0x0d, 0x30, 0x4a, 0x30, 0x29, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x05, 0x0c, + 0x30, 0x1c, 0x04, 0x09, 0xad, 0x8f, 0xb7, 0x90, + 0x43, 0xd9, 0x3f, 0xe5, 0x02, 0x02, 0x04, 0x02, + 0x02, 0x04, 0x80, 0x30, 0x0c, 0x06, 0x08, 0x2a, + 0xbc, 0x48, 0x86, 0xf7, 0x0d, 0x02, 0x09, 0x05, + 0x00, 0x30, 0x1d, 0x06, 0x09, 0x60, 0x86, 0x48, + 0x01, 0x65, 0x03, 0x04, 0x01, 0x2a, 0x04, 0x10, + 0x90, 0xf9, 0xa4, 0xd7, 0xf2, 0xae, 0x58, 0xd6, + 0xe1, 0x7c, 0x60, 0x7b, 0x84, 0xc0, 0x8c, 0x44, + 0x04, 0x50, 0xc8, 0xd0, 0x03, 0xa7, 0x79, 0xa9, + 0x11, 0x8b, 0xbd, 0xd6, 0xcb, 0xd9, 0x9e, 0xd7, + 0x2d, 0xac, 0x2c, 0xb8, 0xc9, 0x5f, 0xe7, 0x8b, + 0x36, 0x26, 0x26, 0x23, 0x2a, 0x21, 0x25, 0x6f, + 0xd0, 0x52, 0xd3, 0xeb, 0xff, 0x1f, 0x06, 0xb0, + 0x40, 0xd1, 0x4b, 0x9e, 0x73, 0xbf, 0x17, 0x24, + 0x0b, 0x2d, 0xf6, 0x4f, 0xce, 0xb4, 0x47, 0x82, + 0x7c, 0x23, 0x21, 0xdc, 0x71, 0xc7, 0x1c, 0x71, + 0xc7, 0x1c, 0x71, 0xc7, 0x1c, 0x71, 0xc7, 0x1c, + 0x71, 0xc7, 0x1c, 0x71, 0xc7, 0x1c, 0x71, 0xc7, + 0x1c, 0x71, 0xc7, 0x1c, 0x71, 0xc7, 0x1c, 0x71, + 0xc7, 0x1c, 0x71, 0xc7, 0x1c, 0x71, 0xc7, 0x07, + 0x27, 0x82, 0xcd, 0x36, 0xd7, 0xf4, 0xa1, 0xb5, + 0xc5, 0x17, 0x5f, 0xe6, 0xd0, 0xf3, 0x97, 0x3e, + 0x1a, 0xcd, 0x39, 0x9d, 0x41, 0xce, 0xed, 0x14, + 0xdb, 0x3d, 0xa5, 0x7b, 0xd3, 0xcb, 0x93, 0x1a, + 0x4c, 0x32, 0x0e, 0x8b, 0xa3, 0x41, 0xbe, 0xcb, + 0xa3, 0xd5, 0xfb, 0x8d, 0xb6, 0x8a, 0x4e, 0x0b, + 0x0b, 0xbd, 0x74, 0x33, 0xd2, 0xb6, 0x43, 0x20, + 0x96, 0xf9, 0x46, 0x57, 0x66, 0x54, 0x94, 0xfa, + 0x1c, 0x3a, 0xe4, 0xf7, 0x0a, 0x59, 0x37, 0x5f, + 0x6a, 0xc2, 0xba, 0xea, 0xfd, 0xd4, 0xd7, 0x64, + 0xee, 0x53, 0x40, 0xe9, 0x3c, 0x71, 0xbf, 0x93, + 0x87, 0xf3, 0x53, 0x0c, 0x92, 0x0b, 0xbe, 0x4c, + 0xde, 0x35, 0xd7, 0xb0, 0x60, 0xc6, 0x37, 0x1c, + 0x4c, 0x08, 0x8f, 0xe1, 0x95, 0xba, 0xde, 0x42, + 0x68, 0x6a, 0x76, 0x0b, 0x84, 0x14, 0xc6, 0x5e, + 0xb1, 0xa1, 0x45, 0xa7, 0x31, 0x72, 0xfe, 0xaa, + 0x43, 0x86, 0xa3, 0x31, 0x41, 0x68, 0x66, 0x41, + 0x31, 0xe0, 0xa4, 0x63, 0x1d, 0x62, 0x57, 0x2c, + 0x49, 0x9b, 0x9c, 0x32, 0x4a, 0x4f, 0x3c, 0xf3, + 0xcf, 0x3c, 0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3c, + 0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3c, 0xf3, 0xcf, + 0x3c, 0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3c, 0xf3, + 0xcf, 0x3c, 0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3c, + 0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3c, 0xf3, 0xcf, + 0x3c, 0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3c, 0xf3, + 0xcf, 0x3c, 0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3c, + 0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3d, 0x4c, 0x72, + 0x7d, 0xc7, 0xa8, 0x07, 0x4f, 0xa4, 0x52, 0x1f, + 0xb8, 0xa9, 0x89, 0x4c, 0x65, 0xd1, 0x8f, 0x3c, + 0xf3, 0xcf, 0x3c, 0xf3, 0xcf, 0x3f, 0x1e, 0x31, + 0x53, 0x77, 0x37, 0xaf, 0xe4, 0x43, 0x23, 0x34, + 0xfc, 0x8e, 0xc2, 0xba, 0x32, 0x40, 0xb3, 0xe7, + 0xab, 0x6d, 0xc3, 0xa0, 0x9e, 0xc7, 0x6c, 0x13, + 0xe7, 0x77, 0xd5, 0x0a, 0x1a, 0x04, 0xb7, 0xd4, + 0x13, 0xcd, 0x04, 0x39, 0x22, 0x67, 0xc4, 0x00, + 0xe4, 0xd0, 0x1f, 0xf7, 0x9d, 0x2b, 0x73, 0xda, + 0xee, 0x00, 0x1b, 0x9a, 0x5c, 0xb0, 0x4c, 0x90, + 0x9b, 0x38, 0x41, 0xd3, 0x13, 0xd0, 0xfa, 0xec, + 0x0f, 0x65, 0xe9, 0x02, 0x90, 0x39, 0xa8, 0xe4, + 0xd4, 0x52, 0xa6, 0x1f, 0x7a, 0x54, 0x00, 0x19, + 0x13, 0x94, 0xae, 0x7a, 0xf2, 0xa7, 0xce, 0xf5, + 0x29, 0x78, 0x66, 0x1c, 0x03, 0x26, 0x65, 0xe8, + 0x03, 0x8e, 0x97, 0x67, 0x20, 0x61, 0x4c, 0xbd, + 0xa0, 0xb3, 0x88, 0x10, 0x8b, 0x74, 0x40, 0x8d, + 0xc6, 0xe6, 0x26, 0x32, 0x0f, 0x01, 0x47, 0x35, + 0xb3, 0x86, 0x87, 0xa9, 0x6d, 0xf8, 0xf8, 0x9f, + 0xca, 0x30, 0x69, 0xf7, 0x5d, 0x89, 0x3f, 0xf5, + 0x1d, 0xd5, 0x26, 0xd7, 0xef, 0x43, 0x26, 0x06, + 0x26, 0x7b, 0xf0, 0xdd, 0x86, 0xa6, 0x58, 0x71, + 0xd6, 0xcb, 0x45, 0xb4, 0x4f, 0x52, 0xd7, 0xf1, + 0xae, 0x06, 0xad, 0xc7, 0x94, 0x17, 0xe8, 0x44, + 0x59, 0x02, 0xe1, 0x22, 0x9e, 0x59, 0xa6, 0xcc, + 0x3b, 0x20, 0x5b, 0x95, 0xf1, 0x34, 0x31, 0x52, + 0x7e, 0x6d, 0xff, 0x4b, 0x45, 0x9a, 0xff, 0xba, + 0x1a, 0x41, 0x48, 0x20, 0x49, 0xb8, 0x62, 0xef, + 0x82, 0xca, 0x14, 0x7e, 0x14, 0xfa, 0x49, 0x3f, + 0xfb, 0x5e, 0xb1, 0x60, 0x30, 0x94, 0x4c, 0xee, + 0x4b, 0x78, 0xa2, 0x79, 0xb2, 0xa1, 0xbd, 0xb1, + 0x94, 0x24, 0xd6, 0x9c, 0xf0, 0x41, 0x3b, 0xc6, + 0xf2, 0x30, 0x8c, 0x8a, 0xdd, 0x2e, 0x44, 0x41, + 0x7e, 0x92, 0x3b, 0x09, 0x2e, 0x19, 0x9d, 0xb3, + 0xb8, 0xa6, 0x9f, 0x86, 0x7e, 0x88, 0x5d, 0xe0, + 0x13, 0x7c, 0x89, 0xf6, 0x96, 0xb1, 0x66, 0x3f, + 0xc2, 0x8f, 0x71, 0x43, 0x6a, 0xd5, 0x8c, 0x6e, + 0xae, 0xdf, 0x80, 0xd6, 0x01, 0x7a, 0x50, 0xf6, + 0x2b, 0x25, 0x0f, 0x8d, 0x84, 0x3b, 0xd5, 0xb5, + 0x61, 0xb1, 0x61, 0x58, 0xff, 0x4c, 0xe8, 0x6a, + 0xa4, 0xae, 0x2b, 0xf5, 0xfe, 0xee, 0xeb, 0xa6, + 0xf2, 0xf3, 0xc5, 0xa1, 0x63, 0x92, 0xde, 0x67, + 0x2f, 0x40, 0xfc, 0x3b, 0x36, 0x64, 0xcc, 0x7b, + 0xe9, 0xd8, 0xf7, 0x5d, 0x40, 0x56, 0x10, 0xaf, + 0xd4, 0x52, 0xe2, 0xa6, 0x7c, 0xe9, 0xe4, 0x4b, + 0x0b, 0xbd, 0x74, 0x33, 0xd2, 0xb6, 0x43, 0xd6, + 0x0a, 0xe0, 0x12, 0x21, 0xa7, 0xab, 0x45, 0x19, + 0x6e, 0xae, 0x71, 0x83, 0x22, 0x1a, 0x0d, 0xde, + 0xd5, 0xb6, 0x82, 0xd2, 0xd7, 0xd8, 0x14, 0x6d, + 0xfa, 0xb4, 0xae, 0xee, 0x55, 0x43, 0xd2, 0x1e, + 0x59, 0xe2, 0x01, 0xe0, 0xfa, 0x53, 0x43, 0x3b, + 0x40, 0x17, 0x06, 0x6a, 0x5e, 0x5f, 0x42, 0xc2, + 0x6a, 0x4e, 0x7c, 0x5a, 0x69, 0x41, 0x8b, 0x62, + 0x76, 0xd4, 0x1b, 0x00, 0xbc, 0x24, 0x27, 0x71, + 0xf8, 0xf3, 0xca, 0x57, 0x10, 0xb9, 0x32, 0x14, + 0x9b, 0x92, 0x35, 0xdd, 0xb7, 0xb8, 0x2e, 0xd8, + 0xb3, 0xe9, 0x62, 0x8e, 0xe2, 0x5e, 0x16, 0xd4, + 0xed, 0xf4, 0xd3, 0xc1, 0xba, 0x5d, 0x49, 0xce, + 0x78, 0x5c, 0xf5, 0xbb, 0xad, 0x61, 0x1f, 0x64, + 0x52, 0x22, 0xb4, 0xa3, 0x07, 0x18, 0x3d, 0xd3, + 0x9d, 0xec, 0xe6, 0x9e, 0xb5, 0xad, 0x0c, 0xd3, + 0x3b, 0xb6, 0xeb, 0xcd, 0x9c, 0x69, 0x45, 0xf2, + 0x07, 0x24, 0xe9, 0xd7, 0xe0, 0xe7, 0x62, 0xe5, + 0x01, 0x34, 0x24, 0x4e, 0xf6, 0x32, 0xe8, 0x42, + 0x97, 0x3e, 0x14, 0xaf, 0xbc, 0x26, 0xbd, 0x73, + 0xc5, 0xde, 0x5a, 0x8e, 0x65, 0x61, 0x97, 0x81, + 0x31, 0x52, 0xa3, 0xbd, 0x9b, 0x9e, 0xda, 0xdd, + 0x37, 0x15, 0x30, 0xfb, 0x3b, 0x59, 0x0c, 0x91, + 0x8b, 0x54, 0x49, 0x68, 0xc6, 0x41, 0x38, 0x77, + 0x1c, 0x00, 0xb2, 0xc3, 0x37, 0xe2, 0x50, 0x67, + 0xeb, 0x49, 0xa4, 0xde, 0x04, 0x1e, 0xf5, 0xcc, + 0x49, 0x24, 0x5a, 0x8d, 0x94, 0x33, 0xbf, 0x55, + 0xf8, 0x70, 0x7d, 0x1e, 0x5b, 0xe3, 0x74, 0x6b, + 0x34, 0xb3, 0xf6, 0x8a, 0x47, 0xf9, 0x2f, 0xc9, + 0xcb, 0x6a, 0x80, 0x89, 0xf2, 0x19, 0x24, 0x5b, + 0xdf, 0x04, 0x9a, 0x53, 0x1c, 0x9f, 0x71, 0xea, + 0x01, 0xd3, 0xe9, 0x14, 0x87, 0xee, 0x2a, 0x62, + 0x53, 0x19, 0x74, 0x64, 0x19, 0x03, 0x00, 0xd6, + 0xa1, 0xcb, 0xdf, 0x59, 0x77, 0x6b, 0xa9, 0x25, + 0x32, 0xff, 0xe9, 0xa9, 0x41, 0x06, 0x0c, 0x06, + 0xd4, 0xae, 0xfb, 0x58, 0x20, 0x2e, 0xe3, 0xe0, + 0xce, 0x53, 0xea, 0x03, 0xcb, 0x3f, 0x64, 0xe9, + 0xd9, 0xc1, 0x0e, 0xf8, 0xec, 0x97, 0xee, 0x05, + 0x42, 0x41, 0x61, 0xcc, 0x75, 0x13, 0x8d, 0x88, + 0x62, 0x84, 0xa1, 0x3c, 0xa3, 0x30, 0xce, 0x12, + 0xf1, 0x84, 0xee, 0x26, 0x08, 0x04, 0xae, 0x67, + 0x56, 0xa0, 0x84, 0x91, 0x8a, 0xbd, 0xc4, 0xba, + 0x07, 0xb3, 0x06, 0xe7, 0xc8, 0x12, 0xae, 0x56, + 0x46, 0xcd, 0x8d, 0x5c, 0x91, 0x05, 0x90, 0x11, + 0x37, 0xef, 0xe0, 0x3e, 0xf3, 0xc6, 0x95, 0x13, + 0xeb, 0x2f, 0xe4, 0x3e, 0xfc, 0xe4, 0xc0, 0x61, + 0xfb, 0x1b, 0x74, 0x78, 0xe9, 0x6b, 0x7d, 0xe4, + 0xa2, 0xc4, 0x6d, 0x26, 0x6d, 0xc0, 0x06, 0xba, + 0x9f, 0x7e, 0x7d, 0x5e, 0x7f, 0xfa, 0x66, 0x08, + 0xd9, 0x70, 0x39, 0x05, 0xfa, 0x10, 0xfd, 0x5f, + 0xaa, 0xc4, 0x9d, 0x02, 0xd4, 0xf8, 0x0f, 0x3f, + 0xd3, 0xbe, 0xaa, 0x86, 0x4a, 0x0f, 0x8e, 0x23, + 0x02, 0xbf, 0x48, 0x26, 0x93, 0x5f, 0xc2, 0xc5, + 0x05, 0xca, 0xa1, 0x6d, 0x96, 0xd1, 0x3a, 0x30, + 0x66, 0xe1, 0x97, 0x1d, 0x4c, 0xb0, 0x93, 0xd7, + 0x8d, 0x3c, 0xc0, 0xf9, 0x2b, 0x81, 0x0d, 0xd7, + 0x68, 0x49, 0x18, 0xab, 0xdc, 0x4b, 0xa0, 0x7b, + 0x30, 0x6e, 0x7c, 0x81, 0x2a, 0xe5, 0x64, 0x6c, + 0xd8, 0xd5, 0xc9, 0x10, 0x59, 0x01, 0x13, 0x7e, + 0xfe, 0x03, 0xef, 0x3c, 0x69, 0x51, 0x3e, 0xb2, + 0xfe, 0x43, 0xef, 0xce, 0x4c, 0x06, 0x1f, 0xb1, + 0xb7, 0x47, 0x8e, 0x96, 0xb7, 0xde, 0x4a, 0x2c, + 0x46, 0xd2, 0x66, 0xdc, 0x00, 0x6b, 0xa9, 0xf7, + 0xe7, 0xd5, 0xe7, 0xff, 0xa6, 0x60, 0x8d, 0x97, + 0x03, 0x90, 0x5f, 0xa1, 0x0f, 0xd5, 0xfa, 0xac, + 0x49, 0xd0, 0x2d, 0x4f, 0x80, 0xf3, 0xfd, 0x3b, + 0xea, 0xa8, 0x64, 0xa0, 0xf8, 0xe2, 0x30, 0x2b, + 0xf4, 0x80, 0x2c, 0x50, 0x5c, 0xaa, 0x16, 0xd9, + 0x6d, 0x13, 0xa3, 0x06, 0x6e, 0x19, 0x71, 0xd4, + 0xcb, 0x09, 0x3d, 0x78, 0xd3, 0xcc, 0x0f, 0x92, + 0xb8, 0x10, 0xdd, 0x76, 0x88, 0x97, 0x1b, 0x7f, + 0xf0, 0x5c, 0xfb, 0x97, 0x66, 0x3e, 0x7f, 0x66, + 0xf9, 0xa4, 0xd5, 0x29, 0xb5, 0x54, 0x8a, 0xaa, + 0xfc, 0xe2, 0xdb, 0xb7, + }; + const char password[] = "password"; + word32 passwordSz = (word32)XSTRLEN(password); + + /* Decrypt the encrypted PKCS8 key we just made. */ + ExpectIntEQ(wc_DecryptPKCS8Key(badPkcs5RsaEnc, sizeof(badPkcs5RsaEnc), + password, (int)passwordSz), ASN_PARSE_E); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_GetPkcs8TraditionalOffset(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(HAVE_PKCS8) + int length; + int derSz = 0; + word32 inOutIdx; + const char* path = "./certs/server-keyPkcs8.der"; + const char* pathAttributes = "./certs/ca-key-pkcs8-attribute.der"; + XFILE file = XBADFILE; + byte der[2048]; + + ExpectTrue((file = XFOPEN(path, "rb")) != XBADFILE); + ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), file), 0); + if (file != XBADFILE) + XFCLOSE(file); + file = XBADFILE; /* reset file to avoid warning of use after close */ + + /* valid case */ + inOutIdx = 0; + ExpectIntGT(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, (word32)derSz), + 0); + + /* inOutIdx > sz */ + inOutIdx = 4000; + ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, (word32)derSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* null input */ + inOutIdx = 0; + ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(NULL, &inOutIdx, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* invalid input, fill buffer with 1's */ + XMEMSET(der, 1, sizeof(der)); + inOutIdx = 0; + ExpectIntEQ(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, (word32)derSz), + WC_NO_ERR_TRACE(ASN_PARSE_E)); + + /* test parsing with attributes */ + ExpectTrue((file = XFOPEN(pathAttributes, "rb")) != XBADFILE); + ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), file), 0); + if (file != XBADFILE) + XFCLOSE(file); + + inOutIdx = 0; + ExpectIntGT(length = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, + (word32)derSz), 0); +#endif /* NO_ASN */ + return EXPECT_RESULT(); +} + +static int test_wc_SetSubjectRaw(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA) + const char* joiCertFile = "./certs/test/cert-ext-joi.der"; + WOLFSSL_X509* x509 = NULL; + int peerCertSz; + const byte* peerCertBuf = NULL; + Cert forgedCert; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, + WOLFSSL_FILETYPE_ASN1)); + + ExpectNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz)); + + ExpectIntEQ(0, wc_InitCert(&forgedCert)); + + ExpectIntEQ(0, wc_SetSubjectRaw(&forgedCert, peerCertBuf, peerCertSz)); + + wolfSSL_FreeX509(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_GetSubjectRaw(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) + Cert cert; + byte *subjectRaw; + + ExpectIntEQ(0, wc_InitCert(&cert)); + ExpectIntEQ(0, wc_GetSubjectRaw(&subjectRaw, &cert)); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_SetIssuerRaw(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA) + const char* joiCertFile = "./certs/test/cert-ext-joi.der"; + WOLFSSL_X509* x509 = NULL; + int peerCertSz; + const byte* peerCertBuf = NULL; + Cert forgedCert; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, + WOLFSSL_FILETYPE_ASN1)); + + ExpectNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz)); + + ExpectIntEQ(0, wc_InitCert(&forgedCert)); + + ExpectIntEQ(0, wc_SetIssuerRaw(&forgedCert, peerCertBuf, peerCertSz)); + + wolfSSL_FreeX509(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_SetIssueBuffer(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && !defined(NO_RSA) + const char* joiCertFile = "./certs/test/cert-ext-joi.der"; + WOLFSSL_X509* x509 = NULL; + int peerCertSz; + const byte* peerCertBuf = NULL; + Cert forgedCert; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(joiCertFile, + WOLFSSL_FILETYPE_ASN1)); + + ExpectNotNull(peerCertBuf = wolfSSL_X509_get_der(x509, &peerCertSz)); + + ExpectIntEQ(0, wc_InitCert(&forgedCert)); + + ExpectIntEQ(0, wc_SetIssuerBuffer(&forgedCert, peerCertBuf, peerCertSz)); + + wolfSSL_FreeX509(x509); +#endif + return EXPECT_RESULT(); +} + +/* + * Testing wc_SetSubjectKeyId + */ +static int test_wc_SetSubjectKeyId(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && defined(HAVE_ECC) + Cert cert; + const char* file = "certs/ecc-client-keyPub.pem"; + + ExpectIntEQ(0, wc_InitCert(&cert)); + ExpectIntEQ(0, wc_SetSubjectKeyId(&cert, file)); + + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SetSubjectKeyId(NULL, file)); + ExpectIntGT(0, wc_SetSubjectKeyId(&cert, "badfile.name")); +#endif + return EXPECT_RESULT(); +} /* END test_wc_SetSubjectKeyId */ + +/* + * Testing wc_SetSubject + */ +static int test_wc_SetSubject(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_EXT) && defined(HAVE_ECC) + Cert cert; + const char* file = "./certs/ca-ecc-cert.pem"; + + ExpectIntEQ(0, wc_InitCert(&cert)); + ExpectIntEQ(0, wc_SetSubject(&cert, file)); + + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SetSubject(NULL, file)); + ExpectIntGT(0, wc_SetSubject(&cert, "badfile.name")); +#endif + return EXPECT_RESULT(); +} /* END test_wc_SetSubject */ + + +static int test_CheckCertSignature(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && defined(WOLFSSL_SMALL_CERT_VERIFY) + WOLFSSL_CERT_MANAGER* cm = NULL; +#if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC)) + XFILE fp = XBADFILE; + byte cert[4096]; + int certSz; +#endif + + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_CheckCertSignature(NULL, 0, NULL, NULL)); + ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); + ExpectIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_CheckCertSignature(NULL, 0, NULL, cm)); + +#ifndef NO_RSA +#ifdef USE_CERT_BUFFERS_1024 + ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(server_cert_der_1024, + sizeof_server_cert_der_1024, NULL, cm)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm, + ca_cert_der_1024, sizeof_ca_cert_der_1024, + WOLFSSL_FILETYPE_ASN1)); + ExpectIntEQ(0, wc_CheckCertSignature(server_cert_der_1024, + sizeof_server_cert_der_1024, NULL, cm)); +#elif defined(USE_CERT_BUFFERS_2048) + ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(server_cert_der_2048, + sizeof_server_cert_der_2048, NULL, cm)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm, + ca_cert_der_2048, sizeof_ca_cert_der_2048, + WOLFSSL_FILETYPE_ASN1)); + ExpectIntEQ(0, wc_CheckCertSignature(server_cert_der_2048, + sizeof_server_cert_der_2048, NULL, cm)); +#endif +#endif + +#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(serv_ecc_der_256, + sizeof_serv_ecc_der_256, NULL, cm)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCABuffer(cm, + ca_ecc_cert_der_256, sizeof_ca_ecc_cert_der_256, + WOLFSSL_FILETYPE_ASN1)); + ExpectIntEQ(0, wc_CheckCertSignature(serv_ecc_der_256, sizeof_serv_ecc_der_256, + NULL, cm)); +#endif + +#if !defined(NO_FILESYSTEM) + wolfSSL_CertManagerFree(cm); + cm = NULL; + ExpectNotNull(cm = wolfSSL_CertManagerNew_ex(NULL)); +#ifndef NO_RSA + ExpectTrue((fp = XFOPEN("./certs/server-cert.der", "rb")) != XBADFILE); + ExpectIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(cert, certSz, NULL, cm)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, + "./certs/ca-cert.pem", NULL)); + ExpectIntEQ(0, wc_CheckCertSignature(cert, certSz, NULL, cm)); +#endif +#ifdef HAVE_ECC + ExpectTrue((fp = XFOPEN("./certs/server-ecc.der", "rb")) != XBADFILE); + ExpectIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), fp)), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntEQ(WC_NO_ERR_TRACE(ASN_NO_SIGNER_E), wc_CheckCertSignature(cert, certSz, NULL, cm)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CertManagerLoadCA(cm, + "./certs/ca-ecc-cert.pem", NULL)); + ExpectIntEQ(0, wc_CheckCertSignature(cert, certSz, NULL, cm)); +#endif +#endif + +#if !defined(NO_FILESYSTEM) && (!defined(NO_RSA) || defined(HAVE_ECC)) + (void)fp; + (void)cert; + (void)certSz; +#endif + + wolfSSL_CertManagerFree(cm); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_ParseCert(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_RSA) + DecodedCert decodedCert; + const byte* rawCert = client_cert_der_2048; + const int rawCertSize = sizeof_client_cert_der_2048; + + wc_InitDecodedCert(&decodedCert, rawCert, rawCertSize, NULL); + ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0); +#ifndef IGNORE_NAME_CONSTRAINTS + /* check that the subjects emailAddress was not put in the alt name list */ + ExpectNotNull(decodedCert.subjectEmail); + ExpectNull(decodedCert.altEmailNames); +#endif + wc_FreeDecodedCert(&decodedCert); +#endif + return EXPECT_RESULT(); +} + +/* Test wc_ParseCert decoding of various encodings and scenarios ensuring that + * the API safely errors out on badly-formed ASN input. + * NOTE: Test not compatible with released FIPS implementations! + */ +static int test_wc_ParseCert_Error(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + DecodedCert decodedCert; + int i; + + /* Certificate data */ + const byte c0[] = { 0x30, 0x04, 0x30, 0x02, 0x02, 0x80, 0x00, 0x00}; + const byte c1[] = { 0x30, 0x04, 0x30, 0x04, 0x02, 0x80, 0x00, 0x00}; + const byte c2[] = { 0x30, 0x06, 0x30, 0x04, 0x02, 0x80, 0x00, 0x00}; + const byte c3[] = { 0x30, 0x07, 0x30, 0x05, 0x02, 0x80, 0x10, 0x00, 0x00}; + const byte c4[] = { 0x02, 0x80, 0x10, 0x00, 0x00}; + + /* Test data */ + struct testStruct { + const byte* c; + word32 cSz; + int expRet; + } t[5]; + const int tSz = (int)(sizeof(t) / sizeof(struct testStruct)); + + #define INIT_TEST_DATA(i,x,y) \ + t[i].c = x; t[i].cSz = sizeof(x); t[i].expRet = y + INIT_TEST_DATA(0, c0, WC_NO_ERR_TRACE(ASN_PARSE_E) ); + INIT_TEST_DATA(1, c1, WC_NO_ERR_TRACE(ASN_PARSE_E) ); + INIT_TEST_DATA(2, c2, WC_NO_ERR_TRACE(ASN_PARSE_E) ); + INIT_TEST_DATA(3, c3, WC_NO_ERR_TRACE(ASN_PARSE_E) ); + INIT_TEST_DATA(4, c4, WC_NO_ERR_TRACE(ASN_PARSE_E) ); + #undef INIT_TEST_DATA + + for (i = 0; i < tSz; i++) { + WOLFSSL_MSG_EX("i == %d", i); + wc_InitDecodedCert(&decodedCert, t[i].c, t[i].cSz, NULL); + ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), t[i].expRet); + wc_FreeDecodedCert(&decodedCert); + } +#endif + return EXPECT_RESULT(); +} + +static int test_MakeCertWithPathLen(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) && \ + defined(WOLFSSL_CERT_GEN) && defined(HAVE_ECC) + const byte expectedPathLen = 7; + Cert cert; + DecodedCert decodedCert; + byte der[FOURK_BUF]; + int derSize = 0; + WC_RNG rng; + ecc_key key; + int ret; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&cert, 0, sizeof(Cert)); + XMEMSET(&decodedCert, 0, sizeof(DecodedCert)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_make_key(&rng, 32, &key), 0); + ExpectIntEQ(wc_InitCert(&cert), 0); + + (void)XSTRNCPY(cert.subject.country, "US", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.state, "state", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.locality, "Bozeman", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.org, "yourOrgNameHere", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.unit, "yourUnitNameHere", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.commonName, "www.yourDomain.com", + CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.email, "yourEmail@yourDomain.com", + CTC_NAME_SIZE); + + cert.selfSigned = 1; + cert.isCA = 1; + cert.pathLen = expectedPathLen; + cert.pathLenSet = 1; + cert.sigType = CTC_SHA256wECDSA; + +#ifdef WOLFSSL_CERT_EXT + cert.keyUsage |= KEYUSE_KEY_CERT_SIGN; +#endif + + ExpectIntGE(wc_MakeCert(&cert, der, FOURK_BUF, NULL, &key, &rng), 0); + ExpectIntGE(derSize = wc_SignCert(cert.bodySz, cert.sigType, der, + FOURK_BUF, NULL, &key, &rng), 0); + + wc_InitDecodedCert(&decodedCert, der, (word32)derSize, NULL); + ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0); + ExpectIntEQ(decodedCert.pathLength, expectedPathLen); + + wc_FreeDecodedCert(&decodedCert); + ret = wc_ecc_free(&key); + ExpectIntEQ(ret, 0); + ret = wc_FreeRng(&rng); + ExpectIntEQ(ret, 0); +#endif + return EXPECT_RESULT(); +} + +static int test_MakeCertWith0Ser(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) && \ + defined(WOLFSSL_CERT_GEN) && defined(HAVE_ECC) && \ + defined(WOLFSSL_ASN_TEMPLATE) + Cert cert; + DecodedCert decodedCert; + byte der[FOURK_BUF]; + int derSize = 0; + WC_RNG rng; + ecc_key key; + int ret; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&cert, 0, sizeof(Cert)); + XMEMSET(&decodedCert, 0, sizeof(DecodedCert)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_make_key(&rng, 32, &key), 0); + ExpectIntEQ(wc_InitCert(&cert), 0); + + (void)XSTRNCPY(cert.subject.country, "US", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.state, "state", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.locality, "Bozeman", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.org, "yourOrgNameHere", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.unit, "yourUnitNameHere", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.commonName, "www.yourDomain.com", + CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.email, "yourEmail@yourDomain.com", + CTC_NAME_SIZE); + + cert.selfSigned = 1; + cert.isCA = 1; + cert.sigType = CTC_SHA256wECDSA; + +#ifdef WOLFSSL_CERT_EXT + cert.keyUsage |= KEYUSE_KEY_CERT_SIGN; +#endif + + /* set serial number to 0 */ + cert.serialSz = 1; + cert.serial[0] = 0; + + ExpectIntGE(wc_MakeCert(&cert, der, FOURK_BUF, NULL, &key, &rng), 0); + ExpectIntGE(derSize = wc_SignCert(cert.bodySz, cert.sigType, der, + FOURK_BUF, NULL, &key, &rng), 0); + + wc_InitDecodedCert(&decodedCert, der, (word32)derSize, NULL); + +#if !defined(WOLFSSL_NO_ASN_STRICT) && !defined(WOLFSSL_PYTHON) && \ + !defined(WOLFSSL_ASN_ALLOW_0_SERIAL) + ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), + WC_NO_ERR_TRACE(ASN_PARSE_E)); +#else + ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0); +#endif + + wc_FreeDecodedCert(&decodedCert); + ret = wc_ecc_free(&key); + ExpectIntEQ(ret, 0); + ret = wc_FreeRng(&rng); + ExpectIntEQ(ret, 0); +#endif + return EXPECT_RESULT(); +} + +static int test_MakeCertWithCaFalse(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_ALLOW_ENCODING_CA_FALSE) && defined(WOLFSSL_CERT_REQ) && \ + !defined(NO_ASN_TIME) && defined(WOLFSSL_CERT_GEN) && defined(HAVE_ECC) + const byte expectedIsCa = 0; + Cert cert; + DecodedCert decodedCert; + byte der[FOURK_BUF]; + int derSize = 0; + WC_RNG rng; + ecc_key key; + int ret; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&cert, 0, sizeof(Cert)); + XMEMSET(&decodedCert, 0, sizeof(DecodedCert)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_make_key(&rng, 32, &key), 0); + ExpectIntEQ(wc_InitCert(&cert), 0); + + (void)XSTRNCPY(cert.subject.country, "US", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.state, "state", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.locality, "Bozeman", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.org, "yourOrgNameHere", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.unit, "yourUnitNameHere", CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.commonName, "www.yourDomain.com", + CTC_NAME_SIZE); + (void)XSTRNCPY(cert.subject.email, "yourEmail@yourDomain.com", + CTC_NAME_SIZE); + + cert.selfSigned = 1; + cert.isCA = expectedIsCa; + cert.isCaSet = 1; + cert.sigType = CTC_SHA256wECDSA; + + ExpectIntGE(wc_MakeCert(&cert, der, FOURK_BUF, NULL, &key, &rng), 0); + ExpectIntGE(derSize = wc_SignCert(cert.bodySz, cert.sigType, der, + FOURK_BUF, NULL, &key, &rng), 0); + + wc_InitDecodedCert(&decodedCert, der, derSize, NULL); + ExpectIntEQ(wc_ParseCert(&decodedCert, CERT_TYPE, NO_VERIFY, NULL), 0); + ExpectIntEQ(decodedCert.isCA, expectedIsCa); + + wc_FreeDecodedCert(&decodedCert); + ret = wc_ecc_free(&key); + ExpectIntEQ(ret, 0); + ret = wc_FreeRng(&rng); + ExpectIntEQ(ret, 0); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_PKEY_encrypt(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + WOLFSSL_RSA* rsa = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + WOLFSSL_EVP_PKEY_CTX* ctx = NULL; + const char* in = "What is easy to do is easy not to do."; + size_t inlen = XSTRLEN(in); + size_t outEncLen = 0; + byte* outEnc = NULL; + byte* outDec = NULL; + size_t outDecLen = 0; + size_t rsaKeySz = 2048/8; /* Bytes */ +#if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING) + byte* inTmp = NULL; + byte* outEncTmp = NULL; + byte* outDecTmp = NULL; +#endif + + ExpectNotNull(outEnc = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + if (outEnc != NULL) { + XMEMSET(outEnc, 0, rsaKeySz); + } + ExpectNotNull(outDec = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + if (outDec != NULL) { + XMEMSET(outDec, 0, rsaKeySz); + } + + ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + RSA_free(rsa); + } + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING), + WOLFSSL_SUCCESS); + + /* Test pkey references count is decremented. pkey shouldn't be destroyed + since ctx uses it.*/ + ExpectIntEQ(pkey->ref.count, 2); + EVP_PKEY_free(pkey); + ExpectIntEQ(pkey->ref.count, 1); + + /* Encrypt data */ + /* Check that we can get the required output buffer length by passing in a + * NULL output buffer. */ + ExpectIntEQ(EVP_PKEY_encrypt(ctx, NULL, &outEncLen, + (const unsigned char*)in, inlen), WOLFSSL_SUCCESS); + ExpectIntEQ(rsaKeySz, outEncLen); + /* Now do the actual encryption. */ + ExpectIntEQ(EVP_PKEY_encrypt(ctx, outEnc, &outEncLen, + (const unsigned char*)in, inlen), WOLFSSL_SUCCESS); + + /* Decrypt data */ + ExpectIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS); + /* Check that we can get the required output buffer length by passing in a + * NULL output buffer. */ + ExpectIntEQ(EVP_PKEY_decrypt(ctx, NULL, &outDecLen, outEnc, outEncLen), + WOLFSSL_SUCCESS); + ExpectIntEQ(rsaKeySz, outDecLen); + /* Now do the actual decryption. */ + ExpectIntEQ(EVP_PKEY_decrypt(ctx, outDec, &outDecLen, outEnc, outEncLen), + WOLFSSL_SUCCESS); + + ExpectIntEQ(XMEMCMP(in, outDec, outDecLen), 0); + +#if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING) + /* The input length must be the same size as the RSA key.*/ + ExpectNotNull(inTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + if (inTmp != NULL) { + XMEMSET(inTmp, 9, rsaKeySz); + } + ExpectNotNull(outEncTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + if (outEncTmp != NULL) { + XMEMSET(outEncTmp, 0, rsaKeySz); + } + ExpectNotNull(outDecTmp = (byte*)XMALLOC(rsaKeySz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + if (outDecTmp != NULL) { + XMEMSET(outDecTmp, 0, rsaKeySz); + } + ExpectIntEQ(EVP_PKEY_encrypt_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_encrypt(ctx, outEncTmp, &outEncLen, inTmp, rsaKeySz), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_decrypt_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_decrypt(ctx, outDecTmp, &outDecLen, outEncTmp, + outEncLen), WOLFSSL_SUCCESS); + ExpectIntEQ(XMEMCMP(inTmp, outDecTmp, outDecLen), 0); +#endif + EVP_PKEY_CTX_free(ctx); + XFREE(outEnc, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(outDec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#if !defined(HAVE_FIPS) && defined(WC_RSA_NO_PADDING) + XFREE(inTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(outEncTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(outDecTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + #ifndef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY + #define TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY + #endif +#endif +#endif +#if defined(OPENSSL_EXTRA) +#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) + #ifndef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY + #define TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY + #endif +#endif +#endif +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + #ifndef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY + #define TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY + #endif +#endif +#endif + +#ifdef TEST_WOLFSSL_EVP_PKEY_SIGN_VERIFY +static int test_wolfSSL_EVP_PKEY_sign_verify(int keyType) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + WOLFSSL_RSA* rsa = NULL; +#endif +#endif +#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) + WOLFSSL_DSA* dsa = NULL; +#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + WOLFSSL_EC_KEY* ecKey = NULL; +#endif +#endif + WOLFSSL_EVP_PKEY* pkey = NULL; + WOLFSSL_EVP_PKEY_CTX* ctx = NULL; + WOLFSSL_EVP_PKEY_CTX* ctx_verify = NULL; + const char* in = "What is easy to do is easy not to do."; + size_t inlen = XSTRLEN(in); + byte hash[SHA256_DIGEST_LENGTH] = {0}; + byte zero[SHA256_DIGEST_LENGTH] = {0}; + SHA256_CTX c; + byte* sig = NULL; + byte* sigVerify = NULL; + size_t siglen; + size_t siglenOnlyLen; + size_t keySz = 2048/8; /* Bytes */ + + ExpectNotNull(sig = + (byte*)XMALLOC(keySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); + ExpectNotNull(sigVerify = + (byte*)XMALLOC(keySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); + + siglen = keySz; + ExpectNotNull(XMEMSET(sig, 0, keySz)); + ExpectNotNull(XMEMSET(sigVerify, 0, keySz)); + + /* Generate hash */ + SHA256_Init(&c); + SHA256_Update(&c, in, inlen); + SHA256_Final(hash, &c); +#ifdef WOLFSSL_SMALL_STACK_CACHE + /* workaround for small stack cache case */ + wc_Sha256Free((wc_Sha256*)&c); +#endif + + /* Generate key */ + ExpectNotNull(pkey = EVP_PKEY_new()); + switch (keyType) { + case EVP_PKEY_RSA: +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + { + ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); + ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); + } +#endif +#endif + break; + case EVP_PKEY_DSA: +#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) + ExpectNotNull(dsa = DSA_new()); + ExpectIntEQ(DSA_generate_parameters_ex(dsa, 2048, + NULL, 0, NULL, NULL, NULL), 1); + ExpectIntEQ(DSA_generate_key(dsa), 1); + ExpectIntEQ(EVP_PKEY_set1_DSA(pkey, dsa), WOLFSSL_SUCCESS); +#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ + break; + case EVP_PKEY_EC: +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + { + ExpectNotNull(ecKey = EC_KEY_new()); + ExpectIntEQ(EC_KEY_generate_key(ecKey), 1); + ExpectIntEQ( + EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + EC_KEY_free(ecKey); + } + } +#endif +#endif + break; + } + ExpectNotNull(ctx = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + if (keyType == EVP_PKEY_RSA) + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING), + WOLFSSL_SUCCESS); +#endif +#endif + + /* Check returning only length */ + ExpectIntEQ(EVP_PKEY_sign(ctx, NULL, &siglenOnlyLen, hash, + SHA256_DIGEST_LENGTH), WOLFSSL_SUCCESS); + ExpectIntGT(siglenOnlyLen, 0); + /* Sign data */ + ExpectIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, hash, + SHA256_DIGEST_LENGTH), WOLFSSL_SUCCESS); + ExpectIntGE(siglenOnlyLen, siglen); + + /* Verify signature */ + ExpectNotNull(ctx_verify = EVP_PKEY_CTX_new(pkey, NULL)); + ExpectIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS); +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + if (keyType == EVP_PKEY_RSA) + ExpectIntEQ( + EVP_PKEY_CTX_set_rsa_padding(ctx_verify, RSA_PKCS1_PADDING), + WOLFSSL_SUCCESS); +#endif +#endif + ExpectIntEQ(EVP_PKEY_verify( + ctx_verify, sig, siglen, hash, SHA256_DIGEST_LENGTH), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_verify( + ctx_verify, sig, siglen, zero, SHA256_DIGEST_LENGTH), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + if (keyType == EVP_PKEY_RSA) { + #if defined(WC_RSA_NO_PADDING) || defined(WC_RSA_DIRECT) + /* Try RSA sign/verify with no padding. */ + ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_NO_PADDING), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_sign(ctx, sigVerify, &siglen, sig, + siglen), WOLFSSL_SUCCESS); + ExpectIntGE(siglenOnlyLen, siglen); + ExpectIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify, + RSA_NO_PADDING), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_verify(ctx_verify, sigVerify, siglen, sig, + siglen), WOLFSSL_SUCCESS); + #endif + + /* Wrong padding schemes. */ + ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, + RSA_PKCS1_OAEP_PADDING), WOLFSSL_SUCCESS); + ExpectIntNE(EVP_PKEY_sign(ctx, sigVerify, &siglen, sig, + siglen), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_verify_init(ctx_verify), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify, + RSA_PKCS1_OAEP_PADDING), WOLFSSL_SUCCESS); + ExpectIntNE(EVP_PKEY_verify(ctx_verify, sigVerify, siglen, sig, + siglen), WOLFSSL_SUCCESS); + + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx, RSA_PKCS1_PADDING), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set_rsa_padding(ctx_verify, + RSA_PKCS1_PADDING), WOLFSSL_SUCCESS); + } +#endif +#endif + + /* error cases */ + siglen = keySz; /* Reset because sig size may vary slightly */ + ExpectIntNE(EVP_PKEY_sign_init(NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_sign_init(ctx), WOLFSSL_SUCCESS); + ExpectIntNE(EVP_PKEY_sign(NULL, sig, &siglen, (byte*)in, inlen), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_sign(ctx, sig, &siglen, (byte*)in, inlen), + WOLFSSL_SUCCESS); + + EVP_PKEY_free(pkey); + pkey = NULL; +#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) + DSA_free(dsa); + dsa = NULL; +#endif /* !NO_DSA && !HAVE_SELFTEST && WOLFSSL_KEY_GEN */ + EVP_PKEY_CTX_free(ctx_verify); + ctx_verify = NULL; + EVP_PKEY_CTX_free(ctx); + ctx = NULL; + + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(sigVerify, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_EVP_PKEY_sign_verify_rsa(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_RSA), TEST_SUCCESS); +#endif +#endif + return EXPECT_RESULT(); +} +static int test_wolfSSL_EVP_PKEY_sign_verify_dsa(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) +#if !defined (NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) + ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_DSA), TEST_SUCCESS); +#endif +#endif + return EXPECT_RESULT(); +} +static int test_wolfSSL_EVP_PKEY_sign_verify_ec(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + ExpectIntEQ(test_wolfSSL_EVP_PKEY_sign_verify(EVP_PKEY_EC), TEST_SUCCESS); +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_EVP_PKEY_rsa(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) + WOLFSSL_RSA* rsa = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + + ExpectNotNull(rsa = wolfSSL_RSA_new()); + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectIntEQ(EVP_PKEY_assign_RSA(NULL, rsa), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_PKEY_assign_RSA(pkey, rsa), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_RSA_free(rsa); + } + ExpectPtrEq(EVP_PKEY_get0_RSA(pkey), rsa); + wolfSSL_EVP_PKEY_free(pkey); +#endif + return EXPECT_RESULT(); +} + +static int test_EVP_PKEY_ec(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + WOLFSSL_EC_KEY* ecKey = NULL; + WOLFSSL_EVP_PKEY* pkey = NULL; + + ExpectNotNull(ecKey = wolfSSL_EC_KEY_new()); + ExpectNotNull(pkey = wolfSSL_EVP_PKEY_new()); + ExpectIntEQ(EVP_PKEY_assign_EC_KEY(NULL, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Should fail since ecKey is empty */ + ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); + ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ecKey), WOLFSSL_SUCCESS); + if (EXPECT_FAIL()) { + wolfSSL_EC_KEY_free(ecKey); + } + wolfSSL_EVP_PKEY_free(pkey); +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_EVP_PKEY_cmp(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + EVP_PKEY *a = NULL; + EVP_PKEY *b = NULL; + const unsigned char *in; + +#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) + in = client_key_der_2048; + ExpectNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + &in, (long)sizeof_client_key_der_2048)); + in = client_key_der_2048; + ExpectNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + &in, (long)sizeof_client_key_der_2048)); + + /* Test success case RSA */ +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + ExpectIntEQ(EVP_PKEY_cmp(a, b), 1); +#else + ExpectIntEQ(EVP_PKEY_cmp(a, b), 0); +#endif /* WOLFSSL_ERROR_CODE_OPENSSL */ + + EVP_PKEY_free(b); + b = NULL; + EVP_PKEY_free(a); + a = NULL; +#endif + +#if defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + in = ecc_clikey_der_256; + ExpectNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, + &in, (long)sizeof_ecc_clikey_der_256)); + in = ecc_clikey_der_256; + ExpectNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, + &in, (long)sizeof_ecc_clikey_der_256)); + + /* Test success case ECC */ +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + ExpectIntEQ(EVP_PKEY_cmp(a, b), 1); +#else + ExpectIntEQ(EVP_PKEY_cmp(a, b), 0); +#endif /* WOLFSSL_ERROR_CODE_OPENSSL */ + + EVP_PKEY_free(b); + b = NULL; + EVP_PKEY_free(a); + a = NULL; +#endif + + /* Test failure cases */ +#if !defined(NO_RSA) && defined(USE_CERT_BUFFERS_2048) && \ + defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + + in = client_key_der_2048; + ExpectNotNull(a = wolfSSL_d2i_PrivateKey(EVP_PKEY_RSA, NULL, + &in, (long)sizeof_client_key_der_2048)); + in = ecc_clikey_der_256; + ExpectNotNull(b = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, + &in, (long)sizeof_ecc_clikey_der_256)); + +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + ExpectIntEQ(EVP_PKEY_cmp(a, b), -1); +#else + ExpectIntNE(EVP_PKEY_cmp(a, b), 0); +#endif /* WOLFSSL_ERROR_CODE_OPENSSL */ + EVP_PKEY_free(b); + b = NULL; + EVP_PKEY_free(a); + a = NULL; +#endif + + /* invalid or empty failure cases */ + a = EVP_PKEY_new(); + b = EVP_PKEY_new(); +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + ExpectIntEQ(EVP_PKEY_cmp(NULL, NULL), 0); + ExpectIntEQ(EVP_PKEY_cmp(a, NULL), 0); + ExpectIntEQ(EVP_PKEY_cmp(NULL, b), 0); +#ifdef NO_RSA + /* Type check will fail since RSA is the default EVP key type */ + ExpectIntEQ(EVP_PKEY_cmp(a, b), -2); +#else + ExpectIntEQ(EVP_PKEY_cmp(a, b), 0); +#endif +#else + ExpectIntNE(EVP_PKEY_cmp(NULL, NULL), 0); + ExpectIntNE(EVP_PKEY_cmp(a, NULL), 0); + ExpectIntNE(EVP_PKEY_cmp(NULL, b), 0); + ExpectIntNE(EVP_PKEY_cmp(a, b), 0); +#endif + EVP_PKEY_free(b); + EVP_PKEY_free(a); + + (void)in; +#endif + return EXPECT_RESULT(); +} + +static int test_ERR_load_crypto_strings(void) +{ +#if defined(OPENSSL_ALL) + ERR_load_crypto_strings(); + return TEST_SUCCESS; +#else + return TEST_SKIPPED; +#endif +} + +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) +static WOLFSSL_X509 x1; +static WOLFSSL_X509 x2; +static void free_x509(X509* x) +{ + AssertIntEQ((x == &x1 || x == &x2), 1); +} +#endif + +static int test_sk_X509(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) + { + STACK_OF(X509)* s = NULL; + + ExpectNotNull(s = wolfSSL_sk_X509_new(NULL)); + ExpectIntEQ(sk_X509_num(s), 0); + sk_X509_pop_free(s, NULL); + + ExpectNotNull(s = sk_X509_new_null()); + ExpectIntEQ(sk_X509_num(s), 0); + sk_X509_pop_free(s, NULL); + + ExpectNotNull(s = sk_X509_new_null()); + + /* Test invalid parameters. */ + ExpectIntEQ(sk_X509_push(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(sk_X509_push(s, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(sk_X509_push(NULL, (X509*)1), WOLFSSL_FAILURE); + ExpectNull(sk_X509_pop(NULL)); + ExpectNull(sk_X509_value(NULL, 0)); + ExpectNull(sk_X509_value(NULL, 1)); + + sk_X509_push(s, &x1); + ExpectIntEQ(sk_X509_num(s), 1); + ExpectIntEQ((sk_X509_value(s, 0) == &x1), 1); + sk_X509_push(s, &x2); + ExpectIntEQ(sk_X509_num(s), 2); + ExpectNull(sk_X509_value(s, 2)); + ExpectIntEQ((sk_X509_value(s, 0) == &x1), 1); + ExpectIntEQ((sk_X509_value(s, 1) == &x2), 1); + sk_X509_push(s, &x2); + + sk_X509_pop_free(s, free_x509); + } + + { + /* Push a list of 10 X509s onto stack, then verify that + * value(), push(), shift(), and pop() behave as expected. */ + STACK_OF(X509)* s = NULL; + X509* xList[10]; + int i = 0; + const int len = (sizeof(xList) / sizeof(xList[0])); + + for (i = 0; i < len; ++i) { + xList[i] = NULL; + ExpectNotNull(xList[i] = X509_new()); + } + + /* test push, pop, and free */ + ExpectNotNull(s = sk_X509_new_null()); + + for (i = 0; i < len; ++i) { + sk_X509_push(s, xList[i]); + ExpectIntEQ(sk_X509_num(s), i + 1); + ExpectIntEQ((sk_X509_value(s, 0) == xList[0]), 1); + ExpectIntEQ((sk_X509_value(s, i) == xList[i]), 1); + } + + /* pop returns and removes last pushed on stack, which is the last index + * in sk_x509_value */ + for (i = len-1; i >= 0; --i) { + X509 * x = sk_X509_value(s, i); + X509 * y = sk_X509_pop(s); + X509 * z = xList[i]; + + ExpectPtrEq(x, y); + ExpectPtrEq(x, z); + ExpectIntEQ(sk_X509_num(s), i); + } + + sk_free(s); + s = NULL; + + /* test push, shift, and free */ + ExpectNotNull(s = sk_X509_new_null()); + + for (i = 0; i < len; ++i) { + sk_X509_push(s, xList[i]); + ExpectIntEQ(sk_X509_num(s), i + 1); + ExpectIntEQ((sk_X509_value(s, 0) == xList[0]), 1); + ExpectIntEQ((sk_X509_value(s, i) == xList[i]), 1); + } + + /* shift returns and removes first pushed on stack, which is index i + * in sk_x509_value() */ + for (i = 0; i < len; ++i) { + X509 * x = sk_X509_value(s, 0); + X509 * y = sk_X509_shift(s); + X509 * z = xList[i]; + + ExpectIntEQ((x == y), 1); + ExpectIntEQ((x == z), 1); + ExpectIntEQ(sk_X509_num(s), len - 1 - i); + } + ExpectNull(sk_X509_shift(NULL)); + ExpectNull(sk_X509_shift(s)); + + sk_free(s); + + for (i = 0; i < len; ++i) + X509_free(xList[i]); + } +#endif + return EXPECT_RESULT(); +} + +static int test_sk_X509_CRL(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && defined(HAVE_CRL) && \ + !defined(NO_RSA) + X509_CRL* crl = NULL; + XFILE fp = XBADFILE; + STACK_OF(X509_CRL)* s = NULL; +#ifndef NO_BIO + BIO* bio = NULL; +#endif +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) + RevokedCert* rev = NULL; + byte buff[1024]; + int len = 0; +#endif +#if (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)) || \ + !defined(NO_BIO) + X509_CRL empty; +#endif + WOLFSSL_X509_REVOKED revoked; + WOLFSSL_ASN1_INTEGER* asnInt = NULL; + const WOLFSSL_ASN1_INTEGER* sn = NULL; + +#if (!defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM)) || \ + !defined(NO_BIO) + XMEMSET(&empty, 0, sizeof(X509_CRL)); +#endif + +#ifndef NO_BIO + ExpectNotNull(bio = BIO_new_file("./certs/crl/crl.der", "rb")); + ExpectNull(wolfSSL_d2i_X509_CRL_bio(NULL, NULL)); + ExpectNotNull(crl = wolfSSL_d2i_X509_CRL_bio(bio, NULL)); + BIO_free(bio); + bio = NULL; + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(wolfSSL_X509_CRL_print(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_CRL_print(bio, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_CRL_print(NULL, crl), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_CRL_print(bio, &empty), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_CRL_print(bio, crl), WOLFSSL_SUCCESS); +#ifndef NO_ASN_TIME + ExpectIntEQ(BIO_get_mem_data(bio, NULL), 1466); +#else + ExpectIntEQ(BIO_get_mem_data(bio, NULL), 1324); +#endif + BIO_free(bio); + + wolfSSL_X509_CRL_free(crl); + crl = NULL; +#endif + +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) + ExpectTrue((fp = XFOPEN("./certs/crl/crl.der", "rb")) != XBADFILE); + ExpectNotNull(crl = d2i_X509_CRL_fp(fp, (X509_CRL **)NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + wolfSSL_X509_CRL_free(crl); + crl = NULL; + + ExpectTrue((fp = XFOPEN("./certs/crl/crl.der", "rb")) != XBADFILE); + ExpectIntEQ(len = (int)XFREAD(buff, 1, sizeof(buff), fp), 520); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectNull(crl = d2i_X509_CRL((X509_CRL **)NULL, NULL, len)); + ExpectNotNull(crl = d2i_X509_CRL((X509_CRL **)NULL, buff, len)); + ExpectNotNull(rev = crl->crlList->certs); + + ExpectNull(wolfSSL_X509_CRL_get_issuer_name(NULL)); + ExpectNull(wolfSSL_X509_CRL_get_issuer_name(&empty)); + ExpectIntEQ(wolfSSL_X509_CRL_version(NULL), 0); + ExpectIntEQ(wolfSSL_X509_CRL_version(&empty), 0); + ExpectIntEQ(wolfSSL_X509_CRL_get_signature_type(NULL), 0); + ExpectIntEQ(wolfSSL_X509_CRL_get_signature_type(&empty), 0); + ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(NULL), 0); + ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(&empty), 0); + ExpectIntEQ(wolfSSL_X509_CRL_get_signature(NULL, NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl , NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_CRL_get_signature(NULL, NULL, &len), BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_CRL_get_signature(&empty, NULL, &len), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(NULL, NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev , NULL, NULL), + BAD_FUNC_ARG); + ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(NULL, NULL, &len), + BAD_FUNC_ARG); + ExpectNull(wolfSSL_X509_CRL_get_lastUpdate(NULL)); + ExpectNull(wolfSSL_X509_CRL_get_lastUpdate(&empty)); + ExpectNull(wolfSSL_X509_CRL_get_nextUpdate(NULL)); + ExpectNull(wolfSSL_X509_CRL_get_nextUpdate(&empty)); + + ExpectNotNull(wolfSSL_X509_CRL_get_issuer_name(crl)); + ExpectIntEQ(wolfSSL_X509_CRL_version(crl), 2); + ExpectIntEQ(wolfSSL_X509_CRL_get_signature_type(crl), CTC_SHA256wRSA); + ExpectIntEQ(wolfSSL_X509_CRL_get_signature_nid(crl), + WC_NID_sha256WithRSAEncryption); + ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, NULL, &len), + WOLFSSL_SUCCESS); + ExpectIntEQ(len, 256); + len--; + ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, buff, &len), BUFFER_E); + len += 2; + ExpectIntEQ(wolfSSL_X509_CRL_get_signature(crl, buff, &len), + WOLFSSL_SUCCESS); + ExpectIntEQ(len, 256); + ExpectNotNull(wolfSSL_X509_CRL_get_lastUpdate(crl)); + ExpectNotNull(wolfSSL_X509_CRL_get_nextUpdate(crl)); + + ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev, NULL, &len), + WOLFSSL_SUCCESS); + ExpectIntEQ(len, 1); + len--; + ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev, buff, &len), + BUFFER_E); + len += 2; + ExpectIntEQ(wolfSSL_X509_REVOKED_get_serial_number(rev, buff, &len), + WOLFSSL_SUCCESS); + ExpectIntEQ(len, 1); + +#ifndef NO_WOLFSSL_STUB + ExpectIntEQ(wolfSSL_sk_X509_REVOKED_num(NULL), 0); + ExpectIntEQ(wolfSSL_sk_X509_REVOKED_num(&revoked), 0); + ExpectNull(wolfSSL_X509_CRL_get_REVOKED(NULL)); + ExpectNull(wolfSSL_X509_CRL_get_REVOKED(crl)); + ExpectNull(wolfSSL_sk_X509_REVOKED_value(NULL, 0)); + ExpectNull(wolfSSL_sk_X509_REVOKED_value(&revoked, 0)); + ExpectIntEQ(wolfSSL_X509_CRL_verify(NULL, NULL), 0); + ExpectIntEQ(X509_OBJECT_set1_X509_CRL(NULL, NULL), 0); + ExpectIntEQ(X509_OBJECT_set1_X509(NULL, NULL), 0); +#endif + + wolfSSL_X509_CRL_free(crl); + crl = NULL; +#endif + + ExpectNotNull(asnInt = wolfSSL_ASN1_INTEGER_new()); + ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(asnInt, 1), 1); + revoked.serialNumber = asnInt; + ExpectNull(wolfSSL_X509_REVOKED_get0_serial_number(NULL)); + ExpectNotNull(sn = wolfSSL_X509_REVOKED_get0_serial_number(&revoked)); + ExpectPtrEq(sn, asnInt); +#ifndef NO_WOLFSSL_STUB + ExpectNull(wolfSSL_X509_REVOKED_get0_revocation_date(NULL)); + ExpectNull(wolfSSL_X509_REVOKED_get0_revocation_date(&revoked)); +#endif + wolfSSL_ASN1_INTEGER_free(asnInt); + + ExpectTrue((fp = XFOPEN("./certs/crl/crl.pem", "rb")) != XBADFILE); + ExpectNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, + NULL, NULL)); + if (fp != XBADFILE) + XFCLOSE(fp); + + ExpectNotNull(s = sk_X509_CRL_new()); + + ExpectIntEQ(sk_X509_CRL_push(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(sk_X509_CRL_push(NULL, crl), WOLFSSL_FAILURE); + ExpectIntEQ(sk_X509_CRL_push(s, NULL), WOLFSSL_FAILURE); + ExpectNull(sk_X509_CRL_value(NULL, 0)); + ExpectIntEQ(sk_X509_CRL_num(NULL), 0); + + ExpectIntEQ(sk_X509_CRL_num(s), 0); + ExpectIntEQ(sk_X509_CRL_push(s, crl), 1); + if (EXPECT_FAIL()) { + X509_CRL_free(crl); + } + ExpectIntEQ(sk_X509_CRL_num(s), 1); + ExpectPtrEq(sk_X509_CRL_value(s, 0), crl); + + sk_X509_CRL_free(s); +#endif + return EXPECT_RESULT(); +} + +static int test_X509_get_signature_nid(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509* x509 = NULL; + + ExpectIntEQ(X509_get_signature_nid(NULL), 0); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM)); + ExpectIntEQ(X509_get_signature_nid(x509), NID_sha256WithRSAEncryption); + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_X509_REQ(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO) + X509_NAME* name = NULL; +#ifndef NO_RSA + X509_NAME* subject = NULL; +#endif +#if !defined(NO_RSA) || defined(HAVE_ECC) + X509_REQ* req = NULL; + EVP_PKEY* priv = NULL; + EVP_PKEY* pub = NULL; + unsigned char* der = NULL; + int len; +#endif +#ifndef NO_RSA + EVP_MD_CTX *mctx = NULL; + EVP_PKEY_CTX *pkctx = NULL; + #ifdef USE_CERT_BUFFERS_1024 + const unsigned char* rsaPriv = (const unsigned char*)client_key_der_1024; + const unsigned char* rsaPub = (unsigned char*)client_keypub_der_1024; + #elif defined(USE_CERT_BUFFERS_2048) + const unsigned char* rsaPriv = (const unsigned char*)client_key_der_2048; + const unsigned char* rsaPub = (unsigned char*)client_keypub_der_2048; + #endif +#endif +#ifdef HAVE_ECC + const unsigned char* ecPriv = (const unsigned char*)ecc_clikey_der_256; + const unsigned char* ecPub = (unsigned char*)ecc_clikeypub_der_256; + BIO* bio = NULL; +#endif + unsigned char tooLongPassword[WC_CTC_NAME_SIZE + 1]; + + XMEMSET(tooLongPassword, 0, sizeof(tooLongPassword)); + + ExpectNotNull(name = X509_NAME_new()); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "commonName", MBSTRING_UTF8, + (byte*)"wolfssl.com", 11, 0, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_NAME_add_entry_by_txt(name, "emailAddress", MBSTRING_UTF8, + (byte*)"support@wolfssl.com", 19, -1, 1), WOLFSSL_SUCCESS); + +#ifndef NO_RSA + ExpectNotNull(priv = d2i_PrivateKey(EVP_PKEY_RSA, NULL, &rsaPriv, + (long)sizeof_client_key_der_2048)); + ExpectNotNull(pub = d2i_PUBKEY(NULL, &rsaPub, + (long)sizeof_client_keypub_der_2048)); + ExpectNotNull(req = X509_REQ_new()); + ExpectIntEQ(X509_REQ_set_subject_name(NULL, name), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_REQ_set_subject_name(req, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_REQ_set_pubkey(NULL, pub), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_REQ_set_pubkey(req, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_REQ_sign(NULL, priv, EVP_sha256()), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_REQ_sign(req, NULL, EVP_sha256()), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_REQ_sign(req, priv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS); + ExpectIntEQ(i2d_X509_REQ(NULL, NULL), BAD_FUNC_ARG); + ExpectIntEQ(i2d_X509_REQ(req, NULL), BAD_FUNC_ARG); + ExpectIntEQ(i2d_X509_REQ(NULL, &der), BAD_FUNC_ARG); + len = i2d_X509_REQ(req, &der); + DEBUG_WRITE_DER(der, len, "req.der"); +#ifdef USE_CERT_BUFFERS_1024 + ExpectIntEQ(len, 381); +#else + ExpectIntEQ(len, 643); +#endif + XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + der = NULL; + + mctx = EVP_MD_CTX_new(); + ExpectIntEQ(EVP_DigestSignInit(mctx, &pkctx, EVP_sha256(), NULL, priv), + WOLFSSL_SUCCESS); + ExpectIntEQ(X509_REQ_sign_ctx(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(X509_REQ_sign_ctx(req, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(X509_REQ_sign_ctx(NULL, mctx), WOLFSSL_FAILURE); + ExpectIntEQ(X509_REQ_sign_ctx(req, mctx), WOLFSSL_SUCCESS); + + EVP_MD_CTX_free(mctx); + mctx = NULL; + X509_REQ_free(NULL); + X509_REQ_free(req); + req = NULL; + + /* Test getting the subject from a newly created X509_REQ */ + ExpectNotNull(req = X509_REQ_new()); + ExpectNotNull(subject = X509_REQ_get_subject_name(req)); + ExpectIntEQ(X509_NAME_add_entry_by_NID(subject, NID_commonName, + MBSTRING_UTF8, (unsigned char*)"www.wolfssl.com", -1, -1, 0), 1); + ExpectIntEQ(X509_NAME_add_entry_by_NID(subject, NID_countryName, + MBSTRING_UTF8, (unsigned char*)"US", -1, -1, 0), 1); + ExpectIntEQ(X509_NAME_add_entry_by_NID(subject, NID_localityName, + MBSTRING_UTF8, (unsigned char*)"Bozeman", -1, -1, 0), 1); + ExpectIntEQ(X509_NAME_add_entry_by_NID(subject, NID_stateOrProvinceName, + MBSTRING_UTF8, (unsigned char*)"Montana", -1, -1, 0), 1); + ExpectIntEQ(X509_NAME_add_entry_by_NID(subject, NID_organizationName, + MBSTRING_UTF8, (unsigned char*)"wolfSSL", -1, -1, 0), 1); + ExpectIntEQ(X509_NAME_add_entry_by_NID(subject, NID_organizationalUnitName, + MBSTRING_UTF8, (unsigned char*)"Testing", -1, -1, 0), 1); + ExpectIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS); + len = i2d_X509_REQ(req, &der); + DEBUG_WRITE_DER(der, len, "req2.der"); +#ifdef USE_CERT_BUFFERS_1024 + ExpectIntEQ(len, 435); +#else + ExpectIntEQ(len, 696); +#endif + XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + der = NULL; + + EVP_PKEY_free(pub); + pub = NULL; + EVP_PKEY_free(priv); + priv = NULL; + X509_REQ_free(req); + req = NULL; +#endif +#ifdef HAVE_ECC + ExpectNotNull(priv = wolfSSL_d2i_PrivateKey(EVP_PKEY_EC, NULL, &ecPriv, + sizeof_ecc_clikey_der_256)); + ExpectNotNull(pub = wolfSSL_d2i_PUBKEY(NULL, &ecPub, + sizeof_ecc_clikeypub_der_256)); + ExpectNotNull(req = X509_REQ_new()); + ExpectIntEQ(X509_REQ_set_subject_name(req, name), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_REQ_set_pubkey(req, pub), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_REQ_sign(req, priv, EVP_sha256()), WOLFSSL_SUCCESS); + /* Signature is random and may be shorter or longer. */ + ExpectIntGE((len = i2d_X509_REQ(req, &der)), 245); + ExpectIntLE(len, 253); + ExpectNotNull(bio = BIO_new_fp(stderr, BIO_NOCLOSE)); + ExpectIntEQ(X509_REQ_print(bio, req), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_REQ_print(bio, NULL), WOLFSSL_FAILURE); + BIO_free(bio); + XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + X509_REQ_free(req); + req = NULL; + EVP_PKEY_free(pub); + EVP_PKEY_free(priv); + +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif +#endif /* HAVE_ECC */ + + X509_NAME_free(name); + + ExpectNull(wolfSSL_X509_REQ_get_extensions(NULL)); + /* Stub function. */ + ExpectNull(wolfSSL_X509_to_X509_REQ(NULL, NULL, NULL)); + + ExpectNotNull(req = X509_REQ_new()); +#ifdef HAVE_LIBEST + ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, NULL, + WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, NULL, + WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, "name", + WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, NULL, + WOLFSSL_MBSTRING_ASC, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, NULL, + WOLFSSL_MBSTRING_UTF8, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE); + + + ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, "name", + WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, NULL, + WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "name", + WOLFSSL_MBSTRING_UTF8, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "name", + WOLFSSL_MBSTRING_ASC, NULL, 0), WOLFSSL_FAILURE); + + /* Unsupported bytes. */ + ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "name", + WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.23", 16), WOLFSSL_FAILURE); + + ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "MAC Address", + WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "ecpublicKey", + WOLFSSL_MBSTRING_ASC, (byte*)"1.2.840.10045.2.1", -1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "ecdsa-with-SHA384", + WOLFSSL_MBSTRING_ASC, (byte*)"1.2.840.10045.4.3.3", -1), + WOLFSSL_SUCCESS); +#else + /* Stub function. */ + ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(NULL, NULL, + WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_X509_REQ_add1_attr_by_txt(req, "MAC Address", + WOLFSSL_MBSTRING_ASC, (byte*)"1.3.6.1.1.1.1.22", 16), WOLFSSL_FAILURE); +#endif + + ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_subject_alt_name, + WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_subject_alt_name, + WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_subject_alt_name, + WOLFSSL_MBSTRING_ASC, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_pkcs9_challengePassword, + WOLFSSL_MBSTRING_UTF8, NULL, 0), WOLFSSL_FAILURE); + ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_subject_alt_name, + WOLFSSL_MBSTRING_UTF8, (byte*)"password", 8), WOLFSSL_FAILURE); + + ExpectIntEQ(X509_REQ_add1_attr_by_NID(NULL, WC_NID_pkcs9_challengePassword, + WOLFSSL_MBSTRING_ASC, (byte*)"password", 8), WOLFSSL_FAILURE); + ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_subject_alt_name, + WOLFSSL_MBSTRING_ASC, (byte*)"password", 8), WOLFSSL_FAILURE); + ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_challengePassword, + WOLFSSL_MBSTRING_UTF8, (byte*)"password", 8), WOLFSSL_FAILURE); + ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_challengePassword, + WOLFSSL_MBSTRING_ASC, NULL, -1), WOLFSSL_FAILURE); + + ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_challengePassword, + WOLFSSL_MBSTRING_ASC, (byte*)"password", -1), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_challengePassword, + WOLFSSL_MBSTRING_ASC, tooLongPassword, sizeof(tooLongPassword)), + WOLFSSL_FAILURE); + ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_serialNumber, + WOLFSSL_MBSTRING_ASC, (byte*)"123456", -1), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_serialNumber, + WOLFSSL_MBSTRING_ASC, tooLongPassword, sizeof(tooLongPassword)), + WOLFSSL_FAILURE); + ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_unstructuredName, + WOLFSSL_MBSTRING_ASC, (byte*)"name", 4), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_pkcs9_contentType, + WOLFSSL_MBSTRING_ASC, (byte*)"type", 4), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_surname, + WOLFSSL_MBSTRING_ASC, (byte*)"surname", 7), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_initials, + WOLFSSL_MBSTRING_ASC, (byte*)"s.g", 3), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_givenName, + WOLFSSL_MBSTRING_ASC, (byte*)"givenname", 9), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_REQ_add1_attr_by_NID(req, WC_NID_dnQualifier, + WOLFSSL_MBSTRING_ASC, (byte*)"dnQualifier", 11), WOLFSSL_SUCCESS); + + wolfSSL_X509_REQ_free(req); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_REQ_print(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_RSA) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && !defined(NO_BIO) + WOLFSSL_X509* req = NULL; + XFILE fp = XBADFILE; + const char* csrFileName = "certs/csr.attr.der"; + const char* csrExtFileName = "certs/csr.ext.der"; + BIO* bio = NULL; + + ExpectTrue((fp = XFOPEN(csrFileName, "rb")) != XBADFILE); + ExpectNotNull(req = d2i_X509_REQ_fp(fp, NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(wolfSSL_X509_REQ_print(bio, req), WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_get_mem_data(bio, NULL), 2681); + + BIO_free(bio); + bio = NULL; + wolfSSL_X509_REQ_free(req); + req = NULL; + + ExpectTrue((fp = XFOPEN(csrExtFileName, "rb")) != XBADFILE); + ExpectNotNull(req = d2i_X509_REQ_fp(fp, NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + } + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(wolfSSL_X509_REQ_print(bio, req), WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_get_mem_data(bio, NULL), 1889); + + BIO_free(bio); + wolfSSL_X509_REQ_free(req); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfssl_PKCS7(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO) && \ + !defined(NO_RSA) + PKCS7* pkcs7 = NULL; + byte data[FOURK_BUF]; + word32 len = sizeof(data); + const byte* p = data; + byte content[] = "Test data to encode."; +#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048) + BIO* bio = NULL; + byte key[sizeof(client_key_der_2048)]; + word32 keySz = (word32)sizeof(key); + byte* out = NULL; +#endif + + ExpectIntGT((len = (word32)CreatePKCS7SignedData(data, (int)len, content, + (word32)sizeof(content), 0, 0, 0, RSA_TYPE)), 0); + + ExpectNull(pkcs7 = d2i_PKCS7(NULL, NULL, (int)len)); + ExpectNull(pkcs7 = d2i_PKCS7(NULL, &p, 0)); + ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len)); + ExpectIntEQ(wolfSSL_PKCS7_verify(NULL, NULL, NULL, NULL, NULL, + PKCS7_NOVERIFY), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + PKCS7_free(pkcs7); + pkcs7 = NULL; + + /* fail case, without PKCS7_NOVERIFY */ + p = data; + ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len)); + ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL, + 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + PKCS7_free(pkcs7); + pkcs7 = NULL; + + /* success case, with PKCS7_NOVERIFY */ + p = data; + ExpectNotNull(pkcs7 = d2i_PKCS7(NULL, &p, (int)len)); + ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, NULL, NULL, + PKCS7_NOVERIFY), WOLFSSL_SUCCESS); + +#if !defined(NO_RSA) & defined(USE_CERT_BUFFERS_2048) + /* test i2d */ + XMEMCPY(key, client_key_der_2048, keySz); + if (pkcs7 != NULL) { + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)sizeof(key); + pkcs7->encryptOID = RSAk; + #ifdef NO_SHA + pkcs7->hashOID = SHA256h; + #else + pkcs7->hashOID = SHAh; + #endif + } + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(i2d_PKCS7_bio(bio, pkcs7), 1); +#ifndef NO_ASN_TIME + ExpectIntEQ(i2d_PKCS7(pkcs7, &out), 655); +#else + ExpectIntEQ(i2d_PKCS7(pkcs7, &out), 625); +#endif + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + BIO_free(bio); +#endif + + PKCS7_free(NULL); + PKCS7_free(pkcs7); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PKCS7_sign(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_BIO) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + + PKCS7* p7 = NULL; + PKCS7* p7Ver = NULL; + byte* out = NULL; + byte* tmpPtr = NULL; + int outLen = 0; + int flags = 0; + byte data[] = "Test data to encode."; + + const char* cert = "./certs/server-cert.pem"; + const char* key = "./certs/server-key.pem"; + const char* ca = "./certs/ca-cert.pem"; + + WOLFSSL_BIO* certBio = NULL; + WOLFSSL_BIO* keyBio = NULL; + WOLFSSL_BIO* caBio = NULL; + WOLFSSL_BIO* inBio = NULL; + X509* signCert = NULL; + EVP_PKEY* signKey = NULL; + X509* caCert = NULL; + X509_STORE* store = NULL; +#ifndef NO_PKCS7_STREAM + int z; + int ret; +#endif /* !NO_PKCS7_STREAM */ + + /* read signer cert/key into BIO */ + ExpectNotNull(certBio = BIO_new_file(cert, "r")); + ExpectNotNull(keyBio = BIO_new_file(key, "r")); + ExpectNotNull(signCert = PEM_read_bio_X509(certBio, NULL, 0, NULL)); + ExpectNotNull(signKey = PEM_read_bio_PrivateKey(keyBio, NULL, 0, NULL)); + + /* read CA cert into store (for verify) */ + ExpectNotNull(caBio = BIO_new_file(ca, "r")); + ExpectNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL)); + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, caCert), 1); + + /* data to be signed into BIO */ + ExpectNotNull(inBio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); + + /* PKCS7_sign, bad args: signer NULL */ + ExpectNull(p7 = PKCS7_sign(NULL, signKey, NULL, inBio, 0)); + /* PKCS7_sign, bad args: signer key NULL */ + ExpectNull(p7 = PKCS7_sign(signCert, NULL, NULL, inBio, 0)); + /* PKCS7_sign, bad args: in data NULL without PKCS7_STREAM */ + ExpectNull(p7 = PKCS7_sign(signCert, signKey, NULL, NULL, 0)); + /* PKCS7_sign, bad args: PKCS7_NOCERTS flag not supported */ + ExpectNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, PKCS7_NOCERTS)); + /* PKCS7_sign, bad args: PKCS7_PARTIAL flag not supported */ + ExpectNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, PKCS7_PARTIAL)); + + /* TEST SUCCESS: Not detached, not streaming, not MIME */ + { + flags = PKCS7_BINARY; + ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); + ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0); + + /* verify with d2i_PKCS7 */ + tmpPtr = out; + ExpectNotNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen)); + ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); + PKCS7_free(p7Ver); + p7Ver = NULL; + + /* verify with wc_PKCS7_VerifySignedData */ + ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0); + + #ifndef NO_PKCS7_STREAM + /* verify with wc_PKCS7_VerifySignedData streaming */ + wc_PKCS7_Free(p7Ver); + p7Ver = NULL; + ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(p7Ver, HEAP_HINT, INVALID_DEVID), 0); + /* test for streaming */ + ret = -1; + for (z = 0; z < outLen && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + #endif /* !NO_PKCS7_STREAM */ + + /* compare the signer found to expected signer */ + ExpectIntNE(p7Ver->verifyCertSz, 0); + tmpPtr = NULL; + ExpectIntEQ(i2d_X509(signCert, &tmpPtr), p7Ver->verifyCertSz); + ExpectIntEQ(XMEMCMP(tmpPtr, p7Ver->verifyCert, p7Ver->verifyCertSz), 0); + XFREE(tmpPtr, NULL, DYNAMIC_TYPE_OPENSSL); + tmpPtr = NULL; + + wc_PKCS7_Free(p7Ver); + p7Ver = NULL; + + ExpectNotNull(out); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + out = NULL; + PKCS7_free(p7); + p7 = NULL; + } + + /* TEST SUCCESS: Not detached, streaming, not MIME. Also bad arg + * tests for PKCS7_final() while we have a PKCS7 pointer to use */ + { + /* re-populate input BIO, may have been consumed */ + BIO_free(inBio); + inBio = NULL; + ExpectNotNull(inBio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); + + flags = PKCS7_BINARY | PKCS7_STREAM; + ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); + ExpectIntEQ(PKCS7_final(p7, inBio, flags), 1); + ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0); + + /* PKCS7_final, bad args: PKCS7 null */ + ExpectIntEQ(PKCS7_final(NULL, inBio, 0), 0); + /* PKCS7_final, bad args: PKCS7 null */ + ExpectIntEQ(PKCS7_final(p7, NULL, 0), 0); + + tmpPtr = out; + ExpectNotNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen)); + ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); + PKCS7_free(p7Ver); + p7Ver = NULL; + + ExpectNotNull(out); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + out = NULL; + PKCS7_free(p7); + p7 = NULL; + } + + /* TEST SUCCESS: Detached, not streaming, not MIME */ + { + /* re-populate input BIO, may have been consumed */ + BIO_free(inBio); + inBio = NULL; + ExpectNotNull(inBio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); + + flags = PKCS7_BINARY | PKCS7_DETACHED; + ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); + ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0); + ExpectNotNull(out); + + /* verify with wolfCrypt, d2i_PKCS7 does not support detached content */ + ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); + if (p7Ver != NULL) { + p7Ver->content = data; + p7Ver->contentSz = sizeof(data); + } + ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0); + wc_PKCS7_Free(p7Ver); + p7Ver = NULL; + + #ifndef NO_PKCS7_STREAM + /* verify with wc_PKCS7_VerifySignedData streaming */ + ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); + if (p7Ver != NULL) { + p7Ver->content = data; + p7Ver->contentSz = sizeof(data); + } + /* test for streaming */ + if (EXPECT_SUCCESS()) { + ret = -1; + for (z = 0; z < outLen && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + } + wc_PKCS7_Free(p7Ver); + p7Ver = NULL; + #endif /* !NO_PKCS7_STREAM */ + + /* verify expected failure (NULL return) from d2i_PKCS7, it does not + * yet support detached content */ + tmpPtr = out; + ExpectNull(p7Ver = d2i_PKCS7(NULL, (const byte**)&tmpPtr, outLen)); + PKCS7_free(p7Ver); + p7Ver = NULL; + + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + out = NULL; + PKCS7_free(p7); + p7 = NULL; + } + + /* TEST SUCCESS: Detached, streaming, not MIME */ + { + /* re-populate input BIO, may have been consumed */ + BIO_free(inBio); + inBio = NULL; + ExpectNotNull(inBio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); + + flags = PKCS7_BINARY | PKCS7_DETACHED | PKCS7_STREAM; + ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); + ExpectIntEQ(PKCS7_final(p7, inBio, flags), 1); + ExpectIntGT((outLen = i2d_PKCS7(p7, &out)), 0); + + /* verify with wolfCrypt, d2i_PKCS7 does not support detached content */ + ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); + if (p7Ver != NULL) { + p7Ver->content = data; + p7Ver->contentSz = sizeof(data); + } + ExpectIntEQ(wc_PKCS7_VerifySignedData(p7Ver, out, (word32)outLen), 0); + wc_PKCS7_Free(p7Ver); + p7Ver = NULL; + + ExpectNotNull(out); + + #ifndef NO_PKCS7_STREAM + /* verify with wc_PKCS7_VerifySignedData streaming */ + ExpectNotNull(p7Ver = wc_PKCS7_New(HEAP_HINT, testDevId)); + if (p7Ver != NULL) { + p7Ver->content = data; + p7Ver->contentSz = sizeof(data); + } + /* test for streaming */ + if (EXPECT_SUCCESS()) { + ret = -1; + for (z = 0; z < outLen && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(p7Ver, out + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + } + wc_PKCS7_Free(p7Ver); + p7Ver = NULL; + #endif /* !NO_PKCS7_STREAM */ + + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + PKCS7_free(p7); + p7 = NULL; + } + + X509_STORE_free(store); + X509_free(caCert); + X509_free(signCert); + EVP_PKEY_free(signKey); + BIO_free(inBio); + BIO_free(keyBio); + BIO_free(certBio); + BIO_free(caBio); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PKCS7_SIGNED_new(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) + PKCS7_SIGNED* pkcs7 = NULL; + + ExpectNotNull(pkcs7 = PKCS7_SIGNED_new()); + ExpectIntEQ(pkcs7->contentOID, SIGNED_DATA); + + PKCS7_SIGNED_free(pkcs7); +#endif + return EXPECT_RESULT(); +} + +#ifndef NO_BIO + +static int test_wolfSSL_PEM_write_bio_encryptedKey(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) && \ + defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && \ + defined(WOLFSSL_ENCRYPTED_KEYS) && \ + (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_DES3) + RSA* rsaKey = NULL; + RSA* retKey = NULL; + const EVP_CIPHER *cipher = NULL; + BIO* bio = NULL; + BIO* retbio = NULL; + byte* out; + const char* password = "wolfssl"; + word32 passwordSz =(word32)XSTRLEN((char*)password); + int membufSz = 0; + +#if defined(USE_CERT_BUFFERS_2048) + const byte* key = client_key_der_2048; + word32 keySz = sizeof_client_key_der_2048; +#elif defined(USE_CERT_BUFFERS_1024) + const byte* key = client_key_der_1024; + word32 keySz = sizeof_client_key_der_1024; +#endif + /* Import Rsa Key */ + ExpectNotNull(rsaKey = wolfSSL_RSA_new()); + ExpectIntEQ(wolfSSL_RSA_LoadDer_ex(rsaKey, key, keySz, + WOLFSSL_RSA_LOAD_PRIVATE), 1); + + ExpectNotNull(cipher = EVP_des_ede3_cbc()); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(PEM_write_bio_RSAPrivateKey(bio, rsaKey, cipher, + (byte*)password, passwordSz, NULL, NULL), 1); + ExpectIntGT((membufSz = BIO_get_mem_data(bio, &out)), 0); + ExpectNotNull(retbio = BIO_new_mem_buf(out, membufSz)); + ExpectNotNull((retKey = PEM_read_bio_RSAPrivateKey(retbio, NULL, + NULL, (void*)password))); + if (bio != NULL) { + BIO_free(bio); + } + if (retbio != NULL) { + BIO_free(retbio); + } + if (retKey != NULL) { + RSA_free(retKey); + } + if (rsaKey != NULL) { + RSA_free(rsaKey); + } +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_write_bio_PKCS7(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) + PKCS7* pkcs7 = NULL; + BIO* bio = NULL; + const byte* cert_buf = NULL; + int ret = 0; + WC_RNG rng; + const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; +#ifndef NO_RSA + #if defined(USE_CERT_BUFFERS_2048) + byte key[sizeof(client_key_der_2048)]; + byte cert[sizeof(client_cert_der_2048)]; + word32 keySz = (word32)sizeof(key); + word32 certSz = (word32)sizeof(cert); + XMEMSET(key, 0, keySz); + XMEMSET(cert, 0, certSz); + XMEMCPY(key, client_key_der_2048, keySz); + XMEMCPY(cert, client_cert_der_2048, certSz); + #elif defined(USE_CERT_BUFFERS_1024) + byte key[sizeof_client_key_der_1024]; + byte cert[sizeof(sizeof_client_cert_der_1024)]; + word32 keySz = (word32)sizeof(key); + word32 certSz = (word32)sizeof(cert); + XMEMSET(key, 0, keySz); + XMEMSET(cert, 0, certSz); + XMEMCPY(key, client_key_der_1024, keySz); + XMEMCPY(cert, client_cert_der_1024, certSz); + #else + unsigned char cert[ONEK_BUF]; + unsigned char key[ONEK_BUF]; + XFILE fp = XBADFILE; + int certSz; + int keySz; + + ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, + fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) != + XBADFILE); + ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp), + 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + #endif +#elif defined(HAVE_ECC) + #if defined(USE_CERT_BUFFERS_256) + unsigned char cert[sizeof(cliecc_cert_der_256)]; + unsigned char key[sizeof(ecc_clikey_der_256)]; + int certSz = (int)sizeof(cert); + int keySz = (int)sizeof(key); + XMEMSET(cert, 0, certSz); + XMEMSET(key, 0, keySz); + XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); + XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); + #else + unsigned char cert[ONEK_BUF]; + unsigned char key[ONEK_BUF]; + XFILE fp = XBADFILE; + int certSz, keySz; + + ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, + fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) != + XBADFILE); + ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp), + 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + #endif +#else + #error PKCS7 requires ECC or RSA +#endif + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + /* initialize with DER encoded cert */ + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0); + + /* init rng */ + XMEMSET(&rng, 0, sizeof(WC_RNG)); + ExpectIntEQ(wc_InitRng(&rng), 0); + + if (pkcs7 != NULL) { + pkcs7->rng = &rng; + pkcs7->content = (byte*)data; /* not used for ex */ + pkcs7->contentSz = (word32)sizeof(data); + pkcs7->contentOID = SIGNED_DATA; + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)sizeof(key); + pkcs7->encryptOID = RSAk; + #ifdef NO_SHA + pkcs7->hashOID = SHA256h; + #else + pkcs7->hashOID = SHAh; + #endif + pkcs7->signedAttribs = NULL; + pkcs7->signedAttribsSz = 0; + } + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + /* Write PKCS#7 PEM to BIO, the function converts the DER to PEM cert*/ + ExpectIntEQ(PEM_write_bio_PKCS7(bio, pkcs7), WOLFSSL_SUCCESS); + + /* Read PKCS#7 PEM from BIO */ + ret = wolfSSL_BIO_get_mem_data(bio, &cert_buf); + ExpectIntGE(ret, 0); + + BIO_free(bio); + wc_PKCS7_Free(pkcs7); + wc_FreeRng(&rng); +#endif + return EXPECT_RESULT(); +} + +#ifdef HAVE_SMIME +/* // NOLINTBEGIN(clang-analyzer-unix.Stream) */ +static int test_wolfSSL_SMIME_read_PKCS7(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) + PKCS7* pkcs7 = NULL; + BIO* bio = NULL; + BIO* bcont = NULL; + BIO* out = NULL; + const byte* outBuf = NULL; + int outBufLen = 0; + static const char contTypeText[] = "Content-Type: text/plain\r\n\r\n"; + XFILE smimeTestFile = XBADFILE; + + ExpectTrue((smimeTestFile = XFOPEN("./certs/test/smime-test.p7s", "rb")) != + XBADFILE); + + /* smime-test.p7s */ + bio = wolfSSL_BIO_new(wolfSSL_BIO_s_file()); + ExpectNotNull(bio); + ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); + pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); + ExpectNotNull(pkcs7); + ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, + PKCS7_NOVERIFY), SSL_SUCCESS); + if (smimeTestFile != XBADFILE) { + XFCLOSE(smimeTestFile); + smimeTestFile = XBADFILE; + } + if (bcont) BIO_free(bcont); + bcont = NULL; + wolfSSL_PKCS7_free(pkcs7); + pkcs7 = NULL; + + /* smime-test-multipart.p7s */ + smimeTestFile = XFOPEN("./certs/test/smime-test-multipart.p7s", "rb"); + ExpectFalse(smimeTestFile == XBADFILE); + ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); + pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); + ExpectNotNull(pkcs7); + ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, + PKCS7_NOVERIFY), SSL_SUCCESS); + if (smimeTestFile != XBADFILE) { + XFCLOSE(smimeTestFile); + smimeTestFile = XBADFILE; + } + if (bcont) BIO_free(bcont); + bcont = NULL; + wolfSSL_PKCS7_free(pkcs7); + pkcs7 = NULL; + + /* smime-test-multipart-badsig.p7s */ + smimeTestFile = XFOPEN("./certs/test/smime-test-multipart-badsig.p7s", + "rb"); + ExpectFalse(smimeTestFile == XBADFILE); + ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); + pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); + ExpectNotNull(pkcs7); /* can read in the unverified smime bundle */ + ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, + PKCS7_NOVERIFY), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + if (smimeTestFile != XBADFILE) { + XFCLOSE(smimeTestFile); + smimeTestFile = XBADFILE; + } + if (bcont) BIO_free(bcont); + bcont = NULL; + wolfSSL_PKCS7_free(pkcs7); + pkcs7 = NULL; + + /* smime-test-canon.p7s */ + smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "rb"); + ExpectFalse(smimeTestFile == XBADFILE); + ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); + pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); + ExpectNotNull(pkcs7); + ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, NULL, + PKCS7_NOVERIFY), SSL_SUCCESS); + if (smimeTestFile != XBADFILE) { + XFCLOSE(smimeTestFile); + smimeTestFile = XBADFILE; + } + if (bcont) BIO_free(bcont); + bcont = NULL; + wolfSSL_PKCS7_free(pkcs7); + pkcs7 = NULL; + + /* Test PKCS7_TEXT, PKCS7_verify() should remove Content-Type: text/plain */ + smimeTestFile = XFOPEN("./certs/test/smime-test-canon.p7s", "rb"); + ExpectFalse(smimeTestFile == XBADFILE); + ExpectIntEQ(wolfSSL_BIO_set_fp(bio, smimeTestFile, BIO_CLOSE), SSL_SUCCESS); + pkcs7 = wolfSSL_SMIME_read_PKCS7(bio, &bcont); + ExpectNotNull(pkcs7); + out = wolfSSL_BIO_new(BIO_s_mem()); + ExpectNotNull(out); + ExpectIntEQ(wolfSSL_PKCS7_verify(pkcs7, NULL, NULL, bcont, out, + PKCS7_NOVERIFY | PKCS7_TEXT), SSL_SUCCESS); + ExpectIntGT((outBufLen = BIO_get_mem_data(out, &outBuf)), 0); + /* Content-Type should not show up at beginning of output buffer */ + ExpectIntGT(outBufLen, XSTRLEN(contTypeText)); + ExpectIntGT(XMEMCMP(outBuf, contTypeText, XSTRLEN(contTypeText)), 0); + + BIO_free(out); + BIO_free(bio); + if (bcont) BIO_free(bcont); + wolfSSL_PKCS7_free(pkcs7); +#endif + return EXPECT_RESULT(); +} +/* // NOLINTEND(clang-analyzer-unix.Stream) */ + +static int test_wolfSSL_SMIME_write_PKCS7(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_PKCS7) && !defined(NO_RSA) + PKCS7* p7 = NULL; + PKCS7* p7Ver = NULL; + int flags = 0; + byte data[] = "Test data to encode."; + + const char* cert = "./certs/server-cert.pem"; + const char* key = "./certs/server-key.pem"; + const char* ca = "./certs/ca-cert.pem"; + + WOLFSSL_BIO* certBio = NULL; + WOLFSSL_BIO* keyBio = NULL; + WOLFSSL_BIO* caBio = NULL; + WOLFSSL_BIO* inBio = NULL; + WOLFSSL_BIO* outBio = NULL; + WOLFSSL_BIO* content = NULL; + X509* signCert = NULL; + EVP_PKEY* signKey = NULL; + X509* caCert = NULL; + X509_STORE* store = NULL; + + /* read signer cert/key into BIO */ + ExpectNotNull(certBio = BIO_new_file(cert, "r")); + ExpectNotNull(keyBio = BIO_new_file(key, "r")); + ExpectNotNull(signCert = PEM_read_bio_X509(certBio, NULL, 0, NULL)); + ExpectNotNull(signKey = PEM_read_bio_PrivateKey(keyBio, NULL, 0, NULL)); + + /* read CA cert into store (for verify) */ + ExpectNotNull(caBio = BIO_new_file(ca, "r")); + ExpectNotNull(caCert = PEM_read_bio_X509(caBio, NULL, 0, NULL)); + ExpectNotNull(store = X509_STORE_new()); + ExpectIntEQ(X509_STORE_add_cert(store, caCert), 1); + + + /* generate and verify SMIME: not detached */ + { + ExpectNotNull(inBio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); + + flags = PKCS7_STREAM; + ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); + ExpectNotNull(outBio = BIO_new(BIO_s_mem())); + ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1); + + /* bad arg: out NULL */ + ExpectIntEQ(SMIME_write_PKCS7(NULL, p7, inBio, flags), 0); + /* bad arg: pkcs7 NULL */ + ExpectIntEQ(SMIME_write_PKCS7(outBio, NULL, inBio, flags), 0); + + ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content)); + ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); + + BIO_free(content); + content = NULL; + BIO_free(inBio); + inBio = NULL; + BIO_free(outBio); + outBio = NULL; + PKCS7_free(p7Ver); + p7Ver = NULL; + PKCS7_free(p7); + p7 = NULL; + } + + /* generate and verify SMIME: not detached, add Content-Type */ + { + ExpectNotNull(inBio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); + + flags = PKCS7_STREAM | PKCS7_TEXT; + ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); + ExpectNotNull(outBio = BIO_new(BIO_s_mem())); + ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1); + + ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content)); + ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, NULL, NULL, flags), 1); + + BIO_free(content); + content = NULL; + BIO_free(inBio); + inBio = NULL; + BIO_free(outBio); + outBio = NULL; + PKCS7_free(p7Ver); + p7Ver = NULL; + PKCS7_free(p7); + p7 = NULL; + } + + /* generate and verify SMIME: detached */ + { + ExpectNotNull(inBio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); + + flags = PKCS7_DETACHED | PKCS7_STREAM; + ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); + ExpectNotNull(outBio = BIO_new(BIO_s_mem())); + ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1); + + ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content)); + ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, content, NULL, flags), 1); + + BIO_free(content); + content = NULL; + BIO_free(inBio); + inBio = NULL; + BIO_free(outBio); + outBio = NULL; + PKCS7_free(p7Ver); + p7Ver = NULL; + PKCS7_free(p7); + p7 = NULL; + } + + /* generate and verify SMIME: PKCS7_TEXT to add Content-Type header */ + { + ExpectNotNull(inBio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(inBio, data, sizeof(data)), 0); + + flags = PKCS7_STREAM | PKCS7_DETACHED | PKCS7_TEXT; + ExpectNotNull(p7 = PKCS7_sign(signCert, signKey, NULL, inBio, flags)); + ExpectNotNull(outBio = BIO_new(BIO_s_mem())); + ExpectIntEQ(SMIME_write_PKCS7(outBio, p7, inBio, flags), 1); + + ExpectNotNull(p7Ver = SMIME_read_PKCS7(outBio, &content)); + ExpectIntEQ(PKCS7_verify(p7Ver, NULL, store, content, NULL, flags), 1); + + BIO_free(content); + content = NULL; + BIO_free(inBio); + inBio = NULL; + BIO_free(outBio); + outBio = NULL; + PKCS7_free(p7Ver); + p7Ver = NULL; + PKCS7_free(p7); + p7 = NULL; + } + + X509_STORE_free(store); + X509_free(caCert); + X509_free(signCert); + EVP_PKEY_free(signKey); + BIO_free(keyBio); + BIO_free(certBio); + BIO_free(caBio); +#endif + return EXPECT_RESULT(); +} +#endif /* HAVE_SMIME */ +#endif /* !NO_BIO */ + +/* Test of X509 store use outside of SSL context w/ CRL lookup (ALWAYS + * returns 0) */ +static int test_X509_STORE_No_SSL_CTX(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \ + (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \ + defined(HAVE_CRL) && !defined(NO_RSA) + + X509_STORE * store = NULL; + X509_STORE_CTX * storeCtx = NULL; + X509_CRL * crl = NULL; + X509 * ca = NULL; + X509 * cert = NULL; + const char cliCrlPem[] = "./certs/crl/cliCrl.pem"; + const char srvCert[] = "./certs/server-cert.pem"; + const char caCert[] = "./certs/ca-cert.pem"; + const char caDir[] = "./certs/crl/hash_pem"; + XFILE fp = XBADFILE; + X509_LOOKUP * lookup = NULL; + + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + + /* Set up store with CA */ + ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); + + /* Add CRL lookup directory to store + * NOTE: test uses ./certs/crl/hash_pem/0fdb2da4.r0, which is a copy + * of crl.pem */ + ExpectNotNull((lookup = X509_STORE_add_lookup(store, + X509_LOOKUP_hash_dir()))); + ExpectIntEQ(X509_LOOKUP_ctrl(lookup, X509_L_ADD_DIR, caDir, + X509_FILETYPE_PEM, NULL), SSL_SUCCESS); + + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), + SSL_SUCCESS); + + /* Add CRL to store NOT containing the verified certificate, which + * forces use of the CRL lookup directory */ + ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE); + ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, + NULL, NULL)); + if (fp != XBADFILE) + XFCLOSE(fp); + ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); + + /* Create verification context outside of an SSL session */ + ExpectNotNull((storeCtx = X509_STORE_CTX_new())); + ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); + + /* Perform verification, which should NOT indicate CRL missing due to the + * store CM's X509 store pointer being NULL */ + ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING)); + + X509_CRL_free(crl); + X509_STORE_free(store); + X509_STORE_CTX_free(storeCtx); + X509_free(cert); + X509_free(ca); +#endif + return EXPECT_RESULT(); +} + +/* Test of X509 store use outside of SSL context w/ CRL lookup, but + * with X509_LOOKUP_add_dir and X509_FILETYPE_ASN1. */ +static int test_X509_LOOKUP_add_dir(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(WOLFSSL_CERT_GEN) && \ + (defined(WOLFSSL_CERT_REQ) || defined(WOLFSSL_CERT_EXT)) && \ + !defined(NO_FILESYSTEM) && !defined(NO_WOLFSSL_DIR) && \ + (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \ + defined(HAVE_CRL) && !defined(NO_RSA) + + X509_STORE * store = NULL; + X509_STORE_CTX * storeCtx = NULL; + X509_CRL * crl = NULL; + X509 * ca = NULL; + X509 * cert = NULL; + const char cliCrlPem[] = "./certs/crl/cliCrl.pem"; + const char srvCert[] = "./certs/server-cert.pem"; + const char caCert[] = "./certs/ca-cert.pem"; + const char caDir[] = "./certs/crl/hash_der"; + XFILE fp = XBADFILE; + X509_LOOKUP * lookup = NULL; + + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + + /* Set up store with CA */ + ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); + + /* Add CRL lookup directory to store. + * Test uses ./certs/crl/hash_der/0fdb2da4.r0, which is a copy + * of crl.der */ + ExpectNotNull((lookup = X509_STORE_add_lookup(store, + X509_LOOKUP_hash_dir()))); + + ExpectIntEQ(X509_LOOKUP_add_dir(lookup, caDir, X509_FILETYPE_ASN1), + SSL_SUCCESS); + + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), + SSL_SUCCESS); + + /* Add CRL to store NOT containing the verified certificate, which + * forces use of the CRL lookup directory */ + ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE); + ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, + NULL, NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); + + /* Create verification context outside of an SSL session */ + ExpectNotNull((storeCtx = X509_STORE_CTX_new())); + ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); + + /* Perform verification, which should NOT return CRL missing */ + ExpectIntNE(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(CRL_MISSING)); + + X509_CRL_free(crl); + crl = NULL; + X509_STORE_free(store); + store = NULL; + X509_STORE_CTX_free(storeCtx); + storeCtx = NULL; + X509_free(cert); + cert = NULL; + X509_free(ca); + ca = NULL; + + /* Now repeat the same, but look for X509_FILETYPE_PEM. + * We should get CRL_MISSING at the end, because the lookup + * dir has only ASN1 CRLs. */ + + ExpectNotNull(store = (X509_STORE *)X509_STORE_new()); + + ExpectNotNull((ca = wolfSSL_X509_load_certificate_file(caCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_add_cert(store, ca), SSL_SUCCESS); + + ExpectNotNull((lookup = X509_STORE_add_lookup(store, + X509_LOOKUP_hash_dir()))); + + ExpectIntEQ(X509_LOOKUP_add_dir(lookup, caDir, X509_FILETYPE_PEM), + SSL_SUCCESS); + + ExpectIntEQ(X509_STORE_set_flags(store, X509_V_FLAG_CRL_CHECK), + SSL_SUCCESS); + + ExpectTrue((fp = XFOPEN(cliCrlPem, "rb")) != XBADFILE); + ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, + NULL, NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntEQ(X509_STORE_add_crl(store, crl), SSL_SUCCESS); + + ExpectNotNull((storeCtx = X509_STORE_CTX_new())); + ExpectNotNull((cert = wolfSSL_X509_load_certificate_file(srvCert, + SSL_FILETYPE_PEM))); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, cert, NULL), SSL_SUCCESS); + + /* Now we SHOULD get CRL_MISSING, because we looked for PEM + * in dir containing only ASN1/DER. */ + ExpectIntEQ(X509_verify_cert(storeCtx), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(X509_STORE_CTX_get_error(storeCtx), + X509_V_ERR_UNABLE_TO_GET_CRL); + + X509_CRL_free(crl); + X509_STORE_free(store); + X509_STORE_CTX_free(storeCtx); + X509_free(cert); + X509_free(ca); +#endif + return EXPECT_RESULT(); +} + + + +/*----------------------------------------------------------------------------* + | Certificate Failure Checks + *----------------------------------------------------------------------------*/ +#if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ + !defined(WOLFSSL_NO_CLIENT_AUTH)) && !defined(NO_FILESYSTEM) +#if (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_SHA256) +/* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */ +#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION +static int verify_sig_cm(const char* ca, byte* cert_buf, size_t cert_sz, + int type) +{ + int ret; + WOLFSSL_CERT_MANAGER* cm = NULL; + + switch (type) { + case TESTING_RSA: + #ifdef NO_RSA + fprintf(stderr, "RSA disabled, skipping test\n"); + return ASN_SIG_CONFIRM_E; + #else + break; + #endif + case TESTING_ECC: + #ifndef HAVE_ECC + fprintf(stderr, "ECC disabled, skipping test\n"); + return ASN_SIG_CONFIRM_E; + #else + break; + #endif + default: + fprintf(stderr, "Bad function argument\n"); + return BAD_FUNC_ARG; + } + cm = wolfSSL_CertManagerNew(); + if (cm == NULL) { + fprintf(stderr, "wolfSSL_CertManagerNew failed\n"); + return -1; + } + +#ifndef NO_FILESYSTEM + ret = wolfSSL_CertManagerLoadCA(cm, ca, 0); + if (ret != WOLFSSL_SUCCESS) { + fprintf(stderr, "wolfSSL_CertManagerLoadCA failed\n"); + wolfSSL_CertManagerFree(cm); + return ret; + } +#else + (void)ca; +#endif + + ret = wolfSSL_CertManagerVerifyBuffer(cm, cert_buf, (long int)cert_sz, + WOLFSSL_FILETYPE_ASN1); + /* Let ExpectIntEQ handle return code */ + + wolfSSL_CertManagerFree(cm); + + return ret; +} + + +#if !defined(NO_FILESYSTEM) +static int test_RsaSigFailure_cm(void) +{ + EXPECT_DECLS; +#ifndef NO_RSA +#ifdef WOLFSSL_PEM_TO_DER + const char* ca_cert = "./certs/ca-cert.pem"; +#else + const char* ca_cert = "./certs/ca-cert.der"; +#endif + const char* server_cert = "./certs/server-cert.der"; + byte* cert_buf = NULL; + size_t cert_sz = 0; + + ExpectIntEQ(load_file(server_cert, &cert_buf, &cert_sz), 0); + if ((cert_buf != NULL) && (cert_sz > 0)) { + /* corrupt DER - invert last byte, which is signature */ + cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1]; + /* test bad cert */ +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); +#elif defined(NO_ASN_CRYPT) + /* RSA verify is not called when ASN crypt support is disabled */ + ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA), + WOLFSSL_SUCCESS); +#else + ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_RSA), + WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E)); +#endif + } + + /* load_file() uses malloc. */ + if (cert_buf != NULL) { + free(cert_buf); + } +#endif /* !NO_RSA */ + return EXPECT_RESULT(); +} + +static int test_EccSigFailure_cm(void) +{ + EXPECT_DECLS; +#ifdef HAVE_ECC + /* self-signed ECC cert, so use server cert as CA */ +#ifdef WOLFSSL_PEM_TO_DER + const char* ca_cert = "./certs/ca-ecc-cert.pem"; +#else + const char* ca_cert = "./certs/ca-ecc-cert.der"; +#endif + const char* server_cert = "./certs/server-ecc.der"; + byte* cert_buf = NULL; + size_t cert_sz = 0; + + ExpectIntEQ(load_file(server_cert, &cert_buf, &cert_sz), 0); + if (cert_buf != NULL && cert_sz > 0) { + /* corrupt DER - invert last byte, which is signature */ + cert_buf[cert_sz-1] = ~cert_buf[cert_sz-1]; + + /* test bad cert */ +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); +#elif defined(NO_ASN_CRYPT) + /* ECC verify is not called when ASN crypt support is disabled */ + ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC), + WOLFSSL_SUCCESS); +#else + ExpectIntEQ(verify_sig_cm(ca_cert, cert_buf, cert_sz, TESTING_ECC), + WC_NO_ERR_TRACE(ASN_SIG_CONFIRM_E)); +#endif + } + + /* load_file() uses malloc. */ + if (cert_buf != NULL) { + free(cert_buf); + } +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif +#endif /* HAVE_ECC */ + return EXPECT_RESULT(); +} +#endif /* !NO_FILESYSTEM */ +#endif /* !WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION*/ +#endif /* !NO_RSA || HAVE_ECC */ +#endif /* NO_CERTS */ + +#if defined(HAVE_PK_CALLBACKS) && !defined(WOLFSSL_NO_TLS12) +#if !defined(NO_FILESYSTEM) && !defined(NO_DH) && \ + !defined(NO_AES) && defined(HAVE_AES_CBC) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +static int my_DhCallback(WOLFSSL* ssl, struct DhKey* key, + const unsigned char* priv, unsigned int privSz, + const unsigned char* pubKeyDer, unsigned int pubKeySz, + unsigned char* out, unsigned int* outlen, + void* ctx) +{ + int result; + /* Test fail when context associated with WOLFSSL is NULL */ + if (ctx == NULL) { + return -1; + } + + (void)ssl; + /* return 0 on success */ + PRIVATE_KEY_UNLOCK(); + result = wc_DhAgree(key, out, outlen, priv, privSz, pubKeyDer, pubKeySz); + PRIVATE_KEY_LOCK(); + return result; +} + +static int test_dh_ctx_setup(WOLFSSL_CTX* ctx) { + EXPECT_DECLS; + wolfSSL_CTX_SetDhAgreeCb(ctx, my_DhCallback); +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES128-SHA256"), + WOLFSSL_SUCCESS); +#endif +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) + ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx, "DHE-RSA-AES256-SHA256"), + WOLFSSL_SUCCESS); +#endif + return EXPECT_RESULT(); +} + +static int test_dh_ssl_setup(WOLFSSL* ssl) +{ + EXPECT_DECLS; + static int dh_test_ctx = 1; + int ret; + + wolfSSL_SetDhAgreeCtx(ssl, &dh_test_ctx); + ExpectIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), dh_test_ctx); + ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); + if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(SIDE_ERROR)) { + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + } + return EXPECT_RESULT(); +} + +static int test_dh_ssl_setup_fail(WOLFSSL* ssl) +{ + EXPECT_DECLS; + int ret; + + wolfSSL_SetDhAgreeCtx(ssl, NULL); + ExpectNull(wolfSSL_GetDhAgreeCtx(ssl)); + ret = wolfSSL_SetTmpDH_file(ssl, dhParamFile, WOLFSSL_FILETYPE_PEM); + if (ret != WOLFSSL_SUCCESS && ret != WC_NO_ERR_TRACE(SIDE_ERROR)) { + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + } + return EXPECT_RESULT(); +} +#endif + +static int test_DhCallbacks(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && !defined(NO_DH) && \ + !defined(NO_AES) && defined(HAVE_AES_CBC) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + int test; + test_ssl_cbf func_cb_client; + test_ssl_cbf func_cb_server; + + /* Test that DH callback APIs work. */ + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectIntEQ(wolfSSL_CTX_set_cipher_list(NULL, "NONE"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + wolfSSL_CTX_SetDhAgreeCb(ctx, &my_DhCallback); + /* load client ca cert */ + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), + WOLFSSL_SUCCESS); + /* test with NULL arguments */ + wolfSSL_SetDhAgreeCtx(NULL, &test); + ExpectNull(wolfSSL_GetDhAgreeCtx(NULL)); + /* test success case */ + test = 1; + ExpectNotNull(ssl = wolfSSL_new(ctx)); + wolfSSL_SetDhAgreeCtx(ssl, &test); + ExpectIntEQ(*((int*)wolfSSL_GetDhAgreeCtx(ssl)), test); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + + + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + /* set callbacks to use DH functions */ + func_cb_client.ctx_ready = &test_dh_ctx_setup; + func_cb_client.ssl_ready = &test_dh_ssl_setup; + func_cb_client.method = wolfTLSv1_2_client_method; + + func_cb_server.ctx_ready = &test_dh_ctx_setup; + func_cb_server.ssl_ready = &test_dh_ssl_setup; + func_cb_server.method = wolfTLSv1_2_server_method; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); + + /* Test fail */ + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + /* set callbacks to use DH functions */ + func_cb_client.ctx_ready = &test_dh_ctx_setup; + func_cb_client.ssl_ready = &test_dh_ssl_setup_fail; + func_cb_client.method = wolfTLSv1_2_client_method; + + func_cb_server.ctx_ready = &test_dh_ctx_setup; + func_cb_server.ssl_ready = &test_dh_ssl_setup_fail; + func_cb_server.method = wolfTLSv1_2_server_method; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), -1001); +#endif + return EXPECT_RESULT(); +} +#endif /* HAVE_PK_CALLBACKS */ + + +static int test_wolfSSL_X509_CRL(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) + X509_CRL *crl = NULL; + char pem[][100] = { + "./certs/crl/crl.pem", + "./certs/crl/crl2.pem", + "./certs/crl/caEccCrl.pem", + "./certs/crl/eccCliCRL.pem", + "./certs/crl/eccSrvCRL.pem", + "" + }; +#ifndef NO_BIO + BIO *bio = NULL; +#endif + +#ifdef HAVE_TEST_d2i_X509_CRL_fp + char der[][100] = { + "./certs/crl/crl.der", + "./certs/crl/crl2.der", + ""}; +#endif + + XFILE fp = XBADFILE; + int i; + + for (i = 0; pem[i][0] != '\0'; i++) + { + ExpectTrue((fp = XFOPEN(pem[i], "rb")) != XBADFILE); + ExpectNotNull(crl = (X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, + NULL, NULL)); + ExpectNotNull(crl); + X509_CRL_free(crl); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectTrue((fp = XFOPEN(pem[i], "rb")) != XBADFILE); + ExpectNotNull((X509_CRL *)PEM_read_X509_CRL(fp, (X509_CRL **)&crl, NULL, + NULL)); + if (EXPECT_FAIL()) { + crl = NULL; + } + ExpectNotNull(crl); + X509_CRL_free(crl); + crl = NULL; + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + } + +#ifndef NO_BIO + for (i = 0; pem[i][0] != '\0'; i++) + { + ExpectNotNull(bio = BIO_new_file(pem[i], "rb")); + ExpectNotNull(crl = PEM_read_bio_X509_CRL(bio, NULL, NULL, NULL)); + X509_CRL_free(crl); + crl = NULL; + BIO_free(bio); + bio = NULL; + } +#endif + +#ifdef HAVE_TEST_d2i_X509_CRL_fp + for (i = 0; der[i][0] != '\0'; i++) { + ExpectTrue((fp = XFOPEN(der[i], "rb")) != XBADFILE); + ExpectTrue((fp != XBADFILE)); + ExpectNotNull(crl = (X509_CRL *)d2i_X509_CRL_fp((fp, X509_CRL **)NULL)); + ExpectNotNull(crl); + X509_CRL_free(crl); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + fp = XFOPEN(der[i], "rb"); + ExpectTrue((fp != XBADFILE)); + ExpectNotNull((X509_CRL *)d2i_X509_CRL_fp(fp, (X509_CRL **)&crl)); + if (EXPECT_FAIL()) { + crl = NULL; + } + ExpectNotNull(crl); + X509_CRL_free(crl); + crl = NULL; + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + } +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_load_crl_file(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_BIO) && \ + !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) + int i; + char pem[][100] = { + "./certs/crl/crl.pem", + "./certs/crl/crl2.pem", + "./certs/crl/caEccCrl.pem", + "./certs/crl/eccCliCRL.pem", + "./certs/crl/eccSrvCRL.pem", + #ifdef WC_RSA_PSS + "./certs/crl/crl_rsapss.pem", + #endif + "" + }; + char der[][100] = { + "./certs/crl/crl.der", + "./certs/crl/crl2.der", + "" + }; + WOLFSSL_X509_STORE* store = NULL; + WOLFSSL_X509_LOOKUP* lookup = NULL; + + ExpectNotNull(store = wolfSSL_X509_STORE_new()); + ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); + + ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", + X509_FILETYPE_PEM), 1); +#ifdef WC_RSA_PSS + ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/rsapss/ca-rsapss.pem", + X509_FILETYPE_PEM), 1); +#endif + ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", + X509_FILETYPE_PEM), 1); + if (store) { + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), 1); + /* since store hasn't yet known the revoked cert*/ + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, + "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1); + } + + ExpectIntEQ(X509_load_crl_file(lookup, pem[0], 0), 0); + for (i = 0; pem[i][0] != '\0'; i++) { + ExpectIntEQ(X509_load_crl_file(lookup, pem[i], WOLFSSL_FILETYPE_PEM), + 1); + } + + if (store) { + /* since store knows crl list */ + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, + "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), + WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); +#ifdef WC_RSA_PSS + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, + "certs/rsapss/server-rsapss-cert.pem", WOLFSSL_FILETYPE_PEM), + WC_NO_ERR_TRACE(ASN_NO_SIGNER_E)); +#endif + } + /* once feeing store */ + X509_STORE_free(store); + store = NULL; + + ExpectNotNull(store = wolfSSL_X509_STORE_new()); + ExpectNotNull(lookup = X509_STORE_add_lookup(store, X509_LOOKUP_file())); + + ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/ca-cert.pem", + X509_FILETYPE_PEM), 1); + ExpectIntEQ(X509_LOOKUP_load_file(lookup, "certs/server-revoked-cert.pem", + X509_FILETYPE_PEM), 1); + if (store) { + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, svrCertFile, + WOLFSSL_FILETYPE_PEM), 1); + /* since store hasn't yet known the revoked cert*/ + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, + "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), 1); + } + + for (i = 0; der[i][0] != '\0'; i++) { + ExpectIntEQ(X509_load_crl_file(lookup, der[i], WOLFSSL_FILETYPE_ASN1), + 1); + } + + if (store) { + /* since store knows crl list */ + ExpectIntEQ(wolfSSL_CertManagerVerify(store->cm, + "certs/server-revoked-cert.pem", WOLFSSL_FILETYPE_PEM), + WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); + } + + /* test for incorrect parameter */ + ExpectIntEQ(X509_load_crl_file(NULL, pem[0], 0), 0); + ExpectIntEQ(X509_load_crl_file(lookup, NULL, 0), 0); + ExpectIntEQ(X509_load_crl_file(NULL, NULL, 0), 0); + + X509_STORE_free(store); + store = NULL; +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_i2d_X509(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_RSA) + const unsigned char* cert_buf = server_cert_der_2048; + unsigned char* out = NULL; + unsigned char* tmp = NULL; + const unsigned char* nullPtr = NULL; + const unsigned char notCert[2] = { 0x30, 0x00 }; + const unsigned char* notCertPtr = notCert; + X509* cert = NULL; + + ExpectNull(d2i_X509(NULL, NULL, sizeof_server_cert_der_2048)); + ExpectNull(d2i_X509(NULL, &nullPtr, sizeof_server_cert_der_2048)); + ExpectNull(d2i_X509(NULL, &cert_buf, 0)); + ExpectNull(d2i_X509(NULL, ¬CertPtr, sizeof(notCert))); + ExpectNotNull(d2i_X509(&cert, &cert_buf, sizeof_server_cert_der_2048)); + /* Pointer should be advanced */ + ExpectPtrGT(cert_buf, server_cert_der_2048); + ExpectIntGT(i2d_X509(cert, &out), 0); + ExpectNotNull(out); + tmp = out; + ExpectIntGT(i2d_X509(cert, &tmp), 0); + ExpectPtrGT(tmp, out); +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) + ExpectIntEQ(wolfSSL_PEM_write_X509(XBADFILE, NULL), 0); + ExpectIntEQ(wolfSSL_PEM_write_X509(XBADFILE, cert), 0); + ExpectIntEQ(wolfSSL_PEM_write_X509(stderr, cert), 1); +#endif + + XFREE(out, NULL, DYNAMIC_TYPE_OPENSSL); + X509_free(cert); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_d2i_X509_REQ(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && !defined(NO_BIO) && \ + (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \ + !defined(WOLFSSL_SP_MATH) + /* ./certs/csr.signed.der, ./certs/csr.ext.der, and ./certs/csr.attr.der + * were generated by libest + * ./certs/csr.attr.der contains sample attributes + * ./certs/csr.ext.der contains sample extensions */ + const char* csrFile = "./certs/csr.signed.der"; + const char* csrPopFile = "./certs/csr.attr.der"; + const char* csrExtFile = "./certs/csr.ext.der"; + /* ./certs/csr.dsa.pem is generated using + * openssl req -newkey dsa:certs/dsaparams.pem \ + * -keyout certs/csr.dsa.key.pem -keyform PEM -out certs/csr.dsa.pem \ + * -outform PEM + * with the passphrase "wolfSSL" + */ +#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) + const char* csrDsaFile = "./certs/csr.dsa.pem"; + XFILE f = XBADFILE; +#endif + BIO* bio = NULL; + X509* req = NULL; + EVP_PKEY *pub_key = NULL; + + { + ExpectNotNull(bio = BIO_new_file(csrFile, "rb")); + ExpectNotNull(d2i_X509_REQ_bio(bio, &req)); + + /* + * Extract the public key from the CSR + */ + ExpectNotNull(pub_key = X509_REQ_get_pubkey(req)); + + /* + * Verify the signature in the CSR + */ + ExpectIntEQ(X509_REQ_verify(req, pub_key), 1); + + X509_free(req); + req = NULL; + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pub_key); + pub_key = NULL; + } + { + X509_REQ* empty = NULL; +#ifdef OPENSSL_ALL + X509_ATTRIBUTE* attr = NULL; + ASN1_TYPE *at = NULL; +#endif + + ExpectNotNull(empty = wolfSSL_X509_REQ_new()); + ExpectNotNull(bio = BIO_new_file(csrPopFile, "rb")); + ExpectNotNull(d2i_X509_REQ_bio(bio, &req)); + + /* + * Extract the public key from the CSR + */ + ExpectNotNull(pub_key = X509_REQ_get_pubkey(req)); + + /* + * Verify the signature in the CSR + */ + ExpectIntEQ(X509_REQ_verify(req, pub_key), 1); + + ExpectIntEQ(wolfSSL_X509_REQ_get_attr_count(NULL), 0); + ExpectIntEQ(wolfSSL_X509_REQ_get_attr_count(empty), 0); +#ifdef OPENSSL_ALL + ExpectIntEQ(wolfSSL_X509_REQ_get_attr_count(req), 2); +#else + ExpectIntEQ(wolfSSL_X509_REQ_get_attr_count(req), 0); +#endif +#ifdef OPENSSL_ALL + /* + * Obtain the challenge password from the CSR + */ + ExpectIntEQ(X509_REQ_get_attr_by_NID(NULL, NID_pkcs9_challengePassword, + -1), -1); + ExpectIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, + -1), 1); + ExpectNull(X509_REQ_get_attr(NULL, 3)); + ExpectNull(X509_REQ_get_attr(req, 3)); + ExpectNull(X509_REQ_get_attr(NULL, 0)); + ExpectNull(X509_REQ_get_attr(empty, 0)); + ExpectNotNull(attr = X509_REQ_get_attr(req, 1)); + ExpectNull(X509_ATTRIBUTE_get0_type(NULL, 1)); + ExpectNull(X509_ATTRIBUTE_get0_type(attr, 1)); + ExpectNull(X509_ATTRIBUTE_get0_type(NULL, 0)); + ExpectNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0)); + ExpectNotNull(at->value.asn1_string); + ExpectStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), + "2xIE+qqp/rhyTXP+"); + ExpectIntEQ(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), -1); +#endif + + X509_free(req); + req = NULL; + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pub_key); + pub_key = NULL; + wolfSSL_X509_REQ_free(empty); + } + { +#ifdef OPENSSL_ALL + X509_ATTRIBUTE* attr = NULL; + ASN1_TYPE *at = NULL; + STACK_OF(X509_EXTENSION) *exts = NULL; +#endif + ExpectNotNull(bio = BIO_new_file(csrExtFile, "rb")); + /* This CSR contains an Extension Request attribute so + * we test extension parsing in a CSR attribute here. */ + ExpectNotNull(d2i_X509_REQ_bio(bio, &req)); + + /* + * Extract the public key from the CSR + */ + ExpectNotNull(pub_key = X509_REQ_get_pubkey(req)); + + /* + * Verify the signature in the CSR + */ + ExpectIntEQ(X509_REQ_verify(req, pub_key), 1); + +#ifdef OPENSSL_ALL + ExpectNotNull(exts = (STACK_OF(X509_EXTENSION)*)X509_REQ_get_extensions( + req)); + ExpectIntEQ(sk_X509_EXTENSION_num(exts), 2); + sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); + /* + * Obtain the challenge password from the CSR + */ + ExpectIntEQ(X509_REQ_get_attr_by_NID(req, NID_pkcs9_challengePassword, + -1), 0); + ExpectNotNull(attr = X509_REQ_get_attr(req, 0)); + ExpectNotNull(at = X509_ATTRIBUTE_get0_type(attr, 0)); + ExpectNotNull(at->value.asn1_string); + ExpectStrEQ((char*)ASN1_STRING_data(at->value.asn1_string), "IGCu/xNL4/0/wOgo"); + ExpectIntGE(X509_get_ext_by_NID(req, NID_key_usage, -1), 0); + ExpectIntGE(X509_get_ext_by_NID(req, NID_subject_alt_name, -1), 0); +#endif + + X509_free(req); + req = NULL; + BIO_free(bio); + bio = NULL; + EVP_PKEY_free(pub_key); + pub_key = NULL; + } +#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) + { + ExpectNotNull(bio = BIO_new_file(csrDsaFile, "rb")); + ExpectNotNull(PEM_read_bio_X509_REQ(bio, &req, NULL, NULL)); + + /* + * Extract the public key from the CSR + */ + ExpectNotNull(pub_key = X509_REQ_get_pubkey(req)); + + /* + * Verify the signature in the CSR + */ + ExpectIntEQ(X509_REQ_verify(req, pub_key), 1); + + X509_free(req); + req = NULL; + BIO_free(bio); + + /* Run the same test, but with a file pointer instead of a BIO. + * (PEM_read_X509_REQ)*/ + ExpectTrue((f = XFOPEN(csrDsaFile, "rb")) != XBADFILE); + ExpectNull(PEM_read_X509_REQ(XBADFILE, &req, NULL, NULL)); + if (EXPECT_SUCCESS()) + ExpectNotNull(PEM_read_X509_REQ(f, &req, NULL, NULL)); + else if (f != XBADFILE) + XFCLOSE(f); + ExpectIntEQ(X509_REQ_verify(req, pub_key), 1); + + X509_free(req); + EVP_PKEY_free(pub_key); + } +#endif /* !NO_DSA && !HAVE_SELFTEST */ +#endif /* WOLFSSL_CERT_REQ && (OPENSSL_ALL || OPENSSL_EXTRA) */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_read_X509(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_CRL) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) + X509 *x509 = NULL; + XFILE fp = XBADFILE; + + ExpectTrue((fp = XFOPEN(svrCertFile, "rb")) != XBADFILE); + ExpectNotNull(x509 = (X509 *)PEM_read_X509(fp, (X509 **)NULL, NULL, NULL)); + X509_free(x509); + if (fp != XBADFILE) + XFCLOSE(fp); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_read(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_BIO) + const char* filename = "./certs/server-keyEnc.pem"; + XFILE fp = XBADFILE; + char* name = NULL; + char* header = NULL; + byte* data = NULL; + long len; + EVP_CIPHER_INFO cipher; + WOLFSSL_BIO* bio = NULL; + byte* fileData = NULL; + size_t fileDataSz = 0; + byte* out; + + ExpectNotNull(bio = BIO_new_file(filename, "rb")); + ExpectIntEQ(PEM_read_bio(bio, NULL, &header, &data, &len), 0); + ExpectIntEQ(PEM_read_bio(bio, &name, NULL, &data, &len), 0); + ExpectIntEQ(PEM_read_bio(bio, &name, &header, NULL, &len), 0); + ExpectIntEQ(PEM_read_bio(bio, &name, &header, &data, NULL), 0); + + ExpectIntEQ(PEM_read_bio(bio, &name, &header, &data, &len), 1); + ExpectIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0); + ExpectIntGT(XSTRLEN(header), 0); + ExpectIntGT(len, 0); + XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER); + name = NULL; + XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); + header = NULL; + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + data = NULL; + BIO_free(bio); + bio = NULL; + + ExpectTrue((fp = XFOPEN(filename, "rb")) != XBADFILE); + + /* Fail cases. */ + ExpectIntEQ(PEM_read(fp, NULL, &header, &data, &len), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_read(fp, &name, NULL, &data, &len), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_read(fp, &name, &header, NULL, &len), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_read(fp, &name, &header, &data, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS); + + ExpectIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0); + ExpectIntGT(XSTRLEN(header), 0); + ExpectIntGT(len, 0); + + ExpectIntEQ(XFSEEK(fp, 0, SEEK_END), 0); + ExpectIntGT((fileDataSz = XFTELL(fp)), 0); + ExpectIntEQ(XFSEEK(fp, 0, SEEK_SET), 0); + ExpectNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + + /* Fail cases. */ + ExpectIntEQ(PEM_write_bio(NULL, name, header, data, len), 0); + ExpectIntEQ(PEM_write_bio(bio, NULL, header, data, len), 0); + ExpectIntEQ(PEM_write_bio(bio, name, NULL, data, len), 0); + ExpectIntEQ(PEM_write_bio(bio, name, header, NULL, len), 0); + + ExpectIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz); + ExpectIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz); + ExpectIntEQ(XMEMCMP(out, fileData, fileDataSz), 0); + + /* Fail cases. */ + ExpectIntEQ(PEM_write(XBADFILE, name, header, data, len), 0); + ExpectIntEQ(PEM_write(stderr, NULL, header, data, len), 0); + ExpectIntEQ(PEM_write(stderr, name, NULL, data, len), 0); + ExpectIntEQ(PEM_write(stderr, name, header, NULL, len), 0); + /* Pass case */ + ExpectIntEQ(PEM_write(stderr, name, header, data, len), fileDataSz); + + XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER); + name = NULL; + XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); + header = NULL; + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + data = NULL; + /* Read out of a fixed buffer BIO - forces malloc in PEM_read_bio. */ + ExpectIntEQ(PEM_read_bio(bio, &name, &header, &data, &len), 1); + ExpectIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0); + ExpectIntGT(XSTRLEN(header), 0); + ExpectIntGT(len, 0); + + /* Fail cases. */ + ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(NULL, &cipher), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(header, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_get_EVP_CIPHER_INFO((char*)"", &cipher), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + +#ifndef NO_DES3 + ExpectIntEQ(PEM_get_EVP_CIPHER_INFO(header, &cipher), WOLFSSL_SUCCESS); +#endif + + /* Fail cases. */ + ExpectIntEQ(PEM_do_header(NULL, data, &len, PasswordCallBack, + (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_do_header(&cipher, NULL, &len, PasswordCallBack, + (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_do_header(&cipher, data, NULL, PasswordCallBack, + (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(PEM_do_header(&cipher, data, &len, NULL, + (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(PEM_do_header(&cipher, data, &len, NoPasswordCallBack, + (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#if !defined(NO_DES3) && !defined(NO_MD5) + ExpectIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack, + (void*)"yassl123"), WOLFSSL_SUCCESS); +#else + ExpectIntEQ(PEM_do_header(&cipher, data, &len, PasswordCallBack, + (void*)"yassl123"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + + BIO_free(bio); + bio = NULL; + XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER); + fileData = NULL; + XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + name = NULL; + header = NULL; + data = NULL; + ExpectTrue((fp = XFOPEN(svrKeyFile, "rb")) != XBADFILE); + ExpectIntEQ(PEM_read(fp, &name, &header, &data, &len), WOLFSSL_SUCCESS); + ExpectIntEQ(XSTRNCMP(name, "RSA PRIVATE KEY", 15), 0); + ExpectIntEQ(XSTRLEN(header), 0); + ExpectIntGT(len, 0); + + ExpectIntEQ(XFSEEK(fp, 0, SEEK_END), 0); + ExpectIntGT((fileDataSz = XFTELL(fp)), 0); + ExpectIntEQ(XFSEEK(fp, 0, SEEK_SET), 0); + ExpectNotNull(fileData = (unsigned char*)XMALLOC(fileDataSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(XFREAD(fileData, 1, fileDataSz, fp), fileDataSz); + if (fp != XBADFILE) + XFCLOSE(fp); + + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + ExpectIntEQ(PEM_write_bio(bio, name, header, data, len), fileDataSz); + ExpectIntEQ(wolfSSL_BIO_get_mem_data(bio, &out), fileDataSz); + ExpectIntEQ(XMEMCMP(out, fileData, fileDataSz), 0); + + BIO_free(bio); + XFREE(fileData, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(name, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(header, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(data, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfssl_EVP_aes_gcm_AAD_2_parts(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ + !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + const byte iv[12] = { 0 }; + const byte key[16] = { 0 }; + const byte cleartext[16] = { 0 }; + const byte aad[] = { + 0x01, 0x10, 0x00, 0x2a, 0x08, 0x00, 0x04, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, + 0x00, 0x00, 0xdc, 0x4d, 0xad, 0x6b, 0x06, 0x93, + 0x4f + }; + byte out1Part[16]; + byte outTag1Part[16]; + byte out2Part[16]; + byte outTag2Part[16]; + byte decryptBuf[16]; + int len = 0; + int tlen; + EVP_CIPHER_CTX* ctx = NULL; + + /* ENCRYPT */ + /* Send AAD and data in 1 part */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + tlen = 0; + ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), + 1); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1); + ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1); + ExpectIntEQ(EVP_EncryptUpdate(ctx, out1Part, &len, cleartext, + sizeof(cleartext)), 1); + tlen += len; + ExpectIntEQ(EVP_EncryptFinal_ex(ctx, out1Part, &len), 1); + tlen += len; + ExpectIntEQ(tlen, sizeof(cleartext)); + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, + outTag1Part), 1); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* DECRYPT */ + /* Send AAD and data in 1 part */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + tlen = 0; + ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), + 1); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1); + ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, sizeof(aad)), 1); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, + sizeof(cleartext)), 1); + tlen += len; + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, + outTag1Part), 1); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf, &len), 1); + tlen += len; + ExpectIntEQ(tlen, sizeof(cleartext)); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + ExpectIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0); + + /* ENCRYPT */ + /* Send AAD and data in 2 parts */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + tlen = 0; + ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), + 1); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), 1); + ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad, 1), 1); + ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), + 1); + ExpectIntEQ(EVP_EncryptUpdate(ctx, out2Part, &len, cleartext, 1), 1); + tlen += len; + ExpectIntEQ(EVP_EncryptUpdate(ctx, out2Part + tlen, &len, cleartext + 1, + sizeof(cleartext) - 1), 1); + tlen += len; + ExpectIntEQ(EVP_EncryptFinal_ex(ctx, out2Part + tlen, &len), 1); + tlen += len; + ExpectIntEQ(tlen, sizeof(cleartext)); + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, 16, + outTag2Part), 1); + + ExpectIntEQ(XMEMCMP(out1Part, out2Part, sizeof(out1Part)), 0); + ExpectIntEQ(XMEMCMP(outTag1Part, outTag2Part, sizeof(outTag1Part)), 0); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* DECRYPT */ + /* Send AAD and data in 2 parts */ + ExpectNotNull(ctx = EVP_CIPHER_CTX_new()); + tlen = 0; + ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_aes_128_gcm(), NULL, NULL, NULL), + 1); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), 1); + ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad, 1), 1); + ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &len, aad + 1, sizeof(aad) - 1), + 1); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptBuf, &len, out1Part, 1), 1); + tlen += len; + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptBuf + tlen, &len, out1Part + 1, + sizeof(cleartext) - 1), 1); + tlen += len; + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, + outTag1Part), 1); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptBuf + tlen, &len), 1); + tlen += len; + ExpectIntEQ(tlen, sizeof(cleartext)); + + ExpectIntEQ(XMEMCMP(decryptBuf, cleartext, len), 0); + + /* Test AAD reuse */ + EVP_CIPHER_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfssl_EVP_aes_gcm_zeroLen(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ + !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256) + /* Zero length plain text */ + byte key[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte iv[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte plaintxt[1]; + int ivSz = 12; + int plaintxtSz = 0; + unsigned char tag[16]; + unsigned char tag_kat[] = { + 0x53,0x0f,0x8a,0xfb,0xc7,0x45,0x36,0xb9, + 0xa9,0x63,0xb4,0xf1,0xc4,0xcb,0x73,0x8b + }; + + byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; + byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + + EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); + + ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_gcm(), NULL, key, iv)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, + plaintxtSz)); + ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); + ciphertxtSz += len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag)); + ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); + + ExpectIntEQ(0, ciphertxtSz); + ExpectIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag))); + + EVP_CIPHER_CTX_init(de); + ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_gcm(), NULL, key, iv)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); + decryptedtxtSz = len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag)); + ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); + decryptedtxtSz += len; + ExpectIntEQ(0, decryptedtxtSz); + + EVP_CIPHER_CTX_free(en); + EVP_CIPHER_CTX_free(de); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfssl_EVP_aes_gcm(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ + !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + /* A 256 bit key, AES_128 will use the first 128 bit*/ + byte *key = (byte*)"01234567890123456789012345678901"; + /* A 128 bit IV */ + byte *iv = (byte*)"0123456789012345"; + int ivSz = AES_BLOCK_SIZE; + /* Message to be encrypted */ + byte *plaintxt = (byte*)"for things to change you have to change"; + /* Additional non-confidential data */ + byte *aad = (byte*)"Don't spend major time on minor things."; + + unsigned char tag[AES_BLOCK_SIZE] = {0}; + int plaintxtSz = (int)XSTRLEN((char*)plaintxt); + int aadSz = (int)XSTRLEN((char*)aad); + byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; + byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + int i = 0; + EVP_CIPHER_CTX en[2]; + EVP_CIPHER_CTX de[2]; + + for (i = 0; i < 2; i++) { + EVP_CIPHER_CTX_init(&en[i]); + if (i == 0) { + /* Default uses 96-bits IV length */ +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, + key, iv)); +#endif + } + else { +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_gcm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_gcm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_gcm(), NULL, + NULL, NULL)); +#endif + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); + } + ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, + plaintxtSz)); + ciphertxtSz = len; + ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); + ciphertxtSz += len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, + AES_BLOCK_SIZE, tag)); + wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]); + + EVP_CIPHER_CTX_init(&de[i]); + if (i == 0) { + /* Default uses 96-bits IV length */ +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, + key, iv)); +#endif + } + else { +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, + NULL, NULL)); +#endif + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); + + } + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + decryptedtxtSz = len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, + AES_BLOCK_SIZE, tag)); + ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + decryptedtxtSz += len; + ExpectIntEQ(ciphertxtSz, decryptedtxtSz); + ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); + + /* modify tag*/ + if (i == 0) { + /* Default uses 96-bits IV length */ +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, + key, iv)); +#endif + } + else { +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_gcm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_gcm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_gcm(), NULL, + NULL, NULL)); +#endif + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); + + } + tag[AES_BLOCK_SIZE-1]+=0xBB; + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, + AES_BLOCK_SIZE, tag)); + /* fail due to wrong tag */ + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + ExpectIntEQ(0, len); + + wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]); + } +#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */ + return EXPECT_RESULT(); +} + +static int test_wolfssl_EVP_aria_gcm(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(HAVE_ARIA) && \ + !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + + /* A 256 bit key, AES_128 will use the first 128 bit*/ + byte *key = (byte*)"01234567890123456789012345678901"; + /* A 128 bit IV */ + byte *iv = (byte*)"0123456789012345"; + int ivSz = ARIA_BLOCK_SIZE; + /* Message to be encrypted */ + const int plaintxtSz = 40; + byte plaintxt[WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(plaintxtSz)]; + XMEMCPY(plaintxt,"for things to change you have to change",plaintxtSz); + /* Additional non-confidential data */ + byte *aad = (byte*)"Don't spend major time on minor things."; + + unsigned char tag[ARIA_BLOCK_SIZE] = {0}; + int aadSz = (int)XSTRLEN((char*)aad); + byte ciphertxt[WC_ARIA_GCM_GET_CIPHERTEXT_SIZE(plaintxtSz)]; + byte decryptedtxt[plaintxtSz]; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + int i = 0; + #define TEST_ARIA_GCM_COUNT 6 + EVP_CIPHER_CTX en[TEST_ARIA_GCM_COUNT]; + EVP_CIPHER_CTX de[TEST_ARIA_GCM_COUNT]; + + for (i = 0; i < TEST_ARIA_GCM_COUNT; i++) { + + EVP_CIPHER_CTX_init(&en[i]); + switch (i) { + case 0: + /* Default uses 96-bits IV length */ + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_128_gcm(), NULL, key, iv)); + break; + case 1: + /* Default uses 96-bits IV length */ + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_192_gcm(), NULL, key, iv)); + break; + case 2: + /* Default uses 96-bits IV length */ + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_256_gcm(), NULL, key, iv)); + break; + case 3: + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_128_gcm(), NULL, NULL, NULL)); + /* non-default must to set the IV length first */ + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); + break; + case 4: + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_192_gcm(), NULL, NULL, NULL)); + /* non-default must to set the IV length first */ + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); + break; + case 5: + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aria_256_gcm(), NULL, NULL, NULL)); + /* non-default must to set the IV length first */ + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + AssertIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); + break; + } + XMEMSET(ciphertxt,0,sizeof(ciphertxt)); + AssertIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); + AssertIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, plaintxtSz)); + ciphertxtSz = len; + AssertIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); + AssertIntNE(0, XMEMCMP(plaintxt, ciphertxt, plaintxtSz)); + ciphertxtSz += len; + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, ARIA_BLOCK_SIZE, tag)); + AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1); + + EVP_CIPHER_CTX_init(&de[i]); + switch (i) { + case 0: + /* Default uses 96-bits IV length */ + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_128_gcm(), NULL, key, iv)); + break; + case 1: + /* Default uses 96-bits IV length */ + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_192_gcm(), NULL, key, iv)); + break; + case 2: + /* Default uses 96-bits IV length */ + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_256_gcm(), NULL, key, iv)); + break; + case 3: + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_128_gcm(), NULL, NULL, NULL)); + /* non-default must to set the IV length first */ + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); + break; + case 4: + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_192_gcm(), NULL, NULL, NULL)); + /* non-default must to set the IV length first */ + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); + break; + case 5: + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aria_256_gcm(), NULL, NULL, NULL)); + /* non-default must to set the IV length first */ + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + AssertIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); + break; + } + XMEMSET(decryptedtxt,0,sizeof(decryptedtxt)); + AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz)); + decryptedtxtSz = len; + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, ARIA_BLOCK_SIZE, tag)); + AssertIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + decryptedtxtSz += len; + AssertIntEQ(plaintxtSz, decryptedtxtSz); + AssertIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); + + XMEMSET(decryptedtxt,0,sizeof(decryptedtxt)); + /* modify tag*/ + tag[AES_BLOCK_SIZE-1]+=0xBB; + AssertIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + AssertIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, ARIA_BLOCK_SIZE, tag)); + /* fail due to wrong tag */ + AssertIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, ciphertxtSz)); + AssertIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + AssertIntEQ(0, len); + AssertIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1); + } + + res = TEST_RES_CHECK(1); +#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESGCM */ + return res; +} + +static int test_wolfssl_EVP_aes_ccm_zeroLen(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESCCM) && \ + !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256) + /* Zero length plain text */ + byte key[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte iv[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte plaintxt[1]; + int ivSz = 12; + int plaintxtSz = 0; + unsigned char tag[16]; + + byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; + byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + + EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); + + ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_aes_256_ccm(), NULL, key, iv)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); + ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, + plaintxtSz)); + ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); + ciphertxtSz += len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_GET_TAG, 16, tag)); + ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); + + ExpectIntEQ(0, ciphertxtSz); + + EVP_CIPHER_CTX_init(de); + ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_aes_256_ccm(), NULL, key, iv)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); + decryptedtxtSz = len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_TAG, 16, tag)); + ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); + decryptedtxtSz += len; + ExpectIntEQ(0, decryptedtxtSz); + + EVP_CIPHER_CTX_free(en); + EVP_CIPHER_CTX_free(de); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfssl_EVP_aes_ccm(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AESCCM) && \ + !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + /* A 256 bit key, AES_128 will use the first 128 bit*/ + byte *key = (byte*)"01234567890123456789012345678901"; + /* A 128 bit IV */ + byte *iv = (byte*)"0123456789012"; + int ivSz = (int)XSTRLEN((char*)iv); + /* Message to be encrypted */ + byte *plaintxt = (byte*)"for things to change you have to change"; + /* Additional non-confidential data */ + byte *aad = (byte*)"Don't spend major time on minor things."; + + unsigned char tag[AES_BLOCK_SIZE] = {0}; + int plaintxtSz = (int)XSTRLEN((char*)plaintxt); + int aadSz = (int)XSTRLEN((char*)aad); + byte ciphertxt[AES_BLOCK_SIZE * 4] = {0}; + byte decryptedtxt[AES_BLOCK_SIZE * 4] = {0}; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + int i = 0; + int ret; + EVP_CIPHER_CTX en[2]; + EVP_CIPHER_CTX de[2]; + + for (i = 0; i < 2; i++) { + EVP_CIPHER_CTX_init(&en[i]); + + if (i == 0) { + /* Default uses 96-bits IV length */ +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_ccm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_ccm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_ccm(), NULL, + key, iv)); +#endif + } + else { +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_128_ccm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_192_ccm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_aes_256_ccm(), NULL, + NULL, NULL)); +#endif + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); + } + ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, + plaintxtSz)); + ciphertxtSz = len; + ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); + ciphertxtSz += len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_GET_TAG, + AES_BLOCK_SIZE, tag)); + ret = wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]); + ExpectIntEQ(ret, 1); + + EVP_CIPHER_CTX_init(&de[i]); + if (i == 0) { + /* Default uses 96-bits IV length */ +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_ccm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_ccm(), NULL, + key, iv)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_ccm(), NULL, + key, iv)); +#endif + } + else { +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_128_ccm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_192) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_192_ccm(), NULL, + NULL, NULL)); +#elif defined(WOLFSSL_AES_256) + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_aes_256_ccm(), NULL, + NULL, NULL)); +#endif + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); + + } + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + decryptedtxtSz = len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, + AES_BLOCK_SIZE, tag)); + ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + decryptedtxtSz += len; + ExpectIntEQ(ciphertxtSz, decryptedtxtSz); + ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); + + /* modify tag*/ + tag[AES_BLOCK_SIZE-1]+=0xBB; + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, + AES_BLOCK_SIZE, tag)); + /* fail due to wrong tag */ + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + ExpectIntEQ(0, len); + ret = wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]); + ExpectIntEQ(ret, 1); + } +#endif /* OPENSSL_EXTRA && !NO_AES && HAVE_AESCCM */ + return EXPECT_RESULT(); +} + +static int test_wolfssl_EVP_chacha20_poly1305(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + byte key[CHACHA20_POLY1305_AEAD_KEYSIZE]; + byte iv [CHACHA20_POLY1305_AEAD_IV_SIZE]; + byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF}; + byte aad[] = {0xAA, 0XBB, 0xCC, 0xDD, 0xEE, 0xFF}; + byte cipherText[sizeof(plainText)]; + byte decryptedText[sizeof(plainText)]; + byte tag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; + EVP_CIPHER_CTX* ctx = NULL; + int outSz; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(iv, 0, sizeof(iv)); + + /* Encrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL, + NULL), WOLFSSL_SUCCESS); + /* Invalid IV length. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, + CHACHA20_POLY1305_AEAD_IV_SIZE-1, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Valid IV length. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, + CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS); + /* Invalid tag length. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Valid tag length. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_EncryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(aad)); + ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, + sizeof(plainText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(plainText)); + ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + /* Invalid tag length. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, + CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE-1, tag), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Valid tag length. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_GET_TAG, + CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* Decrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_chacha20_poly1305(), NULL, NULL, + NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_IVLEN, + CHACHA20_POLY1305_AEAD_IV_SIZE, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, tag), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, NULL, &outSz, aad, sizeof(aad)), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(aad)); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(cipherText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* Test partial Inits. CipherInit() allow setting of key and iv + * in separate calls. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_chacha20_poly1305(), + key, NULL, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_CipherUpdate(ctx, NULL, &outSz, + aad, sizeof(aad)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(aad)); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(cipherText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + EVP_CIPHER_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfssl_EVP_chacha20(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_CHACHA) + byte key[CHACHA_MAX_KEY_SZ]; + byte iv [WOLFSSL_EVP_CHACHA_IV_BYTES]; + byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF}; + byte cipherText[sizeof(plainText)]; + byte decryptedText[sizeof(plainText)]; + EVP_CIPHER_CTX* ctx = NULL; + int outSz; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(iv, 0, sizeof(iv)); + /* Encrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_chacha20(), NULL, NULL, + NULL), WOLFSSL_SUCCESS); + /* Any tag length must fail - not an AEAD cipher. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, + 16, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, + sizeof(plainText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(plainText)); + ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* Decrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_chacha20(), NULL, NULL, + NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(cipherText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + EVP_CIPHER_CTX_free(ctx); + ctx = NULL; + + /* Test partial Inits. CipherInit() allow setting of key and iv + * in separate calls. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_chacha20(), + key, NULL, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(cipherText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + EVP_CIPHER_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfssl_EVP_sm4_ecb(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_ECB) + EXPECT_DECLS; + byte key[SM4_KEY_SIZE]; + byte plainText[SM4_BLOCK_SIZE] = { + 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, + 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF + }; + byte cipherText[sizeof(plainText) + SM4_BLOCK_SIZE]; + byte decryptedText[sizeof(plainText) + SM4_BLOCK_SIZE]; + EVP_CIPHER_CTX* ctx; + int outSz; + + XMEMSET(key, 0, sizeof(key)); + + /* Encrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_sm4_ecb(), NULL, NULL, NULL), + WOLFSSL_SUCCESS); + /* Any tag length must fail - not an AEAD cipher. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, + sizeof(plainText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(plainText)); + ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText + outSz, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, SM4_BLOCK_SIZE); + ExpectBufNE(cipherText, plainText, sizeof(plainText)); + EVP_CIPHER_CTX_free(ctx); + + /* Decrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_sm4_ecb(), NULL, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(plainText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText + outSz, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); + EVP_CIPHER_CTX_free(ctx); + + res = EXPECT_RESULT(); +#endif + return res; +} + +static int test_wolfssl_EVP_sm4_cbc(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CBC) + EXPECT_DECLS; + byte key[SM4_KEY_SIZE]; + byte iv[SM4_BLOCK_SIZE]; + byte plainText[SM4_BLOCK_SIZE] = { + 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF, + 0xDE, 0xAD, 0xBE, 0xEF, 0xDE, 0xAD, 0xBE, 0xEF + }; + byte cipherText[sizeof(plainText) + SM4_BLOCK_SIZE]; + byte decryptedText[sizeof(plainText) + SM4_BLOCK_SIZE]; + EVP_CIPHER_CTX* ctx; + int outSz; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(iv, 0, sizeof(iv)); + + /* Encrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_sm4_cbc(), NULL, NULL, NULL), + WOLFSSL_SUCCESS); + /* Any tag length must fail - not an AEAD cipher. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, + sizeof(plainText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(plainText)); + ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText + outSz, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, SM4_BLOCK_SIZE); + ExpectBufNE(cipherText, plainText, sizeof(plainText)); + EVP_CIPHER_CTX_free(ctx); + + /* Decrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_sm4_cbc(), NULL, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(plainText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText + outSz, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); + EVP_CIPHER_CTX_free(ctx); + + /* Test partial Inits. CipherInit() allow setting of key and iv + * in separate calls. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_sm4_cbc(), key, NULL, 0), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 0), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(plainText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText + outSz, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); + EVP_CIPHER_CTX_free(ctx); + + res = EXPECT_RESULT(); +#endif + return res; +} + +static int test_wolfssl_EVP_sm4_ctr(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CTR) + EXPECT_DECLS; + byte key[SM4_KEY_SIZE]; + byte iv[SM4_BLOCK_SIZE]; + byte plainText[] = {0xDE, 0xAD, 0xBE, 0xEF}; + byte cipherText[sizeof(plainText)]; + byte decryptedText[sizeof(plainText)]; + EVP_CIPHER_CTX* ctx; + int outSz; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(iv, 0, sizeof(iv)); + + /* Encrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, EVP_sm4_ctr(), NULL, NULL, NULL), + WOLFSSL_SUCCESS); + /* Any tag length must fail - not an AEAD cipher. */ + ExpectIntEQ(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, 16, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_EncryptUpdate(ctx, cipherText, &outSz, plainText, + sizeof(plainText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(plainText)); + ExpectIntEQ(EVP_EncryptFinal_ex(ctx, cipherText, &outSz), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + ExpectBufNE(cipherText, plainText, sizeof(plainText)); + EVP_CIPHER_CTX_free(ctx); + + /* Decrypt. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, EVP_sm4_ctr(), NULL, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(cipherText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); + EVP_CIPHER_CTX_free(ctx); + + /* Test partial Inits. CipherInit() allow setting of key and iv + * in separate calls. */ + ExpectNotNull((ctx = EVP_CIPHER_CTX_new())); + ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, EVP_sm4_ctr(), key, NULL, 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EVP_CipherInit(ctx, NULL, NULL, iv, 1), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DecryptUpdate(ctx, decryptedText, &outSz, cipherText, + sizeof(cipherText)), WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, sizeof(cipherText)); + ExpectIntEQ(EVP_DecryptFinal_ex(ctx, decryptedText, &outSz), + WOLFSSL_SUCCESS); + ExpectIntEQ(outSz, 0); + ExpectBufEQ(decryptedText, plainText, sizeof(plainText)); + EVP_CIPHER_CTX_free(ctx); + + res = EXPECT_RESULT(); +#endif + return res; +} + +static int test_wolfssl_EVP_sm4_gcm_zeroLen(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_GCM) + /* Zero length plain text */ + EXPECT_DECLS; + byte key[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte iv[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte plaintxt[1]; + int ivSz = 12; + int plaintxtSz = 0; + unsigned char tag[16]; + unsigned char tag_kat[16] = { + 0x23,0x2f,0x0c,0xfe,0x30,0x8b,0x49,0xea, + 0x6f,0xc8,0x82,0x29,0xb5,0xdc,0x85,0x8d + }; + + byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0}; + byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0}; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + + EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); + + ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_sm4_gcm(), NULL, key, iv)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, + plaintxtSz)); + ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); + ciphertxtSz += len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_GCM_GET_TAG, 16, tag)); + ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); + + ExpectIntEQ(0, ciphertxtSz); + ExpectIntEQ(0, XMEMCMP(tag, tag_kat, sizeof(tag))); + + EVP_CIPHER_CTX_init(de); + ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_sm4_gcm(), NULL, key, iv)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_IVLEN, ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); + decryptedtxtSz = len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_GCM_SET_TAG, 16, tag)); + ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); + decryptedtxtSz += len; + ExpectIntEQ(0, decryptedtxtSz); + + EVP_CIPHER_CTX_free(en); + EVP_CIPHER_CTX_free(de); + + res = EXPECT_RESULT(); +#endif /* OPENSSL_EXTRA && WOLFSSL_SM4_GCM */ + return res; +} + +static int test_wolfssl_EVP_sm4_gcm(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_GCM) + EXPECT_DECLS; + byte *key = (byte*)"0123456789012345"; + /* A 128 bit IV */ + byte *iv = (byte*)"0123456789012345"; + int ivSz = SM4_BLOCK_SIZE; + /* Message to be encrypted */ + byte *plaintxt = (byte*)"for things to change you have to change"; + /* Additional non-confidential data */ + byte *aad = (byte*)"Don't spend major time on minor things."; + + unsigned char tag[SM4_BLOCK_SIZE] = {0}; + int plaintxtSz = (int)XSTRLEN((char*)plaintxt); + int aadSz = (int)XSTRLEN((char*)aad); + byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0}; + byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0}; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + int i = 0; + EVP_CIPHER_CTX en[2]; + EVP_CIPHER_CTX de[2]; + + for (i = 0; i < 2; i++) { + EVP_CIPHER_CTX_init(&en[i]); + + if (i == 0) { + /* Default uses 96-bits IV length */ + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_gcm(), NULL, key, + iv)); + } + else { + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_gcm(), NULL, NULL, + NULL)); + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); + } + ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, + plaintxtSz)); + ciphertxtSz = len; + ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); + ciphertxtSz += len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_GCM_GET_TAG, + SM4_BLOCK_SIZE, tag)); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1); + + EVP_CIPHER_CTX_init(&de[i]); + if (i == 0) { + /* Default uses 96-bits IV length */ + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_gcm(), NULL, key, + iv)); + } + else { + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_gcm(), NULL, NULL, + NULL)); + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); + + } + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + decryptedtxtSz = len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, + SM4_BLOCK_SIZE, tag)); + ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + decryptedtxtSz += len; + ExpectIntEQ(ciphertxtSz, decryptedtxtSz); + ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); + + /* modify tag*/ + tag[SM4_BLOCK_SIZE-1]+=0xBB; + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_GCM_SET_TAG, + SM4_BLOCK_SIZE, tag)); + /* fail due to wrong tag */ + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + ExpectIntEQ(0, len); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1); + } + + res = EXPECT_RESULT(); +#endif /* OPENSSL_EXTRA && WOLFSSL_SM4_GCM */ + return res; +} + +static int test_wolfssl_EVP_sm4_ccm_zeroLen(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CCM) + /* Zero length plain text */ + EXPECT_DECLS; + byte key[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte iv[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; /* align */ + byte plaintxt[1]; + int ivSz = 12; + int plaintxtSz = 0; + unsigned char tag[16]; + + byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0}; + byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0}; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + + EVP_CIPHER_CTX *en = EVP_CIPHER_CTX_new(); + EVP_CIPHER_CTX *de = EVP_CIPHER_CTX_new(); + + ExpectIntEQ(1, EVP_EncryptInit_ex(en, EVP_sm4_ccm(), NULL, key, iv)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); + ExpectIntEQ(1, EVP_EncryptUpdate(en, ciphertxt, &ciphertxtSz , plaintxt, + plaintxtSz)); + ExpectIntEQ(1, EVP_EncryptFinal_ex(en, ciphertxt, &len)); + ciphertxtSz += len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(en, EVP_CTRL_CCM_GET_TAG, 16, tag)); + ExpectIntEQ(1, EVP_CIPHER_CTX_cleanup(en)); + + ExpectIntEQ(0, ciphertxtSz); + + EVP_CIPHER_CTX_init(de); + ExpectIntEQ(1, EVP_DecryptInit_ex(de, EVP_sm4_ccm(), NULL, key, iv)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_IVLEN, ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptUpdate(de, NULL, &len, ciphertxt, len)); + decryptedtxtSz = len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(de, EVP_CTRL_CCM_SET_TAG, 16, tag)); + ExpectIntEQ(1, EVP_DecryptFinal_ex(de, decryptedtxt, &len)); + decryptedtxtSz += len; + ExpectIntEQ(0, decryptedtxtSz); + + EVP_CIPHER_CTX_free(en); + EVP_CIPHER_CTX_free(de); + + res = EXPECT_RESULT(); +#endif /* OPENSSL_EXTRA && WOLFSSL_SM4_CCM */ + return res; +} + +static int test_wolfssl_EVP_sm4_ccm(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM4_CCM) + EXPECT_DECLS; + byte *key = (byte*)"0123456789012345"; + byte *iv = (byte*)"0123456789012"; + int ivSz = (int)XSTRLEN((char*)iv); + /* Message to be encrypted */ + byte *plaintxt = (byte*)"for things to change you have to change"; + /* Additional non-confidential data */ + byte *aad = (byte*)"Don't spend major time on minor things."; + + unsigned char tag[SM4_BLOCK_SIZE] = {0}; + int plaintxtSz = (int)XSTRLEN((char*)plaintxt); + int aadSz = (int)XSTRLEN((char*)aad); + byte ciphertxt[SM4_BLOCK_SIZE * 4] = {0}; + byte decryptedtxt[SM4_BLOCK_SIZE * 4] = {0}; + int ciphertxtSz = 0; + int decryptedtxtSz = 0; + int len = 0; + int i = 0; + EVP_CIPHER_CTX en[2]; + EVP_CIPHER_CTX de[2]; + + for (i = 0; i < 2; i++) { + EVP_CIPHER_CTX_init(&en[i]); + + if (i == 0) { + /* Default uses 96-bits IV length */ + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_ccm(), NULL, key, + iv)); + } + else { + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], EVP_sm4_ccm(), NULL, NULL, + NULL)); + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_EncryptInit_ex(&en[i], NULL, NULL, key, iv)); + } + ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_EncryptUpdate(&en[i], ciphertxt, &len, plaintxt, + plaintxtSz)); + ciphertxtSz = len; + ExpectIntEQ(1, EVP_EncryptFinal_ex(&en[i], ciphertxt, &len)); + ciphertxtSz += len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&en[i], EVP_CTRL_CCM_GET_TAG, + SM4_BLOCK_SIZE, tag)); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&en[i]), 1); + + EVP_CIPHER_CTX_init(&de[i]); + if (i == 0) { + /* Default uses 96-bits IV length */ + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_ccm(), NULL, key, + iv)); + } + else { + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], EVP_sm4_ccm(), NULL, NULL, + NULL)); + /* non-default must to set the IV length first */ + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_IVLEN, + ivSz, NULL)); + ExpectIntEQ(1, EVP_DecryptInit_ex(&de[i], NULL, NULL, key, iv)); + + } + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + decryptedtxtSz = len; + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, + SM4_BLOCK_SIZE, tag)); + ExpectIntEQ(1, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + decryptedtxtSz += len; + ExpectIntEQ(ciphertxtSz, decryptedtxtSz); + ExpectIntEQ(0, XMEMCMP(plaintxt, decryptedtxt, decryptedtxtSz)); + + /* modify tag*/ + tag[SM4_BLOCK_SIZE-1]+=0xBB; + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], NULL, &len, aad, aadSz)); + ExpectIntEQ(1, EVP_CIPHER_CTX_ctrl(&de[i], EVP_CTRL_CCM_SET_TAG, + SM4_BLOCK_SIZE, tag)); + /* fail due to wrong tag */ + ExpectIntEQ(1, EVP_DecryptUpdate(&de[i], decryptedtxt, &len, ciphertxt, + ciphertxtSz)); + ExpectIntEQ(0, EVP_DecryptFinal_ex(&de[i], decryptedtxt, &len)); + ExpectIntEQ(0, len); + ExpectIntEQ(wolfSSL_EVP_CIPHER_CTX_cleanup(&de[i]), 1); + } + + res = EXPECT_RESULT(); +#endif /* OPENSSL_EXTRA && WOLFSSL_SM4_CCM */ + return res; +} + +static int test_wolfSSL_EVP_PKEY_hkdf(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_HKDF) + EVP_PKEY_CTX* ctx = NULL; + byte salt[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F}; + byte key[] = {0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; + byte info[] = {0X01, 0x02, 0x03, 0x04, 0x05}; + byte info2[] = {0X06, 0x07, 0x08, 0x09, 0x0A}; + byte outKey[34]; + size_t outKeySz = sizeof(outKey); + /* These expected outputs were gathered by running the same test below using + * OpenSSL. */ + const byte extractAndExpand[] = { + 0x8B, 0xEB, 0x90, 0xA9, 0x04, 0xFF, 0x05, 0x10, 0xE4, 0xB5, 0xB1, 0x10, + 0x31, 0x34, 0xFF, 0x07, 0x5B, 0xE3, 0xC6, 0x93, 0xD4, 0xF8, 0xC7, 0xEE, + 0x96, 0xDA, 0x78, 0x7A, 0xE2, 0x9A, 0x2D, 0x05, 0x4B, 0xF6 + }; + const byte extractOnly[] = { + 0xE7, 0x6B, 0x9E, 0x0F, 0xE4, 0x02, 0x1D, 0x62, 0xEA, 0x97, 0x74, 0x5E, + 0xF4, 0x3C, 0x65, 0x4D, 0xC1, 0x46, 0x98, 0xAA, 0x79, 0x9A, 0xCB, 0x9C, + 0xCC, 0x3E, 0x7F, 0x2A, 0x2B, 0x41, 0xA1, 0x9E + }; + const byte expandOnly[] = { + 0xFF, 0x29, 0x29, 0x56, 0x9E, 0xA7, 0x66, 0x02, 0xDB, 0x4F, 0xDB, 0x53, + 0x7D, 0x21, 0x67, 0x52, 0xC3, 0x0E, 0xF3, 0xFC, 0x71, 0xCE, 0x67, 0x2B, + 0xEA, 0x3B, 0xE9, 0xFC, 0xDD, 0xC8, 0xCC, 0xB7, 0x42, 0x74 + }; + const byte extractAndExpandAddInfo[] = { + 0x5A, 0x74, 0x79, 0x83, 0xA3, 0xA4, 0x2E, 0xB7, 0xD4, 0x08, 0xC2, 0x6A, + 0x2F, 0xA5, 0xE3, 0x4E, 0xF1, 0xF4, 0x87, 0x3E, 0xA6, 0xC7, 0x88, 0x45, + 0xD7, 0xE2, 0x15, 0xBC, 0xB8, 0x10, 0xEF, 0x6C, 0x4D, 0x7A + }; + + ExpectNotNull((ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF, NULL))); + ExpectIntEQ(EVP_PKEY_derive_init(ctx), WOLFSSL_SUCCESS); + /* NULL ctx. */ + ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(NULL, EVP_sha256()), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* NULL md. */ + ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_PKEY_CTX_set_hkdf_md(ctx, EVP_sha256()), WOLFSSL_SUCCESS); + /* NULL ctx. */ + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(NULL, salt, sizeof(salt)), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* NULL salt is ok. */ + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, NULL, sizeof(salt)), + WOLFSSL_SUCCESS); + /* Salt length <= 0. */ + /* Length 0 salt is ok. */ + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_salt(ctx, salt, sizeof(salt)), + WOLFSSL_SUCCESS); + /* NULL ctx. */ + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(NULL, key, sizeof(key)), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* NULL key. */ + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, NULL, sizeof(key)), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Key length <= 0 */ + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_PKEY_CTX_set1_hkdf_key(ctx, key, sizeof(key)), + WOLFSSL_SUCCESS); + /* NULL ctx. */ + ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(NULL, info, sizeof(info)), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* NULL info is ok. */ + ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, NULL, sizeof(info)), + WOLFSSL_SUCCESS); + /* Info length <= 0 */ + /* Length 0 info is ok. */ + ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info, sizeof(info)), + WOLFSSL_SUCCESS); + /* NULL ctx. */ + ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(NULL, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Extract and expand (default). */ + ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); + ExpectIntEQ(outKeySz, sizeof(extractAndExpand)); + ExpectIntEQ(XMEMCMP(outKey, extractAndExpand, outKeySz), 0); + /* Extract only. */ + ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXTRACT_ONLY), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); + ExpectIntEQ(outKeySz, sizeof(extractOnly)); + ExpectIntEQ(XMEMCMP(outKey, extractOnly, outKeySz), 0); + outKeySz = sizeof(outKey); + /* Expand only. */ + ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, EVP_PKEY_HKDEF_MODE_EXPAND_ONLY), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); + ExpectIntEQ(outKeySz, sizeof(expandOnly)); + ExpectIntEQ(XMEMCMP(outKey, expandOnly, outKeySz), 0); + outKeySz = sizeof(outKey); + /* Extract and expand with appended additional info. */ + ExpectIntEQ(EVP_PKEY_CTX_add1_hkdf_info(ctx, info2, sizeof(info2)), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_CTX_hkdf_mode(ctx, + EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_PKEY_derive(ctx, outKey, &outKeySz), WOLFSSL_SUCCESS); + ExpectIntEQ(outKeySz, sizeof(extractAndExpandAddInfo)); + ExpectIntEQ(XMEMCMP(outKey, extractAndExpandAddInfo, outKeySz), 0); + + EVP_PKEY_CTX_free(ctx); +#endif /* OPENSSL_EXTRA && HAVE_HKDF */ + return EXPECT_RESULT(); +} + +#ifndef NO_BIO +static int test_wolfSSL_PEM_X509_INFO_read_bio(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + BIO* bio = NULL; + X509_INFO* info = NULL; + STACK_OF(X509_INFO)* sk = NULL; + STACK_OF(X509_INFO)* sk2 = NULL; + char* subject = NULL; + char exp1[] = "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting/" + "CN=www.wolfssl.com/emailAddress=info@wolfssl.com"; + char exp2[] = "/C=US/ST=Montana/L=Bozeman/O=wolfSSL/OU=Support/" + "CN=www.wolfssl.com/emailAddress=info@wolfssl.com"; + + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); + ExpectNotNull(sk = PEM_X509_INFO_read_bio(bio, NULL, NULL, NULL)); + ExpectIntEQ(sk_X509_INFO_num(sk), 2); + + /* using dereference to maintain testing for Apache port*/ + ExpectNull(sk_X509_INFO_pop(NULL)); + ExpectNotNull(info = sk_X509_INFO_pop(sk)); + ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509), + 0, 0)); + + ExpectIntEQ(0, XSTRNCMP(subject, exp1, sizeof(exp1))); + XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); + subject = NULL; + X509_INFO_free(info); + info = NULL; + + ExpectNotNull(info = sk_X509_INFO_pop(sk)); + ExpectNotNull(subject = X509_NAME_oneline(X509_get_subject_name(info->x509), + 0, 0)); + + ExpectIntEQ(0, XSTRNCMP(subject, exp2, sizeof(exp2))); + XFREE(subject, 0, DYNAMIC_TYPE_OPENSSL); + subject = NULL; + X509_INFO_free(info); + ExpectNull(info = sk_X509_INFO_pop(sk)); + + sk_X509_INFO_pop_free(sk, X509_INFO_free); + sk = NULL; + BIO_free(bio); + bio = NULL; + + ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null()); + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntGT(BIO_read_filename(bio, svrCertFile), 0); + ExpectNotNull(sk2 = PEM_X509_INFO_read_bio(bio, sk, NULL, NULL)); + ExpectPtrEq(sk, sk2); + if (sk2 != sk) { + sk_X509_INFO_pop_free(sk, X509_INFO_free); + } + sk = NULL; + BIO_free(bio); + sk_X509_INFO_pop_free(sk2, X509_INFO_free); + + ExpectNotNull(sk = wolfSSL_sk_X509_INFO_new_null()); + sk_X509_INFO_free(sk); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_PEM_X509_INFO_read(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + XFILE fp = XBADFILE; + STACK_OF(X509_INFO)* sk = NULL; + + ExpectTrue((fp = XFOPEN(svrCertFile, "rb")) != XBADFILE); + ExpectNull(wolfSSL_PEM_X509_INFO_read(XBADFILE, NULL, NULL, NULL)); + ExpectNotNull(sk = wolfSSL_PEM_X509_INFO_read(fp, NULL, NULL, NULL)); + + sk_X509_INFO_pop_free(sk, X509_INFO_free); + if (fp != XBADFILE) + XFCLOSE(fp); +#endif + return EXPECT_RESULT(); +} +#endif /* !NO_BIO */ + +static int test_wolfSSL_X509_NAME_ENTRY_get_object(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509 *x509 = NULL; + X509_NAME* name = NULL; + int idx = 0; + X509_NAME_ENTRY *ne = NULL; + ASN1_OBJECT *object = NULL; + + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_file(cliCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(name = X509_get_subject_name(x509)); + ExpectIntGE(X509_NAME_get_index_by_NID(NULL, NID_commonName, -1), + BAD_FUNC_ARG); + ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -1), 0); + ExpectIntGE(idx = X509_NAME_get_index_by_NID(name, NID_commonName, -2), 0); + + ExpectNotNull(ne = X509_NAME_get_entry(name, idx)); + ExpectNull(X509_NAME_ENTRY_get_object(NULL)); + ExpectNotNull(object = X509_NAME_ENTRY_get_object(ne)); + + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_get1_certs(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SIGNER_DER_CERT) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) + X509_STORE_CTX *storeCtx = NULL; + X509_STORE *store = NULL; + X509 *caX509 = NULL; + X509 *svrX509 = NULL; + X509_NAME *subject = NULL; + WOLF_STACK_OF(WOLFSSL_X509) *certs = NULL; + + ExpectNotNull(caX509 = X509_load_certificate_file(caCertFile, + SSL_FILETYPE_PEM)); + ExpectNotNull((svrX509 = wolfSSL_X509_load_certificate_file(svrCertFile, + SSL_FILETYPE_PEM))); + ExpectNotNull(storeCtx = X509_STORE_CTX_new()); + ExpectNotNull(store = X509_STORE_new()); + ExpectNotNull(subject = X509_get_subject_name(caX509)); + + /* Errors */ + ExpectNull(X509_STORE_get1_certs(storeCtx, subject)); + ExpectNull(X509_STORE_get1_certs(NULL, subject)); + ExpectNull(X509_STORE_get1_certs(storeCtx, NULL)); + + ExpectIntEQ(X509_STORE_add_cert(store, caX509), SSL_SUCCESS); + ExpectIntEQ(X509_STORE_CTX_init(storeCtx, store, caX509, NULL), + SSL_SUCCESS); + + /* Should find the cert */ + ExpectNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); + ExpectIntEQ(1, wolfSSL_sk_X509_num(certs)); + + sk_X509_pop_free(certs, NULL); + certs = NULL; + + /* Should not find the cert */ + ExpectNotNull(subject = X509_get_subject_name(svrX509)); + ExpectNotNull(certs = X509_STORE_get1_certs(storeCtx, subject)); + ExpectIntEQ(0, wolfSSL_sk_X509_num(certs)); + + sk_X509_pop_free(certs, NULL); + certs = NULL; + + X509_STORE_free(store); + X509_STORE_CTX_free(storeCtx); + X509_free(svrX509); + X509_free(caX509); +#endif /* OPENSSL_EXTRA && WOLFSSL_SIGNER_DER_CERT && !NO_FILESYSTEM */ + return EXPECT_RESULT(); +} + +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_LOCAL_X509_STORE) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL) +static int test_wolfSSL_X509_STORE_set_get_crl_provider(X509_STORE_CTX* ctx, + X509_CRL** crl_out, X509* cert) { + X509_CRL *crl = NULL; + XFILE fp = XBADFILE; + char* cert_issuer = X509_NAME_oneline(X509_get_issuer_name(cert), NULL, 0); + int ret = 0; + + (void)ctx; + + if (cert_issuer == NULL) + return 0; + + if ((fp = XFOPEN("certs/crl/crl.pem", "rb")) != XBADFILE) { + PEM_read_X509_CRL(fp, &crl, NULL, NULL); + XFCLOSE(fp); + if (crl != NULL) { + char* crl_issuer = X509_NAME_oneline( + X509_CRL_get_issuer(crl), NULL, 0); + if ((crl_issuer != NULL) && + (XSTRCMP(cert_issuer, crl_issuer) == 0)) { + *crl_out = X509_CRL_dup(crl); + if (*crl_out != NULL) + ret = 1; + } + OPENSSL_free(crl_issuer); + } + } + + X509_CRL_free(crl); + OPENSSL_free(cert_issuer); + return ret; +} + +static int test_wolfSSL_X509_STORE_set_get_crl_provider2(X509_STORE_CTX* ctx, + X509_CRL** crl_out, X509* cert) { + (void)ctx; + (void)cert; + *crl_out = NULL; + return 1; +} + +#ifndef NO_WOLFSSL_STUB +static int test_wolfSSL_X509_STORE_set_get_crl_check(X509_STORE_CTX* ctx, + X509_CRL* crl) { + (void)ctx; + (void)crl; + return 1; +} +#endif + +static int test_wolfSSL_X509_STORE_set_get_crl_verify(int ok, + X509_STORE_CTX* ctx) { + int cert_error = X509_STORE_CTX_get_error(ctx); + X509_VERIFY_PARAM* param = X509_STORE_CTX_get0_param(ctx); + int flags = X509_VERIFY_PARAM_get_flags(param); + if ((flags & (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) != + (X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL)) { + /* Make sure the flags are set */ + return 0; + } + /* Ignore CRL missing error */ +#ifndef OPENSSL_COMPATIBLE_DEFAULTS + if (cert_error == WC_NO_ERR_TRACE(CRL_MISSING)) +#else + if (cert_error == X509_V_ERR_UNABLE_TO_GET_CRL) +#endif + return 1; + return ok; +} + +static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + X509_STORE* cert_store = NULL; + + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); + ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx)); + X509_STORE_set_get_crl(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_provider); +#ifndef NO_WOLFSSL_STUB + X509_STORE_set_check_crl(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_check); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + X509_STORE* cert_store = NULL; + X509_VERIFY_PARAM* param = NULL; + + SSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); + ExpectNotNull(cert_store = SSL_CTX_get_cert_store(ctx)); + X509_STORE_set_get_crl(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_provider2); +#ifndef NO_WOLFSSL_STUB + X509_STORE_set_check_crl(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_check); +#endif + X509_STORE_set_verify_cb(cert_store, + test_wolfSSL_X509_STORE_set_get_crl_verify); + ExpectNotNull(X509_STORE_get0_param(cert_store)); + ExpectNotNull(param = X509_VERIFY_PARAM_new()); + ExpectIntEQ(X509_VERIFY_PARAM_inherit(NULL, NULL) , WOLFSSL_SUCCESS); + ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, NULL) , WOLFSSL_SUCCESS); + ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, + X509_STORE_get0_param(cert_store)), WOLFSSL_SUCCESS); + ExpectIntEQ(X509_VERIFY_PARAM_inherit(param, + X509_STORE_get0_param(cert_store)), 1); + ExpectIntEQ(X509_VERIFY_PARAM_set_flags( + param, X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1); + ExpectIntEQ(X509_STORE_set1_param(cert_store, param), 1); + ExpectIntEQ(X509_STORE_set_flags(cert_store, + X509_V_FLAG_CRL_CHECK | X509_V_FLAG_CRL_CHECK_ALL), 1); + + + X509_VERIFY_PARAM_free(param); + return EXPECT_RESULT(); +} +#endif + +/* This test mimics the usage of the CRL provider in gRPC */ +static int test_wolfSSL_X509_STORE_set_get_crl(void) +{ + EXPECT_DECLS; +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_LOCAL_X509_STORE) && \ + (defined(OPENSSL_ALL) || defined(WOLFSSL_QT)) && defined(HAVE_CRL) + test_ssl_cbf func_cb_client; + test_ssl_cbf func_cb_server; + + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); + + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + func_cb_client.ctx_ready = test_wolfSSL_X509_STORE_set_get_crl_ctx_ready2; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&func_cb_client, + &func_cb_server, NULL), TEST_SUCCESS); +#endif + return EXPECT_RESULT(); +} + + +static int test_wolfSSL_dup_CA_list(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_ALL) + EXPECT_DECLS; + STACK_OF(X509_NAME) *originalStack = NULL; + STACK_OF(X509_NAME) *copyStack = NULL; + int originalCount = 0; + int copyCount = 0; + X509_NAME *name = NULL; + int i; + + originalStack = sk_X509_NAME_new_null(); + ExpectNotNull(originalStack); + + for (i = 0; i < 3; i++) { + name = X509_NAME_new(); + ExpectNotNull(name); + ExpectIntEQ(sk_X509_NAME_push(originalStack, name), i+1); + if (EXPECT_FAIL()) { + X509_NAME_free(name); + } + } + + copyStack = SSL_dup_CA_list(originalStack); + ExpectNotNull(copyStack); + ExpectIntEQ(sk_X509_NAME_num(NULL), BAD_FUNC_ARG); + originalCount = sk_X509_NAME_num(originalStack); + copyCount = sk_X509_NAME_num(copyStack); + + ExpectIntEQ(originalCount, copyCount); + sk_X509_NAME_pop_free(originalStack, X509_NAME_free); + sk_X509_NAME_pop_free(copyStack, X509_NAME_free); + + originalStack = NULL; + copyStack = NULL; + + originalStack = sk_X509_NAME_new_null(); + ExpectNull(sk_X509_NAME_pop(NULL)); + ExpectNull(sk_X509_NAME_pop(originalStack)); + for (i = 0; i < 3; i++) { + name = X509_NAME_new(); + ExpectNotNull(name); + ExpectIntEQ(sk_X509_NAME_push(originalStack, name), i+1); + if (EXPECT_FAIL()) { + X509_NAME_free(name); + } + name = NULL; + } + ExpectNotNull(name = sk_X509_NAME_pop(originalStack)); + X509_NAME_free(name); + wolfSSL_sk_X509_NAME_set_cmp_func(NULL, NULL); + wolfSSL_sk_X509_NAME_set_cmp_func(originalStack, NULL); + wolfSSL_sk_X509_NAME_pop_free(originalStack, X509_NAME_free); + + res = EXPECT_RESULT(); +#endif /* OPENSSL_ALL */ + return res; +} + +static int test_ForceZero(void) +{ + EXPECT_DECLS; + unsigned char data[32]; + unsigned int i, j, len; + + /* Test case with 0 length */ + ForceZero(data, 0); + + /* Test ForceZero */ + for (i = 0; i < sizeof(data); i++) { + for (len = 1; len < sizeof(data) - i; len++) { + for (j = 0; j < sizeof(data); j++) + data[j] = ((unsigned char)j + 1); + + ForceZero(data + i, len); + + for (j = 0; j < sizeof(data); j++) { + if (j < i || j >= i + len) { + ExpectIntNE(data[j], 0x00); + } + else { + ExpectIntEQ(data[j], 0x00); + } + } + } + } + + return EXPECT_RESULT(); +} + +#ifndef NO_BIO + +static int test_wolfSSL_X509_print(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ + !defined(NO_RSA) && defined(XSNPRINTF) + X509 *x509 = NULL; + BIO *bio = NULL; +#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR) + const X509_ALGOR *cert_sig_alg = NULL; +#endif + + ExpectNotNull(x509 = X509_load_certificate_file(svrCertFile, + WOLFSSL_FILETYPE_PEM)); + + /* print to memory */ + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_print(bio, x509), SSL_SUCCESS); + +#if defined(OPENSSL_ALL) || defined(WOLFSSL_IP_ALT_NAME) + #if defined(WC_DISABLE_RADIX_ZERO_PAD) + /* Will print IP address subject alt name. */ + ExpectIntEQ(BIO_get_mem_data(bio, NULL), 3349); + #elif defined(NO_ASN_TIME) + /* Will print IP address subject alt name but not Validity. */ + ExpectIntEQ(BIO_get_mem_data(bio, NULL), 3235); + #else + /* Will print IP address subject alt name. */ + ExpectIntEQ(BIO_get_mem_data(bio, NULL), 3350); + #endif +#elif defined(NO_ASN_TIME) + /* With NO_ASN_TIME defined, X509_print skips printing Validity. */ + ExpectIntEQ(BIO_get_mem_data(bio, NULL), 3213); +#else + ExpectIntEQ(BIO_get_mem_data(bio, NULL), 3328); +#endif + BIO_free(bio); + bio = NULL; + + ExpectNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE)); + +#if defined(OPENSSL_ALL) && !defined(NO_WOLFSSL_DIR) + /* Print signature */ + ExpectNotNull(cert_sig_alg = X509_get0_tbs_sigalg(x509)); + ExpectIntEQ(X509_signature_print(bio, cert_sig_alg, NULL), SSL_SUCCESS); +#endif + + /* print to stderr */ +#if !defined(NO_WOLFSSL_DIR) + ExpectIntEQ(X509_print(bio, x509), SSL_SUCCESS); +#endif + /* print again */ + ExpectIntEQ(X509_print_fp(stderr, x509), SSL_SUCCESS); + + X509_free(x509); + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_X509_CRL_print(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && defined(HAVE_CRL) && \ + !defined(NO_RSA) && !defined(NO_FILESYSTEM) && defined(XSNPRINTF) + X509_CRL* crl = NULL; + BIO *bio = NULL; + XFILE fp = XBADFILE; + + ExpectTrue((fp = XFOPEN("./certs/crl/crl.pem", "rb")) != XBADFILE); + ExpectNotNull(crl = (X509_CRL*)PEM_read_X509_CRL(fp, (X509_CRL **)NULL, + NULL, NULL)); + if (fp != XBADFILE) + XFCLOSE(fp); + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(X509_CRL_print(bio, crl), SSL_SUCCESS); + + X509_CRL_free(crl); + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +#endif /* !NO_BIO */ + +#if defined(OPENSSL_EXTRA) && !defined(NO_CERTS) && \ + defined(WOLFSSL_CERT_GEN) && defined(WOLFSSL_CERT_REQ) && \ + !defined(NO_ASN_TIME) +static int test_openssl_make_self_signed_certificate(EVP_PKEY* pkey, + int expectedDerSz) +{ + EXPECT_DECLS; + X509* x509 = NULL; + BIGNUM* serial_number = NULL; + X509_NAME* name = NULL; + time_t epoch_off = 0; + ASN1_INTEGER* asn1_serial_number = NULL; + long not_before, not_after; + int derSz; + + ExpectNotNull(x509 = X509_new()); + + ExpectIntNE(X509_set_pubkey(x509, pkey), 0); + + ExpectNotNull(serial_number = BN_new()); + ExpectIntNE(BN_pseudo_rand(serial_number, 64, 0, 0), 0); + ExpectNotNull(asn1_serial_number = X509_get_serialNumber(x509)); + ExpectNotNull(BN_to_ASN1_INTEGER(serial_number, asn1_serial_number)); + + /* version 3 */ + ExpectIntNE(X509_set_version(x509, 2L), 0); + + ExpectNotNull(name = X509_NAME_new()); + + ExpectIntNE(X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_UTF8, + (unsigned char*)"www.wolfssl.com", -1, -1, 0), 0); + ExpectIntNE(X509_NAME_add_entry_by_NID(name, NID_pkcs9_contentType, + MBSTRING_UTF8,(unsigned char*)"Server", -1, -1, 0), 0); + + ExpectIntNE(X509_set_subject_name(x509, name), 0); + ExpectIntNE(X509_set_issuer_name(x509, name), 0); + + not_before = (long)wc_Time(NULL); + not_after = not_before + (365 * 24 * 60 * 60); + ExpectNotNull(X509_time_adj(X509_get_notBefore(x509), not_before, + &epoch_off)); + ExpectNotNull(X509_time_adj(X509_get_notAfter(x509), not_after, + &epoch_off)); + + ExpectIntNE(X509_sign(x509, pkey, EVP_sha256()), 0); + + ExpectNotNull(wolfSSL_X509_get_der(x509, &derSz)); + ExpectIntGE(derSz, expectedDerSz); + + BN_free(serial_number); + X509_NAME_free(name); + X509_free(x509); + + return EXPECT_RESULT(); +} +#endif + +static int test_openssl_generate_key_and_cert(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + int expectedDerSz; + EVP_PKEY* pkey = NULL; +#ifdef HAVE_ECC + EC_KEY* ec_key = NULL; +#endif +#if !defined(NO_RSA) + int key_length = 2048; + BIGNUM* exponent = NULL; + RSA* rsa = NULL; + + ExpectNotNull(pkey = EVP_PKEY_new()); + ExpectNotNull(exponent = BN_new()); + ExpectNotNull(rsa = RSA_new()); + + ExpectIntNE(BN_set_word(exponent, WC_RSA_EXPONENT), 0); +#ifndef WOLFSSL_KEY_GEN + ExpectIntEQ(RSA_generate_key_ex(rsa, key_length, exponent, NULL), 0); + + #if defined(USE_CERT_BUFFERS_1024) + ExpectIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_1024, + sizeof_server_key_der_1024, WOLFSSL_RSA_LOAD_PRIVATE), 0); + key_length = 1024; + #elif defined(USE_CERT_BUFFERS_2048) + ExpectIntNE(wolfSSL_RSA_LoadDer_ex(rsa, server_key_der_2048, + sizeof_server_key_der_2048, WOLFSSL_RSA_LOAD_PRIVATE), 0); + #else + RSA_free(rsa); + rsa = NULL; + #endif +#else + ExpectIntEQ(RSA_generate_key_ex(NULL, key_length, exponent, NULL), 0); + ExpectIntEQ(RSA_generate_key_ex(rsa, 0, exponent, NULL), 0); + ExpectIntEQ(RSA_generate_key_ex(rsa, key_length, NULL, NULL), 0); + ExpectIntNE(RSA_generate_key_ex(rsa, key_length, exponent, NULL), 0); +#endif + + if (rsa) { + ExpectIntNE(EVP_PKEY_assign_RSA(pkey, rsa), 0); + if (EXPECT_FAIL()) { + RSA_free(rsa); + } + + #if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) + expectedDerSz = 743; + ExpectIntEQ(test_openssl_make_self_signed_certificate(pkey, + expectedDerSz), TEST_SUCCESS); + #endif + } + + EVP_PKEY_free(pkey); + pkey = NULL; + BN_free(exponent); +#endif /* !NO_RSA */ + +#ifdef HAVE_ECC + ExpectNotNull(pkey = EVP_PKEY_new()); + ExpectNotNull(ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + +#ifndef NO_WOLFSSL_STUB + EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE); +#endif + + ExpectIntNE(EC_KEY_generate_key(ec_key), 0); + ExpectIntNE(EVP_PKEY_assign_EC_KEY(pkey, ec_key), 0); + if (EXPECT_FAIL()) { + EC_KEY_free(ec_key); + } + +#if !defined(NO_CERTS) && defined(WOLFSSL_CERT_GEN) && \ + defined(WOLFSSL_CERT_REQ) && !defined(NO_ASN_TIME) + expectedDerSz = 344; + ExpectIntEQ(test_openssl_make_self_signed_certificate(pkey, expectedDerSz), + TEST_SUCCESS); +#endif + + EVP_PKEY_free(pkey); +#endif /* HAVE_ECC */ + (void)pkey; + (void)expectedDerSz; +#endif /* OPENSSL_EXTRA */ + + return EXPECT_RESULT(); +} + +static int test_stubs_are_stubs(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB) && \ + !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL_CTX* ctxN = NULL; + #ifndef NO_WOLFSSL_CLIENT + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + #elif !defined(NO_WOLFSSL_SERVER) + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + #endif + + #define CHECKZERO_RET(x, y, z) ExpectIntEQ((int) x(y), 0); \ + ExpectIntEQ((int) x(z), 0) + /* test logic, all stubs return same result regardless of ctx being NULL + * as there are no sanity checks, it's just a stub! If at some + * point a stub is not a stub it should begin to return BAD_FUNC_ARG + * if invalid inputs are supplied. Test calling both + * with and without valid inputs, if a stub functionality remains unchanged. + */ + CHECKZERO_RET(wolfSSL_CTX_sess_accept, ctx, ctxN); + CHECKZERO_RET(wolfSSL_CTX_sess_connect, ctx, ctxN); + CHECKZERO_RET(wolfSSL_CTX_sess_accept_good, ctx, ctxN); + CHECKZERO_RET(wolfSSL_CTX_sess_connect_good, ctx, ctxN); + CHECKZERO_RET(wolfSSL_CTX_sess_accept_renegotiate, ctx, ctxN); + CHECKZERO_RET(wolfSSL_CTX_sess_connect_renegotiate, ctx, ctxN); + CHECKZERO_RET(wolfSSL_CTX_sess_hits, ctx, ctxN); + CHECKZERO_RET(wolfSSL_CTX_sess_cb_hits, ctx, ctxN); + CHECKZERO_RET(wolfSSL_CTX_sess_cache_full, ctx, ctxN); + CHECKZERO_RET(wolfSSL_CTX_sess_misses, ctx, ctxN); + CHECKZERO_RET(wolfSSL_CTX_sess_timeouts, ctx, ctxN); + + /* when implemented this should take WOLFSSL object instead, right now + * always returns 0 */ + ExpectPtrEq(SSL_get_current_expansion(NULL), NULL); + + wolfSSL_CTX_free(ctx); + ctx = NULL; + + ExpectStrEQ(SSL_COMP_get_name(NULL), "not supported"); + ExpectPtrEq(SSL_get_current_expansion(NULL), NULL); +#endif /* OPENSSL_EXTRA && !NO_WOLFSSL_STUB && (!NO_WOLFSSL_CLIENT || + * !NO_WOLFSSL_SERVER) */ + return EXPECT_RESULT(); +} + +static int test_CONF_modules_xxx(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) + CONF_modules_free(); + + CONF_modules_unload(0); + CONF_modules_unload(1); + CONF_modules_unload(-1); + + res = TEST_SUCCESS; +#endif /* OPENSSL_EXTRA */ + return res; +} +static int test_CRYPTO_set_dynlock_xxx(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) + CRYPTO_set_dynlock_create_callback( + (struct CRYPTO_dynlock_value *(*)(const char*, int))NULL); + + CRYPTO_set_dynlock_create_callback( + (struct CRYPTO_dynlock_value *(*)(const char*, int))1); + + CRYPTO_set_dynlock_destroy_callback( + (void (*)(struct CRYPTO_dynlock_value*, const char*, int))NULL); + + CRYPTO_set_dynlock_destroy_callback( + (void (*)(struct CRYPTO_dynlock_value*, const char*, int))1); + + CRYPTO_set_dynlock_lock_callback( + (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))NULL); + + CRYPTO_set_dynlock_lock_callback( + (void (*)(int, struct CRYPTO_dynlock_value *, const char*, int))1); + + res = TEST_SUCCESS; +#endif /* OPENSSL_EXTRA */ + return res; +} +static int test_CRYPTO_THREADID_xxx(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + CRYPTO_THREADID_current((CRYPTO_THREADID*)NULL); + CRYPTO_THREADID_current((CRYPTO_THREADID*)1); + ExpectIntEQ(CRYPTO_THREADID_hash((const CRYPTO_THREADID*)NULL), 0); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} +static int test_ENGINE_cleanup(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) + ENGINE_cleanup(); + + res = TEST_SUCCESS; +#endif /* OPENSSL_EXTRA */ + return res; +} + +static int test_wolfSSL_CTX_LoadCRL(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + WOLFSSL_CERT_MANAGER* cm = NULL; + const char* issuerCert = "./certs/client-cert.pem"; + const char* validFilePath = "./certs/crl/cliCrl.pem"; + int pemType = WOLFSSL_FILETYPE_PEM; +#ifndef NO_TLS + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + const char* badPath = "dummypath"; + const char* validPath = "./certs/crl"; + int derType = WOLFSSL_FILETYPE_ASN1; +#ifdef HAVE_CRL_MONITOR + int monitor = WOLFSSL_CRL_MONITOR; +#else + int monitor = 0; +#endif + + #define FAIL_T1(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + #define FAIL_T2(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \ + WC_NO_ERR_TRACE(NOT_COMPILED_IN)) + #define SUCC_T(x, y, z, p, d) ExpectIntEQ((int) x(y, z, p, d), \ + WOLFSSL_SUCCESS) +#ifndef NO_WOLFSSL_CLIENT + #define NEW_CTX(ctx) ExpectNotNull( \ + (ctx) = wolfSSL_CTX_new(wolfSSLv23_client_method())) +#elif !defined(NO_WOLFSSL_SERVER) + #define NEW_CTX(ctx) ExpectNotNull( \ + (ctx) = wolfSSL_CTX_new(wolfSSLv23_server_method())) +#else + #define NEW_CTX(ctx) return +#endif + + FAIL_T1(wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor); + + NEW_CTX(ctx); + +#ifndef HAVE_CRL_MONITOR + FAIL_T2(wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, WOLFSSL_CRL_MONITOR); + wolfSSL_CTX_free(ctx); + NEW_CTX(ctx); +#endif + + SUCC_T (wolfSSL_CTX_LoadCRL, ctx, validPath, pemType, monitor); + SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, pemType, monitor); + SUCC_T (wolfSSL_CTX_LoadCRL, ctx, badPath, derType, monitor); + + wolfSSL_CTX_free(ctx); + ctx = NULL; + + NEW_CTX(ctx); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, issuerCert, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, validFilePath, pemType), WOLFSSL_SUCCESS); + wolfSSL_CTX_free(ctx); + ctx = NULL; + + NEW_CTX(ctx); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx, issuerCert, NULL), + WOLFSSL_SUCCESS); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectIntEQ(wolfSSL_LoadCRLFile(ssl, validFilePath, pemType), WOLFSSL_SUCCESS); + wolfSSL_free(ssl); + ssl = NULL; + wolfSSL_CTX_free(ctx); + ctx = NULL; +#endif /* !NO_TLS */ + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, issuerCert, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, validFilePath, pemType), + WOLFSSL_SUCCESS); + wolfSSL_CertManagerFree(cm); +#endif + return EXPECT_RESULT(); +} + +#if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \ + defined(HAVE_CRL_UPDATE_CB) +int crlUpdateTestStatus = 0; +WOLFSSL_CERT_MANAGER* updateCrlTestCm = NULL; +static void updateCrlCb(CrlInfo* old, CrlInfo* cnew) +{ + const char* crl1 = "./certs/crl/crl.pem"; + const char* crlRevoked = "./certs/crl/crl.revoked"; + byte *crl1Buff = NULL; + word32 crl1Sz; + byte *crlRevBuff = NULL; + word32 crlRevSz; + WOLFSSL_CERT_MANAGER* cm = updateCrlTestCm; + XFILE f; + word32 sz; + CrlInfo crl1Info; + CrlInfo crlRevInfo; + + crlUpdateTestStatus = 0; + if (old == NULL || cnew == NULL) { + return; + } + + AssertTrue((f = XFOPEN(crl1, "rb")) != XBADFILE); + AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0); + AssertIntGE(sz = (word32) XFTELL(f), 1); + AssertTrue(XFSEEK(f, 0, XSEEK_SET) == 0); + AssertTrue( \ + (crl1Buff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL); + AssertTrue(XFREAD(crl1Buff, 1, sz, f) == sz); + XFCLOSE(f); + crl1Sz = sz; + + AssertTrue((f = XFOPEN(crlRevoked, "rb")) != XBADFILE); + AssertTrue(XFSEEK(f, 0, XSEEK_END) == 0); + AssertIntGE(sz = (word32) XFTELL(f), 1); + AssertTrue(XFSEEK(f, 0, XSEEK_SET) == 0); + AssertTrue( \ + (crlRevBuff = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)) != NULL); + AssertTrue(XFREAD(crlRevBuff, 1, sz, f) == sz); + XFCLOSE(f); + crlRevSz = sz; + + AssertIntEQ(wolfSSL_CertManagerGetCRLInfo( + cm, &crl1Info, crl1Buff, crl1Sz, WOLFSSL_FILETYPE_PEM), + WOLFSSL_SUCCESS); + AssertIntEQ(wolfSSL_CertManagerGetCRLInfo( + cm, &crlRevInfo, crlRevBuff, crlRevSz, WOLFSSL_FILETYPE_PEM), + WOLFSSL_SUCCESS); + + /* Old entry being replaced should match crl1 */ + AssertIntEQ(crl1Info.issuerHashLen, old->issuerHashLen); + AssertIntEQ(crl1Info.lastDateMaxLen, old->lastDateMaxLen); + AssertIntEQ(crl1Info.lastDateFormat, old->lastDateFormat); + AssertIntEQ(crl1Info.nextDateMaxLen, old->nextDateMaxLen); + AssertIntEQ(crl1Info.nextDateFormat, old->nextDateFormat); + AssertIntEQ(XMEMCMP( + crl1Info.crlNumber, old->crlNumber, CRL_MAX_NUM_SZ), 0); + AssertIntEQ(XMEMCMP( + crl1Info.issuerHash, old->issuerHash, old->issuerHashLen), 0); + AssertIntEQ(XMEMCMP( + crl1Info.lastDate, old->lastDate, old->lastDateMaxLen), 0); + AssertIntEQ(XMEMCMP( + crl1Info.nextDate, old->nextDate, old->nextDateMaxLen), 0); + + /* Newer entry should match crl revoked */ + AssertIntEQ(crlRevInfo.issuerHashLen, cnew->issuerHashLen); + AssertIntEQ(crlRevInfo.lastDateMaxLen, cnew->lastDateMaxLen); + AssertIntEQ(crlRevInfo.lastDateFormat, cnew->lastDateFormat); + AssertIntEQ(crlRevInfo.nextDateMaxLen, cnew->nextDateMaxLen); + AssertIntEQ(crlRevInfo.nextDateFormat, cnew->nextDateFormat); + AssertIntEQ(XMEMCMP( + crlRevInfo.crlNumber, cnew->crlNumber, CRL_MAX_NUM_SZ), 0); + AssertIntEQ(XMEMCMP( + crlRevInfo.issuerHash, cnew->issuerHash, cnew->issuerHashLen), 0); + AssertIntEQ(XMEMCMP( + crlRevInfo.lastDate, cnew->lastDate, cnew->lastDateMaxLen), 0); + AssertIntEQ(XMEMCMP( + crlRevInfo.nextDate, cnew->nextDate, cnew->nextDateMaxLen), 0); + + XFREE(crl1Buff, NULL, DYNAMIC_TYPE_FILE); + XFREE(crlRevBuff, NULL, DYNAMIC_TYPE_FILE); + crlUpdateTestStatus = 1; +} +#endif + +static int test_wolfSSL_crl_update_cb(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CRL) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) && \ + defined(HAVE_CRL_UPDATE_CB) + const char* crl1 = "./certs/crl/crl.pem"; + const char* crlRevoked = "./certs/crl/crl.revoked"; + const char* issuerCert = "./certs/client-cert.pem"; + const char* caCert = "./certs/ca-cert.pem"; + const char* goodCert = "./certs/server-cert.pem"; + const char* revokedCert = "./certs/server-revoked-cert.pem"; + int pemType = WOLFSSL_FILETYPE_PEM; + WOLFSSL_CERT_MANAGER* cm = NULL; + + updateCrlTestCm = wolfSSL_CertManagerNew(); + ExpectNotNull(updateCrlTestCm); + cm = updateCrlTestCm; + ExpectIntEQ(wolfSSL_CertManagerSetCRLUpdate_Cb(cm, updateCrlCb), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, caCert, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerLoadCA(cm, issuerCert, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crl1, pemType), + WOLFSSL_SUCCESS); + /* CRL1 does not have good cert revoked */ + ExpectIntEQ(wolfSSL_CertManagerVerify(cm, goodCert, pemType), + WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerify(cm, revokedCert, pemType), + WOLFSSL_SUCCESS); + /* Load newer CRL from same issuer, callback verifies CRL entry details */ + ExpectIntEQ(wolfSSL_CertManagerLoadCRLFile(cm, crlRevoked, pemType), + WOLFSSL_SUCCESS); + /* CRL callback verified entry info was as expected */ + ExpectIntEQ(crlUpdateTestStatus, 1); + /* Ensure that both certs fail with newer CRL */ + ExpectIntNE(wolfSSL_CertManagerVerify(cm, goodCert, pemType), + WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_CertManagerVerify(cm, revokedCert, pemType), + WOLFSSL_SUCCESS); +#endif + return EXPECT_RESULT(); +} + +static int test_SetTmpEC_DHE_Sz(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) + WOLFSSL_CTX *ctx = NULL; + WOLFSSL *ssl = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_SetTmpEC_DHE_Sz(ctx, 32)); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_SetTmpEC_DHE_Sz(ssl, 32)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_get0_privatekey(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_TLS) + WOLFSSL_CTX* ctx = NULL; + + (void)ctx; + +#ifndef NO_RSA + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); + ExpectNull(SSL_CTX_get0_privatekey(ctx)); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNull(SSL_CTX_get0_privatekey(ctx)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(SSL_CTX_get0_privatekey(ctx)); + wolfSSL_CTX_free(ctx); + ctx = NULL; +#endif +#ifdef HAVE_ECC + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); + ExpectNull(SSL_CTX_get0_privatekey(ctx)); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNull(SSL_CTX_get0_privatekey(ctx)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(SSL_CTX_get0_privatekey(ctx)); + wolfSSL_CTX_free(ctx); +#endif +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_dtls_set_mtu(void) +{ + EXPECT_DECLS; +#if (defined(WOLFSSL_DTLS_MTU) || defined(WOLFSSL_SCTP)) && \ + !defined(NO_WOLFSSL_SERVER) && defined(WOLFSSL_DTLS) && \ + !defined(WOLFSSL_NO_TLS12) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + const char* testCertFile; + const char* testKeyFile; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())); +#ifndef NO_RSA + testCertFile = svrCertFile; + testKeyFile = svrKeyFile; +#elif defined(HAVE_ECC) + testCertFile = eccCertFile; + testKeyFile = eccKeyFile; +#endif + if (testCertFile != NULL && testKeyFile != NULL) { + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, testCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + WOLFSSL_FILETYPE_PEM)); + } + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(NULL, 1488), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_dtls_set_mtu(NULL, 1488), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 20000), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl, 20000), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_get_error(ssl, WC_NO_ERR_TRACE(WOLFSSL_FAILURE)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_dtls_set_mtu(ctx, 1488), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl, 1488), WOLFSSL_SUCCESS); + +#ifdef OPENSSL_EXTRA + ExpectIntEQ(SSL_set_mtu(ssl, 1488), WOLFSSL_SUCCESS); +#endif + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + + return EXPECT_RESULT(); +} + +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \ + defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) + +static WC_INLINE void generateDTLSMsg(byte* out, int outSz, word32 seq, + enum HandShakeType hsType, word16 length) +{ + size_t idx = 0; + byte* l; + + /* record layer */ + /* handshake type */ + out[idx++] = handshake; + /* protocol version */ + out[idx++] = 0xfe; + out[idx++] = 0xfd; /* DTLS 1.2 */ + /* epoch 0 */ + XMEMSET(out + idx, 0, 2); + idx += 2; + /* sequence number */ + XMEMSET(out + idx, 0, 6); + c32toa(seq, out + idx + 2); + idx += 6; + /* length in BE */ + if (length) + c16toa(length, out + idx); + else + c16toa(outSz - idx - 2, out + idx); + idx += 2; + + /* handshake layer */ + /* handshake type */ + out[idx++] = (byte)hsType; + /* length */ + l = out + idx; + idx += 3; + /* message seq */ + c16toa(0, out + idx); + idx += 2; + /* frag offset */ + c32to24(0, out + idx); + idx += 3; + /* frag length */ + c32to24((word32)outSz - (word32)idx - 3, l); + c32to24((word32)outSz - (word32)idx - 3, out + idx); + idx += 3; + XMEMSET(out + idx, 0, outSz - idx); +} + +static void test_wolfSSL_dtls_plaintext_server(WOLFSSL* ssl) +{ + byte msg[] = "This is a msg for the client"; + byte reply[40]; + AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)),0); + reply[sizeof(reply) - 1] = '\0'; + fprintf(stderr, "Client message: %s\n", reply); + AssertIntEQ(wolfSSL_write(ssl, msg, sizeof(msg)), sizeof(msg)); +} + +static void test_wolfSSL_dtls_plaintext_client(WOLFSSL* ssl) +{ + byte ch[50]; + int fd = wolfSSL_get_wfd(ssl); + byte msg[] = "This is a msg for the server"; + byte reply[40]; + + AssertIntGE(fd, 0); + generateDTLSMsg(ch, sizeof(ch), 20, client_hello, 0); + /* Server should ignore this datagram */ + AssertIntEQ(send(fd, (MESSAGE_TYPE_CAST)ch, sizeof(ch), 0), sizeof(ch)); + generateDTLSMsg(ch, sizeof(ch), 20, client_hello, 10000); + /* Server should ignore this datagram */ + AssertIntEQ(send(fd, (MESSAGE_TYPE_CAST)ch, sizeof(ch), 0), sizeof(ch)); + + AssertIntEQ(wolfSSL_write(ssl, msg, sizeof(msg)), sizeof(msg)); + AssertIntGT(wolfSSL_read(ssl, reply, sizeof(reply)),0); + reply[sizeof(reply) - 1] = '\0'; + fprintf(stderr, "Server response: %s\n", reply); +} + +static int test_wolfSSL_dtls_plaintext(void) +{ + callback_functions func_cb_client; + callback_functions func_cb_server; + size_t i; + struct test_params { + method_provider client_meth; + method_provider server_meth; + ssl_callback on_result_server; + ssl_callback on_result_client; + } params[] = { + {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, + test_wolfSSL_dtls_plaintext_server, + test_wolfSSL_dtls_plaintext_client}, + }; + + for (i = 0; i < sizeof(params)/sizeof(*params); i++) { + XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); + XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); + + func_cb_client.doUdp = func_cb_server.doUdp = 1; + func_cb_server.method = params[i].server_meth; + func_cb_client.method = params[i].client_meth; + func_cb_client.on_result = params[i].on_result_client; + func_cb_server.on_result = params[i].on_result_server; + + test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); + + if (!func_cb_client.return_code) + return TEST_FAIL; + if (!func_cb_server.return_code) + return TEST_FAIL; + } + + return TEST_RES_CHECK(1); +} +#else +static int test_wolfSSL_dtls_plaintext(void) +{ + return TEST_SKIPPED; +} +#endif + +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \ + defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) + +static void test_wolfSSL_dtls12_fragments_spammer(WOLFSSL* ssl) +{ + byte b[1100]; /* buffer for the messages to send */ + size_t idx = 0; + size_t seq_offset = 0; + size_t msg_offset = 0; + int i; + int fd = wolfSSL_get_wfd(ssl); + int ret = wolfSSL_connect_cert(ssl); /* This gets us past the cookie */ + word32 seq_number = 100; /* start high so server definitely reads this */ + word16 msg_number = 50; /* start high so server has to buffer this */ + AssertIntEQ(ret, 1); + /* Now let's start spamming the peer with fragments it needs to store */ + XMEMSET(b, -1, sizeof(b)); + + /* record layer */ + /* handshake type */ + b[idx++] = 22; + /* protocol version */ + b[idx++] = 0xfe; + b[idx++] = 0xfd; /* DTLS 1.2 */ + /* epoch 0 */ + XMEMSET(b + idx, 0, 2); + idx += 2; + /* sequence number */ + XMEMSET(b + idx, 0, 6); + seq_offset = idx + 2; /* increment only the low 32 bits */ + idx += 6; + /* static length in BE */ + c16toa(42, b + idx); + idx += 2; + + /* handshake layer */ + /* cert type */ + b[idx++] = 11; + /* length */ + c32to24(1000, b + idx); + idx += 3; + /* message seq */ + c16toa(0, b + idx); + msg_offset = idx; + idx += 2; + /* frag offset */ + c32to24(500, b + idx); + idx += 3; + /* frag length */ + c32to24(30, b + idx); + idx += 3; + (void)idx; /* inhibit clang-analyzer-deadcode.DeadStores */ + + for (i = 0; i < DTLS_POOL_SZ * 2 && ret > 0; + seq_number++, msg_number++, i++) { + struct timespec delay; + XMEMSET(&delay, 0, sizeof(delay)); + delay.tv_nsec = 10000000; /* wait 0.01 seconds */ + c32toa(seq_number, b + seq_offset); + c16toa(msg_number, b + msg_offset); + ret = (int)send(fd, (MESSAGE_TYPE_CAST)b, 55, 0); + nanosleep(&delay, NULL); + } +} + +#ifdef WOLFSSL_DTLS13 +static void test_wolfSSL_dtls13_fragments_spammer(WOLFSSL* ssl) +{ + const word16 sendCountMax = 100; + byte b[150]; /* buffer for the messages to send */ + size_t idx = 0; + size_t msg_offset = 0; + int fd = wolfSSL_get_wfd(ssl); + word16 msg_number = 10; /* start high so server has to buffer this */ + int ret = wolfSSL_connect_cert(ssl); /* This gets us past the cookie */ + AssertIntEQ(ret, 1); + /* Now let's start spamming the peer with fragments it needs to store */ + XMEMSET(b, -1, sizeof(b)); + + /* handshake type */ + b[idx++] = 11; + /* length */ + c32to24(10000, b + idx); + idx += 3; + /* message_seq */ + msg_offset = idx; + idx += 2; + /* fragment_offset */ + c32to24(5000, b + idx); + idx += 3; + /* fragment_length */ + c32to24(100, b + idx); + idx += 3; + /* fragment contents */ + idx += 100; + + for (; ret > 0 && msg_number < sendCountMax; msg_number++) { + byte sendBuf[150]; + int sendSz = sizeof(sendBuf); + struct timespec delay; + XMEMSET(&delay, 0, sizeof(delay)); + delay.tv_nsec = 10000000; /* wait 0.01 seconds */ + c16toa(msg_number, b + msg_offset); + ret = sendSz = BuildTls13Message(ssl, sendBuf, sendSz, b, + (int)idx, handshake, 0, 0, 0); + if (sendSz > 0) + ret = (int)send(fd, (MESSAGE_TYPE_CAST)sendBuf, (size_t)sendSz, 0); + nanosleep(&delay, NULL); + } +} +#endif + +static int test_wolfSSL_dtls_fragments(void) +{ + EXPECT_DECLS; + callback_functions func_cb_client; + callback_functions func_cb_server; + size_t i; + struct test_params { + method_provider client_meth; + method_provider server_meth; + ssl_callback spammer; + } params[] = { +#if !defined(WOLFSSL_NO_TLS12) + {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, + test_wolfSSL_dtls12_fragments_spammer}, +#endif +#ifdef WOLFSSL_DTLS13 + {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, + test_wolfSSL_dtls13_fragments_spammer}, +#endif + }; + + for (i = 0; i < sizeof(params)/sizeof(*params); i++) { + XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); + XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); + + func_cb_client.doUdp = func_cb_server.doUdp = 1; + func_cb_server.method = params[i].server_meth; + func_cb_client.method = params[i].client_meth; + func_cb_client.ssl_ready = params[i].spammer; + + test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); + + ExpectFalse(func_cb_client.return_code); + ExpectFalse(func_cb_server.return_code); + + /* The socket should be closed by the server resulting in a + * socket error, fatal error or reading a close notify alert */ + if (func_cb_client.last_err != WC_NO_ERR_TRACE(SOCKET_ERROR_E) && + func_cb_client.last_err != WOLFSSL_ERROR_ZERO_RETURN && + func_cb_client.last_err != WC_NO_ERR_TRACE(FATAL_ERROR)) { + ExpectIntEQ(func_cb_client.last_err, WC_NO_ERR_TRACE(SOCKET_ERROR_E)); + } + /* Check the server returned an error indicating the msg buffer + * was full */ + ExpectIntEQ(func_cb_server.last_err, WC_NO_ERR_TRACE(DTLS_TOO_MANY_FRAGMENTS_E)); + + if (EXPECT_FAIL()) + break; + } + + return EXPECT_RESULT(); +} + +static void test_wolfSSL_dtls_send_alert(WOLFSSL* ssl) +{ + int fd, ret; + byte alert_msg[] = { + 0x15, /* alert type */ + 0xfe, 0xfd, /* version */ + 0x00, 0x00, /* epoch */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, /* seq number */ + 0x00, 0x02, /* length */ + 0x02, /* level: fatal */ + 0x46 /* protocol version */ + }; + + fd = wolfSSL_get_wfd(ssl); + AssertIntGE(fd, 0); + ret = (int)send(fd, (MESSAGE_TYPE_CAST)alert_msg, sizeof(alert_msg), 0); + AssertIntGT(ret, 0); +} + +static int _test_wolfSSL_ignore_alert_before_cookie(byte version12) +{ + callback_functions client_cbs, server_cbs; + + XMEMSET(&client_cbs, 0, sizeof(client_cbs)); + XMEMSET(&server_cbs, 0, sizeof(server_cbs)); + client_cbs.doUdp = server_cbs.doUdp = 1; + if (version12) { +#if !defined(WOLFSSL_NO_TLS12) + client_cbs.method = wolfDTLSv1_2_client_method; + server_cbs.method = wolfDTLSv1_2_server_method; +#else + return TEST_SKIPPED; +#endif + } + else + { +#ifdef WOLFSSL_DTLS13 + client_cbs.method = wolfDTLSv1_3_client_method; + server_cbs.method = wolfDTLSv1_3_server_method; +#else + return TEST_SKIPPED; +#endif /* WOLFSSL_DTLS13 */ + } + + client_cbs.ssl_ready = test_wolfSSL_dtls_send_alert; + test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); + + if (!client_cbs.return_code) + return TEST_FAIL; + if (!server_cbs.return_code) + return TEST_FAIL; + + return TEST_SUCCESS; +} + +static int test_wolfSSL_ignore_alert_before_cookie(void) +{ + int ret; + ret =_test_wolfSSL_ignore_alert_before_cookie(0); + if (ret != 0) + return ret; + ret =_test_wolfSSL_ignore_alert_before_cookie(1); + if (ret != 0) + return ret; + return 0; +} + +static void test_wolfSSL_send_bad_record(WOLFSSL* ssl) +{ + int ret; + int fd; + + byte bad_msg[] = { + 0x17, /* app data */ + 0xaa, 0xfd, /* bad version */ + 0x00, 0x01, /* epoch 1 */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x55, /* not seen seq number */ + 0x00, 0x26, /* length: 38 bytes */ + 0xae, 0x30, 0x31, 0xb1, 0xf1, 0xb9, 0x6f, 0xda, 0x17, 0x19, 0xd9, 0x57, + 0xa9, 0x9d, 0x5c, 0x51, 0x9b, 0x53, 0x63, 0xa5, 0x24, 0x70, 0xa1, + 0xae, 0xdf, 0x1c, 0xb9, 0xfc, 0xe3, 0xd7, 0x77, 0x6d, 0xb6, 0x89, 0x0f, + 0x03, 0x18, 0x72 + }; + + fd = wolfSSL_get_wfd(ssl); + AssertIntGE(fd, 0); + ret = (int)send(fd, (MESSAGE_TYPE_CAST)bad_msg, sizeof(bad_msg), 0); + AssertIntEQ(ret, sizeof(bad_msg)); + ret = wolfSSL_write(ssl, "badrecordtest", sizeof("badrecordtest")); + AssertIntEQ(ret, sizeof("badrecordtest")); +} + +static void test_wolfSSL_read_string(WOLFSSL* ssl) +{ + byte buf[100]; + int ret; + + ret = wolfSSL_read(ssl, buf, sizeof(buf)); + AssertIntGT(ret, 0); + AssertIntEQ(strcmp((char*)buf, "badrecordtest"), 0); +} + +static int _test_wolfSSL_dtls_bad_record( + method_provider client_method, method_provider server_method) +{ + callback_functions client_cbs, server_cbs; + + XMEMSET(&client_cbs, 0, sizeof(client_cbs)); + XMEMSET(&server_cbs, 0, sizeof(server_cbs)); + client_cbs.doUdp = server_cbs.doUdp = 1; + client_cbs.method = client_method; + server_cbs.method = server_method; + + client_cbs.on_result = test_wolfSSL_send_bad_record; + server_cbs.on_result = test_wolfSSL_read_string; + + test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); + + if (!client_cbs.return_code) + return TEST_FAIL; + if (!server_cbs.return_code) + return TEST_FAIL; + + return TEST_SUCCESS; +} + +static int test_wolfSSL_dtls_bad_record(void) +{ + int ret = TEST_SUCCESS; +#if !defined(WOLFSSL_NO_TLS12) + ret = _test_wolfSSL_dtls_bad_record(wolfDTLSv1_2_client_method, + wolfDTLSv1_2_server_method); +#endif +#ifdef WOLFSSL_DTLS13 + if (ret == TEST_SUCCESS) { + ret = _test_wolfSSL_dtls_bad_record(wolfDTLSv1_3_client_method, + wolfDTLSv1_3_server_method); + } +#endif /* WOLFSSL_DTLS13 */ + return ret; + +} + +#else +static int test_wolfSSL_dtls_fragments(void) +{ + return TEST_SKIPPED; +} +static int test_wolfSSL_ignore_alert_before_cookie(void) +{ + return TEST_SKIPPED; +} +static int test_wolfSSL_dtls_bad_record(void) +{ + return TEST_SKIPPED; +} +#endif + +#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_TLS13_IGNORE_AEAD_LIMITS) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) +static volatile int test_AEAD_seq_num = 0; +#ifdef WOLFSSL_NO_ATOMICS +static volatile int test_AEAD_done = 0; +#else +wolfSSL_Atomic_Int test_AEAD_done = WOLFSSL_ATOMIC_INITIALIZER(0); +#endif +#ifdef WOLFSSL_MUTEX_INITIALIZER +static wolfSSL_Mutex test_AEAD_mutex = WOLFSSL_MUTEX_INITIALIZER(test_AEAD_mutex); +#endif + +static int test_AEAD_fail_decryption = 0; +static int test_AEAD_cbiorecv(WOLFSSL *ssl, char *buf, int sz, void *ctx) +{ + int fd = wolfSSL_get_fd(ssl); + int ret = -1; + if (fd >= 0 && (ret = (int)recv(fd, buf, sz, 0)) > 0) { + if (test_AEAD_fail_decryption) { + /* Modify the packet to trigger a decryption failure */ + buf[ret/2] ^= 0xFF; + if (test_AEAD_fail_decryption == 1) + test_AEAD_fail_decryption = 0; + } + } + (void)ctx; + return ret; +} + +static void test_AEAD_get_limits(WOLFSSL* ssl, w64wrapper* hardLimit, + w64wrapper* keyUpdateLimit, w64wrapper* sendLimit) +{ + if (sendLimit) + w64Zero(sendLimit); + switch (ssl->specs.bulk_cipher_algorithm) { + case wolfssl_aes_gcm: + if (sendLimit) + *sendLimit = AEAD_AES_LIMIT; + FALL_THROUGH; + case wolfssl_chacha: + if (hardLimit) + *hardLimit = DTLS_AEAD_AES_GCM_CHACHA_FAIL_LIMIT; + if (keyUpdateLimit) + *keyUpdateLimit = DTLS_AEAD_AES_GCM_CHACHA_FAIL_KU_LIMIT; + break; + case wolfssl_aes_ccm: + if (sendLimit) + *sendLimit = DTLS_AEAD_AES_CCM_LIMIT; + if (ssl->specs.aead_mac_size == AES_CCM_8_AUTH_SZ) { + if (hardLimit) + *hardLimit = DTLS_AEAD_AES_CCM_8_FAIL_LIMIT; + if (keyUpdateLimit) + *keyUpdateLimit = DTLS_AEAD_AES_CCM_8_FAIL_KU_LIMIT; + } + else { + if (hardLimit) + *hardLimit = DTLS_AEAD_AES_CCM_FAIL_LIMIT; + if (keyUpdateLimit) + *keyUpdateLimit = DTLS_AEAD_AES_CCM_FAIL_KU_LIMIT; + } + break; + default: + fprintf(stderr, "Unrecognized bulk cipher"); + AssertFalse(1); + break; + } +} + +static void test_AEAD_limit_client(WOLFSSL* ssl) +{ + int ret; + int i; + int didReKey = 0; + char msgBuf[20]; + w64wrapper hardLimit; + w64wrapper keyUpdateLimit; + w64wrapper counter; + w64wrapper sendLimit; + + test_AEAD_get_limits(ssl, &hardLimit, &keyUpdateLimit, &sendLimit); + + w64Zero(&counter); + AssertTrue(w64Equal(Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->dropCount, counter)); + + wolfSSL_SSLSetIORecv(ssl, test_AEAD_cbiorecv); + + for (i = 0; i < 10; i++) { + /* Test some failed decryptions */ + test_AEAD_fail_decryption = 1; + w64Increment(&counter); + ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)); + /* Should succeed since decryption failures are dropped */ + AssertIntGT(ret, 0); + AssertTrue(w64Equal(Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount, counter)); + } + + test_AEAD_fail_decryption = 1; + Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount = keyUpdateLimit; + w64Increment(&Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount); + /* 100 read calls should be enough to complete the key update */ + w64Zero(&counter); + for (i = 0; i < 100; i++) { + /* Key update should be sent and negotiated */ + ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)); + AssertIntGT(ret, 0); + /* Epoch after one key update is 4 */ + if (w64Equal(ssl->dtls13PeerEpoch, w64From32(0, 4)) && + w64Equal(Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount, counter)) { + didReKey = 1; + break; + } + } + AssertTrue(didReKey); + + if (!w64IsZero(sendLimit)) { + /* Test the sending limit for AEAD ciphers */ +#ifdef WOLFSSL_MUTEX_INITIALIZER + (void)wc_LockMutex(&test_AEAD_mutex); +#endif + Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->nextSeqNumber = sendLimit; + test_AEAD_seq_num = 1; + XMEMSET(msgBuf, 0, sizeof(msgBuf)); + ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf)); + AssertIntGT(ret, 0); + didReKey = 0; + w64Zero(&counter); +#ifdef WOLFSSL_MUTEX_INITIALIZER + wc_UnLockMutex(&test_AEAD_mutex); +#endif + /* 100 read calls should be enough to complete the key update */ + for (i = 0; i < 100; i++) { + /* Key update should be sent and negotiated */ + ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)); + AssertIntGT(ret, 0); + /* Epoch after another key update is 5 */ + if (w64Equal(ssl->dtls13Epoch, w64From32(0, 5)) && + w64Equal(Dtls13GetEpoch(ssl, ssl->dtls13Epoch)->dropCount, counter)) { + didReKey = 1; + break; + } + } + AssertTrue(didReKey); + } + + test_AEAD_fail_decryption = 2; + Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount = hardLimit; + w64Decrement(&Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch)->dropCount); + /* Connection should fail with a DECRYPT_ERROR */ + ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)); + AssertIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + AssertIntEQ(wolfSSL_get_error(ssl, ret), WC_NO_ERR_TRACE(DECRYPT_ERROR)); + +#ifdef WOLFSSL_ATOMIC_INITIALIZER + WOLFSSL_ATOMIC_STORE(test_AEAD_done, 1); +#else + test_AEAD_done = 1; +#endif +} + +int counter = 0; +static void test_AEAD_limit_server(WOLFSSL* ssl) +{ + char msgBuf[] = "Sending data"; + int ret = WOLFSSL_SUCCESS; + w64wrapper sendLimit; + SOCKET_T fd = wolfSSL_get_fd(ssl); + struct timespec delay; + XMEMSET(&delay, 0, sizeof(delay)); + delay.tv_nsec = 100000000; /* wait 0.1 seconds */ + tcp_set_nonblocking(&fd); /* So that read doesn't block */ + wolfSSL_dtls_set_using_nonblock(ssl, 1); + test_AEAD_get_limits(ssl, NULL, NULL, &sendLimit); + while (! + #ifdef WOLFSSL_ATOMIC_INITIALIZER + WOLFSSL_ATOMIC_LOAD(test_AEAD_done) + #else + test_AEAD_done + #endif + && ret > 0) + { + counter++; +#ifdef WOLFSSL_MUTEX_INITIALIZER + (void)wc_LockMutex(&test_AEAD_mutex); +#endif + if (test_AEAD_seq_num) { + /* We need to update the seq number so that we can understand the + * peer. Otherwise we will incorrectly interpret the seq number. */ + Dtls13Epoch* e = Dtls13GetEpoch(ssl, ssl->dtls13PeerEpoch); + AssertNotNull(e); + e->nextPeerSeqNumber = sendLimit; + test_AEAD_seq_num = 0; + } +#ifdef WOLFSSL_MUTEX_INITIALIZER + wc_UnLockMutex(&test_AEAD_mutex); +#endif + (void)wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)); + ret = wolfSSL_write(ssl, msgBuf, sizeof(msgBuf)); + nanosleep(&delay, NULL); + } +} + +static int test_wolfSSL_dtls_AEAD_limit(void) +{ + callback_functions func_cb_client; + callback_functions func_cb_server; + XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); + XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); + + func_cb_client.doUdp = func_cb_server.doUdp = 1; + func_cb_server.method = wolfDTLSv1_3_server_method; + func_cb_client.method = wolfDTLSv1_3_client_method; + func_cb_server.on_result = test_AEAD_limit_server; + func_cb_client.on_result = test_AEAD_limit_client; + + test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); + + if (!func_cb_client.return_code) + return TEST_FAIL; + if (!func_cb_server.return_code) + return TEST_FAIL; + + return TEST_SUCCESS; +} +#else +static int test_wolfSSL_dtls_AEAD_limit(void) +{ + return TEST_SKIPPED; +} +#endif + +#if defined(WOLFSSL_DTLS) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(SINGLE_THREADED) && \ + !defined(DEBUG_VECTOR_REGISTER_ACCESS_FUZZING) +static void test_wolfSSL_dtls_send_ch(WOLFSSL* ssl) +{ + int fd, ret; + byte ch_msg[] = { + 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0xfa, 0x01, 0x00, 0x01, 0xee, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0xee, 0xfe, 0xfd, 0xc0, 0xca, 0xb5, 0x6f, 0x3d, 0x23, 0xcc, 0x53, 0x9a, + 0x67, 0x17, 0x70, 0xd3, 0xfb, 0x23, 0x16, 0x9e, 0x4e, 0xd6, 0x7e, 0x29, + 0xab, 0xfa, 0x4c, 0xa5, 0x84, 0x95, 0xc3, 0xdb, 0x21, 0x9a, 0x52, 0x00, + 0x00, 0x00, 0x36, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2c, 0xc0, + 0x2b, 0xc0, 0x30, 0xc0, 0x2f, 0x00, 0x9f, 0x00, 0x9e, 0xcc, 0xa9, 0xcc, + 0xa8, 0xcc, 0xaa, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x28, 0xc0, 0x24, 0xc0, + 0x0a, 0xc0, 0x09, 0xc0, 0x14, 0xc0, 0x13, 0x00, 0x6b, 0x00, 0x67, 0x00, + 0x39, 0x00, 0x33, 0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0x01, 0x00, 0x01, + 0x8e, 0x00, 0x2b, 0x00, 0x03, 0x02, 0xfe, 0xfc, 0x00, 0x0d, 0x00, 0x20, + 0x00, 0x1e, 0x06, 0x03, 0x05, 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06, + 0x08, 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, 0x09, 0x06, 0x01, + 0x05, 0x01, 0x04, 0x01, 0x03, 0x01, 0x02, 0x01, 0x00, 0x0a, 0x00, 0x0c, + 0x00, 0x0a, 0x00, 0x19, 0x00, 0x18, 0x00, 0x17, 0x00, 0x15, 0x01, 0x00, + 0x00, 0x16, 0x00, 0x00, 0x00, 0x33, 0x01, 0x4b, 0x01, 0x49, 0x00, 0x17, + 0x00, 0x41, 0x04, 0x96, 0xcb, 0x2e, 0x4e, 0xd9, 0x88, 0x71, 0xc7, 0xf3, + 0x1a, 0x16, 0xdd, 0x7a, 0x7c, 0xf7, 0x67, 0x8a, 0x5d, 0x9a, 0x55, 0xa6, + 0x4a, 0x90, 0xd9, 0xfb, 0xc7, 0xfb, 0xbe, 0x09, 0xa9, 0x8a, 0xb5, 0x7a, + 0xd1, 0xde, 0x83, 0x74, 0x27, 0x31, 0x1c, 0xaa, 0xae, 0xef, 0x58, 0x43, + 0x13, 0x7d, 0x15, 0x4d, 0x7f, 0x68, 0xf6, 0x8a, 0x38, 0xef, 0x0e, 0xb3, + 0xcf, 0xb8, 0x4a, 0xa9, 0xb4, 0xd7, 0xcb, 0x01, 0x00, 0x01, 0x00, 0x1d, + 0x0a, 0x22, 0x8a, 0xd1, 0x78, 0x85, 0x1e, 0x5a, 0xe1, 0x1d, 0x1e, 0xb7, + 0x2d, 0xbc, 0x5f, 0x52, 0xbc, 0x97, 0x5d, 0x8b, 0x6a, 0x8b, 0x9d, 0x1e, + 0xb1, 0xfc, 0x8a, 0xb2, 0x56, 0xcd, 0xed, 0x4b, 0xfb, 0x66, 0x3f, 0x59, + 0x3f, 0x15, 0x5d, 0x09, 0x9e, 0x2f, 0x60, 0x5b, 0x31, 0x81, 0x27, 0xf0, + 0x1c, 0xda, 0xcd, 0x48, 0x66, 0xc6, 0xbb, 0x25, 0xf0, 0x5f, 0xda, 0x4c, + 0xcf, 0x1d, 0x88, 0xc8, 0xda, 0x1b, 0x53, 0xea, 0xbd, 0xce, 0x6d, 0xf6, + 0x4a, 0x76, 0xdb, 0x75, 0x99, 0xaf, 0xcf, 0x76, 0x4a, 0xfb, 0xe3, 0xef, + 0xb2, 0xcb, 0xae, 0x4a, 0xc0, 0xe8, 0x63, 0x1f, 0xd6, 0xe8, 0xe6, 0x45, + 0xf9, 0xea, 0x0d, 0x06, 0x19, 0xfc, 0xb1, 0xfd, 0x5d, 0x92, 0x89, 0x7b, + 0xc7, 0x9f, 0x1a, 0xb3, 0x2b, 0xc7, 0xad, 0x0e, 0xfb, 0x13, 0x41, 0x83, + 0x84, 0x58, 0x3a, 0x25, 0xb9, 0x49, 0x35, 0x1c, 0x23, 0xcb, 0xd6, 0xe7, + 0xc2, 0x8c, 0x4b, 0x2a, 0x73, 0xa1, 0xdf, 0x4f, 0x73, 0x9b, 0xb3, 0xd2, + 0xb2, 0x95, 0x00, 0x3c, 0x26, 0x09, 0x89, 0x71, 0x05, 0x39, 0xc8, 0x98, + 0x8f, 0xed, 0x32, 0x15, 0x78, 0xcd, 0xd3, 0x7e, 0xfb, 0x5a, 0x78, 0x2a, + 0xdc, 0xca, 0x20, 0x09, 0xb5, 0x14, 0xf9, 0xd4, 0x58, 0xf6, 0x69, 0xf8, + 0x65, 0x9f, 0xb7, 0xe4, 0x93, 0xf1, 0xa3, 0x84, 0x7e, 0x1b, 0x23, 0x5d, + 0xea, 0x59, 0x3e, 0x4d, 0xca, 0xfd, 0xa5, 0x55, 0xdd, 0x99, 0xb5, 0x02, + 0xf8, 0x0d, 0xe5, 0xf4, 0x06, 0xb0, 0x43, 0x9e, 0x2e, 0xbf, 0x05, 0x33, + 0x65, 0x7b, 0x13, 0x8c, 0xf9, 0x16, 0x4d, 0xc5, 0x15, 0x0b, 0x40, 0x2f, + 0x66, 0x94, 0xf2, 0x43, 0x95, 0xe7, 0xa9, 0xb6, 0x39, 0x99, 0x73, 0xb3, + 0xb0, 0x06, 0xfe, 0x52, 0x9e, 0x57, 0xba, 0x75, 0xfd, 0x76, 0x7b, 0x20, + 0x31, 0x68, 0x4c + }; + + fd = wolfSSL_get_wfd(ssl); + AssertIntGE(fd, 0); + ret = (int)send(fd, (MESSAGE_TYPE_CAST)ch_msg, sizeof(ch_msg), 0); + AssertIntGT(ret, 0); + /* consume the HRR otherwise handshake will fail */ + ret = (int)recv(fd, (MESSAGE_TYPE_CAST)ch_msg, sizeof(ch_msg), 0); + AssertIntGT(ret, 0); +} + +#if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE) +static void test_wolfSSL_dtls_send_ch_with_invalid_cookie(WOLFSSL* ssl) +{ + int fd, ret; + byte ch_msh_invalid_cookie[] = { + 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, + 0x4e, 0x01, 0x00, 0x02, 0x42, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x02, + 0x42, 0xfe, 0xfd, 0x69, 0xca, 0x77, 0x60, 0x6f, 0xfc, 0xd1, 0x5b, 0x60, + 0x5d, 0xf1, 0xa6, 0x5c, 0x44, 0x71, 0xae, 0xca, 0x62, 0x19, 0x0c, 0xb6, + 0xf7, 0x2c, 0xa6, 0xd5, 0xd2, 0x99, 0x9d, 0x18, 0xae, 0xac, 0x11, 0x00, + 0x00, 0x00, 0x36, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2c, 0xc0, + 0x2b, 0xc0, 0x30, 0xc0, 0x2f, 0x00, 0x9f, 0x00, 0x9e, 0xcc, 0xa9, 0xcc, + 0xa8, 0xcc, 0xaa, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x28, 0xc0, 0x24, 0xc0, + 0x0a, 0xc0, 0x09, 0xc0, 0x14, 0xc0, 0x13, 0x00, 0x6b, 0x00, 0x67, 0x00, + 0x39, 0x00, 0x33, 0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0x01, 0x00, 0x01, + 0xe2, 0x00, 0x2b, 0x00, 0x03, 0x02, 0xfe, 0xfc, 0x00, 0x0d, 0x00, 0x20, + 0x00, 0x1e, 0x06, 0x03, 0x05, 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06, + 0x08, 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, 0x09, 0x06, 0x01, + 0x05, 0x01, 0x04, 0x01, 0x03, 0x01, 0x02, 0x01, 0x00, 0x2c, 0x00, 0x45, + 0x00, 0x43, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x00, 0x2d, 0x00, + 0x03, 0x02, 0x00, 0x01, 0x00, 0x0a, 0x00, 0x0c, 0x00, 0x0a, 0x00, 0x19, + 0x00, 0x18, 0x00, 0x17, 0x00, 0x15, 0x01, 0x00, 0x00, 0x16, 0x00, 0x00, + 0x00, 0x33, 0x01, 0x4b, 0x01, 0x49, 0x00, 0x17, 0x00, 0x41, 0x04, 0x7c, + 0x5a, 0xc2, 0x5a, 0xfd, 0xcd, 0x2b, 0x08, 0xb2, 0xeb, 0x8e, 0xc0, 0x02, + 0x03, 0x9d, 0xb1, 0xc1, 0x0d, 0x7b, 0x7f, 0x46, 0x43, 0xdf, 0xf3, 0xee, + 0x2b, 0x78, 0x0e, 0x29, 0x8c, 0x42, 0x11, 0x2c, 0xde, 0xd7, 0x41, 0x0f, + 0x28, 0x94, 0x80, 0x41, 0x70, 0xc4, 0x17, 0xfd, 0x6d, 0xfa, 0xee, 0x9a, + 0xf2, 0xc4, 0x15, 0x4c, 0x5f, 0x54, 0xb6, 0x78, 0x6e, 0xf9, 0x63, 0x27, + 0x33, 0xb8, 0x7b, 0x01, 0x00, 0x01, 0x00, 0xd4, 0x46, 0x62, 0x9c, 0xbf, + 0x8f, 0x1b, 0x65, 0x9b, 0xf0, 0x29, 0x64, 0xd8, 0x50, 0x0e, 0x74, 0xf1, + 0x58, 0x10, 0xc9, 0xd9, 0x82, 0x5b, 0xd9, 0xbe, 0x14, 0xdf, 0xde, 0x86, + 0xb4, 0x2e, 0x15, 0xee, 0x4f, 0xf6, 0x74, 0x9e, 0x59, 0x11, 0x36, 0x2d, + 0xb9, 0x67, 0xaa, 0x5a, 0x09, 0x9b, 0x45, 0xf1, 0x01, 0x4c, 0x4e, 0xf6, + 0xda, 0x6a, 0xae, 0xa7, 0x73, 0x7b, 0x2e, 0xb6, 0x24, 0x89, 0x99, 0xb7, + 0x52, 0x16, 0x62, 0x0a, 0xab, 0x58, 0xf8, 0x3f, 0x10, 0x5b, 0x83, 0xfd, + 0x7b, 0x81, 0x77, 0x81, 0x8d, 0xef, 0x24, 0x56, 0x6d, 0xba, 0x49, 0xd4, + 0x8b, 0xb5, 0xa0, 0xb1, 0xc9, 0x8c, 0x32, 0x95, 0x1c, 0x5e, 0x0a, 0x4b, + 0xf6, 0x00, 0x50, 0x0a, 0x87, 0x99, 0x59, 0xcf, 0x6f, 0x9d, 0x02, 0xd0, + 0x1b, 0xa1, 0x96, 0x45, 0x28, 0x76, 0x40, 0x33, 0x28, 0xc9, 0xa1, 0xfd, + 0x46, 0xab, 0x2c, 0x9e, 0x5e, 0xc6, 0x74, 0x19, 0x9a, 0xf5, 0x9b, 0x51, + 0x11, 0x4f, 0xc8, 0xb9, 0x99, 0x6b, 0x4e, 0x3e, 0x31, 0x64, 0xb4, 0x92, + 0xf4, 0x0d, 0x41, 0x4b, 0x2c, 0x65, 0x23, 0xf7, 0x47, 0xe3, 0xa5, 0x2e, + 0xe4, 0x9c, 0x2b, 0xc9, 0x41, 0x22, 0x83, 0x8a, 0x23, 0xef, 0x29, 0x7e, + 0x4f, 0x3f, 0xa3, 0xbf, 0x73, 0x2b, 0xd7, 0xcc, 0xc8, 0xc6, 0xe9, 0xbc, + 0x01, 0xb7, 0x32, 0x63, 0xd4, 0x7e, 0x7f, 0x9a, 0xaf, 0x5f, 0x05, 0x31, + 0x53, 0xd6, 0x1f, 0xa2, 0xd0, 0xdf, 0x67, 0x56, 0xf1, 0x9c, 0x4a, 0x9d, + 0x83, 0xb4, 0xef, 0xb3, 0xf2, 0xcc, 0xf1, 0x91, 0x6c, 0x47, 0xc3, 0x8b, + 0xd0, 0x92, 0x79, 0x3d, 0xa0, 0xc0, 0x3a, 0x57, 0x26, 0x6d, 0x0a, 0xad, + 0x5f, 0xad, 0xb4, 0x74, 0x48, 0x4a, 0x51, 0xe1, 0xb5, 0x82, 0x0a, 0x4c, + 0x4f, 0x9d, 0xaf, 0xee, 0x5a, 0xa2, 0x4d, 0x4d, 0x5f, 0xe0, 0x17, 0x00, + 0x23, 0x00, 0x00 + }; + byte alert_reply[50]; + byte expected_alert_reply[] = { + 0x15, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, + 0x02, 0x02, 0x2f + }; + + fd = wolfSSL_get_wfd(ssl); + if (fd >= 0) { + ret = (int)send(fd, (MESSAGE_TYPE_CAST)ch_msh_invalid_cookie, + sizeof(ch_msh_invalid_cookie), 0); + AssertIntGT(ret, 0); + /* should reply with an illegal_parameter reply */ + ret = (int)recv(fd, (MESSAGE_TYPE_CAST)alert_reply, sizeof(alert_reply), 0); + AssertIntEQ(ret, sizeof(expected_alert_reply)); + AssertIntEQ(XMEMCMP(alert_reply, expected_alert_reply, + sizeof(expected_alert_reply)), 0); + } +} +#endif + +static word32 test_wolfSSL_dtls_stateless_HashWOLFSSL(const WOLFSSL* ssl) +{ +#ifndef NO_MD5 + enum wc_HashType hashType = WC_HASH_TYPE_MD5; +#elif !defined(NO_SHA) + enum wc_HashType hashType = WC_HASH_TYPE_SHA; +#elif !defined(NO_SHA256) + enum wc_HashType hashType = WC_HASH_TYPE_SHA256; +#else + #error "We need a digest to hash the WOLFSSL object" +#endif + byte hashBuf[WC_MAX_DIGEST_SIZE]; + wc_HashAlg hash; + const TLSX* exts = ssl->extensions; + WOLFSSL sslCopy; /* Use a copy to omit certain fields */ + HS_Hashes* hsHashes = ssl->hsHashes; /* Is re-allocated in + * InitHandshakeHashes */ + + XMEMCPY(&sslCopy, ssl, sizeof(*ssl)); + XMEMSET(hashBuf, 0, sizeof(hashBuf)); + + /* Following fields are not important to compare */ + XMEMSET(sslCopy.buffers.inputBuffer.staticBuffer, 0, STATIC_BUFFER_LEN); + sslCopy.buffers.inputBuffer.buffer = NULL; + sslCopy.buffers.inputBuffer.bufferSize = 0; + sslCopy.buffers.inputBuffer.dynamicFlag = 0; + sslCopy.buffers.inputBuffer.offset = 0; + XMEMSET(sslCopy.buffers.outputBuffer.staticBuffer, 0, STATIC_BUFFER_LEN); + sslCopy.buffers.outputBuffer.buffer = NULL; + sslCopy.buffers.outputBuffer.bufferSize = 0; + sslCopy.buffers.outputBuffer.dynamicFlag = 0; + sslCopy.buffers.outputBuffer.offset = 0; + sslCopy.error = 0; + sslCopy.curSize = 0; + sslCopy.curStartIdx = 0; + sslCopy.keys.curSeq_lo = 0; + XMEMSET(&sslCopy.curRL, 0, sizeof(sslCopy.curRL)); +#ifdef WOLFSSL_DTLS13 + XMEMSET(&sslCopy.keys.curSeq, 0, sizeof(sslCopy.keys.curSeq)); + sslCopy.dtls13FastTimeout = 0; +#endif + sslCopy.keys.dtls_peer_handshake_number = 0; + XMEMSET(&sslCopy.alert_history, 0, sizeof(sslCopy.alert_history)); + sslCopy.hsHashes = NULL; +#ifdef WOLFSSL_ASYNC_IO +#ifdef WOLFSSL_ASYNC_CRYPT + sslCopy.asyncDev = NULL; +#endif + sslCopy.async = NULL; +#endif + + AssertIntEQ(wc_HashInit(&hash, hashType), 0); + AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)&sslCopy, sizeof(sslCopy)), 0); + /* hash extension list */ + while (exts != NULL) { + AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)exts, sizeof(*exts)), 0); + exts = exts->next; + } + /* Hash suites */ + if (sslCopy.suites != NULL) { + AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)sslCopy.suites, + sizeof(struct Suites)), 0); + } + /* Hash hsHashes */ + AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)hsHashes, + sizeof(*hsHashes)), 0); + AssertIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0); + AssertIntEQ(wc_HashFree(&hash, hashType), 0); + + return MakeWordFromHash(hashBuf); +} + +static CallbackIORecv test_wolfSSL_dtls_compare_stateless_cb; +static int test_wolfSSL_dtls_compare_stateless_cb_call_once; +static int test_wolfSSL_dtls_compare_stateless_read_cb_once(WOLFSSL *ssl, + char *buf, int sz, void *ctx) +{ + if (test_wolfSSL_dtls_compare_stateless_cb_call_once) { + test_wolfSSL_dtls_compare_stateless_cb_call_once = 0; + return test_wolfSSL_dtls_compare_stateless_cb(ssl, buf, sz, ctx); + } + else { + return WOLFSSL_CBIO_ERR_WANT_READ; + } +} + +static void test_wolfSSL_dtls_compare_stateless(WOLFSSL* ssl) +{ + /* Compare the ssl object before and after one ClientHello msg */ + SOCKET_T fd = wolfSSL_get_fd(ssl); + int res; + int err; + word32 initHash; + + test_wolfSSL_dtls_compare_stateless_cb = ssl->CBIORecv; + test_wolfSSL_dtls_compare_stateless_cb_call_once = 1; + wolfSSL_dtls_set_using_nonblock(ssl, 1); + ssl->CBIORecv = test_wolfSSL_dtls_compare_stateless_read_cb_once; + + initHash = test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl); + (void)initHash; + + res = tcp_select(fd, 5); + /* We are expecting a msg. A timeout indicates failure. */ + AssertIntEQ(res, TEST_RECV_READY); + + res = wolfSSL_accept(ssl); + err = wolfSSL_get_error(ssl, res); + AssertIntEQ(res, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + AssertIntEQ(err, WOLFSSL_ERROR_WANT_READ); + + AssertIntEQ(initHash, test_wolfSSL_dtls_stateless_HashWOLFSSL(ssl)); + + wolfSSL_dtls_set_using_nonblock(ssl, 0); + ssl->CBIORecv = test_wolfSSL_dtls_compare_stateless_cb; + +} + +#if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE) +static void test_wolfSSL_dtls_enable_hrrcookie(WOLFSSL* ssl) +{ + int ret; + ret = wolfSSL_send_hrr_cookie(ssl, NULL, 0); + AssertIntEQ(ret, WOLFSSL_SUCCESS); + test_wolfSSL_dtls_compare_stateless(ssl); +} +#endif + +static int test_wolfSSL_dtls_stateless(void) +{ + callback_functions client_cbs, server_cbs; + size_t i; + struct { + method_provider client_meth; + method_provider server_meth; + ssl_callback client_ssl_ready; + ssl_callback server_ssl_ready; + } test_params[] = { +#if !defined(WOLFSSL_NO_TLS12) + {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, + test_wolfSSL_dtls_send_ch, test_wolfSSL_dtls_compare_stateless}, +#endif +#if defined(WOLFSSL_DTLS13) && defined(WOLFSSL_SEND_HRR_COOKIE) + {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, + test_wolfSSL_dtls_send_ch, test_wolfSSL_dtls_enable_hrrcookie}, + {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, + test_wolfSSL_dtls_send_ch_with_invalid_cookie, test_wolfSSL_dtls_enable_hrrcookie}, +#endif + }; + + if (0 == sizeof(test_params)){ + return TEST_SKIPPED; + } + + for (i = 0; i < sizeof(test_params)/sizeof(*test_params); i++) { + XMEMSET(&client_cbs, 0, sizeof(client_cbs)); + XMEMSET(&server_cbs, 0, sizeof(server_cbs)); + client_cbs.doUdp = server_cbs.doUdp = 1; + client_cbs.method = test_params[i].client_meth; + server_cbs.method = test_params[i].server_meth; + + client_cbs.ssl_ready = test_params[i].client_ssl_ready; + server_cbs.ssl_ready = test_params[i].server_ssl_ready; + test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); + + if (!client_cbs.return_code) + return TEST_FAIL; + if (!server_cbs.return_code) + return TEST_FAIL; + } + + return TEST_SUCCESS; +} +#else +static int test_wolfSSL_dtls_stateless(void) +{ + return TEST_SKIPPED; +} +#endif /* WOLFSSL_DTLS13 && WOLFSSL_SEND_HRR_COOKIE && + * HAVE_IO_TESTS_DEPENDENCIES && !SINGLE_THREADED */ + +#ifdef HAVE_CERT_CHAIN_VALIDATION +#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION +#ifdef WOLFSSL_PEM_TO_DER +#ifndef NO_SHA256 +static int load_ca_into_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) +{ + int ret; + + if ((ret = wolfSSL_CertManagerLoadCA(cm, certA, 0)) != WOLFSSL_SUCCESS) { + fprintf(stderr, "loading cert %s failed\n", certA); + fprintf(stderr, "Error: (%d): %s\n", ret, + wolfSSL_ERR_reason_error_string((word32)ret)); + return -1; + } + + return 0; +} + +static int verify_cert_with_cm(WOLFSSL_CERT_MANAGER* cm, char* certA) +{ + int ret; + if ((ret = wolfSSL_CertManagerVerify(cm, certA, CERT_FILETYPE)) + != WOLFSSL_SUCCESS) { + fprintf(stderr, "could not verify the cert: %s\n", certA); + fprintf(stderr, "Error: (%d): %s\n", ret, + wolfSSL_ERR_reason_error_string((word32)ret)); + return -1; + } + else { + fprintf(stderr, "successfully verified: %s\n", certA); + } + + return 0; +} +#define LOAD_ONE_CA(a, b, c, d) \ + do { \ + (a) = load_ca_into_cm(c, d); \ + if ((a) != 0) \ + return (b); \ + else \ + (b)--; \ + } while(0) + +#define VERIFY_ONE_CERT(a, b, c, d) \ + do { \ + (a) = verify_cert_with_cm(c, d);\ + if ((a) != 0) \ + return (b); \ + else \ + (b)--; \ + } while(0) + +static int test_chainG(WOLFSSL_CERT_MANAGER* cm) +{ + int ret; + int i = -1; + /* Chain G is a valid chain per RFC 5280 section 4.2.1.9 */ + char chainGArr[9][50] = {"certs/ca-cert.pem", + "certs/test-pathlen/chainG-ICA7-pathlen100.pem", + "certs/test-pathlen/chainG-ICA6-pathlen10.pem", + "certs/test-pathlen/chainG-ICA5-pathlen20.pem", + "certs/test-pathlen/chainG-ICA4-pathlen5.pem", + "certs/test-pathlen/chainG-ICA3-pathlen99.pem", + "certs/test-pathlen/chainG-ICA2-pathlen1.pem", + "certs/test-pathlen/chainG-ICA1-pathlen0.pem", + "certs/test-pathlen/chainG-entity.pem"}; + + LOAD_ONE_CA(ret, i, cm, chainGArr[0]); /* if failure, i = -1 here */ + LOAD_ONE_CA(ret, i, cm, chainGArr[1]); /* if failure, i = -2 here */ + LOAD_ONE_CA(ret, i, cm, chainGArr[2]); /* if failure, i = -3 here */ + LOAD_ONE_CA(ret, i, cm, chainGArr[3]); /* if failure, i = -4 here */ + LOAD_ONE_CA(ret, i, cm, chainGArr[4]); /* if failure, i = -5 here */ + LOAD_ONE_CA(ret, i, cm, chainGArr[5]); /* if failure, i = -6 here */ + LOAD_ONE_CA(ret, i, cm, chainGArr[6]); /* if failure, i = -7 here */ + LOAD_ONE_CA(ret, i, cm, chainGArr[7]); /* if failure, i = -8 here */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[1]); /* if failure, i = -9 here */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[2]); /* if failure, i = -10 here */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[3]); /* if failure, i = -11 here */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[4]); /* if failure, i = -12 here */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[5]); /* if failure, i = -13 here */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[6]); /* if failure, i = -14 here */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[7]); /* if failure, i = -15 here */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -16 here */ + + /* test validating the entity twice, should have no effect on pathLen since + * entity/leaf cert */ + VERIFY_ONE_CERT(ret, i, cm, chainGArr[8]); /* if failure, i = -17 here */ + + return ret; +} + +static int test_chainH(WOLFSSL_CERT_MANAGER* cm) +{ + int ret; + int i = -1; + /* Chain H is NOT a valid chain per RFC5280 section 4.2.1.9: + * ICA4-pathlen of 2 signing ICA3-pathlen of 2 (reduce max path len to 2) + * ICA3-pathlen of 2 signing ICA2-pathlen of 2 (reduce max path len to 1) + * ICA2-pathlen of 2 signing ICA1-pathlen of 0 (reduce max path len to 0) + * ICA1-pathlen of 0 signing entity (pathlen is already 0, ERROR) + * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1 + */ + char chainHArr[6][50] = {"certs/ca-cert.pem", + "certs/test-pathlen/chainH-ICA4-pathlen2.pem", + "certs/test-pathlen/chainH-ICA3-pathlen2.pem", + "certs/test-pathlen/chainH-ICA2-pathlen2.pem", + "certs/test-pathlen/chainH-ICA1-pathlen0.pem", + "certs/test-pathlen/chainH-entity.pem"}; + + LOAD_ONE_CA(ret, i, cm, chainHArr[0]); /* if failure, i = -1 here */ + LOAD_ONE_CA(ret, i, cm, chainHArr[1]); /* if failure, i = -2 here */ + LOAD_ONE_CA(ret, i, cm, chainHArr[2]); /* if failure, i = -3 here */ + LOAD_ONE_CA(ret, i, cm, chainHArr[3]); /* if failure, i = -4 here */ + LOAD_ONE_CA(ret, i, cm, chainHArr[4]); /* if failure, i = -5 here */ + VERIFY_ONE_CERT(ret, i, cm, chainHArr[1]); /* if failure, i = -6 here */ + VERIFY_ONE_CERT(ret, i, cm, chainHArr[2]); /* if failure, i = -7 here */ + VERIFY_ONE_CERT(ret, i, cm, chainHArr[3]); /* if failure, i = -8 here */ + VERIFY_ONE_CERT(ret, i, cm, chainHArr[4]); /* if failure, i = -9 here */ + VERIFY_ONE_CERT(ret, i, cm, chainHArr[5]); /* if failure, i = -10 here */ + + return ret; +} + +static int test_chainI(WOLFSSL_CERT_MANAGER* cm) +{ + int ret; + int i = -1; + /* Chain I is a valid chain per RFC5280 section 4.2.1.9: + * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 2) + * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 1) + * ICA1-no_pathlen signing entity (reduce maxPathLen to 0) + * Test should successfully verify ICA4, ICA3, ICA2 and then fail on ICA1 + */ + char chainIArr[5][50] = {"certs/ca-cert.pem", + "certs/test-pathlen/chainI-ICA3-pathlen2.pem", + "certs/test-pathlen/chainI-ICA2-no_pathlen.pem", + "certs/test-pathlen/chainI-ICA1-no_pathlen.pem", + "certs/test-pathlen/chainI-entity.pem"}; + + LOAD_ONE_CA(ret, i, cm, chainIArr[0]); /* if failure, i = -1 here */ + LOAD_ONE_CA(ret, i, cm, chainIArr[1]); /* if failure, i = -2 here */ + LOAD_ONE_CA(ret, i, cm, chainIArr[2]); /* if failure, i = -3 here */ + LOAD_ONE_CA(ret, i, cm, chainIArr[3]); /* if failure, i = -4 here */ + VERIFY_ONE_CERT(ret, i, cm, chainIArr[1]); /* if failure, i = -5 here */ + VERIFY_ONE_CERT(ret, i, cm, chainIArr[2]); /* if failure, i = -6 here */ + VERIFY_ONE_CERT(ret, i, cm, chainIArr[3]); /* if failure, i = -7 here */ + VERIFY_ONE_CERT(ret, i, cm, chainIArr[4]); /* if failure, i = -8 here */ + + return ret; +} + +static int test_chainJ(WOLFSSL_CERT_MANAGER* cm) +{ + int ret; + int i = -1; + /* Chain J is NOT a valid chain per RFC5280 section 4.2.1.9: + * ICA4-pathlen of 2 signing ICA3 without a pathlen (reduce maxPathLen to 2) + * ICA3-pathlen of 2 signing ICA2 without a pathlen (reduce maxPathLen to 1) + * ICA2-no_pathlen signing ICA1-no_pathlen (reduce maxPathLen to 0) + * ICA1-no_pathlen signing entity (ERROR, pathlen zero and non-leaf cert) + */ + char chainJArr[6][50] = {"certs/ca-cert.pem", + "certs/test-pathlen/chainJ-ICA4-pathlen2.pem", + "certs/test-pathlen/chainJ-ICA3-no_pathlen.pem", + "certs/test-pathlen/chainJ-ICA2-no_pathlen.pem", + "certs/test-pathlen/chainJ-ICA1-no_pathlen.pem", + "certs/test-pathlen/chainJ-entity.pem"}; + + LOAD_ONE_CA(ret, i, cm, chainJArr[0]); /* if failure, i = -1 here */ + LOAD_ONE_CA(ret, i, cm, chainJArr[1]); /* if failure, i = -2 here */ + LOAD_ONE_CA(ret, i, cm, chainJArr[2]); /* if failure, i = -3 here */ + LOAD_ONE_CA(ret, i, cm, chainJArr[3]); /* if failure, i = -4 here */ + LOAD_ONE_CA(ret, i, cm, chainJArr[4]); /* if failure, i = -5 here */ + VERIFY_ONE_CERT(ret, i, cm, chainJArr[1]); /* if failure, i = -6 here */ + VERIFY_ONE_CERT(ret, i, cm, chainJArr[2]); /* if failure, i = -7 here */ + VERIFY_ONE_CERT(ret, i, cm, chainJArr[3]); /* if failure, i = -8 here */ + VERIFY_ONE_CERT(ret, i, cm, chainJArr[4]); /* if failure, i = -9 here */ + VERIFY_ONE_CERT(ret, i, cm, chainJArr[5]); /* if failure, i = -10 here */ + + return ret; +} +#endif + +static int test_various_pathlen_chains(void) +{ + EXPECT_DECLS; +#ifndef NO_SHA256 + WOLFSSL_CERT_MANAGER* cm = NULL; + + /* Test chain G (large chain with varying pathLens) */ + ExpectNotNull(cm = wolfSSL_CertManagerNew()); +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + ExpectIntEQ(test_chainG(cm), -1); +#else + ExpectIntEQ(test_chainG(cm), 0); +#endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */ + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); + wolfSSL_CertManagerFree(cm); + /* end test chain G */ + + /* Test chain H (5 chain with same pathLens) */ + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntLT(test_chainH(cm), 0); + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); + wolfSSL_CertManagerFree(cm); + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); + wolfSSL_CertManagerFree(cm); + /* end test chain H */ + + /* Test chain I (only first ICA has pathLen set and it's set to 2, + * followed by 2 ICA's, should pass) */ + ExpectNotNull(cm = wolfSSL_CertManagerNew()); +#if defined(NO_WOLFSSL_CLIENT) && defined(NO_WOLFSSL_SERVER) + ExpectIntEQ(test_chainI(cm), -1); +#else + ExpectIntEQ(test_chainI(cm), 0); +#endif /* NO_WOLFSSL_CLIENT && NO_WOLFSSL_SERVER */ + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); + wolfSSL_CertManagerFree(cm); + cm = NULL; + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); + wolfSSL_CertManagerFree(cm); + cm = NULL; + + /* Test chain J (Again only first ICA has pathLen set and it's set to 2, + * this time followed by 3 ICA's, should fail */ + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntLT(test_chainJ(cm), 0); + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); + wolfSSL_CertManagerFree(cm); + cm = NULL; + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(wolfSSL_CertManagerUnloadCAs(cm), WOLFSSL_SUCCESS); + wolfSSL_CertManagerFree(cm); +#endif + + return EXPECT_RESULT(); +} +#endif +#endif +#endif /* !NO_RSA && !NO_SHA && !NO_FILESYSTEM && !NO_CERTS */ + +#if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +static int test_export_keying_material_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl) +{ + EXPECT_DECLS; + byte ekm[100] = {0}; + + (void)ctx; + + /* Success Cases */ + ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), + "Test label", XSTR_SIZEOF("Test label"), NULL, 0, 0), 1); + ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), + "Test label", XSTR_SIZEOF("Test label"), NULL, 0, 1), 1); + /* Use some random context */ + ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), + "Test label", XSTR_SIZEOF("Test label"), ekm, 10, 1), 1); + /* Failure cases */ + ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), + "client finished", XSTR_SIZEOF("client finished"), NULL, 0, 0), 0); + ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), + "server finished", XSTR_SIZEOF("server finished"), NULL, 0, 0), 0); + ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), + "master secret", XSTR_SIZEOF("master secret"), NULL, 0, 0), 0); + ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), + "extended master secret", XSTR_SIZEOF("extended master secret"), + NULL, 0, 0), 0); + ExpectIntEQ(wolfSSL_export_keying_material(ssl, ekm, sizeof(ekm), + "key expansion", XSTR_SIZEOF("key expansion"), NULL, 0, 0), 0); + + return EXPECT_RESULT(); +} + +static int test_export_keying_material_ssl_cb(WOLFSSL* ssl) +{ + wolfSSL_KeepArrays(ssl); + return TEST_SUCCESS; +} + +static int test_export_keying_material(void) +{ + EXPECT_DECLS; + test_ssl_cbf serverCb; + test_ssl_cbf clientCb; + + XMEMSET(&serverCb, 0, sizeof(serverCb)); + XMEMSET(&clientCb, 0, sizeof(clientCb)); + clientCb.ssl_ready = test_export_keying_material_ssl_cb; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&clientCb, + &serverCb, test_export_keying_material_cb), TEST_SUCCESS); + + return EXPECT_RESULT(); +} +#endif /* HAVE_KEYING_MATERIAL */ + +static int test_wolfSSL_THREADID_hash(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + CRYPTO_THREADID id; + + CRYPTO_THREADID_current(NULL); + /* Hash result is word32. */ + ExpectTrue(CRYPTO_THREADID_hash(NULL) == 0UL); + XMEMSET(&id, 0, sizeof(id)); + ExpectTrue(CRYPTO_THREADID_hash(&id) == 0UL); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} +static int test_wolfSSL_set_ecdh_auto(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + WOLFSSL* ssl = NULL; + + ExpectIntEQ(SSL_set_ecdh_auto(NULL,0), 1); + ExpectIntEQ(SSL_set_ecdh_auto(NULL,1), 1); + ExpectIntEQ(SSL_set_ecdh_auto(ssl,0), 1); + ExpectIntEQ(SSL_set_ecdh_auto(ssl,1), 1); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} +static int test_wolfSSL_CTX_set_ecdh_auto(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + WOLFSSL_CTX* ctx = NULL; + + ExpectIntEQ(SSL_CTX_set_ecdh_auto(NULL,0), 1); + ExpectIntEQ(SSL_CTX_set_ecdh_auto(NULL,1), 1); + ExpectIntEQ(SSL_CTX_set_ecdh_auto(ctx,0), 1); + ExpectIntEQ(SSL_CTX_set_ecdh_auto(ctx,1), 1); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12) +static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_server_thread(void* args) +{ + EXPECT_DECLS; + callback_functions* callbacks = NULL; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + SOCKET_T sfd = 0; + SOCKET_T cfd = 0; + word16 port; + char msg[] = "I hear you fa shizzle!"; + int len = (int) XSTRLEN(msg); + char input[1024]; + int ret = 0; + int err = 0; + + if (!args) + WOLFSSL_RETURN_FROM_THREAD(0); + + ((func_args*)args)->return_code = TEST_FAIL; + + callbacks = ((func_args*)args)->callbacks; + ctx = wolfSSL_CTX_new(callbacks->method()); + +#if defined(USE_WINDOWS_API) + port = ((func_args*)args)->signal->port; +#else + /* Let tcp_listen assign port */ + port = 0; +#endif + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, + caCertFile, 0)); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, + svrCertFile, WOLFSSL_FILETYPE_PEM)); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, + svrKeyFile, WOLFSSL_FILETYPE_PEM)); + +#if !defined(NO_FILESYSTEM) && !defined(NO_DH) + ExpectIntEQ(wolfSSL_CTX_SetTmpDH_file(ctx, dhParamFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#elif !defined(NO_DH) + SetDHCtx(ctx); /* will repick suites with DHE, higher priority than PSK */ +#endif + + if (callbacks->ctx_ready) + callbacks->ctx_ready(ctx); + + ssl = wolfSSL_new(ctx); + ExpectNotNull(ssl); + + /* listen and accept */ + tcp_accept(&sfd, &cfd, (func_args*)args, port, 0, 0, 0, 0, 1, 0, 0); + CloseSocket(sfd); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, cfd)); + + if (callbacks->ssl_ready) + callbacks->ssl_ready(ssl); + + if (EXPECT_SUCCESS()) { + do { + err = 0; /* Reset error */ + ret = wolfSSL_accept(ssl); + if (ret != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); + } + } while (ret != WOLFSSL_SUCCESS && err == WC_NO_ERR_TRACE(WC_PENDING_E)); + } + + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + + /* read and write data */ + XMEMSET(input, 0, sizeof(input)); + + while (EXPECT_SUCCESS()) { + ret = wolfSSL_read(ssl, input, sizeof(input)); + if (ret > 0) { + break; + } + else { + err = wolfSSL_get_error(ssl,ret); + if (err == WOLFSSL_ERROR_WANT_READ) { + continue; + } + break; + } + } + + if (EXPECT_SUCCESS() && (err == WOLFSSL_ERROR_ZERO_RETURN)) { + do { + ret = wolfSSL_write(ssl, msg, len); + if (ret > 0) { + break; + } + } while (ret < 0); + } + + /* bidirectional shutdown */ + while (EXPECT_SUCCESS()) { + ret = wolfSSL_shutdown(ssl); + ExpectIntNE(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + if (ret == WOLFSSL_SUCCESS) { + break; + } + } + + if (EXPECT_SUCCESS()) { + /* wait for the peer to disconnect the tcp connection */ + do { + ret = wolfSSL_read(ssl, input, sizeof(input)); + err = wolfSSL_get_error(ssl, ret); + } while (ret > 0 || err != WOLFSSL_ERROR_ZERO_RETURN); + } + + /* detect TCP disconnect */ + ExpectIntLE(ret,WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_get_error(ssl, ret), WOLFSSL_ERROR_ZERO_RETURN); + + ((func_args*)args)->return_code = EXPECT_RESULT(); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + CloseSocket(cfd); +#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) + wc_ecc_fp_free(); /* free per thread cache */ +#endif + WOLFSSL_RETURN_FROM_THREAD(0); +} +static THREAD_RETURN WOLFSSL_THREAD SSL_read_test_client_thread(void* args) +{ + EXPECT_DECLS; + callback_functions* callbacks = NULL; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + SOCKET_T sfd = 0; + char msg[] = "hello wolfssl server!"; + int len = (int) XSTRLEN(msg); + char input[1024]; + int idx; + int ret, err; + + if (!args) + WOLFSSL_RETURN_FROM_THREAD(0); + + ((func_args*)args)->return_code = TEST_FAIL; + callbacks = ((func_args*)args)->callbacks; + ctx = wolfSSL_CTX_new(callbacks->method()); + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_load_verify_locations(ctx, + caCertFile, 0)); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_certificate_file(ctx, + cliCertFile, WOLFSSL_FILETYPE_PEM)); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_use_PrivateKey_file(ctx, + cliKeyFile, WOLFSSL_FILETYPE_PEM)); + + ExpectNotNull((ssl = wolfSSL_new(ctx))); + + tcp_connect(&sfd, wolfSSLIP, ((func_args*)args)->signal->port, 0, 0, ssl); + + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_set_fd(ssl, sfd)); + + if (EXPECT_SUCCESS()) { + do { + err = 0; /* Reset error */ + ret = wolfSSL_connect(ssl); + if (ret != WOLFSSL_SUCCESS) { + err = wolfSSL_get_error(ssl, 0); + } + } while (ret != WOLFSSL_SUCCESS && err == WC_NO_ERR_TRACE(WC_PENDING_E)); + } + + ExpectIntGE(wolfSSL_write(ssl, msg, len), 0); + + if (EXPECT_SUCCESS()) { + if (0 < (idx = wolfSSL_read(ssl, input, sizeof(input)-1))) { + input[idx] = 0; + } + } + + if (EXPECT_SUCCESS()) { + ret = wolfSSL_shutdown(ssl); + if (ret == WOLFSSL_SHUTDOWN_NOT_DONE) { + ret = wolfSSL_shutdown(ssl); + } + } + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + + ((func_args*)args)->return_code = EXPECT_RESULT(); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + CloseSocket(sfd); +#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) + wc_ecc_fp_free(); /* free per thread cache */ +#endif + WOLFSSL_RETURN_FROM_THREAD(0); +} +#endif /* OPENSSL_EXTRA && WOLFSSL_ERROR_CODE_OPENSSL && + HAVE_IO_TESTS_DEPENDENCIES && !WOLFSSL_NO_TLS12 */ + +/* This test is to check wolfSSL_read behaves as same as + * openSSL when it is called after SSL_shutdown completes. + */ +static int test_wolfSSL_read_detect_TCP_disconnect(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_ERROR_CODE_OPENSSL) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12) + tcp_ready ready; + func_args client_args; + func_args server_args; + THREAD_TYPE serverThread; + THREAD_TYPE clientThread; + callback_functions server_cbf; + callback_functions client_cbf; + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + StartTCP(); + InitTcpReady(&ready); + +#if defined(USE_WINDOWS_API) + /* use RNG to get random port if using windows */ + ready.port = GetRandomPort(); +#endif + + XMEMSET(&client_args, 0, sizeof(func_args)); + XMEMSET(&server_args, 0, sizeof(func_args)); + + XMEMSET(&server_cbf, 0, sizeof(callback_functions)); + XMEMSET(&client_cbf, 0, sizeof(callback_functions)); + + server_cbf.method = wolfTLSv1_2_server_method; + client_cbf.method = wolfTLSv1_2_client_method; + + server_args.callbacks = &server_cbf; + client_args.callbacks = &client_cbf; + + server_args.signal = &ready; + client_args.signal = &ready; + + start_thread(SSL_read_test_server_thread, &server_args, &serverThread); + + wait_tcp_ready(&server_args); + + start_thread(SSL_read_test_client_thread, &client_args, &clientThread); + + join_thread(clientThread); + join_thread(serverThread); + + ExpectTrue(client_args.return_code); + ExpectTrue(server_args.return_code); + + FreeTcpReady(&ready); +#endif + return EXPECT_RESULT(); +} +static int test_wolfSSL_CTX_get_min_proto_version(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_TLS) + WOLFSSL_CTX *ctx = NULL; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); + ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, SSL3_VERSION), + WOLFSSL_SUCCESS); + #ifdef WOLFSSL_ALLOW_SSLV3 + ExpectIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION); + #else + ExpectIntGT(wolfSSL_CTX_get_min_proto_version(ctx), SSL3_VERSION); + #endif + wolfSSL_CTX_free(ctx); + ctx = NULL; + + #ifndef NO_OLD_TLS + #ifdef WOLFSSL_ALLOW_TLSV10 + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); + #endif + ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_VERSION), + WOLFSSL_SUCCESS); + #ifdef WOLFSSL_ALLOW_TLSV10 + ExpectIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION); + #else + ExpectIntGT(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_VERSION); + #endif + wolfSSL_CTX_free(ctx); + ctx = NULL; + #endif + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_method())); + ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_1_VERSION), + WOLFSSL_SUCCESS); + #ifndef NO_OLD_TLS + ExpectIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION); + #else + ExpectIntGT(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_1_VERSION); + #endif + wolfSSL_CTX_free(ctx); + ctx = NULL; + + #ifndef WOLFSSL_NO_TLS12 + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_method())); + ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_2_VERSION), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_2_VERSION); + wolfSSL_CTX_free(ctx); + ctx = NULL; + #endif + + #ifdef WOLFSSL_TLS13 + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_method())); + ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx, TLS1_3_VERSION), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_get_min_proto_version(ctx), TLS1_3_VERSION); + wolfSSL_CTX_free(ctx); + ctx = NULL; + #endif +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ + (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))) +static int test_wolfSSL_set_SSL_CTX(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL)) \ + && !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_TLS13) && \ + !defined(NO_RSA) && !defined(NO_WOLFSSL_SERVER) + WOLFSSL_CTX *ctx1 = NULL; + WOLFSSL_CTX *ctx2 = NULL; + WOLFSSL *ssl = NULL; + const byte *session_id1 = (const byte *)"CTX1"; + const byte *session_id2 = (const byte *)"CTX2"; + + ExpectNotNull(ctx1 = wolfSSL_CTX_new(wolfTLS_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx1, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx1, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx1, TLS1_2_VERSION), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_get_min_proto_version(ctx1), TLS1_2_VERSION); + ExpectIntEQ(wolfSSL_CTX_get_max_proto_version(ctx1), TLS1_3_VERSION); + ExpectIntEQ(wolfSSL_CTX_set_session_id_context(ctx1, session_id1, 4), + WOLFSSL_SUCCESS); + + ExpectNotNull(ctx2 = wolfSSL_CTX_new(wolfTLS_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx2, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx2, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectIntEQ(wolfSSL_CTX_set_min_proto_version(ctx2, TLS1_2_VERSION), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_set_max_proto_version(ctx2, TLS1_2_VERSION), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_get_min_proto_version(ctx2), TLS1_2_VERSION); + ExpectIntEQ(wolfSSL_CTX_get_max_proto_version(ctx2), TLS1_2_VERSION); + ExpectIntEQ(wolfSSL_CTX_set_session_id_context(ctx2, session_id2, 4), + WOLFSSL_SUCCESS); + +#ifdef HAVE_SESSION_TICKET + ExpectIntEQ((wolfSSL_CTX_get_options(ctx1) & SSL_OP_NO_TICKET), 0); + wolfSSL_CTX_set_options(ctx2, SSL_OP_NO_TICKET); + ExpectIntNE((wolfSSL_CTX_get_options(ctx2) & SSL_OP_NO_TICKET), 0); +#endif + + ExpectNotNull(ssl = wolfSSL_new(ctx2)); + ExpectIntNE((wolfSSL_get_options(ssl) & WOLFSSL_OP_NO_TLSv1_3), 0); +#ifdef WOLFSSL_INT_H +#ifdef WOLFSSL_SESSION_ID_CTX + ExpectIntEQ(XMEMCMP(ssl->sessionCtx, session_id2, 4), 0); +#endif +#ifdef WOLFSSL_COPY_CERT + if (ctx2 != NULL && ctx2->certificate != NULL) { + ExpectFalse(ssl->buffers.certificate == ctx2->certificate); + } + if (ctx2 != NULL && ctx2->certChain != NULL) { + ExpectFalse(ssl->buffers.certChain == ctx2->certChain); + } +#else + ExpectTrue(ssl->buffers.certificate == ctx2->certificate); + ExpectTrue(ssl->buffers.certChain == ctx2->certChain); +#endif +#endif + +#ifdef HAVE_SESSION_TICKET + ExpectIntNE((wolfSSL_get_options(ssl) & SSL_OP_NO_TICKET), 0); +#endif + + /* Set the ctx1 that has TLSv1.3 as max proto version */ + ExpectNotNull(wolfSSL_set_SSL_CTX(ssl, ctx1)); + + /* MUST not change proto versions of ssl */ + ExpectIntNE((wolfSSL_get_options(ssl) & WOLFSSL_OP_NO_TLSv1_3), 0); +#ifdef HAVE_SESSION_TICKET + /* MUST not change */ + ExpectIntNE((wolfSSL_get_options(ssl) & SSL_OP_NO_TICKET), 0); +#endif + /* MUST change */ +#ifdef WOLFSSL_INT_H +#ifdef WOLFSSL_COPY_CERT + if (ctx1 != NULL && ctx1->certificate != NULL) { + ExpectFalse(ssl->buffers.certificate == ctx1->certificate); + } + if (ctx1 != NULL && ctx1->certChain != NULL) { + ExpectFalse(ssl->buffers.certChain == ctx1->certChain); + } +#else + ExpectTrue(ssl->buffers.certificate == ctx1->certificate); + ExpectTrue(ssl->buffers.certChain == ctx1->certChain); +#endif +#ifdef WOLFSSL_SESSION_ID_CTX + ExpectIntEQ(XMEMCMP(ssl->sessionCtx, session_id1, 4), 0); +#endif +#endif + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx1); + wolfSSL_CTX_free(ctx2); +#endif /* defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) */ + return EXPECT_RESULT(); +} +#endif /* defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ + (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))) */ + +static int test_wolfSSL_security_level(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + SSL_CTX *ctx = NULL; + + #ifdef WOLFSSL_TLS13 + #ifdef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + #endif + SSL_CTX_set_security_level(NULL, 1); + SSL_CTX_set_security_level(ctx, 1); + #if defined(WOLFSSL_SYS_CRYPTO_POLICY) + ExpectIntEQ(SSL_CTX_get_security_level(NULL), BAD_FUNC_ARG); + #else + ExpectIntEQ(SSL_CTX_get_security_level(NULL), 0); + #endif /* WOLFSSL_SYS_CRYPTO_POLICY */ + /* Stub so nothing happens. */ + ExpectIntEQ(SSL_CTX_get_security_level(ctx), 0); + + SSL_CTX_free(ctx); + #else + (void)ctx; + #endif +#endif + return EXPECT_RESULT(); +} + +/* System wide crypto-policy test. + * + * Loads three different policies (legacy, default, future), + * then tests crypt_policy api. + * */ +static int test_wolfSSL_crypto_policy(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) && !defined(NO_TLS) + int rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + const char * policy_list[] = { + "examples/crypto_policies/legacy/wolfssl.txt", + "examples/crypto_policies/default/wolfssl.txt", + "examples/crypto_policies/future/wolfssl.txt", + }; + const char * ciphers_list[] = { + "@SECLEVEL=1:EECDH:kRSA:EDH:PSK:DHEPSK:ECDHEPSK:RSAPSK" + ":!eNULL:!aNULL", + "@SECLEVEL=2:EECDH:kRSA:EDH:PSK:DHEPSK:ECDHEPSK:RSAPSK" + ":!RC4:!eNULL:!aNULL", + "@SECLEVEL=3:EECDH:EDH:PSK:DHEPSK:ECDHEPSK:!RSAPSK:!kRSA" + ":!AES128:!RC4:!eNULL:!aNULL:!SHA1", + }; + int seclevel_list[] = { 1, 2, 3 }; + int i = 0; + + for (i = 0; i < 3; ++i) { + const char * ciphers = NULL; + int n_diff = 0; + WOLFSSL_CTX * ctx = NULL; + WOLFSSL * ssl = NULL; + + /* Enable crypto policy. */ + rc = wolfSSL_crypto_policy_enable(policy_list[i]); + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + + rc = wolfSSL_crypto_policy_is_enabled(); + ExpectIntEQ(rc, 1); + + /* Trying to enable while already enabled should return + * forbidden. */ + rc = wolfSSL_crypto_policy_enable(policy_list[i]); + ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN); + + /* Security level and ciphers should match what is expected. */ + rc = wolfSSL_crypto_policy_get_level(); + ExpectIntEQ(rc, seclevel_list[i]); + + ciphers = wolfSSL_crypto_policy_get_ciphers(); + ExpectNotNull(ciphers); + + if (ciphers != NULL) { + n_diff = XSTRNCMP(ciphers, ciphers_list[i], strlen(ciphers)); + #ifdef DEBUG_WOLFSSL + if (n_diff) { + printf("error: got \n%s, expected \n%s\n", + ciphers, ciphers_list[i]); + } + #endif /* DEBUG_WOLFSSL */ + ExpectIntEQ(n_diff, 0); + } + + /* TLSv1_2_method should work for all policies. */ + ctx = wolfSSL_CTX_new(wolfTLSv1_2_method()); + ExpectNotNull(ctx); + + if (ctx != NULL) { + ssl = wolfSSL_new(ctx); + ExpectNotNull(ssl); + + /* These API should be rejected while enabled. */ + rc = wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_TLSV1_3); + ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN); + + rc = wolfSSL_SetMinVersion(ssl, WOLFSSL_TLSV1_3); + ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN); + } + + if (ctx != NULL) { + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + + if (ssl != NULL) { + wolfSSL_free(ssl); + ssl = NULL; + } + + wolfSSL_crypto_policy_disable(); + + /* Do the same test by buffer. */ + rc = wolfSSL_crypto_policy_enable_buffer(ciphers_list[i]); + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + + rc = wolfSSL_crypto_policy_is_enabled(); + ExpectIntEQ(rc, 1); + + /* Security level and ciphers should match what is expected. */ + rc = wolfSSL_crypto_policy_get_level(); + ExpectIntEQ(rc, seclevel_list[i]); + + ciphers = wolfSSL_crypto_policy_get_ciphers(); + ExpectNotNull(ciphers); + + if (ciphers != NULL) { + n_diff = XSTRNCMP(ciphers, ciphers_list[i], strlen(ciphers)); + #ifdef DEBUG_WOLFSSL + if (n_diff) { + printf("error: got \n%s, expected \n%s\n", + ciphers, ciphers_list[i]); + } + #endif /* DEBUG_WOLFSSL */ + ExpectIntEQ(n_diff, 0); + } + + wolfSSL_crypto_policy_disable(); + } + + wolfSSL_crypto_policy_disable(); + +#endif /* WOLFSSL_SYS_CRYPTO_POLICY && !NO_TLS */ + return EXPECT_RESULT(); +} + +/* System wide crypto-policy test: certs and keys. + * + * Loads three different policies (legacy, default, future), + * then tests loading different certificates and keys of + * varying strength. + * */ +static int test_wolfSSL_crypto_policy_certs_and_keys(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) && !defined(NO_TLS) + int rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + const char * policy_list[] = { + "examples/crypto_policies/legacy/wolfssl.txt", + "examples/crypto_policies/default/wolfssl.txt", + "examples/crypto_policies/future/wolfssl.txt", + }; + int i = 0; + + for (i = 0; i < 3; ++i) { + WOLFSSL_CTX * ctx = NULL; + WOLFSSL * ssl = NULL; + int is_legacy = 0; + int is_future = 0; + /* certs */ + const char * cert1024 = "certs/1024/client-cert.pem"; + const char * cert2048 = "certs/client-cert.pem"; + const char * cert3072 = "certs/3072/client-cert.pem"; + const char * cert256 = "certs/client-ecc-cert.pem"; + const char * cert384 = "certs/client-ecc384-cert.pem"; + /* keys */ + const char * key1024 = "certs/1024/client-key.pem"; + const char * key2048 = "certs/client-key.pem"; + const char * key3072 = "certs/3072/client-key.pem"; + const char * key256 = "certs/ecc-key.pem"; + const char * key384 = "certs/client-ecc384-key.pem"; + + is_legacy = (XSTRSTR(policy_list[i], "legacy") != NULL) ? 1 : 0; + is_future = (XSTRSTR(policy_list[i], "future") != NULL) ? 1 : 0; + + /* Enable crypto policy. */ + rc = wolfSSL_crypto_policy_enable(policy_list[i]); + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + + rc = wolfSSL_crypto_policy_is_enabled(); + ExpectIntEQ(rc, 1); + + /* TLSv1_2_method should work for all policies. */ + ctx = wolfSSL_CTX_new(wolfTLSv1_2_method()); + ExpectNotNull(ctx); + + /* Test certs of varying strength. */ + if (ctx != NULL) { + /* VERIFY_PEER must be set for key/cert checks to be done. */ + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); + + /* Test loading a cert with 1024 RSA key size. + * This should fail for all but legacy. */ + rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert1024); + + if (is_legacy) { + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(rc, WOLFSSL_FAILURE); + } + + /* Test loading a cert with 2048 RSA key size. + * Future crypto-policy is min 3072 RSA and DH key size, + * and should fail. */ + rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert2048); + + if (is_future) { + /* Future crypto-policy is min 3072 RSA and DH key size, this + * and should fail. */ + ExpectIntEQ(rc, WOLFSSL_FAILURE); + + /* Set to VERIFY_NONE. This will disable key size checks, + * it should now succeed. */ + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); + rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert2048); + + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + + /* Set back to verify peer. */ + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); + + } + else { + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + } + + /* Test loading a CA cert with 3072 RSA key size. + * This should succeed for all policies. */ + rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert3072); + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + + /* Test loading an ecc cert with 256 key size. + * This should succeed for all policies. */ + rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert256); + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + + /* Test loading an ecc cert with 384 key size. + * This should succeed for all policies. */ + rc = wolfSSL_CTX_use_certificate_chain_file(ctx, cert384); + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + + /* cleanup */ + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + + /* TLSv1_2_method should work for all policies. */ + ctx = wolfSSL_CTX_new(wolfTLSv1_2_method()); + ExpectNotNull(ctx); + + /* Repeat same tests for keys of varying strength. */ + if (ctx != NULL) { + /* 1024 RSA */ + rc = SSL_CTX_use_PrivateKey_file(ctx, key1024, + SSL_FILETYPE_PEM); + + if (is_legacy) { + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(rc, WOLFSSL_FAILURE); + } + + /* 2048 RSA */ + rc = SSL_CTX_use_PrivateKey_file(ctx, key2048, + SSL_FILETYPE_PEM); + + if (!is_future) { + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(rc, WOLFSSL_FAILURE); + } + + /* 3072 RSA */ + rc = SSL_CTX_use_PrivateKey_file(ctx, key3072, + SSL_FILETYPE_PEM); + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + + /* 256 ecc */ + rc = SSL_CTX_use_PrivateKey_file(ctx, key256, + SSL_FILETYPE_PEM); + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + + /* 384 ecc */ + rc = SSL_CTX_use_PrivateKey_file(ctx, key384, + SSL_FILETYPE_PEM); + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + + /* cleanup */ + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + + #ifdef HAVE_ECC + /* Test set ecc min key size. */ + ctx = wolfSSL_CTX_new(wolfTLSv1_2_method()); + ExpectNotNull(ctx); + + if (ctx != NULL) { + ssl = SSL_new(ctx); + ExpectNotNull(ssl); + + /* Test setting ctx. */ + rc = wolfSSL_CTX_SetMinEccKey_Sz(ctx, 160); + if (is_legacy) { + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN); + } + + rc = wolfSSL_CTX_SetMinEccKey_Sz(ctx, 224); + if (!is_future) { + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN); + } + + rc = wolfSSL_CTX_SetMinEccKey_Sz(ctx, 256); + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + + /* Test setting ssl. */ + if (ssl != NULL) { + rc = wolfSSL_SetMinEccKey_Sz(ssl, 160); + if (is_legacy) { + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN); + } + + rc = wolfSSL_SetMinEccKey_Sz(ssl, 224); + if (!is_future) { + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN); + } + + rc = wolfSSL_SetMinEccKey_Sz(ssl, 256); + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + + wolfSSL_free(ssl); + ssl = NULL; + } + + /* cleanup */ + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + #endif /* HAVE_ECC */ + + #if !defined(NO_RSA) + /* Test set rsa min key size. */ + ctx = wolfSSL_CTX_new(wolfTLSv1_2_method()); + ExpectNotNull(ctx); + + if (ctx != NULL) { + ssl = SSL_new(ctx); + ExpectNotNull(ssl); + + /* Test setting ctx. */ + rc = wolfSSL_CTX_SetMinRsaKey_Sz(ctx, 1024); + if (is_legacy) { + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN); + } + + rc = wolfSSL_CTX_SetMinRsaKey_Sz(ctx, 2048); + if (!is_future) { + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN); + } + + rc = wolfSSL_CTX_SetMinRsaKey_Sz(ctx, 3072); + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + + /* Test setting ssl. */ + if (ssl != NULL) { + rc = wolfSSL_SetMinRsaKey_Sz(ssl, 1024); + if (is_legacy) { + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN); + } + + rc = wolfSSL_SetMinRsaKey_Sz(ssl, 2048); + if (!is_future) { + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(rc, CRYPTO_POLICY_FORBIDDEN); + } + + rc = wolfSSL_SetMinRsaKey_Sz(ssl, 3072); + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + + wolfSSL_free(ssl); + ssl = NULL; + } + + /* cleanup */ + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + #endif /* !NO_RSA */ + + wolfSSL_crypto_policy_disable(); + } + + wolfSSL_crypto_policy_disable(); +#endif /* WOLFSSL_SYS_CRYPTO_POLICY && !NO_TLS */ + return EXPECT_RESULT(); +} + +/* System wide crypto-policy test: tls and dtls methods. + * */ +static int test_wolfSSL_crypto_policy_tls_methods(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) && !defined(NO_TLS) + int rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + const char * policy_list[] = { + "examples/crypto_policies/legacy/wolfssl.txt", + "examples/crypto_policies/default/wolfssl.txt", + "examples/crypto_policies/future/wolfssl.txt", + }; + int i = 0; + + for (i = 0; i < 3; ++i) { + WOLFSSL_CTX * ctx = NULL; + int is_legacy = 0; + + is_legacy = (XSTRSTR(policy_list[i], "legacy") != NULL) ? 1 : 0; + + /* Enable crypto policy. */ + rc = wolfSSL_crypto_policy_enable(policy_list[i]); + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + + rc = wolfSSL_crypto_policy_is_enabled(); + ExpectIntEQ(rc, 1); + + /* Try to use old TLS methods. Only allowed with legacy. */ + #if !defined(NO_OLD_TLS) + ctx = wolfSSL_CTX_new(wolfTLSv1_1_method()); + + if (is_legacy) { + ExpectNotNull(ctx); + } + else { + ExpectNull(ctx); + } + + if (ctx != NULL) { + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + + #if defined(WOLFSSL_ALLOW_TLSV10) + ctx = wolfSSL_CTX_new(wolfTLSv1_method()); + + if (is_legacy) { + ExpectNotNull(ctx); + } + else { + ExpectNull(ctx); + } + + if (ctx != NULL) { + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + #endif /* WOLFSSL_ALLOW_TLSV10 */ + #else + (void) is_legacy; + #endif /* !NO_OLD_TLS */ + + /* TLSv1_2_method should work for all policies. */ + ctx = wolfSSL_CTX_new(wolfTLSv1_2_method()); + ExpectNotNull(ctx); + + if (ctx != NULL) { + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + + ctx = wolfSSL_CTX_new(wolfTLSv1_3_method()); + ExpectNotNull(ctx); + + if (ctx != NULL) { + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + + ctx = wolfSSL_CTX_new(TLS_method()); + ExpectNotNull(ctx); + + if (ctx != NULL) { + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + + #ifdef WOLFSSL_DTLS + ctx = wolfSSL_CTX_new(DTLS_method()); + ExpectNotNull(ctx); + + if (ctx != NULL) { + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + + ctx = wolfSSL_CTX_new(wolfDTLSv1_2_method()); + ExpectNotNull(ctx); + + if (ctx != NULL) { + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + + #ifndef NO_OLD_TLS + /* Only allowed with legacy. */ + ctx = wolfSSL_CTX_new(wolfDTLSv1_method()); + + if (is_legacy) { + ExpectNotNull(ctx); + } + else { + ExpectNull(ctx); + } + + if (ctx != NULL) { + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + #endif /* !NO_OLD_TLS */ + #endif /* WOLFSSL_DTLS */ + + wolfSSL_crypto_policy_disable(); + } + + wolfSSL_crypto_policy_disable(); +#endif /* WOLFSSL_SYS_CRYPTO_POLICY && !NO_TLS */ + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) && !defined(NO_TLS) +/* Helper function for test_wolfSSL_crypto_policy_ciphers. + * Searches ssl suites for cipher string. + * + * Returns 1 if found. + * Returns 0 if not found. + * Returns < 0 if error. + * */ +static int crypto_policy_cipher_found(const WOLFSSL * ssl, + const char * cipher, + int match) +{ + WOLF_STACK_OF(WOLFSSL_CIPHER) * sk = NULL; + WOLFSSL_CIPHER * current = NULL; + const char * suite; + int found = 0; + int i = 0; + + if (ssl == NULL || cipher == NULL || *cipher == '\0') { + return -1; + } + + sk = wolfSSL_get_ciphers_compat(ssl); + + if (sk == NULL) { + return -1; + } + + do { + current = wolfSSL_sk_SSL_CIPHER_value(sk, i++); + if (current) { + suite = wolfSSL_CIPHER_get_name(current); + if (suite) { + if (match == 1) { + /* prefix match */ + if (XSTRNCMP(suite, cipher, XSTRLEN(cipher)) == 0) { + found = 1; + break; + } + } + else if (match == -1) { + /* postfix match */ + if (XSTRLEN(suite) > XSTRLEN(cipher)) { + const char * postfix = suite + XSTRLEN(suite) + - XSTRLEN(cipher); + if (XSTRNCMP(postfix, cipher, XSTRLEN(cipher)) == 0) { + found = 1; + break; + } + } + } + else { + /* needle in haystack match */ + if (XSTRSTR(suite, cipher)) { + found = 1; + break; + } + } + } + } + } while (current); + + return found == 1; +} +#endif /* WOLFSSL_SYS_CRYPTO_POLICY && !NO_TLS */ + +/* System wide crypto-policy test: ciphers. + * */ +static int test_wolfSSL_crypto_policy_ciphers(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SYS_CRYPTO_POLICY) && !defined(NO_TLS) + int rc = WC_NO_ERR_TRACE(WOLFSSL_FAILURE); + const char * policy_list[] = { + "examples/crypto_policies/legacy/wolfssl.txt", + "examples/crypto_policies/default/wolfssl.txt", + "examples/crypto_policies/future/wolfssl.txt", + }; + int seclevel_list[] = { 1, 2, 3 }; + int i = 0; + int is_legacy = 0; + int is_future = 0; + + for (i = 0; i < 3; ++i) { + WOLFSSL_CTX * ctx = NULL; + WOLFSSL * ssl = NULL; + int found = 0; + + is_legacy = (XSTRSTR(policy_list[i], "legacy") != NULL) ? 1 : 0; + is_future = (XSTRSTR(policy_list[i], "future") != NULL) ? 1 : 0; + + (void) is_legacy; + + /* Enable crypto policy. */ + rc = wolfSSL_crypto_policy_enable(policy_list[i]); + ExpectIntEQ(rc, WOLFSSL_SUCCESS); + + rc = wolfSSL_crypto_policy_is_enabled(); + ExpectIntEQ(rc, 1); + + ctx = wolfSSL_CTX_new(TLS_method()); + ExpectNotNull(ctx); + + ssl = SSL_new(ctx); + ExpectNotNull(ssl); + + rc = wolfSSL_CTX_get_security_level(ctx); + ExpectIntEQ(rc, seclevel_list[i]); + + rc = wolfSSL_get_security_level(ssl); + ExpectIntEQ(rc, seclevel_list[i]); + + found = crypto_policy_cipher_found(ssl, "RC4", 0); + ExpectIntEQ(found, is_legacy); + + /* We return a different cipher string depending on build settings. */ + #if !defined(WOLFSSL_CIPHER_INTERNALNAME) && \ + !defined(NO_ERROR_STRINGS) && !defined(WOLFSSL_QT) + found = crypto_policy_cipher_found(ssl, "AES_128", 0); + ExpectIntEQ(found, !is_future); + + found = crypto_policy_cipher_found(ssl, "TLS_DHE_RSA_WITH_AES", 1); + ExpectIntEQ(found, !is_future); + + found = crypto_policy_cipher_found(ssl, "_SHA", -1); + ExpectIntEQ(found, !is_future); + #else + found = crypto_policy_cipher_found(ssl, "AES128", 0); + ExpectIntEQ(found, !is_future); + + found = crypto_policy_cipher_found(ssl, "DHE-RSA-AES", 1); + ExpectIntEQ(found, !is_future); + + found = crypto_policy_cipher_found(ssl, "-SHA", -1); + ExpectIntEQ(found, !is_future); + #endif + + if (ssl != NULL) { + SSL_free(ssl); + ssl = NULL; + } + + if (ctx != NULL) { + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + + wolfSSL_crypto_policy_disable(); + } + + wolfSSL_crypto_policy_disable(); + +#endif /* WOLFSSL_SYS_CRYPTO_POLICY && !NO_TLS */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_SSL_in_init(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_BIO) && !defined(NO_TLS) + SSL_CTX* ctx = NULL; + SSL* ssl = NULL; + const char* testCertFile; + const char* testKeyFile; + +#ifdef WOLFSSL_TLS13 + #ifdef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + #endif +#else + #ifdef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + #endif +#endif +#ifndef NO_RSA + testCertFile = svrCertFile; + testKeyFile = svrKeyFile; +#elif defined(HAVE_ECC) + testCertFile = eccCertFile; + testKeyFile = eccKeyFile; +#else + testCertFile = NULL; + testKeyFile = NULL; +#endif + if ((testCertFile != NULL) && (testKeyFile != NULL)) { + ExpectTrue(SSL_CTX_use_certificate_file(ctx, testCertFile, + SSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + SSL_FILETYPE_PEM)); + } + + ExpectNotNull(ssl = SSL_new(ctx)); + ExpectIntEQ(SSL_in_init(ssl), 1); + + SSL_CTX_free(ctx); + SSL_free(ssl); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_set_timeout(void) +{ + EXPECT_DECLS; +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) && \ + !defined(NO_SESSION_CACHE) + WOLFSSL_CTX* ctx = NULL; +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + int timeout; +#endif + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + +#if defined(WOLFSSL_ERROR_CODE_OPENSSL) + /* in WOLFSSL_ERROR_CODE_OPENSSL macro guard, + * wolfSSL_CTX_set_timeout returns previous timeout value on success. + */ + ExpectIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* giving 0 as timeout value sets default timeout */ + timeout = wolfSSL_CTX_set_timeout(ctx, 0); + ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 20), timeout); + ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 30), 20); + +#else + ExpectIntEQ(wolfSSL_CTX_set_timeout(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 100), 1); + ExpectIntEQ(wolfSSL_CTX_set_timeout(ctx, 0), 1); +#endif + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_OpenSSL_version(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + const char* ver; + +#if defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L + ExpectNotNull(ver = OpenSSL_version(0)); +#else + ExpectNotNull(ver = OpenSSL_version()); +#endif + ExpectIntEQ(XMEMCMP(ver, "wolfSSL " LIBWOLFSSL_VERSION_STRING, + XSTRLEN("wolfSSL " LIBWOLFSSL_VERSION_STRING)), 0); +#endif + return EXPECT_RESULT(); +} + +static int test_CONF_CTX_CMDLINE(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_TLS) && !defined(NO_WOLFSSL_SERVER) + SSL_CTX* ctx = NULL; + SSL_CONF_CTX* cctx = NULL; + + ExpectNotNull(cctx = SSL_CONF_CTX_new()); + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + + /* set flags */ + ExpectIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CMDLINE), + WOLFSSL_CONF_FLAG_CMDLINE); + ExpectIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE), + WOLFSSL_CONF_FLAG_CMDLINE | WOLFSSL_CONF_FLAG_CERTIFICATE); + /* cmd invalid command */ + ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2); + ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2); + ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* cmd Certificate and Private Key*/ + { + #if !defined(NO_CERTS) && !defined(NO_RSA) + const char* ourCert = svrCertFile; + const char* ourKey = svrKeyFile; + + ExpectIntEQ(SSL_CONF_cmd(cctx, "-cert", NULL), -3); + ExpectIntEQ(SSL_CONF_cmd(cctx, "-cert", ourCert), WOLFSSL_SUCCESS); + ExpectIntEQ(SSL_CONF_cmd(cctx, "-key", NULL), -3); + ExpectIntEQ(SSL_CONF_cmd(cctx, "-key", ourKey), WOLFSSL_SUCCESS); + ExpectIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + #endif + } + + /* cmd curves */ + { + #if defined(HAVE_ECC) + const char* curve = "secp256r1"; + + ExpectIntEQ(SSL_CONF_cmd(cctx, "-curves", NULL), -3); + ExpectIntEQ(SSL_CONF_cmd(cctx, "-curves", curve), WOLFSSL_SUCCESS); + ExpectIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + #endif + } + + /* cmd CipherString */ + { + char* cipher = wolfSSL_get_cipher_list(0/*top priority*/); + + ExpectIntEQ(SSL_CONF_cmd(cctx, "-cipher", NULL), -3); + ExpectIntEQ(SSL_CONF_cmd(cctx, "-cipher", cipher), WOLFSSL_SUCCESS); + ExpectIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + } + + /* cmd DH parameter */ + { + #if !defined(NO_DH) && !defined(NO_BIO) + const char* ourdhcert = "./certs/dh2048.pem"; + + ExpectIntEQ(SSL_CONF_cmd(cctx, "-dhparam", NULL), -3); + ExpectIntEQ(SSL_CONF_cmd(cctx, "-dhparam", ourdhcert), WOLFSSL_SUCCESS); + ExpectIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + + #endif + } + + SSL_CTX_free(ctx); + SSL_CONF_CTX_free(cctx); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +static int test_CONF_CTX_FILE(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_TLS) && !defined(NO_WOLFSSL_SERVER) + SSL_CTX* ctx = NULL; + SSL_CONF_CTX* cctx = NULL; + + ExpectNotNull(cctx = SSL_CONF_CTX_new()); + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + SSL_CONF_CTX_set_ssl_ctx(cctx, ctx); + + /* set flags */ + ExpectIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_FILE), + WOLFSSL_CONF_FLAG_FILE); + ExpectIntEQ(SSL_CONF_CTX_set_flags(cctx, WOLFSSL_CONF_FLAG_CERTIFICATE), + WOLFSSL_CONF_FLAG_FILE | WOLFSSL_CONF_FLAG_CERTIFICATE); + /* sanity check */ + ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", "foobar"), -2); + ExpectIntEQ(SSL_CONF_cmd(cctx, "foo", NULL), -2); + ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_CONF_cmd(cctx, NULL, "foobar"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(SSL_CONF_cmd(NULL, "-curves", "foobar"), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* cmd Certificate and Private Key*/ + { + #if !defined(NO_CERTS) && !defined(NO_RSA) + const char* ourCert = svrCertFile; + const char* ourKey = svrKeyFile; + + ExpectIntEQ(SSL_CONF_cmd(cctx, "Certificate", NULL), -3); + ExpectIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", NULL), -3); + + ExpectIntEQ(SSL_CONF_cmd(cctx, "Certificate", ourCert), + WOLFSSL_SUCCESS); + ExpectIntEQ(SSL_CONF_cmd(cctx, "PrivateKey", ourKey), WOLFSSL_SUCCESS); + ExpectIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + #endif + } + + /* cmd curves */ + { + #if defined(HAVE_ECC) + const char* curve = "secp256r1"; + + ExpectIntEQ(SSL_CONF_cmd(cctx, "Curves", NULL), -3); + ExpectIntEQ(SSL_CONF_cmd(cctx, "Curves", curve), WOLFSSL_SUCCESS); + ExpectIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + #endif + } + + /* cmd CipherString */ + { + char* cipher = wolfSSL_get_cipher_list(0/*top priority*/); + + ExpectIntEQ(SSL_CONF_cmd(cctx, "CipherString", NULL), -3); + ExpectIntEQ(SSL_CONF_cmd(cctx, "CipherString", cipher), + WOLFSSL_SUCCESS); + ExpectIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + } + + /* cmd DH parameter */ + { + #if !defined(NO_DH) && !defined(NO_BIO) && defined(HAVE_FFDHE_3072) + const char* ourdhcert = "./certs/dh3072.pem"; + + ExpectIntEQ(SSL_CONF_cmd(cctx, "DHParameters", NULL), -3); + ExpectIntEQ(SSL_CONF_cmd(cctx, "DHParameters", ourdhcert), + WOLFSSL_SUCCESS); + ExpectIntEQ(SSL_CONF_CTX_finish(cctx), WOLFSSL_SUCCESS); + + #endif + } + + SSL_CTX_free(ctx); + SSL_CONF_CTX_free(cctx); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CRYPTO_get_ex_new_index(void) +{ + EXPECT_DECLS; +#ifdef HAVE_EX_DATA_CRYPTO + int idx1, idx2; + + /* test for unsupported class index */ + ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509_STORE, + 0,NULL, NULL, NULL, NULL ), -1); + ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index( + WOLF_CRYPTO_EX_INDEX_X509_STORE_CTX, + 0,NULL, NULL, NULL, NULL ), -1); + ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_DH, + 0,NULL, NULL, NULL, NULL ), -1); + ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_DSA, + 0,NULL, NULL, NULL, NULL ), -1); + ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_EC_KEY, + 0,NULL, NULL, NULL, NULL ), -1); + ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_RSA, + 0,NULL, NULL, NULL, NULL ), -1); + ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_ENGINE, + 0,NULL, NULL, NULL, NULL ), -1); + ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_UI, + 0,NULL, NULL, NULL, NULL ), -1); + ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_BIO, + 0,NULL, NULL, NULL, NULL ), -1); + ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_APP, + 0,NULL, NULL, NULL, NULL ), -1); + ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_UI_METHOD, + 0,NULL, NULL, NULL, NULL ), -1); + ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_DRBG, + 0,NULL, NULL, NULL, NULL ), -1); + ExpectIntEQ(wolfSSL_CRYPTO_get_ex_new_index(20, + 0,NULL, NULL, NULL, NULL ), -1); + + /* test for supported class index */ + idx1 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL, + 0,NULL, NULL, NULL, NULL ); + idx2 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL, + 0,NULL, NULL, NULL, NULL ); + ExpectIntNE(idx1, -1); + ExpectIntNE(idx2, -1); + ExpectIntNE(idx1, idx2); + + idx1 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_CTX, + 0,NULL, NULL, NULL, NULL ); + idx2 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_CTX, + 0,NULL, NULL, NULL, NULL ); + ExpectIntNE(idx1, -1); + ExpectIntNE(idx2, -1); + ExpectIntNE(idx1, idx2); + + idx1 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509, + 0,NULL, NULL, NULL, NULL ); + idx2 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_X509, + 0,NULL, NULL, NULL, NULL ); + ExpectIntNE(idx1, -1); + ExpectIntNE(idx2, -1); + ExpectIntNE(idx1, idx2); + + + idx1 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_SESSION, + 0,NULL, NULL, NULL, NULL ); + idx2 = wolfSSL_CRYPTO_get_ex_new_index(WOLF_CRYPTO_EX_INDEX_SSL_SESSION, + 0,NULL, NULL, NULL, NULL ); + ExpectIntNE(idx1, -1); + ExpectIntNE(idx2, -1); + ExpectIntNE(idx1, idx2); +#endif /* HAVE_EX_DATA_CRYPTO */ + return EXPECT_RESULT(); +} + +#if defined(HAVE_EX_DATA_CRYPTO) && defined(OPENSSL_EXTRA) + +#define SESSION_NEW_IDX_LONG 0xDEADBEEF +#define SESSION_NEW_IDX_VAL ((void*)0xAEADAEAD) +#define SESSION_DUP_IDX_VAL ((void*)0xDEDEDEDE) +#define SESSION_NEW_IDX_PTR "Testing" + +static void test_wolfSSL_SESSION_get_ex_new_index_new_cb(void* p, void* ptr, + CRYPTO_EX_DATA* a, int idx, long argValue, void* arg) +{ + AssertNotNull(p); + AssertNull(ptr); + AssertIntEQ(CRYPTO_set_ex_data(a, idx, SESSION_NEW_IDX_VAL), SSL_SUCCESS); + AssertIntEQ(argValue, SESSION_NEW_IDX_LONG); + AssertStrEQ(arg, SESSION_NEW_IDX_PTR); +} + +static int test_wolfSSL_SESSION_get_ex_new_index_dup_cb(CRYPTO_EX_DATA* out, + const CRYPTO_EX_DATA* in, void* inPtr, int idx, long argV, + void* arg) +{ + EXPECT_DECLS; + + ExpectNotNull(out); + ExpectNotNull(in); + ExpectPtrEq(*(void**)inPtr, SESSION_NEW_IDX_VAL); + ExpectPtrEq(CRYPTO_get_ex_data(in, idx), SESSION_NEW_IDX_VAL); + ExpectPtrEq(CRYPTO_get_ex_data(out, idx), SESSION_NEW_IDX_VAL); + ExpectIntEQ(argV, SESSION_NEW_IDX_LONG); + ExpectStrEQ(arg, SESSION_NEW_IDX_PTR); + *(void**)inPtr = SESSION_DUP_IDX_VAL; + if (EXPECT_SUCCESS()) { + return SSL_SUCCESS; + } + else { + return SSL_FAILURE; + } +} + +static int test_wolfSSL_SESSION_get_ex_new_index_free_cb_called = 0; +static void test_wolfSSL_SESSION_get_ex_new_index_free_cb(void* p, void* ptr, + CRYPTO_EX_DATA* a, int idx, long argValue, void* arg) +{ + EXPECT_DECLS; + + ExpectNotNull(p); + ExpectNull(ptr); + ExpectPtrNE(CRYPTO_get_ex_data(a, idx), 0); + ExpectIntEQ(argValue, SESSION_NEW_IDX_LONG); + ExpectStrEQ(arg, SESSION_NEW_IDX_PTR); + if (EXPECT_SUCCESS()) { + test_wolfSSL_SESSION_get_ex_new_index_free_cb_called++; + } +} + +static int test_wolfSSL_SESSION_get_ex_new_index(void) +{ + EXPECT_DECLS; + int idx = SSL_SESSION_get_ex_new_index(SESSION_NEW_IDX_LONG, + (void*)SESSION_NEW_IDX_PTR, + test_wolfSSL_SESSION_get_ex_new_index_new_cb, + test_wolfSSL_SESSION_get_ex_new_index_dup_cb, + test_wolfSSL_SESSION_get_ex_new_index_free_cb); + SSL_SESSION* s = SSL_SESSION_new(); + SSL_SESSION* d = NULL; + + ExpectNotNull(s); + ExpectPtrEq(SSL_SESSION_get_ex_data(s, idx), SESSION_NEW_IDX_VAL); + ExpectNotNull(d = SSL_SESSION_dup(s)); + ExpectPtrEq(SSL_SESSION_get_ex_data(d, idx), SESSION_DUP_IDX_VAL); + SSL_SESSION_free(s); + ExpectIntEQ(test_wolfSSL_SESSION_get_ex_new_index_free_cb_called, 1); + SSL_SESSION_free(d); + ExpectIntEQ(test_wolfSSL_SESSION_get_ex_new_index_free_cb_called, 2); + + crypto_ex_cb_free(crypto_ex_cb_ctx_session); + crypto_ex_cb_ctx_session = NULL; + return EXPECT_RESULT(); +} +#else +static int test_wolfSSL_SESSION_get_ex_new_index(void) +{ + return TEST_SKIPPED; +} +#endif + +static int test_wolfSSL_set_psk_use_session_callback(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_PSK) && !defined(NO_TLS) + SSL_CTX* ctx = NULL; + SSL* ssl = NULL; + const char* testCertFile; + const char* testKeyFile; + +#ifdef WOLFSSL_TLS13 + #ifdef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + #endif +#else + #ifdef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + #endif +#endif +#ifndef NO_RSA + testCertFile = svrCertFile; + testKeyFile = svrKeyFile; +#elif defined(HAVE_ECC) + testCertFile = eccCertFile; + testKeyFile = eccKeyFile; +#else + testCertFile = NULL; + testKeyFile = NULL; +#endif + if ((testCertFile != NULL) && (testKeyFile != NULL)) { + ExpectTrue(SSL_CTX_use_certificate_file(ctx, testCertFile, + SSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + SSL_FILETYPE_PEM)); + } + + ExpectNotNull(ssl = SSL_new(ctx)); + + SSL_set_psk_use_session_callback(ssl, my_psk_use_session_cb); + + SSL_CTX_free(ctx); + SSL_free(ssl); +#endif + return EXPECT_RESULT(); +} + +/* similar to error_test() in wolfcrypt/test/test.c, but adding error codes from + * TLS layer. + */ +static int error_test(void) +{ + EXPECT_DECLS; + const char* errStr; + const char* unknownStr = wc_GetErrorString(0); + +#ifdef NO_ERROR_STRINGS + /* Ensure a valid error code's string matches an invalid code's. + * The string is that error strings are not available. + */ + errStr = wc_GetErrorString(OPEN_RAN_E); + ExpectIntEQ(XSTRCMP(errStr, unknownStr), 0); + if (EXPECT_FAIL()) + return OPEN_RAN_E; +#else + int i; + int j = 0; + /* Values that are not or no longer error codes. */ + static const struct { + int first; + int last; + } missing[] = { +#ifndef OPENSSL_EXTRA + { 0, 0 }, +#endif + +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) + { -11, -12 }, + { -15, -17 }, + { -19, -19 }, + { -26, -27 }, + { -30, WC_SPAN1_FIRST_E + 1 }, +#else + { -9, WC_SPAN1_FIRST_E + 1 }, +#endif + { -124, -124 }, + { -167, -169 }, + { -300, -300 }, + { -334, -336 }, + { -346, -349 }, + { -356, -356 }, + { -358, -358 }, + { -384, -384 }, + { -466, -499 }, + { WOLFSSL_LAST_E - 1, WC_SPAN2_FIRST_E + 1 }, + { WC_SPAN2_LAST_E - 1, MIN_CODE_E } + }; + + /* Check that all errors have a string and it's the same through the two + * APIs. Check that the values that are not errors map to the unknown + * string. + */ + for (i = 0; i >= MIN_CODE_E; i--) { + int this_missing = 0; + for (j = 0; j < (int)XELEM_CNT(missing); ++j) { + if ((i <= missing[j].first) && (i >= missing[j].last)) { + this_missing = 1; + break; + } + } + errStr = wolfSSL_ERR_reason_error_string((word32)i); + + if (! this_missing) { + ExpectIntNE(XSTRCMP(errStr, unknownStr), 0); + if (EXPECT_FAIL()) { + return i; + } + ExpectTrue(XSTRLEN(errStr) < WOLFSSL_MAX_ERROR_SZ); + if (EXPECT_FAIL()) { + return i; + } + } + else { + j++; + ExpectIntEQ(XSTRCMP(errStr, unknownStr), 0); + if (EXPECT_FAIL()) { + return i; + } + } + } +#endif + + return 1; +} + +static int test_wolfSSL_ERR_strings(void) +{ + EXPECT_DECLS; + +#if !defined(NO_ERROR_STRINGS) + const char* err1 = "unsupported cipher suite"; + const char* err2 = "wolfSSL PEM routines"; + const char* err = NULL; + + (void)err; + (void)err1; + (void)err2; + +#if defined(OPENSSL_EXTRA) + ExpectNotNull(err = ERR_reason_error_string(WC_NO_ERR_TRACE(UNSUPPORTED_SUITE))); + ExpectIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0); + + ExpectNotNull(err = ERR_func_error_string(WC_NO_ERR_TRACE(UNSUPPORTED_SUITE))); + ExpectIntEQ((*err == '\0'), 1); + + ExpectNotNull(err = ERR_lib_error_string(PEM_R_PROBLEMS_GETTING_PASSWORD)); + ExpectIntEQ(XSTRNCMP(err, err2, XSTRLEN(err2)), 0); +#else + ExpectNotNull(err = wolfSSL_ERR_reason_error_string(WC_NO_ERR_TRACE((word32)UNSUPPORTED_SUITE))); + ExpectIntEQ(XSTRNCMP(err, err1, XSTRLEN(err1)), 0); + + ExpectNotNull(err = wolfSSL_ERR_func_error_string(WC_NO_ERR_TRACE((word32)UNSUPPORTED_SUITE))); + ExpectIntEQ((*err == '\0'), 1); + + ExpectNotNull(err = wolfSSL_ERR_lib_error_string(-WOLFSSL_PEM_R_PROBLEMS_GETTING_PASSWORD_E)); + ExpectIntEQ((*err == '\0'), 1); +#endif +#endif + + ExpectIntEQ(error_test(), 1); + + return EXPECT_RESULT(); +} +static int test_wolfSSL_EVP_shake128(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \ + defined(WOLFSSL_SHAKE128) + const EVP_MD* md = NULL; + + ExpectNotNull(md = EVP_shake128()); + ExpectIntEQ(XSTRNCMP(md, "SHAKE128", XSTRLEN("SHAKE128")), 0); +#endif + + return EXPECT_RESULT(); +} + +static int test_wolfSSL_EVP_shake256(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA3) && \ + defined(WOLFSSL_SHAKE256) + const EVP_MD* md = NULL; + + ExpectNotNull(md = EVP_shake256()); + ExpectIntEQ(XSTRNCMP(md, "SHAKE256", XSTRLEN("SHAKE256")), 0); +#endif + + return EXPECT_RESULT(); +} + +/* + * Testing EVP digest API with SM3 + */ +static int test_wolfSSL_EVP_sm3(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SM3) + EXPECT_DECLS; + const EVP_MD* md = NULL; + EVP_MD_CTX* mdCtx = NULL; + byte data[WC_SM3_BLOCK_SIZE * 4]; + byte hash[WC_SM3_DIGEST_SIZE]; + byte calcHash[WC_SM3_DIGEST_SIZE]; + byte expHash[WC_SM3_DIGEST_SIZE] = { + 0x38, 0x48, 0x15, 0xa7, 0x0e, 0xae, 0x0b, 0x27, + 0x5c, 0xde, 0x9d, 0xa5, 0xd1, 0xa4, 0x30, 0xa1, + 0xca, 0xd4, 0x54, 0x58, 0x44, 0xa2, 0x96, 0x1b, + 0xd7, 0x14, 0x80, 0x3f, 0x80, 0x1a, 0x07, 0xb6 + }; + word32 chunk; + word32 i; + unsigned int sz; + int ret; + + XMEMSET(data, 0, sizeof(data)); + + md = EVP_sm3(); + ExpectTrue(md != NULL); + ExpectIntEQ(XSTRNCMP(md, "SM3", XSTRLEN("SM3")), 0); + mdCtx = EVP_MD_CTX_new(); + ExpectTrue(mdCtx != NULL); + + /* Invalid Parameters */ + ExpectIntEQ(EVP_DigestInit(NULL, md), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* Valid Parameters */ + ExpectIntEQ(EVP_DigestInit(mdCtx, md), WOLFSSL_SUCCESS); + + ExpectIntEQ(EVP_DigestUpdate(NULL, NULL, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_DigestUpdate(NULL, data, 1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Valid Parameters */ + ExpectIntEQ(EVP_DigestUpdate(mdCtx, NULL, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, WC_SM3_BLOCK_SIZE), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, WC_SM3_BLOCK_SIZE - 2), + WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, WC_SM3_BLOCK_SIZE * 2), + WOLFSSL_SUCCESS); + /* Ensure too many bytes for lengths. */ + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, WC_SM3_PAD_SIZE), + WOLFSSL_SUCCESS); + + /* Invalid Parameters */ + ExpectIntEQ(EVP_DigestFinal(NULL, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_DigestFinal(NULL, hash, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(EVP_DigestFinal(mdCtx, NULL, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* Valid Parameters */ + ExpectIntEQ(EVP_DigestFinal(mdCtx, hash, NULL), WOLFSSL_SUCCESS); + ExpectBufEQ(hash, expHash, WC_SM3_DIGEST_SIZE); + + /* Chunk tests. */ + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data, sizeof(data)), WOLFSSL_SUCCESS); + ExpectIntEQ(EVP_DigestFinal(mdCtx, calcHash, &sz), WOLFSSL_SUCCESS); + ExpectIntEQ(sz, WC_SM3_DIGEST_SIZE); + for (chunk = 1; chunk <= WC_SM3_BLOCK_SIZE + 1; chunk++) { + for (i = 0; i + chunk <= (word32)sizeof(data); i += chunk) { + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data + i, chunk), + WOLFSSL_SUCCESS); + } + if (i < (word32)sizeof(data)) { + ExpectIntEQ(EVP_DigestUpdate(mdCtx, data + i, + (word32)sizeof(data) - i), WOLFSSL_SUCCESS); + } + ExpectIntEQ(EVP_DigestFinal(mdCtx, hash, NULL), WOLFSSL_SUCCESS); + ExpectBufEQ(hash, calcHash, WC_SM3_DIGEST_SIZE); + } + + /* Not testing when the low 32-bit length overflows. */ + + ret = EVP_MD_CTX_cleanup(mdCtx); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + wolfSSL_EVP_MD_CTX_free(mdCtx); + + res = EXPECT_RESULT(); +#endif + return res; +} /* END test_EVP_sm3 */ + +static int test_EVP_blake2(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && (defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S)) + const EVP_MD* md = NULL; + (void)md; + +#if defined(HAVE_BLAKE2) + ExpectNotNull(md = EVP_blake2b512()); + ExpectIntEQ(XSTRNCMP(md, "BLAKE2b512", XSTRLEN("BLAKE2b512")), 0); +#endif + +#if defined(HAVE_BLAKE2S) + ExpectNotNull(md = EVP_blake2s256()); + ExpectIntEQ(XSTRNCMP(md, "BLAKE2s256", XSTRLEN("BLAKE2s256")), 0); +#endif +#endif + + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) +static void list_md_fn(const EVP_MD* m, const char* from, + const char* to, void* arg) +{ + const char* mn; + BIO *bio; + + (void) from; + (void) to; + (void) arg; + (void) mn; + (void) bio; + + if (!m) { + /* alias */ + AssertNull(m); + AssertNotNull(to); + } + else { + AssertNotNull(m); + AssertNull(to); + } + + AssertNotNull(from); + +#if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE) + mn = EVP_get_digestbyname(from); + /* print to stderr */ + AssertNotNull(arg); + + bio = BIO_new(BIO_s_file()); + BIO_set_fp(bio, arg, BIO_NOCLOSE); + BIO_printf(bio, "Use %s message digest algorithm\n", mn); + BIO_free(bio); +#endif +} +#endif + +static int test_EVP_MD_do_all(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) + EVP_MD_do_all(NULL, stderr); + + EVP_MD_do_all(list_md_fn, stderr); + + res = TEST_SUCCESS; +#endif + + return res; +} + +#if defined(OPENSSL_EXTRA) +static void obj_name_t(const OBJ_NAME* nm, void* arg) +{ + (void)arg; + (void)nm; + + AssertIntGT(nm->type, OBJ_NAME_TYPE_UNDEF); + +#if !defined(NO_FILESYSTEM) && defined(DEBUG_WOLFSSL_VERBOSE) + /* print to stderr */ + AssertNotNull(arg); + + BIO *bio = BIO_new(BIO_s_file()); + BIO_set_fp(bio, arg, BIO_NOCLOSE); + BIO_printf(bio, "%s\n", nm); + BIO_free(bio); +#endif +} + +#endif +static int test_OBJ_NAME_do_all(void) +{ + int res = TEST_SKIPPED; +#if defined(OPENSSL_EXTRA) + + OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, NULL, NULL); + + OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, NULL, stderr); + + OBJ_NAME_do_all(OBJ_NAME_TYPE_MD_METH, obj_name_t, stderr); + OBJ_NAME_do_all(OBJ_NAME_TYPE_PKEY_METH, obj_name_t, stderr); + OBJ_NAME_do_all(OBJ_NAME_TYPE_COMP_METH, obj_name_t, stderr); + OBJ_NAME_do_all(OBJ_NAME_TYPE_NUM, obj_name_t, stderr); + OBJ_NAME_do_all(OBJ_NAME_TYPE_UNDEF, obj_name_t, stderr); + OBJ_NAME_do_all(OBJ_NAME_TYPE_CIPHER_METH, obj_name_t, stderr); + OBJ_NAME_do_all(-1, obj_name_t, stderr); + + res = TEST_SUCCESS; +#endif + + return res; +} + +static int test_SSL_CIPHER_get_xxx(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) && \ + !defined(NO_FILESYSTEM) && !defined(NO_TLS) + const SSL_CIPHER* cipher = NULL; + STACK_OF(SSL_CIPHER) *supportedCiphers = NULL; + int i, numCiphers = 0; + SSL_CTX* ctx = NULL; + SSL* ssl = NULL; + const char* testCertFile; + const char* testKeyFile; + char buf[256] = {0}; + + const char* cipher_id = NULL; + int expect_nid1 = NID_undef; + int expect_nid2 = NID_undef; + int expect_nid3 = NID_undef; + int expect_nid4 = NID_undef; + int expect_nid5 = 0; + + const char* cipher_id2 = NULL; + int expect_nid21 = NID_undef; + int expect_nid22 = NID_undef; + int expect_nid23 = NID_undef; + int expect_nid24 = NID_undef; + int expect_nid25 = 0; + + (void)cipher; + (void)supportedCiphers; + (void)i; + (void)numCiphers; + (void)ctx; + (void)ssl; + (void)testCertFile; + (void)testKeyFile; + +#if defined(WOLFSSL_TLS13) + cipher_id = "TLS13-AES128-GCM-SHA256"; + expect_nid1 = NID_auth_rsa; + expect_nid2 = NID_aes_128_gcm; + expect_nid3 = NID_sha256; + expect_nid4 = NID_kx_any; + expect_nid5 = 1; + + #if !defined(WOLFSSL_NO_TLS12) + cipher_id2 = "ECDHE-RSA-AES256-GCM-SHA384"; + expect_nid21 = NID_auth_rsa; + expect_nid22 = NID_aes_256_gcm; + expect_nid23 = NID_sha384; + expect_nid24 = NID_kx_ecdhe; + expect_nid25 = 1; + #endif +#endif + + #ifdef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + #else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); + #endif + + if (cipher_id) { + #ifndef NO_RSA + testCertFile = svrCertFile; + testKeyFile = svrKeyFile; + #elif defined(HAVE_ECC) + testCertFile = eccCertFile; + testKeyFile = eccKeyFile; + #else + testCertFile = NULL; + testKeyFile = NULL; + #endif + if (testCertFile != NULL && testKeyFile != NULL) { + ExpectTrue(SSL_CTX_use_certificate_file(ctx, testCertFile, + SSL_FILETYPE_PEM)); + ExpectTrue(SSL_CTX_use_PrivateKey_file(ctx, testKeyFile, + SSL_FILETYPE_PEM)); + } + + ExpectNotNull(ssl = SSL_new(ctx)); + ExpectIntEQ(SSL_in_init(ssl), 1); + + supportedCiphers = SSL_get_ciphers(ssl); + numCiphers = sk_num(supportedCiphers); + + for (i = 0; i < numCiphers; ++i) { + + if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) { + SSL_CIPHER_description(cipher, buf, sizeof(buf)); + } + + if (XMEMCMP(cipher_id, buf, XSTRLEN(cipher_id)) == 0) { + break; + } + } + /* test case for */ + if (i != numCiphers) { + ExpectIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid1); + ExpectIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid2); + ExpectIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid3); + ExpectIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid4); + ExpectIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid5); + } + + if (cipher_id2) { + + for (i = 0; i < numCiphers; ++i) { + + if ((cipher = (const WOLFSSL_CIPHER*)sk_value(supportedCiphers, i))) { + SSL_CIPHER_description(cipher, buf, sizeof(buf)); + } + + if (XMEMCMP(cipher_id2, buf, XSTRLEN(cipher_id2)) == 0) { + break; + } + } + /* test case for */ + if (i != numCiphers) { + ExpectIntEQ(wolfSSL_CIPHER_get_auth_nid(cipher), expect_nid21); + ExpectIntEQ(wolfSSL_CIPHER_get_cipher_nid(cipher), expect_nid22); + ExpectIntEQ(wolfSSL_CIPHER_get_digest_nid(cipher), expect_nid23); + ExpectIntEQ(wolfSSL_CIPHER_get_kx_nid(cipher), expect_nid24); + ExpectIntEQ(wolfSSL_CIPHER_is_aead(cipher), expect_nid25); + } + } + } + + SSL_CTX_free(ctx); + SSL_free(ssl); +#endif + + return EXPECT_RESULT(); +} + +#if defined(WOLF_CRYPTO_CB) && defined(HAVE_IO_TESTS_DEPENDENCIES) + +static int load_pem_key_file_as_der(const char* privKeyFile, DerBuffer** pDer, + int* keyFormat) +{ + int ret; + byte* key_buf = NULL; + size_t key_sz = 0; + EncryptedInfo encInfo; + + XMEMSET(&encInfo, 0, sizeof(encInfo)); + + ret = load_file(privKeyFile, &key_buf, &key_sz); + if (ret == 0) { + ret = wc_PemToDer(key_buf, key_sz, PRIVATEKEY_TYPE, pDer, + NULL, &encInfo, keyFormat); + } + + if (key_buf != NULL) { + free(key_buf); key_buf = NULL; + } + (void)encInfo; /* not used in this test */ + +#ifdef DEBUG_WOLFSSL + fprintf(stderr, "%s (%d): Loading PEM %s (len %d) to DER (len %d)\n", + (ret == 0) ? "Success" : "Failure", ret, privKeyFile, (int)key_sz, + (*pDer)->length); +#endif + + return ret; +} +static int test_CryptoCb_Func(int thisDevId, wc_CryptoInfo* info, void* ctx) +{ + int ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + const char* privKeyFile = (const char*)ctx; + DerBuffer* pDer = NULL; + int keyFormat = 0; + + if (info->algo_type == WC_ALGO_TYPE_PK) { + #ifdef DEBUG_WOLFSSL + fprintf(stderr, "test_CryptoCb_Func: Pk Type %d\n", info->pk.type); + #endif + + #ifndef NO_RSA + if (info->pk.type == WC_PK_TYPE_RSA) { + switch (info->pk.rsa.type) { + case RSA_PUBLIC_ENCRYPT: + case RSA_PUBLIC_DECRYPT: + /* perform software based RSA public op */ + ret = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); /* fallback to software */ + break; + case RSA_PRIVATE_ENCRYPT: + case RSA_PRIVATE_DECRYPT: + { + RsaKey key; + + /* perform software based RSA private op */ + #ifdef DEBUG_WOLFSSL + fprintf(stderr, "test_CryptoCb_Func: RSA Priv\n"); + #endif + + ret = load_pem_key_file_as_der(privKeyFile, &pDer, + &keyFormat); + if (ret != 0) { + return ret; + } + ret = wc_InitRsaKey(&key, HEAP_HINT); + if (ret == 0) { + word32 keyIdx = 0; + /* load RSA private key and perform private transform */ + ret = wc_RsaPrivateKeyDecode(pDer->buffer, &keyIdx, + &key, pDer->length); + if (ret == 0) { + ret = wc_RsaFunction( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, info->pk.rsa.outLen, + info->pk.rsa.type, &key, info->pk.rsa.rng); + } + else { + /* if decode fails, then fall-back to software based crypto */ + fprintf(stderr, "test_CryptoCb_Func: RSA private " + "key decode failed %d, falling back to " + "software\n", ret); + ret = CRYPTOCB_UNAVAILABLE; + } + wc_FreeRsaKey(&key); + } + wc_FreeDer(&pDer); pDer = NULL; + break; + } + } + #ifdef DEBUG_WOLFSSL + fprintf(stderr, "test_CryptoCb_Func: RSA Type %d, Ret %d, Out %d\n", + info->pk.rsa.type, ret, *info->pk.rsa.outLen); + #endif + } + #ifdef WOLF_CRYPTO_CB_RSA_PAD + else if (info->pk.type == WC_PK_TYPE_RSA_PKCS || + info->pk.type == WC_PK_TYPE_RSA_PSS || + info->pk.type == WC_PK_TYPE_RSA_OAEP) { + RsaKey key; + + if (info->pk.rsa.type == RSA_PUBLIC_ENCRYPT || + info->pk.rsa.type == RSA_PUBLIC_DECRYPT) { + /* Have all public key ops fall back to SW */ + return CRYPTOCB_UNAVAILABLE; + } + + if (info->pk.rsa.padding == NULL) { + return BAD_FUNC_ARG; + } + + /* Initialize key */ + ret = load_pem_key_file_as_der(privKeyFile, &pDer, + &keyFormat); + if (ret != 0) { + return ret; + } + + ret = wc_InitRsaKey(&key, HEAP_HINT); + if (ret == 0) { + word32 keyIdx = 0; + /* load RSA private key and perform private transform */ + ret = wc_RsaPrivateKeyDecode(pDer->buffer, &keyIdx, + &key, pDer->length); + } + /* Perform RSA operation */ + if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_PKCS)) { + #if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) + ret = wc_RsaSSL_Sign(info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, *info->pk.rsa.outLen, &key, + info->pk.rsa.rng); + #else + ret = CRYPTOCB_UNAVAILABLE; + #endif + } + if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_PSS)) { + #ifdef WC_RSA_PSS + ret = wc_RsaPSS_Sign_ex(info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, *info->pk.rsa.outLen, + info->pk.rsa.padding->hash, info->pk.rsa.padding->mgf, + info->pk.rsa.padding->saltLen, &key, info->pk.rsa.rng); + #else + ret = CRYPTOCB_UNAVAILABLE; + #endif + } + if ((ret == 0) && (info->pk.type == WC_PK_TYPE_RSA_OAEP)) { + #if !defined(WC_NO_RSA_OAEP) || defined(WC_RSA_NO_PADDING) + ret = wc_RsaPrivateDecrypt_ex( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, *info->pk.rsa.outLen, + &key, WC_RSA_OAEP_PAD, info->pk.rsa.padding->hash, + info->pk.rsa.padding->mgf, info->pk.rsa.padding->label, + info->pk.rsa.padding->labelSz); + #else + ret = CRYPTOCB_UNAVAILABLE; + #endif + } + + if (ret > 0) { + *info->pk.rsa.outLen = ret; + } + + wc_FreeRsaKey(&key); + wc_FreeDer(&pDer); pDer = NULL; + } + #endif /* ifdef WOLF_CRYPTO_CB_RSA_PAD */ + #endif /* !NO_RSA */ + #ifdef HAVE_ECC + if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) { + /* mark this key as ephemeral */ + if (info->pk.eckg.key != NULL) { + XSTRNCPY(info->pk.eckg.key->label, "ephemeral", + sizeof(info->pk.eckg.key->label)); + info->pk.eckg.key->labelLen = (int)XSTRLEN(info->pk.eckg.key->label); + } + } + else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { + ecc_key key; + + /* perform software based ECC sign */ + #ifdef DEBUG_WOLFSSL + fprintf(stderr, "test_CryptoCb_Func: ECC Sign\n"); + #endif + + if (info->pk.eccsign.key != NULL && + XSTRCMP(info->pk.eccsign.key->label, "ephemeral") == 0) { + /* this is an empheral key */ + #ifdef DEBUG_WOLFSSL + fprintf(stderr, "test_CryptoCb_Func: skipping signing op on " + "ephemeral key\n"); + #endif + return CRYPTOCB_UNAVAILABLE; + } + + ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat); + if (ret != 0) { + return ret; + } + + ret = wc_ecc_init(&key); + if (ret == 0) { + word32 keyIdx = 0; + /* load ECC private key and perform private transform */ + ret = wc_EccPrivateKeyDecode(pDer->buffer, &keyIdx, + &key, pDer->length); + if (ret == 0) { + ret = wc_ecc_sign_hash( + info->pk.eccsign.in, info->pk.eccsign.inlen, + info->pk.eccsign.out, info->pk.eccsign.outlen, + info->pk.eccsign.rng, &key); + } + else { + /* if decode fails, then fall-back to software based crypto */ + fprintf(stderr, "test_CryptoCb_Func: ECC private key " + "decode failed %d, falling back to software\n", ret); + ret = CRYPTOCB_UNAVAILABLE; + } + wc_ecc_free(&key); + } + wc_FreeDer(&pDer); pDer = NULL; + + #ifdef DEBUG_WOLFSSL + fprintf(stderr, "test_CryptoCb_Func: ECC Ret %d, Out %d\n", + ret, *info->pk.eccsign.outlen); + #endif + } + #endif /* HAVE_ECC */ + #ifdef HAVE_ED25519 + if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) { + ed25519_key key; + + /* perform software based ED25519 sign */ + #ifdef DEBUG_WOLFSSL + fprintf(stderr, "test_CryptoCb_Func: ED25519 Sign\n"); + #endif + + ret = load_pem_key_file_as_der(privKeyFile, &pDer, &keyFormat); + if (ret != 0) { + return ret; + } + ret = wc_ed25519_init(&key); + if (ret == 0) { + word32 keyIdx = 0; + /* load ED25519 private key and perform private transform */ + ret = wc_Ed25519PrivateKeyDecode(pDer->buffer, &keyIdx, + &key, pDer->length); + if (ret == 0) { + /* calculate public key */ + ret = wc_ed25519_make_public(&key, key.p, ED25519_PUB_KEY_SIZE); + if (ret == 0) { + key.pubKeySet = 1; + ret = wc_ed25519_sign_msg_ex( + info->pk.ed25519sign.in, info->pk.ed25519sign.inLen, + info->pk.ed25519sign.out, info->pk.ed25519sign.outLen, + &key, info->pk.ed25519sign.type, + info->pk.ed25519sign.context, + info->pk.ed25519sign.contextLen); + } + } + else { + /* if decode fails, then fall-back to software based crypto */ + fprintf(stderr, "test_CryptoCb_Func: ED25519 private key " + "decode failed %d, falling back to software\n", ret); + ret = CRYPTOCB_UNAVAILABLE; + } + wc_ed25519_free(&key); + } + wc_FreeDer(&pDer); pDer = NULL; + + #ifdef DEBUG_WOLFSSL + fprintf(stderr, "test_CryptoCb_Func: ED25519 Ret %d, Out %d\n", + ret, *info->pk.ed25519sign.outLen); + #endif + } + #endif /* HAVE_ED25519 */ + } +#ifdef WOLF_CRYPTO_CB_COPY + else if (info->algo_type == WC_ALGO_TYPE_COPY) { + #ifdef DEBUG_WOLFSSL + fprintf(stderr, "test_CryptoCb_Func: Copy Algo=%d Type=%d\n", + info->copy.algo, info->copy.type); + #endif + if (info->copy.algo == WC_ALGO_TYPE_HASH) { + switch (info->copy.type) { + #ifndef NO_SHA + case WC_HASH_TYPE_SHA: + { + wc_Sha* src = (wc_Sha*)info->copy.src; + wc_Sha* dst = (wc_Sha*)info->copy.dst; + src->devId = INVALID_DEVID; + ret = wc_ShaCopy(src, dst); + src->devId = thisDevId; + if (ret == 0) { + dst->devId = thisDevId; + } + break; + } + #endif + #ifdef WOLFSSL_SHA224 + case WC_HASH_TYPE_SHA224: + { + wc_Sha224* src = (wc_Sha224*)info->copy.src; + wc_Sha224* dst = (wc_Sha224*)info->copy.dst; + src->devId = INVALID_DEVID; + ret = wc_Sha224Copy(src, dst); + src->devId = thisDevId; + if (ret == 0) { + dst->devId = thisDevId; + } + break; + } + #endif + #ifndef NO_SHA256 + case WC_HASH_TYPE_SHA256: + { + wc_Sha256* src = (wc_Sha256*)info->copy.src; + wc_Sha256* dst = (wc_Sha256*)info->copy.dst; + /* set devId to invalid, so software is used */ + src->devId = INVALID_DEVID; + ret = wc_Sha256Copy(src, dst); + + /* reset devId */ + src->devId = thisDevId; + if (ret == 0) { + /* Set the devId of the destination to the same */ + /* since we used the software implementation of copy */ + /* so dst would have been set to INVALID_DEVID */ + dst->devId = thisDevId; + } + break; + } + #endif /* !NO_SHA256 */ + #ifdef WOLFSSL_SHA384 + case WC_HASH_TYPE_SHA384: + { + wc_Sha384* src = (wc_Sha384*)info->copy.src; + wc_Sha384* dst = (wc_Sha384*)info->copy.dst; + src->devId = INVALID_DEVID; + ret = wc_Sha384Copy(src, dst); + src->devId = thisDevId; + if (ret == 0) { + dst->devId = thisDevId; + } + break; + } + #endif + #ifdef WOLFSSL_SHA512 + case WC_HASH_TYPE_SHA512: + { + wc_Sha512* src = (wc_Sha512*)info->copy.src; + wc_Sha512* dst = (wc_Sha512*)info->copy.dst; + src->devId = INVALID_DEVID; + ret = wc_Sha512Copy(src, dst); + src->devId = thisDevId; + if (ret == 0) { + dst->devId = thisDevId; + } + break; + } + #endif + #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) + case WC_HASH_TYPE_SHA3_224: + { + wc_Sha3* src = (wc_Sha3*)info->copy.src; + wc_Sha3* dst = (wc_Sha3*)info->copy.dst; + src->devId = INVALID_DEVID; + ret = wc_Sha3_224_Copy(src, dst); + src->devId = thisDevId; + if (ret == 0) { + dst->devId = thisDevId; + } + break; + } + #endif + #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + case WC_HASH_TYPE_SHA3_256: + { + wc_Sha3* src = (wc_Sha3*)info->copy.src; + wc_Sha3* dst = (wc_Sha3*)info->copy.dst; + src->devId = INVALID_DEVID; + ret = wc_Sha3_256_Copy(src, dst); + src->devId = thisDevId; + if (ret == 0) { + dst->devId = thisDevId; + } + break; + } + #endif + #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) + case WC_HASH_TYPE_SHA3_384: + { + wc_Sha3* src = (wc_Sha3*)info->copy.src; + wc_Sha3* dst = (wc_Sha3*)info->copy.dst; + src->devId = INVALID_DEVID; + ret = wc_Sha3_384_Copy(src, dst); + src->devId = thisDevId; + if (ret == 0) { + dst->devId = thisDevId; + } + break; + } + #endif + #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) + case WC_HASH_TYPE_SHA3_512: + { + wc_Sha3* src = (wc_Sha3*)info->copy.src; + wc_Sha3* dst = (wc_Sha3*)info->copy.dst; + src->devId = INVALID_DEVID; + ret = wc_Sha3_512_Copy(src, dst); + src->devId = thisDevId; + if (ret == 0) { + dst->devId = thisDevId; + } + break; + } + #endif + default: + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + break; + } + } + else { + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + } + } +#endif /* WOLF_CRYPTO_CB_COPY */ +#ifdef WOLF_CRYPTO_CB_FREE + else if (info->algo_type == WC_ALGO_TYPE_FREE) { + #ifdef DEBUG_WOLFSSL + fprintf(stderr, "test_CryptoCb_Func: Free Algo=%d Type=%d\n", + info->free.algo, info->free.type); + #endif + + if (info->free.algo == WC_ALGO_TYPE_HASH) { + switch (info->free.type) { + #ifndef NO_SHA + case WC_HASH_TYPE_SHA: + { + wc_Sha* sha = (wc_Sha*)info->free.obj; + sha->devId = INVALID_DEVID; + wc_ShaFree(sha); + ret = 0; + break; + } + #endif + #ifdef WOLFSSL_SHA224 + case WC_HASH_TYPE_SHA224: + { + wc_Sha224* sha = (wc_Sha224*)info->free.obj; + sha->devId = INVALID_DEVID; + wc_Sha224Free(sha); + ret = 0; + break; + } + #endif + #ifndef NO_SHA256 + case WC_HASH_TYPE_SHA256: + { + wc_Sha256* sha = (wc_Sha256*)info->free.obj; + + /* set devId to invalid, so software is used */ + sha->devId = INVALID_DEVID; + + /* Call the actual free function */ + wc_Sha256Free(sha); + + /* Note: devId doesn't need to be restored as object is freed */ + ret = 0; + break; + } + #endif + #ifdef WOLFSSL_SHA384 + case WC_HASH_TYPE_SHA384: + { + wc_Sha384* sha = (wc_Sha384*)info->free.obj; + sha->devId = INVALID_DEVID; + wc_Sha384Free(sha); + ret = 0; + break; + } + #endif + #ifdef WOLFSSL_SHA512 + case WC_HASH_TYPE_SHA512: + { + wc_Sha512* sha = (wc_Sha512*)info->free.obj; + sha->devId = INVALID_DEVID; + wc_Sha512Free(sha); + ret = 0; + break; + } + #endif + #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) + case WC_HASH_TYPE_SHA3_224: + { + wc_Sha3* sha = (wc_Sha3*)info->free.obj; + sha->devId = INVALID_DEVID; + wc_Sha3_224_Free(sha); + ret = 0; + break; + } + #endif + #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + case WC_HASH_TYPE_SHA3_256: + { + wc_Sha3* sha = (wc_Sha3*)info->free.obj; + sha->devId = INVALID_DEVID; + wc_Sha3_256_Free(sha); + ret = 0; + break; + } + #endif + #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) + case WC_HASH_TYPE_SHA3_384: + { + wc_Sha3* sha = (wc_Sha3*)info->free.obj; + sha->devId = INVALID_DEVID; + wc_Sha3_384_Free(sha); + ret = 0; + break; + } + #endif + #if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) + case WC_HASH_TYPE_SHA3_512: + { + wc_Sha3* sha = (wc_Sha3*)info->free.obj; + sha->devId = INVALID_DEVID; + wc_Sha3_512_Free(sha); + ret = 0; + break; + } + #endif + default: + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + break; + } + } + else { + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + } + } +#endif /* WOLF_CRYPTO_CB_FREE */ + (void)thisDevId; + (void)keyFormat; + + return ret; +} + +/* tlsVer: WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */ +static int test_wc_CryptoCb_TLS(int tlsVer, + const char* cliCaPemFile, const char* cliCertPemFile, + const char* cliPrivKeyPemFile, const char* cliPubKeyPemFile, + const char* svrCaPemFile, const char* svrCertPemFile, + const char* svrPrivKeyPemFile, const char* svrPubKeyPemFile) +{ + EXPECT_DECLS; + callback_functions client_cbf; + callback_functions server_cbf; + + XMEMSET(&client_cbf, 0, sizeof(client_cbf)); + XMEMSET(&server_cbf, 0, sizeof(server_cbf)); + + if (tlsVer == WOLFSSL_TLSV1_3) { + #ifdef WOLFSSL_TLS13 + server_cbf.method = wolfTLSv1_3_server_method; + client_cbf.method = wolfTLSv1_3_client_method; + #endif + } + else if (tlsVer == WOLFSSL_TLSV1_2) { + #ifndef WOLFSSL_NO_TLS12 + server_cbf.method = wolfTLSv1_2_server_method; + client_cbf.method = wolfTLSv1_2_client_method; + #endif + } + else if (tlsVer == WOLFSSL_TLSV1_1) { + #ifndef NO_OLD_TLS + server_cbf.method = wolfTLSv1_1_server_method; + client_cbf.method = wolfTLSv1_1_client_method; + #endif + } + else if (tlsVer == WOLFSSL_TLSV1) { + #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10) + server_cbf.method = wolfTLSv1_server_method; + client_cbf.method = wolfTLSv1_client_method; + #endif + } + else if (tlsVer == WOLFSSL_SSLV3) { + #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) && \ + defined(WOLFSSL_STATIC_RSA) + server_cbf.method = wolfSSLv3_server_method; + client_cbf.method = wolfSSLv3_client_method; + #endif + } + else if (tlsVer == WOLFSSL_DTLSV1_2) { + #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) + server_cbf.method = wolfDTLSv1_2_server_method; + client_cbf.method = wolfDTLSv1_2_client_method; + #endif + } + else if (tlsVer == WOLFSSL_DTLSV1) { + #if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS) + server_cbf.method = wolfDTLSv1_server_method; + client_cbf.method = wolfDTLSv1_client_method; + #endif + } + + if (server_cbf.method == NULL) { + /* not enabled */ + return TEST_SUCCESS; + } + + /* Setup the keys for the TLS test */ + client_cbf.certPemFile = cliCertPemFile; + client_cbf.keyPemFile = cliPubKeyPemFile; + client_cbf.caPemFile = cliCaPemFile; + + server_cbf.certPemFile = svrCertPemFile; + server_cbf.keyPemFile = svrPubKeyPemFile; + server_cbf.caPemFile = svrCaPemFile; + + /* Setup a crypto callback with pointer to private key file for testing */ + client_cbf.devId = 1; + wc_CryptoCb_RegisterDevice(client_cbf.devId, test_CryptoCb_Func, + (void*)cliPrivKeyPemFile); + server_cbf.devId = 2; + wc_CryptoCb_RegisterDevice(server_cbf.devId, test_CryptoCb_Func, + (void*)svrPrivKeyPemFile); + + /* Perform TLS server and client test */ + /* First test is at WOLFSSL_CTX level */ + test_wolfSSL_client_server(&client_cbf, &server_cbf); + /* Check for success */ + ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS); + ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS); + + if (EXPECT_SUCCESS()) { + /* Second test is a WOLFSSL object level */ + client_cbf.loadToSSL = 1; server_cbf.loadToSSL = 1; + test_wolfSSL_client_server(&client_cbf, &server_cbf); + } + + /* Check for success */ + ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS); + ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS); + + /* Un register the devId's */ + wc_CryptoCb_UnRegisterDevice(client_cbf.devId); + client_cbf.devId = INVALID_DEVID; + wc_CryptoCb_UnRegisterDevice(server_cbf.devId); + server_cbf.devId = INVALID_DEVID; + + return EXPECT_RESULT(); +} +#endif /* WOLF_CRYPTO_CB && HAVE_IO_TESTS_DEPENDENCIES */ + +static int test_wc_CryptoCb(void) +{ + EXPECT_DECLS; +#ifdef WOLF_CRYPTO_CB + /* TODO: Add crypto callback API tests */ + +#ifdef HAVE_IO_TESTS_DEPENDENCIES + #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) + int tlsVer; + #endif + + #ifndef NO_RSA + for (tlsVer = WOLFSSL_SSLV3; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) { + ExpectIntEQ(test_wc_CryptoCb_TLS(tlsVer, + svrCertFile, cliCertFile, cliKeyFile, cliKeyPubFile, + cliCertFile, svrCertFile, svrKeyFile, svrKeyPubFile), + TEST_SUCCESS); + } + #endif + #ifdef HAVE_ECC + for (tlsVer = WOLFSSL_TLSV1; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) { + ExpectIntEQ(test_wc_CryptoCb_TLS(tlsVer, + caEccCertFile, cliEccCertFile, cliEccKeyFile, cliEccKeyPubFile, + cliEccCertFile, eccCertFile, eccKeyFile, eccKeyPubFile), + TEST_SUCCESS); + } + #endif + #ifdef HAVE_ED25519 + for (tlsVer = WOLFSSL_TLSV1_2; tlsVer <= WOLFSSL_DTLSV1_2; tlsVer++) { + if (tlsVer == WOLFSSL_DTLSV1) continue; + ExpectIntEQ(test_wc_CryptoCb_TLS(tlsVer, + caEdCertFile, cliEdCertFile, cliEdKeyFile, cliEdKeyPubFile, + cliEdCertFile, edCertFile, edKeyFile, edKeyPubFile), + TEST_SUCCESS); + } + #endif +#endif /* HAVE_IO_TESTS_DEPENDENCIES */ +#endif /* WOLF_CRYPTO_CB */ + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_STATIC_MEMORY) && defined(HAVE_IO_TESTS_DEPENDENCIES) + +/* tlsVer: Example: WOLFSSL_TLSV1_2 or WOLFSSL_TLSV1_3 */ +static int test_wolfSSL_CTX_StaticMemory_TLS(int tlsVer, + const char* cliCaPemFile, const char* cliCertPemFile, + const char* cliPrivKeyPemFile, + const char* svrCaPemFile, const char* svrCertPemFile, + const char* svrPrivKeyPemFile, + byte* cliMem, word32 cliMemSz, byte* svrMem, word32 svrMemSz) +{ + EXPECT_DECLS; + callback_functions client_cbf; + callback_functions server_cbf; + + XMEMSET(&client_cbf, 0, sizeof(client_cbf)); + XMEMSET(&server_cbf, 0, sizeof(server_cbf)); + + if (tlsVer == WOLFSSL_TLSV1_3) { + #ifdef WOLFSSL_TLS13 + server_cbf.method_ex = wolfTLSv1_3_server_method_ex; + client_cbf.method_ex = wolfTLSv1_3_client_method_ex; + #endif + } + else if (tlsVer == WOLFSSL_TLSV1_2) { + #ifndef WOLFSSL_NO_TLS12 + server_cbf.method_ex = wolfTLSv1_2_server_method_ex; + client_cbf.method_ex = wolfTLSv1_2_client_method_ex; + #endif + } + else if (tlsVer == WOLFSSL_TLSV1_1) { + #ifndef NO_OLD_TLS + server_cbf.method_ex = wolfTLSv1_1_server_method_ex; + client_cbf.method_ex = wolfTLSv1_1_client_method_ex; + #endif + } + else if (tlsVer == WOLFSSL_TLSV1) { + #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_TLSV10) + server_cbf.method_ex = wolfTLSv1_server_method_ex; + client_cbf.method_ex = wolfTLSv1_client_method_ex; + #endif + } + else if (tlsVer == WOLFSSL_SSLV3) { + #if !defined(NO_OLD_TLS) && defined(WOLFSSL_ALLOW_SSLV3) && \ + defined(WOLFSSL_STATIC_RSA) + server_cbf.method_ex = wolfSSLv3_server_method_ex; + client_cbf.method_ex = wolfSSLv3_client_method_ex; + #endif + } + else if (tlsVer == WOLFSSL_DTLSV1_2) { + #if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) + server_cbf.method_ex = wolfDTLSv1_2_server_method_ex; + client_cbf.method_ex = wolfDTLSv1_2_client_method_ex; + #endif + } + else if (tlsVer == WOLFSSL_DTLSV1) { + #if defined(WOLFSSL_DTLS) && !defined(NO_OLD_TLS) + server_cbf.method_ex = wolfDTLSv1_server_method_ex; + client_cbf.method_ex = wolfDTLSv1_client_method_ex; + #endif + } + + if (server_cbf.method_ex == NULL) { + /* not enabled */ + return TEST_SUCCESS; + } + + /* Setup the keys for the TLS test */ + client_cbf.certPemFile = cliCertPemFile; + client_cbf.keyPemFile = cliPrivKeyPemFile; + client_cbf.caPemFile = cliCaPemFile; + + server_cbf.certPemFile = svrCertPemFile; + server_cbf.keyPemFile = svrPrivKeyPemFile; + server_cbf.caPemFile = svrCaPemFile; + + client_cbf.mem = cliMem; + client_cbf.memSz = cliMemSz; + server_cbf.mem = svrMem; + server_cbf.memSz = svrMemSz; + + client_cbf.devId = INVALID_DEVID; + server_cbf.devId = INVALID_DEVID; + + /* Perform TLS server and client test */ + /* First test is at WOLFSSL_CTX level */ + test_wolfSSL_client_server(&client_cbf, &server_cbf); + /* Check for success */ + ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS); + ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS); + + if (EXPECT_SUCCESS()) { + /* Second test is a WOLFSSL object level */ + client_cbf.loadToSSL = 1; server_cbf.loadToSSL = 1; + test_wolfSSL_client_server(&client_cbf, &server_cbf); + } + + /* Check for success */ + ExpectIntEQ(server_cbf.return_code, TEST_SUCCESS); + ExpectIntEQ(client_cbf.return_code, TEST_SUCCESS); + + return EXPECT_RESULT(); +} +#endif /* WOLFSSL_STATIC_MEMORY && HAVE_IO_TESTS_DEPENDENCIES */ + +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) +static int test_wolfSSL_CTX_StaticMemory_SSL(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + WOLFSSL *ssl1 = NULL, *ssl2 = NULL, *ssl3 = NULL; + WOLFSSL_MEM_STATS mem_stats; + WOLFSSL_MEM_CONN_STATS ssl_stats; + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_RSA) + ExpectIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif + + ExpectNotNull((ssl1 = wolfSSL_new(ctx))); + ExpectNotNull((ssl2 = wolfSSL_new(ctx))); + +#ifndef WOLFSSL_STATIC_MEMORY_LEAN + /* this should fail because kMaxCtxClients == 2 */ + ExpectNull((ssl3 = wolfSSL_new(ctx))); +#else + (void)ssl3; +#endif + + if (wolfSSL_is_static_memory(ssl1, &ssl_stats) == 1) { + #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) + wolfSSL_PrintStatsConn(&ssl_stats); + #endif + (void)ssl_stats; + } + + /* display collected statistics */ + if (wolfSSL_CTX_is_static_memory(ctx, &mem_stats) == 1) { + #if defined(DEBUG_WOLFSSL) && !defined(WOLFSSL_STATIC_MEMORY_LEAN) + wolfSSL_PrintStats(&mem_stats); + #endif + (void)mem_stats; + } + + wolfSSL_free(ssl1); + wolfSSL_free(ssl2); + + return EXPECT_RESULT(); +} +#endif /* WOLFSSL_STATIC_MEMORY && !WOLFCRYPT_ONLY */ + +static int test_wolfSSL_CTX_StaticMemory(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(WOLFCRYPT_ONLY) + wolfSSL_method_func method_func; + WOLFSSL_CTX* ctx; + const int kMaxCtxClients = 2; + #ifdef HAVE_IO_TESTS_DEPENDENCIES + #if !defined(NO_RSA) || defined(HAVE_ECC) || defined(HAVE_ED25519) + int tlsVer; + byte cliMem[TEST_TLS_STATIC_MEMSZ]; + #endif + #endif + byte svrMem[TEST_TLS_STATIC_MEMSZ]; + +#ifndef NO_WOLFSSL_SERVER + #ifndef WOLFSSL_NO_TLS12 + method_func = wolfTLSv1_2_server_method_ex; + #else + method_func = wolfTLSv1_3_server_method_ex; + #endif +#else + #ifndef WOLFSSL_NO_TLS12 + method_func = wolfTLSv1_2_client_method_ex; + #else + method_func = wolfTLSv1_3_client_method_ex; + #endif +#endif + + /* Test creating CTX directly from static memory pool */ + ctx = NULL; + ExpectIntEQ(wolfSSL_CTX_load_static_memory(&ctx, method_func, svrMem, + sizeof(svrMem), 0, kMaxCtxClients), WOLFSSL_SUCCESS); + ExpectIntEQ(test_wolfSSL_CTX_StaticMemory_SSL(ctx), TEST_SUCCESS); + wolfSSL_CTX_free(ctx); + ctx = NULL; + + /* Test for heap allocated CTX, then assigning static pool to it */ + ExpectNotNull(ctx = wolfSSL_CTX_new(method_func(NULL))); + ExpectIntEQ(wolfSSL_CTX_load_static_memory(&ctx, NULL, svrMem, + sizeof(svrMem), 0, kMaxCtxClients), WOLFSSL_SUCCESS); + ExpectIntEQ(test_wolfSSL_CTX_StaticMemory_SSL(ctx), TEST_SUCCESS); + wolfSSL_CTX_free(ctx); + + /* TLS Level Tests using static memory */ +#ifdef HAVE_IO_TESTS_DEPENDENCIES + #ifndef NO_RSA + for (tlsVer = WOLFSSL_SSLV3; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) { + ExpectIntEQ(test_wolfSSL_CTX_StaticMemory_TLS(tlsVer, + svrCertFile, cliCertFile, cliKeyFile, + cliCertFile, svrCertFile, svrKeyFile, + cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem)), + TEST_SUCCESS); + } + #endif + #ifdef HAVE_ECC + for (tlsVer = WOLFSSL_TLSV1; tlsVer <= WOLFSSL_DTLSV1; tlsVer++) { + ExpectIntEQ(test_wolfSSL_CTX_StaticMemory_TLS(tlsVer, + caEccCertFile, cliEccCertFile, cliEccKeyFile, + cliEccCertFile, eccCertFile, eccKeyFile, + cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem)), + TEST_SUCCESS); + } + #endif + #ifdef HAVE_ED25519 + for (tlsVer = WOLFSSL_TLSV1_2; tlsVer <= WOLFSSL_DTLSV1_2; tlsVer++) { + if (tlsVer == WOLFSSL_DTLSV1) continue; + ExpectIntEQ(test_wolfSSL_CTX_StaticMemory_TLS(tlsVer, + caEdCertFile, cliEdCertFile, cliEdKeyFile, + cliEdCertFile, edCertFile, edKeyFile, + cliMem, (word32)sizeof(cliMem), svrMem, (word32)sizeof(svrMem)), + TEST_SUCCESS); + } + #endif +#endif /* HAVE_IO_TESTS_DEPENDENCIES */ +#endif /* WOLFSSL_STATIC_MEMORY && !WOLFCRYPT_ONLY */ + return EXPECT_RESULT(); +} + +static int test_openssl_FIPS_drbg(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(WC_NO_RNG) && defined(HAVE_HASHDRBG) + DRBG_CTX* dctx = NULL; + byte data1[32], data2[32], zeroData[32]; + byte testSeed[16]; + size_t dlen = sizeof(data1); + int i; + + XMEMSET(data1, 0, dlen); + XMEMSET(data2, 0, dlen); + XMEMSET(zeroData, 0, sizeof(zeroData)); + for (i = 0; i < (int)sizeof(testSeed); i++) { + testSeed[i] = (byte)i; + } + + ExpectNotNull(dctx = FIPS_get_default_drbg()); + ExpectIntEQ(FIPS_drbg_init(dctx, 0, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(FIPS_drbg_set_callbacks(dctx, NULL, NULL, 20, NULL, NULL), + WOLFSSL_SUCCESS); + ExpectIntEQ(FIPS_drbg_instantiate(dctx, NULL, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(FIPS_drbg_generate(dctx, data1, dlen, 0, NULL, 0), + WOLFSSL_SUCCESS); + ExpectIntNE(XMEMCMP(data1, zeroData, dlen), 0); + ExpectIntEQ(FIPS_drbg_reseed(dctx, testSeed, sizeof(testSeed)), + WOLFSSL_SUCCESS); + ExpectIntEQ(FIPS_drbg_generate(dctx, data2, dlen, 0, NULL, 0), + WOLFSSL_SUCCESS); + ExpectIntNE(XMEMCMP(data1, zeroData, dlen), 0); + ExpectIntNE(XMEMCMP(data1, data2, dlen), 0); + ExpectIntEQ(FIPS_drbg_uninstantiate(dctx), WOLFSSL_SUCCESS); +#ifndef HAVE_GLOBAL_RNG + /* gets freed by wolfSSL_Cleanup() when HAVE_GLOBAL_RNG defined */ + wolfSSL_FIPS_drbg_free(dctx); +#endif +#endif + return EXPECT_RESULT(); +} + +static int test_wolfSSL_FIPS_mode(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) +#ifdef HAVE_FIPS + ExpectIntEQ(wolfSSL_FIPS_mode(), 1); + ExpectIntEQ(wolfSSL_FIPS_mode_set(0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_FIPS_mode_set(1), WOLFSSL_SUCCESS); +#else + ExpectIntEQ(wolfSSL_FIPS_mode(), 0); + ExpectIntEQ(wolfSSL_FIPS_mode_set(0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_FIPS_mode_set(1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif +#endif + return EXPECT_RESULT(); +} + +#ifdef WOLFSSL_DTLS + +/* Prints out the current window */ +static void DUW_TEST_print_window_binary(word32 h, word32 l, word32* w) { +#ifdef WOLFSSL_DEBUG_DTLS_WINDOW + int i; + for (i = WOLFSSL_DTLS_WINDOW_WORDS - 1; i >= 0; i--) { + word32 b = w[i]; + int j; + /* Prints out a 32 bit binary number in big endian order */ + for (j = 0; j < 32; j++, b <<= 1) { + if (b & (((word32)1) << 31)) + fprintf(stderr, "1"); + else + fprintf(stderr, "0"); + } + fprintf(stderr, " "); + } + fprintf(stderr, "cur_hi %u cur_lo %u\n", h, l); +#else + (void)h; + (void)l; + (void)w; +#endif +} + +/* a - cur_hi + * b - cur_lo + * c - next_hi + * d - next_lo + * e - window + * f - expected next_hi + * g - expected next_lo + * h - expected window[1] + * i - expected window[0] + */ +#define DUW_TEST(a,b,c,d,e,f,g,h,i) do { \ + ExpectIntEQ(wolfSSL_DtlsUpdateWindow((a), (b), &(c), &(d), (e)), 1); \ + DUW_TEST_print_window_binary((a), (b), (e)); \ + ExpectIntEQ((c), (f)); \ + ExpectIntEQ((d), (g)); \ + ExpectIntEQ((e)[1], (h)); \ + ExpectIntEQ((e)[0], (i)); \ +} while (0) + +static int test_wolfSSL_DtlsUpdateWindow(void) +{ + EXPECT_DECLS; + word32 window[WOLFSSL_DTLS_WINDOW_WORDS]; + word32 next_lo = 0; + word16 next_hi = 0; + +#ifdef WOLFSSL_DEBUG_DTLS_WINDOW + fprintf(stderr, "\n"); +#endif + + XMEMSET(window, 0, sizeof window); + DUW_TEST(0, 0, next_hi, next_lo, window, 0, 1, 0, 0x01); + DUW_TEST(0, 1, next_hi, next_lo, window, 0, 2, 0, 0x03); + DUW_TEST(0, 5, next_hi, next_lo, window, 0, 6, 0, 0x31); + DUW_TEST(0, 4, next_hi, next_lo, window, 0, 6, 0, 0x33); + DUW_TEST(0, 100, next_hi, next_lo, window, 0, 101, 0, 0x01); + DUW_TEST(0, 101, next_hi, next_lo, window, 0, 102, 0, 0x03); + DUW_TEST(0, 133, next_hi, next_lo, window, 0, 134, 0x03, 0x01); + DUW_TEST(0, 200, next_hi, next_lo, window, 0, 201, 0, 0x01); + DUW_TEST(0, 264, next_hi, next_lo, window, 0, 265, 0, 0x01); + DUW_TEST(0, 0xFFFFFFFF, next_hi, next_lo, window, 1, 0, 0, 0x01); + DUW_TEST(0, 0xFFFFFFFD, next_hi, next_lo, window, 1, 0, 0, 0x05); + DUW_TEST(0, 0xFFFFFFFE, next_hi, next_lo, window, 1, 0, 0, 0x07); + DUW_TEST(1, 3, next_hi, next_lo, window, 1, 4, 0, 0x71); + DUW_TEST(1, 0, next_hi, next_lo, window, 1, 4, 0, 0x79); + DUW_TEST(1, 0xFFFFFFFF, next_hi, next_lo, window, 2, 0, 0, 0x01); + DUW_TEST(2, 3, next_hi, next_lo, window, 2, 4, 0, 0x11); + DUW_TEST(2, 0, next_hi, next_lo, window, 2, 4, 0, 0x19); + DUW_TEST(2, 25, next_hi, next_lo, window, 2, 26, 0, 0x6400001); + DUW_TEST(2, 27, next_hi, next_lo, window, 2, 28, 0, 0x19000005); + DUW_TEST(2, 29, next_hi, next_lo, window, 2, 30, 0, 0x64000015); + DUW_TEST(2, 33, next_hi, next_lo, window, 2, 34, 6, 0x40000151); + DUW_TEST(2, 60, next_hi, next_lo, window, 2, 61, 0x3200000A, 0x88000001); + DUW_TEST(1, 0xFFFFFFF0, next_hi, next_lo, window, 2, 61, 0x3200000A, 0x88000001); + DUW_TEST(2, 0xFFFFFFFD, next_hi, next_lo, window, 2, 0xFFFFFFFE, 0, 0x01); + DUW_TEST(3, 1, next_hi, next_lo, window, 3, 2, 0, 0x11); + DUW_TEST(99, 66, next_hi, next_lo, window, 99, 67, 0, 0x01); + DUW_TEST(50, 66, next_hi, next_lo, window, 99, 67, 0, 0x01); + DUW_TEST(100, 68, next_hi, next_lo, window, 100, 69, 0, 0x01); + DUW_TEST(99, 50, next_hi, next_lo, window, 100, 69, 0, 0x01); + DUW_TEST(99, 0xFFFFFFFF, next_hi, next_lo, window, 100, 69, 0, 0x01); + DUW_TEST(150, 0xFFFFFFFF, next_hi, next_lo, window, 151, 0, 0, 0x01); + DUW_TEST(152, 0xFFFFFFFF, next_hi, next_lo, window, 153, 0, 0, 0x01); + + return EXPECT_RESULT(); +} +#endif /* WOLFSSL_DTLS */ + +#ifdef WOLFSSL_DTLS +static int DFB_TEST(WOLFSSL* ssl, word32 seq, word32 len, word32 f_offset, + word32 f_len, word32 f_count, byte ready, word32 bytesReceived) +{ + DtlsMsg* cur; + static byte msg[100]; + static byte msgInit = 0; + + if (!msgInit) { + int i; + for (i = 0; i < 100; i++) + msg[i] = i + 1; + msgInit = 1; + } + + /* Sanitize test parameters */ + if (len > sizeof(msg)) + return -1; + if (f_offset + f_len > sizeof(msg)) + return -1; + + DtlsMsgStore(ssl, 0, seq, msg + f_offset, len, certificate, f_offset, f_len, NULL); + + if (ssl->dtls_rx_msg_list == NULL) + return -100; + + if ((cur = DtlsMsgFind(ssl->dtls_rx_msg_list, 0, seq)) == NULL) + return -200; + if (cur->fragBucketListCount != f_count) + return -300; + if (cur->ready != ready) + return -400; + if (cur->bytesReceived != bytesReceived) + return -500; + if (ready) { + if (cur->fragBucketList != NULL) + return -600; + if (XMEMCMP(cur->fullMsg, msg, cur->sz) != 0) + return -700; + } + else { + DtlsFragBucket* fb; + if (cur->fragBucketList == NULL) + return -800; + for (fb = cur->fragBucketList; fb != NULL; fb = fb->m.m.next) { + if (XMEMCMP(fb->buf, msg + fb->m.m.offset, fb->m.m.sz) != 0) + return -900; + } + } + return 0; +} + +static int test_wolfSSL_DTLS_fragment_buckets(void) +{ + EXPECT_DECLS; + WOLFSSL ssl[1]; + + XMEMSET(ssl, 0, sizeof(*ssl)); + + ExpectIntEQ(DFB_TEST(ssl, 0, 100, 0, 100, 0, 1, 100), 0); /* 0-100 */ + + ExpectIntEQ(DFB_TEST(ssl, 1, 100, 0, 20, 1, 0, 20), 0); /* 0-20 */ + ExpectIntEQ(DFB_TEST(ssl, 1, 100, 20, 20, 1, 0, 40), 0); /* 20-40 */ + ExpectIntEQ(DFB_TEST(ssl, 1, 100, 40, 20, 1, 0, 60), 0); /* 40-60 */ + ExpectIntEQ(DFB_TEST(ssl, 1, 100, 60, 20, 1, 0, 80), 0); /* 60-80 */ + ExpectIntEQ(DFB_TEST(ssl, 1, 100, 80, 20, 0, 1, 100), 0); /* 80-100 */ + + /* Test all permutations of 3 regions */ + /* 1 2 3 */ + ExpectIntEQ(DFB_TEST(ssl, 2, 100, 0, 30, 1, 0, 30), 0); /* 0-30 */ + ExpectIntEQ(DFB_TEST(ssl, 2, 100, 30, 30, 1, 0, 60), 0); /* 30-60 */ + ExpectIntEQ(DFB_TEST(ssl, 2, 100, 60, 40, 0, 1, 100), 0); /* 60-100 */ + /* 1 3 2 */ + ExpectIntEQ(DFB_TEST(ssl, 3, 100, 0, 30, 1, 0, 30), 0); /* 0-30 */ + ExpectIntEQ(DFB_TEST(ssl, 3, 100, 60, 40, 2, 0, 70), 0); /* 60-100 */ + ExpectIntEQ(DFB_TEST(ssl, 3, 100, 30, 30, 0, 1, 100), 0); /* 30-60 */ + /* 2 1 3 */ + ExpectIntEQ(DFB_TEST(ssl, 4, 100, 30, 30, 1, 0, 30), 0); /* 30-60 */ + ExpectIntEQ(DFB_TEST(ssl, 4, 100, 0, 30, 1, 0, 60), 0); /* 0-30 */ + ExpectIntEQ(DFB_TEST(ssl, 4, 100, 60, 40, 0, 1, 100), 0); /* 60-100 */ + /* 2 3 1 */ + ExpectIntEQ(DFB_TEST(ssl, 5, 100, 30, 30, 1, 0, 30), 0); /* 30-60 */ + ExpectIntEQ(DFB_TEST(ssl, 5, 100, 60, 40, 1, 0, 70), 0); /* 60-100 */ + ExpectIntEQ(DFB_TEST(ssl, 5, 100, 0, 30, 0, 1, 100), 0); /* 0-30 */ + /* 3 1 2 */ + ExpectIntEQ(DFB_TEST(ssl, 6, 100, 60, 40, 1, 0, 40), 0); /* 60-100 */ + ExpectIntEQ(DFB_TEST(ssl, 6, 100, 0, 30, 2, 0, 70), 0); /* 0-30 */ + ExpectIntEQ(DFB_TEST(ssl, 6, 100, 30, 30, 0, 1, 100), 0); /* 30-60 */ + /* 3 2 1 */ + ExpectIntEQ(DFB_TEST(ssl, 7, 100, 60, 40, 1, 0, 40), 0); /* 60-100 */ + ExpectIntEQ(DFB_TEST(ssl, 7, 100, 30, 30, 1, 0, 70), 0); /* 30-60 */ + ExpectIntEQ(DFB_TEST(ssl, 7, 100, 0, 30, 0, 1, 100), 0); /* 0-30 */ + + /* Test overlapping regions */ + ExpectIntEQ(DFB_TEST(ssl, 8, 100, 0, 30, 1, 0, 30), 0); /* 0-30 */ + ExpectIntEQ(DFB_TEST(ssl, 8, 100, 20, 10, 1, 0, 30), 0); /* 20-30 */ + ExpectIntEQ(DFB_TEST(ssl, 8, 100, 70, 10, 2, 0, 40), 0); /* 70-80 */ + ExpectIntEQ(DFB_TEST(ssl, 8, 100, 20, 30, 2, 0, 60), 0); /* 20-50 */ + ExpectIntEQ(DFB_TEST(ssl, 8, 100, 40, 60, 0, 1, 100), 0); /* 40-100 */ + + /* Test overlapping multiple regions */ + ExpectIntEQ(DFB_TEST(ssl, 9, 100, 0, 20, 1, 0, 20), 0); /* 0-20 */ + ExpectIntEQ(DFB_TEST(ssl, 9, 100, 30, 5, 2, 0, 25), 0); /* 30-35 */ + ExpectIntEQ(DFB_TEST(ssl, 9, 100, 40, 5, 3, 0, 30), 0); /* 40-45 */ + ExpectIntEQ(DFB_TEST(ssl, 9, 100, 50, 5, 4, 0, 35), 0); /* 50-55 */ + ExpectIntEQ(DFB_TEST(ssl, 9, 100, 60, 5, 5, 0, 40), 0); /* 60-65 */ + ExpectIntEQ(DFB_TEST(ssl, 9, 100, 70, 5, 6, 0, 45), 0); /* 70-75 */ + ExpectIntEQ(DFB_TEST(ssl, 9, 100, 30, 25, 4, 0, 55), 0); /* 30-55 */ + ExpectIntEQ(DFB_TEST(ssl, 9, 100, 55, 15, 2, 0, 65), 0); /* 55-70 */ + ExpectIntEQ(DFB_TEST(ssl, 9, 100, 75, 25, 2, 0, 90), 0); /* 75-100 */ + ExpectIntEQ(DFB_TEST(ssl, 9, 100, 10, 25, 0, 1, 100), 0); /* 10-35 */ + + ExpectIntEQ(DFB_TEST(ssl, 10, 100, 0, 20, 1, 0, 20), 0); /* 0-20 */ + ExpectIntEQ(DFB_TEST(ssl, 10, 100, 30, 20, 2, 0, 40), 0); /* 30-50 */ + ExpectIntEQ(DFB_TEST(ssl, 10, 100, 0, 40, 1, 0, 50), 0); /* 0-40 */ + ExpectIntEQ(DFB_TEST(ssl, 10, 100, 50, 50, 0, 1, 100), 0); /* 10-35 */ + + DtlsMsgListDelete(ssl->dtls_rx_msg_list, ssl->heap); + ssl->dtls_rx_msg_list = NULL; + ssl->dtls_rx_msg_list_sz = 0; + + return EXPECT_RESULT(); +} + +#endif + + +#if !defined(NO_FILESYSTEM) && \ + defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_RSA) + +static int test_wolfSSL_dtls_stateless2(void) +{ + EXPECT_DECLS; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_c2 = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c2, NULL, + wolfDTLSv1_2_client_method, NULL), 0); + ExpectFalse(wolfSSL_is_stateful(ssl_s)); + /* send CH */ + ExpectTrue((wolfSSL_connect(ssl_c2) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && + (ssl_c2->error == WC_NO_ERR_TRACE(WANT_READ))); + ExpectIntEQ(wolfDTLS_accept_stateless(ssl_s), WOLFSSL_FAILURE); + ExpectFalse(wolfSSL_is_stateful(ssl_s)); + ExpectIntNE(test_ctx.c_len, 0); + /* consume HRR */ + test_memio_clear_buffer(&test_ctx, 1); + /* send CH1 */ + ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR), + WOLFSSL_ERROR_WANT_READ); + /* send HRR */ + ExpectIntEQ(wolfDTLS_accept_stateless(ssl_s), WOLFSSL_FAILURE); + /* send CH2 */ + ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR), + WOLFSSL_ERROR_WANT_READ); + /* send HRR */ + ExpectIntEQ(wolfDTLS_accept_stateless(ssl_s), WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + ExpectTrue(wolfSSL_is_stateful(ssl_s)); + + wolfSSL_free(ssl_c2); + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + return EXPECT_RESULT(); +} + +#ifdef HAVE_MAX_FRAGMENT +static int test_wolfSSL_dtls_stateless_maxfrag(void) +{ + EXPECT_DECLS; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_c2 = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + word16 max_fragment = 0; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0); + ExpectNotNull(ssl_s); + ExpectNotNull(ssl_c2 = wolfSSL_new(ctx_c)); + ExpectIntEQ(wolfSSL_UseMaxFragment(ssl_c2, WOLFSSL_MFL_2_8), + WOLFSSL_SUCCESS); + wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx); + wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx); + if (EXPECT_SUCCESS()) { + max_fragment = ssl_s->max_fragment; + } + /* send CH */ + ExpectTrue((wolfSSL_connect(ssl_c2) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && + (ssl_c2->error == WC_NO_ERR_TRACE(WANT_READ))); + ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && + (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ))); + /* CH without cookie shouldn't change state */ + ExpectIntEQ(ssl_s->max_fragment, max_fragment); + ExpectIntNE(test_ctx.c_len, 0); + + /* consume HRR from buffer */ + test_memio_clear_buffer(&test_ctx, 1); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_c2); + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + return EXPECT_RESULT(); +} +#endif /* HAVE_MAX_FRAGMENT */ + +#if defined(WOLFSSL_DTLS_NO_HVR_ON_RESUME) +#define ROUNDS_WITH_HVR 4 +#define ROUNDS_WITHOUT_HVR 2 +#define HANDSHAKE_TYPE_OFFSET DTLS_RECORD_HEADER_SZ +static int buf_is_hvr(const byte *data, int len) +{ + if (len < DTLS_RECORD_HEADER_SZ + DTLS_HANDSHAKE_HEADER_SZ) + return 0; + return data[HANDSHAKE_TYPE_OFFSET] == hello_verify_request; +} + +static int _test_wolfSSL_dtls_stateless_resume(byte useticket, byte bad) +{ + EXPECT_DECLS; + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + WOLFSSL_SESSION *sess = NULL; + int round_trips; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, + &ssl_s, wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0); +#ifdef HAVE_SESSION_TICKET + if (useticket) { + ExpectIntEQ(wolfSSL_UseSessionTicket(ssl_c), WOLFSSL_SUCCESS); + } +#endif + round_trips = ROUNDS_WITH_HVR; + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, round_trips, + &round_trips), 0); + ExpectIntEQ(round_trips, ROUNDS_WITH_HVR); + ExpectNotNull(sess = wolfSSL_get1_session(ssl_c)); + wolfSSL_shutdown(ssl_c); + wolfSSL_shutdown(ssl_s); + wolfSSL_free(ssl_c); + ssl_c = NULL; + wolfSSL_free(ssl_s); + ssl_s = NULL; + + test_memio_clear_buffer(&test_ctx, 1); + test_memio_clear_buffer(&test_ctx, 0); + /* make resumption invalid */ + if (bad && (sess != NULL)) { + if (useticket) { +#ifdef HAVE_SESSION_TICKET + if (sess->ticket != NULL) { + sess->ticket[0] = !sess->ticket[0]; + } +#endif /* HAVE_SESSION_TICKET */ + } + else { + sess->sessionID[0] = !sess->sessionID[0]; + } + } + ExpectNotNull(ssl_c = wolfSSL_new(ctx_c)); + ExpectNotNull(ssl_s = wolfSSL_new(ctx_s)); + wolfSSL_SetIOWriteCtx(ssl_c, &test_ctx); + wolfSSL_SetIOReadCtx(ssl_c, &test_ctx); + wolfSSL_SetIOWriteCtx(ssl_s, &test_ctx); + wolfSSL_SetIOReadCtx(ssl_s, &test_ctx); + ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS); + ExpectTrue((wolfSSL_connect(ssl_c) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && + (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ))); + ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && + (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ))); + ExpectFalse(bad && !buf_is_hvr(test_ctx.c_buff, test_ctx.c_len)); + ExpectFalse(!bad && buf_is_hvr(test_ctx.c_buff, test_ctx.c_len)); + if (!useticket) { + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, &round_trips), 0); + ExpectFalse(bad && round_trips != ROUNDS_WITH_HVR - 1); + ExpectFalse(!bad && round_trips != ROUNDS_WITHOUT_HVR - 1); + } + wolfSSL_SESSION_free(sess); + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_dtls_stateless_resume(void) +{ + EXPECT_DECLS; +#ifdef HAVE_SESSION_TICKET + ExpectIntEQ(_test_wolfSSL_dtls_stateless_resume(1, 0), TEST_SUCCESS); + ExpectIntEQ(_test_wolfSSL_dtls_stateless_resume(1, 1), TEST_SUCCESS); +#endif /* HAVE_SESION_TICKET */ + ExpectIntEQ(_test_wolfSSL_dtls_stateless_resume(0, 0), TEST_SUCCESS); + ExpectIntEQ(_test_wolfSSL_dtls_stateless_resume(0, 1), TEST_SUCCESS); + return EXPECT_RESULT(); +} +#endif /* WOLFSSL_DTLS_NO_HVR_ON_RESUME */ + +#if !defined(NO_OLD_TLS) +static int test_wolfSSL_dtls_stateless_downgrade(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_c2 = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_c2 = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0); + ExpectIntEQ(wolfSSL_CTX_SetMinVersion(ctx_s, WOLFSSL_DTLSV1), + WOLFSSL_SUCCESS); + ExpectNotNull(ctx_c2 = wolfSSL_CTX_new(wolfDTLSv1_client_method())); + wolfSSL_SetIORecv(ctx_c2, test_memio_read_cb); + wolfSSL_SetIOSend(ctx_c2, test_memio_write_cb); + ExpectNotNull(ssl_c2 = wolfSSL_new(ctx_c2)); + wolfSSL_SetIOWriteCtx(ssl_c2, &test_ctx); + wolfSSL_SetIOReadCtx(ssl_c2, &test_ctx); + /* send CH */ + ExpectTrue((wolfSSL_connect(ssl_c2) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && + (ssl_c2->error == WC_NO_ERR_TRACE(WANT_READ))); + ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && + (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ))); + ExpectIntNE(test_ctx.c_len, 0); + /* consume HRR */ + test_memio_clear_buffer(&test_ctx, 1); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_c2); + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_c2); + wolfSSL_CTX_free(ctx_s); + + return EXPECT_RESULT(); +} +#endif /* !defined(NO_OLD_TLS) */ + +#endif /* defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER)*/ + +#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ + !defined(NO_OLD_TLS) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) +static int test_WOLFSSL_dtls_version_alert(void) +{ + EXPECT_DECLS; + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_2_client_method, wolfDTLSv1_server_method), 0); + + /* client hello */ + ExpectTrue((wolfSSL_connect(ssl_c) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && + (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ))); + /* hrr */ + ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && + (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ))); + /* client hello 1 */ + ExpectTrue((wolfSSL_connect(ssl_c) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && + (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ))); + /* server hello */ + ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && + (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ))); + /* should fail */ + ExpectTrue((wolfSSL_connect(ssl_c) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && + (ssl_c->error == WC_NO_ERR_TRACE(VERSION_ERROR))); + /* shuould fail */ + ExpectTrue((wolfSSL_accept(ssl_s) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && + (ssl_s->error == WC_NO_ERR_TRACE(VERSION_ERROR) || ssl_s->error == WC_NO_ERR_TRACE(FATAL_ERROR))); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + + return EXPECT_RESULT(); +} +#else +static int test_WOLFSSL_dtls_version_alert(void) +{ + return TEST_SKIPPED; +} +#endif /* defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && + * !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && + * !defined(NO_OLD_TLS) && !defined(NO_RSA) + */ + + +#if defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \ + && defined(WOLFSSL_TLS13) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)))\ + && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) +static int send_new_session_ticket(WOLFSSL *ssl, byte nonceLength, byte filler) +{ + struct test_memio_ctx *test_ctx; + byte buf[2048]; + int idx, sz; + word32 tmp; + int ret; + + idx = 5; /* space for record header */ + + buf[idx] = session_ticket; /* type */ + idx++; + + tmp = OPAQUE32_LEN + + OPAQUE32_LEN + + OPAQUE8_LEN + nonceLength + + OPAQUE16_LEN + OPAQUE8_LEN + OPAQUE16_LEN; + c32to24(tmp, buf + idx); + idx += OPAQUE24_LEN; + + c32toa((word32)12345, buf+idx); /* lifetime */ + idx += OPAQUE32_LEN; + c32toa((word32)12345, buf+idx); /* add */ + idx += OPAQUE32_LEN; + buf[idx] = nonceLength; /* nonce length */ + idx++; + XMEMSET(&buf[idx], filler, nonceLength); /* nonce */ + idx += nonceLength; + tmp = 1; /* ticket len */ + c16toa((word16)tmp, buf+idx); + idx += 2; + buf[idx] = 0xFF; /* ticket */ + idx++; + tmp = 0; /* ext len */ + c16toa((word16)tmp, buf+idx); + idx += 2; + + sz = BuildTls13Message(ssl, buf, 2048, buf+5, idx - 5, + handshake, 0, 0, 0); + AssertIntGT(sz, 0); + test_ctx = (struct test_memio_ctx*)wolfSSL_GetIOWriteCtx(ssl); + AssertNotNull(test_ctx); + ret = test_memio_write_cb(ssl, (char*)buf, sz, test_ctx); + return !(ret == sz); +} + +static int test_ticket_nonce_check(WOLFSSL_SESSION *sess, byte len) +{ + int ret = 0; + + if ((sess == NULL) || (sess->ticketNonce.len != len)) { + ret = -1; + } + else { + int i; + for (i = 0; i < len; i++) { + if (sess->ticketNonce.data[i] != len) { + ret = -1; + break; + } + } + } + + return ret; +} + +static int test_ticket_nonce_malloc_do(WOLFSSL *ssl_s, WOLFSSL *ssl_c, byte len) +{ + EXPECT_DECLS; + char *buf[1024]; + + ExpectIntEQ(send_new_session_ticket(ssl_s, len, len), 0); + ExpectTrue((wolfSSL_recv(ssl_c, buf, 1024, 0) == WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)) && + (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ))); + + ExpectIntEQ(test_ticket_nonce_check(ssl_c->session, len), 0); + + return EXPECT_RESULT(); +} + +static int test_ticket_nonce_cache(WOLFSSL *ssl_s, WOLFSSL *ssl_c, byte len) +{ + EXPECT_DECLS; + WOLFSSL_SESSION *sess = NULL; + WOLFSSL_SESSION *cached = NULL; + WOLFSSL_CTX *ctx = ssl_c->ctx; + + ExpectIntEQ(test_ticket_nonce_malloc_do(ssl_s, ssl_c, len), TEST_SUCCESS); + ExpectNotNull(sess = wolfSSL_get1_session(ssl_c)); + + ExpectIntEQ(AddSessionToCache(ctx, sess, sess->sessionID, sess->sessionIDSz, + NULL, ssl_c->options.side, 1,NULL), 0); + + ExpectNotNull(cached = wolfSSL_SESSION_new()); + + ExpectIntEQ(wolfSSL_GetSessionFromCache(ssl_c, cached), WOLFSSL_SUCCESS); + + ExpectIntEQ(test_ticket_nonce_check(cached, len), 0); + + wolfSSL_SESSION_free(cached); + wolfSSL_SESSION_free(sess); + + return EXPECT_RESULT(); +} + +static int test_ticket_nonce_malloc(void) +{ + EXPECT_DECLS; + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + byte small; + byte medium; + byte big; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0); + + /* will send ticket manually */ + ExpectIntEQ(wolfSSL_no_ticket_TLSv13(ssl_s), 0); + + wolfSSL_set_verify(ssl_s, WOLFSSL_VERIFY_NONE, 0); + wolfSSL_set_verify(ssl_c, WOLFSSL_VERIFY_NONE, 0); + + while (EXPECT_SUCCESS() && (ssl_c->options.handShakeDone == 0) && + (ssl_s->options.handShakeDone == 0)) { + ExpectTrue((wolfSSL_connect(ssl_c) == WOLFSSL_SUCCESS) || + (ssl_c->error == WC_NO_ERR_TRACE(WANT_READ))); + + ExpectTrue((wolfSSL_accept(ssl_s) == WOLFSSL_SUCCESS) || + (ssl_s->error == WC_NO_ERR_TRACE(WANT_READ))); + } + + small = TLS13_TICKET_NONCE_STATIC_SZ; +#if TLS13_TICKET_NONCE_STATIC_SZ + 20 <= 255 + medium = small + 20; +#else + medium = 255; +#endif +#if TLS13_TICKET_NONCE_STATIC_SZ + 20 + 20 <= 255 + big = small + 20; +#else + big = 255; +#endif + + ExpectIntEQ(test_ticket_nonce_malloc_do(ssl_s, ssl_c, small), TEST_SUCCESS); + ExpectPtrEq(ssl_c->session->ticketNonce.data, + ssl_c->session->ticketNonce.dataStatic); + ExpectIntEQ(test_ticket_nonce_malloc_do(ssl_s, ssl_c, medium), + TEST_SUCCESS); + ExpectIntEQ(test_ticket_nonce_malloc_do(ssl_s, ssl_c, big), TEST_SUCCESS); + ExpectIntEQ(test_ticket_nonce_malloc_do(ssl_s, ssl_c, medium), + TEST_SUCCESS); + ExpectIntEQ(test_ticket_nonce_malloc_do(ssl_s, ssl_c, small), TEST_SUCCESS); + ExpectIntEQ(test_ticket_nonce_cache(ssl_s, ssl_c, small), TEST_SUCCESS); + ExpectIntEQ(test_ticket_nonce_cache(ssl_s, ssl_c, medium), TEST_SUCCESS); + ExpectIntEQ(test_ticket_nonce_cache(ssl_s, ssl_c, big), TEST_SUCCESS); + ExpectIntEQ(test_ticket_nonce_cache(ssl_s, ssl_c, medium), TEST_SUCCESS); + ExpectIntEQ(test_ticket_nonce_cache(ssl_s, ssl_c, small), TEST_SUCCESS); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + + return EXPECT_RESULT(); +} + +#endif /* WOLFSSL_TICKET_NONCE_MALLOC */ + +#if defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_TLS12) && \ + !defined(WOLFSSL_TICKET_DECRYPT_NO_CREATE) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && !defined(NO_RSA) && \ + defined(HAVE_ECC) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) + +static int test_ticket_ret_create(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + byte ticket[SESSION_TICKET_LEN]; + struct test_memio_ctx test_ctx; + WOLFSSL_SESSION *sess = NULL; + word16 ticketLen = 0; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + wolfSSL_set_verify(ssl_s, WOLFSSL_VERIFY_NONE, 0); + wolfSSL_set_verify(ssl_c, WOLFSSL_VERIFY_NONE, 0); + ExpectIntEQ(wolfSSL_CTX_UseSessionTicket(ctx_c), WOLFSSL_SUCCESS); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + ExpectNotNull(sess = wolfSSL_get1_session(ssl_c)); + ExpectIntLE(sess->ticketLen, SESSION_TICKET_LEN); + if (sess != NULL) { + ticketLen = sess->ticketLen; + XMEMCPY(ticket, sess->ticket, sess->ticketLen); + } + wolfSSL_free(ssl_c); + ssl_c = NULL; + wolfSSL_free(ssl_s); + ssl_s = NULL; + + ExpectNotNull(ssl_s = wolfSSL_new(ctx_s)); + wolfSSL_SetIOWriteCtx(ssl_s, &test_ctx); + wolfSSL_SetIOReadCtx(ssl_s, &test_ctx); + ExpectNotNull(ssl_c = wolfSSL_new(ctx_c)); + wolfSSL_SetIOWriteCtx(ssl_c, &test_ctx); + wolfSSL_SetIOReadCtx(ssl_c, &test_ctx); + + ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + ExpectIntLE(ssl_c->session->ticketLen, SESSION_TICKET_LEN); + ExpectIntEQ(ssl_c->session->ticketLen, ticketLen); + ExpectTrue(XMEMCMP(ssl_c->session->ticket, ticket, ticketLen) != 0); + + wolfSSL_SESSION_free(sess); + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + + return EXPECT_RESULT(); +} +#else +static int test_ticket_ret_create(void) +{ + return TEST_SKIPPED; +} +#endif + +#if defined(WOLFSSL_TLS13) && !defined(NO_PSK) && \ + defined(HAVE_SESSION_TICKET) && defined(OPENSSL_EXTRA) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_AESGCM) && \ + !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \ + defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) +static void test_ticket_and_psk_mixing_on_result(WOLFSSL* ssl) +{ + int ret; + WOLFSSL_SESSION* session = NULL; + + AssertIntEQ(wolfSSL_get_current_cipher_suite(ssl), 0x1301); + if (!wolfSSL_is_server(ssl)) { + session = wolfSSL_SESSION_dup(wolfSSL_get_session(ssl)); + AssertNotNull(session); + } + do { + ret = wolfSSL_shutdown(ssl); + } while (ret == WOLFSSL_SHUTDOWN_NOT_DONE); + AssertIntEQ(wolfSSL_clear(ssl), WOLFSSL_SUCCESS); + wolfSSL_set_psk_callback_ctx(ssl, (void*)"TLS13-AES256-GCM-SHA384"); +#ifndef OPENSSL_COMPATIBLE_DEFAULTS + /* OpenSSL considers PSK to be verified. We error out with NO_PEER_CERT. */ + wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_NONE, NULL); +#endif + + if (!wolfSSL_is_server(ssl)) { + /* client */ + AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384:" + "TLS13-AES128-GCM-SHA256"), WOLFSSL_SUCCESS); + wolfSSL_set_session(ssl, session); + wolfSSL_SESSION_free(session); + wolfSSL_set_psk_client_tls13_callback(ssl, my_psk_client_tls13_cb); + AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); + } + else { + /* server */ + /* Different ciphersuite so that the ticket will be invalidated based on + * the ciphersuite */ + AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384"), + WOLFSSL_SUCCESS); + wolfSSL_set_psk_server_tls13_callback(ssl, my_psk_server_tls13_cb); + AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); + } +} + +static void test_ticket_and_psk_mixing_ssl_ready(WOLFSSL* ssl) +{ + AssertIntEQ(wolfSSL_UseSessionTicket(ssl), WOLFSSL_SUCCESS); + AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES128-GCM-SHA256"), + WOLFSSL_SUCCESS); +} + +static int test_ticket_and_psk_mixing(void) +{ + EXPECT_DECLS; + /* Test mixing tickets and regular PSK */ + callback_functions client_cbs, server_cbs; + + XMEMSET(&client_cbs, 0, sizeof(client_cbs)); + XMEMSET(&server_cbs, 0, sizeof(server_cbs)); + + client_cbs.method = wolfTLSv1_3_client_method; + server_cbs.method = wolfTLSv1_3_server_method; + + client_cbs.ssl_ready = test_ticket_and_psk_mixing_ssl_ready; + + client_cbs.on_result = test_ticket_and_psk_mixing_on_result; + server_cbs.on_result = test_ticket_and_psk_mixing_on_result; + + test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); + + ExpectIntEQ(client_cbs.return_code, TEST_SUCCESS); + ExpectIntEQ(server_cbs.return_code, TEST_SUCCESS); + + return EXPECT_RESULT(); +} +#else +static int test_ticket_and_psk_mixing(void) +{ + return TEST_SKIPPED; +} +#endif + +#if defined(WOLFSSL_TLS13) && !defined(NO_PSK) && defined(HAVE_SESSION_TICKET) \ + && defined(OPENSSL_EXTRA) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ + defined(HAVE_AESGCM) && !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \ + defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) +static int test_prioritize_psk_cb_called = FALSE; + +static unsigned int test_prioritize_psk_cb(WOLFSSL* ssl, + const char* identity, unsigned char* key, unsigned int key_max_len, + const char** ciphersuite) +{ + test_prioritize_psk_cb_called = TRUE; + return my_psk_server_tls13_cb(ssl, identity, key, key_max_len, ciphersuite); +} + +static void test_prioritize_psk_on_result(WOLFSSL* ssl) +{ + int ret; + WOLFSSL_SESSION* session = NULL; + AssertIntEQ(wolfSSL_get_current_cipher_suite(ssl), 0x1301); + if (!wolfSSL_is_server(ssl)) { + session = wolfSSL_SESSION_dup(wolfSSL_get_session(ssl)); + AssertNotNull(session); + } + do { + ret = wolfSSL_shutdown(ssl); + } while (ret == WOLFSSL_SHUTDOWN_NOT_DONE); + AssertIntEQ(wolfSSL_clear(ssl), WOLFSSL_SUCCESS); + wolfSSL_set_psk_callback_ctx(ssl, (void*)"TLS13-AES256-GCM-SHA384"); + /* Previous connection was made with TLS13-AES128-GCM-SHA256. Order is + * important. */ + AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384:" + "TLS13-AES128-GCM-SHA256"), WOLFSSL_SUCCESS); +#ifndef OPENSSL_COMPATIBLE_DEFAULTS + /* OpenSSL considers PSK to be verified. We error out with NO_PEER_CERT. */ + wolfSSL_set_verify(ssl, WOLFSSL_VERIFY_NONE, NULL); +#endif + + if (!wolfSSL_is_server(ssl)) { + /* client */ + wolfSSL_set_psk_client_tls13_callback(ssl, my_psk_client_tls13_cb); + wolfSSL_set_session(ssl, session); + wolfSSL_SESSION_free(session); + AssertIntEQ(wolfSSL_connect(ssl), WOLFSSL_SUCCESS); + } + else { + /* server */ + wolfSSL_set_psk_server_tls13_callback(ssl, test_prioritize_psk_cb); + AssertIntEQ(wolfSSL_accept(ssl), WOLFSSL_SUCCESS); +#ifdef WOLFSSL_PRIORITIZE_PSK + /* The ticket should be first tried with all ciphersuites and chosen */ + AssertFalse(test_prioritize_psk_cb_called); +#else + /* Ciphersuites should be tried with each PSK. This triggers the PSK + * callback that sets this var. */ + AssertTrue(test_prioritize_psk_cb_called); +#endif + } +} + +static void test_prioritize_psk_ssl_ready(WOLFSSL* ssl) +{ + if (!wolfSSL_is_server(ssl)) + AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES128-GCM-SHA256"), + WOLFSSL_SUCCESS); + else + AssertIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384:" + "TLS13-AES128-GCM-SHA256"), WOLFSSL_SUCCESS); +} + +static int test_prioritize_psk(void) +{ + EXPECT_DECLS; + /* We always send the ticket first. With WOLFSSL_PRIORITIZE_PSK the order + * of the PSK's will be followed instead of the ciphersuite. */ + callback_functions client_cbs, server_cbs; + + XMEMSET(&client_cbs, 0, sizeof(client_cbs)); + XMEMSET(&server_cbs, 0, sizeof(server_cbs)); + + client_cbs.method = wolfTLSv1_3_client_method; + server_cbs.method = wolfTLSv1_3_server_method; + + client_cbs.ssl_ready = test_prioritize_psk_ssl_ready; + server_cbs.ssl_ready = test_prioritize_psk_ssl_ready; + + client_cbs.on_result = test_prioritize_psk_on_result; + server_cbs.on_result = test_prioritize_psk_on_result; + + test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); + + ExpectIntEQ(client_cbs.return_code, TEST_SUCCESS); + ExpectIntEQ(server_cbs.return_code, TEST_SUCCESS); + + return EXPECT_RESULT(); +} +#else +static int test_prioritize_psk(void) +{ + return TEST_SKIPPED; +} +#endif + +#if defined(WOLFSSL_TLS13) && defined(OPENSSL_EXTRA) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_AESGCM) && \ + !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \ + !defined(WOLFSSL_NO_TLS12) +static int test_wolfSSL_CTX_set_ciphersuites_ctx_ready_server(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + ExpectTrue(SSL_CTX_set_cipher_list(ctx, "DEFAULT")); + /* Set TLS 1.3 specific suite */ + ExpectTrue(SSL_CTX_set_ciphersuites(ctx, "TLS13-AES128-GCM-SHA256")); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CTX_set_ciphersuites(void) +{ + EXPECT_DECLS; + /* Test using SSL_CTX_set_cipher_list and SSL_CTX_set_ciphersuites and then + * do a 1.2 connection. */ + test_ssl_cbf client_cbs, server_cbs; + + XMEMSET(&client_cbs, 0, sizeof(client_cbs)); + XMEMSET(&server_cbs, 0, sizeof(server_cbs)); + + client_cbs.method = wolfTLSv1_2_client_method; + server_cbs.method = wolfTLS_server_method; /* Allow downgrade */ + + server_cbs.ctx_ready = test_wolfSSL_CTX_set_ciphersuites_ctx_ready_server; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs, + &server_cbs, NULL), TEST_SUCCESS); + + return EXPECT_RESULT(); +} +#else +static int test_wolfSSL_CTX_set_ciphersuites(void) +{ + return TEST_SKIPPED; +} +#endif + +#if defined(HAVE_CRL) && defined(WOLFSSL_CHECK_ALERT_ON_ERR) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +static int test_wolfSSL_CRL_CERT_REVOKED_alert_ctx_ready(WOLFSSL_CTX* ctx) +{ + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); + return TEST_SUCCESS; +} + +static int test_wolfSSL_CRL_CERT_REVOKED_alert_on_cleanup(WOLFSSL* ssl) +{ + EXPECT_DECLS; + WOLFSSL_ALERT_HISTORY h; + ExpectIntEQ(wolfSSL_get_alert_history(ssl, &h), WOLFSSL_SUCCESS); + ExpectIntEQ(h.last_rx.level, alert_fatal); + ExpectIntEQ(h.last_rx.code, certificate_revoked); + return EXPECT_RESULT(); +} + +static int test_wolfSSL_CRL_CERT_REVOKED_alert(void) +{ + EXPECT_DECLS; + test_ssl_cbf client_cbs, server_cbs; + + XMEMSET(&client_cbs, 0, sizeof(client_cbs)); + XMEMSET(&server_cbs, 0, sizeof(server_cbs)); + + server_cbs.certPemFile = "./certs/server-revoked-cert.pem"; + server_cbs.keyPemFile = "./certs/server-revoked-key.pem"; + client_cbs.crlPemFile = "./certs/crl/crl.revoked"; + + client_cbs.ctx_ready = test_wolfSSL_CRL_CERT_REVOKED_alert_ctx_ready; + server_cbs.on_cleanup = test_wolfSSL_CRL_CERT_REVOKED_alert_on_cleanup; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs, + &server_cbs, NULL), -1001); + + return EXPECT_RESULT(); +} +#else +static int test_wolfSSL_CRL_CERT_REVOKED_alert(void) +{ + return TEST_SKIPPED; +} +#endif + +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) \ + && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_AESGCM) && \ + !defined(NO_SHA256) && defined(WOLFSSL_AES_128) && \ + defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) && \ + !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) + +static WOLFSSL_CTX* test_TLS_13_ticket_different_ciphers_ctx = NULL; +static WOLFSSL_SESSION* test_TLS_13_ticket_different_ciphers_session = NULL; +static int test_TLS_13_ticket_different_ciphers_run = 0; + +static int test_TLS_13_ticket_different_ciphers_ssl_ready(WOLFSSL* ssl) +{ + EXPECT_DECLS; + switch (test_TLS_13_ticket_different_ciphers_run) { + case 0: + /* First run */ + ExpectIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES128-GCM-SHA256"), + WOLFSSL_SUCCESS); + if (wolfSSL_is_server(ssl)) { + ExpectNotNull(test_TLS_13_ticket_different_ciphers_ctx = + wolfSSL_get_SSL_CTX(ssl)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_up_ref( + test_TLS_13_ticket_different_ciphers_ctx)); + } + break; + case 1: + /* Second run */ + ExpectIntEQ(wolfSSL_set_cipher_list(ssl, "TLS13-AES256-GCM-SHA384:" + "TLS13-AES128-GCM-SHA256"), + WOLFSSL_SUCCESS); + if (!wolfSSL_is_server(ssl)) { + ExpectIntEQ(wolfSSL_set_session(ssl, + test_TLS_13_ticket_different_ciphers_session), + WOLFSSL_SUCCESS); + } + break; + default: + /* Bad state? */ + Fail(("Should not enter here"), ("Should not enter here")); + } + + return EXPECT_RESULT(); +} + +static int test_TLS_13_ticket_different_ciphers_on_result(WOLFSSL* ssl) +{ + EXPECT_DECLS; + switch (test_TLS_13_ticket_different_ciphers_run) { + case 0: + /* First run */ + ExpectNotNull(test_TLS_13_ticket_different_ciphers_session = + wolfSSL_get1_session(ssl)); + break; + case 1: + /* Second run */ + ExpectTrue(wolfSSL_session_reused(ssl)); + break; + default: + /* Bad state? */ + Fail(("Should not enter here"), ("Should not enter here")); + } + return EXPECT_RESULT(); +} + +static int test_TLS_13_ticket_different_ciphers(void) +{ + EXPECT_DECLS; + /* Check that we handle the connection when the ticket doesn't match + * the first ciphersuite. */ + test_ssl_cbf client_cbs, server_cbs; + struct test_params { + method_provider client_meth; + method_provider server_meth; + int doUdp; + } params[] = { +#ifdef WOLFSSL_DTLS13 + /* Test that the stateless code handles sessions correctly */ + {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, 1}, +#endif + {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, 0}, + }; + size_t i; + + for (i = 0; i < sizeof(params)/sizeof(*params); i++) { + XMEMSET(&client_cbs, 0, sizeof(client_cbs)); + XMEMSET(&server_cbs, 0, sizeof(server_cbs)); + + test_TLS_13_ticket_different_ciphers_run = 0; + + client_cbs.doUdp = server_cbs.doUdp = params[i].doUdp; + + client_cbs.method = params[i].client_meth; + server_cbs.method = params[i].server_meth; + + client_cbs.ssl_ready = test_TLS_13_ticket_different_ciphers_ssl_ready; + server_cbs.ssl_ready = test_TLS_13_ticket_different_ciphers_ssl_ready; + + client_cbs.on_result = test_TLS_13_ticket_different_ciphers_on_result; + + server_cbs.ticNoInit = 1; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs, + &server_cbs, NULL), TEST_SUCCESS); + + test_TLS_13_ticket_different_ciphers_run++; + + server_cbs.ctx = test_TLS_13_ticket_different_ciphers_ctx; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs, + &server_cbs, NULL), TEST_SUCCESS); + + wolfSSL_SESSION_free(test_TLS_13_ticket_different_ciphers_session); + test_TLS_13_ticket_different_ciphers_session = NULL; + wolfSSL_CTX_free(test_TLS_13_ticket_different_ciphers_ctx); + test_TLS_13_ticket_different_ciphers_ctx = NULL; + } + + return EXPECT_RESULT(); +} +#else +static int test_TLS_13_ticket_different_ciphers(void) +{ + return TEST_SKIPPED; +} +#endif +#if defined(WOLFSSL_EXTRA_ALERTS) && !defined(WOLFSSL_NO_TLS12) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) + +#define TEST_WRONG_CS_CLIENT "DHE-RSA-AES128-SHA" +/* AKA TLS_DHE_RSA_WITH_AES_128_CBC_SHA */ + +byte test_extra_alerts_wrong_cs_sh[] = { + 0x16, 0x03, 0x03, 0x00, 0x56, 0x02, 0x00, 0x00, 0x52, 0x03, 0x03, 0xef, + 0x0c, 0x30, 0x98, 0xa2, 0xac, 0xfa, 0x68, 0xe9, 0x3e, 0xaa, 0x5c, 0xcf, + 0xa7, 0x42, 0x72, 0xaf, 0xa0, 0xe8, 0x39, 0x2b, 0x3e, 0x81, 0xa7, 0x7a, + 0xa5, 0x62, 0x8a, 0x0e, 0x41, 0xba, 0xda, 0x20, 0x18, 0x9f, 0xe1, 0x8c, + 0x1d, 0xc0, 0x37, 0x9c, 0xf4, 0x90, 0x5d, 0x8d, 0xa0, 0x79, 0xa7, 0x4b, + 0xa8, 0x79, 0xdf, 0xcd, 0x8d, 0xf5, 0xb5, 0x50, 0x5f, 0xf1, 0xdb, 0x4d, + 0xbb, 0x07, 0x54, 0x1c, + 0x00, 0x02, /* TLS_RSA_WITH_NULL_SHA */ + 0x00, 0x00, 0x0a, 0x00, 0x0b, 0x00, + 0x02, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00 +}; + +static int test_extra_alerts_wrong_cs(void) +{ + EXPECT_DECLS; +#ifdef BUILD_TLS_DHE_RSA_WITH_AES_128_CBC_SHA + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_ALERT_HISTORY h; + WOLFSSL *ssl_c = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL, + wolfTLSv1_2_client_method, NULL), 0); + + ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, TEST_WRONG_CS_CLIENT), + WOLFSSL_SUCCESS); + + /* CH */ + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + + /* consume CH */ + test_memio_clear_buffer(&test_ctx, 0); + /* inject SH */ + ExpectIntEQ(test_memio_inject_message(&test_ctx, 1, + (const char *)test_extra_alerts_wrong_cs_sh, + sizeof(test_extra_alerts_wrong_cs_sh)), 0); + + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS); + ExpectIntEQ(h.last_tx.code, handshake_failure); + ExpectIntEQ(h.last_tx.level, alert_fatal); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); +#endif + return EXPECT_RESULT(); +} +#else +static int test_extra_alerts_wrong_cs(void) +{ + return TEST_SKIPPED; +} +#endif + +#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_AES_256) + +#define TEST_CS_DOWNGRADE_CLIENT "ECDHE-RSA-AES256-GCM-SHA384" + +byte test_wrong_cs_downgrade_sh[] = { + 0x16, 0x03, 0x03, 0x00, 0x56, 0x02, 0x00, 0x00, 0x52, 0x03, 0x03, 0x10, + 0x2c, 0x88, 0xd9, 0x7a, 0x23, 0xc9, 0xbd, 0x11, 0x3b, 0x64, 0x24, 0xab, + 0x5b, 0x45, 0x33, 0xf6, 0x2c, 0x34, 0xe4, 0xcf, 0xf4, 0x78, 0xc8, 0x62, + 0x06, 0xc7, 0xe5, 0x30, 0x39, 0xbf, 0xa1, 0x20, 0xa3, 0x06, 0x74, 0xc3, + 0xa9, 0x74, 0x52, 0x8a, 0xfb, 0xae, 0xf0, 0xd8, 0x6f, 0xb2, 0x9d, 0xfe, + 0x78, 0xf0, 0x3f, 0x51, 0x8f, 0x9c, 0xcf, 0xbe, 0x61, 0x43, 0x9d, 0xf8, + 0x85, 0xe5, 0x2f, 0x54, + 0xc0, 0x2f, /* ECDHE-RSA-AES128-GCM-SHA256 */ + 0x00, 0x00, 0x0a, 0x00, 0x0b, 0x00, + 0x02, 0x01, 0x00, 0x00, 0x17, 0x00, 0x00 +}; + +static int test_wrong_cs_downgrade(void) +{ + EXPECT_DECLS; +#ifdef BUILD_TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL *ssl_c = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL, + wolfSSLv23_client_method, NULL), 0); + + ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, TEST_CS_DOWNGRADE_CLIENT), + WOLFSSL_SUCCESS); + + /* CH */ + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + + /* consume CH */ + test_memio_clear_buffer(&test_ctx, 0); + /* inject SH */ + ExpectIntEQ(test_memio_inject_message(&test_ctx, 1, + (const char *)test_wrong_cs_downgrade_sh, + sizeof(test_wrong_cs_downgrade_sh)), 0); + + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); +#ifdef OPENSSL_EXTRA + ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WC_NO_ERR_TRACE(WOLFSSL_ERROR_SYSCALL)); +#else + ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WC_NO_ERR_TRACE(MATCH_SUITE_ERROR)); +#endif /* OPENSSL_EXTRA */ + + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); +#endif + return EXPECT_RESULT(); +} +#else +static int test_wrong_cs_downgrade(void) +{ + return TEST_SKIPPED; +} +#endif + +#if !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_EXTRA_ALERTS) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_SP_MATH) + +static int test_remove_hs_msg_from_buffer(struct test_memio_ctx *test_ctx, byte type, + byte *found) +{ + const unsigned int _HANDSHAKE_HEADER_SZ = 4; + const unsigned int _RECORD_HEADER_SZ = 5; + const int _change_cipher_hs = 55; + const int _change_cipher = 20; + const int _handshake = 22; + unsigned int tail_len; + byte *idx; + int curr; + word8 currType; + word16 rLength; + word32 hLength; + + idx = test_ctx->c_buff; + tail_len = (unsigned int)test_ctx->c_len; + *found = 0; + while (tail_len > _RECORD_HEADER_SZ) { + curr = (int)(idx - test_ctx->c_buff); + currType = *idx; + ato16(idx + 3, &rLength); + idx += _RECORD_HEADER_SZ; + tail_len -= _RECORD_HEADER_SZ; + + if (tail_len < rLength) + return -1; + + if (type == _change_cipher_hs && currType == _change_cipher) { + if (rLength != 1) + return -1; + /* match */ + test_memio_remove_from_buffer(test_ctx, 1, curr, + _RECORD_HEADER_SZ + rLength); + *found = 1; + return 0; + } + + if (currType != _handshake) { + idx += rLength; + tail_len -= rLength; + continue; + } + + if (rLength < _HANDSHAKE_HEADER_SZ) + return -1; + currType = *idx; + ato24(idx+1, &hLength); + hLength += _HANDSHAKE_HEADER_SZ; + if (tail_len < hLength) + return -1; + if (currType != type) { + idx += hLength; + tail_len -= hLength; + continue; + } + + /* match */ + test_memio_remove_from_buffer(test_ctx, 1, curr, + hLength + _RECORD_HEADER_SZ); + *found = 1; + return 0; + } + + /* not found */ + return 0; +} + +static int test_remove_hs_message(byte hs_message_type, + int extra_round, byte alert_type) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + WOLFSSL_ALERT_HISTORY h; + byte found = 0; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + + ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + + if (extra_round) { + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + + /* this will complete handshake from server side */ + ExpectIntEQ(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS); + } + + ExpectIntEQ(test_remove_hs_msg_from_buffer(&test_ctx, hs_message_type, &found), 0); + + if (!found) { + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + return TEST_SKIPPED; + } + + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS); + ExpectTrue(alert_type == 0xff || h.last_tx.code == alert_type); + ExpectIntEQ(h.last_tx.level, alert_fatal); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + + return EXPECT_RESULT(); +} + +static int test_extra_alerts_skip_hs(void) +{ + EXPECT_DECLS; + const byte _server_key_exchange = 12; + const byte _server_hello = 2; + const byte _certificate = 11; + + /* server_hello */ + ExpectIntNE(test_remove_hs_message(_server_hello, 0, + unexpected_message), TEST_FAIL); + ExpectIntNE(test_remove_hs_message(_certificate, 0, + 0xff), TEST_FAIL); + ExpectIntNE(test_remove_hs_message(_server_key_exchange, 0, + unexpected_message), TEST_FAIL); + + return EXPECT_RESULT(); +} +#else +static int test_extra_alerts_skip_hs(void) +{ + return TEST_SKIPPED; +} +#endif + +#if !defined(WOLFSSL_NO_TLS12) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\ + && defined(WOLFSSL_EXTRA_ALERTS) && !defined(NO_PSK) && !defined(NO_DH) + +static unsigned int test_server_psk_cb(WOLFSSL* ssl, const char* id, + unsigned char* key, unsigned int key_max_len) +{ + (void)ssl; + (void)id; + (void)key_max_len; + /* zero means error */ + key[0] = 0x10; + return 1; +} + +static int test_extra_alerts_bad_psk(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + WOLFSSL_ALERT_HISTORY h; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + + ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, "DHE-PSK-AES128-GCM-SHA256"), + WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_set_cipher_list(ssl_s, "DHE-PSK-AES128-GCM-SHA256"), + WOLFSSL_SUCCESS); + + wolfSSL_set_psk_server_callback(ssl_s, test_server_psk_cb); + + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + + ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntNE(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS); + ExpectIntEQ(h.last_tx.code, handshake_failure); + ExpectIntEQ(h.last_tx.level, alert_fatal); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + + return EXPECT_RESULT(); +} +#else +static int test_extra_alerts_bad_psk(void) +{ + return TEST_SKIPPED; +} +#endif + +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12) +static int test_multiple_shutdown_nonblocking(void) +{ + EXPECT_DECLS; + size_t size_of_last_packet = 0; + int dummy_recv_buffer; + + /* declare wolfSSL objects */ + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Create and initialize WOLFSSL_CTX and WOLFSSL objects */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + + ExpectNotNull(ctx_c); + ExpectNotNull(ssl_c); + ExpectNotNull(ctx_s); + ExpectNotNull(ssl_s); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* buffers should be empty now */ + ExpectIntEQ(test_ctx.c_len, 0); + ExpectIntEQ(test_ctx.s_len, 0); + ExpectIntEQ(ssl_c->buffers.outputBuffer.length, 0); + + test_memio_simulate_want_write(&test_ctx, 1, 1); + + /* + * We call wolfSSL_shutdown multiple times to to check that it doesn't add + * the CLOSE_NOTIFY packet multiple times on the output buffer. + * */ + ExpectIntEQ(wolfSSL_shutdown(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, 0), WOLFSSL_ERROR_WANT_WRITE); + + /* store the size of the packet */ + if (ssl_c != NULL) { + size_of_last_packet = ssl_c->buffers.outputBuffer.length; + } + + /* invoke it multiple times shouldn't change the wolfssl internal output buffer size */ + ExpectIntEQ(wolfSSL_shutdown(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, 0), WOLFSSL_ERROR_WANT_WRITE); + ExpectIntEQ(wolfSSL_shutdown(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, 0), WOLFSSL_ERROR_WANT_WRITE); + + ExpectIntEQ(ssl_c->buffers.outputBuffer.length, size_of_last_packet); + + /* now send the CLOSE_NOTIFY to the server for real, expecting shutdown not done */ + test_memio_simulate_want_write(&test_ctx, 1, 0); + ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE); + + /* output buffer should be empty and socket buffer should contain the message */ + ExpectIntEQ(ssl_c->buffers.outputBuffer.length, 0); + ExpectIntEQ(test_ctx.s_len, size_of_last_packet); + + + /* this should try to read from the socket */ + ExpectIntEQ(wolfSSL_shutdown(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + /* complete the bidirectional shutdown */ + + /* check that server received the shutdown alert */ + ExpectIntEQ(wolfSSL_recv(ssl_s, &dummy_recv_buffer, 0, 0), 0); + ExpectIntEQ(wolfSSL_get_error(ssl_s, 0), WOLFSSL_ERROR_ZERO_RETURN); + + /* send the shutdown from the server side */ + ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SUCCESS); + + /* This should return success and zero return */ + ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, 0), WOLFSSL_ERROR_ZERO_RETURN); + + /* Cleanup and return */ + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_s); + wolfSSL_free(ssl_s); + + return EXPECT_RESULT(); +} +#else +static int test_multiple_shutdown_nonblocking(void) +{ + return TEST_SKIPPED; +} +#endif + +#if defined(WOLFSSL_HARDEN_TLS) && !defined(WOLFSSL_NO_TLS12) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) +static int test_harden_no_secure_renegotiation_io_cb(WOLFSSL *ssl, char *buf, + int sz, void *ctx) +{ + static int sentServerHello = FALSE; + + if (!sentServerHello) { + byte renegExt[] = { 0xFF, 0x01, 0x00, 0x01, 0x00 }; + size_t i; + + if (sz < (int)sizeof(renegExt)) + return WOLFSSL_CBIO_ERR_GENERAL; + + /* Remove SCR from ServerHello */ + for (i = 0; i < sz - sizeof(renegExt); i++) { + if (XMEMCMP(buf + i, renegExt, sizeof(renegExt)) == 0) { + /* Found the extension. Change it to something unrecognized. */ + buf[i+1] = 0x11; + break; + } + } + sentServerHello = TRUE; + } + + return EmbedSend(ssl, buf, sz, ctx); +} + +static void test_harden_no_secure_renegotiation_ssl_ready(WOLFSSL* ssl) +{ + wolfSSL_SSLSetIOSend(ssl, test_harden_no_secure_renegotiation_io_cb); +} + +static void test_harden_no_secure_renegotiation_on_cleanup(WOLFSSL* ssl) +{ + WOLFSSL_ALERT_HISTORY h; + AssertIntEQ(wolfSSL_get_alert_history(ssl, &h), WOLFSSL_SUCCESS); + AssertIntEQ(h.last_rx.code, handshake_failure); + AssertIntEQ(h.last_rx.level, alert_fatal); +} + +static int test_harden_no_secure_renegotiation(void) +{ + EXPECT_DECLS; + callback_functions client_cbs, server_cbs; + + XMEMSET(&client_cbs, 0, sizeof(client_cbs)); + XMEMSET(&server_cbs, 0, sizeof(server_cbs)); + + client_cbs.method = wolfTLSv1_2_client_method; + server_cbs.method = wolfTLSv1_2_server_method; + + server_cbs.ssl_ready = test_harden_no_secure_renegotiation_ssl_ready; + server_cbs.on_cleanup = test_harden_no_secure_renegotiation_on_cleanup; + test_wolfSSL_client_server_nofail(&client_cbs, &server_cbs); + + ExpectIntEQ(client_cbs.return_code, TEST_FAIL); + ExpectIntEQ(client_cbs.last_err, WC_NO_ERR_TRACE(SECURE_RENEGOTIATION_E)); + ExpectIntEQ(server_cbs.return_code, TEST_FAIL); + ExpectTrue(server_cbs.last_err == WC_NO_ERR_TRACE(SOCKET_ERROR_E) || + server_cbs.last_err == WC_NO_ERR_TRACE(FATAL_ERROR)); + + return EXPECT_RESULT(); +} +#else +static int test_harden_no_secure_renegotiation(void) +{ + return TEST_SKIPPED; +} +#endif + +#if defined(HAVE_OCSP) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) +static int test_override_alt_cert_chain_cert_cb(int preverify, + WOLFSSL_X509_STORE_CTX* store) +{ + fprintf(stderr, "preverify: %d\n", preverify); + fprintf(stderr, "store->error: %d\n", store->error); + fprintf(stderr, "error reason: %s\n", wolfSSL_ERR_reason_error_string(store->error)); + if (store->error == WC_NO_ERR_TRACE(OCSP_INVALID_STATUS)) { + fprintf(stderr, "Overriding OCSP error\n"); + return 1; + } +#ifndef WOLFSSL_ALT_CERT_CHAINS + else if ((store->error == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) || + store->error == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) + || store->error == WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY +#endif + ) && store->error_depth == store->totalCerts - 1) { + fprintf(stderr, "Overriding no signer error only for root cert\n"); + return 1; + } +#endif + else + return preverify; +} + +static int test_override_alt_cert_chain_ocsp_cb(void* ioCtx, const char* url, + int urlSz, unsigned char* request, int requestSz, + unsigned char** response) +{ + (void)ioCtx; + (void)url; + (void)urlSz; + (void)request; + (void)requestSz; + (void)response; + return WOLFSSL_CBIO_ERR_GENERAL; +} + +static int test_override_alt_cert_chain_client_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, + test_override_alt_cert_chain_cert_cb); + ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL | + WOLFSSL_OCSP_URL_OVERRIDE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_SetOCSP_Cb(ctx, + test_override_alt_cert_chain_ocsp_cb, NULL, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_SetOCSP_OverrideURL(ctx, "not a url"), + WOLFSSL_SUCCESS); + return EXPECT_RESULT(); +} + +static int test_override_alt_cert_chain_client_ctx_ready2(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, NULL); + ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx, WOLFSSL_OCSP_CHECKALL | + WOLFSSL_OCSP_URL_OVERRIDE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_SetOCSP_Cb(ctx, + test_override_alt_cert_chain_ocsp_cb, NULL, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_SetOCSP_OverrideURL(ctx, "not a url"), + WOLFSSL_SUCCESS); + return EXPECT_RESULT(); +} + +static int test_override_alt_cert_chain_server_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + ExpectIntEQ(wolfSSL_CTX_use_certificate_chain_file(ctx, + "./certs/intermediate/server-chain-alt.pem"), WOLFSSL_SUCCESS); + return EXPECT_RESULT(); +} + +static int test_override_alt_cert_chain(void) +{ + EXPECT_DECLS; + size_t i; + struct test_params { + ctx_cb client_ctx_cb; + ctx_cb server_ctx_cb; + int result; + } params[] = { + {test_override_alt_cert_chain_client_ctx_ready, + test_override_alt_cert_chain_server_ctx_ready, TEST_SUCCESS}, + {test_override_alt_cert_chain_client_ctx_ready2, + test_override_alt_cert_chain_server_ctx_ready, -1001}, + }; + + for (i = 0; i < sizeof(params)/sizeof(*params); i++) { + test_ssl_cbf client_cbs, server_cbs; + XMEMSET(&client_cbs, 0, sizeof(client_cbs)); + XMEMSET(&server_cbs, 0, sizeof(server_cbs)); + + fprintf(stderr, "test config: %d\n", (int)i); + + client_cbs.ctx_ready = params[i].client_ctx_cb; + server_cbs.ctx_ready = params[i].server_ctx_cb; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbs, + &server_cbs, NULL), params[i].result); + + ExpectIntEQ(client_cbs.return_code, + params[i].result <= 0 ? -1000 : TEST_SUCCESS); + ExpectIntEQ(server_cbs.return_code, + params[i].result <= 0 ? -1000 : TEST_SUCCESS); + } + + return EXPECT_RESULT(); +} +#else +static int test_override_alt_cert_chain(void) +{ + return TEST_SKIPPED; +} +#endif + +static int test_rpk_set_xxx_cert_type(void) +{ + EXPECT_DECLS; +#if defined(HAVE_RPK) && !defined(NO_TLS) + + char ctype[MAX_CLIENT_CERT_TYPE_CNT + 1]; /* prepare bigger buffer */ + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + int tp; + + ctx = wolfSSL_CTX_new(wolfTLS_client_method()); + ExpectNotNull(ctx); + + ssl = wolfSSL_new(ctx); + ExpectNotNull(ssl); + + XMEMSET(ctype, 0, sizeof(ctype)); + /*--------------------------------------------*/ + /* tests for wolfSSL_CTX_set_client_cert_type */ + /*--------------------------------------------*/ + + /* illegal parameter test caces */ + ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(NULL, ctype, + MAX_CLIENT_CERT_TYPE_CNT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype, + sizeof(ctype)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ctype[0] = WOLFSSL_CERT_TYPE_RPK; /* set an identical cert type */ + ctype[1] = WOLFSSL_CERT_TYPE_RPK; + + ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype, + MAX_CLIENT_CERT_TYPE_CNT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ctype[0] = WOLFSSL_CERT_TYPE_X509; + ctype[1] = 10; /* set unknown cert type */ + + ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype, + MAX_CLIENT_CERT_TYPE_CNT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* pass larger type count */ + ctype[0] = WOLFSSL_CERT_TYPE_RPK; + ctype[1] = WOLFSSL_CERT_TYPE_X509; + ctype[2] = 1; /* pass unacceptable type count */ + + ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype, + MAX_CLIENT_CERT_TYPE_CNT + 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* should accept NULL for type buffer */ + ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, NULL, + MAX_CLIENT_CERT_TYPE_CNT), + WOLFSSL_SUCCESS); + + /* should accept zero for type count */ + ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype, + 0), + WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CTX_set_client_cert_type(ctx, ctype, + MAX_CLIENT_CERT_TYPE_CNT), + WOLFSSL_SUCCESS); + + /*--------------------------------------------*/ + /* tests for wolfSSL_CTX_set_server_cert_type */ + /*--------------------------------------------*/ + + ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(NULL, ctype, + MAX_SERVER_CERT_TYPE_CNT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype, + sizeof(ctype)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ctype[0] = WOLFSSL_CERT_TYPE_RPK; /* set an identical cert type */ + ctype[1] = WOLFSSL_CERT_TYPE_RPK; + + ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype, + MAX_SERVER_CERT_TYPE_CNT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ctype[0] = WOLFSSL_CERT_TYPE_X509; + ctype[1] = 10; /* set unknown cert type */ + + ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype, + MAX_SERVER_CERT_TYPE_CNT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* pass larger type count */ + ctype[0] = WOLFSSL_CERT_TYPE_RPK; + ctype[1] = WOLFSSL_CERT_TYPE_X509; + ctype[2] = 1; /* pass unacceptable type count */ + + ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype, + MAX_SERVER_CERT_TYPE_CNT + 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* should accept NULL for type buffer */ + ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, NULL, + MAX_SERVER_CERT_TYPE_CNT), + WOLFSSL_SUCCESS); + + /* should accept zero for type count */ + ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype, + 0), + WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_CTX_set_server_cert_type(ctx, ctype, + MAX_CLIENT_CERT_TYPE_CNT), + WOLFSSL_SUCCESS); + + /*--------------------------------------------*/ + /* tests for wolfSSL_set_client_cert_type */ + /*--------------------------------------------*/ + + ExpectIntEQ(wolfSSL_set_client_cert_type(NULL, ctype, + MAX_CLIENT_CERT_TYPE_CNT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype, + sizeof(ctype)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ctype[0] = WOLFSSL_CERT_TYPE_RPK; /* set an identical cert type */ + ctype[1] = WOLFSSL_CERT_TYPE_RPK; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype, + MAX_CLIENT_CERT_TYPE_CNT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ctype[0] = WOLFSSL_CERT_TYPE_X509; + ctype[1] = 10; /* set unknown cert type */ + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype, + MAX_CLIENT_CERT_TYPE_CNT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* pass larger type count */ + ctype[0] = WOLFSSL_CERT_TYPE_RPK; + ctype[1] = WOLFSSL_CERT_TYPE_X509; + ctype[2] = 1; /* pass unacceptable type count */ + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype, + MAX_CLIENT_CERT_TYPE_CNT + 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* should accept NULL for type buffer */ + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, NULL, + MAX_CLIENT_CERT_TYPE_CNT), + WOLFSSL_SUCCESS); + + /* should accept zero for type count */ + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype, + 0), + WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl, ctype, + MAX_CLIENT_CERT_TYPE_CNT), + WOLFSSL_SUCCESS); + + /*--------------------------------------------*/ + /* tests for wolfSSL_CTX_set_server_cert_type */ + /*--------------------------------------------*/ + + ExpectIntEQ(wolfSSL_set_server_cert_type(NULL, ctype, + MAX_SERVER_CERT_TYPE_CNT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype, + sizeof(ctype)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ctype[0] = WOLFSSL_CERT_TYPE_RPK; /* set an identical cert type */ + ctype[1] = WOLFSSL_CERT_TYPE_RPK; + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype, + MAX_SERVER_CERT_TYPE_CNT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ctype[0] = WOLFSSL_CERT_TYPE_X509; + ctype[1] = 10; /* set unknown cert type */ + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype, + MAX_SERVER_CERT_TYPE_CNT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* pass larger type count */ + ctype[0] = WOLFSSL_CERT_TYPE_RPK; + ctype[1] = WOLFSSL_CERT_TYPE_X509; + ctype[2] = 1; /* pass unacceptable type count */ + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype, + MAX_SERVER_CERT_TYPE_CNT + 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* should accept NULL for type buffer */ + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, NULL, + MAX_SERVER_CERT_TYPE_CNT), + WOLFSSL_SUCCESS); + + /* should accept zero for type count */ + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype, + 0), + WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl, ctype, + MAX_SERVER_CERT_TYPE_CNT), + WOLFSSL_SUCCESS); + + /*------------------------------------------------*/ + /* tests for wolfSSL_get_negotiated_xxx_cert_type */ + /*------------------------------------------------*/ + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(NULL, &tp), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(NULL, &tp), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + + /* clean up */ + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + +#endif + return EXPECT_RESULT(); +} + +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) + + +static int test_dtls13_bad_epoch_ch(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + const int EPOCH_OFF = 3; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0); + + /* disable hrr cookie so we can later check msgsReceived.got_client_hello + * with just one message */ + ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS); + + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + + ExpectIntGE(test_ctx.s_len, EPOCH_OFF + 2); + + /* first CH should use epoch 0x0 */ + ExpectTrue((test_ctx.s_buff[EPOCH_OFF] == 0x0) && + (test_ctx.s_buff[EPOCH_OFF + 1] == 0x0)); + + /* change epoch to 2 */ + test_ctx.s_buff[EPOCH_OFF + 1] = 0x2; + + ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + + ExpectIntNE(ssl_s->msgsReceived.got_client_hello, 1); + + /* resend the CH */ + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + + return EXPECT_RESULT(); +} +#else +static int test_dtls13_bad_epoch_ch(void) +{ + return TEST_SKIPPED; +} +#endif + +#if ((defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ + defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TICKET_HAVE_ID) && \ + !defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT)) || \ + (!defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \ + !defined(NO_DES3))) || !defined(WOLFSSL_NO_TLS12)) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(NO_SESSION_CACHE) && !defined(NO_SHA256) +static int test_short_session_id_ssl_ready(WOLFSSL* ssl) +{ + EXPECT_DECLS; + WOLFSSL_SESSION *sess = NULL; + /* Setup the session to avoid errors */ + ssl->session->timeout = (word32)-1; + ssl->session->side = WOLFSSL_CLIENT_END; +#if defined(SESSION_CERTS) || (defined(WOLFSSL_TLS13) && \ + defined(HAVE_SESSION_TICKET)) + ssl->session->version = ssl->version; +#endif + /* Force a short session ID to be sent */ + ssl->session->sessionIDSz = 4; +#ifndef NO_SESSION_CACHE_REF + /* Allow the client cache to be used */ + ssl->session->idLen = 4; +#endif + ssl->session->isSetup = 1; + ExpectNotNull(sess = wolfSSL_get_session(ssl)); + ExpectIntEQ(wolfSSL_set_session(ssl, sess), WOLFSSL_SUCCESS); + return EXPECT_RESULT(); +} + +static int test_short_session_id(void) +{ + EXPECT_DECLS; + test_ssl_cbf client_cbf; + test_ssl_cbf server_cbf; + size_t i; + struct { + method_provider client_meth; + method_provider server_meth; + const char* tls_version; + } params[] = { +#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) && \ + defined(HAVE_SESSION_TICKET) && defined(WOLFSSL_TICKET_HAVE_ID) && \ + !defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) +/* With WOLFSSL_TLS13_MIDDLEBOX_COMPAT a short ID will result in an error */ + { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLSv1_3" }, +#ifdef WOLFSSL_DTLS13 + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLSv1_3" }, +#endif +#endif +#ifndef WOLFSSL_NO_TLS12 + { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2" }, +#ifdef WOLFSSL_DTLS + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2" }, +#endif +#endif +#if !defined(NO_OLD_TLS) && ((!defined(NO_AES) && !defined(NO_AES_CBC)) || \ + !defined(NO_DES3)) + { wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLSv1_1" }, +#ifdef WOLFSSL_DTLS + { wolfDTLSv1_client_method, wolfDTLSv1_server_method, "DTLSv1_0" }, +#endif +#endif + }; + + fprintf(stderr, "\n"); + + for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) { + XMEMSET(&client_cbf, 0, sizeof(client_cbf)); + XMEMSET(&server_cbf, 0, sizeof(server_cbf)); + + fprintf(stderr, "\tTesting short ID with %s\n", params[i].tls_version); + + client_cbf.ssl_ready = test_short_session_id_ssl_ready; + client_cbf.method = params[i].client_meth; + server_cbf.method = params[i].server_meth; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, + &server_cbf, NULL), TEST_SUCCESS); + } + return EXPECT_RESULT(); +} +#else +static int test_short_session_id(void) +{ + return TEST_SKIPPED; +} +#endif + +#if defined(HAVE_NULL_CIPHER) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) \ + && defined(WOLFSSL_DTLS13) +static byte* test_find_string(const char *string, + byte *buf, int buf_size) +{ + int string_size, i; + + string_size = (int)XSTRLEN(string); + for (i = 0; i < buf_size - string_size - 1; i++) { + if (XSTRCMP((char*)&buf[i], string) == 0) + return &buf[i]; + } + return NULL; +} + +static int test_wolfSSL_dtls13_null_cipher(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + const char *test_str = "test"; + int test_str_size; + byte buf[255], *ptr = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + test_ctx.c_ciphers = test_ctx.s_ciphers = "TLS13-SHA256-SHA256"; + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + test_str_size = XSTRLEN("test") + 1; + ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size); + ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), test_str_size); + ExpectIntEQ(XSTRCMP((char*)buf, test_str), 0); + + ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size); + + /* check that the packet was sent cleartext */ + ExpectNotNull(ptr = test_find_string(test_str, test_ctx.s_buff, + test_ctx.s_len)); + if (ptr != NULL) { + /* modify the message */ + *ptr = 'H'; + /* bad messages should be ignored in DTLS */ + ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), -1); + ExpectIntEQ(ssl_s->error, WC_NO_ERR_TRACE(WANT_READ)); + } + + ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE); + ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE); + ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1); + ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + return TEST_SUCCESS; +} +#else +static int test_wolfSSL_dtls13_null_cipher(void) +{ + return TEST_SKIPPED; +} +#endif +#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(SINGLE_THREADED) && !defined(NO_RSA) + +static int test_dtls_msg_get_connected_port(int fd, word16 *port) +{ + SOCKADDR_S peer; + XSOCKLENT len; + int ret; + + XMEMSET((byte*)&peer, 0, sizeof(peer)); + len = sizeof(peer); + ret = getpeername(fd, (SOCKADDR*)&peer, &len); + if (ret != 0 || len > (XSOCKLENT)sizeof(peer)) + return -1; + switch (peer.ss_family) { +#ifdef WOLFSSL_IPV6 + case WOLFSSL_IP6: { + *port = ntohs(((SOCKADDR_IN6*)&peer)->sin6_port); + break; + } +#endif /* WOLFSSL_IPV6 */ + case WOLFSSL_IP4: + *port = ntohs(((SOCKADDR_IN*)&peer)->sin_port); + break; + default: + return -1; + } + return 0; +} + +static int test_dtls_msg_from_other_peer_cb(WOLFSSL_CTX *ctx, WOLFSSL *ssl) +{ + char buf[1] = {'t'}; + SOCKADDR_IN_T addr; + int sock_fd; + word16 port; + int err; + + (void)ssl; + (void)ctx; + + if (ssl == NULL) + return -1; + + err = test_dtls_msg_get_connected_port(wolfSSL_get_fd(ssl), &port); + if (err != 0) + return -1; + + sock_fd = socket(AF_INET_V, SOCK_DGRAM, 0); + if (sock_fd == -1) + return -1; + build_addr(&addr, wolfSSLIP, port, 1, 0); + + /* send a packet to the server. Being another socket, the kernel will ensure + * the source port will be different. */ + err = (int)sendto(sock_fd, buf, sizeof(buf), 0, (SOCKADDR*)&addr, + sizeof(addr)); + + close(sock_fd); + if (err == -1) + return -1; + + return 0; +} + +/* setup a SSL session but just after the handshake send a packet to the server + * with a source address different than the one of the connected client. The I/O + * callback EmbedRecvFrom should just ignore the packet. Sending of the packet + * is done in test_dtls_msg_from_other_peer_cb */ +static int test_dtls_msg_from_other_peer(void) +{ + EXPECT_DECLS; + callback_functions client_cbs; + callback_functions server_cbs; + + XMEMSET((byte*)&client_cbs, 0, sizeof(client_cbs)); + XMEMSET((byte*)&server_cbs, 0, sizeof(server_cbs)); + + client_cbs.method = wolfDTLSv1_2_client_method; + server_cbs.method = wolfDTLSv1_2_server_method; + client_cbs.doUdp = 1; + server_cbs.doUdp = 1; + + test_wolfSSL_client_server_nofail_ex(&client_cbs, &server_cbs, + test_dtls_msg_from_other_peer_cb); + + ExpectIntEQ(client_cbs.return_code, WOLFSSL_SUCCESS); + ExpectIntEQ(server_cbs.return_code, WOLFSSL_SUCCESS); + + return EXPECT_RESULT(); +} +#else +static int test_dtls_msg_from_other_peer(void) +{ + return TEST_SKIPPED; +} +#endif /* defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ + * !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + * !defined(SINGLE_THREADED) && !defined(NO_RSA) */ +#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_IPV6) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12) \ + && !defined(USE_WINDOWS_API) +static int test_dtls_ipv6_check(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + SOCKADDR_IN fake_addr6; + int sockfd = -1; + + ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfDTLSv1_2_client_method())); + ExpectNotNull(ssl_c = wolfSSL_new(ctx_c)); + ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfDTLSv1_2_server_method())); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectNotNull(ssl_s = wolfSSL_new(ctx_s)); + XMEMSET((byte*)&fake_addr6, 0, sizeof(fake_addr6)); + /* mimic a sockaddr_in6 struct, this way we can't test without + * WOLFSSL_IPV6 */ + fake_addr6.sin_family = WOLFSSL_IP6; + ExpectIntNE(sockfd = socket(AF_INET, SOCK_DGRAM, 0), -1); + ExpectIntEQ(wolfSSL_set_fd(ssl_c, sockfd), WOLFSSL_SUCCESS); + /* can't return error here, as the peer is opaque for wolfssl library at + * this point */ + ExpectIntEQ(wolfSSL_dtls_set_peer(ssl_c, &fake_addr6, sizeof(fake_addr6)), + WOLFSSL_SUCCESS); + ExpectIntNE(fcntl(sockfd, F_SETFL, O_NONBLOCK), -1); + wolfSSL_dtls_set_using_nonblock(ssl_c, 1); + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(ssl_c->error, WC_NO_ERR_TRACE(SOCKET_ERROR_E)); + + ExpectIntEQ(wolfSSL_dtls_set_peer(ssl_s, &fake_addr6, sizeof(fake_addr6)), + WOLFSSL_SUCCESS); + /* reuse the socket */ + ExpectIntEQ(wolfSSL_set_fd(ssl_c, sockfd), WOLFSSL_SUCCESS); + wolfSSL_dtls_set_using_nonblock(ssl_s, 1); + ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS); + ExpectIntEQ(ssl_s->error, WC_NO_ERR_TRACE(SOCKET_ERROR_E)); + if (sockfd != -1) + close(sockfd); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + return EXPECT_RESULT(); +} +#else +static int test_dtls_ipv6_check(void) +{ + return TEST_SKIPPED; +} +#endif + +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_SECURE_RENEGOTIATION) + +static WOLFSSL_SESSION* test_wolfSSL_SCR_after_resumption_session = NULL; + +static void test_wolfSSL_SCR_after_resumption_ctx_ready(WOLFSSL_CTX* ctx) +{ + AssertIntEQ(wolfSSL_CTX_UseSecureRenegotiation(ctx), WOLFSSL_SUCCESS); +} + +static void test_wolfSSL_SCR_after_resumption_on_result(WOLFSSL* ssl) +{ + if (test_wolfSSL_SCR_after_resumption_session == NULL) { + test_wolfSSL_SCR_after_resumption_session = wolfSSL_get1_session(ssl); + AssertNotNull(test_wolfSSL_SCR_after_resumption_session); + } + else { + char testMsg[] = "Message after SCR"; + char msgBuf[sizeof(testMsg)]; + int ret; + if (!wolfSSL_is_server(ssl)) { + AssertIntEQ(WOLFSSL_SUCCESS, + wolfSSL_set_session(ssl, + test_wolfSSL_SCR_after_resumption_session)); + } + AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_SUCCESS); + AssertIntEQ(wolfSSL_write(ssl, testMsg, sizeof(testMsg)), + sizeof(testMsg)); + ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)); + if (ret != sizeof(msgBuf)) /* Possibly APP_DATA_READY error. Retry. */ + ret = wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)); + AssertIntEQ(ret, sizeof(msgBuf)); + } +} + +static void test_wolfSSL_SCR_after_resumption_ssl_ready(WOLFSSL* ssl) +{ + AssertIntEQ(WOLFSSL_SUCCESS, + wolfSSL_set_session(ssl, test_wolfSSL_SCR_after_resumption_session)); +} + +static int test_wolfSSL_SCR_after_resumption(void) +{ + EXPECT_DECLS; + callback_functions func_cb_client; + callback_functions func_cb_server; + + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + + func_cb_client.method = wolfTLSv1_2_client_method; + func_cb_client.ctx_ready = test_wolfSSL_SCR_after_resumption_ctx_ready; + func_cb_client.on_result = test_wolfSSL_SCR_after_resumption_on_result; + func_cb_server.method = wolfTLSv1_2_server_method; + func_cb_server.ctx_ready = test_wolfSSL_SCR_after_resumption_ctx_ready; + + test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); + + ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS); + ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS); + + if (EXPECT_SUCCESS()) { + func_cb_client.ssl_ready = test_wolfSSL_SCR_after_resumption_ssl_ready; + func_cb_server.on_result = test_wolfSSL_SCR_after_resumption_on_result; + + test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); + + ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS); + ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS); + } + + wolfSSL_SESSION_free(test_wolfSSL_SCR_after_resumption_session); + + return EXPECT_RESULT(); +} + +#else +static int test_wolfSSL_SCR_after_resumption(void) +{ + return TEST_SKIPPED; +} +#endif + +static int test_wolfSSL_configure_args(void) +{ + EXPECT_DECLS; +#if defined(LIBWOLFSSL_CONFIGURE_ARGS) && defined(HAVE_WC_INTROSPECTION) + ExpectNotNull(wolfSSL_configure_args()); +#endif + return EXPECT_RESULT(); +} + +static int test_dtls_no_extensions(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_DTLS) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_NO_TLS12) + WOLFSSL *ssl_s = NULL; + WOLFSSL_CTX *ctx_s = NULL; + struct test_memio_ctx test_ctx; + const byte chNoExtensions[] = { + /* Handshake type */ + 0x16, + /* Version */ + 0xfe, 0xff, + /* Epoch */ + 0x00, 0x00, + /* Seq number */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Length */ + 0x00, 0x40, + /* CH type */ + 0x01, + /* Length */ + 0x00, 0x00, 0x34, + /* Msg Seq */ + 0x00, 0x00, + /* Frag offset */ + 0x00, 0x00, 0x00, + /* Frag length */ + 0x00, 0x00, 0x34, + /* Version */ + 0xfe, 0xff, + /* Random */ + 0x62, 0xfe, 0xbc, 0xfe, 0x2b, 0xfe, 0x3f, 0xeb, 0x03, 0xc4, 0xea, 0x37, + 0xe7, 0x47, 0x7e, 0x8a, 0xd9, 0xbf, 0x77, 0x0f, 0x6c, 0xb6, 0x77, 0x0b, + 0x03, 0x3f, 0x82, 0x2b, 0x21, 0x64, 0x57, 0x1d, + /* Session Length */ + 0x00, + /* Cookie Length */ + 0x00, + /* CS Length */ + 0x00, 0x0c, + /* CS */ + 0xc0, 0x0a, 0xc0, 0x09, 0xc0, 0x14, 0xc0, 0x13, 0x00, 0x39, 0x00, 0x33, + /* Comp Meths Length */ + 0x01, + /* Comp Meths */ + 0x00 + /* And finally... no extensions */ + }; + int i; +#ifdef OPENSSL_EXTRA + int repeats = 2; +#else + int repeats = 1; +#endif + + for (i = 0; i < repeats; i++) { + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ssl_s = NULL; + ctx_s = NULL; + + ExpectIntEQ(test_memio_setup(&test_ctx, NULL, &ctx_s, NULL, &ssl_s, + NULL, wolfDTLS_server_method), 0); + + test_memio_clear_buffer(&test_ctx, 0); + ExpectIntEQ( + test_memio_inject_message(&test_ctx, 1, + (const char *)chNoExtensions, sizeof(chNoExtensions)), 0); + + +#ifdef OPENSSL_EXTRA + if (i > 0) { + ExpectIntEQ(wolfSSL_set_max_proto_version(ssl_s, DTLS1_2_VERSION), + WOLFSSL_SUCCESS); + } +#endif + + ExpectIntEQ(wolfSSL_accept(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + + /* Expecting a handshake msg. Either HVR or SH. */ + ExpectIntGT(test_ctx.c_len, 0); + ExpectIntEQ(test_ctx.c_buff[0], 0x16); + + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + } +#endif + return EXPECT_RESULT(); +} + +static int test_tls_alert_no_server_hello(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12) + WOLFSSL *ssl_c = NULL; + WOLFSSL_CTX *ctx_c = NULL; + struct test_memio_ctx test_ctx; + unsigned char alert_msg[] = { 0x15, 0x03, 0x01, 0x00, 0x02, 0x02, 0x28 }; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ssl_c = NULL; + ctx_c = NULL; + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL, + wolfTLSv1_2_client_method, NULL), 0); + + test_memio_clear_buffer(&test_ctx, 1); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 1, + (const char *)alert_msg, sizeof(alert_msg)), 0); + + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(FATAL_ERROR)); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); +#endif + return EXPECT_RESULT(); +} + +static int test_TLSX_CA_NAMES_bad_extension(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \ + !defined(NO_CERTS) && !defined(WOLFSSL_NO_CA_NAMES) && \ + defined(OPENSSL_EXTRA) && defined(BUILD_TLS_CHACHA20_POLY1305_SHA256) && \ + defined(HAVE_ECC) && !defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) + /* This test should only fail (with BUFFER_ERROR) when we actually try to + * parse the CA Names extension. Otherwise it will return other non-related + * errors. If CA Names will be parsed in more configurations, that should + * be reflected in the macro guard above. */ + WOLFSSL *ssl_c = NULL; + WOLFSSL_CTX *ctx_c = NULL; + struct test_memio_ctx test_ctx; + /* HRR + SH using TLS_CHACHA20_POLY1305_SHA256 */ + const byte shBadCaNamesExt[] = { + 0x16, 0x03, 0x04, 0x00, 0x3f, 0x02, 0x00, 0x00, 0x3b, 0x03, 0x03, 0xcf, + 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02, 0x1e, + 0x65, 0xb8, 0x91, 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e, 0x07, + 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c, 0x00, 0x13, 0x03, 0x00, 0x00, + 0x13, 0x94, 0x7e, 0x00, 0x03, 0x0b, 0xf7, 0x03, 0x00, 0x2b, 0x00, 0x02, + 0x03, 0x04, 0x00, 0x33, 0x00, 0x02, 0x00, 0x19, 0x16, 0x03, 0x03, 0x00, + 0x5c, 0x02, 0x00, 0x00, 0x3b, 0x03, 0x03, 0x03, 0xcf, 0x21, 0xad, 0x74, + 0x00, 0x00, 0x83, 0x3f, 0x3b, 0x80, 0x01, 0xac, 0x65, 0x8c, 0x19, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x02, 0x00, 0x9e, 0x09, 0x1c, 0xe8, + 0xa8, 0x09, 0x9c, 0x00, 0x13, 0x03, 0x00, 0x00, 0x11, 0x8f, 0x00, 0x00, + 0x03, 0x3f, 0x00, 0x0c, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04, 0x13, 0x05, + 0x00, 0x00, 0x08, 0x00, 0x00, 0x06, 0x00, 0x04, 0x00, 0x09, 0x00, 0x00, + 0x0d, 0x00, 0x00, 0x11, 0x00, 0x00, 0x0d, 0x00, 0x2f, 0x00, 0x01, 0xff, + 0xff, 0xff, 0xff, 0xfa, 0x0d, 0x00, 0x00, 0x00, 0xad, 0x02 + }; + const byte shBadCaNamesExt2[] = { + 0x16, 0x03, 0x04, 0x00, 0x3f, 0x02, 0x00, 0x00, 0x3b, 0x03, 0x03, 0xcf, + 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02, 0x1e, + 0x65, 0xb8, 0x91, 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e, 0x07, + 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c, 0x00, 0x13, 0x03, 0x00, 0x00, + 0x13, 0x94, 0x7e, 0x00, 0x03, 0x0b, 0xf7, 0x03, 0x00, 0x2b, 0x00, 0x02, + 0x03, 0x04, 0x00, 0x33, 0x00, 0x02, 0x00, 0x19, 0x16, 0x03, 0x03, 0x00, + 0x5e, 0x02, 0x00, 0x00, 0x3b, 0x03, 0x03, 0x7f, 0xd0, 0x2d, 0xea, 0x6e, + 0x53, 0xa1, 0x6a, 0xc9, 0xc8, 0x54, 0xef, 0x75, 0xe4, 0xd9, 0xc6, 0x3e, + 0x74, 0xcb, 0x30, 0x80, 0xcc, 0x83, 0x3a, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0xc0, 0x5a, 0x00, 0x13, 0x03, 0x00, 0x00, 0x11, 0x8f, 0x00, 0x00, + 0x03, 0x03, 0x00, 0x0c, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04, 0x53, 0x25, + 0x00, 0x00, 0x08, 0x00, 0x00, 0x06, 0x00, 0x04, 0x02, 0x05, 0x00, 0x00, + 0x0d, 0x00, 0x00, 0x11, 0x00, 0x00, 0x0d, 0x00, 0x2f, 0x00, 0x06, 0x00, + 0x04, 0x00, 0x03, 0x30, 0x00, 0x13, 0x94, 0x00, 0x06, 0x00, 0x04, 0x02 + }; + int i = 0; + + for (i = 0; i < 2; i++) { + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL, + wolfTLSv1_3_client_method, NULL), 0); + + switch (i) { + case 0: + test_memio_clear_buffer(&test_ctx, 0); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 1, + (const char *)shBadCaNamesExt, sizeof(shBadCaNamesExt)), 0); + break; + case 1: + test_memio_clear_buffer(&test_ctx, 0); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 1, + (const char *)shBadCaNamesExt2, + sizeof(shBadCaNamesExt2)), 0); + break; + } + + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); +#ifndef WOLFSSL_DISABLE_EARLY_SANITY_CHECKS + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(OUT_OF_ORDER_E)); +#else + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WC_NO_ERR_TRACE(BUFFER_ERROR)); +#endif + + wolfSSL_free(ssl_c); + ssl_c = NULL; + wolfSSL_CTX_free(ctx_c); + ctx_c = NULL; + } + +#endif + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) +static void test_dtls_1_0_hvr_downgrade_ctx_ready(WOLFSSL_CTX* ctx) +{ + AssertIntEQ(wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_DTLSV1_2), + WOLFSSL_SUCCESS); +} + +static int test_dtls_1_0_hvr_downgrade(void) +{ + EXPECT_DECLS; + callback_functions func_cb_client; + callback_functions func_cb_server; + + XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); + XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); + + func_cb_client.doUdp = func_cb_server.doUdp = 1; + func_cb_client.method = wolfDTLS_client_method; + func_cb_server.method = wolfDTLSv1_2_server_method; + func_cb_client.ctx_ready = test_dtls_1_0_hvr_downgrade_ctx_ready; + + test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); + + ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS); + ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS); + + return EXPECT_RESULT(); +} +#else +static int test_dtls_1_0_hvr_downgrade(void) +{ + EXPECT_DECLS; + return EXPECT_RESULT(); +} +#endif + +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12) && \ + defined(HAVE_SESSION_TICKET) + +static WOLFSSL_SESSION* test_session_ticket_no_id_session = NULL; + +static void test_session_ticket_no_id_on_result(WOLFSSL* ssl) +{ + test_session_ticket_no_id_session = wolfSSL_get1_session(ssl); + AssertNotNull(test_session_ticket_no_id_session); +} + +static void test_session_ticket_no_id_ctx_ready(WOLFSSL_CTX* ctx) +{ + AssertIntEQ(wolfSSL_CTX_UseSessionTicket(ctx), WOLFSSL_SUCCESS); +} + +static void test_session_ticket_no_id_ssl_ready(WOLFSSL* ssl) +{ + test_session_ticket_no_id_session->sessionIDSz = 0; + AssertIntEQ(WOLFSSL_SUCCESS, + wolfSSL_set_session(ssl, test_session_ticket_no_id_session)); +} + +static int test_session_ticket_no_id(void) +{ + /* We are testing an expired (invalid crypto context in out case since the + * ctx changes) session ticket being sent with the session ID being 0 + * length. */ + EXPECT_DECLS; + callback_functions func_cb_client; + callback_functions func_cb_server; + + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + func_cb_client.method = wolfTLSv1_2_client_method; + func_cb_client.ctx_ready = test_session_ticket_no_id_ctx_ready; + func_cb_client.on_result = test_session_ticket_no_id_on_result; + func_cb_server.method = wolfTLSv1_2_server_method; + func_cb_server.ctx_ready = test_session_ticket_no_id_ctx_ready; + + test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); + + ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS); + ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS); + + XMEMSET(&func_cb_client, 0, sizeof(func_cb_client)); + XMEMSET(&func_cb_server, 0, sizeof(func_cb_server)); + func_cb_client.method = wolfTLSv1_2_client_method; + func_cb_client.ctx_ready = test_session_ticket_no_id_ctx_ready; + func_cb_client.ssl_ready = test_session_ticket_no_id_ssl_ready; + func_cb_server.method = wolfTLSv1_2_server_method; + func_cb_server.ctx_ready = test_session_ticket_no_id_ctx_ready; + + test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); + + ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS); + ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS); + + wolfSSL_SESSION_free(test_session_ticket_no_id_session); + + return EXPECT_RESULT(); +} +#else +static int test_session_ticket_no_id(void) +{ + EXPECT_DECLS; + return EXPECT_RESULT(); +} +#endif + +static int test_session_ticket_hs_update(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \ + defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) + struct test_memio_ctx test_ctx; + struct test_memio_ctx test_ctx2; + struct test_memio_ctx test_ctx3; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_c2 = NULL; + WOLFSSL *ssl_c3 = NULL; + WOLFSSL *ssl_s = NULL; + WOLFSSL *ssl_s2 = NULL; + WOLFSSL *ssl_s3 = NULL; + WOLFSSL_SESSION *sess = NULL; + byte read_data[1]; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + XMEMSET(&test_ctx2, 0, sizeof(test_ctx2)); + XMEMSET(&test_ctx3, 0, sizeof(test_ctx3)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0); + + /* Generate tickets */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + wolfSSL_SetLoggingPrefix("client"); + /* Read the ticket msg */ + ExpectIntEQ(wolfSSL_read(ssl_c, read_data, sizeof(read_data)), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + wolfSSL_SetLoggingPrefix(NULL); + + ExpectIntEQ(test_memio_setup(&test_ctx2, &ctx_c, &ctx_s, &ssl_c2, &ssl_s2, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0); + ExpectIntEQ(test_memio_setup(&test_ctx3, &ctx_c, &ctx_s, &ssl_c3, &ssl_s3, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0); + + ExpectNotNull(sess = wolfSSL_get1_session(ssl_c)); + ExpectIntEQ(wolfSSL_set_session(ssl_c2, sess), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set_session(ssl_c3, sess), WOLFSSL_SUCCESS); + + wolfSSL_SetLoggingPrefix("client"); + /* Exchange initial flights for the second connection */ + ExpectIntEQ(wolfSSL_connect(ssl_c2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_get_error(ssl_c2, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + wolfSSL_SetLoggingPrefix(NULL); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_accept(ssl_s2), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_get_error(ssl_s2, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + wolfSSL_SetLoggingPrefix(NULL); + + /* Complete third connection so that new tickets are exchanged */ + ExpectIntEQ(test_memio_do_handshake(ssl_c3, ssl_s3, 10, NULL), 0); + /* Read the ticket msg */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_read(ssl_c3, read_data, sizeof(read_data)), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_get_error(ssl_c3, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + wolfSSL_SetLoggingPrefix(NULL); + + /* Complete second connection */ + ExpectIntEQ(test_memio_do_handshake(ssl_c2, ssl_s2, 10, NULL), 0); + + ExpectIntEQ(wolfSSL_session_reused(ssl_c2), 1); + ExpectIntEQ(wolfSSL_session_reused(ssl_c3), 1); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_c2); + wolfSSL_free(ssl_c3); + wolfSSL_free(ssl_s); + wolfSSL_free(ssl_s2); + wolfSSL_free(ssl_s3); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + wolfSSL_SESSION_free(sess); +#endif + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_SECURE_RENEGOTIATION) +static void test_dtls_downgrade_scr_server_ctx_ready_server(WOLFSSL_CTX* ctx) +{ + AssertIntEQ(wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_DTLSV1_2), + WOLFSSL_SUCCESS); + AssertIntEQ(wolfSSL_CTX_UseSecureRenegotiation(ctx), WOLFSSL_SUCCESS); +} + +static void test_dtls_downgrade_scr_server_ctx_ready(WOLFSSL_CTX* ctx) +{ + AssertIntEQ(wolfSSL_CTX_UseSecureRenegotiation(ctx), WOLFSSL_SUCCESS); +} + +static void test_dtls_downgrade_scr_server_on_result(WOLFSSL* ssl) +{ + char testMsg[] = "Message after SCR"; + char msgBuf[sizeof(testMsg)]; + if (wolfSSL_is_server(ssl)) { + AssertIntEQ(wolfSSL_Rehandshake(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + AssertIntEQ(wolfSSL_get_error(ssl, -1), WC_NO_ERR_TRACE(APP_DATA_READY)); + AssertIntEQ(wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)), sizeof(msgBuf)); + AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_SUCCESS); + AssertIntEQ(wolfSSL_write(ssl, testMsg, sizeof(testMsg)), + sizeof(testMsg)); + } + else { + AssertIntEQ(wolfSSL_write(ssl, testMsg, sizeof(testMsg)), + sizeof(testMsg)); + AssertIntEQ(wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)), sizeof(msgBuf)); + } +} + +static int test_dtls_downgrade_scr_server(void) +{ + EXPECT_DECLS; + callback_functions func_cb_client; + callback_functions func_cb_server; + + XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); + XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); + + func_cb_client.doUdp = func_cb_server.doUdp = 1; + func_cb_client.method = wolfDTLSv1_2_client_method; + func_cb_server.method = wolfDTLS_server_method; + func_cb_client.ctx_ready = test_dtls_downgrade_scr_server_ctx_ready; + func_cb_server.ctx_ready = test_dtls_downgrade_scr_server_ctx_ready_server; + func_cb_client.on_result = test_dtls_downgrade_scr_server_on_result; + func_cb_server.on_result = test_dtls_downgrade_scr_server_on_result; + + test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); + + ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS); + ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS); + + return EXPECT_RESULT(); +} +#else +static int test_dtls_downgrade_scr_server(void) +{ + EXPECT_DECLS; + return EXPECT_RESULT(); +} +#endif + +#if defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(HAVE_SECURE_RENEGOTIATION) +static void test_dtls_downgrade_scr_ctx_ready(WOLFSSL_CTX* ctx) +{ + AssertIntEQ(wolfSSL_CTX_SetMinVersion(ctx, WOLFSSL_DTLSV1_2), + WOLFSSL_SUCCESS); + AssertIntEQ(wolfSSL_CTX_UseSecureRenegotiation(ctx), WOLFSSL_SUCCESS); +} + +static void test_dtls_downgrade_scr_on_result(WOLFSSL* ssl) +{ + char testMsg[] = "Message after SCR"; + char msgBuf[sizeof(testMsg)]; + if (wolfSSL_is_server(ssl)) { + AssertIntEQ(wolfSSL_Rehandshake(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + AssertIntEQ(wolfSSL_get_error(ssl, -1), WC_NO_ERR_TRACE(APP_DATA_READY)); + AssertIntEQ(wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)), sizeof(msgBuf)); + AssertIntEQ(wolfSSL_Rehandshake(ssl), WOLFSSL_SUCCESS); + AssertIntEQ(wolfSSL_write(ssl, testMsg, sizeof(testMsg)), + sizeof(testMsg)); + } + else { + AssertIntEQ(wolfSSL_write(ssl, testMsg, sizeof(testMsg)), + sizeof(testMsg)); + AssertIntEQ(wolfSSL_read(ssl, msgBuf, sizeof(msgBuf)), sizeof(msgBuf)); + } +} + +static int test_dtls_downgrade_scr(void) +{ + EXPECT_DECLS; + callback_functions func_cb_client; + callback_functions func_cb_server; + + XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); + XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); + + func_cb_client.doUdp = func_cb_server.doUdp = 1; + func_cb_client.method = wolfDTLS_client_method; + func_cb_server.method = wolfDTLSv1_2_server_method; + func_cb_client.ctx_ready = test_dtls_downgrade_scr_ctx_ready; + func_cb_client.on_result = test_dtls_downgrade_scr_on_result; + func_cb_server.on_result = test_dtls_downgrade_scr_on_result; + + test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); + + ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS); + ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS); + + return EXPECT_RESULT(); +} +#else +static int test_dtls_downgrade_scr(void) +{ + EXPECT_DECLS; + return EXPECT_RESULT(); +} +#endif + +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \ + && !defined(WOLFSSL_NO_TLS12) + +static int test_dtls_client_hello_timeout_downgrade_read_cb(WOLFSSL *ssl, + char *data, int sz, void *ctx) +{ + static int call_counter = 0; + call_counter++; + (void)ssl; + (void)data; + (void)sz; + (void)ctx; + switch (call_counter) { + case 1: + case 2: + return WOLFSSL_CBIO_ERR_TIMEOUT; + case 3: + return WOLFSSL_CBIO_ERR_WANT_READ; + default: + AssertIntLE(call_counter, 3); + return -1; + } +} +#endif + +/* Make sure we don't send acks before getting a server hello */ +static int test_dtls_client_hello_timeout_downgrade(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \ + && !defined(WOLFSSL_NO_TLS12) + + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + DtlsRecordLayerHeader* dtlsRH; + size_t len; + byte sequence_number[8]; + int i; + + for (i = 0; i < 2; i++) { + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLS_client_method, wolfDTLSv1_2_server_method), 0); + + if (i == 0) { + /* First time simulate timeout in IO layer */ + /* CH1 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* HVR */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* CH2 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* SH flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Drop the SH */ + if (EXPECT_SUCCESS()) { + ExpectIntEQ(test_memio_drop_message(&test_ctx, 1, 0), 0); + } + /* Read the remainder of the flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + wolfSSL_SSLSetIORecv(ssl_c, + test_dtls_client_hello_timeout_downgrade_read_cb); + /* CH3 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + wolfSSL_SSLSetIORecv(ssl_c, test_memio_read_cb); + } + else { + /* Second time call wolfSSL_dtls_got_timeout */ + /* CH1 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* HVR */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* CH2 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* SH flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Drop the SH */ + if (EXPECT_SUCCESS()) { + ExpectIntEQ(test_memio_drop_message(&test_ctx, 1, 0), 0); + } + /* Read the remainder of the flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Quick timeout should be set as we received at least one msg */ + ExpectIntEQ(wolfSSL_dtls13_use_quick_timeout(ssl_c), 1); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS); + /* Quick timeout should be cleared after a quick timeout */ + /* CH3 */ + ExpectIntEQ(wolfSSL_dtls13_use_quick_timeout(ssl_c), 0); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS); + } + + /* Parse out to make sure we got exactly one ClientHello message */ + XMEMSET(&sequence_number, 0, sizeof(sequence_number)); + /* Second ClientHello after HVR */ + sequence_number[7] = 2; + dtlsRH = (DtlsRecordLayerHeader*)test_ctx.s_buff; + ExpectIntEQ(dtlsRH->type, handshake); + ExpectIntEQ(dtlsRH->pvMajor, DTLS_MAJOR); + ExpectIntEQ(dtlsRH->pvMinor, DTLSv1_2_MINOR); + ExpectIntEQ(XMEMCMP(sequence_number, dtlsRH->sequence_number, + sizeof(sequence_number)), 0); + len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]); + ExpectIntEQ(sizeof(DtlsRecordLayerHeader) + len, test_ctx.s_len); + + /* Connection should be able to continue */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + ssl_c = NULL; + ssl_s = NULL; + ctx_c = NULL; + ctx_s = NULL; + if (!EXPECT_SUCCESS()) + break; + } + +#endif + return EXPECT_RESULT(); +} + +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) +static int test_dtls_client_hello_timeout_read_cb(WOLFSSL *ssl, char *data, + int sz, void *ctx) +{ + static int call_counter = 0; + call_counter++; + (void)ssl; + (void)data; + (void)sz; + (void)ctx; + switch (call_counter) { + case 1: + return WOLFSSL_CBIO_ERR_TIMEOUT; + case 2: + return WOLFSSL_CBIO_ERR_WANT_READ; + default: + AssertIntLE(call_counter, 2); + return -1; + } +} +#endif + +/* Make sure we don't send acks before getting a server hello */ +static int test_dtls_client_hello_timeout(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) + WOLFSSL *ssl_c = NULL; + WOLFSSL_CTX *ctx_c = NULL; + struct test_memio_ctx test_ctx; + DtlsRecordLayerHeader* dtlsRH; + size_t idx; + size_t len; + byte sequence_number[8]; + int i; + + for (i = 0; i < 2; i++) { + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL, + wolfDTLSv1_3_client_method, NULL), 0); + + if (i == 0) { + /* First time simulate timeout in IO layer */ + wolfSSL_SSLSetIORecv(ssl_c, test_dtls_client_hello_timeout_read_cb); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + } + else { + /* Second time call wolfSSL_dtls_got_timeout */ + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS); + } + + /* Parse out to make sure we got exactly two ClientHello messages */ + idx = 0; + XMEMSET(&sequence_number, 0, sizeof(sequence_number)); + /* First ClientHello */ + dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.s_buff + idx); + ExpectIntEQ(dtlsRH->type, handshake); + ExpectIntEQ(dtlsRH->pvMajor, DTLS_MAJOR); + ExpectIntEQ(dtlsRH->pvMinor, DTLSv1_2_MINOR); + ExpectIntEQ(XMEMCMP(sequence_number, dtlsRH->sequence_number, + sizeof(sequence_number)), 0); + len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]); + ExpectIntLT(idx + sizeof(DtlsRecordLayerHeader) + len, test_ctx.s_len); + idx += sizeof(DtlsRecordLayerHeader) + len; + /* Second ClientHello */ + sequence_number[7] = 1; + dtlsRH = (DtlsRecordLayerHeader*)(test_ctx.s_buff + idx); + ExpectIntEQ(dtlsRH->type, handshake); + ExpectIntEQ(dtlsRH->pvMajor, DTLS_MAJOR); + ExpectIntEQ(dtlsRH->pvMinor, DTLSv1_2_MINOR); + ExpectIntEQ(XMEMCMP(sequence_number, dtlsRH->sequence_number, + sizeof(sequence_number)), 0); + len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]); + ExpectIntEQ(idx + sizeof(DtlsRecordLayerHeader) + len, test_ctx.s_len); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + ssl_c = NULL; + ctx_c = NULL; + if (!EXPECT_SUCCESS()) + break; + } + +#endif + return EXPECT_RESULT(); +} + +/* DTLS test when dropping the changed cipher spec message */ +static int test_dtls_dropped_ccs(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) \ + && !defined(WOLFSSL_NO_TLS12) + + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + DtlsRecordLayerHeader* dtlsRH; + size_t len; + byte data[1]; + + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0); + + /* CH1 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* HVR */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* CH2 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Server first flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Client flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Server ccs + finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1); + + /* Drop the ccs */ + dtlsRH = (DtlsRecordLayerHeader*)test_ctx.c_buff; + len = (size_t)((dtlsRH->length[0] << 8) | dtlsRH->length[1]); + ExpectIntEQ(len, 1); + ExpectIntEQ(dtlsRH->type, change_cipher_spec); + if (EXPECT_SUCCESS()) { + ExpectIntEQ(test_memio_drop_message(&test_ctx, 1, 0), 0); + } + + /* Client rtx flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS); + /* Server ccs + finished rtx */ + ExpectIntEQ(wolfSSL_read(ssl_s, data, sizeof(data)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Client processes finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) \ + && !defined(WOLFSSL_NO_TLS12) +static int test_dtls_seq_num_downgrade_check_num(byte* ioBuf, int ioBufLen, + byte seq_num) +{ + EXPECT_DECLS; + DtlsRecordLayerHeader* dtlsRH; + byte sequence_number[8]; + + XMEMSET(&sequence_number, 0, sizeof(sequence_number)); + + ExpectIntGE(ioBufLen, sizeof(*dtlsRH)); + dtlsRH = (DtlsRecordLayerHeader*)ioBuf; + ExpectIntEQ(dtlsRH->type, handshake); + ExpectIntEQ(dtlsRH->pvMajor, DTLS_MAJOR); + ExpectIntEQ(dtlsRH->pvMinor, DTLSv1_2_MINOR); + sequence_number[7] = seq_num; + ExpectIntEQ(XMEMCMP(sequence_number, dtlsRH->sequence_number, + sizeof(sequence_number)), 0); + + return EXPECT_RESULT(); +} +#endif + +/* + * Make sure that we send the correct sequence number after a HelloVerifyRequest + * and after a HelloRetryRequest. This is testing the server side as it is + * operating statelessly and should copy the sequence number of the ClientHello. + */ +static int test_dtls_seq_num_downgrade(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) \ + && !defined(WOLFSSL_NO_TLS12) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_2_client_method, wolfDTLS_server_method), 0); + + /* CH1 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_dtls_seq_num_downgrade_check_num(test_ctx.s_buff, + test_ctx.s_len, 0), TEST_SUCCESS); + /* HVR */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_dtls_seq_num_downgrade_check_num(test_ctx.c_buff, + test_ctx.c_len, 0), TEST_SUCCESS); + /* CH2 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_dtls_seq_num_downgrade_check_num(test_ctx.s_buff, + test_ctx.s_len, 1), TEST_SUCCESS); + /* Server first flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_dtls_seq_num_downgrade_check_num(test_ctx.c_buff, + test_ctx.c_len, 1), TEST_SUCCESS); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +/** + * Make sure we don't send RSA Signature Hash Algorithms in the + * CertificateRequest when we don't have any such ciphers set. + * @return EXPECT_RESULT() + */ +static int test_certreq_sighash_algos(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_MAX_STRENGTH) && defined(HAVE_ECC) && \ + !defined(NO_SHA256) && defined(WOLFSSL_SHA384) && \ + defined(WOLFSSL_AES_256) && defined(HAVE_AES_CBC) && \ + !defined(WOLFSSL_NO_TLS12) + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + int idx = 0; + int maxIdx = 0; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + test_ctx.c_ciphers = test_ctx.s_ciphers = + "ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA384"; + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_c, + caEccCertFile, NULL), WOLFSSL_SUCCESS); + + wolfSSL_set_verify(ssl_s, WOLFSSL_VERIFY_PEER, NULL); + ExpectIntEQ(wolfSSL_use_PrivateKey_file(ssl_s, eccKeyFile, + CERT_FILETYPE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_use_certificate_file(ssl_s, eccCertFile, + CERT_FILETYPE), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_connect(ssl_c), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + + ExpectIntEQ(wolfSSL_accept(ssl_s), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + + /* Find the CertificateRequest message */ + for (idx = 0; idx < test_ctx.c_len && EXPECT_SUCCESS();) { + word16 len; + ExpectIntEQ(test_ctx.c_buff[idx++], handshake); + ExpectIntEQ(test_ctx.c_buff[idx++], SSLv3_MAJOR); + ExpectIntEQ(test_ctx.c_buff[idx++], TLSv1_2_MINOR); + ato16(test_ctx.c_buff + idx, &len); + idx += OPAQUE16_LEN; + if (test_ctx.c_buff[idx] == certificate_request) { + idx++; + /* length */ + idx += OPAQUE24_LEN; + /* cert types */ + idx += 1 + test_ctx.c_buff[idx]; + /* Sig algos */ + ato16(test_ctx.c_buff + idx, &len); + idx += OPAQUE16_LEN; + maxIdx = idx + (int)len; + for (; idx < maxIdx && EXPECT_SUCCESS(); idx += OPAQUE16_LEN) { + if (test_ctx.c_buff[idx+1] == ED25519_SA_MINOR || + test_ctx.c_buff[idx+1] == ED448_SA_MINOR) + ExpectIntEQ(test_ctx.c_buff[idx], NEW_SA_MAJOR); + else + ExpectIntEQ(test_ctx.c_buff[idx+1], ecc_dsa_sa_algo); + } + break; + } + else { + idx += (int)len; + } + } + ExpectIntLT(idx, test_ctx.c_len); + + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) +static int test_revoked_loaded_int_cert_ctx_ready1(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify); + myVerifyAction = VERIFY_USE_PREVERIFY; + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, + "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, + "./certs/intermediate/ca-int-cert.pem", NULL, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, + "./certs/crl/extra-crls/ca-int-cert-revoked.pem", + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, + "./certs/crl/ca-int.pem", + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + return EXPECT_RESULT(); +} + +static int test_revoked_loaded_int_cert_ctx_ready2(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify); + myVerifyAction = VERIFY_USE_PREVERIFY; + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, + "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, + "./certs/intermediate/ca-int-cert.pem", NULL, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, + "./certs/intermediate/ca-int2-cert.pem", NULL, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, + "./certs/crl/ca-int2.pem", + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, + "./certs/crl/extra-crls/ca-int-cert-revoked.pem", + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, + "./certs/crl/ca-int.pem", + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + return EXPECT_RESULT(); +} + +static int test_revoked_loaded_int_cert_ctx_ready3_crl_missing_cb(int ret, + WOLFSSL_CRL* crl, WOLFSSL_CERT_MANAGER* cm, void* ctx) +{ + (void)crl; + (void)cm; + (void)ctx; + if (ret == WC_NO_ERR_TRACE(CRL_MISSING)) + return 1; + return 0; +} + +/* Here we are allowing missing CRL's but want to error out when its revoked */ +static int test_revoked_loaded_int_cert_ctx_ready3(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER, myVerify); + myVerifyAction = VERIFY_USE_PREVERIFY; + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, + "./certs/ca-cert.pem", NULL, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, + "./certs/intermediate/ca-int-cert.pem", NULL, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations_ex(ctx, + "./certs/intermediate/ca-int2-cert.pem", NULL, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableCRL(ctx, WOLFSSL_CRL_CHECKALL), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_LoadCRLFile(ctx, + "./certs/crl/extra-crls/ca-int-cert-revoked.pem", + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_SetCRL_ErrorCb(ctx, + test_revoked_loaded_int_cert_ctx_ready3_crl_missing_cb, NULL), + WOLFSSL_SUCCESS); + return EXPECT_RESULT(); +} +#endif + +static int test_revoked_loaded_int_cert(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CRL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_CRL_ALLOW_MISSING_CDP) + test_ssl_cbf client_cbf; + test_ssl_cbf server_cbf; + struct { + const char* certPemFile; + const char* keyPemFile; + ctx_cb client_ctx_ready; + } test_params[] = { + {"./certs/intermediate/ca-int2-cert.pem", + "./certs/intermediate/ca-int2-key.pem", + test_revoked_loaded_int_cert_ctx_ready1}, + {"./certs/intermediate/server-chain.pem", + "./certs/server-key.pem", test_revoked_loaded_int_cert_ctx_ready2}, + {"./certs/intermediate/server-chain-short.pem", + "./certs/server-key.pem", test_revoked_loaded_int_cert_ctx_ready2}, + {"./certs/intermediate/server-chain-short.pem", + "./certs/server-key.pem", test_revoked_loaded_int_cert_ctx_ready3}, + }; + size_t i; + + printf("\n"); + + for (i = 0; i < XELEM_CNT(test_params); i++) { + XMEMSET(&client_cbf, 0, sizeof(client_cbf)); + XMEMSET(&server_cbf, 0, sizeof(server_cbf)); + + printf("\tTesting with %s...\n", test_params[i].certPemFile); + + server_cbf.certPemFile = test_params[i].certPemFile; + server_cbf.keyPemFile = test_params[i].keyPemFile; + + client_cbf.ctx_ready = test_params[i].client_ctx_ready; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, + &server_cbf, NULL), -1001); + ExpectIntEQ(client_cbf.last_err, WC_NO_ERR_TRACE(CRL_CERT_REVOKED)); + ExpectIntEQ(server_cbf.last_err, WC_NO_ERR_TRACE(FATAL_ERROR)); + + if (!EXPECT_SUCCESS()) + break; + printf("\t%s passed\n", test_params[i].certPemFile); + } +#endif + return EXPECT_RESULT(); +} + +static int test_dtls13_frag_ch_pq(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \ + && defined(WOLFSSL_DTLS_CH_FRAG) && defined(HAVE_LIBOQS) + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + const char *test_str = "test"; + int test_str_size; + byte buf[255]; +#ifdef WOLFSSL_MLKEM_KYBER + int group = WOLFSSL_KYBER_LEVEL5; +#else + int group = WOLFSSL_ML_KEM_1024; +#endif + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0); + /* Add in a large post-quantum key share to make the CH long. */ + ExpectIntEQ(wolfSSL_set_groups(ssl_c, &group, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, group), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls13_allow_ch_frag(ssl_s, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); +#ifdef WOLFSSL_MLKEM_KYBER + ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "KYBER_LEVEL5"); + ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "KYBER_LEVEL5"); +#else + ExpectStrEQ(wolfSSL_get_curve_name(ssl_c), "ML_KEM_1024"); + ExpectStrEQ(wolfSSL_get_curve_name(ssl_s), "ML_KEM_1024"); +#endif + test_str_size = XSTRLEN("test") + 1; + ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size); + ExpectIntEQ(wolfSSL_read(ssl_s, buf, sizeof(buf)), test_str_size); + ExpectIntEQ(XSTRCMP((char*)buf, test_str), 0); + ExpectIntEQ(wolfSSL_write(ssl_c, test_str, test_str_size), test_str_size); + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) \ + && defined(WOLFSSL_DTLS_MTU) && defined(WOLFSSL_DTLS_CH_FRAG) && \ + defined(WOLFSSL_AES_256) +static int test_dtls_frag_ch_count_records(byte* b, int len) +{ + DtlsRecordLayerHeader* dtlsRH; + int records = 0; + size_t recordLen; + while (len > 0) { + records++; + dtlsRH = (DtlsRecordLayerHeader*)b; + recordLen = (dtlsRH->length[0] << 8) | dtlsRH->length[1]; + if (recordLen > (size_t)len) + break; + b += sizeof(DtlsRecordLayerHeader) + recordLen; + len -= sizeof(DtlsRecordLayerHeader) + recordLen; + } + return records; +} +#endif + +static int test_dtls_frag_ch(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \ + && defined(WOLFSSL_DTLS_MTU) && defined(WOLFSSL_DTLS_CH_FRAG) && \ + defined(WOLFSSL_AES_256) + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + static unsigned int DUMMY_MTU = 256; + unsigned int len; + unsigned char four_frag_CH[] = { + 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xda, 0x01, 0x00, 0x02, 0xdc, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xce, 0xfe, 0xfd, 0xf3, 0x94, 0x01, 0x33, 0x2c, 0xcf, 0x2c, 0x47, 0xb1, + 0xe5, 0xa1, 0x7b, 0x19, 0x3e, 0xac, 0x68, 0xdd, 0xe6, 0x17, 0x6b, 0x85, + 0xad, 0x5f, 0xfc, 0x7f, 0x6e, 0xf0, 0xb9, 0xe0, 0x2e, 0xca, 0x47, 0x00, + 0x00, 0x00, 0x36, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2c, 0xc0, + 0x2b, 0xc0, 0x30, 0xc0, 0x2f, 0x00, 0x9f, 0x00, 0x9e, 0xcc, 0xa9, 0xcc, + 0xa8, 0xcc, 0xaa, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x28, 0xc0, 0x24, 0xc0, + 0x0a, 0xc0, 0x09, 0xc0, 0x14, 0xc0, 0x13, 0x00, 0x6b, 0x00, 0x67, 0x00, + 0x39, 0x00, 0x33, 0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0x01, 0x00, 0x02, + 0x7c, 0x00, 0x2b, 0x00, 0x03, 0x02, 0xfe, 0xfc, 0x00, 0x0d, 0x00, 0x20, + 0x00, 0x1e, 0x06, 0x03, 0x05, 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06, + 0x08, 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, 0x09, 0x06, 0x01, + 0x05, 0x01, 0x04, 0x01, 0x03, 0x01, 0x02, 0x01, 0x00, 0x0a, 0x00, 0x0c, + 0x00, 0x0a, 0x00, 0x19, 0x00, 0x18, 0x00, 0x17, 0x00, 0x15, 0x01, 0x00, + 0x00, 0x16, 0x00, 0x00, 0x00, 0x33, 0x02, 0x39, 0x02, 0x37, 0x00, 0x17, + 0x00, 0x41, 0x04, 0x94, 0xdf, 0x36, 0xd7, 0xb3, 0x90, 0x6d, 0x01, 0xa1, + 0xe6, 0xed, 0x67, 0xf4, 0xd9, 0x9d, 0x2c, 0xac, 0x57, 0x74, 0xff, 0x19, + 0xbe, 0x5a, 0xc9, 0x30, 0x11, 0xb7, 0x2b, 0x59, 0x47, 0x80, 0x7c, 0xa9, + 0xb7, 0x31, 0x8c, 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x01, 0x00, 0xda, 0x01, 0x00, 0x02, 0xdc, 0x00, 0x00, 0x00, 0x00, + 0xce, 0x00, 0x00, 0xce, 0x9e, 0x13, 0x74, 0x3b, 0x86, 0xba, 0x69, 0x1f, + 0x12, 0xf7, 0xcd, 0x78, 0x53, 0xe8, 0x50, 0x4d, 0x71, 0x3f, 0x4b, 0x4e, + 0xeb, 0x3e, 0xe5, 0x43, 0x54, 0x78, 0x17, 0x6d, 0x00, 0x18, 0x00, 0x61, + 0x04, 0xd1, 0x99, 0x66, 0x4f, 0xda, 0xc7, 0x12, 0x3b, 0xff, 0xb2, 0xd6, + 0x2f, 0x35, 0xb6, 0x17, 0x1f, 0xb3, 0xd0, 0xb6, 0x52, 0xff, 0x97, 0x8b, + 0x01, 0xe8, 0xd9, 0x68, 0x71, 0x40, 0x02, 0xd5, 0x68, 0x3a, 0x58, 0xb2, + 0x5d, 0xee, 0xa4, 0xe9, 0x5f, 0xf4, 0xaf, 0x3e, 0x30, 0x9c, 0x3e, 0x2b, + 0xda, 0x61, 0x43, 0x99, 0x02, 0x35, 0x33, 0x9f, 0xcf, 0xb5, 0xd3, 0x28, + 0x19, 0x9d, 0x1c, 0xbe, 0x69, 0x07, 0x9e, 0xfc, 0xe4, 0x8e, 0xcd, 0x86, + 0x4a, 0x1b, 0xf0, 0xfc, 0x17, 0x94, 0x66, 0x53, 0xda, 0x24, 0x5e, 0xaf, + 0xce, 0xec, 0x62, 0x4c, 0x06, 0xb4, 0x52, 0x94, 0xb1, 0x4a, 0x7a, 0x8c, + 0x4f, 0x00, 0x19, 0x00, 0x85, 0x04, 0x00, 0x27, 0xeb, 0x99, 0x49, 0x7f, + 0xcb, 0x2c, 0x46, 0x54, 0x2d, 0x93, 0x5d, 0x25, 0x92, 0x58, 0x5e, 0x06, + 0xc3, 0x7c, 0xfb, 0x9a, 0xa7, 0xec, 0xcd, 0x9f, 0xe1, 0x6b, 0x2d, 0x78, + 0xf5, 0x16, 0xa9, 0x20, 0x52, 0x48, 0x19, 0x0f, 0x1a, 0xd0, 0xce, 0xd8, + 0x68, 0xb1, 0x4e, 0x7f, 0x33, 0x03, 0x7d, 0x0c, 0x39, 0xdb, 0x9c, 0x4b, + 0xf4, 0xe7, 0xc2, 0xf5, 0xdd, 0x51, 0x9b, 0x03, 0xa8, 0x53, 0x2b, 0xe6, + 0x00, 0x15, 0x4b, 0xff, 0xd2, 0xa0, 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x02, 0x00, 0xda, 0x01, 0x00, 0x02, 0xdc, 0x00, + 0x00, 0x00, 0x01, 0x9c, 0x00, 0x00, 0xce, 0x58, 0x30, 0x10, 0x3d, 0x46, + 0xcc, 0xca, 0x1a, 0x44, 0xc8, 0x58, 0x9b, 0x27, 0x17, 0x67, 0x31, 0x96, + 0x8a, 0x66, 0x39, 0xf4, 0xcc, 0xc1, 0x9f, 0x12, 0x1f, 0x01, 0x30, 0x50, + 0x16, 0xd6, 0x89, 0x97, 0xa3, 0x66, 0xd7, 0x99, 0x50, 0x09, 0x6e, 0x80, + 0x87, 0xe4, 0xa2, 0x88, 0xae, 0xb4, 0x23, 0x57, 0x2f, 0x12, 0x60, 0xe7, + 0x7d, 0x44, 0x2d, 0xad, 0xbe, 0xe9, 0x0d, 0x01, 0x00, 0x01, 0x00, 0xd5, + 0xdd, 0x62, 0xee, 0xf3, 0x0e, 0xd9, 0x30, 0x0e, 0x38, 0xf3, 0x48, 0xf4, + 0xc9, 0x8f, 0x8c, 0x20, 0xf7, 0xd3, 0xa8, 0xb3, 0x87, 0x3c, 0x98, 0x5d, + 0x70, 0xc5, 0x03, 0x76, 0xb7, 0xd5, 0x0b, 0x7b, 0x23, 0x97, 0x6b, 0xe3, + 0xb5, 0x18, 0xeb, 0x64, 0x55, 0x18, 0xb2, 0x8a, 0x90, 0x1a, 0x8f, 0x0e, + 0x15, 0xda, 0xb1, 0x8e, 0x7f, 0xee, 0x1f, 0xe0, 0x3b, 0xb9, 0xed, 0xfc, + 0x4e, 0x3f, 0x78, 0x16, 0x39, 0x95, 0x5f, 0xb7, 0xcb, 0x65, 0x55, 0x72, + 0x7b, 0x7d, 0x86, 0x2f, 0x8a, 0xe5, 0xee, 0xf7, 0x57, 0x40, 0xf3, 0xc4, + 0x96, 0x4f, 0x11, 0x4d, 0x85, 0xf9, 0x56, 0xfa, 0x3d, 0xf0, 0xc9, 0xa4, + 0xec, 0x1e, 0xaa, 0x47, 0x90, 0x53, 0xdf, 0xe1, 0xb7, 0x78, 0x18, 0xeb, + 0xdd, 0x0d, 0x89, 0xb7, 0xf6, 0x15, 0x0e, 0x55, 0x12, 0xb3, 0x23, 0x17, + 0x0b, 0x59, 0x6f, 0x83, 0x05, 0x6b, 0xa6, 0xf8, 0x6c, 0x3a, 0x9b, 0x1b, + 0x50, 0x93, 0x51, 0xea, 0x95, 0x2d, 0x99, 0x96, 0x38, 0x16, 0xfe, 0xfd, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, 0x00, 0x7e, 0x01, 0x00, + 0x02, 0xdc, 0x00, 0x00, 0x00, 0x02, 0x6a, 0x00, 0x00, 0x72, 0x2d, 0x66, + 0x3e, 0xf2, 0x36, 0x5a, 0xf2, 0x23, 0x8f, 0x28, 0x09, 0xa9, 0x55, 0x8c, + 0x8f, 0xc0, 0x0d, 0x61, 0x98, 0x33, 0x56, 0x87, 0x7a, 0xfd, 0xa7, 0x50, + 0x71, 0x84, 0x2e, 0x41, 0x58, 0x00, 0x87, 0xd9, 0x27, 0xe5, 0x7b, 0xf4, + 0x6d, 0x84, 0x4e, 0x2e, 0x0c, 0x80, 0x0c, 0xf3, 0x8a, 0x02, 0x4b, 0x99, + 0x3a, 0x1f, 0x9f, 0x18, 0x7d, 0x1c, 0xec, 0xad, 0x60, 0x54, 0xa6, 0xa3, + 0x2c, 0x82, 0x5e, 0xf8, 0x8f, 0xae, 0xe1, 0xc4, 0x82, 0x7e, 0x43, 0x43, + 0xc5, 0x99, 0x49, 0x05, 0xd3, 0xf6, 0xdf, 0xa1, 0xb5, 0x2d, 0x0c, 0x13, + 0x2f, 0x1e, 0xb6, 0x28, 0x7c, 0x5c, 0xa1, 0x02, 0x6b, 0x8d, 0xa3, 0xeb, + 0xd4, 0x58, 0xe6, 0xa0, 0x7e, 0x6b, 0xaa, 0x09, 0x43, 0x67, 0x71, 0x87, + 0xa5, 0xcb, 0x68, 0xf3 + }; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0); + + /* Fragment msgs */ + ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl_c, DUMMY_MTU), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls_set_mtu(ssl_s, DUMMY_MTU), WOLFSSL_SUCCESS); + + /* Add in some key shares to make the CH long */ + ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_ECC_SECP256R1), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_ECC_SECP384R1), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_ECC_SECP521R1), + WOLFSSL_SUCCESS); +#ifdef HAVE_FFDHE_2048 + ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_FFDHE_2048), + WOLFSSL_SUCCESS); +#endif +#ifdef HAVE_FFDHE_3072 + ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_FFDHE_3072), + WOLFSSL_SUCCESS); +#endif +#ifdef HAVE_FFDHE_4096 + ExpectIntEQ(wolfSSL_UseKeyShare(ssl_c, WOLFSSL_FFDHE_4096), + WOLFSSL_SUCCESS); +#endif + + ExpectIntEQ(wolfSSL_dtls13_allow_ch_frag(ssl_s, 1), WOLFSSL_SUCCESS); + + /* Reject fragmented first CH */ + ExpectIntEQ(test_dtls_frag_ch_count_records(four_frag_CH, + sizeof(four_frag_CH)), 4); + len = sizeof(four_frag_CH); + test_memio_clear_buffer(&test_ctx, 0); + while (len > 0 && EXPECT_SUCCESS()) { + unsigned int inj_len = len > DUMMY_MTU ? DUMMY_MTU : len; + unsigned char *idx = four_frag_CH + sizeof(four_frag_CH) - len; + ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, (const char *)idx, + inj_len), 0); + len -= inj_len; + } + ExpectIntEQ(test_ctx.s_len, sizeof(four_frag_CH)); + while (test_ctx.s_len > 0 && EXPECT_SUCCESS()) { + int s_len = test_ctx.s_len; + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Fail if we didn't advance the buffer to avoid infinite loops */ + ExpectIntLT(test_ctx.s_len, s_len); + } + /* Expect all fragments read */ + ExpectIntEQ(test_ctx.s_len, 0); + /* Expect quietly dropping fragmented first CH */ + ExpectIntEQ(test_ctx.c_len, 0); + +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) + /* Disable ECH as it pushes it over our MTU */ + wolfSSL_SetEchEnable(ssl_c, 0); +#endif + + /* Limit options to make the CH a fixed length */ + /* See wolfSSL_parse_cipher_list for reason why we provide 1.3 AND 1.2 + * ciphersuite. This is only necessary when building with OPENSSL_EXTRA. */ +#ifdef OPENSSL_EXTRA + ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384" + ":DHE-RSA-AES256-GCM-SHA384")); +#else + ExpectTrue(wolfSSL_set_cipher_list(ssl_c, "TLS13-AES256-GCM-SHA384")); +#endif + + /* CH1 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Count records. Expect 1 unfragmented CH */ + ExpectIntEQ(test_dtls_frag_ch_count_records(test_ctx.s_buff, + test_ctx.s_len), 1); + /* HRR */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* CH2 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Count records. Expect fragmented CH */ + ExpectIntGT(test_dtls_frag_ch_count_records(test_ctx.s_buff, + test_ctx.s_len), 1); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; +#endif + return EXPECT_RESULT(); +} + +static int test_dtls_empty_keyshare_with_cookie(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + unsigned char ch_empty_keyshare_with_cookie[] = { + 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, + 0x12, 0x01, 0x00, 0x01, 0x06, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x06, 0xfe, 0xfd, 0xfb, 0x8c, 0x9b, 0x28, 0xae, 0x50, 0x1c, 0x4d, 0xf3, + 0xb8, 0xcf, 0x4d, 0xd8, 0x7e, 0x93, 0x13, 0x7b, 0x9e, 0xd9, 0xeb, 0xe9, + 0x13, 0x4b, 0x0d, 0x7f, 0x2e, 0x43, 0x62, 0x8c, 0xe4, 0x57, 0x79, 0x00, + 0x00, 0x00, 0x36, 0x13, 0x01, 0x13, 0x02, 0x13, 0x03, 0xc0, 0x2c, 0xc0, + 0x2b, 0xc0, 0x30, 0xc0, 0x2f, 0x00, 0x9f, 0x00, 0x9e, 0xcc, 0xa9, 0xcc, + 0xa8, 0xcc, 0xaa, 0xc0, 0x27, 0xc0, 0x23, 0xc0, 0x28, 0xc0, 0x24, 0xc0, + 0x0a, 0xc0, 0x09, 0xc0, 0x14, 0xc0, 0x13, 0x00, 0x6b, 0x00, 0x67, 0x00, + 0x39, 0x00, 0x33, 0xcc, 0x14, 0xcc, 0x13, 0xcc, 0x15, 0x01, 0x00, 0x00, + 0xa6, 0x00, 0x2b, 0x00, 0x03, 0x02, 0xfe, 0xfc, 0x00, 0x2c, 0x00, 0x47, + 0x00, 0x45, 0x20, 0xee, 0x4b, 0x17, 0x70, 0x63, 0xa0, 0x4c, 0x82, 0xbf, + 0x43, 0x01, 0x7d, 0x8d, 0xc1, 0x1b, 0x4e, 0x9b, 0xa0, 0x3c, 0x53, 0x1f, + 0xb7, 0xd1, 0x10, 0x81, 0xa8, 0xdf, 0xdf, 0x8c, 0x7f, 0xf3, 0x11, 0x13, + 0x01, 0x02, 0x3d, 0x3b, 0x7d, 0x14, 0x2c, 0x31, 0xb3, 0x60, 0x72, 0x4d, + 0xe5, 0x1a, 0xb2, 0xa3, 0x61, 0x77, 0x73, 0x03, 0x40, 0x0e, 0x5f, 0xc5, + 0x61, 0x38, 0x43, 0x56, 0x21, 0x4a, 0x95, 0xd5, 0x35, 0xa8, 0x0d, 0x00, + 0x0d, 0x00, 0x2a, 0x00, 0x28, 0x06, 0x03, 0x05, 0x03, 0x04, 0x03, 0x02, + 0x03, 0xfe, 0x0b, 0xfe, 0x0e, 0xfe, 0xa0, 0xfe, 0xa3, 0xfe, 0xa5, 0x08, + 0x06, 0x08, 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, 0x09, 0x06, + 0x01, 0x05, 0x01, 0x04, 0x01, 0x03, 0x01, 0x02, 0x01, 0x00, 0x0a, 0x00, + 0x18, 0x00, 0x16, 0x00, 0x19, 0x00, 0x18, 0x00, 0x17, 0x00, 0x15, 0x01, + 0x00, 0x02, 0x3a, 0x02, 0x3c, 0x02, 0x3d, 0x2f, 0x3a, 0x2f, 0x3c, 0x2f, + 0x3d, 0x00, 0x16, 0x00, 0x00, 0x00, 0x33, 0x00, 0x02, 0x00, 0x00 + }; + DtlsRecordLayerHeader* dtlsRH; + byte sequence_number[8]; + + XMEMSET(&sequence_number, 0, sizeof(sequence_number)); + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, NULL, &ctx_s, NULL, &ssl_s, + NULL, wolfDTLSv1_3_server_method), 0); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, + (const char *)ch_empty_keyshare_with_cookie, + sizeof(ch_empty_keyshare_with_cookie)), 0); + + /* CH1 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Expect an alert. A plaintext alert should be exactly 15 bytes. */ + ExpectIntEQ(test_ctx.c_len, 15); + dtlsRH = (DtlsRecordLayerHeader*)test_ctx.c_buff; + ExpectIntEQ(dtlsRH->type, alert); + ExpectIntEQ(dtlsRH->pvMajor, DTLS_MAJOR); + ExpectIntEQ(dtlsRH->pvMinor, DTLSv1_2_MINOR); + sequence_number[7] = 1; + ExpectIntEQ(XMEMCMP(sequence_number, dtlsRH->sequence_number, + sizeof(sequence_number)), 0); + ExpectIntEQ(dtlsRH->length[0], 0); + ExpectIntEQ(dtlsRH->length[1], 2); + ExpectIntEQ(test_ctx.c_buff[13], alert_fatal); + ExpectIntEQ(test_ctx.c_buff[14], illegal_parameter); + + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +static int test_dtls_old_seq_number(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \ + !defined(WOLFSSL_NO_TLS12) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0); + + /* CH1 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* HVR */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* CH2 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Server first flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Client second flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Modify the sequence number */ + { + DtlsRecordLayerHeader* dtlsRH = (DtlsRecordLayerHeader*)test_ctx.s_buff; + XMEMSET(dtlsRH->sequence_number, 0, sizeof(dtlsRH->sequence_number)); + } + /* Server second flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Server should not do anything as a pkt was dropped */ + ExpectIntEQ(test_ctx.c_len, 0); + ExpectIntEQ(test_ctx.s_len, 0); + /* Trigger rtx */ + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS); + + /* Complete connection */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +static int test_dtls12_missing_finished(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \ + !defined(WOLFSSL_NO_TLS12) + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + const char test_str[] = "test string"; + char test_buf[sizeof(test_str)]; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0); + + /* CH1 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* HVR */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* CH2 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Server first flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Client second flight with finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Server second flight with finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1); + /* Let's clear the output */ + test_memio_clear_buffer(&test_ctx, 1); + /* Let's send some app data */ + ExpectIntEQ(wolfSSL_write(ssl_s, test_str, sizeof(test_str)), + sizeof(test_str)); + /* Client should not error out on a missing finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Server rtx second flight with finished */ + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1); + /* Client process rest of handshake */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1); + + /* Let's send some app data */ + ExpectIntEQ(wolfSSL_write(ssl_s, test_str, sizeof(test_str)), + sizeof(test_str)); + ExpectIntEQ(wolfSSL_read(ssl_c, test_buf, sizeof(test_buf)), + sizeof(test_str)); + ExpectBufEQ(test_buf, test_str, sizeof(test_str)); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +static int test_dtls13_missing_finished_client(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + const char test_str[] = "test string"; + char test_buf[sizeof(test_str)]; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0); + + /* CH1 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* HRR */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* CH2 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Server first flight with finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Let's clear the output */ + test_memio_clear_buffer(&test_ctx, 1); + /* Let's send some app data */ + ExpectIntEQ(wolfSSL_write(ssl_s, test_str, sizeof(test_str)), + sizeof(test_str)); + /* Client second flight with finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Server should not error out on a missing finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Client rtx second flight with finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Server */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1); + /* Client */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1); + /* Let's send some app data */ + ExpectIntEQ(wolfSSL_write(ssl_s, test_str, sizeof(test_str)), + sizeof(test_str)); + ExpectIntEQ(wolfSSL_read(ssl_c, test_buf, sizeof(test_buf)), + sizeof(test_str)); + ExpectBufEQ(test_buf, test_str, sizeof(test_str)); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +static int test_dtls13_missing_finished_server(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + const char test_str[] = "test string"; + char test_buf[sizeof(test_str)]; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0); + + /* CH1 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* HRR */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* CH2 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Server first flight with finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Client second flight with finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Let's clear the output */ + test_memio_clear_buffer(&test_ctx, 0); + ExpectFalse(wolfSSL_is_init_finished(ssl_c)); + /* Let's send some app data */ + ExpectIntEQ(wolfSSL_write(ssl_c, test_str, sizeof(test_str)), + sizeof(test_str)); + /* Server should not error out on a missing finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Client rtx second flight with finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* Server first flight with finished */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1); + /* Let's send some app data */ + ExpectIntEQ(wolfSSL_write(ssl_c, test_str, sizeof(test_str)), + sizeof(test_str)); + ExpectIntEQ(wolfSSL_read(ssl_s, test_buf, sizeof(test_buf)), + sizeof(test_str)); + ExpectBufEQ(test_buf, test_str, sizeof(test_str)); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + + +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST +static int test_self_signed_stapling_client_v1_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), 1); + ExpectIntEQ(wolfSSL_CTX_UseOCSPStapling(ctx, WOLFSSL_CSR_OCSP, + WOLFSSL_CSR_OCSP_USE_NONCE), 1); + return EXPECT_RESULT(); +} +#endif + +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 +static int test_self_signed_stapling_client_v2_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), 1); + ExpectIntEQ(wolfSSL_CTX_UseOCSPStaplingV2(ctx, WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE), 1); + return EXPECT_RESULT(); +} + +static int test_self_signed_stapling_client_v2_multi_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), 1); + ExpectIntEQ(wolfSSL_CTX_UseOCSPStaplingV2(ctx, WOLFSSL_CSR2_OCSP_MULTI, + 0), 1); + return EXPECT_RESULT(); +} +#endif + +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) +static int test_self_signed_stapling_server_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx), 1); + return EXPECT_RESULT(); +} +#endif + +static int test_self_signed_stapling(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST) \ + || defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + test_ssl_cbf client_cbf; + test_ssl_cbf server_cbf; + size_t i; + struct { + method_provider client_meth; + method_provider server_meth; + ctx_cb client_ctx; + const char* tls_version; + } params[] = { +#if defined(WOLFSSL_TLS13) && defined(HAVE_CERTIFICATE_STATUS_REQUEST) + { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + test_self_signed_stapling_client_v1_ctx_ready, "TLSv1_3 v1" }, +#endif +#ifndef WOLFSSL_NO_TLS12 +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST + { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, + test_self_signed_stapling_client_v1_ctx_ready, "TLSv1_2 v1" }, +#endif +#ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, + test_self_signed_stapling_client_v2_ctx_ready, "TLSv1_2 v2" }, + { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, + test_self_signed_stapling_client_v2_multi_ctx_ready, + "TLSv1_2 v2 multi" }, +#endif +#endif + }; + + for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) { + XMEMSET(&client_cbf, 0, sizeof(client_cbf)); + XMEMSET(&server_cbf, 0, sizeof(server_cbf)); + + printf("\nTesting self-signed cert with status request: %s\n", + params[i].tls_version); + + client_cbf.method = params[i].client_meth; + client_cbf.ctx_ready = params[i].client_ctx; + + server_cbf.method = params[i].server_meth; + server_cbf.certPemFile = "certs/ca-cert.pem"; + server_cbf.keyPemFile = "certs/ca-key.pem"; + server_cbf.ctx_ready = test_self_signed_stapling_server_ctx_ready; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, + &server_cbf, NULL), TEST_SUCCESS); + } +#endif + return EXPECT_RESULT(); +} + +static int test_tls_multi_handshakes_one_record(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_NO_TLS12) && !defined(NO_SHA256) + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + RecordLayerHeader* rh = NULL; + byte *len ; + int newRecIdx; + int idx; + byte buff[64 * 1024]; + word16 recLen; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLS_client_method, wolfTLSv1_2_server_method), 0); + + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_accept(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + + XMEMSET(buff, 0, sizeof(buff)); + rh = (RecordLayerHeader*)(test_ctx.c_buff); + len = &rh->length[0]; + ato16((const byte*)len, &recLen); + XMEMCPY(buff, test_ctx.c_buff, RECORD_HEADER_SZ + recLen); + newRecIdx = idx = RECORD_HEADER_SZ + recLen; + /* Combine server handshake msgs into one record */ + while (idx < test_ctx.c_len) { + + rh = (RecordLayerHeader*)(test_ctx.c_buff + idx); + len = &rh->length[0]; + + ato16((const byte*)len, &recLen); + idx += RECORD_HEADER_SZ; + + XMEMCPY(buff + newRecIdx, test_ctx.c_buff + idx, + (size_t)recLen); + + newRecIdx += recLen; + idx += recLen; + } + rh = (RecordLayerHeader*)(buff); + len = &rh->length[0]; + c16toa((word16)newRecIdx - RECORD_HEADER_SZ, len); + test_memio_clear_buffer(&test_ctx, 1); + test_memio_inject_message(&test_ctx, 1, (const char*)buff, newRecIdx); + + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + + +static int test_write_dup(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(HAVE_WRITE_DUP) + size_t i, j; + char hiWorld[] = "dup message"; + char readData[sizeof(hiWorld) + 5]; + struct { + method_provider client_meth; + method_provider server_meth; + const char* version_name; + int version; + } methods[] = { +#ifndef WOLFSSL_NO_TLS12 + {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLS 1.2", WOLFSSL_TLSV1_2}, +#endif +#ifdef WOLFSSL_TLS13 + {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLS 1.3", WOLFSSL_TLSV1_3}, +#endif + }; + struct { + const char* cipher; + int version; + } ciphers[] = { +/* For simplicity the macros are copied from internal.h */ +/* TLS 1.2 */ +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(NO_SHA256) + #if defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448) + #ifndef NO_RSA + {"ECDHE-RSA-CHACHA20-POLY1305", WOLFSSL_TLSV1_2}, + #endif + #endif + #if !defined(NO_DH) && !defined(NO_RSA) && !defined(NO_TLS_DH) + {"DHE-RSA-CHACHA20-POLY1305", WOLFSSL_TLSV1_2}, + #endif +#endif +#if !defined(NO_DH) && !defined(NO_AES) && !defined(NO_TLS) && \ + !defined(NO_RSA) && defined(HAVE_AESGCM) && !defined(NO_TLS_DH) + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) + {"DHE-RSA-AES128-GCM-SHA256", WOLFSSL_TLSV1_2}, + #endif + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + {"DHE-RSA-AES256-GCM-SHA384", WOLFSSL_TLSV1_2}, + #endif +#endif +#if (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) \ + && !defined(NO_TLS) && !defined(NO_AES) + #ifdef HAVE_AESGCM + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) + #ifndef NO_RSA + {"ECDHE-RSA-AES128-GCM-SHA256", WOLFSSL_TLSV1_2}, + #endif + #endif + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + #ifndef NO_RSA + {"ECDHE-RSA-AES256-GCM-SHA384", WOLFSSL_TLSV1_2}, + #endif + #endif + #endif +#endif +/* TLS 1.3 */ +#ifdef WOLFSSL_TLS13 + #ifdef HAVE_AESGCM + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) + {"TLS13-AES128-GCM-SHA256", WOLFSSL_TLSV1_3}, + #endif + #if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + {"TLS13-AES256-GCM-SHA384", WOLFSSL_TLSV1_3}, + #endif + #endif + #if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + #ifndef NO_SHA256 + {"TLS13-CHACHA20-POLY1305-SHA256", WOLFSSL_TLSV1_3}, + #endif + #endif + #ifdef HAVE_AESCCM + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_128) + {"TLS13-AES128-CCM-SHA256", WOLFSSL_TLSV1_3}, + #endif + #endif +#endif + }; + + for (i = 0; i < XELEM_CNT(methods); i++) { + for (j = 0; j < XELEM_CNT(ciphers) && !EXPECT_FAIL(); j++) { + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + WOLFSSL *ssl_c2 = NULL; + + if (methods[i].version != ciphers[j].version) + continue; + + if (i == 0 && j == 0) + printf("\n"); + + printf("Testing %s with %s... ", methods[i].version_name, + ciphers[j].cipher); + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + test_ctx.c_ciphers = test_ctx.s_ciphers = ciphers[j].cipher; + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + methods[i].client_meth, methods[i].server_meth), 0); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + ExpectNotNull(ssl_c2 = wolfSSL_write_dup(ssl_c)); + ExpectIntEQ(wolfSSL_write(ssl_c, hiWorld, sizeof(hiWorld)), + WC_NO_ERR_TRACE(WRITE_DUP_WRITE_E)); + ExpectIntEQ(wolfSSL_write(ssl_c2, hiWorld, sizeof(hiWorld)), + sizeof(hiWorld)); + + ExpectIntEQ(wolfSSL_read(ssl_s, readData, sizeof(readData)), + sizeof(hiWorld)); + ExpectIntEQ(wolfSSL_write(ssl_s, hiWorld, sizeof(hiWorld)), + sizeof(hiWorld)); + + ExpectIntEQ(wolfSSL_read(ssl_c2, readData, sizeof(readData)), + WC_NO_ERR_TRACE(WRITE_DUP_READ_E)); + ExpectIntEQ(wolfSSL_read(ssl_c, readData, sizeof(readData)), + sizeof(hiWorld)); + + if (EXPECT_SUCCESS()) + printf("ok\n"); + else + printf("failed\n"); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_c2); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + } + } +#endif + return EXPECT_RESULT(); +} + +static int test_read_write_hs(void) +{ + + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_NO_TLS12) && !defined(NO_SHA256) + WOLFSSL_CTX *ctx_s = NULL, *ctx_c = NULL; + WOLFSSL *ssl_s = NULL, *ssl_c = NULL; + struct test_memio_ctx test_ctx; + byte test_buffer[16]; + unsigned int test; + + /* test == 0 : client writes, server reads */ + /* test == 1 : server writes, client reads */ + for (test = 0; test < 2; test++) { + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, + wolfTLSv1_2_server_method), 0); + ExpectIntEQ(wolfSSL_set_group_messages(ssl_s), WOLFSSL_SUCCESS); + /* CH -> */ + if (test == 0) { + ExpectIntEQ(wolfSSL_write(ssl_c, "hello", 5), -1); + } else { + ExpectIntEQ(wolfSSL_read(ssl_c, test_buffer, + sizeof(test_buffer)), -1); + } + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + /* <- SH + SKE + SHD */ + if (test == 0) { + ExpectIntEQ(wolfSSL_read(ssl_s, test_buffer, + sizeof(test_buffer)), -1); + } else { + ExpectIntEQ(wolfSSL_write(ssl_s, "hello", 5), -1); + } + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + + /* -> CKE + CLIENT FINISHED */ + if (test == 0) { + ExpectIntEQ(wolfSSL_write(ssl_c, "hello", 5), -1); + } else { + ExpectIntEQ(wolfSSL_read(ssl_c, test_buffer, + sizeof(test_buffer)), -1); + } + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + /* abide clang static analyzer */ + if (ssl_s != NULL) { + /* disable group message to separate sending of ChangeCipherspec + * from Finished */ + ssl_s->options.groupMessages = 0; + } + /* allow writing of CS, but not FINISHED */ + test_ctx.c_len = TEST_MEMIO_BUF_SZ - 6; + + /* <- CS */ + if (test == 0) { + ExpectIntEQ(wolfSSL_read(ssl_s, test_buffer, + sizeof(test_buffer)), -1); + } else { + ExpectIntEQ(wolfSSL_write(ssl_s, "hello", 5), -1); + } + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_WRITE); + + /* move CS message where the client can read it */ + memmove(test_ctx.c_buff, + (test_ctx.c_buff + TEST_MEMIO_BUF_SZ - 6), 6); + test_ctx.c_len = 6; + /* read CS */ + if (test == 0) { + ExpectIntEQ(wolfSSL_write(ssl_c, "hello", 5), -1); + } else { + ExpectIntEQ(wolfSSL_read(ssl_c, test_buffer, + sizeof(test_buffer)), -1); + } + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_ctx.c_len, 0); + + if (test == 0) { + /* send SERVER FINISHED */ + ExpectIntEQ(wolfSSL_read(ssl_s, test_buffer, + sizeof(test_buffer)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), + WOLFSSL_ERROR_WANT_READ); + } else { + /* send SERVER FINISHED + App Data */ + ExpectIntEQ(wolfSSL_write(ssl_s, "hello", 5), 5); + } + + ExpectIntGT(test_ctx.c_len, 0); + + /* Send and receive the data */ + if (test == 0) { + ExpectIntEQ(wolfSSL_write(ssl_c, "hello", 5), 5); + ExpectIntEQ(wolfSSL_read(ssl_s, test_buffer, + sizeof(test_buffer)), 5); + } else { + ExpectIntEQ(wolfSSL_read(ssl_c, test_buffer, + sizeof(test_buffer)), 5); + } + + ExpectBufEQ(test_buffer, "hello", 5); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; + } + +#endif + return EXPECT_RESULT(); +} + +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(OPENSSL_EXTRA) +static const char* test_get_signature_nid_siglag; +static int test_get_signature_nid_sig; +static int test_get_signature_nid_hash; + +static int test_get_signature_nid_ssl_ready(WOLFSSL* ssl) +{ + EXPECT_DECLS; + ExpectIntEQ(wolfSSL_set_cipher_list(ssl, "ALL"), WOLFSSL_SUCCESS); + if (!wolfSSL_is_server(ssl)) { + ExpectIntEQ(wolfSSL_set1_sigalgs_list(ssl, + test_get_signature_nid_siglag), WOLFSSL_SUCCESS); + } + return EXPECT_RESULT(); +} + +static int test_get_signature_nid_on_hs_client(WOLFSSL_CTX **ctx, WOLFSSL **ssl) +{ + EXPECT_DECLS; + int nid = 0; + (void)ctx; + if (XSTRSTR(wolfSSL_get_cipher(*ssl), "TLS_RSA_") == NULL) { + ExpectIntEQ(SSL_get_peer_signature_type_nid(*ssl, &nid), WOLFSSL_SUCCESS); + ExpectIntEQ(nid, test_get_signature_nid_sig); + ExpectIntEQ(SSL_get_peer_signature_nid(*ssl, &nid), WOLFSSL_SUCCESS); + ExpectIntEQ(nid, test_get_signature_nid_hash); + } + else /* No sigalg info on static ciphersuite */ + return TEST_SUCCESS; + return EXPECT_RESULT(); +} + +static int test_get_signature_nid_on_hs_server(WOLFSSL_CTX **ctx, WOLFSSL **ssl) +{ + EXPECT_DECLS; + int nid = 0; + (void)ctx; + ExpectIntEQ(SSL_get_signature_type_nid(*ssl, &nid), WOLFSSL_SUCCESS); + ExpectIntEQ(nid, test_get_signature_nid_sig); + ExpectIntEQ(SSL_get_signature_nid(*ssl, &nid), WOLFSSL_SUCCESS); + ExpectIntEQ(nid, test_get_signature_nid_hash); + return EXPECT_RESULT(); +} +#endif + +static int test_get_signature_nid(void) +{ + EXPECT_DECLS; +#if defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && defined(OPENSSL_EXTRA) + test_ssl_cbf client_cbf; + test_ssl_cbf server_cbf; + size_t i; +#define TGSN_TLS12_RSA(sigalg, sig_nid, hash_nid) \ + { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_2, svrCertFile, svrKeyFile, \ + caCertFile } +#define TGSN_TLS12_ECDSA(sigalg, sig_nid, hash_nid) \ + { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_2, eccCertFile, eccKeyFile, \ + caEccCertFile } +#define TGSN_TLS13_RSA(sigalg, sig_nid, hash_nid) \ + { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_3, svrCertFile, svrKeyFile, \ + caCertFile } +#define TGSN_TLS13_ECDSA(sigalg, sig_nid, hash_nid) \ + { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_3, eccCertFile, eccKeyFile, \ + caEccCertFile } +#define TGSN_TLS13_ED25519(sigalg, sig_nid, hash_nid) \ + { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_3, edCertFile, edKeyFile, \ + caEdCertFile } +#define TGSN_TLS13_ED448(sigalg, sig_nid, hash_nid) \ + { sigalg, sig_nid, hash_nid, WOLFSSL_TLSV1_3, ed448CertFile, ed448KeyFile, \ + caEd448CertFile } + struct { + const char* siglag; + int sig_nid; + int hash_nid; + int tls_ver; + const char* server_cert; + const char* server_key; + const char* client_ca; + } params[] = { +#ifndef NO_RSA + #ifndef NO_SHA256 + TGSN_TLS12_RSA("RSA+SHA256", NID_rsaEncryption, NID_sha256), + #ifdef WC_RSA_PSS + TGSN_TLS12_RSA("RSA-PSS+SHA256", NID_rsassaPss, NID_sha256), + TGSN_TLS13_RSA("RSA-PSS+SHA256", NID_rsassaPss, NID_sha256), + #endif + #endif + #ifdef WOLFSSL_SHA512 + TGSN_TLS12_RSA("RSA+SHA512", NID_rsaEncryption, NID_sha512), + #ifdef WC_RSA_PSS + TGSN_TLS12_RSA("RSA-PSS+SHA512", NID_rsassaPss, NID_sha512), + TGSN_TLS13_RSA("RSA-PSS+SHA512", NID_rsassaPss, NID_sha512), + #endif + #endif +#endif +#ifdef HAVE_ECC + #ifndef NO_SHA256 + TGSN_TLS12_ECDSA("ECDSA+SHA256", NID_X9_62_id_ecPublicKey, NID_sha256), + TGSN_TLS13_ECDSA("ECDSA+SHA256", NID_X9_62_id_ecPublicKey, NID_sha256), + #endif +#endif +#ifdef HAVE_ED25519 + TGSN_TLS13_ED25519("ED25519", NID_ED25519, NID_sha512), +#endif +#ifdef HAVE_ED448 + TGSN_TLS13_ED448("ED448", NID_ED448, NID_sha512), +#endif + }; + /* These correspond to WOLFSSL_SSLV3...WOLFSSL_DTLSV1_3 */ + const char* tls_desc[] = { + "SSLv3", "TLSv1.0", "TLSv1.1", "TLSv1.2", "TLSv1.3", + "DTLSv1.0", "DTLSv1.2", "DTLSv1.3" + }; + + printf("\n"); + + for (i = 0; i < XELEM_CNT(params) && !EXPECT_FAIL(); i++) { + + XMEMSET(&client_cbf, 0, sizeof(client_cbf)); + XMEMSET(&server_cbf, 0, sizeof(server_cbf)); + + printf("Testing %s with %s...", tls_desc[params[i].tls_ver], + params[i].siglag); + + switch (params[i].tls_ver) { +#ifndef WOLFSSL_NO_TLS12 + case WOLFSSL_TLSV1_2: + client_cbf.method = wolfTLSv1_2_client_method; + server_cbf.method = wolfTLSv1_2_server_method; + break; +#endif +#ifdef WOLFSSL_TLS13 + case WOLFSSL_TLSV1_3: + client_cbf.method = wolfTLSv1_3_client_method; + server_cbf.method = wolfTLSv1_3_server_method; + break; +#endif + default: + printf("skipping\n"); + continue; + } + + test_get_signature_nid_siglag = params[i].siglag; + test_get_signature_nid_sig = params[i].sig_nid; + test_get_signature_nid_hash = params[i].hash_nid; + + client_cbf.ssl_ready = test_get_signature_nid_ssl_ready; + server_cbf.ssl_ready = test_get_signature_nid_ssl_ready; + + client_cbf.on_handshake = test_get_signature_nid_on_hs_client; + server_cbf.on_handshake = test_get_signature_nid_on_hs_server; + + server_cbf.certPemFile = params[i].server_cert; + server_cbf.keyPemFile = params[i].server_key; + + client_cbf.caPemFile = params[i].client_ca; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, + &server_cbf, NULL), TEST_SUCCESS); + if (EXPECT_SUCCESS()) + printf("passed\n"); + } + +#endif + return EXPECT_RESULT(); +} + +#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION +#if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(NO_SHA256) +static word32 test_tls_cert_store_unchanged_HashCaTable(Signer** caTable) +{ +#ifndef NO_MD5 + enum wc_HashType hashType = WC_HASH_TYPE_MD5; +#elif !defined(NO_SHA) + enum wc_HashType hashType = WC_HASH_TYPE_SHA; +#elif !defined(NO_SHA256) + enum wc_HashType hashType = WC_HASH_TYPE_SHA256; +#else + #error "We need a digest to hash the Signer object" +#endif + byte hashBuf[WC_MAX_DIGEST_SIZE]; + wc_HashAlg hash; + size_t i; + + AssertIntEQ(wc_HashInit(&hash, hashType), 0); + for (i = 0; i < CA_TABLE_SIZE; i++) { + Signer* cur; + for (cur = caTable[i]; cur != NULL; cur = cur->next) + AssertIntEQ(wc_HashUpdate(&hash, hashType, (byte*)cur, + sizeof(*cur)), 0); + } + AssertIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0); + AssertIntEQ(wc_HashFree(&hash, hashType), 0); + + return MakeWordFromHash(hashBuf); +} + +static word32 test_tls_cert_store_unchanged_before_hashes[2]; +static size_t test_tls_cert_store_unchanged_before_hashes_idx; +static word32 test_tls_cert_store_unchanged_after_hashes[2]; +static size_t test_tls_cert_store_unchanged_after_hashes_idx; + +static int test_tls_cert_store_unchanged_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + + ExpectIntNE(test_tls_cert_store_unchanged_before_hashes + [test_tls_cert_store_unchanged_before_hashes_idx++] = + test_tls_cert_store_unchanged_HashCaTable(ctx->cm->caTable), 0); + + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_PEER | + WOLFSSL_VERIFY_FAIL_IF_NO_PEER_CERT, 0); + + return EXPECT_RESULT(); +} + +static int test_tls_cert_store_unchanged_ctx_cleanup(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + ExpectIntEQ(wolfSSL_CTX_UnloadIntermediateCerts(ctx), WOLFSSL_SUCCESS); + ExpectIntNE(test_tls_cert_store_unchanged_after_hashes + [test_tls_cert_store_unchanged_after_hashes_idx++] = + test_tls_cert_store_unchanged_HashCaTable(ctx->cm->caTable), 0); + + return EXPECT_RESULT(); +} + +static int test_tls_cert_store_unchanged_on_hs(WOLFSSL_CTX **ctx, WOLFSSL **ssl) +{ + EXPECT_DECLS; + WOLFSSL_CERT_MANAGER* cm; + + (void)ssl; + /* WARNING: this approach bypasses the reference counter check in + * wolfSSL_CTX_UnloadIntermediateCerts. It is not recommended as it may + * cause unexpected behaviour when other active connections try accessing + * the caTable. */ + ExpectNotNull(cm = wolfSSL_CTX_GetCertManager(*ctx)); + ExpectIntEQ(wolfSSL_CertManagerUnloadIntermediateCerts(cm), + WOLFSSL_SUCCESS); + ExpectIntNE(test_tls_cert_store_unchanged_after_hashes + [test_tls_cert_store_unchanged_after_hashes_idx++] = + test_tls_cert_store_unchanged_HashCaTable((*ctx)->cm->caTable), 0); + + return EXPECT_RESULT(); +} + +static int test_tls_cert_store_unchanged_ssl_ready(WOLFSSL* ssl) +{ + EXPECT_DECLS; + WOLFSSL_CTX* ctx; + + ExpectNotNull(ctx = wolfSSL_get_SSL_CTX(ssl)); + + return EXPECT_RESULT(); +} +#endif + +static int test_tls_cert_store_unchanged(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(NO_SHA256) + test_ssl_cbf client_cbf; + test_ssl_cbf server_cbf; + int i; + + for (i = 0; i < 2; i++) { + XMEMSET(&client_cbf, 0, sizeof(client_cbf)); + XMEMSET(&server_cbf, 0, sizeof(server_cbf)); + + test_tls_cert_store_unchanged_before_hashes_idx = 0; + XMEMSET(test_tls_cert_store_unchanged_before_hashes, 0, + sizeof(test_tls_cert_store_unchanged_before_hashes)); + test_tls_cert_store_unchanged_after_hashes_idx = 0; + XMEMSET(test_tls_cert_store_unchanged_after_hashes, 0, + sizeof(test_tls_cert_store_unchanged_after_hashes)); + + client_cbf.ctx_ready = test_tls_cert_store_unchanged_ctx_ready; + server_cbf.ctx_ready = test_tls_cert_store_unchanged_ctx_ready; + + client_cbf.ssl_ready = test_tls_cert_store_unchanged_ssl_ready; + server_cbf.ssl_ready = test_tls_cert_store_unchanged_ssl_ready; + + switch (i) { + case 0: + client_cbf.on_ctx_cleanup = + test_tls_cert_store_unchanged_ctx_cleanup; + server_cbf.on_ctx_cleanup = + test_tls_cert_store_unchanged_ctx_cleanup; + break; + case 1: + client_cbf.on_handshake = test_tls_cert_store_unchanged_on_hs; + server_cbf.on_handshake = test_tls_cert_store_unchanged_on_hs; + break; + default: + Fail(("Should not enter here"), ("Entered here")); + } + +#ifdef WOLFSSL_PEM_TO_DER + client_cbf.certPemFile = "certs/intermediate/client-chain.pem"; + server_cbf.certPemFile = "certs/intermediate/server-chain.pem"; +#else + client_cbf.certPemFile = "certs/intermediate/client-chain.der"; + server_cbf.certPemFile = "certs/intermediate/server-chain.der"; +#endif + + server_cbf.caPemFile = caCertFile; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, + &server_cbf, NULL), TEST_SUCCESS); + + ExpectBufEQ(test_tls_cert_store_unchanged_before_hashes, + test_tls_cert_store_unchanged_after_hashes, + sizeof(test_tls_cert_store_unchanged_after_hashes)); + } +#endif + return EXPECT_RESULT(); +} +#endif /* !WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION */ + +static int test_wolfSSL_SendUserCanceled(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) + size_t i; + struct { + method_provider client_meth; + method_provider server_meth; + const char* tls_version; + } params[] = { +#if defined(WOLFSSL_TLS13) +/* With WOLFSSL_TLS13_MIDDLEBOX_COMPAT a short ID will result in an error */ + { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLSv1_3" }, +#ifdef WOLFSSL_DTLS13 + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLSv1_3" }, +#endif +#endif +#ifndef WOLFSSL_NO_TLS12 + { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2" }, +#ifdef WOLFSSL_DTLS + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2" }, +#endif +#endif +#if !defined(NO_OLD_TLS) + { wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLSv1_1" }, +#ifdef WOLFSSL_DTLS + { wolfDTLSv1_client_method, wolfDTLSv1_server_method, "DTLSv1_0" }, +#endif +#endif + }; + + for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) { + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + WOLFSSL_ALERT_HISTORY h; + + printf("Testing %s\n", params[i].tls_version); + + XMEMSET(&h, 0, sizeof(h)); + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + params[i].client_meth, params[i].server_meth), 0); + + /* CH1 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + ExpectIntEQ(wolfSSL_SendUserCanceled(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE); + + /* Alert closed connection */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_ZERO_RETURN); + + /* Last alert will be close notify because user_canceled should be + * followed by a close_notify */ + ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS); + ExpectIntEQ(h.last_rx.code, close_notify); + ExpectIntEQ(h.last_rx.level, alert_warning); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + } +#endif + return EXPECT_RESULT(); +} +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(HAVE_OCSP) && \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ + !defined(WOLFSSL_NO_TLS12) +static int test_ocsp_callback_fails_cb(void* ctx, const char* url, int urlSz, + byte* ocspReqBuf, int ocspReqSz, byte** ocspRespBuf) +{ + (void)ctx; + (void)url; + (void)urlSz; + (void)ocspReqBuf; + (void)ocspReqSz; + (void)ocspRespBuf; + return WOLFSSL_CBIO_ERR_GENERAL; +} +static int test_ocsp_callback_fails(void) +{ + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + EXPECT_DECLS; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(ctx_s), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_UseOCSPStapling(ssl_c, WOLFSSL_CSR_OCSP,0), WOLFSSL_SUCCESS); + /* override URL to avoid exing from SendCertificateStatus because of no AuthInfo on the certificate */ + ExpectIntEQ(wolfSSL_CTX_SetOCSP_OverrideURL(ctx_s, "http://dummy.test"), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSP(ctx_s, WOLFSSL_OCSP_NO_NONCE | WOLFSSL_OCSP_URL_OVERRIDE), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_s, caCertFile, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_SetOCSP_Cb(ssl_s, test_ocsp_callback_fails_cb, NULL, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WC_NO_ERR_TRACE(OCSP_INVALID_STATUS)); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + + return EXPECT_RESULT(); +} +#else +static int test_ocsp_callback_fails(void) +{ + return TEST_SKIPPED; +} +#endif /* defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(HAVE_OCSP) && \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST) */ + +#ifdef HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES +static int test_wolfSSL_SSLDisableRead_recv(WOLFSSL *ssl, char *buf, int sz, + void *ctx) +{ + (void)ssl; + (void)buf; + (void)sz; + (void)ctx; + return WOLFSSL_CBIO_ERR_GENERAL; +} + +static int test_wolfSSL_SSLDisableRead(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL *ssl_c = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL, + wolfTLS_client_method, NULL), 0); + wolfSSL_SSLSetIORecv(ssl_c, test_wolfSSL_SSLDisableRead_recv); + wolfSSL_SSLDisableRead(ssl_c); + + /* Disabling reading should not even go into the IO layer */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + wolfSSL_SSLEnableRead(ssl_c); + /* By enabling reading we should reach the IO that will return an error */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), SOCKET_ERROR_E); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + return EXPECT_RESULT(); +} +#else +static int test_wolfSSL_SSLDisableRead(void) +{ + EXPECT_DECLS; + return EXPECT_RESULT(); +} +#endif + +static int test_wolfSSL_inject(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_SHA256) + size_t i; + struct { + method_provider client_meth; + method_provider server_meth; + const char* tls_version; + } params[] = { +#if defined(WOLFSSL_TLS13) +/* With WOLFSSL_TLS13_MIDDLEBOX_COMPAT a short ID will result in an error */ + { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLSv1_3" }, +#ifdef WOLFSSL_DTLS13 + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLSv1_3" }, +#endif +#endif +#ifndef WOLFSSL_NO_TLS12 + { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2" }, +#ifdef WOLFSSL_DTLS + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2" }, +#endif +#endif +#if !defined(NO_OLD_TLS) + { wolfTLSv1_1_client_method, wolfTLSv1_1_server_method, "TLSv1_1" }, +#ifdef WOLFSSL_DTLS + { wolfDTLSv1_client_method, wolfDTLSv1_server_method, "DTLSv1_0" }, +#endif +#endif + }; + + for (i = 0; i < XELEM_CNT(params) && !EXPECT_FAIL(); i++) { + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + WOLFSSL_ALERT_HISTORY h; + int rounds; + int hs_c = 0; + int hs_s = 0; + + printf("Testing %s\n", params[i].tls_version); + + XMEMSET(&h, 0, sizeof(h)); + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + params[i].client_meth, params[i].server_meth), 0); + + for (rounds = 0; rounds < 10 && EXPECT_SUCCESS(); rounds++) { + if (!hs_c) { + wolfSSL_SetLoggingPrefix("client"); + if (wolfSSL_negotiate(ssl_c) != 1) { + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), + WOLFSSL_ERROR_WANT_READ); + } + else + hs_c = 1; + } + if (!hs_s) { + wolfSSL_SetLoggingPrefix("server"); + if (test_ctx.s_len > 0) { + ExpectIntEQ(wolfSSL_inject(ssl_s, test_ctx.s_buff, + test_ctx.s_len), 1); + test_memio_clear_buffer(&test_ctx, 0); + } + if (wolfSSL_negotiate(ssl_s) != 1) { + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), + WOLFSSL_ERROR_WANT_READ); + } + else + hs_s = 1; + } + if (!hs_c) { + wolfSSL_SetLoggingPrefix("client"); + if (test_ctx.c_len > 0) { + ExpectIntEQ(wolfSSL_inject(ssl_c, test_ctx.c_buff, + test_ctx.c_len), 1); + test_memio_clear_buffer(&test_ctx, 1); + } + } + wolfSSL_SetLoggingPrefix(NULL); + } + ExpectIntEQ(hs_c, 1); + ExpectIntEQ(hs_s, 1); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + } +#endif + return EXPECT_RESULT(); +} + +/*----------------------------------------------------------------------------* + | Main + *----------------------------------------------------------------------------*/ + +int testAll = 1; +int stopOnFail = 0; + +TEST_CASE testCases[] = { + TEST_DECL(test_fileAccess), + + /********************************* + * wolfcrypt + *********************************/ + + TEST_DECL(test_ForceZero), + + TEST_DECL(test_wolfCrypt_Init), + + TEST_DECL(test_wc_LoadStaticMemory_ex), + TEST_DECL(test_wc_LoadStaticMemory_CTX), + + TEST_DECL(test_wc_FreeCertList), + /* Locking with Compat Mutex */ + TEST_DECL(test_wc_SetMutexCb), + TEST_DECL(test_wc_LockMutex_ex), + + /* Digests */ + /* test_md2.c */ + TEST_MD2_DECLS, + /* test_md4.c */ + TEST_MD4_DECLS, + /* test_md5.c */ + TEST_MD5_DECLS, + /* test_sha.c */ + TEST_SHA_DECLS, + /* test_sha256.c */ + TEST_SHA256_DECLS, + TEST_SHA224_DECLS, + /* test_sha512.c */ + TEST_SHA512_DECLS, + TEST_SHA512_224_DECLS, + TEST_SHA512_256_DECLS, + TEST_SHA384_DECLS, + /* test_sha3.c */ + TEST_SHA3_DECLS, + TEST_SHAKE128_DECLS, + TEST_SHAKE256_DECLS, + /* test_blake.c */ + TEST_BLAKE2B_DECLS, + TEST_BLAKE2S_DECLS, + /* test_sm3.c: SM3 Digest */ + TEST_SM3_DECLS, + /* test_ripemd.c */ + TEST_RIPEMD_DECLS, + /* test_hash.c */ + TEST_HASH_DECLS, + + /* HMAC */ + TEST_HMAC_DECLS, + /* CMAC */ + TEST_CMAC_DECLS, + + /* Cipher */ + /* Triple-DES */ + TEST_DES3_DECLS, + /* Chacha20 */ + TEST_CHACHA_DECLS, + /* Poly1305 */ + TEST_POLY1305_DECLS, + /* Chacha20-Poly1305 */ + TEST_CHACHA20_POLY1305_DECLS, + /* Camellia */ + TEST_CAMELLIA_DECLS, + /* ARC4 */ + TEST_ARC4_DECLS, + /* RC2 */ + TEST_RC2_DECLS, + + /* AES cipher and GMAC. */ + TEST_AES_DECLS, +#if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) + TEST_AES_EAX_DECLS, +#endif /* WOLFSSL_AES_EAX */ + TEST_GMAC_DECLS, + /* Ascon */ + TEST_ASCON_DECLS, + /* SM4 cipher */ + TEST_SM4_DECLS, + /* wc_encrypt API */ + TEST_WC_ENCRYPT_DECLS, + + /* RNG tests */ + TEST_RANDOM_DECLS, + + /* Public key */ + /* wolfmath MP API tests */ + TEST_WOLFMATH_DECLS, + /* RSA */ + TEST_RSA_DECLS, + /* DSA */ + TEST_DSA_DECLS, + /* DH */ + TEST_DH_DECLS, + /* wolfCrypt ECC tests */ + TEST_ECC_DECLS, + /* SM2 elliptic curve */ + TEST_SM2_DECLS, + /* Curve25519 */ + TEST_CURVE25519_DECLS, + /* ED25519 */ + TEST_ED25519_DECLS, + /* Curve448 */ + TEST_CURVE448_DECLS, + /* Ed448 */ + TEST_ED448_DECLS, + /* Kyber */ + TEST_MLKEM_DECLS, + /* Dilithium */ + TEST_MLDSA_DECLS, + /* Signature API */ + TEST_SIGNATURE_DECLS, + /* x509 */ + TEST_X509_DECLS, + + /* ASN */ + TEST_ASN_DECLS, + + /* PEM and DER APIs. */ + TEST_DECL(test_wc_PemToDer), + TEST_DECL(test_wc_AllocDer), + TEST_DECL(test_wc_CertPemToDer), + TEST_DECL(test_wc_KeyPemToDer), + TEST_DECL(test_wc_PubKeyPemToDer), + TEST_DECL(test_wc_PemPubKeyToDer), + TEST_DECL(test_wc_GetPubKeyDerFromCert), + TEST_DECL(test_wc_GetSubjectPubKeyInfoDerFromCert), + TEST_DECL(test_wc_CheckCertSigPubKey), + + /* wolfCrypt ASN tests */ + TEST_DECL(test_ToTraditional), + TEST_DECL(test_wc_CreateEncryptedPKCS8Key), + TEST_DECL(test_wc_DecryptedPKCS8Key), + TEST_DECL(test_wc_GetPkcs8TraditionalOffset), + + /* Certificate */ + TEST_DECL(test_wc_SetSubjectRaw), + TEST_DECL(test_wc_GetSubjectRaw), + TEST_DECL(test_wc_SetIssuerRaw), + TEST_DECL(test_wc_SetIssueBuffer), + TEST_DECL(test_wc_SetSubjectKeyId), + TEST_DECL(test_wc_SetSubject), + TEST_DECL(test_CheckCertSignature), + TEST_DECL(test_wc_ParseCert), + TEST_DECL(test_wc_ParseCert_Error), + TEST_DECL(test_MakeCertWithPathLen), + TEST_DECL(test_MakeCertWith0Ser), + TEST_DECL(test_MakeCertWithCaFalse), + TEST_DECL(test_wc_SetKeyUsage), + TEST_DECL(test_wc_SetAuthKeyIdFromPublicKey_ex), + TEST_DECL(test_wc_SetSubjectBuffer), + TEST_DECL(test_wc_SetSubjectKeyIdFromPublicKey_ex), + + /* wolfcrypt PKCS#7 */ + TEST_PKCS7_DECLS, + TEST_PKCS7_SIGNED_DATA_DECLS, + TEST_PKCS7_ENCRYPTED_DATA_DECLS, + TEST_PKCS7_SIGNED_ENCRYPTED_DATA_DECLS, + TEST_PKCS7_COMPRESSED_DATA_DECLS, + + /* wolfCrypt PKCS#12 */ + TEST_PKCS12_DECLS, + + /* + * test_wolfCrypt_Cleanup needs to come after the above wolfCrypt tests to + * avoid memory leaks. + */ + TEST_DECL(test_wolfCrypt_Cleanup), + + TEST_DECL(test_wolfSSL_Init), + + TEST_DECL(test_dual_alg_support), + TEST_DECL(test_dual_alg_crit_ext_support), + + TEST_DECL(test_dual_alg_ecdsa_mldsa), + + /********************************* + * OpenSSL compatibility API tests + *********************************/ + + /* If at some point a stub get implemented this test should fail indicating + * a need to implement a new test case + */ + TEST_DECL(test_stubs_are_stubs), + + /* ASN.1 compatibility API tests */ + TEST_OSSL_ASN1_BIT_STRING_DECLS, + TEST_OSSL_ASN1_INTEGER_DECLS, + TEST_OSSL_ASN1_OBJECT_DECLS, + TEST_OSSL_ASN1_STRING_DECLS, + TEST_OSSL_ASN1_TIME_DECLS, + TEST_OSSL_ASN1_TYPE_DECLS, + + TEST_SSL_SK_DECLS, + + TEST_DECL(test_wolfSSL_lhash), + + TEST_DECL(test_wolfSSL_certs), + TEST_DECL(test_wolfSSL_X509_ext_d2i), + + TEST_DECL(test_wolfSSL_private_keys), + TEST_DECL(test_wolfSSL_PEM_def_callback), + TEST_DECL(test_wolfSSL_PEM_read_PrivateKey), + TEST_DECL(test_wolfSSL_PEM_read_RSA_PUBKEY), + TEST_DECL(test_wolfSSL_PEM_read_PUBKEY), + TEST_DECL(test_wolfSSL_PEM_PrivateKey_rsa), + TEST_DECL(test_wolfSSL_PEM_PrivateKey_ecc), + TEST_DECL(test_wolfSSL_PEM_PrivateKey_dsa), + TEST_DECL(test_wolfSSL_PEM_PrivateKey_dh), + TEST_DECL(test_wolfSSL_PEM_PrivateKey), + TEST_DECL(test_wolfSSL_PEM_file_RSAKey), + TEST_DECL(test_wolfSSL_PEM_file_RSAPrivateKey), +#ifndef NO_BIO + TEST_DECL(test_wolfSSL_BIO), + TEST_DECL(test_wolfSSL_BIO_BIO_ring_read), + TEST_DECL(test_wolfSSL_PEM_read_bio), + TEST_DECL(test_wolfSSL_PEM_bio_RSAKey), + TEST_DECL(test_wolfSSL_PEM_bio_DSAKey), + TEST_DECL(test_wolfSSL_PEM_bio_ECKey), + TEST_DECL(test_wolfSSL_PEM_bio_RSAPrivateKey), + TEST_DECL(test_wolfSSL_PEM_PUBKEY), +#endif + + /* EVP API testing */ + TEST_DECL(test_wolfSSL_EVP_ENCODE_CTX_new), + TEST_DECL(test_wolfSSL_EVP_ENCODE_CTX_free), + TEST_DECL(test_wolfSSL_EVP_EncodeInit), + TEST_DECL(test_wolfSSL_EVP_EncodeUpdate), + TEST_DECL(test_wolfSSL_EVP_CipherUpdate_Null), + TEST_DECL(test_wolfSSL_EVP_CIPHER_type_string), + TEST_DECL(test_wolfSSL_EVP_EncodeFinal), + TEST_DECL(test_wolfSSL_EVP_DecodeInit), + TEST_DECL(test_wolfSSL_EVP_DecodeUpdate), + TEST_DECL(test_wolfSSL_EVP_DecodeFinal), + + TEST_DECL(test_wolfSSL_EVP_shake128), + TEST_DECL(test_wolfSSL_EVP_shake256), + TEST_DECL(test_wolfSSL_EVP_sm3), + TEST_DECL(test_EVP_blake2), +#ifdef OPENSSL_ALL + TEST_DECL(test_wolfSSL_EVP_md4), + TEST_DECL(test_wolfSSL_EVP_ripemd160), + TEST_DECL(test_wolfSSL_EVP_get_digestbynid), + TEST_DECL(test_wolfSSL_EVP_MD_nid), + + TEST_DECL(test_wolfSSL_EVP_DigestFinal_ex), + TEST_DECL(test_wolfSSL_EVP_DigestFinalXOF), +#endif + + TEST_DECL(test_EVP_MD_do_all), + TEST_DECL(test_wolfSSL_EVP_MD_size), + TEST_DECL(test_wolfSSL_EVP_MD_pkey_type), + TEST_DECL(test_wolfSSL_EVP_Digest), + TEST_DECL(test_wolfSSL_EVP_Digest_all), + TEST_DECL(test_wolfSSL_EVP_MD_hmac_signing), + TEST_DECL(test_wolfSSL_EVP_MD_rsa_signing), + TEST_DECL(test_wolfSSL_EVP_MD_ecc_signing), + + TEST_DECL(test_wolfssl_EVP_aes_gcm), + TEST_DECL(test_wolfssl_EVP_aes_gcm_AAD_2_parts), + TEST_DECL(test_wolfssl_EVP_aes_gcm_zeroLen), + TEST_DECL(test_wolfssl_EVP_aes_ccm), + TEST_DECL(test_wolfssl_EVP_aes_ccm_zeroLen), + TEST_DECL(test_wolfssl_EVP_chacha20), + TEST_DECL(test_wolfssl_EVP_chacha20_poly1305), + TEST_DECL(test_wolfssl_EVP_sm4_ecb), + TEST_DECL(test_wolfssl_EVP_sm4_cbc), + TEST_DECL(test_wolfssl_EVP_sm4_ctr), + TEST_DECL(test_wolfssl_EVP_sm4_gcm_zeroLen), + TEST_DECL(test_wolfssl_EVP_sm4_gcm), + TEST_DECL(test_wolfssl_EVP_sm4_ccm_zeroLen), + TEST_DECL(test_wolfssl_EVP_sm4_ccm), +#ifdef OPENSSL_ALL + TEST_DECL(test_wolfSSL_EVP_aes_256_gcm), + TEST_DECL(test_wolfSSL_EVP_aes_192_gcm), + TEST_DECL(test_wolfSSL_EVP_aes_256_ccm), + TEST_DECL(test_wolfSSL_EVP_aes_192_ccm), + TEST_DECL(test_wolfSSL_EVP_aes_128_ccm), + TEST_DECL(test_wolfSSL_EVP_rc4), + TEST_DECL(test_wolfSSL_EVP_enc_null), + TEST_DECL(test_wolfSSL_EVP_rc2_cbc), + TEST_DECL(test_wolfSSL_EVP_mdc2), + + TEST_DECL(test_evp_cipher_aes_gcm), +#endif + TEST_DECL(test_wolfssl_EVP_aria_gcm), + TEST_DECL(test_wolfSSL_EVP_Cipher_extra), +#ifdef OPENSSL_EXTRA + TEST_DECL(test_wolfSSL_EVP_get_cipherbynid), + TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX), +#endif +#ifdef OPENSSL_ALL + TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_iv_length), + TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_key_length), + TEST_DECL(test_wolfSSL_EVP_CIPHER_CTX_set_iv), + TEST_DECL(test_wolfSSL_EVP_CIPHER_block_size), + TEST_DECL(test_wolfSSL_EVP_CIPHER_iv_length), + TEST_DECL(test_wolfSSL_EVP_X_STATE), + TEST_DECL(test_wolfSSL_EVP_X_STATE_LEN), + TEST_DECL(test_wolfSSL_EVP_BytesToKey), +#endif + + TEST_DECL(test_wolfSSL_EVP_PKEY_print_public), + TEST_DECL(test_wolfSSL_EVP_PKEY_new_mac_key), + TEST_DECL(test_wolfSSL_EVP_PKEY_new_CMAC_key), + TEST_DECL(test_wolfSSL_EVP_PKEY_up_ref), + TEST_DECL(test_wolfSSL_EVP_PKEY_hkdf), + TEST_DECL(test_wolfSSL_EVP_PKEY_derive), + TEST_DECL(test_wolfSSL_d2i_and_i2d_PublicKey), + TEST_DECL(test_wolfSSL_d2i_and_i2d_PublicKey_ecc), +#ifndef NO_BIO + TEST_DECL(test_wolfSSL_d2i_PUBKEY), +#endif + TEST_DECL(test_wolfSSL_d2i_and_i2d_DSAparams), + TEST_DECL(test_wolfSSL_i2d_PrivateKey), +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) && \ + !defined(NO_TLS) +#ifndef NO_BIO + TEST_DECL(test_wolfSSL_d2i_PrivateKeys_bio), +#endif /* !NO_BIO */ +#endif +#ifdef OPENSSL_ALL + TEST_DECL(test_wolfSSL_EVP_PKEY_set1_get1_DSA), + TEST_DECL(test_wolfSSL_EVP_PKEY_set1_get1_EC_KEY), + TEST_DECL(test_wolfSSL_EVP_PKEY_set1_get1_DH), + TEST_DECL(test_wolfSSL_EVP_PKEY_assign), + TEST_DECL(test_wolfSSL_EVP_PKEY_assign_DH), + TEST_DECL(test_wolfSSL_EVP_PKEY_base_id), + TEST_DECL(test_wolfSSL_EVP_PKEY_id), + TEST_DECL(test_wolfSSL_EVP_PKEY_paramgen), + TEST_DECL(test_wolfSSL_EVP_PKEY_keygen), + TEST_DECL(test_wolfSSL_EVP_PKEY_keygen_init), + TEST_DECL(test_wolfSSL_EVP_PKEY_missing_parameters), + TEST_DECL(test_wolfSSL_EVP_PKEY_copy_parameters), + TEST_DECL(test_wolfSSL_EVP_PKEY_CTX_set_rsa_keygen_bits), + TEST_DECL(test_wolfSSL_EVP_PKEY_CTX_new_id), + TEST_DECL(test_wolfSSL_EVP_PKEY_get0_EC_KEY), +#endif + + TEST_DECL(test_EVP_PKEY_rsa), + TEST_DECL(test_wc_RsaPSS_DigitalSignVerify), + TEST_DECL(test_EVP_PKEY_ec), + TEST_DECL(test_wolfSSL_EVP_PKEY_encrypt), + TEST_DECL(test_wolfSSL_EVP_PKEY_sign_verify_rsa), + TEST_DECL(test_wolfSSL_EVP_PKEY_sign_verify_dsa), + TEST_DECL(test_wolfSSL_EVP_PKEY_sign_verify_ec), + TEST_DECL(test_EVP_PKEY_cmp), + +#ifdef OPENSSL_ALL + TEST_DECL(test_wolfSSL_EVP_SignInit_ex), + TEST_DECL(test_wolfSSL_EVP_PKEY_param_check), + TEST_DECL(test_wolfSSL_QT_EVP_PKEY_CTX_free), +#endif + + TEST_DECL(test_wolfSSL_EVP_PBE_scrypt), + + TEST_DECL(test_wolfSSL_CTX_add_extra_chain_cert), +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) + TEST_DECL(test_wolfSSL_ERR_peek_last_error_line), +#endif +#ifndef NO_BIO + TEST_DECL(test_wolfSSL_ERR_print_errors_cb), + TEST_DECL(test_wolfSSL_GetLoggingCb), + TEST_DECL(test_WOLFSSL_ERROR_MSG), + TEST_DECL(test_wc_ERR_remove_state), + TEST_DECL(test_wc_ERR_print_errors_fp), +#endif + TEST_DECL(test_wolfSSL_configure_args), + TEST_DECL(test_wolfSSL_sk_SSL_CIPHER), + TEST_DECL(test_wolfSSL_set1_curves_list), + TEST_DECL(test_wolfSSL_curves_mismatch), + TEST_DECL(test_wolfSSL_set1_sigalgs_list), + + TEST_DECL(test_wolfSSL_OtherName), + TEST_DECL(test_wolfSSL_FPKI), + TEST_DECL(test_wolfSSL_URI), + TEST_DECL(test_wolfSSL_TBS), + + TEST_DECL(test_wolfSSL_X509_STORE_CTX), + TEST_DECL(test_wolfSSL_X509_STORE_CTX_ex), + TEST_DECL(test_X509_STORE_untrusted), +#if defined(OPENSSL_ALL) && !defined(NO_RSA) + TEST_DECL(test_X509_STORE_InvalidCa), +#endif + TEST_DECL(test_wolfSSL_X509_STORE_CTX_trusted_stack_cleanup), + TEST_DECL(test_wolfSSL_X509_STORE_CTX_get_issuer), + TEST_DECL(test_wolfSSL_X509_STORE_set_flags), + TEST_DECL(test_wolfSSL_X509_LOOKUP_load_file), + TEST_DECL(test_wolfSSL_X509_Name_canon), + TEST_DECL(test_wolfSSL_X509_LOOKUP_ctrl_file), + TEST_DECL(test_wolfSSL_X509_LOOKUP_ctrl_hash_dir), + TEST_DECL(test_wolfSSL_X509_NID), + TEST_DECL(test_wolfSSL_X509_STORE_CTX_set_time), + TEST_DECL(test_wolfSSL_get0_param), + TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM_set1_host), + TEST_DECL(test_wolfSSL_set1_host), + TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM_set1_ip), + TEST_DECL(test_wolfSSL_X509_STORE_CTX_get0_store), + TEST_DECL(test_wolfSSL_X509_STORE), + TEST_DECL(test_wolfSSL_X509_STORE_load_locations), + TEST_DECL(test_X509_STORE_get0_objects), + TEST_DECL(test_wolfSSL_X509_load_crl_file), + TEST_DECL(test_wolfSSL_X509_STORE_get1_certs), + TEST_DECL(test_wolfSSL_X509_STORE_set_get_crl), + TEST_DECL(test_wolfSSL_X509_NAME_ENTRY_get_object), + TEST_DECL(test_wolfSSL_X509_cmp_time), + TEST_DECL(test_wolfSSL_X509_time_adj), + + /* X509 tests */ + TEST_DECL(test_wolfSSL_X509_subject_name_hash), + TEST_DECL(test_wolfSSL_X509_issuer_name_hash), + TEST_DECL(test_wolfSSL_X509_check_host), + TEST_DECL(test_wolfSSL_X509_check_email), + TEST_DECL(test_wolfSSL_X509_check_private_key), + TEST_DECL(test_wolfSSL_X509), + TEST_DECL(test_wolfSSL_X509_VERIFY_PARAM), + TEST_DECL(test_wolfSSL_X509_sign), + TEST_DECL(test_wolfSSL_X509_sign2), + TEST_DECL(test_wolfSSL_X509_verify), + TEST_DECL(test_wolfSSL_X509_get0_tbs_sigalg), + TEST_DECL(test_wolfSSL_X509_ALGOR_get0), + TEST_DECL(test_wolfSSL_X509_get_X509_PUBKEY), + TEST_DECL(test_wolfSSL_X509_PUBKEY_RSA), + TEST_DECL(test_wolfSSL_X509_PUBKEY_EC), + TEST_DECL(test_wolfSSL_X509_PUBKEY_DSA), + TEST_DECL(test_wolfSSL_PEM_write_bio_X509), + TEST_DECL(test_wolfSSL_X509_NAME_get_entry), + TEST_DECL(test_wolfSSL_X509_NAME), + TEST_DECL(test_wolfSSL_X509_NAME_hash), + TEST_DECL(test_wolfSSL_X509_NAME_print_ex), + TEST_DECL(test_wolfSSL_X509_NAME_ENTRY), + TEST_DECL(test_wolfSSL_X509_set_name), + TEST_DECL(test_wolfSSL_X509_set_notAfter), + TEST_DECL(test_wolfSSL_X509_set_notBefore), + TEST_DECL(test_wolfSSL_X509_set_version), + TEST_DECL(test_wolfSSL_X509_get_serialNumber), + TEST_DECL(test_wolfSSL_X509_ext_get_critical_by_NID), + TEST_DECL(test_wolfSSL_X509_CRL_distribution_points), + TEST_DECL(test_wolfSSL_X509_SEP), + TEST_DECL(test_wolfSSL_X509_CRL), + TEST_DECL(test_wolfSSL_i2d_X509), + TEST_DECL(test_wolfSSL_PEM_read_X509), + TEST_DECL(test_wolfSSL_X509_check_ca), + TEST_DECL(test_wolfSSL_X509_check_ip_asc), + TEST_DECL(test_wolfSSL_X509_bad_altname), + TEST_DECL(test_wolfSSL_X509_name_match), + TEST_DECL(test_wolfSSL_X509_name_match2), + TEST_DECL(test_wolfSSL_X509_name_match3), + TEST_DECL(test_wolfSSL_X509_max_altnames), + TEST_DECL(test_wolfSSL_X509_max_name_constraints), + TEST_DECL(test_wolfSSL_make_cert), + + /* X509 ACERT tests */ + TEST_DECL(test_wolfSSL_X509_ACERT_verify), + TEST_DECL(test_wolfSSL_X509_ACERT_misc_api), + TEST_DECL(test_wolfSSL_X509_ACERT_buffer), + TEST_DECL(test_wolfSSL_X509_ACERT_new_and_sign), + TEST_DECL(test_wolfSSL_X509_ACERT_asn), + +#ifndef NO_BIO + TEST_DECL(test_wolfSSL_X509_INFO_multiple_info), + TEST_DECL(test_wolfSSL_X509_INFO), + TEST_DECL(test_wolfSSL_PEM_X509_INFO_read_bio), + TEST_DECL(test_wolfSSL_PEM_X509_INFO_read), +#endif + +#ifdef OPENSSL_ALL + TEST_DECL(test_wolfSSL_X509_PUBKEY_get), + TEST_DECL(test_wolfSSL_X509_set_pubkey), +#endif + + TEST_DECL(test_wolfSSL_X509_CA_num), + TEST_DECL(test_x509_get_key_id), + TEST_DECL(test_wolfSSL_X509_get_version), +#ifndef NO_BIO + TEST_DECL(test_wolfSSL_X509_print), + TEST_DECL(test_wolfSSL_X509_CRL_print), +#endif + TEST_DECL(test_X509_get_signature_nid), + /* X509 extension testing. */ + TEST_DECL(test_wolfSSL_X509_get_extension_flags), + TEST_DECL(test_wolfSSL_X509_get_ext), + TEST_DECL(test_wolfSSL_X509_get_ext_by_NID), + TEST_DECL(test_wolfSSL_X509_get_ext_subj_alt_name), + TEST_DECL(test_wolfSSL_X509_get_ext_count), + TEST_DECL(test_wolfSSL_X509_stack_extensions), + TEST_DECL(test_wolfSSL_X509_set_ext), + TEST_DECL(test_wolfSSL_X509_add_ext), + TEST_DECL(test_wolfSSL_X509_EXTENSION_new), + TEST_DECL(test_wolfSSL_X509_EXTENSION_dup), + TEST_DECL(test_wolfSSL_X509_EXTENSION_get_object), + TEST_DECL(test_wolfSSL_X509_EXTENSION_get_data), + TEST_DECL(test_wolfSSL_X509_EXTENSION_get_critical), + TEST_DECL(test_wolfSSL_X509_EXTENSION_create_by_OBJ), + TEST_DECL(test_wolfSSL_X509V3_set_ctx), + TEST_DECL(test_wolfSSL_X509V3_EXT_get), + TEST_DECL(test_wolfSSL_X509V3_EXT_nconf), + TEST_DECL(test_wolfSSL_X509V3_EXT), + TEST_DECL(test_wolfSSL_X509V3_EXT_bc), + TEST_DECL(test_wolfSSL_X509V3_EXT_san), + TEST_DECL(test_wolfSSL_X509V3_EXT_aia), + TEST_DECL(test_wolfSSL_X509V3_EXT_print), + TEST_DECL(test_wolfSSL_X509_cmp), + + TEST_DECL(test_GENERAL_NAME_set0_othername), + TEST_DECL(test_othername_and_SID_ext), + TEST_DECL(test_wolfSSL_dup_CA_list), + /* OpenSSL sk_X509 API test */ + TEST_DECL(test_sk_X509), + /* OpenSSL sk_X509_CRL API test */ + TEST_DECL(test_sk_X509_CRL), + + /* OpenSSL X509 REQ API test */ + TEST_DECL(test_wolfSSL_d2i_X509_REQ), + TEST_DECL(test_X509_REQ), + TEST_DECL(test_wolfSSL_X509_REQ_print), + + /* OpenSSL compatibility outside SSL context w/ CRL lookup directory */ + TEST_DECL(test_X509_STORE_No_SSL_CTX), + TEST_DECL(test_X509_LOOKUP_add_dir), + + /* RAND compatibility API */ + TEST_DECL(test_wolfSSL_RAND_set_rand_method), + TEST_DECL(test_wolfSSL_RAND_bytes), + TEST_DECL(test_wolfSSL_RAND), + TEST_DECL(test_wolfSSL_RAND_poll), + + /* BN compatibility API */ + TEST_OSSL_ASN1_BN_DECLS, + + /* OpenSSL PKCS5 API test */ + TEST_DECL(test_wolfSSL_PKCS5), + + /* OpenSSL PKCS8 API test */ + TEST_DECL(test_wolfSSL_PKCS8_Compat), + TEST_DECL(test_wolfSSL_PKCS8_d2i), + + /* OpenSSL PKCS7 API test */ + TEST_DECL(test_wolfssl_PKCS7), + TEST_DECL(test_wolfSSL_PKCS7_certs), + TEST_DECL(test_wolfSSL_PKCS7_sign), + TEST_DECL(test_wolfSSL_PKCS7_SIGNED_new), +#ifndef NO_BIO + TEST_DECL(test_wolfSSL_PEM_write_bio_PKCS7), + TEST_DECL(test_wolfSSL_PEM_write_bio_encryptedKey), +#ifdef HAVE_SMIME + TEST_DECL(test_wolfSSL_SMIME_read_PKCS7), + TEST_DECL(test_wolfSSL_SMIME_write_PKCS7), +#endif /* HAVE_SMIME */ +#endif /* !NO_BIO */ + + /* OpenSSL PKCS12 API test */ + TEST_DECL(test_wolfSSL_PKCS12), + + /* Can't memory test as callbacks use Assert. */ + TEST_DECL(test_error_queue_per_thread), + TEST_DECL(test_wolfSSL_ERR_put_error), + TEST_DECL(test_wolfSSL_ERR_get_error_order), +#ifndef NO_BIO + TEST_DECL(test_wolfSSL_ERR_print_errors), +#endif + + TEST_DECL(test_OBJ_NAME_do_all), + TEST_DECL(test_wolfSSL_OBJ), + TEST_DECL(test_wolfSSL_OBJ_cmp), + TEST_DECL(test_wolfSSL_OBJ_txt2nid), + TEST_DECL(test_wolfSSL_OBJ_txt2obj), +#ifdef OPENSSL_ALL + TEST_DECL(test_wolfSSL_OBJ_ln), + TEST_DECL(test_wolfSSL_OBJ_sn), +#endif + +#ifndef NO_BIO + TEST_OSSL_BIO_DECLS, +#endif + + TEST_DECL(test_wolfSSL_check_domain), + TEST_DECL(test_wolfSSL_check_domain_basic), + TEST_DECL(test_wolfSSL_cert_cb), + TEST_DECL(test_wolfSSL_cert_cb_dyn_ciphers), + TEST_DECL(test_wolfSSL_ciphersuite_auth), + TEST_DECL(test_wolfSSL_sigalg_info), + /* Can't memory test as tcp_connect aborts. */ + TEST_DECL(test_wolfSSL_SESSION), + TEST_DECL(test_wolfSSL_SESSION_expire_downgrade), + TEST_DECL(test_wolfSSL_CTX_sess_set_remove_cb), + TEST_DECL(test_wolfSSL_ticket_keys), + TEST_DECL(test_wolfSSL_sk_GENERAL_NAME), + TEST_DECL(test_wolfSSL_GENERAL_NAME_print), + TEST_DECL(test_wolfSSL_sk_DIST_POINT), + TEST_DECL(test_wolfSSL_verify_mode), + TEST_DECL(test_wolfSSL_verify_depth), + TEST_DECL(test_wolfSSL_verify_result), + TEST_DECL(test_wolfSSL_msg_callback), + + TEST_DECL(test_wolfSSL_OCSP_id_get0_info), + TEST_DECL(test_wolfSSL_i2d_OCSP_CERTID), + TEST_DECL(test_wolfSSL_d2i_OCSP_CERTID), + TEST_DECL(test_wolfSSL_OCSP_id_cmp), + TEST_DECL(test_wolfSSL_OCSP_SINGLERESP_get0_id), + TEST_DECL(test_wolfSSL_OCSP_single_get0_status), + TEST_DECL(test_wolfSSL_OCSP_resp_count), + TEST_DECL(test_wolfSSL_OCSP_resp_get0), + TEST_DECL(test_wolfSSL_OCSP_parse_url), + TEST_DECL(test_wolfSSL_OCSP_REQ_CTX), + + TEST_DECL(test_wolfSSL_PEM_read), + + TEST_DECL(test_wolfSSL_OpenSSL_version), + TEST_DECL(test_wolfSSL_OpenSSL_add_all_algorithms), + TEST_DECL(test_wolfSSL_OPENSSL_hexstr2buf), + + TEST_DECL(test_CONF_modules_xxx), +#ifdef OPENSSL_ALL + TEST_DECL(test_wolfSSL_TXT_DB), + TEST_DECL(test_wolfSSL_NCONF), +#endif + + TEST_DECL(test_wolfSSL_CRYPTO_memcmp), + TEST_DECL(test_wolfSSL_CRYPTO_get_ex_new_index), + TEST_DECL(test_wolfSSL_SESSION_get_ex_new_index), + TEST_DECL(test_CRYPTO_set_dynlock_xxx), + TEST_DECL(test_CRYPTO_THREADID_xxx), + TEST_DECL(test_ENGINE_cleanup), + /* test the no op functions for compatibility */ + TEST_DECL(test_no_op_functions), + /* OpenSSL error API tests */ + TEST_DECL(test_ERR_load_crypto_strings), + +#ifdef OPENSSL_ALL + TEST_DECL(test_wolfSSL_sk_CIPHER_description), + TEST_DECL(test_wolfSSL_get_ciphers_compat), + + TEST_DECL(test_wolfSSL_CTX_ctrl), +#endif /* OPENSSL_ALL */ +#if (defined(OPENSSL_ALL) || defined(WOLFSSL_ASIO)) && !defined(NO_RSA) + TEST_DECL(test_wolfSSL_CTX_use_certificate_ASN1), +#endif /* (OPENSSL_ALL || WOLFSSL_ASIO) && !NO_RSA */ + + /********************************* + * Crypto API tests + *********************************/ + + TEST_OSSL_DIGEST_DECLS, + TEST_OSSL_MAC_DECLS, + TEST_OSSL_CIPHER_DECLS, + TEST_OSSL_RSA_DECLS, + TEST_OSSL_DH_DECLS, +#if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK) + TEST_OSSL_EC_DECLS, +#endif +#ifdef OPENSSL_EXTRA + TEST_OSSL_ECX_DECLS, +#endif + TEST_OSSL_DSA_DECLS, + + TEST_DECL(test_openssl_generate_key_and_cert), + + TEST_DECL(test_wolfSSL_FIPS_mode), + TEST_DECL(test_openssl_FIPS_drbg), + + /********************************* + * CertManager API tests + *********************************/ + + TEST_DECL(test_wolfSSL_CertManagerAPI), + TEST_DECL(test_wolfSSL_CertManagerLoadCABuffer), + TEST_DECL(test_wolfSSL_CertManagerLoadCABuffer_ex), + TEST_DECL(test_wolfSSL_CertManagerLoadCABufferType), + TEST_DECL(test_wolfSSL_CertManagerGetCerts), + TEST_DECL(test_wolfSSL_CertManagerSetVerify), + TEST_DECL(test_wolfSSL_CertManagerNameConstraint), + TEST_DECL(test_wolfSSL_CertManagerNameConstraint2), + TEST_DECL(test_wolfSSL_CertManagerNameConstraint3), + TEST_DECL(test_wolfSSL_CertManagerNameConstraint4), + TEST_DECL(test_wolfSSL_CertManagerNameConstraint5), + TEST_DECL(test_wolfSSL_CertManagerCRL), + TEST_DECL(test_wolfSSL_CRL_duplicate_extensions), + TEST_DECL(test_wolfSSL_CertManagerCheckOCSPResponse), + TEST_DECL(test_wolfSSL_CheckOCSPResponse), +#if defined(HAVE_CERT_CHAIN_VALIDATION) && !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) && \ + defined(WOLFSSL_PEM_TO_DER) + TEST_DECL(test_various_pathlen_chains), +#endif + + /********************************* + * SSL/TLS API tests + *********************************/ + + TEST_DECL(test_wolfSSL_Method_Allocators), +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_TLS) + TEST_DECL(test_wolfSSL_CTX_new), +#endif + TEST_DECL(test_server_wolfSSL_new), + TEST_DECL(test_client_wolfSSL_new), +#if (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ + !defined(NO_TLS) && \ + (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_FILESYSTEM) + TEST_DECL(test_for_double_Free), +#endif + TEST_DECL(test_wolfSSL_set_options), + + TEST_TLS13_DECLS, + + TEST_DECL(test_wolfSSL_tmp_dh), + TEST_DECL(test_wolfSSL_ctrl), + +#if defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ + (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB))) + TEST_DECL(test_wolfSSL_set_SSL_CTX), +#endif + TEST_DECL(test_wolfSSL_CTX_get_min_proto_version), + TEST_DECL(test_wolfSSL_security_level), + TEST_DECL(test_wolfSSL_crypto_policy), + TEST_DECL(test_wolfSSL_crypto_policy_certs_and_keys), + TEST_DECL(test_wolfSSL_crypto_policy_tls_methods), + TEST_DECL(test_wolfSSL_crypto_policy_ciphers), + TEST_DECL(test_wolfSSL_SSL_in_init), + TEST_DECL(test_wolfSSL_CTX_set_timeout), + TEST_DECL(test_wolfSSL_set_psk_use_session_callback), + + TEST_DECL(test_CONF_CTX_FILE), + TEST_DECL(test_CONF_CTX_CMDLINE), + +#if !defined(NO_CERTS) && (!defined(NO_WOLFSSL_CLIENT) || \ + !defined(WOLFSSL_NO_CLIENT_AUTH)) && !defined(NO_FILESYSTEM) && \ + !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) && \ + (!defined(NO_RSA) || defined(HAVE_ECC)) && !defined(NO_SHA256) + /* Use the Cert Manager(CM) API to generate the error ASN_SIG_CONFIRM_E */ + /* Bad certificate signature tests */ + TEST_DECL(test_EccSigFailure_cm), + TEST_DECL(test_RsaSigFailure_cm), +#endif + + /* PKCS8 testing */ + TEST_DECL(test_wolfSSL_no_password_cb), + TEST_DECL(test_wolfSSL_PKCS8), + TEST_DECL(test_wolfSSL_PKCS8_ED25519), + TEST_DECL(test_wolfSSL_PKCS8_ED448), + +#ifdef HAVE_IO_TESTS_DEPENDENCIES + TEST_DECL(test_wolfSSL_get_finished), + /* Uses Assert in handshake callback. */ + TEST_DECL(test_wolfSSL_CTX_add_session), + /* Large number of memory allocations. */ + TEST_DECL(test_wolfSSL_CTX_add_session_ext_tls13), + /* Large number of memory allocations. */ + TEST_DECL(test_wolfSSL_CTX_add_session_ext_dtls13), + /* Large number of memory allocations. */ + TEST_DECL(test_wolfSSL_CTX_add_session_ext_tls12), + /* Large number of memory allocations. */ + TEST_DECL(test_wolfSSL_CTX_add_session_ext_dtls12), + /* Large number of memory allocations. */ + TEST_DECL(test_wolfSSL_CTX_add_session_ext_tls11), + /* Large number of memory allocations. */ + TEST_DECL(test_wolfSSL_CTX_add_session_ext_dtls1), +#endif + TEST_DECL(test_SSL_CIPHER_get_xxx), + TEST_DECL(test_wolfSSL_ERR_strings), + TEST_DECL(test_wolfSSL_CTX_set_cipher_list_bytes), + TEST_DECL(test_wolfSSL_CTX_use_certificate), + TEST_DECL(test_wolfSSL_CTX_use_certificate_file), + TEST_DECL(test_wolfSSL_CTX_use_certificate_buffer), + TEST_DECL(test_wolfSSL_use_certificate_buffer), + TEST_DECL(test_wolfSSL_CTX_use_PrivateKey_file), + TEST_DECL(test_wolfSSL_CTX_use_RSAPrivateKey_file), + TEST_DECL(test_wolfSSL_use_RSAPrivateKey_file), + TEST_DECL(test_wolfSSL_CTX_use_PrivateKey), + TEST_DECL(test_wolfSSL_CTX_load_verify_locations), + /* Large number of memory allocations. */ + TEST_DECL(test_wolfSSL_CTX_load_system_CA_certs), + +#if defined(HAVE_CERT_CHAIN_VALIDATION) && \ + !defined(WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION) + TEST_DECL(test_wolfSSL_CertRsaPss), +#endif + TEST_DECL(test_wolfSSL_CTX_load_verify_locations_ex), + TEST_DECL(test_wolfSSL_CTX_load_verify_buffer_ex), + TEST_DECL(test_wolfSSL_CTX_load_verify_chain_buffer_format), + TEST_DECL(test_wolfSSL_CTX_add1_chain_cert), + TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_buffer_format), + TEST_DECL(test_wolfSSL_CTX_use_certificate_chain_file_format), + TEST_DECL(test_wolfSSL_use_certificate_chain_file), + TEST_DECL(test_wolfSSL_CTX_trust_peer_cert), + TEST_DECL(test_wolfSSL_CTX_LoadCRL), + TEST_DECL(test_wolfSSL_crl_update_cb), + TEST_DECL(test_wolfSSL_CTX_SetTmpDH_file), + TEST_DECL(test_wolfSSL_CTX_SetTmpDH_buffer), + TEST_DECL(test_wolfSSL_CTX_SetMinMaxDhKey_Sz), + TEST_DECL(test_wolfSSL_CTX_der_load_verify_locations), + TEST_DECL(test_wolfSSL_CTX_enable_disable), + TEST_DECL(test_wolfSSL_CTX_ticket_API), + TEST_DECL(test_wolfSSL_SetTmpDH_file), + TEST_DECL(test_wolfSSL_SetTmpDH_buffer), + TEST_DECL(test_wolfSSL_SetMinMaxDhKey_Sz), + TEST_DECL(test_SetTmpEC_DHE_Sz), + TEST_DECL(test_wolfSSL_CTX_get0_privatekey), +#ifdef WOLFSSL_DTLS + TEST_DECL(test_wolfSSL_DtlsUpdateWindow), + TEST_DECL(test_wolfSSL_DTLS_fragment_buckets), +#endif + TEST_DECL(test_wolfSSL_dtls_set_mtu), + /* Uses Assert in handshake callback. */ + TEST_DECL(test_wolfSSL_dtls_plaintext), +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) + TEST_DECL(test_wolfSSL_read_write), + TEST_DECL(test_wolfSSL_read_write_ex), + /* Can't memory test as server hangs if client fails before second connect. + */ + TEST_DECL(test_wolfSSL_reuse_WOLFSSLobj), + TEST_DECL(test_wolfSSL_CTX_verifyDepth_ServerClient_1), + TEST_DECL(test_wolfSSL_CTX_verifyDepth_ServerClient_2), + TEST_DECL(test_wolfSSL_CTX_verifyDepth_ServerClient_3), + TEST_DECL(test_wolfSSL_CTX_set_cipher_list), + /* Can't memory test as server hangs. */ + TEST_DECL(test_wolfSSL_dtls_export), + /* Uses Assert in handshake callback. */ + TEST_DECL(test_wolfSSL_tls_export), +#endif + TEST_DECL(test_wolfSSL_dtls_export_peers), + TEST_DECL(test_wolfSSL_SetMinVersion), + TEST_DECL(test_wolfSSL_CTX_SetMinVersion), + + /* wolfSSL handshake APIs. */ + TEST_DECL(test_wolfSSL_CTX_get0_set1_param), + TEST_DECL(test_wolfSSL_a2i_IPADDRESS), + TEST_DECL(test_wolfSSL_BUF), + TEST_DECL(test_wolfSSL_set_tlsext_status_type), + TEST_DECL(test_wolfSSL_get_client_ciphers), + /* Can't memory test as server hangs. */ + TEST_DECL(test_wolfSSL_CTX_set_client_CA_list), + TEST_DECL(test_wolfSSL_CTX_add_client_CA), + TEST_DECL(test_wolfSSL_CTX_set_srp_username), + TEST_DECL(test_wolfSSL_CTX_set_srp_password), + TEST_DECL(test_wolfSSL_CTX_set_keylog_callback), + TEST_DECL(test_wolfSSL_CTX_get_keylog_callback), + TEST_DECL(test_wolfSSL_Tls12_Key_Logging_test), + /* Can't memory test as server hangs. */ + TEST_DECL(test_wolfSSL_Tls13_Key_Logging_test), + TEST_DECL(test_wolfSSL_Tls13_postauth), + TEST_DECL(test_wolfSSL_set_ecdh_auto), + TEST_DECL(test_wolfSSL_CTX_set_ecdh_auto), + TEST_DECL(test_wolfSSL_set_minmax_proto_version), + TEST_DECL(test_wolfSSL_CTX_set_max_proto_version), + TEST_DECL(test_wolfSSL_THREADID_hash), + + /* TLS extensions tests */ +#ifdef HAVE_IO_TESTS_DEPENDENCIES +#ifdef HAVE_SNI + TEST_DECL(test_wolfSSL_UseSNI_params), + /* Uses Assert in handshake callback. */ + TEST_DECL(test_wolfSSL_UseSNI_connection), + TEST_DECL(test_wolfSSL_SNI_GetFromBuffer), +#endif /* HAVE_SNI */ +#endif + TEST_DECL(test_wolfSSL_UseTrustedCA), + TEST_DECL(test_wolfSSL_UseMaxFragment), + TEST_DECL(test_wolfSSL_UseTruncatedHMAC), + TEST_DECL(test_wolfSSL_UseSupportedCurve), +#if defined(HAVE_ALPN) && defined(HAVE_IO_TESTS_DEPENDENCIES) + /* Uses Assert in handshake callback. */ + TEST_DECL(test_wolfSSL_UseALPN_connection), + TEST_DECL(test_wolfSSL_UseALPN_params), +#endif +#ifdef HAVE_ALPN_PROTOS_SUPPORT + /* Uses Assert in handshake callback. */ + TEST_DECL(test_wolfSSL_set_alpn_protos), +#endif + TEST_DECL(test_tls_ems_downgrade), + TEST_DECL(test_wolfSSL_DisableExtendedMasterSecret), + TEST_DECL(test_certificate_authorities_certificate_request), + TEST_DECL(test_certificate_authorities_client_hello), + TEST_DECL(test_wolfSSL_wolfSSL_UseSecureRenegotiation), + TEST_DECL(test_wolfSSL_SCR_Reconnect), + TEST_DECL(test_tls_ext_duplicate), + TEST_DECL(test_tls_bad_legacy_version), +#if defined(WOLFSSL_TLS13) && defined(HAVE_ECH) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) + TEST_DECL(test_wolfSSL_Tls13_ECH_params), + /* Uses Assert in handshake callback. */ + TEST_DECL(test_wolfSSL_Tls13_ECH), + TEST_DECL(test_wolfSSL_Tls13_ECH_HRR), +#endif + + TEST_DECL(test_wolfSSL_X509_TLS_version_test_1), + TEST_DECL(test_wolfSSL_X509_TLS_version_test_2), + + /* OCSP Stapling */ + TEST_DECL(test_wolfSSL_UseOCSPStapling), + TEST_DECL(test_wolfSSL_UseOCSPStaplingV2), + TEST_DECL(test_self_signed_stapling), + TEST_DECL(test_ocsp_callback_fails), + + /* Multicast */ + TEST_DECL(test_wolfSSL_mcast), + + TEST_DECL(test_wolfSSL_read_detect_TCP_disconnect), + + TEST_DECL(test_wolfSSL_msgCb), + TEST_DECL(test_wolfSSL_either_side), + TEST_DECL(test_wolfSSL_DTLS_either_side), + /* Uses Assert in handshake callback. */ + TEST_DECL(test_wolfSSL_dtls_fragments), + /* Uses Assert in handshake callback. */ + TEST_DECL(test_wolfSSL_dtls_AEAD_limit), + /* Uses Assert in handshake callback. */ + TEST_DECL(test_wolfSSL_ignore_alert_before_cookie), + /* Uses Assert in handshake callback. */ + TEST_DECL(test_wolfSSL_dtls_bad_record), + /* Uses Assert in handshake callback. */ + TEST_DECL(test_wolfSSL_dtls_stateless), + TEST_DECL(test_generate_cookie), + +#ifndef NO_BIO + TEST_OSSL_BIO_TLS_DECLS, +#endif + +#if defined(HAVE_PK_CALLBACKS) && !defined(WOLFSSL_NO_TLS12) + TEST_DECL(test_DhCallbacks), +#endif + +#if defined(HAVE_KEYING_MATERIAL) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) + TEST_DECL(test_export_keying_material), +#endif + + /* Can't memory test as client/server Asserts in thread. */ + TEST_DECL(test_ticket_and_psk_mixing), + /* Can't memory test as client/server Asserts in thread. */ + TEST_DECL(test_prioritize_psk), + + /* Can't memory test as client/server hangs. */ + TEST_DECL(test_wc_CryptoCb), + /* Can't memory test as client/server hangs. */ + TEST_DECL(test_wolfSSL_CTX_StaticMemory), +#if !defined(NO_FILESYSTEM) && \ + defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) +#ifdef WOLFSSL_DTLS_NO_HVR_ON_RESUME + TEST_DECL(test_wolfSSL_dtls_stateless_resume), +#endif /* WOLFSSL_DTLS_NO_HVR_ON_RESUME */ +#ifdef HAVE_MAX_FRAGMENT + TEST_DECL(test_wolfSSL_dtls_stateless_maxfrag), +#endif /* HAVE_MAX_FRAGMENT */ +#ifndef NO_RSA + TEST_DECL(test_wolfSSL_dtls_stateless2), +#if !defined(NO_OLD_TLS) + TEST_DECL(test_wolfSSL_dtls_stateless_downgrade), +#endif /* !defined(NO_OLD_TLS) */ +#endif /* ! NO_RSA */ +#endif /* defined(WOLFSSL_DTLS) && !defined(WOLFSSL_NO_TLS12) && \ + * !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) */ + TEST_DECL(test_wolfSSL_CTX_set_ciphersuites), + TEST_DECL(test_wolfSSL_CRL_CERT_REVOKED_alert), + TEST_DECL(test_TLS_13_ticket_different_ciphers), + TEST_DECL(test_WOLFSSL_dtls_version_alert), + +#if defined(WOLFSSL_TICKET_NONCE_MALLOC) && defined(HAVE_SESSION_TICKET) \ + && defined(WOLFSSL_TLS13) && \ + (!defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + TEST_DECL(test_ticket_nonce_malloc), +#endif + TEST_DECL(test_ticket_ret_create), + TEST_DECL(test_wrong_cs_downgrade), + TEST_DECL(test_extra_alerts_wrong_cs), + TEST_DECL(test_extra_alerts_skip_hs), + TEST_DECL(test_extra_alerts_bad_psk), + TEST_DECL(test_multiple_shutdown_nonblocking), + /* Can't memory test as client/server Asserts. */ + TEST_DECL(test_harden_no_secure_renegotiation), + TEST_DECL(test_override_alt_cert_chain), + TEST_DECL(test_rpk_set_xxx_cert_type), + TEST_DECL(test_dtls13_bad_epoch_ch), + TEST_DECL(test_short_session_id), + TEST_DECL(test_wolfSSL_dtls13_null_cipher), + /* Can't memory test as client/server hangs. */ + TEST_DECL(test_dtls_msg_from_other_peer), + TEST_DECL(test_dtls_ipv6_check), + TEST_DECL(test_wolfSSL_SCR_after_resumption), + TEST_DECL(test_dtls_no_extensions), + TEST_DECL(test_tls_alert_no_server_hello), + TEST_DECL(test_TLSX_CA_NAMES_bad_extension), + TEST_DECL(test_dtls_1_0_hvr_downgrade), + TEST_DECL(test_session_ticket_no_id), + TEST_DECL(test_session_ticket_hs_update), + TEST_DECL(test_dtls_downgrade_scr_server), + TEST_DECL(test_dtls_downgrade_scr), + TEST_DECL(test_dtls_client_hello_timeout_downgrade), + TEST_DECL(test_dtls_client_hello_timeout), + TEST_DECL(test_dtls_dropped_ccs), + TEST_DECL(test_dtls_seq_num_downgrade), + TEST_DECL(test_certreq_sighash_algos), + TEST_DECL(test_revoked_loaded_int_cert), + TEST_DECL(test_dtls_frag_ch), + TEST_DECL(test_dtls13_frag_ch_pq), + TEST_DECL(test_dtls_empty_keyshare_with_cookie), + TEST_DECL(test_dtls_old_seq_number), + TEST_DECL(test_dtls12_missing_finished), + TEST_DECL(test_dtls13_missing_finished_client), + TEST_DECL(test_dtls13_missing_finished_server), + TEST_DTLS_DECLS, + TEST_DECL(test_tls_multi_handshakes_one_record), + TEST_DECL(test_write_dup), + TEST_DECL(test_read_write_hs), + TEST_DECL(test_get_signature_nid), +#ifndef WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION + TEST_DECL(test_tls_cert_store_unchanged), +#endif + TEST_DECL(test_wolfSSL_SendUserCanceled), + TEST_DECL(test_wolfSSL_SSLDisableRead), + TEST_DECL(test_wolfSSL_inject), + TEST_DECL(test_ocsp_status_callback), + TEST_DECL(test_ocsp_basic_verify), + TEST_DECL(test_ocsp_response_parsing), + TEST_DECL(test_ocsp_certid_enc_dec), + TEST_DECL(test_ocsp_tls_cert_cb), + TEST_TLS_DECLS, + TEST_DECL(test_wc_DhSetNamedKey), + /* This test needs to stay at the end to clean up any caches allocated. */ + TEST_DECL(test_wolfSSL_Cleanup) +}; + +#define TEST_CASE_CNT (int)(sizeof(testCases) / sizeof(*testCases)) + +static void TestSetup(void) +{ +/* Stub, for now. Add common test setup code here. */ +} + +static void TestCleanup(void) +{ +#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) + /* Clear any errors added to the error queue during the test run. */ + wolfSSL_ERR_clear_error(); +#endif /* OPENSSL_EXTRA || DEBUG_WOLFSSL_VERBOSE */ +} + +void ApiTest_StopOnFail(void) +{ + stopOnFail = 1; +} + +/* Print out all API test cases with numeric identifier. + */ +void ApiTest_PrintTestCases(void) +{ + int i; + + printf("All Test Cases:\n"); + for (i = 0; i < TEST_CASE_CNT; i++) { + printf("%3d: %s\n", i + 1, testCases[i].name); + } +} + +/* Print out all API group names. + */ +void ApiTest_PrintGroups(void) +{ + int i; + const char* lastGroup = NULL; + + printf("All Groups:\n"); + for (i = 0; i < TEST_CASE_CNT; i++) { + if ((testCases[i].group != NULL) && ((lastGroup == NULL) || + XSTRCMP(testCases[i].group, lastGroup) != 0)) { + printf(" %s\n", testCases[i].group); + } + lastGroup = testCases[i].group; + } +} + + +/* Add test case with group name to the list to run. + * + * @param [in] name Group name of test case to run. + * @return 0 on success. + * @return BAD_FUNC_ARG when group name does not select any tests. + */ +int ApiTest_RunGroup(char* name) +{ + int i; + int cnt = 0; + + for (i = 0; i < TEST_CASE_CNT; i++) { + if ((testCases[i].group != NULL) && + (XSTRCMP(testCases[i].group, name) == 0)) { + testAll = 0; + testCases[i].run = 1; + cnt++; + } + } + + if (cnt == 0) { + printf("Group name not found: %s\n", name); + printf("Use --groups to see all test group names.\n"); + return BAD_FUNC_ARG; + } + return 0; +} + +/* Add test case with index to the list to run. + * + * @param [in] idx Index of test case to run starting at 1. + * @return 0 on success. + * @return BAD_FUNC_ARG when index is out of range of test case identifiers. + */ +int ApiTest_RunIdx(int idx) +{ + if (idx < 1 || idx > TEST_CASE_CNT) { + printf("Index out of range (1 - %d): %d\n", TEST_CASE_CNT, idx); + return BAD_FUNC_ARG; + } + + testAll = 0; + testCases[idx-1].run = 1; + + return 0; +} + +/* Add test cases with part of the name to the list to run. + * + * @param [in] name Part of the name of test cases to run. + * @return 0 on success. + * @return BAD_FUNC_ARG when name is not a known test case name. + */ +int ApiTest_RunPartName(char* name) +{ + int i; + int cnt = 0; + + for (i = 0; i < TEST_CASE_CNT; i++) { + if (XSTRSTR(testCases[i].name, name) != NULL) { + cnt++; + testAll = 0; + testCases[i].run = 1; + } + } + if (cnt > 0) + return 0; + + printf("Not found a test case with: %s\n", name); + printf("Use --list to see all test case names.\n"); + return BAD_FUNC_ARG; +} + +/* Add test case with name to the list to run. + * + * @param [in] name Name of test case to run. + * @return 0 on success. + * @return BAD_FUNC_ARG when name is not a known test case name. + */ +int ApiTest_RunName(char* name) +{ + int i; + + for (i = 0; i < TEST_CASE_CNT; i++) { + if (XSTRCMP(testCases[i].name, name) == 0) { + testAll = 0; + testCases[i].run = 1; + return 0; + } + } + + printf("Test case name not found: %s\n", name); + printf("Use --list to see all test case names.\n"); + return BAD_FUNC_ARG; +} + +/* Converts the result code to a string. + * + * @param [in] res Test result code. + * @return String describing test result. + */ +static const char* apitest_res_string(int res) +{ + const char* str = "invalid result"; + + switch (res) { + case TEST_SUCCESS: + str = "passed"; + break; + case TEST_FAIL: + str = "failed"; + break; + case TEST_SKIPPED: + str = "skipped"; + break; + } + + return str; +} + +#ifndef WOLFSSL_UNIT_TEST_NO_TIMING +static double gettime_secs(void) + #if defined(_WIN32) && (defined(_MSC_VER) || defined(__WATCOMC__)) + { + /* there's no gettimeofday for Windows, so we'll use system time */ + #define EPOCH_DIFF 11644473600LL + FILETIME currentFileTime; + ULARGE_INTEGER uli = { 0, 0 }; + + #if defined(__WATCOMC__) + GetSystemTimeAsFileTime(¤tFileTime); + #else + GetSystemTimePreciseAsFileTime(¤tFileTime); + #endif + + uli.LowPart = currentFileTime.dwLowDateTime; + uli.HighPart = currentFileTime.dwHighDateTime; + + /* Convert to seconds since Unix epoch */ + return (double)((uli.QuadPart - (EPOCH_DIFF * 10000000)) / 10000000.0); + } + #else + { + struct timeval tv; + LIBCALL_CHECK_RET(gettimeofday(&tv, 0)); + + return (double)tv.tv_sec + (double)tv.tv_usec / 1000000.0; + } + #endif +#endif + +int ApiTest(void) +{ + int i; + int ret; + int res = 0; +#ifndef WOLFSSL_UNIT_TEST_NO_TIMING + double timeDiff; +#endif + int passed = 0; + int skipped = 0; + int failed = 0; + + printf(" Begin API Tests\n"); + fflush(stdout); + + /* we must perform init and cleanup if not all tests are running */ + if (!testAll) { + #ifdef WOLFCRYPT_ONLY + if (wolfCrypt_Init() != 0) { + printf("wolfCrypt Initialization failed\n"); + res = 1; + } + #else + if (wolfSSL_Init() != WOLFSSL_SUCCESS) { + printf("wolfSSL Initialization failed\n"); + res = 1; + } + #endif + } + + #ifdef WOLFSSL_DUMP_MEMIO_STREAM + if (res == 0) { + if (create_tmp_dir(tmpDirName, sizeof(tmpDirName) - 1) == NULL) { + printf("failed to create tmp dir\n"); + res = 1; + } + else { + tmpDirNameSet = 1; + } + } + #endif + + if (res == 0) { + const char* lastGroup = NULL; + + for (i = 0; i < TEST_CASE_CNT; ++i) { + EXPECT_DECLS; + + #ifdef WOLFSSL_DUMP_MEMIO_STREAM + currentTestName = testCases[i].name; + #endif + + /* When not testing all cases then skip if not marked for running. + */ + if (!testAll && !testCases[i].run) { + continue; + } + + TestSetup(); + + if ((lastGroup != NULL) && ((testCases[i].group == NULL) || + XSTRCMP(testCases[i].group, lastGroup) != 0)) { + printf(" Group %s DONE\n", lastGroup); + } + if ((testCases[i].group != NULL) && ((lastGroup == NULL) || + XSTRCMP(testCases[i].group, lastGroup) != 0)) { + printf(" Group %s START\n", testCases[i].group); + } + lastGroup = testCases[i].group; + + printf(" %4d: %-51s:", i + 1, testCases[i].name); + fflush(stdout); + #ifndef WOLFSSL_UNIT_TEST_NO_TIMING + timeDiff = gettime_secs(); + #endif + ret = testCases[i].func(); + #ifndef WOLFSSL_UNIT_TEST_NO_TIMING + timeDiff = gettime_secs() - timeDiff; + #endif + #ifndef WOLFSSL_UNIT_TEST_NO_TIMING + if (ret != TEST_SKIPPED) { + printf(" %s (%9.5lf)\n", apitest_res_string(ret), timeDiff); + } + else + #endif + { + printf(" %s\n", apitest_res_string(ret)); + } + fflush(stdout); + /* if return code is < 0 and not skipped then assert error */ + Expect((ret > 0 || ret == TEST_SKIPPED), + ("Test failed\n"), + ("ret %d", ret)); + testCases[i].fail = ((ret <= 0) && (ret != TEST_SKIPPED)); + res |= ((ret <= 0) && (ret != TEST_SKIPPED)); + + if (testCases[i].fail) + failed++; + else if (ret == TEST_SKIPPED) + skipped++; + else + passed++; + + TestCleanup(); + + if (testCases[i].fail && stopOnFail) { + testAll = 0; + break; + } + } + if (lastGroup != NULL) { + printf(" Group %s DONE\n", lastGroup); + } + } + +#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \ + && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE)) + wc_ecc_fp_free(); /* free per thread cache */ +#endif + + if (!testAll) { + #ifdef WOLFCRYPT_ONLY + wolfCrypt_Cleanup(); + #else + wolfSSL_Cleanup(); + #endif + } + + (void)testDevId; + + if (res != 0) { + printf("\nFAILURES:\n"); + for (i = 0; i < TEST_CASE_CNT; ++i) { + if (testCases[i].fail) { + printf(" %3d: %s\n", i + 1, testCases[i].name); + } + } + printf("\n"); + fflush(stdout); + } + +#ifdef WOLFSSL_DUMP_MEMIO_STREAM + if (tmpDirNameSet) { + printf("\nBinary dumps of the memio streams can be found in the\n" + "%s directory. This can be imported into\n" + "Wireshark by transforming the file with\n" + "\tod -Ax -tx1 -v stream.dump > stream.dump.hex\n" + "And then loading test_output.dump.hex into Wireshark using\n" + "the \"Import from Hex Dump...\" option and selecting the\n" + "TCP encapsulation option.\n", tmpDirName); + } +#endif + + printf(" End API Tests\n"); + printf(" Failed/Skipped/Passed/All: %d/%d/%d/%d\n", failed, skipped, passed, + failed + skipped + passed); + fflush(stdout); + return res; +} diff --git a/test/ssl/wolfssl/tests/api/api.h b/test/ssl/wolfssl/tests/api/api.h new file mode 100644 index 000000000..125ec273d --- /dev/null +++ b/test/ssl/wolfssl/tests/api/api.h @@ -0,0 +1,229 @@ +/* api.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_API_H +#define WOLFCRYPT_TEST_API_H + + +/* force enable test buffers */ +#ifndef USE_CERT_BUFFERS_2048 + #define USE_CERT_BUFFERS_2048 +#endif +#ifndef USE_CERT_BUFFERS_256 + #define USE_CERT_BUFFERS_256 +#endif +#include + + +#ifndef HEAP_HINT + #define HEAP_HINT NULL +#endif + + +#define TEST_STRING "Everyone gets Friday off." +#define TEST_STRING_SZ 25 + + +#ifndef ONEK_BUF + #define ONEK_BUF 1024 +#endif +#ifndef TWOK_BUF + #define TWOK_BUF 2048 +#endif +#ifndef FOURK_BUF + #define FOURK_BUF 4096 +#endif + + +#ifndef NO_RSA +#define GEN_BUF 294 + +#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \ + (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024)) +#define TEST_RSA_BITS 1024 +#else +#define TEST_RSA_BITS 2048 +#endif +#define TEST_RSA_BYTES (TEST_RSA_BITS/8) +#endif /* !NO_RSA */ + +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find + * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps + * trying until it gets a probable prime. */ + #ifdef HAVE_FIPS + extern int MakeRsaKeyRetry(RsaKey* key, int size, long e, WC_RNG* rng); + #define MAKE_RSA_KEY(a, b, c, d) MakeRsaKeyRetry(a, b, c, d) + #else + #define MAKE_RSA_KEY(a, b, c, d) wc_MakeRsaKey(a, b, c, d) + #endif +#endif + +#ifndef NO_DSA + #ifndef DSA_SIG_SIZE + #define DSA_SIG_SIZE 40 + #endif + #ifndef MAX_DSA_PARAM_SIZE + #define MAX_DSA_PARAM_SIZE 256 + #endif +#endif + +#ifdef HAVE_ECC + #ifndef ECC_ASN963_MAX_BUF_SZ + #define ECC_ASN963_MAX_BUF_SZ 133 + #endif + #ifndef ECC_PRIV_KEY_BUF + #define ECC_PRIV_KEY_BUF 66 /* For non user defined curves. */ + #endif + /* ecc key sizes: 14, 16, 20, 24, 28, 30, 32, 40, 48, 64 */ + /* logic to choose right key ECC size */ + #if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112 + #define KEY14 14 + #else + #define KEY14 32 + #endif + #if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128 + #define KEY16 16 + #else + #define KEY16 32 + #endif + #if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 + #define KEY20 20 + #else + #define KEY20 32 + #endif + #if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 + #define KEY24 24 + #else + #define KEY24 32 + #endif + #if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) + #define KEY28 28 + #else + #define KEY28 32 + #endif + #if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) + #define KEY30 30 + #else + #define KEY30 32 + #endif + #define KEY32 32 + #if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES) + #define KEY40 40 + #else + #define KEY40 32 + #endif + #if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) + #define KEY48 48 + #else + #define KEY48 32 + #endif + #if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) + #define KEY64 64 + #else + #define KEY64 32 + #endif + + #if !defined(HAVE_COMP_KEY) + #if !defined(NOCOMP) + #define NOCOMP 0 + #endif + #else + #if !defined(COMP) + #define COMP 1 + #endif + #endif + #if !defined(DER_SZ) + #define DER_SZ(ks) ((ks) * 2 + 1) + #endif +#endif /* HAVE_ECC */ +#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV + /* FIPS build has replaced ecc.h. */ + #define wc_ecc_key_get_priv(key) (&((key)->k)) + #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV +#endif + +/* Returns the result based on whether check is true. + * + * @param [in] check Condition for success. + * @return When condition is true: TEST_SUCCESS. + * @return When condition is false: TEST_FAIL. + */ +#ifdef DEBUG_WOLFSSL_VERBOSE +#define XSTRINGIFY(s) STRINGIFY(s) +#define STRINGIFY(s) #s +#define TEST_RES_CHECK(check) ({ \ + int _ret = (check) ? TEST_SUCCESS : TEST_FAIL; \ + if (_ret == TEST_FAIL) { \ + fprintf(stderr, " check \"%s\" at %d ", \ + XSTRINGIFY(check), __LINE__); \ + } \ + _ret; }) +#else +#define TEST_RES_CHECK(check) \ + ((check) ? TEST_SUCCESS : TEST_FAIL) +#endif /* DEBUG_WOLFSSL_VERBOSE */ + +#define PRINT_DATA(name, data, len) \ +do { \ + int ii; \ + fprintf(stderr, "%s\n", name); \ + for (ii = 0; ii < (int)(len); ii++) { \ + if ((ii % 8) == 0) \ + fprintf(stderr, " "); \ + fprintf(stderr, "0x%02x,", (data)[ii]); \ + if ((ii % 8) == 7) \ + fprintf(stderr, "\n"); \ + else \ + fprintf(stderr, " "); \ + } \ + fprintf(stderr, "\n"); \ +} while (0) + +#define PRINT_DATA_STR(name, data, len) \ +do { \ + int ii; \ + fprintf(stderr, "%s\n", name); \ + for (ii = 0; ii < (int)(len); ii++) { \ + if ((ii % 8) == 0) \ + fprintf(stderr, " \""); \ + fprintf(stderr, "\\x%02x", (data)[ii]); \ + if ((ii % 8) == 7) \ + fprintf(stderr, "\"\n"); \ + } \ + if ((ii % 8) != 0) \ + fprintf(stderr, "\""); \ + fprintf(stderr, "\n"); \ +} while (0) + +typedef struct testVector { + const char* input; + const char* output; + size_t inLen; + size_t outLen; +} testVector; + + +extern int testDevId; + +#endif /* WOLFCRYPT_TEST_API_H */ + diff --git a/test/ssl/wolfssl/tests/api/api_decl.h b/test/ssl/wolfssl/tests/api/api_decl.h new file mode 100644 index 000000000..5e3280abc --- /dev/null +++ b/test/ssl/wolfssl/tests/api/api_decl.h @@ -0,0 +1,38 @@ +/* api_decl.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_API_DECL_H +#define WOLFCRYPT_TEST_API_DECL_H + +typedef int (*TEST_FUNC)(void); +typedef struct { + const char *group; + const char *name; + TEST_FUNC func; + byte run:1; + byte fail:1; +} TEST_CASE; + +#define TEST_DECL(func) { NULL, #func, func, 0, 0 } +#define TEST_DECL_GROUP(group, func) { group, #func, func, 0, 0 } + +#endif /* WOLFCRYPT_TEST_API_DECL_H */ + diff --git a/test/ssl/wolfssl/tests/api/test_aes.c b/test/ssl/wolfssl/tests/api/test_aes.c new file mode 100644 index 000000000..97186ecfc --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_aes.c @@ -0,0 +1,4919 @@ +/* test_aes.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/******************************************************************************* + * AES + ******************************************************************************/ + +#ifndef NO_AES +static int test_wc_AesSetKey_BadArgs(Aes* aes, byte* key, word32 keyLen, + byte* iv) +{ + EXPECT_DECLS; + + ExpectIntEQ(wc_AesSetKey(NULL, NULL, keyLen, iv, AES_ENCRYPTION), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesSetKey(NULL, key , keyLen, iv, AES_ENCRYPTION), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesSetKey(aes , key , 48 , iv, AES_ENCRYPTION), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + return EXPECT_RESULT(); +} + +static int test_wc_AesSetKey_WithKey(Aes* aes, byte* key, word32 keyLen, + byte* iv, int ret) +{ + EXPECT_DECLS; + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, iv, AES_ENCRYPTION), ret); + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_DECRYPTION), ret); + + return EXPECT_RESULT(); +} +#endif + +/* + * Testing function for wc_AesSetKey(). + */ +int test_wc_AesSetKey(void) +{ + EXPECT_DECLS; +#ifndef NO_AES + Aes aes; + byte key16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 + }; + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte badKey16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 + }; + byte iv[] = "1234567890abcdef"; + byte* key; + word32 keyLen; + +#if defined(WOLFSSL_AES_128) + key = key16; + keyLen = (word32)sizeof(key16) / sizeof(byte); +#elif defined(WOLFSSL_AES_192) + key = key24; + keyLen = (word32)sizeof(key24) / sizeof(byte); +#else + key = key32; + keyLen = (word32)sizeof(key32) / sizeof(byte); +#endif + + XMEMSET(&aes, 0, sizeof(Aes)); + + ExpectIntEQ(wc_AesInit(NULL, NULL, INVALID_DEVID), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + + EXPECT_TEST(test_wc_AesSetKey_BadArgs(&aes, key, keyLen, iv)); + +#ifdef WOLFSSL_AES_128 + EXPECT_TEST(test_wc_AesSetKey_WithKey(&aes, key16, + (word32)sizeof(key16) / sizeof(byte), iv, 0)); +#else + EXPECT_TEST(test_wc_AesSetKey_WithKey(&aes, key16, + (word32)sizeof(key16) / sizeof(byte), iv, BAD_FUNC_ARG)); +#endif +#ifdef WOLFSSL_AES_192 + EXPECT_TEST(test_wc_AesSetKey_WithKey(&aes, key24, + (word32)sizeof(key24) / sizeof(byte), iv, 0)); +#else + EXPECT_TEST(test_wc_AesSetKey_WithKey(&aes, key24, + (word32)sizeof(key24) / sizeof(byte), iv, BAD_FUNC_ARG)); +#endif +#ifdef WOLFSSL_AES_256 + EXPECT_TEST(test_wc_AesSetKey_WithKey(&aes, key32, + (word32)sizeof(key32) / sizeof(byte), iv, 0)); +#else + EXPECT_TEST(test_wc_AesSetKey_WithKey(&aes, key32, + (word32)sizeof(key32) / sizeof(byte), iv, BAD_FUNC_ARG)); +#endif + + ExpectIntEQ(wc_AesSetKey(&aes, badKey16, + (word32)sizeof(badKey16) / sizeof(byte), iv, AES_ENCRYPTION), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_AesFree(&aes); +#endif + return EXPECT_RESULT(); +} /* END test_wc_AesSetKey */ + +/* + * Testing function for wc_AesSetIV + */ +int test_wc_AesSetIV(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) + Aes aes; +#if defined(WOLFSSL_AES_128) + byte key16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; +#endif + byte iv1[] = "1234567890abcdef"; + byte iv2[] = "0987654321fedcba"; + + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + +#if defined(WOLFSSL_AES_128) + ExpectIntEQ(wc_AesSetKey(&aes, key16, (word32) sizeof(key16) / sizeof(byte), + iv1, AES_ENCRYPTION), 0); +#endif + ExpectIntEQ(wc_AesSetIV(&aes, iv2), 0); + + ExpectIntEQ(wc_AesSetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesSetIV(NULL, iv1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesSetIV(&aes, NULL), 0); + + wc_AesFree(&aes); +#endif + return EXPECT_RESULT(); +} /* test_wc_AesSetIV */ + + +/******************************************************************************* + * AES Direct + ******************************************************************************/ + +#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) && \ + (!defined(HAVE_FIPS) || !defined(HAVE_FIPS_VERSION) || \ + (HAVE_FIPS_VERSION > 6)) && !defined(HAVE_SELFTEST) +static int test_wc_AesEncryptDecryptDirect_WithKey(Aes* aes, byte* key, + word32 keyLen, byte* expected) +{ + EXPECT_DECLS; + byte plain[WC_AES_BLOCK_SIZE]; + byte cipher[WC_AES_BLOCK_SIZE]; +#ifdef HAVE_AES_DECRYPT + byte decrypted[WC_AES_BLOCK_SIZE]; +#endif + + XMEMSET(plain, 0, WC_AES_BLOCK_SIZE); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_ENCRYPTION), 0); + + ExpectIntEQ(wc_AesEncryptDirect(NULL, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_AesEncryptDirect(aes, cipher, plain), 0); + ExpectBufEQ(cipher, expected, WC_AES_BLOCK_SIZE); + +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_DECRYPTION), 0); + ExpectIntEQ(wc_AesDecryptDirect(NULL, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesDecryptDirect(aes, decrypted, cipher), 0); + ExpectBufEQ(decrypted, plain, WC_AES_BLOCK_SIZE); +#endif + + return EXPECT_RESULT(); +} +#endif + +int test_wc_AesEncryptDecryptDirect(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(WOLFSSL_AES_DIRECT) && \ + (!defined(HAVE_FIPS) || !defined(HAVE_FIPS_VERSION) || \ + (HAVE_FIPS_VERSION > 6)) && !defined(HAVE_SELFTEST) + Aes aes; +#if defined(WOLFSSL_AES_128) + byte key16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte expected16[WC_AES_BLOCK_SIZE] = { + 0x0b, 0x9b, 0x15, 0xda, 0x4b, 0x44, 0xa0, 0xf5, + 0x15, 0x1d, 0xcf, 0xc4, 0xc0, 0x1f, 0x35, 0xd5, + }; +#endif +#if defined(WOLFSSL_AES_192) + byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte expected24[WC_AES_BLOCK_SIZE] = { + 0xbe, 0x55, 0x02, 0x05, 0xfc, 0x91, 0xe8, 0x9c, + 0x9b, 0x9c, 0xc4, 0x70, 0x93, 0xb9, 0x0a, 0x08, + }; +#endif +#if defined(WOLFSSL_AES_256) + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte expected32[WC_AES_BLOCK_SIZE] = { + 0x7d, 0xbd, 0x88, 0x27, 0x2f, 0xb2, 0x59, 0x37, + 0x69, 0x2a, 0x3b, 0x81, 0x00, 0x47, 0x41, 0x75, + }; +#endif + + XMEMSET(&aes, 0, sizeof(Aes)); + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + +#ifdef WOLFSSL_AES_128 + EXPECT_TEST(test_wc_AesEncryptDecryptDirect_WithKey(&aes, key16, + (word32)sizeof(key16) / sizeof(byte), expected16)); +#endif +#ifdef WOLFSSL_AES_192 + EXPECT_TEST(test_wc_AesEncryptDecryptDirect_WithKey(&aes, key24, + (word32)sizeof(key24) / sizeof(byte), expected24)); +#endif +#ifdef WOLFSSL_AES_256 + EXPECT_TEST(test_wc_AesEncryptDecryptDirect_WithKey(&aes, key32, + (word32)sizeof(key32) / sizeof(byte), expected32)); +#endif + + wc_AesFree(&aes); +#endif + return EXPECT_RESULT(); +} + +/******************************************************************************* + * AES-ECB + ******************************************************************************/ + +#if !defined(NO_AES) && defined(HAVE_AES_ECB) +/* Assembly code doing 8 iterations at a time. */ +#define ECB_LEN (9 * WC_AES_BLOCK_SIZE) + +static int test_wc_AesEcbEncryptDecrypt_BadArgs(Aes* aes, byte* key, + word32 keyLen) +{ + EXPECT_DECLS; + byte plain[WC_AES_BLOCK_SIZE]; + byte cipher[WC_AES_BLOCK_SIZE]; + byte decrypted[WC_AES_BLOCK_SIZE]; + + XMEMSET(plain, 0, WC_AES_BLOCK_SIZE); + XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_DECRYPTION), 0); + ExpectIntEQ(wc_AesEcbEncrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEcbEncrypt(aes, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEcbEncrypt(NULL, cipher, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEcbEncrypt(NULL, NULL, plain, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEcbEncrypt(aes, cipher, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEcbEncrypt(aes, NULL, plain, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEcbEncrypt(NULL, cipher, plain, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_DECRYPTION), 0); + ExpectIntEQ(wc_AesEcbDecrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEcbDecrypt(aes, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEcbDecrypt(NULL, decrypted, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEcbDecrypt(NULL, NULL, cipher, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEcbDecrypt(aes, decrypted, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEcbDecrypt(aes, NULL, cipher, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEcbDecrypt(NULL, decrypted, cipher, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + return EXPECT_RESULT(); +} + +static int test_wc_AesEcbEncryptDecrypt_WithKey(Aes* aes, byte* key, + word32 keyLen, byte* expected) +{ + EXPECT_DECLS; + WC_DECLARE_VAR(plain, byte, ECB_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, ECB_LEN, NULL); + WC_DECLARE_VAR(decrypted, byte, ECB_LEN, NULL); + + WC_ALLOC_VAR(plain, byte, ECB_LEN, NULL); + WC_ALLOC_VAR(cipher, byte, ECB_LEN, NULL); + WC_ALLOC_VAR(decrypted, byte, ECB_LEN, NULL); + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(plain); + ExpectNotNull(cipher); + ExpectNotNull(decrypted); +#endif + + XMEMSET(plain, 0, ECB_LEN); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_ENCRYPTION), 0); + ExpectIntEQ(wc_AesEcbEncrypt(aes, cipher, plain, WC_AES_BLOCK_SIZE), 0); + ExpectBufEQ(cipher, expected, WC_AES_BLOCK_SIZE); + +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_DECRYPTION), 0); + ExpectIntEQ(wc_AesEcbDecrypt(aes, decrypted, cipher, WC_AES_BLOCK_SIZE), + 0); + ExpectBufEQ(decrypted, plain, WC_AES_BLOCK_SIZE); +#endif + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_ENCRYPTION), 0); + ExpectIntEQ(wc_AesEcbEncrypt(aes, cipher, plain, 32), 0); + ExpectBufEQ(cipher + WC_AES_BLOCK_SIZE, cipher, WC_AES_BLOCK_SIZE); + ExpectBufEQ(cipher, expected, WC_AES_BLOCK_SIZE); +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_DECRYPTION), 0); + ExpectIntEQ(wc_AesEcbDecrypt(aes, decrypted, cipher, 32), 0); + ExpectBufEQ(decrypted, plain, 32); +#endif + + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); + WC_FREE_VAR(decrypted, NULL); + return EXPECT_RESULT(); +} + +static int test_wc_AesEcbEncryptDecrypt_MultiBlocks(Aes* aes, byte* key, + word32 keyLen, byte* expected) +{ + EXPECT_DECLS; + int sz; + int cnt; + WC_DECLARE_VAR(plain, byte, ECB_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, ECB_LEN, NULL); + WC_DECLARE_VAR(decrypted, byte, ECB_LEN, NULL); + + WC_ALLOC_VAR(plain, byte, ECB_LEN, NULL); + WC_ALLOC_VAR(cipher, byte, ECB_LEN, NULL); + WC_ALLOC_VAR(decrypted, byte, ECB_LEN, NULL); + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(plain); + ExpectNotNull(cipher); + ExpectNotNull(decrypted); +#endif + + XMEMSET(plain, 0, ECB_LEN); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_ENCRYPTION), 0); + /* Test multiple blocks. */ + for (sz = WC_AES_BLOCK_SIZE; sz <= ECB_LEN; sz += WC_AES_BLOCK_SIZE) { + XMEMSET(cipher, 0x00, ECB_LEN); + for (cnt = 0; cnt + sz <= ECB_LEN; cnt += sz) { + ExpectIntEQ(wc_AesEcbEncrypt(aes, cipher + cnt, plain + cnt, sz), + 0); + } + if (cnt < ECB_LEN) { + ExpectIntEQ(wc_AesEcbEncrypt(aes, cipher + cnt, plain + cnt, + ECB_LEN - cnt), 0); + } + for (cnt = 0; cnt < ECB_LEN; cnt += WC_AES_BLOCK_SIZE) { + ExpectBufEQ(cipher + cnt, expected, WC_AES_BLOCK_SIZE); + } + } +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_DECRYPTION), 0); + for (sz = WC_AES_BLOCK_SIZE; sz <= ECB_LEN; sz += WC_AES_BLOCK_SIZE) { + XMEMSET(decrypted, 0xff, ECB_LEN); + for (cnt = 0; cnt + sz <= ECB_LEN; cnt += sz) { + ExpectIntEQ(wc_AesEcbDecrypt(aes, decrypted + cnt, cipher + cnt, + sz), 0); + } + if (cnt < ECB_LEN) { + ExpectIntEQ(wc_AesEcbDecrypt(aes, decrypted + cnt, cipher + cnt, + ECB_LEN - cnt), 0); + } + for (cnt = 0; cnt < ECB_LEN; cnt += WC_AES_BLOCK_SIZE) { + ExpectBufEQ(decrypted + cnt, plain, WC_AES_BLOCK_SIZE); + } + } +#endif + + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); + WC_FREE_VAR(decrypted, NULL); + return EXPECT_RESULT(); +} + +static int test_wc_AesEcbEncryptDecrypt_SameBuffer(Aes* aes, byte* key, + word32 keyLen, byte* expected) +{ + EXPECT_DECLS; + int cnt; + WC_DECLARE_VAR(plain, byte, ECB_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, ECB_LEN, NULL); + + WC_ALLOC_VAR(plain, byte, ECB_LEN, NULL); + WC_ALLOC_VAR(cipher, byte, ECB_LEN, NULL); + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(plain); + ExpectNotNull(cipher); +#endif + + XMEMSET(plain, 0, ECB_LEN); + + /* Testing using same buffer for input and output. */ + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_ENCRYPTION), 0); + XMEMCPY(cipher, plain, ECB_LEN); + ExpectIntEQ(wc_AesEcbEncrypt(aes, cipher, cipher, ECB_LEN), 0); + for (cnt = 0; cnt < ECB_LEN; cnt += WC_AES_BLOCK_SIZE) { + ExpectBufEQ(cipher + cnt, expected, WC_AES_BLOCK_SIZE); + } +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, + NULL, AES_DECRYPTION), 0); + ExpectIntEQ(wc_AesEcbDecrypt(aes, cipher, cipher, ECB_LEN), 0); + for (cnt = 0; cnt < ECB_LEN; cnt += WC_AES_BLOCK_SIZE) { + ExpectBufEQ(cipher + cnt, plain, WC_AES_BLOCK_SIZE); + } +#endif + + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); + return EXPECT_RESULT(); +} +#endif + +int test_wc_AesEcbEncryptDecrypt(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AES_ECB) + Aes aes; +#if defined(WOLFSSL_AES_128) + byte key16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte expected16[WC_AES_BLOCK_SIZE] = { + 0x0b, 0x9b, 0x15, 0xda, 0x4b, 0x44, 0xa0, 0xf5, + 0x15, 0x1d, 0xcf, 0xc4, 0xc0, 0x1f, 0x35, 0xd5, + }; +#endif +#if defined(WOLFSSL_AES_192) + byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte expected24[WC_AES_BLOCK_SIZE] = { + 0xbe, 0x55, 0x02, 0x05, 0xfc, 0x91, 0xe8, 0x9c, + 0x9b, 0x9c, 0xc4, 0x70, 0x93, 0xb9, 0x0a, 0x08, + }; +#endif +#if defined(WOLFSSL_AES_256) + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte expected32[WC_AES_BLOCK_SIZE] = { + 0x7d, 0xbd, 0x88, 0x27, 0x2f, 0xb2, 0x59, 0x37, + 0x69, 0x2a, 0x3b, 0x81, 0x00, 0x47, 0x41, 0x75, + }; +#endif + byte* key; + word32 keyLen; + byte* expected; + +#if defined(WOLFSSL_AES_128) + key = key16; + keyLen = (word32)sizeof(key16) / sizeof(byte); + expected = expected16; +#elif defined(WOLFSSL_AES_192) + key = key24; + keyLen = (word32)sizeof(key24) / sizeof(byte); + expected = expected24; +#else + key = key32; + keyLen = (word32)sizeof(key32) / sizeof(byte); + expected = expected32; +#endif + + XMEMSET(&aes, 0, sizeof(Aes)); + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + + EXPECT_TEST(test_wc_AesEcbEncryptDecrypt_BadArgs(&aes, key, keyLen)); + +#if defined(WOLFSSL_AES_128) + EXPECT_TEST(test_wc_AesEcbEncryptDecrypt_WithKey(&aes, key16, + (word32)sizeof(key16) / sizeof(byte), expected16)); +#endif +#if defined(WOLFSSL_AES_192) + EXPECT_TEST(test_wc_AesEcbEncryptDecrypt_WithKey(&aes, key24, + (word32)sizeof(key24) / sizeof(byte), expected24)); +#endif +#if defined(WOLFSSL_AES_256) + EXPECT_TEST(test_wc_AesEcbEncryptDecrypt_WithKey(&aes, key32, + (word32)sizeof(key32) / sizeof(byte), expected32)); +#endif + + EXPECT_TEST(test_wc_AesEcbEncryptDecrypt_MultiBlocks(&aes, key, keyLen, + expected)); + EXPECT_TEST(test_wc_AesEcbEncryptDecrypt_SameBuffer(&aes, key, keyLen, + expected)); + + wc_AesFree(&aes); +#endif + return EXPECT_RESULT(); +} + +/******************************************************************************* + * AES-CBC + ******************************************************************************/ + +#if !defined(NO_AES) && defined(HAVE_AES_CBC) +/* Assembly code doing 8 iterations at a time. */ +#define CBC_LEN (9 * WC_AES_BLOCK_SIZE) + +static int test_wc_AesCbcEncryptDecrypt_BadArgs(Aes* aes, byte* key, + word32 keyLen, byte* iv) +{ + EXPECT_DECLS; + byte plain[WC_AES_BLOCK_SIZE]; + byte cipher[WC_AES_BLOCK_SIZE]; + byte decrypted[WC_AES_BLOCK_SIZE]; + + XMEMSET(plain, 0, WC_AES_BLOCK_SIZE); + XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE); + XMEMSET(decrypted, 0, WC_AES_BLOCK_SIZE); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, iv, AES_ENCRYPTION), 0); + ExpectIntEQ(wc_AesCbcEncrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcEncrypt(aes, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcEncrypt(NULL, cipher, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcEncrypt(NULL, NULL, plain, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcEncrypt(aes, cipher, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcEncrypt(aes, NULL, plain, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcEncrypt(NULL, cipher, plain, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, iv, AES_DECRYPTION), 0); + ExpectIntEQ(wc_AesCbcDecrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecrypt(aes, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecrypt(NULL, decrypted, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecrypt(NULL, NULL, cipher, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecrypt(aes, decrypted, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecrypt(aes, NULL, cipher, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecrypt(NULL, decrypted, cipher, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_AesCbcDecryptWithKey(NULL, NULL, 0, NULL, keyLen, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecryptWithKey(decrypted, NULL, 0, NULL, keyLen, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecryptWithKey(NULL, cipher, 0, NULL, keyLen, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecryptWithKey(NULL, NULL, 0, key, keyLen, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecryptWithKey(NULL, NULL, 0, NULL, keyLen, iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecryptWithKey(decrypted, cipher, + WC_AES_BLOCK_SIZE * 2, key, keyLen, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecryptWithKey(decrypted, cipher, + WC_AES_BLOCK_SIZE * 2, NULL, keyLen, iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecryptWithKey(decrypted, NULL, + WC_AES_BLOCK_SIZE * 2, key, keyLen, iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCbcDecryptWithKey(NULL, cipher, + WC_AES_BLOCK_SIZE * 2, key, keyLen, iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + return EXPECT_RESULT(); +} + +static int test_wc_AesCbcEncryptDecrypt_WithKey(Aes* aes, byte* key, + word32 keyLen, byte* iv, byte* vector, byte* vector_enc, word32 vector_len) +{ + EXPECT_DECLS; + byte plain[WC_AES_BLOCK_SIZE * 2]; + byte cipher[WC_AES_BLOCK_SIZE * 2]; + byte decrypted[WC_AES_BLOCK_SIZE * 2]; + + XMEMSET(plain, 0, WC_AES_BLOCK_SIZE * 2); + XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE * 2); + XMEMSET(decrypted, 0, WC_AES_BLOCK_SIZE * 2); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, iv, AES_ENCRYPTION), 0); +#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION == 2) && defined(WOLFSSL_AESNI) + fprintf(stderr, "Zero length inputs not supported with AESNI in FIPS " + "mode (v2), skip test"); +#else + /* Test passing in size of 0 */ + XMEMSET(cipher, 0x00, WC_AES_BLOCK_SIZE * 2); + ExpectIntEQ(wc_AesCbcEncrypt(aes, cipher, vector, 0), 0); + /* Check enc was not modified */ + { + int i; + for (i = 0; i < (int)WC_AES_BLOCK_SIZE * 2; i++) + ExpectIntEQ(cipher[i], 0x00); + } +#endif + ExpectIntEQ(wc_AesCbcEncrypt(aes, cipher, vector, vector_len), + 0); + ExpectBufEQ(cipher, vector_enc, vector_len); +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + ExpectIntEQ(wc_AesCbcEncrypt(aes, cipher, vector, vector_len - 1), + WC_NO_ERR_TRACE(BAD_LENGTH_E)); +#endif + +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, iv, AES_DECRYPTION), 0); + ExpectIntEQ(wc_AesCbcDecrypt(aes, decrypted, cipher, + WC_AES_BLOCK_SIZE * 2), 0); + ExpectBufEQ(decrypted, vector, vector_len); +#ifdef WOLFSSL_AES_CBC_LENGTH_CHECKS + ExpectIntEQ(wc_AesCbcDecrypt(aes, decrypted, cipher, + WC_AES_BLOCK_SIZE * 2 - 1), WC_NO_ERR_TRACE(BAD_LENGTH_E)); +#else + ExpectIntEQ(wc_AesCbcDecrypt(aes, decrypted, cipher, + WC_AES_BLOCK_SIZE * 2 - 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + ExpectIntEQ(wc_AesCbcDecryptWithKey(decrypted, cipher, + WC_AES_BLOCK_SIZE * 2, key, keyLen, iv), 0); + ExpectBufEQ(decrypted, vector, vector_len); + + /* Test passing in size of 0 */ + XMEMSET(decrypted, 0, WC_AES_BLOCK_SIZE * 2); + ExpectIntEQ(wc_AesCbcDecrypt(aes, decrypted, cipher, 0), 0); + /* Check dec was not modified */ + { + int i; + for (i = 0; i < (int)WC_AES_BLOCK_SIZE * 2; i++) + ExpectIntEQ(decrypted[i], 0); + } +#endif + + return EXPECT_RESULT(); +} + +static int test_wc_AesCbcEncryptDecrypt_MultiBlocks(Aes* aes, byte* key, + word32 keyLen, byte* iv, byte* expected) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_KCAPI + (void)aes; + (void)key; + (void)keyLen; + (void)iv; + (void)expected; +#else /* !WOLFSSL_KCAPI */ + int sz; + int cnt; + WC_DECLARE_VAR(plain, byte, CBC_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, CBC_LEN, NULL); + WC_DECLARE_VAR(decrypted, byte, CBC_LEN, NULL); + + WC_ALLOC_VAR(plain, byte, CBC_LEN, NULL); + WC_ALLOC_VAR(cipher, byte, CBC_LEN, NULL); + WC_ALLOC_VAR(decrypted, byte, CBC_LEN, NULL); + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(plain); + ExpectNotNull(cipher); + ExpectNotNull(decrypted); +#endif + + + XMEMSET(plain, 0, CBC_LEN); + XMEMSET(cipher, 0, CBC_LEN); + XMEMSET(decrypted, 0, CBC_LEN); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_ENCRYPTION), 0); + /* Test multiple blocks. */ + for (sz = WC_AES_BLOCK_SIZE; sz <= CBC_LEN; sz += WC_AES_BLOCK_SIZE) { + XMEMSET(cipher, 0x00, CBC_LEN); + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + for (cnt = 0; cnt + sz <= CBC_LEN; cnt += sz) { + ExpectIntEQ(wc_AesCbcEncrypt(aes, cipher + cnt, plain + cnt, sz), + 0); + } + if (cnt < CBC_LEN) { + ExpectIntEQ(wc_AesCbcEncrypt(aes, cipher + cnt, plain + cnt, + CBC_LEN - cnt), 0); + } + ExpectBufEQ(cipher, expected, CBC_LEN); + } +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_DECRYPTION), 0); + for (sz = WC_AES_BLOCK_SIZE; sz <= CBC_LEN; sz += WC_AES_BLOCK_SIZE) { + XMEMSET(decrypted, 0xff, CBC_LEN); + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + for (cnt = 0; cnt + sz <= CBC_LEN; cnt += sz) { + ExpectIntEQ(wc_AesCbcDecrypt(aes, decrypted + cnt, cipher + cnt, + sz), 0); + } + if (cnt < CBC_LEN) { + ExpectIntEQ(wc_AesCbcDecrypt(aes, decrypted + cnt, cipher + cnt, + CBC_LEN - cnt), 0); + } + ExpectBufEQ(decrypted, plain, CBC_LEN); + } +#endif + + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); + WC_FREE_VAR(decrypted, NULL); +#endif /* !WOLFSSL_KCAPI */ + return EXPECT_RESULT(); +} + +static int test_wc_AesCbcEncryptDecrypt_SameBuffer(Aes* aes, byte* key, + word32 keyLen, byte* iv, byte* expected) +{ + EXPECT_DECLS; + WC_DECLARE_VAR(plain, byte, CBC_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, CBC_LEN, NULL); + + WC_ALLOC_VAR(plain, byte, CBC_LEN, NULL); + WC_ALLOC_VAR(cipher, byte, CBC_LEN, NULL); + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(plain); + ExpectNotNull(cipher); +#endif + + XMEMSET(plain, 0, CBC_LEN); + + /* Testing using same buffer for input and output. */ + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, iv, AES_ENCRYPTION), 0); + XMEMCPY(cipher, plain, CBC_LEN); + ExpectIntEQ(wc_AesCbcEncrypt(aes, cipher, cipher, CBC_LEN), 0); + ExpectBufEQ(cipher, expected, CBC_LEN); +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, iv, AES_DECRYPTION), 0); + ExpectIntEQ(wc_AesCbcDecrypt(aes, cipher, cipher, CBC_LEN), 0); + ExpectBufEQ(cipher, plain, CBC_LEN); +#endif + + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); + return EXPECT_RESULT(); +} +#endif + +/* + * test function for wc_AesCbcEncrypt(), wc_AesCbcDecrypt(), + * and wc_AesCbcDecryptWithKey() + */ +int test_wc_AesCbcEncryptDecrypt(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AES_CBC) + Aes aes; + byte vector[] = { /* Now is the time for all good men w/o trailing 0 */ + 0x4e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20, + 0x66, 0x6f, 0x72, 0x20, 0x61, 0x6c, 0x6c, 0x20, + 0x67, 0x6f, 0x6f, 0x64, 0x20, 0x6d, 0x65, 0x6e + }; +#if defined(WOLFSSL_AES_128) + byte key16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte vector_enc16[] = { + 0x26, 0x5b, 0x55, 0xf1, 0xcc, 0x77, 0xc0, 0x9a, + 0x60, 0x77, 0x99, 0x1d, 0x52, 0xf1, 0xc0, 0x3a, + 0x0f, 0x16, 0xae, 0x62, 0xf1, 0x71, 0xf5, 0x95, + 0xb6, 0x74, 0x98, 0x2a, 0x6b, 0x7c, 0x7c, 0x39 + }; +#endif +#if defined(WOLFSSL_AES_192) + byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte vector_enc24[] = { + 0xdb, 0x96, 0xfa, 0x55, 0x90, 0x1e, 0x0c, 0x4f, + 0xe4, 0x0f, 0xde, 0x16, 0x33, 0x44, 0xca, 0xa5, + 0xe6, 0xa8, 0xbd, 0xd4, 0x88, 0xe5, 0x2f, 0x88, + 0xfd, 0x61, 0x0f, 0x88, 0x6d, 0xf1, 0xf6, 0xa5 + }; +#endif +#if defined(WOLFSSL_AES_256) + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte vector_enc32[] = { + 0xd7, 0xd6, 0x04, 0x5b, 0x4d, 0xc4, 0x90, 0xdf, + 0x4a, 0x82, 0xed, 0x61, 0x26, 0x4e, 0x23, 0xb3, + 0xe4, 0xb5, 0x85, 0x30, 0x29, 0x4c, 0x9d, 0xcf, + 0x73, 0xc9, 0x46, 0xd1, 0xaa, 0xc8, 0xcb, 0x62, + }; +#endif +#ifdef WOLFSSL_AES_128 + byte expected16[CBC_LEN] = { + 0x46, 0x1a, 0x5f, 0xfd, 0x9d, 0xf7, 0x91, 0x71, + 0x35, 0x8e, 0x9e, 0x01, 0x77, 0xd8, 0x4e, 0xaa, + 0x34, 0x28, 0xba, 0x95, 0x76, 0xa5, 0x60, 0xeb, + 0xbf, 0x6e, 0x89, 0xf5, 0x9a, 0x03, 0x7a, 0x7e, + 0x07, 0xc5, 0xec, 0x60, 0xe1, 0x9b, 0x7a, 0x35, + 0x9c, 0x29, 0x74, 0x6c, 0x2b, 0x1c, 0xff, 0x1b, + 0xa0, 0xd5, 0xf3, 0x5b, 0x23, 0x86, 0x31, 0xbe, + 0x1a, 0x20, 0x2c, 0x57, 0xf4, 0x9e, 0x81, 0x67, + 0xb8, 0xf2, 0x60, 0x28, 0x36, 0x50, 0x6c, 0x06, + 0x69, 0xa8, 0xec, 0x36, 0x46, 0x2a, 0xc9, 0x12, + 0x54, 0xc8, 0xeb, 0x73, 0x8d, 0xe8, 0x0f, 0x0c, + 0xd6, 0x53, 0x8b, 0xd2, 0x24, 0xdb, 0x08, 0xf7, + 0x1e, 0x2e, 0x34, 0x8d, 0x27, 0x6d, 0x77, 0x8f, + 0x00, 0xa5, 0x8e, 0xc3, 0x0d, 0x07, 0x61, 0xd4, + 0xe0, 0x54, 0x9b, 0xfe, 0x71, 0x4f, 0x25, 0x75, + 0x9f, 0x7a, 0x2c, 0xa4, 0x0e, 0x47, 0x1f, 0xef, + 0x85, 0x19, 0x36, 0x65, 0x3b, 0x28, 0x20, 0x3a, + 0xf9, 0x7f, 0x13, 0xe8, 0x24, 0xd7, 0x64, 0x27, + }; +#elif defined(WOLFSSL_AES_192) + byte expected24[CBC_LEN] = { + 0x7b, 0xde, 0x53, 0xac, 0x88, 0x24, 0xe6, 0xde, + 0x68, 0xd4, 0x64, 0x18, 0x20, 0x96, 0x62, 0x68, + 0xd0, 0x04, 0x81, 0x50, 0x73, 0xe7, 0x6d, 0x8e, + 0x14, 0x44, 0x87, 0xad, 0x6d, 0x44, 0xf9, 0xc3, + 0xe9, 0x82, 0x2e, 0x2d, 0x17, 0x16, 0x43, 0xa6, + 0x29, 0xe3, 0x9d, 0x7f, 0x84, 0x2e, 0x9a, 0x14, + 0x69, 0xe9, 0x7b, 0x38, 0xfd, 0xec, 0x71, 0x4a, + 0xf7, 0x0f, 0xbf, 0x6e, 0x4d, 0x46, 0x7e, 0xad, + 0x83, 0xcb, 0xfa, 0x20, 0x25, 0xf8, 0x13, 0xc6, + 0x75, 0xdd, 0x12, 0x1f, 0xed, 0xfa, 0x3a, 0x1c, + 0x01, 0x68, 0x02, 0x12, 0x69, 0x4c, 0xe7, 0x00, + 0xf1, 0x9c, 0x40, 0xed, 0x7d, 0x64, 0x16, 0x1c, + 0x63, 0x07, 0x87, 0x37, 0xb3, 0x5b, 0x59, 0x97, + 0xc9, 0xe4, 0x86, 0xfd, 0xd2, 0xae, 0x5b, 0x59, + 0x5a, 0xe9, 0xf5, 0x0b, 0xa0, 0x87, 0xf4, 0xb5, + 0x65, 0x9c, 0x98, 0x0f, 0xbf, 0x11, 0xa4, 0x7d, + 0x06, 0x80, 0xb5, 0x27, 0x9c, 0xd5, 0x09, 0x7a, + 0xa1, 0x42, 0xbd, 0x87, 0x6b, 0x85, 0x2f, 0x6e, + }; +#else + byte expected32[CBC_LEN] = { + 0x18, 0x5a, 0x48, 0xfd, 0xb7, 0xd5, 0x35, 0xf3, + 0x3f, 0xb9, 0x14, 0x16, 0xf3, 0x05, 0xf3, 0x71, + 0xea, 0x4e, 0x22, 0xcd, 0x15, 0x3a, 0xcc, 0xba, + 0x3f, 0x5b, 0x85, 0x15, 0xdf, 0x07, 0xf6, 0xa4, + 0xf4, 0x41, 0xe7, 0x08, 0x30, 0x9b, 0x09, 0x2d, + 0xd4, 0x3e, 0x68, 0xea, 0x45, 0x3d, 0x3a, 0xe3, + 0x7c, 0x68, 0x00, 0xda, 0xeb, 0x87, 0xd7, 0x11, + 0x2a, 0x0b, 0x7c, 0x48, 0xe5, 0xef, 0xae, 0x6d, + 0x61, 0x04, 0xa4, 0x16, 0xc7, 0xb6, 0x0f, 0xab, + 0x24, 0x0c, 0x74, 0x0b, 0x4f, 0xfe, 0xfd, 0xd1, + 0x38, 0xae, 0x92, 0x18, 0x57, 0xdd, 0x20, 0x90, + 0x74, 0x0a, 0xdf, 0x7b, 0x06, 0x2d, 0x8a, 0xe8, + 0x43, 0x77, 0x0d, 0x18, 0x25, 0x8b, 0x04, 0x98, + 0xf4, 0x4c, 0x43, 0x19, 0x99, 0x16, 0x5a, 0xac, + 0x7f, 0x52, 0x0f, 0x79, 0xd2, 0x10, 0xa5, 0xf3, + 0x88, 0xf3, 0x79, 0x0a, 0x05, 0x22, 0xb8, 0xb2, + 0xb7, 0xd4, 0x8e, 0x17, 0x80, 0x1b, 0x4d, 0xcb, + 0x99, 0xa7, 0x30, 0x1b, 0xe0, 0xee, 0xd5, 0xd3, + }; +#endif + byte iv[] = "1234567890abcdef"; + byte* key; + word32 keyLen; + byte* expected; + +#if defined(WOLFSSL_AES_128) + key = key16; + keyLen = (word32)sizeof(key16) / sizeof(byte); + expected = expected16; +#elif defined(WOLFSSL_AES_192) + key = key24; + keyLen = (word32)sizeof(key24) / sizeof(byte); + expected = expected24; +#else + key = key32; + keyLen = (word32)sizeof(key32) / sizeof(byte); + expected = expected32; +#endif + + /* Init stack variables. */ + XMEMSET(&aes, 0, sizeof(Aes)); + + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + + EXPECT_TEST(test_wc_AesCbcEncryptDecrypt_BadArgs(&aes, key, keyLen, iv)); + +#ifdef WOLFSSL_AES_128 + EXPECT_TEST(test_wc_AesCbcEncryptDecrypt_WithKey(&aes, key16, + (word32)sizeof(key16) / sizeof(byte), iv, vector, vector_enc16, + (word32)sizeof(vector) / sizeof(byte))); +#endif +#ifdef WOLFSSL_AES_192 + EXPECT_TEST(test_wc_AesCbcEncryptDecrypt_WithKey(&aes, key24, + (word32)sizeof(key24) / sizeof(byte), iv, vector, vector_enc24, + (word32)sizeof(vector) / sizeof(byte))); +#endif +#ifdef WOLFSSL_AES_256 + EXPECT_TEST(test_wc_AesCbcEncryptDecrypt_WithKey(&aes, key32, + (word32)sizeof(key32) / sizeof(byte), iv, vector, vector_enc32, + (word32)sizeof(vector) / sizeof(byte))); +#endif + + EXPECT_TEST(test_wc_AesCbcEncryptDecrypt_MultiBlocks(&aes, key, keyLen, iv, + expected)); + EXPECT_TEST(test_wc_AesCbcEncryptDecrypt_SameBuffer(&aes, key, keyLen, iv, + expected)); + + wc_AesFree(&aes); +#endif + return EXPECT_RESULT(); +} /* END test_wc_AesCbcEncryptDecrypt */ + +/******************************************************************************* + * AES-CFB + ******************************************************************************/ + +#if !defined(NO_AES) && defined(WOLFSSL_AES_CFB) +#define CFB_LEN (5 * WC_AES_BLOCK_SIZE) + +static int test_wc_AesCfbEncryptDecrypt_BadArgs(Aes* aes, byte* key, + word32 keyLen, byte* iv) +{ + EXPECT_DECLS; + byte plain[WC_AES_BLOCK_SIZE]; + byte cipher[WC_AES_BLOCK_SIZE]; +#ifdef HAVE_AES_DECRYPT + byte decrypted[WC_AES_BLOCK_SIZE]; +#endif + + XMEMSET(plain, 0x00, WC_AES_BLOCK_SIZE); + XMEMSET(cipher, 0x00, WC_AES_BLOCK_SIZE); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_ENCRYPTION), 0); + + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + ExpectIntEQ(wc_AesCfbEncrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCfbEncrypt(aes, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCfbEncrypt(NULL, cipher, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCfbEncrypt(NULL, NULL, plain, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCfbEncrypt(aes, cipher, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCfbEncrypt(aes, NULL, plain, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCfbEncrypt(NULL, cipher, plain, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + ExpectIntEQ(wc_AesCfbDecrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCfbDecrypt(aes, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCfbDecrypt(NULL, decrypted, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCfbDecrypt(NULL, NULL, cipher, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCfbDecrypt(aes, decrypted, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCfbDecrypt(aes, NULL, cipher, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCfbDecrypt(NULL, decrypted, cipher, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + return EXPECT_RESULT(); +} + +static int test_wc_AesCfbEncryptDecrypt_WithKey(Aes* aes, byte* key, + word32 keyLen, byte* iv, byte* expected) +{ + EXPECT_DECLS; + WC_DECLARE_VAR(plain, byte, CFB_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, CFB_LEN, NULL); +#ifdef HAVE_AES_DECRYPT + WC_DECLARE_VAR(decrypted, byte, CFB_LEN, NULL); +#endif + + WC_ALLOC_VAR(plain, byte, CFB_LEN, NULL); + WC_ALLOC_VAR(cipher, byte, CFB_LEN, NULL); +#ifdef HAVE_AES_DECRYPT + WC_ALLOC_VAR(decrypted, byte, CFB_LEN, NULL); +#endif + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(plain); + ExpectNotNull(cipher); +#ifdef HAVE_AES_DECRYPT + ExpectNotNull(decrypted); +#endif +#endif + + XMEMSET(plain, 0xa5, CFB_LEN); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_ENCRYPTION), 0); + + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + ExpectIntEQ(wc_AesCfbEncrypt(aes, cipher, plain, WC_AES_BLOCK_SIZE), 0); + ExpectBufEQ(cipher, expected, WC_AES_BLOCK_SIZE); + +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + ExpectIntEQ(wc_AesCfbDecrypt(aes, decrypted, cipher, WC_AES_BLOCK_SIZE), + 0); + ExpectBufEQ(decrypted, plain, WC_AES_BLOCK_SIZE); +#endif + + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + ExpectIntEQ(wc_AesCfbEncrypt(aes, cipher, plain, CFB_LEN), 0); + ExpectBufEQ(cipher, expected, CFB_LEN); +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + ExpectIntEQ(wc_AesCfbDecrypt(aes, decrypted, cipher, CFB_LEN), 0); + ExpectBufEQ(decrypted, plain, CFB_LEN); +#endif + + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); +#ifdef HAVE_AES_DECRYPT + WC_FREE_VAR(decrypted, NULL); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_AesCfbEncryptDecrypt_Chunking(Aes* aes, byte* key, + word32 keyLen, byte* iv, byte* expected) +{ + EXPECT_DECLS; + int sz; + int cnt; + WC_DECLARE_VAR(plain, byte, CFB_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, CFB_LEN, NULL); +#ifdef HAVE_AES_DECRYPT + WC_DECLARE_VAR(decrypted, byte, CFB_LEN, NULL); +#endif + + WC_ALLOC_VAR(plain, byte, CFB_LEN, NULL); + WC_ALLOC_VAR(cipher, byte, CFB_LEN, NULL); +#ifdef HAVE_AES_DECRYPT + WC_ALLOC_VAR(decrypted, byte, CFB_LEN, NULL); +#endif + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(plain); + ExpectNotNull(cipher); +#ifdef HAVE_AES_DECRYPT + ExpectNotNull(decrypted); +#endif +#endif + + XMEMSET(plain, 0xa5, CFB_LEN); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_ENCRYPTION), 0); + + for (sz = 1; sz < CFB_LEN; sz++) { + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + XMEMSET(cipher, 0, CFB_LEN); + for (cnt = 0; cnt + sz <= CFB_LEN; cnt += sz) { + ExpectIntEQ(wc_AesCfbEncrypt(aes, cipher + cnt, plain + cnt, sz), + 0); + } + if (cnt < CFB_LEN) { + ExpectIntEQ(wc_AesCfbEncrypt(aes, cipher + cnt, plain + cnt, + CFB_LEN - cnt), 0); + } + ExpectBufEQ(cipher, expected, CFB_LEN); + } +#ifdef HAVE_AES_DECRYPT + for (sz = 1; sz < CFB_LEN; sz++) { + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + XMEMSET(decrypted, 0xff, CFB_LEN); + for (cnt = 0; cnt + sz <= CFB_LEN; cnt += sz) { + ExpectIntEQ(wc_AesCfbDecrypt(aes, decrypted + cnt, cipher + cnt, + sz), 0); + } + if (cnt < CFB_LEN) { + ExpectIntEQ(wc_AesCfbDecrypt(aes, decrypted + cnt, cipher + cnt, + CFB_LEN - cnt), 0); + } + ExpectBufEQ(decrypted, plain, CFB_LEN); + } +#endif + + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); +#ifdef HAVE_AES_DECRYPT + WC_FREE_VAR(decrypted, NULL); +#endif + return EXPECT_RESULT(); +} + +#if (!defined(HAVE_FIPS) || !defined(HAVE_FIPS_VERSION) || \ + (HAVE_FIPS_VERSION > 6)) && !defined(HAVE_SELFTEST) +static int test_wc_AesCfbEncryptDecrypt_SameBuffer(Aes* aes, byte* key, + word32 keyLen, byte* iv, byte* expected) +{ + EXPECT_DECLS; + WC_DECLARE_VAR(plain, byte, CFB_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, CFB_LEN, NULL); + + WC_ALLOC_VAR(plain, byte, CBC_LEN, NULL); + WC_ALLOC_VAR(cipher, byte, CBC_LEN, NULL); + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(plain); + ExpectNotNull(cipher); +#endif + + XMEMSET(plain, 0xa5, CFB_LEN); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_ENCRYPTION), 0); + + /* Testing using same buffer for input and output. */ + XMEMCPY(cipher, plain, CFB_LEN); + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + ExpectIntEQ(wc_AesCfbEncrypt(aes, cipher, cipher, CFB_LEN), 0); + ExpectBufEQ(cipher, expected, CFB_LEN); +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + ExpectIntEQ(wc_AesCfbDecrypt(aes, cipher, cipher, CFB_LEN), 0); + ExpectBufEQ(cipher, plain, CFB_LEN); +#endif + + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); + return EXPECT_RESULT(); +} +#endif +#endif + +int test_wc_AesCfbEncryptDecrypt(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(WOLFSSL_AES_CFB) + Aes aes; +#if defined(WOLFSSL_AES_128) + byte key16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte expected16[CFB_LEN] = { + 0xe3, 0xbf, 0xfa, 0x58, 0x38, 0x52, 0x34, 0xd4, + 0x90, 0x2b, 0x3b, 0xa4, 0xd2, 0x7d, 0xeb, 0x0f, + 0x01, 0x1f, 0xb4, 0x51, 0xa3, 0x6b, 0x21, 0x0c, + 0x17, 0xb0, 0xb2, 0xbf, 0x33, 0x3d, 0xe4, 0x3f, + 0xf9, 0x50, 0xcc, 0x2b, 0xab, 0xb7, 0x30, 0xaa, + 0xaf, 0x56, 0xad, 0xdb, 0xca, 0x73, 0x4b, 0x13, + 0x3b, 0xe2, 0xef, 0x8a, 0xb9, 0x1c, 0xfe, 0xfa, + 0x79, 0xcd, 0x92, 0x34, 0x27, 0xae, 0x6c, 0xe9, + 0x18, 0x60, 0x05, 0x44, 0xdd, 0x87, 0xe5, 0xfa, + 0x87, 0x64, 0xd0, 0x4c, 0x21, 0x00, 0xe9, 0x8d, + }; +#endif +#if defined(WOLFSSL_AES_192) + byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte expected24[CFB_LEN] = { + 0xde, 0x7b, 0xf6, 0x09, 0x2d, 0x81, 0x43, 0x7b, + 0xcd, 0x71, 0xc1, 0xbd, 0x85, 0x33, 0xc7, 0xcd, + 0x23, 0xb2, 0x9f, 0xf8, 0x69, 0xe5, 0x77, 0xbf, + 0x5a, 0x7f, 0xad, 0x5d, 0x98, 0x8f, 0x17, 0x70, + 0x65, 0xf6, 0x18, 0x90, 0x95, 0x5f, 0x85, 0xfd, + 0xfb, 0xc4, 0xed, 0xf2, 0x85, 0x6a, 0x3f, 0x62, + 0x8c, 0x33, 0x08, 0x42, 0x5d, 0x29, 0x51, 0xec, + 0xaa, 0x37, 0x7c, 0x57, 0x51, 0xa0, 0xde, 0xf8, + 0x68, 0x12, 0xf7, 0x73, 0x1c, 0x0c, 0xc7, 0xa6, + 0xb1, 0x82, 0x0e, 0xc8, 0xbd, 0xe3, 0x48, 0x3c, + }; +#endif +#if defined(WOLFSSL_AES_256) + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte expected32[CFB_LEN] = { + 0xbd, 0xff, 0xed, 0x58, 0x12, 0x70, 0x90, 0x56, + 0x9a, 0x1c, 0xb1, 0xb3, 0x56, 0xa0, 0x56, 0xd4, + 0x97, 0xb3, 0x9c, 0xf9, 0xeb, 0x2a, 0xb6, 0x23, + 0x11, 0x0c, 0x8d, 0x15, 0x2d, 0x03, 0x66, 0x76, + 0x4a, 0x7f, 0xb4, 0xf4, 0xe6, 0x7c, 0xec, 0x8b, + 0xe9, 0xa9, 0x40, 0x2b, 0x97, 0xec, 0x0e, 0x24, + 0xfe, 0x4b, 0xa1, 0xd6, 0xfc, 0x8f, 0x9c, 0x79, + 0x0c, 0x84, 0x18, 0x67, 0x14, 0x7d, 0x8c, 0x5a, + 0x78, 0x4f, 0x18, 0xb1, 0x04, 0xd9, 0x41, 0x79, + 0x72, 0x92, 0x5e, 0x91, 0xe8, 0xa9, 0xe7, 0xe9, + }; +#endif + byte iv[] = "1234567890abcdef"; + byte* key; + word32 keyLen; + byte* expected; + +#if defined(WOLFSSL_AES_128) + key = key16; + keyLen = (word32)sizeof(key16) / sizeof(byte); + expected = expected16; +#elif defined(WOLFSSL_AES_192) + key = key24; + keyLen = (word32)sizeof(key24) / sizeof(byte); + expected = expected24; +#else + key = key32; + keyLen = (word32)sizeof(key32) / sizeof(byte); + expected = expected32; +#endif + + XMEMSET(&aes, 0, sizeof(Aes)); + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + + EXPECT_TEST(test_wc_AesCfbEncryptDecrypt_BadArgs(&aes, key, keyLen, iv)); + +#if defined(WOLFSSL_AES_128) + EXPECT_TEST(test_wc_AesCfbEncryptDecrypt_WithKey(&aes, key16, + (word32)sizeof(key16) / sizeof(byte), iv, expected16)); +#endif +#if defined(WOLFSSL_AES_192) + EXPECT_TEST(test_wc_AesCfbEncryptDecrypt_WithKey(&aes, key24, + (word32)sizeof(key24) / sizeof(byte), iv, expected24)); +#endif +#if defined(WOLFSSL_AES_256) + EXPECT_TEST(test_wc_AesCfbEncryptDecrypt_WithKey(&aes, key32, + (word32)sizeof(key32) / sizeof(byte), iv, expected32)); +#endif + + EXPECT_TEST(test_wc_AesCfbEncryptDecrypt_Chunking(&aes, key, keyLen, iv, + expected)); +#if (!defined(HAVE_FIPS) || !defined(HAVE_FIPS_VERSION) || \ + (HAVE_FIPS_VERSION > 6)) && !defined(HAVE_SELFTEST) + EXPECT_TEST(test_wc_AesCfbEncryptDecrypt_SameBuffer(&aes, key, keyLen, iv, + expected)); +#endif + + wc_AesFree(&aes); +#endif + return EXPECT_RESULT(); +} + +/******************************************************************************* + * AES-OFB + ******************************************************************************/ + +#if !defined(NO_AES) && defined(WOLFSSL_AES_OFB) +#define OFB_LEN (5 * WC_AES_BLOCK_SIZE) + +static int test_wc_AesOfbEncryptDecrypt_BadArgs(Aes* aes, byte* key, + word32 keyLen, byte* iv) +{ + EXPECT_DECLS; + byte plain[WC_AES_BLOCK_SIZE]; + byte cipher[WC_AES_BLOCK_SIZE]; +#ifdef HAVE_AES_DECRYPT + byte decrypted[WC_AES_BLOCK_SIZE]; +#endif + + XMEMSET(plain, 0x00, WC_AES_BLOCK_SIZE); + XMEMSET(cipher, 0x00, WC_AES_BLOCK_SIZE); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_ENCRYPTION), 0); + + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + ExpectIntEQ(wc_AesOfbEncrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesOfbEncrypt(aes, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesOfbEncrypt(NULL, cipher, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesOfbEncrypt(NULL, NULL, plain, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesOfbEncrypt(aes, cipher, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesOfbEncrypt(aes, NULL, plain, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesOfbEncrypt(NULL, cipher, plain, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + ExpectIntEQ(wc_AesOfbDecrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesOfbDecrypt(aes, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesOfbDecrypt(NULL, decrypted, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesOfbDecrypt(NULL, NULL, cipher, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesOfbDecrypt(aes, decrypted, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesOfbDecrypt(aes, NULL, cipher, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesOfbDecrypt(NULL, decrypted, cipher, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + return EXPECT_RESULT(); +} + +static int test_wc_AesOfbEncryptDecrypt_WithKey(Aes* aes, byte* key, + word32 keyLen, byte* iv, byte* expected) +{ + EXPECT_DECLS; + WC_DECLARE_VAR(plain, byte, OFB_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, OFB_LEN, NULL); +#ifdef HAVE_AES_DECRYPT + WC_DECLARE_VAR(decrypted, byte, OFB_LEN, NULL); +#endif + + WC_ALLOC_VAR(plain, byte, OFB_LEN, NULL); + WC_ALLOC_VAR(cipher, byte, OFB_LEN, NULL); +#ifdef HAVE_AES_DECRYPT + WC_ALLOC_VAR(decrypted, byte, OFB_LEN, NULL); +#endif + + XMEMSET(plain, 0xa5, OFB_LEN); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_ENCRYPTION), 0); + + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + ExpectIntEQ(wc_AesOfbEncrypt(aes, cipher, plain, WC_AES_BLOCK_SIZE), 0); + ExpectBufEQ(cipher, expected, WC_AES_BLOCK_SIZE); + +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + ExpectIntEQ(wc_AesOfbDecrypt(aes, decrypted, cipher, WC_AES_BLOCK_SIZE), + 0); + ExpectBufEQ(decrypted, plain, WC_AES_BLOCK_SIZE); +#endif + + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + ExpectIntEQ(wc_AesOfbEncrypt(aes, cipher, plain, OFB_LEN), 0); + ExpectBufEQ(cipher, expected, OFB_LEN); +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + ExpectIntEQ(wc_AesOfbDecrypt(aes, decrypted, cipher, OFB_LEN), 0); + ExpectBufEQ(decrypted, plain, OFB_LEN); +#endif + + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); +#ifdef HAVE_AES_DECRYPT + WC_FREE_VAR(decrypted, NULL); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_AesOfbEncryptDecrypt_Chunking(Aes* aes, byte* key, + word32 keyLen, byte* iv, byte* expected) +{ + EXPECT_DECLS; + int sz; + int cnt; + WC_DECLARE_VAR(plain, byte, OFB_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, OFB_LEN, NULL); +#ifdef HAVE_AES_DECRYPT + WC_DECLARE_VAR(decrypted, byte, OFB_LEN, NULL); +#endif + + WC_ALLOC_VAR(plain, byte, OFB_LEN, NULL); + WC_ALLOC_VAR(cipher, byte, OFB_LEN, NULL); +#ifdef HAVE_AES_DECRYPT + WC_ALLOC_VAR(decrypted, byte, OFB_LEN, NULL); +#endif + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(plain); + ExpectNotNull(cipher); +#ifdef HAVE_AES_DECRYPT + ExpectNotNull(decrypted); +#endif +#endif + + XMEMSET(plain, 0xa5, OFB_LEN); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_ENCRYPTION), 0); + + for (sz = 1; sz < OFB_LEN; sz++) { + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + XMEMSET(cipher, 0, OFB_LEN); + for (cnt = 0; cnt + sz <= OFB_LEN; cnt += sz) { + ExpectIntEQ(wc_AesOfbEncrypt(aes, cipher + cnt, plain + cnt, sz), + 0); + } + if (cnt < OFB_LEN) { + ExpectIntEQ(wc_AesOfbEncrypt(aes, cipher + cnt, plain + cnt, + OFB_LEN - cnt), 0); + } + ExpectBufEQ(cipher, expected, OFB_LEN); + } +#ifdef HAVE_AES_DECRYPT + for (sz = 1; sz < OFB_LEN; sz++) { + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + XMEMSET(decrypted, 0xff, OFB_LEN); + for (cnt = 0; cnt + sz <= OFB_LEN; cnt += sz) { + ExpectIntEQ(wc_AesOfbDecrypt(aes, decrypted + cnt, cipher + cnt, + sz), 0); + } + if (cnt < OFB_LEN) { + ExpectIntEQ(wc_AesOfbDecrypt(aes, decrypted + cnt, cipher + cnt, + OFB_LEN - cnt), 0); + } + ExpectBufEQ(decrypted, plain, OFB_LEN); + } +#endif + + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); +#ifdef HAVE_AES_DECRYPT + WC_FREE_VAR(decrypted, NULL); +#endif + return EXPECT_RESULT(); +} + +static int test_wc_AesOfbEncryptDecrypt_SameBuffer(Aes* aes, byte* key, + word32 keyLen, byte* iv, byte* expected) +{ + EXPECT_DECLS; + WC_DECLARE_VAR(plain, byte, OFB_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, OFB_LEN, NULL); + + WC_ALLOC_VAR(plain, byte, OFB_LEN, NULL); + WC_ALLOC_VAR(cipher, byte, OFB_LEN, NULL); + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(plain); + ExpectNotNull(cipher); +#endif + XMEMSET(plain, 0xa5, OFB_LEN); + + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_ENCRYPTION), 0); + + /* Testing using same buffer for input and output. */ + XMEMCPY(cipher, plain, OFB_LEN); + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + ExpectIntEQ(wc_AesOfbEncrypt(aes, cipher, cipher, OFB_LEN), 0); + ExpectBufEQ(cipher, expected, OFB_LEN); +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + ExpectIntEQ(wc_AesOfbDecrypt(aes, cipher, cipher, OFB_LEN), 0); + ExpectBufEQ(cipher, plain, OFB_LEN); +#endif + + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); + return EXPECT_RESULT(); +} +#endif + +int test_wc_AesOfbEncryptDecrypt(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(WOLFSSL_AES_OFB) + Aes aes; +#if defined(WOLFSSL_AES_128) + byte key16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte expected16[OFB_LEN] = { + 0xe3, 0xbf, 0xfa, 0x58, 0x38, 0x52, 0x34, 0xd4, + 0x90, 0x2b, 0x3b, 0xa4, 0xd2, 0x7d, 0xeb, 0x0f, + 0x91, 0x8d, 0x1f, 0x30, 0xd3, 0x00, 0xc5, 0x4e, + 0x1a, 0xcb, 0x2c, 0x50, 0x3f, 0xa6, 0xdf, 0xdb, + 0xa2, 0x60, 0x49, 0xc5, 0x44, 0x3e, 0xdf, 0x90, + 0x39, 0x8c, 0xd1, 0xc9, 0x8e, 0xb9, 0x5a, 0xbe, + 0x05, 0x70, 0x56, 0xfe, 0x86, 0x23, 0x94, 0x1b, + 0xbf, 0x85, 0x89, 0xf2, 0x51, 0x3b, 0x24, 0xc2, + 0x1d, 0x57, 0xc5, 0x8d, 0x93, 0xf5, 0xc9, 0xa3, + 0xcc, 0x0d, 0x49, 0x93, 0xe3, 0x8f, 0x6c, 0xb7, + }; +#endif +#if defined(WOLFSSL_AES_192) + byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte expected24[OFB_LEN] = { + 0xde, 0x7b, 0xf6, 0x09, 0x2d, 0x81, 0x43, 0x7b, + 0xcd, 0x71, 0xc1, 0xbd, 0x85, 0x33, 0xc7, 0xcd, + 0x75, 0xa1, 0x24, 0xf5, 0xd6, 0x42, 0xc8, 0x2b, + 0xb1, 0xe1, 0x22, 0x08, 0xc8, 0xe1, 0x5c, 0x66, + 0x4c, 0x27, 0x8b, 0x88, 0xb2, 0xb3, 0xe6, 0x03, + 0x8c, 0x46, 0x38, 0xda, 0x21, 0x8b, 0x3f, 0xb1, + 0xcc, 0x4c, 0xde, 0x9d, 0x58, 0x49, 0xd4, 0xef, + 0x52, 0xaa, 0x1a, 0xcb, 0xe8, 0xe3, 0xdb, 0x08, + 0x26, 0x6e, 0x5f, 0x85, 0x80, 0x5d, 0xb6, 0x63, + 0xd0, 0x78, 0xb7, 0xba, 0x48, 0x5f, 0x9f, 0xb9, + }; +#endif +#if defined(WOLFSSL_AES_256) + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte expected32[OFB_LEN] = { + 0xbd, 0xff, 0xed, 0x58, 0x12, 0x70, 0x90, 0x56, + 0x9a, 0x1c, 0xb1, 0xb3, 0x56, 0xa0, 0x56, 0xd4, + 0x4f, 0xeb, 0x87, 0x68, 0xb0, 0x9f, 0x69, 0x1f, + 0x9a, 0xfe, 0x20, 0xb0, 0x7a, 0xa2, 0x53, 0x01, + 0x51, 0xe4, 0x42, 0xad, 0x95, 0x3e, 0xac, 0x88, + 0x71, 0x9b, 0xcd, 0x4f, 0xe0, 0x98, 0x9f, 0x46, + 0xd9, 0xcd, 0xa5, 0x7f, 0x4e, 0x22, 0x72, 0xb4, + 0x8f, 0xae, 0xd9, 0xed, 0x40, 0x4a, 0x0b, 0xc8, + 0xc4, 0xa1, 0x01, 0xb3, 0x62, 0x13, 0xaa, 0x0e, + 0x81, 0xa9, 0xd1, 0xae, 0xea, 0x5b, 0x58, 0x74, + }; +#endif + byte iv[] = "1234567890abcdef"; + byte* key; + word32 keyLen; + byte* expected; + +#if defined(WOLFSSL_AES_128) + key = key16; + keyLen = (word32)sizeof(key16) / sizeof(byte); + expected = expected16; +#elif defined(WOLFSSL_AES_192) + key = key24; + keyLen = (word32)sizeof(key24) / sizeof(byte); + expected = expected24; +#else + key = key32; + keyLen = (word32)sizeof(key32) / sizeof(byte); + expected = expected32; +#endif + + XMEMSET(&aes, 0, sizeof(Aes)); + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + + EXPECT_TEST(test_wc_AesOfbEncryptDecrypt_BadArgs(&aes, key, keyLen, iv)); + +#if defined(WOLFSSL_AES_128) + EXPECT_TEST(test_wc_AesOfbEncryptDecrypt_WithKey(&aes, key16, + (word32)sizeof(key16) / sizeof(byte), iv, expected16)); +#endif +#if defined(WOLFSSL_AES_192) + EXPECT_TEST(test_wc_AesOfbEncryptDecrypt_WithKey(&aes, key24, + (word32)sizeof(key24) / sizeof(byte), iv, expected24)); +#endif +#if defined(WOLFSSL_AES_256) + EXPECT_TEST(test_wc_AesOfbEncryptDecrypt_WithKey(&aes, key32, + (word32)sizeof(key32) / sizeof(byte), iv, expected32)); +#endif + + EXPECT_TEST(test_wc_AesOfbEncryptDecrypt_Chunking(&aes, key, keyLen, iv, + expected)); + EXPECT_TEST(test_wc_AesOfbEncryptDecrypt_SameBuffer(&aes, key, keyLen, iv, + expected)); + + wc_AesFree(&aes); +#endif + return EXPECT_RESULT(); +} + +/******************************************************************************* + * AES-CTS + ******************************************************************************/ + +int test_wc_AesCtsEncryptDecrypt(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(WOLFSSL_AES_CTS) && \ + defined(HAVE_AES_DECRYPT) && defined(WOLFSSL_AES_128) + /* Test vectors taken form RFC3962 Appendix B */ + const struct { + const char* input; + const char* output; + size_t inLen; + size_t outLen; + } vects[] = { + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20", + "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f" + "\x97", + 17, 17 + }, + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20", + "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22" + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5", + 31, 31 + }, + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43", + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84", + 32, 32 + }, + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" + "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c", + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e" + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5", + 47, 47 + }, + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" + "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20", + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8" + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8", + 48, 48 + }, + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" + "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20" + "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e", + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" + "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40" + "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8", + 64, 64 + } + }; + const byte keyBytes[AES_128_KEY_SIZE] = { + 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20, + 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 + }; + byte tmp[64]; /* Largest vector size */ + size_t i; + byte iv[AES_IV_SIZE]; /* All-zero IV for all cases */ + + XMEMSET(iv, 0, sizeof(iv)); + for (i = 0; i < XELEM_CNT(vects) && EXPECT_SUCCESS(); i++) { + /* One-shot encrypt */ + XMEMSET(tmp, 0, sizeof(tmp)); + ExpectIntEQ(wc_AesCtsEncrypt(keyBytes, sizeof(keyBytes), tmp, + (const byte*)vects[i].input, (word32)vects[i].inLen, iv), 0); + ExpectBufEQ(tmp, vects[i].output, vects[i].outLen); + XMEMSET(tmp, 0, sizeof(tmp)); + ExpectIntEQ(wc_AesCtsDecrypt(keyBytes, sizeof(keyBytes), tmp, + (const byte*)vects[i].output, (word32)vects[i].outLen, iv), 0); + ExpectBufEQ(tmp, vects[i].input, vects[i].inLen); + } + /* Execute all branches */ + { + Aes* aes = NULL; + int result_code = 0; + const byte* in = (const byte*)vects[5].input; + byte* out = tmp; + word32 outSz = (word32)vects[5].outLen; + word32 remSz = (word32)vects[5].outLen; + + XMEMSET(tmp, 0, sizeof(tmp)); + ExpectNotNull(aes = wc_AesNew(NULL, INVALID_DEVID, &result_code)); + ExpectIntEQ(wc_AesSetKey(aes, keyBytes, sizeof(keyBytes), iv, + AES_ENCRYPTION), 0); + ExpectIntEQ(wc_AesCtsEncryptUpdate(aes, out, &outSz, in, 1), 0); + in += 1; out += outSz; remSz -= outSz; outSz = remSz; + ExpectIntEQ(wc_AesCtsEncryptUpdate(aes, out, &outSz, in, 31), 0); + in += 31; out += outSz; remSz -= outSz; outSz = remSz; + ExpectIntEQ(wc_AesCtsEncryptUpdate(aes, out, &outSz, in, 32), 0); + in += 32; out += outSz; remSz -= outSz; outSz = remSz; + ExpectIntEQ(wc_AesCtsEncryptFinal(aes, out, &outSz), 0); + remSz -= outSz; + ExpectIntEQ(remSz, 0); + ExpectBufEQ(tmp, vects[5].output, vects[5].outLen); + ExpectIntEQ(wc_AesDelete(aes, &aes), 0); + } + { + Aes* aes = NULL; + int result_code = 0; + const byte* in = (const byte*)vects[5].input; + byte* out = tmp; + word32 outSz = (word32)vects[5].outLen; + word32 remSz = (word32)vects[5].outLen; + + ExpectNotNull(aes = wc_AesNew(NULL, INVALID_DEVID, &result_code)); + ExpectIntEQ(wc_AesSetKey(aes, keyBytes, sizeof(keyBytes), iv, + AES_ENCRYPTION), 0); + ExpectIntEQ(wc_AesCtsEncryptUpdate(aes, out, &outSz, in, 1), 0); + in += 1; out += outSz; remSz -= outSz; outSz = remSz; + ExpectIntEQ(wc_AesCtsEncryptUpdate(aes, out, &outSz, in, 63), 0); + in += 63; out += outSz; remSz -= outSz; outSz = remSz; + ExpectIntEQ(wc_AesCtsEncryptFinal(aes, out, &outSz), 0); + remSz -= outSz; + ExpectIntEQ(remSz, 0); + ExpectBufEQ(tmp, vects[5].output, vects[5].outLen); + ExpectIntEQ(wc_AesDelete(aes, &aes), 0); + } + { + Aes* aes = NULL; + int result_code = 0; + const byte* in = (const byte*)vects[2].input; + byte* out = tmp; + word32 outSz = (word32)vects[2].outLen; + word32 remSz = (word32)vects[2].outLen; + + ExpectNotNull(aes = wc_AesNew(NULL, INVALID_DEVID, &result_code)); + ExpectIntEQ(wc_AesSetKey(aes, keyBytes, sizeof(keyBytes), iv, + AES_ENCRYPTION), 0); + ExpectIntEQ(wc_AesCtsEncryptUpdate(aes, out, &outSz, in, 16), 0); + in += 16; out += outSz; remSz -= outSz; outSz = remSz; + ExpectIntEQ(wc_AesCtsEncryptUpdate(aes, out, &outSz, in, 16), 0); + in += 16; out += outSz; remSz -= outSz; outSz = remSz; + ExpectIntEQ(wc_AesCtsEncryptFinal(aes, out, &outSz), 0); + remSz -= outSz; + ExpectIntEQ(remSz, 0); + ExpectBufEQ(tmp, vects[2].output, vects[2].outLen); + ExpectIntEQ(wc_AesDelete(aes, &aes), 0); + } + { + Aes* aes = NULL; + int result_code = 0; + const byte* in = (const byte*)vects[5].output; + byte* out = tmp; + word32 outSz = (word32)vects[5].inLen; + word32 remSz = (word32)vects[5].inLen; + + XMEMSET(tmp, 0, sizeof(tmp)); + ExpectNotNull(aes = wc_AesNew(NULL, INVALID_DEVID, &result_code)); + ExpectIntEQ(wc_AesSetKey(aes, keyBytes, sizeof(keyBytes), iv, + AES_DECRYPTION), 0); + ExpectIntEQ(wc_AesCtsDecryptUpdate(aes, out, &outSz, in, 1), 0); + in += 1; out += outSz; remSz -= outSz; outSz = remSz; + ExpectIntEQ(wc_AesCtsDecryptUpdate(aes, out, &outSz, in, 31), 0); + in += 31; out += outSz; remSz -= outSz; outSz = remSz; + ExpectIntEQ(wc_AesCtsDecryptUpdate(aes, out, &outSz, in, 32), 0); + in += 32; out += outSz; remSz -= outSz; outSz = remSz; + ExpectIntEQ(wc_AesCtsDecryptFinal(aes, out, &outSz), 0); + remSz -= outSz; + ExpectIntEQ(remSz, 0); + ExpectBufEQ(tmp, vects[5].input, vects[5].inLen); + ExpectIntEQ(wc_AesDelete(aes, &aes), 0); + } + { + Aes* aes = NULL; + int result_code = 0; + const byte* in = (const byte*)vects[5].output; + byte* out = tmp; + word32 outSz = (word32)vects[5].inLen; + word32 remSz = (word32)vects[5].inLen; + + ExpectNotNull(aes = wc_AesNew(NULL, INVALID_DEVID, &result_code)); + ExpectIntEQ(wc_AesSetKey(aes, keyBytes, sizeof(keyBytes), iv, + AES_DECRYPTION), 0); + ExpectIntEQ(wc_AesCtsDecryptUpdate(aes, out, &outSz, in, 1), 0); + in += 1; out += outSz; remSz -= outSz; outSz = remSz; + ExpectIntEQ(wc_AesCtsDecryptUpdate(aes, out, &outSz, in, 63), 0); + in += 63; out += outSz; remSz -= outSz; outSz = remSz; + ExpectIntEQ(wc_AesCtsDecryptFinal(aes, out, &outSz), 0); + remSz -= outSz; + ExpectIntEQ(remSz, 0); + ExpectBufEQ(tmp, vects[5].input, vects[5].inLen); + ExpectIntEQ(wc_AesDelete(aes, &aes), 0); + } + { + Aes* aes = NULL; + int result_code = 0; + const byte* in = (const byte*)vects[2].output; + byte* out = tmp; + word32 outSz = (word32)vects[2].inLen; + word32 remSz = (word32)vects[2].inLen; + + ExpectNotNull(aes = wc_AesNew(NULL, INVALID_DEVID, &result_code)); + ExpectIntEQ(wc_AesSetKey(aes, keyBytes, sizeof(keyBytes), iv, + AES_DECRYPTION), 0); + ExpectIntEQ(wc_AesCtsDecryptUpdate(aes, out, &outSz, in, 16), 0); + in += 16; out += outSz; remSz -= outSz; outSz = remSz; + ExpectIntEQ(wc_AesCtsDecryptUpdate(aes, out, &outSz, in, 16), 0); + in += 16; out += outSz; remSz -= outSz; outSz = remSz; + ExpectIntEQ(wc_AesCtsDecryptFinal(aes, out, &outSz), 0); + remSz -= outSz; + ExpectIntEQ(remSz, 0); + ExpectBufEQ(tmp, vects[2].input, vects[2].inLen); + ExpectIntEQ(wc_AesDelete(aes, &aes), 0); + } +#endif + return EXPECT_RESULT(); +} + +/******************************************************************************* + * AES-CTR + ******************************************************************************/ + +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_AFALG) && \ + !defined(WOLFSSL_KCAPI) +static int test_wc_AesCtrSetKey_BadArgs(Aes* aes, byte* key, word32 keyLen, + byte* iv) +{ + EXPECT_DECLS; + + ExpectIntEQ(wc_AesCtrSetKey(NULL, NULL, keyLen, iv, AES_ENCRYPTION), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCtrSetKey(NULL, key , keyLen, iv, AES_ENCRYPTION), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCtrSetKey(aes , key , 48 , iv, AES_ENCRYPTION), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + return EXPECT_RESULT(); +} + +static int test_wc_AesCtrSetKey_WithKey(Aes* aes, byte* key, word32 keyLen, + byte* iv, int ret) +{ + EXPECT_DECLS; + + ExpectIntEQ(wc_AesCtrSetKey(aes, key, keyLen, iv, AES_ENCRYPTION), ret); + ExpectIntEQ(wc_AesCtrSetKey(aes, key, keyLen, NULL, AES_DECRYPTION), ret); + + return EXPECT_RESULT(); +} +#endif /* !NO_AES && WOLFSSL_AES_COUNTER && */ + /* (!HAVE_FIPS || FIPS_VERSION_GE(7,0)) && */ + /* !HAVE_SELFTEST && !WOLFSSL_AFALG && */ + /* !WOLFSSL_KCAPI */ + +/* + * Testing function for wc_AesCtrSetKey(). + */ +int test_wc_AesCtrSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_AFALG) && \ + !defined(WOLFSSL_KCAPI) + Aes aes; + byte key16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 + }; + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte badKey16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 + }; + byte iv[] = "1234567890abcdef"; + byte* key; + word32 keyLen; + +#if defined(WOLFSSL_AES_128) + key = key16; + keyLen = (word32)sizeof(key16) / sizeof(byte); +#elif defined(WOLFSSL_AES_192) + key = key24; + keyLen = (word32)sizeof(key24) / sizeof(byte); +#else + key = key32; + keyLen = (word32)sizeof(key32) / sizeof(byte); +#endif + + XMEMSET(&aes, 0, sizeof(Aes)); + + ExpectIntEQ(wc_AesInit(NULL, NULL, INVALID_DEVID), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + + EXPECT_TEST(test_wc_AesCtrSetKey_BadArgs(&aes, key, keyLen, iv)); + +#ifdef WOLFSSL_AES_128 + EXPECT_TEST(test_wc_AesCtrSetKey_WithKey(&aes, key16, + (word32)sizeof(key16) / sizeof(byte), iv, 0)); +#else + EXPECT_TEST(test_wc_AesCtrSetKey_WithKey(&aes, key16, + (word32)sizeof(key16) / sizeof(byte), iv, BAD_FUNC_ARG)); +#endif +#ifdef WOLFSSL_AES_192 + EXPECT_TEST(test_wc_AesCtrSetKey_WithKey(&aes, key24, + (word32)sizeof(key24) / sizeof(byte), iv, 0)); +#else + EXPECT_TEST(test_wc_AesCtrSetKey_WithKey(&aes, key24, + (word32)sizeof(key24) / sizeof(byte), iv, BAD_FUNC_ARG)); +#endif +#ifdef WOLFSSL_AES_256 + EXPECT_TEST(test_wc_AesCtrSetKey_WithKey(&aes, key32, + (word32)sizeof(key32) / sizeof(byte), iv, 0)); +#else + EXPECT_TEST(test_wc_AesCtrSetKey_WithKey(&aes, key32, + (word32)sizeof(key32) / sizeof(byte), iv, BAD_FUNC_ARG)); +#endif + + ExpectIntEQ(wc_AesCtrSetKey(&aes, badKey16, + (word32)sizeof(badKey16) / sizeof(byte), iv, AES_ENCRYPTION), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_AesFree(&aes); +#endif /* !NO_AES && WOLFSSL_AES_COUNTER && */ + /* (!HAVE_FIPS || FIPS_VERSION_GE(7,0)) && */ + /* !HAVE_SELFTEST && !WOLFSSL_AFALG && */ + /* !WOLFSSL_KCAPI */ + + return EXPECT_RESULT(); +} /* END test_wc_AesCtrSetKey */ + +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) +/* Assembly code doing 8 iterations at a time. */ +#define CTR_LEN (9 * WC_AES_BLOCK_SIZE) + +static int test_wc_AesCtrEncrypt_BadArgs(Aes* aes, byte* key, + word32 keyLen, byte* iv) +{ + EXPECT_DECLS; + byte plain[WC_AES_BLOCK_SIZE]; + byte cipher[WC_AES_BLOCK_SIZE]; + byte decrypted[WC_AES_BLOCK_SIZE]; + + XMEMSET(plain, 0, WC_AES_BLOCK_SIZE); + XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE); + XMEMSET(decrypted, 0, WC_AES_BLOCK_SIZE); + +#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_AFALG) && \ + !defined(WOLFSSL_KCAPI) + ExpectIntEQ(wc_AesCtrSetKey(aes, key, keyLen, iv, AES_ENCRYPTION), 0); +#else + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, iv, AES_ENCRYPTION), 0); +#endif + ExpectIntEQ(wc_AesCtrEncrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCtrEncrypt(aes, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCtrEncrypt(NULL, cipher, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCtrEncrypt(NULL, NULL, plain, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCtrEncrypt(aes, cipher, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCtrEncrypt(aes, NULL, plain, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCtrEncrypt(NULL, cipher, plain, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + return EXPECT_RESULT(); +} + +static int test_wc_AesCtrEncrypt_WithKey(Aes* aes, byte* key, + word32 keyLen, byte* iv, byte* vector, byte* vector_enc, word32 vector_len) +{ + EXPECT_DECLS; + byte plain[WC_AES_BLOCK_SIZE * 2]; + byte cipher[WC_AES_BLOCK_SIZE * 2]; + byte decrypted[WC_AES_BLOCK_SIZE * 2]; + + XMEMSET(plain, 0, WC_AES_BLOCK_SIZE * 2); + XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE * 2); + XMEMSET(decrypted, 0, WC_AES_BLOCK_SIZE * 2); + +#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_AFALG) && \ + !defined(WOLFSSL_KCAPI) + ExpectIntEQ(wc_AesCtrSetKey(aes, key, keyLen, iv, AES_ENCRYPTION), 0); +#else + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, iv, AES_ENCRYPTION), 0); +#endif + ExpectIntEQ(wc_AesCtrEncrypt(aes, cipher, vector, vector_len), 0); + ExpectBufEQ(cipher, vector_enc, vector_len); + /* Decrypt with wc_AesCtrEncrypt() */ +#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_AFALG) && \ + !defined(WOLFSSL_KCAPI) + ExpectIntEQ(wc_AesCtrSetKey(aes, key, keyLen, iv, AES_ENCRYPTION), 0); +#else + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, iv, AES_ENCRYPTION), 0); +#endif + ExpectIntEQ(wc_AesCtrEncrypt(aes, decrypted, cipher, vector_len), 0); + ExpectBufEQ(decrypted, vector, vector_len); + + return EXPECT_RESULT(); +} + +static int test_wc_AesCtrEncrypt_Chunking(Aes* aes, byte* key, + word32 keyLen, byte* iv, byte* expected) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_AFALG) || defined(WOLFSSL_KCAPI) + (void)aes; + (void)key; + (void)keyLen; + (void)iv; + (void)expected; +#else + int sz; + int cnt; + WC_DECLARE_VAR(plain, byte, CTR_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, CTR_LEN, NULL); +#ifdef HAVE_AES_DECRYPT + WC_DECLARE_VAR(decrypted, byte, CTR_LEN, NULL); +#endif + + WC_ALLOC_VAR(plain, byte, CTR_LEN, NULL); + WC_ALLOC_VAR(cipher, byte, CTR_LEN, NULL); +#ifdef HAVE_AES_DECRYPT + WC_ALLOC_VAR(decrypted, byte, CTR_LEN, NULL); +#endif + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(plain); + ExpectNotNull(cipher); +#ifdef HAVE_AES_DECRYPT + ExpectNotNull(decrypted); +#endif +#endif + + XMEMSET(plain, 0, CTR_LEN); + XMEMSET(cipher, 0, CTR_LEN); + XMEMSET(decrypted, 0, CTR_LEN); + +#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && \ + !defined(HAVE_SELFTEST) + ExpectIntEQ(wc_AesCtrSetKey(aes, key, keyLen, NULL, AES_ENCRYPTION), 0); +#else + ExpectIntEQ(wc_AesSetKey(aes, key, keyLen, NULL, AES_ENCRYPTION), 0); +#endif + /* Test multiple blocks. */ + for (sz = 1; sz <= CTR_LEN; sz++) { + XMEMSET(cipher, 0x00, CTR_LEN); + ExpectIntEQ(wc_AesSetIV(aes, iv), 0); + for (cnt = 0; cnt + sz <= CTR_LEN; cnt += sz) { + ExpectIntEQ(wc_AesCtrEncrypt(aes, cipher + cnt, plain + cnt, sz), + 0); + } + if (cnt < CTR_LEN) { + ExpectIntEQ(wc_AesCtrEncrypt(aes, cipher + cnt, plain + cnt, + CTR_LEN - cnt), 0); + } + ExpectBufEQ(cipher, expected, CTR_LEN); + } + + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); +#ifdef HAVE_AES_DECRYPT + WC_FREE_VAR(decrypted, NULL); +#endif +#endif /* !WOLFSSL_AFALG && !WOLFSSL_KCAPI */ + return EXPECT_RESULT(); +} + +#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_AFALG) && \ + !defined(WOLFSSL_KCAPI) +static int test_wc_AesCtrEncrypt_SameBuffer(Aes* aes, byte* key, + word32 keyLen, byte* iv, byte* expected) +{ + EXPECT_DECLS; + WC_DECLARE_VAR(plain, byte, CTR_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, CTR_LEN, NULL); + + WC_ALLOC_VAR(plain, byte, CTR_LEN, NULL); + WC_ALLOC_VAR(cipher, byte, CTR_LEN, NULL); + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(plain); + ExpectNotNull(cipher); +#endif + + XMEMSET(plain, 0, CTR_LEN); + + /* Testing using same buffer for input and output. */ + ExpectIntEQ(wc_AesCtrSetKey(aes, key, keyLen, iv, AES_ENCRYPTION), 0); + XMEMCPY(cipher, plain, CTR_LEN); + ExpectIntEQ(wc_AesCtrEncrypt(aes, cipher, cipher, CTR_LEN), 0); + ExpectBufEQ(cipher, expected, CTR_LEN); + + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); + return EXPECT_RESULT(); +} +#endif +#endif + +/* + * Testing wc_AesCtrEncrypt + * Decrypt is an encrypt. + */ +int test_wc_AesCtrEncryptDecrypt(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) + Aes aes; + byte vector[] = { /* Now is the time for all w/o trailing 0 */ + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; +#if defined(WOLFSSL_AES_128) + byte key16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte vector_enc16[] = { + 0x08, 0x75, 0x28, 0xdd, 0xf4, 0x84, 0xb1, 0x05, + 0x5d, 0xeb, 0xbe, 0x75, 0x1e, 0xb5, 0x2b, 0x8a, + 0x39, 0x70, 0x64, 0x06, 0x98, 0xa1, 0x82, 0x35, + }; +#endif +#if defined(WOLFSSL_AES_192) + byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte vector_enc24[] = { + 0x35, 0xb1, 0x24, 0x8c, 0xe1, 0x57, 0xc6, 0xaa, + 0x00, 0xb1, 0x44, 0x6c, 0x49, 0xfb, 0x07, 0x48, + 0xd2, 0xa7, 0x1e, 0x81, 0xcf, 0xa0, 0x72, 0x54, + }; +#endif +#if defined(WOLFSSL_AES_256) + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte vector_enc32[] = { + 0x56, 0x35, 0x3f, 0xdd, 0xde, 0xa6, 0x15, 0x87, + 0x57, 0xdc, 0x34, 0x62, 0x9a, 0x68, 0x96, 0x51, + 0x14, 0xeb, 0xfa, 0xba, 0x30, 0x8e, 0xfb, 0x8a, + }; +#endif +#if defined(WOLFSSL_AES_128) + byte expected16[CTR_LEN] = { + 0x46, 0x1a, 0x5f, 0xfd, 0x9d, 0xf7, 0x91, 0x71, + 0x35, 0x8e, 0x9e, 0x01, 0x77, 0xd8, 0x4e, 0xaa, + 0x5f, 0x1f, 0x16, 0x26, 0xf9, 0xcd, 0xee, 0x15, + 0xce, 0x4d, 0x4d, 0x3d, 0x17, 0x56, 0xa1, 0x48, + 0x36, 0x0b, 0x0e, 0x8b, 0x3d, 0x3b, 0x70, 0x02, + 0x2e, 0xd1, 0x0b, 0x61, 0x51, 0x05, 0xd6, 0x2b, + 0x4b, 0xb9, 0xaf, 0x26, 0x27, 0xed, 0x41, 0x50, + 0x08, 0xaf, 0xdd, 0xbf, 0x5b, 0x12, 0x4b, 0xb2, + 0x80, 0xd5, 0xba, 0x31, 0x31, 0x70, 0xfa, 0xfd, + 0x15, 0x19, 0x1e, 0x35, 0xc9, 0x10, 0x96, 0x6c, + 0xe4, 0x38, 0x61, 0xd8, 0x95, 0x30, 0x4d, 0xca, + 0xd8, 0x68, 0xc9, 0xdc, 0x6f, 0x8b, 0x86, 0x26, + 0x11, 0xee, 0x2d, 0x01, 0xd3, 0x0e, 0x35, 0xa2, + 0x4b, 0x26, 0x22, 0x8c, 0xd0, 0x4e, 0xda, 0x5d, + 0x49, 0x1e, 0x6d, 0xfa, 0x33, 0xcb, 0xa0, 0x0f, + 0x86, 0x8f, 0x83, 0xff, 0x3d, 0xbe, 0x6e, 0xfa, + 0xd2, 0x2b, 0x3e, 0x70, 0x21, 0x1c, 0xe8, 0x7b, + 0xe4, 0x01, 0x2c, 0xd0, 0x82, 0xe2, 0x7a, 0x4a, + }; +#elif defined(WOLFSSL_AES_192) + byte expected24[CTR_LEN] = { + 0x7b, 0xde, 0x53, 0xac, 0x88, 0x24, 0xe6, 0xde, + 0x68, 0xd4, 0x64, 0x18, 0x20, 0x96, 0x62, 0x68, + 0xb4, 0xc8, 0x6c, 0xa1, 0xae, 0xcc, 0x1e, 0x74, + 0x2a, 0xd6, 0x69, 0x5c, 0x71, 0x76, 0x92, 0x5b, + 0xd8, 0x61, 0xfa, 0x70, 0x8c, 0x80, 0x3e, 0xfc, + 0xdc, 0xd8, 0xbb, 0x31, 0x22, 0x47, 0x78, 0x02, + 0x5b, 0xa2, 0xb5, 0xb1, 0x41, 0x88, 0xc4, 0x84, + 0x82, 0xd7, 0x20, 0x11, 0xdc, 0x58, 0xea, 0xf9, + 0x2c, 0x43, 0x50, 0xc2, 0x33, 0x15, 0x58, 0x14, + 0xd0, 0xf3, 0xe5, 0xe1, 0x17, 0x86, 0x4b, 0xfb, + 0xdd, 0x83, 0xa3, 0xdd, 0x3a, 0xcc, 0x82, 0x05, + 0xb9, 0xf2, 0xfd, 0x8d, 0x3c, 0x08, 0x5f, 0xd9, + 0x79, 0x2d, 0xa3, 0xa0, 0xeb, 0xa3, 0xa2, 0xfe, + 0x7b, 0x2b, 0xf9, 0x5d, 0x32, 0x52, 0xeb, 0xee, + 0xe1, 0x68, 0xff, 0xe7, 0xb3, 0x0c, 0x08, 0x74, + 0x8d, 0x3b, 0xa9, 0x17, 0x4c, 0x2a, 0xc7, 0x97, + 0x99, 0xb7, 0xaf, 0x86, 0x17, 0xf9, 0xe4, 0x2c, + 0x5a, 0x4d, 0x6d, 0x7f, 0xfe, 0xb8, 0xaa, 0x9b, + }; +#else + byte expected32[CTR_LEN] = { + 0x18, 0x5a, 0x48, 0xfd, 0xb7, 0xd5, 0x35, 0xf3, + 0x3f, 0xb9, 0x14, 0x16, 0xf3, 0x05, 0xf3, 0x71, + 0x72, 0x84, 0x88, 0x9a, 0x51, 0xe2, 0x97, 0xaa, + 0x65, 0xc1, 0x3c, 0x0b, 0x1e, 0x9f, 0x29, 0xb8, + 0xf4, 0xc8, 0x16, 0x9c, 0x47, 0x42, 0x0a, 0x9e, + 0xae, 0xf0, 0x75, 0x9b, 0x54, 0xdd, 0x8a, 0xa4, + 0x28, 0x97, 0xc1, 0x5a, 0xbb, 0x08, 0x52, 0x73, + 0xf7, 0x67, 0xa4, 0xb8, 0xc9, 0x37, 0x8d, 0x9e, + 0x23, 0x27, 0x68, 0xca, 0x2b, 0xb5, 0xd0, 0x1c, + 0x11, 0xe2, 0x2e, 0x7e, 0x17, 0x6b, 0x38, 0x99, + 0x82, 0x0c, 0x65, 0xed, 0x33, 0xd8, 0xa4, 0x47, + 0x43, 0x9c, 0x16, 0xa6, 0xab, 0x5d, 0x39, 0xad, + 0x88, 0x6a, 0x50, 0x86, 0xd4, 0x95, 0x1b, 0x91, + 0xb3, 0x91, 0x7d, 0x06, 0xe0, 0xfc, 0x5e, 0xd1, + 0xaf, 0x4c, 0xb3, 0xdb, 0x01, 0x01, 0xc9, 0x09, + 0xf1, 0x7b, 0x2b, 0x87, 0xe4, 0xcd, 0x93, 0x22, + 0x07, 0xdc, 0x35, 0x46, 0x8a, 0x1d, 0xf5, 0xe4, + 0x23, 0x01, 0x67, 0x00, 0x66, 0x7b, 0xd6, 0x56, + }; +#endif + byte iv[] = "1234567890abcdef"; + byte* key; + word32 keyLen; + byte* expected; + +#if defined(WOLFSSL_AES_128) + key = key16; + keyLen = (word32)sizeof(key16) / sizeof(byte); + expected = expected16; +#elif defined(WOLFSSL_AES_192) + key = key24; + keyLen = (word32)sizeof(key24) / sizeof(byte); + expected = expected24; +#else + key = key32; + keyLen = (word32)sizeof(key32) / sizeof(byte); + expected = expected32; +#endif + + /* Init stack variables. */ + XMEMSET(&aes, 0, sizeof(Aes)); + + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + + EXPECT_TEST(test_wc_AesCtrEncrypt_BadArgs(&aes, key, keyLen, iv)); + +#ifdef WOLFSSL_AES_128 + EXPECT_TEST(test_wc_AesCtrEncrypt_WithKey(&aes, key16, + (word32)sizeof(key16) / sizeof(byte), iv, vector, vector_enc16, + (word32)sizeof(vector) / sizeof(byte))); +#endif +#ifdef WOLFSSL_AES_192 + EXPECT_TEST(test_wc_AesCtrEncrypt_WithKey(&aes, key24, + (word32)sizeof(key24) / sizeof(byte), iv, vector, vector_enc24, + (word32)sizeof(vector) / sizeof(byte))); +#endif +#ifdef WOLFSSL_AES_256 + EXPECT_TEST(test_wc_AesCtrEncrypt_WithKey(&aes, key32, + (word32)sizeof(key32) / sizeof(byte), iv, vector, vector_enc32, + (word32)sizeof(vector) / sizeof(byte))); +#endif + + EXPECT_TEST(test_wc_AesCtrEncrypt_Chunking(&aes, key, keyLen, iv, + expected)); +#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_AFALG) && \ + !defined(WOLFSSL_KCAPI) + EXPECT_TEST(test_wc_AesCtrEncrypt_SameBuffer(&aes, key, keyLen, iv, + expected)); +#endif + + wc_AesFree(&aes); +#endif + return EXPECT_RESULT(); +} /* END test_wc_AesCtrEncryptDecrypt */ + +/******************************************************************************* + * AES-GCM + ******************************************************************************/ + +/* + * test function for wc_AesGcmSetKey() + */ +int test_wc_AesGcmSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AESGCM) + Aes aes; +#ifdef WOLFSSL_AES_128 + byte key16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; +#endif +#ifdef WOLFSSL_AES_192 + byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 + }; +#endif +#ifdef WOLFSSL_AES_256 + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; +#endif + byte badKey16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 + }; + byte badKey24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36 + }; + byte badKey32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x37, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65 + }; + byte* key; + word32 keyLen; + +#ifdef WOLFSSL_AES_128 + key = key16; + keyLen = sizeof(key16)/sizeof(byte); +#elif defined(WOLFSSL_AES_192) + key = key24; + keyLen = sizeof(key24)/sizeof(byte); +#else + key = key32; + keyLen = sizeof(key32)/sizeof(byte); +#endif + + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(wc_AesGcmSetKey(&aes, key16, sizeof(key16)/sizeof(byte)), 0); +#endif +#ifdef WOLFSSL_AES_192 + ExpectIntEQ(wc_AesGcmSetKey(&aes, key24, sizeof(key24)/sizeof(byte)), 0); +#endif +#ifdef WOLFSSL_AES_256 + ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0); +#endif + + /* Pass in bad args. */ + ExpectIntEQ(wc_AesGcmSetKey(NULL, NULL, keyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmSetKey(NULL, key, keyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#if (!defined(HAVE_FIPS) || !defined(HAVE_FIPS_VERSION) || \ + (HAVE_FIPS_VERSION > 6)) && !defined(HAVE_SELFTEST) + ExpectIntEQ(wc_AesGcmSetKey(&aes, NULL, keyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey16, sizeof(badKey16)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey24, sizeof(badKey24)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmSetKey(&aes, badKey32, sizeof(badKey32)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_AesFree(&aes); +#endif + return EXPECT_RESULT(); +} /* END test_wc_AesGcmSetKey */ + +int test_wc_AesGcmEncryptDecrypt_Sizes(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \ + !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_KCAPI) + #define GCM_LEN (WC_AES_BLOCK_SIZE * 16) + byte expTagShort[WC_AES_BLOCK_SIZE][WC_AES_BLOCK_SIZE] = { + { + 0x41, 0x5d, 0x72, 0x1e, 0xe0, 0x17, 0x7c, 0xe2, + 0x33, 0xfb, 0x0e, 0xab, 0x5a, 0x08, 0x4c, 0xb0, + }, + { + 0x26, 0xe8, 0xc0, 0x9f, 0xbc, 0x70, 0x1d, 0x7e, + 0x22, 0x43, 0x26, 0x1b, 0x21, 0x9d, 0x2c, 0x5b, + }, + { + 0x94, 0x8f, 0x24, 0xeb, 0xd1, 0x5b, 0x3d, 0x2a, + 0x31, 0xf2, 0xe4, 0xf9, 0x07, 0xc8, 0xe7, 0x63, + }, + { + 0x62, 0xa9, 0x79, 0x97, 0x6c, 0x93, 0x77, 0x52, + 0x2f, 0xbf, 0x51, 0xb2, 0xc2, 0xf7, 0xe5, 0xf4, + }, + { + 0xa5, 0x44, 0xfd, 0x3c, 0x16, 0x2a, 0x05, 0x7a, + 0x52, 0xe1, 0xed, 0x13, 0x49, 0x81, 0x93, 0x7a, + }, + { + 0xe5, 0x3b, 0xd4, 0xc9, 0x9f, 0x9e, 0xf0, 0x55, + 0xcd, 0x80, 0xb7, 0x42, 0xa4, 0xaf, 0x33, 0x88, + }, + { + 0x65, 0xa8, 0xc9, 0xa7, 0x8b, 0xdb, 0x80, 0xfe, + 0x40, 0xfe, 0xb6, 0xe4, 0x00, 0xf9, 0x23, 0x72, + }, + { + 0xe0, 0x1e, 0xec, 0x38, 0x45, 0xf0, 0x9c, 0x82, + 0x72, 0xac, 0x2f, 0xec, 0x3b, 0x2b, 0xfe, 0x75, + }, + { + 0xea, 0xb4, 0x5b, 0x4d, 0x76, 0x98, 0xc8, 0x34, + 0x07, 0x1d, 0x7b, 0xaf, 0x36, 0xfa, 0x72, 0x9b, + }, + { + 0xcf, 0x2b, 0x12, 0x7a, 0x5a, 0x5a, 0x73, 0x73, + 0xb5, 0xb6, 0xb6, 0xb0, 0x42, 0xa5, 0xc0, 0x23, + }, + { + 0xc1, 0x14, 0x52, 0xd0, 0xd0, 0x1d, 0xca, 0xce, + 0x2e, 0x4c, 0xd8, 0x94, 0x62, 0x92, 0xf6, 0x9c, + }, + { + 0x5b, 0xd9, 0xa6, 0x8c, 0x34, 0x0e, 0x81, 0xaf, + 0x09, 0xc3, 0x44, 0x74, 0x35, 0xce, 0x89, 0x92, + }, + { + 0xdc, 0x9f, 0xd0, 0xd5, 0xaa, 0x38, 0xe2, 0xce, + 0x75, 0x88, 0x64, 0xee, 0x7a, 0x5d, 0x44, 0xa4, + }, + { + 0xc3, 0x35, 0xfe, 0xa9, 0x9d, 0x3d, 0x75, 0xb7, + 0xba, 0xdd, 0x9e, 0xa5, 0x5d, 0xd3, 0x65, 0x80, + }, + { + 0x1d, 0x1a, 0x04, 0x99, 0xb5, 0x8b, 0xe8, 0xec, + 0x81, 0xd1, 0xde, 0xd3, 0x3a, 0x09, 0xb4, 0x9f, + }, + { + 0xb8, 0x14, 0x0a, 0xc3, 0x8b, 0x88, 0x87, 0xa1, + 0xdf, 0xfa, 0x6d, 0x15, 0x70, 0xde, 0xff, 0x3b, + }, + }; + byte expected[GCM_LEN] = { + 0x9a, 0x10, 0xb2, 0x60, 0x38, 0x65, 0x46, 0x81, + 0xc0, 0xa7, 0x0d, 0x3f, 0x5b, 0x4f, 0x27, + }; + byte expTagLong[][WC_AES_BLOCK_SIZE] = { + { + 0xdd, 0x1c, 0x3d, 0x12, 0xa4, 0x16, 0xa5, 0xf7, + 0x67, 0xc5, 0x58, 0xb8, 0xda, 0x22, 0x6c, 0x22, + }, + { + 0xbe, 0x5e, 0x04, 0x61, 0xae, 0x36, 0x61, 0xfb, + 0x86, 0x66, 0xda, 0x62, 0xaa, 0x36, 0x7e, 0x22, + }, + { + 0x18, 0xc3, 0xf5, 0xcf, 0x76, 0x24, 0xd4, 0x5c, + 0xbb, 0xeb, 0xb3, 0x0a, 0x7a, 0x53, 0x64, 0x9b, + }, + { + 0xe0, 0xaa, 0xe9, 0x10, 0x41, 0x16, 0x72, 0x1b, + 0x16, 0xd6, 0xd9, 0xcd, 0x2f, 0xe4, 0xd2, 0xe8, + }, + { + 0xfa, 0xdc, 0x28, 0x4a, 0x65, 0x96, 0xe0, 0x73, + 0xfb, 0xcd, 0x2b, 0x35, 0xa0, 0x68, 0xde, 0x60, + }, + }; + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + Aes aes; + byte tag[WC_AES_BLOCK_SIZE]; + byte iv[] = "1234567890a"; + word32 ivLen = (word32)sizeof(iv)/sizeof(byte); + int sz; + int i; + WC_DECLARE_VAR(plain, byte, GCM_LEN, NULL); + WC_DECLARE_VAR(cipher, byte, GCM_LEN, NULL); +#ifdef HAVE_AES_DECRYPT + WC_DECLARE_VAR(decrypted, byte, GCM_LEN, NULL); +#endif + + WC_ALLOC_VAR(plain, byte, GCM_LEN, NULL); + WC_ALLOC_VAR(cipher, byte, GCM_LEN, NULL); +#ifdef HAVE_AES_DECRYPT + WC_ALLOC_VAR(decrypted, byte, GCM_LEN, NULL); +#endif + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(plain); + ExpectNotNull(cipher); +#ifdef HAVE_AES_DECRYPT + ExpectNotNull(decrypted); +#endif +#endif + + XMEMSET(&aes, 0, sizeof(Aes)); + XMEMSET(plain, 0xa5, GCM_LEN); + + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + + ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0); + for (sz = 0; sz < WC_AES_BLOCK_SIZE; sz++) { + XMEMSET(cipher, 0, GCM_LEN); + ExpectIntEQ(wc_AesGcmEncrypt(&aes, cipher, plain, sz, iv, ivLen, tag, + sizeof(tag), NULL, 0), 0); + ExpectBufEQ(cipher, expected, sz); + ExpectBufEQ(tag, expTagShort[sz], WC_AES_BLOCK_SIZE); + +#ifdef HAVE_AES_DECRYPT + XMEMSET(decrypted, 0xff, GCM_LEN); + ExpectIntEQ(wc_AesGcmDecrypt(&aes, decrypted, cipher, sz, iv, ivLen, + tag, sizeof(tag), NULL, 0), 0); + ExpectBufEQ(decrypted, plain, sz); +#endif + } + + i = 0; + for (sz = WC_AES_BLOCK_SIZE; sz <= GCM_LEN; sz *= 2) { + XMEMSET(cipher, 0, GCM_LEN); + ExpectIntEQ(wc_AesGcmEncrypt(&aes, cipher, plain, sz, iv, ivLen, tag, + sizeof(tag), NULL, 0), 0); + ExpectBufEQ(tag, expTagLong[i], WC_AES_BLOCK_SIZE); + i++; + +#ifdef HAVE_AES_DECRYPT + XMEMSET(decrypted, 0xff, GCM_LEN); + ExpectIntEQ(wc_AesGcmDecrypt(&aes, decrypted, cipher, sz, iv, ivLen, + tag, sizeof(tag), NULL, 0), 0); + ExpectBufEQ(decrypted, plain, sz); +#endif + } + + wc_AesFree(&aes); + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); +#ifdef HAVE_AES_DECRYPT + WC_FREE_VAR(decrypted, NULL); +#endif +#endif + return EXPECT_RESULT(); +} + +/* + * test function for wc_AesGcmEncrypt and wc_AesGcmDecrypt + */ +int test_wc_AesGcmEncryptDecrypt(void) +{ + EXPECT_DECLS; + /* WOLFSSL_AFALG requires 12 byte IV */ +#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \ + !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO_AES) + Aes aes; + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + byte vector[] = { /* Now is the time for all w/o trailing 0 */ + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + const byte a[] = { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 + }; + byte iv[] = "1234567890a"; + byte longIV[] = "1234567890abcdefghij"; + byte enc[sizeof(vector)]; + byte resultT[WC_AES_BLOCK_SIZE]; + byte dec[sizeof(vector)]; + + /* Init stack variables. */ + XMEMSET(&aes, 0, sizeof(Aes)); + XMEMSET(enc, 0, sizeof(vector)); + XMEMSET(dec, 0, sizeof(vector)); + XMEMSET(resultT, 0, WC_AES_BLOCK_SIZE); + + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + + ExpectIntEQ(wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)), 0); + ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0); + ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), 0); + ExpectIntEQ(XMEMCMP(vector, dec, sizeof(vector)), 0); + + /* Test bad args for wc_AesGcmEncrypt and wc_AesGcmDecrypt */ + ExpectIntEQ(wc_AesGcmEncrypt(NULL, enc, vector, sizeof(vector), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) - 5, a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#if (defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST) || \ + defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) + /* FIPS does not check the lower bound of ivSz */ +#else + ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), iv, 0, + resultT, sizeof(resultT), a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + /* This case is now considered good. Long IVs are now allowed. + * Except for the original FIPS release, it still has an upper + * bound on the IV length. */ +#if (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \ + !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) + ExpectIntEQ(wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV, + sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), + 0); +#else + (void)longIV; +#endif /* Old FIPS */ + /* END wc_AesGcmEncrypt */ + +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), NULL, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT), a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, + sizeof(iv)/sizeof(byte), NULL, sizeof(resultT), a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #if (defined(HAVE_FIPS) && FIPS_VERSION_LE(2,0) && defined(WOLFSSL_ARMASM)) + ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)), + WC_NO_ERR_TRACE(AES_GCM_AUTH_E)); + #else + ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), iv, + sizeof(iv)/sizeof(byte), resultT, sizeof(resultT) + 1, a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif + #if ((defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION == 2)) || defined(HAVE_SELFTEST)) && \ + !defined(WOLFSSL_AES_GCM_FIXED_IV_AAD) + /* FIPS does not check the lower bound of ivSz */ + #else + ExpectIntEQ(wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), + iv, 0, resultT, sizeof(resultT), a, sizeof(a)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif +#endif /* HAVE_AES_DECRYPT */ + + wc_AesFree(&aes); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_AesGcmEncryptDecrypt */ + +/* + * test function for mixed (one-shot encryption + stream decryption) AES GCM + * using a long IV (older FIPS does NOT support long IVs). Relates to zd15423 + */ +int test_wc_AesGcmMixedEncDecLongIV(void) +{ + EXPECT_DECLS; +#if (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) && \ + !defined(NO_AES) && defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) && \ + defined(WOLFSSL_AESGCM_STREAM) + const byte key[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + const byte in[] = { + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + const byte aad[] = { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 + }; + Aes aesEnc; + Aes aesDec; + byte iv[] = "1234567890abcdefghij"; + byte out[sizeof(in)]; + byte plain[sizeof(in)]; + byte tag[WC_AES_BLOCK_SIZE]; + + XMEMSET(&aesEnc, 0, sizeof(Aes)); + XMEMSET(&aesDec, 0, sizeof(Aes)); + XMEMSET(out, 0, sizeof(out)); + XMEMSET(plain, 0, sizeof(plain)); + XMEMSET(tag, 0, sizeof(tag)); + + /* Perform one-shot encryption using long IV */ + ExpectIntEQ(wc_AesInit(&aesEnc, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesGcmSetKey(&aesEnc, key, sizeof(key)), 0); + ExpectIntEQ(wc_AesGcmEncrypt(&aesEnc, out, in, sizeof(in), iv, sizeof(iv), + tag, sizeof(tag), aad, sizeof(aad)), 0); + + /* Perform streaming decryption using long IV */ + ExpectIntEQ(wc_AesInit(&aesDec, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesGcmInit(&aesDec, key, sizeof(key), iv, sizeof(iv)), 0); + ExpectIntEQ(wc_AesGcmDecryptUpdate(&aesDec, plain, out, sizeof(out), aad, + sizeof(aad)), 0); + ExpectIntEQ(wc_AesGcmDecryptFinal(&aesDec, tag, sizeof(tag)), 0); + ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); + + /* Free resources */ + wc_AesFree(&aesEnc); + wc_AesFree(&aesDec); +#endif + return EXPECT_RESULT(); + +} /* END wc_AesGcmMixedEncDecLongIV */ + +/* + * Testing streaming AES-GCM API. + */ +int test_wc_AesGcmStream(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(WOLFSSL_AES_128) && defined(HAVE_AESGCM) && \ + defined(WOLFSSL_AESGCM_STREAM) + int i; + WC_RNG rng[1]; + Aes aesEnc[1]; + Aes aesDec[1]; + byte tag[WC_AES_BLOCK_SIZE]; + byte in[WC_AES_BLOCK_SIZE * 3 + 2] = { 0, }; + byte out[WC_AES_BLOCK_SIZE * 3 + 2]; + byte plain[WC_AES_BLOCK_SIZE * 3 + 2]; + byte aad[WC_AES_BLOCK_SIZE * 3 + 2] = { 0, }; + byte key[AES_128_KEY_SIZE] = { 0, }; + byte iv[AES_IV_SIZE] = { 1, }; + byte ivOut[AES_IV_SIZE]; + static const byte expTagAAD1[WC_AES_BLOCK_SIZE] = { + 0x6c, 0x35, 0xe6, 0x7f, 0x59, 0x9e, 0xa9, 0x2f, + 0x27, 0x2d, 0x5f, 0x8e, 0x7e, 0x42, 0xd3, 0x05 + }; + static const byte expTagPlain1[WC_AES_BLOCK_SIZE] = { + 0x24, 0xba, 0x57, 0x95, 0xd0, 0x27, 0x9e, 0x78, + 0x3a, 0x88, 0x4c, 0x0a, 0x5d, 0x50, 0x23, 0xd1 + }; + static const byte expTag[WC_AES_BLOCK_SIZE] = { + 0x22, 0x91, 0x70, 0xad, 0x42, 0xc3, 0xad, 0x96, + 0xe0, 0x31, 0x57, 0x60, 0xb7, 0x92, 0xa3, 0x6d + }; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(&aesEnc, 0, sizeof(Aes)); + XMEMSET(&aesDec, 0, sizeof(Aes)); + + /* Create a random for generating IV/nonce. */ + ExpectIntEQ(wc_InitRng(rng), 0); + + /* Initialize data structures. */ + ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); + + /* BadParameters to streaming init. */ + ExpectIntEQ(wc_AesGcmEncryptInit(NULL, NULL, 0, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptInit(NULL, NULL, 0, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, AES_128_KEY_SIZE, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptInit(aesEnc, NULL, 0, NULL, GCM_NONCE_MID_SZ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Bad parameters to encrypt update. */ + ExpectIntEQ(wc_AesGcmEncryptUpdate(NULL, NULL, NULL, 0, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 1, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, in, 1, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, NULL, 1, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Bad parameters to decrypt update. */ + ExpectIntEQ(wc_AesGcmDecryptUpdate(NULL, NULL, NULL, 0, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 1, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, in, 1, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, out, NULL, 1, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Bad parameters to encrypt final. */ + ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, tag, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptFinal(NULL, NULL, WC_AES_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, NULL, WC_AES_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE + 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Bad parameters to decrypt final. */ + ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, tag, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptFinal(NULL, NULL, WC_AES_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, NULL, WC_AES_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE + 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Check calling final before setting key fails. */ + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), + WC_NO_ERR_TRACE(MISSING_KEY)); + ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), + WC_NO_ERR_TRACE(MISSING_KEY)); + /* Check calling update before setting key else fails. */ + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), + WC_NO_ERR_TRACE(MISSING_KEY)); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), + WC_NO_ERR_TRACE(MISSING_KEY)); + + /* Set key but not IV. */ + ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), NULL, 0), 0); + ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), NULL, 0), 0); + /* Check calling final before setting IV fails. */ + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, sizeof(tag)), + WC_NO_ERR_TRACE(MISSING_IV)); + ExpectIntEQ(wc_AesGcmEncryptFinal(aesDec, tag, sizeof(tag)), + WC_NO_ERR_TRACE(MISSING_IV)); + /* Check calling update before setting IV else fails. */ + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), + WC_NO_ERR_TRACE(MISSING_IV)); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), + WC_NO_ERR_TRACE(MISSING_IV)); + + /* Set IV using fixed part IV and external IV APIs. */ + ExpectIntEQ(wc_AesGcmSetIV(aesEnc, GCM_NONCE_MID_SZ, iv, AES_IV_FIXED_SZ, + rng), 0); + ExpectIntEQ(wc_AesGcmEncryptInit_ex(aesEnc, NULL, 0, ivOut, + GCM_NONCE_MID_SZ), 0); + ExpectIntEQ(wc_AesGcmSetExtIV(aesDec, ivOut, GCM_NONCE_MID_SZ), 0); + ExpectIntEQ(wc_AesGcmInit(aesDec, NULL, 0, NULL, 0), 0); + /* Encrypt and decrypt data. */ + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, aad, 1), 0); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, aad, 1), 0); + ExpectIntEQ(XMEMCMP(plain, in, 1), 0); + /* Finalize and check tag matches. */ + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0); + + /* Set key and IV through streaming init API. */ + wc_AesFree(aesEnc); + wc_AesFree(aesDec); + ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); + ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); + /* Encrypt/decrypt one block and AAD of one block. */ + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, WC_AES_BLOCK_SIZE, aad, + WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, WC_AES_BLOCK_SIZE, + aad, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(XMEMCMP(plain, in, WC_AES_BLOCK_SIZE), 0); + /* Finalize and check tag matches. */ + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0); + + /* Set key and IV through streaming init API. */ + wc_AesFree(aesEnc); + wc_AesFree(aesDec); + ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); + ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); + /* No data to encrypt/decrypt one byte of AAD. */ + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad, 1), 0); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad, 1), 0); + /* Finalize and check tag matches. */ + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(XMEMCMP(tag, expTagAAD1, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0); + + /* Set key and IV through streaming init API. */ + wc_AesFree(aesEnc); + wc_AesFree(aesDec); + ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); + ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); + /* Encrypt/decrypt one byte and no AAD. */ + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out, in, 1, NULL, 0), 0); + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain, out, 1, NULL, 0), 0); + ExpectIntEQ(XMEMCMP(plain, in, 1), 0); + /* Finalize and check tag matches. */ + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(XMEMCMP(tag, expTagPlain1, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0); + + /* Set key and IV through streaming init API. */ + wc_AesFree(aesEnc); + wc_AesFree(aesDec); + ExpectIntEQ(wc_AesInit(aesEnc, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesGcmInit(aesEnc, key, sizeof(key), iv, AES_IV_SIZE), 0); + ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); + /* Encryption AES is one byte at a time */ + for (i = 0; i < (int)sizeof(aad); i++) { + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, NULL, NULL, 0, aad + i, 1), + 0); + } + for (i = 0; i < (int)sizeof(in); i++) { + ExpectIntEQ(wc_AesGcmEncryptUpdate(aesEnc, out + i, in + i, 1, NULL, 0), + 0); + } + /* Decryption AES is two bytes at a time */ + for (i = 0; i < (int)sizeof(aad); i += 2) { + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, NULL, NULL, 0, aad + i, 2), + 0); + } + for (i = 0; i < (int)sizeof(aad); i += 2) { + ExpectIntEQ(wc_AesGcmDecryptUpdate(aesDec, plain + i, out + i, 2, NULL, + 0), 0); + } + ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); + /* Finalize and check tag matches. */ + ExpectIntEQ(wc_AesGcmEncryptFinal(aesEnc, tag, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(XMEMCMP(tag, expTag, WC_AES_BLOCK_SIZE), 0); + ExpectIntEQ(wc_AesGcmDecryptFinal(aesDec, tag, WC_AES_BLOCK_SIZE), 0); + + /* Check streaming encryption can be decrypted with one shot. */ + wc_AesFree(aesDec); + ExpectIntEQ(wc_AesInit(aesDec, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesGcmInit(aesDec, key, sizeof(key), iv, AES_IV_SIZE), 0); + ExpectIntEQ(wc_AesGcmSetKey(aesDec, key, sizeof(key)), 0); + ExpectIntEQ(wc_AesGcmDecrypt(aesDec, plain, out, sizeof(in), iv, + AES_IV_SIZE, tag, WC_AES_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(plain, in, sizeof(in)), 0); + + wc_AesFree(aesEnc); + wc_AesFree(aesDec); + wc_FreeRng(rng); +#endif + return EXPECT_RESULT(); +} /* END test_wc_AesGcmStream */ + +/******************************************************************************* + * GMAC + ******************************************************************************/ + +/* + * unit test for wc_GmacSetKey() + */ +int test_wc_GmacSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AESGCM) + Gmac gmac; + byte key16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; +#ifdef WOLFSSL_AES_192 + byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 + }; +#endif +#ifdef WOLFSSL_AES_256 + byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; +#endif + byte badKey16[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x66 + }; + byte badKey24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 + }; + byte badKey32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + + XMEMSET(&gmac, 0, sizeof(Gmac)); + + ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0); + +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)/sizeof(byte)), 0); +#endif +#ifdef WOLFSSL_AES_192 + ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0); +#endif +#ifdef WOLFSSL_AES_256 + ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0); +#endif + + /* Pass in bad args. */ + ExpectIntEQ(wc_GmacSetKey(NULL, key16, sizeof(key16)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_GmacSetKey(&gmac, NULL, sizeof(key16)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_GmacSetKey(&gmac, badKey16, sizeof(badKey16)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_GmacSetKey(&gmac, badKey24, sizeof(badKey24)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_GmacSetKey(&gmac, badKey32, sizeof(badKey32)/sizeof(byte)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_AesFree(&gmac.aes); +#endif + return EXPECT_RESULT(); +} /* END test_wc_GmacSetKey */ + +/* + * unit test for wc_GmacUpdate + */ +int test_wc_GmacUpdate(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AESGCM) + Gmac gmac; +#ifdef WOLFSSL_AES_128 + const byte key16[] = { + 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01, + 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8 + }; +#endif +#ifdef WOLFSSL_AES_192 + byte key24[] = { + 0x41, 0xc5, 0xda, 0x86, 0x67, 0xef, 0x72, 0x52, + 0x20, 0xff, 0xe3, 0x9a, 0xe0, 0xac, 0x59, 0x0a, + 0xc9, 0xfc, 0xa7, 0x29, 0xab, 0x60, 0xad, 0xa0 + }; +#endif +#ifdef WOLFSSL_AES_256 + byte key32[] = { + 0x78, 0xdc, 0x4e, 0x0a, 0xaf, 0x52, 0xd9, 0x35, + 0xc3, 0xc0, 0x1e, 0xea, 0x57, 0x42, 0x8f, 0x00, + 0xca, 0x1f, 0xd4, 0x75, 0xf5, 0xda, 0x86, 0xa4, + 0x9c, 0x8d, 0xd7, 0x3d, 0x68, 0xc8, 0xe2, 0x23 + }; +#endif +#ifdef WOLFSSL_AES_128 + const byte authIn[] = { + 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9, + 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77 + }; +#endif +#ifdef WOLFSSL_AES_192 + const byte authIn2[] = { + 0x8b, 0x5c, 0x12, 0x4b, 0xef, 0x6e, 0x2f, 0x0f, + 0xe4, 0xd8, 0xc9, 0x5c, 0xd5, 0xfa, 0x4c, 0xf1 + }; +#endif + const byte authIn3[] = { + 0xb9, 0x6b, 0xaa, 0x8c, 0x1c, 0x75, 0xa6, 0x71, + 0xbf, 0xb2, 0xd0, 0x8d, 0x06, 0xbe, 0x5f, 0x36 + }; +#ifdef WOLFSSL_AES_128 + const byte tag1[] = { /* Known. */ + 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43, + 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b + }; +#endif +#ifdef WOLFSSL_AES_192 + const byte tag2[] = { /* Known */ + 0x20, 0x4b, 0xdb, 0x1b, 0xd6, 0x21, 0x54, 0xbf, + 0x08, 0x92, 0x2a, 0xaa, 0x54, 0xee, 0xd7, 0x05 + }; +#endif + const byte tag3[] = { /* Known */ + 0x3e, 0x5d, 0x48, 0x6a, 0xa2, 0xe3, 0x0b, 0x22, + 0xe0, 0x40, 0xb8, 0x57, 0x23, 0xa0, 0x6e, 0x76 + }; +#ifdef WOLFSSL_AES_128 + const byte iv[] = { + 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94, + 0xe2, 0x8c, 0x8f, 0x16 + }; +#endif +#ifdef WOLFSSL_AES_192 + const byte iv2[] = { + 0x05, 0xad, 0x13, 0xa5, 0xe2, 0xc2, 0xab, 0x66, + 0x7e, 0x1a, 0x6f, 0xbc + }; +#endif + const byte iv3[] = { + 0xd7, 0x9c, 0xf2, 0x2d, 0x50, 0x4c, 0xc7, 0x93, + 0xc3, 0xfb, 0x6c, 0x8a + }; + byte tagOut[16]; + byte tagOut2[24]; + byte tagOut3[32]; + + /* Init stack variables. */ + XMEMSET(&gmac, 0, sizeof(Gmac)); + XMEMSET(tagOut, 0, sizeof(tagOut)); + XMEMSET(tagOut2, 0, sizeof(tagOut2)); + XMEMSET(tagOut3, 0, sizeof(tagOut3)); + +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_GmacSetKey(&gmac, key16, sizeof(key16)), 0); + ExpectIntEQ(wc_GmacUpdate(&gmac, iv, sizeof(iv), authIn, sizeof(authIn), + tagOut, sizeof(tag1)), 0); + ExpectIntEQ(XMEMCMP(tag1, tagOut, sizeof(tag1)), 0); + wc_AesFree(&gmac.aes); +#endif + +#ifdef WOLFSSL_AES_192 + ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac))); + ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_GmacSetKey(&gmac, key24, sizeof(key24)/sizeof(byte)), 0); + ExpectIntEQ(wc_GmacUpdate(&gmac, iv2, sizeof(iv2), authIn2, sizeof(authIn2), + tagOut2, sizeof(tag2)), 0); + ExpectIntEQ(XMEMCMP(tagOut2, tag2, sizeof(tag2)), 0); + wc_AesFree(&gmac.aes); +#endif + +#ifdef WOLFSSL_AES_256 + ExpectNotNull(XMEMSET(&gmac, 0, sizeof(Gmac))); + ExpectIntEQ(wc_AesInit(&gmac.aes, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_GmacSetKey(&gmac, key32, sizeof(key32)/sizeof(byte)), 0); + ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), + tagOut3, sizeof(tag3)), 0); + ExpectIntEQ(XMEMCMP(tag3, tagOut3, sizeof(tag3)), 0); + wc_AesFree(&gmac.aes); +#endif + + /* Pass bad args. */ + ExpectIntEQ(wc_AesInit(&gmac.aes, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_GmacUpdate(NULL, iv3, sizeof(iv3), authIn3, sizeof(authIn3), + tagOut3, sizeof(tag3)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), + tagOut3, sizeof(tag3) - 5), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_GmacUpdate(&gmac, iv3, sizeof(iv3), authIn3, sizeof(authIn3), + tagOut3, sizeof(tag3) + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + wc_AesFree(&gmac.aes); + +#endif + return EXPECT_RESULT(); +} /* END test_wc_GmacUpdate */ + +/******************************************************************************* + * AES-CCM + ******************************************************************************/ + +/* + * unit test for wc_AesCcmSetKey + */ +int test_wc_AesCcmSetKey(void) +{ + EXPECT_DECLS; +#ifdef HAVE_AESCCM + Aes aes; + const byte key16[] = { + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf + }; + const byte key24[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 + }; + const byte key32[] = { + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 + }; + + XMEMSET(&aes, 0, sizeof(Aes)); + + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0); +#endif +#ifdef WOLFSSL_AES_192 + ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24)), 0); +#endif +#ifdef WOLFSSL_AES_256 + ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32)), 0); +#endif + + /* Test bad args. */ + ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16) - 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmSetKey(&aes, key24, sizeof(key24) - 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmSetKey(&aes, key32, sizeof(key32) - 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_AesFree(&aes); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_AesCcmSetKey */ + +/* + * Unit test function for wc_AesCcmEncrypt and wc_AesCcmDecrypt + */ +int test_wc_AesCcmEncryptDecrypt(void) +{ + EXPECT_DECLS; +#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) + Aes aes; + const byte key16[] = { + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf + }; + /* plaintext */ + const byte plainT[] = { + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e + }; + /* nonce */ + const byte iv[] = { + 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0, + 0xa1, 0xa2, 0xa3, 0xa4, 0xa5 + }; + const byte c[] = { /* cipher text. */ + 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, + 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, + 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84 + }; + const byte t[] = { /* Auth tag */ + 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 + }; + const byte authIn[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + }; + byte cipherOut[sizeof(plainT)]; + byte authTag[sizeof(t)]; +#ifdef HAVE_AES_DECRYPT + byte plainOut[sizeof(cipherOut)]; +#endif + + XMEMSET(&aes, 0, sizeof(Aes)); + + ExpectIntEQ(wc_AesInit(&aes, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_AesCcmSetKey(&aes, key16, sizeof(key16)), 0); + + ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), + iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), 0); + ExpectIntEQ(XMEMCMP(cipherOut, c, sizeof(c)), 0); + ExpectIntEQ(XMEMCMP(t, authTag, sizeof(t)), 0); +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), + iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), 0); + ExpectIntEQ(XMEMCMP(plainOut, plainT, sizeof(plainT)), 0); +#endif + + /* Pass in bad args. Encrypt*/ + ExpectIntEQ(wc_AesCcmEncrypt(NULL, cipherOut, plainT, sizeof(cipherOut), + iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmEncrypt(&aes, NULL, plainT, sizeof(cipherOut), + iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, NULL, sizeof(cipherOut), + iv, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), + NULL, sizeof(iv), authTag, sizeof(authTag), authIn , sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), + iv, sizeof(iv), NULL, sizeof(authTag), authIn , sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), + iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn , sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmEncrypt(&aes, cipherOut, plainT, sizeof(cipherOut), + iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn , sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#ifdef HAVE_AES_DECRYPT + /* Pass in bad args. Decrypt*/ + ExpectIntEQ(wc_AesCcmDecrypt(NULL, plainOut, cipherOut, sizeof(plainOut), + iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmDecrypt(&aes, NULL, cipherOut, sizeof(plainOut), + iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, NULL, sizeof(plainOut), + iv, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), + NULL, sizeof(iv), authTag, sizeof(authTag), authIn, sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), + iv, sizeof(iv), NULL, sizeof(authTag), authIn, sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), + iv, sizeof(iv) + 1, authTag, sizeof(authTag), authIn, sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCcmDecrypt(&aes, plainOut, cipherOut, sizeof(plainOut), + iv, sizeof(iv) - 7, authTag, sizeof(authTag), authIn, sizeof(authIn)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif + + wc_AesFree(&aes); +#endif /* HAVE_AESCCM */ + return EXPECT_RESULT(); +} /* END test_wc_AesCcmEncryptDecrypt */ + +#if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) + +/******************************************************************************* + * AES-EAX + ******************************************************************************/ + +/* + * Testing test_wc_AesEaxVectors() + */ +int test_wc_AesEaxVectors(void) +{ + EXPECT_DECLS; + + typedef struct { + byte key[AES_256_KEY_SIZE]; + int key_length; + byte iv[WC_AES_BLOCK_SIZE]; + int iv_length; + byte aad[WC_AES_BLOCK_SIZE * 2]; + int aad_length; + byte msg[WC_AES_BLOCK_SIZE * 5]; + int msg_length; + byte ct[WC_AES_BLOCK_SIZE * 5]; + int ct_length; + byte tag[WC_AES_BLOCK_SIZE]; + int tag_length; + int valid; + } AadVector; + + /* Test vectors obtained from Google wycheproof project + * https://github.com/google/wycheproof + * from testvectors/aes_eax_test.json + */ + const AadVector vectors[] = { + #ifdef WOLFSSL_AES_128 + { + /* key, key length */ + {0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f, + 0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78}, 16, + /* iv, iv length */ + {0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07, + 0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3}, 16, + /* aad, aad length */ + {0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b}, 8, + /* msg, msg length */ + {0x00}, 0, + /* ct, ct length */ + {0x00}, 0, + /* tag, tag length */ + {0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2, 0x7b, + 0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x91, 0x94, 0x5d, 0x3f, 0x4d, 0xcb, 0xee, 0x0b, + 0xf4, 0x5e, 0xf5, 0x22, 0x55, 0xf0, 0x95, 0xa4}, 16, + /* iv, iv length */ + {0xbe, 0xca, 0xf0, 0x43, 0xb0, 0xa2, 0x3d, 0x84, + 0x31, 0x94, 0xba, 0x97, 0x2c, 0x66, 0xde, 0xbd}, 16, + /* aad, aad length */ + {0xfa, 0x3b, 0xfd, 0x48, 0x06, 0xeb, 0x53, 0xfa}, 8, + /* msg, msg length */ + {0xf7, 0xfb}, 2, + /* ct, ct length */ + {0x19, 0xdd}, 2, + /* tag, tag length */ + {0x5c, 0x4c, 0x93, 0x31, 0x04, 0x9d, 0x0b, 0xda, + 0xb0, 0x27, 0x74, 0x08, 0xf6, 0x79, 0x67, 0xe5}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x01, 0xf7, 0x4a, 0xd6, 0x40, 0x77, 0xf2, 0xe7, + 0x04, 0xc0, 0xf6, 0x0a, 0xda, 0x3d, 0xd5, 0x23}, 16, + /* iv, iv length */ + {0x70, 0xc3, 0xdb, 0x4f, 0x0d, 0x26, 0x36, 0x84, + 0x00, 0xa1, 0x0e, 0xd0, 0x5d, 0x2b, 0xff, 0x5e}, 16, + /* aad, aad length */ + {0x23, 0x4a, 0x34, 0x63, 0xc1, 0x26, 0x4a, 0xc6}, 8, + /* msg, msg length */ + {0x1a, 0x47, 0xcb, 0x49, 0x33}, 5, + /* ct, ct length */ + {0xd8, 0x51, 0xd5, 0xba, 0xe0}, 5, + /* tag, tag length */ + {0x3a, 0x59, 0xf2, 0x38, 0xa2, 0x3e, 0x39, 0x19, + 0x9d, 0xc9, 0x26, 0x66, 0x26, 0xc4, 0x0f, 0x80}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0xd0, 0x7c, 0xf6, 0xcb, 0xb7, 0xf3, 0x13, 0xbd, + 0xde, 0x66, 0xb7, 0x27, 0xaf, 0xd3, 0xc5, 0xe8}, 16, + /* iv, iv length */ + {0x84, 0x08, 0xdf, 0xff, 0x3c, 0x1a, 0x2b, 0x12, + 0x92, 0xdc, 0x19, 0x9e, 0x46, 0xb7, 0xd6, 0x17}, 16, + /* aad, aad length */ + {0x33, 0xcc, 0xe2, 0xea, 0xbf, 0xf5, 0xa7, 0x9d}, 8, + /* msg, msg length */ + {0x48, 0x1c, 0x9e, 0x39, 0xb1}, 5, + /* ct, ct length */ + {0x63, 0x2a, 0x9d, 0x13, 0x1a}, 5, + /* tag, tag length */ + {0xd4, 0xc1, 0x68, 0xa4, 0x22, 0x5d, 0x8e, 0x1f, + 0xf7, 0x55, 0x93, 0x99, 0x74, 0xa7, 0xbe, 0xde}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x35, 0xb6, 0xd0, 0x58, 0x00, 0x05, 0xbb, 0xc1, + 0x2b, 0x05, 0x87, 0x12, 0x45, 0x57, 0xd2, 0xc2}, 16, + /* iv, iv length */ + {0xfd, 0xb6, 0xb0, 0x66, 0x76, 0xee, 0xdc, 0x5c, + 0x61, 0xd7, 0x42, 0x76, 0xe1, 0xf8, 0xe8, 0x16}, 16, + /* aad, aad length */ + {0xae, 0xb9, 0x6e, 0xae, 0xbe, 0x29, 0x70, 0xe9}, 8, + /* msg, msg length */ + {0x40, 0xd0, 0xc0, 0x7d, 0xa5, 0xe4}, 6, + /* ct, ct length */ + {0x07, 0x1d, 0xfe, 0x16, 0xc6, 0x75}, 6, + /* tag, tag length */ + {0xcb, 0x06, 0x77, 0xe5, 0x36, 0xf7, 0x3a, 0xfe, + 0x6a, 0x14, 0xb7, 0x4e, 0xe4, 0x98, 0x44, 0xdd}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0xbd, 0x8e, 0x6e, 0x11, 0x47, 0x5e, 0x60, 0xb2, + 0x68, 0x78, 0x4c, 0x38, 0xc6, 0x2f, 0xeb, 0x22}, 16, + /* iv, iv length */ + {0x6e, 0xac, 0x5c, 0x93, 0x07, 0x2d, 0x8e, 0x85, + 0x13, 0xf7, 0x50, 0x93, 0x5e, 0x46, 0xda, 0x1b}, 16, + /* aad, aad length */ + {0xd4, 0x48, 0x2d, 0x1c, 0xa7, 0x8d, 0xce, 0x0f}, 8, + /* msg, msg length */ + {0x4d, 0xe3, 0xb3, 0x5c, 0x3f, 0xc0, 0x39, 0x24, + 0x5b, 0xd1, 0xfb, 0x7d}, 12, + /* ct, ct length */ + {0x83, 0x5b, 0xb4, 0xf1, 0x5d, 0x74, 0x3e, 0x35, + 0x0e, 0x72, 0x84, 0x14}, 12, + /* tag, tag length */ + {0xab, 0xb8, 0x64, 0x4f, 0xd6, 0xcc, 0xb8, 0x69, + 0x47, 0xc5, 0xe1, 0x05, 0x90, 0x21, 0x0a, 0x4f}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x7c, 0x77, 0xd6, 0xe8, 0x13, 0xbe, 0xd5, 0xac, + 0x98, 0xba, 0xa4, 0x17, 0x47, 0x7a, 0x2e, 0x7d}, 16, + /* iv, iv length */ + {0x1a, 0x8c, 0x98, 0xdc, 0xd7, 0x3d, 0x38, 0x39, + 0x3b, 0x2b, 0xf1, 0x56, 0x9d, 0xee, 0xfc, 0x19}, 16, + /* aad, aad length */ + {0x65, 0xd2, 0x01, 0x79, 0x90, 0xd6, 0x25, 0x28}, 8, + /* msg, msg length */ + {0x8b, 0x0a, 0x79, 0x30, 0x6c, 0x9c, 0xe7, 0xed, + 0x99, 0xda, 0xe4, 0xf8, 0x7f, 0x8d, 0xd6, 0x16, + 0x36}, 17, + /* ct, ct length */ + {0x02, 0x08, 0x3e, 0x39, 0x79, 0xda, 0x01, 0x48, + 0x12, 0xf5, 0x9f, 0x11, 0xd5, 0x26, 0x30, 0xda, + 0x30}, 17, + /* tag, tag length */ + {0x13, 0x73, 0x27, 0xd1, 0x06, 0x49, 0xb0, 0xaa, + 0x6e, 0x1c, 0x18, 0x1d, 0xb6, 0x17, 0xd7, 0xf2}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x5f, 0xff, 0x20, 0xca, 0xfa, 0xb1, 0x19, 0xca, + 0x2f, 0xc7, 0x35, 0x49, 0xe2, 0x0f, 0x5b, 0x0d}, 16, + /* iv, iv length */ + {0xdd, 0xe5, 0x9b, 0x97, 0xd7, 0x22, 0x15, 0x6d, + 0x4d, 0x9a, 0xff, 0x2b, 0xc7, 0x55, 0x98, 0x26}, 16, + /* aad, aad length */ + {0x54, 0xb9, 0xf0, 0x4e, 0x6a, 0x09, 0x18, 0x9a}, 8, + /* msg, msg length */ + {0x1b, 0xda, 0x12, 0x2b, 0xce, 0x8a, 0x8d, 0xba, + 0xf1, 0x87, 0x7d, 0x96, 0x2b, 0x85, 0x92, 0xdd, + 0x2d, 0x56}, 18, + /* ct, ct length */ + {0x2e, 0xc4, 0x7b, 0x2c, 0x49, 0x54, 0xa4, 0x89, + 0xaf, 0xc7, 0xba, 0x48, 0x97, 0xed, 0xcd, 0xae, + 0x8c, 0xc3}, 18, + /* tag, tag length */ + {0x3b, 0x60, 0x45, 0x05, 0x99, 0xbd, 0x02, 0xc9, + 0x63, 0x82, 0x90, 0x2a, 0xef, 0x7f, 0x83, 0x2a}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0xa4, 0xa4, 0x78, 0x2b, 0xcf, 0xfd, 0x3e, 0xc5, + 0xe7, 0xef, 0x6d, 0x8c, 0x34, 0xa5, 0x61, 0x23}, 16, + /* iv, iv length */ + {0xb7, 0x81, 0xfc, 0xf2, 0xf7, 0x5f, 0xa5, 0xa8, + 0xde, 0x97, 0xa9, 0xca, 0x48, 0xe5, 0x22, 0xec}, 16, + /* aad, aad length */ + {0x89, 0x9a, 0x17, 0x58, 0x97, 0x56, 0x1d, 0x7e}, 8, + /* msg, msg length */ + {0x6c, 0xf3, 0x67, 0x20, 0x87, 0x2b, 0x85, 0x13, + 0xf6, 0xea, 0xb1, 0xa8, 0xa4, 0x44, 0x38, 0xd5, + 0xef, 0x11}, 18, + /* ct, ct length */ + {0x0d, 0xe1, 0x8f, 0xd0, 0xfd, 0xd9, 0x1e, 0x7a, + 0xf1, 0x9f, 0x1d, 0x8e, 0xe8, 0x73, 0x39, 0x38, + 0xb1, 0xe8}, 18, + /* tag, tag length */ + {0xe7, 0xf6, 0xd2, 0x23, 0x16, 0x18, 0x10, 0x2f, + 0xdb, 0x7f, 0xe5, 0x5f, 0xf1, 0x99, 0x17, 0x00}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x83, 0x95, 0xfc, 0xf1, 0xe9, 0x5b, 0xeb, 0xd6, + 0x97, 0xbd, 0x01, 0x0b, 0xc7, 0x66, 0xaa, 0xc3}, 16, + /* iv, iv length */ + {0x22, 0xe7, 0xad, 0xd9, 0x3c, 0xfc, 0x63, 0x93, + 0xc5, 0x7e, 0xc0, 0xb3, 0xc1, 0x7d, 0x6b, 0x44}, 16, + /* aad, aad length */ + {0x12, 0x67, 0x35, 0xfc, 0xc3, 0x20, 0xd2, 0x5a}, 8, + /* msg, msg length */ + {0xca, 0x40, 0xd7, 0x44, 0x6e, 0x54, 0x5f, 0xfa, + 0xed, 0x3b, 0xd1, 0x2a, 0x74, 0x0a, 0x65, 0x9f, + 0xfb, 0xbb, 0x3c, 0xea, 0xb7}, 21, + /* ct, ct length */ + {0xcb, 0x89, 0x20, 0xf8, 0x7a, 0x6c, 0x75, 0xcf, + 0xf3, 0x96, 0x27, 0xb5, 0x6e, 0x3e, 0xd1, 0x97, + 0xc5, 0x52, 0xd2, 0x95, 0xa7}, 21, + /* tag, tag length */ + {0xcf, 0xc4, 0x6a, 0xfc, 0x25, 0x3b, 0x46, 0x52, + 0xb1, 0xaf, 0x37, 0x95, 0xb1, 0x24, 0xab, 0x6e}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75, + 0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, + /* ct, ct length */ + {0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23, + 0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13, + 0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93, + 0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68}, 32, + /* tag, tag length */ + {0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf, + 0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0xae, 0xf0, 0x3d, 0x00, 0x59, 0x84, 0x94, 0xe9, + 0xfb, 0x03, 0xcd, 0x7d, 0x8b, 0x59, 0x08, 0x66}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, + /* ct, ct length */ + {0xd1, 0x9a, 0xc5, 0x98, 0x49, 0x02, 0x6a, 0x91, + 0xaa, 0x1b, 0x9a, 0xec, 0x29, 0xb1, 0x1a, 0x20, + 0x2a, 0x4d, 0x73, 0x9f, 0xd8, 0x6c, 0x28, 0xe3, + 0xae, 0x3d, 0x58, 0x8e, 0xa2, 0x1d, 0x70, 0xc6}, 32, + /* tag, tag length */ + {0xc3, 0x0f, 0x6c, 0xd9, 0x20, 0x20, 0x74, 0xed, + 0x6e, 0x2a, 0x2a, 0x36, 0x0e, 0xac, 0x8c, 0x47}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x55, 0xd1, 0x25, 0x11, 0xc6, 0x96, 0xa8, 0x0d, + 0x05, 0x14, 0xd1, 0xff, 0xba, 0x49, 0xca, 0xda}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, + /* ct, ct length */ + {0x21, 0x08, 0x55, 0x8a, 0xc4, 0xb2, 0xc2, 0xd5, + 0xcc, 0x66, 0xce, 0xa5, 0x1d, 0x62, 0x10, 0xe0, + 0x46, 0x17, 0x7a, 0x67, 0x63, 0x1c, 0xd2, 0xdd, + 0x8f, 0x09, 0x46, 0x97, 0x33, 0xac, 0xb5, 0x17}, 32, + /* tag, tag length */ + {0xfc, 0x35, 0x5e, 0x87, 0xa2, 0x67, 0xbe, 0x3a, + 0xe3, 0xe4, 0x4c, 0x0b, 0xf3, 0xf9, 0x9b, 0x2b}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x79, 0x42, 0x2d, 0xdd, 0x91, 0xc4, 0xee, 0xe2, + 0xde, 0xae, 0xf1, 0xf9, 0x68, 0x30, 0x53, 0x04}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, + /* ct, ct length */ + {0x4d, 0x2c, 0x15, 0x24, 0xca, 0x4b, 0xaa, 0x4e, + 0xef, 0xcc, 0xe6, 0xb9, 0x1b, 0x22, 0x7e, 0xe8, + 0x3a, 0xba, 0xff, 0x81, 0x05, 0xdc, 0xaf, 0xa2, + 0xab, 0x19, 0x1f, 0x5d, 0xf2, 0x57, 0x50, 0x35}, 32, + /* tag, tag length */ + {0xe2, 0xc8, 0x65, 0xce, 0x2d, 0x7a, 0xbd, 0xac, + 0x02, 0x4c, 0x6f, 0x99, 0x1a, 0x84, 0x83, 0x90}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x0a, 0xf5, 0xaa, 0x7a, 0x76, 0x76, 0xe2, 0x83, + 0x06, 0x30, 0x6b, 0xcd, 0x9b, 0xf2, 0x00, 0x3a}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, + /* ct, ct length */ + {0x8e, 0xb0, 0x1e, 0x62, 0x18, 0x5d, 0x78, 0x2e, + 0xb9, 0x28, 0x7a, 0x34, 0x1a, 0x68, 0x62, 0xac, + 0x52, 0x57, 0xd6, 0xf9, 0xad, 0xc9, 0x9e, 0xe0, + 0xa2, 0x4d, 0x9c, 0x22, 0xb3, 0xe9, 0xb3, 0x8a}, 32, + /* tag, tag length */ + {0x39, 0xc3, 0x39, 0xbc, 0x8a, 0x74, 0xc7, 0x5e, + 0x2c, 0x65, 0xc6, 0x11, 0x95, 0x44, 0xd6, 0x1e}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0xaf, 0x5a, 0x03, 0xae, 0x7e, 0xdd, 0x73, 0x47, + 0x1b, 0xdc, 0xdf, 0xac, 0x5e, 0x19, 0x4a, 0x60}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, + /* ct, ct length */ + {0x94, 0xc5, 0xd2, 0xac, 0xa6, 0xdb, 0xbc, 0xe8, + 0xc2, 0x45, 0x13, 0xa2, 0x5e, 0x09, 0x5c, 0x0e, + 0x54, 0xa9, 0x42, 0x86, 0x0d, 0x32, 0x7a, 0x22, + 0x2a, 0x81, 0x5c, 0xc7, 0x13, 0xb1, 0x63, 0xb4}, 32, + /* tag, tag length */ + {0xf5, 0x0b, 0x30, 0x30, 0x4e, 0x45, 0xc9, 0xd4, + 0x11, 0xe8, 0xdf, 0x45, 0x08, 0xa9, 0x86, 0x12}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0xb3, 0x70, 0x87, 0x68, 0x0f, 0x0e, 0xdd, 0x5a, + 0x52, 0x22, 0x8b, 0x8c, 0x7a, 0xae, 0xa6, 0x64}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, + 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, + 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33}, 64, + /* ct, ct length */ + {0x3b, 0xb6, 0x17, 0x3e, 0x37, 0x72, 0xd4, 0xb6, + 0x2e, 0xef, 0x37, 0xf9, 0xef, 0x07, 0x81, 0xf3, + 0x60, 0xb6, 0xc7, 0x4b, 0xe3, 0xbf, 0x6b, 0x37, + 0x10, 0x67, 0xbc, 0x1b, 0x09, 0x0d, 0x9d, 0x66, + 0x22, 0xa1, 0xfb, 0xec, 0x6a, 0xc4, 0x71, 0xb3, + 0x34, 0x9c, 0xd4, 0x27, 0x7a, 0x10, 0x1d, 0x40, + 0x89, 0x0f, 0xbf, 0x27, 0xdf, 0xdc, 0xd0, 0xb4, + 0xe3, 0x78, 0x1f, 0x98, 0x06, 0xda, 0xab, 0xb6}, 64, + /* tag, tag length */ + {0xa0, 0x49, 0x87, 0x45, 0xe5, 0x99, 0x99, 0xdd, + 0xc3, 0x2d, 0x5b, 0x14, 0x02, 0x41, 0x12, 0x4e}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x4f, 0x80, 0x2d, 0xa6, 0x2a, 0x38, 0x45, 0x55, + 0xa1, 0x9b, 0xc2, 0xb3, 0x82, 0xeb, 0x25, 0xaf}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, + 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, + 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, 0x33, + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, + 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44, 0x44}, 80, + /* ct, ct length */ + {0xe9, 0xb0, 0xbb, 0x88, 0x57, 0x81, 0x8c, 0xe3, + 0x20, 0x1c, 0x36, 0x90, 0xd2, 0x1d, 0xaa, 0x7f, + 0x26, 0x4f, 0xb8, 0xee, 0x93, 0xcc, 0x7a, 0x46, + 0x74, 0xea, 0x2f, 0xc3, 0x2b, 0xf1, 0x82, 0xfb, + 0x2a, 0x7e, 0x8a, 0xd5, 0x15, 0x07, 0xad, 0x4f, + 0x31, 0xce, 0xfc, 0x23, 0x56, 0xfe, 0x79, 0x36, + 0xa7, 0xf6, 0xe1, 0x9f, 0x95, 0xe8, 0x8f, 0xdb, + 0xf1, 0x76, 0x20, 0x91, 0x6d, 0x3a, 0x6f, 0x3d, + 0x01, 0xfc, 0x17, 0xd3, 0x58, 0x67, 0x2f, 0x77, + 0x7f, 0xd4, 0x09, 0x92, 0x46, 0xe4, 0x36, 0xe1}, 80, + /* tag, tag length */ + {0x67, 0x91, 0x0b, 0xe7, 0x44, 0xb8, 0x31, 0x5a, + 0xe0, 0xeb, 0x61, 0x24, 0x59, 0x0c, 0x5d, 0x8b}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0xb6, 0x7b, 0x1a, 0x6e, 0xfd, 0xd4, 0x0d, 0x37, + 0x08, 0x0f, 0xbe, 0x8f, 0x80, 0x47, 0xae, 0xb9}, 16, + /* iv, iv length */ + {0xfa, 0x29, 0x4b, 0x12, 0x99, 0x72, 0xf7, 0xfc, + 0x5b, 0xbd, 0x5b, 0x96, 0xbb, 0xa8, 0x37, 0xc9}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x00}, 0, + /* ct, ct length */ + {0x00}, 0, + /* tag, tag length */ + {0xb1, 0x4b, 0x64, 0xfb, 0x58, 0x98, 0x99, 0x69, + 0x95, 0x70, 0xcc, 0x91, 0x60, 0xe3, 0x98, 0x96}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x20, 0x9e, 0x6d, 0xbf, 0x2a, 0xd2, 0x6a, 0x10, + 0x54, 0x45, 0xfc, 0x02, 0x07, 0xcd, 0x9e, 0x9a}, 16, + /* iv, iv length */ + {0x94, 0x77, 0x84, 0x9d, 0x6c, 0xcd, 0xfc, 0xa1, + 0x12, 0xd9, 0x2e, 0x53, 0xfa, 0xe4, 0xa7, 0xca}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x01}, 1, + /* ct, ct length */ + {0x1d}, 1, + /* tag, tag length */ + {0x52, 0xa5, 0xf6, 0x00, 0xfe, 0x53, 0x38, 0x02, + 0x6a, 0x7c, 0xb0, 0x9c, 0x11, 0x64, 0x00, 0x82}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0xa5, 0x49, 0x44, 0x2e, 0x35, 0x15, 0x40, 0x32, + 0xd0, 0x7c, 0x86, 0x66, 0x00, 0x6a, 0xa6, 0xa2}, 16, + /* iv, iv length */ + {0x51, 0x71, 0x52, 0x45, 0x68, 0xe8, 0x1d, 0x97, + 0xe8, 0xc4, 0xde, 0x4b, 0xa5, 0x6c, 0x10, 0xa0}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x11, 0x82, 0xe9, 0x35, 0x96, 0xca, 0xc5, 0x60, + 0x89, 0x46, 0x40, 0x0b, 0xc7, 0x3f, 0x3a}, 15, + /* ct, ct length */ + {0xd7, 0xb8, 0xa6, 0xb4, 0x3d, 0x2e, 0x9f, 0x98, + 0xc2, 0xb4, 0x4c, 0xe5, 0xe3, 0xcf, 0xdb}, 15, + /* tag, tag length */ + {0x1b, 0xdd, 0x52, 0xfc, 0x98, 0x7d, 0xaf, 0x0e, + 0xe1, 0x92, 0x34, 0xc9, 0x05, 0xea, 0x64, 0x5f}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x95, 0x8b, 0xcd, 0xb6, 0x6a, 0x39, 0x52, 0xb5, + 0x37, 0x01, 0x58, 0x2a, 0x68, 0xa0, 0xe4, 0x74}, 16, + /* iv, iv length */ + {0x0e, 0x6e, 0xc8, 0x79, 0xb0, 0x2c, 0x6f, 0x51, + 0x69, 0x76, 0xe3, 0x58, 0x98, 0x42, 0x8d, 0xa7}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x14, 0x04, 0x15, 0x82, 0x3e, 0xcc, 0x89, 0x32, + 0xa0, 0x58, 0x38, 0x4b, 0x73, 0x8e, 0xa6, 0xea, + 0x6d, 0x4d, 0xfe, 0x3b, 0xbe, 0xee}, 22, + /* ct, ct length */ + {0x73, 0xe5, 0xc6, 0xf0, 0xe7, 0x03, 0xa5, 0x2d, + 0x02, 0xf7, 0xf7, 0xfa, 0xeb, 0x1b, 0x77, 0xfd, + 0x4f, 0xd0, 0xcb, 0x42, 0x1e, 0xaf}, 22, + /* tag, tag length */ + {0x6c, 0x15, 0x4a, 0x85, 0x96, 0x8e, 0xdd, 0x74, + 0x77, 0x65, 0x75, 0xa4, 0x45, 0x0b, 0xd8, 0x97}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x96, 0x5b, 0x75, 0x7b, 0xa5, 0x01, 0x8a, 0x8d, + 0x66, 0xed, 0xc7, 0x8e, 0x0c, 0xee, 0xe8, 0x6b}, 16, + /* iv, iv length */ + {0x2e, 0x35, 0x90, 0x1a, 0xe7, 0xd4, 0x91, 0xee, + 0xcc, 0x88, 0x38, 0xfe, 0xdd, 0x63, 0x14, 0x05}, 16, + /* aad, aad length */ + {0xdf, 0x10, 0xd0, 0xd2, 0x12, 0x24, 0x24, 0x50}, 8, + /* msg, msg length */ + {0x36, 0xe5, 0x7a, 0x76, 0x39, 0x58, 0xb0, 0x2c, + 0xea, 0x9d, 0x6a, 0x67, 0x6e, 0xbc, 0xe8, 0x1f}, 16, + /* ct, ct length */ + {0x93, 0x6b, 0x69, 0xb6, 0xc9, 0x55, 0xad, 0xfd, + 0x15, 0x53, 0x9b, 0x9b, 0xe4, 0x98, 0x9c, 0xb6}, 16, + /* tag, tag length */ + {0xee, 0x15, 0xa1, 0x45, 0x4e, 0x88, 0xfa, 0xad, + 0x8e, 0x48, 0xa8, 0xdf, 0x29, 0x83, 0xb4, 0x25}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x88, 0xd0, 0x20, 0x33, 0x78, 0x1c, 0x7b, 0x41, + 0x64, 0x71, 0x1a, 0x05, 0x42, 0x0f, 0x25, 0x6e}, 16, + /* iv, iv length */ + {0x7f, 0x29, 0x85, 0x29, 0x63, 0x15, 0x50, 0x7a, + 0xa4, 0xc0, 0xa9, 0x3d, 0x5c, 0x12, 0xbd, 0x77}, 16, + /* aad, aad length */ + {0x7c, 0x57, 0x1d, 0x2f, 0xbb, 0x5f, 0x62, 0x52, + 0x3c, 0x0e, 0xb3, 0x38, 0xbe, 0xf9, 0xa9}, 15, + /* msg, msg length */ + {0xd9, 0x8a, 0xdc, 0x03, 0xd9, 0xd5, 0x82, 0x73, + 0x2e, 0xb0, 0x7d, 0xf2, 0x3d, 0x7b, 0x9f, 0x74}, 16, + /* ct, ct length */ + {0x67, 0xca, 0xac, 0x35, 0x44, 0x3a, 0x31, 0x38, + 0xd2, 0xcb, 0x81, 0x1f, 0x0c, 0xe0, 0x4d, 0xd2}, 16, + /* tag, tag length */ + {0xb7, 0x96, 0x8e, 0x0b, 0x56, 0x40, 0xe3, 0xb2, + 0x36, 0x56, 0x96, 0x53, 0x20, 0x8b, 0x9d, 0xeb}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x51, 0x58, 0x40, 0xcf, 0x67, 0xd2, 0xe4, 0x0e, + 0xb6, 0x5e, 0x54, 0xa2, 0x4c, 0x72, 0xcb, 0xf2}, 16, + /* iv, iv length */ + {0xbf, 0x47, 0xaf, 0xdf, 0xd4, 0x92, 0x13, 0x7a, + 0x24, 0x23, 0x6b, 0xc3, 0x67, 0x97, 0xa8, 0x8e}, 16, + /* aad, aad length */ + {0x16, 0x84, 0x3c, 0x09, 0x1d, 0x43, 0xb0, 0xa1, + 0x91, 0xd0, 0xc7, 0x3d, 0x15, 0x60, 0x1b, 0xe9}, 16, + /* msg, msg length */ + {0xc8, 0x34, 0x58, 0x8c, 0xb6, 0xda, 0xf9, 0xf0, + 0x6d, 0xd2, 0x35, 0x19, 0xf4, 0xbe, 0x9f, 0x56}, 16, + /* ct, ct length */ + {0x20, 0x0a, 0xc4, 0x51, 0xfb, 0xeb, 0x0f, 0x61, + 0x51, 0xd6, 0x15, 0x83, 0xa4, 0x3b, 0x73, 0x43}, 16, + /* tag, tag length */ + {0x2a, 0xd4, 0x3e, 0x4c, 0xaa, 0x51, 0x98, 0x3a, + 0x9d, 0x4d, 0x24, 0x48, 0x1b, 0xf4, 0xc8, 0x39}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x2e, 0x44, 0x92, 0xd4, 0x44, 0xe5, 0xb6, 0xf4, + 0xce, 0xc8, 0xc2, 0xd3, 0x61, 0x5a, 0xc8, 0x58}, 16, + /* iv, iv length */ + {0xd0, 0x2b, 0xf0, 0x76, 0x3a, 0x9f, 0xef, 0xbf, + 0x70, 0xc3, 0x3a, 0xee, 0x1e, 0x9d, 0xa1, 0xd6}, 16, + /* aad, aad length */ + {0x90, 0x4d, 0x86, 0xf1, 0x33, 0xce, 0xc1, 0x5a, + 0x0c, 0x3c, 0xaf, 0x14, 0xd7, 0xe0, 0x29, 0xc8, + 0x2a, 0x07, 0x70, 0x5a, 0x23, 0xf0, 0xd0, 0x80}, 24, + /* msg, msg length */ + {0x9e, 0x62, 0xd6, 0x51, 0x1b, 0x0b, 0xda, 0x7d, + 0xd7, 0x74, 0x0b, 0x61, 0x4d, 0x97, 0xba, 0xe0}, 16, + /* ct, ct length */ + {0x27, 0xc6, 0xe9, 0xa6, 0x53, 0xc5, 0x25, 0x3c, + 0xa1, 0xc5, 0x67, 0x3f, 0x97, 0xb9, 0xb3, 0x3e}, 16, + /* tag, tag length */ + {0x2d, 0x58, 0x12, 0x71, 0xe1, 0xfa, 0x9e, 0x36, + 0x86, 0x13, 0x6c, 0xaa, 0x8f, 0x4d, 0x6c, 0x8e}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe4, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0x66, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0f, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x12, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x11, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0xd2, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0xb8, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb0, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9a, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x99, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x1b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa6}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa5}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xe7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x53, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0xd0, 0x13, 0xa6, 0xdb, 0x72, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe6, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0x72, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0x27}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0x19, 0xf1, 0x83, 0xaf, 0xec, 0x59, 0x24, 0x0d, + 0xad, 0x67, 0x4e, 0x6d, 0x64, 0x3c, 0xa9, 0x58}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0x66, 0x8e, 0xfc, 0xd0, 0x93, 0x26, 0x5b, 0x72, + 0xd2, 0x18, 0x31, 0x12, 0x1b, 0x43, 0xd6, 0x27}, 16, + /* valid */ + 0, + }, + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0x00}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct, ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe7, 0x0f, 0x7d, 0x51, 0x12, 0xa7, 0xda, 0xf3, + 0x53, 0x99, 0xb0, 0x93, 0x9a, 0xc2, 0x57, 0xa6}, 16, + /* valid */ + 0, + }, + #endif + }; + + byte ciphertext[sizeof(vectors[0].ct)]; + byte authtag[sizeof(vectors[0].tag)]; + int i; + int len; + int ret; + + + for (i = 0; i < (int)(sizeof(vectors)/sizeof(vectors[0])); i++) { + + XMEMSET(ciphertext, 0, sizeof(ciphertext)); + + len = sizeof(authtag); + ExpectIntEQ(wc_AesEaxEncryptAuth(vectors[i].key, vectors[i].key_length, + ciphertext, + vectors[i].msg, vectors[i].msg_length, + vectors[i].iv, vectors[i].iv_length, + authtag, len, + vectors[i].aad, vectors[i].aad_length), + 0); + + /* check ciphertext matches vector */ + ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].ct, vectors[i].ct_length), + 0); + + /* check that computed tag matches vector only for vectors marked asx + * valid */ + ret = XMEMCMP(authtag, vectors[i].tag, len); + if (vectors[i].valid) { + ExpectIntEQ(ret, 0); + } + else { + ExpectIntNE(ret, 0); + } + + XMEMSET(ciphertext, 0, sizeof(ciphertext)); + + /* Decrypt, checking that the computed auth tags match */ + ExpectIntEQ(wc_AesEaxDecryptAuth(vectors[i].key, vectors[i].key_length, + ciphertext, + vectors[i].ct, vectors[i].ct_length, + vectors[i].iv, vectors[i].iv_length, + authtag, len, + vectors[i].aad, vectors[i].aad_length), + 0); + + /* check decrypted ciphertext matches vector plaintext */ + ExpectIntEQ(XMEMCMP(ciphertext, vectors[i].msg, vectors[i].msg_length), + 0); + } + return EXPECT_RESULT(); +} /* END test_wc_AesEaxVectors */ + +/* + * Testing test_wc_AesEaxEncryptAuth() + */ +int test_wc_AesEaxEncryptAuth(void) +{ + EXPECT_DECLS; + + const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; + const byte iv[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; + const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; + const byte msg[] = {0x00, 0x01, 0x02, 0x03, 0x04}; + + byte ciphertext[sizeof(msg)]; + byte authtag[WC_AES_BLOCK_SIZE]; + int i; + int len; + + len = sizeof(authtag); + ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), + ciphertext, + msg, sizeof(msg), + iv, sizeof(iv), + authtag, (word32)len, + aad, sizeof(aad)), + 0); + + /* Test null checking */ + ExpectIntEQ(wc_AesEaxEncryptAuth(NULL, sizeof(key), + ciphertext, + msg, sizeof(msg), + iv, sizeof(iv), + authtag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), + NULL, + msg, sizeof(msg), + iv, sizeof(iv), + authtag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), + ciphertext, + NULL, sizeof(msg), + iv, sizeof(iv), + authtag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), + ciphertext, + msg, sizeof(msg), + NULL, sizeof(iv), + authtag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), + ciphertext, + msg, sizeof(msg), + iv, sizeof(iv), + NULL, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), + ciphertext, + msg, sizeof(msg), + iv, sizeof(iv), + authtag, (word32)len, + NULL, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test bad key lengths */ + for (i = 0; i <= 32; i++) { + int exp_ret; + #ifdef WOLFSSL_AES_128 + if (i == AES_128_KEY_SIZE) { + exp_ret = 0; + } + else + #endif + #ifdef WOLFSSL_AES_192 + if (i == AES_192_KEY_SIZE) { + exp_ret = 0; + } + else + #endif + #ifdef WOLFSSL_AES_256 + if (i == AES_256_KEY_SIZE) { + exp_ret = 0; + } + else + #endif + { + exp_ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); + } + + ExpectIntEQ(wc_AesEaxEncryptAuth(key, (word32)i, + ciphertext, + msg, sizeof(msg), + iv, sizeof(iv), + authtag, (word32)len, + aad, sizeof(aad)), + exp_ret); + } + + + /* Test auth tag size out of range */ + len = WC_AES_BLOCK_SIZE + 1; + ExpectIntEQ(wc_AesEaxEncryptAuth(key, sizeof(key), + ciphertext, + msg, sizeof(msg), + iv, sizeof(iv), + authtag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + return EXPECT_RESULT(); +} /* END test_wc_AesEaxEncryptAuth() */ + +/* + * Testing test_wc_AesEaxDecryptAuth() + */ +int test_wc_AesEaxDecryptAuth(void) +{ + EXPECT_DECLS; + + const byte key[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; + const byte iv[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F}; + const byte aad[] = {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; + const byte ct[] = {0x00, 0x01, 0x02, 0x03, 0x04}; + /* Garbage tag that should always fail for above aad */ + const byte tag[] = {0xFE, 0xED, 0xBE, 0xEF, 0xDE, 0xAD, 0xC0, 0xDE, + 0xCA, 0xFE, 0xBE, 0xEF, 0xDE, 0xAF, 0xBE, 0xEF}; + + byte plaintext[sizeof(ct)]; + int i; + int len; + + len = sizeof(tag); + ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), + plaintext, + ct, sizeof(ct), + iv, sizeof(iv), + tag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(AES_EAX_AUTH_E)); + + /* Test null checking */ + ExpectIntEQ(wc_AesEaxDecryptAuth(NULL, sizeof(key), + plaintext, + ct, sizeof(ct), + iv, sizeof(iv), + tag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), + NULL, + ct, sizeof(ct), + iv, sizeof(iv), + tag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), + plaintext, + NULL, sizeof(ct), + iv, sizeof(iv), + tag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), + plaintext, + ct, sizeof(ct), + NULL, sizeof(iv), + tag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), + plaintext, + ct, sizeof(ct), + iv, sizeof(iv), + NULL, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), + plaintext, + ct, sizeof(ct), + iv, sizeof(iv), + tag, (word32)len, + NULL, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test bad key lengths */ + for (i = 0; i <= 32; i++) { + int exp_ret; + #ifdef WOLFSSL_AES_128 + if (i == AES_128_KEY_SIZE) { + exp_ret = WC_NO_ERR_TRACE(AES_EAX_AUTH_E); + } + else + #endif + #ifdef WOLFSSL_AES_192 + if (i == AES_192_KEY_SIZE) { + exp_ret = WC_NO_ERR_TRACE(AES_EAX_AUTH_E); + } + else + #endif + #ifdef WOLFSSL_AES_256 + if (i == AES_256_KEY_SIZE) { + exp_ret = WC_NO_ERR_TRACE(AES_EAX_AUTH_E); + } + else + #endif + { + exp_ret = WC_NO_ERR_TRACE(BAD_FUNC_ARG); + } + + ExpectIntEQ(wc_AesEaxDecryptAuth(key, (word32)i, + plaintext, + ct, sizeof(ct), + iv, sizeof(iv), + tag, (word32)len, + aad, sizeof(aad)), + exp_ret); + } + + + /* Test auth tag size out of range */ + len = WC_AES_BLOCK_SIZE + 1; + ExpectIntEQ(wc_AesEaxDecryptAuth(key, sizeof(key), + plaintext, + ct, sizeof(ct), + iv, sizeof(iv), + tag, (word32)len, + aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + return EXPECT_RESULT(); +} /* END test_wc_AesEaxDecryptAuth() */ + +#endif /* WOLFSSL_AES_EAX && WOLFSSL_AES_256 + * (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) && !HAVE_SELFTEST + */ + diff --git a/test/ssl/wolfssl/tests/api/test_aes.h b/test/ssl/wolfssl/tests/api/test_aes.h new file mode 100644 index 000000000..cdb400ed1 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_aes.h @@ -0,0 +1,85 @@ +/* test_aes.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_AES_H +#define WOLFCRYPT_TEST_AES_H + +#include + +int test_wc_AesSetKey(void); +int test_wc_AesSetIV(void); +int test_wc_AesEncryptDecryptDirect(void); +int test_wc_AesEcbEncryptDecrypt(void); +int test_wc_AesCbcEncryptDecrypt(void); +int test_wc_AesCfbEncryptDecrypt(void); +int test_wc_AesOfbEncryptDecrypt(void); +int test_wc_AesCtsEncryptDecrypt(void); +int test_wc_AesCtrSetKey(void); +int test_wc_AesCtrEncryptDecrypt(void); +int test_wc_AesGcmSetKey(void); +int test_wc_AesGcmEncryptDecrypt_Sizes(void); +int test_wc_AesGcmEncryptDecrypt(void); +int test_wc_AesGcmMixedEncDecLongIV(void); +int test_wc_AesGcmStream(void); +int test_wc_AesCcmSetKey(void); +int test_wc_AesCcmEncryptDecrypt(void); +#if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +int test_wc_AesEaxVectors(void); +int test_wc_AesEaxEncryptAuth(void); +int test_wc_AesEaxDecryptAuth(void); +#endif /* WOLFSSL_AES_EAX && WOLFSSL_AES_256*/ + +int test_wc_GmacSetKey(void); +int test_wc_GmacUpdate(void); + +#define TEST_AES_DECLS \ + TEST_DECL_GROUP("aes", test_wc_AesSetKey), \ + TEST_DECL_GROUP("aes", test_wc_AesSetIV), \ + TEST_DECL_GROUP("aes", test_wc_AesEncryptDecryptDirect), \ + TEST_DECL_GROUP("aes", test_wc_AesEcbEncryptDecrypt), \ + TEST_DECL_GROUP("aes", test_wc_AesCbcEncryptDecrypt), \ + TEST_DECL_GROUP("aes", test_wc_AesCfbEncryptDecrypt), \ + TEST_DECL_GROUP("aes", test_wc_AesOfbEncryptDecrypt), \ + TEST_DECL_GROUP("aes", test_wc_AesCtsEncryptDecrypt), \ + TEST_DECL_GROUP("aes", test_wc_AesCtrSetKey), \ + TEST_DECL_GROUP("aes", test_wc_AesCtrEncryptDecrypt), \ + TEST_DECL_GROUP("aes", test_wc_AesGcmSetKey), \ + TEST_DECL_GROUP("aes", test_wc_AesGcmEncryptDecrypt_Sizes), \ + TEST_DECL_GROUP("aes", test_wc_AesGcmEncryptDecrypt), \ + TEST_DECL_GROUP("aes", test_wc_AesGcmMixedEncDecLongIV), \ + TEST_DECL_GROUP("aes", test_wc_AesGcmStream), \ + TEST_DECL_GROUP("aes", test_wc_AesCcmSetKey), \ + TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt) + +#if defined(WOLFSSL_AES_EAX) && defined(WOLFSSL_AES_256) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +#define TEST_AES_EAX_DECLS \ + TEST_DECL_GROUP("aes-eax", test_wc_AesEaxVectors), \ + TEST_DECL_GROUP("aes-eax", test_wc_AesEaxEncryptAuth), \ + TEST_DECL_GROUP("aes-eax", test_wc_AesEaxDecryptAuth) +#endif /* WOLFSSL_AES_EAX */ + +#define TEST_GMAC_DECLS \ + TEST_DECL_GROUP("gmac", test_wc_GmacSetKey), \ + TEST_DECL_GROUP("gmac", test_wc_GmacUpdate) + +#endif /* WOLFCRYPT_TEST_AES_H */ diff --git a/test/ssl/wolfssl/tests/api/test_arc4.c b/test/ssl/wolfssl/tests/api/test_arc4.c new file mode 100644 index 000000000..ede117487 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_arc4.c @@ -0,0 +1,106 @@ +/* test_arc4.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/* + * Testing wc_Arc4SetKey() + */ +int test_wc_Arc4SetKey(void) +{ + EXPECT_DECLS; +#ifndef NO_RC4 + Arc4 arc; + const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef"; + int keyLen = 8; + + ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, (word32)keyLen), 0); + /* Test bad args. */ + ExpectIntEQ(wc_Arc4SetKey(NULL, (byte*)key, (word32)keyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Arc4SetKey(&arc, NULL , (word32)keyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Arc4SetKey(&arc, (byte*)key, 0 ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_Arc4SetKey */ + +/* + * Testing wc_Arc4Process for ENC/DEC. + */ +int test_wc_Arc4Process(void) +{ + EXPECT_DECLS; +#ifndef NO_RC4 + Arc4 enc; + Arc4 dec; + const char* key = "\x01\x23\x45\x67\x89\xab\xcd\xef"; + int keyLen = 8; + const char* input = "\x01\x23\x45\x67\x89\xab\xcd\xef"; + byte cipher[8]; + byte plain[8]; + + /* Init stack variables */ + XMEMSET(&enc, 0, sizeof(Arc4)); + XMEMSET(&dec, 0, sizeof(Arc4)); + XMEMSET(cipher, 0, sizeof(cipher)); + XMEMSET(plain, 0, sizeof(plain)); + + /* Use for async. */ + ExpectIntEQ(wc_Arc4Init(&enc, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_Arc4Init(&dec, NULL, INVALID_DEVID), 0); + + ExpectIntEQ(wc_Arc4SetKey(&enc, (byte*)key, (word32)keyLen), 0); + ExpectIntEQ(wc_Arc4SetKey(&dec, (byte*)key, (word32)keyLen), 0); + + ExpectIntEQ(wc_Arc4Process(&enc, cipher, (byte*)input, (word32)keyLen), 0); + ExpectIntEQ(wc_Arc4Process(&dec, plain, cipher, (word32)keyLen), 0); + ExpectIntEQ(XMEMCMP(plain, input, keyLen), 0); + + /* Bad args. */ + ExpectIntEQ(wc_Arc4Process(NULL, plain, cipher, (word32)keyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Arc4Process(&dec, NULL, cipher, (word32)keyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Arc4Process(&dec, plain, NULL, (word32)keyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_Arc4Free(&enc); + wc_Arc4Free(&dec); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_Arc4Process */ + diff --git a/test/ssl/wolfssl/tests/api/test_arc4.h b/test/ssl/wolfssl/tests/api/test_arc4.h new file mode 100644 index 000000000..b14b7f067 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_arc4.h @@ -0,0 +1,34 @@ +/* test_arc4.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_ARC4_H +#define WOLFCRYPT_TEST_ARC4_H + +#include + +int test_wc_Arc4SetKey(void); +int test_wc_Arc4Process(void); + +#define TEST_ARC4_DECLS \ + TEST_DECL_GROUP("arc4", test_wc_Arc4SetKey), \ + TEST_DECL_GROUP("arc4", test_wc_Arc4Process) + +#endif /* WOLFCRYPT_TEST_ARC4_H */ diff --git a/test/ssl/wolfssl/tests/api/test_ascon.c b/test/ssl/wolfssl/tests/api/test_ascon.c new file mode 100644 index 000000000..519cc9694 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ascon.c @@ -0,0 +1,186 @@ +/* test_ascon.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include + +#ifdef HAVE_ASCON +#include +#endif + +int test_ascon_hash256(void) +{ + EXPECT_DECLS; +#ifdef HAVE_ASCON + byte msg[1024]; + byte mdOut[ASCON_HASH256_SZ]; + const size_t test_rounds = sizeof(msg) + 1; /* +1 to test 0-len msg */ + wc_AsconHash256* asconHash = NULL; + word32 i; + + ExpectIntEQ(XELEM_CNT(ascon_hash256_output), test_rounds); + + /* init msg buffer */ + for (i = 0; i < sizeof(msg); i++) + msg[i] = (byte)i; + + ExpectNotNull(asconHash = wc_AsconHash256_New()); + + for (i = 0; i < test_rounds && EXPECT_SUCCESS(); i++) { + XMEMSET(mdOut, 0, sizeof(mdOut)); + ExpectIntEQ(wc_AsconHash256_Init(asconHash), 0); + ExpectIntEQ(wc_AsconHash256_Update(asconHash, msg, i), 0); + ExpectIntEQ(wc_AsconHash256_Final(asconHash, mdOut), 0); + ExpectBufEQ(mdOut, ascon_hash256_output[i], ASCON_HASH256_SZ); + wc_AsconHash256_Clear(asconHash); + } + + /* Test separated update */ + for (i = 0; i < test_rounds && EXPECT_SUCCESS(); i++) { + word32 half_i = i / 2; + XMEMSET(mdOut, 0, sizeof(mdOut)); + ExpectIntEQ(wc_AsconHash256_Init(asconHash), 0); + ExpectIntEQ(wc_AsconHash256_Update(asconHash, msg, half_i), 0); + ExpectIntEQ(wc_AsconHash256_Update(asconHash, msg + half_i, + i - half_i), 0); + ExpectIntEQ(wc_AsconHash256_Final(asconHash, mdOut), 0); + ExpectBufEQ(mdOut, ascon_hash256_output[i], ASCON_HASH256_SZ); + wc_AsconHash256_Clear(asconHash); + } + + wc_AsconHash256_Free(asconHash); +#endif + return EXPECT_RESULT(); +} + +int test_ascon_aead128(void) +{ + EXPECT_DECLS; +#ifdef HAVE_ASCON + word32 i; + wc_AsconAEAD128* asconAEAD = NULL; + + ExpectNotNull(asconAEAD = wc_AsconAEAD128_New()); + + for (i = 0; i < XELEM_CNT(ascon_aead128_kat); i++) { + byte key[ASCON_AEAD128_KEY_SZ]; + byte nonce[ASCON_AEAD128_NONCE_SZ]; + byte pt[32]; /* longest plaintext we test is 32 bytes */ + word32 ptSz; + byte ad[32]; /* longest AD we test is 32 bytes */ + word32 adSz; + byte ct[48]; /* longest ciphertext we test is 32 bytes + 16 bytes tag */ + word32 ctSz; + word32 j; + byte tag[ASCON_AEAD128_TAG_SZ]; + byte buf[32]; /* longest buffer we test is 32 bytes */ + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(nonce, 0, sizeof(nonce)); + XMEMSET(pt, 0, sizeof(pt)); + XMEMSET(ad, 0, sizeof(ad)); + XMEMSET(ct, 0, sizeof(ct)); + XMEMSET(tag, 0, sizeof(tag)); + + /* Convert HEX strings to byte stream */ + for (j = 0; ascon_aead128_kat[i][0][j] != '\0'; j += 2) { + key[j/2] = HexCharToByte(ascon_aead128_kat[i][0][j]) << 4 | + HexCharToByte(ascon_aead128_kat[i][0][j+1]); + } + for (j = 0; ascon_aead128_kat[i][1][j] != '\0'; j += 2) { + nonce[j/2] = HexCharToByte(ascon_aead128_kat[i][1][j]) << 4 | + HexCharToByte(ascon_aead128_kat[i][1][j+1]); + } + for (j = 0; ascon_aead128_kat[i][2][j] != '\0'; j += 2) { + pt[j/2] = HexCharToByte(ascon_aead128_kat[i][2][j]) << 4 | + HexCharToByte(ascon_aead128_kat[i][2][j+1]); + } + ptSz = j/2; + for (j = 0; ascon_aead128_kat[i][3][j] != '\0'; j += 2) { + ad[j/2] = HexCharToByte(ascon_aead128_kat[i][3][j]) << 4 | + HexCharToByte(ascon_aead128_kat[i][3][j+1]); + } + adSz = j/2; + for (j = 0; ascon_aead128_kat[i][4][j] != '\0'; j += 2) { + ct[j/2] = HexCharToByte(ascon_aead128_kat[i][4][j]) << 4 | + HexCharToByte(ascon_aead128_kat[i][4][j+1]); + } + ctSz = j/2 - ASCON_AEAD128_TAG_SZ; + + for (j = 0; j < 4; j++) { + ExpectIntEQ(wc_AsconAEAD128_Init(asconAEAD), 0); + ExpectIntEQ(wc_AsconAEAD128_SetKey(asconAEAD, key), 0); + ExpectIntEQ(wc_AsconAEAD128_SetNonce(asconAEAD, nonce), 0); + ExpectIntEQ(wc_AsconAEAD128_SetAD(asconAEAD, ad, adSz), 0); + if (j == 0) { + /* Encryption test */ + ExpectIntEQ(wc_AsconAEAD128_EncryptUpdate(asconAEAD, buf, pt, + ptSz), 0); + ExpectBufEQ(buf, ct, ptSz); + ExpectIntEQ(wc_AsconAEAD128_EncryptFinal(asconAEAD, tag), 0); + ExpectBufEQ(tag, ct + ptSz, ASCON_AEAD128_TAG_SZ); + } + else if (j == 1) { + /* Decryption test */ + ExpectIntEQ(wc_AsconAEAD128_DecryptUpdate(asconAEAD, buf, ct, + ctSz), 0); + ExpectBufEQ(buf, pt, ctSz); + ExpectIntEQ(wc_AsconAEAD128_DecryptFinal(asconAEAD, ct + ctSz), + 0); + } + else if (j == 2) { + /* Split encryption test */ + ExpectIntEQ(wc_AsconAEAD128_EncryptUpdate(asconAEAD, buf, pt, + ptSz / 2), 0); + ExpectIntEQ(wc_AsconAEAD128_EncryptUpdate(asconAEAD, + buf + (ptSz/2), pt + (ptSz/2), ptSz - (ptSz/2)), 0); + ExpectBufEQ(buf, ct, ptSz); + ExpectIntEQ(wc_AsconAEAD128_EncryptFinal(asconAEAD, tag), 0); + ExpectBufEQ(tag, ct + ptSz, ASCON_AEAD128_TAG_SZ); + } + else if (j == 3) { + /* Split decryption test */ + ExpectIntEQ(wc_AsconAEAD128_DecryptUpdate(asconAEAD, buf, ct, + ctSz / 2), 0); + ExpectIntEQ(wc_AsconAEAD128_DecryptUpdate(asconAEAD, + buf + (ctSz/2), ct + (ctSz/2), ctSz - (ctSz/2)), 0); + ExpectBufEQ(buf, pt, ctSz); + ExpectIntEQ(wc_AsconAEAD128_DecryptFinal(asconAEAD, ct + ctSz), + 0); + } + wc_AsconAEAD128_Clear(asconAEAD); + } + } + + wc_AsconAEAD128_Free(asconAEAD); +#endif + return EXPECT_RESULT(); +} diff --git a/test/ssl/wolfssl/tests/api/test_ascon.h b/test/ssl/wolfssl/tests/api/test_ascon.h new file mode 100644 index 000000000..2d716d598 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ascon.h @@ -0,0 +1,34 @@ +/* test_ascon.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef TESTS_API_TEST_ASCON_H +#define TESTS_API_TEST_ASCON_H + +#include + +int test_ascon_hash256(void); +int test_ascon_aead128(void); + +#define TEST_ASCON_DECLS \ + TEST_DECL_GROUP("ascon", test_ascon_hash256), \ + TEST_DECL_GROUP("ascon", test_ascon_aead128) + +#endif /* TESTS_API_TEST_ASCON_H */ diff --git a/test/ssl/wolfssl/tests/api/test_ascon_kats.h b/test/ssl/wolfssl/tests/api/test_ascon_kats.h new file mode 100644 index 000000000..20f008d1a --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ascon_kats.h @@ -0,0 +1,6517 @@ +/* test_ascon_kats.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include +#include + +#ifndef TESTS_API_TEST_ASCON_KATS_H +#define TESTS_API_TEST_ASCON_KATS_H + +/* KATs taken from https://github.com/ascon/ascon-c */ + +/* crypto_hash/asconhash256/LWC_HASH_KAT_256.txt + * The message is just the byte stream 00 01 02 03 ... */ +static const byte ascon_hash256_output[][32] = { + { 0x0B, 0x3B, 0xE5, 0x85, 0x0F, 0x2F, 0x6B, 0x98, 0xCA, 0xF2, 0x9F, 0x8F, 0xDE, 0xA8, 0x9B, 0x64, 0xA1, 0xFA, 0x70, 0xAA, 0x24, 0x9B, 0x8F, 0x83, 0x9B, 0xD5, 0x3B, 0xAA, 0x30, 0x4D, 0x92, 0xB2 }, + { 0x07, 0x28, 0x62, 0x10, 0x35, 0xAF, 0x3E, 0xD2, 0xBC, 0xA0, 0x3B, 0xF6, 0xFD, 0xE9, 0x00, 0xF9, 0x45, 0x6F, 0x53, 0x30, 0xE4, 0xB5, 0xEE, 0x23, 0xE7, 0xF6, 0xA1, 0xE7, 0x02, 0x91, 0xBC, 0x80 }, + { 0x61, 0x15, 0xE7, 0xC9, 0xC4, 0x08, 0x1C, 0x27, 0x97, 0xFC, 0x8F, 0xE1, 0xBC, 0x57, 0xA8, 0x36, 0xAF, 0xA1, 0xC5, 0x38, 0x1E, 0x55, 0x6D, 0xD5, 0x83, 0x86, 0x0C, 0xA2, 0xDF, 0xB4, 0x8D, 0xD2 }, + { 0x26, 0x5A, 0xB8, 0x9A, 0x60, 0x9F, 0x5A, 0x05, 0xDC, 0xA5, 0x7E, 0x83, 0xFB, 0xBA, 0x70, 0x0F, 0x9A, 0x2D, 0x2C, 0x42, 0x11, 0xBA, 0x4C, 0xC9, 0xF0, 0xA1, 0xA3, 0x69, 0xE1, 0x7B, 0x91, 0x5C }, + { 0xD7, 0xE4, 0xC7, 0xED, 0x9B, 0x8A, 0x32, 0x5C, 0xD0, 0x8B, 0x9E, 0xF2, 0x59, 0xF8, 0x87, 0x70, 0x54, 0xEC, 0xD8, 0x30, 0x4F, 0xE1, 0xB2, 0xD7, 0xFD, 0x84, 0x71, 0x37, 0xDF, 0x67, 0x27, 0xEE }, + { 0xC7, 0xB2, 0x89, 0x62, 0xD4, 0xF5, 0xC2, 0x21, 0x1F, 0x46, 0x6F, 0x83, 0xD3, 0xC5, 0x7A, 0xE1, 0x50, 0x43, 0x87, 0xE2, 0xA3, 0x26, 0x94, 0x97, 0x47, 0xA8, 0x37, 0x64, 0x47, 0xA6, 0xBB, 0x51 }, + { 0xDC, 0x0C, 0x67, 0x48, 0xAF, 0x8F, 0xFE, 0x63, 0xE1, 0x08, 0x4A, 0xA3, 0xE5, 0x78, 0x6A, 0x19, 0x46, 0x85, 0xC8, 0x8C, 0x21, 0x34, 0x8B, 0x29, 0xE1, 0x84, 0xFB, 0x50, 0x40, 0x97, 0x03, 0xBC }, + { 0x3E, 0x4D, 0x27, 0x3B, 0xA6, 0x9B, 0x3B, 0x9C, 0x53, 0x21, 0x61, 0x07, 0xE8, 0x8B, 0x75, 0xCD, 0xBE, 0xED, 0xBC, 0xBF, 0x8F, 0xAF, 0x02, 0x19, 0xC3, 0x92, 0x8A, 0xB6, 0x2B, 0x11, 0x65, 0x77 }, + { 0xB8, 0x8E, 0x49, 0x7A, 0xE8, 0xE6, 0xFB, 0x64, 0x1B, 0x87, 0xEF, 0x62, 0x2E, 0xB8, 0xF2, 0xFC, 0xA0, 0xED, 0x95, 0x38, 0x3F, 0x7F, 0xFE, 0xBE, 0x16, 0x7A, 0xCF, 0x10, 0x99, 0xBA, 0x76, 0x4F }, + { 0x94, 0x26, 0x9C, 0x30, 0xE0, 0x29, 0x6E, 0x1E, 0xC8, 0x66, 0x55, 0x04, 0x18, 0x41, 0x82, 0x3E, 0xFA, 0x19, 0x27, 0xF5, 0x20, 0xFD, 0x58, 0xC8, 0xE9, 0xBC, 0xE6, 0x19, 0x78, 0x78, 0xC1, 0xA6 }, + { 0x89, 0x4F, 0x5C, 0x5B, 0xC7, 0x8A, 0x0A, 0x97, 0xAB, 0xC0, 0xD6, 0x31, 0x23, 0xD0, 0x9A, 0x33, 0x5F, 0xB0, 0xD9, 0x24, 0x30, 0xAD, 0xF9, 0xD1, 0x1F, 0xD2, 0x64, 0x38, 0x54, 0x17, 0x99, 0x68 }, + { 0x68, 0x84, 0x66, 0xB9, 0xEC, 0x50, 0x70, 0x47, 0x6C, 0xEB, 0x93, 0x9F, 0xE3, 0x68, 0xC2, 0xA3, 0x2C, 0x0F, 0x1A, 0x79, 0x5A, 0xF7, 0x61, 0x94, 0x2D, 0x55, 0x18, 0x90, 0x9A, 0x10, 0x81, 0xDA }, + { 0x8C, 0xAF, 0xA6, 0x56, 0x80, 0x7F, 0xAF, 0xA3, 0xDE, 0x9F, 0xEB, 0x2F, 0xB5, 0x66, 0xD6, 0x23, 0x9B, 0xEB, 0xA7, 0x4A, 0xE4, 0x8C, 0x4E, 0x9A, 0x4C, 0xED, 0x5B, 0xF1, 0xB1, 0x3A, 0x75, 0xC9 }, + { 0x94, 0x88, 0x3D, 0x2A, 0x44, 0xE8, 0xF1, 0x39, 0x64, 0xF9, 0x26, 0xDE, 0x55, 0x35, 0x83, 0xDB, 0x7B, 0x1A, 0x82, 0xB0, 0xAA, 0xCC, 0x58, 0xEF, 0x2D, 0x48, 0x46, 0xA5, 0xD6, 0xE8, 0xB4, 0xAC }, + { 0xBE, 0xB6, 0x35, 0x3F, 0x24, 0xE8, 0xDE, 0xE9, 0xF2, 0xB9, 0x92, 0x79, 0xF2, 0x9F, 0x42, 0x5F, 0x7C, 0xCE, 0x30, 0x98, 0xA3, 0x66, 0x5B, 0x7A, 0xF3, 0xAF, 0x86, 0xF7, 0x59, 0xCC, 0x98, 0x5D }, + { 0x64, 0x21, 0x33, 0x0D, 0xF9, 0x9C, 0x05, 0xEB, 0x71, 0x54, 0x15, 0xEE, 0x17, 0xB4, 0x55, 0xF2, 0x67, 0x4F, 0x86, 0x2A, 0xE3, 0xCC, 0x5B, 0xAD, 0xFF, 0xE4, 0x3A, 0x4A, 0x3E, 0xD2, 0x73, 0xE1 }, + { 0x31, 0x58, 0xC1, 0x94, 0x0A, 0x2F, 0xBA, 0xDB, 0xD6, 0x8A, 0xB6, 0x61, 0x77, 0x78, 0x59, 0xB9, 0x4A, 0x68, 0x9E, 0x4E, 0xFC, 0x37, 0x59, 0x11, 0x46, 0x7A, 0xDD, 0xD6, 0x41, 0x83, 0x5C, 0x38 }, + { 0xF1, 0x49, 0xE9, 0x9D, 0xD0, 0xF4, 0x29, 0x59, 0x9B, 0xB8, 0x9B, 0x80, 0x79, 0xBF, 0x3F, 0x4D, 0xCA, 0x3F, 0x29, 0x8E, 0xFE, 0xFC, 0xF9, 0xB1, 0xEA, 0x16, 0xFE, 0x84, 0xF9, 0xB8, 0xB6, 0xE2 }, + { 0xD0, 0x70, 0xF7, 0xBA, 0x0E, 0x9B, 0xCD, 0xB6, 0xB3, 0x4E, 0x83, 0x57, 0x34, 0x3E, 0x90, 0x41, 0x94, 0x31, 0x46, 0xF3, 0x34, 0xFD, 0xAF, 0x6E, 0x20, 0x09, 0x27, 0x5F, 0x6F, 0x25, 0xCB, 0xED }, + { 0x75, 0x94, 0x01, 0xBA, 0x2D, 0x33, 0x73, 0xEB, 0x5A, 0x01, 0x52, 0xBD, 0xE6, 0xFC, 0xC7, 0x26, 0xEC, 0x65, 0xDE, 0xE7, 0x95, 0xA5, 0x74, 0xF1, 0xD7, 0x15, 0xF3, 0xCA, 0xC2, 0x1F, 0x03, 0x81 }, + { 0x98, 0x94, 0x1E, 0x48, 0x4F, 0xBA, 0xE8, 0x74, 0x52, 0xDD, 0xAF, 0x60, 0x30, 0x08, 0x8B, 0x79, 0x8A, 0x56, 0xC3, 0x6E, 0xB6, 0xD4, 0xD3, 0xE9, 0x4B, 0x5C, 0xFF, 0x78, 0xB2, 0x0E, 0x04, 0x81 }, + { 0x41, 0xC8, 0xF7, 0x33, 0xB9, 0xD8, 0x23, 0xBE, 0x30, 0xB6, 0x4E, 0xE7, 0x17, 0xC3, 0x22, 0xC5, 0x76, 0xD3, 0x67, 0x81, 0xFF, 0xC5, 0xF7, 0xD6, 0xC7, 0x30, 0xEC, 0xA5, 0x49, 0x78, 0x97, 0x25 }, + { 0x04, 0x18, 0x3F, 0x60, 0x3C, 0xF5, 0x6E, 0xA2, 0x5E, 0x5C, 0x29, 0x9D, 0x3F, 0xBD, 0xB1, 0x72, 0x28, 0xD6, 0x41, 0x1F, 0x15, 0xE9, 0xF7, 0x7C, 0x77, 0x89, 0xCE, 0x89, 0xEC, 0x9B, 0x8B, 0x0E }, + { 0xB4, 0xF8, 0x8D, 0x12, 0x1E, 0xDD, 0xF6, 0xD1, 0xFE, 0xA9, 0xAE, 0xF1, 0x5F, 0x68, 0xA0, 0xF3, 0xA1, 0x6D, 0x3D, 0x2C, 0xDD, 0x98, 0x17, 0x22, 0x58, 0x09, 0xC2, 0x04, 0x52, 0xB0, 0x4C, 0x61 }, + { 0x7E, 0x6A, 0x31, 0xFA, 0x65, 0x59, 0x53, 0x6A, 0x7A, 0xD6, 0x16, 0x22, 0xF6, 0x15, 0x0F, 0xA3, 0xB2, 0xA2, 0x9E, 0xBB, 0xF3, 0x9A, 0xD8, 0x01, 0x1B, 0x79, 0x02, 0xCC, 0x61, 0x25, 0x71, 0xE6 }, + { 0xAC, 0xF3, 0x9F, 0xB4, 0x9C, 0xBA, 0xA0, 0xB4, 0xBC, 0x04, 0xC5, 0x48, 0x22, 0x45, 0x43, 0xB7, 0x50, 0x19, 0xBA, 0x63, 0x9C, 0xE4, 0xD0, 0xA5, 0x8C, 0xAE, 0xDA, 0xF1, 0x7E, 0x0F, 0x8D, 0x9F }, + { 0xB1, 0xBB, 0x94, 0x8E, 0xDA, 0x56, 0x00, 0x9F, 0x5D, 0x66, 0xED, 0x7B, 0xDC, 0x58, 0x94, 0xE5, 0xE7, 0x72, 0xD4, 0x34, 0x1B, 0xB7, 0x04, 0x05, 0xC3, 0x65, 0x51, 0x89, 0x76, 0xEB, 0x95, 0x73 }, + { 0xB1, 0x6E, 0xE2, 0x00, 0xDD, 0x3E, 0x0C, 0x85, 0xCC, 0xCD, 0x7F, 0xFC, 0x3D, 0x6B, 0xD7, 0x1E, 0xBC, 0xB7, 0x6B, 0x2F, 0x4C, 0x03, 0x3A, 0xB0, 0x60, 0x2F, 0x68, 0x6F, 0xCA, 0xDF, 0xC3, 0xFA }, + { 0x09, 0x86, 0xEC, 0xA8, 0xE6, 0x31, 0xD1, 0x84, 0xCF, 0x4A, 0x15, 0xF4, 0xA5, 0x8D, 0x4A, 0x17, 0x62, 0x5E, 0x66, 0xFF, 0x0E, 0xDE, 0x48, 0x6B, 0xA1, 0x19, 0xE5, 0xD4, 0x15, 0x5A, 0x15, 0x45 }, + { 0x41, 0xDF, 0x85, 0xF3, 0x64, 0x72, 0x36, 0x93, 0x9A, 0xDB, 0xB8, 0x8A, 0xBD, 0x30, 0xA5, 0xE0, 0x52, 0x72, 0x3E, 0x25, 0xDB, 0x09, 0xAB, 0x23, 0xF2, 0x8B, 0xBA, 0x55, 0x40, 0x56, 0xF5, 0xEB }, + { 0x84, 0xB6, 0x8F, 0xDE, 0xB9, 0xF5, 0xDF, 0xBA, 0x8F, 0xBE, 0x03, 0x14, 0xC4, 0xC7, 0x9A, 0x1E, 0x3E, 0xAE, 0x97, 0xC9, 0xB0, 0x18, 0xFC, 0xAC, 0x88, 0xFD, 0x9B, 0xD4, 0x07, 0x08, 0x6E, 0x70 }, + { 0xB9, 0x00, 0xCD, 0x3F, 0x06, 0xF1, 0x61, 0x8B, 0x68, 0xC1, 0x66, 0x65, 0x80, 0x72, 0x06, 0xDB, 0xE2, 0x73, 0xDF, 0x40, 0x13, 0x53, 0x61, 0xF4, 0x49, 0x84, 0x7D, 0x57, 0x39, 0x03, 0xFA, 0xBD }, + { 0xBD, 0x9D, 0x3D, 0x60, 0xA6, 0x6B, 0x53, 0x86, 0x8E, 0xAB, 0x2A, 0x5C, 0x74, 0x53, 0x9A, 0x51, 0x8A, 0x1F, 0x60, 0xF0, 0x1E, 0xB1, 0x76, 0xC6, 0x0E, 0x43, 0xDE, 0xE8, 0x16, 0x80, 0xB3, 0x3E }, + { 0xA5, 0x86, 0x65, 0xA2, 0xCB, 0x95, 0x30, 0xC5, 0x02, 0x09, 0x6A, 0x79, 0x57, 0xA7, 0x6E, 0x42, 0x8A, 0xF4, 0xAD, 0x04, 0x4B, 0x4D, 0xA5, 0xC4, 0x71, 0xF9, 0xDA, 0x6F, 0x7B, 0x3E, 0x58, 0x68 }, + { 0x23, 0x3B, 0x38, 0xDC, 0x79, 0x2B, 0x0B, 0xF3, 0xB4, 0x34, 0x5A, 0x4C, 0x12, 0xAE, 0x6E, 0xF2, 0x58, 0x90, 0x7F, 0x9F, 0x23, 0xBB, 0x8A, 0x48, 0xFB, 0x3D, 0x2C, 0x53, 0xC1, 0x71, 0xC4, 0x76 }, + { 0xD1, 0x0C, 0x48, 0xFE, 0x22, 0xF4, 0x1C, 0xEF, 0x30, 0x0A, 0x09, 0x5C, 0xAE, 0x25, 0xC3, 0x56, 0x8F, 0xA2, 0xE4, 0x8F, 0xF6, 0xA0, 0xAF, 0xF0, 0xE6, 0x45, 0x7C, 0x7A, 0x40, 0x01, 0x35, 0x88 }, + { 0x6C, 0x73, 0x55, 0x83, 0xF6, 0x0D, 0x13, 0x57, 0x4D, 0xA7, 0x9B, 0x62, 0xBA, 0x7D, 0x3E, 0x87, 0xF5, 0xFD, 0x09, 0x35, 0xD2, 0x26, 0x97, 0xEC, 0xAF, 0xC1, 0x7F, 0x39, 0x58, 0x25, 0xAE, 0x78 }, + { 0xF2, 0x49, 0x19, 0xE8, 0xFE, 0xA2, 0x71, 0x8C, 0xBF, 0x9A, 0x8B, 0xF0, 0x98, 0x38, 0x1E, 0x0B, 0xE6, 0x6D, 0x1B, 0x96, 0x54, 0xAE, 0xC0, 0x4B, 0xEF, 0x00, 0x12, 0xAD, 0x9D, 0x0B, 0x38, 0x2D }, + { 0xD9, 0x2A, 0x87, 0x30, 0x36, 0xD0, 0x32, 0x8E, 0xB8, 0x35, 0x76, 0x66, 0x97, 0x72, 0x6C, 0xC8, 0x1A, 0x6A, 0xA2, 0x2A, 0xDA, 0x1A, 0x52, 0x24, 0x8B, 0xE8, 0x04, 0x4C, 0x65, 0xC3, 0xEB, 0xBF }, + { 0xBA, 0x2A, 0xAD, 0x77, 0x83, 0x0B, 0x4F, 0x5C, 0xFF, 0xDA, 0x77, 0x1F, 0xEF, 0xEF, 0x9E, 0x8C, 0x1E, 0x94, 0x7C, 0x97, 0xA1, 0x07, 0x72, 0x5F, 0x0D, 0x37, 0xE6, 0x9A, 0xF5, 0xB2, 0xFD, 0xC1 }, + { 0x30, 0xB7, 0x80, 0xA6, 0x2A, 0xF5, 0x95, 0xCA, 0x6D, 0x21, 0xA6, 0x7B, 0xCF, 0x88, 0xAE, 0x12, 0xDA, 0xA3, 0xE3, 0x36, 0xDB, 0xBA, 0x52, 0xF4, 0x11, 0x2D, 0x37, 0x16, 0xBC, 0x0E, 0x63, 0x3C }, + { 0xD3, 0xC0, 0x61, 0x33, 0x3D, 0x56, 0x3A, 0xFE, 0xDA, 0xE0, 0x90, 0x7A, 0xED, 0x1B, 0x39, 0x8A, 0x0D, 0x9B, 0xBA, 0x6A, 0x7B, 0xF3, 0x81, 0x11, 0xC1, 0x98, 0xD3, 0x73, 0x49, 0x85, 0xAA, 0x30 }, + { 0x0D, 0x1A, 0x50, 0x49, 0x17, 0x18, 0xB3, 0x00, 0x24, 0x65, 0x2B, 0x02, 0xF6, 0xBB, 0xC8, 0xFD, 0x64, 0x89, 0x96, 0x28, 0x9B, 0x80, 0xBC, 0x68, 0x9B, 0x88, 0x63, 0xF9, 0x2A, 0xF3, 0xF0, 0x2A }, + { 0xB4, 0xCB, 0x36, 0x55, 0xCF, 0xD0, 0xFF, 0x0C, 0xD9, 0x59, 0x0F, 0x6F, 0x24, 0xC5, 0xF3, 0x4C, 0xF9, 0xB2, 0xC6, 0xFA, 0xC8, 0x77, 0xCD, 0x3E, 0x03, 0x94, 0x25, 0x4D, 0x61, 0xAC, 0xA9, 0x2C }, + { 0xCC, 0x14, 0x0B, 0xC4, 0x6B, 0x2F, 0x71, 0xE2, 0x2B, 0xDC, 0x55, 0x3F, 0x79, 0x39, 0xEA, 0x69, 0xEB, 0x69, 0x41, 0xDA, 0xCE, 0xCB, 0x1D, 0xD7, 0xE3, 0x64, 0x16, 0xC6, 0x3C, 0x8E, 0xCD, 0x1F }, + { 0xE0, 0xB6, 0x8F, 0x41, 0x5B, 0x40, 0x82, 0x60, 0xD1, 0x8E, 0x70, 0xCF, 0x9C, 0x9D, 0x0C, 0x0E, 0x73, 0xA8, 0x73, 0x44, 0x81, 0x4F, 0x6D, 0xE5, 0xB4, 0x76, 0x9B, 0x0A, 0xC3, 0x88, 0xBD, 0xDF }, + { 0x09, 0xA3, 0x7F, 0x0B, 0x5D, 0x1C, 0x58, 0x2A, 0x39, 0xB0, 0x76, 0xA4, 0x29, 0x08, 0x5D, 0xB4, 0x8F, 0xED, 0x6D, 0xD4, 0xA1, 0x96, 0x19, 0xCA, 0x66, 0xCF, 0x29, 0x39, 0x6B, 0x34, 0x91, 0x1D }, + { 0xEF, 0x8D, 0x86, 0x52, 0xAB, 0xD1, 0xF6, 0xC1, 0xAD, 0x29, 0x8F, 0x37, 0x50, 0xD4, 0xD4, 0x59, 0xF1, 0xE0, 0xA8, 0x23, 0xD8, 0x41, 0x5C, 0x22, 0x4C, 0xB5, 0x0E, 0xDC, 0xF3, 0x47, 0x51, 0x99 }, + { 0xB1, 0xF1, 0x67, 0x20, 0x71, 0xC9, 0xF7, 0x5A, 0x5F, 0xB2, 0x2B, 0xAF, 0xC9, 0x67, 0x22, 0xCD, 0x97, 0x05, 0xDB, 0x76, 0xD3, 0x4D, 0x00, 0x17, 0x0E, 0x07, 0xD0, 0x77, 0xB2, 0x22, 0x48, 0x63 }, + { 0xC1, 0x54, 0x8D, 0xC2, 0x08, 0x9F, 0x06, 0x74, 0x07, 0xD0, 0xEE, 0x60, 0x2A, 0xC1, 0x4F, 0x2B, 0x3C, 0x51, 0xD9, 0x59, 0xBB, 0x88, 0x0B, 0x7F, 0xAF, 0x61, 0xAC, 0x11, 0xD7, 0x40, 0xA6, 0xFD }, + { 0x56, 0xC4, 0xDF, 0x3D, 0x75, 0x03, 0x9D, 0xB9, 0x6B, 0x97, 0x51, 0x29, 0x08, 0xBA, 0xA1, 0xC7, 0x63, 0x21, 0xF2, 0x04, 0x80, 0xB8, 0xEA, 0xE5, 0x5B, 0xD9, 0x7F, 0x48, 0xB3, 0xB4, 0xCB, 0xFB }, + { 0xA1, 0x8B, 0x3B, 0x8A, 0x87, 0xB0, 0xA3, 0xBA, 0x20, 0x66, 0x73, 0x4E, 0x20, 0xD1, 0xF2, 0x64, 0x65, 0x52, 0xAE, 0x11, 0x6A, 0x35, 0x31, 0xAC, 0x0C, 0x48, 0x39, 0x87, 0xC3, 0xFE, 0x54, 0x26 }, + { 0xA0, 0x9D, 0x34, 0x48, 0x15, 0x8D, 0x82, 0x46, 0x57, 0xE2, 0x49, 0x63, 0xB0, 0xDD, 0x71, 0x81, 0xBD, 0x11, 0xEE, 0xC4, 0xAD, 0x18, 0x15, 0xA0, 0xCB, 0x7C, 0x0A, 0x45, 0xAF, 0x4F, 0x1E, 0x0A }, + { 0xD2, 0xD1, 0x0D, 0xC1, 0xB3, 0x2B, 0x54, 0xA6, 0xED, 0x86, 0x6E, 0x9A, 0xE5, 0xEB, 0xD0, 0xD3, 0x0E, 0x17, 0x5D, 0xC0, 0x21, 0x1B, 0x94, 0x5F, 0x0B, 0x1D, 0x97, 0xA4, 0x2F, 0x65, 0x86, 0x0E }, + { 0xEC, 0x5B, 0x70, 0xB8, 0xB9, 0xCB, 0x77, 0x03, 0x73, 0x49, 0x15, 0xE4, 0xA7, 0x3D, 0xD2, 0x26, 0x84, 0xCC, 0x79, 0x67, 0x81, 0xC8, 0xAF, 0x29, 0x8B, 0x76, 0xC9, 0xC2, 0x20, 0xFC, 0x2C, 0xCD }, + { 0x7E, 0x1A, 0xC0, 0x99, 0x00, 0x3D, 0x8D, 0xBB, 0x94, 0xB6, 0x17, 0x4E, 0x1D, 0x9A, 0xC9, 0x48, 0x06, 0xFE, 0xA0, 0x50, 0x5D, 0xEC, 0xBB, 0x2F, 0x44, 0xED, 0xF7, 0xA7, 0xF4, 0xC5, 0x5D, 0x9F }, + { 0xF5, 0xD3, 0x13, 0x4B, 0x3C, 0x08, 0x94, 0x73, 0x80, 0x24, 0xA9, 0x6C, 0xBB, 0x56, 0xFC, 0x2C, 0xDA, 0xB7, 0x2D, 0x99, 0xFD, 0x9E, 0x97, 0x96, 0x5A, 0xDC, 0xB6, 0xB8, 0xA2, 0x43, 0xDE, 0x09 }, + { 0x7A, 0x73, 0x6E, 0x2E, 0x8E, 0xD2, 0xCF, 0xFF, 0xC3, 0xAC, 0x4B, 0xE0, 0x18, 0x4D, 0x7F, 0xBF, 0xE4, 0x65, 0x34, 0x3A, 0x2F, 0x86, 0x7A, 0x83, 0x50, 0xBE, 0x8E, 0x3D, 0x08, 0x21, 0xEA, 0x76 }, + { 0x36, 0xBB, 0x5C, 0xCA, 0xFD, 0xBD, 0xEA, 0xD8, 0x49, 0x33, 0xCD, 0xF8, 0x4A, 0xE5, 0x15, 0x23, 0x28, 0x9B, 0xA2, 0xBF, 0x5D, 0x66, 0x2F, 0xDA, 0xE6, 0x73, 0x53, 0xE5, 0xC3, 0x1B, 0xE8, 0x1F }, + { 0x09, 0xCC, 0x7B, 0xCC, 0xBF, 0x90, 0x8D, 0x95, 0x1F, 0xB0, 0xD9, 0x26, 0x29, 0x8E, 0x0F, 0x54, 0x6B, 0xD6, 0xA7, 0xA9, 0x77, 0x24, 0xAE, 0xFD, 0x26, 0xD6, 0xF7, 0xE5, 0x9D, 0x20, 0x8B, 0x46 }, + { 0x4A, 0x99, 0xFA, 0x51, 0x04, 0xDC, 0xF3, 0xB3, 0xDB, 0x1A, 0xBF, 0x99, 0x89, 0xF6, 0x05, 0xDB, 0x41, 0xF4, 0x7E, 0x99, 0x64, 0x98, 0xE8, 0x95, 0x08, 0x39, 0x3B, 0xD4, 0x98, 0x01, 0x0D, 0x14 }, + { 0x55, 0x60, 0x63, 0x49, 0xF7, 0x39, 0x94, 0x3D, 0x50, 0x58, 0x60, 0x7C, 0xEA, 0xC1, 0x96, 0x9F, 0x85, 0x5D, 0x28, 0xB9, 0xA1, 0xA9, 0xB3, 0xAC, 0xD6, 0xFE, 0xDD, 0x4B, 0x39, 0x6A, 0xC5, 0x0F }, + { 0x10, 0x33, 0x93, 0x4C, 0xD0, 0xB8, 0x8F, 0xF3, 0x75, 0x3D, 0x64, 0xCE, 0x19, 0x44, 0x72, 0xC4, 0x0B, 0xAF, 0x64, 0x4C, 0xD8, 0xB0, 0xFE, 0x6A, 0xE8, 0xE5, 0xD1, 0x27, 0x0A, 0xED, 0x48, 0x28 }, + { 0x50, 0x72, 0x89, 0x68, 0x62, 0xF6, 0xB9, 0xCF, 0xE8, 0xEF, 0x76, 0xD8, 0x05, 0x59, 0xE1, 0x56, 0x25, 0x47, 0x82, 0xA4, 0x0A, 0xC5, 0xF6, 0x4C, 0xBF, 0x79, 0x34, 0xAD, 0x1F, 0x62, 0x4B, 0x30 }, + { 0xA6, 0xF2, 0x41, 0xBE, 0xA5, 0xD1, 0x64, 0x05, 0x81, 0x2C, 0x06, 0x01, 0x9D, 0x9F, 0x72, 0xD6, 0x01, 0x32, 0xBD, 0x7C, 0x08, 0x9C, 0x60, 0x54, 0x9B, 0x2E, 0x56, 0xBB, 0x01, 0xC6, 0x4F, 0x48 }, + { 0xBF, 0xF4, 0xFA, 0x00, 0x6F, 0xE6, 0xFE, 0xAB, 0xB5, 0xCE, 0x9B, 0x21, 0x94, 0x92, 0xD0, 0xD2, 0x30, 0xF4, 0xD0, 0x5F, 0x2B, 0xAC, 0x42, 0xDB, 0x71, 0x89, 0xF4, 0x41, 0xB1, 0xE8, 0x3B, 0x53 }, + { 0x75, 0x99, 0x0E, 0x96, 0x27, 0xBB, 0xB8, 0xC3, 0xF7, 0xC9, 0xE1, 0xF3, 0x8C, 0xB4, 0x1B, 0x51, 0xE5, 0x11, 0x05, 0x8E, 0x61, 0x90, 0x11, 0xF0, 0xD5, 0x67, 0xE1, 0xC0, 0x31, 0x60, 0x15, 0x1F }, + { 0xF1, 0xFE, 0x88, 0xE3, 0xEA, 0x13, 0xAE, 0x2F, 0xBA, 0x90, 0x42, 0x7D, 0x2F, 0x2D, 0xDD, 0x29, 0x00, 0x2A, 0x34, 0xFF, 0x19, 0x89, 0x1A, 0x2E, 0xA5, 0x97, 0x5E, 0x16, 0x79, 0xBE, 0x51, 0xD0 }, + { 0xD2, 0xFF, 0x3D, 0x2E, 0x18, 0x0C, 0x7B, 0x44, 0x01, 0x85, 0x03, 0x6C, 0xBF, 0xAD, 0xEF, 0x95, 0xA7, 0xDE, 0x89, 0x7E, 0xB1, 0xED, 0xD5, 0x65, 0xCB, 0x11, 0x28, 0x45, 0xAD, 0x63, 0x2F, 0xB2 }, + { 0x9C, 0x6B, 0x59, 0x6A, 0x7B, 0x55, 0xE0, 0x6A, 0x85, 0x76, 0x65, 0xC0, 0x15, 0x36, 0xEB, 0x98, 0x62, 0x1D, 0x5E, 0xFA, 0xA1, 0x86, 0x92, 0x6B, 0xAC, 0x4C, 0x4B, 0xC7, 0x26, 0x80, 0xF5, 0xA5 }, + { 0x4A, 0xE5, 0x7C, 0xDD, 0xE7, 0x06, 0x24, 0x7B, 0x6A, 0x0F, 0x3F, 0xEB, 0x5E, 0x2E, 0x96, 0x91, 0x35, 0x8A, 0x34, 0xBC, 0x12, 0x7F, 0xE6, 0x29, 0xE5, 0xF0, 0x88, 0x5E, 0x75, 0x1C, 0x68, 0x47 }, + { 0xF4, 0xD2, 0x5E, 0x0C, 0xED, 0x01, 0x59, 0x65, 0xCA, 0x64, 0xF0, 0xFA, 0x2A, 0x02, 0x43, 0xEA, 0x4B, 0x6A, 0x2A, 0x28, 0x86, 0x91, 0xD3, 0x31, 0x92, 0x3F, 0x89, 0x15, 0xB1, 0x57, 0xC8, 0xE5 }, + { 0xDC, 0xB2, 0x1F, 0x48, 0x33, 0xA5, 0x06, 0x06, 0x16, 0xE1, 0xE6, 0xF0, 0xAB, 0x19, 0x08, 0x33, 0xCC, 0xF6, 0x5C, 0xE6, 0xA9, 0x6E, 0x93, 0x33, 0x65, 0x82, 0xAE, 0x73, 0x2E, 0xDB, 0x55, 0xCA }, + { 0x92, 0x10, 0x19, 0xC1, 0x9A, 0x28, 0x7F, 0x9A, 0x26, 0x99, 0x86, 0xEA, 0xE4, 0xF1, 0xC2, 0x7A, 0xF9, 0xAC, 0x6D, 0xA2, 0x84, 0x87, 0xEC, 0xF9, 0xAE, 0x70, 0x57, 0xEA, 0xBC, 0x6E, 0x15, 0x6E }, + { 0x62, 0x21, 0xD9, 0xD6, 0xAD, 0x78, 0x39, 0x12, 0x7F, 0x69, 0x60, 0x1B, 0x1D, 0xAF, 0xBD, 0x5C, 0x2D, 0xEA, 0xA7, 0xD7, 0xF6, 0x5B, 0xE0, 0xF1, 0x0D, 0x1C, 0x76, 0x6F, 0x18, 0x7D, 0xB3, 0xA1 }, + { 0x18, 0x89, 0x1B, 0x92, 0x4C, 0x37, 0x86, 0x46, 0x6E, 0x29, 0x48, 0xA1, 0x64, 0xDF, 0xFD, 0xFC, 0xCC, 0x39, 0xD9, 0x0E, 0x02, 0xFE, 0xB2, 0x23, 0xEE, 0x59, 0xC6, 0x84, 0x60, 0x33, 0x30, 0xEE }, + { 0xF0, 0xF6, 0xD1, 0x14, 0xD5, 0xA9, 0xD7, 0x25, 0x89, 0x31, 0xB0, 0xC2, 0x30, 0xCA, 0xB4, 0x2D, 0x5F, 0xDD, 0x88, 0x5E, 0x10, 0x40, 0xB1, 0x64, 0xD6, 0x7C, 0x5E, 0x0D, 0x81, 0x9D, 0xF0, 0xF5 }, + { 0xB8, 0xFB, 0x1C, 0x67, 0x45, 0x7E, 0xDA, 0x64, 0x35, 0xFC, 0x12, 0xD6, 0x6A, 0x1D, 0x9C, 0x8F, 0xCB, 0x84, 0xAF, 0x39, 0xE3, 0x66, 0xE1, 0x2D, 0x91, 0x9C, 0x4A, 0xCE, 0xAB, 0xC8, 0x9A, 0x5F }, + { 0x09, 0xE5, 0x2E, 0x20, 0xE9, 0x27, 0x6C, 0xD9, 0x3D, 0xE5, 0x80, 0xCD, 0x62, 0x24, 0x7C, 0x29, 0x06, 0x67, 0x86, 0x9B, 0x8D, 0xD0, 0x59, 0x4E, 0xE2, 0x06, 0xFA, 0x6C, 0x80, 0x3E, 0x66, 0xB3 }, + { 0xF6, 0x70, 0xCE, 0x04, 0x25, 0x42, 0xF0, 0x94, 0x17, 0x0A, 0xAE, 0x96, 0x52, 0x9D, 0x9A, 0x66, 0x8D, 0xE5, 0x00, 0x7C, 0xED, 0x22, 0x6D, 0x0C, 0xC3, 0x3D, 0x89, 0x35, 0xC5, 0x89, 0xEC, 0xFE }, + { 0x12, 0x56, 0xEA, 0xF4, 0x2D, 0xA2, 0x69, 0xCD, 0xF7, 0xB4, 0x06, 0x0F, 0xBF, 0xAC, 0x5C, 0x0C, 0x9E, 0x4F, 0x15, 0x7D, 0x75, 0xA4, 0x28, 0x0D, 0x5A, 0xE3, 0x92, 0xB4, 0x7E, 0xA7, 0x3A, 0x8D }, + { 0x7E, 0xCC, 0x08, 0xFC, 0x32, 0xC0, 0xD0, 0x8D, 0xCB, 0xB1, 0xA7, 0xD9, 0xD6, 0x59, 0x3D, 0x61, 0x32, 0x55, 0xCA, 0xE7, 0xA0, 0x66, 0x0D, 0x84, 0x58, 0xC8, 0x9B, 0xD1, 0x5F, 0x14, 0x61, 0x32 }, + { 0x63, 0xE6, 0x9C, 0xB1, 0xED, 0x97, 0x2E, 0xBD, 0xEF, 0xB6, 0x1D, 0xFA, 0x17, 0x2D, 0x4E, 0x7D, 0x26, 0xBE, 0x9A, 0x96, 0x94, 0x07, 0x18, 0xB3, 0xE3, 0xEA, 0x6E, 0x24, 0x5C, 0x34, 0xD2, 0x3D }, + { 0xC4, 0xE8, 0x6E, 0xCB, 0x29, 0xD9, 0xA5, 0xBC, 0x01, 0x63, 0x7D, 0x11, 0x62, 0x83, 0xDF, 0x12, 0xC3, 0x64, 0xA6, 0xE4, 0x7D, 0x6E, 0x5A, 0x17, 0x5E, 0xBA, 0x86, 0x6E, 0xD8, 0x87, 0x5A, 0x4E }, + { 0x62, 0x6F, 0x79, 0x54, 0x41, 0x9A, 0x36, 0x21, 0xA5, 0x1A, 0x4E, 0x5B, 0x8E, 0x51, 0x22, 0xFC, 0xA4, 0x64, 0x2C, 0xF4, 0x78, 0x6A, 0x78, 0x05, 0x92, 0x7E, 0x40, 0xC3, 0x77, 0x23, 0xC0, 0x07 }, + { 0x07, 0xD1, 0x4C, 0xB0, 0x76, 0x8F, 0xB8, 0xB6, 0x62, 0xC9, 0x61, 0x5A, 0x55, 0xF3, 0x6C, 0x6F, 0xE5, 0xB0, 0x4C, 0x10, 0x9A, 0x28, 0xA6, 0x2B, 0xF6, 0xA3, 0x82, 0x21, 0xB7, 0xB3, 0x3C, 0x29 }, + { 0x56, 0x29, 0xF6, 0x3E, 0x46, 0xBE, 0x54, 0x70, 0xDD, 0x66, 0x82, 0xEA, 0x8E, 0x0A, 0x3D, 0x94, 0x2D, 0xE2, 0x73, 0xBC, 0xAE, 0xDD, 0x80, 0x84, 0xF2, 0xEE, 0x92, 0x12, 0xB2, 0x90, 0x53, 0xE2 }, + { 0x41, 0x46, 0x44, 0x5D, 0xDC, 0xD6, 0x93, 0x05, 0x7D, 0xEC, 0x80, 0x45, 0x7B, 0xC4, 0x6F, 0xD6, 0xBB, 0x65, 0xC2, 0x6E, 0xDF, 0xB7, 0x8D, 0x42, 0x56, 0x8B, 0xEC, 0x94, 0xD9, 0x9E, 0x1D, 0xF8 }, + { 0xC0, 0xF2, 0x62, 0xA5, 0x8F, 0x3E, 0x66, 0x49, 0x64, 0x37, 0x5E, 0xDC, 0x29, 0x75, 0xFC, 0xCE, 0x1F, 0x4E, 0xCA, 0xF1, 0x8C, 0x02, 0x58, 0xE7, 0x2D, 0xB4, 0xD2, 0x5C, 0x9E, 0x08, 0xCC, 0x69 }, + { 0x08, 0xFE, 0x27, 0xA3, 0xF8, 0x20, 0xD8, 0xC5, 0x2D, 0x62, 0x4D, 0xD9, 0x38, 0xAE, 0xD1, 0x61, 0x53, 0x6E, 0x1A, 0x33, 0xE5, 0xCE, 0x4C, 0xC6, 0x23, 0x9D, 0xF0, 0x5F, 0x0A, 0x59, 0xA7, 0x51 }, + { 0x9C, 0x13, 0xF4, 0xCE, 0x1E, 0x97, 0x5A, 0x80, 0x1F, 0x37, 0x4F, 0x2F, 0x64, 0x70, 0xF1, 0x8F, 0xDE, 0x9F, 0x0D, 0xE8, 0xA8, 0xDF, 0x6B, 0x4E, 0x36, 0x75, 0x8B, 0xB0, 0x26, 0x76, 0x45, 0x42 }, + { 0xB5, 0xE0, 0x05, 0x74, 0xC2, 0xBA, 0x7A, 0x65, 0xEA, 0x9D, 0xF2, 0xFC, 0x0F, 0x70, 0x67, 0x82, 0xC7, 0xBD, 0xA2, 0x7E, 0xBF, 0x5B, 0x24, 0xE1, 0x9A, 0x20, 0xAB, 0xB8, 0x6E, 0x3B, 0x6F, 0x04 }, + { 0xD7, 0xCE, 0x45, 0x59, 0xE0, 0xA4, 0x5E, 0x4B, 0x0B, 0xE3, 0x12, 0x70, 0x44, 0x9F, 0xB1, 0xD4, 0x7C, 0x57, 0xE1, 0x79, 0xE3, 0xA4, 0x43, 0x1A, 0xA4, 0x72, 0x3F, 0x32, 0x0A, 0xF9, 0x2A, 0x7D }, + { 0x00, 0xFF, 0x7C, 0x40, 0xF1, 0xDE, 0xC0, 0x62, 0xD9, 0x21, 0xC2, 0x41, 0xA6, 0xD5, 0xFD, 0x20, 0xAB, 0x48, 0x01, 0xEB, 0x8D, 0xC9, 0x8E, 0xF2, 0x0A, 0xA0, 0xA4, 0xE9, 0x73, 0x16, 0x9F, 0x23 }, + { 0x1D, 0xBD, 0x86, 0x7B, 0x3D, 0x40, 0x71, 0xCD, 0xED, 0xEF, 0xCE, 0x29, 0x79, 0x07, 0x9A, 0x0D, 0x14, 0x8F, 0xFF, 0xB9, 0x01, 0x89, 0xE2, 0x4F, 0x3E, 0x49, 0x43, 0x52, 0xD5, 0x5B, 0x32, 0xB8 }, + { 0x58, 0xDB, 0xF7, 0x08, 0x68, 0x7D, 0xF3, 0x97, 0x48, 0x3F, 0xA2, 0xBE, 0x31, 0x06, 0x47, 0xFC, 0x11, 0xF2, 0x4D, 0xB0, 0xCC, 0x07, 0x23, 0xC1, 0xB0, 0x79, 0xEC, 0x2D, 0xD4, 0x33, 0xFA, 0x26 }, + { 0xEF, 0xA6, 0xAF, 0x2D, 0x55, 0xDA, 0xDD, 0xD7, 0xC4, 0x79, 0x60, 0x67, 0x1F, 0x45, 0x22, 0xF3, 0x46, 0xDB, 0x32, 0xF5, 0x09, 0xF1, 0x39, 0x0B, 0x91, 0x49, 0xFD, 0xA5, 0x5E, 0x88, 0xB7, 0x05 }, + { 0xE0, 0x05, 0xA4, 0x12, 0x9C, 0xA6, 0xC4, 0x41, 0xD9, 0x2C, 0x59, 0x2F, 0x42, 0x2C, 0x7C, 0x80, 0x93, 0x6E, 0x78, 0xF6, 0xA6, 0x27, 0xC3, 0xCB, 0x17, 0x32, 0x7F, 0xAF, 0x0E, 0x5F, 0x76, 0x04 }, + { 0x86, 0xCE, 0x35, 0x14, 0x6F, 0x77, 0x12, 0x9E, 0xA1, 0xA2, 0xD3, 0xA2, 0x42, 0xEA, 0x6B, 0xA6, 0x38, 0xC2, 0x69, 0x94, 0xEF, 0x78, 0x70, 0x74, 0x7D, 0x2C, 0xA7, 0xC5, 0x91, 0xF6, 0xFF, 0xE5 }, + { 0x31, 0xB3, 0xC6, 0xBB, 0x3E, 0xF3, 0xFE, 0xE1, 0xC8, 0x20, 0xF2, 0xBD, 0xA3, 0x1A, 0x52, 0x38, 0x7A, 0xAA, 0xE8, 0x16, 0x00, 0x3D, 0xDB, 0x99, 0x2A, 0xC0, 0x3D, 0x2D, 0xD9, 0xC6, 0xE0, 0x05 }, + { 0xA4, 0xBC, 0x45, 0x3C, 0x84, 0xF8, 0x24, 0xF1, 0x00, 0x92, 0xE8, 0xE9, 0x03, 0x17, 0x99, 0x95, 0x7E, 0x98, 0x4A, 0x29, 0xBB, 0xAE, 0x5E, 0x84, 0x34, 0x5E, 0x82, 0xF4, 0x8D, 0xD7, 0x11, 0x92 }, + { 0x53, 0xE2, 0xB4, 0x37, 0x6B, 0xA5, 0xD9, 0xED, 0xB8, 0x32, 0x22, 0xEA, 0x38, 0x48, 0x8F, 0x86, 0x20, 0x76, 0x04, 0x66, 0xFA, 0xFE, 0x2A, 0x13, 0x9A, 0x0A, 0x0E, 0xFB, 0x5A, 0x13, 0xBB, 0xDF }, + { 0x1F, 0x15, 0x99, 0xE7, 0x8E, 0x22, 0x78, 0xDD, 0xEA, 0x1F, 0x73, 0x08, 0x74, 0xF3, 0x50, 0x43, 0xDF, 0x8D, 0xA1, 0xB3, 0x6A, 0x4C, 0xEC, 0x02, 0x97, 0x36, 0xEB, 0x83, 0x22, 0x55, 0x0E, 0x7C }, + { 0x69, 0x6A, 0x1A, 0x34, 0x34, 0x07, 0xB0, 0x6B, 0x9A, 0xE6, 0x09, 0x6C, 0x40, 0x7D, 0x09, 0x98, 0xA4, 0xB6, 0x5F, 0xCF, 0xD6, 0xE3, 0xB7, 0xB1, 0xAD, 0xC7, 0xE8, 0xF5, 0x8F, 0x53, 0x6C, 0xF3 }, + { 0x21, 0x9F, 0x6B, 0xC8, 0x7C, 0x08, 0xBB, 0xAD, 0xF0, 0x3F, 0xA9, 0xC8, 0x9B, 0x7C, 0x21, 0xAE, 0x79, 0x43, 0x7F, 0x6A, 0x28, 0xB3, 0xE6, 0x75, 0x52, 0xB5, 0x19, 0xAB, 0x3D, 0x23, 0xD4, 0x90 }, + { 0x61, 0x53, 0x0E, 0xC0, 0x48, 0x1A, 0x7F, 0x69, 0x78, 0xF9, 0x44, 0x58, 0xFF, 0x1C, 0x4A, 0x8C, 0x70, 0x96, 0x8E, 0x60, 0x42, 0xAF, 0x77, 0xF6, 0x55, 0x6B, 0x9E, 0xF5, 0x47, 0x50, 0xCC, 0x58 }, + { 0xD7, 0x87, 0x5C, 0x3A, 0xB1, 0x81, 0x16, 0xFE, 0xD8, 0x66, 0xA0, 0xD7, 0xBB, 0x41, 0x3A, 0x17, 0xDE, 0xA3, 0x00, 0x3C, 0x7F, 0xE3, 0xAB, 0x1C, 0xAF, 0x06, 0xE6, 0x89, 0x46, 0x14, 0x67, 0xF0 }, + { 0x93, 0x4F, 0xDD, 0xDE, 0xBD, 0x08, 0xE4, 0x38, 0xE8, 0xEB, 0x84, 0x0F, 0x91, 0x01, 0x67, 0x69, 0xE8, 0x5B, 0xD2, 0xB2, 0x39, 0x81, 0xA5, 0xCF, 0x48, 0x71, 0xA6, 0x14, 0xC8, 0xF8, 0x55, 0x47 }, + { 0xED, 0xD0, 0x1D, 0x5B, 0xCF, 0x39, 0xCD, 0xE3, 0x81, 0x3A, 0xE1, 0x26, 0x17, 0x33, 0x26, 0xE8, 0x9C, 0xCC, 0xE6, 0xAD, 0x45, 0xE5, 0x04, 0x17, 0x6E, 0x81, 0xBF, 0x5A, 0xE8, 0x21, 0x79, 0xF8 }, + { 0x6D, 0xBD, 0xC2, 0x68, 0x40, 0x26, 0xF5, 0xD8, 0xF4, 0xB0, 0x37, 0x12, 0x89, 0x3B, 0xA2, 0x09, 0xCB, 0xC1, 0x8C, 0x6E, 0xFD, 0xD9, 0x71, 0x47, 0xA8, 0xCD, 0xF0, 0x3A, 0x4C, 0xB0, 0x2B, 0x1D }, + { 0xBC, 0x3B, 0x15, 0x3E, 0xFA, 0x5E, 0x77, 0x92, 0xE9, 0xD5, 0x02, 0x63, 0xE8, 0xBC, 0x7D, 0x8E, 0x62, 0x29, 0x37, 0x88, 0x7D, 0x22, 0x64, 0x87, 0x65, 0x44, 0xA1, 0xEF, 0xF6, 0xA7, 0x72, 0x05 }, + { 0x61, 0x57, 0x1D, 0x0E, 0x74, 0x67, 0x3F, 0x6F, 0x4D, 0x69, 0x88, 0xF5, 0xCE, 0x71, 0xC4, 0xD3, 0x56, 0xFE, 0xE4, 0x40, 0xCC, 0xFF, 0x5B, 0x49, 0xF1, 0x60, 0x6C, 0xF6, 0xBC, 0x5B, 0x01, 0xBB }, + { 0xC3, 0x26, 0x98, 0x8B, 0x13, 0x01, 0x65, 0x60, 0xAD, 0xE4, 0x86, 0xF1, 0x34, 0xCE, 0x76, 0xD8, 0xAB, 0xCE, 0x06, 0x07, 0x2C, 0xCC, 0x1D, 0xFA, 0x22, 0x11, 0x03, 0x00, 0x84, 0x03, 0x00, 0x62 }, + { 0x16, 0x29, 0xDD, 0xB6, 0x54, 0x2F, 0x0E, 0x98, 0x20, 0x74, 0x31, 0x60, 0x9F, 0xBF, 0xDC, 0x7D, 0xCF, 0x8D, 0x03, 0xFA, 0x44, 0x91, 0xE6, 0x1E, 0x09, 0xC6, 0xFE, 0x4E, 0x41, 0x2C, 0x45, 0xCE }, + { 0x66, 0x9F, 0x94, 0x36, 0xEF, 0x5C, 0x22, 0xBD, 0x5E, 0xE7, 0xF1, 0xE1, 0xE9, 0xE7, 0xFF, 0x71, 0x71, 0xBC, 0x09, 0xD0, 0x64, 0x11, 0xCD, 0x6F, 0xB5, 0xEE, 0x9D, 0xC0, 0xE1, 0x96, 0x57, 0x3E }, + { 0x7D, 0x93, 0x48, 0x63, 0xAA, 0xFB, 0xAB, 0xDA, 0x69, 0xD2, 0xD4, 0x26, 0xA1, 0xBF, 0xA4, 0x91, 0x92, 0xC8, 0x49, 0x80, 0x60, 0xD1, 0xD5, 0xCC, 0xE9, 0x34, 0x19, 0xCA, 0xE0, 0x62, 0xE0, 0x09 }, + { 0xAD, 0xE7, 0xC8, 0xF2, 0xEC, 0xD6, 0xA0, 0x5E, 0x62, 0xFA, 0x8E, 0x80, 0x80, 0x75, 0x11, 0x96, 0xE8, 0x66, 0x4F, 0xB3, 0xA0, 0x82, 0x2D, 0xB5, 0x2B, 0xF7, 0x94, 0x0B, 0x24, 0x25, 0xFA, 0xE2 }, + { 0xFC, 0x9F, 0x25, 0xF6, 0x45, 0x31, 0x5C, 0x10, 0xE6, 0xF1, 0xEB, 0x7D, 0x71, 0x87, 0x79, 0xB8, 0x28, 0xCB, 0x23, 0xDB, 0xD2, 0x51, 0x56, 0xB5, 0x4D, 0xBF, 0xC6, 0x25, 0xD9, 0x8E, 0x92, 0x99 }, + { 0x45, 0x58, 0x22, 0xA1, 0x4D, 0x4D, 0xF9, 0xA7, 0xC7, 0x4C, 0x19, 0x4E, 0x15, 0x47, 0x82, 0x9D, 0x12, 0x09, 0xD8, 0xB2, 0x91, 0x22, 0xF6, 0x14, 0x88, 0x0C, 0x47, 0xB0, 0x1F, 0xCC, 0x60, 0x5E }, + { 0x7A, 0x7E, 0xDA, 0x2F, 0xFA, 0xE6, 0x2B, 0x7B, 0x27, 0xFA, 0x8A, 0xD0, 0xD4, 0x09, 0xE3, 0x33, 0x49, 0x44, 0x1C, 0xC9, 0x29, 0x1E, 0x62, 0xF8, 0xF7, 0x19, 0x1F, 0x0A, 0x64, 0x1F, 0x37, 0x4C }, + { 0x87, 0x3E, 0xE8, 0x8B, 0x54, 0x5F, 0x27, 0x52, 0x61, 0xEC, 0xFD, 0xC5, 0x40, 0x60, 0x5B, 0xC8, 0x02, 0x6E, 0x76, 0x10, 0x08, 0x46, 0xE5, 0x9F, 0xE8, 0xFD, 0x90, 0x61, 0xDB, 0x13, 0x0B, 0xEF }, + { 0xEE, 0x36, 0xF1, 0x45, 0x89, 0x1A, 0x5B, 0x2C, 0xF5, 0x9B, 0x7F, 0xCD, 0x90, 0xDE, 0xF5, 0xE4, 0x14, 0x05, 0x44, 0x4B, 0xC7, 0x77, 0x81, 0x76, 0x80, 0xD8, 0xA8, 0x61, 0x76, 0x61, 0xC0, 0xEB }, + { 0x32, 0x9A, 0x54, 0xEE, 0xAE, 0x68, 0x81, 0xB1, 0xCF, 0xA7, 0x7E, 0xC4, 0x82, 0x89, 0x7C, 0x59, 0x2F, 0x94, 0x21, 0xF1, 0x4E, 0x13, 0xB4, 0x15, 0xB6, 0xDB, 0x1B, 0x90, 0xFF, 0x15, 0x34, 0x34 }, + { 0x9C, 0x1F, 0x0A, 0x7E, 0xCD, 0x6A, 0x2B, 0xAA, 0xE0, 0x3F, 0x4E, 0x1D, 0x22, 0x0B, 0xB1, 0x13, 0xB9, 0xBC, 0xA8, 0x07, 0x32, 0x92, 0xAD, 0xEE, 0x8D, 0xBE, 0x22, 0x03, 0xCC, 0x37, 0x00, 0x7D }, + { 0x2D, 0xB4, 0x53, 0x2F, 0x09, 0xC7, 0xBE, 0x12, 0x99, 0x68, 0x1C, 0x6B, 0x75, 0x92, 0xF6, 0x2F, 0xB7, 0xC7, 0xDA, 0x3B, 0xBD, 0x8C, 0xEA, 0xDE, 0x64, 0xF3, 0x8A, 0xA1, 0xC7, 0x50, 0x8C, 0x4A }, + { 0x07, 0xA6, 0x8E, 0x45, 0x2E, 0xDA, 0x5B, 0x67, 0x3B, 0x28, 0xB9, 0x5A, 0x32, 0x43, 0x19, 0xFF, 0x0B, 0xB8, 0x54, 0x8B, 0x7B, 0xE6, 0x6E, 0x3C, 0x81, 0xA8, 0x91, 0xC1, 0x76, 0x0B, 0xF9, 0xF3 }, + { 0x46, 0x66, 0xAF, 0xF6, 0xBA, 0x88, 0x68, 0x35, 0x28, 0x11, 0x52, 0xB3, 0x0F, 0xD2, 0x6F, 0x7D, 0x8D, 0x15, 0xC2, 0x60, 0xED, 0x13, 0x66, 0x77, 0xC6, 0xDB, 0x21, 0x59, 0x3A, 0x47, 0x6A, 0x4E }, + { 0xD9, 0x68, 0x93, 0x8C, 0x7F, 0x78, 0x49, 0x40, 0x31, 0x60, 0xE2, 0x91, 0xEA, 0x54, 0xAD, 0x79, 0xC0, 0xCA, 0xF1, 0x23, 0x7C, 0x13, 0x75, 0xA0, 0xB5, 0x53, 0xD5, 0xC8, 0x12, 0x2F, 0x88, 0xB3 }, + { 0xCE, 0x8C, 0x10, 0x47, 0x06, 0x35, 0x27, 0xF5, 0x2D, 0xDD, 0xF7, 0x7D, 0xFA, 0x8C, 0xFF, 0x33, 0xCA, 0xD0, 0x7E, 0xDD, 0x98, 0x1A, 0xAE, 0x3F, 0xE8, 0x45, 0x95, 0x82, 0x09, 0xC0, 0xEC, 0x1F }, + { 0x43, 0x4B, 0xBA, 0xFE, 0xF0, 0x77, 0x14, 0x65, 0x36, 0x01, 0xE7, 0x35, 0xC5, 0xBC, 0x3E, 0xE7, 0x1D, 0x41, 0xE5, 0x9B, 0xB5, 0xF4, 0x18, 0xA5, 0xAA, 0xF0, 0x2F, 0xED, 0xDE, 0x6F, 0x86, 0xA2 }, + { 0x03, 0x68, 0xA2, 0xCC, 0x22, 0x42, 0x2A, 0x50, 0xD3, 0x15, 0x48, 0x88, 0x4A, 0xA9, 0xF1, 0xBF, 0x53, 0x94, 0x09, 0xC7, 0x34, 0xA3, 0x66, 0x2D, 0xED, 0x43, 0xCF, 0xDE, 0x64, 0x91, 0xF3, 0x69 }, + { 0xD8, 0x85, 0xE2, 0x41, 0x0C, 0x4F, 0xF1, 0x9D, 0x4F, 0xA9, 0x48, 0x9C, 0x84, 0xE3, 0x91, 0x5E, 0x42, 0x1D, 0x3F, 0x68, 0x71, 0xF6, 0x9E, 0xFC, 0xCF, 0x52, 0xC3, 0x23, 0xBB, 0xA9, 0xCB, 0xFF }, + { 0x78, 0xAE, 0x31, 0x3E, 0xEE, 0x58, 0xF9, 0x8C, 0xE8, 0xAF, 0x80, 0x13, 0x3A, 0xBA, 0xD2, 0xED, 0x16, 0x46, 0x7D, 0x4E, 0x92, 0x77, 0x2F, 0x2D, 0xA0, 0x5D, 0x58, 0x2E, 0x41, 0x07, 0x01, 0xA6 }, + { 0xCC, 0x3F, 0xDF, 0x7B, 0xB9, 0xC3, 0x10, 0x13, 0x2E, 0x2A, 0x2E, 0x77, 0xE4, 0x4A, 0x32, 0x7B, 0xA1, 0xD7, 0x39, 0x30, 0xFB, 0x63, 0x64, 0xF0, 0x38, 0x5B, 0x87, 0x16, 0x4E, 0x36, 0x54, 0xEE }, + { 0x9F, 0xD7, 0x77, 0x2B, 0xF7, 0x18, 0xAF, 0xD4, 0xE2, 0xD6, 0x56, 0xD3, 0x82, 0x9A, 0x6A, 0x84, 0xA1, 0x25, 0x9F, 0x13, 0xD9, 0xBF, 0xBD, 0xE1, 0xB5, 0x67, 0x81, 0x9E, 0xE1, 0x5A, 0xE4, 0x5B }, + { 0x7C, 0xF9, 0x9C, 0x2F, 0x03, 0x2A, 0xF9, 0x83, 0x34, 0x03, 0xDC, 0x20, 0x1E, 0x42, 0x46, 0xC5, 0x40, 0x2A, 0xA5, 0xAE, 0x9C, 0xA3, 0xB3, 0xA9, 0x28, 0xA3, 0x3F, 0xDB, 0xB8, 0xB5, 0x9A, 0xB2 }, + { 0xCF, 0xD2, 0x69, 0xB7, 0x3F, 0x73, 0x97, 0xDC, 0xDA, 0xED, 0x32, 0xAC, 0x64, 0xCE, 0x5D, 0x89, 0x63, 0xB5, 0xB3, 0x96, 0xDD, 0x64, 0x1E, 0xA8, 0xBB, 0xD9, 0x20, 0x8B, 0x2A, 0xDB, 0xD2, 0x3A }, + { 0x21, 0x61, 0xCB, 0x63, 0xE4, 0xA5, 0x17, 0xBC, 0x1F, 0x1F, 0xCA, 0xA6, 0x87, 0x5D, 0x0E, 0x24, 0x53, 0xD9, 0x1F, 0x57, 0x7D, 0x24, 0x70, 0xB7, 0x8A, 0x24, 0xE7, 0xB2, 0xBC, 0xCB, 0xEC, 0xA1 }, + { 0xA2, 0x49, 0x8F, 0x52, 0xC8, 0x0D, 0x8A, 0x83, 0x3C, 0x2A, 0xA7, 0x92, 0x46, 0xD5, 0xE0, 0xDE, 0x1E, 0x2B, 0x03, 0x76, 0x74, 0x4F, 0xA5, 0x1F, 0xB9, 0xFF, 0x29, 0x5A, 0xE7, 0x4B, 0x35, 0xE0 }, + { 0x63, 0x4D, 0x01, 0x37, 0xC2, 0x59, 0x24, 0x08, 0x02, 0xA7, 0xE5, 0x74, 0x05, 0x3C, 0x6E, 0x80, 0x4A, 0x0B, 0xEC, 0x70, 0x4B, 0x14, 0x26, 0x05, 0x42, 0x20, 0xB0, 0x3E, 0xC0, 0x73, 0xD8, 0x7E }, + { 0xBD, 0xEA, 0xB3, 0x9F, 0x4B, 0xDB, 0xFC, 0x12, 0x72, 0xE1, 0x0B, 0x61, 0xD8, 0x6A, 0xFD, 0x2C, 0x29, 0xD5, 0xC0, 0x4A, 0x7D, 0xE9, 0xDF, 0xEE, 0x06, 0x7C, 0x43, 0xF5, 0x3B, 0x28, 0xD3, 0xE6 }, + { 0x9B, 0x33, 0x09, 0xB8, 0xBC, 0x1F, 0x66, 0xE3, 0xF6, 0xBD, 0x80, 0x8E, 0x7C, 0x35, 0x61, 0xB5, 0x1D, 0x3A, 0xCE, 0x7C, 0x59, 0x46, 0xCB, 0x92, 0xD9, 0x50, 0x71, 0xF0, 0x07, 0x77, 0x87, 0xA2 }, + { 0xC7, 0x20, 0x54, 0xCD, 0x43, 0xEF, 0x37, 0xA6, 0xE8, 0x5B, 0x46, 0x75, 0xD7, 0xF2, 0x5F, 0x47, 0xC7, 0x8B, 0xC9, 0x6F, 0x7A, 0x1D, 0xB2, 0x4C, 0x87, 0xA3, 0xF9, 0xDA, 0x9D, 0x93, 0x41, 0xEE }, + { 0xA0, 0xE6, 0xFC, 0xF1, 0xB2, 0xFC, 0x92, 0xA6, 0xB1, 0x56, 0xA3, 0x59, 0x19, 0xF6, 0x26, 0x9F, 0x4E, 0x6F, 0x1C, 0x8F, 0x32, 0x56, 0xD5, 0x83, 0x8D, 0x50, 0x0B, 0x1B, 0x1B, 0xFB, 0xA4, 0xAD }, + { 0xE8, 0x2E, 0xE2, 0x1E, 0xDB, 0xF3, 0x4E, 0x94, 0xEB, 0x8B, 0xE4, 0x2B, 0xC3, 0xC6, 0x49, 0x92, 0xEA, 0x18, 0x67, 0xCB, 0xBD, 0xE9, 0x42, 0x97, 0xF5, 0x0C, 0x1E, 0xAC, 0xCF, 0x8A, 0xE0, 0x6D }, + { 0xD1, 0x21, 0xD8, 0x8E, 0x42, 0xF0, 0x26, 0x87, 0x1A, 0x5B, 0x7E, 0xE6, 0xAE, 0x3E, 0x3E, 0x21, 0x45, 0xEB, 0xA5, 0x2B, 0xC4, 0x37, 0x94, 0xD4, 0x71, 0x10, 0x01, 0x7C, 0xB4, 0x63, 0xBC, 0x2F }, + { 0x0F, 0x2A, 0x06, 0x2B, 0xEE, 0xDB, 0x5A, 0x37, 0x5D, 0xAF, 0xCE, 0x55, 0x0B, 0x00, 0x85, 0x3B, 0x4F, 0xAE, 0x9E, 0x80, 0x5E, 0xBF, 0x9B, 0x5A, 0xFF, 0x73, 0x32, 0x86, 0xC2, 0x3D, 0x97, 0xF7 }, + { 0xDE, 0x0D, 0x36, 0x64, 0xFA, 0x3B, 0xD1, 0x18, 0x39, 0xBF, 0x02, 0xC9, 0x10, 0xF5, 0x77, 0x43, 0x0D, 0x86, 0x35, 0x0A, 0x15, 0xB5, 0xF4, 0xFB, 0x08, 0x6D, 0xEA, 0xF2, 0xC1, 0x42, 0xD8, 0xA3 }, + { 0x9B, 0x4F, 0x64, 0xCB, 0x47, 0xF0, 0xD8, 0x30, 0x42, 0x56, 0x95, 0x16, 0x9F, 0x04, 0x53, 0x04, 0x51, 0x1C, 0xBC, 0x76, 0xC6, 0x18, 0xBE, 0x0C, 0x5D, 0xDA, 0xD6, 0xBE, 0x13, 0x3A, 0x80, 0x45 }, + { 0xE2, 0x65, 0x52, 0x4B, 0x50, 0x41, 0xD1, 0x9A, 0xC7, 0xEE, 0xDB, 0xA7, 0x85, 0x6B, 0xF9, 0x48, 0x83, 0x4B, 0xCD, 0x16, 0x9B, 0x78, 0x0F, 0x62, 0x1C, 0x69, 0x16, 0xEF, 0x80, 0x89, 0x1A, 0xEA }, + { 0x76, 0x0D, 0xD9, 0x26, 0xB3, 0x65, 0xF2, 0x65, 0x79, 0xB9, 0x4F, 0x3F, 0x7A, 0xBE, 0x51, 0x56, 0x22, 0xAD, 0xD9, 0xA2, 0x98, 0x01, 0xC3, 0x8F, 0x95, 0x28, 0xED, 0x78, 0x19, 0xE8, 0xD5, 0xD1 }, + { 0xE5, 0xA0, 0xCB, 0x14, 0x92, 0x41, 0x59, 0xC9, 0x10, 0xC5, 0x46, 0x8A, 0xF9, 0x88, 0xFB, 0x7A, 0x03, 0xB1, 0x76, 0x7E, 0x18, 0x5B, 0x92, 0x70, 0x21, 0x51, 0x95, 0x47, 0x53, 0x7A, 0xFE, 0x32 }, + { 0x19, 0xF5, 0x01, 0x3E, 0xF0, 0x56, 0xCC, 0x58, 0x97, 0xC7, 0x78, 0x51, 0x05, 0x33, 0x08, 0xD5, 0x49, 0xD1, 0xD2, 0xF1, 0x08, 0x4B, 0x44, 0xF4, 0x86, 0xD5, 0x66, 0x05, 0x50, 0xFC, 0x8A, 0x62 }, + { 0xB9, 0xBB, 0xFE, 0x2F, 0x64, 0xF5, 0x79, 0xD4, 0xD4, 0xC0, 0x57, 0x2E, 0x10, 0x99, 0x13, 0xB2, 0xC4, 0xE2, 0xF7, 0x8C, 0x8E, 0x79, 0x7F, 0x21, 0x97, 0xEC, 0x42, 0xA8, 0x5B, 0xDD, 0x14, 0x22 }, + { 0x56, 0xC2, 0x1C, 0xE5, 0xCA, 0x96, 0x3B, 0x22, 0xFC, 0x23, 0x93, 0xE9, 0x59, 0x70, 0x29, 0x8B, 0x1A, 0xB6, 0x94, 0x68, 0xA2, 0x09, 0xCF, 0x55, 0xAC, 0xFC, 0xBD, 0xBD, 0xE3, 0xCD, 0x6E, 0x50 }, + { 0x60, 0xC4, 0x4A, 0xF4, 0xC4, 0xD3, 0x1C, 0xD5, 0x9A, 0x6B, 0xCF, 0xC3, 0xC9, 0x62, 0xCA, 0xCD, 0xBE, 0x10, 0x1A, 0x60, 0x52, 0xE1, 0x8E, 0x11, 0xCB, 0x7D, 0x0D, 0x14, 0xA4, 0x0F, 0x13, 0x02 }, + { 0xB6, 0x93, 0x52, 0x3A, 0xC5, 0x6D, 0x0F, 0x8B, 0xF2, 0x3A, 0x07, 0xCE, 0x94, 0x36, 0xEE, 0x3D, 0x59, 0xEB, 0x95, 0x91, 0x31, 0x65, 0x01, 0xD6, 0x86, 0xC1, 0xDB, 0xE1, 0xA6, 0x57, 0x5B, 0x70 }, + { 0xEA, 0xD3, 0x7B, 0x43, 0x72, 0x6A, 0x34, 0xF7, 0x8A, 0x06, 0x50, 0x22, 0x8E, 0x8C, 0x1C, 0xBE, 0x13, 0x51, 0x01, 0x25, 0x1E, 0x98, 0x27, 0xE0, 0x8C, 0x09, 0x44, 0xB7, 0x1A, 0x64, 0x44, 0x77 }, + { 0x79, 0x92, 0x6A, 0x2D, 0x9A, 0x95, 0x23, 0x47, 0xB6, 0x10, 0xE3, 0x1C, 0x2B, 0x13, 0x0D, 0x9D, 0xEC, 0x28, 0xDC, 0xF2, 0x0C, 0xFA, 0x2E, 0xC5, 0x41, 0xAA, 0x47, 0x38, 0x42, 0xCE, 0x0D, 0x23 }, + { 0xFB, 0x66, 0x9A, 0x5F, 0x3A, 0x82, 0xD0, 0x7C, 0x9D, 0x26, 0xAE, 0x0E, 0x00, 0xC5, 0x12, 0xF7, 0xD2, 0x07, 0x1F, 0x73, 0xAF, 0x60, 0x91, 0xB3, 0x8E, 0x56, 0x84, 0x66, 0x50, 0x66, 0xE5, 0x7E }, + { 0xEE, 0xE6, 0x81, 0xAC, 0xB4, 0x52, 0xDC, 0xE9, 0x6C, 0x34, 0xB0, 0x14, 0x22, 0x22, 0xC1, 0x88, 0xE6, 0xBA, 0x9E, 0x4D, 0xD1, 0xAC, 0xC6, 0x49, 0xDA, 0xC1, 0x19, 0x6B, 0xBA, 0x55, 0x63, 0x06 }, + { 0x6E, 0xDD, 0x4C, 0x0B, 0x40, 0xB3, 0x75, 0x16, 0x51, 0x9C, 0xD4, 0x7A, 0xD1, 0xA9, 0xDB, 0x4B, 0x73, 0xEB, 0x60, 0xE8, 0x99, 0xDA, 0xFF, 0x01, 0xDC, 0xF7, 0x2C, 0xDD, 0xF4, 0x14, 0x8E, 0x6A }, + { 0x2A, 0x29, 0x8F, 0x19, 0x77, 0xFF, 0xED, 0xF9, 0xBD, 0xCE, 0x3F, 0x96, 0xED, 0x9A, 0x20, 0x4D, 0x33, 0x34, 0x1A, 0x4E, 0xCB, 0xB2, 0xE0, 0x9D, 0x34, 0x24, 0xB3, 0x14, 0x20, 0x95, 0xEF, 0x8F }, + { 0xF5, 0xD5, 0x74, 0x1B, 0x4F, 0x78, 0x4E, 0x96, 0xD9, 0xED, 0x1F, 0xC0, 0x1B, 0x41, 0x4F, 0x84, 0xD7, 0xCF, 0x2C, 0x29, 0x45, 0x69, 0xFE, 0x9D, 0x41, 0xF5, 0xB9, 0x1B, 0xAD, 0x6F, 0x1C, 0xB8 }, + { 0xC4, 0x59, 0xF3, 0x06, 0xA6, 0xD1, 0x64, 0x5D, 0xCA, 0xFE, 0xD3, 0x3E, 0x7E, 0x2A, 0xDD, 0xBD, 0xBE, 0x71, 0xD4, 0xC7, 0x26, 0x12, 0x70, 0x1B, 0x6B, 0x04, 0xAA, 0x83, 0x60, 0xE6, 0x47, 0xF4 }, + { 0xD0, 0xD8, 0xDE, 0xDA, 0x8C, 0x4E, 0x1D, 0x51, 0x71, 0x80, 0x3E, 0x8C, 0x18, 0x17, 0xF2, 0x22, 0x2D, 0xDB, 0x2B, 0xCB, 0xA0, 0x04, 0x6C, 0xFF, 0x7B, 0xAB, 0xEF, 0x0E, 0x77, 0xDC, 0xA6, 0x12 }, + { 0xAD, 0x6A, 0x76, 0x32, 0x9A, 0x7F, 0x49, 0xFD, 0xB4, 0x9C, 0x71, 0xB4, 0x85, 0x36, 0x36, 0x8A, 0xAA, 0x01, 0x7E, 0xCE, 0x0F, 0xA5, 0x23, 0x30, 0x4D, 0xEA, 0x5E, 0x26, 0x78, 0xF8, 0xD6, 0x87 }, + { 0xFD, 0x7B, 0xFC, 0x0A, 0x64, 0x51, 0x03, 0xB4, 0xF7, 0x14, 0x34, 0x54, 0xE2, 0x57, 0x4E, 0x25, 0x55, 0xB5, 0xEF, 0x7E, 0x80, 0xEE, 0xE8, 0xD6, 0x08, 0x52, 0x02, 0xCD, 0xA6, 0x8F, 0x0D, 0x25 }, + { 0xB6, 0xC2, 0x18, 0xB1, 0xC1, 0x6F, 0x13, 0xFF, 0xE0, 0x50, 0x22, 0x07, 0x60, 0x2C, 0x36, 0xCE, 0x02, 0xA5, 0xDE, 0xBE, 0x02, 0x73, 0x82, 0x2F, 0xAF, 0x4D, 0xD0, 0xFB, 0xA8, 0x2C, 0x97, 0xFE }, + { 0x0E, 0xF8, 0x59, 0x18, 0x88, 0x34, 0x88, 0xDD, 0x82, 0x4F, 0xAE, 0x49, 0x82, 0xBD, 0x8B, 0x25, 0x25, 0xCA, 0xF4, 0x3B, 0xB1, 0x81, 0x59, 0x47, 0x15, 0x53, 0x37, 0xB3, 0xCD, 0xAF, 0xA3, 0x17 }, + { 0xCD, 0x38, 0x79, 0x28, 0xAC, 0x3A, 0x1B, 0xAF, 0x1F, 0x3B, 0xF7, 0xF9, 0x29, 0xC4, 0x44, 0xA1, 0x67, 0x97, 0x51, 0x08, 0x21, 0x66, 0xE2, 0x88, 0x3D, 0x70, 0xF3, 0x38, 0xC4, 0x7F, 0xCB, 0xB8 }, + { 0xC6, 0x67, 0xF6, 0x9D, 0xE9, 0xB5, 0x24, 0x36, 0x0D, 0x64, 0x3C, 0xF8, 0xFE, 0x94, 0x5C, 0x56, 0x94, 0x67, 0x1C, 0xE4, 0xE2, 0x14, 0x67, 0x1F, 0xE3, 0xC6, 0x51, 0x7E, 0x6C, 0xBF, 0x78, 0x60 }, + { 0xB3, 0x06, 0xDC, 0x81, 0x81, 0x05, 0xCF, 0x47, 0x4A, 0x28, 0x5C, 0x5B, 0x29, 0xBC, 0x12, 0x7C, 0x3C, 0xE5, 0x88, 0xC1, 0x2B, 0xBC, 0x99, 0x2D, 0x71, 0x57, 0xA9, 0x06, 0xC8, 0x4E, 0x60, 0x2D }, + { 0x47, 0x86, 0x43, 0x6A, 0x98, 0x5B, 0x0D, 0x23, 0x2C, 0xDC, 0x8C, 0x0A, 0x20, 0x6F, 0x83, 0x1D, 0x3C, 0x03, 0x4B, 0xB8, 0x24, 0xAD, 0xE7, 0xF5, 0xA8, 0x36, 0x64, 0x91, 0xCA, 0x37, 0x40, 0xB9 }, + { 0x57, 0xA9, 0x40, 0xC6, 0x70, 0xA2, 0x63, 0x2D, 0x64, 0x1F, 0xB6, 0x65, 0xC8, 0x69, 0xAD, 0x4D, 0x6D, 0x2B, 0x6A, 0xBB, 0xBB, 0xA1, 0xCD, 0xC9, 0x7A, 0x6F, 0xAD, 0xFC, 0x1C, 0x7A, 0x4C, 0xB2 }, + { 0x11, 0x2E, 0x5A, 0xA2, 0x6B, 0x25, 0x9A, 0xC2, 0x6B, 0xA3, 0xFC, 0x37, 0x79, 0x85, 0x62, 0xAA, 0xCE, 0xAD, 0x69, 0x33, 0x5E, 0x4F, 0xFD, 0x31, 0xE4, 0x4E, 0xC4, 0x30, 0x3A, 0xB4, 0x21, 0x95 }, + { 0xC1, 0x07, 0x61, 0xA7, 0xB5, 0x36, 0x58, 0xA4, 0xF6, 0x04, 0x5B, 0x46, 0x23, 0xBC, 0x67, 0xCC, 0xA8, 0x63, 0x49, 0xD1, 0xE6, 0x4A, 0x8C, 0xDD, 0x1E, 0x06, 0x58, 0xB5, 0x2E, 0x68, 0xC4, 0x3C }, + { 0xFB, 0x1A, 0xBE, 0xAE, 0xF4, 0xC3, 0x87, 0xB1, 0xBD, 0xEA, 0xB2, 0xD5, 0x80, 0x7D, 0xE7, 0xEA, 0xF5, 0xD0, 0x99, 0x79, 0xE7, 0xE6, 0xE1, 0x91, 0xC1, 0xE0, 0xF3, 0x17, 0x5D, 0xCD, 0xE8, 0x54 }, + { 0xB1, 0xDA, 0x70, 0x53, 0x30, 0x5B, 0xBE, 0xC1, 0xE2, 0x49, 0x08, 0x40, 0x70, 0x3D, 0x0C, 0x86, 0xD3, 0x78, 0xB3, 0xEA, 0x2A, 0xD4, 0x96, 0x9A, 0x9F, 0x2D, 0x3B, 0xD2, 0x90, 0xAB, 0x44, 0x8D }, + { 0x65, 0x71, 0xB9, 0xD4, 0xA7, 0xCA, 0xE6, 0x47, 0x5A, 0x72, 0x0C, 0xCA, 0xB5, 0x60, 0x76, 0x72, 0x53, 0xF2, 0x9D, 0x55, 0x7D, 0x09, 0x3A, 0x33, 0x86, 0x80, 0x37, 0xD7, 0xB8, 0x5A, 0x61, 0xFF }, + { 0x8C, 0x78, 0x68, 0x44, 0xE0, 0xA1, 0x22, 0x1F, 0x10, 0xB4, 0xF6, 0x31, 0x70, 0xCB, 0xCA, 0xD9, 0xA6, 0xF7, 0x13, 0xA1, 0xE5, 0x59, 0x1A, 0x8C, 0x43, 0x6C, 0xE1, 0x9C, 0xFF, 0x41, 0x2B, 0xEA }, + { 0x29, 0x0C, 0x0A, 0xE8, 0x50, 0x07, 0x81, 0xA6, 0xDE, 0x9B, 0x84, 0x2F, 0x95, 0x37, 0xAD, 0x8C, 0x08, 0xBC, 0x15, 0xDA, 0x55, 0x4A, 0x17, 0x03, 0xD0, 0xD6, 0x3C, 0x79, 0x75, 0x05, 0xB8, 0xA9 }, + { 0x82, 0xA7, 0xE9, 0x11, 0x73, 0x83, 0x08, 0xFA, 0x27, 0xC9, 0x14, 0xC5, 0xFC, 0x7C, 0x46, 0x13, 0xBD, 0x0D, 0x10, 0x1A, 0xE2, 0xE2, 0x02, 0xFC, 0x65, 0x4D, 0x60, 0xFD, 0xDF, 0x18, 0xB7, 0x19 }, + { 0xE2, 0x6F, 0x35, 0xAE, 0x70, 0x5E, 0xDC, 0x6B, 0x74, 0x2A, 0x2F, 0x90, 0xE1, 0x96, 0xDB, 0x9B, 0x4B, 0xE4, 0x58, 0x56, 0x24, 0x52, 0x50, 0xCB, 0xBD, 0x1C, 0x9F, 0x13, 0x14, 0x2A, 0x27, 0xB5 }, + { 0x01, 0xE0, 0x4E, 0x47, 0x53, 0x05, 0xE6, 0x76, 0x28, 0x75, 0xE7, 0xFB, 0xDD, 0x84, 0xDF, 0x34, 0x72, 0xC1, 0x31, 0xA4, 0x8C, 0x41, 0x71, 0x17, 0x1A, 0x0C, 0x00, 0x01, 0x15, 0x57, 0x76, 0x56 }, + { 0x41, 0x60, 0xE3, 0xA5, 0x9D, 0x0F, 0xD0, 0x59, 0xCF, 0x97, 0x5E, 0x95, 0xD4, 0x12, 0x7C, 0x1E, 0x92, 0xAF, 0x1B, 0x7B, 0xD0, 0x5D, 0x6E, 0x85, 0xDA, 0x9C, 0x25, 0xF9, 0xEF, 0xC3, 0xE1, 0x09 }, + { 0x34, 0xAF, 0xB8, 0x89, 0x7C, 0xDC, 0xCE, 0xC7, 0xEE, 0x5F, 0xFE, 0x17, 0x49, 0x19, 0xAC, 0x14, 0xF7, 0x32, 0x96, 0xC3, 0x63, 0x53, 0xB6, 0x15, 0x5B, 0x47, 0x0D, 0xAE, 0xD8, 0xB3, 0xDE, 0x4C }, + { 0x3F, 0x6A, 0xD7, 0x67, 0x75, 0x1C, 0xAD, 0x4F, 0xCE, 0x71, 0xEF, 0x63, 0x9D, 0x14, 0x3F, 0x4E, 0x33, 0x98, 0xB2, 0x8F, 0xA8, 0x00, 0x45, 0xEA, 0xAB, 0x61, 0xAC, 0x15, 0xDF, 0x42, 0x81, 0x5D }, + { 0x2F, 0x58, 0xDF, 0x23, 0x0D, 0xB1, 0xF6, 0x94, 0x42, 0xD5, 0x32, 0x3C, 0x1F, 0x23, 0x5C, 0x1E, 0xD7, 0x91, 0x2C, 0xA6, 0x18, 0xA7, 0xA9, 0x02, 0xF4, 0xA5, 0x5F, 0x10, 0xA1, 0xCA, 0xBE, 0xEB }, + { 0xF7, 0x3C, 0xBC, 0xAF, 0x05, 0xA2, 0xD6, 0x99, 0xA8, 0x99, 0x80, 0xF2, 0x33, 0xC1, 0xE5, 0x57, 0x2C, 0xC1, 0x5B, 0xC9, 0x38, 0x29, 0xD7, 0xB5, 0xEA, 0x13, 0x88, 0x02, 0xBA, 0x6C, 0x17, 0x98 }, + { 0x3A, 0x6E, 0xA4, 0xE4, 0x1E, 0xA5, 0x82, 0x6B, 0x89, 0x38, 0xE4, 0xC8, 0xB7, 0xAD, 0xD8, 0x9D, 0xAC, 0x7B, 0x53, 0x36, 0x80, 0x26, 0x30, 0x9F, 0x56, 0xC7, 0xBE, 0xC5, 0xFF, 0xB1, 0xA7, 0x3C }, + { 0x4F, 0xE7, 0x21, 0x18, 0x94, 0x91, 0x3B, 0xBE, 0x8A, 0x53, 0x8B, 0x3C, 0x13, 0x25, 0x73, 0x1F, 0x81, 0xB5, 0xC1, 0x1A, 0xCA, 0x88, 0x91, 0xEE, 0x58, 0x1E, 0x01, 0x6A, 0x8A, 0xD8, 0xCD, 0x1B }, + { 0xDE, 0xCD, 0x5F, 0xC5, 0x6B, 0x2B, 0xC1, 0x8C, 0xE0, 0x54, 0x9C, 0x93, 0xD3, 0x08, 0x0C, 0x28, 0x27, 0xF2, 0x86, 0xD2, 0x8D, 0xB5, 0x57, 0x31, 0x81, 0x3C, 0xF0, 0x47, 0x3B, 0x07, 0x18, 0x00 }, + { 0xDC, 0x87, 0xFC, 0x15, 0x68, 0xA9, 0xB7, 0x54, 0x0F, 0x23, 0xAA, 0x5D, 0x07, 0xE0, 0xE1, 0x98, 0x11, 0x02, 0x01, 0x81, 0x01, 0x6B, 0xEA, 0x85, 0x51, 0xF8, 0xBC, 0x20, 0x62, 0x83, 0xCA, 0x69 }, + { 0x77, 0x8F, 0xB6, 0x71, 0x07, 0x64, 0x54, 0xB0, 0x1E, 0xA2, 0xD0, 0x8F, 0xA7, 0xF0, 0x48, 0x29, 0x6A, 0xCC, 0xD9, 0xA5, 0x38, 0x1D, 0xEB, 0xFE, 0xCC, 0x28, 0xBE, 0x9D, 0x48, 0x9F, 0x33, 0x51 }, + { 0xA1, 0x33, 0x20, 0xDD, 0x31, 0x37, 0x5D, 0x81, 0x90, 0xD1, 0x3D, 0x18, 0xB1, 0x58, 0xFD, 0x73, 0x2E, 0xD4, 0x43, 0x2F, 0x69, 0x2B, 0xFE, 0x01, 0x85, 0xFD, 0xD5, 0x47, 0x84, 0xD4, 0xA5, 0xA1 }, + { 0x96, 0x6C, 0xC6, 0x9E, 0x6B, 0x8B, 0xFF, 0x69, 0x1B, 0xA4, 0x73, 0x6D, 0x29, 0x34, 0x41, 0x92, 0xE4, 0x5D, 0x42, 0xFE, 0xCB, 0xAC, 0xAE, 0xDA, 0xD3, 0x14, 0x69, 0x82, 0xF6, 0x4E, 0xA1, 0x62 }, + { 0xC4, 0x43, 0xF9, 0x35, 0xD2, 0x7A, 0x1B, 0x5B, 0x28, 0x28, 0x54, 0x30, 0xB4, 0xFE, 0xA1, 0x32, 0xD7, 0x84, 0x8F, 0xAD, 0xD6, 0xF3, 0xA2, 0xB4, 0xB9, 0x57, 0xBC, 0xBB, 0x04, 0xFD, 0x65, 0xE6 }, + { 0x25, 0x30, 0xDB, 0x7B, 0x84, 0xBA, 0x64, 0x33, 0xF6, 0x7D, 0xE0, 0xCB, 0x2F, 0x68, 0x5D, 0x84, 0x12, 0x4E, 0xB0, 0xB9, 0x2E, 0xC2, 0xD9, 0xB5, 0x41, 0xF4, 0x4D, 0x9C, 0x53, 0x98, 0x6E, 0x50 }, + { 0x60, 0x07, 0xC2, 0xFA, 0xA0, 0xEA, 0xC7, 0x95, 0x53, 0x8C, 0x21, 0x7D, 0xBC, 0x84, 0x40, 0xFD, 0x10, 0xEB, 0x83, 0x5C, 0x24, 0xB2, 0x05, 0x38, 0xE3, 0x3B, 0xEF, 0xA9, 0x22, 0x6E, 0xB1, 0x9F }, + { 0x71, 0xE0, 0x33, 0x92, 0xEC, 0x64, 0x54, 0xE9, 0x27, 0x49, 0x81, 0x3B, 0x01, 0xFE, 0xC4, 0xA0, 0x53, 0x29, 0x4C, 0x0E, 0x14, 0x25, 0x57, 0x4E, 0x07, 0x4F, 0xAF, 0x17, 0x1F, 0x4C, 0x30, 0x8E }, + { 0xED, 0x35, 0xF8, 0x99, 0x66, 0xCB, 0x70, 0x85, 0x5B, 0xE4, 0xAC, 0xEF, 0x04, 0x88, 0xE6, 0xAE, 0xFF, 0x9A, 0x1E, 0x28, 0x7B, 0xC0, 0x17, 0x7F, 0xE5, 0x0F, 0x09, 0xB5, 0xB3, 0x9F, 0xE3, 0x30 }, + { 0x3B, 0xF8, 0xD0, 0xFA, 0xBE, 0x8B, 0x4C, 0x7D, 0x3A, 0xCC, 0xE5, 0x02, 0x61, 0xDB, 0xFA, 0xF1, 0x90, 0x4C, 0x1C, 0x99, 0xC0, 0xF4, 0x13, 0x55, 0x16, 0xD1, 0xE7, 0x19, 0xB6, 0x8F, 0x4A, 0x5D }, + { 0x28, 0xDE, 0x79, 0x2D, 0x17, 0x83, 0x69, 0x7A, 0xC8, 0x68, 0xB7, 0xE1, 0x7F, 0xAF, 0x5F, 0x0E, 0x60, 0x3D, 0x8A, 0x32, 0x8B, 0x79, 0x02, 0x08, 0x2E, 0x13, 0xFF, 0xB0, 0xED, 0xAD, 0x6A, 0x9C }, + { 0xFB, 0x3D, 0x2E, 0x41, 0x78, 0xFC, 0x44, 0x68, 0x31, 0x9C, 0x13, 0x09, 0xB8, 0x11, 0x1C, 0x59, 0x86, 0x71, 0xEE, 0xAE, 0xA8, 0xB9, 0x3A, 0xB2, 0xA6, 0xBB, 0x9E, 0xBB, 0x2F, 0xF9, 0x4B, 0x16 }, + { 0x82, 0x88, 0x77, 0x99, 0x15, 0x90, 0x57, 0x55, 0x1B, 0x39, 0x57, 0xB1, 0xE9, 0xFB, 0x62, 0xC6, 0x7E, 0xEB, 0xEF, 0x8D, 0x73, 0xD9, 0x11, 0x3C, 0xC3, 0xF9, 0x4E, 0x24, 0x9C, 0x4A, 0x3E, 0x68 }, + { 0x52, 0x69, 0x67, 0x85, 0x61, 0xEA, 0x36, 0x60, 0xE0, 0x03, 0xBB, 0xC8, 0xF8, 0x3D, 0xBE, 0x81, 0xF7, 0x3C, 0xDB, 0x8A, 0xE1, 0x54, 0x57, 0x7C, 0xF1, 0xFA, 0x83, 0x35, 0xD6, 0x17, 0xE2, 0xE0 }, + { 0x85, 0x41, 0x14, 0x2E, 0x6C, 0x8A, 0xF9, 0x23, 0xC1, 0xB0, 0x32, 0x75, 0xCC, 0xBB, 0x80, 0x92, 0x0C, 0xAD, 0xE0, 0xB8, 0xD0, 0x97, 0xF4, 0x00, 0x50, 0x91, 0x46, 0xE8, 0xD9, 0x16, 0x13, 0x11 }, + { 0x64, 0xEE, 0x48, 0x21, 0x73, 0xDA, 0x94, 0x17, 0x5C, 0x4C, 0xCE, 0xF6, 0x3A, 0xC3, 0x21, 0x2B, 0x87, 0xA5, 0x5F, 0x68, 0xAE, 0x8D, 0x82, 0xD4, 0x94, 0xC0, 0x0C, 0xBA, 0x6F, 0x30, 0x04, 0x87 }, + { 0x6B, 0xCE, 0x16, 0x3D, 0x93, 0x2A, 0xE9, 0x2C, 0x68, 0xE6, 0xAA, 0xB9, 0xF8, 0xBC, 0x82, 0x64, 0x25, 0x9E, 0x35, 0x17, 0x52, 0xDE, 0xF6, 0x39, 0xB2, 0xA9, 0x6A, 0x20, 0xCB, 0x18, 0x0C, 0xB2 }, + { 0x60, 0xCE, 0xF6, 0xA8, 0xD7, 0x86, 0xD6, 0x5D, 0x5B, 0x95, 0x61, 0x1B, 0x94, 0x32, 0xC6, 0x3D, 0x87, 0x59, 0xA7, 0x2A, 0x66, 0xB9, 0xD6, 0xFD, 0x4F, 0x12, 0xF4, 0x3F, 0x5B, 0xAA, 0x8D, 0xED }, + { 0xE3, 0x59, 0xCC, 0x48, 0x22, 0xEB, 0x67, 0x4D, 0x2F, 0xF8, 0x89, 0x7D, 0xB2, 0x93, 0x0F, 0x99, 0x98, 0x57, 0xA8, 0xC5, 0xA1, 0x6C, 0x37, 0x49, 0xC6, 0x32, 0xF0, 0x75, 0x09, 0x0F, 0x66, 0x9C }, + { 0x12, 0xA9, 0xE4, 0xFC, 0x96, 0xD0, 0xE5, 0x51, 0x69, 0xB3, 0xAA, 0xAE, 0xF9, 0x42, 0x2A, 0xAE, 0x7B, 0xD8, 0x9C, 0x91, 0xDE, 0x58, 0xEE, 0x0A, 0x97, 0xAD, 0x22, 0xD3, 0xD4, 0xCC, 0x6B, 0x96 }, + { 0x59, 0x28, 0x19, 0x91, 0xE7, 0x2B, 0xA5, 0xE1, 0xD0, 0x1B, 0x76, 0x17, 0xEE, 0x89, 0xEA, 0xAE, 0x1C, 0x2D, 0xD0, 0x1A, 0x5A, 0xC3, 0x72, 0xD2, 0x3D, 0x01, 0x47, 0xE2, 0x62, 0xCB, 0x00, 0x3D }, + { 0x13, 0x71, 0x77, 0x28, 0xC1, 0xEF, 0xF4, 0xF0, 0x36, 0x93, 0xC0, 0x39, 0xB8, 0xDF, 0x71, 0x99, 0x00, 0xD9, 0x97, 0x5F, 0x1F, 0x78, 0xD8, 0x90, 0xE5, 0x63, 0x43, 0x5F, 0x5C, 0xF4, 0x9D, 0x2E }, + { 0xFD, 0x1C, 0xA3, 0x7D, 0x48, 0x7D, 0x27, 0xF4, 0xA9, 0xDD, 0x8F, 0x79, 0x1E, 0x03, 0x9E, 0xAF, 0x08, 0xF1, 0xA1, 0x97, 0xDD, 0x19, 0x77, 0x16, 0xE5, 0xF7, 0x9B, 0x79, 0xA8, 0x1F, 0x0C, 0x6B }, + { 0x38, 0x2F, 0x6D, 0x5D, 0xF2, 0x76, 0xC2, 0x92, 0x1E, 0xE6, 0xEF, 0x39, 0x19, 0x37, 0x15, 0xA8, 0xAB, 0x92, 0x23, 0xD2, 0x99, 0x43, 0xC9, 0xC4, 0xCA, 0x8C, 0xE7, 0x83, 0xC5, 0xDB, 0x9C, 0xD7 }, + { 0xDA, 0x80, 0x3C, 0x5D, 0x63, 0xF4, 0x8F, 0xAA, 0x1A, 0x4D, 0x0D, 0x16, 0xFE, 0xE5, 0x5E, 0x39, 0xD0, 0x7C, 0x06, 0xF6, 0x0A, 0xE7, 0x60, 0xE4, 0x43, 0x4C, 0x92, 0x2F, 0xF4, 0xD7, 0xE5, 0x22 }, + { 0xE5, 0x0A, 0xBB, 0xD9, 0xA6, 0xF1, 0x83, 0x48, 0xBC, 0xDA, 0xFB, 0x69, 0x89, 0x33, 0x29, 0xCD, 0x01, 0x8D, 0xBA, 0xAC, 0x31, 0xE8, 0xB5, 0x25, 0xEB, 0xA6, 0xA3, 0xC0, 0x3C, 0xCB, 0x04, 0x88 }, + { 0x2D, 0xA8, 0x3F, 0xC0, 0x27, 0x7C, 0x4B, 0x15, 0xD6, 0x94, 0x2A, 0x30, 0x67, 0x3D, 0x1E, 0x45, 0x3E, 0x92, 0x67, 0xF9, 0x8F, 0xA1, 0x2F, 0x70, 0x07, 0x21, 0xFE, 0x29, 0x80, 0x5B, 0x9B, 0x8C }, + { 0x78, 0x79, 0xE3, 0xA3, 0x1B, 0x70, 0xFB, 0x4F, 0x8B, 0xD4, 0x34, 0x2E, 0x36, 0xEA, 0x71, 0x0C, 0x7B, 0x85, 0xC4, 0x3D, 0xAC, 0xC2, 0x79, 0xF3, 0xDE, 0xA5, 0x51, 0x98, 0x2E, 0xA3, 0xFF, 0x2F }, + { 0x78, 0xA1, 0xBC, 0x06, 0x27, 0x6F, 0x73, 0x40, 0x7C, 0xBB, 0xF7, 0x64, 0xFD, 0x25, 0x15, 0x63, 0x8C, 0x31, 0x65, 0xA7, 0x55, 0xC4, 0x15, 0xB5, 0x3D, 0x50, 0x6D, 0x64, 0x28, 0x22, 0x4E, 0xF8 }, + { 0xA5, 0x3B, 0x7E, 0x27, 0xD9, 0xC7, 0x34, 0xF1, 0x25, 0x30, 0x7B, 0x62, 0x14, 0xDB, 0x67, 0x36, 0x5A, 0xC9, 0x4C, 0x71, 0xCF, 0xAD, 0x88, 0x30, 0xB5, 0x39, 0x91, 0x79, 0xF7, 0xE4, 0x43, 0xB2 }, + { 0xD0, 0x88, 0x27, 0x8A, 0xBD, 0x0B, 0x97, 0xDC, 0xE3, 0xFB, 0x65, 0x28, 0x0E, 0x44, 0x6B, 0x6C, 0x79, 0xB6, 0x67, 0xFD, 0xA2, 0xDB, 0x3F, 0xB2, 0xC9, 0xB4, 0xE7, 0x7E, 0x5D, 0xBF, 0xC0, 0x7B }, + { 0x56, 0x40, 0xBD, 0x29, 0x4E, 0xAA, 0x0A, 0xA2, 0x75, 0x23, 0x3B, 0x3A, 0xB7, 0xF0, 0x01, 0xDF, 0x5D, 0x02, 0x59, 0x8D, 0x7E, 0x5E, 0x10, 0x15, 0x9D, 0x1C, 0x1A, 0x2F, 0xC6, 0xB5, 0xAB, 0x35 }, + { 0x39, 0x0C, 0x40, 0x02, 0xBD, 0xA1, 0xC9, 0xD6, 0x09, 0x60, 0xAF, 0xDC, 0xEC, 0x6B, 0xED, 0xA7, 0x41, 0x99, 0x6E, 0x23, 0xD9, 0xF7, 0x13, 0x94, 0x0B, 0xBE, 0xDA, 0x18, 0x8A, 0xA4, 0x47, 0x73 }, + { 0xF5, 0x24, 0x16, 0x61, 0x22, 0xF5, 0x14, 0xEB, 0xD8, 0xD4, 0x59, 0x16, 0x18, 0xFF, 0xDC, 0x07, 0x46, 0x0A, 0xBA, 0x3E, 0x9C, 0x56, 0x56, 0x84, 0xBC, 0xB3, 0x83, 0xB3, 0x2E, 0x86, 0x54, 0x49 }, + { 0xCE, 0x69, 0x91, 0x18, 0x46, 0x61, 0x3F, 0x25, 0x77, 0x1E, 0x09, 0xF6, 0x4D, 0xBD, 0x85, 0x8F, 0x47, 0xC8, 0xE6, 0x42, 0x7D, 0x2F, 0xF7, 0x95, 0xD9, 0x5B, 0xDC, 0x2A, 0x29, 0xFD, 0xB0, 0xE4 }, + { 0xB8, 0xEC, 0xB2, 0xC2, 0x09, 0x95, 0xA7, 0x8E, 0xFA, 0xC7, 0x08, 0x72, 0x77, 0xB2, 0x47, 0xF2, 0xDA, 0xD7, 0x89, 0xCA, 0x78, 0x5D, 0x06, 0x98, 0x26, 0xDA, 0x32, 0x24, 0xF7, 0xD7, 0xB1, 0x50 }, + { 0x6A, 0x27, 0x48, 0x75, 0xF0, 0xB9, 0xF8, 0x7C, 0x30, 0x3F, 0xAD, 0x4D, 0x06, 0x87, 0xF9, 0x04, 0xF2, 0xD1, 0x21, 0x84, 0x29, 0xD1, 0x0E, 0x6B, 0xAE, 0x35, 0x79, 0x1D, 0xD8, 0xD0, 0xEE, 0x4E }, + { 0xED, 0x16, 0xA3, 0xF0, 0x93, 0xC2, 0x0B, 0x13, 0xF6, 0xAD, 0x87, 0x70, 0xC7, 0x75, 0x78, 0xF4, 0xD8, 0x9C, 0xCC, 0xD9, 0x41, 0x19, 0x9E, 0x39, 0xE9, 0x13, 0x23, 0xE6, 0x98, 0xF6, 0x4B, 0x0D }, + { 0x05, 0x9D, 0x75, 0x81, 0xC5, 0x07, 0x60, 0xEA, 0x6A, 0x51, 0x9A, 0xD3, 0x4B, 0x7C, 0x5F, 0x26, 0x29, 0x41, 0x4F, 0xBB, 0x4A, 0x42, 0x60, 0x83, 0x9A, 0xA1, 0x56, 0xF1, 0xDC, 0x92, 0x0D, 0xED }, + { 0x00, 0x2E, 0xE2, 0x1B, 0x85, 0x15, 0x0D, 0x0B, 0x21, 0xBE, 0xA0, 0x8F, 0x41, 0xCF, 0xAA, 0xA4, 0xBD, 0x09, 0xDF, 0x2E, 0xFC, 0xF6, 0x13, 0x71, 0x8A, 0xE9, 0xF4, 0xB0, 0xB5, 0x75, 0x42, 0xD8 }, + { 0x29, 0xC1, 0x19, 0xCE, 0x9A, 0x32, 0x92, 0xDB, 0x10, 0xC5, 0x63, 0x7B, 0xA5, 0x0A, 0x9F, 0x8D, 0x84, 0xB7, 0x51, 0x92, 0x4E, 0x37, 0x5B, 0x6E, 0x31, 0xC0, 0x21, 0x37, 0x27, 0x7D, 0x33, 0x7B }, + { 0xB9, 0x56, 0x20, 0xF3, 0xA1, 0xBA, 0xA6, 0xB6, 0xCD, 0xE0, 0x6F, 0xF8, 0xB7, 0xCD, 0xEB, 0x24, 0x87, 0x79, 0x44, 0x5B, 0x9A, 0x2F, 0x7E, 0xBB, 0xDD, 0x98, 0x1A, 0x8F, 0x22, 0x71, 0x2D, 0xB2 }, + { 0x5F, 0x49, 0xC7, 0x13, 0x1F, 0x96, 0xBA, 0x08, 0x52, 0x18, 0x0F, 0x5D, 0x53, 0x98, 0x5A, 0xF9, 0x1B, 0xB7, 0x3E, 0x66, 0x23, 0xB2, 0xE2, 0xE0, 0x31, 0x4C, 0x0E, 0x7F, 0x47, 0x56, 0x59, 0x99 }, + { 0x7D, 0x87, 0xEC, 0x2F, 0x21, 0xEC, 0x8C, 0x59, 0xB5, 0xDF, 0xE9, 0x8D, 0xD4, 0x18, 0xF6, 0x94, 0x39, 0x5E, 0x3D, 0x95, 0x35, 0xB5, 0x7D, 0xB4, 0x49, 0x9A, 0x3D, 0xBD, 0x72, 0x2C, 0x55, 0x98 }, + { 0x38, 0x20, 0x27, 0x3B, 0xFC, 0x97, 0xF7, 0x53, 0x69, 0xC0, 0xFC, 0x0D, 0x67, 0xF6, 0x3E, 0x00, 0xF9, 0xB4, 0x9D, 0x7E, 0x89, 0xA2, 0x9F, 0xA4, 0x87, 0xD6, 0x9A, 0x30, 0xBE, 0x09, 0x31, 0xE3 }, + { 0x93, 0x49, 0xE7, 0x53, 0xB1, 0x66, 0x45, 0x1E, 0x6B, 0x84, 0x0B, 0x30, 0xFD, 0x50, 0x52, 0x72, 0x43, 0xC2, 0x6A, 0x1F, 0x93, 0xC6, 0xF6, 0x09, 0xA4, 0xFE, 0xE2, 0x4E, 0xB4, 0x4E, 0xD4, 0xF9 }, + { 0xEF, 0x19, 0x4D, 0x2D, 0xEC, 0xD0, 0x8F, 0xF4, 0x2D, 0x99, 0x1F, 0x86, 0x29, 0x90, 0xD0, 0xA4, 0x70, 0xF6, 0xCF, 0x9B, 0x1D, 0x21, 0x25, 0xE1, 0xAD, 0xA0, 0x11, 0x40, 0x57, 0x57, 0xD3, 0x90 }, + { 0xF3, 0xDA, 0xB8, 0xA0, 0xAA, 0xAD, 0xBA, 0xA6, 0xDD, 0x84, 0x45, 0xA8, 0xF3, 0xCE, 0x7B, 0x47, 0xFB, 0x2B, 0x77, 0x46, 0x20, 0xC8, 0x0C, 0x1F, 0xF2, 0x0A, 0x51, 0x83, 0x5A, 0xC9, 0x81, 0x08 }, + { 0xE7, 0xA9, 0xFE, 0x61, 0xA0, 0xC2, 0x3F, 0x83, 0xF7, 0x6F, 0x75, 0x99, 0x83, 0x89, 0x1A, 0xAC, 0x43, 0xDF, 0xBF, 0x07, 0x86, 0x5E, 0xE2, 0x16, 0xD4, 0xAE, 0x14, 0x43, 0xBD, 0xE1, 0x8C, 0x3F }, + { 0xBA, 0xD9, 0xC7, 0x03, 0x65, 0x45, 0xA6, 0xF6, 0xF3, 0x44, 0x77, 0x1B, 0x42, 0x03, 0x43, 0xB5, 0xB8, 0x93, 0xD3, 0x1B, 0xC7, 0x5D, 0xFC, 0xA2, 0xF7, 0x82, 0x3A, 0x58, 0xF7, 0xAA, 0xA8, 0x82 }, + { 0x97, 0xCB, 0xCC, 0xDD, 0xE0, 0xB1, 0x82, 0x07, 0x2C, 0xCC, 0x23, 0xD0, 0x1C, 0xBD, 0x1A, 0x05, 0x2C, 0x86, 0x80, 0x1C, 0x1E, 0xF4, 0xFF, 0x3B, 0x8D, 0x49, 0x9E, 0x3B, 0x5B, 0x71, 0x27, 0x56 }, + { 0xC0, 0x75, 0xB3, 0x96, 0x64, 0x96, 0x5E, 0xF5, 0xAB, 0x69, 0x2C, 0xE0, 0x29, 0x7D, 0x1B, 0xDD, 0xD4, 0xEB, 0x75, 0x8A, 0x4A, 0x48, 0xD8, 0xED, 0x90, 0xC1, 0xAA, 0x2C, 0x91, 0x02, 0xF0, 0xFC }, + { 0x03, 0x2F, 0xFD, 0x51, 0x22, 0xAD, 0x94, 0xD2, 0x49, 0x80, 0x7D, 0xEA, 0xE0, 0x34, 0x11, 0x59, 0x12, 0xD7, 0xE3, 0xE6, 0x90, 0xCF, 0xCB, 0x92, 0x7E, 0x93, 0x4E, 0x3A, 0x69, 0xBE, 0xC2, 0xE4 }, + { 0xC0, 0xEC, 0xAF, 0x87, 0x63, 0x21, 0x2D, 0xD6, 0xD0, 0x7E, 0x7E, 0x53, 0x06, 0x0E, 0x15, 0x44, 0x17, 0xD9, 0xF0, 0xF9, 0x6F, 0x8E, 0x86, 0xB3, 0x85, 0x3E, 0x15, 0x41, 0xC4, 0x34, 0x28, 0x97 }, + { 0x4E, 0x5B, 0x1A, 0x12, 0x21, 0xBC, 0x72, 0xF7, 0x91, 0xE8, 0xB2, 0xDB, 0xFB, 0x7C, 0xA0, 0x19, 0x38, 0x62, 0x31, 0x09, 0x02, 0xBE, 0x3F, 0x3F, 0x7A, 0x65, 0x3A, 0xB6, 0xA6, 0xAC, 0x05, 0x88 }, + { 0xA3, 0xAB, 0xFA, 0xD9, 0xB5, 0x32, 0xEA, 0x55, 0x24, 0xB5, 0xBF, 0x30, 0x57, 0x49, 0xFD, 0x25, 0x40, 0x77, 0x1C, 0xC3, 0x0C, 0x54, 0x84, 0x31, 0xAA, 0x71, 0xB4, 0x97, 0x3E, 0xDC, 0x22, 0x79 }, + { 0x51, 0x1E, 0xEE, 0x62, 0xDF, 0xB8, 0xC4, 0xEB, 0x9B, 0x1A, 0x5D, 0x91, 0x60, 0xF6, 0x22, 0xCC, 0x62, 0xCD, 0x3A, 0xE9, 0x58, 0xF3, 0xF1, 0x57, 0x3F, 0x7C, 0x89, 0x13, 0x4D, 0x78, 0xAF, 0xEC }, + { 0x4A, 0x1A, 0x5A, 0x44, 0xED, 0xD4, 0x9A, 0xB0, 0x80, 0x24, 0x2D, 0x23, 0x6F, 0x5D, 0x00, 0xD1, 0x57, 0x96, 0x9B, 0x9D, 0x91, 0xDD, 0xF5, 0x43, 0x75, 0xAE, 0x40, 0x66, 0x3F, 0x4A, 0x80, 0x4B }, + { 0xF1, 0xA6, 0x40, 0x89, 0xEF, 0x90, 0x1A, 0xB7, 0xED, 0xF9, 0x47, 0x4F, 0x1C, 0x04, 0xD3, 0xFA, 0x6A, 0xC8, 0xFE, 0xD2, 0xD8, 0xBE, 0xDD, 0x45, 0xCB, 0xB6, 0x95, 0xC5, 0x6D, 0xEB, 0xA4, 0xFA }, + { 0x21, 0xBE, 0xA3, 0x73, 0x80, 0x0B, 0x8A, 0xD6, 0xFB, 0x7B, 0xAD, 0x9D, 0x86, 0x05, 0x69, 0x2A, 0x73, 0x9A, 0x6D, 0x8B, 0x54, 0x52, 0x4C, 0x3C, 0xD9, 0x90, 0x83, 0xF4, 0x71, 0xCF, 0x46, 0x64 }, + { 0xA8, 0x45, 0x63, 0x73, 0x57, 0xAF, 0xF2, 0x92, 0x6F, 0x34, 0x3A, 0x07, 0xF1, 0xC1, 0x3B, 0x3A, 0x6F, 0x07, 0x09, 0x60, 0xC0, 0x31, 0x89, 0xC7, 0xE5, 0xFC, 0x04, 0x84, 0x44, 0x85, 0x92, 0x4A }, + { 0xF7, 0xC5, 0xEE, 0x43, 0xC5, 0x91, 0x22, 0x10, 0x8C, 0xB3, 0x7E, 0xA6, 0x72, 0x5F, 0x47, 0xFF, 0xB1, 0x5C, 0x40, 0x5F, 0xA1, 0xD6, 0x7D, 0xE1, 0xE9, 0x41, 0x1C, 0x4D, 0x13, 0xED, 0xFE, 0x41 }, + { 0xAD, 0xA4, 0x96, 0xE2, 0xC0, 0xAD, 0xE8, 0x29, 0xF3, 0x78, 0x32, 0xA8, 0xBA, 0x34, 0xCF, 0x60, 0x59, 0xDF, 0xFB, 0xB3, 0xBE, 0xBA, 0x88, 0xCA, 0x5D, 0xED, 0x33, 0x63, 0x91, 0x4E, 0xA6, 0x9A }, + { 0xA0, 0x23, 0xCD, 0x5A, 0x05, 0x47, 0x35, 0x45, 0x85, 0x73, 0x70, 0x1A, 0x96, 0x09, 0xC5, 0x4B, 0x01, 0xAA, 0xB0, 0xDA, 0x3A, 0x36, 0x5B, 0x39, 0xCA, 0x30, 0xB9, 0x72, 0xEA, 0xD1, 0x51, 0xA4 }, + { 0x5A, 0x47, 0x4E, 0xAE, 0xEC, 0x52, 0xDF, 0xFB, 0x5A, 0xC1, 0x28, 0xA7, 0xE7, 0x21, 0xD6, 0xF7, 0x10, 0x2F, 0xCA, 0xEA, 0xC2, 0x3E, 0xA7, 0x22, 0x1C, 0xA0, 0x97, 0x29, 0xF4, 0xE6, 0x5B, 0xEF }, + { 0xD5, 0xB5, 0xC5, 0x72, 0x83, 0xE6, 0x92, 0x31, 0x15, 0x5A, 0xCB, 0xDB, 0xF0, 0x2B, 0x20, 0x1C, 0xA6, 0x2E, 0xD9, 0x70, 0x85, 0x2A, 0x02, 0xB8, 0xE6, 0x4E, 0x4F, 0x0B, 0x51, 0x68, 0xAC, 0xB4 }, + { 0xE7, 0x72, 0x38, 0xF4, 0x71, 0xC7, 0xDC, 0xFB, 0xA6, 0x95, 0xCC, 0x26, 0x6D, 0xD0, 0x5D, 0x34, 0x44, 0xFE, 0x10, 0x7F, 0xB5, 0xAA, 0x22, 0xC2, 0x35, 0x01, 0xE4, 0x7C, 0x1F, 0xD7, 0xFA, 0x52 }, + { 0xD3, 0x7F, 0x01, 0x3A, 0x46, 0x6A, 0xCD, 0xDA, 0x63, 0xD6, 0x5C, 0xBE, 0x94, 0x90, 0xB0, 0x51, 0xC6, 0x83, 0x96, 0x20, 0xB7, 0xCB, 0xE8, 0x13, 0xFF, 0x3A, 0x93, 0xA3, 0x50, 0x70, 0x9C, 0xE2 }, + { 0x74, 0xD4, 0x34, 0xE1, 0xDC, 0x0F, 0x06, 0xA4, 0xF4, 0xD6, 0x9B, 0x0C, 0x0E, 0xED, 0x0D, 0x35, 0x90, 0x25, 0xEF, 0x65, 0xAF, 0x3D, 0x4A, 0x07, 0xCD, 0x1B, 0x5D, 0xA6, 0x7F, 0x69, 0x32, 0xB5 }, + { 0xAF, 0x64, 0xAB, 0x63, 0x65, 0x9F, 0xB0, 0x0F, 0xCA, 0x80, 0x26, 0xC5, 0xEA, 0xE9, 0x71, 0x8E, 0x6D, 0x38, 0xC3, 0xE9, 0xD9, 0x5E, 0x28, 0x97, 0x27, 0xF3, 0xC6, 0x06, 0x41, 0xC2, 0xB7, 0x4F }, + { 0x34, 0x05, 0x09, 0x1C, 0x99, 0xE9, 0xE0, 0xF2, 0x31, 0xC0, 0x69, 0x4D, 0x81, 0xA8, 0x3C, 0x9C, 0x3D, 0xDD, 0x42, 0xAF, 0x12, 0x94, 0xC6, 0x8D, 0x26, 0x73, 0x96, 0xA1, 0x13, 0xC3, 0xE0, 0x34 }, + { 0x13, 0x44, 0xB2, 0x02, 0x24, 0xD7, 0x80, 0xA3, 0xD4, 0xA4, 0xEF, 0x24, 0xE3, 0xFA, 0xA3, 0x7C, 0x28, 0x0C, 0xAC, 0x88, 0x7F, 0x9D, 0x9C, 0x67, 0x8D, 0x27, 0x36, 0x43, 0x70, 0x46, 0xF5, 0xDA }, + { 0x93, 0xA0, 0x99, 0xD3, 0x23, 0xA3, 0xE1, 0xAF, 0xDF, 0x6C, 0x6C, 0x03, 0x4E, 0x9D, 0x09, 0x8B, 0xF6, 0xB1, 0xC5, 0xFF, 0x24, 0x8D, 0x3A, 0x2F, 0xF2, 0xF1, 0x62, 0xD0, 0xAD, 0xDD, 0x29, 0x2A }, + { 0xF2, 0xD4, 0xF9, 0xCC, 0xCF, 0x06, 0x5D, 0x98, 0xAD, 0xEC, 0xE9, 0x2D, 0x60, 0x32, 0xB0, 0x3B, 0x55, 0x0D, 0xF4, 0x15, 0x96, 0x3F, 0xAF, 0x58, 0xA7, 0x14, 0x90, 0x48, 0x64, 0x70, 0xA5, 0xCB }, + { 0xC0, 0xED, 0xCB, 0xEC, 0x75, 0xCF, 0xEC, 0xDD, 0x76, 0xF9, 0x4B, 0xFD, 0xFC, 0xFF, 0x00, 0x34, 0x04, 0x63, 0x85, 0x3F, 0x33, 0x59, 0x92, 0xC7, 0xCB, 0x75, 0x14, 0x6C, 0x53, 0x57, 0xD6, 0x78 }, + { 0x01, 0x18, 0x45, 0x64, 0xCE, 0x92, 0xF8, 0x98, 0x7A, 0x61, 0x2A, 0x97, 0x6F, 0x16, 0xCF, 0xB2, 0x3F, 0x0F, 0x85, 0x18, 0x80, 0xEC, 0xE4, 0x09, 0xF4, 0x51, 0xD6, 0x09, 0x94, 0xA5, 0xAE, 0x05 }, + { 0x06, 0x95, 0xC3, 0x96, 0xD8, 0x92, 0xF5, 0xFF, 0x33, 0x43, 0x36, 0xDB, 0xE7, 0x7D, 0x06, 0x89, 0xAB, 0xDB, 0x58, 0x3D, 0x18, 0x57, 0xF5, 0xCE, 0x5D, 0x10, 0x4D, 0x92, 0x62, 0x66, 0x26, 0x3B }, + { 0xB1, 0x9F, 0xB8, 0x14, 0xC4, 0xBF, 0xCC, 0xA2, 0x79, 0x14, 0xDD, 0x9B, 0xFD, 0x7F, 0x96, 0x04, 0x62, 0xCE, 0xE9, 0x0C, 0xE0, 0xC7, 0xC9, 0x2E, 0x1C, 0x7D, 0xFE, 0xA2, 0xE8, 0x4B, 0x36, 0xD4 }, + { 0x17, 0x8A, 0x79, 0x38, 0xD9, 0x6D, 0x88, 0x62, 0x36, 0xCC, 0x20, 0x0F, 0xA8, 0x1E, 0x33, 0xC5, 0xFF, 0x53, 0xD2, 0xDC, 0x49, 0xCD, 0xA9, 0xD4, 0x84, 0x17, 0x68, 0xC5, 0xD9, 0x63, 0xA1, 0xF0 }, + { 0x19, 0x8D, 0xC0, 0x16, 0x39, 0x9E, 0xDB, 0xA3, 0xD3, 0xE6, 0x34, 0x03, 0xB2, 0x10, 0xD0, 0xCC, 0x49, 0xD7, 0xE1, 0x49, 0xEE, 0x41, 0xF3, 0x10, 0xBA, 0x02, 0xEB, 0x08, 0x8E, 0x24, 0x65, 0x04 }, + { 0x80, 0xBA, 0xA1, 0xDC, 0x93, 0xB6, 0xAF, 0xC2, 0x78, 0x3A, 0x4B, 0xF8, 0xA8, 0x23, 0x05, 0x10, 0xD9, 0xFF, 0xA6, 0x71, 0x27, 0x6C, 0x42, 0x36, 0xC4, 0x4E, 0x17, 0xFF, 0xDD, 0xCC, 0x37, 0xE6 }, + { 0x1C, 0xA8, 0x4D, 0x79, 0xAC, 0x11, 0x00, 0x58, 0xAC, 0x53, 0x8A, 0xAF, 0xA2, 0x88, 0x06, 0xDB, 0x42, 0xDF, 0x2F, 0x41, 0x9F, 0x10, 0x4E, 0xE3, 0xA1, 0xFB, 0x53, 0xA2, 0xF6, 0xA6, 0x8C, 0xB7 }, + { 0x2F, 0xB6, 0xDE, 0x6F, 0xB2, 0x87, 0xCC, 0xD3, 0x01, 0xC7, 0x70, 0xA0, 0x3B, 0xC7, 0xB7, 0x76, 0xFD, 0x4A, 0xE7, 0xAB, 0x2E, 0xA6, 0x0A, 0xDE, 0xFA, 0xD6, 0x74, 0x83, 0x09, 0x1E, 0x6D, 0x7D }, + { 0x42, 0xF7, 0x0D, 0x4B, 0x7C, 0x9C, 0x8B, 0xE8, 0x7B, 0xD2, 0x3A, 0x86, 0x9C, 0x28, 0x64, 0x60, 0xA2, 0x2C, 0xC4, 0xC4, 0xEE, 0xD6, 0xC2, 0x92, 0xF0, 0x09, 0xE3, 0x53, 0x67, 0x30, 0xDB, 0xC5 }, + { 0x21, 0x3D, 0xB6, 0x97, 0x6F, 0xD4, 0xBA, 0x50, 0x55, 0x32, 0x23, 0x38, 0x5F, 0x95, 0x89, 0x51, 0x22, 0x9B, 0x3A, 0xA2, 0xEC, 0xFE, 0xCE, 0x62, 0x97, 0xC5, 0xD4, 0xDC, 0x4C, 0x2E, 0x1A, 0x10 }, + { 0xB6, 0xAC, 0x86, 0x63, 0x32, 0xF2, 0x52, 0x93, 0xCA, 0x12, 0x76, 0x61, 0x97, 0x8E, 0xFF, 0x79, 0x7E, 0x70, 0x70, 0x09, 0x2E, 0x31, 0x3E, 0xC3, 0x77, 0x79, 0xB4, 0x25, 0x52, 0xAA, 0x9F, 0xA6 }, + { 0x2C, 0x5C, 0x2C, 0x25, 0xE1, 0xB1, 0x75, 0x99, 0x6B, 0x51, 0x4C, 0x2B, 0x0E, 0xB8, 0x95, 0x9B, 0x2D, 0x0A, 0x07, 0x46, 0x4C, 0x82, 0x4B, 0x4C, 0xE5, 0xDC, 0x4B, 0x98, 0x57, 0xE6, 0xAA, 0x39 }, + { 0x5F, 0x3A, 0xC8, 0x00, 0xBB, 0x46, 0x00, 0xAF, 0x6F, 0x30, 0xC6, 0xF7, 0x21, 0x8F, 0x9C, 0xF4, 0x5B, 0x28, 0x8E, 0xFA, 0x19, 0xC9, 0xAC, 0x21, 0x6A, 0x47, 0x0A, 0x9F, 0x6D, 0x38, 0xEF, 0x63 }, + { 0x48, 0xB7, 0xD5, 0xF4, 0xFD, 0x19, 0x30, 0x86, 0x9C, 0x88, 0x8C, 0x01, 0xD8, 0xEC, 0x53, 0xB3, 0xEE, 0x04, 0xB3, 0xAB, 0x9E, 0xD1, 0x93, 0x7C, 0xA6, 0xE7, 0x10, 0x44, 0x1B, 0xAE, 0x3A, 0xB0 }, + { 0x09, 0x02, 0xCF, 0xCE, 0x0A, 0xBC, 0x9D, 0x25, 0xC2, 0x8E, 0x59, 0x35, 0x83, 0x30, 0x15, 0x06, 0xAE, 0x48, 0xBE, 0x8C, 0x5F, 0x8D, 0xBA, 0x94, 0x93, 0xBB, 0xF0, 0x54, 0x3F, 0xAC, 0x78, 0x90 }, + { 0x9C, 0x2F, 0x86, 0xED, 0xD2, 0xA8, 0x5D, 0x66, 0xCD, 0x07, 0xA1, 0xA3, 0x44, 0x4C, 0x8E, 0x73, 0x2B, 0x2F, 0x71, 0xCD, 0x54, 0xE2, 0x37, 0x99, 0x77, 0xD5, 0xA6, 0x88, 0xFA, 0x5F, 0xEB, 0xBC }, + { 0x91, 0x7B, 0x16, 0xDD, 0x9A, 0x2E, 0x69, 0xF7, 0xF5, 0x3C, 0xE2, 0x90, 0xEF, 0x00, 0x27, 0xB7, 0xAC, 0x08, 0xBC, 0x04, 0x6D, 0x5E, 0x58, 0x43, 0x94, 0xE4, 0x4A, 0x5A, 0xD6, 0x38, 0xB0, 0xE1 }, + { 0xF2, 0xDE, 0xB9, 0x33, 0x62, 0xBA, 0xDB, 0x31, 0x30, 0x53, 0x9C, 0xB4, 0x75, 0xF5, 0x17, 0xF1, 0xE7, 0x6A, 0x6C, 0xE7, 0x9B, 0x2D, 0xD8, 0x39, 0x0E, 0xFE, 0x40, 0x95, 0x7F, 0xC4, 0xAD, 0xC7 }, + { 0x52, 0xF6, 0x69, 0x17, 0x58, 0x18, 0x2C, 0xD7, 0x75, 0x0B, 0x6B, 0x62, 0xF1, 0x82, 0x97, 0x1B, 0x61, 0xF7, 0xF3, 0x79, 0x98, 0xB8, 0x78, 0x00, 0x16, 0x2D, 0xD6, 0x1D, 0x38, 0x15, 0xC8, 0x98 }, + { 0x60, 0x57, 0x5C, 0x1B, 0xF9, 0xBD, 0x7F, 0xD5, 0x89, 0x5D, 0xBB, 0x8E, 0xDB, 0xC4, 0xDD, 0xFE, 0x9C, 0x2B, 0x50, 0x18, 0x24, 0xCE, 0x89, 0xCB, 0x34, 0x32, 0xE2, 0xF6, 0xB2, 0x14, 0x57, 0xC9 }, + { 0xE2, 0x2C, 0x84, 0x2A, 0xFB, 0xFB, 0x25, 0xA0, 0x52, 0x4E, 0xA3, 0x99, 0x9D, 0x23, 0x52, 0x8B, 0xF7, 0x88, 0x20, 0x15, 0x2E, 0x53, 0x81, 0x70, 0x7E, 0x4D, 0x31, 0xE9, 0x1A, 0xE8, 0x03, 0x4E }, + { 0x5F, 0x67, 0x1E, 0x5C, 0xEA, 0xC6, 0x44, 0xC5, 0x1F, 0x91, 0xF6, 0xFF, 0xE4, 0x18, 0x0B, 0x2F, 0xC6, 0xA8, 0x61, 0xA5, 0x4A, 0x97, 0xC3, 0xCF, 0x44, 0x8E, 0xF6, 0xEE, 0x6D, 0xDB, 0xEF, 0x45 }, + { 0xE5, 0x86, 0x25, 0x4A, 0x3A, 0xE3, 0x2D, 0xAF, 0xC0, 0x37, 0xC3, 0x44, 0xB6, 0xD6, 0x66, 0x51, 0x45, 0x78, 0xE2, 0x3F, 0x0D, 0xF1, 0x67, 0xAE, 0x5C, 0xE3, 0x24, 0x80, 0xEE, 0x49, 0x38, 0x08 }, + { 0x5C, 0xA0, 0x55, 0x44, 0xE2, 0x4A, 0x53, 0xF2, 0x28, 0x75, 0x26, 0xE7, 0x2B, 0x07, 0x59, 0xD2, 0x3C, 0x8D, 0x56, 0x3B, 0x13, 0x6F, 0x3C, 0xA7, 0x14, 0x32, 0x40, 0xC7, 0x97, 0xD3, 0x55, 0x1E }, + { 0xA0, 0xA2, 0xB4, 0x16, 0xA8, 0x4B, 0xFC, 0xBD, 0x22, 0xF1, 0xBF, 0xBB, 0xFA, 0xB3, 0xBA, 0xCC, 0xEB, 0x7D, 0xEB, 0x45, 0x81, 0xCA, 0xEA, 0x06, 0x82, 0x6C, 0x5D, 0xDF, 0xF8, 0x44, 0xD4, 0xD4 }, + { 0xA7, 0xEF, 0x83, 0x22, 0xEC, 0x94, 0x90, 0xF0, 0xE8, 0x24, 0x09, 0xE0, 0x8D, 0x92, 0xEB, 0x1C, 0x15, 0x09, 0x32, 0x8E, 0x3B, 0xA2, 0x57, 0xFA, 0xBF, 0x98, 0x24, 0x0E, 0xB1, 0x2F, 0x56, 0x5D }, + { 0x1E, 0xC2, 0x9B, 0x52, 0x5B, 0x24, 0xC3, 0xE5, 0xA8, 0xE9, 0xC8, 0x2B, 0xCF, 0xA8, 0x17, 0xC7, 0x02, 0xF4, 0x16, 0x82, 0x00, 0x0E, 0xD2, 0xCD, 0xF4, 0x75, 0x88, 0xD9, 0x24, 0xCF, 0xC3, 0xDB }, + { 0xD6, 0x34, 0xC9, 0x29, 0x1F, 0x23, 0x48, 0x8F, 0x63, 0x01, 0x46, 0x6C, 0x95, 0xC0, 0x1E, 0x62, 0x77, 0xA9, 0x66, 0x5A, 0x89, 0x73, 0x77, 0xB4, 0x52, 0x8D, 0x2F, 0xED, 0x8E, 0xCF, 0x67, 0x01 }, + { 0xF1, 0x4A, 0xD9, 0x3E, 0x65, 0x77, 0xDD, 0x06, 0xE8, 0x9C, 0x71, 0xD7, 0xEF, 0x26, 0x35, 0x83, 0xFF, 0xFE, 0xBD, 0x29, 0xE0, 0xB4, 0x34, 0x24, 0x3C, 0xD4, 0x1E, 0xB2, 0xF6, 0xC2, 0x43, 0xC5 }, + { 0x2E, 0x98, 0xE5, 0x40, 0x47, 0xBF, 0x6B, 0x3E, 0xE4, 0xCD, 0x19, 0xFD, 0x68, 0xC2, 0xB6, 0x9C, 0x92, 0x10, 0xE5, 0xA4, 0x57, 0x90, 0xB8, 0x8E, 0x3F, 0x29, 0x85, 0x94, 0xAD, 0x67, 0x34, 0x3F }, + { 0x39, 0x91, 0x3A, 0xF8, 0xED, 0x6F, 0x8A, 0x54, 0x40, 0x22, 0x28, 0x40, 0xDB, 0x1C, 0x62, 0xEE, 0xD6, 0x4D, 0x65, 0x03, 0xEA, 0x96, 0x39, 0x9D, 0xD1, 0x51, 0xFC, 0xF0, 0x66, 0x55, 0x53, 0x7F }, + { 0x4D, 0x48, 0x74, 0xA3, 0xEB, 0x2A, 0x22, 0x04, 0x0C, 0x21, 0x91, 0xCE, 0x91, 0x6B, 0x2D, 0xA9, 0x20, 0x05, 0xCB, 0xC0, 0x09, 0xBF, 0xAB, 0xAB, 0xDD, 0x38, 0x0D, 0xC9, 0x76, 0x80, 0x8F, 0xD6 }, + { 0xE9, 0xD5, 0xD1, 0xBC, 0x7E, 0xEA, 0x49, 0xBD, 0x2D, 0x16, 0x5B, 0x35, 0x87, 0xD0, 0x04, 0xCD, 0x2B, 0x85, 0xD2, 0x07, 0xBA, 0x19, 0xDA, 0xFF, 0x96, 0x0B, 0xF5, 0xD1, 0x75, 0xDD, 0xC1, 0xE2 }, + { 0xE2, 0x6B, 0x4E, 0x7B, 0xA4, 0xF3, 0x63, 0x79, 0xB8, 0x94, 0x72, 0x98, 0x0A, 0xBB, 0xC1, 0x62, 0xCE, 0xA5, 0x63, 0x64, 0x0D, 0xFA, 0x4F, 0xB9, 0x37, 0xC4, 0xC7, 0xA9, 0xD9, 0x22, 0x24, 0xE7 }, + { 0x89, 0x7A, 0xFB, 0xC7, 0x74, 0x31, 0xF5, 0x20, 0x1D, 0xD9, 0xB5, 0x72, 0x67, 0x78, 0x26, 0x2D, 0x2E, 0x7A, 0x1E, 0x16, 0x83, 0xAB, 0x27, 0x6D, 0x53, 0x42, 0x18, 0x8C, 0xD7, 0x3E, 0xE3, 0xEC }, + { 0x02, 0x2A, 0xBD, 0xB2, 0x74, 0x54, 0x8F, 0xDD, 0xEA, 0xD7, 0xA1, 0x71, 0x65, 0xC0, 0x2A, 0x0B, 0x6C, 0xE9, 0xB9, 0x4D, 0x77, 0xEF, 0x03, 0xE2, 0xD6, 0x16, 0xAA, 0x01, 0xD5, 0x54, 0x03, 0x62 }, + { 0x02, 0x4B, 0xD6, 0x38, 0x2F, 0x13, 0x4E, 0x47, 0xDC, 0x2A, 0x1F, 0x0B, 0x9A, 0xAD, 0x8B, 0x29, 0x16, 0x53, 0xBC, 0x20, 0xE5, 0x19, 0x7A, 0x54, 0x42, 0xA0, 0x33, 0x5D, 0xD2, 0xEE, 0x40, 0x3C }, + { 0xD8, 0x8A, 0x3D, 0xC7, 0x02, 0x20, 0x89, 0xEA, 0xA3, 0x30, 0x91, 0x0A, 0x1D, 0xB4, 0xD5, 0x76, 0x06, 0xB4, 0x76, 0x59, 0x02, 0xA2, 0x8A, 0xE3, 0xE3, 0xA3, 0x4D, 0xEE, 0x26, 0x55, 0x0F, 0x1C }, + { 0xC5, 0x11, 0xB0, 0xDD, 0x90, 0x66, 0x2E, 0xF6, 0x40, 0xD4, 0x17, 0xED, 0x6F, 0x67, 0x2D, 0x5A, 0xB2, 0x16, 0xD0, 0x20, 0x03, 0xD3, 0x65, 0xE6, 0x65, 0x3C, 0x1A, 0x82, 0x6A, 0x9A, 0xFE, 0xC2 }, + { 0x20, 0x3C, 0x1F, 0x7B, 0xD2, 0xC3, 0xAA, 0x84, 0x1F, 0x16, 0x99, 0x11, 0x00, 0x2B, 0xF1, 0xA9, 0xC9, 0x26, 0xE4, 0xFA, 0x79, 0x56, 0xB1, 0xC3, 0x53, 0xD8, 0x2D, 0xC1, 0xB5, 0x4A, 0x70, 0xD9 }, + { 0xDA, 0xDD, 0x52, 0x89, 0x29, 0x65, 0x7A, 0xF0, 0x94, 0x04, 0xEA, 0x4B, 0x93, 0xA3, 0x8B, 0x55, 0x5C, 0x56, 0x23, 0x48, 0x0F, 0x0A, 0x46, 0x74, 0xBE, 0x58, 0xAB, 0xEE, 0x84, 0x71, 0x1C, 0x25 }, + { 0x10, 0xD7, 0xFA, 0x16, 0x87, 0xDD, 0xFE, 0xF8, 0xE9, 0x50, 0x85, 0xAF, 0xCA, 0x2F, 0x48, 0xBB, 0x4E, 0xE2, 0xB7, 0x76, 0xA9, 0x43, 0xC3, 0x4A, 0x08, 0xB7, 0x62, 0x02, 0x5D, 0x15, 0x1A, 0xA3 }, + { 0x29, 0x0F, 0x94, 0x28, 0xEF, 0xF2, 0x91, 0x72, 0x4A, 0x2A, 0x3A, 0x8A, 0xDB, 0x2A, 0x0B, 0x7D, 0xDA, 0xFE, 0x06, 0xCB, 0x2D, 0x5E, 0xAF, 0xD1, 0xB4, 0xDA, 0x66, 0x17, 0x24, 0x45, 0xFE, 0x79 }, + { 0x4C, 0x59, 0x0E, 0xC6, 0x72, 0xC6, 0x83, 0xCA, 0x9A, 0xD2, 0x46, 0x99, 0x18, 0x64, 0xB4, 0x04, 0x37, 0xF0, 0x94, 0xF4, 0x27, 0xB8, 0xE7, 0xE9, 0xBA, 0x21, 0xB0, 0xC0, 0x6A, 0xAC, 0xDA, 0xF2 }, + { 0x25, 0x00, 0x97, 0xB2, 0x1C, 0x30, 0x78, 0xC9, 0xE0, 0x7E, 0x86, 0x15, 0xE4, 0x0E, 0x10, 0xAA, 0xEF, 0x29, 0x29, 0x65, 0x33, 0xBF, 0xA5, 0xB6, 0xDA, 0xF1, 0x96, 0x55, 0x1B, 0x26, 0xB2, 0xA4 }, + { 0xAE, 0x4D, 0xC3, 0x43, 0x78, 0xF2, 0xF1, 0xD3, 0x9B, 0xC5, 0x35, 0x04, 0xA0, 0x5A, 0x90, 0xD5, 0x63, 0x40, 0xE3, 0xCA, 0x72, 0x3C, 0xBC, 0x6B, 0xD7, 0x98, 0xA2, 0x43, 0xF5, 0xF2, 0x7C, 0x5A }, + { 0x25, 0x79, 0xC8, 0x64, 0x08, 0x49, 0x38, 0xDF, 0x9D, 0xE7, 0xB7, 0xE0, 0x7B, 0x6A, 0x8B, 0x8A, 0x45, 0x6E, 0x80, 0xE3, 0x0F, 0xDF, 0x9B, 0xEE, 0x9B, 0xEB, 0xB8, 0xFE, 0xDD, 0x6A, 0xEC, 0xC2 }, + { 0x2D, 0xA7, 0xD5, 0x33, 0xA3, 0xED, 0x29, 0x54, 0x0C, 0x6A, 0x07, 0x60, 0xFC, 0x08, 0x3B, 0x3D, 0x62, 0xA5, 0x81, 0x1A, 0x66, 0x0B, 0x77, 0x2E, 0x46, 0x2E, 0xB5, 0x3F, 0xE5, 0xA9, 0xA5, 0x1B }, + { 0x3B, 0x63, 0xD8, 0x66, 0x52, 0x33, 0x9C, 0xF1, 0xEE, 0xD6, 0x97, 0x4B, 0x14, 0xBF, 0xD5, 0x7C, 0x1B, 0x56, 0xE7, 0x57, 0x9B, 0xC7, 0x4A, 0xA3, 0xD1, 0x17, 0x51, 0x5E, 0x30, 0xC6, 0x92, 0xE4 }, + { 0x53, 0x10, 0x43, 0x7E, 0xDC, 0xE9, 0xEC, 0xE2, 0x25, 0xBA, 0x1D, 0x9E, 0x98, 0x77, 0x2E, 0x47, 0x92, 0x85, 0xAC, 0xE5, 0x5C, 0xB2, 0xDB, 0x33, 0xB1, 0xAC, 0x4D, 0x3B, 0x58, 0x65, 0x92, 0xDB }, + { 0x3B, 0xD7, 0xB3, 0x87, 0x50, 0xAC, 0x25, 0x0F, 0xBA, 0x58, 0xBC, 0x2E, 0x76, 0x59, 0x45, 0x92, 0xF4, 0x84, 0x5F, 0x16, 0xFA, 0x95, 0xF3, 0x33, 0x72, 0x57, 0x6D, 0xAE, 0xFB, 0x61, 0x29, 0xC5 }, + { 0x85, 0xE6, 0xD5, 0x84, 0x07, 0x93, 0x7B, 0x41, 0xCF, 0x4B, 0x9F, 0xBB, 0x45, 0x03, 0x7C, 0x52, 0x56, 0xEC, 0x4F, 0x6E, 0x34, 0x89, 0xAA, 0x65, 0xF5, 0x4D, 0xAC, 0xFE, 0xC5, 0xD0, 0xDF, 0xC5 }, + { 0x02, 0xBE, 0x35, 0xF6, 0xC0, 0x13, 0x04, 0xB2, 0x4A, 0x52, 0x1F, 0xBB, 0x90, 0xDC, 0xE8, 0x86, 0x9D, 0x43, 0x51, 0x7C, 0xC8, 0x39, 0xEF, 0x9D, 0x79, 0x80, 0xF0, 0x74, 0xF9, 0x97, 0xEB, 0x80 }, + { 0xF5, 0x9E, 0x95, 0x42, 0x26, 0xC7, 0x7C, 0x98, 0xD4, 0x6E, 0x05, 0x9B, 0x5B, 0x6A, 0x28, 0xFF, 0x60, 0x6A, 0x8B, 0x3F, 0xFA, 0x79, 0xEE, 0xBA, 0xAC, 0x95, 0x34, 0x8C, 0x3F, 0x8A, 0x94, 0xA7 }, + { 0x53, 0x16, 0x12, 0x00, 0x58, 0x33, 0x29, 0xE3, 0x83, 0x74, 0x97, 0x05, 0xA7, 0xB5, 0x99, 0xFF, 0x54, 0x60, 0x65, 0x13, 0x86, 0x7E, 0x27, 0xA5, 0x73, 0x3B, 0xD3, 0xD3, 0xC3, 0xF9, 0xBA, 0x6F }, + { 0x36, 0xE5, 0x52, 0xE8, 0x2C, 0x39, 0x6B, 0x20, 0xC9, 0x24, 0x4A, 0x1D, 0x1C, 0x25, 0x7D, 0xFA, 0xFD, 0xED, 0x11, 0x2D, 0x04, 0x32, 0x0D, 0x96, 0xE6, 0x24, 0x73, 0xA2, 0x23, 0x69, 0x01, 0x1C }, + { 0x2F, 0x1B, 0xD5, 0x46, 0xD0, 0x0C, 0x97, 0x18, 0xEA, 0x11, 0xA1, 0x0B, 0x20, 0xFF, 0x73, 0x67, 0x5C, 0x47, 0x42, 0x43, 0x48, 0x24, 0xEC, 0x77, 0xCF, 0x01, 0x55, 0xCF, 0xEE, 0x9F, 0x86, 0x7E }, + { 0xA4, 0x0D, 0xDF, 0xCA, 0xC8, 0x6C, 0xAD, 0x39, 0x2C, 0x78, 0x0B, 0x76, 0x88, 0xEA, 0x60, 0xA3, 0x3C, 0xD1, 0x7A, 0x26, 0xDB, 0x2D, 0x86, 0x38, 0x71, 0x1C, 0xCB, 0x63, 0xB7, 0x4A, 0x10, 0x90 }, + { 0x8C, 0x0B, 0xCD, 0x5A, 0x39, 0x05, 0xA2, 0x40, 0xCB, 0x33, 0xA0, 0x57, 0xFA, 0xFC, 0x04, 0xA8, 0x2B, 0xDA, 0x5F, 0x9A, 0x44, 0xEC, 0xC9, 0x03, 0xB4, 0x4B, 0x3A, 0x06, 0x00, 0x05, 0x23, 0x97 }, + { 0x60, 0x74, 0x92, 0x55, 0xA8, 0x5B, 0x95, 0x10, 0xBD, 0x80, 0x38, 0x3B, 0x12, 0x08, 0x48, 0xB7, 0xC1, 0xF4, 0x6E, 0xA2, 0x58, 0xEE, 0x2E, 0x19, 0xA7, 0xC4, 0xED, 0x66, 0x9C, 0x79, 0x5A, 0x83 }, + { 0xDA, 0x5F, 0x29, 0xCD, 0xE2, 0x8F, 0xB1, 0x9E, 0xC5, 0xEC, 0xE3, 0x27, 0xC3, 0x49, 0x55, 0x24, 0xD9, 0x39, 0x05, 0x77, 0xA3, 0xDF, 0x65, 0x0F, 0x8A, 0xCC, 0x1F, 0x78, 0xC6, 0x8B, 0xCD, 0x4A }, + { 0x49, 0x24, 0x12, 0x41, 0x94, 0x3F, 0xFB, 0x1E, 0xF2, 0x18, 0x98, 0xE1, 0xB1, 0x35, 0x0E, 0xAB, 0x2A, 0x62, 0x7C, 0x80, 0xD0, 0xBE, 0xAA, 0xF0, 0x5F, 0x77, 0xE2, 0x2C, 0x72, 0x5E, 0x20, 0x57 }, + { 0x81, 0x84, 0xC0, 0x9B, 0x76, 0x05, 0xFF, 0x21, 0xEA, 0xF5, 0x95, 0xAD, 0x34, 0xBC, 0xCD, 0xE7, 0x97, 0x5C, 0xD3, 0x84, 0xF0, 0xFF, 0x03, 0xB6, 0x97, 0x6F, 0x04, 0x7F, 0xDF, 0x9F, 0x98, 0x1C }, + { 0x53, 0xA6, 0xE4, 0xE3, 0x70, 0xC1, 0x9B, 0x26, 0xE1, 0xB9, 0x0E, 0x88, 0x93, 0xBE, 0x78, 0xC5, 0x15, 0x1F, 0x50, 0x75, 0x8C, 0x7E, 0xD6, 0x09, 0xC3, 0xFB, 0x88, 0x91, 0x3C, 0xC0, 0xA9, 0xD3 }, + { 0xAE, 0x74, 0x73, 0xC2, 0xC8, 0x46, 0xED, 0xD2, 0x94, 0x83, 0x49, 0xD9, 0x10, 0x74, 0xD7, 0x75, 0xEC, 0xE1, 0x32, 0xAA, 0x3F, 0x36, 0x7D, 0xEE, 0x34, 0xBF, 0x9A, 0x03, 0xC8, 0xC9, 0x3E, 0x4A }, + { 0x96, 0xEE, 0xAB, 0x1C, 0x5B, 0xD7, 0x5E, 0xB9, 0xF1, 0x01, 0xCD, 0xFB, 0x65, 0xEF, 0xAD, 0xBB, 0x8A, 0x87, 0x74, 0xF8, 0xA7, 0xC8, 0x24, 0x7C, 0xD1, 0x1F, 0x6F, 0x12, 0x50, 0xBA, 0x0C, 0x2D }, + { 0x42, 0x32, 0x33, 0xFC, 0x3A, 0x8B, 0x97, 0x22, 0xDA, 0xA1, 0x5F, 0xF4, 0x8B, 0x84, 0x93, 0xA0, 0xDE, 0xD4, 0x3A, 0x86, 0xD2, 0x96, 0x0D, 0x53, 0x2C, 0xA1, 0x74, 0xC4, 0x60, 0x8D, 0xC1, 0x84 }, + { 0x53, 0x1F, 0x5A, 0x56, 0x2B, 0x17, 0x79, 0x33, 0x93, 0xED, 0x31, 0x28, 0x20, 0x6B, 0x7C, 0x73, 0x4E, 0xF0, 0xBC, 0xA5, 0xCD, 0x91, 0x57, 0x5D, 0x67, 0x3A, 0x27, 0x7E, 0x49, 0x78, 0xB0, 0x54 }, + { 0xEF, 0x13, 0x06, 0x2E, 0x39, 0x90, 0x5C, 0xA2, 0x53, 0x78, 0x6E, 0x52, 0x6E, 0xAE, 0x01, 0x16, 0xAA, 0x3D, 0x97, 0x25, 0xAF, 0x9A, 0x04, 0x0C, 0xDD, 0xD9, 0xB8, 0xFE, 0xC3, 0xF3, 0x03, 0xE9 }, + { 0xCE, 0x03, 0xF6, 0xB9, 0xFE, 0x37, 0x6E, 0x3B, 0xC6, 0x72, 0xD4, 0x6E, 0x5D, 0x89, 0x2E, 0xEA, 0xF7, 0x60, 0x79, 0xA8, 0x62, 0xD7, 0x16, 0xA7, 0xC9, 0x24, 0x81, 0xD8, 0xED, 0xC8, 0x11, 0xE1 }, + { 0x63, 0xCC, 0xC5, 0xA6, 0x21, 0x1E, 0x91, 0xF2, 0xFA, 0xF6, 0xCD, 0x73, 0xD4, 0x58, 0x31, 0x14, 0x97, 0xE4, 0x9B, 0x91, 0x6C, 0x2E, 0x16, 0xCF, 0x4C, 0x86, 0x2E, 0x54, 0x6C, 0x15, 0xE8, 0x95 }, + { 0x0A, 0xDF, 0x4B, 0xA1, 0x25, 0x0E, 0xB4, 0x15, 0xDE, 0xCF, 0x1B, 0xF1, 0x87, 0x16, 0x3F, 0x73, 0x70, 0xF6, 0x01, 0x8C, 0x5A, 0x2F, 0xD2, 0x9B, 0xF6, 0x9A, 0x6F, 0xE8, 0x3B, 0x0C, 0xB2, 0xF3 }, + { 0xC8, 0x3B, 0xD1, 0xBB, 0xDD, 0xD0, 0x5E, 0xAF, 0x68, 0x68, 0x90, 0x47, 0x30, 0x9C, 0xE2, 0xEC, 0x57, 0x9E, 0xBF, 0xE3, 0x6C, 0x1B, 0xC0, 0xAF, 0x10, 0xC6, 0x59, 0x29, 0x86, 0xBD, 0xD2, 0x63 }, + { 0x7E, 0x97, 0xFE, 0xB6, 0x5D, 0xB6, 0x05, 0x55, 0x2D, 0x42, 0x32, 0x0D, 0x1C, 0xB0, 0x60, 0x16, 0xB1, 0x40, 0x76, 0xD3, 0x34, 0x88, 0x2D, 0x84, 0x3B, 0x02, 0x11, 0x76, 0xA4, 0x93, 0x5F, 0x4B }, + { 0xAF, 0x36, 0xAA, 0x5B, 0x5C, 0xDC, 0xD6, 0xDF, 0x35, 0x69, 0xD0, 0x00, 0x84, 0xC7, 0x2F, 0x1E, 0xED, 0x51, 0xCE, 0xEE, 0x5A, 0xA0, 0xE1, 0x3E, 0xAA, 0x63, 0x95, 0x74, 0x2C, 0xAA, 0xE4, 0x50 }, + { 0x5E, 0x51, 0xB2, 0x6B, 0xC8, 0xE3, 0xBA, 0x0D, 0x40, 0xEC, 0x3F, 0x37, 0xAE, 0x48, 0x13, 0x70, 0xE4, 0x11, 0xF8, 0x61, 0xAA, 0xE3, 0xCF, 0x05, 0x97, 0x61, 0x44, 0x38, 0x1B, 0x0A, 0xAB, 0xC3 }, + { 0x06, 0xDA, 0xCF, 0x9A, 0x6A, 0x58, 0xD2, 0x2C, 0x39, 0xC1, 0x0E, 0x85, 0xC7, 0xE6, 0x75, 0xB8, 0x82, 0xD0, 0xDB, 0x5E, 0x9A, 0x2E, 0x3D, 0xE2, 0x0F, 0xF1, 0x98, 0x3E, 0xD9, 0x01, 0x07, 0xD6 }, + { 0x8C, 0xBC, 0xEF, 0x35, 0x65, 0x92, 0x37, 0x8E, 0x7F, 0xBC, 0xCF, 0x10, 0xC7, 0x5B, 0xB2, 0x64, 0x37, 0x21, 0xF5, 0x8B, 0x08, 0x46, 0xDA, 0xA3, 0xDF, 0x0C, 0x1E, 0x57, 0x6C, 0x1C, 0xC5, 0x4B }, + { 0x2F, 0xAB, 0xF8, 0x70, 0x11, 0x52, 0xAC, 0xC8, 0xE1, 0x52, 0x85, 0xA0, 0x8B, 0x7B, 0x75, 0x48, 0x6E, 0x61, 0x91, 0x84, 0xE9, 0xB2, 0x5A, 0x42, 0x1C, 0x6E, 0x93, 0x4C, 0xFE, 0x3A, 0xA6, 0x50 }, + { 0xA7, 0x1E, 0x51, 0xCF, 0x7E, 0xD7, 0xAF, 0xBF, 0x23, 0x6E, 0x0B, 0x81, 0x4E, 0x0D, 0x0E, 0xC4, 0x3C, 0xE6, 0x74, 0x07, 0x52, 0x3B, 0xC0, 0x20, 0x34, 0xD2, 0xB8, 0x56, 0xAA, 0xAE, 0x49, 0x93 }, + { 0x39, 0x2D, 0x14, 0xB2, 0xBD, 0x1B, 0xFB, 0x11, 0x4B, 0x2F, 0xE7, 0xDB, 0xC1, 0x2E, 0xC0, 0x71, 0x54, 0x36, 0xAE, 0x78, 0x59, 0x9C, 0xE1, 0x61, 0x95, 0xC2, 0x0E, 0xCD, 0xB9, 0x21, 0x94, 0xDB }, + { 0xDF, 0x14, 0x9B, 0x56, 0x09, 0x9D, 0x7D, 0x72, 0x2B, 0xBC, 0xAF, 0xFE, 0xF8, 0x2F, 0xD1, 0x3A, 0x4D, 0x7B, 0x27, 0xA0, 0xA7, 0x5E, 0xDE, 0x3C, 0x01, 0xEE, 0x0C, 0xDB, 0x54, 0x27, 0x73, 0xF7 }, + { 0x8E, 0x64, 0xD4, 0xA1, 0x63, 0xF1, 0x0F, 0xCB, 0xFE, 0x95, 0x53, 0xE9, 0x6E, 0x4E, 0xE4, 0xE1, 0x07, 0x8C, 0xAB, 0x9F, 0x51, 0xED, 0x62, 0x7F, 0x6C, 0x22, 0x27, 0xFB, 0xE4, 0x16, 0x12, 0xC3 }, + { 0xCA, 0xB0, 0xC4, 0xEA, 0xA4, 0x3A, 0xF7, 0x2D, 0xFD, 0x37, 0x8A, 0x0D, 0x05, 0x96, 0xE8, 0xA9, 0x3D, 0x5F, 0x9E, 0x9D, 0x8A, 0xF8, 0xB5, 0x47, 0xFB, 0xB0, 0xB5, 0x71, 0xC3, 0xD8, 0xAE, 0x85 }, + { 0x07, 0x3D, 0x87, 0xA3, 0x0A, 0x98, 0x5F, 0x53, 0x82, 0xB2, 0xFF, 0x34, 0x4C, 0xCD, 0x1B, 0xAB, 0xC1, 0xB9, 0xE1, 0x97, 0xE6, 0xF4, 0xD7, 0x71, 0x78, 0xF0, 0x96, 0x93, 0xD9, 0xA5, 0xA4, 0x7D }, + { 0xC9, 0x87, 0xA1, 0x8C, 0xD3, 0x50, 0x3F, 0x83, 0x30, 0x44, 0x14, 0x50, 0xAD, 0x0F, 0xE2, 0xC4, 0xEA, 0xC7, 0xF6, 0x3D, 0xC9, 0xE6, 0x50, 0xA7, 0xEA, 0x22, 0x41, 0xD7, 0x2E, 0x05, 0xE9, 0xF9 }, + { 0xAF, 0x44, 0x71, 0x82, 0xC0, 0xA6, 0x65, 0x51, 0xED, 0x70, 0x04, 0xAC, 0x8E, 0xD1, 0x9E, 0xA9, 0x21, 0x54, 0xE0, 0x87, 0x96, 0x42, 0xC4, 0xC1, 0xA9, 0x20, 0xDC, 0xB2, 0xF8, 0xA9, 0xEC, 0xFA }, + { 0xD2, 0x20, 0x63, 0x9D, 0xB0, 0x44, 0x98, 0xCF, 0xBC, 0x35, 0x80, 0xB3, 0x97, 0xB8, 0xE0, 0x4F, 0x7B, 0x0D, 0xE2, 0x4F, 0x16, 0x90, 0xA9, 0x85, 0x4E, 0xAD, 0x15, 0xCC, 0xD7, 0xEA, 0x6D, 0x38 }, + { 0x1F, 0x64, 0xB2, 0x58, 0x8B, 0xE5, 0x31, 0x8A, 0xB1, 0xE5, 0x01, 0x00, 0x97, 0xB2, 0xB7, 0x4E, 0x31, 0x3F, 0xEA, 0x99, 0xA0, 0x41, 0xEE, 0x4E, 0x09, 0x43, 0x94, 0x1B, 0x20, 0x36, 0xA7, 0x9D }, + { 0x78, 0x4F, 0x8D, 0x19, 0x35, 0x18, 0xFE, 0x4B, 0x6F, 0x86, 0xA9, 0x1D, 0x87, 0x1B, 0x35, 0x42, 0x48, 0x07, 0xA8, 0xFB, 0x09, 0x96, 0x6E, 0x57, 0xBE, 0x91, 0x70, 0x16, 0x2A, 0x71, 0x98, 0x67 }, + { 0x9E, 0xB4, 0xCD, 0xEB, 0x1F, 0xD8, 0xB3, 0x8A, 0xC3, 0xC7, 0x8A, 0x99, 0x94, 0xAD, 0xEC, 0x29, 0xB9, 0x33, 0x5C, 0xCE, 0xF2, 0x09, 0x9B, 0xDE, 0xCD, 0x97, 0x46, 0x7E, 0xC8, 0xCB, 0xB1, 0x40 }, + { 0x2B, 0x3E, 0xF4, 0x50, 0xD3, 0xF0, 0xDA, 0x47, 0x0F, 0x72, 0x2D, 0x0D, 0xB3, 0x94, 0x64, 0x1B, 0x88, 0x65, 0xD2, 0x16, 0x60, 0x87, 0x1C, 0xDD, 0x48, 0xC4, 0x8A, 0xAC, 0xCC, 0xBF, 0x17, 0xA8 }, + { 0x25, 0xEB, 0xD7, 0xF8, 0x16, 0x47, 0x7A, 0x96, 0x5A, 0xB5, 0x7B, 0x74, 0x94, 0x37, 0x16, 0x0A, 0x8D, 0xD3, 0x70, 0xF7, 0xB4, 0xB8, 0x55, 0xA5, 0xB2, 0x3B, 0x25, 0x7B, 0xAA, 0x64, 0x18, 0x71 }, + { 0xDA, 0x66, 0x61, 0xAE, 0x4F, 0x09, 0xDE, 0xA6, 0x4F, 0xD1, 0x56, 0x8B, 0x2E, 0xD1, 0x25, 0x4E, 0xA8, 0xC9, 0x44, 0x52, 0xD1, 0x15, 0x8E, 0x2F, 0x50, 0x4C, 0x5C, 0xB2, 0x50, 0x6C, 0xA5, 0xE1 }, + { 0xC8, 0xC3, 0xE6, 0xF0, 0xEE, 0xA6, 0xDA, 0x34, 0x3F, 0xDF, 0x59, 0x2F, 0x0D, 0x53, 0x2B, 0x4D, 0x85, 0x74, 0x17, 0xC3, 0x38, 0xC9, 0xBC, 0xB2, 0xF0, 0x98, 0xAC, 0xB9, 0x59, 0x2C, 0x6F, 0x72 }, + { 0x70, 0xDF, 0xCD, 0x34, 0xA0, 0xE4, 0x67, 0xCB, 0xBB, 0x91, 0x72, 0x23, 0xB8, 0x6B, 0xCB, 0x31, 0x4D, 0x3C, 0x4C, 0x58, 0x98, 0x45, 0x9A, 0x9A, 0xB7, 0x11, 0x4D, 0x37, 0x42, 0xE3, 0x56, 0x08 }, + { 0x10, 0xD0, 0x3D, 0x8E, 0xF0, 0x5F, 0xEE, 0x57, 0x70, 0xFE, 0x77, 0x54, 0x02, 0xE1, 0x48, 0x14, 0xB9, 0xFE, 0xA6, 0x5D, 0x28, 0x8A, 0x33, 0x1C, 0x2D, 0xAE, 0xF4, 0xAA, 0x82, 0xEC, 0xF5, 0xA9 }, + { 0x75, 0x0B, 0x27, 0xCB, 0x3A, 0x04, 0x3C, 0x49, 0xD1, 0xEF, 0x3F, 0xC4, 0x15, 0x29, 0x07, 0xCC, 0x2B, 0x73, 0x84, 0x80, 0x0A, 0x79, 0xA1, 0xEC, 0x49, 0x08, 0x0D, 0x36, 0x2D, 0x3A, 0xEB, 0xCD }, + { 0xF4, 0xE1, 0x4D, 0x4E, 0x5A, 0x5F, 0xA0, 0x3E, 0x80, 0x61, 0x64, 0x0F, 0x37, 0x1E, 0xF4, 0xFF, 0xA6, 0x77, 0x18, 0x15, 0x62, 0xA3, 0xE2, 0x0D, 0xF8, 0xBB, 0x05, 0xF0, 0xED, 0xB5, 0xF2, 0x8A }, + { 0xF5, 0xE0, 0x2F, 0xD9, 0xF4, 0x6F, 0x09, 0xBB, 0x77, 0x74, 0x00, 0x08, 0x35, 0xB1, 0xBA, 0xE5, 0x17, 0xB7, 0x33, 0x41, 0xBC, 0xC5, 0x24, 0x0E, 0x89, 0xD2, 0x71, 0x2F, 0x49, 0x87, 0xE0, 0x43 }, + { 0x1A, 0x2F, 0x45, 0x4E, 0x43, 0x5D, 0xC5, 0xF8, 0x61, 0xFF, 0x4E, 0x34, 0xF0, 0x6D, 0x3D, 0x58, 0x21, 0xEE, 0xBD, 0xB6, 0x18, 0x31, 0x5A, 0xE4, 0xDE, 0xA8, 0xFF, 0x93, 0xCC, 0x53, 0x90, 0xE2 }, + { 0x10, 0x33, 0xAF, 0xA1, 0x7D, 0x6B, 0x00, 0xB6, 0xD1, 0xFD, 0xE5, 0xCD, 0xC2, 0x05, 0x14, 0xEC, 0x13, 0x6B, 0xF4, 0xA5, 0xCB, 0xEA, 0xBF, 0x97, 0x7B, 0xCF, 0xCA, 0xDE, 0x64, 0x6F, 0xEA, 0xF5 }, + { 0xC8, 0x42, 0xF4, 0x52, 0x38, 0x32, 0xDA, 0xE9, 0xC5, 0x9F, 0x29, 0x15, 0xE9, 0x1B, 0xAA, 0x46, 0x8A, 0xA4, 0x6C, 0x3F, 0x40, 0x81, 0xA0, 0x92, 0x52, 0xA7, 0x87, 0x0C, 0x22, 0xCD, 0xD1, 0x52 }, + { 0x53, 0x31, 0x67, 0xF3, 0x83, 0x9F, 0x74, 0x72, 0xBE, 0x9F, 0x11, 0xFE, 0xA9, 0x81, 0x96, 0xAA, 0x51, 0x14, 0xED, 0xEE, 0x45, 0x3C, 0x0E, 0xF6, 0x33, 0xC0, 0xFD, 0x31, 0x99, 0x66, 0xC2, 0xE9 }, + { 0x6E, 0xD2, 0xED, 0xED, 0xB0, 0xEC, 0x3C, 0x4A, 0xF7, 0xA2, 0x20, 0xEE, 0x2F, 0x02, 0x3A, 0x76, 0xBE, 0xB3, 0xE6, 0x43, 0xF2, 0x78, 0x8D, 0x6C, 0xC3, 0x21, 0xE5, 0x94, 0xF8, 0xB0, 0x2B, 0x21 }, + { 0x9B, 0x66, 0x80, 0xB2, 0xCD, 0x0B, 0xCF, 0x4E, 0x68, 0x2D, 0xAD, 0x83, 0xE2, 0x83, 0x48, 0xD3, 0xF0, 0x9C, 0x50, 0x03, 0x81, 0x21, 0x50, 0x41, 0xB9, 0xC8, 0xFA, 0xBB, 0xFA, 0x6C, 0x7D, 0x1F }, + { 0x87, 0x08, 0x51, 0x02, 0xD4, 0xFC, 0xA7, 0x37, 0xD5, 0xB0, 0x8D, 0x4C, 0x5B, 0xBB, 0xD8, 0xD5, 0xCE, 0x39, 0xCE, 0x39, 0xDD, 0x17, 0xF7, 0x22, 0x20, 0xC7, 0xD6, 0x44, 0x9D, 0x8B, 0x90, 0x1E }, + { 0x96, 0xCA, 0x46, 0x48, 0xF4, 0xE8, 0xB9, 0xBC, 0x69, 0xA2, 0x77, 0x10, 0x51, 0x8C, 0x80, 0x84, 0xFA, 0x78, 0xC6, 0xD8, 0xA9, 0xD2, 0x85, 0x5D, 0x79, 0xB3, 0x27, 0x28, 0xAC, 0x93, 0xF3, 0xAD }, + { 0x20, 0x73, 0x7D, 0x95, 0x19, 0x5C, 0xE1, 0x44, 0xA8, 0xC1, 0x9D, 0x1E, 0xB5, 0x79, 0x6E, 0x30, 0xCA, 0xFA, 0xF7, 0xCB, 0x9E, 0xEC, 0x7A, 0x76, 0x26, 0x06, 0xB2, 0x72, 0x4E, 0xE1, 0x76, 0x24 }, + { 0x44, 0x6B, 0x90, 0xA6, 0x5A, 0x65, 0x26, 0x7A, 0x45, 0xF9, 0x90, 0x7C, 0x8E, 0x24, 0x03, 0x14, 0x06, 0x28, 0x6A, 0x4D, 0x37, 0x08, 0xE6, 0x25, 0xD9, 0x8B, 0xD6, 0x80, 0xD2, 0xDB, 0x9C, 0x35 }, + { 0xDE, 0xE9, 0x6A, 0x5E, 0x6C, 0xA4, 0xED, 0xDA, 0xBE, 0x5F, 0xB1, 0x6E, 0xC5, 0xF3, 0x06, 0x85, 0xF7, 0x62, 0x41, 0x77, 0x69, 0x34, 0xB5, 0x4F, 0xF6, 0x40, 0xEF, 0x5F, 0xB1, 0xFF, 0x2F, 0x2F }, + { 0x34, 0xBB, 0xD2, 0xB8, 0xD0, 0x8F, 0x09, 0xC7, 0x60, 0xF3, 0x29, 0xF3, 0x0B, 0x86, 0x02, 0x43, 0xB1, 0xEC, 0xE5, 0xE7, 0x5A, 0x94, 0x6D, 0x58, 0x68, 0xCC, 0x4A, 0xB6, 0x1F, 0x01, 0x93, 0xF0 }, + { 0xB1, 0x95, 0xEC, 0x8A, 0x54, 0xF5, 0x8E, 0x15, 0x8D, 0xA1, 0xAF, 0x22, 0xF9, 0xA0, 0x5E, 0xB5, 0xC2, 0x7B, 0x09, 0xE9, 0xFD, 0x03, 0x68, 0x8B, 0x7C, 0xFC, 0x20, 0x8A, 0xE6, 0xD5, 0xDE, 0xD6 }, + { 0x6D, 0x3E, 0x19, 0x98, 0x0A, 0xE1, 0xB7, 0xE2, 0x72, 0x08, 0x92, 0x65, 0x32, 0x31, 0x82, 0xD2, 0x56, 0x19, 0xF7, 0x55, 0x29, 0x9A, 0x5F, 0x0E, 0x96, 0x03, 0xC1, 0x71, 0xED, 0x7D, 0xC1, 0xF2 }, + { 0xB9, 0x6D, 0xEA, 0x44, 0x34, 0x61, 0x9F, 0xA8, 0x96, 0x22, 0xD6, 0xDE, 0x76, 0x4F, 0x17, 0x13, 0x2A, 0x0F, 0x9C, 0x65, 0x42, 0xA8, 0xB0, 0xE5, 0x6F, 0xC7, 0xE6, 0x34, 0x7F, 0x0C, 0xE2, 0x77 }, + { 0xA1, 0xF5, 0x50, 0xA9, 0x86, 0x74, 0x13, 0x56, 0x65, 0x57, 0x67, 0x6C, 0x20, 0xF3, 0x37, 0xC1, 0xEF, 0x7A, 0x8A, 0x98, 0x44, 0x1E, 0xB7, 0xC8, 0xAE, 0x9D, 0xD7, 0xDE, 0xC1, 0xE1, 0xDD, 0x60 }, + { 0x4B, 0xFE, 0x00, 0x99, 0xB5, 0x2D, 0xA6, 0xD2, 0x52, 0x37, 0xCF, 0xAD, 0xCD, 0x2B, 0xD4, 0x07, 0x15, 0x09, 0xE0, 0xD0, 0xEC, 0xBD, 0x58, 0xA8, 0x7F, 0xE8, 0x36, 0x7B, 0x0D, 0x72, 0xEA, 0x86 }, + { 0x4E, 0xD2, 0x58, 0x63, 0xB2, 0x39, 0xA6, 0x8A, 0xCD, 0xB4, 0x3B, 0x9C, 0xE2, 0x0A, 0xA9, 0x98, 0x29, 0xEA, 0x18, 0x7D, 0x97, 0x96, 0x53, 0x3F, 0x46, 0x4A, 0xF0, 0xD0, 0x0C, 0x9E, 0xF2, 0x17 }, + { 0xAC, 0x4E, 0x29, 0x13, 0xFD, 0x99, 0x2D, 0x4B, 0xC6, 0x95, 0xE8, 0x08, 0x55, 0xAF, 0x8A, 0xE2, 0x4D, 0x35, 0x5F, 0x3C, 0xF2, 0xE4, 0xDF, 0xF1, 0x02, 0xD6, 0xB1, 0x4A, 0x2B, 0x6C, 0xAB, 0x8F }, + { 0xC7, 0x21, 0xAD, 0xA7, 0xA8, 0xD3, 0x1C, 0x9F, 0x0F, 0x84, 0x5D, 0xC7, 0xD4, 0xFD, 0xE2, 0x6D, 0x41, 0x19, 0x53, 0xF6, 0xFE, 0x5E, 0x64, 0x49, 0xB3, 0x8E, 0x29, 0xD3, 0xD2, 0x9C, 0xAB, 0x16 }, + { 0x2B, 0x85, 0xAD, 0xF8, 0x86, 0xE3, 0x17, 0x06, 0x43, 0xA7, 0xBE, 0x3A, 0x31, 0x2F, 0xBE, 0xD7, 0xDB, 0xAB, 0x88, 0x79, 0x68, 0x64, 0xB4, 0x5E, 0xF0, 0x2D, 0xB4, 0x8C, 0x1F, 0x95, 0x97, 0x11 }, + { 0x9F, 0x72, 0x5A, 0xD8, 0xE0, 0xE1, 0x82, 0x91, 0x31, 0xFF, 0x0D, 0x76, 0xBC, 0xFA, 0x57, 0x43, 0x1C, 0xD9, 0x33, 0x73, 0x7A, 0x31, 0xD2, 0x0D, 0xDB, 0xA1, 0x77, 0x76, 0x8A, 0xDA, 0x60, 0x67 }, + { 0x88, 0xEA, 0x04, 0x53, 0x12, 0x56, 0xE8, 0x55, 0x46, 0xEB, 0x03, 0x4F, 0x8F, 0x91, 0x17, 0x88, 0xF0, 0x7F, 0x36, 0xBF, 0xC8, 0x19, 0xD2, 0xD6, 0x8D, 0x61, 0x9D, 0xCE, 0x2F, 0xB4, 0x51, 0xDA }, + { 0x64, 0xD8, 0xB0, 0x78, 0xFB, 0x20, 0x74, 0x8E, 0x5D, 0x0A, 0x99, 0xC4, 0xA9, 0xF6, 0x79, 0xFD, 0x42, 0x4A, 0x5D, 0x68, 0xDC, 0x22, 0xAD, 0xB4, 0x78, 0x6D, 0x75, 0xA3, 0x99, 0x7C, 0xAF, 0xC5 }, + { 0x54, 0x88, 0x4D, 0xB8, 0x59, 0x82, 0xE2, 0x1F, 0x4B, 0x61, 0xBF, 0xFE, 0xFE, 0xDE, 0xE3, 0x09, 0x30, 0x17, 0x07, 0x33, 0x72, 0x4F, 0x78, 0x51, 0x0D, 0x60, 0xDF, 0x74, 0x79, 0x69, 0xE8, 0xFF }, + { 0xAC, 0x00, 0x31, 0x7D, 0xC1, 0xBC, 0x95, 0xAC, 0x6B, 0x88, 0x06, 0x25, 0xD2, 0x84, 0x42, 0x8E, 0xF5, 0x0A, 0xB8, 0xD6, 0xAE, 0x76, 0x47, 0xF0, 0x7E, 0x0A, 0x3D, 0x63, 0x7C, 0xF4, 0x05, 0x02 }, + { 0x03, 0x32, 0xA9, 0xF7, 0xE3, 0xCA, 0x0C, 0x1A, 0xB5, 0xD0, 0x9B, 0xE8, 0x64, 0xF7, 0x3A, 0x91, 0x56, 0x30, 0xCA, 0x78, 0xC5, 0x66, 0xA5, 0xE6, 0x36, 0x3C, 0xFF, 0xAE, 0x32, 0x11, 0xB4, 0x81 }, + { 0x49, 0x82, 0x49, 0x37, 0x75, 0x3E, 0x06, 0x92, 0x49, 0x64, 0x97, 0x97, 0xA0, 0x80, 0xA4, 0xE2, 0x37, 0x76, 0x7B, 0x8E, 0xF8, 0xA7, 0xC9, 0xA8, 0x86, 0xD6, 0x33, 0xED, 0xE2, 0x9A, 0xFF, 0x02 }, + { 0x12, 0x84, 0x0B, 0xAD, 0x18, 0x6A, 0x3B, 0x9B, 0x60, 0x4C, 0x08, 0x88, 0xC9, 0x88, 0x83, 0x83, 0x8C, 0xC6, 0x96, 0xE6, 0x24, 0xC0, 0xB4, 0xF9, 0xC0, 0xF6, 0xBB, 0x11, 0x3E, 0x2E, 0x9D, 0xAF }, + { 0xCA, 0x27, 0xF1, 0x80, 0x8D, 0x6C, 0x8A, 0xCF, 0xF4, 0xE6, 0x0D, 0x08, 0x0B, 0x8A, 0x7E, 0xEA, 0x05, 0xCD, 0xAD, 0x94, 0x0F, 0xD3, 0x6E, 0x65, 0xC6, 0x71, 0xD9, 0xF8, 0x31, 0xF1, 0xCA, 0xD8 }, + { 0x91, 0x87, 0xA3, 0x19, 0x4B, 0x4F, 0x33, 0xBC, 0x50, 0x5B, 0x5C, 0x4A, 0xE7, 0x39, 0xAF, 0x41, 0x45, 0xAC, 0x44, 0x59, 0x9C, 0x56, 0x98, 0x21, 0x4B, 0xB0, 0x7E, 0x6F, 0x07, 0x7E, 0xBE, 0x17 }, + { 0x0E, 0x3C, 0x52, 0x1A, 0x5F, 0x11, 0x99, 0x2C, 0x90, 0x92, 0x2F, 0xA1, 0x9B, 0xB6, 0x33, 0xA5, 0x0E, 0x5F, 0x90, 0x95, 0x4F, 0xA3, 0x0F, 0x9A, 0x4D, 0x97, 0xFF, 0x73, 0x41, 0xB5, 0xDB, 0xAA }, + { 0xFD, 0x7C, 0x34, 0xE3, 0xA3, 0x18, 0xF6, 0x60, 0xA0, 0xF7, 0xCF, 0xCC, 0xC4, 0x8F, 0xE8, 0x47, 0x4A, 0xB0, 0x87, 0xBF, 0x8F, 0xFA, 0x85, 0xBC, 0x2D, 0xCE, 0x68, 0xF7, 0x97, 0x1D, 0x11, 0xA6 }, + { 0x4D, 0x8E, 0xE5, 0x9A, 0x5B, 0x87, 0x5D, 0xE3, 0xD2, 0xF1, 0x5F, 0x3C, 0x3E, 0xCD, 0x9C, 0x6D, 0x14, 0x9D, 0x2D, 0x24, 0xF8, 0x31, 0xD8, 0xD2, 0xA9, 0x8A, 0x1A, 0x86, 0xDB, 0x64, 0x06, 0x38 }, + { 0x38, 0x2D, 0x94, 0x1B, 0x66, 0xBC, 0x96, 0xBC, 0xB5, 0xB3, 0xDE, 0x85, 0xA8, 0x0E, 0xEE, 0x3B, 0xB5, 0x32, 0x3D, 0x05, 0x3C, 0xA9, 0x73, 0xA3, 0xCA, 0x34, 0x73, 0xF6, 0xA5, 0x8C, 0x16, 0x91 }, + { 0xD8, 0x30, 0x73, 0x12, 0xB0, 0xBF, 0x18, 0xBA, 0x6D, 0xF1, 0x0F, 0x11, 0x7E, 0xBA, 0xF8, 0x24, 0xFA, 0x1F, 0x8D, 0xF5, 0xEF, 0x49, 0x07, 0x7F, 0x91, 0x7F, 0xAB, 0x28, 0x54, 0x93, 0x3E, 0x51 }, + { 0x92, 0xA3, 0x37, 0x17, 0x38, 0xD7, 0x4B, 0x52, 0x4A, 0xF5, 0xD3, 0x16, 0xA4, 0xC3, 0x3F, 0x5A, 0x56, 0xD0, 0x07, 0x60, 0x09, 0x11, 0xE4, 0xFB, 0xB6, 0xD1, 0x9D, 0x49, 0x01, 0x4A, 0xE6, 0x9C }, + { 0x20, 0xCF, 0xBC, 0x9B, 0xA8, 0x23, 0xA4, 0x67, 0xC5, 0xCE, 0x31, 0xB4, 0x01, 0x13, 0x04, 0x5E, 0xC9, 0x1A, 0x12, 0x75, 0x1D, 0xFD, 0x1E, 0x85, 0x69, 0x83, 0x99, 0x9E, 0xF1, 0xEC, 0x25, 0x0B }, + { 0xFE, 0x79, 0xDF, 0x29, 0xAA, 0xFD, 0x5F, 0x33, 0x11, 0x1D, 0xC1, 0x19, 0xF1, 0xB9, 0x77, 0x9E, 0xB1, 0x13, 0xF7, 0xEA, 0xFD, 0x46, 0x1B, 0x38, 0x49, 0x40, 0xED, 0x4D, 0x3B, 0x7F, 0x61, 0x96 }, + { 0x63, 0xDB, 0x6B, 0xF6, 0x92, 0xF7, 0x6E, 0x42, 0xBA, 0xA4, 0x55, 0xA4, 0x68, 0xD6, 0xDA, 0xB9, 0x96, 0xE5, 0xE2, 0x56, 0xEA, 0x61, 0xE8, 0xD1, 0xA7, 0x47, 0x87, 0xAB, 0x91, 0xA8, 0x4B, 0x39 }, + { 0x9F, 0xE5, 0xFF, 0x3E, 0x46, 0x87, 0xF4, 0xBF, 0x61, 0x64, 0x09, 0x43, 0x03, 0x5C, 0xB3, 0xDC, 0xC7, 0x20, 0x13, 0x3F, 0x81, 0xC9, 0x25, 0xB4, 0x8B, 0x0D, 0x57, 0x84, 0xB3, 0xFA, 0x1D, 0x45 }, + { 0x38, 0x5C, 0x19, 0xD3, 0xEF, 0x69, 0xEF, 0xD6, 0x86, 0x39, 0x59, 0x30, 0xDE, 0xC8, 0x0D, 0x19, 0xB9, 0xB0, 0x3C, 0x78, 0x66, 0xA5, 0x15, 0x75, 0xBD, 0x1B, 0xDE, 0x78, 0x86, 0x02, 0xCF, 0x6D }, + { 0xCD, 0x8E, 0x99, 0x1B, 0x2F, 0x4E, 0xF6, 0xCB, 0x63, 0xF5, 0x84, 0x41, 0x63, 0xF3, 0x8B, 0xFE, 0xFC, 0x15, 0x6A, 0x3F, 0x8A, 0xB2, 0x98, 0x6F, 0xD5, 0x54, 0x7C, 0x19, 0xCC, 0x29, 0x2C, 0xBF }, + { 0x06, 0xEC, 0x75, 0x4F, 0xAC, 0xB0, 0x6D, 0xD9, 0xF0, 0x4A, 0xF2, 0x76, 0xA4, 0x7C, 0x85, 0x29, 0xF4, 0x0F, 0x7D, 0x65, 0x1C, 0xB3, 0xAE, 0x2D, 0x3E, 0x4C, 0x5B, 0xD5, 0xF3, 0x4D, 0xDC, 0x1E }, + { 0x24, 0x86, 0x00, 0xE1, 0x2D, 0xA7, 0x93, 0x7D, 0x0A, 0x37, 0xAD, 0xC1, 0x56, 0xBC, 0x40, 0xDC, 0x7E, 0x9B, 0x83, 0x69, 0x39, 0xEB, 0x91, 0x22, 0x45, 0xA5, 0x23, 0xA6, 0xD9, 0x99, 0xDE, 0x93 }, + { 0x5A, 0xED, 0x9E, 0x83, 0x47, 0xFB, 0x37, 0xA2, 0x97, 0x03, 0xA3, 0xF4, 0xB4, 0x7C, 0x0B, 0xEB, 0xD5, 0x71, 0x10, 0xCF, 0x47, 0x96, 0x97, 0x9B, 0x73, 0x90, 0xCC, 0x0C, 0xFA, 0x67, 0xE6, 0x30 }, + { 0xA8, 0xFC, 0x1A, 0x55, 0xE5, 0xE6, 0x22, 0x65, 0x6F, 0xF9, 0x33, 0x81, 0xD8, 0x3C, 0x99, 0x14, 0xF8, 0x12, 0x23, 0x4D, 0x46, 0x86, 0x9F, 0x0E, 0xB3, 0xC0, 0x1C, 0x60, 0x89, 0x68, 0x05, 0xC9 }, + { 0x49, 0xB4, 0xA7, 0xEF, 0x49, 0x79, 0x49, 0xA0, 0xF4, 0xCA, 0x24, 0xA3, 0x3E, 0xAE, 0x39, 0x50, 0x87, 0xB6, 0xC9, 0x80, 0xF3, 0x91, 0x4E, 0xA5, 0x3C, 0x1A, 0x39, 0x74, 0x40, 0xDD, 0xE7, 0xFC }, + { 0x6F, 0x25, 0x2A, 0x22, 0x81, 0x38, 0xE7, 0x7E, 0x0F, 0x06, 0x15, 0x22, 0x24, 0x9B, 0x3F, 0x88, 0xF4, 0x38, 0x18, 0xD0, 0x52, 0x40, 0xD0, 0xE8, 0x01, 0x21, 0x37, 0xD8, 0xB2, 0x3B, 0x36, 0xFC }, + { 0xEE, 0x46, 0x63, 0x86, 0x97, 0x39, 0xC5, 0xD9, 0xF7, 0x24, 0xA7, 0x2C, 0xB4, 0xCB, 0x5A, 0x3D, 0xF4, 0x39, 0xB3, 0x12, 0x84, 0xE7, 0x9C, 0x87, 0x52, 0x50, 0xB9, 0xC5, 0x50, 0x06, 0xC3, 0xDA }, + { 0x85, 0xA7, 0x93, 0x0B, 0xCF, 0xE0, 0xCF, 0x0F, 0x13, 0x22, 0xFF, 0xA4, 0x8E, 0x78, 0xFA, 0xC2, 0x95, 0x51, 0xAF, 0x22, 0x93, 0x31, 0xCE, 0x65, 0xDD, 0x89, 0x68, 0x45, 0xD2, 0xA7, 0xED, 0x81 }, + { 0xE2, 0xC7, 0x6E, 0xE5, 0x0D, 0xDD, 0x98, 0xD1, 0x03, 0xF8, 0x1C, 0x6E, 0x88, 0xBF, 0x86, 0x3E, 0x3C, 0x76, 0x0A, 0x5E, 0x0B, 0x9C, 0xB7, 0xC3, 0xE7, 0x52, 0x5F, 0x5A, 0x9F, 0x5C, 0x9C, 0xB1 }, + { 0x30, 0x90, 0x49, 0x0F, 0x96, 0xFE, 0x9C, 0x2D, 0xD7, 0x53, 0x31, 0x4B, 0xD4, 0xB6, 0xD0, 0xD0, 0xF0, 0x10, 0x9B, 0x50, 0xD3, 0xAB, 0xCD, 0xAC, 0x15, 0xD1, 0x83, 0xA3, 0x7D, 0xE1, 0x50, 0x43 }, + { 0xE4, 0x47, 0x75, 0xFB, 0x8D, 0x55, 0x23, 0x50, 0xEC, 0xB6, 0xCC, 0x64, 0x67, 0x30, 0x97, 0x40, 0x94, 0xB6, 0x6A, 0xAC, 0x9C, 0x00, 0x0B, 0x7E, 0xFC, 0xCA, 0x7B, 0xA2, 0xB6, 0x7A, 0xFC, 0x80 }, + { 0x4F, 0x9E, 0x9A, 0x76, 0x2D, 0x82, 0x1E, 0xC1, 0x8A, 0x7C, 0xE9, 0x34, 0x89, 0x60, 0x03, 0x71, 0xAB, 0xA7, 0x65, 0x75, 0xA1, 0x4C, 0x5C, 0x56, 0x08, 0x96, 0x36, 0x1D, 0x80, 0x45, 0xEC, 0xF0 }, + { 0xA3, 0xB5, 0x42, 0xA2, 0x74, 0xA8, 0x53, 0xE9, 0xCF, 0x8D, 0x70, 0x22, 0x3C, 0x8D, 0x55, 0xDA, 0xF5, 0x7E, 0xAE, 0xA0, 0x53, 0x0C, 0xB1, 0x81, 0x31, 0xF9, 0x0A, 0xCB, 0xEE, 0x34, 0x57, 0x1F }, + { 0xD6, 0x7F, 0x57, 0xE2, 0x4B, 0x25, 0x33, 0x25, 0x38, 0xA0, 0x5B, 0xFC, 0x64, 0xC1, 0x38, 0xDD, 0xC1, 0x11, 0x9C, 0x4C, 0x72, 0x42, 0xB1, 0xD8, 0xC1, 0xCC, 0xCF, 0x3B, 0xC0, 0x37, 0x6B, 0x3E }, + { 0x93, 0xDE, 0x65, 0xEB, 0xBE, 0x4F, 0xA9, 0xD2, 0x06, 0xE0, 0xD5, 0xBD, 0x15, 0xB7, 0xA8, 0x2B, 0x33, 0x2A, 0x5E, 0x5E, 0xC7, 0x8D, 0x37, 0x9E, 0x7C, 0x11, 0x09, 0xE1, 0xE3, 0xEF, 0xF4, 0x90 }, + { 0xA6, 0x18, 0x23, 0xD6, 0xC4, 0xB4, 0x36, 0x16, 0x34, 0x0E, 0xA3, 0xFD, 0xC3, 0x2F, 0x0A, 0x06, 0x51, 0xF6, 0xA0, 0xD0, 0xC4, 0x7F, 0x74, 0xAA, 0x55, 0xE8, 0xE9, 0x44, 0xE2, 0x77, 0x07, 0xED }, + { 0x00, 0x6C, 0x5B, 0x51, 0xE5, 0xA3, 0x36, 0x44, 0xE5, 0x53, 0x90, 0x20, 0x58, 0xE4, 0x0C, 0x19, 0x5B, 0x15, 0x69, 0x9E, 0x0C, 0xC9, 0x7E, 0x8A, 0x83, 0x38, 0xCD, 0x85, 0x8B, 0xB3, 0x6E, 0x6E }, + { 0xC9, 0x81, 0x86, 0x90, 0x8C, 0x19, 0xEB, 0xD7, 0xB2, 0x79, 0x7B, 0xEF, 0x00, 0xC0, 0xA7, 0xFD, 0x61, 0x8D, 0xDE, 0x14, 0x08, 0xB0, 0x35, 0x59, 0xC5, 0xFE, 0x04, 0xF2, 0xA1, 0x77, 0x6D, 0xEE }, + { 0x4B, 0x71, 0x6C, 0x16, 0x1F, 0x08, 0xD7, 0x4F, 0xB1, 0x91, 0x9C, 0xF1, 0x4D, 0x73, 0xD2, 0xAC, 0xAC, 0x69, 0x0C, 0xA6, 0xEF, 0x85, 0xC5, 0x49, 0x3B, 0x48, 0x2A, 0x65, 0xA3, 0x37, 0x9C, 0x32 }, + { 0x3A, 0x57, 0xB0, 0xB1, 0xE1, 0xCC, 0x59, 0x38, 0xDC, 0x51, 0x52, 0x38, 0x01, 0xCB, 0x8D, 0xE0, 0x9A, 0xDC, 0x4C, 0xCB, 0x8D, 0xE0, 0xD7, 0x34, 0x6B, 0xA9, 0x9C, 0x8E, 0xAF, 0x31, 0xC0, 0x0F }, + { 0x87, 0x60, 0x30, 0x9E, 0xC2, 0x2E, 0xC5, 0xC5, 0xE8, 0xD0, 0x52, 0x64, 0x14, 0x05, 0x1A, 0x29, 0xE8, 0x73, 0x46, 0x8B, 0xF4, 0x33, 0x79, 0x8D, 0x30, 0x0A, 0xF9, 0x16, 0x11, 0x82, 0xB9, 0x49 }, + { 0x00, 0x70, 0xD1, 0x26, 0x45, 0xC6, 0x8B, 0x0C, 0xB6, 0x12, 0xF5, 0x32, 0xD8, 0xB9, 0xC9, 0x19, 0x55, 0x21, 0x00, 0x65, 0x56, 0x42, 0xEC, 0xF3, 0x14, 0x7D, 0x40, 0x2A, 0x88, 0x3F, 0x94, 0xA6 }, + { 0x57, 0x62, 0x8E, 0xCD, 0x1A, 0x44, 0xBF, 0xDB, 0xA8, 0xD9, 0xFC, 0x56, 0x14, 0xE2, 0x7A, 0x42, 0xE4, 0x30, 0x79, 0xF7, 0x0F, 0xA4, 0xB2, 0x69, 0x89, 0xDA, 0xBA, 0x94, 0x89, 0x7B, 0x56, 0x6B }, + { 0x0E, 0xE3, 0x45, 0x5E, 0xDA, 0x2A, 0x88, 0xF2, 0x5E, 0x6C, 0x2F, 0xC7, 0xE2, 0x5E, 0x02, 0xD3, 0x58, 0x91, 0x4E, 0x27, 0x56, 0x98, 0xEB, 0xFA, 0x1E, 0x15, 0xBF, 0x75, 0x8D, 0x79, 0x33, 0x74 }, + { 0x05, 0x17, 0x18, 0x72, 0xD9, 0xA6, 0x60, 0x28, 0x4F, 0xC7, 0x78, 0x38, 0x8B, 0x18, 0x80, 0x04, 0x57, 0x83, 0x3D, 0x9C, 0xC5, 0x9E, 0x44, 0x7C, 0xA2, 0x78, 0x63, 0xF0, 0x1F, 0x5C, 0x87, 0x27 }, + { 0xBE, 0x0A, 0x62, 0xEE, 0xF6, 0xFD, 0xFC, 0x14, 0xA7, 0xB8, 0xD2, 0xCC, 0x66, 0x29, 0x8F, 0xFD, 0x88, 0xE5, 0x47, 0x46, 0x7A, 0xAE, 0xFD, 0x37, 0x14, 0xB6, 0x75, 0xA7, 0x06, 0xDA, 0xF6, 0x7E }, + { 0x08, 0x89, 0x49, 0x49, 0x56, 0x9A, 0xDB, 0x0D, 0x63, 0x77, 0xE4, 0xFB, 0xAA, 0x06, 0x32, 0x9E, 0x5F, 0x26, 0x17, 0x68, 0x29, 0xE3, 0xE8, 0x7B, 0x4F, 0x0C, 0xC2, 0x32, 0xF6, 0x10, 0x5F, 0x9E }, + { 0xCB, 0xC9, 0xB3, 0xD8, 0xA6, 0x60, 0xCD, 0xE4, 0x46, 0x1E, 0x77, 0x95, 0xE3, 0x2F, 0xDF, 0x3F, 0xA5, 0x23, 0x7E, 0x94, 0x81, 0xB3, 0x3C, 0x79, 0xB4, 0xE8, 0x7E, 0x6D, 0x20, 0x21, 0x86, 0x73 }, + { 0xCA, 0x7D, 0x7F, 0xC1, 0x2C, 0xC2, 0x7C, 0x95, 0xE6, 0x2E, 0x95, 0x44, 0x3A, 0xA1, 0x17, 0x24, 0x14, 0x75, 0x4D, 0xEF, 0x11, 0x81, 0xD0, 0x61, 0xA4, 0x4E, 0x73, 0x9E, 0x66, 0x44, 0x93, 0x41 }, + { 0xBD, 0xDF, 0x7D, 0x5A, 0x18, 0x24, 0x1E, 0x2B, 0xDA, 0x15, 0xBF, 0x29, 0x37, 0x7A, 0x9F, 0x4E, 0x52, 0x61, 0x02, 0xD1, 0x6B, 0x06, 0x95, 0xAB, 0x1B, 0x6C, 0x8D, 0x5E, 0xDE, 0xC3, 0x76, 0xBB }, + { 0x7B, 0x7F, 0x9D, 0x58, 0xB3, 0x41, 0x52, 0x88, 0x95, 0xFD, 0xC7, 0x2D, 0x0D, 0xA6, 0xDC, 0x64, 0x1D, 0xB1, 0x3C, 0x7D, 0x93, 0x45, 0x7B, 0xC2, 0xD4, 0xFD, 0x9D, 0xF4, 0x4C, 0x0C, 0x27, 0xFF }, + { 0xF6, 0x3C, 0x65, 0xFA, 0xAA, 0xCF, 0xDC, 0x0C, 0x6E, 0xBB, 0x71, 0x8E, 0xDA, 0xB7, 0xE8, 0xD2, 0xD5, 0x1A, 0x6F, 0x51, 0xB6, 0x7F, 0xE3, 0x1A, 0x33, 0xE2, 0x98, 0xD5, 0xC5, 0x6B, 0x63, 0xBF }, + { 0xD1, 0x97, 0xDB, 0xD2, 0x4D, 0x54, 0x05, 0x05, 0xF5, 0x1C, 0xCE, 0x6A, 0xD8, 0x11, 0x3F, 0x88, 0x83, 0x90, 0x56, 0xEF, 0xFD, 0xFA, 0xAA, 0x61, 0x3B, 0xE8, 0x0A, 0x7E, 0xE5, 0xAA, 0xA3, 0x1C }, + { 0xE1, 0x0D, 0x10, 0xBD, 0x89, 0xBA, 0x8E, 0xC3, 0xF0, 0xA4, 0xCF, 0xAF, 0x78, 0x33, 0x08, 0x21, 0x99, 0x77, 0xCE, 0xA4, 0xCB, 0x79, 0xF8, 0xDC, 0xBC, 0xD1, 0x34, 0x01, 0x74, 0x1E, 0x67, 0x4D }, + { 0xC1, 0x88, 0xBE, 0xE3, 0x9B, 0xDB, 0x4C, 0xBB, 0xA1, 0x2E, 0x38, 0x3B, 0xE3, 0xEA, 0xE5, 0x54, 0xA3, 0xA0, 0xD6, 0xA9, 0xAA, 0xFD, 0x8A, 0x5F, 0x1C, 0xAC, 0x58, 0x7F, 0x54, 0x6F, 0x58, 0xF8 }, + { 0x67, 0x1B, 0x7B, 0x6A, 0x00, 0xBC, 0x8B, 0xFC, 0xBC, 0x6E, 0xAD, 0xE5, 0xCA, 0x1E, 0x85, 0xE5, 0x6D, 0xCC, 0x1E, 0xAD, 0x7B, 0x5E, 0xAD, 0xA3, 0xC0, 0xDC, 0xF3, 0x32, 0x59, 0x08, 0xE7, 0x01 }, + { 0x92, 0xA2, 0x45, 0xA4, 0x76, 0x6E, 0x61, 0x63, 0xCC, 0x07, 0x52, 0xFF, 0x7B, 0xF1, 0x0C, 0x08, 0x2C, 0x38, 0x24, 0xE9, 0x74, 0xF0, 0xB7, 0x82, 0x5E, 0x79, 0x8C, 0x3A, 0x54, 0x1A, 0x0F, 0xC9 }, + { 0x8D, 0xF0, 0xD3, 0x75, 0xF8, 0x22, 0x66, 0x0E, 0x7C, 0x09, 0xBD, 0xCB, 0x83, 0x30, 0x0B, 0x0B, 0xC0, 0xE8, 0x7F, 0x44, 0x50, 0x3E, 0x6A, 0x86, 0xFE, 0x4C, 0x2C, 0xC8, 0x44, 0xBC, 0x57, 0x73 }, + { 0x9C, 0x43, 0xE9, 0x77, 0x42, 0x25, 0x69, 0xCC, 0x02, 0x7B, 0xB6, 0xE2, 0x3C, 0x5F, 0xAD, 0xBB, 0xCA, 0xC4, 0x78, 0x21, 0x5D, 0x0E, 0x58, 0xAC, 0x56, 0x1C, 0xB0, 0x87, 0x34, 0x0A, 0x7A, 0x59 }, + { 0x20, 0xCC, 0xE1, 0xE5, 0x90, 0x8E, 0x87, 0x69, 0x9D, 0x47, 0x93, 0xBF, 0x15, 0x03, 0x08, 0xD9, 0x82, 0x58, 0x7F, 0xB6, 0x20, 0xB5, 0x5A, 0xAA, 0x6F, 0xCA, 0x35, 0x92, 0x69, 0xAC, 0x33, 0x25 }, + { 0x2B, 0xFC, 0xA1, 0xE5, 0xDA, 0x1B, 0xA7, 0x4E, 0x87, 0x01, 0x90, 0x4D, 0xE1, 0x8F, 0xFE, 0x44, 0x6A, 0x42, 0x85, 0x09, 0x18, 0x3B, 0x00, 0xDE, 0xBE, 0x73, 0x4D, 0x08, 0x6A, 0xF3, 0x78, 0x62 }, + { 0xE1, 0x7A, 0x75, 0xD1, 0x5D, 0xFB, 0x55, 0x3F, 0xDD, 0x51, 0x2B, 0x2E, 0x41, 0x10, 0x57, 0x17, 0x61, 0xA9, 0x54, 0x40, 0x60, 0x99, 0x71, 0x97, 0x9B, 0xC5, 0xD8, 0x47, 0xC1, 0x2D, 0x77, 0x39 }, + { 0x57, 0xD8, 0x88, 0xFE, 0xE4, 0x03, 0xB9, 0xED, 0x31, 0xAF, 0x57, 0x2D, 0x0E, 0x36, 0x54, 0x9B, 0xD2, 0x75, 0x70, 0xD4, 0x66, 0xC2, 0x7A, 0xFB, 0xF6, 0x76, 0xF7, 0x93, 0x1C, 0xE0, 0x56, 0xED }, + { 0x06, 0xE0, 0x8D, 0x7F, 0xDF, 0x16, 0xA9, 0xE3, 0x5D, 0x50, 0x8C, 0x58, 0xE3, 0x26, 0xD0, 0xFD, 0x6C, 0xFB, 0x54, 0x5A, 0xB7, 0x0E, 0xCD, 0x9D, 0x75, 0x61, 0x7E, 0xB7, 0xAD, 0x50, 0x99, 0xD4 }, + { 0x0C, 0x48, 0x6E, 0x9C, 0xB5, 0xCD, 0x17, 0x1C, 0x9B, 0x42, 0x67, 0xCF, 0x44, 0xD5, 0xA8, 0xBD, 0x6A, 0xE4, 0x4B, 0xA6, 0xA8, 0x34, 0x65, 0x12, 0x1A, 0x61, 0x5A, 0xF6, 0xDC, 0x1C, 0x7F, 0xD7 }, + { 0xFE, 0xC4, 0x76, 0x36, 0x9A, 0x9B, 0xA1, 0x7D, 0xD5, 0xCF, 0x57, 0xD9, 0x70, 0x02, 0x14, 0x75, 0x2C, 0x0E, 0xA3, 0x19, 0x6E, 0xFE, 0xB4, 0x23, 0xF7, 0x2A, 0xE0, 0x34, 0x92, 0x5B, 0xA1, 0xA0 }, + { 0xE9, 0xA7, 0xF8, 0xCF, 0xAE, 0xEA, 0xC2, 0x18, 0x23, 0x32, 0x0D, 0x10, 0xF7, 0xCB, 0x3A, 0x00, 0x89, 0xBF, 0xEA, 0x3E, 0xD9, 0x58, 0xF8, 0x61, 0xBE, 0x26, 0x36, 0xFD, 0xEA, 0x67, 0x89, 0x08 }, + { 0x73, 0xF6, 0xD6, 0x13, 0xFB, 0x2F, 0xA5, 0x87, 0x11, 0x37, 0xB6, 0x2B, 0xFB, 0x87, 0xEE, 0xB2, 0xB4, 0x7D, 0x01, 0x51, 0xBC, 0x85, 0x36, 0xA1, 0x5E, 0x1F, 0x62, 0xB0, 0xBD, 0x80, 0xE8, 0x51 }, + { 0x69, 0xD2, 0x33, 0x7D, 0x8E, 0x9C, 0x6F, 0x94, 0xB3, 0xC6, 0xAE, 0x09, 0x94, 0xDE, 0x45, 0x4E, 0x3F, 0xD2, 0xD4, 0xE4, 0x32, 0xD4, 0x57, 0x43, 0x2B, 0x4E, 0x4D, 0x4B, 0x80, 0xEE, 0x2C, 0x09 }, + { 0xCD, 0x8B, 0x00, 0x96, 0x62, 0xAD, 0xA8, 0x86, 0x76, 0xC3, 0x9F, 0x7D, 0x81, 0xA7, 0xC9, 0x3E, 0xB6, 0x1B, 0x48, 0xD8, 0x2D, 0xFB, 0x65, 0xE0, 0xD8, 0xD8, 0x5B, 0x4E, 0x4A, 0x88, 0x5E, 0xC3 }, + { 0xA8, 0x1C, 0x71, 0x89, 0xF8, 0x72, 0xC7, 0x8F, 0xD5, 0x1C, 0xCE, 0x5A, 0x57, 0xDB, 0xD5, 0x01, 0x46, 0x4D, 0x5D, 0x35, 0x8B, 0x73, 0x6C, 0xBD, 0xE9, 0x37, 0x50, 0x2D, 0x65, 0x05, 0xB6, 0x60 }, + { 0x6B, 0x6C, 0x9F, 0x89, 0x64, 0xB9, 0x6D, 0x51, 0x74, 0x5D, 0xC6, 0x95, 0x8D, 0xEA, 0xF9, 0xE2, 0x73, 0x46, 0x60, 0xD2, 0x02, 0x55, 0x17, 0x7A, 0x4D, 0x1F, 0xAA, 0xBD, 0x6A, 0xB4, 0xE6, 0x84 }, + { 0xB6, 0xB7, 0x38, 0xD6, 0x3D, 0x74, 0x39, 0x4C, 0xF8, 0x86, 0x32, 0xF0, 0xC5, 0x65, 0xFF, 0x93, 0x15, 0x47, 0xCC, 0xE0, 0x5D, 0x87, 0xF9, 0x33, 0xE0, 0xB0, 0xCA, 0x01, 0x08, 0x4A, 0x79, 0x7C }, + { 0x00, 0x99, 0xB9, 0xB9, 0x2B, 0xE6, 0x11, 0xD2, 0x38, 0x3F, 0x85, 0x7F, 0x49, 0xA2, 0xA9, 0xBF, 0xE7, 0x81, 0xDC, 0x37, 0x2A, 0xC0, 0x48, 0x23, 0x4F, 0x0C, 0x82, 0xBC, 0x11, 0x38, 0x34, 0x92 }, + { 0xF3, 0x27, 0x44, 0xE9, 0x8E, 0xBB, 0xFB, 0x11, 0x74, 0x42, 0xC1, 0xE3, 0x97, 0x0D, 0x24, 0xEF, 0xF2, 0x27, 0x49, 0x6D, 0xA3, 0x1F, 0x28, 0x13, 0x5C, 0x16, 0x70, 0xFE, 0xEF, 0x1D, 0xF9, 0x01 }, + { 0x1B, 0x03, 0xB9, 0x9B, 0x66, 0x47, 0xD2, 0x63, 0x1F, 0xBF, 0x9B, 0x14, 0x45, 0x4D, 0x42, 0x26, 0xC9, 0xFF, 0xC4, 0x73, 0xD7, 0x30, 0x86, 0x45, 0x73, 0x1E, 0x2A, 0x1F, 0xA4, 0x12, 0x52, 0x5D }, + { 0x9A, 0x10, 0xD9, 0xB7, 0x80, 0x13, 0x06, 0xEA, 0x3B, 0x4E, 0xA4, 0x38, 0xBA, 0x3E, 0xFF, 0xCB, 0xC9, 0xB0, 0xB9, 0xAE, 0xCD, 0x38, 0x35, 0x76, 0xF1, 0xA4, 0x22, 0x17, 0x5F, 0x27, 0x1A, 0xA0 }, + { 0x0A, 0x58, 0x3A, 0x19, 0x5D, 0x19, 0x7F, 0xAC, 0x78, 0x23, 0xEF, 0x9F, 0xDF, 0xE5, 0x79, 0xCB, 0x62, 0x71, 0x05, 0xC5, 0x75, 0xD4, 0x46, 0xD9, 0x24, 0x06, 0xCA, 0x6E, 0xE5, 0x42, 0x1C, 0x9E }, + { 0x43, 0x58, 0x7C, 0x7B, 0x26, 0xFA, 0xCA, 0x35, 0x72, 0xF9, 0x01, 0x6B, 0xE8, 0x88, 0x25, 0x46, 0x88, 0x9F, 0x23, 0x98, 0xAD, 0xD6, 0xB4, 0x3C, 0xCB, 0x33, 0xBD, 0xEB, 0x32, 0x74, 0x68, 0xAE }, + { 0x73, 0x49, 0x56, 0x54, 0x32, 0x4C, 0x55, 0x14, 0x2E, 0x79, 0xDB, 0xA6, 0xBE, 0x79, 0x9C, 0x7C, 0x96, 0xCE, 0x74, 0x47, 0x86, 0xBF, 0xC6, 0xDA, 0x56, 0x24, 0x40, 0x40, 0xDB, 0x79, 0xED, 0xFD }, + { 0xC2, 0xD9, 0x81, 0x06, 0x28, 0x23, 0xAE, 0xB1, 0xE7, 0x1B, 0x2B, 0x37, 0x93, 0xAA, 0xF7, 0x4D, 0xCB, 0x27, 0x98, 0x45, 0xF0, 0x01, 0x48, 0xC6, 0xE3, 0x41, 0x7F, 0x29, 0x33, 0x2E, 0x9C, 0xC3 }, + { 0xFD, 0x39, 0x9E, 0x95, 0x9E, 0x6B, 0x53, 0x3A, 0xBA, 0x81, 0xFC, 0xF9, 0x3A, 0x27, 0x69, 0x66, 0x9F, 0x5F, 0x3E, 0x03, 0xEC, 0xF7, 0x9C, 0xC6, 0x9F, 0x90, 0xBB, 0x94, 0xA2, 0xC2, 0x4F, 0x9F }, + { 0xF7, 0x4A, 0x59, 0xC7, 0x46, 0x19, 0x67, 0x38, 0x8E, 0x5F, 0xF3, 0x36, 0x1F, 0xE7, 0x87, 0x81, 0x4D, 0x78, 0x86, 0x4C, 0xF9, 0x7A, 0x51, 0x52, 0x04, 0x64, 0xD4, 0x65, 0x55, 0xDC, 0xE6, 0x87 }, + { 0x70, 0x1A, 0x04, 0x29, 0xB2, 0xAD, 0xB1, 0x99, 0xA3, 0x92, 0x77, 0x86, 0x41, 0x4E, 0x52, 0xD0, 0x0B, 0xEF, 0xFE, 0x91, 0x9C, 0x92, 0xD6, 0x7A, 0x9C, 0x11, 0x4B, 0x3F, 0x38, 0x10, 0x28, 0x53 }, + { 0x56, 0x26, 0xE4, 0x45, 0xCF, 0xEB, 0xB0, 0xBD, 0xEA, 0xDD, 0x79, 0x26, 0xD6, 0xCA, 0x33, 0x7C, 0xC2, 0x50, 0x3D, 0x54, 0x33, 0x47, 0x24, 0xBC, 0xC2, 0xD5, 0x7B, 0x9A, 0x07, 0x77, 0x69, 0x4A }, + { 0xA7, 0x80, 0xE5, 0x08, 0x25, 0x14, 0x69, 0x7A, 0x6B, 0xDE, 0x31, 0xA7, 0x34, 0xE3, 0xCA, 0x6A, 0x4B, 0x5A, 0xFB, 0x61, 0x24, 0x4C, 0xB0, 0xC4, 0xD7, 0xE1, 0x2D, 0x22, 0xD4, 0xF8, 0x75, 0x5E }, + { 0x4C, 0x85, 0x01, 0x25, 0x35, 0x03, 0x4E, 0x85, 0x90, 0xE1, 0x70, 0x02, 0xED, 0xA6, 0x6E, 0x5D, 0xBE, 0x44, 0xC0, 0x99, 0x5D, 0xE7, 0xE1, 0xFA, 0xEF, 0x8D, 0x9F, 0xA0, 0x6F, 0x83, 0xFE, 0x58 }, + { 0xFA, 0x5B, 0xEA, 0xD8, 0x46, 0x5F, 0x16, 0x99, 0xA0, 0x3D, 0x1B, 0xAD, 0xE3, 0x3E, 0xD3, 0xFB, 0xFB, 0x67, 0x5A, 0x64, 0x97, 0xF0, 0x55, 0xD1, 0x2E, 0xD9, 0x84, 0xF1, 0x89, 0xDE, 0x5A, 0x12 }, + { 0xF6, 0x07, 0xA2, 0xA3, 0x98, 0x81, 0x3B, 0x6B, 0x4B, 0xF7, 0xEB, 0x1A, 0xD9, 0x02, 0xA7, 0x54, 0x83, 0x29, 0x76, 0xED, 0x98, 0x39, 0xE9, 0x44, 0x6A, 0x8D, 0x99, 0x28, 0x42, 0x3A, 0x95, 0x63 }, + { 0x1E, 0x2C, 0x95, 0x3A, 0x28, 0xD8, 0x1B, 0xF9, 0x57, 0xCD, 0x29, 0xD3, 0xF1, 0x09, 0xE4, 0xCF, 0x9D, 0xD1, 0x3D, 0x2D, 0x37, 0x3E, 0xCB, 0x6F, 0x4B, 0xA4, 0x9E, 0xC3, 0x6F, 0xC1, 0xFD, 0x43 }, + { 0xD8, 0xF6, 0xB2, 0x56, 0x2A, 0xCA, 0x61, 0x4E, 0x05, 0xB5, 0xC5, 0x88, 0x8E, 0xCB, 0x97, 0x96, 0x22, 0x7A, 0x1A, 0xE5, 0x7B, 0x2F, 0x2B, 0x93, 0x75, 0xCF, 0xF6, 0xFA, 0xB4, 0x6A, 0x47, 0x6B }, + { 0xF1, 0xB5, 0x85, 0x24, 0x3B, 0xD1, 0x5F, 0x2A, 0x38, 0x2E, 0xB2, 0xC4, 0x7C, 0xF1, 0xC3, 0xC1, 0x3E, 0x10, 0x59, 0x45, 0xC5, 0x95, 0xA9, 0xB2, 0xC8, 0xA6, 0xE3, 0x91, 0x90, 0x61, 0xA5, 0x1F }, + { 0x62, 0xCD, 0x38, 0x59, 0xD2, 0xC4, 0xD0, 0x97, 0x48, 0xD5, 0xD0, 0xDF, 0xF5, 0x3E, 0x04, 0x4A, 0x98, 0x4A, 0x49, 0xDC, 0xE2, 0xD1, 0x92, 0x35, 0x25, 0xF0, 0x81, 0x02, 0x1B, 0x47, 0x13, 0x94 }, + { 0x88, 0x46, 0x72, 0x52, 0xA3, 0xF2, 0xDE, 0xCB, 0x36, 0xB7, 0xD8, 0x8B, 0xF9, 0x92, 0x20, 0x98, 0x9C, 0x61, 0x15, 0x36, 0xE5, 0x4A, 0x33, 0x90, 0xCC, 0x57, 0xFC, 0x32, 0x69, 0x4C, 0x1C, 0xE5 }, + { 0xF1, 0x97, 0x4C, 0x1B, 0x8B, 0xB8, 0x1A, 0x53, 0x87, 0x00, 0x59, 0x0A, 0x41, 0xAB, 0x92, 0xB7, 0x5E, 0x29, 0x7D, 0xA8, 0xE4, 0x60, 0x03, 0x57, 0x22, 0xAF, 0x72, 0x50, 0xE4, 0x20, 0x3C, 0xD7 }, + { 0xF5, 0xAB, 0x45, 0x16, 0xF8, 0xE3, 0xE5, 0xF3, 0x30, 0x55, 0x43, 0xFD, 0x99, 0xDA, 0x61, 0x94, 0xF8, 0xAD, 0x98, 0x83, 0x7A, 0xE6, 0x76, 0x83, 0x62, 0x54, 0xD3, 0x5D, 0xDF, 0xAD, 0x89, 0x24 }, + { 0x46, 0xD4, 0x18, 0xDB, 0x65, 0xA8, 0xC4, 0xF1, 0x1A, 0x1B, 0x1F, 0x1E, 0xFC, 0xA6, 0x27, 0xB5, 0x31, 0xDC, 0x65, 0xCA, 0x01, 0xC8, 0x9D, 0xDB, 0x97, 0x2A, 0x68, 0x9F, 0xB5, 0x2F, 0xA1, 0xA9 }, + { 0xB6, 0x31, 0x79, 0x52, 0xF4, 0xD8, 0xCF, 0xF7, 0x10, 0xDC, 0x31, 0x04, 0xBD, 0x0B, 0xA7, 0xC9, 0x7D, 0x0B, 0x56, 0x36, 0xE4, 0xEE, 0xD8, 0x07, 0x44, 0xB3, 0xD9, 0x76, 0x59, 0xCD, 0xBD, 0x25 }, + { 0x53, 0x72, 0xAC, 0x9C, 0x2E, 0x80, 0x82, 0xCC, 0xD2, 0x7D, 0x53, 0x7A, 0xF8, 0xD3, 0x82, 0x18, 0x09, 0x05, 0xFA, 0x6A, 0x27, 0x63, 0x9D, 0xB4, 0x13, 0xAB, 0x01, 0xF7, 0x41, 0x8B, 0x9C, 0x22 }, + { 0xB6, 0xFB, 0x62, 0x28, 0x0B, 0x27, 0xBD, 0xF6, 0xA6, 0x8B, 0x74, 0xC8, 0x10, 0xF5, 0xF1, 0x38, 0x4C, 0xC3, 0x9F, 0x54, 0xE1, 0x8D, 0xA1, 0xA2, 0x53, 0xFB, 0x72, 0x25, 0x98, 0x1D, 0xE7, 0xB0 }, + { 0xC4, 0x8A, 0xCB, 0xBC, 0x24, 0x54, 0x15, 0xCC, 0xD9, 0xBC, 0x78, 0xC3, 0x79, 0x04, 0x6A, 0xAD, 0x82, 0x19, 0x66, 0xF7, 0xDD, 0x77, 0x5A, 0x99, 0x62, 0x65, 0x45, 0x39, 0x3E, 0x1E, 0xBF, 0xD9 }, + { 0x1A, 0xCA, 0x91, 0xD5, 0x8F, 0x8D, 0xFD, 0x77, 0x82, 0xBC, 0x1D, 0xEB, 0x9D, 0x1D, 0x76, 0x3C, 0x86, 0x23, 0xC4, 0x20, 0x3B, 0x5D, 0x62, 0x0F, 0x5B, 0x7D, 0x7D, 0x47, 0x2F, 0x0B, 0x22, 0x9E }, + { 0x38, 0x54, 0xE3, 0xB5, 0x6F, 0x9E, 0x8B, 0x6F, 0xAD, 0x2B, 0xE2, 0x9E, 0x34, 0x31, 0xE6, 0x2E, 0xBD, 0x0A, 0xFA, 0x95, 0xF5, 0x68, 0x24, 0x5B, 0xC2, 0xEC, 0x6A, 0x74, 0x78, 0xE8, 0xCD, 0xAF }, + { 0xA2, 0x2E, 0x52, 0x42, 0xAD, 0x74, 0x59, 0x00, 0x5A, 0x75, 0x21, 0x16, 0x35, 0xC7, 0x98, 0x31, 0x4A, 0x26, 0xA5, 0x48, 0x73, 0x8E, 0x4C, 0x59, 0xC7, 0xBB, 0xC8, 0x9C, 0x92, 0xA6, 0x3E, 0x33 }, + { 0x8B, 0x2B, 0x36, 0x36, 0xE6, 0xBF, 0x91, 0x36, 0x3F, 0x41, 0xB6, 0x65, 0x96, 0x31, 0x59, 0xD3, 0x38, 0xE3, 0xAA, 0x86, 0x65, 0x77, 0x4D, 0x25, 0xB7, 0x48, 0xD3, 0x4C, 0x61, 0xF1, 0xAD, 0x37 }, + { 0xA0, 0x44, 0xED, 0x12, 0x89, 0x1C, 0x6B, 0xCD, 0x90, 0x94, 0x34, 0xCC, 0xA2, 0xC2, 0x4F, 0x5B, 0x93, 0x98, 0x8D, 0xD0, 0xC9, 0xD0, 0xE1, 0x84, 0xE1, 0x83, 0xED, 0xA9, 0x67, 0x12, 0x53, 0x62 }, + { 0x6E, 0x59, 0x5C, 0x0A, 0xBB, 0xEA, 0x7E, 0x3F, 0xFE, 0xCE, 0x0C, 0xD1, 0x6D, 0x57, 0x0E, 0xBB, 0x1D, 0x36, 0xCD, 0x69, 0xBE, 0x03, 0x6B, 0xC4, 0xD9, 0x7D, 0x92, 0x1A, 0xFE, 0x93, 0xF0, 0x8B }, + { 0x7E, 0x50, 0xDC, 0xC5, 0xC0, 0xF1, 0xCA, 0x2E, 0x27, 0xB9, 0x05, 0xFA, 0x28, 0xED, 0xB4, 0x92, 0x45, 0xA9, 0xDF, 0x56, 0x3B, 0x7E, 0x2A, 0xD4, 0x7B, 0xC5, 0x7B, 0xCF, 0x37, 0xD2, 0xF4, 0x43 }, + { 0x81, 0x74, 0xF5, 0xE8, 0xDF, 0xC9, 0x44, 0x1D, 0xBB, 0x7A, 0x18, 0x3D, 0x56, 0xF4, 0x31, 0xB1, 0xAE, 0xF9, 0x51, 0x3E, 0x74, 0x7A, 0x38, 0x78, 0xBB, 0x80, 0x6B, 0xAE, 0x27, 0x65, 0x5E, 0x3E }, + { 0xE7, 0x3D, 0x4D, 0xDB, 0x9D, 0x24, 0x8B, 0xF2, 0xC0, 0xF8, 0xD4, 0x98, 0x92, 0xD7, 0x45, 0x5A, 0x4C, 0x30, 0x53, 0x15, 0x3D, 0xE7, 0xF7, 0x9B, 0xA4, 0x48, 0x7C, 0x7D, 0x82, 0x3F, 0x60, 0x5C }, + { 0xB7, 0x3F, 0xA0, 0x40, 0x79, 0x26, 0x3F, 0x6A, 0x73, 0x3B, 0x67, 0x46, 0x65, 0x52, 0x78, 0x4B, 0x43, 0x61, 0x38, 0xF4, 0x1F, 0x80, 0xB7, 0x2C, 0x4D, 0x5D, 0x03, 0x93, 0x4B, 0x72, 0x20, 0x7D }, + { 0xF3, 0xE0, 0x25, 0x8A, 0xED, 0x42, 0x83, 0xB5, 0x75, 0x6F, 0x9E, 0x4E, 0xA3, 0x68, 0xE1, 0x2B, 0x16, 0xC2, 0xB7, 0xC5, 0xC4, 0x80, 0x79, 0x4C, 0x40, 0xE5, 0xF0, 0xDD, 0x39, 0xF2, 0xD6, 0x52 }, + { 0xD8, 0x9A, 0x57, 0x97, 0xFE, 0xF9, 0xEF, 0x6E, 0xBF, 0x9D, 0x9F, 0xB8, 0x57, 0x16, 0x81, 0xF7, 0xC9, 0xAF, 0xA8, 0x86, 0x11, 0x78, 0x7D, 0x47, 0xE7, 0x2B, 0x68, 0x4C, 0x5F, 0x1A, 0xA9, 0x0E }, + { 0xE2, 0xFE, 0x24, 0x29, 0x61, 0x00, 0x47, 0x64, 0x7E, 0xEF, 0x2F, 0x7D, 0xFE, 0x14, 0xA2, 0x6D, 0x15, 0x74, 0xB7, 0x18, 0x87, 0xF9, 0x29, 0x06, 0xE7, 0x18, 0x4D, 0xBA, 0xE6, 0x05, 0x11, 0x37 }, + { 0x7A, 0xE8, 0xC9, 0xD8, 0x56, 0x74, 0x93, 0x7C, 0xD7, 0xA6, 0x1B, 0xF4, 0xEA, 0xE6, 0xE2, 0x3D, 0x81, 0x1B, 0x19, 0xBF, 0x73, 0x5D, 0x9A, 0xAF, 0x37, 0xFB, 0x02, 0x57, 0x76, 0x71, 0xED, 0x34 }, + { 0x68, 0xEF, 0x97, 0x1E, 0x32, 0x32, 0x65, 0x30, 0xD4, 0xD8, 0xAD, 0x09, 0x05, 0x1F, 0x81, 0x71, 0xD6, 0x8B, 0x93, 0xC8, 0xA9, 0x9A, 0xB1, 0xDA, 0x29, 0x06, 0xEE, 0xC4, 0x83, 0xD4, 0x2D, 0x32 }, + { 0x10, 0x1C, 0x3B, 0x12, 0xC6, 0xA2, 0xE2, 0xA0, 0x5A, 0xE8, 0x25, 0xA9, 0x13, 0x03, 0x9F, 0x46, 0xC3, 0x03, 0xB1, 0xD9, 0x5E, 0x6D, 0x97, 0xA9, 0xAB, 0x90, 0xD3, 0xAE, 0x37, 0x4E, 0x84, 0x1D }, + { 0xF3, 0x1B, 0x0B, 0x3A, 0xFB, 0x52, 0xA7, 0x1C, 0x2F, 0xD7, 0x99, 0x42, 0x9F, 0x7D, 0xAD, 0x07, 0x00, 0x5F, 0x8F, 0x2C, 0x29, 0x66, 0x4F, 0xEE, 0xFE, 0xB2, 0xB0, 0x5B, 0x41, 0x8A, 0x27, 0x5D }, + { 0xAD, 0xBF, 0xED, 0xFA, 0xFA, 0x21, 0xD0, 0x3D, 0xEB, 0xDD, 0xAC, 0x0B, 0x71, 0x9A, 0x33, 0x3A, 0x24, 0x22, 0xB4, 0x4B, 0x16, 0xAD, 0x51, 0x36, 0xBA, 0xB5, 0xE3, 0x42, 0xC3, 0x9B, 0xF2, 0x34 }, + { 0x5D, 0xEE, 0xE1, 0x0F, 0x53, 0x8B, 0x97, 0x2A, 0x36, 0x57, 0x63, 0x5F, 0x28, 0xEE, 0x7A, 0xE3, 0xC2, 0x25, 0x88, 0x8A, 0x0F, 0x65, 0xE7, 0xB4, 0xFF, 0x1A, 0xC4, 0x38, 0xBF, 0xDE, 0x9D, 0xAE }, + { 0x65, 0xEB, 0x85, 0xCF, 0x95, 0x8A, 0xB4, 0x54, 0x21, 0xA3, 0x90, 0x52, 0xDD, 0x13, 0xE6, 0x10, 0x11, 0xDE, 0xDE, 0xC9, 0xB8, 0x9C, 0x16, 0x1B, 0xD7, 0xD1, 0xAC, 0xE2, 0xA4, 0x8A, 0x18, 0xA9 }, + { 0x39, 0xB4, 0x04, 0x4B, 0x29, 0x5D, 0x51, 0x75, 0xBD, 0x6B, 0xD8, 0x00, 0x00, 0x21, 0x7B, 0x17, 0x57, 0x72, 0x7A, 0x98, 0x90, 0xF9, 0x37, 0x9C, 0xC7, 0xF6, 0x45, 0xF9, 0x4C, 0x49, 0xE0, 0xE4 }, + { 0x57, 0xF3, 0x37, 0xD9, 0x14, 0x94, 0x8D, 0xFD, 0x58, 0xE4, 0xDB, 0x24, 0xC1, 0x43, 0x2E, 0x02, 0x0F, 0x5B, 0xAF, 0xE9, 0x2E, 0x11, 0x34, 0x7B, 0x5B, 0xD0, 0xBD, 0x80, 0x02, 0xCB, 0x16, 0x0A }, + { 0xD6, 0xFB, 0x62, 0x23, 0xCC, 0x20, 0xD7, 0xCC, 0x67, 0x9E, 0x26, 0x4B, 0xB8, 0x9C, 0xE1, 0x6E, 0x76, 0xA0, 0xDB, 0xEA, 0x29, 0xB7, 0xF8, 0x3E, 0xF9, 0xA6, 0x8B, 0x5F, 0xC6, 0xBB, 0x74, 0x17 }, + { 0xB6, 0x73, 0x10, 0x89, 0x42, 0xBA, 0x15, 0x82, 0xE5, 0xC2, 0x0E, 0xE0, 0x80, 0xF1, 0xAC, 0xFF, 0x71, 0xDF, 0xF6, 0x5F, 0x1B, 0x1E, 0xFB, 0xD9, 0xBC, 0xD4, 0xDF, 0x2C, 0x5C, 0x5F, 0x22, 0xE7 }, + { 0x59, 0x53, 0x6E, 0xCD, 0x3B, 0x14, 0x32, 0x71, 0xCA, 0x76, 0x40, 0x50, 0x7D, 0xF7, 0xC7, 0x6D, 0x83, 0x60, 0x09, 0xE6, 0x2A, 0x2D, 0xA3, 0xA5, 0x9E, 0xA8, 0x52, 0x93, 0x42, 0xBC, 0x7C, 0x2B }, + { 0xDA, 0x64, 0x28, 0x97, 0x3E, 0xF0, 0x53, 0x84, 0x7B, 0x80, 0x1C, 0x15, 0x3F, 0xDF, 0x0C, 0x18, 0xDD, 0x21, 0x28, 0xF6, 0x78, 0x18, 0x79, 0x68, 0x25, 0xC1, 0xD8, 0x2E, 0xB5, 0x93, 0xFA, 0x56 }, + { 0xC2, 0xF9, 0xEA, 0xD3, 0x73, 0x0F, 0x79, 0xB7, 0xBA, 0x6C, 0xAC, 0x61, 0x2E, 0xBC, 0x10, 0x4D, 0xBC, 0x58, 0xB5, 0xBF, 0xD7, 0xEE, 0x3E, 0x25, 0x1C, 0xEA, 0x1C, 0x84, 0x99, 0xB9, 0xA0, 0xC7 }, + { 0x83, 0xDF, 0xE7, 0x5F, 0x5F, 0x0C, 0x1A, 0x47, 0xBD, 0x68, 0xC5, 0x5E, 0xD2, 0xD4, 0x10, 0xE7, 0xA9, 0x2E, 0x31, 0x04, 0x8D, 0xB9, 0x76, 0xC6, 0xE7, 0xAC, 0x2E, 0x8F, 0x91, 0xB6, 0xFF, 0x8E }, + { 0x5A, 0x3E, 0x2C, 0x7C, 0x87, 0x60, 0xA7, 0x10, 0x87, 0x23, 0xF0, 0x59, 0xA8, 0x3F, 0x45, 0x4C, 0xD7, 0xB7, 0x1B, 0x25, 0xE6, 0x4D, 0x62, 0x7B, 0xDA, 0xD7, 0xC4, 0x0F, 0xC4, 0x0D, 0x5F, 0xC9 }, + { 0x8B, 0x3F, 0x7F, 0x61, 0x4B, 0x5C, 0xF2, 0xC0, 0x59, 0x88, 0xEC, 0xD5, 0x12, 0x5B, 0x90, 0x37, 0x7F, 0xEC, 0xDF, 0x3B, 0x34, 0x48, 0xC0, 0x36, 0x80, 0x4C, 0x01, 0xAA, 0x0C, 0xAE, 0x79, 0x5E }, + { 0x04, 0xD8, 0xB5, 0x50, 0x7F, 0xEA, 0x71, 0xFA, 0x26, 0x2C, 0xC3, 0x1E, 0xCD, 0x88, 0x87, 0xFE, 0x38, 0xA8, 0x3D, 0xE7, 0x97, 0x50, 0xE2, 0x09, 0xEC, 0xA1, 0x9A, 0xF2, 0x43, 0x13, 0x8D, 0x7D }, + { 0x09, 0x34, 0x6E, 0xEF, 0x65, 0xBF, 0x8E, 0xC3, 0x78, 0x6F, 0x32, 0x50, 0x8C, 0xEC, 0xA1, 0x29, 0x6B, 0x15, 0x68, 0x78, 0x86, 0x6A, 0x7A, 0xAD, 0xED, 0xF2, 0x7B, 0xF0, 0xCD, 0xF0, 0xCB, 0xE3 }, + { 0x8D, 0x03, 0x50, 0x1C, 0x7D, 0x1C, 0x39, 0x3D, 0x29, 0xA8, 0x02, 0xAF, 0x66, 0xC3, 0x90, 0x45, 0x91, 0xEE, 0x27, 0x54, 0xE4, 0x73, 0x35, 0x30, 0x0B, 0xC0, 0xD9, 0x13, 0x6E, 0x12, 0x60, 0x53 }, + { 0x8D, 0x59, 0xDA, 0x20, 0x66, 0x6E, 0x08, 0xE9, 0xE9, 0xCE, 0x3E, 0x21, 0x57, 0x06, 0x1E, 0x05, 0xED, 0xB5, 0x24, 0xFE, 0xC1, 0xE5, 0xBD, 0x2E, 0xAA, 0x5C, 0x67, 0x1D, 0xCB, 0x4F, 0xA2, 0x13 }, + { 0xEA, 0xC3, 0xD6, 0x4C, 0x73, 0xCF, 0x7B, 0x22, 0x7F, 0xD4, 0xF1, 0xAB, 0x19, 0xA8, 0x18, 0xE0, 0x38, 0xEE, 0x88, 0x6D, 0xAC, 0xBB, 0xB1, 0x19, 0x80, 0x06, 0xE6, 0x15, 0x28, 0xD5, 0x81, 0x2B }, + { 0x7B, 0xAA, 0x9B, 0xAB, 0x9B, 0x83, 0xCD, 0x99, 0xE3, 0x3F, 0x5F, 0xE1, 0xA7, 0xCA, 0x89, 0x9F, 0x6E, 0x29, 0x1B, 0x64, 0xB7, 0xE8, 0xB8, 0xBD, 0x5B, 0x57, 0xC9, 0xA5, 0xE7, 0xCB, 0x6A, 0x4D }, + { 0x69, 0xF5, 0x50, 0x60, 0xBE, 0xC5, 0x85, 0x6A, 0xDB, 0x38, 0x31, 0xE0, 0x12, 0xB9, 0xC5, 0x57, 0xB9, 0xF8, 0x89, 0xC4, 0x88, 0xAB, 0xF9, 0x80, 0xD4, 0xAB, 0xF5, 0xD1, 0x2D, 0x16, 0xFB, 0xD7 }, + { 0xDF, 0x1A, 0x5F, 0x6C, 0x90, 0xB9, 0x12, 0xFA, 0xB4, 0x9F, 0x7E, 0xC1, 0x0C, 0xB9, 0xEC, 0x65, 0x24, 0xFF, 0xD4, 0xA6, 0x08, 0x96, 0x87, 0x49, 0x5C, 0xF1, 0xAB, 0xAB, 0x5B, 0xE2, 0x74, 0xEC }, + { 0x0B, 0xC3, 0x49, 0xEC, 0x69, 0xCA, 0x11, 0x00, 0x1A, 0x8E, 0x12, 0x28, 0x15, 0x87, 0x20, 0x09, 0x6A, 0x14, 0xCF, 0x85, 0xBD, 0x29, 0x0C, 0x91, 0x02, 0x63, 0xC0, 0x54, 0xE5, 0x34, 0xE9, 0x61 }, + { 0x61, 0x6E, 0x59, 0xE4, 0x4C, 0x50, 0xCF, 0x97, 0x53, 0x60, 0x34, 0xCD, 0xB1, 0xF7, 0x58, 0xCD, 0x87, 0x31, 0x80, 0x69, 0xDB, 0x16, 0x58, 0xEA, 0xFE, 0x24, 0xBA, 0x6F, 0x87, 0x94, 0xF2, 0xE1 }, + { 0x89, 0x18, 0xA5, 0xA4, 0x39, 0x26, 0x77, 0x19, 0x97, 0x06, 0xF5, 0x51, 0x93, 0x40, 0x39, 0x67, 0x66, 0xB8, 0xA5, 0x42, 0xC0, 0xD6, 0x10, 0x04, 0xF3, 0x32, 0xB0, 0xF7, 0x8E, 0x08, 0xFF, 0xFC }, + { 0x1D, 0xCA, 0x09, 0x04, 0xEF, 0xC4, 0xB2, 0xA6, 0x70, 0xD9, 0x92, 0x21, 0xDA, 0x00, 0x36, 0xE7, 0x72, 0x60, 0x85, 0x7F, 0x5F, 0x75, 0xAB, 0x9B, 0xD4, 0x84, 0x31, 0x5D, 0x75, 0xF4, 0x06, 0x61 }, + { 0xF8, 0x2C, 0xAA, 0x09, 0x46, 0x85, 0x9D, 0x55, 0x90, 0x96, 0x7B, 0x4D, 0xE9, 0x88, 0xFB, 0xBB, 0xD4, 0xD1, 0x0B, 0x6F, 0x17, 0xB3, 0x5B, 0x64, 0x50, 0x4F, 0x45, 0x4E, 0x4A, 0x98, 0x2D, 0x45 }, + { 0xC1, 0x7D, 0x00, 0x26, 0x09, 0x4D, 0xD5, 0x0A, 0xF6, 0x57, 0xB2, 0x46, 0x40, 0x01, 0x73, 0xB3, 0x2A, 0x90, 0x3A, 0x60, 0xB5, 0x71, 0xB3, 0x96, 0xCB, 0xD7, 0xED, 0x01, 0x86, 0x4C, 0x0A, 0x3F }, + { 0xF7, 0x00, 0x7B, 0xFC, 0xE4, 0x08, 0x1B, 0xAE, 0x52, 0x09, 0x9F, 0x49, 0x36, 0x2A, 0xB4, 0xF5, 0x52, 0x4C, 0xAB, 0x14, 0xCB, 0x2A, 0xF5, 0xBC, 0x7A, 0x03, 0x97, 0xFA, 0xC2, 0x6A, 0x52, 0x2F }, + { 0xC9, 0x5A, 0x87, 0x77, 0x5B, 0x94, 0x14, 0xAF, 0x89, 0x7F, 0x8E, 0xCE, 0xC4, 0xAD, 0x93, 0x80, 0xFF, 0x22, 0x09, 0xB4, 0x43, 0xA7, 0x8C, 0xD7, 0x5A, 0x37, 0x3B, 0xFF, 0x31, 0xE2, 0xCA, 0xBD }, + { 0xDE, 0x2C, 0xF2, 0x65, 0x4C, 0x3E, 0xE7, 0x1F, 0xBB, 0x3B, 0x7C, 0x77, 0x89, 0xD8, 0x3E, 0x0D, 0xE2, 0xED, 0x5D, 0x65, 0xA2, 0xC1, 0xBC, 0x55, 0xEA, 0x61, 0x6B, 0x94, 0xCC, 0xA1, 0x6F, 0xD4 }, + { 0xEE, 0x03, 0x42, 0xA5, 0x5A, 0x49, 0x6A, 0xF5, 0x23, 0xC9, 0x6D, 0x37, 0x1A, 0x5D, 0xD4, 0x51, 0xFC, 0x6F, 0x79, 0x30, 0xB6, 0x72, 0x05, 0xA9, 0xCC, 0x21, 0x83, 0x42, 0xC2, 0x0A, 0xD0, 0x37 }, + { 0x68, 0x77, 0xCC, 0x1F, 0xA2, 0x98, 0x8A, 0xC9, 0x82, 0xAC, 0xB9, 0x78, 0x9A, 0x4B, 0xF0, 0xB4, 0xF3, 0xA0, 0x47, 0x00, 0xC7, 0x42, 0x67, 0x92, 0x3B, 0x33, 0x8C, 0x84, 0x09, 0x2B, 0x05, 0x9B }, + { 0x9B, 0x9A, 0x38, 0xAA, 0x1C, 0x3B, 0x28, 0x91, 0x9F, 0x38, 0x76, 0x06, 0xF5, 0x3D, 0x9B, 0xE1, 0x24, 0xC4, 0xC9, 0x83, 0x72, 0x2D, 0x72, 0xAC, 0xE9, 0x2A, 0x26, 0x6E, 0x56, 0x38, 0x32, 0xB5 }, + { 0x8F, 0xE7, 0x93, 0x64, 0xF6, 0x31, 0x96, 0x42, 0x3F, 0x94, 0xCD, 0x66, 0x32, 0xC2, 0x05, 0xF3, 0x7E, 0x3E, 0x56, 0xB9, 0xFE, 0x10, 0x0E, 0x95, 0x85, 0x6E, 0xBF, 0x0A, 0x31, 0x22, 0xCD, 0x06 }, + { 0x3F, 0xE4, 0x76, 0x7D, 0x58, 0x56, 0x49, 0x03, 0x23, 0x8B, 0xFC, 0xF2, 0xD9, 0xFD, 0x42, 0x9E, 0xE2, 0x59, 0x2A, 0xE1, 0xF5, 0xFD, 0x18, 0x41, 0x73, 0xB9, 0x02, 0x0D, 0x63, 0x70, 0x42, 0xDD }, + { 0x8B, 0xBA, 0x96, 0x56, 0x1C, 0x8F, 0xB5, 0x38, 0x04, 0x2F, 0xC9, 0x94, 0x68, 0x11, 0xEA, 0xD5, 0xDE, 0x15, 0xEE, 0xB1, 0xA5, 0x1C, 0x03, 0x8A, 0x5B, 0xCF, 0x59, 0x04, 0x8B, 0xC5, 0x6E, 0x55 }, + { 0xE1, 0xCD, 0x83, 0xFB, 0xEA, 0xAD, 0x30, 0xCA, 0x83, 0x8E, 0xD4, 0x6B, 0xE1, 0xC1, 0x4B, 0x0B, 0x5C, 0x82, 0x7F, 0xE1, 0xCE, 0xB8, 0xBB, 0x27, 0x73, 0xF2, 0xF0, 0xBE, 0x62, 0x73, 0x10, 0xBE }, + { 0x42, 0xEA, 0x5C, 0x76, 0xC9, 0xC1, 0xB7, 0x39, 0x48, 0x2E, 0xF1, 0x7A, 0xB8, 0x36, 0x48, 0x64, 0xC3, 0x9C, 0xA2, 0xF6, 0xA1, 0xA2, 0xCC, 0xEA, 0x13, 0x37, 0x5E, 0x7D, 0x57, 0xFF, 0xE8, 0xD0 }, + { 0x98, 0xDC, 0x28, 0x46, 0xF3, 0xCC, 0xC9, 0x25, 0x15, 0x3C, 0xD9, 0x69, 0x29, 0x6F, 0xA4, 0x6B, 0xB2, 0x2B, 0xD7, 0x85, 0xC1, 0x9F, 0xB6, 0xEC, 0x4C, 0xB1, 0x85, 0xA6, 0x19, 0x3B, 0x6A, 0xBA }, + { 0x4E, 0xFD, 0xA9, 0xA9, 0xFB, 0xCA, 0xBE, 0xA7, 0xEE, 0xE9, 0x29, 0xBF, 0x56, 0xA9, 0x38, 0xE9, 0x7C, 0x14, 0x50, 0x34, 0xB2, 0xA5, 0xAE, 0xD8, 0x70, 0xB9, 0x6B, 0x10, 0x5C, 0xE5, 0x54, 0xB4 }, + { 0x1B, 0xBE, 0x63, 0x6A, 0x93, 0xEB, 0xAD, 0x11, 0xA4, 0x34, 0xCC, 0x20, 0xA6, 0x11, 0xA1, 0xD2, 0x97, 0x87, 0x86, 0x02, 0xA1, 0x35, 0x56, 0x5F, 0x44, 0xA4, 0x7F, 0xB9, 0x41, 0x7A, 0x37, 0x1B }, + { 0x71, 0xEE, 0x60, 0x45, 0xF3, 0x5F, 0x48, 0xA6, 0xBF, 0xD4, 0x13, 0x89, 0x9A, 0x63, 0x44, 0x9E, 0xE0, 0x7F, 0x84, 0x39, 0x9E, 0xA0, 0x30, 0x3F, 0x92, 0x78, 0x63, 0x11, 0xA1, 0xED, 0x6F, 0x5D }, + { 0xE2, 0x35, 0xDE, 0x00, 0xB2, 0x25, 0xFA, 0xD9, 0x54, 0x7E, 0x21, 0x90, 0xB0, 0xA4, 0xD2, 0x1F, 0xFB, 0xCF, 0xB8, 0x5F, 0xB0, 0x78, 0xF5, 0x02, 0x21, 0xDD, 0xE4, 0x72, 0x9A, 0x14, 0xB3, 0x1B }, + { 0x39, 0xAB, 0xCC, 0xF1, 0x7E, 0xCD, 0x6E, 0xFD, 0x35, 0xD2, 0x02, 0xD9, 0x11, 0x00, 0x67, 0x62, 0x4A, 0x55, 0x23, 0xCF, 0xC2, 0xD8, 0xBE, 0x59, 0x34, 0x91, 0x6F, 0x0B, 0x20, 0xDE, 0x72, 0x63 }, + { 0xDD, 0x49, 0xC0, 0xE2, 0x19, 0x90, 0x6A, 0x2B, 0xC0, 0x18, 0x2E, 0x3D, 0x35, 0x26, 0x5D, 0x63, 0xE6, 0x3E, 0xD8, 0x66, 0xF9, 0x2F, 0xC7, 0x83, 0xB9, 0x70, 0x9B, 0x6C, 0x2C, 0x65, 0x91, 0x99 }, + { 0xD6, 0x26, 0x34, 0x62, 0xA6, 0xDE, 0x69, 0x49, 0x93, 0x42, 0x7A, 0xD9, 0x83, 0x2A, 0xBA, 0xF4, 0x80, 0xAB, 0x43, 0xBF, 0x11, 0xEF, 0x50, 0x93, 0x46, 0xB2, 0x0B, 0xA9, 0x55, 0x40, 0x6A, 0x02 }, + { 0xD0, 0xC1, 0xD6, 0xAF, 0x24, 0x57, 0xAD, 0xA5, 0x5B, 0xFD, 0x29, 0xF7, 0xD8, 0xF7, 0x34, 0x3E, 0x13, 0x42, 0x68, 0x76, 0x77, 0xCE, 0x91, 0xDC, 0xF2, 0xC5, 0x80, 0x81, 0xA0, 0xB9, 0x3C, 0xE7 }, + { 0x93, 0x2E, 0xFA, 0x57, 0x01, 0xF0, 0xAB, 0x3A, 0x6C, 0x8C, 0xD8, 0x1D, 0x7A, 0x22, 0x20, 0x76, 0x8B, 0x67, 0xBD, 0x8C, 0xC6, 0x0D, 0xF6, 0xE0, 0x05, 0xDD, 0x78, 0x45, 0x74, 0x58, 0xB2, 0xDF }, + { 0x68, 0xA8, 0xC1, 0x33, 0xF7, 0x44, 0x89, 0xEB, 0x9A, 0x31, 0x09, 0x8D, 0x51, 0xC1, 0x03, 0x8A, 0xE9, 0xF2, 0xF4, 0xDF, 0x08, 0x45, 0x94, 0x77, 0x84, 0x07, 0x1D, 0x8A, 0xF7, 0x02, 0x47, 0x5E }, + { 0x01, 0x6D, 0xD6, 0xC8, 0xCB, 0x1E, 0x89, 0x1E, 0x3D, 0xD2, 0x88, 0x2A, 0x11, 0x2F, 0x1A, 0x0C, 0x91, 0x1C, 0x93, 0xC9, 0xCE, 0x19, 0x70, 0xE4, 0x0E, 0xCB, 0xB3, 0x41, 0x9F, 0x8F, 0x77, 0x5B }, + { 0x5E, 0xC2, 0x26, 0x2D, 0x5D, 0x60, 0x8F, 0xA1, 0xFB, 0xF5, 0xC1, 0xAB, 0xAE, 0x40, 0x51, 0xF0, 0xB2, 0x5C, 0xE1, 0x00, 0xF0, 0x60, 0x28, 0x4B, 0xA5, 0xFA, 0x4C, 0xC8, 0x67, 0x44, 0xEF, 0xCC }, + { 0x79, 0x5F, 0x79, 0x7D, 0xBC, 0x43, 0x5E, 0x02, 0xB2, 0x58, 0x89, 0xC3, 0xA6, 0x13, 0x8C, 0xBA, 0xF6, 0x0C, 0x03, 0x9A, 0x34, 0x26, 0xCC, 0xCA, 0xD2, 0xCD, 0x04, 0x14, 0x2D, 0x18, 0x2C, 0x2E }, + { 0xAC, 0x57, 0xEB, 0x3E, 0x68, 0xDA, 0xB7, 0x50, 0xCC, 0x07, 0xE7, 0xBF, 0xD1, 0x4E, 0xDC, 0x6E, 0xEB, 0x60, 0xDC, 0xAE, 0xF9, 0xB1, 0x8D, 0xE9, 0x2A, 0xD4, 0xDA, 0x88, 0x18, 0x7D, 0x4D, 0xB2 }, + { 0x94, 0x19, 0xBD, 0x21, 0x31, 0x29, 0x17, 0x7E, 0x99, 0x1E, 0x4D, 0x82, 0x46, 0xAE, 0x7B, 0xA0, 0x99, 0x41, 0x85, 0xEF, 0x63, 0xC9, 0xD7, 0x17, 0x92, 0x79, 0x80, 0x90, 0xCB, 0xEF, 0x12, 0x20 }, + { 0x12, 0xA1, 0x2F, 0xD1, 0xC5, 0x21, 0x8E, 0x36, 0x04, 0x64, 0xAC, 0x1D, 0x9F, 0x06, 0x27, 0xFD, 0xBA, 0xEF, 0xAC, 0x20, 0x77, 0xB3, 0xE6, 0x76, 0xF1, 0xF4, 0xC4, 0x56, 0x30, 0x51, 0xE2, 0xA3 }, + { 0xDB, 0x6E, 0x9E, 0x55, 0x4B, 0x0B, 0x97, 0x0B, 0x9B, 0x51, 0x62, 0x99, 0xE1, 0xBD, 0xAA, 0x60, 0xC1, 0x40, 0x26, 0xB3, 0x56, 0x21, 0x0A, 0x1D, 0xE5, 0xC7, 0x73, 0x9B, 0x5F, 0x15, 0x0E, 0xC5 }, + { 0x52, 0x21, 0xD8, 0x21, 0xBD, 0xDD, 0x3C, 0x00, 0xF2, 0xCD, 0xD4, 0x54, 0xBD, 0x74, 0xF4, 0x2B, 0x8B, 0x0E, 0xD1, 0xBE, 0xB7, 0x85, 0x78, 0x3F, 0xDA, 0x3F, 0x69, 0x36, 0xDD, 0xB9, 0x7E, 0xB2 }, + { 0xF4, 0x11, 0x4B, 0xDC, 0x9B, 0x16, 0x89, 0xD9, 0x03, 0x47, 0x13, 0x50, 0x71, 0x0B, 0xDB, 0xD4, 0x3E, 0xB1, 0xCE, 0x6B, 0x95, 0xCB, 0xFB, 0x10, 0x64, 0xAE, 0x9D, 0x64, 0x76, 0x66, 0x6A, 0xAD }, + { 0xE8, 0xD9, 0x68, 0x64, 0xF9, 0xC9, 0x64, 0x65, 0xB6, 0x8D, 0x5C, 0x9A, 0x47, 0x1D, 0x81, 0x42, 0x40, 0x0D, 0x4D, 0x65, 0x31, 0x28, 0xD0, 0x20, 0x0E, 0xE7, 0xD4, 0x1A, 0xD9, 0xBA, 0x0A, 0xA6 }, + { 0x28, 0xFA, 0x2B, 0xEF, 0x73, 0x7A, 0xEB, 0x04, 0xDD, 0x29, 0x62, 0xA8, 0x92, 0x80, 0xF8, 0x2B, 0xA2, 0x2D, 0x77, 0xC5, 0x0D, 0x5A, 0x08, 0xCA, 0x17, 0xE2, 0x85, 0xC4, 0xC8, 0x45, 0x0A, 0xD8 }, + { 0x10, 0x91, 0x79, 0xAC, 0xE5, 0x3C, 0x0D, 0xF7, 0x90, 0xEA, 0x44, 0x92, 0xC5, 0xC0, 0xCA, 0xCD, 0xBF, 0x86, 0x68, 0x87, 0x7D, 0xC4, 0x24, 0x57, 0xCE, 0xEE, 0xD9, 0x3C, 0x23, 0x49, 0x1A, 0xE5 }, + { 0x1E, 0x3E, 0xAC, 0xB4, 0xAE, 0xE9, 0x43, 0x7A, 0x8D, 0x09, 0x97, 0xFF, 0xBB, 0x47, 0xAA, 0x1D, 0x0A, 0xB0, 0x62, 0x5D, 0x0B, 0x36, 0xD7, 0x91, 0x3D, 0xF1, 0xDD, 0xA5, 0x91, 0xB4, 0xE4, 0xC1 }, + { 0x01, 0xB3, 0xD5, 0x15, 0xDA, 0x8F, 0x67, 0x3C, 0x6F, 0x37, 0x29, 0xB9, 0xFD, 0xFB, 0xBD, 0xC5, 0x04, 0x42, 0xE7, 0x9C, 0xD2, 0x91, 0x7D, 0x33, 0x79, 0x2C, 0x62, 0x0F, 0xD7, 0xF8, 0x86, 0x21 }, + { 0xEC, 0xC8, 0x94, 0x08, 0xF1, 0x50, 0x24, 0x83, 0xCE, 0xA9, 0x51, 0x7A, 0xAF, 0xBE, 0x0B, 0x49, 0x56, 0x86, 0xEF, 0x05, 0x1B, 0x63, 0x59, 0x7C, 0x32, 0x09, 0x04, 0x24, 0x05, 0x37, 0x5B, 0x1F }, + { 0x71, 0xC2, 0x6B, 0x89, 0x5C, 0x7B, 0x60, 0xC7, 0x91, 0x39, 0x84, 0x0B, 0xCD, 0x33, 0xC1, 0x67, 0x26, 0x5C, 0xA9, 0xD0, 0xFB, 0xDD, 0xE1, 0xAB, 0x7D, 0x07, 0x92, 0xDF, 0x8F, 0x65, 0xF8, 0x2E }, + { 0xD9, 0xF9, 0xAB, 0x23, 0x43, 0x82, 0x8B, 0x07, 0x1C, 0x88, 0x1F, 0x8F, 0xC5, 0x95, 0x21, 0x24, 0xBD, 0xF6, 0x11, 0xDB, 0xD4, 0xCA, 0x32, 0xDC, 0xB8, 0xE5, 0xDE, 0x1D, 0x37, 0x03, 0xA9, 0xDD }, + { 0x04, 0x42, 0xF8, 0x22, 0xDC, 0xF8, 0x1C, 0xD7, 0xC0, 0xE0, 0x82, 0x20, 0x08, 0xD5, 0x96, 0x79, 0xF9, 0xBF, 0x32, 0x6E, 0x9F, 0xAD, 0x51, 0x33, 0x9B, 0x6F, 0xC2, 0x98, 0x1C, 0x28, 0xB0, 0x60 }, + { 0x6F, 0x3A, 0x59, 0x60, 0x5D, 0x92, 0x08, 0xE9, 0x92, 0xB2, 0x81, 0x30, 0xFD, 0xCD, 0xFA, 0x44, 0x24, 0xF0, 0x57, 0xB1, 0x6F, 0xDF, 0x27, 0x8B, 0xA1, 0x5E, 0x82, 0x3C, 0x82, 0xC3, 0xCA, 0xAD }, + { 0x3D, 0x72, 0x09, 0xF5, 0x29, 0x5A, 0x8C, 0x68, 0x8A, 0x1F, 0xE8, 0xC6, 0x3E, 0xA8, 0xDC, 0x6B, 0xCB, 0x88, 0x70, 0x70, 0xFF, 0x7D, 0xC7, 0xC9, 0x5D, 0x2B, 0x66, 0xEE, 0x07, 0xF0, 0x4B, 0x0E }, + { 0x1C, 0x03, 0x30, 0xA5, 0xE5, 0x50, 0x0B, 0xB4, 0xC6, 0x62, 0x38, 0x3E, 0x04, 0xC5, 0xB9, 0x0C, 0x7F, 0x91, 0x43, 0xFC, 0x13, 0xD0, 0xCB, 0x78, 0xCF, 0x77, 0x44, 0xBA, 0xA1, 0x20, 0x80, 0x82 }, + { 0xF8, 0x9A, 0x6F, 0xB2, 0xDE, 0x52, 0x6E, 0x15, 0x65, 0x33, 0xBB, 0x67, 0x56, 0x2B, 0x85, 0x7C, 0xDA, 0xB5, 0x0A, 0x78, 0x87, 0x5A, 0xDD, 0x41, 0xC5, 0xE5, 0x22, 0xB0, 0xF7, 0xFD, 0x92, 0x4B }, + { 0xD9, 0x13, 0x64, 0x69, 0xC5, 0x96, 0x7A, 0x6A, 0x9A, 0x75, 0xD5, 0x9B, 0xF1, 0x9D, 0x60, 0x85, 0x3C, 0x05, 0x70, 0x93, 0xF0, 0x28, 0x53, 0x81, 0xEA, 0x6B, 0x8B, 0x8D, 0xA8, 0x4C, 0x47, 0x16 }, + { 0x14, 0x3A, 0xA1, 0x39, 0xE2, 0xD5, 0xF0, 0xD4, 0xAA, 0xBF, 0x8A, 0x5A, 0x0A, 0x93, 0xFB, 0x4F, 0x7C, 0x33, 0xD8, 0xB0, 0xC7, 0xB0, 0xB6, 0x32, 0x63, 0x87, 0xEE, 0x05, 0x59, 0xFF, 0x30, 0x13 }, + { 0x2F, 0xBB, 0x84, 0x7B, 0xDD, 0x33, 0x22, 0x18, 0x8B, 0x24, 0x9C, 0x7F, 0x51, 0x6B, 0x8B, 0x39, 0x14, 0x33, 0x37, 0x7F, 0x8C, 0x70, 0x08, 0x4B, 0x71, 0xB6, 0x7A, 0x2F, 0x11, 0x3A, 0x5D, 0x86 }, + { 0xA3, 0xA8, 0x04, 0x43, 0xAB, 0xD7, 0xD7, 0xC2, 0xBF, 0x99, 0x50, 0x93, 0x24, 0x65, 0x93, 0x1B, 0x81, 0x19, 0x72, 0x3D, 0x7A, 0xB9, 0x39, 0x69, 0x1F, 0x5D, 0x47, 0x0A, 0x42, 0x38, 0xE1, 0x00 }, + { 0xDB, 0x73, 0x26, 0x49, 0x74, 0x45, 0xD8, 0x35, 0x71, 0xBE, 0xE8, 0x9E, 0xE3, 0x25, 0x57, 0x22, 0x45, 0x9F, 0x6F, 0x8F, 0x8E, 0x1C, 0xE6, 0x47, 0x42, 0x00, 0x16, 0xDD, 0x2D, 0x2A, 0x5C, 0x17 }, + { 0x16, 0xF2, 0x76, 0xF5, 0xD5, 0x6B, 0xAC, 0x03, 0x8C, 0x9D, 0x3A, 0x5E, 0xA2, 0x54, 0xB7, 0x7D, 0x09, 0xDD, 0xBB, 0x90, 0x3F, 0x90, 0x07, 0x38, 0xC9, 0x3A, 0xC8, 0xFF, 0x0B, 0x14, 0x3C, 0xD8 }, + { 0xC1, 0x18, 0x12, 0x3A, 0xEB, 0x58, 0x91, 0xEB, 0xF5, 0xAA, 0x8F, 0x88, 0x09, 0x58, 0x8A, 0xD4, 0xEC, 0x3E, 0xD8, 0x84, 0x01, 0x51, 0x43, 0x38, 0x87, 0x4F, 0xE0, 0x13, 0xAF, 0xED, 0xA7, 0xB7 }, + { 0x2D, 0x4B, 0x38, 0x20, 0x3A, 0x1F, 0xAF, 0x9C, 0x02, 0x2F, 0x7A, 0x72, 0xAE, 0x38, 0x15, 0x6F, 0x87, 0x16, 0x3B, 0x5A, 0xE0, 0x34, 0x6C, 0xDB, 0xE4, 0x81, 0x71, 0xC2, 0x36, 0x63, 0x70, 0xBB }, + { 0x4E, 0x59, 0xD0, 0xC2, 0xFA, 0x79, 0x4C, 0x2D, 0xE1, 0x87, 0xA2, 0x82, 0xA3, 0x01, 0x11, 0x7F, 0xC7, 0xC1, 0xBA, 0x7F, 0x8B, 0x87, 0xF9, 0x23, 0x91, 0x7F, 0x65, 0x08, 0x66, 0xE8, 0x99, 0xAF }, + { 0x24, 0x82, 0xDD, 0xDB, 0xED, 0xF1, 0x66, 0x89, 0xA9, 0x50, 0x39, 0x2E, 0xC3, 0xDB, 0xBD, 0xFF, 0x56, 0xC8, 0x05, 0x13, 0xAC, 0x0C, 0x06, 0xB9, 0x14, 0xEE, 0x62, 0x25, 0xEE, 0xBE, 0xFA, 0xA8 }, + { 0xE7, 0xAB, 0x91, 0x00, 0x62, 0x37, 0x10, 0x77, 0x7E, 0x1D, 0xDD, 0xCB, 0x29, 0xDE, 0xEA, 0xDF, 0x82, 0x2F, 0x60, 0x12, 0x0A, 0xBA, 0x12, 0xEE, 0x97, 0x3C, 0x03, 0x26, 0x98, 0xAB, 0x1A, 0xF5 }, + { 0xC0, 0x9F, 0xF3, 0x9C, 0x44, 0x61, 0x22, 0xC8, 0x3A, 0xE1, 0x99, 0xD4, 0xA7, 0xF4, 0x83, 0x5D, 0x56, 0x28, 0xD5, 0xD8, 0x05, 0x4B, 0xA5, 0xFD, 0x6C, 0xF9, 0x13, 0xB8, 0x43, 0x5E, 0x36, 0x58 }, + { 0xBC, 0xF2, 0xAD, 0x08, 0x34, 0xE7, 0x32, 0x41, 0xD7, 0x19, 0xB8, 0x34, 0x81, 0x24, 0x0A, 0x2A, 0xEA, 0x52, 0xF7, 0x6F, 0xF2, 0x84, 0x07, 0xC2, 0x03, 0x46, 0xE9, 0x37, 0x34, 0xEF, 0x11, 0x2C }, + { 0x9E, 0xBA, 0x4A, 0xC2, 0x16, 0xC6, 0xF0, 0x22, 0x9B, 0x39, 0xB9, 0xF3, 0x00, 0x60, 0x0B, 0x59, 0x3B, 0x15, 0x12, 0xE1, 0x8B, 0xDB, 0x1B, 0x23, 0x9C, 0x74, 0x44, 0x3D, 0x9B, 0xEC, 0xCA, 0x79 }, + { 0xA3, 0x43, 0x92, 0xBF, 0x6D, 0x91, 0x2C, 0xE8, 0x55, 0xD7, 0xE3, 0xF9, 0xE7, 0x40, 0x9C, 0x95, 0x7A, 0xD3, 0x73, 0x33, 0x15, 0x43, 0x58, 0x88, 0xA5, 0x0F, 0xE9, 0x45, 0x1E, 0xAF, 0xE8, 0x97 }, + { 0xCA, 0x6B, 0xB7, 0xB7, 0x30, 0xCC, 0xE8, 0x3E, 0x1D, 0x56, 0xA9, 0x58, 0xE2, 0x65, 0x01, 0xA7, 0xE0, 0x23, 0x09, 0x3B, 0xBF, 0xA5, 0x6A, 0x84, 0x47, 0xBF, 0xBA, 0x1C, 0x4A, 0xEE, 0x99, 0xB1 }, + { 0x6B, 0xC9, 0xEE, 0x6F, 0x43, 0xDC, 0xC7, 0x61, 0xFB, 0x5A, 0x28, 0x3B, 0xF4, 0x0D, 0x5C, 0xF0, 0xAB, 0x62, 0x10, 0x03, 0xF3, 0xF3, 0xE7, 0x74, 0x5E, 0x54, 0x18, 0xDA, 0xF6, 0x50, 0x98, 0x62 }, + { 0x9F, 0xDD, 0xCE, 0x99, 0x46, 0xF8, 0x72, 0xC1, 0x95, 0x98, 0xF4, 0xD3, 0x11, 0x78, 0xEB, 0x7F, 0x76, 0x15, 0x5B, 0x03, 0x0C, 0x96, 0xB8, 0x75, 0xB5, 0x5B, 0x20, 0x3B, 0xC7, 0xE2, 0x68, 0xDB }, + { 0x02, 0x5C, 0xD3, 0x4B, 0x3C, 0x2A, 0x4D, 0x4A, 0x8F, 0x23, 0xC1, 0x7A, 0x7D, 0x08, 0x14, 0xBE, 0x7E, 0x39, 0x11, 0xB4, 0x4B, 0x32, 0x07, 0xC5, 0xBF, 0x30, 0x86, 0x2F, 0x14, 0x66, 0xA6, 0xAA }, + { 0x30, 0xC7, 0x54, 0x10, 0xF7, 0xE5, 0x64, 0x67, 0x86, 0x21, 0x4A, 0xEB, 0x82, 0xE9, 0xF9, 0x9B, 0xA2, 0xC4, 0xA9, 0x73, 0x6A, 0x94, 0x7F, 0x8C, 0x5C, 0x21, 0x53, 0x05, 0x50, 0x0C, 0x47, 0x78 }, + { 0xA4, 0xA7, 0xA8, 0xE6, 0x39, 0xF8, 0xBB, 0x6C, 0x6C, 0xBA, 0x0D, 0x36, 0x5A, 0xF4, 0x47, 0x0D, 0x05, 0x1C, 0xB9, 0xAF, 0x23, 0x50, 0x58, 0x10, 0x8B, 0x58, 0x66, 0xD9, 0x75, 0x47, 0xB7, 0x94 }, + { 0x7A, 0x5E, 0xE3, 0xC9, 0xED, 0xF1, 0x68, 0x94, 0x03, 0xF3, 0x12, 0x7E, 0xBE, 0x09, 0x50, 0x24, 0xCB, 0x4C, 0x27, 0xCD, 0xFD, 0xDC, 0x4D, 0xA1, 0xA2, 0x9B, 0xA1, 0xD0, 0x0B, 0x31, 0xBD, 0xC0 }, + { 0xC3, 0xD0, 0x9E, 0x4B, 0xC6, 0xE6, 0x53, 0x73, 0xFE, 0xEB, 0xD4, 0x75, 0x9C, 0x1D, 0xCC, 0xD3, 0x39, 0xFE, 0xC8, 0x3D, 0xAF, 0x7F, 0x25, 0x71, 0xF0, 0x13, 0x70, 0x4C, 0x5A, 0x58, 0x76, 0xA6 }, + { 0x22, 0xAF, 0x4C, 0xF6, 0x8A, 0xE5, 0x4A, 0x50, 0xF2, 0x8E, 0x88, 0x7A, 0x6D, 0x8C, 0xBE, 0xAA, 0xCF, 0x73, 0xA2, 0xF4, 0x6F, 0x50, 0xE1, 0xE9, 0xE9, 0xAA, 0x01, 0x70, 0x61, 0x17, 0xD1, 0x70 }, + { 0xC0, 0x4B, 0x8D, 0x20, 0x0E, 0x33, 0x2C, 0x08, 0x77, 0x85, 0x1B, 0xF7, 0x2B, 0xD6, 0xBD, 0x80, 0xE1, 0x06, 0x2D, 0x8F, 0x8E, 0x17, 0xE5, 0xE0, 0xBF, 0xA6, 0x05, 0x2C, 0x1D, 0x66, 0xAC, 0x1A }, + { 0x7A, 0xAC, 0x51, 0x99, 0x61, 0x71, 0xFC, 0x36, 0x12, 0xB3, 0x6F, 0x9C, 0x06, 0x18, 0xC0, 0x65, 0x74, 0xE6, 0x42, 0x43, 0xED, 0x66, 0xC0, 0xAF, 0x60, 0x01, 0xA6, 0x87, 0x82, 0x98, 0x9C, 0x70 }, + { 0x59, 0x06, 0xE5, 0xAF, 0x50, 0x09, 0x72, 0xB8, 0xC0, 0xEB, 0x6B, 0x2F, 0x18, 0x7A, 0x49, 0x73, 0x55, 0xE7, 0x7B, 0x59, 0xEB, 0xB6, 0xD1, 0x12, 0x21, 0xDC, 0xC9, 0x82, 0xB8, 0x85, 0xA4, 0x94 }, + { 0xB2, 0xD6, 0xC8, 0x93, 0xA0, 0xBF, 0x03, 0x08, 0x98, 0x0E, 0x4B, 0xC6, 0xBC, 0xD1, 0x3F, 0x7D, 0x60, 0xEE, 0x55, 0x74, 0x2C, 0xA7, 0xF6, 0x5B, 0xE2, 0xD7, 0x22, 0xF3, 0xC1, 0x4D, 0x0E, 0xDD }, + { 0xB6, 0x22, 0x1A, 0xF8, 0x24, 0x66, 0x0A, 0x37, 0xC0, 0x0E, 0x0F, 0x7A, 0x2B, 0x9D, 0x84, 0x99, 0x20, 0x9F, 0x34, 0x98, 0x69, 0xF8, 0xE0, 0x26, 0x17, 0x8E, 0x89, 0xFF, 0x02, 0xC0, 0x9A, 0x0D }, + { 0xD8, 0x79, 0x64, 0xB7, 0x15, 0x67, 0x29, 0x07, 0x93, 0x8F, 0xDD, 0x2E, 0x5C, 0x38, 0x92, 0xB0, 0x79, 0xA1, 0x38, 0xC1, 0x32, 0xDF, 0xFB, 0x68, 0x6B, 0x71, 0x75, 0xF1, 0xC8, 0x4C, 0x59, 0x18 }, + { 0x26, 0x29, 0xB2, 0x54, 0x9F, 0x6A, 0x7B, 0x0E, 0x38, 0x61, 0x06, 0x20, 0x69, 0xDB, 0xBF, 0x89, 0x5B, 0xDF, 0x65, 0xD1, 0xD6, 0xEA, 0x52, 0x17, 0x27, 0x83, 0x79, 0xBA, 0xC8, 0x2B, 0x6B, 0x3D }, + { 0x02, 0x16, 0xD2, 0x75, 0x70, 0xC9, 0x71, 0x00, 0xCF, 0xF3, 0x5D, 0xEA, 0x22, 0x59, 0xBB, 0x77, 0x9B, 0x4E, 0xFA, 0x9A, 0x26, 0x68, 0x73, 0xEB, 0x7F, 0xBE, 0x86, 0x5A, 0x3B, 0x44, 0x2B, 0x78 }, + { 0x37, 0xC6, 0x97, 0x81, 0xA4, 0x36, 0xC5, 0x0F, 0xE6, 0x79, 0x62, 0xE4, 0xC9, 0xBB, 0x38, 0xAB, 0xD1, 0x17, 0xDD, 0x1D, 0x82, 0xA7, 0x21, 0x12, 0x6C, 0x86, 0x08, 0xE9, 0xC6, 0x6F, 0x9F, 0x8E }, + { 0xD2, 0xB2, 0x14, 0x22, 0x1D, 0xB7, 0x5B, 0xCE, 0xBF, 0x96, 0x4F, 0x16, 0x48, 0xD7, 0x5B, 0x2F, 0x83, 0x2D, 0x02, 0x6D, 0x37, 0x01, 0x5B, 0xEA, 0x19, 0xF8, 0x0E, 0x45, 0x23, 0x56, 0x70, 0x9F }, + { 0x26, 0x50, 0xDC, 0xFB, 0xC3, 0xFA, 0xFB, 0xD4, 0x7C, 0xD2, 0xEF, 0x10, 0x80, 0x74, 0x90, 0x2C, 0x86, 0x58, 0xA0, 0xE9, 0xA7, 0x0D, 0xA2, 0xF7, 0x90, 0x44, 0x53, 0x97, 0x47, 0x54, 0x01, 0x5F }, + { 0x7E, 0xDE, 0x7A, 0x6F, 0xB7, 0x94, 0x26, 0xA3, 0xC3, 0x2E, 0x79, 0xC0, 0xBB, 0x3C, 0xA8, 0x5C, 0xC1, 0x66, 0x97, 0x5C, 0xB6, 0x67, 0x50, 0x95, 0x1A, 0x06, 0x9E, 0x1D, 0x0B, 0x84, 0x5A, 0x1C }, + { 0x87, 0xBE, 0x66, 0xDB, 0x2C, 0x5A, 0x9C, 0x5A, 0xAF, 0xBB, 0xA1, 0xAE, 0x86, 0x9A, 0x9C, 0x78, 0x78, 0xE3, 0x8F, 0xA2, 0xBD, 0x82, 0x0D, 0xDA, 0x3C, 0x00, 0x49, 0x0E, 0xE7, 0x78, 0xBF, 0xB5 }, + { 0x94, 0x88, 0xBD, 0x26, 0xFA, 0x51, 0x96, 0xE6, 0x78, 0x77, 0x98, 0x04, 0xBA, 0x0C, 0x92, 0x23, 0xB7, 0x88, 0x23, 0xF1, 0xE5, 0x74, 0x1E, 0x8B, 0xE6, 0x03, 0xF9, 0x9A, 0xA6, 0x79, 0xED, 0xD9 }, + { 0x4F, 0x0A, 0xC5, 0xB3, 0x54, 0x3C, 0xF3, 0x01, 0xBF, 0xCC, 0xA4, 0x19, 0x6E, 0xEC, 0xAB, 0x3F, 0x22, 0x70, 0x2E, 0x58, 0xAC, 0x41, 0x2E, 0xB3, 0xB5, 0xA3, 0x23, 0xA7, 0x3A, 0x59, 0xA4, 0x19 }, + { 0xFA, 0x72, 0x0F, 0x21, 0x7D, 0xAD, 0x6B, 0x57, 0xC0, 0x2D, 0x3C, 0xA8, 0x46, 0x7E, 0xC4, 0x34, 0xE9, 0x30, 0x80, 0x6D, 0x96, 0x94, 0xA4, 0x48, 0xA9, 0x7C, 0xAA, 0xC9, 0xB6, 0xA9, 0xDB, 0x0E }, + { 0xD9, 0x25, 0x82, 0x7B, 0xB7, 0xA0, 0xD7, 0x69, 0x3C, 0x25, 0x20, 0x37, 0x53, 0x52, 0x3B, 0x21, 0xAB, 0x1E, 0x59, 0xC1, 0x7C, 0x9F, 0x01, 0x57, 0x14, 0x05, 0x5A, 0x7B, 0x29, 0xF4, 0xC9, 0x8A }, + { 0x9F, 0xB4, 0xA2, 0xCD, 0x72, 0x24, 0xB6, 0x6D, 0x6A, 0x77, 0x96, 0x7D, 0x77, 0x6D, 0xEA, 0xB3, 0xDE, 0x51, 0xE8, 0x8C, 0x6A, 0xE5, 0x60, 0x79, 0xF6, 0x05, 0x43, 0x05, 0xBD, 0x20, 0x5D, 0x52 }, + { 0xF3, 0x42, 0x09, 0xB6, 0x9B, 0x87, 0xCF, 0x44, 0xCF, 0xD4, 0x8B, 0xA7, 0x12, 0x33, 0x7B, 0xA1, 0x0E, 0xA6, 0x7D, 0xF5, 0x7C, 0xC0, 0xB6, 0x91, 0x05, 0xFB, 0x6B, 0x3A, 0x17, 0x87, 0xC2, 0x2A }, + { 0x90, 0xCC, 0x6D, 0xE9, 0xA7, 0x8C, 0xD3, 0x8B, 0xE9, 0x8F, 0x7B, 0xAE, 0x02, 0xBA, 0xD7, 0xC8, 0xD9, 0xDA, 0xA2, 0x2D, 0x51, 0xA7, 0x5F, 0xB3, 0x04, 0xA8, 0xB2, 0xD7, 0x1C, 0x83, 0x7B, 0xF7 }, + { 0x94, 0x75, 0xF3, 0xED, 0x16, 0x59, 0x23, 0xE1, 0xF3, 0xD0, 0xAA, 0x01, 0x9A, 0x61, 0x7E, 0xD3, 0x80, 0x64, 0xD5, 0xDB, 0xE7, 0x16, 0xB6, 0x86, 0xBC, 0xC3, 0xCB, 0x30, 0x73, 0xCA, 0x15, 0x56 }, + { 0x11, 0x49, 0xC1, 0xD2, 0x38, 0x43, 0xD7, 0x52, 0xAF, 0xB1, 0xF6, 0xDA, 0x27, 0x99, 0x92, 0xD2, 0x43, 0xE4, 0xB1, 0x96, 0x73, 0xCA, 0xF0, 0xCC, 0xEA, 0xD0, 0xC8, 0xFE, 0x84, 0x59, 0x0B, 0x29 }, + { 0x2D, 0x6C, 0xC3, 0x9E, 0xD8, 0x28, 0xC2, 0x9C, 0x79, 0x38, 0x81, 0x65, 0x12, 0xAC, 0xA7, 0x43, 0xF7, 0x43, 0x6D, 0x3B, 0xDA, 0x78, 0x4A, 0xBE, 0x7D, 0x87, 0x42, 0x78, 0x6D, 0x99, 0x3F, 0xBD }, + { 0xC1, 0x95, 0x4D, 0x8D, 0x83, 0x37, 0xDB, 0x1E, 0xC5, 0xE8, 0x8A, 0xA8, 0xA0, 0xE4, 0xAD, 0xCB, 0x16, 0x42, 0x1D, 0xC0, 0x29, 0xB4, 0xC9, 0xEB, 0x36, 0xCA, 0x49, 0x58, 0xF4, 0x56, 0xFE, 0x6D }, + { 0x31, 0x08, 0xD7, 0x13, 0xC0, 0x63, 0x6F, 0x46, 0xB8, 0xF4, 0x53, 0x63, 0x36, 0x8A, 0x93, 0xEF, 0xDC, 0x7B, 0x70, 0xFD, 0x0B, 0xEB, 0x62, 0x6D, 0x33, 0xD6, 0x74, 0x00, 0x15, 0x7A, 0x08, 0x81 }, + { 0x2A, 0x3F, 0xD1, 0xEA, 0x98, 0x06, 0xB8, 0xDC, 0x53, 0xA2, 0x40, 0x7A, 0x91, 0xF7, 0x49, 0x13, 0xC0, 0xBC, 0x79, 0xA8, 0xD0, 0x34, 0xE5, 0xFF, 0xE2, 0x09, 0xAC, 0x1F, 0x8E, 0x2B, 0x0F, 0xAF }, + { 0x5D, 0x1B, 0x6A, 0xC8, 0x48, 0x71, 0xFB, 0x3A, 0xBE, 0x99, 0xED, 0xCD, 0xB9, 0x8D, 0x28, 0x8C, 0xE5, 0x2F, 0x7C, 0xBF, 0x01, 0x7F, 0xB1, 0x7C, 0x5B, 0x8D, 0x80, 0xE0, 0x5F, 0xE2, 0x52, 0x83 }, + { 0x69, 0x4B, 0xDC, 0x5E, 0xD7, 0x83, 0xC7, 0xEA, 0x0D, 0x76, 0x25, 0x89, 0x94, 0x5D, 0x87, 0x00, 0x09, 0xE8, 0x33, 0x98, 0xF5, 0x00, 0xDD, 0x81, 0x4F, 0xD5, 0xF7, 0xB3, 0x1F, 0xA2, 0xB1, 0xE0 }, + { 0xC3, 0xE5, 0x8E, 0xCA, 0x3F, 0xBE, 0x33, 0xC1, 0xA0, 0x39, 0x6A, 0x3C, 0x88, 0x06, 0x28, 0x5E, 0x10, 0x92, 0xC0, 0x88, 0x13, 0x35, 0x9A, 0xB3, 0xF1, 0xF2, 0x4C, 0x1C, 0x30, 0xE2, 0xDF, 0xA5 }, + { 0xCC, 0xDC, 0x4A, 0xBA, 0x8F, 0x7A, 0x21, 0x6B, 0x78, 0xB4, 0xC7, 0x0A, 0xCA, 0xDC, 0x95, 0x92, 0x4B, 0x85, 0x3E, 0x9F, 0xEB, 0x12, 0x01, 0x4B, 0xA9, 0x72, 0x35, 0x93, 0xE0, 0x60, 0x6C, 0x93 }, + { 0x25, 0xBA, 0x14, 0xDF, 0xF7, 0x65, 0xDB, 0x9F, 0xA3, 0x86, 0x81, 0xF6, 0xE1, 0x6F, 0xA7, 0x9B, 0x9B, 0xE6, 0x8A, 0x37, 0x3A, 0xA7, 0x01, 0x87, 0xD3, 0x96, 0x6D, 0x5C, 0xEB, 0xD2, 0xD7, 0xCE }, + { 0x8C, 0x37, 0x33, 0x72, 0xF5, 0xB3, 0xBC, 0xAD, 0xE9, 0x02, 0x98, 0x30, 0xB7, 0x02, 0x56, 0xA3, 0x53, 0xCB, 0xFC, 0x28, 0x98, 0x27, 0x9F, 0x9B, 0x51, 0x59, 0xEB, 0x0F, 0xC7, 0x7A, 0xF7, 0xFF }, + { 0xF9, 0x52, 0x34, 0x3E, 0xCD, 0xD9, 0x0A, 0x08, 0xED, 0xD8, 0x6A, 0x2B, 0x3C, 0xEF, 0xB9, 0x1F, 0x94, 0x2B, 0x9A, 0xC9, 0x5C, 0xBD, 0xB1, 0xBD, 0xC3, 0x3C, 0xF1, 0x07, 0xF1, 0xE1, 0x56, 0xB2 }, + { 0x3F, 0x22, 0x3E, 0x88, 0x70, 0x66, 0x78, 0x70, 0xC1, 0xC8, 0xA5, 0x6D, 0x59, 0x03, 0xE8, 0x7A, 0x83, 0x29, 0x45, 0xCA, 0xE7, 0x45, 0x96, 0x9D, 0x1B, 0x91, 0xA1, 0xEE, 0x2E, 0x1E, 0xE8, 0x49 }, + { 0xBF, 0x61, 0x73, 0x5C, 0x05, 0xBD, 0x1B, 0x51, 0xFC, 0x35, 0x56, 0x36, 0x1B, 0x4C, 0x87, 0xF4, 0x6E, 0x11, 0x0B, 0x57, 0x50, 0x67, 0xD0, 0x7D, 0x66, 0x92, 0x8F, 0x47, 0x55, 0x09, 0x62, 0xB5 }, + { 0x8A, 0x2D, 0x1B, 0x44, 0xF8, 0xA9, 0x52, 0x26, 0x3A, 0xB1, 0x1C, 0x0E, 0xF1, 0x50, 0x37, 0x52, 0x3E, 0x9D, 0x46, 0xA9, 0xEF, 0x10, 0xA8, 0x2F, 0x5F, 0x85, 0xE7, 0x50, 0x27, 0xDB, 0x6D, 0xBF }, + { 0x3B, 0x01, 0x00, 0x0E, 0x04, 0x4D, 0x21, 0x71, 0xDB, 0x74, 0xAB, 0x8D, 0xE6, 0x43, 0x29, 0xC1, 0xC8, 0xCA, 0xF2, 0xCB, 0xCD, 0xD7, 0xE2, 0x2E, 0x52, 0x94, 0x93, 0x5A, 0x60, 0x12, 0x0F, 0x53 }, + { 0xF6, 0x40, 0xB5, 0x07, 0x92, 0x07, 0x84, 0x0E, 0xC1, 0x82, 0xE1, 0x2F, 0x43, 0x20, 0x37, 0x70, 0x7B, 0xBB, 0x60, 0xD2, 0x67, 0xE6, 0x06, 0xC6, 0x7D, 0x53, 0xFB, 0x7F, 0xE8, 0xC7, 0xCA, 0xBF }, + { 0xB0, 0xEE, 0x94, 0x4B, 0xBC, 0x2C, 0x66, 0x46, 0xE2, 0xD0, 0xF7, 0x37, 0x8C, 0xBE, 0xA8, 0x28, 0x65, 0xA9, 0x38, 0xAF, 0x38, 0xB7, 0xC3, 0xC3, 0x30, 0x48, 0x68, 0xCE, 0x6F, 0x2B, 0xF3, 0x7A }, + { 0xDA, 0x30, 0xB6, 0x16, 0xFF, 0x4B, 0x44, 0x2B, 0x7F, 0x1C, 0x39, 0x5B, 0xA2, 0x49, 0x23, 0x60, 0x38, 0xF5, 0x5F, 0xAF, 0x5F, 0x2D, 0x3B, 0xEC, 0x6E, 0xE0, 0x61, 0x11, 0x15, 0x15, 0x58, 0x0B }, + { 0x22, 0xE2, 0x23, 0x11, 0x57, 0x56, 0x30, 0xE3, 0x29, 0x37, 0x21, 0x0E, 0x63, 0x9D, 0x6D, 0x20, 0x67, 0x93, 0x39, 0xB2, 0xFB, 0x05, 0x54, 0x40, 0x30, 0x0C, 0xD6, 0x21, 0xAC, 0x8E, 0x7F, 0xD0 }, + { 0xD3, 0xE8, 0xCF, 0x52, 0x8F, 0xF1, 0x45, 0xAA, 0xA1, 0x99, 0x90, 0x2E, 0x69, 0xF7, 0x0C, 0xA2, 0x0B, 0x38, 0x4F, 0xDA, 0xAA, 0x2B, 0x29, 0xF5, 0xDD, 0x86, 0x9A, 0x1F, 0x25, 0xD5, 0xA9, 0xCB }, + { 0x28, 0x54, 0xB2, 0x09, 0x1D, 0xAC, 0xE2, 0xB1, 0x19, 0xE0, 0x6F, 0x0C, 0x93, 0x30, 0x90, 0x4C, 0x46, 0x49, 0x85, 0x51, 0x46, 0x8C, 0x4F, 0xAD, 0x26, 0x5E, 0x8C, 0x43, 0xD3, 0x73, 0xD4, 0x43 }, + { 0x7E, 0x6E, 0xCA, 0x7A, 0xF5, 0xDA, 0xAF, 0x25, 0x01, 0xD1, 0x84, 0xFC, 0x21, 0x25, 0x53, 0x0B, 0xD2, 0xC2, 0x24, 0xEF, 0xD5, 0x24, 0x83, 0x1A, 0x14, 0x55, 0x58, 0xA2, 0xAC, 0xB6, 0x87, 0xDA }, + { 0xDD, 0x47, 0x1B, 0x52, 0xC1, 0x97, 0x7E, 0xC0, 0xC2, 0x26, 0xCB, 0x12, 0xB2, 0x9E, 0x3D, 0xF5, 0x94, 0xF8, 0x8F, 0x5C, 0x4F, 0x94, 0x15, 0xE3, 0x79, 0xED, 0x14, 0xA2, 0x4A, 0xA4, 0xA5, 0x10 }, + { 0x91, 0x96, 0x95, 0x5E, 0x5B, 0x4C, 0xF6, 0x45, 0x61, 0xA1, 0xAA, 0xFE, 0x92, 0x1A, 0xF2, 0x2A, 0x57, 0x2E, 0x06, 0x53, 0x99, 0xAF, 0x88, 0xC4, 0xA9, 0x37, 0xB5, 0xD1, 0xC3, 0xF4, 0x0A, 0xD5 }, + { 0x76, 0xDE, 0x40, 0x86, 0x40, 0x5D, 0xE5, 0xB9, 0x06, 0xA5, 0xE6, 0x59, 0x1D, 0x2C, 0xB3, 0x85, 0xB2, 0xD6, 0x36, 0x3F, 0x7E, 0x9F, 0x65, 0xD1, 0x39, 0xD3, 0xF7, 0x85, 0x7A, 0xAB, 0x6E, 0x62 }, + { 0x5A, 0x65, 0xB3, 0xED, 0x53, 0x14, 0x2E, 0xD4, 0xC8, 0x35, 0x4D, 0xAA, 0xDC, 0xEB, 0x29, 0x07, 0x21, 0x43, 0x82, 0xD8, 0xB1, 0x25, 0x8E, 0x6D, 0x2E, 0xE7, 0x9F, 0xDF, 0x35, 0xE1, 0x68, 0x31 }, + { 0xB6, 0x62, 0x40, 0x61, 0x49, 0x1C, 0x48, 0xB6, 0x37, 0x04, 0xE3, 0x16, 0xED, 0x34, 0x9D, 0xD9, 0x0A, 0x93, 0x40, 0x92, 0x53, 0x01, 0xD6, 0xD6, 0xCE, 0x2E, 0xCA, 0x6E, 0x97, 0x58, 0x3A, 0xA8 }, + { 0x91, 0x82, 0x6E, 0x7F, 0xEA, 0x9A, 0x9D, 0xFB, 0x6E, 0x24, 0x06, 0x9A, 0x6A, 0xC3, 0x0D, 0x10, 0xAA, 0x15, 0xC5, 0x53, 0x43, 0xE4, 0xE8, 0x5E, 0x04, 0xD1, 0x3F, 0x84, 0xFA, 0xF2, 0xB8, 0x8C }, + { 0xE3, 0xD0, 0xF1, 0xAE, 0x5E, 0xD2, 0xA5, 0x4A, 0xD3, 0x31, 0x60, 0x4C, 0x91, 0x10, 0xFA, 0xAE, 0x90, 0x67, 0xC4, 0x57, 0x24, 0xB1, 0x6E, 0xE5, 0x7A, 0xFC, 0x67, 0xBC, 0xD2, 0xD6, 0xA9, 0x09 }, + { 0x2C, 0xB8, 0xFF, 0x4F, 0xEB, 0x94, 0xF1, 0x98, 0xAC, 0xC0, 0xE3, 0x3E, 0xDD, 0x6F, 0xC0, 0xD2, 0x8B, 0x2C, 0x0C, 0xA6, 0x0E, 0xF5, 0x37, 0x24, 0xF5, 0x6E, 0x58, 0xC9, 0x5A, 0x0A, 0xAF, 0x0B }, + { 0x9B, 0x35, 0xDF, 0x6B, 0x90, 0x37, 0x11, 0x08, 0xB9, 0x33, 0x4A, 0xE8, 0xD2, 0x32, 0x98, 0xD3, 0x5E, 0x1C, 0x02, 0x6F, 0x6F, 0xB2, 0x09, 0x65, 0xD4, 0xEB, 0xFB, 0xE9, 0xAF, 0x92, 0x05, 0xD1 }, + { 0x87, 0x15, 0x5D, 0x2B, 0xC6, 0xD3, 0x8E, 0xB7, 0xE5, 0x3C, 0xD4, 0x9E, 0x23, 0xE0, 0x28, 0x86, 0x16, 0xCC, 0x39, 0x7A, 0xFD, 0x9C, 0xF8, 0xF7, 0xF3, 0x84, 0x5C, 0x21, 0xB8, 0x24, 0x5F, 0x22 }, + { 0x9E, 0xB7, 0x82, 0x01, 0x0A, 0xA6, 0x9F, 0x4B, 0x92, 0x5D, 0xB4, 0xC7, 0x2F, 0x94, 0xC1, 0x22, 0x8B, 0xF7, 0x4D, 0xA2, 0x3D, 0x66, 0x99, 0xF5, 0x4F, 0xA6, 0x86, 0xA9, 0xCB, 0x11, 0xBD, 0x1C }, + { 0x5D, 0xFE, 0xF9, 0xCA, 0x90, 0x90, 0xCD, 0x64, 0xE8, 0x08, 0x5F, 0x17, 0x5A, 0x5E, 0x0D, 0x13, 0x11, 0xE5, 0xCC, 0x9F, 0x8E, 0xCB, 0x8B, 0x76, 0x3F, 0x03, 0xAB, 0x5D, 0x85, 0x45, 0x70, 0x04 }, + { 0xD5, 0x51, 0xC2, 0x41, 0xBD, 0x7C, 0xFD, 0x21, 0xC9, 0xFE, 0x5F, 0x4B, 0x30, 0x49, 0xB2, 0x7C, 0x8F, 0x3F, 0x63, 0x08, 0x88, 0x64, 0xCC, 0xFA, 0x08, 0xBE, 0x48, 0xDE, 0xEF, 0x71, 0x6F, 0x8C }, + { 0x78, 0xB4, 0xB9, 0x49, 0x10, 0xB7, 0x1F, 0xDA, 0xCC, 0xE0, 0xD1, 0x59, 0x88, 0xE4, 0x62, 0x3B, 0xD3, 0x73, 0x3B, 0xCA, 0xFB, 0x13, 0x71, 0x93, 0x19, 0x28, 0x36, 0xCA, 0x4D, 0x3D, 0x80, 0x90 }, + { 0x24, 0x23, 0xD1, 0x5F, 0x02, 0xCA, 0xB1, 0x42, 0xF7, 0x49, 0xA6, 0x6E, 0x65, 0x8C, 0x8C, 0x21, 0xBD, 0x37, 0xDC, 0x35, 0x32, 0xBF, 0x9A, 0x91, 0x9E, 0xAC, 0x93, 0x48, 0xB7, 0x7C, 0xD2, 0x19 }, + { 0xD8, 0x5C, 0xA4, 0x66, 0x4C, 0xAA, 0x7D, 0xD8, 0x0B, 0x61, 0x9F, 0x33, 0xF4, 0xEE, 0xE6, 0x11, 0x80, 0x20, 0x1D, 0xEF, 0xFB, 0x5C, 0x2B, 0x63, 0xD6, 0x1A, 0x54, 0xF4, 0xF6, 0xFD, 0x7E, 0xE6 }, + { 0xA3, 0xF8, 0xD1, 0xF8, 0xE1, 0x08, 0x6A, 0xF0, 0x3F, 0xA5, 0x96, 0x88, 0xD4, 0x37, 0xA8, 0xCA, 0x86, 0x48, 0x79, 0xD6, 0xC7, 0x1F, 0x87, 0xF0, 0x86, 0x10, 0xA7, 0x6A, 0x54, 0x9A, 0xDC, 0x26 }, + { 0x1E, 0xF7, 0xDB, 0x0A, 0x22, 0x13, 0xE1, 0x03, 0x95, 0x48, 0xF5, 0xA6, 0xF5, 0xE9, 0xFF, 0x53, 0x14, 0x8A, 0x17, 0x5A, 0xFC, 0x5F, 0xF7, 0x90, 0x57, 0xB7, 0x5C, 0xB9, 0x34, 0xBD, 0x4C, 0x0D }, + { 0x22, 0x79, 0x9E, 0xDB, 0xB3, 0x50, 0x55, 0x29, 0x39, 0xDD, 0x26, 0xCF, 0x75, 0xC4, 0xB4, 0x78, 0x99, 0xC5, 0x6B, 0xB1, 0x68, 0x35, 0x48, 0x0F, 0xBF, 0x44, 0xD2, 0xD1, 0xFF, 0x7A, 0x7E, 0xE2 }, + { 0xFC, 0xE3, 0x05, 0x5C, 0xCD, 0x5D, 0x04, 0x46, 0x87, 0xA2, 0x41, 0xE8, 0x3D, 0xE9, 0x28, 0xC8, 0xC4, 0x88, 0x20, 0x39, 0xFB, 0xBD, 0x53, 0x32, 0x7C, 0x30, 0xC3, 0x79, 0x18, 0x84, 0x7D, 0x5F }, + { 0x60, 0x49, 0x0A, 0x27, 0x11, 0x55, 0x57, 0x1F, 0x22, 0xA2, 0xA0, 0xFC, 0xA5, 0x55, 0xAF, 0x9C, 0x5E, 0xCF, 0x11, 0xC3, 0x78, 0x31, 0x76, 0xE3, 0x1A, 0xE9, 0x67, 0x39, 0x56, 0xF5, 0xB7, 0xA7 }, + { 0xCD, 0xFB, 0x5F, 0x0D, 0x6C, 0x5D, 0x61, 0x1D, 0x7A, 0x15, 0x9B, 0x62, 0xB0, 0x6C, 0x4C, 0x68, 0x63, 0x1C, 0x1B, 0x9E, 0xD4, 0xD8, 0x7C, 0xFC, 0x66, 0xBE, 0x22, 0x38, 0x20, 0x27, 0x05, 0xF3 }, + { 0xD4, 0x2A, 0x23, 0x96, 0x1F, 0xCB, 0x7C, 0x94, 0x87, 0x7B, 0xC6, 0xEF, 0xCA, 0xA5, 0xFE, 0xE4, 0xA7, 0x81, 0x44, 0x86, 0xD9, 0x9A, 0xF5, 0x73, 0xFE, 0x28, 0x79, 0x32, 0x0A, 0x97, 0x02, 0x9D }, + { 0x35, 0x9C, 0x1E, 0xB9, 0x52, 0xFB, 0x8C, 0x37, 0x3F, 0x3F, 0x4D, 0xCB, 0x8E, 0xAD, 0x56, 0xFA, 0x17, 0x23, 0xFF, 0xED, 0xBB, 0xD2, 0x62, 0x77, 0x4C, 0x98, 0x4B, 0x1C, 0x8B, 0x32, 0x9F, 0xFE }, + { 0xD5, 0x71, 0x77, 0xE5, 0x5B, 0x70, 0x9D, 0x38, 0x0B, 0x08, 0x00, 0xCE, 0x2F, 0x00, 0x0C, 0x37, 0xFF, 0xAB, 0x06, 0x20, 0x98, 0x7F, 0x2B, 0xBA, 0xBC, 0x65, 0x0A, 0x9D, 0x83, 0xC4, 0x98, 0x18 }, + { 0xA5, 0xE1, 0x38, 0x99, 0x53, 0x01, 0x31, 0xA8, 0x57, 0x8A, 0x05, 0xAB, 0x7E, 0xCC, 0xB5, 0x21, 0x18, 0xEF, 0x93, 0xBD, 0xD8, 0x61, 0xBD, 0x5A, 0xFE, 0x9C, 0x4F, 0x23, 0xC2, 0x9C, 0x18, 0xDD }, + { 0x88, 0xA0, 0xEB, 0x7F, 0xD4, 0xFE, 0xFC, 0x9B, 0x89, 0x14, 0x18, 0xA0, 0xBC, 0x62, 0xE7, 0xA2, 0x0A, 0x12, 0x05, 0x03, 0xAC, 0xB4, 0x78, 0x69, 0x3B, 0x21, 0x4D, 0xD5, 0x0C, 0xCB, 0xA9, 0x08 }, + { 0xF5, 0x5F, 0x00, 0xEB, 0xB0, 0x91, 0xFD, 0x52, 0xAC, 0xDC, 0x68, 0x64, 0x35, 0xE5, 0xCA, 0x7A, 0xD7, 0x13, 0xCF, 0xDF, 0x83, 0x97, 0xD5, 0x0C, 0xA3, 0x62, 0x0F, 0xFA, 0xC4, 0xB1, 0xEB, 0xE5 }, + { 0xDC, 0x6D, 0x16, 0xE8, 0x27, 0xF7, 0x81, 0xB3, 0x3D, 0xBA, 0xF2, 0x7B, 0x71, 0x8E, 0xBE, 0x4C, 0x43, 0x1D, 0xB5, 0x9D, 0x7F, 0xD7, 0x8B, 0xAA, 0xB3, 0xA8, 0x3F, 0x5D, 0xC3, 0x07, 0xA6, 0xC3 }, + { 0x40, 0x07, 0xA6, 0x86, 0x26, 0xFD, 0x5B, 0x0F, 0xBC, 0xD8, 0x2B, 0x0D, 0x32, 0x63, 0xAB, 0x54, 0x36, 0x3A, 0xD2, 0xF7, 0x4D, 0x83, 0xDC, 0xC7, 0x21, 0xCB, 0xB7, 0xAD, 0xD7, 0x21, 0x03, 0x6E }, + { 0xAB, 0xAE, 0x3D, 0x3A, 0x02, 0x42, 0x9D, 0x97, 0x25, 0x52, 0x9D, 0x38, 0x02, 0x6C, 0x45, 0x55, 0x20, 0x70, 0xDE, 0x29, 0x94, 0xAC, 0x9F, 0x9E, 0x50, 0xB6, 0x41, 0x62, 0x61, 0x57, 0xDB, 0x8F }, + { 0xB2, 0xA5, 0x4B, 0x6C, 0x54, 0x49, 0xD6, 0x17, 0x84, 0x61, 0x96, 0x55, 0x77, 0x11, 0x44, 0xC1, 0x98, 0xCB, 0x36, 0x8A, 0x0D, 0x6B, 0x4B, 0x02, 0xF6, 0x38, 0x45, 0x5C, 0x4B, 0xF7, 0xD0, 0xFC }, + { 0x26, 0x99, 0xCB, 0x65, 0x9A, 0x9E, 0xDA, 0xC2, 0xB9, 0x09, 0xB7, 0x15, 0xDA, 0x4E, 0xAC, 0x47, 0x9C, 0x9E, 0x10, 0x0B, 0x78, 0xD5, 0xFD, 0xE3, 0x32, 0xAB, 0x72, 0x32, 0x23, 0x78, 0x54, 0x6C }, + { 0x88, 0x7A, 0x83, 0x23, 0x56, 0xDB, 0xB4, 0xF3, 0x73, 0x29, 0x18, 0x0C, 0x35, 0xCC, 0x88, 0xE2, 0xA7, 0x28, 0xAE, 0x95, 0xEA, 0x9B, 0x3D, 0x79, 0xB4, 0xF7, 0x7D, 0xE0, 0x9A, 0x8A, 0x50, 0x44 }, + { 0x02, 0x8F, 0x34, 0x54, 0x51, 0x18, 0x7A, 0xF8, 0x68, 0x56, 0xB6, 0x8B, 0x39, 0x6D, 0x49, 0x24, 0xE9, 0xE8, 0x2B, 0x1E, 0xB6, 0xBF, 0x95, 0xF8, 0x2A, 0xFA, 0xEA, 0x39, 0xEE, 0xEE, 0x59, 0x09 }, + { 0x69, 0x87, 0x41, 0x7C, 0xBD, 0xCC, 0x12, 0x88, 0x73, 0x05, 0x56, 0x9B, 0xD0, 0x7A, 0xB0, 0x7D, 0x48, 0x1D, 0xB6, 0xB9, 0x9A, 0xE1, 0x3F, 0xF9, 0x10, 0x77, 0xAD, 0xC1, 0x40, 0xCD, 0x4D, 0x39 }, + { 0xEC, 0x17, 0xDC, 0x25, 0x62, 0x86, 0x0C, 0xF6, 0x5B, 0xD4, 0xAF, 0x7A, 0xDE, 0x88, 0x70, 0x4D, 0xF0, 0x59, 0xA5, 0x1E, 0xC5, 0xB6, 0xFD, 0xCF, 0x3B, 0x9C, 0x97, 0x08, 0x49, 0xA5, 0xF7, 0x65 }, + { 0x26, 0x5F, 0x81, 0xAA, 0x3C, 0x67, 0x23, 0xB4, 0x15, 0x0D, 0x43, 0x30, 0x42, 0x1C, 0x33, 0x47, 0x91, 0xFB, 0xAE, 0xA8, 0x0F, 0x37, 0xDA, 0x0A, 0x64, 0x9A, 0xE3, 0x2E, 0xB3, 0x33, 0xDF, 0xBA }, + { 0xF4, 0x8A, 0x61, 0x81, 0x4B, 0x60, 0xF0, 0x29, 0x4C, 0xA4, 0x8D, 0xD6, 0x26, 0x7C, 0x26, 0xBC, 0x40, 0x9E, 0x06, 0x71, 0x98, 0xE3, 0x78, 0x7A, 0x62, 0x15, 0xED, 0x54, 0xB1, 0xC4, 0x5B, 0x75 }, + { 0xD5, 0xBA, 0xFE, 0xB1, 0xA1, 0xC2, 0x7C, 0xB3, 0x88, 0x0A, 0xA1, 0x52, 0x02, 0xA3, 0xC1, 0xF2, 0x0D, 0xC0, 0x52, 0x1A, 0x90, 0x1B, 0xD9, 0x7B, 0x4E, 0x43, 0x3B, 0x4E, 0x83, 0xA0, 0x4D, 0xC8 }, + { 0x39, 0xA7, 0x19, 0xC2, 0xB6, 0xA6, 0x51, 0xFA, 0x75, 0x7B, 0xDB, 0xEA, 0x8E, 0xD8, 0x6E, 0xB3, 0x28, 0x6D, 0x0B, 0x1E, 0xE6, 0x4A, 0x54, 0x6D, 0x3C, 0xFC, 0x17, 0x07, 0x93, 0xD0, 0x20, 0x91 }, + { 0xB6, 0xED, 0x8C, 0x03, 0x73, 0xD2, 0x3B, 0x03, 0x79, 0x60, 0x34, 0x11, 0x00, 0x6C, 0x4E, 0xF0, 0xD0, 0x04, 0xAD, 0xF8, 0x4C, 0xE5, 0x6E, 0x86, 0xBB, 0xF0, 0xEC, 0x59, 0x87, 0xD5, 0xB6, 0xD0 }, + { 0x9F, 0x3E, 0xDE, 0x96, 0x02, 0x3A, 0x4E, 0x8B, 0x54, 0xA3, 0xA7, 0xE9, 0x26, 0xE1, 0xAD, 0x96, 0x91, 0xD4, 0xFA, 0x9B, 0x33, 0x9B, 0x94, 0xBE, 0xDC, 0xB2, 0xB6, 0x27, 0x4C, 0xD8, 0x63, 0x52 }, + { 0xB5, 0xFD, 0x08, 0x4B, 0x19, 0xB8, 0x47, 0xD4, 0x99, 0x7F, 0x90, 0xE8, 0x1E, 0x52, 0x40, 0xA7, 0x5E, 0x89, 0x28, 0x42, 0x35, 0x7C, 0x54, 0xE8, 0x3F, 0xC5, 0x21, 0x3C, 0xCB, 0x76, 0x79, 0x49 }, + { 0xCC, 0xA3, 0x83, 0x1C, 0xD0, 0x74, 0x66, 0xD9, 0x8F, 0x8B, 0x5A, 0xF9, 0x82, 0x42, 0x81, 0xDD, 0xAA, 0xBE, 0x7E, 0xC5, 0x37, 0x24, 0x05, 0xAA, 0x92, 0x30, 0xA5, 0x96, 0xAE, 0x62, 0x3C, 0xFC }, + { 0x5E, 0xAB, 0x66, 0x9D, 0xE8, 0xE7, 0xAD, 0xF1, 0x99, 0x88, 0x4A, 0x41, 0x55, 0x0F, 0x50, 0xDF, 0x88, 0xCA, 0x23, 0x8E, 0x24, 0x7F, 0x14, 0xEC, 0x19, 0x82, 0x3A, 0x1B, 0x10, 0x72, 0x80, 0x3D }, + { 0xC8, 0x8B, 0x10, 0x72, 0xE9, 0xDD, 0x02, 0xEB, 0x04, 0x51, 0x63, 0xA5, 0xF4, 0xC8, 0x62, 0xEE, 0x8A, 0xEB, 0xD4, 0xFF, 0xDF, 0x08, 0x10, 0xBA, 0x63, 0xF6, 0xDF, 0xEA, 0x9D, 0xD6, 0x8C, 0x12 }, + { 0x14, 0x74, 0x77, 0xCB, 0xC1, 0x91, 0x7D, 0x3E, 0x64, 0x8E, 0x64, 0x3C, 0x1E, 0xA4, 0xC2, 0x02, 0x96, 0xA2, 0x11, 0xE3, 0x62, 0x82, 0x52, 0x76, 0xCC, 0xD4, 0xF9, 0xD4, 0xE1, 0x8A, 0x02, 0x43 }, + { 0x62, 0x5C, 0x6D, 0xA8, 0x1A, 0xE9, 0x57, 0xC3, 0x98, 0x37, 0x33, 0x74, 0x14, 0x48, 0x13, 0x96, 0xFB, 0x08, 0x76, 0x05, 0xC9, 0x2B, 0x30, 0x12, 0x45, 0x16, 0xFC, 0xEF, 0x2E, 0x21, 0xDD, 0x5D }, + { 0x34, 0x81, 0x8A, 0x8E, 0x40, 0x2E, 0x0F, 0x77, 0x4E, 0x14, 0x6F, 0xFD, 0x6F, 0xC0, 0x22, 0x04, 0x36, 0x6F, 0xD7, 0x96, 0x01, 0xF9, 0x40, 0xEC, 0x24, 0xA0, 0xB7, 0x41, 0xA4, 0x89, 0xBD, 0xAA }, + { 0x1D, 0x82, 0x85, 0x93, 0x61, 0x73, 0x05, 0x4A, 0x3C, 0x26, 0x15, 0x8E, 0x59, 0xD8, 0x3A, 0xD1, 0x96, 0x63, 0xCA, 0x56, 0x25, 0x8C, 0x0C, 0xE0, 0xDC, 0xD7, 0x3A, 0x93, 0x28, 0xCE, 0xB6, 0x60 }, + { 0x03, 0x36, 0x6F, 0xBA, 0x26, 0x12, 0x6D, 0x86, 0x03, 0x77, 0xA0, 0x99, 0xBD, 0x50, 0x74, 0x2D, 0x4E, 0xAF, 0x48, 0x07, 0x96, 0x0B, 0x95, 0x23, 0xBC, 0xD1, 0x92, 0x30, 0x35, 0xE2, 0xB2, 0xCE }, + { 0xCA, 0x62, 0x9A, 0x9F, 0x9C, 0xC4, 0x2F, 0x3E, 0x5E, 0x87, 0x52, 0x1F, 0xDA, 0xD8, 0x8A, 0x27, 0x79, 0x44, 0x02, 0x7C, 0x4E, 0xA5, 0x30, 0xF1, 0x71, 0xC3, 0xA3, 0x35, 0x5D, 0x17, 0x23, 0x77 }, + { 0x46, 0xCD, 0x1C, 0xFC, 0x20, 0x48, 0x28, 0x4D, 0xF0, 0x40, 0x22, 0x57, 0xFA, 0x5E, 0x9F, 0x50, 0xA6, 0x7C, 0x66, 0xD4, 0x62, 0xB5, 0xB0, 0x7A, 0xF0, 0xF1, 0x1D, 0x7F, 0x11, 0xCC, 0xFF, 0x5F }, + { 0x9E, 0x98, 0x24, 0x3E, 0x13, 0x1B, 0x75, 0xA1, 0x58, 0xA9, 0x8F, 0x54, 0xF9, 0x74, 0x7B, 0x63, 0x4F, 0x31, 0xA2, 0xF4, 0x5F, 0xDD, 0x40, 0xB5, 0x83, 0x54, 0x5B, 0x86, 0x50, 0xB5, 0x53, 0x86 }, + { 0x58, 0xE1, 0x4B, 0x92, 0x3D, 0xCE, 0x27, 0x13, 0x42, 0xA4, 0x7D, 0x4A, 0xE6, 0x93, 0xC6, 0xCD, 0x40, 0x57, 0xE2, 0x30, 0x24, 0x96, 0xA4, 0x4D, 0xBC, 0x26, 0x0A, 0x81, 0x1E, 0xF5, 0xCD, 0x4B }, + { 0x81, 0xB0, 0x80, 0x49, 0x6B, 0x78, 0x96, 0x0E, 0xEB, 0xBF, 0xF7, 0x31, 0x8E, 0x30, 0x8C, 0xF8, 0x58, 0x88, 0x43, 0x12, 0x75, 0xD2, 0x67, 0xEA, 0x60, 0x34, 0xB1, 0x97, 0x0A, 0x0C, 0x42, 0x6F }, + { 0xE0, 0x64, 0x62, 0x9C, 0xC3, 0xA5, 0x9C, 0xE4, 0x0D, 0xA5, 0x39, 0xDC, 0x34, 0x64, 0xE4, 0x24, 0x00, 0xC6, 0x3F, 0xB1, 0x99, 0x24, 0x4C, 0x56, 0xC6, 0x4A, 0x50, 0xA5, 0x25, 0x75, 0x46, 0xA3 }, + { 0xAC, 0x5A, 0x9D, 0x15, 0xB7, 0x3E, 0x9A, 0x2D, 0xEF, 0x69, 0xA5, 0xAF, 0xF6, 0x73, 0x53, 0xC6, 0x9F, 0xA2, 0x7F, 0xA6, 0x62, 0x4B, 0x83, 0x1B, 0x9A, 0xC0, 0x49, 0xFF, 0x55, 0xDF, 0x8B, 0x24 }, + { 0xA4, 0xF0, 0x03, 0x85, 0xCD, 0x93, 0x8F, 0x8F, 0x30, 0x84, 0x92, 0x3B, 0xA6, 0xAC, 0xC1, 0xF2, 0xB4, 0xBE, 0xDB, 0x11, 0x26, 0x7D, 0x28, 0x30, 0x71, 0x07, 0x9A, 0x8B, 0x45, 0x8C, 0xF7, 0x5F }, + { 0x03, 0x23, 0xED, 0xE9, 0xBE, 0x1D, 0x1F, 0xFE, 0x61, 0x2B, 0x9A, 0xE4, 0xC8, 0x1E, 0x59, 0xB7, 0xE5, 0xB8, 0xB5, 0x35, 0xBB, 0x7B, 0x11, 0x14, 0x3A, 0x7C, 0xBE, 0x2E, 0x9C, 0xFF, 0x8A, 0x06 }, + { 0x51, 0xC0, 0x7B, 0xE4, 0x52, 0xED, 0xFA, 0x41, 0x4D, 0x4B, 0xA1, 0x32, 0x39, 0x9D, 0x60, 0x12, 0x45, 0x80, 0xE1, 0xBD, 0xDB, 0xD4, 0xDB, 0xFE, 0xAE, 0x7B, 0x34, 0xC6, 0x03, 0xDA, 0x07, 0xAD }, + { 0x39, 0x97, 0x7C, 0xD7, 0x80, 0xF5, 0x8D, 0x75, 0xDE, 0x7E, 0xDF, 0xAC, 0x2F, 0xF8, 0x55, 0xE8, 0xFC, 0x2D, 0x73, 0x42, 0xAF, 0x65, 0x8B, 0xC4, 0x7E, 0x13, 0x65, 0x19, 0x75, 0x55, 0xC6, 0x48 }, + { 0x27, 0x2F, 0xCF, 0x98, 0x93, 0xE2, 0x30, 0x7D, 0xCE, 0x43, 0x38, 0xCB, 0x2C, 0x83, 0xCB, 0x0C, 0x8D, 0xB5, 0x4E, 0xB4, 0xE6, 0x8A, 0xBB, 0x0D, 0x34, 0x2D, 0x79, 0x36, 0xBD, 0xE4, 0xCC, 0x35 }, + { 0x06, 0x50, 0xE9, 0x3C, 0x2B, 0xB4, 0xC4, 0x91, 0x7E, 0x21, 0xF3, 0xAB, 0xAA, 0xF3, 0x8C, 0x25, 0xE9, 0xA5, 0x38, 0x39, 0x18, 0x96, 0x01, 0xDE, 0x5A, 0x52, 0x59, 0x9F, 0x78, 0x0D, 0xA4, 0xE7 }, + { 0x23, 0xDF, 0xAC, 0xBE, 0x90, 0x49, 0xCD, 0xB2, 0x0F, 0x10, 0x90, 0x36, 0x8C, 0xE7, 0xFD, 0xEB, 0x1A, 0xA5, 0x43, 0x0D, 0x31, 0x7A, 0x73, 0xA2, 0xDF, 0x5C, 0xFA, 0x3A, 0xCF, 0xD5, 0x8A, 0x35 }, + { 0x3C, 0xE0, 0x06, 0xBC, 0xC5, 0xDD, 0xE7, 0xC7, 0x35, 0xAD, 0xA2, 0xA1, 0x6F, 0x80, 0xC1, 0xC2, 0x78, 0xEF, 0xFC, 0x7D, 0x63, 0xC4, 0xD4, 0xB8, 0x0D, 0x96, 0xF1, 0x79, 0xEF, 0xA6, 0xF9, 0xCE }, + { 0x5B, 0x5C, 0x78, 0x5F, 0x9F, 0xEC, 0x70, 0xD8, 0x18, 0x52, 0xBE, 0x61, 0x4B, 0x23, 0x9F, 0x7A, 0x00, 0xDA, 0x85, 0xB1, 0x48, 0xC1, 0x85, 0x13, 0x20, 0x01, 0xFA, 0xC0, 0xDC, 0x77, 0xF3, 0x03 }, + { 0xD1, 0xCA, 0x2A, 0x82, 0x10, 0x03, 0x61, 0xA3, 0xCD, 0xC3, 0xE0, 0xAA, 0xD9, 0xD4, 0x84, 0x56, 0xB8, 0x24, 0xEB, 0xC4, 0x3C, 0x34, 0xDD, 0xA6, 0x92, 0x77, 0x08, 0x11, 0x15, 0x4A, 0xCB, 0xA2 }, + { 0xF8, 0x6D, 0xE9, 0x2A, 0x4C, 0xE8, 0x67, 0x80, 0x91, 0xB3, 0x33, 0xD7, 0x9E, 0x23, 0x6E, 0x43, 0xBB, 0x42, 0xFA, 0x5E, 0xDE, 0x1B, 0xE5, 0x71, 0xF6, 0x76, 0xCF, 0x0A, 0x54, 0x72, 0x59, 0x64 }, + { 0x34, 0x0C, 0x28, 0x58, 0x60, 0x79, 0x13, 0x2F, 0xB3, 0xD4, 0x5F, 0x7A, 0x76, 0x55, 0x9F, 0xAE, 0xF6, 0x37, 0x6F, 0x5E, 0xC6, 0xB8, 0x8F, 0xC4, 0x16, 0xE5, 0x45, 0x63, 0xDA, 0x00, 0x23, 0x06 }, + { 0xCA, 0x54, 0x31, 0x26, 0x16, 0xF8, 0x2A, 0x58, 0xE4, 0x98, 0x55, 0x76, 0xE3, 0x62, 0x1F, 0x3C, 0x43, 0x6E, 0x04, 0xAD, 0xCB, 0x9A, 0xA7, 0x41, 0xB4, 0x77, 0x84, 0xCB, 0x5B, 0x37, 0x56, 0xDF }, + { 0xC1, 0x3E, 0x85, 0x96, 0x5B, 0x1F, 0xD2, 0x79, 0xA5, 0x7F, 0x4F, 0x6E, 0xCB, 0xFA, 0xA9, 0x12, 0xF7, 0x23, 0x25, 0x46, 0x4C, 0x75, 0x24, 0xF3, 0xB4, 0x07, 0x21, 0x6B, 0x7B, 0x60, 0x00, 0xB3 }, + { 0xE5, 0xA0, 0xD5, 0x81, 0x91, 0x8F, 0xFC, 0x2C, 0x3C, 0x38, 0x42, 0xF3, 0xEF, 0xF5, 0xA1, 0x16, 0xA8, 0x6D, 0x9E, 0x42, 0x99, 0x10, 0xF4, 0x28, 0x4E, 0x21, 0x33, 0x85, 0xFC, 0x82, 0x63, 0x31 }, + { 0x4D, 0x09, 0x4C, 0x60, 0x63, 0xE9, 0xE0, 0x41, 0xA8, 0x9A, 0xF7, 0x95, 0xE3, 0xBC, 0xAB, 0xFF, 0x98, 0x2C, 0xD0, 0x84, 0x29, 0x8E, 0xF6, 0x70, 0x08, 0xC8, 0xED, 0xF3, 0xF6, 0x03, 0x84, 0xAB }, + { 0xD0, 0x89, 0xC2, 0xF3, 0x34, 0xDE, 0x3B, 0xC3, 0x5F, 0xFD, 0xF2, 0xA9, 0x14, 0xCF, 0x64, 0x16, 0x3F, 0x14, 0x45, 0x2F, 0xE4, 0xE7, 0x8D, 0x61, 0x48, 0xC1, 0xD4, 0xB4, 0x94, 0xEE, 0x8B, 0x42 }, + { 0xC5, 0x5B, 0x31, 0x1E, 0x27, 0xBF, 0x04, 0x32, 0x4C, 0xDB, 0xF1, 0x47, 0x48, 0x7D, 0x4C, 0x7E, 0x05, 0x02, 0xEE, 0xD3, 0x71, 0x4D, 0x3B, 0x01, 0x2E, 0x03, 0x27, 0x41, 0x86, 0x46, 0xCA, 0x2A }, + { 0xF2, 0x65, 0x10, 0xF6, 0x19, 0xD9, 0xB8, 0xA6, 0x73, 0x5A, 0xA1, 0xCB, 0xF9, 0xF1, 0xC5, 0xBE, 0x5C, 0x46, 0x6F, 0x91, 0xDF, 0x8B, 0x12, 0xAD, 0x1C, 0x74, 0x8E, 0xFA, 0x79, 0x37, 0x2E, 0x72 }, + { 0x89, 0xFC, 0x0E, 0x4F, 0xE6, 0xDC, 0x9A, 0x31, 0x60, 0x6E, 0x51, 0x9A, 0x9B, 0xB8, 0x59, 0xB6, 0x51, 0x09, 0xF9, 0x2B, 0x15, 0x3B, 0xB7, 0xA5, 0x4E, 0x14, 0x4A, 0x31, 0x12, 0x20, 0x2E, 0xDE }, + { 0xD4, 0x5D, 0x85, 0x7D, 0x10, 0xFB, 0x63, 0x0A, 0xF2, 0xDB, 0xBA, 0x3F, 0x05, 0xF4, 0x8B, 0x4F, 0xDC, 0x4F, 0xB2, 0x2B, 0x71, 0x63, 0xA5, 0xEE, 0xFA, 0x90, 0x83, 0x2C, 0xF4, 0xDD, 0x47, 0x28 }, + { 0x40, 0x79, 0x67, 0x73, 0xBF, 0x7B, 0x5E, 0x6B, 0xF0, 0xF4, 0x19, 0x9F, 0x9B, 0x76, 0xDF, 0x9F, 0x31, 0xD3, 0xED, 0x69, 0x74, 0x48, 0xEC, 0x7D, 0x5B, 0x74, 0x80, 0xDD, 0x9D, 0xE4, 0x04, 0x4A }, + { 0x31, 0x4E, 0x7F, 0x6D, 0x82, 0x24, 0xF3, 0xAF, 0x6B, 0x11, 0xEB, 0x38, 0xB3, 0x5A, 0x83, 0xFA, 0x5D, 0x56, 0x41, 0x35, 0xF7, 0xD3, 0x37, 0x9B, 0xA4, 0x46, 0xB3, 0x44, 0x4E, 0x90, 0x38, 0xF4 }, + { 0x45, 0x82, 0xC6, 0x52, 0x62, 0xAE, 0xE5, 0xA8, 0x99, 0xE2, 0xBF, 0x6A, 0x70, 0x47, 0x28, 0xA9, 0x67, 0x47, 0xFE, 0x6D, 0x89, 0xF4, 0x47, 0x81, 0xEB, 0x32, 0x2A, 0xE2, 0x55, 0x37, 0x5E, 0xB1 }, + { 0xFB, 0x38, 0x8B, 0x6B, 0x58, 0xBC, 0xEC, 0x05, 0x01, 0x8D, 0x3C, 0x03, 0xB4, 0xD5, 0xFC, 0x6B, 0xFD, 0x7C, 0x02, 0x74, 0x6A, 0xF1, 0x7C, 0x61, 0x0F, 0x3B, 0xA5, 0x99, 0xBF, 0x88, 0x57, 0xAF }, + { 0x8A, 0x6D, 0xD0, 0x43, 0xFB, 0xDE, 0xE3, 0x18, 0x2A, 0xFA, 0xBD, 0x32, 0x69, 0x49, 0x74, 0x1B, 0x01, 0xD1, 0x80, 0xCB, 0xF2, 0xD3, 0x17, 0x50, 0xEB, 0xFA, 0x2D, 0xE8, 0xA0, 0x4F, 0x2C, 0x19 }, + { 0xA7, 0x0A, 0xF4, 0xB4, 0x75, 0x6A, 0xE1, 0xF3, 0x9A, 0xD9, 0x3B, 0x95, 0xA0, 0x18, 0x35, 0x97, 0x1A, 0x18, 0xA4, 0xFE, 0xAE, 0xB7, 0x9A, 0x4E, 0x45, 0xFA, 0x73, 0xA7, 0x58, 0x1C, 0x1F, 0xA5 }, + { 0x1D, 0x59, 0xE3, 0x38, 0x86, 0xFA, 0xA3, 0xCC, 0x8A, 0xD3, 0x20, 0x28, 0xC6, 0x11, 0xAD, 0x37, 0x59, 0x43, 0xA0, 0x9F, 0xAE, 0x45, 0xCD, 0xF8, 0xE5, 0x0E, 0xA6, 0x3F, 0xA7, 0xE7, 0x9A, 0xA3 }, + { 0x8D, 0x50, 0x18, 0xF9, 0xCF, 0x0C, 0x7F, 0xA6, 0x64, 0x13, 0x2E, 0xDF, 0x4E, 0xE6, 0x65, 0xEA, 0x82, 0xE9, 0xA9, 0x07, 0xAE, 0x60, 0xF5, 0x9D, 0xEC, 0x28, 0xBC, 0x9A, 0x06, 0xB7, 0x43, 0xD7 }, + { 0x3C, 0x01, 0xD6, 0x46, 0x48, 0xB2, 0x83, 0xF8, 0xEB, 0xD2, 0x7E, 0x4C, 0x08, 0x8B, 0x40, 0x2D, 0x9D, 0x0B, 0x6A, 0xAB, 0x7F, 0x60, 0xCC, 0x30, 0xF3, 0x4C, 0x58, 0x2F, 0x14, 0x2F, 0x03, 0x58 }, + { 0xE6, 0x92, 0x1D, 0x0B, 0xCB, 0x8A, 0x22, 0x2B, 0x62, 0xA4, 0x5E, 0x03, 0xC7, 0x79, 0x15, 0x32, 0xE5, 0x58, 0x1A, 0xAC, 0x2F, 0x8E, 0x27, 0x4E, 0x5A, 0xC7, 0xFB, 0xB2, 0x35, 0x2A, 0x2D, 0x8B }, + { 0xA9, 0xCD, 0x81, 0x26, 0x32, 0xEE, 0xAA, 0x2C, 0xAE, 0xAA, 0xDE, 0xCC, 0x21, 0x58, 0x50, 0x55, 0x98, 0x8D, 0xC1, 0xB1, 0x3F, 0x41, 0x19, 0x6B, 0x13, 0x62, 0x27, 0xE4, 0xB8, 0x3B, 0x26, 0xE7 }, + { 0x72, 0x21, 0xC2, 0xFC, 0x55, 0xCF, 0xAA, 0x2F, 0x8D, 0x05, 0x92, 0xB7, 0x85, 0xB0, 0x84, 0x16, 0x6B, 0xA5, 0xDE, 0x6F, 0xC1, 0x50, 0x83, 0xE7, 0x09, 0x3E, 0x51, 0x89, 0x93, 0x14, 0x5E, 0xCA }, + { 0x4F, 0x1A, 0x50, 0x67, 0x96, 0x01, 0xB4, 0x79, 0x03, 0x07, 0x9C, 0xFC, 0x52, 0xAF, 0x06, 0x90, 0xB5, 0x78, 0x3E, 0xBD, 0x6B, 0x27, 0xBB, 0xAC, 0x50, 0xDC, 0x9C, 0xC8, 0xDD, 0x6B, 0xF5, 0x84 }, + { 0x37, 0xC7, 0xDD, 0x62, 0x76, 0xCA, 0xDC, 0x8C, 0x44, 0xDC, 0x37, 0xE5, 0xB8, 0x07, 0xF6, 0x65, 0x65, 0x11, 0x1D, 0xD6, 0x5B, 0xCC, 0xA8, 0x08, 0xD2, 0xEA, 0x78, 0x02, 0x44, 0xD4, 0x65, 0x15 }, + { 0x1B, 0x71, 0x0B, 0xDB, 0xFB, 0x7E, 0x12, 0x79, 0x1E, 0x41, 0x1B, 0xCD, 0x1B, 0x30, 0xC7, 0x08, 0x8E, 0xFA, 0x97, 0xBF, 0x0D, 0xE7, 0x30, 0x6E, 0x9C, 0x2A, 0xC7, 0xC4, 0x18, 0xC0, 0xED, 0x1D }, + { 0x7D, 0xB3, 0xE1, 0xEA, 0xEF, 0x9F, 0x49, 0x9D, 0x30, 0x91, 0x90, 0xEA, 0x9D, 0x15, 0xB7, 0xD0, 0xC3, 0xD1, 0x20, 0xCC, 0xF6, 0x1E, 0xE2, 0x43, 0xB7, 0xD2, 0x56, 0xA1, 0x91, 0x2A, 0xD5, 0xBA }, + { 0xC3, 0xF7, 0x6C, 0x4D, 0x6F, 0xD1, 0x9E, 0x9A, 0x76, 0x8C, 0x14, 0xEF, 0xCD, 0x31, 0x23, 0x6A, 0xA6, 0xB0, 0x33, 0x71, 0x49, 0xFC, 0xCC, 0x5B, 0x29, 0xB3, 0xD9, 0x0C, 0x82, 0xBF, 0x90, 0x6A }, + { 0x32, 0x79, 0x7F, 0x34, 0x46, 0xCA, 0xA8, 0x2E, 0xF0, 0x4D, 0x42, 0x66, 0x1D, 0xF7, 0xFE, 0x33, 0x81, 0x07, 0xCF, 0x6E, 0xED, 0x8D, 0x07, 0x0E, 0x71, 0x6F, 0xEF, 0x84, 0x94, 0x87, 0x17, 0x1A }, + { 0x1F, 0xC4, 0x1D, 0xEA, 0x66, 0xE9, 0x38, 0x9C, 0x90, 0xC8, 0x5D, 0x95, 0x58, 0x80, 0x56, 0x0D, 0x33, 0x05, 0xB7, 0xC6, 0x05, 0xFE, 0x59, 0x5A, 0x68, 0x31, 0xC5, 0x66, 0x75, 0xFB, 0xB7, 0xC3 }, + { 0xA5, 0x9E, 0x36, 0x90, 0x87, 0x34, 0x24, 0xCB, 0xDF, 0x88, 0xD2, 0x63, 0x5B, 0xC9, 0xA4, 0x60, 0xA6, 0x13, 0x1D, 0x0B, 0x0A, 0x52, 0x5B, 0xC4, 0xF5, 0x05, 0xBD, 0xBF, 0x40, 0xBD, 0xF6, 0x14 }, + { 0x5C, 0xD1, 0x30, 0xD0, 0x12, 0x30, 0xF9, 0x6E, 0xDB, 0x16, 0xC1, 0x7E, 0xD6, 0x5A, 0x22, 0xF1, 0x81, 0xE4, 0x86, 0xBB, 0x30, 0x5F, 0xA3, 0x78, 0xFD, 0xD5, 0x0F, 0xCB, 0x90, 0x94, 0x13, 0xF5 }, + { 0xF5, 0x5F, 0x72, 0x4C, 0xBE, 0xAB, 0x9C, 0xB0, 0x1F, 0x2B, 0x32, 0x29, 0xA6, 0xA4, 0x46, 0x12, 0x97, 0x7C, 0xCF, 0xC8, 0xA8, 0x21, 0x43, 0xAE, 0x03, 0x97, 0xB7, 0x28, 0xD2, 0x7A, 0xD1, 0x3E }, + { 0xEC, 0x16, 0x92, 0xCD, 0x8A, 0x2C, 0x74, 0xBE, 0xE2, 0xDB, 0x32, 0x7D, 0xC7, 0x74, 0x9B, 0xF0, 0xBA, 0x81, 0xDF, 0x67, 0xB8, 0x42, 0x0C, 0x38, 0x87, 0x9D, 0xBD, 0xFE, 0xB2, 0x40, 0xFA, 0xD2 }, + { 0xF5, 0x37, 0x78, 0x0C, 0xC9, 0x03, 0xA8, 0xDC, 0x14, 0xBD, 0xF4, 0x0E, 0x45, 0x22, 0x0C, 0xC7, 0xF7, 0xD9, 0x1F, 0x63, 0xDC, 0x40, 0x19, 0xBA, 0x6F, 0xAC, 0x01, 0x18, 0x31, 0xD2, 0x4C, 0x44 }, + { 0x6C, 0xA6, 0x97, 0x60, 0x67, 0xCB, 0x1A, 0xD6, 0xA4, 0xDA, 0x89, 0xA7, 0x12, 0x65, 0xF7, 0x68, 0x90, 0x05, 0x4D, 0x94, 0xD7, 0xAD, 0x91, 0x10, 0xCD, 0xEB, 0x4C, 0x4F, 0xC5, 0xD5, 0x72, 0xEC }, + { 0x88, 0x21, 0x55, 0xC1, 0x37, 0x81, 0xB9, 0xC6, 0xD4, 0xC9, 0xC9, 0x6A, 0xCF, 0x1B, 0xF4, 0xB6, 0xEF, 0xB0, 0x73, 0xDD, 0xC4, 0x8B, 0xA4, 0x76, 0xBA, 0x55, 0x67, 0x6F, 0x49, 0x0E, 0xCD, 0x77 }, + { 0xBE, 0x84, 0xE6, 0x4C, 0x07, 0x88, 0xA8, 0xA0, 0x4D, 0x47, 0x1F, 0x44, 0x91, 0x0C, 0xBC, 0x20, 0xF5, 0x3E, 0x20, 0x35, 0x3A, 0x2B, 0xCC, 0x6C, 0x40, 0x3E, 0xFF, 0x80, 0xFC, 0x3D, 0x25, 0x79 }, + { 0x4B, 0xF6, 0xA9, 0x2E, 0x75, 0x74, 0xD4, 0x66, 0xDC, 0x0F, 0x44, 0xD5, 0x94, 0x91, 0xAD, 0x96, 0x44, 0xF8, 0xFC, 0x7A, 0x15, 0x0C, 0x43, 0x35, 0x4B, 0x31, 0x4F, 0xE7, 0x35, 0x10, 0x01, 0xB3 }, + { 0x00, 0x3C, 0x40, 0xA7, 0x88, 0xE4, 0x6F, 0x5A, 0x7C, 0xF3, 0xCC, 0x60, 0x61, 0x20, 0x03, 0x75, 0xD8, 0xC2, 0x86, 0x64, 0xB3, 0x7C, 0xE1, 0x8F, 0x44, 0x81, 0xA7, 0x9F, 0x53, 0xF0, 0xA5, 0xE1 }, + { 0xA3, 0xCB, 0x7C, 0xB7, 0x00, 0xB4, 0xC7, 0x82, 0xE3, 0x1D, 0xA2, 0x57, 0xCD, 0xFD, 0x78, 0xFB, 0x5A, 0x58, 0x27, 0xC0, 0x10, 0xE7, 0x8C, 0x7F, 0xE4, 0x71, 0x32, 0xD0, 0x99, 0x95, 0x8D, 0xC2 }, + { 0x60, 0x07, 0x15, 0xAE, 0x47, 0x8D, 0xB2, 0xA2, 0x9A, 0x9B, 0x2E, 0x96, 0x4B, 0xA3, 0xB3, 0xC0, 0x23, 0x93, 0x6B, 0xB4, 0x29, 0x9E, 0xE4, 0x15, 0x75, 0x83, 0x3C, 0x8C, 0x49, 0x76, 0xB5, 0x95 }, + { 0xC9, 0x1A, 0xA1, 0xF5, 0x28, 0x72, 0x17, 0x11, 0x52, 0x9E, 0x95, 0xF7, 0x90, 0x70, 0x07, 0x8C, 0x25, 0xF4, 0x44, 0x88, 0x2F, 0x14, 0x9F, 0x58, 0xF8, 0xC1, 0x6B, 0xCF, 0x77, 0xFA, 0x1C, 0x98 }, + { 0x18, 0x1F, 0x02, 0xED, 0x08, 0x7C, 0xDD, 0x6E, 0x00, 0xE6, 0x8E, 0x1B, 0x6E, 0xD9, 0x43, 0xA0, 0x96, 0x55, 0xDC, 0xC9, 0x22, 0x8F, 0xA9, 0xDD, 0xC1, 0x1F, 0xF6, 0x70, 0x83, 0x87, 0x55, 0x2E }, + { 0xEA, 0x81, 0xEA, 0xA6, 0x91, 0x4C, 0x49, 0xB6, 0x59, 0xBB, 0x54, 0x5E, 0x36, 0x1E, 0xE8, 0x50, 0x15, 0x29, 0x12, 0xBF, 0x4D, 0xAA, 0xA5, 0x57, 0x41, 0xBE, 0x98, 0x4B, 0xE9, 0x2E, 0x40, 0x05 }, + { 0xDB, 0x67, 0x03, 0xE8, 0xDF, 0x11, 0xDE, 0x31, 0x5D, 0xD2, 0x68, 0x69, 0xDF, 0xA8, 0x71, 0xF3, 0x8F, 0x25, 0x84, 0x62, 0xE3, 0x5D, 0xFB, 0x4D, 0xEE, 0xFB, 0xA4, 0x09, 0x73, 0xF5, 0x1D, 0xA6 }, + { 0xCB, 0x78, 0x88, 0xE3, 0x01, 0xEB, 0x34, 0xBF, 0x1D, 0xC6, 0xFE, 0x1B, 0xCB, 0xFC, 0x45, 0x70, 0x19, 0x42, 0xD4, 0xB2, 0x4C, 0x0C, 0x77, 0x9C, 0x87, 0x65, 0xF6, 0x65, 0x5B, 0x77, 0x9C, 0x31 }, + { 0xC8, 0x39, 0x57, 0x07, 0x8C, 0xF1, 0x4A, 0xF5, 0x5E, 0x65, 0x28, 0x9C, 0x8D, 0x37, 0x65, 0x15, 0xA6, 0x00, 0x88, 0x85, 0x34, 0x6D, 0xC0, 0xD1, 0x43, 0xDD, 0x05, 0x0D, 0x8F, 0x40, 0x0D, 0x9F }, + { 0x71, 0xBD, 0x38, 0xBF, 0x18, 0xAE, 0x02, 0x59, 0xEA, 0x4B, 0x6C, 0x0D, 0xCE, 0x35, 0x67, 0x6F, 0x05, 0x80, 0x77, 0x24, 0xBF, 0xE5, 0x71, 0x5C, 0x1E, 0xA1, 0x16, 0x16, 0x55, 0xA5, 0x28, 0x6B }, + { 0xBD, 0xA4, 0x2B, 0x99, 0x86, 0x9B, 0x12, 0x30, 0x21, 0xDC, 0x91, 0x87, 0x09, 0x32, 0x59, 0x49, 0xC6, 0x11, 0x91, 0x22, 0x51, 0x8A, 0x11, 0x29, 0x78, 0x85, 0x6B, 0x7D, 0xAC, 0x55, 0xAB, 0xC2 }, + { 0x27, 0x38, 0xF1, 0x37, 0x4F, 0x16, 0xFF, 0xAE, 0x8B, 0xDE, 0xD4, 0xC4, 0x9C, 0x05, 0x32, 0x21, 0xAA, 0xC6, 0x39, 0xD6, 0x96, 0x71, 0x95, 0x98, 0xAE, 0xD8, 0xBC, 0x46, 0xAF, 0xF1, 0x2B, 0x53 }, + { 0x1A, 0x92, 0x93, 0x1C, 0xD9, 0xCB, 0xE6, 0x0C, 0x34, 0x1F, 0xAC, 0xAB, 0x15, 0x79, 0xB2, 0x16, 0x24, 0x64, 0xFC, 0xFE, 0xF6, 0xA0, 0x63, 0x10, 0x57, 0xA6, 0x46, 0xDE, 0x94, 0x58, 0x82, 0xCE }, + { 0x8B, 0x07, 0x9D, 0x8C, 0x63, 0xD5, 0x4B, 0xB0, 0x97, 0xB3, 0x08, 0x72, 0x3C, 0x86, 0xA5, 0x1D, 0xF6, 0xDC, 0x64, 0xCF, 0x46, 0x11, 0x08, 0x7F, 0xC4, 0x58, 0x5D, 0xC6, 0xE8, 0xFF, 0xE3, 0xE8 }, + { 0x2F, 0xF0, 0xD2, 0xB3, 0xF4, 0x28, 0x02, 0xC6, 0x7E, 0x46, 0x27, 0x6B, 0x4B, 0x5E, 0x63, 0xF5, 0xE8, 0xE9, 0x64, 0xFA, 0xA4, 0x72, 0x01, 0xDD, 0xBA, 0x7A, 0x8E, 0xEE, 0xE3, 0xF1, 0x05, 0x03 }, + { 0x7C, 0xDE, 0xF9, 0x2D, 0xB7, 0xB1, 0x9F, 0x90, 0xAD, 0xED, 0x25, 0xDD, 0x0D, 0x71, 0xB0, 0xC0, 0x72, 0xE6, 0x1D, 0x6A, 0x27, 0x4F, 0x54, 0x94, 0x06, 0xA3, 0xF6, 0x37, 0x81, 0x83, 0x96, 0xB4 }, + { 0xEA, 0x78, 0x2A, 0xE7, 0xD1, 0x3B, 0x2A, 0x3E, 0x44, 0x33, 0xB7, 0xA3, 0xA5, 0x57, 0xCF, 0x39, 0x6D, 0x94, 0x5F, 0xFA, 0x6C, 0x4E, 0x81, 0x3D, 0x5C, 0x9E, 0xEA, 0x98, 0x1C, 0xCF, 0x70, 0xD5 }, + { 0xBA, 0x2B, 0x01, 0x64, 0xA2, 0xB7, 0xD9, 0x48, 0x0E, 0x70, 0x8A, 0x6A, 0x89, 0xA5, 0x64, 0x2C, 0xE1, 0x5E, 0x9F, 0xFD, 0xCE, 0x96, 0x7E, 0xF1, 0xB9, 0x31, 0x73, 0x42, 0xB5, 0xBD, 0x20, 0xB8 }, + { 0x75, 0x83, 0x97, 0x50, 0x0E, 0x35, 0x37, 0xCE, 0x8C, 0x8C, 0x8A, 0x42, 0x25, 0xCE, 0x39, 0xCA, 0x61, 0x6E, 0x00, 0x0F, 0x38, 0x0F, 0x99, 0xD5, 0xC7, 0xC9, 0x64, 0x77, 0xB1, 0x0E, 0xD6, 0xB6 }, + { 0x60, 0x33, 0xE5, 0x14, 0xED, 0x62, 0x9D, 0x87, 0x3B, 0x14, 0x95, 0x55, 0x6E, 0x5E, 0x1C, 0xF3, 0x2A, 0x20, 0x6F, 0x17, 0x13, 0xEE, 0x82, 0x84, 0x6A, 0xAC, 0xB9, 0x45, 0x6A, 0x2D, 0xC7, 0x2B }, + { 0x4B, 0x10, 0xF6, 0x2E, 0xA5, 0xEE, 0x03, 0x9A, 0x36, 0x35, 0xCA, 0xFB, 0x3C, 0xE4, 0x4E, 0xD1, 0x0A, 0x59, 0x7C, 0x2C, 0x43, 0xED, 0x84, 0x92, 0xEB, 0x2C, 0x14, 0xB5, 0x35, 0x52, 0x9F, 0x10 }, + { 0x18, 0xA8, 0x38, 0x52, 0xA4, 0x08, 0x73, 0xB3, 0xC6, 0x6D, 0x01, 0x6A, 0x1C, 0xBF, 0x42, 0xB3, 0xAD, 0x48, 0x1D, 0xC8, 0xEE, 0xE9, 0x5B, 0x40, 0x47, 0xC4, 0x4B, 0x32, 0x67, 0x64, 0x36, 0x5A }, + { 0x74, 0xE4, 0xAF, 0x82, 0xF0, 0xC8, 0xF8, 0xB5, 0x95, 0xBA, 0x4C, 0x19, 0x04, 0x0E, 0x46, 0x1F, 0xEE, 0x50, 0xEE, 0x7F, 0x89, 0xBD, 0x02, 0x71, 0x76, 0x1C, 0x40, 0x61, 0xD7, 0x91, 0xCB, 0x2E }, + { 0xB3, 0x1D, 0x0F, 0x5F, 0x42, 0x03, 0xC8, 0xDC, 0xEA, 0x59, 0xF7, 0xF1, 0x91, 0x16, 0xCE, 0x57, 0xF4, 0xA8, 0x93, 0x19, 0xC6, 0x1F, 0x67, 0x5E, 0x38, 0xFE, 0xE3, 0x81, 0xE7, 0x5E, 0x3A, 0xB6 }, + { 0xBE, 0x72, 0x9B, 0xA7, 0x5B, 0x4D, 0xC2, 0x90, 0xA5, 0x13, 0xC5, 0x49, 0x96, 0x9A, 0x65, 0xFF, 0x82, 0x91, 0xD2, 0xAD, 0xD6, 0x45, 0x41, 0x71, 0x28, 0x29, 0x9C, 0xE4, 0x29, 0xB7, 0x77, 0x87 }, + { 0x99, 0x8F, 0x85, 0x08, 0x8A, 0x02, 0xC0, 0xAD, 0xE7, 0x83, 0x68, 0x21, 0x94, 0xAD, 0xF8, 0x99, 0x2D, 0x29, 0x26, 0x51, 0xC3, 0x82, 0x8D, 0xA6, 0x80, 0xA8, 0x23, 0x5A, 0x37, 0x87, 0x85, 0xCD }, + { 0xE1, 0x31, 0xD7, 0xCC, 0x44, 0xFD, 0x53, 0xCB, 0x7A, 0x42, 0xA3, 0x56, 0x29, 0xDE, 0x62, 0xAD, 0x43, 0x82, 0x08, 0x00, 0xF7, 0x14, 0x49, 0xB7, 0x6D, 0x21, 0x00, 0x23, 0x0F, 0x1C, 0x15, 0xCB }, + { 0x15, 0x53, 0x4B, 0xA5, 0xCE, 0xDC, 0xFC, 0xCC, 0xDB, 0xFB, 0xCD, 0x09, 0xAE, 0x9D, 0xC1, 0x83, 0xA4, 0xB5, 0x0E, 0x8C, 0x24, 0x94, 0x39, 0xC7, 0x41, 0x15, 0xCF, 0x59, 0x82, 0xE0, 0xD4, 0x19 }, + { 0x1E, 0x66, 0x2E, 0x1C, 0x35, 0x15, 0x53, 0x3E, 0x58, 0x7B, 0x87, 0xC8, 0x95, 0x86, 0xC8, 0x8F, 0x69, 0xBB, 0x05, 0x6F, 0x6C, 0xC8, 0x4C, 0xE1, 0x93, 0x8B, 0x5B, 0xB1, 0x86, 0x38, 0x40, 0xD7 }, + { 0x2E, 0x47, 0xE1, 0x6C, 0xCF, 0x6E, 0x6C, 0x01, 0xBB, 0xB1, 0x91, 0xEB, 0x7D, 0x70, 0x5F, 0xF6, 0x60, 0x66, 0x05, 0x9D, 0x97, 0x1B, 0x67, 0x17, 0x61, 0x71, 0x41, 0x1D, 0x72, 0x5F, 0x59, 0xEE }, + { 0x72, 0x2E, 0xB9, 0xAC, 0x0D, 0xBD, 0x5A, 0x0C, 0xDC, 0xB2, 0xB7, 0x14, 0x03, 0x1F, 0xEB, 0xA5, 0xF7, 0xDB, 0x4F, 0x06, 0x3E, 0xB8, 0x7F, 0xD2, 0x25, 0x6B, 0xB4, 0x7D, 0xF0, 0xFD, 0xBD, 0xDC }, + { 0xA4, 0xBB, 0x46, 0xA7, 0x2A, 0x3A, 0xC7, 0x2C, 0xA8, 0x03, 0xF4, 0x55, 0x0F, 0x20, 0xCB, 0x48, 0x61, 0xA9, 0x75, 0x69, 0x7B, 0xA8, 0x7A, 0x3E, 0xCA, 0x86, 0x6B, 0x3D, 0xF4, 0x59, 0xFE, 0x5C }, + { 0x0D, 0xA7, 0x6E, 0x6D, 0x92, 0x9D, 0x86, 0xBB, 0x71, 0x4B, 0x89, 0x69, 0xC7, 0x52, 0xEB, 0x0B, 0x6B, 0x7F, 0x63, 0x87, 0x9B, 0x0D, 0x68, 0x45, 0x8D, 0x8B, 0xE1, 0xE7, 0x2E, 0xB3, 0x80, 0x59 }, + { 0x2B, 0xB6, 0x5D, 0xD6, 0xAF, 0x5E, 0x9A, 0x00, 0x12, 0x01, 0x76, 0x81, 0x3C, 0x1E, 0x3C, 0xD3, 0x22, 0x79, 0x9E, 0xA9, 0x7F, 0x2D, 0xA5, 0x49, 0x00, 0xE2, 0xC5, 0x4D, 0x03, 0x60, 0x00, 0xA4 }, + { 0xB9, 0xEB, 0xA7, 0x4F, 0x87, 0x63, 0x8F, 0x09, 0x93, 0x2B, 0xA1, 0xB1, 0xEB, 0xC8, 0x5D, 0x15, 0x28, 0x3E, 0x2E, 0xA6, 0xD9, 0x21, 0x2A, 0x6D, 0x3A, 0x59, 0x52, 0x3E, 0x2E, 0xFD, 0xF7, 0x35 }, + { 0xD2, 0x43, 0x06, 0xF5, 0x97, 0x05, 0xF4, 0xA9, 0x69, 0x53, 0xCF, 0x39, 0xEB, 0xD2, 0x8D, 0xB5, 0xA8, 0x7B, 0xF3, 0x69, 0x9A, 0x7F, 0xCF, 0x3C, 0x3B, 0x46, 0xFB, 0xE7, 0x15, 0x48, 0x9F, 0x9B }, + { 0xBF, 0x1B, 0x86, 0x6D, 0xA3, 0x3E, 0x53, 0x68, 0xC5, 0x31, 0x4C, 0xB7, 0xAF, 0x2D, 0x24, 0x14, 0xB2, 0xB4, 0x36, 0xFE, 0xDA, 0x3B, 0x8E, 0x89, 0xD9, 0x63, 0x9F, 0x06, 0xAA, 0xCD, 0x34, 0x73 }, + { 0x25, 0x28, 0xAA, 0xBA, 0x38, 0x73, 0xCE, 0x29, 0x3D, 0x25, 0xA3, 0x68, 0xED, 0x93, 0x28, 0xAA, 0x47, 0xF8, 0x90, 0x04, 0x8B, 0x8B, 0x5D, 0xDE, 0xE3, 0x1F, 0xA0, 0x92, 0x56, 0x49, 0x2D, 0xD4 }, + { 0x52, 0x15, 0x11, 0x57, 0xBA, 0x28, 0xEB, 0x98, 0x2D, 0xA7, 0x68, 0x39, 0xCF, 0x4F, 0xFC, 0xD6, 0x90, 0x98, 0xD0, 0x6C, 0x1A, 0x26, 0xAA, 0xDB, 0x89, 0x31, 0x7E, 0x76, 0x3C, 0x8D, 0xD8, 0x49 }, + { 0x96, 0xCC, 0x86, 0x2A, 0x1C, 0xFD, 0xFE, 0x93, 0xCA, 0xA7, 0xFD, 0x5A, 0x39, 0xE6, 0x2F, 0xFB, 0xDB, 0x9C, 0xF6, 0xDF, 0x9D, 0xA3, 0x37, 0x58, 0xBF, 0x96, 0x9C, 0x18, 0xF7, 0x75, 0xAE, 0x84 }, + { 0xEB, 0xE7, 0x0D, 0x78, 0x87, 0x86, 0xF3, 0x5E, 0xFD, 0xD0, 0x2C, 0x51, 0xB5, 0xA4, 0x01, 0x19, 0xEC, 0xA6, 0x1D, 0xDF, 0xD1, 0xED, 0x49, 0x17, 0x36, 0xB8, 0x8C, 0x64, 0x1E, 0xC8, 0x7E, 0x24 }, + { 0xB9, 0xFC, 0x14, 0x78, 0xA9, 0x4C, 0x14, 0x74, 0x6A, 0x26, 0xCB, 0x0D, 0xA4, 0x90, 0x7E, 0xBF, 0xED, 0x63, 0x06, 0xC1, 0x58, 0xB2, 0x43, 0x81, 0xE8, 0x4C, 0xB7, 0xC7, 0x9E, 0xF8, 0xFC, 0x55 }, + { 0x4C, 0xA4, 0x8B, 0x2B, 0x9A, 0xD8, 0x6F, 0xB8, 0x7E, 0xDD, 0xDC, 0x9A, 0x2E, 0xA7, 0xE9, 0xBD, 0xB9, 0xBC, 0xFD, 0x51, 0x8B, 0xC6, 0x48, 0x8D, 0xD6, 0xB4, 0xE1, 0x7C, 0x1B, 0xC2, 0x54, 0xC2 }, + { 0xCF, 0x24, 0xDD, 0xFF, 0xCF, 0x07, 0x64, 0xE3, 0xFA, 0x8F, 0xCA, 0x36, 0x72, 0xF6, 0xEA, 0x9F, 0x5B, 0x18, 0xA2, 0x00, 0x63, 0x33, 0x22, 0x67, 0x80, 0x61, 0x7D, 0x12, 0x0D, 0x12, 0x28, 0x21 }, + { 0x14, 0x4C, 0x4E, 0x5B, 0x3F, 0xD9, 0x2E, 0x05, 0x33, 0x47, 0x3E, 0xEB, 0xD7, 0xD5, 0xF4, 0x21, 0x4E, 0x47, 0x88, 0x2B, 0x80, 0x60, 0x0E, 0xE5, 0xEA, 0x39, 0xFB, 0x86, 0x0B, 0x8A, 0xD2, 0x0D }, + { 0xAB, 0x62, 0x6B, 0xBA, 0x73, 0x48, 0x74, 0x25, 0x6C, 0x60, 0xE2, 0xDA, 0xEC, 0xEB, 0x18, 0x3F, 0xFA, 0xA1, 0x35, 0x08, 0x01, 0xBF, 0xFC, 0xF5, 0xC4, 0xDF, 0x8E, 0x57, 0x5F, 0x72, 0x4B, 0x90 }, + { 0x92, 0xC5, 0x42, 0xBC, 0x62, 0xC4, 0xB5, 0x55, 0x08, 0xBB, 0x96, 0x87, 0x75, 0xEA, 0xEB, 0x29, 0xFD, 0x40, 0x69, 0xE9, 0x2D, 0xCB, 0xBF, 0x1B, 0xFE, 0xCD, 0xA5, 0x45, 0xA0, 0x33, 0x08, 0x2E }, + { 0x27, 0x8B, 0xAD, 0xA0, 0x74, 0x29, 0x44, 0xDC, 0xFE, 0x8B, 0xA9, 0x88, 0xD6, 0xB4, 0xFB, 0x80, 0xA0, 0x3D, 0x53, 0xFC, 0xCE, 0xFA, 0x0A, 0x8B, 0x4E, 0x33, 0xC6, 0x14, 0x5E, 0x25, 0xA8, 0x8B }, + { 0x90, 0x1F, 0x67, 0xE6, 0x35, 0x76, 0x8D, 0x7A, 0x57, 0xAC, 0x92, 0xAC, 0xFB, 0x58, 0xD2, 0x4A, 0xD2, 0x43, 0x4C, 0x97, 0xEC, 0xA4, 0xDC, 0x2A, 0x7F, 0xBF, 0x23, 0xD0, 0x78, 0x54, 0x86, 0x87 }, + { 0x03, 0x32, 0x15, 0x85, 0x16, 0xC9, 0x1B, 0xFD, 0x75, 0xDF, 0x30, 0x42, 0x46, 0x4D, 0xB6, 0xF7, 0x56, 0xD3, 0xBF, 0x4D, 0x65, 0xF3, 0x96, 0xDD, 0xD4, 0x39, 0x0E, 0x62, 0x9B, 0x01, 0x9E, 0x8F }, + { 0x8F, 0xDE, 0x76, 0x45, 0xB2, 0xA5, 0xF2, 0x6D, 0x6B, 0x63, 0xDF, 0xE0, 0x14, 0x6E, 0x0A, 0xF1, 0x86, 0xEB, 0x35, 0xC4, 0xCD, 0x11, 0x2E, 0x96, 0xD8, 0x9D, 0xAA, 0x65, 0x12, 0xE1, 0x3C, 0xDD }, + { 0x4E, 0x31, 0x93, 0xCB, 0x00, 0xC9, 0x64, 0x2F, 0x21, 0xA0, 0xA9, 0x80, 0x87, 0xA5, 0xF3, 0x12, 0x77, 0xFB, 0x4B, 0x4B, 0x9C, 0xF3, 0xA9, 0x55, 0xE8, 0xE5, 0x7F, 0x45, 0xF5, 0x9E, 0x8B, 0x1A }, + { 0x4F, 0x44, 0x57, 0x6E, 0x20, 0x3B, 0x73, 0x80, 0xF4, 0xF0, 0x99, 0x4D, 0xC8, 0xDA, 0x3B, 0x52, 0xD6, 0x17, 0xC0, 0x49, 0x62, 0xF9, 0x43, 0x41, 0x07, 0x15, 0x54, 0xC7, 0x4F, 0x35, 0xFD, 0xF3 }, + { 0x2C, 0xF8, 0x69, 0x7B, 0xCF, 0x35, 0xC8, 0x0C, 0x6F, 0x96, 0xC4, 0xB4, 0xCA, 0xCF, 0x3F, 0xB0, 0x59, 0xCA, 0x46, 0x41, 0x14, 0xE9, 0x82, 0xF2, 0x81, 0x82, 0x8E, 0x78, 0x10, 0x04, 0x95, 0x7C }, + { 0x93, 0x31, 0xC1, 0x30, 0xE9, 0x13, 0xB2, 0x88, 0xB1, 0x0D, 0x73, 0x15, 0x4E, 0xDE, 0xA0, 0xFF, 0x97, 0x27, 0xC8, 0xEA, 0x77, 0xD3, 0x9B, 0xE9, 0x16, 0x47, 0x15, 0xAA, 0x69, 0x04, 0x83, 0xD5 }, + { 0xF8, 0xF8, 0x7C, 0xAB, 0xFF, 0x80, 0x30, 0xDA, 0x55, 0x95, 0x3C, 0x58, 0xA0, 0x18, 0x43, 0xB8, 0xEB, 0xFF, 0x2E, 0xF2, 0x62, 0xF5, 0x01, 0xA0, 0x77, 0xE2, 0x0E, 0x67, 0x05, 0xF6, 0xE8, 0x04 }, + { 0x29, 0x8C, 0xD0, 0xB2, 0x42, 0x89, 0xF9, 0x5E, 0xD7, 0xEF, 0x49, 0x31, 0x2A, 0xAE, 0xEF, 0x9A, 0xE5, 0x9D, 0xC7, 0x93, 0xF5, 0x89, 0xAB, 0xA7, 0x06, 0x38, 0x41, 0x74, 0x8C, 0xEC, 0x43, 0x1D }, + { 0x60, 0x89, 0xA4, 0xBB, 0xE4, 0xD1, 0x5B, 0xBC, 0x8D, 0x6B, 0x2E, 0xA5, 0x69, 0x18, 0x73, 0xCD, 0xA6, 0x7F, 0x7E, 0xD2, 0xF0, 0xB9, 0xB1, 0xFB, 0xB0, 0xC0, 0x5D, 0xD4, 0xAD, 0xFC, 0x41, 0xA5 }, + { 0xD1, 0x72, 0x07, 0x9E, 0xF7, 0x1F, 0x7E, 0xBD, 0x34, 0xFE, 0xD9, 0x61, 0x71, 0x39, 0x67, 0x82, 0x3B, 0xDD, 0x17, 0xCA, 0x55, 0xED, 0x37, 0xF4, 0xEF, 0xB0, 0xAF, 0xC0, 0x9D, 0x46, 0x5A, 0xB4 }, + { 0xA6, 0x63, 0x70, 0x1D, 0xB1, 0xEC, 0xE3, 0xD5, 0x03, 0x61, 0xAD, 0x78, 0xF7, 0x37, 0x9A, 0xE3, 0xC8, 0xD1, 0xC1, 0xA3, 0x6F, 0x76, 0x36, 0x92, 0x58, 0xA8, 0x69, 0x9B, 0x64, 0x61, 0x2B, 0x98 }, + { 0x07, 0xC1, 0xA0, 0x97, 0x8D, 0x7E, 0x6D, 0xE4, 0x36, 0xDD, 0xD8, 0xAF, 0x6E, 0xD7, 0x70, 0xDC, 0xDE, 0xEB, 0x1D, 0x50, 0x91, 0xEF, 0xCF, 0x54, 0xE2, 0x6F, 0x0A, 0x77, 0xD1, 0x65, 0xE9, 0xF3 }, + { 0x74, 0x7A, 0x10, 0xDB, 0xA1, 0x03, 0x5D, 0x5D, 0xA7, 0x5A, 0x1C, 0xA2, 0x3E, 0x43, 0x41, 0xCA, 0xBC, 0x27, 0x5B, 0xF6, 0xFA, 0x36, 0x31, 0x47, 0x91, 0x47, 0xA6, 0x37, 0x34, 0xF9, 0x05, 0x7F }, + { 0x07, 0xED, 0x8F, 0x05, 0x30, 0x15, 0x64, 0xE9, 0x21, 0xCA, 0x41, 0x39, 0xE6, 0x18, 0xCB, 0x55, 0x41, 0xA8, 0x42, 0xFB, 0xE4, 0x35, 0xAB, 0x4D, 0x94, 0x52, 0x2D, 0xA8, 0xDC, 0x3F, 0x2F, 0x01 }, + { 0xDC, 0xF1, 0xD5, 0x34, 0x79, 0x0D, 0x3E, 0x06, 0xAE, 0x0B, 0x99, 0xE9, 0x2E, 0x83, 0x76, 0x9E, 0x0D, 0x32, 0xD8, 0x22, 0xB4, 0x3A, 0x88, 0x17, 0x92, 0xF8, 0x3A, 0xDE, 0xAA, 0xD7, 0xB5, 0x18 }, + { 0xB9, 0xDA, 0x49, 0x2B, 0xF4, 0xEC, 0xA3, 0x4B, 0x3A, 0xFA, 0xB1, 0xB4, 0x86, 0xB5, 0xC5, 0x38, 0xCB, 0xC4, 0x01, 0xC5, 0x69, 0xAB, 0xE9, 0x82, 0x99, 0xC0, 0x29, 0xE3, 0x4D, 0xFF, 0x9C, 0x6C }, + { 0x41, 0x2B, 0x10, 0x65, 0x6D, 0xF0, 0x76, 0x4C, 0x87, 0x7C, 0x2A, 0xC8, 0x80, 0x37, 0xB9, 0x15, 0x9B, 0x52, 0xE2, 0x96, 0x0E, 0x91, 0x14, 0x3B, 0x97, 0x9D, 0x2A, 0x40, 0x3A, 0xC7, 0xC6, 0xB1 }, + { 0xF9, 0x8B, 0xBC, 0xBA, 0x2E, 0x27, 0x38, 0xDE, 0x90, 0x9F, 0xB6, 0x67, 0x25, 0xF9, 0x31, 0x7B, 0xA6, 0x31, 0xF8, 0x03, 0x01, 0x73, 0x6A, 0x10, 0x4F, 0xE7, 0xCC, 0x1F, 0x5F, 0xEC, 0x73, 0xD8 }, + { 0x28, 0x49, 0xE8, 0x11, 0xEE, 0x81, 0x63, 0x33, 0x13, 0x41, 0xBC, 0x45, 0x04, 0x30, 0xE5, 0x80, 0x0A, 0x6E, 0xB9, 0x9F, 0x7C, 0x5D, 0x0E, 0xC9, 0xE3, 0xF9, 0x5C, 0x08, 0xA9, 0x54, 0xF0, 0x2C }, + { 0x6E, 0x77, 0x6F, 0xD1, 0xF1, 0x68, 0xCA, 0x2D, 0xE5, 0x67, 0x74, 0xA7, 0x0D, 0x4D, 0xD6, 0xAD, 0x6C, 0x8C, 0x7D, 0x85, 0xC1, 0xB9, 0x7A, 0x31, 0xC0, 0xDA, 0x79, 0x97, 0xE4, 0x96, 0x6A, 0x6E }, + { 0x5A, 0x25, 0x19, 0xEF, 0x40, 0xF3, 0x4F, 0x89, 0x51, 0x19, 0xBC, 0x29, 0xE2, 0x91, 0x3F, 0x23, 0xF0, 0x54, 0x4E, 0xE4, 0x14, 0x3C, 0x32, 0x5B, 0x07, 0xC7, 0x42, 0x7D, 0xC2, 0x3D, 0xCA, 0xE8 }, + { 0x32, 0xF2, 0xF1, 0xD8, 0x10, 0x9C, 0xB2, 0xA1, 0x32, 0xA1, 0xAD, 0x85, 0xA5, 0x7B, 0xF8, 0x15, 0x16, 0x25, 0xD2, 0x84, 0x33, 0x3C, 0x77, 0x74, 0x4A, 0xD7, 0xDD, 0x95, 0x6B, 0x51, 0x03, 0x88 }, + { 0x98, 0x63, 0x49, 0x9E, 0xB1, 0x66, 0xDF, 0x82, 0x2B, 0x10, 0x44, 0xFA, 0x7A, 0x07, 0x44, 0xAB, 0xF9, 0x80, 0xA1, 0xE2, 0xF9, 0xA1, 0x1F, 0x37, 0xF3, 0x25, 0xA7, 0xB1, 0x5D, 0xFE, 0x70, 0x72 }, + { 0x30, 0x91, 0x5C, 0x5F, 0x3D, 0xC5, 0xA1, 0xA5, 0xAB, 0x64, 0xAD, 0x30, 0xA3, 0xCD, 0xE7, 0x82, 0x57, 0x58, 0x4F, 0x05, 0x90, 0x37, 0x0A, 0xC7, 0xD2, 0xAC, 0x5E, 0x46, 0xD1, 0x45, 0xDC, 0xD6 }, + { 0xA6, 0x56, 0x45, 0xBE, 0xE0, 0xCC, 0x3E, 0x53, 0xE4, 0xA5, 0x21, 0xE4, 0xA2, 0x99, 0x6C, 0x31, 0x81, 0xBC, 0x4C, 0x07, 0x2C, 0x24, 0x68, 0x76, 0x16, 0x7C, 0x84, 0x4B, 0xA9, 0x31, 0x54, 0x2D }, + { 0x96, 0x6F, 0xB1, 0xDC, 0x30, 0x56, 0x41, 0x8C, 0x90, 0xF5, 0x5E, 0x46, 0xB8, 0x29, 0xBF, 0x1A, 0x8E, 0xAA, 0x93, 0x57, 0xE0, 0x3E, 0xE9, 0x54, 0xD7, 0x5A, 0x02, 0x43, 0xDE, 0x8A, 0x15, 0x1C }, + { 0x10, 0x4D, 0xA9, 0xE4, 0x5A, 0x9A, 0x04, 0x4F, 0xA8, 0x92, 0x35, 0x77, 0x10, 0x0E, 0x40, 0x95, 0xA6, 0x1E, 0xFF, 0xDC, 0x77, 0xB3, 0x1B, 0x82, 0x90, 0x2F, 0x29, 0xCA, 0x8E, 0x41, 0xAF, 0xE7 }, + { 0xAB, 0x3F, 0x18, 0xF0, 0x3D, 0x04, 0xB6, 0xD9, 0xC7, 0x39, 0x7E, 0x41, 0x72, 0x73, 0x92, 0xE6, 0xAE, 0x50, 0xF3, 0x8F, 0xEE, 0xE0, 0x22, 0x91, 0x04, 0x5B, 0x77, 0x54, 0xD3, 0xC0, 0x04, 0xB8 }, + { 0x52, 0x48, 0x87, 0x9A, 0xEA, 0xD5, 0xD9, 0x82, 0x3D, 0x3B, 0xCF, 0xE9, 0x8F, 0x19, 0xE8, 0xA5, 0x87, 0x17, 0xEA, 0xC7, 0x32, 0xA1, 0x4A, 0xA0, 0x1B, 0x28, 0x9A, 0xD3, 0x1C, 0x9D, 0xAA, 0x8D }, + { 0x79, 0xD1, 0xC3, 0x33, 0x83, 0x02, 0xDC, 0xBB, 0x9A, 0x59, 0xD8, 0x69, 0xA2, 0x57, 0x04, 0x1D, 0x27, 0x48, 0xB4, 0xA5, 0x8C, 0x73, 0x43, 0x56, 0x81, 0x4C, 0x96, 0x28, 0x36, 0x92, 0xB2, 0x1D }, + { 0xDD, 0x41, 0x39, 0xF9, 0x2E, 0xD9, 0xEA, 0xB7, 0xD0, 0x74, 0x6C, 0x49, 0xA6, 0xF9, 0x5F, 0x5B, 0x17, 0xC4, 0x44, 0xF5, 0x1A, 0x76, 0x97, 0xB0, 0x56, 0xA1, 0xEC, 0x6E, 0x54, 0x22, 0x8A, 0x72 }, + { 0x4C, 0xDA, 0xF8, 0xD2, 0xD0, 0xEC, 0xD1, 0x04, 0x5E, 0x49, 0x64, 0x71, 0xE2, 0x2A, 0x25, 0x90, 0xA9, 0x49, 0x83, 0xC6, 0xCF, 0x32, 0x73, 0xCD, 0x88, 0xBF, 0x80, 0xCC, 0xEB, 0x86, 0xA6, 0x33 }, + { 0x93, 0x9E, 0xD9, 0x9C, 0x58, 0xE0, 0x64, 0x70, 0xAE, 0xBA, 0x78, 0xEF, 0xD3, 0x9B, 0x04, 0xDD, 0x1A, 0x5B, 0xE8, 0x03, 0xAC, 0x21, 0x59, 0xC0, 0xA0, 0x18, 0xE4, 0x05, 0xCB, 0x13, 0xE9, 0xB7 }, + { 0x83, 0xB6, 0xBF, 0x71, 0xCD, 0x42, 0x31, 0x77, 0x57, 0x10, 0xBB, 0xED, 0x0D, 0x80, 0x8D, 0xE6, 0x73, 0x2C, 0xDD, 0xD6, 0x4D, 0x51, 0x08, 0xB0, 0x2A, 0x1B, 0x0E, 0x80, 0xCC, 0x61, 0x8E, 0xBD }, + { 0x3C, 0x14, 0x0C, 0x6E, 0xB5, 0x25, 0x3B, 0xD4, 0xEF, 0xF1, 0x9F, 0xBF, 0xCD, 0xC8, 0xA2, 0xBA, 0x5C, 0x49, 0x96, 0xF9, 0xAC, 0x7B, 0xB5, 0x5E, 0xB3, 0x2A, 0x10, 0xF4, 0x5F, 0x67, 0xAD, 0x32 }, + { 0xDF, 0x5D, 0x47, 0xDC, 0xB0, 0x39, 0x3E, 0xD4, 0x3C, 0xA7, 0x7C, 0xBF, 0x8D, 0xE1, 0x62, 0x94, 0xD7, 0x15, 0x40, 0xFA, 0xD5, 0x9B, 0x84, 0x03, 0x9D, 0x5B, 0xD2, 0x62, 0x33, 0x5B, 0x7B, 0xB6 }, + { 0x09, 0xBD, 0xBF, 0xF3, 0x0B, 0xC6, 0x58, 0x09, 0x6D, 0xB3, 0x53, 0xC3, 0x80, 0x16, 0xC4, 0x83, 0x37, 0x6B, 0x72, 0x26, 0x84, 0xDE, 0x43, 0xF0, 0x60, 0x0D, 0xC4, 0xD8, 0xD7, 0xEA, 0x47, 0x9F }, + { 0xFB, 0x81, 0x2E, 0x6D, 0xCF, 0xB0, 0xAF, 0x15, 0x2D, 0x13, 0x8B, 0xCB, 0x27, 0x4C, 0x1A, 0x4D, 0xA6, 0x26, 0x87, 0x0D, 0x1A, 0x95, 0xC7, 0x2B, 0xB7, 0xD9, 0xCF, 0xA6, 0x26, 0x55, 0x89, 0x5F }, + { 0x9B, 0x19, 0xF2, 0x4F, 0xCD, 0x8C, 0xD5, 0xE8, 0x36, 0x52, 0xF0, 0xB5, 0x0B, 0xDB, 0x9B, 0x8A, 0x70, 0x08, 0x57, 0x44, 0xE3, 0xBC, 0x48, 0xB2, 0x03, 0xD1, 0x88, 0xE3, 0x1F, 0x66, 0x47, 0x88 }, + { 0xD9, 0xB9, 0x91, 0x7F, 0x57, 0x2E, 0xEC, 0xFB, 0xE8, 0x6B, 0x9B, 0x8A, 0x62, 0x6B, 0xEE, 0x8E, 0x78, 0xAB, 0x22, 0x9D, 0x38, 0xD5, 0x50, 0xC3, 0xB1, 0xFC, 0x65, 0x83, 0x0B, 0xA4, 0x81, 0xCC }, + { 0x7A, 0xC3, 0x24, 0x74, 0xC9, 0xC4, 0x86, 0x87, 0x0A, 0xA9, 0x6B, 0x6A, 0x8E, 0x23, 0x34, 0x2B, 0x9B, 0x32, 0xC4, 0xB2, 0x4F, 0xF6, 0xA8, 0xAA, 0x28, 0xAB, 0xB2, 0xB6, 0xE3, 0x60, 0xCC, 0xFB }, + { 0x3A, 0x58, 0xF2, 0xFD, 0xD7, 0xF6, 0x5E, 0x53, 0xB0, 0x67, 0xBA, 0x21, 0xA8, 0x95, 0x9A, 0x5D, 0x5C, 0x8A, 0x87, 0xE5, 0x65, 0xE1, 0x43, 0x24, 0xED, 0xA8, 0x78, 0xD6, 0xDF, 0xA8, 0x44, 0xA7 }, + { 0x83, 0x8E, 0x63, 0x3C, 0xAA, 0xD4, 0x84, 0x8F, 0x4C, 0xDD, 0xF4, 0xCF, 0x4B, 0x13, 0xC0, 0x2F, 0x51, 0xBB, 0x20, 0xB8, 0x80, 0x00, 0x82, 0xB5, 0xBB, 0x61, 0x82, 0xC9, 0x56, 0x84, 0x37, 0x93 }, + { 0xA6, 0x2B, 0x1F, 0x26, 0x30, 0x9F, 0xD5, 0x69, 0x0E, 0x74, 0x80, 0xCE, 0x4F, 0x73, 0x54, 0x41, 0x37, 0x45, 0x3B, 0x65, 0xB7, 0x98, 0x8F, 0x89, 0x42, 0xF3, 0x58, 0x68, 0x4B, 0xA2, 0xBD, 0x00 }, + { 0x4B, 0x23, 0xBD, 0xD6, 0x13, 0x7E, 0x71, 0x3F, 0xB6, 0xB7, 0xA6, 0xB4, 0x1D, 0xE3, 0xF8, 0x4D, 0xD5, 0xFF, 0x9E, 0x8F, 0xD5, 0xFF, 0xA4, 0x2E, 0x08, 0x7D, 0xCA, 0x68, 0x42, 0x51, 0xDC, 0xBB }, + { 0x31, 0x29, 0x40, 0x55, 0x42, 0x9B, 0xD5, 0x15, 0xB5, 0xD0, 0x3B, 0xA2, 0x1A, 0x6D, 0xD4, 0xBF, 0xB2, 0xFD, 0xC1, 0xB6, 0x87, 0xF7, 0x6A, 0xBA, 0x26, 0x22, 0x4D, 0x57, 0x0C, 0x68, 0x2D, 0xBA }, + { 0x8D, 0x56, 0x1F, 0x71, 0x1F, 0xDF, 0x4A, 0x47, 0xF2, 0x95, 0x20, 0x7F, 0x4B, 0x1C, 0x06, 0x5A, 0x20, 0x52, 0xF6, 0x7A, 0xE0, 0x0D, 0xD7, 0xC6, 0x08, 0x2E, 0xA7, 0x38, 0xF5, 0xD0, 0x5F, 0x46 }, + { 0xBF, 0xE2, 0x1C, 0xF8, 0x2A, 0x36, 0x29, 0xB8, 0x44, 0xD8, 0x6A, 0x55, 0x27, 0x0F, 0x0D, 0x0C, 0x05, 0xE1, 0xED, 0xD9, 0x4F, 0x41, 0xF5, 0x59, 0x52, 0xBC, 0x6E, 0xC8, 0xC8, 0xD1, 0xFE, 0x7E }, + { 0x0F, 0x6E, 0xEF, 0xA1, 0xAB, 0x35, 0xA1, 0x6F, 0x68, 0x5C, 0x7F, 0x55, 0xBB, 0x21, 0xB7, 0x1E, 0x94, 0x77, 0x85, 0x29, 0x8A, 0x68, 0xE8, 0x44, 0xA4, 0x88, 0x32, 0xB9, 0xAD, 0x61, 0xDB, 0x24 }, + { 0x10, 0x2B, 0x4D, 0x9A, 0x10, 0xE9, 0x91, 0x00, 0xB6, 0xFF, 0x47, 0x02, 0x6B, 0xFD, 0x97, 0xAF, 0x02, 0x25, 0xC7, 0xF4, 0xEB, 0xF4, 0x3A, 0xCD, 0xDD, 0x02, 0xDB, 0x83, 0x18, 0x31, 0xBC, 0xB2 }, + { 0xA2, 0x16, 0xEF, 0x79, 0x8F, 0xDB, 0xB8, 0x95, 0xE0, 0xB4, 0x81, 0x5D, 0xB6, 0xC5, 0x23, 0x03, 0x85, 0x7F, 0xF1, 0x2C, 0x3E, 0xA6, 0xDD, 0x57, 0x98, 0x68, 0x38, 0x77, 0x10, 0x7C, 0x5F, 0x27 }, + { 0xCA, 0x8C, 0x06, 0x7D, 0x13, 0x6D, 0x74, 0x44, 0x33, 0x44, 0x7C, 0xF3, 0xE9, 0x3E, 0x3D, 0xA1, 0x66, 0x3F, 0xA4, 0x41, 0x5D, 0xB8, 0xEF, 0xF8, 0x83, 0x37, 0x12, 0x85, 0x52, 0xC2, 0xD1, 0x2E }, + { 0x16, 0x1C, 0x1B, 0x01, 0xCF, 0x17, 0xBB, 0x7C, 0x0B, 0xDA, 0xE1, 0x93, 0x20, 0x2C, 0x63, 0xCE, 0x65, 0xAE, 0x65, 0x28, 0x0E, 0xF4, 0xB7, 0x03, 0xB6, 0x32, 0x21, 0x5B, 0x3E, 0xDE, 0x83, 0x72 }, + { 0xDB, 0x08, 0xDE, 0x97, 0xB4, 0x40, 0x74, 0x57, 0x34, 0x22, 0xE9, 0x08, 0x15, 0x31, 0x6D, 0x77, 0x35, 0x57, 0xF2, 0x06, 0xD8, 0x74, 0x58, 0x93, 0x94, 0xD9, 0xAB, 0xA9, 0x75, 0xF9, 0x04, 0x64 }, + { 0x69, 0x13, 0x38, 0xEC, 0x05, 0x25, 0xA0, 0xC3, 0xC8, 0x0E, 0x80, 0x16, 0x95, 0xAD, 0x1B, 0x96, 0x09, 0xE1, 0x2D, 0xAC, 0x22, 0x2C, 0xE6, 0x7C, 0xDB, 0xC5, 0x07, 0x9F, 0xCF, 0xB8, 0xF0, 0x7B }, + { 0x15, 0xC6, 0x38, 0xE6, 0x56, 0xD3, 0x11, 0xCE, 0xC1, 0x14, 0xAE, 0xCD, 0xEC, 0x20, 0xB4, 0xD6, 0x1F, 0x9F, 0x8C, 0xE4, 0xA6, 0x37, 0x7B, 0x9D, 0xE9, 0x81, 0x64, 0xF6, 0xD4, 0xD7, 0xBC, 0xC4 }, + { 0xB1, 0x80, 0x49, 0x82, 0x71, 0x2D, 0x94, 0xF9, 0xE3, 0x0A, 0x06, 0x4C, 0x1C, 0xBE, 0x69, 0x1E, 0xD6, 0x6E, 0xFD, 0x98, 0x47, 0x9F, 0x37, 0x22, 0xE0, 0x11, 0x9D, 0xB1, 0x7E, 0x78, 0x17, 0xB4 }, + { 0x99, 0x8C, 0x91, 0x57, 0x6B, 0x32, 0x40, 0x0F, 0xC1, 0x5E, 0x7C, 0x71, 0xAC, 0x17, 0x29, 0x8C, 0x24, 0xB5, 0xA8, 0x34, 0x94, 0xB4, 0x68, 0x98, 0x54, 0x3C, 0x7E, 0xCE, 0x90, 0x70, 0x68, 0x4C }, + { 0x27, 0xED, 0x5F, 0x49, 0x50, 0x7B, 0xB0, 0xDF, 0x1F, 0xD5, 0xA0, 0x80, 0x2F, 0xFC, 0xF4, 0x15, 0xA5, 0x01, 0x72, 0xB0, 0xB9, 0x76, 0x02, 0x72, 0xE4, 0xFD, 0x29, 0x35, 0xC2, 0xC9, 0x39, 0x18 }, + { 0x3B, 0xD6, 0xD9, 0x4B, 0xC4, 0xDC, 0x4A, 0x9E, 0x85, 0xB5, 0xC8, 0xF1, 0x72, 0x10, 0x92, 0xCE, 0x7E, 0x3B, 0x3B, 0xA3, 0xDF, 0x2C, 0x2F, 0x19, 0x42, 0xAB, 0x41, 0x23, 0x56, 0x9B, 0x2A, 0x40 }, + { 0xA8, 0xD9, 0x7C, 0x2B, 0xB8, 0x45, 0x52, 0x7F, 0xF1, 0x84, 0xDE, 0x12, 0xF3, 0xB2, 0x65, 0xD7, 0x74, 0xA8, 0x35, 0x3E, 0x16, 0xEB, 0x60, 0xF4, 0xFC, 0xA3, 0x86, 0x2B, 0xE9, 0x87, 0x53, 0x6A }, + { 0x41, 0x32, 0xDC, 0xE2, 0x10, 0x57, 0x04, 0xC9, 0x71, 0x38, 0x73, 0x1E, 0x82, 0xD9, 0xF3, 0x49, 0xB9, 0xF9, 0xD0, 0xDA, 0xC5, 0xEA, 0xC3, 0xDA, 0x9B, 0xEA, 0x9C, 0x45, 0xC4, 0x98, 0xE7, 0x54 }, + { 0xAA, 0x25, 0xD7, 0x85, 0x78, 0x3A, 0x39, 0xE5, 0x88, 0xE6, 0xE4, 0xD9, 0x09, 0x34, 0x78, 0x0C, 0x88, 0xD2, 0x99, 0xD4, 0x3D, 0x67, 0x1E, 0xC0, 0xFE, 0xBB, 0x3B, 0xA6, 0x9A, 0xF4, 0x92, 0x2D }, + { 0xC4, 0xAA, 0x56, 0x76, 0xC1, 0x7D, 0x30, 0xBA, 0x35, 0x37, 0x8F, 0x03, 0x91, 0xE9, 0xE5, 0xA1, 0xEB, 0xFC, 0xA8, 0x03, 0xE2, 0x6A, 0x76, 0xF7, 0xD6, 0x5E, 0x50, 0xF2, 0x64, 0x57, 0x41, 0x1B }, + { 0xA2, 0xAE, 0xB7, 0x41, 0xD0, 0xD9, 0xD6, 0x21, 0x59, 0x18, 0x7A, 0x05, 0x2E, 0xBB, 0xBB, 0xCF, 0x7D, 0xD6, 0xC6, 0x87, 0x87, 0xDD, 0x39, 0xD0, 0x64, 0xF2, 0xA1, 0xE8, 0x3C, 0xFE, 0x87, 0xEF }, + { 0xFA, 0xAE, 0xE8, 0xDD, 0x0C, 0x53, 0x92, 0xC9, 0x0C, 0xE4, 0x5C, 0x4F, 0x41, 0xE5, 0x0C, 0xAE, 0x6B, 0x78, 0xFE, 0x91, 0xD4, 0x2C, 0xF4, 0x07, 0xB0, 0xCA, 0x4D, 0x6F, 0x50, 0x87, 0xA5, 0xB5 }, + { 0x6C, 0x3B, 0xE8, 0xB6, 0x55, 0x71, 0x0A, 0x7B, 0xEF, 0x08, 0x73, 0x68, 0x06, 0x3B, 0x11, 0x3F, 0x6F, 0xF3, 0x3A, 0xBB, 0x02, 0x5D, 0xEA, 0x8B, 0xB1, 0x43, 0x1B, 0xB4, 0x72, 0x4D, 0x6A, 0x2C }, + { 0x36, 0x07, 0xE8, 0x69, 0x66, 0x98, 0x8E, 0x87, 0x9C, 0x7A, 0x70, 0x76, 0x75, 0x7C, 0x93, 0x20, 0xF7, 0x93, 0x3F, 0x96, 0xC1, 0x80, 0x90, 0xF2, 0x2C, 0x54, 0xAA, 0x65, 0x9C, 0xEA, 0xAB, 0xAD }, + { 0xB2, 0x7F, 0xEA, 0x26, 0x17, 0x16, 0x63, 0x58, 0x8D, 0xC3, 0x61, 0x9A, 0x4B, 0x36, 0x2A, 0x38, 0x96, 0x77, 0xFA, 0x1B, 0x28, 0x0F, 0x93, 0xD0, 0x12, 0xC2, 0x1A, 0x55, 0xF7, 0x2F, 0x60, 0xD1 }, + { 0x00, 0x51, 0xF1, 0x55, 0x1E, 0x6F, 0x30, 0x8D, 0x4B, 0xEE, 0xA7, 0xA0, 0x39, 0x73, 0xE6, 0xB9, 0x56, 0xF2, 0x8A, 0xC6, 0x57, 0xEF, 0x85, 0x2F, 0xF1, 0x7A, 0xB3, 0xC9, 0x27, 0x99, 0xEC, 0xAD }, + { 0x7C, 0x9C, 0x80, 0x8F, 0x6E, 0x4A, 0x12, 0xF4, 0x13, 0xAD, 0x52, 0xE8, 0xAF, 0x77, 0x24, 0xD8, 0xF5, 0x9B, 0xF5, 0xE6, 0x62, 0xD6, 0xF6, 0xC8, 0x50, 0x8F, 0x93, 0xA0, 0x5C, 0x74, 0x23, 0xE5 }, + { 0xF5, 0x50, 0xEC, 0x9B, 0xAC, 0x06, 0x3B, 0x87, 0x67, 0xB8, 0xA2, 0xEA, 0xDD, 0xDB, 0x4B, 0xE4, 0xC7, 0xF1, 0x06, 0xAE, 0xDE, 0x97, 0xFC, 0x53, 0x1F, 0x6D, 0x83, 0x74, 0xC2, 0x03, 0x27, 0x9B }, + { 0xB4, 0x46, 0x3D, 0x5B, 0x7C, 0xBC, 0xFD, 0x19, 0xBC, 0xA5, 0x74, 0x32, 0xB0, 0x1F, 0xA7, 0xD9, 0x80, 0x8E, 0x7E, 0xD2, 0x08, 0x37, 0xF2, 0xAD, 0x73, 0x26, 0x86, 0x86, 0xD2, 0x66, 0x73, 0xB3 }, + { 0x0A, 0xD5, 0x02, 0x63, 0xC4, 0x5B, 0xE8, 0x58, 0x99, 0x90, 0xDB, 0x8A, 0xEA, 0x8A, 0x41, 0x9F, 0xF9, 0x05, 0x72, 0xB3, 0x32, 0x42, 0x49, 0xEA, 0x20, 0x16, 0x89, 0xA2, 0x01, 0x56, 0x45, 0xC3 }, + { 0xB1, 0x7D, 0x30, 0xB7, 0xCE, 0x5A, 0x37, 0xBE, 0x9D, 0x01, 0xC6, 0x50, 0x97, 0xBA, 0x63, 0x3E, 0x95, 0xD6, 0x48, 0x00, 0xBA, 0x8B, 0xA7, 0x9F, 0x69, 0x31, 0xF0, 0xF7, 0x9B, 0x07, 0x0F, 0xDD }, + { 0xDC, 0x4C, 0xD7, 0x19, 0x8F, 0xBE, 0xBB, 0xEA, 0x5E, 0xC7, 0xE4, 0x60, 0xF7, 0xF6, 0xE1, 0xE5, 0x61, 0x15, 0x3C, 0x57, 0x6C, 0xAD, 0x8A, 0x33, 0x6B, 0xF9, 0x99, 0xFA, 0xD6, 0xC3, 0xE6, 0x4A }, + { 0xE0, 0x6A, 0x33, 0x02, 0x58, 0xE4, 0x39, 0x26, 0x41, 0x1D, 0xB6, 0x27, 0xBE, 0x62, 0x4E, 0xF2, 0x91, 0x91, 0x44, 0xB7, 0xA3, 0x4B, 0x72, 0x07, 0x55, 0x39, 0xBE, 0x4E, 0x35, 0xDC, 0x36, 0xEC }, + { 0x21, 0x24, 0x05, 0x2C, 0xCA, 0x1E, 0x81, 0xEF, 0x39, 0xC7, 0x6F, 0x56, 0x23, 0xE8, 0x75, 0x67, 0x0C, 0x9C, 0x1C, 0x7A, 0x38, 0x91, 0xE5, 0xA7, 0xDF, 0x64, 0x57, 0x8C, 0x5A, 0xB4, 0x24, 0x37 }, + { 0x6E, 0xE0, 0x35, 0x7A, 0xE3, 0xC7, 0x1A, 0x3C, 0x79, 0xE3, 0x60, 0xE3, 0xA4, 0xF0, 0xC2, 0x31, 0x01, 0xBF, 0x10, 0x42, 0xB1, 0xCE, 0xDA, 0xC6, 0x44, 0x99, 0x6F, 0xCD, 0x26, 0x08, 0x7F, 0xF9 }, + { 0x75, 0xB5, 0x0D, 0x34, 0xD8, 0xD3, 0x49, 0x04, 0xED, 0x49, 0xCE, 0x12, 0x1A, 0x5A, 0xC5, 0x41, 0xA4, 0xB4, 0x86, 0x98, 0x49, 0x57, 0xD0, 0x20, 0x4B, 0xA2, 0x16, 0xDF, 0x49, 0xB2, 0xA0, 0xB9 }, + { 0xAF, 0xFE, 0xF6, 0xFE, 0xC7, 0xA0, 0x39, 0xE8, 0x55, 0x2B, 0xF5, 0x0C, 0xC4, 0xB2, 0x55, 0x27, 0x7F, 0x47, 0xBE, 0xEB, 0x5B, 0x7F, 0x01, 0xDE, 0x95, 0x51, 0x66, 0xB4, 0x19, 0x2F, 0x40, 0xE6 }, + { 0xFE, 0xD8, 0x44, 0xBF, 0x7B, 0x45, 0x40, 0xB9, 0x60, 0x03, 0x37, 0x4D, 0x23, 0xF3, 0x27, 0x6D, 0x25, 0xB7, 0xAA, 0xBC, 0x3C, 0xF2, 0x1B, 0xB6, 0x21, 0x9B, 0xB4, 0x14, 0x50, 0x30, 0xD7, 0x70 }, + { 0xF1, 0x4A, 0x1E, 0xCD, 0xBD, 0x04, 0x47, 0xCE, 0x7D, 0x5A, 0x2D, 0xFE, 0xEC, 0x7C, 0xB2, 0x14, 0x9A, 0x72, 0xAD, 0x2A, 0xE5, 0x40, 0x0B, 0xD1, 0x42, 0x57, 0x01, 0xCE, 0x5A, 0x48, 0xF8, 0x6D }, + { 0xBD, 0x42, 0xBE, 0x49, 0x52, 0x38, 0xA0, 0x00, 0x88, 0x69, 0x2F, 0x65, 0xE4, 0x7D, 0xD9, 0xE2, 0xB8, 0x22, 0xAA, 0x86, 0x16, 0xEA, 0xD1, 0x17, 0x99, 0xF6, 0x0E, 0x62, 0x87, 0x04, 0x2A, 0xA9 }, + { 0xB7, 0xCD, 0x36, 0xE6, 0x75, 0x8B, 0x5F, 0xE1, 0x6B, 0xFE, 0xDF, 0x6D, 0xF7, 0xF4, 0xFF, 0xFC, 0xBF, 0x76, 0x51, 0x39, 0xE7, 0xCD, 0x05, 0x68, 0x09, 0x26, 0xEF, 0xCA, 0xC3, 0xD2, 0x3E, 0x27 }, + { 0x2F, 0xC5, 0x59, 0x4E, 0x86, 0x5C, 0x68, 0xD5, 0xEB, 0xD2, 0x73, 0x42, 0xB8, 0x9D, 0x43, 0xA9, 0x1B, 0x08, 0x1C, 0x6B, 0x47, 0x06, 0x6F, 0xC9, 0x49, 0xB2, 0x48, 0xE6, 0x04, 0x46, 0x9B, 0xF3 }, + { 0x7C, 0x8E, 0x9D, 0xED, 0x13, 0x97, 0x76, 0xE3, 0x8F, 0x4C, 0x3E, 0x35, 0x70, 0x75, 0x5B, 0x55, 0x5D, 0x34, 0x9F, 0xEC, 0xB5, 0x9F, 0x4E, 0x46, 0xB8, 0x6F, 0x45, 0xF2, 0xF2, 0x39, 0x47, 0x98 }, + { 0xE2, 0x18, 0x85, 0x63, 0x54, 0xA2, 0x62, 0x86, 0xC6, 0xA6, 0xCE, 0x14, 0x54, 0x00, 0x7A, 0xDC, 0x7E, 0x3C, 0x7C, 0x18, 0xA0, 0xFB, 0xDB, 0xD3, 0xD3, 0xCF, 0xBF, 0x0C, 0xDA, 0x59, 0x22, 0xBB }, + { 0xC0, 0x18, 0xA3, 0x61, 0x24, 0x34, 0x4E, 0x7C, 0x12, 0x54, 0xF5, 0x56, 0xA9, 0xE2, 0x8F, 0xF8, 0xA4, 0xF2, 0x90, 0xF5, 0x29, 0x43, 0x37, 0xDD, 0xEB, 0x77, 0x3D, 0xAC, 0xD9, 0x7D, 0x89, 0x0C }, + { 0x9B, 0x82, 0xCF, 0xAE, 0x94, 0x42, 0xCA, 0x86, 0x09, 0x8A, 0xC8, 0xB6, 0xF2, 0x9C, 0xB4, 0x9F, 0x5C, 0x87, 0x95, 0xEF, 0x16, 0xD4, 0xEC, 0xD8, 0x8C, 0x8C, 0x2D, 0x14, 0x1A, 0xD3, 0x23, 0x40 }, + { 0xC4, 0x1A, 0x67, 0x6F, 0x6F, 0xED, 0x49, 0x8A, 0x38, 0xFB, 0x51, 0x5C, 0x34, 0x1F, 0x3F, 0xAD, 0x20, 0xF8, 0xF5, 0xE5, 0xC8, 0x4A, 0xE2, 0xBA, 0x9E, 0x79, 0x72, 0x8C, 0x9F, 0x3F, 0x65, 0x7F }, + { 0xBD, 0x01, 0xB1, 0x67, 0x47, 0xD5, 0xA2, 0x48, 0x33, 0xA7, 0xAA, 0xE8, 0x25, 0x3F, 0x2A, 0x48, 0xA9, 0xFF, 0xB0, 0x42, 0x9E, 0x23, 0x70, 0x01, 0x3A, 0xFC, 0x6B, 0x5B, 0x74, 0x22, 0x16, 0xCB }, + { 0x70, 0x8E, 0x9A, 0xC3, 0x67, 0xAB, 0x1F, 0x7A, 0x91, 0x09, 0x20, 0xCF, 0x90, 0x87, 0x81, 0xAA, 0xDF, 0x04, 0x2A, 0xAE, 0x44, 0xA2, 0xF2, 0x91, 0xBB, 0x77, 0x82, 0xB2, 0xEF, 0xDD, 0xAE, 0x46 }, + { 0xBF, 0xF7, 0xD1, 0xEB, 0xB9, 0x82, 0x51, 0x5E, 0xE4, 0xB0, 0xA5, 0x4C, 0x6A, 0x29, 0xA0, 0x4E, 0xBF, 0x84, 0xAF, 0xDC, 0x48, 0xCA, 0xB2, 0x4C, 0x94, 0xB4, 0x0E, 0xB9, 0x40, 0xE9, 0xDE, 0x0D }, + { 0xC7, 0x12, 0x81, 0xB3, 0xFD, 0xF8, 0x46, 0x77, 0x74, 0xE6, 0xEE, 0xF1, 0xC8, 0xA0, 0x46, 0xF2, 0xA9, 0xD4, 0x29, 0xAE, 0xBE, 0x34, 0x3C, 0xB6, 0x70, 0x62, 0xC1, 0xAE, 0x9D, 0xA4, 0x63, 0x3D }, + { 0xFE, 0x3C, 0x1E, 0xA3, 0x85, 0x6D, 0x98, 0x6C, 0xEB, 0xD8, 0x4A, 0x4F, 0x6E, 0xDE, 0x41, 0x61, 0x15, 0x02, 0xAA, 0xB7, 0x11, 0xEB, 0x58, 0xAF, 0xA1, 0xA2, 0xAF, 0xCF, 0xE0, 0x0B, 0x00, 0xB0 }, + { 0xA9, 0x04, 0x4C, 0xE7, 0xB7, 0xFD, 0x2E, 0xC3, 0x00, 0xC6, 0xB0, 0x70, 0xE1, 0xEA, 0x0D, 0x71, 0xF4, 0x0E, 0x67, 0x54, 0x2A, 0x45, 0xA0, 0x55, 0x59, 0xA7, 0xCD, 0xF7, 0x2F, 0xB8, 0x43, 0x28 }, + { 0xBF, 0xF0, 0xA7, 0x2F, 0x4F, 0x57, 0x80, 0x0B, 0xF3, 0x44, 0xFB, 0x57, 0x94, 0xC3, 0x33, 0xAC, 0xB2, 0xB9, 0x91, 0x74, 0xC3, 0xAB, 0x10, 0xF8, 0x8E, 0xB1, 0x98, 0xE3, 0x44, 0xED, 0x50, 0x26 }, + { 0xD5, 0xC6, 0x14, 0x55, 0x4D, 0x87, 0x2A, 0xE4, 0x05, 0x61, 0xAB, 0xC1, 0xDC, 0x3A, 0x80, 0xCC, 0xFE, 0xFD, 0x21, 0x66, 0x95, 0x4F, 0x08, 0x76, 0x29, 0x35, 0x95, 0xE4, 0x0E, 0xC3, 0xB0, 0x8C }, + { 0xF6, 0xB9, 0x85, 0xAE, 0x6F, 0xE9, 0x61, 0x53, 0x55, 0x52, 0xB0, 0x40, 0x9A, 0x99, 0x97, 0x1C, 0x54, 0xEF, 0x22, 0x88, 0x4F, 0x5B, 0x3A, 0x32, 0x48, 0x2B, 0x8E, 0xE8, 0x16, 0xEA, 0x03, 0x8E }, + { 0x5B, 0xAB, 0xDF, 0x61, 0x79, 0xA0, 0xC3, 0xD2, 0x4A, 0x4B, 0xAC, 0xFE, 0xEB, 0x8B, 0x11, 0x42, 0xCC, 0xB7, 0x32, 0xF2, 0x9C, 0xC5, 0x15, 0x51, 0xA4, 0x89, 0xB0, 0x01, 0x7E, 0xE5, 0x3D, 0x51 }, + { 0x1F, 0xBB, 0x58, 0xDF, 0xBF, 0x0B, 0x9D, 0x97, 0x5E, 0xBE, 0x81, 0xE7, 0x55, 0xD9, 0x8C, 0x72, 0xDE, 0x73, 0xAC, 0xEA, 0xF3, 0xD6, 0x72, 0x96, 0xF8, 0x1B, 0x78, 0xB2, 0x8D, 0x55, 0x16, 0x1B }, + { 0xC8, 0xCD, 0x6A, 0xDA, 0xE5, 0xA8, 0xB1, 0x00, 0xF8, 0xF1, 0xCF, 0xA3, 0x6E, 0x2E, 0x39, 0x6A, 0xD0, 0x02, 0x8B, 0xAE, 0x5A, 0x92, 0xF5, 0x1B, 0xB7, 0x3B, 0xC0, 0x38, 0x34, 0x24, 0xDA, 0xC0 }, + { 0x44, 0x0E, 0x0F, 0x91, 0xCD, 0x40, 0xC6, 0x3A, 0x56, 0x6E, 0x14, 0xB3, 0x40, 0xD5, 0x65, 0x02, 0x00, 0x23, 0x57, 0xF7, 0xB8, 0x83, 0xA5, 0xDE, 0xEC, 0xBD, 0x8A, 0xAD, 0xA9, 0xE2, 0x9D, 0xC8 }, + { 0x17, 0xF5, 0xA0, 0x14, 0xF7, 0xC2, 0xCD, 0xBB, 0x37, 0x34, 0x64, 0xD8, 0x26, 0xF6, 0xD2, 0x21, 0xE1, 0x25, 0x62, 0xA9, 0x6E, 0xA2, 0xC8, 0xD3, 0x6A, 0xDF, 0xE4, 0xBB, 0xCF, 0x5B, 0x60, 0x03 }, + { 0x02, 0xB7, 0x7B, 0xBC, 0xAF, 0xA2, 0x02, 0xDE, 0xB8, 0xA4, 0x59, 0x5F, 0x00, 0x9D, 0x4C, 0x16, 0xE3, 0xE9, 0x9D, 0xD7, 0x2E, 0x9E, 0xFC, 0xFF, 0x63, 0x26, 0x66, 0x18, 0xD1, 0x5A, 0xB7, 0x1E }, + { 0x1A, 0x7F, 0xD6, 0xD1, 0x5A, 0xF9, 0x81, 0x37, 0xB3, 0x7C, 0xD2, 0x44, 0xAA, 0x57, 0x20, 0xA9, 0xEA, 0x16, 0xD6, 0x54, 0x86, 0x94, 0x33, 0x5B, 0xD0, 0xEC, 0x41, 0xCF, 0x4A, 0x77, 0xA5, 0xD3 }, + { 0x97, 0xB4, 0x5D, 0x99, 0xCD, 0x21, 0xE1, 0xB1, 0x07, 0x3F, 0xEF, 0x00, 0x4F, 0x80, 0x07, 0x23, 0x00, 0x53, 0x19, 0x92, 0xDF, 0xB8, 0x89, 0x48, 0xB1, 0x7C, 0xD6, 0xDA, 0xBA, 0x3E, 0x84, 0x17 }, + { 0x16, 0xC5, 0xC9, 0xB5, 0x76, 0xBF, 0xF4, 0xFA, 0xE0, 0x5F, 0xC1, 0x4F, 0xB3, 0x60, 0x02, 0x3B, 0x4C, 0xE9, 0xC7, 0x3D, 0x07, 0x88, 0x5E, 0xE1, 0x08, 0xB2, 0x3E, 0x2D, 0x71, 0x7E, 0x6C, 0x04 }, + { 0x55, 0xC4, 0x43, 0xDC, 0x1F, 0x1E, 0xBD, 0x7C, 0x83, 0x47, 0x06, 0x3F, 0x5E, 0xB3, 0x0C, 0xE0, 0x54, 0xE5, 0x8F, 0x6E, 0xD3, 0x12, 0x53, 0xE8, 0x1D, 0x30, 0xB5, 0xD9, 0x82, 0xA1, 0xB3, 0x81 }, + { 0x6B, 0x8F, 0x18, 0x0B, 0x6C, 0x98, 0x35, 0xD0, 0x67, 0x01, 0xD8, 0xF2, 0x2E, 0xAE, 0xD3, 0xC8, 0x4F, 0xF5, 0x84, 0xA6, 0x7C, 0x56, 0xC2, 0x51, 0x17, 0xCB, 0x7A, 0x86, 0x86, 0x3E, 0x46, 0x06 }, + { 0xEB, 0xA8, 0xA9, 0xC2, 0x66, 0x16, 0xBA, 0x17, 0xDE, 0x28, 0xE9, 0x82, 0x48, 0xA3, 0x87, 0x84, 0x3A, 0xEE, 0x00, 0x3B, 0x4D, 0x98, 0x4D, 0x19, 0x2C, 0x81, 0xE4, 0x31, 0xA1, 0xAF, 0x5A, 0xB2 }, + { 0xA1, 0x80, 0x9A, 0x61, 0x79, 0xAD, 0xC6, 0x06, 0x7E, 0xDD, 0x81, 0x01, 0x23, 0xAD, 0x2B, 0x59, 0x0B, 0xFD, 0x71, 0xEC, 0x0E, 0xBA, 0xAF, 0xFB, 0xA2, 0xCD, 0x56, 0x41, 0x4F, 0x3F, 0xDB, 0x5D }, + { 0x29, 0xF3, 0xDB, 0xF7, 0x0F, 0xED, 0x14, 0xBC, 0x2B, 0x4C, 0x95, 0x03, 0xCF, 0xFF, 0x7F, 0x7F, 0xC4, 0x5C, 0x9D, 0x47, 0xA8, 0x59, 0x5F, 0xCD, 0x1B, 0x6C, 0x4A, 0x48, 0x46, 0xAF, 0x95, 0x05 }, + { 0xEC, 0x21, 0x6E, 0xF1, 0xE9, 0x02, 0xD1, 0x18, 0xAF, 0x0F, 0xC2, 0xDD, 0x6E, 0xD3, 0xB5, 0xAB, 0x5D, 0xF2, 0x60, 0x0E, 0x7B, 0xB3, 0xA7, 0xE0, 0x09, 0x6C, 0xF2, 0x0B, 0x93, 0x3E, 0xCC, 0x0A }, + { 0xC9, 0x78, 0x6A, 0x90, 0xC9, 0xDD, 0x20, 0x2E, 0x08, 0x66, 0x64, 0x6F, 0x53, 0x93, 0xE3, 0x23, 0xB4, 0x2C, 0xC8, 0x77, 0xD0, 0x4C, 0x35, 0xBF, 0x1F, 0x5E, 0x66, 0xC0, 0xC5, 0x0B, 0xD4, 0x1E }, + { 0x92, 0x17, 0xD7, 0x92, 0xE4, 0x81, 0x98, 0xAA, 0x29, 0x30, 0x03, 0x3D, 0x54, 0x3E, 0x12, 0xDE, 0x1A, 0x77, 0x46, 0x44, 0x51, 0xFC, 0x3C, 0x3C, 0x2E, 0xAB, 0xE9, 0x9C, 0xEA, 0x33, 0xC3, 0xCA }, + { 0xE1, 0x02, 0xF6, 0xB9, 0x59, 0x7D, 0xE4, 0xDC, 0x12, 0x89, 0xB7, 0x0A, 0x1B, 0xFC, 0xD5, 0xC0, 0xC8, 0x51, 0x1A, 0x88, 0x78, 0x86, 0x64, 0xE2, 0x65, 0x04, 0xF4, 0x12, 0xAC, 0xF4, 0x30, 0xF0 }, + { 0xFA, 0xCE, 0x40, 0x47, 0xFE, 0x38, 0x83, 0xD4, 0xB6, 0x22, 0x9C, 0xF1, 0x8A, 0x4B, 0xEA, 0x6E, 0x81, 0x1C, 0xD4, 0x4A, 0x88, 0x1B, 0x22, 0x69, 0x5C, 0x4C, 0xD6, 0x98, 0xE5, 0x42, 0xC5, 0x5C }, + { 0x9D, 0x17, 0x5D, 0x76, 0xB8, 0xA4, 0x27, 0x12, 0x4A, 0xFF, 0xC4, 0x3C, 0x2E, 0x8B, 0x17, 0xD5, 0x3E, 0xCC, 0xDB, 0x2B, 0xFB, 0x47, 0x53, 0x82, 0x11, 0x99, 0x8D, 0x20, 0x6D, 0x90, 0x3A, 0x5F }, + { 0x9D, 0x3B, 0xDC, 0xA3, 0xF3, 0x28, 0xEF, 0x66, 0xCB, 0xB1, 0x84, 0xD6, 0xD2, 0xE8, 0xBC, 0x71, 0x71, 0x9E, 0x26, 0xFF, 0x75, 0xCB, 0x79, 0x28, 0x0B, 0x3B, 0x20, 0xE8, 0x16, 0x68, 0x26, 0xF9 }, + { 0x0D, 0xA1, 0x29, 0x3E, 0x4E, 0xDB, 0xD5, 0x22, 0x3F, 0x40, 0xD1, 0xAF, 0x51, 0xAC, 0x59, 0x83, 0x8C, 0xBD, 0xDD, 0x85, 0xE8, 0x0F, 0x92, 0xF1, 0xCA, 0x7B, 0xE9, 0x06, 0x21, 0x4C, 0x86, 0x19 }, + { 0x7F, 0x0C, 0x9D, 0xE8, 0x49, 0xC6, 0x4E, 0x21, 0x67, 0xC3, 0x70, 0x81, 0x45, 0x90, 0x40, 0x53, 0x5D, 0x77, 0x48, 0x99, 0x5E, 0x39, 0xCD, 0x9E, 0x33, 0x23, 0x56, 0xF1, 0xD8, 0x89, 0x8C, 0x65 }, + { 0xE3, 0x6A, 0x98, 0x30, 0x70, 0x54, 0xF9, 0x8F, 0xC1, 0x45, 0x4E, 0x37, 0x5E, 0xD0, 0x49, 0xDC, 0x24, 0x82, 0x78, 0x51, 0x5B, 0xFD, 0x5F, 0x2F, 0x40, 0xFE, 0xFC, 0x0C, 0x08, 0xA2, 0x1B, 0xE6 }, + { 0xC6, 0x7A, 0xA4, 0xF8, 0x9F, 0xDE, 0xFE, 0xD2, 0x40, 0xBB, 0xE6, 0xBD, 0x11, 0x11, 0x30, 0xCD, 0x3B, 0xBC, 0x5B, 0xE1, 0x55, 0xA5, 0xD4, 0x9B, 0x43, 0xE3, 0x89, 0x47, 0xBF, 0x6C, 0x38, 0xD4 }, + { 0xF1, 0x16, 0xD1, 0x8E, 0xAE, 0x30, 0x8E, 0x96, 0x1D, 0xE8, 0x73, 0x0F, 0x55, 0x33, 0xE9, 0xB2, 0x4E, 0x28, 0x5B, 0x8E, 0x4D, 0x48, 0xC8, 0x08, 0x2E, 0x41, 0x35, 0x3B, 0xE0, 0xFA, 0x7B, 0x0E }, + { 0xA5, 0x8F, 0x42, 0x5A, 0x11, 0x52, 0xE8, 0xE2, 0xDD, 0x7C, 0x19, 0xA2, 0xE3, 0xBD, 0xF9, 0x8D, 0x38, 0x45, 0x53, 0x3D, 0x96, 0x0F, 0xD3, 0x54, 0xE0, 0x0E, 0x75, 0xFC, 0x6B, 0x43, 0x37, 0x3A }, + { 0xB4, 0x85, 0x12, 0xC1, 0x42, 0x8C, 0xDD, 0xF9, 0x2A, 0xD5, 0xAC, 0x62, 0x19, 0x71, 0x74, 0xB7, 0xCC, 0x0B, 0x67, 0xEE, 0x57, 0x62, 0x06, 0x00, 0x8D, 0x6D, 0xB0, 0x97, 0x50, 0x34, 0xA0, 0x0C }, + { 0x99, 0x2D, 0xA1, 0x75, 0x05, 0xDA, 0x6A, 0x73, 0xCD, 0xF1, 0x84, 0x18, 0xED, 0x50, 0x6E, 0xBF, 0x90, 0xAB, 0xB7, 0xE1, 0x77, 0x02, 0x2F, 0x8C, 0xCC, 0x49, 0x40, 0xE4, 0x15, 0x92, 0xF6, 0x6E }, + { 0x6F, 0x75, 0x8E, 0xED, 0x58, 0x90, 0x4D, 0xCB, 0xA0, 0xAE, 0x6B, 0xE6, 0x2B, 0xFA, 0x2E, 0x8D, 0x73, 0x18, 0x15, 0xDC, 0x6B, 0x66, 0xB2, 0xC7, 0x3E, 0x23, 0xDC, 0x8A, 0x45, 0xA6, 0xAB, 0x61 }, + { 0xC7, 0x82, 0x07, 0x97, 0x89, 0x16, 0x16, 0xDB, 0xE1, 0x11, 0xBF, 0xEF, 0x93, 0x65, 0xCB, 0xE4, 0x4F, 0x28, 0xA1, 0x91, 0x62, 0x15, 0xC0, 0x25, 0x0F, 0x6D, 0xE3, 0xB0, 0x58, 0xD4, 0xCE, 0x29 }, + { 0x8E, 0xD6, 0xC7, 0x92, 0x04, 0xD4, 0x38, 0x22, 0x28, 0x43, 0x9A, 0xC4, 0x07, 0xC7, 0x56, 0xEE, 0x41, 0x17, 0x48, 0x8B, 0x34, 0xA7, 0x42, 0xEF, 0x83, 0x4B, 0xB2, 0xF8, 0x9D, 0xBF, 0x96, 0x25 }, + { 0x75, 0x8B, 0xBD, 0x7B, 0xA5, 0xFC, 0x20, 0x4D, 0xDE, 0x6C, 0x3E, 0x5B, 0x3F, 0xA1, 0x9E, 0x14, 0xBA, 0x21, 0x4D, 0xE0, 0x95, 0x3D, 0x3E, 0x05, 0xB2, 0xF4, 0x19, 0x64, 0x1C, 0x2D, 0x12, 0xBE }, + { 0x15, 0xEE, 0x19, 0xA1, 0x36, 0x9B, 0x01, 0xF3, 0x8F, 0x36, 0x3D, 0xDA, 0x95, 0x2A, 0x08, 0xAC, 0x38, 0x93, 0x62, 0xD6, 0xC5, 0x44, 0xBF, 0xCC, 0xF7, 0xF1, 0x75, 0x07, 0x4D, 0x72, 0x55, 0xD9 }, + { 0x9B, 0x09, 0x25, 0xA7, 0x08, 0x1B, 0x75, 0xC2, 0xD9, 0x8E, 0xDA, 0x58, 0x43, 0x75, 0x19, 0x80, 0xB8, 0xB9, 0x54, 0xB0, 0x48, 0x83, 0x3A, 0x11, 0x37, 0x4E, 0x7F, 0x39, 0xC2, 0xC1, 0xCC, 0xCC }, + { 0x82, 0x5C, 0x1D, 0x36, 0xF3, 0xB7, 0x37, 0xD6, 0x19, 0xAC, 0xB2, 0x8A, 0xE1, 0x8D, 0x99, 0xC2, 0x57, 0x50, 0x00, 0x86, 0x6D, 0x0C, 0x9D, 0xA4, 0x3B, 0x15, 0xCD, 0x9C, 0x9D, 0x66, 0x0E, 0xD0 }, + { 0xDB, 0xF5, 0x2D, 0x4E, 0xFD, 0xC7, 0xF5, 0x04, 0xD0, 0x60, 0x38, 0xA1, 0xAF, 0x7F, 0x79, 0xB4, 0x73, 0x75, 0x9E, 0x4C, 0x48, 0xA1, 0x4A, 0x97, 0xE6, 0x36, 0x11, 0x86, 0x9F, 0xC8, 0xD7, 0x4E }, + { 0x73, 0x6D, 0xC4, 0x1F, 0xCA, 0x7A, 0x64, 0xB5, 0xEA, 0xC4, 0x99, 0x0E, 0x1F, 0x43, 0x98, 0xB5, 0xC4, 0xC7, 0x51, 0x62, 0x11, 0x08, 0x28, 0x6A, 0x3E, 0xE7, 0xC1, 0x06, 0xDD, 0x33, 0xB0, 0x83 }, + { 0x73, 0xA4, 0x5C, 0x6F, 0x90, 0xE3, 0x24, 0x91, 0xBA, 0x64, 0x80, 0x63, 0x44, 0x1F, 0xE0, 0x3C, 0x32, 0x9F, 0x3F, 0x2D, 0x3C, 0x9E, 0xA3, 0x0B, 0x58, 0x81, 0x36, 0x83, 0x19, 0x2A, 0x8A, 0x42 }, + { 0x93, 0x0F, 0x89, 0x8F, 0x48, 0xB3, 0xCA, 0xF2, 0xEC, 0xEA, 0x1C, 0xA9, 0xF9, 0x48, 0x71, 0x7B, 0xDD, 0x3D, 0x63, 0x96, 0x79, 0x17, 0x23, 0x4A, 0x8F, 0xDB, 0x75, 0x3A, 0x40, 0x53, 0xB9, 0xB8 }, + { 0x73, 0x5C, 0x04, 0x76, 0x89, 0x2A, 0xC1, 0x85, 0x70, 0xD9, 0x58, 0x6E, 0x6E, 0x2A, 0x3B, 0x40, 0xC1, 0xEE, 0x00, 0xC9, 0x59, 0xAD, 0x43, 0x9A, 0xC6, 0x4C, 0xAF, 0x2E, 0x6C, 0xCF, 0x01, 0xD5 }, + { 0x6C, 0x1E, 0xD6, 0xB0, 0x2C, 0x9E, 0x4B, 0x1B, 0x7D, 0xE4, 0x4C, 0x5E, 0xCB, 0x53, 0xC1, 0xF0, 0xEC, 0xA3, 0x31, 0x25, 0x58, 0x3C, 0xCB, 0x42, 0xFC, 0xD8, 0xC9, 0x87, 0xEF, 0x15, 0x5D, 0x52 }, + { 0x2C, 0x0B, 0x59, 0x95, 0xD2, 0xE1, 0xCC, 0xF6, 0x0E, 0x09, 0x64, 0xFA, 0xCF, 0x6E, 0x7E, 0xFE, 0x4E, 0x33, 0xBB, 0x83, 0x95, 0xAB, 0xFF, 0xB4, 0x10, 0x1E, 0x19, 0x13, 0xD4, 0x47, 0x40, 0xEB }, + { 0x38, 0x3B, 0xA9, 0x66, 0x88, 0x6D, 0xE3, 0x23, 0x18, 0x1E, 0x00, 0xFB, 0x97, 0x14, 0xF6, 0xA5, 0xC9, 0xB4, 0x15, 0x1E, 0xAB, 0x1C, 0xBE, 0x85, 0x98, 0xC3, 0x03, 0x2B, 0x76, 0x47, 0x2F, 0x89 }, + { 0x66, 0xD9, 0x05, 0xD9, 0xC9, 0x3F, 0xE8, 0x01, 0x49, 0x62, 0x3A, 0x3B, 0x26, 0x85, 0xF2, 0x86, 0x3E, 0x64, 0x63, 0xF1, 0xB6, 0xC2, 0xA0, 0x0E, 0xA7, 0x70, 0x6F, 0xF2, 0xF2, 0x67, 0xEA, 0x41 }, + { 0x31, 0x1B, 0xDC, 0x1A, 0x1F, 0x5E, 0xB6, 0xF9, 0x5C, 0x51, 0x14, 0x0D, 0xC8, 0x63, 0x5E, 0x61, 0x46, 0xA2, 0x72, 0xE3, 0x32, 0x62, 0x7E, 0x70, 0xCA, 0xCC, 0xCB, 0x71, 0xD0, 0x71, 0xD2, 0x6B }, + { 0x79, 0xCE, 0x06, 0x01, 0xBF, 0xF7, 0x7D, 0x3F, 0x7E, 0x3E, 0xFC, 0x7A, 0x5F, 0x1B, 0x43, 0x46, 0x07, 0xA8, 0xC9, 0x6F, 0xDB, 0xBC, 0xBB, 0x29, 0xAC, 0x08, 0x76, 0xA7, 0xBA, 0x5C, 0x34, 0x94 }, + { 0x90, 0x6F, 0x27, 0xC9, 0xA4, 0x94, 0x96, 0xEC, 0xF0, 0x77, 0x1B, 0x07, 0x53, 0x06, 0xEE, 0x8C, 0x5D, 0x8C, 0xFE, 0xF0, 0xDC, 0xB1, 0x39, 0xFF, 0x8D, 0xCB, 0x85, 0x10, 0x86, 0x87, 0xBE, 0x39 }, + { 0x7A, 0x68, 0x5A, 0x51, 0xC2, 0x2A, 0x34, 0x23, 0x79, 0x53, 0xB7, 0xE4, 0xAC, 0xAB, 0x98, 0x7E, 0x75, 0xB7, 0x01, 0xA5, 0x97, 0x0F, 0x94, 0xF1, 0x76, 0x9C, 0x0D, 0x8D, 0xD6, 0xC3, 0x06, 0x7C }, + { 0x45, 0x0B, 0xA0, 0xE6, 0xC7, 0xAF, 0x7C, 0xFD, 0xE5, 0xAE, 0xBF, 0x87, 0x8C, 0x09, 0x5A, 0xA0, 0x97, 0xF8, 0x23, 0xF0, 0xA1, 0xBD, 0xC4, 0x4F, 0xE5, 0xDD, 0x26, 0xA6, 0x50, 0x17, 0x04, 0x06 }, + { 0x9E, 0x45, 0xD8, 0xB8, 0xF0, 0x0B, 0x3A, 0x29, 0x60, 0x0A, 0x64, 0x6A, 0xF5, 0x70, 0xFA, 0xCA, 0xC0, 0xEA, 0xB0, 0xDC, 0x44, 0x3B, 0x88, 0x21, 0x86, 0x39, 0x5F, 0x1A, 0xD9, 0x49, 0xF6, 0xB3 }, + { 0x5B, 0x60, 0x65, 0xE6, 0xA9, 0xE8, 0x3A, 0x6F, 0xAE, 0x16, 0x47, 0x0D, 0xA4, 0xC8, 0x56, 0x07, 0x72, 0xD0, 0xCD, 0x2B, 0x61, 0xF8, 0x06, 0x34, 0xAF, 0x69, 0x94, 0x8A, 0xFA, 0x83, 0xDF, 0xFC }, + { 0x79, 0xA9, 0x2B, 0x54, 0xC7, 0x28, 0x90, 0xBF, 0x45, 0xE6, 0x39, 0x0B, 0xC2, 0xCF, 0xE4, 0xAC, 0x50, 0x5B, 0xC3, 0x95, 0x21, 0x77, 0xD2, 0x68, 0x4B, 0xB8, 0xFF, 0x9A, 0xCC, 0x87, 0x81, 0xDC }, + { 0x60, 0xD6, 0xA6, 0x62, 0xA5, 0x64, 0xD3, 0xF9, 0x99, 0x04, 0xEB, 0x96, 0x94, 0xC4, 0x61, 0x1C, 0xEA, 0xDE, 0xFC, 0xDF, 0x28, 0xD8, 0xB2, 0xEC, 0xA6, 0x84, 0x7F, 0xEE, 0x7E, 0x17, 0xB5, 0x39 }, + { 0x9A, 0xD8, 0x81, 0xC4, 0xDB, 0x75, 0x30, 0xEF, 0x5B, 0x98, 0x01, 0x69, 0xDF, 0x41, 0x1A, 0x12, 0x00, 0x71, 0x7D, 0x95, 0xD6, 0xD7, 0x44, 0xF2, 0xF5, 0x0C, 0x5E, 0xDF, 0x8B, 0xCC, 0x06, 0x70 }, + { 0xAC, 0x8A, 0xA0, 0xCA, 0x80, 0xAD, 0x5A, 0x2C, 0x51, 0x0E, 0xA9, 0x8C, 0x8C, 0xBB, 0x5D, 0xAA, 0xDD, 0x67, 0x20, 0xAA, 0x9F, 0x6D, 0xC8, 0x4B, 0x47, 0xD9, 0x8B, 0xBB, 0x5A, 0xA1, 0x35, 0x49 }, + { 0xB3, 0x58, 0xD3, 0x49, 0x78, 0x5A, 0x2B, 0x8B, 0x93, 0x11, 0xC2, 0x67, 0xF4, 0x13, 0x5B, 0x06, 0x4A, 0x88, 0x85, 0x92, 0xCB, 0xF0, 0x09, 0x68, 0x36, 0x6B, 0xB5, 0x24, 0x56, 0xBB, 0xD5, 0xC9 }, + { 0x2A, 0x50, 0xAB, 0xCB, 0x22, 0xC4, 0x1A, 0x75, 0x9B, 0x39, 0x3A, 0x53, 0xED, 0x55, 0xFD, 0xA5, 0xAE, 0x84, 0x27, 0x2E, 0x00, 0x82, 0x9F, 0x33, 0xA8, 0x43, 0x3A, 0xA0, 0x8C, 0x7E, 0xB7, 0xD8 }, + { 0x69, 0x6C, 0xFC, 0xA0, 0x52, 0xF5, 0x8A, 0x3A, 0xD3, 0xFA, 0xE5, 0x54, 0x7C, 0xB8, 0x25, 0x43, 0x5B, 0xE1, 0xF9, 0x13, 0xA1, 0xA2, 0x67, 0x47, 0x44, 0x81, 0x9D, 0xCE, 0xA1, 0x72, 0x82, 0xD6 }, + { 0xCD, 0x01, 0xF9, 0x70, 0xCE, 0xB5, 0x8F, 0x49, 0xA2, 0x66, 0x26, 0xE0, 0xBE, 0x31, 0xB6, 0x7D, 0xEF, 0xF7, 0xAB, 0xA2, 0x5D, 0xA9, 0xE7, 0x8B, 0xB0, 0x71, 0x94, 0xC1, 0xB1, 0x6B, 0xF5, 0x82 }, + { 0x78, 0x8C, 0xF0, 0x75, 0x1B, 0xE0, 0xCA, 0x97, 0xE9, 0x37, 0x56, 0x6D, 0x77, 0x71, 0x0D, 0x1F, 0x52, 0x3D, 0x61, 0x34, 0x92, 0xD8, 0xF0, 0xF2, 0x40, 0x33, 0xEA, 0x65, 0xEE, 0xAA, 0x95, 0xA9 }, + { 0xD5, 0xB4, 0xAA, 0xA7, 0xEE, 0xFF, 0x27, 0xAF, 0xA3, 0x93, 0x5C, 0x1F, 0x90, 0x47, 0x3E, 0x51, 0x10, 0xBB, 0x4A, 0xA3, 0xA3, 0xD3, 0x3B, 0xEE, 0x07, 0x54, 0xDE, 0x71, 0xC1, 0xC2, 0xF3, 0x36 }, + { 0xC6, 0xD5, 0xF3, 0xDA, 0x57, 0xC7, 0xAA, 0xA3, 0xEB, 0x50, 0xA8, 0xBF, 0xE0, 0x02, 0x4C, 0x88, 0x68, 0x84, 0xD5, 0xA3, 0x78, 0x00, 0x63, 0x3A, 0xAE, 0xA9, 0xB3, 0x46, 0x91, 0xBA, 0xDA, 0xCD }, + { 0xD0, 0x65, 0x64, 0x60, 0x92, 0xCF, 0xF1, 0x70, 0x3A, 0x72, 0x65, 0x7A, 0x95, 0xBF, 0xB5, 0x3E, 0xF7, 0x3F, 0xAB, 0xEE, 0x93, 0x0A, 0x3F, 0xE5, 0x9C, 0xED, 0x10, 0xF1, 0x7D, 0x2B, 0x27, 0xC8 }, + { 0xE1, 0xB3, 0x1A, 0x5B, 0xC6, 0x2B, 0x3A, 0xEA, 0x44, 0xE6, 0xF2, 0x88, 0x8F, 0xBD, 0x4D, 0x45, 0x36, 0x18, 0x4B, 0x7A, 0x73, 0x15, 0x66, 0x12, 0xD1, 0x3C, 0xAE, 0x3A, 0x23, 0x53, 0xF0, 0xA0 }, + { 0x62, 0x00, 0x5F, 0x7C, 0x5D, 0x30, 0x0A, 0xF7, 0x08, 0x16, 0x2C, 0xD2, 0xAF, 0x59, 0x9E, 0x1F, 0x13, 0xAA, 0x1E, 0x95, 0x81, 0x48, 0xEE, 0x08, 0xB6, 0xB6, 0x07, 0xF0, 0x81, 0x66, 0x8E, 0x98 }, + { 0xDA, 0x2B, 0xFB, 0xC0, 0xAD, 0xE9, 0x92, 0x90, 0xD5, 0x91, 0xF3, 0x1B, 0xD2, 0x9B, 0xAD, 0xD4, 0x27, 0xCB, 0xD6, 0x5C, 0x3F, 0x51, 0x05, 0xE6, 0x58, 0xA7, 0x26, 0xB6, 0xC0, 0xD7, 0x0E, 0x00 }, + { 0x77, 0x98, 0x10, 0xF9, 0xE4, 0xB5, 0x86, 0x90, 0xF7, 0xF1, 0x59, 0x46, 0x0C, 0x50, 0x8A, 0x13, 0x22, 0x6C, 0x68, 0x20, 0x36, 0x1C, 0x83, 0x5B, 0xC4, 0x56, 0xAA, 0x58, 0x90, 0xDB, 0x1F, 0xCA }, + { 0xE9, 0x7A, 0xEC, 0x75, 0x0B, 0x79, 0x61, 0xFC, 0xC9, 0xFC, 0xA4, 0x8B, 0x2F, 0xC1, 0x51, 0x24, 0x3E, 0x0B, 0x1A, 0x1A, 0xC9, 0xF1, 0xB6, 0x14, 0x00, 0xE2, 0x4B, 0xA9, 0xAA, 0x7E, 0x92, 0x11 }, + { 0x69, 0x1C, 0x70, 0x5E, 0x4F, 0xC4, 0x94, 0xFD, 0xED, 0xAF, 0x6E, 0xB2, 0x1C, 0x32, 0x93, 0x2E, 0x3D, 0x81, 0x64, 0x18, 0x26, 0xDD, 0xA9, 0x69, 0x48, 0x53, 0x98, 0xF7, 0x78, 0xE6, 0x75, 0x91 }, + { 0x23, 0x4D, 0x2F, 0x60, 0xBF, 0x67, 0x59, 0x0B, 0x45, 0x48, 0x17, 0x66, 0x26, 0x60, 0x2B, 0x89, 0x34, 0x8E, 0x25, 0xB4, 0x6D, 0xDC, 0x60, 0xB5, 0x98, 0xDF, 0xA7, 0x4C, 0xCB, 0x49, 0x1D, 0x87 }, + { 0x7D, 0x1F, 0x01, 0xE9, 0xC3, 0x10, 0xD7, 0xF3, 0xB4, 0x27, 0x0F, 0x5E, 0x08, 0xF3, 0x01, 0x1B, 0xE3, 0xCD, 0x48, 0x41, 0xF7, 0xBC, 0x02, 0x93, 0x04, 0x75, 0x17, 0x3E, 0x3A, 0x01, 0xBA, 0x02 }, + { 0x8E, 0x43, 0x20, 0x2C, 0x17, 0x32, 0x72, 0x78, 0xF3, 0x4C, 0xE8, 0xCE, 0xEB, 0x53, 0xF0, 0xA2, 0xC6, 0xB5, 0xA1, 0xBF, 0x86, 0x87, 0xEE, 0xCA, 0x6D, 0x83, 0xE3, 0x84, 0x10, 0x52, 0x1B, 0xFF }, + { 0x94, 0xE6, 0xBB, 0x82, 0xC2, 0x82, 0x33, 0xA1, 0x71, 0x0A, 0x81, 0x86, 0x99, 0x76, 0x82, 0x20, 0x5C, 0xB3, 0xCF, 0x0C, 0x17, 0xC4, 0x33, 0x10, 0x94, 0x4E, 0xDD, 0xDA, 0xD1, 0x9B, 0x76, 0xFF }, + { 0x13, 0xC0, 0xE9, 0x9A, 0xB8, 0x64, 0xE4, 0x87, 0xE9, 0xB3, 0x97, 0x0C, 0xDF, 0xA0, 0x87, 0xAB, 0x2B, 0x41, 0x21, 0x1F, 0x53, 0x46, 0xCA, 0x5F, 0x0F, 0x98, 0xCC, 0x1F, 0xEC, 0x1B, 0x6E, 0x9C }, + { 0xAB, 0xDB, 0x05, 0xBE, 0x84, 0x5D, 0x36, 0xFB, 0x11, 0x4B, 0xA3, 0x75, 0xA4, 0xA2, 0x2F, 0x16, 0x61, 0x21, 0x75, 0xE9, 0x23, 0x05, 0xEB, 0x8E, 0x00, 0xB5, 0xC6, 0x14, 0xD7, 0x70, 0x29, 0xD6 }, + { 0x23, 0x89, 0xBC, 0x6E, 0x6F, 0x8C, 0x67, 0x7C, 0x61, 0xFE, 0xFE, 0xF4, 0x06, 0xDE, 0x17, 0x58, 0xC2, 0x49, 0x8D, 0x24, 0xBC, 0xC0, 0x09, 0x94, 0x3C, 0x0A, 0xDD, 0xBC, 0x43, 0x0E, 0x34, 0x90 }, + { 0xAA, 0x39, 0x28, 0xAC, 0x64, 0xB8, 0x03, 0x29, 0x5D, 0xD2, 0x7B, 0x82, 0x62, 0xB5, 0xEF, 0xA3, 0x12, 0x43, 0xE0, 0x04, 0xE1, 0x40, 0x1C, 0x9E, 0x4A, 0x35, 0x67, 0xE3, 0x84, 0x6A, 0x4C, 0xB2 }, + { 0x58, 0x2D, 0x07, 0x72, 0x8B, 0x7C, 0x4B, 0x0E, 0x43, 0x55, 0x93, 0x49, 0x31, 0x27, 0x63, 0x7E, 0x3F, 0x58, 0xF5, 0xBA, 0x75, 0xCC, 0xCF, 0x58, 0xE6, 0xC7, 0x7B, 0xAE, 0x55, 0xD8, 0x7A, 0x72 }, + { 0xFA, 0xF4, 0x94, 0x29, 0x66, 0x45, 0x01, 0x60, 0xDE, 0x76, 0x78, 0x7B, 0x9D, 0xC2, 0x37, 0x15, 0x50, 0x56, 0x5A, 0x9C, 0x09, 0x85, 0xE8, 0x4D, 0x18, 0xD4, 0x30, 0x84, 0x02, 0xB5, 0xA2, 0xD4 }, + { 0x6A, 0xC2, 0xA8, 0xAC, 0x04, 0xB5, 0x8A, 0x57, 0x81, 0x7B, 0x13, 0xFB, 0xD0, 0xC4, 0xFE, 0x7C, 0x1C, 0xF8, 0x6A, 0x2A, 0x56, 0x53, 0x1A, 0x05, 0x11, 0x83, 0xFD, 0x8D, 0xE4, 0xB0, 0x2D, 0x0A }, + { 0x8B, 0x6F, 0x0C, 0xCD, 0x37, 0xB6, 0xDE, 0x75, 0x94, 0x0D, 0x48, 0x10, 0x00, 0x53, 0x95, 0xD4, 0x49, 0x6A, 0xD9, 0x73, 0x59, 0x10, 0xB2, 0x8C, 0xC8, 0x14, 0xEB, 0x84, 0xFB, 0x4B, 0x86, 0xDC }, + { 0x67, 0xDD, 0xE5, 0xB0, 0x93, 0x39, 0xB3, 0xAC, 0xDD, 0x65, 0x96, 0x5B, 0x48, 0x3A, 0x7C, 0xEF, 0xF0, 0x32, 0x35, 0x06, 0x6E, 0x5F, 0xD4, 0x53, 0x77, 0x67, 0x41, 0x0E, 0x18, 0x47, 0x74, 0x25 }, + { 0xE9, 0x30, 0x26, 0xDB, 0xA1, 0x52, 0x20, 0x03, 0x4C, 0x5D, 0x1E, 0x5E, 0xB7, 0xB3, 0x67, 0x5A, 0x51, 0x4B, 0xB8, 0x13, 0xD5, 0x76, 0x8B, 0xAB, 0x87, 0x10, 0x9A, 0x51, 0x63, 0x70, 0x50, 0x0A }, + { 0x57, 0x55, 0x8D, 0x90, 0xC3, 0xEF, 0x02, 0xCD, 0x09, 0x3B, 0x8E, 0x32, 0xED, 0xCA, 0x40, 0x63, 0x68, 0x84, 0x9E, 0x69, 0x97, 0x7B, 0x88, 0x73, 0x87, 0x77, 0xE7, 0x32, 0x02, 0xE9, 0xB8, 0xB1 }, + { 0x5B, 0x8E, 0x1F, 0xE0, 0x3F, 0x39, 0x02, 0x19, 0x6F, 0x8E, 0x04, 0x1A, 0x5C, 0x86, 0xF6, 0x22, 0xE2, 0xF6, 0x87, 0x82, 0x44, 0x38, 0x80, 0x4F, 0x4C, 0x75, 0xC3, 0x5F, 0x12, 0xDF, 0xE2, 0x7F }, + { 0x07, 0xEF, 0xDD, 0xB3, 0xBA, 0x48, 0x72, 0xF1, 0x40, 0xB7, 0xF8, 0x32, 0xE0, 0xB1, 0x5D, 0x80, 0x0F, 0xC2, 0x1C, 0xCB, 0x5C, 0x25, 0x68, 0x2E, 0x10, 0x41, 0xC6, 0xDD, 0x78, 0x04, 0xD1, 0x46 }, + { 0x21, 0x37, 0x86, 0xD5, 0x37, 0xC9, 0xE1, 0x51, 0x33, 0x72, 0x5E, 0x43, 0x37, 0x01, 0xC0, 0x66, 0xDC, 0x6E, 0xEB, 0x2F, 0x8E, 0x7A, 0x07, 0x10, 0xE6, 0x51, 0x07, 0x8D, 0xB1, 0x5F, 0x09, 0xEE }, + { 0x4F, 0xC7, 0xE3, 0xE2, 0xD8, 0x7D, 0x7D, 0x5D, 0x59, 0x8F, 0x2E, 0x80, 0x88, 0xFC, 0x08, 0x9E, 0xDB, 0xF8, 0x8C, 0xC7, 0x80, 0xBE, 0x8E, 0xC3, 0x64, 0xDE, 0xD1, 0x62, 0x43, 0x86, 0x41, 0x9A }, + { 0xD1, 0x1F, 0xB6, 0xEE, 0x53, 0xB2, 0x45, 0x24, 0x3B, 0xEB, 0x8B, 0x9A, 0xFA, 0xC1, 0xF7, 0x5D, 0xF6, 0x65, 0xB7, 0xC5, 0x77, 0x1D, 0xFF, 0xCF, 0x55, 0x83, 0xD6, 0x68, 0xB9, 0x8A, 0xB2, 0xA9 }, + { 0x39, 0xA5, 0xA2, 0xD2, 0x6E, 0xC4, 0xDC, 0x08, 0x2C, 0xA6, 0xD7, 0xA3, 0x2B, 0x43, 0x7B, 0xFC, 0xA2, 0xC2, 0xB9, 0x6C, 0xA2, 0x6B, 0x01, 0xF4, 0x89, 0xC7, 0x68, 0xE8, 0x9B, 0x3B, 0xE1, 0x75 }, + { 0x12, 0xFA, 0x98, 0xB8, 0x74, 0x0D, 0x97, 0x01, 0xE6, 0xB3, 0x9C, 0x03, 0x23, 0x79, 0x4D, 0xE4, 0xB1, 0x73, 0xB3, 0x72, 0x91, 0xA2, 0x3F, 0xFD, 0x7F, 0x58, 0x0F, 0x46, 0x58, 0xF3, 0x7B, 0xB6 }, + { 0xD1, 0x02, 0xB2, 0xF5, 0x96, 0x76, 0x0C, 0xA5, 0xAD, 0x82, 0x8F, 0x79, 0xFD, 0x43, 0x36, 0x91, 0x57, 0xC3, 0x55, 0x9B, 0x54, 0x3B, 0xD9, 0xDD, 0x87, 0x92, 0x97, 0x2E, 0x44, 0x11, 0x9C, 0xEC }, + { 0xA8, 0x79, 0xA1, 0x33, 0x78, 0x2C, 0x53, 0xA3, 0x59, 0xE2, 0x8B, 0x34, 0xA7, 0x26, 0x58, 0x64, 0x6A, 0x2C, 0x9A, 0x5B, 0x86, 0xCE, 0xDB, 0x23, 0x14, 0x49, 0x3A, 0x9A, 0x3C, 0x8B, 0xB4, 0xD3 }, + { 0x6B, 0x6D, 0x38, 0x6D, 0x0E, 0x46, 0x0C, 0x8F, 0xC6, 0x25, 0xC3, 0xC6, 0x20, 0x3A, 0xD4, 0xD6, 0x33, 0x53, 0x2B, 0x0A, 0x21, 0x71, 0xC3, 0xBF, 0xF3, 0x9A, 0x50, 0x82, 0x85, 0x05, 0x17, 0xBE }, + { 0x64, 0x21, 0xC3, 0x5B, 0x8D, 0xF6, 0x43, 0x40, 0xF4, 0x89, 0x32, 0x1B, 0x75, 0xBB, 0x75, 0x96, 0x7E, 0xF0, 0xCC, 0xF4, 0xB7, 0xFF, 0x6F, 0x80, 0x0A, 0xAC, 0xC7, 0x50, 0x50, 0x8D, 0x9E, 0x56 }, + { 0xE7, 0x5E, 0x8B, 0x3C, 0xB4, 0x79, 0x26, 0xF3, 0xD1, 0x7D, 0xCB, 0xA2, 0xF3, 0x13, 0x3B, 0x0B, 0x4E, 0x21, 0xD9, 0x04, 0x01, 0x22, 0xE6, 0xBE, 0xCB, 0x00, 0x85, 0x36, 0x4D, 0x32, 0xAD, 0x17 }, + { 0xDD, 0x77, 0x01, 0x94, 0x80, 0xBD, 0x1A, 0xAA, 0x5E, 0x1F, 0xDA, 0x25, 0x1E, 0x0C, 0xF2, 0xFE, 0xEB, 0xC8, 0x0D, 0x92, 0xF5, 0x9F, 0xCE, 0x6A, 0xC4, 0x7E, 0xF0, 0x5D, 0x70, 0x1B, 0x93, 0x15 }, + { 0x20, 0x74, 0xC7, 0x0A, 0x62, 0xF7, 0x92, 0x1D, 0x24, 0x48, 0x8A, 0x0E, 0x1A, 0x96, 0x81, 0xCB, 0x0D, 0x9B, 0x0E, 0xA5, 0x47, 0x1B, 0x15, 0xC8, 0x04, 0x1A, 0x1E, 0xB6, 0x77, 0x2E, 0x45, 0xDF }, + { 0xB9, 0x74, 0xC2, 0xA4, 0x9F, 0xDF, 0x58, 0x22, 0xB5, 0x97, 0x5F, 0xD1, 0xC7, 0xDD, 0xCA, 0xD8, 0x35, 0x3C, 0x41, 0x2A, 0xA3, 0xA2, 0xB5, 0xC3, 0xBE, 0x1F, 0x6C, 0xD5, 0xF2, 0x4D, 0x41, 0x13 }, + { 0x16, 0x0F, 0x55, 0xD1, 0x3C, 0x02, 0x6C, 0x23, 0x15, 0x87, 0x51, 0x8E, 0xA3, 0x6A, 0x65, 0xCD, 0x4F, 0x7C, 0xE9, 0x47, 0x0B, 0xE6, 0xB5, 0x97, 0xFE, 0x2D, 0xF2, 0x0D, 0xDE, 0x86, 0x31, 0x45 }, + { 0x28, 0xE3, 0xBB, 0x9B, 0x5F, 0x64, 0x0F, 0x0E, 0x02, 0x4A, 0x62, 0x95, 0xC1, 0x92, 0x0C, 0xF4, 0xEB, 0x95, 0x7E, 0x56, 0x7F, 0x7B, 0xB9, 0xB3, 0x62, 0x67, 0x0E, 0x43, 0xB1, 0xDE, 0xA1, 0x5F }, + { 0xCC, 0xB1, 0xF7, 0xF3, 0xA6, 0x78, 0xC5, 0x96, 0xC6, 0x5B, 0x4A, 0x81, 0x51, 0xC5, 0xD0, 0x63, 0x03, 0xF1, 0x28, 0x56, 0x44, 0xA1, 0x28, 0x31, 0x74, 0xE0, 0x5B, 0x72, 0x3E, 0x20, 0x6D, 0x11 }, + { 0x56, 0x1A, 0xE0, 0x97, 0xD9, 0xC0, 0x64, 0xA8, 0x6B, 0x46, 0xA8, 0x18, 0xBE, 0xED, 0x4D, 0x47, 0x68, 0x2C, 0xD7, 0xC1, 0x1D, 0x39, 0xCE, 0xC8, 0x1E, 0x6D, 0x15, 0xB8, 0xDF, 0xE0, 0xD9, 0xC5 }, + { 0x8A, 0xE4, 0x94, 0xEA, 0xE9, 0xBA, 0x5B, 0xD4, 0x4C, 0xC4, 0x84, 0xC7, 0x81, 0xB9, 0xC5, 0xA1, 0xB4, 0xF2, 0x73, 0x0B, 0xF9, 0x5F, 0xF4, 0xF8, 0xEB, 0xA7, 0xBF, 0x6D, 0x8D, 0x36, 0x50, 0x1F }, + { 0xD0, 0x07, 0x3A, 0xCE, 0xED, 0xCC, 0x96, 0x17, 0x11, 0xE3, 0x69, 0xDC, 0xD5, 0x05, 0xEE, 0x21, 0x59, 0x1D, 0x74, 0x51, 0xA8, 0x57, 0xA9, 0x98, 0x84, 0x73, 0xEC, 0x95, 0x08, 0xD6, 0xC3, 0x09 }, + { 0x0E, 0x9F, 0xA8, 0x6B, 0x7A, 0xD5, 0xB3, 0xC2, 0x0A, 0x3E, 0x6F, 0xC0, 0x1F, 0x8F, 0x38, 0x9E, 0xE8, 0xC9, 0x6E, 0xE5, 0xE4, 0x81, 0xF4, 0x68, 0xFE, 0x8D, 0x6E, 0xD3, 0xD5, 0x5E, 0x38, 0xB3 }, + { 0xA4, 0xA4, 0x0E, 0xDB, 0xC0, 0x57, 0x6B, 0x64, 0xA3, 0x58, 0xC0, 0x42, 0xE3, 0x6E, 0x2A, 0x46, 0xE8, 0x4E, 0x12, 0x4E, 0x82, 0x4D, 0x7C, 0x18, 0x0B, 0x2D, 0x77, 0xA5, 0x7A, 0x2B, 0xA4, 0x15 }, + { 0x2A, 0x05, 0x18, 0x1E, 0x0A, 0xF1, 0x31, 0x56, 0xA8, 0x8D, 0xC6, 0x0D, 0x5B, 0xE1, 0x70, 0xEB, 0x24, 0x75, 0xBB, 0x34, 0xE4, 0xD1, 0x9A, 0x32, 0xA2, 0xB9, 0x71, 0x5A, 0xED, 0xF7, 0x39, 0x05 }, + { 0x02, 0xCF, 0xCD, 0xF5, 0xFC, 0xDC, 0xB0, 0x77, 0x44, 0xAC, 0x84, 0x81, 0x42, 0xD7, 0xED, 0xCA, 0x02, 0xF8, 0x16, 0x01, 0xB4, 0x8E, 0xDC, 0xB7, 0x6C, 0x77, 0x95, 0x4A, 0xC8, 0x08, 0x58, 0x2E }, + { 0xFE, 0xCD, 0xCB, 0x5E, 0xA5, 0xFB, 0x00, 0xE3, 0x55, 0x28, 0xB9, 0xB8, 0xD2, 0x0E, 0x8F, 0x41, 0xB8, 0x45, 0x89, 0xD4, 0x2D, 0x4A, 0x59, 0x1E, 0x86, 0x5B, 0x85, 0x8F, 0x9A, 0xAF, 0xC0, 0xBB }, + { 0xA7, 0x73, 0x64, 0x6D, 0x8B, 0x89, 0x11, 0xAB, 0x00, 0xAF, 0x8A, 0x59, 0x62, 0x64, 0x7D, 0x95, 0x5B, 0x30, 0x75, 0xCA, 0xD5, 0xA0, 0x68, 0x13, 0x9E, 0x4D, 0x79, 0x44, 0x91, 0x21, 0xA5, 0x12 }, + { 0x92, 0x68, 0x75, 0x4F, 0x01, 0x7C, 0x30, 0xA9, 0x0B, 0x82, 0xE5, 0x7D, 0x3A, 0x6A, 0x64, 0xBE, 0xF3, 0x4F, 0x17, 0x62, 0xF8, 0x8F, 0xEA, 0x58, 0x1E, 0x2D, 0x0E, 0x1A, 0x92, 0x6D, 0xE2, 0x44 }, + { 0x3C, 0x64, 0x96, 0x9F, 0x86, 0xE6, 0x90, 0x81, 0xBA, 0x64, 0xD5, 0x4F, 0xAA, 0x1D, 0xFD, 0xA5, 0x33, 0x74, 0x1C, 0xB3, 0xAE, 0xEC, 0xE6, 0xBA, 0x7D, 0xF2, 0x1F, 0x7E, 0x48, 0x36, 0x5B, 0x18 }, + { 0xC5, 0xEE, 0x5E, 0x28, 0x24, 0x4B, 0x87, 0xA3, 0xA7, 0x42, 0x0A, 0xA4, 0xE2, 0xF0, 0x9A, 0x3F, 0xCD, 0x21, 0xBF, 0x0D, 0x57, 0xFF, 0x2F, 0x69, 0x95, 0xFC, 0x82, 0x8C, 0xFA, 0xEE, 0xCE, 0x6F }, + { 0xB2, 0x46, 0x8D, 0xA3, 0x55, 0x0E, 0x67, 0x6C, 0x6F, 0x00, 0xF1, 0xAC, 0xA2, 0x44, 0x45, 0x1F, 0x39, 0xA4, 0xEA, 0x62, 0x0A, 0x4E, 0xF3, 0xE6, 0x67, 0x7F, 0x9D, 0x87, 0xF7, 0xED, 0xF2, 0x73 }, + { 0xE3, 0xC4, 0xD9, 0xAC, 0x6F, 0x2E, 0x6F, 0x9A, 0x4F, 0x10, 0xA2, 0x32, 0x5D, 0x9B, 0x6F, 0x9C, 0x0C, 0x9E, 0xB3, 0x58, 0x70, 0x38, 0x50, 0x35, 0x7F, 0xED, 0x9A, 0xED, 0x8D, 0x61, 0x96, 0xFA }, + { 0xF5, 0x08, 0x4A, 0x0F, 0x0C, 0x3B, 0x5F, 0x0D, 0x76, 0xCA, 0xFA, 0xA3, 0x18, 0xD3, 0x2E, 0x26, 0x4D, 0x57, 0x44, 0x0E, 0xC5, 0x4E, 0xC5, 0xEF, 0x8E, 0xBA, 0xB6, 0xDD, 0xAA, 0x09, 0xF7, 0x81 }, + { 0x47, 0x3E, 0xD0, 0x4B, 0x5D, 0x4B, 0xC1, 0x5B, 0x21, 0xC8, 0x89, 0x2D, 0x9B, 0xD0, 0x0C, 0x14, 0xB6, 0x7F, 0xE8, 0x43, 0xF1, 0xAA, 0x2D, 0x35, 0xA4, 0x74, 0x93, 0x39, 0x52, 0xFB, 0xDC, 0x1F }, + { 0x48, 0x14, 0x00, 0x32, 0xBB, 0x7D, 0xF2, 0xE2, 0xB5, 0xC9, 0x5D, 0x40, 0x3C, 0x9A, 0xB6, 0x9B, 0x4B, 0xC0, 0x04, 0x53, 0x98, 0x0B, 0xF8, 0x5F, 0x15, 0xA8, 0x4C, 0xAE, 0x2B, 0x09, 0xA0, 0xE9 }, +}; + + +/* crypto_hash/asconaead128/LWC_AEAD_KAT_128_128.txt */ +static const char *ascon_aead128_kat[][5] = { + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "", + /* CT = */ "4427D64B8E1E1451FC445960F0839BB0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "00", + /* CT = */ "103AB79D913A0321287715A979BB8585", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "0001", + /* CT = */ "A50E88E30F923B90A9C810181230DF10", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102", + /* CT = */ "AE214C9F66630658ED8DC7D31131174C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "00010203", + /* CT = */ "C6FF3CF70575B144B955820D9BC7685E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "0001020304", + /* CT = */ "6279C4882F99DFB6D9EC3695C9F2A773", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405", + /* CT = */ "078A29237061C0D397B2A0E6EA5C876B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "00010203040506", + /* CT = */ "03571475150BCEE52386848E25B06509", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "0001020304050607", + /* CT = */ "B26DFF49B1D32299DDAF77393DA1BFB9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708", + /* CT = */ "199B9F815BA37A386D283F504B8D2277", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "00010203040506070809", + /* CT = */ "72ADAF0FB14368FCAE684504B30AC101", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A", + /* CT = */ "7A743A79172DA75466F25F40457A6B73", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "3147BDC1FE566B1981841CCF2A6AE34F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "020EBC69E08706864E71E3D1B58B357F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "A82E222AFF512CDBC3DE114D906F19EC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "6FC17A2738F9F525213E59384FB75037", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "B747D3235E971C20D00DCF87406938FD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "D990A242654D0741C7525E6F903653ED", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "578A86396447B8A041BAD515A601A34A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "8DB8ADA4D118B78363846DD3541E2189", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "60ADBE0BFFAD8E8A261E6B8CA48C75DF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "C85D563277DB0C83A2B4E94CD6EA1AEE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "211A251C1766C2E5A3FFDD74B03B2529", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "12004754BA17098AAD179E061E1749E7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "B0C8E78E5E9091F5005D79AABDA96DB2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "AAA1A35A588016DC63EE291946FC6154", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "166C67CC262390C81596F8C463C87B00", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "143DB82F41FE376CFD53D29675078EAC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "6BAF6585E8FFE8F552780C7EADC7DA28", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "D1401CB996969FD5F721A422439DFD2E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "78362CB020E6CE64063595D856AB9173", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "2C899FF0082B24C0E179399DE588F918", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "22133A313FBF0B38029A45870AADC542", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "", + /* CT = */ "E79F58F1F541FC51B5D438F8E1DD03F147", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "00", + /* CT = */ "25EB4B700ED4AC8517DCBA20F673292230", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "0001", + /* CT = */ "49BE454D8C97E1EAB5119BF47D3654DDE2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102", + /* CT = */ "D2FDDB3A70AD9A1F2BB342615B97AB191A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "00010203", + /* CT = */ "4AC40555DC0E91960643A438D4EB371137", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "0001020304", + /* CT = */ "1F3F5CE816E7C1BA5F7453AB9D526B82D0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405", + /* CT = */ "7C56A3122EC3F0FBFC89C725171061705D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "00010203040506", + /* CT = */ "44ED28EA9A451BE731C7D5B4AAEBD97969", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "0001020304050607", + /* CT = */ "10AAC070D4736FAD110E011A42D813E453", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708", + /* CT = */ "6A3D03F3A5AAB12316DB48C0ACFF1B6D0F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "00010203040506070809", + /* CT = */ "F2CEE4C21C5E8BE47C62801CF8F99C0F68", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A", + /* CT = */ "29046A1589F368954B3B520A1582BF3999", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBA99810090A3340A198FF6B536BAFE22E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4B9B02EEEE46735A799825D48A5793E1C6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E1B69707A42C085AB15B212E545AD48C4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B0EA3438393984BFBEBB5642907A511568", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6AF88FDEC9275574DDA9C51F390C301A4F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "98BD6CB9C387D71D275A5D50E5525C643C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "5012CDE984E442C183285468CF95509AAB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64E8A535661ECD9BD9986CEA0A46A8556B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C31E5D2C32CD3BA00B03595D1D80580E5D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "99B94D9B0FDC389333390F467DA793DA18", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "36F8BC8ECBE5373E8CF98A6AF971F4FF82", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C03D53C849AD1DBAFE0CA9084AB60E4967", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BAAE9C333640BCBD5AFD22A6D086BCD48A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4CF2085BF59B1F8D21FF2690EEE3A54E45", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "12647E22AC5BE3FDF70E9FEFC249AD38CD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8B1FAB3F10CAF5CDC2E84954AB7F4169D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "669A01C76EF9F95F4B1C77C362D3789B62", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26C5395877E5027743965CF9CC5C8364C0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F9B7E3321C6F13FBC36CB520FF40E398E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "145D307EAA756D8BA5D06A0BBE704B37CA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C6977B26283789F81CA53EE0C984D3FFA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "", + /* CT = */ "E770024EF7895C325CBE02EB5FBE6F9D7E8D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "00", + /* CT = */ "25FB41D2732019820A0F8BAB4248B35E7B0B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "0001", + /* CT = */ "49E57017A30E8073D1FA284AC8346110F89F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102", + /* CT = */ "D2729AEF0954A0B62131B41B77BB07DD1BDF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "00010203", + /* CT = */ "4A53C3ABDE1911DBBAFCA250E82B32E6623B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "0001020304", + /* CT = */ "1F82CA8DB431D4C88044A58AD984EBDB0767", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405", + /* CT = */ "7CC825226D46FFA5AB35DC4F3802BB252B5A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "00010203040506", + /* CT = */ "4486D2C8ED8489C9E0D04DFFB8F412149695", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "0001020304050607", + /* CT = */ "108639EF290EA2810D6A1C03649CB66F6D94", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708", + /* CT = */ "6A25B328B990BF7D77C15C621519779A7126", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F4C9EDE27986D157E41FBAD2D2C805D070", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FC67CBC9D0678F451F593E4C827661F84A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE3268C0D34744D396B233E7C9FCAF5DE6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE58B7A9081226609FCAB0FC439CA9BA4DF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E58968373B211EA0FC538D8AA77E338CEF6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03EA80E65729A8CA944EA44BBBDE99658C5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A2834C4A74578201C95C841BF174402B238", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813A67DFADCF44B938B0DDBBF1C246F24BA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DBB47F895CDE177FAD82CB3C7341A4541", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64ACD2BDDB3E2E206DF00A71418289215105", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C3050C85A58C4967CD61BEFF2C6A5E6D1513", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "99493C7D15D98F80584F6A2B6F19E7827DF5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D092115E687090CE11EDB6E83B4029D51", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EBFBE6F932F2EECD51DA65D220FBA68D7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35F45A5FB21281E4701FAB3C9ADEEA1170", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C8393FAA9930679187C22C63879D6A4A714", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244C10C58F56790662D4E862E0D3595864A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C800EF8E732F5D80CF31022F0A48CA7F5594", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662DF08B8B3404A00343D5D4E616F29AA76C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6577F6634FE09EB7B1B7EEB6D7DA61DF1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55AB1A2B6B649ED9885B1BA67E8ECA6780", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B95CA9B935C15006A74174A16962CBB75", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C0838C27A7741EF0D33DD0312E48657F5FB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "", + /* CT = */ "E770D29AB195F40EE49B127840263B2A7F1356", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "00", + /* CT = */ "25FBE4381FA4B64A6C6A5C06030EA163AE8082", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "0001", + /* CT = */ "49E505D644B6A140B7305500088BBD30A5963B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102", + /* CT = */ "D2721F2ED83F53550FCFE2188D4151162A3F9D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "00010203", + /* CT = */ "4A53D9F9BFC2F512F9E90288EF5E4728C4D4CC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "0001020304", + /* CT = */ "1F8202100240F484078227FF47F85A47E8CB51", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405", + /* CT = */ "7CC88B34BECE08E696ED8F527D0C89F05101DC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "00010203040506", + /* CT = */ "44864F9D866CD8429604894B45AFA35053170F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "0001020304050607", + /* CT = */ "10864087901895D83F4902B68968EA8433A7A1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708", + /* CT = */ "6A256F60B6870387756DD121FEB63276B3BD99", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B3D4DE1D4214960F7A2A312527B2086CD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD8FEDFE3A8C68B307ECFA86DBE97E5FF9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D722692214C612F12FEE54E7A3E5565AA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547D02164F9B18D92235BB8804454A4AE83", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E5892E6A4BD2A1951254CF8FF9004606EBD18", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607B87982471BC3CDA0F4066BF58758C5C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A2821C812A75544ECBADC70A26480FEC45461", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B79BA0B8F4055963CCF3A8169D250A9E42", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE33089D4192C97E31F939A3A5D6D7AA0C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC7287B8B140172FF8B70B692323AEA189AE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB4A7A86AF2ADD545D828ACC346C47485B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "9949846BD638424096EE64054A358F2ADED190", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61B37E6666E07C7B973529587D2C1F9820", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA797B6CE28687236364C82756322ACF3A1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FAC0B48D847EAF787D6310BD06E0155FD2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29C7591CCB1C4F0BF7EA01E881C7BD878", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5EA6793A91968167CF94F833568FDD265", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E29CEC49F148B8540BCFB863DD5AADECE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D52606D8469F7BCD07C8B4090BF5507BD04", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E702A8F08E0F97B8782A248375B88D6794", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7460C590C19464890AB2EE78C127254F9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8BD2AD5A687F079420012C341C58166C81", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086DCD5125F2AAC592072AF93BA58F4C466E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "", + /* CT = */ "E770D289723DBD7401E58C36EB488D1520305D0F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "00", + /* CT = */ "25FBE48A550AFEF7CE25BA45A6F0418AB2D671FE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "0001", + /* CT = */ "49E505472EF152646BFF0BF584748E6702CC14DA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102", + /* CT = */ "D2721FCB763F015C201A7983C9D5D36B463D1E0B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "00010203", + /* CT = */ "4A53D996863A6CE3E220259BB1D9405103D52E73", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "0001020304", + /* CT = */ "1F820273AC12205DC254A4777C873A050DA7B6DD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDB4AD0FAF4F1DD4F40F80141148AF93D2E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "00010203040506", + /* CT = */ "44864FD3DBEA4923D1C581EDDA1ACD0070C6D7DC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "0001020304050607", + /* CT = */ "108640BDF5755D678B2C03A9D5F97DFBAB13EE71", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBB24744AD22D95E3208D705E4FE91C95D5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B08E0460C35AF5C3CBF5F1D4E626FC8D558", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75D7877CB464B49B5E93A0EA495F0319AB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88AF62A4D15B897B118A05F9385535B3C4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE54773774E373E54CC5D746C6CAE56D4A540B3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270F4188BD0B38DBF880024DA167E143173", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E6073927D845ABC584B40206A1E4520DC28AE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215EE219C60F71D317B2CA232101CDA4DCE7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B701495B9FB1286FD97880A182818688150C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE331256A6B92A6389F9D8644125E716A52F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72124A2C2750525514AAA8720C1E73B156DA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E9A9A7833C5F6FB36BD82F1C78C322678", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D4BADCDC5496A1358D2540B786B8B2F04C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A83931283B9A628C1A5E82BE2E81429813", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA779641A28CF5D536DFAFBCC99681BD2DFE4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7EC6E681B74F8CF58575D50FD3DE1B03CE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A2969AB6BC3FAE40BB8EFD7109C7622D6AC9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1167196DCD6EDC088A6D1FD392B0522D0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D3B47F7AE734361A6C94058DDD037238D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D5219BF07F68001CA1A177A4F5011514E6BE5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E7657BBD31B35A10BD09C27381DA60542992", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D705915580B4AF6C588D35809636A697B148", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25A30CBD1204ECBB79619CC02A3E2ED020", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27493689F2C080418ACF11125FDE5C2F91", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "", + /* CT = */ "E770D289D2E5705A06B6C2FAA93CC7108B5B1502B4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "00", + /* CT = */ "25FBE48AC1C46C0CC9ECB8CEB25053FFEC2C4AC129", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "0001", + /* CT = */ "49E50547CA6CC8555CC75D28EAD641E90E631BE359", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102", + /* CT = */ "D2721FCB367493484DB51C8BBBC43E1A1D14029689", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D2C7DBF3BEEBF01EF347B8C773A6C17DB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "0001020304", + /* CT = */ "1F820273C61B8B77D367C0D86E0557A43039A0A506", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D993149407C6FB863AFF9894C309931C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "00010203040506", + /* CT = */ "44864FD33743ED20D7695A424D3505E437B8501178", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD714CD79EEC957DBC9D194598C083C982C7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD30168BBA48AB95240EA22A53A13225882", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B0813F97AA0A08CAB30E34A22B72D4F06F35B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A40EBAA64F602CAD77EAF94419624A64BD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D8862AB4D9A818CFE0A9772010B53878C93F7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736B01309C6DA7218E0A44213CF96D0D33E2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB4C2A2A5F6A3A1586722395B49C06057", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317FE6FE606F09A10C9C0DCEA94B35B44A7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A7B7D538B7076F7061FF4854FD882D3F1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B70130B49A4D7FEC9305A57598B9B85602F87B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EDF7C2C3ED1EE637795B45161B588223A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E3413D5D1308671462856E8461DED4635", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E85B924A8BE14FB58D6CB2515C3FD5FF59B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48BECCFF2A29F142D5AD83B87E1C41B3D76", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D44E33E09D28285ABB4B34325BD3C4504F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792B355FEEB4EAC92C8DD02EB28DA256C2AF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE0B6F05413DFFEC1812B3C7BBCE709732", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686DC383714EDE30D9E1038E254DD33F5E0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B44B314EE6524B54917F90897F9D09548C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D44D34441EA7867C4A6A4472C3431D17C4D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D52198071651F8AB4CF52CD8C51FD0007A843EB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6F4E62701284C7B0033F6D40F1E6C862F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051DB231505F18918C0EAD574C471BBF1939", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E57DE5241D5B15F6259CDF96A9B177DC42", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3EF7065D7335F3321905C61C08462E879", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "", + /* CT = */ "E770D289D2A4A5D8FAFA197CC29BD868CA5322B1CEBE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "00", + /* CT = */ "25FBE48AC155289C7CA4B7561222452AF2417C8A4A21", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C741C71BFA1F2CFDCF8CB9F7E4504759E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5445CD7AF443EC7E6B305B93601A578", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D879358A83E1F9B487EA884B4E9D9854EEF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65287B01F7EB63572CF2E2A5160BE11356F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D7E5D53D8457FFB27516E44D6E8C126CA5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BB9600E5823A16A22384F826CE85791ED6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71341DE5B02980F6F8E8E1F8C4D852E25DEE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3724F7272227A805D7CC4EA25F9F53D4DD5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B0813120C401EB1FEA272BFF28E4431A587A458", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A416204DF88D4BEF5CBFF3DA03DF92F50422", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D886219CE7737ABB8B52EC3ABC35921336AD3D9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE14CB26786CCE959BFE361E05F823DDA7D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB802D06896BF3932C4CF603791221D2402", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A295B8B855240BA70D70DBB90C0260F3A8", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A60D8D2B69BE469A05A58C36DB58BB6D962", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089C4B588AE68FADC469AD3225FB3662F01", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4292894D9167763AC2F49642BCF1C0E24", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66DC69F8DF81A340F47A926C6C42994536", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DA4BEA085B1C931A90B99BBECE8CAF07D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B445900E803B938F327E6E3288CC67803F3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D48872C1D6060F6B69678B41D2A59DD84405", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5BAC971D7B4A4248A9B5CBC8530701E58", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7CFC2F7AF7D89D0E032826E294B20EFBFC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE9274F8ADEBB2340320399A5EC0D6B202", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B4351FF1DD8DB594F774870E89010D69B0AC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447F6973726765006319B0E81F3EB320C6DB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D5219804260C037C4E8481FE7029C95BED1C5050E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BF495D976762756C7FF4E315D76EA70B8A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D74EB7CC65835F3CDB97AA9F5289A28BC06", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E40CCC85994F5B78A7D9B653BBFD144A4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A036B71D170118B82192E7EFB2FBF59", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "", + /* CT = */ "E770D289D2A44A71B1ED9117B692EDDB148CBB6699A7F1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C100336794354DD81E8675EB922524452C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C750523D92CE28F16BEE9E75B5034B8FF6F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB55BEB58E640B6BA8C4B08196C990FF1F7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BF82DD40FEAC052EA4192AB813105B30DB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "0001020304", + /* CT = */ "1F820273C652463A0DF41AAED674E9857368BB6B30DF04", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D706B12F30E2303D3EE71E6DD3F6951776D6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF29552F1B2C0D86C197FA779F20E97B75E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345CD3B1EA3C08BEA6AC30A74C48F7BC2E2A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C3A42F7FF53E518AD829BFB2FB5D19661", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3CE46331B924130CE74A112F778AB5FDE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163D7DA036D478F46A21A46781D675C11D5C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912082CE6BE1330DB520598448155AA0324", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D88662A0E9BCABB519E4A44A6107F823AC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89B5B5A7884AFF4E587F96533EAB43DF6B4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251CCF75D8ECB57BA7863E7596EB262A0FB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FB68CB1FB348DAA426A508A4F09F229D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB2A8E65EE59764BDB6AAB789882779EA8", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528D5EC577018F9492C1EFBC6C7E330F4C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A27AEA1C013E631E57BF078868FC1ED894", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF97219BE37E416B942BA4B1A4864B9BD2D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B4BCFE48FEFE0BEC3AFD95C7983A9A2F4E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E80C2E81C095D6F5C9A7C492B124475EA0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9CA2A7EFBC273D59BA25054E3F804A39F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C78D9A4A41EAB23FAC36B8C90458EF56538", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFDE1CCF11C4994F35A1486E7650810D9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFC824FB3C14F170CCDF906C80674A20C6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA490C5F38FD825E6B97B266FCFD6F8C77E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423C1E08A4C2AA892BAABFF521A74DA0C43E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE78AE8E46C5A4321B9FAC9F0A917C020A5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D747844B4E03718503CA10850C78FDC6BB0F5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D494C20BA259DACD1C527859F4059302E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A616FEA454758AAD99D6EB53AC3975DE0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEEB076C632E98C61F69CD5DB919B58D204", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C10386CF87FE743D9A2A627FC00DAE5B9B52", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C7547950D3B9804241712431C81D23C03D7D3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E1F8FD3F2BD9F0FF14E7F0B9EBC084D752", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED09BE0A67072FD1F51FE5B1CE7E8BB84C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B7267A2CB1C513FE65991DA288CCBC8985", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D706056C8B219F65945332DEDE9303DEF1D5DF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF2374302FC5DAC7C369371C7171FADBDFD47", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6E37294FAC4BDDCAD22EE5E7178D20132C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C8215F807001FD7678E08FDCD6B37EE9F01", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8941D7A98139835C2A973E67E6361008A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE384DDC15FF1ED2C4A0427C605CB4641EF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED8EBF251E9D01F44DA85C293FC268DF21", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6861CCF3287D781E0377726F81AF65F08", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB2779FB252BD1BD51D3C48C5505BE0673C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B0D199FBBA97AEFC56FDD43971B6A765C6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FA5E3DA35C3EDA411E8D18EA4A253DC57E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB86E59079F8C17FF9705EB3F7B599004E40", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528EE3CEB4CBD39E65B1E4328E8300D8FCF2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202FCF75807DF1FB9524BE8CF4213EA5F4D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B3978F03A1502E04DCEA4B4B8DFF15680", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B494882DC9077A2CF12F66D31A233129F015", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB184219C4DBB58348FE5ED5B33032EA06", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F96293FE69533B1263F98ABF16914DB90D27", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FE8F7EEC9EBC53BB595BFA5239AC4E987", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC501F0788B15A180D61326986793B9DE0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF432D08A17E45051EB02E6C023B1D66E41", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA429B700555F01728766EC33ECBBAC1FC09F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF9BB914B8AB0E0F71FE89504E2509D42E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC2710F5E7FCFF32C81CBCB9C43289B2D3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D5205F1740139CFE40E45C30027C648D50", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D0107E70967DBECB41D7BF40C2D312AAD29", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "0001020304050607", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A23D39116F51D76FE9DE67890FCCD7DC3DB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7C61B4623AC9931D92AC8AAE3F9F78C0CE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103926FD82C34FE8EDE74F8B4BDA0CBE9C500", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C7547848EFD5E4DE60C2580C4B48AC4ACA27F3A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C360520512C49823ACBD6701966E57F77", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED68CFABF4D3B0A4D69F1D04681BF6271659", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76DE40951C91F2C8B18097127BB1C1B59D6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D706059738292F22EC49DDF614846D1712D03227", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DBD36368EE6094699B36657AA033BECDBC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDCD66C67162F61A848D296C4BCB8CBFD46", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F40E10B01156FA225437C2E518FF29C37", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C1C3EB2EE4FA2B8FE58F0B457FD49A3BBE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE31931F35D13C116FE3DCAA7D4CBBE18DC5E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED7365FC752813430D5A45AE29C534620291", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CD48C637890D9B34AD5A702E4A3BE8C1BB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB224589220FCB5A616AD33159ABD95E074AD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B9012988302FE50D9FF044809B0D94A41", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE49D797FAC59DC5A9F1501B82DE55BF79B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A3FA3006697C92747D37905BD9D387ADB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D9181A99F3956898A8484B9B3749B9DCE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A20243012E69A8309583C1DD8C860816B1439F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F1B715DFEFECEE7A83F2D6AEA3CBA3F35", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B494468486B6FAA8AE1DBC985AB8CB58033654", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F68A302A04EEC3B9FE72DD06BC6367EE6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F421E34FD5ABEF1EC7F43B6621A6E20B3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF21138EA057F2307E7DABE42D6A1C823D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3F63030A9CBBB3085CFDF2CB8F30824E0A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF48979024ABA2E259C98E89EC0C7AE18ACBC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945D03C7AD8B0DCFB190F2E9A0AEAD01693", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF5233A5E1D7348DC85F7462505CB7380BCB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0EA959D9DAC45EF5E108685791C08D4364", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53FF23AD62D658D494C051EC5D937923F81", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B17CDF0E9E7BA08769A9AAE211125F0E26", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A23336690C8B42C0B811E74CE6CF0A5F563D9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0BA5DFDFE05DBAAE61E1DFF349BE58240", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E1EB44A2A166AF15A0D997B8DA642C1C2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F225F85AC672152F920DFFD248610090CE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C68689CD8F01AEA3BE660AA60EB692DB61D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED6865927D89264E1BFF075CDB8A00F62CD434", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4F38773704C9B4C59E40007517BC1E5182", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B8FC22EB913A41CEE3F01069AFAE92001", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB149250FB8864B8C59BCE4F417F4904C5BC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AE686279EA0C1723AF33EADB5D77EF381", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99F8B1E7E8AFB03983E3B524C05CD53C6C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E1F2E1DE986408917271CC2891D55607B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4900103A5D1A1AA33ECBEF7CAF2BBA7B6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737E8F5A49E06C52CCEC4C58AE9CD82BB5D9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE16E3F167A11EC658130C12ABAC3BED8A6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB224085211094DF3959B58E71A4F01F5CAF39E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B307D04637B673770952AEEAD496D4BFA99", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE4204CF4E4DEEA8A532A6A5ED5DEF5B3E900", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742548E1054AF955E532F91979A03351D9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BAFD6B5ECC9AB43C252B5F0962CB530EE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433CF2A6BA2326DA11905798274116CB9E1F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8A5C2433C5F7100D27481CEF49FD9590F4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B4944609DCF78D702E4721439B6AA051D87E6E8A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9FB23B82932FC6DB68696A860BC26860EF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F075E48C7CB297F1ED7C963194FB3F18D03", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8BE43287D0137B079F940A363371F35AD1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD44B88CAC3F60962B510675C7BFB9102A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8B5AB5B2897B7F18A9D3B284B13D9E440", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF6560FE45093C9B630E9AFA02B410E568", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E0CE321AF34D5A1A1B7C6F11436119ED1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E259544D5F21C04650FF36AD994E43C966F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BF5FC3DADAC814E396C1B6B339D1AD36C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B1143974536141A7084D3A4AFE730ADB0E2A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "00010203040506070809", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFF9D363D14DCC737C8FAA67ED066DCE62", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A4E063D016DE47F98A7F0B1B344410A944", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E5969931EC0AD6B9CB14904E9E9BB49A02B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A67F63DE77E7B898037AE971E9EB4DE8D6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872614B633DCE534A333E506D26086966C7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED6865858439827C1BB65B7DF6F235BA8D648A5B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8AAB99C2E9AB1E0C6F508FE31D857F862", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCC9AF5943FDD02FE0070703DD45BC3AC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14137BF76BE1C0CDF453929039B6C70282D9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC6E3CE10C6733FED240C25B2A6E84D515", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E57762B45EE4594348B19B8CDA7340B1A4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E8423F1450500AA811C8CF28D360E0308D3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3CBCF82C6EEA838AD617067B84CFB72D4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EAD74F20DC2AA0B95BE083FF167AF1545D3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18DD23F4612D23A2B27DE8E591246F186DE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408043B62031CB3A7AAC293EB4A2088BF68AE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F7B9743D878EDF9AD8BBDAACCF10778A47", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095CA57296D9A38F281EC0758B893057FB6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4A403B2F87FE884C6B34977053543418", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC4A249F078C51F6ADAFEA0BDD4D11683E2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C61935F7080C32B1CFE757146EE33720C24", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA25CB842C09B8087DA823958D45441CFD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092E7AF0001B616272F6DD0FAB613454B020", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57DE9FDF3153B4BE00C987A6C9CF869D2D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A27DE83E5306C4D7CA5E9A9883493C868C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7EE8F2F5B376291234338F5EFA24CBE3B9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84BDDF4C43F10930D31BA83B84E86DD104", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD1E9017A1E8EE19988053A60809039AC8", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF666CA598FF75070E3CF50D46A73CF41CA0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7ED135881EBD6EC718B52FA5CC8308DA35", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E258877A2D836356067424D228A3A84DFC81B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA0A8C8E06FB60BF627305F287F7EFE50E6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422BED79619A10D8D2CE95A45E25D351D27", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC76375353C06366198CA0BD8954829EF02", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48E4E6A4FF286931434579C0BD704E3D915", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C6EC1848559DA4A363E0D56C6136CA07EB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F9F8D75BF188E83D1FBC93582BF15A3C33", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C687244E486708610E62934EFBDC6D40E90BDE1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE55CE0EA2422AA3F2790539A216B2AB8F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1AEE5F251B92BE69AE7BE8C89773CDB91", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD1ADFFFB6527B90BB2C394274D17FE1A8", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139B7C534D271A620CCE5E9BFCC1AF3570C0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC766E448981134131AAB8BA7BD2B4948AC1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C524303CE4F7C99AEEF2CAAFCBD508A4D9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F97741939E99018CEBD55AAC85DE1EB39", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E47C3ACA1BE5DBE1F4C9A7B0E99092CA56", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1A799EFD6EB3D1DAB69BB2C2B0BECB465", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D14FBF208AF27A909A0AEF11E5C7A3B5612", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041D52241FA8E32B128F5E340BE620359204", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744D69E011E60E55A63369595A289AC97A7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE4209531D4FF11F1DDE01A82ED0B498E24715DBA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C178483B900A69B3A53241256131DCF25", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467DA548BFFE42584E2DB089D51A61F0718", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C6182716AEFB3022C5BF9E839A1CC8BF37D0A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA4495787DE780A1410B50BADD84AE0639F4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE2998CC94BE03B4FEB2225C6D186B45E72", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D72494D4268983B582233D1A4CA96B9D06", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A2669F55B4B955F999281B76702DCA2B2FD4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41D925132755BEB256513FD4D0700CB058", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD848971F914441B4F89AB9349105D8CFEE382", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04329783BC8F04053DDE5FDF957B79B219", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF333842BEE2E89F4BA375B92319791924", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4FF79E9AA6D09FEDC587AC9D44CEB64F85", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E2588660EF98E139504F92E5E88FA0A89D22F75", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03E5AB7A2238074E8D0D53DD40591C49594", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D98F455B73B776EC563854B20000D888A5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F2A13574D9140D012B69B057657168818E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE38A71EC52FCE382042598A9F3225DFA3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C8EF98D2402A1EB6A3DAFB2A289181C79", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F9364929F9146287F322C38010C1BBA75303", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449BA0F342779F302DA386F7C15096E69C72", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A27B9DBE171DF9A348075E9B55005E247", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD3801FBA7E68B45285FE7FBDC92A2B57", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35502854FBE4C7136EE5A7D1DC40E73AB8", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6CCD2ADAF132C61D96566566095F0DE2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3D2F959324D042C62BB360F3B2C5B19C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C52502748AE50F4343902A0DCE8C350D6456", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0AEAF8A7090E8D948AFEA26489B148EAB3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C90D5E2CAD1CC203682F18461D2E866D44", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B1E9DDCD35A88D280627380D6EC8474F1E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430CA3A5C60A60EE2E114D4D9BDEFAA1FB8", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF90E30886E64690DD108B34620EEA8DF8", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B75621C217F4E7AF4E84B280D94C99C621", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B82B3778B933598FBF3F4359D11261C31", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C1312FDC6CB8554CC51551385A3601012C9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A0AFBE21674E55C72A620F62A5A1410403", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208FFD894880B66C4D42FEC1596C1C97F79", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F22B29F278C6A5BB2E2D39135B246A5BC7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25E7570242793792B517BB860A3722E2EA4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D793B5B4FB493189636C7647E4D8808321F6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6038CE2EDB4B683152454A4B55B811B54", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC64BCEC36CB18E75163D37682B751D520", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6B49D86DFF62950C9F6409973FF29008", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B825AAF34585583E9797A3F7A329B5A600", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF533699F68050362B334F1E277DBA824795", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BA954D61B21523C507EDC8347ED5321B2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657B1D673F89B0B6077F7E2DEA7807A9456", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF24EB02FC8C4B87890382A7A4DD085EC0B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D940315A23C1ABC358C74F53E749F2C4047B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F2218C78BD40D7174F8D158AD297EB11E029", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5202E5BAE52DD5E452F7B6B843B163BAB8", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C8814D937B0BC7D7A26EF5BC0E802F14006", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED772921C0C30D6F85E660B37F1EB55EF0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B1132F55C1D299956030E69273287971557", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A284CF180A87F8CA62B92F20C9BD5061475", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD776A6935D3E1DCDF8377826D3368428C0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DA86B4B88395FBABC8E6A07A29567836E1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E67C2B2455146B3D1F3CDBD39C2B09CE3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3B0A3FA61CD4F30D9EAD0901AB5CAB877E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CB77DDF9FACC702DFC3CEFDBDC016B1A7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBC03813101144C22ADEA4FE5131EC103B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F1128694A9AB183C5D0B7FB7C13A27916", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FABE811B4B12E9A3F07BE943CDCB5EB48", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BAD091C881BBD3327261B2832E39609AA8", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D5146B49BB9D27512811C20B7D049DBCB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71940A51E5C77B95B21AE9E5F0F164F63B1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B181B3D95D5B6158D2F9D65BF3A4B8D6FFA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F156CE91ADA5289EC9C29BCA4290D6289E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A023D237CDE3BA8DA27A628B15F0DA8FF623", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B20F4C73EC1D1886C845CB9C9C2C48B634", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BD41B2B9605BAF759111600266D7038C5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF588BD05CA9FB8C8C39EA1F0EC85043235", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D793502A2BC48F545D62DDEEBA429E23503974", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF9ECD0D84895061B602DEA18A93DA7855", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97D9E06997E811FE95676447F495557561", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F7ED81CA474F733D33A115BA1441765CE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87BDF9463A583CDB25B513124CF11CDD5ED", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375C2DCE9FC6FE329FBF4EAAE5DA899631D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BAB00E72894846E6609319E7B6AB9B6BDE1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E2588665748B7EE3A213082694FF1C6890EA307667D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF29056651660C3375F3EC4266AE67C182B81", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048B35BDA0F89F7D79A585662310A0012A1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172ACE6260894BB22E96C9F382ED552B5E1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE52749EC39B48260DF0B8692D1D5239800449", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A51F1BCFFF90BD2D2D447D0D8A505CE2EC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED94FA56CAB84ED5A2F5072AB61073575470", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117BB3FD1597C7D3982784650EF9AEF01335", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7B64D3EDA09F51BA9F7D619E4C5E77EA0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D13DF95A28388A8DCC7E183097DA04EAB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABDA04070DF1B7072B6E293E6CD58886C1D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1DE26C03879885A624B66C9FE102B9168B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5BA16E25343D2B86A32C7D8D32C155108", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC5B180260510D28819F1793CBBECAAED7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB879E776B6AAA1492138EA11CEFE343049", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D9397FF85D0FF19F13891279A3C9EB5F7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB4375E0EA77576881C298A6FEF1F738A8", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA863DD0B48829CD59A69657488076F36917", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55086C4318F5C1FC91C1CD83352B6479B3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965E2CD4BEE393F2DE0D8CD8B8B4827E6E9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187FDC46412B80E88264FE2415762FC76486", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F140C9E7558506B8277CD46BF4619EF4893C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391946E05C9402166B0CFB2E25844EA1277", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281A88BAD044AD709F21728F3EF541F8F3A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADBD6C6675A7D44CCEBEAA89BE8618B89E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF52146ACC5F1907622DE105CB986B4056FDB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E39FBCDB02E055DEA555E497720860FF58", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF87F91504FABD05FBE4C17359AE43611DD4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC978234B069A9291EDBF7C8C0E654AD4C23DD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F516BE676D69734DCD05D340E9CF67338BD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B076CE5F8ABE4451BF4E79D1294E06A4915", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF18B585C0CD01FF9267F92F2BA52E8E43", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0431043CBDE24862C77A3F62DDF4606D1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E67FF0F7CF362C2DFC7132A73A0AA8E7B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C4581F8A5E332162E0C8B1ECE623E53AD0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8A979F770ABAC8CA4052239588187EC23", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A973FD31C0A3F03CEBB3DF3BB7BBCF6D7E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E3EA721F9A8FC4E556F2745972F5A78411", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56BBCAE1D932EEE3D3463DC8CAA44F3EF5B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED94970ABB678CD2213561991F08F5A61A9F1A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B999D3ECB707C921EA87CC2FB6E4163AFC4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D330B31B5D83F19653ABB5C4362BA1B1BD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CCEBBCC91D4DBCBB67DC33806C9AB0D0D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B1ACC4F81FFE3ECF118BBBFAA730FFB50", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D25D7EC1D31C8994781052A46722890DD6A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4C6E6AB66848F59AA2CA36C7F4414824A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC36B7E80EE1C0A9285685A95D261CA0AE33", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D1728363A74744BA0ED4CA66D2477BBB3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5F5B5928563EBBF0F4F5FDAE0C71E6B4E0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19F08D351F1C4085D9F6BE99E2C82055ED", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6E5469037AC06D4206BE3D8ECFF3D704", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB94013B2148896577C0F401C50298297E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0821238149850B113A2CAF70A9B65C3D1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99E0C479771A09B5D29AFD05825B013D0D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408EBE839B337BF8289BA39CFF353229E0DA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BFE9DF482A0251E9C355A725CD35B9B049", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F91C0C6B55D6BCC1821CCE2CA6B8D5C7E0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF1E5973F77F1A47C15E4D4FF09D68DA8FB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4EF2C7B174A7C41FCAB40AB9DC0ADFAA7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E353C9B63AF867F1531E87D661795CCAC05C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E24658BD441183DB814917AD2B612AACF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F4AC0D6C4E70CACAEF751BBCD5092A0BC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F51762485698C69834A49F84E1C05F0B9880D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B07630AB4A4A21709CA187E6A3DA5959ED254", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF61A5B5CC5CF5C74F4BE93E39504A8B6390", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FFF494D975B4DE29012E58D75929721162", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D096D1C38B4DF6875CC5CA8CE018D0CFB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48BC42BBB51366D28C27FF3C180373C8833", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C804D829BDFB647DF809721ECEEE433520E1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BC6D0EACE132FB02D26512DEF99D3AA62E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381A6132E1D1B072B1F103817B2D454700D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56B694C864CD71D1266539E23801DFE750835", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED9497C313DE7AE137C9FD8B0DAE6B53ADFFB6FD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B9926900D29C2F298AC9E209CFA8DF4F1178B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D30217BCFF911A3FFA48C7F39065B6092038", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC119415E9C145DA8790A1E8F52A6B8F3FD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B377C3843C5858B3006224EF2939BFA901B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D2514C6289FAD15429D7346FDBD112D38798F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DFCAA4EE178055310EB8FA6E1CA6F4FDA2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D6EAB0E6D1C189D9B3A0A6268E9A737F0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D307D0D9561560FE476926D255B4D992F4E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC463529C5FD3B534C95F58AC5E6A3213E8", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9C762CA518BE19EE0098BE301E6924260", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6BCF8DE2BCBC8F71E658DC705D8DFE15BD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BCD159F7F92968B02A07FD3E139B59FCF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0F1D5E576F7118A4E67FD4246766E7E7428", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99C58C47A610AD1D15094A4F527D902BBD6B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408E9781D46986CBC03B3E6A335581EB9DA954", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF4DEAB958A3870690C5899B22D39FCAA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F92987643DD59BD26F57C017368D058F9FDF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13B9D0C7F9B80A45244BDEDED1A56BBF663", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4E4981A2943A2748D066E5CF51251ECE205", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111FE7D30AFDD8AC215BC542FFA87E8B09", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B921F6CEC26CE77E238759A29CA28D638", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F98F2BB975E1438F5D9FAB40C66FA6CD49F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6CA6415C6802CD4511CC14278980AA6CC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4D64F5D4E146CAB4FBA71093AE8A83223", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF61021925FE6C4C23A3BE904FC33AE79150F4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FF905A71A8F4B7A39603E766E5CFA5FF91CE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4CA370491E5EA138AAD665CEC4EFB1422B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D55981A135974A5C281BD4D23E3CD7127", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8045E24C2BE3EE6DCE07FB187A1922DCF08A7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCADA92B2A1CDEA6B1B8DA77294080EAD708", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BA01E0EA2595E8A1298ED9AB925C7A430B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5190D7AECAE313946B30AD835341C6E48", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A5FDC8BF0150C7FFE8E13EA187764148C2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B992679F2DE01627C325FAC1342EEFA58A28EAF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F420375B043C3F372BD02A9F3858ADABB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC170974453EB43684ECB92BC8E6BEEECC694", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B93CE5DE0570F6E4868FD7561DBD25B9B3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140DEAFAAADAEA87E93BE84F137AAB6039A0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44FFD658E6770535C0ABDA9F47E26BA11C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13D066301F046D43DAFECCAF9ED9C7077E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B76D66D84E7F757C30AC8CE399BB74BF43", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473A85C21F34A587C3B3B63DEBF580E4487", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDE695868387BE01A1EA7ECABE67843676", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39596B5BD4381CD78F40ABBD7FADF9C419", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA1D3FCB0E2D4ED80A1DF5D9349C69BD7C6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE63B7C60537954C9BD8F4AFF0701BA78B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D03C271847A2A5BBF71EFCF84AB57CB1D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408E97CF95944BD80DCE8D124F20C04207351DA5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF2F81515016BF469F19C5B7FB795F42566", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F929D7D76B6D8C8E9A31F974B9D60F2F069D31", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEA3112FE09E093C702B56F5280CB73C6B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4E44B3904EA1D5D497E00CA12D7B9B6D0B86D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E3531114C57B945AE1B8C8B25E499F7FF77F8E7B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B5489D20894A5F82035A3B587643D7FB285", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E30D229194F8E8699AD9C127539267015", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B40C0D1FDD9FC5EFDD092FD1E5331889E3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C37C8C3108673186DE37F8373ED0551394", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FCA29DADBA4B5C8C20149581F4173261B3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90076E9343E5EA3ED67E7FF9C6A7B5644EF9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B30EA817D3F150AF2A9D710FCE7F55584", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D0077D6AF4A4CF430EFDCEBF8E41872764B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE79D4FC6CDB0BC7AA84420C8F1341CBE00", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD880B5A1D83C4F24F355A61AE1578E1E550", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD76042A7E82EA5439B942A5EF1584D3B8E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1E66589392B2E9969352609A0A62C917F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A55650829E182B5573CDA45BA5A0CED54A99", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791F6B928D29D4B7E2E1E1F6A945F1B466D4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F066C578B3974A9F987818181ACA2E708C9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC17033DADC9AE39DAE3F35977F2D88898F30D3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998B431D6513C278DB361CB8C1242E68180", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D312DB060FE4DC661688340B57DB2E14FF8", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BE15A1F8ED39E6FA8F684DCC1BE746B536", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B730D9F3331F776C4DECB87FCC5EB09EBD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2CFD84B5C030740DC4F117DC37A1D9468", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC47326D6628F171C865049B95ACB10094FB748", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB39A9AFE53D9F5A8ED207F6AA3DE38F9AA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6E954231275446EB3D63070ECAF431B0D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA12550A23EFFC860BA935FAF8AF3FB1E0A9B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A13A6BD607EE4CB834B36D96335EF8C03", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2309F41D31EB4E2DE7C519A735193FB63C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFED58366EFA92B7E0AD2DBF91C21F4390B5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28DC8385063628D8DA0684EE01713098545", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F929D7AE24CF768720AE6A9CE48D6B365E83E81A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC529F8CFE269D320A4F234B34443D563BA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5C811766A550593539CFD337C5AAAC6D5A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E35311140467EC0054430055D00E0CDE9521D09A61", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541F3E1481572A2BFFD7F364F4D724FD7A9E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E197D6CDD419BCA138D20DC715EDCAE5758", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABE31BE9A7A51853156DFDBA71A38993B2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C3853B9F472BA9BFBA037011C9A500DBC6A2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33288C2CDFC11E2F406AAD754CD1E2FC8A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072CC05E3E73B580EDBF13044A72C2DA550D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7EC2DF39DC68AD83868CBACB0F3B74DCFA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9E74E3F8DCC2E2E37BF1E22ABE4D2DF19", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7741AFEAD7B1D8ADADF1D961DC31887D6D0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8066BEF43C66F5E186A788FE1DA56810F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E1EB410DB6608A9387396A64D0B6FD88A6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C2DC871BB26DC7575ED897042381ABE90F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D3ED93FBB666DF0DB63E2633487525C0FE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD7FACE4487FEA998C8D88E8A5A70C8BF3D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EB8D35B16F784706DDA743676C02294C27", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338EBA14D6B95D20687D1585A6AC5B48509", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207B14C9F2F446D0F71192AFFE70C98364", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F800FEA58531C94CBBF5B41626C91197E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF99F9B9F52CE178E112F53947F02D2ED2E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714938DFBF751165B44414486395A8F2A96", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A253F504E5FBE1BCC508289F663E00EB2ED1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A68963E1BFC5244F9A64497D69BCF61EA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB36783BF33792EEBDB555653F1A0E5386106", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A46E068ED8479EBB94E4117D70C3FF558A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D25A21C1C52F102A4348D1EE7BE13F64", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A35E0517DE679D7DAEBB250FE17BCEDA001", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D23069628AF741BE40A933DE5D40395C687E5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCA3C671D399FBE05D9D28DF3E961CB3C2B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D939B604252A81A6325E2732DB9C88020DA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66517CFC08FF1DAD724E80BD6E531F4929", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54DF097509F683EAB735088E9F72D091489", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC0E3B0F7AB1A4B30E37AC791886750C5C4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E35311140403D638904947DF0A880016384E5E30AC83", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA7B7092858CE21D5DF3A6CEAB9C3070FC6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196EE175660528C6B0079177FDEC8BAF1C1E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF105024B76299B1F8EDE03DFC9E6AF4FF3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F1B420A794A857C30FD0BF0BADDAE41D93", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A4D0BFFDEE1B2D355CCDCC8F338C064A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C740F8635B4DBF4D1934573C9C7661E7480", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E0361660EAAFC3E361193F908545AE87196", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AFD96F9C4525B106E95F4FBAEB00D5EB3D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744D76ED368CAE6A9B45C3276B7805712717", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4427B136D2C172762AAACD306A569FD3F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E1637C3B51865920FB3F01F36CE63C8AD387", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C2255A402CE1981198154D1B1079C777067B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34D8A767A9C904D517B0EA320B6526A40F5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD749F00914C927167B8407247374C7804696", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8DCECF0F5A787C22CD604631AC4605721", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B9F64CA097DB3709A6BD11D0C6285B023D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A75F3FE9B2955DA60A3D488CBCD623B5B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19F37B2D7311FDFA5368EEA8D45D531B4F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE528F1FF9AA57E1E25695644B8F3120A6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B7143020F5C954755C63E73ABA3E9BA5B6513A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A371B9BEF5C4D98ABFDFEFADD2503B96F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E141DB836F92F53414251FA32C0431D61", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E4F22888E43D09B7057CDF8DD62B539532", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE40A399A5DF9BF10ECA510EAF3E56D47E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1FAFCC4C197E011C0A969AB3C016B7445", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356F1F52C0F4C6DC83BC51D502344451D11B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BED4CCEACCA3A5148A5C34D6D2D135AF11", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA645A3A63E10C34F8914B1E89C721389B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D935090BB06D2127B068B5DCBE0F1195B7615", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B793B92B88581786C19CD234407B51359D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8B2847F1BD79D70F802068FC7E0593CEDB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FD25BFC5AA9B9F3BD5C1FDB9FF261C5D5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E35311140403545C733D52B97665F3E62C2144FB016E4B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E093A842817725C631F9E9E6F5BE22684", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED31855EBCD46CB34D3910B9DC87D0DEA73", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143256D7C294658694857EF8B6F18A10E63", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F184478326E9F1AEAE51C3CA305B87C7E255", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A00C127A280F0D4F7C2A369090E68AD325", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E0C5468A71BD0A700158D740234906F2C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB659C541BA7282DDBE249231EE73FEECD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59FED36BC074E552EBEE246D665A234483", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD07E7FB401D9131A2695D23D3CD96BA591", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D7EE52AFC8415C2D767A5BDC06FCCAA99C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DC6E54D095ECBCDB59DF8B4779CC28AFE0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF368B5C971C27A1E531ED15E26FA228A5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE416BD153619E57621A7F55C856EA3EFC4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD749259C4BC8D681AA8E06C6E2C0F2394B502A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35196BBE2DB2B9988217AF821BD50EF5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98C36C3BC0ADD13225E014A9778772228A3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55A34DD6F028BA5A0799134D91F7F8BAA4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C05C664B32273234D589E4E2BB094C77B9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7BB3FD3FD5E71A774C6894F4AA9D20A8BE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309A184FF8E4EC3619D716F4D2C0FD374FAD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A357CD783A1945D02B44F6F2BE17EB4833D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FD2E4CB864BE3C3668C54DDCD6EF1A0B1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F449D8FAFD23D81CFB04BC80E7AC87F30", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4EC54A634FD5C690D0A55DA54E89D0E8F9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E539AE8E2B99546CE7E0D4BB9CBD8A91FC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF03EA938CDAB114B57470851C77986666", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE156BA606E90EEA62412AA3BFE35639234F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA2252140B25B1111ADDE61BF9A8A63CD1A6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9A90B0B6183BA2E518126112D005440CE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779CC861AEFA2BEC2167558845C75D69340", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA3BA8223BF064CCB5E6F9DBBAEB951151", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6C1051D6B2C56B34BE2EA7874C3ECDC56", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451F7A9B3458FDE3C4E42FA2CF1D1BCA6B8", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D47DC99B3F631ECB8E3A6160891B7CF90", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384B12A4643C0113B978DB1EE21F3020F3C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DD9497FD9A2D52B61CAD3BFF32A3DC428A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F1840457F9387CF2EC2A000871A670292DF5EC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8AC6AF12AD62DB45D4CC9D29E67A56367", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FC00EAE19115C6404EEF519AB689F4CCE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93FC6D58387955D80E44830908AC635414", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D37CCFB9DC62CDD9E1DE7B35CC4518E892", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD004F1EED0816EC94F283717DFF43E8179D5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E0DE21FF41C5FE116F1F5B2EBF202CAF7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC43D37BF733634D15FE76FACD13605CB8E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3AE3AC4472F25E74FCF65877F1C0B40D9D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CCE819F4692D8D7EBC79AD4FD673497E6A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F013D70AFC00B61DE6478F7E514466A1AB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD357FFE25AE1540062A50D5A35BD7FFD6AD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4E484D5A98B5F9561286C821B07A8C151", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC46EE96F90CF6BCA7BC4604F16873F86D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C059BD465B47858744894F0A48D2395CC33E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69F3A40596C7AD15BD9171E82F67D4A0F6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA917BD015B2FEBB876B8DC12C7A421779", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A357200816AF9D65FF10149196A97621471FD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA7BB2CFA2F6D9FCEA68CE44C1256D08097", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0B223B1CDF0FFEAE96E05F308B2FBFC97F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E43365B6E90147867FE50B2872E77BE95AD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F83292D524D664A0FC04FA8BE2CC6BCFA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF03AEE6806FA02008A5736199F6E8404238", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573DB4BE1D5F4C7AB0C2532C807C080C756", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7B21749273A178107A9020F00C2A14030", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CA302A7A1DC2C8F7A07B845CF7485A8BAA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C1D3E920637DC7D304D2CCAD8C5BFAA973", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10933F0837AB3D76D93DD435DA34D61900", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7C96072286570056F5FF008717AB93497", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E3531114040354519513CC80F0AAF5FD0F9C98FAABCFC93CE9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A9F158190A2470F912DD0D0FCD8B7664B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E70A60E87A982748DEE006E35C40F27E01", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD9781455E019E8E757C5006A28EB364D64", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404430F2DA7A4C292A930E7925C54B21B3779", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5C1DDF5245DC462F44CCB7AEE1E14ED1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE874D8F0EAE1C02A10E5EFCC2B796AC572", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3470DE000F51AB291B3571CDB13E162D4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EF9A24C6095137DC2F5117E0EB7C6AB3FC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF13008BBDF90F0C4CB9CFAB2F902A9CF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50465FD50333149A24F1942FFA2FBD0909", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC497C421CAD7E3A4DF2BE9EACCD8117C717A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D1C37FA000CF7F14D1292240519DA162A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC230774C0524B0D93519802603DFD1294C8", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9E1D8D700203C201DC092524957D7253A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C7C3A13A4DFF475AE828D73D0EAE922441", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B3644C77AC426E3C930EC8748FAC43E360", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC995A3B40EF5CFFA2E66753FB1AE9940D69", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FFB480724FD5977A225C9ED8ABC7E4710", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C868BAB4D2BC58FECF3B186070234B6A38", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44FF83CA90C0AF633654E6BF1466F4B3AD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E241C1D4AF53026F3C1F1E39055789F23", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795DED3E085A303C110AD095C91C6D2E3A9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4511B5873E39E1EC8D3677BCE6CA1BD0A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436E2CDF9C41BA76C2DA79780E3C728A1CC0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75F2F4D7AA062DADA76E065C8324FB909C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C420436A4179A327AD848A729F2201E3D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6BD4B3D1465019DC6EF9BEA0FEDD640B4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA0C3523DA5B9FFC3E6CC8DC3D4FD36367", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9DAFBE59DA765099A78EB0BFBB934C51B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14DF81A0085840580FE2FBCA0AF5002907A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8363B3B123E5CE1916C194243E70D41BD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7491C9EC0EDEF3F0873E9365C84F1316107", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E35311140403545195428D6217730F6DBA712A153ADF7C563BD2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A6F96EEE1C5AE4DFBE81154CF9CEED5AA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DD2B386F44B2BEBDD5831EAAECADF9E41E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92D56C0B24679ADB36B174F78F624C60C48", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DFB4D6E7CC26F65FCA9EFF8DCB34D2B76", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5FB78C6872C53021857E4298A48AFF37DD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C2C63783AACB33B9B8822B633AB996C42D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC5A31966531B2FBAC82CCE165CAE57077", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCCD8878D87010E49267C8F6C8D3E691785", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF048282B68E02F547F7C35483EBFBC73B3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622408C3012880E1A58D9FA4F3D615552F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970FEE464255B60E9CC0E29009675FDFC0A7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C190891EC8318193A373229C2546BBA9D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F35C92DBE4380DEC34E332D81B38876F53", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9450575789E98D824EA496A80F58C9EF7D7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C768D4D24DA4A38BB07C2558F5D0385E55E7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B2B4250A85106D4C0FCCD668BB068B429", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A9ECB0B9F69E994A6DA9E6E154BE1DC15", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB06EFDA11A466E170BEC185E15D44D4095", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85AF3B96E2806F85EF467964E61C33799A3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD471C4E15858085DE8B0170FA94A451D1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E570E884CA46E06A8F920851044A4E1A176", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B0FF8BBE180F887AC099F83A91FDE022C3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4ACF682BF9828617E0DC846D3C961CDF6A2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EABC40AA73DACAA54FE7C0E669DA40D2F16", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD18248AAFAE15970F226DB09EE7E91CBF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9EE7DFB458B1E697D8F05FB493E88E8585", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E382A72A447DDA92CA81C4915AA9F5CCA1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA812C547DA33141797A957581D17D6838DC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B219F385E889843E9F713697C8B8661892", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18FF31FCF531CF6D0807819E73005B4954", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA3E92F97A10A6F24AB2776F0EBFD299B4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492BBCA07C2D3DDFBC4D17F59B6EDFD66214", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226EA27EF2E6EDE634FCC87A482AC9FB661", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62E967A0D31DA54CD7CEC94635182C2CD5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEBDC85A7823C106488B253F11ADC6C0960", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF82C7B4AF6883D72572FC8C04A794A2B0D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE4591B3FC911902805A8F1B449703CAC0C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F13BA0902646A17E74A4FB3167A72237DD3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A9F1A13413E966429A5415CD5978D124F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC227883A81C03223A4D809F03ECC6F2B5FA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D52FD0F6DA838CABEBFFA00ED6E1DAE16", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B0CDD133CEBACB318749343241B73005D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622DDEF004D51115487FA8D2A8813EA18657", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F786005D5FF17BCE157263989199E84DC15", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C73CE46F92D48534DD5CA3D1E19C64B7140", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C29022F78F0DA130522C3098E2255E5649", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459C1E7E94EC141145D78D952428C9A06D19", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C76806DF75F1A321E30CECF7E2FCD30F9D0924", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AD170303C8FA30A9669BB249ACA5AA4EB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A71DEB3C0D8C9B357A0D5ADD56B2BE93854", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031D093181BB3818DDED8BC78E7A59B05ED", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A958FC051CE45717655F0D929CF7641E1BB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD906F890C0EFBBE835D48D2D61F540EBB3F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E5754EEB221110C19D7865832E0DCEDD6DD7B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067EA1AE225C0C142812AA3382FF6ABE64E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F3C36A75E4693628AA6B530B7BF999C0C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB592D19CE76A99F60E2143A1F470A9FE0A4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BB80BE753B0D6F9C548891496A48DC3AB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E948B096FCA2C76332BB3EAB79C39758D13", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3EC0200D93E1F7F68AC44870330A47828F1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA8104F4A441EF3B0BADFA31BB1946A6755FB9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B73CFEF4CFACAA6499487404BF232D449A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDD3FC89A696B86B569537969056AFEC73", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA91960C5F2359839920BDB1AB46D615418B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55D01FAA6EDF34944AF393396AABA744A4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDEB75CA0F57DAC7F74603A0D4B0D7BF2D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DA067FF116A44684402C709E102E504389", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB24BFAA34FC345FA13B71B5D7C68669066C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5F57FE4173AD4966C29CFB3686157228", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417E79D7B256D52BE5AFB7CB4EFC9DE14A1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F13349A85F26FC9AF40E66CABE820045F6EDB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85B629F622A3EDB42E5B8CB7D49A379306", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF7F44A6ADD47D6C3C2074136AD7CA3ED", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D347F9C6392F2F0B7D9C6C6AB44D5094085", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6C643855105B0BA973BD4AEC3BC0ECDE1F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D789BFE76CE0A2130453F7A05B0B5364BD6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F78734DDB9CE0523B99779E4497AD5964E6C5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379935C053F229C92D664368876B2011791", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CEB9882BB795889D4AEE31E9EA04405FB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA79715549452A9F918CAE4D52ACBA51C6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C768069356836DE14D328579C63AD95BA95DF96A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF98A2B0B5271981599FF69C203245B6C50", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717F732BFC622DD69894029AEBF2C35DB916", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB29DC6847FC70FD80EC17C8AA8C5BAF6C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A95787A5A9FF1968324C0702913253B832393", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909FFE14A59BBF3F300E9FB78D441FB13F3D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B37FB439E9C5CB4CEA08F3A47D71A96C2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B0677008D6DC5CE5E8761AF221E745C627C657", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9FA167C566FA70846600FAA8457823EDE0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920017C8BE261B3527DAAD2E162D1DB1120", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDEBCFB6DB67C43EA35032BC886EFD1647D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E94013EE1C1217DAA7B9B24CE353B970257C4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0225B1C8C72F7BE7EDA082DB418C4FD1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042CF85A9C35E464D5129663C60B2D8B2928", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7769C9B3CA234D5AD37A7FF0D0E51396A86", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA32274938424DD5547FD8247960A8BB7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913DE17A3D510380A8280002CCE30C18B375", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C67854A378E62C2E1D7860330C9338C437", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2E7FEF6411D78766708AF9E771FA9926B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA5550C592C73E531D84F1B4B1198EC58", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247AE6F7EAC22E33990B1F339CD292F02122", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5DE52943526766B92E9EDB0E7BF8B30B67", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE41790D7E9874DF9F1E50C3ACF75B27C40E760", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D8425B8D00EF29C46500F749304729E591", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A2164E68ED7A1BD67999EB77E5FF73424A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6C6849E90348530D6AE2A625971B3950A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E47832ADEBCB69AFDE570DF1D2C186425", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED2D32A4013CED6406F39489C10DDC7CF9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D788334FB2AD867472BD640796447077D4998", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F7873615B1BF7E07D0DFD0303366291F0C13421", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379FAAAC5D1351FAE1727CE0BA9CC4B82092D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CDBBE1F3D9C6D9E2AC0B43A92029D91A2BE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA792C3849B85749785E8A1B29242FBA2A88", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C768069349410982EE12CC87BE081648520EECFB66", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF9CE9CC04B87820146D6D4A86A6DBDECB2E3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717FF8DFF86953AB81BC6CB91BDD12C652C71A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB9C901226DC60B5DC8993FA2227331DC5DB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A9578C707599F7664AD6F3C871A49B6EF2FC0DD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909F3207CE2218F0CE99E5878061A010A8EEC9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B5D7BE52443B10F3200DBBC17CC81465BEF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067700C3273091B5764C4AB027956C000B33C6B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9F77F1A8000686EB011F1AEBB6926BE3E822", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920DB50E17E7552090E4C904AA7FEF1BAD896", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDE4B735B92725281AA24D69DDBA2FCEC9F44", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E9401932DA440B79B125551BC821418D1BE4A25", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0D046BF0FBFFB62C298F093881764EF462", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042C2D570AD452403CB99E83788E79C676E7E1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7762C62FC5E4A3679CCC3C44C0D0407BEC3EC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA2FDC44D03A640D612E3C5D2589B81A12A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913D4A8FAD0BA3F4809D1621E8CB88F5664BAF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C6602560193EAF9FFA99FE9CA775F813F1A9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2C9F65B20E8A4C237EB98CBBA80B96E7C67", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA022033F750B5C5C2B04423F4AFD526723", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247A7285C58D114687832855FADD754794347D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5D8CBC22B0233BF9527E78D9A38F022253A5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417905F7CEE504FE9065E580BC3D89BDB6B4EC1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D88DD8344D168CA1EE1955E71DF515158CC2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A28D17DB899AFA425A5F24C8731CDA6C17F0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6FD3892ABE1218D8566FFF6C56969FBD34B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E6A233F14FA3CEBE88FBC844075D5EF10E1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED0ED22951AF4016B148D6CACDFA78303BEC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D7883455AAF5E8ADE16FBB36FD476A76B5F5988", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F7873610D634EBDD09456E5DC2ED6CD5A5FF86793", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379FA53C0F55E525E1023B8E6E9513B4EE51E68", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CDB6DFE71F0328D900C490648E46AAC9D4082", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA7940D7E3F79349BDB969183E1A48EDC72F52", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C7680693493074BEA0E944FC217A77F54877728BF91F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF9CE4690D0E25CA0307C11D11193E9B6A2D1EC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717FF870CFCD6A10B058644D4E1280909098E44B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB9C2D69B0131D48D0DC05B096642FFE827F45", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A9578C77024FCD71415E9DE2E21FB1655F0BC3039", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909F327B6BD5F25F7E7E04A778494BD666ECC9A4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B5D9B352103AC233F21002072E0A7DC3E4739", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067700C51F0B3353B31AE123D0B649F6349C37124", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9F771E0BB4D73C507DF3596E6C654BA6D31CCF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920DB12870C2B41369AAB1C7D2E78B09C7D74A7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDE4BDAC028AD0195B3CB95E3EA9D256901F249", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E940193629BB55AA5F905DC5DC35CAC1391580489", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0DF8D707751412AB9F5819AAE3FBBD6AB682", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042C2D4E2E663D6EAC31A5377FFF65B3F5D8BCAF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7762C6D187730437F6996206799A7ED5E2298B4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA2EFE717C6C901C73EE6A3FC6ABB0B74A375", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913D4A943587C6DBB56716BC8F09C50B118C6C45", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C6607DD458067A071F27E94CDFD080478E5351", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2C9F9671748BAAE80280A25E9935CC6EB9A92", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA0F73A8234C5B06CD0A47F2DEBA68F290558", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247A728E287F016B12CB4E4320E4C93A1BEF2161", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5D8CD3EAF8436A80449E750590176EA1C70C04", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417905FA64AC13E572557AAFE3B9C869FE347C1F3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D88D73AA18D10D1504CB9F41260505FBF70BD4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A28D43A846FEABE6F85FE9A0D1DBA6E18C5166", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6FD6E6803AE420D1A57792899CF43ED6C3823", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E6AE82601F4B891685C1D025C914994E43338", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED0E4FC0B4604271FEF50FA50611B77254BAEB", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D788345FAF0DDEF49C8963D18488CA6F992383336", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F7873610DEB7075EFBF71C194850DE9DA2A50236A60", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379FA53BA874D9E05ECA3464427A2896943063027", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CDB6D4458468F2AC3D82ADB2D25AA5B2F56CDBA", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA7940BD5A8E37679BB8ED3219BF985CFD74C278", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C76806934930918654B7DA2A75AF4090204A5EDABB559B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF9CE4612B77C2C4550E87B333BBB434C3AD78012", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717FF8702FF4097F81119F1E4932A06A72C5474F89", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB9C2DBE006DA16A75677F9A181AF9CEBBB0ACC2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A9578C7705A3C8F60FBA293114A22E92E16B10EA2FC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909F327B30500E02A8E8089A98BF778113746075D5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B5D9BBA277A5993BFE34637D241A9374EAD046C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067700C518D010539B10558995926316D58ABF2DC29", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9F771E2CD2CD2586CE37BCE0BF9054EA011366C6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920DB12B419D6921FD73CF05E06A2339A2F5CB138", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDE4BDA18344AF6C7AA31C4FE4EABD7BBFABABFC9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E94019362C555926E326980EAF271CBE6C2432D1077", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0DF819C47B6A78FAD2BE485D4D523E3ADA1EAE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042C2D4E30120A1ACC6753BE432F717776533AFB02", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7762C6DA840C162E0F19111066B112B0734AF5B19", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA2EF50AA94E47E5D6F9F0924E384BD76ADF883", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913D4A94AD6BE35E586291754D0A06D917ED2166A3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C6607D5216E01C84A49097436451869E44C124A2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2C9F9B632B26220FB0BC970DA69B1AE523C02F7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA0F769AE8CA4EEAA704D6127F4D78F91A31E8F", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247A728ED9C04DF7AD6634225D49480D085585D969", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5D8CD31395024DCB4FD3ED5F6C9886B4E85FDEAE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417905FA6B5D8CFF8C9C321E2A1379EF317E589DA16", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D88D73E274F44792336787A210718DC48899155C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A28D43F772A794F27D5ACC2063B77FBD6D79BE5B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6FD6EBA220D6AF228B692AE090DD47A2F95F3E8", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E6AE8D86066282C5512C7D7F7BF835ABACBD337", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED0E4F256DADE434F55ADB4DABA13ACA40B781D2", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D788345FA7B202C9DB99A6CD7AAB352BFC0E9FA180A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F7873610DEBBED2E8B3025BB7767D5A9B992787BFA711", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379FA53BAD5D7AC8DDFCDB071577ABBC85A3F3EBDF3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CDB6D447C7A7A81140204835F9B0F5FCFD8C063A7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA7940BD1BD3321ADE3CD62DA279301477D96BD55D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C7680693493091067F98DDB903C5D684F30F3CD4BDC114FD", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF9CE461202D4668B6D9E0B5AFEE5400BCA3E605B19", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717FF8702F10256B0DC55184F0EACB8E8809CAE80E6D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB9C2DBE3B9E31EF3E5C9D02C7BE72ABFA1DA1B252", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A9578C7705ACA84E85A556A93D4F83BC2572A3F803056", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909F327B301D3E4AB074CDAFC883FE363DA28C5F107D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B5D9BBA996D011D99913FF27F37961B26258BF4A0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067700C518DE8BDCCEAAE3606D1E6E6E79FECE071288D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9F771E2C2158128743E9227CE49039593DF72B6CAE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920DB12B43AC9DC073324C3CC82F899DEF41CF81C9D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDE4BDA18C0CA35235DE9B4FF8BF4C4E3095936A977", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E94019362C559DBD916D6373BB469C267589A911F725A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0DF819DB8E887F35C143068B14A963D71E9EFA7E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042C2D4E301DF46E8A30DB901442D9259F26980BE630", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7762C6DA888AB27D593E0BC110DD9718DA52208EAC7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA2EF50E591CE9EF909554131E2DB1DF5ED8AF8D1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913D4A94AD72148DE364DEF49DC5144A813F7EC9F93E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C6607D52E83D3A452794913709BD7690C11B04FBDF", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2C9F9B695FF9F39E52C178A7791F995DF8D5CE251", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA0F769609BE56EC62AB5043D092DA9929ED7A21E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247A728ED97D33BC915A466AE53524DCC2F89499AE3C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5D8CD313181F2BE9D90172C9A88B9649B9F150FCAC", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417905FA6B524DC62CF611C80D167A79C32FE260F54D0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D88D73E2D9150E7D73DFD6E6CAFF5A53A7EBF5EB0D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A28D43F7804CC64A7A66ADFADBDDAF6CE57D79762C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6FD6EBA0BA324E89FF4631ACFED599ACB499EC391", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E6AE8D8DF9EA64F7AE36235FC9A84FBD6CE49C390", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED0E4F255B196B883137E0D1CAF33AFEBB4B9E72C4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D788345FA7BEE2FA78AED259CE07FB15CD65585E407B5", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "", + /* CT = */ "E770D289D2A44AEE7CD0A48ECE5274E381BAD7E163DCC4970F7873610DEBBEB1A28657F6E82FE53D08B09EFF9330BD2B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "00", + /* CT = */ "25FBE48AC155C103927E59C60C88A56B69F5F1C225BF3A1D5C7379FA53BAD550B72100ED30B362AD4E54DA95D5FE81BE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "0001", + /* CT = */ "49E50547CA0C754784F2A6F936ED9497C3A556D34DE4CC23F3C21CDB6D447CDB0F7324DEC1D9F0B3C2125EA5AAD85A12", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102", + /* CT = */ "D2721FCB362AB5E15C6872449B117B9926791FD74925F0D9459CFA7940BD1BC1E2A1C710B0814E44188B2207828C7206", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "00010203", + /* CT = */ "4A53D9966D87BFED686585FE7A28C7D3027F06EBA8BD35C7680693493091068DB6219EB3BDEFCA3655D4BD834136383B", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "0001020304", + /* CT = */ "1F820273C65246B76D4FF8D1ADD72D5CC1703338B98CE4B34B5AF9CE46120201F53D87E6764E4008CBE3FBE87A08ADF9", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405", + /* CT = */ "7CC88BDBF6D70605975B2FCD35DABD5B37B998207A55DC996A717FF8702F107074247F782093AD907E7040B22CA7BD7C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "00010203040506", + /* CT = */ "44864FD337BBF237DB14139BDC6E1D25140D311F19C0590FB031CB9C2DBE3BA0DFC1D241CC18E6228544BD816283C38E", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "0001020304050607", + /* CT = */ "108640BD71345C6EDC4AEC76EA3BE5D4DF44BEF9CE7B69C85A9578C7705ACA2E5CAF789E99F9F566DE4EB813B600FE74", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708", + /* CT = */ "6A256FBBD3726C823F99E5C5252CFC367D13B714309AEA44AD909F327B301DC475C5CD33E913B0B198EFF30508CB9B54", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "00010203040506070809", + /* CT = */ "F2F44B081312F3F8C13E843F0ADBB84D30B7A2535A35720E57540B5D9BBA99531A32EAA78CB4A105912623AF2C895F95", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A", + /* CT = */ "29FCAD75A4163DE319D4E3E4C98F5D5FC473269A6E6FA795B067700C518DE89A9D3D6FB75EA34A68A5B0A003771EF16D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B", + /* CT = */ "BBAE1D88621912ED737EADA1B19FCB19A9DDB367E42F0BF4AC9F9F771E2C2195D4C4A1412D57DA00D67B8F561DC04B06", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C", + /* CT = */ "4BE547736BE1D8A6CDE18D1430BA869E6B39F6A4AE4E436EAB5920DB12B43A64D24740A17013ED20E655CDD25E3396EE", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D", + /* CT = */ "4E589270FEB89BB22408041DAF7D55DB9BA125D4D1E58F75BD9BDE4BDA18C0793384BDE51781CFEC7EC9CE6961827063", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E", + /* CT = */ "B03E607317A251B08B30F744B71965B0F1BE7A356FFF037C9E94019362C559A217552DA84151A370BB25D4F78B6F1168", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F", + /* CT = */ "6A28215E4A6023FAE42095318B187F99C56D2306BE1573F6E3ECFE0DF819DB87363A60D9CDA76645D7CBED45B7C56470", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F10", + /* CT = */ "9813B7013089DB863A742A4C13F1408E97CFEDCAAA22A7DA81042C2D4E301DACD14E8CB31E60870699542BE0D16800B0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011", + /* CT = */ "501DFE330EC4528E8D3BC467A02391BF2CF28D9350A9CAF9B2B7762C6DA88818F2F5E3B3A0AF95ED6BCDAD67E50DD6A3", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112", + /* CT = */ "64AC72120E66A202433C618208B281F929D7AE66B779C14D18DDBFA2EF50E5A50DD77DDD74446DDDA76EB8E599E16084", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213", + /* CT = */ "C305EB0E851DF92B6F8ACA44F24BADF13BEEC54D8BAA10B8CA913D4A94AD72F626D2ED4344DCDDB709823A4AFF345F4A", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314", + /* CT = */ "994984D48B44B49446092EE25EF521A4E44B5CC07FA6E7492B55C6607D52E89F7ADC60EDA79A4CE5CB822A4A371805D6", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415", + /* CT = */ "368D61A8D488E8FB0F9F57D79350E353111404035451954226DDA2C9F9B695388820AEC504402E011B974B6B0CEC2A26", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516", + /* CT = */ "C01EA7792BF5F9621F07A266E6DF876E7B541FA73E8D8A2A62DACFA0F769601B137B92B496041A8A1B2C7E06000D619D", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F1011121314151617", + /* CT = */ "BA35FA7ECE7C780FFF8B7E41BC97822F982E196ED384E7DDEB247A728ED97D2EF7AB5FC950E9B24177F4FD14557CC12C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718", + /* CT = */ "4C83A29686FE1AFC3FAD84899E6F5176B6B4ABF143DDD92DF81E5D8CD31318E605E2A08F457910F05BE0553A2971BF88", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F10111213141516171819", + /* CT = */ "1244D5C1B435AFF489A8FD04B87B0763E4C385F18404435DE417905FA6B5247AE8F61A273B6D9357FA8E9869D54DD342", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A", + /* CT = */ "C8002E9D447FA42945BF66AF5375BF6102FC33E1A0A8ED5F1334D88D73E2D95B50459F83BBBBCFC34715D41A58D58610", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B", + /* CT = */ "662D521980423CBF521E7E4F9BABD0FF90072C743E4FE8C27A85A28D43F7807334B38C59FE294D019FC599C562790E93", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C", + /* CT = */ "26A6E765E6BFE7EC0E25886657486E8D4C0B7E03EB93A3BC223FF6FD6EBA0B1C7A7122C0D077AE4E76A310EDB67F79F1", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D", + /* CT = */ "0F55D7051D7478D53F2BA03EF290C48B2D00B9AF59D3EFCC0D344E6AE8D8DF02AABF416D29B6E558DFE1B1E5561DCED7", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E", + /* CT = */ "141B8B25E59E0D01B11422D94048C8045EE7744DD0040BF08B6CED0E4F255BBD4D4A994B5F271A0A659530252583A4C4", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* AD = */ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", + /* CT = */ "4C086D27A3B51A2333CFC7F22172A9BCAD88B8D4D77E50622D788345FA7BEE4468915D3F9422289F2349D6A3B4160397", }, +}; + +#endif /* TESTS_API_TEST_ASCON_KATS_H */ diff --git a/test/ssl/wolfssl/tests/api/test_asn.c b/test/ssl/wolfssl/tests/api/test_asn.c new file mode 100644 index 000000000..794029da1 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_asn.c @@ -0,0 +1,640 @@ +/* test_asn.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#include + +#if defined(WC_ENABLE_ASYM_KEY_EXPORT) && defined(HAVE_ED25519) +static int test_SetAsymKeyDer_once(byte* privKey, word32 privKeySz, byte* pubKey, + word32 pubKeySz, byte* trueDer, word32 trueDerSz) +{ + EXPECT_DECLS; + + byte* calcDer = NULL; + word32 calcDerSz = 0; + + ExpectIntEQ(calcDerSz = SetAsymKeyDer(privKey, privKeySz, pubKey, pubKeySz, + NULL, 0, ED25519k), trueDerSz); + ExpectNotNull(calcDer = (byte*)XMALLOC(calcDerSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(calcDerSz = SetAsymKeyDer(privKey, privKeySz, pubKey, pubKeySz, + calcDer, calcDerSz, ED25519k), trueDerSz); + ExpectIntEQ(XMEMCMP(calcDer, trueDer, trueDerSz), 0); + XFREE(calcDer, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + return EXPECT_RESULT(); +} +#endif /* WC_ENABLE_ASYM_KEY_EXPORT && HAVE_ED25519 */ + +int test_SetAsymKeyDer(void) +{ + EXPECT_DECLS; + +#if defined(WC_ENABLE_ASYM_KEY_EXPORT) && defined(HAVE_ED25519) + /* We can't access the keyEd25519Oid variable, so declare it instead */ + byte algId[] = {43, 101, 112}; + byte version[] = {0x0}; + byte keyPat = 0xcc; + + byte* privKey = NULL; + word32 privKeySz = 0; + byte* pubKey = NULL; + word32 pubKeySz = 0; + byte trueDer[310]; /* The largest size is 310 bytes on Condition 8 */ + word32 trueDerSz = 0; + + /* + * Condition 1: + * PKEY data = 34 (1 to 127) + * PKEY_CURVEPKEY data = 32 (1 to 127) + * PUBKEY data = 0 (Empty) + * SEQ data = 46 (1 to 127) + */ + privKeySz = 32; + pubKeySz = 0; + trueDerSz = 48; + + /* SEQ */ + trueDer[0] = ASN_SEQUENCE | ASN_CONSTRUCTED; + trueDer[1] = trueDerSz - 2; + /* VER */ + trueDer[2] = ASN_INTEGER; + trueDer[3] = sizeof(version); + trueDer[4] = version[0]; + /* PKEYALGO_SEQ */ + trueDer[5] = ASN_SEQUENCE | ASN_CONSTRUCTED; + trueDer[6] = sizeof(algId) + 2; + trueDer[7] = ASN_OBJECT_ID; + trueDer[8] = sizeof(algId); + trueDer[9] = algId[0]; + trueDer[10] = algId[1]; + trueDer[11] = algId[2]; + /* PKEY */ + trueDer[12] = ASN_OCTET_STRING; + trueDer[13] = privKeySz + 2; + trueDer[14] = ASN_OCTET_STRING; + trueDer[15] = privKeySz; + privKey = &trueDer[16]; + XMEMSET(privKey, keyPat, privKeySz); /* trueDer[16] to trueDer[47] */ + /* PUBKEY */ + pubKey = NULL; /* Empty */ + + EXPECT_TEST(test_SetAsymKeyDer_once(privKey, privKeySz, pubKey, pubKeySz, + trueDer, trueDerSz)); + + /* + * Condition 2: + * PKEY data = 129 (128 to 255) + * PKEY_CURVEKEY data = 127 (0 to 127) + * PUBKEY data = 0 (Empty) + * SEQ data = 142 (128 to 255) + */ + privKeySz = 127; + pubKeySz = 0; + trueDerSz = 145; + + /* SEQ */ + trueDer[0] = ASN_SEQUENCE | ASN_CONSTRUCTED; + trueDer[1] = 0x81; + trueDer[2] = trueDerSz - 3; + /* VER */ + trueDer[3] = ASN_INTEGER; + trueDer[4] = sizeof(version); + trueDer[5] = version[0]; + /* PKEYALGO_SEQ */ + trueDer[6] = ASN_SEQUENCE | ASN_CONSTRUCTED; + trueDer[7] = sizeof(algId) + 2; + trueDer[8] = ASN_OBJECT_ID; + trueDer[9] = sizeof(algId); + trueDer[10] = algId[0]; + trueDer[11] = algId[1]; + trueDer[12] = algId[2]; + /* PKEY */ + trueDer[13] = ASN_OCTET_STRING; + trueDer[14] = 0x81; + trueDer[15] = privKeySz + 2; + trueDer[16] = ASN_OCTET_STRING; + trueDer[17] = privKeySz; + privKey = &trueDer[18]; + XMEMSET(privKey, keyPat, privKeySz); /* trueDer[18] to trueDer[144] */ + /* PUBKEY */ + pubKey = NULL; /* Empty */ + + EXPECT_TEST(test_SetAsymKeyDer_once(privKey, privKeySz, pubKey, pubKeySz, + trueDer, trueDerSz)); + + /* + * Condition 3: + * PKEY data = 131 (128 to 255) + * PKEY_CURVEKEY = 128 (128 to 255) + * PUBKEY data = 0 (Empty) + * SEQ data =144 (128 to 255) + */ + privKeySz = 128; + pubKeySz = 0; + trueDerSz = 147; + + /* SEQ */ + trueDer[0] = ASN_SEQUENCE | ASN_CONSTRUCTED; + trueDer[1] = 0x81; + trueDer[2] = trueDerSz - 3; + /* VER */ + trueDer[3] = ASN_INTEGER; + trueDer[4] = sizeof(version); + trueDer[5] = version[0]; + /* PKEYALGO_SEQ */ + trueDer[6] = ASN_SEQUENCE | ASN_CONSTRUCTED; + trueDer[7] = sizeof(algId) + 2; + trueDer[8] = ASN_OBJECT_ID; + trueDer[9] = sizeof(algId); + trueDer[10] = algId[0]; + trueDer[11] = algId[1]; + trueDer[12] = algId[2]; + /* PKEY */ + trueDer[13] = ASN_OCTET_STRING; + trueDer[14] = 0x81; + trueDer[15] = privKeySz + 3; + trueDer[16] = ASN_OCTET_STRING; + trueDer[17] = 0x81; + trueDer[18] = privKeySz; + privKey = &trueDer[19]; + XMEMSET(privKey, keyPat, privKeySz); /* trueDer[19] to trueDer[146] */ + /* PUBKEY */ + pubKey = NULL; /* Empty */ + + EXPECT_TEST(test_SetAsymKeyDer_once(privKey, privKeySz, pubKey, pubKeySz, + trueDer, trueDerSz)); + + /* + * Condition 4: + * PKEY data = 258 (256 to 65535) + * PKEY_CURVEPKEY data = 255 (128 to 255) + * PUBKEY data = 0 (Empty) + * SEQ data = 272 (256 to 65536) + */ + privKeySz = 255; + pubKeySz = 0; + trueDerSz = 276; + + /* SEQ */ + trueDer[0] = ASN_SEQUENCE | ASN_CONSTRUCTED; + trueDer[1] = 0x82; + trueDer[2] = ((trueDerSz - 4) >> 8) & 0xff; + trueDer[3] = (trueDerSz - 4) & 0xff; + /* VER */ + trueDer[4] = ASN_INTEGER; + trueDer[5] = sizeof(version); + trueDer[6] = version[0]; + /* PKEYALGO_SEQ */ + trueDer[7] = ASN_SEQUENCE | ASN_CONSTRUCTED; + trueDer[8] = sizeof(algId) + 2; + trueDer[9] = ASN_OBJECT_ID; + trueDer[10] = sizeof(algId); + trueDer[11] = algId[0]; + trueDer[12] = algId[1]; + trueDer[13] = algId[2]; + /* PKEY */ + trueDer[14] = ASN_OCTET_STRING; + trueDer[15] = 0x82; + trueDer[16] = ((privKeySz + 3) >> 8) & 0xff; + trueDer[17] = (privKeySz + 3) & 0xff; + trueDer[18] = ASN_OCTET_STRING; + trueDer[19] = 0x81; + trueDer[20] = privKeySz; + privKey = &trueDer[21]; + XMEMSET(privKey, keyPat, privKeySz); /* trueDer[21] to trueDer[275] */ + /* PUBKEY */ + pubKey = NULL; /* Empty */ + + EXPECT_TEST(test_SetAsymKeyDer_once(privKey, privKeySz, pubKey, pubKeySz, + trueDer, trueDerSz)); + + /* + * Condition 5: + * PKEY data = 260 (256 to 65535) + * PKEY_CURVEPKEY data = 256 (256 to 65535) + * PUBKEY data = 0 (Empty) + * SEQ data = 274 (256 to 65535) + */ + privKeySz = 256; + pubKeySz = 0; + trueDerSz = 278; + + /* SEQ */ + trueDer[0] = ASN_SEQUENCE | ASN_CONSTRUCTED; + trueDer[1] = 0x82; + trueDer[2] = ((trueDerSz - 4) >> 8) & 0xff; + trueDer[3] = (trueDerSz - 4) & 0xff; + /* VER */ + trueDer[4] = ASN_INTEGER; + trueDer[5] = sizeof(version); + trueDer[6] = version[0]; + /* PKEYALGO_SEQ */ + trueDer[7] = ASN_SEQUENCE | ASN_CONSTRUCTED; + trueDer[8] = sizeof(algId) + 2; + trueDer[9] = ASN_OBJECT_ID; + trueDer[10] = sizeof(algId); + trueDer[11] = algId[0]; + trueDer[12] = algId[1]; + trueDer[13] = algId[2]; + /* PKEY */ + trueDer[14] = ASN_OCTET_STRING; + trueDer[15] = 0x82; + trueDer[16] = ((privKeySz + 4) >> 8) & 0xff; + trueDer[17] = (privKeySz + 4) & 0xff; + trueDer[18] = ASN_OCTET_STRING; + trueDer[19] = 0x82; + trueDer[20] = (privKeySz >> 8) & 0xff; + trueDer[21] = privKeySz & 0xff; + privKey = &trueDer[22]; + XMEMSET(privKey, keyPat, privKeySz); /* trueDer[22] to trueDer[277] */ + /* PUBKEY */ + pubKey = NULL; /* Empty */ + + EXPECT_TEST(test_SetAsymKeyDer_once(privKey, privKeySz, pubKey, pubKeySz, + trueDer, trueDerSz)); + + /* + * Condition 6: + * PKEY data = 34 (1 to 127) + * PKEY_CURVEPKEY data = 32 (1 to 127) + * PUBKEY data = 32 (1 to 127) + * SEQ data = 80 (1 to 127) + */ + privKeySz = 32; + pubKeySz = 32; + trueDerSz = 82; + + /* SEQ */ + trueDer[0] = ASN_SEQUENCE | ASN_CONSTRUCTED; + trueDer[1] = trueDerSz - 2; + /* VER */ + trueDer[2] = ASN_INTEGER; + trueDer[3] = sizeof(version); + trueDer[4] = version[0]; + /* PKEYALGO_SEQ */ + trueDer[5] = ASN_SEQUENCE | ASN_CONSTRUCTED; + trueDer[6] = sizeof(algId) + 2; + trueDer[7] = ASN_OBJECT_ID; + trueDer[8] = sizeof(algId); + trueDer[9] = algId[0]; + trueDer[10] = algId[1]; + trueDer[11] = algId[2]; + /* PKEY */ + trueDer[12] = ASN_OCTET_STRING; + trueDer[13] = privKeySz + 2; + trueDer[14] = ASN_OCTET_STRING; + trueDer[15] = privKeySz; + privKey = &trueDer[16]; + XMEMSET(privKey, keyPat, privKeySz); /* trueDer[16] to trueDer[47] */ + /* PUBKEY */ + trueDer[48] = ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY; + trueDer[49] = pubKeySz; + pubKey = &trueDer[50]; + XMEMSET(pubKey, keyPat, pubKeySz); /* trueDer[50] to trueDer[81] */ + + EXPECT_TEST(test_SetAsymKeyDer_once(privKey, privKeySz, pubKey, pubKeySz, + trueDer, trueDerSz)); + + /* + * Condition 7: + * PKEY data = 34 (1 to 127) + * PKEY_CURVEPKEY data = 32 (1 to 127) + * PUBKEY data = 128 (128 to 255) + * SEQ data = 180 (128 to 255) + */ + privKeySz = 32; + pubKeySz = 128; + trueDerSz = 180; + + /* SEQ */ + trueDer[0] = ASN_SEQUENCE | ASN_CONSTRUCTED; + trueDer[1] = 0x81; + trueDer[2] = trueDerSz - 3; + /* VER */ + trueDer[3] = ASN_INTEGER; + trueDer[4] = sizeof(version); + trueDer[5] = version[0]; + /* PKEYALGO_SEQ */ + trueDer[6] = ASN_SEQUENCE | ASN_CONSTRUCTED; + trueDer[7] = sizeof(algId) + 2; + trueDer[8] = ASN_OBJECT_ID; + trueDer[9] = sizeof(algId); + trueDer[10] = algId[0]; + trueDer[11] = algId[1]; + trueDer[12] = algId[2]; + /* PKEY */ + trueDer[13] = ASN_OCTET_STRING; + trueDer[14] = privKeySz + 2; + trueDer[15] = ASN_OCTET_STRING; + trueDer[16] = privKeySz; + privKey = &trueDer[17]; + XMEMSET(privKey, keyPat, privKeySz); /* trueDer[17] to trueDer[48] */ + /* PUBKEY */ + trueDer[49] = ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY; + trueDer[50] = 0x81; + trueDer[51] = pubKeySz; + pubKey = &trueDer[52]; + XMEMSET(pubKey, keyPat, pubKeySz); /* trueDer[52] to trueDer[179] */ + + EXPECT_TEST(test_SetAsymKeyDer_once(privKey, privKeySz, pubKey, pubKeySz, + trueDer, trueDerSz)); + + /* + * Condition 8: + * PKEY data = 34 (1 to 127) + * PKEY_CURVEPKEY data = 32 (1 to 127) + * PUBKEY data = 256 (256 to 65535) + * SEQ data = 306 (256 to 65535) + */ + privKeySz = 32; + pubKeySz = 256; + trueDerSz = 310; + + /* SEQ */ + trueDer[0] = ASN_SEQUENCE | ASN_CONSTRUCTED; + trueDer[1] = 0x82; + trueDer[2] = ((trueDerSz - 4) >> 8) & 0xff; + trueDer[3] = (trueDerSz - 4) & 0xff; + /* VER */ + trueDer[4] = ASN_INTEGER; + trueDer[5] = sizeof(version); + trueDer[6] = version[0]; + /* PKEYALGO_SEQ */ + trueDer[7] = ASN_SEQUENCE | ASN_CONSTRUCTED; + trueDer[8] = sizeof(algId) + 2; + trueDer[9] = ASN_OBJECT_ID; + trueDer[10] = sizeof(algId); + trueDer[11] = algId[0]; + trueDer[12] = algId[1]; + trueDer[13] = algId[2]; + /* PKEY */ + trueDer[14] = ASN_OCTET_STRING; + trueDer[15] = privKeySz + 2; + trueDer[16] = ASN_OCTET_STRING; + trueDer[17] = privKeySz; + privKey = &trueDer[18]; + XMEMSET(privKey, keyPat, privKeySz); /* trueDer[18] to trueDer[49] */ + /* PUBKEY */ + trueDer[50] = ASN_CONTEXT_SPECIFIC | ASN_ASYMKEY_PUBKEY; + trueDer[51] = 0x82; + trueDer[52] = (pubKeySz >> 8) & 0xff; + trueDer[53] = pubKeySz & 0xff; + pubKey = &trueDer[54]; + XMEMSET(pubKey, keyPat, pubKeySz); /* trueDer[54] to trueDer[309] */ + + EXPECT_TEST(test_SetAsymKeyDer_once(privKey, privKeySz, pubKey, pubKeySz, + trueDer, trueDerSz)); +#endif /* WC_ENABLE_ASYM_KEY_EXPORT && HAVE_ED25519 */ + + return EXPECT_RESULT(); + +} + +#ifndef NO_ASN +static int test_GetSetShortInt_once(word32 val, byte* valDer, word32 valDerSz) +{ + EXPECT_DECLS; + +#ifndef NO_PWDBASED +#if !defined(WOLFSSL_ASN_TEMPLATE) || defined(HAVE_PKCS8) || \ + defined(HAVE_PKCS12) + + byte outDer[MAX_SHORT_SZ]; + word32 outDerSz = 0; + word32 inOutIdx = 0; + word32 maxIdx = MAX_SHORT_SZ; + int value; + + ExpectIntLE(2 + valDerSz, MAX_SHORT_SZ); + ExpectIntEQ(outDerSz = SetShortInt(outDer, &inOutIdx, val, maxIdx), + 2 + valDerSz); + ExpectIntEQ(outDer[0], ASN_INTEGER); + ExpectIntEQ(outDer[1], valDerSz); + ExpectIntEQ(XMEMCMP(outDer + 2, valDer, valDerSz), 0); + if (val < 0x80000000) { + /* GetShortInt only supports positive values. */ + inOutIdx = 0; + ExpectIntEQ(val, GetShortInt(outDer, &inOutIdx, &value, maxIdx)); + } + +#endif /* !WOLFSSL_ASN_TEMPLATE || HAVE_PKCS8 || HAVE_PKCS12 */ +#endif /* !NO_PWDBASED */ + + (void)val; + (void)valDer; + (void)valDerSz; + + return EXPECT_RESULT(); +} +#endif + +int test_GetSetShortInt(void) +{ + EXPECT_DECLS; + +#ifndef NO_ASN + byte valDer[MAX_SHORT_SZ] = {0}; + + /* Corner tests for input size */ + { + /* Input 1 byte min */ + valDer[0] = 0x00; + EXPECT_TEST(test_GetSetShortInt_once(0x00, valDer, 1)); + + /* Input 1 byte max */ + valDer[0] = 0x00; + valDer[1] = 0xff; + EXPECT_TEST(test_GetSetShortInt_once(0xff, valDer, 2)); + + /* Input 2 bytes min */ + valDer[0] = 0x01; + valDer[1] = 0x00; + EXPECT_TEST(test_GetSetShortInt_once(0x0100, valDer, 2)); + + /* Input 2 bytes max */ + valDer[0] = 0x00; + valDer[1] = 0xff; + valDer[2] = 0xff; + EXPECT_TEST(test_GetSetShortInt_once(0xffff, valDer, 3)); + + /* Input 3 bytes min */ + valDer[0] = 0x01; + valDer[1] = 0x00; + valDer[2] = 0x00; + EXPECT_TEST(test_GetSetShortInt_once(0x010000, valDer, 3)); + + /* Input 3 bytes max */ + valDer[0] = 0x00; + valDer[1] = 0xff; + valDer[2] = 0xff; + valDer[3] = 0xff; + EXPECT_TEST(test_GetSetShortInt_once(0xffffff, valDer, 4)); + + /* Input 4 bytes min */ + valDer[0] = 0x01; + valDer[1] = 0x00; + valDer[2] = 0x00; + valDer[3] = 0x00; + EXPECT_TEST(test_GetSetShortInt_once(0x01000000, valDer, 4)); + + /* Input 4 bytes max */ + valDer[0] = 0x00; + valDer[1] = 0xff; + valDer[2] = 0xff; + valDer[3] = 0xff; + valDer[4] = 0xff; + EXPECT_TEST(test_GetSetShortInt_once(0xffffffff, valDer, 5)); + } + + /* Corner tests for output size */ + { + /* Skip "Output 1 byte min" because of same as "Input 1 byte min" */ + + /* Output 1 byte max */ + valDer[0] = 0x7f; + EXPECT_TEST(test_GetSetShortInt_once(0x7f, valDer, 1)); + + /* Output 2 bytes min */ + valDer[0] = 0x00; + valDer[1] = 0x80; + EXPECT_TEST(test_GetSetShortInt_once(0x80, valDer, 2)); + + /* Output 2 bytes max */ + valDer[0] = 0x7f; + valDer[1] = 0xff; + EXPECT_TEST(test_GetSetShortInt_once(0x7fff, valDer, 2)); + + /* Output 3 bytes min */ + valDer[0] = 0x00; + valDer[1] = 0x80; + valDer[2] = 0x00; + EXPECT_TEST(test_GetSetShortInt_once(0x8000, valDer, 3)); + + /* Output 3 bytes max */ + valDer[0] = 0x7f; + valDer[1] = 0xff; + valDer[2] = 0xff; + EXPECT_TEST(test_GetSetShortInt_once(0x7fffff, valDer, 3)); + + /* Output 4 bytes min */ + valDer[0] = 0x00; + valDer[1] = 0x80; + valDer[2] = 0x00; + valDer[3] = 0x00; + EXPECT_TEST(test_GetSetShortInt_once(0x800000, valDer, 4)); + + /* Output 4 bytes max */ + valDer[0] = 0x7f; + valDer[1] = 0xff; + valDer[2] = 0xff; + valDer[3] = 0xff; + EXPECT_TEST(test_GetSetShortInt_once(0x7fffffff, valDer, 4)); + + /* Output 5 bytes min */ + valDer[0] = 0x00; + valDer[1] = 0x80; + valDer[2] = 0x00; + valDer[3] = 0x00; + valDer[4] = 0x00; + EXPECT_TEST(test_GetSetShortInt_once(0x80000000, valDer, 5)); + + /* Skip "Output 5 bytes max" because of same as "Input 4 bytes max" */ + } + + /* Extra tests */ + { + valDer[0] = 0x01; + EXPECT_TEST(test_GetSetShortInt_once(0x01, valDer, 1)); + } + +#if !defined(NO_PWDBASED) || defined(WOLFSSL_ASN_EXTRA) + /* Negative INTEGER values. */ + { + word32 idx = 0; + int value; + + valDer[0] = ASN_INTEGER; + valDer[1] = 1; + valDer[2] = 0x80; + ExpectIntEQ(GetShortInt(valDer, &idx, &value, 3), + WC_NO_ERR_TRACE(ASN_EXPECT_0_E)); + + idx = 0; + valDer[0] = ASN_INTEGER; + valDer[1] = 4; + valDer[2] = 0xFF; + valDer[3] = 0xFF; + valDer[4] = 0xFF; + valDer[5] = 0xFF; + ExpectIntEQ(GetShortInt(valDer, &idx, &value, 6), + WC_NO_ERR_TRACE(ASN_EXPECT_0_E)); + } +#endif +#endif + + return EXPECT_RESULT(); +} + + +int test_wc_IndexSequenceOf(void) +{ + EXPECT_DECLS; + +#ifndef NO_ASN + const byte int_seq[] = { + 0x30, 0x0A, + 0x02, 0x01, 0x0A, + 0x02, 0x02, 0x00, 0xF0, + 0x02, 0x01, 0x7F, + }; + const byte bad_seq[] = { + 0xA0, 0x01, 0x01, + }; + const byte empty_seq[] = { + 0x30, 0x00, + }; + + const byte * element; + word32 elementSz; + + ExpectIntEQ(wc_IndexSequenceOf(int_seq, sizeof(int_seq), 0U, &element, &elementSz), 0); + ExpectPtrEq(element, &int_seq[2]); + ExpectIntEQ(elementSz, 3); + + ExpectIntEQ(wc_IndexSequenceOf(int_seq, sizeof(int_seq), 1U, &element, &elementSz), 0); + ExpectPtrEq(element, &int_seq[5]); + ExpectIntEQ(elementSz, 4); + + ExpectIntEQ(wc_IndexSequenceOf(int_seq, sizeof(int_seq), 2U, &element, &elementSz), 0); + ExpectPtrEq(element, &int_seq[9]); + ExpectIntEQ(elementSz, 3); + + ExpectIntEQ(wc_IndexSequenceOf(int_seq, sizeof(int_seq), 3U, &element, &elementSz), WC_NO_ERR_TRACE(BAD_INDEX_E)); + + ExpectIntEQ(wc_IndexSequenceOf(bad_seq, sizeof(bad_seq), 0U, &element, &elementSz), WC_NO_ERR_TRACE(ASN_PARSE_E)); + + ExpectIntEQ(wc_IndexSequenceOf(empty_seq, sizeof(empty_seq), 0U, &element, &elementSz), WC_NO_ERR_TRACE(BAD_INDEX_E)); +#endif + + return EXPECT_RESULT(); +} diff --git a/test/ssl/wolfssl/tests/api/test_asn.h b/test/ssl/wolfssl/tests/api/test_asn.h new file mode 100644 index 000000000..1d2e20b2f --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_asn.h @@ -0,0 +1,36 @@ +/* test_asn.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_ASN_H +#define WOLFCRYPT_TEST_ASN_H + +#include + +int test_SetAsymKeyDer(void); +int test_GetSetShortInt(void); +int test_wc_IndexSequenceOf(void); + +#define TEST_ASN_DECLS \ + TEST_DECL_GROUP("asn", test_SetAsymKeyDer), \ + TEST_DECL_GROUP("asn", test_GetSetShortInt), \ + TEST_DECL_GROUP("asn", test_wc_IndexSequenceOf) + +#endif /* WOLFCRYPT_TEST_ASN_H */ diff --git a/test/ssl/wolfssl/tests/api/test_blake2.c b/test/ssl/wolfssl/tests/api/test_blake2.c new file mode 100644 index 000000000..bde5d0041 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_blake2.c @@ -0,0 +1,545 @@ +/* test_blake2.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/******************************************************************************* + * BLAKE2b + ******************************************************************************/ + +int test_wc_InitBlake2b(void) +{ + EXPECT_DECLS; +#ifdef HAVE_BLAKE2 + Blake2b blake; + + /* Test bad arg. */ + ExpectIntEQ(wc_InitBlake2b(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2b(NULL, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2b(&blake, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2b(&blake, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2b(NULL, WC_BLAKE2B_DIGEST_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test good arg. */ + ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_InitBlake2b_WithKey(void) +{ + EXPECT_DECLS; +#ifdef HAVE_BLAKE2 + Blake2b blake; + word32 digestSz = BLAKE2B_KEYBYTES; + byte key[BLAKE2B_KEYBYTES]; + word32 keylen = BLAKE2B_KEYBYTES; + + XMEMSET(key, 0, sizeof(key)); + + /* Test bad args. */ + ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, NULL, 256), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, NULL, 256), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, key, 256), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, NULL, keylen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, 256), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2b_WithKey(NULL, digestSz, key, keylen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test good arg. */ + ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, NULL, keylen), 0); + ExpectIntEQ(wc_InitBlake2b_WithKey(&blake, digestSz, key, keylen), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Blake2bUpdate(void) +{ + EXPECT_DECLS; +#ifdef HAVE_BLAKE2 + Blake2b blake; + + ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0); + + /* Pass in bad values. */ + ExpectIntEQ(wc_Blake2bUpdate(NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Blake2bUpdate(&blake, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Blake2bUpdate(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test good args. */ + ExpectIntEQ(wc_Blake2bUpdate(&blake, NULL, 0), 0); + ExpectIntEQ(wc_Blake2bUpdate(&blake, (byte*)"a", 1), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Blake2bFinal(void) +{ + EXPECT_DECLS; +#ifdef HAVE_BLAKE2 + Blake2b blake; + byte hash[WC_BLAKE2B_DIGEST_SIZE]; + + /* Initialize */ + ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_Blake2bFinal(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Blake2bFinal(&blake, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Blake2bFinal(NULL, hash, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test good args. */ + ExpectIntEQ(wc_Blake2bFinal(&blake, hash, WC_BLAKE2B_DIGEST_SIZE), 0); +#endif + return EXPECT_RESULT(); +} + +#define BLAKE2B_KAT_CNT 7 +int test_wc_Blake2b_KATs(void) +{ + EXPECT_DECLS; +#ifdef HAVE_BLAKE2 + Blake2b blake; + + testVector blake2b_kat[BLAKE2B_KAT_CNT]; + byte hash[WC_BLAKE2B_DIGEST_SIZE]; + int i = 0; + + blake2b_kat[i].input = ""; + blake2b_kat[i].inLen = 0; + blake2b_kat[i].output = + "\x78\x6a\x02\xf7\x42\x01\x59\x03" + "\xc6\xc6\xfd\x85\x25\x52\xd2\x72" + "\x91\x2f\x47\x40\xe1\x58\x47\x61" + "\x8a\x86\xe2\x17\xf7\x1f\x54\x19" + "\xd2\x5e\x10\x31\xaf\xee\x58\x53" + "\x13\x89\x64\x44\x93\x4e\xb0\x4b" + "\x90\x3a\x68\x5b\x14\x48\xb7\x55" + "\xd5\x6f\x70\x1a\xfe\x9b\xe2\xce"; + blake2b_kat[i].outLen = 0; + i++; + blake2b_kat[i].input = "a"; + blake2b_kat[i].inLen = 1; + blake2b_kat[i].output = + "\x33\x3f\xcb\x4e\xe1\xaa\x7c\x11" + "\x53\x55\xec\x66\xce\xac\x91\x7c" + "\x8b\xfd\x81\x5b\xf7\x58\x7d\x32" + "\x5a\xec\x18\x64\xed\xd2\x4e\x34" + "\xd5\xab\xe2\xc6\xb1\xb5\xee\x3f" + "\xac\xe6\x2f\xed\x78\xdb\xef\x80" + "\x2f\x2a\x85\xcb\x91\xd4\x55\xa8" + "\xf5\x24\x9d\x33\x08\x53\xcb\x3c"; + blake2b_kat[i].outLen = 0; + i++; + blake2b_kat[i].input = "abc"; + blake2b_kat[i].inLen = 3; + blake2b_kat[i].output = + "\xba\x80\xa5\x3f\x98\x1c\x4d\x0d" + "\x6a\x27\x97\xb6\x9f\x12\xf6\xe9" + "\x4c\x21\x2f\x14\x68\x5a\xc4\xb7" + "\x4b\x12\xbb\x6f\xdb\xff\xa2\xd1" + "\x7d\x87\xc5\x39\x2a\xab\x79\x2d" + "\xc2\x52\xd5\xde\x45\x33\xcc\x95" + "\x18\xd3\x8a\xa8\xdb\xf1\x92\x5a" + "\xb9\x23\x86\xed\xd4\x00\x99\x23"; + blake2b_kat[i].outLen = 0; + i++; + blake2b_kat[i].input = "message digest"; + blake2b_kat[i].inLen = 14; + blake2b_kat[i].output = + "\x3c\x26\xce\x48\x7b\x1c\x0f\x06" + "\x23\x63\xaf\xa3\xc6\x75\xeb\xdb" + "\xf5\xf4\xef\x9b\xdc\x02\x2c\xfb" + "\xef\x91\xe3\x11\x1c\xdc\x28\x38" + "\x40\xd8\x33\x1f\xc3\x0a\x8a\x09" + "\x06\xcf\xf4\xbc\xdb\xcd\x23\x0c" + "\x61\xaa\xec\x60\xfd\xfa\xd4\x57" + "\xed\x96\xb7\x09\xa3\x82\x35\x9a"; + blake2b_kat[i].outLen = 0; + i++; + blake2b_kat[i].input = "abcdefghijklmnopqrstuvwxyz"; + blake2b_kat[i].inLen = 26; + blake2b_kat[i].output = + "\xc6\x8e\xde\x14\x3e\x41\x6e\xb7" + "\xb4\xaa\xae\x0d\x8e\x48\xe5\x5d" + "\xd5\x29\xea\xfe\xd1\x0b\x1d\xf1" + "\xa6\x14\x16\x95\x3a\x2b\x0a\x56" + "\x66\xc7\x61\xe7\xd4\x12\xe6\x70" + "\x9e\x31\xff\xe2\x21\xb7\xa7\xa7" + "\x39\x08\xcb\x95\xa4\xd1\x20\xb8" + "\xb0\x90\xa8\x7d\x1f\xbe\xdb\x4c"; + blake2b_kat[i].outLen = 0; + i++; + blake2b_kat[i].input = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789"; + blake2b_kat[i].inLen = 62; + blake2b_kat[i].output = + "\x99\x96\x48\x02\xe5\xc2\x5e\x70" + "\x37\x22\x90\x5d\x3f\xb8\x00\x46" + "\xb6\xbc\xa6\x98\xca\x9e\x2c\xc7" + "\xe4\x9b\x4f\xe1\xfa\x08\x7c\x2e" + "\xdf\x03\x12\xdf\xbb\x27\x5c\xf2" + "\x50\xa1\xe5\x42\xfd\x5d\xc2\xed" + "\xd3\x13\xf9\xc4\x91\x12\x7c\x2e" + "\x8c\x0c\x9b\x24\x16\x8e\x2d\x50"; + blake2b_kat[i].outLen = 0; + i++; + blake2b_kat[i].input = "1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890"; + blake2b_kat[i].inLen = 80; + blake2b_kat[i].output = + "\x68\x6f\x41\xec\x5a\xff\xf6\xe8" + "\x7e\x1f\x07\x6f\x54\x2a\xa4\x66" + "\x46\x6f\xf5\xfb\xde\x16\x2c\x48" + "\x48\x1b\xa4\x8a\x74\x8d\x84\x27" + "\x99\xf5\xb3\x0f\x5b\x67\xfc\x68" + "\x47\x71\xb3\x3b\x99\x42\x06\xd0" + "\x5c\xc3\x10\xf3\x19\x14\xed\xd7" + "\xb9\x7e\x41\x86\x0d\x77\xd2\x82"; + blake2b_kat[i].outLen = 0; + + for (i = 0; i < BLAKE2B_KAT_CNT; i++) { + /* Do KAT. */ + ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0); + ExpectIntEQ(wc_Blake2bUpdate(&blake, (byte*)blake2b_kat[i].input, + (word32)blake2b_kat[i].inLen), 0); + ExpectIntEQ(wc_Blake2bFinal(&blake, hash, WC_BLAKE2B_DIGEST_SIZE), 0); + ExpectBufEQ(hash, (byte*)blake2b_kat[i].output, WC_BLAKE2B_DIGEST_SIZE); + } +#endif + return EXPECT_RESULT(); +} + +int test_wc_Blake2b_other(void) +{ + EXPECT_DECLS; +#ifdef HAVE_BLAKE2 + Blake2b blake; + byte hash[WC_BLAKE2B_DIGEST_SIZE + 1]; + byte data[WC_BLAKE2B_DIGEST_SIZE * 8 + 1]; + int dataLen = WC_BLAKE2B_DIGEST_SIZE * 8; + const char* expHash = + "\xfb\xea\x44\x32\x0b\x4a\x40\x44" + "\xa0\xad\x54\x0c\x39\x62\xa6\x4d" + "\x2a\xc2\x08\x3f\xce\xb4\x1d\x71" + "\x77\x04\xa6\xfc\x38\xe5\xd9\x99" + "\xe6\x92\xf1\x9f\xe7\x21\x10\x94" + "\xe6\x08\xc1\x9c\x1d\xdf\x87\x11" + "\xfa\xf4\xe6\x7b\xf1\xe5\xc8\x12" + "\x55\x90\x05\x00\xfa\x0d\x61\x3d"; + int i; + int j; + + XMEMSET(data, 0xa5, sizeof(data)); + + /* Initialize */ + ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0); + + /* Unaligned input and output buffer. */ + ExpectIntEQ(wc_Blake2bUpdate(&blake, data + 1, dataLen), 0); + ExpectIntEQ(wc_Blake2bFinal(&blake, hash + 1, WC_BLAKE2B_DIGEST_SIZE), 0); + ExpectBufEQ(hash + 1, (byte*)expHash, WC_BLAKE2B_DIGEST_SIZE); + + /* Test that empty updates work. */ + ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0); + ExpectIntEQ(wc_Blake2bUpdate(&blake, NULL, 0), 0); + ExpectIntEQ(wc_Blake2bUpdate(&blake, (byte*)"", 0), 0); + ExpectIntEQ(wc_Blake2bUpdate(&blake, data, dataLen), 0); + ExpectIntEQ(wc_Blake2bFinal(&blake, hash, WC_BLAKE2B_DIGEST_SIZE), 0); + ExpectBufEQ(hash, (byte*)expHash, WC_BLAKE2B_DIGEST_SIZE); + + /* Ensure chunking works. */ + for (i = 1; i < dataLen; i++) { + ExpectIntEQ(wc_InitBlake2b(&blake, WC_BLAKE2B_DIGEST_SIZE), 0); + for (j = 0; j < dataLen; j += i) { + int len = dataLen - j; + if (i < len) + len = i; + ExpectIntEQ(wc_Blake2bUpdate(&blake, data + j, len), 0); + } + ExpectIntEQ(wc_Blake2bFinal(&blake, hash, WC_BLAKE2B_DIGEST_SIZE), 0); + ExpectBufEQ(hash, (byte*)expHash, WC_BLAKE2B_DIGEST_SIZE); + } +#endif + return EXPECT_RESULT(); +} + +/******************************************************************************* + * BLAKE2s + ******************************************************************************/ + +int test_wc_InitBlake2s(void) +{ + EXPECT_DECLS; +#ifdef HAVE_BLAKE2S + Blake2s blake; + + /* Test bad arg. */ + ExpectIntEQ(wc_InitBlake2s(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2s(NULL, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2s(&blake, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2s(&blake, 128), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2s(NULL, WC_BLAKE2S_DIGEST_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test good arg. */ + ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_InitBlake2s_WithKey(void) +{ + EXPECT_DECLS; +#ifdef HAVE_BLAKE2S + Blake2s blake; + word32 digestSz = BLAKE2S_KEYBYTES; + byte *key = (byte*)"01234567890123456789012345678901"; + word32 keylen = BLAKE2S_KEYBYTES; + + /* Test bad args. */ + ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, NULL, 256), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, NULL, 256), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, key, 256), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, NULL, keylen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, 256), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitBlake2s_WithKey(NULL, digestSz, key, keylen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test good arg. */ + ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, NULL, keylen), 0); + ExpectIntEQ(wc_InitBlake2s_WithKey(&blake, digestSz, key, keylen), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Blake2sUpdate(void) +{ + EXPECT_DECLS; +#ifdef HAVE_BLAKE2S + Blake2s blake; + + ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0); + + /* Pass in bad values. */ + ExpectIntEQ(wc_Blake2sUpdate(NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Blake2sUpdate(&blake, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Blake2sUpdate(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test good args. */ + ExpectIntEQ(wc_Blake2sUpdate(&blake, NULL, 0), 0); + ExpectIntEQ(wc_Blake2sUpdate(&blake, (byte*)"a", 1), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Blake2sFinal(void) +{ + EXPECT_DECLS; +#ifdef HAVE_BLAKE2S + Blake2s blake; + byte hash[WC_BLAKE2S_DIGEST_SIZE]; + + /* Initialize */ + ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_Blake2sFinal(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Blake2sFinal(&blake, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Blake2sFinal(NULL, hash, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test good args. */ + ExpectIntEQ(wc_Blake2sFinal(&blake, hash, WC_BLAKE2S_DIGEST_SIZE), 0); +#endif + return EXPECT_RESULT(); +} + +#define BLAKE2S_KAT_CNT 7 +int test_wc_Blake2s_KATs(void) +{ + EXPECT_DECLS; +#ifdef HAVE_BLAKE2S + Blake2s blake; + + testVector blake2s_kat[BLAKE2S_KAT_CNT]; + byte hash[WC_BLAKE2S_DIGEST_SIZE]; + int i = 0; + + blake2s_kat[i].input = ""; + blake2s_kat[i].inLen = 0; + blake2s_kat[i].output = + "\x69\x21\x7a\x30\x79\x90\x80\x94" + "\xe1\x11\x21\xd0\x42\x35\x4a\x7c" + "\x1f\x55\xb6\x48\x2c\xa1\xa5\x1e" + "\x1b\x25\x0d\xfd\x1e\xd0\xee\xf9"; + blake2s_kat[i].outLen = 0; + i++; + blake2s_kat[i].input = "a"; + blake2s_kat[i].inLen = 1; + blake2s_kat[i].output = + "\x4a\x0d\x12\x98\x73\x40\x30\x37" + "\xc2\xcd\x9b\x90\x48\x20\x36\x87" + "\xf6\x23\x3f\xb6\x73\x89\x56\xe0" + "\x34\x9b\xd4\x32\x0f\xec\x3e\x90"; + blake2s_kat[i].outLen = 0; + i++; + blake2s_kat[i].input = "abc"; + blake2s_kat[i].inLen = 3; + blake2s_kat[i].output = + "\x50\x8c\x5e\x8c\x32\x7c\x14\xe2" + "\xe1\xa7\x2b\xa3\x4e\xeb\x45\x2f" + "\x37\x45\x8b\x20\x9e\xd6\x3a\x29" + "\x4d\x99\x9b\x4c\x86\x67\x59\x82"; + blake2s_kat[i].outLen = 0; + i++; + blake2s_kat[i].input = "message digest"; + blake2s_kat[i].inLen = 14; + blake2s_kat[i].output = + "\xfa\x10\xab\x77\x5a\xcf\x89\xb7" + "\xd3\xc8\xa6\xe8\x23\xd5\x86\xf6" + "\xb6\x7b\xdb\xac\x4c\xe2\x07\xfe" + "\x14\x5b\x7d\x3a\xc2\x5c\xd2\x8c"; + blake2s_kat[i].outLen = 0; + i++; + blake2s_kat[i].input = "abcdefghijklmnopqrstuvwxyz"; + blake2s_kat[i].inLen = 26; + blake2s_kat[i].output = + "\xbd\xf8\x8e\xb1\xf8\x6a\x0c\xdf" + "\x0e\x84\x0b\xa8\x8f\xa1\x18\x50" + "\x83\x69\xdf\x18\x6c\x73\x55\xb4" + "\xb1\x6c\xf7\x9f\xa2\x71\x0a\x12"; + blake2s_kat[i].outLen = 0; + i++; + blake2s_kat[i].input = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789"; + blake2s_kat[i].inLen = 62; + blake2s_kat[i].output = + "\xc7\x54\x39\xea\x17\xe1\xde\x6f" + "\xa4\x51\x0c\x33\x5d\xc3\xd3\xf3" + "\x43\xe6\xf9\xe1\xce\x27\x73\xe2" + "\x5b\x41\x74\xf1\xdf\x8b\x11\x9b"; + blake2s_kat[i].outLen = 0; + i++; + blake2s_kat[i].input = "1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890"; + blake2s_kat[i].inLen = 80; + blake2s_kat[i].output = + "\xfd\xae\xdb\x29\x0a\x0d\x5a\xf9" + "\x87\x08\x64\xfe\xc2\xe0\x90\x20" + "\x09\x89\xdc\x9c\xd5\x3a\x3c\x09" + "\x21\x29\xe8\x53\x5e\x8b\x4f\x66"; + blake2s_kat[i].outLen = 0; + + for (i = 0; i < BLAKE2S_KAT_CNT; i++) { + /* Do KAT. */ + ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0); + ExpectIntEQ(wc_Blake2sUpdate(&blake, (byte*)blake2s_kat[i].input, + (word32)blake2s_kat[i].inLen), 0); + ExpectIntEQ(wc_Blake2sFinal(&blake, hash, WC_BLAKE2S_DIGEST_SIZE), 0); + ExpectBufEQ(hash, (byte*)blake2s_kat[i].output, WC_BLAKE2S_DIGEST_SIZE); + } +#endif + return EXPECT_RESULT(); +} + +int test_wc_Blake2s_other(void) +{ + EXPECT_DECLS; +#ifdef HAVE_BLAKE2S + Blake2s blake; + byte hash[WC_BLAKE2S_DIGEST_SIZE + 1]; + byte data[WC_BLAKE2S_DIGEST_SIZE * 8 + 1]; + int dataLen = WC_BLAKE2S_DIGEST_SIZE * 8; + const char* expHash = + "\x30\x1c\x41\x93\xd0\x63\x99\xeb" + "\x17\x68\x7a\xfb\xba\x58\x47\x33" + "\xad\x62\xea\x91\x77\x20\xf0\x72" + "\x11\xe3\x9e\x29\xe9\xc8\x24\x59"; + int i; + int j; + + XMEMSET(data, 0xa5, sizeof(data)); + + /* Initialize */ + ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0); + + /* Unaligned input and output buffer. */ + ExpectIntEQ(wc_Blake2sUpdate(&blake, data + 1, dataLen), 0); + ExpectIntEQ(wc_Blake2sFinal(&blake, hash + 1, WC_BLAKE2S_DIGEST_SIZE), 0); + ExpectBufEQ(hash + 1, (byte*)expHash, WC_BLAKE2S_DIGEST_SIZE); + + /* Test that empty updates work. */ + ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0); + ExpectIntEQ(wc_Blake2sUpdate(&blake, NULL, 0), 0); + ExpectIntEQ(wc_Blake2sUpdate(&blake, (byte*)"", 0), 0); + ExpectIntEQ(wc_Blake2sUpdate(&blake, data, dataLen), 0); + ExpectIntEQ(wc_Blake2sFinal(&blake, hash, WC_BLAKE2S_DIGEST_SIZE), 0); + ExpectBufEQ(hash, (byte*)expHash, WC_BLAKE2S_DIGEST_SIZE); + + /* Ensure chunking works. */ + for (i = 1; i < dataLen; i++) { + ExpectIntEQ(wc_InitBlake2s(&blake, WC_BLAKE2S_DIGEST_SIZE), 0); + for (j = 0; j < dataLen; j += i) { + int len = dataLen - j; + if (i < len) + len = i; + ExpectIntEQ(wc_Blake2sUpdate(&blake, data + j, len), 0); + } + ExpectIntEQ(wc_Blake2sFinal(&blake, hash, WC_BLAKE2S_DIGEST_SIZE), 0); + ExpectBufEQ(hash, (byte*)expHash, WC_BLAKE2S_DIGEST_SIZE); + } +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_blake2.h b/test/ssl/wolfssl/tests/api/test_blake2.h new file mode 100644 index 000000000..c549ee36a --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_blake2.h @@ -0,0 +1,57 @@ +/* test_blake2.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_BLAKE2_H +#define WOLFCRYPT_TEST_BLAKE2_H + +#include + +int test_wc_InitBlake2b(void); +int test_wc_InitBlake2b_WithKey(void); +int test_wc_Blake2bUpdate(void); +int test_wc_Blake2bFinal(void); +int test_wc_Blake2b_KATs(void); +int test_wc_Blake2b_other(void); + +int test_wc_InitBlake2s(void); +int test_wc_InitBlake2s_WithKey(void); +int test_wc_Blake2sUpdate(void); +int test_wc_Blake2sFinal(void); +int test_wc_Blake2s_KATs(void); +int test_wc_Blake2s_other(void); + +#define TEST_BLAKE2B_DECLS \ + TEST_DECL_GROUP("blake2b", test_wc_InitBlake2b), \ + TEST_DECL_GROUP("blake2b", test_wc_InitBlake2b_WithKey), \ + TEST_DECL_GROUP("blake2b", test_wc_Blake2bUpdate), \ + TEST_DECL_GROUP("blake2b", test_wc_Blake2bFinal), \ + TEST_DECL_GROUP("blake2b", test_wc_Blake2b_KATs), \ + TEST_DECL_GROUP("blake2b", test_wc_Blake2b_other) + +#define TEST_BLAKE2S_DECLS \ + TEST_DECL_GROUP("blake2s", test_wc_InitBlake2s), \ + TEST_DECL_GROUP("blake2s", test_wc_InitBlake2s_WithKey), \ + TEST_DECL_GROUP("blake2s", test_wc_Blake2sUpdate), \ + TEST_DECL_GROUP("blake2s", test_wc_Blake2sFinal), \ + TEST_DECL_GROUP("blake2s", test_wc_Blake2s_KATs), \ + TEST_DECL_GROUP("blake2s", test_wc_Blake2s_other) + +#endif /* WOLFCRYPT_TEST_BLAKE2_H */ diff --git a/test/ssl/wolfssl/tests/api/test_camellia.c b/test/ssl/wolfssl/tests/api/test_camellia.c new file mode 100644 index 000000000..24e3424f6 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_camellia.c @@ -0,0 +1,216 @@ +/* test_camellia.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/* + * testing wc_CamelliaSetKey + */ +int test_wc_CamelliaSetKey(void) +{ + EXPECT_DECLS; +#ifdef HAVE_CAMELLIA + wc_Camellia camellia; + /*128-bit key*/ + static const byte key16[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + /* 192-bit key */ + static const byte key24[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 + }; + /* 256-bit key */ + static const byte key32[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff + }; + static const byte iv[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }; + + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), iv), + 0); + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key16, (word32)sizeof(key16), + NULL), 0); + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv), + 0); + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), + NULL), 0); + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32), iv), + 0); + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key32, (word32)sizeof(key32), + NULL), 0); + + /* Bad args. */ + ExpectIntEQ(wc_CamelliaSetKey(NULL, key32, (word32)sizeof(key32), iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_CameliaSetKey */ + +/* + * Testing wc_CamelliaSetIV() + */ +int test_wc_CamelliaSetIV(void) +{ + EXPECT_DECLS; +#ifdef HAVE_CAMELLIA + wc_Camellia camellia; + static const byte iv[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }; + + ExpectIntEQ(wc_CamelliaSetIV(&camellia, iv), 0); + ExpectIntEQ(wc_CamelliaSetIV(&camellia, NULL), 0); + + /* Bad args. */ + ExpectIntEQ(wc_CamelliaSetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaSetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_CamelliaSetIV*/ + +/* + * Test wc_CamelliaEncryptDirect and wc_CamelliaDecryptDirect + */ +int test_wc_CamelliaEncryptDecryptDirect(void) +{ + EXPECT_DECLS; +#ifdef HAVE_CAMELLIA + wc_Camellia camellia; + static const byte key24[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 + }; + static const byte iv[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }; + static const byte plainT[] = { + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, + 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A + }; + byte enc[sizeof(plainT)]; + byte dec[sizeof(enc)]; + + /* Init stack variables.*/ + XMEMSET(enc, 0, 16); + XMEMSET(enc, 0, 16); + + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), iv), + 0); + ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, plainT), 0); + ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, enc), 0); + ExpectIntEQ(XMEMCMP(plainT, dec, WC_CAMELLIA_BLOCK_SIZE), 0); + + /* Pass bad args. */ + ExpectIntEQ(wc_CamelliaEncryptDirect(NULL, enc, plainT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, NULL, plainT), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaEncryptDirect(&camellia, enc, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_CamelliaDecryptDirect(NULL, dec, enc), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, NULL, enc), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaDecryptDirect(&camellia, dec, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test-wc_CamelliaEncryptDecryptDirect */ + +/* + * Testing wc_CamelliaCbcEncrypt and wc_CamelliaCbcDecrypt + */ +int test_wc_CamelliaCbcEncryptDecrypt(void) +{ + EXPECT_DECLS; +#ifdef HAVE_CAMELLIA + wc_Camellia camellia; + static const byte key24[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 + }; + static const byte plainT[] = { + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, + 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A + }; + byte enc[WC_CAMELLIA_BLOCK_SIZE]; + byte dec[WC_CAMELLIA_BLOCK_SIZE]; + + /* Init stack variables. */ + XMEMSET(enc, 0, WC_CAMELLIA_BLOCK_SIZE); + XMEMSET(enc, 0, WC_CAMELLIA_BLOCK_SIZE); + + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), + NULL), 0); + ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, plainT, + WC_CAMELLIA_BLOCK_SIZE), 0); + + ExpectIntEQ(wc_CamelliaSetKey(&camellia, key24, (word32)sizeof(key24), + NULL), 0); + ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, enc, + WC_CAMELLIA_BLOCK_SIZE), + 0); + ExpectIntEQ(XMEMCMP(plainT, dec, WC_CAMELLIA_BLOCK_SIZE), 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_CamelliaCbcEncrypt(NULL, enc, plainT, + WC_CAMELLIA_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, NULL, plainT, + WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaCbcEncrypt(&camellia, enc, NULL, + WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_CamelliaCbcDecrypt(NULL, dec, enc, WC_CAMELLIA_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, NULL, enc, + WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CamelliaCbcDecrypt(&camellia, dec, NULL, + WC_CAMELLIA_BLOCK_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_CamelliaCbcEncryptDecrypt */ + diff --git a/test/ssl/wolfssl/tests/api/test_camellia.h b/test/ssl/wolfssl/tests/api/test_camellia.h new file mode 100644 index 000000000..76323d1eb --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_camellia.h @@ -0,0 +1,38 @@ +/* test_camellia.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_CAMELLIA_H +#define WOLFCRYPT_TEST_CAMELLIA_H + +#include + +int test_wc_CamelliaSetKey(void); +int test_wc_CamelliaSetIV(void); +int test_wc_CamelliaEncryptDecryptDirect(void); +int test_wc_CamelliaCbcEncryptDecrypt(void); + +#define TEST_CAMELLIA_DECLS \ + TEST_DECL_GROUP("camellia", test_wc_CamelliaSetKey), \ + TEST_DECL_GROUP("camellia", test_wc_CamelliaSetIV), \ + TEST_DECL_GROUP("camellia", test_wc_CamelliaEncryptDecryptDirect), \ + TEST_DECL_GROUP("camellia", test_wc_CamelliaCbcEncryptDecrypt) + +#endif /* WOLFCRYPT_TEST_CAMELLIA_H */ diff --git a/test/ssl/wolfssl/tests/api/test_chacha.c b/test/ssl/wolfssl/tests/api/test_chacha.c new file mode 100644 index 000000000..5a843a7e9 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_chacha.c @@ -0,0 +1,188 @@ +/* test_chacha.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/* + * Testing wc_Chacha_SetKey() and wc_Chacha_SetIV() + */ +int test_wc_Chacha_SetKey(void) +{ + EXPECT_DECLS; +#ifdef HAVE_CHACHA + ChaCha ctx; + const byte key[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }; + word32 keySz = (word32)(sizeof(key)/sizeof(byte)); + byte cipher[128]; + + XMEMSET(cipher, 0, sizeof(cipher)); + ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, keySz), 0); + /* Test bad args. */ + ExpectIntEQ(wc_Chacha_SetKey(NULL, key, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Chacha_SetKey(&ctx, key, 18), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_Chacha_SetIV(&ctx, cipher, 0), 0); + /* Test bad args. */ + ExpectIntEQ(wc_Chacha_SetIV(NULL, cipher, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Chacha_SetKey */ + +/* + * Testing wc_Chacha_Process() + */ +int test_wc_Chacha_Process(void) +{ + EXPECT_DECLS; +#ifdef HAVE_CHACHA + ChaCha enc, dec; + byte cipher[128]; + byte plain[128]; + const byte key[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }; + const char* input = "Everybody gets Friday off."; + word32 keySz = sizeof(key)/sizeof(byte); + unsigned long int inlen = XSTRLEN(input); + + /* Initialize stack variables. */ + XMEMSET(cipher, 0, 128); + XMEMSET(plain, 0, 128); + + ExpectIntEQ(wc_Chacha_SetKey(&enc, key, keySz), 0); + ExpectIntEQ(wc_Chacha_SetKey(&dec, key, keySz), 0); + ExpectIntEQ(wc_Chacha_SetIV(&enc, cipher, 0), 0); + ExpectIntEQ(wc_Chacha_SetIV(&dec, cipher, 0), 0); + + ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input, (word32)inlen), + 0); + ExpectIntEQ(wc_Chacha_Process(&dec, plain, cipher, (word32)inlen), 0); + ExpectIntEQ(XMEMCMP(input, plain, inlen), 0); + +#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM) + /* test checking and using leftovers, currently just in C code */ + ExpectIntEQ(wc_Chacha_SetIV(&enc, cipher, 0), 0); + ExpectIntEQ(wc_Chacha_SetIV(&dec, cipher, 0), 0); + + ExpectIntEQ(wc_Chacha_Process(&enc, cipher, (byte*)input, + (word32)inlen - 2), 0); + ExpectIntEQ(wc_Chacha_Process(&enc, cipher + (inlen - 2), + (byte*)input + (inlen - 2), 2), 0); + ExpectIntEQ(wc_Chacha_Process(&dec, plain, (byte*)cipher, + (word32)inlen - 2), 0); + ExpectIntEQ(wc_Chacha_Process(&dec, cipher + (inlen - 2), + (byte*)input + (inlen - 2), 2), 0); + ExpectIntEQ(XMEMCMP(input, plain, inlen), 0); + + /* check edge cases with counter increment */ + { + /* expected results collected from wolfSSL 4.3.0 encrypted in one call*/ + const byte expected[] = { + 0x54,0xB1,0xE2,0xD4,0xA2,0x4D,0x52,0x5F, + 0x42,0x04,0x89,0x7C,0x6E,0x2D,0xFC,0x2D, + 0x10,0x25,0xB6,0x92,0x71,0xD5,0xC3,0x20, + 0xE3,0x0E,0xEC,0xF4,0xD8,0x10,0x70,0x29, + 0x2D,0x4C,0x2A,0x56,0x21,0xE1,0xC7,0x37, + 0x0B,0x86,0xF5,0x02,0x8C,0xB8,0xB8,0x38, + 0x41,0xFD,0xDF,0xD9,0xC3,0xE6,0xC8,0x88, + 0x06,0x82,0xD4,0x80,0x6A,0x50,0x69,0xD5, + 0xB9,0xB0,0x2F,0x44,0x36,0x5D,0xDA,0x5E, + 0xDE,0xF6,0xF5,0xFC,0x44,0xDC,0x07,0x51, + 0xA7,0x32,0x42,0xDB,0xCC,0xBD,0xE2,0xE5, + 0x0B,0xB1,0x14,0xFF,0x12,0x80,0x16,0x43, + 0xE7,0x40,0xD5,0xEA,0xC7,0x3F,0x69,0x07, + 0x64,0xD4,0x86,0x6C,0xE2,0x1F,0x8F,0x6E, + 0x35,0x41,0xE7,0xD3,0xB5,0x5D,0xD6,0xD4, + 0x9F,0x00,0xA9,0xAE,0x3D,0x28,0xA5,0x37, + 0x80,0x3D,0x11,0x25,0xE2,0xB6,0x99,0xD9, + 0x9B,0x98,0xE9,0x37,0xB9,0xF8,0xA0,0x04, + 0xDF,0x13,0x49,0x3F,0x19,0x6A,0x45,0x06, + 0x21,0xB4,0xC7,0x3B,0x49,0x45,0xB4,0xC8, + 0x03,0x5B,0x43,0x89,0xBD,0xB3,0x96,0x4B, + 0x17,0x6F,0x85,0xC6,0xCF,0xA6,0x05,0x35, + 0x1E,0x25,0x03,0xBB,0x55,0x0A,0xD5,0x54, + 0x41,0xEA,0xEB,0x50,0x40,0x1B,0x43,0x19, + 0x59,0x1B,0x0E,0x12,0x3E,0xA2,0x71,0xC3, + 0x1A,0xA7,0x11,0x50,0x43,0x9D,0x56,0x3B, + 0x63,0x2F,0x63,0xF1,0x8D,0xAE,0xF3,0x23, + 0xFA,0x1E,0xD8,0x6A,0xE1,0xB2,0x4B,0xF3, + 0xB9,0x13,0x7A,0x72,0x2B,0x6D,0xCC,0x41, + 0x1C,0x69,0x7C,0xCD,0x43,0x6F,0xE4,0xE2, + 0x38,0x99,0xFB,0xC3,0x38,0x92,0x62,0x35, + 0xC0,0x1D,0x60,0xE4,0x4B,0xDD,0x0C,0x14 + }; + const byte iv2[] = { + 0x9D,0xED,0xE7,0x0F,0xEC,0x81,0x51,0xD9, + 0x77,0x39,0x71,0xA6,0x21,0xDF,0xB8,0x93 + }; + byte input2[256]; + int i; + + for (i = 0; i < 256; i++) + input2[i] = (byte)i; + + ExpectIntEQ(wc_Chacha_SetIV(&enc, iv2, 0), 0); + + ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2, 64), 0); + ExpectIntEQ(XMEMCMP(expected, cipher, 64), 0); + + ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 64, 128), 0); + ExpectIntEQ(XMEMCMP(expected + 64, cipher, 128), 0); + + /* partial */ + ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 192, 32), 0); + ExpectIntEQ(XMEMCMP(expected + 192, cipher, 32), 0); + + ExpectIntEQ(wc_Chacha_Process(&enc, cipher, input2 + 224, 32), 0); + ExpectIntEQ(XMEMCMP(expected + 224, cipher, 32), 0); + } +#endif + + /* Test bad args. */ + ExpectIntEQ(wc_Chacha_Process(NULL, cipher, (byte*)input, (word32)inlen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Chacha_Process */ + diff --git a/test/ssl/wolfssl/tests/api/test_chacha.h b/test/ssl/wolfssl/tests/api/test_chacha.h new file mode 100644 index 000000000..d9146775e --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_chacha.h @@ -0,0 +1,34 @@ +/* test_chacha.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_CHACHA_H +#define WOLFCRYPT_TEST_CHACHA_H + +#include + +int test_wc_Chacha_SetKey(void); +int test_wc_Chacha_Process(void); + +#define TEST_CHACHA_DECLS \ + TEST_DECL_GROUP("chacha", test_wc_Chacha_SetKey), \ + TEST_DECL_GROUP("chacha", test_wc_Chacha_Process) + +#endif /* WOLFCRYPT_TEST_CHACHA_H */ diff --git a/test/ssl/wolfssl/tests/api/test_chacha20_poly1305.c b/test/ssl/wolfssl/tests/api/test_chacha20_poly1305.c new file mode 100644 index 000000000..7ac7119da --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_chacha20_poly1305.c @@ -0,0 +1,156 @@ +/* test_chacha20_poly1305.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/* + * Testing wc_ChaCha20Poly1305_Encrypt() and wc_ChaCha20Poly1305_Decrypt() + */ +int test_wc_ChaCha20Poly1305_aead(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + const byte key[] = { + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f + }; + const byte plaintext[] = { + 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, + 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, + 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, + 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, + 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, + 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, + 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, + 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, + 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, + 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, + 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, + 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, + 0x74, 0x2e + }; + const byte iv[] = { + 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, + 0x44, 0x45, 0x46, 0x47 + }; + const byte aad[] = { /* additional data */ + 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, + 0xc4, 0xc5, 0xc6, 0xc7 + }; + const byte cipher[] = { /* expected output from operation */ + 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, + 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2, + 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, + 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, + 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12, + 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, + 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, + 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36, + 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, + 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, + 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94, + 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, + 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, + 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b, + 0x61, 0x16 + }; + const byte authTag[] = { /* expected output from operation */ + 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a, + 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91 + }; + byte generatedCiphertext[272]; + byte generatedPlaintext[272]; + byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; + + /* Initialize stack variables. */ + XMEMSET(generatedCiphertext, 0, 272); + XMEMSET(generatedPlaintext, 0, 272); + + /* Test Encrypt */ + ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), + plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag), + 0); + ExpectIntEQ(XMEMCMP(generatedCiphertext, cipher, + sizeof(cipher)/sizeof(byte)), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(NULL, iv, aad, sizeof(aad), + plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, NULL, aad, sizeof(aad), + plaintext, sizeof(plaintext), generatedCiphertext, generatedAuthTag), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), NULL, + sizeof(plaintext), generatedCiphertext, generatedAuthTag), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), + NULL, sizeof(plaintext), generatedCiphertext, generatedAuthTag), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), + plaintext, sizeof(plaintext), NULL, generatedAuthTag), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Encrypt(key, iv, aad, sizeof(aad), + plaintext, sizeof(plaintext), generatedCiphertext, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher, + sizeof(cipher), authTag, generatedPlaintext), 0); + ExpectIntEQ(XMEMCMP(generatedPlaintext, plaintext, + sizeof(plaintext)/sizeof(byte)), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(NULL, iv, aad, sizeof(aad), cipher, + sizeof(cipher), authTag, generatedPlaintext), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, NULL, aad, sizeof(aad), + cipher, sizeof(cipher), authTag, generatedPlaintext), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL, + sizeof(cipher), authTag, generatedPlaintext), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher, + sizeof(cipher), NULL, generatedPlaintext), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), cipher, + sizeof(cipher), authTag, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ChaCha20Poly1305_Decrypt(key, iv, aad, sizeof(aad), NULL, + sizeof(cipher), authTag, generatedPlaintext), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ChaCha20Poly1305_aead */ + diff --git a/test/ssl/wolfssl/tests/api/test_chacha20_poly1305.h b/test/ssl/wolfssl/tests/api/test_chacha20_poly1305.h new file mode 100644 index 000000000..3ee5ddd1a --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_chacha20_poly1305.h @@ -0,0 +1,32 @@ +/* test_chacha20_poly1305.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_CHACHA20_POLY1305_H +#define WOLFCRYPT_TEST_CHACHA20_POLY1305_H + +#include + +int test_wc_ChaCha20Poly1305_aead(void); + +#define TEST_CHACHA20_POLY1305_DECLS \ + TEST_DECL_GROUP("chacha20-poly1305", test_wc_ChaCha20Poly1305_aead) + +#endif /* WOLFCRYPT_TEST_CHACHA20_POLY1305_H */ diff --git a/test/ssl/wolfssl/tests/api/test_cmac.c b/test/ssl/wolfssl/tests/api/test_cmac.c new file mode 100644 index 000000000..c9cdc9804 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_cmac.c @@ -0,0 +1,251 @@ +/* test_cmac.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/* + * Testing wc_InitCmac() + */ +int test_wc_InitCmac(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) + Cmac cmac1; + Cmac cmac2; + Cmac cmac3; + /* AES 128 key. */ + byte key1[] = "\x01\x02\x03\x04\x05\x06\x07\x08" + "\x09\x10\x11\x12\x13\x14\x15\x16"; + /* AES 192 key. */ + byte key2[] = "\x01\x02\x03\x04\x05\x06\x07\x08" + "\x09\x01\x11\x12\x13\x14\x15\x16" + "\x01\x02\x03\x04\x05\x06\x07\x08"; + /* AES 256 key. */ + byte key3[] = "\x01\x02\x03\x04\x05\x06\x07\x08" + "\x09\x01\x11\x12\x13\x14\x15\x16" + "\x01\x02\x03\x04\x05\x06\x07\x08" + "\x09\x01\x11\x12\x13\x14\x15\x16"; + word32 key1Sz = (word32)sizeof(key1) - 1; + word32 key2Sz = (word32)sizeof(key2) - 1; + word32 key3Sz = (word32)sizeof(key3) - 1; + int type = WC_CMAC_AES; + + (void)key1; + (void)key1Sz; + (void)key2; + (void)key2Sz; + + XMEMSET(&cmac1, 0, sizeof(Cmac)); + XMEMSET(&cmac2, 0, sizeof(Cmac)); + XMEMSET(&cmac3, 0, sizeof(Cmac)); + +#ifdef WOLFSSL_AES_128 + ExpectIntEQ(wc_InitCmac(&cmac1, key1, key1Sz, type, NULL), 0); +#endif +#ifdef WOLFSSL_AES_192 + wc_AesFree(&cmac1.aes); + ExpectIntEQ(wc_InitCmac(&cmac2, key2, key2Sz, type, NULL), 0); +#endif +#ifdef WOLFSSL_AES_256 + wc_AesFree(&cmac2.aes); + ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, type, NULL), 0); +#endif + + wc_AesFree(&cmac3.aes); + /* Test bad args. */ + ExpectIntEQ(wc_InitCmac(NULL, key3, key3Sz, type, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitCmac(&cmac3, NULL, key3Sz, type, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitCmac(&cmac3, key3, 0, type, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitCmac(&cmac3, key3, key3Sz, 0, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_InitCmac */ + +/* + * Testing wc_CmacUpdate() + */ +int test_wc_CmacUpdate(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) + Cmac cmac; + byte key[] = { + 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55, + 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27 + }; + byte in[] = "\xe2\xb4\xb6\xf9\x48\x44\x02\x64" + "\x5c\x47\x80\x9e\xd5\xa8\x3a\x17" + "\xb3\x78\xcf\x85\x22\x41\x74\xd9" + "\xa0\x97\x39\x71\x62\xf1\x8e\x8f" + "\xf4"; + word32 inSz = (word32)sizeof(in) - 1; + word32 keySz = (word32)sizeof(key); + int type = WC_CMAC_AES; + + XMEMSET(&cmac, 0, sizeof(Cmac)); + + ExpectIntEQ(wc_InitCmac(&cmac, key, keySz, type, NULL), 0); + ExpectIntEQ(wc_CmacUpdate(&cmac, in, inSz), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_CmacUpdate(NULL, in, inSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CmacUpdate(&cmac, NULL, 30), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + wc_AesFree(&cmac.aes); +#endif + return EXPECT_RESULT(); +} /* END test_wc_CmacUpdate */ + +/* + * Testing wc_CmacFinal() + */ +int test_wc_CmacFinal(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) + Cmac cmac; + byte key[] = { + 0x64, 0x4c, 0xbf, 0x12, 0x85, 0x9d, 0xf0, 0x55, + 0x7e, 0xa9, 0x1f, 0x08, 0xe0, 0x51, 0xff, 0x27 + }; + byte msg[] = { + 0xe2, 0xb4, 0xb6, 0xf9, 0x48, 0x44, 0x02, 0x64, + 0x5c, 0x47, 0x80, 0x9e, 0xd5, 0xa8, 0x3a, 0x17, + 0xb3, 0x78, 0xcf, 0x85, 0x22, 0x41, 0x74, 0xd9, + 0xa0, 0x97, 0x39, 0x71, 0x62, 0xf1, 0x8e, 0x8f, + 0xf4 + }; + /* Test vectors from CMACGenAES128.rsp from + * http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html#cmac + * Per RFC4493 truncation of lsb is possible. + */ + byte expMac[] = { + 0x4e, 0x6e, 0xc5, 0x6f, 0xf9, 0x5d, 0x0e, 0xae, + 0x1c, 0xf8, 0x3e, 0xfc, 0xf4, 0x4b, 0xeb + }; + byte mac[WC_AES_BLOCK_SIZE]; + word32 msgSz = (word32)sizeof(msg); + word32 keySz = (word32)sizeof(key); + word32 macSz = sizeof(mac); + word32 badMacSz = 17; + int expMacSz = sizeof(expMac); + int type = WC_CMAC_AES; + + XMEMSET(&cmac, 0, sizeof(Cmac)); + XMEMSET(mac, 0, macSz); + + ExpectIntEQ(wc_InitCmac(&cmac, key, keySz, type, NULL), 0); + ExpectIntEQ(wc_CmacUpdate(&cmac, msg, msgSz), 0); + +#if (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) + /* Pass in bad args. */ + ExpectIntEQ(wc_CmacFinalNoFree(NULL, mac, &macSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CmacFinalNoFree(&cmac, NULL, &macSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CmacFinalNoFree(&cmac, mac, &badMacSz), + WC_NO_ERR_TRACE(BUFFER_E)); + + /* For the last call, use the API with implicit wc_CmacFree(). */ + ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0); + ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0); +#else /* !HAVE_FIPS || FIPS>=5.3 */ + ExpectIntEQ(wc_CmacFinal(&cmac, mac, &macSz), 0); + ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_CmacFinal(NULL, mac, &macSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CmacFinal(&cmac, NULL, &macSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CmacFinal(&cmac, mac, &badMacSz), WC_NO_ERR_TRACE(BUFFER_E)); +#endif /* !HAVE_FIPS || FIPS>=5.3 */ +#endif + return EXPECT_RESULT(); +} /* END test_wc_CmacFinal */ + +/* + * Testing wc_AesCmacGenerate() && wc_AesCmacVerify() + */ +int test_wc_AesCmacGenerate(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) && defined(WOLFSSL_AES_128) + byte key[] = { + 0x26, 0xef, 0x8b, 0x40, 0x34, 0x11, 0x7d, 0x9e, + 0xbe, 0xc0, 0xc7, 0xfc, 0x31, 0x08, 0x54, 0x69 + }; + byte msg[] = "\x18\x90\x49\xef\xfd\x7c\xf9\xc8" + "\xf3\x59\x65\xbc\xb0\x97\x8f\xd4"; + byte expMac[] = "\x29\x5f\x2f\x71\xfc\x58\xe6\xf6" + "\x3d\x32\x65\x4c\x66\x23\xc5"; + byte mac[WC_AES_BLOCK_SIZE]; + word32 keySz = sizeof(key); + word32 macSz = sizeof(mac); + word32 msgSz = sizeof(msg) - 1; + word32 expMacSz = sizeof(expMac) - 1; + + XMEMSET(mac, 0, macSz); + + ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, keySz), 0); + ExpectIntEQ(XMEMCMP(mac, expMac, expMacSz), 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_AesCmacGenerate(NULL, &macSz, msg, msgSz, key, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, NULL, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, msg, msgSz, key, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCmacGenerate(mac, &macSz, NULL, msgSz, key, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, keySz), 0); + /* Test bad args. */ + ExpectIntEQ(wc_AesCmacVerify(NULL, macSz, msg, msgSz, key, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCmacVerify(mac, 0, msg, msgSz, key, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, NULL, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCmacVerify(mac, macSz, msg, msgSz, key, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_AesCmacVerify(mac, macSz, NULL, msgSz, key, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_AesCmacGenerate */ + diff --git a/test/ssl/wolfssl/tests/api/test_cmac.h b/test/ssl/wolfssl/tests/api/test_cmac.h new file mode 100644 index 000000000..a9c69a487 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_cmac.h @@ -0,0 +1,38 @@ +/* test_cmac.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_CMAC_H +#define WOLFCRYPT_TEST_CMAC_H + +#include + +int test_wc_InitCmac(void); +int test_wc_CmacUpdate(void); +int test_wc_CmacFinal(void); +int test_wc_AesCmacGenerate(void); + +#define TEST_CMAC_DECLS \ + TEST_DECL_GROUP("cmac", test_wc_InitCmac), \ + TEST_DECL_GROUP("cmac", test_wc_CmacUpdate), \ + TEST_DECL_GROUP("cmac", test_wc_CmacFinal), \ + TEST_DECL_GROUP("cmac", test_wc_AesCmacGenerate) + +#endif /* WOLFCRYPT_TEST_CMAC_H */ diff --git a/test/ssl/wolfssl/tests/api/test_curve25519.c b/test/ssl/wolfssl/tests/api/test_curve25519.c new file mode 100644 index 000000000..e2bc93569 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_curve25519.c @@ -0,0 +1,549 @@ +/* test_curve25519.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + + +/* + * Testing wc_curve25519_init and wc_curve25519_free. + */ +int test_wc_curve25519_init(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE25519) + curve25519_key key; + + ExpectIntEQ(wc_curve25519_init(&key), 0); + /* Test bad args for wc_curve25519_init */ + ExpectIntEQ(wc_curve25519_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test good args for wc_curve_25519_free */ + wc_curve25519_free(&key); + /* Test bad args for wc_curve25519 free. */ + wc_curve25519_free(NULL); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve25519_init and wc_curve_25519_free */ +/* + * Testing test_wc_curve25519_size. + */ +int test_wc_curve25519_size(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE25519) + curve25519_key key; + + ExpectIntEQ(wc_curve25519_init(&key), 0); + + /* Test good args for wc_curve25519_size */ + ExpectIntEQ(wc_curve25519_size(&key), CURVE25519_KEYSIZE); + /* Test bad args for wc_curve25519_size */ + ExpectIntEQ(wc_curve25519_size(NULL), 0); + + wc_curve25519_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve25519_size */ + +/* + * Testing test_wc_curve25519_export_key_raw(). + */ +int test_wc_curve25519_export_key_raw(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT) + curve25519_key key; + WC_RNG rng; + byte privateKey[CURVE25519_KEYSIZE]; + byte publicKey[CURVE25519_KEYSIZE]; + word32 prvkSz; + word32 pubkSz; + byte prik[CURVE25519_KEYSIZE]; + byte pubk[CURVE25519_KEYSIZE]; + word32 prksz; + word32 pbksz; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_curve25519_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0); + + /* bad-argument-test cases - target function should return BAD_FUNC_ARG */ + prvkSz = CURVE25519_KEYSIZE; + pubkSz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_key_raw(NULL, privateKey, &prvkSz, + publicKey, &pubkSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + prvkSz = CURVE25519_KEYSIZE; + pubkSz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_key_raw(&key, NULL, &prvkSz, publicKey, + &pubkSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + prvkSz = CURVE25519_KEYSIZE; + pubkSz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, NULL, + publicKey, &pubkSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* prvkSz = CURVE25519_KEYSIZE; */ + pubkSz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, &prvkSz, + NULL, &pubkSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + prvkSz = CURVE25519_KEYSIZE; + pubkSz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, &prvkSz, + publicKey, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* cross-testing */ + prksz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_private_raw(&key, prik, &prksz), 0); + pbksz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_public(&key, pubk, &pbksz), 0); + prvkSz = CURVE25519_KEYSIZE; + /* pubkSz = CURVE25519_KEYSIZE; */ + ExpectIntEQ(wc_curve25519_export_key_raw(&key, privateKey, &prvkSz, + publicKey, &pubkSz), 0); + ExpectIntEQ(prksz, CURVE25519_KEYSIZE); + ExpectIntEQ(pbksz, CURVE25519_KEYSIZE); + ExpectIntEQ(prvkSz, CURVE25519_KEYSIZE); + ExpectIntEQ(pubkSz, CURVE25519_KEYSIZE); + ExpectIntEQ(XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE), 0); + ExpectIntEQ(XMEMCMP(publicKey, pubk, CURVE25519_KEYSIZE), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_curve25519_free(&key); +#endif + return EXPECT_RESULT(); +} /* end of test_wc_curve25519_export_key_raw */ + +/* + * Testing test_wc_curve25519_export_key_raw_ex(). + */ +int test_wc_curve25519_export_key_raw_ex(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE25519) && defined(HAVE_CURVE25519_KEY_EXPORT) + curve25519_key key; + WC_RNG rng; + byte privateKey[CURVE25519_KEYSIZE]; + byte publicKey[CURVE25519_KEYSIZE]; + word32 prvkSz; + word32 pubkSz; + byte prik[CURVE25519_KEYSIZE]; + byte pubk[CURVE25519_KEYSIZE]; + word32 prksz; + word32 pbksz; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_curve25519_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0); + + /* bad-argument-test cases - target function should return BAD_FUNC_ARG */ + prvkSz = CURVE25519_KEYSIZE; + pubkSz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_key_raw_ex(NULL, privateKey, + &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + prvkSz = CURVE25519_KEYSIZE; + pubkSz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, NULL, + &prvkSz, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + prvkSz = CURVE25519_KEYSIZE; + pubkSz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, + NULL, publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* prvkSz = CURVE25519_KEYSIZE; */ + pubkSz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, + &prvkSz, NULL, &pubkSz, EC25519_LITTLE_ENDIAN), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + prvkSz = CURVE25519_KEYSIZE; + pubkSz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, + &prvkSz, publicKey, NULL, EC25519_LITTLE_ENDIAN), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + prvkSz = CURVE25519_KEYSIZE; + /* pubkSz = CURVE25519_KEYSIZE; */ + ExpectIntEQ(wc_curve25519_export_key_raw_ex(NULL, privateKey, + &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + prvkSz = CURVE25519_KEYSIZE; + pubkSz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, NULL, + &prvkSz, publicKey, &pubkSz, EC25519_BIG_ENDIAN), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + prvkSz = CURVE25519_KEYSIZE; + pubkSz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, + NULL, publicKey, &pubkSz, EC25519_BIG_ENDIAN), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* prvkSz = CURVE25519_KEYSIZE; */ + pubkSz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, + &prvkSz, NULL, &pubkSz, EC25519_BIG_ENDIAN), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + prvkSz = CURVE25519_KEYSIZE; + pubkSz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, + &prvkSz, publicKey, NULL, EC25519_BIG_ENDIAN), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* illegal value for endian */ + prvkSz = CURVE25519_KEYSIZE; + /* pubkSz = CURVE25519_KEYSIZE; */ + ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz, + publicKey, NULL, EC25519_BIG_ENDIAN + 10), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* cross-testing */ + prksz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_private_raw( &key, prik, &prksz), 0); + pbksz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_public( &key, pubk, &pbksz), 0); + prvkSz = CURVE25519_KEYSIZE; + /* pubkSz = CURVE25519_KEYSIZE; */ + ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz, + publicKey, &pubkSz, EC25519_BIG_ENDIAN), 0); + ExpectIntEQ(prksz, CURVE25519_KEYSIZE); + ExpectIntEQ(pbksz, CURVE25519_KEYSIZE); + ExpectIntEQ(prvkSz, CURVE25519_KEYSIZE); + ExpectIntEQ(pubkSz, CURVE25519_KEYSIZE); + ExpectIntEQ(XMEMCMP(privateKey, prik, CURVE25519_KEYSIZE), 0); + ExpectIntEQ(XMEMCMP(publicKey, pubk, CURVE25519_KEYSIZE), 0); + ExpectIntEQ(wc_curve25519_export_key_raw_ex(&key, privateKey, &prvkSz, + publicKey, &pubkSz, EC25519_LITTLE_ENDIAN), 0); + ExpectIntEQ(prvkSz, CURVE25519_KEYSIZE); + ExpectIntEQ(pubkSz, CURVE25519_KEYSIZE); + + /* try once with another endian */ + prvkSz = CURVE25519_KEYSIZE; + pubkSz = CURVE25519_KEYSIZE; + ExpectIntEQ(wc_curve25519_export_key_raw_ex( &key, privateKey, &prvkSz, + publicKey, &pubkSz, EC25519_BIG_ENDIAN), 0); + ExpectIntEQ(prvkSz, CURVE25519_KEYSIZE); + ExpectIntEQ(pubkSz, CURVE25519_KEYSIZE); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_curve25519_free(&key); +#endif + return EXPECT_RESULT(); +} /* end of test_wc_curve25519_export_key_raw_ex */ + +/* + * Testing wc_curve25519_make_key + */ +int test_wc_curve25519_make_key(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE25519) + curve25519_key key; + WC_RNG rng; + int keysize = 0; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_curve25519_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + + ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0); + ExpectIntEQ(keysize = wc_curve25519_size(&key), CURVE25519_KEYSIZE); + ExpectIntEQ(wc_curve25519_make_key(&rng, keysize, &key), 0); + /* test bad cases */ + ExpectIntEQ(wc_curve25519_make_key(NULL, 0, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_make_key(&rng, keysize, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_make_key(NULL, keysize, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_make_key(&rng, 0, &key), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_curve25519_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve25519_make_key */ + +/* + * Testing wc_curve25519_shared_secret_ex + */ +int test_wc_curve25519_shared_secret_ex(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE25519) + curve25519_key private_key; + curve25519_key public_key; + WC_RNG rng; + byte out[CURVE25519_KEYSIZE]; + word32 outLen = sizeof(out); + int endian = EC25519_BIG_ENDIAN; + + ExpectIntEQ(wc_curve25519_init(&private_key), 0); +#ifdef WOLFSSL_CURVE25519_BLINDING + ExpectIntEQ(wc_curve25519_set_rng(&private_key, &rng), 0); +#endif + ExpectIntEQ(wc_curve25519_init(&public_key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + + ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &private_key), + 0); + ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &public_key), + 0); + + ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out, + &outLen, endian), 0); + + /* test bad cases */ + ExpectIntEQ(wc_curve25519_shared_secret_ex(NULL, NULL, NULL, 0, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_shared_secret_ex(NULL, &public_key, out, &outLen, + endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, NULL, out, &outLen, + endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, NULL, + &outLen, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out, + NULL, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* curve25519.c is checking for public_key size less than or equal to 0x7f, + * increasing to 0x8f checks for error being returned */ + public_key.p.point[CURVE25519_KEYSIZE-1] = 0x8F; + ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out, + &outLen, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + + outLen = outLen - 2; + ExpectIntEQ(wc_curve25519_shared_secret_ex(&private_key, &public_key, out, + &outLen, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_curve25519_free(&private_key); + wc_curve25519_free(&public_key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve25519_shared_secret_ex */ + +/* + * Testing wc_curve25519_make_pub + */ +int test_wc_curve25519_make_pub(void) +{ + EXPECT_DECLS; +#ifdef HAVE_CURVE25519 + curve25519_key key; + WC_RNG rng; + byte out[CURVE25519_KEYSIZE]; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_curve25519_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0); + + ExpectIntEQ(wc_curve25519_make_pub((int)sizeof(out), out, + (int)sizeof(key.k), key.k), 0); + /* test bad cases */ + ExpectIntEQ(wc_curve25519_make_pub((int)sizeof(key.k) - 1, key.k, + (int)sizeof out, out), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), + NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out - 1, out, + (int)sizeof(key.k), key.k), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, NULL, + (int)sizeof(key.k), key.k), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + /* verify clamping test */ + key.k[0] |= ~248; + ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), + key.k), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + key.k[0] &= 248; + /* repeat the expected-to-succeed test. */ + ExpectIntEQ(wc_curve25519_make_pub((int)sizeof out, out, (int)sizeof(key.k), + key.k), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_curve25519_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve25519_make_pub */ + +/* + * Testing test_wc_curve25519_export_public_ex + */ +int test_wc_curve25519_export_public_ex(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE25519) + curve25519_key key; + WC_RNG rng; + byte out[CURVE25519_KEYSIZE]; + word32 outLen = sizeof(out); + int endian = EC25519_BIG_ENDIAN; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_curve25519_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0); + + ExpectIntEQ(wc_curve25519_export_public(&key, out, &outLen), 0); + ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, &outLen, endian), 0); + /* test bad cases */ + ExpectIntEQ(wc_curve25519_export_public_ex(NULL, NULL, NULL, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_export_public_ex(NULL, out, &outLen, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_export_public_ex(&key, NULL, &outLen, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, NULL, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + outLen = outLen - 2; + ExpectIntEQ(wc_curve25519_export_public_ex(&key, out, &outLen, endian), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_curve25519_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve25519_export_public_ex */ + +/* + * Testing test_wc_curve25519_export_private_raw_ex + */ +int test_wc_curve25519_export_private_raw_ex(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE25519) + curve25519_key key; + byte out[CURVE25519_KEYSIZE]; + word32 outLen = sizeof(out); + int endian = EC25519_BIG_ENDIAN; + + ExpectIntEQ(wc_curve25519_init(&key), 0); + + ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian), + 0); + /* test bad cases */ + ExpectIntEQ(wc_curve25519_export_private_raw_ex(NULL, NULL, NULL, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_export_private_raw_ex(NULL, out, &outLen, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, NULL, &outLen, + endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, NULL, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, &outLen, + EC25519_LITTLE_ENDIAN), 0); + outLen = outLen - 2; + ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, out, &outLen, endian), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + + wc_curve25519_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve25519_export_private_raw_ex */ + +/* + * Testing test_wc_curve25519_import_private_raw_ex + */ +int test_wc_curve25519_import_private_raw_ex(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE25519) + curve25519_key key; + WC_RNG rng; + byte priv[CURVE25519_KEYSIZE]; + byte pub[CURVE25519_KEYSIZE]; + word32 privSz = sizeof(priv); + word32 pubSz = sizeof(pub); + int endian = EC25519_BIG_ENDIAN; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_curve25519_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0); + + ExpectIntEQ(wc_curve25519_export_private_raw_ex(&key, priv, &privSz, + endian), 0); + ExpectIntEQ(wc_curve25519_export_public(&key, pub, &pubSz), 0); + ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz, + &key, endian), 0); + /* test bad cases */ + ExpectIntEQ(wc_curve25519_import_private_raw_ex(NULL, 0, NULL, 0, NULL, + endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_import_private_raw_ex(NULL, privSz, pub, pubSz, + &key, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, NULL, pubSz, + &key, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz, + NULL, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, 0, pub, pubSz, + &key, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, 0, + &key, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_curve25519_import_private_raw_ex(priv, privSz, pub, pubSz, + &key, EC25519_LITTLE_ENDIAN), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_curve25519_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve25519_import_private_raw_ex */ + +/* + * Testing test_wc_curve25519_import_private + */ +int test_wc_curve25519_import_private(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE25519) + curve25519_key key; + WC_RNG rng; + byte priv[CURVE25519_KEYSIZE]; + word32 privSz = sizeof(priv); + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_curve25519_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_curve25519_make_key(&rng, CURVE25519_KEYSIZE, &key), 0); + + ExpectIntEQ(wc_curve25519_export_private_raw(&key, priv, &privSz), 0); + ExpectIntEQ(wc_curve25519_import_private(priv, privSz, &key), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_curve25519_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve25519_import */ + diff --git a/test/ssl/wolfssl/tests/api/test_curve25519.h b/test/ssl/wolfssl/tests/api/test_curve25519.h new file mode 100644 index 000000000..fcd3bd73a --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_curve25519.h @@ -0,0 +1,52 @@ +/* test_curve25519.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_CURVE25519_H +#define WOLFCRYPT_TEST_CURVE25519_H + +#include + +int test_wc_curve25519_init(void); +int test_wc_curve25519_size(void); +int test_wc_curve25519_export_key_raw(void); +int test_wc_curve25519_export_key_raw_ex(void); +int test_wc_curve25519_make_key(void); +int test_wc_curve25519_shared_secret_ex(void); +int test_wc_curve25519_make_pub(void); +int test_wc_curve25519_export_public_ex(void); +int test_wc_curve25519_export_private_raw_ex(void); +int test_wc_curve25519_import_private_raw_ex(void); +int test_wc_curve25519_import_private(void); + +#define TEST_CURVE25519_DECLS \ + TEST_DECL_GROUP("curve25519", test_wc_curve25519_init), \ + TEST_DECL_GROUP("curve25519", test_wc_curve25519_size), \ + TEST_DECL_GROUP("curve25519", test_wc_curve25519_export_key_raw), \ + TEST_DECL_GROUP("curve25519", test_wc_curve25519_export_key_raw_ex), \ + TEST_DECL_GROUP("curve25519", test_wc_curve25519_make_key), \ + TEST_DECL_GROUP("curve25519", test_wc_curve25519_shared_secret_ex), \ + TEST_DECL_GROUP("curve25519", test_wc_curve25519_make_pub), \ + TEST_DECL_GROUP("curve25519", test_wc_curve25519_export_public_ex), \ + TEST_DECL_GROUP("curve25519", test_wc_curve25519_export_private_raw_ex), \ + TEST_DECL_GROUP("curve25519", test_wc_curve25519_import_private_raw_ex), \ + TEST_DECL_GROUP("curve25519", test_wc_curve25519_import_private) + +#endif /* WOLFCRYPT_TEST_CURVE25519_H */ diff --git a/test/ssl/wolfssl/tests/api/test_curve448.c b/test/ssl/wolfssl/tests/api/test_curve448.c new file mode 100644 index 000000000..17063d383 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_curve448.c @@ -0,0 +1,399 @@ +/* test_curve448.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/* + * Testing wc_curve448_make_key + */ +int test_wc_curve448_make_key(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE448) + curve448_key key; + WC_RNG rng; + int keysize = 0; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_curve448_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + + ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0); + ExpectIntEQ(keysize = wc_curve448_size(&key), CURVE448_KEY_SIZE); + ExpectIntEQ(wc_curve448_make_key(&rng, keysize, &key), 0); + + /* test bad cases */ + ExpectIntEQ(wc_curve448_make_key(NULL, 0, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_make_key(&rng, keysize, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_make_key(NULL, keysize, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_make_key(&rng, 0, &key), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_curve448_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve448_make_key */ + +/* + * Testing test_wc_curve448_shared_secret_ex + */ +int test_wc_curve448_shared_secret_ex(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE448) + curve448_key private_key; + curve448_key public_key; + WC_RNG rng; + byte out[CURVE448_KEY_SIZE]; + word32 outLen = sizeof(out); + int endian = EC448_BIG_ENDIAN; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_curve448_init(&private_key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &private_key), 0); + + ExpectIntEQ(wc_curve448_init(&public_key), 0); + ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &public_key), 0); + ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, out, + &outLen, endian), 0); + + /* test bad cases */ + ExpectIntEQ(wc_curve448_shared_secret_ex(NULL, NULL, NULL, 0, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_shared_secret_ex(NULL, &public_key, out, &outLen, + endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, NULL, out, &outLen, + endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, NULL, + &outLen, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, out, + NULL, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + outLen = outLen - 2; + ExpectIntEQ(wc_curve448_shared_secret_ex(&private_key, &public_key, out, + &outLen, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_curve448_free(&private_key); + wc_curve448_free(&public_key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve448_shared_secret_ex */ + +/* + * Testing test_wc_curve448_export_public_ex + */ +int test_wc_curve448_export_public_ex(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE448) + WC_RNG rng; + curve448_key key; + byte out[CURVE448_KEY_SIZE]; + word32 outLen = sizeof(out); + int endian = EC448_BIG_ENDIAN; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_curve448_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0); + + ExpectIntEQ(wc_curve448_export_public(&key, out, &outLen), 0); + ExpectIntEQ(wc_curve448_export_public_ex(&key, out, &outLen, endian), 0); + /* test bad cases */ + ExpectIntEQ(wc_curve448_export_public_ex(NULL, NULL, NULL, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_export_public_ex(NULL, out, &outLen, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_export_public_ex(&key, NULL, &outLen, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_export_public_ex(&key, out, NULL, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + outLen = outLen - 2; + ExpectIntEQ(wc_curve448_export_public_ex(&key, out, &outLen, endian), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_curve448_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve448_export_public_ex */ + +/* + * Testing test_wc_curve448_export_private_raw_ex + */ +int test_wc_curve448_export_private_raw_ex(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE448) + curve448_key key; + byte out[CURVE448_KEY_SIZE]; + word32 outLen = sizeof(out); + int endian = EC448_BIG_ENDIAN; + + ExpectIntEQ(wc_curve448_init(&key), 0); + ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, &outLen, endian), + 0); + /* test bad cases */ + ExpectIntEQ(wc_curve448_export_private_raw_ex(NULL, NULL, NULL, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_export_private_raw_ex(NULL, out, &outLen, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, NULL, &outLen, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, NULL, endian), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, &outLen, + EC448_LITTLE_ENDIAN), 0); + outLen = outLen - 2; + ExpectIntEQ(wc_curve448_export_private_raw_ex(&key, out, &outLen, endian), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + + wc_curve448_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve448_export_private_raw_ex */ + +/* + * Testing test_curve448_export_key_raw + */ +int test_wc_curve448_export_key_raw(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE448) + curve448_key key; + WC_RNG rng; + byte priv[CURVE448_KEY_SIZE]; + byte pub[CURVE448_KEY_SIZE]; + word32 privSz = sizeof(priv); + word32 pubSz = sizeof(pub); + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_curve448_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0); + + ExpectIntEQ(wc_curve448_export_private_raw(&key, priv, &privSz), 0); + ExpectIntEQ(wc_curve448_export_public(&key, pub, &pubSz), 0); + ExpectIntEQ(wc_curve448_export_key_raw(&key, priv, &privSz, pub, &pubSz), + 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_curve448_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve448_import_private_raw_ex */ + +/* + * Testing test_wc_curve448_import_private_raw_ex + */ +int test_wc_curve448_import_private_raw_ex(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE448) + curve448_key key; + WC_RNG rng; + byte priv[CURVE448_KEY_SIZE]; + byte pub[CURVE448_KEY_SIZE]; + word32 privSz = sizeof(priv); + word32 pubSz = sizeof(pub); + int endian = EC448_BIG_ENDIAN; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_curve448_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0); + + ExpectIntEQ(wc_curve448_export_private_raw(&key, priv, &privSz), 0); + ExpectIntEQ(wc_curve448_export_public(&key, pub, &pubSz), 0); + ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz, + &key, endian), 0); + /* test bad cases */ + ExpectIntEQ(wc_curve448_import_private_raw_ex(NULL, 0, NULL, 0, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_import_private_raw_ex(NULL, privSz, pub, pubSz, + &key, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, NULL, pubSz, + &key, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz, + NULL, endian), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, 0, pub, pubSz, + &key, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, 0, + &key, endian), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_curve448_import_private_raw_ex(priv, privSz, pub, pubSz, + &key, EC448_LITTLE_ENDIAN), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_curve448_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve448_import_private_raw_ex */ + +/* + * Testing test_wc_curve448_import_private + */ +int test_wc_curve448_import_private(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE448) + curve448_key key; + WC_RNG rng; + byte priv[CURVE448_KEY_SIZE]; + word32 privSz = sizeof(priv); + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_curve448_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &key), 0); + + ExpectIntEQ(wc_curve448_export_private_raw(&key, priv, &privSz), 0); + ExpectIntEQ(wc_curve448_import_private(priv, privSz, &key), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_curve448_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve448_import */ + +/* + * Testing wc_curve448_init and wc_curve448_free. + */ +int test_wc_curve448_init(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE448) + curve448_key key; + + /* Test bad args for wc_curve448_init */ + ExpectIntEQ(wc_curve448_init(&key), 0); + /* Test bad args for wc_curve448_init */ + ExpectIntEQ(wc_curve448_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test good args for wc_curve_448_free */ + wc_curve448_free(&key); + /* Test bad args for wc_curve448_free */ + wc_curve448_free(NULL); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve448_init and wc_curve_448_free */ + +/* + * Testing test_wc_curve448_size. + */ +int test_wc_curve448_size(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE448) + curve448_key key; + + ExpectIntEQ(wc_curve448_init(&key), 0); + + /* Test good args for wc_curve448_size */ + ExpectIntEQ(wc_curve448_size(&key), CURVE448_KEY_SIZE); + /* Test bad args for wc_curve448_size */ + ExpectIntEQ(wc_curve448_size(NULL), 0); + + wc_curve448_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_curve448_size */ + +/* + * Testing wc_Curve448PrivateKeyToDer + */ +int test_wc_Curve448PrivateKeyToDer(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE448) && defined(HAVE_CURVE448_KEY_EXPORT) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) + byte output[ONEK_BUF]; + curve448_key curve448PrivKey; + WC_RNG rng; + word32 inLen; + + XMEMSET(&curve448PrivKey, 0, sizeof(curve448PrivKey)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_curve448_init(&curve448PrivKey), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &curve448PrivKey), + 0); + inLen = (word32)sizeof(output); + + /* Bad Cases */ + ExpectIntEQ(wc_Curve448PrivateKeyToDer(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Curve448PrivateKeyToDer(NULL, output, inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Curve448PrivateKeyToDer(&curve448PrivKey, output, 0), + WC_NO_ERR_TRACE(BUFFER_E)); + /* Good cases */ + /* length only */ + ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, NULL, 0), 0); + ExpectIntGT(wc_Curve448PrivateKeyToDer(&curve448PrivKey, output, inLen), 0); + + /* Bad Cases */ + ExpectIntEQ(wc_Curve448PublicKeyToDer(NULL, NULL, 0, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Curve448PublicKeyToDer(NULL, output, inLen, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, 0, 0), + WC_NO_ERR_TRACE(BUFFER_E)); + ExpectIntEQ(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, 0, 1), + WC_NO_ERR_TRACE(BUFFER_E)); + /* Good cases */ + /* length only */ + ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, 0, 0), 0); + ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, NULL, 0, 1), 0); + ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, inLen, 0), + 0); + ExpectIntGT(wc_Curve448PublicKeyToDer(&curve448PrivKey, output, inLen, 1), + 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_curve448_free(&curve448PrivKey); +#endif + return EXPECT_RESULT(); +} /* End wc_Curve448PrivateKeyToDer*/ + diff --git a/test/ssl/wolfssl/tests/api/test_curve448.h b/test/ssl/wolfssl/tests/api/test_curve448.h new file mode 100644 index 000000000..9c62f6af9 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_curve448.h @@ -0,0 +1,50 @@ +/* test_curve448.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_CURVE448_H +#define WOLFCRYPT_TEST_CURVE448_H + +#include + +int test_wc_curve448_make_key(void); +int test_wc_curve448_shared_secret_ex(void); +int test_wc_curve448_export_public_ex(void); +int test_wc_curve448_export_private_raw_ex(void); +int test_wc_curve448_export_key_raw(void); +int test_wc_curve448_import_private_raw_ex(void); +int test_wc_curve448_import_private(void); +int test_wc_curve448_init(void); +int test_wc_curve448_size(void); +int test_wc_Curve448PrivateKeyToDer(void); + +#define TEST_CURVE448_DECLS \ + TEST_DECL_GROUP("curve448", test_wc_curve448_make_key), \ + TEST_DECL_GROUP("curve448", test_wc_curve448_shared_secret_ex), \ + TEST_DECL_GROUP("curve448", test_wc_curve448_export_public_ex), \ + TEST_DECL_GROUP("curve448", test_wc_curve448_export_private_raw_ex), \ + TEST_DECL_GROUP("curve448", test_wc_curve448_export_key_raw), \ + TEST_DECL_GROUP("curve448", test_wc_curve448_import_private_raw_ex), \ + TEST_DECL_GROUP("curve448", test_wc_curve448_import_private), \ + TEST_DECL_GROUP("curve448", test_wc_curve448_init), \ + TEST_DECL_GROUP("curve448", test_wc_curve448_size), \ + TEST_DECL_GROUP("curve448", test_wc_Curve448PrivateKeyToDer) + +#endif /* WOLFCRYPT_TEST_CURVE448_H */ diff --git a/test/ssl/wolfssl/tests/api/test_des3.c b/test/ssl/wolfssl/tests/api/test_des3.c new file mode 100644 index 000000000..70028ebbb --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_des3.c @@ -0,0 +1,223 @@ +/* test_des3.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/* + * unit test for wc_Des3_SetIV() + */ +int test_wc_Des3_SetIV(void) +{ + EXPECT_DECLS; +#ifndef NO_DES3 + Des3 des; + const byte key[] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + const byte iv[] = { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 + }; + + XMEMSET(&des, 0, sizeof(Des3)); + + ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0); + + /* DES_ENCRYPTION or DES_DECRYPTION */ + ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0); + ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0); + +#ifndef HAVE_FIPS /* no sanity checks with FIPS wrapper */ + /* Test explicitly wc_Des3_SetIV() */ + ExpectIntEQ(wc_Des3_SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_SetIV(&des, NULL), 0); +#endif + wc_Des3Free(&des); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_Des3_SetIV */ + +/* + * unit test for wc_Des3_SetKey() + */ +int test_wc_Des3_SetKey(void) +{ + EXPECT_DECLS; +#ifndef NO_DES3 + Des3 des; + const byte key[] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + const byte iv[] = { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 + }; + + XMEMSET(&des, 0, sizeof(Des3)); + + ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0); + + /* DES_ENCRYPTION or DES_DECRYPTION */ + ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0); + ExpectIntEQ(XMEMCMP(iv, des.reg, DES_BLOCK_SIZE), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_Des3_SetKey(NULL, key, iv, DES_ENCRYPTION), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_SetKey(&des, NULL, iv, DES_ENCRYPTION), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Default case. Should return 0. */ + ExpectIntEQ(wc_Des3_SetKey(&des, key, NULL, DES_ENCRYPTION), 0); + + wc_Des3Free(&des); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_Des3_SetKey */ + +/* + * Test function for wc_Des3_CbcEncrypt and wc_Des3_CbcDecrypt + */ +int test_wc_Des3_CbcEncryptDecrypt(void) +{ + EXPECT_DECLS; +#ifndef NO_DES3 + Des3 des; + byte cipher[24]; + byte plain[24]; + const byte key[] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + const byte iv[] = { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 + }; + const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + XMEMSET(&des, 0, sizeof(Des3)); + + ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0); + + ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, vector, 24), 0); + ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_DECRYPTION), 0); + ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, cipher, 24), 0); + ExpectIntEQ(XMEMCMP(plain, vector, 24), 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_Des3_CbcEncrypt(NULL, cipher, vector, 24), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcEncrypt(&des, NULL, vector, 24), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcEncrypt(&des, cipher, NULL, sizeof(vector)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_Des3_CbcDecrypt(NULL, plain, cipher, 24), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcDecrypt(&des, NULL, cipher, 24), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcDecrypt(&des, plain, NULL, 24), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_Des3Free(&des); +#endif + return EXPECT_RESULT(); + +} /* END wc_Des3_CbcEncrypt */ + +/* + * Unit test for wc_Des3_EcbEncrypt + */ +int test_wc_Des3_EcbEncrypt(void) +{ + EXPECT_DECLS; +#if !defined(NO_DES3) && defined(WOLFSSL_DES_ECB) + Des3 des; + byte cipher[24]; + word32 cipherSz = sizeof(cipher); + const byte key[] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + const byte iv[] = { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 + }; + const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + XMEMSET(&des, 0, sizeof(Des3)); + + ExpectIntEQ(wc_Des3Init(&des, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_Des3_SetKey(&des, key, iv, DES_ENCRYPTION), 0); + + /* Bad Cases */ + ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, 0, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_EcbEncrypt(NULL, cipher, vector, cipherSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_EcbEncrypt(&des, 0, vector, cipherSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, NULL, cipherSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, 0), 0); + + /* Good Cases */ + ExpectIntEQ(wc_Des3_EcbEncrypt(&des, cipher, vector, cipherSz), 0); + + wc_Des3Free(&des); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Des3_EcbEncrypt */ + diff --git a/test/ssl/wolfssl/tests/api/test_des3.h b/test/ssl/wolfssl/tests/api/test_des3.h new file mode 100644 index 000000000..993bbb216 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_des3.h @@ -0,0 +1,38 @@ +/* test_des3.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_DES3_H +#define WOLFCRYPT_TEST_DES3_H + +#include + +int test_wc_Des3_SetIV(void); +int test_wc_Des3_SetKey(void); +int test_wc_Des3_CbcEncryptDecrypt(void); +int test_wc_Des3_EcbEncrypt(void); + +#define TEST_DES3_DECLS \ + TEST_DECL_GROUP("des3", test_wc_Des3_SetIV), \ + TEST_DECL_GROUP("des3", test_wc_Des3_SetKey), \ + TEST_DECL_GROUP("des3", test_wc_Des3_CbcEncryptDecrypt), \ + TEST_DECL_GROUP("des3", test_wc_Des3_CbcEncryptDecrypt) + +#endif /* WOLFCRYPT_TEST_DES3_H */ diff --git a/test/ssl/wolfssl/tests/api/test_dh.c b/test/ssl/wolfssl/tests/api/test_dh.c new file mode 100644 index 000000000..715d56651 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_dh.c @@ -0,0 +1,76 @@ +/* test_dh.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/* + * Testing wc_DhPublicKeyDecode + */ +int test_wc_DhPublicKeyDecode(void) +{ + EXPECT_DECLS; +#ifndef NO_DH +#if defined(WOLFSSL_DH_EXTRA) && defined(USE_CERT_BUFFERS_2048) + DhKey key; + word32 inOutIdx; + + XMEMSET(&key, 0, sizeof(DhKey)); + + ExpectIntEQ(wc_InitDhKey(&key), 0); + + ExpectIntEQ(wc_DhPublicKeyDecode(NULL,NULL,NULL,0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,NULL,NULL,0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + inOutIdx = 0; + ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + inOutIdx = 0; + ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + inOutIdx = 0; + ExpectIntEQ(wc_DhPublicKeyDecode(dh_pub_key_der_2048,&inOutIdx,&key, + sizeof_dh_pub_key_der_2048), 0); + ExpectIntNE(key.p.used, 0); + ExpectIntNE(key.g.used, 0); + ExpectIntEQ(key.q.used, 0); + ExpectIntNE(key.pub.used, 0); + ExpectIntEQ(key.priv.used, 0); + + DoExpectIntEQ(wc_FreeDhKey(&key), 0); +#endif +#endif /* !NO_DH */ + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_dh.h b/test/ssl/wolfssl/tests/api/test_dh.h new file mode 100644 index 000000000..f3beff426 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_dh.h @@ -0,0 +1,32 @@ +/* test_dh.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_DH_H +#define WOLFCRYPT_TEST_DH_H + +#include + +int test_wc_DhPublicKeyDecode(void); + +#define TEST_DH_DECLS \ + TEST_DECL_GROUP("dh", test_wc_DhPublicKeyDecode) + +#endif /* WOLFCRYPT_TEST_DH_H */ diff --git a/test/ssl/wolfssl/tests/api/test_digest.h b/test/ssl/wolfssl/tests/api/test_digest.h new file mode 100644 index 000000000..bffe0aeb6 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_digest.h @@ -0,0 +1,877 @@ +/* test_digest.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#define DIGEST_INIT_TEST(type, name) \ +do { \ + type dgst; \ + \ + /* Test bad arg. */ \ + ExpectIntEQ(wc_Init##name(NULL, HEAP_HINT, INVALID_DEVID), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + /* Test good arg. */ \ + ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0); \ + wc_##name##_Free(&dgst); \ + \ + wc_##name##_Free(NULL); \ +} while (0) + +#define DIGEST_INIT_AND_INIT_EX_TEST(type, name) \ + type dgst; \ + \ + /* Test bad arg. */ \ + ExpectIntEQ(wc_Init##name(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_Init##name##_ex(NULL, HEAP_HINT, INVALID_DEVID), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + /* Test good arg. */ \ + ExpectIntEQ(wc_Init##name(&dgst), 0); \ + wc_##name##Free(&dgst); \ + \ + ExpectIntEQ(wc_Init##name##_ex(&dgst, HEAP_HINT, INVALID_DEVID), 0); \ + wc_##name##Free(&dgst); \ + \ + wc_##name##Free(NULL) + +#define DIGEST_INIT_ONLY_TEST(type, name) \ +do { \ + type dgst; \ + \ + /* Test bad arg. */ \ + wc_Init##name(NULL); \ + \ + /* Test good arg. */ \ + wc_Init##name(&dgst); \ +} while (0) + +#define DIGEST_UPDATE_TEST(type, name) \ + type dgst; \ + \ + ExpectIntEQ(wc_Init##name(&dgst), 0); \ + \ + /* Pass in bad values. */ \ + ExpectIntEQ(wc_##name##Update(NULL, NULL, 1), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Update(&dgst, NULL, 1), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Update(NULL, NULL, 0), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Update(NULL, (byte*)"a", 1), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + ExpectIntEQ(wc_##name##Update(&dgst, NULL, 0), 0); \ + ExpectIntEQ(wc_##name##Update(&dgst, (byte*)"a", 1), 0); \ + \ + wc_##name##Free(&dgst) + +#define DIGEST_ALT_UPDATE_TEST(type, name) \ +do { \ + type dgst; \ + \ + ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0); \ + \ + /* Pass in bad values. */ \ + ExpectIntEQ(wc_##name##_Update(NULL, NULL, 1), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##_Update(&dgst, NULL, 1), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##_Update(NULL, NULL, 0), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##_Update(NULL, (byte*)"a", 1), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + ExpectIntEQ(wc_##name##_Update(&dgst, NULL, 0), 0); \ + ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)"a", 1), 0); \ + \ + wc_##name##_Free(&dgst); \ +} while (0) + +#define DIGEST_UPDATE_ONLY_TEST(type, name) \ + type dgst; \ + \ + wc_Init##name(&dgst); \ + \ + /* Pass in bad values. */ \ + wc_##name##Update(NULL, NULL, 1); \ + wc_##name##Update(&dgst, NULL, 1); \ + wc_##name##Update(NULL, NULL, 0); \ + wc_##name##Update(NULL, (byte*)"a", 1); \ + \ + wc_##name##Update(&dgst, NULL, 0); \ + wc_##name##Update(&dgst, (byte*)"a", 1) + +#define DIGEST_FINAL_TEST(type, name, upper) \ + type dgst; \ + byte hash[WC_##upper##_DIGEST_SIZE]; \ + \ + /* Initialize */ \ + ExpectIntEQ(wc_Init##name(&dgst), 0); \ + \ + /* Test bad args. */ \ + ExpectIntEQ(wc_##name##Final(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Final(&dgst, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Final(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + /* Test good args. */ \ + ExpectIntEQ(wc_##name##Final(&dgst, hash), 0); \ + \ + wc_##name##Free(&dgst) + +#define DIGEST_ALT_FINAL_TEST(type, name, upper) \ +do { \ + type dgst; \ + byte hash[WC_##upper##_DIGEST_SIZE]; \ + \ + /* Initialize */ \ + ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0); \ + \ + /* Test bad args. */ \ + ExpectIntEQ(wc_##name##_Final(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##_Final(&dgst, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##_Final(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + /* Test good args. */ \ + ExpectIntEQ(wc_##name##_Final(&dgst, hash), 0); \ + \ + wc_##name##_Free(&dgst); \ +} while (0) + +#define DIGEST_COUNT_FINAL_TEST(type, name, upper) \ +do { \ + type dgst; \ + byte hash[WC_##upper##_COUNT * 8]; \ + \ + /* Initialize */ \ + ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0); \ + \ + /* Test bad args. */ \ + ExpectIntEQ(wc_##name##_Final(NULL, NULL, WC_##upper##_COUNT * 8), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##_Final(&dgst, NULL, WC_##upper##_COUNT * 8), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##_Final(NULL, hash, WC_##upper##_COUNT * 8), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + /* Test good args. */ \ + ExpectIntEQ(wc_##name##_Final(&dgst, hash, WC_##upper##_COUNT * 8), 0); \ + \ + wc_##name##_Free(&dgst); \ +} while (0) + +#define DIGEST_FINAL_ONLY_TEST(type, name, upper) \ + type dgst; \ + byte hash[WC_##upper##_DIGEST_SIZE]; \ + \ + /* Initialize */ \ + wc_Init##name(&dgst); \ + \ + /* Test bad args. */ \ + wc_##name##Final(NULL, NULL); \ + wc_##name##Final(&dgst, NULL); \ + wc_##name##Final(NULL, hash); \ + \ + /* Test good args. */ \ + wc_##name##Final(&dgst, hash); \ + +#define DIGEST_FINAL_RAW_TEST(type, name, upper, hashStr) \ + type dgst; \ + byte hash[WC_##upper##_DIGEST_SIZE]; \ + const char* expHash = hashStr; \ + \ + /* Initialize */ \ + ExpectIntEQ(wc_Init##name(&dgst), 0); \ + \ + /* Test bad args. */ \ + ExpectIntEQ(wc_##name##FinalRaw(NULL, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##FinalRaw(&dgst, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##FinalRaw(NULL, hash), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + /* Test good args. */ \ + ExpectIntEQ(wc_##name##FinalRaw(&dgst, hash), 0); \ + ExpectBufEQ(hash, expHash, WC_##upper##_DIGEST_SIZE); \ + \ + wc_##name##Free(&dgst) + +#define DIGEST_KATS_TEST_VARS(type, upper) \ + type dgst; \ + testVector dgst_kat[upper##_KAT_CNT]; \ + byte hash[WC_##upper##_DIGEST_SIZE]; \ + int i = 0 + +#define DIGEST_COUNT_KATS_TEST_VARS(type, upper, count) \ + type dgst; \ + testVector dgst_kat[upper##_KAT_CNT]; \ + byte hash[WC_##count##_COUNT * 8]; \ + int i = 0 + +#define DIGEST_KATS_ADD(in, len, out) \ + dgst_kat[i].input = in; \ + dgst_kat[i].inLen = len; \ + dgst_kat[i].output = out; \ + dgst_kat[i].outLen = 0; \ + i++ + +#define DIGEST_KATS_TEST(name, upper) \ + (void)i; \ + \ + /* Initialize */ \ + ExpectIntEQ(wc_Init##name(&dgst), 0); \ + \ + for (i = 0; i < upper##_KAT_CNT; i++) { \ + /* Do KAT. */ \ + ExpectIntEQ(wc_##name##Update(&dgst, (byte*)dgst_kat[i].input, \ + (word32)dgst_kat[i].inLen), 0); \ + ExpectIntEQ(wc_##name##Final(&dgst, hash), 0); \ + ExpectBufEQ(hash, (byte*)dgst_kat[i].output, \ + WC_##upper##_DIGEST_SIZE); \ + } \ + \ + wc_##name##Free(&dgst) + +#define DIGEST_COUNT_KATS_TEST(name, upper, count) \ + (void)i; \ + \ + /* Initialize */ \ + ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0); \ + \ + for (i = 0; i < upper##_KAT_CNT; i++) { \ + /* Do KAT. */ \ + ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)dgst_kat[i].input, \ + (word32)dgst_kat[i].inLen), 0); \ + ExpectIntEQ(wc_##name##_Final(&dgst, hash, WC_##count##_COUNT * 8), \ + 0); \ + ExpectBufEQ(hash, (byte*)dgst_kat[i].output, \ + WC_##count##_COUNT * 8); \ + } \ + \ + wc_##name##_Free(&dgst) + +#define DIGEST_KATS_ONLY_TEST(name, upper) \ +do { \ + (void)i; \ + \ + /* Initialize */ \ + wc_Init##name(&dgst); \ + \ + for (i = 0; i < upper##_KAT_CNT; i++) { \ + /* Do KAT. */ \ + wc_##name##Update(&dgst, (byte*)dgst_kat[i].input, \ + (word32)dgst_kat[i].inLen); \ + wc_##name##Final(&dgst, hash); \ + ExpectBufEQ(hash, (byte*)dgst_kat[i].output, \ + WC_##upper##_DIGEST_SIZE); \ + } \ +} while (0) + +#define DIGEST_OTHER_TEST(type, name, upper, hashStr) \ + type dgst; \ + byte hash[WC_##upper##_DIGEST_SIZE + 1]; \ + byte data[WC_##upper##_DIGEST_SIZE * 8 + 1]; \ + int dataLen = WC_##upper##_DIGEST_SIZE * 8; \ + const char* expHash = hashStr; \ + int i; \ + int j; \ + \ + XMEMSET(data, 0xa5, sizeof(data)); \ + \ + /* Initialize */ \ + ExpectIntEQ(wc_Init##name(&dgst), 0); \ + \ + /* Unaligned input and output buffer. */ \ + ExpectIntEQ(wc_##name##Update(&dgst, data + 1, dataLen), 0); \ + ExpectIntEQ(wc_##name##Final(&dgst, hash + 1), 0); \ + ExpectBufEQ(hash + 1, (byte*)expHash, WC_##upper##_DIGEST_SIZE); \ + \ + /* Test that empty updates work. */ \ + ExpectIntEQ(wc_##name##Update(&dgst, NULL, 0), 0); \ + ExpectIntEQ(wc_##name##Update(&dgst, (byte*)"", 0), 0); \ + ExpectIntEQ(wc_##name##Update(&dgst, data, dataLen), 0); \ + ExpectIntEQ(wc_##name##Final(&dgst, hash), 0); \ + ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_DIGEST_SIZE); \ + \ + /* Ensure chunking works. */ \ + for (i = 1; i < dataLen; i++) { \ + for (j = 0; j < dataLen; j += i) { \ + int len = dataLen - j; \ + if (i < len) \ + len = i; \ + ExpectIntEQ(wc_##name##Update(&dgst, data + j, len), 0); \ + } \ + ExpectIntEQ(wc_##name##Final(&dgst, hash), 0); \ + ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_DIGEST_SIZE); \ + } \ + \ + wc_##name##Free(&dgst) + +#define DIGEST_ALT_OTHER_TEST(type, name, upper, hashStr) \ +do { \ + type dgst; \ + byte hash[WC_##upper##_DIGEST_SIZE + 1]; \ + byte data[WC_##upper##_DIGEST_SIZE * 8 + 1]; \ + int dataLen = WC_##upper##_DIGEST_SIZE * 8; \ + const char* expHash = hashStr; \ + int i; \ + int j; \ + \ + XMEMSET(data, 0xa5, sizeof(data)); \ + \ + /* Initialize */ \ + ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0); \ + \ + /* Unaligned input and output buffer. */ \ + ExpectIntEQ(wc_##name##_Update(&dgst, data + 1, dataLen), 0); \ + ExpectIntEQ(wc_##name##_Final(&dgst, hash + 1), 0); \ + ExpectBufEQ(hash + 1, (byte*)expHash, WC_##upper##_DIGEST_SIZE); \ + \ + /* Test that empty updates work. */ \ + ExpectIntEQ(wc_##name##_Update(&dgst, NULL, 0), 0); \ + ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)"", 0), 0); \ + ExpectIntEQ(wc_##name##_Update(&dgst, data, dataLen), 0); \ + ExpectIntEQ(wc_##name##_Final(&dgst, hash), 0); \ + ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_DIGEST_SIZE); \ + \ + /* Ensure chunking works. */ \ + for (i = 1; i < dataLen; i++) { \ + for (j = 0; j < dataLen; j += i) { \ + int len = dataLen - j; \ + if (i < len) \ + len = i; \ + ExpectIntEQ(wc_##name##_Update(&dgst, data + j, len), 0); \ + } \ + ExpectIntEQ(wc_##name##_Final(&dgst, hash), 0); \ + ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_DIGEST_SIZE); \ + } \ + \ + wc_##name##_Free(&dgst); \ +} while (0) + +#define DIGEST_COUNT_OTHER_TEST(type, name, upper, hashStr) \ +do { \ + type dgst; \ + byte hash[WC_##upper##_COUNT * 8 + 1]; \ + byte data[WC_##upper##_COUNT * 8 * 8 + 1]; \ + int dataLen = WC_##upper##_COUNT * 8 * 8; \ + const char* expHash = hashStr; \ + int i; \ + int j; \ + \ + XMEMSET(data, 0xa5, sizeof(data)); \ + \ + /* Initialize */ \ + ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0); \ + \ + /* Unaligned input and output buffer. */ \ + ExpectIntEQ(wc_##name##_Update(&dgst, data + 1, dataLen), 0); \ + ExpectIntEQ(wc_##name##_Final(&dgst, hash + 1, WC_##upper##_COUNT * 8), \ + 0); \ + ExpectBufEQ(hash + 1, (byte*)expHash, WC_##upper##_COUNT * 8); \ + \ + /* Test that empty updates work. */ \ + ExpectIntEQ(wc_##name##_Update(&dgst, NULL, 0), 0); \ + ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)"", 0), 0); \ + ExpectIntEQ(wc_##name##_Update(&dgst, data, dataLen), 0); \ + ExpectIntEQ(wc_##name##_Final(&dgst, hash, WC_##upper##_COUNT * 8), 0); \ + ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_COUNT * 8); \ + \ + /* Ensure chunking works. */ \ + for (i = 1; i < dataLen; i++) { \ + for (j = 0; j < dataLen; j += i) { \ + int len = dataLen - j; \ + if (i < len) \ + len = i; \ + ExpectIntEQ(wc_##name##_Update(&dgst, data + j, len), 0); \ + } \ + ExpectIntEQ(wc_##name##_Final(&dgst, hash, WC_##upper##_COUNT * 8), \ + 0); \ + ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_COUNT * 8); \ + } \ + \ + wc_##name##_Free(&dgst); \ +} while (0) + +#define DIGEST_OTHER_ONLY_TEST(type, name, upper, hashStr) \ +do { \ + type dgst; \ + byte hash[WC_##upper##_DIGEST_SIZE + 1]; \ + byte data[WC_##upper##_DIGEST_SIZE * 8 + 1]; \ + int dataLen = WC_##upper##_DIGEST_SIZE * 8; \ + const char* expHash = hashStr; \ + int i; \ + int j; \ + \ + XMEMSET(data, 0xa5, sizeof(data)); \ + \ + /* Initialize */ \ + wc_Init##name(&dgst); \ + \ + /* Unaligned input and output buffer. */ \ + wc_##name##Update(&dgst, data + 1, dataLen); \ + wc_##name##Final(&dgst, hash + 1); \ + ExpectBufEQ(hash + 1, (byte*)expHash, WC_##upper##_DIGEST_SIZE); \ + \ + /* Test that empty updates work. */ \ + wc_##name##Update(&dgst, NULL, 0); \ + wc_##name##Update(&dgst, (byte*)"", 0); \ + wc_##name##Update(&dgst, data, dataLen); \ + wc_##name##Final(&dgst, hash); \ + ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_DIGEST_SIZE); \ + \ + /* Ensure chunking works. */ \ + for (i = 1; i < dataLen; i++) { \ + for (j = 0; j < dataLen; j += i) { \ + int len = dataLen - j; \ + if (i < len) \ + len = i; \ + wc_##name##Update(&dgst, data + j, len); \ + } \ + wc_##name##Final(&dgst, hash); \ + ExpectBufEQ(hash, (byte*)expHash, WC_##upper##_DIGEST_SIZE); \ + } \ +} while (0) + +#define DIGEST_COPY_TEST(type, name, upper, emptyHashStr, abcHashStr) \ + type src; \ + type dst; \ + byte hashSrc[WC_##upper##_DIGEST_SIZE]; \ + byte hashDst[WC_##upper##_DIGEST_SIZE]; \ + const char* emptyHash = emptyHashStr; \ + const char* abcHash = abcHashStr; \ + byte data[WC_##upper##_BLOCK_SIZE]; \ + \ + XMEMSET(data, 0xa5, sizeof(data)); \ + \ + XMEMSET(&src, 0, sizeof(src)); \ + XMEMSET(&dst, 0, sizeof(dst)); \ + ExpectIntEQ(wc_Init##name(&src), 0); \ + \ + /* Tests bad params. */ \ + ExpectIntEQ(wc_##name##Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Copy(&src, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Copy(NULL, &dst), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + /* Test copy works. */ \ + ExpectIntEQ(wc_##name##Copy(&src, &dst), 0); \ + ExpectIntEQ(wc_##name##Final(&src, hashSrc), 0); \ + ExpectIntEQ(wc_##name##Final(&dst, hashDst), 0); \ + ExpectBufEQ(hashSrc, emptyHash, WC_##upper##_DIGEST_SIZE); \ + ExpectBufEQ(hashDst, emptyHash, WC_##upper##_DIGEST_SIZE); \ + wc_##name##Free(&dst); \ + \ + /* Test buffered data is copied. */ \ + ExpectIntEQ(wc_##name##Update(&src, (byte*)"abc", 3), 0); \ + ExpectIntEQ(wc_##name##Copy(&src, &dst), 0); \ + ExpectIntEQ(wc_##name##Final(&src, hashSrc), 0); \ + ExpectIntEQ(wc_##name##Final(&dst, hashDst), 0); \ + ExpectBufEQ(hashSrc, abcHash, WC_##upper##_DIGEST_SIZE); \ + ExpectBufEQ(hashDst, abcHash, WC_##upper##_DIGEST_SIZE); \ + wc_##name##Free(&dst); \ + \ + /* Test count of length is copied. */ \ + ExpectIntEQ(wc_##name##Update(&src, data, sizeof(data)), 0); \ + ExpectIntEQ(wc_##name##Copy(&src, &dst), 0); \ + ExpectIntEQ(wc_##name##Final(&src, hashSrc), 0); \ + ExpectIntEQ(wc_##name##Final(&dst, hashDst), 0); \ + ExpectBufEQ(hashSrc, hashDst, WC_##upper##_DIGEST_SIZE); \ + wc_##name##Free(&dst); \ + \ + wc_##name##Free(&src) + +#define DIGEST_ALT_COPY_TEST(type, name, upper, emptyHashStr, abcHashStr) \ +do { \ + type src; \ + type dst; \ + byte hashSrc[WC_##upper##_DIGEST_SIZE]; \ + byte hashDst[WC_##upper##_DIGEST_SIZE]; \ + const char* emptyHash = emptyHashStr; \ + const char* abcHash = abcHashStr; \ + byte data[WC_##upper##_BLOCK_SIZE]; \ + \ + XMEMSET(data, 0xa5, sizeof(data)); \ + XMEMSET(&src, 0, sizeof(src)); \ + \ + ExpectIntEQ(wc_Init##name(&src, HEAP_HINT, INVALID_DEVID), 0); \ + XMEMSET(&dst, 0, sizeof(dst)); \ + \ + ExpectIntEQ(wc_##name##_Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##_Copy(&src, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##_Copy(NULL, &dst), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + /* Test copy works. */ \ + ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0); \ + ExpectIntEQ(wc_##name##_Final(&src, hashSrc), 0); \ + ExpectIntEQ(wc_##name##_Final(&dst, hashDst), 0); \ + ExpectBufEQ(hashSrc, emptyHash, WC_##upper##_DIGEST_SIZE); \ + ExpectBufEQ(hashDst, emptyHash, WC_##upper##_DIGEST_SIZE); \ + wc_##name##_Free(&dst); \ + \ + /* Test buffered data is copied. */ \ + ExpectIntEQ(wc_##name##_Update(&src, (byte*)"abc", 3), 0); \ + ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0); \ + ExpectIntEQ(wc_##name##_Final(&src, hashSrc), 0); \ + ExpectIntEQ(wc_##name##_Final(&dst, hashDst), 0); \ + ExpectBufEQ(hashSrc, abcHash, WC_##upper##_DIGEST_SIZE); \ + ExpectBufEQ(hashDst, abcHash, WC_##upper##_DIGEST_SIZE); \ + wc_##name##_Free(&dst); \ + \ + /* Test count of length is copied. */ \ + ExpectIntEQ(wc_##name##_Update(&src, data, sizeof(data)), 0); \ + ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0); \ + ExpectIntEQ(wc_##name##_Final(&src, hashSrc), 0); \ + ExpectIntEQ(wc_##name##_Final(&dst, hashDst), 0); \ + ExpectBufEQ(hashSrc, hashDst, WC_##upper##_DIGEST_SIZE); \ + wc_##name##_Free(&dst); \ + \ + wc_##name##_Free(&src); \ +} while (0) + +#define DIGEST_COUNT_COPY_TEST(type, name, upper, emptyHashStr, abcHashStr) \ +do { \ + type src; \ + type dst; \ + byte hashSrc[WC_##upper##_COUNT * 8]; \ + byte hashDst[WC_##upper##_COUNT * 8]; \ + const char* emptyHash = emptyHashStr; \ + const char* abcHash = abcHashStr; \ + byte data[WC_##upper##_BLOCK_SIZE]; \ + \ + XMEMSET(data, 0xa5, sizeof(data)); \ + XMEMSET(&src, 0, sizeof(src)); \ + XMEMSET(&dst, 0, sizeof(dst)); \ + \ + ExpectIntEQ(wc_Init##name(&src, HEAP_HINT, INVALID_DEVID), 0); \ + XMEMSET(&dst, 0, sizeof(dst)); \ + \ + ExpectIntEQ(wc_##name##_Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##_Copy(&src, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##_Copy(NULL, &dst), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + /* Test copy works. */ \ + ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0); \ + ExpectIntEQ(wc_##name##_Final(&src, hashSrc, WC_##upper##_COUNT * 8), 0); \ + ExpectIntEQ(wc_##name##_Final(&dst, hashDst, WC_##upper##_COUNT * 8), 0); \ + ExpectBufEQ(hashSrc, emptyHash, WC_##upper##_COUNT * 8); \ + ExpectBufEQ(hashDst, emptyHash, WC_##upper##_COUNT * 8); \ + wc_##name##_Free(&src); \ + \ + /* Test buffered data is copied. */ \ + ExpectIntEQ(wc_##name##_Update(&src, (byte*)"abc", 3), 0); \ + ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0); \ + ExpectIntEQ(wc_##name##_Final(&src, hashSrc, WC_##upper##_COUNT * 8), 0); \ + ExpectIntEQ(wc_##name##_Final(&dst, hashDst, WC_##upper##_COUNT * 8), 0); \ + ExpectBufEQ(hashSrc, abcHash, WC_##upper##_COUNT * 8); \ + ExpectBufEQ(hashDst, abcHash, WC_##upper##_COUNT * 8); \ + wc_##name##_Free(&src); \ + \ + /* Test count of length is copied. */ \ + ExpectIntEQ(wc_##name##_Update(&src, data, sizeof(data)), 0); \ + ExpectIntEQ(wc_##name##_Copy(&src, &dst), 0); \ + ExpectIntEQ(wc_##name##_Final(&src, hashSrc, WC_##upper##_COUNT * 8), 0); \ + ExpectIntEQ(wc_##name##_Final(&dst, hashDst, WC_##upper##_COUNT * 8), 0); \ + ExpectBufEQ(hashSrc, hashDst, WC_##upper##_COUNT * 8); \ + wc_##name##_Free(&dst); \ + \ + wc_##name##_Free(&src); \ +} while (0) + +#define DIGEST_GET_HASH_TEST(type, name, upper, emptyHashStr, abcHashStr) \ + type dgst; \ + byte hash[WC_##upper##_DIGEST_SIZE]; \ + const char* emptyHash = emptyHashStr; \ + const char* abcHash = abcHashStr; \ + \ + XMEMSET(&dgst, 0, sizeof(dgst)); \ + ExpectIntEQ(wc_Init##name(&dgst), 0); \ + \ + ExpectIntEQ(wc_##name##GetHash(NULL, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##GetHash(&dgst, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##GetHash(NULL, hash), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + ExpectIntEQ(wc_##name##GetHash(&dgst, hash), 0); \ + ExpectBufEQ(hash, emptyHash, WC_##upper##_DIGEST_SIZE); \ + /* Test that the hash state hasn't been modified. */ \ + ExpectIntEQ(wc_##name##Update(&dgst, (byte*)"abc", 3), 0); \ + ExpectIntEQ(wc_##name##GetHash(&dgst, hash), 0); \ + ExpectBufEQ(hash, abcHash, WC_##upper##_DIGEST_SIZE); \ + \ + wc_##name##Free(&dgst) + +#ifdef LITTLE_ENDIAN_ORDER + +#define DIGEST_TRANSFORM_TEST(type, name, upper, abcBlockStr, abcHashStr) \ + type dgst; \ + const char* abc##name##Data = abcBlockStr; \ + const char* abcHash = abcHashStr; \ + \ + ExpectIntEQ(wc_Init##name(&dgst), 0); \ + \ + /* Test bad args. */ \ + ExpectIntEQ(wc_##name##Transform(NULL, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Transform(&dgst, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Transform(NULL, (byte*)abc##name##Data), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + ExpectIntEQ(wc_##name##Transform(&dgst, (byte*)abc##name##Data), 0); \ + ExpectBufEQ((byte*)dgst.digest, (byte*)abcHash, WC_##upper##_DIGEST_SIZE); \ + \ + wc_##name##Free(&dgst) + +#define DIGEST_TRANSFORM_FINAL_RAW_TEST(type, name, upper, abcBlockStr, \ + abcHashStr) \ + type dgst; \ + const char* abc##name##Data = abcBlockStr; \ + const char* abcHash = abcHashStr; \ + byte abcData[WC_##upper##_BLOCK_SIZE]; \ + byte hash[WC_##upper##_DIGEST_SIZE]; \ + \ + XMEMCPY(abcData, abc##name##Data, WC_##upper##_BLOCK_SIZE); \ + \ + ExpectIntEQ(wc_Init##name(&dgst), 0); \ + \ + /* Test bad args. */ \ + ExpectIntEQ(wc_##name##Transform(NULL, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Transform(&dgst, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Transform(NULL, (byte*)abc##name##Data), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + ExpectIntEQ(wc_##name##Transform(&dgst, (byte*)abcData), 0); \ + ExpectIntEQ(wc_##name##FinalRaw(&dgst, hash), 0); \ + ExpectBufEQ(hash, (byte*)abcHash, WC_##upper##_DIGEST_SIZE); \ + \ + wc_##name##Free(&dgst) + +#else + +#define DIGEST_TRANSFORM_TEST(type, name, upper, abcBlockStr, abcHashStr) \ + type dgst; \ + const char* abc##name##Data = abcBlockStr; \ + const char* abcHash = abcHashStr; \ + char abc##name##DataBE[WC_##upper##_BLOCK_SIZE]; \ + char abcHashBE[WC_##upper##_DIGEST_SIZE]; \ + \ + ExpectIntEQ(wc_Init##name(&dgst), 0); \ + \ + /* Test bad args. */ \ + ExpectIntEQ(wc_##name##Transform(NULL, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Transform(&dgst, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Transform(NULL, (byte*)abc##name##Data), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + ByteReverseWords((word32*)abc##name##DataBE, (word32*)abc##name##Data, \ + WC_##upper##_BLOCK_SIZE); \ + ByteReverseWords((word32*)abcHashBE, (word32*)abcHash, \ + WC_##upper##_DIGEST_SIZE); \ + ExpectIntEQ(wc_##name##Transform(&dgst, (byte*)abc##name##DataBE), 0); \ + ExpectBufEQ((byte*)dgst.digest, (byte*)abcHashBE, \ + WC_##upper##_DIGEST_SIZE); \ + \ + wc_##name##Free(&dgst) + +#define DIGEST_TRANSFORM_FINAL_RAW_TEST(type, name, upper, abcBlockStr, \ + abcHashStr) \ + type dgst; \ + const char* abc##name##Data = abcBlockStr; \ + const char* abcHash = abcHashStr; \ + char abc##name##DataBE[WC_##upper##_BLOCK_SIZE]; \ + byte hash[WC_##upper##_DIGEST_SIZE]; \ + \ + ExpectIntEQ(wc_Init##name(&dgst), 0); \ + \ + /* Test bad args. */ \ + ExpectIntEQ(wc_##name##Transform(NULL, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Transform(&dgst, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Transform(NULL, (byte*)abc##name##Data), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + ByteReverseWords((word32*)abc##name##DataBE, (word32*)abc##name##Data, \ + WC_##upper##_BLOCK_SIZE); \ + ExpectIntEQ(wc_##name##Transform(&dgst, (byte*)abc##name##DataBE), 0); \ + ExpectIntEQ(wc_##name##FinalRaw(&dgst, hash), 0); \ + ExpectBufEQ(hash, (byte*)abcHash, WC_##upper##_DIGEST_SIZE); \ + \ + wc_##name##Free(&dgst) + +#endif + +#define DIGEST_TRANSFORM_FINAL_RAW_ALL_TEST(type, name, upper, abcBlockStr, \ + abcHashStr) \ + type dgst; \ + const char* abc##name##Data = abcBlockStr; \ + const char* abcHash = abcHashStr; \ + byte abcData[WC_##upper##_BLOCK_SIZE]; \ + byte hash[WC_##upper##_DIGEST_SIZE]; \ + \ + XMEMCPY(abcData, abc##name##Data, WC_##upper##_BLOCK_SIZE); \ + \ + ExpectIntEQ(wc_Init##name(&dgst), 0); \ + \ + /* Test bad args. */ \ + ExpectIntEQ(wc_##name##Transform(NULL, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Transform(&dgst, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Transform(NULL, (byte*)abc##name##Data), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + ExpectIntEQ(wc_##name##Transform(&dgst, (byte*)abcData), 0); \ + ExpectIntEQ(wc_##name##FinalRaw(&dgst, hash), 0); \ + ExpectBufEQ(hash, (byte*)abcHash, WC_##upper##_DIGEST_SIZE); \ + \ + wc_##name##Free(&dgst) + +#define DIGEST_FLAGS_TEST(type, name) \ + type dgst; \ + type dgst_copy; \ + word32 flags; \ + \ + XMEMSET(&dgst, 0, sizeof(dgst)); \ + XMEMSET(&dgst_copy, 0, sizeof(dgst_copy)); \ + ExpectIntEQ(wc_Init##name(&dgst), 0); \ + \ + /* Do nothing. */ \ + ExpectIntEQ(wc_##name##GetFlags(NULL, NULL), 0); \ + ExpectIntEQ(wc_##name##GetFlags(&dgst, NULL), 0); \ + ExpectIntEQ(wc_##name##GetFlags(NULL, &flags), 0); \ + ExpectIntEQ(wc_##name##SetFlags(NULL, 1), 0); \ + \ + ExpectIntEQ(wc_##name##GetFlags(&dgst, &flags), 0); \ + ExpectIntEQ(flags, 0); \ + \ + ExpectIntEQ(wc_##name##Copy(&dgst, &dgst_copy), 0); \ + ExpectIntEQ(wc_##name##GetFlags(&dgst, &flags), 0); \ + ExpectIntEQ(flags, 0); \ + ExpectIntEQ(wc_##name##GetFlags(&dgst_copy, &flags), 0); \ + ExpectIntEQ(flags, WC_HASH_FLAG_ISCOPY); \ + \ + ExpectIntEQ(wc_##name##SetFlags(&dgst, WC_HASH_FLAG_WILLCOPY), 0); \ + ExpectIntEQ(wc_##name##GetFlags(&dgst, &flags), 0); \ + ExpectIntEQ(flags, WC_HASH_FLAG_WILLCOPY); \ + ExpectIntEQ(wc_##name##SetFlags(&dgst, 0), 0); \ + \ + wc_##name##Free(&dgst_copy); \ + wc_##name##Free(&dgst) + +#define DIGEST_ALT_FLAGS_TEST(type, name, inst) \ + type dgst; \ + type dgst_copy; \ + word32 flags; \ + \ + XMEMSET(&dgst, 0, sizeof(dgst)); \ + XMEMSET(&dgst_copy, 0, sizeof(dgst_copy)); \ + ExpectIntEQ(wc_Init##inst(&dgst, HEAP_HINT, INVALID_DEVID), 0); \ + \ + /* Do nothing. */ \ + ExpectIntEQ(wc_##name##_GetFlags(NULL, NULL), 0); \ + ExpectIntEQ(wc_##name##_GetFlags(&dgst, NULL), 0); \ + ExpectIntEQ(wc_##name##_GetFlags(NULL, &flags), 0); \ + ExpectIntEQ(wc_##name##_SetFlags(NULL, 1), 0); \ + \ + ExpectIntEQ(wc_##name##_GetFlags(&dgst, &flags), 0); \ + ExpectIntEQ(flags, 0); \ + \ + ExpectIntEQ(wc_##inst##_Copy(&dgst, &dgst_copy), 0); \ + ExpectIntEQ(wc_##name##_GetFlags(&dgst, &flags), 0); \ + ExpectIntEQ(flags, 0); \ + ExpectIntEQ(wc_##name##_GetFlags(&dgst_copy, &flags), 0); \ + ExpectIntEQ(flags, WC_HASH_FLAG_ISCOPY); \ + \ + ExpectIntEQ(wc_##name##_SetFlags(&dgst, 1), 0); \ + ExpectIntEQ(wc_##name##_GetFlags(&dgst, &flags), 0); \ + ExpectIntEQ(flags, 1); \ + ExpectIntEQ(wc_##name##_SetFlags(&dgst, 0), 0); \ + \ + wc_##inst##_Free(&dgst_copy); \ + wc_##inst##_Free(&dgst) + +#define DIGEST_HASH_TEST(name, upper) \ +do { \ + byte data[WC_##upper##_BLOCK_SIZE]; \ + byte hash[WC_##upper##_DIGEST_SIZE]; \ + \ + XMEMSET(data, 0xa5, sizeof(data)); \ + \ + /* Invalid parameters. */ \ + ExpectIntEQ(wc_##name##Hash(NULL, sizeof(data), hash), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Hash(data, sizeof(data), NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Hash_ex(NULL, sizeof(data), hash, HEAP_HINT, \ + INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Hash_ex(data, sizeof(data), NULL, HEAP_HINT, \ + INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + /* Valid parameters. */ \ + ExpectIntEQ(wc_##name##Hash(data, sizeof(data), hash), 0); \ + ExpectIntEQ(wc_##name##Hash_ex(data, sizeof(data), hash, HEAP_HINT, \ + INVALID_DEVID), 0); \ +} while (0) + +#define DIGEST_COUNT_HASH_TEST(name, upper) \ +do { \ + byte data[WC_##upper##_COUNT * 8]; \ + byte hash[WC_##upper##_COUNT * 8]; \ + \ + XMEMSET(data, 0xa5, sizeof(data)); \ + \ + /* Invalid parameters. */ \ + ExpectIntEQ(wc_##name##Hash(NULL, sizeof(data), hash), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Hash(data, sizeof(data), NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Hash_ex(NULL, sizeof(data), hash, HEAP_HINT, \ + INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##Hash_ex(data, sizeof(data), NULL, HEAP_HINT, \ + INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + /* Valid parameters. */ \ + ExpectIntEQ(wc_##name##Hash(data, sizeof(data), hash), 0); \ + ExpectIntEQ(wc_##name##Hash_ex(data, sizeof(data), hash, HEAP_HINT, \ + INVALID_DEVID), 0); \ +} while (0) + +#define DIGEST_HASH_ONLY_TEST(name, upper) \ + byte data[WC_##upper##_BLOCK_SIZE]; \ + byte hash[WC_##upper##_DIGEST_SIZE]; \ + \ + XMEMSET(data, 0xa5, sizeof(data)); \ + \ + /* Invalid parameters. */ \ + ExpectIntEQ(wc_##name##Hash(NULL, sizeof(data), hash), 0); \ + ExpectIntEQ(wc_##name##Hash(data, sizeof(data), NULL), 0); \ + \ + /* Valid parameters. */ \ + ExpectIntEQ(wc_##name##Hash(data, sizeof(data), hash), 0) + diff --git a/test/ssl/wolfssl/tests/api/test_dsa.c b/test/ssl/wolfssl/tests/api/test_dsa.c new file mode 100644 index 000000000..5599100dd --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_dsa.c @@ -0,0 +1,579 @@ +/* test_dsa.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/* + * Testing wc_InitDsaKey() + */ +int test_wc_InitDsaKey(void) +{ + EXPECT_DECLS; +#ifndef NO_DSA + DsaKey key; + + XMEMSET(&key, 0, sizeof(DsaKey)); + + ExpectIntEQ(wc_InitDsaKey(&key), 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_InitDsaKey(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_FreeDsaKey(&key); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_InitDsaKey */ + +/* + * Testing wc_DsaSign() and wc_DsaVerify() + */ +int test_wc_DsaSignVerify(void) +{ + EXPECT_DECLS; +#if !defined(NO_DSA) + DsaKey key; + WC_RNG rng; + wc_Sha sha; + byte signature[DSA_SIG_SIZE]; + byte hash[WC_SHA_DIGEST_SIZE]; + word32 idx = 0; + word32 bytes; + int answer = 0; +#ifdef USE_CERT_BUFFERS_1024 + byte tmp[ONEK_BUF]; + + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); + bytes = sizeof_dsa_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + byte tmp[TWOK_BUF]; + + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); + bytes = sizeof_dsa_key_der_2048; +#else + byte tmp[TWOK_BUF]; + XFILE fp = XBADFILE; + + XMEMSET(tmp, 0, sizeof(tmp)); + ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE); + ExpectTrue((bytes = (word32)XFREAD(tmp, 1, sizeof(tmp), fp)) > 0); + if (fp != XBADFILE) + XFCLOSE(fp); +#endif /* END USE_CERT_BUFFERS_1024 */ + + ExpectIntEQ(wc_InitSha(&sha), 0); + ExpectIntEQ(wc_ShaUpdate(&sha, tmp, bytes), 0); + ExpectIntEQ(wc_ShaFinal(&sha, hash), 0); + ExpectIntEQ(wc_InitDsaKey(&key), 0); + ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + + /* Sign. */ + ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), 0); + /* Test bad args. */ + ExpectIntEQ(wc_DsaSign(NULL, signature, &key, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_DsaSign(hash, NULL, &key, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_DsaSign(hash, signature, NULL, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_DsaSign(hash, signature, &key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Verify. */ + ExpectIntEQ(wc_DsaVerify(hash, signature, &key, &answer), 0); + ExpectIntEQ(answer, 1); + /* Pass in bad args. */ + ExpectIntEQ(wc_DsaVerify(NULL, signature, &key, &answer), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_DsaVerify(hash, NULL, &key, &answer), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_DsaVerify(hash, signature, NULL, &answer), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_DsaVerify(hash, signature, &key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#if !defined(HAVE_FIPS) && defined(WOLFSSL_PUBLIC_MP) + /* hard set q to 0 and test fail case */ + mp_free(&key.q); + ExpectIntEQ(mp_init(&key.q), 0); + ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + mp_set(&key.q, 1); + ExpectIntEQ(wc_DsaSign(hash, signature, &key, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + DoExpectIntEQ(wc_FreeRng(&rng),0); + wc_FreeDsaKey(&key); + wc_ShaFree(&sha); +#endif + return EXPECT_RESULT(); +} /* END test_wc_DsaSign */ + +/* + * Testing wc_DsaPrivateKeyDecode() and wc_DsaPublicKeyDecode() + */ +int test_wc_DsaPublicPrivateKeyDecode(void) +{ + EXPECT_DECLS; +#if !defined(NO_DSA) + DsaKey key; + word32 bytes = 0; + word32 idx = 0; + int ret = 0; +#ifdef USE_CERT_BUFFERS_1024 + byte tmp[ONEK_BUF]; + + XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); + bytes = sizeof_dsa_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + byte tmp[TWOK_BUF]; + + XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); + bytes = sizeof_dsa_key_der_2048; +#else + byte tmp[TWOK_BUF]; + XFILE fp = XBADFILE; + + XMEMSET(tmp, 0, sizeof(tmp)); + ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE); + ExpectTrue((bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp)) > 0); + if (fp != XBADFILE) + XFCLOSE(fp); +#endif /* END USE_CERT_BUFFERS_1024 */ + + ExpectIntEQ(wc_InitDsaKey(&key), 0); + ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0); + /* Test bad args. */ + ExpectIntEQ(wc_DsaPrivateKeyDecode(NULL, &idx, &key, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, NULL, &key, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, NULL, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntLT(ret = wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0); + ExpectTrue((ret == WC_NO_ERR_TRACE(ASN_PARSE_E)) || (ret == WC_NO_ERR_TRACE(BUFFER_E))); + wc_FreeDsaKey(&key); + + ExpectIntEQ(wc_InitDsaKey(&key), 0); + idx = 0; /* Reset */ + ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes), 0); + /* Test bad args. */ + ExpectIntEQ(wc_DsaPublicKeyDecode(NULL, &idx, &key, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, NULL, &key, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_DsaPublicKeyDecode(tmp, &idx, NULL, bytes), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntLT(ret = wc_DsaPublicKeyDecode(tmp, &idx, &key, bytes), 0); + ExpectTrue((ret == WC_NO_ERR_TRACE(ASN_PARSE_E)) || (ret == WC_NO_ERR_TRACE(BUFFER_E))); + wc_FreeDsaKey(&key); +#endif /* !NO_DSA */ + return EXPECT_RESULT(); + +} /* END test_wc_DsaPublicPrivateKeyDecode */ + +/* + * Testing wc_MakeDsaKey() and wc_MakeDsaParameters() + */ +int test_wc_MakeDsaKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) + DsaKey genKey; + WC_RNG rng; + + XMEMSET(&genKey, 0, sizeof(genKey)); + XMEMSET(&rng, 0, sizeof(rng)); + + ExpectIntEQ(wc_InitDsaKey(&genKey), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + + ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, &genKey), 0); + /* Test bad args. */ + ExpectIntEQ(wc_MakeDsaParameters(NULL, ONEK_BUF, &genKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF + 1, &genKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_MakeDsaKey(&rng, &genKey), 0); + /* Test bad args. */ + ExpectIntEQ(wc_MakeDsaKey(NULL, &genKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_MakeDsaKey(&rng, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_FreeDsaKey(&genKey); +#endif + return EXPECT_RESULT(); +} /* END test_wc_MakeDsaKey */ + +/* + * Testing wc_DsaKeyToDer() + */ +int test_wc_DsaKeyToDer(void) +{ + EXPECT_DECLS; +#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) + DsaKey key; + word32 bytes; + word32 idx = 0; +#ifdef USE_CERT_BUFFERS_1024 + byte tmp[ONEK_BUF]; + byte der[ONEK_BUF]; + + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMSET(der, 0, sizeof(der)); + XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); + bytes = sizeof_dsa_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + byte tmp[TWOK_BUF]; + byte der[TWOK_BUF]; + + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMSET(der, 0, sizeof(der)); + XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); + bytes = sizeof_dsa_key_der_2048; +#else + byte tmp[TWOK_BUF]; + byte der[TWOK_BUF]; + XFILE fp = XBADFILE; + + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMSET(der, 0, sizeof(der)); + ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb")) != XBADFILE); + ExpectTrue((bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp)) > 0); + if (fp != XBADFILE) + XFCLOSE(fp); +#endif /* END USE_CERT_BUFFERS_1024 */ + + XMEMSET(&key, 0, sizeof(DsaKey)); + + ExpectIntEQ(wc_InitDsaKey(&key), 0); + ExpectIntEQ(wc_DsaPrivateKeyDecode(tmp, &idx, &key, bytes), 0); + ExpectIntGE(wc_DsaKeyToDer(&key, der, bytes), 0); + ExpectIntEQ(XMEMCMP(der, tmp, bytes), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_DsaKeyToDer(NULL, der, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_DsaKeyToDer(&key, NULL, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_FreeDsaKey(&key); +#endif /* !NO_DSA && WOLFSSL_KEY_GEN */ + return EXPECT_RESULT(); + +} /* END test_wc_DsaKeyToDer */ + +/* + * Testing wc_DsaKeyToPublicDer() + * (indirectly testing setDsaPublicKey()) + */ +int test_wc_DsaKeyToPublicDer(void) +{ + EXPECT_DECLS; +#ifndef HAVE_SELFTEST +#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) + DsaKey key; + WC_RNG rng; + byte* der = NULL; + word32 sz = 0; + word32 idx = 0; + + XMEMSET(&key, 0, sizeof(DsaKey)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectNotNull(der = (byte*)XMALLOC(ONEK_BUF, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(wc_InitDsaKey(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_MakeDsaParameters(&rng, ONEK_BUF, &key), 0); + ExpectIntEQ(wc_MakeDsaKey(&rng, &key), 0); + + ExpectIntGE(sz = (word32)wc_DsaKeyToPublicDer(&key, der, ONEK_BUF), 0); + wc_FreeDsaKey(&key); + + idx = 0; + ExpectIntEQ(wc_DsaPublicKeyDecode(der, &idx, &key, sz), 0); + + /* Test without the SubjectPublicKeyInfo header */ + ExpectIntGE(sz = (word32)wc_SetDsaPublicKey(der, &key, ONEK_BUF, 0), 0); + wc_FreeDsaKey(&key); + idx = 0; + ExpectIntEQ(wc_DsaPublicKeyDecode(der, &idx, &key, sz), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_DsaKeyToPublicDer(NULL, der, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_DsaKeyToPublicDer(&key, NULL, FOURK_BUF), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_FreeDsaKey(&key); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* !NO_DSA && WOLFSSL_KEY_GEN */ +#endif /* !HAVE_SELFTEST */ + return EXPECT_RESULT(); + +} /* END test_wc_DsaKeyToPublicDer */ + +/* + * Testing wc_DsaImportParamsRaw() + */ +int test_wc_DsaImportParamsRaw(void) +{ + EXPECT_DECLS; +#if !defined(NO_DSA) + DsaKey key; + /* [mod = L=1024, N=160], from CAVP KeyPair */ + const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d" + "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c" + "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6" + "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71" + "47123188f8dc551054ee162b634d60f097f719076640e209" + "80a0093113a8bd73"; + const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281"; + const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822" + "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e" + "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786" + "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c" + "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0" + "76341a7e7d9"; + /* invalid p and q parameters */ + const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"; + const char* invalidQ = "96c5390a"; + + XMEMSET(&key, 0, sizeof(DsaKey)); + + ExpectIntEQ(wc_InitDsaKey(&key), 0); + ExpectIntEQ(wc_DsaImportParamsRaw(&key, p, q, g), 0); + + /* test bad args */ + /* null key struct */ + ExpectIntEQ(wc_DsaImportParamsRaw(NULL, p, q, g), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null param pointers */ + ExpectIntEQ(wc_DsaImportParamsRaw(&key, NULL, NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* illegal p length */ + ExpectIntEQ(wc_DsaImportParamsRaw(&key, invalidP, q, g), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* illegal q length */ + ExpectIntEQ(wc_DsaImportParamsRaw(&key, p, invalidQ, g), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_FreeDsaKey(&key); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_DsaImportParamsRaw */ + +/* + * Testing wc_DsaImportParamsRawCheck() + */ +int test_wc_DsaImportParamsRawCheck(void) +{ + EXPECT_DECLS; +#if !defined(NO_DSA) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + DsaKey key; + int trusted = 0; + /* [mod = L=1024, N=160], from CAVP KeyPair */ + const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d" + "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c" + "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6" + "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71" + "47123188f8dc551054ee162b634d60f097f719076640e209" + "80a0093113a8bd73"; + const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281"; + const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822" + "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e" + "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786" + "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c" + "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0" + "76341a7e7d9"; + /* invalid p and q parameters */ + const char* invalidP = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d"; + const char* invalidQ = "96c5390a"; + + ExpectIntEQ(wc_InitDsaKey(&key), 0); + ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, p, q, g, trusted, NULL), 0); + + /* test bad args */ + /* null key struct */ + ExpectIntEQ(wc_DsaImportParamsRawCheck(NULL, p, q, g, trusted, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null param pointers */ + ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, NULL, NULL, NULL, trusted, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* illegal p length */ + ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, invalidP, q, g, trusted, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* illegal q length */ + ExpectIntEQ(wc_DsaImportParamsRawCheck(&key, p, invalidQ, g, trusted, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_FreeDsaKey(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_DsaImportParamsRawCheck */ + +/* + * Testing wc_DsaExportParamsRaw() + */ +int test_wc_DsaExportParamsRaw(void) +{ + EXPECT_DECLS; +#if !defined(NO_DSA) + DsaKey key; + /* [mod = L=1024, N=160], from CAVP KeyPair */ + const char* p = "d38311e2cd388c3ed698e82fdf88eb92b5a9a483dc88005d" + "4b725ef341eabb47cf8a7a8a41e792a156b7ce97206c4f9c" + "5ce6fc5ae7912102b6b502e59050b5b21ce263dddb2044b6" + "52236f4d42ab4b5d6aa73189cef1ace778d7845a5c1c1c71" + "47123188f8dc551054ee162b634d60f097f719076640e209" + "80a0093113a8bd73"; + const char* q = "96c5390a8b612c0e422bb2b0ea194a3ec935a281"; + const char* g = "06b7861abbd35cc89e79c52f68d20875389b127361ca66822" + "138ce4991d2b862259d6b4548a6495b195aa0e0b6137ca37e" + "b23b94074d3c3d300042bdf15762812b6333ef7b07ceba786" + "07610fcc9ee68491dbc1e34cd12615474e52b18bc934fb00c" + "61d39e7da8902291c4434a4e2224c3f4fd9f93cd6f4f17fc0" + "76341a7e7d9"; + const char* pCompare = "\xd3\x83\x11\xe2\xcd\x38\x8c\x3e\xd6\x98\xe8\x2f" + "\xdf\x88\xeb\x92\xb5\xa9\xa4\x83\xdc\x88\x00\x5d" + "\x4b\x72\x5e\xf3\x41\xea\xbb\x47\xcf\x8a\x7a\x8a" + "\x41\xe7\x92\xa1\x56\xb7\xce\x97\x20\x6c\x4f\x9c" + "\x5c\xe6\xfc\x5a\xe7\x91\x21\x02\xb6\xb5\x02\xe5" + "\x90\x50\xb5\xb2\x1c\xe2\x63\xdd\xdb\x20\x44\xb6" + "\x52\x23\x6f\x4d\x42\xab\x4b\x5d\x6a\xa7\x31\x89" + "\xce\xf1\xac\xe7\x78\xd7\x84\x5a\x5c\x1c\x1c\x71" + "\x47\x12\x31\x88\xf8\xdc\x55\x10\x54\xee\x16\x2b" + "\x63\x4d\x60\xf0\x97\xf7\x19\x07\x66\x40\xe2\x09" + "\x80\xa0\x09\x31\x13\xa8\xbd\x73"; + const char* qCompare = "\x96\xc5\x39\x0a\x8b\x61\x2c\x0e\x42\x2b\xb2\xb0" + "\xea\x19\x4a\x3e\xc9\x35\xa2\x81"; + const char* gCompare = "\x06\xb7\x86\x1a\xbb\xd3\x5c\xc8\x9e\x79\xc5\x2f" + "\x68\xd2\x08\x75\x38\x9b\x12\x73\x61\xca\x66\x82" + "\x21\x38\xce\x49\x91\xd2\xb8\x62\x25\x9d\x6b\x45" + "\x48\xa6\x49\x5b\x19\x5a\xa0\xe0\xb6\x13\x7c\xa3" + "\x7e\xb2\x3b\x94\x07\x4d\x3c\x3d\x30\x00\x42\xbd" + "\xf1\x57\x62\x81\x2b\x63\x33\xef\x7b\x07\xce\xba" + "\x78\x60\x76\x10\xfc\xc9\xee\x68\x49\x1d\xbc\x1e" + "\x34\xcd\x12\x61\x54\x74\xe5\x2b\x18\xbc\x93\x4f" + "\xb0\x0c\x61\xd3\x9e\x7d\xa8\x90\x22\x91\xc4\x43" + "\x4a\x4e\x22\x24\xc3\xf4\xfd\x9f\x93\xcd\x6f\x4f" + "\x17\xfc\x07\x63\x41\xa7\xe7\xd9"; + byte pOut[MAX_DSA_PARAM_SIZE]; + byte qOut[MAX_DSA_PARAM_SIZE]; + byte gOut[MAX_DSA_PARAM_SIZE]; + word32 pOutSz; + word32 qOutSz; + word32 gOutSz; + + XMEMSET(&key, 0, sizeof(DsaKey)); + + ExpectIntEQ(wc_InitDsaKey(&key), 0); + /* first test using imported raw parameters, for expected */ + ExpectIntEQ(wc_DsaImportParamsRaw(&key, p, q, g), 0); + pOutSz = sizeof(pOut); + qOutSz = sizeof(qOut); + gOutSz = sizeof(gOut); + ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut, + &gOutSz), 0); + /* validate exported parameters are correct */ + ExpectIntEQ(XMEMCMP(pOut, pCompare, pOutSz), 0); + ExpectIntEQ(XMEMCMP(qOut, qCompare, qOutSz), 0); + ExpectIntEQ(XMEMCMP(gOut, gCompare, gOutSz), 0); + + /* test bad args */ + /* null key struct */ + ExpectIntEQ(wc_DsaExportParamsRaw(NULL, pOut, &pOutSz, qOut, &qOutSz, gOut, + &gOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null output pointers */ + ExpectIntEQ(wc_DsaExportParamsRaw(&key, NULL, &pOutSz, NULL, &qOutSz, NULL, + &gOutSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + /* null output size pointers */ + ExpectIntEQ( wc_DsaExportParamsRaw(&key, pOut, NULL, qOut, NULL, gOut, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* p output buffer size too small */ + pOutSz = 1; + ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut, + &gOutSz), WC_NO_ERR_TRACE(BUFFER_E)); + pOutSz = sizeof(pOut); + /* q output buffer size too small */ + qOutSz = 1; + ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut, + &gOutSz), WC_NO_ERR_TRACE(BUFFER_E)); + qOutSz = sizeof(qOut); + /* g output buffer size too small */ + gOutSz = 1; + ExpectIntEQ(wc_DsaExportParamsRaw(&key, pOut, &pOutSz, qOut, &qOutSz, gOut, + &gOutSz), WC_NO_ERR_TRACE(BUFFER_E)); + + wc_FreeDsaKey(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_DsaExportParamsRaw */ + +/* + * Testing wc_DsaExportKeyRaw() + */ +int test_wc_DsaExportKeyRaw(void) +{ + EXPECT_DECLS; +#if !defined(NO_DSA) && defined(WOLFSSL_KEY_GEN) + DsaKey key; + WC_RNG rng; + byte xOut[MAX_DSA_PARAM_SIZE]; + byte yOut[MAX_DSA_PARAM_SIZE]; + word32 xOutSz, yOutSz; + + XMEMSET(&key, 0, sizeof(key)); + XMEMSET(&rng, 0, sizeof(rng)); + + ExpectIntEQ(wc_InitDsaKey(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_MakeDsaParameters(&rng, 1024, &key), 0); + ExpectIntEQ(wc_MakeDsaKey(&rng, &key), 0); + + /* try successful export */ + xOutSz = sizeof(xOut); + yOutSz = sizeof(yOut); + ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz), 0); + + /* test bad args */ + /* null key struct */ + ExpectIntEQ(wc_DsaExportKeyRaw(NULL, xOut, &xOutSz, yOut, &yOutSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null output pointers */ + ExpectIntEQ(wc_DsaExportKeyRaw(&key, NULL, &xOutSz, NULL, &yOutSz), + WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + /* null output size pointers */ + ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, NULL, yOut, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* x output buffer size too small */ + xOutSz = 1; + ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz), + WC_NO_ERR_TRACE(BUFFER_E)); + xOutSz = sizeof(xOut); + /* y output buffer size too small */ + yOutSz = 1; + ExpectIntEQ(wc_DsaExportKeyRaw(&key, xOut, &xOutSz, yOut, &yOutSz), + WC_NO_ERR_TRACE(BUFFER_E)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_FreeDsaKey(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_DsaExportParamsRaw */ + diff --git a/test/ssl/wolfssl/tests/api/test_dsa.h b/test/ssl/wolfssl/tests/api/test_dsa.h new file mode 100644 index 000000000..440d2e413 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_dsa.h @@ -0,0 +1,50 @@ +/* test_dsa.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_DSA_H +#define WOLFCRYPT_TEST_DSA_H + +#include + +int test_wc_InitDsaKey(void); +int test_wc_DsaSignVerify(void); +int test_wc_DsaPublicPrivateKeyDecode(void); +int test_wc_MakeDsaKey(void); +int test_wc_DsaKeyToDer(void); +int test_wc_DsaKeyToPublicDer(void); +int test_wc_DsaImportParamsRaw(void); +int test_wc_DsaImportParamsRawCheck(void); +int test_wc_DsaExportParamsRaw(void); +int test_wc_DsaExportKeyRaw(void); + +#define TEST_DSA_DECLS \ + TEST_DECL_GROUP("dsa", test_wc_InitDsaKey), \ + TEST_DECL_GROUP("dsa", test_wc_DsaSignVerify), \ + TEST_DECL_GROUP("dsa", test_wc_DsaPublicPrivateKeyDecode), \ + TEST_DECL_GROUP("dsa", test_wc_MakeDsaKey), \ + TEST_DECL_GROUP("dsa", test_wc_DsaKeyToDer), \ + TEST_DECL_GROUP("dsa", test_wc_DsaKeyToPublicDer), \ + TEST_DECL_GROUP("dsa", test_wc_DsaImportParamsRaw), \ + TEST_DECL_GROUP("dsa", test_wc_DsaImportParamsRawCheck), \ + TEST_DECL_GROUP("dsa", test_wc_DsaExportParamsRaw), \ + TEST_DECL_GROUP("dsa", test_wc_DsaExportKeyRaw) + +#endif /* WOLFCRYPT_TEST_DSA_H */ diff --git a/test/ssl/wolfssl/tests/api/test_dtls.c b/test/ssl/wolfssl/tests/api/test_dtls.c new file mode 100644 index 000000000..fe13b1a45 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_dtls.c @@ -0,0 +1,2259 @@ +/* test_dtls.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include + +#include +#include + +int test_dtls12_basic_connection_id(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS_CID) + unsigned char client_cid[] = { 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; + unsigned char server_cid[] = { 0, 1, 2, 3, 4, 5 }; + unsigned char readBuf[40]; + void * cid = NULL; + const char* params[] = { +#ifndef NO_RSA +#ifndef NO_SHA256 +#if defined(WOLFSSL_AES_128) && defined(WOLFSSL_STATIC_RSA) + "AES128-SHA256", +#ifdef HAVE_AESCCM + "AES128-CCM8", +#endif +#endif /* WOLFSSL_AES_128 && WOLFSSL_STATIC_RSA */ +#if defined(WOLFSSL_AES_128) + "DHE-RSA-AES128-SHA256", + "ECDHE-RSA-AES128-SHA256", +#ifdef HAVE_AESGCM + "DHE-RSA-AES128-GCM-SHA256", + "ECDHE-RSA-AES128-GCM-SHA256", +#endif +#endif /* WOLFSSL_AES_128 */ +#endif /* NO_SHA256 */ +#endif /* NO_RSA */ +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) && !defined(HAVE_FIPS) + "DHE-RSA-CHACHA20-POLY1305", + "DHE-RSA-CHACHA20-POLY1305-OLD", + "ECDHE-RSA-CHACHA20-POLY1305", + "ECDHE-RSA-CHACHA20-POLY1305-OLD", +#endif +#ifndef NO_PSK + "DHE-PSK-AES128-CBC-SHA256", + #ifdef WOLFSSL_AES_256 + "DHE-PSK-AES256-GCM-SHA384", + #endif +#ifdef HAVE_NULL_CIPHER + "DHE-PSK-NULL-SHA256", +#endif + "DHE-PSK-AES128-CCM", +#endif + }; + size_t i; + struct { + byte drop:1; + byte changeCID:1; + } run_params[] = { + { .drop = 0, .changeCID = 0 }, + { .drop = 1, .changeCID = 0 }, + { .drop = 0, .changeCID = 1 }, + }; + + /* We check if the side included the CID in their output */ +#define CLIENT_CID() mymemmem(test_ctx.s_buff, test_ctx.s_len, \ + client_cid, sizeof(client_cid)) +#define SERVER_CID() mymemmem(test_ctx.c_buff, test_ctx.c_len, \ + server_cid, sizeof(server_cid)) +#define RESET_CID(cid) if ((cid) != NULL) { \ + ((char*)(cid))[0] = -1; \ + } + + + printf("\n"); + for (i = 0; i < XELEM_CNT(params) && EXPECT_SUCCESS(); i++) { + size_t j; + for (j = 0; j < XELEM_CNT(run_params); j++) { + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + printf("Testing %s run #%ld ... ", params[i], (long int)j); + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, + &ssl_s, wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), + 0); + + ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, params[i]), 1); + ExpectIntEQ(wolfSSL_set_cipher_list(ssl_s, params[i]), 1); + + ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_c), 1); + ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, server_cid, + sizeof(server_cid)), 1); + ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_s), 1); + ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_s, client_cid, + sizeof(client_cid)), 1); + +#ifndef NO_PSK + if (XSTRSTR(params[i], "-PSK-") != NULL) { + wolfSSL_set_psk_client_callback(ssl_c, my_psk_client_cb); + wolfSSL_set_psk_server_callback(ssl_s, my_psk_server_cb); + } +#endif + +#ifdef HAVE_SECURE_RENEGOTIATION + ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_c), 1); + ExpectIntEQ(wolfSSL_UseSecureRenegotiation(ssl_s), 1); +#endif + + /* CH1 */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNull(CLIENT_CID()); + if (run_params[j].drop) { + test_memio_clear_buffer(&test_ctx, 0); + test_memio_clear_buffer(&test_ctx, 1); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1); + ExpectNull(CLIENT_CID()); + } + /* HVR */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNull(SERVER_CID()); + /* No point dropping HVR */ + /* CH2 */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNull(CLIENT_CID()); + if (run_params[j].drop) { + test_memio_clear_buffer(&test_ctx, 0); + test_memio_clear_buffer(&test_ctx, 1); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1); + ExpectNull(CLIENT_CID()); + } + /* Server first flight */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNull(SERVER_CID()); + if (run_params[j].drop) { + test_memio_clear_buffer(&test_ctx, 0); + test_memio_clear_buffer(&test_ctx, 1); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1); + ExpectNull(SERVER_CID()); + } + /* Client second flight */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(CLIENT_CID()); + if (run_params[j].drop) { + test_memio_clear_buffer(&test_ctx, 0); + test_memio_clear_buffer(&test_ctx, 1); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1); + ExpectNotNull(CLIENT_CID()); + } + /* Server second flight */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1); + ExpectNotNull(SERVER_CID()); + if (run_params[j].drop) { + test_memio_clear_buffer(&test_ctx, 0); + test_memio_clear_buffer(&test_ctx, 1); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1); + ExpectNotNull(SERVER_CID()); + } + /* Client complete connection */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1); + ExpectNull(CLIENT_CID()); + + /* Write some data */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write(ssl_c, params[i], + (int)XSTRLEN(params[i])), XSTRLEN(params[i])); + ExpectNotNull(CLIENT_CID()); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_write(ssl_s, params[i], + (int)XSTRLEN(params[i])), XSTRLEN(params[i])); + ExpectNotNull(SERVER_CID()); + /* Read the data */ + wolfSSL_SetLoggingPrefix("client"); + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), + XSTRLEN(params[i])); + ExpectStrEQ(readBuf, params[i]); + XMEMSET(readBuf, 0, sizeof(readBuf)); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), + XSTRLEN(params[i])); + ExpectStrEQ(readBuf, params[i]); + /* Write short data */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write(ssl_c, params[i], 1), 1); + ExpectNotNull(CLIENT_CID()); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_write(ssl_s, params[i], 1), 1); + ExpectNotNull(SERVER_CID()); + /* Read the short data */ + XMEMSET(readBuf, 0, sizeof(readBuf)); + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), 1); + ExpectIntEQ(readBuf[0], params[i][0]); + XMEMSET(readBuf, 0, sizeof(readBuf)); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), 1); + ExpectIntEQ(readBuf[0], params[i][0]); + /* Write some data but with wrong CID */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write(ssl_c, params[i], + (int)XSTRLEN(params[i])), XSTRLEN(params[i])); + /* Reset client cid. */ + ExpectNotNull(cid = CLIENT_CID()); + RESET_CID(cid); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_write(ssl_s, params[i], + (int)XSTRLEN(params[i])), XSTRLEN(params[i])); + /* Reset server cid. */ + ExpectNotNull(cid = SERVER_CID()); + RESET_CID(cid); + /* Try to read the data but it shouldn't be there */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + +#ifdef HAVE_SECURE_RENEGOTIATION + /* do two SCR's */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + /* SCR's after the first one have extra internal logic */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + if (run_params[j].changeCID) { + ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, client_cid, + sizeof(client_cid)), 0); + /* Forcefully change the CID */ + ssl_c->dtlsCidInfo->rx->id[0] = -1; + /* We need to init the rehandshake from the client, otherwise + * we won't be able to test changing the CID. It would be + * rejected by the record CID matching code. */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_Rehandshake(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), + WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(CLIENT_CID()); + ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 1); + /* Server first flight */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1); + /* We expect the server to reject the CID change. */ + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), DTLS_CID_ERROR); + goto loop_exit; + } + /* Server init'd SCR */ + /* Server request */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_Rehandshake(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(SERVER_CID()); + ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_s), 1); + if (run_params[j].drop) { + test_memio_clear_buffer(&test_ctx, 0); + test_memio_clear_buffer(&test_ctx, 1); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1); + ExpectNotNull(SERVER_CID()); + } + /* Init SCR on client side with the server's request */ + /* CH no HVR on SCR */ + XMEMSET(readBuf, 0, sizeof(readBuf)); + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(CLIENT_CID()); + ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 1); + if (run_params[j].drop) { + test_memio_clear_buffer(&test_ctx, 0); + test_memio_clear_buffer(&test_ctx, 1); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1); + ExpectNotNull(CLIENT_CID()); + } + /* Server first flight */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(SERVER_CID()); + if (run_params[j].drop) { + test_memio_clear_buffer(&test_ctx, 0); + test_memio_clear_buffer(&test_ctx, 1); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_s), 1); + ExpectNotNull(SERVER_CID()); + } + /* Client second flight */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(CLIENT_CID()); + if (run_params[j].drop) { + test_memio_clear_buffer(&test_ctx, 0); + test_memio_clear_buffer(&test_ctx, 1); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1); + ExpectNotNull(CLIENT_CID()); + } + ExpectIntEQ(wolfSSL_write(ssl_c, params[i], + (int)XSTRLEN(params[i])), XSTRLEN(params[i])); + /* Server second flight */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1); + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), + XSTRLEN(params[i])); + ExpectStrEQ(readBuf, params[i]); + if (!run_params[j].drop) { + ExpectIntEQ(wolfSSL_write(ssl_s, params[i], + (int)XSTRLEN(params[i])), XSTRLEN(params[i])); + } + /* Test loading old epoch */ + /* Client complete connection */ + wolfSSL_SetLoggingPrefix("client"); + if (!run_params[j].drop) { + ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1); + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), + XSTRLEN(params[i])); + ExpectStrEQ(readBuf, params[i]); + } + ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1); + ExpectNull(CLIENT_CID()); + ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_c), 0); + ExpectIntEQ(wolfSSL_SSL_renegotiate_pending(ssl_s), 0); +#endif + /* Close connection */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE); + ExpectNotNull(CLIENT_CID()); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE); + ExpectNotNull(SERVER_CID()); + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1); + +#ifdef HAVE_SECURE_RENEGOTIATION +loop_exit: +#endif + wolfSSL_SetLoggingPrefix(NULL); + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + + if (EXPECT_SUCCESS()) + printf("ok\n"); + else + printf("failed\n"); + } + + } + +#undef CLIENT_CID +#undef SERVER_CID +#undef RESET_CID +#endif + return EXPECT_RESULT(); +} + +int test_dtls13_basic_connection_id(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) \ + && defined(WOLFSSL_DTLS_CID) + unsigned char client_cid[] = { 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; + unsigned char server_cid[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; + unsigned char readBuf[50]; + void * cid = NULL; + const char* params[] = { +#ifndef NO_SHA256 +#ifdef WOLFSSL_AES_128 +#ifdef HAVE_AESGCM + "TLS13-AES128-GCM-SHA256", +#endif +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + "TLS13-CHACHA20-POLY1305-SHA256", +#endif +#ifdef HAVE_AESCCM + "TLS13-AES128-CCM-8-SHA256", + "TLS13-AES128-CCM-SHA256", +#endif +#endif +#ifdef HAVE_NULL_CIPHER + "TLS13-SHA256-SHA256", +#endif +#endif + }; + size_t i; + + /* We check if the side included the CID in their output */ +#define CLIENT_CID() mymemmem(test_ctx.s_buff, test_ctx.s_len, \ + client_cid, sizeof(client_cid)) +#define SERVER_CID() mymemmem(test_ctx.c_buff, test_ctx.c_len, \ + server_cid, sizeof(server_cid)) +#define RESET_CID(cid) if ((cid) != NULL) { \ + ((char*)(cid))[0] = -1; \ + } + + + printf("\n"); + for (i = 0; i < XELEM_CNT(params) && EXPECT_SUCCESS(); i++) { + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + printf("Testing %s ... ", params[i]); + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0); + + ExpectIntEQ(wolfSSL_set_cipher_list(ssl_c, params[i]), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set_cipher_list(ssl_s, params[i]), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_c), 1); + ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, server_cid, sizeof(server_cid)), + 1); + ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_s), 1); + ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_s, client_cid, sizeof(client_cid)), + 1); + + /* CH1 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNull(CLIENT_CID()); + /* HRR */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNull(SERVER_CID()); + /* CH2 */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNull(CLIENT_CID()); + /* Server first flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(SERVER_CID()); + /* Client second flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(CLIENT_CID()); + /* Server process flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_s), 1); + /* Client process flight */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), 1); + + /* Write some data */ + ExpectIntEQ(wolfSSL_write(ssl_c, params[i], (int)XSTRLEN(params[i])), + XSTRLEN(params[i])); + ExpectNotNull(CLIENT_CID()); + ExpectIntEQ(wolfSSL_write(ssl_s, params[i], (int)XSTRLEN(params[i])), + XSTRLEN(params[i])); + ExpectNotNull(SERVER_CID()); + /* Read the data */ + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), + XSTRLEN(params[i])); + ExpectStrEQ(readBuf, params[i]); + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), + XSTRLEN(params[i])); + ExpectStrEQ(readBuf, params[i]); + /* Write short data */ + ExpectIntEQ(wolfSSL_write(ssl_c, params[i], 1), 1); + ExpectNotNull(CLIENT_CID()); + ExpectIntEQ(wolfSSL_write(ssl_s, params[i], 1), 1); + ExpectNotNull(SERVER_CID()); + /* Read the short data */ + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), 1); + ExpectIntEQ(readBuf[0], params[i][0]); + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), 1); + ExpectIntEQ(readBuf[0], params[i][0]); + /* Write some data but with wrong CID */ + ExpectIntEQ(wolfSSL_write(ssl_c, params[i], (int)XSTRLEN(params[i])), + XSTRLEN(params[i])); + /* Reset client cid. */ + ExpectNotNull(cid = CLIENT_CID()); + RESET_CID(cid); + ExpectIntEQ(wolfSSL_write(ssl_s, params[i], (int)XSTRLEN(params[i])), + XSTRLEN(params[i])); + /* Reset server cid. */ + ExpectNotNull(cid = SERVER_CID()); + RESET_CID(cid); + /* Try to read the data but it shouldn't be there */ + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + + /* Close connection */ + ExpectIntEQ(wolfSSL_shutdown(ssl_c), WOLFSSL_SHUTDOWN_NOT_DONE); + ExpectNotNull(CLIENT_CID()); + ExpectIntEQ(wolfSSL_shutdown(ssl_s), WOLFSSL_SHUTDOWN_NOT_DONE); + ExpectNotNull(SERVER_CID()); + ExpectIntEQ(wolfSSL_shutdown(ssl_c), 1); + ExpectIntEQ(wolfSSL_shutdown(ssl_s), 1); + + if (EXPECT_SUCCESS()) + printf("ok\n"); + else + printf("failed\n"); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + } + +#undef CLIENT_CID +#undef SERVER_CID +#undef RESET_CID + +#endif + return EXPECT_RESULT(); +} + +/** Test DTLS 1.3 behavior when server hits WANT_WRITE during HRR + * The test sets up a DTLS 1.3 connection where the server is forced to + * return WANT_WRITE when sending the HelloRetryRequest. After the handshake, + * application data is exchanged in both directions to verify the connection + * works as expected. + */ +int test_dtls13_hrr_want_write(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + const char msg[] = "hello"; + const int msgLen = sizeof(msg); + struct test_memio_ctx test_ctx; + char readBuf[sizeof(msg)]; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), + 0); + + /* Client sends first ClientHello */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + /* Force server to hit WANT_WRITE when producing the HRR */ + test_memio_simulate_want_write(&test_ctx, 0, 1); + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_WRITE); + + /* Allow the server to flush the HRR and proceed */ + test_memio_simulate_want_write(&test_ctx, 0, 0); + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + + /* Resume the DTLS 1.3 handshake */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* Verify post-handshake application data in both directions */ + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_write(ssl_c, msg, msgLen), msgLen); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), msgLen); + ExpectStrEQ(readBuf, msg); + + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_write(ssl_s, msg, msgLen), msgLen); + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), msgLen); + ExpectStrEQ(readBuf, msg); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) +struct test_dtls13_wwrite_ctx { + int want_write; + struct test_memio_ctx *text_ctx; +}; +static int test_dtls13_want_write_send_cb(WOLFSSL *ssl, char *data, int sz, void *ctx) +{ + struct test_dtls13_wwrite_ctx *wwctx = (struct test_dtls13_wwrite_ctx *)ctx; + wwctx->want_write = !wwctx->want_write; + if (wwctx->want_write) { + return WOLFSSL_CBIO_ERR_WANT_WRITE; + } + return test_memio_write_cb(ssl, data, sz, wwctx->text_ctx); +} +#endif +/** Test DTLS 1.3 behavior when every other write returns WANT_WRITE + * The test sets up a DTLS 1.3 connection where both client and server + * alternate between WANT_WRITE and successful writes. After the handshake, + * application data is exchanged in both directions to verify the connection + * works as expected. + * + * Data exchanged after the handshake is also tested with simulated WANT_WRITE + * conditions to ensure the connection remains functional. + */ +int test_dtls13_every_write_want_write(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + const char msg[] = "want-write"; + const int msgLen = sizeof(msg); + char readBuf[sizeof(msg)]; + struct test_dtls13_wwrite_ctx wwctx_c; + struct test_dtls13_wwrite_ctx wwctx_s; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), + 0); + + wwctx_c.want_write = 0; + wwctx_c.text_ctx = &test_ctx; + wolfSSL_SetIOWriteCtx(ssl_c, &wwctx_c); + wolfSSL_SSLSetIOSend(ssl_c, test_dtls13_want_write_send_cb); + wwctx_s.want_write = 0; + wwctx_s.text_ctx = &test_ctx; + wolfSSL_SetIOWriteCtx(ssl_s, &wwctx_s); + wolfSSL_SSLSetIOSend(ssl_s, test_dtls13_want_write_send_cb); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 20, NULL), 0); + + ExpectTrue(wolfSSL_is_init_finished(ssl_c)); + ExpectTrue(wolfSSL_is_init_finished(ssl_s)); + + test_memio_simulate_want_write(&test_ctx, 0, 0); + test_memio_simulate_want_write(&test_ctx, 1, 0); + + wolfSSL_SetIOWriteCtx(ssl_c, &test_ctx); + wolfSSL_SSLSetIOSend(ssl_c, test_memio_write_cb); + wolfSSL_SetIOWriteCtx(ssl_s, &test_ctx); + wolfSSL_SSLSetIOSend(ssl_s, test_memio_write_cb); + + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_write(ssl_c, msg, msgLen), msgLen); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), msgLen); + ExpectStrEQ(readBuf, msg); + + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_write(ssl_s, msg, msgLen), msgLen); + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), msgLen); + ExpectStrEQ(readBuf, msg); + + test_memio_simulate_want_write(&test_ctx, 0, 1); + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_write(ssl_s, msg, msgLen), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_WRITE); + test_memio_simulate_want_write(&test_ctx, 0, 0); + ExpectIntEQ(wolfSSL_write(ssl_s, msg, msgLen), msgLen); + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), msgLen); + ExpectStrEQ(readBuf, msg); + + XMEMSET(readBuf, 0, sizeof(readBuf)); + test_memio_simulate_want_write(&test_ctx, 1, 1); + ExpectIntEQ(wolfSSL_write(ssl_c, msg, msgLen), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_WRITE); + test_memio_simulate_want_write(&test_ctx, 1, 0); + ExpectIntEQ(wolfSSL_write(ssl_c, msg, msgLen), msgLen); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), msgLen); + ExpectStrEQ(readBuf, msg); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_dtls_cid_parse(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + /* Taken from Wireshark. Right-click -> copy -> ... as escaped string */ + /* Plaintext ServerHelloDone. No CID. */ + byte noCid[] = + "\x16\xfe\xfd\x00\x00\x00\x00\x00\x00\x00\x04\x00\x0c\x0e\x00\x00" \ + "\x00\x00\x04\x00\x00\x00\x00\x00\x00"; + /* 1.2 app data containing CID */ + byte cid12[] = + "\x19\xfe\xfd\x00\x01\x00\x00\x00\x00\x00\x01\x77\xa3\x79\x34\xb3" \ + "\xf1\x1f\x34\x00\x1f\xdb\x8c\x28\x25\x9f\xe1\x02\x26\x77\x1c\x3a" \ + "\x50\x1b\x50\x99\xd0\xb5\x20\xd8\x2c\x2e\xaa\x36\x36\xe0\xb7\xb7" \ + "\xf7\x7d\xff\xb0"; +#ifdef WOLFSSL_DTLS13 + /* 1.3 app data containing CID */ + byte cid13[] = + "\x3f\x70\x64\x04\xc6\xfb\x97\x21\xd9\x28\x27\x00\x17\xc1\x01\x86" \ + "\xe7\x23\x2c\xad\x65\x83\xa8\xf4\xbf\xbf\x7b\x25\x16\x80\x19\xc3" \ + "\x81\xda\xf5\x3f"; +#endif + + ExpectPtrEq(wolfSSL_dtls_cid_parse(noCid, sizeof(noCid), 8), NULL); + ExpectPtrEq(wolfSSL_dtls_cid_parse(cid12, sizeof(cid12), 8), cid12 + 11); +#ifdef WOLFSSL_DTLS13 + ExpectPtrEq(wolfSSL_dtls_cid_parse(cid13, sizeof(cid13), 8), cid13 + 1); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_dtls_set_pending_peer(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_DTLS) && defined(WOLFSSL_DTLS_CID) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + unsigned char peer[10]; + unsigned int peerSz; + unsigned char readBuf[10]; + unsigned char client_cid[] = { 9, 8, 7, 6, 5, 4, 3, 2, 1, 0 }; + unsigned char server_cid[] = { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9 }; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Setup DTLS contexts */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLS_client_method, wolfDTLS_server_method), 0); + + ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_c), 1); + ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_c, server_cid, + sizeof(server_cid)), 1); + ExpectIntEQ(wolfSSL_dtls_cid_use(ssl_s), 1); + ExpectIntEQ(wolfSSL_dtls_cid_set(ssl_s, client_cid, + sizeof(client_cid)), 1); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + peerSz = sizeof(peer); + /* Fail since no peer set */ + ExpectIntEQ(wolfSSL_dtls_get_peer(ssl_s, peer, &peerSz), 0); + ExpectIntEQ(wolfSSL_dtls_set_pending_peer(ssl_s, (void*)"123", 4), 1); + ExpectIntEQ(wolfSSL_write(ssl_c, "test", 5), 5); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), 5); + ExpectStrEQ(readBuf, "test"); + peerSz = sizeof(peer); + ExpectIntEQ(wolfSSL_dtls_get_peer(ssl_s, peer, &peerSz), 1); + ExpectIntEQ(peerSz, 4); + ExpectStrEQ(peer, "123"); + + wolfSSL_free(ssl_s); + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_s); + wolfSSL_CTX_free(ctx_c); +#endif + return EXPECT_RESULT(); +} + +int test_dtls13_epochs(void) { + EXPECT_DECLS; +#if defined(WOLFSSL_DTLS13) && !defined(NO_WOLFSSL_CLIENT) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + byte input[20]; + word32 inOutIdx = 0; + + XMEMSET(input, 0, sizeof(input)); + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfDTLSv1_3_client_method())); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + /* Some manual setup to enter the epoch check */ + ExpectTrue(ssl->options.tls1_3 = 1); + + inOutIdx = 0; + if (ssl != NULL) ssl->keys.curEpoch64 = w64From32(0x0, 0x0); + ExpectIntEQ(DoApplicationData(ssl, input, &inOutIdx, 0), SANITY_MSG_E); + inOutIdx = 0; + if (ssl != NULL) ssl->keys.curEpoch64 = w64From32(0x0, 0x2); + ExpectIntEQ(DoApplicationData(ssl, input, &inOutIdx, 0), SANITY_MSG_E); + + if (ssl != NULL) ssl->keys.curEpoch64 = w64From32(0x0, 0x1); + ExpectIntEQ(Dtls13CheckEpoch(ssl, client_hello), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, server_hello), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, hello_verify_request), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, hello_retry_request), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, hello_request), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, encrypted_extensions), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, server_key_exchange), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, server_hello_done), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, client_key_exchange), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, certificate_request), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, certificate), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, certificate_verify), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, finished), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, certificate_status), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, change_cipher_hs), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, key_update), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, session_ticket), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, end_of_early_data), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, message_hash), SANITY_MSG_E); + ExpectIntEQ(Dtls13CheckEpoch(ssl, no_shake), SANITY_MSG_E); + + wolfSSL_CTX_free(ctx); + wolfSSL_free(ssl); +#endif + return EXPECT_RESULT(); +} + +int test_dtls13_ack_order(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS13) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + unsigned char readBuf[50]; + word32 length = 0; + /* struct { + * uint64 epoch; + * uint64 sequence_number; + * } RecordNumber; + * Big endian */ + static const unsigned char expected_output[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, + }; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Get a populated DTLS object */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), 0); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + ExpectIntEQ(wolfSSL_read(ssl_c, readBuf, sizeof(readBuf)), -1); + /* Clear the buffer of any extra messages */ + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_ctx.c_len, 0); + ExpectIntEQ(test_ctx.s_len, 0); + + /* Add seen records */ + ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 3), w64From32(0, 2)), 0); + ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 3), w64From32(0, 0)), 0); + ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 3), w64From32(0, 1)), 0); + ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 3), w64From32(0, 4)), 0); + ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 2), w64From32(0, 0)), 0); + ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 3), w64From32(0, 6)), 0); + ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 3), w64From32(0, 6)), 0); + ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 2), w64From32(0, 1)), 0); + ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 2), w64From32(0, 2)), 0); + ExpectIntEQ(Dtls13RtxAddAck(ssl_c, w64From32(0, 2), w64From32(0, 2)), 0); + ExpectIntEQ(Dtls13WriteAckMessage(ssl_c, ssl_c->dtls13Rtx.seenRecords, + &length), 0); + + /* must zero the span reserved for the header to avoid read of uninited + * data. + */ + XMEMSET(ssl_c->buffers.outputBuffer.buffer, 0, + 5 /* DTLS13_UNIFIED_HEADER_SIZE */); + /* N * RecordNumber + 2 extra bytes for length */ + ExpectIntEQ(length, sizeof(expected_output) + 2); + ExpectNotNull(mymemmem(ssl_c->buffers.outputBuffer.buffer, + ssl_c->buffers.outputBuffer.bufferSize, expected_output, + sizeof(expected_output))); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +int test_dtls_version_checking(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), + 0); + + /* CH */ + ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WOLFSSL_FATAL_ERROR), + WOLFSSL_ERROR_WANT_READ); + + /* modify CH DTLS header to have version 1.1 (0xfe, 0xfe) */ + ExpectIntGE(test_ctx.s_len, 3); + if (EXPECT_SUCCESS()) { + test_ctx.s_buff[1] = 0xfe; + test_ctx.s_buff[2] = 0xfe; + } + + ExpectIntEQ(wolfSSL_accept(ssl_s), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), + WOLFSSL_ERROR_WANT_READ); + /* server should drop the message */ + ExpectIntEQ(test_ctx.c_len, 0); + + wolfSSL_free(ssl_c); + ssl_c = wolfSSL_new(ctx_c); + ExpectNotNull(ssl_c); + wolfSSL_SetIOWriteCtx(ssl_c, &test_ctx); + wolfSSL_SetIOReadCtx(ssl_c, &test_ctx); + + /* try again */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif /* HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES && WOLFSSL_DTLS */ + return EXPECT_RESULT(); +} + +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) +static int test_dtls_shutdown(WOLFSSL *s, WOLFSSL *c, WOLFSSL_CTX *cc, WOLFSSL_CTX *cs) +{ + EXPECT_DECLS; + /* Cleanup */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_shutdown(c), WOLFSSL_SHUTDOWN_NOT_DONE); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_shutdown(s), WOLFSSL_SHUTDOWN_NOT_DONE); + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_shutdown(c), 1); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_shutdown(s), 1); + + wolfSSL_SetLoggingPrefix(NULL); + wolfSSL_free(c); + wolfSSL_CTX_free(cc); + wolfSSL_free(s); + wolfSSL_CTX_free(cs); + return EXPECT_RESULT(); +} + +static int test_dtls_communication(WOLFSSL *s, WOLFSSL *c) +{ + EXPECT_DECLS; + unsigned char readBuf[50]; + + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write(c, "client message", 14), 14); + + wolfSSL_SetLoggingPrefix("server"); + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_read(s, readBuf, sizeof(readBuf)), 14); + ExpectStrEQ(readBuf, "client message"); + + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_write(s, "server message", 14), 14); + + wolfSSL_SetLoggingPrefix("client"); + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_read(c, readBuf, sizeof(readBuf)), 14); + ExpectStrEQ(readBuf, "server message"); + + /* this extra round is consuming newSessionTicket and acks */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write(c, "client message 2", 16), 16); + + wolfSSL_SetLoggingPrefix("server"); + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_read(s, readBuf, sizeof(readBuf)), 16); + ExpectStrEQ(readBuf, "client message 2"); + + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_write(s, "server message 2", 16), 16); + + wolfSSL_SetLoggingPrefix("client"); + XMEMSET(readBuf, 0, sizeof(readBuf)); + ExpectIntEQ(wolfSSL_read(c, readBuf, sizeof(readBuf)), 16); + ExpectStrEQ(readBuf, "server message 2"); + + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS) +int test_dtls13_longer_length(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + unsigned char readBuf[50]; + int seq16bit = 0; + int ret; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Setup DTLS contexts */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), + 0); + + /* Complete handshake */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* Create good record with length mismatch */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write(ssl_c, "client message", 14), 14); + + /* check client wrote the record */ + ExpectIntGT(test_ctx.s_len, 14); + /* check length is included in the record header */ + ExpectIntGT(test_ctx.s_buff[0x0] & (1 << 2), 0); + seq16bit = (test_ctx.s_buff[0x0] & (1 << 3)) != 0; + /* big endian, modify LSB byte */ + seq16bit *= 2; + /* modify length to be bigger */ + test_ctx.s_buff[0x2 + seq16bit] = 0xff; + + /* Try to read the malformed record */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_ctx.s_len, 0); + + ExpectIntEQ(test_dtls_communication(ssl_s, ssl_c), TEST_SUCCESS); + ret = test_dtls_shutdown(ssl_s, ssl_c, ctx_c, ctx_s); + ExpectIntEQ(ret, TEST_SUCCESS); + + return EXPECT_RESULT(); +} +#else +int test_dtls13_longer_length(void) +{ + return TEST_SKIPPED; +} +#endif /* WOLFSSL_DTLS13 && !defined(WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS) */ + +#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS) +int test_dtls13_short_read(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + unsigned char readBuf[50]; + int i; + int ret; + + /* we setup two test, in the first one the server reads just two bytes of + * the header, in the second one it reads just the header (5) */ + for (i = 0; i < 2; i++) { + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Setup DTLS contexts */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), + 0); + + /* Complete handshake */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* create a good record in the buffer */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write(ssl_c, "client message", 14), 14); + + /* check client wrote the record */ + ExpectIntGT(test_ctx.s_len, 14); + /* return less data */ + ExpectIntEQ( + test_memio_modify_message_len(&test_ctx, 0, 0, i == 0 ? 2 : 5), 0); + /* Try to read the malformed record */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_ctx.s_len, 0); + + ExpectIntEQ(test_dtls_communication(ssl_s, ssl_c), TEST_SUCCESS); + ret = test_dtls_shutdown(ssl_s, ssl_c, ctx_c, ctx_s); + ExpectIntEQ(ret, TEST_SUCCESS); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; + } + + return EXPECT_RESULT(); +} +#else +int test_dtls13_short_read(void) +{ + return TEST_SKIPPED; +} +#endif /* WOLFSSL_DTLS13 && !defined(WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS) */ + +#if !defined(WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS) +int test_dtls12_short_read(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + unsigned char readBuf[50]; + int i; + int ret; + + for (i = 0; i < 3; i++) { + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Setup DTLS contexts */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), + 0); + /* Complete handshake */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* create a good record in the buffer */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write(ssl_c, "bad", 3), 3); + + /* check client wrote the record */ + ExpectIntGT(test_ctx.s_len, 13 + 3); + /* return less data */ + switch (i) { + case 0: + ExpectIntEQ(test_memio_modify_message_len(&test_ctx, 0, 0, 2), 0); + break; + case 1: + ExpectIntEQ(test_memio_modify_message_len(&test_ctx, 0, 0, 13), 0); + break; + case 2: + ExpectIntEQ(test_memio_modify_message_len(&test_ctx, 0, 0, 15), 0); + break; + } + + /* Try to read the malformed record */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_ctx.s_len, 0); + + ExpectIntEQ(test_dtls_communication(ssl_s, ssl_c), TEST_SUCCESS); + ret = test_dtls_shutdown(ssl_s, ssl_c, ctx_c, ctx_s); + ExpectIntEQ(ret, TEST_SUCCESS); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; + } + + return EXPECT_RESULT(); +} +#else +int test_dtls12_short_read(void) +{ + return TEST_SKIPPED; +} +#endif /* !defined(WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS) */ + +#if !defined(WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS) +int test_dtls12_record_length_mismatch(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + unsigned char readBuf[50]; + int ret; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Setup DTLS contexts */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), + 0); + + /* Complete handshake */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* write a message from client */ + ExpectIntEQ(wolfSSL_write(ssl_c, "bad", 3), 3); + + /* check that the message is written in the buffer */ + ExpectIntGT(test_ctx.s_len, 14); + /* modify the length field to be bigger than the content */ + test_ctx.s_buff[12] = 0xff; + + /* Try to read the malformed record */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_ctx.s_len, 0); + + ExpectIntEQ(test_dtls_communication(ssl_s, ssl_c), TEST_SUCCESS); + ret = test_dtls_shutdown(ssl_s, ssl_c, ctx_c, ctx_s); + ExpectIntEQ(ret, TEST_SUCCESS); + + return EXPECT_RESULT(); +} + +int test_dtls_record_cross_boundaries(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + unsigned char readBuf[256]; + int rec0_len, rec1_len; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Setup DTLS contexts */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), + 0); + + /* Complete handshake */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* create a first record in the buffer */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write(ssl_c, "test0", 5), 5); + rec0_len = test_ctx.s_msg_sizes[0]; + + /* create a second record in the buffer */ + ExpectIntEQ(wolfSSL_write(ssl_c, "test1", 5), 5); + rec1_len = test_ctx.s_msg_sizes[1]; + + ExpectIntLE(rec0_len + rec1_len, sizeof(readBuf)); + if (EXPECT_SUCCESS()) + XMEMCPY(readBuf, test_ctx.s_buff, rec0_len + rec1_len); + + /* clear buffer */ + test_memio_clear_buffer(&test_ctx, 0); + + /* inject first record + 1 bytes of second record */ + ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, (const char*)readBuf, + rec0_len + 1), + 0); + + /* inject second record */ + ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, + (const char*)readBuf + rec0_len + 1, rec1_len - 1), + 0); + ExpectIntEQ(test_ctx.s_len, rec0_len + rec1_len); + + /* reading the record should return just the first message*/ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), 5); + ExpectBufEQ(readBuf, "test0", 5); + + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), + WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + + /* cleanup */ + wolfSSL_free(ssl_s); + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_s); + wolfSSL_CTX_free(ctx_c); + + return EXPECT_RESULT(); +} +#else +int test_dtls12_record_length_mismatch(void) +{ + return TEST_SKIPPED; +} +int test_dtls_record_cross_boundaries(void) +{ + return TEST_SKIPPED; +} +#endif /* !defined(WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS) */ + +int test_dtls_short_ciphertext(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + unsigned char readBuf[50]; + int ret; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Setup DTLS contexts */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), + 0); + + /* Complete handshake */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* Create a message, that looks encrypted but shorter than minimum ciphertext length */ + /* create the data in the buffer */ + ExpectIntEQ(wolfSSL_write(ssl_c, "bad", 3), 3); + + /* check client wrote the record */ + ExpectIntGT(test_ctx.s_len, 14); + + /* modify the length field to be smaller than the content */ + test_ctx.s_buff[11] = 0x00; + test_ctx.s_buff[12] = 0x02; + /* modify the amount of data to send */ + ExpectIntEQ(test_memio_modify_message_len(&test_ctx, 0, 0, 15), 0); + + /* Try to read the malformed record */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_ctx.s_len, 0); + + ExpectIntEQ(test_dtls_communication(ssl_s, ssl_c), TEST_SUCCESS); + + ret = test_dtls_shutdown(ssl_s, ssl_c, ctx_c, ctx_s); + ExpectIntEQ(ret, TEST_SUCCESS); + + return EXPECT_RESULT(); +} +#else +int test_dtls_short_ciphertext(void) +{ + return TEST_SKIPPED; +} +int test_dtls12_record_length_mismatch(void) +{ + return TEST_SKIPPED; +} +int test_dtls12_short_read(void) +{ + return TEST_SKIPPED; +} +int test_dtls13_short_read(void) +{ + return TEST_SKIPPED; +} +int test_dtls13_longer_length(void) +{ + return TEST_SKIPPED; +} +int test_dtls_record_cross_boundaries(void) +{ + return TEST_SKIPPED; +} +#endif /* defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) */ + +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_NO_TLS12) && !defined(NO_SHA256) +/* This test that the DTLS record boundary check doesn't interfere with TLS + * records processing */ +int test_records_span_network_boundaries(void) +{ + EXPECT_DECLS; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + unsigned char readBuf[256]; + int record_len; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Setup DTLS contexts */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), + 0); + + /* Complete handshake */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* create a good record in the buffer */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write(ssl_c, "test", 4), 4); + ExpectIntLE(test_ctx.s_len, sizeof(readBuf)); + ExpectIntGT(test_ctx.s_len, 10); + record_len = test_ctx.s_len; + if (EXPECT_SUCCESS()) + XMEMCPY(readBuf, test_ctx.s_buff, record_len); + + /* drop record and simulate a split write */ + ExpectIntEQ(test_memio_drop_message(&test_ctx, 0, 0), 0); + ExpectIntEQ(test_ctx.s_msg_count, 0); + + /* inject first record header */ + ExpectIntEQ( + test_memio_inject_message(&test_ctx, 0, (const char*)readBuf, 5), 0); + ExpectIntEQ(test_ctx.s_msg_count, 1); + ExpectIntEQ(test_ctx.s_msg_sizes[0], 5); + + /* inject another 5 bytes of the record */ + ExpectIntEQ( + test_memio_inject_message(&test_ctx, 0, (const char*)readBuf + 5, 5), + 0); + ExpectIntEQ(test_ctx.s_msg_count, 2); + ExpectIntEQ(test_ctx.s_msg_sizes[1], 5); + + /* inject the rest of the record */ + ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, + (const char*)readBuf + 10, record_len - 10), + 0); + ExpectIntEQ(test_ctx.s_msg_count, 3); + ExpectIntEQ(test_ctx.s_msg_sizes[2], record_len - 10); + + /* read the record */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read(ssl_s, readBuf, sizeof(readBuf)), 4); + ExpectIntEQ(test_ctx.s_len, 0); + + ExpectBufEQ(readBuf, "test", 4); + + wolfSSL_free(ssl_s); + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_s); + wolfSSL_CTX_free(ctx_c); + + return EXPECT_RESULT(); +} +#else +int test_records_span_network_boundaries(void) +{ + return TEST_SKIPPED; +} +#endif /* defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_NO_TLS12) */ + +int test_dtls_rtx_across_epoch_change(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_DTLS13) && defined(WOLFSSL_DTLS) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Setup DTLS contexts */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), + 0); + + /* CH0 */ + wolfSSL_SetLoggingPrefix("client:"); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), SSL_ERROR_WANT_READ); + + /* HRR */ + wolfSSL_SetLoggingPrefix("server:"); + ExpectIntEQ(wolfSSL_accept(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), SSL_ERROR_WANT_READ); + + /* CH1 */ + wolfSSL_SetLoggingPrefix("client:"); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), SSL_ERROR_WANT_READ); + + /* SH ... FINISHED */ + wolfSSL_SetLoggingPrefix("server:"); + ExpectIntEQ(wolfSSL_accept(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), SSL_ERROR_WANT_READ); + + /* we should have now SH ... FINISHED messages in the buffer*/ + ExpectIntGE(test_ctx.c_msg_count, 2); + + /* drop everything but the SH */ + while (test_ctx.c_msg_count > 1 && EXPECT_SUCCESS()) { + ExpectIntEQ(test_memio_drop_message(&test_ctx, 1, test_ctx.c_msg_count - 1), 0); + } + + /* Read the SH */ + wolfSSL_SetLoggingPrefix("client:"); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), SSL_ERROR_WANT_READ); + + /* trigger client timeout */ + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS); + /* this should have triggered a rtx */ + ExpectIntGT(test_ctx.s_msg_count, 0); + + /* finish the handshake */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* Test communication works correctly */ + ExpectIntEQ(test_dtls_communication(ssl_s, ssl_c), TEST_SUCCESS); + + /* Cleanup */ + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif /* defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_DTLS13) */ + return EXPECT_RESULT(); +} + +int test_dtls_drop_client_ack(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_DTLS13) && defined(WOLFSSL_DTLS) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + char data[32]; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Setup DTLS contexts */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method), + 0); + + /* disable new session ticket to simplify testing */ + ExpectIntEQ(wolfSSL_no_ticket_TLSv13(ssl_s), 0); + + /* CH0 */ + wolfSSL_SetLoggingPrefix("client:"); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + /* HRR */ + wolfSSL_SetLoggingPrefix("server:"); + ExpectIntEQ(wolfSSL_accept(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + + /* CH1 */ + wolfSSL_SetLoggingPrefix("client:"); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + /* SH ... FINISHED */ + wolfSSL_SetLoggingPrefix("server:"); + ExpectIntEQ(wolfSSL_accept(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + + /* ... FINISHED */ + wolfSSL_SetLoggingPrefix("client:"); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + /* init is finished should return false at this point */ + ExpectFalse(wolfSSL_is_init_finished(ssl_c)); + + /* ACK */ + ExpectIntEQ(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS); + /* Drop the ack */ + test_memio_clear_buffer(&test_ctx, 1); + + /* trigger client timeout, finished should be rtx */ + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS); + /* this should have triggered a rtx */ + ExpectIntGT(test_ctx.s_msg_count, 0); + + /* this should re-send the ack immediately */ + ExpectIntEQ(wolfSSL_read(ssl_s, data, 32), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_ctx.c_msg_count, 1); + + /* This should advance the connection on the client */ + ExpectIntEQ(wolfSSL_negotiate(ssl_c), WOLFSSL_SUCCESS); + + /* Test communication works correctly */ + ExpectIntEQ(test_dtls_communication(ssl_s, ssl_c), TEST_SUCCESS); + + /* Cleanup */ + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif /* defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_DTLS13) */ + return EXPECT_RESULT(); +} + +int test_dtls_bogus_finished_epoch_zero(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \ + !defined(WOLFSSL_NO_TLS12) && defined(HAVE_AES_CBC) && \ + defined(WOLFSSL_AES_128) && !defined(NO_SHA256) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + int error; + + /* bogus Finished message bytes from the original bug report (epoch 0) + * https://github.com/wolfSSL/wolfssl/issues/9188 */ + static const unsigned char bogus_finished[] = { + 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x18, 0x14, 0x00, 0x00, 0x0c, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0c, 0xd9, 0xc6, 0xe3, 0x01, 0x59, 0xf2, 0xc2, 0x4f, 0xfa, 0xfd, 0x20, + 0xd7 + }; + + /* serverHelloDone message bytes */ + static const unsigned char server_hello_done_message[] = { + 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, + 0x0c, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00 + }; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* setting up dtls 1.2 contexts */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method), 0); + + /* start handshake, send first ClientHelloDone */ + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + /* clearing server buffer to inject the wrong Finished packet */ + test_memio_clear_buffer(&test_ctx, 1); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 1, + (const char*)bogus_finished, sizeof(bogus_finished)), 0); + + /* continue client handshake to process it */ + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + + /* client should terminate with dtls sequence error */ + error = wolfSSL_get_error(ssl_c, -1); + + /* check if the error is SEQUENCE_ERROR, handshake should not + * expect a finished packet in that moment, in particular should not + * be in epoch = 0 (should be epoch = 1) */ + ExpectTrue(error == WC_NO_ERR_TRACE(SEQUENCE_ERROR) || + error == WC_NO_ERR_TRACE(WOLFSSL_ERROR_WANT_READ)); + + /* forcing injection ServerHelloDone to test if client would replay + * ClientHello */ + test_memio_clear_buffer(&test_ctx, 0); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 1, + (const char*)server_hello_done_message, sizeof(server_hello_done_message)), 0); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + + /* verifying no ClientHello replay occurred, + * buffer should empty since we exit early on + * because of the bogus finished packet */ + ExpectIntLE(test_ctx.s_len, 0); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +int test_dtls_replay(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) + size_t i; + struct { + method_provider client_meth; + method_provider server_meth; + const char* tls_version; + } params[] = { +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DTLS13) + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLSv1_3" }, +#endif +#if !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_DTLS) + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2" }, +#endif +#if !defined(NO_OLD_TLS) && defined(WOLFSSL_DTLS) + { wolfDTLSv1_client_method, wolfDTLSv1_server_method, "DTLSv1_0" }, +#endif + }; + for (i = 0; i < XELEM_CNT(params) && !EXPECT_FAIL(); i++) { + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + char msg_buf[256]; + int msg_len = sizeof(msg_buf); + byte app_data[8]; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + /* Setup DTLS contexts */ + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + params[i].client_meth, params[i].server_meth), 0); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + ExpectIntEQ(wolfSSL_write(ssl_c, "test", 4), 4); + ExpectIntEQ(test_memio_copy_message(&test_ctx, 0, msg_buf, &msg_len, 0), 0); + ExpectIntEQ(wolfSSL_read(ssl_s, app_data, sizeof(app_data)), 4); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, msg_buf, msg_len), 0); + ExpectIntEQ(wolfSSL_read(ssl_s, app_data, sizeof(app_data)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + } +#endif + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_DTLS13) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_SRTP) +static int test_dtls_srtp_ctx_ready(WOLFSSL_CTX* ctx) +{ + EXPECT_DECLS; + ExpectIntEQ(wolfSSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_256_GCM:" + "SRTP_AEAD_AES_128_GCM:SRTP_AES128_CM_SHA1_80:SRTP_AES128_CM_SHA1_32"), + 0); + return EXPECT_RESULT(); +} + +int test_dtls_srtp(void) +{ + EXPECT_DECLS; + test_ssl_cbf client_cbf; + test_ssl_cbf server_cbf; + + XMEMSET(&client_cbf, 0, sizeof(client_cbf)); + XMEMSET(&server_cbf, 0, sizeof(server_cbf)); + + client_cbf.method = wolfDTLSv1_3_client_method; + client_cbf.ctx_ready = test_dtls_srtp_ctx_ready; + server_cbf.method = wolfDTLSv1_3_server_method; + server_cbf.ctx_ready = test_dtls_srtp_ctx_ready; + + ExpectIntEQ(test_wolfSSL_client_server_nofail_memio(&client_cbf, + &server_cbf, NULL), TEST_SUCCESS); + + return EXPECT_RESULT(); +} +#else +int test_dtls_srtp(void) +{ + EXPECT_DECLS; + return EXPECT_RESULT(); +} +#endif + +int test_dtls_timeout(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) + size_t i; + struct { + method_provider client_meth; + method_provider server_meth; + } params[] = { +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DTLS13) + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method }, +#endif +#if !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_DTLS) + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method }, +#endif +#if !defined(NO_OLD_TLS) && defined(WOLFSSL_DTLS) + { wolfDTLSv1_client_method, wolfDTLSv1_server_method }, +#endif + }; + + for (i = 0; i < XELEM_CNT(params) && !EXPECT_FAIL(); i++) { + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + params[i].client_meth, params[i].server_meth), 0); + ExpectIntEQ(wolfSSL_dtls_set_timeout_max(ssl_c, 2), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DTLS13) + /* will return 0 when not 1.3 */ + if (wolfSSL_dtls13_use_quick_timeout(ssl_c)) + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls_get_current_timeout(ssl_c), 2); + ExpectIntEQ(wolfSSL_negotiate(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_negotiate(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_dtls_get_current_timeout(ssl_c), 1); +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DTLS13) + /* will return 0 when not 1.3 */ + if (wolfSSL_dtls13_use_quick_timeout(ssl_c)) + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_dtls_get_current_timeout(ssl_c), 2); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_s); + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_s); + wolfSSL_CTX_free(ctx_c); + } +#endif + return EXPECT_RESULT(); +} + +int test_dtls_certreq_order(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) && \ + !defined(WOLFSSL_NO_TLS12) && defined(HAVE_AESGCM) && \ + defined(WOLFSSL_AES_128) && !defined(NO_SHA256) && !defined(NO_RSA) && \ + !defined(NO_DH) + /* This test checks that a certificate request message + * received before server certificate message is properly detected. + * The binary is taken from https://github.com/wolfSSL/wolfssl/issues/9198 + */ + static const unsigned char certreq_before_cert_bin[] = { + 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x39, 0x02, 0x00, 0x00, 0x2d, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x2d, 0xfe, 0xfd, 0x48, 0xc0, 0xd5, 0xf2, 0x60, 0xb4, 0x20, 0xbb, 0x38, + 0x51, 0xd9, 0xd4, 0x7a, 0xcb, 0x93, 0x3d, 0xbe, 0x70, 0x39, 0x9b, 0xf6, + 0xc9, 0x2d, 0xa3, 0x3a, 0xf0, 0x1d, 0x4f, 0xb7, 0x70, 0xe9, 0x8c, 0x00, + 0x00, 0x9e, 0x00, 0x00, 0x05, 0x00, 0x0f, 0x00, 0x01, 0x01, 0x16, 0xfe, + 0xfd, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x3a, 0x0d, + 0x00, 0x00, 0x2e, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x2e, 0x01, + 0x01, 0x00, 0x28, 0x02, 0x02, 0x03, 0x02, 0x04, 0x02, 0x05, 0x02, 0x06, + 0x02, 0x01, 0x01, 0x02, 0x01, 0x03, 0x01, 0x04, 0x01, 0x05, 0x01, 0x06, + 0x01, 0x02, 0x03, 0x03, 0x03, 0x04, 0x03, 0x05, 0x03, 0x06, 0x03, 0x08, + 0x04, 0x08, 0x05, 0x08, 0x06, 0x07, 0x08, 0x00, 0x00, 0x16, 0xfe, 0xfd, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0x03, 0x2b, 0x0b, 0x00, + 0x03, 0x1f, 0x00, 0x02, 0x00, 0x00, 0x00, 0x00, 0x03, 0x1f, 0x00, 0x03, + 0x1c, 0x00, 0x03, 0x19, 0x30, 0x82, 0x03, 0x15, 0x30, 0x82, 0x01, 0xfd, + 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x14, 0x40, 0xe7, 0x6e, 0x85, 0x66, + 0x7c, 0x3f, 0x04, 0x87, 0x4c, 0x3f, 0x94, 0x21, 0x6d, 0x21, 0x65, 0xa5, + 0x28, 0xa7, 0x38, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x64, 0x74, 0x6c, 0x73, 0x2d, + 0x66, 0x75, 0x7a, 0x7a, 0x65, 0x72, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, + 0x17, 0x0d, 0x32, 0x34, 0x30, 0x36, 0x30, 0x36, 0x31, 0x32, 0x31, 0x33, + 0x30, 0x33, 0x5a, 0x17, 0x0d, 0x33, 0x38, 0x30, 0x32, 0x31, 0x33, 0x31, + 0x32, 0x31, 0x33, 0x30, 0x33, 0x5a, 0x30, 0x1a, 0x31, 0x18, 0x30, 0x16, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x64, 0x74, 0x6c, 0x73, 0x2d, + 0x66, 0x75, 0x7a, 0x7a, 0x65, 0x72, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbb, 0x2a, 0x06, 0xfa, 0xaf, + 0x9c, 0xb7, 0xeb, 0x33, 0xce, 0xde, 0xf6, 0xb6, 0x0a, 0x93, 0xb3, 0x97, + 0x7a, 0x36, 0x55, 0x89, 0xc2, 0xf5, 0x45, 0x84, 0x6d, 0x45, 0x25, 0x5c, + 0x4f, 0xa8, 0x8a, 0x41, 0x29, 0x5b, 0x71, 0x98, 0x6c, 0x63, 0xe7, 0xcf, + 0x7f, 0xb4, 0x9d, 0x06, 0x76, 0x60, 0x8c, 0x6a, 0x26, 0x47, 0x65, 0x5d, + 0x74, 0x7a, 0xb5, 0x40, 0x33, 0x61, 0xe0, 0x28, 0xed, 0xa6, 0x66, 0x6a, + 0x4b, 0x97, 0xaf, 0xae, 0x6c, 0xa1, 0xf2, 0xfc, 0xd0, 0xf1, 0x61, 0x98, + 0x05, 0x2a, 0x02, 0x42, 0x13, 0x06, 0x7c, 0x4a, 0x7e, 0x53, 0x01, 0x87, + 0x27, 0x6c, 0x41, 0xe8, 0xed, 0x6e, 0xb2, 0x45, 0x90, 0xe8, 0x93, 0xc0, + 0x20, 0xff, 0x64, 0xdf, 0x48, 0x57, 0xb9, 0x62, 0x8c, 0x14, 0x88, 0xc9, + 0x4a, 0x56, 0x3f, 0x5d, 0x9f, 0xeb, 0x1d, 0x79, 0x75, 0xfd, 0x24, 0xad, + 0xb6, 0x65, 0x1d, 0x53, 0x81, 0x5c, 0x67, 0xbe, 0x3a, 0x9d, 0xcd, 0xe1, + 0x47, 0xab, 0x8d, 0xd4, 0xa5, 0xbd, 0xa6, 0xd7, 0x60, 0xf9, 0x5c, 0x32, + 0x51, 0x65, 0x7e, 0x8b, 0xd6, 0xa1, 0x5b, 0xa2, 0xf5, 0x60, 0xaf, 0x29, + 0xff, 0x9f, 0x3a, 0xa4, 0xd0, 0x5d, 0x6e, 0x96, 0x09, 0xe8, 0xcf, 0xc3, + 0xe1, 0xe8, 0x5a, 0x82, 0xce, 0x9a, 0x3c, 0xc6, 0xbb, 0xe5, 0x4c, 0xa8, + 0xa4, 0xb0, 0xfd, 0x86, 0x06, 0x8b, 0x3f, 0x7e, 0x38, 0xe4, 0x06, 0xdf, + 0xf7, 0x9c, 0xc6, 0x8b, 0x1d, 0xb5, 0xad, 0x7a, 0x91, 0x5f, 0x64, 0xa5, + 0x69, 0xc8, 0x7b, 0x77, 0x32, 0x71, 0x8f, 0x73, 0x82, 0xd2, 0x21, 0xe8, + 0xa8, 0x81, 0xfe, 0x76, 0x7f, 0x20, 0xd1, 0xb6, 0x42, 0x9e, 0xaf, 0x60, + 0x85, 0x47, 0xf5, 0xfe, 0x9f, 0x85, 0xbf, 0xb0, 0x11, 0xb7, 0xf7, 0x83, + 0x0d, 0x80, 0x63, 0xa0, 0xf7, 0x0c, 0x2c, 0x83, 0x12, 0xa9, 0x0f, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x53, 0x30, 0x51, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x2a, 0xb5, 0x00, 0x45, 0x06, + 0x08, 0xef, 0xe5, 0xfa, 0x78, 0x19, 0x47, 0x5b, 0x04, 0x40, 0x18, 0xf3, + 0xeb, 0xab, 0x99, 0x30, 0x1f, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x18, + 0x30, 0x16, 0x80, 0x14, 0x2a, 0xb5, 0x00, 0x45, 0x06, 0x08, 0xef, 0xe5, + 0xfa, 0x78, 0x19, 0x47, 0x5b, 0x04, 0x40, 0x18, 0xf3, 0xeb, 0xab, 0x99, + 0x30, 0x0f, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x01, 0x01, 0xff, 0x04, 0x05, + 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, + 0x00, 0xa7, 0x58, 0x65, 0xfc, 0x60, 0x3e, 0xb7, 0x34, 0x82, 0xde, 0x04, + 0x06, 0x3d, 0x69, 0x62, 0x8a, 0x4c, 0xcc, 0xd6, 0x54, 0x72, 0x81, 0xcb, + 0x31, 0xdf, 0x63, 0xaf, 0x84, 0x27, 0x62, 0xbf, 0xe8, 0x6b, 0xf9, 0x81, + 0xd4, 0x5a, 0x98, 0x88, 0xae, 0x05, 0x5b, 0x2c, 0xa3, 0xf8, 0xb0, 0xde, + 0x9b, 0x44, 0xc7, 0x1d, 0x19, 0x52, 0x02, 0x02, 0xd9, 0x0e, 0x66, 0x7b, + 0x25, 0xdf, 0x95, 0x03, 0x5e, 0x4b, 0x15, 0xef, 0xda, 0x86, 0x2e, 0x8b, + 0xc4, 0xe7, 0x2d, 0x3f, 0x5f, 0xea, 0x1f, 0x13, 0x81, 0x2e, 0x6e, 0xf8, + 0x7f, 0x0b, 0x3b, 0x95, 0x4f, 0xb6, 0xb3, 0x91, 0xcf, 0x89, 0x52, 0xdb, + 0xb7, 0xb1, 0x5d, 0x79, 0xdf, 0x3a, 0xf3, 0xe2, 0x46, 0xc4, 0x04, 0xf3, + 0xf4, 0xf1, 0xc3, 0xf3, 0xa4, 0x98, 0x47, 0xae, 0x46, 0x99, 0x43, 0x4b, + 0x20, 0xba, 0x33, 0xaa, 0x7e, 0x2e, 0x80, 0x88, 0x25, 0x84, 0x73, 0x6d, + 0x44, 0x5f, 0x48, 0x57, 0x0a, 0xc4, 0x4a, 0x4d, 0xc4, 0xd1, 0x47, 0x5f, + 0x4f, 0xd5, 0xdb, 0x3e, 0x90, 0xbd, 0xe1, 0x6a, 0xcb, 0xe4, 0xf3, 0xe6, + 0x64, 0x26, 0xbd, 0xb6, 0x0b, 0x95, 0x6f, 0x4e, 0x1b, 0x09, 0x25, 0x68, + 0x93, 0xb6, 0xd0, 0xc2, 0xfc, 0xce, 0x8f, 0x64, 0xf5, 0x75, 0x50, 0x58, + 0xe5, 0x3e, 0x00, 0x01, 0xfd, 0x62, 0x37, 0xe1, 0x37, 0x1e, 0x9f, 0x97, + 0x88, 0xb1, 0xa9, 0x6f, 0xad, 0x93, 0x41, 0x01, 0xfb, 0x38, 0x24, 0xc8, + 0x08, 0xa0, 0x68, 0x4b, 0x34, 0x8b, 0x76, 0xea, 0x01, 0x62, 0x9d, 0xfa, + 0xdc, 0x91, 0x50, 0x47, 0x98, 0xec, 0x0c, 0x44, 0x58, 0xb6, 0x16, 0xa0, + 0x05, 0xf2, 0x94, 0x34, 0x6d, 0xcb, 0xbc, 0xe4, 0x58, 0xd6, 0x97, 0x9d, + 0x57, 0xa5, 0x5a, 0x65, 0xfa, 0xab, 0x94, 0x24, 0xbf, 0x06, 0x64, 0xc0, + 0xe5, 0x89, 0xe4, 0x2e, 0x46, 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x03, 0x03, 0x17, 0x0c, 0x00, 0x03, 0x0b, 0x00, 0x03, + 0x00, 0x00, 0x00, 0x00, 0x03, 0x0b, 0x01, 0x00, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xad, 0xf8, 0x54, 0x58, 0xa2, 0xbb, 0x4a, 0x9a, + 0xaf, 0xdc, 0x56, 0x20, 0x27, 0x3d, 0x3c, 0xf1, 0xd8, 0xb9, 0xc5, 0x83, + 0xce, 0x2d, 0x36, 0x95, 0xa9, 0xe1, 0x36, 0x41, 0x14, 0x64, 0x33, 0xfb, + 0xcc, 0x93, 0x9d, 0xce, 0x24, 0x9b, 0x3e, 0xf9, 0x7d, 0x2f, 0xe3, 0x63, + 0x63, 0x0c, 0x75, 0xd8, 0xf6, 0x81, 0xb2, 0x02, 0xae, 0xc4, 0x61, 0x7a, + 0xd3, 0xdf, 0x1e, 0xd5, 0xd5, 0xfd, 0x65, 0x61, 0x24, 0x33, 0xf5, 0x1f, + 0x5f, 0x06, 0x6e, 0xd0, 0x85, 0x63, 0x65, 0x55, 0x3d, 0xed, 0x1a, 0xf3, + 0xb5, 0x57, 0x13, 0x5e, 0x7f, 0x57, 0xc9, 0x35, 0x98, 0x4f, 0x0c, 0x70, + 0xe0, 0xe6, 0x8b, 0x77, 0xe2, 0xa6, 0x89, 0xda, 0xf3, 0xef, 0xe8, 0x72, + 0x1d, 0xf1, 0x58, 0xa1, 0x36, 0xad, 0xe7, 0x35, 0x30, 0xac, 0xca, 0x4f, + 0x48, 0x3a, 0x79, 0x7a, 0xbc, 0x0a, 0xb1, 0x82, 0xb3, 0x24, 0xfb, 0x61, + 0xd1, 0x08, 0xa9, 0x4b, 0xb2, 0xc8, 0xe3, 0xfb, 0xb9, 0x6a, 0xda, 0xb7, + 0x60, 0xd7, 0xf4, 0x68, 0x1d, 0x4f, 0x42, 0xa3, 0xde, 0x39, 0x4d, 0xf4, + 0xae, 0x56, 0xed, 0xe7, 0x63, 0x72, 0xbb, 0x19, 0x0b, 0x07, 0xa7, 0xc8, + 0xee, 0x0a, 0x6d, 0x70, 0x9e, 0x02, 0xfc, 0xe1, 0xcd, 0xf7, 0xe2, 0xec, + 0xc0, 0x34, 0x04, 0xcd, 0x28, 0x34, 0x2f, 0x61, 0x91, 0x72, 0xfe, 0x9c, + 0xe9, 0x85, 0x83, 0xff, 0x8e, 0x4f, 0x12, 0x32, 0xee, 0xf2, 0x81, 0x83, + 0xc3, 0xfe, 0x3b, 0x1b, 0x4c, 0x6f, 0xad, 0x73, 0x3b, 0xb5, 0xfc, 0xbc, + 0x2e, 0xc2, 0x20, 0x05, 0xc5, 0x8e, 0xf1, 0x83, 0x7d, 0x16, 0x83, 0xb2, + 0xc6, 0xf3, 0x4a, 0x26, 0xc1, 0xb2, 0xef, 0xfa, 0x88, 0x6b, 0x42, 0x38, + 0x61, 0x28, 0x5c, 0x97, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0x00, 0x01, 0x02, 0x01, 0x00, 0xea, 0x10, 0x0e, 0xb8, 0xc4, 0xc9, 0xc9, + 0x9a, 0x8c, 0x03, 0x04, 0x56, 0x4f, 0x3d, 0x2d, 0x64, 0x51, 0xc9, 0x1e, + 0xf7, 0x63, 0x06, 0x81, 0xca, 0x89, 0x5c, 0x81, 0xb9, 0x78, 0xe0, 0xf5, + 0x43, 0xe4, 0x47, 0x40, 0x8f, 0x0e, 0xab, 0x0e, 0xd0, 0xb4, 0x43, 0x92, + 0x2a, 0x03, 0x4a, 0x1f, 0x69, 0x7b, 0xc3, 0x0c, 0x13, 0x0d, 0xf3, 0xd8, + 0xaa, 0xd7, 0x1e, 0x0e, 0xf5, 0x09, 0x7d, 0xda, 0xc9, 0x7c, 0x16, 0xfd, + 0xe6, 0xbb, 0x2d, 0xc1, 0x12, 0x20, 0xad, 0x8f, 0x1b, 0x64, 0x79, 0xb9, + 0xbc, 0x26, 0x11, 0xec, 0x3d, 0x20, 0xa6, 0x18, 0x6c, 0xb3, 0x27, 0xbe, + 0x86, 0xde, 0x0e, 0x49, 0x8f, 0xc2, 0x0e, 0x86, 0x8b, 0x2a, 0xc7, 0x4c, + 0xb5, 0x09, 0xed, 0x94, 0x6d, 0xb6, 0x50, 0xfb, 0xc1, 0x8e, 0xd7, 0xce, + 0x58, 0xf8, 0xb0, 0x68, 0xbc, 0xcf, 0x28, 0xc5, 0x1c, 0xf3, 0x99, 0x17, + 0x22, 0xaa, 0x40, 0x28, 0x90, 0x78, 0x34, 0xe2, 0x0f, 0x28, 0x0d, 0x22, + 0xe1, 0x55, 0xcd, 0x90, 0x26, 0x84, 0xa0, 0xd8, 0xea, 0xd9, 0xe8, 0x83, + 0x43, 0x24, 0xef, 0x66, 0xa6, 0x7f, 0x9f, 0x56, 0x10, 0x6f, 0xc9, 0x13, + 0x2f, 0xb1, 0x00, 0x49, 0xc7, 0x88, 0x8d, 0xec, 0x55, 0xc1, 0xdb, 0x39, + 0xa2, 0x5e, 0xbd, 0xde, 0xb6, 0x0a, 0x1c, 0x1f, 0xa4, 0x1a, 0x93, 0xc2, + 0xee, 0x9c, 0x63, 0x3b, 0x09, 0xcf, 0xf6, 0x93, 0x83, 0xfe, 0xd7, 0x4d, + 0x35, 0xd3, 0x15, 0x74, 0x23, 0x5a, 0x33, 0xdc, 0x64, 0x9d, 0xba, 0x2a, + 0xb0, 0x63, 0x26, 0x17, 0x44, 0xe2, 0xfa, 0x41, 0xb1, 0xb2, 0xf2, 0x63, + 0xb2, 0x51, 0x50, 0xfc, 0x31, 0xc2, 0xd6, 0xda, 0x01, 0x18, 0xcf, 0xe8, + 0x9b, 0xed, 0x4c, 0x69, 0x38, 0xe1, 0xe2, 0x69, 0x53, 0xdc, 0x85, 0x40, + 0x4e, 0x9a, 0x1d, 0xe8, 0x2a, 0xe1, 0x27, 0xad, 0x8e, 0x03, 0x01, 0x01, + 0x00, 0xad, 0x55, 0xc0, 0xac, 0xbb, 0x32, 0x93, 0x86, 0xc6, 0xdf, 0x5d, + 0x58, 0x94, 0xba, 0x35, 0x81, 0x32, 0x54, 0x98, 0xdc, 0x85, 0x6f, 0x1e, + 0x41, 0xe4, 0x3d, 0x1e, 0x0d, 0x37, 0x85, 0x05, 0xd1, 0xf7, 0xb2, 0x3a, + 0xd5, 0xb1, 0x8c, 0x93, 0x20, 0x8a, 0x42, 0xf0, 0xc9, 0x86, 0xcc, 0xf4, + 0xa1, 0x17, 0x8d, 0x65, 0xd0, 0xea, 0x23, 0x9f, 0xf7, 0xcf, 0x3e, 0x7b, + 0x51, 0x55, 0xfe, 0x3d, 0x6c, 0x9e, 0x3e, 0x51, 0x39, 0xd8, 0xa0, 0xa0, + 0x8a, 0x6b, 0xd8, 0x4d, 0x41, 0x7f, 0x97, 0x5c, 0x8e, 0x25, 0x7b, 0x24, + 0x72, 0x1a, 0x46, 0xac, 0x8f, 0x8e, 0xd7, 0xe8, 0xa6, 0x31, 0x1e, 0x7c, + 0xd0, 0xa9, 0x31, 0x84, 0xa6, 0x60, 0x73, 0xb3, 0xb9, 0x26, 0xa3, 0x4e, + 0xd5, 0x03, 0x3f, 0xef, 0xaa, 0x5a, 0x41, 0x8d, 0x1f, 0x0b, 0xb6, 0x37, + 0x63, 0x9b, 0xa1, 0xfe, 0x43, 0x5b, 0x73, 0xa2, 0x5b, 0xce, 0x53, 0x61, + 0x05, 0x1f, 0x75, 0x35, 0xf1, 0x71, 0x5b, 0xf6, 0x60, 0x1e, 0xcc, 0x62, + 0xae, 0xca, 0xe3, 0x4f, 0xc0, 0xc0, 0xfd, 0xe1, 0x42, 0xc3, 0xbc, 0x29, + 0x84, 0x74, 0x30, 0x0a, 0x22, 0x69, 0x10, 0x3d, 0xb6, 0x7c, 0x54, 0xc7, + 0x54, 0xe2, 0xaf, 0x3a, 0xee, 0xa3, 0x05, 0xd4, 0x89, 0xa2, 0xc3, 0xa1, + 0x51, 0x45, 0x25, 0x8e, 0xc5, 0x5a, 0xc8, 0x75, 0x50, 0xd9, 0x98, 0x67, + 0x3c, 0xd2, 0xfa, 0x96, 0x6a, 0xaa, 0x1b, 0x0a, 0x29, 0x15, 0xfe, 0xd0, + 0xbb, 0x1a, 0xf5, 0xa4, 0xcd, 0xbe, 0xce, 0xa2, 0x3e, 0x0c, 0x03, 0x9c, + 0xab, 0x3a, 0x34, 0xe2, 0x0e, 0x0e, 0xa0, 0xb3, 0x9a, 0x2a, 0x3f, 0xa2, + 0x1e, 0xd3, 0x33, 0x38, 0x42, 0x6e, 0x65, 0xf8, 0xda, 0xfa, 0x90, 0x73, + 0xa5, 0x66, 0x84, 0xe0, 0xfe, 0x99, 0xe9, 0xc1, 0x94, 0x24, 0x04, 0x7f, + 0x05, 0xda, 0xc7, 0xcd, 0xce, 0x16, 0xfe, 0xfd, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x04, 0x00, 0x0c, 0x0e, 0x00, 0x00, 0x00, 0x00, 0x04, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL *ssl_c = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL, + wolfDTLSv1_2_client_method, NULL), 0); + + /* start handshake, send first ClientHello */ + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 1, + (const char*)certreq_before_cert_bin, + sizeof(certreq_before_cert_bin)), 0); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), OUT_OF_ORDER_E); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); +#endif + return EXPECT_RESULT(); +} + +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) +struct { + struct test_memio_ctx* test_ctx; + WOLFSSL* ssl_s; + int fd; + SOCKADDR_S peer_addr; +} test_memio_wolfio_ctx; + +static ssize_t test_memio_wolfio_recvfrom(int sockfd, void* buf, + size_t len, int flags, void* src_addr, void* addrlen) +{ + int ret; + (void)flags; + if (sockfd != test_memio_wolfio_ctx.fd) { + errno = EINVAL; + return -1; + } + ret = test_memio_read_cb(test_memio_wolfio_ctx.ssl_s, + (char*)buf, (int)len, test_memio_wolfio_ctx.test_ctx); + if (ret <= 0) { + if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_READ)) + errno = EAGAIN; + else + errno = EINVAL; + return -1; + } + XMEMCPY(src_addr, &test_memio_wolfio_ctx.peer_addr, + MIN(sizeof(test_memio_wolfio_ctx.peer_addr), + *(word32*)addrlen)); + *(word32*)addrlen = sizeof(test_memio_wolfio_ctx.peer_addr); + return ret; +} + +static ssize_t test_memio_wolfio_sendto(int sockfd, const void* buf, + size_t len, int flags, const void* dest_addr, word32 addrlen) +{ + int ret; + (void) flags; + (void) dest_addr; + (void) addrlen; + if (sockfd != test_memio_wolfio_ctx.fd) { + errno = EINVAL; + return -1; + } + if (dest_addr != NULL && addrlen != 0 && + (sizeof(test_memio_wolfio_ctx.peer_addr) != addrlen || + XMEMCMP(dest_addr, &test_memio_wolfio_ctx.peer_addr, + addrlen) != 0)) { + errno = EINVAL; + return -1; + } + ret = test_memio_write_cb(test_memio_wolfio_ctx.ssl_s, (char*)buf, + (int)len, test_memio_wolfio_ctx.test_ctx); + if (ret <= 0) { + if (ret == WC_NO_ERR_TRACE(WOLFSSL_CBIO_ERR_WANT_WRITE)) + errno = EAGAIN; + else + errno = EINVAL; + return -1; + } + return ret; +} +#endif + +/* Test stateless API with wolfio */ +int test_dtls_memio_wolfio(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) + size_t i; + struct { + method_provider client_meth; + method_provider server_meth; + } params[] = { +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DTLS13) + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method }, +#endif +#if !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_DTLS) + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method }, +#endif +#if !defined(NO_OLD_TLS) && defined(WOLFSSL_DTLS) + { wolfDTLSv1_client_method, wolfDTLSv1_server_method }, +#endif + }; + XMEMSET(&test_memio_wolfio_ctx, 0, sizeof(test_memio_wolfio_ctx)); + for (i = 0; i < XELEM_CNT(params) && !EXPECT_FAIL(); i++) { + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + params[i].client_meth, params[i].server_meth), 0); + + test_memio_wolfio_ctx.test_ctx = &test_ctx; + test_memio_wolfio_ctx.ssl_s = ssl_s; + /* Large number to error out if any syscalls are called with it */ + test_memio_wolfio_ctx.fd = 6000; + XMEMSET(&test_memio_wolfio_ctx.peer_addr, 0, + sizeof(test_memio_wolfio_ctx.peer_addr)); + test_memio_wolfio_ctx.peer_addr.ss_family = AF_INET; + + wolfSSL_dtls_set_using_nonblock(ssl_s, 1); + wolfSSL_SetRecvFrom(ssl_s, test_memio_wolfio_recvfrom); + wolfSSL_SetSendTo(ssl_s, test_memio_wolfio_sendto); + /* Restore default functions */ + wolfSSL_SSLSetIORecv(ssl_s, EmbedReceiveFrom); + wolfSSL_SSLSetIOSend(ssl_s, EmbedSendTo); + ExpectIntEQ(wolfSSL_set_fd(ssl_s, test_memio_wolfio_ctx.fd), + WOLFSSL_SUCCESS); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_s); + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_s); + wolfSSL_CTX_free(ctx_c); + } +#endif + return EXPECT_RESULT(); +} + +/* DTLS using stateless API handling new addresses with wolfio */ +int test_dtls_memio_wolfio_stateless(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_DTLS) + size_t i, j; + struct { + method_provider client_meth; + method_provider server_meth; + } params[] = { +#if defined(WOLFSSL_TLS13) && defined(WOLFSSL_DTLS13) + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method }, +#endif +#if !defined(WOLFSSL_NO_TLS12) && defined(WOLFSSL_DTLS) + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method }, +#endif +#if !defined(NO_OLD_TLS) && defined(WOLFSSL_DTLS) + { wolfDTLSv1_client_method, wolfDTLSv1_server_method }, +#endif + }; + XMEMSET(&test_memio_wolfio_ctx, 0, sizeof(test_memio_wolfio_ctx)); + for (i = 0; i < XELEM_CNT(params) && !EXPECT_FAIL(); i++) { + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + char chBuf[1000]; + int chSz = sizeof(chBuf); + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + params[i].client_meth, params[i].server_meth), 0); + + test_memio_wolfio_ctx.test_ctx = &test_ctx; + test_memio_wolfio_ctx.ssl_s = ssl_s; + /* Large number to error out if any syscalls are called with it */ + test_memio_wolfio_ctx.fd = 6000; + XMEMSET(&test_memio_wolfio_ctx.peer_addr, 0, + sizeof(test_memio_wolfio_ctx.peer_addr)); + test_memio_wolfio_ctx.peer_addr.ss_family = AF_INET; + + wolfSSL_dtls_set_using_nonblock(ssl_s, 1); + wolfSSL_SetRecvFrom(ssl_s, test_memio_wolfio_recvfrom); + /* Restore default functions */ + wolfSSL_SSLSetIORecv(ssl_s, EmbedReceiveFrom); + ExpectIntEQ(wolfSSL_set_read_fd(ssl_s, test_memio_wolfio_ctx.fd), + WOLFSSL_SUCCESS); + + /* start handshake, send first ClientHello */ + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_memio_copy_message(&test_ctx, 0, chBuf, &chSz, 0), 0); + ExpectIntGT(chSz, 0); + test_memio_clear_buffer(&test_ctx, 0); + + /* Send CH from different addresses */ + for (j = 0; j < 10 && !EXPECT_FAIL(); j++, + (((SOCKADDR_IN*)&test_memio_wolfio_ctx.peer_addr))->sin_port++) { + const char* hrrBuf = NULL; + int hrrSz = 0; + ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, chBuf, chSz), 0); + ExpectIntEQ(wolfDTLS_accept_stateless(ssl_s), 0); + ExpectIntEQ(test_memio_get_message(&test_ctx, 1, &hrrBuf, &hrrSz, 0), 0); + ExpectNotNull(hrrBuf); + ExpectIntGT(hrrSz, 0); + test_memio_clear_buffer(&test_ctx, 0); + } + test_memio_clear_buffer(&test_ctx, 1); + ExpectIntEQ(wolfSSL_dtls_got_timeout(ssl_c), 1); + ExpectIntEQ(wolfDTLS_accept_stateless(ssl_s), 0); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfDTLS_accept_stateless(ssl_s), 1); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_s); + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_s); + wolfSSL_CTX_free(ctx_c); + } +#endif + return EXPECT_RESULT(); +} diff --git a/test/ssl/wolfssl/tests/api/test_dtls.h b/test/ssl/wolfssl/tests/api/test_dtls.h new file mode 100644 index 000000000..c0fb4bcfb --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_dtls.h @@ -0,0 +1,77 @@ +/* test_dtls.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef TESTS_API_DTLS_H +#define TESTS_API_DTLS_H + +int test_dtls12_basic_connection_id(void); +int test_dtls13_basic_connection_id(void); +int test_dtls13_hrr_want_write(void); +int test_dtls13_every_write_want_write(void); +int test_wolfSSL_dtls_cid_parse(void); +int test_wolfSSL_dtls_set_pending_peer(void); +int test_dtls13_epochs(void); +int test_dtls13_ack_order(void); +int test_dtls_version_checking(void); +int test_dtls_short_ciphertext(void); +int test_dtls12_record_length_mismatch(void); +int test_dtls12_short_read(void); +int test_dtls13_longer_length(void); +int test_dtls13_short_read(void); +int test_records_span_network_boundaries(void); +int test_dtls_record_cross_boundaries(void); +int test_dtls_rtx_across_epoch_change(void); +int test_dtls_drop_client_ack(void); +int test_dtls_bogus_finished_epoch_zero(void); +int test_dtls_replay(void); +int test_dtls_srtp(void); +int test_dtls_timeout(void); +int test_dtls_certreq_order(void); +int test_dtls_memio_wolfio(void); +int test_dtls_memio_wolfio_stateless(void); + +#define TEST_DTLS_DECLS \ + TEST_DECL_GROUP("dtls", test_dtls12_basic_connection_id), \ + TEST_DECL_GROUP("dtls", test_dtls13_basic_connection_id), \ + TEST_DECL_GROUP("dtls", test_dtls13_hrr_want_write), \ + TEST_DECL_GROUP("dtls", test_dtls13_every_write_want_write), \ + TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_cid_parse), \ + TEST_DECL_GROUP("dtls", test_wolfSSL_dtls_set_pending_peer), \ + TEST_DECL_GROUP("dtls", test_dtls13_epochs), \ + TEST_DECL_GROUP("dtls", test_dtls13_ack_order), \ + TEST_DECL_GROUP("dtls", test_dtls_version_checking), \ + TEST_DECL_GROUP("dtls", test_dtls_short_ciphertext), \ + TEST_DECL_GROUP("dtls", test_dtls12_record_length_mismatch), \ + TEST_DECL_GROUP("dtls", test_dtls12_short_read), \ + TEST_DECL_GROUP("dtls", test_dtls13_longer_length), \ + TEST_DECL_GROUP("dtls", test_dtls13_short_read), \ + TEST_DECL_GROUP("dtls", test_records_span_network_boundaries), \ + TEST_DECL_GROUP("dtls", test_dtls_record_cross_boundaries), \ + TEST_DECL_GROUP("dtls", test_dtls_rtx_across_epoch_change), \ + TEST_DECL_GROUP("dtls", test_dtls_drop_client_ack), \ + TEST_DECL_GROUP("dtls", test_dtls_bogus_finished_epoch_zero), \ + TEST_DECL_GROUP("dtls", test_dtls_replay), \ + TEST_DECL_GROUP("dtls", test_dtls_srtp), \ + TEST_DECL_GROUP("dtls", test_dtls_certreq_order), \ + TEST_DECL_GROUP("dtls", test_dtls_timeout), \ + TEST_DECL_GROUP("dtls", test_dtls_memio_wolfio), \ + TEST_DECL_GROUP("dtls", test_dtls_memio_wolfio_stateless) +#endif /* TESTS_API_DTLS_H */ diff --git a/test/ssl/wolfssl/tests/api/test_ecc.c b/test/ssl/wolfssl/tests/api/test_ecc.c new file mode 100644 index 000000000..0142f0c11 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ecc.c @@ -0,0 +1,1873 @@ +/* test_ecc.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +int test_wc_ecc_get_curve_size_from_name(void) +{ + EXPECT_DECLS; +#ifdef HAVE_ECC + #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) + ExpectIntEQ(wc_ecc_get_curve_size_from_name("SECP256R1"), 32); + #endif + /* invalid case */ + ExpectIntEQ(wc_ecc_get_curve_size_from_name("BADCURVE"), -1); + /* NULL input */ + ExpectIntEQ(wc_ecc_get_curve_size_from_name(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif /* HAVE_ECC */ + return EXPECT_RESULT(); +} + +int test_wc_ecc_get_curve_id_from_name(void) +{ + EXPECT_DECLS; +#ifdef HAVE_ECC + #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) + ExpectIntEQ(wc_ecc_get_curve_id_from_name("SECP256R1"), + ECC_SECP256R1); + #endif + /* invalid case */ + ExpectIntEQ(wc_ecc_get_curve_id_from_name("BADCURVE"), -1); + /* NULL input */ + ExpectIntEQ(wc_ecc_get_curve_id_from_name(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif /* HAVE_ECC */ + return EXPECT_RESULT(); +} + +int test_wc_ecc_get_curve_id_from_params(void) +{ + EXPECT_DECLS; +#ifdef HAVE_ECC + const byte prime[] = + { + 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF + }; + + const byte primeInvalid[] = + { + 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0x01,0x01 + }; + + const byte Af[] = + { + 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x01, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0xFF,0xFF,0xFF,0xFF, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFC + }; + + const byte Bf[] = + { + 0x5A,0xC6,0x35,0xD8,0xAA,0x3A,0x93,0xE7, + 0xB3,0xEB,0xBD,0x55,0x76,0x98,0x86,0xBC, + 0x65,0x1D,0x06,0xB0,0xCC,0x53,0xB0,0xF6, + 0x3B,0xCE,0x3C,0x3E,0x27,0xD2,0x60,0x4B + }; + + const byte order[] = + { + 0xFF,0xFF,0xFF,0xFF,0x00,0x00,0x00,0x00, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xBC,0xE6,0xFA,0xAD,0xA7,0x17,0x9E,0x84, + 0xF3,0xB9,0xCA,0xC2,0xFC,0x63,0x25,0x51 + }; + + const byte Gx[] = + { + 0x6B,0x17,0xD1,0xF2,0xE1,0x2C,0x42,0x47, + 0xF8,0xBC,0xE6,0xE5,0x63,0xA4,0x40,0xF2, + 0x77,0x03,0x7D,0x81,0x2D,0xEB,0x33,0xA0, + 0xF4,0xA1,0x39,0x45,0xD8,0x98,0xC2,0x96 + }; + + const byte Gy[] = + { + 0x4F,0xE3,0x42,0xE2,0xFE,0x1A,0x7F,0x9B, + 0x8E,0xE7,0xEB,0x4A,0x7C,0x0F,0x9E,0x16, + 0x2B,0xCE,0x33,0x57,0x6B,0x31,0x5E,0xCE, + 0xCB,0xB6,0x40,0x68,0x37,0xBF,0x51,0xF5 + }; + + int cofactor = 1; + int fieldSize = 256; + + #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) + ExpectIntEQ(wc_ecc_get_curve_id_from_params(fieldSize, + prime, sizeof(prime), Af, sizeof(Af), Bf, sizeof(Bf), + order, sizeof(order), Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor), + ECC_SECP256R1); + #endif + + /* invalid case, fieldSize = 0 */ + ExpectIntEQ(wc_ecc_get_curve_id_from_params(0, prime, sizeof(prime), + Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order), + Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor), ECC_CURVE_INVALID); + + /* invalid case, NULL prime */ + ExpectIntEQ(wc_ecc_get_curve_id_from_params(fieldSize, NULL, sizeof(prime), + Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order), + Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* invalid case, invalid prime */ + ExpectIntEQ(wc_ecc_get_curve_id_from_params(fieldSize, + primeInvalid, sizeof(primeInvalid), + Af, sizeof(Af), Bf, sizeof(Bf), order, sizeof(order), + Gx, sizeof(Gx), Gy, sizeof(Gy), cofactor), ECC_CURVE_INVALID); +#endif + return EXPECT_RESULT(); +} + +int test_wc_ecc_get_curve_id_from_dp_params(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && \ + !defined(HAVE_SELFTEST) && \ + !(defined(HAVE_FIPS) || defined(HAVE_FIPS_VERSION)) +#if !defined(NO_ECC256) && !defined(NO_ECC_SECP) + ecc_key* key; + const ecc_set_type* params = NULL; + int ret; +#endif + WOLFSSL_EC_KEY *ecKey = NULL; + + #if !defined(NO_ECC256) && !defined(NO_ECC_SECP) + ExpectIntEQ(wc_ecc_get_curve_id_from_name("SECP256R1"), ECC_SECP256R1); + ExpectNotNull(ecKey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + + if (EXPECT_SUCCESS()) { + ret = EC_KEY_generate_key(ecKey); + } else + ret = 0; + + if (ret == 1) { + /* normal test */ + key = (ecc_key*)ecKey->internal; + if (key != NULL) { + params = key->dp; + } + + ExpectIntEQ(wc_ecc_get_curve_id_from_dp_params(params), + ECC_SECP256R1); + } + #endif + /* invalid case, NULL input */ + ExpectIntEQ(wc_ecc_get_curve_id_from_dp_params(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wolfSSL_EC_KEY_free(ecKey); +#endif + return EXPECT_RESULT(); +} + +/* + * Testing wc_ecc_make_key. + */ +int test_wc_ecc_make_key(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && !defined(WC_NO_RNG) + ecc_key key; + WC_RNG rng; + int ret; + + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ret = wc_ecc_make_key(&rng, KEY14, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_ecc_make_key(NULL, KEY14, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_make_key(&rng, KEY14, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ecc_free(&key); + +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_make_key */ + + +/* + * Testing wc_ecc_init() + */ +int test_wc_ecc_init(void) +{ + EXPECT_DECLS; +#ifdef HAVE_ECC + ecc_key key; + + XMEMSET(&key, 0, sizeof(ecc_key)); + + ExpectIntEQ(wc_ecc_init(&key), 0); + /* Pass in bad args. */ + ExpectIntEQ(wc_ecc_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_ecc_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_init */ + +/* + * Testing wc_ecc_check_key() + */ +int test_wc_ecc_check_key(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && !defined(WC_NO_RNG) + ecc_key key; + WC_RNG rng; + int ret; + + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(&key, 0, sizeof(key)); + + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ret = wc_ecc_make_key(&rng, KEY14, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + + ExpectIntEQ(wc_ecc_check_key(&key), 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_ecc_check_key(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ecc_free(&key); + +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_check_key */ + +/* + * Testing wc_ecc_get_generator() + */ +int test_wc_ecc_get_generator(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \ + !defined(HAVE_FIPS) && defined(OPENSSL_EXTRA) + ecc_point* pt = NULL; + + ExpectNotNull(pt = wc_ecc_new_point()); + + ExpectIntEQ(wc_ecc_get_generator(pt, wc_ecc_get_curve_idx(ECC_SECP256R1)), + MP_OKAY); + + /* Test bad args. */ + /* Returns Zero for bad arg. */ + ExpectIntNE(wc_ecc_get_generator(pt, -1), MP_OKAY); + ExpectIntNE(wc_ecc_get_generator(NULL, wc_ecc_get_curve_idx(ECC_SECP256R1)), + MP_OKAY); + /* If we ever get to 1000 curves increase this number */ + ExpectIntNE(wc_ecc_get_generator(pt, 1000), MP_OKAY); + ExpectIntNE(wc_ecc_get_generator(NULL, -1), MP_OKAY); + + wc_ecc_del_point(pt); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_get_generator */ + +/* + * Testing wc_ecc_size() + */ +int test_wc_ecc_size(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && !defined(WC_NO_RNG) + WC_RNG rng; + ecc_key key; + int ret; + + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ret = wc_ecc_make_key(&rng, KEY14, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + + ExpectIntEQ(wc_ecc_size(&key), KEY14); + /* Test bad args. */ + /* Returns Zero for bad arg. */ + ExpectIntEQ(wc_ecc_size(NULL), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ecc_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_size */ + +int test_wc_ecc_params(void) +{ + EXPECT_DECLS; + /* FIPS/CAVP self-test modules do not have `wc_ecc_get_curve_params`. + It was added after certifications */ +#if defined(HAVE_ECC) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + const ecc_set_type* ecc_set = NULL; +#if !defined(NO_ECC256) && !defined(NO_ECC_SECP) + /* Test for SECP256R1 curve */ + int curve_id = ECC_SECP256R1; + int curve_idx = 0; + + ExpectIntNE(curve_idx = wc_ecc_get_curve_idx(curve_id), ECC_CURVE_INVALID); + ExpectNotNull(ecc_set = wc_ecc_get_curve_params(curve_idx)); + ExpectIntEQ(ecc_set->id, curve_id); +#endif + /* Test case when SECP256R1 is not enabled */ + /* Test that we get curve params for index 0 */ + ExpectNotNull(ecc_set = wc_ecc_get_curve_params(0)); +#endif /* HAVE_ECC && !HAVE_FIPS && !HAVE_SELFTEST */ + return EXPECT_RESULT(); +} + +/* + * Testing wc_ecc_sign_hash() and wc_ecc_verify_hash() + */ +int test_wc_ecc_signVerify_hash(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && !defined(NO_ASN) && \ + !defined(WC_NO_RNG) + ecc_key key; + WC_RNG rng; + int ret; +#ifdef HAVE_ECC_VERIFY + int verify = 0; +#endif + word32 siglen = ECC_BUFSIZE; + byte sig[ECC_BUFSIZE]; + byte adjustedSig[ECC_BUFSIZE+1]; + byte digest[] = TEST_STRING; + word32 digestlen = (word32)TEST_STRING_SZ; + + /* Init stack var */ + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(sig, 0, siglen); + XMEMSET(adjustedSig, 0, ECC_BUFSIZE+1); + + /* Init structs. */ + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ret = wc_ecc_make_key(&rng, KEY14, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + + ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, &key), + 0); + + /* Check bad args. */ + ExpectIntEQ(wc_ecc_sign_hash(NULL, digestlen, sig, &siglen, &rng, &key), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, NULL, &siglen, &rng, &key), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, NULL, &rng, &key), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, NULL, &key), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_sign_hash(digest, digestlen, sig, &siglen, &rng, NULL), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); +#if (!defined(HAVE_FIPS) || FIPS_VERSION_GT(7,0)) && !defined(HAVE_SELFTEST) + ExpectIntEQ(wc_ecc_sign_hash(digest, WC_MAX_DIGEST_SIZE+1, sig, &siglen, + &rng, &key), WC_NO_ERR_TRACE(BAD_LENGTH_E)); +#endif + +#ifdef HAVE_ECC_VERIFY + ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify, + &key), 0); + ExpectIntEQ(verify, 1); + + /* test check on length of signature passed in */ + XMEMCPY(adjustedSig, sig, siglen); + adjustedSig[1] = adjustedSig[1] + 1; /* add 1 to length for extra byte */ +#ifndef NO_STRICT_ECDSA_LEN + ExpectIntNE(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen, + &verify, &key), 0); +#else + /* if NO_STRICT_ECDSA_LEN is set then extra bytes after the signature + * is allowed */ + ExpectIntEQ(wc_ecc_verify_hash(adjustedSig, siglen+1, digest, digestlen, + &verify, &key), 0); +#endif + + /* Test bad args. */ + ExpectIntEQ(wc_ecc_verify_hash(NULL, siglen, digest, digestlen, &verify, + &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, NULL, digestlen, &verify, &key), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, NULL, &key), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, digestlen, &verify, + NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); +#if (!defined(HAVE_FIPS) || FIPS_VERSION_GT(7,0)) && !defined(HAVE_SELFTEST) + ExpectIntEQ(wc_ecc_verify_hash(sig, siglen, digest, WC_MAX_DIGEST_SIZE+1, + &verify, &key), WC_NO_ERR_TRACE(BAD_LENGTH_E)); +#endif +#endif /* HAVE_ECC_VERIFY */ + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ecc_free(&key); + +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_sign_hash */ + +/* + * Testing wc_ecc_shared_secret() + */ +int test_wc_ecc_shared_secret(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) + ecc_key key; + ecc_key pubKey; + WC_RNG rng; +#if defined(NO_ECC256) + int ret; +#endif + byte out[KEY32]; + int keySz = sizeof(out); + word32 outlen = (word32)sizeof(out); + +#if defined(HAVE_ECC) && !defined(NO_ECC256) + const char* qx = + "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861"; + const char* qy = + "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8"; + const char* d = + "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c"; + const char* curveName = "SECP256R1"; + const byte expected_shared_secret[] = + { + 0x65, 0xc0, 0xd4, 0x61, 0x17, 0xe6, 0x09, 0x75, + 0xf0, 0x12, 0xa0, 0x4d, 0x0b, 0x41, 0x30, 0x7a, + 0x51, 0xf0, 0xb3, 0xaf, 0x23, 0x8f, 0x0f, 0xdf, + 0xf1, 0xff, 0x23, 0x64, 0x28, 0xca, 0xf8, 0x06 + }; +#endif + + PRIVATE_KEY_UNLOCK(); + + /* Initialize variables. */ + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&pubKey, 0, sizeof(ecc_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(out, 0, keySz); + + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init(&pubKey), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + +#if !defined(NO_ECC256) + ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, curveName), 0); + ExpectIntEQ(wc_ecc_import_raw(&pubKey, qx, qy, NULL, curveName), 0); +#else + ret = wc_ecc_make_key(&rng, keySz, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + ret = wc_ecc_make_key(&rng, keySz, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); +#endif + +#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ + !defined(HAVE_SELFTEST) + ExpectIntEQ(wc_ecc_set_rng(&key, &rng), 0); +#endif + + ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, out, &outlen), 0); + +#if !defined(NO_ECC256) + ExpectIntEQ(XMEMCMP(out, expected_shared_secret, outlen), 0); +#endif + + /* Test bad args. */ + ExpectIntEQ(wc_ecc_shared_secret(NULL, &pubKey, out, &outlen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_shared_secret(&key, NULL, out, &outlen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, NULL, &outlen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, out, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Invalid length */ + outlen = 1; + ExpectIntEQ(wc_ecc_shared_secret(&key, &pubKey, out, &outlen), + WC_NO_ERR_TRACE(BUFFER_E)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ecc_free(&pubKey); + wc_ecc_free(&key); + +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif + + PRIVATE_KEY_LOCK(); +#endif + return EXPECT_RESULT(); +} /* END tests_wc_ecc_shared_secret */ + +/* + * testint wc_ecc_export_x963() + */ +int test_wc_ecc_export_x963(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) + ecc_key key; + WC_RNG rng; + byte out[ECC_ASN963_MAX_BUF_SZ]; + word32 outlen = sizeof(out); + int ret; + + PRIVATE_KEY_UNLOCK(); + + /* Initialize variables. */ + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(out, 0, outlen); + + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ret = wc_ecc_make_key(&rng, KEY20, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + + ExpectIntEQ(wc_ecc_export_x963(&key, out, &outlen), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_ecc_export_x963(NULL, out, &outlen), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_export_x963(&key, NULL, &outlen), + WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + ExpectIntEQ(wc_ecc_export_x963(&key, out, NULL), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + key.idx = -4; + ExpectIntEQ(wc_ecc_export_x963(&key, out, &outlen), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ecc_free(&key); + +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif + + PRIVATE_KEY_LOCK(); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_export_x963 */ + +/* + * Testing wc_ecc_export_x963_ex() + * compile with --enable-compkey will use compression. + */ +int test_wc_ecc_export_x963_ex(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) + ecc_key key; + WC_RNG rng; + int ret; + byte out[ECC_ASN963_MAX_BUF_SZ]; + word32 outlen = sizeof(out); + #ifdef HAVE_COMP_KEY + word32 badOutLen = 5; + #endif + + /* Init stack variables. */ + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(out, 0, outlen); + PRIVATE_KEY_UNLOCK(); + + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ret = wc_ecc_make_key(&rng, KEY64, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + +#ifdef HAVE_COMP_KEY + ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, COMP), 0); +#else + ExpectIntEQ(ret = wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP), 0); +#endif + + /* Test bad args. */ +#ifdef HAVE_COMP_KEY + ExpectIntEQ(wc_ecc_export_x963_ex(NULL, out, &outlen, COMP), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_export_x963_ex(&key, NULL, &outlen, COMP), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, NULL, COMP), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#if defined(HAVE_FIPS) && (!defined(FIPS_VERSION_LT) || FIPS_VERSION_LT(5,3)) + ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP), + WC_NO_ERR_TRACE(BUFFER_E)); +#else + ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &badOutLen, COMP), + WC_NO_ERR_TRACE(LENGTH_ONLY_E)); +#endif + key.idx = -4; + ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, COMP), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); +#else + ExpectIntEQ(wc_ecc_export_x963_ex(NULL, out, &outlen, NOCOMP), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_export_x963_ex(&key, NULL, &outlen, NOCOMP), + WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, 1), + WC_NO_ERR_TRACE(NOT_COMPILED_IN)); + ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, NULL, NOCOMP), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + key.idx = -4; + ExpectIntEQ(wc_ecc_export_x963_ex(&key, out, &outlen, NOCOMP), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); +#endif + PRIVATE_KEY_LOCK(); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ecc_free(&key); + +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_export_x963_ex */ + +/* + * testing wc_ecc_import_x963() + */ +int test_wc_ecc_import_x963(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \ + defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) + ecc_key pubKey; + ecc_key key; + WC_RNG rng; + byte x963[ECC_ASN963_MAX_BUF_SZ]; + word32 x963Len = (word32)sizeof(x963); + int ret; + + /* Init stack variables. */ + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&pubKey, 0, sizeof(ecc_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(x963, 0, x963Len); + + ExpectIntEQ(wc_ecc_init(&pubKey), 0); + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); +#if FIPS_VERSION3_GE(6,0,0) + ret = wc_ecc_make_key(&rng, KEY32, &key); +#else + ret = wc_ecc_make_key(&rng, KEY24, &key); +#endif +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + + ExpectIntEQ(ret, 0); + + PRIVATE_KEY_UNLOCK(); + ExpectIntEQ(wc_ecc_export_x963(&key, x963, &x963Len), 0); + PRIVATE_KEY_LOCK(); + + ExpectIntEQ(wc_ecc_import_x963(x963, x963Len, &pubKey), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_ecc_import_x963(NULL, x963Len, &pubKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_import_x963(x963, x963Len, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_import_x963(x963, x963Len + 1, &pubKey), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ecc_free(&key); + wc_ecc_free(&pubKey); + +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif +#endif + return EXPECT_RESULT(); +} /* END wc_ecc_import_x963 */ + +/* + * testing wc_ecc_import_private_key() + */ +int test_wc_ecc_import_private_key(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_IMPORT) && \ + defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) + ecc_key key; + ecc_key keyImp; + WC_RNG rng; + byte privKey[ECC_PRIV_KEY_BUF]; /* Raw private key.*/ + byte x963Key[ECC_ASN963_MAX_BUF_SZ]; + word32 privKeySz = (word32)sizeof(privKey); + word32 x963KeySz = (word32)sizeof(x963Key); + int ret; + + /* Init stack variables. */ + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&keyImp, 0, sizeof(ecc_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(privKey, 0, privKeySz); + XMEMSET(x963Key, 0, x963KeySz); + PRIVATE_KEY_UNLOCK(); + + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_ecc_init(&keyImp), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ret = wc_ecc_make_key(&rng, KEY48, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + + PRIVATE_KEY_UNLOCK(); + ExpectIntEQ(wc_ecc_export_x963(&key, x963Key, &x963KeySz), 0); + PRIVATE_KEY_LOCK(); + ExpectIntEQ(wc_ecc_export_private_only(&key, privKey, &privKeySz), 0); + + ExpectIntEQ(wc_ecc_import_private_key(privKey, privKeySz, x963Key, + x963KeySz, &keyImp), 0); + /* Pass in bad args. */ + ExpectIntEQ(wc_ecc_import_private_key(privKey, privKeySz, x963Key, + x963KeySz, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_import_private_key(NULL, privKeySz, x963Key, x963KeySz, + &keyImp), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + PRIVATE_KEY_LOCK(); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ecc_free(&keyImp); + wc_ecc_free(&key); + +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_import_private_key */ + +/* + * Testing wc_ecc_export_private_only() + */ +int test_wc_ecc_export_private_only(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) + ecc_key key; + WC_RNG rng; + byte out[ECC_PRIV_KEY_BUF]; + word32 outlen = sizeof(out); + int ret; + + /* Init stack variables. */ + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(out, 0, outlen); + PRIVATE_KEY_UNLOCK(); + + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ret = wc_ecc_make_key(&rng, KEY32, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + + ExpectIntEQ(wc_ecc_export_private_only(&key, out, &outlen), 0); + /* Pass in bad args. */ + ExpectIntEQ(wc_ecc_export_private_only(NULL, out, &outlen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_export_private_only(&key, NULL, &outlen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_export_private_only(&key, out, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + PRIVATE_KEY_LOCK(); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ecc_free(&key); + +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_export_private_only */ + +/* + * Testing wc_ecc_rs_to_sig() + */ +int test_wc_ecc_rs_to_sig(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && !defined(NO_ASN) + /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */ + const char* R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e"; + const char* S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41"; + const char* zeroStr = "0"; + byte sig[ECC_MAX_SIG_SIZE]; + word32 siglen = (word32)sizeof(sig); + /* R and S max size is the order of curve. 2^192.*/ + int keySz = KEY24; + byte r[KEY24]; + byte s[KEY24]; + word32 rlen = (word32)sizeof(r); + word32 slen = (word32)sizeof(s); +#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + word32 zeroLen = 0; +#endif + + /* Init stack variables. */ + XMEMSET(sig, 0, ECC_MAX_SIG_SIZE); + XMEMSET(r, 0, keySz); + XMEMSET(s, 0, keySz); + + ExpectIntEQ(wc_ecc_rs_to_sig(R, S, sig, &siglen), 0); + ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &slen), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ecc_rs_to_sig(NULL, S, sig, &siglen), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_rs_to_sig(R, NULL, sig, &siglen), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_rs_to_sig(R, S, sig, NULL), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_rs_to_sig(R, S, NULL, &siglen), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_rs_to_sig(R, zeroStr, sig, &siglen), + WC_NO_ERR_TRACE(MP_ZERO_E)); + ExpectIntEQ(wc_ecc_rs_to_sig(zeroStr, S, sig, &siglen), + WC_NO_ERR_TRACE(MP_ZERO_E)); + ExpectIntEQ(wc_ecc_sig_to_rs(NULL, siglen, r, &rlen, s, &slen), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, NULL, &rlen, s, &slen), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, NULL, s, &slen), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, NULL, &slen), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, NULL), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); +#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &zeroLen, s, &slen), + WC_NO_ERR_TRACE(BUFFER_E)); + ExpectIntEQ(wc_ecc_sig_to_rs(sig, siglen, r, &rlen, s, &zeroLen), + WC_NO_ERR_TRACE(BUFFER_E)); +#endif +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_rs_to_sig */ + +int test_wc_ecc_import_raw(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && !defined(NO_ECC256) + ecc_key key; + const char* qx = + "bb33ac4c27504ac64aa504c33cde9f36db722dce94ea2bfacb2009392c16e861"; + const char* qy = + "02e9af4dd302939a315b9792217ff0cf18da9111023486e82058330b803489d8"; + const char* d = + "45b66902739c6c85a1385b72e8e8c7acc4038d533504fa6c28dc348de1a8098c"; + const char* curveName = "SECP256R1"; +#ifdef WOLFSSL_VALIDATE_ECC_IMPORT + const char* kNullStr = ""; + int ret; +#endif + + XMEMSET(&key, 0, sizeof(ecc_key)); + + ExpectIntEQ(wc_ecc_init(&key), 0); + + /* Test good import */ + ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, curveName), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_ecc_import_raw(NULL, qx, qy, d, curveName), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_import_raw(&key, NULL, qy, d, curveName), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_import_raw(&key, qx, NULL, d, curveName), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_import_raw(&key, qx, qy, d, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifdef WOLFSSL_VALIDATE_ECC_IMPORT + #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH) + wc_ecc_free(&key); + #endif + ExpectIntLT(ret = wc_ecc_import_raw(&key, kNullStr, kNullStr, kNullStr, + curveName), 0); + ExpectTrue((ret == WC_NO_ERR_TRACE(ECC_INF_E)) || + (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))); +#endif +#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH) + wc_ecc_free(&key); + #endif +#ifdef WOLFSSL_VALIDATE_ECC_IMPORT + ExpectIntLT(ret = wc_ecc_import_raw(&key, "0", qy, d, curveName), 0); + ExpectTrue((ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) || + (ret == WC_NO_ERR_TRACE(MP_VAL))); +#else + ExpectIntEQ(wc_ecc_import_raw(&key, "0", qy, d, curveName), 0); +#endif + #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH) + wc_ecc_free(&key); + #endif +#ifdef WOLFSSL_VALIDATE_ECC_IMPORT + ExpectIntLT(ret = wc_ecc_import_raw(&key, qx, "0", d, curveName), 0); + ExpectTrue((ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) || + (ret == WC_NO_ERR_TRACE(MP_VAL))); +#else + ExpectIntEQ(wc_ecc_import_raw(&key, qx, "0", d, curveName), 0); +#endif + #if !defined(USE_FAST_MATH) && !defined(WOLFSSL_SP_MATH) + wc_ecc_free(&key); + #endif + ExpectIntEQ(wc_ecc_import_raw(&key, "0", "0", d, curveName), + WC_NO_ERR_TRACE(ECC_INF_E)); +#endif + + wc_ecc_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_import_raw */ + +int test_wc_ecc_import_unsigned(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + HAVE_FIPS_VERSION >= 2)) + ecc_key key; + const byte qx[] = { + 0xbb, 0x33, 0xac, 0x4c, 0x27, 0x50, 0x4a, 0xc6, + 0x4a, 0xa5, 0x04, 0xc3, 0x3c, 0xde, 0x9f, 0x36, + 0xdb, 0x72, 0x2d, 0xce, 0x94, 0xea, 0x2b, 0xfa, + 0xcb, 0x20, 0x09, 0x39, 0x2c, 0x16, 0xe8, 0x61 + }; + const byte qy[] = { + 0x02, 0xe9, 0xaf, 0x4d, 0xd3, 0x02, 0x93, 0x9a, + 0x31, 0x5b, 0x97, 0x92, 0x21, 0x7f, 0xf0, 0xcf, + 0x18, 0xda, 0x91, 0x11, 0x02, 0x34, 0x86, 0xe8, + 0x20, 0x58, 0x33, 0x0b, 0x80, 0x34, 0x89, 0xd8 + }; + const byte d[] = { + 0x45, 0xb6, 0x69, 0x02, 0x73, 0x9c, 0x6c, 0x85, + 0xa1, 0x38, 0x5b, 0x72, 0xe8, 0xe8, 0xc7, 0xac, + 0xc4, 0x03, 0x8d, 0x53, 0x35, 0x04, 0xfa, 0x6c, + 0x28, 0xdc, 0x34, 0x8d, 0xe1, 0xa8, 0x09, 0x8c + }; +#ifdef WOLFSSL_VALIDATE_ECC_IMPORT + const byte nullBytes[32] = {0}; + int ret; +#endif + int curveId = ECC_SECP256R1; + + XMEMSET(&key, 0, sizeof(ecc_key)); + + ExpectIntEQ(wc_ecc_init(&key), 0); + + ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d, + curveId), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ecc_import_unsigned(NULL, (byte*)qx, (byte*)qy, (byte*)d, + curveId), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_import_unsigned(&key, NULL, (byte*)qy, (byte*)d, + curveId), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, NULL, (byte*)d, + curveId), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_import_unsigned(&key, (byte*)qx, (byte*)qy, (byte*)d, + ECC_CURVE_INVALID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifdef WOLFSSL_VALIDATE_ECC_IMPORT + ExpectIntLT(ret = wc_ecc_import_unsigned(&key, (byte*)nullBytes, + (byte*)nullBytes, (byte*)nullBytes, curveId), 0); + ExpectTrue((ret == WC_NO_ERR_TRACE(ECC_INF_E)) || + (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))); +#endif + + wc_ecc_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_import_unsigned */ + +/* + * Testing wc_ecc_sig_size() + */ +int test_wc_ecc_sig_size(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && !defined(WC_NO_RNG) + ecc_key key; + WC_RNG rng; + int keySz = KEY16; + int ret; + + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(&key, 0, sizeof(key)); + + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ret = wc_ecc_make_key(&rng, keySz, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + + ExpectIntLE(wc_ecc_sig_size(&key), + (2 * keySz + SIG_HEADER_SZ + ECC_MAX_PAD_SZ)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ecc_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_sig_size */ + +/* + * Testing wc_ecc_ctx_new() + */ +int test_wc_ecc_ctx_new(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) + WC_RNG rng; + ecEncCtx* cli = NULL; + ecEncCtx* srv = NULL; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectNotNull(cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)); + ExpectNotNull(srv = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng)); + wc_ecc_ctx_free(cli); + cli = NULL; + wc_ecc_ctx_free(srv); + + /* Test bad args. */ + /* wc_ecc_ctx_new_ex() will free if returned NULL. */ + ExpectNull(cli = wc_ecc_ctx_new(0, &rng)); + ExpectNull(cli = wc_ecc_ctx_new(REQ_RESP_CLIENT, NULL)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ecc_ctx_free(cli); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_ctx_new */ + +/* + * Tesing wc_ecc_reset() + */ +int test_wc_ecc_ctx_reset(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) + ecEncCtx* ctx = NULL; + WC_RNG rng; + + XMEMSET(&rng, 0, sizeof(rng)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectNotNull(ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)); + + ExpectIntEQ(wc_ecc_ctx_reset(ctx, &rng), 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_ecc_ctx_reset(NULL, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_ctx_reset(ctx, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_ecc_ctx_free(ctx); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_ctx_reset */ + +/* + * Testing wc_ecc_ctx_set_peer_salt() and wc_ecc_ctx_get_own_salt() + */ +int test_wc_ecc_ctx_set_peer_salt(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) + WC_RNG rng; + ecEncCtx* cliCtx = NULL; + ecEncCtx* servCtx = NULL; + const byte* cliSalt = NULL; + const byte* servSalt = NULL; + + XMEMSET(&rng, 0, sizeof(rng)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectNotNull(cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)); + ExpectNotNull(servCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, &rng)); + + /* Test bad args. */ + ExpectNull(cliSalt = wc_ecc_ctx_get_own_salt(NULL)); + + ExpectNotNull(cliSalt = wc_ecc_ctx_get_own_salt(cliCtx)); + ExpectNotNull(servSalt = wc_ecc_ctx_get_own_salt(servCtx)); + + ExpectIntEQ(wc_ecc_ctx_set_peer_salt(cliCtx, servSalt), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ecc_ctx_set_peer_salt(NULL, servSalt), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_ctx_set_peer_salt(cliCtx, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_ecc_ctx_free(cliCtx); + wc_ecc_ctx_free(servCtx); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_ecc_ctx_set_peer_salt */ + +/* + * Testing wc_ecc_ctx_set_info() + */ +int test_wc_ecc_ctx_set_info(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) + ecEncCtx* ctx = NULL; + WC_RNG rng; + const char* optInfo = "Optional Test Info."; + int optInfoSz = (int)XSTRLEN(optInfo); + const char* badOptInfo = NULL; + + XMEMSET(&rng, 0, sizeof(rng)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectNotNull(ctx = wc_ecc_ctx_new(REQ_RESP_CLIENT, &rng)); + + ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)optInfo, optInfoSz), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ecc_ctx_set_info(NULL, (byte*)optInfo, optInfoSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)badOptInfo, optInfoSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_ctx_set_info(ctx, (byte*)optInfo, -1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_ecc_ctx_free(ctx); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_ctx_set_info */ + +/* + * Testing wc_ecc_encrypt() and wc_ecc_decrypt() + */ +int test_wc_ecc_encryptDecrypt(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(HAVE_ECC_ENCRYPT) && !defined(WC_NO_RNG) && \ + defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + ecc_key srvKey; + ecc_key cliKey; + ecc_key tmpKey; + WC_RNG rng; + int ret; + const char* msg = "EccBlock Size 16"; + word32 msgSz = (word32)XSTRLEN("EccBlock Size 16"); +#ifdef WOLFSSL_ECIES_OLD + byte out[(sizeof("EccBlock Size 16") - 1) + WC_SHA256_DIGEST_SIZE]; +#elif defined(WOLFSSL_ECIES_GEN_IV) + byte out[KEY20 * 2 + 1 + AES_BLOCK_SIZE + + (sizeof("EccBlock Size 16") - 1) + WC_SHA256_DIGEST_SIZE]; +#else + byte out[KEY20 * 2 + 1 + (sizeof("EccBlock Size 16") - 1) + + WC_SHA256_DIGEST_SIZE]; +#endif + word32 outSz = (word32)sizeof(out); + byte plain[sizeof("EccBlock Size 16")]; + word32 plainSz = (word32)sizeof(plain); + int keySz = KEY20; + + /* Init stack variables. */ + XMEMSET(out, 0, outSz); + XMEMSET(plain, 0, plainSz); + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(&srvKey, 0, sizeof(ecc_key)); + XMEMSET(&cliKey, 0, sizeof(ecc_key)); + XMEMSET(&tmpKey, 0, sizeof(ecc_key)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ecc_init(&cliKey), 0); + ret = wc_ecc_make_key(&rng, keySz, &cliKey); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &cliKey.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + + ExpectIntEQ(wc_ecc_init(&srvKey), 0); + ret = wc_ecc_make_key(&rng, keySz, &srvKey); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &srvKey.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + + ExpectIntEQ(wc_ecc_init(&tmpKey), 0); + +#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ + !defined(HAVE_SELFTEST) + ExpectIntEQ(wc_ecc_set_rng(&srvKey, &rng), 0); + ExpectIntEQ(wc_ecc_set_rng(&cliKey, &rng), 0); +#endif + + ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out, + &outSz, NULL), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ecc_encrypt(NULL, &srvKey, (byte*)msg, msgSz, out, &outSz, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_encrypt(&cliKey, NULL, (byte*)msg, msgSz, out, &outSz, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, NULL, msgSz, out, &outSz, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, NULL, + &outSz, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_encrypt(&cliKey, &srvKey, (byte*)msg, msgSz, out, NULL, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#ifdef WOLFSSL_ECIES_OLD + tmpKey.dp = cliKey.dp; + ExpectIntEQ(wc_ecc_copy_point(&cliKey.pubkey, &tmpKey.pubkey), 0); +#endif + + ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain, &plainSz, + NULL), 0); + ExpectIntEQ(wc_ecc_decrypt(NULL, &tmpKey, out, outSz, plain, &plainSz, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifdef WOLFSSL_ECIES_OLD + /* NULL parameter allowed in new implementations - public key comes from + * the message. */ + ExpectIntEQ(wc_ecc_decrypt(&srvKey, NULL, out, outSz, plain, &plainSz, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, NULL, outSz, plain, &plainSz, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, NULL, &plainSz, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_decrypt(&srvKey, &tmpKey, out, outSz, plain, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(XMEMCMP(msg, plain, msgSz), 0); + + wc_ecc_free(&tmpKey); + wc_ecc_free(&srvKey); + wc_ecc_free(&cliKey); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_encryptDecrypt */ + +/* + * Testing wc_ecc_del_point() and wc_ecc_new_point() + */ +int test_wc_ecc_del_point(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) + ecc_point* pt = NULL; + + ExpectNotNull(pt = wc_ecc_new_point()); + wc_ecc_del_point(pt); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_del_point */ + +/* + * Testing wc_ecc_point_is_at_infinity(), wc_ecc_export_point_der(), + * wc_ecc_import_point_der(), wc_ecc_copy_point(), wc_ecc_point_is_on_curve(), + * and wc_ecc_cmp_point() + */ +int test_wc_ecc_pointFns(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && \ + !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + ecc_key key; + WC_RNG rng; + int ret; + ecc_point* point = NULL; + ecc_point* cpypt = NULL; + int idx = 0; + int keySz = KEY32; + byte der[DER_SZ(KEY32)]; + word32 derlenChk = 0; + word32 derSz = DER_SZ(KEY32); + + /* Init stack variables. */ + XMEMSET(der, 0, derSz); + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ecc_init(&key), 0); + ret = wc_ecc_make_key(&rng, keySz, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + + ExpectNotNull(point = wc_ecc_new_point()); + ExpectNotNull(cpypt = wc_ecc_new_point()); + + /* Export */ + ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, NULL, + &derlenChk), WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + /* Check length value. */ + ExpectIntEQ(derSz, derlenChk); + ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, der, + &derSz), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ecc_export_point_der(-2, &key.pubkey, der, &derSz), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), NULL, der, &derSz), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_export_point_der((idx = key.idx), &key.pubkey, der, + NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + + /* Import */ + ExpectIntEQ(wc_ecc_import_point_der(der, derSz, idx, point), 0); + ExpectIntEQ(wc_ecc_cmp_point(&key.pubkey, point), 0); + /* Test bad args. */ + ExpectIntEQ( wc_ecc_import_point_der(NULL, derSz, idx, point), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_import_point_der(der, derSz, idx, NULL), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_import_point_der(der, derSz, -1, point), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_import_point_der(der, derSz + 1, idx, point), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + + /* Copy */ + ExpectIntEQ(wc_ecc_copy_point(point, cpypt), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ecc_copy_point(NULL, cpypt), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_copy_point(point, NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + + /* Compare point */ + ExpectIntEQ(wc_ecc_cmp_point(point, cpypt), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ecc_cmp_point(NULL, cpypt), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_cmp_point(point, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* At infinity if return == 1, otherwise return == 0. */ + ExpectIntEQ(wc_ecc_point_is_at_infinity(point), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ecc_point_is_at_infinity(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))) +#ifdef USE_ECC_B_PARAM + /* On curve if ret == 0 */ + ExpectIntEQ(wc_ecc_point_is_on_curve(point, idx), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ecc_point_is_on_curve(NULL, idx), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_point_is_on_curve(point, 1000), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); +#endif /* USE_ECC_B_PARAM */ +#endif /* !HAVE_SELFTEST && (!HAVE_FIPS || HAVE_FIPS_VERSION > 2) */ + + /* Free */ + wc_ecc_del_point(point); + wc_ecc_del_point(cpypt); + wc_ecc_free(&key); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_pointFns */ + +/* + * Testing wc_ecc_shared_secret_ssh() + */ +int test_wc_ecc_shared_secret_ssh(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(HAVE_ECC_DHE) && \ + !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \ + !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + ecc_key key; + ecc_key key2; + WC_RNG rng; + int ret; + int keySz = KEY32; +#if FIPS_VERSION3_GE(6,0,0) + int key2Sz = KEY28; +#else + int key2Sz = KEY24; +#endif + byte secret[KEY32]; + word32 secretLen = (word32)keySz; + + /* Init stack variables. */ + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&key2, 0, sizeof(ecc_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(secret, 0, secretLen); + PRIVATE_KEY_UNLOCK(); + + /* Make keys */ + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ret = wc_ecc_make_key(&rng, keySz, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + DoExpectIntEQ(wc_FreeRng(&rng), 0); + + ExpectIntEQ(wc_ecc_init(&key2), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ret = wc_ecc_make_key(&rng, key2Sz, &key2); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key2.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + +#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ + !defined(HAVE_SELFTEST) + ExpectIntEQ(wc_ecc_set_rng(&key, &rng), 0); +#endif + + ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, + &secretLen), 0); + /* Pass in bad args. */ + ExpectIntEQ(wc_ecc_shared_secret_ssh(NULL, &key2.pubkey, secret, + &secretLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, NULL, secret, &secretLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, NULL, &secretLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + key.type = ECC_PUBLICKEY; + ExpectIntEQ(wc_ecc_shared_secret_ssh(&key, &key2.pubkey, secret, + &secretLen), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + PRIVATE_KEY_LOCK(); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ecc_free(&key); + wc_ecc_free(&key2); + +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_shared_secret_ssh */ + +/* + * Testing wc_ecc_verify_hash_ex() and wc_ecc_verify_hash_ex() + */ +int test_wc_ecc_verify_hash_ex(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(HAVE_ECC_SIGN) && defined(WOLFSSL_PUBLIC_MP) \ + && !defined(WC_NO_RNG) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) && !defined(WOLFSSL_KCAPI_ECC) + ecc_key key; + WC_RNG rng; + int ret; + mp_int r; + mp_int s; + mp_int z; + unsigned char hash[] = "Everyone gets Friday off.EccSig"; + unsigned char iHash[] = "Everyone gets Friday off......."; + unsigned char shortHash[] = TEST_STRING; + word32 hashlen = sizeof(hash); + word32 iHashLen = sizeof(iHash); + word32 shortHashLen = sizeof(shortHash); + int keySz = KEY32; + int verify_ok = 0; + + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(&r, 0, sizeof(mp_int)); + XMEMSET(&s, 0, sizeof(mp_int)); + XMEMSET(&z, 0, sizeof(mp_int)); + + /* Initialize r, s and z. */ + ExpectIntEQ(mp_init_multi(&r, &s, &z, NULL, NULL, NULL), MP_OKAY); + + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ret = wc_ecc_make_key(&rng, keySz, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + + ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, &s), 0); + /* verify_ok should be 1. */ + ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, hash, hashlen, &verify_ok, &key), + 0); + ExpectIntEQ(verify_ok, 1); + + /* verify_ok should be 0 */ + ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, iHash, iHashLen, &verify_ok, + &key), 0); + ExpectIntEQ(verify_ok, 0); + + /* verify_ok should be 0. */ + ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen, + &verify_ok, &key), 0); + ExpectIntEQ(verify_ok, 0); + + /* Test bad args. */ + ExpectIntEQ(wc_ecc_sign_hash_ex(NULL, hashlen, &rng, &key, &r, &s), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, NULL, &key, &r, &s), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, NULL, &r, &s), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, NULL, &s), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_sign_hash_ex(hash, hashlen, &rng, &key, &r, NULL), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + /* Test bad args. */ + ExpectIntEQ(wc_ecc_verify_hash_ex(NULL, &s, shortHash, shortHashLen, + &verify_ok, &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_verify_hash_ex(&r, NULL, shortHash, shortHashLen, + &verify_ok, &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_verify_hash_ex(&z, &s, shortHash, shortHashLen, + &verify_ok, &key), WC_NO_ERR_TRACE(MP_ZERO_E)); + ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &z, shortHash, shortHashLen, + &verify_ok, &key), WC_NO_ERR_TRACE(MP_ZERO_E)); + ExpectIntEQ(wc_ecc_verify_hash_ex(&z, &z, shortHash, shortHashLen, + &verify_ok, &key), WC_NO_ERR_TRACE(MP_ZERO_E)); + ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, NULL, shortHashLen, &verify_ok, + &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen, NULL, + &key), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_verify_hash_ex(&r, &s, shortHash, shortHashLen, + &verify_ok, NULL), WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + + wc_ecc_free(&key); + mp_free(&r); + mp_free(&s); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_verify_hash_ex */ + +/* + * Testing wc_ecc_mulmod() + */ +int test_wc_ecc_mulmod(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \ + !(defined(WOLFSSL_ATECC508A) || defined(WOLFSSL_ATECC608A) || \ + defined(WOLFSSL_VALIDATE_ECC_IMPORT)) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) + ecc_key key1; + ecc_key key2; + ecc_key key3; + WC_RNG rng; + int ret; + + XMEMSET(&key1, 0, sizeof(ecc_key)); + XMEMSET(&key2, 0, sizeof(ecc_key)); + XMEMSET(&key3, 0, sizeof(ecc_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ecc_init(&key1), 0); + ExpectIntEQ(wc_ecc_init(&key2), 0); + ExpectIntEQ(wc_ecc_init(&key3), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ret = wc_ecc_make_key(&rng, KEY32, &key1); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key1.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + DoExpectIntEQ(wc_FreeRng(&rng), 0); + + ExpectIntEQ(wc_ecc_import_raw_ex(&key2, key1.dp->Gx, key1.dp->Gy, + key1.dp->Af, ECC_SECP256R1), 0); + ExpectIntEQ(wc_ecc_import_raw_ex(&key3, key1.dp->Gx, key1.dp->Gy, + key1.dp->prime, ECC_SECP256R1), 0); + + ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey, + &key3.pubkey, wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), + 1), 0); + + /* Test bad args. */ + ExpectIntEQ(ret = wc_ecc_mulmod(NULL, &key2.pubkey, &key3.pubkey, + wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), NULL, &key3.pubkey, + wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey, NULL, + wc_ecc_key_get_priv(&key2), wc_ecc_key_get_priv(&key3), 1), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + ExpectIntEQ(wc_ecc_mulmod(wc_ecc_key_get_priv(&key1), &key2.pubkey, + &key3.pubkey, wc_ecc_key_get_priv(&key2), NULL, 1), + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)); + + wc_ecc_free(&key1); + wc_ecc_free(&key2); + wc_ecc_free(&key3); + +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif +#endif /* HAVE_ECC && !WOLFSSL_ATECC508A */ + return EXPECT_RESULT(); +} /* END test_wc_ecc_mulmod */ + +/* + * Testing wc_ecc_is_valid_idx() + */ +int test_wc_ecc_is_valid_idx(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && !defined(WC_NO_RNG) + ecc_key key; + WC_RNG rng; + int ret; + int iVal = -2; + int iVal2 = 3000; + + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ret = wc_ecc_make_key(&rng, 32, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + + ExpectIntEQ(wc_ecc_is_valid_idx(key.idx), 1); + /* Test bad args. */ + ExpectIntEQ(wc_ecc_is_valid_idx(iVal), 0); + ExpectIntEQ(wc_ecc_is_valid_idx(iVal2), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ecc_free(&key); + +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_is_valid_idx */ + +/* + * Testing wc_ecc_get_curve_id_from_oid() + */ +int test_wc_ecc_get_curve_id_from_oid(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(HAVE_SELFTEST) && \ + !defined(HAVE_FIPS) + const byte oid[] = {0x2A,0x86,0x48,0xCE,0x3D,0x03,0x01,0x07}; + word32 len = sizeof(oid); + + /* Bad Cases */ + ExpectIntEQ(wc_ecc_get_curve_id_from_oid(NULL, len), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_get_curve_id_from_oid(oid, 0), ECC_CURVE_INVALID); + /* Good Case */ + ExpectIntEQ(wc_ecc_get_curve_id_from_oid(oid, len), ECC_SECP256R1); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_get_curve_id_from_oid */ + +/* + * Testing wc_ecc_sig_size_calc() + */ +int test_wc_ecc_sig_size_calc(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) + ecc_key key; + WC_RNG rng; + int sz = 0; + int ret; + + XMEMSET(&key, 0, sizeof(ecc_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ecc_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ret = wc_ecc_make_key(&rng, 16, &key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key.asyncDev, WC_ASYNC_FLAG_NONE); +#endif +#if FIPS_VERSION3_GE(6,0,0) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#else + ExpectIntEQ(ret, 0); +#endif +#if FIPS_VERSION3_LT(6,0,0) + sz = key.dp->size; + ExpectIntGT(wc_ecc_sig_size_calc(sz), 0); +#else + (void) sz; +#endif + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ecc_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ecc_sig_size_calc */ + +/* + * Testing wc_EccPrivateKeyToDer + */ +int test_wc_EccPrivateKeyToDer(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) + byte output[ONEK_BUF]; + ecc_key eccKey; + WC_RNG rng; + word32 inLen = 0; + word32 outLen = 0; + int ret; + + XMEMSET(&eccKey, 0, sizeof(ecc_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + PRIVATE_KEY_UNLOCK(); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ecc_init(&eccKey), 0); + ret = wc_ecc_make_key(&rng, KEY14, &eccKey); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &eccKey.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + ExpectIntEQ(ret, 0); + + /* Bad Cases */ + ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_EccPrivateKeyToDer(NULL, output, inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + inLen = wc_EccPrivateKeyToDer(&eccKey, NULL, 0); + ExpectIntGT(inLen, 0); + ExpectIntEQ(wc_EccPrivateKeyToDer(&eccKey, output, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Good Case */ + ExpectIntGT(outLen = (word32)wc_EccPrivateKeyToDer(&eccKey, output, inLen), + 0); + + wc_ecc_free(&eccKey); + DoExpectIntEQ(wc_FreeRng(&rng), 0); + +#if defined(OPENSSL_EXTRA) && defined(HAVE_ALL_CURVES) + { + /* test importing private only into a PKEY struct */ + EC_KEY* ec = NULL; + EVP_PKEY* pkey = NULL; + const unsigned char* der; + + der = output; + ExpectNotNull(pkey = d2i_PrivateKey(EVP_PKEY_EC, NULL, &der, outLen)); + + der = output; + ExpectNotNull(ec = d2i_ECPrivateKey(NULL, &der, outLen)); + ExpectIntEQ(EVP_PKEY_assign_EC_KEY(pkey, ec), SSL_SUCCESS); + if (EXPECT_FAIL()) { + EC_KEY_free(ec); + } + EVP_PKEY_free(pkey); /* EC_KEY should be free'd by free'ing pkey */ + } +#endif + PRIVATE_KEY_LOCK(); +#endif + return EXPECT_RESULT(); +} /* End test_wc_EccPrivateKeyToDer */ + diff --git a/test/ssl/wolfssl/tests/api/test_ecc.h b/test/ssl/wolfssl/tests/api/test_ecc.h new file mode 100644 index 000000000..ff0505ed1 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ecc.h @@ -0,0 +1,100 @@ +/* test_ecc.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_ECC_H +#define WOLFCRYPT_TEST_ECC_H + +#include + +int test_wc_ecc_get_curve_size_from_name(void); +int test_wc_ecc_get_curve_id_from_name(void); +int test_wc_ecc_get_curve_id_from_params(void); +int test_wc_ecc_get_curve_id_from_dp_params(void); +int test_wc_ecc_make_key(void); +int test_wc_ecc_init(void); +int test_wc_ecc_check_key(void); +int test_wc_ecc_get_generator(void); +int test_wc_ecc_size(void); +int test_wc_ecc_params(void); +int test_wc_ecc_signVerify_hash(void); +int test_wc_ecc_shared_secret(void); +int test_wc_ecc_export_x963(void); +int test_wc_ecc_export_x963_ex(void); +int test_wc_ecc_import_x963(void); +int test_wc_ecc_import_private_key(void); +int test_wc_ecc_export_private_only(void); +int test_wc_ecc_rs_to_sig(void); +int test_wc_ecc_import_raw(void); +int test_wc_ecc_import_unsigned(void); +int test_wc_ecc_sig_size(void); +int test_wc_ecc_ctx_new(void); +int test_wc_ecc_ctx_reset(void); +int test_wc_ecc_ctx_set_peer_salt(void); +int test_wc_ecc_ctx_set_info(void); +int test_wc_ecc_encryptDecrypt(void); +int test_wc_ecc_del_point(void); +int test_wc_ecc_pointFns(void); +int test_wc_ecc_shared_secret_ssh(void); +int test_wc_ecc_verify_hash_ex(void); +int test_wc_ecc_mulmod(void); +int test_wc_ecc_is_valid_idx(void); +int test_wc_ecc_get_curve_id_from_oid(void); +int test_wc_ecc_sig_size_calc(void); +int test_wc_EccPrivateKeyToDer(void); + +#define TEST_ECC_DECLS \ + TEST_DECL_GROUP("ecc", test_wc_ecc_get_curve_size_from_name), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_get_curve_id_from_name), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_get_curve_id_from_params), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_get_curve_id_from_dp_params), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_make_key), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_init), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_check_key), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_get_generator), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_size), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_params), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_signVerify_hash), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_shared_secret), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_export_x963), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_export_x963_ex), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_import_x963), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_import_private_key), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_export_private_only), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_rs_to_sig), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_import_raw), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_import_unsigned), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_sig_size), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_ctx_new), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_ctx_reset), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_ctx_set_peer_salt), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_ctx_set_info), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_encryptDecrypt), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_del_point), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_pointFns), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_shared_secret_ssh), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_verify_hash_ex), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_mulmod), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_is_valid_idx), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_get_curve_id_from_oid), \ + TEST_DECL_GROUP("ecc", test_wc_ecc_sig_size_calc), \ + TEST_DECL_GROUP("ecc", test_wc_EccPrivateKeyToDer) + +#endif /* WOLFCRYPT_TEST_ECC_H */ diff --git a/test/ssl/wolfssl/tests/api/test_ed25519.c b/test/ssl/wolfssl/tests/api/test_ed25519.c new file mode 100644 index 000000000..88d83d67a --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ed25519.c @@ -0,0 +1,597 @@ +/* test_ed25519.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/* + * Testing wc_ed25519_make_key(). + */ +int test_wc_ed25519_make_key(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_MAKE_KEY) + ed25519_key key; + WC_RNG rng; + unsigned char pubkey[ED25519_PUB_KEY_SIZE+1]; + int pubkey_sz = ED25519_PUB_KEY_SIZE; + + XMEMSET(&key, 0, sizeof(ed25519_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed25519_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + + ExpectIntEQ(wc_ed25519_make_public(&key, pubkey, (word32)pubkey_sz), + WC_NO_ERR_TRACE(ECC_PRIV_KEY_E)); + ExpectIntEQ(wc_ed25519_make_public(&key, pubkey+1, (word32)pubkey_sz), + WC_NO_ERR_TRACE(ECC_PRIV_KEY_E)); + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_ed25519_make_key(NULL, ED25519_KEY_SIZE, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE - 1, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE + 1, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed25519_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ed25519_make_key */ + +/* + * Testing wc_ed25519_init() + */ +int test_wc_ed25519_init(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED25519) + ed25519_key key; + + XMEMSET(&key, 0, sizeof(ed25519_key)); + + ExpectIntEQ(wc_ed25519_init(&key), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ed25519_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_ed25519_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ed25519_init */ + +/* + * Test wc_ed25519_sign_msg() and wc_ed25519_verify_msg() + */ +int test_wc_ed25519_sign_msg(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_SIGN) + WC_RNG rng; + ed25519_key key; + byte msg[] = "Everybody gets Friday off.\n"; + byte sig[ED25519_SIG_SIZE+1]; + word32 msglen = sizeof(msg); + word32 siglen = ED25519_SIG_SIZE; + word32 badSigLen = ED25519_SIG_SIZE - 1; +#ifdef HAVE_ED25519_VERIFY + int verify_ok = 0; /*1 = Verify success.*/ +#endif + + /* Initialize stack variables. */ + XMEMSET(&key, 0, sizeof(ed25519_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(sig, 0, sizeof(sig)); + + /* Initialize key. */ + ExpectIntEQ(wc_ed25519_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0); + + ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &siglen, &key), 0); + ExpectIntEQ(siglen, ED25519_SIG_SIZE); + ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig+1, &siglen, &key), 0); + ExpectIntEQ(siglen, ED25519_SIG_SIZE); + + /* Test bad args. */ + ExpectIntEQ(wc_ed25519_sign_msg(NULL, msglen, sig, &siglen, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, NULL, &siglen, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, NULL, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &siglen, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_sign_msg(msg, msglen, sig, &badSigLen, &key), + WC_NO_ERR_TRACE(BUFFER_E)); + ExpectIntEQ(badSigLen, ED25519_SIG_SIZE); + badSigLen--; + +#ifdef HAVE_ED25519_VERIFY + ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, &verify_ok, + &key), 0); + ExpectIntEQ(verify_ok, 1); + + /* Test bad args. */ + ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen - 1, msg, msglen, + &verify_ok, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen + 1, msg, msglen, + &verify_ok, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_verify_msg(NULL, siglen, msg, msglen, &verify_ok, + &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, NULL, msglen, &verify_ok, + &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, NULL, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_verify_msg(sig+1, siglen, msg, msglen, &verify_ok, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_verify_msg(sig+1, badSigLen, msg, msglen, &verify_ok, + &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif /* Verify. */ + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed25519_free(&key); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_ed25519_sign_msg */ + +/* + * Testing wc_ed25519_import_public() + */ +int test_wc_ed25519_import_public(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) + ed25519_key pubKey; + WC_RNG rng; + const byte in[] = "Ed25519PublicKeyUnitTest......\n"; + word32 inlen = sizeof(in); + + XMEMSET(&pubKey, 0, sizeof(ed25519_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed25519_init(&pubKey), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); +#ifdef HAVE_ED25519_MAKE_KEY + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &pubKey), 0); +#endif + + ExpectIntEQ(wc_ed25519_import_public_ex(in, inlen, &pubKey, 1), 0); + ExpectIntEQ(XMEMCMP(in, pubKey.p, inlen), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_ed25519_import_public(NULL, inlen, &pubKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_import_public(in, inlen, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_import_public(in, inlen - 1, &pubKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed25519_free(&pubKey); +#endif + return EXPECT_RESULT(); +} /* END wc_ed25519_import_public */ + +/* + * Testing wc_ed25519_import_private_key() + */ +int test_wc_ed25519_import_private_key(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_IMPORT) + ed25519_key key; + WC_RNG rng; + const byte privKey[] = "Ed25519PrivateKeyUnitTest.....\n"; + const byte pubKey[] = "Ed25519PublicKeyUnitTest......\n"; + word32 privKeySz = sizeof(privKey); + word32 pubKeySz = sizeof(pubKey); +#ifdef HAVE_ED25519_KEY_EXPORT + byte bothKeys[sizeof(privKey) + sizeof(pubKey)]; + word32 bothKeysSz = sizeof(bothKeys); +#endif + + XMEMSET(&key, 0, sizeof(ed25519_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed25519_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); +#ifdef HAVE_ED25519_MAKE_KEY + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0); +#endif + + ExpectIntEQ(wc_ed25519_import_private_key_ex(privKey, privKeySz, pubKey, + pubKeySz, &key, 1), 0); + ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0); + ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0); + +#ifdef HAVE_ED25519_KEY_EXPORT + PRIVATE_KEY_UNLOCK(); + ExpectIntEQ(wc_ed25519_export_private(&key, bothKeys, &bothKeysSz), 0); + PRIVATE_KEY_LOCK(); + ExpectIntEQ(wc_ed25519_import_private_key_ex(bothKeys, bothKeysSz, NULL, 0, + &key, 1), 0); + ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0); + ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0); +#endif + + /* Test bad args. */ + ExpectIntEQ(wc_ed25519_import_private_key(NULL, privKeySz, pubKey, pubKeySz, + &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, NULL, + pubKeySz, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, pubKey, + pubKeySz, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz - 1, pubKey, + pubKeySz, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, pubKey, + pubKeySz - 1, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_import_private_key(privKey, privKeySz, NULL, 0, + &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed25519_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ed25519_import_private_key */ + +/* + * Testing wc_ed25519_export_public() and wc_ed25519_export_private_only() + */ +int test_wc_ed25519_export(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) + ed25519_key key; + WC_RNG rng; + byte priv[ED25519_PRV_KEY_SIZE]; + byte pub[ED25519_PUB_KEY_SIZE]; + word32 privSz = sizeof(priv); + word32 pubSz = sizeof(pub); +#ifndef HAVE_ED25519_MAKE_KEY + const byte privKey[] = { + 0xf8, 0x55, 0xb7, 0xb6, 0x49, 0x3f, 0x99, 0x9c, + 0x88, 0xe3, 0xc5, 0x42, 0x6a, 0xa4, 0x47, 0x4a, + 0xe4, 0x95, 0xda, 0xdb, 0xbf, 0xf8, 0xa7, 0x42, + 0x9d, 0x0e, 0xe7, 0xd0, 0x57, 0x8f, 0x16, 0x69 + }; + const byte pubKey[] = { + 0x42, 0x3b, 0x7a, 0xf9, 0x82, 0xcf, 0xf9, 0xdf, + 0x19, 0xdd, 0xf3, 0xf0, 0x32, 0x29, 0x6d, 0xfa, + 0xfd, 0x76, 0x4f, 0x68, 0xc2, 0xc2, 0xe0, 0x6c, + 0x47, 0xae, 0xc2, 0x55, 0x68, 0xac, 0x0d, 0x4d + }; +#endif + + XMEMSET(&key, 0, sizeof(ed25519_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed25519_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); +#ifdef HAVE_ED25519_MAKE_KEY + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0); +#else + ExpectIntEQ(wc_ed25519_import_private_key_ex(privKey, sizeof(privKey), + pubKey, sizeof(pubKey), &key, 1), 0); +#endif + + PRIVATE_KEY_UNLOCK(); + ExpectIntEQ(wc_ed25519_export_public(&key, pub, &pubSz), 0); + ExpectIntEQ(pubSz, ED25519_KEY_SIZE); + ExpectIntEQ(XMEMCMP(key.p, pub, pubSz), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ed25519_export_public(NULL, pub, &pubSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_export_public(&key, NULL, &pubSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_export_public(&key, pub, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, &privSz), 0); + ExpectIntEQ(privSz, ED25519_KEY_SIZE); + ExpectIntEQ(XMEMCMP(key.k, priv, privSz), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ed25519_export_private_only(NULL, priv, &privSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_export_private_only(&key, NULL, &privSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_export_private_only(&key, priv, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + PRIVATE_KEY_LOCK(); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed25519_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ed25519_export */ + +/* + * Testing wc_ed25519_size() + */ +int test_wc_ed25519_size(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED25519) + ed25519_key key; + WC_RNG rng; +#ifndef HAVE_ED25519_MAKE_KEY + const byte privKey[] = { + 0xf8, 0x55, 0xb7, 0xb6, 0x49, 0x3f, 0x99, 0x9c, + 0x88, 0xe3, 0xc5, 0x42, 0x6a, 0xa4, 0x47, 0x4a, + 0xe4, 0x95, 0xda, 0xdb, 0xbf, 0xf8, 0xa7, 0x42, + 0x9d, 0x0e, 0xe7, 0xd0, 0x57, 0x8f, 0x16, 0x69 + }; + const byte pubKey[] = { + 0x42, 0x3b, 0x7a, 0xf9, 0x82, 0xcf, 0xf9, 0xdf, + 0x19, 0xdd, 0xf3, 0xf0, 0x32, 0x29, 0x6d, 0xfa, + 0xfd, 0x76, 0x4f, 0x68, 0xc2, 0xc2, 0xe0, 0x6c, + 0x47, 0xae, 0xc2, 0x55, 0x68, 0xac, 0x0d, 0x4d + }; +#endif + + XMEMSET(&key, 0, sizeof(ed25519_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed25519_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); +#ifdef HAVE_ED25519_MAKE_KEY + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0); +#else + ExpectIntEQ(wc_ed25519_import_private_key_ex(privKey, sizeof(privKey), + pubKey, sizeof(pubKey), &key, 1), 0); +#endif + + ExpectIntEQ(wc_ed25519_size(&key), ED25519_KEY_SIZE); + /* Test bad args. */ + ExpectIntEQ(wc_ed25519_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ed25519_sig_size(&key), ED25519_SIG_SIZE); + /* Test bad args. */ + ExpectIntEQ(wc_ed25519_sig_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ed25519_pub_size(&key), ED25519_PUB_KEY_SIZE); + /* Test bad args. */ + ExpectIntEQ(wc_ed25519_pub_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ed25519_priv_size(&key), ED25519_PRV_KEY_SIZE); + /* Test bad args. */ + ExpectIntEQ(wc_ed25519_priv_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed25519_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ed25519_size */ + +/* + * Testing wc_ed25519_export_private() and wc_ed25519_export_key() + */ +int test_wc_ed25519_exportKey(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) + WC_RNG rng; + ed25519_key key; + byte priv[ED25519_PRV_KEY_SIZE]; + byte pub[ED25519_PUB_KEY_SIZE]; + byte privOnly[ED25519_PRV_KEY_SIZE]; + word32 privSz = sizeof(priv); + word32 pubSz = sizeof(pub); + word32 privOnlySz = sizeof(privOnly); +#ifndef HAVE_ED25519_MAKE_KEY + const byte privKey[] = { + 0xf8, 0x55, 0xb7, 0xb6, 0x49, 0x3f, 0x99, 0x9c, + 0x88, 0xe3, 0xc5, 0x42, 0x6a, 0xa4, 0x47, 0x4a, + 0xe4, 0x95, 0xda, 0xdb, 0xbf, 0xf8, 0xa7, 0x42, + 0x9d, 0x0e, 0xe7, 0xd0, 0x57, 0x8f, 0x16, 0x69 + }; + const byte pubKey[] = { + 0x42, 0x3b, 0x7a, 0xf9, 0x82, 0xcf, 0xf9, 0xdf, + 0x19, 0xdd, 0xf3, 0xf0, 0x32, 0x29, 0x6d, 0xfa, + 0xfd, 0x76, 0x4f, 0x68, 0xc2, 0xc2, 0xe0, 0x6c, + 0x47, 0xae, 0xc2, 0x55, 0x68, 0xac, 0x0d, 0x4d + }; +#endif + + XMEMSET(&key, 0, sizeof(ed25519_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed25519_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); +#ifdef HAVE_ED25519_MAKE_KEY + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0); +#else + ExpectIntEQ(wc_ed25519_import_private_key_ex(privKey, sizeof(privKey), + pubKey, sizeof(pubKey), &key, 1), 0); +#endif + + PRIVATE_KEY_UNLOCK(); + ExpectIntEQ(wc_ed25519_export_private(&key, privOnly, &privOnlySz), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ed25519_export_private(NULL, privOnly, &privOnlySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_export_private(&key, NULL, &privOnlySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_export_private(&key, privOnly, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, pub, &pubSz), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ed25519_export_key(NULL, priv, &privSz, pub, &pubSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_export_key(&key, NULL, &privSz, pub, &pubSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_export_key(&key, priv, NULL, pub, &pubSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, NULL, &pubSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_export_key(&key, priv, &privSz, pub, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + PRIVATE_KEY_LOCK(); + + /* Cross check output. */ + ExpectIntEQ(XMEMCMP(priv, privOnly, privSz), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed25519_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ed25519_exportKey */ + +/* + * Testing wc_Ed25519PublicKeyToDer + */ +int test_wc_Ed25519PublicKeyToDer(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) + ed25519_key key; + byte derBuf[1024]; + + XMEMSET(&key, 0, sizeof(ed25519_key)); + + /* Test bad args */ + ExpectIntEQ(wc_Ed25519PublicKeyToDer(NULL, NULL, 0, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed25519_init(&key), 0); + ExpectIntEQ(wc_Ed25519PublicKeyToDer(&key, derBuf, 0, 0), + WC_NO_ERR_TRACE(BUFFER_E)); + wc_ed25519_free(&key); + + /* Test good args */ + if (EXPECT_SUCCESS()) { + WC_RNG rng; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed25519_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &key), 0); + /* length only */ + ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, NULL, 0, 0), 0); + ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, NULL, 0, 1), 0); + ExpectIntGT(wc_Ed25519PublicKeyToDer(&key, derBuf, + (word32)sizeof(derBuf), 1), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed25519_free(&key); + } +#endif + return EXPECT_RESULT(); +} /* END testing wc_Ed25519PublicKeyToDer */ + +/* + * Testing wc_Ed25519KeyToDer + */ +int test_wc_Ed25519KeyToDer(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) + byte output[ONEK_BUF]; + ed25519_key ed25519Key; + WC_RNG rng; + word32 inLen; + + XMEMSET(&ed25519Key, 0, sizeof(ed25519_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed25519_init(&ed25519Key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519Key), 0); + inLen = (word32)sizeof(output); + + /* Bad Cases */ + ExpectIntEQ(wc_Ed25519KeyToDer(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Ed25519KeyToDer(NULL, output, inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Ed25519KeyToDer(&ed25519Key, output, 0), + WC_NO_ERR_TRACE(BUFFER_E)); + /* Good Cases */ + /* length only */ + ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, NULL, 0), 0); + ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, NULL, inLen), 0); + ExpectIntGT(wc_Ed25519KeyToDer(&ed25519Key, output, inLen), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed25519_free(&ed25519Key); +#endif + return EXPECT_RESULT(); +} /* End test_wc_Ed25519KeyToDer*/ + +/* + * Testing wc_Ed25519PrivateKeyToDer + */ +int test_wc_Ed25519PrivateKeyToDer(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) + byte output[ONEK_BUF]; + ed25519_key ed25519PrivKey; + WC_RNG rng; + word32 inLen; + + XMEMSET(&ed25519PrivKey, 0, sizeof(ed25519_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed25519_init(&ed25519PrivKey), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, &ed25519PrivKey), + 0); + inLen = (word32)sizeof(output); + + /* Bad Cases */ + ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Ed25519PrivateKeyToDer(NULL, output, inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, 0), + WC_NO_ERR_TRACE(BUFFER_E)); + /* Good Cases */ + /* length only */ + ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, NULL, 0), 0); + ExpectIntGT(wc_Ed25519PrivateKeyToDer(&ed25519PrivKey, output, inLen), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed25519_free(&ed25519PrivKey); +#endif + return EXPECT_RESULT(); +} /* End test_wc_Ed25519PrivateKeyToDer*/ + diff --git a/test/ssl/wolfssl/tests/api/test_ed25519.h b/test/ssl/wolfssl/tests/api/test_ed25519.h new file mode 100644 index 000000000..a014ceea3 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ed25519.h @@ -0,0 +1,52 @@ +/* test_ed25519.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_ED25519_H +#define WOLFCRYPT_TEST_ED25519_H + +#include + +int test_wc_ed25519_make_key(void); +int test_wc_ed25519_init(void); +int test_wc_ed25519_sign_msg(void); +int test_wc_ed25519_import_public(void); +int test_wc_ed25519_import_private_key(void); +int test_wc_ed25519_export(void); +int test_wc_ed25519_size(void); +int test_wc_ed25519_exportKey(void); +int test_wc_Ed25519PublicKeyToDer(void); +int test_wc_Ed25519KeyToDer(void); +int test_wc_Ed25519PrivateKeyToDer(void); + +#define TEST_ED25519_DECLS \ + TEST_DECL_GROUP("ed25519", test_wc_ed25519_make_key), \ + TEST_DECL_GROUP("ed25519", test_wc_ed25519_init), \ + TEST_DECL_GROUP("ed25519", test_wc_ed25519_sign_msg), \ + TEST_DECL_GROUP("ed25519", test_wc_ed25519_import_public), \ + TEST_DECL_GROUP("ed25519", test_wc_ed25519_import_private_key), \ + TEST_DECL_GROUP("ed25519", test_wc_ed25519_export), \ + TEST_DECL_GROUP("ed25519", test_wc_ed25519_size), \ + TEST_DECL_GROUP("ed25519", test_wc_ed25519_exportKey), \ + TEST_DECL_GROUP("ed25519", test_wc_Ed25519PublicKeyToDer), \ + TEST_DECL_GROUP("ed25519", test_wc_Ed25519KeyToDer), \ + TEST_DECL_GROUP("ed25519", test_wc_Ed25519PrivateKeyToDer) + +#endif /* WOLFCRYPT_TEST_ED25519_H */ diff --git a/test/ssl/wolfssl/tests/api/test_ed448.c b/test/ssl/wolfssl/tests/api/test_ed448.c new file mode 100644 index 000000000..12bd5af4c --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ed448.c @@ -0,0 +1,531 @@ +/* test_ed448.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + + +/* + * Testing wc_ed448_make_key(). + */ +int test_wc_ed448_make_key(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED448) + ed448_key key; + WC_RNG rng; + unsigned char pubkey[ED448_PUB_KEY_SIZE]; + + XMEMSET(&key, 0, sizeof(ed448_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed448_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + + ExpectIntEQ(wc_ed448_make_public(&key, pubkey, sizeof(pubkey)), + WC_NO_ERR_TRACE(ECC_PRIV_KEY_E)); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ed448_make_key(NULL, ED448_KEY_SIZE, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE - 1, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE + 1, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed448_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ed448_make_key */ + + +/* + * Testing wc_ed448_init() + */ +int test_wc_ed448_init(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED448) + ed448_key key; + + XMEMSET(&key, 0, sizeof(ed448_key)); + + ExpectIntEQ(wc_ed448_init(&key), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ed448_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_ed448_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ed448_init */ + +/* + * Test wc_ed448_sign_msg() and wc_ed448_verify_msg() + */ +int test_wc_ed448_sign_msg(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED448) && defined(HAVE_ED448_SIGN) + ed448_key key; + WC_RNG rng; + byte msg[] = "Everybody gets Friday off.\n"; + byte sig[ED448_SIG_SIZE]; + word32 msglen = sizeof(msg); + word32 siglen = sizeof(sig); + word32 badSigLen = sizeof(sig) - 1; +#ifdef HAVE_ED448_VERIFY + int verify_ok = 0; /*1 = Verify success.*/ +#endif + + /* Initialize stack variables. */ + XMEMSET(&key, 0, sizeof(ed448_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(sig, 0, siglen); + + /* Initialize key. */ + ExpectIntEQ(wc_ed448_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0); + + ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &siglen, &key, NULL, 0), 0); + ExpectIntEQ(siglen, ED448_SIG_SIZE); + /* Test bad args. */ + ExpectIntEQ(wc_ed448_sign_msg(NULL, msglen, sig, &siglen, &key, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, NULL, &siglen, &key, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, NULL, &key, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &siglen, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_sign_msg(msg, msglen, sig, &badSigLen, &key, NULL, 0), + WC_NO_ERR_TRACE(BUFFER_E)); + ExpectIntEQ(badSigLen, ED448_SIG_SIZE); + badSigLen--; + +#ifdef HAVE_ED448_VERIFY + ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok, &key, + NULL, 0), 0); + ExpectIntEQ(verify_ok, 1); + /* Test bad args. */ + ExpectIntEQ(wc_ed448_verify_msg(sig, siglen - 1, msg, msglen, &verify_ok, + &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_verify_msg(sig, siglen + 1, msg, msglen, &verify_ok, + &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_verify_msg(NULL, siglen, msg, msglen, &verify_ok, + &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, NULL, msglen, &verify_ok, + &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, NULL, + &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_verify_msg(sig, siglen, msg, msglen, &verify_ok, + NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_verify_msg(sig, badSigLen, msg, msglen, &verify_ok, + &key, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif /* Verify. */ + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed448_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ed448_sign_msg */ + +/* + * Testing wc_ed448_import_public() + */ +int test_wc_ed448_import_public(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) + ed448_key pubKey; + WC_RNG rng; + const byte in[] = + "Ed448PublicKeyUnitTest.................................\n"; + word32 inlen = sizeof(in); + + XMEMSET(&pubKey, 0, sizeof(ed448_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed448_init(&pubKey), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &pubKey), 0); + + ExpectIntEQ(wc_ed448_import_public_ex(in, inlen, &pubKey, 1), 0); + ExpectIntEQ(XMEMCMP(in, pubKey.p, inlen), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ed448_import_public(NULL, inlen, &pubKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_import_public(in, inlen, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_import_public(in, inlen - 1, &pubKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed448_free(&pubKey); +#endif + return EXPECT_RESULT(); +} /* END wc_ed448_import_public */ + +/* + * Testing wc_ed448_import_private_key() + */ +int test_wc_ed448_import_private_key(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_IMPORT) + ed448_key key; + WC_RNG rng; + const byte privKey[] = + "Ed448PrivateKeyUnitTest................................\n"; + const byte pubKey[] = + "Ed448PublicKeyUnitTest.................................\n"; + word32 privKeySz = sizeof(privKey); + word32 pubKeySz = sizeof(pubKey); +#ifdef HAVE_ED448_KEY_EXPORT + byte bothKeys[sizeof(privKey) + sizeof(pubKey)]; + word32 bothKeysSz = sizeof(bothKeys); +#endif + + XMEMSET(&key, 0, sizeof(ed448_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed448_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0); + + ExpectIntEQ(wc_ed448_import_private_key_ex(privKey, privKeySz, pubKey, + pubKeySz, &key, 1), 0); + ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0); + ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0); + +#ifdef HAVE_ED448_KEY_EXPORT + PRIVATE_KEY_UNLOCK(); + ExpectIntEQ(wc_ed448_export_private(&key, bothKeys, &bothKeysSz), 0); + PRIVATE_KEY_LOCK(); + ExpectIntEQ(wc_ed448_import_private_key_ex(bothKeys, bothKeysSz, NULL, 0, + &key, 1), 0); + ExpectIntEQ(XMEMCMP(pubKey, key.p, privKeySz), 0); + ExpectIntEQ(XMEMCMP(privKey, key.k, pubKeySz), 0); +#endif + + /* Test bad args. */ + ExpectIntEQ(wc_ed448_import_private_key(NULL, privKeySz, pubKey, pubKeySz, + &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, NULL, pubKeySz, + &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, pubKey, + pubKeySz, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz - 1, pubKey, + pubKeySz, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, pubKey, + pubKeySz - 1, &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_import_private_key(privKey, privKeySz, NULL, 0, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed448_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ed448_import_private_key */ + +/* + * Testing wc_ed448_export_public() and wc_ed448_export_private_only() + */ +int test_wc_ed448_export(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) + ed448_key key; + WC_RNG rng; + byte priv[ED448_PRV_KEY_SIZE]; + byte pub[ED448_PUB_KEY_SIZE]; + word32 privSz = sizeof(priv); + word32 pubSz = sizeof(pub); + + XMEMSET(&key, 0, sizeof(ed448_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed448_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0); + + ExpectIntEQ(wc_ed448_export_public(&key, pub, &pubSz), 0); + ExpectIntEQ(pubSz, ED448_KEY_SIZE); + ExpectIntEQ(XMEMCMP(key.p, pub, pubSz), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ed448_export_public(NULL, pub, &pubSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_export_public(&key, NULL, &pubSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_export_public(&key, pub, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + PRIVATE_KEY_UNLOCK(); + ExpectIntEQ(wc_ed448_export_private_only(&key, priv, &privSz), 0); + ExpectIntEQ(privSz, ED448_KEY_SIZE); + ExpectIntEQ(XMEMCMP(key.k, priv, privSz), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ed448_export_private_only(NULL, priv, &privSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_export_private_only(&key, NULL, &privSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_export_private_only(&key, priv, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + PRIVATE_KEY_LOCK(); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed448_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ed448_export */ + +/* + * Testing wc_ed448_size() + */ +int test_wc_ed448_size(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED448) + ed448_key key; + WC_RNG rng; + + XMEMSET(&key, 0, sizeof(ed448_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed448_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0); + + ExpectIntEQ(wc_ed448_size(&key), ED448_KEY_SIZE); + /* Test bad args. */ + ExpectIntEQ(wc_ed448_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ed448_sig_size(&key), ED448_SIG_SIZE); + /* Test bad args. */ + ExpectIntEQ(wc_ed448_sig_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ed448_pub_size(&key), ED448_PUB_KEY_SIZE); + /* Test bad args. */ + ExpectIntEQ(wc_ed448_pub_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ed448_priv_size(&key), ED448_PRV_KEY_SIZE); + /* Test bad args. */ + ExpectIntEQ(wc_ed448_priv_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed448_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ed448_size */ + +/* + * Testing wc_ed448_export_private() and wc_ed448_export_key() + */ +int test_wc_ed448_exportKey(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) + ed448_key key; + WC_RNG rng; + byte priv[ED448_PRV_KEY_SIZE]; + byte pub[ED448_PUB_KEY_SIZE]; + byte privOnly[ED448_PRV_KEY_SIZE]; + word32 privSz = sizeof(priv); + word32 pubSz = sizeof(pub); + word32 privOnlySz = sizeof(privOnly); + + XMEMSET(&key, 0, sizeof(ed448_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed448_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0); + + PRIVATE_KEY_UNLOCK(); + ExpectIntEQ(wc_ed448_export_private(&key, privOnly, &privOnlySz), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ed448_export_private(NULL, privOnly, &privOnlySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_export_private(&key, NULL, &privOnlySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_export_private(&key, privOnly, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, pub, &pubSz), 0); + /* Test bad args. */ + ExpectIntEQ(wc_ed448_export_key(NULL, priv, &privSz, pub, &pubSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_export_key(&key, NULL, &privSz, pub, &pubSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_export_key(&key, priv, NULL, pub, &pubSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, NULL, &pubSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ed448_export_key(&key, priv, &privSz, pub, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + PRIVATE_KEY_LOCK(); + + /* Cross check output. */ + ExpectIntEQ(XMEMCMP(priv, privOnly, privSz), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed448_free(&key); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ed448_exportKey */ + +/* + * Testing wc_Ed448PublicKeyToDer + */ +int test_wc_Ed448PublicKeyToDer(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) + ed448_key key; + byte derBuf[1024]; + + XMEMSET(&key, 0, sizeof(ed448_key)); + + /* Test bad args */ + ExpectIntEQ(wc_Ed448PublicKeyToDer(NULL, NULL, 0, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ed448_init(&key), 0); + ExpectIntEQ(wc_Ed448PublicKeyToDer(&key, derBuf, 0, 0), + WC_NO_ERR_TRACE(BUFFER_E)); + wc_ed448_free(&key); + + /* Test good args */ + if (EXPECT_SUCCESS()) { + WC_RNG rng; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed448_init(&key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &key), 0); + /* length only */ + ExpectIntGT(wc_Ed448PublicKeyToDer(&key, NULL, 0, 0), 0); + ExpectIntGT(wc_Ed448PublicKeyToDer(&key, NULL, 0, 1), 0); + ExpectIntGT(wc_Ed448PublicKeyToDer(&key, derBuf, + (word32)sizeof(derBuf), 1), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed448_free(&key); + } +#endif + return EXPECT_RESULT(); +} /* END testing wc_Ed448PublicKeyToDer */ + +/* + * Testing wc_Ed448KeyToDer + */ +int test_wc_Ed448KeyToDer(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) + byte output[ONEK_BUF]; + ed448_key ed448Key; + WC_RNG rng; + word32 inLen; + + XMEMSET(&ed448Key, 0, sizeof(ed448_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed448_init(&ed448Key), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448Key), 0); + inLen = (word32)sizeof(output); + + /* Bad Cases */ + ExpectIntEQ(wc_Ed448KeyToDer(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Ed448KeyToDer(NULL, output, inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Ed448KeyToDer(&ed448Key, output, 0), + WC_NO_ERR_TRACE(BUFFER_E)); + /* Good Cases */ + /* length only */ + ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, NULL, 0), 0); + ExpectIntGT(wc_Ed448KeyToDer(&ed448Key, output, inLen), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed448_free(&ed448Key); +#endif + return EXPECT_RESULT(); +} /* End test_wc_Ed448KeyToDer */ + +/* + * Testing wc_Ed448PrivateKeyToDer + */ +int test_wc_Ed448PrivateKeyToDer(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ + (defined(WOLFSSL_CERT_GEN) || defined(WOLFSSL_KEY_GEN)) + byte output[ONEK_BUF]; + ed448_key ed448PrivKey; + WC_RNG rng; + word32 inLen; + + XMEMSET(&ed448PrivKey, 0, sizeof(ed448_key)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_ed448_init(&ed448PrivKey), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_ed448_make_key(&rng, ED448_KEY_SIZE, &ed448PrivKey), + 0); + inLen = (word32)sizeof(output); + + /* Bad Cases */ + ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Ed448PrivateKeyToDer(NULL, output, inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, 0), + WC_NO_ERR_TRACE(BUFFER_E)); + /* Good cases */ + /* length only */ + ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, NULL, 0), 0); + ExpectIntGT(wc_Ed448PrivateKeyToDer(&ed448PrivKey, output, inLen), 0); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); + wc_ed448_free(&ed448PrivKey); +#endif + return EXPECT_RESULT(); +} /* End test_wc_Ed448PrivateKeyToDer */ + diff --git a/test/ssl/wolfssl/tests/api/test_ed448.h b/test/ssl/wolfssl/tests/api/test_ed448.h new file mode 100644 index 000000000..9283fc5ed --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ed448.h @@ -0,0 +1,52 @@ +/* test_ed448.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_ED448_H +#define WOLFCRYPT_TEST_ED448_H + +#include + +int test_wc_ed448_make_key(void); +int test_wc_ed448_init(void); +int test_wc_ed448_sign_msg(void); +int test_wc_ed448_import_public(void); +int test_wc_ed448_import_private_key(void); +int test_wc_ed448_export(void); +int test_wc_ed448_size(void); +int test_wc_ed448_exportKey(void); +int test_wc_Ed448PublicKeyToDer(void); +int test_wc_Ed448KeyToDer(void); +int test_wc_Ed448PrivateKeyToDer(void); + +#define TEST_ED448_DECLS \ + TEST_DECL_GROUP("ed448", test_wc_ed448_make_key), \ + TEST_DECL_GROUP("ed448", test_wc_ed448_init), \ + TEST_DECL_GROUP("ed448", test_wc_ed448_sign_msg), \ + TEST_DECL_GROUP("ed448", test_wc_ed448_import_public), \ + TEST_DECL_GROUP("ed448", test_wc_ed448_import_private_key), \ + TEST_DECL_GROUP("ed448", test_wc_ed448_export), \ + TEST_DECL_GROUP("ed448", test_wc_ed448_size), \ + TEST_DECL_GROUP("ed448", test_wc_ed448_exportKey), \ + TEST_DECL_GROUP("ed448", test_wc_Ed448PublicKeyToDer), \ + TEST_DECL_GROUP("ed448", test_wc_Ed448KeyToDer), \ + TEST_DECL_GROUP("ed448", test_wc_Ed448PrivateKeyToDer) + +#endif /* WOLFCRYPT_TEST_ED448_H */ diff --git a/test/ssl/wolfssl/tests/api/test_evp.c b/test/ssl/wolfssl/tests/api/test_evp.c new file mode 100644 index 000000000..43166aab2 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_evp.c @@ -0,0 +1,100 @@ +/* test_evp.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#include + +#include +#include + +/* Test for NULL_CIPHER_TYPE in wolfSSL_EVP_CipherUpdate() */ +int test_wolfSSL_EVP_CipherUpdate_Null(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + WOLFSSL_EVP_CIPHER_CTX* ctx; + const char* testData = "Test NULL cipher data"; + unsigned char output[100]; + int outputLen = 0; + int testDataLen = (int)XSTRLEN(testData); + + /* Create and initialize the cipher context */ + ctx = wolfSSL_EVP_CIPHER_CTX_new(); + ExpectNotNull(ctx); + + /* Initialize with NULL cipher */ + ExpectIntEQ(wolfSSL_EVP_CipherInit_ex(ctx, wolfSSL_EVP_enc_null(), + NULL, NULL, NULL, 1), WOLFSSL_SUCCESS); + + /* Test encryption (which should just copy the data) */ + ExpectIntEQ(wolfSSL_EVP_CipherUpdate(ctx, output, &outputLen, + (const unsigned char*)testData, + testDataLen), WOLFSSL_SUCCESS); + + /* Verify output length matches input length */ + ExpectIntEQ(outputLen, testDataLen); + + /* Verify output data matches input data (no encryption occurred) */ + ExpectIntEQ(XMEMCMP(output, testData, testDataLen), 0); + + /* Clean up */ + wolfSSL_EVP_CIPHER_CTX_free(ctx); +#endif /* OPENSSL_EXTRA */ + + return EXPECT_RESULT(); +} + +/* Test for wolfSSL_EVP_CIPHER_type_string() */ +int test_wolfSSL_EVP_CIPHER_type_string(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + const char* cipherStr; + + /* Test with valid cipher types */ +#ifdef HAVE_AES_CBC + #ifdef WOLFSSL_AES_128 + cipherStr = wolfSSL_EVP_CIPHER_type_string(WC_AES_128_CBC_TYPE); + ExpectNotNull(cipherStr); + ExpectStrEQ(cipherStr, "AES-128-CBC"); + #endif +#endif + +#ifndef NO_DES3 + cipherStr = wolfSSL_EVP_CIPHER_type_string(WC_DES_CBC_TYPE); + ExpectNotNull(cipherStr); + ExpectStrEQ(cipherStr, "DES-CBC"); +#endif + + /* Test with NULL cipher type */ + cipherStr = wolfSSL_EVP_CIPHER_type_string(WC_NULL_CIPHER_TYPE); + ExpectNotNull(cipherStr); + ExpectStrEQ(cipherStr, "NULL"); + + /* Test with invalid cipher type */ + cipherStr = wolfSSL_EVP_CIPHER_type_string(0xFFFF); + ExpectNull(cipherStr); +#endif /* OPENSSL_EXTRA */ + + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_evp.h b/test/ssl/wolfssl/tests/api/test_evp.h new file mode 100644 index 000000000..013ac50aa --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_evp.h @@ -0,0 +1,28 @@ +/* test_evp.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFSSL_TEST_EVP_H +#define WOLFSSL_TEST_EVP_H + +int test_wolfSSL_EVP_CipherUpdate_Null(void); +int test_wolfSSL_EVP_CIPHER_type_string(void); + +#endif /* WOLFSSL_TEST_EVP_H */ diff --git a/test/ssl/wolfssl/tests/api/test_hash.c b/test/ssl/wolfssl/tests/api/test_hash.c new file mode 100644 index 000000000..ac0b635ff --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_hash.c @@ -0,0 +1,824 @@ +/* test_hash.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +#ifndef NO_HASH_WRAPPER +/* enum for holding supported algorithms, #ifndef's restrict if disabled */ +static const enum wc_HashType supportedHash[] = { +#ifndef NO_MD5 + WC_HASH_TYPE_MD5, +#endif +#ifndef NO_SHA + WC_HASH_TYPE_SHA, +#endif +#ifdef WOLFSSL_SHA224 + WC_HASH_TYPE_SHA224, +#endif +#ifndef NO_SHA256 + WC_HASH_TYPE_SHA256, +#endif +#ifdef WOLFSSL_SHA384 + WC_HASH_TYPE_SHA384, +#endif +#ifdef WOLFSSL_SHA512 + WC_HASH_TYPE_SHA512, +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +#ifndef WOLFSSL_NOSHA512_224 + WC_HASH_TYPE_SHA512_224, +#endif +#ifndef WOLFSSL_NOSHA512_256 + WC_HASH_TYPE_SHA512_256, +#endif +#endif +#endif +#ifdef WOLFSSL_SHA3 + WC_HASH_TYPE_SHA3_224, + WC_HASH_TYPE_SHA3_256, + WC_HASH_TYPE_SHA3_384, + WC_HASH_TYPE_SHA3_512, +#endif +#ifdef WOLFSSL_SM3 + WC_HASH_TYPE_SM3, +#endif + WC_HASH_TYPE_NONE /* Dummy value to ensure list is non-zero. */ +}; +static const int supportedHashLen = (sizeof(supportedHash) / + sizeof(enum wc_HashType)) - 1; + +static const enum wc_HashType notCompiledHash[] = { +#ifdef NO_MD5 + WC_HASH_TYPE_MD5, +#endif +#ifdef NO_SHA + WC_HASH_TYPE_SHA, +#endif +#ifndef WOLFSSL_SHA224 + WC_HASH_TYPE_SHA224, +#endif +#ifdef NO_SHA256 + WC_HASH_TYPE_SHA256, +#endif +#ifndef WOLFSSL_SHA384 + WC_HASH_TYPE_SHA384, +#endif +#ifndef WOLFSSL_SHA512 + WC_HASH_TYPE_SHA512, +#endif +#ifndef WOLFSSL_SHA3 + WC_HASH_TYPE_SHA3_224, + WC_HASH_TYPE_SHA3_256, + WC_HASH_TYPE_SHA3_384, + WC_HASH_TYPE_SHA3_512, +#endif + WC_HASH_TYPE_NONE /* Dummy value to ensure list is non-zero. */ +}; +static const int notCompiledHashLen = (sizeof(notCompiledHash) / + sizeof(enum wc_HashType)) - 1; + +static const enum wc_HashType notSupportedHash[] = { +#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + WC_HASH_TYPE_SHAKE128, +#endif +#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + WC_HASH_TYPE_SHAKE256, +#endif + WC_HASH_TYPE_MD5_SHA, + WC_HASH_TYPE_MD2, + WC_HASH_TYPE_MD4, + WC_HASH_TYPE_BLAKE2B, + WC_HASH_TYPE_BLAKE2S, + WC_HASH_TYPE_NONE +}; +static const int notSupportedHashLen = (sizeof(notSupportedHash) / + sizeof(enum wc_HashType)); + +static const enum wc_HashType sizeSupportedHash[] = { +#if !defined(NO_MD5) && !defined(NO_SHA) + WC_HASH_TYPE_MD5_SHA, +#endif +#ifdef WOLFSSL_MD2 + WC_HASH_TYPE_MD2, +#endif +#ifndef NO_MD4 + WC_HASH_TYPE_MD4, +#endif +#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) + WC_HASH_TYPE_BLAKE2B, + WC_HASH_TYPE_BLAKE2S, +#endif + WC_HASH_TYPE_NONE /* Dummy value to ensure list is non-zero. */ +}; +static const int sizeSupportedHashLen = (sizeof(sizeSupportedHash) / + sizeof(enum wc_HashType)) - 1; +static const enum wc_HashType sizeNotCompiledHash[] = { +#if defined(NO_MD5) || defined(NO_SHA) + WC_HASH_TYPE_MD5_SHA, +#endif +#ifndef WOLFSSL_MD2 + WC_HASH_TYPE_MD2, +#endif +#ifdef NO_MD4 + WC_HASH_TYPE_MD4, +#endif +#if !defined(HAVE_BLAKE2) && !defined(HAVE_BLAKE2S) + WC_HASH_TYPE_BLAKE2B, + WC_HASH_TYPE_BLAKE2S, +#endif + WC_HASH_TYPE_NONE /* Dummy value to ensure list is non-zero. */ +}; +static const int sizeNotCompiledHashLen = (sizeof(sizeNotCompiledHash) / + sizeof(enum wc_HashType)) - 1; +static const enum wc_HashType sizeNotSupportedHash[] = { +#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE128) + WC_HASH_TYPE_SHAKE128, +#endif +#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_SHAKE256) + WC_HASH_TYPE_SHAKE256, +#endif + WC_HASH_TYPE_NONE +}; +static const int sizeNotSupportedHashLen = (sizeof(sizeNotSupportedHash) / + sizeof(enum wc_HashType)); +#endif /* NO_HASH_WRAPPER */ + +int test_wc_HashInit(void) +{ + EXPECT_DECLS; +#ifndef NO_HASH_WRAPPER + wc_HashAlg hash; + int i; /* 0 indicates tests passed, 1 indicates failure */ + + /* For loop to test various arguments... */ + for (i = 0; i < supportedHashLen; i++) { + /* check for null ptr */ + ExpectIntEQ(wc_HashInit(NULL, supportedHash[i]), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashInit_ex(NULL, supportedHash[i], HEAP_HINT, + INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HashInit(&hash, supportedHash[i]), 0); + wc_HashFree(&hash, supportedHash[i]); + ExpectIntEQ(wc_HashInit_ex(&hash, supportedHash[i], HEAP_HINT, + INVALID_DEVID), 0); + wc_HashFree(&hash, supportedHash[i]); + + wc_HashFree(NULL, supportedHash[i]); + } /* end of for loop */ + + for (i = 0; i < notCompiledHashLen; i++) { + /* check for null ptr */ + ExpectIntEQ(wc_HashInit(NULL, notCompiledHash[i]), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashInit_ex(NULL, notCompiledHash[i], HEAP_HINT, + INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HashInit(&hash, notCompiledHash[i]), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + ExpectIntEQ(wc_HashInit_ex(&hash, notCompiledHash[i], HEAP_HINT, + INVALID_DEVID), WC_NO_ERR_TRACE(HASH_TYPE_E)); + + wc_HashFree(NULL, notCompiledHash[i]); + } + + for (i = 0; i < notSupportedHashLen; i++) { + /* check for null ptr */ + ExpectIntEQ(wc_HashInit(NULL, notSupportedHash[i]), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashInit_ex(NULL, notSupportedHash[i], HEAP_HINT, + INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + wc_HashFree(&hash, notSupportedHash[i]); + ExpectIntEQ(wc_HashInit_ex(&hash, notSupportedHash[i], HEAP_HINT, + INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + wc_HashFree(&hash, notSupportedHash[i]); + + wc_HashFree(NULL, notSupportedHash[i]); + } /* end of for loop */ + +#endif + return EXPECT_RESULT(); +} /* end of test_wc_HashInit */ + +int test_wc_HashUpdate(void) +{ + EXPECT_DECLS; +#ifndef NO_HASH_WRAPPER + wc_HashAlg hash; + int i; /* 0 indicates tests passed, 1 indicates failure */ + + for (i = 0; i < supportedHashLen; i++) { + ExpectIntEQ(wc_HashInit(&hash, supportedHash[i]), 0); + + /* Invalid parameters */ + ExpectIntEQ(wc_HashUpdate(NULL, supportedHash[i], NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashUpdate(&hash, supportedHash[i], NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashUpdate(NULL, supportedHash[i], NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashUpdate(NULL, supportedHash[i], (byte*)"a", 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HashUpdate(&hash, supportedHash[i], NULL, 0), 0); + ExpectIntEQ(wc_HashUpdate(&hash, supportedHash[i], (byte*)"a", 1), 0); + + wc_HashFree(&hash, supportedHash[i]); + } + + for (i = 0; i < notCompiledHashLen; i++) { + ExpectIntEQ(wc_HashInit(&hash, notCompiledHash[i]), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + + /* Invalid parameters */ + ExpectIntEQ(wc_HashUpdate(NULL, notCompiledHash[i], NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashUpdate(&hash, notCompiledHash[i], NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashUpdate(NULL, notCompiledHash[i], NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashUpdate(NULL, notCompiledHash[i], (byte*)"a", 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HashUpdate(&hash, notCompiledHash[i], NULL, 0), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + ExpectIntEQ(wc_HashUpdate(&hash, notCompiledHash[i], (byte*)"a", 1), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + + wc_HashFree(&hash, notCompiledHash[i]); + } + + for (i = 0; i < notSupportedHashLen; i++) { + ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Invalid parameters */ + ExpectIntEQ(wc_HashUpdate(NULL, notSupportedHash[i], NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashUpdate(&hash, notSupportedHash[i], NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashUpdate(NULL, notSupportedHash[i], NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashUpdate(NULL, notSupportedHash[i], (byte*)"a", 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HashUpdate(&hash, notSupportedHash[i], NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashUpdate(&hash, notSupportedHash[i], (byte*)"a", 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_HashFree(&hash, notSupportedHash[i]); + } + +#if defined(DEBUG_WOLFSSL) && !defined(NO_SHA256) && defined(WOLFSSL_SHA512) + ExpectIntEQ(wc_HashInit(&hash, WC_HASH_TYPE_SHA256), 0); + ExpectIntEQ(wc_HashUpdate(&hash, WC_HASH_TYPE_SHA512, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashUpdate(&hash, WC_HASH_TYPE_SHA512, (byte*)"a", 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wc_HashFinal(void) +{ + EXPECT_DECLS; +#ifndef NO_HASH_WRAPPER + wc_HashAlg hash; + byte digest[WC_MAX_DIGEST_SIZE]; + int i; /* 0 indicates tests passed, 1 indicates failure */ + + for (i = 0; i < supportedHashLen; i++) { + ExpectIntEQ(wc_HashInit(&hash, supportedHash[i]), 0); + + /* Invalid parameters */ + ExpectIntEQ(wc_HashFinal(NULL, supportedHash[i], NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashFinal(&hash, supportedHash[i], NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashFinal(NULL, supportedHash[i], digest), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HashFinal(&hash, supportedHash[i], digest), 0); + + wc_HashFree(&hash, supportedHash[i]); + } + + for (i = 0; i < notCompiledHashLen; i++) { + ExpectIntEQ(wc_HashInit(&hash, notCompiledHash[i]), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + + /* Invalid parameters */ + ExpectIntEQ(wc_HashFinal(NULL, notCompiledHash[i], NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashFinal(&hash, notCompiledHash[i], NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashFinal(NULL, notCompiledHash[i], digest), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HashFinal(&hash, notCompiledHash[i], digest), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + + wc_HashFree(&hash, notCompiledHash[i]); + } + + for (i = 0; i < notSupportedHashLen; i++) { + ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Invalid parameters */ + ExpectIntEQ(wc_HashFinal(NULL, notSupportedHash[i], NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashFinal(&hash, notSupportedHash[i], NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashFinal(NULL, notSupportedHash[i], digest), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HashFinal(&hash, notSupportedHash[i], digest), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_HashFree(&hash, notSupportedHash[i]); + } +#if defined(DEBUG_WOLFSSL) && !defined(NO_SHA256) && defined(WOLFSSL_SHA512) + ExpectIntEQ(wc_HashInit(&hash, WC_HASH_TYPE_SHA256), 0); + ExpectIntEQ(wc_HashFinal(&hash, WC_HASH_TYPE_SHA512, digest), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wc_HashNewDelete(void) +{ + EXPECT_DECLS; +#if !defined(NO_HASH_WRAPPER) && !defined(WC_NO_CONSTRUCTORS) + wc_HashAlg* hash; + byte digest[WC_MAX_DIGEST_SIZE]; + int ret; + int i; + + for (i = 0; i < supportedHashLen; i++) { + ExpectNotNull(hash = wc_HashNew(supportedHash[i], HEAP_HINT, + INVALID_DEVID, &ret)); + ExpectIntEQ(ret, 0); + + ExpectIntEQ(wc_HashUpdate(hash, supportedHash[i], (byte*)"a", 1), 0); + ExpectIntEQ(wc_HashFinal(hash, supportedHash[i], digest), 0); + + ExpectIntEQ(wc_HashDelete(hash, &hash), 0); + ExpectNull(hash); + + ExpectNotNull(hash = wc_HashNew(supportedHash[i], HEAP_HINT, + INVALID_DEVID, &ret)); + ExpectIntEQ(ret, 0); + ExpectIntEQ(wc_HashDelete(hash, NULL), 0); + + ExpectIntEQ(wc_HashDelete(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + } + + for (i = 0; i < notCompiledHashLen; i++) { + ExpectNull(wc_HashNew(notCompiledHash[i], HEAP_HINT, INVALID_DEVID, + &ret)); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(HASH_TYPE_E)); + } + + for (i = 0; i < notSupportedHashLen; i++) { + ExpectNull(wc_HashNew(notSupportedHash[i], HEAP_HINT, INVALID_DEVID, + &ret)); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + } +#endif + return EXPECT_RESULT(); +} + +int test_wc_HashGetDigestSize(void) +{ + EXPECT_DECLS; +#ifndef NO_HASH_WRAPPER + int i; + + for (i = 0; i < supportedHashLen; i++) { + ExpectIntGT(wc_HashGetDigestSize(supportedHash[i]), 0); + } + for (i = 0; i < sizeSupportedHashLen; i++) { + ExpectIntGT(wc_HashGetDigestSize(sizeSupportedHash[i]), 0); + } + + for (i = 0; i < notCompiledHashLen; i++) { + ExpectIntEQ(wc_HashGetDigestSize(notCompiledHash[i]), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + } + for (i = 0; i < sizeNotCompiledHashLen; i++) { + ExpectIntEQ(wc_HashGetDigestSize(sizeNotCompiledHash[i]), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + } + + for (i = 0; i < sizeNotSupportedHashLen; i++) { + ExpectIntEQ(wc_HashGetDigestSize(sizeNotSupportedHash[i]), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + } +#endif + return EXPECT_RESULT(); +} + +int test_wc_HashGetBlockSize(void) +{ + EXPECT_DECLS; +#ifndef NO_HASH_WRAPPER + int i; + + for (i = 0; i < supportedHashLen; i++) { + ExpectIntGT(wc_HashGetBlockSize(supportedHash[i]), 0); + } + for (i = 0; i < sizeSupportedHashLen; i++) { + ExpectIntGT(wc_HashGetBlockSize(sizeSupportedHash[i]), 0); + } + + for (i = 0; i < notCompiledHashLen; i++) { + ExpectIntEQ(wc_HashGetBlockSize(notCompiledHash[i]), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + } + for (i = 0; i < sizeNotCompiledHashLen; i++) { + ExpectIntEQ(wc_HashGetBlockSize(sizeNotCompiledHash[i]), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + } + + for (i = 0; i < sizeNotSupportedHashLen; i++) { + ExpectIntEQ(wc_HashGetBlockSize(sizeNotSupportedHash[i]), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + } +#endif + return EXPECT_RESULT(); +} + +int test_wc_Hash(void) +{ + EXPECT_DECLS; +#if !defined(NO_HASH_WRAPPER) && !defined(WC_NO_CONSTRUCTORS) + byte digest[WC_MAX_DIGEST_SIZE]; + int i; + + for (i = 0; i < supportedHashLen; i++) { + ExpectIntEQ(wc_Hash(supportedHash[i], (byte*)"a", 1, + digest, sizeof(digest)), 0); + ExpectIntEQ(wc_Hash_ex(supportedHash[i], (byte*)"a", 1, + digest, sizeof(digest), HEAP_HINT, INVALID_DEVID), 0); + } +#if !defined(NO_MD5) && !defined(NO_SHA) + ExpectIntEQ(wc_Hash(WC_HASH_TYPE_MD5_SHA, (byte*)"a", 1, + digest, sizeof(digest)), 0); + ExpectIntEQ(wc_Hash_ex(WC_HASH_TYPE_MD5_SHA, (byte*)"a", 1, + digest, sizeof(digest), HEAP_HINT, INVALID_DEVID), 0); +#endif + + for (i = 0; i < notCompiledHashLen; i++) { + ExpectIntEQ(wc_Hash(notCompiledHash[i], (byte*)"a", 1, + digest, sizeof(digest)), WC_NO_ERR_TRACE(HASH_TYPE_E)); + ExpectIntEQ(wc_Hash_ex(notCompiledHash[i], (byte*)"a", 1, + digest, sizeof(digest), HEAP_HINT, INVALID_DEVID), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + } + for (i = 0; i < sizeNotCompiledHashLen; i++) { + ExpectIntEQ(wc_Hash(sizeNotCompiledHash[i], (byte*)"a", 1, + digest, sizeof(digest)), WC_NO_ERR_TRACE(HASH_TYPE_E)); + ExpectIntEQ(wc_Hash_ex(sizeNotCompiledHash[i], (byte*)"a", 1, + digest, sizeof(digest), HEAP_HINT, INVALID_DEVID), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + } + + for (i = 0; i < sizeNotSupportedHashLen; i++) { + if (notSupportedHash[i] == WC_HASH_TYPE_MD5_SHA) { + /* Algorithm only supported with wc_Hash() and wc_Hash_ex(). */ + continue; + } + ExpectIntEQ(wc_Hash(sizeNotSupportedHash[i], (byte*)"a", 1, + digest, sizeof(digest)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Hash_ex(sizeNotSupportedHash[i], (byte*)"a", 1, + digest, sizeof(digest), HEAP_HINT, INVALID_DEVID), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + } +#endif + return EXPECT_RESULT(); +} + + +/* + * Unit test function for wc_HashSetFlags() + */ +int test_wc_HashSetFlags(void) +{ + EXPECT_DECLS; +#if !defined(NO_HASH_WRAPPER) && defined(WOLFSSL_HASH_FLAGS) + wc_HashAlg hash; + word32 flags = 0; + int i; + + + /* For loop to test various arguments... */ + for (i = 0; i < supportedHashLen; i++) { + ExpectIntEQ(wc_HashInit(&hash, supportedHash[i]), 0); + ExpectIntEQ(wc_HashSetFlags(&hash, supportedHash[i], flags), 0); + ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0); + ExpectIntEQ(wc_HashSetFlags(NULL, supportedHash[i], flags), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + wc_HashFree(&hash, supportedHash[i]); + + } + + for (i = 0; i < notCompiledHashLen; i++) { + ExpectIntEQ(wc_HashInit(&hash, notCompiledHash[i]), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + ExpectIntEQ(wc_HashSetFlags(&hash, notCompiledHash[i], flags), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + ExpectIntEQ(wc_HashFree(&hash, notCompiledHash[i]), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + } + + /* For loop to test not supported cases */ + for (i = 0; i < notSupportedHashLen; i++) { + ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashSetFlags(&hash, notSupportedHash[i], flags), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashFree(&hash, notSupportedHash[i]), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + } +#endif + return EXPECT_RESULT(); +} /* END test_wc_HashSetFlags */ + +/* + * Unit test function for wc_HashGetFlags() + */ +int test_wc_HashGetFlags(void) +{ + EXPECT_DECLS; +#if !defined(NO_HASH_WRAPPER) && defined(WOLFSSL_HASH_FLAGS) + wc_HashAlg hash; + word32 flags = 0; + int i; + + /* For loop to test various arguments... */ + for (i = 0; i < supportedHashLen; i++) { + ExpectIntEQ(wc_HashInit(&hash, supportedHash[i]), 0); + ExpectIntEQ(wc_HashGetFlags(&hash, supportedHash[i], &flags), 0); + ExpectTrue((flags & WC_HASH_FLAG_ISCOPY) == 0); + ExpectIntEQ(wc_HashGetFlags(NULL, supportedHash[i], &flags), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + wc_HashFree(&hash, supportedHash[i]); + } + + for (i = 0; i < notCompiledHashLen; i++) { + ExpectIntEQ(wc_HashInit(&hash, notCompiledHash[i]), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + ExpectIntEQ(wc_HashGetFlags(&hash, notCompiledHash[i], &flags), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + ExpectIntEQ(wc_HashFree(&hash, notCompiledHash[i]), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + } + + /* For loop to test not supported cases */ + for (i = 0; i < notSupportedHashLen; i++) { + ExpectIntEQ(wc_HashInit(&hash, notSupportedHash[i]), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashGetFlags(&hash, notSupportedHash[i], &flags), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HashFree(&hash, notSupportedHash[i]), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + } +#endif + return EXPECT_RESULT(); +} /* END test_wc_HashGetFlags */ + +int test_wc_Hash_Algs(void) +{ + EXPECT_DECLS; +#ifndef NO_HASH_WRAPPER +#ifndef NO_MD5 + DIGEST_HASH_TEST(Md5, MD5); +#endif +#ifndef NO_SHA + DIGEST_HASH_TEST(Sha, SHA); +#endif +#ifdef WOLFSSL_SHA224 + DIGEST_HASH_TEST(Sha224, SHA224); +#endif +#ifndef NO_SHA256 + DIGEST_HASH_TEST(Sha256, SHA256); +#endif +#ifdef WOLFSSL_SHA384 + DIGEST_HASH_TEST(Sha384, SHA384); +#endif +#ifdef WOLFSSL_SHA512 + DIGEST_HASH_TEST(Sha512, SHA512); +#ifndef WOLFSSL_NOSHA512_224 + DIGEST_HASH_TEST(Sha512_224, SHA512_224); +#endif +#ifndef WOLFSSL_NOSHA512_256 + DIGEST_HASH_TEST(Sha512_256, SHA512_256); +#endif +#endif /* WOLFSSL_SHA512 */ +#ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + DIGEST_COUNT_HASH_TEST(Sha3_224, SHA3_224); + #endif + #ifndef WOLFSSL_NOSHA3_256 + DIGEST_COUNT_HASH_TEST(Sha3_256, SHA3_256); + #endif + #ifndef WOLFSSL_NOSHA3_384 + DIGEST_COUNT_HASH_TEST(Sha3_384, SHA3_384); + #endif + #ifndef WOLFSSL_NOSHA3_512 + DIGEST_COUNT_HASH_TEST(Sha3_512, SHA3_512); + #endif +#endif +#ifdef WOLFSSL_SM3 + DIGEST_HASH_TEST(Sm3, SM3); +#endif +#endif /* !NO_HASH_WRAPPER */ + return EXPECT_RESULT(); +} + +int test_wc_HashGetOID(void) +{ + EXPECT_DECLS; +#if !defined(NO_HASH_WRAPPER) && (!defined(NO_ASN) || !defined(NO_DH) || \ + defined(HAVE_ECC)) + static const enum wc_HashType oidOnlySupportedHash[] = { + #ifdef WOLFSSL_MD2 + WC_HASH_TYPE_MD2, + #endif + #ifndef NO_MD5 + WC_HASH_TYPE_MD5_SHA, + #endif + WC_HASH_TYPE_NONE /* Dummy value to ensure list is non-zero. */ + }; + static const int oidOnlySupportedHashLen = (sizeof(oidOnlySupportedHash) / + sizeof(enum wc_HashType)) - 1; + static const enum wc_HashType oidOnlyNotCompiledHash[] = { + #ifndef WOLFSSL_MD2 + WC_HASH_TYPE_MD2, + #endif + #ifdef NO_MD5 + WC_HASH_TYPE_MD5_SHA, + #endif + WC_HASH_TYPE_NONE /* Dummy value to ensure list is non-zero. */ + }; + static const int oidOnlyNotCompiledHashLen = + (sizeof(oidOnlyNotCompiledHash) / sizeof(enum wc_HashType)) - 1; + static const enum wc_HashType oidNotSupportedHash[] = { + WC_HASH_TYPE_MD4, + WC_HASH_TYPE_BLAKE2B, + WC_HASH_TYPE_BLAKE2S, + WC_HASH_TYPE_NONE + }; + static const int oidNotSupportedHashLen = (sizeof(oidNotSupportedHash) / + sizeof(enum wc_HashType)); + int i; + + for (i = 0; i < supportedHashLen; i++) { + ExpectIntGT(wc_HashGetOID(supportedHash[i]), 0); + } + for (i = 0; i < oidOnlySupportedHashLen; i++) { + ExpectIntGT(wc_HashGetOID(oidOnlySupportedHash[i]), 0); + } + + for (i = 0; i < notCompiledHashLen; i++) { + ExpectIntEQ(wc_HashGetOID(notCompiledHash[i]), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + } + for (i = 0; i < oidOnlyNotCompiledHashLen; i++) { + ExpectIntEQ(wc_HashGetOID(oidOnlyNotCompiledHash[i]), + WC_NO_ERR_TRACE(HASH_TYPE_E)); + } + + for (i = 0; i < oidNotSupportedHashLen; i++) { + ExpectIntEQ(wc_HashGetOID(oidNotSupportedHash[i]), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + } +#endif + return EXPECT_RESULT(); +} + +int test_wc_OidGetHash(void) +{ + EXPECT_DECLS; +#if !defined(NO_HASH_WRAPPER) && !defined(NO_ASN) + static const int sumSupportedHash[] = { + #ifdef WOLFSSL_MD2 + MD2h, + #endif + #ifndef NO_MD5 + MD5h, + #endif + #ifndef NO_SHA + SHAh, + #endif + #ifdef WOLFSSL_SHA224 + SHA224h, + #endif + #ifndef NO_SHA256 + SHA256h, + #endif + #ifdef WOLFSSL_SHA384 + SHA384h, + #endif + #ifdef WOLFSSL_SHA512 + SHA512h, + #endif + #ifdef WOLFSSL_SHA3 + SHA3_224h, + SHA3_256h, + SHA3_384h, + SHA3_512h, + #endif + #ifdef WOLFSSL_SM3 + SM3h, + #endif + 0 /* Dummy value to ensure list is non-zero. */ + }; + static const int sumSupportedHashLen = (sizeof(sumSupportedHash) / + sizeof(enum wc_HashType)) - 1; + static const int sumNotSupportedHash[] = { + MD4h, + #ifdef NO_MD5 + MD5h, + #endif + #ifdef NO_SHA + SHAh, + #endif + #ifndef WOLFSSL_SHA224 + SHA224h, + #endif + #ifdef NO_SHA256 + SHA256h, + #endif + #ifndef WOLFSSL_SHA384 + SHA384h, + #endif + #ifndef WOLFSSL_SHA512 + SHA512h, + #endif + #ifndef WOLFSSL_SHA3 + SHA3_224h, + SHA3_256h, + SHA3_384h, + SHA3_512h, + #endif + #ifndef WOLFSSL_SM3 + SM3h, + #endif + 0 + }; + static const int sumNotSupportedHashLen = (sizeof(sumNotSupportedHash) / + sizeof(enum wc_HashType)); + int i; + enum wc_HashType hash; + + for (i = 0; i < sumSupportedHashLen; i++) { + hash = wc_OidGetHash(sumSupportedHash[i]); + ExpectTrue(hash != WC_HASH_TYPE_NONE); + } + + for (i = 0; i < sumNotSupportedHashLen; i++) { + hash = wc_OidGetHash(sumNotSupportedHash[i]); + ExpectTrue(hash == WC_HASH_TYPE_NONE); + } +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_hash.h b/test/ssl/wolfssl/tests/api/test_hash.h new file mode 100644 index 000000000..5468bc8fb --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_hash.h @@ -0,0 +1,54 @@ +/* test_hash.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_HASH_H +#define WOLFCRYPT_TEST_HASH_H + +#include + +int test_wc_HashInit(void); +int test_wc_HashUpdate(void); +int test_wc_HashFinal(void); +int test_wc_HashNewDelete(void); +int test_wc_HashGetDigestSize(void); +int test_wc_HashGetBlockSize(void); +int test_wc_Hash(void); +int test_wc_HashSetFlags(void); +int test_wc_HashGetFlags(void); +int test_wc_Hash_Algs(void); +int test_wc_HashGetOID(void); +int test_wc_OidGetHash(void); + +#define TEST_HASH_DECLS \ + TEST_DECL_GROUP("hash", test_wc_HashInit), \ + TEST_DECL_GROUP("hash", test_wc_HashUpdate), \ + TEST_DECL_GROUP("hash", test_wc_HashFinal), \ + TEST_DECL_GROUP("hash", test_wc_HashNewDelete), \ + TEST_DECL_GROUP("hash", test_wc_HashGetDigestSize), \ + TEST_DECL_GROUP("hash", test_wc_HashGetBlockSize), \ + TEST_DECL_GROUP("hash", test_wc_Hash), \ + TEST_DECL_GROUP("hash", test_wc_HashSetFlags), \ + TEST_DECL_GROUP("hash", test_wc_HashGetFlags), \ + TEST_DECL_GROUP("hash", test_wc_Hash_Algs), \ + TEST_DECL_GROUP("hash", test_wc_HashGetOID), \ + TEST_DECL_GROUP("hash", test_wc_OidGetHash) + +#endif /* WOLFCRYPT_TEST_HASH_H */ diff --git a/test/ssl/wolfssl/tests/api/test_hmac.c b/test/ssl/wolfssl/tests/api/test_hmac.c new file mode 100644 index 000000000..8af0d7d95 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_hmac.c @@ -0,0 +1,683 @@ +/* test_cmac.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/* + * Test function for wc_HmacSetKey + */ +int test_wc_Md5HmacSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_MD5) + Hmac hmac; + int ret, times, itr; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", +#ifndef HAVE_FIPS + "Jefe", /* smaller than minimum FIPS key size */ +#endif + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + }; + times = sizeof(keys) / sizeof(char*); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + + for (itr = 0; itr < times; itr++) { + ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[itr], + (word32)XSTRLEN(keys[itr])); +#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5) + wc_HmacFree(&hmac); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#else + ExpectIntEQ(ret, 0); +#endif + } + + /* Bad args. */ + ExpectIntEQ(wc_HmacSetKey(NULL, WC_MD5, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, NULL, (word32)XSTRLEN(keys[0])), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[0], 0); +#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 5) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#elif defined(HAVE_FIPS) + ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)); +#else + ExpectIntEQ(ret, 0); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Md5HmacSetKey */ + +/* + * testing wc_HmacSetKey() on wc_Sha hash. + */ +int test_wc_ShaHmacSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_SHA) + Hmac hmac; + int ret, times, itr; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", +#ifndef HAVE_FIPS + "Jefe", /* smaller than minimum FIPS key size */ +#endif + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" + }; + + times = sizeof(keys) / sizeof(char*); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + + for (itr = 0; itr < times; itr++) { + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[itr], + (word32)XSTRLEN(keys[itr])), 0); + } + + /* Bad args. */ + ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, NULL, (word32)XSTRLEN(keys[0])), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[0], 0); +#ifdef HAVE_FIPS + ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)); +#else + ExpectIntEQ(ret, 0); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ShaHmacSetKey() */ + +/* + * testing wc_HmacSetKey() on Sha224 hash. + */ +int test_wc_Sha224HmacSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) + Hmac hmac; + int ret, times, itr; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", +#ifndef HAVE_FIPS + "Jefe", /* smaller than minimum FIPS key size */ +#endif + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" + }; + times = sizeof(keys) / sizeof(char*); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + + for (itr = 0; itr < times; itr++) { + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[itr], + (word32)XSTRLEN(keys[itr])), 0); + } + + /* Bad args. */ + ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA224, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, NULL, (word32)XSTRLEN(keys[0])), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[0], 0); +#ifdef HAVE_FIPS + ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)); +#else + ExpectIntEQ(ret, 0); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha224HmacSetKey() */ + + /* + * testing wc_HmacSetKey() on Sha256 hash + */ +int test_wc_Sha256HmacSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_SHA256) + Hmac hmac; + int ret, times, itr; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", +#ifndef HAVE_FIPS + "Jefe", /* smaller than minimum FIPS key size */ +#endif + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" + }; + times = sizeof(keys) / sizeof(char*); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + + for (itr = 0; itr < times; itr++) { + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[itr], + (word32)XSTRLEN(keys[itr])), 0); + } + + /* Bad args. */ + ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA256, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, NULL, (word32)XSTRLEN(keys[0])), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[0], 0); +#ifdef HAVE_FIPS + ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)); +#else + ExpectIntEQ(ret, 0); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha256HmacSetKey() */ + +/* + * testing wc_HmacSetKey on Sha384 hash. + */ +int test_wc_Sha384HmacSetKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) + Hmac hmac; + int ret, times, itr; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", +#ifndef HAVE_FIPS + "Jefe", /* smaller than minimum FIPS key size */ +#endif + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" + }; + times = sizeof(keys) / sizeof(char*); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + + for (itr = 0; itr < times; itr++) { + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[itr], + (word32)XSTRLEN(keys[itr])), 0); + } + + /* Bad args. */ + ExpectIntEQ(wc_HmacSetKey(NULL, WC_SHA384, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, NULL, (word32)XSTRLEN(keys[0])), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacSetKey(&hmac, 21, (byte*)keys[0], + (word32)XSTRLEN(keys[0])), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[0], 0); +#ifdef HAVE_FIPS + ExpectIntEQ(ret, WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)); +#else + ExpectIntEQ(ret, 0); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha384HmacSetKey() */ + +/* + * testing wc_HmacUpdate on wc_Md5 hash. + */ +int test_wc_Md5HmacUpdate(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION >= 5)) + Hmac hmac; + testVector a, b; +#ifdef HAVE_FIPS + const char* keys = + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; +#else + const char* keys = "Jefe"; +#endif + + a.input = "what do ya want for nothing?"; + a.inLen = XSTRLEN(a.input); + b.input = "Hi There"; + b.inLen = XSTRLEN(b.input); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys, + (word32)XSTRLEN(keys)), 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); + /* Update Hmac. */ + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0); + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Md5HmacUpdate */ + +/* + * testing wc_HmacUpdate on SHA hash. + */ +int test_wc_ShaHmacUpdate(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_SHA) + Hmac hmac; + testVector a, b; +#ifdef HAVE_FIPS + const char* keys = + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; +#else + const char* keys = "Jefe"; +#endif + + a.input = "what do ya want for nothing?"; + a.inLen = XSTRLEN(a.input); + b.input = "Hi There"; + b.inLen = XSTRLEN(b.input); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys, + (word32)XSTRLEN(keys)), 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); + /* Update Hmac. */ + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0); + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ShaHmacUpdate */ + +/* + * testing wc_HmacUpdate on SHA224 hash. + */ +int test_wc_Sha224HmacUpdate(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) + Hmac hmac; + testVector a, b; +#ifdef HAVE_FIPS + const char* keys = + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; +#else + const char* keys = "Jefe"; +#endif + + a.input = "what do ya want for nothing?"; + a.inLen = XSTRLEN(a.input); + b.input = "Hi There"; + b.inLen = XSTRLEN(b.input); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys, + (word32)XSTRLEN(keys)), 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); + /* Update Hmac. */ + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0); + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha224HmacUpdate */ + +/* + * testing wc_HmacUpdate on SHA256 hash. + */ +int test_wc_Sha256HmacUpdate(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_SHA256) + Hmac hmac; + testVector a, b; +#ifdef HAVE_FIPS + const char* keys = + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; +#else + const char* keys = "Jefe"; +#endif + + a.input = "what do ya want for nothing?"; + a.inLen = XSTRLEN(a.input); + b.input = "Hi There"; + b.inLen = XSTRLEN(b.input); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys, + (word32)XSTRLEN(keys)), 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); + /* Update Hmac. */ + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0); + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha256HmacUpdate */ + +/* + * testing wc_HmacUpdate on SHA384 hash. + */ +int test_wc_Sha384HmacUpdate(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) + Hmac hmac; + testVector a, b; +#ifdef HAVE_FIPS + const char* keys = + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; +#else + const char* keys = "Jefe"; +#endif + + a.input = "what do ya want for nothing?"; + a.inLen = XSTRLEN(a.input); + b.input = "Hi There"; + b.inLen = XSTRLEN(b.input); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys, + (word32)XSTRLEN(keys)), 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)b.input, (word32)b.inLen), 0); + /* Update Hmac. */ + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_HmacUpdate(NULL, (byte*)a.input, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_HmacUpdate(&hmac, NULL, (word32)a.inLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, 0), 0); + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha384HmacUpdate */ + +/* + * Testing wc_HmacFinal() with MD5 + */ + +int test_wc_Md5HmacFinal(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION >= 5)) + Hmac hmac; + byte hash[WC_MD5_DIGEST_SIZE]; + testVector a; + const char* key; + + key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; + a.input = "Hi There"; + a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc" + "\x9d"; + a.inLen = XSTRLEN(a.input); + a.outLen = XSTRLEN(a.output); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_MD5, (byte*)key, (word32)XSTRLEN(key)), + 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0); + ExpectIntEQ(XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE), 0); + + /* Try bad parameters. */ + ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef HAVE_FIPS + ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Md5HmacFinal */ + +/* + * Testing wc_HmacFinal() with SHA + */ +int test_wc_ShaHmacFinal(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_SHA) + Hmac hmac; + byte hash[WC_SHA_DIGEST_SIZE]; + testVector a; + const char* key; + + key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b"; + a.input = "Hi There"; + a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c" + "\x8e\xf1\x46\xbe\x00"; + a.inLen = XSTRLEN(a.input); + a.outLen = XSTRLEN(a.output); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA, (byte*)key, (word32)XSTRLEN(key)), + 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0); + ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA_DIGEST_SIZE), 0); + + /* Try bad parameters. */ + ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef HAVE_FIPS + ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ShaHmacFinal */ + +/* + * Testing wc_HmacFinal() with SHA224 + */ +int test_wc_Sha224HmacFinal(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) + Hmac hmac; + byte hash[WC_SHA224_DIGEST_SIZE]; + testVector a; + const char* key; + + key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b"; + a.input = "Hi There"; + a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3" + "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22"; + a.inLen = XSTRLEN(a.input); + a.outLen = XSTRLEN(a.output); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA224, (byte*)key, + (word32)XSTRLEN(key)), 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0); + ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA224_DIGEST_SIZE), 0); + + /* Try bad parameters. */ + ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef HAVE_FIPS + ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha224HmacFinal */ + +/* + * Testing wc_HmacFinal() with SHA256 + */ +int test_wc_Sha256HmacFinal(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && !defined(NO_SHA256) + Hmac hmac; + byte hash[WC_SHA256_DIGEST_SIZE]; + testVector a; + const char* key; + + key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b"; + a.input = "Hi There"; + a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1" + "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32" + "\xcf\xf7"; + a.inLen = XSTRLEN(a.input); + a.outLen = XSTRLEN(a.output); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA256, (byte*)key, + (word32)XSTRLEN(key)), 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0); + ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA256_DIGEST_SIZE), 0); + + /* Try bad parameters. */ + ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef HAVE_FIPS + ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha256HmacFinal */ + +/* + * Testing wc_HmacFinal() with SHA384 + */ +int test_wc_Sha384HmacFinal(void) +{ + EXPECT_DECLS; +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) + Hmac hmac; + byte hash[WC_SHA384_DIGEST_SIZE]; + testVector a; + const char* key; + + key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b"; + a.input = "Hi There"; + a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90" + "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb" + "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2" + "\xfa\x9c\xb6"; + a.inLen = XSTRLEN(a.input); + a.outLen = XSTRLEN(a.output); + + ExpectIntEQ(wc_HmacInit(&hmac, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_HmacSetKey(&hmac, WC_SHA384, (byte*)key, + (word32)XSTRLEN(key)), 0); + ExpectIntEQ(wc_HmacUpdate(&hmac, (byte*)a.input, (word32)a.inLen), 0); + ExpectIntEQ(wc_HmacFinal(&hmac, hash), 0); + ExpectIntEQ(XMEMCMP(hash, a.output, WC_SHA384_DIGEST_SIZE), 0); + + /* Try bad parameters. */ + ExpectIntEQ(wc_HmacFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef HAVE_FIPS + ExpectIntEQ(wc_HmacFinal(&hmac, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + wc_HmacFree(&hmac); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha384HmacFinal */ + diff --git a/test/ssl/wolfssl/tests/api/test_hmac.h b/test/ssl/wolfssl/tests/api/test_hmac.h new file mode 100644 index 000000000..ca5e50f5f --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_hmac.h @@ -0,0 +1,60 @@ +/* test_hmac.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_HMAC_H +#define WOLFCRYPT_TEST_HMAC_H + +#include + +int test_wc_Md5HmacSetKey(void); +int test_wc_Md5HmacUpdate(void); +int test_wc_Md5HmacFinal(void); +int test_wc_ShaHmacSetKey(void); +int test_wc_ShaHmacUpdate(void); +int test_wc_ShaHmacFinal(void); +int test_wc_Sha224HmacSetKey(void); +int test_wc_Sha224HmacUpdate(void); +int test_wc_Sha224HmacFinal(void); +int test_wc_Sha256HmacSetKey(void); +int test_wc_Sha256HmacUpdate(void); +int test_wc_Sha256HmacFinal(void); +int test_wc_Sha384HmacSetKey(void); +int test_wc_Sha384HmacUpdate(void); +int test_wc_Sha384HmacFinal(void); + +#define TEST_HMAC_DECLS \ + TEST_DECL_GROUP("hmac", test_wc_Md5HmacSetKey), \ + TEST_DECL_GROUP("hmac", test_wc_Md5HmacUpdate), \ + TEST_DECL_GROUP("hmac", test_wc_Md5HmacFinal), \ + TEST_DECL_GROUP("hmac", test_wc_ShaHmacSetKey), \ + TEST_DECL_GROUP("hmac", test_wc_ShaHmacUpdate), \ + TEST_DECL_GROUP("hmac", test_wc_ShaHmacFinal), \ + TEST_DECL_GROUP("hmac", test_wc_Sha224HmacSetKey), \ + TEST_DECL_GROUP("hmac", test_wc_Sha224HmacUpdate), \ + TEST_DECL_GROUP("hmac", test_wc_Sha224HmacFinal), \ + TEST_DECL_GROUP("hmac", test_wc_Sha256HmacSetKey), \ + TEST_DECL_GROUP("hmac", test_wc_Sha256HmacUpdate), \ + TEST_DECL_GROUP("hmac", test_wc_Sha256HmacFinal), \ + TEST_DECL_GROUP("hmac", test_wc_Sha384HmacSetKey), \ + TEST_DECL_GROUP("hmac", test_wc_Sha384HmacUpdate), \ + TEST_DECL_GROUP("hmac", test_wc_Sha384HmacFinal) + +#endif /* WOLFCRYPT_TEST_HMAC_H */ diff --git a/test/ssl/wolfssl/tests/api/test_md2.c b/test/ssl/wolfssl/tests/api/test_md2.c new file mode 100644 index 000000000..6db42680f --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_md2.c @@ -0,0 +1,127 @@ +/* test_md2.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/* Unit test for wc_InitMd2() and wc_InitMd2_ex() */ +int test_wc_InitMd2(void) +{ + EXPECT_SUCCESS_DECLS; +#ifdef WOLFSSL_MD2 + DIGEST_INIT_ONLY_TEST(wc_Md2, Md2); +#endif + return EXPECT_RESULT(); +} + +/* Unit test for wc_UpdateMd2() */ +int test_wc_Md2Update(void) +{ + EXPECT_SUCCESS_DECLS; +#ifdef WOLFSSL_MD2 + DIGEST_UPDATE_ONLY_TEST(wc_Md2, Md2); +#endif + return EXPECT_RESULT(); +} + +/* Unit test for wc_Md2Final() */ +int test_wc_Md2Final(void) +{ + EXPECT_SUCCESS_DECLS; +#ifdef WOLFSSL_MD2 + DIGEST_FINAL_ONLY_TEST(wc_Md2, Md2, MD2); +#endif + return EXPECT_RESULT(); +} + +#define MD2_KAT_CNT 7 + +int test_wc_Md2_KATs(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_MD2 + DIGEST_KATS_TEST_VARS(wc_Md2, MD2); + + /* From RFC 1321. */ + DIGEST_KATS_ADD("", 0, + "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d" + "\xf2\x27\x5c\x9f\x80\x69\x27\x73" ); + DIGEST_KATS_ADD("a", 1, + "\x32\xec\x01\xec\x4a\x6d\xac\x72" + "\xc0\xab\x96\xfb\x34\xc0\xb5\xd1"); + DIGEST_KATS_ADD("abc", 3, + "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b" + "\x30\x28\x3a\x69\xe6\xde\xd6\xbb"); + DIGEST_KATS_ADD("message digest", 14, + "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b" + "\x21\x9f\xf3\x30\x31\xfe\x06\xb0"); + DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26, + "\x4e\x8d\xdf\xf3\x65\x02\x92\xab" + "\x5a\x41\x08\xc3\xaa\x47\x94\x0b"); + DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", 62, + "\xda\x33\xde\xf2\xa4\x2d\xf1\x39" + "\x75\x35\x28\x46\xc3\x03\x38\xcd"); + DIGEST_KATS_ADD("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", 80, + "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d" + "\xc9\x80\x6c\x3c\x66\xf3\xef\xd8"); + + DIGEST_KATS_ONLY_TEST(Md2, MD2); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Md2_other(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_MD2 + DIGEST_OTHER_ONLY_TEST(wc_Md2, Md2, MD2, + "\xa3\x0c\xa1\xdd\xfa\xd0\x7c\x97" + "\x58\xfd\xe2\x53\xf0\xa1\xb0\x6d"); +#endif + return EXPECT_RESULT(); +} + +/* + * Testing wc_Md2Hash() + */ +int test_wc_Md2Hash(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_MD2) + DIGEST_HASH_ONLY_TEST(Md2, MD2); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sm3Hash */ + diff --git a/test/ssl/wolfssl/tests/api/test_md2.h b/test/ssl/wolfssl/tests/api/test_md2.h new file mode 100644 index 000000000..d1fa6ae0e --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_md2.h @@ -0,0 +1,42 @@ +/* test_md2.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_MD2_H +#define WOLFCRYPT_TEST_MD2_H + +#include + +int test_wc_InitMd2(void); +int test_wc_Md2Update(void); +int test_wc_Md2Final(void); +int test_wc_Md2_KATs(void); +int test_wc_Md2_other(void); +int test_wc_Md2Hash(void); + +#define TEST_MD2_DECLS \ + TEST_DECL_GROUP("md2", test_wc_InitMd2), \ + TEST_DECL_GROUP("md2", test_wc_Md2Update), \ + TEST_DECL_GROUP("md2", test_wc_Md2Final), \ + TEST_DECL_GROUP("md2", test_wc_Md2_KATs), \ + TEST_DECL_GROUP("md2", test_wc_Md2_other), \ + TEST_DECL_GROUP("md2", test_wc_Md2Hash) + +#endif /* WOLFCRYPT_TEST_MD2_H */ diff --git a/test/ssl/wolfssl/tests/api/test_md4.c b/test/ssl/wolfssl/tests/api/test_md4.c new file mode 100644 index 000000000..5ca7658f1 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_md4.c @@ -0,0 +1,115 @@ +/* test_md4.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/* Unit test for wc_InitMd4() and wc_InitMd4_ex() */ +int test_wc_InitMd4(void) +{ + EXPECT_SUCCESS_DECLS; +#ifndef NO_MD4 + DIGEST_INIT_ONLY_TEST(wc_Md4, Md4); +#endif + return EXPECT_RESULT(); +} + +/* Unit test for wc_UpdateMd4() */ +int test_wc_Md4Update(void) +{ + EXPECT_SUCCESS_DECLS; +#ifndef NO_MD4 + DIGEST_UPDATE_ONLY_TEST(wc_Md4, Md4); +#endif + return EXPECT_RESULT(); +} + +/* Unit test for wc_Md4Final() */ +int test_wc_Md4Final(void) +{ + EXPECT_SUCCESS_DECLS; +#ifndef NO_MD4 + DIGEST_FINAL_ONLY_TEST(wc_Md4, Md4, MD4); +#endif + return EXPECT_RESULT(); +} + +#define MD4_KAT_CNT 7 + +int test_wc_Md4_KATs(void) +{ + EXPECT_DECLS; +#ifndef NO_MD4 + DIGEST_KATS_TEST_VARS(wc_Md4, MD4); + + /* From RFC 1321. */ + DIGEST_KATS_ADD("", 0, + "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31" + "\xb7\x3c\x59\xd7\xe0\xc0\x89\xc0"); + DIGEST_KATS_ADD("a", 1, + "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46" + "\x24\x5e\x05\xfb\xdb\xd6\xfb\x24"); + DIGEST_KATS_ADD("abc", 3, + "\xa4\x48\x01\x7a\xaf\x21\xd8\x52" + "\x5f\xc1\x0a\xe8\x7a\xa6\x72\x9d"); + DIGEST_KATS_ADD("message digest", 14, + "\xd9\x13\x0a\x81\x64\x54\x9f\xe8" + "\x18\x87\x48\x06\xe1\xc7\x01\x4b"); + DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26, + "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd" + "\xee\xa8\xed\x63\xdf\x41\x2d\xa9"); + DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", 62, + "\x04\x3f\x85\x82\xf2\x41\xdb\x35" + "\x1c\xe6\x27\xe1\x53\xe7\xf0\xe4"); + DIGEST_KATS_ADD("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", 80, + "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19" + "\x9c\x3e\x7b\x16\x4f\xcc\x05\x36"); + + DIGEST_KATS_ONLY_TEST(Md4, MD4); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Md4_other(void) +{ + EXPECT_DECLS; +#ifndef NO_MD4 + DIGEST_OTHER_ONLY_TEST(wc_Md4, Md4, MD4, + "\x1b\x60\x7d\x08\x57\x0c\xf1\x52" + "\xbb\x44\x55\x97\x73\x26\x95\x6d"); +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_md4.h b/test/ssl/wolfssl/tests/api/test_md4.h new file mode 100644 index 000000000..65a719251 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_md4.h @@ -0,0 +1,40 @@ +/* test_md2.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_MD4_H +#define WOLFCRYPT_TEST_MD4_H + +#include + +int test_wc_InitMd4(void); +int test_wc_Md4Update(void); +int test_wc_Md4Final(void); +int test_wc_Md4_KATs(void); +int test_wc_Md4_other(void); + +#define TEST_MD4_DECLS \ + TEST_DECL_GROUP("md4", test_wc_InitMd4), \ + TEST_DECL_GROUP("md4", test_wc_Md4Update), \ + TEST_DECL_GROUP("md4", test_wc_Md4Final), \ + TEST_DECL_GROUP("md4", test_wc_Md4_KATs), \ + TEST_DECL_GROUP("md4", test_wc_Md4_other) + +#endif /* WOLFCRYPT_TEST_MD4_H */ diff --git a/test/ssl/wolfssl/tests/api/test_md5.c b/test/ssl/wolfssl/tests/api/test_md5.c new file mode 100644 index 000000000..ae34f25bf --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_md5.c @@ -0,0 +1,170 @@ +/* test_md5.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/* Unit test for wc_InitMd5() and wc_InitMd5_ex() */ +int test_wc_InitMd5(void) +{ + EXPECT_DECLS; +#ifndef NO_MD5 + DIGEST_INIT_AND_INIT_EX_TEST(wc_Md5, Md5); +#endif + return EXPECT_RESULT(); +} + +/* Unit test for wc_UpdateMd5() */ +int test_wc_Md5Update(void) +{ + EXPECT_DECLS; +#ifndef NO_MD5 + DIGEST_UPDATE_TEST(wc_Md5, Md5); +#endif + return EXPECT_RESULT(); +} + +/* Unit test for wc_Md5Final() */ +int test_wc_Md5Final(void) +{ + EXPECT_DECLS; +#ifndef NO_MD5 + DIGEST_FINAL_TEST(wc_Md5, Md5, MD5); +#endif + return EXPECT_RESULT(); +} + +#define MD5_KAT_CNT 7 + +int test_wc_Md5_KATs(void) +{ + EXPECT_DECLS; +#ifndef NO_MD5 + DIGEST_KATS_TEST_VARS(wc_Md5, MD5); + + /* From RFC 1321. */ + DIGEST_KATS_ADD("", 0, + "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04" + "\xe9\x80\x09\x98\xec\xf8\x42\x7e"); + DIGEST_KATS_ADD("a", 1, + "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8" + "\x31\xc3\x99\xe2\x69\x77\x26\x61"); + DIGEST_KATS_ADD("abc", 3, + "\x90\x01\x50\x98\x3c\xd2\x4f\xb0" + "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72"); + DIGEST_KATS_ADD("message digest", 14, + "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d" + "\x52\x5a\x2f\x31\xaa\xf1\x61\xd0"); + DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26, + "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00" + "\x7d\xfb\x49\x6c\xca\x67\xe1\x3b"); + DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", 62, + "\xd1\x74\xab\x98\xd2\x77\xd9\xf5" + "\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f"); + DIGEST_KATS_ADD("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", 80, + "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55" + "\xac\x49\xda\x2e\x21\x07\xb6\x7a"); + + DIGEST_KATS_TEST(Md5, MD5); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Md5_other(void) +{ + EXPECT_DECLS; +#ifndef NO_MD5 + DIGEST_OTHER_TEST(wc_Md5, Md5, MD5, + "\xd9\xa6\xc2\x1f\xf4\x05\xab\x62" + "\xd6\xad\xa8\xcd\x0c\xb9\x49\x14"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Md5Copy(void) +{ + EXPECT_DECLS; +#ifndef NO_MD5 + DIGEST_COPY_TEST(wc_Md5, Md5, MD5, + "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04" + "\xe9\x80\x09\x98\xec\xf8\x42\x7e", + "\x90\x01\x50\x98\x3c\xd2\x4f\xb0" + "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Md5GetHash(void) +{ + EXPECT_DECLS; +#ifndef NO_MD5 + DIGEST_GET_HASH_TEST(wc_Md5, Md5, MD5, + "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04" + "\xe9\x80\x09\x98\xec\xf8\x42\x7e", + "\x90\x01\x50\x98\x3c\xd2\x4f\xb0" + "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Md5Transform(void) +{ + EXPECT_DECLS; +#if !defined(NO_MD5) && (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \ + !defined(HAVE_MD5_CUST_API) + DIGEST_TRANSFORM_TEST(wc_Md5, Md5, MD5, + "\x61\x62\x63\x80\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x18\x00\x00\x00\x00\x00\x00\x00", + "\x90\x01\x50\x98\x3c\xd2\x4f\xb0" + "\xd6\x96\x3f\x7d\x28\xe1\x7f\x72"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Md5_Flags(void) +{ + EXPECT_DECLS; +#if !defined(NO_MD5) && defined(WOLFSSL_HASH_FLAGS) + DIGEST_FLAGS_TEST(wc_Md5, Md5); +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_md5.h b/test/ssl/wolfssl/tests/api/test_md5.h new file mode 100644 index 000000000..8a4ed2986 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_md5.h @@ -0,0 +1,48 @@ +/* test_md5.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_MD5_H +#define WOLFCRYPT_TEST_MD5_H + +#include + +int test_wc_InitMd5(void); +int test_wc_Md5Update(void); +int test_wc_Md5Final(void); +int test_wc_Md5_KATs(void); +int test_wc_Md5_other(void); +int test_wc_Md5Copy(void); +int test_wc_Md5GetHash(void); +int test_wc_Md5Transform(void); +int test_wc_Md5_Flags(void); + +#define TEST_MD5_DECLS \ + TEST_DECL_GROUP("md5", test_wc_InitMd5), \ + TEST_DECL_GROUP("md5", test_wc_Md5Update), \ + TEST_DECL_GROUP("md5", test_wc_Md5Final), \ + TEST_DECL_GROUP("md5", test_wc_Md5_KATs), \ + TEST_DECL_GROUP("md5", test_wc_Md5_other), \ + TEST_DECL_GROUP("md5", test_wc_Md5Copy), \ + TEST_DECL_GROUP("md5", test_wc_Md5GetHash), \ + TEST_DECL_GROUP("md5", test_wc_Md5Transform), \ + TEST_DECL_GROUP("md5", test_wc_Md5_Flags) + +#endif /* WOLFCRYPT_TEST_MD5_H */ diff --git a/test/ssl/wolfssl/tests/api/test_mldsa.c b/test/ssl/wolfssl/tests/api/test_mldsa.c new file mode 100644 index 000000000..775db3e27 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_mldsa.c @@ -0,0 +1,17165 @@ +/* test_mldsa.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#ifdef HAVE_DILITHIUM + #include +#endif +#include +#include +#include + + +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && !defined(WOLFSSL_NO_ML_DSA_44) +static const byte ml_dsa_44_pub_key[] = { + 0x7c, 0x33, 0x31, 0x41, 0x15, 0xa7, 0x2d, 0x6b, + 0x17, 0x7c, 0x10, 0xab, 0x75, 0xf7, 0x83, 0xb3, + 0x30, 0x75, 0x6f, 0xa9, 0x42, 0xb0, 0x9b, 0x59, + 0x59, 0x99, 0x2b, 0x5d, 0x7d, 0x6e, 0xeb, 0xdd, + 0xd9, 0x99, 0x8f, 0x7b, 0xad, 0xe5, 0x90, 0x0f, + 0xa4, 0x80, 0xd8, 0xa2, 0x0d, 0x95, 0xea, 0x63, + 0x2b, 0xcf, 0xb4, 0x5b, 0x3c, 0xd1, 0x5a, 0xc4, + 0xc4, 0xd1, 0x71, 0x28, 0x4b, 0x0b, 0x28, 0x32, + 0x73, 0xb5, 0x0d, 0xd6, 0x8f, 0x6b, 0x01, 0x26, + 0x04, 0x45, 0xa3, 0x80, 0xc0, 0x21, 0x12, 0xee, + 0x52, 0x0f, 0x35, 0xe4, 0x8e, 0xca, 0xf8, 0x91, + 0xf4, 0x99, 0x51, 0xe2, 0x80, 0x76, 0xa7, 0x2d, + 0x09, 0xf5, 0x04, 0xcc, 0xa6, 0x6b, 0x20, 0xc4, + 0xac, 0xcd, 0x6c, 0x9c, 0x09, 0xe7, 0x51, 0xa2, + 0x29, 0x60, 0xfd, 0xf2, 0xbd, 0x7e, 0x4c, 0x9d, + 0xc0, 0xba, 0x62, 0x2f, 0x53, 0xb2, 0x47, 0x03, + 0xf2, 0x6f, 0x70, 0x51, 0xa8, 0xe1, 0xb7, 0x9f, + 0x37, 0x15, 0xfa, 0xd1, 0x6c, 0x74, 0x1a, 0x2b, + 0x4f, 0x39, 0x4f, 0x43, 0x49, 0x71, 0x6a, 0xf8, + 0x7c, 0x65, 0x1a, 0xdd, 0x1a, 0x25, 0xf8, 0x79, + 0xfa, 0x8c, 0x02, 0xf2, 0xf7, 0xf7, 0x7b, 0x9f, + 0xe4, 0xaf, 0x9e, 0x1a, 0x0b, 0x5b, 0x2e, 0x41, + 0xbb, 0xa9, 0x4f, 0xd0, 0xdb, 0xad, 0xe5, 0x25, + 0xff, 0x36, 0x3b, 0x9a, 0xc3, 0xdf, 0xb6, 0x27, + 0xd3, 0xba, 0xb0, 0xd4, 0xb2, 0x07, 0xc3, 0xd8, + 0xab, 0x10, 0x3d, 0xcd, 0x23, 0x52, 0x46, 0xe6, + 0x96, 0x57, 0x85, 0xc7, 0x60, 0xe2, 0x8c, 0x46, + 0x65, 0x7d, 0x76, 0x1c, 0x45, 0x20, 0x5d, 0x51, + 0xd6, 0x13, 0xde, 0xe5, 0x3d, 0xc2, 0x8c, 0x36, + 0xdb, 0x7f, 0x83, 0x6f, 0x6a, 0xc2, 0xa3, 0xf2, + 0xdc, 0x63, 0x69, 0x7f, 0xbd, 0xd0, 0xc1, 0x90, + 0xfb, 0x62, 0x42, 0xa1, 0xf6, 0xf7, 0xdd, 0xc2, + 0x4a, 0x38, 0x62, 0x9b, 0xef, 0x67, 0xf9, 0x5c, + 0xd8, 0xff, 0xf4, 0xf2, 0x67, 0x90, 0x42, 0x85, + 0xaf, 0xe2, 0x92, 0x6e, 0xc4, 0x9b, 0x63, 0xc3, + 0x91, 0xa5, 0x11, 0x66, 0x13, 0x83, 0xbc, 0xbb, + 0xc7, 0x34, 0x3b, 0x30, 0x40, 0x53, 0x91, 0xdf, + 0x7c, 0x3d, 0x17, 0xdd, 0xa1, 0xa6, 0x80, 0xfd, + 0x26, 0x9d, 0x60, 0x7b, 0xcd, 0xb4, 0x2b, 0xba, + 0x61, 0x0f, 0x43, 0x7c, 0x51, 0x3c, 0xb9, 0xfa, + 0xdb, 0x48, 0x35, 0x9f, 0x0d, 0x0c, 0x04, 0xe8, + 0xf9, 0x6e, 0x07, 0x65, 0x7d, 0x46, 0x1b, 0xd2, + 0x51, 0xdb, 0x55, 0x27, 0xd7, 0x3d, 0x1e, 0x36, + 0x07, 0x59, 0x18, 0xec, 0x04, 0x4b, 0x87, 0xbb, + 0xfb, 0x27, 0xac, 0xeb, 0x8f, 0x43, 0x46, 0xd0, + 0x39, 0x00, 0x90, 0x54, 0x70, 0xb1, 0x71, 0xf2, + 0xe7, 0x3d, 0x02, 0x1a, 0xcf, 0x87, 0x16, 0x67, + 0xa2, 0x3c, 0x31, 0x48, 0xe8, 0xbd, 0x4f, 0xb3, + 0xc2, 0xfd, 0x3d, 0xa1, 0x9c, 0x87, 0x54, 0x60, + 0x30, 0x21, 0x52, 0x57, 0xcd, 0x03, 0x96, 0x9e, + 0xa7, 0x8d, 0xe5, 0x02, 0x04, 0x78, 0x43, 0x72, + 0xda, 0xb2, 0x22, 0xf1, 0xee, 0x8f, 0x27, 0x0b, + 0x8f, 0x7b, 0xf8, 0xbc, 0x16, 0xa1, 0xef, 0x0b, + 0x35, 0xda, 0xfc, 0x29, 0x1b, 0xf8, 0xa1, 0x35, + 0x40, 0xe7, 0xed, 0x4c, 0x02, 0x4a, 0x83, 0xb7, + 0x49, 0x75, 0x34, 0x3f, 0x2b, 0xb3, 0x61, 0xf5, + 0xa3, 0x9b, 0x23, 0xca, 0xfb, 0x58, 0x16, 0x4f, + 0x3c, 0x50, 0xbf, 0x81, 0xab, 0x54, 0x50, 0x1a, + 0x39, 0x57, 0x5f, 0x9a, 0x72, 0x22, 0xba, 0xa4, + 0xf6, 0xbf, 0xac, 0x31, 0x5c, 0xc5, 0x96, 0xd7, + 0xa9, 0xe4, 0x3b, 0x0c, 0xd0, 0x7f, 0x79, 0x68, + 0x4d, 0x41, 0x04, 0x81, 0x73, 0xcf, 0x47, 0x4a, + 0x7b, 0x37, 0xac, 0x8e, 0x47, 0x0d, 0x72, 0x65, + 0x0f, 0x9d, 0x44, 0xd7, 0x08, 0x21, 0x5b, 0x3f, + 0xc8, 0x9d, 0xea, 0xa2, 0x64, 0x7b, 0x0d, 0x98, + 0xc1, 0x61, 0xcd, 0xa4, 0xf7, 0x8c, 0x4a, 0xa3, + 0x3b, 0xdd, 0x92, 0xce, 0x61, 0x97, 0x0e, 0x98, + 0xa4, 0x10, 0xb5, 0x1f, 0xc5, 0xfb, 0xee, 0x49, + 0x36, 0x8f, 0xe3, 0x2d, 0x46, 0x9c, 0xa9, 0xff, + 0xdd, 0x1a, 0x48, 0x1b, 0x5a, 0x99, 0x84, 0x0a, + 0x3d, 0x5c, 0xd7, 0x67, 0x32, 0x88, 0x87, 0x2a, + 0x34, 0x50, 0x04, 0xad, 0xe6, 0xbb, 0x3c, 0xb5, + 0xee, 0x80, 0x99, 0x70, 0xaa, 0x9d, 0x5a, 0x63, + 0xec, 0xd5, 0x9a, 0x6a, 0x3a, 0xe8, 0xaa, 0x3d, + 0x3f, 0xe8, 0x15, 0x2c, 0x16, 0x3e, 0x86, 0x46, + 0x21, 0xf2, 0xd2, 0x6e, 0x74, 0x3d, 0x53, 0x94, + 0x7c, 0x41, 0xec, 0x5b, 0xf5, 0xa4, 0xc8, 0x1f, + 0x75, 0x22, 0x50, 0x58, 0x31, 0xf5, 0x29, 0x9a, + 0xc2, 0x2c, 0x67, 0xd9, 0xf6, 0x2e, 0xa1, 0xa9, + 0x0a, 0x69, 0x90, 0x7a, 0xd8, 0xed, 0x5c, 0x09, + 0x3d, 0x14, 0xa3, 0x2b, 0xc0, 0x47, 0x88, 0xb7, + 0xea, 0x14, 0x8a, 0xec, 0xaf, 0x0c, 0xb7, 0xc6, + 0x7c, 0x32, 0x0f, 0x57, 0xea, 0x9f, 0xd4, 0x99, + 0x8d, 0xab, 0xd6, 0xc9, 0x31, 0x07, 0x81, 0x37, + 0x3d, 0xf5, 0x07, 0xb3, 0x93, 0xb7, 0x04, 0x20, + 0xdf, 0x91, 0xef, 0xfb, 0xa6, 0x7d, 0x4b, 0x5d, + 0xd4, 0x24, 0xd2, 0x0b, 0xc5, 0x34, 0xf6, 0x7a, + 0xf9, 0x4a, 0x48, 0xc7, 0xab, 0xaf, 0xa8, 0xd2, + 0xfc, 0x41, 0xc9, 0x8b, 0xa8, 0xc4, 0x2f, 0x94, + 0x4e, 0xb0, 0xab, 0xd3, 0xd9, 0x09, 0x4b, 0x1f, + 0x35, 0xb7, 0xb4, 0x4c, 0x2d, 0x6b, 0xe6, 0xb4, + 0x2e, 0x8a, 0x09, 0xd3, 0x9d, 0x54, 0x3f, 0x53, + 0xcc, 0x8e, 0x16, 0x18, 0x4e, 0x9a, 0xe8, 0x52, + 0x84, 0x3a, 0x3e, 0xdb, 0xab, 0x65, 0xc4, 0xa1, + 0x3c, 0xd0, 0xf6, 0x57, 0x3c, 0x0e, 0x10, 0xed, + 0xb2, 0xa9, 0x7d, 0x70, 0x3f, 0x18, 0x1a, 0xba, + 0x31, 0x33, 0xcb, 0x2a, 0xfd, 0x13, 0xf5, 0x23, + 0xd7, 0x71, 0xfa, 0xb6, 0xe8, 0xda, 0x63, 0xca, + 0x55, 0x3c, 0x5b, 0x87, 0x27, 0x96, 0x3d, 0xd0, + 0x43, 0x9d, 0x76, 0x9f, 0x28, 0x5a, 0xb6, 0xc8, + 0x81, 0xe4, 0x7c, 0x2a, 0x7a, 0x84, 0x0f, 0x2d, + 0x1b, 0xd0, 0xe4, 0x0e, 0x1b, 0x47, 0x32, 0xc8, + 0x02, 0x2d, 0x39, 0x0e, 0x7d, 0xb1, 0x12, 0x56, + 0x50, 0x00, 0xae, 0xcc, 0x45, 0x0a, 0xd5, 0x30, + 0x16, 0xe7, 0x3a, 0x53, 0x02, 0xbc, 0xd5, 0xef, + 0xca, 0x00, 0xea, 0x5f, 0xbe, 0x15, 0x0d, 0x08, + 0x76, 0xc1, 0x03, 0x93, 0x96, 0x4a, 0x88, 0xda, + 0x9d, 0x0b, 0x51, 0x39, 0x9a, 0xef, 0xd2, 0xde, + 0x8a, 0x2c, 0xe6, 0xf3, 0xa5, 0x70, 0x15, 0x3a, + 0x17, 0x43, 0x31, 0xfc, 0x47, 0x9d, 0xec, 0x3b, + 0x28, 0x6f, 0xdf, 0x45, 0x6f, 0x9e, 0x10, 0xbb, + 0x8e, 0x43, 0xc5, 0x59, 0xe5, 0x61, 0x9b, 0xa7, + 0xa1, 0xb8, 0x7a, 0x1c, 0xd4, 0x25, 0x26, 0xca, + 0xe9, 0x2b, 0x0b, 0x3d, 0x06, 0xeb, 0x44, 0x44, + 0xab, 0x4a, 0x5e, 0x68, 0x5c, 0x93, 0xf1, 0x3f, + 0x39, 0x01, 0xb9, 0xf1, 0x01, 0xb7, 0xb6, 0x14, + 0x44, 0x1d, 0x6d, 0x6b, 0x03, 0x45, 0x0d, 0xf3, + 0xbf, 0x71, 0x4e, 0xf3, 0x84, 0x3d, 0xef, 0xea, + 0x60, 0x2e, 0x2e, 0xf7, 0x33, 0xa6, 0xbe, 0x53, + 0x49, 0x26, 0xed, 0xb4, 0xbf, 0x7f, 0xb0, 0x1d, + 0x39, 0xb2, 0xc2, 0x88, 0xc2, 0xa2, 0xd4, 0x7f, + 0x0e, 0x1c, 0x44, 0xa3, 0x38, 0x76, 0xa7, 0xa6, + 0x19, 0x7e, 0x4c, 0x84, 0x25, 0x01, 0xb2, 0x78, + 0xb4, 0x56, 0xc5, 0xc1, 0x50, 0x3f, 0xf2, 0xb6, + 0x76, 0x09, 0x55, 0x57, 0x1c, 0xd1, 0x55, 0x23, + 0x16, 0x2a, 0x51, 0x16, 0xaa, 0x13, 0x4f, 0x35, + 0x69, 0xaf, 0xea, 0x01, 0x5f, 0x22, 0xc9, 0x2e, + 0xe9, 0x8c, 0x6c, 0xa2, 0x17, 0x92, 0xdc, 0x3d, + 0xd6, 0xf0, 0xfa, 0x5a, 0x53, 0xe0, 0xcd, 0x55, + 0xa2, 0x91, 0x62, 0xba, 0xae, 0x67, 0x40, 0x1c, + 0xda, 0xb4, 0xcc, 0xfc, 0x67, 0x1f, 0x44, 0xa0, + 0x50, 0xa5, 0xde, 0xc5, 0xde, 0x5e, 0xa0, 0x3b, + 0x05, 0x84, 0x1c, 0x2a, 0xc4, 0x96, 0x47, 0xd6, + 0x97, 0x56, 0x40, 0x33, 0x99, 0x7c, 0x8b, 0x56, + 0xb4, 0xfb, 0xf4, 0x23, 0xcb, 0x48, 0x81, 0x6c, + 0xa4, 0x53, 0x41, 0x8c, 0x28, 0x61, 0xd7, 0x8c, + 0xde, 0xde, 0xeb, 0xd4, 0xe7, 0x8a, 0x2a, 0x40, + 0x83, 0x1c, 0xa4, 0x19, 0x0f, 0x6c, 0x73, 0xa5, + 0x0e, 0xb6, 0x5c, 0x14, 0x36, 0xff, 0xc9, 0x99, + 0x56, 0x53, 0x8c, 0x4e, 0x4f, 0x4a, 0x82, 0xc8, + 0x76, 0x83, 0x81, 0xf1, 0x17, 0x82, 0x98, 0x3e, + 0x9c, 0x99, 0x3a, 0x7c, 0x08, 0x77, 0x3e, 0xe2, + 0x10, 0x98, 0xb0, 0xf6, 0x1d, 0xd3, 0x24, 0xe8, + 0x98, 0xcf, 0xd8, 0x9a, 0xb8, 0xd7, 0xbe, 0x56, + 0xa2, 0xb6, 0xf8, 0x2e, 0xfe, 0xeb, 0x96, 0xfa, + 0xd0, 0xba, 0x79, 0x9e, 0xde, 0x72, 0x0d, 0x53, + 0x5f, 0xdd, 0x0d, 0xb2, 0x0a, 0x8f, 0x14, 0x94, + 0x87, 0x25, 0x5e, 0xcd, 0xd4, 0x4b, 0xaa, 0xc9, + 0x7e, 0x41, 0x9f, 0x33, 0x77, 0xbe, 0x6d, 0x57, + 0x68, 0xef, 0xee, 0x1a, 0xc4, 0x5c, 0x7b, 0xca, + 0x7e, 0x33, 0x93, 0x3d, 0x88, 0x91, 0xd1, 0x34, + 0x6a, 0x39, 0x98, 0x92, 0x50, 0x1a, 0x02, 0xcf, + 0x89, 0x34, 0x33, 0x10, 0x65, 0x23, 0x4d, 0xb7, + 0x00, 0xcc, 0xc1, 0x60, 0xdd, 0x7d, 0x8e, 0xd1, + 0x16, 0xa7, 0x71, 0x7b, 0x20, 0xcb, 0xe4, 0xe8, + 0xcc, 0xfc, 0xb8, 0x5f, 0xe4, 0xe2, 0xd6, 0x8c, + 0x43, 0x9c, 0x06, 0xf4, 0x8d, 0xbc, 0x56, 0xd0, + 0x0c, 0xd6, 0x0b, 0x6c, 0x33, 0x0e, 0x08, 0x77, + 0x66, 0x52, 0x1f, 0x48, 0x0c, 0x50, 0x4a, 0xc2, + 0x99, 0x0a, 0x15, 0x86, 0xc3, 0x9b, 0x7a, 0x5f, + 0xfb, 0x58, 0xbd, 0x63, 0x0c, 0xbe, 0x83, 0x40, + 0x8f, 0xba, 0x39, 0xfb, 0x45, 0xb9, 0xf7, 0x96, + 0x62, 0xec, 0x7e, 0x77, 0xa4, 0xfb, 0xe1, 0x86, + 0x5c, 0x0a, 0xae, 0x32, 0xbd, 0x79, 0x76, 0x8b +}; +static const byte ml_dsa_44_good_sig[] = { + 0x09, 0xf0, 0xae, 0xbb, 0x25, 0xc7, 0xfc, 0xdd, + 0x93, 0x25, 0x9c, 0x50, 0xd9, 0x2e, 0x72, 0x5d, + 0x53, 0xf5, 0x29, 0xd7, 0x4c, 0xc2, 0xd6, 0x81, + 0x5c, 0xf3, 0x3f, 0x9a, 0x8a, 0xa9, 0x00, 0x21, + 0x6c, 0xc6, 0xb9, 0x72, 0xb7, 0x0e, 0x00, 0x55, + 0x9f, 0xd7, 0xae, 0x92, 0xc3, 0xbc, 0x8f, 0x2d, + 0x4f, 0x54, 0x87, 0x56, 0x52, 0xd3, 0xdd, 0xaf, + 0xe0, 0xff, 0xda, 0x80, 0x1b, 0xf3, 0x56, 0x90, + 0xdd, 0x07, 0x86, 0xad, 0xf7, 0xf3, 0x8e, 0xcf, + 0x3a, 0x57, 0x30, 0x52, 0xaa, 0xd2, 0xb1, 0xf0, + 0x66, 0xea, 0x67, 0xab, 0x94, 0x1d, 0x96, 0x04, + 0xaa, 0xcf, 0x0e, 0xb0, 0xbc, 0x7d, 0x8a, 0x4c, + 0x62, 0x21, 0x82, 0x81, 0x98, 0x63, 0x22, 0x91, + 0xb9, 0xfe, 0x53, 0x63, 0x8d, 0xdf, 0xe6, 0x19, + 0xc1, 0x54, 0x3b, 0xf0, 0xf5, 0xe4, 0xc4, 0x36, + 0x66, 0x2f, 0xcc, 0x4f, 0xed, 0xc6, 0x62, 0x7d, + 0x8b, 0x7b, 0x89, 0xac, 0x23, 0x0b, 0x40, 0x4e, + 0x2d, 0xdc, 0xe5, 0xa2, 0xbc, 0x8b, 0xac, 0xe7, + 0x0b, 0xaa, 0x15, 0xa0, 0x79, 0x4a, 0x97, 0x8a, + 0xc8, 0xb1, 0x31, 0xea, 0x29, 0x99, 0x14, 0x5d, + 0x5b, 0x8c, 0xc2, 0xd0, 0xc2, 0x29, 0xd0, 0x85, + 0xb9, 0x25, 0x16, 0x08, 0xe8, 0x41, 0xa7, 0x77, + 0x1a, 0xbf, 0x5a, 0x48, 0x5a, 0x7f, 0x97, 0x44, + 0x62, 0xb4, 0x68, 0x2e, 0x05, 0x48, 0xde, 0x0f, + 0x69, 0xcc, 0x05, 0x3c, 0xa4, 0x85, 0x20, 0x60, + 0xfd, 0x45, 0x6a, 0x14, 0xb9, 0x76, 0x8d, 0x48, + 0xe7, 0x71, 0xd0, 0xd7, 0xbe, 0xe3, 0x36, 0xd6, + 0x94, 0x5c, 0x22, 0x6e, 0x28, 0xc6, 0x34, 0x93, + 0xf4, 0x6c, 0xf2, 0x62, 0xbf, 0x8f, 0x6d, 0x07, + 0xff, 0x38, 0x92, 0x23, 0x19, 0x55, 0xd0, 0x66, + 0x72, 0x76, 0xc1, 0x43, 0xbc, 0x60, 0x5d, 0xaa, + 0x61, 0x10, 0xdb, 0x0c, 0x49, 0x7b, 0x99, 0xce, + 0x14, 0xe3, 0x0b, 0x80, 0xdc, 0x8a, 0x3d, 0xa5, + 0x3a, 0x0e, 0x29, 0x88, 0x09, 0x1f, 0x9c, 0x03, + 0x32, 0x13, 0xc2, 0xe1, 0x49, 0x26, 0xc7, 0x11, + 0xfa, 0x7f, 0x2d, 0x64, 0xfc, 0xf9, 0xaf, 0xd0, + 0x4d, 0xcf, 0x3a, 0x23, 0x49, 0xde, 0xf2, 0x5d, + 0xad, 0xf3, 0xde, 0xe0, 0x9a, 0xa2, 0x96, 0x0a, + 0x9d, 0x97, 0x39, 0x88, 0x60, 0x75, 0xec, 0x29, + 0x9b, 0x93, 0xfc, 0x80, 0xb3, 0xeb, 0xb0, 0xc6, + 0xa8, 0xea, 0x75, 0x67, 0xed, 0xbd, 0x42, 0x2a, + 0xed, 0x22, 0x27, 0xdb, 0x41, 0x3a, 0x94, 0x86, + 0xd7, 0x4a, 0xf1, 0x8f, 0xa5, 0x47, 0x38, 0xa3, + 0x3c, 0xe7, 0x17, 0x5d, 0xce, 0xdc, 0x32, 0x7c, + 0xe4, 0x05, 0x58, 0x98, 0x67, 0xc8, 0xaf, 0x35, + 0x5d, 0xf9, 0xc0, 0x10, 0x6d, 0x9d, 0xd3, 0x27, + 0x79, 0x3c, 0x1d, 0xdd, 0xfb, 0x53, 0x3c, 0x03, + 0x4c, 0xb3, 0x1b, 0x0b, 0x3a, 0x60, 0x80, 0xcd, + 0x9b, 0x1e, 0x5f, 0x3f, 0x29, 0xfa, 0xb1, 0x09, + 0x9a, 0x88, 0x58, 0x4a, 0xf5, 0xed, 0xe9, 0x7c, + 0x9d, 0x70, 0xbe, 0x57, 0xfb, 0x92, 0x12, 0xc9, + 0x8c, 0x6b, 0x77, 0xe2, 0x44, 0xc6, 0x82, 0x2a, + 0x29, 0xb3, 0x9c, 0xb0, 0x60, 0xda, 0x3d, 0xcd, + 0x4e, 0x49, 0x96, 0x8c, 0xd7, 0x2b, 0x29, 0x28, + 0x7b, 0xec, 0xf1, 0x46, 0x40, 0xf0, 0xe1, 0xd7, + 0x48, 0x9e, 0xdf, 0xfd, 0xa6, 0xd0, 0xaa, 0x35, + 0x94, 0x7a, 0x94, 0x57, 0xf3, 0xd4, 0x15, 0x19, + 0xd3, 0xc5, 0x35, 0x73, 0xc4, 0xf5, 0x86, 0x0d, + 0x2a, 0x5b, 0x67, 0x0d, 0x8d, 0xaa, 0x18, 0x3e, + 0xea, 0x9d, 0x80, 0xe7, 0xf8, 0xbb, 0x23, 0xea, + 0x5d, 0x1c, 0x4d, 0xb2, 0x58, 0x7e, 0xe5, 0xef, + 0x80, 0xc1, 0x63, 0x44, 0xaf, 0x1d, 0xed, 0xf6, + 0x92, 0x05, 0x0c, 0xda, 0xcc, 0x58, 0x39, 0x27, + 0xdd, 0x24, 0xac, 0x63, 0x23, 0x34, 0xaa, 0x2d, + 0xd0, 0x5b, 0xd7, 0x7f, 0x6d, 0xcb, 0x64, 0xed, + 0xb3, 0x9b, 0x05, 0x90, 0x79, 0xc2, 0x25, 0x68, + 0xed, 0xf6, 0xa8, 0x7e, 0x30, 0x4a, 0x46, 0x44, + 0xad, 0xc8, 0x12, 0x8d, 0x04, 0xc3, 0x11, 0x83, + 0x7e, 0x77, 0xef, 0x9c, 0xa2, 0xf9, 0x3b, 0x06, + 0x84, 0x7f, 0x72, 0xd9, 0x2f, 0x22, 0x95, 0xb7, + 0x7b, 0x4e, 0x35, 0x6a, 0xfa, 0x73, 0x7d, 0x88, + 0x5b, 0xac, 0x7b, 0xc5, 0x53, 0xc1, 0xfe, 0x6b, + 0x7c, 0x05, 0xc3, 0xe4, 0xae, 0x48, 0x1a, 0xea, + 0x6e, 0x51, 0x46, 0x1e, 0x82, 0x80, 0xde, 0x31, + 0xe1, 0x41, 0x71, 0x88, 0x41, 0xa7, 0xb2, 0xcd, + 0x3d, 0xf7, 0x5c, 0x4f, 0x4c, 0xfd, 0x3f, 0x6f, + 0x6c, 0x82, 0xc1, 0xba, 0xe0, 0xf0, 0xb4, 0x8c, + 0xd5, 0xb5, 0x32, 0xbf, 0x91, 0x49, 0x7e, 0x39, + 0x5e, 0x0a, 0xdf, 0x4b, 0xd6, 0x07, 0x72, 0xff, + 0x58, 0x65, 0x1b, 0x1f, 0xc6, 0x56, 0xd2, 0x00, + 0xec, 0x60, 0xd1, 0x22, 0xc9, 0x1a, 0xa4, 0xcc, + 0x26, 0xb4, 0xd1, 0x93, 0xbc, 0xfc, 0x52, 0xdf, + 0xa1, 0x23, 0x37, 0x9b, 0xa2, 0xa8, 0x8f, 0xf3, + 0x39, 0x03, 0xa5, 0x4c, 0xf0, 0x68, 0xe5, 0x95, + 0x62, 0xfb, 0xd8, 0x88, 0x39, 0xf6, 0x02, 0x0a, + 0x4e, 0x7c, 0xf0, 0xbf, 0x71, 0x99, 0x0f, 0x19, + 0x61, 0xd9, 0x39, 0xe8, 0x3f, 0x59, 0x22, 0x4a, + 0xaa, 0xdd, 0x03, 0xf8, 0x09, 0xb8, 0xaf, 0xd9, + 0xb9, 0x9c, 0x3f, 0xf1, 0xfe, 0x49, 0xae, 0x99, + 0x2f, 0xa2, 0x22, 0x5a, 0x3c, 0xe9, 0xe9, 0xf7, + 0xba, 0x2d, 0xeb, 0x1f, 0x6c, 0xa7, 0xe1, 0x87, + 0x2f, 0xa5, 0xff, 0xcf, 0x1c, 0x22, 0x8d, 0xf2, + 0x5f, 0x63, 0xf5, 0xbb, 0x36, 0x66, 0xcc, 0x62, + 0x89, 0x8e, 0xf7, 0x78, 0xc5, 0x97, 0x95, 0xde, + 0xec, 0x43, 0x39, 0x6e, 0x0d, 0xe0, 0x8e, 0xbd, + 0x2b, 0x3b, 0xe6, 0xff, 0xf5, 0x8f, 0x90, 0xd2, + 0xd2, 0xce, 0x3b, 0x6f, 0x78, 0xf5, 0xd3, 0x42, + 0xf3, 0x0f, 0x27, 0x4b, 0x2b, 0xe4, 0xd8, 0x0d, + 0x31, 0xfa, 0xba, 0xdc, 0x54, 0x21, 0x9a, 0xbf, + 0x1e, 0x1d, 0x06, 0x8e, 0xd9, 0x58, 0xce, 0x9a, + 0x71, 0x79, 0x4d, 0xcb, 0xfb, 0x99, 0x4b, 0x66, + 0xed, 0xef, 0x75, 0x20, 0x4d, 0x47, 0x9b, 0x40, + 0xd5, 0xcf, 0xd9, 0x00, 0xfe, 0x32, 0x45, 0xae, + 0x4b, 0x7e, 0x8e, 0x7b, 0xf9, 0xd4, 0xd4, 0x2e, + 0x1a, 0x2a, 0xac, 0x73, 0xdb, 0x79, 0xb7, 0x02, + 0x6a, 0x3d, 0xa2, 0xfe, 0x52, 0x27, 0x25, 0x43, + 0xd1, 0xb5, 0x48, 0x0e, 0xef, 0xf1, 0x0f, 0xe7, + 0x27, 0xc2, 0x59, 0x4e, 0x47, 0xe2, 0x12, 0xaa, + 0x1e, 0xae, 0xbc, 0x86, 0x22, 0x70, 0x33, 0xa5, + 0x50, 0x3f, 0xed, 0x3c, 0x98, 0xbb, 0xd5, 0xb3, + 0x3e, 0x43, 0x21, 0x8e, 0x3e, 0x8c, 0xcc, 0x0c, + 0xcf, 0x50, 0xcd, 0xeb, 0x1b, 0x9d, 0x0c, 0xc9, + 0xe3, 0x2f, 0xbb, 0x4b, 0x43, 0xfc, 0x37, 0x27, + 0xcb, 0xc9, 0x5a, 0xe9, 0x45, 0x92, 0x9d, 0xe9, + 0x60, 0x8f, 0x93, 0x1b, 0xd8, 0x6a, 0x68, 0x86, + 0xc2, 0x1d, 0x49, 0x92, 0x11, 0x29, 0x62, 0x14, + 0x15, 0x4c, 0xe9, 0x33, 0xe3, 0x70, 0x2d, 0x6b, + 0x8b, 0xb5, 0x22, 0x44, 0x82, 0xbe, 0x43, 0xe2, + 0x80, 0xfb, 0xb5, 0xfa, 0x6a, 0x30, 0x04, 0x20, + 0xb6, 0x58, 0xe1, 0xf4, 0x8c, 0xe6, 0x4c, 0x7c, + 0x8d, 0x38, 0xf6, 0xdd, 0x59, 0xfc, 0x5a, 0xd7, + 0x9f, 0x34, 0x92, 0xcc, 0xde, 0x65, 0x89, 0xa7, + 0xd9, 0x57, 0xf7, 0xf2, 0x71, 0x39, 0xaf, 0xb6, + 0x88, 0x02, 0x40, 0x24, 0x8b, 0x4f, 0xc5, 0xfc, + 0xdc, 0x5c, 0xc0, 0x1d, 0xa6, 0x68, 0x87, 0xe0, + 0x8f, 0xdc, 0xf0, 0xac, 0xd8, 0x5f, 0x1c, 0xb3, + 0x07, 0xac, 0x58, 0x97, 0x3f, 0x3e, 0x72, 0x19, + 0x18, 0x64, 0x55, 0x73, 0x11, 0x71, 0xd1, 0xa4, + 0xa6, 0x57, 0xb0, 0x27, 0xaf, 0xad, 0x8a, 0xf7, + 0xdf, 0xde, 0x1e, 0xdb, 0x31, 0xc9, 0x32, 0x85, + 0x90, 0x40, 0x3d, 0xfe, 0x64, 0x5d, 0xe3, 0x94, + 0x74, 0x98, 0xa7, 0xed, 0x84, 0x44, 0x13, 0x76, + 0xba, 0xe9, 0x09, 0x9a, 0x17, 0xe0, 0x38, 0x03, + 0x3b, 0x7a, 0xa7, 0x0e, 0x74, 0xbd, 0x93, 0xb1, + 0x85, 0x64, 0xc9, 0xc4, 0x22, 0xb9, 0xdf, 0x80, + 0xac, 0xa1, 0x17, 0xdb, 0x11, 0xdb, 0xfa, 0xeb, + 0x90, 0x3c, 0x28, 0xfb, 0xa2, 0x36, 0x76, 0x61, + 0x20, 0x00, 0x88, 0x15, 0xc0, 0x79, 0x9f, 0x7d, + 0x9f, 0x90, 0xdb, 0x79, 0xbf, 0x1c, 0xdf, 0x86, + 0xc9, 0x60, 0x8c, 0xea, 0xa6, 0x24, 0x81, 0xd6, + 0x6d, 0xd8, 0x8d, 0x17, 0x5f, 0x5c, 0x6d, 0x93, + 0xbc, 0xed, 0xe5, 0x41, 0x05, 0xbe, 0xc6, 0x0f, + 0x66, 0x50, 0xc3, 0xce, 0x7e, 0x6c, 0x80, 0x88, + 0xf5, 0x52, 0x61, 0xaf, 0xdb, 0xc0, 0x80, 0xbe, + 0x78, 0x49, 0x64, 0x39, 0x54, 0x26, 0xeb, 0xab, + 0x07, 0x4d, 0x38, 0x66, 0x06, 0x98, 0x58, 0xaa, + 0x40, 0xc4, 0x89, 0xb2, 0x08, 0x85, 0xf3, 0x14, + 0x58, 0x5d, 0x36, 0xf7, 0xf0, 0x6b, 0x72, 0x79, + 0x6d, 0xbe, 0x5e, 0x24, 0x68, 0xf1, 0x3c, 0xa2, + 0x82, 0x22, 0x6e, 0xc4, 0x46, 0x94, 0x8e, 0x00, + 0xcb, 0xc0, 0x07, 0x69, 0xa5, 0x6d, 0x57, 0x04, + 0x79, 0xeb, 0x06, 0x7a, 0x42, 0x20, 0x6e, 0xdc, + 0xb5, 0xa4, 0xdd, 0x74, 0xb3, 0x92, 0x16, 0x71, + 0x7d, 0x99, 0xfa, 0x26, 0x35, 0x57, 0xe2, 0x83, + 0xc2, 0xb6, 0xfb, 0x0a, 0xae, 0x22, 0xed, 0xe3, + 0x98, 0x65, 0x18, 0x32, 0xf8, 0xe5, 0xed, 0xa9, + 0xf9, 0x7d, 0xb8, 0xea, 0x21, 0x51, 0x6c, 0x70, + 0x4c, 0xfa, 0xec, 0x6d, 0x4c, 0xf4, 0xcb, 0x1c, + 0x43, 0xfb, 0xfc, 0xbb, 0xa9, 0xcb, 0xc5, 0x21, + 0xb3, 0x89, 0xd6, 0x4c, 0xc4, 0x42, 0xd1, 0x55, + 0x3d, 0x43, 0x74, 0xbf, 0xb7, 0x47, 0xb3, 0x5b, + 0x14, 0xc3, 0x8f, 0x42, 0x30, 0x57, 0xb0, 0x22, + 0x56, 0xbe, 0x8d, 0x88, 0x7e, 0x7d, 0x63, 0xc8, + 0xec, 0x01, 0x41, 0xd5, 0x9d, 0xb6, 0x7a, 0x3b, + 0xfe, 0x8b, 0x95, 0x94, 0xdb, 0xca, 0xf1, 0xb4, + 0x56, 0xd7, 0x83, 0xf4, 0x11, 0x05, 0x65, 0xde, + 0x7a, 0xa3, 0x5a, 0x7a, 0x70, 0xe4, 0xd2, 0xad, + 0xc0, 0xff, 0x3f, 0x66, 0x2e, 0x1a, 0x65, 0x38, + 0xda, 0x1f, 0x3f, 0xac, 0x04, 0x2f, 0x0f, 0xde, + 0x7e, 0x55, 0x05, 0x12, 0xe9, 0xe7, 0x69, 0xf9, + 0x34, 0x2c, 0x84, 0x97, 0xa8, 0x86, 0x0c, 0x24, + 0x32, 0x87, 0xfd, 0xbe, 0x67, 0xd1, 0x02, 0x21, + 0x3b, 0x33, 0xfd, 0x11, 0xb1, 0xca, 0x4f, 0xeb, + 0x40, 0x38, 0xf6, 0x19, 0x83, 0x9d, 0x73, 0x44, + 0x37, 0xd6, 0x69, 0x6d, 0x85, 0xda, 0xf7, 0x69, + 0xfb, 0x88, 0x2b, 0xe7, 0xe7, 0x3c, 0x18, 0xa8, + 0x13, 0xb7, 0xee, 0x5c, 0x50, 0x5b, 0xa3, 0x09, + 0x1c, 0xef, 0x8d, 0x37, 0x89, 0x75, 0x0f, 0x8b, + 0xea, 0x17, 0x02, 0x47, 0x21, 0xcb, 0xa8, 0x73, + 0x71, 0x23, 0x4c, 0xf7, 0x50, 0xdd, 0x21, 0xe5, + 0xdb, 0x40, 0x3a, 0x87, 0x40, 0x8d, 0x60, 0x89, + 0x9e, 0x20, 0x00, 0x58, 0xeb, 0xbb, 0x24, 0x9b, + 0x0a, 0x17, 0x8f, 0xf6, 0x56, 0x07, 0x11, 0x5b, + 0xa7, 0xcd, 0x93, 0x0a, 0x31, 0x3d, 0x1f, 0x45, + 0xa0, 0x08, 0x8f, 0x88, 0x34, 0xa5, 0x01, 0x3b, + 0xea, 0x07, 0xa3, 0x7b, 0x66, 0x3e, 0x96, 0xe8, + 0xf7, 0x4d, 0x63, 0x04, 0x55, 0x89, 0xf1, 0x02, + 0x1e, 0x4a, 0x21, 0xb1, 0x2b, 0x8c, 0x7f, 0x2e, + 0x0c, 0x64, 0x26, 0x36, 0xd8, 0x63, 0xab, 0xf5, + 0x22, 0xaf, 0xa9, 0xfa, 0xfa, 0x21, 0x4b, 0x7e, + 0x6f, 0x8c, 0xce, 0x98, 0xf2, 0x85, 0x3f, 0x2c, + 0x07, 0x90, 0xc3, 0x2c, 0x06, 0xc5, 0xde, 0xc8, + 0xc2, 0x7c, 0xd7, 0x9b, 0x64, 0x25, 0x8a, 0x9b, + 0x77, 0x07, 0xc7, 0x4c, 0xd7, 0x67, 0xff, 0xe6, + 0xdb, 0x17, 0xf5, 0xc4, 0x2a, 0x14, 0x44, 0x1a, + 0xff, 0xda, 0xe0, 0xa7, 0x09, 0x1c, 0xe9, 0x03, + 0xde, 0x4a, 0x59, 0xe4, 0xdf, 0xa3, 0x0d, 0x3a, + 0x43, 0xdf, 0x80, 0x82, 0x87, 0xfa, 0x75, 0xf5, + 0xe8, 0xef, 0x6f, 0xd0, 0x89, 0xdd, 0xa1, 0x75, + 0x17, 0x5b, 0x71, 0x47, 0xe8, 0x8d, 0xae, 0xf6, + 0x18, 0x7f, 0xb9, 0x24, 0x68, 0x3f, 0x17, 0x6b, + 0xa8, 0x30, 0x67, 0x7e, 0x02, 0x9b, 0xf6, 0x4d, + 0x03, 0xa8, 0xfb, 0x33, 0x2f, 0xb4, 0x65, 0x72, + 0x2a, 0x30, 0xa6, 0x93, 0x94, 0x7a, 0x41, 0x0f, + 0xd3, 0x67, 0x0b, 0xba, 0xa4, 0x49, 0x7c, 0xcf, + 0x1f, 0x59, 0x1e, 0x2e, 0x45, 0xd4, 0xa8, 0xb1, + 0x98, 0x2b, 0xd7, 0x6f, 0x55, 0xb8, 0xf2, 0x65, + 0x7b, 0x96, 0x18, 0xf7, 0x2e, 0xde, 0x9c, 0x39, + 0x7a, 0x08, 0x2e, 0xe7, 0x3c, 0x9e, 0x4a, 0xfe, + 0xba, 0x49, 0xce, 0xba, 0x65, 0x18, 0xae, 0xae, + 0x9b, 0xd5, 0xf5, 0xeb, 0xd3, 0xdc, 0xd7, 0x2c, + 0x92, 0x3c, 0xe2, 0x93, 0xb9, 0x69, 0xf2, 0x20, + 0xea, 0xbd, 0xa9, 0x01, 0x2b, 0x72, 0x7c, 0x93, + 0x6c, 0x1f, 0x80, 0x3a, 0xd2, 0x2d, 0xf6, 0xc1, + 0x31, 0x63, 0xd2, 0x2f, 0x6c, 0x1a, 0x54, 0x1f, + 0x74, 0xe6, 0xa0, 0xac, 0xb1, 0x04, 0x03, 0xb3, + 0x22, 0x19, 0x48, 0x0a, 0xa7, 0x55, 0x25, 0xc1, + 0x77, 0x28, 0xb9, 0xbe, 0xef, 0xa8, 0xc6, 0x2b, + 0xd5, 0x6c, 0x5d, 0x7b, 0x85, 0xcd, 0x10, 0x2d, + 0x9e, 0xfd, 0xb8, 0xa5, 0x10, 0x65, 0xf7, 0x29, + 0xa7, 0x41, 0x18, 0xc8, 0xc2, 0x23, 0xe5, 0xcb, + 0x96, 0x91, 0x8a, 0x7e, 0x45, 0x30, 0x6b, 0x91, + 0xf1, 0x88, 0xb3, 0x2e, 0x92, 0x96, 0x0a, 0x42, + 0x4a, 0x16, 0x9d, 0x0c, 0xa8, 0xa7, 0xe5, 0x64, + 0x38, 0x8a, 0x53, 0x41, 0x28, 0xbf, 0xd7, 0xa4, + 0x14, 0x05, 0x59, 0x11, 0x2e, 0x0f, 0xc8, 0x5c, + 0x97, 0x8d, 0xd3, 0x92, 0xbf, 0xb9, 0x05, 0xfa, + 0xff, 0x38, 0xbf, 0xd6, 0xc5, 0x22, 0xf8, 0xa4, + 0x75, 0x30, 0x45, 0x93, 0x14, 0xda, 0xc0, 0x7f, + 0xea, 0x24, 0xe0, 0x33, 0x68, 0xf2, 0x6d, 0xe1, + 0xb1, 0x0c, 0x7d, 0x40, 0xaa, 0x16, 0x53, 0xa1, + 0xf6, 0x26, 0xb1, 0x25, 0xe8, 0x83, 0xe9, 0xea, + 0xea, 0xd2, 0x5a, 0x24, 0xda, 0xe2, 0x6e, 0xd1, + 0x2a, 0x87, 0x64, 0x48, 0x13, 0x55, 0xb1, 0x2c, + 0x1a, 0x58, 0x43, 0x5b, 0x63, 0x14, 0x3e, 0x02, + 0xf0, 0xcf, 0x61, 0x7d, 0x83, 0x81, 0xb9, 0x65, + 0x4b, 0x72, 0xee, 0xff, 0xfb, 0x6a, 0xbe, 0x71, + 0x26, 0x56, 0x28, 0x13, 0x9f, 0x31, 0xda, 0x8c, + 0x2f, 0xdb, 0x21, 0xbe, 0x4b, 0x66, 0xbb, 0xad, + 0x7a, 0x13, 0x55, 0x92, 0x7c, 0xb5, 0x6e, 0x5f, + 0x45, 0x1b, 0x64, 0x2d, 0xad, 0x6d, 0x32, 0x07, + 0xe4, 0x91, 0xdc, 0x0c, 0x1b, 0x5f, 0xcd, 0x86, + 0xe2, 0x99, 0x2b, 0xb9, 0x7e, 0x60, 0xbd, 0xad, + 0xa1, 0x5c, 0xab, 0x7f, 0x76, 0xf3, 0x77, 0xba, + 0x73, 0x7f, 0x6a, 0x88, 0x4e, 0xff, 0x40, 0x72, + 0x7a, 0x4d, 0x9b, 0x20, 0x2d, 0xc9, 0x2a, 0x30, + 0x0f, 0x8f, 0x0f, 0xc9, 0x79, 0xc8, 0xc3, 0x8a, + 0x83, 0x52, 0xff, 0x66, 0x7a, 0x42, 0x04, 0x08, + 0x6e, 0x5b, 0x13, 0xda, 0xb9, 0xb6, 0x2d, 0x45, + 0x77, 0x9a, 0xa0, 0x2b, 0xc1, 0x87, 0xc2, 0xa6, + 0x35, 0x7f, 0x39, 0x34, 0x2e, 0x95, 0x1e, 0x8c, + 0xbf, 0x89, 0x6d, 0xcf, 0x82, 0xb8, 0x9f, 0x9b, + 0xd1, 0xbc, 0xa2, 0x55, 0x83, 0xf4, 0xca, 0x21, + 0x11, 0x8f, 0x28, 0xa9, 0x5e, 0x28, 0x23, 0xb4, + 0x43, 0x60, 0xb6, 0x11, 0x1a, 0x6f, 0xb4, 0xd1, + 0x96, 0xc8, 0x79, 0xf2, 0x39, 0x8b, 0x82, 0xae, + 0xe0, 0xc2, 0xe4, 0xf9, 0xfb, 0xf8, 0x85, 0x64, + 0x28, 0xad, 0xb5, 0xfd, 0x37, 0xc5, 0x21, 0x38, + 0x31, 0x94, 0x0d, 0xbe, 0xd8, 0xaf, 0x9b, 0x8a, + 0x7d, 0xfb, 0x56, 0xd8, 0x23, 0xf7, 0x55, 0x55, + 0xe7, 0xd9, 0x63, 0x65, 0xfd, 0x64, 0x2e, 0x8a, + 0x1d, 0x1b, 0xac, 0x4e, 0x2f, 0xef, 0x1b, 0x77, + 0xca, 0x01, 0xd6, 0xfc, 0xb0, 0x11, 0xda, 0x6b, + 0xef, 0x9f, 0x76, 0x81, 0x3e, 0x3f, 0x26, 0x4b, + 0x3b, 0x97, 0xa0, 0x7d, 0xd6, 0xcf, 0x51, 0x0d, + 0x06, 0xf7, 0xf5, 0x88, 0x64, 0x34, 0x7a, 0xe3, + 0xb9, 0x16, 0xc3, 0x06, 0x04, 0xf3, 0xe9, 0x55, + 0xd2, 0xff, 0x49, 0xec, 0x57, 0x84, 0x1f, 0x39, + 0x28, 0x71, 0x57, 0x87, 0x40, 0xf2, 0x7a, 0x30, + 0xa0, 0x88, 0xba, 0x6c, 0xb1, 0x09, 0x30, 0x3a, + 0x11, 0x75, 0xcf, 0xbe, 0x4c, 0xf7, 0xf7, 0xca, + 0x44, 0x52, 0x91, 0xd0, 0x4c, 0x12, 0x3e, 0x3a, + 0x4b, 0x31, 0x20, 0xfe, 0x27, 0xd2, 0x08, 0x5b, + 0x83, 0x7b, 0x82, 0xd3, 0xa3, 0x72, 0xba, 0x2f, + 0x5f, 0xa3, 0x71, 0xcd, 0x8d, 0x3f, 0x94, 0xce, + 0x86, 0xa8, 0x6b, 0x43, 0xb7, 0x06, 0x80, 0x70, + 0x64, 0x06, 0xab, 0x54, 0xce, 0xb5, 0x29, 0xaf, + 0x73, 0xf7, 0x0f, 0x65, 0x70, 0xa7, 0x84, 0x1a, + 0x0b, 0xdb, 0x0c, 0xa9, 0x20, 0xea, 0x06, 0x7a, + 0xba, 0x80, 0xc6, 0xae, 0x3e, 0x0a, 0x7b, 0xd6, + 0x21, 0x99, 0xe0, 0xae, 0x6e, 0x8f, 0x80, 0xa9, + 0x97, 0x27, 0x3d, 0x7e, 0xb2, 0xd8, 0x06, 0x10, + 0x36, 0x07, 0x64, 0x12, 0xd0, 0xc7, 0x91, 0xd2, + 0x81, 0x74, 0x22, 0x8b, 0x8f, 0xe0, 0x48, 0xc4, + 0xe1, 0x9b, 0x05, 0xc8, 0xc5, 0xc3, 0x9a, 0x7b, + 0x9d, 0xee, 0x23, 0xe0, 0x98, 0xc0, 0xd0, 0x05, + 0x21, 0x89, 0x9a, 0xf4, 0x45, 0xd1, 0x1d, 0x80, + 0x79, 0xb7, 0xfe, 0x3c, 0xff, 0x84, 0x86, 0xf0, + 0x2a, 0x69, 0x8b, 0x2d, 0x3b, 0x82, 0xa0, 0xab, + 0xee, 0xe6, 0xf4, 0x64, 0x84, 0x2b, 0x7a, 0x42, + 0x12, 0x8d, 0x10, 0xa6, 0xae, 0x10, 0x6d, 0x03, + 0xb5, 0x72, 0x09, 0xf8, 0x3f, 0xe4, 0x1c, 0x0a, + 0x08, 0x0d, 0x1a, 0x45, 0x5b, 0x70, 0x7b, 0x95, + 0xa1, 0xa7, 0xb4, 0xb6, 0xbf, 0xcc, 0xfc, 0x09, + 0x1a, 0x30, 0x40, 0x44, 0x5e, 0x69, 0x73, 0x7a, + 0x81, 0xa5, 0xb9, 0xd7, 0xdd, 0xe3, 0xee, 0xfb, + 0x16, 0x1a, 0x1d, 0x40, 0x41, 0x4e, 0x8d, 0x90, + 0x92, 0x9d, 0xaf, 0xb0, 0xbb, 0xc2, 0xe0, 0xfc, + 0x06, 0x0b, 0x20, 0x37, 0x47, 0x50, 0x53, 0x65, + 0x87, 0x89, 0x99, 0xa4, 0xb7, 0xdb, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x0f, 0x20, 0x30, 0x3e +}; +#endif + +int test_wc_dilithium(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) + dilithium_key* key; + byte level; +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) + WC_RNG rng; +#endif + byte* privKey = NULL; +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + word32 privKeyLen = DILITHIUM_MAX_KEY_SIZE; +#endif + byte* pubKey = NULL; +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE; +#endif + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + privKey = (byte*)XMALLOC(DILITHIUM_MAX_KEY_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(privKey); + pubKey = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(pubKey); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) + XMEMSET(&rng, 0, sizeof(WC_RNG)); +#endif + +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) + ExpectIntEQ(wc_InitRng(&rng), 0); +#endif + + ExpectIntEQ(wc_dilithium_init(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_init_ex(NULL, NULL, INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + wc_dilithium_free(NULL); + + ExpectIntEQ(wc_dilithium_init(key), 0); + wc_dilithium_free(key); + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); + +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY + ExpectIntEQ(wc_dilithium_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_priv_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#endif +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_pub_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + ExpectIntEQ(wc_dilithium_sig_size(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY + ExpectIntEQ(wc_dilithium_size(key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_priv_size(key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#endif +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_pub_size(key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + ExpectIntEQ(wc_dilithium_sig_size(key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + ExpectIntEQ(wc_dilithium_set_level(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_set_level(key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_set_level(NULL, WC_ML_DSA_44), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_set_level(key, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_set_level(key, 4), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_dilithium_get_level(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_get_level(key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_get_level(NULL, &level), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_get_level(key, &level), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#ifndef WOLFSSL_NO_ML_DSA_87 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); + ExpectIntEQ(wc_dilithium_get_level(key, &level), 0); + ExpectIntEQ(level, WC_ML_DSA_87); +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY + ExpectIntEQ(wc_dilithium_size(key), DILITHIUM_LEVEL5_KEY_SIZE); +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_priv_size(key), DILITHIUM_LEVEL5_PRV_KEY_SIZE); +#endif +#endif +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_pub_size(key), DILITHIUM_LEVEL5_PUB_KEY_SIZE); +#endif +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL5_SIG_SIZE); +#endif +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); + ExpectIntEQ(wc_dilithium_get_level(key, &level), 0); + ExpectIntEQ(level, WC_ML_DSA_65); +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY + ExpectIntEQ(wc_dilithium_size(key), DILITHIUM_LEVEL3_KEY_SIZE); +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_priv_size(key), DILITHIUM_LEVEL3_PRV_KEY_SIZE); +#endif +#endif +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_pub_size(key), DILITHIUM_LEVEL3_PUB_KEY_SIZE); +#endif +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL3_SIG_SIZE); +#endif +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); + ExpectIntEQ(wc_dilithium_get_level(key, &level), 0); + ExpectIntEQ(level, WC_ML_DSA_44); +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY + ExpectIntEQ(wc_dilithium_size(key), DILITHIUM_LEVEL2_KEY_SIZE); +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_priv_size(key), DILITHIUM_LEVEL2_PRV_KEY_SIZE); +#endif +#endif +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + ExpectIntEQ(wc_dilithium_pub_size(key), DILITHIUM_LEVEL2_PUB_KEY_SIZE); +#endif +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + ExpectIntEQ(wc_dilithium_sig_size(key), DILITHIUM_LEVEL2_SIG_SIZE); +#endif +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif + +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + wc_dilithium_free(key); +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) + wc_FreeRng(&rng); +#endif + XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +int test_wc_dilithium_make_key(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) + dilithium_key* key; + WC_RNG rng; + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_dilithium_init(key), 0); + + ExpectIntEQ(wc_dilithium_make_key(key, &rng), WC_NO_ERR_TRACE(BAD_STATE_E)); + +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); +#endif + + ExpectIntEQ(wc_dilithium_make_key(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_make_key(key, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_make_key(NULL, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0); + + wc_dilithium_free(key); + wc_FreeRng(&rng); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +int test_wc_dilithium_sign(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) + dilithium_key* key; + dilithium_key* importKey = NULL; + WC_RNG rng; + byte* privKey = NULL; + word32 privKeyLen = DILITHIUM_MAX_KEY_SIZE; + word32 badKeyLen; + byte msg[32]; + byte* sig = NULL; + word32 sigLen = DILITHIUM_MAX_SIG_SIZE; + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + importKey = (dilithium_key*)XMALLOC(sizeof(*key), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(importKey); + privKey = (byte*)XMALLOC(DILITHIUM_MAX_KEY_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(privKey); + sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(sig); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + if (importKey != NULL) { + XMEMSET(importKey, 0, sizeof(*importKey)); + } + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(msg, 0x55, sizeof(msg)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_dilithium_init(key), 0); + +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); +#endif + +#ifdef WOLFSSL_DILITHIUM_NO_MAKE_KEY +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_import_private(bench_dilithium_level2_key, + sizeof_bench_dilithium_level2_key, key), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_import_private(bench_dilithium_level3_key, + sizeof_bench_dilithium_level3_key, key), 0); +#else + ExpectIntEQ(wc_dilithium_import_private(bench_dilithium_level5_key, + sizeof_bench_dilithium_level5_key, key), 0); +#endif +#else + ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0); +#endif + + ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, NULL, NULL, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, sig, NULL, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, &sigLen, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, key, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, NULL, NULL, NULL, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_sign_msg(NULL, 32, sig, &sigLen, key, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, NULL, &sigLen, key, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, NULL, key, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, NULL, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0); + + ExpectIntEQ(wc_dilithium_export_private(NULL, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_private(key, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_private(NULL, privKey, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_private(NULL, NULL, &privKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_private(NULL, privKey, &privKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_private(key, NULL, &privKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_private(key, privKey, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + badKeyLen = 0; + ExpectIntEQ(wc_dilithium_export_private(key, privKey, &badKeyLen), + WC_NO_ERR_TRACE(BUFFER_E)); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL2_KEY_SIZE); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL3_KEY_SIZE); +#else + ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL5_KEY_SIZE); +#endif + ExpectIntEQ(wc_dilithium_export_private(key, privKey, &privKeyLen), + 0); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(privKeyLen, DILITHIUM_LEVEL2_KEY_SIZE); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(privKeyLen, DILITHIUM_LEVEL3_KEY_SIZE); +#else + ExpectIntEQ(privKeyLen, DILITHIUM_LEVEL5_KEY_SIZE); +#endif + + ExpectIntEQ(wc_dilithium_init(importKey), 0); + ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, importKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_87), 0); +#endif + ExpectIntEQ(wc_dilithium_import_private(NULL, 0, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_private(privKey, 0, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_private(NULL, privKeyLen, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_private(NULL, 0, importKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_private(NULL, privKeyLen, importKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_private(privKey, 0, importKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_private(privKey, privKeyLen, importKey), + 0); + ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0); +#ifdef WOLFSSL_DILITHIUM_CHECK_KEY + ExpectIntEQ(wc_dilithium_check_key(importKey), WC_NO_ERR_TRACE(PUBLIC_KEY_E)); +#endif + wc_dilithium_free(importKey); + + wc_dilithium_free(key); + wc_FreeRng(&rng); + + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(privKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(importKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +int test_wc_dilithium_verify(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + (!defined(WOLFSSL_NO_ML_DSA_44) || !defined(WOLFSSL_DILITHIUM_NO_SIGN)) + dilithium_key* key; + dilithium_key* importKey = NULL; + WC_RNG rng; + byte* pubKey = NULL; + word32 pubKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE; + word32 badKeyLen; + byte msg[32]; + byte* sig = NULL; + word32 sigLen = DILITHIUM_MAX_SIG_SIZE; + int res; +#ifndef WOLFSSL_NO_ML_DSA_44 + byte b; +#endif + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + importKey = (dilithium_key*)XMALLOC(sizeof(*key), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(importKey); + pubKey = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(pubKey); + sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(sig); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + if (importKey != NULL) { + XMEMSET(importKey, 0, sizeof(*importKey)); + } + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(msg, 0x55, sizeof(msg)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_dilithium_init(key), 0); + +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); +#endif + +#if !defined(WOLFSSL_NO_ML_DSA_44) + ExpectIntEQ(wc_dilithium_import_public(ml_dsa_44_pub_key, + (word32)sizeof(ml_dsa_44_pub_key), key), 0); + if (sig != NULL) { + XMEMCPY(sig, ml_dsa_44_good_sig, sizeof(ml_dsa_44_good_sig)); + } + sigLen = (word32)sizeof(ml_dsa_44_good_sig); +#else +#ifdef WOLFSSL_DILITHIUM_NO_MAKE_KEY +#ifndef WOLFSSL_NO_ML_DSA_65 + ExpectIntEQ(wc_dilithium_import_public(bench_dilithium_level3_pub_key, + sizeof_bench_dilithium_level3_pub_key, key), 0); +#else + ExpectIntEQ(wc_dilithium_import_public(bench_dilithium_level5_pub_key, + sizeof_bench_dilithium_level5_pub_key, key), 0); +#endif /* !WOLFSSL_NO_ML_DSA_65 */ +#else + ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0); +#endif /* WOLFSSL_DILITHIUM_NO_MAKE_KEY */ + + ExpectIntEQ(wc_dilithium_sign_msg(msg, 32, sig, &sigLen, key, &rng), 0); +#endif /* !WOLFSSL_NO_ML_DSA_44 */ + + ExpectIntEQ(wc_dilithium_export_public(NULL, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_public(key, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_public(NULL, pubKey, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_public(NULL, NULL, &pubKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_public(NULL, pubKey, &pubKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_public(key, NULL, &pubKeyLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_public(key, pubKey, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + badKeyLen = 0; + ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &badKeyLen), + WC_NO_ERR_TRACE(BUFFER_E)); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL2_PUB_KEY_SIZE); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL3_PUB_KEY_SIZE); +#else + ExpectIntEQ(badKeyLen, DILITHIUM_LEVEL5_PUB_KEY_SIZE); +#endif + ExpectIntEQ(wc_dilithium_export_public(key, pubKey, &pubKeyLen), 0); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(pubKeyLen, DILITHIUM_LEVEL2_PUB_KEY_SIZE); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(pubKeyLen, DILITHIUM_LEVEL3_PUB_KEY_SIZE); +#else + ExpectIntEQ(pubKeyLen, DILITHIUM_LEVEL5_PUB_KEY_SIZE); +#endif + + ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_verify_msg(sig, 0, NULL, 32, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, msg, 32, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, &res, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_verify_msg(NULL, 0, NULL, 32, NULL, key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_verify_msg(NULL, sigLen, msg, 32, &res, key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_verify_msg(sig, 0, msg, 32, &res, key), + WC_NO_ERR_TRACE(BUFFER_E)); + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, NULL, 32, &res, key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, NULL, key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + res = 0; + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key), 0); + ExpectIntEQ(res, 1); + + ExpectIntEQ(wc_dilithium_init(importKey), 0); + ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, importKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(importKey, WC_ML_DSA_87), 0); +#endif + ExpectIntEQ(wc_dilithium_import_public(NULL, 0, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_public(pubKey, 0, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_public(NULL, pubKeyLen, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_public(NULL, 0, importKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_public(NULL, pubKeyLen, importKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_public(pubKey, 0, importKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_public(pubKey, pubKeyLen, importKey), 0); + res = 0; + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, importKey), + 0); + ExpectIntEQ(res, 1); +#ifdef WOLFSSL_DILITHIUM_CHECK_KEY + ExpectIntEQ(wc_dilithium_check_key(importKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + wc_dilithium_free(importKey); + +#ifndef WOLFSSL_NO_ML_DSA_44 + if (sig != NULL) { + if (sig[sigLen - 5] == 0) { + /* Unused hints meant to be 0. */ + sig[sigLen - 5] = 0xff; + res = 1; + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, + key), WC_NO_ERR_TRACE(SIG_VERIFY_E)); + ExpectIntEQ(res, 0); + sig[sigLen - 5] = 0x00; + } + + /* Last count of hints must be less than PARAMS_ML_DSA_44_OMEGA == 80 */ + b = sig[sigLen - 1]; + sig[sigLen - 1] = 0xff; + res = 1; + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key), + WC_NO_ERR_TRACE(SIG_VERIFY_E)); + ExpectIntEQ(res, 0); + sig[sigLen - 1] = b; + + if (sig[sigLen - 4] > 1) { + /* Index must be less than previous. */ + b = sig[sigLen - 84]; + sig[sigLen - 84] = 0xff; + res = 1; + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, + key), WC_NO_ERR_TRACE(SIG_VERIFY_E)); + ExpectIntEQ(res, 0); + sig[sigLen - 84] = b; + } + + /* Mess up commit hash. */ + sig[0] ^= 0x80; + res = 1; + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key), + 0); + ExpectIntEQ(res, 0); + sig[0] ^= 0x80; + + /* Mess up z. */ + sig[100] ^= 0x80; + res = 1; + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key), + 0); + ExpectIntEQ(res, 0); + sig[100] ^= 0x80; + + /* Set all indices to 0. */ + XMEMSET(sig + sigLen - 4, 0, 4); + ExpectIntEQ(wc_dilithium_verify_msg(sig, sigLen, msg, 32, &res, key), + WC_NO_ERR_TRACE(SIG_VERIFY_E)); + ExpectIntEQ(res, 0); + } +#endif + + wc_dilithium_free(key); + wc_FreeRng(&rng); + + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(importKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +int test_wc_dilithium_sign_vfy(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + dilithium_key* key; + WC_RNG rng; + byte msg[64]; + byte* sig = NULL; + word32 sigLen; + byte ctx[10]; + int res; + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(sig); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + XMEMSET(&rng, 0, sizeof(WC_RNG)); + XMEMSET(msg, 0xAA, sizeof(msg)); + XMEMSET(ctx, 0x01, sizeof(ctx)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_init(key), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); + ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0); + + sigLen = DILITHIUM_MAX_SIG_SIZE; + ExpectIntEQ(wc_dilithium_sign_ctx_msg(ctx, sizeof(ctx), msg, sizeof(msg), + sig, &sigLen, key, &rng), 0); + ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sigLen, ctx, sizeof(ctx), msg, + sizeof(msg), &res, key), 0); + ExpectIntEQ(res, 1); + + sigLen = DILITHIUM_MAX_SIG_SIZE; + ExpectIntEQ(wc_dilithium_sign_ctx_hash(ctx, sizeof(ctx), + WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), sig, &sigLen, key, &rng), 0); + ExpectIntEQ(wc_dilithium_verify_ctx_hash(sig, sigLen, ctx, sizeof(ctx), + WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), &res, key), 0); + ExpectIntEQ(res, 1); + + wc_dilithium_free(key); +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + ExpectIntEQ(wc_dilithium_init(key), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); + ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0); + + sigLen = DILITHIUM_MAX_SIG_SIZE; + ExpectIntEQ(wc_dilithium_sign_ctx_msg(ctx, sizeof(ctx), msg, sizeof(msg), + sig, &sigLen, key, &rng), 0); + ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sigLen, ctx, sizeof(ctx), msg, + sizeof(msg), &res, key), 0); + ExpectIntEQ(res, 1); + + sigLen = DILITHIUM_MAX_SIG_SIZE; + ExpectIntEQ(wc_dilithium_sign_ctx_hash(ctx, sizeof(ctx), + WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), sig, &sigLen, key, &rng), 0); + ExpectIntEQ(wc_dilithium_verify_ctx_hash(sig, sigLen, ctx, sizeof(ctx), + WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), &res, key), 0); + ExpectIntEQ(res, 1); + + wc_dilithium_free(key); +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + ExpectIntEQ(wc_dilithium_init(key), 0); + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); + ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0); + + sigLen = DILITHIUM_MAX_SIG_SIZE; + ExpectIntEQ(wc_dilithium_sign_ctx_msg(ctx, sizeof(ctx), msg, sizeof(msg), + sig, &sigLen, key, &rng), 0); + ExpectIntEQ(wc_dilithium_verify_ctx_msg(sig, sigLen, ctx, sizeof(ctx), msg, + sizeof(msg), &res, key), 0); + ExpectIntEQ(res, 1); + + sigLen = DILITHIUM_MAX_SIG_SIZE; + ExpectIntEQ(wc_dilithium_sign_ctx_hash(ctx, sizeof(ctx), + WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), sig, &sigLen, key, &rng), 0); + ExpectIntEQ(wc_dilithium_verify_ctx_hash(sig, sigLen, ctx, sizeof(ctx), + WC_HASH_TYPE_SHA3_512, msg, sizeof(msg), &res, key), 0); + ExpectIntEQ(res, 1); + + wc_dilithium_free(key); +#endif + + wc_FreeRng(&rng); + XFREE(sig, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); + +#endif + return EXPECT_RESULT(); +} + +int test_wc_dilithium_check_key(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + defined(WOLFSSL_DILITHIUM_CHECK_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) + dilithium_key* checkKey; + WC_RNG rng; + byte* privCheckKey = NULL; + word32 privCheckKeyLen = DILITHIUM_MAX_KEY_SIZE; + byte* pubCheckKey = NULL; + word32 pubCheckKeyLen = DILITHIUM_MAX_PUB_KEY_SIZE; + + checkKey = (dilithium_key*)XMALLOC(sizeof(*checkKey), NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(checkKey); + privCheckKey = (byte*)XMALLOC(DILITHIUM_MAX_KEY_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(privCheckKey); + pubCheckKey = (byte*)XMALLOC(DILITHIUM_MAX_PUB_KEY_SIZE, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(pubCheckKey); + + if (checkKey != NULL) { + XMEMSET(checkKey, 0, sizeof(*checkKey)); + } + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + + ExpectIntEQ(wc_dilithium_check_key(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_dilithium_init(checkKey), 0); + + ExpectIntEQ(wc_dilithium_export_key(NULL, privCheckKey, + &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, + privCheckKeyLen, pubCheckKey, pubCheckKeyLen, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey, + &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, + privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(checkKey, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(checkKey, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(checkKey, WC_ML_DSA_87), 0); +#endif + ExpectIntEQ(wc_dilithium_make_key(checkKey, &rng), 0); + + ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_key(checkKey, NULL, NULL, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_key(NULL, privCheckKey, NULL, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, &privCheckKeyLen, NULL, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, pubCheckKey, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_key(NULL, NULL, NULL, NULL, + &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_key(NULL , privCheckKey, + &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_key(checkKey, NULL , + &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey, + NULL , pubCheckKey, &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey, + &privCheckKeyLen, NULL , &pubCheckKeyLen), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey, + &privCheckKeyLen, pubCheckKey, NULL ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_export_key(checkKey, privCheckKey, + &privCheckKeyLen, pubCheckKey, &pubCheckKeyLen), 0); + + /* Modify hash. */ + if ((pubCheckKey != NULL) && EXPECT_SUCCESS()) { + pubCheckKey[0] ^= 0x80; + ExpectIntEQ(wc_dilithium_import_key(NULL, 0, NULL, 0, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, 0, NULL, 0, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_key(NULL, 0, pubCheckKey, 0, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_key(NULL, 0, NULL, 0, checkKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_key(NULL , + privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, + 0 , pubCheckKey, pubCheckKeyLen, checkKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, + privCheckKeyLen, NULL , pubCheckKeyLen, checkKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, + privCheckKeyLen, pubCheckKey, 0 , checkKey), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, + privCheckKeyLen, pubCheckKey, pubCheckKeyLen, NULL ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, + privCheckKeyLen, pubCheckKey, pubCheckKeyLen, checkKey), 0); + ExpectIntEQ(wc_dilithium_check_key(checkKey), WC_NO_ERR_TRACE(PUBLIC_KEY_E)); + pubCheckKey[0] ^= 0x80; + + /* Modify encoded t1. */ + pubCheckKey[48] ^= 0x80; + ExpectIntEQ(wc_dilithium_import_key(privCheckKey, + privCheckKeyLen,pubCheckKey, pubCheckKeyLen, checkKey), 0); + ExpectIntEQ(wc_dilithium_check_key(checkKey), WC_NO_ERR_TRACE(PUBLIC_KEY_E)); + pubCheckKey[48] ^= 0x80; + } + + wc_dilithium_free(checkKey); + wc_FreeRng(&rng); + + XFREE(pubCheckKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(privCheckKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(checkKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) +static const unsigned char ml_dsa_public_der[] = { +#ifndef WOLFSSL_NO_ML_DSA_44 + 0x30, 0x82, 0x05, 0x32, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, + 0x11, 0x03, 0x82, 0x05, 0x21, 0x00, + 0xBC, 0x5F, 0xF8, 0x10, 0xEB, 0x08, 0x90, 0x48, + 0xB8, 0xAB, 0x30, 0x20, 0xA7, 0xBD, 0x3B, 0x16, + 0xC0, 0xE0, 0xCA, 0x3D, 0x6B, 0x97, 0xE4, 0x64, + 0x6C, 0x2C, 0xCA, 0xE0, 0xBB, 0xF1, 0x9E, 0xF7, + 0x23, 0x0A, 0x19, 0xD7, 0x5A, 0xDB, 0xDE, 0xD5, + 0x2D, 0xB8, 0x55, 0xE2, 0x52, 0xA7, 0x19, 0xFC, + 0xBD, 0x14, 0x7B, 0xA6, 0x7B, 0x2F, 0xAD, 0x14, + 0xED, 0x0E, 0x68, 0xFD, 0xFE, 0x8C, 0x65, 0xBA, + 0xDE, 0xAC, 0xB0, 0x91, 0x11, 0x93, 0xAD, 0xFA, + 0x87, 0x94, 0xD7, 0x8F, 0x8E, 0x3D, 0x66, 0x2A, + 0x1C, 0x49, 0xDA, 0x81, 0x9F, 0xD9, 0x59, 0xE7, + 0xF0, 0x78, 0xF2, 0x03, 0xC4, 0x56, 0xF8, 0xB6, + 0xE7, 0xC9, 0x41, 0x58, 0x98, 0xE5, 0x41, 0xC7, + 0x30, 0x32, 0xDB, 0xD6, 0x19, 0xEA, 0xF6, 0x0F, + 0x8D, 0x64, 0xF8, 0x68, 0x3D, 0xA9, 0x9E, 0xCA, + 0x51, 0x22, 0x0B, 0x0A, 0xCA, 0x28, 0x46, 0x40, + 0x99, 0xF5, 0x47, 0xC0, 0x27, 0x77, 0xBD, 0x37, + 0xD8, 0x4A, 0x59, 0xBD, 0x37, 0xED, 0x7A, 0x8A, + 0x92, 0x63, 0x3C, 0x75, 0xD0, 0x7C, 0x79, 0x3F, + 0xE7, 0x25, 0x2B, 0x58, 0x4A, 0xBF, 0x6A, 0x15, + 0xEE, 0x14, 0x50, 0x7E, 0x5E, 0x19, 0x3F, 0x89, + 0x86, 0x4D, 0x09, 0xAC, 0x87, 0x27, 0xA6, 0xD0, + 0x42, 0x1F, 0x0C, 0x19, 0xF0, 0xE2, 0xFB, 0xFC, + 0x21, 0x3D, 0x3F, 0xBD, 0x70, 0xF4, 0xF9, 0x76, + 0x2C, 0xEC, 0xFF, 0x23, 0x1E, 0x9C, 0x8A, 0x76, + 0x28, 0xD3, 0xF8, 0xB0, 0x85, 0x7B, 0x03, 0x2D, + 0x32, 0xDE, 0x62, 0xFF, 0x8E, 0xCB, 0xF4, 0x00, + 0x82, 0x89, 0xBF, 0x34, 0x40, 0x36, 0x65, 0xF8, + 0x1A, 0x08, 0x1A, 0xD5, 0xA8, 0x5A, 0x28, 0x2F, + 0x99, 0xBA, 0xB9, 0xE5, 0x38, 0x5A, 0xFB, 0xCC, + 0xCF, 0x44, 0xB7, 0x4C, 0x01, 0x96, 0xC7, 0x54, + 0x55, 0x27, 0xEC, 0x30, 0x26, 0xDA, 0x12, 0x80, + 0xC4, 0xEB, 0x37, 0xD0, 0x9C, 0xFE, 0x3E, 0xC4, + 0xB4, 0x91, 0x0B, 0x62, 0xEB, 0x98, 0x15, 0xA4, + 0x25, 0xC6, 0x59, 0x0F, 0xC4, 0xAD, 0x3F, 0xBB, + 0x22, 0x57, 0x52, 0xCC, 0x1F, 0xC5, 0x69, 0x3F, + 0x18, 0x7E, 0x7D, 0xEC, 0x4E, 0xEF, 0xBE, 0xB6, + 0xB9, 0x1B, 0xD9, 0x1C, 0x5E, 0x2E, 0xA6, 0xA9, + 0x1D, 0x14, 0xD0, 0x97, 0xBE, 0x20, 0x3F, 0xBA, + 0x0B, 0xF9, 0x37, 0xC9, 0x75, 0x07, 0xDC, 0x00, + 0x7C, 0x4C, 0xAA, 0x9B, 0x07, 0x85, 0x89, 0x29, + 0x66, 0xFF, 0x15, 0x90, 0x09, 0x24, 0xE5, 0x79, + 0xD4, 0xFB, 0xA0, 0x2B, 0xDA, 0x87, 0x55, 0x5F, + 0x07, 0x3D, 0xAE, 0x00, 0x51, 0x3E, 0x70, 0x80, + 0x9A, 0xBB, 0xC7, 0x11, 0xFB, 0xA2, 0xE7, 0x64, + 0x95, 0x77, 0xC4, 0x2A, 0xFD, 0xC2, 0x4B, 0xF7, + 0x41, 0x3E, 0x51, 0x26, 0x8A, 0xD6, 0xDB, 0x61, + 0x13, 0xB7, 0xD9, 0x19, 0x1A, 0xF9, 0xD0, 0x61, + 0xDB, 0xDE, 0xD5, 0xD6, 0x30, 0x87, 0x76, 0x50, + 0xC1, 0x24, 0xF1, 0x1B, 0xC4, 0xBD, 0xC3, 0xFD, + 0xC6, 0xA9, 0x00, 0xF6, 0x31, 0x26, 0xF9, 0x21, + 0xE8, 0x38, 0xAD, 0x0C, 0x22, 0x75, 0xA3, 0x38, + 0x9A, 0x39, 0xBD, 0x99, 0xA1, 0x34, 0x50, 0x45, + 0x50, 0x10, 0x1C, 0xD3, 0xE9, 0x5E, 0x6D, 0x14, + 0x96, 0xBE, 0x7D, 0xE6, 0x62, 0x7D, 0xF4, 0xFD, + 0x6C, 0x28, 0xBB, 0xF4, 0x0B, 0x30, 0xEF, 0xA9, + 0xB5, 0xC3, 0xD5, 0xC8, 0x5A, 0xB1, 0x4A, 0x65, + 0xC0, 0x2D, 0x6D, 0x47, 0x81, 0xFF, 0x13, 0xD3, + 0x28, 0x60, 0x85, 0x54, 0xB6, 0xD1, 0x5E, 0xD9, + 0x12, 0x89, 0xA6, 0xD5, 0x5A, 0xAC, 0x0C, 0x38, + 0xE3, 0x77, 0x06, 0xF7, 0x35, 0x5E, 0x9A, 0x4F, + 0xDA, 0x61, 0x5B, 0x87, 0x59, 0x26, 0xBF, 0xE5, + 0xA5, 0x9D, 0x9E, 0xF2, 0x73, 0xBF, 0x94, 0xA0, + 0x7C, 0xFA, 0x57, 0x31, 0x78, 0xF0, 0xE0, 0x04, + 0xB6, 0xE1, 0xEF, 0x0A, 0x83, 0x49, 0xE9, 0xBC, + 0xC0, 0x19, 0x81, 0xF2, 0x46, 0x0F, 0x0A, 0x27, + 0x43, 0xC2, 0x8D, 0x1E, 0x13, 0x8F, 0xFB, 0x76, + 0x5E, 0x7E, 0x33, 0x97, 0xB7, 0x91, 0x33, 0x35, + 0xD4, 0x02, 0xFE, 0x91, 0x80, 0x6A, 0xA8, 0xFC, + 0x81, 0x92, 0x53, 0xAF, 0x32, 0x69, 0x2F, 0xA6, + 0x51, 0xE8, 0x67, 0xF5, 0x90, 0x7E, 0xF4, 0x6F, + 0x00, 0x62, 0x5A, 0x03, 0x0E, 0xC9, 0x04, 0xED, + 0xAB, 0x21, 0x42, 0x6D, 0x59, 0x11, 0x9D, 0x2C, + 0xAA, 0x43, 0xBD, 0x93, 0x5D, 0xEC, 0x0A, 0x55, + 0x0C, 0x61, 0xEE, 0x4B, 0x27, 0x9C, 0x1C, 0xA3, + 0xA7, 0x9C, 0x79, 0xA6, 0x6E, 0x3F, 0x2D, 0x2F, + 0xAD, 0xB0, 0x0F, 0x59, 0xA3, 0xA4, 0x38, 0xAA, + 0x44, 0x57, 0x01, 0x06, 0x07, 0x30, 0x17, 0xFA, + 0x1C, 0x87, 0x57, 0x50, 0x01, 0x09, 0x72, 0x0D, + 0x12, 0x5B, 0xBA, 0x23, 0x1A, 0x0C, 0x36, 0x35, + 0x0C, 0x78, 0x08, 0x6D, 0xFD, 0xC8, 0xD6, 0x13, + 0xAE, 0xCA, 0x88, 0xC4, 0xCC, 0xAE, 0xB4, 0xA4, + 0x4D, 0x13, 0xAD, 0xB3, 0xC7, 0x17, 0xD6, 0x5C, + 0x82, 0xA3, 0x51, 0xB9, 0xB6, 0xEA, 0xBF, 0x6A, + 0x10, 0xF4, 0xB4, 0xE9, 0x62, 0x3E, 0x3A, 0x95, + 0xB4, 0xD4, 0x0A, 0x12, 0xA8, 0x18, 0xAC, 0x6B, + 0x38, 0x22, 0xDB, 0x82, 0xFB, 0x05, 0xDC, 0x42, + 0x02, 0x64, 0x8B, 0x44, 0x54, 0x68, 0x9A, 0xEB, + 0x69, 0xEA, 0x32, 0x5F, 0x03, 0xE3, 0x5D, 0xEF, + 0xA5, 0x47, 0x08, 0x48, 0x14, 0x20, 0xC6, 0xD6, + 0x97, 0xBB, 0x91, 0x2F, 0xCA, 0x0D, 0x3F, 0x19, + 0x2E, 0xF2, 0x97, 0xDF, 0xE7, 0x7F, 0xF3, 0x6B, + 0x21, 0x03, 0xF1, 0xAD, 0x1A, 0xEE, 0xCE, 0xD1, + 0xC8, 0x14, 0xC2, 0xCD, 0x7E, 0xF1, 0x6B, 0xCE, + 0x47, 0x6A, 0xD0, 0x4F, 0x94, 0x1A, 0xFC, 0x79, + 0xE3, 0x29, 0x54, 0x74, 0xA4, 0x10, 0x62, 0x51, + 0x8C, 0x00, 0x37, 0x86, 0x09, 0x34, 0xF0, 0xE5, + 0xE6, 0x52, 0xF7, 0x27, 0x49, 0xA6, 0x98, 0x63, + 0x2A, 0x09, 0x91, 0xF6, 0x13, 0xF5, 0xCB, 0x96, + 0xCA, 0x11, 0x78, 0xF9, 0x74, 0xF2, 0xC4, 0xAA, + 0x0C, 0xE6, 0x3D, 0xC2, 0x4E, 0x36, 0x4C, 0x92, + 0xA6, 0x43, 0xB9, 0x0A, 0x5F, 0x85, 0xA6, 0x2F, + 0xD4, 0xD8, 0xD2, 0xB1, 0x93, 0xD2, 0x9B, 0x18, + 0xBE, 0xDE, 0x26, 0x53, 0xFC, 0x5D, 0x3F, 0x24, + 0xF5, 0xB2, 0xC0, 0x18, 0xDB, 0xBC, 0xB6, 0xEF, + 0x00, 0xF3, 0x05, 0xBF, 0x93, 0x66, 0x6B, 0xD4, + 0x7F, 0xEA, 0x91, 0x93, 0xBC, 0x23, 0x3D, 0xB3, + 0x91, 0x21, 0x44, 0x2E, 0x93, 0x8D, 0xA5, 0xDD, + 0x07, 0xEE, 0x6E, 0x87, 0x9C, 0x5B, 0x9D, 0xFF, + 0x41, 0xEC, 0xEE, 0x5E, 0x05, 0x89, 0xAE, 0x61, + 0x75, 0xFF, 0x5E, 0xC6, 0xF6, 0xD2, 0x62, 0x9F, + 0x56, 0xB1, 0x8B, 0x4D, 0xE6, 0x6F, 0xCB, 0x13, + 0xDF, 0x04, 0x00, 0xA7, 0x97, 0xC9, 0x22, 0x70, + 0xF6, 0x9B, 0xDE, 0xBD, 0xDC, 0xB8, 0x8C, 0x42, + 0x48, 0x91, 0x9B, 0x56, 0xCD, 0xA7, 0x0B, 0x8A, + 0xC4, 0xF9, 0x42, 0x9C, 0x29, 0x2D, 0xA9, 0x4D, + 0x64, 0x78, 0x28, 0x07, 0x64, 0xFE, 0x23, 0x86, + 0xFC, 0x38, 0xCB, 0x09, 0x31, 0x45, 0x88, 0x39, + 0xEF, 0x4E, 0x7D, 0xE8, 0xF0, 0x68, 0x9D, 0x99, + 0x80, 0x59, 0x88, 0xC7, 0xF9, 0x61, 0x11, 0x85, + 0x2C, 0x89, 0x29, 0xE5, 0xA5, 0x40, 0xD3, 0xB7, + 0x8D, 0x71, 0x2D, 0xEC, 0xC3, 0x96, 0xFE, 0xF3, + 0xEC, 0x34, 0x40, 0x21, 0x84, 0xE4, 0xFD, 0x29, + 0xF3, 0x63, 0xEA, 0x80, 0xF6, 0xFC, 0x50, 0xBA, + 0x9A, 0x11, 0x35, 0x1A, 0xCE, 0xEA, 0x8F, 0xE6, + 0x8D, 0x54, 0x1E, 0x1A, 0xA5, 0x84, 0x8D, 0x9F, + 0x6E, 0x61, 0xDF, 0xB6, 0x2B, 0x2F, 0x23, 0xBC, + 0x50, 0x81, 0xE8, 0x2F, 0x76, 0x22, 0x6E, 0x03, + 0x28, 0x49, 0x82, 0xEC, 0x48, 0x48, 0x12, 0x09, + 0xB1, 0xA7, 0xD4, 0xC8, 0x79, 0x7E, 0x44, 0xBF, + 0xA8, 0x70, 0xB2, 0x20, 0x04, 0xDB, 0x74, 0xBD, + 0x7D, 0x47, 0x8D, 0x5B, 0x36, 0x14, 0xD2, 0xB1, + 0xDA, 0x75, 0x02, 0xB3, 0x98, 0xEB, 0x9D, 0xA8, + 0x0D, 0x06, 0x46, 0x1E, 0x90, 0xE0, 0x30, 0x60, + 0x44, 0x6A, 0xB4, 0xA8, 0x23, 0x84, 0x32, 0xBF, + 0xAF, 0x75, 0x2F, 0x39, 0x17, 0x91, 0x21, 0x4F, + 0x1E, 0x6B, 0x63, 0x59, 0x0D, 0x53, 0x60, 0x60, + 0xD1, 0xC2, 0x45, 0x30, 0x7B, 0xC5, 0xC1, 0xBA, + 0xC4, 0xAA, 0xA0, 0x99, 0xD3, 0x6B, 0xB6, 0xDC, + 0xBC, 0x97, 0x3C, 0xF2, 0xE6, 0x9F, 0x27, 0x34, + 0xD0, 0xF2, 0x9A, 0xEE, 0xC4, 0x56, 0x7B, 0x99, + 0xA1, 0x6B, 0xC1, 0x7C, 0x6C, 0xDD, 0xAC, 0xEF, + 0xE4, 0x99, 0x27, 0xFB, 0x14, 0xE7, 0xD9, 0x8D, + 0xD4, 0x26, 0x35, 0x19, 0x46, 0x9C, 0xCA, 0x3D, + 0xB4, 0x67, 0x9A, 0x68, 0xCE, 0xED, 0xA9, 0x55, + 0x59, 0x22, 0x10, 0xFC, 0x49, 0xAA, 0x5F, 0xBE, + 0x93, 0x4C, 0xC7, 0x3D, 0x84, 0xE4, 0xBA, 0x54, + 0x78, 0x00, 0x2D, 0x68, 0x90, 0x98, 0x90, 0x68, + 0xEF, 0x8F, 0xC9, 0x8C, 0x25, 0x32, 0xB8, 0x3B, + 0xF3, 0xCB, 0x9E, 0xF0, 0x28, 0x93, 0xC2, 0x15, + 0x24, 0x26, 0xB9, 0xD1, 0xA9, 0x47, 0x34, 0xDF, + 0xB4, 0xF9, 0x11, 0x35, 0x14, 0x3C, 0x9E, 0xED, + 0x18, 0xFD, 0x51, 0xAE, 0x87, 0x5D, 0x07, 0xA2, + 0x37, 0x75, 0x60, 0x6A, 0x73, 0x4F, 0xBA, 0x98, + 0xC0, 0x63, 0xB4, 0xA1, 0x62, 0x2E, 0x7F, 0xF2, + 0x1A, 0xA7, 0xE6, 0x52, 0xA3, 0xD6, 0xC1, 0x9F, + 0xE0, 0xDC, 0x67, 0x61, 0xB7, 0xD3, 0x53, 0x02, + 0xBF, 0x21, 0x4D, 0x30, 0x79, 0xF7, 0x60, 0x51, + 0x08, 0x2A, 0x87, 0x59, 0x29, 0x92, 0x0D, 0xC3, + 0xB3, 0xCB, 0x43, 0x21, 0x1A, 0x23, 0xA4, 0x3A, + 0x50, 0x33, 0x2F, 0xAF, 0x1A, 0xC2, 0x19, 0x1E, + 0x71, 0x71, 0x25, 0xF6, 0x3E, 0x25, 0x86, 0xC4, + 0xD8, 0x6D, 0xCA, 0x6B, 0xCD, 0x3D, 0x03, 0x8F, + 0x9D, 0x3A, 0x7B, 0x66, 0xCB, 0xC7, 0xDF, 0x34 +#elif !defined(WOLFSSL_NO_ML_DSA_65) + 0x30, 0x82, 0x07, 0xb2, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, + 0x12, 0x03, 0x82, 0x07, 0xa1, 0x00, + 0xD2, 0xFD, 0x03, 0xF3, 0xA1, 0xB7, 0xF6, 0x35, + 0xAF, 0x9F, 0x34, 0xD5, 0x80, 0xA9, 0x8F, 0x52, + 0x4C, 0x73, 0x5B, 0xD5, 0xBA, 0x23, 0x55, 0xDC, + 0x6E, 0x03, 0x5B, 0xD2, 0x17, 0x65, 0x58, 0x0C, + 0xBB, 0x11, 0x19, 0x23, 0xF1, 0x94, 0xA7, 0xCC, + 0x8A, 0x7B, 0xB2, 0xEB, 0xC5, 0xC0, 0xE7, 0x1A, + 0xA6, 0x37, 0xCC, 0x80, 0x0E, 0x61, 0x03, 0xB8, + 0x50, 0xA5, 0x39, 0xB2, 0xA3, 0x9E, 0x1B, 0x6D, + 0x71, 0x3E, 0x5D, 0xB8, 0x31, 0x4C, 0x9A, 0xE1, + 0xF8, 0xBF, 0x8A, 0x38, 0xF0, 0x6A, 0xFB, 0x9D, + 0x73, 0xB1, 0x61, 0xB0, 0xFF, 0xE3, 0xA4, 0x89, + 0x17, 0x06, 0xAE, 0x26, 0xD5, 0x4F, 0xFB, 0x49, + 0x6D, 0xF8, 0xDC, 0x0F, 0x19, 0x83, 0x50, 0x95, + 0x00, 0xC9, 0xAB, 0xBD, 0x28, 0xE5, 0x9B, 0x3F, + 0xCD, 0xAB, 0xBD, 0xAD, 0xAB, 0xD4, 0x5E, 0xC3, + 0x14, 0x99, 0x37, 0x8B, 0xDE, 0x84, 0x9E, 0x7C, + 0x1F, 0x19, 0xB7, 0x04, 0x4D, 0x67, 0xE0, 0x51, + 0x06, 0xD7, 0x13, 0x6D, 0x95, 0x38, 0x0D, 0x56, + 0x05, 0xD4, 0x46, 0x5D, 0x87, 0x75, 0x57, 0x06, + 0x5D, 0xF0, 0xA7, 0x5D, 0x3C, 0x28, 0x54, 0x2F, + 0x40, 0xFE, 0xED, 0x42, 0xEC, 0x7E, 0x28, 0x06, + 0x37, 0xB0, 0x83, 0xD9, 0x88, 0xBC, 0xA5, 0xF6, + 0x39, 0x4E, 0x02, 0x39, 0x6C, 0x46, 0x76, 0x18, + 0x4F, 0xB6, 0x33, 0x18, 0xDA, 0xFA, 0xF5, 0xBB, + 0xDD, 0xE0, 0x0E, 0x30, 0x8F, 0xE8, 0x40, 0x19, + 0xC2, 0x34, 0x0A, 0x3F, 0x3E, 0x1C, 0x08, 0x65, + 0x62, 0x49, 0x70, 0x71, 0x12, 0x83, 0x35, 0x6A, + 0xE1, 0x4B, 0xD6, 0xB9, 0x4D, 0x1C, 0x9A, 0xE1, + 0x88, 0xDE, 0x1A, 0x8A, 0x2C, 0xA8, 0x24, 0xA8, + 0xEA, 0xE2, 0xFE, 0x6A, 0xFB, 0x38, 0xD8, 0x3A, + 0x2D, 0x99, 0x99, 0x6A, 0xB2, 0x1F, 0xE3, 0xE8, + 0x4C, 0x0B, 0xE6, 0xB6, 0xDA, 0x08, 0x87, 0x9B, + 0x67, 0x73, 0x74, 0xFA, 0x7C, 0x69, 0x1B, 0x13, + 0xD4, 0x0F, 0xA9, 0xD4, 0xCC, 0x26, 0xB2, 0x28, + 0x8D, 0x5A, 0x8C, 0x9A, 0x43, 0x72, 0x43, 0x81, + 0x00, 0x4D, 0x61, 0xB0, 0xD5, 0x7F, 0xF4, 0x00, + 0x31, 0x4C, 0x8E, 0x30, 0xEE, 0x79, 0x6A, 0xF1, + 0x0F, 0x7E, 0xE2, 0x1B, 0xF1, 0x3D, 0x08, 0x18, + 0x04, 0x65, 0xAB, 0xC7, 0x2E, 0xDD, 0xB0, 0x80, + 0xC6, 0xA0, 0x71, 0x84, 0xE3, 0xEE, 0xDC, 0x47, + 0xC1, 0x9A, 0xA7, 0xF0, 0x9D, 0x1F, 0x33, 0x09, + 0xE1, 0x83, 0xA2, 0xBD, 0x9B, 0x05, 0x73, 0xDD, + 0xE4, 0x74, 0xA8, 0x1B, 0xA4, 0xF7, 0x8D, 0x0C, + 0x52, 0x3D, 0x0C, 0x04, 0xF9, 0x00, 0x60, 0xFD, + 0x57, 0x1A, 0x35, 0xC0, 0x37, 0xE0, 0x79, 0xC5, + 0xE2, 0x10, 0xD7, 0x39, 0x0D, 0xF5, 0x68, 0xF2, + 0xE2, 0xF0, 0x3C, 0xE4, 0x44, 0x20, 0xC8, 0x2F, + 0x3F, 0xE6, 0x9E, 0xB9, 0xB4, 0x8E, 0xE9, 0x09, + 0x62, 0xD6, 0xB0, 0xF2, 0x44, 0x40, 0x64, 0x8F, + 0x71, 0xED, 0xB2, 0x41, 0xEE, 0x65, 0x66, 0xFC, + 0x1A, 0x64, 0xCA, 0xBF, 0x66, 0xBE, 0x6F, 0xEC, + 0xBC, 0xB1, 0x38, 0x7C, 0x82, 0xA7, 0xBC, 0x20, + 0x2D, 0x9E, 0x36, 0x79, 0x98, 0xE2, 0xA2, 0x91, + 0xAF, 0x0C, 0xD1, 0x57, 0x06, 0x77, 0xFE, 0x8D, + 0x63, 0xA3, 0x28, 0x5A, 0x2E, 0xA6, 0xEB, 0x29, + 0xAF, 0x9D, 0xC1, 0xAE, 0xC1, 0xC3, 0x6C, 0x47, + 0x06, 0xB1, 0x2B, 0xAA, 0x20, 0x83, 0x96, 0x92, + 0xF2, 0x86, 0xA6, 0xE0, 0x32, 0x14, 0x68, 0xF7, + 0x47, 0x93, 0x45, 0xC4, 0xD5, 0x2F, 0xBD, 0xB2, + 0xF0, 0x67, 0x25, 0xB5, 0x54, 0xB8, 0x9E, 0x24, + 0x92, 0x61, 0x26, 0x81, 0xAC, 0xEB, 0xC6, 0xC7, + 0xBA, 0xDA, 0x92, 0x25, 0x81, 0x8D, 0xBC, 0x35, + 0xD6, 0x4C, 0x22, 0xC4, 0x8B, 0xFF, 0x80, 0xA7, + 0x30, 0xD0, 0x71, 0x6D, 0xFA, 0xC9, 0x9D, 0xFD, + 0x5B, 0x89, 0x92, 0x61, 0x1D, 0x0C, 0x93, 0xEE, + 0x90, 0xBD, 0xB2, 0x60, 0x02, 0x2A, 0xFE, 0x25, + 0xD9, 0x13, 0xE0, 0x6E, 0xFF, 0xB5, 0x9C, 0xB1, + 0xF8, 0xA6, 0x0C, 0xBF, 0xA5, 0xAB, 0x2F, 0x45, + 0x9A, 0x16, 0xF4, 0x67, 0xE9, 0x89, 0x52, 0x5E, + 0x0A, 0x37, 0xEB, 0xE5, 0x6E, 0x83, 0x3F, 0xDE, + 0x55, 0xDB, 0x9D, 0x15, 0x30, 0xAD, 0xCF, 0x45, + 0x84, 0x6D, 0xF2, 0x81, 0xE4, 0x7C, 0xAA, 0x1E, + 0x0A, 0x27, 0xEF, 0xDE, 0x21, 0x07, 0xD3, 0x54, + 0xCE, 0xA0, 0xF6, 0xA4, 0x54, 0x69, 0x2F, 0x04, + 0xCD, 0x83, 0x8E, 0xBD, 0xD4, 0x6E, 0x19, 0x1E, + 0x5D, 0x9C, 0x11, 0x83, 0x9A, 0x2C, 0x3F, 0x48, + 0x8A, 0x4F, 0xC7, 0xCD, 0x26, 0x5A, 0x7B, 0x5D, + 0x32, 0xB0, 0x8C, 0xBD, 0xBF, 0xAB, 0x9D, 0x2C, + 0xCD, 0x76, 0x22, 0x2C, 0x8E, 0xE3, 0x7D, 0xDC, + 0xBD, 0x2A, 0xA0, 0x63, 0xED, 0x86, 0x14, 0x73, + 0xA6, 0x45, 0x4C, 0xAE, 0xA3, 0x77, 0x85, 0x0B, + 0x1A, 0x2B, 0x9D, 0xDB, 0xBC, 0xB3, 0x74, 0xFA, + 0xB5, 0xB1, 0x2F, 0x35, 0x1C, 0x8E, 0x58, 0x88, + 0x87, 0x2E, 0x5C, 0xD1, 0xF6, 0x0A, 0x4F, 0xAE, + 0x1F, 0xF8, 0x37, 0xD1, 0x92, 0xC2, 0x2B, 0xEB, + 0x41, 0xEE, 0x6F, 0xA3, 0x92, 0xFC, 0xDF, 0x45, + 0x50, 0xFF, 0x46, 0xB5, 0xCE, 0x90, 0x6D, 0x01, + 0x7E, 0xF3, 0x07, 0x7D, 0xF1, 0x32, 0x30, 0x0D, + 0x8B, 0xBF, 0xA9, 0xBB, 0x03, 0xC7, 0x5E, 0x79, + 0xE2, 0xF0, 0x4C, 0x28, 0x4A, 0xD0, 0x6A, 0x44, + 0x39, 0x96, 0x49, 0xC3, 0xE2, 0xA2, 0xA8, 0xD1, + 0xEF, 0xE9, 0xB7, 0xA4, 0xE0, 0xC2, 0x71, 0x04, + 0x7A, 0xB7, 0x59, 0x08, 0xBF, 0xF7, 0xDF, 0x9E, + 0x30, 0xEC, 0xA5, 0x47, 0x74, 0x5B, 0xAE, 0x23, + 0xA8, 0x6F, 0xF9, 0xA8, 0xB5, 0x8C, 0x25, 0x38, + 0xB8, 0x8B, 0x86, 0x64, 0x01, 0x07, 0x69, 0x02, + 0xDC, 0x5F, 0x0B, 0xD7, 0x61, 0x68, 0x7B, 0x49, + 0xEA, 0xFE, 0x36, 0xD3, 0x50, 0xCB, 0xED, 0xFD, + 0xD3, 0x6C, 0x12, 0x1C, 0xF2, 0x37, 0x86, 0xBF, + 0xCF, 0x7E, 0x47, 0x07, 0x64, 0x96, 0xEA, 0xB6, + 0xBB, 0xDA, 0x77, 0x40, 0x49, 0xC2, 0xEB, 0xAB, + 0xE2, 0xDE, 0x99, 0xC4, 0xC2, 0x4F, 0x2D, 0xB7, + 0x36, 0x84, 0x01, 0x5B, 0x37, 0x39, 0x77, 0x49, + 0x67, 0x60, 0xCF, 0x9A, 0xC2, 0x3D, 0x8B, 0x62, + 0x31, 0x33, 0xDB, 0x2D, 0xE1, 0x0D, 0x73, 0xFA, + 0x6A, 0xD1, 0xC6, 0xDA, 0xC8, 0x43, 0x4F, 0x28, + 0xC6, 0xE2, 0x51, 0xCE, 0x72, 0x93, 0xCF, 0xF3, + 0xF3, 0xB6, 0x1E, 0xFC, 0xB5, 0xA4, 0x35, 0x12, + 0x36, 0x70, 0xF2, 0x98, 0x46, 0xA1, 0x3D, 0xF3, + 0xEE, 0x71, 0x26, 0x04, 0x46, 0x1F, 0x1B, 0xAB, + 0x8F, 0x4E, 0xBC, 0x83, 0x6D, 0xE0, 0x58, 0x97, + 0x8A, 0xE7, 0x34, 0x39, 0x6A, 0x98, 0x08, 0x1B, + 0x35, 0xCC, 0x98, 0x18, 0x8A, 0x86, 0x94, 0x9C, + 0x99, 0x27, 0x0D, 0x47, 0x09, 0x85, 0x4C, 0x5B, + 0x35, 0xB1, 0x7F, 0x48, 0xA3, 0x73, 0x13, 0x4C, + 0x81, 0x4C, 0xC8, 0xA0, 0xF3, 0xE2, 0xFA, 0x80, + 0x7F, 0x2A, 0x91, 0x85, 0x30, 0x90, 0x78, 0x64, + 0x77, 0x82, 0x82, 0xD7, 0x5E, 0x03, 0xA4, 0x1B, + 0x25, 0x04, 0xEE, 0xD8, 0x16, 0xA4, 0x17, 0xA3, + 0xAC, 0x6B, 0xA1, 0x60, 0x80, 0xC3, 0x9B, 0x73, + 0x10, 0x19, 0x20, 0x02, 0xA7, 0x28, 0xF7, 0xF2, + 0x03, 0x95, 0x00, 0x9A, 0x9E, 0x16, 0x76, 0x7C, + 0xE1, 0x97, 0x1F, 0x5D, 0xE7, 0xD2, 0x29, 0xA5, + 0x06, 0x13, 0x36, 0x9E, 0x43, 0x82, 0x04, 0x5A, + 0x8E, 0x81, 0x90, 0x1F, 0x4D, 0xBA, 0x81, 0x02, + 0xF3, 0xD4, 0x13, 0xFE, 0x35, 0xB3, 0x26, 0xA8, + 0x74, 0xF2, 0x33, 0xB7, 0x19, 0xA7, 0x13, 0x76, + 0x00, 0xD3, 0x5D, 0x33, 0xAE, 0xB6, 0xB7, 0x25, + 0x96, 0x24, 0x08, 0x3A, 0xA9, 0x68, 0x73, 0x0C, + 0x8F, 0x78, 0x29, 0x2A, 0xD2, 0x8F, 0x14, 0xEE, + 0xAB, 0xE6, 0x60, 0x83, 0x59, 0x84, 0xFE, 0x69, + 0xEF, 0x23, 0xDE, 0xC8, 0xC3, 0x27, 0xC0, 0xEB, + 0x0B, 0x88, 0x2D, 0x58, 0x7E, 0x1E, 0xC4, 0x33, + 0xDA, 0x85, 0xC9, 0xFD, 0x1E, 0x0A, 0x34, 0x99, + 0x4D, 0xEA, 0x24, 0x0C, 0x85, 0x44, 0x52, 0xD1, + 0x8C, 0x30, 0xF4, 0x96, 0xE4, 0x9E, 0xC9, 0x04, + 0xB6, 0x02, 0xE0, 0xF5, 0x06, 0x2E, 0xDC, 0xDA, + 0x03, 0x28, 0x0A, 0x53, 0xB4, 0x31, 0x35, 0x74, + 0xCC, 0x2C, 0x0D, 0x54, 0x71, 0xBC, 0x96, 0x13, + 0xBD, 0xFD, 0x66, 0x41, 0xF5, 0xBD, 0x12, 0x7B, + 0xAB, 0x5B, 0x5E, 0xB3, 0xD4, 0x99, 0xA3, 0x31, + 0x14, 0x04, 0x82, 0x20, 0xE8, 0x19, 0xF8, 0xEE, + 0x12, 0xCA, 0x92, 0x2C, 0x8F, 0x17, 0xD9, 0xC9, + 0xF5, 0x1A, 0xD5, 0xBD, 0x68, 0x83, 0xB1, 0x0E, + 0x6A, 0xA2, 0x48, 0x3B, 0xA4, 0x9D, 0xC5, 0x47, + 0xDA, 0x76, 0x86, 0x15, 0x13, 0x44, 0xF4, 0xE9, + 0x09, 0x9B, 0x38, 0xE4, 0x30, 0xB5, 0x22, 0x6B, + 0x05, 0x98, 0x32, 0xCF, 0x03, 0xDB, 0x48, 0xFB, + 0x02, 0xDB, 0xA4, 0xE6, 0x15, 0x93, 0xDC, 0x45, + 0x76, 0x36, 0x04, 0x91, 0x89, 0x0E, 0x53, 0xEC, + 0x0E, 0x6A, 0xC7, 0x3C, 0xF3, 0x2B, 0x25, 0xD8, + 0x23, 0xB3, 0x84, 0x56, 0xE2, 0x86, 0x50, 0x5A, + 0x54, 0x1E, 0x5A, 0xEE, 0xE9, 0x6B, 0x19, 0x14, + 0xF5, 0xF7, 0x66, 0x87, 0xCE, 0x2B, 0x01, 0x60, + 0x22, 0x7A, 0xBE, 0xD7, 0x79, 0x93, 0x59, 0x4B, + 0xCD, 0x83, 0x13, 0x66, 0x20, 0x6D, 0x75, 0x71, + 0x40, 0x82, 0xF1, 0xC4, 0x6F, 0x1F, 0x44, 0x39, + 0xAC, 0x81, 0xA5, 0x7A, 0xF3, 0x1C, 0x81, 0xC5, + 0x55, 0x30, 0x7A, 0x07, 0x0F, 0xFA, 0x94, 0xE0, + 0x47, 0x9B, 0x78, 0x4B, 0xBD, 0x88, 0xA6, 0x0C, + 0xD4, 0xC7, 0xCF, 0xD9, 0x4E, 0x6A, 0xFE, 0x02, + 0xF6, 0xB2, 0x1F, 0x72, 0xAF, 0x0D, 0xCD, 0x66, + 0x09, 0xD4, 0x0C, 0x96, 0x5C, 0x14, 0xE5, 0xF2, + 0x38, 0x91, 0x83, 0xE5, 0x3D, 0xE9, 0x30, 0xF7, + 0xDE, 0x1D, 0x44, 0x21, 0x5C, 0xF4, 0x91, 0x44, + 0x84, 0x4E, 0x8B, 0x87, 0xF7, 0x8A, 0x7F, 0x13, + 0x2A, 0xEF, 0xE2, 0x2B, 0xE8, 0x0B, 0x4E, 0x3A, + 0x05, 0xEE, 0x3A, 0x68, 0xCC, 0xF6, 0x09, 0xEF, + 0x44, 0x04, 0x74, 0x02, 0xE4, 0x49, 0x30, 0x46, + 0xE6, 0xF9, 0xC7, 0x67, 0xFF, 0x8A, 0x75, 0xE2, + 0x8B, 0x3C, 0xE0, 0x77, 0xFD, 0xE7, 0xE7, 0xEE, + 0xD3, 0x13, 0xB5, 0xBF, 0x7E, 0x46, 0x01, 0x27, + 0xCA, 0x81, 0x82, 0xE9, 0xBC, 0x79, 0x4C, 0x0D, + 0xFA, 0x73, 0x0F, 0xB9, 0x20, 0x08, 0x05, 0x75, + 0xA7, 0x51, 0xB5, 0xCA, 0xEC, 0x85, 0xA1, 0x09, + 0xB4, 0x42, 0x2B, 0xA2, 0x66, 0x74, 0x3F, 0x0D, + 0x03, 0x2B, 0xDA, 0x8F, 0x1C, 0xA6, 0x24, 0x8C, + 0xDB, 0x91, 0x75, 0x30, 0xDF, 0x13, 0x02, 0xA5, + 0xF8, 0xC1, 0x8D, 0xC6, 0x42, 0xD5, 0x24, 0x78, + 0xC9, 0x8C, 0x12, 0xA3, 0xF1, 0x6E, 0xF2, 0xB6, + 0x2B, 0x4F, 0x59, 0xEA, 0x1B, 0xB5, 0x8D, 0xE7, + 0xB6, 0x5B, 0x3C, 0x71, 0x53, 0xCE, 0x6D, 0xA5, + 0xE4, 0x95, 0x07, 0x46, 0xF8, 0x0E, 0x08, 0x7A, + 0x0E, 0x35, 0x86, 0xD0, 0x97, 0x79, 0x1B, 0xF3, + 0x6D, 0xEF, 0x86, 0x5D, 0x68, 0x59, 0x1D, 0x39, + 0xD0, 0x90, 0x37, 0x73, 0xEE, 0xA9, 0x62, 0x14, + 0x7F, 0x34, 0x70, 0x41, 0x38, 0xB5, 0x4D, 0xF7, + 0x92, 0x4C, 0xDD, 0x8C, 0x33, 0x3D, 0xB5, 0xE1, + 0xA4, 0x09, 0xCC, 0xB2, 0xB3, 0x4E, 0x2C, 0x3C, + 0x8C, 0x7F, 0xDD, 0x3F, 0xD8, 0xD0, 0x12, 0xCB, + 0xF3, 0x82, 0xAA, 0xA8, 0x5E, 0x83, 0xA1, 0x2F, + 0x23, 0x5A, 0x2D, 0x14, 0x7D, 0x03, 0x5B, 0x7B, + 0x28, 0xB3, 0x4B, 0x6F, 0x57, 0x94, 0x9F, 0x32, + 0x24, 0x82, 0xA7, 0xD4, 0xD3, 0xB1, 0x50, 0x45, + 0xC4, 0x20, 0xD5, 0xAD, 0xDC, 0x7F, 0x0E, 0x69, + 0xB4, 0xDC, 0x1C, 0xBA, 0x58, 0xB0, 0x1D, 0x87, + 0x24, 0x80, 0xB0, 0x6A, 0x26, 0x0D, 0x82, 0x7D, + 0x89, 0x1B, 0x13, 0xC4, 0xC5, 0xCA, 0x50, 0xC7, + 0x48, 0xDE, 0x3C, 0x77, 0x1B, 0xE6, 0x1E, 0x9A, + 0xA1, 0x70, 0x16, 0x5C, 0xB0, 0x1F, 0x4B, 0xF5, + 0xDA, 0x27, 0xA7, 0x79, 0x1D, 0x3A, 0xD3, 0xF6, + 0x26, 0x7B, 0x4C, 0xB4, 0xE6, 0x1B, 0x28, 0xFA, + 0x17, 0x08, 0x41, 0x8D, 0x93, 0x2D, 0xFC, 0x41, + 0x61, 0x88, 0x0C, 0x5D, 0x3B, 0x17, 0xA9, 0x66, + 0x3A, 0x90, 0x61, 0xFA, 0x8F, 0x18, 0x04, 0x31, + 0x58, 0x50, 0xFE, 0x4E, 0x73, 0x06, 0xC8, 0x82, + 0xB3, 0x82, 0x27, 0xE8, 0x67, 0xF8, 0x08, 0x72, + 0xCD, 0xC1, 0x94, 0x4D, 0x47, 0x26, 0x15, 0xEA, + 0x49, 0x00, 0xEF, 0x7D, 0x27, 0x0B, 0x88, 0x1D, + 0x41, 0x30, 0xF5, 0x6C, 0x5C, 0xC9, 0x80, 0xD9, + 0x2A, 0x47, 0xAD, 0xA6, 0x65, 0x7E, 0xB6, 0xF3, + 0x7A, 0x38, 0x5D, 0x2D, 0x8C, 0xC9, 0x93, 0xE1, + 0x44, 0x2E, 0xB0, 0x52, 0x81, 0x85, 0x36, 0x36, + 0x99, 0x1E, 0x34, 0xAA, 0xDC, 0x68, 0x95, 0x4D, + 0x04, 0xE7, 0xAD, 0xEF, 0x76, 0xBF, 0x88, 0x0F, + 0x05, 0x9B, 0x0C, 0xBB, 0x55, 0xD9, 0x15, 0xA4, + 0xB1, 0x23, 0xE2, 0xF1, 0x33, 0x9A, 0x07, 0x3C, + 0xBF, 0xBC, 0x40, 0x9B, 0xEF, 0xF6, 0x40, 0x0A, + 0xE0, 0x96, 0xD5, 0xAE, 0x18, 0xEC, 0x42, 0xCF, + 0xFA, 0xD5, 0xB4, 0x98, 0x0F, 0xA3, 0x5B, 0xF0, + 0x34, 0x13, 0xAD, 0xB5, 0xD7, 0xE6, 0x87, 0x6A, + 0xC3, 0x55, 0xD1, 0xC9, 0xED, 0x70, 0xCA, 0x2B, + 0x97, 0x39, 0x54, 0xD1, 0x2B, 0x3C, 0xDD, 0x76, + 0xAC, 0x68, 0x35, 0xDB, 0x96, 0x00, 0x3E, 0xD8, + 0xC4, 0xE2, 0x88, 0xB7, 0x1F, 0xD7, 0x7D, 0xBA, + 0xA7, 0x63, 0x57, 0x20, 0xE1, 0x2A, 0xE0, 0xA3, + 0x17, 0xDE, 0x80, 0x8C, 0x66, 0x4E, 0x31, 0x7F, + 0x55, 0x27, 0x57, 0x91, 0xF3, 0x24, 0x5C, 0xA4, + 0xFE, 0x5D, 0x4D, 0x41, 0x07, 0x7F, 0xC1, 0x50, + 0xA6, 0xE4, 0x03, 0xD5, 0xA2, 0x08, 0xE4, 0x6E, + 0xAD, 0xBE, 0x8F, 0x2C, 0xFB, 0x8A, 0xF4, 0x72, + 0xF4, 0xA0, 0xCE, 0xAC, 0x01, 0x52, 0x19, 0x47, + 0x8E, 0x6B, 0x86, 0xC9, 0x58, 0xCF, 0x86, 0x52, + 0x5B, 0x74, 0x85, 0xC1, 0x73, 0x4C, 0x7E, 0xF0, + 0x0E, 0x90, 0x68, 0x3F, 0xFF, 0x5D, 0xBD, 0x0A, + 0x7D, 0x41, 0x3A, 0x85, 0x50, 0x21, 0x02, 0x6A, + 0x1B, 0x32, 0x01, 0x3A, 0x46, 0x16, 0xCB, 0xCD, + 0x37, 0x00, 0xAC, 0xBC, 0x70, 0x5B, 0xE3, 0xEF, + 0xBA, 0x62, 0x5C, 0x69, 0xA0, 0x25, 0x26, 0x7B, + 0xCE, 0x9D, 0x13, 0x5E, 0x3F, 0x5B, 0x5C, 0xC8, + 0xC4, 0x39, 0x56, 0x40, 0x7E, 0x84, 0xB6, 0x66, + 0x31, 0x03, 0xE2, 0x9C, 0x24, 0x20, 0x35, 0x55, + 0x1A, 0xE7, 0x97, 0xF5, 0x6C, 0x63, 0x74, 0xBE, + 0x0C, 0x79, 0x8C, 0x0C, 0xF3, 0x98, 0xF1, 0xED +#else + 0x30, 0x82, 0x0a, 0x32, 0x30, 0x0d, 0x06, 0x09, + 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, + 0x13, 0x03, 0x82, 0x0a, 0x21, 0x00, + 0x69, 0x24, 0xBB, 0x42, 0x57, 0xA7, 0xB9, 0xAF, + 0xF0, 0x95, 0xC3, 0x0B, 0xB3, 0x5C, 0x6A, 0xE4, + 0x19, 0x82, 0x63, 0x12, 0x0F, 0x80, 0x39, 0xAA, + 0x4E, 0x78, 0xE1, 0x74, 0xA7, 0x86, 0xCE, 0x00, + 0x83, 0x01, 0xE6, 0x66, 0xF5, 0x9D, 0x3E, 0xC5, + 0x04, 0x4D, 0xE4, 0x56, 0x78, 0x8F, 0xDE, 0x19, + 0xEB, 0x39, 0x67, 0x7B, 0x5F, 0x9F, 0xE1, 0x41, + 0x50, 0xDA, 0x46, 0x3A, 0x70, 0x6F, 0x3B, 0xAF, + 0x71, 0x5B, 0x95, 0x33, 0x6B, 0x2D, 0x68, 0x5A, + 0x7C, 0xD7, 0x88, 0x07, 0x13, 0xE4, 0x58, 0x7B, + 0xF7, 0xD8, 0x57, 0xBF, 0x7E, 0x31, 0x56, 0x96, + 0xB8, 0xD0, 0xD9, 0xD4, 0x9E, 0x14, 0x29, 0x18, + 0xBF, 0x09, 0x74, 0xE7, 0xF4, 0x32, 0x37, 0xD4, + 0xBE, 0x3A, 0xD3, 0x94, 0x59, 0x9E, 0x3D, 0x39, + 0xBB, 0x76, 0x49, 0x93, 0x25, 0x53, 0x44, 0x7E, + 0x5D, 0x5A, 0xCC, 0x34, 0x99, 0x93, 0x01, 0x76, + 0xEC, 0xD3, 0xA8, 0x44, 0xA4, 0x25, 0xF5, 0x0D, + 0x05, 0x11, 0xC9, 0x22, 0x6C, 0x4B, 0x9A, 0x24, + 0xF2, 0xA0, 0x11, 0xCD, 0x88, 0xD3, 0x23, 0x08, + 0xE0, 0x31, 0x2A, 0x0C, 0x87, 0xCC, 0x34, 0xA9, + 0x95, 0x82, 0x3C, 0x65, 0xF4, 0xF0, 0xF9, 0x8E, + 0x50, 0xC3, 0x77, 0x88, 0xCE, 0x38, 0xDC, 0x28, + 0xFB, 0x8B, 0x9B, 0xFA, 0xAF, 0xA9, 0x04, 0xB5, + 0x41, 0xEE, 0x71, 0x2F, 0x6A, 0x04, 0x1E, 0x06, + 0x11, 0x37, 0x4F, 0x6B, 0xF1, 0x7E, 0xAC, 0x0B, + 0xD5, 0x6F, 0x3B, 0x6B, 0xF3, 0x36, 0xDA, 0x92, + 0x42, 0x07, 0x0C, 0x24, 0x69, 0xA2, 0x0C, 0x4D, + 0x16, 0x16, 0x14, 0x9A, 0x61, 0x59, 0x25, 0x20, + 0x11, 0xD2, 0x99, 0xF9, 0x3F, 0x98, 0x6D, 0x87, + 0x5D, 0xD3, 0x0B, 0x38, 0xA2, 0x25, 0x49, 0x17, + 0x45, 0x70, 0x13, 0x8C, 0x2B, 0xB3, 0xAA, 0x9C, + 0xBE, 0xA9, 0x19, 0x74, 0xF3, 0xD8, 0x9B, 0xF5, + 0xAE, 0x32, 0xBE, 0x9E, 0x58, 0xB8, 0x54, 0xA2, + 0xF8, 0xE8, 0x6F, 0xF7, 0x67, 0x80, 0xC0, 0x34, + 0x90, 0xF4, 0x67, 0xDB, 0x06, 0x51, 0xC2, 0x0B, + 0x1D, 0xF6, 0x0E, 0xB9, 0x7A, 0x3C, 0x99, 0xD9, + 0xBD, 0x66, 0x4B, 0xE6, 0xA5, 0xE4, 0xC8, 0xA8, + 0xAD, 0x4C, 0xC3, 0x63, 0x90, 0xD7, 0x00, 0x4E, + 0x4B, 0xB4, 0x21, 0xDA, 0xED, 0x65, 0x4C, 0x35, + 0x7D, 0xA4, 0xD6, 0x84, 0x98, 0x93, 0x3E, 0xC7, + 0x17, 0x77, 0xAD, 0x64, 0xC2, 0xAE, 0x01, 0x3C, + 0x73, 0xEB, 0x45, 0x7C, 0x68, 0xEF, 0x9A, 0x74, + 0x5A, 0xDE, 0xEB, 0x4F, 0xDF, 0xC8, 0x79, 0xE7, + 0x74, 0xD0, 0x3F, 0xAF, 0x6B, 0x14, 0xAA, 0xB1, + 0x07, 0x52, 0xE2, 0x4B, 0x52, 0xD0, 0xF2, 0xD9, + 0x4D, 0x54, 0x0A, 0x1E, 0xBE, 0x10, 0xF5, 0x97, + 0xE5, 0x14, 0x44, 0x2D, 0x6C, 0x13, 0xC2, 0xE2, + 0x49, 0x8E, 0x8A, 0xF3, 0x01, 0x7C, 0x52, 0xDB, + 0x23, 0x3A, 0x90, 0x71, 0x7D, 0xF2, 0x5B, 0x4D, + 0x07, 0x2B, 0x7D, 0x88, 0xEE, 0x87, 0x31, 0xD1, + 0x68, 0x24, 0xC9, 0x5D, 0x1F, 0xB9, 0x83, 0xC4, + 0x49, 0xDE, 0xB4, 0x66, 0x27, 0x60, 0x60, 0xFE, + 0xE4, 0xC7, 0xEE, 0x38, 0x14, 0x51, 0xF2, 0x32, + 0xC2, 0x9C, 0x7C, 0x32, 0x20, 0x85, 0x0C, 0x61, + 0xD1, 0xC3, 0xC0, 0x0D, 0xB1, 0xCD, 0x97, 0x26, + 0xA0, 0x2A, 0x56, 0x60, 0x9F, 0x3A, 0x65, 0xD3, + 0xD1, 0x64, 0x60, 0x45, 0x88, 0xCD, 0x9B, 0x43, + 0x14, 0x12, 0xF1, 0xAD, 0xD9, 0x14, 0xC5, 0xC2, + 0xDA, 0xBB, 0xC9, 0x04, 0x67, 0xC0, 0xC4, 0xEA, + 0x5F, 0x76, 0xE2, 0x4A, 0xA6, 0x18, 0x76, 0x5F, + 0x8B, 0x06, 0x36, 0xD7, 0xB0, 0x65, 0xE1, 0xF4, + 0xE6, 0xF6, 0x22, 0xEA, 0xE1, 0x71, 0x52, 0x45, + 0x8C, 0x76, 0x65, 0x86, 0x77, 0x2D, 0x36, 0x3F, + 0xA9, 0x92, 0x14, 0xF4, 0x72, 0xB0, 0xDB, 0x8A, + 0x1E, 0x49, 0xD8, 0x2D, 0x02, 0x78, 0xF2, 0x95, + 0x8B, 0x0A, 0xAA, 0x15, 0x86, 0xDB, 0x13, 0x4B, + 0xDF, 0xD2, 0x43, 0x87, 0x42, 0x49, 0x50, 0x07, + 0xE2, 0xFE, 0x5B, 0x60, 0xE2, 0x46, 0x39, 0x92, + 0x26, 0x94, 0x7A, 0x12, 0xEA, 0x17, 0x63, 0x1C, + 0xAA, 0x53, 0x46, 0x87, 0xCB, 0x75, 0xC0, 0x60, + 0xB4, 0x79, 0x7E, 0xAB, 0x82, 0x77, 0xCC, 0x4F, + 0x8A, 0x7A, 0x20, 0x38, 0x76, 0x06, 0xEF, 0xE2, + 0xDB, 0xD3, 0xE7, 0x36, 0x24, 0x92, 0x77, 0xD9, + 0x0F, 0xCA, 0xB9, 0x92, 0xA8, 0xC9, 0x9E, 0x85, + 0xAB, 0x03, 0xEB, 0x4C, 0xAC, 0x5D, 0x88, 0x55, + 0x39, 0x58, 0x52, 0x8A, 0xF9, 0x29, 0x74, 0x71, + 0x81, 0x35, 0xF1, 0xD0, 0xC7, 0x93, 0xEB, 0x00, + 0x0E, 0xA0, 0xAE, 0xC3, 0xEC, 0x18, 0x58, 0xFD, + 0xD1, 0x86, 0x88, 0xD1, 0xDA, 0x27, 0x27, 0x8D, + 0xEB, 0xF2, 0xCA, 0x81, 0x10, 0xBA, 0x4A, 0x20, + 0x4F, 0x79, 0x30, 0xE1, 0xC8, 0xCE, 0xEC, 0xAF, + 0xB7, 0x3F, 0x75, 0xDD, 0xB3, 0x4C, 0x5C, 0x55, + 0x96, 0x8A, 0x79, 0x33, 0x05, 0x84, 0x26, 0xB5, + 0x5D, 0x03, 0x9F, 0x72, 0x92, 0xAC, 0x43, 0xF6, + 0x45, 0x84, 0xF6, 0xDF, 0x18, 0x7A, 0x1D, 0x6B, + 0x00, 0x3F, 0x51, 0x4C, 0xC1, 0x3B, 0x26, 0xC2, + 0xF3, 0x48, 0x19, 0x5A, 0xA3, 0x21, 0xDE, 0x6A, + 0x27, 0xEC, 0x11, 0x34, 0x8D, 0xE5, 0x0D, 0x82, + 0x5A, 0x29, 0x64, 0xC6, 0x31, 0x99, 0x2E, 0x4B, + 0x0B, 0x42, 0x5B, 0x1B, 0xEB, 0x4F, 0x96, 0x00, + 0xE3, 0xAD, 0xC4, 0x43, 0x1C, 0xF2, 0xE8, 0x8B, + 0x42, 0x23, 0xD2, 0xDB, 0x66, 0x3C, 0x3C, 0xE7, + 0x0E, 0xF8, 0x5D, 0xDD, 0x56, 0xA9, 0xBA, 0xF1, + 0x38, 0xA9, 0xD7, 0xED, 0xD8, 0x94, 0x13, 0x1C, + 0x3A, 0x8F, 0x41, 0xA0, 0x4E, 0xF9, 0xF8, 0x67, + 0x52, 0xB7, 0x21, 0x81, 0xFA, 0xBB, 0x37, 0xC8, + 0x6B, 0x87, 0x7E, 0x61, 0xD6, 0x0E, 0xED, 0x95, + 0xEE, 0xFF, 0xAB, 0xE6, 0x37, 0x6E, 0x14, 0xAC, + 0xA8, 0x17, 0xC5, 0xF4, 0x19, 0x61, 0xAF, 0x8A, + 0x78, 0x49, 0xBA, 0xC0, 0x94, 0x91, 0x7B, 0x2D, + 0x13, 0x22, 0x76, 0xB6, 0xB3, 0x48, 0x6A, 0xFF, + 0x95, 0x0D, 0x23, 0xD4, 0xAA, 0xDC, 0x24, 0xCE, + 0x98, 0xA5, 0x26, 0x9E, 0x1C, 0x69, 0x91, 0x79, + 0x60, 0xA3, 0x1E, 0xE0, 0x9A, 0x52, 0x7C, 0x35, + 0x81, 0x75, 0xCA, 0xA0, 0xCB, 0x1B, 0x01, 0x8E, + 0x95, 0x26, 0xD9, 0x35, 0x34, 0xEA, 0xDB, 0xAC, + 0xB5, 0x2B, 0x27, 0x3D, 0x73, 0x5E, 0x22, 0xDD, + 0x0D, 0x5C, 0x28, 0xFA, 0x3E, 0x47, 0xCF, 0xE9, + 0x0B, 0x52, 0x15, 0xAE, 0x24, 0xF1, 0x46, 0xC3, + 0x46, 0x4B, 0xFE, 0xAF, 0x01, 0xD2, 0x8D, 0xAA, + 0x55, 0x3C, 0x1E, 0x94, 0x42, 0x8A, 0x10, 0x4A, + 0x9D, 0x78, 0xAE, 0xC7, 0x62, 0x59, 0x1E, 0x88, + 0x79, 0xF7, 0x68, 0x51, 0xCF, 0xB4, 0x64, 0x85, + 0x66, 0x72, 0x1B, 0x0C, 0xAC, 0x1F, 0x14, 0xFE, + 0x16, 0x14, 0x9A, 0x9D, 0x82, 0x10, 0xCC, 0x8F, + 0x2F, 0x50, 0xDE, 0xF7, 0xB4, 0x6C, 0x84, 0x3B, + 0xE9, 0x3B, 0xD8, 0xD5, 0x56, 0x02, 0x49, 0x33, + 0x50, 0xAB, 0x56, 0x0E, 0xA5, 0xBA, 0x17, 0x71, + 0x64, 0x23, 0xBE, 0x0E, 0xB8, 0x36, 0x0A, 0xB1, + 0x09, 0xD8, 0xFB, 0x18, 0xBF, 0xEA, 0x04, 0x08, + 0x47, 0xB7, 0x33, 0x51, 0x45, 0xD4, 0xF2, 0x00, + 0xD1, 0x9C, 0xF6, 0xFE, 0x7B, 0xAC, 0x91, 0x7F, + 0x42, 0x6C, 0x9B, 0x3D, 0x39, 0xA9, 0xCA, 0x43, + 0x29, 0x81, 0x8F, 0x24, 0x0E, 0x7D, 0xA3, 0x82, + 0x76, 0x10, 0x72, 0xF4, 0xA6, 0x50, 0x5E, 0xA8, + 0xE7, 0x6C, 0x1E, 0x44, 0x6F, 0xEB, 0x66, 0x25, + 0xE3, 0x8D, 0xDB, 0xCD, 0x3C, 0xDA, 0x81, 0xE8, + 0x3B, 0xF7, 0x68, 0xF3, 0xE0, 0x1D, 0x9D, 0x26, + 0x3B, 0x36, 0x73, 0x03, 0xAE, 0x15, 0x6C, 0x0B, + 0x71, 0x83, 0x36, 0x4A, 0x1E, 0x79, 0x41, 0xA0, + 0x92, 0x98, 0xA3, 0xAD, 0xF7, 0xBD, 0x23, 0x1E, + 0x61, 0x14, 0xB9, 0xDC, 0xE7, 0x95, 0x2B, 0x11, + 0x3F, 0x78, 0x16, 0x31, 0x38, 0xB9, 0x26, 0x6F, + 0x84, 0x3F, 0x1E, 0xD9, 0x7D, 0x9C, 0x2B, 0x16, + 0x3A, 0x6E, 0x8B, 0xD4, 0xC1, 0xAB, 0x4E, 0x17, + 0x93, 0x67, 0xC5, 0xAC, 0x96, 0xCE, 0xCF, 0x50, + 0x50, 0xFE, 0x82, 0x1F, 0xDF, 0xA4, 0x4E, 0x9E, + 0x68, 0x0B, 0x61, 0xC6, 0x01, 0x89, 0x32, 0xDF, + 0x71, 0x78, 0x11, 0x45, 0x9A, 0xF2, 0x54, 0x2E, + 0x2C, 0xDE, 0x77, 0x17, 0x8C, 0x2E, 0x98, 0x80, + 0xF0, 0x11, 0xE4, 0x05, 0xEA, 0xFA, 0x59, 0xC8, + 0xCB, 0xBE, 0xD7, 0x6E, 0x5A, 0x19, 0x41, 0x10, + 0x4B, 0x1B, 0x9D, 0x3A, 0x60, 0x49, 0x1C, 0x95, + 0x47, 0x55, 0xE0, 0x2E, 0x89, 0x41, 0x03, 0xF1, + 0xF4, 0x97, 0x74, 0x75, 0xE9, 0xEA, 0x36, 0x60, + 0x9F, 0xD6, 0x7C, 0x9D, 0xE3, 0x18, 0xED, 0xA2, + 0x37, 0x0D, 0xCC, 0xDB, 0xB9, 0xCE, 0xF7, 0xAE, + 0x63, 0x60, 0x90, 0x5E, 0xC2, 0x20, 0x83, 0x8C, + 0x97, 0x69, 0x82, 0x34, 0x41, 0xCD, 0xD0, 0xDA, + 0x8E, 0xF0, 0xAB, 0xE5, 0xF2, 0xD1, 0xD7, 0x6E, + 0x2F, 0xE0, 0x8F, 0xEF, 0x53, 0xDE, 0x1D, 0x61, + 0x66, 0xAB, 0x1A, 0x92, 0xB1, 0xAC, 0x09, 0x3E, + 0x5A, 0xBF, 0x76, 0x58, 0xC4, 0xB5, 0x72, 0x87, + 0xF2, 0xD1, 0xFD, 0x7B, 0x82, 0xDE, 0xDA, 0xF8, + 0xD5, 0xA4, 0xFB, 0xAC, 0x4B, 0x35, 0xD5, 0x82, + 0x31, 0x69, 0x4E, 0x16, 0x24, 0x97, 0x57, 0x8A, + 0xBD, 0x7A, 0xA7, 0xC8, 0xFE, 0x7B, 0x35, 0x41, + 0xA7, 0xF1, 0x8E, 0x54, 0xE8, 0xB7, 0xF0, 0x87, + 0x64, 0xC5, 0xE6, 0x84, 0x49, 0xDF, 0x65, 0x59, + 0x01, 0x54, 0x98, 0x32, 0xD6, 0x28, 0xFA, 0x63, + 0xD2, 0xB2, 0xC5, 0xA1, 0x50, 0x93, 0x39, 0x94, + 0xA9, 0x86, 0x33, 0x17, 0xAD, 0x40, 0xD7, 0x78, + 0xD9, 0xD2, 0xC0, 0x5C, 0x78, 0x98, 0x85, 0x0B, + 0x90, 0x17, 0x32, 0x23, 0xC7, 0xA0, 0xAF, 0x89, + 0x0F, 0xD7, 0xE6, 0x62, 0x21, 0xB6, 0xF0, 0x63, + 0x18, 0xB2, 0xED, 0x5E, 0x19, 0x9C, 0xB4, 0x24, + 0x88, 0x5A, 0xB8, 0x41, 0xE7, 0xA4, 0x72, 0x6F, + 0xAB, 0xA2, 0xF9, 0xBB, 0x53, 0xBC, 0x32, 0x36, + 0x43, 0x4C, 0x35, 0xFB, 0xBE, 0x4B, 0x1A, 0x0F, + 0x93, 0xF5, 0x0C, 0x37, 0x89, 0x6C, 0x29, 0xF8, + 0xE3, 0x02, 0xAD, 0x31, 0xED, 0x33, 0x31, 0xD6, + 0x20, 0xE3, 0xB6, 0x29, 0x45, 0x51, 0x01, 0xA1, + 0xF1, 0xCC, 0x7B, 0xA5, 0xE4, 0x6E, 0x68, 0xED, + 0x4A, 0x8C, 0xCC, 0x87, 0xB4, 0xDC, 0x75, 0xBC, + 0x01, 0x62, 0xB6, 0x33, 0x0F, 0x83, 0x3F, 0xBA, + 0x25, 0x75, 0xDF, 0xAF, 0x5B, 0x5F, 0x28, 0xBC, + 0x54, 0xFF, 0x2B, 0xA8, 0x1E, 0x7A, 0x47, 0x31, + 0x3C, 0x15, 0x48, 0x2B, 0x60, 0x5E, 0x66, 0xBB, + 0x38, 0xC6, 0x19, 0x8F, 0x13, 0x92, 0x10, 0x40, + 0x80, 0xFB, 0xE7, 0x8B, 0x86, 0xB1, 0xBC, 0x9A, + 0x6F, 0xB8, 0x81, 0xF5, 0xC7, 0x82, 0x01, 0x47, + 0xE6, 0xBA, 0x14, 0xB8, 0x1A, 0xCC, 0xF2, 0x0C, + 0xAE, 0x96, 0x64, 0x10, 0x94, 0xC2, 0x16, 0x90, + 0x2E, 0xA5, 0xC1, 0x25, 0xF6, 0xC9, 0x35, 0xA1, + 0x50, 0xD7, 0xC9, 0xAC, 0xC5, 0xD9, 0xE2, 0xE5, + 0xD9, 0x0E, 0x38, 0xC0, 0x50, 0x3A, 0xA9, 0x42, + 0x60, 0x17, 0xC7, 0x6A, 0xAF, 0xCD, 0x52, 0x61, + 0xB5, 0x06, 0x27, 0x4E, 0xC1, 0x3A, 0x96, 0x79, + 0xFB, 0x09, 0x79, 0x60, 0x27, 0xA4, 0xBB, 0x75, + 0x9D, 0x92, 0x82, 0x79, 0xB9, 0x4D, 0x84, 0x1A, + 0x09, 0x73, 0x93, 0xBF, 0x7E, 0x5B, 0xD6, 0x9A, + 0x49, 0x6C, 0xC3, 0xDE, 0xCD, 0x2B, 0x0F, 0x07, + 0xF8, 0x33, 0x92, 0xAA, 0xDE, 0x33, 0xDC, 0x51, + 0xB2, 0xA8, 0x4F, 0x6A, 0x07, 0x63, 0x5D, 0xC0, + 0xEF, 0x57, 0xA9, 0xAD, 0x59, 0x59, 0xB6, 0xA5, + 0x0B, 0x7B, 0xA5, 0x09, 0xAD, 0x5B, 0x11, 0xFA, + 0xD2, 0x6B, 0x41, 0x9F, 0x9F, 0x1E, 0x3F, 0x9C, + 0x73, 0x29, 0xB5, 0xA9, 0x53, 0xD7, 0xCC, 0x87, + 0xB2, 0xDE, 0x21, 0x06, 0x11, 0xCF, 0x52, 0xA6, + 0x39, 0xEF, 0x2B, 0x39, 0x08, 0x01, 0x2C, 0xB8, + 0x8E, 0x1D, 0x6F, 0x57, 0x62, 0x50, 0x79, 0xCB, + 0x10, 0x3D, 0x6C, 0x98, 0x10, 0x1A, 0x11, 0xBD, + 0x22, 0x33, 0xB6, 0x56, 0x02, 0xCA, 0x30, 0x49, + 0xBD, 0x32, 0x05, 0x20, 0x41, 0x9F, 0x76, 0xB0, + 0x61, 0xE3, 0x59, 0x8D, 0xE3, 0x81, 0x52, 0xC8, + 0x87, 0x67, 0xD1, 0xA2, 0x4F, 0xBD, 0x02, 0xBB, + 0x10, 0xC3, 0x8E, 0xAC, 0xAE, 0x31, 0x7D, 0xE6, + 0xBB, 0x28, 0x7B, 0x4D, 0x2C, 0xAE, 0x5D, 0xA0, + 0x21, 0x49, 0x65, 0xD8, 0x77, 0x37, 0x78, 0x62, + 0x6E, 0x9B, 0x97, 0x28, 0x59, 0xD8, 0x48, 0x2B, + 0x8D, 0x05, 0x47, 0xE4, 0xF5, 0x6D, 0xFF, 0x87, + 0x68, 0x1D, 0x5B, 0xC5, 0x12, 0x0F, 0x61, 0x3F, + 0xBB, 0xD9, 0x1E, 0x1F, 0x14, 0xE6, 0xDE, 0xFE, + 0x67, 0x2E, 0x2A, 0x7E, 0xAB, 0xCB, 0xBB, 0x9B, + 0x11, 0x08, 0x2C, 0x5E, 0x70, 0x0A, 0xA0, 0xB1, + 0xF7, 0xC1, 0x78, 0x5F, 0xCE, 0xD1, 0x9A, 0x93, + 0xAF, 0xE7, 0xC5, 0x9F, 0xA2, 0x51, 0x9B, 0xCD, + 0xEB, 0x49, 0x4C, 0x3D, 0x13, 0xB2, 0x12, 0x5F, + 0x38, 0x53, 0x23, 0xB8, 0x16, 0xC6, 0x8F, 0x8F, + 0x56, 0x28, 0xC7, 0xC2, 0xAB, 0xFD, 0x02, 0x78, + 0xA3, 0x37, 0x07, 0x3D, 0xA7, 0x4D, 0x16, 0x09, + 0x96, 0x98, 0xC4, 0xB1, 0x14, 0xE8, 0xA8, 0xCE, + 0x34, 0x4E, 0x0A, 0x15, 0xD0, 0xFC, 0x7E, 0xD4, + 0x97, 0xB0, 0x01, 0xD5, 0x3D, 0x4C, 0x96, 0xDC, + 0x39, 0x54, 0xD3, 0xB4, 0xB9, 0x56, 0xCB, 0x9D, + 0x2A, 0x27, 0x2C, 0x51, 0xF1, 0x55, 0x9B, 0x22, + 0x90, 0x4B, 0x40, 0xCC, 0x85, 0x31, 0xE4, 0x0C, + 0xC4, 0x12, 0xC6, 0x8C, 0xB6, 0xEE, 0xA4, 0xA4, + 0x09, 0x0B, 0x38, 0xE2, 0x79, 0x73, 0x29, 0x98, + 0x54, 0x67, 0xE8, 0x18, 0xA5, 0x24, 0xD3, 0x22, + 0x8E, 0xAC, 0xAE, 0x78, 0x25, 0xD3, 0xDA, 0xD2, + 0xEA, 0xA4, 0x22, 0xFD, 0xC7, 0x7A, 0xED, 0x71, + 0xA2, 0x05, 0xDA, 0x78, 0x38, 0xD9, 0x45, 0xE7, + 0xFE, 0xC3, 0x7E, 0x4D, 0xCA, 0x67, 0xE5, 0x04, + 0xCE, 0x35, 0xE5, 0xB0, 0x45, 0xF5, 0x6F, 0x1E, + 0x8D, 0x75, 0x29, 0xEB, 0xD6, 0xF1, 0xAF, 0x7B, + 0x6E, 0x93, 0x9E, 0x2B, 0x7A, 0xB4, 0x02, 0x7D, + 0x37, 0xA5, 0x13, 0x5D, 0x17, 0x2D, 0xA1, 0xAF, + 0x9C, 0xA2, 0xF7, 0x28, 0xA6, 0xF3, 0x7D, 0xE6, + 0x0D, 0xD2, 0x3D, 0x97, 0xD1, 0x1E, 0x75, 0xAB, + 0x1F, 0xD5, 0x1F, 0x8E, 0x9A, 0x13, 0x97, 0xE5, + 0x82, 0x21, 0x59, 0xDB, 0x58, 0x38, 0x02, 0xB3, + 0x2E, 0xEB, 0xB4, 0x56, 0x7E, 0xCE, 0x37, 0x46, + 0xD1, 0xAE, 0x33, 0x31, 0x47, 0x85, 0x64, 0x3D, + 0xD2, 0xA0, 0x74, 0x1E, 0x7F, 0x1B, 0xF2, 0xD2, + 0x61, 0xF2, 0x21, 0x24, 0xE8, 0xDD, 0xD0, 0x8C, + 0x64, 0x0A, 0x48, 0xB5, 0x47, 0x17, 0x51, 0x7C, + 0x21, 0xCD, 0x32, 0x53, 0x28, 0xBC, 0x23, 0x9C, + 0xA0, 0x28, 0xB2, 0x63, 0x0D, 0x06, 0x3C, 0x8C, + 0xC2, 0x0B, 0xE9, 0xBD, 0xB4, 0x85, 0x02, 0xDA, + 0xDD, 0xE7, 0x3F, 0xFE, 0xD5, 0x96, 0x38, 0x16, + 0x53, 0x3E, 0x02, 0x0A, 0xED, 0x12, 0x08, 0x53, + 0x62, 0x55, 0xB1, 0xCC, 0xE9, 0x85, 0x43, 0x31, + 0x27, 0xFF, 0x4F, 0x04, 0xD5, 0xB1, 0xE2, 0xF2, + 0x10, 0x87, 0x04, 0xB8, 0xB9, 0x66, 0x58, 0x8C, + 0x01, 0x56, 0xAF, 0xC2, 0xAE, 0x19, 0x29, 0x86, + 0xFB, 0xEC, 0x44, 0x3B, 0xAE, 0xF6, 0xCB, 0x85, + 0xA6, 0xF2, 0x9C, 0x77, 0x92, 0x40, 0x5A, 0x24, + 0x11, 0x47, 0x10, 0xAE, 0x1C, 0x74, 0x64, 0x44, + 0xFD, 0xF5, 0xFB, 0x65, 0x9E, 0x5E, 0x34, 0x68, + 0x26, 0x20, 0x7B, 0x8C, 0x54, 0x46, 0x3A, 0x06, + 0x17, 0xCE, 0x17, 0xFF, 0x33, 0xE4, 0x0F, 0x93, + 0x1F, 0xE5, 0x76, 0x71, 0x5C, 0x93, 0x2E, 0xF2, + 0x9F, 0xD7, 0x6B, 0x04, 0xA6, 0x9B, 0x58, 0xE0, + 0x30, 0x3D, 0x8E, 0xF2, 0x56, 0x78, 0xC8, 0xB7, + 0x0A, 0xF1, 0x2E, 0x90, 0x45, 0x59, 0x1C, 0x04, + 0xE8, 0xB7, 0x71, 0x06, 0x94, 0x04, 0x15, 0x17, + 0x7E, 0x86, 0x85, 0x93, 0xA0, 0x9C, 0x7E, 0x14, + 0x61, 0x9A, 0x4B, 0x33, 0x2F, 0x9A, 0xDC, 0x3A, + 0x65, 0x8B, 0x86, 0x01, 0x7F, 0x32, 0x65, 0x6C, + 0x54, 0x29, 0xC1, 0x15, 0xE1, 0x10, 0x03, 0x7A, + 0x8C, 0xC7, 0xE5, 0x44, 0x67, 0x7D, 0x2D, 0xD2, + 0x39, 0xA5, 0x9D, 0x54, 0xD0, 0xF3, 0xC7, 0x46, + 0x0E, 0xC1, 0x52, 0x08, 0x34, 0x6B, 0xA5, 0x6D, + 0xF5, 0x08, 0x6C, 0x5D, 0xBC, 0xC4, 0x1E, 0x0C, + 0x95, 0xFC, 0xB6, 0x86, 0x1C, 0x2C, 0x0C, 0x32, + 0xAA, 0xF3, 0x45, 0x4E, 0xFE, 0xE2, 0xFF, 0xBA, + 0x21, 0x4B, 0x43, 0x0E, 0xF2, 0x48, 0xA5, 0x9B, + 0x32, 0x44, 0x4D, 0x8D, 0x0D, 0x3D, 0xB8, 0x7C, + 0x9D, 0x4B, 0x15, 0x36, 0xD1, 0x57, 0x72, 0x8E, + 0xE7, 0x58, 0x5E, 0xF5, 0x32, 0x77, 0x6A, 0x00, + 0x3A, 0x02, 0x3C, 0x0A, 0xB0, 0xE9, 0xFF, 0x55, + 0x71, 0x08, 0xC3, 0x90, 0x68, 0x4D, 0x56, 0x5A, + 0x66, 0x50, 0x63, 0x26, 0x6A, 0xE6, 0x67, 0x0E, + 0xD5, 0x3B, 0x0F, 0xAF, 0x8F, 0xF6, 0x78, 0x29, + 0xBB, 0x73, 0x78, 0x25, 0xB1, 0x53, 0xA9, 0x33, + 0x8C, 0xBE, 0x3D, 0xF1, 0xA4, 0x62, 0x84, 0x9B, + 0x93, 0xA8, 0x1F, 0x84, 0xED, 0x07, 0xBE, 0x6D, + 0x62, 0x40, 0x00, 0x32, 0x74, 0x73, 0x7F, 0x61, + 0x8D, 0xCB, 0x26, 0xE4, 0x82, 0x52, 0xCE, 0x42, + 0x04, 0xDD, 0x31, 0x39, 0xFF, 0x68, 0x76, 0xF4, + 0x3B, 0x30, 0x5D, 0x83, 0x56, 0x20, 0xFE, 0xDF, + 0x79, 0xAA, 0x67, 0x43, 0x3D, 0xC2, 0x52, 0x87, + 0x32, 0x0E, 0x99, 0x17, 0x96, 0x7B, 0x70, 0xB2, + 0xD8, 0x66, 0xD1, 0x7B, 0x69, 0x8B, 0xFF, 0xF2, + 0xB3, 0xAB, 0x95, 0x14, 0x94, 0x9E, 0x58, 0xB5, + 0x7C, 0x68, 0xA4, 0x54, 0x12, 0xC1, 0xFC, 0x42, + 0x1C, 0x76, 0x8B, 0xF5, 0xEE, 0x8A, 0x10, 0xC8, + 0xAE, 0xF5, 0x69, 0x26, 0xF5, 0x1E, 0xC6, 0x2C, + 0x11, 0x56, 0x9F, 0x31, 0xAA, 0x51, 0x78, 0x68, + 0xE5, 0xCA, 0xD8, 0x9E, 0x95, 0x80, 0x66, 0xEB, + 0x9E, 0xDD, 0x72, 0x71, 0xB3, 0x1C, 0xB4, 0xB1, + 0xD6, 0xCE, 0x21, 0x12, 0x25, 0xAE, 0xB5, 0xB5, + 0x7F, 0x74, 0x97, 0x19, 0xDA, 0x07, 0xEC, 0xBE, + 0xFE, 0x03, 0x88, 0x1D, 0xDE, 0x3D, 0x81, 0xE4, + 0x13, 0x5F, 0x2D, 0xC8, 0x1A, 0xF7, 0x79, 0x77, + 0x6C, 0x1B, 0x80, 0x57, 0x16, 0x2A, 0x6C, 0x98, + 0x2F, 0xBB, 0x4D, 0xA6, 0xA9, 0xAD, 0x28, 0x4A, + 0xB1, 0x0C, 0x70, 0x02, 0x20, 0x44, 0xF4, 0x6D, + 0x40, 0x0B, 0xF6, 0xAD, 0x71, 0x82, 0xD1, 0x97, + 0x78, 0x99, 0x83, 0xBE, 0x99, 0x22, 0x79, 0x79, + 0xA1, 0x33, 0x4B, 0xA1, 0x49, 0xD8, 0x69, 0xBA, + 0x1C, 0x40, 0x88, 0x12, 0x34, 0x35, 0xBF, 0x97, + 0x85, 0x41, 0x35, 0x6D, 0xAF, 0x17, 0x1F, 0x33, + 0xAD, 0xB1, 0xC9, 0x79, 0x07, 0xA0, 0xFB, 0x58, + 0x45, 0x07, 0x4A, 0x85, 0xD2, 0x6F, 0x54, 0x61, + 0x35, 0xAE, 0xD0, 0xF9, 0x1B, 0xE4, 0x53, 0x9C, + 0x12, 0xBF, 0x94, 0x11, 0xE4, 0xB5, 0x56, 0xF6, + 0x87, 0xD0, 0x69, 0xDB, 0x6B, 0x21, 0xFE, 0x2B, + 0x7F, 0x32, 0x18, 0x87, 0x44, 0x8C, 0xEA, 0x55, + 0xDB, 0x19, 0xFB, 0xB8, 0xB0, 0x48, 0x2A, 0x55, + 0xAE, 0xC1, 0x67, 0x38, 0xD7, 0x4C, 0xD2, 0x65, + 0x09, 0x38, 0x36, 0xBE, 0x99, 0xD4, 0xFB, 0x53, + 0xE9, 0xB0, 0x14, 0xB0, 0x37, 0xCD, 0xBF, 0xE9 +#endif + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT +static const unsigned char dilithium_public_der[] = { +#ifndef WOLFSSL_NO_ML_DSA_44 + 0x30, 0x82, 0x05, 0x34, 0x30, 0x0d, 0x06, 0x0b, + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x04, 0x04, 0x03, 0x82, 0x05, 0x21, 0x00, + 0x0a, 0xf7, 0xc8, 0xa4, 0x96, 0x01, 0xa7, 0xb2, + 0x2e, 0x4d, 0xc9, 0xd9, 0x1c, 0xa1, 0x86, 0x09, + 0xce, 0x14, 0x6f, 0xe8, 0x33, 0x3c, 0x7b, 0xdb, + 0x19, 0x9c, 0x56, 0x39, 0x6a, 0x6c, 0x5d, 0x1f, + 0xe4, 0x26, 0xcb, 0x16, 0x91, 0x4d, 0xeb, 0x5a, + 0x36, 0x22, 0xee, 0xda, 0xdf, 0x46, 0x3e, 0xa1, + 0x4f, 0x9a, 0x30, 0xb5, 0x3f, 0x60, 0xf7, 0x75, + 0x47, 0xdc, 0x55, 0xf1, 0xbe, 0xbc, 0x87, 0x6c, + 0x50, 0x7c, 0x21, 0x55, 0x35, 0xad, 0xa7, 0xf9, + 0x1c, 0xf8, 0xa1, 0x92, 0x79, 0x10, 0x52, 0x7a, + 0xc3, 0xba, 0xd3, 0x9d, 0xc6, 0x9b, 0xf4, 0xcb, + 0x1b, 0xa2, 0xde, 0x83, 0x86, 0xa6, 0x35, 0xea, + 0xf2, 0x8c, 0xdc, 0xba, 0x3e, 0xef, 0x9c, 0xf5, + 0x8e, 0xc3, 0xb0, 0xc0, 0x5b, 0xcc, 0x35, 0x6a, + 0x81, 0xe5, 0x17, 0xb3, 0x9a, 0x57, 0xa6, 0x4a, + 0x87, 0xb1, 0xa7, 0xf5, 0xa2, 0x96, 0x40, 0x8b, + 0xc1, 0x62, 0xb2, 0xd9, 0x76, 0xe8, 0x51, 0x33, + 0x44, 0x3d, 0xeb, 0x14, 0x86, 0x88, 0x2c, 0xc1, + 0x47, 0xba, 0x2b, 0x85, 0x3b, 0x72, 0xcb, 0x9f, + 0x40, 0xba, 0x19, 0x58, 0xa4, 0x34, 0x0a, 0xd2, + 0x8c, 0x97, 0xbd, 0x3d, 0x09, 0xb0, 0x4a, 0xeb, + 0xaa, 0xee, 0x58, 0x1e, 0xc1, 0x19, 0x26, 0x70, + 0x15, 0xa5, 0x17, 0x7e, 0xd0, 0xa1, 0x08, 0xf9, + 0x6d, 0xcf, 0x20, 0x62, 0x95, 0x8e, 0x61, 0xf4, + 0x29, 0x96, 0x6f, 0x38, 0x1c, 0x67, 0xd5, 0xa6, + 0x4c, 0xf5, 0x1f, 0xda, 0x12, 0x22, 0x24, 0x6b, + 0x0d, 0xb7, 0x6a, 0xe5, 0xaf, 0x6c, 0x89, 0x52, + 0xc2, 0x85, 0x85, 0x5f, 0x16, 0x33, 0x0c, 0xc6, + 0x7a, 0xe0, 0xa8, 0xed, 0x13, 0x58, 0xf3, 0xa0, + 0x80, 0x42, 0x3c, 0xe3, 0x57, 0xd1, 0xe2, 0x66, + 0xc4, 0xe0, 0x3d, 0x49, 0x32, 0x21, 0xd9, 0xa1, + 0x3c, 0x93, 0x0a, 0xf7, 0x5f, 0x34, 0x65, 0xa4, + 0x30, 0xf9, 0xe7, 0x8a, 0x96, 0x04, 0xdb, 0xc5, + 0x16, 0x15, 0x10, 0x74, 0x4f, 0xc9, 0x6b, 0x4b, + 0x66, 0x29, 0xb0, 0xd1, 0x3b, 0xdd, 0x41, 0x0a, + 0xfe, 0xdf, 0x5f, 0x72, 0x91, 0xbc, 0x99, 0x2f, + 0x8d, 0x72, 0x3a, 0x4a, 0xde, 0x11, 0x3a, 0x20, + 0xb2, 0x56, 0xb5, 0x73, 0x89, 0xb4, 0x63, 0x37, + 0x86, 0xbd, 0x99, 0x8b, 0x03, 0x56, 0x50, 0x21, + 0x11, 0x78, 0x8c, 0xd5, 0xc1, 0x92, 0x33, 0x72, + 0x6e, 0x8d, 0x88, 0x2d, 0x10, 0x8f, 0x31, 0xd3, + 0x23, 0xe5, 0xaa, 0x1f, 0xe1, 0x37, 0xec, 0x34, + 0x42, 0x30, 0x75, 0xff, 0xb2, 0x1a, 0x8e, 0x29, + 0x03, 0x4c, 0xfd, 0xdf, 0x53, 0xf2, 0x0b, 0x2d, + 0xf9, 0x1c, 0x9e, 0xb6, 0x5a, 0x6c, 0x5e, 0x88, + 0x48, 0x29, 0x89, 0x42, 0xfc, 0x97, 0xfb, 0x27, + 0x1c, 0x99, 0x2a, 0xbf, 0x7f, 0x04, 0xb2, 0xcd, + 0xc9, 0x3a, 0x39, 0xfe, 0x4f, 0x47, 0x92, 0x0b, + 0x85, 0xfc, 0x92, 0x57, 0xc5, 0x0b, 0x23, 0x1f, + 0x0b, 0x72, 0xb4, 0xde, 0xfe, 0xbe, 0xb7, 0x39, + 0xb3, 0xd7, 0x48, 0x03, 0xed, 0x76, 0xac, 0x63, + 0xf7, 0x2a, 0x58, 0xef, 0xdb, 0x63, 0x5a, 0x56, + 0x68, 0xcc, 0xb2, 0x8b, 0x22, 0xac, 0xdf, 0xc4, + 0xad, 0x6f, 0xad, 0x24, 0xfd, 0x30, 0xfb, 0xed, + 0x6e, 0xde, 0x65, 0x2b, 0xb4, 0x57, 0x35, 0x49, + 0xc1, 0xc9, 0x82, 0xf4, 0x72, 0x69, 0xef, 0x34, + 0xc0, 0x37, 0x8b, 0x8b, 0xd3, 0xd3, 0x25, 0xcc, + 0xe5, 0xf5, 0xf6, 0x9c, 0xa3, 0xe7, 0x88, 0xd7, + 0x55, 0x73, 0x31, 0x4c, 0xb1, 0x7b, 0x64, 0xb3, + 0x38, 0xde, 0x47, 0x9a, 0xfc, 0xf1, 0xfa, 0xf8, + 0x6e, 0xc5, 0x95, 0xb9, 0xaf, 0x6a, 0x7a, 0x94, + 0x80, 0x0d, 0x29, 0x62, 0x99, 0x0a, 0x34, 0xa2, + 0x8f, 0xa1, 0x5e, 0x98, 0x7c, 0x4e, 0x18, 0xcd, + 0x63, 0x68, 0x0e, 0xfa, 0x6f, 0x49, 0x01, 0x02, + 0xcd, 0xf1, 0xc1, 0x09, 0x57, 0xa3, 0x03, 0xec, + 0x94, 0x36, 0xab, 0xc6, 0x1c, 0xc0, 0x98, 0x22, + 0x15, 0x5b, 0x5b, 0x61, 0x3c, 0xc2, 0x5b, 0x6f, + 0x1c, 0x82, 0x41, 0x39, 0x87, 0xde, 0x92, 0xa9, + 0xe4, 0x12, 0x74, 0x3b, 0x31, 0x36, 0xac, 0x92, + 0xb0, 0x23, 0x26, 0xfa, 0xd8, 0xa3, 0xe8, 0x84, + 0xfc, 0x52, 0xc5, 0x7b, 0xd1, 0x4b, 0xe2, 0x1a, + 0x33, 0xdd, 0x3c, 0xdf, 0x27, 0x50, 0x6f, 0x12, + 0xd3, 0x17, 0x66, 0xd7, 0x54, 0x33, 0x30, 0x2b, + 0xe8, 0xd1, 0x1f, 0x2d, 0xf3, 0x37, 0x81, 0xa0, + 0x3c, 0x21, 0x8c, 0xea, 0x95, 0xa5, 0x5b, 0x3a, + 0x24, 0xed, 0xf7, 0x67, 0x7b, 0x72, 0x3a, 0xda, + 0x31, 0xbd, 0xa7, 0x63, 0xa6, 0x6f, 0xf9, 0xdf, + 0x06, 0x36, 0xb4, 0xe2, 0x35, 0x4b, 0xa5, 0x8e, + 0x29, 0x8e, 0x6c, 0x02, 0xc5, 0x06, 0x9b, 0x98, + 0x6e, 0x5e, 0x00, 0x6a, 0x42, 0x09, 0x4b, 0xc3, + 0x09, 0x37, 0x67, 0x19, 0x58, 0x6d, 0x40, 0x50, + 0xb0, 0x62, 0x5b, 0xd6, 0x63, 0x7f, 0xed, 0xb0, + 0x97, 0x80, 0x9e, 0x91, 0x3f, 0x82, 0xfd, 0x83, + 0x36, 0xce, 0x06, 0xc4, 0xdc, 0xa4, 0x1e, 0x70, + 0xd4, 0x94, 0xfc, 0x6e, 0x46, 0xa3, 0xc8, 0xed, + 0x34, 0x0a, 0xb1, 0x9a, 0x66, 0x5d, 0xc0, 0xce, + 0x73, 0xd3, 0x65, 0xcb, 0xfb, 0x79, 0xdd, 0xf6, + 0x19, 0xf6, 0xd8, 0xa9, 0xe6, 0x34, 0x15, 0x86, + 0x7a, 0x30, 0x79, 0xde, 0x2b, 0x06, 0xa4, 0xc0, + 0xc8, 0xa2, 0xc1, 0x41, 0xb3, 0x4c, 0xf6, 0xdb, + 0x16, 0xcd, 0xd2, 0x8b, 0xf1, 0x18, 0x5a, 0xc8, + 0x3e, 0xd9, 0x54, 0x40, 0xd4, 0xce, 0x88, 0xbb, + 0x66, 0xf1, 0x74, 0x20, 0xa2, 0x3c, 0x31, 0x09, + 0xba, 0xac, 0x61, 0x15, 0x9f, 0x73, 0x5f, 0xa7, + 0xe5, 0x0d, 0xb3, 0xab, 0xa2, 0x72, 0x25, 0xc9, + 0x87, 0x9b, 0x18, 0xdb, 0xff, 0xfb, 0x39, 0x84, + 0x8d, 0xf8, 0x97, 0x47, 0xab, 0xc4, 0xfb, 0xc2, + 0xd8, 0xe8, 0xce, 0x6e, 0x65, 0x76, 0x88, 0x4a, + 0x22, 0x2f, 0xdd, 0x43, 0xa7, 0xc4, 0x8d, 0x32, + 0x12, 0x75, 0x0b, 0x72, 0xd6, 0xb7, 0x43, 0x84, + 0xc8, 0x59, 0xa8, 0xb7, 0x8b, 0x84, 0x33, 0x92, + 0x8f, 0x94, 0xe8, 0xd0, 0xaf, 0x11, 0x35, 0xde, + 0xb7, 0x63, 0xb8, 0x91, 0x4c, 0x96, 0x4e, 0x9c, + 0x62, 0x28, 0xa2, 0xbc, 0x0b, 0x90, 0xae, 0x94, + 0x90, 0xe9, 0x32, 0xeb, 0xe3, 0x77, 0x60, 0x5f, + 0x87, 0x48, 0x4b, 0xb0, 0x78, 0x0e, 0xe2, 0x85, + 0x47, 0x06, 0xa4, 0xc9, 0x26, 0xac, 0x8f, 0xe7, + 0xc2, 0xc7, 0xce, 0xf5, 0xd1, 0x20, 0xa8, 0x56, + 0xe1, 0x4f, 0x50, 0x90, 0xb3, 0xc1, 0x03, 0x57, + 0xd3, 0x62, 0x0e, 0x2a, 0xe8, 0x86, 0xf4, 0x94, + 0x0e, 0xa5, 0x8b, 0x4e, 0x73, 0xa2, 0x76, 0xac, + 0x00, 0x29, 0xe5, 0x80, 0x26, 0x02, 0x13, 0xd1, + 0xb2, 0x68, 0x72, 0x23, 0x38, 0x55, 0xfc, 0x4d, + 0x05, 0x60, 0x49, 0x7b, 0xfb, 0xaa, 0x17, 0x8f, + 0x26, 0x0a, 0x08, 0x33, 0x8d, 0x7f, 0x4e, 0xe5, + 0x6e, 0xf8, 0x84, 0x9b, 0x9f, 0xcb, 0xa2, 0x2b, + 0xfb, 0xaf, 0xad, 0x21, 0xe2, 0x4f, 0x6f, 0x55, + 0xc1, 0x78, 0x46, 0xe3, 0xb5, 0x63, 0x06, 0x9b, + 0x93, 0x7d, 0xac, 0xd4, 0xe0, 0x64, 0x01, 0x8d, + 0xac, 0x30, 0x8b, 0x8b, 0x55, 0xb7, 0x8a, 0x16, + 0x3f, 0xc9, 0x82, 0x7f, 0xb5, 0x3b, 0x0d, 0xc0, + 0x46, 0x89, 0x5c, 0x6c, 0x45, 0x21, 0x78, 0xda, + 0x84, 0x1f, 0xc8, 0xcf, 0xf1, 0x1e, 0x79, 0x71, + 0x3b, 0xc8, 0xe2, 0x8b, 0x41, 0xfe, 0xaf, 0x2f, + 0x3b, 0x23, 0x13, 0xc5, 0x46, 0x87, 0xc6, 0x24, + 0x37, 0x21, 0x68, 0x8a, 0x3e, 0x45, 0x61, 0xf4, + 0xad, 0xf5, 0x1c, 0x23, 0x45, 0xa3, 0x42, 0xf2, + 0xa9, 0xac, 0x94, 0x50, 0xc9, 0x3d, 0x5e, 0x70, + 0x33, 0x2b, 0x78, 0xd1, 0x5c, 0x13, 0x35, 0xe6, + 0x13, 0x80, 0x5e, 0x55, 0xa7, 0xcc, 0x67, 0xb0, + 0x6c, 0xfe, 0xa2, 0x24, 0x02, 0x6d, 0xb3, 0xcb, + 0x9e, 0x94, 0xb3, 0xc6, 0x01, 0xf3, 0x01, 0x3a, + 0xe4, 0xa7, 0xa3, 0xdf, 0x56, 0x4c, 0x30, 0xce, + 0xb1, 0xd5, 0x1b, 0x68, 0x9b, 0x75, 0xae, 0xf4, + 0xb9, 0x2a, 0xe5, 0x8b, 0x7b, 0xe5, 0x99, 0x46, + 0x5f, 0x29, 0xf6, 0x82, 0xd0, 0x42, 0xb1, 0x45, + 0x09, 0x16, 0x5b, 0x32, 0x11, 0xca, 0x48, 0xea, + 0x51, 0x12, 0x0a, 0x9f, 0x6e, 0x3f, 0x74, 0xe6, + 0xe0, 0xfe, 0xf8, 0xa5, 0xc0, 0xfd, 0x15, 0x6e, + 0x2b, 0x4a, 0xd5, 0x76, 0xa8, 0x3d, 0xe3, 0x0d, + 0xfe, 0x44, 0x11, 0x5e, 0x7a, 0xde, 0x12, 0x29, + 0x5a, 0x5a, 0x25, 0xc0, 0x8e, 0x98, 0xd1, 0x11, + 0xc8, 0x00, 0x65, 0xb2, 0xf4, 0xd7, 0x56, 0x32, + 0x46, 0x2b, 0x4f, 0x7e, 0xc3, 0x4e, 0xf1, 0x17, + 0xff, 0x03, 0x32, 0xae, 0xe3, 0xbe, 0x0b, 0xab, + 0xfb, 0x43, 0x0f, 0x6d, 0xa5, 0xc6, 0x44, 0xba, + 0xc9, 0xe3, 0x3d, 0x40, 0xe7, 0x6c, 0xe8, 0x21, + 0xb2, 0x46, 0x7b, 0x3b, 0x3d, 0xde, 0x80, 0xc8, + 0xea, 0xf4, 0x6b, 0xf3, 0x53, 0xca, 0x51, 0x84, + 0xcf, 0xad, 0x7e, 0xce, 0xce, 0xc2, 0x65, 0xfc, + 0x03, 0x8c, 0xcb, 0xfa, 0xcb, 0x37, 0x89, 0x82, + 0x59, 0x5e, 0x36, 0x52, 0xe4, 0xbc, 0x8d, 0x47, + 0x7c, 0xb8, 0x3f, 0x63, 0x59, 0xdc, 0xd3, 0x74, + 0x11, 0x33, 0xb4, 0x69, 0x74, 0x40, 0x0d, 0x42, + 0x63, 0x1d, 0xe6, 0x5c, 0x1b, 0xca, 0x41, 0xff, + 0x23, 0x4e, 0xe8, 0x3d, 0x14, 0xa8, 0x17, 0x18, + 0xd0, 0x78, 0x08, 0x87, 0x7d, 0x5e, 0xdc, 0x3a, + 0x07, 0xba, 0x12, 0x8e, 0x8e, 0x56, 0x0a, 0xcb, + 0x37, 0xf6, 0x54, 0xeb, 0x55, 0x16, 0x8f, 0x06, + 0x15, 0x28, 0x6b, 0xfb, 0xed, 0x38, 0x9e, 0x9b, + 0x98, 0x5b, 0xdc, 0x67, 0x33, 0x0e, 0x02, 0x36, + 0x1b, 0x7a, 0x9a, 0x43, 0xcd, 0xf2, 0x65, 0xef, + 0x37, 0x19, 0x24, 0x6f, 0x4b, 0xb9, 0x4d, 0x3e, + 0x0b, 0x47, 0xd1, 0x67, 0x50, 0x6a, 0x7f, 0x07 +#elif !defined(WOLFSSL_NO_ML_DSA_65) + 0x30, 0x82, 0x07, 0xb4, 0x30, 0x0d, 0x06, 0x0b, + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x06, 0x05, 0x03, 0x82, 0x07, 0xa1, 0x00, + 0xff, 0x89, 0xee, 0xad, 0x20, 0x8f, 0x61, 0xa4, + 0x07, 0x1c, 0x54, 0x98, 0x8c, 0xf4, 0x2e, 0xd9, + 0xe6, 0x0f, 0xcb, 0x0e, 0xab, 0xa1, 0x37, 0x4d, + 0xc0, 0x48, 0x24, 0x78, 0xd6, 0x2d, 0x9b, 0x6f, + 0x0f, 0x17, 0x08, 0x71, 0xc3, 0xd1, 0xc8, 0x7a, + 0xe7, 0x32, 0xcb, 0xcd, 0xd6, 0xb5, 0x90, 0x08, + 0xe1, 0xda, 0xaa, 0x89, 0x3e, 0x4a, 0x62, 0x98, + 0x3d, 0xc6, 0x71, 0x30, 0xb4, 0x63, 0xa5, 0x3b, + 0xb3, 0x69, 0x75, 0x10, 0xaf, 0x5e, 0x72, 0x78, + 0xa2, 0xef, 0x63, 0x63, 0x21, 0xe7, 0xf4, 0xa7, + 0x9c, 0x50, 0x74, 0x14, 0x3e, 0xdd, 0x73, 0x9e, + 0x97, 0x65, 0xdd, 0xdf, 0x3c, 0x40, 0x4d, 0x03, + 0x49, 0xe4, 0xbf, 0x65, 0xe7, 0x44, 0x8f, 0x59, + 0x00, 0xe2, 0x98, 0xb5, 0x66, 0xa3, 0x3b, 0x11, + 0x9f, 0xc7, 0xc2, 0x16, 0x61, 0xf0, 0x1e, 0x89, + 0xc8, 0x96, 0x8d, 0x18, 0xac, 0x86, 0xa0, 0xe2, + 0xd9, 0x8c, 0xef, 0x53, 0x6d, 0x4e, 0x74, 0xc9, + 0x66, 0x28, 0x16, 0xf3, 0x62, 0xc4, 0x6f, 0x2b, + 0x6e, 0x36, 0x03, 0xad, 0xc5, 0xe4, 0x8f, 0x0b, + 0x90, 0x8c, 0x8f, 0xff, 0x5d, 0xdf, 0x7a, 0xe6, + 0xaf, 0x9a, 0x43, 0xbc, 0xd4, 0x73, 0x22, 0xdc, + 0x5f, 0x08, 0xa1, 0x17, 0x97, 0x89, 0x79, 0xf5, + 0xdc, 0xed, 0x4f, 0x85, 0x8e, 0x0c, 0x23, 0x35, + 0x3c, 0x34, 0x19, 0x65, 0xf5, 0xd6, 0xc9, 0x2d, + 0x7a, 0x2e, 0x67, 0xd5, 0xf1, 0x82, 0x97, 0xaa, + 0x05, 0x26, 0x84, 0x25, 0x47, 0x58, 0x2c, 0xe6, + 0x59, 0xc7, 0x98, 0x7a, 0xdb, 0x40, 0x45, 0x1c, + 0x71, 0x55, 0x2e, 0xea, 0x3f, 0x6e, 0x7c, 0x82, + 0x52, 0x6a, 0x19, 0x3a, 0xd3, 0xa1, 0x3c, 0xce, + 0x00, 0x06, 0xec, 0xed, 0x97, 0xce, 0xd8, 0xdf, + 0xde, 0xa3, 0xed, 0xe7, 0x81, 0x62, 0x02, 0x9c, + 0x1b, 0x51, 0xa1, 0xf4, 0x9d, 0x1b, 0x28, 0x76, + 0x93, 0x96, 0x20, 0x55, 0x60, 0x1f, 0xaf, 0x52, + 0xc3, 0xce, 0xb9, 0x12, 0x66, 0xf5, 0x64, 0x22, + 0x87, 0x86, 0x29, 0x80, 0x8f, 0x18, 0x33, 0xba, + 0x48, 0x71, 0x1d, 0x00, 0xfe, 0xa5, 0xfc, 0xc6, + 0x87, 0xbe, 0x44, 0x3c, 0xc9, 0x49, 0xfb, 0x68, + 0x3c, 0xdf, 0xca, 0xef, 0xa7, 0xdc, 0x67, 0xb8, + 0x28, 0xd6, 0xad, 0x18, 0xaf, 0xad, 0x1f, 0x4c, + 0x85, 0xa3, 0x64, 0xac, 0x3f, 0xa9, 0x39, 0x28, + 0xef, 0x8a, 0x45, 0x7e, 0xb0, 0xf4, 0x89, 0x72, + 0xf7, 0xb1, 0xef, 0x9d, 0x1c, 0x3c, 0x93, 0xcb, + 0xa0, 0xfb, 0x2a, 0x90, 0xe2, 0x1d, 0x49, 0x8e, + 0x36, 0xb8, 0x07, 0xf4, 0xb3, 0x09, 0xf0, 0x6f, + 0x3c, 0xd9, 0x37, 0x19, 0x57, 0xd4, 0x1e, 0x2a, + 0xa2, 0xa7, 0x2e, 0xc1, 0xcd, 0x8d, 0x48, 0x47, + 0xb5, 0x8a, 0x12, 0x93, 0x34, 0xb8, 0xec, 0x32, + 0x07, 0x49, 0xb6, 0x8d, 0x73, 0xd4, 0x2c, 0x6a, + 0xa0, 0x33, 0x29, 0x21, 0x5d, 0x37, 0xa9, 0x39, + 0x40, 0xbe, 0x71, 0x29, 0xbe, 0xd1, 0x4b, 0xbc, + 0x9a, 0x17, 0x93, 0x52, 0xb8, 0x81, 0xee, 0xc5, + 0xff, 0x25, 0x78, 0x2f, 0x52, 0x0a, 0x8f, 0xb2, + 0xef, 0xf3, 0x1d, 0x68, 0x56, 0x31, 0x29, 0x84, + 0x55, 0x47, 0x32, 0x34, 0x0f, 0x60, 0x07, 0xd6, + 0x2b, 0xb9, 0x29, 0xaf, 0x0f, 0xcd, 0x1c, 0xc0, + 0x77, 0x4c, 0xc6, 0x31, 0xdb, 0xf4, 0x17, 0xbe, + 0x3d, 0xf8, 0x8c, 0xf1, 0x02, 0x7c, 0x6b, 0xd4, + 0xaf, 0x03, 0xb2, 0xf4, 0x78, 0x8d, 0xd3, 0x4e, + 0x5c, 0x04, 0xb9, 0x01, 0xe3, 0x73, 0xb4, 0x67, + 0xe9, 0xa8, 0x77, 0x6f, 0x87, 0x2b, 0xe2, 0x00, + 0x98, 0x5f, 0x02, 0x43, 0x85, 0x03, 0x4c, 0x71, + 0xd2, 0xe7, 0x61, 0x03, 0x22, 0x9e, 0xe5, 0xc2, + 0xa7, 0x66, 0x42, 0x7c, 0x9f, 0xf4, 0xb8, 0x6b, + 0x2d, 0xe4, 0xaa, 0x51, 0xda, 0x08, 0x73, 0x75, + 0x26, 0x45, 0xdc, 0xa6, 0x20, 0xd7, 0xcb, 0x00, + 0xfc, 0xe4, 0xdb, 0x28, 0x92, 0xf8, 0xb0, 0xc7, + 0xf0, 0x4b, 0x6d, 0xe8, 0xc1, 0x84, 0x38, 0xed, + 0x1a, 0xd4, 0x66, 0x69, 0xc4, 0x96, 0x40, 0xc4, + 0x7d, 0xfa, 0x58, 0x70, 0x7e, 0x70, 0x40, 0xba, + 0xfc, 0x95, 0xb6, 0x4c, 0x7c, 0x58, 0xbc, 0xb3, + 0x59, 0x08, 0x14, 0x03, 0x35, 0xf3, 0xf1, 0xaa, + 0xd5, 0xa2, 0x57, 0x70, 0xb6, 0x20, 0x75, 0x0a, + 0x58, 0x66, 0x74, 0xf7, 0x1c, 0xfd, 0x99, 0x7c, + 0x20, 0xda, 0xe7, 0x76, 0xcb, 0xf4, 0xa3, 0x9b, + 0xbc, 0x8f, 0x74, 0xef, 0xe2, 0x46, 0x5a, 0x72, + 0x33, 0x06, 0x32, 0x1e, 0xbd, 0x4e, 0x4c, 0xf6, + 0x16, 0x43, 0xa5, 0xa5, 0xa5, 0x6c, 0x76, 0x33, + 0x35, 0x63, 0xdc, 0xe4, 0xec, 0x7f, 0x8a, 0xfa, + 0xc3, 0x53, 0x69, 0x28, 0xf7, 0xd6, 0x97, 0xb9, + 0x3a, 0xf4, 0x15, 0x90, 0x50, 0xd3, 0xdf, 0xf5, + 0xd3, 0xcf, 0x15, 0x76, 0xe3, 0x3d, 0x24, 0x14, + 0xfd, 0xd3, 0x01, 0x25, 0x82, 0xb4, 0xe3, 0xd8, + 0x68, 0x89, 0x86, 0xa8, 0x26, 0x02, 0x5f, 0xc6, + 0xf4, 0x99, 0x3b, 0x97, 0xa8, 0x65, 0xed, 0x18, + 0xbb, 0x3c, 0x43, 0x4a, 0x6e, 0xaa, 0xbc, 0x83, + 0x85, 0x19, 0x9f, 0x9b, 0xb8, 0xa4, 0xa3, 0xb2, + 0xb7, 0x56, 0x07, 0x6c, 0xbf, 0x7d, 0xff, 0x5d, + 0xb5, 0x1e, 0x83, 0xc8, 0x74, 0x70, 0x98, 0x17, + 0x40, 0xe0, 0x2d, 0xad, 0x31, 0x00, 0x8e, 0x42, + 0xd5, 0xb2, 0x25, 0xaa, 0x82, 0xaf, 0x33, 0xd8, + 0x5b, 0xe2, 0x07, 0xed, 0xda, 0x84, 0xe9, 0xa2, + 0xff, 0xbb, 0xa5, 0x47, 0x95, 0x6e, 0xa1, 0x8d, + 0x59, 0x52, 0xeb, 0xf3, 0x3c, 0x18, 0x29, 0x92, + 0x72, 0x27, 0x18, 0xfc, 0x95, 0xb9, 0xde, 0x46, + 0xda, 0xcc, 0x4c, 0x31, 0x1d, 0x78, 0x86, 0xd2, + 0x8c, 0x38, 0x9c, 0x32, 0xab, 0xf7, 0xca, 0x73, + 0x85, 0xa5, 0xf1, 0xe0, 0x25, 0x06, 0xf9, 0x18, + 0x14, 0xab, 0x3b, 0x73, 0x26, 0xee, 0xa0, 0xfd, + 0x15, 0xac, 0xd6, 0x4e, 0x6b, 0xdb, 0x01, 0xa1, + 0xdc, 0xd1, 0x2f, 0xd2, 0xb7, 0x5e, 0x12, 0x4f, + 0x4b, 0x59, 0xd8, 0x03, 0x12, 0x60, 0xc9, 0x81, + 0xb7, 0x06, 0x23, 0x09, 0xc4, 0xd9, 0xa8, 0x93, + 0x6e, 0x96, 0xf4, 0x93, 0x53, 0xf0, 0x3d, 0xde, + 0x10, 0x88, 0xb1, 0xd0, 0xcc, 0xad, 0x2c, 0xbf, + 0x88, 0x98, 0x8f, 0x25, 0x76, 0xd7, 0x65, 0x77, + 0xcc, 0x36, 0x1d, 0x1b, 0x6b, 0x60, 0x58, 0xc4, + 0xfe, 0xe6, 0xca, 0xa8, 0x29, 0x33, 0x69, 0x36, + 0xb8, 0x12, 0x95, 0x38, 0xd9, 0xd4, 0x16, 0xe9, + 0x3e, 0x40, 0x8c, 0xc7, 0xae, 0x04, 0x11, 0xdf, + 0x51, 0xd3, 0xdd, 0xbf, 0xa9, 0x41, 0x43, 0x4c, + 0xff, 0x87, 0x2f, 0xea, 0x0f, 0x13, 0x66, 0x2a, + 0x2b, 0x18, 0xe8, 0xc4, 0xff, 0xa0, 0x1c, 0x78, + 0x79, 0x21, 0xf8, 0xaa, 0x8a, 0xf8, 0x92, 0xdf, + 0x7b, 0x5f, 0x6a, 0x71, 0x60, 0x67, 0x5d, 0x94, + 0xf6, 0xbb, 0x1d, 0x90, 0x7c, 0x51, 0x70, 0x1d, + 0x87, 0xde, 0xf8, 0x91, 0xcb, 0x42, 0x9f, 0xc7, + 0x4b, 0xa0, 0x16, 0xee, 0xb4, 0x73, 0xe8, 0xe0, + 0x0b, 0xa5, 0xd3, 0x26, 0x9e, 0x52, 0xda, 0x4a, + 0x1f, 0xae, 0x76, 0xbf, 0xbb, 0x4d, 0x74, 0x98, + 0xa6, 0xae, 0xc0, 0x60, 0x96, 0xc5, 0xad, 0x9b, + 0x91, 0x31, 0xb9, 0x50, 0x3d, 0x9a, 0x0f, 0xe1, + 0x93, 0xef, 0x08, 0x72, 0xb2, 0x66, 0xe5, 0x5d, + 0xe4, 0x15, 0x53, 0x8e, 0xb0, 0xb3, 0xf8, 0x78, + 0xfc, 0x5d, 0x44, 0xc5, 0xbf, 0xf5, 0x01, 0x54, + 0xc5, 0x45, 0xa9, 0x30, 0xa4, 0xf1, 0x49, 0x79, + 0x4e, 0xab, 0xfc, 0xb2, 0x93, 0xe7, 0x3a, 0xe1, + 0x7f, 0x1f, 0x2f, 0x45, 0x3a, 0x53, 0x2b, 0x68, + 0xb3, 0xa4, 0xac, 0x23, 0x54, 0xb7, 0x5d, 0x25, + 0xa3, 0xe3, 0x90, 0x8a, 0xb0, 0x02, 0xfb, 0x7f, + 0x2d, 0xeb, 0x80, 0xc2, 0x5c, 0x62, 0xe1, 0x36, + 0x5a, 0x82, 0x8f, 0x4e, 0x74, 0xeb, 0x7d, 0x70, + 0xaf, 0x23, 0x92, 0x65, 0x3a, 0x11, 0xc0, 0x29, + 0xdb, 0xf7, 0x9a, 0xdc, 0x81, 0x45, 0x25, 0x0c, + 0x2e, 0x4f, 0x88, 0x41, 0x34, 0x53, 0xc6, 0x08, + 0x21, 0x77, 0xc1, 0xbb, 0x61, 0x48, 0x20, 0x69, + 0x1a, 0xbb, 0x71, 0x1b, 0x56, 0x18, 0x79, 0x75, + 0x16, 0x9a, 0xb3, 0x79, 0x31, 0x11, 0xa2, 0x89, + 0x8d, 0xea, 0x10, 0xb0, 0x04, 0x7f, 0xf8, 0x6e, + 0xdc, 0x08, 0x9b, 0x51, 0xa7, 0x64, 0xbd, 0x8d, + 0xd4, 0xd0, 0x1e, 0x38, 0x50, 0x1a, 0xa8, 0x7e, + 0x20, 0xae, 0xee, 0x8c, 0xa7, 0x72, 0x94, 0xc9, + 0xba, 0xf0, 0x67, 0xbd, 0x25, 0x1a, 0x3a, 0xdf, + 0x75, 0x39, 0xb7, 0xd3, 0x83, 0x3b, 0x89, 0xdf, + 0xb5, 0x2d, 0xd3, 0x12, 0x24, 0x21, 0x7c, 0x9e, + 0x92, 0x1c, 0x19, 0xae, 0x28, 0xcb, 0x2e, 0x2e, + 0x3c, 0xa9, 0x9b, 0xbd, 0xf9, 0x33, 0x30, 0xb2, + 0xbd, 0x8b, 0xbf, 0xc1, 0x8b, 0x32, 0xf1, 0x20, + 0xa1, 0x00, 0xfd, 0x11, 0x7d, 0x9a, 0xa8, 0x14, + 0x2c, 0xce, 0x16, 0x16, 0x4b, 0xdd, 0x56, 0x91, + 0x15, 0x36, 0x83, 0xcb, 0x01, 0x58, 0x35, 0xe1, + 0xdc, 0x22, 0x3d, 0xf8, 0xc2, 0x06, 0x54, 0x68, + 0x77, 0xd1, 0x47, 0x28, 0xdc, 0x09, 0x2a, 0x86, + 0x13, 0x80, 0xa6, 0xe9, 0xd0, 0xb4, 0xa3, 0x41, + 0x47, 0xf4, 0x71, 0x24, 0x10, 0x4c, 0x9f, 0xb7, + 0x57, 0x34, 0x48, 0x1b, 0xb4, 0xed, 0x0e, 0x89, + 0x4c, 0xf1, 0x73, 0x44, 0xff, 0x35, 0xb6, 0xe0, + 0x8f, 0x02, 0xa3, 0xa3, 0x81, 0x55, 0x38, 0xb5, + 0xc1, 0x99, 0xb3, 0x88, 0x84, 0x0d, 0xd9, 0x73, + 0x77, 0x65, 0x0b, 0xd7, 0xf8, 0x03, 0x88, 0xcb, + 0xdf, 0x25, 0xaf, 0xc6, 0xf1, 0xfa, 0x5c, 0x4d, + 0xfa, 0xc3, 0x7b, 0x8f, 0xb8, 0x38, 0x5d, 0x29, + 0xbb, 0x3d, 0x3e, 0x62, 0x1c, 0xdd, 0xe6, 0x97, + 0xe6, 0xe9, 0xbe, 0x6e, 0xd2, 0xb7, 0x7a, 0x9a, + 0x8e, 0xaf, 0xb3, 0xc8, 0x9e, 0x19, 0xee, 0x3d, + 0x5b, 0x1f, 0xec, 0x34, 0x3a, 0x1c, 0x27, 0x90, + 0xbd, 0x1e, 0x49, 0x72, 0x25, 0x2e, 0x38, 0x48, + 0x7d, 0xe1, 0x85, 0x46, 0xa7, 0x1b, 0x4a, 0xd5, + 0x23, 0x75, 0x6d, 0x8b, 0xc3, 0xf1, 0x87, 0xec, + 0x8b, 0x45, 0xf0, 0x9b, 0xb2, 0x14, 0x7a, 0x7c, + 0x8d, 0x78, 0x9c, 0x82, 0x64, 0x14, 0xfe, 0x01, + 0xfa, 0x04, 0x33, 0x96, 0xdd, 0x5f, 0x56, 0xbc, + 0xb2, 0x03, 0xe3, 0x0c, 0xa1, 0x09, 0x66, 0xa0, + 0x5e, 0x44, 0xde, 0x21, 0xae, 0x7d, 0x7a, 0x0e, + 0x81, 0x27, 0xd2, 0xfb, 0x85, 0xed, 0x27, 0x27, + 0xac, 0x11, 0x1c, 0xa1, 0x6d, 0xe9, 0xc1, 0xca, + 0xf6, 0x40, 0x7c, 0x95, 0x01, 0xb7, 0xa8, 0x29, + 0x9a, 0xd2, 0xcc, 0x62, 0x70, 0x1c, 0x7d, 0x0e, + 0xe5, 0x60, 0xcb, 0x79, 0xa3, 0xd7, 0x5d, 0x48, + 0x4b, 0x3c, 0xf8, 0x12, 0xe8, 0x7a, 0x7e, 0x83, + 0xab, 0x24, 0x33, 0x0f, 0x7b, 0x0a, 0x38, 0xae, + 0xb1, 0xfc, 0xc3, 0x50, 0x5c, 0x83, 0x53, 0xfd, + 0x15, 0xd6, 0x49, 0x54, 0xb6, 0x40, 0xe5, 0xe8, + 0x55, 0xba, 0x08, 0x2f, 0x21, 0xd7, 0x0e, 0x71, + 0x8a, 0xb2, 0xe1, 0x6b, 0xc6, 0x7e, 0x0f, 0x1c, + 0x4d, 0x41, 0x9f, 0x38, 0xc2, 0xce, 0x41, 0x41, + 0x48, 0xcd, 0xec, 0x16, 0x1d, 0x23, 0x8e, 0x41, + 0xcd, 0x5e, 0xf9, 0x5f, 0x01, 0x5e, 0x73, 0xa2, + 0xa1, 0xef, 0xe9, 0x57, 0xe0, 0xba, 0xe6, 0xbb, + 0x2b, 0xff, 0x3e, 0xb8, 0xad, 0xd5, 0x12, 0xc1, + 0x54, 0x49, 0xca, 0x93, 0xb0, 0x7d, 0x7b, 0xcf, + 0xf0, 0xc5, 0x94, 0x43, 0x30, 0x94, 0x11, 0x8d, + 0x15, 0x79, 0x2e, 0x57, 0xb8, 0x24, 0xcd, 0x2e, + 0xc2, 0x49, 0x3d, 0x92, 0x44, 0x23, 0x0c, 0x3e, + 0xa0, 0xf9, 0xa5, 0xad, 0x2a, 0x56, 0xec, 0xf4, + 0x6d, 0x0f, 0x5b, 0xb5, 0xd4, 0x2a, 0x3f, 0x2b, + 0x17, 0x9f, 0x5d, 0x33, 0x97, 0x42, 0xd4, 0x1e, + 0x14, 0x49, 0x01, 0xfb, 0xb6, 0x72, 0xbc, 0x14, + 0x5b, 0x79, 0xf4, 0x0a, 0xc5, 0x49, 0xe1, 0x76, + 0x44, 0x78, 0x87, 0xd1, 0x8e, 0x5b, 0xd5, 0x95, + 0xad, 0x19, 0x7c, 0x0d, 0x39, 0x7f, 0x41, 0x2e, + 0xd7, 0x9e, 0xbc, 0xfd, 0x2c, 0xde, 0xfa, 0x01, + 0x7d, 0x2b, 0x04, 0xef, 0x4d, 0xf9, 0xf4, 0x5b, + 0xed, 0x05, 0x9a, 0x50, 0x35, 0xe7, 0xb0, 0xba, + 0x24, 0xea, 0x16, 0x51, 0xe1, 0x6f, 0x32, 0x08, + 0x94, 0xd6, 0x19, 0x9d, 0x0e, 0x4c, 0xc1, 0xbb, + 0x01, 0x87, 0xa5, 0x90, 0x5f, 0x6f, 0xc4, 0xed, + 0xa1, 0x4c, 0x06, 0x4d, 0x2c, 0x47, 0x24, 0xda, + 0xae, 0xd2, 0x41, 0x92, 0x1f, 0x46, 0xce, 0xec, + 0xb1, 0xcc, 0x80, 0x1e, 0xb2, 0xcb, 0x66, 0x48, + 0x22, 0xec, 0x0e, 0x47, 0xfc, 0xad, 0x17, 0xfe, + 0x7b, 0xc5, 0x4d, 0x34, 0x95, 0x40, 0xd0, 0x02, + 0x7e, 0x90, 0xaa, 0x92, 0xaf, 0x48, 0x64, 0xc5, + 0xc1, 0x56, 0xd8, 0x9b, 0x6c, 0x5f, 0x2e, 0xfa, + 0xd7, 0x84, 0xdc, 0x71, 0x65, 0x1b, 0xfb, 0xbc, + 0x21, 0xc7, 0x57, 0xf4, 0x71, 0x2e, 0x6f, 0x34, + 0x85, 0x99, 0xa8, 0x5c, 0x6f, 0x34, 0x22, 0x44, + 0x89, 0x01, 0xf9, 0x48, 0xd2, 0xe2, 0xe4, 0x71, + 0x9d, 0x48, 0x07, 0x97, 0xd4, 0x66, 0xe4, 0x4d, + 0x48, 0xa3, 0x08, 0x7f, 0x6e, 0xaa, 0x7b, 0xe9, + 0x93, 0x81, 0x03, 0x0c, 0xd2, 0x48, 0xcf, 0x3f, + 0x5f, 0xbe, 0x03, 0xfb, 0x0f, 0xad, 0xc3, 0x81, + 0xd9, 0xce, 0x88, 0x0b, 0xfa, 0xed, 0x29, 0x7e, + 0x0b, 0xa1, 0x6f, 0x4c, 0x7d, 0xe4, 0x36, 0xff, + 0xdf, 0x94, 0x1a, 0x24, 0xb3, 0x7b, 0xca, 0x24, + 0x7e, 0x3a, 0x19, 0x53, 0x13, 0x4a, 0x17, 0x58, + 0xe7, 0x16, 0x9b, 0x50, 0xd8, 0xda, 0xcc, 0x6e, + 0x05, 0x25, 0xfe, 0x16, 0xcb, 0x5b, 0xd5, 0x35, + 0x76, 0x40, 0x44, 0x96, 0x23, 0x97, 0xe2, 0x4a, + 0x72, 0x0c, 0x54, 0x43, 0xc0, 0x09, 0x85, 0x8e, + 0x15, 0x85, 0xaf, 0x3c, 0x5e, 0x5f, 0x3c, 0x2d, + 0x21, 0x42, 0x75, 0xb7, 0xe4, 0x50, 0xf9, 0x00, + 0xa3, 0x4f, 0xb1, 0x7c, 0xfe, 0x62, 0xd0, 0xe9, + 0x6d, 0x51, 0xcc, 0x83, 0xc1, 0xdc, 0x37, 0x10, + 0x90, 0x0a, 0x15, 0xd8, 0xd5, 0x02, 0xf7, 0x74, + 0xb8, 0x46, 0x84, 0xc3, 0x61, 0x17, 0x26, 0x0f, + 0xe4, 0xde, 0x1a, 0xcf, 0x42, 0x53, 0x63, 0x2f, + 0x8d, 0xf7, 0x06, 0x07, 0xc3, 0x33, 0x39, 0x59, + 0xe9, 0x17, 0xc8, 0x05, 0xd2, 0xa2, 0xae, 0x53, + 0x2c, 0x7e, 0xd0, 0x9d, 0x5c, 0xb5, 0x42, 0x9f, + 0x84, 0xd7, 0xfe, 0x93, 0x74, 0xfb, 0xbb, 0xd2, + 0x1e, 0x57, 0x4e, 0x7f, 0x79, 0xaf, 0xd2, 0xf9, + 0x5e, 0x41, 0x9e, 0x63, 0x54, 0x61, 0x47, 0x0c, + 0x92, 0x4c, 0xc9, 0xfe, 0x4f, 0xcb, 0xe5, 0x8e, + 0x65, 0xb3, 0x97, 0x1b, 0xd8, 0xd1, 0x62, 0xfd +#else + 0x30, 0x82, 0x0a, 0x34, 0x30, 0x0d, 0x06, 0x0b, + 0x2b, 0x06, 0x01, 0x04, 0x01, 0x02, 0x82, 0x0b, + 0x0c, 0x08, 0x07, 0x03, 0x82, 0x0a, 0x21, 0x00, + 0x7f, 0x5f, 0x63, 0x81, 0x6f, 0x04, 0x4c, 0xec, + 0xa8, 0xaf, 0x7b, 0x99, 0x41, 0xc6, 0xff, 0xdf, + 0x77, 0x66, 0x28, 0xc0, 0xe2, 0x58, 0xea, 0x9c, + 0x60, 0xbb, 0x03, 0x3e, 0xca, 0xa8, 0x38, 0x64, + 0xfb, 0xf7, 0x1b, 0x3f, 0xec, 0xfd, 0x0f, 0xf1, + 0x9c, 0xe4, 0xfd, 0xad, 0x83, 0xf7, 0x03, 0x66, + 0x6e, 0x7f, 0x4d, 0x42, 0xab, 0x6b, 0x73, 0x26, + 0xde, 0x6f, 0x8c, 0xc4, 0xca, 0x21, 0x66, 0x31, + 0x79, 0x57, 0x88, 0xcb, 0x1e, 0xab, 0xda, 0x1d, + 0x56, 0x70, 0xd9, 0x83, 0xa1, 0xb4, 0x83, 0xce, + 0xcc, 0x0f, 0xeb, 0xd6, 0x63, 0xbd, 0xf6, 0x02, + 0x5d, 0x5b, 0x0c, 0x17, 0x3c, 0x3e, 0x15, 0x02, + 0x22, 0xa1, 0x5d, 0xb5, 0xc5, 0x81, 0x28, 0x95, + 0x0b, 0x34, 0x2b, 0x96, 0x0a, 0xae, 0x6a, 0xa8, + 0xb5, 0x1d, 0x56, 0xbb, 0x7d, 0x83, 0x9a, 0x15, + 0xad, 0x63, 0x9e, 0x86, 0x8c, 0x6e, 0x6a, 0xa8, + 0xde, 0x55, 0xd0, 0xce, 0xc0, 0x2e, 0x05, 0xfe, + 0x1f, 0x4d, 0xd7, 0x12, 0xa4, 0x5a, 0xe9, 0x04, + 0x0d, 0x20, 0x84, 0x90, 0xb9, 0xca, 0x64, 0xe4, + 0xad, 0x2e, 0x74, 0x4b, 0x1d, 0x2f, 0xcc, 0xac, + 0xd8, 0x1a, 0x5e, 0xb2, 0x78, 0xbe, 0x61, 0xf7, + 0x36, 0xa3, 0xd1, 0x93, 0x86, 0xb5, 0x15, 0xf1, + 0x74, 0xf8, 0x9f, 0x6d, 0x6a, 0x8f, 0x6d, 0x86, + 0x8b, 0x36, 0x61, 0x10, 0xc9, 0x1a, 0x31, 0x39, + 0x09, 0xe6, 0x15, 0xa0, 0xb1, 0xfa, 0x69, 0xd4, + 0xc2, 0xb2, 0x56, 0x4c, 0x06, 0x33, 0x13, 0xc4, + 0x78, 0x53, 0x16, 0xfc, 0x52, 0x99, 0xe6, 0x27, + 0xc9, 0x3b, 0x24, 0x5c, 0x3e, 0x85, 0x73, 0x76, + 0x61, 0xa3, 0x61, 0xf0, 0x95, 0xd5, 0xb2, 0xf5, + 0x21, 0xe7, 0x09, 0xc3, 0x0c, 0x5c, 0xb0, 0x36, + 0xce, 0x45, 0x68, 0x41, 0x45, 0xcb, 0x1c, 0x36, + 0x2f, 0x3a, 0x00, 0x07, 0x56, 0xbe, 0x61, 0xd2, + 0x77, 0x37, 0x63, 0xa4, 0xdb, 0xfa, 0xa9, 0x6b, + 0x37, 0x90, 0x35, 0xd1, 0x1e, 0x27, 0x5b, 0x3e, + 0xc0, 0x0a, 0x02, 0x64, 0xe4, 0x58, 0x49, 0xab, + 0x2d, 0xc1, 0x38, 0x29, 0x3d, 0x44, 0xf9, 0xac, + 0xb7, 0x65, 0xd1, 0x5f, 0xf8, 0xce, 0x52, 0x76, + 0x22, 0x15, 0x61, 0x02, 0x1f, 0xa7, 0xcd, 0xff, + 0xeb, 0xa6, 0x7f, 0x6b, 0xba, 0x75, 0xe3, 0x09, + 0x01, 0x06, 0x41, 0x20, 0x88, 0x75, 0x64, 0x6b, + 0x97, 0x38, 0x13, 0xab, 0x4c, 0x0a, 0xd4, 0x7e, + 0xd2, 0xfa, 0x78, 0xe8, 0x9f, 0x5d, 0xf9, 0x53, + 0x30, 0x17, 0xf1, 0x10, 0x9e, 0x4a, 0x32, 0x17, + 0x3a, 0x9b, 0xb9, 0x25, 0x8e, 0xeb, 0xd9, 0x41, + 0x01, 0xa2, 0xc6, 0x58, 0x4a, 0x9f, 0xc3, 0x73, + 0xfd, 0xe2, 0xe4, 0x2c, 0x92, 0xb4, 0xa2, 0x3d, + 0x0f, 0x1f, 0x37, 0x64, 0xf1, 0x17, 0x2a, 0x8c, + 0xc6, 0xb5, 0xb0, 0x69, 0x7d, 0xfe, 0x08, 0xe0, + 0x8e, 0xaa, 0xe0, 0x08, 0xd5, 0x28, 0x92, 0x51, + 0x73, 0x8a, 0x2f, 0x7a, 0x4a, 0xbf, 0x52, 0x8d, + 0x3e, 0x9b, 0x36, 0x6a, 0xfb, 0x19, 0xf0, 0xea, + 0xfe, 0x05, 0xbd, 0x2d, 0xa9, 0x58, 0x48, 0x02, + 0xa8, 0x20, 0x9e, 0xdc, 0x04, 0x57, 0xc2, 0x0c, + 0xae, 0xc1, 0x03, 0xe7, 0x17, 0x48, 0x80, 0x00, + 0x8d, 0x1b, 0xd0, 0xc5, 0xdc, 0x2a, 0x02, 0x6e, + 0x8e, 0x54, 0xf3, 0x79, 0x31, 0x02, 0x93, 0xc5, + 0xf2, 0x55, 0xea, 0x61, 0xd0, 0xb2, 0x8e, 0xc9, + 0x74, 0x17, 0x0d, 0x38, 0xf8, 0xab, 0xf4, 0x42, + 0xd4, 0xc2, 0xdc, 0xf7, 0x1b, 0xdb, 0x65, 0x36, + 0x9f, 0x56, 0xe2, 0xeb, 0xf7, 0xe5, 0x2d, 0x45, + 0xae, 0xc0, 0x95, 0xbc, 0xe4, 0x1f, 0x22, 0xdc, + 0x0f, 0x54, 0xed, 0x14, 0xb8, 0xf1, 0x2f, 0x5d, + 0xd1, 0x79, 0xa0, 0x81, 0x17, 0x71, 0xa1, 0xd6, + 0xf0, 0x88, 0x9c, 0x1c, 0xc7, 0x95, 0x07, 0xb0, + 0xea, 0xf7, 0xd3, 0xa2, 0x55, 0xfe, 0x85, 0x65, + 0x42, 0x06, 0xec, 0xd2, 0xbe, 0x03, 0x8f, 0x63, + 0x84, 0x4b, 0xb1, 0x47, 0x48, 0x20, 0x71, 0xd2, + 0xdf, 0xc9, 0x59, 0xb0, 0x24, 0x8a, 0x6e, 0xf9, + 0x4a, 0xa1, 0x7b, 0xed, 0x11, 0xb6, 0xf9, 0x9b, + 0xf7, 0x93, 0x0e, 0xcb, 0x7a, 0x32, 0x22, 0x23, + 0x4e, 0x86, 0xce, 0xad, 0x9d, 0x1b, 0x84, 0x57, + 0xaf, 0xa5, 0x04, 0x03, 0x0a, 0xc9, 0x04, 0x97, + 0xd0, 0xce, 0x8e, 0x2a, 0x9a, 0x00, 0x15, 0xeb, + 0xac, 0x96, 0x57, 0xde, 0xe6, 0xc1, 0x2d, 0xbd, + 0xfc, 0xd6, 0x95, 0x0f, 0x5f, 0x19, 0xac, 0xaf, + 0x6c, 0xd8, 0xa6, 0x1e, 0xd8, 0xdb, 0x14, 0xfd, + 0xba, 0x0f, 0xd0, 0x3f, 0x61, 0xe3, 0x76, 0xfc, + 0x47, 0x61, 0x07, 0x24, 0x49, 0x17, 0xca, 0x24, + 0x31, 0x16, 0x26, 0x4f, 0xdc, 0x2b, 0x39, 0xae, + 0x5f, 0xfa, 0x4f, 0x82, 0xef, 0xe1, 0x41, 0x8c, + 0x3e, 0x8e, 0xa7, 0x6c, 0xf2, 0x51, 0xf7, 0x85, + 0x35, 0x6c, 0xad, 0xea, 0x32, 0x35, 0xf3, 0xc0, + 0x14, 0x17, 0xe2, 0x98, 0x27, 0x36, 0x7e, 0x60, + 0x2f, 0x01, 0x60, 0x3e, 0x18, 0xf4, 0x4e, 0xe0, + 0xf5, 0x14, 0x21, 0x81, 0x05, 0x78, 0x1c, 0x5f, + 0x4e, 0x89, 0xbb, 0x23, 0x60, 0xb1, 0x8f, 0x07, + 0x53, 0x16, 0x6e, 0xfb, 0x86, 0x07, 0x90, 0xff, + 0xa6, 0x27, 0x60, 0xe6, 0x3e, 0x92, 0x2a, 0x3c, + 0xa3, 0x57, 0xec, 0x97, 0x23, 0xaf, 0xd2, 0x44, + 0xac, 0x09, 0x87, 0xb0, 0x54, 0xe9, 0x5b, 0x50, + 0x37, 0xfa, 0x12, 0xa4, 0xcb, 0x6f, 0xed, 0x9f, + 0x29, 0x73, 0xa7, 0x09, 0x29, 0x91, 0x93, 0x5c, + 0x54, 0xf4, 0x44, 0xc2, 0x04, 0x64, 0xfc, 0xd2, + 0xf2, 0x0a, 0x0b, 0x45, 0x1f, 0xc5, 0x18, 0xf0, + 0xff, 0x10, 0x1f, 0x3a, 0x97, 0xf8, 0xb1, 0x83, + 0x0e, 0x08, 0xe2, 0x55, 0x75, 0x6a, 0x45, 0x96, + 0xf8, 0x1b, 0xdc, 0xb6, 0x57, 0x83, 0x8c, 0x28, + 0xc0, 0x4a, 0x57, 0xc6, 0xfb, 0x27, 0x3d, 0xfa, + 0x5a, 0x0d, 0x69, 0x56, 0x23, 0x66, 0x02, 0x78, + 0xca, 0xf1, 0xfa, 0xcb, 0xc1, 0xf6, 0x92, 0x1c, + 0xa0, 0xe3, 0x09, 0x7d, 0x48, 0x5e, 0x86, 0xa0, + 0x82, 0xa8, 0xf1, 0x1e, 0xe1, 0xfe, 0xc6, 0x9d, + 0x4f, 0x2e, 0xf4, 0xfc, 0xc6, 0x48, 0x1d, 0xc1, + 0x2a, 0x6a, 0xb7, 0xea, 0x46, 0x89, 0x04, 0xe9, + 0xbd, 0xf1, 0xed, 0x16, 0x76, 0xd8, 0x4b, 0x42, + 0xd5, 0x43, 0xa4, 0xfb, 0x02, 0x01, 0x54, 0x00, + 0xaf, 0x55, 0x52, 0x27, 0xff, 0x00, 0xe2, 0xbb, + 0x4a, 0xf2, 0x69, 0xb4, 0x4e, 0x6c, 0x6b, 0xa3, + 0x96, 0x4f, 0xf4, 0x65, 0x90, 0x2d, 0xc8, 0x57, + 0x1f, 0xb2, 0xf0, 0x86, 0x7b, 0x93, 0x09, 0x49, + 0x31, 0xc4, 0xf4, 0x8f, 0xc8, 0x2d, 0xac, 0x1d, + 0xfc, 0xba, 0xa4, 0xa5, 0x41, 0x90, 0x76, 0x7d, + 0x9e, 0x47, 0xdc, 0x10, 0xe6, 0x0c, 0xf7, 0x0f, + 0xa4, 0xba, 0x4f, 0xe2, 0x46, 0x38, 0x4c, 0x28, + 0xa0, 0x57, 0xb5, 0x3c, 0xb3, 0x4b, 0x8f, 0x03, + 0x04, 0xff, 0xf6, 0xec, 0x60, 0x90, 0x62, 0xfe, + 0x74, 0x76, 0x48, 0xb3, 0xf4, 0x0a, 0x6a, 0x5a, + 0x5b, 0xad, 0xc8, 0x54, 0x62, 0x11, 0x52, 0xd9, + 0x84, 0x1a, 0x09, 0x4b, 0xca, 0x66, 0xaa, 0x3c, + 0x36, 0x08, 0x9d, 0x58, 0xd0, 0x4a, 0x3a, 0x8b, + 0x24, 0xe0, 0x80, 0x9f, 0xe3, 0x76, 0xb6, 0x07, + 0xb1, 0xbc, 0x00, 0x98, 0xb0, 0xc1, 0xe0, 0xf6, + 0x1f, 0x4d, 0xa8, 0xd1, 0x69, 0x44, 0x9c, 0x33, + 0xb0, 0x0f, 0x9c, 0xc9, 0x0c, 0x8c, 0xbc, 0x03, + 0x58, 0x81, 0x76, 0xab, 0x0d, 0xef, 0x25, 0x5a, + 0xf6, 0xab, 0x3b, 0xf1, 0x1f, 0x97, 0x12, 0x8e, + 0x7f, 0x28, 0x77, 0x26, 0x18, 0xc4, 0xc4, 0xda, + 0x2c, 0x43, 0x57, 0xd2, 0x1f, 0x67, 0x95, 0x40, + 0x2c, 0x94, 0x41, 0x69, 0x22, 0x8a, 0x24, 0xd9, + 0xc7, 0xfc, 0xea, 0x49, 0x83, 0x8f, 0x5d, 0x2e, + 0x9d, 0xac, 0x17, 0xb6, 0xe0, 0xc4, 0xe7, 0xe6, + 0xd5, 0xc2, 0x73, 0xa1, 0x8f, 0x33, 0x14, 0x02, + 0xae, 0x01, 0x9f, 0x6f, 0x40, 0x92, 0x4e, 0x03, + 0xc2, 0xa9, 0xf1, 0x36, 0x78, 0xe4, 0xde, 0x39, + 0x4d, 0x29, 0x2e, 0xc2, 0x00, 0x93, 0x79, 0xe4, + 0xb2, 0x29, 0x4b, 0x81, 0x5c, 0x06, 0x06, 0xbc, + 0xc1, 0x01, 0x1c, 0xa7, 0x08, 0xf7, 0x47, 0x1f, + 0x52, 0x4f, 0xdf, 0x94, 0x1e, 0xe6, 0x89, 0xe6, + 0x26, 0x71, 0x2e, 0xa2, 0xd2, 0xfe, 0x04, 0xf2, + 0x12, 0x4c, 0x06, 0x78, 0x34, 0xc0, 0xb9, 0x76, + 0x62, 0x3b, 0x72, 0x25, 0x8c, 0x0d, 0x73, 0x24, + 0xcf, 0x4b, 0x4c, 0x47, 0x20, 0x9d, 0x04, 0x7f, + 0x86, 0x2c, 0x45, 0xb8, 0xfe, 0xb2, 0xaa, 0x36, + 0xf8, 0xe0, 0x24, 0x25, 0x05, 0x23, 0x12, 0x16, + 0xbf, 0x64, 0x10, 0xdd, 0xe4, 0xc0, 0xb0, 0x85, + 0xa7, 0xd3, 0xd1, 0x18, 0x1b, 0x81, 0x6b, 0x94, + 0xfd, 0x07, 0x43, 0xdd, 0x12, 0x37, 0x78, 0x69, + 0xec, 0x8c, 0xd0, 0x41, 0x2c, 0x42, 0x94, 0x3e, + 0x9f, 0xe3, 0x49, 0xb3, 0xb8, 0x45, 0x0b, 0x1d, + 0xc1, 0x9b, 0x4d, 0x21, 0x85, 0x62, 0xea, 0xd1, + 0xc9, 0x12, 0x30, 0x8c, 0x4b, 0x63, 0xeb, 0x7d, + 0x02, 0x52, 0x15, 0xa1, 0x95, 0x48, 0x9f, 0xc2, + 0xce, 0xf3, 0x4b, 0xff, 0x5a, 0xb6, 0x8f, 0xce, + 0xcd, 0x42, 0x21, 0x40, 0x82, 0xad, 0x08, 0x99, + 0x4d, 0x24, 0x58, 0x25, 0xf3, 0x7e, 0x42, 0x86, + 0x06, 0x33, 0x1f, 0x53, 0xbb, 0x07, 0x33, 0xca, + 0xc0, 0x02, 0x18, 0x30, 0x3c, 0xc5, 0x67, 0x1c, + 0x32, 0x3f, 0x2d, 0x58, 0x4c, 0x24, 0x6e, 0x60, + 0x96, 0x1a, 0xf4, 0xd0, 0x55, 0xb8, 0x84, 0xf0, + 0xb9, 0x83, 0xbf, 0x3d, 0x37, 0xe4, 0xa6, 0x06, + 0x1c, 0xd1, 0xd7, 0x91, 0x24, 0xdc, 0x3f, 0xcc, + 0x71, 0xf3, 0x0c, 0x90, 0x2c, 0x1d, 0x2f, 0x90, + 0xc8, 0x3c, 0x6f, 0x2c, 0x5d, 0xad, 0x8c, 0xdf, + 0xbb, 0x0d, 0x2a, 0x7f, 0x4a, 0x34, 0x5a, 0xd9, + 0x83, 0xfd, 0x61, 0x36, 0xe0, 0x0a, 0xb3, 0xf6, + 0x69, 0xb1, 0xaf, 0x81, 0x22, 0xd6, 0x9e, 0x9a, + 0xf8, 0xa6, 0x24, 0x8e, 0x0c, 0xcb, 0x25, 0xc2, + 0xfc, 0xc5, 0x94, 0xbd, 0x23, 0x9c, 0xa9, 0xbd, + 0x76, 0x28, 0xa4, 0x55, 0x92, 0x7c, 0xe6, 0x76, + 0xf7, 0x30, 0xf8, 0x7d, 0xdc, 0x0a, 0x93, 0x9e, + 0x7c, 0x39, 0x0a, 0x70, 0xa0, 0xb2, 0x77, 0xe0, + 0x7a, 0x89, 0x50, 0xce, 0x75, 0xca, 0x2f, 0xa4, + 0x12, 0x0e, 0xcb, 0x75, 0x1f, 0x0a, 0x83, 0xe8, + 0x14, 0x80, 0xa7, 0xb0, 0xe8, 0x11, 0xca, 0x12, + 0x5e, 0xf7, 0x31, 0x65, 0xbd, 0x20, 0x3d, 0x8c, + 0xa6, 0x89, 0x83, 0x68, 0x66, 0x03, 0x28, 0x49, + 0x17, 0xc4, 0x3f, 0x43, 0x02, 0x9b, 0xf8, 0xed, + 0xae, 0x8e, 0x68, 0xbc, 0x8e, 0x39, 0xe7, 0x15, + 0x32, 0x45, 0x66, 0x2c, 0x1f, 0xce, 0x56, 0xc7, + 0xc0, 0x15, 0x52, 0x19, 0x40, 0xcf, 0x87, 0x20, + 0xcd, 0x3d, 0xec, 0x90, 0x8d, 0x04, 0x01, 0x31, + 0x0b, 0x74, 0x80, 0x6e, 0x61, 0xa7, 0xf3, 0x4c, + 0xb2, 0x16, 0x00, 0xd5, 0xdb, 0xcc, 0xbb, 0x2c, + 0x9f, 0xb6, 0x02, 0x4a, 0xcf, 0x71, 0x06, 0xfd, + 0x60, 0xe0, 0x00, 0xbe, 0x22, 0xba, 0x39, 0x36, + 0xa8, 0x7e, 0xe5, 0xcb, 0xea, 0x87, 0xb1, 0xee, + 0xa2, 0x6c, 0x85, 0x94, 0x18, 0x6c, 0xab, 0x9a, + 0x93, 0xa7, 0xab, 0x4e, 0x3b, 0x85, 0xf3, 0xef, + 0x8f, 0x15, 0x74, 0x21, 0x9f, 0x5d, 0x9c, 0x22, + 0x32, 0x71, 0xb5, 0x4d, 0x7f, 0xaa, 0x85, 0xe0, + 0x05, 0x2a, 0x53, 0xbb, 0x3c, 0xab, 0xc3, 0xd2, + 0x73, 0x6e, 0x97, 0xa3, 0xfd, 0x05, 0x58, 0xaa, + 0x49, 0xc8, 0x69, 0xa9, 0x0b, 0x73, 0xd4, 0xe9, + 0x1d, 0x84, 0x60, 0x34, 0x2a, 0x09, 0xb3, 0x0f, + 0x08, 0x13, 0x67, 0x77, 0xb3, 0x24, 0xdf, 0xad, + 0xbf, 0x51, 0x71, 0x2b, 0xbe, 0x4f, 0x5d, 0xf4, + 0xe7, 0x25, 0x4c, 0x24, 0xa2, 0x4a, 0x22, 0xec, + 0xcc, 0x7c, 0x6c, 0x62, 0xee, 0x47, 0x12, 0x43, + 0x88, 0xe4, 0x71, 0xaa, 0x63, 0xaa, 0x2b, 0xed, + 0x70, 0xbf, 0x26, 0x37, 0xcc, 0xa4, 0xff, 0xe9, + 0xb6, 0x65, 0x31, 0x4d, 0x0d, 0x32, 0xd6, 0x84, + 0xb8, 0xab, 0x98, 0xa7, 0x10, 0x44, 0x77, 0xc7, + 0x2a, 0x60, 0xf0, 0xf5, 0xd5, 0xd4, 0x3a, 0x73, + 0x11, 0xa5, 0x1b, 0x18, 0x3c, 0x13, 0xfb, 0xda, + 0x76, 0x9d, 0xeb, 0x3e, 0xb9, 0x7a, 0xce, 0x02, + 0xa7, 0x5e, 0x25, 0x96, 0xd2, 0xbc, 0x85, 0x1a, + 0xd1, 0xa4, 0xe2, 0x02, 0x15, 0x08, 0x49, 0x16, + 0x7c, 0xaf, 0xc6, 0x38, 0x7b, 0x95, 0xf9, 0x37, + 0xc0, 0x87, 0x73, 0x6f, 0x01, 0xcd, 0x2b, 0xf1, + 0xe7, 0x6e, 0x47, 0x18, 0x30, 0xb8, 0x16, 0x87, + 0x1d, 0x23, 0x62, 0x22, 0x85, 0x92, 0x69, 0x46, + 0x9c, 0x65, 0xd8, 0xf1, 0x27, 0x32, 0xe4, 0x16, + 0x7f, 0x9a, 0xba, 0x46, 0x61, 0x60, 0x34, 0xe5, + 0xc0, 0x14, 0xb5, 0xde, 0x4d, 0xd1, 0x71, 0x39, + 0x26, 0xdc, 0x0c, 0x0a, 0x53, 0x9e, 0x31, 0x10, + 0x45, 0x7a, 0xf9, 0xc8, 0xfa, 0x1d, 0x69, 0x5e, + 0x25, 0xc1, 0xe2, 0x00, 0xbf, 0x94, 0xa3, 0xa2, + 0x97, 0xca, 0xb4, 0x6a, 0x89, 0x68, 0xdd, 0xed, + 0x6b, 0x99, 0x5a, 0x87, 0x9e, 0xe9, 0x68, 0xe4, + 0xf2, 0xc2, 0x7e, 0x37, 0x02, 0xdf, 0x96, 0x1a, + 0x5b, 0xed, 0xa1, 0xe8, 0xdf, 0x3c, 0xf7, 0xd2, + 0x25, 0xac, 0xf7, 0x4a, 0x7f, 0x10, 0x27, 0x2b, + 0x02, 0xc7, 0x95, 0x10, 0x5a, 0xb5, 0xb0, 0xcd, + 0xa9, 0xe1, 0x36, 0xe2, 0x1c, 0x87, 0x99, 0x0e, + 0x0a, 0x44, 0xec, 0x97, 0x75, 0xa7, 0x03, 0x27, + 0x38, 0x3b, 0x16, 0x30, 0x00, 0x98, 0xbe, 0x77, + 0xfe, 0x3a, 0xac, 0x6f, 0x8f, 0x4d, 0xe1, 0xa9, + 0x9c, 0xba, 0x39, 0x52, 0xe8, 0xf7, 0xe4, 0xe6, + 0xf9, 0xe9, 0xb3, 0x57, 0x82, 0xb2, 0x23, 0xd6, + 0xa5, 0x14, 0xc0, 0x78, 0xb4, 0xa0, 0xf9, 0x96, + 0xe4, 0x03, 0xe8, 0x6c, 0x27, 0xd8, 0x37, 0x7c, + 0x8f, 0xf4, 0x80, 0x09, 0x09, 0xc9, 0x32, 0x15, + 0xe0, 0x3f, 0x37, 0xa7, 0x1a, 0x5f, 0x8c, 0xfb, + 0xdd, 0xfe, 0x6b, 0x34, 0x28, 0x53, 0x03, 0x4b, + 0x39, 0x91, 0xf2, 0x48, 0x4c, 0x2a, 0x45, 0xfe, + 0x66, 0xf7, 0x23, 0x74, 0xb8, 0x30, 0x70, 0xb4, + 0x0c, 0x2c, 0x65, 0xb1, 0x4e, 0x32, 0x0f, 0x50, + 0xbb, 0x46, 0x9b, 0x03, 0x34, 0x38, 0xfb, 0xe4, + 0x25, 0x37, 0x8d, 0x0f, 0xa1, 0x41, 0x50, 0x85, + 0x92, 0x07, 0x71, 0xff, 0x3c, 0xe6, 0xd9, 0x1d, + 0x55, 0xb7, 0x10, 0x9c, 0xea, 0x70, 0x5f, 0xa3, + 0xba, 0x84, 0x99, 0x91, 0x30, 0x3d, 0x4c, 0x98, + 0x0b, 0x1f, 0x1f, 0xcc, 0x17, 0x94, 0xdd, 0x78, + 0x7d, 0x50, 0xe5, 0xf5, 0x21, 0x88, 0x5a, 0x52, + 0x76, 0x5a, 0x97, 0xbe, 0xba, 0xa9, 0xfe, 0x82, + 0x8a, 0xb5, 0x46, 0xcf, 0x9c, 0xbe, 0xe8, 0x2f, + 0x01, 0x2f, 0x6a, 0x03, 0x8a, 0xfa, 0x4b, 0x0b, + 0xdc, 0x78, 0x79, 0x9c, 0x49, 0xc4, 0x01, 0x26, + 0x16, 0x58, 0xc6, 0xb8, 0xee, 0x6c, 0xc9, 0xa9, + 0x38, 0x7c, 0xcf, 0xf3, 0xf8, 0xd0, 0x6b, 0x99, + 0x43, 0x13, 0xe0, 0x43, 0x8e, 0xfb, 0xb2, 0xdb, + 0x61, 0x67, 0xf4, 0xfc, 0x01, 0x21, 0xd9, 0xb1, + 0x1e, 0x6c, 0x6f, 0x2a, 0x9a, 0x4b, 0x86, 0x3c, + 0x62, 0x03, 0x53, 0x83, 0x11, 0x18, 0x1a, 0x59, + 0x9e, 0x25, 0xfe, 0xdb, 0x85, 0xd0, 0xee, 0x7c, + 0x97, 0x72, 0xca, 0xf3, 0x0d, 0xd4, 0x19, 0x66, + 0x14, 0xaf, 0x46, 0x68, 0x75, 0xdb, 0x8f, 0x5f, + 0x77, 0x7f, 0xfe, 0xa9, 0xe6, 0xa1, 0x9e, 0x46, + 0x5e, 0x92, 0xda, 0xea, 0xdd, 0x89, 0x01, 0xd9, + 0xab, 0x25, 0x7d, 0xb4, 0x64, 0x50, 0x8f, 0xa3, + 0xbe, 0xe2, 0x03, 0xd5, 0xc6, 0x9c, 0xc2, 0xf8, + 0xac, 0xa4, 0x36, 0xa9, 0x37, 0x10, 0x59, 0x00, + 0x45, 0xbb, 0x55, 0x33, 0xb9, 0x6f, 0xbc, 0xa2, + 0x02, 0x9e, 0xa3, 0x1d, 0xf4, 0x17, 0x78, 0x9b, + 0xbc, 0x42, 0x4e, 0x21, 0xc3, 0xde, 0xb5, 0x70, + 0x4a, 0x23, 0x1e, 0xd4, 0x36, 0x5d, 0x7a, 0x08, + 0x37, 0x55, 0x98, 0x07, 0xa0, 0x16, 0xa3, 0x4e, + 0xa1, 0x2b, 0x96, 0x8b, 0x51, 0x63, 0x48, 0xab, + 0xc9, 0x19, 0x6f, 0x5f, 0x25, 0x9d, 0xe7, 0x25, + 0x63, 0xf0, 0x8e, 0xdb, 0x06, 0x2d, 0x42, 0x31, + 0xfd, 0x14, 0x2b, 0x7a, 0x31, 0x43, 0x04, 0xd5, + 0xe2, 0x89, 0x2e, 0xa8, 0xe4, 0x6e, 0xd5, 0xa5, + 0x21, 0x67, 0x9b, 0x92, 0x61, 0x79, 0xdd, 0xe5, + 0x44, 0x43, 0x45, 0x57, 0x13, 0xec, 0x04, 0xc1, + 0x41, 0xa3, 0x14, 0x70, 0x86, 0xda, 0x76, 0x5d, + 0xe8, 0x61, 0xd2, 0xfb, 0x7b, 0xe4, 0x71, 0x46, + 0xa3, 0x52, 0xbf, 0xf2, 0xa0, 0x3c, 0xc1, 0x90, + 0x0c, 0x2e, 0xeb, 0xb3, 0x38, 0xae, 0x13, 0x27, + 0x84, 0xe9, 0x7a, 0xd6, 0x02, 0x40, 0x84, 0xff, + 0x87, 0x1f, 0x37, 0x44, 0xd8, 0x2e, 0x93, 0xf7, + 0x0a, 0xff, 0x5b, 0x4d, 0x07, 0x82, 0xfd, 0x6e, + 0x44, 0xcc, 0x19, 0xc3, 0x7d, 0x7c, 0x31, 0xf9, + 0x0e, 0xa8, 0x1c, 0x0d, 0xcb, 0x8e, 0xe8, 0x33, + 0xb2, 0xff, 0x9e, 0x1d, 0x99, 0x7c, 0x46, 0x5b, + 0xc7, 0x28, 0xec, 0x01, 0x62, 0x82, 0xfe, 0x2a, + 0x22, 0xa3, 0x86, 0x4e, 0x47, 0xe2, 0x57, 0xf1, + 0xb4, 0x58, 0x94, 0x89, 0xe5, 0xf1, 0xcd, 0x4d, + 0x90, 0xd1, 0xa4, 0x4c, 0x34, 0x5d, 0xde, 0xdc, + 0x39, 0x63, 0x8b, 0x85, 0xfd, 0x02, 0x21, 0xf1, + 0x12, 0xa3, 0x6d, 0x65, 0x0f, 0x8d, 0xe5, 0xcd, + 0x70, 0xd5, 0x1d, 0xf8, 0x65, 0x99, 0xfb, 0xe8, + 0xb5, 0x5a, 0x09, 0x39, 0x9e, 0x09, 0x45, 0x62, + 0x22, 0x1d, 0xa2, 0x46, 0xbf, 0x75, 0x20, 0xd1, + 0xe7, 0xb0, 0x06, 0x68, 0xc3, 0x50, 0x48, 0xfc, + 0xf8, 0x5c, 0x67, 0x69, 0x68, 0x66, 0xb6, 0x81, + 0x95, 0x91, 0x81, 0x3d, 0xf6, 0x34, 0xd9, 0x4b, + 0x06, 0x35, 0x17, 0x59, 0x89, 0x18, 0x74, 0x32, + 0x50, 0xcf, 0x81, 0x16, 0x8e, 0x53, 0x9d, 0x1c, + 0xad, 0x2d, 0x8e, 0x16, 0x41, 0xda, 0xca, 0xab, + 0x78, 0x0d, 0xc9, 0x49, 0x61, 0xaa, 0x18, 0xf4, + 0x56, 0x48, 0x29, 0x8c, 0xe3, 0x9a, 0x7d, 0x58, + 0xf8, 0x99, 0x72, 0xf1, 0x78, 0xa8, 0x5a, 0x97, + 0xe3, 0x2a, 0xc6, 0xa9, 0x59, 0xde, 0xcc, 0x62, + 0xfb, 0xab, 0xc5, 0x9a, 0x0b, 0xc7, 0x16, 0x8f, + 0x18, 0x20, 0x6e, 0x01, 0x7e, 0x04, 0xef, 0x72, + 0x83, 0x61, 0xb8, 0x1a, 0x77, 0x0f, 0xd1, 0xa9, + 0x75, 0xe0, 0x4a, 0x11, 0x69, 0x9d, 0xb6, 0xc9, + 0x2e, 0xd3, 0xbf, 0xe2, 0x5b, 0x24, 0x77, 0x30, + 0x85, 0x91, 0xef, 0xa8, 0x93, 0x4e, 0xad, 0x99, + 0xad, 0xcb, 0x6d, 0x9d, 0x8f, 0xd8, 0x0f, 0xe5, + 0x41, 0xd9, 0x9e, 0x0b, 0xce, 0x33, 0xd9, 0xbb, + 0x87, 0x66, 0x2c, 0xa3, 0x0b, 0x68, 0x1b, 0xb0, + 0x71, 0x30, 0xfa, 0x15, 0x2e, 0xe8, 0xc1, 0x99, + 0x71, 0x01, 0xcc, 0xdb, 0x6f, 0x9f, 0x8a, 0xfd, + 0xb4, 0x0f, 0x35, 0xa1, 0x36, 0xf4, 0x3a, 0xc4, + 0x17, 0x77, 0x43, 0x60, 0x10, 0x18, 0xb4, 0xc2, + 0xe5, 0xc0, 0x64, 0xd8, 0x38, 0x7c, 0x05, 0x9a, + 0xfb, 0x2b, 0xb3, 0x9b, 0x9e, 0x34, 0x6b, 0x4b, + 0xc8, 0x3b, 0x77, 0xe0, 0x6f, 0x08, 0xa1, 0x7b, + 0x66, 0x69, 0x2f, 0xdb, 0x34, 0x9e, 0x98, 0x90, + 0x5b, 0x4d, 0x7b, 0xa2, 0x32, 0x8e, 0x64, 0xe6, + 0x0d, 0x75, 0xc9, 0x96, 0xe3, 0x57, 0xba, 0xad, + 0x3e, 0x3b, 0x23, 0xfb, 0x9e, 0x7f, 0xc0, 0x3c, + 0xd5, 0x41, 0x9c, 0xfb, 0xbc, 0xb3, 0x52, 0x49 +#endif +}; +#endif +#endif + +int test_wc_dilithium_public_der_decode(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) + dilithium_key* key; + word32 idx = 0; + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + + ExpectIntEQ(wc_dilithium_init(key), 0); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); +#endif + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(ml_dsa_public_der, &idx, key, + (word32)sizeof(ml_dsa_public_der)), 0); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + idx = 0; +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0); +#endif + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(dilithium_public_der, &idx, key, + (word32)sizeof(dilithium_public_der)), 0); +#endif + + wc_dilithium_free(key); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +int test_wc_dilithium_der(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) +#define DILITHIUM_MAX_DER_SIZE 8192 + dilithium_key* key; + WC_RNG rng; + byte* der = NULL; + int len; + int pubLen; + int pubDerLen; + int privDerLen; + int keyDerLen; + word32 idx = 0; + +#ifndef WOLFSSL_NO_ML_DSA_44 + pubLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE; + pubDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + 22; + privDerLen = DILITHIUM_LEVEL2_KEY_SIZE + 28; + keyDerLen = DILITHIUM_LEVEL2_PUB_KEY_SIZE + DILITHIUM_LEVEL2_KEY_SIZE + 32; +#elif !defined(WOLFSSL_NO_ML_DSA_65) + pubLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE; + pubDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + 22; + privDerLen = DILITHIUM_LEVEL3_KEY_SIZE + 28; + keyDerLen = DILITHIUM_LEVEL3_PUB_KEY_SIZE + DILITHIUM_LEVEL3_KEY_SIZE + 32; +#else + pubLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE; + pubDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + 22; + privDerLen = DILITHIUM_LEVEL5_KEY_SIZE + 28; + keyDerLen = DILITHIUM_LEVEL5_PUB_KEY_SIZE + DILITHIUM_LEVEL5_KEY_SIZE + 32; +#endif + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + der = (byte*)XMALLOC(DILITHIUM_MAX_DER_SIZE, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(der); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + if (der != NULL) { + XMEMSET(der, 0, sizeof(*der)); + } + XMEMSET(&rng, 0, sizeof(WC_RNG)); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_dilithium_init(key), 0); + + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE, + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* When security level is not set, we attempt to parse it from DER. Since + * the supplied DER is invalid, this should fail with ASN parsing error */ + idx = 0; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#else + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, pubDerLen), + WC_NO_ERR_TRACE(ASN_PARSE_E)); +#endif + idx = 0; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen), + WC_NO_ERR_TRACE(ASN_PARSE_E)); +#else + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, privDerLen), + WC_NO_ERR_TRACE(ASN_PARSE_E)); +#endif + +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); +#elif !defined(WOLFSSL_NO_ML_DSA_65) + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); +#else + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); +#endif + + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE, + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key, der, DILITHIUM_MAX_DER_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_dilithium_make_key(key, &rng), 0); + + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, NULL, 0 , + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, der , 0 , + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, NULL, DILITHIUM_MAX_DER_SIZE, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(NULL, der , DILITHIUM_MAX_DER_SIZE, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , der , 0 , + 0), WC_NO_ERR_TRACE(BUFFER_E)); + /* Get length only. */ + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, 0 , + 0), pubLen); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE, + 0), pubLen); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, 0 , + 1), pubDerLen); + ExpectIntEQ(wc_Dilithium_PublicKeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE, + 1), pubDerLen); + + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL, + 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntGT(wc_Dilithium_PrivateKeyToDer(key , NULL, + 0 ), 0); + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der , + 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, NULL, + DILITHIUM_MAX_DER_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(NULL, der , + DILITHIUM_MAX_DER_SIZE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , der , + 0 ), WC_NO_ERR_TRACE(BUFFER_E)); + /* Get length only. */ + ExpectIntEQ(wc_Dilithium_PrivateKeyToDer(key , NULL, + DILITHIUM_MAX_DER_SIZE), privDerLen); + + ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, 0 ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntGT(wc_Dilithium_KeyToDer(key , NULL, 0 ), + 0 ); + ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , 0 ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, NULL, DILITHIUM_MAX_DER_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_KeyToDer(NULL, der , DILITHIUM_MAX_DER_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_KeyToDer(key , der , 0 ), + WC_NO_ERR_TRACE(BUFFER_E)); + /* Get length only. */ + ExpectIntEQ(wc_Dilithium_KeyToDer(key , NULL, DILITHIUM_MAX_DER_SIZE), + keyDerLen); + + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, NULL, 0 ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , NULL, NULL, 0 ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, &idx, NULL, 0 ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, key , 0 ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, NULL, NULL, pubDerLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(NULL, &idx, key , pubDerLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , NULL, key , pubDerLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , &idx, NULL, pubDerLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der , &idx, key , 0 ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, NULL, 0 ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , NULL, NULL, 0 ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, &idx, NULL, 0 ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, key , 0 ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, NULL, NULL, privDerLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(NULL, &idx, key , privDerLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , NULL, key , privDerLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , &idx, NULL, privDerLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der , &idx, key , 0 ), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der, + DILITHIUM_MAX_DER_SIZE, 0), pubLen); + ExpectIntEQ(wc_dilithium_import_public(der, len, key), 0); + + ExpectIntEQ(len = wc_Dilithium_PublicKeyToDer(key, der, + DILITHIUM_MAX_DER_SIZE, 1), pubDerLen); + idx = 0; + ExpectIntEQ(wc_Dilithium_PublicKeyDecode(der, &idx, key, len), 0); + + ExpectIntEQ(len = wc_Dilithium_PrivateKeyToDer(key, der, + DILITHIUM_MAX_DER_SIZE), privDerLen); + idx = 0; + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, len), 0); + + ExpectIntEQ(len = wc_Dilithium_KeyToDer(key, der, DILITHIUM_MAX_DER_SIZE), + keyDerLen); + idx = 0; + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &idx, key, len), 0); + + + wc_dilithium_free(key); + wc_FreeRng(&rng); + + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +int test_wc_dilithium_make_key_from_seed(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) + dilithium_key* key; +#ifndef WOLFSSL_NO_ML_DSA_44 + static const byte seed_44[] = { + 0x93, 0xEF, 0x2E, 0x6E, 0xF1, 0xFB, 0x08, 0x99, + 0x9D, 0x14, 0x2A, 0xBE, 0x02, 0x95, 0x48, 0x23, + 0x70, 0xD3, 0xF4, 0x3B, 0xDB, 0x25, 0x4A, 0x78, + 0xE2, 0xB0, 0xD5, 0x16, 0x8E, 0xCA, 0x06, 0x5F + }; + static const byte pk_44[] = { + 0xBC, 0x5F, 0xF8, 0x10, 0xEB, 0x08, 0x90, 0x48, + 0xB8, 0xAB, 0x30, 0x20, 0xA7, 0xBD, 0x3B, 0x16, + 0xC0, 0xE0, 0xCA, 0x3D, 0x6B, 0x97, 0xE4, 0x64, + 0x6C, 0x2C, 0xCA, 0xE0, 0xBB, 0xF1, 0x9E, 0xF7, + 0x23, 0x0A, 0x19, 0xD7, 0x5A, 0xDB, 0xDE, 0xD5, + 0x2D, 0xB8, 0x55, 0xE2, 0x52, 0xA7, 0x19, 0xFC, + 0xBD, 0x14, 0x7B, 0xA6, 0x7B, 0x2F, 0xAD, 0x14, + 0xED, 0x0E, 0x68, 0xFD, 0xFE, 0x8C, 0x65, 0xBA, + 0xDE, 0xAC, 0xB0, 0x91, 0x11, 0x93, 0xAD, 0xFA, + 0x87, 0x94, 0xD7, 0x8F, 0x8E, 0x3D, 0x66, 0x2A, + 0x1C, 0x49, 0xDA, 0x81, 0x9F, 0xD9, 0x59, 0xE7, + 0xF0, 0x78, 0xF2, 0x03, 0xC4, 0x56, 0xF8, 0xB6, + 0xE7, 0xC9, 0x41, 0x58, 0x98, 0xE5, 0x41, 0xC7, + 0x30, 0x32, 0xDB, 0xD6, 0x19, 0xEA, 0xF6, 0x0F, + 0x8D, 0x64, 0xF8, 0x68, 0x3D, 0xA9, 0x9E, 0xCA, + 0x51, 0x22, 0x0B, 0x0A, 0xCA, 0x28, 0x46, 0x40, + 0x99, 0xF5, 0x47, 0xC0, 0x27, 0x77, 0xBD, 0x37, + 0xD8, 0x4A, 0x59, 0xBD, 0x37, 0xED, 0x7A, 0x8A, + 0x92, 0x63, 0x3C, 0x75, 0xD0, 0x7C, 0x79, 0x3F, + 0xE7, 0x25, 0x2B, 0x58, 0x4A, 0xBF, 0x6A, 0x15, + 0xEE, 0x14, 0x50, 0x7E, 0x5E, 0x19, 0x3F, 0x89, + 0x86, 0x4D, 0x09, 0xAC, 0x87, 0x27, 0xA6, 0xD0, + 0x42, 0x1F, 0x0C, 0x19, 0xF0, 0xE2, 0xFB, 0xFC, + 0x21, 0x3D, 0x3F, 0xBD, 0x70, 0xF4, 0xF9, 0x76, + 0x2C, 0xEC, 0xFF, 0x23, 0x1E, 0x9C, 0x8A, 0x76, + 0x28, 0xD3, 0xF8, 0xB0, 0x85, 0x7B, 0x03, 0x2D, + 0x32, 0xDE, 0x62, 0xFF, 0x8E, 0xCB, 0xF4, 0x00, + 0x82, 0x89, 0xBF, 0x34, 0x40, 0x36, 0x65, 0xF8, + 0x1A, 0x08, 0x1A, 0xD5, 0xA8, 0x5A, 0x28, 0x2F, + 0x99, 0xBA, 0xB9, 0xE5, 0x38, 0x5A, 0xFB, 0xCC, + 0xCF, 0x44, 0xB7, 0x4C, 0x01, 0x96, 0xC7, 0x54, + 0x55, 0x27, 0xEC, 0x30, 0x26, 0xDA, 0x12, 0x80, + 0xC4, 0xEB, 0x37, 0xD0, 0x9C, 0xFE, 0x3E, 0xC4, + 0xB4, 0x91, 0x0B, 0x62, 0xEB, 0x98, 0x15, 0xA4, + 0x25, 0xC6, 0x59, 0x0F, 0xC4, 0xAD, 0x3F, 0xBB, + 0x22, 0x57, 0x52, 0xCC, 0x1F, 0xC5, 0x69, 0x3F, + 0x18, 0x7E, 0x7D, 0xEC, 0x4E, 0xEF, 0xBE, 0xB6, + 0xB9, 0x1B, 0xD9, 0x1C, 0x5E, 0x2E, 0xA6, 0xA9, + 0x1D, 0x14, 0xD0, 0x97, 0xBE, 0x20, 0x3F, 0xBA, + 0x0B, 0xF9, 0x37, 0xC9, 0x75, 0x07, 0xDC, 0x00, + 0x7C, 0x4C, 0xAA, 0x9B, 0x07, 0x85, 0x89, 0x29, + 0x66, 0xFF, 0x15, 0x90, 0x09, 0x24, 0xE5, 0x79, + 0xD4, 0xFB, 0xA0, 0x2B, 0xDA, 0x87, 0x55, 0x5F, + 0x07, 0x3D, 0xAE, 0x00, 0x51, 0x3E, 0x70, 0x80, + 0x9A, 0xBB, 0xC7, 0x11, 0xFB, 0xA2, 0xE7, 0x64, + 0x95, 0x77, 0xC4, 0x2A, 0xFD, 0xC2, 0x4B, 0xF7, + 0x41, 0x3E, 0x51, 0x26, 0x8A, 0xD6, 0xDB, 0x61, + 0x13, 0xB7, 0xD9, 0x19, 0x1A, 0xF9, 0xD0, 0x61, + 0xDB, 0xDE, 0xD5, 0xD6, 0x30, 0x87, 0x76, 0x50, + 0xC1, 0x24, 0xF1, 0x1B, 0xC4, 0xBD, 0xC3, 0xFD, + 0xC6, 0xA9, 0x00, 0xF6, 0x31, 0x26, 0xF9, 0x21, + 0xE8, 0x38, 0xAD, 0x0C, 0x22, 0x75, 0xA3, 0x38, + 0x9A, 0x39, 0xBD, 0x99, 0xA1, 0x34, 0x50, 0x45, + 0x50, 0x10, 0x1C, 0xD3, 0xE9, 0x5E, 0x6D, 0x14, + 0x96, 0xBE, 0x7D, 0xE6, 0x62, 0x7D, 0xF4, 0xFD, + 0x6C, 0x28, 0xBB, 0xF4, 0x0B, 0x30, 0xEF, 0xA9, + 0xB5, 0xC3, 0xD5, 0xC8, 0x5A, 0xB1, 0x4A, 0x65, + 0xC0, 0x2D, 0x6D, 0x47, 0x81, 0xFF, 0x13, 0xD3, + 0x28, 0x60, 0x85, 0x54, 0xB6, 0xD1, 0x5E, 0xD9, + 0x12, 0x89, 0xA6, 0xD5, 0x5A, 0xAC, 0x0C, 0x38, + 0xE3, 0x77, 0x06, 0xF7, 0x35, 0x5E, 0x9A, 0x4F, + 0xDA, 0x61, 0x5B, 0x87, 0x59, 0x26, 0xBF, 0xE5, + 0xA5, 0x9D, 0x9E, 0xF2, 0x73, 0xBF, 0x94, 0xA0, + 0x7C, 0xFA, 0x57, 0x31, 0x78, 0xF0, 0xE0, 0x04, + 0xB6, 0xE1, 0xEF, 0x0A, 0x83, 0x49, 0xE9, 0xBC, + 0xC0, 0x19, 0x81, 0xF2, 0x46, 0x0F, 0x0A, 0x27, + 0x43, 0xC2, 0x8D, 0x1E, 0x13, 0x8F, 0xFB, 0x76, + 0x5E, 0x7E, 0x33, 0x97, 0xB7, 0x91, 0x33, 0x35, + 0xD4, 0x02, 0xFE, 0x91, 0x80, 0x6A, 0xA8, 0xFC, + 0x81, 0x92, 0x53, 0xAF, 0x32, 0x69, 0x2F, 0xA6, + 0x51, 0xE8, 0x67, 0xF5, 0x90, 0x7E, 0xF4, 0x6F, + 0x00, 0x62, 0x5A, 0x03, 0x0E, 0xC9, 0x04, 0xED, + 0xAB, 0x21, 0x42, 0x6D, 0x59, 0x11, 0x9D, 0x2C, + 0xAA, 0x43, 0xBD, 0x93, 0x5D, 0xEC, 0x0A, 0x55, + 0x0C, 0x61, 0xEE, 0x4B, 0x27, 0x9C, 0x1C, 0xA3, + 0xA7, 0x9C, 0x79, 0xA6, 0x6E, 0x3F, 0x2D, 0x2F, + 0xAD, 0xB0, 0x0F, 0x59, 0xA3, 0xA4, 0x38, 0xAA, + 0x44, 0x57, 0x01, 0x06, 0x07, 0x30, 0x17, 0xFA, + 0x1C, 0x87, 0x57, 0x50, 0x01, 0x09, 0x72, 0x0D, + 0x12, 0x5B, 0xBA, 0x23, 0x1A, 0x0C, 0x36, 0x35, + 0x0C, 0x78, 0x08, 0x6D, 0xFD, 0xC8, 0xD6, 0x13, + 0xAE, 0xCA, 0x88, 0xC4, 0xCC, 0xAE, 0xB4, 0xA4, + 0x4D, 0x13, 0xAD, 0xB3, 0xC7, 0x17, 0xD6, 0x5C, + 0x82, 0xA3, 0x51, 0xB9, 0xB6, 0xEA, 0xBF, 0x6A, + 0x10, 0xF4, 0xB4, 0xE9, 0x62, 0x3E, 0x3A, 0x95, + 0xB4, 0xD4, 0x0A, 0x12, 0xA8, 0x18, 0xAC, 0x6B, + 0x38, 0x22, 0xDB, 0x82, 0xFB, 0x05, 0xDC, 0x42, + 0x02, 0x64, 0x8B, 0x44, 0x54, 0x68, 0x9A, 0xEB, + 0x69, 0xEA, 0x32, 0x5F, 0x03, 0xE3, 0x5D, 0xEF, + 0xA5, 0x47, 0x08, 0x48, 0x14, 0x20, 0xC6, 0xD6, + 0x97, 0xBB, 0x91, 0x2F, 0xCA, 0x0D, 0x3F, 0x19, + 0x2E, 0xF2, 0x97, 0xDF, 0xE7, 0x7F, 0xF3, 0x6B, + 0x21, 0x03, 0xF1, 0xAD, 0x1A, 0xEE, 0xCE, 0xD1, + 0xC8, 0x14, 0xC2, 0xCD, 0x7E, 0xF1, 0x6B, 0xCE, + 0x47, 0x6A, 0xD0, 0x4F, 0x94, 0x1A, 0xFC, 0x79, + 0xE3, 0x29, 0x54, 0x74, 0xA4, 0x10, 0x62, 0x51, + 0x8C, 0x00, 0x37, 0x86, 0x09, 0x34, 0xF0, 0xE5, + 0xE6, 0x52, 0xF7, 0x27, 0x49, 0xA6, 0x98, 0x63, + 0x2A, 0x09, 0x91, 0xF6, 0x13, 0xF5, 0xCB, 0x96, + 0xCA, 0x11, 0x78, 0xF9, 0x74, 0xF2, 0xC4, 0xAA, + 0x0C, 0xE6, 0x3D, 0xC2, 0x4E, 0x36, 0x4C, 0x92, + 0xA6, 0x43, 0xB9, 0x0A, 0x5F, 0x85, 0xA6, 0x2F, + 0xD4, 0xD8, 0xD2, 0xB1, 0x93, 0xD2, 0x9B, 0x18, + 0xBE, 0xDE, 0x26, 0x53, 0xFC, 0x5D, 0x3F, 0x24, + 0xF5, 0xB2, 0xC0, 0x18, 0xDB, 0xBC, 0xB6, 0xEF, + 0x00, 0xF3, 0x05, 0xBF, 0x93, 0x66, 0x6B, 0xD4, + 0x7F, 0xEA, 0x91, 0x93, 0xBC, 0x23, 0x3D, 0xB3, + 0x91, 0x21, 0x44, 0x2E, 0x93, 0x8D, 0xA5, 0xDD, + 0x07, 0xEE, 0x6E, 0x87, 0x9C, 0x5B, 0x9D, 0xFF, + 0x41, 0xEC, 0xEE, 0x5E, 0x05, 0x89, 0xAE, 0x61, + 0x75, 0xFF, 0x5E, 0xC6, 0xF6, 0xD2, 0x62, 0x9F, + 0x56, 0xB1, 0x8B, 0x4D, 0xE6, 0x6F, 0xCB, 0x13, + 0xDF, 0x04, 0x00, 0xA7, 0x97, 0xC9, 0x22, 0x70, + 0xF6, 0x9B, 0xDE, 0xBD, 0xDC, 0xB8, 0x8C, 0x42, + 0x48, 0x91, 0x9B, 0x56, 0xCD, 0xA7, 0x0B, 0x8A, + 0xC4, 0xF9, 0x42, 0x9C, 0x29, 0x2D, 0xA9, 0x4D, + 0x64, 0x78, 0x28, 0x07, 0x64, 0xFE, 0x23, 0x86, + 0xFC, 0x38, 0xCB, 0x09, 0x31, 0x45, 0x88, 0x39, + 0xEF, 0x4E, 0x7D, 0xE8, 0xF0, 0x68, 0x9D, 0x99, + 0x80, 0x59, 0x88, 0xC7, 0xF9, 0x61, 0x11, 0x85, + 0x2C, 0x89, 0x29, 0xE5, 0xA5, 0x40, 0xD3, 0xB7, + 0x8D, 0x71, 0x2D, 0xEC, 0xC3, 0x96, 0xFE, 0xF3, + 0xEC, 0x34, 0x40, 0x21, 0x84, 0xE4, 0xFD, 0x29, + 0xF3, 0x63, 0xEA, 0x80, 0xF6, 0xFC, 0x50, 0xBA, + 0x9A, 0x11, 0x35, 0x1A, 0xCE, 0xEA, 0x8F, 0xE6, + 0x8D, 0x54, 0x1E, 0x1A, 0xA5, 0x84, 0x8D, 0x9F, + 0x6E, 0x61, 0xDF, 0xB6, 0x2B, 0x2F, 0x23, 0xBC, + 0x50, 0x81, 0xE8, 0x2F, 0x76, 0x22, 0x6E, 0x03, + 0x28, 0x49, 0x82, 0xEC, 0x48, 0x48, 0x12, 0x09, + 0xB1, 0xA7, 0xD4, 0xC8, 0x79, 0x7E, 0x44, 0xBF, + 0xA8, 0x70, 0xB2, 0x20, 0x04, 0xDB, 0x74, 0xBD, + 0x7D, 0x47, 0x8D, 0x5B, 0x36, 0x14, 0xD2, 0xB1, + 0xDA, 0x75, 0x02, 0xB3, 0x98, 0xEB, 0x9D, 0xA8, + 0x0D, 0x06, 0x46, 0x1E, 0x90, 0xE0, 0x30, 0x60, + 0x44, 0x6A, 0xB4, 0xA8, 0x23, 0x84, 0x32, 0xBF, + 0xAF, 0x75, 0x2F, 0x39, 0x17, 0x91, 0x21, 0x4F, + 0x1E, 0x6B, 0x63, 0x59, 0x0D, 0x53, 0x60, 0x60, + 0xD1, 0xC2, 0x45, 0x30, 0x7B, 0xC5, 0xC1, 0xBA, + 0xC4, 0xAA, 0xA0, 0x99, 0xD3, 0x6B, 0xB6, 0xDC, + 0xBC, 0x97, 0x3C, 0xF2, 0xE6, 0x9F, 0x27, 0x34, + 0xD0, 0xF2, 0x9A, 0xEE, 0xC4, 0x56, 0x7B, 0x99, + 0xA1, 0x6B, 0xC1, 0x7C, 0x6C, 0xDD, 0xAC, 0xEF, + 0xE4, 0x99, 0x27, 0xFB, 0x14, 0xE7, 0xD9, 0x8D, + 0xD4, 0x26, 0x35, 0x19, 0x46, 0x9C, 0xCA, 0x3D, + 0xB4, 0x67, 0x9A, 0x68, 0xCE, 0xED, 0xA9, 0x55, + 0x59, 0x22, 0x10, 0xFC, 0x49, 0xAA, 0x5F, 0xBE, + 0x93, 0x4C, 0xC7, 0x3D, 0x84, 0xE4, 0xBA, 0x54, + 0x78, 0x00, 0x2D, 0x68, 0x90, 0x98, 0x90, 0x68, + 0xEF, 0x8F, 0xC9, 0x8C, 0x25, 0x32, 0xB8, 0x3B, + 0xF3, 0xCB, 0x9E, 0xF0, 0x28, 0x93, 0xC2, 0x15, + 0x24, 0x26, 0xB9, 0xD1, 0xA9, 0x47, 0x34, 0xDF, + 0xB4, 0xF9, 0x11, 0x35, 0x14, 0x3C, 0x9E, 0xED, + 0x18, 0xFD, 0x51, 0xAE, 0x87, 0x5D, 0x07, 0xA2, + 0x37, 0x75, 0x60, 0x6A, 0x73, 0x4F, 0xBA, 0x98, + 0xC0, 0x63, 0xB4, 0xA1, 0x62, 0x2E, 0x7F, 0xF2, + 0x1A, 0xA7, 0xE6, 0x52, 0xA3, 0xD6, 0xC1, 0x9F, + 0xE0, 0xDC, 0x67, 0x61, 0xB7, 0xD3, 0x53, 0x02, + 0xBF, 0x21, 0x4D, 0x30, 0x79, 0xF7, 0x60, 0x51, + 0x08, 0x2A, 0x87, 0x59, 0x29, 0x92, 0x0D, 0xC3, + 0xB3, 0xCB, 0x43, 0x21, 0x1A, 0x23, 0xA4, 0x3A, + 0x50, 0x33, 0x2F, 0xAF, 0x1A, 0xC2, 0x19, 0x1E, + 0x71, 0x71, 0x25, 0xF6, 0x3E, 0x25, 0x86, 0xC4, + 0xD8, 0x6D, 0xCA, 0x6B, 0xCD, 0x3D, 0x03, 0x8F, + 0x9D, 0x3A, 0x7B, 0x66, 0xCB, 0xC7, 0xDF, 0x34 + }; + static const byte sk_44[] = { + 0xBC, 0x5F, 0xF8, 0x10, 0xEB, 0x08, 0x90, 0x48, + 0xB8, 0xAB, 0x30, 0x20, 0xA7, 0xBD, 0x3B, 0x16, + 0xC0, 0xE0, 0xCA, 0x3D, 0x6B, 0x97, 0xE4, 0x64, + 0x6C, 0x2C, 0xCA, 0xE0, 0xBB, 0xF1, 0x9E, 0xF7, + 0xBA, 0x2B, 0x57, 0xC4, 0x46, 0x55, 0x6E, 0xE2, + 0xB7, 0x2C, 0x78, 0xB9, 0x6B, 0xB7, 0xA8, 0x50, + 0x3D, 0xE4, 0x0A, 0xFB, 0x54, 0x18, 0x4E, 0x3B, + 0x54, 0x63, 0xC2, 0x1A, 0xF7, 0x48, 0x53, 0x23, + 0xDF, 0x98, 0xF0, 0x16, 0x0A, 0xE5, 0xD1, 0x37, + 0x51, 0x27, 0x25, 0xF8, 0x9D, 0x56, 0x3B, 0xC9, + 0xA1, 0x89, 0xD3, 0x1D, 0x20, 0xB3, 0xB3, 0xC8, + 0xFF, 0xAA, 0xF5, 0xE4, 0x86, 0xE7, 0x90, 0x51, + 0xF6, 0xF3, 0x60, 0x5C, 0xCA, 0x25, 0x69, 0xFD, + 0xB4, 0x6B, 0x33, 0x18, 0xD2, 0x38, 0x42, 0xCE, + 0x40, 0xD6, 0x43, 0x86, 0x13, 0xF6, 0x8B, 0x45, + 0x5B, 0x0D, 0x3B, 0xCA, 0x0E, 0x05, 0x0D, 0x4D, + 0x11, 0x99, 0x88, 0xA2, 0xC4, 0x80, 0x1B, 0x90, + 0x84, 0xE0, 0xB0, 0x48, 0xC9, 0x28, 0x09, 0x22, + 0x30, 0x90, 0x24, 0x06, 0x49, 0x98, 0x40, 0x65, + 0x5A, 0x26, 0x8A, 0xDA, 0x32, 0x90, 0xDA, 0x48, + 0x08, 0x22, 0x81, 0x90, 0xC8, 0x14, 0x61, 0xDC, + 0x16, 0x6A, 0x21, 0x47, 0x8E, 0x08, 0xB2, 0x21, + 0xE3, 0x08, 0x68, 0x1A, 0x02, 0x44, 0x14, 0xC6, + 0x65, 0xE1, 0x98, 0x71, 0x90, 0xC6, 0x69, 0x0C, + 0x15, 0x44, 0xC9, 0xA0, 0x11, 0xCC, 0x34, 0x71, + 0x83, 0x40, 0x45, 0x00, 0x12, 0x4D, 0x91, 0x08, + 0x00, 0x83, 0x36, 0x84, 0x12, 0x85, 0x4C, 0xCC, + 0x00, 0x41, 0x09, 0x90, 0x70, 0x18, 0x95, 0x00, + 0xA2, 0xB2, 0x85, 0x94, 0x26, 0x41, 0x0B, 0x00, + 0x41, 0x0A, 0xB9, 0x80, 0xC0, 0xC6, 0x10, 0x0C, + 0x33, 0x29, 0xA3, 0xA6, 0x28, 0x1C, 0x26, 0x10, + 0x1A, 0x37, 0x49, 0x13, 0x35, 0x8A, 0x0B, 0x29, + 0x2E, 0x82, 0xA2, 0x70, 0x8B, 0x38, 0x49, 0x94, + 0x04, 0x80, 0x9B, 0x26, 0x10, 0xA4, 0x80, 0x30, + 0x04, 0x37, 0x0C, 0x48, 0xB2, 0x60, 0x04, 0x17, + 0x2E, 0x19, 0x49, 0x64, 0xC8, 0xC4, 0x64, 0x1A, + 0x96, 0x60, 0x10, 0x83, 0x6D, 0x20, 0x38, 0x22, + 0x49, 0x06, 0x08, 0x1B, 0xB7, 0x20, 0x01, 0x48, + 0x4D, 0xE1, 0x10, 0x49, 0x08, 0x38, 0x44, 0x4C, + 0x16, 0x8E, 0x04, 0xB2, 0x2C, 0x09, 0x91, 0x50, + 0x83, 0x36, 0x06, 0x5C, 0x02, 0x8C, 0x8A, 0x38, + 0x05, 0x1A, 0xB5, 0x81, 0x82, 0xC0, 0x09, 0x51, + 0x12, 0x72, 0x22, 0x10, 0x0D, 0x04, 0x08, 0x2A, + 0xA4, 0x84, 0x10, 0x58, 0x08, 0x52, 0x08, 0x26, + 0x0A, 0x02, 0xB6, 0x2D, 0x8A, 0x12, 0x0E, 0x14, + 0x22, 0x10, 0x48, 0x44, 0x0A, 0x14, 0x23, 0x91, + 0x50, 0x40, 0x90, 0x0A, 0x27, 0x92, 0xA4, 0xB0, + 0x60, 0x08, 0x84, 0x11, 0xC4, 0x40, 0x22, 0x63, + 0x46, 0x2A, 0xDA, 0xA6, 0x90, 0xC1, 0xB2, 0x30, + 0x50, 0x10, 0x00, 0xA0, 0xB4, 0x6C, 0x53, 0xB4, + 0x50, 0x13, 0x05, 0x8D, 0x02, 0x31, 0x0E, 0x08, + 0x20, 0x10, 0x91, 0xC8, 0x4C, 0x22, 0xA7, 0x50, + 0xC2, 0xA6, 0x70, 0x92, 0x46, 0x41, 0x63, 0x16, + 0x8C, 0x84, 0x00, 0x11, 0x0B, 0x81, 0x90, 0x13, + 0x83, 0x71, 0x21, 0x85, 0x30, 0x1B, 0x18, 0x46, + 0xA3, 0x10, 0x84, 0x14, 0x43, 0x40, 0x80, 0x98, + 0x25, 0x0C, 0x27, 0x2C, 0x94, 0x42, 0x41, 0xA2, + 0x88, 0x45, 0x02, 0x13, 0x05, 0x44, 0xB6, 0x44, + 0x52, 0x22, 0x92, 0xD0, 0x80, 0x50, 0x4B, 0xA6, + 0x04, 0x84, 0x36, 0x70, 0x09, 0xB2, 0x4D, 0x19, + 0xA8, 0x84, 0x24, 0x93, 0x49, 0x94, 0xA2, 0x80, + 0x49, 0xB4, 0x48, 0x91, 0x28, 0x64, 0xA1, 0xC8, + 0x65, 0x4B, 0x82, 0x85, 0x93, 0x30, 0x06, 0x63, + 0x12, 0x66, 0x10, 0x37, 0x01, 0x4A, 0x40, 0x80, + 0x18, 0x18, 0x90, 0x44, 0xC4, 0x0D, 0x4B, 0x28, + 0x81, 0xA2, 0x06, 0x40, 0xD4, 0x30, 0x2C, 0x1B, + 0x96, 0x4C, 0xE1, 0xB2, 0x60, 0x44, 0x28, 0x41, + 0xD8, 0x30, 0x65, 0x24, 0x09, 0x04, 0x64, 0x00, + 0x89, 0x63, 0xC2, 0x24, 0xC0, 0x00, 0x49, 0x92, + 0x16, 0x52, 0x23, 0xC1, 0x29, 0x42, 0x26, 0x91, + 0xD0, 0x38, 0x31, 0x83, 0x28, 0x28, 0x4C, 0x28, + 0x61, 0x1A, 0xB2, 0x88, 0x80, 0x26, 0x2D, 0x0C, + 0x19, 0x52, 0x5B, 0x22, 0x60, 0x8A, 0x92, 0x28, + 0xA2, 0x18, 0x90, 0xD9, 0x42, 0x52, 0xCB, 0x40, + 0x8E, 0x9B, 0x16, 0x06, 0x4B, 0xC8, 0x05, 0xE0, + 0x06, 0x6C, 0x49, 0xC2, 0x25, 0xD4, 0x22, 0x69, + 0x14, 0x11, 0x69, 0x1C, 0x34, 0x90, 0x0C, 0x85, + 0x8D, 0x1C, 0x84, 0x49, 0x63, 0x10, 0x85, 0x08, + 0x34, 0x89, 0x58, 0x16, 0x66, 0xA0, 0x38, 0x68, + 0x0B, 0xA2, 0x50, 0xE0, 0x84, 0x61, 0xC1, 0x26, + 0x6E, 0xC9, 0x14, 0x6A, 0xC0, 0xC0, 0x31, 0x84, + 0x18, 0x2E, 0xDC, 0x16, 0x52, 0x14, 0x18, 0x91, + 0x0A, 0x39, 0x2C, 0x83, 0xA6, 0x8D, 0x12, 0x29, + 0x62, 0x92, 0xA6, 0x60, 0x08, 0xA5, 0x10, 0xD9, + 0xC8, 0x4D, 0x24, 0x48, 0x24, 0x83, 0x98, 0x24, + 0x1A, 0x44, 0x42, 0x08, 0x08, 0x48, 0xC8, 0x96, + 0x2D, 0xA1, 0x10, 0x20, 0x60, 0x24, 0x51, 0x9C, + 0x30, 0x11, 0xDB, 0xC8, 0x04, 0x11, 0x22, 0x51, + 0x18, 0x04, 0x68, 0xE2, 0x24, 0x4E, 0x10, 0xC4, + 0x0D, 0x18, 0x37, 0x29, 0x11, 0xB7, 0x84, 0x43, + 0x84, 0x8D, 0x54, 0x40, 0x70, 0x64, 0x80, 0x70, + 0x21, 0xB0, 0x4D, 0x00, 0x26, 0x62, 0x00, 0x45, + 0x25, 0x1B, 0x83, 0x84, 0x84, 0x80, 0x70, 0x19, + 0xB0, 0x04, 0x0A, 0xC9, 0x28, 0xCA, 0x80, 0x05, + 0x1B, 0x21, 0x4E, 0xD4, 0xB0, 0x49, 0x8C, 0x96, + 0x6C, 0xD0, 0x96, 0x25, 0x48, 0x32, 0x72, 0x54, + 0x12, 0x05, 0x09, 0x98, 0x8C, 0x8A, 0x32, 0x6D, + 0xC0, 0x04, 0x31, 0x63, 0xC8, 0x61, 0xC8, 0xC2, + 0x68, 0x9B, 0xB4, 0x8C, 0x5B, 0xC0, 0x2D, 0xC3, + 0xA8, 0x8D, 0x1B, 0x16, 0x6C, 0xD8, 0x96, 0x41, + 0x98, 0x34, 0x02, 0x44, 0x14, 0x2C, 0xD3, 0x86, + 0x44, 0x0A, 0x18, 0x8A, 0x1A, 0x46, 0x92, 0x1A, + 0xB7, 0x08, 0x4C, 0x34, 0x24, 0x21, 0x91, 0x0D, + 0x9A, 0x96, 0x2D, 0xCB, 0x24, 0x22, 0x92, 0x86, + 0x08, 0x98, 0xA0, 0x50, 0xDA, 0x44, 0x6A, 0x19, + 0xB1, 0x05, 0x8B, 0x20, 0x6E, 0x24, 0xC4, 0x81, + 0xC9, 0x98, 0x40, 0x22, 0x19, 0x32, 0x11, 0x05, + 0x69, 0xD3, 0x94, 0x91, 0x08, 0xA7, 0x71, 0xDB, + 0xC0, 0x70, 0x02, 0xB8, 0x28, 0x83, 0xB4, 0x49, + 0xA0, 0x44, 0x8A, 0x0B, 0xB4, 0x10, 0x61, 0x02, + 0x48, 0x1C, 0xA6, 0x11, 0xE3, 0x20, 0x66, 0x40, + 0xB4, 0x70, 0x03, 0xB6, 0x04, 0x60, 0x48, 0x21, + 0x5B, 0x21, 0x83, 0x39, 0x88, 0xDB, 0x67, 0x4A, + 0x61, 0xE7, 0xC2, 0x08, 0xDE, 0xBE, 0x8D, 0xAE, + 0x41, 0x19, 0xAF, 0xB0, 0x26, 0x61, 0xA6, 0x9A, + 0xBC, 0x8B, 0xDD, 0x24, 0x5B, 0x5D, 0x0F, 0xB1, + 0xA2, 0x67, 0x01, 0xC9, 0xB9, 0xC9, 0xA8, 0xF7, + 0xD9, 0xFC, 0xD4, 0xC2, 0x87, 0xFF, 0x3D, 0x60, + 0x8C, 0xF2, 0x58, 0x28, 0x2A, 0x1E, 0xB2, 0x9F, + 0x93, 0x04, 0xE8, 0x9C, 0x14, 0xF3, 0xE1, 0xCE, + 0x56, 0x12, 0x89, 0x1C, 0x60, 0x29, 0x34, 0x52, + 0x60, 0x06, 0xC9, 0x9B, 0x4A, 0xA2, 0x39, 0x9B, + 0xF4, 0x94, 0xBC, 0xF8, 0xDF, 0x61, 0xD6, 0xDF, + 0x4C, 0x69, 0xBC, 0x93, 0xE0, 0x2D, 0x49, 0x95, + 0xE2, 0xF7, 0x6E, 0x9F, 0xDA, 0x4E, 0xF6, 0x7E, + 0xB7, 0x25, 0x6C, 0xA8, 0x9A, 0x3F, 0x38, 0xFE, + 0xB2, 0xE9, 0xDF, 0x6A, 0x01, 0x0D, 0xC1, 0xC1, + 0x50, 0x02, 0xFB, 0xD4, 0x56, 0xFA, 0xE8, 0x84, + 0x82, 0x1A, 0x34, 0x16, 0x6B, 0x06, 0x58, 0xA2, + 0x41, 0x25, 0x95, 0x71, 0x8E, 0x14, 0x9B, 0xBC, + 0x6E, 0x22, 0x0A, 0xEE, 0x26, 0x8D, 0x4D, 0x82, + 0x18, 0xC2, 0x5F, 0x6A, 0x95, 0x7D, 0xE5, 0xB2, + 0x6C, 0xEA, 0x7B, 0x14, 0xCB, 0x32, 0x0D, 0x89, + 0xE1, 0x69, 0x9A, 0xD9, 0xF2, 0xB3, 0x89, 0xC6, + 0x7E, 0xF9, 0x33, 0x86, 0xA2, 0xC6, 0x5F, 0x2C, + 0x32, 0x23, 0x33, 0x67, 0xD7, 0x6A, 0xE4, 0xAB, + 0x2A, 0xBB, 0xD4, 0x22, 0xE9, 0x8E, 0x49, 0x3D, + 0xCC, 0x3C, 0xC5, 0xDA, 0xF6, 0x89, 0xB6, 0x5C, + 0xC4, 0xBC, 0x3F, 0xA5, 0x1C, 0x9C, 0x59, 0xEE, + 0xAF, 0x07, 0x55, 0x17, 0x0C, 0x24, 0x95, 0x80, + 0x4D, 0x02, 0xA6, 0x07, 0xC5, 0xBF, 0x88, 0x7C, + 0xD8, 0x6A, 0x03, 0x89, 0xF2, 0x8F, 0xC9, 0x72, + 0x5E, 0xF4, 0x60, 0x03, 0xF1, 0x3B, 0x01, 0x87, + 0x68, 0x4B, 0xEA, 0xB1, 0xF2, 0x4A, 0x29, 0xF5, + 0x31, 0x96, 0x01, 0xF3, 0x09, 0xC9, 0x1D, 0x2A, + 0x33, 0x3D, 0x1B, 0x88, 0xDF, 0x20, 0x5A, 0x51, + 0x20, 0xC4, 0xCF, 0xDC, 0x22, 0x38, 0x12, 0x4E, + 0x4E, 0x2B, 0x47, 0xD0, 0xB5, 0xE6, 0x6A, 0x65, + 0x4F, 0xE4, 0xCC, 0xCB, 0x07, 0x8F, 0x07, 0xCB, + 0xD4, 0x55, 0xD1, 0x5D, 0x3E, 0xEC, 0x7D, 0xA2, + 0x74, 0xD2, 0x4A, 0x2E, 0x57, 0x18, 0x84, 0xDE, + 0x41, 0xC3, 0xA9, 0xA4, 0xFD, 0xB3, 0xF6, 0x09, + 0x8A, 0x17, 0x2C, 0x30, 0x96, 0x80, 0x39, 0xBD, + 0x0E, 0x4E, 0xB3, 0xE2, 0xFB, 0x6D, 0x6E, 0xEE, + 0xD3, 0x9E, 0x0B, 0x63, 0x62, 0xD5, 0x4E, 0x7B, + 0x88, 0x95, 0x98, 0x69, 0xDD, 0xD5, 0xD8, 0x73, + 0xD9, 0x65, 0x24, 0x01, 0xA2, 0x9F, 0x27, 0xA2, + 0x8E, 0xA6, 0x6D, 0x32, 0xCC, 0xB0, 0xEF, 0x3B, + 0xF4, 0x60, 0x0F, 0x75, 0x57, 0xEE, 0x8D, 0x54, + 0xBF, 0x1D, 0xAD, 0x18, 0xF4, 0x5D, 0xDC, 0xD4, + 0xC9, 0xED, 0x57, 0xB1, 0x3E, 0x44, 0x5B, 0xF1, + 0x22, 0xA4, 0x3F, 0x53, 0x94, 0x03, 0x89, 0xBF, + 0x87, 0x14, 0xFF, 0xAC, 0x72, 0x1E, 0x59, 0x31, + 0x7E, 0x4B, 0x70, 0x50, 0x0A, 0xD0, 0xD1, 0xB9, + 0xA6, 0x27, 0x05, 0x4D, 0x31, 0x93, 0x20, 0x8C, + 0x77, 0x4E, 0x0B, 0x20, 0xED, 0x04, 0x1A, 0x8C, + 0x05, 0x5E, 0x75, 0xEE, 0xCD, 0x37, 0x38, 0xF0, + 0x07, 0x15, 0x8F, 0xAD, 0xDF, 0xCA, 0x5F, 0x43, + 0x56, 0x2D, 0x63, 0x6A, 0x5A, 0xCF, 0x3A, 0x39, + 0x83, 0xD3, 0xCF, 0xEB, 0xCA, 0x10, 0xB8, 0x13, + 0xF9, 0xF6, 0x52, 0x65, 0x19, 0x19, 0x9A, 0x03, + 0x13, 0xCD, 0x1D, 0xE1, 0x3F, 0x06, 0xAD, 0x53, + 0x86, 0xE1, 0xE1, 0x20, 0x79, 0x5F, 0xD2, 0x67, + 0xB7, 0xF4, 0x20, 0x19, 0xD8, 0x4D, 0xF6, 0xCD, + 0x1B, 0xF9, 0x19, 0x30, 0xFC, 0xA7, 0xAF, 0xD5, + 0x2E, 0x80, 0x70, 0x0F, 0x4C, 0xF5, 0xCD, 0xC3, + 0x8A, 0x5F, 0x7A, 0x57, 0x49, 0x79, 0x1C, 0x2F, + 0xDF, 0xFC, 0x4A, 0x10, 0x75, 0x3C, 0x24, 0xDB, + 0x19, 0xE8, 0xEB, 0x65, 0x1C, 0x5B, 0x36, 0x32, + 0x00, 0xF0, 0xB5, 0xD1, 0x69, 0x94, 0x70, 0x26, + 0xE9, 0xF7, 0x4F, 0x01, 0x2D, 0xC7, 0xC5, 0xB3, + 0x39, 0xDD, 0x49, 0xD2, 0x61, 0xCA, 0x1D, 0x37, + 0xF8, 0xF2, 0x83, 0x46, 0xE6, 0x19, 0x78, 0x05, + 0x4F, 0x45, 0xAE, 0xE4, 0x36, 0xDC, 0xCB, 0xE7, + 0xBF, 0xAF, 0xE0, 0x7C, 0xE9, 0xA8, 0xB8, 0x3C, + 0x90, 0xA2, 0x68, 0x6F, 0xA9, 0x54, 0x02, 0x85, + 0x09, 0x25, 0xC8, 0x58, 0x2B, 0xC9, 0xB7, 0x34, + 0xE4, 0xEC, 0xA1, 0xF7, 0xB2, 0x0B, 0x08, 0x6F, + 0x12, 0x9F, 0x27, 0x7A, 0x5C, 0xBD, 0xAA, 0x96, + 0x3C, 0x92, 0x71, 0x7E, 0xF7, 0x0E, 0xC1, 0x9B, + 0xF3, 0xDB, 0xC6, 0xDA, 0x20, 0x3A, 0xD9, 0x0F, + 0x3B, 0x13, 0xBB, 0xC2, 0x2F, 0xBD, 0x98, 0x0B, + 0xB1, 0xB9, 0xD3, 0xA3, 0x44, 0x52, 0xB3, 0x35, + 0x70, 0x21, 0xCE, 0x36, 0x13, 0x58, 0x4E, 0x09, + 0x36, 0xBF, 0x1D, 0x09, 0x42, 0x09, 0x37, 0x81, + 0x5E, 0x11, 0xCC, 0x5D, 0x5D, 0xDB, 0x4B, 0xF1, + 0xD8, 0x30, 0xC4, 0xF8, 0x3F, 0x30, 0xE5, 0x15, + 0x92, 0x1C, 0x78, 0x4D, 0x87, 0xBB, 0x20, 0xC0, + 0x9E, 0x3C, 0x64, 0xBD, 0xCE, 0x9A, 0xB1, 0xC6, + 0x9F, 0xD3, 0x07, 0xEF, 0xE3, 0x59, 0xC7, 0xF9, + 0x38, 0x56, 0x6C, 0x9F, 0x25, 0x17, 0xB0, 0x63, + 0x38, 0x51, 0x67, 0xE2, 0x47, 0xF3, 0x10, 0x81, + 0x11, 0x9B, 0xAC, 0x6B, 0x55, 0xA0, 0xBD, 0xD7, + 0x14, 0x25, 0x51, 0x0F, 0xFA, 0x2A, 0xBD, 0xFA, + 0x88, 0x83, 0x76, 0xA3, 0x7F, 0x20, 0xC2, 0x48, + 0x01, 0x52, 0xBB, 0x36, 0x16, 0x34, 0x52, 0x00, + 0x07, 0xC5, 0xB3, 0x4B, 0xF2, 0x28, 0x17, 0xCB, + 0x2E, 0x67, 0xAC, 0x1A, 0x82, 0x67, 0x0B, 0x71, + 0xF1, 0x96, 0xC8, 0x9F, 0x23, 0xBA, 0x31, 0x4B, + 0x16, 0xA9, 0x48, 0x49, 0x93, 0x04, 0xEF, 0x5C, + 0x03, 0xDC, 0xF5, 0x8E, 0x52, 0xBE, 0x31, 0x48, + 0x63, 0xE7, 0x23, 0xC5, 0x6D, 0x3A, 0xEB, 0x34, + 0x0B, 0xFF, 0x18, 0xAB, 0xFA, 0x20, 0xDC, 0x03, + 0x44, 0x20, 0x30, 0x23, 0x05, 0x33, 0xD9, 0x12, + 0x9B, 0x83, 0xED, 0x22, 0xC3, 0x51, 0xF2, 0x32, + 0x81, 0x72, 0xE3, 0x63, 0x44, 0x74, 0x44, 0xAE, + 0x5C, 0x69, 0x02, 0xB7, 0x92, 0x79, 0x9F, 0x54, + 0x44, 0x50, 0x78, 0x71, 0x19, 0x61, 0x2E, 0x9B, + 0xB4, 0x13, 0x0A, 0x33, 0xA2, 0xA5, 0x96, 0x2A, + 0xC0, 0x9D, 0x57, 0x7D, 0x6D, 0xDC, 0x88, 0x1F, + 0xE6, 0x61, 0x61, 0x26, 0xD8, 0xA0, 0xA7, 0xDF, + 0x2B, 0x22, 0x53, 0xBC, 0x8E, 0xC4, 0xE3, 0x53, + 0x86, 0xEA, 0x55, 0x11, 0xF0, 0xF1, 0x58, 0x87, + 0x14, 0x5B, 0x6C, 0x23, 0xAB, 0x3D, 0x40, 0x33, + 0x39, 0xE4, 0x04, 0x07, 0x3E, 0xD9, 0xC6, 0xA8, + 0x96, 0xA2, 0xF9, 0xEC, 0x70, 0xC4, 0x4B, 0xD2, + 0xAE, 0xC1, 0x0F, 0xC4, 0x36, 0x0E, 0x87, 0x63, + 0x6B, 0xE1, 0x55, 0xB6, 0xA6, 0x7B, 0x7E, 0xDF, + 0x38, 0xCF, 0x73, 0x00, 0x48, 0x13, 0xC9, 0xE7, + 0xD2, 0xC6, 0x54, 0xC2, 0x53, 0x0A, 0x71, 0xE5, + 0xF8, 0xC1, 0x09, 0x42, 0xFB, 0x6D, 0x88, 0x41, + 0x53, 0x5A, 0xB1, 0xDA, 0x43, 0xE8, 0xCB, 0x0B, + 0xB8, 0x9E, 0x78, 0xEC, 0x91, 0xF8, 0xDE, 0x15, + 0x31, 0xA0, 0x36, 0x65, 0xCC, 0xD5, 0xA7, 0x5B, + 0xDA, 0x0E, 0xD0, 0xE5, 0x98, 0x64, 0xEE, 0xEF, + 0x51, 0xA8, 0x3F, 0xA5, 0x53, 0xAF, 0x66, 0x2A, + 0xEE, 0x00, 0xD1, 0xF8, 0x36, 0x7B, 0x4D, 0x5D, + 0xDD, 0xC3, 0x45, 0x54, 0x4C, 0x6B, 0xD5, 0x14, + 0xF8, 0x88, 0xE6, 0x03, 0x3C, 0x25, 0x5D, 0xB6, + 0x50, 0xDA, 0x73, 0x4A, 0xD3, 0x3A, 0x3C, 0xF8, + 0x4B, 0xD3, 0xF0, 0x6F, 0xA1, 0xA7, 0xCA, 0x02, + 0xE4, 0xB8, 0xE9, 0x93, 0xAE, 0x7A, 0xE6, 0x34, + 0x20, 0xA4, 0x6B, 0xA8, 0xA3, 0x81, 0x3D, 0x1E, + 0x9D, 0x29, 0x66, 0xBB, 0x85, 0x60, 0xD7, 0x1C, + 0x62, 0xA0, 0x44, 0xEA, 0x94, 0x17, 0x9F, 0x4E, + 0xB1, 0xB6, 0xED, 0x60, 0x71, 0x9D, 0x51, 0xE0, + 0xEE, 0xF6, 0xCD, 0x07, 0x91, 0x52, 0xF6, 0xBE, + 0x48, 0x8E, 0xC9, 0x19, 0x11, 0xC6, 0xD3, 0xF1, + 0xD1, 0x17, 0x3C, 0x54, 0x1F, 0x9D, 0x25, 0xBF, + 0x34, 0x2F, 0xCA, 0xA3, 0xFF, 0x46, 0xC1, 0x8F, + 0x2A, 0x04, 0x41, 0xD8, 0x3B, 0xDE, 0x35, 0x46, + 0xA9, 0x82, 0x6C, 0x34, 0x96, 0xE0, 0x6F, 0x2F, + 0x2B, 0x0E, 0xEB, 0x9D, 0x5B, 0xE8, 0x73, 0x9F, + 0x83, 0xA4, 0x2D, 0x3B, 0x30, 0x0E, 0x70, 0xEE, + 0x84, 0xDF, 0xFF, 0xB2, 0x07, 0x64, 0xA0, 0x60, + 0x21, 0x2F, 0x05, 0x8C, 0x8A, 0x5F, 0xFA, 0x9A, + 0x34, 0xE9, 0x28, 0xD6, 0xA7, 0xE0, 0x77, 0x08, + 0xFE, 0x53, 0x93, 0xE3, 0x01, 0x7C, 0xE4, 0x70, + 0xEB, 0x96, 0x58, 0xA7, 0x4E, 0x49, 0x51, 0xE6, + 0xFA, 0x48, 0x54, 0xC9, 0xE9, 0xC2, 0x89, 0x88, + 0x81, 0x2E, 0x44, 0x18, 0xA2, 0xE8, 0x32, 0x58, + 0x0B, 0x4A, 0x27, 0x03, 0x72, 0xBC, 0x69, 0x67, + 0x68, 0x89, 0xD0, 0xCC, 0x43, 0x24, 0x0E, 0xDA, + 0xBC, 0x1D, 0x31, 0x14, 0xD8, 0xF3, 0x5A, 0xB2, + 0xE9, 0xEA, 0x95, 0x30, 0x82, 0xE9, 0x53, 0x62, + 0x79, 0xAC, 0xB3, 0xBE, 0x16, 0xD3, 0xA2, 0x05, + 0xF4, 0x6C, 0xB6, 0x7B, 0x22, 0x14, 0x96, 0x93, + 0x5A, 0xC0, 0x42, 0x92, 0xBB, 0xFB, 0x9A, 0x61, + 0xC0, 0xA0, 0x3E, 0xF4, 0xC9, 0xB6, 0x82, 0x04, + 0x95, 0xF3, 0xD8, 0x0E, 0x4A, 0x6F, 0xB7, 0xE1, + 0xC6, 0x99, 0x03, 0xFA, 0x22, 0x6E, 0x02, 0x3E, + 0x95, 0xBA, 0x41, 0x6D, 0xF2, 0xE5, 0xE4, 0x54, + 0x1E, 0x15, 0xDC, 0xC0, 0x00, 0xB5, 0xE6, 0x5C, + 0x97, 0x20, 0xDA, 0xF6, 0x96, 0x01, 0x2F, 0xA2, + 0xA6, 0xCF, 0x75, 0x8E, 0xD6, 0xD2, 0x25, 0xA3, + 0xE4, 0xFE, 0xE4, 0x5A, 0xC5, 0xFB, 0x48, 0x70, + 0x7F, 0xAE, 0x13, 0x3D, 0x59, 0x2C, 0xFD, 0x2E, + 0x8C, 0x43, 0xC2, 0x12, 0x6F, 0x65, 0x2B, 0xEE, + 0x9B, 0xAB, 0x43, 0xA1, 0xA1, 0x0B, 0xE2, 0x41, + 0x1A, 0x67, 0x94, 0xB2, 0x6C, 0xB5, 0x5C, 0xC2, + 0x17, 0xEB, 0x7B, 0x0B, 0x14, 0x6D, 0x23, 0xF7, + 0x92, 0x2D, 0x32, 0x22, 0xAE, 0x5E, 0xE8, 0xC6, + 0xD3, 0x8E, 0x83, 0x99, 0xBA, 0x51, 0xC6, 0x81, + 0xB8, 0x38, 0x16, 0xFC, 0xF7, 0x44, 0x38, 0x82, + 0x59, 0x20, 0xF9, 0xCE, 0x8A, 0x20, 0x2A, 0x8F, + 0x6D, 0x94, 0x2D, 0xA8, 0x62, 0x38, 0xFB, 0x4C, + 0x9F, 0x21, 0x98, 0xEA, 0x8D, 0xFF, 0x81, 0xC1, + 0x72, 0x86, 0xE0, 0x18, 0xDF, 0x4B, 0x7F, 0xE3, + 0x88, 0x4D, 0x17, 0x59, 0xE4, 0xC5, 0x9B, 0xB5, + 0x26, 0x17, 0xAE, 0xD4, 0xE7, 0x8E, 0x4E, 0x7C, + 0x4E, 0x9A, 0x36, 0xE4, 0xE9, 0x96, 0xD3, 0x23, + 0x91, 0xA3, 0x4A, 0x0D, 0xAA, 0xAB, 0x6B, 0x54, + 0x08, 0x15, 0xA3, 0x4D, 0x20, 0x40, 0x7A, 0xEF, + 0x81, 0x94, 0x9B, 0xE6, 0x7B, 0x90, 0x69, 0x50, + 0xD8, 0x9B, 0xE9, 0xF0, 0x85, 0xE9, 0x9E, 0xB5, + 0x87, 0x26, 0x95, 0x17, 0x3B, 0x3E, 0xFA, 0xCA, + 0xE9, 0x45, 0x5D, 0x2B, 0x2C, 0xD4, 0xF7, 0x10, + 0xB8, 0x72, 0xCF, 0x66, 0x2B, 0x73, 0x62, 0x16, + 0xB1, 0xBB, 0xFB, 0x1F, 0x5F, 0x3D, 0x48, 0x6C, + 0x7B, 0x4B, 0x87, 0x56, 0x12, 0x33, 0x3F, 0x8E, + 0x4B, 0xA9, 0x33, 0xDC, 0x79, 0xF0, 0xED, 0xFD, + 0x7B, 0xAA, 0xDE, 0x2C, 0x16, 0xF2, 0x14, 0x6A, + 0x49, 0x6F, 0x79, 0xC4, 0x2A, 0x4D, 0x6B, 0x52, + 0x39, 0xA3, 0x0D, 0xD3, 0xC4, 0x8B, 0xEB, 0x09, + 0x2C, 0xA0, 0x75, 0x00, 0x10, 0xF6, 0x9E, 0xD4, + 0xB9, 0x23, 0x20, 0x14, 0x7D, 0xBB, 0xE2, 0x08, + 0xF6, 0xE8, 0xEB, 0x1C, 0xF2, 0x47, 0xD2, 0x1A, + 0x3A, 0x3B, 0x01, 0xDF, 0x58, 0xC0, 0xAA, 0x62, + 0x94, 0x4D, 0xA0, 0xEF, 0x04, 0x50, 0xE8, 0xCE, + 0x48, 0xAA, 0x13, 0x7E, 0x7E, 0x15, 0x16, 0xC1, + 0xD5, 0xC8, 0x6E, 0xEA, 0x17, 0xFD, 0xFA, 0xC1, + 0x69, 0x07, 0x46, 0xE7, 0x26, 0x70, 0x45, 0xA3, + 0xE9, 0x05, 0x96, 0xBD, 0xB7, 0x5D, 0x50, 0xB6, + 0xDD, 0x5C, 0x34, 0xE5, 0xC8, 0xD8, 0x9D, 0xC6, + 0xF2, 0xF1, 0xD2, 0x44, 0x40, 0xE5, 0x7B, 0x47, + 0x59, 0xB8, 0x62, 0x5F, 0x72, 0xBC, 0x4A, 0x7B, + 0x10, 0xD5, 0x19, 0xD3, 0x31, 0xF9, 0xC4, 0x00, + 0xAA, 0xE1, 0xE5, 0x0D, 0x48, 0x0C, 0xAA, 0xE5, + 0xA1, 0xC0, 0xFA, 0x99, 0xD7, 0x79, 0x24, 0xCF, + 0x8D, 0xFE, 0x56, 0xCD, 0x70, 0x92, 0xE7, 0xB9 + }; +#endif /* !WOLFSSL_NO_ML_DSA_44 */ +#ifndef WOLFSSL_NO_ML_DSA_65 + static const byte seed_65[] = { + 0x70, 0xCE, 0xFB, 0x9A, 0xED, 0x5B, 0x68, 0xE0, + 0x18, 0xB0, 0x79, 0xDA, 0x82, 0x84, 0xB9, 0xD5, + 0xCA, 0xD5, 0x49, 0x9E, 0xD9, 0xC2, 0x65, 0xFF, + 0x73, 0x58, 0x80, 0x05, 0xD8, 0x5C, 0x22, 0x5C + }; + static const byte pk_65[] = { + 0xD2, 0xFD, 0x03, 0xF3, 0xA1, 0xB7, 0xF6, 0x35, + 0xAF, 0x9F, 0x34, 0xD5, 0x80, 0xA9, 0x8F, 0x52, + 0x4C, 0x73, 0x5B, 0xD5, 0xBA, 0x23, 0x55, 0xDC, + 0x6E, 0x03, 0x5B, 0xD2, 0x17, 0x65, 0x58, 0x0C, + 0xBB, 0x11, 0x19, 0x23, 0xF1, 0x94, 0xA7, 0xCC, + 0x8A, 0x7B, 0xB2, 0xEB, 0xC5, 0xC0, 0xE7, 0x1A, + 0xA6, 0x37, 0xCC, 0x80, 0x0E, 0x61, 0x03, 0xB8, + 0x50, 0xA5, 0x39, 0xB2, 0xA3, 0x9E, 0x1B, 0x6D, + 0x71, 0x3E, 0x5D, 0xB8, 0x31, 0x4C, 0x9A, 0xE1, + 0xF8, 0xBF, 0x8A, 0x38, 0xF0, 0x6A, 0xFB, 0x9D, + 0x73, 0xB1, 0x61, 0xB0, 0xFF, 0xE3, 0xA4, 0x89, + 0x17, 0x06, 0xAE, 0x26, 0xD5, 0x4F, 0xFB, 0x49, + 0x6D, 0xF8, 0xDC, 0x0F, 0x19, 0x83, 0x50, 0x95, + 0x00, 0xC9, 0xAB, 0xBD, 0x28, 0xE5, 0x9B, 0x3F, + 0xCD, 0xAB, 0xBD, 0xAD, 0xAB, 0xD4, 0x5E, 0xC3, + 0x14, 0x99, 0x37, 0x8B, 0xDE, 0x84, 0x9E, 0x7C, + 0x1F, 0x19, 0xB7, 0x04, 0x4D, 0x67, 0xE0, 0x51, + 0x06, 0xD7, 0x13, 0x6D, 0x95, 0x38, 0x0D, 0x56, + 0x05, 0xD4, 0x46, 0x5D, 0x87, 0x75, 0x57, 0x06, + 0x5D, 0xF0, 0xA7, 0x5D, 0x3C, 0x28, 0x54, 0x2F, + 0x40, 0xFE, 0xED, 0x42, 0xEC, 0x7E, 0x28, 0x06, + 0x37, 0xB0, 0x83, 0xD9, 0x88, 0xBC, 0xA5, 0xF6, + 0x39, 0x4E, 0x02, 0x39, 0x6C, 0x46, 0x76, 0x18, + 0x4F, 0xB6, 0x33, 0x18, 0xDA, 0xFA, 0xF5, 0xBB, + 0xDD, 0xE0, 0x0E, 0x30, 0x8F, 0xE8, 0x40, 0x19, + 0xC2, 0x34, 0x0A, 0x3F, 0x3E, 0x1C, 0x08, 0x65, + 0x62, 0x49, 0x70, 0x71, 0x12, 0x83, 0x35, 0x6A, + 0xE1, 0x4B, 0xD6, 0xB9, 0x4D, 0x1C, 0x9A, 0xE1, + 0x88, 0xDE, 0x1A, 0x8A, 0x2C, 0xA8, 0x24, 0xA8, + 0xEA, 0xE2, 0xFE, 0x6A, 0xFB, 0x38, 0xD8, 0x3A, + 0x2D, 0x99, 0x99, 0x6A, 0xB2, 0x1F, 0xE3, 0xE8, + 0x4C, 0x0B, 0xE6, 0xB6, 0xDA, 0x08, 0x87, 0x9B, + 0x67, 0x73, 0x74, 0xFA, 0x7C, 0x69, 0x1B, 0x13, + 0xD4, 0x0F, 0xA9, 0xD4, 0xCC, 0x26, 0xB2, 0x28, + 0x8D, 0x5A, 0x8C, 0x9A, 0x43, 0x72, 0x43, 0x81, + 0x00, 0x4D, 0x61, 0xB0, 0xD5, 0x7F, 0xF4, 0x00, + 0x31, 0x4C, 0x8E, 0x30, 0xEE, 0x79, 0x6A, 0xF1, + 0x0F, 0x7E, 0xE2, 0x1B, 0xF1, 0x3D, 0x08, 0x18, + 0x04, 0x65, 0xAB, 0xC7, 0x2E, 0xDD, 0xB0, 0x80, + 0xC6, 0xA0, 0x71, 0x84, 0xE3, 0xEE, 0xDC, 0x47, + 0xC1, 0x9A, 0xA7, 0xF0, 0x9D, 0x1F, 0x33, 0x09, + 0xE1, 0x83, 0xA2, 0xBD, 0x9B, 0x05, 0x73, 0xDD, + 0xE4, 0x74, 0xA8, 0x1B, 0xA4, 0xF7, 0x8D, 0x0C, + 0x52, 0x3D, 0x0C, 0x04, 0xF9, 0x00, 0x60, 0xFD, + 0x57, 0x1A, 0x35, 0xC0, 0x37, 0xE0, 0x79, 0xC5, + 0xE2, 0x10, 0xD7, 0x39, 0x0D, 0xF5, 0x68, 0xF2, + 0xE2, 0xF0, 0x3C, 0xE4, 0x44, 0x20, 0xC8, 0x2F, + 0x3F, 0xE6, 0x9E, 0xB9, 0xB4, 0x8E, 0xE9, 0x09, + 0x62, 0xD6, 0xB0, 0xF2, 0x44, 0x40, 0x64, 0x8F, + 0x71, 0xED, 0xB2, 0x41, 0xEE, 0x65, 0x66, 0xFC, + 0x1A, 0x64, 0xCA, 0xBF, 0x66, 0xBE, 0x6F, 0xEC, + 0xBC, 0xB1, 0x38, 0x7C, 0x82, 0xA7, 0xBC, 0x20, + 0x2D, 0x9E, 0x36, 0x79, 0x98, 0xE2, 0xA2, 0x91, + 0xAF, 0x0C, 0xD1, 0x57, 0x06, 0x77, 0xFE, 0x8D, + 0x63, 0xA3, 0x28, 0x5A, 0x2E, 0xA6, 0xEB, 0x29, + 0xAF, 0x9D, 0xC1, 0xAE, 0xC1, 0xC3, 0x6C, 0x47, + 0x06, 0xB1, 0x2B, 0xAA, 0x20, 0x83, 0x96, 0x92, + 0xF2, 0x86, 0xA6, 0xE0, 0x32, 0x14, 0x68, 0xF7, + 0x47, 0x93, 0x45, 0xC4, 0xD5, 0x2F, 0xBD, 0xB2, + 0xF0, 0x67, 0x25, 0xB5, 0x54, 0xB8, 0x9E, 0x24, + 0x92, 0x61, 0x26, 0x81, 0xAC, 0xEB, 0xC6, 0xC7, + 0xBA, 0xDA, 0x92, 0x25, 0x81, 0x8D, 0xBC, 0x35, + 0xD6, 0x4C, 0x22, 0xC4, 0x8B, 0xFF, 0x80, 0xA7, + 0x30, 0xD0, 0x71, 0x6D, 0xFA, 0xC9, 0x9D, 0xFD, + 0x5B, 0x89, 0x92, 0x61, 0x1D, 0x0C, 0x93, 0xEE, + 0x90, 0xBD, 0xB2, 0x60, 0x02, 0x2A, 0xFE, 0x25, + 0xD9, 0x13, 0xE0, 0x6E, 0xFF, 0xB5, 0x9C, 0xB1, + 0xF8, 0xA6, 0x0C, 0xBF, 0xA5, 0xAB, 0x2F, 0x45, + 0x9A, 0x16, 0xF4, 0x67, 0xE9, 0x89, 0x52, 0x5E, + 0x0A, 0x37, 0xEB, 0xE5, 0x6E, 0x83, 0x3F, 0xDE, + 0x55, 0xDB, 0x9D, 0x15, 0x30, 0xAD, 0xCF, 0x45, + 0x84, 0x6D, 0xF2, 0x81, 0xE4, 0x7C, 0xAA, 0x1E, + 0x0A, 0x27, 0xEF, 0xDE, 0x21, 0x07, 0xD3, 0x54, + 0xCE, 0xA0, 0xF6, 0xA4, 0x54, 0x69, 0x2F, 0x04, + 0xCD, 0x83, 0x8E, 0xBD, 0xD4, 0x6E, 0x19, 0x1E, + 0x5D, 0x9C, 0x11, 0x83, 0x9A, 0x2C, 0x3F, 0x48, + 0x8A, 0x4F, 0xC7, 0xCD, 0x26, 0x5A, 0x7B, 0x5D, + 0x32, 0xB0, 0x8C, 0xBD, 0xBF, 0xAB, 0x9D, 0x2C, + 0xCD, 0x76, 0x22, 0x2C, 0x8E, 0xE3, 0x7D, 0xDC, + 0xBD, 0x2A, 0xA0, 0x63, 0xED, 0x86, 0x14, 0x73, + 0xA6, 0x45, 0x4C, 0xAE, 0xA3, 0x77, 0x85, 0x0B, + 0x1A, 0x2B, 0x9D, 0xDB, 0xBC, 0xB3, 0x74, 0xFA, + 0xB5, 0xB1, 0x2F, 0x35, 0x1C, 0x8E, 0x58, 0x88, + 0x87, 0x2E, 0x5C, 0xD1, 0xF6, 0x0A, 0x4F, 0xAE, + 0x1F, 0xF8, 0x37, 0xD1, 0x92, 0xC2, 0x2B, 0xEB, + 0x41, 0xEE, 0x6F, 0xA3, 0x92, 0xFC, 0xDF, 0x45, + 0x50, 0xFF, 0x46, 0xB5, 0xCE, 0x90, 0x6D, 0x01, + 0x7E, 0xF3, 0x07, 0x7D, 0xF1, 0x32, 0x30, 0x0D, + 0x8B, 0xBF, 0xA9, 0xBB, 0x03, 0xC7, 0x5E, 0x79, + 0xE2, 0xF0, 0x4C, 0x28, 0x4A, 0xD0, 0x6A, 0x44, + 0x39, 0x96, 0x49, 0xC3, 0xE2, 0xA2, 0xA8, 0xD1, + 0xEF, 0xE9, 0xB7, 0xA4, 0xE0, 0xC2, 0x71, 0x04, + 0x7A, 0xB7, 0x59, 0x08, 0xBF, 0xF7, 0xDF, 0x9E, + 0x30, 0xEC, 0xA5, 0x47, 0x74, 0x5B, 0xAE, 0x23, + 0xA8, 0x6F, 0xF9, 0xA8, 0xB5, 0x8C, 0x25, 0x38, + 0xB8, 0x8B, 0x86, 0x64, 0x01, 0x07, 0x69, 0x02, + 0xDC, 0x5F, 0x0B, 0xD7, 0x61, 0x68, 0x7B, 0x49, + 0xEA, 0xFE, 0x36, 0xD3, 0x50, 0xCB, 0xED, 0xFD, + 0xD3, 0x6C, 0x12, 0x1C, 0xF2, 0x37, 0x86, 0xBF, + 0xCF, 0x7E, 0x47, 0x07, 0x64, 0x96, 0xEA, 0xB6, + 0xBB, 0xDA, 0x77, 0x40, 0x49, 0xC2, 0xEB, 0xAB, + 0xE2, 0xDE, 0x99, 0xC4, 0xC2, 0x4F, 0x2D, 0xB7, + 0x36, 0x84, 0x01, 0x5B, 0x37, 0x39, 0x77, 0x49, + 0x67, 0x60, 0xCF, 0x9A, 0xC2, 0x3D, 0x8B, 0x62, + 0x31, 0x33, 0xDB, 0x2D, 0xE1, 0x0D, 0x73, 0xFA, + 0x6A, 0xD1, 0xC6, 0xDA, 0xC8, 0x43, 0x4F, 0x28, + 0xC6, 0xE2, 0x51, 0xCE, 0x72, 0x93, 0xCF, 0xF3, + 0xF3, 0xB6, 0x1E, 0xFC, 0xB5, 0xA4, 0x35, 0x12, + 0x36, 0x70, 0xF2, 0x98, 0x46, 0xA1, 0x3D, 0xF3, + 0xEE, 0x71, 0x26, 0x04, 0x46, 0x1F, 0x1B, 0xAB, + 0x8F, 0x4E, 0xBC, 0x83, 0x6D, 0xE0, 0x58, 0x97, + 0x8A, 0xE7, 0x34, 0x39, 0x6A, 0x98, 0x08, 0x1B, + 0x35, 0xCC, 0x98, 0x18, 0x8A, 0x86, 0x94, 0x9C, + 0x99, 0x27, 0x0D, 0x47, 0x09, 0x85, 0x4C, 0x5B, + 0x35, 0xB1, 0x7F, 0x48, 0xA3, 0x73, 0x13, 0x4C, + 0x81, 0x4C, 0xC8, 0xA0, 0xF3, 0xE2, 0xFA, 0x80, + 0x7F, 0x2A, 0x91, 0x85, 0x30, 0x90, 0x78, 0x64, + 0x77, 0x82, 0x82, 0xD7, 0x5E, 0x03, 0xA4, 0x1B, + 0x25, 0x04, 0xEE, 0xD8, 0x16, 0xA4, 0x17, 0xA3, + 0xAC, 0x6B, 0xA1, 0x60, 0x80, 0xC3, 0x9B, 0x73, + 0x10, 0x19, 0x20, 0x02, 0xA7, 0x28, 0xF7, 0xF2, + 0x03, 0x95, 0x00, 0x9A, 0x9E, 0x16, 0x76, 0x7C, + 0xE1, 0x97, 0x1F, 0x5D, 0xE7, 0xD2, 0x29, 0xA5, + 0x06, 0x13, 0x36, 0x9E, 0x43, 0x82, 0x04, 0x5A, + 0x8E, 0x81, 0x90, 0x1F, 0x4D, 0xBA, 0x81, 0x02, + 0xF3, 0xD4, 0x13, 0xFE, 0x35, 0xB3, 0x26, 0xA8, + 0x74, 0xF2, 0x33, 0xB7, 0x19, 0xA7, 0x13, 0x76, + 0x00, 0xD3, 0x5D, 0x33, 0xAE, 0xB6, 0xB7, 0x25, + 0x96, 0x24, 0x08, 0x3A, 0xA9, 0x68, 0x73, 0x0C, + 0x8F, 0x78, 0x29, 0x2A, 0xD2, 0x8F, 0x14, 0xEE, + 0xAB, 0xE6, 0x60, 0x83, 0x59, 0x84, 0xFE, 0x69, + 0xEF, 0x23, 0xDE, 0xC8, 0xC3, 0x27, 0xC0, 0xEB, + 0x0B, 0x88, 0x2D, 0x58, 0x7E, 0x1E, 0xC4, 0x33, + 0xDA, 0x85, 0xC9, 0xFD, 0x1E, 0x0A, 0x34, 0x99, + 0x4D, 0xEA, 0x24, 0x0C, 0x85, 0x44, 0x52, 0xD1, + 0x8C, 0x30, 0xF4, 0x96, 0xE4, 0x9E, 0xC9, 0x04, + 0xB6, 0x02, 0xE0, 0xF5, 0x06, 0x2E, 0xDC, 0xDA, + 0x03, 0x28, 0x0A, 0x53, 0xB4, 0x31, 0x35, 0x74, + 0xCC, 0x2C, 0x0D, 0x54, 0x71, 0xBC, 0x96, 0x13, + 0xBD, 0xFD, 0x66, 0x41, 0xF5, 0xBD, 0x12, 0x7B, + 0xAB, 0x5B, 0x5E, 0xB3, 0xD4, 0x99, 0xA3, 0x31, + 0x14, 0x04, 0x82, 0x20, 0xE8, 0x19, 0xF8, 0xEE, + 0x12, 0xCA, 0x92, 0x2C, 0x8F, 0x17, 0xD9, 0xC9, + 0xF5, 0x1A, 0xD5, 0xBD, 0x68, 0x83, 0xB1, 0x0E, + 0x6A, 0xA2, 0x48, 0x3B, 0xA4, 0x9D, 0xC5, 0x47, + 0xDA, 0x76, 0x86, 0x15, 0x13, 0x44, 0xF4, 0xE9, + 0x09, 0x9B, 0x38, 0xE4, 0x30, 0xB5, 0x22, 0x6B, + 0x05, 0x98, 0x32, 0xCF, 0x03, 0xDB, 0x48, 0xFB, + 0x02, 0xDB, 0xA4, 0xE6, 0x15, 0x93, 0xDC, 0x45, + 0x76, 0x36, 0x04, 0x91, 0x89, 0x0E, 0x53, 0xEC, + 0x0E, 0x6A, 0xC7, 0x3C, 0xF3, 0x2B, 0x25, 0xD8, + 0x23, 0xB3, 0x84, 0x56, 0xE2, 0x86, 0x50, 0x5A, + 0x54, 0x1E, 0x5A, 0xEE, 0xE9, 0x6B, 0x19, 0x14, + 0xF5, 0xF7, 0x66, 0x87, 0xCE, 0x2B, 0x01, 0x60, + 0x22, 0x7A, 0xBE, 0xD7, 0x79, 0x93, 0x59, 0x4B, + 0xCD, 0x83, 0x13, 0x66, 0x20, 0x6D, 0x75, 0x71, + 0x40, 0x82, 0xF1, 0xC4, 0x6F, 0x1F, 0x44, 0x39, + 0xAC, 0x81, 0xA5, 0x7A, 0xF3, 0x1C, 0x81, 0xC5, + 0x55, 0x30, 0x7A, 0x07, 0x0F, 0xFA, 0x94, 0xE0, + 0x47, 0x9B, 0x78, 0x4B, 0xBD, 0x88, 0xA6, 0x0C, + 0xD4, 0xC7, 0xCF, 0xD9, 0x4E, 0x6A, 0xFE, 0x02, + 0xF6, 0xB2, 0x1F, 0x72, 0xAF, 0x0D, 0xCD, 0x66, + 0x09, 0xD4, 0x0C, 0x96, 0x5C, 0x14, 0xE5, 0xF2, + 0x38, 0x91, 0x83, 0xE5, 0x3D, 0xE9, 0x30, 0xF7, + 0xDE, 0x1D, 0x44, 0x21, 0x5C, 0xF4, 0x91, 0x44, + 0x84, 0x4E, 0x8B, 0x87, 0xF7, 0x8A, 0x7F, 0x13, + 0x2A, 0xEF, 0xE2, 0x2B, 0xE8, 0x0B, 0x4E, 0x3A, + 0x05, 0xEE, 0x3A, 0x68, 0xCC, 0xF6, 0x09, 0xEF, + 0x44, 0x04, 0x74, 0x02, 0xE4, 0x49, 0x30, 0x46, + 0xE6, 0xF9, 0xC7, 0x67, 0xFF, 0x8A, 0x75, 0xE2, + 0x8B, 0x3C, 0xE0, 0x77, 0xFD, 0xE7, 0xE7, 0xEE, + 0xD3, 0x13, 0xB5, 0xBF, 0x7E, 0x46, 0x01, 0x27, + 0xCA, 0x81, 0x82, 0xE9, 0xBC, 0x79, 0x4C, 0x0D, + 0xFA, 0x73, 0x0F, 0xB9, 0x20, 0x08, 0x05, 0x75, + 0xA7, 0x51, 0xB5, 0xCA, 0xEC, 0x85, 0xA1, 0x09, + 0xB4, 0x42, 0x2B, 0xA2, 0x66, 0x74, 0x3F, 0x0D, + 0x03, 0x2B, 0xDA, 0x8F, 0x1C, 0xA6, 0x24, 0x8C, + 0xDB, 0x91, 0x75, 0x30, 0xDF, 0x13, 0x02, 0xA5, + 0xF8, 0xC1, 0x8D, 0xC6, 0x42, 0xD5, 0x24, 0x78, + 0xC9, 0x8C, 0x12, 0xA3, 0xF1, 0x6E, 0xF2, 0xB6, + 0x2B, 0x4F, 0x59, 0xEA, 0x1B, 0xB5, 0x8D, 0xE7, + 0xB6, 0x5B, 0x3C, 0x71, 0x53, 0xCE, 0x6D, 0xA5, + 0xE4, 0x95, 0x07, 0x46, 0xF8, 0x0E, 0x08, 0x7A, + 0x0E, 0x35, 0x86, 0xD0, 0x97, 0x79, 0x1B, 0xF3, + 0x6D, 0xEF, 0x86, 0x5D, 0x68, 0x59, 0x1D, 0x39, + 0xD0, 0x90, 0x37, 0x73, 0xEE, 0xA9, 0x62, 0x14, + 0x7F, 0x34, 0x70, 0x41, 0x38, 0xB5, 0x4D, 0xF7, + 0x92, 0x4C, 0xDD, 0x8C, 0x33, 0x3D, 0xB5, 0xE1, + 0xA4, 0x09, 0xCC, 0xB2, 0xB3, 0x4E, 0x2C, 0x3C, + 0x8C, 0x7F, 0xDD, 0x3F, 0xD8, 0xD0, 0x12, 0xCB, + 0xF3, 0x82, 0xAA, 0xA8, 0x5E, 0x83, 0xA1, 0x2F, + 0x23, 0x5A, 0x2D, 0x14, 0x7D, 0x03, 0x5B, 0x7B, + 0x28, 0xB3, 0x4B, 0x6F, 0x57, 0x94, 0x9F, 0x32, + 0x24, 0x82, 0xA7, 0xD4, 0xD3, 0xB1, 0x50, 0x45, + 0xC4, 0x20, 0xD5, 0xAD, 0xDC, 0x7F, 0x0E, 0x69, + 0xB4, 0xDC, 0x1C, 0xBA, 0x58, 0xB0, 0x1D, 0x87, + 0x24, 0x80, 0xB0, 0x6A, 0x26, 0x0D, 0x82, 0x7D, + 0x89, 0x1B, 0x13, 0xC4, 0xC5, 0xCA, 0x50, 0xC7, + 0x48, 0xDE, 0x3C, 0x77, 0x1B, 0xE6, 0x1E, 0x9A, + 0xA1, 0x70, 0x16, 0x5C, 0xB0, 0x1F, 0x4B, 0xF5, + 0xDA, 0x27, 0xA7, 0x79, 0x1D, 0x3A, 0xD3, 0xF6, + 0x26, 0x7B, 0x4C, 0xB4, 0xE6, 0x1B, 0x28, 0xFA, + 0x17, 0x08, 0x41, 0x8D, 0x93, 0x2D, 0xFC, 0x41, + 0x61, 0x88, 0x0C, 0x5D, 0x3B, 0x17, 0xA9, 0x66, + 0x3A, 0x90, 0x61, 0xFA, 0x8F, 0x18, 0x04, 0x31, + 0x58, 0x50, 0xFE, 0x4E, 0x73, 0x06, 0xC8, 0x82, + 0xB3, 0x82, 0x27, 0xE8, 0x67, 0xF8, 0x08, 0x72, + 0xCD, 0xC1, 0x94, 0x4D, 0x47, 0x26, 0x15, 0xEA, + 0x49, 0x00, 0xEF, 0x7D, 0x27, 0x0B, 0x88, 0x1D, + 0x41, 0x30, 0xF5, 0x6C, 0x5C, 0xC9, 0x80, 0xD9, + 0x2A, 0x47, 0xAD, 0xA6, 0x65, 0x7E, 0xB6, 0xF3, + 0x7A, 0x38, 0x5D, 0x2D, 0x8C, 0xC9, 0x93, 0xE1, + 0x44, 0x2E, 0xB0, 0x52, 0x81, 0x85, 0x36, 0x36, + 0x99, 0x1E, 0x34, 0xAA, 0xDC, 0x68, 0x95, 0x4D, + 0x04, 0xE7, 0xAD, 0xEF, 0x76, 0xBF, 0x88, 0x0F, + 0x05, 0x9B, 0x0C, 0xBB, 0x55, 0xD9, 0x15, 0xA4, + 0xB1, 0x23, 0xE2, 0xF1, 0x33, 0x9A, 0x07, 0x3C, + 0xBF, 0xBC, 0x40, 0x9B, 0xEF, 0xF6, 0x40, 0x0A, + 0xE0, 0x96, 0xD5, 0xAE, 0x18, 0xEC, 0x42, 0xCF, + 0xFA, 0xD5, 0xB4, 0x98, 0x0F, 0xA3, 0x5B, 0xF0, + 0x34, 0x13, 0xAD, 0xB5, 0xD7, 0xE6, 0x87, 0x6A, + 0xC3, 0x55, 0xD1, 0xC9, 0xED, 0x70, 0xCA, 0x2B, + 0x97, 0x39, 0x54, 0xD1, 0x2B, 0x3C, 0xDD, 0x76, + 0xAC, 0x68, 0x35, 0xDB, 0x96, 0x00, 0x3E, 0xD8, + 0xC4, 0xE2, 0x88, 0xB7, 0x1F, 0xD7, 0x7D, 0xBA, + 0xA7, 0x63, 0x57, 0x20, 0xE1, 0x2A, 0xE0, 0xA3, + 0x17, 0xDE, 0x80, 0x8C, 0x66, 0x4E, 0x31, 0x7F, + 0x55, 0x27, 0x57, 0x91, 0xF3, 0x24, 0x5C, 0xA4, + 0xFE, 0x5D, 0x4D, 0x41, 0x07, 0x7F, 0xC1, 0x50, + 0xA6, 0xE4, 0x03, 0xD5, 0xA2, 0x08, 0xE4, 0x6E, + 0xAD, 0xBE, 0x8F, 0x2C, 0xFB, 0x8A, 0xF4, 0x72, + 0xF4, 0xA0, 0xCE, 0xAC, 0x01, 0x52, 0x19, 0x47, + 0x8E, 0x6B, 0x86, 0xC9, 0x58, 0xCF, 0x86, 0x52, + 0x5B, 0x74, 0x85, 0xC1, 0x73, 0x4C, 0x7E, 0xF0, + 0x0E, 0x90, 0x68, 0x3F, 0xFF, 0x5D, 0xBD, 0x0A, + 0x7D, 0x41, 0x3A, 0x85, 0x50, 0x21, 0x02, 0x6A, + 0x1B, 0x32, 0x01, 0x3A, 0x46, 0x16, 0xCB, 0xCD, + 0x37, 0x00, 0xAC, 0xBC, 0x70, 0x5B, 0xE3, 0xEF, + 0xBA, 0x62, 0x5C, 0x69, 0xA0, 0x25, 0x26, 0x7B, + 0xCE, 0x9D, 0x13, 0x5E, 0x3F, 0x5B, 0x5C, 0xC8, + 0xC4, 0x39, 0x56, 0x40, 0x7E, 0x84, 0xB6, 0x66, + 0x31, 0x03, 0xE2, 0x9C, 0x24, 0x20, 0x35, 0x55, + 0x1A, 0xE7, 0x97, 0xF5, 0x6C, 0x63, 0x74, 0xBE, + 0x0C, 0x79, 0x8C, 0x0C, 0xF3, 0x98, 0xF1, 0xED + }; + static const byte sk_65[] = { + 0xD2, 0xFD, 0x03, 0xF3, 0xA1, 0xB7, 0xF6, 0x35, + 0xAF, 0x9F, 0x34, 0xD5, 0x80, 0xA9, 0x8F, 0x52, + 0x4C, 0x73, 0x5B, 0xD5, 0xBA, 0x23, 0x55, 0xDC, + 0x6E, 0x03, 0x5B, 0xD2, 0x17, 0x65, 0x58, 0x0C, + 0xE3, 0x8D, 0x1C, 0x14, 0xF6, 0x46, 0x7C, 0x35, + 0xA9, 0xF3, 0x80, 0xD2, 0x7D, 0xE6, 0x1F, 0x7C, + 0x75, 0x03, 0x15, 0x69, 0xEA, 0x2E, 0xC8, 0x26, + 0x0E, 0xEE, 0x91, 0x05, 0x26, 0x1B, 0x7F, 0xE1, + 0x60, 0xC9, 0x13, 0x44, 0xB0, 0xC6, 0x76, 0x4C, + 0x20, 0x4E, 0x5B, 0x8D, 0x42, 0x46, 0x50, 0xBE, + 0xC0, 0x6B, 0x9E, 0x2E, 0x62, 0x5A, 0xF0, 0x7E, + 0x23, 0xF4, 0x95, 0x0C, 0xA2, 0x4F, 0xB4, 0xD6, + 0xEC, 0x2C, 0x8B, 0x3A, 0x71, 0x7C, 0x93, 0x11, + 0xEB, 0x87, 0x27, 0x9F, 0xE2, 0x5E, 0x31, 0x1F, + 0x48, 0xB8, 0x25, 0x65, 0x01, 0xF6, 0x46, 0x34, + 0x12, 0xB5, 0x0D, 0xBC, 0x89, 0xA8, 0x69, 0xBA, + 0x22, 0x41, 0x11, 0x26, 0x48, 0x40, 0x07, 0x38, + 0x73, 0x02, 0x12, 0x44, 0x25, 0x44, 0x57, 0x54, + 0x83, 0x72, 0x50, 0x33, 0x35, 0x62, 0x58, 0x42, + 0x32, 0x01, 0x62, 0x11, 0x83, 0x61, 0x02, 0x45, + 0x66, 0x56, 0x48, 0x35, 0x61, 0x20, 0x84, 0x52, + 0x60, 0x68, 0x50, 0x45, 0x65, 0x55, 0x12, 0x72, + 0x47, 0x47, 0x21, 0x21, 0x25, 0x40, 0x22, 0x21, + 0x42, 0x81, 0x17, 0x65, 0x03, 0x06, 0x42, 0x61, + 0x52, 0x13, 0x43, 0x25, 0x24, 0x33, 0x82, 0x12, + 0x11, 0x35, 0x62, 0x33, 0x32, 0x07, 0x47, 0x86, + 0x22, 0x31, 0x50, 0x83, 0x70, 0x84, 0x26, 0x43, + 0x45, 0x64, 0x51, 0x48, 0x31, 0x14, 0x86, 0x24, + 0x66, 0x86, 0x74, 0x33, 0x71, 0x36, 0x67, 0x26, + 0x01, 0x47, 0x07, 0x72, 0x11, 0x61, 0x58, 0x85, + 0x58, 0x38, 0x71, 0x83, 0x80, 0x67, 0x01, 0x65, + 0x78, 0x70, 0x64, 0x77, 0x85, 0x60, 0x02, 0x88, + 0x53, 0x48, 0x46, 0x62, 0x25, 0x83, 0x54, 0x88, + 0x04, 0x74, 0x40, 0x12, 0x57, 0x43, 0x71, 0x07, + 0x75, 0x44, 0x38, 0x71, 0x21, 0x14, 0x22, 0x08, + 0x88, 0x72, 0x23, 0x58, 0x87, 0x46, 0x14, 0x85, + 0x53, 0x71, 0x67, 0x73, 0x82, 0x28, 0x22, 0x74, + 0x14, 0x03, 0x57, 0x73, 0x28, 0x71, 0x83, 0x80, + 0x78, 0x14, 0x34, 0x87, 0x52, 0x07, 0x64, 0x74, + 0x01, 0x60, 0x75, 0x61, 0x06, 0x08, 0x61, 0x32, + 0x21, 0x46, 0x15, 0x65, 0x42, 0x67, 0x08, 0x20, + 0x84, 0x10, 0x73, 0x13, 0x03, 0x61, 0x02, 0x86, + 0x50, 0x45, 0x26, 0x12, 0x16, 0x68, 0x33, 0x55, + 0x25, 0x84, 0x73, 0x53, 0x54, 0x52, 0x65, 0x17, + 0x10, 0x60, 0x00, 0x38, 0x57, 0x77, 0x81, 0x24, + 0x26, 0x80, 0x41, 0x46, 0x43, 0x26, 0x67, 0x41, + 0x06, 0x03, 0x55, 0x41, 0x28, 0x33, 0x37, 0x25, + 0x23, 0x06, 0x77, 0x82, 0x15, 0x16, 0x31, 0x73, + 0x00, 0x08, 0x75, 0x26, 0x58, 0x46, 0x34, 0x63, + 0x88, 0x08, 0x84, 0x64, 0x51, 0x11, 0x24, 0x05, + 0x32, 0x10, 0x11, 0x18, 0x18, 0x64, 0x78, 0x22, + 0x41, 0x00, 0x38, 0x55, 0x75, 0x42, 0x10, 0x46, + 0x83, 0x43, 0x73, 0x38, 0x80, 0x07, 0x83, 0x43, + 0x78, 0x74, 0x13, 0x57, 0x62, 0x32, 0x68, 0x80, + 0x65, 0x86, 0x48, 0x53, 0x48, 0x35, 0x51, 0x58, + 0x50, 0x74, 0x46, 0x05, 0x88, 0x70, 0x07, 0x72, + 0x01, 0x31, 0x00, 0x87, 0x54, 0x88, 0x14, 0x20, + 0x84, 0x16, 0x61, 0x15, 0x60, 0x56, 0x85, 0x11, + 0x58, 0x08, 0x05, 0x88, 0x63, 0x01, 0x82, 0x86, + 0x13, 0x14, 0x17, 0x22, 0x01, 0x68, 0x17, 0x17, + 0x86, 0x58, 0x53, 0x10, 0x62, 0x28, 0x52, 0x82, + 0x26, 0x15, 0x04, 0x31, 0x42, 0x88, 0x54, 0x31, + 0x78, 0x05, 0x80, 0x11, 0x50, 0x45, 0x68, 0x82, + 0x33, 0x66, 0x36, 0x36, 0x40, 0x65, 0x15, 0x24, + 0x47, 0x67, 0x06, 0x45, 0x36, 0x42, 0x26, 0x86, + 0x75, 0x06, 0x35, 0x41, 0x33, 0x47, 0x85, 0x12, + 0x17, 0x80, 0x83, 0x87, 0x65, 0x51, 0x42, 0x31, + 0x38, 0x87, 0x56, 0x62, 0x05, 0x17, 0x40, 0x85, + 0x28, 0x14, 0x17, 0x21, 0x38, 0x12, 0x60, 0x81, + 0x24, 0x41, 0x45, 0x75, 0x01, 0x82, 0x87, 0x10, + 0x10, 0x02, 0x13, 0x25, 0x57, 0x04, 0x21, 0x72, + 0x42, 0x78, 0x61, 0x11, 0x70, 0x05, 0x30, 0x47, + 0x72, 0x13, 0x20, 0x30, 0x21, 0x67, 0x44, 0x31, + 0x57, 0x71, 0x45, 0x57, 0x10, 0x54, 0x16, 0x65, + 0x74, 0x15, 0x24, 0x02, 0x43, 0x71, 0x51, 0x20, + 0x55, 0x11, 0x67, 0x83, 0x67, 0x82, 0x52, 0x53, + 0x35, 0x66, 0x42, 0x46, 0x13, 0x70, 0x22, 0x32, + 0x74, 0x00, 0x07, 0x06, 0x81, 0x87, 0x17, 0x57, + 0x80, 0x28, 0x68, 0x01, 0x72, 0x10, 0x04, 0x27, + 0x55, 0x22, 0x86, 0x42, 0x53, 0x15, 0x81, 0x76, + 0x30, 0x86, 0x40, 0x83, 0x11, 0x43, 0x30, 0x53, + 0x82, 0x73, 0x53, 0x03, 0x72, 0x35, 0x68, 0x70, + 0x45, 0x41, 0x15, 0x73, 0x14, 0x12, 0x31, 0x64, + 0x32, 0x66, 0x63, 0x56, 0x21, 0x51, 0x50, 0x82, + 0x10, 0x30, 0x23, 0x38, 0x17, 0x21, 0x27, 0x10, + 0x23, 0x14, 0x22, 0x75, 0x77, 0x28, 0x37, 0x71, + 0x62, 0x75, 0x06, 0x88, 0x72, 0x14, 0x18, 0x73, + 0x13, 0x03, 0x01, 0x50, 0x71, 0x58, 0x62, 0x86, + 0x62, 0x88, 0x86, 0x86, 0x03, 0x27, 0x01, 0x46, + 0x17, 0x22, 0x71, 0x38, 0x53, 0x81, 0x70, 0x33, + 0x88, 0x68, 0x13, 0x78, 0x81, 0x04, 0x86, 0x57, + 0x30, 0x16, 0x52, 0x31, 0x40, 0x83, 0x07, 0x56, + 0x82, 0x10, 0x32, 0x31, 0x28, 0x50, 0x06, 0x50, + 0x81, 0x63, 0x06, 0x75, 0x76, 0x65, 0x11, 0x60, + 0x14, 0x17, 0x12, 0x12, 0x55, 0x56, 0x48, 0x11, + 0x41, 0x13, 0x28, 0x82, 0x62, 0x07, 0x47, 0x64, + 0x24, 0x48, 0x23, 0x24, 0x77, 0x53, 0x26, 0x08, + 0x17, 0x58, 0x11, 0x56, 0x37, 0x48, 0x35, 0x51, + 0x47, 0x86, 0x85, 0x66, 0x66, 0x81, 0x73, 0x20, + 0x21, 0x36, 0x75, 0x22, 0x74, 0x66, 0x83, 0x44, + 0x57, 0x00, 0x66, 0x64, 0x77, 0x20, 0x47, 0x22, + 0x28, 0x56, 0x87, 0x12, 0x47, 0x02, 0x48, 0x07, + 0x02, 0x54, 0x23, 0x01, 0x25, 0x71, 0x37, 0x36, + 0x75, 0x36, 0x00, 0x52, 0x68, 0x15, 0x33, 0x35, + 0x82, 0x06, 0x13, 0x73, 0x24, 0x08, 0x71, 0x76, + 0x15, 0x22, 0x42, 0x60, 0x18, 0x53, 0x43, 0x11, + 0x64, 0x57, 0x76, 0x17, 0x61, 0x56, 0x68, 0x76, + 0x60, 0x65, 0x54, 0x78, 0x10, 0x33, 0x63, 0x14, + 0x21, 0x83, 0x21, 0x60, 0x15, 0x55, 0x80, 0x42, + 0x38, 0x42, 0x03, 0x13, 0x12, 0x34, 0x36, 0x25, + 0x27, 0x30, 0x82, 0x81, 0x25, 0x47, 0x51, 0x35, + 0x44, 0x12, 0x67, 0x35, 0x00, 0x10, 0x01, 0x83, + 0x85, 0x74, 0x42, 0x40, 0x13, 0x03, 0x61, 0x27, + 0x81, 0x26, 0x26, 0x81, 0x18, 0x87, 0x43, 0x51, + 0x20, 0x62, 0x71, 0x27, 0x51, 0x56, 0x10, 0x22, + 0x22, 0x81, 0x11, 0x81, 0x41, 0x66, 0x66, 0x38, + 0x20, 0x86, 0x75, 0x56, 0x12, 0x40, 0x06, 0x54, + 0x61, 0x12, 0x74, 0x40, 0x34, 0x58, 0x58, 0x78, + 0x10, 0x07, 0x85, 0x25, 0x72, 0x88, 0x57, 0x22, + 0x22, 0x25, 0x50, 0x84, 0x00, 0x41, 0x26, 0x08, + 0x36, 0x46, 0x28, 0x78, 0x46, 0x78, 0x05, 0x02, + 0x28, 0x20, 0x77, 0x13, 0x60, 0x75, 0x14, 0x43, + 0x68, 0x78, 0x64, 0x31, 0x38, 0x77, 0x73, 0x73, + 0x55, 0x41, 0x27, 0x00, 0x54, 0x07, 0x08, 0x28, + 0x68, 0x80, 0x04, 0x53, 0x83, 0x43, 0x22, 0x81, + 0x00, 0x64, 0x35, 0x48, 0x67, 0x66, 0x50, 0x17, + 0x75, 0x76, 0x12, 0x75, 0x43, 0x81, 0x62, 0x40, + 0x33, 0x43, 0x45, 0x38, 0x87, 0x21, 0x66, 0x14, + 0x70, 0x48, 0x41, 0x43, 0x14, 0x66, 0x58, 0x78, + 0x45, 0x82, 0x02, 0x25, 0x45, 0x73, 0x15, 0x21, + 0x32, 0x03, 0x02, 0x48, 0x80, 0x80, 0x13, 0x71, + 0x25, 0x54, 0x32, 0x72, 0x05, 0x68, 0x65, 0x24, + 0x68, 0x04, 0x06, 0x16, 0x83, 0x50, 0x54, 0x53, + 0x37, 0x37, 0x27, 0x22, 0x20, 0x68, 0x08, 0x25, + 0x50, 0x84, 0x72, 0x86, 0x74, 0x22, 0x36, 0x16, + 0x80, 0x07, 0x55, 0x18, 0x12, 0x17, 0x84, 0x44, + 0x81, 0x15, 0x64, 0x50, 0x71, 0x10, 0x58, 0x15, + 0x51, 0x10, 0x10, 0x47, 0x16, 0x21, 0x07, 0x58, + 0x61, 0x18, 0x78, 0x00, 0x52, 0x72, 0x64, 0x52, + 0x17, 0x43, 0x23, 0x40, 0x76, 0x48, 0x67, 0x30, + 0x77, 0x63, 0x64, 0x87, 0x51, 0x31, 0x63, 0x84, + 0x68, 0x74, 0x53, 0x63, 0x84, 0x23, 0x54, 0x66, + 0x10, 0x48, 0x36, 0x33, 0x85, 0x21, 0x48, 0x42, + 0x03, 0x82, 0x51, 0x10, 0x33, 0x57, 0x46, 0x80, + 0x16, 0x43, 0x34, 0x02, 0x07, 0x03, 0x53, 0x22, + 0x12, 0x75, 0x73, 0x34, 0x65, 0x83, 0x33, 0x87, + 0x43, 0x85, 0x17, 0x50, 0x36, 0x60, 0x88, 0x02, + 0x58, 0x75, 0x80, 0x88, 0x31, 0x63, 0x60, 0x18, + 0x21, 0x32, 0x26, 0x15, 0x68, 0x74, 0x11, 0x10, + 0x33, 0x14, 0x13, 0x05, 0x34, 0x16, 0x72, 0x65, + 0x35, 0x50, 0x13, 0x34, 0x80, 0x87, 0x10, 0x26, + 0x48, 0x68, 0x84, 0x52, 0x71, 0x44, 0x23, 0x58, + 0x80, 0x35, 0x57, 0x70, 0x54, 0x84, 0x28, 0x70, + 0x55, 0x88, 0x86, 0x83, 0x86, 0x25, 0x21, 0x82, + 0x72, 0x61, 0x17, 0x78, 0x85, 0x17, 0x67, 0x73, + 0x00, 0x57, 0x71, 0x11, 0x78, 0x51, 0x10, 0x65, + 0x63, 0x57, 0x02, 0x87, 0x40, 0x13, 0x40, 0x01, + 0x26, 0x53, 0x45, 0x12, 0x05, 0x46, 0x75, 0x18, + 0x80, 0x70, 0x33, 0x35, 0x66, 0x22, 0x62, 0x00, + 0x70, 0x23, 0x26, 0x87, 0x72, 0x63, 0x11, 0x13, + 0x33, 0x33, 0x81, 0x41, 0x70, 0x62, 0x28, 0x61, + 0x51, 0x47, 0x31, 0x30, 0x25, 0x46, 0x51, 0x17, + 0x61, 0x58, 0x07, 0x41, 0x61, 0x37, 0x37, 0x06, + 0x14, 0x00, 0x54, 0x88, 0x77, 0x75, 0x67, 0x77, + 0x66, 0x53, 0x16, 0x72, 0x66, 0x66, 0x88, 0x76, + 0x43, 0x58, 0x31, 0x04, 0x87, 0x57, 0x06, 0x76, + 0x47, 0x00, 0x43, 0x63, 0x58, 0x60, 0x52, 0x03, + 0x44, 0x27, 0x36, 0x48, 0x61, 0x23, 0x72, 0x16, + 0x10, 0x62, 0x42, 0x08, 0x60, 0x83, 0x23, 0x54, + 0x03, 0x55, 0x55, 0x73, 0x00, 0x61, 0x03, 0x65, + 0x34, 0x27, 0x14, 0x15, 0x86, 0x62, 0x55, 0x80, + 0x16, 0x53, 0x10, 0x18, 0x26, 0x11, 0x35, 0x46, + 0x82, 0x46, 0x13, 0x25, 0x83, 0x47, 0x70, 0x50, + 0x06, 0x01, 0x56, 0x02, 0x11, 0x68, 0x54, 0x53, + 0x03, 0x68, 0x73, 0x36, 0x41, 0x88, 0x86, 0x33, + 0x42, 0x52, 0x01, 0x58, 0x33, 0x42, 0x32, 0x88, + 0x56, 0x81, 0x77, 0x55, 0x51, 0x48, 0x48, 0x12, + 0x01, 0x58, 0x13, 0x85, 0x04, 0x14, 0x71, 0x83, + 0x57, 0x07, 0x54, 0x55, 0x54, 0x55, 0x28, 0x27, + 0x31, 0x36, 0x02, 0x12, 0x32, 0x68, 0x32, 0x13, + 0x82, 0x58, 0x70, 0x28, 0x58, 0x53, 0x44, 0x86, + 0x72, 0x73, 0x42, 0x84, 0x18, 0x22, 0x08, 0x83, + 0x61, 0x02, 0x14, 0x16, 0x17, 0x12, 0x41, 0x57, + 0x48, 0x85, 0x25, 0x10, 0x26, 0x07, 0x36, 0x76, + 0x12, 0x66, 0x17, 0x21, 0x32, 0x36, 0x03, 0x25, + 0x41, 0x10, 0x11, 0x22, 0x66, 0x60, 0x16, 0x16, + 0x32, 0x64, 0x26, 0x05, 0x18, 0x63, 0x51, 0x58, + 0x51, 0x31, 0x42, 0x53, 0x84, 0x56, 0x66, 0x27, + 0x83, 0x33, 0x54, 0x50, 0x76, 0x46, 0x50, 0x80, + 0x25, 0x43, 0x41, 0x57, 0x35, 0x78, 0x25, 0x43, + 0x02, 0x82, 0x38, 0x47, 0x45, 0x70, 0x15, 0x67, + 0x51, 0x77, 0x47, 0x80, 0x31, 0x52, 0x75, 0x00, + 0x00, 0x94, 0x7B, 0xCA, 0x93, 0xC2, 0x7D, 0x58, + 0x4E, 0x2C, 0x66, 0xEA, 0xC9, 0xC7, 0x64, 0x0C, + 0x1C, 0xA2, 0x17, 0xEE, 0xF6, 0x6D, 0xAB, 0xBC, + 0xB2, 0x60, 0xB4, 0xC3, 0x43, 0x00, 0xFA, 0x05, + 0x13, 0x57, 0x82, 0x0F, 0x57, 0x39, 0x25, 0x44, + 0x98, 0x2F, 0xD1, 0x10, 0x57, 0xDE, 0x23, 0x3E, + 0x6D, 0x2D, 0xD8, 0x49, 0x72, 0xA7, 0xE4, 0x7D, + 0x4D, 0xBA, 0x99, 0xBC, 0x30, 0xCF, 0x8F, 0x2A, + 0xD5, 0xA2, 0xC0, 0x24, 0x31, 0x95, 0xED, 0x27, + 0x30, 0xFF, 0xA9, 0x2D, 0x22, 0x7D, 0x15, 0x30, + 0x95, 0x97, 0x2D, 0x4B, 0x34, 0x47, 0xFF, 0xAC, + 0x45, 0xA2, 0x3E, 0xB4, 0x1C, 0xBC, 0x87, 0xCD, + 0xD1, 0x25, 0x0A, 0x8A, 0x47, 0x8B, 0x0F, 0x7A, + 0x1D, 0x5B, 0x39, 0xAA, 0x22, 0x06, 0xE4, 0x86, + 0x45, 0x58, 0x4F, 0xE7, 0xBF, 0x7A, 0x13, 0x16, + 0x8F, 0x48, 0x27, 0x65, 0xE5, 0x7B, 0xB9, 0x24, + 0xAC, 0x6D, 0x9A, 0x11, 0x36, 0x9F, 0x4A, 0x6A, + 0xFF, 0xCD, 0x16, 0x9B, 0x7D, 0x75, 0x12, 0x9B, + 0x35, 0xD5, 0x13, 0x4A, 0x31, 0x76, 0x1B, 0xB8, + 0x35, 0x5A, 0xEE, 0xED, 0x27, 0xE2, 0x01, 0xA0, + 0x63, 0x13, 0x01, 0x3E, 0x30, 0x7A, 0x01, 0xA7, + 0x3A, 0xEA, 0x79, 0x55, 0xC0, 0x57, 0x8C, 0x8C, + 0x5E, 0x5A, 0x1A, 0x2D, 0x2F, 0xA4, 0x59, 0x3F, + 0xAC, 0xD9, 0x04, 0xC6, 0x20, 0x40, 0xBD, 0xB9, + 0xF3, 0x29, 0x93, 0x35, 0x36, 0xBF, 0x8D, 0x81, + 0xC4, 0x25, 0x6B, 0xAA, 0xE8, 0x72, 0x3F, 0xD4, + 0xDC, 0x66, 0xBB, 0x5E, 0x7F, 0x9C, 0xA4, 0x90, + 0x31, 0xA1, 0x93, 0xEC, 0xEC, 0xBB, 0x5D, 0xC3, + 0x90, 0xEC, 0x6D, 0x55, 0x13, 0xC7, 0x9A, 0x05, + 0x2B, 0x3F, 0xD4, 0x36, 0x12, 0xFB, 0x73, 0x75, + 0x31, 0x5D, 0x80, 0x91, 0xF7, 0x9B, 0xAB, 0x13, + 0x18, 0xF1, 0x78, 0x54, 0x56, 0x1B, 0xC9, 0x3A, + 0xE0, 0xE5, 0xCD, 0x6D, 0x13, 0x1E, 0x56, 0x2C, + 0x81, 0x14, 0x81, 0x0C, 0x93, 0x9A, 0xE5, 0x63, + 0xAA, 0x10, 0xB4, 0x7C, 0xE4, 0x48, 0x43, 0x17, + 0xF3, 0x4A, 0xBD, 0x02, 0xD0, 0xCC, 0xAD, 0x58, + 0xDD, 0x29, 0xBC, 0xF6, 0x57, 0xBB, 0xD9, 0x25, + 0x4B, 0x01, 0xCA, 0x97, 0x26, 0x09, 0x19, 0x38, + 0xED, 0x32, 0x05, 0x4B, 0x37, 0xDD, 0x61, 0x72, + 0x40, 0xF4, 0x43, 0x4C, 0x1A, 0x4A, 0x87, 0x11, + 0xAA, 0x3A, 0x39, 0x9A, 0x8A, 0x53, 0x88, 0x33, + 0x0B, 0x70, 0x59, 0xEC, 0xCB, 0xB6, 0xB1, 0xB9, + 0xCF, 0x71, 0x87, 0xAD, 0xF1, 0x0B, 0x0C, 0x91, + 0x71, 0xD3, 0xC0, 0xF6, 0xE2, 0xD4, 0x60, 0xA4, + 0x19, 0x24, 0x76, 0x72, 0xE3, 0xB9, 0xFE, 0xA2, + 0xC9, 0x59, 0x10, 0xBF, 0x2F, 0xB6, 0xA5, 0xD6, + 0x1F, 0x25, 0x74, 0x53, 0xB0, 0x7A, 0xFB, 0x64, + 0xB0, 0xBA, 0x27, 0x58, 0xBC, 0xD7, 0x35, 0x75, + 0x1F, 0x2D, 0x53, 0x51, 0x5E, 0x23, 0x6F, 0xE8, + 0xA5, 0xB4, 0x39, 0x3B, 0x80, 0xBF, 0x06, 0xDF, + 0x97, 0xBD, 0xC6, 0x38, 0x00, 0x87, 0xE6, 0xAA, + 0x8D, 0xDE, 0x6E, 0x09, 0x81, 0x11, 0xA7, 0x34, + 0x3F, 0xCD, 0xD1, 0xE9, 0x03, 0x70, 0x8E, 0x63, + 0x7E, 0xBF, 0x28, 0x32, 0x3C, 0xDA, 0x6B, 0x94, + 0x05, 0x81, 0x0E, 0xDC, 0xFB, 0x36, 0x91, 0x14, + 0x9E, 0xCF, 0x22, 0x4C, 0x50, 0xF8, 0xDF, 0x92, + 0xA9, 0x4A, 0xA4, 0x77, 0x0A, 0x0E, 0x91, 0x46, + 0x61, 0x94, 0xBB, 0x0E, 0x27, 0xBF, 0x1C, 0xAB, + 0xF1, 0x6A, 0xDF, 0xD3, 0x51, 0x22, 0x00, 0x33, + 0xF7, 0x6F, 0x59, 0x25, 0x55, 0x7B, 0xCF, 0x96, + 0x34, 0xE9, 0x46, 0x13, 0x59, 0x62, 0x1D, 0x80, + 0xB4, 0xBB, 0xAD, 0x7E, 0x2A, 0x6E, 0x43, 0x2D, + 0xC4, 0x3B, 0x12, 0x6C, 0xA4, 0x2A, 0xB8, 0x8A, + 0xA8, 0x8F, 0x0A, 0x84, 0xAF, 0x58, 0x02, 0x9C, + 0x99, 0xA0, 0x24, 0x8F, 0x0C, 0x45, 0x40, 0x71, + 0xF3, 0x5B, 0x83, 0x1F, 0xED, 0x12, 0x54, 0xD6, + 0xF4, 0xE2, 0x72, 0x04, 0x85, 0x78, 0x62, 0x15, + 0xF7, 0xC7, 0xF0, 0xC4, 0xED, 0x15, 0xFA, 0x85, + 0x3C, 0xD3, 0xAA, 0x07, 0x25, 0x9B, 0x39, 0x24, + 0x0A, 0x82, 0x13, 0x5C, 0x29, 0x23, 0xA7, 0x2B, + 0x87, 0x6F, 0xAB, 0xB3, 0xF0, 0xF2, 0xC0, 0x96, + 0x13, 0xDE, 0x39, 0xD4, 0x59, 0xA0, 0x7C, 0x14, + 0xE7, 0xBA, 0x43, 0x7D, 0x80, 0x41, 0x49, 0x1F, + 0xCE, 0xC1, 0x43, 0x34, 0x04, 0xBA, 0xD1, 0xDA, + 0x9E, 0xE9, 0x47, 0x1E, 0x17, 0xCB, 0x69, 0x1B, + 0x2A, 0x35, 0x37, 0x10, 0xC9, 0xFF, 0xA4, 0xE5, + 0x17, 0x81, 0x12, 0x02, 0x77, 0x64, 0xEB, 0x7D, + 0xE8, 0x09, 0xC3, 0xE1, 0xF1, 0xFA, 0x41, 0x78, + 0xA5, 0xD4, 0xDC, 0x9E, 0xE2, 0x78, 0x57, 0xEF, + 0xF2, 0x6B, 0x91, 0x71, 0x1F, 0xC1, 0x44, 0xD5, + 0xA7, 0x75, 0xB8, 0xB5, 0x0D, 0x5D, 0xB9, 0x39, + 0xBA, 0x32, 0x07, 0x68, 0x0C, 0x24, 0x2F, 0xC8, + 0x21, 0x94, 0x7F, 0x93, 0x4C, 0x8D, 0xAE, 0xE2, + 0x03, 0x56, 0x3D, 0x28, 0x60, 0x6B, 0xE6, 0x24, + 0xA3, 0x29, 0x01, 0x93, 0x2D, 0xAE, 0x85, 0x71, + 0x2A, 0xF6, 0xC8, 0x01, 0x60, 0x26, 0x92, 0x7E, + 0x9B, 0x81, 0x29, 0x57, 0x4B, 0xE3, 0xCB, 0x1E, + 0x95, 0x33, 0x2B, 0x05, 0x27, 0x07, 0xAC, 0x8A, + 0xA8, 0xF4, 0x35, 0xE8, 0x8B, 0x7E, 0x56, 0x8D, + 0x49, 0x87, 0xC6, 0xAC, 0x0E, 0x90, 0x2B, 0x06, + 0x09, 0xA0, 0x2D, 0x91, 0xB3, 0xF5, 0xFD, 0x3F, + 0xD9, 0x01, 0xDD, 0xD0, 0xDB, 0x98, 0x73, 0xBD, + 0x7C, 0x71, 0xED, 0x92, 0x1D, 0x45, 0x77, 0xA7, + 0x8C, 0x4F, 0xCC, 0x9B, 0xF0, 0x75, 0x20, 0x3D, + 0x38, 0xF5, 0xE7, 0x6E, 0x74, 0xF2, 0x77, 0x48, + 0x4E, 0x05, 0x7B, 0x61, 0x89, 0x00, 0x41, 0x31, + 0xB0, 0xC9, 0xB1, 0xA1, 0x55, 0x29, 0x4D, 0x1C, + 0xD3, 0xD5, 0x20, 0x8E, 0x26, 0x69, 0x01, 0xD7, + 0xD3, 0x14, 0xFA, 0xCC, 0xE7, 0xE2, 0xAA, 0x58, + 0x45, 0x83, 0xA1, 0x1E, 0x4D, 0x7C, 0x21, 0xB9, + 0x4A, 0x32, 0xE5, 0x08, 0xED, 0xDB, 0xBD, 0x7A, + 0x65, 0xAA, 0x86, 0xB4, 0xFD, 0xFA, 0x6B, 0xC2, + 0x85, 0xD4, 0xCF, 0xF5, 0x39, 0x26, 0xC7, 0x17, + 0x3F, 0xBE, 0x1F, 0x89, 0xCC, 0x30, 0x32, 0x34, + 0xB8, 0x78, 0xC6, 0xB8, 0x10, 0x1F, 0x58, 0xAC, + 0x8D, 0x3E, 0x5E, 0x1B, 0xF5, 0xAB, 0x6B, 0x26, + 0x29, 0x7C, 0xC9, 0x7B, 0x95, 0x95, 0x4A, 0xAB, + 0xDB, 0x25, 0xBE, 0x00, 0x8A, 0x3F, 0x47, 0xE5, + 0x64, 0x87, 0xB0, 0x0D, 0x3D, 0xED, 0xA8, 0x90, + 0xD9, 0x2C, 0x83, 0x95, 0x7F, 0xEA, 0xC6, 0xB8, + 0x29, 0x1A, 0xF6, 0x59, 0x59, 0xE1, 0xD1, 0xFC, + 0xA3, 0xBD, 0x19, 0x6E, 0x9F, 0xC9, 0xE6, 0x7E, + 0x06, 0x07, 0x09, 0x48, 0x22, 0xE5, 0xB4, 0x19, + 0x1D, 0xB9, 0x68, 0x24, 0xB9, 0xF0, 0x3F, 0x2E, + 0xF5, 0x7F, 0x52, 0x38, 0xBA, 0x7E, 0x1E, 0x84, + 0xED, 0x55, 0xB7, 0xDF, 0xF3, 0xD6, 0xC2, 0xC1, + 0x27, 0x36, 0x92, 0xA9, 0xA1, 0x92, 0x72, 0x16, + 0x61, 0x30, 0xDB, 0x89, 0xFC, 0x67, 0xDC, 0x94, + 0xDB, 0x61, 0x4E, 0x3E, 0x82, 0xBA, 0x3A, 0x35, + 0x12, 0xB0, 0x12, 0xD5, 0x1F, 0xB4, 0x86, 0xB5, + 0xA3, 0x15, 0x0B, 0x78, 0xE7, 0x24, 0xE2, 0xA1, + 0x2D, 0xE0, 0x7D, 0x86, 0x71, 0xFB, 0xA2, 0xDA, + 0x7F, 0xD5, 0xD1, 0x47, 0x20, 0x8F, 0xC3, 0xAF, + 0x65, 0x3E, 0x65, 0x20, 0xFC, 0x40, 0x87, 0x1A, + 0xF2, 0x17, 0x7E, 0x65, 0xCB, 0xD0, 0xEA, 0xF3, + 0x04, 0x21, 0x7B, 0x36, 0x7A, 0x66, 0x5F, 0x22, + 0x4C, 0xAE, 0xDF, 0xE9, 0x30, 0x06, 0xAC, 0x1E, + 0x14, 0xBC, 0xD6, 0x7A, 0x88, 0xD1, 0x71, 0xF3, + 0xD8, 0xF3, 0xE3, 0x58, 0xA7, 0x19, 0x26, 0xBA, + 0x3E, 0x5C, 0x23, 0x9A, 0x53, 0x12, 0x63, 0xEC, + 0x94, 0x37, 0xBF, 0x2A, 0x03, 0x3B, 0x8B, 0x55, + 0xB2, 0xC0, 0xCB, 0x6E, 0x7E, 0x97, 0x31, 0x6E, + 0x22, 0xDF, 0x77, 0xCA, 0xD9, 0x10, 0xD2, 0x0E, + 0xEC, 0xE1, 0xC5, 0x09, 0x10, 0xA5, 0xCC, 0x32, + 0xAD, 0xAB, 0x09, 0x37, 0x75, 0x50, 0xF9, 0x2D, + 0x5B, 0xB1, 0xF4, 0xC0, 0x7F, 0x4A, 0x28, 0x22, + 0x33, 0x8E, 0x2C, 0xFF, 0x53, 0x48, 0xDF, 0x77, + 0xCF, 0x8E, 0xF8, 0xE6, 0x65, 0x7D, 0xED, 0x1E, + 0x0C, 0xE0, 0x58, 0xE3, 0xCC, 0xFB, 0xF3, 0x9B, + 0x3F, 0x16, 0x6E, 0x30, 0x3D, 0x33, 0xC3, 0x55, + 0x6C, 0x9A, 0xC8, 0xEC, 0xB3, 0xDF, 0x7C, 0x74, + 0xAB, 0x36, 0xD0, 0xF2, 0x79, 0x44, 0x41, 0xBA, + 0x98, 0x08, 0x82, 0x7B, 0x57, 0x8F, 0xB5, 0xC2, + 0x9E, 0x49, 0x4E, 0x21, 0x53, 0x9A, 0xD3, 0xAB, + 0x2B, 0x41, 0xBF, 0x16, 0x1D, 0x7F, 0x69, 0x58, + 0x9D, 0x45, 0x24, 0xC5, 0x4C, 0x89, 0xB4, 0x86, + 0xF7, 0x5D, 0x25, 0x2F, 0x54, 0x1C, 0xC6, 0x3B, + 0x9E, 0x70, 0x6D, 0x64, 0xA1, 0x28, 0x9A, 0x23, + 0x06, 0xC5, 0x95, 0x36, 0x3C, 0xB6, 0xFB, 0xEF, + 0x0A, 0x1B, 0x5B, 0x17, 0xAB, 0x5B, 0x17, 0x94, + 0xBF, 0x27, 0x03, 0x6F, 0x64, 0xEA, 0xF0, 0xBD, + 0x43, 0x0D, 0xD5, 0x8D, 0x80, 0x01, 0x0C, 0xCD, + 0xAD, 0xA4, 0xA5, 0xA3, 0xA1, 0xE4, 0x1A, 0x6F, + 0xBF, 0x12, 0x9D, 0x73, 0x77, 0x9A, 0x37, 0xAE, + 0x5C, 0x8D, 0x68, 0x41, 0xA9, 0x99, 0x3C, 0x51, + 0xE3, 0x64, 0xE0, 0x4F, 0xAC, 0x8E, 0x25, 0xA4, + 0xE6, 0x87, 0x2F, 0x6C, 0x86, 0x0F, 0xA2, 0x65, + 0xC1, 0xC4, 0x42, 0x6A, 0xD9, 0xC2, 0x1D, 0x26, + 0xDA, 0x8C, 0x27, 0x85, 0x46, 0xAD, 0xCD, 0x83, + 0x1F, 0x2B, 0x8B, 0x26, 0xD4, 0xE1, 0xF6, 0x70, + 0x62, 0x3D, 0x95, 0xC8, 0x36, 0x2D, 0xA6, 0x62, + 0xD1, 0xFF, 0x0A, 0xB6, 0x87, 0x50, 0x3F, 0x32, + 0x8D, 0xE0, 0x95, 0x81, 0x0E, 0xDE, 0x12, 0xB4, + 0x9E, 0xAD, 0x15, 0x33, 0x51, 0x95, 0x58, 0xC1, + 0xE9, 0x40, 0xB4, 0x6E, 0x4E, 0xDB, 0x02, 0x7B, + 0xE9, 0xDA, 0x20, 0x39, 0xB2, 0x5D, 0xCF, 0x73, + 0x57, 0xE1, 0x9E, 0x54, 0x16, 0xAE, 0x26, 0x8C, + 0x14, 0xFB, 0x3A, 0x8B, 0xAB, 0xCB, 0x3D, 0x23, + 0xF7, 0x0C, 0xC9, 0xD5, 0x96, 0x81, 0xC5, 0xD8, + 0x33, 0xAC, 0x22, 0xE6, 0x53, 0xD8, 0x6E, 0x22, + 0xCE, 0x82, 0x25, 0x40, 0x75, 0x5D, 0x8D, 0x24, + 0x3C, 0x15, 0x21, 0x3D, 0x07, 0x6C, 0x6B, 0x26, + 0x43, 0x6D, 0xDC, 0x07, 0xC7, 0xE0, 0x01, 0x34, + 0x7B, 0x0C, 0xB8, 0x78, 0x3D, 0xFE, 0xFE, 0xDF, + 0x27, 0x5F, 0xEC, 0x47, 0x92, 0x68, 0x67, 0x34, + 0x00, 0x7F, 0x0F, 0xF8, 0x54, 0x08, 0x11, 0xC2, + 0xAF, 0xE6, 0xCA, 0x15, 0x14, 0x20, 0x53, 0x2F, + 0xA5, 0x52, 0x6A, 0x10, 0x74, 0xC3, 0xD7, 0x89, + 0xF2, 0x93, 0x2D, 0xE4, 0x2E, 0x3A, 0xCF, 0xBF, + 0x94, 0x76, 0x0F, 0x42, 0x6D, 0x96, 0xCF, 0x03, + 0x3F, 0xA4, 0x9E, 0x2F, 0x45, 0x8F, 0x9A, 0x9C, + 0x2E, 0x71, 0xDA, 0xCF, 0xE0, 0x09, 0xDD, 0x9C, + 0x3F, 0x3C, 0x8A, 0xB3, 0x28, 0x2D, 0x6F, 0x38, + 0x3B, 0x98, 0x1C, 0x82, 0xD6, 0x36, 0x4F, 0x0E, + 0x4B, 0xDB, 0x2A, 0xF6, 0xA9, 0x5B, 0xA6, 0x1F, + 0x47, 0x41, 0x50, 0xCA, 0xD7, 0x23, 0x3F, 0x89, + 0x03, 0xDF, 0x97, 0x2D, 0xBB, 0x03, 0x28, 0xC0, + 0xCB, 0x9D, 0x0C, 0xCB, 0xEF, 0x88, 0x3D, 0x2E, + 0x6A, 0xDD, 0x18, 0x0E, 0xCA, 0x1B, 0x66, 0x2F, + 0xC1, 0xD2, 0xDB, 0xBD, 0xDB, 0x36, 0x34, 0x21, + 0x9E, 0x1E, 0xFF, 0x38, 0xB1, 0xE5, 0x28, 0x75, + 0x35, 0x6C, 0x03, 0xEA, 0xDE, 0x94, 0x20, 0x55, + 0xF4, 0x83, 0x50, 0x4B, 0xBB, 0xCB, 0x43, 0x02, + 0xA4, 0x17, 0xCF, 0x6D, 0x32, 0x8E, 0xD7, 0x93, + 0xB1, 0xA3, 0xC0, 0x96, 0x9B, 0x7B, 0x34, 0x18, + 0xF5, 0x0A, 0xB3, 0x9F, 0x83, 0xC5, 0x66, 0x6C, + 0x90, 0xE3, 0x83, 0x56, 0xF7, 0xF9, 0xD4, 0x94, + 0xA6, 0xDC, 0xB6, 0x3D, 0x67, 0xC3, 0x4E, 0x3D, + 0x14, 0xA4, 0xE1, 0x55, 0x96, 0x49, 0x79, 0x26, + 0xC8, 0x56, 0x8D, 0x8E, 0xC3, 0xDB, 0xD9, 0xC2, + 0xE8, 0x2C, 0x38, 0x5B, 0xCF, 0xB8, 0xD9, 0x67, + 0x48, 0x63, 0xBD, 0x4F, 0xBF, 0x17, 0x57, 0xDB, + 0x44, 0x7B, 0xF8, 0x04, 0xAE, 0x95, 0x01, 0x47, + 0xC9, 0x1F, 0xBF, 0x9A, 0xA1, 0x78, 0x91, 0x04, + 0x4C, 0xCA, 0xA7, 0x3B, 0x45, 0x52, 0x85, 0x97, + 0x46, 0x2C, 0xED, 0x75, 0x1D, 0x01, 0x5E, 0xBB, + 0xA9, 0xE2, 0xB7, 0xCD, 0xCB, 0xE6, 0xDC, 0x05, + 0xAA, 0x9E, 0xAE, 0x0C, 0x86, 0x84, 0x8A, 0x34, + 0x75, 0xBB, 0x1C, 0x57, 0x44, 0xF5, 0x90, 0x3E, + 0xE4, 0xA8, 0x42, 0xA4, 0x69, 0xCC, 0x18, 0x12, + 0x71, 0xF2, 0x45, 0xAD, 0x70, 0xD0, 0x2A, 0x48, + 0x37, 0x86, 0x3B, 0x29, 0x6B, 0x4A, 0xDB, 0x4E, + 0x8D, 0x03, 0xD8, 0x2B, 0x64, 0xAA, 0x11, 0xDD, + 0x31, 0xCD, 0xF2, 0x1E, 0xDF, 0x1D, 0xFE, 0x32, + 0x76, 0xC4, 0xDB, 0xC8, 0x77, 0xE3, 0x5B, 0x15, + 0xFB, 0x28, 0x35, 0xEC, 0x3A, 0x1C, 0x45, 0x31, + 0x68, 0xA3, 0x8C, 0xA8, 0xE5, 0x63, 0xCF, 0x3E, + 0x9A, 0x00, 0x73, 0x6C, 0xD5, 0xCF, 0xBD, 0x28, + 0x41, 0xD1, 0x0F, 0x94, 0xAD, 0x55, 0x79, 0x9C, + 0x29, 0x27, 0xE5, 0x46, 0x1B, 0x28, 0xBA, 0xC5, + 0x17, 0x4D, 0x0C, 0xE3, 0xF8, 0xF7, 0xCD, 0x76, + 0x09, 0xFB, 0xC8, 0xDA, 0x0C, 0x38, 0xCC, 0x21, + 0x69, 0x5C, 0xED, 0xAD, 0x12, 0xF8, 0xD2, 0xE6, + 0x49, 0x51, 0xA8, 0x99, 0x6E, 0x51, 0x0D, 0x6D, + 0x52, 0x79, 0x7C, 0x5B, 0xA0, 0xEB, 0x4A, 0xFA, + 0x6B, 0xF2, 0xCC, 0x43, 0xDA, 0x09, 0xDE, 0x31, + 0x79, 0xE8, 0x99, 0xBD, 0x71, 0x88, 0xB3, 0x2A, + 0x98, 0xA4, 0x99, 0xD3, 0x72, 0xF3, 0x70, 0x7C, + 0xED, 0x47, 0x9B, 0x09, 0x81, 0xCB, 0x50, 0xC0, + 0xC0, 0x53, 0x9C, 0xF7, 0xE3, 0x10, 0x0B, 0x72, + 0x0E, 0x46, 0x66, 0x52, 0xA4, 0xF4, 0x99, 0xC2, + 0xBA, 0x3A, 0x17, 0xF5, 0x23, 0x22, 0x68, 0x73, + 0x0B, 0x96, 0x2B, 0xC5, 0x72, 0xC0, 0xDE, 0x96, + 0xE8, 0xC9, 0xE2, 0x8F, 0x7E, 0x35, 0x32, 0xC2, + 0x22, 0x41, 0x96, 0xAA, 0x9E, 0x27, 0x68, 0x8D, + 0xD0, 0x50, 0xD7, 0xCB, 0x78, 0x54, 0xFB, 0x3C, + 0x35, 0xF9, 0xC6, 0x2E, 0xFB, 0x10, 0xDA, 0x84, + 0x83, 0x3F, 0x29, 0xBB, 0x1B, 0xE5, 0xEF, 0x3B, + 0x53, 0x36, 0x38, 0xEE, 0xF7, 0x43, 0xD8, 0x11, + 0x9D, 0xDC, 0x29, 0x0B, 0xDF, 0x08, 0xB6, 0xF0, + 0xF9, 0xE4, 0xE1, 0xE1, 0x34, 0x46, 0xC5, 0x3E, + 0xD6, 0x98, 0x05, 0xDA, 0x26, 0x90, 0x8A, 0x15, + 0xDF, 0x1C, 0x48, 0xE0, 0x09, 0xEC, 0x12, 0x53, + 0xBD, 0x5A, 0x58, 0x98, 0xEB, 0xB5, 0x12, 0x1C, + 0xC2, 0x49, 0x04, 0xC8, 0xB1, 0x0E, 0x24, 0xE6, + 0x80, 0xE5, 0x65, 0x98, 0x50, 0x76, 0xFD, 0xA1, + 0x1D, 0x13, 0xFF, 0xDF, 0xA4, 0xDB, 0x28, 0xAC, + 0x9F, 0x0A, 0xEA, 0x2F, 0x81, 0xFD, 0x7E, 0xD4, + 0xDC, 0xA8, 0xD3, 0xB2, 0xE3, 0x84, 0x8B, 0x4D, + 0x60, 0x46, 0xF6, 0xE0, 0xDE, 0x3A, 0x4F, 0x68, + 0x3F, 0x25, 0xE0, 0x60, 0x5E, 0x84, 0xB3, 0x6F, + 0x48, 0x3C, 0x40, 0x4E, 0xF8, 0x99, 0xCB, 0x3F, + 0xCC, 0xBE, 0x8C, 0xB2, 0xA6, 0xF0, 0xA7, 0xE1, + 0x0B, 0x19, 0x48, 0xCD, 0x4F, 0x93, 0xF1, 0x81, + 0x55, 0x5F, 0x66, 0x1D, 0x31, 0xD4, 0x26, 0x80, + 0x8B, 0xBF, 0x9F, 0x66, 0xFD, 0x60, 0xD6, 0x49, + 0x26, 0x9C, 0xA3, 0xFE, 0x99, 0x1B, 0x22, 0x42, + 0x8C, 0x37, 0xAD, 0x2A, 0x08, 0x68, 0x0F, 0x74, + 0x7C, 0xC0, 0x36, 0x0C, 0xCD, 0x37, 0x3D, 0xC6, + 0xA9, 0xF4, 0x3A, 0x66, 0x47, 0x0E, 0x01, 0x4E, + 0x72, 0xB3, 0xD8, 0xC3, 0x8E, 0x02, 0x04, 0x42, + 0xD8, 0xAA, 0xB9, 0x74, 0xE6, 0x04, 0x93, 0x74, + 0x14, 0x5B, 0x04, 0xCB, 0x7F, 0x30, 0x44, 0xAA, + 0xC1, 0xEF, 0xDA, 0xB2, 0xA1, 0x8B, 0xB4, 0x64, + 0xD4, 0xF2, 0xF2, 0xD8, 0x14, 0x39, 0x74, 0xC9, + 0x5E, 0xEE, 0x85, 0x6D, 0x59, 0xEC, 0x00, 0x28, + 0x8E, 0xD4, 0x3F, 0xF5, 0xCC, 0x88, 0x03, 0x00, + 0x6C, 0x99, 0x55, 0x14, 0xA2, 0xCC, 0x9C, 0xA6, + 0x22, 0xB6, 0x1B, 0xCD, 0x75, 0xEC, 0x51, 0xC2, + 0x02, 0xA9, 0x17, 0x10, 0x5B, 0x4A, 0x4B, 0xED, + 0x1B, 0x80, 0x14, 0x68, 0x31, 0xDC, 0xED, 0x07, + 0xEF, 0xD2, 0xED, 0x25, 0x73, 0x9F, 0x54, 0x09, + 0x69, 0x11, 0xB1, 0x50, 0xD3, 0x07, 0x7C, 0xCD, + 0x73, 0x1A, 0x03, 0x61, 0x68, 0x27, 0x25, 0xD5, + 0x38, 0x03, 0xF8, 0xFC, 0xEA, 0xA8, 0x39, 0x19, + 0x29, 0x1E, 0xDB, 0x44, 0x93, 0xEC, 0x84, 0xCC, + 0xE1, 0xD0, 0xF8, 0x2A, 0x67, 0x92, 0x36, 0xEA, + 0xD1, 0x00, 0x2A, 0xE8, 0x01, 0x8C, 0xAC, 0x9F, + 0xDB, 0xD2, 0x46, 0xFF, 0x09, 0x3D, 0x80, 0x3C, + 0x0D, 0xE3, 0x32, 0x6A, 0x57, 0x90, 0x7B, 0x0D, + 0xD6, 0xB0, 0x1D, 0x08, 0x14, 0x58, 0xC7, 0x57, + 0x28, 0xC6, 0x00, 0x82, 0x99, 0x28, 0x89, 0x0A, + 0x56, 0xAA, 0xAF, 0xEF, 0xCF, 0x74, 0x23, 0xB7, + 0x0A, 0x6D, 0x86, 0xB4, 0x15, 0xB8, 0x35, 0x8D, + 0xD0, 0x44, 0xAB, 0xEE, 0x00, 0xB9, 0xC9, 0x79, + 0x5F, 0xC8, 0xF6, 0x1A, 0x64, 0x68, 0x6D, 0xF5, + 0xF8, 0x76, 0xA8, 0xF3, 0x30, 0x61, 0x59, 0x9A, + 0xE8, 0x30, 0xF7, 0xEB, 0x4C, 0x4B, 0xFF, 0x87, + 0x5F, 0x4A, 0x93, 0x6C, 0x40, 0x3C, 0x5D, 0x16, + 0x0D, 0xE5, 0xD3, 0x3C, 0xAE, 0xE4, 0x0F, 0xB7, + 0x18, 0xDD, 0xA4, 0x47, 0x8A, 0xC6, 0xF5, 0x1C, + 0x59, 0xC2, 0x15, 0x52, 0x54, 0xBD, 0x77, 0x67, + 0x11, 0x18, 0x41, 0x1E, 0x26, 0x09, 0xD0, 0x00, + 0x30, 0x6F, 0xC9, 0x50, 0x70, 0x04, 0xA3, 0x1E, + 0x89, 0x57, 0xEA, 0x40, 0xC2, 0x56, 0x4B, 0x83, + 0xC3, 0xAB, 0xB7, 0x1A, 0x87, 0xC1, 0x1B, 0xD1, + 0x8D, 0x78, 0x91, 0xC4, 0x49, 0xDB, 0xBE, 0x79, + 0xB4, 0xA4, 0xFB, 0x04, 0x83, 0x07, 0xCE, 0x0E, + 0x81, 0x2B, 0x2C, 0x68, 0xEC, 0xAB, 0x77, 0xFD, + 0x11, 0x11, 0x52, 0x6A, 0xB0, 0x81, 0x73, 0x06, + 0xCE, 0xBC, 0xB0, 0x49, 0x7C, 0x55, 0x24, 0x31, + 0xCE, 0x15, 0xE4, 0xAB, 0x52, 0x28, 0x3F, 0x67, + 0x94, 0x80, 0xD6, 0x9D, 0xDD, 0xE1, 0xF2, 0x57, + 0x9C, 0xFD, 0xBE, 0x0B, 0xCA, 0x95, 0xFC, 0x5B, + 0x2D, 0xB0, 0xC5, 0xCC, 0x76, 0xA3, 0x19, 0x50, + 0xF5, 0x11, 0x6A, 0xAE, 0x5F, 0x02, 0xD4, 0x67, + 0x10, 0xE4, 0x25, 0x7A, 0x75, 0xFD, 0xED, 0xF2, + 0xF4, 0x7C, 0xE3, 0x7C, 0x20, 0x3E, 0x7F, 0x24, + 0xD3, 0xC9, 0x17, 0x97, 0x13, 0xC5, 0xD8, 0x07, + 0xC2, 0x96, 0x14, 0x9A, 0x75, 0xCC, 0xB4, 0x44, + 0xF0, 0xC6, 0xF6, 0xAB, 0xDD, 0x2D, 0xBB, 0x29, + 0x85, 0xFE, 0x26, 0x74, 0x82, 0x85, 0x8A, 0x1E + }; +#endif /* WOLFSSL_NO_ML_DSA_65 */ +#ifndef WOLFSSL_NO_ML_DSA_87 + static const byte seed_87[] = { + 0x38, 0x35, 0x9F, 0xBC, 0xD7, 0x95, 0x82, 0xCF, + 0xFE, 0x60, 0x9E, 0x13, 0x7E, 0xE2, 0xEF, 0xE8, + 0xA8, 0xDB, 0xCB, 0xAD, 0x18, 0xBA, 0x92, 0xBB, + 0x43, 0x3A, 0xB4, 0xF0, 0x9B, 0x49, 0x29, 0x9D + }; + static const byte pk_87[] = { + 0x69, 0x24, 0xBB, 0x42, 0x57, 0xA7, 0xB9, 0xAF, + 0xF0, 0x95, 0xC3, 0x0B, 0xB3, 0x5C, 0x6A, 0xE4, + 0x19, 0x82, 0x63, 0x12, 0x0F, 0x80, 0x39, 0xAA, + 0x4E, 0x78, 0xE1, 0x74, 0xA7, 0x86, 0xCE, 0x00, + 0x83, 0x01, 0xE6, 0x66, 0xF5, 0x9D, 0x3E, 0xC5, + 0x04, 0x4D, 0xE4, 0x56, 0x78, 0x8F, 0xDE, 0x19, + 0xEB, 0x39, 0x67, 0x7B, 0x5F, 0x9F, 0xE1, 0x41, + 0x50, 0xDA, 0x46, 0x3A, 0x70, 0x6F, 0x3B, 0xAF, + 0x71, 0x5B, 0x95, 0x33, 0x6B, 0x2D, 0x68, 0x5A, + 0x7C, 0xD7, 0x88, 0x07, 0x13, 0xE4, 0x58, 0x7B, + 0xF7, 0xD8, 0x57, 0xBF, 0x7E, 0x31, 0x56, 0x96, + 0xB8, 0xD0, 0xD9, 0xD4, 0x9E, 0x14, 0x29, 0x18, + 0xBF, 0x09, 0x74, 0xE7, 0xF4, 0x32, 0x37, 0xD4, + 0xBE, 0x3A, 0xD3, 0x94, 0x59, 0x9E, 0x3D, 0x39, + 0xBB, 0x76, 0x49, 0x93, 0x25, 0x53, 0x44, 0x7E, + 0x5D, 0x5A, 0xCC, 0x34, 0x99, 0x93, 0x01, 0x76, + 0xEC, 0xD3, 0xA8, 0x44, 0xA4, 0x25, 0xF5, 0x0D, + 0x05, 0x11, 0xC9, 0x22, 0x6C, 0x4B, 0x9A, 0x24, + 0xF2, 0xA0, 0x11, 0xCD, 0x88, 0xD3, 0x23, 0x08, + 0xE0, 0x31, 0x2A, 0x0C, 0x87, 0xCC, 0x34, 0xA9, + 0x95, 0x82, 0x3C, 0x65, 0xF4, 0xF0, 0xF9, 0x8E, + 0x50, 0xC3, 0x77, 0x88, 0xCE, 0x38, 0xDC, 0x28, + 0xFB, 0x8B, 0x9B, 0xFA, 0xAF, 0xA9, 0x04, 0xB5, + 0x41, 0xEE, 0x71, 0x2F, 0x6A, 0x04, 0x1E, 0x06, + 0x11, 0x37, 0x4F, 0x6B, 0xF1, 0x7E, 0xAC, 0x0B, + 0xD5, 0x6F, 0x3B, 0x6B, 0xF3, 0x36, 0xDA, 0x92, + 0x42, 0x07, 0x0C, 0x24, 0x69, 0xA2, 0x0C, 0x4D, + 0x16, 0x16, 0x14, 0x9A, 0x61, 0x59, 0x25, 0x20, + 0x11, 0xD2, 0x99, 0xF9, 0x3F, 0x98, 0x6D, 0x87, + 0x5D, 0xD3, 0x0B, 0x38, 0xA2, 0x25, 0x49, 0x17, + 0x45, 0x70, 0x13, 0x8C, 0x2B, 0xB3, 0xAA, 0x9C, + 0xBE, 0xA9, 0x19, 0x74, 0xF3, 0xD8, 0x9B, 0xF5, + 0xAE, 0x32, 0xBE, 0x9E, 0x58, 0xB8, 0x54, 0xA2, + 0xF8, 0xE8, 0x6F, 0xF7, 0x67, 0x80, 0xC0, 0x34, + 0x90, 0xF4, 0x67, 0xDB, 0x06, 0x51, 0xC2, 0x0B, + 0x1D, 0xF6, 0x0E, 0xB9, 0x7A, 0x3C, 0x99, 0xD9, + 0xBD, 0x66, 0x4B, 0xE6, 0xA5, 0xE4, 0xC8, 0xA8, + 0xAD, 0x4C, 0xC3, 0x63, 0x90, 0xD7, 0x00, 0x4E, + 0x4B, 0xB4, 0x21, 0xDA, 0xED, 0x65, 0x4C, 0x35, + 0x7D, 0xA4, 0xD6, 0x84, 0x98, 0x93, 0x3E, 0xC7, + 0x17, 0x77, 0xAD, 0x64, 0xC2, 0xAE, 0x01, 0x3C, + 0x73, 0xEB, 0x45, 0x7C, 0x68, 0xEF, 0x9A, 0x74, + 0x5A, 0xDE, 0xEB, 0x4F, 0xDF, 0xC8, 0x79, 0xE7, + 0x74, 0xD0, 0x3F, 0xAF, 0x6B, 0x14, 0xAA, 0xB1, + 0x07, 0x52, 0xE2, 0x4B, 0x52, 0xD0, 0xF2, 0xD9, + 0x4D, 0x54, 0x0A, 0x1E, 0xBE, 0x10, 0xF5, 0x97, + 0xE5, 0x14, 0x44, 0x2D, 0x6C, 0x13, 0xC2, 0xE2, + 0x49, 0x8E, 0x8A, 0xF3, 0x01, 0x7C, 0x52, 0xDB, + 0x23, 0x3A, 0x90, 0x71, 0x7D, 0xF2, 0x5B, 0x4D, + 0x07, 0x2B, 0x7D, 0x88, 0xEE, 0x87, 0x31, 0xD1, + 0x68, 0x24, 0xC9, 0x5D, 0x1F, 0xB9, 0x83, 0xC4, + 0x49, 0xDE, 0xB4, 0x66, 0x27, 0x60, 0x60, 0xFE, + 0xE4, 0xC7, 0xEE, 0x38, 0x14, 0x51, 0xF2, 0x32, + 0xC2, 0x9C, 0x7C, 0x32, 0x20, 0x85, 0x0C, 0x61, + 0xD1, 0xC3, 0xC0, 0x0D, 0xB1, 0xCD, 0x97, 0x26, + 0xA0, 0x2A, 0x56, 0x60, 0x9F, 0x3A, 0x65, 0xD3, + 0xD1, 0x64, 0x60, 0x45, 0x88, 0xCD, 0x9B, 0x43, + 0x14, 0x12, 0xF1, 0xAD, 0xD9, 0x14, 0xC5, 0xC2, + 0xDA, 0xBB, 0xC9, 0x04, 0x67, 0xC0, 0xC4, 0xEA, + 0x5F, 0x76, 0xE2, 0x4A, 0xA6, 0x18, 0x76, 0x5F, + 0x8B, 0x06, 0x36, 0xD7, 0xB0, 0x65, 0xE1, 0xF4, + 0xE6, 0xF6, 0x22, 0xEA, 0xE1, 0x71, 0x52, 0x45, + 0x8C, 0x76, 0x65, 0x86, 0x77, 0x2D, 0x36, 0x3F, + 0xA9, 0x92, 0x14, 0xF4, 0x72, 0xB0, 0xDB, 0x8A, + 0x1E, 0x49, 0xD8, 0x2D, 0x02, 0x78, 0xF2, 0x95, + 0x8B, 0x0A, 0xAA, 0x15, 0x86, 0xDB, 0x13, 0x4B, + 0xDF, 0xD2, 0x43, 0x87, 0x42, 0x49, 0x50, 0x07, + 0xE2, 0xFE, 0x5B, 0x60, 0xE2, 0x46, 0x39, 0x92, + 0x26, 0x94, 0x7A, 0x12, 0xEA, 0x17, 0x63, 0x1C, + 0xAA, 0x53, 0x46, 0x87, 0xCB, 0x75, 0xC0, 0x60, + 0xB4, 0x79, 0x7E, 0xAB, 0x82, 0x77, 0xCC, 0x4F, + 0x8A, 0x7A, 0x20, 0x38, 0x76, 0x06, 0xEF, 0xE2, + 0xDB, 0xD3, 0xE7, 0x36, 0x24, 0x92, 0x77, 0xD9, + 0x0F, 0xCA, 0xB9, 0x92, 0xA8, 0xC9, 0x9E, 0x85, + 0xAB, 0x03, 0xEB, 0x4C, 0xAC, 0x5D, 0x88, 0x55, + 0x39, 0x58, 0x52, 0x8A, 0xF9, 0x29, 0x74, 0x71, + 0x81, 0x35, 0xF1, 0xD0, 0xC7, 0x93, 0xEB, 0x00, + 0x0E, 0xA0, 0xAE, 0xC3, 0xEC, 0x18, 0x58, 0xFD, + 0xD1, 0x86, 0x88, 0xD1, 0xDA, 0x27, 0x27, 0x8D, + 0xEB, 0xF2, 0xCA, 0x81, 0x10, 0xBA, 0x4A, 0x20, + 0x4F, 0x79, 0x30, 0xE1, 0xC8, 0xCE, 0xEC, 0xAF, + 0xB7, 0x3F, 0x75, 0xDD, 0xB3, 0x4C, 0x5C, 0x55, + 0x96, 0x8A, 0x79, 0x33, 0x05, 0x84, 0x26, 0xB5, + 0x5D, 0x03, 0x9F, 0x72, 0x92, 0xAC, 0x43, 0xF6, + 0x45, 0x84, 0xF6, 0xDF, 0x18, 0x7A, 0x1D, 0x6B, + 0x00, 0x3F, 0x51, 0x4C, 0xC1, 0x3B, 0x26, 0xC2, + 0xF3, 0x48, 0x19, 0x5A, 0xA3, 0x21, 0xDE, 0x6A, + 0x27, 0xEC, 0x11, 0x34, 0x8D, 0xE5, 0x0D, 0x82, + 0x5A, 0x29, 0x64, 0xC6, 0x31, 0x99, 0x2E, 0x4B, + 0x0B, 0x42, 0x5B, 0x1B, 0xEB, 0x4F, 0x96, 0x00, + 0xE3, 0xAD, 0xC4, 0x43, 0x1C, 0xF2, 0xE8, 0x8B, + 0x42, 0x23, 0xD2, 0xDB, 0x66, 0x3C, 0x3C, 0xE7, + 0x0E, 0xF8, 0x5D, 0xDD, 0x56, 0xA9, 0xBA, 0xF1, + 0x38, 0xA9, 0xD7, 0xED, 0xD8, 0x94, 0x13, 0x1C, + 0x3A, 0x8F, 0x41, 0xA0, 0x4E, 0xF9, 0xF8, 0x67, + 0x52, 0xB7, 0x21, 0x81, 0xFA, 0xBB, 0x37, 0xC8, + 0x6B, 0x87, 0x7E, 0x61, 0xD6, 0x0E, 0xED, 0x95, + 0xEE, 0xFF, 0xAB, 0xE6, 0x37, 0x6E, 0x14, 0xAC, + 0xA8, 0x17, 0xC5, 0xF4, 0x19, 0x61, 0xAF, 0x8A, + 0x78, 0x49, 0xBA, 0xC0, 0x94, 0x91, 0x7B, 0x2D, + 0x13, 0x22, 0x76, 0xB6, 0xB3, 0x48, 0x6A, 0xFF, + 0x95, 0x0D, 0x23, 0xD4, 0xAA, 0xDC, 0x24, 0xCE, + 0x98, 0xA5, 0x26, 0x9E, 0x1C, 0x69, 0x91, 0x79, + 0x60, 0xA3, 0x1E, 0xE0, 0x9A, 0x52, 0x7C, 0x35, + 0x81, 0x75, 0xCA, 0xA0, 0xCB, 0x1B, 0x01, 0x8E, + 0x95, 0x26, 0xD9, 0x35, 0x34, 0xEA, 0xDB, 0xAC, + 0xB5, 0x2B, 0x27, 0x3D, 0x73, 0x5E, 0x22, 0xDD, + 0x0D, 0x5C, 0x28, 0xFA, 0x3E, 0x47, 0xCF, 0xE9, + 0x0B, 0x52, 0x15, 0xAE, 0x24, 0xF1, 0x46, 0xC3, + 0x46, 0x4B, 0xFE, 0xAF, 0x01, 0xD2, 0x8D, 0xAA, + 0x55, 0x3C, 0x1E, 0x94, 0x42, 0x8A, 0x10, 0x4A, + 0x9D, 0x78, 0xAE, 0xC7, 0x62, 0x59, 0x1E, 0x88, + 0x79, 0xF7, 0x68, 0x51, 0xCF, 0xB4, 0x64, 0x85, + 0x66, 0x72, 0x1B, 0x0C, 0xAC, 0x1F, 0x14, 0xFE, + 0x16, 0x14, 0x9A, 0x9D, 0x82, 0x10, 0xCC, 0x8F, + 0x2F, 0x50, 0xDE, 0xF7, 0xB4, 0x6C, 0x84, 0x3B, + 0xE9, 0x3B, 0xD8, 0xD5, 0x56, 0x02, 0x49, 0x33, + 0x50, 0xAB, 0x56, 0x0E, 0xA5, 0xBA, 0x17, 0x71, + 0x64, 0x23, 0xBE, 0x0E, 0xB8, 0x36, 0x0A, 0xB1, + 0x09, 0xD8, 0xFB, 0x18, 0xBF, 0xEA, 0x04, 0x08, + 0x47, 0xB7, 0x33, 0x51, 0x45, 0xD4, 0xF2, 0x00, + 0xD1, 0x9C, 0xF6, 0xFE, 0x7B, 0xAC, 0x91, 0x7F, + 0x42, 0x6C, 0x9B, 0x3D, 0x39, 0xA9, 0xCA, 0x43, + 0x29, 0x81, 0x8F, 0x24, 0x0E, 0x7D, 0xA3, 0x82, + 0x76, 0x10, 0x72, 0xF4, 0xA6, 0x50, 0x5E, 0xA8, + 0xE7, 0x6C, 0x1E, 0x44, 0x6F, 0xEB, 0x66, 0x25, + 0xE3, 0x8D, 0xDB, 0xCD, 0x3C, 0xDA, 0x81, 0xE8, + 0x3B, 0xF7, 0x68, 0xF3, 0xE0, 0x1D, 0x9D, 0x26, + 0x3B, 0x36, 0x73, 0x03, 0xAE, 0x15, 0x6C, 0x0B, + 0x71, 0x83, 0x36, 0x4A, 0x1E, 0x79, 0x41, 0xA0, + 0x92, 0x98, 0xA3, 0xAD, 0xF7, 0xBD, 0x23, 0x1E, + 0x61, 0x14, 0xB9, 0xDC, 0xE7, 0x95, 0x2B, 0x11, + 0x3F, 0x78, 0x16, 0x31, 0x38, 0xB9, 0x26, 0x6F, + 0x84, 0x3F, 0x1E, 0xD9, 0x7D, 0x9C, 0x2B, 0x16, + 0x3A, 0x6E, 0x8B, 0xD4, 0xC1, 0xAB, 0x4E, 0x17, + 0x93, 0x67, 0xC5, 0xAC, 0x96, 0xCE, 0xCF, 0x50, + 0x50, 0xFE, 0x82, 0x1F, 0xDF, 0xA4, 0x4E, 0x9E, + 0x68, 0x0B, 0x61, 0xC6, 0x01, 0x89, 0x32, 0xDF, + 0x71, 0x78, 0x11, 0x45, 0x9A, 0xF2, 0x54, 0x2E, + 0x2C, 0xDE, 0x77, 0x17, 0x8C, 0x2E, 0x98, 0x80, + 0xF0, 0x11, 0xE4, 0x05, 0xEA, 0xFA, 0x59, 0xC8, + 0xCB, 0xBE, 0xD7, 0x6E, 0x5A, 0x19, 0x41, 0x10, + 0x4B, 0x1B, 0x9D, 0x3A, 0x60, 0x49, 0x1C, 0x95, + 0x47, 0x55, 0xE0, 0x2E, 0x89, 0x41, 0x03, 0xF1, + 0xF4, 0x97, 0x74, 0x75, 0xE9, 0xEA, 0x36, 0x60, + 0x9F, 0xD6, 0x7C, 0x9D, 0xE3, 0x18, 0xED, 0xA2, + 0x37, 0x0D, 0xCC, 0xDB, 0xB9, 0xCE, 0xF7, 0xAE, + 0x63, 0x60, 0x90, 0x5E, 0xC2, 0x20, 0x83, 0x8C, + 0x97, 0x69, 0x82, 0x34, 0x41, 0xCD, 0xD0, 0xDA, + 0x8E, 0xF0, 0xAB, 0xE5, 0xF2, 0xD1, 0xD7, 0x6E, + 0x2F, 0xE0, 0x8F, 0xEF, 0x53, 0xDE, 0x1D, 0x61, + 0x66, 0xAB, 0x1A, 0x92, 0xB1, 0xAC, 0x09, 0x3E, + 0x5A, 0xBF, 0x76, 0x58, 0xC4, 0xB5, 0x72, 0x87, + 0xF2, 0xD1, 0xFD, 0x7B, 0x82, 0xDE, 0xDA, 0xF8, + 0xD5, 0xA4, 0xFB, 0xAC, 0x4B, 0x35, 0xD5, 0x82, + 0x31, 0x69, 0x4E, 0x16, 0x24, 0x97, 0x57, 0x8A, + 0xBD, 0x7A, 0xA7, 0xC8, 0xFE, 0x7B, 0x35, 0x41, + 0xA7, 0xF1, 0x8E, 0x54, 0xE8, 0xB7, 0xF0, 0x87, + 0x64, 0xC5, 0xE6, 0x84, 0x49, 0xDF, 0x65, 0x59, + 0x01, 0x54, 0x98, 0x32, 0xD6, 0x28, 0xFA, 0x63, + 0xD2, 0xB2, 0xC5, 0xA1, 0x50, 0x93, 0x39, 0x94, + 0xA9, 0x86, 0x33, 0x17, 0xAD, 0x40, 0xD7, 0x78, + 0xD9, 0xD2, 0xC0, 0x5C, 0x78, 0x98, 0x85, 0x0B, + 0x90, 0x17, 0x32, 0x23, 0xC7, 0xA0, 0xAF, 0x89, + 0x0F, 0xD7, 0xE6, 0x62, 0x21, 0xB6, 0xF0, 0x63, + 0x18, 0xB2, 0xED, 0x5E, 0x19, 0x9C, 0xB4, 0x24, + 0x88, 0x5A, 0xB8, 0x41, 0xE7, 0xA4, 0x72, 0x6F, + 0xAB, 0xA2, 0xF9, 0xBB, 0x53, 0xBC, 0x32, 0x36, + 0x43, 0x4C, 0x35, 0xFB, 0xBE, 0x4B, 0x1A, 0x0F, + 0x93, 0xF5, 0x0C, 0x37, 0x89, 0x6C, 0x29, 0xF8, + 0xE3, 0x02, 0xAD, 0x31, 0xED, 0x33, 0x31, 0xD6, + 0x20, 0xE3, 0xB6, 0x29, 0x45, 0x51, 0x01, 0xA1, + 0xF1, 0xCC, 0x7B, 0xA5, 0xE4, 0x6E, 0x68, 0xED, + 0x4A, 0x8C, 0xCC, 0x87, 0xB4, 0xDC, 0x75, 0xBC, + 0x01, 0x62, 0xB6, 0x33, 0x0F, 0x83, 0x3F, 0xBA, + 0x25, 0x75, 0xDF, 0xAF, 0x5B, 0x5F, 0x28, 0xBC, + 0x54, 0xFF, 0x2B, 0xA8, 0x1E, 0x7A, 0x47, 0x31, + 0x3C, 0x15, 0x48, 0x2B, 0x60, 0x5E, 0x66, 0xBB, + 0x38, 0xC6, 0x19, 0x8F, 0x13, 0x92, 0x10, 0x40, + 0x80, 0xFB, 0xE7, 0x8B, 0x86, 0xB1, 0xBC, 0x9A, + 0x6F, 0xB8, 0x81, 0xF5, 0xC7, 0x82, 0x01, 0x47, + 0xE6, 0xBA, 0x14, 0xB8, 0x1A, 0xCC, 0xF2, 0x0C, + 0xAE, 0x96, 0x64, 0x10, 0x94, 0xC2, 0x16, 0x90, + 0x2E, 0xA5, 0xC1, 0x25, 0xF6, 0xC9, 0x35, 0xA1, + 0x50, 0xD7, 0xC9, 0xAC, 0xC5, 0xD9, 0xE2, 0xE5, + 0xD9, 0x0E, 0x38, 0xC0, 0x50, 0x3A, 0xA9, 0x42, + 0x60, 0x17, 0xC7, 0x6A, 0xAF, 0xCD, 0x52, 0x61, + 0xB5, 0x06, 0x27, 0x4E, 0xC1, 0x3A, 0x96, 0x79, + 0xFB, 0x09, 0x79, 0x60, 0x27, 0xA4, 0xBB, 0x75, + 0x9D, 0x92, 0x82, 0x79, 0xB9, 0x4D, 0x84, 0x1A, + 0x09, 0x73, 0x93, 0xBF, 0x7E, 0x5B, 0xD6, 0x9A, + 0x49, 0x6C, 0xC3, 0xDE, 0xCD, 0x2B, 0x0F, 0x07, + 0xF8, 0x33, 0x92, 0xAA, 0xDE, 0x33, 0xDC, 0x51, + 0xB2, 0xA8, 0x4F, 0x6A, 0x07, 0x63, 0x5D, 0xC0, + 0xEF, 0x57, 0xA9, 0xAD, 0x59, 0x59, 0xB6, 0xA5, + 0x0B, 0x7B, 0xA5, 0x09, 0xAD, 0x5B, 0x11, 0xFA, + 0xD2, 0x6B, 0x41, 0x9F, 0x9F, 0x1E, 0x3F, 0x9C, + 0x73, 0x29, 0xB5, 0xA9, 0x53, 0xD7, 0xCC, 0x87, + 0xB2, 0xDE, 0x21, 0x06, 0x11, 0xCF, 0x52, 0xA6, + 0x39, 0xEF, 0x2B, 0x39, 0x08, 0x01, 0x2C, 0xB8, + 0x8E, 0x1D, 0x6F, 0x57, 0x62, 0x50, 0x79, 0xCB, + 0x10, 0x3D, 0x6C, 0x98, 0x10, 0x1A, 0x11, 0xBD, + 0x22, 0x33, 0xB6, 0x56, 0x02, 0xCA, 0x30, 0x49, + 0xBD, 0x32, 0x05, 0x20, 0x41, 0x9F, 0x76, 0xB0, + 0x61, 0xE3, 0x59, 0x8D, 0xE3, 0x81, 0x52, 0xC8, + 0x87, 0x67, 0xD1, 0xA2, 0x4F, 0xBD, 0x02, 0xBB, + 0x10, 0xC3, 0x8E, 0xAC, 0xAE, 0x31, 0x7D, 0xE6, + 0xBB, 0x28, 0x7B, 0x4D, 0x2C, 0xAE, 0x5D, 0xA0, + 0x21, 0x49, 0x65, 0xD8, 0x77, 0x37, 0x78, 0x62, + 0x6E, 0x9B, 0x97, 0x28, 0x59, 0xD8, 0x48, 0x2B, + 0x8D, 0x05, 0x47, 0xE4, 0xF5, 0x6D, 0xFF, 0x87, + 0x68, 0x1D, 0x5B, 0xC5, 0x12, 0x0F, 0x61, 0x3F, + 0xBB, 0xD9, 0x1E, 0x1F, 0x14, 0xE6, 0xDE, 0xFE, + 0x67, 0x2E, 0x2A, 0x7E, 0xAB, 0xCB, 0xBB, 0x9B, + 0x11, 0x08, 0x2C, 0x5E, 0x70, 0x0A, 0xA0, 0xB1, + 0xF7, 0xC1, 0x78, 0x5F, 0xCE, 0xD1, 0x9A, 0x93, + 0xAF, 0xE7, 0xC5, 0x9F, 0xA2, 0x51, 0x9B, 0xCD, + 0xEB, 0x49, 0x4C, 0x3D, 0x13, 0xB2, 0x12, 0x5F, + 0x38, 0x53, 0x23, 0xB8, 0x16, 0xC6, 0x8F, 0x8F, + 0x56, 0x28, 0xC7, 0xC2, 0xAB, 0xFD, 0x02, 0x78, + 0xA3, 0x37, 0x07, 0x3D, 0xA7, 0x4D, 0x16, 0x09, + 0x96, 0x98, 0xC4, 0xB1, 0x14, 0xE8, 0xA8, 0xCE, + 0x34, 0x4E, 0x0A, 0x15, 0xD0, 0xFC, 0x7E, 0xD4, + 0x97, 0xB0, 0x01, 0xD5, 0x3D, 0x4C, 0x96, 0xDC, + 0x39, 0x54, 0xD3, 0xB4, 0xB9, 0x56, 0xCB, 0x9D, + 0x2A, 0x27, 0x2C, 0x51, 0xF1, 0x55, 0x9B, 0x22, + 0x90, 0x4B, 0x40, 0xCC, 0x85, 0x31, 0xE4, 0x0C, + 0xC4, 0x12, 0xC6, 0x8C, 0xB6, 0xEE, 0xA4, 0xA4, + 0x09, 0x0B, 0x38, 0xE2, 0x79, 0x73, 0x29, 0x98, + 0x54, 0x67, 0xE8, 0x18, 0xA5, 0x24, 0xD3, 0x22, + 0x8E, 0xAC, 0xAE, 0x78, 0x25, 0xD3, 0xDA, 0xD2, + 0xEA, 0xA4, 0x22, 0xFD, 0xC7, 0x7A, 0xED, 0x71, + 0xA2, 0x05, 0xDA, 0x78, 0x38, 0xD9, 0x45, 0xE7, + 0xFE, 0xC3, 0x7E, 0x4D, 0xCA, 0x67, 0xE5, 0x04, + 0xCE, 0x35, 0xE5, 0xB0, 0x45, 0xF5, 0x6F, 0x1E, + 0x8D, 0x75, 0x29, 0xEB, 0xD6, 0xF1, 0xAF, 0x7B, + 0x6E, 0x93, 0x9E, 0x2B, 0x7A, 0xB4, 0x02, 0x7D, + 0x37, 0xA5, 0x13, 0x5D, 0x17, 0x2D, 0xA1, 0xAF, + 0x9C, 0xA2, 0xF7, 0x28, 0xA6, 0xF3, 0x7D, 0xE6, + 0x0D, 0xD2, 0x3D, 0x97, 0xD1, 0x1E, 0x75, 0xAB, + 0x1F, 0xD5, 0x1F, 0x8E, 0x9A, 0x13, 0x97, 0xE5, + 0x82, 0x21, 0x59, 0xDB, 0x58, 0x38, 0x02, 0xB3, + 0x2E, 0xEB, 0xB4, 0x56, 0x7E, 0xCE, 0x37, 0x46, + 0xD1, 0xAE, 0x33, 0x31, 0x47, 0x85, 0x64, 0x3D, + 0xD2, 0xA0, 0x74, 0x1E, 0x7F, 0x1B, 0xF2, 0xD2, + 0x61, 0xF2, 0x21, 0x24, 0xE8, 0xDD, 0xD0, 0x8C, + 0x64, 0x0A, 0x48, 0xB5, 0x47, 0x17, 0x51, 0x7C, + 0x21, 0xCD, 0x32, 0x53, 0x28, 0xBC, 0x23, 0x9C, + 0xA0, 0x28, 0xB2, 0x63, 0x0D, 0x06, 0x3C, 0x8C, + 0xC2, 0x0B, 0xE9, 0xBD, 0xB4, 0x85, 0x02, 0xDA, + 0xDD, 0xE7, 0x3F, 0xFE, 0xD5, 0x96, 0x38, 0x16, + 0x53, 0x3E, 0x02, 0x0A, 0xED, 0x12, 0x08, 0x53, + 0x62, 0x55, 0xB1, 0xCC, 0xE9, 0x85, 0x43, 0x31, + 0x27, 0xFF, 0x4F, 0x04, 0xD5, 0xB1, 0xE2, 0xF2, + 0x10, 0x87, 0x04, 0xB8, 0xB9, 0x66, 0x58, 0x8C, + 0x01, 0x56, 0xAF, 0xC2, 0xAE, 0x19, 0x29, 0x86, + 0xFB, 0xEC, 0x44, 0x3B, 0xAE, 0xF6, 0xCB, 0x85, + 0xA6, 0xF2, 0x9C, 0x77, 0x92, 0x40, 0x5A, 0x24, + 0x11, 0x47, 0x10, 0xAE, 0x1C, 0x74, 0x64, 0x44, + 0xFD, 0xF5, 0xFB, 0x65, 0x9E, 0x5E, 0x34, 0x68, + 0x26, 0x20, 0x7B, 0x8C, 0x54, 0x46, 0x3A, 0x06, + 0x17, 0xCE, 0x17, 0xFF, 0x33, 0xE4, 0x0F, 0x93, + 0x1F, 0xE5, 0x76, 0x71, 0x5C, 0x93, 0x2E, 0xF2, + 0x9F, 0xD7, 0x6B, 0x04, 0xA6, 0x9B, 0x58, 0xE0, + 0x30, 0x3D, 0x8E, 0xF2, 0x56, 0x78, 0xC8, 0xB7, + 0x0A, 0xF1, 0x2E, 0x90, 0x45, 0x59, 0x1C, 0x04, + 0xE8, 0xB7, 0x71, 0x06, 0x94, 0x04, 0x15, 0x17, + 0x7E, 0x86, 0x85, 0x93, 0xA0, 0x9C, 0x7E, 0x14, + 0x61, 0x9A, 0x4B, 0x33, 0x2F, 0x9A, 0xDC, 0x3A, + 0x65, 0x8B, 0x86, 0x01, 0x7F, 0x32, 0x65, 0x6C, + 0x54, 0x29, 0xC1, 0x15, 0xE1, 0x10, 0x03, 0x7A, + 0x8C, 0xC7, 0xE5, 0x44, 0x67, 0x7D, 0x2D, 0xD2, + 0x39, 0xA5, 0x9D, 0x54, 0xD0, 0xF3, 0xC7, 0x46, + 0x0E, 0xC1, 0x52, 0x08, 0x34, 0x6B, 0xA5, 0x6D, + 0xF5, 0x08, 0x6C, 0x5D, 0xBC, 0xC4, 0x1E, 0x0C, + 0x95, 0xFC, 0xB6, 0x86, 0x1C, 0x2C, 0x0C, 0x32, + 0xAA, 0xF3, 0x45, 0x4E, 0xFE, 0xE2, 0xFF, 0xBA, + 0x21, 0x4B, 0x43, 0x0E, 0xF2, 0x48, 0xA5, 0x9B, + 0x32, 0x44, 0x4D, 0x8D, 0x0D, 0x3D, 0xB8, 0x7C, + 0x9D, 0x4B, 0x15, 0x36, 0xD1, 0x57, 0x72, 0x8E, + 0xE7, 0x58, 0x5E, 0xF5, 0x32, 0x77, 0x6A, 0x00, + 0x3A, 0x02, 0x3C, 0x0A, 0xB0, 0xE9, 0xFF, 0x55, + 0x71, 0x08, 0xC3, 0x90, 0x68, 0x4D, 0x56, 0x5A, + 0x66, 0x50, 0x63, 0x26, 0x6A, 0xE6, 0x67, 0x0E, + 0xD5, 0x3B, 0x0F, 0xAF, 0x8F, 0xF6, 0x78, 0x29, + 0xBB, 0x73, 0x78, 0x25, 0xB1, 0x53, 0xA9, 0x33, + 0x8C, 0xBE, 0x3D, 0xF1, 0xA4, 0x62, 0x84, 0x9B, + 0x93, 0xA8, 0x1F, 0x84, 0xED, 0x07, 0xBE, 0x6D, + 0x62, 0x40, 0x00, 0x32, 0x74, 0x73, 0x7F, 0x61, + 0x8D, 0xCB, 0x26, 0xE4, 0x82, 0x52, 0xCE, 0x42, + 0x04, 0xDD, 0x31, 0x39, 0xFF, 0x68, 0x76, 0xF4, + 0x3B, 0x30, 0x5D, 0x83, 0x56, 0x20, 0xFE, 0xDF, + 0x79, 0xAA, 0x67, 0x43, 0x3D, 0xC2, 0x52, 0x87, + 0x32, 0x0E, 0x99, 0x17, 0x96, 0x7B, 0x70, 0xB2, + 0xD8, 0x66, 0xD1, 0x7B, 0x69, 0x8B, 0xFF, 0xF2, + 0xB3, 0xAB, 0x95, 0x14, 0x94, 0x9E, 0x58, 0xB5, + 0x7C, 0x68, 0xA4, 0x54, 0x12, 0xC1, 0xFC, 0x42, + 0x1C, 0x76, 0x8B, 0xF5, 0xEE, 0x8A, 0x10, 0xC8, + 0xAE, 0xF5, 0x69, 0x26, 0xF5, 0x1E, 0xC6, 0x2C, + 0x11, 0x56, 0x9F, 0x31, 0xAA, 0x51, 0x78, 0x68, + 0xE5, 0xCA, 0xD8, 0x9E, 0x95, 0x80, 0x66, 0xEB, + 0x9E, 0xDD, 0x72, 0x71, 0xB3, 0x1C, 0xB4, 0xB1, + 0xD6, 0xCE, 0x21, 0x12, 0x25, 0xAE, 0xB5, 0xB5, + 0x7F, 0x74, 0x97, 0x19, 0xDA, 0x07, 0xEC, 0xBE, + 0xFE, 0x03, 0x88, 0x1D, 0xDE, 0x3D, 0x81, 0xE4, + 0x13, 0x5F, 0x2D, 0xC8, 0x1A, 0xF7, 0x79, 0x77, + 0x6C, 0x1B, 0x80, 0x57, 0x16, 0x2A, 0x6C, 0x98, + 0x2F, 0xBB, 0x4D, 0xA6, 0xA9, 0xAD, 0x28, 0x4A, + 0xB1, 0x0C, 0x70, 0x02, 0x20, 0x44, 0xF4, 0x6D, + 0x40, 0x0B, 0xF6, 0xAD, 0x71, 0x82, 0xD1, 0x97, + 0x78, 0x99, 0x83, 0xBE, 0x99, 0x22, 0x79, 0x79, + 0xA1, 0x33, 0x4B, 0xA1, 0x49, 0xD8, 0x69, 0xBA, + 0x1C, 0x40, 0x88, 0x12, 0x34, 0x35, 0xBF, 0x97, + 0x85, 0x41, 0x35, 0x6D, 0xAF, 0x17, 0x1F, 0x33, + 0xAD, 0xB1, 0xC9, 0x79, 0x07, 0xA0, 0xFB, 0x58, + 0x45, 0x07, 0x4A, 0x85, 0xD2, 0x6F, 0x54, 0x61, + 0x35, 0xAE, 0xD0, 0xF9, 0x1B, 0xE4, 0x53, 0x9C, + 0x12, 0xBF, 0x94, 0x11, 0xE4, 0xB5, 0x56, 0xF6, + 0x87, 0xD0, 0x69, 0xDB, 0x6B, 0x21, 0xFE, 0x2B, + 0x7F, 0x32, 0x18, 0x87, 0x44, 0x8C, 0xEA, 0x55, + 0xDB, 0x19, 0xFB, 0xB8, 0xB0, 0x48, 0x2A, 0x55, + 0xAE, 0xC1, 0x67, 0x38, 0xD7, 0x4C, 0xD2, 0x65, + 0x09, 0x38, 0x36, 0xBE, 0x99, 0xD4, 0xFB, 0x53, + 0xE9, 0xB0, 0x14, 0xB0, 0x37, 0xCD, 0xBF, 0xE9 + }; + static const byte sk_87[] = { + 0x69, 0x24, 0xBB, 0x42, 0x57, 0xA7, 0xB9, 0xAF, + 0xF0, 0x95, 0xC3, 0x0B, 0xB3, 0x5C, 0x6A, 0xE4, + 0x19, 0x82, 0x63, 0x12, 0x0F, 0x80, 0x39, 0xAA, + 0x4E, 0x78, 0xE1, 0x74, 0xA7, 0x86, 0xCE, 0x00, + 0x3B, 0x9A, 0xC2, 0xC1, 0x42, 0x2A, 0x1A, 0xE8, + 0x02, 0xDD, 0xD7, 0x46, 0x4D, 0x3F, 0x32, 0x72, + 0x9A, 0x3C, 0x7D, 0xE8, 0x94, 0xD5, 0x06, 0xAC, + 0xAD, 0x25, 0xCE, 0xB3, 0x72, 0xEA, 0x31, 0x49, + 0xC9, 0x87, 0x80, 0xDC, 0xD1, 0x31, 0x4B, 0xAA, + 0x29, 0xB9, 0xB8, 0x07, 0x75, 0x4C, 0x47, 0xDE, + 0x5D, 0xCA, 0x95, 0x40, 0x64, 0xF2, 0x85, 0x28, + 0xB8, 0x15, 0xFE, 0x27, 0xB7, 0x9A, 0xC5, 0x06, + 0xB3, 0xAD, 0x76, 0x29, 0xD2, 0xC9, 0x71, 0xAB, + 0x8F, 0x28, 0x2E, 0x0C, 0x6E, 0x7E, 0x55, 0x48, + 0xEE, 0x0E, 0x11, 0x32, 0x42, 0xB7, 0xA0, 0xE0, + 0x64, 0xA6, 0xDB, 0xCE, 0x30, 0xC5, 0x61, 0x9B, + 0x19, 0x80, 0x08, 0x89, 0xA0, 0x44, 0x04, 0xB5, + 0x00, 0x13, 0xC0, 0x88, 0xC1, 0x30, 0x29, 0x62, + 0x12, 0x4C, 0xD3, 0xB4, 0x91, 0x0A, 0x35, 0x2C, + 0x43, 0x12, 0x31, 0x19, 0x99, 0x65, 0x22, 0x18, + 0x52, 0x02, 0xC3, 0x85, 0x23, 0x44, 0x0D, 0x90, + 0x24, 0x4A, 0x1A, 0x30, 0x22, 0x44, 0x28, 0x61, + 0x81, 0x06, 0x29, 0x18, 0x97, 0x68, 0x0A, 0x20, + 0x09, 0x08, 0x32, 0x6A, 0x44, 0xA4, 0x4C, 0x44, + 0x90, 0x21, 0x8A, 0x16, 0x68, 0x9A, 0xA8, 0x51, + 0x1A, 0xA5, 0x2C, 0x62, 0x46, 0x8D, 0x04, 0xC3, + 0x40, 0xD3, 0x86, 0x28, 0x60, 0xA4, 0x60, 0x13, + 0x18, 0x70, 0x84, 0x94, 0x8C, 0x63, 0xC0, 0x44, + 0x04, 0xA9, 0x28, 0x20, 0x08, 0x20, 0x43, 0x16, + 0x2A, 0x23, 0x29, 0x2D, 0x1A, 0xB1, 0x29, 0x48, + 0xB6, 0x09, 0x21, 0x88, 0x31, 0x00, 0xC5, 0x30, + 0x00, 0xC4, 0x8C, 0xD9, 0x82, 0x68, 0xE1, 0x30, + 0x4C, 0x63, 0x32, 0x45, 0x0C, 0x32, 0x86, 0x18, + 0x08, 0x31, 0x91, 0x98, 0x0D, 0x10, 0xB8, 0x70, + 0x9B, 0x30, 0x22, 0x64, 0x04, 0x08, 0x93, 0xA4, + 0x8C, 0x21, 0xC9, 0x70, 0x0C, 0x35, 0x71, 0x5B, + 0x00, 0x0D, 0x14, 0x31, 0x22, 0xCC, 0x98, 0x10, + 0x21, 0x04, 0x80, 0x9B, 0x28, 0x64, 0x1C, 0x30, + 0x80, 0x21, 0x30, 0x71, 0x18, 0x33, 0x50, 0x24, + 0x25, 0x44, 0x08, 0x17, 0x8C, 0xC0, 0x08, 0x48, + 0x84, 0x44, 0x90, 0x48, 0x98, 0x30, 0xCA, 0x44, + 0x00, 0x09, 0x19, 0x51, 0x19, 0x23, 0x0C, 0x52, + 0x20, 0x0E, 0x49, 0x06, 0x32, 0x1C, 0x15, 0x4E, + 0x19, 0x48, 0x85, 0x13, 0x25, 0x49, 0xA3, 0x00, + 0x04, 0x08, 0x15, 0x6D, 0x20, 0x41, 0x0C, 0xDA, + 0x42, 0x52, 0xC1, 0x34, 0x8C, 0x00, 0x31, 0x69, + 0x43, 0x82, 0x24, 0x64, 0x94, 0x6D, 0x1C, 0x81, + 0x11, 0x01, 0x96, 0x21, 0x4B, 0x02, 0x00, 0xCA, + 0x28, 0x84, 0xCC, 0x46, 0x64, 0x51, 0x18, 0x6A, + 0x18, 0x10, 0x00, 0xA4, 0x98, 0x21, 0x60, 0xB0, + 0x68, 0x03, 0x94, 0x6C, 0x94, 0x48, 0x51, 0x80, + 0x40, 0x46, 0x92, 0x22, 0x2C, 0x23, 0x44, 0x69, + 0x98, 0x26, 0x4D, 0x1C, 0x01, 0x08, 0x52, 0x02, + 0x20, 0x8A, 0xA6, 0x08, 0x0A, 0x31, 0x61, 0x93, + 0x40, 0x0E, 0x9C, 0xC8, 0x11, 0x81, 0x32, 0x2E, + 0x21, 0x15, 0x84, 0x84, 0xC2, 0x41, 0x00, 0x22, + 0x72, 0x54, 0x22, 0x62, 0x58, 0x06, 0x92, 0x48, + 0x48, 0x44, 0x11, 0x27, 0x04, 0x04, 0xC0, 0x11, + 0x92, 0x82, 0x45, 0xA1, 0xC6, 0x8C, 0xE3, 0x32, + 0x66, 0xC1, 0x38, 0x72, 0x5A, 0x86, 0x01, 0x0C, + 0xC9, 0x90, 0x84, 0x34, 0x08, 0x58, 0xA8, 0x60, + 0x80, 0xC0, 0x70, 0xD0, 0x26, 0x62, 0x9B, 0x30, + 0x2A, 0x04, 0x29, 0x69, 0x04, 0x10, 0x8D, 0x0B, + 0xB9, 0x04, 0x50, 0x46, 0x28, 0x50, 0x48, 0x24, + 0xD0, 0x48, 0x05, 0xA2, 0x48, 0x02, 0xC3, 0x20, + 0x8C, 0xA0, 0x14, 0x00, 0x41, 0x38, 0x21, 0x4B, + 0x24, 0x01, 0x04, 0xB5, 0x49, 0x42, 0x00, 0x00, + 0x0C, 0x24, 0x28, 0x12, 0x40, 0x84, 0xA2, 0x20, + 0x44, 0x9B, 0x06, 0x90, 0x63, 0xC0, 0x88, 0x8C, + 0x14, 0x21, 0x49, 0x12, 0x10, 0x54, 0x16, 0x24, + 0x20, 0x87, 0x44, 0x50, 0x10, 0x85, 0x0C, 0xB5, + 0x64, 0xDB, 0x24, 0x41, 0xD0, 0x42, 0x29, 0x9A, + 0x16, 0x8A, 0x21, 0xB4, 0x4C, 0x13, 0xB7, 0x70, + 0x10, 0xC0, 0x85, 0x19, 0x02, 0x69, 0xCC, 0x40, + 0x61, 0x1C, 0x48, 0x46, 0x98, 0x06, 0x25, 0x60, + 0x14, 0x46, 0xE4, 0x22, 0x62, 0x24, 0x27, 0x22, + 0x62, 0x24, 0x29, 0x44, 0xC6, 0x2D, 0x08, 0x31, + 0x84, 0x20, 0x32, 0x21, 0x04, 0xB4, 0x61, 0x0A, + 0x38, 0x12, 0xD9, 0x28, 0x44, 0xA4, 0x08, 0x20, + 0xCC, 0xA8, 0x29, 0x0B, 0x21, 0x31, 0x0A, 0x34, + 0x29, 0x03, 0x21, 0x40, 0xC1, 0xA2, 0x6C, 0x8A, + 0x16, 0x12, 0x52, 0xA6, 0x64, 0xA3, 0xB2, 0x51, + 0x04, 0x29, 0x51, 0xC4, 0x04, 0x91, 0x63, 0xB0, + 0x2D, 0x14, 0x44, 0x30, 0x8C, 0x40, 0x66, 0x0C, + 0x40, 0x0C, 0x01, 0xA5, 0x2C, 0x09, 0x94, 0x2D, + 0x62, 0xC6, 0x11, 0x03, 0x98, 0x50, 0x19, 0x10, + 0x4D, 0x19, 0xA8, 0x28, 0xD3, 0x86, 0x40, 0xC0, + 0x30, 0x65, 0x54, 0xA6, 0x71, 0xE0, 0xB4, 0x85, + 0x9B, 0x86, 0x10, 0x04, 0x36, 0x69, 0xD0, 0x46, + 0x29, 0x18, 0xA3, 0x71, 0x40, 0x22, 0x49, 0x00, + 0x43, 0x85, 0xCB, 0x40, 0x28, 0x89, 0x36, 0x66, + 0x41, 0x22, 0x69, 0xA4, 0x28, 0x51, 0xD9, 0x80, + 0x29, 0x14, 0x07, 0x21, 0xDA, 0x80, 0x91, 0x1B, + 0x26, 0x50, 0x5B, 0xA0, 0x60, 0x99, 0x42, 0x71, + 0x50, 0x88, 0x49, 0x10, 0x23, 0x09, 0x5A, 0x90, + 0x21, 0x22, 0x27, 0x8E, 0x43, 0xB2, 0x70, 0x0C, + 0xC9, 0x4C, 0xA4, 0x02, 0x70, 0x92, 0x40, 0x10, + 0x0A, 0x39, 0x70, 0x02, 0x36, 0x0E, 0x11, 0x30, + 0x41, 0xD8, 0x40, 0x2D, 0x1B, 0x24, 0x6D, 0xC3, + 0x92, 0x61, 0x4C, 0x86, 0x8D, 0x21, 0xB8, 0x00, + 0xD3, 0x24, 0x22, 0x12, 0xC8, 0x21, 0x12, 0x99, + 0x85, 0x09, 0x16, 0x0C, 0x5A, 0xA2, 0x24, 0x09, + 0x34, 0x42, 0x10, 0xA2, 0x24, 0x03, 0x42, 0x8C, + 0xC0, 0xB2, 0x8D, 0x12, 0xB6, 0x69, 0x63, 0x34, + 0x0D, 0xCC, 0xB0, 0x65, 0xA1, 0x12, 0x11, 0x4A, + 0x38, 0x69, 0xCC, 0x14, 0x81, 0x58, 0x44, 0x09, + 0x54, 0xA6, 0x80, 0x0C, 0xA8, 0x05, 0xC4, 0x38, + 0x8A, 0x84, 0x06, 0x01, 0x9B, 0x32, 0x2D, 0x83, + 0x12, 0x90, 0x09, 0x02, 0x60, 0xA1, 0x28, 0x88, + 0x58, 0x10, 0x41, 0x24, 0x40, 0x02, 0x19, 0x34, + 0x48, 0x18, 0xA0, 0x4D, 0x00, 0x10, 0x62, 0x13, + 0x22, 0x50, 0xE3, 0x38, 0x21, 0x9A, 0x96, 0x21, + 0x53, 0x08, 0x80, 0x51, 0x26, 0x01, 0x99, 0xC4, + 0x28, 0x1B, 0xB9, 0x71, 0x04, 0x97, 0x84, 0x04, + 0x05, 0x2C, 0xA0, 0xC2, 0x10, 0xD3, 0x42, 0x81, + 0x81, 0x42, 0x4D, 0x61, 0x84, 0x6C, 0x5A, 0x30, + 0x49, 0x1B, 0xC2, 0x24, 0xC0, 0x20, 0x28, 0xCA, + 0x92, 0x2D, 0x4A, 0x90, 0x10, 0x04, 0x27, 0x86, + 0x4C, 0x96, 0x21, 0x09, 0x19, 0x45, 0x14, 0x82, + 0x2C, 0x11, 0xA6, 0x91, 0x13, 0xB8, 0x04, 0x03, + 0x18, 0x70, 0x01, 0xA2, 0x51, 0x52, 0x14, 0x49, + 0x5A, 0x02, 0x30, 0xCB, 0x30, 0x2C, 0x94, 0x10, + 0x2C, 0x00, 0x49, 0x86, 0x09, 0xA0, 0x25, 0xC2, + 0x12, 0x4C, 0x1B, 0x02, 0x69, 0x40, 0xA4, 0x44, + 0x41, 0x16, 0x62, 0x02, 0x25, 0x28, 0xDC, 0xA2, + 0x2D, 0x00, 0x16, 0x42, 0x58, 0x30, 0x66, 0x5B, + 0x86, 0x24, 0xD4, 0x24, 0x48, 0xDB, 0x26, 0x0C, + 0x4C, 0x08, 0x85, 0x01, 0x90, 0x49, 0x21, 0x24, + 0x41, 0x54, 0x06, 0x84, 0x02, 0x43, 0x4A, 0x24, + 0x42, 0x05, 0x40, 0x14, 0x48, 0xCA, 0x44, 0x84, + 0xC0, 0x42, 0x0C, 0x98, 0x26, 0x04, 0x9C, 0xA2, + 0x05, 0xD1, 0xC2, 0x51, 0x13, 0x01, 0x86, 0x1C, + 0xA1, 0x50, 0xD9, 0x02, 0x50, 0x0C, 0x39, 0x86, + 0x8C, 0x00, 0x31, 0x22, 0x05, 0x48, 0xD3, 0x10, + 0x81, 0x12, 0x48, 0x05, 0xD1, 0x08, 0x69, 0x62, + 0x38, 0x2C, 0x0A, 0x23, 0x70, 0x9B, 0x44, 0x72, + 0xE3, 0x48, 0x6E, 0x22, 0x96, 0x70, 0x14, 0x33, + 0x6C, 0xD8, 0x90, 0x29, 0x03, 0x00, 0x49, 0x63, + 0x20, 0x8A, 0x03, 0x91, 0x25, 0x08, 0x89, 0x21, + 0xC0, 0x82, 0x0C, 0x99, 0x40, 0x32, 0xC2, 0x34, + 0x4E, 0x4B, 0x98, 0x69, 0x09, 0x80, 0x44, 0xE4, + 0x04, 0x69, 0x94, 0x20, 0x09, 0x99, 0x24, 0x6D, + 0x09, 0xA9, 0x60, 0x01, 0x29, 0x2D, 0xC8, 0x42, + 0x28, 0x8A, 0x34, 0x02, 0xE4, 0x08, 0x70, 0x0C, + 0x23, 0x6E, 0x0A, 0x05, 0x49, 0x64, 0x44, 0x2A, + 0x82, 0xC8, 0x00, 0x02, 0x48, 0x31, 0xCB, 0x90, + 0x50, 0x1C, 0x05, 0x68, 0x12, 0x12, 0x2C, 0xD0, + 0x80, 0x0C, 0x59, 0x48, 0x61, 0xCB, 0xA6, 0x09, + 0x9C, 0xC0, 0x81, 0x42, 0xB8, 0x00, 0x24, 0x41, + 0x8A, 0x94, 0x20, 0x40, 0x42, 0x14, 0x4D, 0x19, + 0x46, 0x62, 0x18, 0x05, 0x09, 0x24, 0x33, 0x6A, + 0xD4, 0x00, 0x61, 0x12, 0x48, 0x32, 0x8A, 0x04, + 0x72, 0x93, 0xB4, 0x69, 0x62, 0xC2, 0x71, 0x41, + 0xA6, 0x89, 0x44, 0x96, 0x31, 0x62, 0x30, 0x46, + 0x83, 0x42, 0x6C, 0x00, 0x19, 0x22, 0x09, 0x46, + 0x4D, 0x8B, 0x06, 0x49, 0xE1, 0xB0, 0x70, 0x42, + 0x44, 0x31, 0xC1, 0x80, 0x65, 0x9C, 0x00, 0x24, + 0x11, 0xA8, 0x31, 0x13, 0x21, 0x2C, 0x4B, 0x46, + 0x28, 0x1B, 0x18, 0x0D, 0x88, 0x42, 0x70, 0xD1, + 0xB0, 0x0D, 0x90, 0xC8, 0x45, 0xDA, 0xC2, 0x48, + 0x59, 0x14, 0x26, 0x22, 0x44, 0x00, 0xC2, 0x94, + 0x41, 0x50, 0xC8, 0x04, 0x18, 0x00, 0x00, 0xCB, + 0xA6, 0x24, 0x19, 0x02, 0x10, 0x10, 0x89, 0x0C, + 0x18, 0x22, 0x21, 0x62, 0xA8, 0x81, 0xC8, 0x92, + 0x48, 0xD3, 0x94, 0x20, 0x82, 0x06, 0x72, 0x09, + 0xA8, 0x90, 0x0C, 0x49, 0x8A, 0x41, 0x86, 0x28, + 0x19, 0xC5, 0x80, 0x9A, 0x18, 0x4D, 0x14, 0x10, + 0x2E, 0x22, 0x12, 0x52, 0x00, 0x08, 0x12, 0x0C, + 0x33, 0x45, 0x63, 0xC6, 0x30, 0x10, 0x93, 0x4C, + 0x60, 0xC6, 0x31, 0xDC, 0x40, 0x0E, 0x98, 0x82, + 0x50, 0x60, 0x02, 0x2A, 0xD2, 0x22, 0x40, 0xE4, + 0x06, 0x2D, 0xDB, 0x32, 0x0E, 0xCA, 0x32, 0x4E, + 0xD4, 0x18, 0x24, 0x08, 0xC3, 0x28, 0x4A, 0xC2, + 0x68, 0xE2, 0x80, 0x40, 0xA1, 0xC8, 0x64, 0x51, + 0xC2, 0x65, 0xCB, 0x16, 0x60, 0x23, 0x09, 0x4C, + 0x82, 0x04, 0x68, 0xD9, 0x22, 0x2E, 0x1C, 0x49, + 0x92, 0x42, 0x24, 0x21, 0x00, 0x37, 0x0E, 0xC8, + 0x12, 0x72, 0x64, 0x08, 0x25, 0x0A, 0x20, 0x2A, + 0x58, 0x24, 0x04, 0x59, 0x16, 0x4C, 0x08, 0x17, + 0x30, 0x00, 0x46, 0x05, 0x12, 0x90, 0x40, 0x03, + 0x07, 0x21, 0x52, 0xC0, 0x64, 0x1C, 0x83, 0x6D, + 0x9C, 0x32, 0x2E, 0x11, 0x15, 0x8A, 0x10, 0x35, + 0x88, 0x5A, 0xA0, 0x8D, 0xD9, 0x80, 0x48, 0x03, + 0xB6, 0x4C, 0x01, 0x10, 0x65, 0x10, 0x86, 0x40, + 0x11, 0x01, 0x42, 0x0A, 0xC1, 0x64, 0xDB, 0x22, + 0x4D, 0x64, 0xB2, 0x51, 0x02, 0x36, 0x0D, 0x93, + 0x46, 0x31, 0x14, 0xB6, 0x68, 0x63, 0x84, 0x29, + 0xC8, 0x10, 0x24, 0x94, 0x30, 0x08, 0x19, 0x37, + 0x02, 0x14, 0x82, 0x45, 0x88, 0x28, 0x40, 0x54, + 0xA8, 0x29, 0x90, 0x14, 0x12, 0x61, 0x36, 0x12, + 0x0B, 0x09, 0x8C, 0xA4, 0x98, 0x28, 0xC2, 0x92, + 0x45, 0x4C, 0x00, 0x60, 0x63, 0xC4, 0x81, 0xC0, + 0x36, 0x25, 0xCA, 0x88, 0x2D, 0x24, 0x40, 0x30, + 0xD3, 0xA8, 0x2D, 0xC9, 0xC8, 0x25, 0xD2, 0x84, + 0x48, 0x00, 0x32, 0x92, 0x50, 0xA2, 0x71, 0xD3, + 0x44, 0x0D, 0x22, 0x34, 0x60, 0x12, 0x13, 0x12, + 0x86, 0x8C, 0x5F, 0x86, 0x20, 0x79, 0x4A, 0x05, + 0x0E, 0x20, 0xD0, 0xE1, 0x01, 0x17, 0x86, 0x24, + 0x0E, 0xA6, 0x64, 0xF2, 0xF6, 0x9B, 0xB1, 0xB7, + 0xE3, 0x0E, 0xC6, 0x6B, 0x1A, 0x4A, 0x0B, 0xE5, + 0x9B, 0x79, 0xF2, 0x19, 0x8A, 0xD9, 0x80, 0x44, + 0x83, 0xE4, 0x75, 0xE5, 0x3B, 0x3C, 0x49, 0xCB, + 0x0C, 0xE5, 0xEF, 0x92, 0x91, 0x2A, 0xF4, 0x40, + 0xF2, 0x3B, 0x99, 0x58, 0x13, 0xD1, 0x1B, 0x59, + 0xF7, 0x98, 0xE9, 0x3C, 0x9D, 0x13, 0x53, 0x98, + 0x17, 0xC7, 0xAC, 0x68, 0xCA, 0xD1, 0xAA, 0x1A, + 0xC2, 0x76, 0x56, 0xBD, 0x0C, 0x47, 0x97, 0xE9, + 0xC8, 0xEC, 0x17, 0x78, 0x4C, 0x1A, 0x32, 0x7A, + 0x9D, 0xFE, 0xAF, 0x4D, 0x61, 0x91, 0xEE, 0xCD, + 0xAF, 0xE0, 0x49, 0xB7, 0x33, 0xFE, 0x39, 0xD5, + 0xEB, 0x40, 0x00, 0x93, 0x6F, 0xEE, 0xFC, 0xF8, + 0x29, 0x28, 0xE9, 0xF9, 0x4C, 0xFD, 0x5C, 0xF4, + 0xC1, 0xE3, 0xDE, 0xB1, 0x43, 0x3A, 0x47, 0xF6, + 0xD3, 0x28, 0xB5, 0xE8, 0x3D, 0xD1, 0x56, 0xD0, + 0x18, 0x2D, 0xC6, 0x92, 0x34, 0x75, 0x91, 0xAA, + 0x6F, 0x73, 0x2C, 0xFB, 0xE9, 0x82, 0x93, 0x5F, + 0xD1, 0x84, 0x6C, 0xAC, 0xF4, 0xCB, 0x85, 0x15, + 0xC5, 0x5A, 0xB8, 0x5E, 0xE5, 0xAD, 0x44, 0xCB, + 0x09, 0xD3, 0x26, 0x9E, 0x2E, 0x6D, 0x11, 0x78, + 0x09, 0x61, 0xFD, 0x13, 0x1D, 0x5E, 0x6F, 0xBF, + 0x89, 0x84, 0x9F, 0x47, 0xF2, 0xB7, 0x1D, 0x82, + 0x83, 0xFF, 0x25, 0x38, 0x5E, 0x52, 0xB0, 0x7D, + 0xBB, 0x26, 0x6C, 0x67, 0x4C, 0xEE, 0x3D, 0x0B, + 0x5D, 0xF5, 0xA5, 0x6D, 0x8B, 0xDC, 0xDC, 0xFA, + 0xAE, 0xE6, 0xA2, 0x48, 0xE7, 0x1D, 0xB1, 0x34, + 0x5A, 0xFC, 0x59, 0x7C, 0xA8, 0x30, 0xA1, 0xA3, + 0x5B, 0x43, 0x96, 0xEF, 0x4C, 0x1A, 0xDF, 0x9E, + 0xD0, 0x1B, 0xCE, 0x9B, 0x6E, 0xB6, 0x37, 0xFA, + 0x24, 0xAA, 0x16, 0x0B, 0x90, 0x76, 0xBA, 0xE3, + 0x05, 0x59, 0xF8, 0xB2, 0x9D, 0xED, 0xB3, 0xD2, + 0x5B, 0x79, 0x06, 0x4A, 0xB0, 0xCF, 0x8B, 0x8D, + 0x70, 0xAD, 0xDD, 0xEB, 0x8B, 0x17, 0x42, 0x48, + 0xD5, 0xAE, 0xA4, 0xD1, 0x8D, 0xE4, 0x3B, 0x89, + 0x38, 0xCD, 0xD2, 0xAC, 0xBA, 0x54, 0x77, 0xBD, + 0x4A, 0xAC, 0xC3, 0xCE, 0x59, 0x5E, 0x5D, 0x26, + 0x9F, 0xE6, 0x75, 0x21, 0x0D, 0x23, 0x15, 0x2B, + 0x04, 0x71, 0x0F, 0x36, 0x84, 0x28, 0x79, 0x4A, + 0x75, 0xF4, 0x9B, 0x68, 0x3E, 0xD2, 0x0D, 0xD6, + 0x47, 0x51, 0x57, 0x77, 0x95, 0x5A, 0x8C, 0xB3, + 0x8A, 0x36, 0xAF, 0xCD, 0x2C, 0xE0, 0xAC, 0xEC, + 0x4F, 0x0D, 0xFE, 0x80, 0x77, 0x02, 0xD1, 0xEB, + 0x3B, 0xDE, 0x72, 0xE9, 0xE0, 0x85, 0xAA, 0x4E, + 0x09, 0xEB, 0x1B, 0x09, 0x47, 0x41, 0x38, 0x52, + 0xEC, 0x3C, 0x0A, 0xC5, 0x2F, 0x06, 0xCB, 0x95, + 0x9C, 0x85, 0x39, 0x4E, 0xB3, 0x74, 0x81, 0x19, + 0xED, 0xBE, 0x6C, 0x80, 0xD2, 0xD8, 0xF7, 0x92, + 0xCE, 0x0D, 0x91, 0x5E, 0x4F, 0x4B, 0x15, 0x1E, + 0xFB, 0x13, 0x5E, 0x7F, 0x4D, 0xC9, 0x7D, 0x85, + 0x81, 0x41, 0xC5, 0x7F, 0x70, 0x41, 0x7B, 0x43, + 0xA6, 0xA1, 0x26, 0x95, 0x69, 0x78, 0xD7, 0x8E, + 0xFB, 0x9F, 0x03, 0x72, 0x43, 0xB4, 0xCB, 0x41, + 0xDF, 0x96, 0x8B, 0x7E, 0xE5, 0xB5, 0x20, 0x87, + 0xF0, 0x5A, 0xA9, 0xFE, 0x48, 0x7B, 0xD1, 0x6C, + 0x03, 0x47, 0xCF, 0x13, 0x35, 0x76, 0x0B, 0xD2, + 0x39, 0x8A, 0xD5, 0x4D, 0xDA, 0x00, 0xA5, 0xAA, + 0xC4, 0x46, 0xD8, 0x0B, 0x1C, 0x79, 0x98, 0xC6, + 0x02, 0x19, 0x2A, 0xDA, 0xFC, 0xB8, 0x09, 0xD1, + 0x4E, 0xE3, 0x28, 0x64, 0x1B, 0xA3, 0xAA, 0x00, + 0xF8, 0xD2, 0x9C, 0x3A, 0x84, 0x8A, 0xCB, 0xDC, + 0x19, 0x46, 0xBC, 0x0D, 0x35, 0xE0, 0xBE, 0x0F, + 0x8F, 0x7E, 0x3D, 0xA3, 0xF6, 0x8D, 0x9F, 0xA9, + 0x76, 0x8F, 0x5C, 0xF2, 0x75, 0x53, 0x4A, 0x0E, + 0xCA, 0x9E, 0x60, 0xFC, 0xEA, 0x38, 0xF1, 0xE0, + 0x42, 0xC3, 0x16, 0x14, 0x3A, 0x76, 0x7B, 0x33, + 0xAC, 0xCA, 0xD8, 0xC8, 0xD6, 0x6C, 0x70, 0xC7, + 0x5F, 0xD1, 0xF0, 0xB2, 0x58, 0x6B, 0x65, 0x3A, + 0xD4, 0xAF, 0x54, 0xE5, 0x6E, 0xF0, 0x69, 0x33, + 0xEA, 0xD3, 0x1D, 0xE3, 0x65, 0xD1, 0x10, 0xB9, + 0xC4, 0xA2, 0xA9, 0x8B, 0xCB, 0xA1, 0x65, 0xCA, + 0xFE, 0x38, 0x6F, 0x88, 0x7C, 0x72, 0x15, 0x6E, + 0xB1, 0x4F, 0xF0, 0xDA, 0xD6, 0x65, 0x61, 0x6C, + 0xE3, 0xCE, 0x65, 0xC1, 0x90, 0x4F, 0x2C, 0x17, + 0x47, 0xB2, 0xEC, 0x2B, 0x5C, 0x9D, 0x67, 0x76, + 0xBC, 0xD7, 0x9E, 0x5A, 0xC6, 0x4B, 0x79, 0x33, + 0xBD, 0xDE, 0xDE, 0xDD, 0xBB, 0xC7, 0x25, 0xBF, + 0xDB, 0xCC, 0xDE, 0x2F, 0xB3, 0x75, 0xAE, 0x2B, + 0xE3, 0x53, 0x7B, 0xDF, 0x89, 0xBF, 0x4C, 0x25, + 0xF8, 0x3A, 0x49, 0xD6, 0xA6, 0xA8, 0xD0, 0x76, + 0x1C, 0xF3, 0x9D, 0x62, 0x0C, 0x53, 0xED, 0x83, + 0x7D, 0x19, 0x82, 0x55, 0xCF, 0x5B, 0x91, 0x0A, + 0x6D, 0xB5, 0x78, 0x77, 0xDF, 0x92, 0xD8, 0xBB, + 0x6E, 0x9C, 0x52, 0x6B, 0x8C, 0x4E, 0xC9, 0x31, + 0x00, 0xDE, 0xE0, 0x50, 0x0A, 0x21, 0x0C, 0x98, + 0x45, 0x83, 0xE1, 0x53, 0x81, 0x60, 0xED, 0xAC, + 0x2C, 0x6F, 0x86, 0x6E, 0x7F, 0x5D, 0x99, 0xD7, + 0xB1, 0xB8, 0x15, 0x82, 0xF5, 0xD0, 0xEB, 0xBF, + 0x27, 0x86, 0xE3, 0xF5, 0x56, 0x01, 0x3B, 0xA9, + 0xB6, 0xF6, 0x56, 0xEB, 0x79, 0x88, 0x38, 0xEA, + 0x05, 0x79, 0x20, 0x1A, 0x95, 0xD5, 0x6B, 0xBC, + 0x3B, 0xCD, 0xB9, 0x51, 0x1A, 0xFB, 0xD4, 0xD8, + 0x12, 0x88, 0x89, 0x6F, 0x87, 0x10, 0x8C, 0x07, + 0x7F, 0x1A, 0x81, 0xA3, 0xBD, 0x29, 0x7B, 0xB1, + 0x24, 0xA8, 0x00, 0x86, 0x89, 0x02, 0x42, 0x99, + 0x5E, 0x03, 0xCF, 0x42, 0xA0, 0xC2, 0x1E, 0x27, + 0x2A, 0x9A, 0xFA, 0x1D, 0xC1, 0x03, 0x46, 0x3D, + 0x2A, 0xB4, 0x94, 0xF7, 0xD0, 0x17, 0x68, 0x6D, + 0x31, 0x89, 0x4D, 0xD2, 0xF6, 0xEB, 0xB0, 0xC3, + 0xCB, 0x62, 0x23, 0xEC, 0x79, 0xC6, 0x5D, 0x45, + 0xC1, 0xB0, 0xD4, 0xEF, 0x19, 0x61, 0xF1, 0x6D, + 0x65, 0x3F, 0xCF, 0x25, 0x97, 0x7B, 0x65, 0x1E, + 0xC5, 0x1A, 0x13, 0xAE, 0x8D, 0x4A, 0x34, 0x72, + 0xEE, 0x71, 0x96, 0x9A, 0x7A, 0x93, 0x6F, 0x5D, + 0xBB, 0xB9, 0x39, 0x6A, 0x46, 0xD9, 0x76, 0x42, + 0x35, 0x8C, 0xAF, 0x48, 0x94, 0xC9, 0xA6, 0xDF, + 0x84, 0xA5, 0x9C, 0x59, 0x62, 0xA6, 0x99, 0x0A, + 0x76, 0xF0, 0x61, 0x48, 0x90, 0x16, 0x9F, 0x00, + 0x18, 0x70, 0xD4, 0x9C, 0xF2, 0xE7, 0x50, 0x08, + 0xCC, 0x4A, 0x5D, 0x85, 0xE7, 0x2D, 0xE2, 0xD6, + 0xCF, 0x3F, 0xA7, 0x18, 0x52, 0x25, 0x35, 0x22, + 0xFE, 0x8B, 0x0E, 0x42, 0x3C, 0xB4, 0x17, 0xA3, + 0x8E, 0xB7, 0x8C, 0x87, 0x63, 0xC3, 0x72, 0x0C, + 0x04, 0xE6, 0x7F, 0xF8, 0x89, 0x79, 0xEB, 0xA0, + 0x9E, 0x34, 0x53, 0x8B, 0xB5, 0x23, 0xB9, 0x9B, + 0x8E, 0x34, 0x16, 0x74, 0x12, 0xF7, 0x7A, 0xEA, + 0x89, 0x4D, 0x83, 0xAC, 0xF9, 0x46, 0xFC, 0x05, + 0x4D, 0x0A, 0xF4, 0x72, 0x95, 0xE5, 0x1E, 0xD8, + 0x3F, 0x74, 0x86, 0x94, 0x0A, 0x4D, 0x41, 0xC0, + 0x4A, 0xD7, 0xEB, 0xEE, 0x61, 0x0B, 0xF1, 0xD0, + 0x3F, 0xA5, 0x40, 0x71, 0xD5, 0x1A, 0x15, 0x09, + 0xE4, 0xF4, 0x91, 0x63, 0xA2, 0x50, 0x81, 0xBE, + 0x87, 0x90, 0xD0, 0x87, 0xF5, 0xF4, 0xF0, 0x5C, + 0x88, 0x55, 0x0F, 0xCA, 0x9B, 0xF9, 0x9C, 0x9B, + 0xE5, 0x95, 0x3D, 0x51, 0xDD, 0x08, 0x45, 0xC9, + 0x3E, 0x41, 0xEE, 0xEF, 0x62, 0xE0, 0x79, 0x4B, + 0x29, 0x27, 0xC4, 0xF5, 0xED, 0x9B, 0xD3, 0xE3, + 0x4E, 0xA9, 0x20, 0x0A, 0x79, 0xDD, 0xEB, 0x4B, + 0x2D, 0x8F, 0x30, 0x5F, 0xE0, 0x5F, 0x82, 0x7C, + 0x7E, 0x2E, 0xD1, 0x86, 0x34, 0x1C, 0xB5, 0xD1, + 0x15, 0x2F, 0xC8, 0x01, 0x04, 0xE0, 0xE1, 0x36, + 0x83, 0xD9, 0x41, 0x29, 0x4C, 0x77, 0x84, 0x17, + 0x16, 0x4B, 0x68, 0x4A, 0x97, 0x6E, 0x56, 0xE7, + 0x8D, 0xA4, 0xD1, 0x7C, 0x3C, 0x73, 0x22, 0x93, + 0x14, 0x87, 0x0B, 0x85, 0xC4, 0x55, 0xC2, 0x3B, + 0x83, 0x0B, 0x9A, 0x28, 0xA3, 0xD8, 0xC0, 0xB5, + 0x66, 0x42, 0x6D, 0xC1, 0x69, 0xF3, 0x26, 0xAB, + 0xCE, 0x2E, 0xFF, 0xF3, 0x9E, 0x9B, 0x19, 0x9A, + 0xE5, 0xC1, 0x29, 0x2B, 0x6F, 0x2E, 0xF3, 0x7A, + 0xF1, 0xDE, 0xA9, 0x27, 0x2C, 0x8D, 0x54, 0x23, + 0xDF, 0x8A, 0x56, 0x32, 0xF9, 0x91, 0xE1, 0x4D, + 0xCA, 0x25, 0x14, 0x78, 0x8B, 0x62, 0xBE, 0x16, + 0x48, 0x28, 0xE9, 0xAC, 0xB8, 0x93, 0xDD, 0xA6, + 0x02, 0xA5, 0xE2, 0xFB, 0x9E, 0xFC, 0xBE, 0xFD, + 0x95, 0xAB, 0xFB, 0x82, 0xD2, 0xB0, 0x2D, 0x49, + 0xCC, 0x53, 0x08, 0x4A, 0x49, 0xAB, 0x1B, 0xEC, + 0x23, 0xE5, 0xB4, 0xC8, 0xE7, 0x14, 0xCB, 0x03, + 0x40, 0x5F, 0x1B, 0xCF, 0x7E, 0x11, 0xBB, 0x59, + 0x72, 0x9D, 0xDC, 0x0B, 0x7B, 0xEF, 0xB2, 0x91, + 0x27, 0x6D, 0xCE, 0xDA, 0xCA, 0xAD, 0x39, 0xA2, + 0xF0, 0x1C, 0x7D, 0xC9, 0x8B, 0x9E, 0x06, 0x5E, + 0xAF, 0xED, 0x1C, 0xC8, 0xCE, 0x3E, 0x84, 0x80, + 0x80, 0xA2, 0xFC, 0x5B, 0x98, 0xC9, 0xF6, 0xBF, + 0x50, 0x40, 0x27, 0x33, 0x42, 0xF0, 0x31, 0x2F, + 0x8B, 0x98, 0x44, 0x59, 0x4A, 0x50, 0x3D, 0xD3, + 0xE6, 0xAF, 0x1C, 0x9E, 0x35, 0xC1, 0x03, 0x2A, + 0x4A, 0x8A, 0x5E, 0x7B, 0xF3, 0x3A, 0x82, 0xF3, + 0x5E, 0x16, 0xED, 0xF8, 0xC6, 0x0C, 0x90, 0x02, + 0x1D, 0x8C, 0x0B, 0xA4, 0xC3, 0x86, 0x24, 0x5D, + 0xFE, 0xF0, 0x94, 0x48, 0x43, 0x1D, 0x8C, 0x00, + 0xD1, 0xE2, 0x6E, 0xE4, 0xD8, 0xC7, 0x7D, 0xAA, + 0x1A, 0x70, 0x5E, 0xD4, 0x79, 0x2A, 0xCB, 0x4E, + 0xA2, 0x7C, 0x15, 0x66, 0xFB, 0x56, 0x68, 0x3C, + 0x43, 0xBF, 0x67, 0x84, 0x2E, 0x67, 0x53, 0x4C, + 0xB3, 0xF9, 0x67, 0x7C, 0x8A, 0xB9, 0xD0, 0xEE, + 0xE7, 0x82, 0x7C, 0xDE, 0xFC, 0x22, 0x3A, 0xC9, + 0x48, 0xB8, 0x80, 0xB5, 0xF1, 0xCE, 0x95, 0x37, + 0x27, 0x29, 0x32, 0x00, 0x2C, 0x1A, 0x4D, 0xD2, + 0x18, 0xF5, 0x27, 0x16, 0x6E, 0xBF, 0xB2, 0xB2, + 0xFA, 0x2B, 0xF3, 0x72, 0x46, 0xEC, 0xDF, 0xDF, + 0xA7, 0x2B, 0x6D, 0xA1, 0x1C, 0x30, 0xD1, 0xC7, + 0xD2, 0x48, 0xAD, 0x64, 0x81, 0x8F, 0x69, 0x1D, + 0x59, 0xB7, 0x55, 0xDA, 0xF7, 0x1B, 0xED, 0x9A, + 0xB5, 0xFB, 0x52, 0xE0, 0x36, 0x22, 0xA9, 0x00, + 0xD6, 0x6B, 0x4C, 0x63, 0x84, 0x16, 0x9B, 0xDF, + 0x9E, 0xB6, 0x1C, 0x02, 0xDF, 0x45, 0xFB, 0x76, + 0xB1, 0xA2, 0x6F, 0x34, 0xE9, 0x38, 0xB1, 0x90, + 0x86, 0x17, 0x45, 0xC0, 0x21, 0xFA, 0x87, 0x62, + 0x00, 0xC7, 0xFC, 0x8E, 0x22, 0x2D, 0xDB, 0xFA, + 0xD8, 0xBE, 0x78, 0x1B, 0x18, 0x54, 0x24, 0xAA, + 0xAF, 0xC6, 0x58, 0x62, 0xDB, 0x13, 0x2B, 0xEC, + 0x6D, 0x18, 0x83, 0x7A, 0x1F, 0x58, 0xA8, 0x76, + 0xC9, 0x9E, 0x63, 0xF5, 0x14, 0x20, 0xB8, 0x3F, + 0x45, 0x96, 0x75, 0x61, 0x2F, 0x7A, 0xCF, 0x80, + 0xB4, 0xEB, 0x1D, 0xD0, 0x72, 0x1C, 0xAA, 0x1B, + 0x49, 0x70, 0xDA, 0x60, 0x86, 0x79, 0xC6, 0x38, + 0x3E, 0x81, 0x7F, 0xE1, 0x6B, 0x66, 0xB1, 0x91, + 0x81, 0xED, 0xFC, 0x39, 0x27, 0x0C, 0x7E, 0x91, + 0x7B, 0x1F, 0x10, 0xEB, 0x7A, 0x01, 0x19, 0x97, + 0xE9, 0x67, 0x85, 0x3B, 0x78, 0xE0, 0x0C, 0xFD, + 0x58, 0xD2, 0x24, 0xD9, 0x33, 0xCC, 0x5A, 0x99, + 0x55, 0x32, 0xDC, 0xD4, 0xE5, 0x32, 0xE4, 0x03, + 0x05, 0x15, 0xF4, 0xA0, 0x5B, 0x33, 0x1D, 0x57, + 0x5D, 0xDA, 0xC2, 0x9B, 0xAB, 0x06, 0x9F, 0x09, + 0xAF, 0x0D, 0x17, 0x33, 0x73, 0xDB, 0x1E, 0xC2, + 0xB6, 0x36, 0x6B, 0xB3, 0x71, 0x00, 0x8A, 0x23, + 0x86, 0xFD, 0x88, 0xBE, 0x77, 0xF5, 0xED, 0x5E, + 0x19, 0x8C, 0xBE, 0x88, 0xDF, 0x24, 0xBC, 0x6E, + 0x39, 0x3F, 0xEB, 0xC1, 0x0C, 0x47, 0x0A, 0x72, + 0xD4, 0x7C, 0x0F, 0x83, 0x46, 0x53, 0xC9, 0xAE, + 0x80, 0x0E, 0x89, 0x3C, 0x6B, 0xA6, 0x8E, 0xA2, + 0x8A, 0x83, 0x8F, 0xCB, 0xB6, 0x9C, 0x3E, 0x96, + 0x4A, 0x5F, 0xAF, 0xC2, 0x06, 0x7D, 0xD4, 0x06, + 0xB2, 0x57, 0xC9, 0x8D, 0xD3, 0x97, 0x9E, 0xC7, + 0xC7, 0xEC, 0xBE, 0x96, 0xA3, 0x3D, 0x85, 0x51, + 0x5D, 0xA2, 0xCB, 0x6A, 0xA5, 0xE1, 0xFF, 0xF2, + 0x04, 0xAF, 0x62, 0xDD, 0x41, 0x19, 0xA0, 0xE4, + 0x8C, 0x04, 0xA3, 0xF2, 0xB3, 0x86, 0x60, 0xF5, + 0x29, 0x64, 0xD8, 0xD4, 0xAE, 0xE1, 0x46, 0xA9, + 0xC5, 0x3C, 0x31, 0x90, 0x6D, 0xAD, 0x0F, 0xD9, + 0x0B, 0x5D, 0x83, 0xB3, 0xE3, 0x1B, 0x69, 0x0A, + 0x4C, 0x49, 0x35, 0x24, 0x99, 0x81, 0xBE, 0x1F, + 0x1A, 0x85, 0xEC, 0x6E, 0x0F, 0xEE, 0x4C, 0x88, + 0xF2, 0xD8, 0x9E, 0x29, 0x69, 0xAB, 0x8C, 0xBB, + 0xEB, 0x50, 0x19, 0x16, 0x55, 0x8D, 0x29, 0xEA, + 0x7C, 0x3E, 0xCF, 0x1C, 0x9E, 0xF1, 0xA0, 0x43, + 0x50, 0x63, 0x3B, 0x4C, 0xDA, 0x73, 0x7D, 0xFB, + 0x15, 0x1C, 0xB5, 0xE7, 0x36, 0x11, 0x73, 0xF3, + 0xAE, 0xDD, 0xDF, 0x52, 0x7D, 0x73, 0xF2, 0xF9, + 0xD5, 0xB6, 0x21, 0x3A, 0xA6, 0x8F, 0x88, 0x3E, + 0x9A, 0x26, 0x33, 0x78, 0x5E, 0xC6, 0xBE, 0x64, + 0x2A, 0x9F, 0xD0, 0xF2, 0x1A, 0x42, 0xF6, 0xB9, + 0xDA, 0xAB, 0xDC, 0xD1, 0xE6, 0xAD, 0xBE, 0xF6, + 0x48, 0x41, 0xB5, 0x96, 0x86, 0xEA, 0xE3, 0xEC, + 0x88, 0xEE, 0xF0, 0xA9, 0xCB, 0xC1, 0x2B, 0xC0, + 0x12, 0x62, 0x2D, 0xF2, 0xDD, 0x93, 0xA8, 0x62, + 0x29, 0x04, 0x4A, 0xF2, 0xF2, 0x60, 0xD2, 0x18, + 0x3F, 0x51, 0xE8, 0x33, 0xEE, 0x92, 0xD9, 0x8F, + 0x02, 0x51, 0xE3, 0xF8, 0x5F, 0xAB, 0x74, 0xCE, + 0x36, 0x7B, 0x8B, 0x7A, 0xA6, 0x3D, 0x3C, 0xF8, + 0xC8, 0xBF, 0x4D, 0x78, 0x35, 0x8B, 0xAE, 0x0A, + 0x02, 0x41, 0xE2, 0x10, 0xAC, 0x69, 0x35, 0x30, + 0x87, 0xCC, 0x73, 0x31, 0x35, 0x7E, 0xB4, 0x45, + 0x0F, 0x95, 0x09, 0xCF, 0xE5, 0x95, 0xF5, 0x40, + 0x32, 0xEE, 0x05, 0x77, 0x54, 0xA8, 0xED, 0xD7, + 0x46, 0xCB, 0x92, 0x82, 0xE7, 0x68, 0xDC, 0x6B, + 0x83, 0x0C, 0x5B, 0x4A, 0x21, 0x93, 0x43, 0xAD, + 0x12, 0x4E, 0xDB, 0x3B, 0xBC, 0x42, 0x50, 0x55, + 0x66, 0xA7, 0x03, 0x8C, 0x95, 0x9B, 0xC3, 0x55, + 0x85, 0xB6, 0x05, 0x5F, 0x19, 0x68, 0xDA, 0x24, + 0x3F, 0x77, 0x8F, 0x4E, 0x46, 0xDB, 0x46, 0x2A, + 0xBE, 0xB9, 0x3B, 0x81, 0x24, 0x3C, 0x31, 0xEB, + 0x59, 0x62, 0x2E, 0xDF, 0x81, 0xF0, 0x6C, 0xCC, + 0x61, 0xD2, 0xA6, 0xEA, 0x73, 0xE1, 0x09, 0xC3, + 0x87, 0x91, 0x5F, 0x27, 0x7B, 0xCF, 0x1F, 0xC1, + 0x11, 0x05, 0xBB, 0xA7, 0x02, 0x93, 0xC0, 0xFA, + 0xB5, 0xC0, 0x65, 0xF2, 0x3B, 0xAA, 0x19, 0x29, + 0x0A, 0x30, 0x2F, 0x08, 0x09, 0x11, 0x07, 0xA4, + 0xB1, 0xD5, 0x68, 0x85, 0x26, 0x22, 0x09, 0x83, + 0x83, 0x42, 0x77, 0x60, 0xEF, 0x8F, 0x29, 0x28, + 0x62, 0x5B, 0xDD, 0xA5, 0xF5, 0x14, 0xC5, 0xAD, + 0xE9, 0x59, 0x89, 0x1E, 0xF2, 0x95, 0x9F, 0x24, + 0x8A, 0x35, 0x32, 0xBF, 0x9D, 0x30, 0xE7, 0x14, + 0x05, 0x9E, 0xBD, 0xEC, 0x95, 0x87, 0x08, 0xF8, + 0xA8, 0x3C, 0x26, 0x8B, 0xEF, 0x26, 0x82, 0xD6, + 0x03, 0xCA, 0x88, 0x63, 0x47, 0xE1, 0x98, 0xFD, + 0x68, 0x23, 0x39, 0x99, 0xC7, 0x7D, 0x30, 0xD7, + 0x45, 0x5D, 0xE6, 0xBC, 0xFD, 0x01, 0x44, 0x27, + 0x70, 0x62, 0xB3, 0x04, 0xBE, 0xF0, 0xE3, 0x4C, + 0x5A, 0x9D, 0x8D, 0x78, 0x0D, 0x29, 0xEC, 0x23, + 0x21, 0xE0, 0x73, 0x40, 0x77, 0x1C, 0x46, 0x36, + 0x04, 0x83, 0xAD, 0xCA, 0xF1, 0x2D, 0x5B, 0x79, + 0xFD, 0xBF, 0xE2, 0x85, 0x6A, 0xCE, 0x88, 0x59, + 0xF6, 0xB1, 0x24, 0x14, 0xB3, 0xF7, 0xE8, 0xBB, + 0x58, 0x13, 0x49, 0x89, 0x60, 0xF3, 0x4F, 0xDC, + 0x64, 0xFC, 0x84, 0x85, 0x79, 0xCA, 0xF9, 0xDC, + 0xCF, 0x19, 0xB4, 0xFB, 0x82, 0x5E, 0xD5, 0x71, + 0x6D, 0xCC, 0xCD, 0x68, 0x72, 0xCB, 0xDE, 0x38, + 0x31, 0xD6, 0x73, 0x84, 0x94, 0x2C, 0xD8, 0xA9, + 0xEC, 0x4B, 0xBF, 0xEF, 0x57, 0x06, 0xB8, 0xF9, + 0xF0, 0x5F, 0xE1, 0xE8, 0xFE, 0x69, 0xD3, 0xEA, + 0x6A, 0x86, 0x21, 0xC2, 0x21, 0x44, 0x17, 0x7B, + 0x1C, 0x12, 0x59, 0xE1, 0xA7, 0x9D, 0xFD, 0xF8, + 0x97, 0x28, 0x88, 0x7B, 0xEF, 0x1A, 0x70, 0x48, + 0x25, 0x56, 0x83, 0x1B, 0x67, 0x24, 0x40, 0xE1, + 0x3F, 0xE3, 0xE3, 0xFC, 0x82, 0x04, 0xA0, 0x2E, + 0xA1, 0xEF, 0xF1, 0x9D, 0x95, 0x25, 0x38, 0x87, + 0x28, 0x5B, 0xFB, 0xEA, 0x16, 0xA0, 0xF2, 0x19, + 0xEF, 0xBC, 0xEC, 0x30, 0xA8, 0xAE, 0x86, 0x58, + 0x9A, 0x57, 0x03, 0x10, 0x3A, 0x8A, 0x39, 0x3F, + 0xA6, 0xF6, 0xB6, 0x57, 0x70, 0x4A, 0xC6, 0x77, + 0xC1, 0x4C, 0xD1, 0x0D, 0x3D, 0x62, 0xD1, 0x3F, + 0xBD, 0x37, 0x8C, 0x2D, 0xDA, 0x32, 0x5B, 0x61, + 0xB8, 0x59, 0x52, 0xD5, 0x12, 0x93, 0x87, 0x1E, + 0x1F, 0xCD, 0xC9, 0x48, 0xC7, 0x7B, 0xEA, 0xE9, + 0xA6, 0xF0, 0xE8, 0x7C, 0xE1, 0xA8, 0x05, 0x1C, + 0x8F, 0x80, 0x87, 0x68, 0x5C, 0x12, 0x62, 0x4B, + 0xDF, 0x58, 0x38, 0x0E, 0xD6, 0x6F, 0x55, 0xB4, + 0x3D, 0xDD, 0x6D, 0x36, 0x21, 0x73, 0xA5, 0xBD, + 0x38, 0x98, 0x59, 0xC1, 0x7D, 0x95, 0xEC, 0xE3, + 0xAB, 0x73, 0x26, 0x39, 0xFF, 0xE4, 0x51, 0xCD, + 0x10, 0x3E, 0xE4, 0x85, 0x4D, 0xB2, 0xF3, 0x96, + 0x14, 0xF6, 0x58, 0xBA, 0xA3, 0x84, 0xBC, 0x99, + 0x48, 0xD0, 0x71, 0x4E, 0xB4, 0x8A, 0x88, 0x71, + 0x43, 0xE7, 0xA1, 0xFA, 0x4B, 0x69, 0x0C, 0x22, + 0xB4, 0x92, 0xA7, 0x0C, 0x61, 0x2B, 0x59, 0xFF, + 0xD2, 0xD6, 0xB3, 0xB5, 0xE9, 0x9C, 0x20, 0x03, + 0xE2, 0xC3, 0x59, 0xB1, 0xE6, 0x2D, 0xCB, 0x62, + 0x0C, 0x7A, 0x24, 0x6A, 0x7B, 0x9B, 0x32, 0x46, + 0x13, 0x15, 0x56, 0xF2, 0xF3, 0xD5, 0x13, 0xA2, + 0x3C, 0x6A, 0x9F, 0xD2, 0x28, 0x0E, 0xD6, 0x86, + 0xD7, 0x67, 0xCC, 0xD0, 0x17, 0x54, 0xEB, 0x4C, + 0x99, 0x69, 0x2F, 0x2B, 0x38, 0x0C, 0x36, 0x08, + 0x13, 0x44, 0xC1, 0xD3, 0x5E, 0xE1, 0x94, 0x97, + 0x36, 0xB6, 0x97, 0x6F, 0x48, 0x52, 0xCF, 0xBE, + 0x64, 0xFA, 0xBC, 0xF1, 0x1B, 0x9A, 0xFB, 0x82, + 0x85, 0x76, 0xB4, 0xF9, 0x78, 0x7A, 0xA7, 0xD0, + 0x3E, 0x84, 0x59, 0x8A, 0x71, 0x43, 0xEF, 0x73, + 0x11, 0xFA, 0xF2, 0x97, 0x0E, 0x23, 0xED, 0x4C, + 0x17, 0x3F, 0x98, 0x5D, 0x64, 0x50, 0x16, 0x5A, + 0xE3, 0xE2, 0x41, 0xA1, 0x82, 0x34, 0xE7, 0x4F, + 0xF3, 0xDD, 0xB9, 0x21, 0xA5, 0x30, 0x0B, 0x1C, + 0x4F, 0xB6, 0xE4, 0x32, 0xE6, 0x98, 0xF5, 0x3F, + 0x66, 0xE3, 0x8C, 0x07, 0xBC, 0xD6, 0xE7, 0x76, + 0x05, 0xDF, 0x46, 0x24, 0xD5, 0x79, 0x07, 0x62, + 0x92, 0xDE, 0x1C, 0xE6, 0xFC, 0x6F, 0x00, 0x81, + 0xA3, 0x8B, 0xD9, 0x2D, 0x39, 0xB2, 0x4B, 0x73, + 0xBA, 0xC1, 0xC5, 0x2B, 0xD6, 0x8E, 0x91, 0x81, + 0xD3, 0xDC, 0xD0, 0xAC, 0x75, 0x34, 0xDB, 0x48, + 0x90, 0x1E, 0x59, 0x84, 0xF9, 0x90, 0x25, 0x57, + 0xBF, 0xA2, 0x31, 0xB2, 0xEA, 0x28, 0xC3, 0x18, + 0x32, 0x62, 0xA1, 0xB2, 0x22, 0x1F, 0x74, 0x26, + 0xEA, 0x88, 0xA5, 0x81, 0x60, 0x93, 0xA5, 0xCA, + 0xE2, 0xCD, 0x5D, 0x59, 0xA9, 0x39, 0x0F, 0xC9, + 0x3A, 0x29, 0x56, 0x94, 0x4B, 0x06, 0x4C, 0xF0, + 0x13, 0xBC, 0xDB, 0x67, 0xFB, 0x42, 0x3D, 0x13, + 0x28, 0xD2, 0xC6, 0xD7, 0xBA, 0x32, 0x90, 0x13, + 0xFA, 0x2D, 0x30, 0xEF, 0xD6, 0x9F, 0xDC, 0xA1, + 0xA9, 0x5E, 0xA6, 0xD0, 0x6C, 0x73, 0x63, 0x53, + 0x4B, 0x2F, 0x3F, 0x7D, 0xAA, 0xFA, 0x29, 0x6E, + 0xAA, 0x09, 0xB3, 0x66, 0x8E, 0x9C, 0xF8, 0x2D, + 0x9B, 0xA9, 0x59, 0xB3, 0x2F, 0x3C, 0xAD, 0x3C, + 0x10, 0xC6, 0xEA, 0x48, 0x61, 0x15, 0x54, 0x53, + 0x9C, 0x37, 0xDF, 0x6B, 0xCA, 0x33, 0x85, 0xEA, + 0xD3, 0xFC, 0xFF, 0x96, 0xD3, 0x72, 0xB4, 0x23, + 0x93, 0xB7, 0x3C, 0x8D, 0xAA, 0xAA, 0x31, 0x50, + 0x6E, 0xE0, 0x52, 0x7B, 0x7F, 0xB3, 0xE5, 0x93, + 0xDC, 0xCC, 0xA5, 0x7C, 0x8F, 0xBB, 0xD4, 0xA3, + 0xC7, 0xF8, 0xA5, 0x38, 0x99, 0x86, 0x91, 0x32, + 0xFB, 0xC3, 0xE4, 0x05, 0x06, 0x07, 0xBB, 0xFE, + 0x29, 0xC6, 0x75, 0xE3, 0x94, 0x5E, 0x74, 0xA3, + 0x1C, 0xD5, 0x31, 0xBA, 0x7A, 0xEB, 0x2E, 0x2F, + 0x0C, 0xD9, 0x90, 0xB8, 0xF9, 0x83, 0xA9, 0x0D, + 0xFE, 0xA0, 0x56, 0x8F, 0x06, 0x77, 0xEA, 0x95, + 0x63, 0xF7, 0xC4, 0x79, 0xDE, 0x96, 0x89, 0x40, + 0xCF, 0x24, 0x29, 0x92, 0x69, 0x28, 0x65, 0xCF, + 0xDA, 0x89, 0xFA, 0x07, 0x8B, 0xBE, 0xF4, 0x9C, + 0xE4, 0x57, 0x5B, 0xDF, 0xB3, 0x80, 0x36, 0x60, + 0x11, 0xC8, 0x43, 0x5F, 0x12, 0xB4, 0x2D, 0x9A, + 0xB9, 0x9A, 0xB6, 0xA3, 0x19, 0x12, 0xC4, 0x35, + 0x41, 0x49, 0xD7, 0x23, 0x10, 0x1D, 0x13, 0x65, + 0xA6, 0x5E, 0x7C, 0xC6, 0x8D, 0x82, 0xE3, 0x05, + 0x17, 0x77, 0x39, 0x02, 0xFB, 0x38, 0xDD, 0xA2, + 0xB3, 0x24, 0xE7, 0x20, 0x8E, 0x98, 0x7E, 0xD2, + 0x87, 0xD0, 0x92, 0xE7, 0x66, 0x2A, 0x43, 0x02, + 0x41, 0xBF, 0xCA, 0x55, 0x2D, 0x31, 0x41, 0x27, + 0xE3, 0x8C, 0x85, 0x97, 0xA8, 0x95, 0x19, 0xD4, + 0xF1, 0xE6, 0x2A, 0x79, 0x46, 0x5A, 0xD5, 0xF4, + 0xEA, 0xA3, 0xFA, 0x77, 0xCD, 0x98, 0x32, 0x6D, + 0x2F, 0x92, 0xCE, 0x98, 0x52, 0x05, 0x5C, 0xEC, + 0xCF, 0x62, 0xD6, 0x3C, 0xB9, 0xD7, 0xF1, 0x98, + 0xAE, 0x08, 0x5E, 0x4D, 0x45, 0xC8, 0xE4, 0x8F, + 0xCF, 0xFE, 0x59, 0x3A, 0xD6, 0x52, 0xD9, 0x15, + 0x41, 0x67, 0xBF, 0x3E, 0x61, 0x95, 0x81, 0x0A, + 0x44, 0x5A, 0xE1, 0x58, 0xF1, 0xF9, 0xA6, 0x79, + 0x33, 0x63, 0xAF, 0xC1, 0xF2, 0x2C, 0xA8, 0x82, + 0xFE, 0xED, 0x3A, 0x5F, 0x57, 0x27, 0xCA, 0x76, + 0x47, 0x7C, 0x5F, 0x23, 0xF0, 0xFC, 0x87, 0x00, + 0xCD, 0xC6, 0xA5, 0xBC, 0xB2, 0xB2, 0x0B, 0x4F, + 0x92, 0x66, 0x35, 0x1D, 0x30, 0x4A, 0x96, 0xA8, + 0x2B, 0xF5, 0xF3, 0x14, 0xAF, 0x68, 0x5C, 0x1C, + 0x70, 0x7C, 0x92, 0xE3, 0xE8, 0x47, 0xB7, 0x04, + 0x7D, 0x68, 0x9C, 0x70, 0xB2, 0x5E, 0x55, 0x01, + 0xCA, 0xEC, 0x99, 0x19, 0x62, 0x6F, 0x4A, 0x0F, + 0xC8, 0x15, 0x86, 0xAF, 0x1E, 0xC8, 0x88, 0x89, + 0xB4, 0x23, 0x38, 0x7D, 0x5D, 0x95, 0x48, 0x26, + 0x18, 0xA6, 0x50, 0xE8, 0x0B, 0x53, 0xB0, 0x7C, + 0xAC, 0xE3, 0x22, 0x89, 0x40, 0x60, 0x2E, 0x3D, + 0xB4, 0x74, 0x66, 0xCE, 0x9B, 0xCC, 0xB6, 0xE4, + 0xD8, 0xAA, 0x61, 0xC8, 0x91, 0x25, 0x83, 0xE8, + 0x10, 0xB3, 0xB2, 0xE7, 0xE9, 0xCB, 0x48, 0xBD, + 0x40, 0x3E, 0xCF, 0x08, 0xD2, 0x8C, 0x70, 0xAE, + 0x0B, 0x62, 0x08, 0x59, 0xC1, 0xF0, 0x9B, 0x61, + 0x13, 0x14, 0x04, 0xC3, 0xD5, 0xBF, 0xFC, 0xD8, + 0x60, 0xE0, 0xF4, 0x2A, 0xB2, 0x99, 0x00, 0x62, + 0x30, 0xB2, 0x87, 0x6D, 0x77, 0xDD, 0xA9, 0x1C, + 0x8C, 0x62, 0xBD, 0x93, 0xA8, 0x44, 0xE4, 0xB3, + 0x44, 0xE3, 0x25, 0x5E, 0xEA, 0x53, 0x1C, 0x6C, + 0x45, 0x8D, 0x04, 0xAB, 0xDB, 0x0F, 0xAE, 0xF2, + 0xD1, 0xC0, 0xB4, 0xC5, 0x5F, 0x57, 0x0A, 0x5A, + 0x51, 0x02, 0x3F, 0x4D, 0x4E, 0xFF, 0xF5, 0x9F, + 0x9A, 0xBE, 0x17, 0x92, 0x2F, 0xE7, 0x32, 0xCA, + 0x71, 0xBC, 0xD4, 0x34, 0xAD, 0x77, 0x10, 0xB8, + 0x4C, 0xD4, 0xAC, 0x9F, 0x25, 0x07, 0xA0, 0x68, + 0x26, 0x56, 0x2A, 0xD7, 0xF6, 0x47, 0x82, 0x6F, + 0x9D, 0xBB, 0xE4, 0xED, 0xD2, 0x3F, 0x12, 0x43, + 0x69, 0xDB, 0x85, 0x26, 0xFC, 0x2B, 0x4D, 0x52, + 0xF0, 0x74, 0x14, 0x15, 0xF9, 0x72, 0xBE, 0xF6, + 0xA9, 0x35, 0xBD, 0x81, 0x2A, 0x56, 0xC8, 0x22, + 0x1B, 0x7D, 0xEF, 0x0F, 0x51, 0x06, 0xBC, 0x01, + 0xE9, 0x13, 0xE3, 0xD4, 0x3D, 0xB8, 0x6C, 0x2B, + 0xB4, 0xC7, 0xE0, 0x76, 0x26, 0x63, 0xC6, 0xDE, + 0x78, 0x87, 0x21, 0xC2, 0xAA, 0x07, 0xF8, 0x95, + 0x48, 0x87, 0xE2, 0x14, 0x2F, 0x2E, 0x91, 0x4A, + 0x09, 0x9E, 0xFC, 0x0A, 0xEE, 0x13, 0x39, 0x21, + 0x0D, 0x3E, 0x53, 0xDA, 0x3E, 0xCF, 0x88, 0x62, + 0x4B, 0x11, 0x19, 0xBE, 0x34, 0x01, 0x0B, 0x88, + 0x6C, 0x80, 0xF5, 0x1D, 0x18, 0x50, 0x83, 0x8F, + 0x21, 0x50, 0xE7, 0x2B, 0x04, 0x2A, 0xF3, 0x28, + 0x99, 0xC0, 0xD3, 0xD7, 0xB0, 0x2A, 0x57, 0xF8, + 0xCF, 0x26, 0x3A, 0x36, 0x95, 0x62, 0xE4, 0xE9, + 0x45, 0xA3, 0x12, 0x82, 0xA5, 0x02, 0xA9, 0x5E, + 0xE9, 0xBB, 0x03, 0x16, 0xC6, 0x86, 0x10, 0x06, + 0xDA, 0xC1, 0x7F, 0x93, 0x6F, 0x54, 0xC4, 0xC7 + }; +#endif /* WOLFSSL_NO_ML_DSA_87 */ +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT +#ifndef WOLFSSL_NO_ML_DSA_44 + static const byte seed_44_draft[] = { + 0xBA, 0xC0, 0x59, 0x52, 0x75, 0x5B, 0x26, 0x47, + 0x01, 0xCA, 0x7D, 0x80, 0x6D, 0xFA, 0x08, 0x35, + 0x10, 0x28, 0xF6, 0x7B, 0x0E, 0x83, 0xC4, 0x24, + 0x01, 0x6F, 0x66, 0xCC, 0x83, 0x87, 0xD4, 0x69 + }; + static const byte pk_44_draft[] = { + 0x86, 0xF0, 0x0C, 0x20, 0xE0, 0xDA, 0xEE, 0x5E, + 0x1E, 0xDE, 0x71, 0x39, 0x49, 0x0C, 0xC8, 0xCF, + 0xEF, 0xC9, 0xAB, 0x62, 0x3B, 0x8D, 0xEF, 0x0B, + 0xD8, 0x03, 0x12, 0x5B, 0x4A, 0xB2, 0x83, 0x61, + 0xED, 0x7E, 0xA9, 0xED, 0x2D, 0xED, 0x5A, 0x71, + 0xDD, 0xAE, 0x4A, 0x06, 0xE0, 0x2A, 0x5A, 0xAF, + 0x99, 0x69, 0x89, 0xC6, 0xAF, 0xE3, 0x2A, 0xFE, + 0x3D, 0x6E, 0x0A, 0x46, 0x71, 0x48, 0xD7, 0x17, + 0x99, 0x20, 0x01, 0x78, 0xD5, 0x8B, 0x40, 0xCB, + 0x81, 0xA0, 0x33, 0x38, 0xAE, 0x2B, 0x83, 0x4A, + 0xFD, 0x5F, 0xE0, 0xB7, 0xEE, 0xA0, 0xC4, 0x3D, + 0xB6, 0xA4, 0xD5, 0x59, 0x4B, 0xDD, 0x87, 0x1A, + 0xFC, 0x03, 0x30, 0xA0, 0xB3, 0xAD, 0x75, 0x3C, + 0xD4, 0x47, 0x72, 0x59, 0xCE, 0xB7, 0x80, 0xFD, + 0x34, 0x35, 0x5E, 0x96, 0xC8, 0x42, 0xD9, 0xDD, + 0x6C, 0xF1, 0xAB, 0xEF, 0x48, 0xD1, 0xA8, 0x02, + 0x02, 0x0F, 0x5B, 0x71, 0x4D, 0x36, 0x1E, 0x0D, + 0xC2, 0x09, 0x46, 0x7B, 0xF9, 0xEA, 0x24, 0x8F, + 0x7C, 0xCF, 0xB8, 0x9C, 0xF7, 0x49, 0x15, 0x8E, + 0x16, 0x49, 0x7E, 0xC5, 0x54, 0xF5, 0x03, 0x1D, + 0x16, 0x12, 0x02, 0x72, 0x1B, 0x38, 0x2D, 0x58, + 0x53, 0x15, 0x5E, 0xB6, 0x72, 0xCC, 0xA1, 0x09, + 0xB0, 0x2F, 0x10, 0xFA, 0x21, 0x45, 0x46, 0x37, + 0xD4, 0xFA, 0x7F, 0xFB, 0xB0, 0xD9, 0x20, 0xE2, + 0xCB, 0x56, 0xB3, 0x1E, 0xDF, 0x82, 0x67, 0x25, + 0x09, 0xD1, 0x8F, 0xFF, 0xE0, 0x43, 0xBD, 0x37, + 0x2B, 0x73, 0x0E, 0x13, 0x08, 0xC9, 0x49, 0x88, + 0x69, 0x69, 0xD9, 0x8C, 0x86, 0xE4, 0x7E, 0x63, + 0x35, 0xC5, 0xE1, 0xD0, 0x14, 0x9A, 0x89, 0x27, + 0x28, 0x17, 0xB0, 0x5B, 0x7A, 0x8F, 0xDD, 0x72, + 0x8B, 0x0A, 0x0D, 0x49, 0x58, 0x59, 0x2F, 0x0D, + 0x8F, 0x3D, 0x16, 0xCE, 0x7B, 0x11, 0xC7, 0x06, + 0x5D, 0xD5, 0x6D, 0x7B, 0x96, 0xED, 0x1E, 0x1A, + 0xF4, 0x10, 0x85, 0xDA, 0xDE, 0x84, 0x2F, 0x2B, + 0xBA, 0xFB, 0xA2, 0x5F, 0x33, 0x7D, 0x7C, 0x18, + 0x6B, 0xDF, 0x43, 0x3C, 0xE9, 0xEB, 0xB4, 0xC5, + 0x8E, 0x52, 0xF5, 0x7E, 0x4C, 0x3E, 0x6A, 0x33, + 0x41, 0x4C, 0x14, 0x05, 0x8E, 0x2C, 0x19, 0x0E, + 0x86, 0x91, 0x66, 0xDE, 0xF6, 0x4B, 0x35, 0xC2, + 0xDF, 0x3D, 0x4C, 0x7B, 0xC5, 0x58, 0x5E, 0x86, + 0x89, 0x6A, 0xFC, 0x86, 0x48, 0x75, 0xD1, 0x18, + 0xD1, 0xCB, 0x41, 0xC0, 0xF6, 0xD8, 0x87, 0x79, + 0xD9, 0xA2, 0x56, 0x2E, 0x83, 0x26, 0x11, 0xC1, + 0x4B, 0x53, 0x37, 0x85, 0x62, 0xFF, 0x6A, 0x67, + 0xFD, 0x18, 0x79, 0xD7, 0x55, 0x9B, 0xF7, 0x64, + 0xA9, 0x21, 0xB6, 0x1B, 0xF6, 0x11, 0x85, 0xF8, + 0xC0, 0x68, 0xDE, 0x61, 0x0C, 0x61, 0x7E, 0x8E, + 0xED, 0x9E, 0x58, 0x84, 0x16, 0x1A, 0x28, 0xC5, + 0x41, 0x63, 0xB3, 0xF0, 0x82, 0xAA, 0xE8, 0x36, + 0x81, 0x5C, 0xD3, 0xB7, 0xFB, 0x92, 0xF4, 0x7A, + 0x1E, 0x85, 0xA2, 0xB7, 0x21, 0xD5, 0xFA, 0xC8, + 0xE8, 0x02, 0x43, 0x5B, 0x56, 0x42, 0x03, 0x17, + 0x67, 0xEE, 0x3E, 0x31, 0x23, 0x63, 0xC7, 0x33, + 0x95, 0xDE, 0x07, 0xF6, 0x11, 0x3A, 0x2C, 0x3F, + 0x7B, 0xBB, 0x2D, 0x5C, 0x23, 0xF9, 0x2F, 0x9C, + 0x51, 0x19, 0x9F, 0x35, 0xC3, 0x18, 0x9F, 0x83, + 0x6E, 0xA8, 0x03, 0xF1, 0x79, 0x1F, 0xB0, 0xC8, + 0x2F, 0xF4, 0x2E, 0x9A, 0x26, 0xF3, 0x44, 0x02, + 0x8F, 0x45, 0x8B, 0xB0, 0x25, 0x1D, 0xF2, 0xD4, + 0x55, 0xB7, 0x65, 0xEF, 0xDB, 0x3D, 0x8E, 0x92, + 0xC8, 0xA0, 0x63, 0x4C, 0x38, 0xA3, 0x54, 0xD3, + 0xC2, 0x5A, 0x2A, 0x6A, 0x15, 0x27, 0x2A, 0xE2, + 0xFC, 0x25, 0xB6, 0xC8, 0x68, 0xEB, 0xED, 0x2D, + 0x23, 0xE8, 0x6D, 0x5C, 0xDD, 0x3F, 0x18, 0xB4, + 0x6E, 0x79, 0x36, 0xC9, 0x1C, 0xB4, 0x92, 0x41, + 0xAD, 0x35, 0xD4, 0x15, 0xE4, 0x64, 0x1C, 0x51, + 0xCB, 0x0C, 0x41, 0xB7, 0xFD, 0xC1, 0x09, 0x3E, + 0xD2, 0x4D, 0x38, 0x88, 0x77, 0x1C, 0x71, 0x91, + 0x74, 0xD3, 0x28, 0xE0, 0xCE, 0x9A, 0x11, 0x8D, + 0xBF, 0x4D, 0x8D, 0xF0, 0x44, 0xF6, 0x79, 0xFC, + 0x4C, 0xAD, 0x17, 0x88, 0xC0, 0x8C, 0x0B, 0x7A, + 0x90, 0x01, 0x53, 0x6C, 0x6B, 0x44, 0xF6, 0xE5, + 0x2E, 0xEC, 0x44, 0x4F, 0xB8, 0x9B, 0x10, 0xBE, + 0xCF, 0x55, 0x55, 0x29, 0x83, 0xB8, 0xD0, 0x25, + 0x5B, 0xCE, 0x8F, 0xA5, 0xB7, 0x6C, 0xA7, 0x47, + 0x65, 0xA9, 0xE9, 0x9B, 0xA5, 0xBC, 0x28, 0x1D, + 0x9F, 0x1F, 0x5E, 0x97, 0x42, 0x10, 0x84, 0x92, + 0xFB, 0x38, 0x0B, 0x2E, 0xAC, 0x79, 0x0A, 0x7D, + 0x00, 0x2C, 0x35, 0xD0, 0x54, 0x0D, 0x28, 0xE7, + 0xAB, 0x06, 0x02, 0xDA, 0x89, 0xA3, 0x06, 0x8E, + 0x13, 0x9A, 0xA7, 0xCA, 0x48, 0x09, 0xB0, 0x48, + 0x37, 0x08, 0xA7, 0x7D, 0xDA, 0xEB, 0x58, 0x64, + 0x39, 0xB3, 0xF3, 0xB2, 0x4C, 0x00, 0x4B, 0xCB, + 0x94, 0x36, 0xD4, 0x7C, 0x73, 0x45, 0xC8, 0x93, + 0xE5, 0x2A, 0x11, 0xF0, 0xEF, 0x0C, 0xED, 0x5F, + 0x8B, 0x0C, 0x86, 0xAD, 0x3A, 0x01, 0x07, 0x1A, + 0xC0, 0x34, 0xE8, 0x74, 0x21, 0x27, 0x73, 0x56, + 0x93, 0x76, 0x5D, 0x80, 0x59, 0xB4, 0xA4, 0xDC, + 0x80, 0xE7, 0xCE, 0x70, 0x0E, 0x0F, 0xEC, 0x56, + 0x42, 0x6E, 0x9C, 0x76, 0x3D, 0xF6, 0xB4, 0x41, + 0xE2, 0x3E, 0xAC, 0x25, 0xE7, 0x86, 0xA7, 0xA7, + 0x0A, 0x0D, 0x5D, 0x04, 0x1F, 0x45, 0xD4, 0x5B, + 0x42, 0x38, 0x4C, 0x60, 0xE7, 0xB7, 0x0D, 0xC7, + 0x28, 0x4F, 0xA5, 0x4E, 0x0C, 0x1B, 0xC4, 0xDA, + 0x50, 0x1A, 0xA0, 0x93, 0xAE, 0x10, 0x9A, 0x1A, + 0xC8, 0xC6, 0x56, 0xFC, 0x0A, 0xEA, 0x89, 0x3A, + 0x28, 0x21, 0xE9, 0x52, 0x9D, 0xEB, 0x07, 0x68, + 0xC1, 0x57, 0x32, 0x25, 0x1F, 0x93, 0x5D, 0x35, + 0xB2, 0x4B, 0x58, 0x30, 0xAF, 0x51, 0xC6, 0x7D, + 0x47, 0xD1, 0xA2, 0xAD, 0xDE, 0x75, 0x48, 0x84, + 0x74, 0x19, 0x74, 0x18, 0xA0, 0x2C, 0xD8, 0xB2, + 0xFE, 0x44, 0x78, 0x95, 0x6A, 0xBF, 0x56, 0x4D, + 0x20, 0x79, 0xE7, 0xE2, 0xE3, 0x56, 0x69, 0xB3, + 0xFA, 0xE1, 0xEB, 0xE6, 0x11, 0xAC, 0x18, 0xB3, + 0x98, 0xC1, 0x04, 0x20, 0x96, 0x4B, 0xAD, 0xDE, + 0x5B, 0x18, 0xEB, 0x7B, 0xBC, 0x15, 0x11, 0x57, + 0x29, 0x10, 0xE5, 0x80, 0x78, 0x4A, 0xF0, 0x87, + 0xF6, 0xD1, 0x3C, 0x23, 0xC5, 0xF4, 0x2D, 0xD7, + 0xAB, 0xA4, 0xD7, 0xB8, 0x45, 0x8E, 0x04, 0x1B, + 0x78, 0x59, 0x9F, 0x81, 0xE6, 0x04, 0xDF, 0x70, + 0x2B, 0x14, 0x74, 0x16, 0x49, 0xDA, 0xF0, 0xE1, + 0xC8, 0x29, 0xCC, 0x87, 0x8C, 0x2F, 0xFB, 0x18, + 0x3B, 0x47, 0xFC, 0x79, 0x04, 0x84, 0xCB, 0x0A, + 0xD2, 0x64, 0xBF, 0x86, 0xEA, 0x01, 0xAC, 0xE0, + 0xBD, 0xEC, 0x3B, 0xE1, 0xA7, 0x6C, 0xDE, 0x1D, + 0x58, 0x76, 0xCC, 0x53, 0x9E, 0xF6, 0xC6, 0xD4, + 0x2C, 0x87, 0x92, 0xA2, 0x89, 0x27, 0x31, 0x33, + 0x01, 0xA5, 0xA2, 0xE8, 0x8F, 0x13, 0x19, 0x0F, + 0xFD, 0x73, 0xB9, 0x91, 0xBD, 0xB8, 0x80, 0x9A, + 0xA3, 0xB1, 0x21, 0x6C, 0x91, 0x13, 0x8A, 0xAE, + 0xC7, 0xCB, 0x67, 0x14, 0xD1, 0xC0, 0x28, 0x89, + 0x04, 0x8C, 0x9F, 0xDE, 0xA0, 0x9A, 0x99, 0xA8, + 0x61, 0xE6, 0x8F, 0x8E, 0x39, 0xEF, 0x6B, 0x5E, + 0x84, 0x5F, 0x5D, 0x24, 0x37, 0x73, 0x9D, 0x75, + 0xC4, 0xEF, 0xE2, 0xA1, 0xF2, 0xBC, 0x0D, 0xE1, + 0x0D, 0xEC, 0xFA, 0xEE, 0xC1, 0x63, 0xC8, 0x2E, + 0x7D, 0x85, 0x65, 0xC3, 0xF2, 0x0D, 0x8B, 0x73, + 0xF9, 0x3B, 0x0B, 0x3D, 0x49, 0x8B, 0xFB, 0x16, + 0x5B, 0x75, 0x48, 0x9B, 0x56, 0x0A, 0x83, 0x4C, + 0x0D, 0x13, 0xB2, 0xB4, 0x25, 0xC7, 0x2C, 0xCB, + 0xA7, 0x9E, 0xCA, 0x41, 0x44, 0x14, 0x9A, 0x03, + 0xD3, 0x01, 0x8C, 0xB0, 0xD5, 0xA9, 0x36, 0xA4, + 0x16, 0x21, 0x49, 0x0A, 0x99, 0xA1, 0x89, 0xA5, + 0x91, 0x10, 0xA2, 0x1B, 0x3F, 0x98, 0x1E, 0x1C, + 0x43, 0xAA, 0x9C, 0x16, 0x5A, 0xF0, 0x18, 0x64, + 0x0F, 0x6A, 0xE3, 0x97, 0x83, 0x31, 0x4E, 0x84, + 0xC9, 0xEA, 0xD8, 0x9F, 0xEA, 0x9E, 0xD6, 0xF2, + 0x0E, 0x15, 0xA5, 0x48, 0x15, 0x8B, 0x10, 0x1D, + 0x77, 0x78, 0x1B, 0x54, 0x03, 0xC1, 0x2C, 0xB1, + 0xC8, 0x22, 0x11, 0x9D, 0xB8, 0x82, 0x94, 0x26, + 0xA0, 0xED, 0x6C, 0xAD, 0xA8, 0x03, 0xC2, 0xED, + 0x02, 0x74, 0x3E, 0x54, 0xBD, 0x77, 0xA6, 0x0B, + 0x37, 0xFE, 0x04, 0xCD, 0x25, 0x10, 0x2D, 0x52, + 0xC2, 0xD4, 0x5B, 0x9B, 0xAE, 0xFE, 0x35, 0x73, + 0x16, 0x61, 0x84, 0x25, 0x1D, 0xBE, 0x95, 0x34, + 0xA4, 0xF6, 0xB9, 0xA4, 0xF9, 0xAA, 0x5D, 0x1E, + 0x49, 0xBB, 0x19, 0xD9, 0x64, 0xD7, 0x48, 0x1A, + 0x0A, 0x93, 0xC3, 0x69, 0x13, 0x12, 0x68, 0xBB, + 0x97, 0x97, 0xBD, 0x99, 0x69, 0xCE, 0xE6, 0xF5, + 0x84, 0x7B, 0xCC, 0xE4, 0x7D, 0xD3, 0xCD, 0x8A, + 0x7A, 0x4B, 0x98, 0xF4, 0x09, 0x9D, 0xEA, 0x5D, + 0x4E, 0x1F, 0xE1, 0x1E, 0x6C, 0x48, 0xD3, 0x5E, + 0x67, 0xD9, 0xFF, 0x64, 0x4D, 0xA7, 0x64, 0x7A, + 0x01, 0xB2, 0xE9, 0x63, 0x14, 0x10, 0xB7, 0x08, + 0x0C, 0xF9, 0x4D, 0x66, 0x48, 0x46, 0xE3, 0xC2, + 0x48, 0x6B, 0x47, 0xCE, 0x00, 0x98, 0x92, 0x83, + 0xF7, 0xE0, 0x1F, 0x96, 0xFA, 0x53, 0xD5, 0x49, + 0x1C, 0xC7, 0x89, 0xB4, 0xA5, 0x4B, 0x63, 0xBF, + 0xD2, 0x00, 0x79, 0xDD, 0xC1, 0x60, 0xAA, 0xF2, + 0x0F, 0x47, 0xB9, 0x4F, 0x8A, 0x66, 0x05, 0x3D, + 0x96, 0x36, 0x64, 0x48, 0x5F, 0x7E, 0x56, 0x2B, + 0xB3, 0x47, 0xE2, 0x76, 0x64, 0x21, 0x65, 0x34, + 0xFC, 0xDD, 0x2D, 0x4C, 0xE2, 0x99, 0x33, 0x04, + 0xE4, 0x26, 0x15, 0x37, 0x6C, 0x32, 0xB9, 0x17 + }; + static const byte sk_44_draft[] = { + 0x86, 0xF0, 0x0C, 0x20, 0xE0, 0xDA, 0xEE, 0x5E, + 0x1E, 0xDE, 0x71, 0x39, 0x49, 0x0C, 0xC8, 0xCF, + 0xEF, 0xC9, 0xAB, 0x62, 0x3B, 0x8D, 0xEF, 0x0B, + 0xD8, 0x03, 0x12, 0x5B, 0x4A, 0xB2, 0x83, 0x61, + 0x73, 0x61, 0x49, 0x01, 0x0F, 0x94, 0x08, 0x30, + 0x26, 0x02, 0x12, 0x63, 0x64, 0x15, 0x7A, 0x4D, + 0xBA, 0xF5, 0x25, 0xA7, 0xAA, 0x0B, 0x7C, 0x3D, + 0xCE, 0x05, 0x91, 0x95, 0xEF, 0x17, 0x2F, 0xE2, + 0x5A, 0x03, 0x5E, 0x2E, 0x4D, 0xFA, 0xE7, 0x5F, + 0xCD, 0x61, 0x34, 0xFB, 0x3D, 0x3C, 0x5C, 0x60, + 0x1A, 0x6F, 0x09, 0xB5, 0x9D, 0xDD, 0x90, 0x53, + 0xF6, 0x89, 0x50, 0xC2, 0xE1, 0xED, 0x0A, 0x61, + 0x8F, 0xFA, 0xDC, 0x2D, 0xB2, 0x8B, 0xA1, 0x56, + 0xAC, 0x5E, 0x0E, 0xF1, 0x3B, 0x1E, 0x22, 0x9F, + 0xAA, 0x05, 0x96, 0xA3, 0x5E, 0x44, 0x86, 0xA8, + 0xBA, 0x15, 0xD1, 0x11, 0x7D, 0xAA, 0xD0, 0xAA, + 0x01, 0x27, 0x25, 0x04, 0x82, 0x89, 0xA4, 0x22, + 0x2E, 0xDB, 0x80, 0x45, 0xD2, 0x30, 0x45, 0x59, + 0x16, 0x64, 0xE2, 0x08, 0x86, 0x50, 0x00, 0x8E, + 0xCA, 0x08, 0x51, 0x5A, 0x06, 0x01, 0x54, 0x82, + 0x20, 0xC4, 0x92, 0x30, 0x02, 0x21, 0x4E, 0x0A, + 0x93, 0x89, 0x84, 0xB8, 0x70, 0x24, 0x40, 0x51, + 0x24, 0xB3, 0x44, 0xDB, 0x08, 0x40, 0x1B, 0x37, + 0x44, 0x21, 0x22, 0x8E, 0x8C, 0x16, 0x42, 0x10, + 0x22, 0x0E, 0xA1, 0xB2, 0x8D, 0x18, 0x49, 0x30, + 0xC1, 0x32, 0x69, 0x21, 0x03, 0x8E, 0x49, 0x44, + 0x08, 0xD3, 0x16, 0x89, 0x10, 0xA4, 0x25, 0x5C, + 0x22, 0x8A, 0xC0, 0xC8, 0x08, 0xC1, 0x04, 0x6A, + 0xD2, 0xA0, 0x50, 0x8A, 0x02, 0x52, 0x92, 0x16, + 0x44, 0x54, 0x30, 0x4A, 0x92, 0x32, 0x0C, 0x4C, + 0x44, 0x2D, 0x04, 0x15, 0x2A, 0x99, 0x24, 0x42, + 0x52, 0xA8, 0x30, 0x53, 0x24, 0x85, 0x9A, 0xB8, + 0x01, 0xE2, 0x08, 0x09, 0x23, 0x28, 0x08, 0xC4, + 0x98, 0x85, 0x0B, 0xB9, 0x40, 0x60, 0x26, 0x28, + 0x0A, 0x45, 0x12, 0x0C, 0x43, 0x84, 0x82, 0x16, + 0x89, 0xC4, 0x48, 0x28, 0x58, 0x18, 0x2A, 0x20, + 0x07, 0x02, 0xD3, 0x82, 0x45, 0x50, 0xB0, 0x50, + 0x64, 0x36, 0x91, 0x52, 0x02, 0x45, 0x5A, 0x42, + 0x26, 0x01, 0x28, 0x71, 0xD4, 0x86, 0x10, 0x19, + 0xC4, 0x68, 0xC4, 0x30, 0x66, 0xE0, 0x02, 0x49, + 0x18, 0x34, 0x05, 0x04, 0x02, 0x04, 0x90, 0x94, + 0x4C, 0x01, 0xA7, 0x80, 0x12, 0x97, 0x08, 0x19, + 0xC5, 0x41, 0x24, 0xC1, 0x61, 0x08, 0xB0, 0x0C, + 0x21, 0xC1, 0x49, 0x9B, 0x42, 0x51, 0x62, 0x18, + 0x22, 0x54, 0x06, 0x06, 0x93, 0x26, 0x70, 0x49, + 0x86, 0x91, 0x00, 0x28, 0x6C, 0x02, 0xC9, 0x60, + 0x13, 0xC3, 0x09, 0xCB, 0x14, 0x66, 0x09, 0x17, + 0x25, 0x1C, 0x16, 0x89, 0x01, 0xB6, 0x01, 0x60, + 0x86, 0x71, 0x58, 0x96, 0x04, 0x82, 0x38, 0x61, + 0x43, 0x40, 0x72, 0xCC, 0x46, 0x71, 0x81, 0x20, + 0x2C, 0x18, 0x20, 0x6E, 0x03, 0x91, 0x11, 0x9A, + 0x08, 0x89, 0x43, 0x06, 0x48, 0x64, 0x02, 0x6C, + 0x21, 0x33, 0x8D, 0x48, 0x16, 0x66, 0x9B, 0xA4, + 0x2D, 0x01, 0x10, 0x66, 0xDC, 0xB0, 0x25, 0x40, + 0xA0, 0x24, 0xA2, 0xB4, 0x44, 0xC8, 0x26, 0x61, + 0x0A, 0x10, 0x4E, 0xD0, 0x04, 0x11, 0x4A, 0x82, + 0x51, 0x03, 0x04, 0x6C, 0x18, 0x88, 0x6C, 0xE0, + 0x98, 0x41, 0x11, 0x29, 0x06, 0x62, 0x12, 0x8E, + 0xDA, 0x42, 0x91, 0x09, 0x48, 0x60, 0xD1, 0xB4, + 0x80, 0x10, 0x30, 0x30, 0x80, 0x38, 0x82, 0xD0, + 0x84, 0x0D, 0x08, 0x14, 0x92, 0x24, 0x41, 0x40, + 0x0C, 0x10, 0x89, 0xCC, 0x38, 0x8A, 0x13, 0xB6, + 0x89, 0x1A, 0xA7, 0x24, 0x5C, 0x10, 0x12, 0x1B, + 0x21, 0x50, 0x91, 0xB4, 0x29, 0x99, 0xB6, 0x51, + 0x04, 0xB1, 0x91, 0x59, 0xA6, 0x05, 0x19, 0x08, + 0x4A, 0x4A, 0x84, 0x6C, 0x1C, 0x49, 0x02, 0x44, + 0x20, 0x85, 0x14, 0xB1, 0x89, 0x09, 0x44, 0x2C, + 0x10, 0x02, 0x22, 0xE1, 0xB4, 0x25, 0x01, 0x21, + 0x71, 0x53, 0xC2, 0x85, 0x82, 0x88, 0x28, 0xC0, + 0x02, 0x52, 0x19, 0xC5, 0x51, 0x19, 0xA5, 0x09, + 0xC0, 0x82, 0x91, 0x21, 0x47, 0x0D, 0x1C, 0x30, + 0x69, 0xDC, 0xB8, 0x6C, 0x04, 0x41, 0x6A, 0x91, + 0x16, 0x40, 0xA0, 0xC8, 0x24, 0x1A, 0x10, 0x01, + 0x04, 0x39, 0x25, 0x80, 0x16, 0x02, 0x63, 0x36, + 0x71, 0x90, 0xB0, 0x8D, 0x44, 0x16, 0x8E, 0xDA, + 0x16, 0x2E, 0xCB, 0x44, 0x20, 0x54, 0x38, 0x06, + 0x54, 0xC4, 0x01, 0x51, 0x40, 0x86, 0x52, 0x44, + 0x0E, 0x82, 0x02, 0x32, 0x21, 0x38, 0x89, 0x19, + 0x04, 0x40, 0xD8, 0x12, 0x68, 0x21, 0x98, 0x11, + 0x03, 0x33, 0x8A, 0x18, 0x00, 0x45, 0xCB, 0x22, + 0x32, 0xC3, 0x04, 0x46, 0x09, 0x18, 0x51, 0x22, + 0x44, 0x89, 0x13, 0x16, 0x6E, 0xDA, 0x46, 0x45, + 0x09, 0x19, 0x41, 0x81, 0x10, 0x01, 0xDC, 0x18, + 0x8E, 0xC8, 0x44, 0x4C, 0x00, 0x17, 0x82, 0x9C, + 0xA6, 0x4D, 0xC8, 0x08, 0x10, 0x24, 0x42, 0x6D, + 0x91, 0x38, 0x89, 0x8C, 0x40, 0x6E, 0x00, 0x35, + 0x11, 0xD3, 0x24, 0x09, 0x1A, 0x01, 0x65, 0x88, + 0x48, 0x45, 0x09, 0x01, 0x71, 0x43, 0xB8, 0x80, + 0x11, 0x82, 0x2C, 0x84, 0xB8, 0x49, 0x58, 0x14, + 0x28, 0x92, 0x20, 0x32, 0x09, 0x12, 0x05, 0x20, + 0x81, 0x2D, 0x5B, 0x86, 0x11, 0x04, 0x90, 0x45, + 0x49, 0x80, 0x40, 0xD1, 0xC8, 0x24, 0x98, 0xC2, + 0x2C, 0x99, 0xA2, 0x30, 0x04, 0x98, 0x8C, 0x53, + 0x24, 0x02, 0x8A, 0x04, 0x01, 0x4C, 0x28, 0x71, + 0xC3, 0x86, 0x6C, 0x24, 0x49, 0x81, 0x04, 0x02, + 0x28, 0x62, 0x44, 0x32, 0x61, 0x20, 0x28, 0x01, + 0x04, 0x11, 0x0C, 0x09, 0x08, 0x90, 0x98, 0x84, + 0x63, 0xB2, 0x45, 0x63, 0x38, 0x2E, 0x04, 0xA4, + 0x0C, 0x18, 0x05, 0x4E, 0xCC, 0x86, 0x90, 0x43, + 0x40, 0x91, 0x54, 0x02, 0x21, 0x43, 0x28, 0x42, + 0x23, 0x94, 0x29, 0xC8, 0xA6, 0x91, 0x02, 0x09, + 0x80, 0xE3, 0x82, 0x00, 0xC1, 0x34, 0x08, 0xD1, + 0x34, 0x84, 0x12, 0x45, 0x8C, 0x02, 0xC6, 0x81, + 0x41, 0xC6, 0x6C, 0x1B, 0x12, 0x24, 0x04, 0x08, + 0x0D, 0x02, 0x00, 0x0C, 0x9C, 0xA2, 0x05, 0x49, + 0x34, 0x65, 0x00, 0x06, 0x89, 0x88, 0x34, 0x00, + 0xD8, 0x82, 0x29, 0x92, 0x12, 0x91, 0xE3, 0x36, + 0x86, 0xD1, 0x80, 0x71, 0x98, 0xB0, 0x50, 0x48, + 0xC6, 0x11, 0x14, 0x80, 0x0D, 0xA0, 0x12, 0x4D, + 0x9B, 0xB2, 0x40, 0x21, 0x41, 0x50, 0x4B, 0x36, + 0x05, 0x52, 0x10, 0x26, 0x19, 0xB2, 0x60, 0x92, + 0xA2, 0x24, 0xCB, 0x08, 0x00, 0x14, 0x22, 0x49, + 0x5A, 0xD0, 0x55, 0xBD, 0x2B, 0x45, 0xE4, 0x31, + 0x41, 0xA8, 0xC3, 0xA3, 0xAD, 0xBD, 0xB6, 0x37, + 0x92, 0x06, 0x95, 0x6B, 0x3D, 0xD8, 0xE5, 0x33, + 0x71, 0xB6, 0x62, 0xB7, 0x67, 0x6C, 0x77, 0x84, + 0x63, 0x2F, 0x41, 0x1D, 0xBA, 0x51, 0x27, 0xE1, + 0x24, 0x5D, 0xC2, 0x38, 0x71, 0x65, 0x9E, 0x8E, + 0xE4, 0xEB, 0xBB, 0x1D, 0x89, 0xEB, 0x18, 0xCA, + 0x0C, 0xA6, 0x86, 0xA3, 0x4D, 0x7C, 0x7A, 0x02, + 0xAC, 0xDD, 0x34, 0xCE, 0x05, 0x3B, 0x1B, 0x49, + 0xF4, 0x6D, 0x12, 0x33, 0xBC, 0x52, 0x70, 0x59, + 0xDF, 0xBC, 0x5D, 0x49, 0x42, 0x6A, 0xED, 0xC7, + 0xF1, 0x8C, 0xF5, 0x6D, 0x1F, 0xBC, 0xE4, 0xBD, + 0x45, 0x5D, 0x59, 0xF8, 0xCE, 0x9A, 0x39, 0xB5, + 0x96, 0x32, 0xFD, 0x93, 0x65, 0x8E, 0x92, 0xF1, + 0x8F, 0xB0, 0x99, 0xF3, 0x80, 0x0F, 0x66, 0x14, + 0xFE, 0xEB, 0x23, 0x17, 0x2D, 0x4C, 0x8F, 0x41, + 0x9A, 0x9B, 0xD1, 0x5B, 0x5B, 0xC0, 0x3D, 0xA6, + 0x0E, 0xF3, 0xE0, 0xA1, 0x04, 0xDC, 0x24, 0x18, + 0x9D, 0x90, 0xC6, 0x89, 0x5A, 0x7F, 0x10, 0x1E, + 0x4B, 0x21, 0xEC, 0x91, 0xD8, 0x5D, 0x65, 0xDB, + 0xCF, 0x90, 0x62, 0x85, 0xE9, 0x58, 0xA3, 0x47, + 0x92, 0x1C, 0xD0, 0x0C, 0xA3, 0xF3, 0x3E, 0x36, + 0xDB, 0x24, 0xA6, 0x98, 0xAB, 0xA7, 0x89, 0x2B, + 0x71, 0x6C, 0x4D, 0x00, 0xB0, 0xD5, 0xA0, 0xCA, + 0x1A, 0x76, 0x8E, 0x80, 0xB7, 0xAE, 0x83, 0x89, + 0x50, 0xF8, 0xA7, 0x52, 0x8B, 0x94, 0xD2, 0x2B, + 0x9F, 0x49, 0x92, 0x3D, 0x54, 0x0D, 0xB8, 0xD1, + 0x19, 0x49, 0xAC, 0x91, 0xAF, 0xDB, 0xE9, 0x24, + 0x4D, 0xD8, 0xE1, 0xD5, 0x16, 0x0E, 0xB1, 0x39, + 0x40, 0x7D, 0x5F, 0xF5, 0x92, 0xB4, 0xAF, 0xC3, + 0x76, 0x2B, 0xDB, 0x7D, 0x52, 0x97, 0x62, 0x9F, + 0xCF, 0x32, 0x19, 0x5F, 0xE6, 0x32, 0xFB, 0x8E, + 0x39, 0x24, 0xB4, 0xEB, 0xE9, 0x17, 0x9E, 0x47, + 0x69, 0x4D, 0x92, 0x82, 0x96, 0x88, 0x38, 0x11, + 0xCE, 0xD6, 0xBF, 0x18, 0xE3, 0x51, 0x40, 0x81, + 0x11, 0xA0, 0x74, 0xDA, 0x0D, 0x5E, 0xEC, 0xD8, + 0x5D, 0x33, 0x22, 0x1E, 0xB9, 0x5D, 0xBF, 0x79, + 0xB0, 0xA1, 0xEF, 0xD1, 0x2D, 0xA0, 0x5F, 0xA1, + 0xC7, 0x6E, 0xD5, 0x08, 0xB8, 0xD0, 0xC1, 0x95, + 0x51, 0x9B, 0x07, 0xC3, 0x4A, 0x0A, 0xB5, 0xA1, + 0x28, 0xFE, 0x95, 0x95, 0x0A, 0xCF, 0x83, 0xA8, + 0xEB, 0x8F, 0xFB, 0x18, 0xD5, 0xBD, 0x69, 0x50, + 0xF1, 0xDF, 0x06, 0xFA, 0x9A, 0x65, 0x47, 0xBB, + 0x56, 0xE9, 0xCB, 0x8F, 0x69, 0x5F, 0xE0, 0xAD, + 0x19, 0x3A, 0x70, 0xE5, 0x66, 0x42, 0xD7, 0x1C, + 0x0C, 0xB4, 0x03, 0x89, 0x7D, 0x47, 0x4D, 0x29, + 0x67, 0x8C, 0x41, 0x73, 0xAB, 0x7D, 0xFD, 0x69, + 0x15, 0xAD, 0xE3, 0xB7, 0xF8, 0x98, 0x3B, 0xCA, + 0x8F, 0x27, 0x37, 0x7B, 0x72, 0x2C, 0x5F, 0x23, + 0x73, 0x15, 0xE2, 0xB6, 0xBD, 0xDE, 0x84, 0xF8, + 0x7E, 0x22, 0xB9, 0xFD, 0xD3, 0x4D, 0x62, 0x80, + 0xBA, 0xC5, 0x57, 0x29, 0x30, 0x1B, 0x06, 0x4D, + 0x20, 0xB1, 0x53, 0x86, 0xCB, 0x6A, 0x4A, 0xE3, + 0xC1, 0xA9, 0x88, 0xCF, 0xEB, 0x15, 0x2F, 0xA8, + 0xA8, 0x6F, 0xFC, 0x2A, 0xA8, 0x0E, 0xD9, 0xFA, + 0xEA, 0xD7, 0x3B, 0xCE, 0xF8, 0x5B, 0xD8, 0x92, + 0x22, 0x6A, 0x1A, 0x8E, 0x5E, 0x91, 0x37, 0x2C, + 0x21, 0x05, 0xC4, 0xAC, 0xF7, 0x62, 0x83, 0xBA, + 0x55, 0xD5, 0x2C, 0xCE, 0xA1, 0x19, 0x93, 0x0E, + 0xDE, 0xB6, 0xB8, 0x78, 0x0F, 0xBF, 0x4C, 0xA4, + 0x66, 0xAD, 0x97, 0x2F, 0xEE, 0x34, 0xE9, 0xA2, + 0xB6, 0x1D, 0x3C, 0x60, 0xFB, 0xB8, 0x7F, 0xF8, + 0xFD, 0x34, 0x8C, 0xC5, 0xC7, 0x38, 0x72, 0x74, + 0x19, 0xA9, 0xCF, 0x54, 0x49, 0x5B, 0xBA, 0x70, + 0x12, 0xC1, 0x61, 0xDC, 0x32, 0x61, 0x49, 0x66, + 0xF3, 0x57, 0xAA, 0x0F, 0xE6, 0x44, 0x9E, 0x8A, + 0x19, 0x9C, 0x6B, 0x63, 0x2C, 0x14, 0x1E, 0xDD, + 0x00, 0x27, 0xE3, 0x95, 0xE3, 0xE7, 0xD9, 0xFF, + 0x30, 0x2D, 0x14, 0x19, 0x4F, 0x49, 0x20, 0x0B, + 0x58, 0x2A, 0x23, 0x1C, 0xE2, 0xAD, 0x6B, 0x9C, + 0x7B, 0xB6, 0x20, 0x63, 0x08, 0x24, 0x55, 0x04, + 0x58, 0x1F, 0x0E, 0xBE, 0x2A, 0x6F, 0x79, 0x90, + 0x9E, 0x15, 0x8F, 0x4B, 0xDB, 0xE2, 0xBE, 0xBC, + 0x28, 0xB1, 0xC8, 0xFE, 0x00, 0x6D, 0x71, 0xCC, + 0x91, 0x6A, 0xCC, 0xF8, 0x12, 0x8B, 0xEC, 0xF3, + 0x46, 0x53, 0xB1, 0x7F, 0xB3, 0x79, 0xF0, 0xC7, + 0xD7, 0xA5, 0xCF, 0x2C, 0xC3, 0x09, 0x66, 0x82, + 0x53, 0x43, 0xFD, 0xAC, 0xDE, 0xD5, 0x85, 0xB3, + 0x79, 0x74, 0x55, 0xE8, 0xF6, 0xE5, 0xFB, 0xF0, + 0x63, 0x0C, 0x36, 0x63, 0x65, 0x10, 0x43, 0xC9, + 0x60, 0x99, 0xD6, 0x0C, 0xB9, 0x66, 0x1C, 0xA9, + 0x97, 0x4D, 0xDB, 0xA8, 0x13, 0x9E, 0xAE, 0xCA, + 0x7A, 0x5F, 0xE3, 0x24, 0xA0, 0xEE, 0x8A, 0x9D, + 0x7F, 0x03, 0x53, 0x21, 0x6B, 0xAF, 0x3D, 0xF9, + 0x38, 0xF3, 0x7A, 0x1D, 0xDA, 0xE2, 0xEF, 0xBA, + 0x86, 0x21, 0x85, 0x1F, 0x36, 0x08, 0x0B, 0xDA, + 0x37, 0x5A, 0x0A, 0xD7, 0x55, 0x41, 0xD5, 0x84, + 0x1B, 0x36, 0xA2, 0x50, 0x65, 0xD7, 0xF3, 0xA3, + 0xEB, 0xE1, 0xDE, 0x0F, 0x85, 0xAA, 0xF6, 0x2F, + 0xAB, 0xBB, 0xC8, 0xF1, 0x2A, 0xD1, 0x0A, 0x9B, + 0xE4, 0x7B, 0xBC, 0x4D, 0x42, 0xD8, 0xA3, 0x4C, + 0x07, 0x6A, 0x60, 0x3E, 0xE2, 0xDA, 0xE7, 0x00, + 0xDF, 0x27, 0x94, 0xEF, 0x90, 0x99, 0x88, 0x2C, + 0xCF, 0xAA, 0xE1, 0x71, 0x2D, 0xFD, 0x00, 0x9C, + 0x55, 0xBF, 0xC4, 0x7A, 0x55, 0xE9, 0xE0, 0xB4, + 0x7F, 0x3D, 0xE9, 0xB0, 0x01, 0xA7, 0x27, 0x23, + 0x27, 0x58, 0x31, 0x0E, 0x8E, 0x80, 0xD8, 0xEB, + 0x64, 0xA0, 0xC3, 0xC9, 0xEA, 0x69, 0x9C, 0x74, + 0x5E, 0xAF, 0xD5, 0xEF, 0x5C, 0x4E, 0x40, 0x71, + 0xD6, 0x57, 0x77, 0xE2, 0xAF, 0x0E, 0x1D, 0xB8, + 0x5A, 0x91, 0x20, 0x4C, 0x33, 0x4D, 0xD8, 0x4F, + 0x98, 0xE0, 0x86, 0x1D, 0x02, 0xA0, 0xDA, 0x06, + 0x17, 0xC4, 0x5D, 0x2E, 0x49, 0x31, 0xE6, 0xE4, + 0xDC, 0x18, 0x23, 0x26, 0xF3, 0x61, 0xF5, 0x8D, + 0x26, 0x2C, 0x18, 0x4C, 0xDF, 0x71, 0x90, 0x24, + 0x96, 0xD3, 0xD4, 0x1A, 0x6F, 0x08, 0xAB, 0x29, + 0x7D, 0xFF, 0x4E, 0x27, 0x6D, 0x39, 0x83, 0x17, + 0x90, 0xA4, 0x07, 0x8A, 0xDE, 0x79, 0x53, 0xF6, + 0x99, 0x2E, 0xA6, 0x39, 0x47, 0xC3, 0xBE, 0x12, + 0xC7, 0xA5, 0x7E, 0xA2, 0x19, 0x57, 0x04, 0x45, + 0xBE, 0x44, 0x62, 0x92, 0xCA, 0x56, 0xE1, 0xF0, + 0x45, 0x3B, 0xA4, 0xF8, 0xF5, 0xCD, 0xC7, 0xD2, + 0xB2, 0x46, 0x57, 0x51, 0x0B, 0x06, 0xDA, 0x54, + 0x03, 0x9E, 0x52, 0xA2, 0x78, 0x69, 0x25, 0x2E, + 0x75, 0x83, 0x25, 0x3F, 0xA3, 0x62, 0x27, 0xB9, + 0xA6, 0x59, 0x7A, 0xB1, 0xB6, 0xE9, 0xC1, 0xDD, + 0x2F, 0x22, 0x2D, 0x3B, 0xA3, 0x22, 0xD6, 0x11, + 0x7B, 0x08, 0x27, 0x92, 0x83, 0x7A, 0x5D, 0x0D, + 0x6B, 0x9D, 0x5B, 0xEB, 0xE9, 0xC0, 0x88, 0xDE, + 0x44, 0x55, 0xBA, 0x69, 0xC1, 0x7A, 0x4D, 0xE6, + 0x35, 0x67, 0x6F, 0x99, 0x9B, 0x07, 0xD8, 0x04, + 0xAA, 0xEA, 0x7D, 0xFF, 0x8E, 0xB8, 0xAA, 0x4C, + 0x79, 0xE2, 0x88, 0xA8, 0x1D, 0xE8, 0xA6, 0x77, + 0xCA, 0x06, 0xC0, 0xDF, 0x0E, 0x2B, 0xCB, 0xFF, + 0x9F, 0x64, 0x67, 0x11, 0xF1, 0xB9, 0x38, 0x83, + 0x19, 0x05, 0x30, 0x9B, 0x01, 0x11, 0x55, 0x03, + 0xAD, 0x44, 0x7D, 0x3C, 0x07, 0xEF, 0x88, 0x19, + 0x92, 0xC0, 0xFE, 0xE1, 0xAB, 0xDB, 0x24, 0x18, + 0x17, 0xD0, 0x03, 0x5C, 0x91, 0xD4, 0xA6, 0x2A, + 0xF1, 0xE9, 0x72, 0x62, 0x58, 0x22, 0x7D, 0x55, + 0x15, 0xE2, 0xA1, 0x70, 0x14, 0x5E, 0x34, 0xB9, + 0x5A, 0xB7, 0x5D, 0x3F, 0xB8, 0xB5, 0x45, 0x44, + 0xD2, 0x50, 0xD1, 0xC6, 0x7E, 0xE7, 0x3D, 0xF4, + 0xD3, 0xEC, 0xFB, 0x97, 0x32, 0x11, 0x72, 0x51, + 0xB7, 0x4A, 0xC8, 0x38, 0x96, 0xFC, 0x6F, 0x69, + 0xC2, 0xD5, 0xD3, 0x28, 0xE9, 0x63, 0x14, 0x14, + 0xFE, 0xB1, 0xA4, 0x02, 0x80, 0x65, 0x73, 0xD3, + 0x57, 0x07, 0x95, 0x21, 0x40, 0x00, 0x77, 0xA7, + 0x6D, 0x44, 0x2B, 0x0D, 0x77, 0x07, 0x92, 0x64, + 0xD4, 0x3A, 0xE2, 0x7F, 0xF2, 0x1C, 0x14, 0x08, + 0x60, 0x74, 0x8F, 0xFC, 0x0B, 0xE8, 0xEC, 0xA9, + 0xB7, 0x97, 0xA7, 0x85, 0x8A, 0xEF, 0xD7, 0x7E, + 0xD5, 0x15, 0xF7, 0x45, 0x8D, 0x9C, 0xBF, 0x23, + 0xEB, 0x8C, 0x4D, 0xD2, 0x28, 0x7E, 0x0A, 0x61, + 0x2E, 0xBA, 0xBE, 0x89, 0x1D, 0x64, 0x45, 0x22, + 0x70, 0x9D, 0x48, 0xEB, 0x2F, 0x96, 0xF1, 0xA7, + 0xDE, 0xD3, 0x28, 0x4C, 0xC9, 0xFB, 0xF2, 0x9C, + 0x5B, 0xFC, 0xBE, 0xBE, 0xF4, 0x38, 0xC9, 0x43, + 0xC3, 0x66, 0x53, 0xA9, 0x06, 0xE5, 0x71, 0x16, + 0xA4, 0xBB, 0x3B, 0x50, 0x53, 0xCF, 0xF4, 0x1F, + 0xD6, 0x00, 0x07, 0x46, 0xFB, 0x97, 0x0B, 0xF9, + 0x3D, 0xF4, 0xC6, 0x60, 0xD0, 0x37, 0x70, 0xC0, + 0x2D, 0xD1, 0x9F, 0xA5, 0x78, 0xF3, 0x1F, 0x03, + 0x81, 0xB1, 0x93, 0xBA, 0xE5, 0x82, 0xE6, 0xD1, + 0x66, 0x93, 0x83, 0x5B, 0xB9, 0xAD, 0xD9, 0x01, + 0xA5, 0xB6, 0x5C, 0x69, 0x82, 0xD7, 0x2F, 0x35, + 0x35, 0x98, 0xEE, 0xE9, 0xA0, 0x74, 0xC1, 0x91, + 0x44, 0x0A, 0x04, 0xCD, 0x97, 0xBE, 0x6B, 0x60, + 0x90, 0x9A, 0x48, 0x7B, 0x83, 0xA2, 0x28, 0x97, + 0xB5, 0xBA, 0xB1, 0x4D, 0x35, 0x8B, 0x34, 0x0A, + 0xA1, 0xCB, 0xA5, 0xC2, 0xA4, 0x6A, 0x36, 0xB3, + 0x12, 0x46, 0x59, 0xDB, 0x63, 0xE5, 0xF9, 0xF1, + 0x7F, 0xAD, 0x42, 0xF4, 0x24, 0xF0, 0x02, 0x3D, + 0x1E, 0x6C, 0xD5, 0xB3, 0x06, 0x8F, 0x1F, 0x59, + 0x79, 0xCC, 0xF9, 0x5B, 0x4F, 0x8B, 0xD6, 0x03, + 0xC7, 0x53, 0xE6, 0xCE, 0xBB, 0xD8, 0x52, 0x89, + 0x70, 0x5D, 0x98, 0x86, 0xA5, 0x9E, 0x44, 0xA9, + 0xC8, 0x17, 0xA2, 0x6F, 0x43, 0x2D, 0x8D, 0xA7, + 0xDE, 0x3E, 0xFA, 0xE7, 0x98, 0x7B, 0xB5, 0xBE, + 0x7B, 0x10, 0xB8, 0xB8, 0xA5, 0x3D, 0x3E, 0xCD, + 0x94, 0x19, 0x5E, 0x06, 0x51, 0xB8, 0x58, 0x1E, + 0x0E, 0xCF, 0xFE, 0xE5, 0xED, 0x84, 0xB5, 0xF5, + 0x0F, 0x34, 0x32, 0xAC, 0x0A, 0x7F, 0x03, 0xF0, + 0xF8, 0xFC, 0x69, 0xA0, 0x26, 0x0D, 0x2E, 0xFA, + 0x62, 0x49, 0x5C, 0xC4, 0xE5, 0xF6, 0x8B, 0xC5, + 0x26, 0x21, 0x23, 0x3B, 0xBD, 0x9A, 0x23, 0x95, + 0x69, 0xA7, 0x48, 0x94, 0x30, 0x1E, 0xC3, 0x82, + 0xB6, 0x75, 0x30, 0xA6, 0xF3, 0x1E, 0xBB, 0xBC, + 0xF7, 0x21, 0x27, 0x12, 0x2C, 0x51, 0x50, 0x55, + 0x87, 0x0D, 0xF1, 0xCC, 0x6C, 0xFF, 0xEA, 0x7E, + 0x2C, 0xDA, 0x8B, 0x9B, 0x20, 0xF4, 0x75, 0xFB, + 0xC2, 0x3F, 0xBE, 0x09, 0xA6, 0xC9, 0x26, 0xE7, + 0xB5, 0xC7, 0xE6, 0xB9, 0x35, 0x8C, 0xAF, 0xFA, + 0xC0, 0x8D, 0x43, 0x33, 0x25, 0xBA, 0xAA, 0xDC, + 0xCF, 0xBC, 0xE4, 0xC4, 0xC6, 0x26, 0x4A, 0x0D, + 0x9D, 0xCC, 0x2A, 0xE0, 0x5B, 0x1E, 0xC9, 0x78, + 0xF8, 0xA2, 0xB5, 0x46, 0xE5, 0x49, 0xB8, 0x4C, + 0xC2, 0x22, 0x40, 0xCE, 0x97, 0x9A, 0x95, 0x40, + 0xF7, 0xD6, 0x52, 0x54, 0x3B, 0xBB, 0x42, 0xC5, + 0x6F, 0x00, 0x7F, 0x83, 0xDD, 0x88, 0x71, 0xF7, + 0xD4, 0x1B, 0x3D, 0x81, 0xC4, 0xB1, 0x49, 0x9B, + 0xF3, 0x68, 0x15, 0xC5, 0x15, 0x97, 0x0F, 0xC5, + 0x43, 0xDD, 0x07, 0xBE, 0x98, 0x43, 0x2C, 0xB3, + 0xEF, 0x08, 0xCA, 0xDC, 0x9C, 0x27, 0x58, 0xFE, + 0x49, 0xE9, 0x77, 0xD9, 0x1C, 0x62, 0xA4, 0xA2, + 0xF9, 0x78, 0xCC, 0xB3, 0x21, 0x06, 0x10, 0xDE, + 0x5A, 0x52, 0xA3, 0x67, 0xBD, 0x5E, 0xBC, 0x9B, + 0x4E, 0x40, 0x87, 0x93, 0xCF, 0x0E, 0x27, 0x0E, + 0xE3, 0x11, 0x4B, 0xB3, 0xE0, 0xCE, 0x24, 0xB6, + 0x0A, 0x53, 0x03, 0xF8, 0x01, 0x6A, 0x7E, 0xFE, + 0xC8, 0x66, 0x9F, 0x29, 0xF3, 0x45, 0x94, 0xD6, + 0x0E, 0x30, 0xB5, 0x61, 0xA9, 0xEC, 0x8F, 0x71, + 0xF7, 0x36, 0xD6, 0x43, 0x4B, 0x0C, 0xCD, 0x45, + 0xBB, 0xA4, 0xBD, 0xE9, 0xA9, 0xC3, 0xC1, 0x95, + 0x1E, 0xF9, 0x42, 0x07, 0x18, 0xEA, 0xF5, 0x0B, + 0x27, 0xB6, 0xDE, 0xEF, 0x67, 0x33, 0x83, 0x0D, + 0xD9, 0x5E, 0x3A, 0x93, 0xD2, 0xD0, 0xDB, 0xB9, + 0x98, 0xF0, 0x25, 0x21, 0xF3, 0xDF, 0x0B, 0x1E + }; +#endif /* !WOLFSSL_NO_ML_DSA_44 */ +#ifndef WOLFSSL_NO_ML_DSA_65 + static const byte seed_65_draft[] = { + 0x41, 0xAF, 0x98, 0x7B, 0x02, 0x6E, 0x47, 0x5F, + 0x37, 0x91, 0x7F, 0x2A, 0x6A, 0x9A, 0x87, 0xE7, + 0x51, 0xAD, 0xF9, 0x5B, 0x92, 0x7F, 0x2D, 0xCE, + 0xF0, 0xD4, 0xF3, 0xDA, 0x8F, 0x8C, 0x86, 0x6B + }; + static const byte pk_65_draft[] = { + 0xDC, 0x38, 0xE5, 0x5F, 0xDF, 0x2E, 0x9D, 0xD4, + 0x34, 0x5C, 0xAE, 0x1A, 0x7D, 0xF4, 0x2E, 0x2E, + 0xBC, 0x58, 0x57, 0x80, 0x55, 0x02, 0xE4, 0x3F, + 0xA5, 0x19, 0x41, 0xE4, 0x44, 0x58, 0x66, 0x41, + 0x39, 0x5D, 0xF9, 0x20, 0x6C, 0x36, 0x0D, 0x4F, + 0x83, 0x43, 0xBE, 0x86, 0xEF, 0x6C, 0x43, 0xD0, + 0x3E, 0xD0, 0x63, 0x0A, 0x5B, 0x92, 0x8D, 0x31, + 0x19, 0x1D, 0xA9, 0x51, 0x61, 0x48, 0xE6, 0x26, + 0x50, 0x07, 0x54, 0x9B, 0xB0, 0xB7, 0x62, 0x54, + 0xDB, 0x80, 0x4E, 0x48, 0x7F, 0x48, 0xC5, 0x11, + 0x91, 0xFC, 0xA9, 0x26, 0x25, 0x08, 0xA5, 0x99, + 0xA0, 0x3C, 0xB9, 0x0C, 0xCF, 0x6C, 0xCD, 0x83, + 0x9A, 0x38, 0x6D, 0x22, 0xDE, 0x0A, 0xC3, 0x8F, + 0xF7, 0xD0, 0x57, 0x40, 0x53, 0xE9, 0xE9, 0x4E, + 0x73, 0xFA, 0x58, 0x40, 0x9F, 0x6D, 0x8A, 0xD3, + 0x6F, 0x86, 0x84, 0x4D, 0x18, 0xD7, 0x4C, 0x76, + 0x39, 0x57, 0x9E, 0xC0, 0xC7, 0xE4, 0xEE, 0x54, + 0xF4, 0xAD, 0x10, 0xC5, 0x69, 0x59, 0xE0, 0xBC, + 0x9B, 0xF4, 0x20, 0x8F, 0xBA, 0x0A, 0x94, 0x10, + 0x55, 0x07, 0x7E, 0xD1, 0xF9, 0x20, 0xCC, 0x2F, + 0xA9, 0xAE, 0x9D, 0xF5, 0xE4, 0x29, 0x40, 0x7E, + 0x44, 0xA4, 0xDF, 0xB2, 0xE9, 0x25, 0xE0, 0xBA, + 0x8D, 0x6C, 0x33, 0x88, 0x9C, 0xEE, 0x27, 0xDB, + 0xC7, 0x0A, 0x6E, 0x5A, 0x08, 0x92, 0x9B, 0x53, + 0xF8, 0xFD, 0xF9, 0x5B, 0xEB, 0x03, 0x8E, 0x45, + 0xCB, 0x91, 0x19, 0x4E, 0x6B, 0x1E, 0xA0, 0xA4, + 0xF0, 0x43, 0xC9, 0x8F, 0xDF, 0x93, 0x5E, 0x86, + 0xB0, 0x09, 0xD3, 0x47, 0x38, 0x7C, 0x8E, 0x78, + 0x85, 0x71, 0x3D, 0x07, 0x2E, 0x2E, 0x12, 0x6F, + 0x06, 0x97, 0x0E, 0x54, 0xAD, 0x71, 0x09, 0xEF, + 0xA5, 0x55, 0x0A, 0x39, 0x86, 0xE6, 0x17, 0x17, + 0x70, 0x9A, 0xA7, 0xA7, 0x1B, 0xCE, 0x78, 0x06, + 0x2C, 0x61, 0x1A, 0xB9, 0x48, 0x22, 0x41, 0x45, + 0x15, 0xEB, 0x10, 0x3C, 0x6E, 0x24, 0x37, 0xA4, + 0xB5, 0xE8, 0x82, 0x4D, 0x6D, 0xCC, 0x44, 0xC6, + 0xB0, 0x5D, 0xBE, 0x46, 0xDA, 0x5F, 0x00, 0x36, + 0x5B, 0xBD, 0x87, 0x65, 0x3A, 0x96, 0x21, 0x58, + 0x45, 0x65, 0xDB, 0xD8, 0x77, 0x76, 0x7B, 0x25, + 0xC3, 0x78, 0x6E, 0xD9, 0x14, 0xA7, 0x19, 0x69, + 0x4F, 0xBB, 0x1B, 0xDB, 0x37, 0xCE, 0xAF, 0x8C, + 0x88, 0x2E, 0x9E, 0x30, 0xF6, 0xAE, 0x43, 0xCC, + 0x59, 0x0F, 0x67, 0x8A, 0xCB, 0x4F, 0x08, 0x20, + 0x6D, 0x99, 0xD7, 0xA9, 0xDE, 0xE5, 0xE5, 0xB3, + 0xFF, 0xAA, 0x45, 0x3C, 0xF1, 0xE3, 0x02, 0x7D, + 0x2F, 0xEE, 0x69, 0x04, 0x81, 0x73, 0x01, 0x37, + 0x51, 0x68, 0xC8, 0x0B, 0x51, 0xFD, 0x05, 0xB4, + 0x05, 0xBB, 0xA1, 0xDB, 0x1D, 0xF6, 0x5F, 0x70, + 0xD3, 0x0A, 0x37, 0x4B, 0x9C, 0xC4, 0x45, 0x30, + 0x11, 0x36, 0xE2, 0x48, 0x9F, 0xC4, 0x2E, 0x4E, + 0x0C, 0x0C, 0xA1, 0x04, 0x41, 0x75, 0x95, 0xAA, + 0xED, 0xAC, 0xD4, 0xB2, 0xE7, 0x85, 0x7E, 0xE1, + 0xA6, 0xFE, 0x2A, 0x09, 0x19, 0x09, 0x3D, 0x7C, + 0x20, 0x1E, 0x98, 0x3D, 0x6E, 0x02, 0xC1, 0xCA, + 0xBB, 0x24, 0x82, 0x9F, 0x45, 0x1D, 0x26, 0x99, + 0xAE, 0x02, 0x82, 0xF9, 0x86, 0x3B, 0x67, 0x8C, + 0xBD, 0xFE, 0xF1, 0xD0, 0xB6, 0xB8, 0xAB, 0x00, + 0x0F, 0xEC, 0x30, 0xDC, 0x27, 0x58, 0xE2, 0x29, + 0x18, 0x05, 0x5A, 0x66, 0xA5, 0x88, 0x39, 0x8E, + 0x49, 0x5B, 0xB9, 0x52, 0x43, 0x84, 0xDC, 0xA9, + 0x50, 0x2B, 0x83, 0x3C, 0x84, 0x81, 0x37, 0x52, + 0x30, 0x79, 0xBD, 0x04, 0xB8, 0xDD, 0x47, 0xC1, + 0x02, 0x2E, 0xEC, 0x24, 0xD0, 0x56, 0x23, 0xE1, + 0x92, 0xD0, 0x65, 0x7F, 0xC7, 0xC2, 0xF7, 0x60, + 0x73, 0xB8, 0xAF, 0x0A, 0xF4, 0xEF, 0xFC, 0x1B, + 0xC2, 0xB9, 0x76, 0x87, 0x8A, 0xA6, 0xC2, 0x3F, + 0xD3, 0x9F, 0x1F, 0x2D, 0x94, 0xBC, 0x89, 0x4E, + 0x31, 0x8D, 0x28, 0xD0, 0x90, 0xB5, 0x5B, 0x60, + 0x30, 0xC6, 0x0B, 0x37, 0x63, 0x5D, 0xDC, 0xC6, + 0xE0, 0x1A, 0xBA, 0x6B, 0x23, 0xCD, 0x2E, 0x09, + 0x2D, 0x6A, 0x7E, 0x0C, 0xD9, 0x4F, 0xB1, 0xE2, + 0x89, 0x67, 0xE7, 0xB1, 0x54, 0x08, 0xB2, 0xFA, + 0x83, 0x43, 0x7C, 0x77, 0x06, 0xED, 0xE2, 0x29, + 0x53, 0xB7, 0x09, 0xC4, 0x1B, 0x81, 0x55, 0x12, + 0x41, 0x8E, 0x8B, 0x03, 0x36, 0xEE, 0x45, 0x70, + 0x57, 0xA8, 0x73, 0xEF, 0x70, 0x7B, 0x1F, 0x63, + 0xB0, 0xE8, 0x00, 0xBD, 0x1E, 0xE6, 0xA9, 0x93, + 0x9D, 0x03, 0x19, 0x22, 0xDF, 0xE1, 0x01, 0xF2, + 0xA9, 0x6B, 0x90, 0x5C, 0xD2, 0xC1, 0xAC, 0x9F, + 0xB2, 0x21, 0x1C, 0x2D, 0xC6, 0x80, 0x9A, 0xB5, + 0x1E, 0x46, 0x95, 0x6C, 0xCE, 0x47, 0x3E, 0x67, + 0xCD, 0xD6, 0xC9, 0xB9, 0x81, 0x74, 0x7F, 0x17, + 0xA3, 0xF7, 0x48, 0x99, 0xF3, 0x36, 0x84, 0xF3, + 0x16, 0x41, 0x55, 0x5F, 0xA7, 0xBF, 0x4B, 0x69, + 0x8D, 0xA3, 0x3D, 0x1E, 0xEA, 0xF5, 0x1E, 0xC6, + 0xB8, 0x1C, 0xD6, 0x89, 0x45, 0x68, 0xFA, 0xE7, + 0xCA, 0x86, 0xE4, 0xB1, 0xC9, 0x9C, 0xB2, 0xAB, + 0x89, 0x03, 0xE7, 0x19, 0x7B, 0xA9, 0xF2, 0x6B, + 0x4A, 0x43, 0x1D, 0x90, 0xAF, 0xA4, 0xE3, 0xBC, + 0xEF, 0xD4, 0x37, 0xC5, 0x55, 0x5C, 0x9E, 0x14, + 0xC6, 0x18, 0xDD, 0x45, 0x3F, 0x80, 0x49, 0x1C, + 0x93, 0xFF, 0xBD, 0xDD, 0x75, 0x54, 0x0B, 0xD1, + 0xA9, 0xF6, 0xBC, 0x89, 0x98, 0x7D, 0x6F, 0x03, + 0x7B, 0x06, 0xD5, 0x40, 0x7D, 0x85, 0x48, 0x2E, + 0x11, 0x3E, 0xF0, 0x47, 0x77, 0xD0, 0xBA, 0x03, + 0x33, 0x58, 0xC4, 0x8F, 0x76, 0xF8, 0x72, 0x47, + 0x04, 0x21, 0x5E, 0x85, 0x5A, 0x0F, 0x35, 0x77, + 0xFB, 0x96, 0x29, 0x81, 0x2D, 0x55, 0x6E, 0x53, + 0xC6, 0x13, 0x1E, 0xFA, 0x4D, 0xCE, 0xA9, 0x36, + 0x1D, 0x8F, 0xAB, 0xAC, 0x13, 0x19, 0x94, 0xFC, + 0x4B, 0xCD, 0x36, 0x4C, 0x6E, 0x21, 0xAE, 0xF1, + 0x13, 0xA4, 0xF7, 0x64, 0x8E, 0xE1, 0xAF, 0x50, + 0x6A, 0x63, 0x0E, 0xCA, 0x2F, 0xE9, 0x0C, 0x8A, + 0xE7, 0xF2, 0xE3, 0x68, 0x03, 0xE0, 0x40, 0x1C, + 0x64, 0xAB, 0xC3, 0xEC, 0xC0, 0x92, 0xE9, 0x57, + 0x3E, 0x66, 0x72, 0x36, 0x39, 0x22, 0x4E, 0xCD, + 0x13, 0x08, 0xBA, 0xF8, 0x2B, 0xA1, 0xF2, 0x69, + 0x44, 0x7E, 0x90, 0x5C, 0xC8, 0xEC, 0xB6, 0xBE, + 0x8C, 0x30, 0xE0, 0x69, 0xB7, 0x97, 0xA1, 0x1C, + 0x18, 0xE5, 0x54, 0x62, 0xC3, 0x29, 0x99, 0x21, + 0x16, 0xD9, 0x78, 0x1C, 0x4C, 0x9C, 0x88, 0x4C, + 0xA5, 0xE1, 0x11, 0x66, 0x5B, 0x6E, 0x71, 0xE7, + 0xE2, 0xE7, 0xE4, 0x02, 0xDD, 0x1A, 0x8D, 0x0C, + 0xF5, 0x32, 0xFD, 0x41, 0x28, 0x35, 0x75, 0xD0, + 0x0C, 0x5F, 0x06, 0x6A, 0x5A, 0x61, 0x49, 0x59, + 0xC1, 0x0C, 0xD4, 0x9E, 0xD6, 0x29, 0xE2, 0x37, + 0xDF, 0x2B, 0x3D, 0xE8, 0x98, 0xB9, 0xDF, 0x8E, + 0xA0, 0xC4, 0xE2, 0xFC, 0x45, 0x70, 0xE8, 0x1B, + 0xF4, 0xFA, 0xC5, 0xE6, 0xA7, 0xCF, 0x4F, 0xA2, + 0xDA, 0x3D, 0x90, 0x49, 0x24, 0x8F, 0x61, 0x54, + 0xD5, 0x50, 0x8E, 0xE8, 0x0C, 0x14, 0xAD, 0x6F, + 0x65, 0x88, 0x3A, 0xF6, 0x92, 0xDB, 0x35, 0x5D, + 0xFF, 0x21, 0x20, 0xAC, 0x01, 0x16, 0x0B, 0xEC, + 0x84, 0x15, 0x3B, 0xA9, 0x93, 0x92, 0x75, 0xB3, + 0x73, 0xF1, 0x23, 0x69, 0x94, 0x10, 0xF5, 0xFE, + 0x20, 0xA8, 0xAF, 0x05, 0x87, 0x49, 0x4E, 0x9C, + 0xEB, 0x21, 0x0A, 0xCF, 0x0B, 0xA1, 0x65, 0x38, + 0xA6, 0x18, 0x4D, 0xF7, 0xD8, 0xC1, 0x2C, 0x14, + 0x4C, 0xD9, 0x40, 0xC2, 0xF7, 0xBF, 0xE3, 0x07, + 0x79, 0x55, 0xAE, 0xB9, 0xB6, 0x50, 0x06, 0x92, + 0x94, 0x8C, 0x6A, 0x0E, 0x22, 0x14, 0xE2, 0xCC, + 0x65, 0xBA, 0x0C, 0x4D, 0xB6, 0x5C, 0x4A, 0xE9, + 0x0A, 0x08, 0x0C, 0xF9, 0x26, 0xA2, 0x51, 0x85, + 0x36, 0xE2, 0xC1, 0xF1, 0x0A, 0x66, 0x51, 0x66, + 0x7A, 0x98, 0x9B, 0x2C, 0x30, 0x1A, 0x0D, 0x49, + 0x3C, 0x1E, 0xEC, 0x63, 0x53, 0x5E, 0xD9, 0xDD, + 0x84, 0x69, 0xCD, 0x7E, 0x79, 0x58, 0x3D, 0x6E, + 0xD9, 0x98, 0x58, 0xD8, 0x0A, 0x48, 0xB5, 0x13, + 0x3F, 0x72, 0x4C, 0x11, 0x90, 0x15, 0x12, 0x74, + 0xFF, 0x5C, 0x0D, 0xC6, 0x20, 0x8C, 0xC1, 0x99, + 0xCA, 0x8E, 0xFC, 0xA2, 0xE8, 0xB8, 0xEE, 0xAA, + 0x27, 0xC2, 0x97, 0x8D, 0xFA, 0xBE, 0xE0, 0x43, + 0x99, 0xB6, 0x90, 0x60, 0x00, 0x7C, 0x33, 0xD4, + 0x87, 0x71, 0x7B, 0x56, 0x6C, 0xAA, 0xE0, 0xAC, + 0x9D, 0x7E, 0x7E, 0xA3, 0xCF, 0xBB, 0xB3, 0xA0, + 0x5F, 0xD4, 0xC4, 0x3A, 0xA7, 0xB9, 0x0C, 0xCE, + 0xF3, 0x05, 0x09, 0x91, 0xA7, 0xE9, 0x11, 0x55, + 0x32, 0x45, 0xA6, 0x08, 0x0E, 0x10, 0x37, 0x91, + 0xF3, 0xBF, 0xED, 0x64, 0x26, 0xEB, 0x39, 0xC2, + 0x57, 0xAE, 0x64, 0x79, 0x33, 0x7C, 0x51, 0xB2, + 0xC8, 0x85, 0xE0, 0xF9, 0x6D, 0x10, 0x52, 0x9F, + 0x72, 0xF4, 0xD1, 0x5B, 0x54, 0x5B, 0x93, 0x28, + 0x36, 0xA8, 0xCD, 0xB3, 0x30, 0x5B, 0x7A, 0xB0, + 0xB6, 0xF0, 0xD8, 0xA0, 0xBA, 0x24, 0x59, 0x5F, + 0x43, 0x02, 0x01, 0x57, 0x91, 0x7B, 0x94, 0x07, + 0x63, 0x23, 0x12, 0x94, 0xFB, 0x9F, 0xF2, 0xC1, + 0xD6, 0x80, 0x8F, 0x4E, 0xA7, 0x9E, 0x11, 0xD8, + 0xB3, 0x08, 0xB6, 0x3B, 0x3B, 0xF2, 0xEE, 0x14, + 0xA5, 0xDB, 0xB0, 0xBB, 0x17, 0xA5, 0x96, 0x3C, + 0x2F, 0xB9, 0xE7, 0x4A, 0xD7, 0x52, 0x34, 0x98, + 0xCB, 0x0C, 0xEB, 0x42, 0x5B, 0x2D, 0x2D, 0x2B, + 0x0D, 0x94, 0x66, 0xD3, 0xAD, 0x08, 0x0A, 0x28, + 0xF6, 0x0E, 0xDA, 0xD4, 0x54, 0xFD, 0xC6, 0x48, + 0x08, 0xA1, 0x8D, 0xB0, 0x30, 0xFD, 0x18, 0xB1, + 0x50, 0xB1, 0xFD, 0xE0, 0x6E, 0x33, 0x25, 0x0D, + 0x90, 0xB1, 0xC1, 0xE7, 0x88, 0x74, 0x87, 0x05, + 0xE7, 0xBE, 0xBD, 0xAA, 0x8C, 0x6D, 0xC2, 0x3D, + 0x6F, 0x95, 0x84, 0xFA, 0x03, 0x74, 0x85, 0xE1, + 0xED, 0xE5, 0xF4, 0xE8, 0x26, 0x4A, 0x0B, 0x20, + 0x87, 0xB6, 0xE1, 0x10, 0x75, 0x6D, 0x9F, 0x95, + 0x39, 0x4C, 0x0F, 0x50, 0x1B, 0xA8, 0x69, 0x82, + 0xBB, 0xE2, 0xD6, 0x11, 0xD7, 0xBE, 0xFB, 0x4F, + 0x60, 0xD3, 0x16, 0xC6, 0x04, 0x3A, 0x5A, 0xF5, + 0x78, 0x9B, 0x0B, 0x21, 0xA1, 0x00, 0x96, 0xCD, + 0x63, 0x78, 0x1D, 0x2D, 0x4F, 0x6E, 0x50, 0xEE, + 0x62, 0x2D, 0x88, 0x62, 0x01, 0xF6, 0xB4, 0x17, + 0x4F, 0x8C, 0xAD, 0xCB, 0x4B, 0xF9, 0xF6, 0x9D, + 0xC7, 0xD8, 0xCC, 0xBF, 0x96, 0x1B, 0x1B, 0x79, + 0xF3, 0x25, 0x85, 0x23, 0x10, 0x63, 0x30, 0x8D, + 0xA8, 0x3A, 0x4B, 0x92, 0x1B, 0x88, 0x53, 0x24, + 0x2D, 0x29, 0xA5, 0x2E, 0x7A, 0xD5, 0x58, 0xEB, + 0x1B, 0x1C, 0xE6, 0xB8, 0x94, 0x0C, 0x58, 0x96, + 0x5B, 0xA0, 0x2C, 0xBF, 0xE2, 0x99, 0xA0, 0x1F, + 0x0C, 0xCC, 0xBD, 0x83, 0x72, 0x56, 0xBB, 0x13, + 0x61, 0x5A, 0xC2, 0x04, 0x27, 0x29, 0x1F, 0xD4, + 0xE4, 0x3D, 0x8A, 0x87, 0xE3, 0x81, 0x91, 0x07, + 0xD3, 0x9B, 0xBC, 0xA9, 0xB3, 0xBA, 0xF5, 0x8B, + 0x6A, 0xAD, 0xDE, 0xB0, 0x54, 0x3E, 0xFE, 0xCC, + 0xD3, 0xCB, 0x2C, 0x69, 0xF0, 0x58, 0xD7, 0xEF, + 0xA9, 0xC0, 0x15, 0x9B, 0x5A, 0xDF, 0x71, 0x25, + 0x38, 0x44, 0xEC, 0xA9, 0x18, 0x47, 0x41, 0xCE, + 0x3D, 0x53, 0x10, 0x12, 0xC3, 0x1B, 0x59, 0x9A, + 0x93, 0xA1, 0xEA, 0xBE, 0x3E, 0xBA, 0x74, 0xF6, + 0x2D, 0x40, 0x9D, 0xCB, 0x9E, 0xA1, 0xA5, 0x85, + 0xFF, 0xDC, 0xC5, 0x60, 0x6F, 0x61, 0xE8, 0x17, + 0x6C, 0x36, 0x9F, 0x7A, 0x48, 0x47, 0xDD, 0xF1, + 0xF4, 0x43, 0x21, 0xCB, 0xB3, 0x55, 0x86, 0xD0, + 0xE9, 0x46, 0x7D, 0xB5, 0x3D, 0x90, 0x34, 0x1E, + 0xBB, 0x40, 0xD3, 0x2A, 0xEB, 0xE6, 0x4C, 0x46, + 0x42, 0xA2, 0x8A, 0xBF, 0x90, 0xE7, 0x4B, 0x6D, + 0x5C, 0x94, 0x97, 0xD2, 0xF0, 0x97, 0x74, 0x4C, + 0x76, 0x03, 0xAC, 0x3D, 0xDE, 0x15, 0x96, 0x0C, + 0xEF, 0x18, 0x9D, 0xBD, 0x1A, 0x20, 0x35, 0x7E, + 0x2A, 0x70, 0x9D, 0xEA, 0x2E, 0x11, 0xDF, 0xF3, + 0x2F, 0xFE, 0x23, 0xA9, 0xB6, 0xCF, 0xB7, 0xB9, + 0x3F, 0x4F, 0x30, 0x6B, 0x3B, 0x0D, 0x3B, 0xED, + 0xCD, 0x77, 0xD4, 0xBF, 0xEE, 0xDD, 0xB6, 0x56, + 0x24, 0xD4, 0x29, 0x83, 0xDE, 0xDB, 0xC1, 0xFB, + 0x6A, 0xCE, 0x7F, 0x47, 0xD2, 0xC5, 0xF1, 0x78, + 0x5C, 0x2C, 0x5A, 0x28, 0x3E, 0x05, 0x50, 0x2E, + 0xD9, 0xAE, 0x9B, 0x95, 0x64, 0xC7, 0xD2, 0x7B, + 0xCB, 0xC5, 0x91, 0x80, 0xEB, 0x79, 0xC7, 0xCC, + 0xA8, 0x06, 0xC8, 0xF9, 0xDF, 0x2A, 0x49, 0x4A, + 0xF8, 0xFE, 0xBA, 0xA5, 0x85, 0x67, 0x1B, 0xDA, + 0x51, 0x3B, 0xC2, 0x04, 0xA6, 0xA3, 0xFF, 0x99, + 0x21, 0xE8, 0x17, 0x91, 0x33, 0x9B, 0x83, 0x75, + 0x20, 0x5E, 0x95, 0xBE, 0x49, 0xDF, 0x53, 0xFC, + 0x05, 0xA2, 0x3C, 0xAA, 0x5A, 0x22, 0x15, 0xA5, + 0x56, 0xE0, 0x51, 0x30, 0x4E, 0x32, 0x14, 0xF2, + 0x9F, 0x03, 0x51, 0x8E, 0xDD, 0x8B, 0x39, 0x19, + 0x1E, 0x39, 0xC5, 0xA7, 0x1C, 0xC6, 0xA4, 0xE1, + 0x77, 0xCA, 0x8C, 0x9D, 0x27, 0xBC, 0xCC, 0x16, + 0xD6, 0xFC, 0x59, 0x10, 0x23, 0xFF, 0x64, 0x90, + 0x9C, 0x23, 0x5A, 0xFF, 0x7E, 0x27, 0x1B, 0xC7, + 0x7F, 0x21, 0x3B, 0x41, 0xDB, 0xBC, 0x96, 0x60, + 0x0B, 0x35, 0xA1, 0xF3, 0xF8, 0x51, 0x0A, 0x65, + 0xCF, 0xDF, 0x7A, 0xB8, 0x04, 0x56, 0x49, 0xD7, + 0xD3, 0xC5, 0x0B, 0x4A, 0x1F, 0x60, 0xE1, 0x86, + 0x36, 0x53, 0x8E, 0x6C, 0x3E, 0xAF, 0x5B, 0xC1, + 0xCA, 0xCB, 0x22, 0x1A, 0x07, 0xDA, 0x54, 0xEC, + 0xAA, 0x06, 0x72, 0x17, 0xCF, 0x80, 0xC4, 0x89, + 0x56, 0x24, 0x1B, 0xD4, 0xFF, 0x50, 0x6B, 0x51, + 0x55, 0x4D, 0x6E, 0x79, 0x7E, 0xEC, 0x61, 0xC6, + 0xE4, 0x21, 0xC8, 0x0E, 0x10, 0x3F, 0x8C, 0x85, + 0x3A, 0x27, 0xEA, 0x91, 0x07, 0xCB, 0x37, 0x18, + 0x14, 0xB5, 0x63, 0x6E, 0x00, 0xBC, 0x0F, 0x36, + 0xF9, 0x54, 0x75, 0xE7, 0x0B, 0xDC, 0xE7, 0xA0, + 0x59, 0xF0, 0x64, 0xFB, 0x73, 0x07, 0x0E, 0xFE, + 0x57, 0x7F, 0x0D, 0x12, 0xBC, 0xB0, 0xBF, 0xA2, + 0x3A, 0x18, 0x08, 0x7E, 0xD5, 0x6C, 0xF0, 0x6F, + 0xF8, 0x98, 0xFB, 0xA5, 0x10, 0x7B, 0x10, 0x5F, + 0x6B, 0xC8, 0x6D, 0xDE, 0x2F, 0x1F, 0xE0, 0xC8, + 0x19, 0xEE, 0xC2, 0x03, 0x39, 0x49, 0x70, 0x3E, + 0x36, 0xE3, 0x3C, 0x70, 0xE3, 0xEA, 0xAC, 0x34, + 0x32, 0xB7, 0x0D, 0xBA, 0x7C, 0xAB, 0xE6, 0x18 + }; + static const byte sk_65_draft[] = { + 0xDC, 0x38, 0xE5, 0x5F, 0xDF, 0x2E, 0x9D, 0xD4, + 0x34, 0x5C, 0xAE, 0x1A, 0x7D, 0xF4, 0x2E, 0x2E, + 0xBC, 0x58, 0x57, 0x80, 0x55, 0x02, 0xE4, 0x3F, + 0xA5, 0x19, 0x41, 0xE4, 0x44, 0x58, 0x66, 0x41, + 0x52, 0x8D, 0xA0, 0xC7, 0xD2, 0x80, 0xDD, 0x49, + 0x0D, 0x5E, 0xB7, 0x65, 0xDB, 0x32, 0x33, 0x15, + 0x0F, 0x9E, 0xC8, 0xEB, 0xC9, 0x6E, 0xE8, 0xE8, + 0x5C, 0xBD, 0x18, 0x4F, 0xDC, 0xF8, 0xA8, 0xD9, + 0xC5, 0x33, 0x84, 0x79, 0x5A, 0x5E, 0xB7, 0x3C, + 0x6D, 0x82, 0xCA, 0xB9, 0xBA, 0x94, 0xB6, 0x46, + 0xAE, 0x3A, 0xD9, 0x19, 0x6C, 0xB4, 0xDA, 0xE2, + 0xF1, 0x4B, 0xB6, 0x43, 0xF0, 0x24, 0x08, 0xE5, + 0xF7, 0x9A, 0x41, 0xF1, 0x15, 0x9C, 0xA8, 0x08, + 0x79, 0x9F, 0xB8, 0x26, 0xD4, 0x08, 0x32, 0x47, + 0xC8, 0xF0, 0xD5, 0x31, 0xA1, 0xC1, 0x19, 0x04, + 0x02, 0x06, 0x2B, 0x4D, 0x46, 0xAE, 0x43, 0x6A, + 0x25, 0x82, 0x75, 0x41, 0x70, 0x36, 0x42, 0x48, + 0x78, 0x06, 0x36, 0x50, 0x23, 0x84, 0x68, 0x10, + 0x87, 0x08, 0x62, 0x00, 0x08, 0x34, 0x20, 0x73, + 0x32, 0x13, 0x36, 0x61, 0x87, 0x61, 0x43, 0x50, + 0x30, 0x02, 0x26, 0x07, 0x65, 0x45, 0x32, 0x00, + 0x25, 0x75, 0x01, 0x04, 0x88, 0x81, 0x58, 0x64, + 0x52, 0x40, 0x84, 0x22, 0x88, 0x42, 0x82, 0x56, + 0x47, 0x50, 0x05, 0x21, 0x88, 0x25, 0x32, 0x25, + 0x12, 0x85, 0x14, 0x52, 0x87, 0x77, 0x67, 0x18, + 0x46, 0x54, 0x63, 0x07, 0x88, 0x67, 0x37, 0x26, + 0x72, 0x62, 0x41, 0x02, 0x00, 0x01, 0x17, 0x84, + 0x33, 0x64, 0x32, 0x57, 0x06, 0x20, 0x05, 0x44, + 0x88, 0x57, 0x33, 0x45, 0x70, 0x55, 0x14, 0x43, + 0x12, 0x54, 0x04, 0x38, 0x37, 0x08, 0x42, 0x57, + 0x36, 0x05, 0x30, 0x03, 0x86, 0x53, 0x02, 0x53, + 0x75, 0x22, 0x62, 0x13, 0x38, 0x82, 0x48, 0x30, + 0x83, 0x83, 0x64, 0x83, 0x13, 0x74, 0x57, 0x32, + 0x46, 0x70, 0x06, 0x05, 0x82, 0x52, 0x73, 0x55, + 0x25, 0x77, 0x21, 0x78, 0x57, 0x83, 0x66, 0x20, + 0x38, 0x53, 0x21, 0x41, 0x77, 0x56, 0x77, 0x46, + 0x34, 0x42, 0x58, 0x31, 0x08, 0x06, 0x03, 0x62, + 0x20, 0x35, 0x11, 0x42, 0x35, 0x38, 0x63, 0x86, + 0x64, 0x13, 0x13, 0x75, 0x40, 0x01, 0x53, 0x74, + 0x41, 0x31, 0x56, 0x64, 0x38, 0x17, 0x14, 0x16, + 0x62, 0x33, 0x22, 0x12, 0x64, 0x40, 0x67, 0x11, + 0x62, 0x42, 0x25, 0x60, 0x38, 0x05, 0x83, 0x13, + 0x51, 0x00, 0x28, 0x36, 0x62, 0x56, 0x41, 0x43, + 0x58, 0x37, 0x51, 0x22, 0x70, 0x25, 0x82, 0x82, + 0x35, 0x24, 0x06, 0x83, 0x48, 0x58, 0x81, 0x78, + 0x07, 0x86, 0x23, 0x15, 0x75, 0x32, 0x46, 0x75, + 0x35, 0x40, 0x08, 0x43, 0x10, 0x66, 0x74, 0x05, + 0x13, 0x72, 0x74, 0x08, 0x83, 0x41, 0x81, 0x08, + 0x75, 0x87, 0x83, 0x28, 0x56, 0x66, 0x20, 0x01, + 0x18, 0x83, 0x57, 0x22, 0x14, 0x64, 0x18, 0x05, + 0x27, 0x75, 0x22, 0x84, 0x12, 0x38, 0x87, 0x52, + 0x32, 0x25, 0x28, 0x08, 0x14, 0x41, 0x81, 0x14, + 0x03, 0x24, 0x54, 0x23, 0x04, 0x81, 0x40, 0x36, + 0x38, 0x38, 0x64, 0x42, 0x46, 0x36, 0x68, 0x11, + 0x55, 0x00, 0x11, 0x25, 0x76, 0x16, 0x43, 0x07, + 0x23, 0x03, 0x34, 0x10, 0x46, 0x41, 0x14, 0x02, + 0x26, 0x10, 0x74, 0x38, 0x38, 0x72, 0x07, 0x87, + 0x54, 0x11, 0x12, 0x83, 0x75, 0x05, 0x82, 0x17, + 0x45, 0x20, 0x38, 0x41, 0x37, 0x20, 0x00, 0x08, + 0x32, 0x18, 0x16, 0x25, 0x58, 0x85, 0x16, 0x88, + 0x71, 0x82, 0x45, 0x60, 0x33, 0x11, 0x13, 0x42, + 0x43, 0x37, 0x68, 0x11, 0x16, 0x54, 0x04, 0x08, + 0x52, 0x78, 0x13, 0x56, 0x83, 0x52, 0x15, 0x24, + 0x03, 0x61, 0x78, 0x44, 0x13, 0x70, 0x67, 0x36, + 0x74, 0x86, 0x52, 0x50, 0x15, 0x41, 0x88, 0x74, + 0x53, 0x00, 0x05, 0x18, 0x65, 0x62, 0x14, 0x84, + 0x12, 0x32, 0x01, 0x88, 0x40, 0x42, 0x34, 0x05, + 0x32, 0x80, 0x72, 0x55, 0x20, 0x68, 0x16, 0x43, + 0x14, 0x15, 0x15, 0x38, 0x43, 0x85, 0x27, 0x60, + 0x70, 0x18, 0x27, 0x35, 0x53, 0x01, 0x28, 0x73, + 0x27, 0x84, 0x10, 0x53, 0x67, 0x10, 0x45, 0x40, + 0x81, 0x52, 0x86, 0x06, 0x11, 0x18, 0x04, 0x31, + 0x57, 0x25, 0x22, 0x44, 0x47, 0x81, 0x45, 0x44, + 0x55, 0x04, 0x72, 0x57, 0x06, 0x46, 0x76, 0x23, + 0x38, 0x85, 0x65, 0x30, 0x08, 0x48, 0x20, 0x13, + 0x22, 0x77, 0x44, 0x60, 0x43, 0x14, 0x15, 0x27, + 0x86, 0x22, 0x37, 0x37, 0x27, 0x04, 0x27, 0x50, + 0x74, 0x31, 0x10, 0x82, 0x00, 0x75, 0x80, 0x44, + 0x38, 0x10, 0x58, 0x40, 0x86, 0x60, 0x63, 0x13, + 0x65, 0x18, 0x33, 0x70, 0x57, 0x68, 0x05, 0x10, + 0x81, 0x03, 0x42, 0x05, 0x25, 0x65, 0x33, 0x57, + 0x38, 0x05, 0x65, 0x34, 0x46, 0x53, 0x68, 0x11, + 0x75, 0x10, 0x04, 0x54, 0x18, 0x47, 0x52, 0x24, + 0x63, 0x23, 0x74, 0x45, 0x11, 0x34, 0x68, 0x32, + 0x35, 0x38, 0x52, 0x85, 0x28, 0x08, 0x71, 0x78, + 0x37, 0x38, 0x27, 0x10, 0x80, 0x54, 0x26, 0x33, + 0x31, 0x82, 0x44, 0x88, 0x33, 0x24, 0x62, 0x86, + 0x32, 0x82, 0x73, 0x31, 0x28, 0x14, 0x73, 0x87, + 0x06, 0x35, 0x80, 0x36, 0x67, 0x02, 0x33, 0x75, + 0x27, 0x36, 0x38, 0x16, 0x35, 0x70, 0x52, 0x16, + 0x87, 0x58, 0x85, 0x17, 0x22, 0x13, 0x54, 0x85, + 0x07, 0x53, 0x31, 0x26, 0x78, 0x01, 0x85, 0x18, + 0x08, 0x68, 0x38, 0x52, 0x11, 0x73, 0x32, 0x25, + 0x58, 0x82, 0x70, 0x70, 0x36, 0x30, 0x50, 0x38, + 0x65, 0x12, 0x78, 0x31, 0x77, 0x72, 0x18, 0x41, + 0x05, 0x42, 0x32, 0x26, 0x26, 0x50, 0x52, 0x86, + 0x15, 0x76, 0x28, 0x66, 0x88, 0x03, 0x78, 0x28, + 0x70, 0x33, 0x36, 0x27, 0x16, 0x61, 0x43, 0x56, + 0x62, 0x81, 0x85, 0x75, 0x47, 0x60, 0x63, 0x38, + 0x66, 0x81, 0x51, 0x78, 0x03, 0x42, 0x60, 0x38, + 0x01, 0x24, 0x73, 0x63, 0x81, 0x12, 0x01, 0x27, + 0x63, 0x13, 0x11, 0x78, 0x36, 0x37, 0x15, 0x03, + 0x84, 0x58, 0x17, 0x25, 0x67, 0x87, 0x57, 0x83, + 0x71, 0x85, 0x37, 0x53, 0x86, 0x22, 0x33, 0x28, + 0x77, 0x30, 0x18, 0x15, 0x01, 0x37, 0x85, 0x40, + 0x15, 0x38, 0x51, 0x33, 0x17, 0x42, 0x64, 0x04, + 0x56, 0x27, 0x50, 0x45, 0x11, 0x27, 0x20, 0x17, + 0x76, 0x55, 0x33, 0x37, 0x58, 0x88, 0x88, 0x45, + 0x16, 0x55, 0x08, 0x53, 0x52, 0x48, 0x72, 0x85, + 0x30, 0x15, 0x23, 0x44, 0x22, 0x02, 0x43, 0x45, + 0x41, 0x10, 0x00, 0x52, 0x32, 0x73, 0x05, 0x75, + 0x72, 0x16, 0x08, 0x11, 0x51, 0x36, 0x20, 0x04, + 0x76, 0x48, 0x78, 0x56, 0x60, 0x88, 0x07, 0x47, + 0x70, 0x20, 0x46, 0x40, 0x43, 0x26, 0x04, 0x37, + 0x17, 0x51, 0x58, 0x46, 0x72, 0x44, 0x50, 0x23, + 0x67, 0x63, 0x60, 0x84, 0x30, 0x51, 0x52, 0x53, + 0x21, 0x74, 0x85, 0x45, 0x74, 0x43, 0x11, 0x72, + 0x52, 0x65, 0x76, 0x08, 0x78, 0x63, 0x14, 0x27, + 0x41, 0x34, 0x67, 0x07, 0x45, 0x15, 0x10, 0x83, + 0x24, 0x02, 0x80, 0x53, 0x07, 0x21, 0x58, 0x10, + 0x34, 0x20, 0x54, 0x12, 0x58, 0x44, 0x25, 0x53, + 0x33, 0x46, 0x02, 0x38, 0x60, 0x17, 0x70, 0x64, + 0x18, 0x52, 0x62, 0x26, 0x65, 0x61, 0x42, 0x31, + 0x22, 0x57, 0x34, 0x57, 0x02, 0x34, 0x62, 0x76, + 0x74, 0x38, 0x73, 0x21, 0x68, 0x71, 0x07, 0x21, + 0x61, 0x05, 0x20, 0x20, 0x86, 0x83, 0x30, 0x25, + 0x50, 0x50, 0x83, 0x30, 0x31, 0x56, 0x30, 0x31, + 0x76, 0x04, 0x54, 0x80, 0x75, 0x18, 0x82, 0x23, + 0x61, 0x87, 0x58, 0x25, 0x13, 0x63, 0x21, 0x51, + 0x48, 0x02, 0x67, 0x37, 0x12, 0x88, 0x70, 0x60, + 0x07, 0x36, 0x18, 0x15, 0x87, 0x74, 0x55, 0x60, + 0x00, 0x54, 0x37, 0x11, 0x01, 0x37, 0x14, 0x17, + 0x11, 0x72, 0x14, 0x55, 0x31, 0x75, 0x77, 0x48, + 0x10, 0x23, 0x83, 0x20, 0x00, 0x04, 0x32, 0x64, + 0x66, 0x61, 0x71, 0x31, 0x03, 0x15, 0x44, 0x32, + 0x57, 0x25, 0x64, 0x31, 0x28, 0x15, 0x33, 0x67, + 0x86, 0x87, 0x37, 0x03, 0x12, 0x78, 0x86, 0x13, + 0x47, 0x80, 0x61, 0x42, 0x50, 0x40, 0x23, 0x37, + 0x01, 0x01, 0x66, 0x24, 0x06, 0x57, 0x82, 0x02, + 0x22, 0x42, 0x41, 0x02, 0x26, 0x06, 0x41, 0x35, + 0x64, 0x16, 0x44, 0x42, 0x38, 0x30, 0x86, 0x88, + 0x47, 0x71, 0x62, 0x33, 0x24, 0x02, 0x12, 0x37, + 0x42, 0x33, 0x20, 0x81, 0x80, 0x53, 0x07, 0x65, + 0x71, 0x27, 0x13, 0x53, 0x15, 0x43, 0x76, 0x38, + 0x71, 0x30, 0x07, 0x87, 0x25, 0x63, 0x03, 0x33, + 0x70, 0x56, 0x18, 0x13, 0x83, 0x51, 0x44, 0x40, + 0x04, 0x80, 0x62, 0x24, 0x20, 0x64, 0x54, 0x40, + 0x20, 0x73, 0x61, 0x45, 0x01, 0x24, 0x47, 0x78, + 0x23, 0x34, 0x56, 0x10, 0x25, 0x32, 0x02, 0x70, + 0x08, 0x02, 0x23, 0x24, 0x80, 0x43, 0x04, 0x02, + 0x81, 0x11, 0x23, 0x82, 0x03, 0x61, 0x30, 0x33, + 0x15, 0x36, 0x25, 0x32, 0x14, 0x73, 0x22, 0x46, + 0x81, 0x25, 0x16, 0x13, 0x52, 0x58, 0x71, 0x61, + 0x67, 0x08, 0x38, 0x76, 0x71, 0x15, 0x88, 0x47, + 0x31, 0x25, 0x27, 0x18, 0x31, 0x50, 0x40, 0x71, + 0x06, 0x87, 0x37, 0x30, 0x85, 0x64, 0x62, 0x78, + 0x32, 0x74, 0x18, 0x83, 0x67, 0x40, 0x37, 0x44, + 0x56, 0x02, 0x72, 0x61, 0x27, 0x28, 0x38, 0x38, + 0x67, 0x17, 0x58, 0x04, 0x61, 0x28, 0x67, 0x37, + 0x46, 0x50, 0x38, 0x15, 0x45, 0x12, 0x71, 0x44, + 0x22, 0x02, 0x34, 0x83, 0x40, 0x70, 0x55, 0x75, + 0x54, 0x26, 0x88, 0x07, 0x25, 0x58, 0x73, 0x60, + 0x58, 0x61, 0x45, 0x63, 0x35, 0x05, 0x48, 0x63, + 0x48, 0x57, 0x03, 0x31, 0x28, 0x14, 0x05, 0x01, + 0x57, 0x34, 0x64, 0x50, 0x23, 0x86, 0x75, 0x85, + 0x18, 0x75, 0x56, 0x88, 0x08, 0x26, 0x01, 0x34, + 0x01, 0x57, 0x05, 0x28, 0x35, 0x48, 0x17, 0x57, + 0x71, 0x81, 0x41, 0x33, 0x77, 0x86, 0x07, 0x77, + 0x02, 0x25, 0x71, 0x74, 0x37, 0x31, 0x20, 0x14, + 0x32, 0x54, 0x20, 0x35, 0x54, 0x76, 0x83, 0x15, + 0x80, 0x73, 0x27, 0x23, 0x00, 0x58, 0x22, 0x84, + 0x64, 0x56, 0x14, 0x84, 0x38, 0x34, 0x16, 0x21, + 0x77, 0x07, 0x34, 0x81, 0x66, 0x87, 0x40, 0x11, + 0x62, 0x46, 0x45, 0x01, 0x20, 0x53, 0x21, 0x73, + 0x07, 0x76, 0x44, 0x15, 0x61, 0x50, 0x83, 0x48, + 0x58, 0x58, 0x45, 0x33, 0x25, 0x36, 0x07, 0x42, + 0x70, 0x24, 0x07, 0x41, 0x08, 0x35, 0x00, 0x78, + 0x41, 0x47, 0x02, 0x56, 0x07, 0x14, 0x68, 0x33, + 0x55, 0x77, 0x32, 0x40, 0x55, 0x24, 0x50, 0x26, + 0x47, 0x12, 0x65, 0x58, 0x43, 0x05, 0x52, 0x55, + 0x75, 0x50, 0x18, 0x46, 0x65, 0x48, 0x03, 0x32, + 0x85, 0x31, 0x16, 0x52, 0x71, 0x57, 0x87, 0x46, + 0x76, 0x14, 0x42, 0x81, 0x28, 0x74, 0x60, 0x34, + 0x35, 0x55, 0x52, 0x16, 0x58, 0x48, 0x61, 0x75, + 0x80, 0x88, 0x15, 0x32, 0x72, 0x26, 0x31, 0x03, + 0x05, 0x03, 0x16, 0x04, 0x07, 0x37, 0x37, 0x73, + 0x43, 0x81, 0x57, 0x31, 0x88, 0x04, 0x72, 0x76, + 0x01, 0x61, 0x81, 0x17, 0x37, 0x65, 0x44, 0x38, + 0x61, 0x23, 0x16, 0x26, 0x52, 0x45, 0x00, 0x73, + 0x83, 0x63, 0x64, 0x62, 0x26, 0x74, 0x60, 0x11, + 0x81, 0x08, 0x06, 0x30, 0x36, 0x05, 0x10, 0x48, + 0x47, 0x35, 0x10, 0x85, 0x30, 0x86, 0x71, 0x38, + 0x16, 0x37, 0x6F, 0x3B, 0x1C, 0x18, 0xB1, 0xE3, + 0xE8, 0xEE, 0x83, 0x3E, 0x8D, 0x38, 0x43, 0x9E, + 0x78, 0x1C, 0xA3, 0xB8, 0x94, 0x06, 0x54, 0xEF, + 0x44, 0x6C, 0x9A, 0xAC, 0xC3, 0xF1, 0xD3, 0x0E, + 0xE0, 0x10, 0x5B, 0x8F, 0x63, 0xEB, 0x89, 0x74, + 0x6E, 0xF4, 0xBE, 0xB5, 0x4C, 0xFC, 0xE8, 0x81, + 0x2C, 0xF9, 0x47, 0xCF, 0x54, 0x54, 0xFB, 0x1C, + 0xA5, 0x5F, 0x25, 0xA0, 0xFE, 0x57, 0xF5, 0xFC, + 0xFD, 0x73, 0xB0, 0xDA, 0x04, 0xB0, 0xBF, 0x28, + 0x92, 0x92, 0xAF, 0x39, 0x74, 0x72, 0x56, 0x69, + 0xC3, 0x00, 0x03, 0xE0, 0x50, 0x9F, 0xED, 0xC8, + 0x0F, 0x6C, 0x89, 0x4B, 0xB0, 0x47, 0xC2, 0xE2, + 0xAF, 0x48, 0x5C, 0xAD, 0x68, 0xC2, 0x1D, 0x80, + 0xEF, 0x33, 0xB0, 0xC4, 0xFD, 0xA6, 0x7B, 0x85, + 0x31, 0xA1, 0x58, 0x87, 0x67, 0x54, 0x71, 0x3F, + 0xF8, 0xA8, 0xA6, 0x8D, 0x9A, 0xBD, 0xC4, 0x81, + 0x6B, 0x24, 0xB4, 0xA3, 0x6A, 0x8A, 0x2B, 0xB1, + 0xFD, 0x1C, 0x2C, 0x25, 0xC3, 0x72, 0xC4, 0xB7, + 0x75, 0xF8, 0xCC, 0x17, 0x39, 0xCF, 0x2C, 0xE9, + 0xA4, 0x54, 0x58, 0xE4, 0x1A, 0xAE, 0xC6, 0x4A, + 0xEE, 0xDE, 0x75, 0x7C, 0xE7, 0x38, 0xBC, 0xDF, + 0x4D, 0xA0, 0xEE, 0x2B, 0xDD, 0x5F, 0x80, 0x5C, + 0xCF, 0xF7, 0x2A, 0x5F, 0x73, 0x8B, 0xAC, 0x12, + 0x34, 0x2E, 0xE3, 0xF1, 0x4C, 0xB7, 0x22, 0x68, + 0xC2, 0xD6, 0x36, 0x7D, 0xF1, 0x7F, 0x20, 0x46, + 0xA2, 0x4B, 0x47, 0x4B, 0x32, 0x58, 0xF7, 0xB0, + 0x88, 0x54, 0x6C, 0x99, 0x3B, 0x0D, 0xA1, 0xE2, + 0x92, 0x92, 0xEB, 0x72, 0x1E, 0xE7, 0xE5, 0xA1, + 0xF8, 0x6E, 0x14, 0xA5, 0x39, 0xB0, 0x63, 0x6F, + 0x78, 0x82, 0xA1, 0x9C, 0x8D, 0x79, 0x02, 0x85, + 0xA6, 0xDF, 0x7D, 0xEE, 0xCE, 0x17, 0x4D, 0x63, + 0xCF, 0xF3, 0xB2, 0xFF, 0x85, 0x68, 0x81, 0xCB, + 0x38, 0x6B, 0x1B, 0x38, 0xA2, 0xE0, 0xF2, 0x4C, + 0x31, 0xE0, 0x91, 0x93, 0xDD, 0xF3, 0x71, 0x47, + 0xF2, 0x69, 0xD9, 0x4C, 0xDE, 0xF9, 0x90, 0x61, + 0x34, 0x62, 0x07, 0x71, 0x79, 0xD0, 0xDD, 0x09, + 0x32, 0x64, 0x39, 0x49, 0x93, 0x1A, 0x02, 0xBA, + 0xFA, 0x80, 0x17, 0x6E, 0xDF, 0x97, 0xB6, 0xA2, + 0x31, 0x34, 0x71, 0xF0, 0xB1, 0x9B, 0x3B, 0x59, + 0xF4, 0x3B, 0xD2, 0x2A, 0x05, 0x49, 0x3E, 0xFB, + 0x0C, 0xF8, 0xB5, 0xD7, 0xB6, 0x25, 0x2B, 0x09, + 0x8B, 0x4B, 0xFA, 0x39, 0x5B, 0xF9, 0xA2, 0x09, + 0xE9, 0xBB, 0x46, 0x01, 0x30, 0x00, 0x90, 0x32, + 0x58, 0xA6, 0x9B, 0x67, 0xF5, 0x94, 0x11, 0xC8, + 0x35, 0x95, 0xFA, 0x6E, 0x67, 0x42, 0x8D, 0x96, + 0x6D, 0x20, 0xFC, 0xD3, 0x09, 0x61, 0x11, 0x86, + 0x77, 0xC0, 0x86, 0xA3, 0x54, 0xAE, 0x6D, 0x41, + 0xEE, 0x17, 0xDC, 0xA1, 0xB0, 0xB7, 0x50, 0x43, + 0xD6, 0xCE, 0x23, 0xBD, 0xB0, 0x1E, 0x02, 0xE5, + 0x9E, 0xCF, 0xC6, 0x2E, 0x8C, 0x39, 0x71, 0xB1, + 0x45, 0x02, 0x75, 0xBA, 0x7F, 0x60, 0xB0, 0x8B, + 0x1C, 0x33, 0xBA, 0x0C, 0xFF, 0x54, 0x63, 0xE3, + 0x47, 0x5B, 0x07, 0x77, 0x77, 0xC5, 0x72, 0x24, + 0x60, 0xFA, 0xDB, 0x0B, 0xF6, 0x41, 0x82, 0x69, + 0x3C, 0x68, 0x37, 0xF5, 0xFD, 0x45, 0x4A, 0x66, + 0x6C, 0xD7, 0x01, 0x10, 0x78, 0x4A, 0xED, 0x09, + 0xAE, 0x49, 0x0A, 0x60, 0xC7, 0x78, 0x56, 0x51, + 0x15, 0xE3, 0x4A, 0xB5, 0xAE, 0xAD, 0x09, 0xD1, + 0x71, 0xA8, 0xCA, 0x3C, 0x8A, 0xE6, 0xCA, 0x39, + 0x43, 0x60, 0x56, 0x83, 0x3C, 0x58, 0x04, 0xD4, + 0xB4, 0x62, 0xDD, 0x53, 0x05, 0xC8, 0x51, 0xAF, + 0x59, 0xF6, 0x4F, 0x04, 0xC3, 0x1E, 0x69, 0xFF, + 0x82, 0xBF, 0xD7, 0x89, 0xD2, 0x30, 0x9F, 0xF2, + 0xE6, 0x38, 0x05, 0x9C, 0xD5, 0x08, 0xB8, 0x25, + 0xF3, 0x3B, 0x99, 0x85, 0x4E, 0x40, 0xF8, 0x40, + 0xF2, 0x4B, 0x5C, 0x3A, 0xA8, 0x64, 0x41, 0x92, + 0xEA, 0xCA, 0x9A, 0x7B, 0xCF, 0xBA, 0x1F, 0xDE, + 0xE0, 0x9D, 0xCA, 0xAD, 0xB4, 0x0C, 0x90, 0xFF, + 0xE1, 0x6C, 0xEC, 0xDD, 0x32, 0x38, 0x2A, 0xF7, + 0x19, 0x20, 0x39, 0xCB, 0x29, 0x67, 0x2F, 0x70, + 0x71, 0x12, 0x10, 0xB6, 0xB8, 0x3E, 0x8D, 0xFD, + 0xB5, 0xFB, 0xBD, 0xBF, 0xA8, 0xCA, 0x19, 0xC4, + 0xC6, 0xAC, 0x37, 0x31, 0xFC, 0x33, 0xC2, 0x7F, + 0xA2, 0xA2, 0x6D, 0xEB, 0x15, 0x2E, 0xA1, 0x90, + 0xF8, 0x29, 0xC6, 0x34, 0xD1, 0x39, 0x30, 0x24, + 0x1C, 0xB9, 0x26, 0xAC, 0xDD, 0xE5, 0x24, 0x9C, + 0xDD, 0x35, 0x60, 0x7E, 0x38, 0x0C, 0xC1, 0x2A, + 0x7D, 0x1E, 0xA9, 0xBA, 0xA5, 0x58, 0x4C, 0xDD, + 0x26, 0x86, 0x09, 0xDC, 0xC3, 0xB0, 0x1F, 0xCD, + 0xC9, 0xAD, 0xCB, 0x4A, 0x7E, 0x51, 0x67, 0xE5, + 0xED, 0x5A, 0xD2, 0x21, 0xDB, 0x2E, 0xAB, 0xD9, + 0x0A, 0xEC, 0xAE, 0x71, 0xFA, 0x23, 0x7A, 0xEF, + 0x98, 0xDF, 0x53, 0x89, 0x93, 0xE8, 0x71, 0xD7, + 0x35, 0xDA, 0x6B, 0x88, 0x31, 0xAF, 0x67, 0xF2, + 0x97, 0x29, 0x1C, 0x39, 0x67, 0xEB, 0xAF, 0x60, + 0xD9, 0x53, 0xC4, 0x0F, 0x7A, 0x46, 0x4E, 0xF3, + 0x2F, 0x8E, 0xAE, 0xFA, 0x64, 0x2E, 0x37, 0xDE, + 0xA9, 0x74, 0x73, 0x5D, 0xDD, 0xBB, 0x83, 0x54, + 0x27, 0xB9, 0x7A, 0x63, 0x2B, 0x19, 0x8B, 0x26, + 0x22, 0x28, 0x84, 0xA0, 0x58, 0x00, 0x2D, 0x55, + 0xEA, 0x2A, 0x80, 0x0D, 0x6C, 0x97, 0x0E, 0x8B, + 0xF7, 0x67, 0xB2, 0x8B, 0x2D, 0xDE, 0x8F, 0x58, + 0xFE, 0x97, 0x81, 0xE7, 0xE2, 0x58, 0x8D, 0x7E, + 0x1B, 0xAB, 0xE5, 0x15, 0x9D, 0x54, 0xF4, 0x00, + 0x34, 0x1D, 0x12, 0x1B, 0x03, 0x23, 0x2B, 0x06, + 0x2E, 0x8C, 0xD0, 0x0A, 0xDC, 0x19, 0xA1, 0x69, + 0x1D, 0x72, 0x91, 0xB4, 0xED, 0x0E, 0x81, 0xF7, + 0x05, 0x99, 0x84, 0xFC, 0x74, 0x0F, 0x7D, 0xF8, + 0x9B, 0x3E, 0x7F, 0x63, 0x7C, 0x73, 0xEB, 0xF5, + 0x36, 0xB3, 0x24, 0x22, 0xAA, 0x33, 0x0C, 0x30, + 0x42, 0xC3, 0xE2, 0x04, 0x6B, 0x3F, 0x2A, 0x0D, + 0xAB, 0xE8, 0x5A, 0x9A, 0x09, 0xD7, 0xB6, 0xAA, + 0x9C, 0x3E, 0xD0, 0x9E, 0xB5, 0x9B, 0x52, 0x7B, + 0xAF, 0x2D, 0x6B, 0xE0, 0x40, 0x12, 0x34, 0xBE, + 0x49, 0xAB, 0xD2, 0xC8, 0xB5, 0x89, 0x1B, 0x79, + 0xEC, 0xAE, 0x88, 0x89, 0x3C, 0x05, 0xC7, 0x75, + 0xC5, 0x84, 0xF7, 0x10, 0x49, 0x48, 0x92, 0x69, + 0x9E, 0xD5, 0x56, 0xB2, 0x1E, 0x81, 0x18, 0x78, + 0xCB, 0x93, 0x5D, 0x70, 0x3A, 0xB2, 0x67, 0xD1, + 0xCC, 0x8F, 0x83, 0x03, 0xB9, 0x64, 0x46, 0x22, + 0x78, 0x0D, 0x55, 0x67, 0x22, 0x58, 0x0E, 0x22, + 0x6B, 0xBA, 0x01, 0xD4, 0x77, 0x05, 0xA7, 0xAC, + 0xB7, 0xE5, 0xFC, 0xE6, 0x11, 0xCC, 0x92, 0x5A, + 0x8C, 0xC0, 0x08, 0x24, 0xAF, 0xCC, 0x4D, 0xBD, + 0x79, 0xD3, 0x5C, 0x52, 0x2C, 0xFF, 0x1A, 0x48, + 0xBB, 0x91, 0x59, 0x6A, 0x80, 0x32, 0x8C, 0x75, + 0x7C, 0xD2, 0xC1, 0x94, 0x94, 0xA8, 0x55, 0x4B, + 0xF2, 0x96, 0xF7, 0x86, 0xF7, 0x53, 0x4F, 0x54, + 0x74, 0x05, 0x5C, 0xEF, 0x02, 0xA0, 0x8A, 0xD1, + 0x88, 0x72, 0xEB, 0x1B, 0x82, 0xF9, 0xFB, 0xDA, + 0xBC, 0xB9, 0x90, 0x98, 0xF2, 0x4B, 0x9A, 0xA6, + 0x89, 0xD5, 0xB3, 0xD8, 0x7B, 0x94, 0xE3, 0x1F, + 0x17, 0x4F, 0xEB, 0x24, 0x06, 0x2B, 0xAB, 0x5F, + 0x27, 0x9B, 0xCD, 0xCE, 0x50, 0x06, 0x40, 0xDD, + 0x7A, 0x8C, 0x67, 0xF0, 0x8E, 0x07, 0xB4, 0x1C, + 0x3C, 0x13, 0xB2, 0x07, 0x6A, 0x38, 0x59, 0x94, + 0x2C, 0xB1, 0x72, 0xA8, 0x77, 0x5B, 0x15, 0x8F, + 0x88, 0xC4, 0x5C, 0xDC, 0x92, 0xCA, 0xC0, 0xED, + 0x02, 0xFF, 0x1D, 0x57, 0x25, 0xBE, 0x67, 0x3E, + 0x4C, 0xE8, 0x95, 0x2A, 0x80, 0xB2, 0x5D, 0xBC, + 0xFA, 0x17, 0xA9, 0x35, 0x0A, 0x6B, 0x07, 0xC8, + 0x8F, 0x88, 0x8D, 0xBC, 0x97, 0x84, 0xE2, 0x07, + 0x57, 0x92, 0x99, 0x4B, 0xE8, 0xDD, 0xD7, 0xA4, + 0x58, 0xCB, 0x61, 0xCE, 0x16, 0xFC, 0x22, 0xCD, + 0x4B, 0x1A, 0x08, 0xC9, 0xAD, 0x3D, 0xB1, 0xF2, + 0xA9, 0x1B, 0x8E, 0xD0, 0xC7, 0xBC, 0xCE, 0xF9, + 0x0A, 0x7A, 0x4D, 0xBE, 0x82, 0x0A, 0xBD, 0x6C, + 0x42, 0x99, 0xBF, 0x86, 0x65, 0x53, 0xAA, 0x04, + 0x79, 0xD6, 0x6D, 0x7E, 0x0F, 0x40, 0xFA, 0xEE, + 0xCE, 0x38, 0x3B, 0x1C, 0x2F, 0xA4, 0x45, 0xA3, + 0x78, 0x2B, 0xA0, 0x29, 0xC5, 0xAA, 0xA9, 0x09, + 0x29, 0x51, 0xDC, 0x5B, 0xB5, 0x95, 0xE4, 0xCE, + 0xC8, 0x50, 0x71, 0x2D, 0xE9, 0x32, 0x12, 0xA0, + 0x7C, 0x88, 0x6B, 0xED, 0xE4, 0x38, 0xB7, 0x92, + 0xCA, 0xE4, 0xDC, 0xD4, 0x05, 0x3B, 0x2B, 0x84, + 0x95, 0x07, 0xFF, 0xF4, 0x79, 0xFF, 0x1E, 0x73, + 0x1B, 0x8E, 0xDF, 0xA3, 0x15, 0xBD, 0x56, 0xAC, + 0xDA, 0xAD, 0x73, 0x95, 0xC2, 0xD3, 0x72, 0xA8, + 0xF0, 0x8E, 0x6C, 0xE3, 0x7D, 0xBE, 0x4C, 0x87, + 0xFC, 0x0F, 0xA6, 0x3B, 0xED, 0xA4, 0x0F, 0x4F, + 0xF1, 0x5D, 0xF2, 0x56, 0x54, 0xD1, 0xCE, 0x6C, + 0xCA, 0x1C, 0xCB, 0xC2, 0x45, 0x7F, 0x90, 0x61, + 0x0E, 0x3D, 0xCE, 0xBB, 0x5E, 0x41, 0x38, 0x2B, + 0xD4, 0x41, 0x7C, 0x67, 0x7C, 0x71, 0x95, 0x34, + 0xD7, 0xED, 0x4D, 0xAC, 0x6E, 0xF1, 0x46, 0xEA, + 0x7D, 0xA4, 0x4C, 0x69, 0x0B, 0x9C, 0x2F, 0xAA, + 0xF1, 0x17, 0x90, 0x1B, 0xF4, 0x4C, 0x03, 0xBE, + 0x9D, 0x56, 0xCE, 0x0C, 0xCF, 0xE0, 0x87, 0x44, + 0xBE, 0x2C, 0x52, 0xD3, 0xBC, 0xAE, 0x02, 0x30, + 0xC7, 0x26, 0x06, 0x88, 0xA6, 0xAA, 0x9D, 0x50, + 0xF1, 0x94, 0x58, 0xC7, 0x60, 0xF3, 0xA0, 0x6F, + 0x53, 0x66, 0x53, 0xCD, 0x1D, 0xBE, 0xD1, 0xF2, + 0x39, 0xBA, 0x1F, 0xE8, 0x40, 0x84, 0xCD, 0x1C, + 0x8F, 0x3D, 0xB7, 0xD1, 0x51, 0x00, 0xDE, 0xB8, + 0x11, 0xD9, 0x66, 0xAD, 0xD5, 0xE9, 0x33, 0x09, + 0xE1, 0xA8, 0x00, 0x58, 0x65, 0xF1, 0xC1, 0x67, + 0xB4, 0x3A, 0xA7, 0x98, 0x90, 0x6A, 0xDB, 0x91, + 0xDB, 0x4A, 0x16, 0x35, 0xDC, 0x3D, 0x69, 0xEB, + 0x7B, 0xDE, 0xCC, 0x91, 0x1B, 0x8D, 0xE6, 0x46, + 0x61, 0x8E, 0x3F, 0x4C, 0x88, 0x81, 0x85, 0x4A, + 0x73, 0x08, 0x56, 0x52, 0xAE, 0xE6, 0x4A, 0x60, + 0x4A, 0x2E, 0x0C, 0x9A, 0x93, 0x76, 0x35, 0xC9, + 0x36, 0x28, 0x0C, 0x72, 0x19, 0xAD, 0x33, 0xCF, + 0x2B, 0xFB, 0xCE, 0x1A, 0x7D, 0xAC, 0xAA, 0x75, + 0x15, 0x76, 0x81, 0x52, 0x55, 0xCC, 0xB9, 0x39, + 0x07, 0xA3, 0x39, 0x12, 0x8D, 0x6F, 0x53, 0xAF, + 0xC7, 0x14, 0x7F, 0xC7, 0x96, 0x5A, 0x49, 0x3C, + 0x5C, 0xB0, 0x26, 0x47, 0xF4, 0x9D, 0xCA, 0x23, + 0xA6, 0x7D, 0xA6, 0x61, 0xC4, 0xA3, 0x26, 0x40, + 0x0F, 0xA7, 0x27, 0x09, 0xBC, 0x39, 0xFD, 0xA7, + 0x75, 0x38, 0x74, 0xD0, 0x9D, 0x29, 0x15, 0x97, + 0xDE, 0x25, 0x60, 0x4D, 0x19, 0x36, 0x04, 0xFB, + 0xA5, 0x2C, 0xB0, 0xC8, 0xB5, 0xFE, 0xE5, 0x94, + 0x7C, 0xE2, 0x1F, 0x84, 0xBB, 0xFB, 0x78, 0x9E, + 0xA5, 0x7C, 0x5D, 0x4A, 0xB2, 0x48, 0x6F, 0x6E, + 0x67, 0x95, 0x16, 0x5F, 0x01, 0x2A, 0xF8, 0x70, + 0x95, 0xCB, 0x06, 0x93, 0x26, 0x6E, 0x7A, 0x75, + 0xB5, 0xE5, 0x4E, 0x27, 0x1D, 0x8B, 0x30, 0xA6, + 0x67, 0x67, 0xD6, 0xE2, 0xD6, 0xD1, 0x99, 0xA4, + 0x55, 0x73, 0x19, 0x32, 0xF6, 0x0B, 0x6B, 0x4A, + 0xEE, 0x23, 0x33, 0x38, 0x30, 0x68, 0x6F, 0x8E, + 0x60, 0xA9, 0x60, 0x97, 0x3E, 0xEA, 0x5D, 0xE1, + 0x40, 0x6F, 0x0C, 0x76, 0x84, 0xCF, 0xAF, 0x86, + 0x8D, 0x36, 0xE5, 0x7D, 0xAE, 0x9A, 0x13, 0x70, + 0x22, 0x2A, 0x31, 0xFE, 0xC2, 0xFB, 0xE1, 0x58, + 0xA5, 0x4E, 0xEF, 0x10, 0x5B, 0x5E, 0xD4, 0x39, + 0xFC, 0xF9, 0x15, 0x64, 0x78, 0x43, 0x7D, 0x03, + 0x9F, 0x5B, 0xCB, 0x86, 0xD2, 0xEF, 0x28, 0xBD, + 0x14, 0xCB, 0x8A, 0x04, 0x1D, 0x59, 0x23, 0x53, + 0x4D, 0x13, 0xF9, 0x93, 0xFE, 0x19, 0x9C, 0xC3, + 0x3F, 0xD9, 0xC1, 0x12, 0x94, 0x84, 0x13, 0x95, + 0x8F, 0xD9, 0x10, 0xAB, 0x37, 0x69, 0x08, 0x04, + 0x4A, 0x97, 0x82, 0x28, 0x75, 0xBB, 0xC9, 0xF4, + 0x3F, 0x19, 0x6B, 0x00, 0x4C, 0x56, 0x16, 0x1F, + 0x50, 0x82, 0xD1, 0x45, 0xFF, 0x0C, 0x37, 0x28, + 0x04, 0xBB, 0x6C, 0x00, 0x97, 0x3A, 0x79, 0x2D, + 0x9A, 0xB9, 0xA5, 0x16, 0x52, 0x02, 0xA3, 0x86, + 0x81, 0xAA, 0x3A, 0x31, 0xE5, 0xB5, 0x44, 0x2D, + 0x34, 0xE2, 0x7A, 0xD8, 0xFE, 0xA1, 0x36, 0xC0, + 0x36, 0x65, 0x73, 0x12, 0x9F, 0x61, 0x3F, 0x59, + 0xC9, 0x68, 0xB6, 0x34, 0x41, 0x40, 0x25, 0xD6, + 0xE7, 0xAD, 0x25, 0x7D, 0xCB, 0xF1, 0x2A, 0xD8, + 0x53, 0x48, 0x9D, 0xBF, 0xB5, 0xD5, 0x61, 0x18, + 0x0E, 0x2A, 0x21, 0x3E, 0x61, 0x18, 0x07, 0x8E, + 0x6F, 0x9A, 0x96, 0xA8, 0x61, 0xFE, 0x8D, 0x66, + 0x1A, 0x21, 0x99, 0xD9, 0x60, 0x8B, 0xAC, 0x85, + 0x84, 0x3D, 0x41, 0xF9, 0x93, 0x35, 0x24, 0x32, + 0xFF, 0xC0, 0x8A, 0xFA, 0xBC, 0xA7, 0x85, 0x57, + 0x3C, 0x16, 0x83, 0xAE, 0x90, 0xDE, 0x40, 0x12, + 0xE4, 0x2B, 0xA2, 0x47, 0xA4, 0x92, 0x73, 0x54, + 0x6C, 0xA5, 0xB7, 0xEE, 0x62, 0xEA, 0x62, 0x37, + 0xD9, 0xD7, 0x73, 0x58, 0x43, 0xDB, 0x20, 0x60, + 0x8C, 0x4F, 0x87, 0x58, 0xB2, 0x2B, 0xC3, 0x40, + 0xB0, 0xC1, 0xB6, 0xB6, 0xA9, 0xCD, 0xCC, 0x05, + 0x4F, 0x38, 0x5F, 0x08, 0xB3, 0x3B, 0x08, 0x4D, + 0x78, 0x6B, 0x0D, 0x40, 0x46, 0xB9, 0x20, 0xDE, + 0x29, 0x6F, 0x23, 0x96, 0xDA, 0x02, 0xF5, 0x1C, + 0x1A, 0x1A, 0x36, 0xA3, 0x3A, 0xFA, 0x1D, 0x80, + 0x36, 0x3C, 0xF6, 0xB4, 0xDC, 0x2C, 0x88, 0x54, + 0xF7, 0x86, 0xC6, 0xF2, 0x15, 0xF8, 0x85, 0x33, + 0xFB, 0x21, 0x20, 0x59, 0xCE, 0x60, 0x4B, 0xE8, + 0xF1, 0xB7, 0x54, 0x17, 0x1E, 0x83, 0xCD, 0x82, + 0x39, 0x40, 0x14, 0x31, 0xEC, 0x89, 0xC8, 0xE2, + 0x6A, 0xAE, 0x3F, 0x49, 0x5B, 0x38, 0xE7, 0xCD, + 0xE2, 0xF6, 0xEF, 0x90, 0x51, 0x10, 0x83, 0x79, + 0x27, 0x80, 0x2F, 0x45, 0x78, 0x67, 0xAF, 0xF4, + 0x65, 0x95, 0x2D, 0xFE, 0x00, 0xF3, 0x2A, 0x60, + 0x00, 0xF7, 0x26, 0xFA, 0x3C, 0xAD, 0xA9, 0xAF, + 0xCA, 0xF6, 0x69, 0x48, 0x03, 0xBE, 0x18, 0x73, + 0x54, 0x06, 0x06, 0x3E, 0x4E, 0xAD, 0xFC, 0x8B, + 0xC3, 0x43, 0x24, 0x5D, 0xE9, 0xDE, 0x78, 0xDC, + 0xD0, 0xA7, 0x04, 0x77, 0xF0, 0x0D, 0xA3, 0x37, + 0x8C, 0x5F, 0x8B, 0xDF, 0xBE, 0x90, 0x1F, 0xA6, + 0xB3, 0x17, 0x9D, 0x68, 0x36, 0x45, 0x11, 0x60, + 0xFF, 0xF9, 0xBA, 0xDA, 0x80, 0xAA, 0x37, 0x57, + 0xDD, 0x34, 0x30, 0x42, 0x7A, 0x9C, 0x86, 0xB4, + 0x91, 0x30, 0xB8, 0xC0, 0xC4, 0x29, 0x15, 0x31, + 0xF3, 0x9A, 0xB0, 0xCD, 0xAC, 0x8C, 0x7C, 0x8C, + 0x4A, 0xDC, 0x76, 0xB6, 0x31, 0x30, 0xDE, 0x2D, + 0x81, 0x04, 0xC7, 0x48, 0x73, 0x69, 0x02, 0x40, + 0x30, 0x19, 0x66, 0x94, 0x21, 0x65, 0x13, 0x18, + 0xC2, 0x09, 0x14, 0x5F, 0xC4, 0x2F, 0xC4, 0xD6, + 0xA6, 0x05, 0x37, 0xAF, 0x72, 0x0C, 0x47, 0x02, + 0x29, 0x95, 0x08, 0x9D, 0xC9, 0x07, 0x31, 0x38, + 0xA9, 0xB5, 0xDA, 0x21, 0x76, 0x1D, 0x84, 0xD0, + 0x15, 0xAF, 0x2A, 0xA3, 0x69, 0x0A, 0xE9, 0x4F, + 0x75, 0x8A, 0x50, 0xA5, 0x11, 0xD4, 0x5F, 0xAF, + 0x70, 0x43, 0xCB, 0xD7, 0x03, 0x9E, 0xB0, 0xBD, + 0x19, 0x47, 0x94, 0x58, 0x22, 0x86, 0xC6, 0xE3, + 0x62, 0xD8, 0x63, 0x05, 0xD9, 0xE2, 0xE5, 0x4A, + 0x04, 0x54, 0x5A, 0x55, 0x25, 0xAD, 0x15, 0x5C, + 0x4B, 0x71, 0x25, 0xE1, 0x50, 0xE3, 0x62, 0x1B, + 0xD2, 0x43, 0x28, 0xD2, 0x84, 0xE4, 0xE2, 0x05, + 0xE3, 0x01, 0x4C, 0x8F, 0x38, 0x17, 0x49, 0xFD, + 0x3B, 0x52, 0x1A, 0x55, 0xB3, 0x1D, 0x69, 0x83, + 0xAB, 0x9E, 0xC4, 0x73, 0xEE, 0x64, 0x7A, 0x73, + 0x19, 0xEF, 0xCD, 0x7D, 0xB7, 0xF4, 0x2E, 0xCB, + 0x55, 0x2A, 0x8A, 0xCC, 0x8F, 0xF8, 0x4E, 0xFB, + 0xD2, 0x63, 0x8F, 0xF1, 0x10, 0x89, 0x02, 0x93, + 0x3E, 0xAC, 0xA4, 0xB4, 0x89, 0xC7, 0xF7, 0x8B, + 0x3E, 0xE1, 0xE8, 0x93, 0xB9, 0x8E, 0x36, 0x25, + 0xC1, 0xC0, 0xD9, 0x44, 0x81, 0xC0, 0x99, 0x3C, + 0x2B, 0x89, 0xF7, 0xDF, 0xDB, 0xD8, 0xCC, 0x84, + 0xE6, 0xFF, 0xFE, 0xAC, 0x21, 0x16, 0xF1, 0xE2, + 0xEF, 0x0A, 0x32, 0xA7, 0xDE, 0x87, 0x51, 0xEC, + 0xB1, 0x0C, 0x0B, 0xC7, 0x07, 0xD9, 0x9A, 0xF8, + 0xE8, 0xB0, 0xFE, 0xA5, 0x67, 0xAF, 0x53, 0x9F, + 0xEF, 0x23, 0xEF, 0x7D, 0xFF, 0xA8, 0x8E, 0xDE, + 0x97, 0x93, 0x32, 0xA6, 0x7C, 0xCF, 0x49, 0xBC, + 0x36, 0x0D, 0x88, 0x90, 0x89, 0x39, 0x76, 0xA8, + 0x82, 0x19, 0x02, 0xB6, 0x02, 0x82, 0xFE, 0xED, + 0x9C, 0x28, 0x8D, 0xB0, 0x1E, 0x2B, 0x2A, 0xCF, + 0xF3, 0x94, 0xFF, 0x66, 0x33, 0x93, 0x31, 0xD6, + 0xFC, 0xAF, 0xE7, 0xC5, 0x98, 0x01, 0x46, 0xCD, + 0xCB, 0xC4, 0x41, 0x13, 0x6D, 0x42, 0xF5, 0x13, + 0xDF, 0xF9, 0x97, 0x65, 0xD4, 0x7B, 0x6E, 0x10, + 0x79, 0x5D, 0x5A, 0x82, 0xA2, 0x49, 0x53, 0xA7, + 0x6D, 0x9C, 0xDD, 0x0A, 0x80, 0x98, 0x58, 0x07, + 0x30, 0xBF, 0x0B, 0x30, 0xAC, 0x24, 0x9E, 0xA0, + 0xE8, 0xE4, 0x7A, 0x0D, 0xD0, 0x50, 0x82, 0xAE, + 0xBB, 0xEC, 0x15, 0x30, 0x2A, 0xF2, 0xA7, 0xA6, + 0x6A, 0xC8, 0xAE, 0x1E, 0x14, 0x80, 0x7C, 0x18, + 0xE7, 0x2B, 0x88, 0x65, 0xB7, 0x93, 0x12, 0xB3, + 0xC1, 0x2A, 0x20, 0xAD, 0x3B, 0x2E, 0x84, 0xC4, + 0x0D, 0xA7, 0x62, 0x5C, 0x79, 0x52, 0x5D, 0x59, + 0xA4, 0x69, 0x5C, 0x26, 0xFD, 0x4F, 0x80, 0xCC, + 0xFE, 0x8E, 0x70, 0x72, 0xB1, 0x41, 0xE1, 0x75, + 0x53, 0x51, 0xCF, 0x4C, 0x0B, 0x57, 0xF2, 0xB8, + 0x59, 0x76, 0xE6, 0xEF, 0x6D, 0x74, 0xA6, 0x73, + 0x69, 0x7F, 0x7C, 0xB2, 0x35, 0xFE, 0x8A, 0x02, + 0x2F, 0xBE, 0x7C, 0x4D, 0x02, 0xBE, 0x8F, 0xFB, + 0x7A, 0x58, 0x45, 0xEC, 0xBA, 0x1B, 0xC6, 0xB9, + 0x8D, 0xF5, 0xB0, 0x82, 0xD1, 0xB4, 0x97, 0x86, + 0x9B, 0x33, 0x54, 0x49, 0x5B, 0x88, 0xD9, 0xB5, + 0xD0, 0x93, 0x8A, 0x00, 0x5D, 0x0F, 0x37, 0x88, + 0x57, 0xE3, 0xFA, 0x7E, 0x7B, 0xFA, 0x43, 0x74, + 0x8D, 0x64, 0x07, 0xD7, 0x07, 0x85, 0x4D, 0x49, + 0xBC, 0x83, 0xF5, 0xD4, 0x95, 0x3E, 0x3E, 0x09, + 0x65, 0xF3, 0xFC, 0x88, 0xA7, 0xF0, 0x46, 0x61, + 0x44, 0x7D, 0x76, 0xED, 0xC9, 0x8D, 0x0F, 0x8D, + 0xDA, 0x0D, 0x01, 0xC8, 0xB1, 0xA8, 0x9B, 0x4A, + 0xF0, 0xA3, 0x88, 0x54, 0xC1, 0xD6, 0x52, 0x97 + }; +#endif /* WOLFSSL_NO_ML_DSA_65 */ +#ifndef WOLFSSL_NO_ML_DSA_87 + static const byte seed_87_draft[] = { + 0x22, 0x5F, 0x77, 0x07, 0x5E, 0x66, 0xCE, 0x1C, + 0x99, 0xBA, 0x95, 0xB4, 0xFC, 0xDF, 0x25, 0x8B, + 0xBB, 0x6F, 0xA5, 0xFE, 0x9C, 0x34, 0x9F, 0x0F, + 0xDE, 0x3F, 0x71, 0xD5, 0x33, 0x9F, 0x6F, 0xD8 + }; + static const byte pk_87_draft[] = { + 0x8C, 0x52, 0x4B, 0xD9, 0xAC, 0x48, 0x5C, 0xC6, + 0x9A, 0xA0, 0x75, 0x64, 0xE1, 0x4F, 0x0F, 0x60, + 0x13, 0x0E, 0xDE, 0x34, 0x08, 0xA5, 0xD4, 0x81, + 0xFD, 0x76, 0xC2, 0x51, 0x74, 0x75, 0xA8, 0xFB, + 0x24, 0xBF, 0x9E, 0x97, 0x9C, 0xD2, 0x3E, 0xDA, + 0x8A, 0x1B, 0xB6, 0x76, 0xDA, 0x7D, 0x7F, 0x44, + 0xAD, 0x6B, 0xB9, 0xB0, 0x70, 0xD3, 0xD6, 0x44, + 0x7F, 0xBE, 0x6C, 0x0C, 0x71, 0x37, 0xC6, 0xFB, + 0x7B, 0x39, 0x83, 0x63, 0x9C, 0x41, 0x5C, 0xF2, + 0xC9, 0x15, 0xFF, 0xD4, 0x18, 0xEA, 0xA1, 0x4D, + 0xA9, 0xD1, 0xAD, 0x3C, 0x09, 0x8E, 0xA9, 0x05, + 0x34, 0x6C, 0xAA, 0x75, 0x78, 0xF8, 0x6B, 0x6E, + 0x52, 0xE6, 0x57, 0x55, 0x16, 0xF4, 0x92, 0x3E, + 0x74, 0x3F, 0x96, 0xA3, 0x2A, 0xD0, 0x0E, 0xEE, + 0xA1, 0xCE, 0x8A, 0x33, 0xF4, 0x87, 0xB9, 0xF3, + 0x22, 0x5D, 0x2D, 0x84, 0xCD, 0x27, 0x57, 0xCC, + 0xCF, 0xE6, 0xA3, 0x66, 0x24, 0x53, 0x0E, 0x52, + 0x8A, 0x2F, 0x64, 0xFC, 0xE7, 0x04, 0xE7, 0xA7, + 0x6C, 0x2E, 0x6A, 0xDC, 0x00, 0xEF, 0x9B, 0xEC, + 0x91, 0x07, 0xB9, 0x69, 0x8F, 0x11, 0x59, 0xFC, + 0x52, 0xEF, 0x4C, 0x36, 0x5A, 0xFD, 0xB1, 0x50, + 0xED, 0xC3, 0x43, 0x5E, 0x03, 0xBB, 0x70, 0x26, + 0x00, 0x6E, 0x5A, 0x55, 0x13, 0x51, 0xA4, 0xB1, + 0x5F, 0xB8, 0x9F, 0xD2, 0xE9, 0x98, 0x38, 0xE8, + 0xCF, 0x41, 0x73, 0xFD, 0x0D, 0xF1, 0xF6, 0x80, + 0x89, 0xE1, 0x51, 0x8D, 0xD4, 0xB5, 0x79, 0x27, + 0x76, 0xBD, 0xD9, 0x2F, 0xC7, 0xC7, 0x9B, 0xC7, + 0x99, 0x7F, 0x78, 0x84, 0xD2, 0xB8, 0x80, 0xC5, + 0xD2, 0xB7, 0xEE, 0xC8, 0x0A, 0xFE, 0x35, 0x59, + 0x84, 0x5D, 0x39, 0x08, 0x39, 0xBE, 0x5E, 0xBF, + 0x95, 0x93, 0xA7, 0x3E, 0xD0, 0x1E, 0xF6, 0x7D, + 0x50, 0x3F, 0xFB, 0x74, 0x47, 0x04, 0xA2, 0xDC, + 0x49, 0x48, 0x76, 0x2B, 0xC8, 0x43, 0x45, 0x75, + 0x72, 0x84, 0x4D, 0x15, 0x74, 0xE3, 0xEB, 0x37, + 0x83, 0x0A, 0x3B, 0x7C, 0xD4, 0x02, 0xC7, 0x6E, + 0xD5, 0xB4, 0xFC, 0x15, 0xF0, 0x5E, 0x76, 0x03, + 0x4C, 0xBB, 0x6A, 0x29, 0xDE, 0xBC, 0x7E, 0x2B, + 0x34, 0xB2, 0x14, 0x2A, 0x57, 0xCF, 0x1B, 0x39, + 0x73, 0xE5, 0x8B, 0xFF, 0x47, 0x50, 0x42, 0xDC, + 0x22, 0x6C, 0x7E, 0x13, 0x71, 0xF3, 0x37, 0x51, + 0x40, 0xF2, 0x90, 0x57, 0xAC, 0xB4, 0x64, 0x7C, + 0x5F, 0x92, 0x6D, 0x3F, 0xDC, 0xCC, 0xC8, 0xD2, + 0xE1, 0x6B, 0x81, 0xA9, 0xED, 0xCD, 0x0C, 0x8B, + 0x5B, 0x2E, 0x11, 0x89, 0x87, 0x42, 0x4B, 0xEC, + 0xAD, 0x40, 0xA5, 0xE5, 0xB4, 0x6D, 0x1C, 0xB4, + 0x01, 0x0A, 0x8E, 0x9F, 0x6F, 0x25, 0x92, 0x5D, + 0xFE, 0x6B, 0x6F, 0x24, 0x64, 0x5F, 0x9C, 0x88, + 0x86, 0x96, 0xE8, 0x79, 0x64, 0x5B, 0x6A, 0x3A, + 0x76, 0x21, 0x90, 0xCC, 0xB7, 0xD6, 0x26, 0x9D, + 0x35, 0x54, 0x79, 0xDF, 0x71, 0x90, 0x55, 0x2A, + 0x38, 0x52, 0xD1, 0xE9, 0x56, 0x73, 0xE7, 0x19, + 0x44, 0x6A, 0xD3, 0x10, 0x24, 0xB9, 0x4B, 0xF8, + 0xBB, 0xC9, 0x7B, 0x04, 0x66, 0x39, 0xCE, 0x12, + 0x3F, 0xDE, 0xC3, 0x75, 0xAF, 0x9F, 0x8D, 0x4C, + 0xF7, 0x16, 0x9B, 0xEB, 0x5F, 0xE5, 0x1B, 0xBF, + 0x82, 0x2C, 0x53, 0xBA, 0x2D, 0x98, 0xA4, 0xA0, + 0x14, 0xA2, 0xDE, 0x69, 0x7F, 0x03, 0x3C, 0x9E, + 0x4A, 0x57, 0xC6, 0xED, 0xF6, 0x10, 0x6A, 0x76, + 0x2A, 0x81, 0x92, 0x9F, 0x3E, 0xF0, 0xFD, 0xE9, + 0xB7, 0xB3, 0x8A, 0xF6, 0x1A, 0x19, 0x9A, 0x16, + 0x0F, 0x09, 0x45, 0xBD, 0xBB, 0x96, 0x7C, 0x72, + 0x40, 0xFE, 0x94, 0xBD, 0xE1, 0x60, 0x50, 0x53, + 0x13, 0xC9, 0x2B, 0xFA, 0x52, 0x40, 0xA2, 0xA7, + 0xF0, 0x8C, 0x85, 0x78, 0xDB, 0xD6, 0x7F, 0x21, + 0x39, 0xB5, 0x06, 0x72, 0xEE, 0x99, 0xA1, 0xBD, + 0x78, 0x1F, 0xA4, 0xE9, 0x54, 0xF4, 0xFA, 0xDF, + 0xA7, 0x9E, 0xDD, 0x8E, 0xB1, 0xCF, 0xA8, 0x48, + 0x84, 0x5D, 0x70, 0xCB, 0x2D, 0xA9, 0x66, 0x09, + 0x0B, 0x75, 0x75, 0xA2, 0x32, 0xFE, 0xDF, 0x96, + 0x33, 0x84, 0xA7, 0x84, 0x48, 0x1A, 0xFA, 0x82, + 0x79, 0x0A, 0x87, 0xE1, 0x1F, 0x11, 0x74, 0xD4, + 0x3C, 0xC0, 0x8D, 0x4F, 0xD2, 0x5D, 0xBB, 0x40, + 0x10, 0xB2, 0x6F, 0x23, 0xD2, 0xD6, 0xF4, 0xA5, + 0x87, 0xEF, 0x7D, 0xE8, 0xC6, 0xF7, 0xC6, 0x0F, + 0xF9, 0x6F, 0xF8, 0x4C, 0x39, 0xE4, 0x82, 0x1E, + 0x1E, 0x6A, 0x80, 0x2F, 0xEC, 0x22, 0xD6, 0xA0, + 0xAA, 0xB6, 0x2C, 0xCB, 0x16, 0x43, 0x68, 0xC2, + 0x27, 0xF6, 0xA2, 0x31, 0x62, 0x66, 0xEC, 0x2F, + 0xFF, 0x8D, 0xB4, 0x19, 0x51, 0x19, 0xA0, 0x8C, + 0x67, 0xE2, 0x04, 0x04, 0xB9, 0x1F, 0x08, 0x70, + 0x9E, 0xAA, 0xC2, 0xDE, 0xCB, 0x96, 0x19, 0x8F, + 0x02, 0x74, 0x10, 0xCC, 0x1B, 0x82, 0x5D, 0x9C, + 0x07, 0x00, 0xE5, 0xD7, 0x04, 0x51, 0xBA, 0x7F, + 0x67, 0xF9, 0x64, 0x0C, 0xA3, 0x6B, 0xF3, 0x12, + 0x21, 0x80, 0x68, 0xD6, 0xA2, 0xCA, 0xFF, 0x59, + 0x33, 0x43, 0x7D, 0x67, 0xBF, 0xD4, 0x88, 0x4A, + 0x6E, 0x92, 0xBA, 0x41, 0xE1, 0x28, 0xDA, 0xEB, + 0xE1, 0xEA, 0x25, 0x60, 0xE1, 0x2F, 0xED, 0x2C, + 0xD4, 0x4B, 0xC9, 0x4E, 0x9E, 0x9D, 0xFA, 0xBB, + 0xF9, 0x61, 0x41, 0x4C, 0x24, 0x24, 0xFC, 0x9B, + 0x62, 0xFE, 0x73, 0x74, 0xF6, 0xB8, 0x9B, 0xA9, + 0x02, 0x96, 0xF4, 0x90, 0x18, 0xA7, 0xF5, 0x49, + 0xC1, 0xA3, 0x94, 0xB8, 0xED, 0xBD, 0x0B, 0xF3, + 0xDB, 0xF3, 0xBC, 0x10, 0x6A, 0x6B, 0x3F, 0x79, + 0x07, 0xF2, 0x11, 0x09, 0xD5, 0x42, 0x8F, 0xA9, + 0x09, 0x94, 0xBE, 0xF2, 0x0D, 0x3A, 0x91, 0x33, + 0x01, 0x31, 0x34, 0xBF, 0x0A, 0xCA, 0xF1, 0x3E, + 0x66, 0x18, 0xA6, 0x69, 0xEC, 0xEA, 0xC5, 0xE9, + 0x8B, 0x80, 0xFE, 0x4D, 0x93, 0x7B, 0xD4, 0xE5, + 0x74, 0x90, 0xFA, 0xFD, 0xCE, 0x45, 0xE8, 0xD7, + 0xD8, 0x8F, 0x08, 0x8B, 0x3A, 0xA8, 0x01, 0xA2, + 0xB4, 0xE5, 0xF2, 0x29, 0x41, 0x02, 0xBD, 0xCB, + 0xF9, 0x4A, 0x62, 0x54, 0x99, 0x94, 0x61, 0xB7, + 0x8F, 0xA5, 0x8A, 0x7F, 0xDC, 0xAD, 0xD2, 0xF2, + 0x28, 0x1E, 0xF3, 0x18, 0xAE, 0x21, 0x81, 0xF7, + 0xE9, 0xE5, 0xBF, 0x2B, 0xC2, 0x98, 0x24, 0xB1, + 0x45, 0x56, 0x57, 0x31, 0xA1, 0x48, 0xAB, 0x39, + 0xC2, 0x04, 0x29, 0x1B, 0x5B, 0xD3, 0x23, 0x35, + 0xCC, 0x5A, 0x58, 0x10, 0x11, 0x5B, 0xD5, 0x88, + 0xC2, 0x60, 0x37, 0x3D, 0x1C, 0x1C, 0x7B, 0x09, + 0x95, 0xB5, 0x05, 0x12, 0xD8, 0x52, 0x8D, 0xF5, + 0xBD, 0x4A, 0xA5, 0x45, 0x6F, 0x3D, 0x55, 0x9D, + 0x90, 0xAD, 0xD7, 0xA9, 0xD0, 0x25, 0x0B, 0xD7, + 0x55, 0x11, 0x5C, 0x60, 0xBF, 0xBD, 0xFB, 0x9D, + 0x2A, 0xCE, 0x4F, 0xE6, 0xB8, 0x36, 0x3A, 0x4D, + 0xE7, 0xB6, 0xFF, 0x6B, 0xD8, 0xBA, 0xD4, 0xEE, + 0x95, 0x9A, 0x0A, 0x47, 0xD4, 0x76, 0xE0, 0xF7, + 0xAC, 0x02, 0xB6, 0xA8, 0x10, 0x1E, 0xA5, 0x98, + 0xC0, 0xF4, 0x68, 0x5E, 0x55, 0xC1, 0x67, 0xCD, + 0x16, 0x31, 0xBD, 0xA2, 0x86, 0xF3, 0xF8, 0xC0, + 0xED, 0x4A, 0xFF, 0xE8, 0xF5, 0x2C, 0xFA, 0xD2, + 0x06, 0x78, 0x6D, 0x34, 0xBE, 0xF9, 0x15, 0x84, + 0x6D, 0xE5, 0x5F, 0xA4, 0xAC, 0x84, 0x3B, 0x3A, + 0xA6, 0x2D, 0xC2, 0x01, 0xE0, 0x63, 0x92, 0xC7, + 0x77, 0xB5, 0x4E, 0x2C, 0x40, 0x90, 0x48, 0xAF, + 0x8B, 0xE9, 0x6C, 0x1E, 0xEE, 0x16, 0x8F, 0x4E, + 0x4F, 0xFF, 0x35, 0x15, 0xE5, 0x51, 0xF4, 0xB2, + 0x23, 0x1C, 0x6A, 0xCE, 0x05, 0xDC, 0xDC, 0xAD, + 0x7F, 0x9D, 0xDA, 0xB3, 0x0C, 0xAD, 0x9C, 0x62, + 0x68, 0xD6, 0x84, 0x00, 0x76, 0xFF, 0xD3, 0x01, + 0x18, 0xB0, 0xC4, 0xE5, 0xE5, 0x0D, 0x87, 0x8E, + 0xAF, 0x77, 0xEE, 0xCB, 0x56, 0x88, 0x7F, 0xED, + 0xC5, 0x7C, 0x54, 0xD6, 0x28, 0x46, 0xE0, 0x8C, + 0xE6, 0x87, 0xF2, 0x4D, 0x0D, 0x2F, 0x12, 0x62, + 0x06, 0xDF, 0xB2, 0x4E, 0x03, 0x04, 0x78, 0x0B, + 0x03, 0x4C, 0xCE, 0x86, 0xD1, 0xCD, 0x53, 0x00, + 0xED, 0xC6, 0xF8, 0x9A, 0xCB, 0x59, 0x14, 0xA6, + 0x0C, 0x87, 0x35, 0x92, 0x66, 0x0D, 0x02, 0xA9, + 0xEF, 0x0D, 0x7D, 0xC6, 0x45, 0xF3, 0x11, 0xEF, + 0x1F, 0x55, 0x72, 0x1F, 0x1B, 0x45, 0xD2, 0xE4, + 0x8F, 0x3F, 0x9F, 0xEB, 0x27, 0x02, 0xD8, 0x2C, + 0xEF, 0xAD, 0x7E, 0x7E, 0x10, 0xDD, 0x91, 0x5E, + 0x39, 0x06, 0x7C, 0x39, 0xEA, 0x61, 0xB9, 0xCC, + 0xF1, 0x45, 0x56, 0x81, 0x53, 0x55, 0x42, 0xD4, + 0x37, 0x0F, 0x53, 0xF0, 0x7F, 0xA0, 0xC6, 0x50, + 0x9B, 0x1D, 0xC6, 0x7E, 0x9F, 0x1D, 0x89, 0x3B, + 0xEB, 0x85, 0x59, 0x6D, 0x9C, 0x12, 0xEE, 0xAC, + 0xFC, 0xAE, 0xC0, 0xAE, 0x5F, 0xD4, 0x9C, 0x62, + 0xE7, 0x09, 0x8C, 0xFA, 0x80, 0x1A, 0x19, 0x09, + 0x0F, 0x8D, 0x68, 0x9E, 0x45, 0x33, 0xE2, 0x58, + 0x7B, 0xEF, 0xC7, 0x6A, 0xDC, 0x38, 0x33, 0x3E, + 0x5C, 0x53, 0xB5, 0x99, 0xDB, 0x04, 0xA7, 0xEA, + 0xFB, 0x07, 0x9B, 0x25, 0x47, 0xED, 0xAC, 0x5A, + 0xAA, 0x1E, 0xE5, 0x23, 0xDE, 0x64, 0xE5, 0x87, + 0x46, 0x8C, 0x41, 0x52, 0xC9, 0x4F, 0x90, 0x48, + 0x1C, 0xAA, 0xA6, 0xB0, 0x3A, 0x1E, 0xC9, 0x08, + 0xF7, 0x82, 0x71, 0x13, 0x76, 0x6B, 0x9E, 0x52, + 0x22, 0x32, 0xE0, 0xC6, 0xF7, 0xD7, 0x4C, 0xBD, + 0xC3, 0x1C, 0x18, 0xAF, 0xA0, 0x12, 0xD3, 0x22, + 0x6A, 0xFC, 0x71, 0x8A, 0x64, 0x24, 0xAC, 0x19, + 0x4E, 0x85, 0x3C, 0x51, 0xE6, 0xA3, 0xAD, 0xA9, + 0x59, 0x94, 0xD2, 0x7F, 0xC4, 0x9D, 0x93, 0x5B, + 0x51, 0xD7, 0xF3, 0x03, 0xE7, 0x7D, 0x5B, 0x13, + 0x0E, 0xCD, 0x7D, 0x0F, 0x77, 0x3E, 0x84, 0xD7, + 0x4E, 0x69, 0x57, 0x1B, 0x73, 0x99, 0xC9, 0x4D, + 0xC0, 0x19, 0x6B, 0x9D, 0x5F, 0xBA, 0x69, 0xEE, + 0x11, 0xBD, 0x7C, 0x45, 0xD9, 0xA9, 0x65, 0x88, + 0xA7, 0x0E, 0x16, 0xBF, 0xB3, 0x82, 0x5E, 0x5E, + 0x56, 0x13, 0x02, 0x7D, 0xB1, 0xDC, 0xF5, 0x4A, + 0x82, 0x73, 0x72, 0x35, 0x9B, 0x91, 0xAC, 0x04, + 0x69, 0xE9, 0xEA, 0x19, 0xC9, 0xD8, 0x59, 0xEB, + 0x8F, 0x22, 0x5F, 0x43, 0x11, 0x0C, 0xCF, 0xB4, + 0x16, 0x6C, 0x7D, 0x60, 0xCE, 0x14, 0x24, 0xAD, + 0xD7, 0x07, 0xC2, 0x4E, 0x98, 0xA0, 0xDE, 0x9E, + 0xE6, 0x31, 0xED, 0xF8, 0x5B, 0x9C, 0xAF, 0xF7, + 0x57, 0x59, 0x10, 0xA9, 0x92, 0xDC, 0x4F, 0x0C, + 0x2B, 0x88, 0x75, 0x19, 0x1D, 0xB3, 0xBF, 0x70, + 0x23, 0x17, 0xD5, 0x1A, 0x50, 0x30, 0x18, 0x14, + 0x1A, 0x14, 0xE6, 0x1D, 0x4F, 0x8A, 0x96, 0x3E, + 0xD8, 0x6E, 0xD9, 0xBF, 0x94, 0x4E, 0xDE, 0xB8, + 0xFF, 0xE1, 0x6F, 0xFD, 0x31, 0xE8, 0xFE, 0x43, + 0xC2, 0x40, 0x82, 0x45, 0x50, 0xFE, 0x1B, 0xBC, + 0x77, 0x4B, 0xB4, 0x30, 0xA7, 0xD4, 0x46, 0x32, + 0x6A, 0xF7, 0xC5, 0x92, 0xDA, 0x70, 0xB1, 0xB7, + 0xA1, 0x5A, 0x5D, 0x17, 0x3B, 0xDB, 0x2F, 0x28, + 0x8A, 0x6E, 0xEC, 0xDA, 0xC4, 0xF7, 0x2E, 0xCB, + 0xEB, 0x96, 0x60, 0x92, 0x1B, 0xDD, 0xD6, 0x13, + 0x7C, 0x85, 0x9F, 0x8A, 0x9A, 0xE9, 0x5F, 0xC4, + 0x24, 0xFD, 0x33, 0xDF, 0xB3, 0x98, 0x66, 0xF7, + 0xA1, 0x5A, 0xDC, 0x01, 0xC9, 0xFA, 0x37, 0xF1, + 0x7B, 0xD0, 0xF6, 0x66, 0x8A, 0x26, 0x7C, 0xC2, + 0x1B, 0xFF, 0x62, 0xBC, 0xFD, 0xCD, 0x47, 0xDA, + 0xEE, 0x75, 0xF2, 0xAC, 0x60, 0x69, 0x87, 0x26, + 0xCC, 0x92, 0x10, 0x1C, 0x92, 0xC1, 0x43, 0x09, + 0xE9, 0xCE, 0x7D, 0x05, 0x5C, 0x64, 0x55, 0xCB, + 0xBB, 0x7A, 0xAE, 0x05, 0xDB, 0x38, 0xD3, 0xD5, + 0xBB, 0xD9, 0x9F, 0xCB, 0xCF, 0xB7, 0x9C, 0xEF, + 0x7E, 0x7B, 0x2A, 0x6F, 0x84, 0x4E, 0x6A, 0x7F, + 0xD3, 0x5F, 0xF3, 0xB3, 0xC1, 0xF0, 0x02, 0x9C, + 0xA2, 0x4C, 0x86, 0x0E, 0x6B, 0xE2, 0x2B, 0x1D, + 0x1D, 0xB4, 0x55, 0x7F, 0x85, 0x54, 0x2D, 0x85, + 0x64, 0x89, 0x92, 0x19, 0x65, 0x44, 0xD7, 0x95, + 0x48, 0x2C, 0x46, 0x8D, 0x0E, 0xBA, 0xFB, 0x13, + 0x63, 0x52, 0x2E, 0x22, 0x19, 0x3F, 0x7F, 0xFB, + 0x54, 0x4D, 0x73, 0xA1, 0x3C, 0x22, 0xD6, 0x5D, + 0x2B, 0x4A, 0xBD, 0xD7, 0xBB, 0x72, 0x55, 0x80, + 0xD4, 0x57, 0x4E, 0xDC, 0xF2, 0x8B, 0xB3, 0x09, + 0x6A, 0xF9, 0x1A, 0xD3, 0x41, 0x0E, 0x72, 0x95, + 0x49, 0xE7, 0xD1, 0xDC, 0x05, 0x22, 0xC3, 0x3E, + 0x26, 0x95, 0x00, 0x01, 0x8C, 0xE1, 0x54, 0x47, + 0x84, 0x10, 0xA7, 0x67, 0x45, 0xBB, 0xB9, 0x7B, + 0x0B, 0xB4, 0x74, 0x82, 0xED, 0x6C, 0x26, 0x6E, + 0xF2, 0x56, 0xCA, 0x1A, 0xD1, 0x10, 0x68, 0x40, + 0x28, 0x23, 0xD5, 0x98, 0xB3, 0x6B, 0x75, 0x16, + 0x13, 0x87, 0xE1, 0xF2, 0x3F, 0xAB, 0xC0, 0x2A, + 0xF0, 0x16, 0x59, 0x85, 0x1A, 0x5B, 0x41, 0xB7, + 0x52, 0xB1, 0x79, 0x46, 0x20, 0xDF, 0x59, 0xFB, + 0x33, 0xB3, 0x05, 0xF1, 0x12, 0x8B, 0xDB, 0x7C, + 0x51, 0x90, 0xC9, 0x8A, 0xC9, 0x48, 0x10, 0x54, + 0xF4, 0x0F, 0x88, 0x1D, 0xDB, 0x40, 0x1B, 0x3A, + 0xD7, 0x62, 0xD1, 0x75, 0x73, 0xD6, 0xCA, 0x23, + 0x26, 0xB2, 0xBF, 0x4C, 0xCA, 0x22, 0xDD, 0xF6, + 0xAF, 0x22, 0xB8, 0x4F, 0xC2, 0xC3, 0xB3, 0xD3, + 0xED, 0xFA, 0xBA, 0x2E, 0x38, 0x28, 0x6A, 0xAE, + 0x60, 0xE9, 0x2D, 0x11, 0x33, 0xED, 0x7E, 0xE9, + 0x29, 0x8E, 0x01, 0xB0, 0x0F, 0x13, 0x83, 0x44, + 0x17, 0xFA, 0xB6, 0x54, 0x7C, 0xAC, 0x1F, 0xED, + 0xC9, 0x22, 0xF2, 0x4F, 0x69, 0x24, 0x04, 0xFE, + 0xC2, 0x6A, 0xEB, 0xB0, 0xE4, 0xF5, 0x03, 0xCB, + 0xB3, 0x99, 0x50, 0x66, 0x1F, 0x6B, 0xF3, 0xFE, + 0xB7, 0xBF, 0x8D, 0xBA, 0x59, 0x75, 0x75, 0x51, + 0xB0, 0xA5, 0xB9, 0x66, 0xC8, 0xDD, 0x35, 0xAE, + 0x20, 0x66, 0x21, 0x9B, 0x04, 0x3F, 0xC6, 0x90, + 0x6F, 0x2B, 0x5C, 0x78, 0x49, 0x3C, 0x40, 0xE6, + 0xF9, 0x6B, 0x1A, 0xEF, 0xCE, 0x5A, 0xC1, 0x68, + 0xD3, 0x34, 0x05, 0xD0, 0x21, 0x6C, 0xF8, 0xA8, + 0x55, 0xE4, 0x6E, 0x80, 0x9B, 0xAD, 0xA5, 0xC3, + 0x55, 0x0B, 0x28, 0xBB, 0x54, 0x02, 0xD4, 0xF6, + 0x82, 0x73, 0xAB, 0x56, 0x0B, 0xB1, 0x5F, 0x94, + 0xC3, 0xDA, 0x24, 0x1E, 0x7F, 0x62, 0x6B, 0x98, + 0x6B, 0x2A, 0xF3, 0x92, 0x37, 0x3A, 0xB9, 0xE6, + 0x27, 0xC4, 0xBB, 0xAB, 0xE4, 0x9A, 0x60, 0xD2, + 0xAE, 0xCE, 0xFD, 0x44, 0xEB, 0x1C, 0xCF, 0x74, + 0x54, 0xFC, 0xEC, 0x4F, 0xC2, 0xBA, 0xF4, 0x3B, + 0xAC, 0x03, 0xC7, 0x2E, 0xE6, 0x62, 0x44, 0x61, + 0x42, 0xC8, 0xAE, 0xF1, 0xB2, 0xA9, 0xAC, 0xE0, + 0xCE, 0x23, 0xAF, 0xCC, 0x86, 0x61, 0xFE, 0xC5, + 0xCB, 0xAC, 0x4A, 0x1B, 0x5C, 0xC7, 0x2B, 0xFF, + 0x8A, 0x20, 0x62, 0x0E, 0xB9, 0x1D, 0xDD, 0x93, + 0x19, 0x29, 0xE4, 0xD9, 0x13, 0x1D, 0x28, 0x32, + 0x03, 0x5A, 0xA6, 0x8E, 0x20, 0xC7, 0xD6, 0xC6, + 0x4D, 0x19, 0x17, 0xCC, 0x65, 0xB8, 0x84, 0x0C, + 0x38, 0xB4, 0xA9, 0x45, 0x2B, 0x91, 0x61, 0x79, + 0x87, 0x08, 0xA6, 0xBD, 0x28, 0x9A, 0x58, 0x48, + 0xD5, 0x58, 0xC6, 0xCE, 0xC2, 0xC5, 0x72, 0x16, + 0xD9, 0xF4, 0xED, 0x66, 0xAC, 0xFA, 0x93, 0xE8, + 0x26, 0x10, 0x3B, 0x3D, 0x8F, 0xEA, 0x51, 0xCC, + 0x82, 0xC0, 0xDB, 0xDF, 0xA7, 0x13, 0xFB, 0x1B, + 0x77, 0x7E, 0x6F, 0x9E, 0x3C, 0xC5, 0x86, 0x35, + 0x92, 0x5B, 0x6F, 0x76, 0xA1, 0x71, 0x0D, 0x8C, + 0xDC, 0x95, 0x9F, 0xAC, 0x2C, 0x8E, 0x21, 0x01, + 0x37, 0x06, 0x28, 0x64, 0x4C, 0x23, 0xE2, 0x75, + 0x0B, 0xA7, 0xA4, 0xF5, 0x90, 0x87, 0xD2, 0x43, + 0x71, 0x59, 0x7C, 0x8C, 0xCA, 0x77, 0x3B, 0xC5, + 0x36, 0x46, 0xF7, 0x2F, 0xD3, 0x47, 0x18, 0xD7, + 0xC9, 0x4E, 0x56, 0x2D, 0x49, 0x82, 0xAC, 0x7D, + 0xD7, 0x3D, 0xF1, 0xDD, 0x73, 0x8B, 0xE4, 0xA1, + 0x10, 0x85, 0xB6, 0x94, 0xBE, 0x6A, 0x5E, 0xEE, + 0xBD, 0x60, 0xEB, 0x95, 0x76, 0xA8, 0x52, 0xE1, + 0x47, 0x57, 0xA1, 0x9C, 0xEC, 0x44, 0xE5, 0x6F, + 0x68, 0x34, 0x7E, 0x19, 0xBE, 0xCE, 0x56, 0xC9, + 0xBE, 0xCE, 0xFC, 0xB8, 0x32, 0x6D, 0xCB, 0x84, + 0x59, 0xBF, 0x4D, 0xF6, 0xE1, 0x53, 0x41, 0x61, + 0x5C, 0xFB, 0xD2, 0x48, 0xA6, 0x7F, 0x05, 0xB2, + 0xFC, 0xE8, 0xB2, 0x8A, 0x55, 0x7D, 0x19, 0xC0, + 0x69, 0x3B, 0x91, 0x5D, 0x71, 0xE7, 0xBB, 0x72, + 0x7D, 0xB9, 0x64, 0x6E, 0x8B, 0x5B, 0x70, 0x51, + 0xB5, 0x69, 0x8C, 0xC0, 0xFC, 0x95, 0xB2, 0x43, + 0x08, 0xF8, 0x70, 0xE4, 0x6F, 0x87, 0xA7, 0xDF, + 0x23, 0x84, 0xEE, 0xCF, 0x73, 0x38, 0xDE, 0x99, + 0x4C, 0xF8, 0xF1, 0x2D, 0xA2, 0x68, 0x99, 0xE3, + 0x9B, 0xB8, 0xF6, 0xC1, 0x5C, 0x83, 0x07, 0xE9, + 0xB9, 0xE2, 0x51, 0x62, 0xC8, 0x53, 0xF1, 0xC2, + 0xF7, 0x57, 0x8A, 0xA0, 0x42, 0x3C, 0x18, 0x36, + 0xF3, 0x99, 0xFD, 0x34, 0xB2, 0xF0, 0x1D, 0xBA, + 0x43, 0xEA, 0x72, 0x1C, 0x0B, 0x37, 0x47, 0xBC, + 0xAF, 0xDA, 0x22, 0x1F, 0x1C, 0x08, 0x16, 0x13, + 0xBD, 0xAA, 0x07, 0xFD, 0x7E, 0xCA, 0x70, 0x57, + 0x74, 0xDF, 0x68, 0x6B, 0x9F, 0x2D, 0x56, 0xBD, + 0x21, 0x89, 0xFA, 0x09, 0x04, 0xCA, 0x09, 0xBD, + 0x4F, 0xE6, 0x15, 0xF5, 0x89, 0xAB, 0xAC, 0xB2, + 0xC9, 0xBF, 0xC8, 0xBB, 0x87, 0x83, 0xB4, 0xD3, + 0xDC, 0xB1, 0x25, 0x9B, 0xAE, 0xC5, 0x75, 0x0C, + 0x9E, 0x6A, 0x83, 0x41, 0x85, 0x9D, 0x4B, 0xBF, + 0x62, 0x0C, 0x7D, 0x77, 0xC9, 0x89, 0xA6, 0xE1, + 0x28, 0xBD, 0x13, 0x5D, 0x41, 0x26, 0x80, 0x75, + 0x23, 0x57, 0xE7, 0x4F, 0x4D, 0x02, 0x8E, 0x0F, + 0x43, 0x67, 0xF6, 0xA6, 0xE6, 0xB6, 0x84, 0x8D, + 0xF5, 0x7B, 0x6A, 0x95, 0x73, 0x27, 0x86, 0x02, + 0x72, 0xCB, 0xDF, 0x77, 0x1C, 0x6C, 0x5E, 0xD3, + 0xF0, 0x1C, 0x82, 0x7A, 0x0D, 0xBB, 0x70, 0xA3, + 0x98, 0x8B, 0x7B, 0x4A, 0xFE, 0x2D, 0xB1, 0x5C, + 0x61, 0x89, 0x34, 0x4C, 0x81, 0x4B, 0x52, 0x17, + 0x03, 0x81, 0x54, 0x4F, 0x9E, 0x9E, 0x07, 0x16, + 0xF3, 0xD9, 0x18, 0x01, 0x11, 0xFD, 0x67, 0x18, + 0xA2, 0x64, 0x35, 0x42, 0x81, 0x80, 0x4A, 0xBA, + 0xCB, 0xD5, 0xF5, 0x4A, 0x10, 0x7F, 0xE2, 0xCF, + 0xA5, 0x1E, 0xCB, 0x0C, 0xAB, 0x3E, 0x03, 0x98, + 0x73, 0x89, 0xA4, 0x10, 0x75, 0xD5, 0xAC, 0x3D, + 0xCF, 0x56, 0x75, 0xD8, 0x86, 0xC2, 0x21, 0x42, + 0x99, 0x8D, 0x1B, 0x49, 0x09, 0xFE, 0x86, 0x41, + 0xC9, 0xDC, 0x87, 0x8D, 0x5A, 0xF0, 0xF5, 0xBE, + 0xF5, 0x49, 0x64, 0x5A, 0x7A, 0xC3, 0x5D, 0xE4, + 0xD6, 0xB7, 0x30, 0x92, 0x2A, 0x15, 0x86, 0x02, + 0xBE, 0xBA, 0x6E, 0xF6, 0x3D, 0x2D, 0x70, 0x89, + 0xFB, 0xB5, 0x1E, 0xBA, 0xDA, 0x20, 0x12, 0x49, + 0x22, 0xA0, 0xD8, 0x33, 0x9E, 0x4C, 0xC0, 0x27, + 0x0F, 0x9C, 0x1F, 0xD2, 0xA9, 0xF4, 0xD2, 0xA9, + 0x6D, 0xC5, 0x32, 0x16, 0x35, 0x9F, 0x19, 0x88, + 0xC1, 0xAA, 0xA4, 0x66, 0x33, 0xE6, 0x2C, 0x6A, + 0x6E, 0xA2, 0x1B, 0x33, 0xCB, 0xC3, 0x7E, 0xC5, + 0x31, 0x4D, 0x5C, 0x17, 0x4C, 0x33, 0x7F, 0x09, + 0x01, 0x33, 0x82, 0x84, 0x37, 0x03, 0xEB, 0x0E, + 0xB1, 0x5F, 0x1B, 0x60, 0x8A, 0x2C, 0x9F, 0x39 + }; + static const byte sk_87_draft[] = { + 0x8C, 0x52, 0x4B, 0xD9, 0xAC, 0x48, 0x5C, 0xC6, + 0x9A, 0xA0, 0x75, 0x64, 0xE1, 0x4F, 0x0F, 0x60, + 0x13, 0x0E, 0xDE, 0x34, 0x08, 0xA5, 0xD4, 0x81, + 0xFD, 0x76, 0xC2, 0x51, 0x74, 0x75, 0xA8, 0xFB, + 0x9A, 0xFE, 0xF5, 0x92, 0x58, 0xBB, 0x3C, 0xEB, + 0x4C, 0x5E, 0x83, 0xF9, 0xFF, 0xBC, 0x3B, 0x49, + 0xAE, 0xE1, 0xFC, 0x4B, 0x94, 0x4B, 0x8C, 0x75, + 0xD4, 0x67, 0x75, 0x66, 0x7D, 0x6B, 0xA4, 0xF2, + 0xDA, 0xC2, 0xB7, 0xC4, 0xD8, 0x50, 0x25, 0xCB, + 0x5A, 0xDB, 0xA4, 0xAD, 0xBB, 0x44, 0x20, 0x24, + 0x90, 0xEA, 0xA5, 0x2C, 0xAE, 0x80, 0x22, 0xC9, + 0x59, 0x02, 0xB7, 0x10, 0xB0, 0x5E, 0x1E, 0x5F, + 0x52, 0x7D, 0x88, 0xDA, 0xE2, 0x04, 0xBF, 0x45, + 0xA7, 0xA8, 0x49, 0x97, 0x7D, 0xAD, 0x7C, 0x7C, + 0x9E, 0x9C, 0x4A, 0xCC, 0x36, 0x33, 0x0F, 0x30, + 0xFA, 0xDE, 0x52, 0xE9, 0xAE, 0x23, 0x29, 0x13, + 0x10, 0x17, 0x8A, 0xD0, 0x08, 0x8E, 0xE1, 0x10, + 0x30, 0xD0, 0x84, 0x65, 0x92, 0x12, 0x2A, 0x81, + 0x26, 0x2E, 0x11, 0x14, 0x30, 0x61, 0x38, 0x61, + 0x64, 0x42, 0x05, 0x08, 0x91, 0x90, 0x4C, 0x06, + 0x82, 0xCC, 0x90, 0x45, 0x10, 0x39, 0x90, 0x22, + 0x40, 0x2A, 0x9B, 0x16, 0x26, 0x9A, 0xA8, 0x50, + 0x91, 0x12, 0x70, 0x91, 0x20, 0x4D, 0xC0, 0x34, + 0x90, 0x18, 0x28, 0x31, 0x10, 0x02, 0x11, 0x22, + 0xB3, 0x6C, 0x8B, 0xB8, 0x2C, 0x22, 0xB0, 0x69, + 0x53, 0x36, 0x31, 0x61, 0x42, 0x6C, 0xD9, 0x06, + 0x6A, 0xD9, 0x04, 0x45, 0xDB, 0x18, 0x05, 0x12, + 0x37, 0x4A, 0xD4, 0x06, 0x64, 0xD3, 0xA2, 0x85, + 0xA0, 0x38, 0x8A, 0x14, 0xA5, 0x85, 0x50, 0x20, + 0x85, 0xE4, 0xA8, 0x24, 0xC3, 0xC6, 0x31, 0xC9, + 0x34, 0x4E, 0xD2, 0x14, 0x68, 0x82, 0x90, 0x85, + 0xC4, 0x02, 0x61, 0x24, 0x38, 0x05, 0x01, 0xA3, + 0x50, 0x48, 0x08, 0x62, 0x20, 0xB0, 0x25, 0x5B, + 0xA6, 0x4D, 0x98, 0x92, 0x11, 0xC2, 0x06, 0x00, + 0xD1, 0xB0, 0x4D, 0x21, 0xA4, 0x8C, 0x01, 0x16, + 0x72, 0x11, 0xA6, 0x20, 0xD0, 0x16, 0x45, 0x10, + 0x31, 0x8E, 0xCB, 0xC2, 0x69, 0x02, 0x08, 0x91, + 0xD4, 0x30, 0x89, 0x03, 0x41, 0x05, 0x93, 0x16, + 0x8E, 0x5A, 0x18, 0x04, 0x41, 0x10, 0x6D, 0x18, + 0x42, 0x70, 0x53, 0x16, 0x31, 0x52, 0x30, 0x8E, + 0x0C, 0x49, 0x66, 0x0C, 0x90, 0x0C, 0xA4, 0x08, + 0x2E, 0x41, 0x92, 0x05, 0x24, 0x07, 0x30, 0x12, + 0x46, 0x72, 0x13, 0x99, 0x20, 0xE0, 0xA2, 0x4C, + 0x1B, 0x14, 0x52, 0x5A, 0x90, 0x05, 0x08, 0x82, + 0x31, 0x53, 0xC2, 0x90, 0xCC, 0x42, 0x68, 0x18, + 0xB0, 0x2C, 0x00, 0x80, 0x65, 0x58, 0x12, 0x84, + 0x19, 0x90, 0x08, 0x44, 0x26, 0x4A, 0x10, 0xA9, + 0x0C, 0x12, 0x25, 0x0C, 0x9C, 0x10, 0x25, 0x0C, + 0x28, 0x25, 0xD8, 0x46, 0x84, 0x1A, 0x22, 0x71, + 0x5B, 0x28, 0x6E, 0x98, 0x02, 0x51, 0x61, 0xB4, + 0x51, 0x01, 0xA1, 0x21, 0x24, 0x39, 0x12, 0xC8, + 0x08, 0x85, 0xD1, 0x34, 0x64, 0xA4, 0xA8, 0x04, + 0xA2, 0xC0, 0x09, 0x44, 0x48, 0x48, 0x03, 0x37, + 0x00, 0x20, 0x05, 0x4D, 0x20, 0xA4, 0x05, 0x11, + 0x18, 0x82, 0x42, 0x94, 0x4D, 0x24, 0x16, 0x01, + 0x02, 0x93, 0x4C, 0x00, 0x16, 0x06, 0xC1, 0xC0, + 0x0C, 0x8B, 0xC0, 0x41, 0x41, 0x06, 0x42, 0xA3, + 0xC6, 0x64, 0x1A, 0x85, 0x91, 0x41, 0x06, 0x49, + 0x04, 0xA7, 0x44, 0x82, 0x22, 0x6A, 0x50, 0x08, + 0x0E, 0x14, 0x18, 0x20, 0x4B, 0x88, 0x91, 0x01, + 0xA0, 0x49, 0x1A, 0x85, 0x4D, 0x94, 0x18, 0x10, + 0x0A, 0x05, 0x44, 0x94, 0x38, 0x05, 0x93, 0x40, + 0x68, 0x23, 0x07, 0x85, 0xE2, 0x12, 0x22, 0x9B, + 0xB8, 0x08, 0xD2, 0x10, 0x2A, 0x08, 0xA8, 0x10, + 0x92, 0x40, 0x2D, 0xD8, 0x44, 0x4C, 0xCC, 0x94, + 0x05, 0x24, 0x43, 0x4C, 0xD3, 0xC2, 0x48, 0x10, + 0x21, 0x2D, 0xC9, 0xB6, 0x08, 0xC9, 0x06, 0x4D, + 0xE1, 0x90, 0x20, 0x14, 0x24, 0x70, 0x5C, 0x84, + 0x28, 0xC0, 0xC2, 0x81, 0x22, 0x13, 0x50, 0x44, + 0x84, 0x91, 0xCA, 0xA2, 0x48, 0x12, 0x91, 0x05, + 0x5B, 0x92, 0x8D, 0x92, 0x92, 0x24, 0x82, 0x42, + 0x48, 0x03, 0x37, 0x46, 0xD8, 0x44, 0x86, 0x44, + 0x20, 0x89, 0xE4, 0xC2, 0x84, 0xC2, 0x04, 0x65, + 0x49, 0xA8, 0x4D, 0xA4, 0x38, 0x28, 0xDB, 0xA4, + 0x64, 0x24, 0x00, 0x51, 0xC8, 0x12, 0x6D, 0x19, + 0x82, 0x24, 0xCB, 0x00, 0x44, 0x4B, 0x20, 0x20, + 0x9B, 0x82, 0x4C, 0x5C, 0xA8, 0x08, 0xD2, 0xB6, + 0x8C, 0x08, 0x35, 0x20, 0xC0, 0x92, 0x45, 0xE3, + 0xB4, 0x2C, 0x50, 0x32, 0x0E, 0xD1, 0x82, 0x11, + 0x4A, 0x96, 0x08, 0x1C, 0x86, 0x29, 0x02, 0x19, + 0x71, 0x12, 0x03, 0x6E, 0x94, 0x08, 0x50, 0x12, + 0x27, 0x20, 0x0B, 0x10, 0x12, 0xA1, 0x18, 0x06, + 0x5A, 0x36, 0x4C, 0x93, 0xB4, 0x68, 0x21, 0xA7, + 0x28, 0x09, 0x34, 0x91, 0x18, 0x93, 0x49, 0x4A, + 0x32, 0x60, 0x00, 0x29, 0x2D, 0x94, 0x48, 0x44, + 0x09, 0x94, 0x2C, 0x21, 0x07, 0x6C, 0x41, 0x38, + 0x60, 0x8C, 0x10, 0x46, 0x11, 0x19, 0x65, 0x01, + 0x46, 0x60, 0x1A, 0x29, 0x42, 0x23, 0x30, 0x29, + 0x40, 0x96, 0x85, 0x81, 0xC6, 0x6C, 0x09, 0xA2, + 0x31, 0x23, 0xC9, 0x84, 0x18, 0x27, 0x61, 0x02, + 0xA6, 0x05, 0x1B, 0x11, 0x32, 0xD1, 0x80, 0x24, + 0x59, 0x22, 0x52, 0x21, 0x34, 0x64, 0x0A, 0x21, + 0x52, 0x10, 0xC2, 0x80, 0x5C, 0x98, 0x0D, 0x81, + 0xA0, 0x84, 0x14, 0x97, 0x04, 0xCC, 0xC2, 0x04, + 0x1A, 0x81, 0x45, 0x23, 0x44, 0x6C, 0x13, 0xC0, + 0x44, 0x59, 0xC2, 0x68, 0x64, 0x08, 0x52, 0x51, + 0x30, 0x71, 0x12, 0x49, 0x70, 0x12, 0x94, 0x84, + 0x80, 0x12, 0x12, 0x1B, 0x00, 0x50, 0x84, 0x10, + 0x45, 0x4A, 0x30, 0x10, 0x22, 0x95, 0x49, 0xC9, + 0x82, 0x24, 0x03, 0x35, 0x21, 0x18, 0x16, 0x72, + 0x09, 0x89, 0x65, 0x88, 0xB2, 0x89, 0x41, 0xB4, + 0x90, 0x92, 0x38, 0x8C, 0x08, 0x23, 0x26, 0x0B, + 0x80, 0x61, 0x84, 0x28, 0x6A, 0x4C, 0x98, 0x44, + 0x10, 0xB9, 0x30, 0x93, 0x02, 0x49, 0x22, 0x13, + 0x80, 0x1C, 0xC3, 0x48, 0x50, 0xA8, 0x20, 0x1C, + 0x05, 0x00, 0x5B, 0x02, 0x41, 0xD2, 0x84, 0x61, + 0x4B, 0x40, 0x46, 0x20, 0x21, 0x44, 0xD9, 0xC4, + 0x21, 0xD3, 0xA4, 0x4D, 0xC0, 0xC0, 0x09, 0x5B, + 0x28, 0x91, 0x18, 0x15, 0x41, 0x18, 0xC5, 0x4C, + 0x14, 0xB7, 0x61, 0xDB, 0x34, 0x25, 0x02, 0x06, + 0x41, 0x14, 0xA9, 0x65, 0x0B, 0x10, 0x04, 0x23, + 0xC7, 0x49, 0x13, 0x47, 0x0A, 0xD0, 0x30, 0x80, + 0x99, 0x32, 0x68, 0x50, 0x18, 0x06, 0xA2, 0x28, + 0x65, 0x13, 0x35, 0x82, 0xD3, 0x06, 0x81, 0x22, + 0x49, 0x4D, 0x48, 0x44, 0x30, 0xCA, 0x96, 0x2C, + 0x12, 0xC8, 0x08, 0xA1, 0x24, 0x2C, 0x52, 0xA8, + 0x28, 0x23, 0x14, 0x0A, 0xD4, 0x20, 0x4D, 0x18, + 0x12, 0x72, 0xD4, 0x80, 0x44, 0xDC, 0x26, 0x2C, + 0x88, 0x10, 0x0A, 0x04, 0x14, 0x51, 0xC1, 0x96, + 0x00, 0xA3, 0x40, 0x30, 0x99, 0x48, 0x92, 0x9B, + 0x08, 0x86, 0x81, 0x04, 0x20, 0x4C, 0xB2, 0x29, + 0x18, 0x31, 0x08, 0x09, 0x23, 0x8C, 0x4C, 0x02, + 0x6A, 0xCA, 0x00, 0x62, 0x09, 0x22, 0x2D, 0x21, + 0x00, 0x02, 0x0A, 0x39, 0x41, 0x04, 0xA3, 0x50, + 0x90, 0x80, 0x2D, 0x59, 0xB4, 0x71, 0x13, 0x16, + 0x31, 0x11, 0x90, 0x4C, 0xC3, 0x14, 0x20, 0x60, + 0xB2, 0x30, 0x0A, 0xB6, 0x24, 0x21, 0xA9, 0x10, + 0x89, 0x80, 0x88, 0x44, 0x06, 0x8A, 0x91, 0x22, + 0x8E, 0xD9, 0x36, 0x86, 0x10, 0x46, 0x0A, 0xE1, + 0x16, 0x85, 0x42, 0x40, 0x6C, 0x09, 0x49, 0x11, + 0xE0, 0x88, 0x68, 0x12, 0x08, 0x68, 0x5C, 0x26, + 0x24, 0x04, 0xA8, 0x70, 0xC8, 0x08, 0x05, 0x13, + 0x87, 0x41, 0x23, 0x29, 0x72, 0xC9, 0xB8, 0x88, + 0x1B, 0x22, 0x66, 0x11, 0xA5, 0x2D, 0x11, 0x29, + 0x12, 0x50, 0x12, 0x70, 0x03, 0x09, 0x6A, 0x4B, + 0x88, 0x4C, 0xD2, 0xC8, 0x31, 0x40, 0x26, 0x40, + 0x4C, 0x04, 0x50, 0x58, 0x16, 0x71, 0x90, 0xC2, + 0x00, 0x0A, 0x30, 0x8A, 0xDC, 0x24, 0x85, 0x19, + 0xB0, 0x65, 0x1A, 0xA3, 0x64, 0x13, 0xA3, 0x45, + 0xC8, 0x48, 0x91, 0x91, 0x12, 0x20, 0xDC, 0x42, + 0x40, 0x24, 0xC0, 0x4D, 0xA3, 0x98, 0x10, 0x40, + 0x26, 0x25, 0xDC, 0xB4, 0x68, 0x4B, 0xC2, 0x45, + 0x13, 0x06, 0x91, 0xC8, 0x92, 0x24, 0x82, 0xA8, + 0x20, 0x4C, 0x30, 0x48, 0x52, 0x06, 0x01, 0x0B, + 0x24, 0x51, 0x41, 0x36, 0x40, 0x93, 0xC4, 0x70, + 0x44, 0x40, 0x2C, 0x24, 0x28, 0x22, 0x81, 0xA4, + 0x4C, 0x43, 0x84, 0x60, 0x20, 0x23, 0x90, 0x01, + 0x94, 0x6C, 0xDB, 0x28, 0x21, 0x93, 0x30, 0x80, + 0x93, 0xC0, 0x25, 0xC8, 0xA6, 0x50, 0xCA, 0x24, + 0x26, 0xD1, 0x40, 0x31, 0x04, 0xC4, 0x8D, 0xE2, + 0xC0, 0x04, 0x08, 0x33, 0x8C, 0x18, 0x87, 0x91, + 0xC8, 0xC8, 0x71, 0x40, 0x46, 0x06, 0x00, 0x44, + 0x20, 0x22, 0x49, 0x70, 0x11, 0x45, 0x90, 0x02, + 0xC3, 0x61, 0x60, 0xB4, 0x25, 0x80, 0x16, 0x21, + 0x11, 0x09, 0x04, 0x88, 0x04, 0x05, 0xCC, 0x36, + 0x20, 0x01, 0xB1, 0x2C, 0x64, 0xB6, 0x50, 0x54, + 0x32, 0x42, 0x0B, 0x08, 0x8D, 0x12, 0x39, 0x0D, + 0x10, 0x29, 0x52, 0x88, 0xB0, 0x04, 0x11, 0x38, + 0x44, 0xD2, 0xA6, 0x71, 0x0B, 0x45, 0x48, 0x9C, + 0x34, 0x72, 0xA0, 0x28, 0x49, 0x82, 0x16, 0x86, + 0x12, 0x18, 0x61, 0x04, 0x41, 0x0D, 0x8A, 0xA6, + 0x41, 0x80, 0xA8, 0x61, 0xDA, 0x30, 0x65, 0x82, + 0x84, 0x30, 0x08, 0xA3, 0x29, 0x04, 0x33, 0x8E, + 0x02, 0x24, 0x0D, 0x9C, 0x44, 0x10, 0xC9, 0x02, + 0x81, 0x53, 0x06, 0x66, 0x8B, 0x06, 0x90, 0x03, + 0x87, 0x69, 0x21, 0xC9, 0x69, 0x83, 0x46, 0x4E, + 0x14, 0x24, 0x89, 0x8C, 0xA0, 0x6C, 0x99, 0xA2, + 0x2C, 0x11, 0x37, 0x66, 0x0C, 0xA6, 0x4D, 0xD3, + 0xC8, 0x70, 0x03, 0x02, 0x61, 0xC3, 0xB6, 0x65, + 0x23, 0xC1, 0x6C, 0x10, 0x34, 0x8D, 0x1A, 0xC1, + 0x31, 0x43, 0x40, 0x44, 0xD4, 0x08, 0x02, 0x0A, + 0x36, 0x20, 0xE3, 0x26, 0x42, 0x0A, 0x48, 0x26, + 0x1A, 0x13, 0x44, 0x0C, 0x18, 0x61, 0x91, 0x96, + 0x84, 0x02, 0x17, 0x46, 0x9C, 0x20, 0x40, 0x41, + 0xC6, 0x2D, 0x1B, 0x16, 0x0C, 0x98, 0xB2, 0x90, + 0x1A, 0x20, 0x84, 0xE2, 0x34, 0x2D, 0xCB, 0x14, + 0x44, 0x93, 0xC6, 0x8D, 0x58, 0xB2, 0x69, 0x22, + 0xB2, 0x88, 0xC0, 0xB8, 0x2D, 0xA2, 0xC2, 0x31, + 0x20, 0xA3, 0x24, 0x11, 0x46, 0x48, 0x4A, 0xA6, + 0x50, 0x24, 0x09, 0x21, 0x1A, 0x01, 0x0D, 0x20, + 0x36, 0x01, 0xC4, 0x34, 0x70, 0xDA, 0x16, 0x68, + 0x84, 0x22, 0x4C, 0x11, 0x14, 0x09, 0x13, 0xC4, + 0x68, 0x11, 0x41, 0x2D, 0x1C, 0x10, 0x31, 0xDC, + 0xB2, 0x64, 0x42, 0x36, 0x08, 0x5C, 0x10, 0x88, + 0x04, 0x91, 0x25, 0xE1, 0xA0, 0x20, 0x14, 0x18, + 0x12, 0x14, 0x94, 0x91, 0x4C, 0xC2, 0x24, 0xD4, + 0x06, 0x71, 0x21, 0x02, 0x8D, 0xD4, 0x88, 0x30, + 0xC9, 0x36, 0x0E, 0xE4, 0x82, 0x81, 0xC0, 0x04, + 0x6D, 0x24, 0x23, 0x09, 0x21, 0x45, 0x45, 0x20, + 0x06, 0x65, 0xC2, 0x30, 0x2A, 0x18, 0x30, 0x8E, + 0x24, 0x83, 0x89, 0x93, 0x32, 0x66, 0xC1, 0x48, + 0x45, 0x62, 0x48, 0x0A, 0x52, 0xB8, 0x80, 0x11, + 0x86, 0x21, 0x04, 0x34, 0x11, 0x24, 0xB5, 0x6C, + 0x50, 0x36, 0x0A, 0x19, 0xA7, 0x8C, 0x14, 0x90, + 0x0D, 0x1A, 0xA5, 0x68, 0x0B, 0xB1, 0x11, 0x50, + 0x40, 0x08, 0x48, 0xB6, 0x31, 0x14, 0x28, 0x8D, + 0xE3, 0x47, 0xB4, 0xA1, 0x44, 0x94, 0xCC, 0x9F, + 0x0B, 0x94, 0x9F, 0x25, 0x49, 0xD9, 0xB3, 0x8F, + 0x71, 0xF4, 0x17, 0xA4, 0xA6, 0xAC, 0x24, 0x58, + 0x14, 0x25, 0x03, 0xC8, 0x63, 0x3E, 0x10, 0xA8, + 0xD4, 0x10, 0xD7, 0x90, 0x4A, 0x28, 0x37, 0x90, + 0x70, 0x27, 0xE3, 0x56, 0x5F, 0x04, 0x67, 0x76, + 0xC3, 0x67, 0x3F, 0xF5, 0xA5, 0x11, 0xA2, 0x2C, + 0x11, 0x01, 0x5D, 0x63, 0x71, 0x1A, 0xE6, 0x70, + 0x86, 0x46, 0xAB, 0xCE, 0x03, 0xB6, 0x82, 0xAF, + 0x51, 0xBA, 0x81, 0x94, 0x9C, 0x82, 0x36, 0xA9, + 0x49, 0xA5, 0xA3, 0x11, 0x08, 0x8C, 0x4B, 0x13, + 0x41, 0xF0, 0x08, 0xFD, 0xB2, 0x99, 0xED, 0xA8, + 0x07, 0x61, 0x3C, 0x2E, 0xBC, 0x49, 0x7B, 0x1C, + 0xBC, 0x87, 0xBC, 0xAE, 0x5F, 0x5E, 0x8F, 0x5D, + 0xE7, 0xB9, 0x0C, 0x70, 0x36, 0x25, 0x61, 0xFD, + 0x95, 0x9F, 0xAE, 0x0F, 0x8D, 0xF3, 0xA2, 0x45, + 0x24, 0xA7, 0xDE, 0x60, 0xD1, 0x4E, 0x6D, 0xAC, + 0xC7, 0x6A, 0x32, 0x42, 0xC0, 0x73, 0xEB, 0x78, + 0x50, 0xF4, 0x49, 0x52, 0x5E, 0x6F, 0x81, 0x42, + 0x54, 0xF8, 0x82, 0x05, 0xC9, 0x64, 0x74, 0x6A, + 0x60, 0x5E, 0x36, 0x59, 0x40, 0x50, 0xA3, 0xFE, + 0xDA, 0xE2, 0x6D, 0x8D, 0x6E, 0xE4, 0x5A, 0x27, + 0x73, 0x89, 0xDB, 0x0C, 0x5B, 0x14, 0xD9, 0xED, + 0xB2, 0xC7, 0x1D, 0x71, 0x93, 0x91, 0x0A, 0x72, + 0x32, 0xBE, 0xA3, 0xD8, 0x95, 0x8C, 0x94, 0x7E, + 0x63, 0xEB, 0xCE, 0x8B, 0xFC, 0xB0, 0x3F, 0x77, + 0x5C, 0x43, 0x48, 0x18, 0x83, 0xFE, 0xC8, 0xDA, + 0x89, 0xF2, 0x3B, 0x54, 0x82, 0x44, 0xC6, 0x9C, + 0xCC, 0x77, 0x0A, 0xC1, 0x6F, 0xB9, 0x98, 0x10, + 0xD5, 0xF2, 0x60, 0xFF, 0x38, 0xD2, 0x0D, 0xD6, + 0x8C, 0x38, 0x54, 0x5B, 0xD8, 0x38, 0x84, 0x50, + 0x36, 0xF4, 0x02, 0xC1, 0x06, 0x0F, 0x15, 0x1B, + 0xC8, 0x90, 0x9B, 0x6E, 0x36, 0xC8, 0x3F, 0xE9, + 0x8B, 0x62, 0x15, 0x6F, 0xF0, 0xC2, 0x86, 0x7F, + 0xD1, 0xB5, 0x97, 0x53, 0xAE, 0x41, 0xAE, 0x21, + 0x84, 0xAC, 0x57, 0xA5, 0x1F, 0xA7, 0xC7, 0x24, + 0xDF, 0xDE, 0x2F, 0x3C, 0xCD, 0xA2, 0x7E, 0x1D, + 0x97, 0xE1, 0x96, 0xC5, 0xB4, 0x7D, 0xF9, 0x5F, + 0x7E, 0xEF, 0x09, 0xC4, 0xF3, 0x57, 0xF0, 0x51, + 0x73, 0xAB, 0x0E, 0x6A, 0xCA, 0x64, 0xE4, 0x99, + 0x0F, 0xD2, 0x20, 0xAC, 0x72, 0xF1, 0xA8, 0x23, + 0x8F, 0x94, 0x63, 0xDC, 0xB3, 0xBB, 0x62, 0x2C, + 0xEA, 0xA6, 0x27, 0x5A, 0x93, 0xC6, 0xCD, 0xCE, + 0x1E, 0x09, 0xAF, 0x89, 0xEC, 0x22, 0xE4, 0x30, + 0x2D, 0xB9, 0xCD, 0x08, 0x2E, 0x12, 0x76, 0x79, + 0x99, 0xBC, 0xA0, 0x34, 0x0B, 0xDA, 0x89, 0x08, + 0x14, 0x60, 0x7B, 0x98, 0xE6, 0xAF, 0xD2, 0xE1, + 0x87, 0xC8, 0xDA, 0x50, 0xF7, 0x10, 0x2C, 0x72, + 0x74, 0x50, 0xD0, 0x3C, 0x98, 0x06, 0xFE, 0xEB, + 0xC6, 0xC5, 0x69, 0x31, 0x06, 0xE2, 0x2E, 0x7E, + 0x7D, 0x3D, 0x2B, 0x1F, 0x48, 0x43, 0xC5, 0x95, + 0xDA, 0x84, 0x08, 0x1E, 0x2B, 0x50, 0x6D, 0x91, + 0xA6, 0x2B, 0xCD, 0x08, 0x43, 0x7B, 0xA2, 0xD8, + 0x60, 0x6E, 0xF7, 0x80, 0x08, 0xC3, 0x3F, 0x35, + 0xF3, 0x70, 0xA5, 0xC7, 0x56, 0xFC, 0xBD, 0x34, + 0x46, 0x7B, 0xBF, 0x63, 0x19, 0xAC, 0xB6, 0xC3, + 0x1B, 0x81, 0x84, 0x9F, 0xBB, 0x54, 0x05, 0x99, + 0xAE, 0x43, 0xE2, 0xA5, 0x20, 0xFD, 0x5C, 0xC7, + 0x25, 0x47, 0xB1, 0xFD, 0x80, 0xB5, 0x78, 0xC2, + 0x00, 0x98, 0x02, 0xB9, 0x61, 0x2A, 0xBA, 0x39, + 0xC7, 0x20, 0xB8, 0x7D, 0x7A, 0x03, 0x68, 0xE5, + 0x37, 0x71, 0x1F, 0x72, 0xAA, 0x41, 0x61, 0xB4, + 0xC0, 0xC2, 0xD3, 0x7A, 0xCD, 0xD2, 0xED, 0xC2, + 0xC5, 0x99, 0x8C, 0x62, 0xA3, 0x7D, 0xC8, 0x9C, + 0xD2, 0x50, 0x02, 0x0D, 0xCB, 0x68, 0x15, 0xB0, + 0xD6, 0x19, 0x03, 0xC8, 0x01, 0x12, 0x72, 0xA1, + 0x3A, 0xC2, 0xA6, 0x63, 0x51, 0x26, 0x03, 0x5D, + 0x3F, 0x1D, 0x3B, 0x0E, 0x30, 0x6B, 0xB7, 0xEC, + 0xB6, 0x8E, 0x2D, 0x76, 0xC8, 0xD7, 0xAE, 0x59, + 0x81, 0xFC, 0x5F, 0x57, 0x5E, 0xAD, 0xA0, 0x20, + 0xC8, 0xB4, 0x91, 0x2D, 0xEC, 0x03, 0xC4, 0xC6, + 0x55, 0x05, 0x87, 0xA4, 0xA2, 0x21, 0x09, 0x25, + 0x97, 0x21, 0xA4, 0x46, 0x45, 0x46, 0x40, 0x3B, + 0xDC, 0x6F, 0xCD, 0xFB, 0xFB, 0xD9, 0xF4, 0x2C, + 0xEC, 0xF1, 0xC4, 0x73, 0x41, 0x30, 0x60, 0x63, + 0x9A, 0xF2, 0xA5, 0x26, 0x78, 0x9A, 0x5E, 0x70, + 0x98, 0xDE, 0x35, 0x10, 0xA0, 0x5D, 0x45, 0xD5, + 0x95, 0xF7, 0x11, 0xBC, 0x99, 0xD3, 0x00, 0x67, + 0x9A, 0x30, 0x85, 0x36, 0x50, 0xDB, 0x18, 0xEA, + 0x6D, 0xB2, 0xF3, 0x14, 0xDA, 0x23, 0xE2, 0x8A, + 0x44, 0x21, 0x25, 0xD4, 0xA3, 0x28, 0x43, 0xA0, + 0xC6, 0x5C, 0x99, 0xB0, 0x72, 0x6B, 0xC2, 0x1A, + 0x30, 0xBE, 0x6B, 0x7B, 0xE0, 0x31, 0x54, 0x8C, + 0x29, 0xE5, 0xC6, 0x69, 0x53, 0xDE, 0x05, 0x1E, + 0x43, 0xCC, 0x7E, 0x9A, 0x82, 0x4A, 0xC4, 0x0A, + 0x50, 0x65, 0xDC, 0xD8, 0xF9, 0x01, 0x32, 0x65, + 0x1E, 0xF9, 0xA4, 0xCC, 0x07, 0xB9, 0x55, 0x97, + 0x45, 0xA9, 0x61, 0xF8, 0xBE, 0x99, 0x00, 0x12, + 0xD8, 0x17, 0x62, 0xFB, 0x89, 0xE7, 0x05, 0x5E, + 0x1B, 0xCD, 0x2B, 0x09, 0x6C, 0x5A, 0x5C, 0xA3, + 0x66, 0x4D, 0x02, 0x78, 0x0C, 0xC3, 0x63, 0x30, + 0xD0, 0xFA, 0x7B, 0x11, 0x00, 0x40, 0xDD, 0xF0, + 0x8C, 0x7C, 0xBA, 0x4C, 0x63, 0x78, 0xDA, 0xBB, + 0xDF, 0xF9, 0xC9, 0xA4, 0x40, 0x25, 0x86, 0xD1, + 0xBA, 0x22, 0xD7, 0x69, 0x98, 0x4E, 0x9D, 0x15, + 0x21, 0xA8, 0x56, 0xC0, 0xFF, 0x52, 0xE4, 0xB4, + 0x0F, 0xB2, 0x53, 0xE7, 0xA1, 0x34, 0x18, 0xEA, + 0x5B, 0x25, 0x42, 0x13, 0xE3, 0x13, 0xE7, 0xDF, + 0x54, 0x2B, 0x8D, 0x70, 0x51, 0xC7, 0x60, 0xB1, + 0x1E, 0x4D, 0x3A, 0x46, 0x04, 0xA1, 0x11, 0x43, + 0xAD, 0x24, 0x29, 0x90, 0xC9, 0x04, 0x15, 0xC5, + 0x07, 0xE5, 0x46, 0xB8, 0x50, 0x16, 0x6B, 0x66, + 0xFE, 0x1C, 0x8B, 0xFC, 0x20, 0x9C, 0xC4, 0x88, + 0x10, 0x36, 0x5E, 0x56, 0xE8, 0x45, 0x75, 0x89, + 0xFB, 0xD6, 0xD0, 0x8D, 0x9D, 0x53, 0xAE, 0x89, + 0x19, 0x54, 0xCF, 0xE1, 0xFF, 0x12, 0x13, 0xF2, + 0xC7, 0xBE, 0x4C, 0x1E, 0xB0, 0x70, 0x6E, 0xDC, + 0x0A, 0x64, 0x3B, 0x60, 0x3A, 0xEA, 0x0D, 0x41, + 0xDD, 0x8E, 0x09, 0xB9, 0x96, 0x8F, 0x6A, 0x49, + 0x50, 0xEF, 0xDF, 0xD7, 0x73, 0x8D, 0x16, 0x32, + 0xA8, 0x5C, 0x0A, 0x90, 0x18, 0xA1, 0xEB, 0x19, + 0xCC, 0x50, 0xD5, 0x59, 0xD7, 0x35, 0x3F, 0xBA, + 0x38, 0x1B, 0x5F, 0x71, 0x56, 0x70, 0xB3, 0x20, + 0x4D, 0x9E, 0x16, 0xA8, 0xF7, 0x35, 0x19, 0xD2, + 0x09, 0x0A, 0x22, 0x28, 0x81, 0x61, 0x26, 0x5B, + 0x9C, 0xEC, 0x9D, 0x4A, 0x61, 0xCF, 0x0D, 0x3C, + 0x88, 0xEA, 0x0B, 0x7A, 0xA7, 0xC6, 0xAE, 0x31, + 0xBE, 0xC2, 0xBA, 0x48, 0xBB, 0x9D, 0x06, 0xE1, + 0x32, 0x6D, 0x80, 0xCE, 0x27, 0x5C, 0x6F, 0x13, + 0x79, 0x35, 0x9F, 0x9C, 0x11, 0xEA, 0xDB, 0xF5, + 0x49, 0x15, 0xB6, 0x51, 0x86, 0xFC, 0x62, 0x34, + 0x3D, 0x58, 0x6B, 0x0E, 0xF8, 0x3B, 0xBB, 0x42, + 0xF6, 0x2D, 0x5C, 0xE2, 0xF3, 0xAA, 0x9F, 0x03, + 0x43, 0xE9, 0x9E, 0x90, 0xB9, 0xFF, 0x55, 0x93, + 0x60, 0xF8, 0x10, 0x2F, 0xFC, 0xBD, 0x40, 0x23, + 0xB8, 0x4F, 0x4C, 0x7A, 0x74, 0x9F, 0xDC, 0x55, + 0xDF, 0x5E, 0xCD, 0x23, 0xEB, 0xAC, 0x47, 0x4E, + 0x0D, 0x0F, 0xBE, 0xDE, 0x02, 0x64, 0x61, 0x7E, + 0x73, 0x78, 0x8E, 0x25, 0xE9, 0x7D, 0x66, 0xE5, + 0x82, 0xBF, 0x98, 0x5B, 0x36, 0xCE, 0x17, 0x72, + 0x56, 0x9C, 0xDA, 0x63, 0x77, 0x55, 0x8B, 0xA9, + 0x75, 0xF5, 0x28, 0xC3, 0x78, 0x6D, 0x8F, 0xC2, + 0x75, 0x5F, 0x28, 0x9E, 0x3F, 0xFB, 0xF1, 0xFD, + 0xB7, 0xDE, 0x05, 0x3C, 0xD3, 0xE8, 0xD7, 0x7A, + 0x7D, 0xC9, 0xF7, 0x9D, 0x58, 0xB4, 0xA6, 0x21, + 0x25, 0xFC, 0x52, 0x84, 0x21, 0xF6, 0x0B, 0x6D, + 0xA6, 0x62, 0x51, 0x97, 0xCD, 0xA9, 0xA1, 0x0C, + 0x88, 0x21, 0x67, 0xA5, 0xFB, 0x8C, 0x8A, 0x50, + 0xC5, 0x21, 0x91, 0x3A, 0xAB, 0x95, 0x96, 0xF3, + 0x30, 0x6D, 0x08, 0x42, 0x07, 0x4B, 0x78, 0x1F, + 0xC1, 0xD3, 0x41, 0x15, 0x68, 0xED, 0x93, 0x09, + 0xC7, 0x8B, 0xF9, 0x77, 0x25, 0xD3, 0xCE, 0x2B, + 0xA2, 0x0D, 0xB4, 0xC6, 0x84, 0x7F, 0x8E, 0xE5, + 0x24, 0x46, 0x59, 0x8D, 0x6F, 0x0F, 0x0C, 0xA8, + 0xFC, 0x04, 0x9B, 0x4D, 0x2B, 0xA7, 0x70, 0x1F, + 0x46, 0x7E, 0x76, 0x03, 0xC6, 0x7E, 0xA5, 0x3D, + 0x79, 0xE2, 0xF1, 0xAC, 0xBC, 0xDD, 0xF6, 0x91, + 0x69, 0x4C, 0x44, 0x1F, 0xC3, 0xBF, 0x9F, 0xFC, + 0x4E, 0xB0, 0x79, 0x30, 0x68, 0x89, 0xAC, 0xF2, + 0xD7, 0xC6, 0xE1, 0x6C, 0x37, 0xFB, 0xB3, 0x38, + 0x44, 0x2C, 0x97, 0xAB, 0xDA, 0x2C, 0x88, 0xC7, + 0xF2, 0x80, 0x08, 0x00, 0x4E, 0x44, 0xED, 0xBE, + 0xA4, 0x28, 0x3D, 0xC1, 0xCF, 0x9E, 0x83, 0xE7, + 0x2E, 0x7F, 0xF5, 0x08, 0x47, 0x26, 0xE0, 0xBD, + 0x1A, 0x17, 0xDB, 0x2F, 0xED, 0x19, 0x2E, 0x65, + 0x1B, 0x62, 0x5F, 0x08, 0x82, 0x10, 0x61, 0xCB, + 0xAA, 0xA7, 0xF8, 0x59, 0x4B, 0x46, 0xCB, 0xA2, + 0xCB, 0x41, 0x34, 0x30, 0x51, 0x58, 0x2A, 0xEE, + 0xE1, 0x5E, 0xAC, 0xCA, 0xBF, 0x37, 0x45, 0x98, + 0xBD, 0x93, 0x1B, 0x5A, 0x5E, 0x92, 0x14, 0x05, + 0x75, 0x2D, 0xFB, 0x8F, 0xBD, 0x24, 0x9B, 0x81, + 0xCD, 0xDD, 0xF5, 0xBE, 0x05, 0x0D, 0xBD, 0x4B, + 0x2B, 0x8C, 0x0A, 0xF0, 0x3A, 0x85, 0xD6, 0x74, + 0x65, 0x7F, 0x98, 0xF8, 0x57, 0xA2, 0x36, 0xA2, + 0xFE, 0xE4, 0xB4, 0xA4, 0x0D, 0xEA, 0x9A, 0xBE, + 0x41, 0x79, 0x68, 0x63, 0x70, 0x3F, 0x3E, 0x38, + 0x60, 0xC3, 0x40, 0x81, 0x72, 0xDD, 0x25, 0x34, + 0xB4, 0xFE, 0xAC, 0x41, 0x6E, 0x4A, 0xE7, 0xBF, + 0xE3, 0x87, 0xFA, 0x20, 0x8B, 0xBD, 0x68, 0x9E, + 0x06, 0xA9, 0x15, 0x23, 0x07, 0x04, 0x4B, 0xFA, + 0x45, 0x45, 0xB7, 0x75, 0xD3, 0x3E, 0x16, 0x70, + 0xF6, 0x26, 0xF2, 0x3A, 0x9D, 0xFB, 0xEA, 0xEB, + 0x47, 0xCE, 0x99, 0x6B, 0x0E, 0xB2, 0xE8, 0x2B, + 0x18, 0x15, 0x14, 0x2E, 0xF2, 0x14, 0x0D, 0x44, + 0x47, 0x1E, 0x63, 0x84, 0x5B, 0x3F, 0xA8, 0xEF, + 0x5F, 0xEB, 0xA0, 0x41, 0x77, 0xC1, 0xF4, 0x4F, + 0x8E, 0x2E, 0x29, 0xCD, 0xDB, 0xF2, 0x75, 0x24, + 0x24, 0x46, 0x73, 0xC3, 0x46, 0xB5, 0xCA, 0x13, + 0x35, 0x12, 0x0A, 0x8D, 0x88, 0x89, 0x17, 0x99, + 0x13, 0xCA, 0x66, 0x07, 0x67, 0x6B, 0x7B, 0x3B, + 0x20, 0xD3, 0x5F, 0x78, 0x1C, 0xC0, 0x99, 0x59, + 0x0A, 0xBA, 0x8F, 0xA0, 0xDB, 0xDF, 0xCC, 0x03, + 0xC4, 0xA6, 0xC7, 0x08, 0xB9, 0xFD, 0x95, 0xC2, + 0x45, 0xF9, 0xF3, 0x11, 0x62, 0xF7, 0x14, 0xB9, + 0xEB, 0x09, 0xB3, 0x7C, 0xF8, 0xF6, 0x67, 0xCC, + 0x03, 0xB3, 0x06, 0x6F, 0x60, 0xAC, 0x72, 0xF2, + 0xD3, 0x71, 0x6C, 0x4D, 0xAD, 0x3A, 0x99, 0x75, + 0x5C, 0x52, 0x2D, 0x87, 0x69, 0x3E, 0xD6, 0x7E, + 0x12, 0x96, 0xD3, 0x88, 0x8D, 0x11, 0x85, 0xAA, + 0x0A, 0xA5, 0x32, 0x90, 0x51, 0xC5, 0x65, 0x64, + 0xE0, 0xA9, 0x73, 0xA4, 0xF3, 0x8A, 0x32, 0x83, + 0xE5, 0x08, 0x09, 0x39, 0x6A, 0x90, 0x2C, 0xC3, + 0xFC, 0x92, 0x29, 0x7A, 0x45, 0xBE, 0x02, 0x79, + 0x15, 0x1B, 0xBB, 0x60, 0xBB, 0xD9, 0x42, 0xF1, + 0xE5, 0x14, 0xB4, 0xA5, 0xFF, 0x12, 0x42, 0x30, + 0xB0, 0xCB, 0xD0, 0x1D, 0xB4, 0x62, 0x49, 0xC5, + 0xB7, 0xDA, 0x37, 0x47, 0x2C, 0x8B, 0x16, 0xCA, + 0xD2, 0x2C, 0xA1, 0x24, 0xE6, 0x57, 0xFA, 0xEB, + 0x2C, 0x62, 0x2E, 0x12, 0x74, 0x37, 0x2B, 0x3F, + 0x56, 0x23, 0x9C, 0xED, 0x90, 0xDE, 0x0D, 0x6E, + 0x9E, 0x11, 0x78, 0xA4, 0x9C, 0xB3, 0xA1, 0x37, + 0xF7, 0x4B, 0x09, 0x61, 0xD8, 0x33, 0x1D, 0x80, + 0x68, 0x5C, 0xDD, 0xBD, 0x3E, 0xAE, 0x9D, 0xB8, + 0xBA, 0x42, 0x41, 0xDC, 0xC9, 0x93, 0xF1, 0x92, + 0x2F, 0x7A, 0xF9, 0xFE, 0x67, 0x13, 0x87, 0xBD, + 0x7D, 0x04, 0x17, 0x91, 0xB6, 0x03, 0x5E, 0xA0, + 0x5B, 0x23, 0xEA, 0x0C, 0xFA, 0x45, 0xCB, 0x1A, + 0xC5, 0x7F, 0x63, 0xD6, 0x3D, 0x3C, 0x66, 0x4A, + 0x83, 0x4E, 0x4E, 0x90, 0xA6, 0x63, 0xB0, 0x8A, + 0xD7, 0x0D, 0xB4, 0xB7, 0xA9, 0x0F, 0xC6, 0xC7, + 0x3B, 0xAD, 0x07, 0xA6, 0x94, 0x47, 0xDB, 0x63, + 0x26, 0x00, 0x18, 0x5E, 0x27, 0xB5, 0xE2, 0xE3, + 0xED, 0x8D, 0x97, 0x95, 0x38, 0x20, 0x24, 0x9F, + 0x40, 0x84, 0x44, 0x7E, 0x8C, 0x05, 0xAB, 0xB1, + 0x89, 0x26, 0x7D, 0x46, 0x2C, 0x9F, 0xE5, 0xC1, + 0x27, 0xCE, 0x1D, 0x5A, 0x9F, 0xF1, 0xF8, 0x57, + 0x8F, 0xCF, 0xB7, 0x4E, 0x07, 0xF3, 0xBA, 0x56, + 0xCF, 0xE9, 0x87, 0x21, 0x61, 0xD6, 0x97, 0x7B, + 0x26, 0x97, 0x07, 0xB4, 0x87, 0xFE, 0x25, 0x9C, + 0xA9, 0x8E, 0x06, 0x90, 0x17, 0x2C, 0x98, 0x26, + 0x23, 0xEE, 0xBB, 0x91, 0x8A, 0x15, 0x38, 0xA1, + 0x38, 0xCB, 0x8B, 0xA0, 0xF3, 0x4A, 0xF2, 0x12, + 0xA7, 0xB7, 0x05, 0xB6, 0x09, 0xD0, 0xEC, 0xDD, + 0x21, 0xB6, 0xFA, 0x29, 0x95, 0xB4, 0x08, 0xD5, + 0x95, 0xB7, 0xB8, 0x2E, 0x23, 0xAA, 0x89, 0x81, + 0xE2, 0xD0, 0xFD, 0x9C, 0x8D, 0xF0, 0xCA, 0x61, + 0xE3, 0x1E, 0x73, 0x9E, 0xD1, 0x72, 0x5C, 0x63, + 0xB8, 0x74, 0x0E, 0x2C, 0x27, 0x3A, 0x71, 0xF9, + 0xFE, 0x66, 0x33, 0xE9, 0x41, 0x27, 0x61, 0xA3, + 0xFA, 0xD8, 0x66, 0x2A, 0x52, 0x6D, 0xAB, 0xBF, + 0x32, 0xC2, 0x8E, 0x8F, 0xB0, 0x60, 0x52, 0xE1, + 0x96, 0xC8, 0x1E, 0x9A, 0x3E, 0x07, 0xFA, 0x34, + 0xFA, 0x9C, 0x4C, 0x0D, 0x29, 0x0F, 0x68, 0xA6, + 0x59, 0x28, 0x22, 0xB1, 0x99, 0x56, 0x2C, 0x01, + 0x04, 0x2F, 0x34, 0x65, 0xFD, 0xD4, 0xD0, 0xD5, + 0x17, 0x7C, 0x14, 0x92, 0x73, 0x6C, 0x31, 0xCE, + 0xD4, 0xB3, 0x59, 0x83, 0x6B, 0x34, 0x7C, 0x76, + 0x8C, 0xED, 0xD5, 0xE2, 0x4F, 0x39, 0x44, 0xBF, + 0x90, 0x53, 0x9A, 0xC7, 0xD4, 0x6A, 0x86, 0xA3, + 0xE2, 0x15, 0x59, 0xD0, 0x0F, 0x32, 0x92, 0xC2, + 0x9B, 0x9E, 0xE3, 0xF6, 0x94, 0x96, 0xFD, 0x0B, + 0xB6, 0x06, 0x8F, 0x0D, 0x1F, 0x38, 0xFC, 0x6F, + 0xA2, 0x78, 0xAC, 0xC5, 0xB5, 0x6A, 0x6B, 0xEC, + 0x78, 0x8A, 0x6F, 0xD8, 0x21, 0xB7, 0xCF, 0x66, + 0x73, 0x03, 0xCA, 0x2E, 0x3C, 0x7F, 0x2F, 0x29, + 0x41, 0xC9, 0x88, 0xFD, 0x0E, 0xA0, 0x43, 0xD6, + 0x9E, 0xB1, 0xE7, 0x13, 0x9C, 0xF0, 0x9C, 0xCF, + 0x33, 0x22, 0x57, 0xEF, 0xE5, 0xCE, 0xD9, 0xAC, + 0x7D, 0x34, 0x75, 0xBD, 0xAE, 0x84, 0xEE, 0xE8, + 0x5D, 0x8C, 0x55, 0x86, 0xBA, 0x19, 0xE5, 0x9D, + 0x35, 0x6D, 0xD8, 0x70, 0xC5, 0xE0, 0xEA, 0x77, + 0x3A, 0xE5, 0xB5, 0x2C, 0xD2, 0x28, 0xB5, 0xE8, + 0xAF, 0xB1, 0xD2, 0xC4, 0xE5, 0x59, 0x06, 0xB8, + 0x2E, 0xA6, 0x8F, 0xC4, 0x9B, 0x30, 0xF9, 0x37, + 0xDB, 0x29, 0xA1, 0x44, 0x0B, 0xB7, 0xB5, 0xB4, + 0x12, 0xD3, 0x4E, 0xB3, 0xB7, 0xD8, 0x2F, 0x19, + 0xDE, 0x3B, 0xC3, 0x53, 0xCE, 0x1C, 0x34, 0x4C, + 0xA4, 0x6A, 0xE2, 0xD0, 0x04, 0xDF, 0x3C, 0x53, + 0x8B, 0x06, 0x8F, 0x36, 0xE5, 0x77, 0xB2, 0x7A, + 0x1A, 0xC0, 0x0C, 0xBD, 0xA3, 0xA0, 0xEE, 0xB6, + 0x40, 0xAD, 0x5C, 0x04, 0xAE, 0xCF, 0x64, 0x2B, + 0x8A, 0x18, 0x58, 0x86, 0xDE, 0xC9, 0x3D, 0x7D, + 0x15, 0xBC, 0xEE, 0x4C, 0x22, 0xF4, 0x98, 0xD9, + 0x37, 0xEE, 0xE2, 0x40, 0x43, 0xFF, 0xB2, 0x6F, + 0x05, 0xC0, 0x0E, 0x30, 0xDE, 0xD8, 0x0C, 0x0B, + 0xAD, 0xED, 0xCC, 0xBC, 0x29, 0x95, 0x07, 0x40, + 0x10, 0x99, 0xA0, 0xD1, 0x08, 0xF7, 0xD5, 0xF1, + 0xAD, 0xC9, 0xDD, 0xC8, 0x6A, 0x1E, 0x9E, 0x06, + 0xDF, 0x12, 0xFF, 0x66, 0x33, 0x5E, 0x21, 0x47, + 0xC3, 0xDE, 0x36, 0x98, 0x5B, 0xBF, 0x42, 0x9E, + 0x30, 0xA0, 0x81, 0x5C, 0x28, 0x34, 0x1B, 0x3A, + 0x32, 0xBC, 0xDE, 0x52, 0x53, 0x25, 0x1E, 0xF6, + 0xE2, 0x99, 0x12, 0x92, 0x07, 0x1D, 0xEB, 0x08, + 0x36, 0xA7, 0xD5, 0x18, 0x1F, 0xDB, 0x44, 0xA7, + 0xE1, 0x13, 0x06, 0xB0, 0xDF, 0x63, 0x82, 0x68, + 0xEF, 0xF5, 0x2B, 0x04, 0x0B, 0x93, 0xE8, 0xB0, + 0x92, 0x7B, 0xDE, 0x1F, 0xC9, 0x39, 0x8F, 0x42, + 0x9D, 0x06, 0x22, 0x13, 0xC9, 0x97, 0x2F, 0x43, + 0x8A, 0xBA, 0xAF, 0xF9, 0x71, 0xE3, 0x55, 0x5D, + 0x06, 0x77, 0x38, 0x39, 0xA3, 0xED, 0x41, 0x63, + 0xFE, 0x2A, 0xB3, 0x23, 0x43, 0x0C, 0xF3, 0x17, + 0x3B, 0x69, 0xED, 0x32, 0x0A, 0x54, 0xF3, 0x8D, + 0x76, 0xC6, 0x09, 0xDD, 0x88, 0x5B, 0x23, 0x57, + 0x72, 0xC4, 0x87, 0xB8, 0x9D, 0xF7, 0xCA, 0xFB, + 0x7C, 0x61, 0x67, 0x5C, 0x65, 0xF8, 0xD6, 0xD7, + 0x1E, 0x95, 0xB9, 0x73, 0x4D, 0x2E, 0x1F, 0x43, + 0x3E, 0x2B, 0x58, 0x92, 0x15, 0x2E, 0xAA, 0x51, + 0xF0, 0xD4, 0xF2, 0xA6, 0xCD, 0x12, 0x21, 0xD6, + 0xCA, 0x46, 0x2A, 0xFF, 0xCB, 0x1B, 0x6B, 0xB4, + 0x09, 0x17, 0x3B, 0xA2, 0x94, 0xDF, 0x1D, 0x68, + 0x8B, 0x75, 0xEA, 0x11, 0xD6, 0x99, 0x04, 0xD1, + 0x00, 0xDB, 0x61, 0xBC, 0xF2, 0x3B, 0x88, 0x4B, + 0x33, 0xDF, 0x0F, 0xD4, 0xFB, 0x14, 0x0C, 0x6A, + 0x53, 0x61, 0x1F, 0xBD, 0x28, 0xB2, 0x11, 0x19, + 0x38, 0x71, 0x17, 0x76, 0x4D, 0xEE, 0x01, 0xC4, + 0x77, 0x53, 0x2A, 0xAF, 0xD3, 0x78, 0xFF, 0x45, + 0x7F, 0x97, 0x9D, 0x26, 0x92, 0x0E, 0xD9, 0x4E, + 0x34, 0x1D, 0xE8, 0xDD, 0xBF, 0x5F, 0x87, 0xE6, + 0x35, 0x9A, 0x39, 0x71, 0x59, 0x20, 0x01, 0xFB, + 0x53, 0x2C, 0x61, 0x38, 0x0C, 0x8C, 0x02, 0xD3, + 0xA0, 0x53, 0x95, 0x02, 0xED, 0x5C, 0xFE, 0x9B, + 0xD3, 0x6A, 0xF3, 0x3F, 0x92, 0x6F, 0x33, 0x37, + 0x19, 0x97, 0x81, 0x3A, 0x50, 0xE1, 0xD9, 0x27, + 0x7E, 0x64, 0xF8, 0x01, 0x52, 0x26, 0x51, 0xD1, + 0x06, 0xAF, 0x20, 0xA0, 0x28, 0x0F, 0x3F, 0xCB, + 0x21, 0xB7, 0x55, 0x1A, 0x76, 0xB8, 0x9B, 0x4D, + 0xED, 0x2A, 0x05, 0x0E, 0x6E, 0xAF, 0xCC, 0xA1, + 0x08, 0x9C, 0xBE, 0x3F, 0x98, 0xE6, 0xB4, 0xB9, + 0x83, 0xC9, 0x08, 0x41, 0x96, 0xDD, 0xD9, 0x0D, + 0x52, 0x66, 0x94, 0xA4, 0xEA, 0xFC, 0xE5, 0x48, + 0x04, 0x73, 0x64, 0x79, 0x68, 0xC9, 0x4A, 0x81, + 0xA8, 0x07, 0xF8, 0xD9, 0x4E, 0x07, 0x1E, 0xC1, + 0x8F, 0x62, 0xAB, 0xA6, 0xD7, 0x68, 0xFC, 0x57, + 0x5E, 0x75, 0x1B, 0xBF, 0x3D, 0xA6, 0x91, 0xC5, + 0x08, 0x14, 0x5E, 0xF2, 0x4C, 0x22, 0x8B, 0x4E, + 0x29, 0x2D, 0xC0, 0x46, 0x3A, 0x9C, 0x9D, 0x86, + 0xCF, 0x51, 0x85, 0x9D, 0x93, 0x23, 0xA1, 0xA1, + 0xF3, 0x76, 0xB1, 0x56, 0xB0, 0xF4, 0x1F, 0x39, + 0xDA, 0xDB, 0x13, 0x70, 0x29, 0x89, 0x95, 0xD2, + 0xC5, 0xF3, 0x76, 0xFE, 0xEE, 0x99, 0xCF, 0xA0, + 0x84, 0xEC, 0x70, 0xF0, 0xD3, 0xFA, 0x42, 0xDB, + 0xFD, 0x99, 0x65, 0x2F, 0x84, 0x11, 0x99, 0xCD, + 0x38, 0xB3, 0x1B, 0xAB, 0x8C, 0x2D, 0x33, 0x04, + 0xCA, 0xE1, 0xB3, 0x05, 0x9A, 0x20, 0x80, 0xDB, + 0xED, 0x59, 0x42, 0x30, 0x48, 0x37, 0xB3, 0x85, + 0x5C, 0xEE, 0x54, 0x06, 0x92, 0x97, 0x4E, 0xFC, + 0xFA, 0xF7, 0x25, 0xE0, 0x4E, 0x57, 0xC4, 0x72, + 0x38, 0x59, 0xCA, 0x3C, 0x4A, 0x3F, 0x09, 0xD6, + 0x09, 0x15, 0x83, 0xEF, 0x24, 0x21, 0xDD, 0xFD, + 0x66, 0x9E, 0xBF, 0xEE, 0xCC, 0xBF, 0x86, 0x20, + 0x29, 0x40, 0x5E, 0x42, 0xD2, 0xC0, 0x24, 0x2D, + 0x76, 0xE6, 0x64, 0xF9, 0x5D, 0xC2, 0x85, 0xB6, + 0x09, 0x41, 0x04, 0x62, 0x17, 0xDC, 0xF8, 0xFA, + 0x2A, 0x4C, 0xD1, 0x82, 0x31, 0x57, 0xB7, 0x2B, + 0x49, 0xE8, 0x40, 0x13, 0x2A, 0xA1, 0x86, 0xD2, + 0x9A, 0xB8, 0xA9, 0xBE, 0x39, 0xBE, 0xE9, 0xA5, + 0x35, 0x12, 0x08, 0xF1, 0xA9, 0x9E, 0x57, 0x46, + 0x3A, 0x55, 0x16, 0xA7, 0x41, 0xD9, 0x25, 0xB8, + 0x2F, 0xAF, 0xA8, 0x81, 0x5F, 0x5F, 0x46, 0xA4, + 0x3B, 0xB3, 0xE9, 0x1B, 0x74, 0xEF, 0x5D, 0x57, + 0x48, 0x4A, 0x72, 0x08, 0xDA, 0xFE, 0x1D, 0x55, + 0x6B, 0xAB, 0x8B, 0x13, 0x18, 0xBF, 0xDD, 0xF4, + 0x4E, 0x01, 0x5F, 0x4B, 0xF6, 0x80, 0xD4, 0x16, + 0x4B, 0x2F, 0x03, 0x4B, 0xF8, 0x93, 0x20, 0x21, + 0x55, 0x52, 0x49, 0x4A, 0x6C, 0x1F, 0x7D, 0xAD, + 0x04, 0xEF, 0xB3, 0x74, 0xEE, 0xC5, 0xB6, 0xBC, + 0x33, 0x7A, 0xCF, 0x64, 0xB9, 0xF9, 0x41, 0x70, + 0xAF, 0xE9, 0xC7, 0xD6, 0x25, 0x18, 0x17, 0xAB, + 0xBA, 0xC9, 0x05, 0xEF, 0x40, 0x89, 0xD5, 0x69, + 0x76, 0xAA, 0xA0, 0x3E, 0x4D, 0x1C, 0xE7, 0x9D, + 0x9E, 0x74, 0xF4, 0xF2, 0x7B, 0x40, 0xF6, 0x57, + 0x78, 0x66, 0xFC, 0xDA, 0xE3, 0x6B, 0xD2, 0x6E, + 0xC7, 0x9D, 0x65, 0x84, 0xAF, 0x7A, 0x1F, 0xE4, + 0x34, 0xD4, 0x1A, 0x17, 0xA2, 0x72, 0xB0, 0xEE, + 0x5A, 0x0C, 0xF4, 0x02, 0xAC, 0x1D, 0x6F, 0x4A, + 0xD0, 0xB2, 0x02, 0x3A, 0x7D, 0x2C, 0xF1, 0x43, + 0x0E, 0x1E, 0x96, 0xEB, 0x42, 0xF8, 0x3A, 0xF5, + 0x0B, 0x5D, 0xA9, 0x23, 0x02, 0x28, 0xE5, 0x26, + 0x5E, 0x69, 0x38, 0x2F, 0x85, 0x34, 0x32, 0x5E, + 0x5E, 0x29, 0x33, 0x94, 0x05, 0xBD, 0x58, 0xF8, + 0xE8, 0x9C, 0xBF, 0xB1, 0x5A, 0x05, 0xC6, 0x23, + 0x9B, 0xBB, 0x57, 0x69, 0x8C, 0xE6, 0x41, 0x97, + 0x48, 0x01, 0x95, 0xAF, 0xE9, 0x62, 0x8C, 0x6F, + 0x09, 0x43, 0xF3, 0x64, 0x50, 0x90, 0x2F, 0x14, + 0xF7, 0x30, 0x07, 0xE0, 0x4B, 0xA8, 0x39, 0xAC, + 0x21, 0xC4, 0x07, 0x45, 0x5F, 0xD9, 0x87, 0xB1, + 0x57, 0x47, 0x07, 0x66, 0xFF, 0xC7, 0xAB, 0xEE, + 0x1F, 0x55, 0x71, 0x50, 0x63, 0xCF, 0x58, 0x3B, + 0xC8, 0x1B, 0xEA, 0xA5, 0xE2, 0xF1, 0x57, 0xB3, + 0x77, 0x65, 0xA9, 0xBD, 0x23, 0xC8, 0x30, 0x86, + 0xC3, 0x5F, 0xBF, 0x16, 0x3F, 0x42, 0x28, 0x0A, + 0xC6, 0x5A, 0x57, 0x15, 0x2F, 0xA1, 0x96, 0xA9, + 0x25, 0xC5, 0x8E, 0x32, 0x11, 0x62, 0xB3, 0x54, + 0x18, 0x00, 0xA4, 0xA6, 0xD4, 0x0F, 0x68, 0x27, + 0x8F, 0x21, 0x78, 0x02, 0x37, 0x98, 0xBD, 0xCE, + 0x3F, 0xBC, 0xF2, 0x9C, 0x66, 0x8E, 0x79, 0xA1, + 0x54, 0x12, 0x55, 0x2E, 0xC0, 0x59, 0xC7, 0x18, + 0x18, 0x22, 0x4D, 0x27, 0x8B, 0x8D, 0xF3, 0x08, + 0x99, 0xE6, 0x35, 0x14, 0xB1, 0xE3, 0xB8, 0x7A, + 0x40, 0x7B, 0x68, 0x7B, 0xFF, 0xDC, 0x54, 0x41, + 0x06, 0xCA, 0x91, 0xFE, 0xDB, 0x2B, 0xDA, 0x9E, + 0xC5, 0x20, 0xD8, 0xBF, 0x42, 0xBC, 0xE6, 0x39, + 0xC4, 0x26, 0x9E, 0xF3, 0x82, 0xD9, 0xF1, 0xA0, + 0x04, 0xAF, 0xFB, 0x77, 0x13, 0x36, 0xAF, 0xD7, + 0x91, 0x9B, 0x3A, 0x57, 0x98, 0xFE, 0xAD, 0xCD, + 0x46, 0xF8, 0xF8, 0xF1, 0x87, 0x53, 0xBD, 0x57, + 0x3F, 0x99, 0xBC, 0xA6, 0xBD, 0x9B, 0x6E, 0xF4, + 0x17, 0x7A, 0x78, 0x30, 0x70, 0xA3, 0x43, 0xFF, + 0x92, 0xCD, 0x99, 0x73, 0xAE, 0x65, 0x6A, 0x10, + 0xFF, 0x70, 0x47, 0x0F, 0x16, 0x4C, 0x4A, 0x90, + 0xF4, 0x52, 0x05, 0x79, 0x33, 0x63, 0xDE, 0x14, + 0x65, 0xAF, 0x8A, 0x5E, 0x67, 0x20, 0x03, 0x9F, + 0xE6, 0x70, 0x13, 0x6B, 0xE0, 0xF3, 0x6A, 0x4C, + 0x6B, 0x5B, 0xCB, 0xE1, 0x7C, 0x5D, 0x7D, 0xE3, + 0x23, 0xFD, 0xB8, 0x6A, 0xDA, 0x56, 0x1E, 0xA8, + 0x36, 0xC4, 0x29, 0x2D, 0x70, 0x41, 0x03, 0x18, + 0x31, 0x40, 0x79, 0x2E, 0xC8, 0x22, 0x98, 0x5E, + 0x11, 0xED, 0xA6, 0xDD, 0xB9, 0xAF, 0x8C, 0x27, + 0x5C, 0x1B, 0x2E, 0xEA, 0xB8, 0xC6, 0x2F, 0xA0, + 0x40, 0xB2, 0x64, 0x61, 0xFC, 0x0A, 0x3A, 0x10, + 0x88, 0xC2, 0x58, 0xEC, 0xA5, 0x8D, 0x14, 0xE9, + 0x9D, 0x21, 0xAF, 0x64, 0xD6, 0xC2, 0x5D, 0xAA, + 0x0B, 0x8A, 0x57, 0x0F, 0x84, 0x3E, 0x60, 0x8D, + 0xED, 0x05, 0x1D, 0x98, 0xED, 0xAE, 0x11, 0xD9, + 0x27, 0x03, 0x55, 0xED, 0xF5, 0x34, 0x92, 0x52, + 0xF2, 0x6F, 0x30, 0x3E, 0x69, 0xA5, 0x54, 0xA7, + 0x2E, 0x1B, 0x85, 0xAB, 0xA2, 0x3B, 0xEC, 0xC8, + 0x9D, 0xA9, 0xA3, 0xE4, 0xEF, 0x58, 0xB5, 0x33, + 0x88, 0x55, 0x16, 0x5E, 0x7D, 0x7E, 0x69, 0xFC, + 0xCA, 0xBD, 0x9C, 0x65, 0xFA, 0x0B, 0xBD, 0x7B, + 0x16, 0xC4, 0xE2, 0x9C, 0xB4, 0xF1, 0x6A, 0x25, + 0x70, 0x30, 0x32, 0xED, 0xEA, 0xD3, 0x1D, 0xDB, + 0x6F, 0x29, 0x2E, 0x42, 0x14, 0xBE, 0x03, 0x29, + 0x0A, 0x8A, 0x98, 0x9A, 0xD7, 0xB7, 0x0C, 0xF8, + 0xB9, 0xCF, 0x37, 0xC6, 0xAC, 0xAC, 0x6D, 0xCC, + 0x03, 0x23, 0x9F, 0x66, 0x85, 0x4B, 0x70, 0x45 + }; +#endif /* WOLFSSL_NO_ML_DSA_87 */ +#endif + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); + ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_44), 0); + ExpectIntEQ(XMEMCMP(key->p, pk_44, sizeof(pk_44)), 0); + ExpectIntEQ(XMEMCMP(key->k, sk_44, sizeof(sk_44)), 0); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0); + ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_44_draft), 0); + ExpectIntEQ(XMEMCMP(key->p, pk_44_draft, sizeof(pk_44_draft)), 0); + ExpectIntEQ(XMEMCMP(key->k, sk_44_draft, sizeof(sk_44_draft)), 0); +#endif +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); + ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_65), 0); + ExpectIntEQ(XMEMCMP(key->p, pk_65, sizeof(pk_65)), 0); + ExpectIntEQ(XMEMCMP(key->k, sk_65, sizeof(sk_65)), 0); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0); + ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_65_draft), 0); + ExpectIntEQ(XMEMCMP(key->p, pk_65_draft, sizeof(pk_65_draft)), 0); + ExpectIntEQ(XMEMCMP(key->k, sk_65_draft, sizeof(sk_65_draft)), 0); +#endif +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); + ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_87), 0); + ExpectIntEQ(XMEMCMP(key->p, pk_87, sizeof(pk_87)), 0); + ExpectIntEQ(XMEMCMP(key->k, sk_87, sizeof(sk_87)), 0); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0); + ExpectIntEQ(wc_dilithium_make_key_from_seed(key, seed_87_draft), 0); + ExpectIntEQ(XMEMCMP(key->p, pk_87_draft, sizeof(pk_87_draft)), 0); + ExpectIntEQ(XMEMCMP(key->k, sk_87_draft, sizeof(sk_87_draft)), 0); +#endif +#endif + + wc_dilithium_free(key); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +int test_wc_dilithium_sig_kats(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) + dilithium_key* key; +#ifndef WOLFSSL_NO_ML_DSA_44 + static const byte sk_44[] = { + 0x5D, 0xFB, 0x07, 0xA2, 0x04, 0x4B, 0x93, 0x16, + 0x75, 0xC7, 0x89, 0x43, 0xEA, 0xC3, 0xC4, 0xC5, + 0x7B, 0x07, 0x77, 0x8A, 0xD9, 0xAF, 0x2E, 0x87, + 0xC4, 0x70, 0xB9, 0xCC, 0x2C, 0x8D, 0xA1, 0xE3, + 0x75, 0xBC, 0xB3, 0xBC, 0xD1, 0x9E, 0x7B, 0xB9, + 0x83, 0xC9, 0x63, 0x66, 0xCC, 0xEA, 0x14, 0x1E, + 0xAE, 0x22, 0x07, 0x75, 0x52, 0x24, 0xC8, 0xC6, + 0xC6, 0x1F, 0x90, 0x89, 0x89, 0xCF, 0xF2, 0xF6, + 0x27, 0x98, 0xA6, 0x86, 0x45, 0x77, 0x95, 0x15, + 0xD4, 0x74, 0xDD, 0xA6, 0x1F, 0x33, 0x41, 0x42, + 0x4E, 0xDA, 0x24, 0x79, 0x60, 0x27, 0x34, 0x4E, + 0x36, 0x94, 0x14, 0x74, 0x81, 0x9A, 0x58, 0x44, + 0x2B, 0x74, 0xBF, 0x50, 0x60, 0xB8, 0x40, 0x94, + 0x4A, 0xEF, 0xDE, 0xA7, 0xA4, 0xCF, 0xFC, 0xB3, + 0x9D, 0xE2, 0x07, 0xFD, 0x9E, 0x6A, 0xC6, 0x2E, + 0x6D, 0x0D, 0xB2, 0xB4, 0x51, 0x2E, 0x20, 0x26, + 0x00, 0xB5, 0x30, 0x01, 0xA9, 0x2D, 0xE2, 0x42, + 0x02, 0x42, 0x12, 0x71, 0x24, 0xB7, 0x28, 0x94, + 0x30, 0x86, 0xDA, 0x22, 0x30, 0x00, 0x87, 0x65, + 0xCC, 0x22, 0x91, 0x1B, 0x05, 0x82, 0x03, 0x46, + 0x8A, 0xA0, 0x32, 0x26, 0x40, 0xB4, 0x84, 0xC3, + 0x14, 0x2D, 0x88, 0x14, 0x8C, 0x94, 0x92, 0x49, + 0x23, 0x15, 0x0E, 0xCA, 0x88, 0x09, 0x18, 0x94, + 0x68, 0x82, 0x38, 0x00, 0x21, 0x41, 0x28, 0x8C, + 0xB8, 0x80, 0x02, 0x09, 0x49, 0x5A, 0xB4, 0x11, + 0x9B, 0x28, 0x05, 0xE4, 0x42, 0x30, 0xCA, 0x24, + 0x80, 0xA4, 0x06, 0x2A, 0xD3, 0x92, 0x05, 0x1C, + 0x03, 0x6A, 0x22, 0x36, 0x4A, 0x92, 0x44, 0x52, + 0xE2, 0x48, 0x28, 0x19, 0x83, 0x68, 0x88, 0xC6, + 0x31, 0x41, 0x90, 0x50, 0x00, 0x43, 0x8E, 0x23, + 0x87, 0x60, 0x19, 0x43, 0x81, 0x50, 0x32, 0x69, + 0x81, 0xC0, 0x51, 0x12, 0x06, 0x08, 0x02, 0x08, + 0x82, 0xC4, 0xA6, 0x81, 0x03, 0xA5, 0x90, 0x8C, + 0xB6, 0x00, 0x90, 0x14, 0x66, 0x01, 0xB1, 0x08, + 0x12, 0x25, 0x48, 0x1A, 0x88, 0x11, 0x43, 0x38, + 0x60, 0x23, 0x26, 0x2E, 0x14, 0x45, 0x0D, 0x9C, + 0x92, 0x8C, 0xA2, 0x46, 0x12, 0x94, 0xA6, 0x05, + 0x88, 0xB0, 0x11, 0x0A, 0xB0, 0x28, 0xA4, 0x42, + 0x09, 0x9C, 0x82, 0x80, 0x1A, 0x80, 0x61, 0x59, + 0xB0, 0x8D, 0x40, 0xA6, 0x6D, 0x12, 0xC9, 0x0C, + 0xD9, 0x18, 0x68, 0xA3, 0x84, 0x2C, 0x02, 0xB6, + 0x25, 0x01, 0x40, 0x2C, 0xD8, 0x20, 0x4D, 0x1B, + 0x35, 0x30, 0x11, 0x10, 0x49, 0x63, 0x44, 0x31, + 0x8A, 0xB2, 0x70, 0x4B, 0x24, 0x28, 0xA0, 0x46, + 0x08, 0xC9, 0x06, 0x81, 0x08, 0xC5, 0x04, 0x4A, + 0xB2, 0x30, 0x08, 0x15, 0x04, 0x24, 0xA2, 0x65, + 0x9B, 0x88, 0x41, 0x19, 0x36, 0x2E, 0xE2, 0xB8, + 0x29, 0xD9, 0x12, 0x64, 0x41, 0xA6, 0x30, 0x22, + 0xB7, 0x8C, 0x93, 0x38, 0x69, 0x93, 0x30, 0x0A, + 0xC8, 0xB6, 0x85, 0x23, 0xB1, 0x8D, 0x01, 0x38, + 0x0A, 0x59, 0xA0, 0x09, 0x64, 0x12, 0x6E, 0x88, + 0x08, 0x22, 0xDB, 0x00, 0x08, 0x0C, 0x08, 0x12, + 0x99, 0x42, 0x44, 0x1B, 0x00, 0x68, 0x08, 0x13, + 0x26, 0x53, 0xA2, 0x40, 0x5A, 0x34, 0x25, 0x98, + 0x90, 0x8C, 0x00, 0x34, 0x2D, 0x93, 0x94, 0x48, + 0xC8, 0x22, 0x4C, 0xE2, 0x44, 0x29, 0xE2, 0x00, + 0x28, 0x14, 0x22, 0x40, 0x48, 0x28, 0x24, 0x22, + 0x49, 0x06, 0xCA, 0xC8, 0x0C, 0x4C, 0x12, 0x80, + 0x1B, 0xA5, 0x41, 0x11, 0x06, 0x48, 0x1B, 0x27, + 0x72, 0x20, 0x07, 0x31, 0x24, 0x10, 0x8E, 0x9C, + 0x94, 0x91, 0x1B, 0x37, 0x82, 0x51, 0x28, 0x2E, + 0x11, 0x06, 0x42, 0x01, 0x34, 0x6E, 0x8C, 0x22, + 0x25, 0x24, 0x34, 0x6A, 0x19, 0x47, 0x21, 0x23, + 0xB6, 0x09, 0x51, 0xB2, 0x31, 0x18, 0x34, 0x45, + 0x8C, 0xB8, 0x20, 0x1C, 0x19, 0x0A, 0x19, 0xB7, + 0x6D, 0x18, 0x97, 0x48, 0x09, 0x82, 0x04, 0x9C, + 0x12, 0x8A, 0x41, 0x08, 0x46, 0x24, 0x13, 0x31, + 0xD0, 0x42, 0x46, 0xC3, 0x16, 0x80, 0x51, 0x10, + 0x2E, 0x51, 0x48, 0x04, 0x5C, 0xC2, 0x64, 0x1A, + 0x10, 0x8E, 0xD9, 0x86, 0x64, 0x90, 0x24, 0x68, + 0x93, 0xB4, 0x45, 0x94, 0x30, 0x4A, 0xE3, 0x12, + 0x0C, 0x54, 0x04, 0x90, 0x03, 0x31, 0x40, 0x62, + 0x92, 0x4D, 0x5C, 0xC8, 0x10, 0x8A, 0xB8, 0x61, + 0x5C, 0x04, 0x6A, 0xC8, 0xB0, 0x85, 0x93, 0x00, + 0x05, 0xC3, 0x06, 0x69, 0x1B, 0x34, 0x8E, 0x03, + 0x84, 0x0C, 0x50, 0x00, 0x2C, 0x8C, 0x96, 0x90, + 0x08, 0x32, 0x68, 0x0B, 0x90, 0x8C, 0x02, 0x86, + 0x2D, 0x18, 0x38, 0x09, 0x1C, 0xB2, 0x21, 0x1B, + 0x48, 0x04, 0x5C, 0x10, 0x86, 0xD8, 0x34, 0x51, + 0x43, 0x84, 0x88, 0x43, 0xB2, 0x65, 0x12, 0xB6, + 0x8D, 0x03, 0x01, 0x45, 0x19, 0xB8, 0x8D, 0x92, + 0x26, 0x4E, 0x12, 0x12, 0x88, 0x52, 0xB2, 0x64, + 0x21, 0x09, 0x26, 0x49, 0x38, 0x05, 0x24, 0x11, + 0x0A, 0x22, 0x38, 0x32, 0x23, 0x31, 0x20, 0x4A, + 0x24, 0x42, 0xC4, 0xA2, 0x44, 0x20, 0x10, 0x0D, + 0xA1, 0xA8, 0x51, 0x23, 0x86, 0x84, 0x81, 0x38, + 0x8E, 0x02, 0x00, 0x4A, 0x1C, 0xB7, 0x24, 0x4C, + 0x06, 0x0A, 0x1C, 0x26, 0x4E, 0xCC, 0x22, 0x48, + 0x4C, 0x92, 0x2D, 0xC0, 0x20, 0x2D, 0xA1, 0x16, + 0x89, 0xC3, 0x44, 0x82, 0x19, 0xA7, 0x6D, 0xC4, + 0x90, 0x10, 0x01, 0x82, 0x89, 0xD8, 0x44, 0x22, + 0xD9, 0x98, 0x20, 0xC0, 0x88, 0x45, 0x88, 0x22, + 0x0C, 0x90, 0x36, 0x90, 0x90, 0xA4, 0x05, 0xD3, + 0x82, 0x21, 0xD0, 0xA6, 0x28, 0x00, 0x33, 0x25, + 0xA2, 0xC2, 0x6C, 0xD8, 0x10, 0x71, 0xD1, 0x96, + 0x50, 0xC3, 0x34, 0x08, 0x8B, 0x94, 0x2D, 0x61, + 0x88, 0x04, 0x1B, 0xC8, 0x2D, 0xE2, 0x30, 0x64, + 0x20, 0x28, 0x24, 0x1A, 0x34, 0x50, 0x10, 0x25, + 0x6A, 0x64, 0x36, 0x81, 0x09, 0xC1, 0x45, 0xE3, + 0x30, 0x80, 0xC3, 0xA6, 0x8C, 0xE0, 0xB6, 0x10, + 0xC3, 0x34, 0x8D, 0xD1, 0x06, 0x11, 0x88, 0x20, + 0x0A, 0x0A, 0xC8, 0x21, 0x20, 0x81, 0x30, 0x9C, + 0x14, 0x61, 0x9B, 0xC2, 0x50, 0x22, 0x15, 0x8D, + 0x80, 0xA0, 0x41, 0x89, 0x24, 0x41, 0x20, 0x93, + 0x40, 0x01, 0xA6, 0x09, 0x08, 0x25, 0x2E, 0xC1, + 0xC6, 0x85, 0x00, 0x17, 0x62, 0x41, 0x30, 0x32, + 0xDC, 0x06, 0x6D, 0x48, 0x88, 0x08, 0x84, 0xC8, + 0x30, 0x5B, 0x96, 0x8D, 0x42, 0xB4, 0x4C, 0xD0, + 0x34, 0x88, 0xD0, 0x04, 0x02, 0x18, 0x15, 0x52, + 0x52, 0x26, 0x30, 0x8C, 0x46, 0x28, 0x20, 0x94, + 0x4C, 0x21, 0x18, 0x00, 0xD0, 0xB2, 0x48, 0x1B, + 0x17, 0x0A, 0x09, 0x30, 0x4C, 0x44, 0xC2, 0x04, + 0x47, 0x5E, 0xF2, 0x33, 0x31, 0xFF, 0x66, 0x73, + 0xE2, 0x6E, 0x6A, 0x32, 0xF2, 0x94, 0xBE, 0xFB, + 0xD5, 0x96, 0x4F, 0xED, 0x98, 0x7A, 0x42, 0xA2, + 0x35, 0xFC, 0x5B, 0x16, 0x08, 0x61, 0x45, 0xC0, + 0xB8, 0xA8, 0x23, 0xFB, 0xC1, 0x4F, 0x1C, 0x8C, + 0xD0, 0x3F, 0xD6, 0xEE, 0xC4, 0x95, 0x28, 0x3E, + 0x03, 0x5C, 0x0D, 0xCA, 0xE5, 0x2E, 0x68, 0xF3, + 0x29, 0xDE, 0x7A, 0xDF, 0xD6, 0x4F, 0xEE, 0x0B, + 0x11, 0x6D, 0x4A, 0x14, 0xE1, 0x53, 0x94, 0xB3, + 0x1D, 0xF8, 0x8B, 0xCA, 0x10, 0xD1, 0xC9, 0x06, + 0xAA, 0x82, 0x28, 0x7C, 0x11, 0x74, 0x99, 0xE9, + 0xD8, 0xC7, 0x7D, 0x17, 0xA9, 0x5C, 0xCC, 0x14, + 0xAF, 0xF9, 0xC2, 0x05, 0xD2, 0x64, 0x80, 0xA5, + 0x70, 0xB5, 0x77, 0x0B, 0x04, 0x81, 0x99, 0xCF, + 0x3F, 0x0E, 0x1B, 0x91, 0xAB, 0x39, 0x4B, 0x1F, + 0x65, 0xD4, 0x7F, 0x92, 0x98, 0xD0, 0x96, 0xCA, + 0x25, 0xC0, 0x99, 0xBC, 0x67, 0xF4, 0x33, 0x42, + 0x63, 0xE3, 0x6B, 0xD9, 0xE6, 0x6B, 0x99, 0x8A, + 0x07, 0xDC, 0x1E, 0x18, 0x1E, 0x05, 0x38, 0x6E, + 0x96, 0x8F, 0x1C, 0xB0, 0xAB, 0x1E, 0x9A, 0x67, + 0xD5, 0xD3, 0x30, 0x11, 0x20, 0x37, 0x82, 0x24, + 0x88, 0x1F, 0x65, 0x17, 0x59, 0xEC, 0x7D, 0xBF, + 0x45, 0x78, 0x1E, 0xF8, 0xA8, 0x4D, 0xAD, 0xAF, + 0xE6, 0x13, 0xD6, 0x01, 0x69, 0x66, 0xBD, 0x88, + 0x44, 0xB6, 0xA6, 0x17, 0xAC, 0xA1, 0xEE, 0xF6, + 0x73, 0xB7, 0x74, 0xCC, 0x80, 0x7B, 0x36, 0xDD, + 0x02, 0xDD, 0x45, 0x21, 0x66, 0x86, 0x03, 0x7F, + 0x9A, 0xC0, 0xB1, 0x2F, 0x57, 0x26, 0xF2, 0x51, + 0xC5, 0x72, 0x43, 0xE2, 0xC1, 0x88, 0xF5, 0xEC, + 0xC0, 0x97, 0xE0, 0xB9, 0x89, 0xB5, 0x8A, 0x5D, + 0x80, 0x4A, 0xBF, 0xD7, 0x20, 0x25, 0x55, 0x77, + 0x66, 0x8E, 0xE3, 0x04, 0xD0, 0x1C, 0x50, 0xFE, + 0x8B, 0x6D, 0x90, 0x68, 0x53, 0xCF, 0x7A, 0x49, + 0x4F, 0xB4, 0x79, 0x91, 0xF1, 0x81, 0xB7, 0x42, + 0x0E, 0x74, 0x19, 0x9C, 0x82, 0xE7, 0x1A, 0x82, + 0x4B, 0xF8, 0xC6, 0x13, 0x1D, 0xF4, 0xD1, 0x85, + 0x6F, 0x11, 0xE7, 0x04, 0x07, 0x70, 0x72, 0x4D, + 0xE7, 0x2C, 0x81, 0x5A, 0xC0, 0x44, 0x3F, 0x2E, + 0x77, 0xEC, 0x22, 0xA1, 0x28, 0xDB, 0x18, 0xE1, + 0x18, 0x3E, 0xE7, 0x96, 0x82, 0xC4, 0x30, 0x24, + 0xC9, 0x07, 0x46, 0x6C, 0x35, 0x4B, 0x1C, 0x7B, + 0x0E, 0x0E, 0xF0, 0x9F, 0x16, 0x48, 0x7B, 0xD8, + 0xA9, 0x9C, 0x3A, 0x0A, 0x9E, 0xDB, 0xF0, 0x0F, + 0x15, 0xA5, 0xEB, 0x1C, 0x50, 0xD4, 0x27, 0x36, + 0xDB, 0x07, 0x63, 0xBD, 0x56, 0xBD, 0xFA, 0x81, + 0x09, 0x9A, 0xDE, 0xCE, 0xE8, 0x4A, 0xEA, 0x06, + 0x9C, 0x06, 0x5B, 0x67, 0x03, 0x14, 0xB9, 0xE4, + 0x8C, 0x66, 0x75, 0xA3, 0xCC, 0x69, 0x39, 0x57, + 0xDA, 0x1D, 0x21, 0xBA, 0xCE, 0xD8, 0x70, 0x02, + 0xFF, 0xF5, 0x6F, 0x25, 0x3A, 0x3D, 0xFC, 0x79, + 0xA3, 0xF0, 0x3A, 0x3F, 0x2B, 0x10, 0x51, 0x9A, + 0xCB, 0xC9, 0x1A, 0xF5, 0xF1, 0x98, 0x5B, 0x5C, + 0x87, 0x96, 0x4E, 0xC8, 0x00, 0x8A, 0x3A, 0x6E, + 0x85, 0x02, 0xA5, 0xF1, 0x69, 0x32, 0x6E, 0xC1, + 0x95, 0x68, 0xCF, 0xA8, 0xE8, 0x85, 0x55, 0x4D, + 0x6A, 0x68, 0x1F, 0x00, 0xDD, 0x26, 0xB3, 0x24, + 0xF4, 0x9D, 0xD2, 0x4D, 0x81, 0x06, 0xDA, 0xE6, + 0x4D, 0x11, 0x73, 0xDF, 0xFE, 0x4F, 0xA6, 0x22, + 0x5E, 0x6C, 0x6D, 0x5E, 0xE3, 0x59, 0xCF, 0xF4, + 0x35, 0xA0, 0x80, 0x86, 0x89, 0x49, 0xB2, 0xED, + 0x0C, 0xC7, 0x3B, 0x42, 0x06, 0x68, 0x8D, 0x90, + 0x04, 0x1A, 0xBD, 0x51, 0xF6, 0xB9, 0x29, 0x2E, + 0xB6, 0xF0, 0x79, 0x40, 0x1E, 0x6E, 0x59, 0x94, + 0xFB, 0xF5, 0x6B, 0x72, 0x82, 0x4C, 0xB6, 0xC7, + 0x2B, 0x12, 0x71, 0x77, 0xDD, 0x89, 0xCC, 0x2F, + 0x98, 0xB0, 0x93, 0x1C, 0x98, 0xCE, 0x5E, 0x89, + 0x0D, 0x95, 0x7B, 0x98, 0xE1, 0xEA, 0xDC, 0xB7, + 0xFF, 0x22, 0xC5, 0x31, 0x40, 0x9E, 0x1C, 0x80, + 0x59, 0x47, 0x01, 0x49, 0xEC, 0x81, 0xEF, 0x16, + 0x32, 0x6B, 0xB0, 0x4E, 0xE2, 0x3B, 0xA3, 0xC1, + 0x03, 0x12, 0x0D, 0xA6, 0x65, 0xDE, 0x8D, 0xB0, + 0xA0, 0xBB, 0x75, 0xEF, 0x5C, 0xDA, 0xF4, 0xEE, + 0x47, 0x6E, 0x55, 0x02, 0x38, 0xCD, 0xC1, 0xAC, + 0xDD, 0x71, 0xA6, 0x34, 0xAB, 0xCE, 0xA5, 0x5C, + 0x90, 0xFF, 0xF8, 0xE0, 0xA7, 0x87, 0xBD, 0x21, + 0x36, 0x91, 0x4F, 0x23, 0xD8, 0x75, 0x58, 0xC5, + 0xF6, 0xBA, 0xAC, 0x54, 0x6C, 0x24, 0xB1, 0x41, + 0x02, 0x02, 0xB9, 0x44, 0x31, 0x0E, 0xC4, 0xC9, + 0xC6, 0x87, 0x85, 0x36, 0x05, 0xC8, 0xAE, 0xC9, + 0xF1, 0xEF, 0x6B, 0x67, 0x52, 0xD3, 0x9A, 0x15, + 0xBF, 0xA2, 0x47, 0xEF, 0x89, 0xFC, 0x06, 0x99, + 0xA1, 0x1A, 0xE4, 0x5A, 0x75, 0xE5, 0x09, 0xD4, + 0x54, 0xE9, 0x89, 0xF2, 0x60, 0x6E, 0xAB, 0x10, + 0xF8, 0x42, 0xE4, 0xAD, 0x57, 0xC6, 0xE3, 0x65, + 0x48, 0x94, 0x14, 0x05, 0x4F, 0x62, 0x20, 0x0F, + 0x3A, 0x1E, 0xC7, 0x62, 0xDC, 0x5C, 0x8E, 0xFA, + 0x19, 0x88, 0x47, 0x5D, 0xE8, 0xC3, 0xD5, 0x8C, + 0x2B, 0x71, 0xBA, 0x11, 0x98, 0x7C, 0x0A, 0xC6, + 0x42, 0x08, 0x3B, 0xAC, 0x76, 0xFB, 0x50, 0x78, + 0x8C, 0x26, 0x8F, 0xEE, 0x7B, 0xE2, 0x59, 0x9B, + 0x34, 0x58, 0x09, 0x2A, 0x8B, 0xCB, 0x1F, 0x31, + 0x94, 0x8F, 0xE4, 0x82, 0xDF, 0x9A, 0x54, 0x5B, + 0x63, 0x85, 0x94, 0xD6, 0x7A, 0x44, 0x06, 0x91, + 0x5C, 0xCD, 0xC7, 0x55, 0x57, 0x47, 0xC0, 0x4E, + 0x72, 0xA5, 0x48, 0xAB, 0x8F, 0xEE, 0x87, 0x6B, + 0x25, 0x82, 0x61, 0x3C, 0xCA, 0xBD, 0xA9, 0x6C, + 0xF1, 0x4A, 0xAA, 0xF6, 0x71, 0x6B, 0x79, 0x0B, + 0xFE, 0x4D, 0x92, 0x32, 0xD9, 0x03, 0x70, 0xD6, + 0x0B, 0xBC, 0x18, 0x4B, 0xA3, 0x3B, 0xCF, 0x77, + 0x83, 0x16, 0xE3, 0x4B, 0x11, 0x83, 0x8D, 0x8F, + 0x71, 0xFE, 0xEA, 0xC0, 0x42, 0xF0, 0x35, 0xB0, + 0x76, 0xEA, 0xC1, 0xC2, 0x62, 0xFA, 0x9C, 0x32, + 0xBC, 0x8D, 0x69, 0xB1, 0x38, 0xB3, 0x51, 0x31, + 0x8E, 0xD1, 0xF3, 0x44, 0x95, 0x95, 0x11, 0x52, + 0x36, 0xF4, 0xCA, 0x7C, 0xBA, 0x2B, 0xA9, 0xE1, + 0x03, 0xF0, 0xF5, 0x09, 0xAB, 0x91, 0x6E, 0x48, + 0xB8, 0xAF, 0x03, 0x9B, 0xDC, 0xD5, 0x1C, 0xAB, + 0xFA, 0xCA, 0xDC, 0xEE, 0x8E, 0x49, 0x84, 0xF5, + 0x61, 0xF9, 0x7D, 0x17, 0xCB, 0xF1, 0xDE, 0x9A, + 0x7A, 0x7B, 0xDA, 0xF3, 0x26, 0xE6, 0xD8, 0xAD, + 0x90, 0xE9, 0x5B, 0xAF, 0x15, 0x45, 0xD3, 0xE2, + 0x46, 0x69, 0xD1, 0xC5, 0xF4, 0x28, 0xE0, 0x7E, + 0x2C, 0x71, 0x10, 0xFF, 0x43, 0x59, 0x80, 0x93, + 0xE6, 0xF9, 0x28, 0xA0, 0x34, 0xC6, 0x86, 0xBA, + 0xE7, 0x5A, 0x56, 0x7A, 0xE4, 0xF5, 0x20, 0xB4, + 0x4D, 0xAC, 0xB4, 0x95, 0xE5, 0xB2, 0xC6, 0x43, + 0x9E, 0x2E, 0x67, 0x8E, 0x7C, 0x05, 0x4F, 0xF7, + 0x60, 0x14, 0x88, 0xC6, 0xAE, 0x4A, 0x05, 0x36, + 0x99, 0x73, 0x55, 0x10, 0xF9, 0xDB, 0xC3, 0x4C, + 0xD7, 0x6A, 0x19, 0x94, 0xC0, 0xFE, 0x74, 0x12, + 0xC0, 0xCE, 0x95, 0x15, 0xBF, 0x60, 0x3A, 0x8E, + 0xB5, 0xFC, 0x8A, 0xBC, 0xAC, 0x9F, 0x15, 0x10, + 0x44, 0x73, 0x58, 0x60, 0x5D, 0xA1, 0x33, 0xFD, + 0xDE, 0xBD, 0xF2, 0x22, 0x69, 0xEE, 0x1D, 0x46, + 0x8E, 0x2E, 0xE8, 0x21, 0x62, 0x1D, 0x27, 0x84, + 0xC4, 0x6D, 0xA8, 0x30, 0x02, 0xA6, 0x26, 0x94, + 0xFA, 0xB1, 0xEF, 0xEC, 0x3B, 0x8D, 0x6F, 0x1B, + 0x2C, 0xCE, 0x2A, 0x4E, 0xC4, 0x28, 0x35, 0x4E, + 0x39, 0xA4, 0xF4, 0x5C, 0x96, 0x65, 0xC1, 0xB8, + 0x55, 0xA5, 0x09, 0x15, 0xBC, 0x4D, 0x3B, 0xD0, + 0x1F, 0x7F, 0xBA, 0x90, 0x20, 0xCD, 0xBD, 0xC2, + 0xC8, 0xE5, 0xC6, 0xB0, 0x6F, 0x14, 0x4E, 0x6B, + 0xEA, 0x8A, 0x24, 0x44, 0xE1, 0x0A, 0xCD, 0xB2, + 0x05, 0xF3, 0x15, 0x71, 0x7C, 0x86, 0xFC, 0xF1, + 0xFD, 0x6B, 0xA6, 0xE3, 0xFC, 0x86, 0xE3, 0xBA, + 0x56, 0x6B, 0x8F, 0xBE, 0x02, 0x9A, 0x03, 0x0C, + 0x8C, 0x69, 0xE5, 0x7C, 0x15, 0xAE, 0x13, 0x12, + 0x25, 0x2B, 0x36, 0xFB, 0x51, 0xA1, 0x61, 0x5E, + 0x37, 0x46, 0x92, 0x0C, 0x0B, 0x71, 0x5C, 0x1D, + 0xA4, 0xDB, 0x04, 0xC1, 0x08, 0xED, 0x5C, 0x44, + 0x80, 0x70, 0xC1, 0x0E, 0x63, 0x6D, 0x92, 0xC2, + 0x1E, 0x18, 0x8E, 0x71, 0x0E, 0x7C, 0x10, 0x21, + 0x1E, 0xC2, 0xCF, 0xD6, 0x38, 0x7A, 0x9B, 0x5C, + 0x9E, 0xE8, 0x82, 0x3D, 0xDD, 0x40, 0x0C, 0x96, + 0x17, 0xEF, 0xB1, 0x25, 0xBA, 0x84, 0x45, 0x4F, + 0x64, 0xA6, 0x8E, 0x2B, 0xBA, 0xF1, 0xED, 0xB3, + 0x4F, 0x92, 0x5F, 0x1A, 0x73, 0x2A, 0x2A, 0x22, + 0x68, 0x19, 0x4C, 0x8A, 0x87, 0x51, 0x75, 0x78, + 0xCF, 0x3C, 0xC5, 0x97, 0xFD, 0x77, 0x43, 0xCB, + 0xAE, 0x3D, 0x9C, 0xB6, 0x45, 0x54, 0x45, 0xF4, + 0x1B, 0x92, 0xEE, 0xF4, 0x9D, 0xC4, 0x32, 0x10, + 0x6A, 0x48, 0xAB, 0xE9, 0x47, 0xBF, 0x2B, 0x92, + 0x49, 0x84, 0x23, 0x52, 0x05, 0xA1, 0x92, 0x3B, + 0xD7, 0x78, 0x2D, 0x9A, 0x15, 0xB4, 0xD9, 0xD3, + 0x45, 0xD0, 0x69, 0xF1, 0x38, 0x4D, 0x39, 0xEA, + 0x49, 0x7E, 0xC0, 0xE7, 0x7A, 0x07, 0x88, 0x1D, + 0x1F, 0xA3, 0xAC, 0xE9, 0xC3, 0xFD, 0x6B, 0x5D, + 0xF6, 0xB2, 0xB9, 0xAA, 0x9A, 0xBE, 0xF4, 0x06, + 0xD9, 0x5E, 0x81, 0xE5, 0x68, 0xDF, 0xEA, 0x20, + 0x4C, 0xEE, 0xED, 0x42, 0xA4, 0xD3, 0x7B, 0xA8, + 0x82, 0x98, 0x0D, 0xB4, 0xC8, 0xC3, 0x43, 0x28, + 0x13, 0xE9, 0x6B, 0x11, 0x0E, 0x54, 0xE6, 0xCD, + 0x11, 0x0A, 0x01, 0x36, 0x41, 0x78, 0xC5, 0x7D, + 0x00, 0xC6, 0x8D, 0xE7, 0x7B, 0x4C, 0xE6, 0x35, + 0x57, 0x8F, 0x56, 0xA9, 0x73, 0x5A, 0xEF, 0x93, + 0xF0, 0xD8, 0x16, 0xE3, 0x44, 0x8A, 0xA0, 0xA9, + 0xF1, 0x9C, 0x2E, 0x02, 0xD1, 0x3C, 0x66, 0xDD, + 0xE5, 0x35, 0xFE, 0x81, 0x77, 0x8D, 0xC2, 0x46, + 0x64, 0x03, 0x23, 0xCC, 0x37, 0x22, 0x60, 0x68, + 0xCC, 0x7F, 0x79, 0xE8, 0x6B, 0xD0, 0xEE, 0x1C, + 0x6A, 0xC3, 0x3C, 0xEB, 0x51, 0x95, 0xFA, 0xE4, + 0x28, 0x17, 0x94, 0x49, 0x22, 0x69, 0x64, 0x98, + 0x82, 0x8B, 0x68, 0x9F, 0x69, 0x35, 0xF9, 0xBF, + 0x33, 0x22, 0xA4, 0x32, 0x0F, 0x4C, 0x26, 0xE4, + 0x8D, 0xDF, 0xAE, 0xBD, 0xF4, 0x4D, 0x01, 0xAF, + 0xA1, 0xFA, 0x3E, 0xCE, 0xD3, 0xB0, 0x5D, 0x02, + 0xDB, 0x3B, 0xB4, 0x23, 0xB8, 0x55, 0x97, 0xB5, + 0x1F, 0x25, 0x64, 0xA7, 0x5D, 0x4A, 0x8C, 0x90, + 0xD4, 0xB6, 0x85, 0x20, 0x32, 0x09, 0x37, 0x26, + 0x00, 0xD5, 0x4D, 0x98, 0x5A, 0xCF, 0x29, 0x3B, + 0x0E, 0xAF, 0x69, 0x88, 0x78, 0x18, 0xAD, 0xD1, + 0xE1, 0xB7, 0xC5, 0xD7, 0xB7, 0x5F, 0xFE, 0xB5, + 0x64, 0xE0, 0x68, 0x0B, 0x4F, 0x46, 0x7B, 0xDE, + 0x0B, 0x11, 0x7A, 0x42, 0x10, 0x86, 0x09, 0x60, + 0xB5, 0xE0, 0x22, 0x17, 0x28, 0x68, 0x7A, 0xE9, + 0xEB, 0xBC, 0x6B, 0xD5, 0x95, 0x4C, 0xE0, 0xAE, + 0x57, 0xB1, 0x45, 0xFF, 0xC2, 0x7E, 0xB6, 0xA0, + 0xD3, 0x8E, 0x46, 0x16, 0xCE, 0xBE, 0x76, 0xCE, + 0x59, 0x5B, 0xA4, 0x96, 0x1E, 0x9F, 0x80, 0xF0, + 0x06, 0x7E, 0xCD, 0x6E, 0x27, 0xB8, 0x7D, 0x26, + 0xB6, 0x60, 0xA3, 0xAB, 0x52, 0xC1, 0x37, 0x9A, + 0xDD, 0x46, 0xF5, 0xB9, 0x39, 0x75, 0xAA, 0x19, + 0xF3, 0xE4, 0xA8, 0x95, 0x4B, 0x25, 0x3F, 0x0B, + 0x44, 0x13, 0xF5, 0x82, 0x10, 0x68, 0x03, 0xD5, + 0x0F, 0x99, 0xB5, 0xB2, 0x8B, 0x85, 0x77, 0x2E, + 0x78, 0x3E, 0xEE, 0x21, 0x6E, 0xAD, 0x2D, 0xCF, + 0x95, 0x62, 0x94, 0x1C, 0x50, 0xAB, 0xC5, 0xFA, + 0x8E, 0x24, 0xB6, 0x14, 0x86, 0x46, 0x8A, 0xAA, + 0x20, 0xDF, 0x15, 0xD1, 0x72, 0xF6, 0xAC, 0x03, + 0xAF, 0xDF, 0xCD, 0x53, 0x81, 0xBA, 0xDB, 0x07, + 0x8B, 0x8E, 0xBB, 0x70, 0x91, 0x57, 0x04, 0xB9, + 0x88, 0xE5, 0x8F, 0x45, 0xD3, 0xD6, 0x31, 0x12, + 0xA5, 0xC1, 0x28, 0xC6, 0x49, 0x90, 0x0F, 0x1D, + 0x69, 0x66, 0xE3, 0x98, 0x56, 0x7D, 0xE3, 0x48, + 0xAC, 0xC0, 0xDE, 0xE4, 0x2B, 0x88, 0x01, 0x19, + 0x4E, 0x99, 0xBB, 0x1A, 0xAF, 0x02, 0x5A, 0x91, + 0xE3, 0x2C, 0xE6, 0x56, 0x4D, 0x05, 0x10, 0xB9, + 0x10, 0xF2, 0x2A, 0x27, 0xDE, 0xCF, 0x9D, 0x2E + }; + static const byte msg_44[] = { + 0xB1, 0x34, 0x49, 0x15, 0xCC, 0xD6, 0x93, 0x41, + 0x6B, 0x37, 0xFE, 0xBD, 0x8D, 0xC7, 0xC7, 0xDB, + 0x9F, 0x25, 0x3E, 0x9D, 0xF5, 0x3C, 0xEC, 0x51, + 0x49, 0x23, 0xAA, 0xA2, 0x67, 0x6F, 0xBF, 0xA4, + 0xCC, 0x04, 0xFC, 0x68, 0xF9, 0xE3, 0x2F, 0x9E, + 0x86, 0x4C, 0x68, 0x95, 0xDB, 0x37, 0xE9, 0xFF, + 0xEB, 0x80, 0xF0, 0xF6, 0xB8, 0x6C, 0xB6, 0xAD, + 0x9C, 0x42, 0xF8, 0xFC, 0x75, 0x19, 0x8D, 0xD3, + 0xCC, 0xDA, 0xF5, 0x77, 0xC7, 0xB3, 0x5B, 0x8F, + 0x1B, 0xF6, 0x0A, 0xAB, 0xEA, 0x89, 0x94, 0x42, + 0x20, 0x1F, 0xBB, 0xF4, 0x42, 0x8C, 0x7E, 0xC1, + 0x7B, 0xC3, 0x1B, 0x54, 0x72, 0x4B, 0x95, 0x90, + 0xF7, 0x53, 0x1E, 0x6F, 0x79, 0x0A, 0x1F, 0xA7, + 0x74, 0x32, 0x83, 0x37, 0x2D, 0x31, 0x71, 0xB8, + 0x96, 0x6B, 0x47, 0x0A, 0xAA, 0x85, 0x26, 0xEB, + 0x4A, 0x6E, 0x81, 0xE6, 0x5A, 0xD0, 0xC2, 0x9F, + 0x2D, 0x37, 0xDD, 0x5B, 0x41, 0x2B, 0xAE, 0x68, + 0x2A, 0x66, 0x79, 0x68, 0x77, 0xC8, 0x2F, 0xFD, + 0xA9, 0x76, 0x24, 0x34, 0xEA, 0xC2, 0xC7, 0xD4, + 0xAF, 0x60, 0x9B, 0x27, 0x72, 0x49, 0x0D, 0xEE, + 0x9B, 0xFB, 0x00, 0x5D, 0x2F, 0x1A, 0x2E, 0xBB, + 0xA0, 0x32, 0xCD, 0x71, 0x59, 0xD5, 0x4B, 0xE5, + 0x96, 0xF3, 0x30, 0x68, 0xBE, 0x5D, 0x9A, 0x2D, + 0x94, 0x0C, 0x76, 0x70, 0xE6, 0x4E, 0x9A, 0xF7, + 0xD7, 0xD3, 0x3E, 0xC3, 0xAE, 0xC6, 0xF1, 0xD9, + 0xDE, 0xE3, 0x92, 0x84, 0xF0, 0x5C, 0xE0, 0x25, + 0xD1, 0x81, 0x76, 0x0D, 0x40, 0xE5, 0xC2, 0xD9, + 0xBE, 0xAE, 0x24, 0x20, 0xF4, 0x0D, 0x9F, 0x32, + 0xB7, 0xBD, 0xCD, 0x3A, 0xFB, 0x1C, 0x66, 0x0D, + 0x01, 0x71, 0x4D, 0x81, 0x37, 0x58, 0xDB, 0xB8, + 0x2C, 0x6B, 0x7E, 0x85, 0x80, 0x52, 0xB5, 0xA5, + 0x0E, 0x39, 0xE0, 0x15, 0xD3, 0xF2, 0x4A, 0x2C, + 0x64, 0xC9, 0xDD, 0xCC, 0x15, 0x0D, 0x90, 0x4F, + 0x07, 0xF6, 0x5F, 0xF6, 0x8A, 0xD0, 0x12, 0x9E, + 0xC3, 0xF8, 0x12, 0x3F, 0x3A, 0x03, 0xFC, 0x95, + 0x8A, 0xE2, 0x47, 0x8C, 0x6C, 0x6E, 0x03, 0x61, + 0x67, 0xD8, 0x51, 0x49, 0xF7, 0x9F, 0xB0, 0x3F, + 0xAA, 0xB9, 0x89, 0x7C, 0xE7, 0x3F, 0x88, 0x55, + 0xC5, 0x4C, 0x83, 0xD7, 0x53, 0xB1, 0x04, 0xB5, + 0x13, 0xD5, 0x6B, 0xC6, 0x4C, 0x3B, 0x08, 0x91, + 0x73, 0x47, 0x35, 0x13, 0x26, 0xD8, 0xEB, 0x47, + 0xCF, 0x66, 0xF1, 0x3F, 0xB9, 0x0F, 0x6A, 0xF5, + 0xA8, 0x94, 0xC7, 0x75, 0x00, 0x77, 0xA8, 0x9C, + 0xEB, 0x77, 0x22, 0xE2, 0xE6, 0x80, 0xA5, 0x9B, + 0xF8, 0x43, 0x8C, 0x52, 0x35, 0x31, 0xEA, 0x8C, + 0xC2, 0x83, 0x4F, 0xFC, 0x4E, 0xF0, 0x2D, 0x35, + 0xB8, 0x51, 0x46, 0xF2, 0xD6, 0x01, 0xD5, 0x00, + 0x99, 0x6A, 0x44, 0x10, 0x64, 0xAD, 0xCA, 0x1F, + 0x62, 0x3F, 0x2F, 0xE7, 0x45, 0x22, 0x47, 0xEF, + 0x86, 0x9D, 0x76, 0xD5, 0x78, 0x42, 0x07, 0x30, + 0x88, 0x86, 0x90, 0xB1, 0xA0, 0x08, 0xDA, 0x28, + 0x2A, 0xD1, 0x75, 0x7D, 0x21, 0x71, 0x29, 0x38, + 0x59, 0xC7, 0x3F, 0x55, 0x20, 0xB5, 0xBB, 0x48, + 0x03, 0xE7, 0xFA, 0xB0, 0x29, 0x00, 0xD2, 0x0F, + 0xE7, 0x65, 0x81, 0x8E, 0xE6, 0x24, 0xE7, 0xA1, + 0x94, 0x50, 0x9D, 0x01, 0x6B, 0x4B, 0xD7, 0x81, + 0x4E, 0xA0, 0xD5, 0x4A, 0x51, 0xEE, 0x95, 0x0A, + 0x14, 0x76, 0xD5, 0x87, 0xAA, 0x6F, 0x78, 0xC8, + 0xD2, 0xE0, 0xC8, 0xF8, 0xF2, 0x78, 0xD8, 0x2E, + 0x11, 0x90, 0x44, 0xB6, 0xBF, 0xD0, 0xBE, 0xD8, + 0x6F, 0xA4, 0x20, 0xA2, 0xC8, 0xA4, 0xEF, 0xB0, + 0x5D, 0x73, 0x06, 0xBE, 0x52, 0xF9, 0x32, 0xD8, + 0x06, 0x5D, 0xD1, 0x29, 0x23, 0x46, 0x25, 0x6E, + 0x42, 0x9D, 0xEE, 0x41, 0x9E, 0xF3, 0x7D, 0x1B, + 0x35, 0x28, 0x81, 0xDC, 0x47, 0x7F, 0x25, 0xA4, + 0x0A, 0xEB, 0x3E, 0x17, 0xE6, 0x1B, 0xCC, 0x00, + 0xD2, 0xE2, 0xA9, 0x3D, 0xEC, 0xF3, 0x00, 0xF0, + 0x81, 0x68, 0x21, 0xED, 0x49, 0xF9, 0x9B, 0x9B, + 0x8B, 0xED, 0xD9, 0x1E, 0xFA, 0x04, 0xBB, 0xB0, + 0x9A, 0xBD, 0x1D, 0x24, 0x36, 0xA7, 0xD6, 0x64, + 0x8A, 0x38, 0x3A, 0x3A, 0x8F, 0x09, 0x08, 0x0E, + 0x46, 0x7B, 0xE1, 0x03, 0x30, 0xBF, 0x62, 0x27, + 0x10, 0x74, 0xBE, 0xBD, 0x7F, 0x56, 0x39, 0x0D, + 0x1D, 0x39, 0x47, 0xF4, 0x02, 0x47, 0x6B, 0x62, + 0x6B, 0x52, 0xAC, 0xAB, 0x21, 0xAC, 0x10, 0x4A, + 0xAB, 0x59, 0x75, 0x33, 0x11, 0xD9, 0xE9, 0xE2, + 0xB2, 0x20, 0x6B, 0xA1, 0x09, 0x42, 0xB6, 0x37, + 0xE4, 0x5C, 0xE6, 0x9F, 0x54, 0xB4, 0x67, 0xBC, + 0xAE, 0xF3, 0xDC, 0x1A, 0xA2, 0x15, 0x47, 0x7B, + 0x15, 0xC8, 0x00, 0x35, 0x8E, 0x1D, 0x69, 0x04, + 0xD8, 0x9C, 0xA9, 0x6A, 0x03, 0x1A, 0x55, 0x48, + 0x6C, 0x4F, 0xC1, 0x68, 0x27, 0x26, 0x13, 0xAB, + 0x8E, 0x03, 0x50, 0x7B, 0xDD, 0xC2, 0x7E, 0x5C, + 0x8A, 0x6F, 0xBB, 0x5F, 0x8B, 0x22, 0x86, 0xA5, + 0xC5, 0x0E, 0xC5, 0x68, 0x60, 0xF6, 0xBF, 0xFF, + 0x6E, 0xBA, 0xDC, 0x21, 0x71, 0xD2, 0xEB, 0xD1, + 0x27, 0x8C, 0x58, 0x14, 0xC3, 0x2E, 0x13, 0x9E, + 0x04, 0x09, 0x61, 0xC3, 0x19, 0xC3, 0x03, 0x48, + 0x70, 0x33, 0x3B, 0x12, 0xF7, 0x3B, 0x38, 0xE7, + 0x18, 0x14, 0xA9, 0xF1, 0x60, 0x83, 0x65, 0xEB, + 0x32, 0xD5, 0x23, 0x8F, 0x6B, 0xF7, 0xD8, 0x00, + 0x21, 0xBD, 0xA3, 0x98, 0xDE, 0xD7, 0x13, 0x17, + 0xAB, 0x3C, 0xA4, 0xD7, 0xBE, 0x1D, 0xA7, 0x4A, + 0x1B, 0xC4, 0x0C, 0x9B, 0x2E, 0x34, 0x5B, 0xA7, + 0xA2, 0x3F, 0x9B, 0x2D, 0xDB, 0xAF, 0x85, 0x14, + 0x0A, 0xF9, 0x30, 0x9E, 0x86, 0x53, 0xAC, 0x24, + 0xAF, 0xD8, 0x25, 0xBC, 0x2A, 0x07, 0x2B, 0xCD, + 0x02, 0xFE, 0x3E, 0xF0, 0x0B, 0xE3, 0xF9, 0x51, + 0x5C, 0x29, 0xEB, 0x8A, 0xFB, 0xC3, 0xEF, 0xD1, + 0xF9, 0xCF, 0xDF, 0xE9, 0xEB, 0xA9, 0x49, 0x59, + 0xB5, 0x17, 0x7E, 0x28, 0x86, 0xB8, 0xD1, 0x8D, + 0xCA, 0x97, 0xF0, 0xCB, 0x80, 0x7E, 0xE3, 0xEA, + 0xE3, 0x1B, 0x48, 0xCF, 0xAC, 0x61, 0x3C, 0x2E, + 0x00, 0xAB, 0x74, 0xFB, 0x95, 0xF6, 0x64, 0xF3, + 0xCA, 0xBF, 0x6E, 0xEF, 0xCD, 0xDD, 0x6D, 0xA5, + 0xF8, 0x98, 0xEC, 0x38, 0xF2, 0xF0, 0x7D, 0x6D, + 0xCB, 0x75, 0xE0, 0x50, 0x9D, 0x13, 0x19, 0x24, + 0x07, 0x4C, 0x05, 0xF4, 0x5D, 0xCA, 0x25, 0xB7, + 0xCF, 0xE2, 0xBC, 0xFE, 0xEC, 0xAF, 0x5F, 0xC3, + 0x6C, 0xE6, 0xE3, 0xC5, 0x85, 0x43, 0x7B, 0x06, + 0x9F, 0xD2, 0xC6, 0xBB, 0xAD, 0x33, 0xD6, 0x86, + 0xBD, 0x5B, 0x9E, 0x2C, 0xA0, 0xD9, 0x8B, 0xDC, + 0x5E, 0x71, 0x7B, 0x6D, 0xF7, 0x1D, 0x40, 0x91, + 0x30, 0x8E, 0x84, 0x73, 0x9A, 0xD6, 0x7F, 0xA6, + 0x79, 0xA6, 0xCE, 0xE9, 0xA6, 0x83, 0x28, 0x4B, + 0x4F, 0xB3, 0x1B, 0x2C, 0x40, 0x8F, 0x52, 0xF0, + 0x59, 0x7D, 0x9C, 0x04, 0xEA, 0xF4, 0xAC, 0x6D, + 0xBB, 0x6C, 0x3F, 0xD6, 0x7F, 0x25, 0x39, 0xD8, + 0x87, 0xDF, 0xBC, 0xF3, 0xCA, 0xE4, 0x59, 0xFA, + 0x76, 0x66, 0x61, 0xA4, 0x8B, 0xFC, 0xFD, 0x6F, + 0x64, 0x03, 0x99, 0xD3, 0xAF, 0x07, 0x86, 0x35, + 0x99, 0x98, 0xCE, 0xFF, 0x7E, 0x9E, 0xB1, 0xB0, + 0x57, 0xA6, 0x29, 0x3D, 0xFF, 0xB7, 0xF3, 0xF2, + 0x51, 0x4B, 0x0B, 0x70, 0x29, 0x46, 0x06, 0x8A, + 0x6B, 0xBD, 0x75, 0x30, 0xD6, 0x91, 0x7F, 0xB1, + 0x1D, 0xBB, 0xAA, 0xBE, 0xD7, 0xAA, 0x46, 0x81, + 0xD7, 0x8A, 0xEA, 0x91, 0x86, 0x69, 0x2D, 0xDA, + 0x34, 0x70, 0x65, 0x2E, 0xB8, 0xA3, 0xF1, 0x44, + 0x56, 0xA5, 0xAA, 0xC4, 0x20, 0x88, 0x3B, 0x42, + 0x37, 0xB0, 0xA7, 0x2D, 0x91, 0x27, 0x63, 0xB6, + 0x7A, 0xC4, 0x13, 0x1A, 0x8A, 0x5D, 0x2F, 0x16, + 0x82, 0x96, 0xB9, 0x12, 0xD3, 0xB6, 0x61, 0xC4, + 0xE8, 0x3C, 0xE6, 0x3A, 0x61, 0xC0, 0x45, 0xEB, + 0xA5, 0x75, 0xEE, 0xB6, 0x7F, 0xB0, 0x70, 0xED, + 0x82, 0x39, 0xE5, 0x1A, 0x67, 0xD9, 0x80, 0x3C, + 0xE0, 0x0B, 0x85, 0x66, 0x74, 0xE0, 0xB7, 0x26, + 0x66, 0x26, 0xDD, 0x02, 0x15, 0xE5, 0xEF, 0x5F, + 0xDE, 0x7B, 0xF4, 0x0B, 0x99, 0x10, 0x21, 0x08, + 0xFC, 0x2D, 0xF2, 0x8B, 0xDC, 0xC8, 0xEA, 0xC6, + 0x3E, 0xFB, 0x20, 0x50, 0x1F, 0x24, 0x66, 0x99, + 0x80, 0x88, 0xC7, 0xA0, 0xB9, 0x6D, 0x1B, 0x75, + 0xC4, 0xC2, 0xE2, 0x52, 0xA0, 0xBF, 0x38, 0x01, + 0x5C, 0xA5, 0x8A, 0xDA, 0x79, 0x38, 0xAE, 0x2E, + 0xC7, 0x96, 0x6F, 0x30, 0x5B, 0xB4, 0x21, 0xC0, + 0xCD, 0x95, 0xCA, 0xD2, 0x12, 0x7D, 0xAD, 0x87, + 0x08, 0x6C, 0xC3, 0x8B, 0xF6, 0xB1, 0x5D, 0xAD, + 0x2C, 0x7C, 0x04, 0x41, 0xE5, 0x34, 0x2E, 0x4B, + 0x5A, 0xD9, 0x1E, 0x66, 0xF4, 0x23, 0xE2, 0x88, + 0x4D, 0xD9, 0x03, 0xFE, 0x6C, 0x64, 0x7D, 0x61, + 0xE6, 0x70, 0x0E, 0xA8, 0x83, 0x08, 0x07, 0xE6, + 0xFD, 0x64, 0x54, 0x3E, 0x3C, 0x6E, 0x9A, 0xD1, + 0x93, 0x37, 0x36, 0x90, 0xDE, 0x94, 0xF7, 0x16, + 0x15, 0x47, 0x94, 0xFE, 0x97, 0x5B, 0x11, 0x80, + 0xBA, 0x40, 0xAF, 0x7F, 0x05, 0xC1, 0x82, 0x91, + 0x69, 0xFD, 0xFB, 0xEC, 0x3A, 0xF7, 0xCF, 0xE1, + 0xD7, 0x9B, 0x59, 0x7E, 0xE4, 0x38, 0xA2, 0x96, + 0xEF, 0x14, 0x6A, 0x05, 0x99, 0x71, 0xE3, 0xF9, + 0x50, 0x8E, 0x35, 0x0B, 0x50, 0x71, 0x6D, 0xEC, + 0xB5, 0x1B, 0xC8, 0x80, 0x2A, 0xE6, 0x2A, 0x7F, + 0x4C, 0x2E, 0x6F, 0x7B, 0x54, 0x62, 0x0E, 0xF0, + 0x4C, 0x00, 0xF0, 0x72, 0xAE, 0x37, 0xAC, 0x32, + 0x7E, 0x26, 0xD3, 0x65, 0x76, 0x1C, 0x10, 0x46, + 0x17, 0xAE, 0xE0, 0xF3, 0x28, 0xEE, 0x97, 0xE0, + 0x86, 0x18, 0x3D, 0x46, 0xA3, 0x62, 0x1F, 0x23, + 0xF3, 0xAC, 0x27, 0x60, 0xB8, 0x85, 0x9A, 0x96, + 0x0E, 0xF1, 0x6F, 0xC1, 0xC6, 0xB1, 0x97, 0x8A, + 0x74, 0x12, 0xDD, 0x73, 0x85, 0x02, 0x9C, 0x73, + 0x61, 0xA8, 0xF7, 0x49, 0xCE, 0xBA, 0x23, 0xED, + 0xE7, 0x9A, 0x17, 0x0E, 0xA6, 0x84, 0x59, 0xF5, + 0x21, 0x66, 0xF5, 0xC5, 0x61, 0xF8, 0x88, 0x7E, + 0x62, 0x0C, 0x00, 0xC6, 0x4F, 0x06, 0xBD, 0x0A, + 0xBB, 0xCD, 0xE5, 0x11, 0x7A, 0xBC, 0xFD, 0x03, + 0xB6, 0xD1, 0xBA, 0x4F, 0x30, 0xFA, 0x96, 0x75, + 0xD8, 0x2D, 0x7A, 0x43, 0x0D, 0x58, 0x41, 0x46, + 0xBA, 0x72, 0x06, 0xCB, 0xBD, 0xD9, 0xBE, 0xA1, + 0xEA, 0x47, 0x08, 0x3D, 0xF9, 0x32, 0x23, 0x9C, + 0xAA, 0x02, 0x1D, 0xA3, 0x3E, 0x43, 0xF1, 0x68, + 0xD8, 0xBE, 0x9F, 0x0E, 0xA8, 0xA8, 0x52, 0xC4, + 0x0A, 0xDE, 0x43, 0x9D, 0x58, 0xA8, 0x05, 0xD4, + 0x74, 0xF8, 0x93, 0x21, 0x62, 0x6E, 0x33, 0x78, + 0x3C, 0x23, 0xEB, 0x60, 0x1C, 0x4C, 0x25, 0xFE, + 0x0F, 0x5E, 0x73, 0xC3, 0xAD, 0x33, 0x9A, 0x7D, + 0x69, 0x6B, 0xAB, 0x2C, 0xAA, 0x5F, 0xBF, 0x96, + 0x62, 0x3A, 0xF0, 0x63, 0x41, 0x00, 0xC7, 0x4C, + 0x81, 0x4D, 0x42, 0x43, 0x25, 0xBC, 0x30, 0xB6, + 0x0B, 0xEE, 0xFC, 0x18, 0x3E, 0x68, 0x0E, 0x64, + 0x5C, 0xD4, 0x22, 0x2A, 0xBA, 0xB5, 0xC6, 0x7E, + 0x67, 0x11, 0x1C, 0x4C, 0x03, 0x30, 0xEC, 0x0C, + 0x77, 0xB2, 0x2B, 0xBC, 0x98, 0xF7, 0x52, 0x8C, + 0x95, 0x66, 0xE1, 0x71, 0xDD, 0x26, 0xA7, 0x7F, + 0x87, 0xF3, 0x94, 0x2E, 0x0D, 0x3E, 0xFE, 0xAD, + 0x0A, 0xDA, 0x3B, 0x77, 0x49, 0xC5, 0x1D, 0xED, + 0x5F, 0xDA, 0x3F, 0xE6, 0xE7, 0x96, 0x58, 0xF1, + 0x02, 0x30, 0x68, 0xB9, 0x62, 0xD0, 0x58, 0xA2, + 0x89, 0x65, 0x12, 0x20, 0x1E, 0x4C, 0xE7, 0xB6, + 0x98, 0x12, 0x52, 0xF0, 0xE8, 0x55, 0xBC, 0xFE, + 0x1F, 0x44, 0x42, 0x36, 0xC9, 0x30, 0xE4, 0x9A, + 0x13, 0xB3, 0x7A, 0xF4, 0xF5, 0x97, 0xC0, 0x5D, + 0xCA, 0x23, 0xCC, 0x05, 0xC4, 0x3C, 0x32, 0xA2, + 0x11, 0x08, 0x17, 0xCB, 0x30, 0x6B, 0xA4, 0x7D, + 0x24, 0x5E, 0x50, 0x22, 0x2E, 0x23, 0xC6, 0x55, + 0x6B, 0xD7, 0x5D, 0x50, 0xEE, 0xF8, 0xBE, 0xB0, + 0xDE, 0x83, 0x5C, 0x8D, 0xD2, 0xE1, 0x5C, 0x70, + 0x66, 0x70, 0x59, 0x8F, 0x86, 0x50, 0x71, 0x71, + 0x04, 0x69, 0xEC, 0xB3, 0x47, 0x9E, 0xE0, 0x26, + 0xB1, 0x9F, 0xE6, 0x21, 0xAC, 0x99, 0x12, 0x6B, + 0x97, 0x9E, 0x1B, 0xA1, 0xDD, 0xA8, 0xE6, 0x11, + 0x12, 0x97, 0xC1, 0x0E, 0x4A, 0x77, 0xF5, 0x52, + 0xF8, 0x09, 0xE9, 0x01, 0x63, 0x56, 0x4E, 0xFA, + 0x24, 0x39, 0x36, 0xB9, 0xF2, 0x6E, 0x07, 0x28, + 0x7F, 0xA4, 0x07, 0x7C, 0xA2, 0x69, 0x7B, 0xED, + 0x6A, 0x4F, 0x0A, 0x95, 0x99, 0x05, 0x60, 0xE7, + 0x58, 0xD9, 0x90, 0xB4, 0xC1, 0x92, 0x0F, 0x9E, + 0x1A, 0xBE, 0x0B, 0x58, 0x96, 0x50, 0x61, 0x1C, + 0x2D, 0x5A, 0x13, 0xAA, 0x5F, 0x4E, 0x2B, 0x88, + 0xBE, 0xAB, 0x93, 0x72, 0xF4, 0x68, 0xB8, 0x30, + 0x91, 0xCD, 0x0A, 0x53, 0x8A, 0x35, 0x82, 0x93, + 0x4F, 0x66, 0xCA, 0xCD, 0xF2, 0x39, 0x98, 0xFE, + 0xC2, 0xFE, 0xFE, 0x51, 0x35, 0xF1, 0xB5, 0x62, + 0x2D, 0x1A, 0xE9, 0x43, 0x25, 0x5E, 0x05, 0xE4, + 0x8B, 0xFE, 0x91, 0x2F, 0x4F, 0x24, 0x1B, 0x2B, + 0xAC, 0x49, 0x9C, 0x14, 0xB0, 0x58, 0xA3, 0xA8, + 0xEE, 0xB9, 0xD1, 0xFA, 0x4D, 0x44, 0x2E, 0x23, + 0xFC, 0x59, 0x77, 0xA5, 0x60, 0x2E, 0xDC, 0xEB, + 0x7B, 0x7B, 0x26, 0x95, 0xE1, 0x87, 0xB7, 0x94, + 0xF8, 0x4B, 0x96, 0x63, 0x15, 0xB1, 0xBB, 0xA5, + 0xC0, 0x4A, 0x72, 0x02, 0x4A, 0x80, 0x5F, 0xB1, + 0x94, 0x73, 0xB7, 0x06, 0xB8, 0x13, 0x76, 0x42, + 0xAD, 0xB1, 0xC6, 0x6C, 0xFD, 0x64, 0xF2, 0x60, + 0xBB, 0x1B, 0x7A, 0xAD, 0xF6, 0xC2, 0x96, 0xB3, + 0x5F, 0x30, 0xB9, 0xD7, 0x70, 0x8A, 0x9D, 0x41, + 0xE7, 0x23, 0xFA, 0xD4, 0xE8, 0x72, 0xAF, 0x73, + 0xF8, 0x8C, 0x26, 0xAB, 0x65, 0x1B, 0xD5, 0x7A, + 0x21, 0xE2, 0x8C, 0xE8, 0xC2, 0x47, 0xD5, 0x8E, + 0x47, 0x9F, 0x79, 0x68, 0x87, 0x6F, 0xCE, 0xD3, + 0x5D, 0x2B, 0x87, 0xD2, 0xDF, 0x14, 0x43, 0x47, + 0x03, 0x3D, 0xF4, 0xCB, 0x50, 0xDE, 0x52, 0xD8, + 0x98, 0x41, 0x46, 0x3F, 0x5D, 0xFB, 0x6D, 0x6F, + 0xF6, 0xD9, 0xE8, 0x2B, 0xBA, 0xB3, 0xB1, 0xEC, + 0x58, 0x77, 0x8A, 0xB8, 0xF3, 0x6D, 0xBC, 0x68, + 0x22, 0xEA, 0xE3, 0x2F, 0xB6, 0xCB, 0x67, 0x30, + 0xCB, 0x33, 0x1C, 0x39, 0x5C, 0x27, 0x4A, 0xE7, + 0xE3, 0x7B, 0x40, 0x9B, 0x7C, 0x66, 0x32, 0xE7, + 0x6D, 0xAA, 0x97, 0xB8, 0x0F, 0x1E, 0x0C, 0xB4, + 0x7A, 0xA3, 0x66, 0xA8, 0xE3, 0x50, 0xEA, 0x36, + 0x74, 0x65, 0x92, 0xEC, 0x9B, 0x1E, 0x97, 0xF0, + 0x2F, 0x99, 0xD6, 0x00, 0x21, 0x37, 0x0B, 0x89, + 0x93, 0xC6, 0x80, 0xA1, 0x02, 0xDC, 0x96, 0x5D, + 0x20, 0xB7, 0x57, 0xF4, 0x17, 0x7A, 0x81, 0xBA, + 0x7B, 0x61, 0xD2, 0x88, 0xEF, 0xC5, 0xAD, 0xED, + 0x4C, 0x9A, 0x94, 0xA5, 0x7B, 0x2C, 0x6B, 0xD2, + 0x97, 0x7E, 0x23, 0x64, 0x0A, 0x66, 0x98, 0x47, + 0xEE, 0x81, 0xB1, 0x49, 0x0B, 0xE3, 0x8A, 0xC4, + 0x3E, 0x52, 0x2C, 0x8D, 0x09, 0xA2, 0x07, 0xB6, + 0x2A, 0x8B, 0x07, 0x9A, 0x24, 0x84, 0xDE, 0xD1, + 0x00, 0x63, 0xD7, 0xA1, 0x3F, 0xBF, 0x0C, 0xA8, + 0xEE, 0xDC, 0x2B, 0xF6, 0x7B, 0xD8, 0x78, 0x53, + 0x35, 0xB8, 0x29, 0x5A, 0xFE, 0x6B, 0x35, 0x6E, + 0x20, 0x62, 0x24, 0x17, 0x0E, 0x87, 0x23, 0x1A, + 0x77, 0x2D, 0x21, 0x84, 0x37, 0xBF, 0x7D, 0x68, + 0xAC, 0x2A, 0xF9, 0x3F, 0x11, 0x27, 0x18, 0x4F, + 0xA2, 0x15, 0x21, 0x47, 0x9E, 0x56, 0xFF, 0x22, + 0xE8, 0x0F, 0x61, 0xBC, 0x28, 0xB8, 0xD2, 0xE7, + 0x1B, 0x3D, 0x1D, 0x94, 0x28, 0x1B, 0x69, 0x56, + 0x00, 0xC8, 0xB0, 0xFD, 0x8E, 0x1D, 0x7E, 0x81, + 0x1F, 0x4C, 0xCF, 0xE1, 0x6E, 0x3F, 0x57, 0x95, + 0xC2, 0x4A, 0xA0, 0xA0, 0x16, 0x7E, 0x30, 0x5C, + 0x28, 0x87, 0x5C, 0x8F, 0xA9, 0x38, 0x9B, 0x72, + 0xF7, 0x90, 0x86, 0xF6, 0xEC, 0xC1, 0x6C, 0x88, + 0xB0, 0x78, 0x3A, 0x58, 0x15, 0xFB, 0x6F, 0x77, + 0xCD, 0xC7, 0xCC, 0xC3, 0x8D, 0x60, 0xE7, 0x87, + 0xBE, 0x9C, 0xBF, 0xFA, 0xA6, 0x2E, 0xF9, 0x59, + 0xA5, 0xE5, 0xDC, 0xDE, 0xB6, 0x25, 0x5C, 0x8E, + 0x0D, 0x2E, 0x01, 0xFE, 0x05, 0xEF, 0xF9, 0xE7, + 0x81, 0x02, 0xBE, 0xA2, 0x91, 0x40, 0x57, 0xD3, + 0x6E, 0x3D, 0x1B, 0x48, 0x50, 0x7A, 0xB6, 0xB1, + 0x76, 0x40, 0x47, 0x0F, 0xE3, 0xF1, 0x7A, 0x8B, + 0x6A, 0x5E, 0x04, 0xE5, 0x34, 0x56, 0xC5, 0xD9, + 0xE5, 0x0F, 0x74, 0x5D, 0xE0, 0x6F, 0x9A, 0xED, + 0xF4, 0xBF, 0xCF, 0x31, 0xB0, 0xC6, 0xED, 0x12, + 0x13, 0x36, 0x54, 0xCB, 0xC8, 0xDE, 0xF7, 0xF6, + 0x60, 0x9E, 0x12, 0x2C, 0x2E, 0x4C, 0x93, 0x3E, + 0x6F, 0xCB, 0x0F, 0x3D, 0x8C, 0xCA, 0xE8, 0xCA, + 0x0B, 0x10, 0xED, 0xDA, 0xE8, 0xDB, 0x29, 0x7C, + 0x8B, 0x32, 0x31, 0xC8, 0x94, 0x34, 0xA5, 0xF5, + 0x4D, 0x01, 0x28, 0xC8, 0x3A, 0xA6, 0xFD, 0xE2, + 0x9A, 0xB7, 0x0C, 0xDA, 0x43, 0x78, 0x45, 0x45, + 0xFE, 0xE9, 0xFF, 0x6E, 0xD4, 0x44, 0xF8, 0x88, + 0x66, 0x4D, 0xD2, 0x2B, 0x2E, 0x2D, 0xF5, 0x7C, + 0xA6, 0x53, 0xB6, 0xD2, 0x10, 0xE6, 0xB4, 0x0B, + 0x7F, 0xC2, 0x1F, 0xE0, 0x63, 0x90, 0xCA, 0x5D, + 0x5E, 0x60, 0xF5, 0x8A, 0xB1, 0x4C, 0x49, 0x03, + 0xD4, 0x38, 0xAE, 0xEF, 0xB1, 0x7C, 0xA4, 0xB9, + 0x98, 0x70, 0x6A, 0x0E, 0xD6, 0xA4, 0xA6, 0xF4, + 0x74, 0xB1, 0xBA, 0x1D, 0x48, 0xCC, 0xC1, 0x14, + 0x3C, 0x84, 0xA8, 0xD2, 0xE7, 0x8D, 0xEC, 0x11, + 0x61, 0x8C, 0x76, 0xB6, 0xDA, 0x28, 0xBC, 0x39, + 0xDF, 0x68, 0xAD, 0x24, 0xA4, 0x07, 0xE1, 0x07, + 0x33, 0xDD, 0x18, 0x9D, 0x5D, 0xAA, 0x90, 0x4B, + 0xEF, 0x88, 0x18, 0x6E, 0xB6, 0x83, 0x21, 0x45, + 0x94, 0x0F, 0x15, 0xB8, 0xAC, 0xD9, 0xD1, 0x8D, + 0x4F, 0x17, 0xC8, 0xD9, 0x17, 0xB0, 0x9D, 0x54, + 0xF2, 0x5F, 0x56, 0x09, 0xD3, 0x80, 0x20, 0x77, + 0x44, 0x23, 0x90, 0xAB, 0xB6, 0x0B, 0x51, 0xA7, + 0x41, 0xC5, 0xD4, 0x42, 0x5B, 0xD4, 0x67, 0x89, + 0xE6, 0xEC, 0x1E, 0x7D, 0x22, 0xD5, 0x6E, 0x7F, + 0x34, 0xCE, 0x7A, 0x07, 0x2B, 0x63, 0x0A, 0x69, + 0x51, 0x71, 0x8C, 0x13, 0x63, 0xB8, 0x79, 0x6D, + 0x94, 0xEA, 0xAF, 0x86, 0x30, 0xD2, 0x22, 0x6C, + 0x67, 0x82, 0x6C, 0xDE, 0xEA, 0x71, 0xE8, 0xD1, + 0x36, 0xF3, 0x64, 0x2F, 0x79, 0xE6, 0x92, 0xF0, + 0x4B, 0x05, 0x14, 0x7E, 0x40, 0xCE, 0x0C, 0x53, + 0xCA, 0x08, 0xEF, 0x0A, 0xA6, 0xA5, 0x73, 0x99, + 0xFD, 0xF3, 0xED, 0xBD, 0x54, 0x56, 0x6E, 0x66, + 0xEF, 0xCC, 0xE1, 0x6F, 0x0C, 0x44, 0x76, 0x84, + 0xF5, 0x55, 0x2B, 0xA3, 0x6B, 0x20, 0x60, 0x54, + 0x3F, 0xC1, 0x35, 0x58, 0xD8, 0xD8, 0x9E, 0x18, + 0x63, 0x70, 0x73, 0xEF, 0x6A, 0x87, 0x46, 0x77, + 0xA9, 0x7F, 0x9F, 0xA0, 0x23, 0x4B, 0x14, 0x00, + 0x61, 0xC7, 0xE3, 0x44, 0xBE, 0xD6, 0x09, 0x71, + 0xE3, 0x58, 0x44, 0x9A, 0xCD, 0x17, 0xE5, 0x8E, + 0x6D, 0x05, 0xBB, 0x21, 0x44, 0xD7, 0x4B, 0xD8, + 0x9A, 0xE9, 0x7A, 0x75, 0x91, 0x43, 0xAD, 0x84, + 0x5B, 0x02, 0x70, 0xBE, 0x67, 0x0B, 0x1E, 0x1E, + 0x92, 0xB8, 0xC7, 0xB6, 0x5F, 0xE1, 0x60, 0x23, + 0xF5, 0x30, 0xE4, 0xD0, 0xCF, 0x70, 0x03, 0xD1, + 0x85, 0x4A, 0x50, 0xDC, 0xF4, 0x9C, 0x29, 0xAB, + 0x0E, 0xA4, 0x7B, 0x2E, 0x3B, 0xDB, 0xBF, 0x52, + 0xD5, 0x8A, 0x91, 0x47, 0xA9, 0xD1, 0x23, 0xEB, + 0xC5, 0x6F, 0x11, 0xBB, 0xEE, 0xBB, 0x29, 0xD7, + 0x31, 0xAB, 0x99, 0x27, 0x5E, 0xF3, 0xA9, 0x23, + 0xFF, 0x70, 0x87, 0x83, 0xCC, 0x26, 0x92, 0x06, + 0xEC, 0xD3, 0x8C, 0xF9, 0x47, 0x34, 0x7D, 0x1E, + 0x71, 0xAF, 0xCF, 0x9D, 0xBF, 0x29, 0x1B, 0x95, + 0x27, 0x48, 0x55, 0xCE, 0xE2, 0xAC, 0x25, 0x61, + 0x83, 0xD9, 0x7B, 0x26, 0xEF, 0x94, 0x9A, 0x95, + 0x0C, 0xD1, 0xE4, 0x0A, 0x51, 0x50, 0x1F, 0x86, + 0x7A, 0x7B, 0xD3, 0x83, 0x55, 0x2D, 0xFC, 0x7B, + 0x97, 0x77, 0x17, 0x67, 0xBB, 0x9F, 0xD7, 0xD1, + 0xDD, 0xDD, 0x49, 0x67, 0xBB, 0xF7, 0x9A, 0x45, + 0x33, 0x24, 0xCA, 0xBC, 0xA5, 0xB2, 0x0D, 0x3F, + 0xB0, 0x10, 0x6D, 0xB9, 0x7D, 0x03, 0x3F, 0xCD, + 0x40, 0x37, 0x1E, 0x8A, 0xDA, 0xCD, 0xBA, 0xD7, + 0x8D, 0x89, 0xBD, 0x5E, 0x90, 0xCF, 0x97, 0xE8, + 0x35, 0x51, 0x87, 0x94, 0xFA, 0x3D, 0xB2, 0xB5, + 0x01, 0xF2, 0x35, 0x75, 0x77, 0x65, 0x5B, 0x9A, + 0x3C, 0xDA, 0x36, 0x52, 0xDF, 0xCF, 0x96, 0xBA, + 0xB9, 0xC5, 0xF9, 0x57, 0x67, 0x0E, 0x32, 0xE5, + 0x86, 0xE5, 0x1F, 0xD8, 0x9D, 0x7B, 0xA8, 0x76, + 0x89, 0xFD, 0x59, 0x70, 0x88, 0x73, 0x9D, 0x87, + 0xE1, 0x24, 0x6D, 0xC2, 0xB5, 0x1E, 0xCD, 0x54, + 0x29, 0x25, 0x10, 0xA3, 0xB4, 0x3C, 0xB2, 0x5A, + 0x62, 0xBD, 0xE9, 0x14, 0xEC, 0x3C, 0xBF, 0xA9, + 0x9D, 0xEC, 0x70, 0xAC, 0x23, 0xC0, 0xDF, 0xC9, + 0x69, 0xAD, 0x94, 0x1A, 0x69, 0x94, 0xA3, 0x70, + 0xF9, 0x0B, 0x15, 0x5D, 0x25, 0x45, 0x63, 0xFA, + 0xAA, 0x7D, 0x30, 0x67, 0x3C, 0x06, 0x34, 0x75, + 0x3F, 0xD6, 0x57, 0x58, 0x8E, 0xC6, 0x60, 0x3F, + 0x82, 0x35, 0xE9, 0x17, 0x36, 0x5D, 0xD8, 0x93, + 0x25, 0x25, 0x1B, 0x21, 0xB2, 0xFF, 0x80, 0xF5, + 0x44, 0xFE, 0x73, 0x84, 0xFF, 0x62, 0xFE, 0x52, + 0xC4, 0xCA, 0x77, 0x41, 0x28, 0xC8, 0x95, 0x15, + 0x2C, 0xC7, 0x5C, 0xA6, 0x3B, 0xA8, 0xF8, 0x1E, + 0x01, 0x30, 0xC9, 0x3B, 0x59, 0xF9, 0x40, 0xB7, + 0x18, 0x80, 0x21, 0x24, 0xDB, 0x8D, 0x07, 0xDF, + 0xDC, 0x24, 0xBF, 0x2F, 0x7B, 0xD9, 0xC4, 0xEF, + 0x61, 0x74, 0x1A, 0xF2, 0xB6, 0x98, 0x75, 0x66, + 0x22, 0x4F, 0x11, 0x06, 0x41, 0xDB, 0x77, 0x83, + 0xFA, 0xF3, 0x1B, 0xEC, 0xB8, 0xF7, 0x89, 0x47, + 0xBA, 0x12, 0x3F, 0xB0, 0x0E, 0x1B, 0x6D, 0x13, + 0x36, 0x0B, 0x16, 0xD0, 0x7C, 0x3A, 0xAA, 0x33, + 0x6D, 0xDA, 0x1B, 0x65, 0xD4, 0xC2, 0xF2, 0x1B, + 0xD5, 0xCD, 0x4B, 0xE9, 0xED, 0xFA, 0xFA, 0x78, + 0x45, 0x97, 0x2D, 0x60, 0xCC, 0xE3, 0x40, 0x3E, + 0xB5, 0xE5, 0xC8, 0x33, 0xF6, 0x4C, 0x51, 0x45, + 0xDC, 0x08, 0xE7, 0xB3, 0x6F, 0xCF, 0xDE, 0xE8, + 0x73, 0x0B, 0x94, 0x4F, 0x5A, 0x23, 0xF9, 0xFF, + 0x3F, 0x0D, 0x1D, 0xCE, 0x80, 0x86, 0x3B, 0x55, + 0x8D, 0x8A, 0x35, 0xB2, 0xAA, 0x65, 0x27, 0x69, + 0x1D, 0xA5, 0x0C, 0xE6, 0xFA, 0x39, 0x85, 0x62, + 0x65, 0xAD, 0xE6, 0x08, 0x38, 0xCE, 0xC9, 0xEA, + 0x98, 0x73, 0x99, 0x1D, 0xB5, 0x6F, 0xEA, 0xE8, + 0xEE, 0xE2, 0xEC, 0xF4, 0x32, 0x44, 0x96, 0x5A, + 0x13, 0xCC, 0x1D, 0x23, 0x0E, 0x91, 0x72, 0xD8, + 0x2A, 0xD2, 0x3D, 0x6A, 0x6E, 0x2A, 0x37, 0x7A, + 0x7F, 0x67, 0xF6, 0x40, 0xBF, 0x3A, 0x36, 0x3B, + 0xC8, 0x1A, 0x78, 0x6D, 0x12, 0xB0, 0x35, 0xA3, + 0x18, 0x55, 0x33, 0x70, 0x48, 0x48, 0x52, 0x8F, + 0xB4, 0x59, 0x58, 0xEB, 0xAA, 0xB3, 0x03, 0x67, + 0x4F, 0xFF, 0xA5, 0x68, 0xE7, 0xAE, 0xAF, 0x46, + 0x3D, 0x66, 0x6B, 0x60, 0x21, 0x26, 0x31, 0x83, + 0xBE, 0xE8, 0x1E, 0x72, 0x92, 0x87, 0x79, 0x24, + 0xCF, 0xDE, 0xEF, 0x6F, 0x81, 0x73, 0xA1, 0x34, + 0x7B, 0x99, 0x94, 0x43, 0x33, 0xF4, 0x8B, 0x36, + 0xC8, 0xC5, 0xF8, 0xC1, 0x6D, 0x22, 0x6D, 0xA3, + 0xC9, 0xDA, 0x5F, 0x4C, 0xE7, 0x7F, 0x00, 0xE4, + 0x42, 0xD8, 0x5C, 0x73, 0xE5, 0x78, 0x0C, 0x36, + 0x28, 0xD9, 0x83, 0x8F, 0xCA, 0xFA, 0x5D, 0x1D, + 0x34, 0x05, 0xF1, 0x93, 0x6C, 0xBC, 0xFD, 0x2C, + 0x52, 0xD4, 0xE8, 0x8D, 0xA9, 0xC9, 0x0D, 0xFF, + 0x28, 0x5E, 0x3E, 0x91, 0x12, 0xC0, 0x3C, 0xBA, + 0x58, 0x64, 0x7E, 0x6B, 0x4E, 0xC0, 0x77, 0xB1, + 0x67, 0x08, 0x16, 0xF5, 0x7E, 0x29, 0x42, 0x81, + 0x6A, 0x6F, 0x34, 0x21, 0x32, 0x64, 0x9A, 0xA6, + 0x44, 0xD1, 0x4F, 0x41, 0xAB, 0xC5, 0x26, 0x4A, + 0xFA, 0x70, 0xBC, 0xAE, 0x3D, 0x67, 0x9B, 0x86, + 0xF5, 0x1A, 0xF2, 0x44, 0x70, 0x52, 0xD0, 0x78, + 0xA0, 0xEA, 0x56, 0x39, 0x0B, 0x37, 0x2A, 0x15, + 0x13, 0xBC, 0xD2, 0xEA, 0x46, 0x6D, 0xCB, 0x5A, + 0x4D, 0x86, 0x47, 0x4F, 0xA1, 0xE2, 0x6B, 0xC0, + 0xA8, 0x3F, 0x58, 0x5C, 0x79, 0xAD, 0x62, 0x17, + 0xBC, 0x96, 0xAF, 0x77, 0x1F, 0x74, 0xD1, 0x42, + 0xBF, 0x5E, 0x91, 0xA9, 0x28, 0x44, 0xC5, 0x4E, + 0x76, 0x6B, 0xF2, 0xD3, 0x69, 0x8C, 0x0E, 0x4F, + 0x61, 0x76, 0xAD, 0xDC, 0x79, 0xE9, 0x74, 0xA4, + 0x66, 0xFB, 0x2E, 0x0C, 0xBB, 0x42, 0xC5, 0x3F, + 0x59, 0xB0, 0xDC, 0xB0, 0x32, 0xCD, 0x37, 0x56, + 0x1B, 0xD2, 0x46, 0xED, 0x52, 0xC8, 0x12, 0xEA, + 0xA3, 0x6B, 0xB9, 0xE5, 0xB3, 0x2A, 0xF3, 0x9B, + 0x0F, 0xC3, 0x77, 0x5F, 0x9A, 0xE1, 0x20, 0xBC, + 0x59, 0x44, 0x9B, 0x7B, 0x77, 0xB1, 0xBA, 0x1A, + 0x5B, 0x60, 0x06, 0x6C, 0x85, 0x83, 0x68, 0xDD, + 0x5A, 0xC8, 0xEE, 0xDC, 0xFE, 0x1F, 0x83, 0xF5, + 0x2C, 0x53, 0x62, 0xED, 0xE8, 0x93, 0xB7, 0x22, + 0x3E, 0xCB, 0x70, 0xBA, 0xA6, 0x6D, 0xB2, 0x91, + 0x47, 0xB8, 0x04, 0x37, 0x20, 0x1F, 0xEF, 0x71, + 0xB0, 0x5F, 0xF2, 0x51, 0x03, 0x5F, 0x88, 0xCA, + 0xFF, 0x42, 0xE8, 0x2A, 0x43, 0x02, 0xD3, 0x60, + 0x98, 0x26, 0x8B, 0x74, 0xF4, 0x18, 0x3D, 0x4D, + 0x19, 0xF1, 0x3B, 0x87, 0xE9, 0x83, 0x37, 0x15, + 0x7D, 0xA5, 0xEF, 0xBB, 0xF3, 0x4F, 0x48, 0xCA, + 0x40, 0x65, 0xD3, 0xE3, 0xBA, 0xCC, 0x83, 0x83, + 0x3F, 0xEE, 0xBA, 0x57, 0x34, 0x6D, 0x16, 0x9F, + 0x1B, 0xE6, 0xA0, 0x4C, 0x29, 0xC8, 0x2F, 0xD2, + 0x25, 0xA3, 0xF7, 0xC6, 0x85, 0x12, 0x4F, 0x53, + 0x7E, 0xC0, 0xE1, 0x0A, 0xB8, 0x58, 0x34, 0xBA, + 0x3E, 0x65, 0x4F, 0x19, 0x55, 0x5C, 0xB9, 0x74, + 0x6B, 0x74, 0xCE, 0x43, 0xA2, 0xC7, 0x8B, 0x21, + 0x70, 0x8C, 0x3B, 0xEF, 0x87, 0xC1, 0xE8, 0x8F, + 0x08, 0x10, 0xB4, 0xED, 0xE1, 0x81, 0x14, 0xE9, + 0x2A, 0x43, 0x13, 0xB4, 0xEA, 0xA0, 0x5F, 0x60, + 0x93, 0x7E, 0x87, 0x6D, 0xA2, 0x57, 0x63, 0x32, + 0xAE, 0xC3, 0x8C, 0xCD, 0x42, 0x5E, 0xFD, 0x51, + 0x1A, 0x39, 0xB9, 0xB4, 0xBD, 0x4C, 0xF3, 0xF2, + 0xE2, 0x70, 0x9A, 0x05, 0xF9, 0x39, 0xE5, 0xFC, + 0x59, 0x7D, 0x4E, 0x85, 0x12, 0x02, 0xC9, 0xC2, + 0xC5, 0x71, 0x3A, 0xD5, 0x73, 0xF7, 0x5A, 0xC5, + 0x49, 0x0D, 0xEE, 0xCF, 0x9D, 0xB8, 0xDE, 0xE2, + 0x03, 0x99, 0x70, 0x6B, 0x19, 0x29, 0xA4, 0xE8, + 0x99, 0x00, 0xC4, 0x9C, 0x24, 0x46, 0x5E, 0x08, + 0x09, 0x56, 0x6D, 0x9C, 0x2E, 0xF7, 0x8C, 0x52, + 0xDB, 0xB4, 0x2F, 0x9E, 0x22, 0x7E, 0xFD, 0x1E, + 0x1A, 0x72, 0xCB, 0x71, 0x0B, 0xD2, 0x19, 0x33, + 0x0E, 0x69, 0xCC, 0x00, 0x49, 0x36, 0x79, 0x78, + 0xAB, 0x11, 0x4D, 0x9A, 0xD7, 0xF9, 0x55, 0xCF, + 0x0B, 0x7B, 0x3D, 0x32, 0x5C, 0xB3, 0x51, 0x65, + 0x00, 0x0E, 0xD2, 0x9D, 0xBE, 0x0A, 0x19, 0x56, + 0xF1, 0x45, 0x95, 0x83, 0xC6, 0x97, 0xCD, 0x19, + 0xE7, 0x8B, 0x51, 0x74, 0xE4, 0xFD, 0x2C, 0xEC, + 0x10, 0x8A, 0x7C, 0x24, 0x28, 0x0A, 0x78, 0xA3, + 0xEC, 0x93, 0x97, 0x16, 0x4F, 0x60, 0x03, 0xFD, + 0x85, 0x31, 0x98, 0x04, 0xE5, 0x65, 0x5A, 0x87, + 0x9F, 0x66, 0x3D, 0xD4, 0x56, 0x3E, 0xF9, 0x98, + 0x25, 0x21, 0xFE, 0xC2, 0x07, 0x9E, 0x88, 0x89, + 0x49, 0x7B, 0xE9, 0x20, 0x1F, 0x6D, 0x7F, 0x24, + 0x60, 0xA8, 0xB2, 0xDD, 0x96, 0x51, 0x0E, 0x0E, + 0x4C, 0x83, 0xC3, 0xB1, 0x93, 0xC1, 0x1F, 0xD6, + 0xB4, 0xB6, 0x84, 0xCE, 0x85, 0x63, 0xA5, 0x38, + 0x0F, 0x2E, 0x55, 0xF4, 0x74, 0xA6, 0x0B, 0x63, + 0x17, 0xD0, 0x96, 0x76, 0x15, 0xAD, 0x4F, 0xA9, + 0xF0, 0x83, 0x25, 0xAD, 0xD7, 0x97, 0xB7, 0x9E, + 0x6F, 0x5D, 0xC7, 0x2A, 0xD1, 0x97, 0xF5, 0xF6, + 0x1E, 0xC8, 0x8B, 0xE5, 0xFB, 0xFF, 0x92, 0x72, + 0x31, 0x9A, 0x49, 0x4B, 0x60, 0x8F, 0x34, 0x7C, + 0xE1, 0x55, 0x66, 0x7A, 0x59, 0xC3, 0x00, 0x9A, + 0x14, 0x50, 0xF3, 0x06, 0x19, 0x3C, 0xFE, 0x61, + 0x1C, 0xF7, 0x05, 0x49, 0x2A, 0x30, 0xFF, 0x56, + 0xFE, 0x7F, 0x71, 0xD7, 0x32, 0xCC, 0xEF, 0x63, + 0x64, 0xE1, 0x66, 0xCF, 0xF8, 0x12, 0xED, 0x23, + 0x11, 0xB5, 0x16, 0xFA, 0x56, 0x90, 0xF2, 0xA2, + 0x72, 0x7B, 0x18, 0x50, 0xF2, 0x98, 0x5D, 0x48, + 0x25, 0x5E, 0x8C, 0x47, 0xE7, 0x11, 0x50, 0x2A, + 0x4B, 0x4A, 0x97, 0x0B, 0xDF, 0x70, 0xDC, 0x34, + 0x47, 0xF8, 0xE2, 0x88, 0x78, 0x24, 0xB5, 0x8A, + 0xC7, 0x58, 0xE8, 0x83, 0xF7, 0x3B, 0xAD, 0xFC, + 0xED, 0x46, 0x40, 0xD5, 0x46, 0x35, 0x1B, 0xF3, + 0x3E, 0x8F, 0x1E, 0x0B, 0x1B, 0xB9, 0xFB, 0x5A, + 0xFF, 0x0F, 0x8B, 0xA0, 0x95, 0x4A, 0x8E, 0x65, + 0x33, 0xD3, 0x7C, 0x03, 0x04, 0x8E, 0xBA, 0x6A, + 0x55, 0xB3, 0xC5, 0xDA, 0xCB, 0xDC, 0x44, 0xD3, + 0x98, 0x77, 0xD3, 0x07, 0x8A, 0xE9, 0x5E, 0x44, + 0x5B, 0xED, 0x12, 0xB1, 0xA5, 0x03, 0xAF, 0xB2, + 0x20, 0x0C, 0xB1, 0x8B, 0x08, 0xB4, 0x6A, 0x11, + 0x96, 0xA9, 0xF5, 0x7A, 0xFD, 0x56, 0x48, 0x11, + 0xC0, 0x30, 0xA4, 0x45, 0xFC, 0xAE, 0x72, 0xE5, + 0x5E, 0x85, 0xB7, 0x6F, 0xA0, 0x50, 0x13, 0x4B, + 0x2E, 0xC2, 0x31, 0x13, 0xED, 0x04, 0x04, 0x3D, + 0xBC, 0xD0, 0xB6, 0xFC, 0xCE, 0xBD, 0xC9, 0x13, + 0x5C, 0xB2, 0x02, 0xB8, 0x4F, 0xDD, 0x74, 0x51, + 0x1F, 0x9E, 0x8F, 0x0C, 0xF2, 0x26, 0xE1, 0x4C, + 0xA5, 0xC4, 0x38, 0xC7, 0x6A, 0xA5, 0xC3, 0xC2, + 0xE9, 0xF3, 0x22, 0x71, 0x00, 0x91, 0x83, 0xEE, + 0x92, 0xA9, 0x95, 0x81, 0x9D, 0xB9, 0x0F, 0x66, + 0x89, 0x9B, 0xB9, 0xB0, 0xC7, 0xED, 0x31, 0xDF, + 0x41, 0xB6, 0x8E, 0x52, 0xAC, 0x5B, 0xBD, 0xF2, + 0x33, 0x9F, 0x71, 0x5E, 0x43, 0xFE, 0xED, 0xD9, + 0x4F, 0x57, 0xF9, 0x23, 0x05, 0x23, 0x03, 0x34, + 0x17, 0xE4, 0x22, 0x27, 0x97, 0xF7, 0x62, 0x5B, + 0x52, 0x66, 0x70, 0xEE, 0x6B, 0xD3, 0x46, 0x8C, + 0xCD, 0x9B, 0xA4, 0xA1, 0xED, 0x26, 0x4A, 0xAC, + 0xC2, 0x50, 0xA8, 0x2A, 0x48, 0x83, 0x46, 0xB2, + 0xA5, 0xF9, 0x26, 0xF2, 0xE7, 0x8A, 0x8E, 0xD8, + 0x40, 0x5F, 0x85, 0x8E, 0xAB, 0xB0, 0x29, 0xF7, + 0x81, 0x42, 0xA7, 0x4B, 0xD5, 0xA8, 0x2D, 0x3D, + 0xD7, 0x0A, 0xB1, 0x26, 0xCF, 0xA3, 0xBA, 0xD7, + 0xF5, 0x1B, 0x9E, 0x95, 0xCB, 0xC8, 0xCE, 0x75, + 0xE7, 0x7A, 0x4A, 0x1B, 0x63, 0x21, 0xB7, 0x74, + 0x77, 0x78, 0xCD, 0x03, 0x5B, 0x3B, 0xCD, 0x44, + 0x8E, 0xF1, 0xBB, 0xB6, 0xFF, 0x75, 0x52, 0x8A, + 0x7A, 0xE9, 0xAF, 0x62, 0x24, 0xA1, 0x6F, 0x4F, + 0x45, 0x03, 0x87, 0xA3, 0xED, 0xBC, 0x2E, 0x92, + 0xC0, 0xB1, 0x9C, 0x22, 0x2E, 0x35, 0xC1, 0xA5, + 0x7E, 0xC3, 0x36, 0x3B, 0x18, 0x14, 0x78, 0x6E, + 0x1D, 0x37, 0xD7, 0x92, 0xB3, 0x78, 0x26, 0x13, + 0x9A, 0xFB, 0x38, 0x1D, 0xE0, 0x4C, 0x07, 0xC4, + 0x2C, 0xD3, 0xCA, 0x78, 0xE4, 0x70, 0xC2, 0x52, + 0x7C, 0x63, 0xDB, 0x4B, 0xB4, 0x0A, 0x4B, 0x7D, + 0x20, 0x67, 0xF0, 0xF4, 0x80, 0x5B, 0x65, 0x8B, + 0x29, 0x80, 0x92, 0xF0, 0x87, 0x3D, 0x09, 0x5A, + 0x0E, 0xEA, 0x45, 0x63, 0x92, 0x99, 0xD6, 0x0D, + 0x2B, 0x58, 0xEE, 0x19, 0x03, 0x4F, 0x94, 0x2D, + 0xEC, 0xBF, 0x5A, 0xE9, 0xA6, 0x16, 0xAF, 0x72, + 0x37, 0x5C, 0x12, 0xBB, 0x7D, 0xED, 0xAA, 0x6A, + 0x7D, 0xDF, 0x9A, 0x48, 0x37, 0x37, 0x3D, 0x7B, + 0x51, 0x96, 0x0B, 0x30, 0xCE, 0x9C, 0xE7, 0x3B, + 0x3C, 0x10, 0xDE, 0x32, 0xA7, 0x86, 0x39, 0xA9, + 0x33, 0x7D, 0x9B, 0xCF, 0x15, 0x27, 0xA4, 0x36, + 0x88, 0xBD, 0xB6, 0xEB, 0x8B, 0xD0, 0x3D, 0xCA, + 0xF1, 0x02, 0x70, 0xDF, 0xC0, 0xE2, 0xF0, 0xD2, + 0x2C, 0x27, 0xE3, 0x22, 0x24, 0x33, 0x27, 0x34, + 0xCA, 0x26, 0x19, 0x74, 0x02, 0x2F, 0x7E, 0xC1, + 0x76, 0xCB, 0x12, 0xBE, 0x6F, 0x13, 0x62, 0x1F, + 0x32, 0x03, 0x65, 0xCF, 0xBB, 0x03, 0xD0, 0x4C, + 0xF2, 0x9E, 0xFE, 0x93, 0xE9, 0x1B, 0x02, 0x9B, + 0x7B, 0x26, 0xFF, 0xEE, 0xF0, 0x6F, 0xCE, 0x57, + 0xD1, 0x2B, 0xE3, 0x90, 0x2E, 0xE2, 0x71, 0x2A, + 0xBA, 0xCC, 0x3D, 0x27, 0xCE, 0xA3, 0x5A, 0xCA, + 0x15, 0x09, 0xE4, 0xD0, 0x86, 0x4F, 0xEC, 0x5A, + 0x5B, 0x41, 0xA0, 0xE0, 0x3E, 0x1D, 0xEC, 0x6F, + 0x2A, 0x33, 0x72, 0x15, 0xCD, 0xE5, 0x55, 0xD6, + 0x6F, 0x84, 0xE3, 0xD6, 0x75, 0x5D, 0xDC, 0x1C, + 0x07, 0x3D, 0x0C, 0xDC, 0xDE, 0xF8, 0x8A, 0x44, + 0x40, 0xB1, 0x76, 0x84, 0xB8, 0xE0, 0xAF, 0x9D, + 0xA2, 0xB2, 0x84, 0xAA, 0xBF, 0x61, 0x08, 0x21, + 0xE5, 0xC2, 0xC9, 0x11, 0x94, 0x2D, 0x0B, 0xD1, + 0xC6, 0x59, 0xC1, 0xEE, 0xBA, 0x8E, 0x21, 0xAF, + 0xDE, 0x32, 0x77, 0xD5, 0x07, 0x3B, 0x98, 0x39, + 0x95, 0x77, 0x03, 0x80, 0x2F, 0xA2, 0x76, 0xC8, + 0x2C, 0xC6, 0x6A, 0x00, 0xA8, 0x69, 0x77, 0xB8, + 0x87, 0x7D, 0xC0, 0x51, 0x19, 0x45, 0x14, 0xA6, + 0x33, 0xB3, 0x4D, 0x36, 0x29, 0x34, 0xE8, 0x50, + 0xC2, 0x71, 0x7A, 0x0B, 0xE5, 0x92, 0x4E, 0x86, + 0xAA, 0xDA, 0x33, 0xCF, 0x34, 0x54, 0x63, 0x2C, + 0x68, 0xA1, 0x0A, 0xEF, 0x8B, 0x5B, 0xAA, 0x10, + 0x83, 0xE9, 0x13, 0x7D, 0x29, 0x20, 0xA2, 0x5F, + 0x96, 0x9F, 0x54, 0x0B, 0x95, 0xDF, 0x59, 0x91, + 0x6C, 0x4C, 0xAC, 0xC4, 0x55, 0x98, 0x8F, 0x46, + 0x31, 0x77, 0x56, 0xCC, 0x93, 0x7E, 0xF0, 0x17, + 0x7C, 0x0F, 0xEB, 0x3F, 0x23, 0xBB, 0xD3, 0x56, + 0x9E, 0x89, 0x67, 0xC4, 0x9B, 0x95, 0xA3, 0xBF, + 0x6D, 0x9D, 0x6D, 0x7C, 0x72, 0x27, 0x20, 0x6E, + 0x28, 0x37, 0x39, 0xFC, 0x77, 0x41, 0xE9, 0xFE, + 0x64, 0xEF, 0xA0, 0x38, 0x9F, 0xC7, 0x2F, 0xDA, + 0xC8, 0x1F, 0xEB, 0x75, 0x07, 0xB8, 0x7E, 0x6B, + 0x73, 0xCE, 0x0E, 0x7C, 0x7C, 0x54, 0x06, 0x1D, + 0x48, 0x8A, 0x06, 0x53, 0x95, 0x9B, 0x75, 0x8A, + 0xFF, 0x6F, 0x7D, 0x19, 0x00, 0x17, 0x8D, 0x7C, + 0x1A, 0xEA, 0xD0, 0x79, 0x45, 0x68, 0xF9, 0x2F, + 0x8A, 0xCE, 0x98, 0xED, 0xCC, 0xE8, 0x6D, 0xE1, + 0x08, 0xA0, 0x50, 0x2C, 0x43, 0x49, 0xC4, 0x99, + 0x98, 0x31, 0xDE, 0x00, 0xE8, 0x08, 0x39, 0x0B, + 0xBB, 0xDB, 0x65, 0xEA, 0x36, 0x0F, 0xBE, 0x98, + 0xB7, 0x4A, 0x9C, 0x59, 0x34, 0x0E, 0xBB, 0xDD, + 0x6F, 0x65, 0x21, 0x39, 0x23, 0x48, 0x57, 0x7F, + 0xD4, 0x07, 0x89, 0x03, 0x01, 0xB0, 0x79, 0x27, + 0x28, 0xCC, 0xFB, 0x88, 0xC5, 0xDD, 0x47, 0x2A, + 0xDA, 0x73, 0x75, 0x9B, 0xC9, 0x99, 0xA0, 0x21, + 0x34, 0xDF, 0xB1, 0x62, 0x2F, 0x61, 0xD8, 0xB7, + 0x63, 0x2A, 0xC7, 0x7E, 0x3A, 0x98, 0x0B, 0x2C, + 0xE5, 0x66, 0xF3, 0xD5, 0x30, 0xF0, 0xBC, 0x21, + 0xC7, 0x51, 0x9B, 0xFB, 0x00, 0xBB, 0xAA, 0x9C, + 0x85, 0xC3, 0x9B, 0x0C, 0xDC, 0x5F, 0x8D, 0x1B, + 0xA1, 0x2B, 0x78, 0x82, 0xFE, 0x0F, 0x7C, 0x75, + 0x6E, 0x75, 0x56, 0x74, 0x35, 0x25, 0xE5, 0xD0, + 0xEC, 0x8E, 0xC1, 0xBD, 0x7D, 0x7A, 0xE3, 0xDC, + 0xAD, 0xC6, 0x8D, 0xB6, 0x0D, 0x7A, 0xA1, 0x3C, + 0xDB, 0x29, 0xFA, 0x15, 0xC0, 0xA9, 0xAF, 0x89, + 0x0F, 0x18, 0x75, 0xE3, 0x97, 0x58, 0x62, 0x12, + 0x79, 0xA9, 0x87, 0x7D, 0x9C, 0x69, 0x44, 0x9C, + 0x41, 0x39, 0x2C, 0xAD, 0x98, 0x8B, 0x8D, 0xE4, + 0x58, 0xEE, 0xCD, 0x98, 0x38, 0x5F, 0x79, 0x73, + 0x0B, 0x5E, 0x26, 0xC1, 0x16, 0x24, 0x15, 0xD9, + 0x73, 0x26, 0x41, 0x9B, 0x5F, 0xF9, 0x2A, 0xA8, + 0xC1, 0x33, 0x74, 0x39, 0x1D, 0xBB, 0xE7, 0x36, + 0xD9, 0x8C, 0x07, 0xAD, 0x32, 0xD6, 0x38, 0xBB, + 0x44, 0xE6, 0x77, 0xC7, 0x11, 0x05, 0xCF, 0xB5, + 0x72, 0x49, 0x68, 0x80, 0xC1, 0x67, 0x71, 0x5F, + 0x9B, 0xFF, 0x6E, 0x71, 0x1A, 0xBE, 0x5A, 0x83, + 0x25, 0x38, 0xC7, 0xE6, 0xDA, 0x88, 0x22, 0xDC, + 0xA6, 0x03, 0x02, 0xD1, 0x59, 0xC6, 0xA8, 0x2F, + 0xA4, 0x8F, 0xF8, 0x77, 0x3E, 0x0C, 0x6F, 0xA1, + 0x73, 0xE1, 0x35, 0x55, 0xB2, 0xDF, 0xBF, 0x47, + 0xB7, 0xD0, 0x8D, 0xBA, 0x35, 0x74, 0x44, 0x6B, + 0xC0, 0xA7, 0x8D, 0x30, 0x08, 0xE4, 0x41, 0xD1, + 0x55, 0x21, 0x50, 0xD9, 0x06, 0x12, 0x54, 0xB2, + 0xF3, 0xFC, 0x5A, 0x1E, 0xF3, 0xE3, 0x84, 0x33, + 0x34, 0x0B, 0xB5, 0x9A, 0x97, 0xFD, 0x51, 0xF4, + 0x68, 0xFE, 0x8A, 0x92, 0xBF, 0x62, 0x9D, 0xCD, + 0x00, 0x29, 0x39, 0x37, 0x12, 0xF3, 0x53, 0x6D, + 0x6B, 0x24, 0xB8, 0x86, 0x68, 0xAD, 0x6A, 0x4B, + 0x3A, 0x4C, 0x93, 0xA6, 0xB1, 0x41, 0xFA, 0x8E, + 0x58, 0x63, 0xCD, 0x59, 0x80, 0xBF, 0xD7, 0xAB, + 0x83, 0xC3, 0xCC, 0x5D, 0x2F, 0xBE, 0x80, 0xC7, + 0xB1, 0x67, 0xDC, 0x92, 0x8C, 0xA9, 0x57, 0x36, + 0x58, 0x0A, 0x52, 0x96, 0x0E, 0x20, 0x90, 0xCD, + 0x87, 0x68, 0xF5, 0x93, 0xBB, 0x04, 0xD4, 0x48, + 0xB6, 0x45, 0x30, 0xC0, 0xE3, 0xC2, 0x56, 0x8C, + 0xE3, 0xA2, 0xC6, 0x42, 0x0F, 0x81, 0xF7, 0x4D, + 0xF6, 0x88, 0x5D, 0x55, 0x07, 0x8E, 0xF1, 0xB3, + 0x83, 0xB0, 0x20, 0x85, 0x4A, 0x63, 0x6A, 0x78, + 0xA9, 0xEC, 0x13, 0x84, 0xF7, 0x4E, 0xBE, 0xB6, + 0x5F, 0x5A, 0x25, 0xFF, 0xD4, 0x14, 0x7D, 0xA7, + 0xEE, 0x40, 0xF6, 0x25, 0x7C, 0x7E, 0x34, 0xCA, + 0xC9, 0x27, 0x0E, 0xA2, 0x78, 0xB6, 0xE6, 0x08, + 0xA1, 0x9B, 0x56, 0x8D, 0x29, 0xE5, 0x8D, 0xEC, + 0xAD, 0xDA, 0xD3, 0x3C, 0x59, 0xBA, 0xDB, 0x92, + 0x52, 0x99, 0x3B, 0x31, 0x6B, 0x0B, 0x13, 0x00, + 0x79, 0x3D, 0x69, 0x85, 0x3A, 0x6B, 0x90, 0x33, + 0x96 + }; + static const byte rnd_44[] = { + 0x08, 0x34, 0x57, 0xD4, 0x0E, 0x25, 0x04, 0x88, + 0xA6, 0x0E, 0x76, 0x34, 0xA0, 0x1D, 0x43, 0x0A, + 0x60, 0xE8, 0x57, 0x2B, 0xA8, 0x8A, 0xED, 0xC5, + 0x54, 0x49, 0x18, 0x81, 0x37, 0x13, 0xA0, 0xB1 + }; + static const byte sig_44[] = { + 0x63, 0xA8, 0x23, 0x20, 0xD4, 0xCE, 0x09, 0xC4, + 0x7A, 0xD1, 0x27, 0xC5, 0xBB, 0x7F, 0x6C, 0x2D, + 0xFF, 0x15, 0x29, 0xCD, 0xAF, 0x9F, 0x74, 0x56, + 0xFF, 0xC2, 0xC6, 0xED, 0x90, 0x51, 0x17, 0xDC, + 0xAD, 0x8C, 0x08, 0x7A, 0xC0, 0xD8, 0x9E, 0x0C, + 0xE9, 0x61, 0xC0, 0x94, 0xFA, 0x9C, 0x2E, 0xDE, + 0x27, 0x9C, 0x65, 0xE6, 0x99, 0xD1, 0xD1, 0x7E, + 0xA6, 0x95, 0x98, 0x8F, 0xA1, 0xC4, 0x98, 0x3F, + 0x7E, 0x1F, 0x18, 0x86, 0x2A, 0xFE, 0xB2, 0xEC, + 0x9D, 0x0F, 0x5B, 0x0C, 0x11, 0xB2, 0xAA, 0x0B, + 0xDE, 0x95, 0x7C, 0x40, 0xA1, 0x5B, 0xFF, 0x97, + 0xD7, 0xCB, 0xCF, 0x4E, 0x59, 0xDA, 0xE9, 0xD5, + 0xA3, 0xC9, 0xF8, 0x7D, 0xDD, 0xA5, 0xB9, 0x06, + 0x9D, 0x82, 0xCC, 0x18, 0x10, 0x20, 0x80, 0x92, + 0xBC, 0xBA, 0x1C, 0x43, 0x73, 0xF2, 0xA8, 0x3E, + 0x19, 0x15, 0x80, 0x9E, 0x81, 0xD8, 0xD2, 0x06, + 0xEA, 0x78, 0x10, 0x3F, 0x68, 0x66, 0x3D, 0xBE, + 0xB1, 0x79, 0xB0, 0x28, 0x83, 0xCD, 0xD3, 0x33, + 0xEE, 0xFE, 0x6D, 0x02, 0x39, 0x17, 0xC6, 0xF2, + 0xA4, 0x6E, 0x5A, 0x5C, 0x45, 0x14, 0xF5, 0x7D, + 0xCA, 0x7B, 0x62, 0x4A, 0xF4, 0xE7, 0x71, 0x7B, + 0xD7, 0x1B, 0x51, 0x26, 0xE6, 0xDE, 0x2D, 0xC9, + 0x65, 0x24, 0x30, 0x2C, 0x08, 0x04, 0xD7, 0xBE, + 0x3A, 0xDA, 0x64, 0xAF, 0x11, 0x6F, 0xC6, 0xE7, + 0x38, 0xEF, 0xA6, 0xE6, 0x5E, 0x87, 0x90, 0xB4, + 0x0E, 0xB1, 0xB4, 0x83, 0x64, 0xD2, 0x15, 0xEF, + 0xD6, 0x1F, 0x7A, 0x44, 0x75, 0x3A, 0x95, 0x50, + 0x6E, 0x52, 0xC9, 0x9C, 0xE9, 0xB4, 0x56, 0xDC, + 0x93, 0x85, 0x92, 0xF1, 0x35, 0xEC, 0x50, 0x1B, + 0x3B, 0xCF, 0x82, 0xDA, 0x69, 0xA1, 0xDD, 0x44, + 0xE8, 0xB3, 0xC1, 0xCB, 0x8D, 0xD5, 0x13, 0xD0, + 0xF3, 0x14, 0x2C, 0x80, 0x82, 0x2C, 0x31, 0xBF, + 0x75, 0x20, 0x14, 0x39, 0x9F, 0x81, 0x79, 0x76, + 0x0F, 0xB6, 0x7D, 0xB6, 0x58, 0x1C, 0xF3, 0xE6, + 0x93, 0x5A, 0x9B, 0xE1, 0x8B, 0x92, 0xC2, 0xDB, + 0xF1, 0x89, 0xAA, 0x46, 0x67, 0xFA, 0x80, 0x45, + 0x72, 0xAA, 0xB4, 0xE2, 0x5E, 0xE9, 0xD1, 0xA7, + 0xA0, 0xD7, 0x05, 0x5C, 0xC6, 0xC7, 0x6D, 0x1D, + 0x66, 0x3D, 0x35, 0x0C, 0xB7, 0x1A, 0xFA, 0xB1, + 0xDB, 0xD0, 0xCB, 0x3A, 0x8B, 0xB7, 0x1B, 0x03, + 0x60, 0xA0, 0xA4, 0xDA, 0xD0, 0xE2, 0x3A, 0x1E, + 0xB5, 0xE4, 0x59, 0x68, 0x6A, 0x02, 0x94, 0x66, + 0x05, 0x60, 0x08, 0x64, 0xB4, 0xEE, 0x0F, 0x3A, + 0xCE, 0xFD, 0x40, 0x7B, 0x6F, 0xF5, 0x8D, 0x1E, + 0xFF, 0x0C, 0x75, 0xAF, 0xC1, 0x41, 0xC6, 0x24, + 0x1D, 0xF3, 0x76, 0x02, 0x48, 0x6B, 0xBA, 0x58, + 0xBC, 0xBB, 0xFE, 0xD3, 0x51, 0xC2, 0x68, 0x21, + 0x4B, 0x20, 0x4E, 0xAF, 0x8A, 0x0C, 0x74, 0x7F, + 0x5F, 0xB7, 0xAA, 0x43, 0xFC, 0x5A, 0x77, 0xA1, + 0x81, 0xCD, 0xBA, 0xE1, 0x31, 0x87, 0x1F, 0xA8, + 0x1F, 0x76, 0x30, 0x6C, 0xE0, 0x84, 0xCD, 0x14, + 0x4A, 0xDB, 0x67, 0xFD, 0x65, 0x8C, 0x35, 0xC0, + 0x91, 0x6C, 0x2B, 0xCF, 0x5B, 0x89, 0x29, 0x58, + 0x42, 0x9B, 0x65, 0xDB, 0x34, 0x7D, 0xD8, 0x31, + 0xC9, 0xB8, 0x0D, 0x07, 0xD1, 0x94, 0x60, 0x63, + 0x65, 0xDC, 0xB3, 0x70, 0x48, 0x46, 0x37, 0x18, + 0x4D, 0x5D, 0xE0, 0xAC, 0x77, 0xD0, 0x9E, 0xE1, + 0xD9, 0xB2, 0x2D, 0x09, 0xD6, 0xF8, 0x94, 0x96, + 0x7B, 0x43, 0xD9, 0x76, 0x36, 0xE6, 0x24, 0xA4, + 0x4A, 0xFF, 0x12, 0xFE, 0x30, 0x95, 0xD7, 0xCB, + 0xA9, 0xA0, 0x3A, 0xCA, 0xFC, 0x52, 0x57, 0xB8, + 0x20, 0x80, 0xF2, 0xD8, 0xAE, 0x3E, 0x18, 0xFC, + 0x0D, 0xE0, 0x9D, 0x01, 0x7B, 0x03, 0xAD, 0x6B, + 0xEE, 0xA4, 0xEC, 0x38, 0x40, 0xAC, 0x85, 0x42, + 0xF8, 0xCF, 0x93, 0x10, 0x8F, 0x8C, 0xFE, 0xF8, + 0x22, 0x64, 0xFC, 0xDD, 0x2C, 0xDD, 0x86, 0x97, + 0x5B, 0x3F, 0x8F, 0xDF, 0x1F, 0x58, 0x22, 0x08, + 0x26, 0x8A, 0x76, 0xE6, 0xC9, 0xFE, 0xDF, 0x42, + 0x90, 0x8D, 0x52, 0x78, 0xA2, 0xBF, 0xBD, 0x3F, + 0xD5, 0xD5, 0xDB, 0xAF, 0xDD, 0x5E, 0x2C, 0x2B, + 0x9F, 0x2E, 0xDC, 0xC1, 0xC4, 0x52, 0x96, 0x38, + 0x49, 0xCB, 0x34, 0xEC, 0x51, 0x00, 0x8D, 0x1B, + 0xF6, 0xDA, 0x50, 0xA0, 0xD1, 0x9D, 0x82, 0x34, + 0x5B, 0x78, 0x8C, 0x05, 0x40, 0xE1, 0x7B, 0x25, + 0xFF, 0xDC, 0xE8, 0xD4, 0x45, 0x3B, 0xBE, 0x75, + 0x1E, 0xDA, 0x96, 0xA4, 0x4C, 0x75, 0xFD, 0xD9, + 0x00, 0x81, 0x85, 0x7D, 0xC0, 0xF8, 0x26, 0x2A, + 0x30, 0x7B, 0x34, 0xCB, 0xEC, 0xD1, 0x56, 0x58, + 0x69, 0xA3, 0x14, 0xD6, 0x4C, 0x09, 0xDC, 0x9D, + 0x4A, 0x80, 0x26, 0x52, 0x2F, 0xDF, 0xE4, 0xCB, + 0x5B, 0x8B, 0x11, 0x05, 0xDA, 0xE0, 0xDB, 0x66, + 0xC8, 0x5B, 0xB4, 0x32, 0x1D, 0xBE, 0x76, 0x84, + 0xEB, 0x6B, 0x6F, 0x85, 0x87, 0xD8, 0x32, 0x0C, + 0x6D, 0xB3, 0x8D, 0xED, 0xD6, 0x18, 0x96, 0xED, + 0x51, 0xAB, 0x0C, 0x7F, 0x42, 0x8F, 0x19, 0xD2, + 0x55, 0xC6, 0xB0, 0xFD, 0xF5, 0x89, 0x51, 0xE5, + 0xCD, 0xB1, 0x96, 0x9C, 0xD9, 0xA7, 0x93, 0x4E, + 0xFD, 0xB9, 0xC8, 0x2E, 0x1E, 0x8D, 0x2A, 0x59, + 0xC9, 0xF7, 0x9D, 0xF1, 0xAA, 0x93, 0xE5, 0x07, + 0x1E, 0x3F, 0xAC, 0x73, 0x19, 0xFF, 0x68, 0x87, + 0x8C, 0xF2, 0x49, 0xDC, 0xBD, 0xCD, 0x10, 0x46, + 0x16, 0xCC, 0xC1, 0xC1, 0xFB, 0xD7, 0x85, 0x56, + 0x9F, 0x55, 0x87, 0x10, 0x44, 0x1B, 0x31, 0xCA, + 0xE3, 0x16, 0x7A, 0x4C, 0xD7, 0xDD, 0xD1, 0x86, + 0x26, 0xC5, 0x43, 0x62, 0x96, 0x20, 0x32, 0xE6, + 0xB7, 0xA2, 0x76, 0x05, 0x61, 0x96, 0xFC, 0x22, + 0x96, 0x7E, 0x90, 0x7C, 0x32, 0x0A, 0x7A, 0xF5, + 0x8C, 0xE3, 0xF5, 0x01, 0xC4, 0xCD, 0x31, 0x8A, + 0x70, 0x75, 0x04, 0xF1, 0xC2, 0x59, 0xE5, 0x07, + 0xA0, 0xD4, 0x7D, 0x25, 0x8E, 0x2F, 0x38, 0xE2, + 0x6A, 0x53, 0x41, 0x34, 0x7A, 0x06, 0xB5, 0x8B, + 0xB0, 0xBF, 0x21, 0xDE, 0xE6, 0x5F, 0x55, 0x6A, + 0xD4, 0x88, 0xA7, 0x36, 0xD4, 0xC6, 0x5C, 0x82, + 0xC6, 0x73, 0xC0, 0x60, 0xD7, 0xA6, 0xA0, 0x77, + 0x5C, 0xF8, 0xC3, 0x9A, 0xA1, 0x31, 0xFD, 0x64, + 0xDB, 0xB1, 0x7B, 0x72, 0x70, 0x4B, 0x7D, 0x1D, + 0x24, 0xBC, 0x5F, 0x84, 0x08, 0x3B, 0xF8, 0xA6, + 0x47, 0xEB, 0xED, 0xCF, 0xDD, 0xA0, 0x91, 0x14, + 0x26, 0x7D, 0x77, 0xCF, 0xBF, 0x39, 0x9B, 0xD9, + 0x2F, 0x3B, 0x2A, 0xA7, 0x2B, 0xBC, 0xF7, 0xDE, + 0x9D, 0x69, 0xBF, 0x90, 0xA4, 0xDE, 0x2C, 0xF8, + 0x24, 0x92, 0x7D, 0xE2, 0xB8, 0xBD, 0xF4, 0x6B, + 0x10, 0x9E, 0xD6, 0x08, 0x51, 0xC5, 0x9C, 0x44, + 0x8E, 0xCB, 0x44, 0x3F, 0x00, 0x26, 0x3C, 0x9C, + 0x25, 0xF4, 0x62, 0x74, 0xD1, 0x7C, 0x29, 0x4C, + 0xEB, 0xF2, 0x53, 0x7D, 0x8F, 0xEA, 0xBD, 0x78, + 0xEE, 0xBC, 0xBA, 0x72, 0x64, 0xA5, 0xB9, 0x45, + 0x08, 0xE0, 0xBF, 0x62, 0xEF, 0xC2, 0x1E, 0x06, + 0xE1, 0xE2, 0xFB, 0x14, 0x44, 0xC5, 0xAB, 0x6F, + 0x84, 0x7F, 0x52, 0x2F, 0x8A, 0xBE, 0xED, 0x04, + 0x6D, 0x6D, 0xDC, 0xFF, 0xBC, 0xB8, 0xC8, 0x1F, + 0xD0, 0x5D, 0x4D, 0x7F, 0x2E, 0x1B, 0xC9, 0x9B, + 0xEA, 0xF8, 0xC1, 0xAF, 0xE3, 0xE0, 0x5B, 0x36, + 0x90, 0xFE, 0xE4, 0xAA, 0x37, 0x5A, 0x3D, 0xCB, + 0x77, 0x57, 0x7C, 0xCC, 0x6E, 0x3E, 0xBE, 0x8A, + 0x98, 0x7C, 0x6D, 0x7E, 0x89, 0x60, 0x73, 0xC0, + 0xCC, 0x0C, 0x48, 0x25, 0x46, 0xB5, 0x39, 0xB4, + 0xFD, 0xF0, 0x4E, 0xED, 0x8E, 0x87, 0xF8, 0x5B, + 0x00, 0xBE, 0x43, 0xA6, 0x0B, 0x21, 0x7E, 0x96, + 0x88, 0x3B, 0x91, 0xD7, 0x88, 0x1A, 0xA0, 0xDD, + 0x3E, 0xBF, 0x5B, 0x0D, 0x08, 0xD0, 0x85, 0x4E, + 0xD4, 0x27, 0x8F, 0xC9, 0x02, 0xE0, 0x60, 0xEA, + 0x16, 0xFB, 0xC2, 0x54, 0xA5, 0x08, 0xC8, 0x6F, + 0x7A, 0xE7, 0x54, 0x93, 0xB8, 0xDD, 0xA0, 0x86, + 0xE9, 0xC1, 0xB2, 0x17, 0xF5, 0xC9, 0x11, 0x97, + 0x83, 0x66, 0x88, 0xCD, 0x2D, 0x0B, 0xB8, 0xE5, + 0x52, 0xD1, 0x13, 0x7A, 0xA7, 0xEB, 0xD5, 0xD5, + 0x60, 0x53, 0x8E, 0x9B, 0xB6, 0xB4, 0x1D, 0x06, + 0x90, 0xB0, 0x6C, 0x66, 0xD1, 0x57, 0x5B, 0x86, + 0x1C, 0x8A, 0x7D, 0x3A, 0x88, 0x4C, 0xC9, 0x88, + 0x1A, 0xC3, 0x00, 0x1F, 0x30, 0x0D, 0xF3, 0x47, + 0x62, 0x79, 0x85, 0x89, 0xF9, 0xEE, 0x5C, 0x92, + 0x43, 0x61, 0x53, 0xD8, 0xC7, 0x32, 0x55, 0x9B, + 0x33, 0x3D, 0x69, 0x8F, 0x3E, 0xC5, 0x82, 0x0E, + 0x8A, 0xA5, 0xF2, 0xE5, 0xA7, 0x69, 0xC2, 0xB4, + 0x7A, 0xFA, 0x27, 0x5F, 0xE4, 0x74, 0xAF, 0x81, + 0x37, 0xC7, 0x01, 0x9A, 0xF2, 0xE6, 0x0C, 0xA7, + 0x5E, 0xDB, 0xE4, 0x8F, 0x81, 0xA6, 0x51, 0xCE, + 0x6B, 0xAB, 0xD3, 0x37, 0x4C, 0x07, 0x72, 0xA8, + 0xAC, 0x36, 0x77, 0xB1, 0x0F, 0x54, 0x77, 0x17, + 0xC9, 0x67, 0x50, 0xDA, 0x44, 0x8B, 0xD9, 0xC7, + 0x93, 0x8C, 0x66, 0xCD, 0x6F, 0xB7, 0x5D, 0x73, + 0x2D, 0xAC, 0x83, 0x1A, 0xDC, 0xE9, 0x17, 0x6D, + 0x94, 0x85, 0x6E, 0x1B, 0xF6, 0x08, 0x38, 0xD0, + 0x9E, 0x63, 0x23, 0xA2, 0x7B, 0x16, 0x09, 0xF9, + 0xC1, 0x21, 0xF4, 0x98, 0xD2, 0xBB, 0x68, 0x58, + 0x18, 0xA0, 0x0D, 0xE7, 0xBA, 0x6B, 0x28, 0x47, + 0xC5, 0x16, 0x14, 0x9F, 0x35, 0x6E, 0xCE, 0xF0, + 0x4F, 0x34, 0xEA, 0x48, 0x35, 0x46, 0xFE, 0xEB, + 0x12, 0xEA, 0x40, 0x77, 0x62, 0x04, 0x30, 0xC3, + 0x9D, 0xBF, 0x47, 0xC0, 0x5E, 0xED, 0x5E, 0xD5, + 0x87, 0xFF, 0xF5, 0x92, 0x21, 0x7C, 0xA9, 0x5A, + 0x2C, 0x3D, 0x1E, 0x6F, 0x6F, 0xF9, 0xFF, 0x20, + 0x9F, 0x8B, 0x30, 0xA9, 0x9D, 0x56, 0xA3, 0x97, + 0x7A, 0x33, 0x17, 0x49, 0x0B, 0x2B, 0x00, 0x1F, + 0x43, 0xCD, 0x8D, 0xDD, 0x1D, 0x8F, 0xC1, 0x6A, + 0x3F, 0xA9, 0xB4, 0x31, 0x54, 0x62, 0x84, 0x5B, + 0x99, 0x5D, 0x2A, 0xB7, 0x6E, 0xA5, 0x39, 0xC7, + 0xF0, 0x4C, 0x31, 0x6C, 0x71, 0xD6, 0x00, 0xE1, + 0xAC, 0x4F, 0xD5, 0xC8, 0xC6, 0x34, 0x3B, 0xC8, + 0x05, 0x5F, 0x17, 0x00, 0xB4, 0x0E, 0xA2, 0xF1, + 0xAB, 0xE9, 0x4B, 0xE0, 0x06, 0x01, 0x3A, 0xA2, + 0x61, 0xF0, 0x72, 0x0A, 0xB7, 0x99, 0xD0, 0xFC, + 0x6D, 0xB5, 0xE9, 0xA4, 0xC3, 0xC5, 0xA7, 0xF8, + 0x2D, 0x70, 0xD2, 0x8E, 0x41, 0x0D, 0xD1, 0x64, + 0xE3, 0xE4, 0x61, 0xA4, 0x6E, 0x81, 0xFB, 0xDC, + 0xB8, 0x10, 0x84, 0x8B, 0xCE, 0xE0, 0x6F, 0x88, + 0x33, 0x25, 0x64, 0x6E, 0x1E, 0x2A, 0x69, 0x3F, + 0xA5, 0xDA, 0x7C, 0x25, 0xEB, 0x21, 0xC4, 0xEA, + 0xB8, 0x7D, 0xC7, 0x87, 0xA2, 0x67, 0x7C, 0xEB, + 0x6A, 0x26, 0xE1, 0x06, 0xFE, 0x78, 0xE1, 0x18, + 0xFF, 0x54, 0x71, 0x3E, 0x00, 0x59, 0x7B, 0xFA, + 0x52, 0x8C, 0x2A, 0xED, 0x06, 0x9A, 0x12, 0x6D, + 0xE3, 0x74, 0x6F, 0x06, 0x65, 0xE1, 0x75, 0x80, + 0x63, 0x0F, 0x70, 0x2F, 0xAB, 0xC0, 0xF1, 0xCD, + 0x7F, 0x57, 0xAA, 0x71, 0xF6, 0x38, 0xD8, 0xAF, + 0x37, 0xD3, 0xD9, 0xE0, 0xA7, 0xE9, 0x05, 0x5D, + 0xA3, 0xDF, 0x86, 0x48, 0x3F, 0x25, 0xDE, 0xBA, + 0x18, 0xCE, 0xF6, 0x99, 0xEB, 0x87, 0x70, 0xC7, + 0x85, 0x84, 0x79, 0x8A, 0xD8, 0x02, 0x8B, 0xAD, + 0xC5, 0x9D, 0x2A, 0xF9, 0xAE, 0xAE, 0x37, 0xEC, + 0x93, 0x91, 0x16, 0x10, 0x5F, 0x9F, 0x64, 0xEF, + 0x82, 0x78, 0xC6, 0x4D, 0xED, 0x3F, 0xD4, 0x33, + 0xA7, 0xB8, 0x82, 0x09, 0x16, 0xBE, 0xDC, 0x6B, + 0x7A, 0x75, 0x69, 0x8A, 0xDE, 0xD3, 0xFD, 0xE8, + 0x86, 0x75, 0x42, 0x83, 0x03, 0x57, 0x30, 0x70, + 0xA5, 0xA3, 0x85, 0x1F, 0x9F, 0x21, 0xEA, 0xC7, + 0x80, 0xFA, 0x8A, 0xA4, 0x02, 0x3E, 0x39, 0x11, + 0x48, 0x7D, 0x85, 0x2A, 0x53, 0x77, 0x43, 0x5A, + 0x5F, 0xFF, 0x9C, 0x60, 0x4B, 0x5D, 0x95, 0xB0, + 0x96, 0x8A, 0xE0, 0xEC, 0xF4, 0x43, 0x1B, 0x10, + 0x3F, 0xA6, 0xBA, 0x71, 0xC4, 0xDC, 0x81, 0x73, + 0xA2, 0xDE, 0x1F, 0x79, 0xDD, 0xB6, 0x0D, 0x2D, + 0x0C, 0x8E, 0x56, 0x55, 0xD0, 0x94, 0x44, 0x29, + 0x16, 0x92, 0x99, 0x2D, 0x99, 0xFC, 0x48, 0xF2, + 0x16, 0x0E, 0xC0, 0xAC, 0xE4, 0xC4, 0x92, 0x07, + 0xBB, 0xB7, 0x6D, 0x7F, 0x2A, 0x85, 0xE1, 0x81, + 0x02, 0xB9, 0x5A, 0x51, 0x45, 0x88, 0xF5, 0x9F, + 0x16, 0x2D, 0x33, 0xCE, 0xD6, 0x18, 0x07, 0x03, + 0xED, 0xC3, 0x6C, 0x8B, 0x33, 0x94, 0x88, 0x81, + 0x0D, 0x2E, 0xAE, 0x96, 0x25, 0xCE, 0xE3, 0x83, + 0x27, 0x1C, 0x71, 0x72, 0xEE, 0xD6, 0xB5, 0x48, + 0x69, 0x60, 0xE8, 0x99, 0x18, 0x74, 0xB0, 0x13, + 0x53, 0x59, 0x3D, 0x70, 0x70, 0xBD, 0xEB, 0x7A, + 0x9F, 0x92, 0x29, 0xAB, 0x77, 0x0E, 0xEB, 0x46, + 0x37, 0x8D, 0x57, 0xD9, 0x56, 0xDF, 0x7A, 0x86, + 0x40, 0x04, 0x02, 0x98, 0xF7, 0x00, 0xF4, 0x41, + 0x5B, 0xDD, 0x3A, 0x96, 0x15, 0xA4, 0x65, 0xDB, + 0x01, 0x28, 0x22, 0x12, 0xCF, 0x1A, 0xEC, 0x4B, + 0x0B, 0x8C, 0xB3, 0xB1, 0x7E, 0x5E, 0xFA, 0x28, + 0x6C, 0x6C, 0x04, 0x5B, 0x43, 0x9C, 0x74, 0x9F, + 0xE1, 0xD4, 0x50, 0x75, 0xD8, 0xE7, 0xA0, 0x0F, + 0xBE, 0x84, 0x48, 0xFC, 0xAC, 0xAA, 0x15, 0x3D, + 0x69, 0x70, 0x9D, 0x9F, 0xF2, 0xB9, 0x7C, 0xDB, + 0x26, 0xC0, 0xC3, 0x79, 0x28, 0x7C, 0xE6, 0x48, + 0x61, 0xAD, 0xD7, 0x89, 0xD0, 0xC8, 0x93, 0x9A, + 0x14, 0x21, 0xB0, 0x85, 0xD6, 0x23, 0x4C, 0xE1, + 0xA7, 0x49, 0xDE, 0x3D, 0xCB, 0xE8, 0xE0, 0x61, + 0x5C, 0xB3, 0xBC, 0xDC, 0x6A, 0x81, 0xA5, 0xC4, + 0x9D, 0x92, 0x85, 0x74, 0x5F, 0x1C, 0xA8, 0xA0, + 0x64, 0x1E, 0x32, 0x68, 0x83, 0x41, 0x93, 0x34, + 0x82, 0x18, 0x3E, 0x24, 0x5C, 0x1F, 0x9C, 0xD2, + 0x80, 0x28, 0xC3, 0x8A, 0x23, 0x18, 0x1A, 0x44, + 0x5A, 0xA6, 0xEA, 0xCC, 0xE2, 0x06, 0x06, 0xE6, + 0xF7, 0xF1, 0xDF, 0x70, 0x68, 0x83, 0xCD, 0xA5, + 0x2F, 0x3F, 0x2B, 0x68, 0xDE, 0x26, 0xDD, 0x37, + 0x71, 0xE9, 0x50, 0x03, 0x2C, 0xC7, 0x20, 0x0C, + 0x20, 0x23, 0xC8, 0x24, 0x96, 0x50, 0x82, 0x82, + 0xCD, 0x3B, 0xC4, 0x7F, 0xEC, 0xE5, 0xD9, 0x7C, + 0xA1, 0xCE, 0x35, 0x74, 0x4D, 0x03, 0xD7, 0xA4, + 0x28, 0xB7, 0xAF, 0x12, 0xB0, 0xCB, 0x8E, 0x65, + 0x7C, 0x01, 0x30, 0xF8, 0xA3, 0xA2, 0x54, 0x97, + 0x6E, 0xC8, 0xF7, 0xDC, 0xCF, 0x3A, 0xBF, 0x31, + 0xF4, 0xB0, 0xB3, 0xF7, 0x12, 0x6F, 0xFC, 0x48, + 0x77, 0xF3, 0xD1, 0xA0, 0x66, 0xD2, 0x6A, 0x23, + 0x2F, 0xA9, 0x99, 0x21, 0x61, 0x22, 0x54, 0x11, + 0xED, 0x7D, 0xDB, 0x93, 0xC3, 0x5C, 0x6A, 0x37, + 0x7F, 0x30, 0xCF, 0x22, 0xAA, 0x39, 0x2D, 0x5C, + 0x4F, 0xEE, 0x4F, 0x73, 0xC9, 0xEF, 0x6E, 0xD3, + 0xA0, 0x27, 0x97, 0x14, 0x52, 0x3B, 0x19, 0x18, + 0x65, 0x1E, 0x9B, 0x0F, 0xFA, 0x55, 0x0F, 0x16, + 0x10, 0x53, 0xEE, 0x78, 0x01, 0x39, 0x7B, 0x4C, + 0x18, 0x49, 0x98, 0x7C, 0x17, 0x9E, 0x76, 0x3E, + 0xCC, 0x60, 0xA4, 0xE4, 0xC5, 0x36, 0xB7, 0xE2, + 0x66, 0x3E, 0x4C, 0x72, 0x67, 0x14, 0xB0, 0x2E, + 0xC3, 0x16, 0x9E, 0x84, 0x07, 0xBA, 0x59, 0x2B, + 0x0E, 0xB8, 0x46, 0xF3, 0x69, 0x2D, 0xD4, 0x46, + 0x51, 0xEE, 0x08, 0x47, 0x21, 0xCA, 0xC0, 0xFE, + 0x1C, 0xCC, 0x30, 0x27, 0x07, 0xEF, 0xE2, 0x46, + 0x64, 0xE0, 0x5B, 0xDC, 0x69, 0xC8, 0x39, 0x04, + 0xAC, 0xB8, 0xCF, 0x97, 0x12, 0x1C, 0x7E, 0x5C, + 0x6D, 0xB2, 0x7E, 0xA2, 0x8E, 0x77, 0xBC, 0xDA, + 0x55, 0xD2, 0xBC, 0xC1, 0xC5, 0xFC, 0xC5, 0x52, + 0xAB, 0x83, 0xBC, 0xE4, 0x23, 0x8C, 0xA1, 0x80, + 0x62, 0xC2, 0xD2, 0x3A, 0x8B, 0x80, 0x0C, 0x82, + 0x09, 0xC3, 0xA4, 0xCD, 0xDA, 0xF1, 0x16, 0x16, + 0x57, 0x8A, 0x84, 0x55, 0x66, 0xFC, 0x28, 0x9A, + 0x8E, 0x3C, 0x88, 0xF5, 0x54, 0xC4, 0x92, 0x60, + 0x71, 0xDA, 0x89, 0x32, 0x6B, 0xEB, 0x25, 0x9A, + 0x0E, 0x1F, 0x6D, 0x84, 0x4E, 0xBF, 0x7B, 0x28, + 0x1F, 0x9F, 0xC3, 0x74, 0x3A, 0x65, 0x49, 0x9E, + 0x73, 0x94, 0x63, 0x48, 0x18, 0xE1, 0x33, 0xFA, + 0xC6, 0x64, 0xFA, 0x0C, 0x88, 0xF1, 0x01, 0xCE, + 0xC3, 0xFE, 0xD8, 0x79, 0x29, 0x50, 0xBF, 0x6E, + 0x49, 0x74, 0x84, 0x9E, 0x1E, 0xBD, 0x27, 0x69, + 0x1B, 0xF5, 0x51, 0x9B, 0x70, 0x2E, 0x1A, 0xA4, + 0xB3, 0xDB, 0xAD, 0xAB, 0x5D, 0xFA, 0x34, 0xFB, + 0x0E, 0xD9, 0xD4, 0xA9, 0xDF, 0x4B, 0x6B, 0x63, + 0xCA, 0x71, 0x65, 0xE2, 0xA9, 0x08, 0x27, 0x40, + 0x8C, 0x48, 0x2D, 0x9D, 0xBC, 0x97, 0x24, 0x68, + 0x58, 0x4F, 0x42, 0x37, 0x60, 0x04, 0xE7, 0x8B, + 0xE0, 0x67, 0x00, 0x9E, 0x43, 0x30, 0x4B, 0xED, + 0xC1, 0x07, 0xA4, 0xE2, 0xA8, 0x9C, 0xAF, 0x18, + 0x5C, 0x9B, 0xB7, 0xE9, 0xFD, 0x2C, 0xB9, 0x2A, + 0xEF, 0x36, 0x3B, 0xD7, 0x96, 0xF3, 0x60, 0x4E, + 0xDC, 0x08, 0xA7, 0xC5, 0x45, 0xB8, 0x37, 0x02, + 0xD3, 0xCF, 0x80, 0x88, 0x52, 0x10, 0x3E, 0x01, + 0x3B, 0xFE, 0xA1, 0x61, 0xAF, 0x25, 0x0B, 0xCC, + 0x72, 0x77, 0x1D, 0x0C, 0x48, 0x4D, 0xD5, 0x55, + 0x41, 0x72, 0x3A, 0x21, 0x0D, 0x68, 0x3B, 0x99, + 0x8C, 0xDB, 0xAF, 0x3D, 0x9A, 0x5E, 0x71, 0x78, + 0x6F, 0x1C, 0xF4, 0x7B, 0x86, 0x22, 0x51, 0xB5, + 0x16, 0x33, 0x60, 0x87, 0x9A, 0xC0, 0x20, 0x2D, + 0x33, 0x49, 0x51, 0x54, 0x5C, 0x5F, 0x71, 0x76, + 0x7C, 0x8F, 0x96, 0xA9, 0xD6, 0xE4, 0xF2, 0x1F, + 0x28, 0x43, 0x4D, 0x7E, 0x96, 0xBB, 0xC5, 0xE3, + 0xEF, 0xF3, 0xFD, 0x02, 0x0C, 0x17, 0x23, 0x3E, + 0x7F, 0x99, 0xB0, 0xE3, 0xE8, 0xF5, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x06, 0x17, 0x23, 0x2E + }; +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + static const byte sk_65[] = { + 0xF2, 0x6B, 0xFE, 0x12, 0x68, 0x86, 0xF4, 0x82, + 0x22, 0x94, 0x4D, 0x02, 0x18, 0xFA, 0xC1, 0x7C, + 0xD8, 0xA9, 0xCC, 0x6D, 0x67, 0xA0, 0x23, 0xFD, + 0xC0, 0x7A, 0xFF, 0xC2, 0xD0, 0x25, 0xF7, 0x70, + 0x63, 0x85, 0x0D, 0x88, 0x0E, 0x98, 0xFE, 0xE5, + 0x02, 0xE0, 0x17, 0x32, 0x70, 0x00, 0xCC, 0xAF, + 0x61, 0x45, 0x73, 0xB3, 0x5A, 0xDE, 0xFE, 0xBC, + 0xAC, 0xEE, 0xA4, 0xB2, 0xC4, 0xD0, 0x45, 0xE5, + 0xBB, 0xFD, 0x3E, 0x5A, 0x72, 0xE3, 0x71, 0xAD, + 0x83, 0xB9, 0x94, 0x98, 0x77, 0xD8, 0xE6, 0x56, + 0xD4, 0x6B, 0x47, 0x75, 0x0F, 0x73, 0x0F, 0x96, + 0xDB, 0x43, 0x0B, 0x18, 0x60, 0x88, 0x67, 0x5D, + 0x9A, 0x9B, 0xD7, 0x8E, 0x47, 0xB8, 0x9D, 0x04, + 0xA8, 0x51, 0x7E, 0xD2, 0x22, 0x06, 0x95, 0x33, + 0x9F, 0x99, 0xA9, 0x7F, 0x35, 0x3C, 0xE4, 0x20, + 0x47, 0x77, 0x20, 0x9F, 0x5F, 0x3C, 0x9E, 0x9A, + 0x36, 0x14, 0x54, 0x01, 0x57, 0x48, 0x60, 0x50, + 0x75, 0x28, 0x64, 0x61, 0x72, 0x60, 0x54, 0x20, + 0x75, 0x48, 0x60, 0x32, 0x73, 0x85, 0x34, 0x24, + 0x68, 0x63, 0x71, 0x73, 0x81, 0x26, 0x71, 0x68, + 0x32, 0x61, 0x24, 0x71, 0x14, 0x18, 0x26, 0x15, + 0x05, 0x77, 0x36, 0x27, 0x50, 0x35, 0x21, 0x82, + 0x50, 0x15, 0x31, 0x47, 0x48, 0x24, 0x43, 0x76, + 0x18, 0x85, 0x66, 0x18, 0x05, 0x64, 0x27, 0x01, + 0x06, 0x06, 0x01, 0x45, 0x42, 0x60, 0x80, 0x68, + 0x25, 0x08, 0x08, 0x36, 0x13, 0x05, 0x04, 0x32, + 0x34, 0x87, 0x00, 0x70, 0x71, 0x70, 0x02, 0x51, + 0x37, 0x15, 0x08, 0x28, 0x25, 0x72, 0x61, 0x67, + 0x08, 0x52, 0x63, 0x44, 0x07, 0x88, 0x60, 0x42, + 0x03, 0x17, 0x24, 0x64, 0x80, 0x08, 0x70, 0x23, + 0x56, 0x41, 0x46, 0x17, 0x46, 0x01, 0x57, 0x74, + 0x02, 0x76, 0x31, 0x64, 0x73, 0x83, 0x50, 0x62, + 0x72, 0x61, 0x62, 0x75, 0x45, 0x73, 0x46, 0x33, + 0x65, 0x14, 0x36, 0x46, 0x12, 0x26, 0x04, 0x34, + 0x02, 0x81, 0x20, 0x34, 0x41, 0x88, 0x26, 0x77, + 0x33, 0x40, 0x18, 0x58, 0x03, 0x41, 0x16, 0x58, + 0x88, 0x04, 0x88, 0x32, 0x71, 0x05, 0x85, 0x83, + 0x42, 0x55, 0x34, 0x20, 0x18, 0x46, 0x12, 0x54, + 0x28, 0x03, 0x67, 0x10, 0x84, 0x31, 0x76, 0x00, + 0x40, 0x85, 0x46, 0x71, 0x71, 0x56, 0x00, 0x50, + 0x15, 0x33, 0x43, 0x13, 0x37, 0x57, 0x13, 0x86, + 0x43, 0x77, 0x85, 0x57, 0x54, 0x81, 0x75, 0x60, + 0x37, 0x31, 0x28, 0x52, 0x20, 0x78, 0x65, 0x53, + 0x76, 0x10, 0x84, 0x87, 0x57, 0x13, 0x66, 0x03, + 0x56, 0x81, 0x36, 0x66, 0x68, 0x41, 0x55, 0x64, + 0x63, 0x70, 0x26, 0x21, 0x02, 0x30, 0x28, 0x35, + 0x02, 0x45, 0x88, 0x80, 0x02, 0x06, 0x44, 0x58, + 0x24, 0x13, 0x88, 0x83, 0x22, 0x34, 0x22, 0x50, + 0x47, 0x11, 0x01, 0x86, 0x45, 0x60, 0x67, 0x36, + 0x82, 0x22, 0x18, 0x74, 0x11, 0x60, 0x58, 0x60, + 0x87, 0x26, 0x31, 0x85, 0x12, 0x70, 0x84, 0x83, + 0x88, 0x68, 0x88, 0x51, 0x00, 0x55, 0x02, 0x57, + 0x77, 0x42, 0x13, 0x23, 0x14, 0x04, 0x76, 0x80, + 0x72, 0x25, 0x51, 0x56, 0x10, 0x63, 0x12, 0x21, + 0x03, 0x86, 0x27, 0x30, 0x28, 0x12, 0x01, 0x37, + 0x48, 0x32, 0x53, 0x86, 0x15, 0x46, 0x50, 0x05, + 0x34, 0x87, 0x61, 0x04, 0x88, 0x18, 0x35, 0x85, + 0x44, 0x46, 0x24, 0x67, 0x43, 0x83, 0x02, 0x26, + 0x56, 0x41, 0x41, 0x77, 0x86, 0x56, 0x41, 0x75, + 0x25, 0x61, 0x36, 0x05, 0x47, 0x65, 0x00, 0x14, + 0x32, 0x38, 0x16, 0x81, 0x06, 0x30, 0x61, 0x25, + 0x16, 0x30, 0x50, 0x44, 0x13, 0x08, 0x75, 0x00, + 0x50, 0x20, 0x68, 0x21, 0x55, 0x74, 0x61, 0x18, + 0x62, 0x05, 0x15, 0x51, 0x08, 0x24, 0x01, 0x13, + 0x81, 0x33, 0x64, 0x83, 0x23, 0x00, 0x55, 0x73, + 0x62, 0x40, 0x61, 0x75, 0x15, 0x78, 0x21, 0x14, + 0x13, 0x64, 0x21, 0x47, 0x07, 0x76, 0x80, 0x76, + 0x76, 0x17, 0x75, 0x50, 0x61, 0x14, 0x40, 0x82, + 0x87, 0x83, 0x50, 0x87, 0x30, 0x86, 0x35, 0x30, + 0x28, 0x20, 0x10, 0x01, 0x48, 0x18, 0x34, 0x65, + 0x23, 0x10, 0x25, 0x42, 0x40, 0x22, 0x54, 0x34, + 0x35, 0x33, 0x71, 0x70, 0x20, 0x61, 0x55, 0x74, + 0x33, 0x01, 0x02, 0x60, 0x58, 0x24, 0x80, 0x12, + 0x46, 0x41, 0x38, 0x10, 0x76, 0x67, 0x34, 0x63, + 0x48, 0x85, 0x06, 0x48, 0x04, 0x23, 0x22, 0x66, + 0x57, 0x71, 0x68, 0x18, 0x04, 0x32, 0x01, 0x31, + 0x01, 0x55, 0x22, 0x27, 0x55, 0x72, 0x10, 0x00, + 0x43, 0x88, 0x76, 0x62, 0x84, 0x77, 0x07, 0x77, + 0x14, 0x07, 0x20, 0x53, 0x74, 0x17, 0x51, 0x17, + 0x66, 0x84, 0x47, 0x83, 0x61, 0x03, 0x52, 0x10, + 0x05, 0x40, 0x46, 0x55, 0x61, 0x47, 0x26, 0x70, + 0x40, 0x22, 0x10, 0x34, 0x41, 0x01, 0x03, 0x48, + 0x33, 0x05, 0x72, 0x32, 0x75, 0x82, 0x45, 0x85, + 0x20, 0x70, 0x80, 0x82, 0x20, 0x23, 0x62, 0x81, + 0x15, 0x47, 0x80, 0x23, 0x67, 0x23, 0x73, 0x34, + 0x44, 0x33, 0x85, 0x10, 0x05, 0x50, 0x30, 0x03, + 0x48, 0x13, 0x01, 0x36, 0x45, 0x11, 0x06, 0x33, + 0x82, 0x22, 0x78, 0x75, 0x42, 0x02, 0x40, 0x45, + 0x04, 0x47, 0x43, 0x05, 0x30, 0x44, 0x42, 0x02, + 0x28, 0x26, 0x64, 0x24, 0x74, 0x75, 0x86, 0x11, + 0x85, 0x43, 0x25, 0x46, 0x10, 0x62, 0x82, 0x71, + 0x08, 0x27, 0x45, 0x13, 0x73, 0x18, 0x84, 0x73, + 0x51, 0x51, 0x67, 0x14, 0x70, 0x11, 0x07, 0x08, + 0x62, 0x16, 0x25, 0x27, 0x36, 0x68, 0x44, 0x01, + 0x18, 0x63, 0x74, 0x50, 0x31, 0x13, 0x43, 0x65, + 0x80, 0x11, 0x16, 0x52, 0x86, 0x42, 0x51, 0x81, + 0x51, 0x17, 0x05, 0x68, 0x05, 0x73, 0x60, 0x37, + 0x63, 0x85, 0x86, 0x11, 0x23, 0x23, 0x38, 0x13, + 0x87, 0x48, 0x82, 0x74, 0x71, 0x81, 0x87, 0x65, + 0x58, 0x26, 0x60, 0x34, 0x76, 0x16, 0x15, 0x24, + 0x06, 0x78, 0x16, 0x40, 0x03, 0x45, 0x72, 0x31, + 0x63, 0x73, 0x31, 0x85, 0x02, 0x66, 0x44, 0x36, + 0x24, 0x82, 0x56, 0x38, 0x86, 0x10, 0x40, 0x54, + 0x72, 0x70, 0x24, 0x22, 0x72, 0x78, 0x47, 0x07, + 0x86, 0x30, 0x48, 0x72, 0x84, 0x57, 0x06, 0x34, + 0x78, 0x37, 0x63, 0x25, 0x56, 0x64, 0x81, 0x30, + 0x62, 0x77, 0x22, 0x84, 0x20, 0x10, 0x74, 0x25, + 0x04, 0x21, 0x76, 0x47, 0x72, 0x35, 0x05, 0x06, + 0x22, 0x50, 0x34, 0x11, 0x26, 0x67, 0x03, 0x05, + 0x42, 0x04, 0x16, 0x01, 0x27, 0x17, 0x86, 0x67, + 0x70, 0x51, 0x53, 0x13, 0x12, 0x62, 0x03, 0x25, + 0x05, 0x38, 0x37, 0x44, 0x02, 0x66, 0x84, 0x74, + 0x14, 0x40, 0x35, 0x20, 0x40, 0x30, 0x44, 0x64, + 0x27, 0x50, 0x77, 0x47, 0x06, 0x15, 0x84, 0x48, + 0x13, 0x14, 0x32, 0x48, 0x11, 0x74, 0x80, 0x68, + 0x85, 0x81, 0x17, 0x67, 0x38, 0x22, 0x76, 0x16, + 0x18, 0x44, 0x55, 0x47, 0x85, 0x36, 0x44, 0x11, + 0x52, 0x01, 0x81, 0x50, 0x41, 0x00, 0x00, 0x25, + 0x83, 0x41, 0x62, 0x22, 0x12, 0x54, 0x88, 0x77, + 0x70, 0x48, 0x84, 0x25, 0x77, 0x75, 0x40, 0x16, + 0x46, 0x24, 0x88, 0x81, 0x65, 0x70, 0x02, 0x66, + 0x28, 0x64, 0x12, 0x40, 0x30, 0x60, 0x53, 0x06, + 0x44, 0x02, 0x48, 0x78, 0x75, 0x68, 0x21, 0x23, + 0x30, 0x05, 0x81, 0x17, 0x72, 0x66, 0x88, 0x71, + 0x50, 0x25, 0x03, 0x51, 0x42, 0x27, 0x20, 0x81, + 0x03, 0x52, 0x73, 0x53, 0x63, 0x57, 0x13, 0x60, + 0x41, 0x20, 0x47, 0x12, 0x55, 0x57, 0x58, 0x16, + 0x38, 0x63, 0x21, 0x34, 0x51, 0x76, 0x33, 0x26, + 0x70, 0x41, 0x18, 0x11, 0x07, 0x37, 0x16, 0x12, + 0x01, 0x14, 0x28, 0x56, 0x78, 0x10, 0x86, 0x24, + 0x24, 0x32, 0x01, 0x13, 0x57, 0x53, 0x46, 0x46, + 0x24, 0x05, 0x20, 0x16, 0x56, 0x83, 0x30, 0x30, + 0x61, 0x20, 0x75, 0x07, 0x05, 0x74, 0x14, 0x17, + 0x43, 0x72, 0x23, 0x04, 0x18, 0x61, 0x50, 0x13, + 0x67, 0x31, 0x75, 0x36, 0x71, 0x02, 0x38, 0x74, + 0x21, 0x80, 0x20, 0x48, 0x66, 0x23, 0x52, 0x54, + 0x77, 0x27, 0x45, 0x73, 0x23, 0x88, 0x60, 0x50, + 0x88, 0x82, 0x70, 0x23, 0x72, 0x08, 0x44, 0x66, + 0x44, 0x36, 0x12, 0x57, 0x66, 0x14, 0x25, 0x12, + 0x17, 0x34, 0x64, 0x82, 0x01, 0x54, 0x61, 0x57, + 0x50, 0x31, 0x65, 0x64, 0x75, 0x44, 0x76, 0x48, + 0x16, 0x44, 0x46, 0x55, 0x80, 0x64, 0x26, 0x53, + 0x27, 0x22, 0x10, 0x87, 0x84, 0x03, 0x15, 0x35, + 0x15, 0x20, 0x86, 0x14, 0x04, 0x03, 0x26, 0x43, + 0x31, 0x43, 0x31, 0x45, 0x46, 0x34, 0x36, 0x87, + 0x44, 0x41, 0x21, 0x77, 0x61, 0x20, 0x85, 0x06, + 0x28, 0x51, 0x15, 0x62, 0x77, 0x20, 0x38, 0x58, + 0x78, 0x27, 0x12, 0x22, 0x46, 0x71, 0x51, 0x38, + 0x11, 0x15, 0x40, 0x03, 0x78, 0x36, 0x15, 0x57, + 0x34, 0x28, 0x53, 0x21, 0x37, 0x35, 0x04, 0x76, + 0x00, 0x56, 0x72, 0x48, 0x46, 0x01, 0x56, 0x67, + 0x62, 0x36, 0x14, 0x51, 0x23, 0x54, 0x32, 0x35, + 0x82, 0x83, 0x21, 0x60, 0x38, 0x62, 0x21, 0x03, + 0x62, 0x76, 0x40, 0x34, 0x66, 0x88, 0x50, 0x73, + 0x00, 0x53, 0x87, 0x31, 0x37, 0x50, 0x11, 0x32, + 0x86, 0x52, 0x18, 0x64, 0x16, 0x63, 0x48, 0x71, + 0x70, 0x47, 0x24, 0x85, 0x31, 0x86, 0x60, 0x86, + 0x33, 0x52, 0x85, 0x82, 0x68, 0x17, 0x70, 0x88, + 0x84, 0x56, 0x52, 0x77, 0x04, 0x48, 0x22, 0x22, + 0x54, 0x57, 0x20, 0x31, 0x76, 0x47, 0x26, 0x25, + 0x04, 0x35, 0x38, 0x44, 0x55, 0x21, 0x14, 0x02, + 0x13, 0x64, 0x74, 0x87, 0x68, 0x68, 0x73, 0x05, + 0x22, 0x45, 0x54, 0x45, 0x83, 0x46, 0x64, 0x54, + 0x80, 0x07, 0x32, 0x87, 0x52, 0x43, 0x54, 0x54, + 0x14, 0x73, 0x24, 0x87, 0x36, 0x41, 0x74, 0x84, + 0x06, 0x35, 0x13, 0x40, 0x61, 0x54, 0x21, 0x31, + 0x48, 0x63, 0x05, 0x74, 0x24, 0x84, 0x74, 0x76, + 0x11, 0x10, 0x16, 0x63, 0x77, 0x12, 0x26, 0x61, + 0x31, 0x28, 0x70, 0x34, 0x25, 0x01, 0x30, 0x76, + 0x76, 0x06, 0x21, 0x58, 0x42, 0x87, 0x31, 0x72, + 0x76, 0x03, 0x76, 0x26, 0x78, 0x05, 0x88, 0x25, + 0x25, 0x86, 0x17, 0x02, 0x85, 0x88, 0x76, 0x20, + 0x36, 0x57, 0x30, 0x81, 0x83, 0x61, 0x05, 0x80, + 0x21, 0x45, 0x74, 0x01, 0x12, 0x74, 0x51, 0x28, + 0x77, 0x26, 0x30, 0x14, 0x54, 0x84, 0x13, 0x78, + 0x06, 0x00, 0x12, 0x64, 0x00, 0x37, 0x44, 0x68, + 0x40, 0x57, 0x05, 0x27, 0x07, 0x41, 0x56, 0x22, + 0x31, 0x40, 0x23, 0x26, 0x55, 0x42, 0x55, 0x16, + 0x02, 0x65, 0x32, 0x16, 0x33, 0x44, 0x46, 0x48, + 0x04, 0x52, 0x06, 0x53, 0x44, 0x40, 0x11, 0x28, + 0x46, 0x67, 0x56, 0x81, 0x72, 0x75, 0x51, 0x38, + 0x21, 0x86, 0x46, 0x03, 0x22, 0x87, 0x21, 0x70, + 0x68, 0x50, 0x75, 0x13, 0x11, 0x44, 0x35, 0x12, + 0x60, 0x02, 0x13, 0x47, 0x18, 0x38, 0x78, 0x86, + 0x38, 0x58, 0x45, 0x57, 0x23, 0x03, 0x88, 0x66, + 0x56, 0x82, 0x18, 0x31, 0x20, 0x08, 0x61, 0x47, + 0x78, 0x08, 0x68, 0x37, 0x21, 0x04, 0x65, 0x47, + 0x58, 0x70, 0x34, 0x58, 0x73, 0x24, 0x22, 0x30, + 0x66, 0x05, 0x01, 0x28, 0x87, 0x85, 0x77, 0x74, + 0x23, 0x86, 0x65, 0x84, 0x85, 0x57, 0x85, 0x63, + 0x06, 0x55, 0x61, 0x75, 0x46, 0x22, 0x87, 0x00, + 0x18, 0x53, 0x08, 0x03, 0x07, 0x50, 0x42, 0x70, + 0xFC, 0xB8, 0x7B, 0x22, 0x3D, 0x24, 0xAE, 0x5D, + 0xB1, 0x89, 0x04, 0x21, 0xC3, 0xFF, 0x1D, 0x59, + 0xB8, 0x4B, 0x19, 0xE2, 0x4D, 0x14, 0x36, 0x99, + 0x19, 0x1C, 0x7E, 0x9A, 0x46, 0x48, 0x42, 0x20, + 0x6B, 0xBA, 0x24, 0x7E, 0x8C, 0x6B, 0x27, 0xBA, + 0x26, 0xE6, 0x8A, 0xD5, 0xA7, 0x1D, 0x03, 0x61, + 0xCD, 0x5C, 0x74, 0xCE, 0x50, 0xC2, 0xCE, 0xF1, + 0x91, 0x31, 0xEF, 0x54, 0x66, 0x23, 0x7F, 0xFE, + 0xF7, 0xFE, 0x6B, 0x5F, 0xD1, 0x98, 0x23, 0x8E, + 0x1C, 0xA0, 0xB1, 0x01, 0x30, 0xC6, 0x29, 0xCC, + 0x91, 0x91, 0xF5, 0x78, 0x6F, 0x5C, 0xD6, 0x28, + 0xA4, 0x22, 0x56, 0xCB, 0x6F, 0xC7, 0xD7, 0x09, + 0x56, 0x88, 0xAF, 0x1B, 0xC8, 0x43, 0x51, 0xA4, + 0x7B, 0x4B, 0x38, 0x2E, 0xF6, 0x1F, 0xD6, 0x5C, + 0x9E, 0xC2, 0x26, 0xF4, 0x2B, 0x0A, 0x19, 0x7C, + 0x6A, 0xD8, 0xF0, 0xB0, 0x15, 0xD0, 0xB1, 0xC7, + 0xE0, 0x14, 0x28, 0x95, 0x6A, 0x9B, 0xB2, 0xDE, + 0x9A, 0x97, 0xE5, 0x75, 0x66, 0xF8, 0xF5, 0x66, + 0x86, 0xA1, 0xF4, 0x68, 0x0C, 0xEC, 0xEA, 0x87, + 0x3B, 0x69, 0x1C, 0xF8, 0xBD, 0x63, 0xAB, 0x73, + 0x73, 0xBA, 0xE8, 0x09, 0x5B, 0xA7, 0x76, 0x3E, + 0x50, 0xD6, 0x83, 0x9D, 0x00, 0x35, 0xBB, 0xFB, + 0x91, 0xBA, 0x60, 0x72, 0x17, 0x98, 0xFB, 0x2C, + 0x80, 0x2C, 0x60, 0x3A, 0x08, 0xA1, 0x24, 0x05, + 0xE0, 0xB5, 0x20, 0xEA, 0x41, 0x43, 0x8F, 0xEA, + 0xEF, 0xA5, 0x62, 0xDC, 0x78, 0x92, 0xF4, 0x58, + 0x9F, 0x8D, 0x2B, 0x96, 0x5E, 0xE5, 0x49, 0x73, + 0xA7, 0x2C, 0x8D, 0x33, 0x5C, 0x62, 0x61, 0x98, + 0x80, 0x64, 0x13, 0x31, 0x03, 0x10, 0xE3, 0x2E, + 0xFE, 0x6B, 0x39, 0xB5, 0xCF, 0xB1, 0xD1, 0x33, + 0xAD, 0xE0, 0x1B, 0xCE, 0x94, 0x21, 0x6C, 0xF4, + 0xCD, 0x8F, 0x86, 0x43, 0x03, 0x1D, 0xB8, 0xC2, + 0x47, 0xB5, 0x73, 0x21, 0xCA, 0x1E, 0xFB, 0xB8, + 0x53, 0x63, 0x7D, 0x0C, 0x57, 0x52, 0x14, 0xFC, + 0x77, 0xA5, 0xA6, 0x84, 0xD5, 0x0A, 0xBF, 0xE4, + 0xE9, 0x71, 0x99, 0x8E, 0x06, 0x6E, 0x50, 0x24, + 0xDA, 0x02, 0x76, 0x8A, 0xED, 0xE1, 0x3E, 0x83, + 0xF0, 0x51, 0x54, 0xA9, 0x99, 0x29, 0x48, 0x42, + 0x7A, 0xA9, 0x8C, 0x87, 0x42, 0x51, 0xAF, 0x56, + 0x94, 0x23, 0x53, 0x89, 0x44, 0xFA, 0xD8, 0x93, + 0xFC, 0x65, 0x6E, 0x9C, 0xED, 0x80, 0x6A, 0x85, + 0xD9, 0xC3, 0x36, 0x71, 0x02, 0x25, 0x29, 0x36, + 0x8E, 0x7E, 0xC7, 0x0C, 0x9E, 0xE9, 0x74, 0x30, + 0x1C, 0x08, 0xCB, 0xE6, 0xAC, 0x5E, 0x88, 0xE6, + 0x37, 0x79, 0x5C, 0xB2, 0xA2, 0x15, 0xFF, 0xAA, + 0x08, 0xED, 0xDE, 0x40, 0xAC, 0xFA, 0xEE, 0x2A, + 0x40, 0xD5, 0x05, 0xCF, 0x58, 0xA6, 0x69, 0x66, + 0x31, 0x5A, 0x68, 0x98, 0x24, 0x03, 0xD8, 0x1B, + 0xFA, 0x89, 0xE3, 0x7C, 0x9E, 0x42, 0x1D, 0xA5, + 0x88, 0xBA, 0x7E, 0x42, 0x2A, 0xC7, 0x44, 0x6A, + 0x1E, 0x61, 0xC8, 0x22, 0x29, 0x9D, 0xFC, 0x34, + 0xEC, 0xFA, 0xBE, 0x5C, 0xB6, 0x26, 0xB9, 0x6C, + 0x8E, 0xA6, 0xC9, 0x3B, 0xDB, 0xD2, 0xD5, 0xBD, + 0x70, 0xC5, 0xF8, 0x26, 0x7A, 0x84, 0xE0, 0x07, + 0xA7, 0x11, 0x5E, 0x5B, 0xE5, 0xF1, 0x20, 0x32, + 0xA3, 0x7C, 0xAB, 0x05, 0xD5, 0x41, 0xE3, 0xDE, + 0xA5, 0x1A, 0x83, 0x2E, 0xDE, 0x8D, 0x34, 0x9A, + 0xFD, 0xD5, 0xE6, 0xFC, 0xFC, 0x83, 0x46, 0xE3, + 0xD4, 0x7C, 0xF1, 0x7F, 0xEA, 0x87, 0x5E, 0x38, + 0x5D, 0xB9, 0x8A, 0xC2, 0xDB, 0xE8, 0xB4, 0xF8, + 0x05, 0x37, 0x31, 0x0D, 0xD9, 0x4C, 0xD0, 0xB6, + 0x25, 0xE9, 0x97, 0x85, 0xDB, 0x04, 0x9A, 0x01, + 0xF5, 0x4B, 0xA1, 0xF4, 0x2A, 0xDF, 0xEC, 0xAE, + 0x24, 0x11, 0xD3, 0x2B, 0x2F, 0x84, 0x6C, 0x88, + 0xA3, 0x0C, 0x76, 0xEA, 0x0A, 0x38, 0xB2, 0x71, + 0xB6, 0xAC, 0xA8, 0x23, 0x6E, 0x61, 0xEB, 0xB8, + 0x4A, 0x9D, 0xC4, 0x9E, 0x5C, 0x5B, 0xEE, 0x7E, + 0x7D, 0x8D, 0xA2, 0xC1, 0xA1, 0xA0, 0xA3, 0x14, + 0x50, 0xE0, 0x8F, 0xAB, 0xBB, 0x1B, 0x1F, 0x05, + 0xAA, 0xE3, 0x00, 0xD8, 0xCD, 0xE7, 0x35, 0xB4, + 0x7B, 0xBD, 0xB0, 0x5C, 0xCC, 0x0C, 0x05, 0x33, + 0x6B, 0xE4, 0x51, 0x73, 0x1B, 0x6B, 0x77, 0x7B, + 0xE5, 0xCB, 0xAF, 0x98, 0x53, 0x5F, 0x7E, 0x08, + 0xFF, 0xCD, 0x8A, 0x44, 0x9E, 0x1D, 0x43, 0x6A, + 0x4F, 0x05, 0x99, 0x01, 0xF5, 0x6F, 0x01, 0x30, + 0xBD, 0x15, 0xD7, 0x51, 0x16, 0x45, 0x40, 0x6B, + 0xF3, 0x13, 0xCA, 0x1F, 0x22, 0x02, 0xA4, 0xA8, + 0x6A, 0x1D, 0x04, 0x7F, 0xD5, 0x8A, 0x3E, 0x87, + 0x7F, 0x1D, 0x5A, 0x79, 0x75, 0xD1, 0x6D, 0x67, + 0xB3, 0x23, 0xC6, 0x28, 0x7B, 0x9C, 0xCE, 0xEE, + 0x98, 0x9E, 0xE8, 0x44, 0xA9, 0x3E, 0x7E, 0xFD, + 0x3B, 0xD9, 0xD8, 0x31, 0x6D, 0xA3, 0x77, 0xDF, + 0x0B, 0xB9, 0xE2, 0x61, 0xA2, 0x71, 0xD5, 0x0C, + 0xB7, 0x01, 0x67, 0xC3, 0x0D, 0x19, 0x2D, 0xAA, + 0xDE, 0x96, 0x0E, 0xEA, 0x33, 0x5E, 0xEC, 0x52, + 0xE5, 0x2D, 0x95, 0x39, 0xE1, 0xF9, 0x5D, 0x9E, + 0xB6, 0x5E, 0x54, 0x8F, 0x16, 0x60, 0x99, 0xED, + 0x88, 0x2C, 0x30, 0x72, 0x53, 0x6A, 0x6C, 0xAA, + 0x05, 0x21, 0xA5, 0xAA, 0x7C, 0x64, 0x72, 0xA0, + 0xC0, 0x4F, 0x80, 0xDA, 0x20, 0x5D, 0x52, 0x18, + 0x77, 0x07, 0xDF, 0x5C, 0x2F, 0x2E, 0xA2, 0x5F, + 0xEF, 0x00, 0xCA, 0x7B, 0xF0, 0xD3, 0xB7, 0xF8, + 0x1E, 0x31, 0x9E, 0x61, 0xCA, 0x2C, 0xC5, 0xA5, + 0x25, 0xA2, 0x7B, 0x56, 0xAA, 0xBA, 0xE4, 0xD5, + 0x35, 0xE5, 0xEC, 0x24, 0x2D, 0x81, 0x1A, 0x24, + 0xD7, 0x45, 0x76, 0xBF, 0x4B, 0x8A, 0x72, 0xFA, + 0x5F, 0xAE, 0xC1, 0xA2, 0x83, 0xB6, 0x1D, 0x60, + 0x28, 0x7E, 0x1E, 0x2E, 0xC8, 0xC6, 0xAB, 0x04, + 0x56, 0x5F, 0xD5, 0xCD, 0x64, 0x26, 0x34, 0x94, + 0xE8, 0x03, 0x41, 0x63, 0x35, 0x5B, 0x45, 0x84, + 0xCE, 0xFA, 0x0B, 0x66, 0x40, 0x85, 0x1A, 0xE1, + 0x23, 0xE9, 0x8F, 0xBD, 0xA9, 0x23, 0xFC, 0xA3, + 0x8E, 0x38, 0xB3, 0x84, 0xE2, 0xB9, 0x54, 0x41, + 0x4B, 0x36, 0x4F, 0xB8, 0xB0, 0x87, 0x56, 0x04, + 0x8B, 0x75, 0xC7, 0x85, 0x31, 0xD4, 0xA5, 0x12, + 0x99, 0xC4, 0x9D, 0xEA, 0x4B, 0x36, 0x8C, 0x19, + 0x82, 0xFE, 0xAD, 0x4A, 0xB1, 0xAA, 0x52, 0x35, + 0xA4, 0xA1, 0x7F, 0xB0, 0x64, 0x6F, 0x04, 0x04, + 0x7B, 0xF0, 0x80, 0x48, 0xA1, 0x1C, 0xF8, 0x95, + 0x8B, 0x68, 0x34, 0xB7, 0xFD, 0x00, 0x31, 0x30, + 0x6A, 0x39, 0xC8, 0xAE, 0x68, 0xC3, 0x53, 0x65, + 0x19, 0x7C, 0x1E, 0x57, 0x97, 0xFC, 0x47, 0x3E, + 0xB1, 0x94, 0x54, 0x48, 0x6F, 0xEB, 0xAA, 0xEC, + 0x5C, 0x2E, 0xE9, 0x2C, 0xCC, 0x3A, 0xF3, 0xC7, + 0x43, 0x08, 0x7D, 0x2D, 0x56, 0x4B, 0x7D, 0xE9, + 0xE5, 0x96, 0xF3, 0x12, 0x4B, 0xE9, 0x08, 0xF3, + 0x04, 0x5A, 0x75, 0x1A, 0x7D, 0x7E, 0x37, 0xE6, + 0xC8, 0xC1, 0xFE, 0xF3, 0x32, 0x63, 0x2D, 0x0B, + 0xBE, 0x05, 0x13, 0x6A, 0x44, 0x58, 0x7F, 0x54, + 0x5F, 0x5F, 0xF5, 0x2F, 0xB8, 0x0B, 0xF2, 0xBF, + 0x0B, 0xF4, 0x30, 0x2F, 0xCF, 0xEC, 0xFE, 0x08, + 0xEC, 0x51, 0xF2, 0x29, 0xD7, 0xAC, 0x28, 0xE1, + 0x75, 0x42, 0x61, 0xBC, 0xE7, 0xB1, 0x53, 0x4F, + 0x7D, 0x3B, 0xB0, 0x8D, 0x01, 0x15, 0x1E, 0xBE, + 0xEC, 0xD9, 0x54, 0xC2, 0x4E, 0x70, 0x3E, 0xEA, + 0x39, 0x14, 0x26, 0xB7, 0x01, 0x79, 0x5D, 0x06, + 0x93, 0x85, 0x99, 0xAA, 0x7D, 0xDC, 0xF9, 0x2E, + 0x44, 0x56, 0x9B, 0xFA, 0x9D, 0x91, 0x2A, 0x8E, + 0x89, 0x48, 0x51, 0xE3, 0xD0, 0x53, 0xB3, 0xAD, + 0x43, 0x29, 0xB7, 0x6A, 0x50, 0xC0, 0x78, 0x4D, + 0x42, 0xF3, 0x7C, 0x5F, 0x90, 0x06, 0xAC, 0x2A, + 0x9D, 0x5D, 0xE5, 0x18, 0x3F, 0xA3, 0xC6, 0x5E, + 0xCD, 0xB6, 0xCF, 0x31, 0x67, 0xA4, 0x7A, 0x8F, + 0x5C, 0x59, 0xBD, 0xD7, 0x9B, 0x7C, 0x24, 0x06, + 0x97, 0xE1, 0x59, 0x72, 0x85, 0x02, 0x74, 0xFE, + 0x41, 0xAD, 0x84, 0xD9, 0x0D, 0xCB, 0x34, 0x16, + 0x11, 0xE7, 0x66, 0xD2, 0x12, 0xDC, 0x76, 0x3C, + 0xF9, 0x4C, 0x8C, 0x41, 0x94, 0xCC, 0xA9, 0x1B, + 0x21, 0x03, 0x28, 0xE4, 0xA3, 0x37, 0x4E, 0x29, + 0xD2, 0x48, 0x11, 0x2B, 0xB6, 0x68, 0xA3, 0x92, + 0xC2, 0x0D, 0x87, 0x91, 0x03, 0x76, 0xB5, 0x00, + 0x1F, 0x3F, 0xFB, 0xBE, 0xC3, 0xE0, 0x08, 0xBF, + 0x2F, 0x46, 0xF7, 0x40, 0x73, 0x83, 0xA8, 0x0D, + 0xDA, 0x08, 0x2B, 0xDB, 0x8F, 0xE9, 0x25, 0xE4, + 0xF1, 0x2B, 0x37, 0x92, 0x27, 0x0E, 0x5A, 0x46, + 0xB8, 0xC5, 0x7B, 0x6E, 0x5A, 0x4B, 0x95, 0x58, + 0x4E, 0xF3, 0x80, 0xED, 0x49, 0x93, 0xEC, 0x52, + 0x9F, 0xF2, 0xAA, 0x39, 0xDD, 0x6D, 0xFE, 0x88, + 0xFD, 0xEB, 0x6E, 0xDA, 0x0E, 0x8D, 0xA7, 0x95, + 0x66, 0xB0, 0x7D, 0x37, 0xAE, 0xCC, 0x64, 0x37, + 0x25, 0x95, 0x18, 0xF9, 0x7E, 0x6C, 0x86, 0x12, + 0xB3, 0xC3, 0x57, 0x03, 0xBF, 0xF9, 0x92, 0x15, + 0x3E, 0x66, 0x0E, 0x2E, 0x20, 0x77, 0xA0, 0x5F, + 0x26, 0x5F, 0xB5, 0x12, 0x1D, 0xD7, 0x9F, 0x0A, + 0x33, 0xBC, 0x38, 0xEC, 0x83, 0x08, 0xE2, 0xA9, + 0x84, 0xCD, 0x3D, 0x8A, 0xC6, 0x09, 0x30, 0x6F, + 0x77, 0x93, 0xD7, 0xDE, 0x08, 0xD8, 0x45, 0xA4, + 0x21, 0x28, 0x26, 0x4E, 0x5C, 0x17, 0x77, 0x74, + 0xE3, 0x5D, 0x58, 0x7C, 0x96, 0xB2, 0x47, 0x05, + 0x42, 0x21, 0x78, 0x5D, 0xB3, 0x8D, 0xDC, 0x6F, + 0xDB, 0xF7, 0xBF, 0x6F, 0x66, 0x4B, 0xD6, 0x30, + 0x14, 0xC0, 0xBF, 0x94, 0x2A, 0x83, 0x91, 0x6C, + 0xBF, 0x2C, 0x42, 0x85, 0x41, 0xED, 0xA2, 0xBB, + 0xCB, 0xFC, 0xF9, 0x35, 0xDE, 0xFC, 0xB3, 0x63, + 0xE1, 0x64, 0xAA, 0x51, 0x2D, 0xD5, 0xFA, 0x79, + 0x53, 0x31, 0x40, 0x0B, 0x9B, 0xD0, 0x3C, 0xE3, + 0xD7, 0x2D, 0x91, 0x05, 0x62, 0xC3, 0x81, 0xFE, + 0x93, 0x1E, 0x8C, 0x37, 0x9E, 0x30, 0x23, 0x73, + 0x3A, 0xB9, 0x18, 0x6E, 0x5D, 0xEF, 0x31, 0xE9, + 0xF6, 0x25, 0x7F, 0xB8, 0x47, 0x74, 0xCE, 0x28, + 0x23, 0xD4, 0x4F, 0xC1, 0x42, 0xCB, 0xEB, 0x59, + 0x8A, 0x68, 0xFD, 0x39, 0x48, 0x37, 0x1A, 0x5D, + 0x0C, 0x09, 0x64, 0xC6, 0xE1, 0x21, 0x5D, 0x89, + 0xF6, 0x58, 0xE5, 0x50, 0x4A, 0xD0, 0x93, 0xBC, + 0x86, 0x02, 0xBA, 0xD2, 0x36, 0x24, 0x9D, 0x7E, + 0xAF, 0xB6, 0xA1, 0xA0, 0x7C, 0xA7, 0xC7, 0x4D, + 0xAC, 0x30, 0x7A, 0x70, 0x0F, 0x2F, 0x81, 0x40, + 0xC1, 0x08, 0x6B, 0x21, 0xF2, 0xE1, 0x51, 0x9C, + 0x1D, 0x46, 0x94, 0x93, 0x2A, 0x1C, 0x18, 0xCB, + 0xED, 0x0D, 0x0E, 0x29, 0xDE, 0xFC, 0x52, 0x52, + 0x97, 0x93, 0x70, 0x85, 0xE2, 0x63, 0x0D, 0xC6, + 0x2C, 0x0C, 0x05, 0x0C, 0x4F, 0xF2, 0x70, 0x87, + 0x2B, 0xE7, 0xBB, 0x52, 0x2D, 0xD6, 0x99, 0x1B, + 0x59, 0x6F, 0xC2, 0x92, 0x11, 0x72, 0x5D, 0x99, + 0x60, 0xB1, 0x6A, 0x52, 0xEA, 0x91, 0x78, 0x19, + 0x23, 0xC0, 0x3B, 0x71, 0x9D, 0x09, 0xD6, 0xE7, + 0x10, 0x6D, 0xC5, 0x70, 0x55, 0xC1, 0x9E, 0xF8, + 0x76, 0xE5, 0xEC, 0x23, 0x17, 0xE7, 0xE4, 0x23, + 0xC9, 0x71, 0x45, 0x40, 0x72, 0x01, 0x9E, 0x28, + 0xE6, 0x5C, 0x81, 0xED, 0x52, 0x7A, 0xF1, 0x89, + 0xBD, 0xFC, 0xF5, 0x21, 0xC9, 0x23, 0x40, 0x75, + 0x54, 0xAC, 0xBF, 0x69, 0x45, 0xD1, 0x85, 0x44, + 0x3D, 0xAC, 0x1A, 0x1A, 0x08, 0x8A, 0x68, 0xB5, + 0x17, 0xD5, 0xD9, 0x90, 0xE1, 0x10, 0x30, 0xDE, + 0x4F, 0x75, 0x09, 0xE8, 0x7A, 0x77, 0xB3, 0x7C, + 0xF2, 0x0A, 0x78, 0xE2, 0xCD, 0x48, 0x94, 0x17, + 0x3C, 0x32, 0xA3, 0x27, 0x35, 0x51, 0x16, 0xB7, + 0x18, 0x51, 0x44, 0x42, 0x65, 0x60, 0x6A, 0x0A, + 0x9A, 0x6D, 0x94, 0x61, 0xCC, 0x5D, 0xD8, 0x3B, + 0x52, 0x7E, 0x4D, 0xBD, 0x6A, 0xEE, 0x03, 0x3D, + 0x66, 0x1C, 0x3D, 0xE8, 0xC1, 0x82, 0x97, 0xE5, + 0xD1, 0x31, 0xDB, 0xC8, 0xF6, 0x96, 0xE9, 0x47, + 0xC9, 0x5C, 0x71, 0x77, 0x2B, 0x62, 0x44, 0x74, + 0x4D, 0x06, 0x1E, 0x14, 0x45, 0x3B, 0x9F, 0xB1, + 0x17, 0x34, 0x80, 0x2D, 0xBA, 0x6F, 0x81, 0x79, + 0xB8, 0x0D, 0xAC, 0xFE, 0xB6, 0xBA, 0xDF, 0xD1, + 0x4E, 0x05, 0x76, 0x73, 0x6F, 0x80, 0x10, 0xC5, + 0x32, 0x87, 0xA3, 0xD3, 0x93, 0x18, 0x79, 0xEF, + 0x27, 0x3B, 0xBF, 0xCD, 0xB5, 0xDE, 0x5B, 0x88, + 0xAF, 0x51, 0xFD, 0x8A, 0x8C, 0x8F, 0x0A, 0x58, + 0x94, 0xE2, 0x25, 0xDF, 0xE8, 0x73, 0xFC, 0xC0, + 0x3C, 0xB1, 0xC9, 0xB5, 0x78, 0x25, 0xF1, 0x11, + 0x75, 0xC8, 0x7D, 0x08, 0x78, 0xB9, 0xE6, 0x15, + 0x6B, 0x40, 0x1B, 0x2F, 0xBE, 0x30, 0x03, 0x6B, + 0xFC, 0x7D, 0xB1, 0x00, 0x02, 0x71, 0xB7, 0xFF, + 0x5D, 0x63, 0xA8, 0x09, 0x50, 0x75, 0xEF, 0xBD, + 0x34, 0xEE, 0x73, 0xDE, 0x60, 0x14, 0x95, 0x2D, + 0x15, 0xBC, 0x30, 0x23, 0x07, 0x02, 0xD8, 0x7C, + 0x9A, 0x96, 0xD5, 0xE9, 0xF1, 0xF0, 0xF9, 0x26, + 0x25, 0x96, 0xAA, 0x58, 0xB7, 0xE4, 0x1A, 0xD9, + 0xA0, 0x9E, 0xAD, 0xB9, 0x44, 0xB6, 0x3F, 0xD9, + 0x8B, 0x34, 0x7D, 0x11, 0xBD, 0x52, 0x97, 0xC3, + 0xBE, 0x28, 0x23, 0x85, 0x9F, 0x2F, 0x35, 0xA4, + 0xE5, 0x4E, 0x13, 0x68, 0x89, 0x09, 0xC3, 0x1A, + 0x83, 0xE7, 0xDE, 0xCE, 0x4B, 0xDF, 0x31, 0x03, + 0x9C, 0x72, 0xBA, 0x54, 0xA1, 0x20, 0x2D, 0x17, + 0x2A, 0x6B, 0x8A, 0x2C, 0xE9, 0x6D, 0xED, 0xCA, + 0x5B, 0x24, 0xF7, 0xB9, 0x42, 0xC1, 0x4E, 0x13, + 0x3D, 0xAA, 0x8A, 0xB8, 0xCB, 0xD2, 0x4C, 0x1F, + 0x0B, 0xBE, 0xB1, 0x27, 0x97, 0x67, 0x26, 0x72, + 0xE2, 0x2C, 0xE6, 0xC2, 0x12, 0x37, 0xB2, 0x79, + 0x7D, 0x8E, 0x54, 0xCC, 0x8F, 0xC7, 0x6C, 0x43, + 0xB4, 0x75, 0x29, 0x66, 0xA3, 0xA4, 0x09, 0x44, + 0xE7, 0x2D, 0x37, 0x3F, 0x0D, 0x3E, 0x84, 0xF9, + 0xA3, 0x30, 0x1E, 0xAE, 0x9E, 0xDA, 0x35, 0x44, + 0x4B, 0x1E, 0x49, 0xE6, 0x61, 0x18, 0x20, 0x6A, + 0x56, 0xEB, 0x46, 0xD4, 0x8D, 0x20, 0x95, 0x4A, + 0x77, 0x9A, 0x1E, 0x74, 0xE3, 0xE3, 0xB2, 0xBD, + 0x40, 0x3D, 0x46, 0xB3, 0x35, 0x10, 0x11, 0xCB, + 0x6F, 0x8A, 0x86, 0x72, 0xB2, 0xF3, 0xD9, 0x90, + 0x31, 0x47, 0x55, 0x77, 0x6C, 0xE3, 0x23, 0x7F, + 0x0A, 0x50, 0xE7, 0x71, 0x20, 0x53, 0x09, 0xC0, + 0x5D, 0x9A, 0x78, 0xD3, 0x68, 0x88, 0xA8, 0x3B, + 0xAD, 0x78, 0xE8, 0x6E, 0xDF, 0x36, 0xA8, 0x8D, + 0xC7, 0x1C, 0x5F, 0x11, 0x56, 0x83, 0x90, 0xD0, + 0xB5, 0x92, 0x02, 0xE2, 0x9E, 0xE1, 0x1E, 0xCB, + 0x9F, 0x56, 0x89, 0x63, 0xE8, 0x17, 0x70, 0x83, + 0x9F, 0xF2, 0x39, 0xAD, 0x03, 0x15, 0x6C, 0xC0, + 0x71, 0xE8, 0xB7, 0x40, 0x15, 0x95, 0xEC, 0xEE, + 0x62, 0x34, 0xAC, 0x34, 0xB7, 0x11, 0x70, 0x3D, + 0x68, 0xC6, 0x7A, 0x28, 0x83, 0xBE, 0x9C, 0x18, + 0xAB, 0x7F, 0x1A, 0x1B, 0x2E, 0x5C, 0x90, 0xA2, + 0x32, 0x3C, 0xDF, 0x1E, 0xD4, 0x98, 0x50, 0xB8, + 0x39, 0x38, 0x19, 0x2F, 0x62, 0x8C, 0x9E, 0xF6, + 0x5B, 0x77, 0x93, 0x95, 0xEE, 0x37, 0x34, 0xC7, + 0xA9, 0x01, 0xF7, 0x47, 0x38, 0x86, 0xD7, 0x12, + 0xD2, 0x15, 0x41, 0x68, 0x16, 0xC3, 0x01, 0x6C, + 0xC2, 0x83, 0x83, 0xD4, 0x78, 0x7B, 0x46, 0xF6, + 0x89, 0xDC, 0xE1, 0x11, 0xDA, 0x4D, 0xB8, 0xAC, + 0x10, 0xE8, 0x4F, 0x66, 0xA5, 0xC2, 0xBD, 0xA1, + 0xB3, 0xFC, 0x97, 0x7F, 0x6A, 0x0F, 0x73, 0x2E, + 0xDA, 0x4F, 0x69, 0xB9, 0x75, 0x51, 0xA4, 0xB8, + 0xB2, 0x61, 0xD6, 0x88, 0x71, 0x94, 0xD3, 0xAF, + 0xE7, 0xF4, 0xB8, 0x7F, 0xB3, 0xD4, 0x1A, 0xC6, + 0xDC, 0xDB, 0x8F, 0xD3, 0x9B, 0xE5, 0x0F, 0x2F, + 0x38, 0x2B, 0xAA, 0x4D, 0x19, 0xC7, 0x45, 0x0A, + 0xB3, 0xA1, 0xAC, 0x4C, 0x63, 0xCF, 0x93, 0x0A, + 0xAA, 0x51, 0x7A, 0x15, 0xD5, 0xC0, 0xD5, 0x49, + 0xFE, 0x03, 0x22, 0x00, 0x71, 0xD3, 0x69, 0x22, + 0x3E, 0x51, 0x29, 0x6E, 0xCB, 0xF8, 0x0D, 0xCD, + 0x79, 0xFB, 0xDF, 0xB8, 0xDF, 0x62, 0x90, 0x4D, + 0x5A, 0x36, 0x20, 0x0F, 0x29, 0xCC, 0x47, 0xE8, + 0x0C, 0x86, 0x15, 0xEF, 0x1B, 0x78, 0xDB, 0xB2, + 0x6A, 0x1A, 0xA7, 0xA6, 0x6E, 0x4D, 0x9A, 0x51, + 0xC9, 0x72, 0xAC, 0x9C, 0x94, 0xEA, 0xB9, 0x95, + 0x14, 0xB5, 0xAD, 0xAE, 0x62, 0x51, 0xE8, 0xAA, + 0x30, 0xA5, 0xE5, 0x87, 0x42, 0x4E, 0x3B, 0x7B, + 0xCC, 0x42, 0xEB, 0xE7, 0x33, 0x3D, 0x92, 0x10, + 0x97, 0x26, 0x53, 0xF8, 0x11, 0x8B, 0x83, 0xAB, + 0xE1, 0xBF, 0x7E, 0x9E, 0xE9, 0xCD, 0xAC, 0x28, + 0x99, 0x7D, 0x14, 0x4C, 0x34, 0xDE, 0xA6, 0x5B, + 0x59, 0x51, 0x2C, 0x73, 0x29, 0x27, 0xDB, 0xA8, + 0x20, 0x7D, 0x56, 0x91, 0x98, 0x47, 0x21, 0xB7, + 0x27, 0x9A, 0xFC, 0xDD, 0xE0, 0x6A, 0x6B, 0xD2, + 0x68, 0x0E, 0xBB, 0x9B, 0x2E, 0x3C, 0xFE, 0xE9, + 0xA6, 0x6D, 0x73, 0xD0, 0xC0, 0xDE, 0xD6, 0x53, + 0x70, 0x8B, 0x09, 0x0B, 0x82, 0x30, 0x65, 0xF9, + 0x70, 0x78, 0x49, 0xE3, 0xB3, 0x7D, 0x41, 0x25, + 0xCA, 0x69, 0x3E, 0x74, 0x2E, 0x02, 0x3F, 0x05, + 0x8A, 0xDC, 0x95, 0x07, 0x9B, 0xB0, 0x0C, 0x56, + 0xBE, 0x0D, 0x2F, 0x07, 0x81, 0x82, 0xEF, 0xAB, + 0x30, 0x72, 0xB0, 0xFD, 0x09, 0x76, 0x7B, 0x8A, + 0x13, 0xC2, 0x80, 0x5A, 0x75, 0x91, 0xB5, 0xB2, + 0xE1, 0x24, 0x75, 0xB5, 0xC8, 0x24, 0xDB, 0xEB, + 0x15, 0x79, 0x30, 0xAB, 0x38, 0x9F, 0x91, 0x5F, + 0xCC, 0xEC, 0x8F, 0x48, 0x64, 0x7E, 0xE4, 0xB6, + 0x6A, 0xB6, 0xB5, 0x36, 0xC2, 0x2D, 0xE3, 0xE5, + 0xEE, 0x4A, 0xBB, 0x42, 0xF8, 0xE0, 0x00, 0x9A, + 0xF0, 0x45, 0x54, 0xF1, 0x28, 0xAC, 0xA3, 0xCC, + 0xE4, 0x03, 0xBB, 0x01, 0xFD, 0xB7, 0xB5, 0xE2, + 0xA7, 0x2B, 0x82, 0x91, 0x1C, 0x1F, 0xD0, 0x65, + 0x23, 0xFF, 0x90, 0x19, 0x21, 0x41, 0xC6, 0x89, + 0xEC, 0xCB, 0x0B, 0xE6, 0x1B, 0x4C, 0x6D, 0x77, + 0x06, 0x29, 0x59, 0x02, 0x18, 0xA4, 0x01, 0x1A, + 0x68, 0xB8, 0x6F, 0xF5, 0x0D, 0x23, 0x03, 0x9C, + 0x9B, 0xCD, 0x43, 0x61, 0xF6, 0x98, 0x0A, 0x60, + 0xEF, 0x88, 0xD1, 0x44, 0x0D, 0x30, 0x4C, 0x5B, + 0x4B, 0x52, 0xD6, 0xED, 0xC2, 0x91, 0x12, 0xDC, + 0x3A, 0x8A, 0xF2, 0x85, 0x89, 0xE8, 0xF6, 0x29, + 0x48, 0xED, 0xB6, 0xBE, 0x76, 0x64, 0x6D, 0x59, + 0x66, 0x06, 0xB9, 0xE7, 0x05, 0xFE, 0xE3, 0xF1, + 0x44, 0xA0, 0x7B, 0xC9, 0xED, 0x1D, 0x40, 0x0C + }; + static const byte msg_65[] = { + 0x88, 0x5A, 0x0B, 0xDD, 0x8D, 0xE7, 0x4B, 0xC7, + 0x11, 0x69, 0x0A, 0xA6, 0x14, 0xDD, 0xA5, 0x32, + 0xF4, 0xD8, 0xC7, 0xEA, 0x2C, 0x27, 0x85, 0x5A, + 0x57, 0x8E, 0x63, 0x61, 0xCA, 0xAE, 0x2C, 0x0B, + 0xF7, 0xE7, 0x73, 0xB4, 0x90, 0x0A, 0x32, 0x93, + 0x12, 0x1A, 0x6E, 0x0D, 0xD6, 0x10, 0x10, 0x7A, + 0x7A, 0x65, 0xBD, 0x6E, 0x11, 0xF6, 0x19, 0xFC, + 0x0E, 0x9C, 0xE7, 0xBF, 0x7B, 0x5D, 0xE1, 0x80, + 0x76, 0xE1, 0xB7, 0x25, 0x57, 0x20, 0x97, 0xB2, + 0x47, 0xD8, 0xE0, 0x46, 0x24, 0x94, 0xF6, 0x3F, + 0x4E, 0xDF, 0xBE, 0xAC, 0x2F, 0xA2, 0xEC, 0xAE, + 0x0C, 0xCA, 0xD4, 0x28, 0xBD, 0x79, 0x6C, 0xF2, + 0x60, 0x92, 0xA1, 0xCD, 0x50, 0x5F, 0x59, 0x39, + 0x11, 0xED, 0x10, 0xFD, 0xA4, 0x26, 0xC7, 0xE3, + 0xC5, 0xA4, 0x39, 0xE8, 0x50, 0x42, 0x13, 0x18, + 0xAE, 0x07, 0x85, 0xB0, 0x5A, 0xA9, 0x9F, 0x58, + 0xD6, 0x85, 0x6D, 0xEB, 0x78, 0xBB, 0xE4, 0x88, + 0xC7, 0x0E, 0xEE, 0x42, 0xBB, 0x9A, 0xB5, 0x92, + 0x7B, 0x2E, 0xD2, 0x5C, 0xD1, 0x43, 0x77, 0xCD, + 0x7E, 0x1A, 0x88, 0x34, 0xE8, 0x21, 0x48, 0x00, + 0x2F, 0xCB, 0x98, 0x5A, 0xB9, 0x43, 0x12, 0x97, + 0x01, 0x0B, 0x2B, 0xC7, 0x0F, 0x91, 0x32, 0x37, + 0x3C, 0x6D, 0xD2, 0xA2, 0xA9, 0xCF, 0x24, 0x6F, + 0xE0, 0x26, 0x2E, 0x8B, 0x53, 0xE6, 0x93, 0xF3, + 0xD6, 0xFE, 0xD3, 0xED, 0xD1, 0xF2, 0x00, 0x4E, + 0xD1, 0x7C, 0x2C, 0xF5, 0xB2, 0x57, 0xF4, 0xAD, + 0xA5, 0xDC, 0x1A, 0x7C, 0x15, 0x1F, 0xFE, 0x03, + 0xB9, 0x6A, 0x4D, 0xB9, 0x91, 0xE4, 0x13, 0x2D, + 0x01, 0xDE, 0x1F, 0x03, 0x3E, 0xD8, 0x13, 0x57, + 0xEA, 0xE7, 0xC1, 0xA8, 0xD2, 0xDD, 0xD9, 0x2D, + 0xDF, 0xC0, 0x6F, 0x67, 0x13, 0x94, 0xD2, 0xF6, + 0x02, 0x12, 0xC6, 0xE4, 0x49, 0xEA, 0x35, 0x93, + 0x24, 0xFE, 0xD3, 0x8C, 0x84, 0xD3, 0x6D, 0x15, + 0x43, 0x2E, 0x11, 0xE7, 0x15, 0x00, 0x15, 0x80, + 0x4F, 0x97, 0xA3, 0xC6, 0x77, 0x38, 0x2C, 0xD4, + 0x6A, 0xA4, 0xD7, 0xAC, 0xEE, 0x56, 0x86, 0xFB, + 0xCE, 0xD7, 0xA9, 0xE8, 0x5D, 0x29, 0xC4, 0x83, + 0x86, 0xE6, 0x9F, 0x40, 0x69, 0x3D, 0x9A, 0xDA, + 0xBE, 0xB4, 0x3B, 0xD0, 0xE5, 0x03, 0x6A, 0xCD, + 0xE6, 0x31, 0xB5, 0x49, 0x57, 0xF4, 0xFC, 0xE2, + 0x6F, 0x7A, 0x24, 0xB0, 0xDA, 0xD4, 0x34, 0x8A, + 0x67, 0x89, 0xCA, 0xE1, 0x06, 0x13, 0x06, 0x20, + 0xED, 0x2F, 0xA0, 0xEA, 0x38, 0xF5, 0x75, 0xF2, + 0x87, 0x83, 0xBC, 0x92, 0xB3, 0x2B, 0x0C, 0x51, + 0xC8, 0xA6, 0x54, 0x6F, 0x5D, 0x88, 0x09, 0x5F, + 0x9F, 0x73, 0xC6, 0x5B, 0xF6, 0xF2, 0x51, 0xA2, + 0xC4, 0x69, 0x74, 0x64, 0x45, 0xC5, 0x88, 0xC3, + 0xEA, 0x81, 0x39, 0xE4, 0x33, 0xD4, 0xFE, 0x2D, + 0xE4, 0xC0, 0xD3, 0x58, 0xB6, 0xCA, 0x8A, 0x62, + 0x94, 0xE6, 0xAF, 0xC1, 0xB9, 0x60, 0x74, 0xC0, + 0x68, 0xEF, 0x67, 0xB1, 0x58, 0xF1, 0x12, 0x9C, + 0xFE, 0x0A, 0x3A, 0xE7, 0xEB, 0x9D, 0x45, 0x4F, + 0x35, 0x7F, 0xBB, 0x6A, 0xB3, 0xB9, 0x92, 0x2B, + 0x1B, 0xCD, 0x55, 0x58, 0x61, 0x87, 0xCD, 0x24, + 0x69, 0x24, 0x82, 0x78, 0x23, 0x34, 0xAC, 0x9F, + 0x2B, 0x86, 0x12, 0x48, 0xF6, 0xA5, 0x30, 0xE9, + 0x3E, 0x11, 0x48, 0x87, 0x84, 0xDD, 0xE5, 0xEA, + 0x67, 0x8A, 0xE5, 0x05, 0x90, 0x3E, 0x23, 0x10, + 0x53, 0x30, 0x8C, 0x1B, 0x87, 0x84, 0x60, 0x7E, + 0x06, 0x3F, 0x48, 0x98, 0xA4, 0xFA, 0xB6, 0x01, + 0xD3, 0xE6, 0x96, 0x85, 0x97, 0x21, 0x55, 0xF6, + 0x3F, 0x09, 0xFD, 0x84, 0xB2, 0xB3, 0xDF, 0x74, + 0x1F, 0xB6, 0x42, 0xAC, 0xA6, 0x03, 0xD0, 0xD5, + 0x96, 0xE0, 0xA8, 0xDA, 0xD4, 0x24, 0xF4, 0x64, + 0x0F, 0x98, 0xB9, 0x6F, 0xB2, 0x42, 0xC6, 0x95, + 0xDC, 0x33, 0x1F, 0x57, 0x59, 0xF7, 0x5E, 0xAF, + 0x19, 0x1C, 0xBD, 0x98, 0x5E, 0xC5, 0x99, 0x8D, + 0x56, 0x48, 0xC8, 0x5E, 0xB6, 0x31, 0x29, 0x5F, + 0x61, 0x56, 0x7C, 0x11, 0x63, 0xF9, 0x90, 0xDC, + 0x4F, 0xA1, 0x71, 0x40, 0x91, 0x26, 0x1E, 0x5F, + 0x3E, 0x5F, 0x0B, 0xFE, 0x84, 0x55, 0xBB, 0x8B, + 0xAA, 0x1D, 0x69, 0x42, 0x1F, 0x15, 0x37, 0x4E, + 0x73, 0xB0, 0x7E, 0x78, 0x57, 0x9D, 0x0E, 0x25, + 0x1A, 0x41, 0xEE, 0x1A, 0x50, 0x43, 0xAA, 0xBF, + 0x8B, 0xE7, 0x73, 0xEE, 0x7F, 0x9D, 0x0F, 0xDF, + 0xCF, 0xD3, 0xAE, 0x71, 0x1F, 0xAB, 0x1D, 0x3D, + 0xBC, 0xC2, 0x84, 0x3B, 0xE5, 0xA9, 0x46, 0xB2, + 0x4D, 0x8B, 0x9B, 0x94, 0x35, 0x8B, 0x5F, 0x59, + 0x8E, 0x88, 0xED, 0x3D, 0x53, 0xF3, 0x10, 0xF8, + 0xEC, 0x63, 0x22, 0x9D, 0x4F, 0x5B, 0xB1, 0xB6, + 0xD5, 0x24, 0xA5, 0xAF, 0x9C, 0x39, 0x47, 0x79, + 0x25, 0xC7, 0xE2, 0x90, 0x95, 0xFC, 0x43, 0xF1, + 0x71, 0xFE, 0xCD, 0xD0, 0x61, 0xF3, 0x62, 0x62, + 0x71, 0x21, 0x75, 0x2C, 0x23, 0x6B, 0x79, 0x2F, + 0x1B, 0x31, 0x90, 0x79, 0x7C, 0xD0, 0x57, 0x5C, + 0x58, 0x4F, 0x30, 0xB5, 0x56, 0x81, 0x19, 0x61, + 0x90, 0x45, 0x09, 0xC9, 0x8B, 0xCD, 0xE8, 0x65, + 0x9D, 0x22, 0x80, 0xF4, 0x95, 0xA0, 0xC9, 0x55, + 0x7D, 0x38, 0x11, 0xAF, 0x5E, 0xD4, 0x37, 0x7B, + 0xC7, 0x59, 0x9E, 0x49, 0x59, 0xFF, 0x85, 0xF2, + 0x15, 0x0A, 0xCD, 0xEC, 0xC1, 0xF7, 0x67, 0x2D, + 0xE1, 0xEE, 0x4D, 0xB4, 0x4C, 0x1F, 0xB5, 0xF7, + 0x99, 0x8A, 0xB5, 0xDB, 0x74, 0x2F, 0x6C, 0x5D, + 0x32, 0xCB, 0xC0, 0xF2, 0xFB, 0xC9, 0x54, 0xEA, + 0xD6, 0xCC, 0x13, 0x4B, 0x97, 0x62, 0xDF, 0x33, + 0x13, 0x86, 0xDE, 0xCA, 0x31, 0x69, 0x47, 0x88, + 0x4B, 0x9A, 0x13, 0xAD, 0xEA, 0x5C, 0xBE, 0x29, + 0x56, 0x64, 0x4F, 0xA1, 0x2A, 0x7B, 0xB3, 0xBF, + 0xB9, 0x7E, 0x1D, 0x93, 0xA7, 0x01, 0x91, 0xAC, + 0x38, 0xA0, 0x37, 0x32, 0x58, 0xC2, 0xC2, 0x81, + 0x6D, 0xEA, 0x6E, 0xAF, 0x88, 0x0D, 0x69, 0xF4, + 0x5F, 0xBA, 0x4C, 0x29, 0x0F, 0x18, 0xD3, 0x4B, + 0xB8, 0x36, 0x8C, 0xF4, 0xEB, 0xB4, 0x72, 0xBA, + 0x49, 0x9C, 0xBB, 0x54, 0x50, 0x1E, 0xE3, 0xA2, + 0x8E, 0x5F, 0xB9, 0xFD, 0xC6, 0x6C, 0xF6, 0x45, + 0x72, 0x09, 0x47, 0x19, 0xBB, 0xDB, 0x48, 0xF3, + 0xF4, 0x88, 0x51, 0x3B, 0x65, 0x50, 0xE1, 0x27, + 0xE8, 0x34, 0x1C, 0x7E, 0x53, 0xDC, 0xFD, 0xA7, + 0xD4, 0x08, 0x05, 0x58, 0x0B, 0xC7, 0xD3, 0x0A, + 0x72, 0xF2, 0x44, 0xCC, 0xDB, 0x5A, 0xEF, 0x66, + 0x1B, 0x0F, 0x30, 0x4E, 0xC5, 0xB7, 0xAB, 0x93, + 0xB8, 0xC5, 0xC4, 0x9A, 0x77, 0x68, 0x38, 0xB7, + 0xD5, 0x23, 0x74, 0xAA, 0x41, 0x63, 0x02, 0x24, + 0xD6, 0x16, 0xF3, 0x10, 0xE4, 0x99, 0xEC, 0xAD, + 0xCE, 0x93, 0xE7, 0x8B, 0x94, 0xD3, 0xCA, 0x48, + 0xB3, 0x47, 0xBC, 0x0E, 0xEC, 0xAA, 0x20, 0x66, + 0x02, 0x29, 0x65, 0xC8, 0x07, 0xBE, 0xF9, 0x02, + 0x9B, 0xC5, 0x22, 0x8F, 0x00, 0x5E, 0xDB, 0x74, + 0xD4, 0xB1, 0x44, 0x98, 0xCE, 0x3A, 0xE1, 0x3B, + 0xEB, 0x7C, 0x69, 0x3B, 0x66, 0x9E, 0xE9, 0xF9, + 0xA6, 0xF4, 0x6F, 0xC0, 0x0E, 0xC0, 0x5E, 0x13, + 0x2B, 0xB6, 0xC6, 0x76, 0x0F, 0xB5, 0xC5, 0x1C, + 0x83, 0x23, 0xAC, 0xD6, 0xA3, 0xC7, 0x5A, 0x72, + 0xE9, 0x73, 0x89, 0x66, 0xD1, 0x25, 0xB9, 0x61, + 0x3B, 0x31, 0x45, 0xC6, 0x7B, 0x5E, 0x98, 0x81, + 0x87, 0xE8, 0x5F, 0x29, 0xAD, 0xCB, 0xAF, 0x74, + 0xE3, 0x3A, 0x61, 0x1F, 0xFF, 0x25, 0x2A, 0xEB, + 0xBA, 0xEB, 0x1E, 0xA6, 0x41, 0xE6, 0xFC, 0x8B, + 0xDF, 0x73, 0x41, 0xBE, 0x2A, 0xA8, 0x57, 0xE4, + 0x43, 0xAC, 0xFB, 0xCE, 0xB2, 0x15, 0x5D, 0x08, + 0x1A, 0xCB, 0x4C, 0xCD, 0xB0, 0x98, 0xD5, 0x7C, + 0xEF, 0x6F, 0x6F, 0xD3, 0x42, 0xDB, 0x2D, 0x83, + 0xB6, 0x12, 0x3E, 0x0A, 0xD3, 0xC9, 0x3F, 0x30, + 0x08, 0x11, 0xB8, 0xD5, 0xA1, 0x1A, 0x5A, 0x29, + 0xBE, 0x60, 0x81, 0x6F, 0x69, 0xB2, 0x9D, 0x1D, + 0x7E, 0x15, 0x88, 0x69, 0xD8, 0x60, 0xF6, 0xFB, + 0x82, 0x9D, 0xE8, 0x0D, 0x3E, 0x1B, 0x69, 0x9C, + 0x3A, 0xB6, 0x80, 0x4E, 0xB6, 0x54, 0x91, 0x78, + 0xD9, 0x47, 0x33, 0x38, 0xD6, 0xAF, 0x20, 0x9E, + 0x1F, 0x7D, 0x26, 0x3C, 0x66, 0x7A, 0xE6, 0x89, + 0x5F, 0x6E, 0x29, 0x33, 0x92, 0x34, 0x71, 0xF1, + 0x99, 0x58, 0x1F, 0x8A, 0x51, 0xBD, 0x9A, 0xA4, + 0x52, 0xEE, 0xE4, 0xBF, 0xE9, 0x56, 0x69, 0xAC, + 0xD0, 0x7B, 0x41, 0xB0, 0x0C, 0x03, 0xF5, 0x5A, + 0x40, 0xD1, 0x0B, 0x50, 0xF8, 0xE4, 0x67, 0xBD, + 0x07, 0x1C, 0x8F, 0x40, 0x5C, 0xF1, 0x19, 0x61, + 0x2D, 0x32, 0x40, 0x5B, 0xD5, 0x27, 0x5A, 0x6B, + 0xBF, 0x22, 0x17, 0xF9, 0xF1, 0x79, 0x0D, 0x29, + 0x99, 0x7B, 0x7B, 0x6B, 0x1E, 0xC8, 0xD7, 0x92, + 0x4A, 0xB9, 0xE6, 0x44, 0xC1, 0x29, 0xCE, 0xE8, + 0x74, 0x33, 0x29, 0x1A, 0x2C, 0x8E, 0xD6, 0xBC, + 0x3C, 0x2A, 0x19, 0xD0, 0x76, 0xB1, 0x77, 0xEE, + 0x60, 0x50, 0x69, 0x2A, 0xDA, 0x8E, 0x95, 0x57, + 0x4D, 0x6C, 0xE9, 0xAB, 0xE4, 0x97, 0x95, 0xD8, + 0xF2, 0x8E, 0xAB, 0x69, 0x67, 0x6E, 0x79, 0x03, + 0xA6, 0x56, 0xFA, 0xB3, 0x20, 0x25, 0xFE, 0x34, + 0x65, 0xCB, 0xDB, 0x57, 0x01, 0xC1, 0x77, 0x20, + 0x9D, 0x91, 0x89, 0xA5, 0x91, 0x7C, 0x13, 0x37, + 0xDE, 0x39, 0xF5, 0x75, 0xE5, 0xDD, 0xB9, 0x3C, + 0xA7, 0x6B, 0xEB, 0x52, 0xAF, 0x32, 0xE8, 0xD7, + 0x12, 0x7B, 0x28, 0xF7, 0xCE, 0x73, 0x12, 0xE8, + 0x03, 0x90, 0x47, 0x21, 0xAB, 0x21, 0x6E, 0x92, + 0xA8, 0xA9, 0xE6, 0x09, 0xFC, 0x10, 0xAF, 0x8D, + 0xC2, 0xAA, 0xCA, 0x14, 0xA9, 0x7B, 0xB0, 0xE4, + 0xB2, 0x34, 0xC7, 0x00, 0x0E, 0xBB, 0xE0, 0xC4, + 0x42, 0xF1, 0x85, 0x94, 0x6B, 0x7C, 0xE7, 0x72, + 0x80, 0x95, 0xCD, 0x60, 0x16, 0x9B, 0x0B, 0xD9, + 0x7B, 0x36, 0xB3, 0xAE, 0x38, 0x55, 0xD9, 0x89, + 0x25, 0xB2, 0x9D, 0x92, 0x94, 0xEF, 0x27, 0x75, + 0x09, 0xFC, 0xA4, 0x07, 0xEA, 0x2B, 0xC4, 0x76, + 0x59, 0x02, 0x6A, 0x82, 0x04, 0xD6, 0x96, 0x4F, + 0xC6, 0x5B, 0xEF, 0x35, 0x31, 0xE9, 0xC1, 0xE6, + 0xF9, 0x70, 0xBF, 0x2F, 0xF2, 0x40, 0x75, 0xEA, + 0x17, 0xD1, 0x36, 0xAD, 0xEA, 0xD2, 0x35, 0x6B, + 0x6C, 0xE4, 0x98, 0xF9, 0x3C, 0xD2, 0xF9, 0xE5, + 0xE1, 0x90, 0xD2, 0x09, 0xD9, 0x3E, 0x47, 0x3F, + 0xAA, 0x8E, 0xD9, 0x20, 0x96, 0x31, 0x5B, 0xF1, + 0xFC, 0xA6, 0x55, 0xFE, 0xBC, 0x78, 0xE0, 0x99, + 0x65, 0xC9, 0x74, 0x78, 0x29, 0x6B, 0x75, 0xD3, + 0x90, 0x56, 0x60, 0x4D, 0x32, 0x71, 0x91, 0x6D, + 0xCF, 0xF2, 0x25, 0xCB, 0x6B, 0x9A, 0x34, 0xE1, + 0x5D, 0xC1, 0x64, 0xB2, 0xA6, 0x8A, 0x3B, 0x42, + 0xDE, 0x05, 0x7A, 0x6B, 0xAC, 0x17, 0x32, 0xCF, + 0x59, 0x45, 0xBB, 0xCA, 0x12, 0xB8, 0xB3, 0x61, + 0x59, 0xFB, 0x89, 0xF7, 0xBB, 0xBE, 0x9F, 0xE0, + 0x34, 0x21, 0x8F, 0x5B, 0x3B, 0xCF, 0x18, 0x4C, + 0x20, 0x73, 0x06, 0xE6, 0xD2, 0xEA, 0x69, 0x59, + 0xEA, 0xE0, 0x89, 0x0A, 0x7B, 0x68, 0x02, 0xEC, + 0x1D, 0xA0, 0x82, 0xBE, 0xD6, 0x5B, 0xB6, 0xE4, + 0xEB, 0x4D, 0x56, 0x15, 0x70, 0x1C, 0xB0, 0xE3, + 0x50, 0x36, 0x33, 0x14, 0xA4, 0xD1, 0x01, 0xDB, + 0xBA, 0x60, 0x53, 0x71, 0xA3, 0x8B, 0x2D, 0x8A, + 0x37, 0xFF, 0x78, 0xEB, 0xB3, 0x69, 0x82, 0x53, + 0x88, 0xAA, 0xB7, 0xD3, 0xC6, 0x23, 0xB9, 0x3E, + 0x51, 0x2D, 0x96, 0xA9, 0xF3, 0x39, 0xEC, 0x96, + 0x8B, 0x35, 0x27, 0x59, 0xAF, 0x3E, 0x8F, 0xA3, + 0x21, 0x1C, 0x39, 0x29, 0x5B, 0x01, 0x10, 0xE6, + 0xDF, 0x26, 0x4E, 0x90, 0x67, 0x8C, 0x11, 0xE2, + 0xB9, 0x03, 0xAF, 0x32, 0x2E, 0x4F, 0xA7, 0x70, + 0x28, 0xD3, 0xEC, 0xC4, 0x4F, 0x62, 0x79, 0xD6, + 0x3B, 0x1E, 0x60, 0xD8, 0x06, 0x72, 0x41, 0x01, + 0x5F, 0xC4, 0xF8, 0x9B, 0xAA, 0x15, 0x6A, 0x78, + 0xFA, 0x77, 0xBB, 0x29, 0x14, 0xCA, 0xC2, 0x81, + 0xF4, 0x40, 0x9C, 0x9C, 0x03, 0x70, 0xAB, 0xD7, + 0xC1, 0xF8, 0xA5, 0xD1, 0x04, 0x0B, 0x59, 0x75, + 0x2C, 0xC4, 0xFD, 0xF0, 0xD1, 0x9C, 0xB0, 0xC5, + 0x6F, 0xEF, 0x34, 0xFA, 0x3A, 0x3B, 0xCE, 0xE1, + 0xF0, 0x64, 0xE3, 0x60, 0xE8, 0x6D, 0xC5, 0x5D, + 0xB5, 0xC9, 0x37, 0x5B, 0xDA, 0xDA, 0x67, 0x2E, + 0x72, 0xF6, 0x64, 0xE3, 0xAC, 0xB2, 0xE6, 0xD8, + 0xA0, 0x84, 0x09, 0xC8, 0xCD, 0x60, 0xA1, 0xF9, + 0x53, 0x80, 0xAB, 0x6C, 0x3A, 0xCB, 0x6B, 0x91, + 0xA8, 0xA9, 0xA3, 0xB7, 0x75, 0x50, 0x49, 0x79, + 0xB8, 0x02, 0x5A, 0xDB, 0x34, 0x22, 0x61, 0x9B, + 0xD1, 0x1E, 0x2B, 0x54, 0xFE, 0x6D, 0x07, 0x58, + 0x81, 0xAC, 0xAC, 0x24, 0x53, 0x20, 0x31, 0xCC, + 0xD2, 0x99, 0x06, 0x0E, 0x4E, 0xB7, 0xF7, 0xCB, + 0xD8, 0x08, 0x36, 0xD4, 0xB8, 0x23, 0xA5, 0xFF, + 0xA4, 0xFE, 0x8C, 0x6B, 0x98, 0x3D, 0x2A, 0xAE, + 0xB8, 0xF1, 0x6F, 0x6C, 0x1C, 0x22, 0x81, 0xEF, + 0xD7, 0x13, 0xFF, 0xDA, 0x22, 0x06, 0x9A, 0x5D, + 0x8A, 0xC4, 0x91, 0x29, 0x1C, 0xBF, 0x49, 0xF1, + 0x18, 0xC9, 0x46, 0xD5, 0x0F, 0x08, 0xE0, 0xD1, + 0x73, 0x28, 0x14, 0xE8, 0x15, 0x81, 0x90, 0x6A, + 0x31, 0x53, 0x94, 0x01, 0x14, 0xBE, 0xC8, 0xEB, + 0xD4, 0x9C, 0x73, 0x79, 0x0F, 0x9E, 0xD7, 0xCC, + 0xD9, 0x85, 0xED, 0xAD, 0x8D, 0xB3, 0x42, 0x6B, + 0x15, 0x13, 0x98, 0xEB, 0xF1, 0x6E, 0xFA, 0xFE, + 0x3D, 0xA0, 0xC7, 0xF3, 0x8B, 0x22, 0x76, 0x05, + 0x76, 0xD4, 0x88, 0x52, 0x73, 0xF5, 0xE4, 0x0B, + 0x14, 0x05, 0x57, 0x10, 0x7F, 0xCE, 0x0B, 0xF8, + 0x46, 0x1F, 0x24, 0x8B, 0xC4, 0x3F, 0xBF, 0x5C, + 0xEE, 0xE7, 0x6E, 0xF3, 0xA9, 0xEB, 0xD2, 0x30, + 0x95, 0x6C, 0x7B, 0x98, 0xAC, 0x89, 0x8A, 0x39, + 0x9E, 0x5C, 0x2A, 0xB0, 0xCB, 0xE9, 0xE5, 0xAB, + 0x94, 0x71, 0xDF, 0x5E, 0x53, 0x0C, 0x72, 0xF2, + 0x6C, 0x34, 0xDB, 0xFE, 0x2F, 0x83, 0x68, 0x3E, + 0xB6, 0x22, 0xF9, 0x64, 0x7A, 0xA0, 0x6A, 0x26, + 0x7D, 0x78, 0x97, 0x36, 0x31, 0x2C, 0x90, 0xC9, + 0xE5, 0x9D, 0x77, 0x12, 0x2A, 0x88, 0x53, 0x8F, + 0xD0, 0xF5, 0x39, 0x16, 0xAF, 0x08, 0xB2, 0x36, + 0x93, 0x5C, 0xDC, 0x5B, 0xB3, 0xCB, 0x49, 0x0C, + 0x83, 0x09, 0xE6, 0xA7, 0x9B, 0x43, 0xE7, 0xA5, + 0x4A, 0x8A, 0x07, 0xE1, 0xBA, 0xFB, 0x9B, 0x93, + 0x7E, 0xAC, 0x2F, 0xC3, 0xAC, 0xED, 0x30, 0x64, + 0x1F, 0x33, 0x79, 0x19, 0xD2, 0xDB, 0x54, 0xEC, + 0x7F, 0x32, 0x0E, 0xC5, 0x1C, 0xD1, 0x3C, 0x00, + 0xB9, 0xE6, 0x03, 0xDF, 0x6D, 0xD2, 0x69, 0x0C, + 0x75, 0xAF, 0x37, 0x07, 0xB7, 0xC9, 0x3E, 0x91, + 0xCF, 0x02, 0x78, 0xD7, 0x43, 0xA1, 0x8B, 0x4E, + 0x69, 0x74, 0xB4, 0x24, 0x08, 0x10, 0x42, 0xB5, + 0xB4, 0xE7, 0x8C, 0xEB, 0x7F, 0xFF, 0x67, 0x98, + 0x0B, 0xBC, 0xBA, 0x5E, 0x29, 0xBE, 0x61, 0x33, + 0x56, 0x16, 0xD6, 0x5E, 0x86, 0xF0, 0xE7, 0x46, + 0xD1, 0x83, 0xDF, 0xD4, 0x6B, 0x75, 0xC9, 0x30, + 0x0D, 0x60, 0xC5, 0x19, 0xFD, 0x95, 0xA8, 0xA6, + 0x61, 0xFF, 0xC8, 0x2A, 0xE7, 0x5D, 0xD1, 0x49, + 0x49, 0x1F, 0x99, 0xD1, 0x41, 0x4F, 0x15, 0x79, + 0x00, 0x8A, 0x80, 0x27, 0xA6, 0xC9, 0x98, 0xD3, + 0xE7, 0xA2, 0xBB, 0xFA, 0x07, 0xAB, 0x53, 0xEF, + 0xE8, 0x17, 0xAE, 0x9C, 0x6A, 0xE8, 0xD0, 0x52, + 0xAA, 0x85, 0x9D, 0x03, 0x48, 0xB0, 0xD2, 0xC8, + 0x5B, 0xCC, 0xC4, 0x50, 0x84, 0x90, 0xBE, 0x0F, + 0x9B, 0x32, 0x13, 0xB8, 0xAF, 0x7C, 0xCE, 0xE7, + 0x22, 0xE2, 0x82, 0x13, 0x18, 0x71, 0x46, 0xC5, + 0xDA, 0x05, 0xB7, 0x65, 0xD8, 0x33, 0x06, 0xFA, + 0x5A, 0x6B, 0x76, 0xD6, 0x92, 0x76, 0xD1, 0x6A, + 0x2B, 0xC6, 0x0D, 0xB1, 0xAD, 0xAB, 0x57, 0x62, + 0xEA, 0x76, 0x37, 0x4E, 0xAB, 0x2D, 0x34, 0xD2, + 0xA3, 0x57, 0xC7, 0x56, 0xFB, 0xEA, 0xD6, 0xA9, + 0xE3, 0xC1, 0x63, 0x07, 0xDE, 0xB9, 0x5E, 0x5A, + 0x30, 0x2E, 0x41, 0x4D, 0x43, 0xE9, 0x1C, 0xA1, + 0x5B, 0xB2, 0x4F, 0xAF, 0xDC, 0xE9, 0xBB, 0xBE, + 0x73, 0x55, 0x90, 0xF0, 0xD0, 0x02, 0x98, 0x6D, + 0x13, 0x50, 0x9A, 0xCA, 0x4C, 0xB3, 0x15, 0x3A, + 0x26, 0x14, 0x38, 0x67, 0xEB, 0xA7, 0x27, 0x33, + 0x48, 0x97, 0x58, 0x94, 0x57, 0xEA, 0xF9, 0x7E, + 0x8B, 0xB0, 0xBB, 0xF3, 0xF4, 0x84, 0x6E, 0x69, + 0x95, 0x2C, 0xF4, 0x6B, 0x1C, 0x65, 0x39, 0xB4, + 0x46, 0xA7, 0x99, 0xD6, 0x68, 0x47, 0x6E, 0x2E, + 0x49, 0x84, 0x75, 0x3E, 0x6C, 0x2E, 0x9A, 0x08, + 0xBC, 0xB7, 0x2F, 0x86, 0x68, 0x5C, 0xE1, 0xBF, + 0xEA, 0xA1, 0xAF, 0x59, 0xD6, 0x71, 0xB7, 0xBD, + 0xD6, 0xC5, 0xC2, 0xF2, 0xF3, 0xB5, 0x36, 0xBB, + 0x36, 0x23, 0x4F, 0xD6, 0x44, 0x59, 0x0A, 0x44, + 0x86, 0xCA, 0xDC, 0xD4, 0x22, 0x0F, 0x79, 0x09, + 0x99, 0x8C, 0x8C, 0x9E, 0x03, 0xA4, 0x51, 0x99, + 0x5A, 0xB9, 0x97, 0x76, 0x73, 0x20, 0xD3, 0x98, + 0x8C, 0x52, 0x96, 0xE1, 0x65, 0x7B, 0x4C, 0x77, + 0x40, 0xB2, 0xFE, 0x27, 0x0A, 0x11, 0x76, 0x6E, + 0x3B, 0x35, 0x12, 0xC6, 0x4E, 0xC2, 0x0E, 0xCC, + 0x04, 0xB5, 0x51, 0x91, 0xD0, 0x4A, 0xF7, 0x84, + 0xF2, 0xE7, 0xE5, 0x99, 0x7E, 0xB5, 0x3E, 0xAC, + 0x53, 0xDB, 0x61, 0x11, 0x71, 0x56, 0x4E, 0xAB, + 0x4A, 0x68, 0xC1, 0x6A, 0xA5, 0xC5, 0x7F, 0x72, + 0xEB, 0x14, 0x97, 0xA4, 0x27, 0xA0, 0x53, 0xA1, + 0xC4, 0x70, 0x7D, 0x58, 0xBD, 0xC1, 0xD7, 0xFD, + 0x9F, 0xB8, 0x8C, 0xCE, 0x34, 0xF9, 0xE1, 0x9C, + 0x59, 0x79, 0x31, 0x24, 0xEC, 0xBB, 0xF5, 0x6F, + 0x3F, 0xA3, 0x5A, 0x55, 0xB3, 0xDE, 0x64, 0xDF, + 0xA9, 0x95, 0x0B, 0x53, 0xF2, 0xA7, 0x25, 0x7B, + 0x8C, 0xAD, 0x25, 0x9A, 0x35, 0xBF, 0x15, 0x46, + 0x69, 0x4A, 0x83, 0x8C, 0x80, 0xFC, 0x37, 0xD0, + 0xC3, 0x6F, 0x00, 0xE2, 0x3C, 0x63, 0xAB, 0xC5, + 0x53, 0xC1, 0x8D, 0x4A, 0x40, 0x4B, 0xE6, 0xDC, + 0x05, 0xB1, 0x20, 0x23, 0x8B, 0xB8, 0xDF, 0x40, + 0x86, 0x97, 0xB9, 0x5E, 0xA4, 0xB7, 0xA1, 0x37, + 0xE0, 0x4B, 0x9E, 0xD9, 0x84, 0x2B, 0x2D, 0xAD, + 0xD1, 0xB1, 0x52, 0x15, 0x00, 0x9B, 0xDD, 0x23, + 0xA9, 0x27, 0x44, 0x21, 0x33, 0x17, 0x1C, 0x61, + 0x49, 0x84, 0x0D, 0x6A, 0x11, 0x7C, 0x77, 0xA5, + 0xD6, 0x8E, 0xE6, 0x1D, 0x6E, 0x90, 0x04, 0x4A, + 0xD3, 0x54, 0x3A, 0xA7, 0x1A, 0x28, 0xC5, 0x94, + 0x01, 0xCA, 0xDB, 0x1B, 0x5D, 0x78, 0xC5, 0xC6, + 0x69, 0x0D, 0x69, 0x88, 0x75, 0x00, 0x02, 0x0B, + 0x59, 0x6C, 0x3E, 0xC5, 0x30, 0xDF, 0xEE, 0x85, + 0x43, 0xA2, 0x9A, 0xF9, 0xDD, 0x85, 0x6E, 0xB3, + 0x0D, 0x83, 0x6A, 0x13, 0x88, 0xD0, 0x12, 0x15, + 0x53, 0x16, 0xFC, 0x5C, 0x15, 0x47, 0xEC, 0x6D, + 0x4D, 0x18, 0x2D, 0x88, 0xDB, 0xD2, 0x17, 0x6C, + 0xDE, 0x64, 0xEC, 0x70, 0x8D, 0x19, 0xDC, 0x66, + 0x69, 0x7F, 0xCF, 0x61, 0x6E, 0x4F, 0x23, 0x86, + 0xF5, 0x1A, 0x98, 0x47, 0x4B, 0xCC, 0xE9, 0x2F, + 0x12, 0x28, 0x12, 0xB9, 0xEB, 0xD8, 0x32, 0xDC, + 0xE4, 0xD8, 0x63, 0xAC, 0x56, 0x08, 0x2F, 0xEC, + 0x5E, 0x47, 0x29, 0xFF, 0x76, 0xFE, 0x95, 0x60, + 0xD2, 0x19, 0x61, 0x0E, 0xAF, 0xFC, 0x44, 0x42, + 0x11, 0x42, 0x79, 0xBC, 0x06, 0x3A, 0xAD, 0x93, + 0x7E, 0x46, 0x60, 0x03, 0xB0, 0xF5, 0x9F, 0x57, + 0x28, 0x48, 0x44, 0x8F, 0x0E, 0xFA, 0x72, 0x8C, + 0xE4, 0x18, 0xF4, 0x99, 0x6B, 0xB1, 0x23, 0x45, + 0xDC, 0x13, 0xA2, 0xF6, 0x5F, 0x57, 0x35, 0xA2, + 0xD7, 0x38, 0xF9, 0xE9, 0x8A, 0x7A, 0x79, 0xC6, + 0xB2, 0xCD, 0xBF, 0xD3, 0x41, 0x21, 0x56, 0xB3, + 0x39, 0xD9, 0x14, 0x3B, 0xDD, 0x85, 0xCB, 0x78, + 0x2F, 0xEB, 0x7E, 0x29, 0xBC, 0x52, 0x24, 0xE7, + 0x1B, 0x85, 0xB1, 0x65, 0xAE, 0xAB, 0x65, 0xF9, + 0x54, 0xD2, 0x1F, 0x37, 0x29, 0x52, 0x30, 0x5B, + 0x3D, 0x5F, 0x48, 0x84, 0x3F, 0x51, 0x27, 0x88, + 0x9D, 0xA7, 0x94, 0xF0, 0x73, 0xCD, 0x98, 0xD2, + 0x05, 0xE8, 0x25, 0x71, 0x7C, 0x93, 0x13, 0x82, + 0x5D, 0x53, 0x8D, 0x05, 0x0E, 0x69, 0x20, 0xC4, + 0xDB, 0xF2, 0xF6, 0x55, 0x24, 0x29, 0xD0, 0x41, + 0xF6, 0x2D, 0xF8, 0xC1, 0x2E, 0xC2, 0x4D, 0xE1, + 0xD7, 0x2D, 0xA0, 0x49, 0x16, 0x0B, 0x4D, 0x34, + 0xB5, 0x6D, 0xAE, 0x10, 0x93, 0x1E, 0xB6, 0x95, + 0x69, 0xC2, 0xB3, 0xC0, 0xAF, 0x6F, 0xFF, 0xA5, + 0x32, 0x3C, 0x7D, 0xC9, 0xC7, 0xC8, 0xEF, 0x0C, + 0x64, 0x20, 0x23, 0xC4, 0xFE, 0x89, 0x87, 0x8E, + 0xB3, 0xA6, 0xC5, 0x24, 0xCF, 0x03, 0x7E, 0x74, + 0xF7, 0xBF, 0x89, 0x1E, 0xCF, 0xB1, 0x02, 0xFA, + 0xF2, 0x9F, 0xD3, 0x9D, 0x99, 0x00, 0xDA, 0x7A, + 0x92, 0x7D, 0x13, 0x11, 0x92, 0xAD, 0x55, 0xF2, + 0xE1, 0x82, 0x72, 0xB1, 0x6A, 0xF1, 0x45, 0x05, + 0xDA, 0x17, 0xC9, 0xA1, 0x42, 0x82, 0x89, 0x77, + 0x31, 0xB6, 0x72, 0x54, 0x7C, 0x68, 0x10, 0x25, + 0x57, 0x30, 0x16, 0x15, 0x08, 0x58, 0x8B, 0xC1, + 0x61, 0xCB, 0xA0, 0x58, 0x29, 0x33, 0xB1, 0x64, + 0xF4, 0x4F, 0x06, 0xAA, 0x25, 0x31, 0xAA, 0xA8, + 0x92, 0x1C, 0x69, 0x1E, 0x6E, 0xB6, 0xBE, 0x81, + 0xDA, 0x9B, 0xE5, 0x1C, 0x56, 0x39, 0x55, 0xE0, + 0xC1, 0xEF, 0xD3, 0xED, 0x2A, 0x1C, 0x94, 0x9B, + 0xD4, 0xE0, 0x0B, 0x3A, 0xE9, 0xEB, 0xC1, 0x3C, + 0x4C, 0x6C, 0x4E, 0x5E, 0x39, 0x4C, 0xB0, 0x34, + 0xB9, 0xCB, 0x75, 0xBE, 0xCE, 0x86, 0x44, 0xFF, + 0x89, 0xEF, 0x95, 0xE7, 0x6E, 0xF7, 0x15, 0xE1, + 0x7A, 0xA2, 0x6B, 0x1F, 0xEB, 0x77, 0x4C, 0x50, + 0x59, 0xB3, 0xA3, 0x9A, 0x38, 0xDF, 0xD0, 0x57, + 0xD6, 0x41, 0xE4, 0x3F, 0xFE, 0x0F, 0x3E, 0x40, + 0xFF, 0xF6, 0xB2, 0x36, 0x3C, 0x1B, 0xF0, 0xEF, + 0x07, 0x87, 0x3D, 0x09, 0xA4, 0x87, 0x76, 0x9D, + 0x0A, 0x73, 0xCD, 0x0C, 0xC6, 0x44, 0xF5, 0x3C, + 0x25, 0xD2, 0x02, 0x5E, 0xE7, 0x1C, 0x69, 0xB7, + 0xAC, 0x0F, 0xA6, 0x61, 0x15, 0x57, 0xC4, 0x27, + 0xC0, 0x69, 0xDF, 0x2E, 0x1B, 0xF6, 0x29, 0xD9, + 0xA0, 0xCB, 0x5C, 0x67, 0xC7, 0xEA, 0x4F, 0xA6, + 0x58, 0xC7, 0x8D, 0x00, 0x42, 0xB0, 0x59, 0xE6, + 0xB6, 0x58, 0xFF, 0xCE, 0x60, 0x16, 0x69, 0x67, + 0xDB, 0x94, 0xF7, 0x16, 0xEB, 0x4D, 0x04, 0xB3, + 0xD2, 0x45, 0x0F, 0x40, 0x03, 0x1F, 0x10, 0xAC, + 0xDD, 0x07, 0x77, 0x7F, 0xBE, 0x9F, 0xBB, 0xB7, + 0x7F, 0xCB, 0x7C, 0x1F, 0xA9, 0xFC, 0x1E, 0xAF, + 0x0C, 0x5F, 0x86, 0xD7, 0x96, 0x2D, 0xAE, 0xD0, + 0x47, 0x4B, 0xA0, 0xFE, 0x68, 0xD9, 0xB2, 0x32, + 0x77, 0xA9, 0xCA, 0x7F, 0xC6, 0x76, 0xC6, 0x61, + 0x6B, 0x8E, 0x43, 0x9A, 0x1D, 0x4B, 0xFF, 0x72, + 0x43, 0x78, 0x19, 0xB5, 0x51, 0x87, 0x56, 0xA7, + 0x87, 0x3E, 0xF5, 0x84, 0x01, 0x26, 0x46, 0xC3, + 0x65, 0x9A, 0x6B, 0xA8, 0x6E, 0x62, 0x27, 0x26, + 0x14, 0xD8, 0x5E, 0xEC, 0xD5, 0x35, 0x0E, 0x3C, + 0xD0, 0xA1, 0x25, 0xAE, 0x9C, 0x17, 0xCC, 0xE2, + 0x52, 0x39, 0xE1, 0xEE, 0x9C, 0xDB, 0x39, 0xCA, + 0x7B, 0x18, 0xCF, 0x2C, 0x88, 0xCF, 0x14, 0x68, + 0x26, 0xB6, 0xCC, 0x1E, 0x6A, 0xA8, 0xE1, 0x69, + 0x2C, 0x91, 0x5F, 0x3B, 0xF1, 0xC1, 0xDB, 0x34, + 0xC6, 0xF3, 0x78, 0x83, 0xCB, 0x4E, 0xDC, 0xE0, + 0xF7, 0xC9, 0x95, 0xB6, 0x9E, 0x3A, 0xCE, 0x30, + 0xDC, 0x16, 0x6F, 0x78, 0x4C, 0x93, 0xD6, 0xCB, + 0xBC, 0xAC, 0x3C, 0x79, 0xBC, 0x31, 0x93, 0x10, + 0xCE, 0x6E, 0x66, 0x57, 0x00, 0xF1, 0x7F, 0x96, + 0x2F, 0x18, 0xB2, 0x40, 0x73, 0x9D, 0x15, 0x69, + 0x0B, 0x1B, 0x6C, 0x85, 0xD1, 0xAA, 0xA3, 0x2D, + 0x4A, 0x79, 0x74, 0x4A, 0xE5, 0x0C, 0xF9, 0xA9, + 0x0A, 0x09, 0x54, 0xB4, 0xA4, 0xD9, 0x4C, 0x49, + 0x9B, 0x41, 0x23, 0xEF, 0xC0, 0x20, 0x44, 0x31, + 0xF7, 0x22, 0x85, 0xB5, 0xDA, 0x9E, 0x19, 0x22, + 0x23, 0x0A, 0x30, 0x4D, 0x3A, 0x1B, 0xD8, 0x52, + 0x08, 0x72, 0x61, 0xB7, 0xCF, 0x0D, 0x8B, 0x90, + 0xD1, 0x46, 0x23, 0xEB, 0xCD, 0xC6, 0x38, 0x7B, + 0xC6, 0xAF, 0x65, 0xBE, 0x5F, 0x01, 0x1B, 0x6B, + 0xC1, 0x23, 0xC1, 0x30, 0x6A, 0x1E, 0x8F, 0xBF, + 0x2D, 0xF0, 0xB6, 0xF8, 0x9B, 0x0A, 0xE0, 0x5D, + 0xE0, 0xE4, 0xB7, 0xF5, 0x0A, 0xDA, 0x46, 0xE5, + 0x3A, 0x9B, 0x6B, 0xCA, 0xDA, 0x06, 0x43, 0xBE, + 0x6B, 0xFD, 0xC2, 0xB0, 0x6A, 0x6C, 0x75, 0x88, + 0x3C, 0x2D, 0xC6, 0x13, 0xAC, 0x72, 0x16, 0x31, + 0x7A, 0x40, 0xC4, 0xA2, 0xC0, 0x86, 0x69, 0x83, + 0xD3, 0x2C, 0x9C, 0xE0, 0xA6, 0xCC, 0xED, 0xF4, + 0x03, 0x62, 0x6B, 0xB2, 0x3B, 0x5B, 0x9D, 0xA5, + 0x86, 0x77, 0x7C, 0x73, 0x5E, 0x19, 0x11, 0xD7, + 0x7B, 0x11, 0x96, 0xC8, 0xFA, 0x47, 0x21, 0xD6, + 0xB0, 0xFE, 0x0B, 0x08, 0x11, 0xFC, 0x00, 0xB9, + 0xA1, 0x24, 0x2C, 0xBD, 0x4A, 0x92, 0x43, 0x10, + 0x08, 0xBE, 0xE9, 0xE1, 0x5D, 0x19, 0x82, 0xDE, + 0x34, 0xAE, 0xDC, 0xA6, 0x85, 0x8F, 0x19, 0x30, + 0x20, 0xB6, 0x44, 0x7F, 0x6B, 0xA6, 0x63, 0x70, + 0x59, 0xDA, 0x8D, 0xE0, 0xF8, 0x46, 0x86, 0x57, + 0xB8, 0x1C, 0x57, 0x13, 0x78, 0x41, 0x8C, 0xF5, + 0x7D, 0x77, 0xAE, 0x75, 0x6C, 0x59, 0x93, 0x2E, + 0x05, 0x25, 0x03, 0xD1, 0xEA, 0xFB, 0x2D, 0x60, + 0xD2, 0x61, 0x23, 0xEA, 0x0E, 0xFF, 0x55, 0xE3, + 0x24, 0x49, 0x00, 0x19, 0xBD, 0x1E, 0x56, 0x24, + 0x87, 0x2F, 0x7B, 0x98, 0x07, 0x36, 0xD2, 0x7C, + 0xC5, 0x9B, 0xE0, 0x4E, 0x29, 0xAB, 0xA1, 0xB8, + 0x35, 0x15, 0x31, 0xCE, 0x65, 0x14, 0x24, 0xF8, + 0x10, 0xB5, 0xAB, 0x3E, 0xD5, 0x58, 0xCA, 0xE5, + 0x73, 0x2D, 0x7C, 0x8B, 0xB4, 0x62, 0x75, 0x03, + 0x30, 0x89, 0xFE, 0x32, 0xF8, 0x65, 0x99, 0xD0, + 0x88, 0xD5, 0x72, 0x88, 0x03, 0xC9, 0x51, 0x03, + 0xBA, 0x2F, 0xFB, 0x7C, 0x39, 0x02, 0x05, 0xC4, + 0xCE, 0xD8, 0xB3, 0xC2, 0x7B, 0x29, 0x8E, 0xA7, + 0x9D, 0x35, 0x97, 0xB7, 0x17, 0xDE, 0x28, 0x0B, + 0x32, 0xE5, 0x41, 0xDA, 0x1D, 0x98, 0xBD, 0x27, + 0xEF, 0xF7, 0xB4, 0x43, 0x09, 0x13, 0x39, 0xC7, + 0x40, 0x16, 0x11, 0x20, 0x71, 0xCB, 0xB6, 0xC9, + 0xB0, 0x8F, 0x20, 0xC1, 0xF0, 0x40, 0xFB, 0x6E, + 0x73, 0x04, 0x8F, 0x73, 0xCA, 0x45, 0xDB, 0xE0, + 0xF9, 0x25, 0x8D, 0x32, 0xF2, 0x3E, 0x36, 0xBE, + 0xF7, 0x88, 0xF8, 0x13, 0x4D, 0x9B, 0x10, 0xC2, + 0x58, 0x0B, 0x20, 0xF8, 0x78, 0xB6, 0x4C, 0x7D, + 0x2A, 0xA6, 0x81, 0x40, 0xD1, 0x30, 0x50, 0x38, + 0x2A, 0x5F, 0xBC, 0x81, 0x8E, 0x0F, 0xD4, 0xD0, + 0x87, 0x99, 0x78, 0x3D, 0xBE, 0x25, 0x15, 0xF4, + 0x45, 0x61, 0xA3, 0x1A, 0x7D, 0x05, 0x3F, 0xB5, + 0xA6, 0x1C, 0x41, 0xC6, 0x0E, 0xBE, 0x57, 0x6F, + 0xC5, 0xB6, 0x38, 0x63, 0x90, 0x55, 0x23, 0xFC, + 0x26, 0x9E, 0xFD, 0xB8, 0x6C, 0xF2, 0x99, 0x6B, + 0x6D, 0x90, 0xFE, 0x28, 0xA0, 0x16, 0xEE, 0x63, + 0xC2, 0x4C, 0xD6, 0xB2, 0x0C, 0xFA, 0x6E, 0x85, + 0x51, 0xE4, 0x2F, 0x57, 0x91, 0x82, 0x84, 0x43, + 0x8A, 0x44, 0x31, 0x6C, 0x68, 0x02, 0x01, 0x7C, + 0xCE, 0x4D, 0xC0, 0x7C, 0x43, 0xA9, 0x54, 0xF5, + 0x0E, 0xCA, 0xE6, 0x15, 0x98, 0xAE, 0x41, 0x57, + 0x0A, 0x66, 0xBA, 0x6D, 0x6E, 0x68, 0xB9, 0x2E, + 0x0D, 0x42, 0xD2, 0xF5, 0x0B, 0xFC, 0x2D, 0xA8, + 0x61, 0x6E, 0x60, 0x4E, 0x51, 0x78, 0xEB, 0x0C, + 0x52, 0x9E, 0xC0, 0x4A, 0xB0, 0x92, 0x85, 0x5C, + 0x3A, 0x3D, 0x69, 0x95, 0xAB, 0x62, 0xEB, 0x2F, + 0x9B, 0x12, 0xF5, 0x2E, 0xB5, 0xA6, 0x93, 0xCE, + 0x14, 0x97, 0xA7, 0x1E, 0x0A, 0x7B, 0x94, 0x74, + 0xFB, 0x65, 0xD0, 0x5A, 0x97, 0x55, 0x40, 0x02, + 0x71, 0x87, 0x9C, 0x9F, 0xCB, 0x41, 0x3F, 0x08, + 0x8D, 0x6A, 0xCA, 0xE6, 0xEC, 0xE6, 0x71, 0x22, + 0xF8, 0x58, 0x9F, 0xF1, 0x94, 0xF6, 0xE4, 0xD6, + 0xDC, 0x35, 0xD7, 0xEB, 0x6B, 0x78, 0x99, 0x66, + 0xF9, 0xE2, 0x15, 0x27, 0xC9, 0x8C, 0x27, 0xB4, + 0x89, 0x3C, 0x15, 0xEE, 0x52, 0x71, 0xA9, 0xD2, + 0x50, 0x3C, 0xD2, 0x31, 0xBB, 0x3A, 0xE5, 0x87, + 0xAF, 0x65, 0x2B, 0xF2, 0xF5, 0xC9, 0x44, 0xA2, + 0x59, 0x1C, 0x57, 0x96, 0xB9, 0xC2, 0x5E, 0xCB, + 0x8A, 0x5B, 0x2B, 0x7A, 0x7E, 0x93, 0x3C, 0x08, + 0x27, 0xCD, 0xB4, 0xB0, 0x1B, 0xF3, 0x82, 0x50, + 0x78, 0xCF, 0xEA, 0x28, 0x57, 0xB1, 0x0F, 0xB4, + 0xB6, 0x93, 0x82, 0x8E, 0x7A, 0xD1, 0x9F, 0x04, + 0xEC, 0xEE, 0x24, 0x3D, 0x8A, 0x5E, 0x56, 0x99, + 0x8D, 0x83, 0xA4, 0x05, 0x7D, 0xFB, 0x36, 0xDB, + 0xAB, 0xD1, 0x67, 0x59, 0xC7, 0x4A, 0xB9, 0xAF, + 0x99, 0xB6, 0xD8, 0xD4, 0x2C, 0xCA, 0x8C, 0xCC, + 0xD2, 0x32, 0xAB, 0x51, 0xCE, 0x2D, 0x22, 0xE0, + 0x29, 0xB1, 0x73, 0x10, 0x60, 0xA8, 0x6B, 0x8F, + 0x68, 0xAF, 0x58, 0x06, 0x9D, 0x72, 0x36, 0x98, + 0x3F, 0xF3, 0x6B, 0xAD, 0x3E, 0x7F, 0x4A, 0x00, + 0x94, 0x04, 0xAE, 0xE9, 0x8A, 0x9E, 0x8A, 0x03, + 0xD8, 0x04, 0xCC, 0xFE, 0xE3, 0xF8, 0xA2, 0x04, + 0x64, 0x17, 0x54, 0x77, 0xCA, 0x20, 0xD0, 0x80, + 0x1B, 0x36, 0xEF, 0x59, 0x31, 0xFA, 0xE4, 0xF5, + 0xAF, 0x56, 0x09, 0x02, 0xAD, 0xCF, 0xA6, 0xBC, + 0x26, 0x23, 0x27, 0x6D, 0xF3, 0x52, 0xCE, 0x2F, + 0x4C, 0x9C, 0xA8, 0x23, 0x75, 0xFA, 0x56, 0x9E, + 0x07, 0x5B, 0xB9, 0x30, 0x5A, 0xB1, 0x27, 0xFF, + 0x72, 0xBF, 0x50, 0xB1, 0x27, 0xEF, 0xA1, 0x0C, + 0x3A, 0xC9, 0x72, 0x21, 0xBE, 0xD8, 0xDC, 0xD5, + 0x66, 0x4A, 0x0A, 0x58, 0xFA, 0x57, 0xB4, 0x00, + 0x07, 0x31, 0xF2, 0x4E, 0xDC, 0xE0, 0x86, 0x99, + 0x45, 0xE5, 0x45, 0xCF, 0x27, 0x35, 0x79, 0x57, + 0xF5, 0xA2, 0x7A, 0x29, 0xFA, 0x5E, 0xCF, 0xF9, + 0xA9, 0x96, 0x11, 0xE1, 0x4A, 0x6C, 0xE5, 0xB8, + 0x8E, 0x78, 0xE6, 0xA1, 0x46, 0x97, 0xAE, 0xB4, + 0xF3, 0x6D, 0x7F, 0x8E, 0xD1, 0x86, 0x6B, 0x78, + 0x2B, 0x55, 0xC5, 0xDF, 0x0F, 0x43, 0x78, 0xED, + 0xD2, 0x38, 0xE5, 0x8B, 0x94, 0x7A, 0x06, 0xC5, + 0x73, 0x17, 0x55, 0x93, 0xAD, 0xA5, 0xAC, 0xBA, + 0x81, 0x8A, 0x6D, 0x73, 0x4B, 0xA1, 0x32, 0x8F, + 0x21, 0xA6, 0x5B, 0x51, 0x31, 0x58, 0xD0, 0xE4, + 0x0B, 0x93, 0x46, 0xF2, 0x51, 0x30, 0x3E, 0x60, + 0xE1, 0xCB, 0x30, 0x04, 0x15, 0x8D, 0x1E, 0x87, + 0xA6, 0xF6, 0x38, 0xE0, 0x27, 0x84, 0x81, 0x18, + 0x2B, 0x37, 0xBB, 0xD3, 0xDB, 0xE7, 0x91, 0xA3, + 0x1B, 0x6B, 0x20, 0xCB, 0x2C, 0x52, 0xB1, 0xB9, + 0x6A, 0x94, 0xF8, 0xCD, 0xBA, 0x5D, 0xC7, 0xDD, + 0x79, 0x36, 0x38, 0xC2, 0xFC, 0xEC, 0x4F, 0x2B, + 0x5F, 0x73, 0x44, 0x03, 0xE9, 0xA9, 0xF5, 0xD9, + 0x99, 0xEA, 0x61, 0xDC, 0x6A, 0x98, 0xBE, 0xDE, + 0xB9, 0x34, 0xCC, 0x76, 0xB0, 0xE1, 0x8C, 0x70, + 0x3A, 0xA5, 0x7C, 0xD1, 0xC0, 0x2A, 0x8E, 0x7D, + 0x47, 0x8A, 0x63, 0xEA, 0x30, 0x6B, 0xEE, 0x36, + 0x0B, 0xA8, 0xAE, 0x46, 0xCD, 0x01, 0x83, 0xF6, + 0x07, 0xF9, 0xED, 0x8B, 0x69, 0x97, 0xB6, 0xC3, + 0x5D, 0x75, 0x6E, 0xD8, 0xDF, 0x01, 0x82, 0x48, + 0x31, 0x2F, 0xDE, 0xED, 0x8E, 0xC5, 0xD8, 0xA6, + 0xC0, 0x36, 0x0E, 0x66, 0xA4, 0xE9, 0xE5, 0xA9, + 0x7D, 0x5C, 0xD2, 0x43, 0x72, 0xC0, 0xAD, 0x26, + 0x78, 0xF2, 0xB0, 0x08, 0x12, 0xAE, 0x6C, 0x1A, + 0x0F, 0x53, 0x30, 0xB3, 0xAB, 0x01, 0x53, 0xDA, + 0x3C, 0x5F, 0x4C, 0x17, 0xBD, 0x2F, 0xB6, 0x0E, + 0x7E, 0x80, 0x87, 0x4C, 0x1B, 0x92, 0x9B, 0x62, + 0xE3, 0x89, 0xEE, 0xE2, 0xA0, 0x14, 0x06, 0x0D, + 0x4D, 0xCC, 0x96, 0x5A, 0xF8, 0x64, 0x2A, 0x05, + 0xA9, 0xEE, 0xD5, 0x0D, 0x23, 0x90, 0xB0, 0x67, + 0xD5, 0x51, 0x1D, 0x18, 0xBC, 0xBA, 0xE6, 0xA5, + 0xAD, 0x29, 0x18, 0xD5, 0x06, 0xFC, 0xC9, 0x12, + 0x6D, 0x70, 0xA8, 0x6E, 0x96, 0x8B, 0x5F, 0x9C, + 0x99, 0x43, 0x07, 0x02, 0x37, 0x48, 0x8C, 0xFB, + 0x5F, 0xF5, 0xDE, 0x69, 0x26, 0x73, 0x7D, 0xF6, + 0x3A, 0x2C, 0xE5, 0x58, 0x01, 0xC3, 0x48, 0xB0, + 0xF0, 0x0D, 0x56, 0xAF, 0x8C, 0x0F, 0x5C, 0xB3, + 0xBA, 0x44, 0x8C, 0x39, 0xB0, 0x20, 0xD2, 0x93, + 0x81, 0x19, 0x99, 0x4E, 0xAC, 0xB9, 0x1F, 0xC3, + 0x1F, 0x34, 0x7D, 0xF3, 0x3E, 0x1A, 0xE1, 0x26, + 0x7C, 0xB7, 0x22, 0x0A, 0xDC, 0x0D, 0x14, 0xF8, + 0x43, 0x8A, 0x23, 0x46, 0x37, 0x9C, 0x2A, 0xB8, + 0x1F, 0x24, 0x72, 0xE2, 0xEA, 0xC4, 0x67, 0x13, + 0x17, 0x33, 0xBD, 0xA0, 0x07, 0xA0, 0x3E, 0xDE, + 0x8B, 0xC4, 0xD6, 0xDB, 0xD9, 0xF1, 0xB8, 0xF4, + 0xFB, 0x83, 0x13, 0x14, 0xCD, 0x36, 0xF6, 0xDC, + 0xD5, 0x85, 0x93, 0x7C, 0xF9, 0x6C, 0xEA, 0x52, + 0x92, 0xFB, 0xFC, 0x95, 0x02, 0x10, 0x7B, 0x57, + 0x9F, 0xF0, 0x7C, 0x2E, 0x79, 0x00, 0x3D, 0xB2, + 0xA1, 0x6C, 0x4E, 0xD4, 0x17, 0xFA, 0x0F, 0x13, + 0xC8, 0xBF, 0xB1, 0x82, 0xF7, 0xDD, 0xCF, 0x08, + 0xF2, 0x50, 0xDB, 0x16, 0xA4, 0x5A, 0x60, 0x4A, + 0x57, 0x2B, 0x0E, 0xDC, 0x4A, 0xBF, 0x9C, 0x86, + 0x08, 0x8A, 0x5A, 0xC8, 0x74, 0xDD, 0xA2, 0x6E, + 0x12, 0xA0, 0xEF, 0x63, 0x5A, 0xD2, 0x82, 0xAD, + 0xCD, 0xC7, 0xED, 0x16, 0x86, 0x45, 0x3D, 0xFB, + 0x35, 0xC3, 0xB1, 0xBA, 0x68, 0x21, 0xB4, 0xB7, + 0x22, 0x0B, 0x55, 0x79, 0x8B, 0x9C, 0xCF, 0xE0, + 0x66, 0x61, 0x5C, 0xE2, 0x55, 0x96, 0x0D, 0x09, + 0xE6, 0x77, 0xFE, 0xFE, 0x76, 0xBE, 0x91, 0x5E, + 0x04, 0xE5, 0x65, 0x44, 0xBD, 0x09, 0xD0, 0x6F, + 0x83, 0x44, 0xF9, 0x68, 0xDC, 0x68, 0x25, 0xCB, + 0xC6, 0x64, 0xD5, 0x18, 0xA4, 0x41, 0xE1, 0x9B, + 0x07, 0x6F, 0xC3, 0x38, 0x91, 0x37, 0xFC, 0x1B, + 0x73, 0x32, 0xE2, 0xB0, 0x68, 0x95, 0x44, 0x3B, + 0x7A, 0x00, 0x23, 0x36, 0x31, 0x15, 0x79, 0xA9, + 0xB0, 0x8F, 0x36, 0x73, 0xDA, 0x05, 0x90, 0xE6, + 0x96, 0xCE, 0xD9, 0x01, 0x44, 0x4A, 0x70, 0xA6, + 0x7B, 0x2A, 0x7D, 0x55, 0x12, 0xD6, 0x5B, 0xFC, + 0xD7, 0xAF, 0x1E, 0x34, 0x27, 0x77, 0x69, 0xE1, + 0x71, 0x08, 0x83, 0x01, 0xDE, 0x78, 0x46, 0xF0, + 0x88, 0xF4, 0x87, 0xC4, 0x92, 0x1B, 0xEB, 0x98, + 0x35, 0x4B, 0xAE, 0x9A, 0xF6, 0xEA, 0xB2, 0x34, + 0x91, 0x14, 0xEB, 0x21, 0xF6, 0x18, 0xDB, 0x1D, + 0x92, 0x6C, 0x1D, 0x2F, 0xE3, 0xA5, 0xF2, 0x29, + 0xC5, 0x73, 0x40, 0xC4, 0x0A, 0xEC, 0x11, 0xC2, + 0xD0, 0x14, 0x4D, 0x03, 0x94, 0xFC, 0x4D, 0x8E, + 0x38, 0x66, 0xA7, 0xD0, 0xA1, 0x0B, 0x64, 0xC8, + 0xB9, 0x92, 0xB0, 0xA4, 0xDD, 0xBC, 0xAD, 0x82, + 0x4E, 0x43, 0x97, 0x43, 0x78, 0xEA, 0x9A, 0x38, + 0xE5, 0x8C, 0x2C, 0x5A, 0xE1, 0x94, 0xAF, 0x43, + 0x10, 0xFB, 0xEC, 0x90, 0x28, 0x41, 0x6C, 0x5C, + 0xB7, 0xB8, 0xAF, 0xA5, 0x24, 0xF7, 0x4F, 0xFD, + 0x6F, 0x2E, 0x98, 0x44, 0x3F, 0x5E, 0x89, 0x24, + 0xF6, 0xCF, 0x11, 0x0E, 0x67, 0x1B, 0x81, 0x68, + 0x37, 0xD5, 0x9B, 0x2D, 0xB9, 0x1C, 0xB1, 0xE6, + 0x87, 0xD6, 0xA2, 0x02, 0x0F, 0x91, 0x08, 0xF6, + 0x9B, 0x94, 0x76, 0x62, 0xFD, 0xE7, 0x18, 0xAC, + 0x28, 0xA6, 0xAC, 0xDA, 0x27, 0xF4, 0x33, 0x59, + 0xBB, 0xBE, 0x36, 0x2C, 0xEE, 0xEA, 0x91, 0xE6, + 0x91, 0x95, 0x2C, 0x58, 0x0A, 0xB2, 0xCA, 0xA3, + 0xAA, 0x39, 0x03, 0x9A, 0x75, 0x3C, 0x27, 0x6E, + 0x02, 0x89, 0x17, 0x4B, 0x02, 0x42, 0x7C, 0xB4, + 0x2E, 0xAD, 0xB4, 0xD9, 0x35, 0xB2, 0x30, 0x9E, + 0x2F, 0xEC, 0x9F, 0x25, 0x56, 0x1A, 0x35, 0x40, + 0xF1, 0xAF, 0x1D, 0xA4, 0xA8, 0x62, 0x07, 0x70, + 0x98, 0x6C, 0xDE, 0x1E, 0x89, 0xC1, 0xD3, 0x30, + 0xBB, 0x82, 0x72, 0x40, 0xF2, 0xBC, 0x53, 0xC7, + 0xDE, 0xAB, 0xFC, 0x7D, 0xAD, 0xBF, 0xDA, 0xE0, + 0xA7, 0xA1, 0x0C, 0xD6, 0x73, 0x37, 0x36, 0xA1, + 0xEE, 0xA6, 0x96, 0x88, 0x79, 0x0E, 0x4A, 0x2C, + 0x69, 0x4C, 0xE5, 0x30, 0xFB, 0xDD, 0xE1, 0xFE, + 0x86, 0x90, 0xDC, 0xDF, 0x03, 0xF5, 0x17, 0x2F, + 0xF4, 0x58, 0x2D, 0xD3, 0xED, 0x3D, 0x7D, 0xA0, + 0xB3, 0x6E, 0x1E, 0xD3, 0xBB, 0xD9, 0x57, 0xBA, + 0x8B, 0x00, 0x72, 0xC4, 0xEE, 0xCF, 0x39, 0xD5, + 0x74, 0xFA, 0x13, 0xF0, 0xD7, 0xE9, 0x10, 0x0C, + 0x7A, 0x52, 0x62, 0xD0, 0xC9, 0xD5, 0x2D, 0xDC, + 0x11, 0xD4, 0xFF, 0x34, 0xB2, 0x55, 0xF9, 0x99, + 0x81, 0xB4, 0xC9, 0x14, 0x02, 0x91, 0x81, 0x56, + 0x29, 0xF6, 0xA9, 0x1A, 0x19, 0x8E, 0x74, 0xB3, + 0xA3, 0xD1, 0x28, 0xB5, 0x72, 0xD8, 0x6F, 0x54, + 0x15, 0x74, 0x55, 0x70, 0x26, 0x62, 0xCB, 0x1D, + 0x15, 0x2C, 0x7F, 0x4C, 0x9C, 0xB4, 0xDE, 0xA2, + 0x07, 0xD5, 0xA9, 0x38, 0x29, 0x42, 0x51, 0x67, + 0x44, 0x26, 0x97, 0x7E, 0x73, 0x0E, 0xC6, 0x01, + 0x00, 0x65, 0xC8, 0xE0, 0x34, 0x88, 0x2B, 0xD3, + 0x2F, 0xD3, 0x5C, 0x6A, 0xF6, 0xB8, 0xD9, 0x3A, + 0x50, 0x9C, 0xC3, 0x39, 0xD9, 0x6F, 0xB9, 0xDD, + 0x55, 0x8A, 0xF9, 0x52, 0x35, 0xFB, 0xF1, 0x71, + 0x97, 0x76, 0x04, 0x75, 0xEE, 0x2E, 0x3F, 0xCA, + 0x0E, 0x83, 0xA8, 0xE3, 0x1F, 0xA7, 0xF1, 0x3D, + 0x78, 0xCC, 0x79, 0x64, 0x80, 0x5E, 0x77, 0x05, + 0xDB, 0xB7, 0x0F, 0x73, 0x53, 0x3A, 0x56, 0xD8, + 0xB7, 0x7C, 0x12, 0xE8, 0xF6, 0x51, 0x07, 0xC9, + 0x01, 0x43, 0x97, 0x51, 0x75, 0x95, 0x94, 0x65, + 0xFD, 0x4D, 0x8C, 0x8C, 0xD3, 0xA8, 0xEE, 0xA9, + 0x5E, 0xFB, 0xC7, 0xF6, 0xF8, 0x40, 0x0E, 0xA5, + 0xD5, 0x1E, 0x79, 0xB4, 0x0C, 0xEF, 0x8B, 0x04, + 0x59, 0x4D, 0x0C, 0x6F, 0x08, 0xD5, 0x00, 0xA2, + 0xAD, 0x08, 0xB4, 0x62, 0xE0, 0x2C, 0xF6, 0x30, + 0x31, 0x1E, 0xD7, 0x81, 0x56, 0x61, 0x17, 0x0D, + 0xB3, 0x9F, 0x27, 0x75, 0x38, 0x42, 0x6E, 0xB2, + 0xB0, 0x6C, 0xB8, 0xC9, 0xD8, 0x20, 0xC8, 0x36, + 0x7D, 0x1D, 0x57, 0x10, 0x4E, 0xC1, 0x45, 0xFC, + 0x93, 0xB1, 0xF7, 0x7B, 0xA1, 0x3B, 0x71, 0x12, + 0x16, 0xE5, 0x8F, 0xD0, 0x0C, 0x7D, 0xC0, 0x05, + 0x18, 0x02, 0x24, 0x25, 0x28, 0x8A, 0xE1, 0x29, + 0x9A, 0x79, 0xBD, 0xC7, 0x73, 0x2D, 0xF3, 0x42, + 0x70, 0x33, 0xF3, 0xF8, 0x48, 0x87, 0xB4, 0xD4, + 0x91, 0xE1, 0x53, 0xBA, 0x4A, 0x63, 0xAF, 0x3A, + 0xE5, 0xCB, 0x3D, 0x41, 0x04, 0xB5, 0x30, 0x87, + 0xAA, 0x40, 0x03, 0x56, 0x10, 0x02, 0xF3, 0x6A, + 0x9F, 0xDA, 0x33, 0xBC, 0xB8, 0xA5, 0xD0, 0x56, + 0x43, 0x29, 0xDA, 0x58, 0x12, 0x8B, 0x6A, 0x9D, + 0xCF, 0xCD, 0xCA, 0x66, 0x98, 0x92, 0x1D, 0xA4, + 0xEF, 0xAC, 0x9E, 0x19, 0xDE, 0xF7, 0xFE, 0x6C, + 0x3A, 0x66, 0x46, 0xB4, 0x00, 0x7F, 0x08, 0xAF, + 0x31, 0xD6, 0xD3, 0x22, 0x59, 0x1F, 0x34, 0x48, + 0x5A, 0xE1, 0x4E, 0x0F, 0x6F, 0x2D, 0xD0, 0xE5, + 0x8E, 0x34, 0x3B, 0xC0, 0x55, 0x02, 0x2D, 0x17, + 0x4B, 0x34, 0x78, 0x46, 0xD4, 0xC4, 0x7F, 0x1D, + 0xDC, 0x39, 0x94, 0x69, 0x78, 0xAB, 0xD8, 0x2B, + 0x6D, 0xF3, 0x1C, 0x0B, 0x0F, 0x4A, 0xA0, 0xB2, + 0xAC, 0x1A, 0x79, 0x7F, 0x9D, 0xE5, 0xE8, 0xC6, + 0x40, 0x4B, 0xCE, 0x32, 0x4B, 0xA1, 0x3C, 0x77, + 0xED, 0x5D, 0x59, 0x0F, 0xE0, 0x7D, 0x00, 0x07, + 0xB4, 0xD8, 0xA6, 0x3E, 0xC9, 0x6D, 0x62, 0x19, + 0x66, 0xC3, 0xE7, 0x10, 0x3B, 0x6C, 0x7A, 0x36, + 0x49, 0x75, 0xE6, 0x78, 0xB3, 0x8D, 0x04, 0x13, + 0x31, 0xE6, 0x79, 0x72, 0x64, 0x07, 0x76, 0x94, + 0x2B, 0xB4, 0xEC, 0x18, 0x1C, 0x32, 0x3C, 0x26, + 0xC4, 0x81, 0xBF, 0x4F, 0xB5, 0x6E, 0x5D, 0x67, + 0xCF, 0xBE, 0x17, 0x57, 0x11, 0x2B, 0xBC, 0xA0, + 0xF0, 0xC2, 0x70, 0x06, 0x94, 0x26, 0x9B, 0x26, + 0x12, 0x9C, 0x7F, 0x99, 0xD4, 0x4A, 0xF5, 0x60, + 0xCD, 0xF7, 0xA4, 0x70, 0x2E, 0xF5, 0xD6, 0xA2, + 0xEC, 0x0E, 0x99, 0x00, 0x2E, 0x89, 0x30, 0xAA, + 0x4E, 0xC0, 0x62, 0x11, 0x93, 0x0A, 0x1E, 0x68, + 0xF2, 0xED, 0x44, 0x8B, 0x10, 0x4A, 0x75, 0x68, + 0xBF, 0x46, 0xE1, 0x41, 0xD6, 0x0B, 0x61, 0x53, + 0xD4, 0x03, 0x10, 0xB3, 0x8F, 0x8E, 0x14, 0x57, + 0x27, 0x8F, 0xE3, 0x49, 0xB2, 0xB4, 0xA7, 0xAE, + 0x39, 0x7A, 0x7B, 0x8F, 0x48, 0xAA, 0xA5, 0xFD, + 0xC1, 0x28, 0x8E, 0x43, 0xE0, 0x58, 0x39, 0x32, + 0x0A, 0x14, 0xC6, 0x3A, 0xB8, 0x58, 0xE2, 0x6E, + 0x7D, 0x8C, 0x35, 0xB6, 0x47, 0x37, 0x90, 0x4D, + 0x89, 0xC1, 0x9A, 0x10, 0x3D, 0x6B, 0x68, 0x9A, + 0x3D, 0xC9, 0x0C, 0x72, 0xFC, 0x92, 0xE3, 0x5D, + 0x45, 0x2B, 0x81, 0x43, 0x02, 0x30, 0x70, 0xD4, + 0x8B, 0xB9, 0xFB, 0xB0, 0x45, 0xE3, 0xC6, 0xCE, + 0x9A, 0x8B, 0xD5, 0xC4, 0xB6, 0x7F, 0x5D, 0x8B, + 0x58, 0xC9, 0x6A, 0x28, 0x2D, 0x6E, 0x27, 0x78, + 0x3D, 0x7B, 0x99, 0x0E, 0x05, 0x2B, 0xD9, 0x5E, + 0x86, 0x50, 0x8F, 0x9B, 0xF7, 0xC0, 0x64, 0xA8, + 0xF2, 0x39, 0xE0, 0x24, 0x0A, 0x20, 0xD8, 0xDF, + 0x3A, 0x87, 0x6E, 0xDC, 0x8F, 0xF6, 0x24, 0x1B, + 0x54, 0xF2, 0x70, 0xA9, 0x8C, 0xB8, 0x07, 0x7A, + 0xAF, 0xE0, 0xE5, 0x8E, 0x5E, 0x98, 0x13, 0xC6, + 0xA5, 0xF9, 0x1F, 0x52, 0x89, 0x7B, 0x6A, 0xAD, + 0x24, 0x26, 0xC6, 0x0D, 0xA5, 0x88, 0x3E, 0x6B, + 0xDF, 0xEE, 0x33, 0x0A, 0x86, 0x09, 0xA2, 0x11, + 0x8B, 0x69, 0x9F, 0x75, 0xCE, 0xFD, 0x05, 0x01, + 0x95, 0x14, 0x64, 0xCD, 0x62, 0x04, 0x09, 0x87, + 0xFC, 0xF6, 0xB2, 0x2E, 0xCA, 0x92, 0xE4, 0x4F, + 0x55, 0xB3, 0x8C, 0x64, 0x99, 0xA8, 0xDA, 0x0A, + 0xC7, 0x82, 0x56, 0x93, 0x03, 0x67, 0xA4, 0xD7, + 0x54, 0x91, 0xA0, 0x89, 0xD8, 0x94, 0x1F, 0x6C, + 0x53, 0xCC, 0xB2, 0x60, 0x13, 0x6A, 0x93, 0xE1, + 0xFC, 0xA3, 0xDD, 0x72, 0xD5, 0x5A, 0x92, 0x35, + 0x9E, 0x3D, 0x62, 0x82, 0x70, 0x5D, 0x54, 0xAF, + 0x57, 0xC6, 0x98, 0x5E, 0x74, 0xE0, 0xF2, 0x33, + 0x26, 0x61, 0xBF, 0x2B, 0xDD, 0x78, 0x47, 0x29, + 0x04, 0xC7, 0xF0, 0x58, 0x17, 0xFC, 0x9D, 0xED, + 0xEF, 0x15, 0x6A, 0xCA, 0xC7, 0x46, 0xCE, 0x12, + 0xF8, 0x90, 0xD8, 0x5A, 0x93, 0x98, 0xA9, 0xED, + 0xFB, 0xF4, 0x6E, 0x73, 0x48, 0x81, 0x4A, 0x08, + 0x07, 0x29, 0xC8, 0x3E, 0x70, 0x4C, 0x40, 0x30, + 0x20, 0x2C, 0xF6, 0x1E, 0xCD, 0xEE, 0x27, 0x95, + 0xD5, 0x07, 0xAC, 0x28, 0x81, 0x4F, 0x53, 0xCD, + 0x06, 0x60, 0xA5, 0x57, 0x2C, 0xBE, 0x1A, 0xE5, + 0x33, 0x38, 0xB8, 0xEF, 0xDC, 0xA3, 0x1A, 0xA5, + 0xB9, 0x5A, 0xA9, 0xE7, 0x65, 0xAF, 0x4D, 0xA0, + 0x4C, 0x9B, 0x31, 0x62, 0x67, 0x7E, 0x41, 0xC0, + 0x18, 0xA5, 0xE1, 0x8A, 0xF2, 0xF9, 0x8A, 0xCA, + 0x14, 0x5C, 0xCD, 0x1B, 0x8F, 0x74, 0x31, 0x07, + 0x6A, 0x14, 0xA7, 0xC2, 0x0F, 0x6C, 0x72, 0xE8, + 0xEB, 0x97, 0x51, 0xB7, 0x89, 0x2E, 0x41, 0x01, + 0x54, 0x47, 0x63, 0x0E, 0xAA, 0x84, 0xB9, 0x60, + 0x1C, 0xB9, 0x54, 0xD8, 0x97, 0x39, 0x38, 0x9D, + 0x52, 0xBB, 0x91, 0xA9, 0x7F, 0x96, 0x08, 0x7C, + 0xB3, 0x8B, 0x0E, 0xAB, 0x59, 0xA7, 0x84, 0x68, + 0x34, 0x65, 0x55, 0xC7, 0x12, 0x84, 0xC2, 0xFB, + 0xBD, 0x27, 0x58, 0x18, 0xE9, 0x26, 0x73, 0xFA, + 0x42, 0xAB, 0x5E, 0x0D, 0x97, 0x76, 0x67, 0xA9, + 0x0F, 0x75, 0x92, 0x6C, 0x80, 0x76, 0x87, 0x75, + 0xD2, 0x3D, 0xFE, 0x0B, 0x33, 0x7B, 0x48, 0xB0, + 0xC8, 0x28, 0x1F, 0xE6, 0x3F, 0x18, 0xF2, 0x45, + 0xF8, 0x8F, 0x21, 0xE1, 0x1C, 0x56, 0xA5, 0x33, + 0x71, 0x88, 0x42, 0x5A, 0x34, 0x8B, 0x24, 0xDD, + 0x0E, 0x98, 0x30, 0xDB, 0x6B, 0x6C, 0x89, 0x64, + 0x8C, 0x7A, 0x63, 0x3C, 0xA9, 0xD8, 0x32, 0x51, + 0xD0, 0xC6, 0xF7, 0xA4, 0x53, 0x95, 0x0D, 0x02, + 0x19, 0x6A, 0x77, 0xBC, 0xDF, 0xD5, 0x2B, 0x2C, + 0x65, 0xC9, 0xBF, 0x72, 0x69, 0xC3, 0x0C, 0xEF, + 0x34, 0x75, 0x76, 0x29, 0x59, 0xBE, 0x9D, 0xE9, + 0x44, 0x21, 0x2F, 0x5F, 0xB7, 0x89, 0xA6, 0xCD, + 0x0A, 0x9A, 0x9E, 0x77, 0x5B, 0xBD, 0xDA, 0x03, + 0xA4, 0xBC, 0xFB, 0x47, 0xC1, 0x77, 0x73, 0x00, + 0x26, 0xAE, 0x2E, 0xFA, 0x62, 0x18, 0x9D, 0xB8, + 0xE2, 0xD3, 0x7A, 0xB9, 0xD8, 0xCF, 0xE9, 0x61, + 0x11, 0x80, 0xE9, 0xDC, 0xC3, 0x32, 0x9E, 0x63, + 0x6F, 0xD9, 0x42, 0xF6, 0x76, 0x7F, 0xBC, 0xBF, + 0xDB, 0x08, 0x2F, 0xA0, 0xEB, 0xB8, 0x4D, 0xF3, + 0x76, 0x62, 0xAA, 0xFA, 0x20, 0x4A, 0xDD, 0xE6, + 0xB3, 0x72, 0xC7, 0x7D, 0x36, 0x4F, 0x08, 0x56, + 0x4F, 0x19, 0xB2, 0xB0, 0x0C, 0x13, 0x1A, 0x8C, + 0xCE, 0x9A, 0x04, 0xB5, 0xB6, 0x9C, 0xD3, 0xD8, + 0xFE, 0x1F, 0x2C, 0xCC, 0x89, 0xEE, 0x7D, 0x22, + 0x8A, 0x4E, 0x0A, 0x91, 0x0C, 0x8B, 0x5A, 0xE0, + 0xBD, 0xE5, 0x3D, 0xBE, 0x90, 0x4B, 0x13, 0xA3, + 0x2F, 0x33, 0xE9, 0x9D, 0x6C, 0x67, 0x35, 0xBD, + 0x03, 0xD4, 0x09, 0x90, 0x2F, 0xC6, 0x3C, 0x8D, + 0xD8, 0x43, 0xFC, 0x1F, 0xB7, 0x49, 0xC0, 0xB7, + 0x38, 0x70, 0x1D, 0xEB, 0x5A, 0xD7, 0xAC, 0x07, + 0xAF, 0x5B, 0x93, 0xC5, 0x7B, 0x55, 0x65, 0x86, + 0x6E, 0xC1, 0xDB, 0xCD, 0x42, 0x92, 0x50, 0xDB, + 0xD1, 0x97, 0x95, 0x3D, 0x53, 0xC3, 0xFE, 0xC2, + 0xF9, 0x65, 0xF3, 0xD2, 0xEE, 0xA4, 0x7E, 0xDE, + 0xA1, 0x4B, 0x23, 0x7F, 0xA1, 0x0D, 0x25, 0x6E, + 0x80, 0x4F, 0xE3, 0xB5, 0x0C, 0xBA, 0x1C, 0x2B, + 0x42, 0x0B, 0x8F, 0xD9, 0xB6, 0x4E, 0x52, 0xD2, + 0xDB, 0x35, 0xD2, 0xA1, 0xC4, 0xE6, 0xD6, 0x51, + 0x76, 0xE7, 0x87, 0x5E, 0xBE, 0x93, 0xE6, 0x61, + 0x71, 0x4C, 0x8B, 0xA6, 0x96, 0xDA, 0xF7, 0xCB, + 0x06, 0xB7, 0xB8, 0xC4, 0xF6, 0xF5, 0xC6, 0x29, + 0xAA, 0xE1, 0x13, 0x87, 0x6F, 0x96, 0xBA, 0x0C, + 0xF6, 0x79, 0x8F, 0x03, 0x86, 0x22, 0xE3, 0xFB, + 0xCF, 0x86, 0xCF, 0x7C, 0x77, 0xFD, 0xB4, 0xEE, + 0xBD, 0x42, 0x38, 0x7F, 0xF2, 0xCC, 0xCB, 0x06, + 0xEA, 0x0D, 0x81, 0xA1, 0x8E, 0xB5, 0xE7, 0x40, + 0xC8, 0x03, 0xA3, 0x4B, 0xC8, 0xB4, 0x0E, 0x3E, + 0x36, 0xAB, 0x90, 0xC1, 0xFC, 0xB0, 0x37, 0x2B, + 0x83, 0xA1, 0x3D, 0x56, 0xD6, 0x83, 0x0F, 0x99, + 0xC4, 0x58, 0xB8, 0x94, 0x61, 0x19, 0xA6, 0x60, + 0x47, 0xCB, 0x2D, 0xAF, 0x29, 0x38, 0x90, 0xFA, + 0x99, 0x0F, 0x02, 0x02, 0x65, 0x90, 0x5F, 0xA2, + 0xA2, 0xE3, 0xBB, 0x34, 0x15, 0x2F, 0x0B, 0xF5, + 0xB2, 0xCC, 0x83, 0x59, 0xAF, 0xA7, 0x4D, 0x38, + 0xAD, 0xF6, 0x52, 0x5C, 0x53, 0xD9, 0x0E, 0x3F, + 0xD6, 0x53, 0x86, 0xE2, 0x79, 0xC2, 0x65, 0x48, + 0xB2, 0x67, 0x3B, 0xAF, 0x52, 0x53, 0x57, 0x9A, + 0x27, 0x80, 0x88, 0x37, 0x77, 0x67, 0x4E, 0x1F, + 0xF1, 0x7B, 0xC5, 0xCB, 0xD8, 0x11, 0x0A, 0xDD, + 0x92, 0x0E, 0x88, 0x6C, 0xCA, 0x33, 0x76, 0x3B, + 0x04, 0xFA, 0xC0, 0xFD, 0xC6, 0x3F, 0xB4, 0x72, + 0xC2, 0x2B, 0x6D, 0x5E, 0xB6, 0xA1, 0x4E, 0x5F, + 0xC0, 0x50, 0x16, 0xEF, 0xFE, 0x6A, 0x42, 0x72, + 0x65, 0x02, 0xEE, 0x07, 0xC6, 0x19, 0xC6, 0x95, + 0xDE, 0x3F, 0xD9, 0xC5, 0xC6, 0x0E, 0x70, 0x07, + 0x6A, 0xC3, 0x36, 0x1B, 0x84, 0x6F, 0xDF, 0x80, + 0x16, 0x4E, 0x86, 0x90, 0xC8, 0x55, 0x7B, 0xDD, + 0xC0, 0x86, 0x0C, 0x37, 0x47, 0x1F, 0x35, 0xF8, + 0x47, 0xF2, 0xCD, 0x96, 0x21, 0x64, 0xAD, 0x46, + 0xE1, 0xDF, 0x44, 0x79, 0x48, 0x02, 0xF9, 0x71, + 0x39, 0x35, 0x26, 0xFC, 0x12, 0x0D, 0x88, 0xAC, + 0xD6, 0xFA, 0x29, 0x74, 0x55, 0x51, 0xE7, 0xAF, + 0x3D, 0x7E, 0x1E, 0x7E, 0xE0, 0x18, 0xB6, 0x3C, + 0x4B, 0x99, 0x9D, 0x51, 0x02, 0x51, 0xD8, 0xE9, + 0xFA, 0x61, 0x88, 0x2E, 0xCF, 0x73, 0x77, 0x65, + 0x71, 0xAE, 0xAE, 0xD7, 0xA1, 0xF9, 0xE0, 0x7F, + 0x30, 0x46, 0xCB, 0x20, 0xEC, 0xF4, 0xD2, 0xC1, + 0x63, 0xF5, 0x6F, 0x8A, 0x72, 0xF9, 0x5B, 0x85, + 0xD2, 0xCA, 0x6D, 0x35, 0xD1, 0x17, 0xF6, 0x08, + 0x9E, 0x0A, 0x73, 0xB3, 0xDA, 0x1A, 0x32, 0xBA, + 0x23, 0x10, 0x4A, 0x5D, 0xD7, 0xAA, 0xB4, 0x68, + 0x97, 0x59, 0x45, 0xC5, 0x7C, 0x16, 0x6F, 0xE4, + 0x62, 0x89, 0xF1, 0xD3, 0xB4, 0x03, 0x90, 0x7B, + 0xA4, 0xA2, 0xCA, 0xA0, 0x5D, 0x69, 0x1B, 0xA9, + 0xBB, 0xEB, 0xA0, 0xE2, 0xDE, 0xBE, 0x0E, 0xC4, + 0x9E, 0x21, 0x38, 0x61, 0x92, 0x9B, 0xAB, 0x69, + 0xAA, 0xD0, 0x1D, 0xF6, 0xC3, 0xEE, 0xA6, 0xC3, + 0xF3, 0x29, 0x1B, 0xE5, 0x6E, 0x52, 0x89, 0xD0, + 0xBA, 0xD8, 0x60, 0x27, 0x80, 0x1A, 0xB5, 0x7F, + 0x7F, 0xB5, 0xC2, 0x5A, 0xC6, 0x83, 0xA4, 0xC0, + 0x88, 0x39, 0xF3, 0xE7, 0x39, 0xD6, 0x81, 0x1C, + 0x13, 0x20, 0xFD, 0x93, 0x3D, 0x8E, 0x79, 0x60, + 0x7C, 0xFF, 0xE4, 0x37, 0x5B, 0x33, 0xA3, 0x9D, + 0xB7, 0x57, 0xCD, 0x45, 0x0A, 0xB9, 0xE4, 0xF1, + 0xBC, 0x59, 0x74, 0xE8, 0xB3, 0x06, 0xD0, 0x9F, + 0x0F, 0xBC, 0x5B, 0x23, 0xB8, 0x6C, 0xD6, 0x4D, + 0xFA, 0xCC, 0x14, 0xAB, 0x74, 0x61, 0x1A, 0xFC, + 0x22, 0xA6, 0xED, 0x09, 0x76, 0x91, 0xD8, 0x6E, + 0x44, 0xB6, 0x00, 0x14, 0xDC, 0x74, 0x2D, 0x90, + 0xAA, 0x59, 0x98, 0x76, 0x30, 0xC5, 0x44, 0xA4, + 0x61, 0x43, 0xD6, 0xE2, 0x28, 0x28, 0xA7, 0xBD, + 0x6E, 0x50, 0x5C, 0xE1, 0x96, 0x7A, 0xF8, 0xA8, + 0x32, 0x8C, 0xE9, 0xFD, 0x11, 0x37, 0x91, 0xD1, + 0xAF, 0x3C, 0xD3, 0x1C, 0x1E, 0x88, 0x4D, 0x7E, + 0x87, 0x84, 0x84, 0x6F, 0x39, 0x0B, 0xFB, 0x2D, + 0xB3, 0x12, 0x4C, 0x6D, 0x45, 0xDD, 0xCD, 0x7D, + 0x75, 0xB7, 0xFE, 0x7E, 0x44, 0xCC, 0x29, 0xE5, + 0xB3, 0x10, 0xEE, 0x23, 0x55, 0x5B, 0xCF, 0xBA, + 0xBD, 0xA1, 0xBE, 0x64, 0xF8, 0x6E, 0x60, 0x31, + 0x0A, 0x2D, 0xC9, 0x3B, 0x1D, 0x44, 0xE1, 0x9D, + 0x60, 0x28, 0x77, 0xEE + }; + static const byte rnd_65[] = { + 0x4E, 0x7A, 0x01, 0x7C, 0x15, 0x03, 0x9D, 0xC2, + 0x00, 0x51, 0xD2, 0x96, 0x0E, 0x5E, 0x15, 0x59, + 0xCC, 0x27, 0xED, 0x46, 0x87, 0x7C, 0xB9, 0x81, + 0x16, 0x19, 0x9A, 0x0F, 0x41, 0x05, 0xFE, 0x32 + }; + static const byte sig_65[] = { + 0xB8, 0x65, 0xB0, 0x0B, 0x21, 0x18, 0xDB, 0xB0, + 0x0B, 0x70, 0x1C, 0x66, 0x45, 0x65, 0x5E, 0x8A, + 0xCF, 0xA8, 0x4E, 0xA7, 0x92, 0xB4, 0x48, 0x64, + 0x2E, 0x18, 0x32, 0xC3, 0x70, 0x7C, 0x87, 0xCF, + 0x09, 0xFB, 0xE7, 0x72, 0xF1, 0xD4, 0x38, 0x5B, + 0xFB, 0xE5, 0xE6, 0xCF, 0xBB, 0xE2, 0x6C, 0x10, + 0xED, 0x6E, 0xB8, 0x65, 0xC8, 0x87, 0xF8, 0x69, + 0x39, 0x43, 0x9A, 0x9B, 0xF7, 0x68, 0xBF, 0x03, + 0x9D, 0x73, 0xE3, 0xEA, 0x83, 0xBD, 0xF1, 0x85, + 0x03, 0xB5, 0xD1, 0xB3, 0x91, 0x79, 0xA8, 0x27, + 0xB0, 0xD7, 0x80, 0x5F, 0x98, 0x42, 0x8B, 0xD8, + 0x7C, 0xEA, 0x6B, 0x06, 0x96, 0x0C, 0x78, 0xB4, + 0xB5, 0x86, 0xFB, 0x0D, 0x5E, 0xDA, 0x9F, 0xAA, + 0xC0, 0x25, 0x6E, 0x38, 0x82, 0x35, 0x62, 0xA3, + 0x07, 0x96, 0x61, 0x17, 0x00, 0x5A, 0xA4, 0x2F, + 0x1B, 0x65, 0x54, 0xA0, 0x48, 0x75, 0xF8, 0x5C, + 0x2E, 0x3F, 0xAF, 0xA6, 0x52, 0x47, 0x1D, 0x4E, + 0x98, 0x06, 0x54, 0x82, 0xFC, 0x7D, 0xF4, 0x9B, + 0x2C, 0x40, 0xD0, 0xE7, 0xB9, 0x82, 0x38, 0xDF, + 0xBE, 0x85, 0x3D, 0x16, 0xBF, 0x99, 0x92, 0xBB, + 0x08, 0xC1, 0x92, 0x59, 0xF9, 0xB5, 0x75, 0xEA, + 0x7A, 0x4A, 0x80, 0x09, 0x3A, 0x64, 0xA9, 0x26, + 0x71, 0x85, 0x7A, 0x50, 0x89, 0x20, 0xD6, 0x0F, + 0xF6, 0xFB, 0xF3, 0x83, 0x41, 0xC5, 0x59, 0x01, + 0x05, 0x63, 0x3A, 0x42, 0x6D, 0x60, 0x2D, 0xAC, + 0x06, 0x4D, 0xD7, 0xA7, 0xF1, 0x1A, 0x60, 0x21, + 0x5C, 0x35, 0xB7, 0xB9, 0xC0, 0x0E, 0x9D, 0x84, + 0x63, 0x98, 0x8C, 0xF4, 0x72, 0xCD, 0x6A, 0xCF, + 0xB7, 0xF7, 0x22, 0xB8, 0xC4, 0xC6, 0x27, 0x02, + 0x60, 0x7A, 0x67, 0x48, 0x80, 0xAC, 0xB3, 0xD6, + 0xC6, 0x25, 0x3E, 0x71, 0x17, 0x5A, 0x05, 0xB3, + 0x92, 0xCA, 0xB4, 0xBB, 0x14, 0xCE, 0x86, 0xA5, + 0x98, 0xAB, 0xC7, 0x88, 0xD0, 0xFF, 0x4D, 0x82, + 0x77, 0x5E, 0x4E, 0xA0, 0xFC, 0x36, 0x36, 0x3C, + 0xD0, 0xE9, 0x7B, 0x78, 0xA6, 0xAE, 0x4D, 0xA8, + 0xE9, 0x8C, 0xA6, 0x12, 0x77, 0x2D, 0x56, 0xB5, + 0x82, 0xF8, 0x2C, 0x07, 0x09, 0xBE, 0xAE, 0x46, + 0x67, 0x3B, 0xDD, 0x80, 0x42, 0x86, 0x5C, 0xFA, + 0x95, 0xBF, 0x53, 0x38, 0xCF, 0xEA, 0x60, 0x6A, + 0x6E, 0xF3, 0x16, 0x38, 0x46, 0xAE, 0x83, 0xB2, + 0x5E, 0x5F, 0x5B, 0xD3, 0x1C, 0x83, 0xF1, 0x36, + 0x72, 0x9A, 0x8E, 0xA6, 0x27, 0x4F, 0x99, 0x4F, + 0xA9, 0x04, 0x5F, 0xA8, 0xA9, 0x0F, 0xF8, 0x54, + 0xB8, 0x71, 0xCF, 0x82, 0xE2, 0xB7, 0x01, 0xE8, + 0xF4, 0xAC, 0x04, 0xFE, 0x9E, 0x28, 0x49, 0x1B, + 0x9A, 0x25, 0xFF, 0x26, 0x3E, 0x2C, 0xF7, 0x54, + 0x99, 0xE0, 0x09, 0xFD, 0x02, 0x29, 0xFB, 0xF7, + 0xE5, 0xE4, 0x60, 0x44, 0x34, 0x4B, 0x07, 0xD7, + 0x22, 0x14, 0xA9, 0xAC, 0xB4, 0xFF, 0x61, 0x02, + 0xAB, 0xC1, 0x26, 0x2B, 0xC2, 0xE1, 0xCD, 0x24, + 0x91, 0x60, 0x7A, 0xE7, 0xAA, 0xEC, 0xF4, 0xC3, + 0x51, 0x75, 0xCF, 0xA4, 0x38, 0x3A, 0xA8, 0x6A, + 0xF1, 0xE6, 0x2E, 0xD0, 0x63, 0x87, 0xCC, 0x59, + 0x48, 0x36, 0x46, 0x7F, 0x41, 0xDF, 0xCA, 0x8F, + 0xA0, 0xCA, 0x71, 0x28, 0x0B, 0xFB, 0x1C, 0x25, + 0x60, 0xC8, 0x99, 0x55, 0x36, 0xF8, 0x42, 0x74, + 0x70, 0x45, 0x59, 0x14, 0x53, 0x74, 0x5F, 0x26, + 0x03, 0x82, 0xE3, 0xDA, 0x50, 0x79, 0x3F, 0xD7, + 0xCA, 0x76, 0x27, 0x18, 0x5D, 0xBD, 0xCE, 0xDD, + 0xF6, 0x9B, 0x2D, 0x3E, 0x15, 0x1C, 0x7F, 0x97, + 0x28, 0x8A, 0x38, 0x2A, 0x92, 0xB0, 0x50, 0xF7, + 0x91, 0xF9, 0x58, 0x7D, 0x77, 0xC6, 0x4D, 0x8B, + 0x5D, 0x40, 0xAA, 0x19, 0x9D, 0x49, 0x66, 0xBE, + 0x2D, 0x52, 0x4F, 0x96, 0x10, 0xF2, 0xFA, 0x02, + 0xED, 0x23, 0x17, 0x63, 0x69, 0xDB, 0x93, 0x93, + 0x50, 0xDA, 0x60, 0x1E, 0xA6, 0x67, 0x70, 0x95, + 0x2E, 0x0F, 0x23, 0xED, 0xA6, 0x8A, 0x73, 0x75, + 0x6E, 0xFF, 0x61, 0x0E, 0x8D, 0x6A, 0x9F, 0x49, + 0x34, 0x56, 0x58, 0x54, 0x42, 0x82, 0x45, 0x3B, + 0x5E, 0x73, 0xA3, 0x22, 0xA0, 0x32, 0x67, 0xC9, + 0x69, 0xB5, 0x07, 0x34, 0xF2, 0xEC, 0xD4, 0xEC, + 0x90, 0x55, 0x76, 0x0D, 0x92, 0x86, 0x10, 0xE9, + 0x4E, 0x0B, 0x16, 0x28, 0xD6, 0xAF, 0x1B, 0x27, + 0xAB, 0x13, 0x82, 0x9F, 0x7F, 0x8E, 0xF5, 0x0D, + 0x9E, 0x29, 0x96, 0xFC, 0x64, 0xB0, 0x6A, 0xC8, + 0x94, 0x61, 0x14, 0x76, 0x6D, 0xAD, 0x8D, 0xFF, + 0xE6, 0x34, 0xF4, 0x7E, 0x9D, 0x85, 0x69, 0x96, + 0x6C, 0x6F, 0x69, 0x68, 0x21, 0x8C, 0x5B, 0x86, + 0x33, 0x61, 0x1B, 0xF4, 0x2B, 0x4F, 0xC0, 0xE7, + 0x8D, 0x0C, 0x02, 0x9E, 0xAB, 0x85, 0xF2, 0x2F, + 0x16, 0x17, 0x19, 0x80, 0xCC, 0x65, 0xF2, 0x84, + 0x45, 0xA1, 0x1A, 0x08, 0x3A, 0xA0, 0x29, 0x77, + 0xC2, 0xE8, 0x88, 0x6E, 0xD2, 0x70, 0x67, 0x2E, + 0x51, 0x2A, 0xE8, 0x9C, 0x6A, 0x26, 0xFC, 0xAD, + 0x1E, 0xC7, 0x2B, 0x9E, 0xCF, 0xA5, 0xA5, 0xEF, + 0xC7, 0x0F, 0xF0, 0xBA, 0xB2, 0x8F, 0x11, 0x4F, + 0x4D, 0xA8, 0x17, 0x0F, 0xE8, 0xB6, 0x3C, 0x2E, + 0x11, 0xBE, 0x7A, 0x35, 0x46, 0x6E, 0x97, 0x9A, + 0x12, 0x7E, 0xC0, 0xD2, 0x03, 0x23, 0xD5, 0x02, + 0x73, 0x0A, 0xBC, 0xE6, 0x40, 0xA2, 0x44, 0x1C, + 0xDD, 0xAB, 0xA3, 0x26, 0xD6, 0x78, 0x3D, 0x01, + 0x92, 0xDB, 0xA9, 0xE9, 0x3F, 0xE5, 0x07, 0xC6, + 0xA7, 0x37, 0x67, 0xBE, 0x56, 0xE2, 0x77, 0x65, + 0x76, 0xEF, 0xEF, 0xF1, 0xCA, 0x17, 0x9D, 0x83, + 0x34, 0x3E, 0x38, 0xC6, 0xA9, 0xC2, 0xFE, 0x72, + 0x5D, 0xDE, 0x80, 0x7D, 0x21, 0x72, 0x5E, 0x73, + 0x08, 0x72, 0xE2, 0xAB, 0x3D, 0x90, 0x11, 0x61, + 0xF4, 0x55, 0xBC, 0xAD, 0x23, 0xA8, 0x43, 0x3A, + 0x41, 0x31, 0x51, 0xFD, 0x22, 0x17, 0x14, 0x31, + 0x0E, 0x4D, 0x0B, 0x6A, 0x1E, 0x1B, 0x2C, 0xAC, + 0xA4, 0x99, 0xEE, 0xE8, 0x05, 0xA1, 0x64, 0xF2, + 0x91, 0xD5, 0x07, 0x5E, 0x6B, 0x65, 0xA7, 0x9C, + 0x2B, 0xCA, 0xD9, 0x17, 0xB1, 0x22, 0xFE, 0x1A, + 0xC4, 0xFB, 0xB4, 0x10, 0x21, 0x1B, 0xA0, 0xA1, + 0x99, 0x7A, 0x31, 0x30, 0x7C, 0x01, 0xF0, 0xFE, + 0xD3, 0xB3, 0x14, 0x3D, 0x28, 0x34, 0x0F, 0xAC, + 0xF0, 0x93, 0x37, 0xC4, 0xEF, 0x04, 0x74, 0x80, + 0xA2, 0x90, 0xAE, 0x02, 0xB2, 0xF7, 0xD8, 0x7B, + 0x8C, 0x29, 0xA0, 0xAE, 0xAE, 0x2E, 0x92, 0xC9, + 0xC5, 0x44, 0x7D, 0x66, 0xC5, 0x5C, 0x1D, 0x1E, + 0x25, 0x88, 0x5D, 0x10, 0x37, 0xFB, 0x5F, 0xCC, + 0x80, 0x15, 0x4F, 0x1D, 0x23, 0xB4, 0xF2, 0x7B, + 0x5B, 0xAC, 0x89, 0xBE, 0x1C, 0x36, 0x3C, 0xFF, + 0x8E, 0xA7, 0x58, 0x73, 0xAC, 0x3F, 0x63, 0x33, + 0xE8, 0x6C, 0x53, 0xEC, 0xA5, 0x5D, 0xBE, 0xD5, + 0xE1, 0xF1, 0x12, 0x6B, 0x12, 0x78, 0xC7, 0x29, + 0xC9, 0xA8, 0x4C, 0x4A, 0x1B, 0x7F, 0x15, 0x11, + 0x93, 0x01, 0xC8, 0x0B, 0xE2, 0x2F, 0xE9, 0xBE, + 0xBA, 0x17, 0x59, 0x45, 0xB2, 0x61, 0x2B, 0x66, + 0xDD, 0xCE, 0xDF, 0x9A, 0x2A, 0x4D, 0x5F, 0x24, + 0xF9, 0x02, 0xBB, 0xA6, 0x8D, 0xA7, 0x5D, 0x95, + 0x97, 0x2E, 0x28, 0xD6, 0xCB, 0x70, 0x17, 0xCA, + 0x51, 0xED, 0x58, 0x73, 0xAB, 0x03, 0xDD, 0x2E, + 0x92, 0x6C, 0x15, 0x64, 0x2C, 0x9D, 0x6E, 0x64, + 0x27, 0xFC, 0xE8, 0x0F, 0xC3, 0x8B, 0x34, 0xFE, + 0xB3, 0xC1, 0x55, 0x13, 0xA6, 0x87, 0xC3, 0x5B, + 0x94, 0xEB, 0x83, 0xE4, 0xAB, 0x3E, 0x18, 0x76, + 0x67, 0x92, 0x70, 0xF5, 0xA9, 0x8F, 0x18, 0xA6, + 0x5F, 0x57, 0x41, 0x76, 0x55, 0xFD, 0xA9, 0x99, + 0x4E, 0x8F, 0xCC, 0x61, 0x6C, 0x6C, 0x60, 0x06, + 0x10, 0x40, 0x26, 0xD6, 0xCD, 0x7A, 0xA0, 0x56, + 0x3D, 0x51, 0x07, 0x25, 0x76, 0x00, 0x05, 0xF5, + 0xFD, 0x39, 0xE7, 0x59, 0x24, 0x90, 0x29, 0xF0, + 0x3D, 0x9F, 0x00, 0x67, 0x10, 0x3F, 0xA0, 0x45, + 0x21, 0x14, 0xDF, 0x24, 0x40, 0xE8, 0xC6, 0xDB, + 0x65, 0xE2, 0x39, 0x56, 0xEB, 0x1B, 0xEE, 0xB2, + 0xC3, 0x4E, 0x5B, 0x20, 0xAC, 0x31, 0x6A, 0x03, + 0xA9, 0x54, 0x36, 0x66, 0x62, 0x68, 0xC3, 0xD8, + 0x22, 0x8F, 0x62, 0xEB, 0x56, 0x67, 0xB3, 0xB6, + 0xBB, 0x85, 0x7D, 0xD0, 0x73, 0x7B, 0x69, 0x05, + 0x1E, 0x9F, 0x26, 0xEE, 0x02, 0x36, 0x71, 0xCE, + 0xAD, 0xFA, 0xCA, 0xF9, 0x49, 0x7F, 0x1A, 0xDE, + 0x58, 0x7A, 0x69, 0x3E, 0xEF, 0xFB, 0xFC, 0xD5, + 0x50, 0xEC, 0x20, 0x8C, 0x23, 0x56, 0x91, 0xE8, + 0xE3, 0x66, 0xD9, 0x65, 0xB6, 0x2B, 0xEC, 0x16, + 0xA6, 0x61, 0xCD, 0x5D, 0xE2, 0x87, 0x93, 0x22, + 0x0D, 0x66, 0xF2, 0x64, 0x55, 0x05, 0xB8, 0x52, + 0x41, 0x2F, 0xAE, 0x7B, 0x9D, 0x98, 0x29, 0xBF, + 0x61, 0x5F, 0x7C, 0xBD, 0x59, 0xA7, 0xBC, 0x1D, + 0x03, 0x4E, 0x6A, 0x25, 0x52, 0x9C, 0xFB, 0x48, + 0x6A, 0xF2, 0x01, 0xDE, 0xB7, 0xEA, 0x95, 0xBA, + 0x70, 0x8A, 0x31, 0x59, 0x17, 0x16, 0x74, 0x34, + 0x53, 0x09, 0xDB, 0x81, 0x50, 0xE6, 0x7E, 0xBB, + 0x30, 0xA7, 0xFF, 0x80, 0xCA, 0xC9, 0xAB, 0x13, + 0x92, 0x50, 0x0A, 0x83, 0xE6, 0x3B, 0xBF, 0x7C, + 0x42, 0xEB, 0x94, 0x53, 0xC2, 0xC9, 0xAC, 0xDA, + 0x02, 0xBE, 0x53, 0x82, 0x34, 0xAA, 0xA7, 0xDB, + 0x5A, 0x7F, 0x58, 0x8F, 0xC9, 0x1B, 0x90, 0xEE, + 0x24, 0x77, 0xF2, 0xB6, 0x1C, 0xD1, 0x06, 0x2A, + 0x7E, 0xF1, 0xE6, 0xE4, 0xDC, 0x54, 0xB3, 0x6D, + 0x0E, 0x19, 0x93, 0x3E, 0x98, 0x1C, 0xB7, 0x63, + 0xA9, 0xE1, 0x07, 0xE0, 0x1D, 0xA9, 0x42, 0x0F, + 0x82, 0xCA, 0x79, 0x35, 0x92, 0xA4, 0x7C, 0x4B, + 0x97, 0x7F, 0xF2, 0xC8, 0x84, 0x98, 0xDA, 0x95, + 0xC4, 0x3D, 0x23, 0x2F, 0x42, 0xAF, 0x99, 0x48, + 0x0B, 0xF0, 0xA4, 0xF8, 0xB7, 0xC4, 0x94, 0x9D, + 0x1A, 0xE1, 0xD4, 0xFA, 0x8E, 0x1D, 0x1A, 0x8C, + 0xD0, 0xF9, 0xED, 0x00, 0xDA, 0x59, 0x5E, 0xFD, + 0x2B, 0x76, 0x6F, 0x0B, 0x79, 0xD4, 0x49, 0x0D, + 0xB9, 0x28, 0xEC, 0x44, 0xB5, 0x03, 0x0A, 0x74, + 0xCA, 0x42, 0x81, 0x1A, 0x5B, 0x5A, 0xE5, 0x22, + 0xC7, 0x76, 0x4D, 0xDF, 0xD9, 0xFD, 0x92, 0xF0, + 0x06, 0xE9, 0x4B, 0x35, 0xA7, 0xEF, 0x01, 0x42, + 0xDA, 0x71, 0x78, 0xC2, 0xF5, 0x30, 0x74, 0xD0, + 0x74, 0x51, 0xB1, 0x55, 0x65, 0xA9, 0xE0, 0xC5, + 0x7E, 0xA1, 0xB9, 0x4C, 0x88, 0xEA, 0xE7, 0x41, + 0xB1, 0xF5, 0x01, 0xC4, 0xD3, 0x70, 0x72, 0x7D, + 0xAD, 0x27, 0x65, 0xF7, 0x95, 0xAD, 0x41, 0x46, + 0x35, 0x80, 0x0E, 0xC1, 0x94, 0x9D, 0x03, 0x71, + 0x39, 0xDE, 0x26, 0xAF, 0xCF, 0x93, 0x3D, 0x9A, + 0x09, 0xC1, 0x27, 0xFC, 0x6B, 0x36, 0xE5, 0x18, + 0xC6, 0xDE, 0x94, 0x92, 0xBA, 0x70, 0x82, 0x7B, + 0x68, 0x1C, 0x2D, 0x18, 0xA4, 0x01, 0x23, 0xB6, + 0xC5, 0xF6, 0x17, 0x37, 0xCB, 0x9D, 0xC6, 0xAA, + 0x9C, 0xE1, 0x7D, 0x16, 0x8E, 0xBB, 0xDD, 0xD6, + 0x3C, 0x07, 0x60, 0x19, 0x3C, 0x97, 0x49, 0x33, + 0xDB, 0x47, 0x4A, 0xA8, 0x9A, 0xF3, 0x0E, 0x16, + 0x29, 0x38, 0xF6, 0xDB, 0x78, 0x65, 0xDE, 0x23, + 0x1F, 0x86, 0x16, 0x9C, 0x9E, 0x2A, 0x30, 0x2F, + 0xC4, 0x1F, 0x1B, 0xE5, 0xF3, 0x6C, 0x55, 0x83, + 0xFC, 0xD9, 0x1E, 0x21, 0xCB, 0x8A, 0x67, 0x57, + 0xD3, 0x0A, 0x4B, 0xAC, 0xDB, 0x67, 0xE7, 0xA6, + 0x1B, 0x0C, 0x8E, 0x21, 0x7E, 0x0C, 0xCB, 0xF5, + 0x0E, 0xA6, 0x42, 0xCD, 0xE3, 0xFC, 0x74, 0xC7, + 0xF9, 0xFF, 0xBD, 0xA9, 0xA1, 0xE6, 0x84, 0xBB, + 0xC9, 0xA8, 0xF7, 0xCD, 0x3F, 0x1B, 0xD0, 0xDB, + 0x63, 0xDD, 0xDF, 0x4E, 0xA4, 0x79, 0xC2, 0x35, + 0x65, 0x2C, 0x5D, 0xCB, 0xCA, 0x7B, 0xDD, 0x4E, + 0x2F, 0x33, 0xE8, 0x71, 0x72, 0xC1, 0x8B, 0x5F, + 0xF3, 0x90, 0x99, 0x40, 0x8D, 0x27, 0x2F, 0xD0, + 0xFB, 0x0D, 0x6A, 0x23, 0xB1, 0x43, 0x00, 0xDF, + 0xC6, 0x4C, 0x02, 0x74, 0x3E, 0x52, 0x36, 0x08, + 0xE9, 0x73, 0x61, 0x3D, 0xCA, 0xAC, 0x9D, 0x1D, + 0x14, 0xB3, 0xA6, 0x24, 0x0E, 0xC2, 0xF2, 0x29, + 0x39, 0x91, 0xF6, 0x90, 0x6A, 0xE3, 0x6C, 0x04, + 0x69, 0xF3, 0x09, 0x11, 0x34, 0x8E, 0xC1, 0x2D, + 0xDB, 0xA6, 0xC3, 0xCA, 0x19, 0xBC, 0x69, 0x5F, + 0xCD, 0x16, 0xE5, 0xAE, 0xF2, 0xAD, 0x7C, 0x73, + 0x25, 0x15, 0x70, 0xB5, 0xD0, 0x49, 0xA6, 0xC3, + 0xA5, 0x2F, 0xA3, 0xFC, 0x9E, 0xD5, 0x4E, 0x54, + 0x97, 0x3A, 0xE7, 0x89, 0xB0, 0xBF, 0xD6, 0xF8, + 0xCC, 0x26, 0x44, 0xA9, 0xF8, 0x5A, 0xCE, 0x06, + 0x78, 0xD8, 0x9E, 0xFC, 0x12, 0xB6, 0x11, 0xC3, + 0xDF, 0xAE, 0x3F, 0x94, 0x50, 0x34, 0xB8, 0x99, + 0xBE, 0x99, 0xA7, 0x32, 0x88, 0x9F, 0x17, 0xD2, + 0x08, 0xDC, 0xD7, 0xEE, 0x95, 0x9D, 0x1A, 0xC7, + 0x61, 0xDB, 0xA4, 0x86, 0x4C, 0x14, 0xB0, 0xA3, + 0x5E, 0x4C, 0x7B, 0xBD, 0xA0, 0x96, 0xFB, 0x8A, + 0xB3, 0x22, 0x69, 0x26, 0xC8, 0x9E, 0x7C, 0xDA, + 0x92, 0x9E, 0xF1, 0x30, 0xC6, 0x92, 0xC9, 0x26, + 0x59, 0xE6, 0xF4, 0x65, 0x2B, 0xF2, 0x15, 0x63, + 0x61, 0xC7, 0x7D, 0xBE, 0xEF, 0x5A, 0x06, 0x23, + 0xA0, 0x67, 0x04, 0x99, 0x0E, 0x19, 0x8A, 0x13, + 0x67, 0x30, 0x54, 0x32, 0x4B, 0xBB, 0xAA, 0x64, + 0x36, 0x92, 0xF2, 0x43, 0xD6, 0x7C, 0x1B, 0x4F, + 0x95, 0xB9, 0x28, 0xAC, 0xF1, 0x68, 0x6F, 0x60, + 0xC1, 0x44, 0x87, 0xD6, 0xDD, 0x7F, 0x88, 0x01, + 0xEF, 0x20, 0x93, 0x9E, 0x03, 0xA1, 0xCA, 0x7D, + 0x74, 0x32, 0xDC, 0xF5, 0x95, 0xF1, 0xE9, 0xED, + 0xF2, 0xB2, 0x93, 0x57, 0xA1, 0xD4, 0xC7, 0xDA, + 0x33, 0x51, 0x2C, 0x45, 0x1A, 0x7C, 0x66, 0x04, + 0x38, 0x2D, 0x90, 0xC3, 0x30, 0x79, 0xD9, 0x57, + 0x38, 0xE4, 0x71, 0x89, 0xD8, 0x54, 0x9E, 0x43, + 0xD2, 0x94, 0xE7, 0x3D, 0x1C, 0xA7, 0x48, 0x7B, + 0x50, 0xD0, 0xED, 0x7C, 0xC6, 0xF9, 0x6B, 0xEE, + 0xA7, 0x6C, 0xCE, 0xB9, 0x6D, 0x37, 0x92, 0x00, + 0x4E, 0xB3, 0xE5, 0x49, 0x16, 0x35, 0xA6, 0x7F, + 0x6F, 0xFA, 0x1F, 0x1D, 0xF6, 0xA1, 0xF2, 0xFD, + 0xEE, 0x77, 0x84, 0x17, 0x80, 0xAE, 0x08, 0x09, + 0xD2, 0x92, 0xED, 0x7B, 0x00, 0xF4, 0x2D, 0x80, + 0x91, 0x19, 0x09, 0xB5, 0x1C, 0x9A, 0x3A, 0xE5, + 0x4B, 0x7A, 0x6D, 0x7D, 0x29, 0xD2, 0x00, 0x05, + 0x22, 0xD4, 0xF8, 0x76, 0xE2, 0x5C, 0x0D, 0x6A, + 0x15, 0x77, 0x22, 0x18, 0x85, 0xFD, 0x30, 0x74, + 0xF3, 0x3B, 0xDC, 0xD9, 0x6C, 0xDE, 0x80, 0x40, + 0x4A, 0x37, 0xE1, 0x60, 0x9F, 0x26, 0xCF, 0xBE, + 0x24, 0xA1, 0xFB, 0xF9, 0x76, 0x2A, 0x1A, 0x23, + 0x32, 0xE7, 0xA2, 0xD8, 0x2D, 0xF9, 0xD2, 0x0F, + 0x08, 0x3A, 0xDB, 0x35, 0x35, 0x33, 0x59, 0x0B, + 0xB1, 0xF9, 0x54, 0x33, 0x49, 0x36, 0x9E, 0x21, + 0xEC, 0xF5, 0x94, 0xE2, 0x78, 0x07, 0xA5, 0x63, + 0x50, 0xD6, 0x23, 0x84, 0xDE, 0xAD, 0xA7, 0x89, + 0xBE, 0x92, 0xF0, 0x12, 0xC1, 0xF8, 0xA7, 0x2D, + 0x8B, 0xE0, 0x79, 0xF8, 0xD7, 0xBD, 0x04, 0x0B, + 0xC5, 0xF2, 0x23, 0x36, 0x11, 0x6D, 0x6F, 0x37, + 0xDB, 0xFB, 0xD2, 0xC7, 0x44, 0xC3, 0xAE, 0x78, + 0xEC, 0xB4, 0xE0, 0x5A, 0x55, 0xB3, 0xFC, 0xC3, + 0x1B, 0x8C, 0xA6, 0xDB, 0xE8, 0x95, 0x72, 0x44, + 0x90, 0x8F, 0x4E, 0xD1, 0xD3, 0x46, 0x6C, 0x9E, + 0x00, 0xC6, 0xCC, 0xAE, 0xFC, 0x95, 0x4D, 0x85, + 0x7C, 0x65, 0x5F, 0x74, 0x71, 0xE3, 0x80, 0x88, + 0xCF, 0x1E, 0xB8, 0xBE, 0xED, 0x8D, 0xC4, 0xFB, + 0x3E, 0x36, 0xF3, 0xB8, 0x42, 0x1F, 0x37, 0x31, + 0x8D, 0xA2, 0x35, 0x36, 0x9E, 0x92, 0x3D, 0xD8, + 0xEA, 0xA7, 0xA2, 0x29, 0x0E, 0x14, 0xBF, 0x59, + 0x1E, 0x1D, 0x98, 0x27, 0x30, 0x3B, 0xF3, 0x57, + 0x69, 0x75, 0xCC, 0x3A, 0xB3, 0x49, 0x99, 0x70, + 0x19, 0x50, 0xAB, 0xF6, 0x7F, 0xF6, 0x55, 0x1A, + 0xCA, 0x2D, 0xA0, 0x73, 0x50, 0xE0, 0x9C, 0xEE, + 0x07, 0xEC, 0x37, 0x26, 0x6B, 0xAA, 0xA5, 0x34, + 0xFD, 0x7B, 0x1A, 0x92, 0x4E, 0xE7, 0x36, 0x1A, + 0xEB, 0x35, 0xCC, 0x5A, 0x5C, 0x06, 0x7F, 0x77, + 0xCE, 0x52, 0x33, 0x57, 0x73, 0x9D, 0xEC, 0x2D, + 0x28, 0x0C, 0xC9, 0xBF, 0x06, 0x9E, 0xA7, 0x7C, + 0x36, 0xF9, 0x0B, 0xC6, 0x7F, 0x0F, 0x66, 0x24, + 0x65, 0x2D, 0x30, 0x2B, 0xD7, 0x7F, 0x07, 0xD3, + 0x57, 0xC8, 0x4B, 0xC3, 0x0C, 0xA3, 0x5B, 0xAA, + 0xAF, 0xEA, 0xF3, 0xA3, 0x9E, 0x9E, 0xD4, 0x63, + 0xCD, 0x82, 0x8B, 0xBC, 0x5D, 0xEF, 0xE6, 0x2A, + 0x4D, 0x5B, 0x95, 0x13, 0x17, 0x98, 0xD3, 0x67, + 0x66, 0x04, 0x9E, 0x71, 0x71, 0xE6, 0xBD, 0x44, + 0x15, 0x6B, 0x29, 0x76, 0xE4, 0x62, 0x01, 0x99, + 0xEB, 0xF4, 0x2E, 0x14, 0x29, 0x0D, 0xBF, 0x8A, + 0x02, 0x30, 0x4A, 0xE7, 0x0D, 0x25, 0x42, 0x9E, + 0xD7, 0x0C, 0xAD, 0x30, 0xC6, 0xA3, 0x49, 0xF9, + 0x90, 0x0C, 0x46, 0x5B, 0x77, 0x67, 0x5F, 0x0B, + 0xE9, 0xA9, 0xFE, 0xFA, 0xC8, 0x5F, 0x19, 0xF7, + 0x35, 0x09, 0xF7, 0xB5, 0x6D, 0x51, 0x32, 0x17, + 0xBE, 0xE6, 0xC3, 0xBE, 0x4A, 0x9A, 0x33, 0xDA, + 0xC6, 0x90, 0xB7, 0xA7, 0x6F, 0x97, 0x9E, 0xD5, + 0x80, 0xE5, 0x02, 0x9E, 0x58, 0xD6, 0x45, 0x34, + 0x4D, 0x61, 0x71, 0x19, 0x07, 0x69, 0x1F, 0xAF, + 0xFF, 0x9F, 0xDE, 0x97, 0x13, 0xA1, 0xDF, 0x47, + 0x0E, 0x8B, 0xD6, 0xD0, 0x75, 0x40, 0x08, 0x59, + 0x7D, 0xFB, 0x74, 0x74, 0xF2, 0x48, 0xF4, 0x23, + 0x1B, 0x5E, 0x18, 0x4E, 0x2D, 0x2D, 0xC5, 0x40, + 0xD0, 0x90, 0x4F, 0x95, 0x69, 0xC4, 0xDA, 0xFB, + 0x39, 0x4B, 0x12, 0x7D, 0x22, 0x1E, 0x9A, 0x68, + 0x5B, 0x68, 0x2E, 0x47, 0x23, 0xB9, 0x6A, 0xBF, + 0xF7, 0xE2, 0x56, 0x79, 0xDD, 0x7A, 0x72, 0xF9, + 0x5F, 0x20, 0x6B, 0x29, 0x56, 0xEE, 0x04, 0x11, + 0x4C, 0x16, 0x34, 0x04, 0x14, 0x54, 0xB5, 0x21, + 0xAA, 0x6A, 0x46, 0x40, 0xE4, 0xF1, 0x78, 0x7C, + 0x50, 0xF3, 0x4D, 0xBC, 0x57, 0x34, 0x7C, 0x6A, + 0xBD, 0x9B, 0xEF, 0x03, 0x80, 0x7D, 0xAB, 0x20, + 0x0F, 0x77, 0x87, 0x6F, 0x93, 0xFB, 0x24, 0x20, + 0x82, 0xC7, 0x7E, 0xFB, 0x43, 0x2D, 0xC6, 0xD4, + 0xE9, 0x27, 0x8C, 0x66, 0xA8, 0x5A, 0x58, 0xC8, + 0xD8, 0x9A, 0xA8, 0x50, 0x5F, 0x3A, 0x3D, 0x0B, + 0xC3, 0x4F, 0xCE, 0x94, 0xE0, 0x0D, 0x16, 0xCB, + 0x20, 0xE0, 0xF5, 0x1A, 0x13, 0x6E, 0x28, 0xA6, + 0x42, 0xB2, 0xB1, 0x30, 0x1D, 0x56, 0x28, 0xCD, + 0xF3, 0x4E, 0xA7, 0x3E, 0x74, 0x04, 0x7D, 0xA5, + 0x86, 0xD9, 0x1A, 0xDF, 0x07, 0xBC, 0x2C, 0x59, + 0xB1, 0x91, 0x6D, 0x9B, 0xA2, 0xD0, 0x72, 0xE7, + 0xA5, 0x56, 0x4A, 0x27, 0x56, 0x1F, 0x65, 0xCD, + 0x90, 0x7B, 0xB7, 0x5A, 0x51, 0x25, 0x75, 0x1B, + 0xD9, 0xD4, 0xC7, 0x19, 0x8A, 0xB0, 0x3D, 0x38, + 0x22, 0x61, 0xCF, 0xD9, 0x66, 0xED, 0xF5, 0xB8, + 0xF5, 0x86, 0xFF, 0x98, 0x1A, 0xB7, 0xFB, 0x67, + 0xED, 0x25, 0x52, 0xD9, 0x2F, 0x84, 0xDC, 0x96, + 0x89, 0x2C, 0x52, 0xCF, 0x5F, 0xA0, 0xEA, 0xD0, + 0xB3, 0x38, 0x98, 0xFC, 0xD7, 0x50, 0x84, 0xCF, + 0xA5, 0xE9, 0x53, 0x8B, 0x44, 0x38, 0xB5, 0x7D, + 0xD8, 0xAD, 0x0A, 0xE5, 0x35, 0x78, 0x29, 0xBF, + 0x9F, 0x6B, 0x2C, 0xBB, 0x97, 0x9D, 0xD3, 0x64, + 0x23, 0x2B, 0xA8, 0xA4, 0x71, 0xE3, 0xF1, 0x2F, + 0x61, 0xC9, 0x68, 0xD2, 0x06, 0xD0, 0x4E, 0x87, + 0x03, 0x99, 0xCC, 0xB1, 0x83, 0xB6, 0x94, 0x61, + 0x3C, 0xE9, 0xE0, 0x7D, 0x13, 0xAF, 0xCF, 0xE4, + 0xA6, 0x42, 0x7F, 0x62, 0x8F, 0xFC, 0x10, 0xF1, + 0x08, 0x4D, 0x1D, 0xFC, 0x0F, 0x37, 0x11, 0xBE, + 0xD7, 0xF1, 0x80, 0x46, 0xAF, 0xFA, 0x13, 0x65, + 0x99, 0xAE, 0xF9, 0xD0, 0x13, 0xA7, 0xC7, 0x3A, + 0xD2, 0xC1, 0x9B, 0x5A, 0xB8, 0xC3, 0x08, 0x13, + 0x49, 0x40, 0x33, 0x0D, 0x1F, 0x93, 0x5D, 0x10, + 0x49, 0x3E, 0x4F, 0x90, 0x34, 0xC5, 0xEA, 0xF7, + 0x24, 0xFF, 0xF3, 0xC5, 0x95, 0xF7, 0x1F, 0x13, + 0x9A, 0xE0, 0x0C, 0xCD, 0x61, 0x93, 0x39, 0xE6, + 0xAF, 0xD5, 0x3E, 0xA9, 0xD8, 0xC4, 0x8F, 0x64, + 0x05, 0x09, 0x45, 0x2A, 0xEB, 0x12, 0xC5, 0x51, + 0x58, 0x1C, 0x55, 0x20, 0xE9, 0x29, 0x74, 0xC7, + 0x10, 0x01, 0xF3, 0xA4, 0x56, 0xB4, 0x14, 0xFE, + 0x9C, 0x10, 0x2F, 0xF8, 0xBF, 0xB5, 0x9C, 0x6E, + 0xBB, 0xE6, 0x52, 0xE7, 0xAC, 0xA7, 0xCE, 0x41, + 0x6E, 0x00, 0x66, 0x0A, 0x2F, 0x46, 0x71, 0xB8, + 0x8F, 0x45, 0x89, 0x26, 0x68, 0xCD, 0x49, 0xDF, + 0xCB, 0xCD, 0xD6, 0x66, 0xC6, 0xA7, 0x8E, 0xB3, + 0xE4, 0x72, 0xEF, 0xBA, 0xA6, 0x6D, 0x7A, 0xB7, + 0xE9, 0xD9, 0xB2, 0x60, 0xB5, 0x82, 0x77, 0x20, + 0x2A, 0xFA, 0xE3, 0xCB, 0xF5, 0x30, 0x50, 0x30, + 0xC6, 0x19, 0x67, 0xA8, 0xB8, 0xFA, 0xFE, 0xB6, + 0xDA, 0xB6, 0xB6, 0xBF, 0x07, 0x90, 0x40, 0xD8, + 0x5B, 0x15, 0x48, 0x39, 0xCD, 0x99, 0x0F, 0x3A, + 0x28, 0xD2, 0x2E, 0xBA, 0xAC, 0x6D, 0xA3, 0xF8, + 0x53, 0x88, 0xF0, 0x86, 0x87, 0x70, 0xF5, 0x07, + 0xD2, 0x99, 0xC4, 0xCA, 0xDD, 0xD8, 0x8C, 0xEB, + 0x00, 0x96, 0xB4, 0x62, 0xA3, 0x7B, 0x79, 0x31, + 0xB2, 0x85, 0xB0, 0x61, 0x39, 0xF2, 0xBC, 0x1D, + 0x31, 0xC3, 0x0C, 0x7F, 0x70, 0x9A, 0x63, 0x74, + 0xC6, 0xCB, 0xD3, 0x93, 0x0D, 0x43, 0x7F, 0x80, + 0x85, 0x87, 0x72, 0x98, 0xE1, 0x6E, 0x9A, 0x59, + 0x2E, 0x6C, 0xA8, 0x9E, 0xC2, 0xC0, 0x72, 0xFE, + 0x26, 0xE8, 0xAF, 0x89, 0x61, 0xCA, 0x0D, 0x15, + 0xCC, 0xB0, 0xBA, 0x10, 0xB8, 0x9D, 0x77, 0x2C, + 0x6C, 0x28, 0xCC, 0x70, 0x5B, 0x1F, 0x5D, 0x68, + 0xD4, 0xC8, 0x1F, 0x0F, 0x67, 0xF5, 0x3E, 0x5C, + 0x70, 0x50, 0x4B, 0x32, 0x12, 0xE6, 0x1A, 0xCE, + 0xB8, 0x32, 0x5F, 0x1D, 0xC5, 0xFB, 0x07, 0x77, + 0xAD, 0x85, 0x45, 0x95, 0x04, 0x0D, 0x94, 0x7A, + 0x1F, 0xDD, 0x05, 0x74, 0x14, 0xA5, 0x9A, 0x66, + 0xF4, 0x93, 0xBE, 0xF2, 0xA9, 0x5B, 0xCD, 0xAB, + 0xC7, 0x82, 0xF7, 0xE7, 0x4A, 0x1C, 0x90, 0x6B, + 0x9A, 0xBD, 0x93, 0xDD, 0x41, 0x56, 0xDA, 0xA5, + 0x0F, 0x5D, 0x57, 0x2C, 0xBA, 0x07, 0x07, 0x4B, + 0x91, 0x33, 0xE6, 0x1B, 0x0E, 0x25, 0x9E, 0x36, + 0xBF, 0xCA, 0x21, 0xCE, 0xC6, 0x82, 0x33, 0x4D, + 0x42, 0x4F, 0x2E, 0x71, 0xC2, 0xE7, 0x6F, 0x16, + 0xF6, 0xB7, 0x30, 0x1C, 0xA1, 0xA8, 0xE3, 0xE7, + 0xB1, 0x71, 0xDD, 0x9F, 0x90, 0x1F, 0x01, 0x1D, + 0x0A, 0xBD, 0x2C, 0x4A, 0x22, 0x84, 0x5C, 0xBF, + 0x61, 0x07, 0x24, 0xC4, 0x0D, 0x23, 0xDB, 0xC6, + 0x28, 0xB1, 0x27, 0xCB, 0x7E, 0x06, 0xF8, 0x3C, + 0x42, 0xF9, 0x51, 0x2F, 0x21, 0xC5, 0x80, 0x98, + 0x08, 0x2F, 0x56, 0x58, 0xD7, 0xE0, 0xDA, 0xC4, + 0x24, 0x0C, 0xE8, 0xFA, 0x94, 0x23, 0x57, 0xA6, + 0xD8, 0xE2, 0xC5, 0xCC, 0x16, 0x70, 0x55, 0x57, + 0xC4, 0x52, 0x2D, 0x94, 0xCE, 0x5B, 0x22, 0x8E, + 0x6C, 0x3D, 0x8E, 0x74, 0x9D, 0xFD, 0x47, 0xC7, + 0x42, 0x11, 0x41, 0x9F, 0x6A, 0x0A, 0xF6, 0x16, + 0x97, 0xB1, 0x24, 0xC4, 0x6C, 0x98, 0xF8, 0x62, + 0x51, 0xE9, 0x67, 0x6D, 0x39, 0x2B, 0x76, 0x19, + 0x5F, 0x41, 0xF4, 0x82, 0x51, 0x87, 0xFF, 0xAA, + 0x87, 0xE3, 0x46, 0x87, 0xC0, 0xC9, 0xBB, 0xB5, + 0xAC, 0xA0, 0xD1, 0x56, 0x54, 0xC2, 0x2C, 0x59, + 0x9E, 0x78, 0xF9, 0xA6, 0xBA, 0xCB, 0xE2, 0x45, + 0x8A, 0xC1, 0xE5, 0xDF, 0xC3, 0x81, 0x91, 0xDB, + 0xDB, 0x9E, 0xE2, 0x9C, 0xB9, 0x44, 0x5F, 0x5D, + 0x6D, 0x83, 0x8D, 0x2D, 0x3E, 0x72, 0x2F, 0x98, + 0xFC, 0xFA, 0x5F, 0xC0, 0xF0, 0x03, 0x4A, 0x42, + 0x19, 0x67, 0x48, 0x24, 0x70, 0x35, 0xAE, 0x37, + 0x34, 0x27, 0xAB, 0xD6, 0x92, 0xB8, 0xB4, 0x52, + 0xC9, 0xD1, 0xF0, 0x5C, 0xAC, 0xFA, 0xB9, 0x2D, + 0xCE, 0xF2, 0x24, 0xE3, 0x53, 0xF4, 0x2D, 0x65, + 0x8D, 0xBF, 0x27, 0x3F, 0xAF, 0x62, 0xE0, 0x27, + 0xBE, 0x12, 0xCB, 0x40, 0xA4, 0x99, 0xAF, 0x47, + 0x19, 0x5F, 0x68, 0x69, 0x7F, 0x8C, 0xD2, 0x1E, + 0x4A, 0xA1, 0xA4, 0x3D, 0x5A, 0x62, 0x6F, 0x78, + 0x87, 0x8E, 0xA0, 0xC0, 0xF3, 0x2C, 0x60, 0xC3, + 0xCE, 0xDD, 0xED, 0x7C, 0xAF, 0xE0, 0x0B, 0x72, + 0x9D, 0xBA, 0xC6, 0xEE, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x07, + 0x0B, 0x15, 0x1B, 0x1E, 0x24 + }; +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + static const byte sk_87[] = { + 0xF1, 0x79, 0x16, 0xD9, 0x5C, 0x51, 0x2F, 0xEC, + 0x0C, 0xEF, 0xA6, 0xA1, 0x5C, 0x9F, 0xB3, 0xBF, + 0x84, 0xFF, 0x8D, 0x7F, 0xA3, 0x55, 0x22, 0xEB, + 0x1C, 0x91, 0x5C, 0x4D, 0x25, 0x4E, 0x89, 0x35, + 0x24, 0x8E, 0x3C, 0x08, 0x58, 0x2B, 0x74, 0x5E, + 0xB2, 0xFD, 0x13, 0x15, 0x2B, 0x5D, 0xAE, 0xEA, + 0xB0, 0x72, 0x80, 0x42, 0xB0, 0x08, 0x85, 0xBB, + 0x92, 0xF8, 0x44, 0xA8, 0x6B, 0x42, 0x62, 0x03, + 0x5C, 0x9F, 0x44, 0x8A, 0x2B, 0x78, 0xEF, 0x5D, + 0xB3, 0x47, 0xE0, 0x25, 0x04, 0x15, 0xE1, 0x01, + 0x5F, 0xBB, 0x34, 0x31, 0x91, 0x24, 0x07, 0xC8, + 0x5A, 0x2F, 0x36, 0x2A, 0x85, 0xA9, 0xAE, 0x42, + 0x77, 0x23, 0xBF, 0x62, 0x69, 0x7B, 0x77, 0x99, + 0x1B, 0x3E, 0x93, 0xA3, 0x81, 0x13, 0x3F, 0x95, + 0x0D, 0x40, 0xE7, 0xC1, 0xAC, 0xBC, 0x17, 0xE4, + 0xF1, 0xD1, 0x0C, 0xD1, 0x27, 0x4C, 0x8D, 0x3C, + 0x84, 0x02, 0x02, 0x0A, 0xC5, 0x10, 0x1C, 0xC3, + 0x4D, 0xD0, 0x94, 0x70, 0x24, 0xC0, 0x89, 0x94, + 0x08, 0x4D, 0xC2, 0x30, 0x20, 0x63, 0xC0, 0x24, + 0xE1, 0x80, 0x40, 0xD0, 0x26, 0x68, 0x10, 0x97, + 0x01, 0x83, 0xC2, 0x91, 0x5A, 0x90, 0x2D, 0x44, + 0x94, 0x6D, 0x10, 0x09, 0x50, 0x11, 0xA7, 0x0D, + 0xE4, 0x04, 0x89, 0x9B, 0x80, 0x8D, 0x40, 0xB8, + 0x45, 0x4B, 0x86, 0x0D, 0xC8, 0xB6, 0x05, 0xC0, + 0xC0, 0x71, 0x02, 0x09, 0x06, 0xA2, 0x00, 0x2D, + 0x0B, 0x24, 0x86, 0xA0, 0x90, 0x11, 0x20, 0x16, + 0x82, 0x1B, 0x24, 0x42, 0xCB, 0xB6, 0x70, 0x43, + 0x36, 0x05, 0xDA, 0x16, 0x25, 0x9A, 0x34, 0x6C, + 0xCB, 0xB4, 0x08, 0xC4, 0x16, 0x90, 0x24, 0x29, + 0x6C, 0x42, 0x90, 0x04, 0x24, 0x06, 0x46, 0x84, + 0x12, 0x6D, 0xC2, 0x26, 0x00, 0x88, 0x40, 0x02, + 0x51, 0xC8, 0x40, 0x9C, 0x16, 0x24, 0x82, 0x18, + 0x26, 0x21, 0x06, 0x0C, 0x12, 0xC2, 0x71, 0x50, + 0x98, 0x91, 0x4A, 0x40, 0x28, 0x48, 0x48, 0x21, + 0x5A, 0x18, 0x49, 0x1B, 0xB7, 0x01, 0x5A, 0xC6, + 0x48, 0xA1, 0x90, 0x2C, 0x14, 0x18, 0x2D, 0xD2, + 0x20, 0x62, 0xDC, 0xB6, 0x49, 0x00, 0x09, 0x6D, + 0x40, 0xA8, 0x4D, 0x24, 0xC8, 0x24, 0x4C, 0x06, + 0x08, 0x80, 0x40, 0x4E, 0xD3, 0x18, 0x88, 0x12, + 0x09, 0x91, 0x8B, 0x12, 0x31, 0xC9, 0x16, 0x04, + 0x64, 0x10, 0x72, 0xDA, 0x84, 0x91, 0x92, 0xC6, + 0x65, 0x22, 0x10, 0x48, 0x18, 0xC9, 0x00, 0x14, + 0x44, 0x62, 0x24, 0xC1, 0x60, 0x40, 0xC6, 0x10, + 0x4A, 0x48, 0x28, 0x9B, 0x44, 0x66, 0x91, 0x10, + 0x52, 0xD3, 0x26, 0x52, 0xD8, 0xA6, 0x0C, 0x0A, + 0xA8, 0x44, 0xD8, 0x26, 0x0C, 0x64, 0x86, 0x45, + 0x44, 0x20, 0x00, 0xD2, 0x48, 0x85, 0xDC, 0x46, + 0x32, 0xC8, 0x22, 0x45, 0x5B, 0x00, 0x8D, 0x20, + 0xA5, 0x45, 0x01, 0xC1, 0x91, 0xA2, 0x12, 0x84, + 0x20, 0x47, 0x0E, 0x98, 0xA8, 0x25, 0xD9, 0xA0, + 0x4D, 0xA4, 0x06, 0x2D, 0x5B, 0xB0, 0x08, 0x21, + 0xB0, 0x80, 0x4C, 0x10, 0x2C, 0xC4, 0x98, 0x71, + 0x99, 0x24, 0x24, 0xA4, 0x36, 0x71, 0x4B, 0xB6, + 0x49, 0xE1, 0x92, 0x00, 0x09, 0x92, 0x4C, 0x89, + 0x12, 0x49, 0x1A, 0x39, 0x2A, 0xE0, 0x22, 0x69, + 0x61, 0xB2, 0x50, 0x40, 0x26, 0x8E, 0xC9, 0xA2, + 0x08, 0x0A, 0x90, 0x24, 0x13, 0x35, 0x06, 0x21, + 0x24, 0x62, 0x60, 0xB0, 0x01, 0xE3, 0xC6, 0x29, + 0x5B, 0x28, 0x89, 0x20, 0x90, 0x70, 0xC4, 0xA4, + 0x31, 0x08, 0x42, 0x11, 0x10, 0xC0, 0x71, 0x98, + 0x98, 0x20, 0xC4, 0xA8, 0x29, 0x1A, 0x15, 0x32, + 0xC4, 0x86, 0x6C, 0x18, 0x14, 0x6A, 0x02, 0x46, + 0x46, 0xDC, 0xC2, 0x4C, 0x81, 0x02, 0x6D, 0x49, + 0x16, 0x48, 0x10, 0x94, 0x6C, 0x0A, 0x85, 0x90, + 0x9C, 0x34, 0x84, 0x54, 0x24, 0x25, 0x49, 0xA8, + 0x21, 0x04, 0xA6, 0x2C, 0x61, 0x00, 0x01, 0x61, + 0x46, 0x92, 0xE0, 0xA6, 0x44, 0xE2, 0x00, 0x90, + 0xC8, 0x06, 0x06, 0x90, 0xB8, 0x2D, 0x0B, 0x85, + 0x85, 0x20, 0x23, 0x0D, 0x83, 0x94, 0x04, 0x54, + 0x26, 0x50, 0x41, 0x92, 0x29, 0x09, 0x16, 0x20, + 0x54, 0xC6, 0x2D, 0x81, 0xC8, 0x8C, 0x09, 0x44, + 0x44, 0xE2, 0x06, 0x30, 0x13, 0x92, 0x49, 0x0B, + 0x17, 0x48, 0x93, 0x28, 0x86, 0xD8, 0xA4, 0x50, + 0xD1, 0x32, 0x91, 0x08, 0xB8, 0x05, 0xA4, 0x02, + 0x62, 0x01, 0x15, 0x82, 0xE3, 0x18, 0x42, 0x83, + 0xC6, 0x44, 0x43, 0x02, 0x81, 0x53, 0x88, 0x04, + 0x04, 0x98, 0x31, 0x19, 0x18, 0x46, 0xDB, 0x02, + 0x89, 0x10, 0x23, 0x81, 0x03, 0x90, 0x71, 0x83, + 0x26, 0x89, 0x1A, 0x01, 0x05, 0xCA, 0xB0, 0x01, + 0x4C, 0x84, 0x09, 0x10, 0x11, 0x84, 0x13, 0xB1, + 0x20, 0x61, 0xB8, 0x41, 0x1B, 0x02, 0x8C, 0x09, + 0x98, 0x61, 0x83, 0x18, 0x61, 0x08, 0xC1, 0x6D, + 0x44, 0x86, 0x09, 0xCB, 0x88, 0x8D, 0x93, 0xB4, + 0x41, 0x58, 0x90, 0x81, 0x04, 0x31, 0x08, 0xD1, + 0xC4, 0x04, 0x19, 0xB4, 0x4C, 0x1C, 0x88, 0x20, + 0xCA, 0x30, 0x72, 0x1C, 0xB5, 0x85, 0x13, 0x27, + 0x32, 0x84, 0xB4, 0x44, 0x04, 0x42, 0x20, 0x61, + 0x18, 0x52, 0x50, 0x96, 0x44, 0x03, 0x38, 0x86, + 0xE3, 0x48, 0x31, 0x02, 0x82, 0x68, 0x98, 0x06, + 0x90, 0x23, 0x28, 0x04, 0x10, 0x18, 0x0D, 0x10, + 0x28, 0x45, 0x4C, 0x84, 0x6C, 0x09, 0x36, 0x71, + 0x82, 0x26, 0x64, 0x18, 0xC6, 0x21, 0x90, 0x18, + 0x22, 0x0A, 0x37, 0x08, 0xC4, 0x94, 0x28, 0xE2, + 0x30, 0x2C, 0x92, 0xB4, 0x24, 0x63, 0x46, 0x70, + 0x52, 0x96, 0x0C, 0x8B, 0xA4, 0x05, 0xD3, 0x02, + 0x85, 0x09, 0x32, 0x92, 0x49, 0x12, 0x21, 0x18, + 0x43, 0x28, 0x01, 0x32, 0x45, 0x0B, 0xA5, 0x50, + 0x14, 0x16, 0x65, 0x91, 0x80, 0x65, 0x0A, 0x44, + 0x66, 0x13, 0xB6, 0x4C, 0x01, 0x38, 0x71, 0x11, + 0x49, 0x28, 0x22, 0x43, 0x02, 0x0B, 0x34, 0x04, + 0x01, 0x16, 0x91, 0x80, 0x14, 0x0E, 0x12, 0x93, + 0x01, 0x00, 0x11, 0x80, 0xDC, 0x28, 0x51, 0x11, + 0x87, 0x85, 0xC1, 0x34, 0x28, 0x02, 0xA2, 0x11, + 0x02, 0x38, 0x44, 0x52, 0x14, 0x64, 0xC2, 0xA0, + 0x01, 0x1B, 0x42, 0x8C, 0xC2, 0xB2, 0x71, 0xCB, + 0x16, 0x00, 0xCC, 0x10, 0x21, 0x04, 0x12, 0x52, + 0x84, 0x24, 0x2A, 0xD3, 0x48, 0x12, 0x08, 0x44, + 0x08, 0x81, 0x88, 0x44, 0x01, 0x23, 0x50, 0xC0, + 0xA2, 0x09, 0x81, 0x94, 0x50, 0x02, 0x89, 0x61, + 0x01, 0x31, 0x88, 0x1B, 0xA2, 0x61, 0x90, 0x94, + 0x84, 0x91, 0x24, 0x09, 0x03, 0x18, 0x22, 0xA3, + 0x46, 0x60, 0x10, 0x16, 0x4D, 0x48, 0x84, 0x89, + 0x11, 0x00, 0x2E, 0xCC, 0xC0, 0x40, 0x8C, 0xC0, + 0x51, 0xE4, 0x42, 0x62, 0xDA, 0x24, 0x11, 0x13, + 0x19, 0x46, 0x93, 0x34, 0x4C, 0x42, 0x42, 0x24, + 0xC4, 0x48, 0x90, 0x00, 0x35, 0x80, 0x1B, 0x98, + 0x51, 0x0B, 0x41, 0x60, 0x0C, 0x25, 0x46, 0x9A, + 0xA8, 0x89, 0x12, 0x86, 0x4C, 0xE3, 0x16, 0x09, + 0x14, 0x27, 0x24, 0x51, 0x26, 0x4D, 0x1B, 0x02, + 0x10, 0x00, 0x17, 0x28, 0xD4, 0xA8, 0x45, 0x48, + 0x88, 0x48, 0x01, 0xC7, 0x0D, 0x93, 0xC8, 0x40, + 0x5B, 0x02, 0x49, 0x51, 0x02, 0x4A, 0x01, 0x42, + 0x10, 0xE1, 0x08, 0x90, 0x03, 0x85, 0x48, 0x11, + 0xA8, 0x68, 0x8B, 0x90, 0x08, 0x5A, 0x02, 0x0C, + 0x5A, 0x18, 0x50, 0x11, 0x87, 0x51, 0x9C, 0x38, + 0x92, 0xD0, 0x44, 0x82, 0x10, 0x33, 0x21, 0x88, + 0x44, 0x2D, 0x24, 0x28, 0x0D, 0x22, 0xA3, 0x30, + 0x49, 0x88, 0x25, 0xA1, 0xB2, 0x01, 0x5C, 0x40, + 0x20, 0x1C, 0x03, 0x72, 0xCC, 0x96, 0x8C, 0x51, + 0xA6, 0x88, 0xE3, 0x92, 0x08, 0x13, 0xB0, 0x08, + 0x5C, 0x38, 0x44, 0x03, 0x47, 0x8E, 0x93, 0x12, + 0x4A, 0x88, 0x20, 0x48, 0xE0, 0x42, 0x20, 0x81, + 0x90, 0x09, 0x4B, 0x06, 0x6D, 0xD2, 0x90, 0x10, + 0x01, 0x82, 0x49, 0x19, 0x28, 0x91, 0xDA, 0x20, + 0x2A, 0x20, 0x85, 0x40, 0x0A, 0x16, 0x8A, 0x1C, + 0x83, 0x60, 0xCA, 0x48, 0x4A, 0xA2, 0xC8, 0x50, + 0xE4, 0x02, 0x31, 0x88, 0x86, 0x88, 0x53, 0x00, + 0x89, 0x60, 0x08, 0x8A, 0xA2, 0x02, 0x0A, 0x0A, + 0x34, 0x45, 0x03, 0x04, 0x42, 0x1B, 0x40, 0x09, + 0x89, 0xA0, 0x69, 0x42, 0x18, 0x49, 0x4A, 0xA8, + 0x8C, 0x99, 0x90, 0x30, 0xCA, 0x38, 0x91, 0x09, + 0x31, 0x72, 0x8B, 0x44, 0x29, 0x52, 0xA2, 0x8D, + 0x08, 0x14, 0x6E, 0xA1, 0x84, 0x50, 0x1C, 0x31, + 0x46, 0x19, 0xB7, 0x01, 0xCC, 0x06, 0x29, 0x11, + 0x09, 0x20, 0x4B, 0x40, 0x66, 0x40, 0xC4, 0x49, + 0x00, 0x13, 0x24, 0xD0, 0xA2, 0x84, 0xCA, 0x16, + 0x29, 0xD0, 0xC0, 0x84, 0xC8, 0x88, 0x44, 0xE1, + 0x20, 0x29, 0x1A, 0x97, 0x05, 0x90, 0x42, 0x90, + 0x04, 0x40, 0x71, 0x9C, 0x32, 0x4E, 0x64, 0x26, + 0x22, 0x93, 0x36, 0x66, 0xD3, 0x06, 0x49, 0xA3, + 0x26, 0x51, 0x4C, 0xA6, 0x89, 0x84, 0x36, 0x84, + 0x93, 0x46, 0x6D, 0x14, 0x07, 0x8D, 0x18, 0x29, + 0x42, 0x52, 0x34, 0x72, 0x44, 0x10, 0x90, 0x12, + 0x37, 0x81, 0xD4, 0x10, 0x64, 0x04, 0xA5, 0x08, + 0x84, 0x24, 0x09, 0x1C, 0x08, 0x8D, 0x02, 0x99, + 0x6C, 0x1B, 0x30, 0x50, 0x09, 0x89, 0x81, 0x19, + 0x30, 0x48, 0x5B, 0x14, 0x4D, 0xD9, 0x20, 0x20, + 0x0C, 0x01, 0x2A, 0x00, 0x90, 0x4D, 0xA1, 0x02, + 0x64, 0x1C, 0x03, 0x01, 0xC2, 0x26, 0x8C, 0x14, + 0x08, 0x45, 0xE3, 0x12, 0x48, 0x09, 0x20, 0x09, + 0x41, 0x40, 0x61, 0x90, 0x44, 0x21, 0x49, 0x06, + 0x91, 0x4B, 0xC0, 0x84, 0x22, 0x95, 0x51, 0x23, + 0x38, 0x0E, 0x5C, 0x28, 0x70, 0xC2, 0x40, 0x2C, + 0x94, 0x18, 0x62, 0x9A, 0x30, 0x4A, 0xE2, 0x86, + 0x4C, 0x5C, 0x10, 0x8D, 0xC2, 0x12, 0x21, 0x9C, + 0xC4, 0x4D, 0xD9, 0x96, 0x88, 0x0C, 0x29, 0x45, + 0x1B, 0x45, 0x6A, 0x1A, 0x00, 0x60, 0x91, 0x30, + 0x0C, 0x12, 0x00, 0x69, 0xA2, 0xA0, 0x04, 0x81, + 0x00, 0x65, 0x5C, 0x38, 0x8A, 0x18, 0x05, 0x89, + 0x48, 0x32, 0x24, 0x81, 0xC6, 0x4D, 0x60, 0x90, + 0x31, 0x83, 0x22, 0x12, 0xE1, 0xC2, 0x6C, 0x89, + 0x00, 0x90, 0x14, 0xB4, 0x40, 0xD3, 0xB8, 0x45, + 0x89, 0x24, 0x70, 0x09, 0x26, 0x6C, 0xD9, 0x32, + 0x8A, 0x83, 0x44, 0x0E, 0x21, 0x44, 0x61, 0x99, + 0xA4, 0x20, 0x44, 0x16, 0x2E, 0x1A, 0xC2, 0x08, + 0x09, 0x98, 0x6C, 0x8C, 0x18, 0x8C, 0x0C, 0x30, + 0x62, 0x8B, 0x46, 0x45, 0x80, 0x10, 0x21, 0x20, + 0x33, 0x32, 0x5A, 0x38, 0x4C, 0x98, 0x06, 0x45, + 0x1A, 0x33, 0x09, 0x82, 0x34, 0x44, 0x02, 0x20, + 0x09, 0x59, 0x00, 0x41, 0x08, 0x13, 0x08, 0xDC, + 0x18, 0x68, 0x12, 0x47, 0x86, 0x43, 0xB8, 0x21, + 0x62, 0x02, 0x8D, 0x5C, 0x10, 0x0D, 0x60, 0x96, + 0x65, 0xA2, 0x22, 0x4C, 0x83, 0x18, 0x09, 0x41, + 0x08, 0x41, 0x63, 0xC2, 0x80, 0x13, 0x81, 0x65, + 0x22, 0x03, 0x92, 0x04, 0xA9, 0x4D, 0x1C, 0xB0, + 0x44, 0x80, 0xC6, 0x24, 0x00, 0x01, 0x44, 0x22, + 0x11, 0x80, 0x21, 0x95, 0x64, 0x09, 0x99, 0x8C, + 0xD3, 0x14, 0x4A, 0xD1, 0x98, 0x2D, 0x19, 0x31, + 0x4C, 0x0A, 0x92, 0x40, 0x13, 0x98, 0x48, 0x14, + 0x89, 0x20, 0x23, 0xB3, 0x0D, 0x14, 0x98, 0x6D, + 0x12, 0x98, 0x05, 0x9B, 0x14, 0x06, 0x5B, 0x26, + 0x91, 0x0A, 0x38, 0x09, 0x08, 0x98, 0x2C, 0x19, + 0xA0, 0x45, 0x44, 0x26, 0x00, 0x0A, 0x05, 0x21, + 0xDB, 0xA0, 0x69, 0x51, 0x42, 0x92, 0x0B, 0x43, + 0x00, 0xD1, 0x42, 0x0D, 0x81, 0x30, 0x28, 0x13, + 0xC2, 0x20, 0x03, 0x27, 0x60, 0x10, 0x83, 0x91, + 0x0A, 0x53, 0x7E, 0xA1, 0x4F, 0x11, 0x54, 0x5E, + 0x25, 0x4F, 0xCF, 0x28, 0x03, 0x95, 0x2A, 0x58, + 0x0A, 0x4B, 0x6C, 0x9B, 0x29, 0x10, 0x3D, 0x97, + 0x43, 0x6C, 0x00, 0x3E, 0x2E, 0xCE, 0xAE, 0x20, + 0x28, 0x01, 0x7F, 0xF1, 0xD5, 0x18, 0xB0, 0xB5, + 0xD5, 0xE6, 0x24, 0x26, 0x64, 0xED, 0x33, 0x7C, + 0xCA, 0x45, 0x26, 0xED, 0x5D, 0xB5, 0xEA, 0xD8, + 0xBB, 0x31, 0x16, 0x94, 0x1C, 0xD0, 0xC8, 0xF0, + 0xA7, 0xED, 0x5A, 0x1A, 0x5A, 0x00, 0xB9, 0x8C, + 0x33, 0x6A, 0x9B, 0xC8, 0xEB, 0x6B, 0x3A, 0x30, + 0x83, 0x16, 0xF1, 0x17, 0xEA, 0xA8, 0x0D, 0x4B, + 0x77, 0x56, 0xDD, 0x4A, 0x91, 0xDA, 0xA5, 0x8E, + 0x80, 0xD7, 0xB5, 0x77, 0x55, 0x83, 0x97, 0xAF, + 0x90, 0x5B, 0x67, 0xC5, 0x9F, 0x14, 0xE1, 0x2C, + 0x15, 0x8D, 0x29, 0x2C, 0xA6, 0xB6, 0x41, 0xED, + 0x0C, 0x75, 0xE3, 0x9A, 0x91, 0x4F, 0xFA, 0x1A, + 0x9F, 0x24, 0xCA, 0x28, 0xF2, 0x00, 0xC7, 0x48, + 0xDE, 0x70, 0x9D, 0x15, 0xD7, 0x22, 0xE7, 0xED, + 0x2C, 0x91, 0x8D, 0xEF, 0x08, 0xCF, 0xAF, 0x9B, + 0x7E, 0x24, 0xDE, 0xF2, 0xD5, 0x1A, 0x4D, 0x42, + 0x0E, 0x7E, 0x89, 0x06, 0xFA, 0xCD, 0x9A, 0x5A, + 0x98, 0xB0, 0xD1, 0xD5, 0x34, 0x5C, 0x8B, 0x9A, + 0xC0, 0xBB, 0xF4, 0xB1, 0x5E, 0xF0, 0xB4, 0x6A, + 0x8E, 0x3B, 0x6B, 0xAE, 0x0C, 0x6E, 0x9F, 0x09, + 0x2E, 0xB3, 0xEF, 0x1D, 0x49, 0x62, 0x0B, 0x65, + 0xE7, 0xDE, 0xDB, 0xEF, 0x68, 0x7E, 0xBD, 0x0E, + 0xA0, 0x95, 0x97, 0x2A, 0x56, 0xA0, 0xEA, 0xFB, + 0x2D, 0x75, 0xF4, 0x32, 0x1B, 0x80, 0xAC, 0xBC, + 0xA3, 0x2B, 0x1B, 0x11, 0xAA, 0x57, 0x6F, 0xE4, + 0xE0, 0xCC, 0xCC, 0x20, 0x52, 0x12, 0x65, 0x42, + 0x96, 0xF0, 0x60, 0x8F, 0xF3, 0x83, 0x69, 0xAF, + 0x19, 0x80, 0x75, 0x68, 0xDB, 0xE1, 0x71, 0xDB, + 0x79, 0xEB, 0x8C, 0x1C, 0xB7, 0x6A, 0x8E, 0xB9, + 0x5B, 0x28, 0x8C, 0x9D, 0xCC, 0x62, 0x0B, 0xEF, + 0xCE, 0x96, 0x06, 0x0F, 0x45, 0xA6, 0xA2, 0xDA, + 0xC2, 0x2F, 0x55, 0xE4, 0x7D, 0xC7, 0xBA, 0xB4, + 0xA7, 0x93, 0xD9, 0x65, 0x8F, 0xE2, 0x7C, 0x66, + 0x2C, 0xA6, 0x37, 0x00, 0x81, 0x30, 0xF1, 0x00, + 0xD9, 0x65, 0xB4, 0x78, 0x17, 0x7A, 0xC6, 0xDC, + 0x35, 0x93, 0x1A, 0x5E, 0xCC, 0x5F, 0x93, 0x31, + 0x22, 0x40, 0x2C, 0x17, 0x0E, 0xB8, 0xE0, 0xA4, + 0x1C, 0xB6, 0x3F, 0xE5, 0x60, 0x2F, 0x7B, 0x18, + 0xE1, 0xDB, 0xB6, 0xDB, 0x30, 0xA7, 0x61, 0x55, + 0xC6, 0xCF, 0x03, 0x0F, 0x73, 0x8D, 0xC0, 0x91, + 0x6D, 0xB1, 0x80, 0xF8, 0x3F, 0x02, 0x90, 0x93, + 0x11, 0xCB, 0x6B, 0x3B, 0x9E, 0x55, 0x3F, 0xAC, + 0xA0, 0x52, 0x23, 0xB3, 0x3C, 0x69, 0x60, 0x2D, + 0x0F, 0x05, 0xA0, 0x8B, 0xEB, 0x84, 0x80, 0x96, + 0x51, 0x99, 0x9A, 0x55, 0x26, 0xE7, 0x76, 0xF3, + 0xDE, 0x39, 0x30, 0x4A, 0x5F, 0xEF, 0x00, 0x95, + 0x0A, 0x9A, 0x81, 0x0D, 0x12, 0xE0, 0x1D, 0x15, + 0xD8, 0x86, 0xDB, 0x26, 0x75, 0xF6, 0x54, 0xCA, + 0x17, 0xFA, 0xAE, 0xEB, 0xD1, 0xF5, 0x61, 0xF9, + 0xD1, 0xA9, 0x5E, 0x0B, 0xAD, 0xF7, 0xC3, 0x31, + 0x5A, 0xFA, 0xBA, 0x8D, 0x4B, 0xEC, 0x1F, 0x05, + 0x42, 0xA8, 0xF1, 0x0A, 0xC6, 0x66, 0xFD, 0x8D, + 0x0C, 0x5A, 0xF1, 0xD6, 0x86, 0x7A, 0x9D, 0x82, + 0x6B, 0xFB, 0x6B, 0x03, 0x0B, 0x58, 0xEC, 0xEF, + 0x67, 0x78, 0xD2, 0xC5, 0x2B, 0xF6, 0x2C, 0xB3, + 0x4B, 0x81, 0xFF, 0x93, 0x6D, 0xA3, 0x3E, 0xDA, + 0xB3, 0x1D, 0xB3, 0x9A, 0xB7, 0x63, 0x66, 0xD0, + 0x94, 0x36, 0x2F, 0x04, 0x6D, 0x50, 0x78, 0xB4, + 0x22, 0x35, 0x04, 0xA1, 0x2B, 0xA0, 0xC7, 0xB8, + 0xE8, 0x83, 0x72, 0x77, 0x18, 0x50, 0x9B, 0xD4, + 0x7A, 0x69, 0x6E, 0xE9, 0x88, 0x0C, 0xAF, 0xF6, + 0x63, 0x61, 0x2B, 0x95, 0x86, 0x30, 0x3D, 0x6D, + 0xE0, 0xD2, 0x1F, 0x9A, 0x21, 0x96, 0x22, 0x78, + 0xEB, 0xCE, 0x60, 0xA6, 0xD4, 0x68, 0x44, 0x09, + 0x5C, 0x5F, 0x89, 0x2D, 0xAC, 0xA4, 0x8D, 0x78, + 0x28, 0x22, 0x45, 0x38, 0x34, 0xB4, 0xE4, 0x2C, + 0xD3, 0xA1, 0xFE, 0x39, 0x87, 0x35, 0x6E, 0xAB, + 0x11, 0xEF, 0xB8, 0xEE, 0xCD, 0x8E, 0x9C, 0xC8, + 0xF3, 0x9A, 0x0F, 0xF1, 0xFF, 0xB8, 0x06, 0x9A, + 0x44, 0x1F, 0x85, 0x1E, 0xB4, 0x38, 0xE9, 0xC0, + 0xB5, 0x7E, 0x88, 0x18, 0xA3, 0x22, 0x65, 0x1E, + 0x60, 0xF4, 0xB6, 0x78, 0x90, 0xE5, 0xED, 0x7A, + 0x0F, 0xBF, 0x75, 0x36, 0xC3, 0xFD, 0x50, 0xD0, + 0xB0, 0x65, 0x8D, 0x7C, 0xCF, 0x27, 0x5E, 0x8A, + 0x9E, 0x9F, 0xBB, 0x99, 0xBE, 0x2E, 0x5F, 0x5E, + 0x16, 0x7B, 0xE2, 0x90, 0xB7, 0xE9, 0x67, 0x32, + 0xF8, 0x9E, 0x40, 0xD7, 0x85, 0xAF, 0x25, 0xC1, + 0xBA, 0x61, 0xA7, 0x78, 0x6D, 0x3E, 0xF2, 0xD0, + 0xC1, 0x14, 0xD1, 0x04, 0x8E, 0x76, 0x46, 0xDF, + 0xA3, 0x03, 0x2B, 0xFB, 0x7A, 0x51, 0xA6, 0x36, + 0x05, 0xDC, 0xE3, 0xE1, 0xD8, 0x98, 0x95, 0x00, + 0xD6, 0xE5, 0x8E, 0x96, 0x05, 0x19, 0x93, 0x1D, + 0xAC, 0x9F, 0x14, 0xDD, 0xA4, 0x28, 0xF5, 0xA2, + 0xC9, 0xC7, 0x4D, 0x91, 0x6D, 0x90, 0x77, 0x07, + 0xB5, 0x3E, 0xB5, 0x2C, 0x44, 0xAD, 0x71, 0xD7, + 0x27, 0x82, 0x6E, 0xB2, 0xCA, 0x68, 0x07, 0x0A, + 0x6F, 0x0E, 0x47, 0xFA, 0x16, 0xE5, 0x2E, 0x96, + 0x29, 0xB7, 0xAA, 0x82, 0x41, 0xDA, 0xAB, 0xB1, + 0x94, 0x97, 0xA5, 0x82, 0x4E, 0x58, 0xD7, 0x26, + 0x75, 0xC3, 0xA6, 0x7E, 0x10, 0xA1, 0x19, 0xB2, + 0x74, 0xB8, 0x4D, 0x9B, 0xEE, 0x28, 0x71, 0x72, + 0x8E, 0xD2, 0xF9, 0x4F, 0x85, 0x59, 0xB9, 0x7F, + 0x97, 0x9A, 0xE8, 0x82, 0xEA, 0x54, 0x99, 0x28, + 0xD6, 0xB1, 0xA9, 0xA4, 0xE4, 0xA2, 0x29, 0xF6, + 0xEB, 0x3F, 0xB1, 0xA4, 0x34, 0xA0, 0xFA, 0xED, + 0xAD, 0x62, 0xB7, 0x03, 0x30, 0xCF, 0xCB, 0x24, + 0xCB, 0x34, 0x98, 0x80, 0x2A, 0x67, 0x9F, 0x8F, + 0x54, 0xBF, 0x83, 0xEF, 0x34, 0x47, 0x22, 0x96, + 0x91, 0x98, 0x31, 0xCA, 0xAD, 0x59, 0xEB, 0xE8, + 0x30, 0x82, 0xEA, 0xB6, 0x7D, 0x4A, 0xBD, 0x90, + 0x22, 0x9A, 0x5E, 0x93, 0xA0, 0xB5, 0x80, 0x97, + 0x7F, 0x08, 0x13, 0xCC, 0xB1, 0x5E, 0xCD, 0x74, + 0xFF, 0x71, 0x5F, 0xE8, 0xDB, 0x5B, 0x05, 0xCE, + 0xF3, 0x7D, 0x34, 0x93, 0xBE, 0xDA, 0x27, 0x05, + 0x84, 0x94, 0x4C, 0x02, 0x09, 0x86, 0x34, 0x51, + 0x4D, 0xAA, 0xCE, 0x70, 0x47, 0xE4, 0x74, 0x32, + 0xF9, 0x2A, 0xDC, 0xA4, 0x91, 0xA3, 0xE0, 0x96, + 0x1A, 0x5D, 0x9F, 0x01, 0x44, 0x85, 0x2E, 0x46, + 0x32, 0x63, 0x35, 0xE2, 0x15, 0x24, 0x3D, 0xAA, + 0xE8, 0x37, 0x92, 0x7F, 0xBF, 0xDC, 0xE6, 0x91, + 0xF4, 0x98, 0x59, 0x26, 0x6E, 0x90, 0x08, 0x16, + 0x8C, 0x6A, 0x5E, 0x2F, 0x60, 0x9C, 0x80, 0xC6, + 0x8E, 0x08, 0x20, 0xE7, 0x27, 0x19, 0xE9, 0xB5, + 0x87, 0x3F, 0xA1, 0x99, 0xE1, 0x97, 0xF9, 0xC4, + 0x94, 0xAA, 0x8A, 0x3A, 0x65, 0x26, 0x9E, 0x95, + 0xB7, 0x61, 0xB6, 0x7B, 0xEC, 0x61, 0x13, 0xC1, + 0x44, 0xA5, 0x69, 0x89, 0xC5, 0x75, 0x0D, 0x45, + 0x05, 0x42, 0xCC, 0xF8, 0x1B, 0x24, 0x62, 0x09, + 0x2F, 0x70, 0x71, 0x5D, 0x49, 0x14, 0xEB, 0x2C, + 0xAA, 0x31, 0x74, 0xBC, 0x9E, 0xEB, 0x20, 0xAA, + 0xB6, 0xC6, 0x40, 0xF8, 0xB5, 0xD9, 0xC6, 0xA0, + 0xDC, 0xC6, 0xF0, 0xAE, 0xC9, 0x7B, 0x3A, 0xF6, + 0x47, 0xEB, 0xF8, 0x00, 0x34, 0xA4, 0x3B, 0xF3, + 0x19, 0xBF, 0x40, 0xAD, 0xF7, 0x9A, 0xFE, 0xAB, + 0x58, 0x90, 0xD2, 0x02, 0x3B, 0xAE, 0x02, 0xC9, + 0xFD, 0x02, 0xC5, 0xBB, 0x65, 0x87, 0x9C, 0x1B, + 0x5E, 0xA4, 0x06, 0x02, 0x9A, 0xE7, 0x78, 0x45, + 0xCB, 0x99, 0x4D, 0xB8, 0xC3, 0x52, 0x11, 0xCA, + 0x1D, 0xC8, 0x81, 0xF7, 0xF2, 0x0A, 0x47, 0x06, + 0x50, 0x5F, 0x29, 0xD9, 0xCD, 0x19, 0x89, 0xAD, + 0x42, 0xB0, 0x7E, 0xF5, 0x2D, 0x96, 0x54, 0xE2, + 0x8E, 0x3D, 0xCB, 0x83, 0x00, 0x08, 0xA1, 0xBE, + 0x31, 0x99, 0x38, 0x7E, 0x06, 0x6B, 0x28, 0xB3, + 0x15, 0xCA, 0x19, 0x02, 0xF4, 0xBB, 0x0E, 0xE6, + 0x3F, 0xDC, 0x4C, 0x93, 0xE1, 0xAB, 0x88, 0x6F, + 0xD7, 0x42, 0x52, 0x61, 0xC3, 0x7A, 0xC5, 0x87, + 0x62, 0xD0, 0x3D, 0xB6, 0x07, 0x06, 0x88, 0x7E, + 0x72, 0xCF, 0x74, 0x5A, 0x44, 0x6D, 0xF6, 0xC6, + 0x66, 0x2F, 0x53, 0xDD, 0x61, 0x24, 0x71, 0xA4, + 0x34, 0xAC, 0x56, 0xC4, 0xBE, 0xDB, 0x3C, 0x9F, + 0x36, 0x47, 0xE6, 0x03, 0x2B, 0x3C, 0xC0, 0x99, + 0x0A, 0x3A, 0x2E, 0x87, 0x05, 0x2B, 0x36, 0xD4, + 0xA1, 0x62, 0x42, 0x4E, 0x2D, 0x39, 0x9E, 0x1B, + 0xC2, 0x37, 0x92, 0x8D, 0x0B, 0xD7, 0x71, 0x58, + 0x07, 0x9C, 0xCB, 0x20, 0x8B, 0x71, 0x95, 0x07, + 0x96, 0x55, 0xBD, 0xB7, 0x6C, 0xBA, 0xFF, 0x44, + 0x7C, 0x34, 0xC5, 0x82, 0x9F, 0xAC, 0x19, 0x9B, + 0xB0, 0x27, 0xA0, 0x80, 0x06, 0x50, 0x8D, 0x56, + 0xC8, 0x1D, 0x18, 0x70, 0x90, 0xE7, 0x10, 0x24, + 0xDB, 0x7F, 0xBF, 0x3A, 0x7D, 0x64, 0xD8, 0xFA, + 0x48, 0x74, 0xA8, 0xF4, 0x70, 0x37, 0x7B, 0x15, + 0x38, 0x00, 0x96, 0x82, 0x2F, 0xFE, 0x46, 0x55, + 0x71, 0xB5, 0x0C, 0x54, 0x05, 0x58, 0xBA, 0x50, + 0xE9, 0x0E, 0xB8, 0x14, 0x52, 0xF4, 0x12, 0x75, + 0xC2, 0x51, 0x5B, 0xAE, 0x05, 0x92, 0xD5, 0x3F, + 0x6A, 0x6A, 0x34, 0xD2, 0xA3, 0x4D, 0x8E, 0xAC, + 0x6E, 0x7A, 0x03, 0xFB, 0xDB, 0x52, 0x49, 0x4F, + 0x4B, 0x98, 0x1B, 0x56, 0xC0, 0x96, 0x26, 0x08, + 0x48, 0x50, 0xC7, 0xCF, 0x96, 0x2F, 0x93, 0x10, + 0x72, 0x25, 0x15, 0xA6, 0x2A, 0xC0, 0x85, 0xA6, + 0x18, 0x9A, 0xDD, 0xEA, 0x38, 0x12, 0x91, 0x13, + 0x57, 0x31, 0xB2, 0xEE, 0x83, 0xA4, 0xF1, 0xEB, + 0xFA, 0x09, 0xAF, 0x80, 0xA9, 0x12, 0x68, 0xA8, + 0x76, 0x23, 0xCB, 0x55, 0x7C, 0x9F, 0x66, 0xDE, + 0xB4, 0x54, 0xFB, 0x2F, 0x4F, 0xC2, 0x64, 0x8F, + 0x44, 0x41, 0x5A, 0x7B, 0xEF, 0x29, 0x96, 0x2D, + 0x5F, 0x7C, 0x16, 0xE7, 0x85, 0x79, 0xF5, 0x26, + 0xDD, 0x20, 0xE9, 0x20, 0x9B, 0x6C, 0xA6, 0xDF, + 0xD1, 0x30, 0xF9, 0x2E, 0xF7, 0x24, 0x64, 0x5B, + 0x5B, 0x84, 0xD8, 0x72, 0x4F, 0x3C, 0xF6, 0xF3, + 0xA3, 0xB2, 0xA9, 0xCF, 0x61, 0x24, 0x7A, 0x54, + 0xBA, 0x92, 0x8F, 0x53, 0xEA, 0xCB, 0xA7, 0xE6, + 0xD6, 0xB8, 0x12, 0xC4, 0xCE, 0x21, 0xA1, 0x8B, + 0xA8, 0xD1, 0x14, 0x50, 0xE7, 0x04, 0x89, 0xBA, + 0x57, 0x2E, 0x5E, 0xB9, 0xA7, 0x72, 0x2D, 0x9D, + 0xC6, 0xAA, 0xE4, 0xF9, 0x57, 0x93, 0x60, 0x09, + 0xE2, 0x6E, 0xB3, 0xE7, 0x4D, 0x9F, 0x99, 0x33, + 0xF3, 0xDB, 0x4D, 0xA0, 0xA1, 0xF5, 0x44, 0x93, + 0x99, 0xB5, 0xE1, 0x01, 0x03, 0x11, 0xF8, 0x7D, + 0x92, 0xC1, 0x87, 0xAD, 0x2E, 0xFA, 0xBB, 0x0A, + 0x2C, 0x86, 0xB7, 0xD7, 0xF9, 0xA0, 0x72, 0xAB, + 0xC0, 0xC6, 0x60, 0x6D, 0xBC, 0xD9, 0x20, 0x17, + 0x7A, 0x22, 0x57, 0x20, 0xA7, 0x05, 0x76, 0xB8, + 0xE8, 0x2D, 0x7D, 0x53, 0xC1, 0xDF, 0xA4, 0x8E, + 0xA7, 0x31, 0x81, 0xAF, 0x0A, 0xF0, 0x86, 0xB6, + 0xAA, 0xF8, 0x0A, 0xB2, 0x49, 0x81, 0xF2, 0x75, + 0xD6, 0x6D, 0x4F, 0xBD, 0xE2, 0xC5, 0x1A, 0xE8, + 0xE8, 0xD4, 0x58, 0x33, 0x72, 0x9F, 0x45, 0x03, + 0x01, 0x30, 0xBC, 0x85, 0xB2, 0xBD, 0x9A, 0x14, + 0xC8, 0x13, 0xA3, 0x7F, 0x1F, 0xA1, 0x47, 0xF8, + 0x15, 0x48, 0x8D, 0x7A, 0x17, 0xC0, 0xC0, 0x39, + 0xEA, 0xF8, 0x66, 0xCE, 0xA7, 0x5F, 0x5B, 0x2E, + 0xBE, 0x05, 0xEF, 0x31, 0x09, 0x47, 0x2B, 0xA5, + 0xF7, 0xCF, 0xCE, 0x4C, 0x35, 0x8B, 0x60, 0x80, + 0x40, 0x0C, 0x5C, 0xC0, 0x85, 0x15, 0x14, 0x92, + 0xD1, 0x3A, 0x5B, 0x00, 0x96, 0xA0, 0x63, 0x1F, + 0xAA, 0x30, 0xCB, 0x48, 0xF2, 0xDA, 0x87, 0x3B, + 0x85, 0x7D, 0xFD, 0xB3, 0x86, 0xD9, 0x33, 0x98, + 0x18, 0x07, 0x34, 0x92, 0x55, 0x9A, 0x0E, 0xC2, + 0xDA, 0xF3, 0x73, 0x8E, 0x15, 0x88, 0xB0, 0x98, + 0x75, 0x1F, 0xF0, 0xFA, 0x1C, 0x87, 0x1B, 0x22, + 0x23, 0x7E, 0x5C, 0xD1, 0x5B, 0x0E, 0x17, 0x28, + 0xEA, 0x26, 0x71, 0x66, 0xC3, 0x8A, 0x71, 0x97, + 0xB6, 0xCC, 0x7D, 0xAD, 0x39, 0x11, 0x6B, 0xE6, + 0x1D, 0xF4, 0x33, 0x3C, 0xD7, 0xC2, 0xA4, 0x13, + 0xDB, 0x30, 0x63, 0xD7, 0xF0, 0x22, 0x8C, 0x61, + 0xFA, 0xDA, 0xC3, 0xF8, 0xC3, 0x31, 0xF4, 0x45, + 0x09, 0xB4, 0xD6, 0x08, 0x53, 0x1F, 0x99, 0x5D, + 0x15, 0xFA, 0xB1, 0x19, 0xD8, 0x47, 0xE6, 0xD8, + 0x54, 0x95, 0x75, 0xB7, 0xD8, 0x50, 0xB2, 0x60, + 0x0E, 0x4D, 0x13, 0x64, 0x6C, 0xF9, 0x6B, 0x6B, + 0x9D, 0xA6, 0xC6, 0x2F, 0x2A, 0x80, 0xAE, 0x02, + 0x58, 0xA8, 0xCD, 0x6E, 0xF4, 0xC5, 0x5E, 0xEA, + 0x7E, 0x78, 0xD2, 0x0A, 0x46, 0x4A, 0x19, 0x4C, + 0xEC, 0xBB, 0x01, 0xE7, 0x3F, 0x32, 0x76, 0xD6, + 0x6E, 0x12, 0xAD, 0x37, 0x74, 0x51, 0xBB, 0xB9, + 0x4E, 0x5C, 0x94, 0x88, 0x32, 0x59, 0x5F, 0x6B, + 0x6E, 0x38, 0x2A, 0xD1, 0x42, 0xD9, 0xF1, 0xB8, + 0x68, 0x97, 0x95, 0xE9, 0xEB, 0xC3, 0x2A, 0x5A, + 0x10, 0x1E, 0x69, 0x6C, 0xA3, 0x4A, 0xBA, 0x00, + 0x5B, 0x4C, 0xED, 0xA2, 0x7D, 0x12, 0x00, 0xFE, + 0x48, 0xFD, 0x82, 0xC1, 0x72, 0x17, 0xE5, 0x08, + 0xA8, 0x48, 0x4F, 0x03, 0x88, 0x34, 0x5C, 0x9D, + 0xED, 0xE2, 0xA1, 0x39, 0x28, 0xFA, 0xC3, 0x29, + 0x21, 0x84, 0x2F, 0x6E, 0x6A, 0xA5, 0xCF, 0xBF, + 0x57, 0xFA, 0xA2, 0x8F, 0x43, 0xE0, 0x5E, 0x9A, + 0x45, 0x23, 0x12, 0x50, 0x29, 0x11, 0xEF, 0x9C, + 0x33, 0xC8, 0x11, 0xEB, 0xE7, 0xCA, 0xD7, 0x30, + 0x62, 0x3D, 0xB7, 0x04, 0x8E, 0xC2, 0x18, 0xC7, + 0xEA, 0x9D, 0xFC, 0x6E, 0x19, 0x65, 0xA9, 0x85, + 0x7E, 0x92, 0x94, 0xC4, 0xE4, 0x7F, 0x4D, 0x96, + 0x23, 0xCB, 0x74, 0xB6, 0x5F, 0x7B, 0xB5, 0x86, + 0x22, 0x83, 0x8D, 0xC4, 0x4E, 0x16, 0xD9, 0x15, + 0xD9, 0x59, 0x65, 0x55, 0xCA, 0x3D, 0x26, 0x1C, + 0x9C, 0x2A, 0xFC, 0xCB, 0xAF, 0x5A, 0xC0, 0x3D, + 0xE0, 0x91, 0xF0, 0xDB, 0xEA, 0xE1, 0xB4, 0xA7, + 0xE3, 0xDE, 0xC4, 0x39, 0x09, 0x89, 0x67, 0x65, + 0x77, 0xA0, 0x53, 0x68, 0x4F, 0x57, 0x86, 0x8D, + 0x91, 0xFE, 0x6A, 0x5B, 0x7D, 0x3D, 0x7C, 0x79, + 0x50, 0x78, 0x9E, 0x89, 0xD8, 0x38, 0x83, 0xBC, + 0x3D, 0xAE, 0x55, 0xCA, 0x30, 0x78, 0xB0, 0x8D, + 0x99, 0x18, 0x31, 0xBA, 0x91, 0x50, 0x2A, 0x5A, + 0x33, 0x54, 0xB8, 0x8E, 0x15, 0x9B, 0x0A, 0xFF, + 0xD2, 0x5B, 0x0D, 0xBB, 0x72, 0xBC, 0xD6, 0xF4, + 0x04, 0x65, 0xDD, 0xFC, 0x00, 0xFF, 0x8B, 0x63, + 0x39, 0xC0, 0x67, 0x09, 0x5D, 0x6C, 0x7C, 0xB0, + 0x6F, 0x3B, 0xE7, 0x59, 0xC5, 0x27, 0x40, 0x39, + 0x5D, 0xD1, 0x08, 0x29, 0x6F, 0x2B, 0xBC, 0x2E, + 0x7A, 0x5D, 0xDD, 0xE3, 0xD1, 0xC3, 0x5D, 0x18, + 0xBF, 0xBE, 0x39, 0x68, 0xEC, 0x59, 0xAB, 0xF8, + 0x5C, 0x1B, 0xD2, 0x92, 0x8A, 0xB2, 0xAA, 0x67, + 0x8A, 0x78, 0x91, 0x74, 0x6E, 0x88, 0xF4, 0x39, + 0xF8, 0xB4, 0x38, 0x40, 0x31, 0xC3, 0xED, 0xB7, + 0x31, 0x97, 0xE5, 0x2A, 0x4E, 0x77, 0x3D, 0x2D, + 0x8B, 0x7B, 0xAD, 0xDC, 0x5D, 0xD0, 0xA7, 0xE4, + 0x4C, 0x80, 0x8D, 0x73, 0xB8, 0x18, 0x1D, 0x19, + 0x1C, 0x3C, 0x89, 0xFE, 0x15, 0xEA, 0x90, 0xD7, + 0x56, 0x7E, 0x89, 0x16, 0xA3, 0x37, 0x83, 0x03, + 0x05, 0x04, 0x1B, 0x1E, 0x94, 0xB3, 0xB4, 0x06, + 0xDA, 0x4C, 0x36, 0xBE, 0xF0, 0x5D, 0x91, 0x00, + 0xAB, 0x99, 0x2A, 0x4D, 0x56, 0x25, 0x33, 0x73, + 0x0E, 0x0D, 0x8C, 0x05, 0x2B, 0x3A, 0x62, 0xD3, + 0xF6, 0x9A, 0x83, 0xA0, 0xC9, 0xB2, 0x12, 0x4F, + 0x12, 0xAE, 0x7D, 0xAC, 0xC9, 0x78, 0xC4, 0xA0, + 0xAD, 0xCC, 0x2E, 0xBA, 0x2D, 0x80, 0xF4, 0x94, + 0xAA, 0x16, 0xEC, 0x1E, 0x8E, 0x71, 0xC7, 0x9B, + 0x02, 0xF3, 0x26, 0x1B, 0x6F, 0x98, 0x68, 0xB8, + 0xD5, 0x7E, 0x9D, 0x16, 0xF4, 0x2B, 0x7C, 0xC6, + 0x64, 0x06, 0x54, 0x9A, 0x27, 0x6D, 0x37, 0x14, + 0x37, 0xDE, 0x88, 0xB7, 0xF3, 0x9E, 0x74, 0x08, + 0x7C, 0xBB, 0xC5, 0x61, 0x16, 0x80, 0x31, 0x2D, + 0xE8, 0xF0, 0xC3, 0x68, 0x14, 0xE1, 0x74, 0xF9, + 0x1E, 0xB6, 0x00, 0xCC, 0x96, 0xE3, 0xCF, 0x51, + 0xBB, 0x20, 0x25, 0x88, 0x77, 0xA2, 0xAA, 0xEB, + 0x82, 0x7F, 0x7F, 0x5A, 0xDA, 0x80, 0x78, 0x6B, + 0x50, 0x84, 0xC8, 0x02, 0xE6, 0x06, 0xDE, 0xF3, + 0x88, 0xA3, 0x9C, 0xE4, 0xF0, 0xD5, 0xBC, 0x19, + 0x39, 0x4C, 0xE8, 0x41, 0xE2, 0xD2, 0xAA, 0x74, + 0x25, 0x23, 0x05, 0x80, 0xFA, 0x66, 0x75, 0xC5, + 0x17, 0x41, 0xD1, 0x75, 0x87, 0x9B, 0x4D, 0x03, + 0xC3, 0x90, 0xF6, 0x52, 0xA5, 0x03, 0xA7, 0x51, + 0x6A, 0x1F, 0x07, 0x5E, 0x30, 0x82, 0xD5, 0x2C, + 0x60, 0xB8, 0x64, 0x2A, 0x82, 0x40, 0xEE, 0x94, + 0x4D, 0x5F, 0xB4, 0x27, 0x37, 0x6B, 0x40, 0xB0, + 0xB2, 0x82, 0xE1, 0x9A, 0xB9, 0x08, 0xCC, 0xF2, + 0x0C, 0xA9, 0x26, 0x11, 0x64, 0x90, 0xAF, 0xED, + 0x57, 0xEA, 0xD0, 0xDC, 0x0C, 0x8E, 0x29, 0x6C, + 0x79, 0xA4, 0x8D, 0x08, 0x8E, 0x83, 0x7A, 0xF0, + 0x67, 0xDC, 0x02, 0x9E, 0xC6, 0x31, 0xF9, 0x93, + 0x3E, 0xE4, 0xD2, 0x07, 0x46, 0xE6, 0x4E, 0x5F, + 0x21, 0x67, 0x55, 0xA1, 0x38, 0x97, 0x4D, 0x30, + 0x82, 0x93, 0x73, 0x6D, 0xC1, 0x86, 0x04, 0x27, + 0x6C, 0xC4, 0x18, 0xBA, 0x69, 0xF8, 0x72, 0xB5, + 0x8E, 0x7F, 0x6E, 0x3A, 0x8B, 0x84, 0x6E, 0xBA, + 0xAE, 0xB3, 0x83, 0xE7, 0xF8, 0x90, 0xF5, 0x4E, + 0x77, 0xF5, 0xD7, 0xF5, 0xD4, 0xA5, 0x8D, 0xB7, + 0x83, 0xEC, 0xA0, 0x49, 0xF1, 0x86, 0x17, 0x12, + 0x82, 0xBA, 0xC2, 0x60, 0x7D, 0x51, 0xB2, 0x98, + 0xB1, 0x49, 0x38, 0xEF, 0xB1, 0x92, 0x8F, 0xC8, + 0xD0, 0x78, 0x06, 0xE8, 0xC3, 0xE7, 0x3B, 0x46, + 0x46, 0xBC, 0xF1, 0x68, 0x90, 0xCC, 0x13, 0x80, + 0xE7, 0xB6, 0x33, 0x50, 0x2B, 0x3E, 0xAD, 0xA4, + 0x47, 0x75, 0x02, 0xE2, 0x46, 0x7C, 0xFD, 0xB9, + 0xAC, 0xBD, 0x1C, 0x72, 0xBC, 0x6A, 0xEB, 0x4F, + 0x41, 0xE1, 0xC2, 0x3C, 0x63, 0x68, 0x39, 0xE3, + 0x57, 0x13, 0x5F, 0x76, 0xBC, 0x39, 0xC4, 0xF9, + 0xAC, 0x1C, 0xE8, 0xF1, 0xBE, 0xEF, 0xEB, 0xFF, + 0x87, 0x59, 0xE8, 0xF7, 0x19, 0x65, 0xD4, 0x85, + 0x4B, 0xEA, 0xAD, 0x0A, 0xFE, 0xDC, 0xA9, 0xD4, + 0xD6, 0xBD, 0x1E, 0x63, 0xD3, 0x48, 0xA4, 0x2C, + 0xEE, 0xFF, 0xC1, 0x70, 0xD0, 0xEE, 0x9F, 0x13, + 0x6F, 0x5B, 0xE9, 0x90, 0x14, 0x66, 0x92, 0x61, + 0x22, 0xF9, 0x48, 0xBD, 0xDE, 0x2A, 0x91, 0x07, + 0xD2, 0xA9, 0x8B, 0xA2, 0xDE, 0xA6, 0xD6, 0xF2, + 0xDA, 0x17, 0x72, 0x47, 0x02, 0xEC, 0x51, 0x8C, + 0x03, 0x75, 0x3D, 0x51, 0xEA, 0x83, 0x1E, 0x95, + 0xCB, 0x87, 0x08, 0xD5, 0xDE, 0xC8, 0x22, 0xDB, + 0x73, 0x7E, 0x44, 0x14, 0x3C, 0x86, 0xF4, 0x71, + 0x77, 0xD8, 0x5C, 0xD0, 0x98, 0xC2, 0x1B, 0x9B, + 0xC8, 0x00, 0xDF, 0xA9, 0xDC, 0x26, 0xFD, 0xC2, + 0x61, 0xE9, 0x21, 0xDE, 0x00, 0x2D, 0x81, 0xC1, + 0x59, 0xF8, 0xEB, 0x1F, 0xEE, 0x67, 0x67, 0x9D, + 0x62, 0x1E, 0xCE, 0x6B, 0x36, 0xD0, 0x1C, 0x77, + 0x5A, 0x16, 0x45, 0xD5, 0x22, 0x92, 0xB4, 0xB2, + 0xB8, 0x22, 0x73, 0x18, 0x77, 0x2A, 0x80, 0x91, + 0xE9, 0xEC, 0x01, 0x70, 0x13, 0xB1, 0x95, 0xEB, + 0xF4, 0xEF, 0x20, 0x1F, 0x4E, 0x88, 0x1C, 0x49, + 0x36, 0x33, 0xC0, 0x7F, 0x27, 0xC9, 0x79, 0x0D, + 0xD8, 0xAE, 0xCC, 0x94, 0x49, 0xCF, 0x63, 0xBC, + 0xB1, 0x19, 0x46, 0x16, 0x9A, 0xCF, 0xF3, 0x95, + 0x42, 0x26, 0x6B, 0x0C, 0x66, 0x85, 0xBB, 0xB0, + 0x80, 0xB5, 0x9F, 0x11, 0x7E, 0xEB, 0x2A, 0x73, + 0x38, 0x2B, 0x3D, 0x18, 0x7C, 0x06, 0x80, 0xC5, + 0xAE, 0x70, 0x90, 0x70, 0xDF, 0x03, 0xA0, 0x08, + 0xA7, 0xAD, 0x13, 0x22, 0x6F, 0x3C, 0x37, 0x15, + 0x39, 0x20, 0x52, 0xF2, 0x44, 0x1B, 0x4A, 0x17, + 0x8D, 0x7C, 0xF7, 0x05, 0x18, 0x33, 0x9C, 0xFF, + 0xBB, 0x54, 0xA6, 0xD9, 0xB9, 0xCD, 0xE3, 0xB0, + 0xB5, 0x7D, 0xBC, 0x79, 0xF4, 0xE4, 0x7A, 0xD6, + 0x27, 0x4C, 0xE2, 0x18, 0x0C, 0x92, 0xAC, 0x64, + 0x10, 0xE5, 0x0D, 0x05, 0xF6, 0x66, 0x5A, 0x57, + 0xD4, 0xD4, 0x47, 0x6C, 0x2C, 0x0E, 0x6E, 0xE0, + 0x75, 0x7A, 0x3A, 0xFE, 0xA2, 0xB1, 0xBF, 0x86, + 0xA5, 0x51, 0xEF, 0x98, 0xAA, 0x1D, 0xFC, 0xBA, + 0x96, 0x31, 0x59, 0x59, 0x45, 0x2B, 0x2B, 0x3A, + 0x2F, 0xCB, 0xBB, 0x95, 0x5C, 0xB3, 0xFA, 0x1E, + 0xEB, 0xBB, 0x83, 0xBD, 0x17, 0x87, 0x67, 0xC0, + 0x2E, 0xFB, 0xBE, 0xFF, 0x6C, 0x7E, 0xEF, 0x94, + 0xB5, 0x5D, 0xF8, 0x83, 0x1D, 0xDF, 0xB7, 0xB2, + 0x02, 0xCE, 0x7D, 0xE0, 0x55, 0xEA, 0xF9, 0x92, + 0x8A, 0xDA, 0xF6, 0xED, 0x0E, 0x31, 0x59, 0xCA, + 0x56, 0xC4, 0x83, 0xFA, 0x3B, 0xA3, 0xD2, 0x47, + 0x8C, 0xA3, 0x94, 0x82, 0x4C, 0xEE, 0x6A, 0xBD, + 0x59, 0x67, 0x09, 0x53, 0xEE, 0x80, 0xD3, 0x83, + 0xAA, 0xA6, 0x08, 0xE1, 0x58, 0x51, 0x13, 0x5C, + 0x1C, 0xDE, 0xEE, 0xB5, 0xF6, 0xA8, 0x89, 0x7C, + 0x3C, 0x9E, 0x06, 0x6A, 0xB4, 0x73, 0x4F, 0xDD, + 0xFA, 0xBC, 0x3B, 0xC3, 0xBA, 0x12, 0x06, 0xBA, + 0x54, 0x34, 0xDC, 0xDE, 0xDB, 0x9D, 0x8B, 0x3A, + 0x81, 0xA2, 0xE6, 0x38, 0x14, 0x6D, 0x83, 0xF1, + 0x4F, 0x06, 0xE5, 0x60, 0x99, 0xC0, 0xC8, 0xA0, + 0xFC, 0xCD, 0xB9, 0xEC, 0xF0, 0xF3, 0xD8, 0x8D, + 0xE3, 0x79, 0x2F, 0x2D, 0x0B, 0x65, 0x1B, 0x61, + 0x9C, 0x57, 0x1B, 0x69, 0xF4, 0xBF, 0x8E, 0x7C, + 0xD1, 0x91, 0x0F, 0x26, 0x6A, 0x4D, 0xAD, 0xF8, + 0xC2, 0xAB, 0xB4, 0xAC, 0x05, 0xBD, 0x1F, 0xBA, + 0x05, 0x8C, 0x03, 0x94, 0xC0, 0x16, 0xDE, 0xE6, + 0x0C, 0x66, 0x40, 0x1A, 0x17, 0xD1, 0x34, 0x59, + 0x54, 0x79, 0x33, 0x38, 0x9A, 0x35, 0x65, 0x69, + 0xAD, 0xA5, 0x32, 0xC9, 0xF4, 0x87, 0x69, 0x88, + 0x55, 0xA4, 0xD7, 0xBC, 0xCD, 0x0E, 0xF6, 0x95, + 0x31, 0x09, 0x4D, 0xA4, 0x08, 0x6F, 0x52, 0xBF, + 0x98, 0xCD, 0xC9, 0xA4, 0xB0, 0xBC, 0x88, 0x8D, + 0xC3, 0x89, 0x1A, 0x76, 0x09, 0x6C, 0x7C, 0x48, + 0x34, 0x90, 0xE9, 0x52, 0x32, 0x6A, 0xE4, 0x02, + 0xD8, 0xDF, 0xD2, 0xF3, 0xDC, 0xCF, 0x1A, 0xA5, + 0xD7, 0xBD, 0x69, 0x8E, 0x2A, 0xA8, 0x8D, 0x29, + 0x48, 0x13, 0xA8, 0x8F, 0xD3, 0x18, 0x66, 0xBC, + 0xA1, 0x1B, 0x3B, 0x91, 0xC0, 0x09, 0xEE, 0xB6, + 0x67, 0x60, 0x1C, 0xEE, 0xAF, 0xAF, 0xE9, 0x7C, + 0x56, 0xFA, 0x33, 0xF9, 0x38, 0x1F, 0x3E, 0x43, + 0x29, 0x90, 0x1A, 0xC3, 0xB7, 0xEA, 0x70, 0x32, + 0xC0, 0x19, 0xE5, 0xC8, 0xA8, 0xEF, 0xD7, 0x04, + 0x4C, 0x97, 0x36, 0x44, 0xAF, 0x2B, 0xE4, 0x20, + 0xA0, 0x33, 0xC6, 0xC2, 0xC7, 0xCE, 0x0C, 0xEA, + 0x39, 0x34, 0xDC, 0x18, 0xB4, 0x2A, 0xDF, 0xD7, + 0xA8, 0x46, 0xF4, 0x2D, 0xD4, 0x06, 0x86, 0x6A, + 0x39, 0x09, 0x29, 0x02, 0x6A, 0xDE, 0x5C, 0x79, + 0x1B, 0x5F, 0x61, 0xF9, 0x42, 0xB1, 0x55, 0x07, + 0x7D, 0x82, 0xF2, 0xAF, 0xCC, 0xFF, 0xF8, 0x5B, + 0x04, 0x06, 0x64, 0x7A, 0x96, 0x27, 0xE3, 0x69, + 0x5D, 0x4B, 0xEA, 0x3D, 0x58, 0xA6, 0x3E, 0x17, + 0x18, 0xD1, 0x84, 0xE4, 0x6B, 0x5F, 0x4B, 0xC8, + 0x41, 0x03, 0x34, 0xA4, 0x09, 0x5D, 0x0F, 0xAF, + 0x30, 0x6F, 0xB9, 0xDC, 0x10, 0x94, 0x25, 0xC3, + 0x16, 0x52, 0xD0, 0x6F, 0xF0, 0x51, 0xA1, 0x62, + 0xEE, 0x2B, 0x7B, 0x1C, 0x54, 0xD6, 0xC7, 0xDE, + 0xD6, 0xE3, 0x95, 0xAA, 0xD1, 0xA8, 0x6D, 0x03, + 0xB1, 0xB6, 0xC8, 0x00, 0x76, 0x7E, 0xC1, 0x44, + 0x12, 0xEE, 0xCE, 0x13, 0x46, 0x20, 0xA6, 0x1D, + 0x36, 0x9A, 0xF4, 0x9E, 0x21, 0xB0, 0xD1, 0x4B, + 0xC4, 0x23, 0x06, 0x49, 0xCD, 0xD3, 0xE9, 0xFD, + 0x84, 0x7A, 0xE5, 0x0B, 0xE9, 0x62, 0xEF, 0xC8, + 0xCB, 0x0F, 0x33, 0x9F, 0x9E, 0x6D, 0x32, 0x47, + 0x53, 0x3B, 0xDE, 0xD8, 0x71, 0x1D, 0x46, 0x1D, + 0x4A, 0xF2, 0xAE, 0x3F, 0xDD, 0x1D, 0x7D, 0x2A, + 0x28, 0x9C, 0x78, 0xCB, 0x19, 0xF3, 0xCD, 0xC2, + 0x14, 0x2B, 0xF5, 0x2B, 0x23, 0xE6, 0xA2, 0x7B, + 0x39, 0xD6, 0x99, 0x54, 0x3C, 0x3D, 0x63, 0x9B, + 0x9C, 0x72, 0xCA, 0x80, 0xB3, 0x7E, 0xA2, 0x77, + 0x5B, 0x5E, 0x26, 0x81, 0xF0, 0xDD, 0x01, 0xDF, + 0xF0, 0xC0, 0x55, 0x13, 0x36, 0x90, 0x62, 0xFE + }; + static const byte msg_87[] = { + 0x9E, 0xFF, 0x34, 0x15, 0x06, 0xD1, 0x8B, 0xCB, + 0x27, 0xA7, 0xFC, 0x4E, 0xAA, 0xBF, 0x5A, 0x7C, + 0x4A, 0x59, 0x37, 0x77, 0x19, 0x6F, 0x66, 0x4B, + 0xCE, 0x31, 0x6C, 0x95, 0x5B, 0x83, 0x5A, 0xD4, + 0xC9, 0xF5, 0xDE, 0x9A, 0x2B, 0xF8, 0x96, 0x15, + 0xDA, 0xCB, 0x9C, 0x1E, 0x61, 0x8C, 0x78, 0xE7, + 0x11, 0x44, 0xCD, 0x4B, 0x70, 0x46, 0xF4, 0x7D, + 0x9A, 0x60, 0x0E, 0x9C, 0xE6, 0x65, 0x96, 0xC4, + 0xC5, 0x5E, 0xDA, 0x23, 0xA6, 0x6C, 0xC1, 0x18, + 0xA4, 0xA7, 0xBD, 0x0D, 0xED, 0x00, 0xAB, 0xDD, + 0xCE, 0x53, 0xFB, 0xF2, 0x48, 0x20, 0x33, 0xA4, + 0x18, 0x85, 0x06, 0xEC, 0x11, 0x3B, 0xBD, 0x98, + 0xD9, 0x89, 0x1F, 0x0D, 0x69, 0x46, 0x3A, 0x0D, + 0x36, 0x15, 0x6B, 0xA3, 0xEA, 0x0D, 0x02, 0xA1, + 0x4C, 0x1F, 0xD7, 0xA3, 0xFE, 0x70, 0x4E, 0xE5, + 0x6B, 0x44, 0x6A, 0xE1, 0x79, 0xF7, 0x2E, 0x10, + 0x4A, 0xA8, 0x1A, 0xF0, 0xA2, 0xF8, 0xFC, 0xA6, + 0xF6, 0xF9, 0x62, 0x96, 0x05, 0x9E, 0xE8, 0x82, + 0x66, 0x80, 0xE4, 0x3F, 0x4B, 0x07, 0x40, 0xF4, + 0x7A, 0xC1, 0x05, 0x66, 0xED, 0x31, 0x07, 0x99, + 0xAC, 0x71, 0x41, 0xD3, 0x8F, 0x69, 0x21, 0x31, + 0x5F, 0x23, 0xAB, 0x3E, 0x64, 0xC8, 0xA7, 0x70, + 0xAA, 0x57, 0x12, 0x80, 0x90, 0xDB, 0x82, 0x8C, + 0x7B, 0xAA, 0x59, 0xC3, 0x29, 0x5C, 0xCA, 0xA2, + 0x38, 0xC7, 0x5F, 0xAC, 0x0F, 0x93, 0xDA, 0x79, + 0x00, 0x74, 0x1B, 0xCD, 0x94, 0xBB, 0x9F, 0xD3, + 0x85, 0x2E, 0xC2, 0xB7, 0xD3, 0x3F, 0x60, 0x0B, + 0x1D, 0x51, 0x66, 0x6A, 0xE2, 0x22, 0xA5, 0x7A, + 0xF1, 0x40, 0xFA, 0x04, 0x9C, 0x2C, 0x9F, 0x6D, + 0x0F, 0xE6, 0xC0, 0xF1, 0xE7, 0xA0, 0xDD, 0xE1, + 0x14, 0x3B, 0xE5, 0xCE, 0xD7, 0xBB, 0xE2, 0x32, + 0xCB, 0xFB, 0xD8, 0xAE, 0x00, 0xEA, 0x5F, 0xC1, + 0x65, 0x02, 0x6D, 0x72, 0x9D, 0xB3, 0x0F, 0x6A, + 0xFD, 0x99, 0x73, 0xB6, 0x72, 0x2C, 0x07, 0xF6, + 0x00, 0x66, 0x54, 0x41, 0xE3, 0x0B, 0x7C, 0x5F, + 0xB2, 0x97, 0xB8, 0xAB, 0x96, 0x9C, 0x06, 0x83, + 0x9D, 0x33, 0x1D, 0xEE, 0x96, 0xDE, 0x48, 0x68, + 0x7D, 0xC9, 0xDA, 0x53, 0x1A, 0x95, 0xCA, 0x83, + 0xA7, 0x6F, 0x4B, 0x07, 0x6D, 0xFC, 0xF4, 0x83, + 0xF0, 0x04, 0x50, 0xE5, 0x1C, 0x8D, 0x34, 0xD8, + 0xED, 0x8E, 0x4B, 0x3D, 0xAF, 0xAE, 0x66, 0x4B, + 0x6D, 0xC1, 0x3E, 0xD8, 0x8E, 0x6D, 0x63, 0x02, + 0x7D, 0xD4, 0x38, 0xCB, 0x74, 0xF4, 0x12, 0xE8, + 0x70, 0xCC, 0x9D, 0xFD, 0x29, 0xB5, 0x2A, 0xBC, + 0xA1, 0x69, 0xC1, 0x7E, 0x97, 0x47, 0x58, 0xE0, + 0x3A, 0xC0, 0xFB, 0x7F, 0xE5, 0x64, 0x50, 0x8E, + 0x01, 0x7A, 0x9B, 0x47, 0x49, 0xD6, 0x41, 0xAF, + 0x0D, 0xE3, 0x84, 0x08, 0x8F, 0xA0, 0x0C, 0x69, + 0x40, 0x23, 0x3D, 0xDE, 0xFB, 0x65, 0x7C, 0x18, + 0x1C, 0x82, 0xA1, 0xB6, 0xA3, 0x1F, 0xCC, 0xF4, + 0xD5, 0x2C, 0x9D, 0x35, 0x1E, 0x6B, 0xDF, 0xDF, + 0x48, 0xBC, 0xE4, 0x14, 0x60, 0x74, 0x62, 0xDB, + 0x76, 0x9F, 0x9E, 0xB1, 0x59, 0x25, 0xBA, 0x9F, + 0xAF, 0xBA, 0xB2, 0x29, 0xB5, 0x89, 0x6B, 0xF1, + 0xF8, 0xE4, 0x7D, 0xF1, 0x7C, 0x82, 0x08, 0xDF, + 0xD5, 0x96, 0x04, 0xB6, 0x05, 0x2C, 0xD2, 0xCE, + 0xAB, 0x56, 0x40, 0x0F, 0x11, 0xC4, 0xD9, 0x52, + 0x1E, 0x1A, 0xB8, 0x27, 0x4A, 0xB5, 0x76, 0x4C, + 0x73, 0xE9, 0x41, 0x32, 0x42, 0x0E, 0x32, 0xB6, + 0xAE, 0xB0, 0x76, 0x33, 0x78, 0xD9, 0xBA, 0x68, + 0xE1, 0xFC, 0xDE, 0x2B, 0xD6, 0xDE, 0xDA, 0x39, + 0x17, 0xC0, 0x00, 0xAF, 0x39, 0xB7, 0x8F, 0x4C, + 0xCA, 0x7C, 0x8F, 0xBF, 0x94, 0xB4, 0xCB, 0x8A, + 0x81, 0x16, 0xEE, 0xEC, 0xFE, 0xF0, 0x13, 0x1E, + 0xC9, 0xF2, 0xDE, 0xDA, 0x01, 0x40, 0xC9, 0x02, + 0xA8, 0xD6, 0xE6, 0x0E, 0x98, 0xB3, 0xCD, 0x9D, + 0x9C, 0x75, 0x24, 0x8B, 0xF8, 0x84, 0x5A, 0xC0, + 0xD7, 0xE0, 0x6B, 0xA0, 0xE1, 0x83, 0x10, 0xFE, + 0xCE, 0x98, 0x62, 0x07, 0x54, 0x2C, 0xC1, 0xEE, + 0x08, 0x88, 0x43, 0xEF, 0x74, 0xA2, 0x6A, 0xEC, + 0xB6, 0xD0, 0x6F, 0x0F, 0xEF, 0xE1, 0xB7, 0x2C, + 0xF9, 0x33, 0x06, 0xC3, 0x2E, 0xD2, 0x8A, 0xEC, + 0xC5, 0x5B, 0xB1, 0x03, 0xA0, 0x84, 0x6D, 0x0C, + 0x84, 0x13, 0x6D, 0xB0, 0xB0, 0x54, 0xF3, 0xDE, + 0xA3, 0x9A, 0x72, 0x6C, 0x6F, 0xD6, 0x59, 0x7F, + 0x9B, 0x03, 0x8C, 0xC2, 0x38, 0x46, 0x01, 0x76, + 0x38, 0xF4, 0x43, 0x68, 0x81, 0x0D, 0x86, 0x29, + 0x3D, 0xDF, 0xE5, 0x48, 0x61, 0x53, 0x2F, 0x85, + 0xF5, 0x3F, 0x09, 0x30, 0x48, 0xC3, 0xE0, 0x09, + 0xC4, 0x32, 0x11, 0x27, 0xAD, 0xAA, 0xEC, 0x6A, + 0x5C, 0xCE, 0x03, 0xE0, 0xD9, 0xE9, 0x1D, 0xAC, + 0xCA, 0xBB, 0x2F, 0x50, 0xE0, 0x1E, 0xB2, 0xAC, + 0x2B, 0x39, 0x6D, 0x24, 0xB0, 0x5D, 0x45, 0x3B, + 0xD5, 0x1D, 0x52, 0x9F, 0xBA, 0x51, 0xE4, 0x6D, + 0x30, 0xC5, 0x66, 0x13, 0x00, 0x5A, 0xBF, 0x62, + 0x63, 0xB9, 0x8D, 0x8D, 0xFE, 0xB5, 0x26, 0x16, + 0xD1, 0xCB, 0x78, 0x92, 0x18, 0x1C, 0x2F, 0xC2, + 0xE2, 0x04, 0x3B, 0x99, 0x4C, 0x81, 0x66, 0x58, + 0x48, 0x2E, 0x06, 0x06, 0x34, 0x83, 0x78, 0xA3, + 0xCC, 0x85, 0x40, 0xE0, 0x20, 0x27, 0x3F, 0x10, + 0xB6, 0x9E, 0x20, 0x21, 0xA9, 0x2D, 0x9C, 0x36, + 0xCC, 0x9B, 0x97, 0x79, 0xFE, 0x8C, 0xE7, 0xA4, + 0x99, 0xAE, 0xB5, 0x3E, 0xC6, 0xDD, 0xB4, 0xF2, + 0xEC, 0x22, 0xBF, 0xB4, 0x52, 0xFC, 0x5E, 0x79, + 0x7D, 0x3A, 0x25, 0x33, 0x26, 0x00, 0x06, 0xFE, + 0x6D, 0xCC, 0xE4, 0xE9, 0x76, 0x65, 0xC6, 0x8C, + 0x39, 0x93, 0xDC, 0x7E, 0xA0, 0xBD, 0x4B, 0xDC, + 0xD2, 0x47, 0x21, 0xB0, 0x2B, 0x09, 0x02, 0xB1, + 0x84, 0x0D, 0xDE, 0xC5, 0x18, 0x20, 0x38, 0x76, + 0x2D, 0x55, 0xFC, 0x11, 0xB9, 0x87, 0x3A, 0x0D, + 0xD2, 0xEB, 0xBD, 0x55, 0xAD, 0xE3, 0x86, 0x5C, + 0xFF, 0x3D, 0x54, 0x5F, 0x76, 0x33, 0x53, 0x69, + 0xDD, 0x9E, 0x70, 0xB0, 0x73, 0x99, 0x77, 0xF6, + 0xE9, 0x8A, 0x61, 0x27, 0x19, 0x4A, 0x19, 0x26, + 0xA6, 0x97, 0xE4, 0x7F, 0x73, 0xE0, 0x4F, 0xF5, + 0xBD, 0x52, 0x5E, 0x8F, 0x17, 0x22, 0x00, 0x8F, + 0x7C, 0x15, 0x5C, 0xD3, 0xAD, 0xE0, 0xA5, 0xB6, + 0x6A, 0x31, 0x36, 0xFD, 0xD8, 0x44, 0xAE, 0x5E, + 0xCD, 0x6C, 0x82, 0x77, 0xC3, 0xD0, 0x7F, 0x39, + 0x72, 0x1E, 0x91, 0x19, 0x50, 0xE1, 0x28, 0x20, + 0x88, 0x3A, 0x6B, 0xC8, 0xA9, 0xE7, 0x93, 0x28, + 0x0F, 0xA7, 0x4F, 0xF2, 0x1A, 0xC2, 0x13, 0x4E, + 0x6B, 0xAE, 0x71, 0x3F, 0x43, 0x89, 0xC9, 0xE7, + 0xDD, 0x05, 0xBB, 0x41, 0x09, 0xB5, 0x5E, 0xB9, + 0x23, 0x51, 0xC0, 0xEB, 0x92, 0x1A, 0x0C, 0x3F, + 0xAC, 0xC5, 0x00, 0x8C, 0xB8, 0x5C, 0x3F, 0x2D, + 0x5F, 0x9A, 0xCE, 0xAE, 0x9B, 0x4B, 0x71, 0x48, + 0x25, 0xFD, 0xE2, 0xB6, 0x26, 0x3F, 0xEE, 0x10, + 0x33, 0x07, 0x4F, 0x59, 0xF0, 0x73, 0xE9, 0x39, + 0x5C, 0x0D, 0x8B, 0xB5, 0xD1, 0xEF, 0xE5, 0xBF, + 0xBB, 0xE1, 0x80, 0xF7, 0xC5, 0x91, 0xC1, 0x72, + 0xAA, 0xB0, 0x5E, 0x7C, 0x53, 0x69, 0x4C, 0x37, + 0x7A, 0xD2, 0x7B, 0x9D, 0x1C, 0xFA, 0x0F, 0xE0, + 0x92, 0x93, 0x40, 0x5D, 0xBE, 0x1C, 0xF8, 0x84, + 0x7A, 0x35, 0x1F, 0x72, 0x77, 0x68, 0xE2, 0xAF, + 0xA5, 0x6B, 0x54, 0xFF, 0x53, 0x7C, 0xCD, 0x9D, + 0x6A, 0x49, 0xD1, 0xCA, 0x74, 0x5F, 0xF5, 0xDB, + 0x54, 0xF8, 0x60, 0xA7, 0x41, 0x66, 0xDE, 0xFF, + 0xB0, 0xB2, 0xF9, 0x21, 0x06, 0xB7, 0x81, 0x4C, + 0x9C, 0xEF, 0xFD, 0x11, 0xD5, 0x63, 0xD8, 0xF3, + 0x3A, 0x81, 0xC4, 0x9D, 0x1B, 0xA8, 0x37, 0x73, + 0x57, 0x26, 0x29, 0xF8, 0xB4, 0x7F, 0x9F, 0xA2, + 0x7D, 0x2A, 0x63, 0x2C, 0x70, 0x08, 0x1E, 0x2E, + 0xE7, 0xED, 0x73, 0xAB, 0xD2, 0x4C, 0x02, 0x7E, + 0xF1, 0x15, 0x26, 0xE1, 0x09, 0x5C, 0x29, 0x13, + 0xDF, 0x69, 0x29, 0x25, 0xE5, 0x68, 0x39, 0x10, + 0x9B, 0xD0, 0x5E, 0xD8, 0xE2, 0xC9, 0x08, 0x61, + 0x63, 0xCD, 0xF9, 0x45, 0xBC, 0x16, 0xDC, 0x80, + 0x4C, 0x0F, 0x61, 0xEE, 0x8F, 0x3B, 0x72, 0xDB, + 0x02, 0x45, 0xF6, 0x78, 0x69, 0x81, 0xFC, 0xE0, + 0x32, 0x2F, 0xC2, 0xAF, 0xCD, 0x4E, 0x8E, 0x52, + 0x03, 0xB5, 0x1C, 0x7C, 0x37, 0x2C, 0x58, 0xD5, + 0xE2, 0x92, 0xA7, 0xE2, 0x49, 0x6C, 0x3F, 0x5D, + 0x7F, 0x2B, 0x26, 0x70, 0x1C, 0x0C, 0x16, 0x7F, + 0x49, 0x30, 0x71, 0x14, 0xEB, 0xBE, 0x13, 0xF4, + 0xF1, 0xAA, 0x5A, 0xCF, 0x98, 0xF2, 0x07, 0x29, + 0xB5, 0x12, 0x84, 0x80, 0x01, 0x46, 0x11, 0xA4, + 0x44, 0xAE, 0x6D, 0xE0, 0x43, 0x7F, 0xFD, 0x5D, + 0x84, 0xB5, 0x6E, 0x3E, 0x55, 0x0D, 0xE8, 0x66, + 0x13, 0xA9, 0x28, 0x5A, 0x10, 0x84, 0x0B, 0xED, + 0x0B, 0x69, 0xF0, 0x19, 0x69, 0x9B, 0x34, 0xB8, + 0x6F, 0xC6, 0x22, 0xD3, 0x25, 0x26, 0x9D, 0x1A, + 0x04, 0x6B, 0x53, 0xA4, 0xDF, 0x12, 0x93, 0xA5, + 0x2C, 0xEE, 0x1C, 0x35, 0xFE, 0x81, 0x6B, 0x67, + 0x81, 0x92, 0x07, 0xE0, 0x9A, 0x02, 0xC9, 0xD8, + 0x59, 0x4D, 0x51, 0xE8, 0xB3, 0x14, 0x55, 0x2F, + 0xDE, 0x26, 0xDB, 0x7C, 0xEB, 0x8D, 0x80, 0x12, + 0x4A, 0x8A, 0x1C, 0x33, 0x74, 0x8E, 0x05, 0xC1, + 0xAF, 0xD6, 0xE8, 0x7B, 0x56, 0x7C, 0x41, 0xE0, + 0xE7, 0x3F, 0x32, 0x5F, 0x25, 0xDD, 0x2F, 0x48, + 0x21, 0x90, 0xC4, 0x04, 0x42, 0x1A, 0x3D, 0x6A, + 0x0E, 0x5D, 0x5C, 0xDB, 0xE2, 0xB0, 0x18, 0x8B, + 0xAC, 0x77, 0xC6, 0xE3, 0x5D, 0x77, 0xC0, 0xA3, + 0x2B, 0x1D, 0x96, 0x29, 0xF8, 0x8E, 0x70, 0xA7, + 0x65, 0xFE, 0xE3, 0x8C, 0x1A, 0xB2, 0x39, 0x75, + 0xB9, 0x45, 0xF2, 0x16, 0x1F, 0x6C, 0xFE, 0x7E, + 0x68, 0x2A, 0xED, 0x96, 0x84, 0x95, 0x47, 0x05, + 0x1D, 0xDE, 0xB7, 0x7B, 0x90, 0xF6, 0xAF, 0x00, + 0x74, 0x7C, 0x47, 0xE0, 0x2E, 0x80, 0xB6, 0x9A, + 0x0D, 0x4B, 0x78, 0xA4, 0x7D, 0xDD, 0x81, 0xE2, + 0x99, 0x27, 0x1F, 0xA7, 0x8F, 0xE4, 0x23, 0xAD, + 0xDF, 0x12, 0x0D, 0xD0, 0x4D, 0x46, 0xC1, 0x32, + 0xE9, 0x70, 0xF4, 0xA0, 0x4E, 0x97, 0xA5, 0x88, + 0xD2, 0x7C, 0x7B, 0xA8, 0x43, 0x26, 0x18, 0x2A, + 0xAE, 0x04, 0xC2, 0x51, 0x28, 0x99, 0x71, 0x69, + 0x1D, 0x96, 0x78, 0xD4, 0x09, 0x88, 0x16, 0x88, + 0xF3, 0xBC, 0xCB, 0x95, 0x08, 0x30, 0xE6, 0x5B, + 0x78, 0x48, 0x41, 0x00, 0x4E, 0x40, 0x44, 0x58, + 0xE6, 0x16, 0x59, 0x63, 0xCF, 0xB4, 0xEE, 0xB5, + 0x05, 0xFD, 0xD1, 0x35, 0xF3, 0x1E, 0xD0, 0x14, + 0x7C, 0xC9, 0xE9, 0x87, 0x7F, 0xFF, 0x41, 0x07, + 0x68, 0x91, 0x06, 0x17, 0x4E, 0x76, 0x66, 0xEE, + 0xCB, 0x6C, 0xF2, 0xDA, 0x9C, 0x93, 0x51, 0xDC, + 0x43, 0x4A, 0x94, 0x49, 0x38, 0x4E, 0xED, 0x7F, + 0x5F, 0x90, 0x77, 0xB4, 0x2F, 0x0F, 0xC5, 0xD9, + 0xF0, 0xF5, 0xF7, 0x21, 0x91, 0x32, 0xFF, 0x9A, + 0x47, 0x09, 0x83, 0xE1, 0x9D, 0x30, 0xA4, 0xF3, + 0x7D, 0x18, 0x97, 0x44, 0xD8, 0x32, 0xFD, 0x5F, + 0xB3, 0x97, 0x49, 0x4E, 0x11, 0xAD, 0xF7, 0x4F, + 0x4E, 0x90, 0x0A, 0x41, 0x87, 0xCF, 0xF5, 0xDA, + 0x8F, 0x6D, 0x7B, 0x35, 0xAE, 0xA0, 0x16, 0xA8, + 0xDE, 0x88, 0x62, 0x26, 0x5F, 0x13, 0x69, 0xFB, + 0x36, 0x7E, 0xF1, 0x86, 0x0C, 0x8E, 0x07, 0xC3, + 0x3F, 0x32, 0x82, 0xB4, 0xD9, 0x83, 0x7C, 0xDF, + 0x3E, 0xF6, 0x58, 0x42, 0x2D, 0x34, 0xDE, 0xA4, + 0x1E, 0x56, 0xDD, 0x18, 0x70, 0x36, 0x81, 0xD0, + 0x44, 0xE3, 0xC4, 0x03, 0xAF, 0x33, 0xD1, 0xE7, + 0xAF, 0xA9, 0x6A, 0x8C, 0x44, 0x35, 0xFE, 0xBB, + 0xA0, 0xD2, 0x5D, 0xE0, 0xE4, 0xAE, 0xDF, 0xFB, + 0x82, 0xA0, 0xBA, 0xDE, 0x76, 0xB6, 0x6C, 0xA9, + 0xBE, 0xC7, 0xE9, 0xD7, 0x3F, 0x1C, 0xB2, 0x9C, + 0xD7, 0x3C, 0xF0, 0x0C, 0x2F, 0x60, 0x44, 0xD8, + 0x34, 0x53, 0xCE, 0xDD, 0xE0, 0x3F, 0x97, 0x2E, + 0xBB, 0x03, 0x20, 0x62, 0xD0, 0xA8, 0x23, 0x9F, + 0xB6, 0x99, 0xEC, 0x89, 0x0D, 0x32, 0x0F, 0x6F, + 0xAF, 0x3D, 0x20, 0x7B, 0xDC, 0x9A, 0xFE, 0xA2, + 0x02, 0x8B, 0x86, 0x99, 0x56, 0x23, 0x43, 0xAA, + 0x50, 0xF7, 0x0A, 0x4E, 0x8C, 0x62, 0xDA, 0xF8, + 0xB8, 0xCC, 0xA7, 0x2D, 0x02, 0x47, 0x63, 0xBA, + 0xEC, 0x25, 0x00, 0x23, 0xEA, 0xE8, 0x25, 0xC6, + 0x51, 0xAC, 0xC4, 0xAA, 0xA0, 0xDB, 0x6C, 0x5E, + 0xC7, 0xEF, 0xD0, 0x71, 0xED, 0xFB, 0x95, 0xAF, + 0x61, 0x0B, 0x64, 0x01, 0x61, 0x4F, 0x4F, 0xC6, + 0x36, 0x27, 0x75, 0xC3, 0x81, 0x0A, 0x9A, 0x21, + 0x69, 0xF8, 0x4A, 0x21, 0x12, 0x3B, 0x03, 0x1C, + 0xCE, 0x08, 0x7D, 0x52, 0x0E, 0x99, 0xE2, 0x62, + 0xE8, 0x81, 0x2E, 0x84, 0x09, 0x8E, 0xBE, 0x9B, + 0xCE, 0xD6, 0xE6, 0xA4, 0xF7, 0x3B, 0x67, 0x45, + 0x41, 0xDE, 0x0B, 0xCF, 0x5E, 0x7E, 0x31, 0x8F, + 0x90, 0x6D, 0x90, 0x1F, 0xEB, 0x1D, 0x9D, 0x1C, + 0xCB, 0x6C, 0xFF, 0xE8, 0x50, 0xDB, 0xFF, 0x75, + 0xC8, 0xA8, 0x9F, 0x43, 0xCB, 0x94, 0x89, 0x5F, + 0x28, 0x69, 0x6F, 0xAB, 0xB6, 0xAD, 0xCE, 0xE7, + 0x69, 0x7E, 0x60, 0x09, 0x03, 0x87, 0x43, 0x6E, + 0x19, 0xB1, 0x38, 0x81, 0x9B, 0x90, 0xAE, 0xB1, + 0x8A, 0xC2, 0x7D, 0x2C, 0x65, 0x9B, 0x0D, 0xF1, + 0x77, 0x94, 0xA7, 0x2F, 0x8B, 0xB7, 0xCE, 0x03, + 0xEE, 0x9A, 0x78, 0xFE, 0x8C, 0x8A, 0x37, 0x45, + 0xD5, 0x05, 0xDE, 0xD8, 0x85, 0x00, 0xF4, 0xCF, + 0x98, 0xFB, 0x62, 0x85, 0xB0, 0xBD, 0x82, 0xE2, + 0x7D, 0xED, 0x93, 0x3B, 0xCC, 0x18, 0x73, 0xF8, + 0x8A, 0xBD, 0x82, 0x8F, 0x60, 0x47, 0xAC, 0xEC, + 0x47, 0x2D, 0xEA, 0xE8, 0x7D, 0x8A, 0xDE, 0x0A, + 0xD0, 0x73, 0x48, 0xFF, 0xAF, 0x59, 0xC1, 0x70, + 0x29, 0xD8, 0x45, 0x38, 0x77, 0x7F, 0x73, 0xBF, + 0xED, 0x5C, 0x63, 0x63, 0x0B, 0xC4, 0x43, 0xE0, + 0xFA, 0x12, 0xDE, 0x72, 0x2D, 0xAB, 0xBB, 0xC2, + 0x25, 0x0A, 0xBA, 0x3F, 0xD8, 0x61, 0x54, 0xEE, + 0x20, 0x8D, 0x53, 0xA3, 0x27, 0xA7, 0xFF, 0x26, + 0xA0, 0x17, 0x93, 0x39, 0x4D, 0x04, 0x15, 0x8B, + 0xB3, 0x20, 0x60, 0x04, 0x47, 0xE2, 0xFD, 0x7D, + 0x7C, 0x6D, 0xE0, 0x76, 0xA5, 0x13, 0xD6, 0x81, + 0x95, 0xB0, 0x67, 0x20, 0x4F, 0xF6, 0x00, 0x5B, + 0x16, 0x25, 0x54, 0x2B, 0x28, 0x37, 0x2F, 0x06, + 0x80, 0x60, 0x53, 0xAE, 0xE2, 0xEA, 0x9F, 0x88, + 0xAE, 0xA2, 0x9A, 0x27, 0x02, 0x15, 0x4B, 0xF4, + 0x43, 0xBC, 0x70, 0x7D, 0x0A, 0x96, 0xEB, 0x06, + 0xCE, 0x43, 0xEF, 0xE6, 0x6A, 0xAC, 0x1F, 0x16, + 0x95, 0xE2, 0x8C, 0xF1, 0x07, 0x19, 0x3D, 0x06, + 0x2E, 0x71, 0xB6, 0x3A, 0xFD, 0xCF, 0x9E, 0x05, + 0x0B, 0xBE, 0xD7, 0x48, 0x4E, 0xC5, 0xE8, 0x0C, + 0x51, 0x5A, 0xC8, 0x20, 0xF0, 0xCD, 0xF9, 0x65, + 0xDD, 0x97, 0xF7, 0xA1, 0x1B, 0x57, 0xB2, 0x1A, + 0x04, 0xBF, 0x42, 0xF2, 0xA3, 0x3D, 0x61, 0x97, + 0x64, 0xDF, 0xB3, 0x63, 0x11, 0xFD, 0xAD, 0x8C, + 0x83, 0xA7, 0x48, 0xBA, 0x34, 0x42, 0xC5, 0x70, + 0x64, 0x5A, 0x78, 0x5E, 0x67, 0x03, 0xE5, 0xBF, + 0x22, 0xE8, 0x46, 0xFC, 0x51, 0x6C, 0xB4, 0x99, + 0x15, 0xFD, 0x63, 0xB6, 0x3E, 0x5D, 0xBF, 0x56, + 0xF5, 0x5E, 0xA4, 0x01, 0x16, 0xD5, 0x03, 0x4B, + 0xBB, 0x94, 0x5F, 0x58, 0xD6, 0x76, 0x95, 0xC7, + 0x96, 0xF1, 0xC1, 0xD0, 0x53, 0xA3, 0xEB, 0x28, + 0xA9, 0x5E, 0x8F, 0x38, 0x8E, 0x80, 0x04, 0xC3, + 0xB2, 0x4F, 0xD5, 0xFC, 0xCA, 0x7B, 0xB1, 0xE3, + 0xB9, 0x9A, 0x9F, 0x3C, 0x94, 0x5E, 0xF8, 0xA5, + 0x35, 0xF1, 0x37, 0x43, 0x20, 0x71, 0xA5, 0xCA, + 0x5B, 0x6F, 0x7D, 0xC7, 0xB8, 0xBC, 0xE5, 0x5A, + 0xD0, 0xF3, 0xB6, 0xCF, 0x1B, 0xCB, 0xB9, 0xCD, + 0x35, 0xE2, 0x41, 0xF8, 0x6E, 0x46, 0x97, 0x27, + 0x26, 0x48, 0xF4, 0x73, 0xDB, 0xD5, 0xB7, 0x68, + 0x1E, 0xF0, 0xC7, 0x84, 0x49, 0xE6, 0xC5, 0xFA, + 0x93, 0x0D, 0x83, 0x2C, 0x85, 0x1E, 0xED, 0x2A, + 0x65, 0x12, 0x19, 0xD7, 0xD9, 0xC3, 0xBB, 0x23, + 0xF3, 0xC6, 0xAD, 0x7E, 0xB7, 0x78, 0x68, 0x54, + 0x1F, 0x3C, 0xEE, 0x09, 0xF5, 0x1E, 0xE0, 0x4E, + 0xBA, 0x1B, 0xBC, 0x29, 0x69, 0x8A, 0xED, 0xD3, + 0xC7, 0xAC, 0xEC, 0x44, 0x29, 0xD7, 0xA4, 0x0C, + 0xFA, 0xBD, 0xA2, 0x29, 0x34, 0x80, 0x16, 0x4F, + 0x37, 0xEC, 0xB6, 0x73, 0xF2, 0xB5, 0xD7, 0x51, + 0x57, 0x43, 0xAF, 0x7E, 0xD0, 0xB6, 0xE0, 0x96, + 0xF0, 0xE2, 0xFE, 0xCE, 0xC8, 0x9F, 0x40, 0xD6, + 0xAF, 0xE0, 0xBF, 0xCD, 0x70, 0x37, 0x91, 0x69, + 0x99, 0x8C, 0xDF, 0x4A, 0x20, 0xDE, 0xB6, 0xC6, + 0x7A, 0xB4, 0xE3, 0x6A, 0xAD, 0x53, 0xED, 0xB9, + 0x8A, 0x13, 0x61, 0xC5, 0xE9, 0xB0, 0xDC, 0x16, + 0x36, 0xD7, 0x51, 0xA8, 0x7B, 0x52, 0x05, 0x3B, + 0xAD, 0x5C, 0xD2, 0xBD, 0x6F, 0x6B, 0xA9, 0x51, + 0xA7, 0xE8, 0x7E, 0xA4, 0xB6, 0x77, 0xAE, 0x00, + 0x89, 0x3A, 0x1F, 0x76, 0x72, 0x3F, 0xC5, 0x6C, + 0x49, 0x4F, 0xB5, 0xCA, 0x2F, 0x5D, 0xAE, 0xF8, + 0x58, 0x9A, 0xE2, 0x5B, 0x54, 0x76, 0xF4, 0xAA, + 0x89, 0xD4, 0x04, 0xAF, 0x1C, 0x26, 0x65, 0xEC, + 0xA1, 0x81, 0x06, 0x2A, 0x4B, 0x5E, 0xD5, 0x90, + 0xB8, 0x26, 0x33, 0x64, 0x15, 0x33, 0x25, 0xAC, + 0x97, 0x9A, 0xCA, 0x1B, 0x64, 0x50, 0x82, 0x8F, + 0x65, 0x6A, 0xD4, 0x47, 0xCF, 0x7E, 0x93, 0x7D, + 0xB3, 0xCB, 0xFE, 0x55, 0x0A, 0x46, 0x93, 0x22, + 0xB5, 0x46, 0xAB, 0xD6, 0x05, 0x59, 0x14, 0x5E, + 0x1B, 0xD4, 0x2D, 0xAF, 0xA3, 0x18, 0xB7, 0xA0, + 0xD7, 0x11, 0x70, 0xDE, 0x81, 0x8B, 0xD6, 0x64, + 0xFD, 0x38, 0xBD, 0x29, 0x92, 0x41, 0x80, 0xC4, + 0x4A, 0x6D, 0x34, 0x1B, 0xF0, 0x59, 0xA0, 0xD6, + 0x48, 0x55, 0xD2, 0xA5, 0xE2, 0x91, 0xB6, 0x71, + 0xF4, 0x90, 0x97, 0x8B, 0x0A, 0xDD, 0x90, 0xEA, + 0x61, 0x9B, 0x30, 0xA6, 0x2F, 0x5D, 0xB4, 0xEE, + 0x7A, 0x10, 0x40, 0x59, 0x89, 0xAC, 0x30, 0x6E, + 0x9C, 0x7B, 0xBC, 0x11, 0x75, 0x38, 0x00, 0x2E, + 0xDF, 0xED, 0x87, 0x47, 0x30, 0xFB, 0xD4, 0x8A, + 0xC6, 0xBE, 0xC7, 0x20, 0xC8, 0x3D, 0x51, 0x05, + 0x67, 0x48, 0xDE, 0xE2, 0xBF, 0x95, 0x5E, 0x7B, + 0xD7, 0xC7, 0x86, 0xDF, 0x68, 0x57, 0xA9, 0x29, + 0xBC, 0xF8, 0xE3, 0x81, 0x62, 0x1B, 0x37, 0x58, + 0xF2, 0xFF, 0xEE, 0xE8, 0x28, 0x08, 0x36, 0x23, + 0x5B, 0x24, 0x68, 0x1E, 0x62, 0xBD, 0x27, 0xC2, + 0x6F, 0xE9, 0x63, 0x67, 0x53, 0xC7, 0x8A, 0xB5, + 0xA7, 0xEF, 0x29, 0xFE, 0x60, 0xAC, 0x29, 0xCF, + 0x67, 0x40, 0x9F, 0xE6, 0x57, 0xCE, 0x65, 0x3A, + 0x2F, 0xDA, 0xA7, 0xF2, 0x0C, 0x50, 0x19, 0xE6, + 0xF7, 0x43, 0x2E, 0x8C, 0xEB, 0x9E, 0x99, 0x92, + 0xE6, 0x46, 0xB7, 0x8D, 0x43, 0x65, 0xFD, 0x02, + 0x17, 0x74, 0x6F, 0x7B, 0xA3, 0x1E, 0x06, 0x9D, + 0x75, 0x4E, 0x05, 0xED, 0x5A, 0x71, 0xFC, 0x5E, + 0x7D, 0x6D, 0x64, 0x5E, 0xAF, 0x41, 0x44, 0xD6, + 0xBC, 0x43, 0x05, 0x5E, 0x6C, 0xDB, 0x89, 0x34, + 0xC7, 0x02, 0x64, 0x08, 0xAE, 0x96, 0x53, 0x5B, + 0xA2, 0xDE, 0xCD, 0x2F, 0x74, 0x56, 0xD6, 0xEC, + 0xA4, 0x23, 0x68, 0xCD, 0x9A, 0xC5, 0x05, 0x7B, + 0x7D, 0x1E, 0x12, 0xF7, 0x7A, 0xA8, 0x7C, 0x43, + 0x7E, 0x7A, 0x43, 0x31, 0x5D, 0xA0, 0x81, 0xE5, + 0x3A, 0xFE, 0x23, 0xB5, 0xBC, 0xC2, 0xF4, 0xCE, + 0x3A, 0x80, 0x06, 0xE8, 0x1E, 0x08, 0xAF, 0x0A, + 0x33, 0xC1, 0xA9, 0x30, 0x7C, 0x8D, 0x5A, 0xC5, + 0x93, 0x89, 0xF2, 0x69, 0x24, 0x11, 0x6C, 0xAB, + 0x0B, 0x87, 0xD5, 0x49, 0xD0, 0x38, 0x3C, 0x27, + 0x4E, 0x8E, 0x85, 0xD4, 0x6E, 0x0F, 0xCD, 0x70, + 0xE3, 0x68, 0x42, 0xCA, 0x4C, 0x8D, 0x6D, 0x0F, + 0x48, 0xF3, 0xED, 0xF9, 0xE9, 0x43, 0x5D, 0xBF, + 0x55, 0x75, 0xF8, 0xEB, 0x78, 0x93, 0x72, 0x75, + 0x8B, 0xF5, 0xBD, 0xE9, 0x9D, 0xA2, 0xB9, 0x81, + 0x83, 0xDB, 0xAC, 0x82, 0xD1, 0xC1, 0x20, 0x03, + 0x72, 0x4D, 0xDC, 0x42, 0xAE, 0xC8, 0x1C, 0x0C, + 0x78, 0x22, 0x77, 0x27, 0x91, 0x50, 0x4C, 0x90, + 0xEA, 0x13, 0x8B, 0x6C, 0x91, 0xDF, 0x5D, 0x25, + 0x36, 0x9C, 0xC2, 0x06, 0x4F, 0xD5, 0xE2, 0xCC, + 0x9D, 0x89, 0x3B, 0xC4, 0x23, 0x5D, 0x88, 0x17, + 0x62, 0x4E, 0xC9, 0xFA, 0xC8, 0xEF, 0x1D, 0x45, + 0xE1, 0xFB, 0x58, 0xB3, 0x8E, 0xBD, 0x8D, 0xAE, + 0x12, 0xFF, 0xA0, 0x37, 0xE0, 0x7F, 0x5B, 0x41, + 0x1D, 0x40, 0x17, 0xAF, 0x95, 0x2D, 0x8C, 0x42, + 0xC6, 0x1A, 0x2A, 0x1E, 0x8E, 0x70, 0x25, 0xD6, + 0xD3, 0xA2, 0x85, 0xAA, 0x17, 0xFF, 0x0D, 0xB4, + 0x39, 0xD0, 0xF2, 0xAF, 0xA0, 0x4F, 0x31, 0x8D, + 0x6D, 0x57, 0x6A, 0xED, 0xC6, 0xF1, 0xE7, 0x67, + 0xA6, 0x6F, 0xB3, 0x9B, 0x72, 0xC6, 0x7F, 0x05, + 0xAF, 0x40, 0x87, 0x12, 0x0D, 0xC8, 0x98, 0x88, + 0x2D, 0xDE, 0xA1, 0x7C, 0x95, 0x32, 0xB2, 0x7A, + 0xB5, 0x9D, 0xE4, 0x0D, 0x75, 0xD4, 0x17, 0x5B, + 0xB4, 0x92, 0x73, 0xAF, 0x87, 0x3A, 0x92, 0xDA, + 0x4D, 0x87, 0xE2, 0x53, 0xCA, 0xE7, 0x2A, 0x52, + 0x64, 0xE0, 0xC1, 0xDE, 0x4C, 0x9C, 0xF9, 0x1A, + 0x1F, 0x3A, 0xD6, 0x05, 0xA0, 0xCC, 0x8D, 0x91, + 0x93, 0x51, 0xF9, 0x37, 0x1A, 0xFC, 0x68, 0xEF, + 0xBC, 0xED, 0x19, 0x8E, 0x4C, 0xD1, 0xB5, 0x8C, + 0xA2, 0x85, 0xDA, 0x02, 0x65, 0xAB, 0xAC, 0xAE, + 0xCA, 0x8E, 0xAC, 0xF0, 0x2A, 0x4F, 0xC7, 0x67, + 0x16, 0x2E, 0x24, 0x7F, 0x73, 0xCD, 0xD7, 0x3E, + 0xE3, 0x27, 0x8A, 0xF9, 0x4A, 0xC4, 0xA8, 0xCB, + 0x2B, 0x01, 0x55, 0x68, 0x34, 0xA3, 0xC0, 0xB8, + 0xD0, 0x6D, 0x05, 0xF2, 0x3B, 0x4C, 0x17, 0x47, + 0xE7, 0x64, 0x53, 0xF4, 0x9D, 0xE0, 0x8D, 0xF8, + 0xEE, 0x0E, 0xA6, 0x25, 0x64, 0x7D, 0x1B, 0xD0, + 0x80, 0xE7, 0x3C, 0x41, 0x97, 0xAE, 0xCB, 0x6A, + 0x23, 0xC2, 0x5F, 0x00, 0xC6, 0xC5, 0x4C, 0x8A, + 0x4C, 0xEF, 0x76, 0x65, 0x95, 0x28, 0xB3, 0x67, + 0x42, 0xEC, 0x17, 0xFF, 0x0E, 0xE3, 0x7B, 0x30, + 0x6D, 0xCC, 0xB8, 0x87, 0xD6, 0x63, 0x36, 0x5D, + 0xC9, 0xE8, 0x1D, 0x51, 0x47, 0xCF, 0xE5, 0x05, + 0x0D, 0xB4, 0x09, 0xDF, 0xAD, 0x88, 0x9C, 0x38, + 0x6F, 0x12, 0xA5, 0xCD, 0x0C, 0x95, 0x53, 0x41, + 0x13, 0xA6, 0xD0, 0xAB, 0xCB, 0x5A, 0x3F, 0x56, + 0xCE, 0x23, 0xEE, 0x32, 0x61, 0x22, 0x79, 0xE8, + 0xBA, 0x23, 0x94, 0x61, 0x25, 0x8E, 0xD6, 0x3E, + 0x78, 0x83, 0xE1, 0x15, 0xBA, 0x05, 0x81, 0xB8, + 0x1A, 0x7F, 0x73, 0xC1, 0xB7, 0x9F, 0x29, 0xA1, + 0x16, 0x2E, 0x6E, 0x84, 0xC7, 0x15, 0xBC, 0x50, + 0x28, 0x5F, 0xD3, 0x8D, 0x4D, 0x6D, 0xC0, 0x87, + 0x68, 0x88, 0x4B, 0xF4, 0xFB, 0x55, 0x85, 0x3D, + 0xA7, 0xB5, 0x47, 0x1E, 0x73, 0xA1, 0x47, 0x8D, + 0xB1, 0xE1, 0xCF, 0xE6, 0x15, 0x3E, 0xC6, 0xC3, + 0x78, 0xDD, 0x6A, 0x3F, 0x42, 0x29, 0x6E, 0x61, + 0x9D, 0xE7, 0x63, 0xFF, 0x2D, 0xDB, 0x83, 0xE5, + 0x15, 0x84, 0xC2, 0x8D, 0xD8, 0x34, 0x2E, 0x92, + 0x9E, 0x15, 0xB7, 0xBB, 0xCF, 0x5D, 0x6E, 0xCB, + 0x87, 0x79, 0xCF, 0x7F, 0x3A, 0x9A, 0xC1, 0x6A, + 0x43, 0x1F, 0x52, 0xA2, 0x34, 0xE6, 0xA3, 0x69, + 0x9D, 0x9E, 0x44, 0x84, 0x0A, 0x4D, 0x3D, 0x48, + 0x5D, 0xA5, 0xD9, 0x03, 0x94, 0xB1, 0x81, 0xEF, + 0x89, 0x98, 0xE6, 0xD1, 0x44, 0x21, 0x83, 0x59, + 0x09, 0xCD, 0xDB, 0x16, 0x7C, 0x8C, 0x38, 0x78, + 0x19, 0x4B, 0x6D, 0x51, 0x4D, 0xF8, 0x63, 0x6D, + 0x4A, 0x14, 0xA1, 0xBE, 0xF3, 0xCA, 0x38, 0x1E, + 0x36, 0xCF, 0x2E, 0x6D, 0x5F, 0xBC, 0xB4, 0x0A, + 0xF0, 0x91, 0x7D, 0x6D, 0xBB, 0x87, 0x5C, 0xFF, + 0x64, 0xCD, 0xCE, 0xCC, 0xCF, 0xB8, 0xBF, 0xB8, + 0x05, 0x45, 0x8D, 0xF8, 0x2C, 0x74, 0xEB, 0x86, + 0x3A, 0x96, 0x9E, 0xD9, 0x8B, 0x9C, 0x46, 0xE7, + 0x17, 0x3C, 0x09, 0x0D, 0xB0, 0x68, 0xB2, 0xD8, + 0x0C, 0xCE, 0x32, 0xDE, 0x51, 0x72, 0xB5, 0xD4, + 0xA8, 0xB9, 0x09, 0xA5, 0xA4, 0xCC, 0x47, 0xFA, + 0x9F, 0x2E, 0xD6, 0x6E, 0x60, 0x69, 0xCD, 0x96, + 0xAB, 0x1F, 0x3E, 0x84, 0x8C, 0x68, 0x72, 0x0F, + 0xEA, 0x32, 0xC5, 0x73, 0x6E, 0x8A, 0xB5, 0x10, + 0x05, 0xFE, 0x42, 0x58, 0x33, 0xF2, 0x07, 0x56, + 0xC1, 0x96, 0x76, 0x23, 0x77, 0x9D, 0x0A, 0xD2, + 0x42, 0xA1, 0x69, 0x06, 0x83, 0xBA, 0xD2, 0xEB, + 0x12, 0x3D, 0x97, 0xAB, 0x23, 0x08, 0x90, 0x15, + 0x51, 0x4D, 0x0C, 0x6A, 0x3B, 0x0F, 0x37, 0x15, + 0x25, 0xC2, 0x3E, 0x5F, 0x53, 0x84, 0x4C, 0x81, + 0xDD, 0xE8, 0x7C, 0xFE, 0x9F, 0x06, 0x5E, 0x11, + 0x68, 0x7D, 0x68, 0x6B, 0x07, 0x2C, 0x19, 0x00, + 0xF5, 0xC9, 0xA7, 0xC3, 0x1F, 0xE8, 0xBA, 0xBE, + 0x9F, 0x09, 0x0C, 0xE2, 0xCB, 0x3B, 0x68, 0x7B, + 0xA8, 0x9E, 0xD8, 0x3C, 0x08, 0x85, 0xDF, 0xF9, + 0x11, 0x2B, 0x52, 0xF6, 0xCE, 0xD7, 0x1E, 0x32, + 0xA4, 0x0A, 0x9A, 0xBC, 0xFF, 0xF4, 0x20, 0xB6, + 0x24, 0x85, 0x84, 0x7F, 0xFF, 0x70, 0x3C, 0xBB, + 0x74, 0x36, 0x42, 0x25, 0x5F, 0xBD, 0x0A, 0x90, + 0x86, 0xA7, 0xB8, 0x3F, 0x9E, 0xDF, 0x43, 0x24, + 0x88, 0x0C, 0x52, 0x08, 0xF7, 0xDC, 0xB1, 0xEA, + 0xC3, 0x38, 0xF9, 0x13, 0x16, 0x65, 0xA0, 0xCA, + 0x6B, 0xF0, 0xD6, 0x12, 0xFB, 0xA6, 0x3F, 0xF7, + 0x13, 0x91, 0x99, 0xB1, 0xDE, 0xE4, 0xEE, 0x1E, + 0x98, 0x9B, 0xE4, 0xA0, 0x3A, 0xA8, 0xAC, 0x4A, + 0x48, 0x3E, 0xCB, 0x9E, 0xB4, 0x1D, 0x22, 0x1F, + 0x59, 0x97, 0x24, 0x8C, 0xFE, 0xDC, 0xBF, 0x6C, + 0xAD, 0x8D, 0xB0, 0xA3, 0x27, 0xFA, 0x28, 0x8F, + 0xD6, 0xAE, 0x31, 0x39, 0x84, 0xFA, 0x61, 0x8F, + 0x7D, 0xD4, 0xEE, 0xBB, 0x13, 0xED, 0x85, 0xC4, + 0x35, 0xC0, 0xAB, 0x07, 0x73, 0xC5, 0xCD, 0xCA, + 0xD4, 0x69, 0x9B, 0x9C, 0x38, 0x2A, 0x1F, 0x37, + 0xF9, 0xDF, 0x8C, 0x3A, 0xE1, 0x57, 0xDF, 0x05, + 0x9F, 0x97, 0x51, 0xCC, 0xA6, 0x93, 0xD5, 0x49, + 0x2A, 0xE9, 0xCD, 0x46, 0x31, 0x22, 0x6E, 0x62, + 0xE8, 0x13, 0x90, 0x64, 0xFF, 0x00, 0x27, 0xCF, + 0xA1, 0x95, 0x4E, 0xE9, 0x36, 0xAF, 0xAD, 0x02, + 0x06, 0xDD, 0x2A, 0xE2, 0x28, 0xB6, 0xDD, 0x65, + 0xCD, 0x9A, 0x9D, 0x5F, 0xF9, 0xC0, 0xCC, 0x48, + 0xC8, 0xC2, 0xE9, 0x8F, 0x5A, 0xE6, 0xE2, 0xC9, + 0x79, 0x7A, 0x83, 0x84, 0xF8, 0xA3, 0xE3, 0xC7, + 0x48, 0xC7, 0x06, 0xFE, 0x6A, 0x36, 0x25, 0xD2, + 0xA2, 0xEB, 0x4A, 0xE2, 0xCA, 0xA0, 0x49, 0x24, + 0x1A, 0x47, 0x8C, 0x1A, 0x77, 0xF5, 0xC9, 0x0D, + 0xDC, 0x94, 0x18, 0x4D, 0x89, 0x80, 0x50, 0x18, + 0x7D, 0x67, 0x00, 0x43, 0xE4, 0xE7, 0x8F, 0x54, + 0xDC, 0x60, 0x84, 0x24, 0xF3, 0xBF, 0x5E, 0x92, + 0xC7, 0x0C, 0x05, 0x49, 0xBB, 0x61, 0x2F, 0x48, + 0x0A, 0xEB, 0xE5, 0xFA, 0x8B, 0x01, 0x33, 0x27, + 0x10, 0x3E, 0xA1, 0x28, 0x33, 0x11, 0x30, 0x1F, + 0x91, 0x47, 0x7B, 0xA6, 0x3E, 0xD4, 0xF9, 0xC2, + 0x8F, 0xA3, 0x4E, 0xBC, 0xA7, 0x61, 0x56, 0x1F, + 0x90, 0x33, 0x54, 0x15, 0x06, 0x21, 0x9C, 0x57, + 0x07, 0xC2, 0xF8, 0xED, 0x81, 0xED, 0x36, 0x15, + 0xC8, 0xAC, 0xAB, 0x12, 0x80, 0xBF, 0x7C, 0x5E, + 0x00, 0xEC, 0x1B, 0x27, 0x58, 0x3A, 0xE9, 0x09, + 0x2B, 0x23, 0x16, 0x69, 0x26, 0xF9, 0xCC, 0x3C, + 0x5A, 0xFB, 0x66, 0xBA, 0x32, 0xF9, 0xAF, 0xAB, + 0xCB, 0xA7, 0xF7, 0x91, 0x6A, 0x82, 0x42, 0xA7, + 0x9D, 0x7B, 0x0E, 0xD3, 0x5D, 0xF6, 0x52, 0x6D, + 0x7D, 0x2B, 0xE6, 0x30, 0x99, 0x01, 0xBD, 0xC0, + 0x3D, 0x15, 0x95, 0xC2, 0x67, 0x19, 0xD9, 0x0F, + 0xC0, 0x79, 0x1E, 0xAB, 0xA7, 0x67, 0x35, 0x12, + 0x53, 0xB0, 0x6A, 0xE4, 0xB9, 0x0A, 0x52, 0xEF, + 0xBD, 0xCD, 0xD4, 0x0C, 0x09, 0x6F, 0x24, 0xE9, + 0x52, 0x9F, 0xF8, 0x9F, 0x95, 0x95, 0x57, 0x07, + 0x5F, 0xC8, 0xDD, 0xAF, 0xE6, 0x10, 0x3A, 0x51, + 0x38, 0xF0, 0x9F, 0xBD, 0xEB, 0x0F, 0x5F, 0x36, + 0xB5, 0x2A, 0x57, 0xBE, 0x21, 0x39, 0xD8, 0x9D, + 0x29, 0x04, 0xBC, 0xE2, 0xB8, 0x6D, 0x03, 0xF2, + 0x6D, 0x56, 0xF4, 0x18, 0x40, 0x07, 0x1A, 0x15, + 0x8B, 0xF5, 0x46, 0xE1, 0x0C, 0x4D, 0xED, 0x0E, + 0x81, 0xB0, 0x0D, 0x98, 0x88, 0xC5, 0x5D, 0x53, + 0xE1, 0x1D, 0xB7, 0x00, 0x26, 0xC6, 0x46, 0x7E, + 0xD2, 0xAB, 0x0B, 0xD9, 0x1E, 0xE0, 0xE7, 0xC3, + 0xC3, 0xE0, 0x83, 0x7F, 0x8C, 0xB9, 0xBA, 0xE0, + 0x04, 0xE2, 0xA8, 0xFF, 0xEC, 0xD5, 0x9E, 0x79, + 0x2F, 0x13, 0xF9, 0x27, 0xCA, 0xDD, 0xF5, 0x0F, + 0x74, 0xD2, 0x9B, 0xC6, 0x2E, 0xF2, 0xF0, 0x2A, + 0xB0, 0xF9, 0x6E, 0x27, 0x3E, 0x8D, 0x66, 0xDB, + 0x44, 0x82, 0xDD, 0x1B, 0xD5, 0xBB, 0x51, 0x6E, + 0x72, 0x3A, 0xCB, 0x0F, 0x0B, 0x97, 0xBC, 0x32, + 0x07, 0xC1, 0x0C, 0xF3, 0x94, 0xFF, 0x62, 0xE2, + 0xFD, 0x7D, 0xBB, 0x3D, 0x43, 0x11, 0xB3, 0xFA, + 0x22, 0x05, 0xBF, 0x87, 0x0F, 0xFD, 0xD1, 0x81, + 0xC6, 0x30, 0xC6, 0x91, 0xD4, 0xEE, 0xA8, 0x6B, + 0x37, 0xB2, 0x38, 0xF1, 0x87, 0x89, 0xE0, 0x04, + 0x09, 0xED, 0x18, 0xA6, 0x3C, 0x18, 0x9E, 0x38, + 0xCB, 0x9F, 0xFE, 0xB3, 0x03, 0xF4, 0xE4, 0x3F, + 0xB3, 0x94, 0x7C, 0x74, 0x03, 0x6C, 0xCF, 0x16, + 0x24, 0xF8, 0x56, 0xE2, 0x4A, 0x7E, 0x9A, 0x21, + 0xB8, 0xC2, 0x7C, 0xF4, 0x3D, 0x85, 0x15, 0x43, + 0xA5, 0xCA, 0xFD, 0xA3, 0x05, 0xCC, 0x63, 0x8D, + 0x94, 0x82, 0x70 + }; + static const byte rnd_87[] = { + 0x16, 0xB8, 0x2B, 0x9B, 0x0A, 0x90, 0x5B, 0xB3, + 0xD8, 0x7B, 0x4A, 0x1E, 0x40, 0xAE, 0xAD, 0x3C, + 0xDE, 0x63, 0xB2, 0x2C, 0xB7, 0x16, 0xBD, 0x46, + 0x7A, 0x7B, 0xE8, 0x4A, 0xF1, 0x9B, 0x7C, 0xFE + }; + static const byte sig_87[] = { + 0xE5, 0x5D, 0x62, 0x56, 0x92, 0x73, 0x72, 0x13, + 0xDD, 0x3D, 0x7F, 0x51, 0x42, 0xF3, 0xAA, 0x33, + 0x87, 0x12, 0x2F, 0x20, 0xC9, 0x50, 0x93, 0x0A, + 0x7E, 0x7C, 0xCC, 0x0C, 0x6D, 0x21, 0xB9, 0x5D, + 0x62, 0x47, 0xD5, 0xFB, 0x3A, 0xCC, 0xBC, 0xB8, + 0xA1, 0x5A, 0xDF, 0x97, 0x58, 0xBA, 0x7E, 0x40, + 0x9A, 0x76, 0xD0, 0x1C, 0xBF, 0x0F, 0x14, 0xC3, + 0x23, 0x3B, 0x21, 0xB0, 0x5D, 0x11, 0x3B, 0x1F, + 0x70, 0xCB, 0x21, 0x78, 0x51, 0x68, 0xE2, 0x3A, + 0x29, 0x4A, 0x0D, 0xD0, 0x32, 0x50, 0xDC, 0xBB, + 0xD1, 0xCF, 0x80, 0x19, 0x7A, 0xC7, 0xFC, 0x37, + 0x2D, 0x5A, 0x5A, 0xDF, 0x3E, 0x7E, 0x89, 0x2D, + 0xC6, 0x0E, 0x75, 0x9A, 0xBB, 0xDF, 0x69, 0x82, + 0x28, 0xB6, 0xD0, 0xF3, 0xF4, 0xCB, 0x4F, 0xD5, + 0xDC, 0x5D, 0xFE, 0x8D, 0x01, 0xB4, 0x93, 0x9F, + 0x89, 0x53, 0x18, 0x74, 0x29, 0x20, 0x36, 0xBF, + 0x34, 0xCA, 0x71, 0x2B, 0x01, 0x14, 0xFB, 0x66, + 0x94, 0x28, 0x81, 0xF1, 0xF1, 0x7E, 0x80, 0xB6, + 0x4E, 0x0E, 0x9E, 0x9E, 0x60, 0xD7, 0x6A, 0xFB, + 0x59, 0xC7, 0x96, 0x9F, 0xB4, 0x9C, 0x98, 0x72, + 0x06, 0xC1, 0x6C, 0xAA, 0x8E, 0xC7, 0x48, 0xE6, + 0xC3, 0xAD, 0x8B, 0x4E, 0xF7, 0x81, 0x92, 0x74, + 0xC0, 0x5A, 0x2B, 0x54, 0x8D, 0x47, 0x15, 0xAC, + 0xED, 0x45, 0x69, 0xD0, 0x7C, 0x28, 0x80, 0x18, + 0xA3, 0x9F, 0xB7, 0x14, 0xC6, 0x51, 0xF9, 0x02, + 0x70, 0x98, 0xD9, 0xC1, 0x09, 0xC0, 0xD7, 0xCE, + 0x8B, 0x81, 0x7B, 0x30, 0x99, 0x4C, 0x85, 0x1C, + 0xFA, 0xAE, 0xBF, 0x05, 0x95, 0xBB, 0x6E, 0x01, + 0xE4, 0xFC, 0xE7, 0x11, 0x16, 0x90, 0x28, 0xC3, + 0xC4, 0x36, 0x9F, 0x11, 0xCD, 0xEB, 0xEB, 0x71, + 0x15, 0x08, 0x1D, 0x43, 0x2B, 0x12, 0xA6, 0x4E, + 0xB6, 0xF9, 0x35, 0xE4, 0x37, 0x0D, 0xF7, 0x49, + 0xDF, 0x73, 0x4D, 0xE3, 0x57, 0x33, 0x96, 0x7B, + 0x72, 0x45, 0x2F, 0x92, 0x70, 0xBB, 0x6F, 0xCD, + 0x90, 0x82, 0x67, 0xBB, 0x31, 0x9D, 0x9E, 0x38, + 0x75, 0xCD, 0x5B, 0x55, 0x10, 0x6B, 0xFC, 0x00, + 0x15, 0xC8, 0xCB, 0xFC, 0xE1, 0x18, 0x41, 0xE8, + 0x6E, 0x92, 0xEC, 0x1A, 0x26, 0x88, 0x6C, 0xF6, + 0x2A, 0x5C, 0x05, 0x94, 0xD7, 0xB8, 0xD0, 0x78, + 0x52, 0x68, 0x8D, 0xC5, 0xBD, 0xD6, 0x29, 0xF8, + 0x21, 0xDF, 0xB3, 0x28, 0x43, 0x74, 0xC7, 0x0E, + 0x99, 0xD3, 0x0C, 0xDE, 0xE9, 0x06, 0x44, 0xCD, + 0x77, 0x13, 0x34, 0x82, 0xBA, 0x36, 0x20, 0x71, + 0x02, 0xB1, 0x6E, 0xBA, 0xCF, 0x9F, 0x15, 0x36, + 0xC8, 0xF1, 0x4E, 0x36, 0x30, 0x34, 0x2D, 0x23, + 0x6C, 0x77, 0xEC, 0xCA, 0xBA, 0x7C, 0x17, 0x4F, + 0x3F, 0x22, 0x4A, 0x34, 0xA1, 0x5C, 0xB3, 0x8F, + 0xD8, 0x48, 0xD5, 0x8A, 0x2C, 0x8B, 0x1B, 0xFB, + 0x87, 0xDA, 0xBC, 0xB6, 0xD9, 0x59, 0xD6, 0x9B, + 0xF0, 0x6E, 0x8D, 0xB1, 0x52, 0xE1, 0x8A, 0x36, + 0x31, 0xA7, 0x83, 0xCE, 0xDF, 0x36, 0xEB, 0xBE, + 0xEA, 0xC3, 0xC6, 0xA6, 0x52, 0x2D, 0x89, 0x0B, + 0xF9, 0x5B, 0x1D, 0x14, 0xA9, 0xBF, 0x37, 0x31, + 0xE0, 0x1C, 0xF5, 0x29, 0x95, 0xF0, 0xC0, 0x08, + 0xE8, 0x97, 0xEE, 0x53, 0x27, 0x85, 0x81, 0x7D, + 0x47, 0xE5, 0xAC, 0xC5, 0x1B, 0x48, 0xA5, 0x36, + 0x1E, 0x8A, 0xD7, 0xF5, 0xC9, 0x93, 0x74, 0xCE, + 0x06, 0xEA, 0xC3, 0x26, 0x45, 0xFF, 0xED, 0x39, + 0xC1, 0x0B, 0x7A, 0x59, 0x3C, 0x0F, 0xEE, 0x89, + 0xEF, 0xA4, 0xEC, 0xD0, 0x72, 0x34, 0x95, 0xC9, + 0xC4, 0x78, 0x47, 0xB6, 0xB7, 0xCE, 0xA4, 0xD9, + 0xA1, 0xB6, 0x37, 0xC1, 0xF1, 0xFB, 0x4E, 0x4C, + 0x38, 0xB0, 0x4A, 0xE5, 0x13, 0x63, 0xDC, 0x44, + 0xC4, 0x7E, 0x86, 0x9C, 0xAD, 0x69, 0x29, 0xFD, + 0xA1, 0xFE, 0xAD, 0x3B, 0x59, 0x24, 0x2F, 0x70, + 0xAE, 0x5F, 0x2C, 0x00, 0xFE, 0x01, 0x09, 0xA3, + 0x10, 0x87, 0xF0, 0xAD, 0xFA, 0x9B, 0x83, 0x8F, + 0x48, 0x96, 0x8B, 0x9A, 0x35, 0xE7, 0x4D, 0xAA, + 0xEC, 0xA4, 0xCD, 0x26, 0x7C, 0x3E, 0xAC, 0x93, + 0x26, 0x9D, 0x6B, 0x83, 0x34, 0xC4, 0x71, 0xE1, + 0xC8, 0x93, 0x88, 0x09, 0xAF, 0x00, 0xB5, 0x7F, + 0xD9, 0x5A, 0x8E, 0x36, 0xC1, 0x2E, 0x7E, 0xF1, + 0x0C, 0xC5, 0x2A, 0xB3, 0xE4, 0x48, 0xDF, 0xFB, + 0xFF, 0x99, 0xC9, 0x66, 0xD2, 0x28, 0x46, 0x7C, + 0x43, 0x39, 0x96, 0x69, 0x95, 0x42, 0xAC, 0xE0, + 0xC2, 0x0C, 0x65, 0x99, 0xC8, 0xB0, 0xAE, 0x76, + 0xE8, 0x18, 0x3E, 0xA9, 0x1D, 0x44, 0x81, 0x14, + 0x65, 0xF7, 0xDF, 0xD1, 0xD1, 0x7B, 0x7C, 0x28, + 0xE0, 0x77, 0x9D, 0x79, 0x9C, 0xE4, 0x1A, 0xF1, + 0xD0, 0xFF, 0x8E, 0xEA, 0x58, 0x84, 0xB3, 0x47, + 0xBC, 0xA1, 0x47, 0x48, 0xB7, 0xC3, 0xD5, 0xD1, + 0xF3, 0xDD, 0xA6, 0x3B, 0x15, 0x4C, 0xB3, 0xB5, + 0xFD, 0x52, 0x9D, 0x7E, 0xF0, 0xC7, 0x40, 0x2C, + 0x34, 0xBC, 0xCF, 0x1C, 0x67, 0x30, 0xC0, 0x4D, + 0xA1, 0xC7, 0x5E, 0xAD, 0xAF, 0xCD, 0xFA, 0x21, + 0xE4, 0xB5, 0x33, 0x8B, 0x37, 0x2D, 0xCF, 0x4D, + 0x07, 0x48, 0x61, 0xB0, 0xB6, 0x8B, 0x27, 0x05, + 0xA0, 0x8C, 0x71, 0x95, 0x84, 0x02, 0xB2, 0x1E, + 0x59, 0xBC, 0xB6, 0xE2, 0x2C, 0x3C, 0x20, 0x4C, + 0xDE, 0x1E, 0x35, 0x24, 0xC1, 0x5B, 0x3C, 0xB4, + 0x2A, 0x8C, 0xA7, 0x2D, 0xE3, 0xDC, 0x45, 0x26, + 0x6E, 0x29, 0x52, 0x5D, 0x24, 0x8A, 0xC2, 0x16, + 0x73, 0xDB, 0x80, 0xF2, 0x91, 0xEC, 0x05, 0x3E, + 0x2E, 0x9E, 0x39, 0x12, 0x5E, 0x11, 0x80, 0x24, + 0xF5, 0xFC, 0x86, 0x4C, 0xD9, 0xF9, 0x70, 0x59, + 0xC8, 0xC8, 0x57, 0x5D, 0x0F, 0x68, 0x75, 0x3C, + 0x7A, 0x3D, 0x1B, 0xF7, 0xD0, 0xDF, 0xE2, 0xF9, + 0xBD, 0x44, 0xFD, 0x21, 0x75, 0x86, 0x77, 0x25, + 0xAF, 0xD3, 0x28, 0x55, 0x2A, 0x60, 0x7D, 0x79, + 0x9C, 0x72, 0x2F, 0x6E, 0xAB, 0x2F, 0x26, 0x44, + 0x0C, 0xFF, 0x52, 0xBD, 0xA1, 0xA9, 0x07, 0xBD, + 0x9D, 0x2A, 0x64, 0x2E, 0x0B, 0xA1, 0xB8, 0x78, + 0xD3, 0xC4, 0x84, 0x9A, 0xE1, 0xDB, 0xB4, 0x4A, + 0x4C, 0x45, 0x7A, 0x8E, 0xD5, 0xA3, 0x6B, 0x09, + 0x8D, 0x72, 0x8E, 0x6D, 0x17, 0x34, 0xFF, 0xD6, + 0xED, 0x24, 0x19, 0x7D, 0xC6, 0x2D, 0x5B, 0x82, + 0x68, 0xAE, 0x25, 0x33, 0xBB, 0xCB, 0x7D, 0xFD, + 0x00, 0x15, 0x83, 0xEA, 0xBB, 0xE7, 0x40, 0x3D, + 0x80, 0xD5, 0x9E, 0x6C, 0xE0, 0x3C, 0x7E, 0x3E, + 0x12, 0xC7, 0x36, 0x7E, 0x41, 0x84, 0xE8, 0xB4, + 0x16, 0xCA, 0x4A, 0xB7, 0xEB, 0x16, 0xEC, 0xAB, + 0x5A, 0x69, 0x24, 0x7F, 0x5E, 0x81, 0x86, 0x7D, + 0x30, 0x61, 0x4E, 0x0F, 0x75, 0x39, 0xEE, 0xF2, + 0xF4, 0xDC, 0x5E, 0x23, 0x40, 0xE8, 0x3C, 0xC0, + 0x10, 0xAD, 0x5E, 0xE6, 0x06, 0x8E, 0x5F, 0x55, + 0xC5, 0x69, 0x65, 0x5F, 0xA3, 0x6E, 0x73, 0x86, + 0x82, 0x32, 0x5F, 0x36, 0xA7, 0x6B, 0x2C, 0x26, + 0xCD, 0x64, 0xC8, 0x57, 0x1F, 0x06, 0x7A, 0xAB, + 0x8B, 0xA7, 0xDB, 0x53, 0x48, 0x1A, 0x06, 0x8D, + 0x36, 0xF1, 0x77, 0x74, 0xE6, 0xF5, 0x18, 0x62, + 0x8E, 0x8A, 0xBF, 0xB7, 0x7F, 0x72, 0x44, 0xAC, + 0xC8, 0x9A, 0x0E, 0x60, 0x4B, 0xAB, 0xB2, 0x9E, + 0x95, 0xDF, 0x95, 0x28, 0x98, 0x78, 0xBB, 0xA9, + 0x5D, 0x8E, 0xEE, 0xB4, 0x84, 0xF5, 0x81, 0x7E, + 0xA1, 0x53, 0x3E, 0xBB, 0x43, 0xF6, 0xD4, 0xB7, + 0x60, 0xFD, 0xF4, 0xF8, 0x68, 0xB6, 0x1D, 0x9A, + 0xF7, 0xDA, 0x77, 0xFA, 0xBB, 0x74, 0x44, 0xDE, + 0x7C, 0x32, 0x2D, 0x5C, 0x24, 0xD8, 0x4D, 0xBF, + 0xE0, 0x5C, 0x70, 0x12, 0x3C, 0x43, 0xCC, 0x5F, + 0x00, 0xD5, 0x1F, 0xEA, 0x5D, 0xC9, 0x3A, 0x5C, + 0x32, 0xED, 0xE0, 0xF1, 0x59, 0xA0, 0xB7, 0x71, + 0xDC, 0x65, 0xD2, 0x88, 0x20, 0x20, 0xD8, 0x59, + 0x53, 0x2D, 0x30, 0x2D, 0xFC, 0xA9, 0xEA, 0x45, + 0xB0, 0xF3, 0x1E, 0x66, 0x9F, 0xF6, 0xF1, 0x5E, + 0x9B, 0x67, 0x1D, 0xBF, 0x5E, 0x19, 0xB3, 0x2A, + 0xE8, 0xCE, 0xE5, 0x90, 0xFE, 0x82, 0x5C, 0x19, + 0x7B, 0x84, 0x3E, 0x45, 0xFF, 0x5D, 0xC2, 0x2E, + 0x49, 0x6A, 0xB1, 0x2D, 0x50, 0x2D, 0x21, 0xF7, + 0x2A, 0xA2, 0x39, 0x47, 0x8D, 0xB5, 0x17, 0x64, + 0x3E, 0x96, 0x13, 0x90, 0x53, 0xEA, 0x57, 0x4C, + 0xDB, 0x3D, 0x43, 0xC3, 0xE7, 0xD6, 0x5C, 0x54, + 0x89, 0xDF, 0x6E, 0xF9, 0xE4, 0xC6, 0x64, 0xF0, + 0x88, 0x1C, 0xD0, 0xF6, 0x9D, 0x9E, 0xD7, 0xCD, + 0x2C, 0xFB, 0xCC, 0x54, 0x0E, 0x96, 0xD7, 0x4E, + 0x05, 0xD2, 0xB3, 0x88, 0x85, 0xD8, 0x60, 0xA4, + 0xF2, 0xE4, 0xD7, 0xFF, 0xAF, 0x12, 0x2E, 0xBA, + 0xC4, 0x5A, 0x3A, 0x3E, 0xC5, 0xD7, 0xF3, 0x60, + 0x4F, 0x27, 0xEF, 0xE0, 0x35, 0xAC, 0x4A, 0x8B, + 0x14, 0x7D, 0xC4, 0xEF, 0x61, 0x9A, 0x69, 0x2E, + 0x49, 0x80, 0x04, 0x0C, 0x18, 0xB9, 0x42, 0xC6, + 0x8C, 0x8A, 0x99, 0x43, 0xA6, 0x5A, 0xCD, 0x72, + 0x20, 0xAD, 0xFD, 0x9C, 0xC4, 0xAA, 0xDF, 0x6C, + 0x6C, 0x03, 0xEF, 0x48, 0x3E, 0xFB, 0x4A, 0xBC, + 0xAA, 0x44, 0xEE, 0xC4, 0x25, 0x8F, 0xF9, 0x8A, + 0xC2, 0x24, 0x73, 0x15, 0xFA, 0x0E, 0xCB, 0x00, + 0xEE, 0x9B, 0x39, 0x3F, 0x60, 0x1F, 0x00, 0x95, + 0xCA, 0xFE, 0xC2, 0x2C, 0x35, 0x5F, 0xD9, 0xD1, + 0x29, 0xB5, 0x4D, 0xC1, 0x66, 0x51, 0x8F, 0x17, + 0x3B, 0xF4, 0xF1, 0x49, 0x42, 0x36, 0x0C, 0x5B, + 0x58, 0xF2, 0x9B, 0x59, 0x01, 0xFB, 0x15, 0x7F, + 0x21, 0x90, 0x1F, 0x56, 0x69, 0x8B, 0xE2, 0xA5, + 0x44, 0xCB, 0x84, 0x98, 0x4B, 0x75, 0xA8, 0xCB, + 0x83, 0x0D, 0xE8, 0x1C, 0x91, 0x7F, 0xE4, 0x57, + 0x81, 0x16, 0x34, 0x2F, 0xCE, 0x01, 0xAA, 0x62, + 0x54, 0x44, 0xB7, 0xD6, 0xC7, 0xF1, 0x68, 0x9A, + 0x00, 0x3B, 0x71, 0x16, 0xF9, 0x96, 0x6A, 0x90, + 0x6C, 0x2C, 0x4E, 0x58, 0xBC, 0xDD, 0xE9, 0x3B, + 0x60, 0xB7, 0xA0, 0x97, 0xEE, 0xD6, 0x34, 0xDD, + 0x49, 0x4A, 0xD9, 0x85, 0xD1, 0xB7, 0x95, 0x14, + 0xEC, 0x6A, 0x40, 0xE8, 0x31, 0x80, 0xF1, 0xD8, + 0x5F, 0x75, 0xF6, 0x92, 0x3A, 0x4F, 0xCD, 0x0A, + 0x6E, 0xBF, 0xA1, 0x27, 0x48, 0x79, 0x27, 0x04, + 0x76, 0x2C, 0xAB, 0x25, 0x06, 0xEB, 0x43, 0xDD, + 0x1B, 0x4B, 0x24, 0xFC, 0x93, 0x51, 0x1C, 0x45, + 0xF6, 0xAE, 0x77, 0xCF, 0xC9, 0xE6, 0x20, 0xE4, + 0xA5, 0x2B, 0x3D, 0x7D, 0xF0, 0xEB, 0x51, 0x7C, + 0xCA, 0xFE, 0x58, 0xBA, 0xC4, 0x07, 0x95, 0x75, + 0x62, 0x0C, 0x50, 0x68, 0x88, 0x1A, 0x8A, 0x0D, + 0x1B, 0x5C, 0x53, 0x1A, 0x9C, 0xA8, 0x4E, 0xFE, + 0x63, 0x9B, 0xDB, 0x05, 0x70, 0x01, 0x75, 0xA1, + 0x3A, 0x08, 0xFA, 0x51, 0xD5, 0xF6, 0x81, 0xDE, + 0x69, 0xE5, 0x40, 0xB3, 0xF8, 0x7C, 0x46, 0x97, + 0xA6, 0x4E, 0xA8, 0x51, 0x47, 0x9C, 0xB9, 0x25, + 0xCD, 0x4E, 0xED, 0xFC, 0xEE, 0x03, 0x6A, 0xCD, + 0x93, 0x65, 0xB3, 0x68, 0x09, 0x6F, 0xE8, 0x00, + 0x6A, 0x3F, 0xBF, 0xE8, 0x6F, 0x09, 0xE9, 0xF2, + 0x6F, 0x44, 0x2E, 0xB1, 0x81, 0x76, 0x04, 0xDD, + 0x6E, 0xF4, 0x93, 0x61, 0xE5, 0x78, 0xD4, 0xDA, + 0xBF, 0x05, 0xA1, 0xF4, 0x9D, 0xFD, 0x57, 0x06, + 0x9C, 0x13, 0x45, 0x97, 0xF2, 0x48, 0xE6, 0x1A, + 0xB5, 0xAD, 0x09, 0x11, 0x04, 0xBB, 0xA0, 0xA8, + 0xA3, 0xA3, 0x33, 0xCD, 0x42, 0x2C, 0x66, 0xC2, + 0x94, 0x80, 0x15, 0x9D, 0x56, 0x74, 0x02, 0xEE, + 0xA7, 0xE4, 0x90, 0xDD, 0xFB, 0x0B, 0x3B, 0xF0, + 0x7A, 0x02, 0x44, 0xE8, 0x11, 0xC4, 0x3A, 0xFE, + 0x73, 0x2A, 0x4C, 0x92, 0x3C, 0x23, 0x37, 0x8B, + 0x4F, 0x28, 0x8E, 0x1C, 0x4E, 0x7D, 0x0D, 0x6B, + 0xFD, 0x20, 0xB5, 0x93, 0xB3, 0x75, 0x30, 0x28, + 0xC7, 0x7E, 0x67, 0xC4, 0xDE, 0xDA, 0x27, 0xA9, + 0xE3, 0xF2, 0xF5, 0x25, 0x98, 0x5F, 0x6B, 0xBE, + 0x11, 0x80, 0x23, 0x49, 0x30, 0xC8, 0x8A, 0x63, + 0xF9, 0xC4, 0x14, 0x77, 0x2A, 0xE2, 0x21, 0x42, + 0x28, 0x1C, 0xEB, 0x9F, 0x7B, 0x70, 0xA8, 0x2B, + 0xFB, 0x25, 0x36, 0xA6, 0xAC, 0xFE, 0x8E, 0xFF, + 0xB6, 0x86, 0x09, 0x15, 0x7E, 0xD9, 0x26, 0x8F, + 0xDB, 0xF2, 0x2D, 0xC2, 0xFA, 0xAE, 0xDA, 0x50, + 0xF6, 0x24, 0x53, 0xDB, 0xBF, 0x92, 0x9D, 0x7E, + 0x48, 0xCC, 0x75, 0xAC, 0xD0, 0xD3, 0x45, 0x09, + 0x2F, 0x01, 0x60, 0xBB, 0xAE, 0xCB, 0xE6, 0xB3, + 0x30, 0xDA, 0xD9, 0xB6, 0x12, 0xCD, 0xF5, 0x11, + 0xCF, 0x2B, 0x2A, 0xC6, 0x61, 0x9A, 0x05, 0x59, + 0x08, 0x58, 0x64, 0xEC, 0xDB, 0x77, 0xCF, 0x64, + 0xE2, 0x4B, 0x6E, 0xF4, 0x07, 0x68, 0x5E, 0xE9, + 0x31, 0xB1, 0x38, 0x67, 0xF9, 0x29, 0x2E, 0x7A, + 0xD2, 0x03, 0xA6, 0x29, 0x3F, 0x22, 0x58, 0x66, + 0x6A, 0x07, 0xD8, 0xFD, 0xC5, 0x03, 0xEE, 0x66, + 0xD4, 0x66, 0x70, 0x6D, 0xA4, 0xC4, 0xA1, 0xEE, + 0xCD, 0x4D, 0xFA, 0x3C, 0x34, 0x36, 0xC2, 0xC5, + 0x1E, 0x86, 0xB8, 0x7B, 0x7C, 0xBC, 0x67, 0x16, + 0xF3, 0x6E, 0xF2, 0xB7, 0xEA, 0x96, 0x1B, 0x0D, + 0xA2, 0xC8, 0x42, 0xBF, 0x30, 0x09, 0x2A, 0x6D, + 0x9D, 0x35, 0xB3, 0x92, 0xBA, 0x3E, 0xE2, 0xE9, + 0xE2, 0xAA, 0x90, 0x70, 0xCE, 0x0F, 0x07, 0xFA, + 0x7C, 0x3B, 0xF7, 0x66, 0x7F, 0x5C, 0xFE, 0xD9, + 0x72, 0x1C, 0x4E, 0xFE, 0x7E, 0x86, 0x8E, 0x7F, + 0x62, 0x8D, 0x41, 0x46, 0x7B, 0x43, 0x17, 0xB9, + 0x44, 0xED, 0x39, 0x1B, 0x3E, 0xF9, 0x2D, 0xC7, + 0x5C, 0x9D, 0xAC, 0x05, 0x00, 0xC6, 0x85, 0x4E, + 0xB8, 0xBC, 0x29, 0xDF, 0x6D, 0x6A, 0xCC, 0xEB, + 0xD6, 0x44, 0x86, 0xAA, 0xC9, 0x55, 0x49, 0xA1, + 0x3F, 0x59, 0x5E, 0xAF, 0xD5, 0xC9, 0x96, 0x19, + 0x84, 0xC0, 0x4D, 0x1B, 0xE5, 0x2C, 0x42, 0x8D, + 0x2C, 0xC8, 0x83, 0x00, 0x26, 0xBF, 0x46, 0x9F, + 0x20, 0x97, 0xEC, 0x2C, 0xA9, 0x2C, 0xF0, 0xA7, + 0x11, 0xED, 0xE2, 0xA2, 0x57, 0x83, 0x40, 0x92, + 0xF3, 0x58, 0xB7, 0x4E, 0xD6, 0x3A, 0x9D, 0xF0, + 0xDD, 0xD4, 0x5F, 0x82, 0x58, 0xD3, 0x72, 0x05, + 0x69, 0xFF, 0x1E, 0xBC, 0x74, 0x90, 0x87, 0xB5, + 0x7A, 0xEE, 0xF8, 0xCE, 0x3F, 0x59, 0xE1, 0xC0, + 0x46, 0x24, 0xF8, 0x9D, 0x93, 0x51, 0x4A, 0x44, + 0xFB, 0xEA, 0x58, 0xA6, 0xAC, 0x9A, 0x7C, 0xA3, + 0x11, 0xA3, 0x47, 0x44, 0x24, 0x11, 0xF5, 0x56, + 0x1A, 0x3B, 0xCF, 0xEC, 0xD9, 0x2B, 0x6C, 0xBA, + 0xA6, 0xA2, 0x67, 0xB9, 0xE0, 0xCB, 0x3F, 0x8D, + 0xA8, 0xC4, 0x8A, 0x45, 0xAB, 0xE2, 0x10, 0x19, + 0x10, 0xC9, 0xDB, 0x01, 0x64, 0xC0, 0x0B, 0x6F, + 0x3B, 0xA1, 0xE9, 0xEB, 0x74, 0x9A, 0x63, 0x93, + 0xE5, 0x74, 0x3F, 0xD3, 0x7B, 0xEA, 0x8C, 0xD6, + 0x7D, 0x66, 0xDD, 0x90, 0x6C, 0x69, 0x67, 0x05, + 0xAD, 0x70, 0xF1, 0xFA, 0x52, 0xBB, 0xD5, 0x3D, + 0x0E, 0x7E, 0x87, 0xE0, 0x98, 0xAF, 0xA6, 0xE6, + 0x0E, 0x25, 0x91, 0x70, 0xCA, 0x36, 0xE4, 0xF8, + 0xF7, 0x95, 0x1C, 0x48, 0xF6, 0x62, 0x9A, 0x4D, + 0xE4, 0xE7, 0x3A, 0x92, 0xC6, 0x2E, 0xAB, 0x8A, + 0x75, 0x7C, 0x45, 0xDA, 0x54, 0xB1, 0x6D, 0x2E, + 0xCC, 0x13, 0x46, 0x67, 0x8F, 0xFF, 0xDA, 0x18, + 0xE1, 0x4C, 0xE4, 0x6A, 0xB6, 0xAC, 0x65, 0x32, + 0x0C, 0x63, 0xD5, 0x43, 0xB5, 0x8B, 0xB1, 0x52, + 0xEE, 0x0C, 0xBB, 0x62, 0x34, 0x30, 0xDB, 0xF7, + 0x08, 0xC6, 0xE8, 0x5B, 0x07, 0x66, 0x6D, 0x4B, + 0x39, 0xC6, 0x94, 0x2B, 0x22, 0x9E, 0x3E, 0x45, + 0x62, 0x3D, 0x05, 0x03, 0x2B, 0x16, 0x71, 0xBB, + 0x85, 0x1B, 0x6E, 0x84, 0xD3, 0x48, 0x4D, 0x63, + 0x26, 0x60, 0x97, 0x45, 0xB8, 0xEA, 0x43, 0x96, + 0x00, 0xFE, 0x0B, 0x85, 0xBD, 0x22, 0x40, 0xA4, + 0xA7, 0x2F, 0xC1, 0xEB, 0xFD, 0xB5, 0x22, 0xD5, + 0x1F, 0xB3, 0xEA, 0x7C, 0x6D, 0x20, 0xFB, 0x98, + 0xA5, 0xF2, 0x84, 0x70, 0xF7, 0xB9, 0x2A, 0x12, + 0x63, 0x0C, 0x2D, 0x97, 0x6C, 0xC2, 0x76, 0xAC, + 0x32, 0xE2, 0xB1, 0x3A, 0xB3, 0xAB, 0x9E, 0xBB, + 0x61, 0xB4, 0x6A, 0x5F, 0x2D, 0x4D, 0xCE, 0x0D, + 0xFB, 0x97, 0x80, 0x89, 0x4A, 0x81, 0xFB, 0xB2, + 0x72, 0x37, 0x66, 0xB9, 0x08, 0xBF, 0xCD, 0x9F, + 0x63, 0xB2, 0xBA, 0x54, 0xF1, 0x9E, 0xEC, 0x11, + 0x67, 0x26, 0xC7, 0x98, 0xDD, 0xA3, 0xC5, 0x50, + 0x86, 0x17, 0xD5, 0xCF, 0x51, 0x97, 0x22, 0x65, + 0x2B, 0x71, 0xF7, 0x34, 0x84, 0x55, 0xC9, 0xD1, + 0xFE, 0x75, 0x42, 0x0A, 0x5A, 0x31, 0x59, 0xE8, + 0x8A, 0x0D, 0xE5, 0x77, 0x1C, 0xF5, 0xFD, 0x27, + 0x05, 0x05, 0xF7, 0x28, 0xDA, 0x54, 0xAB, 0xBD, + 0xDC, 0x50, 0xB8, 0xDB, 0x2E, 0xB4, 0x28, 0x41, + 0x30, 0x04, 0x40, 0xD5, 0xF0, 0x12, 0xD7, 0x16, + 0x3D, 0x8F, 0x41, 0xE7, 0x70, 0x76, 0x82, 0xB9, + 0xC4, 0xB2, 0x1F, 0x57, 0x10, 0xB6, 0xC4, 0x84, + 0x0D, 0xB1, 0xB8, 0x21, 0xB2, 0x77, 0x09, 0xF6, + 0xD5, 0x9C, 0xE4, 0xA2, 0xFA, 0x83, 0x13, 0x56, + 0x94, 0x3F, 0x37, 0x6D, 0x0D, 0x7C, 0x7E, 0xA0, + 0xE5, 0xC8, 0xD9, 0x42, 0x0F, 0x35, 0xB1, 0xDC, + 0xB9, 0x49, 0xD5, 0xED, 0xA8, 0x90, 0x09, 0x14, + 0xAE, 0x63, 0xB5, 0xEA, 0x62, 0x0D, 0x9E, 0x6D, + 0x93, 0xBD, 0x3A, 0xEA, 0x24, 0xB5, 0xAC, 0xC9, + 0xD1, 0x7B, 0xBC, 0xC6, 0xC4, 0xBA, 0x68, 0xB1, + 0x65, 0xFE, 0xAB, 0x30, 0xD4, 0x92, 0xD9, 0xC1, + 0x94, 0x84, 0xE1, 0x20, 0x4E, 0x28, 0x7C, 0x3A, + 0x3E, 0x8B, 0x44, 0x79, 0xC7, 0xB5, 0xA5, 0x95, + 0xC2, 0xC9, 0xA8, 0x3F, 0x92, 0x67, 0x06, 0x9A, + 0x12, 0xD3, 0xAE, 0x78, 0x87, 0x0E, 0x31, 0x54, + 0x26, 0xDF, 0x97, 0xEB, 0x6C, 0xF3, 0xC9, 0x53, + 0x39, 0xED, 0x50, 0x5A, 0xF9, 0x6A, 0x03, 0x27, + 0x8E, 0xC6, 0x79, 0x5B, 0xD4, 0xD3, 0x57, 0x97, + 0xFD, 0xF5, 0xCB, 0x14, 0xDB, 0xBE, 0x39, 0xB9, + 0x64, 0x8A, 0x75, 0xAA, 0xE3, 0x4A, 0x19, 0x59, + 0x69, 0x7D, 0xF8, 0x7D, 0x8C, 0xB8, 0x2F, 0x32, + 0x57, 0xBF, 0x84, 0x9E, 0x45, 0x4E, 0xC4, 0xA0, + 0x65, 0xA4, 0x0B, 0x73, 0x36, 0xC5, 0xD1, 0x07, + 0xF8, 0x1C, 0x91, 0x07, 0xB8, 0x0B, 0x4B, 0xE5, + 0x4F, 0xE6, 0xA1, 0xDF, 0x29, 0x03, 0xE7, 0x68, + 0xA4, 0x32, 0x8E, 0x21, 0x8F, 0x15, 0x51, 0x57, + 0x65, 0x16, 0xF0, 0x55, 0x71, 0x8C, 0x28, 0xD8, + 0x82, 0xDC, 0x8A, 0xC1, 0xE7, 0x5C, 0xF2, 0xD5, + 0xB8, 0x18, 0x16, 0x9F, 0x63, 0x89, 0x21, 0xF1, + 0xA6, 0xED, 0x21, 0xDA, 0xC8, 0x0A, 0x10, 0x21, + 0x18, 0x98, 0xD0, 0xF2, 0x9E, 0xDE, 0x5A, 0xA1, + 0x51, 0xC9, 0x18, 0x3B, 0x68, 0x79, 0x75, 0xE7, + 0xF4, 0xF9, 0xBF, 0x5F, 0xBE, 0x61, 0x35, 0xA9, + 0x02, 0x56, 0x2D, 0x99, 0xD8, 0x95, 0xFA, 0x78, + 0x8A, 0x67, 0x24, 0x1D, 0xDF, 0x13, 0x14, 0xD0, + 0xB4, 0xB6, 0x21, 0x11, 0xB7, 0xA4, 0x06, 0x8D, + 0x1D, 0xF6, 0xD5, 0x50, 0x2A, 0x0A, 0x42, 0x3C, + 0x7C, 0xF1, 0x1F, 0x15, 0x1C, 0x81, 0x69, 0xDA, + 0xCC, 0xAC, 0x8F, 0xB9, 0x08, 0x4E, 0xF8, 0x4E, + 0x3E, 0x77, 0x26, 0x4A, 0x1F, 0x72, 0x89, 0xCA, + 0x91, 0x77, 0x99, 0xBF, 0x28, 0xD2, 0x31, 0x65, + 0x30, 0x37, 0x84, 0x66, 0x8A, 0x1C, 0xC6, 0x59, + 0x7D, 0x48, 0x9B, 0x4D, 0xDC, 0x87, 0x4F, 0xD2, + 0x04, 0xA0, 0x8B, 0x8B, 0x37, 0x3B, 0x1A, 0xDB, + 0xCF, 0x63, 0x39, 0x07, 0xF3, 0x37, 0xCF, 0x0E, + 0x2F, 0xEB, 0xE6, 0x2A, 0xA1, 0x4C, 0xE0, 0x75, + 0x3F, 0xAB, 0xF7, 0xDE, 0x48, 0x83, 0x79, 0x89, + 0x30, 0xA7, 0x1B, 0xE8, 0x73, 0x8E, 0x9D, 0x1D, + 0xF6, 0x5C, 0x91, 0x4F, 0x44, 0x7C, 0x04, 0xA7, + 0x07, 0xC8, 0xCC, 0x4A, 0x5C, 0x81, 0xAD, 0x48, + 0x7C, 0xE5, 0x19, 0x5A, 0xC4, 0x29, 0x80, 0x14, + 0xFA, 0xC2, 0x26, 0x1C, 0x50, 0x28, 0xB9, 0xF6, + 0x7F, 0x8D, 0x51, 0x9A, 0xDA, 0xBB, 0x8E, 0x90, + 0xBA, 0x3B, 0xD9, 0x4D, 0x61, 0xBE, 0xFD, 0x33, + 0xC0, 0xCA, 0x7B, 0x09, 0xFF, 0x36, 0x84, 0x70, + 0x11, 0xB4, 0xBE, 0x81, 0xFE, 0x71, 0xEE, 0x81, + 0xD7, 0x61, 0xBB, 0x83, 0xA6, 0xA0, 0xDC, 0x20, + 0x04, 0x02, 0x4C, 0x1B, 0x4D, 0xED, 0x8A, 0xC1, + 0x38, 0x70, 0xC3, 0x69, 0xC9, 0x50, 0xC2, 0x17, + 0x64, 0xAD, 0x9D, 0x44, 0x63, 0x44, 0xE5, 0x32, + 0x7B, 0x90, 0xE3, 0xEF, 0x45, 0x28, 0xA6, 0x23, + 0x92, 0xCB, 0xA1, 0xFC, 0xA8, 0xB4, 0x39, 0xF1, + 0xB1, 0x00, 0x1F, 0x06, 0xD4, 0x91, 0x5D, 0xDB, + 0xAC, 0x7D, 0x87, 0xD4, 0xEE, 0xCD, 0x4A, 0x06, + 0x3E, 0xB4, 0x84, 0x65, 0xAA, 0x47, 0x05, 0x41, + 0x7C, 0x95, 0x47, 0x3A, 0x49, 0x80, 0xC5, 0xAC, + 0x32, 0x41, 0x6A, 0x3A, 0x2B, 0xB9, 0xD9, 0x21, + 0x80, 0xC7, 0xC1, 0xD0, 0xC9, 0x95, 0x4B, 0xC3, + 0xEA, 0x0D, 0x3F, 0x0E, 0xE4, 0x5A, 0xD8, 0xBD, + 0x11, 0xD0, 0x76, 0x6D, 0x3C, 0xA7, 0x64, 0xD8, + 0xCA, 0x4C, 0x8F, 0x58, 0x2C, 0xDD, 0x95, 0x1F, + 0xBB, 0x76, 0x8D, 0x10, 0xFD, 0xAD, 0x45, 0xCE, + 0x71, 0x6E, 0x27, 0x92, 0xC4, 0xA6, 0x17, 0x46, + 0x95, 0xDB, 0xD8, 0xEA, 0x9A, 0x5F, 0x0E, 0xE0, + 0x0A, 0xA2, 0xF5, 0x79, 0xC3, 0x74, 0xA7, 0x70, + 0x99, 0x3B, 0x23, 0xD7, 0x3E, 0xA4, 0x96, 0xB5, + 0x54, 0x77, 0x71, 0x8D, 0x78, 0x2E, 0xCC, 0x0A, + 0x4E, 0xF8, 0xA9, 0x96, 0xEE, 0xB4, 0x4B, 0x5B, + 0xDC, 0x52, 0x6D, 0xE1, 0x61, 0x36, 0xE1, 0x32, + 0xD6, 0xA2, 0x7B, 0x2E, 0xCC, 0x78, 0x92, 0xA1, + 0x81, 0x59, 0xB8, 0xC7, 0x04, 0x11, 0x3D, 0xF0, + 0xF9, 0xF9, 0x3E, 0x47, 0x3C, 0xEA, 0xD5, 0x30, + 0x2D, 0xAE, 0xC0, 0x47, 0xC8, 0x61, 0xCC, 0x9C, + 0x2E, 0xC0, 0x40, 0x16, 0x11, 0x73, 0x13, 0xF3, + 0x19, 0xAE, 0x72, 0x44, 0x72, 0xC5, 0x59, 0x51, + 0x2E, 0x9F, 0xE3, 0x07, 0xB0, 0xCA, 0x6B, 0xB0, + 0x15, 0x20, 0xB4, 0x25, 0x00, 0xED, 0xFD, 0xAC, + 0xD6, 0x34, 0x8B, 0xCA, 0xE8, 0xC6, 0x3B, 0xFD, + 0x02, 0x22, 0xE6, 0x91, 0x2B, 0x4B, 0x61, 0xDF, + 0x63, 0x5C, 0x2B, 0x5F, 0x82, 0x07, 0x23, 0x59, + 0x82, 0x5E, 0x0E, 0x21, 0xF7, 0x9C, 0x37, 0x1C, + 0x7E, 0x6F, 0xD4, 0xFA, 0x91, 0x40, 0x8B, 0x98, + 0x68, 0xBD, 0x60, 0x2F, 0x0A, 0xC8, 0xC8, 0x99, + 0xA1, 0xC6, 0x10, 0xF1, 0x27, 0x53, 0xD3, 0xFB, + 0x23, 0x02, 0xE7, 0x8E, 0x95, 0xB1, 0xF0, 0x21, + 0xCB, 0x90, 0xEE, 0x8D, 0xE0, 0x27, 0x57, 0xDE, + 0x40, 0xA3, 0xE7, 0x8F, 0x61, 0xC1, 0x8F, 0xC5, + 0x0C, 0x0F, 0xBA, 0x05, 0xA0, 0x58, 0x8E, 0x86, + 0x8A, 0xF5, 0x72, 0xE1, 0x34, 0xB4, 0xF6, 0x8E, + 0x6E, 0xA4, 0x21, 0x75, 0x43, 0x73, 0xE7, 0x32, + 0x72, 0x80, 0x9B, 0xE7, 0x1D, 0x78, 0x8F, 0x0D, + 0x06, 0x47, 0x9E, 0x4D, 0xB4, 0xAC, 0x3E, 0x0D, + 0xB8, 0x11, 0x23, 0xFF, 0xAD, 0xB9, 0x23, 0xE0, + 0xA4, 0x37, 0xA6, 0x3D, 0xC2, 0x15, 0xF4, 0x64, + 0x03, 0x1F, 0x0A, 0x68, 0xED, 0x37, 0x37, 0xE8, + 0x3E, 0x5B, 0x49, 0x78, 0xFC, 0xFC, 0x12, 0x06, + 0xE8, 0xC7, 0xCD, 0x3A, 0xAF, 0xD4, 0x54, 0xA7, + 0x04, 0x7B, 0xFC, 0x66, 0xA6, 0xA8, 0x1C, 0x38, + 0x0C, 0x26, 0x08, 0xE6, 0xEE, 0x47, 0x25, 0x80, + 0x59, 0xA5, 0x39, 0x81, 0x20, 0xEE, 0x5F, 0x49, + 0x9A, 0x01, 0x37, 0xE9, 0x96, 0x18, 0xD0, 0x05, + 0x2D, 0xE3, 0x73, 0xD5, 0x08, 0x3B, 0x18, 0x46, + 0xFE, 0x9E, 0x67, 0x5B, 0x9E, 0xF8, 0x53, 0x05, + 0x2F, 0x96, 0x18, 0x9C, 0x09, 0x0D, 0xA6, 0x05, + 0xB3, 0x9E, 0x2F, 0x0B, 0x5A, 0xF3, 0x93, 0xFF, + 0x29, 0xF3, 0x4F, 0x62, 0xD5, 0x9A, 0xCE, 0x74, + 0x64, 0xD0, 0xBC, 0xB3, 0x08, 0xF1, 0xD3, 0x22, + 0xA5, 0xBE, 0x64, 0x0A, 0xEB, 0xA5, 0xF5, 0x1B, + 0x7E, 0x0A, 0x44, 0x3B, 0x1D, 0xA9, 0x48, 0x9A, + 0x2F, 0xED, 0x05, 0x0F, 0x44, 0xB3, 0x6D, 0xAD, + 0x39, 0x2C, 0xBA, 0x8E, 0x2B, 0xDE, 0x17, 0x38, + 0xD1, 0x69, 0xEA, 0xAE, 0x4E, 0x97, 0xCD, 0x61, + 0xBA, 0x75, 0x39, 0xF2, 0x81, 0xBB, 0xA9, 0x0F, + 0x6F, 0x82, 0xD4, 0xCB, 0xE4, 0x93, 0x82, 0x11, + 0x72, 0x9A, 0xE9, 0x87, 0xEC, 0xCC, 0x6D, 0xA1, + 0x7D, 0x47, 0x60, 0x20, 0xB6, 0xEE, 0xC6, 0xAA, + 0xC0, 0x3C, 0x95, 0x08, 0xA0, 0x8B, 0xFA, 0x04, + 0xF6, 0x6F, 0x65, 0x48, 0xCA, 0xA7, 0xA3, 0xA8, + 0xBB, 0x3B, 0x80, 0x91, 0xB6, 0x6D, 0x2F, 0x9D, + 0x97, 0xBB, 0x52, 0xE6, 0xC4, 0x24, 0x99, 0x97, + 0x63, 0xAD, 0xD2, 0xFD, 0xB3, 0x94, 0x6D, 0xC1, + 0xFB, 0xFA, 0x89, 0x45, 0x78, 0x80, 0x3C, 0xAA, + 0x3F, 0xC0, 0x7E, 0x8D, 0x37, 0x00, 0xA7, 0x70, + 0xD6, 0x57, 0x2A, 0xD3, 0x17, 0xB1, 0x9E, 0xDF, + 0x96, 0x98, 0x40, 0xB8, 0x1C, 0xCC, 0xC6, 0xCD, + 0xCD, 0xB0, 0xF3, 0x23, 0x53, 0xB6, 0x45, 0x78, + 0xA6, 0xA0, 0x88, 0x61, 0x06, 0x04, 0x8E, 0x1B, + 0xCD, 0x12, 0x29, 0x50, 0x0F, 0xD2, 0x8C, 0x89, + 0x51, 0xD1, 0x74, 0x0B, 0xE3, 0xA7, 0x75, 0x8A, + 0x60, 0x95, 0xEF, 0x6A, 0x98, 0xC7, 0x35, 0xA5, + 0xC0, 0xFB, 0x4C, 0x88, 0xA1, 0xDA, 0xCE, 0x79, + 0x3D, 0x4E, 0x4F, 0x91, 0x75, 0x88, 0xE0, 0x5F, + 0x17, 0xF5, 0xEF, 0xF8, 0x49, 0xFE, 0xB1, 0xDB, + 0x0D, 0xE8, 0xB2, 0xF7, 0xD4, 0x90, 0xBD, 0xB0, + 0x6B, 0x3A, 0x1B, 0xB5, 0xC6, 0xFB, 0x93, 0xEF, + 0xF3, 0xDD, 0x60, 0xEA, 0x67, 0x11, 0xFE, 0x6A, + 0xCC, 0x2C, 0x64, 0x2A, 0x85, 0x2E, 0x24, 0x39, + 0x34, 0x6B, 0xBC, 0xF8, 0x89, 0xB3, 0x49, 0x82, + 0x9C, 0xC0, 0x04, 0x29, 0x6D, 0x25, 0xCB, 0x19, + 0xE1, 0x53, 0xC6, 0x10, 0x7D, 0x62, 0x07, 0xD2, + 0x83, 0x8B, 0x89, 0x04, 0x70, 0x06, 0x60, 0x4F, + 0xB6, 0x10, 0x2B, 0xA0, 0x92, 0xF4, 0x1A, 0x7A, + 0xD6, 0x4F, 0xDC, 0x6C, 0x6C, 0x27, 0xE5, 0xEC, + 0x68, 0x1B, 0x95, 0x7C, 0x1C, 0x95, 0x2C, 0xB7, + 0x0A, 0x8D, 0xC7, 0x57, 0x92, 0x00, 0x4D, 0xC0, + 0x5F, 0xD4, 0xF4, 0x88, 0x3F, 0x8D, 0x43, 0x12, + 0x05, 0xE2, 0x14, 0x0E, 0xDD, 0x2C, 0xEC, 0xD5, + 0x2F, 0x1A, 0xE6, 0x97, 0xDC, 0xFE, 0x96, 0x80, + 0x67, 0x3B, 0xD4, 0x63, 0x73, 0xFA, 0xC8, 0x4F, + 0x4C, 0x4F, 0x2D, 0x68, 0x76, 0x44, 0x8E, 0xC2, + 0x19, 0x99, 0x44, 0xEA, 0xF2, 0x33, 0x23, 0x83, + 0xC8, 0xB1, 0x7C, 0x27, 0x43, 0x9B, 0x67, 0xF9, + 0xDE, 0xE1, 0xAE, 0x03, 0xA5, 0xA5, 0x2B, 0x96, + 0xB2, 0xEC, 0x4A, 0x43, 0xA7, 0x6D, 0xF4, 0xDB, + 0x32, 0x5B, 0x54, 0xD6, 0x63, 0xEA, 0x65, 0xC2, + 0xA8, 0x4B, 0x80, 0xCC, 0x65, 0x2D, 0xCE, 0x6F, + 0x61, 0x2F, 0x58, 0xD1, 0xE5, 0x64, 0x8A, 0x42, + 0x8D, 0xBA, 0xFA, 0x35, 0x5C, 0x9E, 0xD5, 0x80, + 0x2D, 0x5C, 0xC3, 0x47, 0xFB, 0x0D, 0x43, 0x20, + 0x7A, 0xA4, 0x37, 0xB2, 0x2F, 0x0B, 0x43, 0xB9, + 0x94, 0xD3, 0xD9, 0xC2, 0xD7, 0x02, 0x5D, 0x6A, + 0x12, 0x99, 0xE7, 0x32, 0x6C, 0xF0, 0x0C, 0x73, + 0x51, 0x33, 0x84, 0xA9, 0x0C, 0x66, 0xC9, 0x19, + 0x88, 0x9A, 0xF1, 0xB6, 0xF8, 0x41, 0xB1, 0xDC, + 0x60, 0xA4, 0x80, 0x73, 0x0B, 0x21, 0xF9, 0xB8, + 0x01, 0x7E, 0x66, 0x0D, 0xB4, 0x2B, 0x53, 0x8D, + 0x7D, 0x0B, 0xE1, 0xA3, 0x0C, 0x27, 0xF6, 0x2F, + 0x27, 0x34, 0x53, 0x75, 0x54, 0xF7, 0x5E, 0x05, + 0x1C, 0x5A, 0x94, 0x08, 0x14, 0xDE, 0xAA, 0x98, + 0xD9, 0xA5, 0xA0, 0xBE, 0x80, 0xC1, 0xEB, 0x3C, + 0xCF, 0x78, 0x88, 0xA4, 0xA2, 0x03, 0xF8, 0x79, + 0x1F, 0x84, 0x84, 0xA7, 0x0E, 0x95, 0x1A, 0x85, + 0xEF, 0x4C, 0xBE, 0xA2, 0x99, 0xAB, 0x10, 0xDD, + 0x85, 0x3F, 0x10, 0x6A, 0x9C, 0xD5, 0xDD, 0x7A, + 0xFB, 0xF5, 0xD9, 0xD9, 0xAA, 0xDF, 0x03, 0x78, + 0xAF, 0x1D, 0xEC, 0x18, 0xEB, 0x00, 0xB6, 0x64, + 0xB5, 0x75, 0xA5, 0x00, 0xDC, 0x36, 0x45, 0xBD, + 0x0C, 0x66, 0xCE, 0xA9, 0xBB, 0xD1, 0xF7, 0xE4, + 0x6A, 0xDA, 0x0E, 0x81, 0x0F, 0x6A, 0x71, 0x60, + 0x5C, 0x41, 0xD2, 0x12, 0x45, 0x14, 0xEF, 0x6F, + 0xEC, 0x22, 0x73, 0x4C, 0xA7, 0x94, 0xDD, 0x1A, + 0x42, 0x22, 0x58, 0x14, 0x0C, 0x4E, 0x6D, 0x77, + 0x7F, 0xF5, 0xC9, 0x69, 0x81, 0xA3, 0xB8, 0x6D, + 0x1C, 0x39, 0x47, 0xA5, 0xC4, 0x61, 0x1C, 0x91, + 0x2F, 0x67, 0xC3, 0x5E, 0x87, 0x1A, 0x85, 0x81, + 0x7D, 0x76, 0xF2, 0xE0, 0xB9, 0xD0, 0x43, 0x33, + 0xF1, 0xC1, 0xBA, 0x48, 0x6F, 0x48, 0xD5, 0xAE, + 0xB6, 0xDC, 0xAA, 0xCA, 0xEB, 0x0B, 0x6B, 0xFE, + 0xF4, 0xF1, 0x6E, 0x5D, 0xE4, 0x90, 0x53, 0xCF, + 0x9E, 0x13, 0x80, 0xCE, 0xE5, 0xDD, 0xA4, 0x01, + 0xBC, 0x16, 0x50, 0xD0, 0x78, 0x96, 0x3F, 0x2B, + 0x7A, 0x71, 0x8E, 0x86, 0xFD, 0x14, 0x21, 0xDF, + 0x4D, 0xD7, 0xDD, 0x42, 0x59, 0xB3, 0xED, 0x81, + 0xE3, 0xAF, 0x71, 0x57, 0xE7, 0x04, 0xD2, 0x26, + 0xA8, 0x83, 0xFC, 0x03, 0x90, 0x8C, 0x88, 0xC4, + 0xBF, 0x74, 0x54, 0x59, 0xD8, 0x66, 0x9F, 0xE2, + 0x7A, 0xCE, 0x5B, 0x9C, 0xC4, 0x37, 0xFA, 0xDB, + 0x40, 0x9A, 0xDD, 0x73, 0x9C, 0x06, 0x5A, 0x21, + 0x43, 0xFB, 0xFA, 0x1B, 0x41, 0x31, 0x9F, 0xF4, + 0x24, 0x09, 0x05, 0xFE, 0x56, 0x17, 0x52, 0x9C, + 0xC7, 0xE2, 0xCA, 0xC9, 0x1F, 0xBE, 0xE2, 0xEB, + 0x92, 0xEE, 0xD4, 0x76, 0x44, 0x9A, 0xFA, 0xFB, + 0x07, 0x62, 0x98, 0xEC, 0xA0, 0xCF, 0xBF, 0xFA, + 0x5E, 0x1B, 0x8B, 0xCD, 0x33, 0xFB, 0x1A, 0x97, + 0xFE, 0x50, 0x65, 0x22, 0x08, 0x9E, 0xC3, 0x87, + 0x88, 0xCA, 0xDD, 0x11, 0x5E, 0xA7, 0xCF, 0xF3, + 0x07, 0x0A, 0x34, 0x0E, 0x30, 0x1B, 0xC5, 0xCE, + 0xF7, 0xA6, 0xA4, 0x31, 0xB5, 0x40, 0xB8, 0x81, + 0xAC, 0xAA, 0x07, 0xE0, 0x7D, 0x5E, 0x6A, 0x25, + 0x85, 0x8D, 0x1D, 0x82, 0x45, 0x82, 0x76, 0xB2, + 0x65, 0x69, 0x3E, 0x88, 0xFE, 0x21, 0xFE, 0x6A, + 0x6B, 0x97, 0xD6, 0x70, 0x70, 0x00, 0x83, 0x18, + 0x39, 0xA6, 0x91, 0x3F, 0xB1, 0xB7, 0xED, 0x11, + 0xD3, 0xF9, 0x74, 0x31, 0xEC, 0x21, 0xA2, 0xEE, + 0x69, 0x04, 0xC0, 0xEA, 0x4A, 0x17, 0x1A, 0xF8, + 0xDA, 0xF1, 0x52, 0xB2, 0x78, 0x69, 0x4F, 0xDF, + 0xE6, 0xB9, 0xF3, 0xE7, 0x48, 0x8B, 0x09, 0x5F, + 0x4A, 0x7A, 0x05, 0x8E, 0xA8, 0xF6, 0x69, 0x3D, + 0x91, 0x7A, 0x6F, 0x6C, 0xAD, 0x03, 0x16, 0xEA, + 0xE0, 0x04, 0xFE, 0x54, 0x71, 0x50, 0x6D, 0x31, + 0xE4, 0x37, 0x76, 0xD6, 0x1B, 0xA9, 0xEE, 0x56, + 0x7A, 0x39, 0x34, 0x24, 0x00, 0x58, 0xE3, 0x2F, + 0xD4, 0x97, 0x57, 0x6F, 0xD8, 0x0E, 0x8B, 0xD3, + 0x88, 0x7F, 0xE8, 0x74, 0x72, 0xF7, 0xBA, 0x26, + 0x25, 0xE4, 0xD5, 0x86, 0xCD, 0xA8, 0x1E, 0x8D, + 0x49, 0xCF, 0x04, 0x92, 0x5B, 0x50, 0xD0, 0x73, + 0x3C, 0xC9, 0x17, 0xC3, 0x0E, 0x67, 0x02, 0xC5, + 0xDE, 0x48, 0x88, 0x0D, 0x2C, 0x0D, 0x68, 0x04, + 0xD5, 0x51, 0xDF, 0x4F, 0x23, 0x89, 0x7A, 0x29, + 0x41, 0xB2, 0x7A, 0xCA, 0x86, 0xA5, 0xCC, 0xC4, + 0xF5, 0xD3, 0xE1, 0xEF, 0xB8, 0xCD, 0x84, 0xB5, + 0x6D, 0xB6, 0x51, 0x1B, 0x81, 0x26, 0x97, 0xAC, + 0x00, 0xFC, 0x76, 0x8D, 0x99, 0xD9, 0x35, 0x8E, + 0x4D, 0x3E, 0xC0, 0xC1, 0x0E, 0x8D, 0x9B, 0xE5, + 0x79, 0xF3, 0xC7, 0xA0, 0xA4, 0xA6, 0xA2, 0xE9, + 0x8B, 0xCD, 0x36, 0x79, 0x76, 0xF1, 0x6A, 0xEE, + 0xCF, 0x91, 0x8D, 0x91, 0xB1, 0xAF, 0xF2, 0xF5, + 0x43, 0xF6, 0xB2, 0x3A, 0x39, 0x9F, 0xBF, 0xDE, + 0x16, 0x03, 0x52, 0x18, 0x62, 0x93, 0xB5, 0x09, + 0xC4, 0xEE, 0x27, 0x9C, 0x56, 0x6F, 0x0C, 0x1C, + 0x12, 0x42, 0xF0, 0x34, 0xBD, 0x44, 0x52, 0x4C, + 0x32, 0x7E, 0x64, 0xDF, 0x78, 0x16, 0xD9, 0x9E, + 0xD7, 0x8A, 0x11, 0x33, 0x65, 0x42, 0xEC, 0x36, + 0x07, 0xEE, 0x3F, 0x19, 0x97, 0x9B, 0x92, 0x9D, + 0x3A, 0xE4, 0x98, 0x83, 0xDB, 0x0C, 0x85, 0x39, + 0xFA, 0x8D, 0x73, 0xF5, 0xBF, 0xE0, 0x75, 0x40, + 0x50, 0x9B, 0xF2, 0xE6, 0xB6, 0xA5, 0x33, 0xD0, + 0xC4, 0xD6, 0xAB, 0xFF, 0x16, 0xDE, 0x30, 0x9C, + 0x68, 0x90, 0xE0, 0x5E, 0xD3, 0xD5, 0xA9, 0xB0, + 0xD9, 0x6B, 0x0A, 0x43, 0x45, 0x9A, 0x3D, 0xE8, + 0xB6, 0x66, 0xE4, 0x57, 0x05, 0x8E, 0x5B, 0x72, + 0xFE, 0x50, 0x44, 0x8C, 0xE4, 0x68, 0x43, 0x51, + 0x0D, 0x9A, 0xD3, 0x36, 0xA9, 0xC7, 0xF6, 0xCF, + 0x6D, 0x2C, 0x95, 0x46, 0x98, 0x6D, 0x9E, 0x78, + 0x90, 0x87, 0x19, 0x64, 0xD5, 0xDE, 0x1D, 0x9B, + 0x37, 0x4E, 0x52, 0xF5, 0x14, 0xAA, 0xEE, 0x31, + 0x83, 0x55, 0x7C, 0x38, 0x0F, 0xB3, 0xF6, 0xF2, + 0x1C, 0x60, 0x71, 0x68, 0x1F, 0x06, 0xBD, 0x99, + 0xFD, 0x42, 0x12, 0x54, 0x3E, 0xBA, 0x4B, 0x60, + 0xFB, 0xFB, 0x51, 0x4D, 0x02, 0xCE, 0xE5, 0x9E, + 0x59, 0xB2, 0xE6, 0x98, 0x67, 0xBB, 0xAB, 0xC8, + 0x08, 0xE4, 0x08, 0x0D, 0xF5, 0x3B, 0x47, 0x78, + 0x39, 0x24, 0x56, 0x80, 0xF0, 0x6A, 0x1D, 0x33, + 0x05, 0x5F, 0xF2, 0xA2, 0x38, 0xAD, 0xDF, 0x5C, + 0xC5, 0xEA, 0x9C, 0xC7, 0x0A, 0x1B, 0x5B, 0x43, + 0xE9, 0x59, 0x3D, 0x68, 0x00, 0x23, 0x32, 0x5D, + 0x25, 0xFD, 0xA7, 0xCA, 0xDA, 0xA1, 0xFD, 0x22, + 0x4E, 0x34, 0x96, 0xE7, 0x0D, 0xFF, 0x89, 0x3B, + 0xA6, 0x56, 0x0D, 0x11, 0x13, 0xA6, 0x9D, 0x3B, + 0xBC, 0x12, 0x97, 0x9A, 0x2B, 0xAA, 0xE9, 0xE2, + 0xCF, 0xD2, 0xD3, 0xEF, 0x95, 0xFC, 0x40, 0x80, + 0x94, 0x48, 0x80, 0x5A, 0x3F, 0x4A, 0xD2, 0xB5, + 0x7D, 0x61, 0xA2, 0x26, 0x7B, 0xDC, 0x32, 0xCB, + 0x84, 0x2E, 0x9B, 0x29, 0x63, 0x45, 0x74, 0x0D, + 0x85, 0x54, 0xB2, 0x16, 0x77, 0x9B, 0x47, 0x51, + 0x63, 0x33, 0xE9, 0x1A, 0x52, 0x9D, 0xEB, 0x26, + 0x06, 0x7F, 0x97, 0xA0, 0xA1, 0xAA, 0x07, 0x0F, + 0x1E, 0x23, 0xAB, 0xCC, 0xD5, 0x0F, 0x3E, 0x88, + 0xAA, 0xC3, 0xED, 0x06, 0x25, 0x3A, 0x4A, 0x62, + 0x85, 0x9F, 0xA7, 0xD3, 0xF5, 0x1C, 0x9A, 0xCC, + 0x52, 0x87, 0x9F, 0xB8, 0xC7, 0xDD, 0xF1, 0x50, + 0x66, 0x70, 0xAC, 0xC6, 0x2C, 0x2E, 0x8C, 0xC9, + 0xD9, 0xF6, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x06, 0x0D, 0x13, 0x1D, 0x20, + 0x27, 0x2C, 0x32 + }; +#endif + byte sig[DILITHIUM_MAX_SIG_SIZE]; + word32 sigLen; + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); + ExpectIntEQ(wc_dilithium_import_private(sk_44, (word32)sizeof(sk_44), key), + 0); + sigLen = PARAMS_ML_DSA_44_SIG_SIZE; + ExpectIntEQ(wc_dilithium_sign_msg_with_seed(msg_44, (word32)sizeof(msg_44), + sig, &sigLen, key, rnd_44), 0); + ExpectIntEQ(sigLen, PARAMS_ML_DSA_44_SIG_SIZE); + ExpectIntEQ(XMEMCMP(sig, sig_44, sizeof(sig_44)), 0); +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); + ExpectIntEQ(wc_dilithium_import_private(sk_65, (word32)sizeof(sk_65), key), + 0); + sigLen = PARAMS_ML_DSA_65_SIG_SIZE; + ExpectIntEQ(wc_dilithium_sign_msg_with_seed(msg_65, (word32)sizeof(msg_65), + sig, &sigLen, key, rnd_65), 0); + ExpectIntEQ(sigLen, PARAMS_ML_DSA_65_SIG_SIZE); + ExpectIntEQ(XMEMCMP(sig, sig_65, sizeof(sig_65)), 0); +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); + ExpectIntEQ(wc_dilithium_import_private(sk_87, (word32)sizeof(sk_87), key), + 0); + sigLen = PARAMS_ML_DSA_87_SIG_SIZE; + ExpectIntEQ(wc_dilithium_sign_msg_with_seed(msg_87, (word32)sizeof(msg_87), + sig, &sigLen, key, rnd_87), 0); + ExpectIntEQ(sigLen, PARAMS_ML_DSA_87_SIG_SIZE); + ExpectIntEQ(XMEMCMP(sig, sig_87, sizeof(sig_87)), 0); +#endif + + wc_dilithium_free(key); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +int test_wc_dilithium_verify_kats(void) +{ + EXPECT_DECLS; +#if defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + dilithium_key* key; + int res; +#ifndef WOLFSSL_NO_ML_DSA_44 + static const byte pk_44[] = { + 0x09, 0xB4, 0x88, 0x7D, 0x97, 0xBC, 0xF6, 0x37, + 0x9C, 0xC5, 0x9B, 0x61, 0x62, 0xC1, 0xE8, 0xBF, + 0x05, 0x60, 0xBF, 0x44, 0xD6, 0x18, 0x09, 0x17, + 0x0E, 0x6E, 0x28, 0xF7, 0x06, 0x69, 0xA3, 0xE9, + 0x49, 0x64, 0x38, 0xE8, 0x91, 0x57, 0x35, 0xAD, + 0xAE, 0xB4, 0x45, 0xCF, 0xDB, 0x7D, 0x89, 0xB3, + 0x8C, 0x04, 0x8F, 0x4C, 0x3E, 0x00, 0x58, 0x15, + 0x14, 0xC5, 0xFD, 0x19, 0x8B, 0x2D, 0x17, 0x39, + 0xE8, 0x83, 0xB8, 0x78, 0xD5, 0x6B, 0xB4, 0x12, + 0x64, 0xBE, 0x41, 0xD3, 0xD5, 0x15, 0x65, 0xE2, + 0xE9, 0xCA, 0xE3, 0x31, 0x84, 0xA8, 0x99, 0xF6, + 0x2D, 0xD5, 0x7D, 0x07, 0x40, 0x0E, 0x98, 0xE5, + 0x86, 0x87, 0xA9, 0xB2, 0x2F, 0xA3, 0x17, 0xEE, + 0xD1, 0x34, 0xCA, 0x72, 0x14, 0xBF, 0xF0, 0x21, + 0xDD, 0x21, 0x62, 0xB1, 0x83, 0x09, 0x1D, 0x15, + 0xF2, 0x63, 0xB7, 0x29, 0x82, 0x14, 0x42, 0x3C, + 0x6B, 0xB6, 0x96, 0xD7, 0x5C, 0x20, 0xD9, 0xEA, + 0xCD, 0x0A, 0x03, 0xE4, 0x26, 0x2C, 0x4B, 0x08, + 0xBE, 0x39, 0xFA, 0x21, 0x54, 0xBD, 0x6E, 0x50, + 0x25, 0xFF, 0x79, 0x1E, 0x88, 0x5F, 0x22, 0x26, + 0xE3, 0xCF, 0x48, 0xF7, 0xB5, 0xEB, 0x04, 0xFB, + 0xE9, 0xEC, 0xF7, 0x5B, 0x19, 0xE1, 0xD1, 0x5C, + 0x30, 0x5E, 0x92, 0x26, 0x0A, 0xB0, 0xD6, 0xAE, + 0x7D, 0xBA, 0x7B, 0xBE, 0x73, 0xB6, 0xBC, 0x18, + 0x1C, 0xF9, 0x33, 0x84, 0x0C, 0xC1, 0x0A, 0x00, + 0x05, 0x02, 0x28, 0xFA, 0x46, 0xA2, 0x63, 0x6D, + 0xD9, 0xA9, 0x09, 0x47, 0xE9, 0xF1, 0x3A, 0x93, + 0xEF, 0x4C, 0x62, 0xBE, 0x37, 0x4D, 0x76, 0xD1, + 0xFD, 0xBB, 0xC5, 0xD8, 0xB5, 0x5E, 0x72, 0x9F, + 0xA5, 0x86, 0x65, 0xAA, 0x07, 0xB9, 0x0C, 0x8C, + 0xDD, 0xD6, 0x1C, 0x56, 0x6B, 0x0D, 0x7E, 0xD6, + 0x57, 0x70, 0x49, 0x2E, 0xA0, 0x71, 0x3E, 0x1E, + 0xD4, 0x6A, 0xC7, 0xAD, 0x15, 0x03, 0xC5, 0x6D, + 0x90, 0x52, 0xD2, 0xC9, 0x4D, 0x49, 0xE4, 0x41, + 0x6A, 0xC9, 0x2B, 0x70, 0x39, 0x6F, 0x76, 0xF6, + 0xFB, 0x48, 0x10, 0x45, 0x68, 0x17, 0x25, 0xA6, + 0x8C, 0xB3, 0x56, 0x37, 0x7F, 0xB2, 0x31, 0xAB, + 0x8F, 0x3E, 0xB9, 0xA4, 0x98, 0x2F, 0xFF, 0x18, + 0x36, 0x47, 0x3B, 0xCB, 0xDA, 0xB6, 0x87, 0x2D, + 0x22, 0x94, 0x67, 0xEF, 0xB9, 0x36, 0x62, 0x61, + 0xFE, 0xB1, 0x48, 0xBA, 0x9B, 0x7D, 0xB9, 0xC4, + 0xFE, 0x0B, 0xB8, 0x86, 0x12, 0xAB, 0xB8, 0xFD, + 0x61, 0x09, 0x6F, 0x18, 0x19, 0x60, 0x4D, 0x55, + 0xDF, 0x60, 0x20, 0x46, 0x4D, 0x3F, 0x09, 0x2C, + 0xFC, 0xA5, 0x98, 0x12, 0x08, 0x22, 0x18, 0x56, + 0x68, 0x99, 0xA5, 0x6A, 0x3C, 0x63, 0x3C, 0xC8, + 0x1F, 0x88, 0xAD, 0xB2, 0xE1, 0x41, 0x4E, 0xF3, + 0x85, 0x0D, 0x10, 0xBF, 0x5A, 0x77, 0xAC, 0xE7, + 0x24, 0xD6, 0xC1, 0xF3, 0x88, 0x92, 0x87, 0x44, + 0xB3, 0xE5, 0x42, 0xAE, 0x49, 0x1C, 0xD5, 0x6A, + 0x64, 0x21, 0x3F, 0x1D, 0x3C, 0xC9, 0x0B, 0x29, + 0x10, 0x5F, 0x43, 0xD2, 0x37, 0xC8, 0x3D, 0x5F, + 0xB8, 0x29, 0x32, 0x5C, 0x83, 0xE6, 0x54, 0x57, + 0x77, 0x76, 0x39, 0x2F, 0x85, 0x36, 0xAA, 0x9D, + 0xAE, 0x87, 0x24, 0x07, 0xAB, 0xAA, 0xA9, 0xAC, + 0xC2, 0x2A, 0x68, 0x12, 0xCE, 0xA7, 0x4C, 0x0B, + 0xA6, 0x7E, 0xAF, 0x4A, 0x41, 0x01, 0x52, 0x97, + 0x5E, 0x9A, 0x83, 0xEE, 0x44, 0x69, 0x29, 0x53, + 0x17, 0xBE, 0xD1, 0x05, 0x51, 0xBA, 0x32, 0xE6, + 0x5A, 0xFC, 0x8C, 0x8E, 0x68, 0xDD, 0x55, 0x42, + 0x0C, 0x50, 0x2D, 0x93, 0x7D, 0xAD, 0xD2, 0xEF, + 0xA2, 0xCB, 0xFD, 0x1F, 0x73, 0x9F, 0xC0, 0xAB, + 0x2B, 0x26, 0x54, 0xFA, 0xE0, 0x8C, 0x0C, 0x7F, + 0x8E, 0xDD, 0x43, 0xCF, 0x9F, 0xF0, 0xB0, 0x1D, + 0x98, 0x4D, 0x49, 0x18, 0x52, 0xA3, 0x72, 0xE9, + 0xFE, 0xFD, 0xCC, 0x1B, 0xC1, 0x6C, 0xDB, 0x52, + 0x39, 0xAE, 0x10, 0x01, 0x15, 0x5F, 0x89, 0x56, + 0x30, 0x51, 0xCE, 0x47, 0x99, 0x6C, 0x5A, 0xEE, + 0xB2, 0x19, 0x0E, 0xA1, 0x8F, 0x7F, 0x73, 0x40, + 0x42, 0xDE, 0x68, 0xE9, 0x88, 0x36, 0x7D, 0x89, + 0x35, 0x5D, 0x9D, 0x83, 0x77, 0xBA, 0xF9, 0x64, + 0x79, 0x78, 0xEB, 0x2E, 0x49, 0x2A, 0xD0, 0x21, + 0xC5, 0x69, 0xAE, 0x8B, 0xA6, 0x9B, 0x15, 0xF1, + 0xFC, 0xF7, 0x03, 0x9A, 0x7E, 0x64, 0xAF, 0x10, + 0xAB, 0xF3, 0xEA, 0x45, 0xB7, 0x22, 0x2F, 0x96, + 0x59, 0xE3, 0x33, 0x73, 0x37, 0x2E, 0x1D, 0xB1, + 0x86, 0xD2, 0xC2, 0xA0, 0xD7, 0x54, 0x51, 0xC4, + 0x78, 0xAE, 0xF3, 0x3E, 0x59, 0x49, 0xF2, 0x40, + 0x04, 0x0C, 0x2A, 0xFC, 0x44, 0xB1, 0xD3, 0xA0, + 0x2A, 0x6D, 0x2F, 0x87, 0x90, 0x2A, 0x28, 0x0E, + 0x27, 0xA2, 0x0D, 0x4E, 0x57, 0xF8, 0x89, 0x66, + 0x27, 0x00, 0xDB, 0x8A, 0x9D, 0x24, 0x99, 0x57, + 0xA7, 0xDB, 0x43, 0x7C, 0xD4, 0x80, 0xDD, 0xC0, + 0x58, 0x84, 0xFB, 0x23, 0xF8, 0x68, 0x26, 0x8E, + 0xAC, 0xE3, 0x4E, 0xED, 0x27, 0x4A, 0x92, 0x7D, + 0x9D, 0x84, 0xF1, 0xEA, 0x57, 0xEA, 0xB1, 0xA8, + 0x13, 0xB5, 0xE6, 0xAA, 0xBE, 0x9E, 0xD2, 0x61, + 0x0B, 0xC6, 0xF7, 0x2E, 0x32, 0x0C, 0xDE, 0xC4, + 0xF9, 0x95, 0x23, 0xF9, 0x3F, 0xA4, 0x48, 0xDC, + 0x1F, 0xBB, 0xDD, 0x25, 0x9B, 0x10, 0x2F, 0x5D, + 0xC9, 0x95, 0x5A, 0xFA, 0x0C, 0x41, 0x60, 0x4D, + 0x83, 0xDD, 0x1C, 0x2D, 0x22, 0x95, 0xEF, 0x44, + 0x61, 0x45, 0x6B, 0xAE, 0x86, 0x90, 0x5C, 0x4C, + 0x30, 0xD8, 0xA9, 0xFA, 0x48, 0xC9, 0x0F, 0x37, + 0xA1, 0x9C, 0x41, 0xA2, 0xD5, 0x98, 0x8F, 0x13, + 0xD5, 0x13, 0x44, 0xEC, 0x30, 0xA4, 0xA4, 0x62, + 0x19, 0xFE, 0x84, 0x11, 0x37, 0xD5, 0xAA, 0x1F, + 0x51, 0xE6, 0xC4, 0x44, 0x16, 0x8A, 0xF3, 0x98, + 0x90, 0xB6, 0xFA, 0x40, 0x0D, 0x67, 0xF4, 0x80, + 0x6F, 0x5B, 0xBD, 0x44, 0x47, 0x03, 0x07, 0x4A, + 0x7A, 0x11, 0x39, 0xC7, 0x17, 0x46, 0xD7, 0xC4, + 0xCE, 0xB3, 0xC9, 0x11, 0xF5, 0x25, 0x7E, 0x3E, + 0x53, 0xEB, 0xFA, 0x5A, 0xA8, 0xF2, 0x27, 0x80, + 0x9D, 0x44, 0xEE, 0x7D, 0xE1, 0x3C, 0x02, 0x79, + 0x24, 0xDD, 0x60, 0x15, 0x3B, 0x30, 0xAA, 0x76, + 0xDD, 0x96, 0xA7, 0xC5, 0xAC, 0xC5, 0x9B, 0x62, + 0x79, 0x19, 0x50, 0x7B, 0xF1, 0x42, 0x57, 0xAE, + 0x7A, 0x26, 0x24, 0x3C, 0x16, 0x83, 0xB2, 0x8D, + 0x1B, 0x14, 0xB5, 0x01, 0xAD, 0x05, 0x9B, 0x4D, + 0x52, 0x2A, 0x57, 0x99, 0x1E, 0x55, 0x39, 0xCE, + 0xF1, 0x8C, 0xEB, 0x5C, 0x26, 0xD6, 0x60, 0xB8, + 0x82, 0x24, 0x54, 0xC9, 0xC4, 0x2A, 0x95, 0xE6, + 0xF7, 0x2B, 0x84, 0xF7, 0x8A, 0xB9, 0x9F, 0x51, + 0xEC, 0x49, 0x78, 0x9F, 0x9D, 0xB4, 0xC1, 0x28, + 0xB0, 0x31, 0x8F, 0xFF, 0xC8, 0x2D, 0x95, 0xCA, + 0xD2, 0x77, 0xF1, 0x1E, 0x14, 0xF1, 0xEF, 0x87, + 0x14, 0x14, 0x88, 0x11, 0x22, 0xA9, 0xB1, 0x1B, + 0xDF, 0xAE, 0x4A, 0x7A, 0xBC, 0x8E, 0x75, 0x75, + 0x5A, 0xB1, 0x37, 0x41, 0xDF, 0xAC, 0xD6, 0x64, + 0x29, 0x3D, 0x1A, 0x32, 0x6B, 0xF5, 0xED, 0x5A, + 0xBB, 0xB1, 0x53, 0xEB, 0xE6, 0x99, 0x6D, 0xD6, + 0x22, 0xF0, 0xA8, 0xCB, 0x47, 0x39, 0x69, 0xA5, + 0x03, 0x66, 0xBD, 0x0B, 0x01, 0xC5, 0xC7, 0x3A, + 0x89, 0x2B, 0x8E, 0x26, 0xCE, 0x08, 0xF7, 0x5F, + 0xF8, 0x01, 0xB6, 0xDE, 0xF0, 0x41, 0xE1, 0x71, + 0x3B, 0xE6, 0xDF, 0x0E, 0xFB, 0x51, 0x58, 0x7B, + 0xE5, 0xFB, 0xEA, 0x72, 0x7E, 0x00, 0xD7, 0x17, + 0x64, 0x7D, 0xD5, 0x39, 0x07, 0x9D, 0xE1, 0x8A, + 0xE7, 0xBE, 0xD1, 0x2B, 0x91, 0xAF, 0x8D, 0xBB, + 0x1B, 0x8B, 0x32, 0xD2, 0x86, 0x0B, 0xAF, 0x40, + 0xAF, 0x8A, 0x0B, 0xBF, 0xE0, 0x28, 0x87, 0xEB, + 0x5D, 0xBE, 0x7A, 0xB1, 0xAF, 0xC4, 0x1D, 0xA7, + 0x9B, 0x01, 0x6A, 0xA1, 0x6E, 0xDA, 0x28, 0x13, + 0x21, 0xCA, 0xA5, 0xDA, 0x64, 0x4F, 0xD8, 0x65, + 0x8A, 0x7B, 0x70, 0x21, 0x81, 0x00, 0x14, 0x31, + 0x56, 0x0D, 0xD6, 0x3C, 0xB2, 0x1E, 0x5F, 0xF7, + 0x5C, 0x3F, 0x72, 0x50, 0x45, 0x6B, 0xE0, 0x8C, + 0x0D, 0x5E, 0x34, 0xC3, 0xBD, 0xE2, 0xF6, 0x06, + 0xA2, 0xBF, 0x34, 0x17, 0x76, 0x8D, 0x24, 0xB2, + 0x37, 0x39, 0xEA, 0x86, 0xCB, 0xEF, 0xDD, 0xA3, + 0x43, 0x88, 0xBC, 0x1F, 0x91, 0x8F, 0x95, 0x1E, + 0x15, 0xE4, 0x3B, 0x13, 0x85, 0xA7, 0xBC, 0xC5, + 0x59, 0xF9, 0x49, 0x2C, 0x72, 0x13, 0xA1, 0x42, + 0x27, 0xE0, 0x93, 0xE9, 0x29, 0xF3, 0x2D, 0x1E, + 0xFB, 0xE7, 0xF1, 0xEE, 0x57, 0xC4, 0x9C, 0x90, + 0x55, 0x62, 0x3E, 0xA4, 0x2E, 0xC6, 0xC7, 0x9D, + 0x7F, 0xCE, 0x71, 0xFA, 0x74, 0x76, 0x07, 0x56, + 0x6D, 0xDA, 0x69, 0xF6, 0x9D, 0xAF, 0x68, 0x11, + 0x59, 0x19, 0xC6, 0x32, 0x2E, 0xBB, 0x42, 0xC8, + 0xC0, 0x89, 0x33, 0x8C, 0x9E, 0x0C, 0x53, 0x56, + 0x5B, 0xCB, 0xE7, 0x2F, 0xBE, 0x47, 0x26, 0x68, + 0x7B, 0x07, 0x87, 0x07, 0x18, 0x06, 0xC5, 0xA6, + 0xC1, 0x49, 0xC8, 0x2B, 0x66, 0x8A, 0xA6, 0x4A, + 0x7B, 0xA0, 0xCC, 0xC1, 0xCC, 0x49, 0xA1, 0xEE, + 0xE9, 0x45, 0x3D, 0x04, 0x33, 0x6E, 0x5D, 0xC8, + 0x11, 0xE0, 0x38, 0x92, 0xF7, 0xF4, 0x66, 0x88, + 0xEC, 0xEF, 0xD0, 0x4F, 0x18, 0x76, 0xF7, 0x11, + 0x17, 0x12, 0xB5, 0x95, 0xED, 0x62, 0xDA, 0x00, + 0x67, 0x8F, 0x9E, 0x37, 0x86, 0xB5, 0xC1, 0xA5, + 0x09, 0x5B, 0xE8, 0x71, 0x0D, 0xCF, 0xA4, 0x16, + 0x52, 0x56, 0x50, 0x9E, 0x00, 0x14, 0x3A, 0x6F, + 0x11, 0x72, 0xFA, 0xBE, 0x8B, 0xF2, 0x1E, 0x5F, + 0xCE, 0x7C, 0x79, 0xC1, 0xA4, 0x4B, 0x4B, 0x15, + 0x25, 0xA0, 0x76, 0xFF, 0xB8, 0xDD, 0x90, 0x66 + }; + static const byte msg_44[] = { + 0x3A, 0xFD, 0x7F, 0xF8, 0xCA, 0xD3, 0xAC, 0xBD, + 0xF9, 0x77, 0x31, 0x26, 0x1C, 0x7A, 0x1C, 0x96, + 0x9D, 0x50, 0x16, 0xF1, 0x7D, 0x3E, 0x7F, 0x83, + 0xD2, 0x44, 0x1A, 0xF9, 0x01, 0x4B, 0x63, 0x47, + 0x7B, 0x14, 0xA6, 0x41, 0x31, 0x50, 0xFA, 0xD7, + 0xC8, 0x44, 0x39, 0xBC, 0x88, 0x66, 0x2C, 0x5E, + 0x93, 0x1F, 0x06, 0xB9, 0x51, 0x41, 0x90, 0xE1, + 0x3F, 0xB0, 0x49, 0xC4, 0xAB, 0x74, 0x01, 0x32, + 0x33, 0xB9, 0x8D, 0x48, 0xD9, 0xAF, 0xB6, 0xA3, + 0x0A, 0x67, 0x33, 0x0E, 0x1F, 0xBE, 0x33, 0x1B, + 0x09, 0xC5, 0x6D, 0x03, 0x7E, 0x97, 0x01, 0x08, + 0x5D, 0x80, 0xF1, 0xE7, 0xF4, 0x04, 0x3E, 0xFB, + 0x53, 0x58, 0x7A, 0xBB, 0x82, 0x36, 0x24, 0x01, + 0x23, 0x84, 0x51, 0x52, 0x49, 0xEE, 0x61, 0x30, + 0x97, 0x3D, 0xC9, 0xEA, 0x6F, 0x55, 0x8B, 0xAE, + 0x75, 0x10, 0x7E, 0xFD, 0xB1, 0xD9, 0x28, 0x5B + }; + static const byte sig_44[] = { + 0x4A, 0x2B, 0x16, 0xCD, 0xB5, 0x52, 0xF9, 0x29, + 0x7F, 0x8E, 0x39, 0x1A, 0xD8, 0xF5, 0xAD, 0xC8, + 0xCC, 0x5D, 0x2C, 0x56, 0xC4, 0x6B, 0x80, 0x0F, + 0x9B, 0x3E, 0xE4, 0xBB, 0xD2, 0xF2, 0xE8, 0xA8, + 0x9D, 0x59, 0x9D, 0x7B, 0x5C, 0xC2, 0xD8, 0x8C, + 0x80, 0xF2, 0x71, 0x85, 0x9B, 0xBC, 0x83, 0x04, + 0x3E, 0xC4, 0xE5, 0x48, 0x12, 0xF5, 0x93, 0x6B, + 0x44, 0x6C, 0x95, 0x13, 0xC8, 0x55, 0x28, 0x9C, + 0x94, 0xB1, 0x15, 0x51, 0xA0, 0xC7, 0x65, 0x3E, + 0x7B, 0xA7, 0x4F, 0xFB, 0x6F, 0x72, 0xD4, 0x65, + 0x2C, 0x91, 0xD3, 0x8D, 0xD1, 0xF9, 0x0D, 0xFE, + 0x44, 0x39, 0xBC, 0x21, 0xCA, 0x53, 0xE0, 0xCC, + 0x7A, 0x7A, 0xA5, 0xB8, 0x75, 0xA5, 0xB9, 0xBA, + 0x42, 0x36, 0x6E, 0xB8, 0xEC, 0xBA, 0x24, 0x36, + 0xDA, 0xF0, 0x8A, 0x91, 0x97, 0x8D, 0xD0, 0x93, + 0xF2, 0x0F, 0x1E, 0xFB, 0x6B, 0x0B, 0xCB, 0x90, + 0xDA, 0x99, 0xCC, 0xA0, 0x5E, 0x8F, 0x6F, 0x82, + 0xB8, 0x6D, 0x3C, 0x6E, 0xE2, 0x4B, 0xA5, 0xD5, + 0x0A, 0xEA, 0x10, 0xB2, 0x30, 0x7F, 0x57, 0xF8, + 0x9E, 0xD7, 0x8D, 0xB4, 0xA7, 0x4F, 0xBB, 0xF6, + 0xEB, 0x33, 0x2A, 0xFB, 0x08, 0xD0, 0x74, 0xAC, + 0xF0, 0xDE, 0x5C, 0xD7, 0xFE, 0xC1, 0x2F, 0x76, + 0xF3, 0xAB, 0x61, 0x9C, 0x81, 0x5B, 0x9E, 0xDD, + 0x28, 0x7E, 0xAD, 0x67, 0xF0, 0x4F, 0x14, 0x79, + 0x7F, 0x8D, 0xCF, 0x2C, 0xDE, 0x9A, 0x87, 0x53, + 0xB5, 0xAD, 0x0A, 0xFA, 0x12, 0x87, 0x41, 0x97, + 0xD1, 0x74, 0x40, 0x92, 0x87, 0x25, 0x21, 0xE8, + 0x68, 0xAF, 0x9E, 0x64, 0x45, 0x23, 0x73, 0xFE, + 0xB6, 0xFE, 0x25, 0xD5, 0x27, 0x3D, 0x63, 0xC0, + 0xEB, 0xD6, 0xD3, 0xB1, 0x02, 0x8C, 0x1C, 0xD0, + 0x6A, 0xF3, 0x2C, 0xEC, 0xA2, 0x62, 0x13, 0x10, + 0x83, 0x7C, 0x72, 0x78, 0x8C, 0x8A, 0xDA, 0xB5, + 0xA0, 0xF0, 0x38, 0x17, 0x12, 0x8E, 0xB7, 0xB7, + 0x66, 0xFA, 0x81, 0x2C, 0x69, 0x6C, 0xF8, 0x86, + 0xF0, 0x0A, 0x10, 0x44, 0xCD, 0xD0, 0x6B, 0xB2, + 0x8C, 0xB2, 0xE5, 0x78, 0x0C, 0x8D, 0x8C, 0xC7, + 0xE6, 0x0A, 0xB6, 0x99, 0xDD, 0x78, 0x66, 0x8B, + 0xE4, 0xFF, 0x9F, 0x46, 0x90, 0xC6, 0xFC, 0x98, + 0xAA, 0xC9, 0xC0, 0x2B, 0x66, 0xB9, 0xB9, 0x82, + 0x6A, 0x30, 0x61, 0xFD, 0x32, 0x22, 0xDA, 0x84, + 0x82, 0x66, 0x79, 0x60, 0xA3, 0x16, 0x52, 0xEE, + 0x88, 0xEB, 0x32, 0xB0, 0x46, 0x9A, 0xB7, 0x1C, + 0xAA, 0x25, 0x19, 0xF2, 0x3D, 0x1A, 0x24, 0x42, + 0xD5, 0xB1, 0x31, 0x62, 0x62, 0x13, 0x1D, 0xCE, + 0xC5, 0xF2, 0x87, 0xE3, 0x2F, 0xD3, 0x43, 0xFE, + 0xB4, 0x42, 0x9E, 0x54, 0x25, 0x8D, 0x69, 0x0D, + 0x9D, 0x20, 0xA1, 0x0A, 0xBD, 0x75, 0xA5, 0x36, + 0xDF, 0xF8, 0xCF, 0x1D, 0x6D, 0xDF, 0x19, 0x29, + 0x1E, 0x27, 0x49, 0xA7, 0xD1, 0x6E, 0xB9, 0x0A, + 0xB5, 0x09, 0x3B, 0xAD, 0x38, 0xE1, 0x16, 0xA8, + 0x6B, 0x73, 0x0E, 0x65, 0x57, 0x4C, 0x06, 0x8C, + 0x38, 0xBA, 0x94, 0x57, 0xC9, 0xD6, 0xD9, 0x13, + 0xEA, 0xFF, 0x57, 0xFE, 0x23, 0xBF, 0x3D, 0xD2, + 0x4D, 0x8C, 0xA5, 0x11, 0xEF, 0xA3, 0x76, 0xA5, + 0xDF, 0x08, 0x46, 0x70, 0x25, 0xFF, 0x51, 0xBE, + 0xAD, 0x3E, 0xDE, 0x0A, 0x84, 0xED, 0xC5, 0x32, + 0x16, 0x20, 0x99, 0x80, 0x61, 0xE8, 0xA1, 0xA7, + 0x3D, 0x67, 0xB7, 0x02, 0x1B, 0x81, 0x0C, 0x78, + 0x67, 0xFF, 0x39, 0x18, 0x7B, 0x59, 0xD4, 0x03, + 0xBF, 0x7C, 0x75, 0x06, 0x30, 0x0C, 0x73, 0x45, + 0xB1, 0xFE, 0x07, 0xC1, 0x12, 0x78, 0xB0, 0xAB, + 0xA6, 0x1D, 0xBB, 0x4F, 0x2B, 0x8C, 0x43, 0xE7, + 0x4F, 0xEF, 0xA5, 0x5E, 0xD5, 0x2C, 0x10, 0xA8, + 0xC4, 0x90, 0x88, 0x2B, 0xBF, 0xE3, 0xE3, 0xB3, + 0xCE, 0x57, 0x9E, 0x81, 0x16, 0xA9, 0xB6, 0x68, + 0x6C, 0x1A, 0x10, 0x0A, 0xA1, 0xF6, 0x59, 0x1F, + 0x19, 0x1F, 0x77, 0x2B, 0x5A, 0x5A, 0x50, 0xDD, + 0x6C, 0xC1, 0x55, 0xCB, 0x5A, 0x1B, 0xE5, 0xBA, + 0x12, 0x2E, 0x91, 0xF0, 0x44, 0x42, 0x01, 0x56, + 0xCD, 0x63, 0x08, 0x0F, 0x0A, 0x45, 0xD6, 0x62, + 0xE7, 0x6D, 0xD5, 0x7B, 0xD0, 0xF6, 0x89, 0xD0, + 0xB2, 0x99, 0x04, 0x2B, 0xFF, 0x48, 0x5E, 0x8A, + 0x38, 0x2D, 0x86, 0x5C, 0x26, 0xCD, 0x46, 0xB4, + 0xA5, 0x47, 0x28, 0xBD, 0x48, 0x45, 0x83, 0x62, + 0xD7, 0x9A, 0xC3, 0xEB, 0x75, 0x6F, 0xC6, 0xC5, + 0x18, 0xC9, 0xE2, 0xF0, 0xE7, 0xD5, 0xA3, 0x03, + 0xAF, 0x11, 0x59, 0xEE, 0x6D, 0xBE, 0x7D, 0xD5, + 0x6B, 0xA0, 0x71, 0x28, 0x57, 0xA6, 0x88, 0x36, + 0xC3, 0xC7, 0x8C, 0x6C, 0x9F, 0x74, 0x88, 0x57, + 0x28, 0x13, 0xC0, 0xF6, 0xA8, 0x14, 0x70, 0x9D, + 0x2B, 0xC1, 0x42, 0xFE, 0xF0, 0x25, 0x27, 0xCA, + 0xE7, 0x71, 0x23, 0x58, 0x37, 0x1C, 0x54, 0x26, + 0x52, 0x2C, 0xCC, 0x64, 0x30, 0x0C, 0x2C, 0xD9, + 0xFB, 0xE2, 0x0C, 0x65, 0x62, 0xE3, 0x48, 0x35, + 0x20, 0x5F, 0xCD, 0xD5, 0xA8, 0x98, 0x2C, 0x92, + 0x0B, 0xB4, 0x77, 0xFB, 0x88, 0x17, 0x02, 0x82, + 0x7B, 0x49, 0x11, 0x87, 0x13, 0x94, 0xC0, 0x6B, + 0x5F, 0xEC, 0xD0, 0xC7, 0x40, 0xAF, 0x7B, 0x27, + 0x63, 0x7B, 0xAC, 0x1A, 0x0C, 0xBC, 0xA5, 0x37, + 0xE4, 0x43, 0x3E, 0xA8, 0x47, 0x45, 0x4C, 0x69, + 0x38, 0x97, 0xA3, 0x2E, 0x4D, 0x18, 0x44, 0x19, + 0x54, 0x26, 0xA0, 0xC6, 0xAE, 0xD6, 0x74, 0x72, + 0xBD, 0x2C, 0x4E, 0xEE, 0x17, 0x9F, 0x3F, 0x60, + 0x84, 0xA3, 0x6A, 0x76, 0x89, 0xF4, 0xCB, 0x1F, + 0x8E, 0x5D, 0xB2, 0xDD, 0xE5, 0x4A, 0xCC, 0x06, + 0x66, 0xBA, 0x98, 0x41, 0x54, 0x31, 0xA4, 0xB2, + 0x02, 0xF4, 0x02, 0xFB, 0x1F, 0x1B, 0xCC, 0xDC, + 0x23, 0xBF, 0xF1, 0x31, 0x48, 0xC7, 0xB8, 0xF6, + 0x1F, 0xBF, 0x62, 0x43, 0xB2, 0x96, 0xA7, 0x8E, + 0xB6, 0x98, 0x18, 0x9D, 0xA9, 0x5B, 0xDA, 0x85, + 0xDB, 0xC1, 0x1D, 0x15, 0xFF, 0xDC, 0x6B, 0xF4, + 0x6C, 0x53, 0xF6, 0xE4, 0x72, 0xA8, 0x71, 0x40, + 0x1E, 0x9A, 0x9A, 0xB7, 0xF9, 0xFB, 0x46, 0x7E, + 0xB4, 0xEC, 0xB1, 0xF0, 0xDA, 0x7E, 0x63, 0xEE, + 0x86, 0x19, 0xCB, 0xC4, 0x86, 0xEB, 0xB0, 0xF2, + 0x12, 0x0A, 0x78, 0x11, 0xBF, 0xB0, 0x55, 0x7D, + 0x13, 0x93, 0x05, 0x74, 0x29, 0x7C, 0x94, 0x64, + 0xFC, 0x59, 0x5B, 0x27, 0x56, 0x9A, 0xDF, 0x5F, + 0x4A, 0x8D, 0xF6, 0x69, 0xC9, 0xEE, 0xA0, 0xA2, + 0x50, 0xF4, 0xD2, 0x2C, 0x2E, 0x8C, 0x64, 0x1B, + 0xA3, 0x90, 0x2B, 0xA8, 0x08, 0x00, 0x48, 0x99, + 0x65, 0xF1, 0x1A, 0xF1, 0xE1, 0xA8, 0x57, 0x17, + 0xC6, 0x24, 0xE7, 0x42, 0xF1, 0x61, 0x55, 0x08, + 0x19, 0xD1, 0xF0, 0x37, 0x2C, 0x5C, 0xAE, 0x8B, + 0xC6, 0x2B, 0x54, 0x9E, 0xFE, 0x87, 0x44, 0x61, + 0x08, 0x0D, 0x06, 0x34, 0x6E, 0x1F, 0xA6, 0xF0, + 0x15, 0x14, 0xFB, 0xEC, 0xCB, 0x06, 0xE3, 0x4E, + 0xE2, 0x71, 0xA0, 0xF0, 0x03, 0x17, 0x90, 0xBD, + 0xAB, 0xE0, 0xF0, 0x2B, 0xBA, 0x4A, 0xEA, 0x4B, + 0x73, 0x97, 0xFE, 0x33, 0x33, 0xEB, 0x81, 0x21, + 0x82, 0x07, 0x57, 0x28, 0x1F, 0x96, 0xA5, 0x83, + 0x1F, 0x9E, 0x49, 0x03, 0x66, 0x54, 0x9D, 0x16, + 0x76, 0x3F, 0xF1, 0x9F, 0xF7, 0x73, 0x58, 0x0E, + 0xD5, 0xE3, 0xE1, 0xE2, 0xAA, 0x3E, 0x38, 0xF8, + 0x84, 0x74, 0xDE, 0x6D, 0x9B, 0xA6, 0x99, 0x4F, + 0x8E, 0x62, 0x91, 0x60, 0x48, 0x8C, 0xB4, 0xCD, + 0x5B, 0x87, 0x8C, 0xDA, 0x37, 0xAA, 0xEC, 0x9B, + 0x56, 0x36, 0x9A, 0x7E, 0x73, 0xF7, 0x3B, 0x42, + 0x86, 0x39, 0xA0, 0x5C, 0x13, 0x78, 0x44, 0x8A, + 0xDB, 0x7F, 0x07, 0x4D, 0xC8, 0x15, 0x4D, 0x92, + 0xE1, 0x3C, 0x63, 0x56, 0xB5, 0xF4, 0x66, 0xD6, + 0x64, 0x77, 0x15, 0x9B, 0x2A, 0x94, 0x37, 0x99, + 0xAD, 0x61, 0x9A, 0x02, 0x9F, 0x30, 0x10, 0xD0, + 0x37, 0x67, 0x2D, 0xBB, 0x68, 0x20, 0xE5, 0x13, + 0x23, 0xAD, 0xA9, 0x88, 0x81, 0xC6, 0xDE, 0x85, + 0x9D, 0xF8, 0x75, 0xAB, 0xAF, 0x11, 0xDA, 0x5D, + 0xDC, 0xA5, 0xA7, 0x77, 0x62, 0x2B, 0xDA, 0xE8, + 0xFA, 0xCE, 0x2E, 0x0C, 0xED, 0x3B, 0x6A, 0x77, + 0xB8, 0x8A, 0x87, 0x29, 0xFB, 0x7C, 0x50, 0x93, + 0x3D, 0xA6, 0xC5, 0x2E, 0x3F, 0x4D, 0x94, 0x8F, + 0x9D, 0xC1, 0x53, 0xB5, 0xB1, 0x29, 0x9C, 0xD8, + 0x62, 0x1D, 0xDF, 0xBA, 0x48, 0xAF, 0x44, 0xE4, + 0xB6, 0xF6, 0x10, 0x6E, 0xE7, 0x77, 0x95, 0x01, + 0xDD, 0x5F, 0xB3, 0xC5, 0x78, 0xEA, 0x4D, 0x32, + 0xC5, 0xC2, 0xF0, 0x36, 0xA7, 0x35, 0x27, 0x03, + 0xAD, 0xD1, 0x35, 0xAB, 0x84, 0x46, 0x01, 0x62, + 0x41, 0x7E, 0x50, 0xBF, 0x91, 0xE6, 0x07, 0x97, + 0xD5, 0x9B, 0x9E, 0x18, 0xD3, 0x24, 0xDA, 0x97, + 0x1F, 0x4F, 0xF4, 0x28, 0xAE, 0xAF, 0x23, 0xAC, + 0x0B, 0xA4, 0xE2, 0xE2, 0xFC, 0x7A, 0xBA, 0xA6, + 0xC8, 0x98, 0x4F, 0xE9, 0xE2, 0xD8, 0x5B, 0x8A, + 0xDA, 0x40, 0x86, 0xB3, 0xC1, 0x3A, 0xBD, 0x43, + 0xCF, 0xD1, 0xC7, 0x11, 0xD8, 0x32, 0x6B, 0x18, + 0xAD, 0xC3, 0x4C, 0xC1, 0x4C, 0xF8, 0x95, 0x7E, + 0xC3, 0x95, 0x94, 0x98, 0xFC, 0x2A, 0x7B, 0xE0, + 0x6B, 0xD1, 0x84, 0x0D, 0xE1, 0x70, 0x36, 0x65, + 0x66, 0xE5, 0x07, 0x41, 0x95, 0x77, 0x63, 0xC2, + 0xDD, 0x27, 0xAC, 0xF8, 0xC3, 0xF1, 0x02, 0x6F, + 0xAE, 0xE1, 0xD2, 0x56, 0x2F, 0xA1, 0x05, 0x2E, + 0x69, 0xAF, 0xDD, 0x42, 0xF4, 0x46, 0xF0, 0x59, + 0x88, 0x66, 0xD5, 0xD3, 0x06, 0xBF, 0x1B, 0x77, + 0x50, 0x42, 0xB0, 0x35, 0x92, 0x73, 0x72, 0x82, + 0x7F, 0x43, 0x86, 0x31, 0x65, 0x34, 0xFA, 0x1B, + 0x7E, 0xE6, 0x33, 0xBA, 0x95, 0x8C, 0xED, 0x8F, + 0x0D, 0x24, 0x1D, 0x46, 0x88, 0xE3, 0xC7, 0x91, + 0x8E, 0x2A, 0x75, 0x62, 0x63, 0x77, 0xC3, 0x42, + 0xA5, 0x90, 0x69, 0x2B, 0xBF, 0xB8, 0x27, 0xBF, + 0x90, 0x51, 0x41, 0x82, 0xD4, 0x09, 0x0D, 0xF8, + 0xD7, 0x32, 0x35, 0x19, 0xA1, 0xAB, 0x6C, 0xD0, + 0x22, 0x73, 0x67, 0x41, 0x0D, 0xD1, 0x4D, 0x37, + 0x86, 0xA2, 0x6D, 0xDF, 0x91, 0x72, 0x4F, 0xC8, + 0x2D, 0x06, 0xA2, 0x5D, 0x5F, 0x56, 0x68, 0x39, + 0x53, 0xE8, 0xE0, 0xF2, 0x0E, 0x3C, 0x17, 0x71, + 0xDA, 0xF4, 0x2E, 0x52, 0x02, 0x4C, 0x11, 0x6E, + 0xD8, 0xA4, 0xC0, 0xA6, 0x11, 0x68, 0x0F, 0x5F, + 0xE0, 0x0E, 0xD9, 0xB1, 0x48, 0xD1, 0x5F, 0x12, + 0xAA, 0x95, 0xB9, 0xBD, 0x5A, 0x9F, 0xD8, 0x10, + 0x16, 0x42, 0xB3, 0x69, 0x11, 0xF3, 0x10, 0xB0, + 0xDE, 0x18, 0x17, 0x1D, 0x62, 0x37, 0xD9, 0xBE, + 0x17, 0x25, 0xDC, 0x29, 0x9A, 0x1A, 0x3A, 0xAA, + 0xE9, 0x85, 0x40, 0xCE, 0xED, 0x26, 0x95, 0x3D, + 0x10, 0xCE, 0x85, 0x47, 0xF1, 0xC3, 0xE4, 0x6A, + 0x86, 0x2B, 0xED, 0x42, 0x8D, 0x1E, 0x10, 0x60, + 0x1B, 0xF3, 0x28, 0xC7, 0x27, 0xFD, 0x95, 0x34, + 0x3E, 0x2D, 0xB4, 0xD9, 0xAC, 0xD5, 0xD1, 0xCB, + 0x47, 0x15, 0xF6, 0x00, 0x40, 0x96, 0xED, 0xA0, + 0x93, 0xD1, 0xB0, 0xA3, 0x3B, 0x1E, 0x56, 0xF1, + 0x6D, 0x73, 0xAD, 0xB8, 0x73, 0x2C, 0xB4, 0xA3, + 0x11, 0x60, 0xA4, 0x49, 0x1F, 0xAA, 0x0C, 0x86, + 0xE6, 0x80, 0xE3, 0xD7, 0xC0, 0x2C, 0xCE, 0xA8, + 0xFE, 0x92, 0xF1, 0xE0, 0x01, 0x01, 0x6D, 0x22, + 0x02, 0x21, 0xDD, 0x10, 0xED, 0x62, 0x60, 0x17, + 0x96, 0x6C, 0x34, 0x50, 0xAD, 0x12, 0x13, 0x65, + 0x91, 0x8C, 0x93, 0x09, 0x1F, 0x14, 0x71, 0x2B, + 0xA4, 0x77, 0xCF, 0x2E, 0x26, 0x32, 0x96, 0xC7, + 0x78, 0xA2, 0xBA, 0xEE, 0xF5, 0x84, 0x94, 0x55, + 0xFA, 0x35, 0xCB, 0x61, 0x72, 0x51, 0xE0, 0x2A, + 0x22, 0xDA, 0xF5, 0xC3, 0x3E, 0x5A, 0xAA, 0x9F, + 0x00, 0xE8, 0xAC, 0xDC, 0x50, 0xEC, 0xF4, 0x7C, + 0x52, 0x15, 0x03, 0xC5, 0x2F, 0x27, 0xD6, 0xB5, + 0x7C, 0x8F, 0x2B, 0x3D, 0x8F, 0x12, 0x22, 0x41, + 0x3E, 0x7F, 0xA4, 0xEC, 0x59, 0x29, 0x63, 0x38, + 0x09, 0x8C, 0x9A, 0xB5, 0xA1, 0xD8, 0xA5, 0x78, + 0x84, 0xBD, 0x86, 0x00, 0x41, 0x40, 0x6D, 0x96, + 0x55, 0xD1, 0x73, 0x82, 0x94, 0x9A, 0x03, 0xD5, + 0x0F, 0x11, 0x08, 0xD0, 0x5B, 0xDB, 0x31, 0xCA, + 0x08, 0xE6, 0x6F, 0x2D, 0x8D, 0xE4, 0x80, 0xC6, + 0x79, 0x35, 0x18, 0xD4, 0x9A, 0x60, 0xD4, 0x76, + 0x2A, 0x9E, 0xDD, 0xC0, 0x24, 0x9B, 0x42, 0x2E, + 0x84, 0x02, 0x0E, 0xD5, 0x39, 0xA1, 0x4E, 0x24, + 0x78, 0xF6, 0x8B, 0xAB, 0x1F, 0x2B, 0x00, 0xE2, + 0x2A, 0x5C, 0xBB, 0x62, 0x97, 0x9A, 0xC7, 0x44, + 0xE0, 0x8B, 0x57, 0xD5, 0xB5, 0x78, 0xC4, 0x01, + 0xA8, 0xD2, 0x6D, 0x9A, 0xDD, 0x15, 0x05, 0x23, + 0x60, 0x82, 0x86, 0x36, 0x72, 0xD9, 0x11, 0xCF, + 0x3A, 0x09, 0x66, 0xD3, 0x03, 0xF8, 0x91, 0x70, + 0x93, 0xBF, 0x97, 0xAF, 0x90, 0xA7, 0xE1, 0xF9, + 0xD5, 0x9B, 0x09, 0x20, 0x6B, 0x9C, 0xAC, 0x35, + 0x11, 0x0F, 0xA3, 0x8D, 0x58, 0x90, 0xED, 0x21, + 0x16, 0x83, 0x5C, 0xE3, 0x73, 0x84, 0xF5, 0x63, + 0x0F, 0x1C, 0x42, 0x8E, 0x21, 0x36, 0x05, 0x87, + 0x2E, 0xCF, 0x91, 0x1B, 0x01, 0x4B, 0x91, 0xC2, + 0xC6, 0x00, 0xE8, 0xA4, 0x07, 0x29, 0xD0, 0x7B, + 0xF9, 0x18, 0x79, 0x07, 0x42, 0xC9, 0x27, 0x9F, + 0x31, 0x14, 0xF6, 0x8C, 0xDF, 0x65, 0x94, 0xCD, + 0xA3, 0xCA, 0x66, 0x94, 0x22, 0x3A, 0x82, 0xF6, + 0x6C, 0x2B, 0x4B, 0xDF, 0x3E, 0x51, 0xC6, 0xFF, + 0xDC, 0x55, 0xE0, 0xFF, 0x51, 0xEF, 0xD6, 0xC9, + 0x34, 0x36, 0x2B, 0xE7, 0xD6, 0xFA, 0xBC, 0x11, + 0xB8, 0xB0, 0xDA, 0xDD, 0xD5, 0x21, 0x08, 0xFA, + 0x5F, 0xB5, 0xCA, 0x75, 0x8A, 0x64, 0x37, 0x7D, + 0x38, 0x6D, 0x45, 0xCE, 0x70, 0x60, 0x5B, 0x46, + 0x0E, 0x81, 0x57, 0x03, 0x7B, 0x5B, 0x1B, 0x2E, + 0x0A, 0xED, 0xD1, 0x2A, 0x63, 0x31, 0x15, 0xD6, + 0xC4, 0x3B, 0xC6, 0xC7, 0xC8, 0x36, 0xFF, 0xF3, + 0x3E, 0x7D, 0x03, 0x3F, 0x2E, 0x58, 0x00, 0x52, + 0x71, 0x64, 0xC0, 0xC4, 0x78, 0x1C, 0x37, 0xDF, + 0x50, 0xB6, 0x6B, 0xBA, 0x5C, 0x81, 0x94, 0x73, + 0xA1, 0xC5, 0x30, 0x20, 0x83, 0xA1, 0x6F, 0x01, + 0x43, 0x72, 0x79, 0xD2, 0xF2, 0xDF, 0x14, 0xC8, + 0x78, 0x26, 0x9A, 0x2F, 0x3F, 0xA4, 0x0C, 0x1C, + 0x76, 0x1E, 0xD6, 0x15, 0x01, 0xAC, 0x9E, 0xF1, + 0x41, 0x02, 0x90, 0x38, 0xC8, 0x19, 0x95, 0x40, + 0x89, 0xB7, 0x38, 0x09, 0x87, 0x08, 0x17, 0x43, + 0x93, 0xFE, 0xAE, 0xA7, 0xB0, 0x2A, 0xE5, 0xCE, + 0xF6, 0x7B, 0x3C, 0x8C, 0xE6, 0xA9, 0x70, 0x67, + 0x5C, 0xA1, 0xB8, 0xC8, 0x56, 0xDC, 0xF5, 0x97, + 0x25, 0x08, 0xC7, 0xC6, 0xB2, 0x5E, 0xE4, 0xD1, + 0x2D, 0x82, 0x12, 0xB9, 0x89, 0x40, 0xB4, 0x88, + 0xEC, 0x40, 0x2A, 0xC7, 0xAE, 0x3C, 0x70, 0xDF, + 0x93, 0x8D, 0x12, 0x88, 0xCD, 0xA7, 0xA3, 0x19, + 0xE0, 0x85, 0xBC, 0x73, 0xA4, 0x69, 0xB2, 0xD2, + 0xA3, 0x30, 0x3B, 0x11, 0xA6, 0x83, 0x10, 0x0A, + 0xF6, 0xDB, 0x86, 0x93, 0x7B, 0xA1, 0x18, 0x29, + 0x03, 0x61, 0x6E, 0x3F, 0x03, 0x47, 0xBD, 0x68, + 0x59, 0x1B, 0x47, 0xBA, 0x65, 0x15, 0x6B, 0x93, + 0xF2, 0x60, 0xDE, 0x59, 0xB3, 0xAE, 0xB2, 0x89, + 0xE2, 0xA7, 0x3A, 0x3B, 0xFF, 0x38, 0xC2, 0xF3, + 0xAD, 0xED, 0xA2, 0x9C, 0x7E, 0x90, 0x28, 0x3A, + 0xC7, 0xB8, 0x6D, 0x03, 0x6B, 0x47, 0xD5, 0xBA, + 0x1A, 0x03, 0xEC, 0x78, 0x3D, 0x25, 0x0B, 0xAC, + 0xAE, 0x58, 0x47, 0xE4, 0x1F, 0x82, 0x9C, 0xB3, + 0x3D, 0xE0, 0x8D, 0xF8, 0xF7, 0xD6, 0x9C, 0x9A, + 0xA4, 0xED, 0xE8, 0xD7, 0xAB, 0x96, 0x84, 0x07, + 0xEE, 0xD3, 0x1A, 0x05, 0x6B, 0xA0, 0xEF, 0x88, + 0x16, 0xE1, 0x27, 0xAA, 0x90, 0x06, 0x5A, 0x67, + 0x9E, 0x1C, 0xA9, 0x55, 0x0D, 0xEE, 0xF2, 0x5A, + 0xC5, 0xB7, 0xA3, 0x4F, 0x70, 0xDC, 0xF2, 0xB1, + 0x16, 0xCF, 0x35, 0x1F, 0x3B, 0xAD, 0xA9, 0x9F, + 0x83, 0x6C, 0x73, 0x0D, 0xCC, 0x1A, 0xE0, 0x3F, + 0x49, 0x6C, 0xF3, 0xF0, 0x38, 0x7A, 0x0C, 0x2C, + 0x70, 0x2E, 0x2C, 0x13, 0xBD, 0xD9, 0xCF, 0x45, + 0xA1, 0xCD, 0x53, 0xAB, 0x58, 0x73, 0x11, 0x88, + 0xB1, 0x8E, 0xA8, 0xBE, 0x48, 0xD5, 0x10, 0xC5, + 0x81, 0x2E, 0x90, 0xBC, 0xEC, 0xBC, 0x6E, 0x19, + 0x8E, 0x70, 0x8B, 0x1C, 0x08, 0xC8, 0xF8, 0x64, + 0xB1, 0x24, 0xBB, 0x4C, 0xC0, 0xBD, 0xBB, 0xDF, + 0x2C, 0x2F, 0x4E, 0x38, 0x8F, 0xC1, 0x96, 0x60, + 0xD6, 0x9C, 0xC2, 0xC0, 0xEB, 0xF9, 0x10, 0x08, + 0xC8, 0x24, 0x3D, 0xB4, 0x2D, 0xDA, 0xF5, 0x7C, + 0x02, 0x42, 0x51, 0xC4, 0x23, 0x1D, 0xF5, 0x37, + 0x90, 0xCE, 0x57, 0x56, 0x13, 0xEE, 0x8E, 0x1C, + 0x7A, 0x33, 0xC1, 0x56, 0x1F, 0x35, 0x04, 0xDE, + 0xAA, 0xED, 0x1E, 0x84, 0x08, 0x50, 0x06, 0x23, + 0xEC, 0xA5, 0xAE, 0x5A, 0x28, 0x45, 0x41, 0x17, + 0x49, 0x93, 0x0D, 0x8E, 0x42, 0x07, 0x8C, 0x03, + 0x23, 0x49, 0x95, 0x7F, 0xC3, 0x9A, 0x1D, 0xA0, + 0xEA, 0xF9, 0xE8, 0x7C, 0x31, 0xFF, 0xBF, 0x6A, + 0xC0, 0xC1, 0x81, 0x1E, 0xB2, 0x8A, 0x41, 0xB1, + 0xD8, 0x6B, 0xD7, 0xD4, 0x9A, 0xD1, 0xC4, 0x68, + 0xA4, 0x95, 0x94, 0x95, 0x65, 0x25, 0xA2, 0x0A, + 0x31, 0x70, 0x0F, 0x12, 0x2F, 0x4C, 0x4B, 0xB2, + 0x25, 0x2A, 0x2F, 0x3D, 0x5C, 0x5D, 0x68, 0x73, + 0x83, 0x8C, 0x90, 0x95, 0x97, 0xBB, 0xCA, 0xD8, + 0xE1, 0x33, 0x3D, 0x5D, 0x61, 0x7C, 0x87, 0xC8, + 0xEE, 0x0F, 0x1B, 0x22, 0x38, 0x3B, 0x42, 0x4B, + 0x4C, 0x5C, 0x62, 0x72, 0x98, 0xA3, 0xBE, 0xCC, + 0x1B, 0x32, 0x47, 0x5C, 0x9D, 0xB6, 0xB9, 0xBD, + 0xC6, 0xD6, 0xDC, 0xF5, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x19, 0x28, 0x34 + }; +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + static const byte pk_65[] = { + 0x6C, 0x9E, 0x7A, 0x1E, 0xE3, 0x66, 0x25, 0x76, + 0x0E, 0x5D, 0x2F, 0x33, 0xDF, 0x29, 0x29, 0xDA, + 0x56, 0x20, 0x32, 0x34, 0x06, 0x91, 0x60, 0xE5, + 0xF2, 0xBF, 0x03, 0x9C, 0x11, 0x06, 0x22, 0x73, + 0x07, 0x3C, 0x23, 0x75, 0x66, 0xCE, 0x05, 0x5D, + 0x87, 0x1F, 0x38, 0xAC, 0xD1, 0xA9, 0x85, 0x9A, + 0x82, 0x44, 0x67, 0xF1, 0x9B, 0xE6, 0x8E, 0x4F, + 0x00, 0x64, 0x5D, 0x22, 0x5C, 0x42, 0xC8, 0x5A, + 0x55, 0x7D, 0x2C, 0x5E, 0xCB, 0x44, 0x2B, 0x0F, + 0x02, 0x8A, 0x65, 0x28, 0x89, 0x8E, 0xE2, 0xB6, + 0x73, 0xD8, 0x63, 0xF3, 0x2E, 0xB9, 0xEC, 0x81, + 0x64, 0x12, 0x75, 0x41, 0xF3, 0x25, 0x19, 0xBB, + 0x88, 0xE0, 0x34, 0xA0, 0x3F, 0x46, 0xF7, 0xD1, + 0x93, 0xCD, 0x3D, 0xFB, 0xAD, 0xF6, 0x35, 0x57, + 0x92, 0x6C, 0x5C, 0x8F, 0x5B, 0x76, 0x6A, 0x7F, + 0xC5, 0xEC, 0x8B, 0x3F, 0x94, 0x8B, 0xF7, 0xA8, + 0x21, 0xB5, 0x4C, 0x94, 0x41, 0xAB, 0x0B, 0xD8, + 0x33, 0xFD, 0x63, 0x54, 0xCE, 0xC7, 0x06, 0xFA, + 0xA5, 0x00, 0xAB, 0xB5, 0x28, 0x9B, 0x90, 0xB1, + 0xBF, 0x91, 0x76, 0x77, 0xA2, 0x9D, 0x11, 0x5F, + 0x00, 0x94, 0xBD, 0xB4, 0x8D, 0xC7, 0x2E, 0x26, + 0x1D, 0xBA, 0x12, 0x0B, 0xA6, 0xFF, 0x5E, 0x52, + 0xA0, 0x1B, 0x17, 0x89, 0x81, 0xDD, 0x82, 0x96, + 0x44, 0x46, 0x56, 0xD9, 0x44, 0x2D, 0xF9, 0xCB, + 0xB6, 0xBF, 0xDA, 0xE5, 0x6A, 0x23, 0x0F, 0x6F, + 0x29, 0xF9, 0x4C, 0xDC, 0xC2, 0x65, 0x57, 0x6A, + 0xA8, 0x75, 0x2A, 0xCE, 0xD0, 0x7E, 0x99, 0x89, + 0x5C, 0xAE, 0xF0, 0x16, 0x8B, 0xF8, 0x3D, 0x23, + 0xFD, 0xAD, 0xFB, 0xB9, 0x28, 0xCB, 0xCD, 0xAB, + 0xA2, 0x5F, 0xE2, 0xCD, 0x26, 0xAD, 0xDF, 0xB0, + 0xDA, 0xCD, 0x74, 0x94, 0x0F, 0x35, 0x14, 0x26, + 0x94, 0x2F, 0x17, 0x6F, 0xFB, 0xC5, 0xF3, 0x45, + 0x6D, 0xB7, 0xC9, 0x12, 0xAA, 0x16, 0xB8, 0x6D, + 0x07, 0x45, 0xF8, 0x7C, 0x9F, 0x45, 0x37, 0x0A, + 0x84, 0x56, 0xA1, 0xAD, 0xB5, 0x1D, 0xB4, 0x05, + 0x2B, 0x5C, 0x9E, 0xAF, 0x60, 0xAD, 0x7B, 0x80, + 0xA4, 0x2E, 0xA4, 0xBF, 0x92, 0xC8, 0x41, 0x27, + 0x3A, 0xD7, 0x61, 0xDE, 0xDB, 0x0D, 0x34, 0xBF, + 0x57, 0x96, 0x00, 0xB1, 0x49, 0xFC, 0xCD, 0x42, + 0xAB, 0x15, 0x49, 0xBA, 0x0A, 0xBE, 0xDA, 0x57, + 0xEF, 0x71, 0xD1, 0xFC, 0xA5, 0x70, 0x2A, 0xAD, + 0x08, 0x32, 0x99, 0xBB, 0x98, 0x30, 0x01, 0x89, + 0xC2, 0x5F, 0x3B, 0x27, 0x0A, 0x87, 0x65, 0x8D, + 0x0B, 0x2E, 0xA5, 0x65, 0x24, 0x14, 0x7F, 0x73, + 0x9E, 0xB6, 0xC6, 0x76, 0xD7, 0xBE, 0x73, 0xDD, + 0x3B, 0x95, 0xB1, 0x0C, 0x55, 0xAB, 0x46, 0xFD, + 0x01, 0x54, 0x9C, 0x51, 0x68, 0xBF, 0x7D, 0xA1, + 0x3A, 0x49, 0x97, 0x85, 0xF3, 0x5A, 0x1E, 0x3B, + 0x56, 0xF4, 0xC5, 0x67, 0xF5, 0x4E, 0xA9, 0xAA, + 0x28, 0x17, 0xA3, 0x36, 0x38, 0x36, 0x43, 0xFA, + 0x2E, 0xA3, 0x1F, 0xB1, 0xB7, 0x3E, 0x10, 0x24, + 0x8D, 0xFC, 0xA0, 0x5C, 0x04, 0x13, 0x12, 0x66, + 0x49, 0x8E, 0x1C, 0x94, 0x91, 0x13, 0x5A, 0x50, + 0xE6, 0x3D, 0x02, 0xFA, 0xDF, 0x41, 0x65, 0xFC, + 0x9E, 0x15, 0xE3, 0xE1, 0xB3, 0x2F, 0xAB, 0x83, + 0x37, 0x68, 0x4C, 0x49, 0x19, 0x3E, 0x1B, 0xC4, + 0xED, 0xEA, 0xE3, 0x73, 0xA2, 0x67, 0xA7, 0x14, + 0xAC, 0x1F, 0x90, 0x9C, 0xC6, 0x57, 0xCD, 0x80, + 0x66, 0x64, 0x63, 0x27, 0xE0, 0xEE, 0xA0, 0x41, + 0xAC, 0x9F, 0x2A, 0xEF, 0xFC, 0x80, 0x69, 0x1B, + 0xF6, 0x0D, 0x3C, 0x94, 0xC6, 0x42, 0x55, 0x7E, + 0x42, 0x99, 0xD3, 0x95, 0x92, 0x22, 0x16, 0xC6, + 0x5E, 0x75, 0xB7, 0xE1, 0xA5, 0x02, 0x89, 0x60, + 0x38, 0x4B, 0xF8, 0x16, 0xC9, 0xF7, 0x05, 0x48, + 0x29, 0xE7, 0x98, 0x5B, 0x58, 0x41, 0xA7, 0x33, + 0xF3, 0x3F, 0xCE, 0x24, 0x55, 0xEF, 0xC8, 0x9B, + 0xAE, 0x84, 0xB4, 0x79, 0x90, 0xE8, 0xD0, 0xAF, + 0xC6, 0x19, 0x3E, 0x4A, 0xF9, 0xBC, 0x68, 0x0A, + 0xE2, 0x4F, 0xE5, 0x91, 0xE8, 0x8B, 0xA6, 0xA2, + 0xAE, 0x12, 0xDA, 0x38, 0x58, 0xD2, 0x1F, 0x49, + 0x2D, 0x24, 0xAB, 0xC4, 0xFE, 0x4F, 0xD5, 0x2D, + 0x5A, 0xBF, 0x24, 0xBD, 0x25, 0x46, 0x87, 0xB9, + 0x18, 0x79, 0x2F, 0x0A, 0x00, 0x3A, 0x52, 0x22, + 0xDF, 0x45, 0x03, 0x86, 0x85, 0xC7, 0x25, 0xCE, + 0x75, 0x79, 0xE0, 0x2C, 0xB1, 0x68, 0xBB, 0xC6, + 0x66, 0xAB, 0xF6, 0x69, 0x85, 0x6E, 0x10, 0x53, + 0x7C, 0x92, 0x91, 0x69, 0x2C, 0x0C, 0xB0, 0xCF, + 0xA9, 0x06, 0x27, 0x0A, 0xC2, 0xC7, 0xB7, 0xDC, + 0x31, 0xD4, 0xF9, 0x28, 0x3C, 0xB2, 0xDB, 0x8A, + 0x46, 0x2A, 0xEC, 0x0B, 0x98, 0x07, 0xBB, 0xF4, + 0xAB, 0x45, 0x76, 0xFE, 0xC6, 0x22, 0x6B, 0x41, + 0x79, 0x32, 0x2B, 0x67, 0xAE, 0xA5, 0x3B, 0xDD, + 0xF9, 0xC9, 0xBE, 0x5E, 0x0D, 0xBC, 0x43, 0xF7, + 0x87, 0x43, 0x06, 0x8A, 0xB5, 0xBE, 0x49, 0xF0, + 0xE6, 0x2F, 0x8E, 0x2E, 0xB1, 0xB6, 0xC6, 0x73, + 0x6C, 0x05, 0xC9, 0x41, 0x3D, 0x06, 0x5C, 0xE0, + 0xCC, 0xB7, 0x90, 0x54, 0x80, 0x41, 0xD7, 0xE8, + 0x32, 0x88, 0x1A, 0x83, 0x9B, 0x57, 0x29, 0xAF, + 0x94, 0xAB, 0x79, 0xFD, 0x8A, 0x16, 0xDF, 0xFF, + 0x78, 0xCA, 0xAA, 0x14, 0x1D, 0x97, 0xCC, 0x06, + 0x50, 0xF8, 0x62, 0x62, 0xF2, 0x61, 0x59, 0xBE, + 0x8B, 0x36, 0x1A, 0x4A, 0x04, 0x1E, 0x9A, 0x0B, + 0x65, 0x11, 0xBB, 0xE3, 0x35, 0x5A, 0x4B, 0xF5, + 0x7A, 0xC0, 0x98, 0x48, 0x84, 0x7E, 0xE0, 0x24, + 0x3C, 0x3B, 0xA7, 0x74, 0x77, 0x6F, 0x7E, 0x9A, + 0x22, 0x72, 0x75, 0xD7, 0x4E, 0x6E, 0x31, 0x01, + 0xD3, 0x82, 0x81, 0x87, 0x63, 0xED, 0x1E, 0x13, + 0x53, 0xAB, 0x9E, 0xEC, 0xCD, 0x92, 0x0C, 0xD2, + 0x89, 0x22, 0xD5, 0x59, 0xA4, 0x04, 0x8F, 0x40, + 0xF0, 0x62, 0x16, 0x4C, 0xB6, 0x61, 0xC4, 0xF4, + 0xAF, 0xA8, 0x1A, 0x3D, 0x55, 0x93, 0x3C, 0x47, + 0x91, 0xED, 0xDA, 0xA3, 0x93, 0x9E, 0x5A, 0xC3, + 0x42, 0xB0, 0xAD, 0x1F, 0x43, 0x8A, 0x53, 0x2C, + 0x6C, 0xE7, 0x86, 0x68, 0x1A, 0x87, 0x0D, 0x94, + 0xEC, 0x88, 0xA3, 0x34, 0xCC, 0xEF, 0xC6, 0xAC, + 0xE7, 0xD9, 0x88, 0xA1, 0xA8, 0x2B, 0xC0, 0xAC, + 0xCE, 0x78, 0x5F, 0x12, 0x3B, 0xE2, 0x3A, 0x7C, + 0x92, 0xAF, 0x10, 0x8E, 0x5E, 0xD4, 0xF0, 0x86, + 0x9E, 0x22, 0xDA, 0xE2, 0x73, 0x55, 0x6D, 0x1D, + 0xE3, 0x86, 0x62, 0x3A, 0x6C, 0x3F, 0x11, 0x5B, + 0xBD, 0x11, 0x92, 0x71, 0xD3, 0xFB, 0xA7, 0x96, + 0xF6, 0x18, 0xB5, 0x39, 0x59, 0xFB, 0x98, 0x01, + 0x2E, 0x7D, 0x5B, 0x9A, 0xC6, 0x88, 0x94, 0x0B, + 0x87, 0xE2, 0xC9, 0xC0, 0x65, 0x52, 0x4A, 0x00, + 0xD3, 0xA4, 0xF4, 0xDB, 0xF5, 0x2F, 0x4B, 0x1A, + 0x63, 0xEF, 0x5C, 0x46, 0x19, 0x3B, 0xAD, 0xF7, + 0xAD, 0x7F, 0x98, 0x8D, 0x44, 0x64, 0x34, 0x5B, + 0x2C, 0x3E, 0x54, 0x96, 0x84, 0xF2, 0xF9, 0x05, + 0xF6, 0xF8, 0x9D, 0xD6, 0x41, 0x47, 0x3E, 0xC0, + 0x51, 0x08, 0xA5, 0x2D, 0x8D, 0xBB, 0x91, 0x76, + 0x8C, 0x54, 0x1D, 0xE5, 0x20, 0xB1, 0x76, 0x66, + 0x97, 0x0A, 0xAE, 0xB5, 0x06, 0xE7, 0x5D, 0x8E, + 0xE9, 0xF4, 0xB4, 0x45, 0x5B, 0x71, 0xE0, 0x08, + 0x8A, 0xB2, 0x56, 0x55, 0x21, 0x3B, 0x75, 0x85, + 0x9D, 0x25, 0xF5, 0x59, 0xD3, 0xC3, 0x24, 0xD2, + 0x83, 0xD3, 0x97, 0xAB, 0xE6, 0xF0, 0xAA, 0xA3, + 0x86, 0x81, 0x57, 0x68, 0xD0, 0x33, 0x57, 0xD7, + 0x75, 0x96, 0x49, 0x02, 0x41, 0x31, 0x53, 0xE3, + 0x56, 0x0C, 0xCE, 0xF1, 0xFD, 0x44, 0xB6, 0x5F, + 0xF1, 0xB2, 0x87, 0xA9, 0x2A, 0x96, 0x93, 0xF0, + 0x34, 0xB7, 0xEE, 0x66, 0x89, 0x34, 0x70, 0x2D, + 0x75, 0x01, 0xCA, 0xF6, 0xDA, 0x4E, 0xE9, 0x8A, + 0xF4, 0xE8, 0xE6, 0x4B, 0x03, 0x40, 0xE0, 0xBB, + 0x8B, 0xDC, 0x53, 0x3B, 0x0E, 0xFE, 0xE1, 0x91, + 0x5A, 0x4B, 0x68, 0xB9, 0x3C, 0x5E, 0x95, 0x32, + 0x1E, 0xED, 0xC2, 0x34, 0xAE, 0xFE, 0x71, 0xAE, + 0x2E, 0x5D, 0xAC, 0xEC, 0x2F, 0x52, 0xF8, 0x37, + 0x23, 0xA2, 0x39, 0x2A, 0x7F, 0x8E, 0x13, 0xBC, + 0x03, 0x01, 0xCD, 0x10, 0x4D, 0x85, 0x2E, 0x62, + 0xA7, 0xF8, 0x28, 0xAD, 0x32, 0x9B, 0x3D, 0x95, + 0x96, 0xC5, 0x8E, 0x13, 0xFC, 0xC0, 0xED, 0x96, + 0xC1, 0xC4, 0x8D, 0x82, 0xA2, 0xC0, 0xF4, 0xD9, + 0xD2, 0x4D, 0xD8, 0x42, 0x1F, 0xDC, 0xCE, 0xFD, + 0x49, 0x7A, 0x9B, 0x05, 0xFF, 0xC5, 0x09, 0x04, + 0x77, 0x04, 0x01, 0x37, 0x3F, 0xEE, 0x7D, 0xC7, + 0x37, 0x73, 0x41, 0x8A, 0xEB, 0x4A, 0x1F, 0x59, + 0x9A, 0x4B, 0xB3, 0x8E, 0xDE, 0x8D, 0x10, 0xA3, + 0xCC, 0x83, 0xA1, 0xC7, 0x2D, 0xE9, 0x21, 0x96, + 0x9E, 0x3C, 0xE3, 0xE8, 0xEF, 0x2F, 0x7D, 0xA8, + 0x9D, 0x34, 0x4C, 0x80, 0xD6, 0x1C, 0xF9, 0xC5, + 0xA4, 0x23, 0xB1, 0xA4, 0xF3, 0x56, 0x7D, 0x96, + 0xDB, 0x2D, 0xA3, 0xDB, 0x9B, 0x5B, 0x5F, 0xA6, + 0x81, 0x56, 0xBE, 0x74, 0x52, 0xC8, 0xA0, 0x18, + 0x1B, 0xB9, 0xF0, 0xDC, 0x75, 0xCD, 0x97, 0x50, + 0x88, 0x3D, 0x0D, 0xDA, 0xE5, 0x3F, 0xC1, 0x56, + 0xD6, 0x7A, 0x74, 0x20, 0x08, 0x69, 0x04, 0x6B, + 0x41, 0xDF, 0x4B, 0xC4, 0x39, 0x69, 0x93, 0xC0, + 0x8A, 0xA4, 0x89, 0x7A, 0x0B, 0xDD, 0xEF, 0xB5, + 0x5F, 0x69, 0xCC, 0x1C, 0x4D, 0x7B, 0x5F, 0xB1, + 0x50, 0x40, 0x84, 0x27, 0xB4, 0x16, 0xF7, 0x31, + 0x83, 0xF2, 0xB3, 0xCC, 0x16, 0xE3, 0xB7, 0xDA, + 0x63, 0xCE, 0xE1, 0x14, 0x3A, 0xDA, 0x1A, 0x05, + 0x66, 0x26, 0xA0, 0x77, 0xB6, 0xD2, 0x1C, 0x3D, + 0xD9, 0x74, 0xED, 0x90, 0x7C, 0x5A, 0x09, 0x40, + 0x19, 0x22, 0x57, 0x37, 0xEF, 0xB9, 0x33, 0x19, + 0xAD, 0x3B, 0x40, 0xA4, 0xF4, 0x34, 0xAE, 0x49, + 0xD2, 0x83, 0x91, 0xC1, 0x7A, 0x99, 0x9C, 0x74, + 0x4A, 0x68, 0xC5, 0x5A, 0x91, 0xB8, 0x62, 0x72, + 0x95, 0x83, 0xD3, 0xDA, 0x46, 0xEE, 0x70, 0xC5, + 0xCC, 0x46, 0x16, 0x94, 0x16, 0x7D, 0x32, 0xD2, + 0x1D, 0xE7, 0x53, 0x27, 0x73, 0x2C, 0x63, 0xBB, + 0xFB, 0xD7, 0xB3, 0x0D, 0xBF, 0x20, 0x57, 0xA0, + 0xD6, 0x81, 0x51, 0x9F, 0x6E, 0x4A, 0xF6, 0x08, + 0xD4, 0xBC, 0xD0, 0xB4, 0x75, 0x07, 0x26, 0x77, + 0x0E, 0x15, 0x6A, 0xED, 0xE8, 0x54, 0x17, 0xBD, + 0x75, 0x9D, 0x5F, 0xFE, 0x40, 0x1C, 0xB2, 0x99, + 0x6F, 0x34, 0x43, 0x4D, 0xB4, 0x28, 0xD9, 0xA4, + 0x17, 0x03, 0x72, 0x01, 0xFC, 0xD2, 0x60, 0xFA, + 0xA9, 0x80, 0x84, 0x50, 0x2E, 0xED, 0x5C, 0x27, + 0xA8, 0x91, 0x6E, 0x44, 0xF5, 0x92, 0x98, 0x19, + 0xD2, 0x1A, 0x69, 0xCE, 0x16, 0xBC, 0xDC, 0x3C, + 0xC8, 0x14, 0x1E, 0x28, 0x5E, 0xF8, 0x97, 0xB1, + 0x40, 0x2C, 0x15, 0xC9, 0x52, 0x59, 0x01, 0x19, + 0x05, 0x1E, 0x36, 0x9A, 0x1B, 0x7B, 0xE4, 0x43, + 0xFE, 0xAE, 0x6E, 0x32, 0xBC, 0x8F, 0x3D, 0x64, + 0x7F, 0xC5, 0x31, 0x5A, 0x52, 0x00, 0xCD, 0x52, + 0x38, 0xDC, 0x66, 0x77, 0x46, 0x6E, 0xA8, 0x6E, + 0xF8, 0xD1, 0x8E, 0x5A, 0x79, 0xF2, 0x62, 0x48, + 0x3E, 0x89, 0x6B, 0x82, 0x77, 0xC7, 0x41, 0xF5, + 0x16, 0xFC, 0x04, 0x0C, 0x10, 0x90, 0xF2, 0x49, + 0x5B, 0xF1, 0x65, 0x0B, 0x02, 0xAF, 0x30, 0x45, + 0x67, 0x33, 0xA0, 0x71, 0xAF, 0x47, 0xD7, 0xA1, + 0x5B, 0xD8, 0xE3, 0x2A, 0x49, 0x80, 0x64, 0x55, + 0xD3, 0xBE, 0xA7, 0x4A, 0xEF, 0x5D, 0x00, 0x90, + 0x6A, 0xD2, 0xF0, 0xC0, 0x45, 0x35, 0x4E, 0xFD, + 0xE7, 0xC9, 0xA2, 0x76, 0xE7, 0x3D, 0x9E, 0xDD, + 0x11, 0xD1, 0xCA, 0x5C, 0x29, 0x7B, 0x9A, 0x68, + 0x51, 0xE7, 0xF6, 0x7E, 0x21, 0xEB, 0x06, 0x1B, + 0xB5, 0x5D, 0x9E, 0x67, 0x3C, 0x4A, 0x75, 0xFE, + 0xB8, 0x4D, 0x52, 0x62, 0x9E, 0xEC, 0xC5, 0x3C, + 0x24, 0xBE, 0xA9, 0x51, 0x53, 0x05, 0x1A, 0xC2, + 0x06, 0xC8, 0x7D, 0xF5, 0x54, 0x10, 0xCA, 0x1F, + 0xE6, 0xCF, 0xC3, 0xF4, 0x03, 0xA6, 0xD9, 0xD4, + 0x3E, 0xA8, 0x4C, 0x60, 0xC9, 0x45, 0xE6, 0x42, + 0xB2, 0x83, 0x63, 0x38, 0xB5, 0xAF, 0x9F, 0x69, + 0xE5, 0x27, 0x08, 0xB2, 0xE2, 0x25, 0x93, 0x3D, + 0xB3, 0x20, 0xBB, 0x3F, 0x79, 0x0D, 0x39, 0x7F, + 0x22, 0xD7, 0xB6, 0xF8, 0xA4, 0x33, 0xCD, 0xAC, + 0xE9, 0x81, 0x0A, 0xA0, 0xE2, 0x7C, 0x69, 0x95, + 0x55, 0x53, 0x0C, 0x56, 0x2D, 0xBF, 0x75, 0x17, + 0xA4, 0x16, 0x26, 0x28, 0xBF, 0x10, 0xD1, 0xB6, + 0xDB, 0xAC, 0xEF, 0x5C, 0x9E, 0xD5, 0x1E, 0x55, + 0xD9, 0xA8, 0x9D, 0x60, 0xE0, 0xFC, 0x37, 0x8C, + 0x47, 0xA2, 0x1D, 0x5E, 0x0F, 0x2D, 0xC3, 0xBC, + 0xEF, 0x5E, 0x05, 0xC6, 0xE0, 0x26, 0x15, 0x30, + 0xFB, 0x02, 0x7E, 0x50, 0x32, 0x55, 0x8C, 0xA2, + 0xB4, 0x70, 0x05, 0xBD, 0xDE, 0x99, 0x90, 0x99, + 0x30, 0x39, 0x1E, 0xAD, 0x7F, 0x3F, 0x0A, 0x96, + 0xB3, 0xDE, 0xDA, 0x54, 0xA1, 0x11, 0x45, 0xF5, + 0x30, 0xE5, 0x1D, 0xEF, 0x89, 0x2E, 0x5A, 0xB0, + 0x20, 0x4D, 0x61, 0x4E, 0x6E, 0x38, 0xAF, 0xE7, + 0x9C, 0xA9, 0x2C, 0x28, 0x15, 0x8D, 0x57, 0x01, + 0x20, 0x35, 0x3B, 0x7A, 0x4D, 0xE0, 0x88, 0x98, + 0x46, 0xD8, 0x35, 0x29, 0x49, 0x39, 0x55, 0x7E, + 0xD0, 0xAE, 0xDA, 0x27, 0x0D, 0x4D, 0x73, 0xED, + 0x84, 0xD3, 0xD4, 0x9F, 0x9F, 0x03, 0x2D, 0x43, + 0x45, 0x7B, 0xF5, 0x9B, 0xB7, 0xD6, 0x63, 0x59, + 0xDC, 0x53, 0xF9, 0xB4, 0x69, 0x63, 0xB2, 0x17, + 0x84, 0xB0, 0x6C, 0xBC, 0xF0, 0x4B, 0xEC, 0x1E, + 0x33, 0xA3, 0x33, 0x71, 0x53, 0x27, 0x16, 0xC9, + 0xED, 0xB3, 0xFB, 0xED, 0xB8, 0x19, 0x99, 0xB4, + 0x37, 0x2D, 0x09, 0x45, 0xC1, 0x0A, 0xE8, 0x26, + 0xC6, 0x0F, 0xFE, 0x93, 0x17, 0x0B, 0x6D, 0x29, + 0x4B, 0x38, 0x91, 0xB0, 0xD2, 0xA7, 0xB3, 0x5B, + 0x28, 0xA8, 0x97, 0x18, 0x45, 0xDC, 0x2F, 0xEC, + 0xE2, 0x37, 0xB8, 0x0F, 0x20, 0xB3, 0x79, 0xCC, + 0x4D, 0x13, 0x6D, 0xAB, 0x3F, 0xBB, 0x37, 0x92, + 0xC6, 0x3E, 0xC6, 0x1F, 0x5C, 0x75, 0x5B, 0xC9, + 0xDB, 0x35, 0x08, 0x6F, 0xBF, 0x46, 0xD2, 0xB7, + 0x97, 0x0D, 0xCA, 0x2A, 0x85, 0x23, 0xFD, 0xB4, + 0xC7, 0xA0, 0xB8, 0xE4, 0x2F, 0x8A, 0xF9, 0xAC, + 0xAD, 0x2A, 0x0E, 0xFC, 0x11, 0x36, 0x02, 0xA4, + 0xEA, 0x62, 0xE4, 0xEB, 0xB7, 0xD2, 0x69, 0xC3, + 0xA4, 0x0B, 0xA2, 0xC4, 0x4E, 0xDD, 0x29, 0x56 + }; + static const byte msg_65[] = { + 0xC4, 0xF5, 0x9F, 0xA2, 0xDE, 0x30, 0xC8, 0x42, + 0x0A, 0x7E, 0x7F, 0x09, 0x6B, 0xAF, 0x6A, 0xD6, + 0x9B, 0x1C, 0x15, 0xA5, 0xC6, 0xE6, 0x1C, 0x9D, + 0x82, 0xAF, 0xCF, 0xDB, 0x6E, 0xB8, 0xF2, 0x75, + 0xBF, 0x57, 0x87, 0x18, 0x6A, 0xAE, 0x78, 0x1F, + 0x48, 0x7F, 0x9F, 0x88, 0x75, 0x8C, 0x9C, 0x61, + 0xF3, 0x5D, 0x50, 0x83, 0xEE, 0x70, 0x42, 0x4B, + 0x0D, 0x0A, 0x51, 0x57, 0x50, 0x10, 0xC2, 0xA9, + 0x07, 0xF4, 0x96, 0x08, 0x11, 0x5D, 0x33, 0xEB, + 0xA0, 0x03, 0x15, 0x09, 0x32, 0x2A, 0xA7, 0xD3, + 0x06, 0x1F, 0xEC, 0x31, 0x62, 0xF9, 0x6A, 0x56, + 0x5F, 0x98, 0x76, 0x9E, 0x9A, 0x19, 0x23, 0x5D, + 0x89, 0xD1, 0xB2, 0x1D, 0x60, 0xA3, 0x81, 0xDF, + 0x8E, 0xB3, 0x7D, 0x58, 0xC6, 0xA2, 0xE4, 0x83, + 0xA8, 0xEB, 0x70, 0x73, 0x6E, 0x4B, 0x7B, 0xB9, + 0x11, 0xF7, 0xAB, 0x92, 0x3D, 0xC2, 0x9F, 0x1E + }; + static const byte sig_65[] = { + 0xE8, 0x95, 0xDB, 0x64, 0xC5, 0x7B, 0xC3, 0xC2, + 0xA9, 0x7F, 0x0E, 0xC9, 0x33, 0x41, 0x0E, 0x98, + 0xF6, 0x21, 0x61, 0x03, 0xE3, 0x42, 0x3C, 0xAF, + 0x06, 0xA6, 0x71, 0x96, 0x4C, 0x51, 0x4A, 0x69, + 0x4E, 0xB6, 0xF6, 0x5C, 0xBD, 0x11, 0x37, 0xCC, + 0xCF, 0x88, 0x81, 0xFA, 0x40, 0x3C, 0x5F, 0xA0, + 0xE0, 0xB2, 0xF3, 0x6B, 0x9F, 0x40, 0x09, 0xC3, + 0x78, 0x21, 0x0D, 0x29, 0xE5, 0x4A, 0x7A, 0x5A, + 0x9B, 0x79, 0x31, 0x97, 0xCD, 0x6D, 0x2F, 0x38, + 0xD7, 0xE1, 0xF3, 0xAC, 0xA6, 0x9D, 0x48, 0x88, + 0x13, 0x89, 0x38, 0x1C, 0x89, 0xFA, 0x67, 0x6D, + 0xE4, 0x26, 0xD6, 0x34, 0xF9, 0xA1, 0x57, 0x05, + 0x5F, 0x17, 0x28, 0x3E, 0xCE, 0x82, 0x48, 0xCA, + 0xF1, 0x4D, 0xCF, 0x11, 0xE2, 0xD5, 0x63, 0x55, + 0xB0, 0x47, 0xDF, 0x63, 0x2A, 0x18, 0x48, 0x2E, + 0x79, 0xCB, 0x2D, 0x5A, 0x74, 0x39, 0x66, 0xBA, + 0xA8, 0xA7, 0x61, 0x21, 0xBB, 0x69, 0xC2, 0xE6, + 0x81, 0x55, 0xAC, 0xCB, 0x0A, 0x31, 0xDA, 0x6E, + 0xDC, 0x73, 0xCB, 0x09, 0xA9, 0xE6, 0x60, 0xFE, + 0xB2, 0x0F, 0x66, 0xC7, 0xBD, 0x96, 0x7A, 0xDE, + 0x32, 0x14, 0x9C, 0x55, 0x52, 0xEA, 0xEB, 0x2E, + 0xA1, 0x75, 0xB5, 0x62, 0x33, 0xF3, 0xB3, 0x70, + 0xED, 0xD8, 0x67, 0x92, 0x69, 0xCE, 0x0D, 0x2B, + 0x43, 0xF6, 0xB2, 0xF6, 0x5F, 0xE9, 0x57, 0xE7, + 0xAB, 0x37, 0xB9, 0x82, 0x04, 0x37, 0x54, 0xEA, + 0xC8, 0xA3, 0x0B, 0x36, 0xC1, 0x00, 0x04, 0xEF, + 0x13, 0xC6, 0x92, 0xE2, 0x19, 0xAA, 0x7A, 0xF0, + 0xA4, 0xC5, 0x28, 0x69, 0x10, 0xC7, 0x10, 0x0D, + 0xA4, 0x1E, 0x17, 0xBB, 0xEF, 0x2D, 0xA2, 0xAB, + 0x03, 0xAD, 0xF3, 0x07, 0x4B, 0xA1, 0xDA, 0x15, + 0xBC, 0xC8, 0x48, 0x05, 0xB8, 0x9B, 0x9D, 0xA8, + 0x8E, 0x9B, 0x40, 0x0A, 0xFB, 0x7E, 0x3B, 0xC8, + 0x33, 0x8D, 0x35, 0x4D, 0xA9, 0x53, 0xAC, 0x0B, + 0xAD, 0x82, 0x27, 0x56, 0xCA, 0x92, 0xE5, 0xDD, + 0x95, 0x07, 0xF4, 0x2B, 0xFE, 0xFC, 0xCB, 0x32, + 0xB4, 0xB9, 0x1A, 0x2B, 0xE5, 0xEF, 0x34, 0xC2, + 0xCF, 0x11, 0x77, 0xEA, 0xAF, 0xB2, 0x50, 0xAC, + 0x9A, 0xDE, 0xC4, 0xBE, 0x71, 0x80, 0x75, 0x89, + 0xF1, 0x00, 0x32, 0x27, 0xF9, 0xB7, 0x6B, 0x74, + 0xE0, 0x7B, 0xA6, 0x7A, 0xC6, 0x08, 0x19, 0xB2, + 0xAF, 0x76, 0x6A, 0x47, 0xFF, 0xFC, 0x7B, 0x76, + 0xD3, 0xA7, 0xC0, 0x77, 0xF5, 0xEC, 0x69, 0xAE, + 0xEA, 0x3E, 0x96, 0x38, 0x59, 0xB8, 0x2C, 0x2A, + 0xDE, 0x58, 0xBE, 0xC2, 0x15, 0x2E, 0xC8, 0x20, + 0x51, 0x10, 0x97, 0x5D, 0x37, 0xC6, 0x50, 0x5E, + 0x0D, 0xC7, 0x76, 0xFD, 0xE0, 0x71, 0x09, 0x7E, + 0x93, 0x01, 0x3D, 0x10, 0x04, 0xF4, 0xE1, 0xA2, + 0xFD, 0x79, 0xB8, 0x77, 0xED, 0x50, 0x25, 0xF5, + 0x27, 0xF3, 0xBF, 0xF1, 0x37, 0xF0, 0x41, 0xBB, + 0x9B, 0xD0, 0x01, 0xE9, 0x49, 0xF0, 0x8B, 0x4C, + 0xF8, 0x8D, 0xFD, 0x32, 0xFC, 0x7C, 0xDB, 0xCE, + 0xCC, 0xFD, 0xB0, 0xFA, 0x2D, 0xE7, 0x82, 0x3E, + 0x11, 0x0B, 0xCF, 0xF5, 0x8A, 0x41, 0x2C, 0xEA, + 0x27, 0x95, 0x75, 0x3E, 0x9C, 0x89, 0x67, 0x8C, + 0x3A, 0xE2, 0x42, 0x68, 0xF7, 0x48, 0x9F, 0x72, + 0x97, 0x4B, 0x69, 0x55, 0xED, 0xD0, 0x4E, 0x19, + 0x0D, 0x99, 0xBB, 0x0D, 0x7A, 0x25, 0x2F, 0xAD, + 0x5B, 0xBA, 0x60, 0x6C, 0x1A, 0x1F, 0x3A, 0xCA, + 0x73, 0x3B, 0xFA, 0xE3, 0x30, 0x9E, 0xA0, 0xA6, + 0xEB, 0x7D, 0x07, 0xE3, 0x6D, 0x8C, 0xA3, 0x36, + 0xD2, 0x64, 0x4F, 0xCE, 0x1A, 0x41, 0x89, 0x5D, + 0x01, 0x4D, 0x1A, 0x60, 0xCB, 0x10, 0x6F, 0x3F, + 0x80, 0x75, 0xF9, 0x37, 0x84, 0x61, 0x73, 0x8D, + 0x63, 0xD1, 0x15, 0xD0, 0x0B, 0x02, 0x4C, 0x67, + 0x78, 0x01, 0x05, 0x0A, 0x1B, 0x0B, 0x50, 0xDE, + 0x05, 0x7F, 0x85, 0xDB, 0x6A, 0xEB, 0x2C, 0x9D, + 0x6B, 0xB7, 0x40, 0x2A, 0x66, 0xE3, 0xAB, 0x4D, + 0xB0, 0x5C, 0x58, 0xBB, 0xDA, 0x12, 0xF6, 0x95, + 0x95, 0x8B, 0x8A, 0xC7, 0xB4, 0xE4, 0x5E, 0xC6, + 0xC9, 0x52, 0xF6, 0x79, 0xC1, 0xEE, 0xBD, 0xF8, + 0x60, 0xE3, 0x48, 0x98, 0x27, 0x79, 0xAA, 0x69, + 0x88, 0xEF, 0xC2, 0xAD, 0x1D, 0xC1, 0xEA, 0xE2, + 0x2A, 0x27, 0xA5, 0xB2, 0xC6, 0x1C, 0x97, 0xB3, + 0xB2, 0x49, 0x3C, 0xB6, 0xC1, 0x3C, 0x5F, 0x6E, + 0x20, 0xA6, 0x7B, 0x88, 0xD3, 0xC3, 0xAC, 0xCF, + 0xAF, 0x0A, 0x42, 0x57, 0x42, 0xDF, 0x24, 0x06, + 0x34, 0xD1, 0xEE, 0x59, 0x38, 0x28, 0xFE, 0x62, + 0x97, 0x44, 0x6C, 0x07, 0x6F, 0x97, 0x90, 0x55, + 0x98, 0x8A, 0xB8, 0x34, 0xB2, 0xBD, 0x82, 0xE1, + 0x4D, 0xC0, 0x86, 0x40, 0x0E, 0x1C, 0x95, 0x6C, + 0xC0, 0xC3, 0x0C, 0xE7, 0xBF, 0xD9, 0x62, 0x22, + 0x3D, 0x23, 0xFE, 0x94, 0x94, 0x96, 0x4A, 0x81, + 0x1B, 0x93, 0xE8, 0xD7, 0xB8, 0xF3, 0x4C, 0x89, + 0xAA, 0xD4, 0x5D, 0xD4, 0x11, 0x3F, 0x2A, 0xE7, + 0xBD, 0x94, 0xB5, 0x3F, 0xC8, 0x6E, 0x8B, 0x2A, + 0xE8, 0x2E, 0x51, 0xEC, 0x6F, 0x3E, 0xA4, 0xC3, + 0x0D, 0x60, 0xB8, 0x60, 0x72, 0x74, 0x86, 0x12, + 0xD1, 0x60, 0x70, 0x56, 0xB5, 0xFF, 0x6A, 0x45, + 0x00, 0xEE, 0xE7, 0x8A, 0x5A, 0x63, 0x9C, 0x7B, + 0x74, 0x16, 0x97, 0x77, 0x62, 0x68, 0x64, 0xDD, + 0x9E, 0xAE, 0xF0, 0xE3, 0xAD, 0x84, 0x93, 0xD8, + 0x31, 0xF7, 0x1D, 0xEA, 0x95, 0xBB, 0xFC, 0xF8, + 0x14, 0x23, 0xA2, 0x66, 0xDE, 0x56, 0xF3, 0xA8, + 0xFE, 0x8E, 0x6C, 0x3C, 0x0D, 0x61, 0x2F, 0xB6, + 0x2B, 0xD6, 0x42, 0x18, 0x8C, 0xA7, 0x1C, 0xB8, + 0x98, 0x34, 0xF3, 0x0B, 0xCC, 0x28, 0xBD, 0x17, + 0x88, 0x45, 0xF1, 0xF6, 0xF4, 0x6C, 0x03, 0xD3, + 0x06, 0xF7, 0xED, 0x4E, 0x68, 0x75, 0x94, 0x27, + 0xAE, 0xC2, 0x70, 0x11, 0x98, 0xC3, 0xC0, 0x5D, + 0x38, 0x5D, 0xFA, 0xFD, 0x52, 0x8C, 0xCE, 0x84, + 0x25, 0xBC, 0x55, 0x14, 0x69, 0xA0, 0xED, 0x68, + 0x1B, 0xEE, 0x4D, 0x12, 0xA8, 0x43, 0xE3, 0x33, + 0xB5, 0xA8, 0xE0, 0x51, 0x7F, 0xC6, 0x19, 0x06, + 0xF9, 0xC4, 0xE7, 0x80, 0x9B, 0xAE, 0xD4, 0xD3, + 0xD1, 0x6E, 0xB2, 0x2F, 0x1F, 0xA9, 0xAB, 0x40, + 0x2D, 0x98, 0x8E, 0xD5, 0x9F, 0x9F, 0xED, 0x04, + 0x55, 0xE9, 0x26, 0x0F, 0xD6, 0x27, 0xA2, 0x4A, + 0x17, 0xFE, 0x7C, 0xB6, 0x3E, 0x53, 0x0B, 0x48, + 0xF5, 0xFB, 0x66, 0x87, 0xA2, 0xE8, 0xC4, 0x9D, + 0xA7, 0x9F, 0xBD, 0x69, 0xA3, 0x40, 0x00, 0x56, + 0x66, 0x5D, 0xD1, 0x1D, 0x19, 0xA2, 0xBC, 0x4D, + 0xB1, 0xD3, 0x74, 0xAB, 0x6A, 0x6E, 0x42, 0x47, + 0x2A, 0x27, 0xAC, 0x6B, 0x98, 0xF6, 0x76, 0xE8, + 0xED, 0xAA, 0xDD, 0x51, 0x4F, 0x6D, 0x44, 0xDE, + 0xEC, 0xDA, 0xB5, 0xA6, 0xDF, 0xA0, 0xF8, 0x4F, + 0x13, 0x9A, 0x80, 0x3A, 0x25, 0x24, 0xBF, 0x33, + 0x5D, 0xC5, 0x2E, 0xA5, 0x8F, 0xA5, 0x0D, 0x98, + 0xFB, 0x5C, 0xD5, 0x5D, 0x5D, 0x50, 0xA6, 0x63, + 0xCF, 0x64, 0x7E, 0xEE, 0x56, 0xFE, 0x8E, 0x66, + 0x4B, 0x3B, 0xCA, 0xF9, 0xE3, 0x33, 0x97, 0x8A, + 0x79, 0x46, 0x97, 0x3F, 0xD1, 0x13, 0xE4, 0xFD, + 0x39, 0x24, 0xE6, 0xC0, 0x9E, 0x60, 0x38, 0x64, + 0x44, 0x21, 0x4D, 0xFA, 0x7A, 0x4D, 0x67, 0x1F, + 0xC2, 0x38, 0x90, 0x63, 0x7E, 0xB8, 0x59, 0x13, + 0x4D, 0x79, 0xE2, 0x65, 0xC5, 0x9C, 0xA3, 0xEC, + 0xCD, 0xDF, 0xA0, 0x18, 0x22, 0x3C, 0x9B, 0xAE, + 0x1C, 0xCA, 0x10, 0x39, 0x62, 0x07, 0x8B, 0xC5, + 0xF0, 0xDD, 0x02, 0x24, 0x6F, 0xA2, 0x83, 0x24, + 0xF7, 0xCB, 0x2F, 0xCF, 0xAD, 0x07, 0xC2, 0x5B, + 0x4B, 0xC2, 0xD8, 0x88, 0x06, 0x9B, 0x0C, 0xF5, + 0xF2, 0x3C, 0x76, 0x1C, 0x0E, 0x47, 0x10, 0x98, + 0x81, 0xCD, 0x31, 0x45, 0x6A, 0x64, 0xB9, 0x40, + 0xB4, 0xBB, 0x9B, 0x4C, 0x2C, 0x3B, 0x8E, 0x6B, + 0xA8, 0x34, 0xAA, 0xAE, 0x69, 0xFD, 0xFC, 0x47, + 0xD4, 0x4B, 0x3C, 0x96, 0x88, 0x7A, 0xBE, 0xD3, + 0x60, 0x15, 0xE7, 0xB6, 0x4E, 0x85, 0x42, 0x92, + 0x8F, 0x27, 0x7C, 0xBD, 0x2D, 0x3C, 0x51, 0x2C, + 0x24, 0xDE, 0xEF, 0xE5, 0x90, 0xE8, 0x1C, 0x68, + 0x4E, 0x06, 0x3E, 0x7A, 0xAD, 0xCF, 0x11, 0x7B, + 0x48, 0x94, 0x3D, 0xB7, 0x71, 0xFC, 0x22, 0x07, + 0xF5, 0x7A, 0x74, 0x53, 0x57, 0x55, 0x5D, 0x41, + 0x9C, 0x9C, 0xDC, 0xA3, 0x5C, 0xC1, 0xA7, 0x10, + 0x0A, 0x69, 0x13, 0xA3, 0xB6, 0xAA, 0xCF, 0x79, + 0x6F, 0xE3, 0xF9, 0x4D, 0xD2, 0xF8, 0x18, 0x98, + 0x27, 0x16, 0xCE, 0x03, 0x16, 0x54, 0x2A, 0x1B, + 0x95, 0x7E, 0x12, 0xDA, 0x43, 0xE2, 0x31, 0x54, + 0x2C, 0xC1, 0x4F, 0xCC, 0x66, 0xD7, 0x28, 0xA6, + 0x83, 0x26, 0xB2, 0xBC, 0x31, 0x12, 0x48, 0x33, + 0x0F, 0x3E, 0x98, 0xF8, 0x1E, 0xA3, 0x8C, 0xA9, + 0x24, 0xA8, 0xE4, 0xDA, 0x97, 0xCF, 0x67, 0x38, + 0x42, 0xC7, 0x59, 0xF9, 0x35, 0xBE, 0x88, 0x16, + 0x3C, 0xE9, 0x7F, 0xE4, 0xD9, 0x45, 0x71, 0x76, + 0xF5, 0xB8, 0x90, 0x8A, 0xF9, 0x48, 0xF7, 0x4D, + 0x5D, 0x1D, 0xDB, 0xC5, 0x21, 0x82, 0x5D, 0x93, + 0x1C, 0x63, 0xCA, 0x8A, 0x8E, 0x12, 0x24, 0x26, + 0x26, 0x30, 0x5A, 0xB6, 0xA2, 0xE0, 0x62, 0x45, + 0x64, 0xEE, 0x04, 0x19, 0x83, 0xC1, 0x8C, 0x29, + 0x52, 0xEC, 0x3D, 0x9D, 0x15, 0x9B, 0xDE, 0x39, + 0x85, 0xCF, 0x77, 0x89, 0x7E, 0xE2, 0xDC, 0x88, + 0x81, 0x12, 0x72, 0x1D, 0x48, 0x54, 0xE9, 0x14, + 0xA5, 0x39, 0x7E, 0x08, 0xB5, 0x4F, 0x4A, 0x54, + 0x32, 0x3F, 0xF8, 0x20, 0x82, 0x1B, 0xE0, 0x26, + 0xEA, 0x09, 0x1E, 0xCA, 0x6B, 0x7D, 0x80, 0xD9, + 0x1E, 0x3D, 0xCA, 0x2E, 0xF7, 0x84, 0x8B, 0x86, + 0xFC, 0xA6, 0xBB, 0x40, 0xCE, 0x48, 0x27, 0x1E, + 0x10, 0x08, 0x36, 0x8E, 0x3E, 0xBB, 0x5E, 0x39, + 0x5E, 0x1C, 0xCD, 0x0D, 0x17, 0x8F, 0x1A, 0x62, + 0x57, 0xD2, 0x6B, 0x6B, 0xA4, 0xB7, 0xCE, 0x53, + 0x2C, 0xAA, 0x1E, 0x76, 0xCE, 0x28, 0xFA, 0x4C, + 0xF9, 0xE0, 0x29, 0xE2, 0x48, 0x2B, 0x94, 0xD3, + 0xAC, 0xF9, 0x7A, 0x32, 0x6D, 0x23, 0x5D, 0x1B, + 0xDC, 0x89, 0xF7, 0x00, 0x02, 0x19, 0x84, 0x51, + 0xD9, 0xF1, 0xF1, 0x2C, 0xCD, 0x5B, 0xCA, 0xEC, + 0xDD, 0xE9, 0xE1, 0x4A, 0xC8, 0x07, 0x42, 0xEB, + 0x31, 0xE6, 0x46, 0x4C, 0x83, 0x21, 0x0A, 0x39, + 0xF3, 0x50, 0x98, 0xBE, 0x03, 0x78, 0xD0, 0x74, + 0xCE, 0x1C, 0xCD, 0x1E, 0xBC, 0x1C, 0x77, 0x70, + 0xF7, 0x78, 0xD6, 0x05, 0xF2, 0xBE, 0x59, 0xDB, + 0x7E, 0xA0, 0x7D, 0x80, 0xCC, 0xDF, 0x55, 0xF1, + 0x6E, 0x98, 0x5B, 0x14, 0x2F, 0xB7, 0xBD, 0xA0, + 0x7A, 0xA7, 0xDC, 0xA5, 0xB2, 0x01, 0xE1, 0x95, + 0x0C, 0xF9, 0xA7, 0x28, 0xF2, 0x1E, 0x9A, 0x9D, + 0x8A, 0xC4, 0xD1, 0x32, 0x7E, 0x3B, 0xC0, 0xFF, + 0x33, 0x9A, 0x25, 0x05, 0x22, 0xF6, 0x31, 0xDF, + 0x2E, 0x75, 0x95, 0x51, 0x54, 0x89, 0x3E, 0x4A, + 0x1A, 0xAF, 0x98, 0x66, 0xFE, 0xE1, 0x63, 0x7E, + 0xE1, 0xAA, 0x51, 0x06, 0xD2, 0x44, 0xE9, 0x9E, + 0x6F, 0x31, 0xFC, 0x56, 0x01, 0xBB, 0x7B, 0x79, + 0xBA, 0xD8, 0x28, 0x60, 0xB1, 0xD6, 0x05, 0x9D, + 0x9B, 0x13, 0x2E, 0x02, 0x64, 0x18, 0x02, 0x0D, + 0xB0, 0x6E, 0xB8, 0x39, 0x1F, 0xA1, 0x5B, 0x7A, + 0x0F, 0x29, 0xE3, 0x6D, 0x96, 0x6A, 0xBD, 0x3D, + 0x2A, 0x2F, 0xF3, 0xF2, 0xAA, 0xC3, 0x4C, 0x8B, + 0x45, 0xC7, 0xD2, 0x35, 0x5E, 0xDB, 0xB8, 0x0B, + 0x22, 0x4B, 0xC1, 0x06, 0xEB, 0xC6, 0x75, 0x0E, + 0x55, 0x07, 0x0F, 0x85, 0xA7, 0xCB, 0x60, 0x03, + 0x39, 0x4E, 0x51, 0x61, 0xAE, 0x26, 0xF5, 0xAB, + 0xF8, 0x3F, 0x0D, 0xCC, 0xCF, 0x69, 0xB8, 0x61, + 0x39, 0xAF, 0x86, 0x94, 0xFE, 0x1D, 0xC0, 0x07, + 0x81, 0xEA, 0xE0, 0x9C, 0xDB, 0x42, 0x18, 0x14, + 0x87, 0x80, 0x43, 0xDC, 0x9B, 0x05, 0x30, 0xE5, + 0x54, 0x5A, 0x16, 0x5E, 0x39, 0xA9, 0xB7, 0xDE, + 0x88, 0xB4, 0xAD, 0x2A, 0xEB, 0x90, 0xD3, 0xC3, + 0x29, 0x41, 0x2E, 0xD2, 0xFE, 0x1D, 0x97, 0xB7, + 0x32, 0xC8, 0x43, 0x9D, 0xF4, 0xF8, 0x3D, 0x22, + 0x88, 0x35, 0xB5, 0x38, 0xDC, 0x27, 0x8F, 0xF0, + 0xA2, 0xDC, 0x42, 0xF4, 0x1B, 0x00, 0xCE, 0x3A, + 0xCA, 0x06, 0xB0, 0x5C, 0x48, 0x39, 0xB8, 0x96, + 0x93, 0x15, 0x15, 0xD7, 0x8E, 0xA3, 0x67, 0x3A, + 0x37, 0x82, 0x79, 0xF4, 0xE8, 0x9C, 0xE0, 0x8E, + 0x34, 0x53, 0xFF, 0x2F, 0xB4, 0x53, 0xBE, 0x03, + 0x1C, 0x63, 0x18, 0x62, 0x8A, 0x73, 0x1D, 0x02, + 0x9F, 0xC7, 0xBE, 0xA2, 0xBA, 0x5E, 0xAC, 0x49, + 0x16, 0x27, 0x8B, 0x93, 0x8A, 0x6A, 0x6A, 0xCE, + 0xF5, 0xBF, 0xE2, 0x15, 0x8F, 0x2A, 0xF4, 0x3D, + 0x8E, 0x56, 0xA0, 0x64, 0x9D, 0xF2, 0x8A, 0x25, + 0x0D, 0x2F, 0x25, 0x36, 0xAB, 0xDE, 0x1E, 0x00, + 0x8E, 0xB6, 0x31, 0xF4, 0xBD, 0x0E, 0xB5, 0x55, + 0x73, 0xA4, 0x05, 0x39, 0xA6, 0x00, 0x41, 0x81, + 0xA9, 0xD2, 0xBF, 0x7A, 0x1E, 0x53, 0x50, 0x4F, + 0x11, 0xE0, 0x14, 0x84, 0x07, 0x33, 0x84, 0x41, + 0x31, 0xAC, 0x66, 0x89, 0x46, 0xE5, 0xB8, 0x27, + 0x28, 0x9A, 0xB6, 0xB2, 0x13, 0x66, 0xC5, 0xD0, + 0xE2, 0x64, 0x92, 0x19, 0xB9, 0x2C, 0x47, 0x60, + 0xDF, 0xB7, 0x05, 0xF7, 0xF6, 0x1A, 0x96, 0x56, + 0x4C, 0x9E, 0x84, 0x0D, 0x14, 0xB0, 0xBB, 0x0D, + 0xA8, 0x2D, 0xA5, 0x0F, 0x8B, 0x8E, 0x75, 0x2B, + 0xBF, 0xEA, 0x3B, 0x0A, 0x33, 0x7B, 0xE1, 0x24, + 0xF7, 0x2D, 0x8F, 0x82, 0x49, 0x19, 0x5B, 0xC1, + 0x9C, 0x3E, 0x0B, 0x62, 0xEA, 0xE4, 0x96, 0xD3, + 0x8C, 0xF7, 0x50, 0x0B, 0x4F, 0x10, 0x66, 0x5F, + 0xC2, 0xD2, 0x8B, 0x9E, 0xA9, 0x35, 0xF7, 0xE3, + 0x16, 0x47, 0x2F, 0x4F, 0xF4, 0x01, 0x26, 0x75, + 0x41, 0xBD, 0xB6, 0x23, 0x01, 0x55, 0x4B, 0x20, + 0x09, 0x92, 0x8C, 0x64, 0x45, 0xBB, 0xD0, 0xEF, + 0x21, 0xD0, 0x99, 0x72, 0xF3, 0x50, 0x81, 0xAB, + 0xA9, 0x09, 0x1A, 0x6C, 0x23, 0xFE, 0xD2, 0x9F, + 0x5C, 0xF9, 0xE0, 0x77, 0x9F, 0x7E, 0xFB, 0xAD, + 0x88, 0xE6, 0x2A, 0x45, 0x44, 0x42, 0xB3, 0x00, + 0x79, 0xBE, 0x0A, 0xC9, 0xC6, 0x48, 0x26, 0xB9, + 0x8C, 0x1E, 0x10, 0x01, 0xCB, 0x0F, 0xB0, 0xF0, + 0xA9, 0x5F, 0x79, 0x65, 0xFE, 0x93, 0x12, 0xBF, + 0xDA, 0xEC, 0x33, 0xF9, 0x50, 0x65, 0xC8, 0xE5, + 0x9D, 0x39, 0x50, 0xF8, 0x0A, 0xDC, 0x7F, 0xB3, + 0x34, 0xF2, 0x02, 0xD3, 0xE5, 0xF8, 0xDA, 0x48, + 0x1C, 0x9B, 0x54, 0xA7, 0x59, 0x83, 0x93, 0x0F, + 0xD1, 0xE5, 0xAC, 0xD1, 0x62, 0x84, 0xF0, 0x71, + 0x93, 0xFB, 0xCB, 0x50, 0xD0, 0xDC, 0x00, 0xEF, + 0xF8, 0x20, 0x31, 0x44, 0xC1, 0x1E, 0xC6, 0x14, + 0x20, 0xFC, 0x32, 0xD7, 0x98, 0x2C, 0xE8, 0x96, + 0x40, 0x6B, 0xE7, 0x69, 0xA7, 0x5D, 0xD8, 0xD3, + 0xCA, 0xC7, 0x53, 0xAB, 0xE5, 0xA2, 0x78, 0x65, + 0x5B, 0xF5, 0x4B, 0xE3, 0x3A, 0x1B, 0x83, 0x74, + 0xEB, 0xEE, 0xFF, 0x21, 0x2C, 0x39, 0xCE, 0x51, + 0x46, 0x68, 0xF1, 0xC4, 0x56, 0xEA, 0xA2, 0x53, + 0x28, 0x28, 0xC8, 0x42, 0x93, 0xF1, 0xA5, 0xBC, + 0x9E, 0xB5, 0xDE, 0xDF, 0x55, 0x8A, 0x9B, 0x4C, + 0x12, 0x39, 0xF7, 0x72, 0x72, 0xC6, 0x7E, 0x1A, + 0xB2, 0x8E, 0x1E, 0xFE, 0xC5, 0x89, 0x3E, 0x09, + 0xC1, 0x06, 0x62, 0xB5, 0x3C, 0x8B, 0x82, 0x55, + 0xB1, 0xC8, 0xDC, 0x8F, 0x8E, 0x51, 0x20, 0xA2, + 0x5C, 0x75, 0xEE, 0xFE, 0x79, 0xC4, 0x3F, 0x7A, + 0x8B, 0x37, 0xDF, 0x9D, 0x1E, 0x4F, 0x32, 0x48, + 0x69, 0x33, 0xDA, 0x1C, 0xB0, 0x66, 0x4C, 0x5D, + 0xB3, 0x9E, 0x21, 0xBC, 0x22, 0x7B, 0x0C, 0xDF, + 0xE7, 0xA5, 0x50, 0x7F, 0x07, 0xF2, 0x18, 0xA7, + 0xA4, 0x7D, 0xEB, 0xCD, 0x9D, 0xAD, 0x72, 0x47, + 0xB4, 0xD0, 0x45, 0xA1, 0x3A, 0xD4, 0xF7, 0x5E, + 0xAD, 0x2D, 0x45, 0xC3, 0x39, 0xD0, 0xDF, 0x04, + 0x57, 0x7F, 0x2E, 0x0F, 0xDC, 0x78, 0x03, 0x92, + 0x55, 0x30, 0x33, 0xC7, 0x38, 0x85, 0x2B, 0x1B, + 0xE4, 0xE6, 0x3E, 0xA3, 0x89, 0x7D, 0x6C, 0x9C, + 0x4B, 0x11, 0xAD, 0x6B, 0x58, 0xD3, 0xE2, 0xD3, + 0x42, 0xD3, 0x28, 0x40, 0xF6, 0x49, 0xDD, 0x83, + 0xE7, 0x59, 0x86, 0x6B, 0x73, 0x81, 0xA8, 0x4C, + 0x8A, 0xDD, 0xDF, 0x41, 0x3F, 0xAE, 0x18, 0xE6, + 0x43, 0x1B, 0x1E, 0xEA, 0x73, 0xA5, 0x6C, 0xD8, + 0x89, 0xB7, 0x6B, 0xC9, 0x78, 0x6B, 0xED, 0xED, + 0xCA, 0x25, 0x41, 0xE4, 0xC9, 0xB2, 0x4E, 0x28, + 0xF5, 0x8A, 0xD3, 0x74, 0xC1, 0xD9, 0x3D, 0xF2, + 0xD3, 0xF2, 0xC3, 0x7E, 0xC5, 0x94, 0xA0, 0x49, + 0x8C, 0x57, 0x45, 0x79, 0xA7, 0x33, 0x2F, 0x72, + 0xC0, 0xF9, 0x75, 0x08, 0x77, 0xFA, 0xD5, 0xB9, + 0x0B, 0x96, 0x8D, 0x88, 0xF1, 0x16, 0x82, 0xC4, + 0x07, 0x1E, 0x4E, 0xA3, 0x8B, 0x81, 0x6A, 0xEA, + 0xD6, 0xBE, 0x54, 0xD2, 0xF3, 0x71, 0x32, 0x4F, + 0x24, 0x75, 0xB8, 0x62, 0xC7, 0x54, 0x24, 0xEC, + 0xF9, 0x85, 0x8A, 0xA4, 0xE2, 0x00, 0xCF, 0xBA, + 0x41, 0x2D, 0x7E, 0x3E, 0x6C, 0x30, 0x8D, 0x8D, + 0xE1, 0x1D, 0xD1, 0x85, 0x33, 0x1A, 0xF9, 0xD4, + 0x1A, 0xFE, 0x88, 0x79, 0x96, 0x5D, 0x67, 0x46, + 0xEF, 0x21, 0xFD, 0x98, 0xD3, 0xED, 0x38, 0x06, + 0xFB, 0x5C, 0x46, 0x19, 0xC9, 0x8E, 0x34, 0x7D, + 0x76, 0xB8, 0xB8, 0x98, 0x49, 0x39, 0x55, 0x61, + 0xEE, 0x28, 0x6D, 0xFD, 0xFC, 0x6A, 0x04, 0xE1, + 0xD4, 0x7E, 0x9F, 0x5B, 0x5B, 0x49, 0x25, 0x77, + 0x84, 0xC3, 0x93, 0x64, 0xDF, 0xA8, 0x8A, 0xD6, + 0x30, 0xDF, 0xA5, 0x9C, 0xCA, 0x32, 0x37, 0xF4, + 0xA2, 0xB1, 0x41, 0xA8, 0x13, 0xD2, 0x2C, 0x6F, + 0xFE, 0x73, 0xC2, 0xD9, 0x9A, 0xDC, 0x82, 0x4D, + 0x93, 0xE0, 0x6A, 0x54, 0xB6, 0xDE, 0x62, 0xC3, + 0x12, 0x5D, 0x94, 0xB4, 0x9E, 0x95, 0x0D, 0xEC, + 0x36, 0x1F, 0x96, 0x1F, 0x56, 0xD3, 0x67, 0x1C, + 0x99, 0x25, 0x37, 0x7F, 0x6E, 0x67, 0x06, 0x65, + 0x32, 0x2B, 0x84, 0x89, 0xE8, 0x33, 0xD3, 0x83, + 0x0E, 0xCC, 0xDD, 0x0F, 0x53, 0xF4, 0xA4, 0xF9, + 0xD6, 0x8F, 0x14, 0x45, 0xF3, 0xAE, 0xD5, 0xC9, + 0xD7, 0x66, 0x40, 0x9B, 0x59, 0xBA, 0xE7, 0xA7, + 0x29, 0x12, 0xE9, 0x8B, 0x3B, 0xB5, 0x73, 0x42, + 0xD2, 0x9B, 0x6A, 0xCF, 0xD1, 0x43, 0x36, 0xB7, + 0xB8, 0xB6, 0xB7, 0x54, 0x9A, 0xF8, 0xCC, 0x88, + 0x45, 0xE1, 0x0C, 0x28, 0x11, 0x28, 0x72, 0x81, + 0x98, 0x5D, 0x5D, 0x47, 0x68, 0x5F, 0xC5, 0x89, + 0xF2, 0x67, 0x8E, 0xD8, 0x93, 0xF5, 0x7B, 0x85, + 0xAC, 0xED, 0x75, 0x63, 0x2E, 0x50, 0xDE, 0x5E, + 0x07, 0x4E, 0x6C, 0xED, 0xCF, 0x1A, 0xD4, 0x99, + 0xBC, 0xE6, 0x7A, 0x7F, 0x49, 0x85, 0x64, 0xDE, + 0xEC, 0x67, 0x7C, 0x70, 0x83, 0x88, 0xDE, 0x8F, + 0xD7, 0xB0, 0x99, 0xCF, 0xC1, 0x16, 0x09, 0x6C, + 0x45, 0xFE, 0x28, 0x89, 0x0B, 0x5E, 0xAF, 0x06, + 0x16, 0x99, 0x39, 0xFD, 0xA3, 0x5E, 0x12, 0x15, + 0xF2, 0x38, 0xE8, 0xCD, 0xED, 0xFE, 0x67, 0x00, + 0x65, 0xF5, 0xDE, 0x32, 0x72, 0xA2, 0x32, 0xFD, + 0x53, 0xC2, 0x50, 0xF5, 0xD7, 0x79, 0xB3, 0x16, + 0x94, 0xFB, 0xA9, 0x1B, 0x55, 0x48, 0x03, 0x67, + 0x6E, 0x4D, 0xEA, 0x28, 0x84, 0x63, 0xFE, 0x10, + 0x63, 0x00, 0x9E, 0x9C, 0xB7, 0x6C, 0x31, 0x7D, + 0xB4, 0x00, 0xAC, 0xF4, 0xD2, 0xD2, 0xB6, 0xD1, + 0x6E, 0xDE, 0xBA, 0x41, 0x08, 0x91, 0x3F, 0x60, + 0xAE, 0xB2, 0x52, 0xCD, 0xE4, 0x13, 0x69, 0x0C, + 0xEE, 0xFD, 0xCF, 0xA6, 0x38, 0x96, 0x3D, 0xBD, + 0x04, 0xF4, 0xCF, 0x21, 0xAD, 0x74, 0xDD, 0xE6, + 0x5F, 0x0F, 0x1E, 0x7C, 0xE7, 0x0A, 0xF1, 0x01, + 0xA6, 0xDE, 0x9A, 0x59, 0xDB, 0x21, 0xD3, 0x80, + 0x27, 0xDB, 0xBF, 0x76, 0x16, 0x78, 0x27, 0x95, + 0x0B, 0x69, 0x41, 0x82, 0x66, 0xAF, 0xA4, 0x44, + 0xC7, 0x28, 0xDE, 0x36, 0x24, 0xA1, 0xC8, 0x1E, + 0x5B, 0x16, 0x41, 0xDB, 0xE8, 0x79, 0xCD, 0x82, + 0x2F, 0xB2, 0x30, 0x3C, 0xC3, 0xA9, 0xFC, 0xEE, + 0xFE, 0x3D, 0xDF, 0x7D, 0xBD, 0x0B, 0x70, 0x57, + 0x24, 0x8A, 0x28, 0xD6, 0x06, 0x2D, 0x76, 0xEB, + 0x13, 0xB9, 0x2C, 0x9C, 0x9D, 0x00, 0x3B, 0x69, + 0xE1, 0x84, 0x2A, 0x54, 0xC0, 0x9C, 0xF6, 0xB4, + 0x84, 0x52, 0x08, 0x15, 0xE2, 0xBB, 0x23, 0x72, + 0x88, 0xC6, 0x4F, 0xC6, 0x96, 0xFD, 0x3B, 0xC4, + 0x5D, 0xB3, 0x0C, 0xB8, 0x64, 0x65, 0xDF, 0x11, + 0x88, 0xBF, 0x47, 0x95, 0x6E, 0x5B, 0x91, 0x6A, + 0x80, 0x09, 0x71, 0x5C, 0xC9, 0xA9, 0xA6, 0xDC, + 0xE4, 0x4C, 0x54, 0xF9, 0x28, 0x81, 0x6B, 0x41, + 0xD0, 0x18, 0xC5, 0xFE, 0x65, 0x2F, 0xFE, 0x4E, + 0x33, 0xF3, 0x52, 0xD3, 0x83, 0xA9, 0xC1, 0x36, + 0x5F, 0x02, 0xAB, 0xFD, 0x64, 0x7B, 0xD6, 0xB4, + 0x2A, 0xD1, 0x63, 0x73, 0x0F, 0x8B, 0xFD, 0xA1, + 0xE2, 0xBE, 0x5F, 0x61, 0x4D, 0x79, 0x59, 0x78, + 0x25, 0xBA, 0x09, 0xF4, 0x57, 0xD3, 0xCB, 0xE7, + 0x56, 0x1E, 0x7E, 0x89, 0xEA, 0xF0, 0x59, 0xE9, + 0x77, 0xD1, 0xEE, 0x88, 0x84, 0x8B, 0x78, 0x1F, + 0x21, 0xF7, 0x23, 0x89, 0x0F, 0xF1, 0xF9, 0x87, + 0x39, 0x28, 0x41, 0x2C, 0x8F, 0x11, 0xEE, 0xDD, + 0x2C, 0x0C, 0x39, 0xC9, 0x51, 0x27, 0x90, 0x98, + 0x6A, 0x19, 0xE1, 0x7B, 0x2B, 0x70, 0xA4, 0xD7, + 0xCF, 0x49, 0xD9, 0xD1, 0x8C, 0xAA, 0x0C, 0x20, + 0x23, 0x13, 0x4C, 0xAC, 0xD1, 0x69, 0x20, 0x0D, + 0x88, 0x17, 0xFA, 0x32, 0x1F, 0x04, 0xAC, 0xC9, + 0x10, 0x61, 0x3D, 0xFF, 0x25, 0x0E, 0xB3, 0x25, + 0xDB, 0xEF, 0x29, 0xEB, 0x56, 0x11, 0xB2, 0xAD, + 0x2A, 0x23, 0xED, 0xD5, 0x38, 0x04, 0x9B, 0x3F, + 0x43, 0xEF, 0xEB, 0x4D, 0x60, 0x98, 0x37, 0x92, + 0xB4, 0xBF, 0x05, 0x56, 0x79, 0x44, 0xAA, 0xDB, + 0x7A, 0xC4, 0xD3, 0xA5, 0xD8, 0x0A, 0x1B, 0x9D, + 0x84, 0x48, 0xB4, 0xC0, 0xC1, 0x15, 0xC3, 0xB5, + 0xAD, 0x38, 0x85, 0x35, 0x3F, 0x47, 0xD5, 0xFC, + 0xB9, 0xB7, 0xD6, 0x44, 0x6F, 0x1A, 0x72, 0x10, + 0xBB, 0xC6, 0x67, 0xFC, 0x41, 0x14, 0x15, 0xF2, + 0x3C, 0xD4, 0x0A, 0x2A, 0x3D, 0x64, 0x06, 0x1D, + 0x71, 0xC6, 0x71, 0x91, 0x57, 0x1A, 0x97, 0xD0, + 0x10, 0x88, 0xA2, 0x4B, 0x67, 0x11, 0x56, 0x7F, + 0xC8, 0x91, 0x06, 0x73, 0x2D, 0x88, 0x92, 0xFF, + 0x98, 0x5B, 0x8E, 0x6C, 0xF7, 0x01, 0x63, 0x82, + 0x9C, 0xC0, 0x85, 0xBE, 0x4E, 0x40, 0x83, 0x15, + 0x36, 0x1B, 0xB1, 0xB2, 0x00, 0x3D, 0x64, 0x13, + 0x22, 0x0B, 0x13, 0x45, 0x06, 0xD3, 0xC3, 0x04, + 0xC0, 0xBB, 0xBA, 0x9C, 0x9C, 0x45, 0xD3, 0x65, + 0x1E, 0x05, 0x71, 0xB6, 0xB1, 0x15, 0x17, 0x72, + 0x13, 0xD8, 0x59, 0x5E, 0x14, 0x3D, 0xB9, 0x0B, + 0xD7, 0x2F, 0x7E, 0xB9, 0x74, 0xD8, 0xD0, 0xA0, + 0x31, 0x74, 0x09, 0xD6, 0x4D, 0x58, 0x37, 0xEA, + 0xEC, 0x9B, 0x8D, 0x44, 0xDD, 0x7E, 0xCF, 0xF6, + 0xCD, 0xA9, 0xF7, 0x29, 0x38, 0x2A, 0x43, 0xB3, + 0x79, 0xCB, 0xDD, 0x43, 0xFF, 0xB1, 0x8A, 0xEA, + 0x35, 0xC1, 0xA9, 0x96, 0xCE, 0xF1, 0x48, 0x8D, + 0x3B, 0x7A, 0x81, 0xEE, 0x7C, 0xFC, 0x0B, 0x96, + 0x23, 0x41, 0x8A, 0xB3, 0x91, 0x9A, 0x6E, 0xDD, + 0xB9, 0x9F, 0x22, 0x2F, 0x0D, 0xDD, 0xB2, 0xF3, + 0x2A, 0x20, 0xC8, 0xF8, 0x4F, 0xBF, 0x4C, 0x49, + 0xB4, 0xCB, 0x3E, 0xB5, 0x0D, 0x9C, 0x4C, 0xD2, + 0x5A, 0x6F, 0x71, 0x75, 0x46, 0x70, 0x66, 0xD2, + 0x5E, 0x64, 0x37, 0xB6, 0x7F, 0x2D, 0xBC, 0x70, + 0xC2, 0xE6, 0xEB, 0x0B, 0xDE, 0x23, 0x86, 0xD0, + 0x30, 0x14, 0xA7, 0x89, 0xFB, 0x6D, 0xC0, 0x8E, + 0xE3, 0x3C, 0x0C, 0x67, 0x95, 0x1D, 0xA9, 0xD7, + 0x4B, 0x9C, 0x94, 0x84, 0x5D, 0x2A, 0x99, 0x03, + 0x7E, 0x09, 0x5F, 0xEF, 0x79, 0x19, 0x92, 0x0F, + 0xE5, 0x26, 0xEB, 0x5D, 0xD0, 0xBA, 0x1F, 0x97, + 0xDF, 0xBD, 0x2D, 0xDC, 0x31, 0x60, 0x9C, 0x1B, + 0x7B, 0x45, 0xEC, 0x3A, 0xDB, 0x58, 0x6F, 0xE3, + 0x03, 0x0A, 0x0C, 0x7A, 0x9D, 0xD0, 0x34, 0xA3, + 0xC2, 0xE6, 0xF9, 0x84, 0x90, 0x93, 0xCE, 0xE1, + 0x0A, 0x18, 0x19, 0x53, 0x54, 0x7F, 0x8B, 0xE3, + 0x28, 0x72, 0x0A, 0x4A, 0x5A, 0x82, 0x90, 0xB5, + 0xEE, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, + 0x0B, 0x10, 0x18, 0x1A, 0x21 + }; +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + static const byte pk_87[] = { + 0x59, 0xB2, 0x37, 0x1F, 0xE7, 0xBA, 0xCC, 0x20, + 0x7F, 0xE1, 0xFE, 0xE8, 0x8A, 0x8B, 0x38, 0x05, + 0xA7, 0x05, 0x28, 0x65, 0x69, 0x17, 0x89, 0xBB, + 0x90, 0x54, 0x2F, 0xA4, 0x7F, 0x7E, 0xF2, 0xB7, + 0x5F, 0xCA, 0x13, 0xDB, 0xA5, 0x88, 0x8B, 0xEC, + 0x32, 0x05, 0x14, 0xDC, 0xB0, 0x5F, 0xD2, 0x6E, + 0xB5, 0x54, 0x1F, 0x6E, 0x57, 0x2E, 0xCE, 0xA6, + 0xC4, 0xF1, 0xD3, 0x8A, 0xA7, 0x02, 0x59, 0x09, + 0x4A, 0xA9, 0x45, 0xF1, 0x9F, 0xED, 0x0D, 0x98, + 0x0E, 0x65, 0xDB, 0xF6, 0x5D, 0xB8, 0x0F, 0x56, + 0x4F, 0xE2, 0x9D, 0x83, 0x6C, 0x54, 0x79, 0x28, + 0x8B, 0x55, 0xCF, 0x07, 0xF4, 0xE0, 0x01, 0x59, + 0xB6, 0x95, 0x5D, 0xAB, 0xDE, 0xCC, 0x8C, 0x4D, + 0x66, 0xAE, 0x68, 0x87, 0x28, 0xBA, 0x6D, 0x5C, + 0x04, 0x42, 0xF3, 0xC1, 0x23, 0x2C, 0x78, 0x2C, + 0x46, 0x5B, 0x9B, 0x7C, 0x50, 0x14, 0xB1, 0x46, + 0x40, 0x65, 0xCC, 0xD8, 0xA5, 0x6D, 0x6B, 0x1C, + 0x16, 0x51, 0x08, 0x69, 0xE0, 0x14, 0xE6, 0x93, + 0x39, 0x98, 0xEF, 0x72, 0x55, 0x20, 0xB4, 0x00, + 0x91, 0x3D, 0x93, 0xB0, 0xEC, 0x75, 0xE2, 0xFB, + 0x72, 0x5D, 0xC1, 0xAE, 0xC0, 0xC0, 0xCC, 0x73, + 0x43, 0xB9, 0xE5, 0x44, 0xBA, 0xA4, 0xD6, 0x79, + 0x86, 0x0E, 0x34, 0x7B, 0x2E, 0x94, 0x7D, 0x8D, + 0x24, 0x36, 0xF0, 0x92, 0x98, 0xA7, 0xBB, 0x83, + 0x36, 0xB9, 0xDE, 0x9C, 0xFD, 0x5C, 0xDB, 0xCD, + 0x91, 0xC7, 0x24, 0x92, 0x68, 0xCA, 0x03, 0xEF, + 0xAC, 0x27, 0x3A, 0xF5, 0x29, 0x68, 0xD5, 0x01, + 0x40, 0x6C, 0xD9, 0xC9, 0x61, 0x59, 0xD7, 0xC1, + 0x5A, 0xA2, 0x90, 0x03, 0x30, 0xC1, 0x18, 0x9C, + 0xFC, 0x2C, 0xD8, 0xB9, 0x12, 0xC4, 0x80, 0xE4, + 0x58, 0x29, 0x7E, 0xF1, 0x4D, 0xB6, 0x94, 0xA3, + 0xF1, 0xE7, 0x2C, 0x1D, 0xFA, 0x3A, 0x3D, 0x2A, + 0x8A, 0x69, 0xE0, 0x11, 0x60, 0x2B, 0x93, 0x02, + 0x0B, 0xAC, 0xD1, 0xC2, 0xF3, 0xAD, 0x06, 0xC9, + 0x5A, 0x7F, 0x36, 0xEB, 0xF5, 0x26, 0x1F, 0x6E, + 0xC1, 0x06, 0x81, 0x6B, 0xB3, 0x30, 0x3C, 0xC0, + 0x0B, 0xF4, 0xE8, 0x68, 0x8D, 0x2E, 0x85, 0x48, + 0xF1, 0x04, 0x90, 0xD9, 0xEB, 0x23, 0xC5, 0x67, + 0x93, 0xB3, 0x4B, 0x84, 0x06, 0xCB, 0xE4, 0x43, + 0xD8, 0x35, 0x6B, 0xCD, 0x0F, 0x4F, 0x61, 0xD0, + 0xD0, 0x17, 0xD5, 0x48, 0x31, 0xB9, 0xBA, 0x32, + 0x9F, 0x89, 0x48, 0xF2, 0x5C, 0x31, 0x22, 0xF9, + 0xDE, 0xDE, 0x8C, 0xEC, 0xBA, 0x51, 0x56, 0x9E, + 0xDF, 0xFF, 0x89, 0x5F, 0xA0, 0x20, 0x86, 0x2C, + 0x5D, 0xF7, 0x9F, 0x86, 0x40, 0x78, 0x48, 0x6B, + 0x5F, 0xB2, 0x28, 0xFD, 0x78, 0x9C, 0x35, 0xFD, + 0xE1, 0xC5, 0x4B, 0xFF, 0xBF, 0x4A, 0x02, 0x5A, + 0x7F, 0xE7, 0xD8, 0xC3, 0x49, 0x0A, 0x5D, 0x4E, + 0x62, 0xD0, 0x4F, 0x79, 0xF4, 0x18, 0x3C, 0xA6, + 0x83, 0x79, 0xF4, 0x64, 0x8B, 0xD5, 0xB2, 0x41, + 0x6D, 0xBE, 0x5B, 0x84, 0x5C, 0x9F, 0x4B, 0x7A, + 0x7E, 0x23, 0x39, 0xC0, 0x50, 0x6D, 0x58, 0x53, + 0x9E, 0xAE, 0xA9, 0x45, 0x1C, 0x9B, 0x2F, 0xE2, + 0xA1, 0x8C, 0x84, 0x9D, 0xCA, 0x7E, 0xED, 0x9D, + 0xAC, 0xC0, 0x58, 0xD0, 0x05, 0xFB, 0x73, 0x75, + 0xC4, 0xEF, 0x45, 0xB0, 0x01, 0x54, 0x3F, 0xC6, + 0x8E, 0x47, 0xDD, 0xB6, 0xD1, 0x4F, 0xF9, 0x37, + 0xD1, 0xAA, 0x0D, 0x4D, 0x74, 0x89, 0xDF, 0xFA, + 0x62, 0x10, 0x67, 0x9C, 0xCC, 0xEC, 0xF9, 0xB8, + 0x55, 0x1D, 0xCF, 0x68, 0x2D, 0x2A, 0xF1, 0xE5, + 0xBD, 0x86, 0x9F, 0x3E, 0x8D, 0x40, 0x0D, 0x5C, + 0x86, 0x1A, 0xE5, 0x1F, 0xE7, 0xEB, 0xBB, 0x54, + 0x57, 0xF2, 0xEA, 0xAF, 0xD0, 0x93, 0xA9, 0x59, + 0x8E, 0xC7, 0x21, 0xC6, 0x93, 0x27, 0xC5, 0x19, + 0x30, 0xF4, 0xB9, 0xFF, 0xB2, 0xAA, 0x7F, 0x1A, + 0x28, 0x43, 0x6B, 0x6D, 0x80, 0x8D, 0x75, 0x39, + 0x2B, 0xC4, 0x3C, 0x1B, 0x5B, 0x85, 0x9C, 0x66, + 0xC5, 0x4F, 0xA5, 0x15, 0xC7, 0xA6, 0x15, 0xA6, + 0x9E, 0x60, 0x92, 0x14, 0x34, 0xAA, 0x9C, 0xF9, + 0xF9, 0xE0, 0x3C, 0x3C, 0xA3, 0x5B, 0x5E, 0xBC, + 0x6A, 0x40, 0x9E, 0x82, 0x2F, 0xE7, 0x6E, 0x09, + 0x24, 0xC6, 0xC0, 0x62, 0xF1, 0x72, 0x4C, 0x38, + 0x2F, 0xF3, 0xC8, 0xAC, 0xB5, 0xC1, 0x66, 0x6C, + 0x2E, 0xC2, 0x6B, 0x76, 0x28, 0xE3, 0xD7, 0xC1, + 0x3D, 0xA8, 0xD7, 0x58, 0x89, 0x0E, 0x6C, 0xC0, + 0x17, 0xB7, 0x89, 0x25, 0x82, 0xE9, 0x5E, 0xDD, + 0x04, 0xBA, 0x93, 0x45, 0xDF, 0x70, 0xFA, 0xD5, + 0x6E, 0xA6, 0x8B, 0xF8, 0x87, 0x5B, 0x93, 0x2C, + 0x28, 0xB3, 0x28, 0x07, 0xC8, 0x63, 0x71, 0xE1, + 0x7D, 0xCC, 0x04, 0x72, 0x5C, 0xB5, 0x97, 0xB5, + 0x24, 0x46, 0x79, 0x63, 0xE1, 0xD4, 0xA6, 0x1B, + 0x5F, 0xBF, 0x9E, 0xC5, 0x04, 0xD5, 0xDD, 0xB6, + 0x17, 0x93, 0xDD, 0x4E, 0x34, 0xAE, 0x08, 0x2A, + 0x59, 0x90, 0xEF, 0xCE, 0x80, 0x1E, 0x93, 0x8C, + 0xCA, 0xE7, 0x38, 0xE0, 0x2E, 0x90, 0x59, 0x9D, + 0x97, 0x1C, 0x2D, 0x7C, 0x64, 0xE5, 0xB6, 0xF8, + 0x63, 0x9F, 0x75, 0x8E, 0xD6, 0x21, 0xC1, 0xF2, + 0x10, 0x73, 0xC0, 0x3E, 0xDB, 0x78, 0x2C, 0x7A, + 0x0F, 0x5D, 0x7C, 0x66, 0xF5, 0xCE, 0x16, 0x1D, + 0xED, 0x55, 0xB3, 0xE9, 0x2D, 0xC2, 0x71, 0x83, + 0xAB, 0x08, 0x3D, 0xBC, 0x1F, 0x39, 0x30, 0xAE, + 0x56, 0xED, 0xB8, 0xC5, 0x3E, 0x9A, 0x7E, 0x02, + 0x0F, 0xFF, 0x0C, 0x40, 0x42, 0xF5, 0x18, 0xB2, + 0x6F, 0x39, 0x0C, 0x96, 0xC8, 0x18, 0x3B, 0x79, + 0xB5, 0x3C, 0x7C, 0x7B, 0xC5, 0x15, 0x18, 0x7B, + 0x3D, 0xE8, 0xCA, 0xB0, 0x87, 0x69, 0xC5, 0xDD, + 0x6F, 0xF5, 0x49, 0x21, 0x12, 0xE8, 0xB0, 0xF2, + 0x8D, 0x09, 0xF4, 0x06, 0x7A, 0xDB, 0x04, 0x19, + 0x4F, 0x60, 0x25, 0x0E, 0x75, 0xAD, 0xE3, 0x31, + 0xA5, 0xC2, 0x55, 0x93, 0xBC, 0xD9, 0x2A, 0x6D, + 0x13, 0x50, 0x43, 0x95, 0x85, 0x86, 0x0B, 0xB6, + 0xFE, 0xED, 0xBD, 0x2F, 0x83, 0x9F, 0x31, 0x7A, + 0x01, 0x35, 0x88, 0x76, 0xC8, 0x8E, 0x89, 0x8A, + 0xC0, 0xC8, 0x53, 0x78, 0xF5, 0x72, 0xF2, 0x3C, + 0xDE, 0x93, 0x1D, 0x47, 0xDE, 0x71, 0xD3, 0x35, + 0x3D, 0xAB, 0x1F, 0x81, 0x0A, 0x61, 0xB1, 0x8D, + 0x24, 0xCD, 0x83, 0xDD, 0xAB, 0x8D, 0x53, 0xBA, + 0x9C, 0x7B, 0x82, 0x74, 0xB0, 0xFE, 0x82, 0xAF, + 0xF3, 0x0C, 0x57, 0x07, 0x2F, 0x64, 0x37, 0x87, + 0xCA, 0x1D, 0xF0, 0x3B, 0x99, 0xEB, 0x57, 0xDB, + 0xDA, 0x8C, 0x8E, 0xE8, 0xEB, 0x20, 0x1F, 0x28, + 0x47, 0xCB, 0xC9, 0xD3, 0x4F, 0xD8, 0x0C, 0xE6, + 0xBC, 0x5E, 0x1E, 0x32, 0x8E, 0xB6, 0xEF, 0xC8, + 0x3C, 0x4B, 0xD9, 0xD5, 0x2F, 0x32, 0x4E, 0x30, + 0xEE, 0x4B, 0x5E, 0x86, 0x35, 0x1E, 0x5C, 0x8C, + 0x4C, 0x54, 0x56, 0x83, 0x6D, 0x5A, 0x45, 0x22, + 0x03, 0xB3, 0xC3, 0x72, 0xC7, 0x87, 0xAE, 0x33, + 0x32, 0xC8, 0xA5, 0xE9, 0xDC, 0x21, 0x97, 0xD9, + 0xC3, 0x41, 0xB9, 0x75, 0x6B, 0xB1, 0xE6, 0x3C, + 0x75, 0xBB, 0xD5, 0xCF, 0x3E, 0x5C, 0xD4, 0xBF, + 0x47, 0xBD, 0x1F, 0xEB, 0xC3, 0xE3, 0x71, 0x09, + 0x12, 0xD6, 0x30, 0x32, 0xF6, 0xB9, 0x7D, 0xC1, + 0x9C, 0x4D, 0xE1, 0x96, 0xAC, 0xD9, 0x15, 0x77, + 0x15, 0xE2, 0xC1, 0x4E, 0x05, 0x4A, 0x93, 0x17, + 0xBF, 0x96, 0xA6, 0x84, 0xBB, 0x96, 0xCE, 0xFB, + 0x7D, 0x8F, 0xDC, 0xA8, 0xAA, 0x47, 0x7A, 0x2A, + 0xF6, 0xF7, 0x26, 0xD2, 0xCA, 0xC1, 0xA6, 0x03, + 0xCF, 0x13, 0x60, 0xEC, 0x11, 0xCA, 0x89, 0x7E, + 0x5B, 0xC7, 0x35, 0xAB, 0x69, 0xB8, 0x64, 0x7F, + 0x30, 0xCE, 0xD4, 0x94, 0x7B, 0xA9, 0xF6, 0x35, + 0xD9, 0xCB, 0x2D, 0x82, 0xA6, 0x62, 0xFF, 0x17, + 0xA0, 0xE1, 0x2D, 0x4D, 0x06, 0xD6, 0x41, 0xEE, + 0x76, 0xEB, 0x8B, 0x45, 0xC7, 0x1E, 0xDE, 0x38, + 0xC9, 0x05, 0xC5, 0x2B, 0xE7, 0x6C, 0x61, 0x09, + 0xF2, 0x61, 0x2F, 0xEE, 0x6C, 0x31, 0x94, 0x46, + 0x5C, 0x19, 0xBA, 0x5D, 0x3E, 0xBC, 0xF1, 0xF0, + 0xB5, 0xE5, 0x34, 0xE0, 0xF0, 0xF1, 0xD3, 0x1C, + 0xB1, 0xE7, 0xA3, 0x6C, 0x43, 0x03, 0xF2, 0x83, + 0xDB, 0xA8, 0x59, 0x1C, 0xC6, 0x09, 0x31, 0x1A, + 0x80, 0x9E, 0x44, 0x4E, 0x33, 0xA8, 0x93, 0x88, + 0x0C, 0xDB, 0xAE, 0x29, 0x11, 0x91, 0x46, 0xA3, + 0x68, 0xE4, 0xD2, 0xED, 0xD9, 0x1F, 0xE4, 0x71, + 0x64, 0x7F, 0xFE, 0x82, 0x1A, 0xA6, 0xD3, 0x1C, + 0x9F, 0xA4, 0x96, 0x95, 0xEB, 0x99, 0x41, 0xB0, + 0x8F, 0x7B, 0xE3, 0xF0, 0x6C, 0xDD, 0xF2, 0x73, + 0x9B, 0x8C, 0xAD, 0x2A, 0xB0, 0xDA, 0x4F, 0x5A, + 0x3C, 0x0A, 0x26, 0xDF, 0x6A, 0x17, 0xB1, 0x37, + 0xCA, 0xAB, 0x3B, 0x91, 0x9A, 0xB6, 0x36, 0xD6, + 0xC8, 0x9B, 0xED, 0xA3, 0x05, 0x88, 0x98, 0x62, + 0x87, 0x21, 0xF2, 0x77, 0x03, 0x15, 0xFE, 0xEE, + 0x88, 0x15, 0x95, 0xE2, 0x4C, 0xF4, 0x8B, 0x44, + 0x16, 0x60, 0xD0, 0xB2, 0xE9, 0xD5, 0xB9, 0x09, + 0x28, 0xC3, 0x81, 0xF2, 0xB0, 0xFA, 0x26, 0x34, + 0x2E, 0x4C, 0x9B, 0x88, 0xC0, 0x88, 0x7A, 0x46, + 0x87, 0x12, 0x4C, 0x01, 0x2D, 0x96, 0x9E, 0x1A, + 0xFD, 0x85, 0x32, 0x75, 0x4B, 0xA1, 0x21, 0x25, + 0xE9, 0x43, 0x3D, 0xCF, 0x6D, 0x7B, 0xC1, 0xA3, + 0x6A, 0x83, 0xE6, 0xA1, 0x0B, 0xA1, 0xCB, 0x76, + 0x52, 0xA8, 0x13, 0x50, 0x89, 0x9C, 0x2D, 0xFC, + 0x6E, 0x4F, 0xED, 0x38, 0xD0, 0x09, 0xE6, 0xD0, + 0xF1, 0xD4, 0x4C, 0xCC, 0xB9, 0x5E, 0x55, 0x1B, + 0x3A, 0xD5, 0x4B, 0x3A, 0xC8, 0x1E, 0x8B, 0xA4, + 0x66, 0x5E, 0xA4, 0x28, 0xB3, 0xC8, 0x61, 0xE8, + 0x67, 0x78, 0x90, 0xCF, 0x5F, 0x62, 0x5C, 0x19, + 0xA7, 0xC5, 0x94, 0x3A, 0x94, 0x01, 0xCB, 0x78, + 0xE7, 0x02, 0x6B, 0xAE, 0x92, 0xB6, 0x0A, 0x8B, + 0x68, 0x07, 0xC1, 0x77, 0x45, 0x41, 0x5C, 0xD8, + 0xE0, 0x30, 0xC6, 0x4C, 0x56, 0xE8, 0x22, 0x13, + 0x9A, 0x35, 0xDA, 0x42, 0x3F, 0x26, 0x43, 0x36, + 0xE0, 0xAF, 0xDF, 0x16, 0x74, 0x30, 0xDD, 0x36, + 0xE0, 0x06, 0x4B, 0x2F, 0x6E, 0x8D, 0x8B, 0xB6, + 0xBE, 0x99, 0xC5, 0xA9, 0xFB, 0x55, 0x1C, 0xC6, + 0x3E, 0x50, 0x8D, 0xB6, 0x36, 0x66, 0x7D, 0xDA, + 0x53, 0xF6, 0x11, 0xF0, 0x2F, 0xCD, 0x1F, 0x99, + 0x41, 0x0F, 0x1A, 0x7A, 0x82, 0x88, 0x2F, 0x96, + 0x23, 0xAD, 0xDC, 0x50, 0xEB, 0x01, 0xE1, 0xF3, + 0x99, 0x78, 0xBF, 0x68, 0x50, 0x6C, 0x71, 0xDB, + 0xBE, 0xE4, 0x2E, 0x4A, 0x80, 0x06, 0x9B, 0x0E, + 0x4C, 0x7F, 0xC4, 0xCC, 0x14, 0x71, 0xF4, 0xF1, + 0x02, 0x8D, 0xB2, 0x5C, 0x46, 0x87, 0xB6, 0x0D, + 0xF4, 0x25, 0x5D, 0xEC, 0x91, 0x48, 0x19, 0x7A, + 0x74, 0x79, 0x6E, 0xC7, 0x60, 0xA6, 0x6A, 0xFC, + 0x78, 0x84, 0x03, 0x86, 0x51, 0x92, 0x09, 0x73, + 0xA6, 0x9C, 0x20, 0x35, 0x16, 0x22, 0x26, 0x32, + 0xEC, 0x58, 0x75, 0xEA, 0x6D, 0x83, 0x80, 0x96, + 0xE7, 0xFE, 0x9B, 0x5B, 0x4F, 0xB6, 0x9C, 0x5E, + 0x94, 0x07, 0xE7, 0x0D, 0x27, 0xFA, 0x34, 0xB0, + 0xCD, 0xBD, 0x6E, 0x11, 0x9D, 0x87, 0xCE, 0x38, + 0x58, 0x1D, 0xF1, 0xD3, 0xE0, 0xDF, 0x3A, 0xE0, + 0x29, 0x04, 0x2A, 0x3B, 0x20, 0xE9, 0x23, 0xEB, + 0xCE, 0x19, 0xA4, 0x95, 0x87, 0x55, 0xEE, 0x2F, + 0x98, 0xFD, 0x23, 0x4C, 0x44, 0x13, 0xE2, 0xDB, + 0xC9, 0x35, 0x59, 0xA4, 0x28, 0xDC, 0x37, 0xF2, + 0xD1, 0x23, 0x5B, 0xD4, 0x41, 0x9B, 0x09, 0x9E, + 0x0F, 0x0D, 0xE5, 0x42, 0xC4, 0x69, 0x35, 0x99, + 0x1B, 0xE0, 0x69, 0x2A, 0x6D, 0x80, 0xB8, 0xFD, + 0x98, 0x86, 0xE0, 0xFA, 0x17, 0x69, 0xB4, 0x9E, + 0x8A, 0xE6, 0x30, 0x7C, 0xB0, 0xBC, 0x1B, 0x49, + 0x73, 0x2D, 0x26, 0xE2, 0x5C, 0xA1, 0xCD, 0x9D, + 0x40, 0x7E, 0x0D, 0x88, 0x64, 0x04, 0x09, 0x41, + 0x61, 0x1F, 0x93, 0x33, 0xB6, 0x36, 0x7E, 0x83, + 0x00, 0xFD, 0x64, 0x6A, 0xC5, 0xA7, 0x1A, 0xD9, + 0x13, 0xEE, 0xFD, 0x80, 0x8D, 0x5C, 0xAF, 0xBF, + 0x15, 0x21, 0xA3, 0x06, 0x2E, 0xC1, 0x84, 0xE5, + 0x21, 0x65, 0x50, 0x1E, 0x00, 0x55, 0x56, 0xDE, + 0x4D, 0xEE, 0x46, 0xF9, 0xE5, 0x3D, 0x7D, 0xEF, + 0x99, 0x09, 0xF3, 0xD5, 0xD9, 0x8C, 0xA8, 0x0D, + 0x87, 0x70, 0x7F, 0x7B, 0xC0, 0xFF, 0x8D, 0x87, + 0x9D, 0x65, 0xD4, 0xD7, 0x83, 0xD1, 0x96, 0xF2, + 0x46, 0x06, 0x93, 0x81, 0x1C, 0xDF, 0x33, 0x35, + 0x8E, 0x08, 0x2D, 0x81, 0xF4, 0xDB, 0x8F, 0x6C, + 0x20, 0x48, 0x61, 0x83, 0xA3, 0x6D, 0x4F, 0xBC, + 0xC8, 0xA1, 0xC6, 0xDA, 0x21, 0xAA, 0x4D, 0xD1, + 0x36, 0xE1, 0x9F, 0xEF, 0x2E, 0xA9, 0x93, 0x97, + 0x2B, 0xB9, 0x98, 0x9A, 0xC1, 0xC3, 0x8A, 0x79, + 0xF3, 0x18, 0x52, 0x17, 0x80, 0x04, 0x12, 0x3C, + 0x46, 0x27, 0x7D, 0x38, 0xA8, 0x8F, 0xC1, 0x58, + 0x9F, 0x25, 0x73, 0x32, 0x28, 0x4C, 0xD8, 0xA8, + 0x73, 0xC2, 0x5A, 0x1A, 0x6D, 0x40, 0x26, 0x5B, + 0x28, 0x5D, 0xF0, 0x93, 0x70, 0xE8, 0x8F, 0x72, + 0xFF, 0x70, 0xE4, 0x34, 0xE8, 0xF6, 0x60, 0x84, + 0xCC, 0xFE, 0xBD, 0xBB, 0xC4, 0xB9, 0x9E, 0xDF, + 0xBC, 0x75, 0x0C, 0xC5, 0xDE, 0xA6, 0x36, 0x17, + 0xF6, 0x47, 0xF5, 0xF0, 0x21, 0xD5, 0x7D, 0x64, + 0xD5, 0xEF, 0xF0, 0x48, 0x63, 0x4D, 0xB2, 0x20, + 0x9D, 0x7C, 0x8B, 0x82, 0xFB, 0x63, 0xB8, 0x82, + 0x3E, 0x4C, 0xA0, 0x57, 0x16, 0x8B, 0xAE, 0x88, + 0xD9, 0x71, 0x52, 0x91, 0x24, 0x0B, 0x37, 0x58, + 0xD7, 0x68, 0x45, 0x01, 0xF8, 0x61, 0x86, 0x7B, + 0x7A, 0x24, 0x1C, 0x06, 0x3B, 0x05, 0xD5, 0xE8, + 0xCA, 0x6B, 0x4C, 0x79, 0xCB, 0x24, 0x35, 0xD7, + 0xF9, 0x94, 0xCB, 0x76, 0x91, 0x5B, 0x4A, 0x54, + 0x87, 0x08, 0xB1, 0x1B, 0x29, 0x44, 0x96, 0x85, + 0x94, 0x1D, 0x43, 0xE6, 0x0A, 0x89, 0x76, 0xF9, + 0xA9, 0x60, 0x72, 0xF9, 0x10, 0x41, 0xF4, 0xC3, + 0xDF, 0x7C, 0x73, 0x96, 0x90, 0x12, 0xAE, 0x1B, + 0x30, 0xE4, 0xB9, 0xC4, 0xE1, 0x33, 0x55, 0x8D, + 0xAB, 0xC4, 0x6C, 0x10, 0x3C, 0x0C, 0xB1, 0xDF, + 0xB9, 0x9B, 0x58, 0x53, 0x74, 0xA5, 0x4F, 0x9B, + 0xA5, 0x6B, 0x72, 0x48, 0xB8, 0xC3, 0xF6, 0x6F, + 0x1D, 0x55, 0x76, 0x0D, 0x6A, 0xBB, 0x43, 0x03, + 0x75, 0x77, 0x4D, 0xFB, 0xA2, 0x05, 0x9C, 0x5D, + 0xDD, 0xB6, 0x59, 0xFD, 0x2E, 0x1D, 0xA9, 0xC3, + 0xF0, 0xB8, 0x08, 0x68, 0xC9, 0x2B, 0xCA, 0xC1, + 0x04, 0x03, 0xDC, 0xD1, 0x40, 0xD6, 0xA3, 0xD3, + 0xF3, 0x5F, 0x8E, 0xF1, 0xA2, 0xDD, 0x98, 0xDE, + 0x1A, 0x43, 0x34, 0x23, 0x85, 0x99, 0xED, 0xAD, + 0x92, 0x0D, 0xC0, 0xAA, 0x69, 0x8E, 0x9F, 0xE6, + 0x10, 0x6A, 0x07, 0x80, 0xC9, 0xC2, 0x45, 0xF2, + 0xC6, 0x5A, 0x0C, 0x3E, 0x5C, 0xD5, 0x36, 0x61, + 0x10, 0xB1, 0x76, 0x0F, 0xCD, 0x41, 0x4D, 0x45, + 0x0D, 0xB9, 0xD7, 0x6A, 0x22, 0xA9, 0xEA, 0xEA, + 0x0C, 0x9F, 0xB7, 0x2E, 0xD5, 0x43, 0xCE, 0x9F, + 0xA3, 0x31, 0x4B, 0xAB, 0x17, 0x68, 0x7E, 0x9D, + 0xE5, 0xAD, 0xAD, 0x75, 0x61, 0xF1, 0xA5, 0xBE, + 0xC1, 0x63, 0x39, 0x26, 0x9A, 0x87, 0xE0, 0x9A, + 0xCB, 0x29, 0xE4, 0xC4, 0x39, 0x60, 0x5E, 0x95, + 0x72, 0xAA, 0x9B, 0x7D, 0x0E, 0x83, 0x71, 0xA3, + 0x0E, 0x41, 0xA0, 0xA7, 0xBD, 0xC0, 0x2D, 0xA3, + 0xA6, 0x12, 0x1B, 0xF2, 0x61, 0xEA, 0xA0, 0x16, + 0xA2, 0x07, 0x4E, 0x44, 0x32, 0xCF, 0x63, 0xAF, + 0x96, 0xBE, 0x81, 0xCE, 0xB6, 0xE0, 0xC2, 0x67, + 0x6A, 0x85, 0x45, 0xC6, 0x6D, 0x2F, 0x30, 0xC9, + 0x8B, 0x54, 0x24, 0xF0, 0xFE, 0xF0, 0x4B, 0x3C, + 0x6C, 0x70, 0x64, 0xE2, 0xD2, 0xE1, 0x1C, 0xBE, + 0x60, 0xF8, 0x57, 0x23, 0xFF, 0xC0, 0xB7, 0x70, + 0xD6, 0x86, 0x6F, 0xFA, 0x58, 0x9E, 0x3F, 0x9B, + 0x2A, 0xBF, 0x75, 0x10, 0x40, 0x19, 0xAA, 0x69, + 0xCB, 0x58, 0x89, 0x5B, 0x47, 0x4A, 0x0A, 0xDE, + 0x2B, 0x60, 0xA4, 0xAB, 0x07, 0x7C, 0x3A, 0x6D, + 0xF6, 0x15, 0x33, 0x4E, 0xBB, 0xE7, 0x32, 0xE9, + 0x52, 0x20, 0x21, 0x39, 0x94, 0xD3, 0xBD, 0xC4, + 0x43, 0xC8, 0xEF, 0x94, 0xAD, 0x51, 0x5F, 0x45, + 0x41, 0x83, 0x55, 0x18, 0x33, 0x14, 0x48, 0x58, + 0x57, 0xAC, 0x12, 0xBA, 0x1D, 0x62, 0xCF, 0x4F, + 0xD4, 0xF4, 0xDE, 0x2A, 0x7F, 0xFF, 0x1E, 0xCF, + 0x0D, 0x29, 0x0C, 0x4C, 0xDF, 0xFA, 0x88, 0xD8, + 0xF4, 0x8C, 0x5B, 0x83, 0x7D, 0x3A, 0x94, 0xCD, + 0x17, 0xB3, 0xD1, 0x69, 0x96, 0x6E, 0xB0, 0x38, + 0xFE, 0x5A, 0x6E, 0x85, 0xDF, 0xC6, 0x0A, 0x00, + 0x23, 0x3F, 0x10, 0x73, 0x19, 0x73, 0xDC, 0x47, + 0x5D, 0x53, 0xBC, 0x7B, 0x9E, 0x60, 0x32, 0x0B, + 0xA7, 0x90, 0x5D, 0x88, 0x51, 0x9F, 0xA3, 0x25, + 0xDF, 0x5A, 0xB0, 0x2B, 0x40, 0xF2, 0xAB, 0xBD, + 0xB3, 0x7D, 0x22, 0x61, 0xCB, 0x81, 0x48, 0x27, + 0x7B, 0x87, 0xAE, 0x32, 0x97, 0x97, 0x6C, 0x80, + 0xC3, 0x51, 0x34, 0xE5, 0xF7, 0x86, 0x90, 0x45, + 0x64, 0xC1, 0x46, 0x99, 0x47, 0xF6, 0x20, 0xFE, + 0x09, 0xFD, 0xF3, 0x86, 0x2C, 0x40, 0x57, 0xA3, + 0xBC, 0xEF, 0x70, 0x75, 0x0C, 0xB7, 0x27, 0xF0, + 0x31, 0x28, 0x3A, 0x18, 0x26, 0xF1, 0x38, 0x1B, + 0x33, 0x48, 0xE3, 0xEA, 0x46, 0x88, 0x60, 0x9E, + 0xCB, 0x19, 0x3A, 0xFA, 0xAE, 0xE1, 0xCD, 0x97, + 0xE4, 0xDD, 0xAA, 0x02, 0xC0, 0xC3, 0x0E, 0x49, + 0xF1, 0x37, 0xD0, 0x82, 0x85, 0x94, 0x15, 0x28, + 0x10, 0x17, 0x59, 0xA7, 0x42, 0x2A, 0xA4, 0x99, + 0xC9, 0x00, 0xA3, 0x79, 0xDD, 0x73, 0xB3, 0x07, + 0x28, 0x4C, 0xCD, 0xDA, 0xF1, 0xFA, 0x1B, 0x0C, + 0x4B, 0x28, 0x0E, 0x3F, 0x9F, 0x1D, 0xB6, 0xD3, + 0x8E, 0xCF, 0x8A, 0x84, 0x1F, 0x9D, 0x4E, 0x40, + 0xEC, 0xA8, 0x62, 0x47, 0xD6, 0xCD, 0x9B, 0x31, + 0xEA, 0xCD, 0x6A, 0x46, 0xF0, 0xE3, 0x33, 0xB9, + 0xE8, 0x3D, 0x69, 0x0D, 0x7E, 0x13, 0x46, 0x76, + 0x19, 0xB4, 0x6A, 0xF9, 0xAF, 0xCF, 0xDC, 0x4A, + 0xA9, 0xA0, 0x49, 0xB1, 0x80, 0x26, 0x0D, 0x70, + 0xD9, 0xEE, 0xDB, 0x8A, 0x53, 0x30, 0x51, 0xAB, + 0x83, 0x51, 0x7A, 0xAD, 0xC2, 0xCD, 0x90, 0x0B, + 0x3E, 0xA5, 0x12, 0x60, 0xF4, 0x64, 0xAF, 0xC5, + 0xD2, 0xDC, 0x41, 0x10, 0x29, 0x77, 0x9B, 0x21, + 0xCE, 0x2C, 0xBD, 0x16, 0x02, 0x18, 0xDF, 0x41, + 0xF6, 0x61, 0xDA, 0x1A, 0xD9, 0x5A, 0xD4, 0x0B, + 0x8C, 0x35, 0x3C, 0x7F, 0x10, 0xFC, 0x23, 0xF8, + 0x30, 0xD1, 0x17, 0xBC, 0xAE, 0xF8, 0xCE, 0xCE, + 0xBC, 0xBF, 0xA4, 0x9D, 0x79, 0xD8, 0xD9, 0x39, + 0x1E, 0x8D, 0x08, 0x28, 0x1F, 0x00, 0x0A, 0x55, + 0xE9, 0x2D, 0xB3, 0x31, 0xBD, 0xEC, 0xD7, 0x31, + 0x83, 0xE0, 0x58, 0xFF, 0x3F, 0xE5, 0x83, 0x9A, + 0xF5, 0x0D, 0x8C, 0x55, 0xF2, 0x2F, 0x6A, 0xFF, + 0x5A, 0x33, 0xDA, 0x77, 0x4B, 0xA1, 0xB3, 0xE6, + 0x43, 0xF5, 0x87, 0x7C, 0xF5, 0x49, 0xC4, 0xF9, + 0x08, 0xEA, 0x64, 0xA3, 0x7D, 0xF3, 0xBF, 0xA4, + 0xCD, 0x5F, 0x70, 0xF8, 0xCD, 0x15, 0x44, 0x76, + 0xD3, 0x4B, 0xC8, 0x53, 0xC9, 0xE8, 0xF7, 0x97, + 0x9E, 0x5F, 0x4E, 0xBB, 0x88, 0x8A, 0xF7, 0x61 + }; + static const byte msg_87[] = { + 0x4A, 0xC4, 0x67, 0x5C, 0x96, 0xD9, 0x11, 0x7D, + 0x1E, 0xDE, 0xB8, 0x0D, 0x7C, 0xD2, 0x84, 0xA3, + 0xE1, 0xE1, 0xFE, 0x03, 0x8E, 0x30, 0x12, 0x05, + 0xB4, 0xC4, 0x08, 0xEB, 0x96, 0x52, 0x35, 0xAD, + 0x1C, 0x85, 0xF8, 0xBE, 0x3F, 0x77, 0xCA, 0x48, + 0x6F, 0xD2, 0x07, 0xF7, 0xC7, 0x5F, 0x41, 0x21, + 0xCD, 0x3C, 0xA2, 0xB2, 0x3D, 0x6B, 0xCE, 0x43, + 0x82, 0xA6, 0xD3, 0x61, 0x21, 0x81, 0x50, 0x25, + 0xD5, 0x80, 0x6C, 0xBE, 0xF4, 0x52, 0xE0, 0x83, + 0x93, 0x3C, 0x6E, 0x5C, 0x73, 0x94, 0xAC, 0x88, + 0x26, 0x2A, 0x6D, 0xE7, 0x77, 0x0B, 0x2D, 0x88, + 0x43, 0xEC, 0x10, 0x1F, 0xFB, 0x5E, 0x84, 0xDE, + 0x2F, 0x7A, 0x8B, 0x74, 0xE7, 0x67, 0x4B, 0x3B, + 0x23, 0x19, 0xBD, 0x6B, 0xF4, 0x11, 0x2F, 0x92, + 0xC5, 0xCF, 0xC0, 0xA5, 0x5F, 0x7F, 0xA0, 0x61, + 0xF4, 0x53, 0x25, 0x40, 0x8D, 0x03, 0x9D, 0x51 + }; + static const byte sig_87[] = { + 0x4B, 0x3F, 0x52, 0xF0, 0x81, 0xB3, 0xD9, 0x14, + 0xBC, 0x7C, 0x6C, 0x07, 0x3B, 0x18, 0x2B, 0x26, + 0x8A, 0xDF, 0x51, 0x89, 0xE2, 0x98, 0xA8, 0x69, + 0xBF, 0xB9, 0x91, 0xB1, 0x99, 0x99, 0x3C, 0x10, + 0x42, 0xDE, 0xF5, 0xB5, 0x92, 0x70, 0xB6, 0xCD, + 0x3F, 0xF8, 0xF9, 0x07, 0xA1, 0xCB, 0x0D, 0x3B, + 0x6F, 0xED, 0xCA, 0x14, 0x38, 0x38, 0xF8, 0xF8, + 0x1E, 0x0C, 0x37, 0x0F, 0xFE, 0xEE, 0x6B, 0x25, + 0xCD, 0x07, 0x03, 0x56, 0x41, 0xA0, 0x51, 0x94, + 0x4E, 0xAB, 0x51, 0x6C, 0xFB, 0xB8, 0x01, 0x53, + 0x6B, 0x4F, 0x26, 0x2B, 0x16, 0x19, 0x8E, 0x7D, + 0xDB, 0x1D, 0x61, 0xC3, 0x5A, 0x64, 0xD9, 0x0D, + 0x39, 0x48, 0xCE, 0xAA, 0xC8, 0xEE, 0x58, 0x0D, + 0xCE, 0xF5, 0x40, 0xED, 0x99, 0xD9, 0x12, 0xBB, + 0xA2, 0xBC, 0x4F, 0x51, 0x45, 0xBB, 0x94, 0x9C, + 0x73, 0xCC, 0xBD, 0x58, 0x26, 0x13, 0xB1, 0x0E, + 0xAA, 0xE8, 0x63, 0xAC, 0xA3, 0x46, 0x83, 0xEB, + 0x92, 0x2B, 0x3D, 0xAD, 0xFC, 0x74, 0xF7, 0x6F, + 0x47, 0xE4, 0x97, 0x86, 0x02, 0x59, 0x24, 0x02, + 0xD9, 0x15, 0x43, 0x94, 0xEB, 0x09, 0xFB, 0xC2, + 0xEB, 0xCC, 0xC5, 0x94, 0x73, 0x2F, 0x2D, 0x8B, + 0xC3, 0x83, 0x50, 0xE5, 0x53, 0x5A, 0x44, 0x12, + 0xA7, 0x7A, 0xDD, 0x79, 0x16, 0x60, 0x45, 0x76, + 0xFD, 0x6A, 0x36, 0x31, 0xE5, 0x15, 0xBA, 0xF2, + 0x6A, 0x6F, 0x9C, 0xA4, 0x06, 0x1E, 0xBB, 0xDD, + 0x3B, 0xEC, 0x71, 0x79, 0xAD, 0x58, 0x55, 0x2A, + 0x5B, 0x50, 0x8F, 0x31, 0x34, 0x8A, 0x56, 0xAD, + 0x1A, 0xDA, 0x7A, 0x05, 0x35, 0x2C, 0x72, 0xC0, + 0x04, 0xB9, 0x4C, 0x47, 0xE7, 0x04, 0x9A, 0x10, + 0xB3, 0xA5, 0x9B, 0xF2, 0x38, 0xA8, 0xDF, 0xC6, + 0xC7, 0x01, 0x9A, 0x17, 0xF0, 0x5D, 0x5B, 0xFC, + 0xB9, 0xD9, 0x3D, 0x9D, 0x1C, 0xCB, 0xCB, 0x47, + 0xF8, 0xC4, 0x38, 0x09, 0x8F, 0xDB, 0xDF, 0xE2, + 0x3F, 0x9F, 0x78, 0xBC, 0x28, 0x06, 0x99, 0x08, + 0xC6, 0xB9, 0x89, 0x8B, 0x43, 0x4C, 0xBF, 0x37, + 0x78, 0x7E, 0x1A, 0xF6, 0xA6, 0xB8, 0x27, 0xE8, + 0x30, 0xE9, 0xF7, 0x62, 0x9C, 0xD8, 0xF5, 0x10, + 0x70, 0xC4, 0xC8, 0xA8, 0xDE, 0xB2, 0x60, 0xD0, + 0x7C, 0x3E, 0x41, 0xD8, 0x49, 0x04, 0x84, 0x87, + 0x74, 0x91, 0xB3, 0x9A, 0xA6, 0xD9, 0xE1, 0x0D, + 0x91, 0x74, 0x8B, 0x64, 0xE3, 0x31, 0x60, 0x62, + 0x9D, 0x8A, 0xE4, 0x3E, 0xFD, 0x5F, 0x85, 0x78, + 0x1E, 0x69, 0xF7, 0x6B, 0x68, 0x95, 0xC1, 0x41, + 0xEB, 0xCD, 0xDF, 0xEE, 0xB4, 0x85, 0xA0, 0x0B, + 0xDB, 0xA4, 0xF7, 0xC9, 0x91, 0xF5, 0x3F, 0x2F, + 0x84, 0x93, 0x39, 0x26, 0xAF, 0x39, 0xE6, 0x96, + 0x4A, 0xBF, 0x2D, 0xFE, 0xBB, 0xC1, 0x9A, 0x7E, + 0x31, 0xC5, 0x07, 0x97, 0xB8, 0xDA, 0x29, 0x31, + 0xE1, 0x0F, 0x3D, 0xAC, 0x49, 0x3F, 0x19, 0x8D, + 0xFD, 0x78, 0x5D, 0x21, 0xAD, 0xB2, 0xC0, 0x62, + 0xB0, 0x97, 0xE8, 0x89, 0xA2, 0x07, 0x37, 0xF1, + 0x86, 0x00, 0x8F, 0x29, 0x28, 0xF6, 0xB8, 0x4D, + 0x6E, 0x09, 0xE9, 0x75, 0xA8, 0xF2, 0xAA, 0xAD, + 0xC7, 0x85, 0x23, 0x42, 0x34, 0xFD, 0xA0, 0x37, + 0x03, 0xA7, 0xC2, 0x1F, 0x81, 0x2D, 0x65, 0x0B, + 0xD2, 0x51, 0x0B, 0x30, 0xF0, 0x55, 0x00, 0x81, + 0x04, 0x7A, 0x15, 0x5C, 0x84, 0x85, 0x86, 0xA9, + 0x6F, 0x10, 0x0D, 0x77, 0x4F, 0x3E, 0x39, 0xE0, + 0x29, 0xB0, 0x77, 0x7C, 0xD3, 0x3E, 0x68, 0x31, + 0x8A, 0x11, 0xC1, 0x98, 0x02, 0x93, 0xFA, 0xD3, + 0xE7, 0x87, 0xD2, 0x0D, 0xFE, 0x7E, 0xEE, 0x70, + 0x53, 0xC0, 0x5E, 0xEB, 0x6A, 0x15, 0x9B, 0xAA, + 0xD4, 0x02, 0x0B, 0x9E, 0xC3, 0xF5, 0x37, 0xDA, + 0x4D, 0xAD, 0xAF, 0xB3, 0xB1, 0xBB, 0x1D, 0xBE, + 0xB2, 0xD5, 0xB8, 0xF9, 0xD0, 0x5A, 0x01, 0x97, + 0x98, 0xEA, 0xE0, 0xED, 0x09, 0x9D, 0xB0, 0x66, + 0xD7, 0x3E, 0xE8, 0xE9, 0xA5, 0x6D, 0xE3, 0x68, + 0xE8, 0x78, 0xA7, 0xFF, 0x39, 0x14, 0x0D, 0x80, + 0x21, 0xD5, 0x00, 0x85, 0xE6, 0x25, 0x29, 0x41, + 0xAB, 0x31, 0x53, 0x09, 0xCB, 0x53, 0xAA, 0xA4, + 0x9E, 0x86, 0x34, 0x7F, 0xBA, 0xD5, 0x4A, 0x1F, + 0x87, 0x3E, 0x0C, 0xB4, 0xB8, 0x6A, 0x8D, 0x5B, + 0x1B, 0x2A, 0x95, 0xD4, 0x85, 0xF3, 0x7A, 0x9F, + 0xB6, 0x10, 0x5D, 0xF8, 0x44, 0x0F, 0xDB, 0x85, + 0x78, 0xF2, 0x62, 0x4C, 0x07, 0x93, 0x29, 0x56, + 0x9A, 0x75, 0xF3, 0x6F, 0x2C, 0x55, 0xD8, 0xD0, + 0x30, 0xFB, 0xFE, 0xAA, 0x88, 0x89, 0xAD, 0x74, + 0x6C, 0x32, 0x3B, 0x1A, 0xC4, 0xEC, 0x8C, 0x40, + 0x3E, 0x77, 0x5A, 0x6F, 0xBE, 0x59, 0x6E, 0x7E, + 0x6A, 0x5A, 0x28, 0x63, 0x57, 0x66, 0x25, 0x14, + 0x99, 0x40, 0x97, 0x6F, 0x7C, 0xC9, 0x36, 0x17, + 0xB4, 0x3F, 0xB1, 0x34, 0x89, 0x07, 0x4E, 0xCA, + 0xC5, 0xBE, 0xB1, 0xA4, 0xDF, 0xE5, 0x8B, 0x9A, + 0xD2, 0xE0, 0xC6, 0xA1, 0x5B, 0x76, 0xA7, 0xC2, + 0xD2, 0x08, 0x72, 0x5A, 0x31, 0x23, 0xCA, 0x4E, + 0x6F, 0x2C, 0x58, 0x47, 0xEE, 0x5F, 0xA8, 0x38, + 0x49, 0x19, 0xEF, 0x89, 0x01, 0x1D, 0x21, 0x9B, + 0x25, 0x7B, 0x3E, 0x4D, 0xC4, 0xF2, 0x09, 0x51, + 0x60, 0x84, 0x4C, 0xAE, 0xEA, 0xFC, 0xF8, 0x57, + 0x26, 0x0F, 0x1C, 0x63, 0xD3, 0xB0, 0x5A, 0x67, + 0xD3, 0xD0, 0xF2, 0xB0, 0xEC, 0x9D, 0xCC, 0x27, + 0x23, 0xF1, 0x37, 0x55, 0x75, 0x0B, 0xAE, 0x62, + 0xFC, 0xC3, 0x61, 0xCF, 0xB5, 0x84, 0xF7, 0x74, + 0xC0, 0x9A, 0xDF, 0x9A, 0x04, 0x31, 0xB2, 0x3E, + 0x48, 0x8C, 0x35, 0x9C, 0x0A, 0xEF, 0x5B, 0x1C, + 0x97, 0x87, 0xBD, 0x8F, 0x52, 0xB0, 0x83, 0xBC, + 0x9D, 0xBC, 0xC9, 0xB3, 0x03, 0x9F, 0x77, 0x7C, + 0x7E, 0x8E, 0xAB, 0xC8, 0x00, 0x78, 0x05, 0x0C, + 0xE6, 0xD4, 0x9C, 0x3B, 0xB7, 0x01, 0x68, 0xFA, + 0x21, 0x77, 0x29, 0x8F, 0xB0, 0xA8, 0xF7, 0x2C, + 0x1C, 0xD2, 0x8D, 0x66, 0x2A, 0x07, 0xDA, 0xE6, + 0xC7, 0xAC, 0xB7, 0xFB, 0x8E, 0x7F, 0xDD, 0x01, + 0xDF, 0xB2, 0x7C, 0x62, 0xEE, 0x68, 0x3F, 0x4E, + 0x5F, 0x88, 0xC7, 0xC1, 0xDD, 0xDD, 0x5E, 0xEC, + 0xC1, 0xC3, 0xAF, 0x85, 0x3F, 0x1F, 0xF6, 0xB1, + 0xD9, 0xDE, 0x67, 0x2F, 0x1B, 0xF6, 0x47, 0x3A, + 0xF0, 0x02, 0x1D, 0x8A, 0x3D, 0x4D, 0xD0, 0x4A, + 0x2F, 0xCA, 0x23, 0x25, 0xC7, 0x21, 0xCF, 0x1C, + 0x82, 0x16, 0x76, 0xD0, 0xA0, 0xD5, 0x74, 0x18, + 0x66, 0x25, 0xDE, 0x83, 0x1C, 0x84, 0x11, 0xF6, + 0x41, 0x79, 0xF9, 0x16, 0x7F, 0x78, 0xBC, 0xB2, + 0x2F, 0xB4, 0x1C, 0x2C, 0xDB, 0x63, 0xC4, 0xDB, + 0x5E, 0x13, 0x87, 0x66, 0xD3, 0x80, 0x35, 0x89, + 0x59, 0x8F, 0x11, 0x4F, 0x41, 0xBA, 0x42, 0xCD, + 0xB1, 0x34, 0x10, 0x20, 0x44, 0x9B, 0xA9, 0x96, + 0x56, 0x11, 0x39, 0x90, 0xB4, 0xE0, 0x22, 0xD8, + 0xDA, 0x20, 0xD7, 0x44, 0x49, 0x1C, 0x6E, 0xEA, + 0xB6, 0x7B, 0x91, 0x8E, 0x80, 0xFF, 0xF3, 0x43, + 0xCC, 0x5B, 0x4C, 0x8E, 0x58, 0xC3, 0x48, 0x4B, + 0x01, 0x25, 0xA6, 0x0C, 0x36, 0xAE, 0xF7, 0x63, + 0x89, 0x4D, 0x35, 0x14, 0x8B, 0x57, 0x8F, 0x41, + 0x7C, 0x3A, 0x98, 0xA1, 0x43, 0xED, 0xFE, 0x9F, + 0x8C, 0x95, 0xBC, 0xC3, 0x46, 0xC6, 0xF5, 0xEA, + 0xF9, 0x7A, 0xAD, 0x11, 0xDA, 0xE0, 0x1C, 0x47, + 0x7C, 0x22, 0x7A, 0x88, 0xD1, 0x0E, 0xCF, 0xDC, + 0xF4, 0x50, 0xB3, 0x7F, 0x88, 0x19, 0x68, 0x02, + 0x78, 0x49, 0xD9, 0xB4, 0x3E, 0x2B, 0xFF, 0x90, + 0xC6, 0xA3, 0x4A, 0xE4, 0x1B, 0x8B, 0xBD, 0x74, + 0x30, 0x83, 0xD3, 0xC5, 0x87, 0x86, 0xB0, 0x36, + 0x67, 0x1C, 0xD6, 0xEE, 0xD9, 0x4D, 0xAE, 0x51, + 0xF7, 0x61, 0x32, 0x47, 0xEF, 0x86, 0x07, 0xAC, + 0xF7, 0x4A, 0x3C, 0xCE, 0x93, 0x2F, 0x1C, 0x38, + 0x69, 0xBD, 0xB3, 0x5C, 0xA1, 0x7F, 0xC6, 0xBA, + 0x9F, 0x9C, 0x95, 0x6F, 0xF1, 0xD4, 0xD8, 0x80, + 0x94, 0x32, 0x5C, 0xAB, 0xCE, 0x41, 0x23, 0x3F, + 0xB1, 0xD8, 0x08, 0xEF, 0x41, 0x01, 0x03, 0x96, + 0xDE, 0xB0, 0xEC, 0xF5, 0x07, 0x34, 0xD8, 0x18, + 0xDD, 0xAB, 0x70, 0x01, 0x5A, 0x0A, 0xBD, 0xD1, + 0x92, 0x6D, 0xFA, 0x49, 0x1F, 0x71, 0x1A, 0xA8, + 0x5D, 0xA2, 0xA8, 0xEC, 0x60, 0xE3, 0x25, 0x5C, + 0xCF, 0x97, 0x5C, 0x23, 0xCC, 0x4E, 0x8D, 0xAF, + 0xDD, 0xED, 0x9F, 0xEC, 0x60, 0xA6, 0x46, 0x7C, + 0x45, 0xB0, 0x3C, 0xA4, 0x76, 0x49, 0x9A, 0xA3, + 0x31, 0xB0, 0xE3, 0x99, 0x95, 0x76, 0xCE, 0xC3, + 0x19, 0x1A, 0x9A, 0x62, 0xBC, 0x1B, 0xEA, 0xC1, + 0xEA, 0xF2, 0x0E, 0x18, 0xCF, 0xC3, 0x21, 0x61, + 0x27, 0xDE, 0x4A, 0xAE, 0x2E, 0x75, 0x20, 0x1F, + 0x9E, 0x42, 0x7E, 0x39, 0xBF, 0x92, 0x11, 0x50, + 0xEA, 0xB9, 0x49, 0x55, 0x9C, 0x02, 0x2D, 0x87, + 0x6F, 0xA2, 0x42, 0xC2, 0xA8, 0x45, 0xBC, 0xA7, + 0x23, 0x5F, 0x72, 0x1B, 0x00, 0x56, 0x78, 0x8A, + 0x44, 0xEC, 0xC3, 0xEB, 0x98, 0xF0, 0xF5, 0x02, + 0xB8, 0x9F, 0x8E, 0x74, 0x10, 0xEA, 0x56, 0x79, + 0xAE, 0x7C, 0x04, 0x34, 0xF1, 0x3A, 0xD8, 0x16, + 0x42, 0x1D, 0x2F, 0xEE, 0x30, 0xCB, 0xCB, 0x2D, + 0xAA, 0x6B, 0x85, 0x1C, 0xD1, 0xB6, 0xE9, 0x96, + 0xDA, 0x7A, 0x75, 0x7E, 0x4C, 0x4D, 0x85, 0x72, + 0xC8, 0xB6, 0x00, 0xDE, 0x85, 0xDD, 0xB6, 0x53, + 0x20, 0xD1, 0xCB, 0x71, 0xD9, 0x37, 0x83, 0x49, + 0xC0, 0xC4, 0x01, 0xAD, 0x4F, 0x9E, 0x91, 0x27, + 0x21, 0x39, 0x22, 0x8A, 0x8D, 0xA2, 0xF4, 0xFD, + 0x2F, 0x48, 0x89, 0x1A, 0x4D, 0xCB, 0x06, 0x6D, + 0x50, 0x1D, 0x44, 0x74, 0x83, 0xB6, 0x11, 0xBB, + 0x3C, 0x80, 0x55, 0x0A, 0x90, 0xEA, 0x0B, 0x73, + 0x2D, 0x63, 0x9D, 0x8B, 0x39, 0x26, 0xB6, 0xE7, + 0xC3, 0x54, 0x53, 0xED, 0x3C, 0xC1, 0x10, 0xBA, + 0xF5, 0x56, 0xCF, 0x46, 0xD8, 0xFC, 0x21, 0x77, + 0xE7, 0x6F, 0xB2, 0x66, 0x3B, 0x8B, 0xDD, 0x17, + 0x1E, 0x94, 0xC0, 0xAC, 0xAF, 0x25, 0xB9, 0x15, + 0x3B, 0x22, 0xBC, 0xA7, 0x49, 0x91, 0x67, 0x56, + 0xFB, 0x3E, 0xD3, 0x01, 0x8E, 0x09, 0x44, 0xB6, + 0xC3, 0xB9, 0xB6, 0xBF, 0xA1, 0x5B, 0x9B, 0xE8, + 0x03, 0xAC, 0x79, 0x33, 0x3C, 0xD2, 0xC3, 0xA2, + 0x7A, 0x26, 0xBC, 0x17, 0xCD, 0xA2, 0x57, 0x79, + 0x8A, 0xE1, 0x6B, 0x28, 0xB4, 0x63, 0xB6, 0xDF, + 0x3F, 0xA8, 0x7C, 0x2D, 0x74, 0x2D, 0x0F, 0x68, + 0x85, 0xBE, 0xE0, 0xBE, 0xC6, 0xE2, 0x0D, 0x01, + 0xE5, 0xDA, 0xDC, 0x86, 0x82, 0x3E, 0x92, 0xD6, + 0x0F, 0xEC, 0x79, 0xB0, 0xD2, 0x40, 0x24, 0x87, + 0x53, 0xE4, 0x20, 0x48, 0x38, 0x4C, 0x80, 0x42, + 0x89, 0x60, 0x48, 0x21, 0xA5, 0x7F, 0x4F, 0x9F, + 0x50, 0xAE, 0x0C, 0x38, 0x52, 0x7F, 0xE5, 0xA3, + 0x49, 0x38, 0xDD, 0xBC, 0xDC, 0xD9, 0xA1, 0xD0, + 0x20, 0x83, 0x9B, 0xEB, 0xB6, 0x2F, 0x9F, 0x41, + 0xFB, 0xA0, 0x80, 0x52, 0xAB, 0xB8, 0x2F, 0xAD, + 0xA8, 0x84, 0xCB, 0xE5, 0x63, 0x79, 0x11, 0x03, + 0xAA, 0x58, 0x55, 0x46, 0xEB, 0xFE, 0xB1, 0x12, + 0x72, 0xCC, 0x2E, 0x87, 0xA3, 0xB7, 0x5B, 0x3C, + 0x6B, 0xB1, 0x85, 0x3A, 0xE7, 0xF9, 0xCF, 0x55, + 0x85, 0xB2, 0x65, 0x3C, 0xF5, 0xEE, 0xA2, 0x44, + 0xD2, 0x04, 0xEB, 0x26, 0x9C, 0x56, 0xA2, 0x09, + 0x85, 0x16, 0x06, 0x59, 0xCB, 0x07, 0x25, 0xEE, + 0x13, 0xCE, 0x35, 0xD5, 0x5E, 0xB0, 0x95, 0xA5, + 0x34, 0x14, 0xF2, 0x32, 0xDF, 0x81, 0x08, 0xB1, + 0x80, 0x24, 0xEB, 0x0D, 0xBF, 0x34, 0x5E, 0xB5, + 0xCD, 0xAD, 0x0B, 0xCE, 0x72, 0x63, 0x50, 0x9A, + 0x34, 0x1D, 0x54, 0xA7, 0xD5, 0x34, 0xE5, 0x53, + 0xEA, 0xEF, 0xFE, 0x4E, 0x24, 0x2E, 0xA2, 0x3B, + 0xCF, 0xE5, 0x9A, 0x58, 0xA6, 0x04, 0x25, 0x88, + 0x2C, 0xB7, 0xE3, 0xB0, 0xC9, 0xE4, 0xAF, 0xE8, + 0x69, 0x8E, 0x3D, 0xF5, 0x6A, 0xFD, 0x6D, 0x61, + 0x1E, 0x91, 0x68, 0x74, 0x7D, 0x87, 0x35, 0xCF, + 0x92, 0x46, 0xD9, 0x4F, 0x21, 0x26, 0xBE, 0x72, + 0x7F, 0xB4, 0x2B, 0x22, 0x41, 0xA8, 0x3B, 0x34, + 0xF0, 0xB9, 0xEB, 0x47, 0x93, 0x8D, 0x72, 0x65, + 0x02, 0xC5, 0x4E, 0x45, 0x72, 0x76, 0x63, 0x31, + 0x62, 0x8F, 0xA5, 0xCD, 0xA8, 0x93, 0xC3, 0x53, + 0x76, 0xAB, 0x45, 0x38, 0xFF, 0x87, 0x17, 0xC2, + 0x79, 0x5B, 0x0F, 0x51, 0xF0, 0x8E, 0x11, 0x37, + 0x61, 0x2B, 0x89, 0xB0, 0xC1, 0xE2, 0xCD, 0x1F, + 0x09, 0x9E, 0x88, 0x55, 0x69, 0x23, 0xAE, 0x57, + 0xA1, 0xDA, 0xD2, 0xAF, 0xB1, 0x23, 0x0B, 0x50, + 0x94, 0xA1, 0xB2, 0x1B, 0xAD, 0x7D, 0xBB, 0xC3, + 0x33, 0xA9, 0x7F, 0x17, 0x93, 0x04, 0x71, 0x8F, + 0x32, 0x89, 0xB6, 0xDE, 0x31, 0x31, 0x5B, 0x74, + 0xC1, 0xA7, 0x3A, 0xC7, 0x75, 0x6F, 0xAA, 0x4D, + 0x7E, 0xB5, 0x68, 0xBB, 0xC6, 0xF7, 0xE7, 0x88, + 0xCD, 0x08, 0x9B, 0x39, 0x55, 0x64, 0xD2, 0x17, + 0x6B, 0x00, 0x56, 0xDF, 0xFE, 0x95, 0x2C, 0x77, + 0x48, 0xB0, 0x48, 0x30, 0x67, 0x20, 0xF6, 0x02, + 0xB6, 0x7E, 0x8F, 0x6A, 0xDC, 0xC9, 0x1F, 0x8E, + 0x3A, 0xA4, 0xB8, 0xC4, 0xD7, 0xFA, 0xC2, 0x33, + 0xAA, 0xF9, 0x36, 0x53, 0xAD, 0x22, 0x09, 0xE2, + 0xFF, 0x92, 0xDA, 0x30, 0xC2, 0xD5, 0x3F, 0xDE, + 0xF6, 0xF4, 0xC9, 0x0E, 0xAA, 0x0D, 0xE6, 0x0D, + 0x59, 0x4A, 0xDA, 0x39, 0x15, 0xDB, 0x24, 0x27, + 0x9D, 0x86, 0x74, 0x76, 0xEA, 0xD7, 0x57, 0xB4, + 0xC0, 0x26, 0x4A, 0x1D, 0xB8, 0xA1, 0xF5, 0x7A, + 0x1B, 0x5D, 0x71, 0x73, 0xBB, 0x1A, 0x96, 0x0C, + 0xE0, 0x2F, 0xDE, 0xFE, 0xF1, 0x60, 0xD5, 0x12, + 0x66, 0x7D, 0x65, 0x52, 0x68, 0xFC, 0xC3, 0xA1, + 0x53, 0xA4, 0x31, 0x47, 0x82, 0xA0, 0xEB, 0xFF, + 0x84, 0xF6, 0x5F, 0x14, 0xA0, 0xE3, 0xE1, 0x2A, + 0x13, 0x25, 0x0C, 0x07, 0xD0, 0x8C, 0x22, 0x5B, + 0x11, 0xA6, 0x83, 0x1B, 0xC2, 0x5C, 0x40, 0x46, + 0x7B, 0x76, 0x80, 0x04, 0xDD, 0xE0, 0xE8, 0x74, + 0xA5, 0x11, 0x44, 0xC1, 0x89, 0x20, 0xBD, 0xF2, + 0x86, 0x09, 0x0B, 0x59, 0xF5, 0x15, 0x64, 0xEA, + 0x40, 0x70, 0xFB, 0xBF, 0x61, 0xE3, 0x69, 0x64, + 0x35, 0xF2, 0x8F, 0x63, 0x33, 0x2B, 0x64, 0x49, + 0x6D, 0xF3, 0xEC, 0x8B, 0x65, 0xD5, 0x4E, 0x1C, + 0xF4, 0x78, 0x9D, 0xDA, 0xB1, 0x22, 0xDA, 0x6B, + 0x26, 0x4D, 0x31, 0x2A, 0x71, 0x1C, 0x12, 0x9E, + 0x3B, 0x07, 0xF4, 0xC6, 0xDA, 0x25, 0xA5, 0x61, + 0x73, 0xAF, 0x58, 0xB9, 0x0A, 0x71, 0xB7, 0xAC, + 0xFA, 0x31, 0x61, 0xA8, 0x1F, 0x59, 0xD1, 0x79, + 0x14, 0xC9, 0x9B, 0xBA, 0xC4, 0xF9, 0xA3, 0x14, + 0x97, 0x7A, 0x89, 0xCE, 0xF7, 0x69, 0x69, 0x43, + 0x60, 0x9B, 0xB4, 0x82, 0x79, 0x64, 0xFB, 0x29, + 0x76, 0x40, 0x3B, 0xD4, 0x99, 0x6F, 0x1E, 0x84, + 0x2B, 0xF5, 0xAA, 0xAE, 0x1E, 0xCC, 0xA1, 0x12, + 0x55, 0xB9, 0xE6, 0x00, 0x1C, 0x20, 0xF7, 0x2F, + 0x1F, 0xD5, 0xE3, 0x2C, 0xDA, 0x32, 0xD8, 0xA7, + 0xAC, 0x5F, 0x62, 0xB0, 0x9A, 0x0E, 0x61, 0x58, + 0x47, 0xCA, 0x74, 0x6F, 0x48, 0x95, 0x15, 0xCF, + 0x8F, 0x18, 0x31, 0x62, 0x85, 0x9F, 0x53, 0xB9, + 0x7E, 0x9E, 0x5C, 0xA8, 0x00, 0xEE, 0x62, 0x4F, + 0x72, 0x98, 0x43, 0xA0, 0x00, 0x91, 0x64, 0xA4, + 0xA9, 0xFF, 0x76, 0xEB, 0x34, 0xE4, 0x70, 0x41, + 0x84, 0x84, 0x8A, 0x13, 0x9A, 0xD9, 0x7D, 0x90, + 0x9F, 0x7A, 0x7E, 0xD1, 0x14, 0xF0, 0x87, 0xA4, + 0xB2, 0xE1, 0xB4, 0xA3, 0x03, 0x23, 0x91, 0x16, + 0x0B, 0x6F, 0x3A, 0x36, 0x49, 0xFF, 0x15, 0xAE, + 0xA2, 0xB7, 0x10, 0x7A, 0xF8, 0xA3, 0xB5, 0xFC, + 0xAD, 0x61, 0xD4, 0x3D, 0x60, 0x2E, 0x62, 0x86, + 0xA9, 0x00, 0x87, 0x0C, 0xC8, 0xCE, 0x24, 0xE3, + 0x9E, 0x78, 0xF0, 0x39, 0x7A, 0x0D, 0x7E, 0x27, + 0xE8, 0xE2, 0xD4, 0x77, 0x6A, 0x44, 0xCB, 0xA2, + 0x18, 0xEB, 0xCD, 0x88, 0xB3, 0xC2, 0x8C, 0x18, + 0x2A, 0x7C, 0x9F, 0x4D, 0xBB, 0x2D, 0xBB, 0x5E, + 0x98, 0x15, 0x63, 0xD6, 0x6C, 0xEE, 0xB7, 0x7E, + 0x7F, 0x90, 0x34, 0xBD, 0x42, 0x9D, 0x27, 0x63, + 0x7C, 0xF7, 0x97, 0xDE, 0x82, 0xE0, 0x1F, 0xEB, + 0xBC, 0xE2, 0x17, 0x1E, 0xFD, 0x01, 0x6E, 0x40, + 0x2A, 0x42, 0xD7, 0x8E, 0xA1, 0xAC, 0xE2, 0xCB, + 0x37, 0x0E, 0x75, 0xC9, 0x0A, 0xDF, 0xA1, 0xA7, + 0x93, 0xB2, 0x16, 0x9C, 0xC2, 0x65, 0x22, 0xDB, + 0x2F, 0x54, 0x6A, 0xC1, 0xDE, 0x34, 0xC9, 0x08, + 0x71, 0x20, 0xC4, 0x2A, 0x9F, 0x10, 0xC0, 0x0D, + 0x49, 0x3C, 0x25, 0x73, 0x01, 0x66, 0xF9, 0xD2, + 0x19, 0xFB, 0xDA, 0xD2, 0x22, 0xC8, 0xB2, 0x81, + 0x15, 0x54, 0x33, 0x13, 0x21, 0x08, 0x48, 0xFB, + 0x2F, 0x04, 0xBF, 0xDC, 0xE1, 0x5D, 0x32, 0x0C, + 0x36, 0x34, 0xA8, 0xE4, 0xD6, 0x37, 0x55, 0x51, + 0x59, 0x00, 0xC7, 0x5B, 0xFD, 0x09, 0x0A, 0xD7, + 0x8D, 0xD5, 0x88, 0x65, 0x9F, 0xBF, 0x97, 0xC9, + 0x6E, 0x0D, 0x0A, 0xCC, 0x8E, 0x81, 0x5E, 0x60, + 0x8F, 0x9E, 0x86, 0x1D, 0x79, 0xAF, 0x30, 0x51, + 0xB9, 0x42, 0xB5, 0x25, 0x70, 0xB6, 0x29, 0x2B, + 0xF4, 0x8C, 0x2B, 0xFA, 0xA9, 0x07, 0x7D, 0xC7, + 0x6F, 0xE9, 0x02, 0x68, 0x32, 0x17, 0xB8, 0xBF, + 0x80, 0x9E, 0xD7, 0xA0, 0x05, 0x0A, 0xDD, 0xBB, + 0x65, 0xFD, 0xDF, 0xBD, 0x24, 0x01, 0x9C, 0x91, + 0x81, 0xB5, 0xAC, 0x81, 0x56, 0x61, 0x13, 0xD6, + 0x69, 0x4E, 0xA6, 0x29, 0x1D, 0x7F, 0x4A, 0x7F, + 0x56, 0xA4, 0x1E, 0xB9, 0x1F, 0x76, 0x36, 0x8D, + 0xF8, 0x2B, 0x16, 0x4B, 0x48, 0x59, 0x25, 0x9D, + 0x71, 0x89, 0x24, 0x0F, 0x1D, 0x88, 0x03, 0xF8, + 0x10, 0x72, 0x96, 0xD3, 0x78, 0xBA, 0xB4, 0xD2, + 0x4F, 0xE6, 0xD1, 0x0E, 0xF7, 0x88, 0x36, 0x7B, + 0xCE, 0x16, 0xC5, 0xAB, 0x77, 0xFB, 0xC1, 0x68, + 0xB8, 0x57, 0xF7, 0xBA, 0x5C, 0xDC, 0xBE, 0x50, + 0x67, 0xC8, 0x64, 0xF8, 0x79, 0x80, 0x9F, 0xE5, + 0x21, 0x7D, 0xEF, 0x02, 0x94, 0xBF, 0xAF, 0xDF, + 0x80, 0x9A, 0xBC, 0xE9, 0x53, 0x2D, 0xD9, 0xDA, + 0xB3, 0x44, 0x8F, 0x4D, 0xA6, 0x8E, 0xCA, 0x51, + 0x60, 0x94, 0x76, 0x27, 0x8E, 0xB8, 0xC4, 0xF6, + 0x9E, 0xA2, 0x96, 0x73, 0xF6, 0x94, 0x18, 0x04, + 0x1D, 0x26, 0x85, 0x7E, 0xBC, 0x24, 0xA4, 0x87, + 0xBB, 0x4B, 0x0B, 0xA6, 0x3A, 0xF8, 0x48, 0x54, + 0x5E, 0xE9, 0xBE, 0x89, 0xF1, 0x39, 0xD5, 0x02, + 0x09, 0x9B, 0x9D, 0x35, 0xDB, 0x38, 0x07, 0xB9, + 0x25, 0xCB, 0xA5, 0x76, 0xE2, 0x71, 0x70, 0xEA, + 0xEC, 0x48, 0xCC, 0x2C, 0xC1, 0x5B, 0x04, 0x36, + 0x77, 0x82, 0x5D, 0x0E, 0xE8, 0x1E, 0xB2, 0xCE, + 0xE3, 0xA8, 0xED, 0x14, 0xA7, 0x98, 0xB8, 0x79, + 0x53, 0x02, 0x20, 0xE5, 0x0C, 0xE8, 0xC0, 0x03, + 0xA3, 0x05, 0x38, 0x2A, 0x24, 0xD2, 0x3C, 0x27, + 0x7B, 0x99, 0xD1, 0xF4, 0xC5, 0x4F, 0x9A, 0x8D, + 0x33, 0xFA, 0x3D, 0x1E, 0x33, 0x7E, 0x18, 0xD7, + 0xCB, 0xBA, 0x5E, 0x5A, 0x47, 0xF2, 0xD5, 0xE0, + 0x96, 0xCF, 0x45, 0x51, 0xB2, 0x3B, 0x1B, 0x86, + 0x43, 0x6E, 0x81, 0xB4, 0xA0, 0x9D, 0x1E, 0x3D, + 0x38, 0x49, 0x2E, 0xC8, 0xB2, 0xA0, 0x09, 0x67, + 0x01, 0x6A, 0xB7, 0x6B, 0x9A, 0x9B, 0x18, 0x64, + 0x67, 0x14, 0x21, 0xDA, 0x56, 0xF5, 0x7D, 0x00, + 0x8D, 0x5C, 0xE1, 0xB8, 0x92, 0xA7, 0xE9, 0xC1, + 0xF6, 0x9F, 0x6C, 0x72, 0x2C, 0xF1, 0x09, 0xDB, + 0x50, 0x0E, 0x53, 0xF6, 0xBC, 0x07, 0x83, 0x7A, + 0xD1, 0xCD, 0x4C, 0xF4, 0xA6, 0x4D, 0xA7, 0x63, + 0xB4, 0xA9, 0xC4, 0x92, 0x9B, 0x0D, 0xCD, 0xDF, + 0x7C, 0x7E, 0x11, 0x86, 0xBE, 0x3F, 0xF0, 0xC3, + 0x21, 0x15, 0x84, 0x37, 0x82, 0x0C, 0x81, 0xE7, + 0x4F, 0xF3, 0x16, 0xAE, 0x32, 0x54, 0xE9, 0x72, + 0xFC, 0x19, 0x7A, 0x7F, 0x0E, 0x62, 0x02, 0x42, + 0xAC, 0x05, 0xA4, 0xE4, 0x3E, 0x98, 0x7C, 0x2A, + 0x83, 0x55, 0xB0, 0x35, 0x77, 0x45, 0xCA, 0x79, + 0xE6, 0xAE, 0x48, 0xAB, 0x29, 0xED, 0x4F, 0xA6, + 0x3D, 0x3A, 0x1F, 0x19, 0xB9, 0x99, 0xDE, 0x25, + 0x1F, 0xDE, 0x06, 0x40, 0xDD, 0x87, 0x87, 0x6D, + 0x55, 0x76, 0x28, 0x78, 0xAD, 0x1D, 0xB1, 0x2D, + 0x65, 0xBA, 0xFD, 0x14, 0xB6, 0xA9, 0xA7, 0x08, + 0x1B, 0xF2, 0x3F, 0x9F, 0x06, 0xD9, 0x0C, 0xE2, + 0x73, 0xC5, 0xA2, 0x6E, 0x01, 0x2C, 0xA9, 0x4D, + 0xD4, 0x81, 0xD3, 0x2E, 0x10, 0x93, 0x8C, 0x16, + 0x51, 0x63, 0xE8, 0x9B, 0xE8, 0xA9, 0x3A, 0x63, + 0x03, 0x4D, 0x34, 0x5B, 0x74, 0xE2, 0xA9, 0x4E, + 0xF6, 0x43, 0xD0, 0x6A, 0xF9, 0xE1, 0xF5, 0xC9, + 0xF1, 0x04, 0x93, 0x0D, 0xA0, 0x0E, 0x61, 0xE0, + 0x61, 0xEE, 0x8C, 0x3B, 0xB1, 0x7C, 0x11, 0xE0, + 0x5D, 0x45, 0xC1, 0x68, 0x2E, 0x4D, 0x59, 0x3C, + 0x91, 0x98, 0x23, 0x8D, 0x2B, 0xA2, 0x89, 0x77, + 0x9E, 0x7D, 0x0F, 0x22, 0x7B, 0xCB, 0x0B, 0x09, + 0x97, 0x2B, 0x19, 0x77, 0x0F, 0xF0, 0x11, 0xBF, + 0x6C, 0x60, 0xD9, 0xD1, 0x93, 0xCF, 0xAB, 0x32, + 0x74, 0x7A, 0x00, 0x95, 0xE1, 0xA4, 0xAD, 0x32, + 0x51, 0x4C, 0x78, 0x2E, 0xF3, 0xDE, 0x7A, 0x26, + 0xEA, 0x77, 0x1F, 0x55, 0x30, 0xD9, 0xDE, 0x97, + 0x36, 0xD0, 0xF6, 0xAE, 0x1A, 0xFB, 0x78, 0xEC, + 0x7C, 0xE4, 0x88, 0x4A, 0x1B, 0xB4, 0x36, 0xCF, + 0xCE, 0x45, 0x9C, 0xD9, 0x93, 0x58, 0x26, 0x09, + 0x06, 0xAA, 0xC9, 0x97, 0x16, 0xA5, 0x36, 0xCC, + 0x76, 0x87, 0xA0, 0x37, 0x5F, 0xDA, 0x11, 0x00, + 0x76, 0x18, 0xE5, 0x53, 0x53, 0x4E, 0x54, 0xD5, + 0xB2, 0x14, 0xF7, 0xAA, 0x6F, 0xC7, 0xDB, 0xE3, + 0x7C, 0x2B, 0xD2, 0xB6, 0x48, 0x50, 0xAE, 0x46, + 0x9A, 0x98, 0x58, 0x98, 0x7F, 0x3F, 0xA4, 0xB1, + 0xFD, 0x26, 0xD9, 0x54, 0xBF, 0xEC, 0x36, 0x5D, + 0xBE, 0x06, 0xDD, 0xCD, 0x61, 0x5E, 0x1F, 0xED, + 0x58, 0xA8, 0x86, 0x76, 0x40, 0x2D, 0x1D, 0x6B, + 0x58, 0x14, 0x85, 0x49, 0x8B, 0x5A, 0xDF, 0xFF, + 0xC4, 0x2D, 0x47, 0xD6, 0x1D, 0xF9, 0x93, 0x84, + 0xE2, 0x2C, 0x51, 0x57, 0xF0, 0x17, 0x8A, 0x6F, + 0xDA, 0xF8, 0xF4, 0xA9, 0x49, 0x1D, 0xAF, 0x29, + 0x8B, 0x2C, 0x3E, 0xC8, 0x80, 0x85, 0x02, 0x2C, + 0x0A, 0x7C, 0xF2, 0x45, 0xED, 0x0F, 0xB5, 0xA3, + 0x8C, 0xD1, 0x6F, 0x30, 0xD3, 0x7D, 0xA5, 0xC4, + 0x95, 0x9A, 0x55, 0x50, 0x1D, 0xAD, 0x50, 0xF1, + 0xB4, 0x8B, 0xBB, 0xDD, 0x86, 0xAB, 0x8B, 0xB5, + 0x22, 0xA9, 0x36, 0xDD, 0xF0, 0x00, 0x3B, 0x81, + 0xBE, 0x16, 0x23, 0x1A, 0x04, 0xE7, 0xA5, 0x89, + 0xC5, 0x6F, 0xFF, 0xB5, 0x1B, 0x07, 0x92, 0x7B, + 0x4A, 0xFA, 0x1D, 0xB7, 0xD4, 0x8B, 0xC6, 0xFB, + 0xC3, 0xF3, 0x67, 0x56, 0x37, 0x18, 0x4B, 0x7A, + 0xDB, 0x9B, 0xAD, 0xF4, 0xDE, 0x7C, 0x08, 0x5B, + 0xCA, 0x1D, 0x42, 0x8D, 0xC9, 0xFC, 0x82, 0x77, + 0xCB, 0xD8, 0x58, 0x84, 0xA5, 0x92, 0x1B, 0x52, + 0xBB, 0x05, 0xB7, 0x10, 0x61, 0x55, 0x08, 0x26, + 0x1B, 0xB4, 0x54, 0x6B, 0xD6, 0xE1, 0xFC, 0x73, + 0x0D, 0x16, 0xB0, 0x49, 0xEA, 0x12, 0x79, 0x8C, + 0xE2, 0xE6, 0xDF, 0x43, 0xF5, 0xB8, 0xF3, 0xEF, + 0x9A, 0xC8, 0xFB, 0xAE, 0x31, 0xB0, 0x11, 0xE1, + 0x0C, 0x4F, 0xC6, 0x2F, 0xFD, 0x7F, 0x39, 0xD1, + 0x6E, 0xC3, 0x2C, 0xA8, 0x21, 0x0E, 0xD1, 0x6E, + 0x04, 0x1D, 0xA4, 0x3D, 0x92, 0x74, 0x22, 0x95, + 0x14, 0x05, 0x4A, 0x0F, 0x82, 0xD4, 0x62, 0xFE, + 0x08, 0x0C, 0x6F, 0xFD, 0x7B, 0xBD, 0xBF, 0xBF, + 0x0B, 0xFF, 0xC6, 0xD5, 0xEC, 0xC4, 0x32, 0xA3, + 0x25, 0x6C, 0x0B, 0xE0, 0xDD, 0xFD, 0x5D, 0x90, + 0x80, 0xC6, 0x76, 0xC7, 0x95, 0x5D, 0x66, 0xE4, + 0x4D, 0x1C, 0xE5, 0x1F, 0xCC, 0x23, 0x82, 0xF8, + 0x68, 0xD7, 0x32, 0xE8, 0x58, 0x51, 0x72, 0x1B, + 0x48, 0xA0, 0x1D, 0x08, 0xC6, 0x39, 0x62, 0x6E, + 0xE0, 0x50, 0x9C, 0xB5, 0x81, 0xEF, 0xF5, 0x62, + 0x8F, 0xA6, 0xCC, 0xD1, 0x08, 0x9A, 0xC0, 0xE1, + 0x2D, 0xEB, 0xE0, 0x85, 0x17, 0x82, 0xE6, 0x4C, + 0x50, 0x49, 0xCB, 0xD6, 0x50, 0x10, 0x13, 0x96, + 0x5C, 0xC0, 0xCA, 0x25, 0xAC, 0xAB, 0x17, 0x6E, + 0xF7, 0xCA, 0xB9, 0x29, 0x40, 0x98, 0x5D, 0xDB, + 0x49, 0x02, 0x1D, 0xF6, 0xC6, 0x0D, 0x6C, 0x4A, + 0x48, 0x91, 0x16, 0x31, 0x1E, 0x86, 0xBA, 0x19, + 0xED, 0xF0, 0x0D, 0x74, 0x79, 0x73, 0x58, 0x20, + 0x7C, 0xDE, 0x50, 0x50, 0x6D, 0x00, 0x7F, 0xE0, + 0x3C, 0x88, 0x04, 0xC6, 0x64, 0x51, 0xF0, 0x2A, + 0x01, 0x82, 0xD3, 0x87, 0xB7, 0x59, 0x89, 0x40, + 0x96, 0xF6, 0x52, 0x32, 0x95, 0x2D, 0x18, 0x3D, + 0xBA, 0xAA, 0xBB, 0x6B, 0xC0, 0xE1, 0x91, 0xDC, + 0x2C, 0x3F, 0x75, 0xFC, 0x72, 0xBD, 0x61, 0xBA, + 0xB2, 0xEF, 0x19, 0xB6, 0x53, 0x2B, 0x23, 0x1C, + 0x4A, 0xFB, 0x1A, 0x9C, 0x2C, 0xB2, 0xF3, 0xD6, + 0xC4, 0x51, 0xE8, 0x44, 0x0D, 0x6A, 0x92, 0x3C, + 0xF7, 0x2A, 0x63, 0xE2, 0xED, 0x85, 0x54, 0x77, + 0x38, 0x87, 0x91, 0x0C, 0xA5, 0xC6, 0x71, 0xAD, + 0x4F, 0xD5, 0x92, 0x3C, 0xB9, 0x5E, 0xC7, 0x3F, + 0xFD, 0xFB, 0xDA, 0x4B, 0x66, 0x55, 0xF5, 0x5D, + 0xBF, 0xD1, 0x31, 0x7D, 0x02, 0x44, 0x22, 0x30, + 0x1E, 0xD6, 0x6A, 0x6E, 0x4C, 0x67, 0x20, 0x85, + 0xCE, 0xD1, 0xF4, 0xC7, 0xB0, 0x50, 0x30, 0xA1, + 0x00, 0xC4, 0x78, 0x8F, 0xEF, 0x4C, 0xD3, 0xE4, + 0x94, 0xA8, 0x53, 0xBD, 0xE6, 0x3E, 0x9D, 0x44, + 0x9A, 0xE3, 0xBB, 0x6B, 0xA1, 0x08, 0x32, 0x38, + 0xDA, 0x3F, 0x40, 0x90, 0x51, 0x5D, 0x14, 0x3C, + 0x67, 0xDB, 0xE5, 0x3D, 0x8D, 0x50, 0x7A, 0x52, + 0x29, 0xFF, 0xEB, 0x20, 0x72, 0xD0, 0xBD, 0x09, + 0x2F, 0xC9, 0xAE, 0x52, 0xDE, 0xAA, 0xAC, 0xD1, + 0xF0, 0xF1, 0x4B, 0x5A, 0xC8, 0x47, 0x52, 0xBF, + 0xD0, 0x02, 0x5E, 0x5F, 0x55, 0xB8, 0x69, 0x35, + 0x0F, 0x4B, 0x27, 0x19, 0xC5, 0xC0, 0x5A, 0xC1, + 0x66, 0x9B, 0xB0, 0xFD, 0x3C, 0x61, 0x4A, 0xCE, + 0x02, 0xA2, 0x70, 0x61, 0x3F, 0xD3, 0x30, 0x97, + 0x06, 0xDD, 0xCD, 0x5B, 0x1A, 0x6A, 0xD2, 0x6F, + 0x35, 0x9A, 0xDA, 0x80, 0xB3, 0x0E, 0x50, 0xA7, + 0xE5, 0x0B, 0xBD, 0x3A, 0xA4, 0x5D, 0x06, 0x54, + 0xDD, 0x7D, 0x05, 0x8B, 0x0B, 0xBF, 0x4D, 0x0D, + 0x92, 0x13, 0x51, 0x42, 0x21, 0x4E, 0xE7, 0x05, + 0x11, 0xF3, 0x67, 0x6A, 0xE6, 0x43, 0xB5, 0xF2, + 0x45, 0x06, 0x3B, 0x94, 0x19, 0xCF, 0x6B, 0x49, + 0xFD, 0x64, 0x7F, 0x27, 0xD7, 0xC4, 0x1C, 0x86, + 0x6E, 0x6C, 0xAD, 0x9D, 0x5E, 0x2E, 0x3E, 0x33, + 0x1B, 0xF6, 0xB9, 0xF7, 0x2A, 0xCA, 0x32, 0x9B, + 0xB6, 0x42, 0x59, 0xC3, 0xE7, 0x97, 0x83, 0xA2, + 0x66, 0x74, 0xB7, 0xD3, 0x8E, 0xBD, 0xE8, 0x31, + 0x84, 0x11, 0xF4, 0x76, 0x4E, 0xBD, 0xC4, 0xC7, + 0xE4, 0x1A, 0xCF, 0xF8, 0x5B, 0xBB, 0x30, 0x31, + 0x8D, 0x59, 0xC4, 0x2C, 0x92, 0x03, 0xAB, 0xD6, + 0x63, 0x6B, 0xA3, 0xF7, 0x72, 0xB6, 0x72, 0x51, + 0x21, 0xC0, 0x52, 0xDE, 0x99, 0x91, 0x0D, 0x55, + 0x15, 0x8C, 0x6F, 0x3E, 0xF8, 0xBB, 0x7F, 0xED, + 0xE2, 0xF8, 0x1E, 0x58, 0xA7, 0xAE, 0xB2, 0x5E, + 0x2E, 0x46, 0xFD, 0x72, 0x32, 0x30, 0x2F, 0xAF, + 0xA8, 0xFC, 0x37, 0xFC, 0x8B, 0x55, 0xD5, 0x94, + 0xB7, 0x6E, 0xC4, 0xA5, 0x3E, 0xB1, 0x1E, 0xB3, + 0xFD, 0x63, 0x44, 0x28, 0xAA, 0xA5, 0xD8, 0x6F, + 0x83, 0x9D, 0x08, 0x9A, 0xBE, 0x2F, 0xEF, 0xE2, + 0xAE, 0x52, 0x62, 0xFE, 0xFC, 0x73, 0x48, 0xD8, + 0x36, 0x69, 0x2E, 0xDB, 0x21, 0x5D, 0x6F, 0x8F, + 0x54, 0x8B, 0x88, 0x52, 0x90, 0xC2, 0x40, 0x3C, + 0x51, 0xC3, 0xE2, 0x69, 0xD4, 0x93, 0xFB, 0xD3, + 0x39, 0xB5, 0xDF, 0xB0, 0xA3, 0x8E, 0xED, 0xA7, + 0x75, 0x4D, 0xAF, 0xFA, 0x16, 0xE5, 0xBC, 0xA5, + 0xA9, 0xBB, 0xDE, 0x04, 0xB0, 0x14, 0xB7, 0xAE, + 0xA8, 0x98, 0x8F, 0x37, 0x49, 0xD5, 0x2D, 0x2F, + 0xC1, 0xC9, 0xF7, 0xC7, 0xB2, 0xC2, 0xD6, 0x92, + 0xE7, 0x89, 0x6E, 0x4C, 0x34, 0xF5, 0x7C, 0x55, + 0x8C, 0xFE, 0x83, 0x17, 0xA8, 0x37, 0x44, 0x09, + 0xD5, 0x66, 0x87, 0x9A, 0x08, 0x62, 0x8F, 0x64, + 0x4F, 0xB4, 0x5B, 0x81, 0x84, 0x55, 0xBC, 0xA6, + 0x04, 0x2B, 0x4E, 0x61, 0x87, 0xC1, 0xDD, 0x17, + 0x7E, 0x9E, 0x51, 0x46, 0x31, 0x99, 0x04, 0xB1, + 0x50, 0x5F, 0x3E, 0xE0, 0x0C, 0xD7, 0xFE, 0xAF, + 0x0E, 0x83, 0xC3, 0x02, 0x49, 0x56, 0xF7, 0x76, + 0x59, 0xAC, 0xC5, 0x6D, 0x8D, 0x91, 0x7A, 0x37, + 0xE8, 0xFF, 0x7E, 0xB8, 0x87, 0x13, 0xCC, 0xA3, + 0x34, 0xEA, 0x04, 0xB8, 0xE2, 0x58, 0xC9, 0x34, + 0x5D, 0xA9, 0xDE, 0x26, 0xA0, 0xA3, 0x66, 0x51, + 0x94, 0x51, 0xE1, 0x01, 0x2D, 0xE6, 0xAA, 0xBF, + 0x46, 0x97, 0xC9, 0xDE, 0x82, 0x1D, 0x70, 0x02, + 0x1C, 0x32, 0x50, 0xA1, 0x06, 0xCF, 0x4C, 0x23, + 0xA1, 0xB1, 0x78, 0x5F, 0x54, 0x9D, 0x3C, 0x8C, + 0xD7, 0x1B, 0x05, 0xFE, 0xA7, 0x53, 0xE0, 0x04, + 0x6A, 0x3A, 0xE0, 0xA9, 0xB1, 0xF4, 0x02, 0x77, + 0xCF, 0x45, 0x3A, 0x2B, 0xA1, 0x4C, 0xBA, 0x92, + 0x3C, 0xC6, 0x26, 0x97, 0x06, 0xDF, 0xFF, 0xD5, + 0x17, 0xC1, 0xE5, 0x93, 0x00, 0x79, 0x91, 0x2E, + 0x05, 0xA5, 0x57, 0x18, 0x97, 0xA0, 0x68, 0x65, + 0x51, 0x6C, 0x86, 0x69, 0x9F, 0x70, 0x7E, 0x00, + 0xCB, 0x38, 0xCE, 0x19, 0x34, 0x90, 0xAE, 0xE3, + 0x0B, 0xA4, 0x7D, 0xDD, 0xF3, 0xA5, 0xB4, 0xFB, + 0xCE, 0xBA, 0x73, 0xDC, 0x13, 0xD0, 0xA1, 0x60, + 0xEA, 0x64, 0x2D, 0x30, 0xD6, 0x3A, 0x02, 0x96, + 0x4E, 0xDF, 0xDB, 0x2F, 0x29, 0xDC, 0xD3, 0x2C, + 0xA9, 0x97, 0x4F, 0x89, 0xC3, 0x2D, 0x1F, 0xA9, + 0xA8, 0x3C, 0x94, 0xA2, 0x77, 0x0F, 0xCF, 0xCF, + 0x86, 0xE6, 0x46, 0x46, 0x88, 0x2B, 0xD5, 0x50, + 0xDD, 0xD6, 0x5B, 0x4E, 0x2D, 0x28, 0x7A, 0xF6, + 0xC1, 0x96, 0xF4, 0x2D, 0xBD, 0x39, 0xB0, 0x20, + 0xD7, 0xCD, 0xFB, 0xB6, 0xE6, 0xE7, 0x5F, 0xFA, + 0xAB, 0x26, 0x09, 0x9E, 0xC1, 0xD2, 0x5E, 0x32, + 0x34, 0xF7, 0x0D, 0xD9, 0x72, 0x28, 0x6A, 0xEA, + 0x0C, 0x34, 0x36, 0x59, 0x5F, 0xE4, 0x9F, 0xCA, + 0x89, 0x8B, 0xFA, 0x42, 0x16, 0x04, 0xC8, 0x2D, + 0x3E, 0x94, 0x85, 0x6D, 0x18, 0x69, 0x05, 0x07, + 0x6D, 0x18, 0x6C, 0x68, 0x41, 0x74, 0xBF, 0x42, + 0x90, 0xDF, 0x31, 0x76, 0x9E, 0xDC, 0x97, 0xA1, + 0xDF, 0x2D, 0xFE, 0xD0, 0x3C, 0xF4, 0x5C, 0xE6, + 0x78, 0xC8, 0xA1, 0x42, 0x9E, 0xB9, 0x78, 0xD0, + 0x2A, 0x79, 0xD4, 0xF8, 0xCF, 0x01, 0x68, 0xDA, + 0xAB, 0x48, 0x2C, 0x6C, 0x61, 0x2F, 0x04, 0xB1, + 0xC9, 0x36, 0x37, 0xFE, 0x77, 0xB3, 0x02, 0xCE, + 0xFA, 0x78, 0x8C, 0x11, 0x35, 0x6C, 0x52, 0xC5, + 0x4F, 0x37, 0xA9, 0xDC, 0xFD, 0xA5, 0x59, 0x27, + 0xA8, 0xEF, 0x0A, 0x0C, 0xEA, 0x7C, 0xC4, 0xAD, + 0xCE, 0xE4, 0x59, 0xEB, 0x64, 0xDF, 0x08, 0xED, + 0x0F, 0xC2, 0x9F, 0xDC, 0x3C, 0x7B, 0x76, 0x2B, + 0x39, 0x93, 0x32, 0x06, 0x33, 0x40, 0xD4, 0x73, + 0x96, 0x62, 0x19, 0xBF, 0xC8, 0x7B, 0x4A, 0x3C, + 0x91, 0xC8, 0x0F, 0x0E, 0x4B, 0xA8, 0x6A, 0xA1, + 0x87, 0x9C, 0x76, 0x62, 0x5C, 0x86, 0x80, 0xA2, + 0x27, 0xAB, 0x22, 0x78, 0x06, 0x59, 0xD4, 0xB5, + 0xD3, 0x0E, 0x0E, 0x9A, 0x0D, 0xCE, 0x09, 0x4D, + 0xAF, 0x53, 0x76, 0x79, 0x27, 0x3A, 0x9B, 0x27, + 0x7E, 0xD2, 0xA2, 0xE2, 0x50, 0xEE, 0xA0, 0x93, + 0x82, 0x04, 0xC9, 0xE9, 0x63, 0xD3, 0x38, 0x52, + 0x2A, 0x3D, 0x1A, 0x44, 0x40, 0xE2, 0xA1, 0x23, + 0x97, 0xA5, 0xB9, 0x7D, 0x35, 0x65, 0x73, 0x07, + 0xBE, 0xC9, 0x4C, 0xC0, 0xC7, 0x2C, 0x5C, 0x6B, + 0x09, 0xDA, 0xF2, 0xBA, 0xF0, 0x02, 0x0B, 0x7D, + 0x8C, 0xA5, 0x60, 0xBF, 0x65, 0x96, 0x92, 0x9A, + 0xC8, 0xD4, 0xE5, 0x46, 0x0F, 0x78, 0x37, 0xB4, + 0x1B, 0x4A, 0xE6, 0xFF, 0x12, 0x33, 0x9D, 0xB8, + 0xEB, 0xD7, 0x02, 0x8A, 0xAC, 0xFE, 0x0B, 0x42, + 0xE0, 0x2C, 0xDE, 0x90, 0x67, 0x83, 0xAB, 0xFF, + 0x69, 0x4E, 0x7C, 0xBE, 0x08, 0x97, 0xED, 0x6E, + 0xD4, 0x38, 0xAC, 0xDB, 0x00, 0xA4, 0x70, 0x9C, + 0xFE, 0xF7, 0x15, 0x0E, 0xBE, 0xB0, 0x8C, 0x8F, + 0xF6, 0xC1, 0x54, 0x38, 0x15, 0xF4, 0xB8, 0x95, + 0x1C, 0x3C, 0xAC, 0xE4, 0x99, 0x58, 0x64, 0x58, + 0xA7, 0x3C, 0x85, 0x72, 0x38, 0x9A, 0xFC, 0x97, + 0x03, 0xA7, 0xFE, 0xAF, 0x67, 0x34, 0x45, 0xFB, + 0x4B, 0x0C, 0xCA, 0xA5, 0x11, 0xD4, 0xA2, 0xCF, + 0x46, 0x3F, 0x57, 0xE3, 0xA6, 0xD7, 0x2D, 0xA0, + 0x4B, 0x25, 0x66, 0x99, 0xA3, 0x02, 0x12, 0xE7, + 0xC5, 0x76, 0x8E, 0xFC, 0x15, 0x1B, 0x71, 0x74, + 0x41, 0x56, 0x57, 0x5A, 0x2E, 0x94, 0x43, 0x31, + 0x92, 0x32, 0xD1, 0x59, 0xC6, 0xCC, 0x00, 0x6F, + 0xDB, 0x57, 0xC5, 0x81, 0x73, 0xAD, 0x8D, 0x2C, + 0x86, 0x6C, 0x88, 0x87, 0x43, 0x7C, 0x22, 0x38, + 0x88, 0xE2, 0x1E, 0xF6, 0x7E, 0x1A, 0x33, 0x2C, + 0x1F, 0xDF, 0xCC, 0x15, 0xEF, 0x17, 0x47, 0x6F, + 0xE0, 0xFB, 0x57, 0xD4, 0x22, 0x98, 0x94, 0x72, + 0x5E, 0x14, 0x74, 0xC1, 0xBA, 0x12, 0x16, 0x56, + 0x28, 0x17, 0xF1, 0x6C, 0x53, 0xEC, 0xE0, 0x1C, + 0x7F, 0x9E, 0x36, 0x64, 0xEE, 0xDB, 0xBA, 0x94, + 0x95, 0x29, 0x87, 0x43, 0x1A, 0xA2, 0xA5, 0x7D, + 0x33, 0x0E, 0xB1, 0x1B, 0x28, 0xE6, 0xBF, 0x77, + 0x0E, 0x34, 0x9E, 0xCE, 0x35, 0x0C, 0x83, 0xE9, + 0x0D, 0xA6, 0xFE, 0x0D, 0x0A, 0x4A, 0xB9, 0x71, + 0x5D, 0xB2, 0x8B, 0xDD, 0x39, 0x7F, 0xAF, 0xA1, + 0x42, 0x83, 0x02, 0x15, 0x1E, 0x1F, 0x22, 0x2B, + 0x44, 0x69, 0x87, 0x9E, 0xB5, 0xD0, 0xF0, 0x18, + 0x60, 0x6A, 0x75, 0x94, 0xBF, 0xC8, 0x2C, 0x39, + 0x4E, 0x91, 0xB9, 0x26, 0x44, 0x95, 0xC9, 0x06, + 0x3D, 0x50, 0x52, 0x62, 0x79, 0x9B, 0x9F, 0xCB, + 0xE6, 0x31, 0x6B, 0xBC, 0xC8, 0xD8, 0x09, 0x30, + 0x53, 0x63, 0x6A, 0x74, 0xD4, 0xFA, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x02, 0x0F, 0x16, 0x1B, 0x1F, + 0x29, 0x2E, 0x36 + }; +#endif +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT +#ifndef WOLFSSL_NO_ML_DSA_44 + static const byte pk_44_draft[] = { + 0x35, 0x07, 0x31, 0x3A, 0xE3, 0x7A, 0xF6, 0x96, + 0x6C, 0x11, 0xA9, 0xE4, 0x0B, 0xEB, 0xEC, 0xE9, + 0x2B, 0x67, 0x3F, 0xD2, 0x67, 0x3C, 0x1C, 0x4C, + 0x08, 0xF0, 0x45, 0xA9, 0xDD, 0x5A, 0xB8, 0x8C, + 0x0A, 0x51, 0xA9, 0xBA, 0x89, 0x0F, 0x4C, 0xCB, + 0x9D, 0x0A, 0x41, 0x3F, 0x9C, 0xF4, 0x13, 0x36, + 0x79, 0x49, 0x00, 0x90, 0xBB, 0x57, 0x3B, 0xBD, + 0x2E, 0x18, 0xB3, 0xD0, 0xA5, 0x0E, 0x6B, 0x67, + 0xFF, 0x98, 0x8C, 0xDD, 0x07, 0xE8, 0xA7, 0xA1, + 0x3F, 0xAE, 0xFB, 0xD6, 0xC0, 0xF8, 0xF3, 0x34, + 0xA5, 0x17, 0xC2, 0x34, 0x88, 0x92, 0x65, 0xA6, + 0xE8, 0x66, 0x57, 0xFE, 0x86, 0x08, 0xF7, 0xDF, + 0xA0, 0x5B, 0x70, 0x3E, 0x91, 0x6C, 0x63, 0xA0, + 0xA3, 0x75, 0x55, 0xF8, 0xB6, 0xAA, 0xD4, 0x1B, + 0x78, 0x5E, 0x42, 0x9F, 0x96, 0xE4, 0xA0, 0x50, + 0xB6, 0x94, 0x2D, 0xC3, 0xE3, 0x36, 0x2B, 0x9D, + 0x6B, 0x7A, 0xEF, 0xF5, 0x68, 0xF2, 0x11, 0xDF, + 0x87, 0xA0, 0x9A, 0xC4, 0x61, 0xFB, 0xA4, 0x1C, + 0x98, 0x3F, 0xC9, 0x52, 0x59, 0x3B, 0x47, 0x4D, + 0xF5, 0x24, 0xA3, 0xD8, 0x63, 0xE1, 0xED, 0xDC, + 0xFD, 0xEB, 0x96, 0xFB, 0xF3, 0xE7, 0x50, 0x9C, + 0x72, 0x61, 0xC7, 0x3C, 0xCE, 0xF2, 0xEB, 0x22, + 0x55, 0x6B, 0x9F, 0x25, 0xE4, 0x45, 0xE1, 0xFB, + 0x3E, 0x2E, 0x4E, 0x92, 0x4F, 0x8A, 0x85, 0xEB, + 0x63, 0x2C, 0x05, 0x0F, 0x9A, 0xEC, 0x0E, 0x9D, + 0x05, 0x81, 0x46, 0x82, 0xEA, 0x74, 0x91, 0xD5, + 0x2A, 0xBC, 0xCC, 0xBB, 0xD6, 0x7F, 0x5F, 0x9A, + 0xD3, 0xBD, 0xEB, 0x14, 0xBA, 0x84, 0x27, 0x13, + 0x32, 0xB5, 0xF3, 0x71, 0xAC, 0x47, 0x19, 0x6B, + 0x5E, 0x43, 0x50, 0xC2, 0xA8, 0x82, 0xF5, 0x97, + 0x9B, 0x27, 0x62, 0xFB, 0xB7, 0xFF, 0x6B, 0xC8, + 0x52, 0x1E, 0xFB, 0x97, 0x39, 0x1E, 0x7F, 0x01, + 0xF8, 0x34, 0x47, 0xAA, 0xB2, 0x64, 0xB5, 0x9E, + 0x28, 0x18, 0xCB, 0x4A, 0x94, 0xBE, 0x6A, 0x43, + 0x5B, 0xAE, 0x21, 0xA4, 0x63, 0x64, 0x46, 0x0C, + 0x6B, 0x36, 0x1C, 0x2A, 0x3B, 0x64, 0xFA, 0xA0, + 0xAB, 0xE3, 0x3B, 0x7D, 0xB0, 0x23, 0x99, 0x21, + 0x55, 0x59, 0xBF, 0xD6, 0xDB, 0xB8, 0xDB, 0x09, + 0x5E, 0xBC, 0x32, 0x3C, 0xAC, 0xAB, 0x1A, 0x63, + 0x32, 0x21, 0x10, 0xD5, 0x8D, 0x7A, 0x5F, 0xCE, + 0x72, 0x8D, 0x2A, 0xED, 0x1D, 0x30, 0x38, 0x5D, + 0x3E, 0x62, 0xC2, 0x8E, 0xC9, 0x9F, 0x8C, 0x50, + 0x3F, 0xC6, 0xCE, 0x86, 0x4D, 0x67, 0x3D, 0x09, + 0xB6, 0x27, 0x14, 0x57, 0x14, 0xED, 0xC9, 0x8F, + 0xAC, 0x9E, 0xAC, 0x6F, 0xB5, 0xB2, 0xE6, 0x8D, + 0x9D, 0x5E, 0xE6, 0x78, 0x77, 0x09, 0x94, 0x35, + 0x5E, 0x3B, 0x64, 0x04, 0x38, 0xD4, 0x5B, 0x04, + 0xB8, 0x6C, 0x33, 0x97, 0xE1, 0x58, 0x54, 0x32, + 0xB3, 0x0F, 0x37, 0x69, 0x39, 0xCE, 0x57, 0x31, + 0x5C, 0x75, 0xA8, 0x94, 0xD0, 0x39, 0x2D, 0xB4, + 0x73, 0xA7, 0xA4, 0x7C, 0xBE, 0x34, 0x03, 0x2D, + 0x99, 0x1D, 0xDF, 0x32, 0x26, 0xB7, 0x45, 0x1B, + 0x03, 0xCD, 0xEE, 0x9D, 0x58, 0xA8, 0xA7, 0x76, + 0x1B, 0x17, 0x42, 0xD9, 0x69, 0x0F, 0x26, 0x3A, + 0x9D, 0x70, 0x9B, 0x4E, 0x81, 0xEB, 0x96, 0x02, + 0xB5, 0xB3, 0x92, 0x31, 0xFE, 0xBC, 0x38, 0x11, + 0x5A, 0x47, 0xED, 0x0A, 0x2A, 0xE2, 0xB8, 0x47, + 0x13, 0x5E, 0x43, 0x97, 0xD5, 0xFA, 0x31, 0x02, + 0x58, 0xE9, 0x9E, 0xB5, 0x3F, 0x85, 0x92, 0x0E, + 0xB9, 0xDB, 0xE0, 0xEE, 0x56, 0x76, 0x64, 0x8F, + 0xF2, 0xE2, 0x47, 0x81, 0xD4, 0xA4, 0x82, 0x43, + 0x69, 0xAE, 0x8E, 0x48, 0x50, 0x84, 0x93, 0x3B, + 0x9C, 0x65, 0xD3, 0x6F, 0xCD, 0x90, 0xA0, 0xD8, + 0xA0, 0xE1, 0x79, 0xCC, 0xD5, 0x1F, 0x71, 0x73, + 0x93, 0xE7, 0xB2, 0xB0, 0x78, 0x17, 0xD7, 0x79, + 0xDE, 0xCC, 0x83, 0x7D, 0x5A, 0xF2, 0x0E, 0xA6, + 0xB1, 0x76, 0x61, 0x15, 0x88, 0x8E, 0xD7, 0xA6, + 0x51, 0xBF, 0x9C, 0xD1, 0x0A, 0xFC, 0xDA, 0x65, + 0xA5, 0x65, 0xFE, 0xB2, 0xED, 0x07, 0x74, 0x42, + 0x4C, 0xF5, 0x42, 0x3D, 0xAF, 0x5F, 0x4D, 0x72, + 0x51, 0xE6, 0x3F, 0x68, 0xCC, 0xC5, 0x2D, 0x89, + 0x01, 0xD8, 0x80, 0xB4, 0xFC, 0xEB, 0x3B, 0xBE, + 0x7C, 0xFA, 0x24, 0x27, 0xE1, 0x05, 0x94, 0x67, + 0xAD, 0xB3, 0x47, 0x7D, 0x28, 0x18, 0xC1, 0xC9, + 0xB8, 0xA1, 0x2A, 0x95, 0xBB, 0x5D, 0xC9, 0x42, + 0x4F, 0x64, 0x94, 0x07, 0x5F, 0x65, 0xD3, 0xA5, + 0x65, 0xEE, 0x67, 0x2C, 0x10, 0x65, 0x81, 0x4D, + 0x7F, 0xAF, 0x2E, 0x97, 0x9E, 0x11, 0xA3, 0xF5, + 0x3E, 0xDE, 0xB1, 0x1D, 0x44, 0x72, 0x90, 0x74, + 0xFD, 0x47, 0x82, 0xA6, 0x04, 0x3E, 0x28, 0x3C, + 0x15, 0xDF, 0xC4, 0x7A, 0x7C, 0xF5, 0x5A, 0xC6, + 0xFB, 0xE4, 0xC2, 0xE0, 0x6E, 0x4C, 0x09, 0x2E, + 0xE3, 0xE6, 0x3A, 0xEF, 0xF6, 0x54, 0xDC, 0x92, + 0xBE, 0x8F, 0x24, 0x8E, 0x70, 0x53, 0x90, 0x3D, + 0x06, 0xA5, 0x0A, 0x72, 0xA0, 0x7B, 0x22, 0x14, + 0x80, 0x43, 0xAD, 0xDC, 0x11, 0xFC, 0xFF, 0xCF, + 0x5E, 0xA4, 0x69, 0x1C, 0x09, 0x09, 0xC3, 0x3D, + 0xF5, 0xE7, 0x05, 0x6F, 0x16, 0x33, 0x75, 0xB4, + 0x9B, 0x7B, 0x26, 0xDB, 0xE7, 0x27, 0x56, 0xD3, + 0x91, 0x82, 0x9D, 0xEB, 0x96, 0x3E, 0xE8, 0x40, + 0xAB, 0x5D, 0x6C, 0xB7, 0xA6, 0x36, 0x07, 0xD4, + 0xE7, 0x7C, 0xD4, 0x5C, 0x36, 0xE4, 0xFC, 0x7C, + 0x8A, 0x36, 0x8D, 0x53, 0x43, 0xD4, 0xAC, 0x0B, + 0x1B, 0xBA, 0x32, 0x88, 0xFA, 0xCE, 0xC1, 0xB9, + 0x34, 0x3C, 0xAC, 0xA0, 0xF4, 0xF2, 0x83, 0xA8, + 0xBB, 0x6F, 0x12, 0xC6, 0xB5, 0x3C, 0xDE, 0xA8, + 0x49, 0x66, 0x97, 0xD7, 0x7E, 0x37, 0xF7, 0xCE, + 0x7C, 0xF8, 0xC8, 0xBB, 0x8C, 0xB5, 0x3B, 0x3F, + 0xB9, 0x51, 0x68, 0x00, 0xD7, 0x2E, 0x1C, 0x10, + 0xAF, 0x9F, 0x3C, 0xD2, 0xAC, 0xE5, 0xBE, 0x94, + 0xB9, 0x60, 0xF5, 0xB2, 0x70, 0x24, 0xE8, 0x8A, + 0x2C, 0xD8, 0x95, 0xAF, 0xAA, 0xA9, 0xA5, 0x2B, + 0xCA, 0xE0, 0x58, 0x44, 0x02, 0x3F, 0xF8, 0x21, + 0x0C, 0x29, 0xB7, 0xD5, 0x08, 0x9E, 0x69, 0x81, + 0xD4, 0x6C, 0xC5, 0x0B, 0xF6, 0xEF, 0xAB, 0x01, + 0xEA, 0xDF, 0x36, 0x2C, 0x5C, 0xFB, 0xEB, 0xC8, + 0x4F, 0x71, 0x80, 0xD7, 0x00, 0xC9, 0x32, 0x5D, + 0x02, 0x4F, 0x96, 0x94, 0x71, 0xCD, 0x98, 0xC4, + 0x25, 0x7A, 0x92, 0xF1, 0x9B, 0xA0, 0x34, 0x30, + 0x6C, 0x41, 0x59, 0xD5, 0x01, 0x5D, 0xD6, 0x56, + 0xEA, 0x05, 0xF2, 0xFC, 0xF8, 0x58, 0xFA, 0x12, + 0x9C, 0x5A, 0x5C, 0xD5, 0x3D, 0xC7, 0x5D, 0x1B, + 0x99, 0x2A, 0x6A, 0x4C, 0xF9, 0xEA, 0x9D, 0x70, + 0x53, 0xBC, 0xBE, 0xAD, 0x61, 0xC7, 0x2D, 0x77, + 0xEF, 0x61, 0xC7, 0xBE, 0x9C, 0x73, 0xC1, 0xD5, + 0xD4, 0x5C, 0x5F, 0x21, 0x6A, 0x5C, 0xEE, 0x78, + 0xAA, 0xC6, 0x6C, 0x56, 0xDB, 0x38, 0x5A, 0x94, + 0x12, 0xB8, 0x73, 0x7C, 0xDF, 0x9A, 0x27, 0xCD, + 0xC5, 0xD1, 0xD3, 0xCA, 0x0E, 0x37, 0x0A, 0xC1, + 0x6F, 0xAD, 0xE3, 0x32, 0x94, 0x6C, 0x20, 0xB5, + 0xED, 0xE6, 0x2D, 0x34, 0x39, 0x58, 0xD2, 0x1E, + 0x63, 0x8D, 0xFA, 0xFF, 0xB5, 0xE8, 0x40, 0xC8, + 0x42, 0x38, 0x7A, 0x01, 0x80, 0xFF, 0x52, 0x3F, + 0xE9, 0x89, 0x63, 0xAD, 0x91, 0x5F, 0xCE, 0x0A, + 0x47, 0x87, 0xF9, 0x6D, 0xD7, 0x79, 0xEF, 0xCE, + 0x10, 0x7B, 0x73, 0x43, 0xBE, 0x51, 0xA0, 0xDF, + 0xE5, 0xEC, 0xA9, 0x63, 0xF6, 0x5E, 0x72, 0x36, + 0x22, 0x86, 0xEE, 0x4E, 0x4A, 0x76, 0xFD, 0x86, + 0xBA, 0xE6, 0xD6, 0xC4, 0xD2, 0xE6, 0xFF, 0xB2, + 0x5B, 0x39, 0xF9, 0xC3, 0x29, 0xA8, 0x61, 0x3A, + 0x33, 0x34, 0x89, 0xC9, 0x83, 0xF9, 0xB2, 0x70, + 0x21, 0x54, 0x44, 0x94, 0x70, 0xAD, 0x70, 0x18, + 0x84, 0x38, 0x91, 0xFB, 0xDE, 0x5E, 0x3D, 0xE3, + 0xB2, 0xA7, 0x3C, 0x1D, 0x49, 0xA6, 0x66, 0x7C, + 0x4B, 0xEB, 0xB0, 0xA7, 0x7C, 0xC5, 0xAE, 0x45, + 0x1F, 0xBE, 0x0E, 0x2F, 0x11, 0xDC, 0x92, 0x08, + 0xAA, 0x18, 0x38, 0xFE, 0x61, 0xBE, 0x9D, 0xC3, + 0x3A, 0x1F, 0x2F, 0xB6, 0x6E, 0xB6, 0x54, 0x97, + 0x74, 0x06, 0xBC, 0x12, 0x2D, 0x64, 0x18, 0x14, + 0x25, 0x5A, 0xCB, 0x7B, 0xD7, 0x9D, 0xC3, 0x2C, + 0xC2, 0x0B, 0x19, 0x10, 0xD2, 0x57, 0xF0, 0xDF, + 0xA4, 0x95, 0xA4, 0x5A, 0xA0, 0x2D, 0x0F, 0xA0, + 0xBC, 0xF7, 0x60, 0x7F, 0x38, 0xE1, 0x17, 0x0D, + 0x36, 0x08, 0xF5, 0xF9, 0x75, 0x28, 0x75, 0xAC, + 0xA9, 0x2B, 0x75, 0xC4, 0x41, 0xE0, 0x0D, 0x5C, + 0xBC, 0x5F, 0x49, 0x16, 0x25, 0x38, 0x16, 0xE1, + 0x0C, 0x2C, 0x9C, 0x63, 0xA8, 0x5F, 0x70, 0xF4, + 0x64, 0xC7, 0x10, 0x19, 0x52, 0x19, 0x6E, 0x9B, + 0x5C, 0x09, 0x4F, 0xEE, 0xB6, 0x7C, 0x85, 0xC9, + 0x6E, 0xCB, 0x33, 0x32, 0x42, 0x9D, 0x57, 0x18, + 0xE6, 0x55, 0x94, 0x74, 0x02, 0xEE, 0xEB, 0xAA, + 0xF7, 0xD3, 0x45, 0x7A, 0x49, 0x6F, 0x83, 0x89, + 0x00, 0xE4, 0xAA, 0x20, 0x87, 0x10, 0xAD, 0xC0, + 0x0E, 0xF5, 0x93, 0x57, 0xE5, 0x45, 0x7A, 0xBD, + 0x82, 0x87, 0x50, 0x0F, 0xE1, 0x2C, 0x0C, 0x6D, + 0xEE, 0xC8, 0x94, 0xB8, 0x39, 0xF3, 0x3C, 0xFE, + 0x7E, 0xC1, 0x0F, 0xB4, 0x67, 0xA2, 0xDF, 0xC6, + 0x9D, 0xB5, 0x9D, 0xB8, 0x72, 0x50, 0xBD, 0xB3, + 0xDB, 0xF6, 0x87, 0x5E, 0x26, 0x93, 0xF0, 0xD4, + 0x0D, 0x68, 0xA4, 0x8B, 0xBD, 0x2C, 0x6E, 0xD8, + 0x4F, 0x81, 0x5D, 0x0D, 0xAC, 0x72, 0x65, 0xEC, + 0x4E, 0xF2, 0x4E, 0x5F, 0x67, 0x04, 0xF3, 0x08, + 0x29, 0x4D, 0xB2, 0xE2, 0xD5, 0x9F, 0xD4, 0xB9, + 0x13, 0xB4, 0x33, 0x80, 0x27, 0x84, 0x7E, 0xF4 + }; + static const byte msg_44_draft[] = { + 0x5C, 0x70, 0x7F, 0xBF, 0xF4, 0xFF, 0xE5, 0x9B, + 0x09, 0xAA, 0xF8, 0xDB, 0x21, 0xAD, 0xBE, 0xBA, + 0xC6, 0xB2, 0x65, 0x37, 0x9A, 0x9A, 0x43, 0x3A, + 0xA8, 0x23, 0x2B, 0x13, 0x9B, 0xBD, 0x46, 0x37, + 0x30, 0x60, 0xA7, 0x5B, 0xC4, 0x48, 0x63, 0x5F, + 0x41, 0x35, 0x38, 0x69, 0xF9, 0x6F, 0xB5, 0x65, + 0x26, 0xDB, 0xAE, 0xB7, 0x5C, 0xFE, 0x2C, 0x03, + 0xCB, 0x43, 0x08, 0x58, 0x5E, 0x27, 0xD1, 0x42, + 0x14, 0xF2, 0x4B, 0xD7, 0x13, 0xE4, 0x96, 0x74, + 0x6A, 0xC1, 0x36, 0xC7, 0x9D, 0x0F, 0x7D, 0xB0, + 0x7B, 0x8A, 0x3A, 0x6D, 0x00, 0x5B, 0x29, 0x7B, + 0x37, 0xBA, 0x3F, 0x5B, 0xBD, 0xCE, 0x21, 0x77, + 0xFD, 0xD6, 0x78, 0x77, 0x20, 0x31, 0xF0, 0x60, + 0x49, 0xAE, 0x12, 0x86, 0x7A, 0x64, 0xBD, 0x0B, + 0x9E, 0xC6, 0x26, 0x80, 0x9E, 0xCE, 0x19, 0x8D, + 0x6A, 0x6B, 0x09, 0x03, 0x45, 0xDF, 0x22, 0x7D + }; + static const byte sig_44_draft[] = { + 0x08, 0xF0, 0x10, 0xFA, 0x63, 0x3F, 0x2B, 0xA1, + 0x46, 0x81, 0x34, 0xC4, 0xBC, 0xAB, 0x62, 0x17, + 0x0B, 0x64, 0xEA, 0x00, 0x2D, 0xD6, 0x8A, 0xE5, + 0xC2, 0x45, 0x29, 0xB9, 0xEC, 0x6F, 0x3B, 0xF2, + 0xDC, 0x2F, 0xC7, 0x34, 0x5A, 0x1E, 0xFE, 0x0C, + 0xCA, 0xB9, 0x6A, 0xD8, 0xDA, 0xBA, 0xAA, 0x80, + 0x90, 0xDC, 0x8C, 0x6C, 0x22, 0xFF, 0xC4, 0x90, + 0x9E, 0xE9, 0xA5, 0x45, 0xFC, 0xE8, 0x64, 0x53, + 0x9E, 0xC4, 0x17, 0xE1, 0xB2, 0x1A, 0x31, 0x40, + 0x26, 0x9D, 0x5E, 0x03, 0x6A, 0xC6, 0x09, 0x19, + 0xDD, 0xB3, 0x63, 0xE0, 0x35, 0xCD, 0xB4, 0x2E, + 0x25, 0x38, 0x6E, 0x6C, 0x76, 0xA9, 0x19, 0x75, + 0x68, 0x6E, 0xB7, 0xAB, 0xAD, 0x8F, 0x63, 0x64, + 0x97, 0x4E, 0x56, 0x82, 0x30, 0x45, 0x86, 0x22, + 0x64, 0xDA, 0xD2, 0xAE, 0x54, 0x70, 0x5C, 0xF1, + 0xEB, 0xD1, 0x84, 0x8D, 0xFF, 0x86, 0x15, 0xE6, + 0x20, 0xCE, 0x14, 0x89, 0xEF, 0xFA, 0x2E, 0xF8, + 0x60, 0xCA, 0x53, 0x52, 0xE4, 0xD5, 0xC8, 0x2E, + 0x50, 0xD5, 0x9D, 0x90, 0xA6, 0x12, 0xC7, 0xF1, + 0x70, 0x0D, 0xE2, 0x89, 0x5B, 0x31, 0x6A, 0x21, + 0x79, 0x9C, 0xBE, 0x77, 0x6E, 0xA6, 0xBF, 0x51, + 0x05, 0x2A, 0x83, 0x50, 0x7E, 0x86, 0x14, 0xD1, + 0x50, 0x53, 0x1F, 0x1C, 0x5E, 0x50, 0x24, 0x69, + 0x6C, 0x91, 0x55, 0x35, 0x19, 0x6F, 0xE0, 0xDC, + 0xB5, 0xD6, 0x48, 0x7E, 0x78, 0x61, 0x59, 0x2C, + 0xD0, 0x1B, 0x42, 0x58, 0xAF, 0x7A, 0x39, 0xCA, + 0x02, 0x1C, 0x50, 0xEF, 0xE9, 0xE1, 0xDE, 0x31, + 0x8D, 0x09, 0x51, 0xC9, 0xDB, 0x16, 0xF9, 0xB9, + 0x45, 0x54, 0x81, 0x16, 0xD7, 0x14, 0xD8, 0xBE, + 0x9C, 0xCA, 0x53, 0xFE, 0x8F, 0x24, 0x99, 0x0D, + 0xBA, 0x7F, 0x99, 0x42, 0x11, 0x9B, 0x32, 0xDD, + 0x93, 0x5C, 0xBA, 0x2D, 0xD3, 0xB3, 0xF2, 0x48, + 0x13, 0x9C, 0x80, 0xBB, 0x8D, 0xF4, 0xC7, 0xAA, + 0xEB, 0xC6, 0xFD, 0xB8, 0x35, 0x95, 0x87, 0x2B, + 0x9E, 0xCF, 0x48, 0xF3, 0x2D, 0xFF, 0x70, 0xF4, + 0xCE, 0x35, 0x68, 0x7E, 0x9D, 0xDF, 0xD5, 0x0C, + 0xCD, 0xE3, 0x51, 0xB0, 0x90, 0x86, 0xE5, 0xD1, + 0xF1, 0x3B, 0x72, 0x42, 0x73, 0x07, 0x03, 0xE2, + 0xFB, 0x40, 0x3F, 0xD4, 0xC8, 0x30, 0xB6, 0x86, + 0x49, 0x8A, 0x17, 0xDB, 0x8F, 0x46, 0x6C, 0x3A, + 0xC3, 0x49, 0xCD, 0x59, 0x68, 0x81, 0x66, 0x03, + 0xD7, 0x24, 0xAF, 0x1F, 0x77, 0xC7, 0xFB, 0xF7, + 0x83, 0xCD, 0xA2, 0x6D, 0x35, 0x0C, 0x8B, 0xBC, + 0x29, 0x3A, 0x7F, 0xAC, 0xB9, 0xF9, 0x78, 0x50, + 0x6A, 0x67, 0xFC, 0xDC, 0x6F, 0x01, 0x65, 0x06, + 0x82, 0x81, 0xB0, 0x7D, 0x25, 0x5D, 0x74, 0x0B, + 0x68, 0x5F, 0x51, 0x2C, 0x82, 0xF3, 0x1D, 0x92, + 0xF6, 0xA9, 0xA9, 0x6A, 0x77, 0x57, 0x58, 0xAA, + 0x7C, 0xBE, 0x35, 0xF4, 0x56, 0xDE, 0x42, 0x01, + 0x2D, 0xB8, 0x28, 0x83, 0x7B, 0xA0, 0xA9, 0x7D, + 0xC3, 0x30, 0x13, 0x52, 0xD0, 0xA1, 0xC8, 0xA1, + 0x2C, 0x51, 0x49, 0xAE, 0xA8, 0x04, 0xCB, 0xA8, + 0x66, 0x01, 0x26, 0xDF, 0x2D, 0x1C, 0x21, 0xA2, + 0x4E, 0xBD, 0xA5, 0x48, 0x2A, 0x2D, 0x56, 0x60, + 0x20, 0x98, 0x4D, 0x15, 0x7D, 0x02, 0xB6, 0x3A, + 0xE4, 0x11, 0xAE, 0xF7, 0x3E, 0x5D, 0x56, 0x4F, + 0x6A, 0xA3, 0x0A, 0xEA, 0xCC, 0x35, 0x8A, 0xB7, + 0xC4, 0x8F, 0x25, 0x3E, 0x42, 0x41, 0x2B, 0xA5, + 0x1F, 0xA7, 0x3B, 0x87, 0x22, 0x86, 0x79, 0xD5, + 0xE5, 0x2A, 0xA2, 0xCD, 0x68, 0xCE, 0xB8, 0x18, + 0x6D, 0xEF, 0x1C, 0x36, 0x7F, 0x75, 0x50, 0x36, + 0x1B, 0x58, 0xEB, 0x32, 0xA1, 0xC8, 0xAF, 0x47, + 0xE1, 0x26, 0x73, 0x1F, 0x5D, 0x73, 0x30, 0x13, + 0x2F, 0xC7, 0x8B, 0xA3, 0x03, 0xB4, 0xA8, 0x86, + 0x25, 0x29, 0xD1, 0x75, 0x10, 0xEE, 0x7F, 0x56, + 0xBC, 0x0D, 0x59, 0xB4, 0xAE, 0xC9, 0x44, 0x0A, + 0xF7, 0x0D, 0xBF, 0x17, 0x6A, 0x22, 0x9C, 0x75, + 0x2B, 0x3E, 0x22, 0xB8, 0x2F, 0x4B, 0x68, 0xF1, + 0x07, 0xE3, 0x47, 0x47, 0x21, 0x9C, 0xA3, 0x5B, + 0x31, 0x0A, 0x14, 0xD9, 0x7C, 0xA8, 0xC0, 0xC6, + 0x5C, 0xAD, 0x05, 0xD6, 0x15, 0xD3, 0xEC, 0xEC, + 0x32, 0xC2, 0xFF, 0xF4, 0x96, 0x9C, 0xC8, 0x65, + 0xA0, 0xB2, 0xD6, 0xF4, 0x98, 0xBB, 0xB1, 0x4E, + 0xA5, 0x11, 0x3B, 0x4E, 0xA8, 0xEB, 0x90, 0xAB, + 0xD8, 0x25, 0x10, 0xE3, 0x66, 0xB5, 0xA5, 0x11, + 0x60, 0xA0, 0xCB, 0xDF, 0x77, 0x8A, 0x80, 0x4C, + 0x07, 0x9B, 0x1B, 0x45, 0x95, 0x29, 0x1D, 0x88, + 0x85, 0xAC, 0x32, 0x94, 0x26, 0x87, 0x12, 0x0A, + 0x2F, 0x9E, 0xAE, 0x69, 0x79, 0x25, 0x5A, 0x50, + 0xF4, 0xDB, 0x15, 0x20, 0x9F, 0x7A, 0x7A, 0xF2, + 0xE5, 0x8A, 0x63, 0x6A, 0xDD, 0xBD, 0x06, 0xCB, + 0x42, 0xF0, 0x20, 0xA9, 0x3B, 0x52, 0xD8, 0x68, + 0x37, 0x71, 0x07, 0xB8, 0x5B, 0xFE, 0xA0, 0xEC, + 0xBD, 0x75, 0xFF, 0x9C, 0x89, 0xDF, 0x01, 0xE7, + 0x17, 0x7D, 0xA7, 0xE8, 0x27, 0x9E, 0xA2, 0x41, + 0x66, 0xE6, 0xDB, 0x8B, 0x5A, 0x3F, 0x6C, 0xC9, + 0xE3, 0x4F, 0x0D, 0xD0, 0x92, 0x1E, 0x27, 0x41, + 0xF2, 0xB3, 0x08, 0x32, 0x03, 0x6D, 0x2C, 0x4F, + 0x78, 0xEC, 0x99, 0xB3, 0x94, 0x6C, 0xC1, 0x89, + 0xD9, 0x34, 0x0F, 0xEF, 0x10, 0xF0, 0xDA, 0xCE, + 0x09, 0x69, 0x7A, 0x93, 0xC6, 0xFF, 0x19, 0x4F, + 0xBD, 0xDE, 0xA6, 0x54, 0x8A, 0xE5, 0x81, 0x3F, + 0x96, 0xD3, 0xA0, 0x77, 0x7C, 0xF2, 0x4B, 0xF1, + 0x68, 0xA2, 0x23, 0x3D, 0xD4, 0x16, 0xC1, 0x66, + 0xDA, 0x13, 0x53, 0xE1, 0x9F, 0x9A, 0x36, 0x09, + 0x4D, 0x72, 0x08, 0x09, 0xEB, 0x87, 0x74, 0x9A, + 0xB2, 0x8C, 0x60, 0x7F, 0xFB, 0x70, 0x17, 0x51, + 0xB1, 0xAC, 0x18, 0xDF, 0xCB, 0x43, 0x2A, 0xD3, + 0x89, 0xDA, 0x78, 0xAE, 0xDC, 0xEA, 0xB2, 0x22, + 0xCA, 0x2F, 0xF1, 0xE4, 0xA7, 0xCC, 0xAF, 0xB1, + 0x63, 0x1B, 0x5D, 0xDD, 0xD1, 0x49, 0xB8, 0x90, + 0x2E, 0xC9, 0xC0, 0x83, 0x0D, 0xAB, 0x88, 0x88, + 0x4C, 0x74, 0x72, 0x00, 0x7D, 0xFE, 0xF2, 0x46, + 0x73, 0xFD, 0x99, 0xEC, 0x89, 0x8B, 0x3B, 0x0F, + 0xCE, 0x35, 0x5A, 0xEA, 0x13, 0x4F, 0x67, 0x67, + 0xFD, 0x0D, 0x87, 0xFC, 0xB1, 0x36, 0x48, 0x07, + 0x33, 0x0B, 0xCA, 0xD4, 0xD7, 0xD0, 0xCC, 0xA1, + 0x8F, 0xF0, 0x3F, 0x01, 0x8B, 0x6B, 0x74, 0x44, + 0x2F, 0x1B, 0xE0, 0x65, 0x31, 0x1B, 0x4E, 0xDB, + 0x67, 0x65, 0xA9, 0x34, 0xE8, 0x4D, 0x0C, 0xF3, + 0x29, 0xED, 0x53, 0xAB, 0x8A, 0x98, 0x07, 0x2B, + 0xE0, 0xCD, 0xC0, 0x08, 0x82, 0x4A, 0x72, 0x28, + 0x72, 0xA2, 0xAC, 0xFE, 0xF7, 0xBF, 0x6E, 0x8E, + 0xF8, 0x3E, 0x04, 0x58, 0xA4, 0x36, 0x46, 0x33, + 0xAB, 0xDD, 0x0E, 0xBF, 0x01, 0xD2, 0xEF, 0x19, + 0x5B, 0x78, 0x2B, 0x30, 0x51, 0x25, 0x50, 0xD0, + 0xB5, 0x82, 0xC7, 0x20, 0x0D, 0xA1, 0x2C, 0x38, + 0xAF, 0x44, 0xFC, 0xBD, 0x49, 0xB8, 0x7F, 0x89, + 0xEF, 0xBE, 0x37, 0x5C, 0xCB, 0xA2, 0x11, 0x75, + 0x7D, 0xDA, 0xA8, 0x7B, 0x3A, 0x3C, 0x10, 0x11, + 0x4D, 0x9F, 0x99, 0xAB, 0x4B, 0xA2, 0x20, 0x7A, + 0x5F, 0x96, 0xEF, 0x1C, 0x00, 0xD7, 0x27, 0x17, + 0x77, 0x7C, 0x51, 0x58, 0x4B, 0x13, 0x97, 0x53, + 0x2A, 0xC6, 0x86, 0x4D, 0x3B, 0x8E, 0xBB, 0x4F, + 0xB8, 0xA0, 0x84, 0x87, 0xF6, 0xEF, 0x55, 0x12, + 0x2B, 0xCF, 0x9E, 0x5C, 0xD0, 0x0E, 0xBC, 0x1E, + 0x79, 0x53, 0xE7, 0x8C, 0x4D, 0x8B, 0xCB, 0x20, + 0xF6, 0xEA, 0x72, 0x0A, 0x63, 0x2F, 0x0C, 0xCF, + 0x57, 0x27, 0x26, 0xF4, 0x3A, 0x95, 0xCA, 0xBE, + 0xB5, 0x7C, 0x47, 0x60, 0x10, 0xCD, 0x28, 0x9E, + 0x02, 0x64, 0xC9, 0x8D, 0x82, 0x49, 0xD0, 0xD6, + 0x60, 0xF8, 0xDC, 0xC8, 0x4B, 0x7D, 0xB5, 0xEF, + 0x11, 0x17, 0xC7, 0x94, 0x5F, 0x0D, 0x99, 0xBE, + 0x75, 0x48, 0x49, 0xC6, 0x58, 0x43, 0x64, 0x99, + 0x1A, 0x5A, 0x41, 0xBA, 0xC2, 0x31, 0xB3, 0xE0, + 0x45, 0x1B, 0x81, 0xD2, 0x12, 0xBE, 0x90, 0xDB, + 0xFF, 0xBC, 0xCB, 0x99, 0xA3, 0xF0, 0x74, 0xE8, + 0x2C, 0x48, 0x58, 0xB3, 0x17, 0xA4, 0x9A, 0xD2, + 0x22, 0x46, 0xFB, 0xF5, 0x85, 0x8D, 0x07, 0xDF, + 0xDB, 0x78, 0x07, 0xF4, 0x99, 0xA8, 0x6C, 0xEE, + 0x6E, 0x96, 0x20, 0xB8, 0xC2, 0xA9, 0xFA, 0x8B, + 0x6E, 0xA6, 0x79, 0x6D, 0xF9, 0xC3, 0x0C, 0x77, + 0x74, 0xAE, 0xB0, 0x40, 0xA9, 0xE5, 0xA7, 0x0B, + 0x30, 0x40, 0x4B, 0x4F, 0xB1, 0x0A, 0x0B, 0x7B, + 0xEE, 0x1F, 0x69, 0xFA, 0xD0, 0xF0, 0x2D, 0x5D, + 0x00, 0xB5, 0x4D, 0xEB, 0x32, 0x84, 0xB2, 0xB7, + 0x60, 0xAA, 0x6C, 0xF9, 0x98, 0x18, 0xB3, 0xD9, + 0xC1, 0x54, 0x8D, 0xAC, 0x12, 0xB0, 0x3A, 0x26, + 0xB2, 0x23, 0x2D, 0x9B, 0xF8, 0x20, 0xEE, 0x90, + 0xE0, 0x6D, 0x31, 0xDE, 0xF5, 0xCA, 0xBA, 0x6A, + 0x53, 0x40, 0x29, 0x6C, 0x18, 0x62, 0xA5, 0x8A, + 0xB8, 0x17, 0xA0, 0xAB, 0xCB, 0xDC, 0xE1, 0x3B, + 0xD6, 0xC6, 0x29, 0xA3, 0x1C, 0x5F, 0x8D, 0x6E, + 0x73, 0xF6, 0x98, 0x10, 0x0F, 0x9F, 0x7E, 0xCA, + 0x4C, 0xD8, 0xEB, 0xE4, 0xB8, 0xDF, 0x72, 0x78, + 0x65, 0xAF, 0x4A, 0x20, 0xFE, 0x7C, 0xB4, 0xCA, + 0x07, 0x81, 0xFD, 0xC5, 0xC5, 0xFD, 0x33, 0x4D, + 0xB8, 0x37, 0x37, 0xC4, 0x21, 0x81, 0x66, 0x45, + 0xAE, 0x81, 0x34, 0x13, 0xA6, 0x40, 0x81, 0x39, + 0x55, 0x90, 0xE6, 0xF1, 0x42, 0x56, 0x74, 0xFF, + 0x06, 0x9B, 0x50, 0x1F, 0x0F, 0xDA, 0x6B, 0x31, + 0xC6, 0x4B, 0xC5, 0xC2, 0x14, 0xE7, 0x01, 0x5E, + 0xA9, 0xDA, 0x12, 0x2D, 0x6C, 0xE0, 0x8C, 0xEB, + 0x2D, 0xF6, 0x2C, 0x45, 0xBC, 0x01, 0x73, 0x34, + 0x6D, 0xAB, 0xBC, 0x15, 0x4C, 0x16, 0x03, 0x35, + 0x9D, 0xD4, 0xF0, 0xAC, 0x49, 0x84, 0x4A, 0xEE, + 0x46, 0x47, 0x64, 0x93, 0xF2, 0x49, 0x59, 0x86, + 0x26, 0xFB, 0x24, 0x6B, 0x99, 0xB3, 0x9A, 0xCB, + 0xB4, 0x2B, 0x28, 0x4E, 0x0C, 0x2D, 0x3F, 0x9E, + 0xCE, 0x32, 0x71, 0xC4, 0xD5, 0xE0, 0x6C, 0x48, + 0x25, 0xEA, 0x1A, 0x8F, 0x08, 0x57, 0x23, 0x85, + 0x89, 0xCD, 0xC5, 0x48, 0x37, 0x19, 0x8E, 0xD4, + 0x23, 0x4D, 0xD0, 0x31, 0x73, 0xA8, 0x8E, 0x43, + 0xEE, 0x95, 0x67, 0xF5, 0x7A, 0x93, 0x27, 0xD3, + 0x90, 0x36, 0x30, 0x4C, 0xA1, 0xCD, 0xB5, 0xF8, + 0x65, 0xC5, 0x89, 0x54, 0x57, 0x2C, 0xAE, 0xF8, + 0x75, 0xF1, 0x2E, 0x14, 0x14, 0x14, 0x0D, 0x97, + 0x5B, 0x24, 0x52, 0x46, 0x7A, 0x57, 0x6D, 0x9C, + 0x4C, 0x79, 0xDB, 0x0A, 0xE0, 0x23, 0x69, 0x52, + 0x9B, 0xF8, 0x1B, 0x54, 0x40, 0x18, 0xDF, 0xE0, + 0x1E, 0xF0, 0x61, 0xE4, 0x79, 0x81, 0xF9, 0x98, + 0x9A, 0x8C, 0x48, 0xFF, 0x86, 0x93, 0x0B, 0x68, + 0x96, 0x78, 0x2F, 0xF1, 0x2D, 0xDC, 0x60, 0x1F, + 0x8B, 0x1C, 0x04, 0x43, 0x4E, 0x60, 0x96, 0x5B, + 0x8A, 0xF6, 0x89, 0xCC, 0xC8, 0xB2, 0x9B, 0xBF, + 0x87, 0x16, 0x2E, 0xA8, 0x6F, 0x9B, 0x4B, 0xFD, + 0x74, 0x4E, 0x8F, 0x36, 0x33, 0x23, 0xDE, 0x94, + 0xD2, 0xA1, 0x72, 0x4F, 0xB2, 0xE6, 0x75, 0x3D, + 0x6E, 0x47, 0x9B, 0xDB, 0x58, 0xE5, 0x4A, 0x0C, + 0x09, 0x8F, 0x9C, 0x83, 0x63, 0x98, 0x8B, 0xA4, + 0xF7, 0x3D, 0x01, 0xA6, 0x8B, 0x93, 0x97, 0x48, + 0x84, 0x75, 0x32, 0xC7, 0xD7, 0x03, 0xDF, 0x7E, + 0x94, 0x8C, 0x8A, 0xA6, 0x78, 0x1A, 0xAE, 0xDE, + 0x36, 0x8A, 0xAD, 0x13, 0x7E, 0xF0, 0x16, 0xC2, + 0x3B, 0xAF, 0xF9, 0xD8, 0x66, 0x12, 0x30, 0x72, + 0x76, 0x6D, 0x21, 0x4C, 0xF3, 0xEF, 0x0D, 0x8C, + 0x11, 0xA4, 0x12, 0xBE, 0xF5, 0x7E, 0x8E, 0x6A, + 0x11, 0x13, 0x48, 0x8D, 0xC2, 0x62, 0xCF, 0x45, + 0x7C, 0xE3, 0x91, 0x88, 0x59, 0xFF, 0xB0, 0xF1, + 0xC3, 0xBC, 0x1D, 0x2A, 0x3E, 0x9B, 0x78, 0xF3, + 0xB1, 0x2E, 0xB0, 0x27, 0xD8, 0x16, 0xF8, 0x9B, + 0x2A, 0xAF, 0xF1, 0xAB, 0xB0, 0xF1, 0x8C, 0x7F, + 0x94, 0x31, 0x97, 0x85, 0xDA, 0xF0, 0xF4, 0x27, + 0x51, 0x3E, 0x5A, 0xE1, 0xDD, 0x6D, 0x9E, 0x98, + 0x39, 0xBB, 0xDF, 0xA2, 0xBA, 0x2C, 0x08, 0xAD, + 0x1D, 0x3F, 0x86, 0xF6, 0xC2, 0x1A, 0x8C, 0xAD, + 0xE0, 0xDC, 0xDD, 0x02, 0x47, 0x4C, 0x7E, 0x2D, + 0xDA, 0x1D, 0x70, 0x92, 0x39, 0xAA, 0x4E, 0xBA, + 0x14, 0xC7, 0xEC, 0x26, 0xBD, 0x9D, 0x1F, 0x6D, + 0x91, 0x58, 0x3C, 0xB5, 0xEF, 0x37, 0xB9, 0x66, + 0x4E, 0x04, 0x7C, 0x29, 0xCF, 0xD7, 0x8E, 0x47, + 0x84, 0xF3, 0xD2, 0x21, 0x84, 0xC5, 0xF8, 0xDC, + 0xC9, 0xF2, 0x52, 0xD5, 0x6A, 0xBF, 0xF1, 0xF1, + 0xDE, 0x9E, 0x7A, 0xF1, 0xD5, 0x5A, 0xF6, 0xEF, + 0x94, 0x66, 0xF9, 0x25, 0x44, 0x7F, 0x8D, 0x92, + 0xA2, 0x25, 0x1C, 0x72, 0x92, 0x30, 0x2A, 0xB7, + 0xEF, 0x18, 0xF3, 0x8C, 0xEF, 0x69, 0xA5, 0x5C, + 0x19, 0x3E, 0xC5, 0xBD, 0xEE, 0x2C, 0x2D, 0x71, + 0xDB, 0x89, 0xD4, 0x11, 0xA6, 0x27, 0x80, 0x8F, + 0x5A, 0x39, 0x9A, 0x04, 0x28, 0x4F, 0x9F, 0x00, + 0xBE, 0xF9, 0xF7, 0x9B, 0x46, 0x69, 0xD6, 0xAC, + 0x12, 0xE9, 0xA7, 0xC2, 0xD1, 0xC8, 0xAD, 0x5D, + 0xF7, 0xCB, 0x0C, 0x98, 0x78, 0x2D, 0x04, 0x4D, + 0x2D, 0x41, 0xAB, 0xC6, 0x3F, 0x81, 0x1D, 0xB9, + 0x2C, 0x1F, 0x3F, 0x59, 0x11, 0xF4, 0x80, 0x4F, + 0x0B, 0xCA, 0x9F, 0x81, 0x6E, 0x9C, 0xD1, 0xB4, + 0x74, 0x06, 0x48, 0x0A, 0x87, 0x2C, 0xFD, 0x4D, + 0x85, 0xD4, 0x21, 0x65, 0x7C, 0x96, 0x69, 0x53, + 0x51, 0xC0, 0xC4, 0xB0, 0xEB, 0x20, 0xDB, 0xE0, + 0x41, 0x09, 0xA7, 0x62, 0xB2, 0xF3, 0xC7, 0x6A, + 0x1D, 0x53, 0xA0, 0x39, 0xBA, 0xCF, 0x78, 0x9E, + 0xBF, 0x1D, 0xA5, 0x98, 0x09, 0x8E, 0xA7, 0x1A, + 0xE7, 0x95, 0xFF, 0x10, 0x38, 0xCC, 0x8F, 0x44, + 0xCB, 0xE7, 0xF6, 0xD6, 0x2C, 0xFF, 0xA8, 0x1C, + 0xFF, 0xA3, 0x65, 0xE8, 0x4E, 0xAE, 0xC7, 0xEF, + 0x61, 0xE1, 0x16, 0x4B, 0x8C, 0xA8, 0xC8, 0xFB, + 0xA5, 0x2C, 0xD1, 0x0A, 0x39, 0xAB, 0x4A, 0xF9, + 0xEE, 0x0B, 0x9B, 0xB4, 0x33, 0x5E, 0x25, 0x15, + 0xD0, 0xAA, 0x93, 0xC4, 0x53, 0x42, 0x91, 0xC5, + 0x98, 0x15, 0x34, 0x9A, 0x22, 0x1D, 0x9A, 0xE7, + 0x0E, 0x81, 0xF6, 0x99, 0x55, 0xB3, 0xD6, 0x49, + 0x1B, 0xB8, 0xA8, 0xBE, 0xDF, 0x54, 0xF0, 0x78, + 0xF7, 0x02, 0x97, 0x74, 0x84, 0x67, 0x6B, 0xAE, + 0x2F, 0xEC, 0x6E, 0x59, 0x20, 0x68, 0xD8, 0xE3, + 0x5A, 0x07, 0x48, 0xE1, 0x99, 0x90, 0xEE, 0xCD, + 0x17, 0x2B, 0xB6, 0xD6, 0xAA, 0x1A, 0xF8, 0x97, + 0x4E, 0xE0, 0x67, 0x9E, 0x4C, 0x35, 0xFE, 0x68, + 0x71, 0x54, 0x43, 0x5D, 0x43, 0x59, 0x19, 0xEB, + 0x58, 0x8E, 0x9A, 0xF6, 0xBD, 0x88, 0x71, 0xEE, + 0x89, 0xC6, 0xF2, 0x10, 0x04, 0x33, 0x13, 0x88, + 0xCD, 0x08, 0xB5, 0xE3, 0x5D, 0xA8, 0xBC, 0x43, + 0xB3, 0x84, 0x5F, 0x70, 0x94, 0xD9, 0xAC, 0xAE, + 0x74, 0x70, 0x13, 0x1E, 0x21, 0xFB, 0xD5, 0x7F, + 0xEC, 0x66, 0x2F, 0xA0, 0xB1, 0x1D, 0xE3, 0xF8, + 0xB9, 0x36, 0x48, 0x25, 0x3D, 0xBA, 0x7D, 0x44, + 0x08, 0xC5, 0x71, 0x74, 0xDA, 0xD3, 0x4F, 0x97, + 0x86, 0xF1, 0x16, 0x38, 0xD8, 0xC9, 0xE3, 0x3A, + 0xA7, 0x2E, 0x06, 0x4D, 0x9D, 0xE8, 0xFC, 0x38, + 0x58, 0x2A, 0x8D, 0x2D, 0x07, 0x99, 0xEA, 0xDF, + 0xF3, 0x00, 0x3B, 0xBC, 0x5F, 0x67, 0x1E, 0x4B, + 0x6C, 0xF1, 0x4A, 0x47, 0xB0, 0x71, 0x90, 0x5A, + 0x3B, 0x75, 0x93, 0x75, 0x56, 0x50, 0x4C, 0x70, + 0xF3, 0xC7, 0x95, 0xD5, 0xEA, 0xCB, 0x4C, 0x92, + 0x4F, 0x22, 0x4F, 0xD9, 0x34, 0x46, 0x76, 0xFB, + 0x79, 0xD6, 0xBD, 0x4E, 0x84, 0xEE, 0xE7, 0x78, + 0x7C, 0xB8, 0x92, 0x9F, 0xAD, 0xF2, 0x17, 0x5D, + 0x38, 0xB1, 0x88, 0x2E, 0xE9, 0x65, 0xAC, 0x4C, + 0x24, 0x27, 0x1D, 0x7B, 0xA3, 0x69, 0x96, 0x55, + 0x5C, 0x26, 0x40, 0xAF, 0x04, 0xB1, 0xCE, 0xA8, + 0x5D, 0x1E, 0x1F, 0xE5, 0x5A, 0xC3, 0xAE, 0xF9, + 0x14, 0x03, 0x58, 0x10, 0x1C, 0x8B, 0x1F, 0xDB, + 0x6C, 0x71, 0x68, 0x60, 0x13, 0x32, 0xF1, 0xA9, + 0x69, 0x45, 0x28, 0x69, 0x7C, 0xE3, 0xC9, 0x56, + 0xAF, 0xF3, 0xBD, 0x4B, 0x9E, 0x0A, 0x06, 0x6A, + 0x62, 0x20, 0x40, 0x65, 0xBD, 0xBC, 0xBF, 0xC7, + 0x0A, 0x2A, 0xCF, 0x56, 0x7C, 0x0E, 0x64, 0xBB, + 0x64, 0x71, 0x2D, 0x90, 0xBB, 0x32, 0x00, 0x0A, + 0x4A, 0x45, 0x44, 0x08, 0x75, 0x2C, 0x86, 0x13, + 0x86, 0x52, 0x8D, 0x3D, 0xFC, 0xF3, 0x5E, 0x5B, + 0x3F, 0x7A, 0xAA, 0x98, 0x84, 0xCF, 0x92, 0xF9, + 0x0B, 0x40, 0x8F, 0xC0, 0xA3, 0x71, 0x84, 0xAD, + 0xEE, 0xDF, 0xC4, 0x91, 0x7E, 0x87, 0x7D, 0x06, + 0xCA, 0x65, 0x8C, 0xE4, 0x8E, 0x03, 0xF0, 0x59, + 0x3E, 0xB4, 0x90, 0x4C, 0xEE, 0x88, 0x29, 0xE4, + 0x26, 0x7D, 0xA6, 0x54, 0x82, 0x49, 0xC1, 0x9D, + 0x80, 0xAB, 0x6B, 0xD7, 0xBE, 0x7D, 0x09, 0x80, + 0x5E, 0xB6, 0xD1, 0x1E, 0xD1, 0x1B, 0xE9, 0x8D, + 0xFC, 0x6E, 0x9C, 0x14, 0x0C, 0x15, 0x02, 0x87, + 0xF3, 0x9D, 0x21, 0xF8, 0xCB, 0xC8, 0xB9, 0xBD, + 0xE1, 0x70, 0xEA, 0xE4, 0x86, 0x4C, 0x97, 0xC1, + 0xEE, 0x4C, 0x18, 0x95, 0xEC, 0xD2, 0x4D, 0x35, + 0x9F, 0xC6, 0x56, 0x10, 0x3E, 0xC0, 0xB9, 0x7B, + 0x13, 0x1A, 0x37, 0x3D, 0x40, 0x4C, 0x88, 0x8B, + 0x9A, 0xA5, 0xB2, 0xB8, 0xB9, 0xC3, 0xEC, 0xF1, + 0x14, 0x33, 0x63, 0x67, 0x84, 0x98, 0xC8, 0xF4, + 0x06, 0x0C, 0x0E, 0x0F, 0x10, 0x12, 0x15, 0x16, + 0x45, 0x4E, 0x55, 0x5A, 0x5F, 0x8A, 0x94, 0x97, + 0xA8, 0xAF, 0xB2, 0xCC, 0xD4, 0xDC, 0xE7, 0xF1, + 0xFE, 0xFF, 0x11, 0x24, 0x53, 0x62, 0x94, 0xB7, + 0xB9, 0xD3, 0xD9, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x10, 0x18, 0x32, 0x3B + }; +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + static const byte pk_65_draft[] = { + 0x6C, 0x84, 0x14, 0x38, 0x08, 0x56, 0xCB, 0x52, + 0xD7, 0x9C, 0x4B, 0x29, 0x13, 0x9F, 0xB1, 0x83, + 0x9B, 0x86, 0x06, 0xF5, 0x94, 0x8B, 0x9D, 0x72, + 0xA9, 0x56, 0xDC, 0xF1, 0x01, 0x16, 0xDA, 0x9E, + 0x2D, 0x79, 0x77, 0x01, 0x86, 0xFC, 0x74, 0xD9, + 0x42, 0xC0, 0xF4, 0xA3, 0xB5, 0x95, 0xFF, 0x6C, + 0x19, 0x80, 0x4B, 0x49, 0x90, 0x1C, 0x6A, 0xD5, + 0xFA, 0xF7, 0x16, 0x01, 0xC2, 0xB6, 0x00, 0x31, + 0x5E, 0x1F, 0x40, 0xC2, 0x05, 0x47, 0x67, 0xB0, + 0x09, 0x25, 0xDF, 0x3A, 0xA4, 0x90, 0xE8, 0xC7, + 0x6F, 0x05, 0xFB, 0xFB, 0x74, 0x91, 0x10, 0x75, + 0xE6, 0x51, 0x8C, 0x5F, 0x1D, 0x91, 0xB8, 0xA0, + 0xE5, 0xB5, 0x98, 0x30, 0xD3, 0xDF, 0x39, 0x94, + 0x76, 0x04, 0x11, 0xEB, 0xB9, 0x11, 0xED, 0x4C, + 0xC2, 0xC1, 0x60, 0xE3, 0x84, 0x9A, 0x93, 0x76, + 0x2D, 0xFC, 0xA7, 0xB9, 0x81, 0x2B, 0xC7, 0xAE, + 0xB2, 0xDD, 0xB2, 0x76, 0x7B, 0xEF, 0x36, 0x50, + 0x56, 0x05, 0xAE, 0x06, 0x92, 0x60, 0xBC, 0xC8, + 0xDC, 0x47, 0x87, 0xC4, 0x28, 0xCB, 0x3C, 0x07, + 0x6E, 0xF2, 0xA6, 0xB9, 0x35, 0x61, 0xD8, 0x94, + 0x3F, 0x45, 0xCA, 0xBE, 0x8F, 0x05, 0x53, 0xFF, + 0x2E, 0xA1, 0xAC, 0x95, 0xC1, 0xCE, 0x21, 0x59, + 0x3A, 0x17, 0x54, 0x59, 0xD7, 0xDF, 0x12, 0xC4, + 0x07, 0x0A, 0xDB, 0x0E, 0xEE, 0x55, 0xB4, 0xAB, + 0xAE, 0x59, 0xBE, 0x69, 0xC3, 0xFF, 0x0D, 0xE5, + 0xA9, 0xB0, 0x27, 0xFC, 0x7D, 0x8E, 0x6E, 0x05, + 0x7B, 0x71, 0x52, 0xEE, 0x6A, 0xB4, 0x80, 0xD1, + 0x05, 0xD3, 0x0B, 0x0F, 0x50, 0x51, 0xB6, 0x0C, + 0x79, 0x01, 0xC5, 0x25, 0xC4, 0x63, 0x5F, 0xE6, + 0x68, 0xCC, 0x00, 0xE9, 0xD3, 0x09, 0x7D, 0xB9, + 0x9D, 0x66, 0x32, 0x37, 0x15, 0xCE, 0x4F, 0x0B, + 0x79, 0xB4, 0x26, 0xB4, 0x54, 0x5E, 0x09, 0xF4, + 0xDE, 0x39, 0x32, 0x3D, 0xD1, 0x4C, 0xCB, 0x0D, + 0x17, 0x10, 0x8C, 0xD4, 0x6D, 0xEC, 0x61, 0x38, + 0xCD, 0xFA, 0x28, 0x72, 0xC1, 0xC4, 0xC8, 0xAE, + 0xAD, 0x5C, 0x8C, 0xE0, 0x41, 0x57, 0xE5, 0x53, + 0xA3, 0x75, 0x58, 0xC2, 0x34, 0x6A, 0x06, 0x19, + 0x4C, 0xB5, 0x0B, 0x49, 0x81, 0xBF, 0x4D, 0x09, + 0x0C, 0xE4, 0xE8, 0x60, 0x12, 0x6A, 0x82, 0x54, + 0xA4, 0xD4, 0xC0, 0x84, 0xC3, 0xE2, 0x02, 0x0B, + 0xC0, 0x75, 0x35, 0x21, 0x04, 0x9B, 0x0F, 0xD8, + 0x89, 0x97, 0xE0, 0x27, 0xAC, 0x51, 0xE7, 0x5C, + 0xF1, 0x35, 0x0C, 0x3F, 0x30, 0x3A, 0x0E, 0xCE, + 0x42, 0x64, 0x87, 0x15, 0x3D, 0xAF, 0x1F, 0xAA, + 0xD6, 0x80, 0x8B, 0x9D, 0x99, 0x07, 0xDA, 0x9F, + 0x35, 0x18, 0x5B, 0xD3, 0xBE, 0x8D, 0x9C, 0xEB, + 0xE9, 0x16, 0xCE, 0xD1, 0xFA, 0x29, 0x28, 0xD8, + 0x85, 0xA9, 0xCB, 0xA8, 0x81, 0x49, 0x70, 0x3F, + 0x5E, 0x47, 0x72, 0xE4, 0x85, 0x23, 0x12, 0x5D, + 0xDD, 0x02, 0x6E, 0x71, 0x4C, 0x49, 0xF4, 0xFB, + 0x4E, 0x54, 0x4B, 0xBF, 0x61, 0x7A, 0x40, 0xB0, + 0x0B, 0x68, 0xDF, 0x8F, 0x15, 0x5F, 0x58, 0x80, + 0xD4, 0x11, 0x87, 0x7E, 0x25, 0xB4, 0x2B, 0x24, + 0x48, 0xB3, 0x6B, 0xEC, 0x2F, 0x1F, 0x8F, 0x9A, + 0x77, 0x0C, 0x54, 0x51, 0x50, 0xA0, 0x27, 0x8E, + 0x9B, 0x72, 0x45, 0x00, 0xAE, 0xAA, 0xEA, 0x47, + 0x1C, 0x11, 0xCF, 0xF0, 0x4E, 0x30, 0xEA, 0xB2, + 0xF4, 0x73, 0xBC, 0x04, 0x8E, 0x32, 0xCD, 0x31, + 0xAE, 0xF2, 0x15, 0x79, 0xB6, 0x99, 0x22, 0x5B, + 0xF9, 0xE1, 0xB6, 0x70, 0x0C, 0x57, 0xE5, 0x09, + 0xFC, 0xA1, 0xF2, 0x36, 0x29, 0x4A, 0x59, 0x74, + 0xDA, 0xA1, 0x5F, 0xBC, 0xAD, 0x62, 0xD4, 0xBD, + 0xDC, 0x45, 0x32, 0xB2, 0x61, 0x41, 0x44, 0xDB, + 0xE2, 0x88, 0x07, 0x36, 0x8C, 0x28, 0x1A, 0x77, + 0x0E, 0xA2, 0x2B, 0x1E, 0x5A, 0x3F, 0xA5, 0xBA, + 0x14, 0x92, 0x6D, 0xC5, 0x5A, 0x54, 0xF8, 0x4A, + 0x2A, 0x77, 0xC5, 0xA7, 0x08, 0x41, 0xF0, 0x7B, + 0xC1, 0xDE, 0xEF, 0x74, 0x03, 0xB2, 0x47, 0xAB, + 0x42, 0xB8, 0x4A, 0xDF, 0x14, 0x1E, 0x03, 0x0C, + 0x98, 0x46, 0x84, 0x24, 0xDA, 0xAE, 0xB9, 0x9D, + 0x25, 0x77, 0xF9, 0x50, 0xC2, 0x37, 0x3C, 0xCA, + 0x1E, 0x2D, 0xC2, 0x76, 0x1B, 0x8E, 0xDD, 0x6D, + 0x08, 0xFF, 0x79, 0xE5, 0x28, 0x88, 0x0F, 0xFB, + 0x51, 0xC3, 0x6E, 0xD4, 0x20, 0xAC, 0x5D, 0x50, + 0xF2, 0x58, 0x2A, 0xA6, 0x64, 0xE5, 0x4E, 0xA5, + 0xF4, 0x18, 0x9E, 0xA0, 0x17, 0x6D, 0xAA, 0x61, + 0x22, 0xF6, 0x23, 0x5A, 0x70, 0xB1, 0x5C, 0xEB, + 0x4D, 0xDD, 0x65, 0xD3, 0xBE, 0x6E, 0xBF, 0x3D, + 0xC4, 0x31, 0x89, 0xEE, 0x0A, 0x2E, 0x31, 0x05, + 0x63, 0x8F, 0x23, 0x87, 0x36, 0x95, 0x28, 0x0F, + 0x1B, 0x74, 0x27, 0x43, 0x52, 0xD6, 0x0A, 0x48, + 0xE5, 0xD3, 0xDD, 0x02, 0xFB, 0x7A, 0x5E, 0xD8, + 0x3F, 0xE2, 0x7A, 0x69, 0x82, 0x51, 0x42, 0x1C, + 0x8E, 0x9C, 0x98, 0x80, 0x61, 0x02, 0x39, 0x6E, + 0x53, 0x73, 0x90, 0xAC, 0xFD, 0x8C, 0x1D, 0x0B, + 0x4F, 0x99, 0xB7, 0x02, 0xA9, 0xEA, 0x65, 0x98, + 0x78, 0x58, 0x3D, 0x92, 0x75, 0x89, 0x41, 0xB3, + 0x0E, 0xCE, 0x50, 0x7C, 0x10, 0x4B, 0x2C, 0xE4, + 0x87, 0x67, 0x9E, 0xCF, 0x68, 0xB4, 0xD8, 0xB9, + 0x80, 0x69, 0x8A, 0xCF, 0x6A, 0xA6, 0xA5, 0x7E, + 0x8E, 0xD6, 0xAF, 0x3F, 0xF1, 0x8D, 0x26, 0x68, + 0x95, 0x04, 0x28, 0xB5, 0x7D, 0x18, 0x2F, 0x73, + 0xBB, 0x49, 0xB9, 0xB0, 0x38, 0xCC, 0xC8, 0x2D, + 0x56, 0x12, 0x78, 0xA3, 0x86, 0xD5, 0x66, 0x45, + 0xEC, 0x3F, 0xAF, 0xFB, 0x41, 0x25, 0xE0, 0xE7, + 0xF3, 0x6B, 0x48, 0xB1, 0x4B, 0x45, 0x25, 0x47, + 0xA0, 0xB4, 0x81, 0xAA, 0x6B, 0x33, 0x42, 0x29, + 0x24, 0x91, 0x53, 0xE4, 0x2E, 0xDF, 0x7E, 0x49, + 0xDD, 0x6E, 0x76, 0x36, 0xBF, 0xC6, 0x15, 0xA2, + 0x3A, 0x40, 0x1E, 0xFD, 0x40, 0x34, 0xC8, 0x1B, + 0x4D, 0xCE, 0xF0, 0x27, 0xD3, 0x44, 0xDD, 0xCC, + 0xE0, 0xA7, 0x16, 0x18, 0xEB, 0x59, 0x10, 0xCE, + 0xC6, 0x22, 0x28, 0x81, 0x93, 0x85, 0x03, 0x3E, + 0x8D, 0x0A, 0xBD, 0x49, 0x3D, 0x98, 0x3E, 0x4F, + 0xC0, 0x87, 0xD7, 0x2B, 0x45, 0x5E, 0x4D, 0xB6, + 0x3A, 0x2F, 0x82, 0xCE, 0xFF, 0x65, 0xC1, 0xE6, + 0x28, 0xEA, 0xE6, 0x30, 0x59, 0x6D, 0xEC, 0x27, + 0xFB, 0x98, 0xB8, 0x4D, 0xBF, 0xDC, 0xDF, 0xAB, + 0x40, 0xE4, 0x72, 0x24, 0x49, 0x14, 0xAF, 0xF1, + 0x79, 0x32, 0x6D, 0x54, 0x2D, 0x40, 0x1A, 0x3C, + 0xBB, 0x86, 0xE5, 0xFF, 0x83, 0x51, 0xEF, 0xE5, + 0x3A, 0x73, 0xC5, 0x1A, 0xBB, 0x63, 0xFF, 0x55, + 0x3E, 0x7D, 0x79, 0x57, 0xEF, 0x89, 0x13, 0x5E, + 0x0F, 0x5B, 0xB1, 0xBD, 0x0C, 0x24, 0xF9, 0xE4, + 0x5E, 0x32, 0x36, 0x41, 0x3C, 0x60, 0xE1, 0x39, + 0x6A, 0x47, 0x56, 0x7C, 0x94, 0x39, 0x51, 0x0F, + 0x00, 0xD4, 0xA4, 0x3C, 0x14, 0x9A, 0x5C, 0xCC, + 0x04, 0xF3, 0xD4, 0x7E, 0x67, 0xA8, 0xE2, 0x94, + 0xA4, 0x61, 0xA5, 0xF6, 0x93, 0xDB, 0x0C, 0xAE, + 0x22, 0xCF, 0xAC, 0x61, 0xE8, 0x53, 0x47, 0x7D, + 0x33, 0x9A, 0x4E, 0x45, 0xF7, 0xB1, 0x7C, 0x3C, + 0x11, 0x6D, 0x56, 0xF3, 0xA0, 0x68, 0xFC, 0x5A, + 0xDF, 0xEF, 0x38, 0xFF, 0x85, 0x33, 0x2B, 0xD5, + 0x15, 0x3C, 0x4D, 0x8F, 0xB8, 0xF1, 0x48, 0xF1, + 0x17, 0x65, 0x9C, 0x2E, 0xA9, 0x4D, 0xB4, 0x2A, + 0xA0, 0xB0, 0xBE, 0xBB, 0x47, 0x5A, 0x11, 0x04, + 0x12, 0xF3, 0xCD, 0x33, 0x49, 0xFC, 0x1A, 0xD0, + 0x41, 0xB7, 0xD5, 0x30, 0x4A, 0x85, 0x93, 0x14, + 0x4E, 0xFA, 0x3A, 0x36, 0x1D, 0x1B, 0x0C, 0x76, + 0x13, 0xB8, 0x2C, 0x08, 0x6E, 0xA7, 0x12, 0x6E, + 0x43, 0xC6, 0x16, 0xCE, 0xE8, 0xF1, 0x44, 0x4E, + 0x99, 0x56, 0xE8, 0x7F, 0x5C, 0xAB, 0x95, 0xC7, + 0xC7, 0xFB, 0x17, 0x58, 0xEC, 0x7D, 0x97, 0x01, + 0x9E, 0x5B, 0xA9, 0x35, 0x43, 0xEF, 0x3B, 0xAC, + 0x1A, 0x17, 0x42, 0x99, 0xCA, 0x48, 0xBF, 0x78, + 0x59, 0xDB, 0xFB, 0xDF, 0xF2, 0x43, 0xB1, 0x14, + 0xF6, 0xBF, 0x42, 0x3C, 0xE9, 0x8B, 0x4D, 0x4D, + 0x09, 0x1D, 0xA4, 0x4F, 0x32, 0x74, 0xD5, 0x73, + 0xFD, 0xC9, 0x04, 0xBD, 0x88, 0x5E, 0x35, 0xC9, + 0x15, 0x2A, 0x65, 0x35, 0x48, 0x88, 0xF1, 0x1E, + 0xD4, 0xF3, 0xD6, 0x3F, 0x26, 0xA7, 0xBE, 0x2F, + 0x57, 0x26, 0xEA, 0xDA, 0xF4, 0x85, 0x86, 0x59, + 0x2B, 0xBD, 0xF6, 0xCE, 0xE2, 0x46, 0x76, 0x9E, + 0x0E, 0xDA, 0x2A, 0x80, 0x77, 0x1F, 0xED, 0x34, + 0x7D, 0x67, 0xAF, 0xEE, 0xC6, 0x8B, 0x89, 0x46, + 0x3F, 0xA0, 0x49, 0x6D, 0xBC, 0x15, 0xC8, 0x9E, + 0x8D, 0x56, 0x99, 0x83, 0xD1, 0xD6, 0x74, 0x73, + 0x3F, 0x2B, 0xF9, 0xDF, 0x4A, 0x98, 0x0E, 0xA8, + 0xC5, 0xE3, 0xAF, 0x15, 0x56, 0x0A, 0x0E, 0x28, + 0xD6, 0x72, 0xB5, 0x80, 0xAB, 0x65, 0x52, 0xED, + 0x76, 0xAA, 0xCB, 0x5F, 0x80, 0x26, 0x0B, 0x97, + 0x03, 0x76, 0x9D, 0x33, 0xF4, 0x13, 0x8A, 0xBC, + 0x10, 0xBF, 0x5B, 0x05, 0x82, 0xDC, 0xC6, 0x2D, + 0xBE, 0x58, 0xC8, 0x90, 0xF5, 0x1B, 0x41, 0x00, + 0x12, 0x77, 0x34, 0xFB, 0x7D, 0xB7, 0x44, 0x7A, + 0x72, 0x0A, 0xAE, 0x00, 0x9D, 0x00, 0xBE, 0x8C, + 0x61, 0x07, 0x92, 0xC6, 0x4F, 0x13, 0x1F, 0x2D, + 0x72, 0x11, 0x5C, 0x7E, 0x05, 0x8E, 0x48, 0xB9, + 0xDE, 0x64, 0xF5, 0x5B, 0x4D, 0x61, 0x0C, 0x36, + 0xD1, 0x12, 0x71, 0x6A, 0x31, 0xA3, 0xDF, 0xE2, + 0x66, 0x99, 0xE9, 0xC2, 0xAB, 0xA0, 0x56, 0x58, + 0xCE, 0xF1, 0xB2, 0xB0, 0x86, 0x7C, 0xF8, 0xD5, + 0x23, 0x3D, 0xB7, 0x4F, 0xA8, 0xDC, 0x3A, 0xD1, + 0x45, 0xF5, 0xD2, 0x85, 0x74, 0x36, 0x0A, 0x85, + 0xE3, 0xB0, 0xB1, 0x0A, 0xC0, 0xA6, 0x46, 0x7A, + 0x7B, 0x05, 0x98, 0x46, 0x28, 0xEC, 0xA1, 0x04, + 0x63, 0xF3, 0x48, 0xA3, 0x11, 0x1E, 0x00, 0x57, + 0x8D, 0x3C, 0xE5, 0x48, 0x0F, 0x53, 0x75, 0xA1, + 0xEE, 0x23, 0xEE, 0x82, 0x08, 0x7B, 0xAC, 0x41, + 0x23, 0x3A, 0x14, 0xAA, 0xA7, 0x24, 0x73, 0x4B, + 0x18, 0x74, 0xA4, 0xAC, 0xE1, 0x13, 0x37, 0x06, + 0x25, 0x8F, 0x5F, 0xEA, 0x3A, 0x0C, 0x16, 0x09, + 0xE3, 0x0C, 0x7F, 0xD2, 0x10, 0xDA, 0x0C, 0x4F, + 0xDE, 0x91, 0x62, 0xDF, 0x66, 0xFB, 0xAF, 0x79, + 0x2F, 0xA2, 0xAE, 0xAA, 0x51, 0x2F, 0x0F, 0xF7, + 0x83, 0x7B, 0x9C, 0xC0, 0x2E, 0xE9, 0xBD, 0x95, + 0x53, 0x9F, 0x00, 0x1B, 0xBD, 0x60, 0xDD, 0x8B, + 0x42, 0xD6, 0x16, 0xB2, 0xCA, 0x95, 0xF3, 0x83, + 0x5F, 0x5E, 0x47, 0xD4, 0x3B, 0x14, 0x34, 0xC4, + 0x56, 0x3F, 0xD8, 0x1C, 0x15, 0xBE, 0xFA, 0x20, + 0x2C, 0xF3, 0xD9, 0x54, 0x08, 0x73, 0xF6, 0x84, + 0xAF, 0xE1, 0x9A, 0xB5, 0xC0, 0x1F, 0xA9, 0x2E, + 0x95, 0xA8, 0xCD, 0x6F, 0x36, 0x07, 0x30, 0x85, + 0x6E, 0x59, 0xC9, 0xC6, 0xAB, 0x77, 0x0D, 0x65, + 0x75, 0x96, 0x2A, 0xF7, 0x58, 0x78, 0x57, 0x2A, + 0x2A, 0x26, 0x41, 0x3D, 0x01, 0xAB, 0x31, 0x8C, + 0x10, 0x0D, 0xFC, 0x34, 0xDC, 0x1D, 0xEF, 0xA5, + 0x92, 0x7C, 0x4B, 0x45, 0x99, 0x25, 0xD7, 0x3E, + 0x1E, 0xB9, 0x14, 0x70, 0xE3, 0x7A, 0x58, 0x45, + 0x5C, 0x22, 0xA9, 0x61, 0xFD, 0x53, 0xF7, 0xD9, + 0x90, 0x26, 0xFF, 0x88, 0x4B, 0xF4, 0xA2, 0x57, + 0x9F, 0x70, 0x63, 0x35, 0xEF, 0xB6, 0xFB, 0x22, + 0x50, 0xD5, 0x2A, 0xE5, 0x61, 0x89, 0x8B, 0xA1, + 0x60, 0x6E, 0x51, 0xE9, 0x6D, 0x37, 0xC9, 0xED, + 0x3E, 0xC6, 0xCF, 0xCB, 0x33, 0xBF, 0xBE, 0x9C, + 0x31, 0x43, 0xFD, 0x3B, 0x6B, 0x33, 0x4D, 0x5F, + 0x61, 0x92, 0x2B, 0x36, 0x9A, 0xFB, 0xB3, 0x1C, + 0x3E, 0x6E, 0x9B, 0x5F, 0x3A, 0xEB, 0xF9, 0x5C, + 0xB7, 0x08, 0x34, 0x6F, 0xEC, 0xF7, 0x15, 0x9C, + 0xAD, 0x94, 0xA9, 0x3D, 0x8C, 0xD4, 0xB8, 0xC4, + 0x89, 0x41, 0x92, 0xDF, 0xE5, 0x3E, 0xA4, 0x36, + 0xFB, 0xF3, 0xAF, 0x4E, 0x86, 0x4E, 0x8C, 0x39, + 0x91, 0xEA, 0x02, 0x0A, 0x81, 0x1F, 0x0A, 0xF5, + 0x0B, 0x42, 0x57, 0x43, 0x6A, 0x3F, 0xF5, 0x22, + 0xBE, 0x73, 0x67, 0x39, 0x1D, 0x0F, 0x95, 0x0B, + 0xA6, 0x45, 0x2F, 0xBF, 0xD8, 0xFD, 0x87, 0x28, + 0xF4, 0x0B, 0xD2, 0xFC, 0xB8, 0x94, 0x52, 0x99, + 0x85, 0xB4, 0x32, 0xDF, 0xEF, 0x62, 0x30, 0xEB, + 0x4D, 0xEE, 0x73, 0x7A, 0x8D, 0x10, 0xA3, 0xBC, + 0xDF, 0xB7, 0x63, 0xE0, 0x86, 0x9B, 0x22, 0x5C, + 0x1A, 0x8D, 0x0E, 0x1F, 0xBF, 0x2D, 0x16, 0x1C, + 0x2C, 0x65, 0xD6, 0xDF, 0xB9, 0x58, 0xE9, 0x82, + 0xD1, 0x17, 0x77, 0xAC, 0xBE, 0xAD, 0x8D, 0xFB, + 0x6B, 0x1F, 0x5E, 0xB2, 0x1E, 0xA9, 0x42, 0xF7, + 0xC4, 0x0D, 0xC2, 0x0D, 0x2E, 0x4E, 0xB3, 0xE7, + 0x29, 0xB4, 0xE2, 0x9F, 0x75, 0x01, 0xDA, 0x34, + 0x23, 0x45, 0x61, 0xF6, 0x28, 0x88, 0x12, 0xD6, + 0x12, 0xD4, 0x1D, 0xFA, 0x83, 0xC5, 0xB8, 0xD9, + 0x0F, 0xF3, 0x8B, 0xA5, 0x48, 0x20, 0x1B, 0x57, + 0x5B, 0x52, 0x93, 0xAD, 0x78, 0x12, 0x0D, 0x91, + 0xCE, 0xC0, 0x59, 0xCA, 0xE2, 0xE7, 0x6A, 0x9A, + 0xB4, 0x3E, 0xF1, 0x28, 0x1E, 0x2B, 0xEF, 0x3E, + 0x34, 0x8D, 0x28, 0xF2, 0x19, 0x47, 0xC8, 0x88, + 0x48, 0x96, 0x04, 0x59, 0x48, 0x97, 0x75, 0x17, + 0x6F, 0x8E, 0x40, 0xEE, 0x06, 0x42, 0x79, 0x53, + 0x68, 0x7F, 0xB6, 0x3E, 0x47, 0x0F, 0x7D, 0x59, + 0xFB, 0x60, 0xDF, 0x56, 0x9F, 0x8A, 0x11, 0xE2, + 0x8E, 0x09, 0x37, 0x16, 0x2C, 0x46, 0xAF, 0xC7, + 0xD2, 0x21, 0x0A, 0x88, 0x5F, 0xFA, 0x21, 0xB3, + 0xDB, 0xF5, 0x35, 0x4B, 0x29, 0x41, 0xF4, 0xED, + 0x5D, 0x50, 0x79, 0x08, 0x90, 0x84, 0x0C, 0xC3, + 0xB9, 0x73, 0xD2, 0xC3, 0xD0, 0x26, 0x02, 0xB2, + 0x9B, 0xAC, 0xCB, 0x6C, 0xE1, 0x7C, 0xED, 0xB9, + 0x7B, 0x08, 0x5A, 0x2A, 0xB3, 0x10, 0x57, 0x2B, + 0xA7, 0x37, 0x1D, 0x1F, 0x81, 0x20, 0xFF, 0xE3, + 0x7D, 0x0B, 0x0F, 0xCA, 0x35, 0xAF, 0xC5, 0xB5, + 0x62, 0xAA, 0x84, 0x99, 0x71, 0x5A, 0x29, 0x9C, + 0xE0, 0x59, 0xCC, 0xE3, 0xB0, 0xD1, 0x1C, 0xEF, + 0x0D, 0x92, 0x38, 0x96, 0x1A, 0xD4, 0xBE, 0x11, + 0xE9, 0xA6, 0xD1, 0xA4, 0x69, 0x21, 0x77, 0xC8, + 0xB0, 0xC5, 0x3F, 0x11, 0xA8, 0xED, 0x26, 0x50, + 0x21, 0x2E, 0x7A, 0x2F, 0x80, 0xEB, 0xFF, 0x6D, + 0xCF, 0xE4, 0x67, 0x21, 0x03, 0x65, 0x84, 0x34, + 0xD0, 0x32, 0x7A, 0xDD, 0xCD, 0x66, 0xBC, 0xB6 + }; + static const byte msg_65_draft[] = { + 0xDB, 0x84, 0x94, 0xBA, 0x19, 0xC4, 0x11, 0x8F, + 0xB1, 0x5D, 0x0A, 0xCF, 0x42, 0x54, 0xFD, 0x37, + 0x48, 0x3F, 0xCF, 0x47, 0x48, 0xFD, 0x18, 0x44, + 0xF7, 0x17, 0xCE, 0x6F, 0x69, 0x58, 0x9E, 0x61, + 0x77, 0x2C, 0xFE, 0xFA, 0x7F, 0x97, 0x58, 0x65, + 0x34, 0x09, 0xD4, 0xEE, 0x5A, 0x26, 0x4B, 0x83, + 0x4E, 0x60, 0xD6, 0xBB, 0x96, 0x49, 0x9E, 0xBE, + 0xB2, 0xB0, 0x6B, 0x0B, 0xA8, 0x74, 0xBF, 0x31, + 0xE6, 0x41, 0x39, 0x4C, 0xFA, 0xA6, 0xA2, 0xD3, + 0x0D, 0xDB, 0x8F, 0x04, 0x58, 0x76, 0x20, 0x8D, + 0x2F, 0x51, 0xDE, 0x15, 0xE2, 0x05, 0xE8, 0xC9, + 0x1B, 0x87, 0xEC, 0xEB, 0x05, 0xFF, 0x31, 0x83, + 0x27, 0x1B, 0x26, 0x49, 0x66, 0x5D, 0xD3, 0xCC, + 0x49, 0xBF, 0xDB, 0x99, 0x8D, 0x53, 0x9D, 0xA8, + 0x09, 0x30, 0x55, 0x16, 0xBB, 0xBE, 0x9C, 0x90, + 0x60, 0x21, 0x19, 0x1C, 0x52, 0x23, 0xE5, 0x25, + 0xA8, 0xFC, 0x36, 0x16, 0xA1, 0x76, 0x5E, 0xC3, + 0xF9, 0xC5, 0xDB, 0x53, 0xCC, 0x33, 0x7E, 0x03, + 0x9F, 0x18, 0x6A, 0xCF, 0xEA, 0x91, 0x14, 0x8E, + 0xE2, 0xA7, 0x9C, 0xCA, 0x36, 0x89, 0xED, 0xB6, + 0x2A, 0xAF, 0x28, 0xB5, 0xD7, 0x52, 0xFD, 0xE2, + 0x65, 0xEE, 0x52, 0x80, 0xB5, 0x19, 0x72, 0x6C, + 0x1C, 0xA9, 0x80, 0x32, 0x95, 0xC6, 0x74, 0xB7, + 0xEF, 0xAF, 0xA4, 0xD6, 0x1B, 0x30, 0x6A, 0x79, + 0xE3, 0xF6, 0xE7, 0xA8, 0x87, 0xC2, 0xFB, 0x53, + 0x5B, 0x3B, 0x0F, 0xB3, 0xD9, 0xEB, 0xC8, 0x76, + 0x03, 0xEA, 0xFE, 0xF1, 0x70, 0xC1, 0xF1, 0xD2, + 0x8E, 0x99, 0xBB + }; + static const byte sig_65_draft[] = { + 0xF7, 0x78, 0x9A, 0x45, 0xA3, 0x58, 0x73, 0x30, + 0xE7, 0xFC, 0xF7, 0x06, 0x95, 0xF7, 0xF6, 0x96, + 0x88, 0xA2, 0xB8, 0xD0, 0xCE, 0x54, 0xF0, 0x90, + 0x21, 0x4F, 0x10, 0x9F, 0x56, 0x48, 0x4F, 0x98, + 0xC3, 0xAD, 0x1A, 0x53, 0xA5, 0x44, 0x1C, 0x2C, + 0xA7, 0x2A, 0x3B, 0x31, 0x91, 0xBC, 0x04, 0x6F, + 0x46, 0x37, 0x30, 0x45, 0xB9, 0xE5, 0x40, 0xC7, + 0x3D, 0xFE, 0x91, 0xB6, 0x1F, 0x05, 0x88, 0xD6, + 0x13, 0x59, 0x3F, 0xCE, 0x1B, 0x00, 0xEE, 0xF1, + 0xB2, 0x27, 0x03, 0x4C, 0x6F, 0xD3, 0xB1, 0x8B, + 0x3F, 0x22, 0x11, 0x10, 0xFB, 0x34, 0x5A, 0xA7, + 0x86, 0x31, 0xB8, 0xB5, 0x9F, 0xBD, 0xFD, 0xCC, + 0xDA, 0xE6, 0xA2, 0x4D, 0x25, 0x9D, 0x34, 0xAA, + 0xBA, 0xD2, 0x18, 0xB3, 0xAE, 0x4E, 0x77, 0x18, + 0x66, 0x53, 0xB8, 0x56, 0x3A, 0xA6, 0x12, 0x0A, + 0x0A, 0x53, 0x1A, 0x4E, 0x91, 0x37, 0x30, 0xDC, + 0x91, 0x4F, 0xE5, 0xE0, 0x08, 0xBE, 0xCE, 0x68, + 0x69, 0xB0, 0x2B, 0x07, 0xFD, 0xC1, 0x62, 0x14, + 0x54, 0x0D, 0x31, 0x6C, 0x43, 0xFA, 0x0C, 0x21, + 0x1B, 0x41, 0xAC, 0x7E, 0x52, 0x65, 0x67, 0x29, + 0xC7, 0x73, 0xE4, 0xC4, 0xB8, 0x8E, 0xD3, 0x11, + 0x88, 0x6D, 0xD4, 0xD2, 0x75, 0x41, 0x7D, 0x70, + 0x19, 0x66, 0x44, 0xEE, 0xD1, 0x5F, 0xA3, 0x15, + 0x06, 0x60, 0x03, 0xE3, 0x09, 0xF8, 0x32, 0xAF, + 0x91, 0x26, 0x2C, 0x94, 0x90, 0x11, 0xFC, 0xB0, + 0xAD, 0x2C, 0xCE, 0x65, 0xDD, 0x9E, 0xFF, 0x56, + 0x7E, 0xE2, 0x9C, 0xC4, 0x0A, 0x6F, 0xE0, 0x66, + 0x4E, 0x7D, 0x9F, 0x23, 0x65, 0x68, 0xFC, 0x94, + 0x29, 0x5D, 0xBB, 0x34, 0x28, 0x82, 0x33, 0xE8, + 0xC5, 0x11, 0xD2, 0x88, 0x15, 0xEC, 0x72, 0x10, + 0x32, 0x29, 0x6E, 0x1E, 0xDE, 0xCA, 0x7F, 0x72, + 0x6A, 0x6E, 0xB0, 0xF7, 0x6C, 0xC5, 0x82, 0x80, + 0x11, 0xC0, 0xE4, 0x01, 0x3C, 0xC7, 0xEE, 0x43, + 0x29, 0xB8, 0x1E, 0xCC, 0x0D, 0x52, 0xED, 0x1E, + 0x49, 0x1D, 0xD6, 0xD5, 0x5C, 0x52, 0x65, 0x66, + 0x5E, 0xD8, 0xAD, 0x21, 0x9B, 0x89, 0x4F, 0x31, + 0xC6, 0x8C, 0x61, 0x9A, 0xFC, 0xDB, 0x73, 0x58, + 0xE5, 0x55, 0x4C, 0x49, 0x5B, 0x8B, 0x6E, 0x33, + 0x25, 0x68, 0x8F, 0xB8, 0xC1, 0xA2, 0x53, 0x31, + 0xD5, 0x7B, 0xD3, 0x48, 0xA2, 0x7D, 0x39, 0x09, + 0x29, 0xBC, 0x46, 0xA1, 0x49, 0x6A, 0xB3, 0x5B, + 0x46, 0xBA, 0x61, 0xB6, 0xB9, 0xD2, 0x3C, 0xD0, + 0x63, 0x15, 0xFB, 0x72, 0xC2, 0x47, 0x76, 0x01, + 0x61, 0x30, 0xAD, 0xB1, 0xCF, 0x2D, 0xC7, 0x29, + 0x59, 0xEA, 0x9C, 0xAD, 0x96, 0xAF, 0x5D, 0xA9, + 0x96, 0x12, 0x6C, 0xDD, 0x85, 0xB1, 0x34, 0xCC, + 0x92, 0x7A, 0x51, 0xFD, 0x23, 0xF8, 0x47, 0x91, + 0xA3, 0xFC, 0xDA, 0x07, 0x7E, 0x15, 0x99, 0x17, + 0x48, 0xA0, 0x39, 0x4F, 0x33, 0x4E, 0xB8, 0xBC, + 0x48, 0xA9, 0x9A, 0xB9, 0xDF, 0xBB, 0x0F, 0x2A, + 0xAD, 0x6F, 0xBE, 0x48, 0x49, 0x61, 0xD3, 0xA4, + 0xE8, 0xF8, 0xB2, 0x1A, 0x6A, 0xC0, 0x92, 0xB2, + 0x26, 0xD6, 0xE1, 0x19, 0xFA, 0xD4, 0x4D, 0x8E, + 0x57, 0x6F, 0xE9, 0x6C, 0x6C, 0xDB, 0x68, 0x40, + 0xEA, 0x61, 0x4B, 0xAF, 0xC7, 0x07, 0x86, 0xC5, + 0x19, 0xE1, 0xD5, 0xDC, 0x0F, 0x98, 0x44, 0x43, + 0xC8, 0xB1, 0xE5, 0x4F, 0x8E, 0xE1, 0x76, 0xD9, + 0x8B, 0x2C, 0x70, 0x27, 0xF5, 0x7D, 0x7E, 0x3D, + 0xE9, 0xB2, 0xA0, 0xA3, 0x69, 0x11, 0xB8, 0xE4, + 0x71, 0x21, 0xDE, 0x0C, 0x07, 0xEB, 0xBA, 0x5D, + 0x7B, 0x59, 0x4E, 0xF2, 0x44, 0xC6, 0x83, 0x27, + 0xEC, 0x6C, 0x6D, 0x1D, 0xD5, 0x01, 0xF4, 0x83, + 0xFE, 0x9B, 0x95, 0x70, 0x59, 0x7E, 0x70, 0xDF, + 0x41, 0x3E, 0x7A, 0xF0, 0x38, 0x47, 0xF4, 0x09, + 0xED, 0x61, 0xE2, 0x84, 0x6E, 0x6C, 0x64, 0x1E, + 0x6A, 0x7F, 0xFA, 0x79, 0xDE, 0x6B, 0xFA, 0x37, + 0x3A, 0x06, 0x44, 0xB0, 0x0B, 0xF4, 0x1A, 0x03, + 0x49, 0x92, 0xA7, 0x94, 0xDA, 0x17, 0xC8, 0x88, + 0x85, 0x23, 0x90, 0x32, 0xC8, 0x51, 0x76, 0x4E, + 0x3E, 0x4D, 0xBD, 0xE7, 0xF1, 0x2A, 0x16, 0xC5, + 0xA2, 0x63, 0xE9, 0x64, 0xC1, 0xE7, 0xFD, 0xD3, + 0xCC, 0xE5, 0x76, 0xDD, 0x6D, 0x56, 0xB1, 0x81, + 0x82, 0x84, 0x8B, 0x75, 0x63, 0x64, 0x5D, 0x4E, + 0x42, 0xFF, 0x22, 0x74, 0x2A, 0x99, 0x67, 0x85, + 0x16, 0x9D, 0x7F, 0x50, 0x3B, 0x48, 0xA7, 0x15, + 0x8B, 0x3C, 0xBD, 0x29, 0x93, 0x5E, 0xD3, 0x20, + 0x49, 0xBE, 0xA1, 0xAD, 0x95, 0x3E, 0xF7, 0x07, + 0x32, 0x7B, 0x77, 0x8B, 0xFD, 0xDD, 0xFC, 0x60, + 0x51, 0x1D, 0xA1, 0x13, 0xA3, 0x4F, 0x65, 0x57, + 0x12, 0xE4, 0xE5, 0x9D, 0x6C, 0xCE, 0x40, 0x4E, + 0x94, 0xAB, 0xA6, 0x1E, 0x81, 0x35, 0x38, 0x8F, + 0xC2, 0x1C, 0x8E, 0x41, 0x34, 0x4F, 0x32, 0x4B, + 0x01, 0xAC, 0x8C, 0x06, 0x9F, 0x92, 0x57, 0x5D, + 0x34, 0xF8, 0x8B, 0xCA, 0x22, 0xCB, 0x30, 0x7E, + 0x37, 0x07, 0x00, 0x63, 0x32, 0x02, 0x56, 0xB8, + 0xBA, 0xD6, 0xEB, 0x7A, 0x81, 0xAF, 0xE9, 0xA2, + 0x54, 0x01, 0x6E, 0x1C, 0x8A, 0x12, 0x50, 0x89, + 0xAA, 0xA3, 0xED, 0xE8, 0x4E, 0x5B, 0x6C, 0x2E, + 0xCF, 0xAE, 0xFA, 0xA5, 0x2B, 0x9F, 0x57, 0x09, + 0x60, 0x2C, 0x06, 0xAE, 0xA4, 0xA0, 0x38, 0x4E, + 0x9B, 0x09, 0xE5, 0xB8, 0x81, 0x64, 0xB2, 0x74, + 0xEA, 0x32, 0x65, 0xFB, 0x51, 0x52, 0x39, 0x7D, + 0xFF, 0x5A, 0x3A, 0x08, 0x61, 0xE2, 0xBC, 0x12, + 0xD2, 0x10, 0x92, 0x89, 0x72, 0x97, 0x47, 0xE8, + 0x3F, 0xDF, 0x24, 0x3A, 0x1D, 0x17, 0xB9, 0x83, + 0x48, 0x37, 0x98, 0x45, 0xA9, 0xE9, 0x55, 0xE2, + 0xD6, 0xF9, 0x38, 0xDA, 0xA5, 0x91, 0x8E, 0x2A, + 0x14, 0xF9, 0x7B, 0xA2, 0xBE, 0x50, 0x1C, 0xCC, + 0xAF, 0xD6, 0x81, 0x91, 0x0F, 0x4A, 0x4F, 0x06, + 0x71, 0x5C, 0xE8, 0x40, 0x96, 0xF3, 0x7A, 0x91, + 0xDC, 0xCA, 0x2A, 0x8A, 0x4B, 0xE8, 0xDA, 0x79, + 0x21, 0xDB, 0xF8, 0xD3, 0xF4, 0xEF, 0xB9, 0x8C, + 0x6B, 0x4F, 0x94, 0x0E, 0xCE, 0xF8, 0x32, 0xB5, + 0x49, 0xD0, 0x68, 0x94, 0x7C, 0x3D, 0xFB, 0x58, + 0x09, 0xCB, 0x7B, 0x06, 0x0A, 0x3A, 0x0E, 0xF3, + 0xB2, 0x1C, 0x01, 0x64, 0x50, 0x1D, 0xDE, 0xA7, + 0xC9, 0xE5, 0xE7, 0x89, 0x7C, 0x6B, 0x1C, 0x46, + 0x34, 0x8B, 0x2C, 0x3E, 0x80, 0x5F, 0x6F, 0x22, + 0x87, 0xBA, 0x15, 0x8C, 0xF9, 0x25, 0xA7, 0xBA, + 0x7F, 0x08, 0x25, 0x49, 0x89, 0xC8, 0x7D, 0x24, + 0x97, 0x9A, 0xD9, 0x86, 0xAA, 0x97, 0xC5, 0x1B, + 0x01, 0xF4, 0x5D, 0x4A, 0x1F, 0x24, 0x75, 0x29, + 0x91, 0xF0, 0x42, 0x05, 0xEB, 0x55, 0x1F, 0xD0, + 0x2D, 0x41, 0x5F, 0x2D, 0xD1, 0xEF, 0xF1, 0x42, + 0xB0, 0xD7, 0x04, 0x16, 0xC6, 0xD8, 0x15, 0xEB, + 0x91, 0x73, 0x2B, 0x26, 0x8F, 0xB2, 0x0D, 0x08, + 0x67, 0x44, 0x2D, 0x71, 0xDE, 0xC0, 0x57, 0xB2, + 0x86, 0xCD, 0x93, 0x81, 0x1F, 0xF3, 0xF6, 0x46, + 0xEB, 0xD5, 0x65, 0xD5, 0x1D, 0x09, 0xA4, 0x2D, + 0x3A, 0xBA, 0xAC, 0x0F, 0x34, 0xCC, 0x81, 0x7B, + 0x18, 0x93, 0x8E, 0xCC, 0xBB, 0x1F, 0xEF, 0x05, + 0xBD, 0x3C, 0x2B, 0x49, 0x4F, 0xA5, 0x29, 0xED, + 0x4C, 0x63, 0x4C, 0x93, 0x25, 0xA4, 0x81, 0x73, + 0xF2, 0x0F, 0xFA, 0xC3, 0x2D, 0xC1, 0x01, 0xE6, + 0xEE, 0x03, 0xB2, 0xFC, 0xBE, 0xC2, 0x46, 0x8D, + 0xBC, 0x8F, 0x76, 0x75, 0x8C, 0x32, 0x15, 0x47, + 0x4F, 0x7E, 0xF2, 0x40, 0x65, 0xF7, 0x90, 0x60, + 0xAC, 0xA3, 0xC8, 0xD5, 0xD7, 0x4A, 0xF7, 0x0F, + 0x48, 0x30, 0x1D, 0xDB, 0x30, 0xC0, 0x5D, 0xB3, + 0xEF, 0xA7, 0x26, 0xCF, 0x88, 0x55, 0x59, 0x01, + 0x84, 0x12, 0x82, 0xAA, 0x08, 0xF6, 0x66, 0xA6, + 0x53, 0x51, 0xA6, 0xA2, 0x4E, 0xED, 0x6B, 0xE2, + 0x11, 0x77, 0x31, 0x07, 0xE1, 0x85, 0xE1, 0xB4, + 0x88, 0xA2, 0xE4, 0x91, 0xB6, 0xC1, 0x41, 0x52, + 0x84, 0x62, 0xA8, 0x64, 0x94, 0xB5, 0x4F, 0xDC, + 0xCE, 0xCC, 0xB6, 0xAA, 0x21, 0x25, 0x36, 0x86, + 0x69, 0x3A, 0xE7, 0x98, 0xC9, 0xCE, 0x9E, 0x0B, + 0xDD, 0xC6, 0xAE, 0x53, 0xD9, 0xB7, 0x06, 0xDC, + 0x4F, 0x4D, 0x81, 0xB9, 0xC7, 0x3C, 0x46, 0x1E, + 0xCD, 0x70, 0x35, 0xC5, 0x17, 0x2E, 0xFA, 0xE5, + 0x60, 0x2C, 0xAF, 0x88, 0xC6, 0x4E, 0x79, 0xE5, + 0x32, 0x40, 0x30, 0x55, 0x5D, 0xE2, 0x11, 0xF8, + 0x9F, 0xD4, 0x24, 0xC3, 0x38, 0xC3, 0x88, 0x3C, + 0x83, 0xCA, 0x94, 0x05, 0xC2, 0xB5, 0xD1, 0x44, + 0x5F, 0x7C, 0x98, 0xC4, 0x3E, 0xD3, 0xD2, 0xBE, + 0xCB, 0xE2, 0x5F, 0x5F, 0x3F, 0x54, 0x4C, 0xCC, + 0x5B, 0x5A, 0xEA, 0xE4, 0x7D, 0xDF, 0x3F, 0xB5, + 0x64, 0x9F, 0xF5, 0xD6, 0x1E, 0xAA, 0x02, 0xED, + 0xEB, 0xC7, 0x5C, 0xE4, 0x78, 0xBA, 0x00, 0x42, + 0x6C, 0xAF, 0x47, 0x4F, 0xA7, 0x9E, 0x5B, 0x08, + 0x9E, 0xB1, 0xA8, 0x82, 0xF1, 0x53, 0x54, 0x59, + 0x26, 0x95, 0x95, 0x2B, 0xA0, 0xA8, 0xEE, 0x91, + 0xE6, 0x49, 0xE3, 0xF2, 0xC3, 0x82, 0x26, 0x4D, + 0xAA, 0x30, 0xF6, 0xA6, 0xD2, 0x17, 0xF6, 0x12, + 0x9C, 0x19, 0x39, 0xB6, 0xDC, 0xAC, 0xCD, 0xA5, + 0xB6, 0x37, 0x32, 0x6E, 0x8A, 0x83, 0x61, 0xC3, + 0xB5, 0x6F, 0xCF, 0xFC, 0x48, 0x50, 0x36, 0x86, + 0x58, 0x22, 0xB9, 0xBB, 0x87, 0xB4, 0x35, 0x10, + 0xBC, 0xDD, 0x55, 0xBC, 0x35, 0x0D, 0xE7, 0xB2, + 0xAE, 0x90, 0xA2, 0x1E, 0x9E, 0x19, 0x97, 0x8E, + 0xDA, 0x10, 0xDF, 0x66, 0x76, 0x14, 0xA4, 0x4F, + 0xE2, 0xA8, 0x4D, 0x16, 0xBE, 0x04, 0x3E, 0xA8, + 0x77, 0x36, 0x33, 0xEA, 0x6B, 0xAD, 0xF6, 0x57, + 0x10, 0x05, 0x2F, 0x34, 0x1F, 0x65, 0xCB, 0xE9, + 0x28, 0xD3, 0x96, 0x2A, 0x5A, 0x2F, 0xE6, 0x4E, + 0x46, 0xD6, 0xBF, 0xB8, 0xFD, 0x0D, 0x99, 0x78, + 0xF0, 0x42, 0x3C, 0xBD, 0x19, 0x5F, 0x72, 0xF3, + 0xCB, 0x19, 0xD7, 0xEF, 0xD9, 0xEB, 0xE3, 0x3C, + 0xD2, 0xF5, 0x70, 0x9A, 0x57, 0x80, 0x7D, 0xF9, + 0x44, 0xEC, 0xE5, 0x68, 0xAA, 0xCA, 0x43, 0x36, + 0x42, 0x20, 0x83, 0xB0, 0x69, 0x7B, 0x6A, 0xA0, + 0x05, 0x86, 0xE4, 0xBF, 0x7D, 0xD6, 0x73, 0xA3, + 0xD5, 0x96, 0xB8, 0x61, 0x8A, 0xC3, 0xB4, 0x06, + 0x17, 0x50, 0xC6, 0xBE, 0x97, 0xCB, 0x53, 0x75, + 0x3D, 0x02, 0x39, 0x55, 0x56, 0x07, 0x5A, 0x26, + 0xF1, 0x40, 0xB9, 0x3F, 0x57, 0x7D, 0xAD, 0x50, + 0x5E, 0x1C, 0xF2, 0xB5, 0x51, 0xA0, 0x4C, 0x98, + 0xC7, 0xF0, 0x90, 0x18, 0x31, 0xB3, 0xCA, 0x61, + 0xD7, 0x5D, 0xA7, 0x93, 0xAC, 0x72, 0xA4, 0x4C, + 0x7A, 0x07, 0xF7, 0xDB, 0xBA, 0xD6, 0x0A, 0x55, + 0xF4, 0x9C, 0xBD, 0x79, 0xDE, 0xE4, 0x73, 0x9F, + 0xFD, 0x36, 0x77, 0x8E, 0xBD, 0x08, 0xEB, 0xDB, + 0x79, 0xEC, 0x07, 0xA1, 0x62, 0x39, 0xC5, 0xB9, + 0x21, 0x59, 0x9F, 0xEB, 0xFE, 0xA4, 0x6D, 0xDF, + 0x96, 0x6A, 0xA4, 0xA0, 0x15, 0x12, 0xE6, 0x10, + 0x94, 0x3F, 0x5D, 0xC5, 0x4B, 0x4C, 0x76, 0xB7, + 0x64, 0xB3, 0x80, 0xBF, 0x2F, 0x84, 0xED, 0xE3, + 0x21, 0x24, 0x91, 0x2F, 0x54, 0xF7, 0xB6, 0xE2, + 0x07, 0xB7, 0x38, 0x1F, 0x67, 0x0F, 0x7A, 0xA0, + 0xF3, 0xC3, 0xED, 0x10, 0x15, 0x74, 0x03, 0x84, + 0xDD, 0x61, 0xA9, 0x76, 0x5E, 0xE4, 0x69, 0x6E, + 0xAC, 0xF8, 0x2E, 0xA4, 0x10, 0x69, 0x18, 0x05, + 0xCB, 0x68, 0x89, 0x03, 0x53, 0x5D, 0x70, 0x46, + 0x10, 0x0D, 0xCC, 0x2B, 0xA7, 0xD8, 0x30, 0x2A, + 0xCB, 0x04, 0x30, 0xD5, 0x06, 0xCC, 0xC1, 0xC0, + 0xDD, 0xEA, 0x71, 0x11, 0xA7, 0x6F, 0x45, 0xB4, + 0x54, 0xE2, 0x5C, 0xDD, 0xFB, 0x63, 0x9B, 0x3D, + 0x66, 0x4C, 0x36, 0xD8, 0x84, 0x35, 0x13, 0xA3, + 0xFC, 0xAF, 0x9E, 0x60, 0x57, 0xE9, 0xBC, 0x06, + 0x82, 0x37, 0xFE, 0x24, 0x19, 0xA2, 0xD2, 0xD9, + 0x0B, 0x4A, 0x1F, 0xC2, 0xA7, 0x1A, 0x14, 0x6D, + 0x2B, 0xD0, 0x43, 0x64, 0xC7, 0x9B, 0x8E, 0xBA, + 0x8E, 0x3E, 0x88, 0xCE, 0x11, 0xE9, 0x16, 0xE4, + 0xA7, 0x52, 0x84, 0x21, 0x32, 0x8C, 0xF5, 0x4F, + 0xAA, 0xB2, 0xB1, 0x9F, 0x44, 0x46, 0x87, 0x81, + 0xF8, 0xAB, 0x84, 0xB7, 0xDD, 0x97, 0x2F, 0xF5, + 0x61, 0x50, 0x71, 0x43, 0x0A, 0x43, 0x74, 0xDA, + 0xFC, 0xAE, 0x1E, 0x60, 0x44, 0xAA, 0x98, 0xE9, + 0x85, 0x94, 0x1B, 0xA6, 0xB9, 0xDB, 0x8C, 0x02, + 0xF5, 0x89, 0x60, 0x3E, 0xEB, 0x8B, 0xE9, 0x0A, + 0x70, 0xEF, 0xC0, 0x88, 0xD7, 0x95, 0xE6, 0xDA, + 0x1F, 0x1F, 0x2E, 0x6E, 0xCE, 0xDD, 0x03, 0x1D, + 0x81, 0x99, 0xE6, 0x59, 0x12, 0xD4, 0x34, 0xD0, + 0x9B, 0xFB, 0xE5, 0x94, 0x40, 0x6D, 0xC1, 0x15, + 0x0E, 0x99, 0x35, 0x8C, 0xEA, 0x7F, 0xAD, 0x2E, + 0x7C, 0x44, 0xC3, 0x8B, 0x6E, 0x0C, 0xEE, 0xAB, + 0x9B, 0xDE, 0x0D, 0xB9, 0x7B, 0xCF, 0x5A, 0xC9, + 0x94, 0x10, 0xC9, 0x47, 0x0E, 0x26, 0x6B, 0x8B, + 0xE4, 0x5F, 0x66, 0x90, 0x83, 0x1F, 0x41, 0x45, + 0xE2, 0x63, 0x79, 0xDB, 0x80, 0x7C, 0x26, 0xDD, + 0xF9, 0x1E, 0x30, 0x9D, 0x4F, 0x4A, 0x3E, 0x7E, + 0xCA, 0xB7, 0x36, 0x2F, 0x15, 0xD2, 0x0E, 0xA4, + 0x33, 0xB7, 0xE7, 0x0A, 0x7D, 0xDE, 0x74, 0x16, + 0xCE, 0xA8, 0x71, 0x49, 0x8B, 0x2C, 0xE3, 0xF5, + 0x8D, 0x29, 0xD8, 0x62, 0x8C, 0x53, 0x18, 0x40, + 0xF0, 0x22, 0xDD, 0x3B, 0xD2, 0xF3, 0x80, 0x9B, + 0x11, 0x68, 0xD3, 0x8E, 0x63, 0xC7, 0xF6, 0x93, + 0x08, 0xA3, 0x1A, 0x2D, 0x4D, 0x5E, 0xEB, 0x97, + 0x42, 0x39, 0xB3, 0x4A, 0x62, 0xBC, 0x85, 0xE4, + 0xEC, 0xF9, 0x0C, 0x33, 0x6A, 0x0C, 0x37, 0xBD, + 0x9E, 0x0E, 0xF4, 0x26, 0x6B, 0x83, 0x5A, 0xC8, + 0x90, 0x6A, 0x83, 0xCF, 0x0B, 0x35, 0x13, 0x8A, + 0x65, 0xE5, 0xD9, 0xA6, 0x1F, 0xCC, 0x9B, 0x2D, + 0x5A, 0x33, 0x7B, 0x8A, 0xBE, 0xF8, 0x8A, 0x7F, + 0xB3, 0xC0, 0x94, 0x5D, 0x7C, 0xAF, 0x35, 0x61, + 0x1A, 0xE0, 0xE4, 0x46, 0x93, 0xA5, 0xBC, 0xE0, + 0xA6, 0xE2, 0xFE, 0xCA, 0xE9, 0xBD, 0xF4, 0xE3, + 0x56, 0xD6, 0x53, 0x6B, 0x58, 0x1A, 0x18, 0xF0, + 0x3A, 0x59, 0x16, 0x4E, 0xD5, 0x44, 0x7C, 0x7E, + 0xC8, 0xBD, 0x99, 0x7B, 0xE9, 0x53, 0xDE, 0xD9, + 0x32, 0x53, 0x5B, 0x5F, 0x43, 0x8A, 0x04, 0x31, + 0x9F, 0x5E, 0x0D, 0x8B, 0x0F, 0xEB, 0xC8, 0xDE, + 0x81, 0x46, 0x65, 0x8E, 0x52, 0xB9, 0x75, 0x9C, + 0x73, 0x93, 0x5B, 0x12, 0x0D, 0xC9, 0xB8, 0x54, + 0xF3, 0xC8, 0xF9, 0x4E, 0xC9, 0x33, 0x90, 0x57, + 0xD7, 0xD7, 0xCD, 0x91, 0xF7, 0xE0, 0xB9, 0x8D, + 0x84, 0xEC, 0x7B, 0x2F, 0x92, 0x32, 0x8D, 0x73, + 0x60, 0x18, 0xB0, 0x31, 0x65, 0xA8, 0x74, 0x5F, + 0x8E, 0x77, 0xEB, 0x80, 0x29, 0xF9, 0x78, 0x26, + 0x70, 0xCB, 0xD8, 0x6B, 0x43, 0x16, 0xC7, 0xBE, + 0x4A, 0x88, 0x03, 0x38, 0xBA, 0xCF, 0xB0, 0x15, + 0x69, 0x9B, 0xF3, 0x0D, 0x3A, 0x4B, 0x05, 0x32, + 0x54, 0x35, 0xBA, 0x5F, 0xA3, 0xB9, 0xD2, 0xB2, + 0xFE, 0x0B, 0x51, 0x9C, 0x2C, 0xB2, 0x46, 0xE5, + 0x3D, 0x1A, 0x34, 0x3D, 0x66, 0x1A, 0x66, 0x14, + 0x3C, 0x6F, 0x46, 0x8C, 0x55, 0x38, 0x64, 0x5C, + 0xC2, 0x6D, 0x4E, 0x2A, 0x87, 0x03, 0xEC, 0x9B, + 0x10, 0xFC, 0x89, 0xBE, 0x6F, 0x85, 0x99, 0x97, + 0x70, 0x8F, 0x31, 0x19, 0x4F, 0x0D, 0xFE, 0xE9, + 0x29, 0x98, 0xB2, 0x5E, 0x93, 0xB9, 0x70, 0x70, + 0xDE, 0x14, 0x40, 0x9D, 0x5B, 0xA4, 0x3D, 0xF8, + 0x8D, 0x15, 0xC2, 0xFB, 0xA9, 0x7B, 0xDD, 0xE6, + 0x18, 0xCC, 0x3F, 0xC0, 0x42, 0xF7, 0x74, 0x81, + 0x84, 0xBA, 0x9E, 0xC9, 0xCB, 0xA1, 0xB2, 0x00, + 0x68, 0x81, 0xD0, 0x51, 0x42, 0x64, 0x19, 0x8F, + 0xB6, 0x91, 0xC5, 0xC0, 0x38, 0xE0, 0x49, 0x50, + 0xCF, 0x69, 0x09, 0x93, 0x77, 0xFE, 0x66, 0xBA, + 0x64, 0xE2, 0x19, 0x52, 0xA4, 0x45, 0x81, 0x71, + 0x96, 0x64, 0xF5, 0xD9, 0x23, 0x97, 0xD2, 0x2A, + 0xA7, 0x03, 0x2B, 0xF5, 0x89, 0xAF, 0x8A, 0xCA, + 0x48, 0xDF, 0x6D, 0x14, 0xEB, 0x43, 0xCE, 0xF0, + 0xA9, 0xC8, 0xA8, 0xF9, 0xAD, 0x32, 0x95, 0x25, + 0xEF, 0x0A, 0xAA, 0x4F, 0x9E, 0x09, 0xC3, 0x51, + 0x3C, 0xF0, 0x29, 0xF3, 0xDE, 0xFC, 0xBB, 0x41, + 0x14, 0xFA, 0x0F, 0x66, 0x8D, 0xB4, 0x72, 0x2F, + 0xCC, 0xD9, 0xC2, 0x07, 0xB6, 0x6F, 0x10, 0x9E, + 0xD9, 0x5B, 0x45, 0x4B, 0xB6, 0x19, 0x5D, 0x59, + 0xC4, 0xA6, 0x78, 0xBA, 0x6F, 0x5A, 0x9B, 0x23, + 0x41, 0x21, 0xAD, 0x05, 0x16, 0xA1, 0xD4, 0x12, + 0x3D, 0x38, 0x26, 0xD9, 0x2A, 0x61, 0xB3, 0x5D, + 0xEB, 0x29, 0x5B, 0xAA, 0x2F, 0xE1, 0xB5, 0xEE, + 0x25, 0x02, 0x1D, 0xAE, 0xF8, 0x57, 0xB5, 0xDF, + 0x19, 0x2E, 0x17, 0x5E, 0x3A, 0x2A, 0x0D, 0x3F, + 0x08, 0x2F, 0x21, 0x1C, 0xB5, 0xBD, 0xC2, 0x36, + 0x27, 0x4F, 0x86, 0xC5, 0xDC, 0x74, 0xC3, 0x9B, + 0xE9, 0x7C, 0xCF, 0x5F, 0x57, 0x94, 0xEB, 0x64, + 0xEC, 0x64, 0x55, 0x45, 0x21, 0x0F, 0xC6, 0x67, + 0xD1, 0xE0, 0x74, 0x0E, 0x66, 0xCB, 0xED, 0xC2, + 0x06, 0x48, 0xCA, 0x1F, 0xA7, 0x34, 0x14, 0x59, + 0x6B, 0xA0, 0x89, 0x17, 0xA1, 0x9A, 0x46, 0x3A, + 0xD3, 0x02, 0x7C, 0x81, 0x83, 0x6B, 0x8F, 0x4F, + 0x02, 0xB9, 0x9F, 0xC5, 0x08, 0x3F, 0x06, 0xF3, + 0x4B, 0xD2, 0x30, 0x9C, 0x23, 0x42, 0xAD, 0x88, + 0xA8, 0x4F, 0xA9, 0x6E, 0x20, 0x7C, 0x01, 0x08, + 0xF6, 0x82, 0x54, 0x14, 0x94, 0x4F, 0x26, 0x4E, + 0xD6, 0xC4, 0x66, 0x7C, 0x78, 0x8D, 0x61, 0xA6, + 0xBC, 0x2C, 0x45, 0x6A, 0xF6, 0x6C, 0x2F, 0x76, + 0x9E, 0x16, 0x90, 0x17, 0x06, 0x91, 0x2C, 0xC9, + 0x0D, 0x4B, 0x6C, 0x90, 0xDC, 0xA1, 0x6C, 0xAC, + 0x8F, 0xFE, 0xD8, 0x39, 0x70, 0x20, 0xE2, 0x97, + 0x5E, 0x24, 0xFF, 0x4C, 0x80, 0x7C, 0x8A, 0xB7, + 0x31, 0xC8, 0x1D, 0x36, 0xCA, 0x84, 0xC9, 0x12, + 0x1A, 0x85, 0x13, 0xE0, 0xC9, 0xD0, 0xF4, 0x1B, + 0xC6, 0x8F, 0x88, 0xEA, 0xCA, 0xA3, 0x55, 0x99, + 0xFA, 0xE3, 0xBB, 0xA6, 0xFC, 0xC6, 0x52, 0x8D, + 0x47, 0xE4, 0x0C, 0x07, 0x64, 0xCF, 0x9C, 0x83, + 0x83, 0xB3, 0xA4, 0x45, 0x15, 0xE6, 0x1D, 0x92, + 0xCD, 0xAE, 0xC9, 0xCB, 0x90, 0x82, 0xB5, 0xA0, + 0xC0, 0x37, 0x94, 0x60, 0xD9, 0x17, 0x9A, 0x7D, + 0x9D, 0xF2, 0x9E, 0x0B, 0x4B, 0x6A, 0x41, 0x18, + 0x28, 0x52, 0x15, 0xE8, 0x7B, 0x6F, 0x11, 0x8E, + 0x97, 0x31, 0xE4, 0x66, 0xFB, 0x3F, 0xEB, 0xD1, + 0x95, 0xE1, 0x44, 0xFD, 0x20, 0x37, 0xD1, 0x16, + 0x62, 0x75, 0x79, 0xAC, 0x55, 0xFE, 0xD5, 0xE3, + 0x25, 0x85, 0xEC, 0x66, 0x38, 0xA0, 0xDF, 0xBE, + 0x6E, 0xD6, 0xC5, 0x87, 0x6C, 0xF8, 0x11, 0x4C, + 0x90, 0x2A, 0xEF, 0xA3, 0x63, 0xF4, 0xC9, 0xB7, + 0x2E, 0x7D, 0x5C, 0x85, 0x2D, 0xCC, 0x1A, 0xF2, + 0xB8, 0x85, 0x2A, 0x9D, 0x0F, 0x99, 0x59, 0x38, + 0x86, 0x50, 0x84, 0xCE, 0x52, 0x13, 0xB3, 0x08, + 0xA9, 0xCB, 0x37, 0xF6, 0x81, 0x96, 0x0D, 0x84, + 0xEF, 0xE1, 0xDF, 0x51, 0x34, 0xA5, 0x91, 0x5A, + 0xE5, 0x87, 0x8B, 0x10, 0xDA, 0x0F, 0xD4, 0xD9, + 0xAC, 0x2A, 0xEF, 0x0C, 0x7E, 0x01, 0xC2, 0xE9, + 0xE7, 0xC0, 0x17, 0xE7, 0xBA, 0x74, 0x0C, 0xEE, + 0x1A, 0x89, 0x94, 0x59, 0xBB, 0x75, 0x03, 0x3E, + 0xEA, 0xF3, 0x19, 0x0D, 0x67, 0x79, 0xED, 0x9E, + 0xDD, 0x84, 0x6A, 0x74, 0xE3, 0x21, 0x52, 0x8C, + 0x03, 0x08, 0x4A, 0x5D, 0x30, 0x87, 0x48, 0x39, + 0x71, 0x8A, 0x53, 0x54, 0x9B, 0x2E, 0xC6, 0xB2, + 0xB7, 0x30, 0xAA, 0x93, 0x5C, 0xA6, 0xE1, 0xC4, + 0xFD, 0x8B, 0xE0, 0x35, 0x7D, 0x93, 0xF6, 0x21, + 0x74, 0xEE, 0xED, 0xF8, 0xDA, 0xB7, 0x75, 0x5B, + 0x46, 0x65, 0x7E, 0x59, 0xD7, 0xAA, 0x00, 0xB9, + 0xF2, 0xF8, 0x5E, 0x4C, 0x0F, 0x77, 0xFA, 0x11, + 0xA5, 0xD6, 0x9A, 0x23, 0xB1, 0xEF, 0x3A, 0x09, + 0xF2, 0x19, 0xD8, 0x3B, 0x1F, 0x39, 0x1F, 0x84, + 0x13, 0x18, 0xEE, 0xF3, 0x5A, 0x32, 0x63, 0x67, + 0xBF, 0xA2, 0xB1, 0x5F, 0xD7, 0x14, 0x03, 0x20, + 0x92, 0xB9, 0xD0, 0x2B, 0xF6, 0x13, 0xAF, 0xF7, + 0x69, 0x6F, 0xAD, 0xF1, 0xDE, 0x2C, 0x81, 0x70, + 0x77, 0xCB, 0x7C, 0x99, 0x67, 0x76, 0xD6, 0x9E, + 0xC2, 0x41, 0xA2, 0x42, 0x54, 0xDA, 0x2D, 0x13, + 0x98, 0x76, 0x91, 0xEA, 0xC7, 0xEB, 0xA8, 0xCD, + 0x8D, 0xCF, 0xB3, 0x94, 0x7B, 0x1D, 0x99, 0xED, + 0xF9, 0x62, 0xD2, 0x15, 0xB3, 0x18, 0xBB, 0x5F, + 0x9A, 0xA0, 0x4D, 0x1C, 0x82, 0x62, 0x6A, 0x41, + 0x73, 0xD0, 0x2D, 0x41, 0x0C, 0x58, 0x6B, 0xCA, + 0x4E, 0x51, 0xCA, 0x4F, 0x3E, 0x15, 0x1B, 0x54, + 0xF1, 0x7A, 0x6B, 0xC9, 0x67, 0x76, 0x09, 0xBB, + 0xAF, 0x6C, 0x30, 0x38, 0xA6, 0x7C, 0xAD, 0xA6, + 0x6B, 0x4F, 0xDF, 0xB5, 0x10, 0x29, 0xE0, 0x78, + 0x07, 0xD7, 0x05, 0x96, 0x9D, 0x96, 0xC9, 0xAB, + 0xFB, 0x71, 0x62, 0xE4, 0x58, 0x10, 0xA1, 0xDC, + 0x4B, 0x56, 0xDA, 0x14, 0x77, 0xED, 0x90, 0x0A, + 0x89, 0xCC, 0xAC, 0x29, 0x8E, 0x17, 0x88, 0x42, + 0x69, 0xC3, 0x9E, 0x8D, 0x7A, 0xB9, 0x66, 0xF3, + 0x3D, 0xDA, 0xDB, 0xE5, 0x6A, 0x38, 0x4C, 0xA2, + 0x0A, 0x7B, 0x18, 0x99, 0xEC, 0x18, 0xE2, 0xAE, + 0x54, 0x70, 0x00, 0xB9, 0x04, 0xE3, 0x4E, 0x46, + 0x80, 0x1D, 0x85, 0x74, 0xDB, 0x00, 0x84, 0x17, + 0xBC, 0xFD, 0xD1, 0xA7, 0x4D, 0xC0, 0x18, 0xE5, + 0x07, 0xB7, 0x6B, 0x0F, 0xA0, 0x86, 0x26, 0x23, + 0x5B, 0x1C, 0xE2, 0x4B, 0xCF, 0xC3, 0x20, 0xFA, + 0xE3, 0x55, 0x1C, 0x1C, 0x92, 0x9B, 0x94, 0xC7, + 0xC4, 0x96, 0x53, 0x41, 0x82, 0x9D, 0x8A, 0x13, + 0x47, 0xD6, 0xA7, 0x38, 0x58, 0x03, 0xB0, 0x8B, + 0xCD, 0xA8, 0x4A, 0x27, 0xEA, 0x5E, 0x49, 0xCA, + 0x1E, 0x60, 0x06, 0xEA, 0x23, 0x2A, 0x53, 0xEE, + 0x41, 0x7E, 0xC8, 0x81, 0xD3, 0x32, 0x8A, 0x15, + 0x63, 0x82, 0xA6, 0xB2, 0x93, 0x89, 0x4D, 0xDF, + 0x9B, 0x36, 0x9C, 0xDE, 0x6B, 0x2F, 0xF5, 0x9C, + 0xB6, 0xA5, 0x64, 0xE2, 0x1C, 0x92, 0x79, 0xEC, + 0xA0, 0x31, 0x1F, 0x5D, 0x80, 0xCE, 0x39, 0xB9, + 0x8B, 0xF9, 0x0D, 0xB3, 0x27, 0xF7, 0x4D, 0x3F, + 0x76, 0x2D, 0x11, 0x7D, 0xF5, 0xF9, 0x13, 0x20, + 0x84, 0xFF, 0xB5, 0x55, 0xA5, 0xD1, 0x47, 0x22, + 0x1A, 0xF8, 0x63, 0xAB, 0xF7, 0x87, 0x15, 0xB7, + 0x21, 0x94, 0x52, 0x9A, 0x0E, 0x33, 0x4D, 0x4A, + 0x19, 0x1D, 0x42, 0xA9, 0x9B, 0xEA, 0x52, 0xAD, + 0xA2, 0xC7, 0xCC, 0x4A, 0x97, 0x74, 0xD5, 0xCB, + 0x28, 0xD4, 0xED, 0x82, 0xB6, 0x1F, 0x94, 0xE8, + 0x9F, 0x60, 0xF0, 0xC8, 0xEA, 0x52, 0xDC, 0x07, + 0x9D, 0x46, 0x58, 0xBF, 0x8C, 0x85, 0x6D, 0x61, + 0x52, 0xD9, 0x22, 0x51, 0x94, 0x8B, 0x3B, 0xA0, + 0x14, 0xD8, 0xBA, 0xF3, 0xDC, 0xD3, 0x6B, 0xC7, + 0x1F, 0x8E, 0x5B, 0x2C, 0xE6, 0xF5, 0x35, 0xB7, + 0xB9, 0xAE, 0x13, 0xDA, 0x4A, 0x1E, 0xAF, 0xFC, + 0x25, 0x3B, 0xE4, 0x3A, 0x9F, 0x60, 0x8E, 0xAC, + 0xE7, 0x33, 0xCF, 0xCE, 0x52, 0xEA, 0x5C, 0xDA, + 0x83, 0x59, 0xDB, 0x53, 0xFF, 0x3A, 0xF2, 0xCE, + 0xFE, 0x87, 0x79, 0xBC, 0xC5, 0x3C, 0x24, 0xA4, + 0xB1, 0x8D, 0x5E, 0x0D, 0x78, 0x1B, 0xEC, 0xF7, + 0x5B, 0x54, 0x77, 0x47, 0x3A, 0x20, 0x24, 0xAD, + 0x56, 0xC5, 0x4A, 0x7F, 0x99, 0x0E, 0xF6, 0xB1, + 0xDF, 0xAC, 0x50, 0x10, 0x88, 0x50, 0x9D, 0x3A, + 0x37, 0xF1, 0xC8, 0xD5, 0xC2, 0x64, 0x87, 0xE4, + 0x20, 0xB7, 0xF4, 0x35, 0x8E, 0x92, 0x69, 0x76, + 0x1F, 0xF1, 0xFA, 0x3A, 0xFC, 0xBE, 0xCA, 0xEB, + 0x68, 0xF5, 0xDD, 0xDE, 0x3A, 0xA8, 0xFD, 0x07, + 0x8C, 0xC4, 0x22, 0x4C, 0xEA, 0x67, 0x13, 0x2D, + 0x7E, 0xBF, 0x5D, 0x23, 0x2E, 0x43, 0xBA, 0xDD, + 0x21, 0x8C, 0x0B, 0x4D, 0xBE, 0x1E, 0x16, 0x52, + 0x98, 0x66, 0xB9, 0xAB, 0x93, 0x58, 0x85, 0xAC, + 0xB4, 0x15, 0xFB, 0xB1, 0xEE, 0xE6, 0x94, 0x08, + 0xA5, 0x21, 0xB4, 0x62, 0xEC, 0x59, 0xCD, 0x0D, + 0x3C, 0x54, 0x96, 0xD9, 0x85, 0xAE, 0xB0, 0xCE, + 0x37, 0x4F, 0x67, 0x72, 0xA4, 0xE6, 0x39, 0x3A, + 0x4E, 0xF0, 0x07, 0x43, 0x80, 0x90, 0xA8, 0xA9, + 0xE5, 0x2D, 0x2F, 0x55, 0x66, 0x6D, 0x70, 0xF0, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, + 0x08, 0x0E, 0x12, 0x19, 0x20 + }; +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + static const byte pk_87_draft[] = { + 0x2D, 0x1E, 0x6B, 0xED, 0x84, 0x52, 0xEB, 0xF1, + 0x26, 0xED, 0xE7, 0x0C, 0xA0, 0xA2, 0xB5, 0x0D, + 0x03, 0x34, 0x2D, 0x5B, 0x13, 0xB2, 0xAE, 0x21, + 0x0F, 0x45, 0x62, 0xA3, 0xBF, 0x67, 0x0C, 0xB1, + 0x5C, 0xE9, 0x25, 0xFD, 0x22, 0xF2, 0x62, 0x42, + 0xBA, 0xE3, 0x10, 0xB3, 0xAA, 0x41, 0x3B, 0x6E, + 0x78, 0xD4, 0x42, 0xD9, 0x35, 0xD1, 0x72, 0x8A, + 0x32, 0x48, 0xCC, 0x20, 0x5C, 0xCD, 0x8D, 0x3F, + 0xD8, 0x34, 0x95, 0x55, 0x20, 0xCD, 0xFB, 0x2C, + 0x73, 0xE9, 0x0E, 0x60, 0x8B, 0x2C, 0x3F, 0xA8, + 0xB7, 0xD1, 0x79, 0xFD, 0xDC, 0xC8, 0x81, 0x11, + 0xC9, 0xE8, 0x41, 0x71, 0xE9, 0x70, 0x9B, 0x53, + 0x59, 0x33, 0xE4, 0x92, 0xB6, 0x81, 0x9C, 0x6A, + 0x92, 0xED, 0xA2, 0x5A, 0xC4, 0x07, 0x77, 0x1A, + 0x8F, 0xED, 0xB4, 0xE7, 0x11, 0xFB, 0x89, 0xEB, + 0x7B, 0xDF, 0xCC, 0xEA, 0xC5, 0x3B, 0x4E, 0xF4, + 0x6B, 0x6F, 0xBE, 0xE1, 0x32, 0xA9, 0xD7, 0xAD, + 0xB4, 0x36, 0xE7, 0x4A, 0x6D, 0x67, 0x11, 0x83, + 0xAF, 0x31, 0x1A, 0x7A, 0x31, 0x42, 0x9B, 0x01, + 0x21, 0x17, 0x52, 0x75, 0x85, 0xF7, 0x92, 0x0F, + 0x34, 0x8A, 0x69, 0x11, 0x88, 0x5A, 0x02, 0x08, + 0xB6, 0x6D, 0xE3, 0x07, 0x93, 0xB1, 0x3F, 0xE1, + 0xD5, 0x7B, 0xD9, 0x51, 0xF7, 0xAA, 0xC0, 0x34, + 0x9A, 0x78, 0x5D, 0x26, 0xDB, 0xF1, 0xF0, 0xA9, + 0x1E, 0x5C, 0x9F, 0x4F, 0xA7, 0x43, 0x5C, 0x44, + 0xA9, 0x43, 0xF1, 0x38, 0x11, 0x45, 0xED, 0xEB, + 0x1C, 0x8A, 0x05, 0xEE, 0xFF, 0xAB, 0x20, 0x2C, + 0xF6, 0x2C, 0xEE, 0x77, 0x42, 0x36, 0x3E, 0xE6, + 0x9D, 0x8E, 0x45, 0x0F, 0xF6, 0x7C, 0x39, 0x62, + 0xD6, 0xFF, 0x97, 0xBC, 0x3D, 0x02, 0xD6, 0xDF, + 0x4A, 0x35, 0xDA, 0x3F, 0x89, 0xA4, 0x88, 0x33, + 0xCD, 0xF2, 0x90, 0xF0, 0xE9, 0x37, 0x2F, 0x65, + 0xA5, 0x88, 0x65, 0xFD, 0x40, 0x44, 0xAD, 0x09, + 0x09, 0x92, 0xAA, 0x15, 0x9E, 0xEE, 0xF7, 0x2B, + 0x0D, 0xA7, 0xCB, 0x3A, 0x5E, 0x0A, 0xED, 0xD6, + 0x7D, 0x82, 0x8B, 0xBA, 0xCF, 0xE5, 0x9E, 0xE4, + 0x62, 0xAB, 0x69, 0x6B, 0xBA, 0xD0, 0xE5, 0xA9, + 0xBB, 0x1F, 0x5A, 0x51, 0xE0, 0xFA, 0x5D, 0xD4, + 0x4D, 0x8E, 0xC0, 0xDC, 0x43, 0x06, 0xDF, 0x23, + 0x67, 0xB2, 0x4A, 0xA2, 0xFB, 0x75, 0x2F, 0x82, + 0xD8, 0x44, 0xE4, 0xC0, 0xCE, 0x15, 0x9E, 0x3F, + 0xD6, 0xB4, 0x70, 0x5F, 0x3B, 0xD0, 0x56, 0x3E, + 0x0A, 0x7A, 0x4B, 0x94, 0xBF, 0xBA, 0x01, 0x2B, + 0x9C, 0x8B, 0x91, 0x35, 0xF2, 0xDB, 0x4C, 0x8C, + 0x8D, 0xD6, 0xEE, 0xC8, 0x65, 0x8D, 0xF3, 0x05, + 0x59, 0xBE, 0x3A, 0x17, 0xA7, 0x72, 0x10, 0x56, + 0x14, 0xEF, 0xB8, 0xC1, 0xBE, 0x18, 0x11, 0x0B, + 0xE6, 0x70, 0xF8, 0x39, 0xA5, 0x72, 0x7D, 0xF9, + 0x47, 0xFB, 0xAC, 0xFD, 0x1F, 0xC3, 0x71, 0x33, + 0x58, 0x44, 0x15, 0xD3, 0x7C, 0x93, 0x2E, 0x70, + 0x92, 0xFA, 0xBB, 0xF2, 0xD0, 0x9D, 0x25, 0xC4, + 0xCF, 0x4A, 0xB8, 0xEC, 0xBE, 0x5D, 0x8B, 0x7F, + 0xA4, 0x7C, 0xAB, 0xAD, 0xE7, 0x1E, 0x93, 0x83, + 0x92, 0x86, 0x1E, 0x8D, 0x15, 0xA4, 0x1C, 0x5B, + 0x42, 0x25, 0xDA, 0x3D, 0x16, 0xD3, 0x93, 0xF2, + 0x85, 0x50, 0x86, 0x0A, 0x86, 0x35, 0x6B, 0x14, + 0xAB, 0x5F, 0x22, 0xD0, 0xCF, 0x03, 0x7C, 0xEB, + 0xB4, 0x0E, 0xAC, 0x87, 0xA2, 0x41, 0x42, 0xA0, + 0x21, 0x93, 0x00, 0xB6, 0x47, 0x6F, 0x96, 0xD0, + 0x41, 0xD1, 0xC3, 0x0E, 0x3C, 0x52, 0xD2, 0x45, + 0xAB, 0x6A, 0xE7, 0xA1, 0xE5, 0xFD, 0x73, 0xC5, + 0x82, 0x9D, 0x60, 0x62, 0x8B, 0x6D, 0x87, 0xFC, + 0x88, 0x9C, 0x3E, 0xEF, 0xAE, 0xAA, 0xB6, 0x1C, + 0x18, 0xEE, 0xD7, 0x51, 0x1A, 0x96, 0xC4, 0x93, + 0x25, 0x05, 0xD3, 0x83, 0x3D, 0xD8, 0x33, 0x16, + 0x14, 0x44, 0x88, 0xE2, 0xAF, 0xC4, 0xEC, 0x59, + 0x18, 0x12, 0xB9, 0x99, 0xC1, 0xC9, 0x5F, 0x31, + 0x79, 0x00, 0x03, 0xF6, 0xC9, 0x55, 0x14, 0xAA, + 0x29, 0x08, 0x78, 0x24, 0xAF, 0x1D, 0x99, 0x12, + 0x36, 0xD9, 0x4A, 0xD9, 0x50, 0xEF, 0x66, 0xFC, + 0x7F, 0xF4, 0xBC, 0x3B, 0xA0, 0xF6, 0xFD, 0xF2, + 0x62, 0xCA, 0xA5, 0x9D, 0x2B, 0x55, 0xB8, 0x33, + 0xBC, 0xA6, 0x7A, 0xA5, 0x1E, 0xE1, 0x14, 0x5F, + 0x94, 0xE2, 0xDC, 0xF0, 0x5B, 0xBD, 0x43, 0x07, + 0xD8, 0xB1, 0xE0, 0x81, 0x3F, 0x84, 0x54, 0x90, + 0xBF, 0x23, 0x59, 0x92, 0x3C, 0xA5, 0x98, 0xAB, + 0x7D, 0x99, 0xD2, 0xF0, 0xED, 0x8E, 0x0B, 0xC9, + 0x9F, 0xAF, 0xB0, 0x13, 0xED, 0xC7, 0xDD, 0xB8, + 0x61, 0x72, 0x07, 0x3D, 0xCC, 0x35, 0x73, 0xA0, + 0xCF, 0x0C, 0xD9, 0x7E, 0x93, 0xDC, 0x63, 0xB8, + 0x82, 0xEC, 0xF4, 0x30, 0xCE, 0x43, 0x92, 0xEA, + 0x5E, 0xD8, 0xC8, 0xA1, 0xEC, 0x79, 0xDC, 0xAE, + 0x64, 0xD4, 0x33, 0xEB, 0x53, 0x8C, 0xFC, 0x49, + 0x79, 0xBF, 0x7A, 0x28, 0x65, 0x1E, 0x8C, 0xD5, + 0x21, 0xB0, 0x8E, 0xCA, 0xAD, 0xF8, 0x96, 0x9A, + 0x98, 0x10, 0x00, 0x35, 0x6D, 0x58, 0x9A, 0xEF, + 0x84, 0x84, 0x86, 0x72, 0xBA, 0xCD, 0x38, 0x66, + 0x96, 0x9B, 0xC2, 0x83, 0xB0, 0x65, 0xC1, 0xAB, + 0xCF, 0x63, 0x8C, 0x2D, 0xC3, 0x42, 0xB2, 0x7D, + 0xF6, 0xB8, 0xF0, 0x3D, 0x26, 0x21, 0x8F, 0xAE, + 0x4E, 0x96, 0xF2, 0x55, 0x66, 0xBC, 0x6F, 0xED, + 0xE7, 0x19, 0xD3, 0x8D, 0xC0, 0xCD, 0x55, 0x20, + 0x5F, 0x10, 0xCA, 0xDA, 0x09, 0xED, 0x91, 0x4A, + 0x43, 0x33, 0xD3, 0x82, 0x11, 0x5C, 0x2F, 0x5D, + 0xEC, 0xCD, 0x54, 0xF9, 0x6C, 0xE4, 0xE5, 0xF2, + 0x68, 0xBC, 0xE9, 0x27, 0xB2, 0x1D, 0xCA, 0xB5, + 0xCD, 0x04, 0x01, 0x1E, 0x92, 0xF5, 0xF6, 0x01, + 0x86, 0x2B, 0x20, 0x20, 0x9B, 0xB0, 0xF9, 0x56, + 0xD9, 0x33, 0xD5, 0x0A, 0xEC, 0x1B, 0xF4, 0xCE, + 0xD2, 0xB2, 0xC2, 0xD4, 0x3F, 0x9A, 0x25, 0x76, + 0x8E, 0x29, 0x87, 0x52, 0x64, 0x86, 0x4A, 0xA5, + 0x7B, 0x5A, 0x91, 0x72, 0x6E, 0xBE, 0x6D, 0x73, + 0x0A, 0x8D, 0x89, 0x53, 0x82, 0x33, 0x70, 0x44, + 0x20, 0xBE, 0xE0, 0xB0, 0x1B, 0x76, 0x30, 0x43, + 0xA5, 0x5B, 0x8F, 0xAB, 0x7E, 0xB8, 0x61, 0x5F, + 0x43, 0x70, 0x1B, 0x1A, 0x71, 0x61, 0x56, 0xF9, + 0x13, 0x31, 0x2A, 0x64, 0x33, 0x14, 0x00, 0x98, + 0x72, 0xEC, 0x32, 0x88, 0x09, 0xFB, 0x64, 0x46, + 0x3D, 0x56, 0x02, 0xD9, 0x76, 0xD3, 0xAA, 0x90, + 0x0F, 0xBD, 0xF0, 0xF9, 0x96, 0x43, 0x7B, 0x62, + 0x19, 0x26, 0x22, 0x6A, 0x93, 0x91, 0xEC, 0x07, + 0x34, 0xF5, 0x22, 0x32, 0xB3, 0x65, 0x66, 0xE0, + 0x6B, 0x11, 0x7F, 0x97, 0x9F, 0x1A, 0x89, 0x46, + 0xCE, 0x8F, 0xBD, 0xFD, 0x2F, 0xCC, 0x3D, 0xBF, + 0xF2, 0x83, 0xA4, 0x30, 0xE1, 0x02, 0x72, 0xF8, + 0x74, 0xE6, 0x21, 0x96, 0x77, 0xE1, 0x57, 0x8A, + 0xF7, 0x9E, 0xB3, 0x31, 0xAF, 0xD8, 0xC5, 0xD7, + 0x20, 0xDC, 0xFD, 0xCF, 0x79, 0x06, 0x0F, 0x1F, + 0xE5, 0x84, 0x3D, 0x0B, 0x9C, 0xB3, 0xC7, 0xAB, + 0xB8, 0xF1, 0xC0, 0xD0, 0xB5, 0xC7, 0x01, 0xE2, + 0x0E, 0x3B, 0xAF, 0x7E, 0xAC, 0x44, 0x5A, 0x75, + 0x50, 0x0A, 0x76, 0x1C, 0x13, 0xDB, 0x25, 0xD4, + 0x0D, 0x19, 0x75, 0x4C, 0x02, 0xD9, 0xF3, 0xDF, + 0x6D, 0xBB, 0xCF, 0x47, 0xA6, 0xAE, 0xF6, 0xD1, + 0xFB, 0xF4, 0xB4, 0x55, 0xD3, 0xA5, 0x87, 0xA1, + 0x55, 0xFB, 0xBF, 0xCD, 0xF6, 0xA1, 0x64, 0x57, + 0x12, 0x75, 0x9A, 0x11, 0xA3, 0xCE, 0x42, 0x70, + 0x84, 0x54, 0x93, 0x12, 0xE1, 0x3A, 0x0F, 0xFA, + 0xCA, 0xF2, 0x25, 0x91, 0xF1, 0x4D, 0x8F, 0x84, + 0xB1, 0xB5, 0x35, 0xAC, 0xE9, 0x81, 0x77, 0x34, + 0x4D, 0x6F, 0x5D, 0x14, 0x9D, 0xB9, 0xE1, 0xF0, + 0x3F, 0x3C, 0xE7, 0xAD, 0x48, 0xE6, 0x8C, 0x51, + 0x86, 0xF4, 0x4A, 0xB4, 0xD0, 0x98, 0xEC, 0x3A, + 0x4E, 0xAB, 0x58, 0x2F, 0x08, 0x9E, 0x5A, 0x9D, + 0x45, 0x30, 0xB0, 0x85, 0xDF, 0x4A, 0xE7, 0x92, + 0xC6, 0xC8, 0x18, 0x93, 0x08, 0xCE, 0x9A, 0x8C, + 0xE2, 0x91, 0x8D, 0x91, 0x57, 0x7B, 0x37, 0xC8, + 0x80, 0xA2, 0x31, 0x10, 0x0D, 0x4E, 0xEF, 0x51, + 0x07, 0x94, 0x8E, 0xF8, 0x3C, 0x3C, 0x2E, 0xD5, + 0x03, 0x26, 0xB8, 0x72, 0x7F, 0xB9, 0xBC, 0xD7, + 0x95, 0xC4, 0x31, 0x08, 0xEC, 0x6F, 0xEE, 0x11, + 0xAF, 0xC0, 0xA2, 0xEC, 0xD7, 0xC8, 0x0B, 0xBE, + 0x15, 0xAE, 0xC9, 0x17, 0xBE, 0x37, 0xE2, 0x40, + 0x83, 0x65, 0xDE, 0xB3, 0x4E, 0xB4, 0x15, 0xB3, + 0x5C, 0x14, 0xF6, 0x5F, 0xA9, 0x1F, 0x70, 0xB5, + 0x23, 0x93, 0x78, 0xB9, 0x47, 0xF9, 0x1D, 0x2B, + 0x1E, 0x8D, 0xB1, 0x25, 0x7E, 0xE5, 0x85, 0x3C, + 0x16, 0x9F, 0xD0, 0xC2, 0x67, 0x8B, 0x0D, 0xD2, + 0x72, 0x4E, 0x74, 0x30, 0xE1, 0xAF, 0xB8, 0x66, + 0xCB, 0x53, 0xDF, 0xC4, 0xFB, 0xA5, 0x6D, 0x03, + 0xF2, 0xAE, 0xEE, 0x90, 0xFE, 0xD7, 0x30, 0xAF, + 0x33, 0x98, 0x09, 0xEB, 0x75, 0xC7, 0x3E, 0xC8, + 0x2F, 0xE7, 0x22, 0x5F, 0x2F, 0x0A, 0xBD, 0xA4, + 0x22, 0x88, 0x28, 0x19, 0x35, 0x83, 0x12, 0x86, + 0xEE, 0x72, 0xB4, 0x26, 0x89, 0x2F, 0xC7, 0x11, + 0x6E, 0xDD, 0x14, 0x98, 0x22, 0xE7, 0x73, 0x3E, + 0xFA, 0x46, 0x75, 0xF9, 0x40, 0xC1, 0x84, 0x22, + 0xBC, 0x75, 0x36, 0xC7, 0x82, 0xD3, 0xAE, 0x6E, + 0x0D, 0xBF, 0x6F, 0xC3, 0x4B, 0x67, 0x49, 0x19, + 0xF3, 0x4B, 0x12, 0xF2, 0x83, 0xFD, 0x39, 0x56, + 0x44, 0x05, 0x3A, 0x24, 0x6A, 0x35, 0x69, 0x12, + 0xCF, 0xE4, 0x93, 0xFE, 0x26, 0xCC, 0xD6, 0x01, + 0xA0, 0x4A, 0x84, 0xA8, 0x1D, 0x85, 0xE6, 0x83, + 0x0F, 0x3C, 0xE6, 0x6D, 0xD2, 0xCB, 0xB1, 0x14, + 0x8C, 0xEC, 0x10, 0xB3, 0x63, 0x4B, 0x9C, 0xF5, + 0x11, 0xE0, 0xF9, 0x86, 0x6F, 0xA7, 0xC0, 0x3B, + 0x9D, 0x25, 0xD7, 0x54, 0xCA, 0x40, 0x4D, 0x26, + 0xBA, 0x71, 0x8E, 0x25, 0xF5, 0xA7, 0xE3, 0x9B, + 0x25, 0x20, 0x7F, 0x29, 0x05, 0xB6, 0x27, 0x14, + 0x17, 0x67, 0x26, 0x10, 0xAD, 0xA3, 0x06, 0x03, + 0xFE, 0x82, 0x85, 0x5D, 0x01, 0x04, 0x4D, 0xE0, + 0x64, 0x38, 0x38, 0x5E, 0x83, 0x1E, 0x21, 0x9A, + 0x39, 0x02, 0xF8, 0xF9, 0x69, 0x85, 0x52, 0xE5, + 0xEC, 0x6A, 0xAC, 0x96, 0x86, 0xA7, 0x88, 0x69, + 0xB5, 0xB5, 0x7E, 0x03, 0x1D, 0xA9, 0x68, 0xCA, + 0x45, 0x0F, 0xF9, 0x14, 0xD6, 0x7B, 0xCF, 0x9C, + 0x03, 0x6F, 0xD1, 0xD9, 0x6F, 0x01, 0x3D, 0xF8, + 0xF3, 0x11, 0xF3, 0x29, 0x17, 0x90, 0xE8, 0x9B, + 0xED, 0x58, 0x9B, 0xF0, 0xBC, 0xC7, 0xBA, 0xF4, + 0x60, 0xC8, 0xAA, 0x30, 0xB4, 0x2F, 0x22, 0x8F, + 0xD3, 0xAC, 0x18, 0xC2, 0xB7, 0xC4, 0x7B, 0x31, + 0x9E, 0x0F, 0x7E, 0x9D, 0xBF, 0xD4, 0x63, 0xC2, + 0x8B, 0x1B, 0x58, 0x50, 0x33, 0x53, 0x6D, 0x79, + 0xBB, 0xF8, 0x0D, 0x91, 0x33, 0xD9, 0x07, 0xE7, + 0xB0, 0x81, 0xD4, 0xB4, 0x47, 0x61, 0x93, 0xF0, + 0xFB, 0x68, 0xBC, 0x1B, 0x41, 0xC2, 0xF5, 0x43, + 0x30, 0x7E, 0x76, 0xF9, 0xB1, 0xA3, 0xD6, 0xD4, + 0x26, 0xEA, 0x77, 0x75, 0x12, 0x7A, 0xC8, 0x30, + 0x9B, 0xCF, 0x45, 0xBE, 0x74, 0x7D, 0x8A, 0x8B, + 0xEC, 0xED, 0x11, 0xE6, 0xA1, 0xD1, 0xB8, 0xF1, + 0x90, 0xAD, 0x6D, 0x6A, 0xC6, 0x54, 0xE9, 0xDB, + 0xAD, 0x4C, 0x97, 0x39, 0xC8, 0xD8, 0x44, 0xA9, + 0x1A, 0x37, 0x16, 0x7E, 0x68, 0x45, 0x0C, 0xBB, + 0x10, 0xF4, 0xAE, 0x8E, 0x2B, 0x69, 0xFA, 0x95, + 0x3E, 0xA5, 0xC9, 0x91, 0xD3, 0xF1, 0xA3, 0x89, + 0x3F, 0x90, 0x86, 0x93, 0x1B, 0xF1, 0xA0, 0x89, + 0xC7, 0xF2, 0x23, 0x57, 0xD4, 0x8E, 0x2F, 0xD5, + 0x71, 0xCD, 0x36, 0xF1, 0x90, 0xB3, 0x98, 0x3E, + 0x19, 0xEA, 0xC8, 0x0F, 0x12, 0x9D, 0xBF, 0x58, + 0xED, 0xDC, 0x6B, 0x9A, 0x79, 0x84, 0xFC, 0xF0, + 0x4C, 0xC3, 0xB4, 0x0D, 0xB8, 0x7A, 0x8D, 0xAD, + 0x75, 0x40, 0xD5, 0xD5, 0xDE, 0xC8, 0xCA, 0x39, + 0x3E, 0x45, 0xE4, 0xBC, 0xF4, 0x33, 0xEA, 0x64, + 0xE1, 0x5E, 0x94, 0x42, 0x91, 0xAB, 0xBC, 0x42, + 0x2A, 0xB3, 0xD0, 0x60, 0x23, 0xCE, 0x57, 0x8E, + 0xFF, 0xAD, 0xA2, 0x2B, 0x64, 0xD9, 0x94, 0xA0, + 0x80, 0x0F, 0x8E, 0x50, 0x17, 0x08, 0x1D, 0x16, + 0xCF, 0x51, 0xD0, 0xB9, 0x28, 0xB6, 0x59, 0xEF, + 0x78, 0xCC, 0xC9, 0x96, 0xF9, 0xCA, 0x87, 0x7A, + 0xEE, 0xD9, 0x15, 0x5E, 0xDF, 0x5D, 0xBC, 0xC2, + 0x58, 0xE6, 0x04, 0xEE, 0x17, 0xDC, 0xB3, 0xF9, + 0x90, 0xF9, 0x88, 0x32, 0x9E, 0xA1, 0xDB, 0x1C, + 0x38, 0x56, 0x53, 0x90, 0x30, 0x69, 0x2E, 0x52, + 0x00, 0x2C, 0xF3, 0x0F, 0xD5, 0x80, 0x2E, 0x02, + 0x5B, 0x99, 0xBF, 0xCD, 0x11, 0x12, 0x64, 0x5B, + 0x56, 0xC6, 0x0A, 0xE6, 0x38, 0xE7, 0x4D, 0x21, + 0xE5, 0x98, 0x78, 0x9D, 0xE6, 0xCB, 0x60, 0xB4, + 0x2E, 0xE4, 0x98, 0x56, 0xCB, 0xAD, 0xE6, 0xDD, + 0x53, 0xF4, 0xC5, 0x67, 0xA2, 0x9F, 0xA0, 0x5C, + 0x7C, 0xFB, 0x24, 0x5A, 0xA7, 0x72, 0xD0, 0xE7, + 0x63, 0xF2, 0x5D, 0xBF, 0xD8, 0xE9, 0xF1, 0x6B, + 0xB4, 0x29, 0xA6, 0x28, 0xE6, 0x93, 0xD3, 0x87, + 0xB6, 0xD9, 0x3C, 0x39, 0x8D, 0xEA, 0x28, 0xC0, + 0x96, 0x3D, 0xF5, 0xC2, 0x3C, 0x29, 0xF2, 0x80, + 0x21, 0x8A, 0x03, 0x9D, 0x64, 0xF8, 0xBA, 0x81, + 0xC1, 0xDD, 0xA2, 0x88, 0x2A, 0x84, 0x2E, 0x3C, + 0xB5, 0x03, 0x95, 0xED, 0xAA, 0x6E, 0xE2, 0x6F, + 0x5E, 0x99, 0x3C, 0x63, 0xEE, 0xB8, 0x4F, 0x66, + 0x32, 0x77, 0x42, 0x23, 0x36, 0x29, 0x89, 0xB0, + 0xED, 0x5F, 0xF2, 0x5A, 0x65, 0x66, 0x3F, 0xD2, + 0x8B, 0x48, 0x68, 0x65, 0xDC, 0xE0, 0xB0, 0xC2, + 0x72, 0x73, 0xF1, 0xA4, 0xC6, 0x56, 0x2C, 0x5D, + 0xD8, 0xC6, 0x5C, 0x41, 0xCE, 0x30, 0x89, 0x59, + 0xA9, 0xD6, 0x45, 0x96, 0xD0, 0x8E, 0x7B, 0x25, + 0xE0, 0x13, 0xFB, 0xFE, 0x7C, 0xEA, 0xF3, 0x67, + 0x0D, 0xB2, 0x9A, 0x21, 0x3C, 0xCE, 0x99, 0x75, + 0xA9, 0x13, 0xCE, 0xF4, 0x23, 0x6E, 0x64, 0x00, + 0x30, 0x87, 0x70, 0x9C, 0xAD, 0x61, 0x81, 0x71, + 0x0E, 0x95, 0x19, 0x26, 0xCA, 0x55, 0x29, 0x71, + 0x99, 0xA6, 0x08, 0xAE, 0x54, 0x58, 0x75, 0xCD, + 0xC3, 0x8F, 0xE3, 0x83, 0xC1, 0x45, 0x62, 0xB4, + 0x8D, 0xCA, 0x66, 0x02, 0xEA, 0x34, 0x05, 0x5D, + 0x98, 0x3F, 0x38, 0xE6, 0x1C, 0xCE, 0x53, 0x1A, + 0xD9, 0x3F, 0x58, 0xEC, 0x16, 0x28, 0x45, 0xF5, + 0x38, 0xCE, 0x48, 0x43, 0x87, 0x1D, 0x3C, 0x4A, + 0xDF, 0x05, 0xF3, 0x5E, 0x29, 0x7E, 0xA6, 0x2E, + 0xFC, 0xDD, 0x5E, 0xF9, 0x40, 0x1B, 0xA0, 0x42, + 0xA2, 0x35, 0x15, 0x0A, 0x09, 0xD9, 0x47, 0x4A, + 0x3F, 0xB0, 0x3A, 0xAA, 0x19, 0xE7, 0xE3, 0x7A, + 0x22, 0x8D, 0x5F, 0x5B, 0x07, 0x41, 0x4C, 0x3D, + 0xA2, 0xAD, 0x2E, 0x5C, 0x75, 0xEC, 0xF0, 0x4C, + 0x11, 0x2B, 0x90, 0x76, 0x9E, 0x19, 0x96, 0x0E, + 0x97, 0x5E, 0x8D, 0x19, 0x17, 0xB3, 0xBF, 0xDA, + 0x84, 0xFD, 0xC6, 0xD2, 0x32, 0x6F, 0xB8, 0xA3, + 0xB0, 0x0F, 0x95, 0xD9, 0xC5, 0x26, 0x50, 0x11, + 0x15, 0x72, 0xBE, 0xC2, 0x1B, 0x12, 0x12, 0x7C, + 0xA5, 0x70, 0xD8, 0xA9, 0x8A, 0xB9, 0x77, 0xEB, + 0xD8, 0xD7, 0x9A, 0x59, 0x37, 0x5E, 0xE1, 0x4F, + 0x64, 0xB5, 0xB0, 0x4F, 0xD9, 0x69, 0xFE, 0xB0, + 0x3D, 0x0A, 0xF7, 0x34, 0x89, 0xE3, 0xBA, 0xEF, + 0xE7, 0xC7, 0xBC, 0x8D, 0xC7, 0xE8, 0x54, 0x83, + 0xEE, 0x62, 0xF0, 0x23, 0x98, 0x58, 0x0F, 0x83, + 0xB9, 0x6D, 0xD8, 0x44, 0x77, 0xB9, 0xC4, 0x8F, + 0x0B, 0xB3, 0x9F, 0x54, 0x06, 0xA3, 0x70, 0x36, + 0xD6, 0xF3, 0x6E, 0x2B, 0x1B, 0x6B, 0x53, 0xFE, + 0x6F, 0xF6, 0x1C, 0x32, 0x7B, 0x29, 0xD4, 0xE0, + 0x5D, 0xD2, 0xB8, 0x11, 0x74, 0xC6, 0x0B, 0x59, + 0xC7, 0x9C, 0xB1, 0x97, 0x6B, 0xC0, 0x6E, 0x7A, + 0xC3, 0x4D, 0xF3, 0xE3, 0x8F, 0x7D, 0x2C, 0x1C, + 0x0E, 0x31, 0x51, 0xB7, 0x14, 0x7A, 0xB8, 0x31, + 0x77, 0x47, 0x70, 0x14, 0x3B, 0x92, 0x7B, 0x5F, + 0xEC, 0x5D, 0xF7, 0x76, 0xC1, 0xD7, 0x2D, 0xB6, + 0xBC, 0x99, 0x81, 0xD6, 0x58, 0x67, 0x71, 0x3C, + 0xF2, 0x97, 0xC8, 0xB0, 0xF1, 0xE9, 0x8D, 0x0E, + 0x16, 0xF0, 0xCC, 0x22, 0x7A, 0x39, 0xE4, 0x7E, + 0x50, 0xBA, 0x01, 0x16, 0x15, 0x6D, 0x5B, 0x54, + 0x67, 0x53, 0x66, 0x04, 0xBE, 0x05, 0xCC, 0x2E, + 0xF4, 0x0A, 0xBC, 0xE8, 0x52, 0xF1, 0x5D, 0xFA, + 0x2C, 0xAC, 0xF8, 0x6A, 0x78, 0x9E, 0x5B, 0x7B, + 0x0E, 0x5B, 0xB4, 0xB7, 0x77, 0xCD, 0x7C, 0xC9, + 0xF6, 0x54, 0x77, 0x9B, 0x10, 0x2F, 0x78, 0xB5, + 0xAA, 0x4B, 0x94, 0xC3, 0xB4, 0xFD, 0xE5, 0x5F, + 0xA7, 0xF7, 0xBF, 0x54, 0xAC, 0x22, 0x5E, 0x1F, + 0x26, 0x16, 0x5B, 0x65, 0xF1, 0x6D, 0x03, 0x21, + 0x66, 0x9F, 0xD9, 0xF6, 0xE4, 0x7F, 0xCA, 0x1D, + 0xD3, 0x47, 0x09, 0x6D, 0xF5, 0xDD, 0xA8, 0x64, + 0x66, 0xA5, 0x7C, 0x5B, 0x06, 0x8D, 0x9C, 0x67, + 0xB7, 0x32, 0x03, 0x66, 0xEA, 0x19, 0xC8, 0x99, + 0x3F, 0xF9, 0x0B, 0xD8, 0xFB, 0x06, 0x93, 0xFB, + 0xA3, 0x70, 0xE6, 0x6D, 0x2B, 0x20, 0x3B, 0x99, + 0x70, 0x11, 0xB0, 0xD1, 0x5B, 0x94, 0xE2, 0x8B, + 0xAA, 0x2E, 0xBF, 0x01, 0x77, 0x4F, 0x7A, 0xE7, + 0x8F, 0x84, 0xED, 0xBD, 0xAD, 0x9F, 0x65, 0xA4, + 0x50, 0x42, 0x7A, 0x47, 0x74, 0xC6, 0x0C, 0xC8, + 0x9A, 0x02, 0x0B, 0x37, 0xDA, 0x21, 0xC7, 0x91, + 0xDA, 0xC8, 0xF7, 0xA7, 0x45, 0x7E, 0x30, 0xD0, + 0x8B, 0x01, 0x37, 0x51, 0x60, 0x03, 0x9C, 0x30, + 0x1B, 0x60, 0x51, 0xA9, 0x65, 0xE8, 0xA7, 0xCC, + 0xA2, 0xAE, 0xF9, 0x3B, 0xD5, 0x2F, 0x82, 0xC0, + 0x20, 0xBE, 0xCE, 0x90, 0xA1, 0x29, 0x02, 0x4E, + 0xFE, 0xA4, 0xB2, 0xFA, 0x21, 0x27, 0x0F, 0x8E, + 0xB5, 0xED, 0x6A, 0xAA, 0xE5, 0x59, 0x29, 0xAA, + 0xC5, 0x99, 0xA5, 0x77, 0x97, 0x29, 0x57, 0x66, + 0x0C, 0xC4, 0x7A, 0xC4, 0xE3, 0xCE, 0x77, 0x2B, + 0xBF, 0x10, 0x05, 0x2D, 0xE7, 0xED, 0xB1, 0xB8, + 0xA4, 0x49, 0x41, 0xF8, 0x84, 0xC9, 0xF8, 0xBE, + 0x13, 0x17, 0x46, 0x69, 0x94, 0x56, 0x29, 0xF4, + 0x6D, 0xE2, 0x46, 0x74, 0x44, 0xF3, 0x10, 0x6A, + 0x73, 0xFA, 0x27, 0x9C, 0xF0, 0x2A, 0x80, 0x0A, + 0x04, 0x7E, 0x20, 0xBD, 0x4D, 0x82, 0x0B, 0x38, + 0x9C, 0x3B, 0xB6, 0xA8, 0x68, 0xA5, 0x38, 0x4C, + 0xF5, 0x72, 0x4C, 0x20, 0x4C, 0xEF, 0xB1, 0xA6, + 0xA1, 0xBE, 0xB9, 0x72, 0x3E, 0x36, 0xDD, 0xDD, + 0xD9, 0xC7, 0x07, 0xC8, 0xF6, 0x3E, 0x8B, 0xC2, + 0x66, 0x83, 0xCC, 0x8B, 0x43, 0xC7, 0xDF, 0xDA, + 0xA4, 0x08, 0xAC, 0x4D, 0xD2, 0xBA, 0x9A, 0xEC, + 0xBC, 0x3B, 0x6D, 0xDA, 0xED, 0xCE, 0x09, 0x4A, + 0xAB, 0x58, 0xFF, 0x73, 0x2B, 0x19, 0x66, 0x38, + 0xD8, 0xB8, 0xEF, 0xC4, 0x28, 0xBB, 0xA9, 0x61, + 0x57, 0x93, 0xC4, 0xDD, 0x9F, 0x00, 0xF9, 0x0D, + 0x62, 0xC6, 0x76, 0xD1, 0x27, 0xA0, 0xE1, 0x8C, + 0x14, 0xC6, 0xEE, 0x9C, 0x99, 0x05, 0x10, 0xB0, + 0x54, 0xAD, 0xB4, 0xB4, 0x17, 0x0A, 0xC7, 0x12, + 0x7F, 0x93, 0x17, 0x5C, 0x1E, 0xB2, 0x25, 0x12 + }; + static const byte msg_87_draft[] = { + 0x14, 0x42, 0x63, 0x34, 0x94, 0x09, 0x60, 0x77, + 0x3B, 0xFF, 0x65, 0xF0, 0x8D, 0x1D, 0xE4, 0x89, + 0xC4, 0xC3, 0xED, 0x36 + }; + static const byte sig_87_draft[] = { + 0x13, 0xE8, 0x99, 0xEE, 0xDC, 0xCC, 0x0F, 0xBA, + 0x62, 0x91, 0x44, 0xE4, 0xAC, 0x06, 0x79, 0x06, + 0xB5, 0x32, 0x6B, 0x8F, 0x9A, 0x6C, 0xCB, 0xAB, + 0xE1, 0x44, 0x4A, 0xDD, 0x46, 0x45, 0x16, 0x0D, + 0x22, 0x57, 0x82, 0x87, 0x10, 0xD1, 0xEE, 0x10, + 0x60, 0x21, 0xB5, 0x64, 0x1E, 0x78, 0x81, 0x55, + 0x75, 0xD4, 0xF0, 0x95, 0xD0, 0x15, 0xD8, 0x46, + 0x5C, 0x92, 0xD2, 0xDD, 0xF4, 0xAB, 0xDF, 0xBE, + 0xB1, 0x1E, 0xE5, 0xE0, 0x70, 0xE6, 0xDA, 0x52, + 0xE5, 0x48, 0xDC, 0x04, 0xFD, 0xEF, 0x54, 0x72, + 0xE7, 0xE5, 0xF1, 0x82, 0x10, 0xAA, 0xCB, 0xA0, + 0x4F, 0x4F, 0x18, 0xAE, 0x66, 0x86, 0xB9, 0xAF, + 0x96, 0x57, 0xE3, 0x8E, 0x3B, 0x9B, 0xDD, 0xB4, + 0xAA, 0x84, 0xE6, 0x7B, 0x4D, 0x81, 0x92, 0xD0, + 0x03, 0x87, 0x3D, 0xD3, 0xEE, 0xE7, 0x47, 0x00, + 0xFB, 0xD8, 0x1E, 0x38, 0x1C, 0x21, 0x98, 0xB7, + 0xCC, 0xC1, 0x37, 0xC1, 0x71, 0xB2, 0x2F, 0x93, + 0x53, 0x41, 0x9C, 0x48, 0xC1, 0x4B, 0x8D, 0x63, + 0x0F, 0x99, 0x63, 0x40, 0x27, 0x5F, 0x6E, 0x60, + 0x4B, 0x95, 0xC4, 0x35, 0x20, 0x8A, 0xED, 0x2B, + 0xCA, 0x1B, 0x41, 0x9F, 0x83, 0x63, 0xF0, 0x95, + 0x0E, 0x24, 0x0D, 0x6F, 0x9E, 0xAB, 0x11, 0x8E, + 0x4B, 0xD3, 0xDA, 0x0E, 0xC3, 0xA2, 0xBE, 0x26, + 0xA8, 0xA0, 0x98, 0x57, 0x71, 0x3C, 0x36, 0xDD, + 0x69, 0xC3, 0x4E, 0xDD, 0x2C, 0x61, 0x9E, 0x88, + 0x26, 0x70, 0x71, 0xCF, 0x9E, 0xE5, 0xA6, 0x0C, + 0xA3, 0x14, 0x2D, 0xF1, 0x63, 0xF0, 0x1D, 0x8D, + 0x79, 0x6A, 0xC8, 0x50, 0xCF, 0xF3, 0x66, 0x60, + 0x78, 0xB3, 0x18, 0xFB, 0x5B, 0xD1, 0x73, 0x60, + 0xC8, 0x76, 0xC9, 0xC9, 0x0D, 0x8A, 0x7F, 0x41, + 0x2C, 0x8A, 0x31, 0x61, 0x6B, 0xE7, 0xA3, 0x74, + 0x58, 0x71, 0x54, 0x84, 0x86, 0x71, 0x5C, 0x94, + 0x26, 0x3A, 0x17, 0xB3, 0x6C, 0xA4, 0x99, 0x25, + 0x45, 0x0C, 0x57, 0x8A, 0xD9, 0xD4, 0xB1, 0xC2, + 0x00, 0x43, 0xF4, 0x5E, 0x84, 0x31, 0x99, 0x4F, + 0xA6, 0xD2, 0x6A, 0x14, 0x1B, 0xAD, 0x9E, 0x49, + 0x6E, 0x00, 0x9E, 0x91, 0x46, 0x16, 0xCA, 0x57, + 0x0C, 0x09, 0xF6, 0x38, 0xD0, 0x62, 0xBE, 0xC6, + 0x87, 0x33, 0x3A, 0xC7, 0x28, 0x38, 0x34, 0x53, + 0x7E, 0xFB, 0x60, 0x42, 0xF3, 0x7D, 0x83, 0xF7, + 0x29, 0x5D, 0xEA, 0x30, 0xD5, 0x00, 0x90, 0xB6, + 0x38, 0x4C, 0x17, 0x29, 0xEF, 0x17, 0xA0, 0xD5, + 0x87, 0x50, 0xC0, 0x03, 0x75, 0x14, 0xE5, 0xE1, + 0x22, 0x78, 0x53, 0xBC, 0x5A, 0xA3, 0x1E, 0x95, + 0xBE, 0xEC, 0x37, 0xB1, 0x51, 0x82, 0x69, 0x26, + 0x2E, 0xA3, 0x5A, 0xDA, 0x4F, 0xDA, 0x77, 0x62, + 0x7E, 0xED, 0xDA, 0xAF, 0x57, 0x97, 0x1B, 0xA3, + 0x6D, 0x46, 0x7B, 0x19, 0xA9, 0x0B, 0x99, 0x1C, + 0xD2, 0x55, 0xDB, 0x79, 0xB0, 0x15, 0x48, 0x86, + 0x52, 0x30, 0x31, 0xD6, 0xC5, 0xB1, 0xAE, 0x8F, + 0xCF, 0x9A, 0x43, 0x10, 0xBB, 0xC8, 0x19, 0x74, + 0x84, 0xB2, 0x92, 0x3B, 0xFE, 0x0B, 0x12, 0x15, + 0xA1, 0xC4, 0xD8, 0xC6, 0x83, 0x90, 0x89, 0x8A, + 0xD5, 0x3E, 0x33, 0x69, 0xB7, 0x05, 0x3F, 0xB1, + 0x8B, 0x0D, 0x87, 0x40, 0x70, 0x90, 0x2A, 0x5D, + 0x3B, 0x3D, 0x91, 0xD8, 0x1D, 0x4D, 0xF1, 0x08, + 0x7E, 0xF7, 0xDC, 0x05, 0x84, 0xEB, 0xDC, 0x63, + 0xD7, 0xBA, 0x3C, 0x0D, 0x31, 0xF8, 0x6D, 0xA6, + 0xC0, 0xFD, 0x08, 0x11, 0x5C, 0x53, 0xF6, 0xAE, + 0xFE, 0xC0, 0x82, 0x9A, 0x68, 0xD2, 0xA3, 0x44, + 0x2E, 0xEE, 0x47, 0x36, 0x70, 0x2D, 0x66, 0x81, + 0x0D, 0x62, 0x30, 0x8A, 0x8C, 0xC8, 0x2A, 0xA6, + 0x21, 0x82, 0xF5, 0x98, 0xF4, 0x4E, 0x25, 0x37, + 0x11, 0xB5, 0xD6, 0x07, 0x88, 0xBD, 0x0D, 0x69, + 0x0E, 0xF9, 0x8F, 0x9A, 0xD5, 0x93, 0xE0, 0x3C, + 0xEF, 0x38, 0xB9, 0xC9, 0x77, 0x98, 0x3F, 0x69, + 0x11, 0xBA, 0x1A, 0xB9, 0xF7, 0x35, 0xE9, 0x28, + 0xCD, 0xA3, 0x8C, 0x03, 0xE6, 0xAD, 0x83, 0x62, + 0xF4, 0x60, 0xAE, 0x4C, 0xD0, 0xF4, 0x6E, 0x00, + 0xEE, 0xEC, 0x74, 0xB6, 0x12, 0x34, 0x98, 0xAB, + 0x31, 0xE7, 0xA7, 0x9D, 0x33, 0x4D, 0x72, 0xA7, + 0xA7, 0xEE, 0xF3, 0xB5, 0x51, 0xE7, 0x8D, 0x31, + 0xBC, 0x2C, 0xAF, 0xFB, 0x13, 0x9C, 0xAC, 0xA4, + 0xD7, 0x9C, 0x8B, 0xBD, 0x52, 0xBD, 0x78, 0xF4, + 0x90, 0x65, 0x09, 0xBE, 0x42, 0xE7, 0x76, 0x3A, + 0xE6, 0xAC, 0xB8, 0x98, 0x28, 0x5E, 0xC9, 0x32, + 0x3E, 0x68, 0x67, 0x6A, 0x8C, 0xC7, 0x4A, 0x58, + 0xC8, 0xDA, 0x8B, 0xE9, 0x11, 0xED, 0x6F, 0x51, + 0x3B, 0x66, 0x08, 0x70, 0x73, 0x10, 0xFB, 0x45, + 0xCB, 0xD9, 0x7D, 0x5F, 0xF0, 0xD2, 0xAB, 0xA3, + 0x6F, 0xCE, 0xF7, 0x3D, 0x46, 0xCB, 0x7F, 0x01, + 0xC2, 0xCF, 0xE3, 0x8E, 0x68, 0xE8, 0x4F, 0x4A, + 0x30, 0x19, 0x16, 0xD2, 0xF5, 0x10, 0xD8, 0x2B, + 0x49, 0x69, 0xBE, 0x7A, 0x0E, 0x9C, 0xC6, 0x0E, + 0xFF, 0x5C, 0x0A, 0x87, 0x17, 0xB8, 0x22, 0x83, + 0x8C, 0x77, 0xAF, 0x42, 0x06, 0xB1, 0x25, 0x45, + 0x08, 0x9B, 0xB2, 0xDD, 0x6A, 0x3F, 0xF0, 0x12, + 0xC8, 0x64, 0x15, 0xBB, 0xA0, 0x4F, 0xD7, 0xD4, + 0xEC, 0x70, 0x7A, 0xF3, 0xB1, 0x7F, 0x25, 0x57, + 0x47, 0x66, 0xF1, 0xE9, 0x27, 0x38, 0xE0, 0x62, + 0x10, 0xF4, 0x8A, 0x5E, 0xF2, 0x55, 0x0E, 0xBD, + 0xF8, 0x5A, 0x5C, 0xA3, 0x44, 0x97, 0xCF, 0x1D, + 0x4D, 0x3A, 0x75, 0x86, 0x48, 0xEC, 0x41, 0x17, + 0x24, 0x43, 0x83, 0x5E, 0x50, 0x91, 0xBE, 0x8F, + 0x04, 0x78, 0x23, 0xD9, 0x62, 0x0C, 0x2A, 0xD5, + 0x1C, 0x96, 0x11, 0xAA, 0xEE, 0x39, 0xB2, 0x1E, + 0x6D, 0x6A, 0xEC, 0x87, 0x0C, 0x89, 0x15, 0xE2, + 0x66, 0x47, 0x6A, 0x50, 0xEE, 0xCA, 0x59, 0x96, + 0x22, 0xF7, 0x09, 0x1A, 0x34, 0xC2, 0x3F, 0x14, + 0xB4, 0x04, 0x29, 0xD9, 0x5E, 0x3E, 0xF9, 0x8F, + 0xED, 0x3E, 0x74, 0x94, 0x37, 0xF0, 0x4B, 0xB4, + 0xA3, 0x37, 0x52, 0x2E, 0x68, 0x09, 0xFC, 0x10, + 0x45, 0x03, 0xE2, 0x53, 0xB4, 0x1C, 0x4F, 0x03, + 0x01, 0xAF, 0x46, 0x7F, 0x74, 0xD3, 0x31, 0x25, + 0xFA, 0x83, 0xEF, 0x71, 0x24, 0x45, 0xA1, 0x71, + 0xFA, 0x40, 0xEB, 0xF4, 0xE6, 0x55, 0x3E, 0x45, + 0x4A, 0xFE, 0x25, 0x68, 0x02, 0x1D, 0x2B, 0x2A, + 0x19, 0x8D, 0xEC, 0x9B, 0xF7, 0x20, 0xF9, 0xD7, + 0x2F, 0x81, 0x52, 0x0B, 0xE8, 0x74, 0x66, 0xAF, + 0x70, 0xD0, 0x0E, 0x0E, 0x86, 0x0F, 0xF9, 0xAB, + 0xD0, 0x39, 0x78, 0xC3, 0xE4, 0x29, 0xB5, 0xAA, + 0x17, 0xB9, 0x7F, 0x9A, 0xE9, 0x34, 0x48, 0x85, + 0x3D, 0x6E, 0xFD, 0x16, 0x8A, 0x30, 0xC6, 0xCB, + 0xE8, 0xDE, 0x2D, 0x28, 0x8D, 0x9A, 0x24, 0xEA, + 0x5D, 0x2A, 0x58, 0x23, 0x33, 0x2B, 0x84, 0xFD, + 0x2C, 0xE7, 0x93, 0xA2, 0x2B, 0xEC, 0x43, 0x98, + 0x48, 0xD4, 0xE6, 0x0F, 0x3B, 0xB9, 0xC7, 0x5D, + 0x7E, 0xB0, 0x87, 0x1E, 0x80, 0x3D, 0x61, 0xB0, + 0x7E, 0x74, 0x9E, 0xD7, 0x60, 0x72, 0xB2, 0x7C, + 0x87, 0xB6, 0x9D, 0x6C, 0x01, 0x42, 0x61, 0xF6, + 0x47, 0xAF, 0xA8, 0x8C, 0x4F, 0x1E, 0xC5, 0x5A, + 0x75, 0xA5, 0x0F, 0xB4, 0xC7, 0x9D, 0x2C, 0x94, + 0xC0, 0x50, 0x3D, 0xB2, 0x0D, 0xFD, 0xF7, 0x1F, + 0x62, 0x88, 0x74, 0x18, 0x8C, 0xDD, 0x73, 0x85, + 0xC0, 0x33, 0x81, 0xDA, 0xBB, 0x85, 0x4D, 0x4A, + 0xA9, 0xF4, 0x7B, 0x66, 0x43, 0x8C, 0x43, 0xFF, + 0x53, 0xEF, 0x5E, 0x78, 0xAB, 0x45, 0x0B, 0x45, + 0x01, 0x91, 0x27, 0x8A, 0xF6, 0xE2, 0x6A, 0x7B, + 0x5E, 0x64, 0x61, 0xF5, 0x77, 0xF9, 0x85, 0x2F, + 0x81, 0xC9, 0x02, 0x03, 0xC7, 0x13, 0xF5, 0xB1, + 0xF6, 0xC3, 0xEF, 0x55, 0x8C, 0x90, 0x32, 0x51, + 0x6D, 0x8D, 0x62, 0xFD, 0x5E, 0x24, 0xE4, 0xF0, + 0xF5, 0x07, 0x18, 0xF5, 0x6B, 0x5A, 0x59, 0xA0, + 0x09, 0xD5, 0x93, 0x8D, 0xAD, 0x55, 0x91, 0xF6, + 0x1F, 0x4C, 0x65, 0x9A, 0x76, 0x05, 0x26, 0xEF, + 0x41, 0x20, 0x2F, 0xA7, 0xE5, 0xF6, 0xC7, 0xD5, + 0xE0, 0xB0, 0xC0, 0xC4, 0x3B, 0x52, 0x4B, 0x66, + 0x71, 0x2C, 0x5A, 0x7C, 0x53, 0xC8, 0x4C, 0x50, + 0xB8, 0x3E, 0xB9, 0xC9, 0x8D, 0x2F, 0xD0, 0x84, + 0xC9, 0xC5, 0xF2, 0x1F, 0xEE, 0x77, 0x42, 0xE6, + 0xEF, 0xC8, 0xCB, 0xBE, 0x57, 0x18, 0xB7, 0x0C, + 0x06, 0x2D, 0x82, 0xE2, 0xF9, 0x86, 0xF3, 0x8D, + 0xF1, 0xE7, 0x15, 0x89, 0xDC, 0x79, 0x87, 0x24, + 0x35, 0x62, 0xA2, 0x31, 0x9D, 0x7C, 0x00, 0xB2, + 0x6E, 0x53, 0x1E, 0x93, 0xC3, 0x84, 0x44, 0x61, + 0x8C, 0xE7, 0x58, 0x73, 0x4F, 0xDE, 0xCF, 0xD0, + 0xC6, 0x85, 0x37, 0x28, 0xC6, 0x10, 0x00, 0x78, + 0x4E, 0xDF, 0xFE, 0xD7, 0xB3, 0x30, 0x86, 0xE1, + 0x68, 0xD6, 0xCB, 0x63, 0xE3, 0xDA, 0xCA, 0xF3, + 0x55, 0x2F, 0x88, 0x5B, 0x47, 0x82, 0x62, 0xDE, + 0x5E, 0x1E, 0x63, 0xCE, 0x7A, 0x4C, 0x66, 0x95, + 0xD1, 0x19, 0x38, 0x35, 0xE4, 0x5A, 0x67, 0x91, + 0x8C, 0x42, 0xD3, 0x9B, 0xF8, 0x80, 0x38, 0x53, + 0x30, 0x31, 0x0F, 0x2C, 0x7B, 0xF9, 0x1E, 0x6C, + 0x3E, 0x29, 0xB7, 0x81, 0xD0, 0x98, 0x70, 0xC2, + 0x6D, 0x76, 0xBD, 0x8A, 0xE2, 0x09, 0xC4, 0x2B, + 0xC7, 0x43, 0x2D, 0xBB, 0x4C, 0x16, 0x52, 0x63, + 0x57, 0xA5, 0x63, 0x4E, 0xEC, 0xDE, 0x93, 0xC5, + 0x1D, 0xD4, 0xD6, 0xF0, 0x06, 0x5B, 0x2E, 0xC5, + 0x7A, 0xD3, 0xB5, 0x82, 0x66, 0x53, 0x95, 0x97, + 0xC8, 0xF4, 0x2B, 0x55, 0x27, 0x1D, 0x6F, 0x90, + 0xE9, 0x86, 0xF6, 0x82, 0x8D, 0x95, 0x9E, 0xE8, + 0x00, 0xDB, 0xEB, 0xCF, 0x48, 0x23, 0x6B, 0xA3, + 0xDE, 0x25, 0x27, 0xE0, 0xEC, 0xA4, 0xA3, 0xC2, + 0xA3, 0x4B, 0xBC, 0xDD, 0x6C, 0xBB, 0x3A, 0x9C, + 0x96, 0xDC, 0x3B, 0xE1, 0x10, 0xD3, 0x49, 0x94, + 0x66, 0xE2, 0x85, 0x7F, 0xBA, 0x98, 0x12, 0x3A, + 0x6D, 0xBA, 0x90, 0x14, 0x87, 0x7E, 0x24, 0xEA, + 0xDC, 0xCA, 0x40, 0xF8, 0xAE, 0x94, 0xB2, 0xFE, + 0xD2, 0x36, 0xCB, 0xE5, 0xBC, 0xA9, 0xDF, 0xE0, + 0xCB, 0xA9, 0xA0, 0xF8, 0x62, 0x41, 0x33, 0x18, + 0x59, 0xF9, 0xD6, 0xC0, 0x87, 0xB2, 0x76, 0xDE, + 0xC9, 0x35, 0x6F, 0x1F, 0xEF, 0x69, 0xB3, 0x59, + 0xF9, 0xFB, 0x38, 0x4A, 0x84, 0x02, 0x2D, 0xEC, + 0xB7, 0x01, 0x08, 0xDA, 0xC8, 0xE9, 0x3B, 0xB6, + 0xC3, 0x00, 0xC0, 0x34, 0x5F, 0xC6, 0x40, 0xC0, + 0x06, 0xEA, 0xEB, 0xC1, 0x51, 0x13, 0x81, 0x2F, + 0xB3, 0x7D, 0xD9, 0x6E, 0x2A, 0x06, 0xA4, 0x63, + 0xAF, 0xCE, 0x66, 0xC5, 0x9F, 0x8D, 0x71, 0x4A, + 0xA1, 0xFF, 0x49, 0x4F, 0x08, 0x6F, 0xB9, 0xEA, + 0xDA, 0x18, 0x45, 0x63, 0xCA, 0x9D, 0x88, 0x08, + 0xB1, 0x6C, 0x19, 0xA8, 0x24, 0xAD, 0x85, 0x7D, + 0xDE, 0x51, 0xE5, 0x08, 0xB7, 0x04, 0x12, 0x35, + 0xF3, 0x00, 0xED, 0x2C, 0x79, 0x9C, 0x18, 0x23, + 0x05, 0x38, 0x95, 0x76, 0xCF, 0x39, 0x3C, 0xAE, + 0xB0, 0xD3, 0xBA, 0x3E, 0x4E, 0xE4, 0xB5, 0x77, + 0xA3, 0xE3, 0x7B, 0x27, 0x5F, 0xD8, 0x05, 0x19, + 0x42, 0xAE, 0x91, 0x54, 0xE5, 0xBD, 0x7C, 0x35, + 0xE0, 0xF8, 0x95, 0x52, 0x3A, 0x29, 0xB0, 0xE6, + 0xB7, 0xAE, 0x20, 0xBE, 0x21, 0xDF, 0xF5, 0x67, + 0xEC, 0x82, 0x52, 0xFF, 0x5B, 0xD0, 0xAA, 0x14, + 0x50, 0x15, 0xE1, 0x1C, 0x6A, 0x1B, 0x94, 0x1B, + 0xCC, 0x76, 0x01, 0xBF, 0x03, 0x94, 0x42, 0xF2, + 0x00, 0x61, 0x96, 0x58, 0xD9, 0xD0, 0x40, 0x21, + 0xFA, 0xCE, 0x6B, 0xAB, 0x5D, 0x49, 0xD8, 0xD7, + 0xBC, 0x9A, 0x66, 0xC2, 0xBA, 0x3F, 0xDC, 0x49, + 0x0D, 0xA5, 0x5C, 0xB4, 0x67, 0x08, 0x38, 0xEB, + 0x2D, 0x07, 0x24, 0x5B, 0xB1, 0x22, 0x7B, 0x02, + 0x4A, 0x8A, 0x53, 0x38, 0xE9, 0x42, 0x8E, 0xA5, + 0x57, 0x41, 0xD6, 0x71, 0xA7, 0x9D, 0x6A, 0x14, + 0xD2, 0x7D, 0x13, 0xFB, 0x59, 0xD0, 0xDA, 0xE5, + 0x23, 0x9E, 0x1B, 0xC4, 0x21, 0x87, 0xBB, 0x78, + 0xE0, 0x38, 0x01, 0x1D, 0xA0, 0xD1, 0x36, 0x3F, + 0xD0, 0xA7, 0x8F, 0x86, 0x26, 0x1E, 0xB0, 0x26, + 0xDE, 0x7E, 0x17, 0x3A, 0x90, 0xFC, 0xC0, 0x17, + 0xDD, 0x78, 0xF5, 0xA3, 0x2D, 0x3E, 0x29, 0xCE, + 0x38, 0x45, 0x76, 0xA9, 0x55, 0x11, 0xB6, 0xB4, + 0xE5, 0x6E, 0xDD, 0x01, 0x4B, 0x16, 0x07, 0x99, + 0xBD, 0x19, 0x77, 0xF5, 0xD7, 0x9E, 0x39, 0x9E, + 0xAA, 0x8E, 0x2B, 0x75, 0xC5, 0xEB, 0x33, 0x56, + 0x6C, 0xD8, 0xB6, 0x3F, 0x3F, 0x4E, 0x81, 0x7E, + 0x29, 0x0A, 0x68, 0xED, 0x1E, 0x9F, 0xDC, 0x6B, + 0xFA, 0x18, 0xE3, 0xE5, 0x7D, 0x05, 0x7F, 0x22, + 0xFA, 0xA2, 0xF6, 0x0F, 0xB6, 0x34, 0x56, 0x72, + 0x55, 0x16, 0x5E, 0xF4, 0x18, 0xD1, 0x82, 0xFA, + 0xDD, 0xF7, 0xB8, 0x9F, 0x7D, 0x30, 0x10, 0x69, + 0xC4, 0x85, 0xD8, 0xE8, 0x34, 0x89, 0xD4, 0x93, + 0xBE, 0x56, 0xEE, 0xDC, 0x43, 0xD4, 0x82, 0x00, + 0xFD, 0x1E, 0x2B, 0x06, 0x69, 0x07, 0x1B, 0xBF, + 0x33, 0x61, 0x39, 0x28, 0xCA, 0x31, 0x91, 0x0B, + 0xF2, 0xEA, 0x32, 0x8E, 0xA8, 0x64, 0x13, 0x9A, + 0xEF, 0x79, 0x1A, 0x9A, 0xBE, 0x52, 0x13, 0x32, + 0x49, 0x93, 0x7D, 0xA8, 0x8C, 0x48, 0xD4, 0xC0, + 0x1D, 0x10, 0x8A, 0x46, 0x85, 0xAD, 0x29, 0xDF, + 0x2E, 0xCD, 0x41, 0x83, 0x82, 0x01, 0x28, 0x44, + 0x0E, 0xE5, 0x37, 0x8D, 0x6B, 0xCA, 0x61, 0x98, + 0xDE, 0x89, 0xA9, 0x7B, 0xBB, 0x44, 0x48, 0xA2, + 0x8D, 0x82, 0x3A, 0x57, 0x40, 0x60, 0x7C, 0x6E, + 0x69, 0x98, 0x98, 0x93, 0xFA, 0x7E, 0x29, 0x9A, + 0x74, 0x53, 0xD8, 0xDC, 0xB3, 0x4B, 0xDB, 0x7E, + 0xFE, 0x95, 0xB0, 0xC7, 0x23, 0x14, 0xEF, 0xCB, + 0x49, 0x3C, 0x09, 0xD7, 0x7B, 0xD0, 0x11, 0x9B, + 0xAC, 0xF2, 0xC2, 0x2E, 0x7C, 0xCB, 0xCD, 0x59, + 0x7F, 0x6A, 0x09, 0xFE, 0xFE, 0xDF, 0xA0, 0xA7, + 0xAC, 0x3C, 0x90, 0xBA, 0x75, 0x19, 0xF4, 0x01, + 0x60, 0x56, 0xD5, 0xFB, 0x41, 0x2B, 0xA0, 0x2D, + 0x0D, 0x45, 0xCF, 0xF3, 0xA6, 0x3D, 0x36, 0xEE, + 0xE1, 0xE4, 0x68, 0xE6, 0xEA, 0x2F, 0x67, 0x3A, + 0x7A, 0x02, 0x92, 0x6B, 0xB3, 0x18, 0xBA, 0x73, + 0xEE, 0x1B, 0x2C, 0x13, 0x7D, 0xEF, 0x4A, 0x39, + 0xE8, 0x03, 0xFF, 0x57, 0x35, 0x53, 0xE9, 0xA5, + 0xC6, 0xAA, 0x1A, 0x17, 0x21, 0xCA, 0x54, 0x38, + 0x7C, 0xB1, 0xDF, 0xB8, 0xFA, 0x7D, 0xA7, 0x26, + 0xB2, 0xAE, 0x7A, 0x05, 0x45, 0x3B, 0x40, 0x0A, + 0x19, 0xE5, 0x32, 0x52, 0x78, 0x9D, 0xC3, 0x20, + 0x63, 0x24, 0xB2, 0x58, 0x4B, 0x86, 0x1F, 0x00, + 0xA2, 0x50, 0xF9, 0x9F, 0xD9, 0xDC, 0x7D, 0x51, + 0x3D, 0xD7, 0xA6, 0x5A, 0x04, 0x03, 0x4E, 0xB3, + 0x3D, 0x2D, 0x56, 0xA4, 0x96, 0xB3, 0x6A, 0xBA, + 0x0A, 0x30, 0x08, 0xE3, 0x0F, 0xC1, 0x38, 0x24, + 0x88, 0x5D, 0x9E, 0x6F, 0x68, 0x1A, 0x7D, 0xB6, + 0x2D, 0xDD, 0xE3, 0x50, 0x1B, 0xD4, 0x07, 0x75, + 0xE2, 0xE2, 0xCC, 0x09, 0xCC, 0x8E, 0x4E, 0x67, + 0x02, 0x72, 0x02, 0xA8, 0x11, 0x70, 0xA5, 0x7F, + 0x4A, 0xC1, 0x98, 0xC1, 0x7F, 0xBF, 0x95, 0xBB, + 0xCE, 0xD3, 0x6D, 0x49, 0x30, 0xB9, 0x50, 0x8C, + 0xFA, 0x3E, 0x8B, 0xF6, 0xE5, 0x54, 0xE9, 0x1B, + 0xD7, 0xD6, 0xE5, 0x32, 0x33, 0xBB, 0x91, 0xAD, + 0xC8, 0x15, 0x76, 0x1A, 0x04, 0x35, 0xDE, 0xCC, + 0xE1, 0x67, 0x26, 0x4C, 0x2F, 0x4E, 0x34, 0x34, + 0x3D, 0x1E, 0x5A, 0xF7, 0xBC, 0xE6, 0x0C, 0x9B, + 0x7B, 0x7E, 0xE5, 0xDF, 0x72, 0x9A, 0x0D, 0xDD, + 0x4B, 0xE6, 0x6F, 0x82, 0xFB, 0x5E, 0x2C, 0xC0, + 0x7B, 0x03, 0x85, 0x76, 0x11, 0x0E, 0xFD, 0xC7, + 0xD5, 0x50, 0x26, 0xBE, 0x75, 0x5E, 0xC1, 0xF0, + 0x2E, 0x47, 0x62, 0xD6, 0xF1, 0xDA, 0xDF, 0xF4, + 0x1C, 0xEE, 0x63, 0x52, 0xC4, 0x45, 0x37, 0xE6, + 0x85, 0xA5, 0x0A, 0x07, 0x54, 0x63, 0x21, 0x7B, + 0x92, 0xF7, 0x33, 0x0C, 0xD9, 0x29, 0xCF, 0xE3, + 0xAB, 0xB5, 0xFC, 0xAA, 0x26, 0x20, 0x93, 0x55, + 0x8A, 0x07, 0x33, 0xB2, 0x7D, 0x95, 0x02, 0x7A, + 0x76, 0x9E, 0x7D, 0xBB, 0xC1, 0xF3, 0x6E, 0x84, + 0x10, 0x30, 0x4B, 0x5D, 0x59, 0x73, 0x68, 0xEC, + 0x2A, 0x63, 0x2D, 0x46, 0xE8, 0xC2, 0xF8, 0xEA, + 0x2B, 0xC4, 0x4F, 0xA7, 0x6E, 0xF4, 0x74, 0xEB, + 0x96, 0xA3, 0x64, 0x40, 0x9B, 0x23, 0x63, 0x42, + 0x4B, 0x8F, 0x85, 0x00, 0x43, 0x04, 0xAD, 0x61, + 0x76, 0x93, 0xBD, 0xC3, 0x88, 0xC3, 0xFC, 0x29, + 0x61, 0xBD, 0xB1, 0x5A, 0x1F, 0x5B, 0x20, 0xEF, + 0x95, 0xED, 0x99, 0x84, 0x96, 0xB2, 0x93, 0x81, + 0x82, 0xFF, 0xE3, 0xB9, 0x27, 0xEA, 0x9A, 0x23, + 0xF6, 0x42, 0x8D, 0xD3, 0x5C, 0x86, 0x11, 0xC8, + 0x39, 0xE3, 0x16, 0xE9, 0xA5, 0x32, 0x7C, 0xC9, + 0xEA, 0x82, 0x50, 0x9B, 0x21, 0x5C, 0xC9, 0x66, + 0xBE, 0x1C, 0x78, 0x48, 0xEF, 0x39, 0x2D, 0xA1, + 0xC6, 0xF3, 0x69, 0xA3, 0x36, 0x25, 0x3A, 0xA1, + 0x15, 0x2B, 0x6D, 0xCF, 0xDA, 0xA7, 0xCA, 0xDD, + 0x4D, 0x9A, 0x1D, 0x58, 0x9F, 0x73, 0xD3, 0xEF, + 0x0F, 0xBF, 0x03, 0x88, 0x2F, 0xDE, 0xB9, 0x44, + 0xB5, 0xB6, 0xCF, 0xE2, 0x6F, 0x6A, 0xB5, 0x12, + 0x38, 0x29, 0x55, 0x8C, 0x4C, 0x73, 0x6F, 0x0B, + 0x68, 0x7A, 0xC7, 0x06, 0x83, 0x80, 0xFE, 0x7F, + 0x61, 0xBE, 0x6B, 0x40, 0xE3, 0xF0, 0x4D, 0x7B, + 0x36, 0x82, 0x0F, 0xD8, 0x63, 0x29, 0xB3, 0x10, + 0x9D, 0x02, 0xEC, 0x63, 0x90, 0xEA, 0xFC, 0x8C, + 0xA7, 0x30, 0x56, 0x2B, 0x68, 0x08, 0x24, 0x24, + 0xFD, 0xA9, 0x8D, 0x0B, 0x64, 0xBC, 0x97, 0x34, + 0xB4, 0x0B, 0x63, 0xF7, 0xE3, 0x7A, 0xF6, 0x89, + 0x0A, 0xF7, 0xC2, 0xD9, 0x2F, 0x79, 0xEE, 0xA3, + 0xCC, 0xEA, 0xC6, 0x0A, 0x6F, 0x38, 0x06, 0x92, + 0xF8, 0x02, 0xB1, 0x55, 0x6A, 0x78, 0xFE, 0x55, + 0x83, 0xFF, 0x20, 0xA9, 0xC6, 0xA7, 0xBF, 0xCC, + 0x86, 0x3A, 0x9E, 0x7B, 0x62, 0x01, 0x4D, 0x16, + 0x05, 0xDE, 0x89, 0x4F, 0xB5, 0x85, 0xE2, 0xD4, + 0xF9, 0x41, 0x15, 0xE0, 0x29, 0xE5, 0x85, 0x7E, + 0x6A, 0x0A, 0x73, 0x89, 0x27, 0x5F, 0x53, 0x0D, + 0x3D, 0x80, 0xCF, 0xAB, 0x1F, 0x22, 0x5D, 0x38, + 0x33, 0x5D, 0x24, 0x67, 0x91, 0x97, 0xD4, 0x8A, + 0x01, 0x8A, 0x34, 0x18, 0x7D, 0xE3, 0xBC, 0xCE, + 0xDE, 0x94, 0xFF, 0x8E, 0xC5, 0x34, 0xC0, 0x2D, + 0xA7, 0x24, 0xD4, 0x59, 0x8D, 0x66, 0x9E, 0x85, + 0xA9, 0xC6, 0x0E, 0x45, 0x21, 0x4F, 0xAA, 0x65, + 0x44, 0xD6, 0xA4, 0x7D, 0x1C, 0x4E, 0xD7, 0x40, + 0x9D, 0x55, 0xB1, 0xA7, 0xF1, 0x15, 0xAE, 0x15, + 0x44, 0x3A, 0x1C, 0x31, 0x06, 0x40, 0xD1, 0x16, + 0x23, 0x84, 0x93, 0xEF, 0x3E, 0xE2, 0x87, 0x9B, + 0xB8, 0x46, 0x1F, 0x7D, 0x68, 0x73, 0x64, 0x70, + 0xD4, 0xB5, 0x73, 0xAE, 0x45, 0x49, 0x93, 0xF5, + 0x32, 0x30, 0x1E, 0x35, 0xCB, 0x9E, 0xEE, 0xDF, + 0xFE, 0xA8, 0x2F, 0xAC, 0x49, 0x77, 0x53, 0xF7, + 0x50, 0x19, 0xF2, 0xB3, 0xB0, 0x2C, 0x70, 0xB6, + 0x4A, 0x57, 0x95, 0x31, 0xC3, 0x26, 0x07, 0x2A, + 0xCF, 0x1B, 0xD0, 0xAA, 0xA0, 0x9F, 0x0A, 0x97, + 0x8B, 0x78, 0xAB, 0x22, 0xBD, 0x61, 0x19, 0xF8, + 0x8D, 0xD2, 0xD5, 0x72, 0xF8, 0x91, 0x9D, 0x47, + 0x4F, 0x59, 0x1D, 0xAE, 0x9F, 0xCE, 0x47, 0x53, + 0xC9, 0x85, 0xFB, 0x25, 0x04, 0x25, 0xF2, 0x65, + 0x61, 0xFF, 0xA9, 0x44, 0x3F, 0x23, 0x76, 0x68, + 0x9F, 0xEB, 0x48, 0xC4, 0xCE, 0x51, 0x46, 0x04, + 0x52, 0x6A, 0x10, 0x0A, 0xF3, 0x3F, 0x0D, 0x43, + 0x37, 0xD1, 0x60, 0x42, 0x22, 0xC4, 0xD9, 0xF9, + 0x3A, 0x8E, 0x69, 0xE4, 0xCC, 0xD3, 0x66, 0x69, + 0x09, 0x0C, 0x5D, 0xFB, 0x0E, 0x95, 0x49, 0x42, + 0x29, 0xFF, 0x9B, 0x20, 0xCC, 0xB1, 0xAC, 0x81, + 0xB8, 0x1A, 0x36, 0xD6, 0x3A, 0x85, 0x0D, 0xDB, + 0x33, 0x33, 0x4D, 0xAA, 0x51, 0x46, 0xBF, 0x36, + 0xFE, 0x18, 0x80, 0x1E, 0x3B, 0xEB, 0xD0, 0xE9, + 0x1B, 0x5E, 0x1C, 0xFE, 0x7A, 0x98, 0x26, 0x85, + 0x0A, 0xF4, 0x39, 0x7D, 0x1B, 0x07, 0xD3, 0xB7, + 0x19, 0xE5, 0x7B, 0xB8, 0x32, 0xAF, 0x42, 0x34, + 0xC0, 0xCD, 0x9F, 0xD4, 0x0B, 0x88, 0x2F, 0xCE, + 0xDA, 0x93, 0x7E, 0xF9, 0xA2, 0xDA, 0x24, 0x59, + 0x2B, 0xCB, 0x5D, 0x1B, 0xE8, 0x3E, 0xC5, 0xF0, + 0x3D, 0xBD, 0xFB, 0xCB, 0x33, 0x5D, 0x90, 0xD5, + 0xC8, 0xA0, 0x2E, 0xE5, 0x3D, 0x50, 0x8E, 0xB5, + 0xDE, 0x4A, 0x96, 0x1B, 0x95, 0x8F, 0x75, 0x1E, + 0x5F, 0x89, 0xA1, 0xD2, 0x88, 0x95, 0xA3, 0xDB, + 0x7B, 0x62, 0xEF, 0x4A, 0xE1, 0x6D, 0x28, 0xFB, + 0x78, 0x9B, 0x32, 0x03, 0xAD, 0x24, 0x63, 0xD6, + 0xEA, 0xB8, 0x3A, 0x6D, 0x20, 0xCE, 0xA1, 0x31, + 0x4A, 0xE0, 0x2A, 0x3F, 0xF6, 0xF6, 0x53, 0x15, + 0x4A, 0xE1, 0x44, 0x23, 0x81, 0x86, 0x21, 0x47, + 0x41, 0xC2, 0x36, 0x14, 0x81, 0x83, 0xBC, 0x39, + 0xAE, 0xDF, 0x44, 0xDA, 0x97, 0xF7, 0x31, 0xCE, + 0x3D, 0xCB, 0x61, 0xA4, 0xCF, 0xE1, 0x4F, 0x9E, + 0x84, 0xAA, 0x05, 0xAB, 0x1C, 0x1B, 0x95, 0x1D, + 0x20, 0x15, 0x52, 0x33, 0xFA, 0xFA, 0xF1, 0x6C, + 0xF1, 0xBD, 0x0B, 0xAF, 0xE1, 0x99, 0xE6, 0x5D, + 0x56, 0x34, 0x53, 0xBF, 0xE5, 0x5D, 0x5F, 0x47, + 0x4A, 0xB1, 0x05, 0x94, 0xD7, 0x38, 0xA8, 0xC1, + 0x06, 0x28, 0x8D, 0x69, 0xD0, 0x7A, 0x16, 0x88, + 0x60, 0x14, 0x63, 0xF3, 0xBD, 0x21, 0x46, 0x81, + 0x9C, 0x83, 0x72, 0x6D, 0x14, 0xC6, 0xA8, 0x08, + 0x39, 0xB8, 0x79, 0x0B, 0x57, 0x16, 0xE7, 0x72, + 0xF6, 0xC2, 0x4C, 0x2B, 0xEB, 0x7E, 0x2C, 0xF3, + 0x7B, 0x3F, 0x42, 0xAC, 0xDD, 0x47, 0x3E, 0x8C, + 0xCD, 0xBE, 0x48, 0x4D, 0x6E, 0x07, 0xB0, 0x73, + 0xDE, 0xCB, 0x17, 0x4A, 0xC3, 0xB8, 0xBB, 0x2E, + 0xF5, 0x4E, 0x6D, 0xF9, 0xE0, 0x20, 0x71, 0xFA, + 0x60, 0x0A, 0xE5, 0x59, 0x67, 0xEB, 0x6F, 0x70, + 0x2F, 0x71, 0x91, 0x59, 0xF0, 0xEB, 0x06, 0x5C, + 0xC4, 0x60, 0x48, 0xE8, 0x75, 0xE7, 0xCF, 0x42, + 0x71, 0xAD, 0x2E, 0xDA, 0xF9, 0x10, 0x82, 0x9A, + 0xF6, 0x13, 0xBA, 0x89, 0xFC, 0x61, 0x2A, 0x00, + 0xFD, 0xAE, 0x53, 0x7B, 0x09, 0x3A, 0xE8, 0xCB, + 0xE6, 0xB7, 0x0D, 0x03, 0x01, 0xFA, 0x2E, 0x13, + 0xA9, 0x16, 0x38, 0x1C, 0x92, 0xEC, 0xB4, 0x51, + 0xA3, 0x6E, 0x3F, 0xA8, 0xB7, 0x37, 0x36, 0x20, + 0xC0, 0x71, 0xA3, 0x05, 0x34, 0xED, 0xCB, 0x4A, + 0x3F, 0x11, 0x31, 0x17, 0xA5, 0x02, 0xD6, 0xA7, + 0x2D, 0xE6, 0xC7, 0x7B, 0xBB, 0xF6, 0xAE, 0x99, + 0x85, 0x9A, 0xAC, 0xE6, 0x4A, 0x92, 0x8C, 0x37, + 0x4B, 0xD2, 0xC4, 0x65, 0x2A, 0xC9, 0x7E, 0xB7, + 0x44, 0xD2, 0x9A, 0x70, 0xCE, 0xA9, 0xA1, 0x9D, + 0x70, 0x13, 0x49, 0x7B, 0xCA, 0xB6, 0x96, 0x31, + 0x43, 0x3F, 0x9E, 0xD1, 0xFE, 0x20, 0xF8, 0x0B, + 0x59, 0x83, 0xE1, 0x28, 0x8B, 0xB6, 0xA2, 0xBE, + 0x91, 0x54, 0x3E, 0xD4, 0x79, 0x28, 0xBB, 0x5E, + 0x46, 0x2D, 0x01, 0xE9, 0xC0, 0xB7, 0xFF, 0xFA, + 0xC0, 0x6C, 0x10, 0xF1, 0x52, 0xF4, 0x3C, 0x32, + 0x9E, 0x89, 0xDF, 0x8A, 0x79, 0x99, 0x6A, 0x09, + 0x79, 0x8A, 0x36, 0x76, 0x40, 0xBE, 0x9F, 0xB5, + 0x3D, 0xCE, 0x27, 0xBD, 0x0B, 0xAA, 0x9B, 0xF0, + 0x21, 0xBF, 0x10, 0xD2, 0xFC, 0xFE, 0x5B, 0x13, + 0xFD, 0x7D, 0x84, 0xD1, 0xC1, 0xEB, 0xC0, 0xBC, + 0xEC, 0x26, 0xD0, 0x87, 0x80, 0xD1, 0x3B, 0x99, + 0x47, 0x67, 0x26, 0x61, 0xE0, 0xFA, 0x5F, 0xAE, + 0x6F, 0x31, 0x5B, 0x6D, 0xE4, 0x01, 0x68, 0xC2, + 0x35, 0x1D, 0xE3, 0x1F, 0x41, 0xFF, 0x6C, 0x53, + 0x32, 0x26, 0xE1, 0xBC, 0xE3, 0xF8, 0xE2, 0x16, + 0xAF, 0x3B, 0xE6, 0x4C, 0x69, 0x33, 0x72, 0xA0, + 0x66, 0xB1, 0x75, 0xF7, 0x26, 0xCF, 0xCD, 0x64, + 0x2B, 0xAE, 0x98, 0x02, 0x92, 0xC1, 0xCB, 0x65, + 0xE0, 0x1F, 0x07, 0x29, 0x64, 0x0A, 0xB0, 0x09, + 0xCB, 0x98, 0x89, 0x2D, 0x6C, 0xFE, 0x40, 0x03, + 0x34, 0x55, 0xDE, 0xE7, 0x30, 0x33, 0xB6, 0xD5, + 0xE1, 0x9C, 0x59, 0x9F, 0x8A, 0x40, 0x0E, 0xB1, + 0x41, 0x52, 0x7D, 0xF2, 0xBB, 0xDD, 0xEF, 0x50, + 0xBB, 0xD5, 0xFB, 0x55, 0xAA, 0x5E, 0xFD, 0xB3, + 0x5D, 0x08, 0x56, 0x9B, 0x02, 0x97, 0xE2, 0x48, + 0x14, 0x69, 0xF1, 0x7B, 0x87, 0xB5, 0x08, 0x93, + 0x6A, 0x9C, 0x5C, 0x11, 0x08, 0x9A, 0xE9, 0xE4, + 0xB0, 0xCA, 0xC5, 0x74, 0x93, 0x93, 0xC8, 0x03, + 0xE4, 0x70, 0x39, 0xF5, 0x1B, 0x5C, 0xBD, 0x42, + 0xA6, 0xC9, 0xE1, 0x9E, 0xC3, 0xF6, 0x3C, 0x23, + 0x32, 0xE8, 0x77, 0x68, 0xA9, 0x60, 0xFA, 0x02, + 0x18, 0x6B, 0x7A, 0x2B, 0x02, 0x92, 0x65, 0x09, + 0x11, 0x46, 0x73, 0x04, 0x63, 0xDF, 0x8B, 0x37, + 0x5F, 0x24, 0xAA, 0x83, 0xBD, 0xD4, 0x1D, 0x13, + 0x04, 0xFC, 0x2F, 0xB5, 0x2D, 0xA1, 0x0F, 0x1F, + 0xED, 0x65, 0x29, 0x08, 0xCF, 0x8C, 0x52, 0x8F, + 0xB2, 0x62, 0x5F, 0x39, 0x3F, 0xC8, 0xC7, 0xB3, + 0x3F, 0xAD, 0x45, 0xBA, 0xD4, 0x7D, 0x38, 0x3D, + 0x2C, 0x04, 0xCF, 0x32, 0xE8, 0x07, 0x42, 0x5F, + 0x93, 0xD2, 0x35, 0x07, 0x21, 0xB7, 0xB2, 0xF5, + 0x96, 0x64, 0x8E, 0xB5, 0xE1, 0x38, 0x6B, 0x43, + 0xD1, 0x2E, 0xFD, 0xDB, 0x8F, 0xE2, 0x43, 0x6A, + 0xEC, 0x27, 0x8E, 0xE7, 0x68, 0x75, 0xB5, 0x23, + 0xC5, 0x43, 0x1D, 0x99, 0x48, 0x57, 0x73, 0xD9, + 0xAD, 0xBC, 0xD0, 0x14, 0xDD, 0x87, 0xBC, 0x68, + 0xFB, 0x82, 0xEE, 0x47, 0x4B, 0x22, 0xA5, 0x43, + 0x3A, 0xF9, 0xF9, 0x91, 0xFC, 0x34, 0xB2, 0x58, + 0x34, 0xDF, 0x13, 0x09, 0x9A, 0x46, 0xF5, 0x68, + 0xAF, 0xD1, 0x15, 0x5F, 0x32, 0x1B, 0x9D, 0xA9, + 0xE9, 0xC0, 0x63, 0x47, 0xAB, 0x3C, 0x1F, 0x59, + 0xF7, 0xEA, 0x0E, 0xD6, 0xCF, 0x47, 0xB3, 0xE9, + 0xAF, 0x65, 0x7A, 0xA7, 0xAE, 0x9B, 0xF8, 0x26, + 0x0B, 0x96, 0x9D, 0xE4, 0xAD, 0x24, 0xD3, 0xA8, + 0xCE, 0x95, 0xE5, 0x77, 0xD0, 0x44, 0x13, 0x05, + 0x06, 0x4E, 0x07, 0xB9, 0xA2, 0xC7, 0x5C, 0x3C, + 0x43, 0x80, 0x1F, 0xCE, 0xB7, 0x36, 0xFE, 0x3D, + 0x27, 0x1B, 0xE1, 0xF3, 0x6B, 0xFF, 0xC8, 0xE4, + 0x3D, 0xB1, 0x4A, 0x16, 0x24, 0x76, 0xBA, 0xEA, + 0x9D, 0x34, 0x6B, 0x52, 0x11, 0xAB, 0xD0, 0x06, + 0x08, 0xB1, 0x5A, 0xF3, 0xB5, 0xE6, 0x3A, 0x00, + 0xFF, 0x92, 0x8D, 0x1E, 0xA1, 0xA1, 0x8D, 0x75, + 0xFA, 0x7C, 0x6C, 0x1B, 0x0F, 0xB6, 0x27, 0x2E, + 0x55, 0xC3, 0xFE, 0x7E, 0x4D, 0x42, 0x05, 0xE5, + 0xCF, 0x0A, 0x1F, 0x87, 0x18, 0x30, 0x4E, 0x14, + 0xF2, 0xB4, 0xCC, 0x54, 0x3D, 0x04, 0x37, 0x34, + 0x1A, 0x4A, 0x31, 0x16, 0x01, 0xA9, 0x2E, 0x92, + 0x56, 0x6B, 0x7D, 0xFB, 0x42, 0x64, 0xE8, 0x70, + 0xE1, 0xB3, 0xA8, 0x75, 0xED, 0xBC, 0x00, 0x3A, + 0x56, 0x19, 0x70, 0xCF, 0x8A, 0x66, 0x9F, 0x3D, + 0x1B, 0x69, 0x28, 0x8C, 0xC6, 0xE3, 0x59, 0xCE, + 0x28, 0xCA, 0x65, 0xF9, 0xDA, 0xE8, 0xCE, 0xCA, + 0x74, 0x3C, 0x1C, 0x8D, 0x9F, 0xFB, 0x55, 0x08, + 0x82, 0x4A, 0x83, 0x61, 0xE3, 0x3B, 0x43, 0x1A, + 0x2E, 0x9E, 0x9A, 0x99, 0x78, 0x47, 0xD2, 0xE6, + 0xE4, 0x3C, 0x83, 0xF0, 0x22, 0x62, 0xE2, 0x94, + 0x6D, 0xF7, 0x72, 0x6D, 0x54, 0xE3, 0xE6, 0xC9, + 0xCC, 0xDB, 0x6D, 0x3F, 0x13, 0x63, 0x46, 0xC1, + 0x1E, 0x59, 0x42, 0xE7, 0xA1, 0xBF, 0x85, 0x0C, + 0x2E, 0x99, 0xB4, 0xFA, 0xCE, 0x75, 0xFD, 0x40, + 0x88, 0x69, 0x33, 0x90, 0x7C, 0xCD, 0xFC, 0x0D, + 0xE1, 0x17, 0x70, 0x20, 0x31, 0x94, 0x1D, 0x00, + 0x1E, 0x2A, 0x68, 0x3C, 0x55, 0x78, 0xFD, 0x33, + 0x54, 0x21, 0x2C, 0xEA, 0xD9, 0x69, 0xBF, 0x1C, + 0x81, 0x23, 0x9E, 0xEC, 0xC7, 0x74, 0xFD, 0x0B, + 0x88, 0x3D, 0x0E, 0xEE, 0x82, 0x4B, 0x10, 0xB8, + 0x79, 0xCF, 0x70, 0x7C, 0xB2, 0x68, 0x47, 0x45, + 0x22, 0x06, 0x1E, 0x92, 0x7B, 0x12, 0x43, 0x24, + 0x41, 0x15, 0xC6, 0x69, 0xE9, 0xEB, 0x27, 0x2B, + 0x60, 0xA6, 0x44, 0xF5, 0x19, 0xEF, 0xEC, 0x06, + 0x34, 0x08, 0xB6, 0x58, 0x47, 0x2E, 0x91, 0x61, + 0xA1, 0xF7, 0x44, 0xFD, 0x66, 0x16, 0x9F, 0x0C, + 0xAE, 0x36, 0xB4, 0x2E, 0x23, 0x79, 0xCB, 0xE8, + 0x1E, 0x6E, 0x51, 0xA0, 0xF5, 0x34, 0x15, 0x18, + 0x4E, 0xA0, 0x06, 0xB2, 0x27, 0x0B, 0x33, 0xE2, + 0xCA, 0x36, 0x4C, 0xDB, 0x33, 0xAA, 0xAE, 0x77, + 0xFF, 0xD9, 0x53, 0xDB, 0x39, 0x70, 0x4D, 0x49, + 0x0C, 0xE9, 0xAC, 0x6F, 0x2D, 0xD1, 0xC7, 0xA1, + 0x8E, 0x61, 0x74, 0x19, 0xA9, 0xAA, 0xFB, 0x37, + 0xE7, 0x23, 0x9B, 0x23, 0x6A, 0x4B, 0x74, 0xCE, + 0x63, 0xE4, 0xA0, 0xAD, 0xFF, 0x85, 0x5D, 0xCD, + 0x78, 0xF6, 0x45, 0x8E, 0x76, 0x0B, 0xFD, 0x1D, + 0x2A, 0xB9, 0x5E, 0x83, 0xC0, 0x3B, 0x6F, 0xAE, + 0x0C, 0xD3, 0xC5, 0xCE, 0xEE, 0xEE, 0x1C, 0x69, + 0x51, 0x59, 0x65, 0xA3, 0x35, 0xFC, 0xF7, 0x8E, + 0x80, 0xAA, 0x73, 0x93, 0x39, 0x54, 0x21, 0x27, + 0x17, 0x0B, 0x2C, 0x3E, 0xE1, 0x0B, 0x0E, 0xAA, + 0x09, 0x9A, 0xC7, 0xAD, 0x4C, 0xD7, 0x6E, 0x7F, + 0xE4, 0xC1, 0x16, 0x4E, 0x62, 0xF4, 0xE5, 0x80, + 0x7D, 0xC0, 0x06, 0x1F, 0x77, 0xE4, 0xA8, 0xA5, + 0x28, 0xD7, 0x10, 0x37, 0x59, 0x30, 0xCB, 0x75, + 0x5B, 0x28, 0xBF, 0xFD, 0x92, 0x8C, 0xB0, 0x7B, + 0xB4, 0xA1, 0x07, 0xCD, 0xCA, 0xBB, 0x30, 0x8A, + 0x48, 0x65, 0x0D, 0xA4, 0xE5, 0x74, 0xD9, 0xBF, + 0x56, 0x07, 0xF5, 0x83, 0xDA, 0xC3, 0x40, 0xD7, + 0x20, 0x93, 0xEF, 0xB1, 0x2B, 0xBF, 0x93, 0x41, + 0x0F, 0x1E, 0xF5, 0xC9, 0x51, 0x6C, 0x74, 0x4D, + 0x23, 0x15, 0xEC, 0x9E, 0x00, 0x0A, 0x8D, 0xC5, + 0xD1, 0x7A, 0x7B, 0x6F, 0x0D, 0x07, 0x9D, 0x78, + 0x4B, 0x6D, 0x90, 0x19, 0x3F, 0x6E, 0x3E, 0xE7, + 0xEA, 0x0E, 0xAB, 0xFC, 0x6F, 0x68, 0xC5, 0x2B, + 0x37, 0xCB, 0xCE, 0x82, 0x18, 0xAF, 0xA3, 0x67, + 0x0A, 0x80, 0xBC, 0x17, 0xB9, 0x5D, 0x7B, 0x40, + 0x53, 0x62, 0x26, 0x35, 0x8F, 0x04, 0xAC, 0xD9, + 0x2A, 0x1B, 0xE1, 0x5B, 0x26, 0xA4, 0xE5, 0x81, + 0x7E, 0x62, 0x8B, 0xA6, 0x79, 0xB3, 0x52, 0x72, + 0x03, 0xCD, 0x36, 0x32, 0x62, 0x8E, 0xC8, 0x3A, + 0xA4, 0xF2, 0x18, 0x6D, 0x2F, 0x00, 0x5D, 0x5D, + 0xFE, 0x6F, 0x7F, 0xDB, 0x4F, 0xED, 0xAC, 0x9E, + 0x89, 0xD6, 0x66, 0xE3, 0x03, 0xBB, 0x56, 0x83, + 0x06, 0x15, 0x6C, 0x56, 0xF0, 0x95, 0x34, 0xE2, + 0x5C, 0x61, 0x9A, 0xB3, 0xB9, 0x50, 0x18, 0xF4, + 0x89, 0x6B, 0xAC, 0xAA, 0x48, 0x34, 0xF6, 0xD2, + 0xD8, 0xFE, 0x14, 0xA9, 0x38, 0xAA, 0x10, 0xE5, + 0x30, 0x54, 0xF0, 0x00, 0x84, 0x44, 0xAC, 0x2E, + 0xEA, 0x25, 0x38, 0xC1, 0x23, 0x0E, 0x6A, 0x18, + 0xC9, 0x2B, 0x01, 0xD9, 0x14, 0x7F, 0xDC, 0xEF, + 0xC9, 0xC8, 0xDA, 0xC1, 0xD4, 0xEC, 0xC8, 0xCF, + 0x1F, 0x96, 0x2E, 0xFA, 0x1B, 0x8C, 0xD3, 0xC9, + 0x69, 0x00, 0x0B, 0x7E, 0xBA, 0xC5, 0x98, 0xDC, + 0xA4, 0x5E, 0xB4, 0x0B, 0xCF, 0xB1, 0x98, 0x51, + 0x48, 0x38, 0x51, 0xCF, 0x34, 0x0F, 0x3E, 0x8C, + 0x23, 0x7A, 0x9E, 0xFF, 0x1C, 0x9F, 0x21, 0xE4, + 0x97, 0x55, 0x41, 0xC6, 0x1A, 0x8F, 0xEF, 0x2A, + 0xC6, 0x05, 0x7F, 0x59, 0xDC, 0xB2, 0x3A, 0x80, + 0xE8, 0x06, 0x10, 0xCD, 0x85, 0xDB, 0x20, 0x3C, + 0x35, 0xD2, 0x4B, 0xC8, 0x2B, 0x9C, 0xD7, 0x82, + 0x46, 0xF5, 0x9F, 0xEB, 0xB2, 0x48, 0x32, 0xD7, + 0xCD, 0x66, 0x4C, 0x99, 0x51, 0x88, 0xE0, 0x28, + 0x1C, 0xD7, 0x86, 0x79, 0x00, 0xDC, 0x0D, 0xF4, + 0x4D, 0x40, 0x90, 0x80, 0x26, 0x8B, 0x79, 0xE9, + 0x56, 0x82, 0x88, 0x5F, 0x22, 0x87, 0x70, 0x73, + 0x4F, 0xA5, 0x35, 0x18, 0xEC, 0x80, 0xCE, 0x23, + 0x06, 0xCE, 0x14, 0x48, 0x52, 0x4E, 0xF0, 0x18, + 0x43, 0x03, 0xD4, 0x50, 0xC7, 0x6E, 0xA6, 0x3B, + 0x73, 0x3E, 0xB0, 0xC8, 0xDC, 0x48, 0xBF, 0x12, + 0x42, 0x3A, 0xD2, 0x38, 0x89, 0xCF, 0xCD, 0xD8, + 0x91, 0xE5, 0x95, 0x00, 0x47, 0x24, 0x0D, 0xC0, + 0xC3, 0x8A, 0xB2, 0xDB, 0xC1, 0x65, 0xB8, 0x1E, + 0x63, 0x10, 0x02, 0xEA, 0x6F, 0x74, 0x11, 0x9E, + 0x27, 0xF9, 0xF8, 0x60, 0x73, 0xBF, 0x2D, 0xF7, + 0x10, 0x81, 0x86, 0x76, 0x98, 0x0C, 0x4C, 0xB6, + 0xBD, 0x53, 0xF9, 0xA5, 0x72, 0x17, 0x78, 0xB8, + 0x9F, 0x59, 0xC6, 0x8C, 0x89, 0x35, 0xF5, 0x03, + 0x1C, 0x8A, 0x93, 0x36, 0x7D, 0x71, 0x70, 0x57, + 0xFD, 0x4D, 0x5E, 0xFA, 0xBE, 0xDE, 0x70, 0x2C, + 0xC6, 0x45, 0xEF, 0xB6, 0xD7, 0xF4, 0x4C, 0x86, + 0x0F, 0xFF, 0x76, 0x37, 0xAA, 0xD9, 0x72, 0x24, + 0x8C, 0x84, 0x4D, 0x15, 0x13, 0x39, 0x20, 0x07, + 0x38, 0x91, 0xC3, 0x13, 0x5D, 0x29, 0x78, 0x68, + 0xB7, 0xDA, 0x86, 0xF0, 0x97, 0xD8, 0xFB, 0x39, + 0xC1, 0x3B, 0xA1, 0x4C, 0x4F, 0x24, 0x75, 0x16, + 0xAB, 0xA4, 0xC5, 0xF8, 0xCE, 0x38, 0x18, 0x48, + 0x2C, 0x8F, 0xF6, 0x0C, 0xCA, 0x51, 0xFD, 0xB2, + 0xCE, 0xE9, 0x6B, 0xC1, 0x13, 0x8D, 0xC0, 0x4A, + 0x86, 0xF8, 0x57, 0x72, 0x75, 0x91, 0xAA, 0xE6, + 0xF8, 0x7C, 0x30, 0x05, 0x9B, 0x3E, 0x81, 0xB6, + 0x80, 0x55, 0xB2, 0x4E, 0xA2, 0xFA, 0x98, 0x36, + 0x86, 0x49, 0x8B, 0xFC, 0x9D, 0x9E, 0x7D, 0x59, + 0x50, 0x79, 0xEB, 0x64, 0x6E, 0x85, 0xB2, 0x12, + 0xCE, 0xDD, 0x21, 0xD0, 0x08, 0x7E, 0x0F, 0x2A, + 0xF6, 0x63, 0xEB, 0x77, 0x2A, 0x98, 0x47, 0xB1, + 0xDF, 0x21, 0x97, 0xAF, 0x13, 0x62, 0x6B, 0x89, + 0x7C, 0x24, 0x63, 0x7A, 0xF5, 0xBF, 0xE8, 0x18, + 0x16, 0xA8, 0xC9, 0x0D, 0x30, 0x48, 0x37, 0x5B, + 0x69, 0x94, 0x97, 0x14, 0x3E, 0x57, 0x71, 0x85, + 0xA7, 0x0E, 0x11, 0x50, 0x58, 0xA3, 0xA9, 0x11, + 0x2B, 0x2C, 0x43, 0x51, 0xB6, 0xCA, 0xD0, 0x09, + 0x28, 0x2B, 0x4F, 0x7C, 0xB8, 0xBD, 0xFC, 0x28, + 0x57, 0x77, 0xD7, 0xDF, 0xE8, 0xF5, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x03, 0x06, 0x0B, 0x11, 0x17, + 0x1F, 0x27, 0x2E + }; +#endif +#endif + + key = (dilithium_key*)XMALLOC(sizeof(*key), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + + if (key != NULL) { + XMEMSET(key, 0, sizeof(*key)); + } + + ExpectIntEQ(wc_dilithium_init_ex(key, NULL, INVALID_DEVID), 0); +#ifndef WOLFSSL_NO_ML_DSA_44 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_44, (word32)sizeof(pk_44), key), + 0); + ExpectIntEQ(wc_dilithium_verify_msg(sig_44, (word32)sizeof(sig_44), msg_44, + (word32)sizeof(msg_44), &res, key), 0); + ExpectIntEQ(res, 1); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_44_DRAFT), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_44_draft, + (word32)sizeof(pk_44_draft), key), 0); + ExpectIntEQ(wc_dilithium_verify_msg(sig_44_draft, + (word32)sizeof(sig_44_draft), msg_44_draft, + (word32)sizeof(msg_44_draft), &res, key), 0); + ExpectIntEQ(res, 1); +#endif +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_65, (word32)sizeof(pk_65), key), + 0); + ExpectIntEQ(wc_dilithium_verify_msg(sig_65, (word32)sizeof(sig_65), msg_65, + (word32)sizeof(msg_65), &res, key), 0); + ExpectIntEQ(res, 1); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_65_DRAFT), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_65_draft, + (word32)sizeof(pk_65_draft), key), 0); + ExpectIntEQ(wc_dilithium_verify_msg(sig_65_draft, + (word32)sizeof(sig_65_draft), msg_65_draft, + (word32)sizeof(msg_65_draft), &res, key), 0); + ExpectIntEQ(res, 1); +#endif +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_87, (word32)sizeof(pk_87), key), + 0); + ExpectIntEQ(wc_dilithium_verify_msg(sig_87, (word32)sizeof(sig_87), msg_87, + (word32)sizeof(msg_87), &res, key), 0); + ExpectIntEQ(res, 1); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + ExpectIntEQ(wc_dilithium_set_level(key, WC_ML_DSA_87_DRAFT), 0); + ExpectIntEQ(wc_dilithium_import_public(pk_87_draft, + (word32)sizeof(pk_87_draft), key), 0); + ExpectIntEQ(wc_dilithium_verify_msg(sig_87_draft, + (word32)sizeof(sig_87_draft), msg_87_draft, + (word32)sizeof(msg_87_draft), &res, key), 0); + ExpectIntEQ(res, 1); +#endif +#endif + + wc_dilithium_free(key); + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) +static struct { + const char* fileName; + byte level; + /* 0: Unsupported, 1: Supported*/ + int p8_lv; /* Support PKCS8 format with specifying level */ + int p8_nolv; /* Support PKCS8 format without specifying level */ + int trad_lv; /* Support traditional format with specifying level */ + int trad_nolv; /* Support traditional format without specifying level */ +} ossl_form[] = { + /* + * Generated test files with the following commands: + * openssl genpkey -outform DER -algorithm ${ALGO} \ + * -provparam ml-dsa.output_formats=${OUT_FORM} -out ${OUT_FILE} + */ + +#ifndef WOLFSSL_NO_ML_DSA_44 + /* ALGO=ML-DSA-44, OUT_FORM=seed-only, OUT_FILE=mldsa44_seed-only.der */ + {"certs/mldsa/mldsa44_seed-only.der", WC_ML_DSA_44, 1, 1, 1, 0}, + /* ALGO=ML-DSA-44, OUT_FORM=priv-only, OUT_FILE=mldsa44_priv-only.der */ + {"certs/mldsa/mldsa44_priv-only.der", WC_ML_DSA_44, 1, 1, 1, 0}, + /* ALGO=ML-DSA-44, OUT_FORM=seed-priv, OUT_FILE=mldsa44_seed-priv.der */ + {"certs/mldsa/mldsa44_seed-priv.der", WC_ML_DSA_44, 1, 1, 1, 0}, + /* ALGO=ML-DSA-44, OUT_FORM=oqskeypair, OUT_FILE=mldsa44_oqskeypair.der */ + {"certs/mldsa/mldsa44_oqskeypair.der", WC_ML_DSA_44, 1, 1, 1, 0}, + /* ALGO=ML-DSA-44, OUT_FORM=bare-seed, OUT_FILE=mldsa44_bare-seed.der */ + {"certs/mldsa/mldsa44_bare-seed.der", WC_ML_DSA_44, 0, 0, 0, 0}, + /* ALGO=ML-DSA-44, OUT_FORM=bare-priv, OUT_FILE=mldsa44_bare-priv.der */ + {"certs/mldsa/mldsa44_bare-priv.der", WC_ML_DSA_44, 0, 0, 0, 0}, +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + /* ALGO=ML-DSA-65, OUT_FORM=seed-only, OUT_FILE=mldsa65_seed-only.der */ + {"certs/mldsa/mldsa65_seed-only.der", WC_ML_DSA_65, 1, 1, 1, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=priv-only, OUT_FILE=mldsa65_priv-only.der */ + {"certs/mldsa/mldsa65_priv-only.der", WC_ML_DSA_65, 1, 1, 1, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=seed-priv, OUT_FILE=mldsa65_seed-priv.der */ + {"certs/mldsa/mldsa65_seed-priv.der", WC_ML_DSA_65, 1, 1, 1, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=oqskeypair, OUT_FILE=mldsa65_oqskeypair.der */ + {"certs/mldsa/mldsa65_oqskeypair.der", WC_ML_DSA_65, 1, 1, 1, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=bare-seed, OUT_FILE=mldsa65_bare-seed.der */ + {"certs/mldsa/mldsa65_bare-seed.der", WC_ML_DSA_65, 0, 0, 0, 0}, + /* ALGO=ML-DSA-65, OUT_FORM=bare-priv, OUT_FILE=mldsa65_bare-priv.der */ + {"certs/mldsa/mldsa65_bare-priv.der", WC_ML_DSA_65, 0, 0, 0, 0}, +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + /* ALGO=ML-DSA-87, OUT_FORM=seed-only, OUT_FILE=mldsa87_seed-only.der */ + {"certs/mldsa/mldsa87_seed-only.der", WC_ML_DSA_87, 1, 1, 1, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=priv-only, OUT_FILE=mldsa87_priv-only.der */ + {"certs/mldsa/mldsa87_priv-only.der", WC_ML_DSA_87, 1, 1, 1, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=seed-priv, OUT_FILE=mldsa87_seed-priv.der */ + {"certs/mldsa/mldsa87_seed-priv.der", WC_ML_DSA_87, 1, 1, 1, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=oqskeypair, OUT_FILE=mldsa87_oqskeypair.der */ + {"certs/mldsa/mldsa87_oqskeypair.der", WC_ML_DSA_87, 1, 1, 1, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=bare-seed, OUT_FILE=mldsa87_bare-seed.der */ + {"certs/mldsa/mldsa87_bare-seed.der", WC_ML_DSA_87, 0, 0, 0, 0}, + /* ALGO=ML-DSA-87, OUT_FORM=bare-priv, OUT_FILE=mldsa87_bare-priv.der */ + {"certs/mldsa/mldsa87_bare-priv.der", WC_ML_DSA_87, 0, 0, 0, 0} +#endif +}; +#endif + +int test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form(void) +{ + EXPECT_DECLS; + +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) + + byte* der = NULL; + size_t derMaxSz = ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE; + size_t derSz = 0; + FILE* fp = NULL; + word32 inOutIdx = 0; + word32 inOutIdx2 = 0; + dilithium_key key; + int expect = 0; + int pkeySz = 0; + byte level = 0; + + ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + + for (size_t i = 0; i < sizeof(ossl_form) / sizeof(ossl_form[0]); ++i) { + ExpectNotNull(fp = XFOPEN(ossl_form[i].fileName, "rb")); + ExpectIntGT(derSz = XFREAD(der, 1, derMaxSz, fp), 0); + ExpectIntEQ(XFCLOSE(fp), 0); + + /* Specify a level with PKCS8 format */ + XMEMSET(&key, 0, sizeof(key)); + ExpectIntEQ(wc_dilithium_init(&key), 0); + ExpectIntEQ(wc_dilithium_set_level(&key, ossl_form[i].level), 0); + inOutIdx = 0; + expect = ossl_form[i].p8_lv ? 0 : ASN_PARSE_E; + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &inOutIdx, &key, + (word32)derSz), expect); + if (expect == 0) { + ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0); + ExpectIntEQ(level, ossl_form[i].level); + } + wc_dilithium_free(&key); + + /* Not specify a level with PKCS8 format */ + XMEMSET(&key, 0, sizeof(key)); + ExpectIntEQ(wc_dilithium_init(&key), 0); + inOutIdx = 0; + expect = ossl_form[i].p8_nolv ? 0 : ASN_PARSE_E; + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der, &inOutIdx, &key, + (word32)derSz), expect); + if (expect == 0) { + ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0); + ExpectIntEQ(level, ossl_form[i].level); + } + wc_dilithium_free(&key); + + /* Specify a level with traditional format */ + XMEMSET(&key, 0, sizeof(key)); + ExpectIntEQ(wc_dilithium_init(&key), 0); + ExpectIntEQ(wc_dilithium_set_level(&key, ossl_form[i].level), 0); + inOutIdx = 0; + expect = ossl_form[i].trad_lv ? 0 : ASN_PARSE_E; + ExpectIntGT(pkeySz = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, + (word32)derSz), 0); + inOutIdx2 = 0; + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der + inOutIdx, &inOutIdx2, + &key, (word32)pkeySz), expect); + if (expect == 0) { + ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0); + ExpectIntEQ(level, ossl_form[i].level); + } + wc_dilithium_free(&key); + + /* Not specify a level with traditional format */ + XMEMSET(&key, 0, sizeof(key)); + ExpectIntEQ(wc_dilithium_init(&key), 0); + inOutIdx = 0; + expect = ossl_form[i].trad_nolv ? 0 : ASN_PARSE_E; + ExpectIntGT(pkeySz = wc_GetPkcs8TraditionalOffset(der, &inOutIdx, + (word32)derSz), 0); + inOutIdx2 = 0; + ExpectIntEQ(wc_Dilithium_PrivateKeyDecode(der + inOutIdx, &inOutIdx2, + &key, (word32)pkeySz), expect); + if (expect == 0) { + ExpectIntEQ(wc_dilithium_get_level(&key, &level), 0); + ExpectIntEQ(level, ossl_form[i].level); + } + wc_dilithium_free(&key); + } + + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +int test_mldsa_pkcs8_import_OpenSSL_form(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + defined(HAVE_DILITHIUM) && defined(WOLFSSL_WC_DILITHIUM) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) && \ + !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) + + byte* der = NULL; + size_t derMaxSz = ML_DSA_LEVEL5_BOTH_KEY_DER_SIZE; + size_t derSz = 0; + WOLFSSL_CTX* ctx = NULL; + FILE* fp = NULL; +#ifdef WOLFSSL_DER_TO_PEM + byte* pem = NULL; + size_t pemMaxSz = ML_DSA_LEVEL5_BOTH_KEY_PEM_SIZE; + size_t pemSz = 0; +#endif /* WOLFSSL_DER_TO_PEM */ + + ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); +#ifdef WOLFSSL_DER_TO_PEM + ExpectNotNull(pem = (byte*) XMALLOC(pemMaxSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); +#endif /* WOLFSSL_DER_TO_PEM */ + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif /* NO_WOLFSSL_SERVER */ + + for (size_t i = 0; i < sizeof(ossl_form) / sizeof(ossl_form[0]); ++i) { + ExpectNotNull(fp = XFOPEN(ossl_form[i].fileName, "rb")); + ExpectIntGT(derSz = XFREAD(der, 1, derMaxSz, fp), 0); + ExpectIntEQ(XFCLOSE(fp), 0); + + /* DER */ + if (ossl_form[i].p8_nolv) { + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_BAD_FILE); + } + +#ifdef WOLFSSL_DER_TO_PEM + /* PEM */ + ExpectIntGT(pemSz = wc_DerToPem(der, (word32)derSz, pem, + (word32)pemMaxSz, PKCS8_PRIVATEKEY_TYPE), 0); + if (ossl_form[i].p8_nolv) { + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, pem, pemSz, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + } + else { + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, pem, pemSz, + WOLFSSL_FILETYPE_PEM), ASN_PARSE_E); + } +#endif /* WOLFSSL_DER_TO_PEM */ + } + + wolfSSL_CTX_free(ctx); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef WOLFSSL_DER_TO_PEM + XFREE(pem, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_DER_TO_PEM */ +#endif + return EXPECT_RESULT(); +} + +int test_mldsa_pkcs8_export_import_wolfSSL_form(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && defined(HAVE_PKCS8) && \ + defined(HAVE_DILITHIUM) && !defined(NO_TLS) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ + !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) && \ + !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) + + WOLFSSL_CTX* ctx = NULL; + size_t i; + const int derMaxSz = DILITHIUM_MAX_BOTH_KEY_DER_SIZE; + const int tempMaxSz = DILITHIUM_MAX_BOTH_KEY_PEM_SIZE; + byte* der = NULL; + byte* temp = NULL; /* Store PEM or intermediate key */ + word32 derSz = 0; + word32 pemSz = 0; + dilithium_key mldsa_key; + WC_RNG rng; + int ret; + + struct { + int wcId; + int oidSum; + int keySz; + } test_variant[] = { +#ifndef WOLFSSL_NO_ML_DSA_44 + {WC_ML_DSA_44, ML_DSA_LEVEL2k, ML_DSA_LEVEL2_PRV_KEY_SIZE}, +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + {WC_ML_DSA_65, ML_DSA_LEVEL3k, ML_DSA_LEVEL3_PRV_KEY_SIZE}, +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + {WC_ML_DSA_87, ML_DSA_LEVEL5k, ML_DSA_LEVEL5_PRV_KEY_SIZE} +#endif + }; + + (void) pemSz; + + XMEMSET(&rng, 0, sizeof(rng)); + + ExpectNotNull(der = (byte*) XMALLOC(derMaxSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectNotNull(temp = (byte*) XMALLOC(tempMaxSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif /* NO_WOLFSSL_SERVER */ + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_dilithium_init(&mldsa_key), 0); + + /* Test private + public key (separated format) */ + for (i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { + ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, + test_variant[i].wcId), 0); + ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); + + ExpectIntGT(derSz = wc_Dilithium_KeyToDer(&mldsa_key, der, derMaxSz), + 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + +#ifdef WOLFSSL_DER_TO_PEM + ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, + PKCS8_PRIVATEKEY_TYPE), 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif /* WOLFSSL_DER_TO_PEM */ + } + + /* Test private key only */ + for (i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { + ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), + 0); + ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); + + ExpectIntGT(derSz = wc_Dilithium_PrivateKeyToDer(&mldsa_key, der, + derMaxSz), 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, der, derSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + +#ifdef WOLFSSL_DER_TO_PEM + ExpectIntGT(pemSz = wc_DerToPem(der, derSz, temp, tempMaxSz, + PKCS8_PRIVATEKEY_TYPE), 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, temp, pemSz, + WOLFSSL_FILETYPE_PEM), WOLFSSL_SUCCESS); +#endif /* WOLFSSL_DER_TO_PEM */ + } + + wc_dilithium_free(&mldsa_key); + ret = wc_FreeRng(&rng); + ExpectIntEQ(ret, 0); + wolfSSL_CTX_free(ctx); + XFREE(temp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + +#endif + return EXPECT_RESULT(); +} + +int test_mldsa_pkcs12(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && defined(HAVE_PKCS12) && \ + defined(HAVE_DILITHIUM) && !defined(NO_TLS) && \ + !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ + !defined(NO_CERTS) && !defined(NO_DES3) && \ + (!defined(NO_WOLFSSL_CLIENT) || !defined(NO_WOLFSSL_SERVER)) && \ + defined(WOLFSSL_CERT_GEN) + + WOLFSSL_CTX* ctx = NULL; + word32 i; + byte* inKey = NULL; + byte* inCert = NULL; + const word32 inKeyHeaderSz = 4; + const word32 inKeyMaxSz = inKeyHeaderSz + DILITHIUM_MAX_PRV_KEY_SIZE; + const word32 certConstSz = 412; + const word32 inCertMaxSz = + certConstSz + DILITHIUM_MAX_PUB_KEY_SIZE + + WOLFSSL_ASN_MAX_LENGTH_SZ + DILITHIUM_MAX_SIG_SIZE; + /* max signature size + ASN1 encoding */ + + const word32 pkcs8HeaderSz = 24; + WC_RNG rng; + dilithium_key mldsa_key; + char pkcs12Passwd[] = "mldsa"; + int ret; + + struct { + int enc; + int wcId; + int oidSum; + int keySz; + int sigType; + int keyType; + } test_variant[] = { + {PBE_SHA1_DES3, WC_ML_DSA_44, ML_DSA_LEVEL2k, + ML_DSA_LEVEL2_PRV_KEY_SIZE, CTC_ML_DSA_LEVEL2, ML_DSA_LEVEL2_TYPE}, + {PBE_SHA1_DES3, WC_ML_DSA_65, ML_DSA_LEVEL3k, + ML_DSA_LEVEL3_PRV_KEY_SIZE, CTC_ML_DSA_LEVEL3, ML_DSA_LEVEL3_TYPE}, + {PBE_SHA1_DES3, WC_ML_DSA_87, ML_DSA_LEVEL5k, + ML_DSA_LEVEL5_PRV_KEY_SIZE, CTC_ML_DSA_LEVEL5, ML_DSA_LEVEL5_TYPE}, + {-1, WC_ML_DSA_44, ML_DSA_LEVEL2k, + ML_DSA_LEVEL2_PRV_KEY_SIZE, CTC_ML_DSA_LEVEL2, ML_DSA_LEVEL2_TYPE}, + {-1, WC_ML_DSA_65, ML_DSA_LEVEL3k, + ML_DSA_LEVEL3_PRV_KEY_SIZE, CTC_ML_DSA_LEVEL3, ML_DSA_LEVEL3_TYPE}, + {-1, WC_ML_DSA_87, ML_DSA_LEVEL5k, + ML_DSA_LEVEL5_PRV_KEY_SIZE, CTC_ML_DSA_LEVEL5, ML_DSA_LEVEL5_TYPE}, + }; + + XMEMSET(&rng, 0, sizeof(rng)); + + ExpectNotNull(inKey = (byte*) XMALLOC(inKeyMaxSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectNotNull(inCert = (byte*) XMALLOC(inCertMaxSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + +#ifndef NO_WOLFSSL_SERVER + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_server_method())); +#else + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#endif /* NO_WOLFSSL_SERVER */ + + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_dilithium_init(&mldsa_key), 0); + + for (i = 0; i < sizeof(test_variant) / sizeof(test_variant[0]); ++i) { + WC_PKCS12* pkcs12Export = NULL; + WC_PKCS12* pkcs12Import = NULL; + byte* pkcs12Der = NULL; + byte* outKey = NULL; + byte* outCert = NULL; + word32 inKeySz = 0; + word32 inCertSz = 0; + word32 pkcs12DerSz = 0; + word32 outKeySz = 0; + word32 outCertSz = 0; + Cert cert; + word32 size; + + if (EXPECT_FAIL()) + break; + + /* Create a key for wc_PKCS12_create() */ + inKeySz = 0; + inKey[0] = 0x04; /* ASN.1 OCTET STRING */ + inKey[1] = 0x82; /* 2 bytes length field */ + inKey[2] = (test_variant[i].keySz >> 8) & 0xff; /* MSB of the length */ + inKey[3] = test_variant[i].keySz & 0xff; /* LSB of the length */ + inKeySz += inKeyHeaderSz; + ExpectIntEQ(wc_dilithium_set_level(&mldsa_key, test_variant[i].wcId), + 0); + ExpectIntEQ(wc_dilithium_make_key(&mldsa_key, &rng), 0); + size = inKeyMaxSz - inKeySz; + ExpectIntEQ(wc_dilithium_export_private(&mldsa_key, inKey + inKeySz, + &size), 0); + inKeySz += size; + size = inKeyMaxSz - inKeySz; + ExpectIntEQ(wc_dilithium_export_public(&mldsa_key, inKey + inKeySz, + &size), 0); + inKeySz += size; + + /* Create a certificate for wc_PKCS12_create() */ + ExpectIntEQ(wc_InitCert(&cert), 0); + XSTRNCPY(cert.subject.country, "US", CTC_NAME_SIZE); + XSTRNCPY(cert.subject.state, "MT", CTC_NAME_SIZE); + XSTRNCPY(cert.subject.locality, "Bozeman", CTC_NAME_SIZE); + XSTRNCPY(cert.subject.org, "wolfSSL", CTC_NAME_SIZE); + XSTRNCPY(cert.subject.unit, "Engineering", CTC_NAME_SIZE); + XSTRNCPY(cert.subject.commonName, "www.wolfssl.com", CTC_NAME_SIZE); + XSTRNCPY(cert.subject.email, "root@wolfssl.com", CTC_NAME_SIZE); + XSTRNCPY((char*)cert.beforeDate, "\x18\x0f""20250101000000Z", + CTC_DATE_SIZE); + cert.beforeDateSz = 17; + XSTRNCPY((char*)cert.afterDate, "\x18\x0f""20491231115959Z", + CTC_DATE_SIZE); + cert.afterDateSz = 17; + cert.selfSigned = 1; + cert.sigType = test_variant[i].sigType; + cert.isCA = 0; + ExpectIntGE(inCertSz = wc_MakeCert_ex(&cert, inCert, inCertMaxSz, + test_variant[i].keyType, &mldsa_key, &rng), 0); + ExpectIntGE(inCertSz = wc_SignCert_ex(cert.bodySz, cert.sigType, inCert, + inCertMaxSz, test_variant[i].keyType, &mldsa_key, &rng), 0); + + ExpectNotNull(pkcs12Export = wc_PKCS12_create(pkcs12Passwd, + sizeof(pkcs12Passwd) - 1, + (char*) "friendlyName" /* not used currently */, + (byte*) inKey, inKeySz, (byte*) inCert, inCertSz, + NULL, test_variant[i].enc, test_variant[i].enc, 100, 100, + 0 /* not used currently */, NULL)); + pkcs12Der = NULL; + ExpectIntGE((pkcs12DerSz = wc_i2d_PKCS12(pkcs12Export, &pkcs12Der, + NULL)), 0); + + ExpectNotNull(pkcs12Import = wc_PKCS12_new_ex(NULL)); + ExpectIntGE(wc_d2i_PKCS12(pkcs12Der, pkcs12DerSz, pkcs12Import), 0); + ExpectIntEQ(wc_PKCS12_parse_ex(pkcs12Import, pkcs12Passwd, &outKey, + &outKeySz, + &outCert, &outCertSz, NULL, 1), 0); + ExpectIntGT(outKeySz, 0); + ExpectIntGT(outCertSz, 0); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_buffer(ctx, outKey, outKeySz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_use_certificate_buffer(ctx, outCert, outCertSz, + WOLFSSL_FILETYPE_ASN1), WOLFSSL_SUCCESS); + + ExpectIntEQ(inKeySz, outKeySz - pkcs8HeaderSz); + ExpectIntEQ(XMEMCMP(inKey, outKey + pkcs8HeaderSz, inKeySz), 0); + ExpectIntEQ(inCertSz, outCertSz); + ExpectIntEQ(XMEMCMP(inCert, outCert, inCertSz), 0); + + XFREE(outKey, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(outCert, NULL, DYNAMIC_TYPE_PKCS); + wc_PKCS12_free(pkcs12Import); + XFREE(pkcs12Der, NULL, DYNAMIC_TYPE_PKCS); + wc_PKCS12_free(pkcs12Export); + } + + wc_dilithium_free(&mldsa_key); + ret = wc_FreeRng(&rng); + ExpectIntEQ(ret, 0); + wolfSSL_CTX_free(ctx); + XFREE(inCert, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(inKey, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} diff --git a/test/ssl/wolfssl/tests/api/test_mldsa.h b/test/ssl/wolfssl/tests/api/test_mldsa.h new file mode 100644 index 000000000..488c3a2b3 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_mldsa.h @@ -0,0 +1,60 @@ +/* test_mldsa.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_MLDSA_H +#define WOLFCRYPT_TEST_MLDSA_H + +#include + +int test_wc_dilithium(void); +int test_wc_dilithium_make_key(void); +int test_wc_dilithium_sign(void); +int test_wc_dilithium_verify(void); +int test_wc_dilithium_sign_vfy(void); +int test_wc_dilithium_check_key(void); +int test_wc_dilithium_public_der_decode(void); +int test_wc_dilithium_der(void); +int test_wc_dilithium_make_key_from_seed(void); +int test_wc_dilithium_sig_kats(void); +int test_wc_dilithium_verify_kats(void); +int test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form(void); +int test_mldsa_pkcs8_import_OpenSSL_form(void); +int test_mldsa_pkcs8_export_import_wolfSSL_form(void); +int test_mldsa_pkcs12(void); + +#define TEST_MLDSA_DECLS \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_sign_vfy), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_check_key), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_public_der_decode), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_der), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_make_key_from_seed), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_sig_kats), \ + TEST_DECL_GROUP("mldsa", test_wc_dilithium_verify_kats), \ + TEST_DECL_GROUP("mldsa", test_wc_Dilithium_PrivateKeyDecode_OpenSSL_form), \ + TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_import_OpenSSL_form), \ + TEST_DECL_GROUP("mldsa", test_mldsa_pkcs8_export_import_wolfSSL_form), \ + TEST_DECL_GROUP("mldsa", test_mldsa_pkcs12) + +#endif /* WOLFCRYPT_TEST_MLDSA_H */ diff --git a/test/ssl/wolfssl/tests/api/test_mlkem.c b/test/ssl/wolfssl/tests/api/test_mlkem.c new file mode 100644 index 000000000..5dcf14ddd --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_mlkem.c @@ -0,0 +1,3874 @@ +/* test_mlkem.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#ifdef WOLFSSL_HAVE_MLKEM + #include +#ifdef WOLFSSL_WC_MLKEM + #include +#endif +#endif +#include +#include +#include + +int test_wc_mlkem_make_key_kats(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_HAVE_MLKEM) && defined(WOLFSSL_WC_MLKEM) && \ + !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) + MlKemKey* key; +#ifndef WOLFSSL_NO_ML_KEM_512 + static const byte seed_512[WC_ML_KEM_MAKEKEY_RAND_SZ] = { + /* d */ + 0x2C, 0xB8, 0x43, 0xA0, 0x2E, 0xF0, 0x2E, 0xE1, + 0x09, 0x30, 0x5F, 0x39, 0x11, 0x9F, 0xAB, 0xF4, + 0x9A, 0xB9, 0x0A, 0x57, 0xFF, 0xEC, 0xB3, 0xA0, + 0xE7, 0x5E, 0x17, 0x94, 0x50, 0xF5, 0x27, 0x61, + /* z */ + 0x84, 0xCC, 0x91, 0x21, 0xAE, 0x56, 0xFB, 0xF3, + 0x9E, 0x67, 0xAD, 0xBD, 0x83, 0xAD, 0x2D, 0x3E, + 0x3B, 0xB8, 0x08, 0x43, 0x64, 0x52, 0x06, 0xBD, + 0xD9, 0xF2, 0xF6, 0x29, 0xE3, 0xCC, 0x49, 0xB7 + }; + static const byte ek_512[WC_ML_KEM_512_PUBLIC_KEY_SIZE] = { + 0xA3, 0x24, 0x39, 0xF8, 0x5A, 0x3C, 0x21, 0xD2, + 0x1A, 0x71, 0xB9, 0xB9, 0x2A, 0x9B, 0x64, 0xEA, + 0x0A, 0xB8, 0x43, 0x12, 0xC7, 0x70, 0x23, 0x69, + 0x4F, 0xD6, 0x4E, 0xAA, 0xB9, 0x07, 0xA4, 0x35, + 0x39, 0xDD, 0xB2, 0x7B, 0xA0, 0xA8, 0x53, 0xCC, + 0x90, 0x69, 0xEA, 0xC8, 0x50, 0x8C, 0x65, 0x3E, + 0x60, 0x0B, 0x2A, 0xC0, 0x18, 0x38, 0x1B, 0x4B, + 0xB4, 0xA8, 0x79, 0xAC, 0xDA, 0xD3, 0x42, 0xF9, + 0x11, 0x79, 0xCA, 0x82, 0x49, 0x52, 0x5C, 0xB1, + 0x96, 0x8B, 0xBE, 0x52, 0xF7, 0x55, 0xB7, 0xF5, + 0xB4, 0x3D, 0x66, 0x63, 0xD7, 0xA3, 0xBF, 0x0F, + 0x33, 0x57, 0xD8, 0xA2, 0x1D, 0x15, 0xB5, 0x2D, + 0xB3, 0x81, 0x8E, 0xCE, 0x5B, 0x40, 0x2A, 0x60, + 0xC9, 0x93, 0xE7, 0xCF, 0x43, 0x64, 0x87, 0xB8, + 0xD2, 0xAE, 0x91, 0xE6, 0xC5, 0xB8, 0x82, 0x75, + 0xE7, 0x58, 0x24, 0xB0, 0x00, 0x7E, 0xF3, 0x12, + 0x3C, 0x0A, 0xB5, 0x1B, 0x5C, 0xC6, 0x1B, 0x9B, + 0x22, 0x38, 0x0D, 0xE6, 0x6C, 0x5B, 0x20, 0xB0, + 0x60, 0xCB, 0xB9, 0x86, 0xF8, 0x12, 0x3D, 0x94, + 0x06, 0x00, 0x49, 0xCD, 0xF8, 0x03, 0x68, 0x73, + 0xA7, 0xBE, 0x10, 0x94, 0x44, 0xA0, 0xA1, 0xCD, + 0x87, 0xA4, 0x8C, 0xAE, 0x54, 0x19, 0x24, 0x84, + 0xAF, 0x84, 0x44, 0x29, 0xC1, 0xC5, 0x8C, 0x29, + 0xAC, 0x62, 0x4C, 0xD5, 0x04, 0xF1, 0xC4, 0x4F, + 0x1E, 0x13, 0x47, 0x82, 0x2B, 0x6F, 0x22, 0x13, + 0x23, 0x85, 0x9A, 0x7F, 0x6F, 0x75, 0x4B, 0xFE, + 0x71, 0x0B, 0xDA, 0x60, 0x27, 0x62, 0x40, 0xA4, + 0xFF, 0x2A, 0x53, 0x50, 0x70, 0x37, 0x86, 0xF5, + 0x67, 0x1F, 0x44, 0x9F, 0x20, 0xC2, 0xA9, 0x5A, + 0xE7, 0xC2, 0x90, 0x3A, 0x42, 0xCB, 0x3B, 0x30, + 0x3F, 0xF4, 0xC4, 0x27, 0xC0, 0x8B, 0x11, 0xB4, + 0xCD, 0x31, 0xC4, 0x18, 0xC6, 0xD1, 0x8D, 0x08, + 0x61, 0x87, 0x3B, 0xFA, 0x03, 0x32, 0xF1, 0x12, + 0x71, 0x55, 0x2E, 0xD7, 0xC0, 0x35, 0xF0, 0xE4, + 0xBC, 0x42, 0x8C, 0x43, 0x72, 0x0B, 0x39, 0xA6, + 0x51, 0x66, 0xBA, 0x9C, 0x2D, 0x3D, 0x77, 0x0E, + 0x13, 0x03, 0x60, 0xCC, 0x23, 0x84, 0xE8, 0x30, + 0x95, 0xB1, 0xA1, 0x59, 0x49, 0x55, 0x33, 0xF1, + 0x16, 0xC7, 0xB5, 0x58, 0xB6, 0x50, 0xDB, 0x04, + 0xD5, 0xA2, 0x6E, 0xAA, 0xA0, 0x8C, 0x3E, 0xE5, + 0x7D, 0xE4, 0x5A, 0x7F, 0x88, 0xC6, 0xA3, 0xCE, + 0xB2, 0x4D, 0xC5, 0x39, 0x7B, 0x88, 0xC3, 0xCE, + 0xF0, 0x03, 0x31, 0x9B, 0xB0, 0x23, 0x3F, 0xD6, + 0x92, 0xFD, 0xA1, 0x52, 0x44, 0x75, 0xB3, 0x51, + 0xF3, 0xC7, 0x82, 0x18, 0x2D, 0xEC, 0xF5, 0x90, + 0xB7, 0x72, 0x3B, 0xE4, 0x00, 0xBE, 0x14, 0x80, + 0x9C, 0x44, 0x32, 0x99, 0x63, 0xFC, 0x46, 0x95, + 0x92, 0x11, 0xD6, 0xA6, 0x23, 0x33, 0x95, 0x37, + 0x84, 0x8C, 0x25, 0x16, 0x69, 0x94, 0x1D, 0x90, + 0xB1, 0x30, 0x25, 0x8A, 0xDF, 0x55, 0xA7, 0x20, + 0xA7, 0x24, 0xE8, 0xB6, 0xA6, 0xCA, 0xE3, 0xC2, + 0x26, 0x4B, 0x16, 0x24, 0xCC, 0xBE, 0x7B, 0x45, + 0x6B, 0x30, 0xC8, 0xC7, 0x39, 0x32, 0x94, 0xCA, + 0x51, 0x80, 0xBC, 0x83, 0x7D, 0xD2, 0xE4, 0x5D, + 0xBD, 0x59, 0xB6, 0xE1, 0x7B, 0x24, 0xFE, 0x93, + 0x05, 0x2E, 0xB7, 0xC4, 0x3B, 0x27, 0xAC, 0x3D, + 0xC2, 0x49, 0xCA, 0x0C, 0xBC, 0xA4, 0xFB, 0x58, + 0x97, 0xC0, 0xB7, 0x44, 0x08, 0x8A, 0x8A, 0x07, + 0x79, 0xD3, 0x22, 0x33, 0x82, 0x6A, 0x01, 0xDD, + 0x64, 0x89, 0x95, 0x2A, 0x48, 0x25, 0xE5, 0x35, + 0x8A, 0x70, 0x0B, 0xE0, 0xE1, 0x79, 0xAC, 0x19, + 0x77, 0x10, 0xD8, 0x3E, 0xCC, 0x85, 0x3E, 0x52, + 0x69, 0x5E, 0x9B, 0xF8, 0x7B, 0xB1, 0xF6, 0xCB, + 0xD0, 0x5B, 0x02, 0xD4, 0xE6, 0x79, 0xE3, 0xB8, + 0x8D, 0xD4, 0x83, 0xB0, 0x74, 0x9B, 0x11, 0xBD, + 0x37, 0xB3, 0x83, 0xDC, 0xCA, 0x71, 0xF9, 0x09, + 0x18, 0x34, 0xA1, 0x69, 0x55, 0x02, 0xC4, 0xB9, + 0x5F, 0xC9, 0x11, 0x8C, 0x1C, 0xFC, 0x34, 0xC8, + 0x4C, 0x22, 0x65, 0xBB, 0xBC, 0x56, 0x3C, 0x28, + 0x26, 0x66, 0xB6, 0x0A, 0xE5, 0xC7, 0xF3, 0x85, + 0x1D, 0x25, 0xEC, 0xBB, 0x50, 0x21, 0xCC, 0x38, + 0xCB, 0x73, 0xEB, 0x6A, 0x34, 0x11, 0xB1, 0xC2, + 0x90, 0x46, 0xCA, 0x66, 0x54, 0x06, 0x67, 0xD1, + 0x36, 0x95, 0x44, 0x60, 0xC6, 0xFC, 0xBC, 0x4B, + 0xC7, 0xC0, 0x49, 0xBB, 0x04, 0x7F, 0xA6, 0x7A, + 0x63, 0xB3, 0xCC, 0x11, 0x11, 0xC1, 0xD8, 0xAC, + 0x27, 0xE8, 0x05, 0x8B, 0xCC, 0xA4, 0xA1, 0x54, + 0x55, 0x85, 0x8A, 0x58, 0x35, 0x8F, 0x7A, 0x61, + 0x02, 0x0B, 0xC9, 0xC4, 0xC1, 0x7F, 0x8B, 0x95, + 0xC2, 0x68, 0xCC, 0xB4, 0x04, 0xB9, 0xAA, 0xB4, + 0xA2, 0x72, 0xA2, 0x1A, 0x70, 0xDA, 0xF6, 0xB6, + 0xF1, 0x51, 0x21, 0xEE, 0x01, 0xC1, 0x56, 0xA3, + 0x54, 0xAA, 0x17, 0x08, 0x7E, 0x07, 0x70, 0x2E, + 0xAB, 0x38, 0xB3, 0x24, 0x1F, 0xDB, 0x55, 0x3F, + 0x65, 0x73, 0x39, 0xD5, 0xE2, 0x9D, 0xC5, 0xD9, + 0x1B, 0x7A, 0x5A, 0x82, 0x8E, 0xE9, 0x59, 0xFE, + 0xBB, 0x90, 0xB0, 0x72, 0x29, 0xF6, 0xE4, 0x9D, + 0x23, 0xC3, 0xA1, 0x90, 0x29, 0x70, 0x42, 0xFB, + 0x43, 0x98, 0x69, 0x55, 0xB6, 0x9C, 0x28, 0xE1, + 0x01, 0x6F, 0x77, 0xA5, 0x8B, 0x43, 0x15, 0x14, + 0xD2, 0x1B, 0x88, 0x88, 0x99, 0xC3, 0x60, 0x82, + 0x76, 0x08, 0x1B, 0x75, 0xF5, 0x68, 0x09, 0x7C, + 0xDC, 0x17, 0x48, 0xF3, 0x23, 0x07, 0x88, 0x58, + 0x15, 0xF3, 0xAE, 0xC9, 0x65, 0x18, 0x19, 0xAA, + 0x68, 0x73, 0xD1, 0xA4, 0xEB, 0x83, 0xB1, 0x95, + 0x38, 0x43, 0xB9, 0x34, 0x22, 0x51, 0x94, 0x83, + 0xFE, 0xF0, 0x05, 0x9D, 0x36, 0xBB, 0x2D, 0xB1, + 0xF3, 0xD4, 0x68, 0xFB, 0x06, 0x8C, 0x86, 0xE8, + 0x97, 0x37, 0x33, 0xC3, 0x98, 0xEA, 0xF0, 0x0E, + 0x17, 0x02, 0xC6, 0x73, 0x4A, 0xD8, 0xEB, 0x3B + }; + static const byte dk_512[WC_ML_KEM_512_PRIVATE_KEY_SIZE] = { + 0x7F, 0xE4, 0x20, 0x6F, 0x26, 0xBE, 0xDB, 0x64, + 0xC1, 0xED, 0x00, 0x09, 0x61, 0x52, 0x45, 0xDC, + 0x98, 0x48, 0x3F, 0x66, 0x3A, 0xCC, 0x61, 0x7E, + 0x65, 0x89, 0x8D, 0x59, 0x6A, 0x88, 0x36, 0xC4, + 0x9F, 0xBD, 0x3B, 0x4A, 0x84, 0x97, 0x59, 0xAA, + 0x15, 0x46, 0xBD, 0xA8, 0x35, 0xCA, 0xF1, 0x75, + 0x64, 0x2C, 0x28, 0x28, 0x08, 0x92, 0xA7, 0x87, + 0x8C, 0xC3, 0x18, 0xBC, 0xC7, 0x5B, 0x83, 0x4C, + 0xB2, 0x9F, 0xDF, 0x53, 0x60, 0xD7, 0xF9, 0x82, + 0xA5, 0x2C, 0x88, 0xAE, 0x91, 0x4D, 0xBF, 0x02, + 0xB5, 0x8B, 0xEB, 0x8B, 0xA8, 0x87, 0xAE, 0x8F, + 0xAB, 0x5E, 0xB7, 0x87, 0x31, 0xC6, 0x75, 0x78, + 0x05, 0x47, 0x1E, 0xBC, 0xEC, 0x2E, 0x38, 0xDB, + 0x1F, 0x4B, 0x83, 0x10, 0xD2, 0x88, 0x92, 0x0D, + 0x8A, 0x49, 0x27, 0x95, 0xA3, 0x90, 0xA7, 0x4B, + 0xCD, 0x55, 0xCD, 0x85, 0x57, 0xB4, 0xDA, 0xAB, + 0xA8, 0x2C, 0x28, 0xCB, 0x3F, 0x15, 0x2C, 0x52, + 0x31, 0x19, 0x61, 0x93, 0xA6, 0x6A, 0x8C, 0xCF, + 0x34, 0xB8, 0x0E, 0x1F, 0x69, 0x42, 0xC3, 0x2B, + 0xCF, 0xF9, 0x6A, 0x6E, 0x3C, 0xF3, 0x93, 0x9B, + 0x7B, 0x94, 0x24, 0x98, 0xCC, 0x5E, 0x4C, 0xB8, + 0xE8, 0x46, 0x8E, 0x70, 0x27, 0x59, 0x85, 0x2A, + 0xA2, 0x29, 0xC0, 0x25, 0x7F, 0x02, 0x98, 0x20, + 0x97, 0x33, 0x86, 0x07, 0xC0, 0xF0, 0xF4, 0x54, + 0x46, 0xFA, 0xB4, 0x26, 0x79, 0x93, 0xB8, 0xA5, + 0x90, 0x8C, 0xAB, 0x9C, 0x46, 0x78, 0x01, 0x34, + 0x80, 0x4A, 0xE1, 0x88, 0x15, 0xB1, 0x02, 0x05, + 0x27, 0xA2, 0x22, 0xEC, 0x4B, 0x39, 0xA3, 0x19, + 0x4E, 0x66, 0x17, 0x37, 0x79, 0x17, 0x14, 0x12, + 0x26, 0x62, 0xD8, 0xB9, 0x76, 0x9F, 0x6C, 0x67, + 0xDE, 0x62, 0x5C, 0x0D, 0x48, 0x3C, 0x3D, 0x42, + 0x0F, 0xF1, 0xBB, 0x88, 0x9A, 0x72, 0x7E, 0x75, + 0x62, 0x81, 0x51, 0x3A, 0x70, 0x04, 0x76, 0x48, + 0xD2, 0x9C, 0x0C, 0x30, 0xF9, 0xBE, 0x52, 0xEC, + 0x0D, 0xEB, 0x97, 0x7C, 0xF0, 0xF3, 0x4F, 0xC2, + 0x07, 0x84, 0x83, 0x45, 0x69, 0x64, 0x74, 0x34, + 0x10, 0x63, 0x8C, 0x57, 0xB5, 0x53, 0x95, 0x77, + 0xBF, 0x85, 0x66, 0x90, 0x78, 0xC3, 0x56, 0xB3, + 0x46, 0x2E, 0x9F, 0xA5, 0x80, 0x7D, 0x49, 0x59, + 0x1A, 0xFA, 0x41, 0xC1, 0x96, 0x9F, 0x65, 0xE3, + 0x40, 0x5C, 0xB6, 0x4D, 0xDF, 0x16, 0x3F, 0x26, + 0x73, 0x4C, 0xE3, 0x48, 0xB9, 0xCF, 0x45, 0x67, + 0xA3, 0x3A, 0x59, 0x69, 0xEB, 0x32, 0x6C, 0xFB, + 0x5A, 0xDC, 0x69, 0x5D, 0xCA, 0x0C, 0x8B, 0x2A, + 0x7B, 0x1F, 0x4F, 0x40, 0x4C, 0xC7, 0xA0, 0x98, + 0x1E, 0x2C, 0xC2, 0x4C, 0x1C, 0x23, 0xD1, 0x6A, + 0xA9, 0xB4, 0x39, 0x24, 0x15, 0xE2, 0x6C, 0x22, + 0xF4, 0xA9, 0x34, 0xD7, 0x94, 0xC1, 0xFB, 0x4E, + 0x5A, 0x67, 0x05, 0x11, 0x23, 0xCC, 0xD1, 0x53, + 0x76, 0x4D, 0xEC, 0x99, 0xD5, 0x53, 0x52, 0x90, + 0x53, 0xC3, 0xDA, 0x55, 0x0B, 0xCE, 0xA3, 0xAC, + 0x54, 0x13, 0x6A, 0x26, 0xA6, 0x76, 0xD2, 0xBA, + 0x84, 0x21, 0x06, 0x70, 0x68, 0xC6, 0x38, 0x1C, + 0x2A, 0x62, 0xA7, 0x27, 0xC9, 0x33, 0x70, 0x2E, + 0xE5, 0x80, 0x4A, 0x31, 0xCA, 0x86, 0x5A, 0x45, + 0x58, 0x8F, 0xB7, 0x4D, 0xE7, 0xE2, 0x22, 0x3D, + 0x88, 0xC0, 0x60, 0x8A, 0x16, 0xBF, 0xEC, 0x4F, + 0xAD, 0x67, 0x52, 0xDB, 0x56, 0xB4, 0x8B, 0x88, + 0x72, 0xBF, 0x26, 0xBA, 0x2F, 0xFA, 0x0C, 0xED, + 0xE5, 0x34, 0x3B, 0xE8, 0x14, 0x36, 0x89, 0x26, + 0x5E, 0x06, 0x5F, 0x41, 0xA6, 0x92, 0x5B, 0x86, + 0xC8, 0x92, 0xE6, 0x2E, 0xB0, 0x77, 0x27, 0x34, + 0xF5, 0xA3, 0x57, 0xC7, 0x5C, 0xA1, 0xAC, 0x6D, + 0xF7, 0x8A, 0xB1, 0xB8, 0x88, 0x5A, 0xD0, 0x81, + 0x96, 0x15, 0x37, 0x6D, 0x33, 0xEB, 0xB9, 0x8F, + 0x87, 0x33, 0xA6, 0x75, 0x58, 0x03, 0xD9, 0x77, + 0xBF, 0x51, 0xC1, 0x27, 0x40, 0x42, 0x4B, 0x2B, + 0x49, 0xC2, 0x83, 0x82, 0xA6, 0x91, 0x7C, 0xBF, + 0xA0, 0x34, 0xC3, 0xF1, 0x26, 0xA3, 0x8C, 0x21, + 0x6C, 0x03, 0xC3, 0x57, 0x70, 0xAD, 0x48, 0x1B, + 0x90, 0x84, 0xB5, 0x58, 0x8D, 0xA6, 0x5F, 0xF1, + 0x18, 0xA7, 0x4F, 0x93, 0x2C, 0x7E, 0x53, 0x7A, + 0xBE, 0x58, 0x63, 0xFB, 0x29, 0xA1, 0x0C, 0x09, + 0x70, 0x1B, 0x44, 0x1F, 0x83, 0x99, 0xC1, 0xF8, + 0xA6, 0x37, 0x82, 0x5A, 0xCE, 0xA3, 0xE9, 0x31, + 0x80, 0x57, 0x4F, 0xDE, 0xB8, 0x80, 0x76, 0x66, + 0x1A, 0xB4, 0x69, 0x51, 0x71, 0x6A, 0x50, 0x01, + 0x84, 0xA0, 0x40, 0x55, 0x72, 0x66, 0x59, 0x8C, + 0xAF, 0x76, 0x10, 0x5E, 0x1C, 0x18, 0x70, 0xB4, + 0x39, 0x69, 0xC3, 0xBC, 0xC1, 0xA0, 0x49, 0x27, + 0x63, 0x80, 0x17, 0x49, 0x8B, 0xB6, 0x2C, 0xAF, + 0xD3, 0xA6, 0xB0, 0x82, 0xB7, 0xBF, 0x7A, 0x23, + 0x45, 0x0E, 0x19, 0x17, 0x99, 0x61, 0x9B, 0x92, + 0x51, 0x12, 0xD0, 0x72, 0x02, 0x5C, 0xA8, 0x88, + 0x54, 0x8C, 0x79, 0x1A, 0xA4, 0x22, 0x51, 0x50, + 0x4D, 0x5D, 0x1C, 0x1C, 0xDD, 0xB2, 0x13, 0x30, + 0x3B, 0x04, 0x9E, 0x73, 0x46, 0xE8, 0xD8, 0x3A, + 0xD5, 0x87, 0x83, 0x6F, 0x35, 0x28, 0x4E, 0x10, + 0x97, 0x27, 0xE6, 0x6B, 0xBC, 0xC9, 0x52, 0x1F, + 0xE0, 0xB1, 0x91, 0x63, 0x00, 0x47, 0xD1, 0x58, + 0xF7, 0x56, 0x40, 0xFF, 0xEB, 0x54, 0x56, 0x07, + 0x27, 0x40, 0x02, 0x1A, 0xFD, 0x15, 0xA4, 0x54, + 0x69, 0xC5, 0x83, 0x82, 0x9D, 0xAA, 0xC8, 0xA7, + 0xDE, 0xB0, 0x5B, 0x24, 0xF0, 0x56, 0x7E, 0x43, + 0x17, 0xB3, 0xE3, 0xB3, 0x33, 0x89, 0xB5, 0xC5, + 0xF8, 0xB0, 0x4B, 0x09, 0x9F, 0xB4, 0xD1, 0x03, + 0xA3, 0x24, 0x39, 0xF8, 0x5A, 0x3C, 0x21, 0xD2, + 0x1A, 0x71, 0xB9, 0xB9, 0x2A, 0x9B, 0x64, 0xEA, + 0x0A, 0xB8, 0x43, 0x12, 0xC7, 0x70, 0x23, 0x69, + 0x4F, 0xD6, 0x4E, 0xAA, 0xB9, 0x07, 0xA4, 0x35, + 0x39, 0xDD, 0xB2, 0x7B, 0xA0, 0xA8, 0x53, 0xCC, + 0x90, 0x69, 0xEA, 0xC8, 0x50, 0x8C, 0x65, 0x3E, + 0x60, 0x0B, 0x2A, 0xC0, 0x18, 0x38, 0x1B, 0x4B, + 0xB4, 0xA8, 0x79, 0xAC, 0xDA, 0xD3, 0x42, 0xF9, + 0x11, 0x79, 0xCA, 0x82, 0x49, 0x52, 0x5C, 0xB1, + 0x96, 0x8B, 0xBE, 0x52, 0xF7, 0x55, 0xB7, 0xF5, + 0xB4, 0x3D, 0x66, 0x63, 0xD7, 0xA3, 0xBF, 0x0F, + 0x33, 0x57, 0xD8, 0xA2, 0x1D, 0x15, 0xB5, 0x2D, + 0xB3, 0x81, 0x8E, 0xCE, 0x5B, 0x40, 0x2A, 0x60, + 0xC9, 0x93, 0xE7, 0xCF, 0x43, 0x64, 0x87, 0xB8, + 0xD2, 0xAE, 0x91, 0xE6, 0xC5, 0xB8, 0x82, 0x75, + 0xE7, 0x58, 0x24, 0xB0, 0x00, 0x7E, 0xF3, 0x12, + 0x3C, 0x0A, 0xB5, 0x1B, 0x5C, 0xC6, 0x1B, 0x9B, + 0x22, 0x38, 0x0D, 0xE6, 0x6C, 0x5B, 0x20, 0xB0, + 0x60, 0xCB, 0xB9, 0x86, 0xF8, 0x12, 0x3D, 0x94, + 0x06, 0x00, 0x49, 0xCD, 0xF8, 0x03, 0x68, 0x73, + 0xA7, 0xBE, 0x10, 0x94, 0x44, 0xA0, 0xA1, 0xCD, + 0x87, 0xA4, 0x8C, 0xAE, 0x54, 0x19, 0x24, 0x84, + 0xAF, 0x84, 0x44, 0x29, 0xC1, 0xC5, 0x8C, 0x29, + 0xAC, 0x62, 0x4C, 0xD5, 0x04, 0xF1, 0xC4, 0x4F, + 0x1E, 0x13, 0x47, 0x82, 0x2B, 0x6F, 0x22, 0x13, + 0x23, 0x85, 0x9A, 0x7F, 0x6F, 0x75, 0x4B, 0xFE, + 0x71, 0x0B, 0xDA, 0x60, 0x27, 0x62, 0x40, 0xA4, + 0xFF, 0x2A, 0x53, 0x50, 0x70, 0x37, 0x86, 0xF5, + 0x67, 0x1F, 0x44, 0x9F, 0x20, 0xC2, 0xA9, 0x5A, + 0xE7, 0xC2, 0x90, 0x3A, 0x42, 0xCB, 0x3B, 0x30, + 0x3F, 0xF4, 0xC4, 0x27, 0xC0, 0x8B, 0x11, 0xB4, + 0xCD, 0x31, 0xC4, 0x18, 0xC6, 0xD1, 0x8D, 0x08, + 0x61, 0x87, 0x3B, 0xFA, 0x03, 0x32, 0xF1, 0x12, + 0x71, 0x55, 0x2E, 0xD7, 0xC0, 0x35, 0xF0, 0xE4, + 0xBC, 0x42, 0x8C, 0x43, 0x72, 0x0B, 0x39, 0xA6, + 0x51, 0x66, 0xBA, 0x9C, 0x2D, 0x3D, 0x77, 0x0E, + 0x13, 0x03, 0x60, 0xCC, 0x23, 0x84, 0xE8, 0x30, + 0x95, 0xB1, 0xA1, 0x59, 0x49, 0x55, 0x33, 0xF1, + 0x16, 0xC7, 0xB5, 0x58, 0xB6, 0x50, 0xDB, 0x04, + 0xD5, 0xA2, 0x6E, 0xAA, 0xA0, 0x8C, 0x3E, 0xE5, + 0x7D, 0xE4, 0x5A, 0x7F, 0x88, 0xC6, 0xA3, 0xCE, + 0xB2, 0x4D, 0xC5, 0x39, 0x7B, 0x88, 0xC3, 0xCE, + 0xF0, 0x03, 0x31, 0x9B, 0xB0, 0x23, 0x3F, 0xD6, + 0x92, 0xFD, 0xA1, 0x52, 0x44, 0x75, 0xB3, 0x51, + 0xF3, 0xC7, 0x82, 0x18, 0x2D, 0xEC, 0xF5, 0x90, + 0xB7, 0x72, 0x3B, 0xE4, 0x00, 0xBE, 0x14, 0x80, + 0x9C, 0x44, 0x32, 0x99, 0x63, 0xFC, 0x46, 0x95, + 0x92, 0x11, 0xD6, 0xA6, 0x23, 0x33, 0x95, 0x37, + 0x84, 0x8C, 0x25, 0x16, 0x69, 0x94, 0x1D, 0x90, + 0xB1, 0x30, 0x25, 0x8A, 0xDF, 0x55, 0xA7, 0x20, + 0xA7, 0x24, 0xE8, 0xB6, 0xA6, 0xCA, 0xE3, 0xC2, + 0x26, 0x4B, 0x16, 0x24, 0xCC, 0xBE, 0x7B, 0x45, + 0x6B, 0x30, 0xC8, 0xC7, 0x39, 0x32, 0x94, 0xCA, + 0x51, 0x80, 0xBC, 0x83, 0x7D, 0xD2, 0xE4, 0x5D, + 0xBD, 0x59, 0xB6, 0xE1, 0x7B, 0x24, 0xFE, 0x93, + 0x05, 0x2E, 0xB7, 0xC4, 0x3B, 0x27, 0xAC, 0x3D, + 0xC2, 0x49, 0xCA, 0x0C, 0xBC, 0xA4, 0xFB, 0x58, + 0x97, 0xC0, 0xB7, 0x44, 0x08, 0x8A, 0x8A, 0x07, + 0x79, 0xD3, 0x22, 0x33, 0x82, 0x6A, 0x01, 0xDD, + 0x64, 0x89, 0x95, 0x2A, 0x48, 0x25, 0xE5, 0x35, + 0x8A, 0x70, 0x0B, 0xE0, 0xE1, 0x79, 0xAC, 0x19, + 0x77, 0x10, 0xD8, 0x3E, 0xCC, 0x85, 0x3E, 0x52, + 0x69, 0x5E, 0x9B, 0xF8, 0x7B, 0xB1, 0xF6, 0xCB, + 0xD0, 0x5B, 0x02, 0xD4, 0xE6, 0x79, 0xE3, 0xB8, + 0x8D, 0xD4, 0x83, 0xB0, 0x74, 0x9B, 0x11, 0xBD, + 0x37, 0xB3, 0x83, 0xDC, 0xCA, 0x71, 0xF9, 0x09, + 0x18, 0x34, 0xA1, 0x69, 0x55, 0x02, 0xC4, 0xB9, + 0x5F, 0xC9, 0x11, 0x8C, 0x1C, 0xFC, 0x34, 0xC8, + 0x4C, 0x22, 0x65, 0xBB, 0xBC, 0x56, 0x3C, 0x28, + 0x26, 0x66, 0xB6, 0x0A, 0xE5, 0xC7, 0xF3, 0x85, + 0x1D, 0x25, 0xEC, 0xBB, 0x50, 0x21, 0xCC, 0x38, + 0xCB, 0x73, 0xEB, 0x6A, 0x34, 0x11, 0xB1, 0xC2, + 0x90, 0x46, 0xCA, 0x66, 0x54, 0x06, 0x67, 0xD1, + 0x36, 0x95, 0x44, 0x60, 0xC6, 0xFC, 0xBC, 0x4B, + 0xC7, 0xC0, 0x49, 0xBB, 0x04, 0x7F, 0xA6, 0x7A, + 0x63, 0xB3, 0xCC, 0x11, 0x11, 0xC1, 0xD8, 0xAC, + 0x27, 0xE8, 0x05, 0x8B, 0xCC, 0xA4, 0xA1, 0x54, + 0x55, 0x85, 0x8A, 0x58, 0x35, 0x8F, 0x7A, 0x61, + 0x02, 0x0B, 0xC9, 0xC4, 0xC1, 0x7F, 0x8B, 0x95, + 0xC2, 0x68, 0xCC, 0xB4, 0x04, 0xB9, 0xAA, 0xB4, + 0xA2, 0x72, 0xA2, 0x1A, 0x70, 0xDA, 0xF6, 0xB6, + 0xF1, 0x51, 0x21, 0xEE, 0x01, 0xC1, 0x56, 0xA3, + 0x54, 0xAA, 0x17, 0x08, 0x7E, 0x07, 0x70, 0x2E, + 0xAB, 0x38, 0xB3, 0x24, 0x1F, 0xDB, 0x55, 0x3F, + 0x65, 0x73, 0x39, 0xD5, 0xE2, 0x9D, 0xC5, 0xD9, + 0x1B, 0x7A, 0x5A, 0x82, 0x8E, 0xE9, 0x59, 0xFE, + 0xBB, 0x90, 0xB0, 0x72, 0x29, 0xF6, 0xE4, 0x9D, + 0x23, 0xC3, 0xA1, 0x90, 0x29, 0x70, 0x42, 0xFB, + 0x43, 0x98, 0x69, 0x55, 0xB6, 0x9C, 0x28, 0xE1, + 0x01, 0x6F, 0x77, 0xA5, 0x8B, 0x43, 0x15, 0x14, + 0xD2, 0x1B, 0x88, 0x88, 0x99, 0xC3, 0x60, 0x82, + 0x76, 0x08, 0x1B, 0x75, 0xF5, 0x68, 0x09, 0x7C, + 0xDC, 0x17, 0x48, 0xF3, 0x23, 0x07, 0x88, 0x58, + 0x15, 0xF3, 0xAE, 0xC9, 0x65, 0x18, 0x19, 0xAA, + 0x68, 0x73, 0xD1, 0xA4, 0xEB, 0x83, 0xB1, 0x95, + 0x38, 0x43, 0xB9, 0x34, 0x22, 0x51, 0x94, 0x83, + 0xFE, 0xF0, 0x05, 0x9D, 0x36, 0xBB, 0x2D, 0xB1, + 0xF3, 0xD4, 0x68, 0xFB, 0x06, 0x8C, 0x86, 0xE8, + 0x97, 0x37, 0x33, 0xC3, 0x98, 0xEA, 0xF0, 0x0E, + 0x17, 0x02, 0xC6, 0x73, 0x4A, 0xD8, 0xEB, 0x3B, + 0x62, 0x01, 0x30, 0xD6, 0xC2, 0xB8, 0xC9, 0x04, + 0xA3, 0xBB, 0x93, 0x07, 0xBE, 0x51, 0x03, 0xF8, + 0xD8, 0x14, 0x50, 0x5F, 0xB6, 0xA6, 0x0A, 0xF7, + 0x93, 0x7E, 0xA6, 0xCA, 0xA1, 0x17, 0x31, 0x5E, + 0x84, 0xCC, 0x91, 0x21, 0xAE, 0x56, 0xFB, 0xF3, + 0x9E, 0x67, 0xAD, 0xBD, 0x83, 0xAD, 0x2D, 0x3E, + 0x3B, 0xB8, 0x08, 0x43, 0x64, 0x52, 0x06, 0xBD, + 0xD9, 0xF2, 0xF6, 0x29, 0xE3, 0xCC, 0x49, 0xB7 + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM_768 + static const byte seed_768[WC_ML_KEM_MAKEKEY_RAND_SZ] = { + /* d */ + 0xE3, 0x4A, 0x70, 0x1C, 0x4C, 0x87, 0x58, 0x2F, + 0x42, 0x26, 0x4E, 0xE4, 0x22, 0xD3, 0xC6, 0x84, + 0xD9, 0x76, 0x11, 0xF2, 0x52, 0x3E, 0xFE, 0x0C, + 0x99, 0x8A, 0xF0, 0x50, 0x56, 0xD6, 0x93, 0xDC, + /* z */ + 0xA8, 0x57, 0x68, 0xF3, 0x48, 0x6B, 0xD3, 0x2A, + 0x01, 0xBF, 0x9A, 0x8F, 0x21, 0xEA, 0x93, 0x8E, + 0x64, 0x8E, 0xAE, 0x4E, 0x54, 0x48, 0xC3, 0x4C, + 0x3E, 0xB8, 0x88, 0x20, 0xB1, 0x59, 0xEE, 0xDD + }; + static const byte ek_768[WC_ML_KEM_768_PUBLIC_KEY_SIZE] = { + 0x6D, 0x14, 0xA0, 0x71, 0xF7, 0xCC, 0x45, 0x25, + 0x58, 0xD5, 0xE7, 0x1A, 0x7B, 0x08, 0x70, 0x62, + 0xEC, 0xB1, 0x38, 0x68, 0x44, 0x58, 0x82, 0x46, + 0x12, 0x64, 0x02, 0xB1, 0xFA, 0x16, 0x37, 0x73, + 0x3C, 0xD5, 0xF6, 0x0C, 0xC8, 0x4B, 0xCB, 0x64, + 0x6A, 0x78, 0x92, 0x61, 0x4D, 0x7C, 0x51, 0xB1, + 0xC7, 0xF1, 0xA2, 0x79, 0x91, 0x32, 0xF1, 0x34, + 0x27, 0xDC, 0x48, 0x21, 0x58, 0xDA, 0x25, 0x44, + 0x70, 0xA5, 0x9E, 0x00, 0xA4, 0xE4, 0x96, 0x86, + 0xFD, 0xC0, 0x77, 0x55, 0x93, 0x67, 0x27, 0x0C, + 0x21, 0x53, 0xF1, 0x10, 0x07, 0x59, 0x2C, 0x9C, + 0x43, 0x10, 0xCF, 0x8A, 0x12, 0xC6, 0xA8, 0x71, + 0x3B, 0xD6, 0xBB, 0x51, 0xF3, 0x12, 0x4F, 0x98, + 0x9B, 0xA0, 0xD5, 0x40, 0x73, 0xCC, 0x24, 0x2E, + 0x09, 0x68, 0x78, 0x0B, 0x87, 0x5A, 0x86, 0x9E, + 0xFB, 0x85, 0x15, 0x86, 0xB9, 0xA8, 0x68, 0xA3, + 0x84, 0xB9, 0xE6, 0x82, 0x1B, 0x20, 0x1B, 0x93, + 0x2C, 0x45, 0x53, 0x69, 0xA7, 0x39, 0xEC, 0x22, + 0x56, 0x9C, 0x97, 0x7C, 0x21, 0x2B, 0x38, 0x18, + 0x71, 0x81, 0x36, 0x56, 0xAF, 0x5B, 0x56, 0x7E, + 0xF8, 0x93, 0xB5, 0x84, 0x62, 0x4C, 0x86, 0x3A, + 0x25, 0x90, 0x00, 0xF1, 0x7B, 0x25, 0x4B, 0x98, + 0xB1, 0x85, 0x09, 0x7C, 0x50, 0xEB, 0xB6, 0x8B, + 0x24, 0x43, 0x42, 0xE0, 0x5D, 0x4D, 0xE5, 0x20, + 0x12, 0x5B, 0x8E, 0x10, 0x33, 0xB1, 0x43, 0x60, + 0x93, 0xAC, 0xE7, 0xCE, 0x8E, 0x71, 0xB4, 0x58, + 0xD5, 0x25, 0x67, 0x33, 0x63, 0x04, 0x5A, 0x3B, + 0x3E, 0xEA, 0x94, 0x55, 0x42, 0x8A, 0x39, 0x87, + 0x05, 0xA4, 0x23, 0x27, 0xAD, 0xB3, 0x77, 0x4B, + 0x70, 0x57, 0xF4, 0x2B, 0x01, 0x7E, 0xC0, 0x73, + 0x9A, 0x98, 0x3F, 0x19, 0xE8, 0x21, 0x4D, 0x09, + 0x19, 0x5F, 0xA2, 0x4D, 0x2D, 0x57, 0x1D, 0xB7, + 0x3C, 0x19, 0xA6, 0xF8, 0x46, 0x0E, 0x50, 0x83, + 0x0D, 0x41, 0x5F, 0x62, 0x7B, 0x88, 0xE9, 0x4A, + 0x7B, 0x15, 0x37, 0x91, 0xA0, 0xC0, 0xC7, 0xE9, + 0x48, 0x4C, 0x74, 0xD5, 0x3C, 0x71, 0x48, 0x89, + 0xF0, 0xE3, 0x21, 0xB6, 0x66, 0x0A, 0x53, 0x2A, + 0x5B, 0xC0, 0xE5, 0x57, 0xFB, 0xCA, 0x35, 0xE2, + 0x9B, 0xC6, 0x11, 0x20, 0x0E, 0xD3, 0xC6, 0x33, + 0x07, 0x7A, 0x4D, 0x87, 0x3C, 0x5C, 0xC6, 0x70, + 0x06, 0xB7, 0x53, 0xBF, 0x6D, 0x6B, 0x7A, 0xF6, + 0xCA, 0x40, 0x2A, 0xB6, 0x18, 0x23, 0x6C, 0x0A, + 0xFF, 0xBC, 0x80, 0x1F, 0x82, 0x22, 0xFB, 0xC3, + 0x6C, 0xE0, 0x98, 0x4E, 0x2B, 0x18, 0xC9, 0x44, + 0xBB, 0xCB, 0xEF, 0x03, 0xB1, 0xE1, 0x36, 0x1C, + 0x1F, 0x44, 0xB0, 0xD7, 0x34, 0xAF, 0xB1, 0x56, + 0x6C, 0xFF, 0x87, 0x44, 0xDA, 0x8B, 0x99, 0x43, + 0xD6, 0xB4, 0x5A, 0x3C, 0x09, 0x03, 0x07, 0x02, + 0xCA, 0x20, 0x1F, 0xFE, 0x20, 0xCB, 0x7E, 0xC5, + 0xB0, 0xD4, 0x14, 0x9E, 0xE2, 0xC2, 0x8E, 0x8B, + 0x23, 0x37, 0x4F, 0x47, 0x1B, 0x57, 0x15, 0x0D, + 0x0E, 0xC9, 0x33, 0x62, 0x61, 0xA2, 0xD5, 0xCB, + 0x84, 0xA3, 0xAC, 0xAC, 0xC4, 0x28, 0x94, 0x73, + 0xA4, 0xC0, 0xAB, 0xC6, 0x17, 0xC9, 0xAB, 0xC1, + 0x78, 0x73, 0x44, 0x34, 0xC8, 0x2E, 0x16, 0x85, + 0x58, 0x8A, 0x5C, 0x2E, 0xA2, 0x67, 0x8F, 0x6B, + 0x3C, 0x22, 0x28, 0x73, 0x31, 0x30, 0xC4, 0x66, + 0xE5, 0xB8, 0x6E, 0xF4, 0x91, 0x15, 0x3E, 0x48, + 0x66, 0x22, 0x47, 0xB8, 0x75, 0xD2, 0x01, 0x02, + 0x0B, 0x56, 0x6B, 0x81, 0xB6, 0x4D, 0x83, 0x9A, + 0xB4, 0x63, 0x3B, 0xAA, 0x8A, 0xCE, 0x20, 0x2B, + 0xAA, 0xB4, 0x49, 0x62, 0x97, 0xF9, 0x80, 0x7A, + 0xDB, 0xBB, 0x1E, 0x33, 0x2C, 0x6F, 0x80, 0x22, + 0xB2, 0xA1, 0x8C, 0xFD, 0xD4, 0xA8, 0x25, 0x30, + 0xB6, 0xD3, 0xF0, 0x07, 0xC3, 0x35, 0x38, 0x98, + 0xD9, 0x66, 0xCC, 0x2C, 0x21, 0xCB, 0x42, 0x44, + 0xBD, 0x00, 0x44, 0x3F, 0x20, 0x98, 0x70, 0xAC, + 0xC4, 0x2B, 0xC3, 0x30, 0x68, 0xC7, 0x24, 0xEC, + 0x17, 0x22, 0x36, 0x19, 0xC1, 0x09, 0x3C, 0xCA, + 0x6A, 0xEB, 0x29, 0x50, 0x06, 0x64, 0xD1, 0x22, + 0x50, 0x36, 0xB4, 0xB8, 0x10, 0x91, 0x90, 0x69, + 0x69, 0x48, 0x1F, 0x1C, 0x72, 0x3C, 0x14, 0x0B, + 0x9D, 0x6C, 0x16, 0x8F, 0x5B, 0x64, 0xBE, 0xA6, + 0x9C, 0x5F, 0xD6, 0x38, 0x5D, 0xF7, 0x36, 0x4B, + 0x87, 0x23, 0xBC, 0xC8, 0x5E, 0x03, 0x8C, 0x7E, + 0x46, 0x4A, 0x90, 0x0D, 0x68, 0xA2, 0x12, 0x78, + 0x18, 0x99, 0x42, 0x17, 0xAE, 0xC8, 0xBD, 0xB3, + 0x9A, 0x97, 0x0A, 0x99, 0x63, 0xDE, 0x93, 0x68, + 0x8E, 0x2A, 0xC8, 0x2A, 0xBC, 0xC2, 0x2F, 0xB9, + 0x27, 0x7B, 0xA2, 0x20, 0x09, 0xE8, 0x78, 0x38, + 0x1A, 0x38, 0x16, 0x39, 0x01, 0xC7, 0xD4, 0xC8, + 0x50, 0x19, 0x53, 0x8D, 0x35, 0xCA, 0xAE, 0x9C, + 0x41, 0xAF, 0x8C, 0x92, 0x9E, 0xE2, 0x0B, 0xB0, + 0x8C, 0xA6, 0x19, 0xE7, 0x2C, 0x2F, 0x22, 0x62, + 0xC1, 0xC9, 0x93, 0x85, 0x72, 0x55, 0x1A, 0xC0, + 0x2D, 0xC9, 0x26, 0x8F, 0xBC, 0xC3, 0x5D, 0x79, + 0x01, 0x1C, 0x3C, 0x09, 0x0A, 0xD4, 0x0A, 0x4F, + 0x11, 0x1C, 0x9B, 0xE5, 0x5C, 0x42, 0x7E, 0xB7, + 0x96, 0xC1, 0x93, 0x2D, 0x86, 0x73, 0x57, 0x9A, + 0xF1, 0xB4, 0xC6, 0x38, 0xB0, 0x94, 0x44, 0x89, + 0x01, 0x2A, 0x25, 0x59, 0xA3, 0xB0, 0x24, 0x81, + 0xB0, 0x1A, 0xC3, 0x0B, 0xA8, 0x96, 0x0F, 0x80, + 0xC0, 0xC2, 0xB3, 0x94, 0x7D, 0x36, 0xA1, 0x2C, + 0x08, 0x04, 0x98, 0xBE, 0xE4, 0x48, 0x71, 0x6C, + 0x97, 0x34, 0x16, 0xC8, 0x24, 0x28, 0x04, 0xA3, + 0xDA, 0x09, 0x9E, 0xE1, 0x37, 0xB0, 0xBA, 0x90, + 0xFE, 0x4A, 0x5C, 0x6A, 0x89, 0x20, 0x02, 0x76, + 0xA0, 0xCF, 0xB6, 0x43, 0xEC, 0x2C, 0x56, 0xA2, + 0xD7, 0x08, 0xD7, 0xB4, 0x37, 0x3E, 0x44, 0xC1, + 0x50, 0x2A, 0x76, 0x3A, 0x60, 0x05, 0x86, 0xE6, + 0xCD, 0xA6, 0x27, 0x38, 0x97, 0xD4, 0x44, 0x48, + 0x28, 0x7D, 0xC2, 0xE6, 0x02, 0xDC, 0x39, 0x20, + 0x0B, 0xF6, 0x16, 0x62, 0x36, 0x55, 0x9F, 0xD1, + 0x2A, 0x60, 0x89, 0x2A, 0xEB, 0x15, 0x3D, 0xD6, + 0x51, 0xBB, 0x46, 0x99, 0x10, 0xB4, 0xB3, 0x46, + 0x69, 0xF9, 0x1D, 0xA8, 0x65, 0x4D, 0x1E, 0xB7, + 0x2E, 0xB6, 0xE0, 0x28, 0x00, 0xB3, 0xB0, 0xA7, + 0xD0, 0xA4, 0x8C, 0x83, 0x68, 0x54, 0xD3, 0xA8, + 0x3E, 0x65, 0x56, 0x9C, 0xB7, 0x23, 0x0B, 0xB4, + 0x4F, 0x3F, 0x14, 0x3A, 0x6D, 0xEC, 0x5F, 0x2C, + 0x39, 0xAB, 0x90, 0xF2, 0x74, 0xF2, 0x08, 0x8B, + 0xD3, 0xD6, 0xA6, 0xFC, 0xA0, 0x07, 0x02, 0x73, + 0xBE, 0xDC, 0x84, 0x77, 0x7F, 0xB5, 0x2E, 0x3C, + 0x55, 0x8B, 0x0A, 0xE0, 0x61, 0x83, 0xD5, 0xA4, + 0x8D, 0x45, 0x2F, 0x68, 0xE1, 0x52, 0x07, 0xF8, + 0x61, 0x62, 0x7A, 0xCA, 0x14, 0x27, 0x96, 0x30, + 0xF8, 0x2E, 0xC3, 0xA0, 0xCA, 0x07, 0x86, 0x33, + 0xB6, 0x00, 0xAF, 0xA7, 0x97, 0x43, 0xA6, 0x00, + 0x21, 0x5B, 0xE5, 0x63, 0x74, 0x58, 0xCE, 0x2C, + 0xE8, 0xAF, 0xF5, 0xA0, 0x8E, 0xB5, 0x01, 0x7B, + 0x2C, 0x76, 0x65, 0x77, 0x47, 0x9F, 0x8D, 0xC6, + 0xBF, 0x9F, 0x5C, 0xC7, 0x50, 0x89, 0x93, 0x21, + 0x61, 0xB9, 0x6C, 0xEA, 0x40, 0x66, 0x20, 0xAE, + 0xDB, 0x63, 0x04, 0x07, 0xF7, 0x68, 0x7E, 0xBB, + 0xB4, 0x81, 0x4C, 0x79, 0x81, 0x63, 0x7A, 0x48, + 0xA9, 0x0D, 0xE6, 0x80, 0x31, 0xE0, 0x62, 0xA7, + 0xAF, 0x76, 0x12, 0xB4, 0xF5, 0xC7, 0xA6, 0xDA, + 0x86, 0xBD, 0x13, 0x65, 0x29, 0xE6, 0x42, 0x95, + 0xA5, 0x61, 0x3E, 0xA7, 0x3B, 0xD3, 0xD4, 0x44, + 0x8C, 0xB8, 0x1F, 0x24, 0x31, 0x35, 0xC0, 0xA6, + 0x60, 0xBE, 0xB9, 0xC1, 0x7E, 0x65, 0x1D, 0xEF, + 0x46, 0x9A, 0x7D, 0x90, 0xA1, 0x5D, 0x34, 0x81, + 0x09, 0x0B, 0xCB, 0xF2, 0x27, 0x01, 0x23, 0x28, + 0x94, 0x1F, 0xA4, 0x6F, 0x39, 0xC5, 0x00, 0x6A, + 0xD9, 0x3D, 0x45, 0x8A, 0xA6, 0xAD, 0xD6, 0x55, + 0x86, 0x2B, 0x41, 0x8C, 0x30, 0x94, 0xF5, 0x51, + 0x46, 0x0D, 0xF2, 0x15, 0x3A, 0x58, 0x10, 0xA7, + 0xDA, 0x74, 0xF0, 0x61, 0x4C, 0x25, 0x88, 0xBE, + 0x49, 0xDC, 0x6F, 0x5E, 0x88, 0x15, 0x46, 0x42, + 0xBD, 0x1D, 0x37, 0x62, 0x56, 0x33, 0x26, 0x43, + 0x35, 0x07, 0x15, 0x6A, 0x57, 0xC5, 0x76, 0x94, + 0xBD, 0xD2, 0x6E, 0x7A, 0x24, 0x6F, 0xEB, 0x72, + 0x3A, 0xED, 0x67, 0xB0, 0x48, 0x87, 0xC8, 0xE4, + 0x76, 0xB4, 0x8C, 0xAB, 0x59, 0xE5, 0x36, 0x2F, + 0x26, 0xA9, 0xEF, 0x50, 0xC2, 0xBC, 0x80, 0xBA, + 0x14, 0x62, 0x26, 0x21, 0x6F, 0xE6, 0x29, 0x68, + 0xA6, 0x0D, 0x04, 0xE8, 0xC1, 0x70, 0xD7, 0x41, + 0xC7, 0xA2, 0xB0, 0xE1, 0xAB, 0xDA, 0xC9, 0x68 + }; + static const byte dk_768[WC_ML_KEM_768_PRIVATE_KEY_SIZE] = { + 0x98, 0xA1, 0xB2, 0xDA, 0x4A, 0x65, 0xCF, 0xB5, + 0x84, 0x5E, 0xA7, 0x31, 0x1E, 0x6A, 0x06, 0xDB, + 0x73, 0x1F, 0x15, 0x90, 0xC4, 0x1E, 0xE7, 0x4B, + 0xA1, 0x07, 0x82, 0x71, 0x5B, 0x35, 0xA3, 0x10, + 0x2D, 0xF6, 0x37, 0x87, 0x2B, 0xE6, 0x5B, 0xAB, + 0x37, 0xA1, 0xDE, 0x25, 0x11, 0xD7, 0x03, 0xC7, + 0x02, 0x47, 0xB3, 0x5E, 0xF2, 0x74, 0x35, 0x48, + 0x50, 0x24, 0xD9, 0x3F, 0xD9, 0xE7, 0x7C, 0x43, + 0x80, 0x4F, 0x37, 0x17, 0x49, 0xBA, 0x00, 0xB2, + 0x0A, 0x8C, 0x5C, 0x58, 0x8B, 0xC9, 0xAB, 0xE0, + 0x68, 0xAE, 0xAA, 0xA9, 0x38, 0x51, 0x7E, 0xBF, + 0xE5, 0x3B, 0x6B, 0x66, 0x32, 0x82, 0x90, 0x3D, + 0xCD, 0x18, 0x97, 0x36, 0xD7, 0x29, 0x68, 0x16, + 0xC7, 0x33, 0xA1, 0xC7, 0x7C, 0x63, 0x75, 0xE5, + 0x39, 0x7C, 0x0F, 0x18, 0x9B, 0xBF, 0xE4, 0x76, + 0x43, 0xA6, 0x1F, 0x58, 0xF8, 0xA3, 0xC6, 0x91, + 0x1B, 0xE4, 0x61, 0x1A, 0x8C, 0x7B, 0xC0, 0x50, + 0x02, 0x11, 0x63, 0xD0, 0xA4, 0x04, 0xDC, 0x14, + 0x06, 0x57, 0x48, 0xFF, 0x29, 0xBE, 0x60, 0xD2, + 0xB9, 0xFD, 0xCC, 0x8F, 0xFD, 0x98, 0xC5, 0x87, + 0xF3, 0x8C, 0x67, 0x11, 0x57, 0x86, 0x46, 0x4B, + 0xDB, 0x34, 0x2B, 0x17, 0xE8, 0x97, 0xD6, 0x46, + 0x17, 0xCB, 0xFB, 0x11, 0x79, 0x73, 0xA5, 0x45, + 0x89, 0x77, 0xA7, 0xD7, 0x61, 0x7A, 0x1B, 0x4D, + 0x83, 0xBA, 0x03, 0xC6, 0x11, 0x13, 0x8A, 0x46, + 0x73, 0xB1, 0xEB, 0x34, 0xB0, 0x78, 0x03, 0x3F, + 0x97, 0xCF, 0xFE, 0x80, 0xC1, 0x46, 0xA2, 0x69, + 0x43, 0xF8, 0x42, 0xB9, 0x76, 0x32, 0x7B, 0xF1, + 0xCB, 0xC6, 0x01, 0x19, 0x52, 0x5B, 0xB9, 0xA3, + 0xC0, 0x34, 0x93, 0x34, 0x90, 0x00, 0xDD, 0x8F, + 0x51, 0xBA, 0x21, 0xA2, 0xE9, 0x23, 0x61, 0x76, + 0x23, 0x24, 0x60, 0x0E, 0x0C, 0x13, 0xAA, 0xA6, + 0xCB, 0x69, 0xBF, 0xB2, 0x42, 0x76, 0x48, 0x3F, + 0x6B, 0x02, 0x42, 0x12, 0x59, 0xB7, 0x58, 0x52, + 0x63, 0xC1, 0xA0, 0x28, 0xD6, 0x82, 0xC5, 0x08, + 0xBB, 0xC2, 0x80, 0x1A, 0x56, 0xE9, 0x8B, 0x8F, + 0x62, 0x0B, 0x04, 0x83, 0xD7, 0x9B, 0x5A, 0xD8, + 0x58, 0x5A, 0xC0, 0xA4, 0x75, 0xBA, 0xC7, 0x78, + 0x65, 0x19, 0x41, 0x96, 0x33, 0x87, 0x91, 0xB7, + 0x98, 0x5A, 0x05, 0xD1, 0x09, 0x39, 0x5C, 0xCA, + 0x89, 0x32, 0x72, 0x2A, 0x91, 0x95, 0x0D, 0x37, + 0xE1, 0x2B, 0x89, 0x14, 0x20, 0xA5, 0x2B, 0x62, + 0xCB, 0xFA, 0x81, 0x5D, 0xF6, 0x17, 0x4C, 0xE0, + 0x0E, 0x68, 0xBC, 0xA7, 0x5D, 0x48, 0x38, 0xCA, + 0x28, 0x0F, 0x71, 0x3C, 0x7E, 0x69, 0x24, 0xAF, + 0xD9, 0x5B, 0xAA, 0x0D, 0x01, 0xAD, 0xA6, 0x37, + 0xB1, 0x58, 0x34, 0x70, 0x34, 0xC0, 0xAB, 0x1A, + 0x71, 0x83, 0x33, 0x1A, 0x82, 0x0A, 0xCB, 0xCB, + 0x83, 0x19, 0x3A, 0x1A, 0x94, 0xC8, 0xF7, 0xE3, + 0x84, 0xAE, 0xD0, 0xC3, 0x5E, 0xD3, 0xCB, 0x33, + 0x97, 0xBB, 0x63, 0x80, 0x86, 0xE7, 0xA3, 0x5A, + 0x64, 0x08, 0xA3, 0xA4, 0xB9, 0x0C, 0xE9, 0x53, + 0x70, 0x7C, 0x19, 0xBC, 0x46, 0xC3, 0xB2, 0xDA, + 0x3B, 0x2E, 0xE3, 0x23, 0x19, 0xC5, 0x6B, 0x92, + 0x80, 0x32, 0xB5, 0xED, 0x12, 0x56, 0xD0, 0x75, + 0x3D, 0x34, 0x14, 0x23, 0xE9, 0xDB, 0x13, 0x9D, + 0xE7, 0x71, 0x4F, 0xF0, 0x75, 0xCA, 0xF5, 0x8F, + 0xD9, 0xF5, 0x7D, 0x1A, 0x54, 0x01, 0x9B, 0x59, + 0x26, 0x40, 0x68, 0x30, 0xDA, 0xE2, 0x9A, 0x87, + 0x53, 0x02, 0xA8, 0x12, 0x56, 0xF4, 0xD6, 0xCF, + 0x5E, 0x74, 0x03, 0x4E, 0xA6, 0x14, 0xBF, 0x70, + 0xC2, 0x76, 0x4B, 0x20, 0xC9, 0x58, 0x9C, 0xDB, + 0x5C, 0x25, 0x76, 0x1A, 0x04, 0xE5, 0x82, 0x92, + 0x90, 0x7C, 0x57, 0x8A, 0x94, 0xA3, 0x58, 0x36, + 0xBE, 0xE3, 0x11, 0x2D, 0xC2, 0xC3, 0xAE, 0x21, + 0x92, 0xC9, 0xDE, 0xAA, 0x30, 0x4B, 0x29, 0xC7, + 0xFE, 0xA1, 0xBD, 0xF4, 0x7B, 0x3B, 0x6B, 0xCB, + 0xA2, 0xC0, 0xE5, 0x5C, 0x9C, 0xDB, 0x6D, 0xE7, + 0x14, 0x9E, 0x9C, 0xB1, 0x79, 0x17, 0x71, 0x8F, + 0x12, 0xC8, 0x03, 0x2D, 0xE1, 0xAD, 0xE0, 0x64, + 0x8D, 0x40, 0x55, 0x19, 0xC7, 0x07, 0x19, 0xBE, + 0xCC, 0x70, 0x18, 0x45, 0xCF, 0x9F, 0x4B, 0x91, + 0x2F, 0xE7, 0x19, 0x83, 0xCA, 0x34, 0xF9, 0x01, + 0x8C, 0x7C, 0xA7, 0xBB, 0x2F, 0x6C, 0x5D, 0x7F, + 0x8C, 0x5B, 0x29, 0x73, 0x59, 0xEC, 0x75, 0x20, + 0x9C, 0x25, 0x43, 0xFF, 0x11, 0xC4, 0x24, 0x49, + 0x77, 0xC5, 0x96, 0x95, 0x24, 0xEC, 0x45, 0x4D, + 0x44, 0xC3, 0x23, 0xFC, 0xCA, 0x94, 0xAC, 0xAC, + 0x27, 0x3A, 0x0E, 0xC4, 0x9B, 0x4A, 0x8A, 0x58, + 0x5B, 0xCE, 0x7A, 0x5B, 0x30, 0x5C, 0x04, 0xC3, + 0x50, 0x64, 0x22, 0x58, 0x03, 0x57, 0x01, 0x6A, + 0x85, 0x0C, 0x3F, 0x7E, 0xE1, 0x72, 0x05, 0xA7, + 0x7B, 0x29, 0x1C, 0x77, 0x31, 0xC9, 0x83, 0x6C, + 0x02, 0xAE, 0xE5, 0x40, 0x6F, 0x63, 0xC6, 0xA0, + 0x7A, 0x21, 0x43, 0x82, 0xAA, 0x15, 0x33, 0x6C, + 0x05, 0xD1, 0x04, 0x55, 0x88, 0x10, 0x76, 0x45, + 0xEA, 0x7D, 0xE6, 0x87, 0x0F, 0xC0, 0xE5, 0x5E, + 0x15, 0x40, 0x97, 0x43, 0x01, 0xC4, 0x2E, 0xC1, + 0x41, 0x05, 0x51, 0x86, 0x80, 0xF6, 0x88, 0xAB, + 0xE4, 0xCE, 0x45, 0x37, 0x38, 0xFE, 0x47, 0x1B, + 0x87, 0xFC, 0x31, 0xF5, 0xC6, 0x8A, 0x39, 0xE6, + 0x8A, 0xF5, 0x1B, 0x02, 0x40, 0xB9, 0x0E, 0x03, + 0x64, 0xB0, 0x4B, 0xAC, 0x43, 0xD6, 0xFB, 0x68, + 0xAB, 0x65, 0xAE, 0x02, 0x8B, 0x62, 0xBD, 0x68, + 0x3B, 0x7D, 0x28, 0xAD, 0x38, 0x80, 0x6B, 0xEE, + 0x72, 0x5B, 0x5B, 0x24, 0x16, 0xA8, 0xD7, 0x9C, + 0x16, 0xEC, 0x2A, 0x99, 0xEA, 0x4A, 0x8D, 0x92, + 0xA2, 0xF5, 0x05, 0x2E, 0x67, 0xF9, 0x73, 0x52, + 0x28, 0x97, 0x61, 0xC5, 0xC3, 0x9F, 0xC5, 0xC7, + 0x42, 0xE9, 0xC0, 0xA7, 0x40, 0xCA, 0x59, 0xFC, + 0x01, 0x82, 0xF7, 0x09, 0xD0, 0x1B, 0x51, 0x87, + 0xF0, 0x00, 0x63, 0xDA, 0xAB, 0x39, 0x75, 0x96, + 0xEE, 0xA4, 0xA3, 0x1B, 0xDB, 0xCB, 0xD4, 0xC1, + 0xBB, 0x0C, 0x55, 0xBE, 0x7C, 0x68, 0x50, 0xFD, + 0xA9, 0x32, 0x6B, 0x35, 0x3E, 0x28, 0x8C, 0x50, + 0x13, 0x22, 0x6C, 0x3C, 0x39, 0x23, 0xA7, 0x91, + 0x60, 0x9E, 0x80, 0x02, 0xE7, 0x3A, 0x5F, 0x7B, + 0x6B, 0xB4, 0xA8, 0x77, 0xB1, 0xFD, 0xF5, 0x3B, + 0xB2, 0xBA, 0xB3, 0xDD, 0x42, 0x4D, 0x31, 0xBB, + 0xB4, 0x48, 0xE6, 0x09, 0xA6, 0x6B, 0x0E, 0x34, + 0x3C, 0x28, 0x6E, 0x87, 0x60, 0x31, 0x2B, 0x6D, + 0x37, 0xAA, 0x52, 0x01, 0xD2, 0x1F, 0x53, 0x50, + 0x3D, 0x88, 0x38, 0x9A, 0xDC, 0xA2, 0x1C, 0x70, + 0xFB, 0x6C, 0x0F, 0xC9, 0xC6, 0x9D, 0x66, 0x16, + 0xC9, 0xEA, 0x37, 0x80, 0xE3, 0x55, 0x65, 0xC0, + 0xC9, 0x7C, 0x15, 0x17, 0x9C, 0x95, 0x34, 0x3E, + 0xCC, 0x5E, 0x1C, 0x2A, 0x24, 0xDE, 0x46, 0x99, + 0xF6, 0x87, 0x5E, 0xA2, 0xFA, 0x2D, 0xD3, 0xE3, + 0x57, 0xBC, 0x43, 0x91, 0x47, 0x95, 0x20, 0x7E, + 0x02, 0x6B, 0x85, 0x0A, 0x22, 0x37, 0x95, 0x0C, + 0x10, 0x8A, 0x51, 0x2F, 0xC8, 0x8C, 0x22, 0x48, + 0x81, 0x12, 0x60, 0x70, 0x88, 0x18, 0x5F, 0xB0, + 0xE0, 0x9C, 0x2C, 0x41, 0x97, 0xA8, 0x36, 0x87, + 0x26, 0x6B, 0xAB, 0x2E, 0x58, 0x3E, 0x21, 0xC4, + 0x0F, 0x4C, 0xC0, 0x08, 0xFE, 0x65, 0x28, 0x04, + 0xD8, 0x22, 0x3F, 0x15, 0x20, 0xA9, 0x0B, 0x0D, + 0x53, 0x85, 0xC7, 0x55, 0x3C, 0xC7, 0x67, 0xC5, + 0x8D, 0x12, 0x0C, 0xCD, 0x3E, 0xF5, 0xB5, 0xD1, + 0xA6, 0xCD, 0x7B, 0xC0, 0x0D, 0xFF, 0x13, 0x21, + 0xB2, 0xF2, 0xC4, 0x32, 0xB6, 0x4E, 0xFB, 0x8A, + 0x3F, 0x5D, 0x00, 0x64, 0xB3, 0xF3, 0x42, 0x93, + 0x02, 0x6C, 0x85, 0x1C, 0x2D, 0xED, 0x68, 0xB9, + 0xDF, 0xF4, 0xA2, 0x8F, 0x6A, 0x8D, 0x22, 0x55, + 0x35, 0xE0, 0x47, 0x70, 0x84, 0x43, 0x0C, 0xFF, + 0xDA, 0x0A, 0xC0, 0x55, 0x2F, 0x9A, 0x21, 0x27, + 0x85, 0xB7, 0x49, 0x91, 0x3A, 0x06, 0xFA, 0x22, + 0x74, 0xC0, 0xD1, 0x5B, 0xAD, 0x32, 0x54, 0x58, + 0xD3, 0x23, 0xEF, 0x6B, 0xAE, 0x13, 0xC0, 0x01, + 0x0D, 0x52, 0x5C, 0x1D, 0x52, 0x69, 0x97, 0x3A, + 0xC2, 0x9B, 0xDA, 0x7C, 0x98, 0x37, 0x46, 0x91, + 0x8B, 0xA0, 0xE0, 0x02, 0x58, 0x8E, 0x30, 0x37, + 0x5D, 0x78, 0x32, 0x9E, 0x6B, 0x8B, 0xA8, 0xC4, + 0x46, 0x2A, 0x69, 0x2F, 0xB6, 0x08, 0x38, 0x42, + 0xB8, 0xC8, 0xC9, 0x2C, 0x60, 0xF2, 0x52, 0x72, + 0x6D, 0x14, 0xA0, 0x71, 0xF7, 0xCC, 0x45, 0x25, + 0x58, 0xD5, 0xE7, 0x1A, 0x7B, 0x08, 0x70, 0x62, + 0xEC, 0xB1, 0x38, 0x68, 0x44, 0x58, 0x82, 0x46, + 0x12, 0x64, 0x02, 0xB1, 0xFA, 0x16, 0x37, 0x73, + 0x3C, 0xD5, 0xF6, 0x0C, 0xC8, 0x4B, 0xCB, 0x64, + 0x6A, 0x78, 0x92, 0x61, 0x4D, 0x7C, 0x51, 0xB1, + 0xC7, 0xF1, 0xA2, 0x79, 0x91, 0x32, 0xF1, 0x34, + 0x27, 0xDC, 0x48, 0x21, 0x58, 0xDA, 0x25, 0x44, + 0x70, 0xA5, 0x9E, 0x00, 0xA4, 0xE4, 0x96, 0x86, + 0xFD, 0xC0, 0x77, 0x55, 0x93, 0x67, 0x27, 0x0C, + 0x21, 0x53, 0xF1, 0x10, 0x07, 0x59, 0x2C, 0x9C, + 0x43, 0x10, 0xCF, 0x8A, 0x12, 0xC6, 0xA8, 0x71, + 0x3B, 0xD6, 0xBB, 0x51, 0xF3, 0x12, 0x4F, 0x98, + 0x9B, 0xA0, 0xD5, 0x40, 0x73, 0xCC, 0x24, 0x2E, + 0x09, 0x68, 0x78, 0x0B, 0x87, 0x5A, 0x86, 0x9E, + 0xFB, 0x85, 0x15, 0x86, 0xB9, 0xA8, 0x68, 0xA3, + 0x84, 0xB9, 0xE6, 0x82, 0x1B, 0x20, 0x1B, 0x93, + 0x2C, 0x45, 0x53, 0x69, 0xA7, 0x39, 0xEC, 0x22, + 0x56, 0x9C, 0x97, 0x7C, 0x21, 0x2B, 0x38, 0x18, + 0x71, 0x81, 0x36, 0x56, 0xAF, 0x5B, 0x56, 0x7E, + 0xF8, 0x93, 0xB5, 0x84, 0x62, 0x4C, 0x86, 0x3A, + 0x25, 0x90, 0x00, 0xF1, 0x7B, 0x25, 0x4B, 0x98, + 0xB1, 0x85, 0x09, 0x7C, 0x50, 0xEB, 0xB6, 0x8B, + 0x24, 0x43, 0x42, 0xE0, 0x5D, 0x4D, 0xE5, 0x20, + 0x12, 0x5B, 0x8E, 0x10, 0x33, 0xB1, 0x43, 0x60, + 0x93, 0xAC, 0xE7, 0xCE, 0x8E, 0x71, 0xB4, 0x58, + 0xD5, 0x25, 0x67, 0x33, 0x63, 0x04, 0x5A, 0x3B, + 0x3E, 0xEA, 0x94, 0x55, 0x42, 0x8A, 0x39, 0x87, + 0x05, 0xA4, 0x23, 0x27, 0xAD, 0xB3, 0x77, 0x4B, + 0x70, 0x57, 0xF4, 0x2B, 0x01, 0x7E, 0xC0, 0x73, + 0x9A, 0x98, 0x3F, 0x19, 0xE8, 0x21, 0x4D, 0x09, + 0x19, 0x5F, 0xA2, 0x4D, 0x2D, 0x57, 0x1D, 0xB7, + 0x3C, 0x19, 0xA6, 0xF8, 0x46, 0x0E, 0x50, 0x83, + 0x0D, 0x41, 0x5F, 0x62, 0x7B, 0x88, 0xE9, 0x4A, + 0x7B, 0x15, 0x37, 0x91, 0xA0, 0xC0, 0xC7, 0xE9, + 0x48, 0x4C, 0x74, 0xD5, 0x3C, 0x71, 0x48, 0x89, + 0xF0, 0xE3, 0x21, 0xB6, 0x66, 0x0A, 0x53, 0x2A, + 0x5B, 0xC0, 0xE5, 0x57, 0xFB, 0xCA, 0x35, 0xE2, + 0x9B, 0xC6, 0x11, 0x20, 0x0E, 0xD3, 0xC6, 0x33, + 0x07, 0x7A, 0x4D, 0x87, 0x3C, 0x5C, 0xC6, 0x70, + 0x06, 0xB7, 0x53, 0xBF, 0x6D, 0x6B, 0x7A, 0xF6, + 0xCA, 0x40, 0x2A, 0xB6, 0x18, 0x23, 0x6C, 0x0A, + 0xFF, 0xBC, 0x80, 0x1F, 0x82, 0x22, 0xFB, 0xC3, + 0x6C, 0xE0, 0x98, 0x4E, 0x2B, 0x18, 0xC9, 0x44, + 0xBB, 0xCB, 0xEF, 0x03, 0xB1, 0xE1, 0x36, 0x1C, + 0x1F, 0x44, 0xB0, 0xD7, 0x34, 0xAF, 0xB1, 0x56, + 0x6C, 0xFF, 0x87, 0x44, 0xDA, 0x8B, 0x99, 0x43, + 0xD6, 0xB4, 0x5A, 0x3C, 0x09, 0x03, 0x07, 0x02, + 0xCA, 0x20, 0x1F, 0xFE, 0x20, 0xCB, 0x7E, 0xC5, + 0xB0, 0xD4, 0x14, 0x9E, 0xE2, 0xC2, 0x8E, 0x8B, + 0x23, 0x37, 0x4F, 0x47, 0x1B, 0x57, 0x15, 0x0D, + 0x0E, 0xC9, 0x33, 0x62, 0x61, 0xA2, 0xD5, 0xCB, + 0x84, 0xA3, 0xAC, 0xAC, 0xC4, 0x28, 0x94, 0x73, + 0xA4, 0xC0, 0xAB, 0xC6, 0x17, 0xC9, 0xAB, 0xC1, + 0x78, 0x73, 0x44, 0x34, 0xC8, 0x2E, 0x16, 0x85, + 0x58, 0x8A, 0x5C, 0x2E, 0xA2, 0x67, 0x8F, 0x6B, + 0x3C, 0x22, 0x28, 0x73, 0x31, 0x30, 0xC4, 0x66, + 0xE5, 0xB8, 0x6E, 0xF4, 0x91, 0x15, 0x3E, 0x48, + 0x66, 0x22, 0x47, 0xB8, 0x75, 0xD2, 0x01, 0x02, + 0x0B, 0x56, 0x6B, 0x81, 0xB6, 0x4D, 0x83, 0x9A, + 0xB4, 0x63, 0x3B, 0xAA, 0x8A, 0xCE, 0x20, 0x2B, + 0xAA, 0xB4, 0x49, 0x62, 0x97, 0xF9, 0x80, 0x7A, + 0xDB, 0xBB, 0x1E, 0x33, 0x2C, 0x6F, 0x80, 0x22, + 0xB2, 0xA1, 0x8C, 0xFD, 0xD4, 0xA8, 0x25, 0x30, + 0xB6, 0xD3, 0xF0, 0x07, 0xC3, 0x35, 0x38, 0x98, + 0xD9, 0x66, 0xCC, 0x2C, 0x21, 0xCB, 0x42, 0x44, + 0xBD, 0x00, 0x44, 0x3F, 0x20, 0x98, 0x70, 0xAC, + 0xC4, 0x2B, 0xC3, 0x30, 0x68, 0xC7, 0x24, 0xEC, + 0x17, 0x22, 0x36, 0x19, 0xC1, 0x09, 0x3C, 0xCA, + 0x6A, 0xEB, 0x29, 0x50, 0x06, 0x64, 0xD1, 0x22, + 0x50, 0x36, 0xB4, 0xB8, 0x10, 0x91, 0x90, 0x69, + 0x69, 0x48, 0x1F, 0x1C, 0x72, 0x3C, 0x14, 0x0B, + 0x9D, 0x6C, 0x16, 0x8F, 0x5B, 0x64, 0xBE, 0xA6, + 0x9C, 0x5F, 0xD6, 0x38, 0x5D, 0xF7, 0x36, 0x4B, + 0x87, 0x23, 0xBC, 0xC8, 0x5E, 0x03, 0x8C, 0x7E, + 0x46, 0x4A, 0x90, 0x0D, 0x68, 0xA2, 0x12, 0x78, + 0x18, 0x99, 0x42, 0x17, 0xAE, 0xC8, 0xBD, 0xB3, + 0x9A, 0x97, 0x0A, 0x99, 0x63, 0xDE, 0x93, 0x68, + 0x8E, 0x2A, 0xC8, 0x2A, 0xBC, 0xC2, 0x2F, 0xB9, + 0x27, 0x7B, 0xA2, 0x20, 0x09, 0xE8, 0x78, 0x38, + 0x1A, 0x38, 0x16, 0x39, 0x01, 0xC7, 0xD4, 0xC8, + 0x50, 0x19, 0x53, 0x8D, 0x35, 0xCA, 0xAE, 0x9C, + 0x41, 0xAF, 0x8C, 0x92, 0x9E, 0xE2, 0x0B, 0xB0, + 0x8C, 0xA6, 0x19, 0xE7, 0x2C, 0x2F, 0x22, 0x62, + 0xC1, 0xC9, 0x93, 0x85, 0x72, 0x55, 0x1A, 0xC0, + 0x2D, 0xC9, 0x26, 0x8F, 0xBC, 0xC3, 0x5D, 0x79, + 0x01, 0x1C, 0x3C, 0x09, 0x0A, 0xD4, 0x0A, 0x4F, + 0x11, 0x1C, 0x9B, 0xE5, 0x5C, 0x42, 0x7E, 0xB7, + 0x96, 0xC1, 0x93, 0x2D, 0x86, 0x73, 0x57, 0x9A, + 0xF1, 0xB4, 0xC6, 0x38, 0xB0, 0x94, 0x44, 0x89, + 0x01, 0x2A, 0x25, 0x59, 0xA3, 0xB0, 0x24, 0x81, + 0xB0, 0x1A, 0xC3, 0x0B, 0xA8, 0x96, 0x0F, 0x80, + 0xC0, 0xC2, 0xB3, 0x94, 0x7D, 0x36, 0xA1, 0x2C, + 0x08, 0x04, 0x98, 0xBE, 0xE4, 0x48, 0x71, 0x6C, + 0x97, 0x34, 0x16, 0xC8, 0x24, 0x28, 0x04, 0xA3, + 0xDA, 0x09, 0x9E, 0xE1, 0x37, 0xB0, 0xBA, 0x90, + 0xFE, 0x4A, 0x5C, 0x6A, 0x89, 0x20, 0x02, 0x76, + 0xA0, 0xCF, 0xB6, 0x43, 0xEC, 0x2C, 0x56, 0xA2, + 0xD7, 0x08, 0xD7, 0xB4, 0x37, 0x3E, 0x44, 0xC1, + 0x50, 0x2A, 0x76, 0x3A, 0x60, 0x05, 0x86, 0xE6, + 0xCD, 0xA6, 0x27, 0x38, 0x97, 0xD4, 0x44, 0x48, + 0x28, 0x7D, 0xC2, 0xE6, 0x02, 0xDC, 0x39, 0x20, + 0x0B, 0xF6, 0x16, 0x62, 0x36, 0x55, 0x9F, 0xD1, + 0x2A, 0x60, 0x89, 0x2A, 0xEB, 0x15, 0x3D, 0xD6, + 0x51, 0xBB, 0x46, 0x99, 0x10, 0xB4, 0xB3, 0x46, + 0x69, 0xF9, 0x1D, 0xA8, 0x65, 0x4D, 0x1E, 0xB7, + 0x2E, 0xB6, 0xE0, 0x28, 0x00, 0xB3, 0xB0, 0xA7, + 0xD0, 0xA4, 0x8C, 0x83, 0x68, 0x54, 0xD3, 0xA8, + 0x3E, 0x65, 0x56, 0x9C, 0xB7, 0x23, 0x0B, 0xB4, + 0x4F, 0x3F, 0x14, 0x3A, 0x6D, 0xEC, 0x5F, 0x2C, + 0x39, 0xAB, 0x90, 0xF2, 0x74, 0xF2, 0x08, 0x8B, + 0xD3, 0xD6, 0xA6, 0xFC, 0xA0, 0x07, 0x02, 0x73, + 0xBE, 0xDC, 0x84, 0x77, 0x7F, 0xB5, 0x2E, 0x3C, + 0x55, 0x8B, 0x0A, 0xE0, 0x61, 0x83, 0xD5, 0xA4, + 0x8D, 0x45, 0x2F, 0x68, 0xE1, 0x52, 0x07, 0xF8, + 0x61, 0x62, 0x7A, 0xCA, 0x14, 0x27, 0x96, 0x30, + 0xF8, 0x2E, 0xC3, 0xA0, 0xCA, 0x07, 0x86, 0x33, + 0xB6, 0x00, 0xAF, 0xA7, 0x97, 0x43, 0xA6, 0x00, + 0x21, 0x5B, 0xE5, 0x63, 0x74, 0x58, 0xCE, 0x2C, + 0xE8, 0xAF, 0xF5, 0xA0, 0x8E, 0xB5, 0x01, 0x7B, + 0x2C, 0x76, 0x65, 0x77, 0x47, 0x9F, 0x8D, 0xC6, + 0xBF, 0x9F, 0x5C, 0xC7, 0x50, 0x89, 0x93, 0x21, + 0x61, 0xB9, 0x6C, 0xEA, 0x40, 0x66, 0x20, 0xAE, + 0xDB, 0x63, 0x04, 0x07, 0xF7, 0x68, 0x7E, 0xBB, + 0xB4, 0x81, 0x4C, 0x79, 0x81, 0x63, 0x7A, 0x48, + 0xA9, 0x0D, 0xE6, 0x80, 0x31, 0xE0, 0x62, 0xA7, + 0xAF, 0x76, 0x12, 0xB4, 0xF5, 0xC7, 0xA6, 0xDA, + 0x86, 0xBD, 0x13, 0x65, 0x29, 0xE6, 0x42, 0x95, + 0xA5, 0x61, 0x3E, 0xA7, 0x3B, 0xD3, 0xD4, 0x44, + 0x8C, 0xB8, 0x1F, 0x24, 0x31, 0x35, 0xC0, 0xA6, + 0x60, 0xBE, 0xB9, 0xC1, 0x7E, 0x65, 0x1D, 0xEF, + 0x46, 0x9A, 0x7D, 0x90, 0xA1, 0x5D, 0x34, 0x81, + 0x09, 0x0B, 0xCB, 0xF2, 0x27, 0x01, 0x23, 0x28, + 0x94, 0x1F, 0xA4, 0x6F, 0x39, 0xC5, 0x00, 0x6A, + 0xD9, 0x3D, 0x45, 0x8A, 0xA6, 0xAD, 0xD6, 0x55, + 0x86, 0x2B, 0x41, 0x8C, 0x30, 0x94, 0xF5, 0x51, + 0x46, 0x0D, 0xF2, 0x15, 0x3A, 0x58, 0x10, 0xA7, + 0xDA, 0x74, 0xF0, 0x61, 0x4C, 0x25, 0x88, 0xBE, + 0x49, 0xDC, 0x6F, 0x5E, 0x88, 0x15, 0x46, 0x42, + 0xBD, 0x1D, 0x37, 0x62, 0x56, 0x33, 0x26, 0x43, + 0x35, 0x07, 0x15, 0x6A, 0x57, 0xC5, 0x76, 0x94, + 0xBD, 0xD2, 0x6E, 0x7A, 0x24, 0x6F, 0xEB, 0x72, + 0x3A, 0xED, 0x67, 0xB0, 0x48, 0x87, 0xC8, 0xE4, + 0x76, 0xB4, 0x8C, 0xAB, 0x59, 0xE5, 0x36, 0x2F, + 0x26, 0xA9, 0xEF, 0x50, 0xC2, 0xBC, 0x80, 0xBA, + 0x14, 0x62, 0x26, 0x21, 0x6F, 0xE6, 0x29, 0x68, + 0xA6, 0x0D, 0x04, 0xE8, 0xC1, 0x70, 0xD7, 0x41, + 0xC7, 0xA2, 0xB0, 0xE1, 0xAB, 0xDA, 0xC9, 0x68, + 0xE2, 0x90, 0x20, 0x83, 0x9D, 0x05, 0x2F, 0xA3, + 0x72, 0x58, 0x56, 0x27, 0xF8, 0xB5, 0x9E, 0xE3, + 0x12, 0xAE, 0x41, 0x4C, 0x97, 0x9D, 0x82, 0x5F, + 0x06, 0xA6, 0x92, 0x9A, 0x79, 0x62, 0x57, 0x18, + 0xA8, 0x57, 0x68, 0xF3, 0x48, 0x6B, 0xD3, 0x2A, + 0x01, 0xBF, 0x9A, 0x8F, 0x21, 0xEA, 0x93, 0x8E, + 0x64, 0x8E, 0xAE, 0x4E, 0x54, 0x48, 0xC3, 0x4C, + 0x3E, 0xB8, 0x88, 0x20, 0xB1, 0x59, 0xEE, 0xDD + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM_1024 + static const byte seed_1024[WC_ML_KEM_MAKEKEY_RAND_SZ] = { + /* d */ + 0x49, 0xAC, 0x8B, 0x99, 0xBB, 0x1E, 0x6A, 0x8E, + 0xA8, 0x18, 0x26, 0x1F, 0x8B, 0xE6, 0x8B, 0xDE, + 0xAA, 0x52, 0x89, 0x7E, 0x7E, 0xC6, 0xC4, 0x0B, + 0x53, 0x0B, 0xC7, 0x60, 0xAB, 0x77, 0xDC, 0xE3, + /* z */ + 0x99, 0xE3, 0x24, 0x68, 0x84, 0x18, 0x1F, 0x8E, + 0x1D, 0xD4, 0x4E, 0x0C, 0x76, 0x29, 0x09, 0x33, + 0x30, 0x22, 0x1F, 0xD6, 0x7D, 0x9B, 0x7D, 0x6E, + 0x15, 0x10, 0xB2, 0xDB, 0xAD, 0x87, 0x62, 0xF7 + }; + static const byte ek_1024[WC_ML_KEM_1024_PUBLIC_KEY_SIZE] = { + 0xA0, 0x41, 0x84, 0xD4, 0xBC, 0x7B, 0x53, 0x2A, + 0x0F, 0x70, 0xA5, 0x4D, 0x77, 0x57, 0xCD, 0xE6, + 0x17, 0x5A, 0x68, 0x43, 0xB8, 0x61, 0xCB, 0x2B, + 0xC4, 0x83, 0x0C, 0x00, 0x12, 0x55, 0x4C, 0xFC, + 0x5D, 0x2C, 0x8A, 0x20, 0x27, 0xAA, 0x3C, 0xD9, + 0x67, 0x13, 0x0E, 0x9B, 0x96, 0x24, 0x1B, 0x11, + 0xC4, 0x32, 0x0C, 0x76, 0x49, 0xCC, 0x23, 0xA7, + 0x1B, 0xAF, 0xE6, 0x91, 0xAF, 0xC0, 0x8E, 0x68, + 0x0B, 0xCE, 0xF4, 0x29, 0x07, 0x00, 0x07, 0x18, + 0xE4, 0xEA, 0xCE, 0x8D, 0xA2, 0x82, 0x14, 0x19, + 0x7B, 0xE1, 0xC2, 0x69, 0xDA, 0x9C, 0xB5, 0x41, + 0xE1, 0xA3, 0xCE, 0x97, 0xCF, 0xAD, 0xF9, 0xC6, + 0x05, 0x87, 0x80, 0xFE, 0x67, 0x93, 0xDB, 0xFA, + 0x82, 0x18, 0xA2, 0x76, 0x0B, 0x80, 0x2B, 0x8D, + 0xA2, 0xAA, 0x27, 0x1A, 0x38, 0x77, 0x25, 0x23, + 0xA7, 0x67, 0x36, 0xA7, 0xA3, 0x1B, 0x9D, 0x30, + 0x37, 0xAD, 0x21, 0xCE, 0xBB, 0x11, 0xA4, 0x72, + 0xB8, 0x79, 0x2E, 0xB1, 0x75, 0x58, 0xB9, 0x40, + 0xE7, 0x08, 0x83, 0xF2, 0x64, 0x59, 0x2C, 0x68, + 0x9B, 0x24, 0x0B, 0xB4, 0x3D, 0x54, 0x08, 0xBF, + 0x44, 0x64, 0x32, 0xF4, 0x12, 0xF4, 0xB9, 0xA5, + 0xF6, 0x86, 0x5C, 0xC2, 0x52, 0xA4, 0x3C, 0xF4, + 0x0A, 0x32, 0x03, 0x91, 0x55, 0x55, 0x91, 0xD6, + 0x75, 0x61, 0xFD, 0xD0, 0x53, 0x53, 0xAB, 0x6B, + 0x01, 0x9B, 0x3A, 0x08, 0xA7, 0x33, 0x53, 0xD5, + 0x1B, 0x61, 0x13, 0xAB, 0x2F, 0xA5, 0x1D, 0x97, + 0x56, 0x48, 0xEE, 0x25, 0x4A, 0xF8, 0x9A, 0x23, + 0x05, 0x04, 0xA2, 0x36, 0xA4, 0x65, 0x82, 0x57, + 0x74, 0x0B, 0xDC, 0xBB, 0xE1, 0x70, 0x8A, 0xB0, + 0x22, 0xC3, 0xC5, 0x88, 0xA4, 0x10, 0xDB, 0x3B, + 0x9C, 0x30, 0x8A, 0x06, 0x27, 0x5B, 0xDF, 0x5B, + 0x48, 0x59, 0xD3, 0xA2, 0x61, 0x7A, 0x29, 0x5E, + 0x1A, 0x22, 0xF9, 0x01, 0x98, 0xBA, 0xD0, 0x16, + 0x6F, 0x4A, 0x94, 0x34, 0x17, 0xC5, 0xB8, 0x31, + 0x73, 0x6C, 0xB2, 0xC8, 0x58, 0x0A, 0xBF, 0xDE, + 0x57, 0x14, 0xB5, 0x86, 0xAB, 0xEE, 0xC0, 0xA1, + 0x75, 0xA0, 0x8B, 0xC7, 0x10, 0xC7, 0xA2, 0x89, + 0x5D, 0xE9, 0x3A, 0xC4, 0x38, 0x06, 0x1B, 0xF7, + 0x76, 0x5D, 0x0D, 0x21, 0xCD, 0x41, 0x81, 0x67, + 0xCA, 0xF8, 0x9D, 0x1E, 0xFC, 0x34, 0x48, 0xBC, + 0xBB, 0x96, 0xD6, 0x9B, 0x3E, 0x01, 0x0C, 0x82, + 0xD1, 0x5C, 0xAB, 0x6C, 0xAC, 0xC6, 0x79, 0x9D, + 0x36, 0x39, 0x66, 0x9A, 0x5B, 0x21, 0xA6, 0x33, + 0xC8, 0x65, 0xF8, 0x59, 0x3B, 0x5B, 0x7B, 0xC8, + 0x00, 0x26, 0x2B, 0xB8, 0x37, 0xA9, 0x24, 0xA6, + 0xC5, 0x44, 0x0E, 0x4F, 0xC7, 0x3B, 0x41, 0xB2, + 0x30, 0x92, 0xC3, 0x91, 0x2F, 0x4C, 0x6B, 0xEB, + 0xB4, 0xC7, 0xB4, 0xC6, 0x29, 0x08, 0xB0, 0x37, + 0x75, 0x66, 0x6C, 0x22, 0x22, 0x0D, 0xF9, 0xC8, + 0x88, 0x23, 0xE3, 0x44, 0xC7, 0x30, 0x83, 0x32, + 0x34, 0x5C, 0x8B, 0x79, 0x5D, 0x34, 0xE8, 0xC0, + 0x51, 0xF2, 0x1F, 0x5A, 0x21, 0xC2, 0x14, 0xB6, + 0x98, 0x41, 0x35, 0x87, 0x09, 0xB1, 0xC3, 0x05, + 0xB3, 0x2C, 0xC2, 0xC3, 0x80, 0x6A, 0xE9, 0xCC, + 0xD3, 0x81, 0x9F, 0xFF, 0x45, 0x07, 0xFE, 0x52, + 0x0F, 0xBF, 0xC2, 0x71, 0x99, 0xBC, 0x23, 0xBE, + 0x6B, 0x9B, 0x2D, 0x2A, 0xC1, 0x71, 0x75, 0x79, + 0xAC, 0x76, 0x92, 0x79, 0xE2, 0xA7, 0xAA, 0xC6, + 0x8A, 0x37, 0x1A, 0x47, 0xBA, 0x3A, 0x7D, 0xBE, + 0x01, 0x6F, 0x14, 0xE1, 0xA7, 0x27, 0x33, 0x36, + 0x63, 0xC4, 0xA5, 0xCD, 0x1A, 0x0F, 0x88, 0x36, + 0xCF, 0x7B, 0x5C, 0x49, 0xAC, 0x51, 0x48, 0x5C, + 0xA6, 0x03, 0x45, 0xC9, 0x90, 0xE0, 0x68, 0x88, + 0x72, 0x00, 0x03, 0x73, 0x13, 0x22, 0xC5, 0xB8, + 0xCD, 0x5E, 0x69, 0x07, 0xFD, 0xA1, 0x15, 0x7F, + 0x46, 0x8F, 0xD3, 0xFC, 0x20, 0xFA, 0x81, 0x75, + 0xEE, 0xC9, 0x5C, 0x29, 0x1A, 0x26, 0x2B, 0xA8, + 0xC5, 0xBE, 0x99, 0x08, 0x72, 0x41, 0x89, 0x30, + 0x85, 0x23, 0x39, 0xD8, 0x8A, 0x19, 0xB3, 0x7F, + 0xEF, 0xA3, 0xCF, 0xE8, 0x21, 0x75, 0xC2, 0x24, + 0x40, 0x7C, 0xA4, 0x14, 0xBA, 0xEB, 0x37, 0x92, + 0x3B, 0x4D, 0x2D, 0x83, 0x13, 0x4A, 0xE1, 0x54, + 0xE4, 0x90, 0xA9, 0xB4, 0x5A, 0x05, 0x63, 0xB0, + 0x6C, 0x95, 0x3C, 0x33, 0x01, 0x45, 0x0A, 0x21, + 0x76, 0xA0, 0x7C, 0x61, 0x4A, 0x74, 0xE3, 0x47, + 0x8E, 0x48, 0x50, 0x9F, 0x9A, 0x60, 0xAE, 0x94, + 0x5A, 0x8E, 0xBC, 0x78, 0x15, 0x12, 0x1D, 0x90, + 0xA3, 0xB0, 0xE0, 0x70, 0x91, 0xA0, 0x96, 0xCF, + 0x02, 0xC5, 0x7B, 0x25, 0xBC, 0xA5, 0x81, 0x26, + 0xAD, 0x0C, 0x62, 0x9C, 0xE1, 0x66, 0xA7, 0xED, + 0xB4, 0xB3, 0x32, 0x21, 0xA0, 0xD3, 0xF7, 0x2B, + 0x85, 0xD5, 0x62, 0xEC, 0x69, 0x8B, 0x7D, 0x0A, + 0x91, 0x3D, 0x73, 0x80, 0x6F, 0x1C, 0x5C, 0x87, + 0xB3, 0x8E, 0xC0, 0x03, 0xCB, 0x30, 0x3A, 0x3D, + 0xC5, 0x1B, 0x4B, 0x35, 0x35, 0x6A, 0x67, 0x82, + 0x6D, 0x6E, 0xDA, 0xA8, 0xFE, 0xB9, 0x3B, 0x98, + 0x49, 0x3B, 0x2D, 0x1C, 0x11, 0xB6, 0x76, 0xA6, + 0xAD, 0x95, 0x06, 0xA1, 0xAA, 0xAE, 0x13, 0xA8, + 0x24, 0xC7, 0xC0, 0x8D, 0x1C, 0x6C, 0x2C, 0x4D, + 0xBA, 0x96, 0x42, 0xC7, 0x6E, 0xA7, 0xF6, 0xC8, + 0x26, 0x4B, 0x64, 0xA2, 0x3C, 0xCC, 0xA9, 0xA7, + 0x46, 0x35, 0xFC, 0xBF, 0x03, 0xE0, 0x0F, 0x1B, + 0x57, 0x22, 0xB2, 0x14, 0x37, 0x67, 0x90, 0x79, + 0x3B, 0x2C, 0x4F, 0x0A, 0x13, 0xB5, 0xC4, 0x07, + 0x60, 0xB4, 0x21, 0x8E, 0x1D, 0x25, 0x94, 0xDC, + 0xB3, 0x0A, 0x70, 0xD9, 0xC1, 0x78, 0x2A, 0x5D, + 0xD3, 0x05, 0x76, 0xFA, 0x41, 0x44, 0xBF, 0xC8, + 0x41, 0x6E, 0xDA, 0x81, 0x18, 0xFC, 0x64, 0x72, + 0xF5, 0x6A, 0x97, 0x95, 0x86, 0xF3, 0x3B, 0xB0, + 0x70, 0xFB, 0x0F, 0x1B, 0x0B, 0x10, 0xBC, 0x48, + 0x97, 0xEB, 0xE0, 0x1B, 0xCA, 0x38, 0x93, 0xD4, + 0xE1, 0x6A, 0xDB, 0x25, 0x09, 0x3A, 0x74, 0x17, + 0xD0, 0x70, 0x8C, 0x83, 0xA2, 0x63, 0x22, 0xE2, + 0x2E, 0x63, 0x30, 0x09, 0x1E, 0x30, 0x15, 0x2B, + 0xF8, 0x23, 0x59, 0x7C, 0x04, 0xCC, 0xF4, 0xCF, + 0xC7, 0x33, 0x15, 0x78, 0xF4, 0x3A, 0x27, 0x26, + 0xCC, 0xB4, 0x28, 0x28, 0x9A, 0x90, 0xC8, 0x63, + 0x25, 0x9D, 0xD1, 0x80, 0xC5, 0xFF, 0x14, 0x2B, + 0xEF, 0x41, 0xC7, 0x71, 0x70, 0x94, 0xBE, 0x07, + 0x85, 0x6D, 0xA2, 0xB1, 0x40, 0xFA, 0x67, 0x71, + 0x09, 0x67, 0x35, 0x6A, 0xA4, 0x7D, 0xFB, 0xC8, + 0xD2, 0x55, 0xB4, 0x72, 0x2A, 0xB8, 0x6D, 0x43, + 0x9B, 0x7E, 0x0A, 0x60, 0x90, 0x25, 0x1D, 0x2D, + 0x4C, 0x1E, 0xD5, 0xF2, 0x0B, 0xBE, 0x68, 0x07, + 0xBF, 0x65, 0xA9, 0x0B, 0x7C, 0xB2, 0xEC, 0x01, + 0x02, 0xAF, 0x02, 0x80, 0x9D, 0xC9, 0xAC, 0x7D, + 0x0A, 0x3A, 0xBC, 0x69, 0xC1, 0x83, 0x65, 0xBC, + 0xFF, 0x59, 0x18, 0x5F, 0x33, 0x99, 0x68, 0x87, + 0x74, 0x61, 0x85, 0x90, 0x6C, 0x01, 0x91, 0xAE, + 0xD4, 0x40, 0x7E, 0x13, 0x94, 0x46, 0x45, 0x9B, + 0xE2, 0x9C, 0x68, 0x22, 0x71, 0x76, 0x44, 0x35, + 0x3D, 0x24, 0xAB, 0x63, 0x39, 0x15, 0x6A, 0x9C, + 0x42, 0x49, 0x09, 0xF0, 0xA9, 0x02, 0x5B, 0xB7, + 0x47, 0x20, 0x77, 0x9B, 0xE4, 0x3F, 0x16, 0xD8, + 0x1C, 0x8C, 0xC6, 0x66, 0xE9, 0x97, 0x10, 0xD8, + 0xC6, 0x8B, 0xB5, 0xCC, 0x4E, 0x12, 0xF3, 0x14, + 0xE9, 0x25, 0xA5, 0x51, 0xF0, 0x9C, 0xC5, 0x90, + 0x03, 0xA1, 0xF8, 0x81, 0x03, 0xC2, 0x54, 0xBB, + 0x97, 0x8D, 0x75, 0xF3, 0x94, 0xD3, 0x54, 0x0E, + 0x31, 0xE7, 0x71, 0xCD, 0xA3, 0x6E, 0x39, 0xEC, + 0x54, 0xA6, 0x2B, 0x58, 0x32, 0x66, 0x4D, 0x82, + 0x1A, 0x72, 0xF1, 0xE6, 0xAF, 0xBB, 0xA2, 0x7F, + 0x84, 0x29, 0x5B, 0x26, 0x94, 0xC4, 0x98, 0x49, + 0x8E, 0x81, 0x2B, 0xC8, 0xE9, 0x37, 0x8F, 0xE5, + 0x41, 0xCE, 0xC5, 0x89, 0x1B, 0x25, 0x06, 0x29, + 0x01, 0xCB, 0x72, 0x12, 0xE3, 0xCD, 0xC4, 0x61, + 0x79, 0xEC, 0x5B, 0xCE, 0xC1, 0x0B, 0xC0, 0xB9, + 0x31, 0x1D, 0xE0, 0x50, 0x74, 0x29, 0x06, 0x87, + 0xFD, 0x6A, 0x53, 0x92, 0x67, 0x16, 0x54, 0x28, + 0x4C, 0xD9, 0xC8, 0xCC, 0x3E, 0xBA, 0x80, 0xEB, + 0x3B, 0x66, 0x2E, 0xB5, 0x3E, 0xB7, 0x51, 0x16, + 0x70, 0x4A, 0x1F, 0xEB, 0x5C, 0x2D, 0x05, 0x63, + 0x38, 0x53, 0x28, 0x68, 0xDD, 0xF2, 0x4E, 0xB8, + 0x99, 0x2A, 0xB8, 0x56, 0x5D, 0x9E, 0x49, 0x0C, + 0xAD, 0xF1, 0x48, 0x04, 0x36, 0x0D, 0xAA, 0x90, + 0x71, 0x8E, 0xAB, 0x61, 0x6B, 0xAB, 0x07, 0x65, + 0xD3, 0x39, 0x87, 0xB4, 0x7E, 0xFB, 0x65, 0x99, + 0xC5, 0x56, 0x32, 0x35, 0xE6, 0x1E, 0x4B, 0xE6, + 0x70, 0xE9, 0x79, 0x55, 0xAB, 0x29, 0x2D, 0x97, + 0x32, 0xCB, 0x89, 0x30, 0x94, 0x8A, 0xC8, 0x2D, + 0xF2, 0x30, 0xAC, 0x72, 0x29, 0x7A, 0x23, 0x67, + 0x9D, 0x6B, 0x94, 0xC1, 0x7F, 0x13, 0x59, 0x48, + 0x32, 0x54, 0xFE, 0xDC, 0x2F, 0x05, 0x81, 0x9F, + 0x0D, 0x06, 0x9A, 0x44, 0x3B, 0x78, 0xE3, 0xFC, + 0x6C, 0x3E, 0xF4, 0x71, 0x4B, 0x05, 0xA3, 0xFC, + 0xA8, 0x1C, 0xBB, 0xA6, 0x02, 0x42, 0xA7, 0x06, + 0x0C, 0xD8, 0x85, 0xD8, 0xF3, 0x99, 0x81, 0xBB, + 0x18, 0x09, 0x2B, 0x23, 0xDA, 0xA5, 0x9F, 0xD9, + 0x57, 0x83, 0x88, 0x68, 0x8A, 0x09, 0xBB, 0xA0, + 0x79, 0xBC, 0x80, 0x9A, 0x54, 0x84, 0x3A, 0x60, + 0x38, 0x5E, 0x23, 0x10, 0xBB, 0xCB, 0xCC, 0x02, + 0x13, 0xCE, 0x3D, 0xFA, 0xAB, 0x33, 0xB4, 0x7F, + 0x9D, 0x63, 0x05, 0xBC, 0x95, 0xC6, 0x10, 0x78, + 0x13, 0xC5, 0x85, 0xC4, 0xB6, 0x57, 0xBF, 0x30, + 0x54, 0x28, 0x33, 0xB1, 0x49, 0x49, 0xF5, 0x73, + 0xC0, 0x61, 0x2A, 0xD5, 0x24, 0xBA, 0xAE, 0x69, + 0x59, 0x0C, 0x12, 0x77, 0xB8, 0x6C, 0x28, 0x65, + 0x71, 0xBF, 0x66, 0xB3, 0xCF, 0xF4, 0x6A, 0x38, + 0x58, 0xC0, 0x99, 0x06, 0xA7, 0x94, 0xDF, 0x4A, + 0x06, 0xE9, 0xD4, 0xB0, 0xA2, 0xE4, 0x3F, 0x10, + 0xF7, 0x2A, 0x6C, 0x6C, 0x47, 0xE5, 0x64, 0x6E, + 0x2C, 0x79, 0x9B, 0x71, 0xC3, 0x3E, 0xD2, 0xF0, + 0x1E, 0xEB, 0x45, 0x93, 0x8E, 0xB7, 0xA4, 0xE2, + 0xE2, 0x90, 0x8C, 0x53, 0x55, 0x8A, 0x54, 0x0D, + 0x35, 0x03, 0x69, 0xFA, 0x18, 0x9C, 0x61, 0x69, + 0x43, 0xF7, 0x98, 0x1D, 0x76, 0x18, 0xCF, 0x02, + 0xA5, 0xB0, 0xA2, 0xBC, 0xC4, 0x22, 0xE8, 0x57, + 0xD1, 0xA4, 0x78, 0x71, 0x25, 0x3D, 0x08, 0x29, + 0x3C, 0x1C, 0x17, 0x9B, 0xCD, 0xC0, 0x43, 0x70, + 0x69, 0x10, 0x74, 0x18, 0x20, 0x5F, 0xDB, 0x98, + 0x56, 0x62, 0x3B, 0x8C, 0xA6, 0xB6, 0x94, 0xC9, + 0x6C, 0x08, 0x4B, 0x17, 0xF1, 0x3B, 0xB6, 0xDF, + 0x12, 0xB2, 0xCF, 0xBB, 0xC2, 0xB0, 0xE0, 0xC3, + 0x4B, 0x00, 0xD0, 0xFC, 0xD0, 0xAE, 0xCF, 0xB2, + 0x79, 0x24, 0xF6, 0x98, 0x4E, 0x74, 0x7B, 0xE2, + 0xA0, 0x9D, 0x83, 0xA8, 0x66, 0x45, 0x90, 0xA8, + 0x07, 0x73, 0x31, 0x49, 0x1A, 0x4F, 0x7D, 0x72, + 0x08, 0x43, 0xF2, 0x3E, 0x65, 0x2C, 0x6F, 0xA8, + 0x40, 0x30, 0x8D, 0xB4, 0x02, 0x03, 0x37, 0xAA, + 0xD3, 0x79, 0x67, 0x03, 0x4A, 0x9F, 0xB5, 0x23, + 0xB6, 0x7C, 0xA7, 0x03, 0x30, 0xF0, 0x2D, 0x9E, + 0xA2, 0x0C, 0x1E, 0x84, 0xCB, 0x8E, 0x57, 0x57, + 0xC9, 0xE1, 0x89, 0x6B, 0x60, 0x58, 0x14, 0x41, + 0xED, 0x61, 0x8A, 0xA5, 0xB2, 0x6D, 0xA5, 0x6C, + 0x0A, 0x5A, 0x73, 0xC4, 0xDC, 0xFD, 0x75, 0x5E, + 0x61, 0x0B, 0x4F, 0xC8, 0x1F, 0xF8, 0x4E, 0x21 + }; + static const byte dk_1024[WC_ML_KEM_1024_PRIVATE_KEY_SIZE] = { + 0x8C, 0x8B, 0x37, 0x22, 0xA8, 0x2E, 0x55, 0x05, + 0x65, 0x52, 0x16, 0x11, 0xEB, 0xBC, 0x63, 0x07, + 0x99, 0x44, 0xC9, 0xB1, 0xAB, 0xB3, 0xB0, 0x02, + 0x0F, 0xF1, 0x2F, 0x63, 0x18, 0x91, 0xA9, 0xC4, + 0x68, 0xD3, 0xA6, 0x7B, 0xF6, 0x27, 0x12, 0x80, + 0xDA, 0x58, 0xD0, 0x3C, 0xB0, 0x42, 0xB3, 0xA4, + 0x61, 0x44, 0x16, 0x37, 0xF9, 0x29, 0xC2, 0x73, + 0x46, 0x9A, 0xD1, 0x53, 0x11, 0xE9, 0x10, 0xDE, + 0x18, 0xCB, 0x95, 0x37, 0xBA, 0x1B, 0xE4, 0x2E, + 0x98, 0xBB, 0x59, 0xE4, 0x98, 0xA1, 0x3F, 0xD4, + 0x40, 0xD0, 0xE6, 0x9E, 0xE8, 0x32, 0xB4, 0x5C, + 0xD9, 0x5C, 0x38, 0x21, 0x77, 0xD6, 0x70, 0x96, + 0xA1, 0x8C, 0x07, 0xF1, 0x78, 0x16, 0x63, 0x65, + 0x1B, 0xDC, 0xAC, 0x90, 0xDE, 0xDA, 0x3D, 0xDD, + 0x14, 0x34, 0x85, 0x86, 0x41, 0x81, 0xC9, 0x1F, + 0xA2, 0x08, 0x0F, 0x6D, 0xAB, 0x3F, 0x86, 0x20, + 0x4C, 0xEB, 0x64, 0xA7, 0xB4, 0x44, 0x68, 0x95, + 0xC0, 0x39, 0x87, 0xA0, 0x31, 0xCB, 0x4B, 0x6D, + 0x9E, 0x04, 0x62, 0xFD, 0xA8, 0x29, 0x17, 0x2B, + 0x6C, 0x01, 0x2C, 0x63, 0x8B, 0x29, 0xB5, 0xCD, + 0x75, 0xA2, 0xC9, 0x30, 0xA5, 0x59, 0x6A, 0x31, + 0x81, 0xC3, 0x3A, 0x22, 0xD5, 0x74, 0xD3, 0x02, + 0x61, 0x19, 0x6B, 0xC3, 0x50, 0x73, 0x8D, 0x4F, + 0xD9, 0x18, 0x3A, 0x76, 0x33, 0x36, 0x24, 0x3A, + 0xCE, 0xD9, 0x9B, 0x32, 0x21, 0xC7, 0x1D, 0x88, + 0x66, 0x89, 0x5C, 0x4E, 0x52, 0xC1, 0x19, 0xBF, + 0x32, 0x80, 0xDA, 0xF8, 0x0A, 0x95, 0xE1, 0x52, + 0x09, 0xA7, 0x95, 0xC4, 0x43, 0x5F, 0xBB, 0x35, + 0x70, 0xFD, 0xB8, 0xAA, 0x9B, 0xF9, 0xAE, 0xFD, + 0x43, 0xB0, 0x94, 0xB7, 0x81, 0xD5, 0xA8, 0x11, + 0x36, 0xDA, 0xB8, 0x8B, 0x87, 0x99, 0x69, 0x65, + 0x56, 0xFE, 0xC6, 0xAE, 0x14, 0xB0, 0xBB, 0x8B, + 0xE4, 0x69, 0x5E, 0x9A, 0x12, 0x4C, 0x2A, 0xB8, + 0xFF, 0x4A, 0xB1, 0x22, 0x9B, 0x8A, 0xAA, 0x8C, + 0x6F, 0x41, 0xA6, 0x0C, 0x34, 0xC7, 0xB5, 0x61, + 0x82, 0xC5, 0x5C, 0x2C, 0x68, 0x5E, 0x73, 0x7C, + 0x6C, 0xA0, 0x0A, 0x23, 0xFB, 0x8A, 0x68, 0xC1, + 0xCD, 0x61, 0xF3, 0x0D, 0x39, 0x93, 0xA1, 0x65, + 0x3C, 0x16, 0x75, 0xAC, 0x5F, 0x09, 0x01, 0xA7, + 0x16, 0x0A, 0x73, 0x96, 0x64, 0x08, 0xB8, 0x87, + 0x6B, 0x71, 0x53, 0x96, 0xCF, 0xA4, 0x90, 0x3F, + 0xC6, 0x9D, 0x60, 0x49, 0x1F, 0x81, 0x46, 0x80, + 0x8C, 0x97, 0xCD, 0x5C, 0x53, 0x3E, 0x71, 0x01, + 0x79, 0x09, 0xE9, 0x7B, 0x83, 0x5B, 0x86, 0xFF, + 0x84, 0x7B, 0x42, 0xA6, 0x96, 0x37, 0x54, 0x35, + 0xE0, 0x06, 0x06, 0x1C, 0xF7, 0xA4, 0x79, 0x46, + 0x32, 0x72, 0x11, 0x4A, 0x89, 0xEB, 0x3E, 0xAF, + 0x22, 0x46, 0xF0, 0xF8, 0xC1, 0x04, 0xA1, 0x49, + 0x86, 0x82, 0x8E, 0x0A, 0xD2, 0x04, 0x20, 0xC9, + 0xB3, 0x7E, 0xA2, 0x3F, 0x5C, 0x51, 0x49, 0x49, + 0xE7, 0x7A, 0xD9, 0xE9, 0xAD, 0x12, 0x29, 0x0D, + 0xD1, 0x21, 0x5E, 0x11, 0xDA, 0x27, 0x44, 0x57, + 0xAC, 0x86, 0xB1, 0xCE, 0x68, 0x64, 0xB1, 0x22, + 0x67, 0x7F, 0x37, 0x18, 0xAA, 0x31, 0xB0, 0x25, + 0x80, 0xE6, 0x43, 0x17, 0x17, 0x8D, 0x38, 0xF2, + 0x5F, 0x60, 0x9B, 0xC6, 0xC5, 0x5B, 0xC3, 0x74, + 0xA1, 0xBF, 0x78, 0xEA, 0x8E, 0xCC, 0x21, 0x9B, + 0x30, 0xB7, 0x4C, 0xBB, 0x32, 0x72, 0xA5, 0x99, + 0x23, 0x8C, 0x93, 0x98, 0x51, 0x70, 0x04, 0x8F, + 0x17, 0x67, 0x75, 0xFB, 0x19, 0x96, 0x2A, 0xC3, + 0xB1, 0x35, 0xAA, 0x59, 0xDB, 0x10, 0x4F, 0x71, + 0x14, 0xDB, 0xC2, 0xC2, 0xD4, 0x29, 0x49, 0xAD, + 0xEC, 0xA6, 0xA8, 0x5B, 0x32, 0x3E, 0xE2, 0xB2, + 0xB2, 0x3A, 0x77, 0xD9, 0xDB, 0x23, 0x59, 0x79, + 0xA8, 0xE2, 0xD6, 0x7C, 0xF7, 0xD2, 0x13, 0x6B, + 0xBB, 0xA7, 0x1F, 0x26, 0x95, 0x74, 0xB3, 0x88, + 0x88, 0xE1, 0x54, 0x13, 0x40, 0xC1, 0x92, 0x84, + 0x07, 0x4F, 0x9B, 0x7C, 0x8C, 0xF3, 0x7E, 0xB0, + 0x13, 0x84, 0xE6, 0xE3, 0x82, 0x2E, 0xC4, 0x88, + 0x2D, 0xFB, 0xBE, 0xC4, 0xE6, 0x09, 0x8E, 0xF2, + 0xB2, 0xFC, 0x17, 0x7A, 0x1F, 0x0B, 0xCB, 0x65, + 0xA5, 0x7F, 0xDA, 0xA8, 0x93, 0x15, 0x46, 0x1B, + 0xEB, 0x78, 0x85, 0xFB, 0x68, 0xB3, 0xCD, 0x09, + 0x6E, 0xDA, 0x59, 0x6A, 0xC0, 0xE6, 0x1D, 0xD7, + 0xA9, 0xC5, 0x07, 0xBC, 0x63, 0x45, 0xE0, 0x82, + 0x7D, 0xFC, 0xC8, 0xA3, 0xAC, 0x2D, 0xCE, 0x51, + 0xAD, 0x73, 0x1A, 0xA0, 0xEB, 0x93, 0x2A, 0x6D, + 0x09, 0x83, 0x99, 0x23, 0x47, 0xCB, 0xEB, 0x3C, + 0xD0, 0xD9, 0xC9, 0x71, 0x97, 0x97, 0xCC, 0x21, + 0xCF, 0x00, 0x62, 0xB0, 0xAD, 0x94, 0xCA, 0xD7, + 0x34, 0xC6, 0x3E, 0x6B, 0x5D, 0x85, 0x9C, 0xBE, + 0x19, 0xF0, 0x36, 0x82, 0x45, 0x35, 0x1B, 0xF4, + 0x64, 0xD7, 0x50, 0x55, 0x69, 0x79, 0x0D, 0x2B, + 0xB7, 0x24, 0xD8, 0x65, 0x9A, 0x9F, 0xEB, 0x1C, + 0x7C, 0x47, 0x3D, 0xC4, 0xD0, 0x61, 0xE2, 0x98, + 0x63, 0xA2, 0x71, 0x4B, 0xAC, 0x42, 0xAD, 0xCD, + 0x1A, 0x83, 0x72, 0x77, 0x65, 0x56, 0xF7, 0x92, + 0x8A, 0x7A, 0x44, 0xE9, 0x4B, 0x6A, 0x25, 0x32, + 0x2D, 0x03, 0xC0, 0xA1, 0x62, 0x2A, 0x7F, 0xD2, + 0x61, 0x52, 0x2B, 0x73, 0x58, 0xF0, 0x85, 0xBD, + 0xFB, 0x60, 0x75, 0x87, 0x62, 0xCB, 0x90, 0x10, + 0x31, 0x90, 0x1B, 0x5E, 0xEC, 0xF4, 0x92, 0x0C, + 0x81, 0x02, 0x0A, 0x9B, 0x17, 0x81, 0xBC, 0xB9, + 0xDD, 0x19, 0xA9, 0xDF, 0xB6, 0x64, 0x58, 0xE7, + 0x75, 0x7C, 0x52, 0xCE, 0xC7, 0x5B, 0x4B, 0xA7, + 0x40, 0xA2, 0x40, 0x99, 0xCB, 0x56, 0xBB, 0x60, + 0xA7, 0x6B, 0x69, 0x01, 0xAA, 0x3E, 0x01, 0x69, + 0xC9, 0xE8, 0x34, 0x96, 0xD7, 0x3C, 0x4C, 0x99, + 0x43, 0x5A, 0x28, 0xD6, 0x13, 0xE9, 0x7A, 0x11, + 0x77, 0xF5, 0x8B, 0x6C, 0xC5, 0x95, 0xD3, 0xB2, + 0x33, 0x1E, 0x9C, 0xA7, 0xB5, 0x7B, 0x74, 0xDC, + 0x2C, 0x52, 0x77, 0xD2, 0x6F, 0x2F, 0xE1, 0x92, + 0x40, 0xA5, 0x5C, 0x35, 0xD6, 0xCF, 0xCA, 0x26, + 0xC7, 0x3E, 0x9A, 0x2D, 0x7C, 0x98, 0x0D, 0x97, + 0x96, 0x0A, 0xE1, 0xA0, 0x46, 0x98, 0xC1, 0x6B, + 0x39, 0x8A, 0x5F, 0x20, 0xC3, 0x5A, 0x09, 0x14, + 0x14, 0x5C, 0xE1, 0x67, 0x4B, 0x71, 0xAB, 0xC6, + 0x06, 0x6A, 0x90, 0x9A, 0x3E, 0x4B, 0x91, 0x1E, + 0x69, 0xD5, 0xA8, 0x49, 0x43, 0x03, 0x61, 0xF7, + 0x31, 0xB0, 0x72, 0x46, 0xA6, 0x32, 0x9B, 0x52, + 0x36, 0x19, 0x04, 0x22, 0x50, 0x82, 0xD0, 0xAA, + 0xC5, 0xB2, 0x1D, 0x6B, 0x34, 0x86, 0x24, 0x81, + 0xA8, 0x90, 0xC3, 0xC3, 0x60, 0x76, 0x6F, 0x04, + 0x26, 0x36, 0x03, 0xA6, 0xB7, 0x3E, 0x80, 0x2B, + 0x1F, 0x70, 0xB2, 0xEB, 0x00, 0x04, 0x68, 0x36, + 0xB8, 0xF4, 0x93, 0xBF, 0x10, 0xB9, 0x0B, 0x87, + 0x37, 0xC6, 0xC5, 0x48, 0x44, 0x9B, 0x29, 0x4C, + 0x47, 0x25, 0x3B, 0xE2, 0x6C, 0xA7, 0x23, 0x36, + 0xA6, 0x32, 0x06, 0x3A, 0xD3, 0xD0, 0xB4, 0x8C, + 0x8B, 0x0F, 0x4A, 0x34, 0x44, 0x7E, 0xF1, 0x3B, + 0x76, 0x40, 0x20, 0xDE, 0x73, 0x9E, 0xB7, 0x9A, + 0xBA, 0x20, 0xE2, 0xBE, 0x19, 0x51, 0x82, 0x5F, + 0x29, 0x3B, 0xED, 0xD1, 0x08, 0x9F, 0xCB, 0x0A, + 0x91, 0xF5, 0x60, 0xC8, 0xE1, 0x7C, 0xDF, 0x52, + 0x54, 0x1D, 0xC2, 0xB8, 0x1F, 0x97, 0x2A, 0x73, + 0x75, 0xB2, 0x01, 0xF1, 0x0C, 0x08, 0xD9, 0xB5, + 0xBC, 0x8B, 0x95, 0x10, 0x00, 0x54, 0xA3, 0xD0, + 0xAA, 0xFF, 0x89, 0xBD, 0x08, 0xD6, 0xA0, 0xE7, + 0xF2, 0x11, 0x5A, 0x43, 0x52, 0x31, 0x29, 0x04, + 0x60, 0xC9, 0xAD, 0x43, 0x5A, 0x3B, 0x3C, 0xF3, + 0x5E, 0x52, 0x09, 0x1E, 0xDD, 0x18, 0x90, 0x04, + 0x7B, 0xCC, 0x0A, 0xAB, 0xB1, 0xAC, 0xEB, 0xC7, + 0x5F, 0x4A, 0x32, 0xBC, 0x14, 0x51, 0xAC, 0xC4, + 0x96, 0x99, 0x40, 0x78, 0x8E, 0x89, 0x41, 0x21, + 0x88, 0x94, 0x6C, 0x91, 0x43, 0xC5, 0x04, 0x6B, + 0xD1, 0xB4, 0x58, 0xDF, 0x61, 0x7C, 0x5D, 0xF5, + 0x33, 0xB0, 0x52, 0xCD, 0x60, 0x38, 0xB7, 0x75, + 0x40, 0x34, 0xA2, 0x3C, 0x2F, 0x77, 0x20, 0x13, + 0x4C, 0x7B, 0x4E, 0xAC, 0xE0, 0x1F, 0xAC, 0x0A, + 0x28, 0x53, 0xA9, 0x28, 0x58, 0x47, 0xAB, 0xBD, + 0x06, 0xA3, 0x34, 0x3A, 0x77, 0x8A, 0xC6, 0x06, + 0x2E, 0x45, 0x8B, 0xC5, 0xE6, 0x1E, 0xCE, 0x1C, + 0x0D, 0xE0, 0x20, 0x6E, 0x6F, 0xE8, 0xA8, 0x40, + 0x34, 0xA7, 0xC5, 0xF1, 0xB0, 0x05, 0xFB, 0x0A, + 0x58, 0x40, 0x51, 0xD3, 0x22, 0x9B, 0x86, 0xC9, + 0x09, 0xAC, 0x56, 0x47, 0xB3, 0xD7, 0x55, 0x69, + 0xE0, 0x5A, 0x88, 0x27, 0x9D, 0x80, 0xE5, 0xC3, + 0x0F, 0x57, 0x4D, 0xC3, 0x27, 0x51, 0x2C, 0x6B, + 0xBE, 0x81, 0x01, 0x23, 0x9E, 0xC6, 0x28, 0x61, + 0xF4, 0xBE, 0x67, 0xB0, 0x5B, 0x9C, 0xDA, 0x9C, + 0x54, 0x5C, 0x13, 0xE7, 0xEB, 0x53, 0xCF, 0xF2, + 0x60, 0xAD, 0x98, 0x70, 0x19, 0x9C, 0x21, 0xF8, + 0xC6, 0x3D, 0x64, 0xF0, 0x45, 0x8A, 0x71, 0x41, + 0x28, 0x50, 0x23, 0xFE, 0xB8, 0x29, 0x29, 0x08, + 0x72, 0x38, 0x96, 0x44, 0xB0, 0xC3, 0xB7, 0x3A, + 0xC2, 0xC8, 0xE1, 0x21, 0xA2, 0x9B, 0xB1, 0xC4, + 0x3C, 0x19, 0xA2, 0x33, 0xD5, 0x6B, 0xED, 0x82, + 0x74, 0x0E, 0xB0, 0x21, 0xC9, 0x7B, 0x8E, 0xBB, + 0xA4, 0x0F, 0xF3, 0x28, 0xB5, 0x41, 0x76, 0x0F, + 0xCC, 0x37, 0x2B, 0x52, 0xD3, 0xBC, 0x4F, 0xCB, + 0xC0, 0x6F, 0x42, 0x4E, 0xAF, 0x25, 0x38, 0x04, + 0xD4, 0xCB, 0x46, 0xF4, 0x1F, 0xF2, 0x54, 0xC0, + 0xC5, 0xBA, 0x48, 0x3B, 0x44, 0xA8, 0x7C, 0x21, + 0x96, 0x54, 0x55, 0x5E, 0xC7, 0xC1, 0x63, 0xC7, + 0x9B, 0x9C, 0xB7, 0x60, 0xA2, 0xAD, 0x9B, 0xB7, + 0x22, 0xB9, 0x3E, 0x0C, 0x28, 0xBD, 0x4B, 0x16, + 0x85, 0x94, 0x9C, 0x49, 0x6E, 0xAB, 0x1A, 0xFF, + 0x90, 0x91, 0x9E, 0x37, 0x61, 0xB3, 0x46, 0x83, + 0x8A, 0xBB, 0x2F, 0x01, 0xA9, 0x1E, 0x55, 0x43, + 0x75, 0xAF, 0xDA, 0xAA, 0xF3, 0x82, 0x6E, 0x6D, + 0xB7, 0x9F, 0xE7, 0x35, 0x3A, 0x7A, 0x57, 0x8A, + 0x7C, 0x05, 0x98, 0xCE, 0x28, 0xB6, 0xD9, 0x91, + 0x52, 0x14, 0x23, 0x6B, 0xBF, 0xFA, 0x6D, 0x45, + 0xB6, 0x37, 0x6A, 0x07, 0x92, 0x4A, 0x39, 0xA7, + 0xBE, 0x81, 0x82, 0x86, 0x71, 0x5C, 0x8A, 0x3C, + 0x11, 0x0C, 0xD7, 0x6C, 0x02, 0xE0, 0x41, 0x7A, + 0xF1, 0x38, 0xBD, 0xB9, 0x5C, 0x3C, 0xCA, 0x79, + 0x8A, 0xC8, 0x09, 0xED, 0x69, 0xCF, 0xB6, 0x72, + 0xB6, 0xFD, 0xDC, 0x24, 0xD8, 0x9C, 0x06, 0xA6, + 0x55, 0x88, 0x14, 0xAB, 0x0C, 0x21, 0xC6, 0x2B, + 0x2F, 0x84, 0xC0, 0xE3, 0xE0, 0x80, 0x3D, 0xB3, + 0x37, 0xA4, 0xE0, 0xC7, 0x12, 0x7A, 0x6B, 0x4C, + 0x8C, 0x08, 0xB1, 0xD1, 0xA7, 0x6B, 0xF0, 0x7E, + 0xB6, 0xE5, 0xB5, 0xBB, 0x47, 0xA1, 0x6C, 0x74, + 0xBC, 0x54, 0x83, 0x75, 0xFB, 0x29, 0xCD, 0x78, + 0x9A, 0x5C, 0xFF, 0x91, 0xBD, 0xBD, 0x07, 0x18, + 0x59, 0xF4, 0x84, 0x6E, 0x35, 0x5B, 0xB0, 0xD2, + 0x94, 0x84, 0xE2, 0x64, 0xDF, 0xF3, 0x6C, 0x91, + 0x77, 0xA7, 0xAC, 0xA7, 0x89, 0x08, 0x87, 0x96, + 0x95, 0xCA, 0x87, 0xF2, 0x54, 0x36, 0xBC, 0x12, + 0x63, 0x07, 0x24, 0xBB, 0x22, 0xF0, 0xCB, 0x64, + 0x89, 0x7F, 0xE5, 0xC4, 0x11, 0x95, 0x28, 0x0D, + 0xA0, 0x41, 0x84, 0xD4, 0xBC, 0x7B, 0x53, 0x2A, + 0x0F, 0x70, 0xA5, 0x4D, 0x77, 0x57, 0xCD, 0xE6, + 0x17, 0x5A, 0x68, 0x43, 0xB8, 0x61, 0xCB, 0x2B, + 0xC4, 0x83, 0x0C, 0x00, 0x12, 0x55, 0x4C, 0xFC, + 0x5D, 0x2C, 0x8A, 0x20, 0x27, 0xAA, 0x3C, 0xD9, + 0x67, 0x13, 0x0E, 0x9B, 0x96, 0x24, 0x1B, 0x11, + 0xC4, 0x32, 0x0C, 0x76, 0x49, 0xCC, 0x23, 0xA7, + 0x1B, 0xAF, 0xE6, 0x91, 0xAF, 0xC0, 0x8E, 0x68, + 0x0B, 0xCE, 0xF4, 0x29, 0x07, 0x00, 0x07, 0x18, + 0xE4, 0xEA, 0xCE, 0x8D, 0xA2, 0x82, 0x14, 0x19, + 0x7B, 0xE1, 0xC2, 0x69, 0xDA, 0x9C, 0xB5, 0x41, + 0xE1, 0xA3, 0xCE, 0x97, 0xCF, 0xAD, 0xF9, 0xC6, + 0x05, 0x87, 0x80, 0xFE, 0x67, 0x93, 0xDB, 0xFA, + 0x82, 0x18, 0xA2, 0x76, 0x0B, 0x80, 0x2B, 0x8D, + 0xA2, 0xAA, 0x27, 0x1A, 0x38, 0x77, 0x25, 0x23, + 0xA7, 0x67, 0x36, 0xA7, 0xA3, 0x1B, 0x9D, 0x30, + 0x37, 0xAD, 0x21, 0xCE, 0xBB, 0x11, 0xA4, 0x72, + 0xB8, 0x79, 0x2E, 0xB1, 0x75, 0x58, 0xB9, 0x40, + 0xE7, 0x08, 0x83, 0xF2, 0x64, 0x59, 0x2C, 0x68, + 0x9B, 0x24, 0x0B, 0xB4, 0x3D, 0x54, 0x08, 0xBF, + 0x44, 0x64, 0x32, 0xF4, 0x12, 0xF4, 0xB9, 0xA5, + 0xF6, 0x86, 0x5C, 0xC2, 0x52, 0xA4, 0x3C, 0xF4, + 0x0A, 0x32, 0x03, 0x91, 0x55, 0x55, 0x91, 0xD6, + 0x75, 0x61, 0xFD, 0xD0, 0x53, 0x53, 0xAB, 0x6B, + 0x01, 0x9B, 0x3A, 0x08, 0xA7, 0x33, 0x53, 0xD5, + 0x1B, 0x61, 0x13, 0xAB, 0x2F, 0xA5, 0x1D, 0x97, + 0x56, 0x48, 0xEE, 0x25, 0x4A, 0xF8, 0x9A, 0x23, + 0x05, 0x04, 0xA2, 0x36, 0xA4, 0x65, 0x82, 0x57, + 0x74, 0x0B, 0xDC, 0xBB, 0xE1, 0x70, 0x8A, 0xB0, + 0x22, 0xC3, 0xC5, 0x88, 0xA4, 0x10, 0xDB, 0x3B, + 0x9C, 0x30, 0x8A, 0x06, 0x27, 0x5B, 0xDF, 0x5B, + 0x48, 0x59, 0xD3, 0xA2, 0x61, 0x7A, 0x29, 0x5E, + 0x1A, 0x22, 0xF9, 0x01, 0x98, 0xBA, 0xD0, 0x16, + 0x6F, 0x4A, 0x94, 0x34, 0x17, 0xC5, 0xB8, 0x31, + 0x73, 0x6C, 0xB2, 0xC8, 0x58, 0x0A, 0xBF, 0xDE, + 0x57, 0x14, 0xB5, 0x86, 0xAB, 0xEE, 0xC0, 0xA1, + 0x75, 0xA0, 0x8B, 0xC7, 0x10, 0xC7, 0xA2, 0x89, + 0x5D, 0xE9, 0x3A, 0xC4, 0x38, 0x06, 0x1B, 0xF7, + 0x76, 0x5D, 0x0D, 0x21, 0xCD, 0x41, 0x81, 0x67, + 0xCA, 0xF8, 0x9D, 0x1E, 0xFC, 0x34, 0x48, 0xBC, + 0xBB, 0x96, 0xD6, 0x9B, 0x3E, 0x01, 0x0C, 0x82, + 0xD1, 0x5C, 0xAB, 0x6C, 0xAC, 0xC6, 0x79, 0x9D, + 0x36, 0x39, 0x66, 0x9A, 0x5B, 0x21, 0xA6, 0x33, + 0xC8, 0x65, 0xF8, 0x59, 0x3B, 0x5B, 0x7B, 0xC8, + 0x00, 0x26, 0x2B, 0xB8, 0x37, 0xA9, 0x24, 0xA6, + 0xC5, 0x44, 0x0E, 0x4F, 0xC7, 0x3B, 0x41, 0xB2, + 0x30, 0x92, 0xC3, 0x91, 0x2F, 0x4C, 0x6B, 0xEB, + 0xB4, 0xC7, 0xB4, 0xC6, 0x29, 0x08, 0xB0, 0x37, + 0x75, 0x66, 0x6C, 0x22, 0x22, 0x0D, 0xF9, 0xC8, + 0x88, 0x23, 0xE3, 0x44, 0xC7, 0x30, 0x83, 0x32, + 0x34, 0x5C, 0x8B, 0x79, 0x5D, 0x34, 0xE8, 0xC0, + 0x51, 0xF2, 0x1F, 0x5A, 0x21, 0xC2, 0x14, 0xB6, + 0x98, 0x41, 0x35, 0x87, 0x09, 0xB1, 0xC3, 0x05, + 0xB3, 0x2C, 0xC2, 0xC3, 0x80, 0x6A, 0xE9, 0xCC, + 0xD3, 0x81, 0x9F, 0xFF, 0x45, 0x07, 0xFE, 0x52, + 0x0F, 0xBF, 0xC2, 0x71, 0x99, 0xBC, 0x23, 0xBE, + 0x6B, 0x9B, 0x2D, 0x2A, 0xC1, 0x71, 0x75, 0x79, + 0xAC, 0x76, 0x92, 0x79, 0xE2, 0xA7, 0xAA, 0xC6, + 0x8A, 0x37, 0x1A, 0x47, 0xBA, 0x3A, 0x7D, 0xBE, + 0x01, 0x6F, 0x14, 0xE1, 0xA7, 0x27, 0x33, 0x36, + 0x63, 0xC4, 0xA5, 0xCD, 0x1A, 0x0F, 0x88, 0x36, + 0xCF, 0x7B, 0x5C, 0x49, 0xAC, 0x51, 0x48, 0x5C, + 0xA6, 0x03, 0x45, 0xC9, 0x90, 0xE0, 0x68, 0x88, + 0x72, 0x00, 0x03, 0x73, 0x13, 0x22, 0xC5, 0xB8, + 0xCD, 0x5E, 0x69, 0x07, 0xFD, 0xA1, 0x15, 0x7F, + 0x46, 0x8F, 0xD3, 0xFC, 0x20, 0xFA, 0x81, 0x75, + 0xEE, 0xC9, 0x5C, 0x29, 0x1A, 0x26, 0x2B, 0xA8, + 0xC5, 0xBE, 0x99, 0x08, 0x72, 0x41, 0x89, 0x30, + 0x85, 0x23, 0x39, 0xD8, 0x8A, 0x19, 0xB3, 0x7F, + 0xEF, 0xA3, 0xCF, 0xE8, 0x21, 0x75, 0xC2, 0x24, + 0x40, 0x7C, 0xA4, 0x14, 0xBA, 0xEB, 0x37, 0x92, + 0x3B, 0x4D, 0x2D, 0x83, 0x13, 0x4A, 0xE1, 0x54, + 0xE4, 0x90, 0xA9, 0xB4, 0x5A, 0x05, 0x63, 0xB0, + 0x6C, 0x95, 0x3C, 0x33, 0x01, 0x45, 0x0A, 0x21, + 0x76, 0xA0, 0x7C, 0x61, 0x4A, 0x74, 0xE3, 0x47, + 0x8E, 0x48, 0x50, 0x9F, 0x9A, 0x60, 0xAE, 0x94, + 0x5A, 0x8E, 0xBC, 0x78, 0x15, 0x12, 0x1D, 0x90, + 0xA3, 0xB0, 0xE0, 0x70, 0x91, 0xA0, 0x96, 0xCF, + 0x02, 0xC5, 0x7B, 0x25, 0xBC, 0xA5, 0x81, 0x26, + 0xAD, 0x0C, 0x62, 0x9C, 0xE1, 0x66, 0xA7, 0xED, + 0xB4, 0xB3, 0x32, 0x21, 0xA0, 0xD3, 0xF7, 0x2B, + 0x85, 0xD5, 0x62, 0xEC, 0x69, 0x8B, 0x7D, 0x0A, + 0x91, 0x3D, 0x73, 0x80, 0x6F, 0x1C, 0x5C, 0x87, + 0xB3, 0x8E, 0xC0, 0x03, 0xCB, 0x30, 0x3A, 0x3D, + 0xC5, 0x1B, 0x4B, 0x35, 0x35, 0x6A, 0x67, 0x82, + 0x6D, 0x6E, 0xDA, 0xA8, 0xFE, 0xB9, 0x3B, 0x98, + 0x49, 0x3B, 0x2D, 0x1C, 0x11, 0xB6, 0x76, 0xA6, + 0xAD, 0x95, 0x06, 0xA1, 0xAA, 0xAE, 0x13, 0xA8, + 0x24, 0xC7, 0xC0, 0x8D, 0x1C, 0x6C, 0x2C, 0x4D, + 0xBA, 0x96, 0x42, 0xC7, 0x6E, 0xA7, 0xF6, 0xC8, + 0x26, 0x4B, 0x64, 0xA2, 0x3C, 0xCC, 0xA9, 0xA7, + 0x46, 0x35, 0xFC, 0xBF, 0x03, 0xE0, 0x0F, 0x1B, + 0x57, 0x22, 0xB2, 0x14, 0x37, 0x67, 0x90, 0x79, + 0x3B, 0x2C, 0x4F, 0x0A, 0x13, 0xB5, 0xC4, 0x07, + 0x60, 0xB4, 0x21, 0x8E, 0x1D, 0x25, 0x94, 0xDC, + 0xB3, 0x0A, 0x70, 0xD9, 0xC1, 0x78, 0x2A, 0x5D, + 0xD3, 0x05, 0x76, 0xFA, 0x41, 0x44, 0xBF, 0xC8, + 0x41, 0x6E, 0xDA, 0x81, 0x18, 0xFC, 0x64, 0x72, + 0xF5, 0x6A, 0x97, 0x95, 0x86, 0xF3, 0x3B, 0xB0, + 0x70, 0xFB, 0x0F, 0x1B, 0x0B, 0x10, 0xBC, 0x48, + 0x97, 0xEB, 0xE0, 0x1B, 0xCA, 0x38, 0x93, 0xD4, + 0xE1, 0x6A, 0xDB, 0x25, 0x09, 0x3A, 0x74, 0x17, + 0xD0, 0x70, 0x8C, 0x83, 0xA2, 0x63, 0x22, 0xE2, + 0x2E, 0x63, 0x30, 0x09, 0x1E, 0x30, 0x15, 0x2B, + 0xF8, 0x23, 0x59, 0x7C, 0x04, 0xCC, 0xF4, 0xCF, + 0xC7, 0x33, 0x15, 0x78, 0xF4, 0x3A, 0x27, 0x26, + 0xCC, 0xB4, 0x28, 0x28, 0x9A, 0x90, 0xC8, 0x63, + 0x25, 0x9D, 0xD1, 0x80, 0xC5, 0xFF, 0x14, 0x2B, + 0xEF, 0x41, 0xC7, 0x71, 0x70, 0x94, 0xBE, 0x07, + 0x85, 0x6D, 0xA2, 0xB1, 0x40, 0xFA, 0x67, 0x71, + 0x09, 0x67, 0x35, 0x6A, 0xA4, 0x7D, 0xFB, 0xC8, + 0xD2, 0x55, 0xB4, 0x72, 0x2A, 0xB8, 0x6D, 0x43, + 0x9B, 0x7E, 0x0A, 0x60, 0x90, 0x25, 0x1D, 0x2D, + 0x4C, 0x1E, 0xD5, 0xF2, 0x0B, 0xBE, 0x68, 0x07, + 0xBF, 0x65, 0xA9, 0x0B, 0x7C, 0xB2, 0xEC, 0x01, + 0x02, 0xAF, 0x02, 0x80, 0x9D, 0xC9, 0xAC, 0x7D, + 0x0A, 0x3A, 0xBC, 0x69, 0xC1, 0x83, 0x65, 0xBC, + 0xFF, 0x59, 0x18, 0x5F, 0x33, 0x99, 0x68, 0x87, + 0x74, 0x61, 0x85, 0x90, 0x6C, 0x01, 0x91, 0xAE, + 0xD4, 0x40, 0x7E, 0x13, 0x94, 0x46, 0x45, 0x9B, + 0xE2, 0x9C, 0x68, 0x22, 0x71, 0x76, 0x44, 0x35, + 0x3D, 0x24, 0xAB, 0x63, 0x39, 0x15, 0x6A, 0x9C, + 0x42, 0x49, 0x09, 0xF0, 0xA9, 0x02, 0x5B, 0xB7, + 0x47, 0x20, 0x77, 0x9B, 0xE4, 0x3F, 0x16, 0xD8, + 0x1C, 0x8C, 0xC6, 0x66, 0xE9, 0x97, 0x10, 0xD8, + 0xC6, 0x8B, 0xB5, 0xCC, 0x4E, 0x12, 0xF3, 0x14, + 0xE9, 0x25, 0xA5, 0x51, 0xF0, 0x9C, 0xC5, 0x90, + 0x03, 0xA1, 0xF8, 0x81, 0x03, 0xC2, 0x54, 0xBB, + 0x97, 0x8D, 0x75, 0xF3, 0x94, 0xD3, 0x54, 0x0E, + 0x31, 0xE7, 0x71, 0xCD, 0xA3, 0x6E, 0x39, 0xEC, + 0x54, 0xA6, 0x2B, 0x58, 0x32, 0x66, 0x4D, 0x82, + 0x1A, 0x72, 0xF1, 0xE6, 0xAF, 0xBB, 0xA2, 0x7F, + 0x84, 0x29, 0x5B, 0x26, 0x94, 0xC4, 0x98, 0x49, + 0x8E, 0x81, 0x2B, 0xC8, 0xE9, 0x37, 0x8F, 0xE5, + 0x41, 0xCE, 0xC5, 0x89, 0x1B, 0x25, 0x06, 0x29, + 0x01, 0xCB, 0x72, 0x12, 0xE3, 0xCD, 0xC4, 0x61, + 0x79, 0xEC, 0x5B, 0xCE, 0xC1, 0x0B, 0xC0, 0xB9, + 0x31, 0x1D, 0xE0, 0x50, 0x74, 0x29, 0x06, 0x87, + 0xFD, 0x6A, 0x53, 0x92, 0x67, 0x16, 0x54, 0x28, + 0x4C, 0xD9, 0xC8, 0xCC, 0x3E, 0xBA, 0x80, 0xEB, + 0x3B, 0x66, 0x2E, 0xB5, 0x3E, 0xB7, 0x51, 0x16, + 0x70, 0x4A, 0x1F, 0xEB, 0x5C, 0x2D, 0x05, 0x63, + 0x38, 0x53, 0x28, 0x68, 0xDD, 0xF2, 0x4E, 0xB8, + 0x99, 0x2A, 0xB8, 0x56, 0x5D, 0x9E, 0x49, 0x0C, + 0xAD, 0xF1, 0x48, 0x04, 0x36, 0x0D, 0xAA, 0x90, + 0x71, 0x8E, 0xAB, 0x61, 0x6B, 0xAB, 0x07, 0x65, + 0xD3, 0x39, 0x87, 0xB4, 0x7E, 0xFB, 0x65, 0x99, + 0xC5, 0x56, 0x32, 0x35, 0xE6, 0x1E, 0x4B, 0xE6, + 0x70, 0xE9, 0x79, 0x55, 0xAB, 0x29, 0x2D, 0x97, + 0x32, 0xCB, 0x89, 0x30, 0x94, 0x8A, 0xC8, 0x2D, + 0xF2, 0x30, 0xAC, 0x72, 0x29, 0x7A, 0x23, 0x67, + 0x9D, 0x6B, 0x94, 0xC1, 0x7F, 0x13, 0x59, 0x48, + 0x32, 0x54, 0xFE, 0xDC, 0x2F, 0x05, 0x81, 0x9F, + 0x0D, 0x06, 0x9A, 0x44, 0x3B, 0x78, 0xE3, 0xFC, + 0x6C, 0x3E, 0xF4, 0x71, 0x4B, 0x05, 0xA3, 0xFC, + 0xA8, 0x1C, 0xBB, 0xA6, 0x02, 0x42, 0xA7, 0x06, + 0x0C, 0xD8, 0x85, 0xD8, 0xF3, 0x99, 0x81, 0xBB, + 0x18, 0x09, 0x2B, 0x23, 0xDA, 0xA5, 0x9F, 0xD9, + 0x57, 0x83, 0x88, 0x68, 0x8A, 0x09, 0xBB, 0xA0, + 0x79, 0xBC, 0x80, 0x9A, 0x54, 0x84, 0x3A, 0x60, + 0x38, 0x5E, 0x23, 0x10, 0xBB, 0xCB, 0xCC, 0x02, + 0x13, 0xCE, 0x3D, 0xFA, 0xAB, 0x33, 0xB4, 0x7F, + 0x9D, 0x63, 0x05, 0xBC, 0x95, 0xC6, 0x10, 0x78, + 0x13, 0xC5, 0x85, 0xC4, 0xB6, 0x57, 0xBF, 0x30, + 0x54, 0x28, 0x33, 0xB1, 0x49, 0x49, 0xF5, 0x73, + 0xC0, 0x61, 0x2A, 0xD5, 0x24, 0xBA, 0xAE, 0x69, + 0x59, 0x0C, 0x12, 0x77, 0xB8, 0x6C, 0x28, 0x65, + 0x71, 0xBF, 0x66, 0xB3, 0xCF, 0xF4, 0x6A, 0x38, + 0x58, 0xC0, 0x99, 0x06, 0xA7, 0x94, 0xDF, 0x4A, + 0x06, 0xE9, 0xD4, 0xB0, 0xA2, 0xE4, 0x3F, 0x10, + 0xF7, 0x2A, 0x6C, 0x6C, 0x47, 0xE5, 0x64, 0x6E, + 0x2C, 0x79, 0x9B, 0x71, 0xC3, 0x3E, 0xD2, 0xF0, + 0x1E, 0xEB, 0x45, 0x93, 0x8E, 0xB7, 0xA4, 0xE2, + 0xE2, 0x90, 0x8C, 0x53, 0x55, 0x8A, 0x54, 0x0D, + 0x35, 0x03, 0x69, 0xFA, 0x18, 0x9C, 0x61, 0x69, + 0x43, 0xF7, 0x98, 0x1D, 0x76, 0x18, 0xCF, 0x02, + 0xA5, 0xB0, 0xA2, 0xBC, 0xC4, 0x22, 0xE8, 0x57, + 0xD1, 0xA4, 0x78, 0x71, 0x25, 0x3D, 0x08, 0x29, + 0x3C, 0x1C, 0x17, 0x9B, 0xCD, 0xC0, 0x43, 0x70, + 0x69, 0x10, 0x74, 0x18, 0x20, 0x5F, 0xDB, 0x98, + 0x56, 0x62, 0x3B, 0x8C, 0xA6, 0xB6, 0x94, 0xC9, + 0x6C, 0x08, 0x4B, 0x17, 0xF1, 0x3B, 0xB6, 0xDF, + 0x12, 0xB2, 0xCF, 0xBB, 0xC2, 0xB0, 0xE0, 0xC3, + 0x4B, 0x00, 0xD0, 0xFC, 0xD0, 0xAE, 0xCF, 0xB2, + 0x79, 0x24, 0xF6, 0x98, 0x4E, 0x74, 0x7B, 0xE2, + 0xA0, 0x9D, 0x83, 0xA8, 0x66, 0x45, 0x90, 0xA8, + 0x07, 0x73, 0x31, 0x49, 0x1A, 0x4F, 0x7D, 0x72, + 0x08, 0x43, 0xF2, 0x3E, 0x65, 0x2C, 0x6F, 0xA8, + 0x40, 0x30, 0x8D, 0xB4, 0x02, 0x03, 0x37, 0xAA, + 0xD3, 0x79, 0x67, 0x03, 0x4A, 0x9F, 0xB5, 0x23, + 0xB6, 0x7C, 0xA7, 0x03, 0x30, 0xF0, 0x2D, 0x9E, + 0xA2, 0x0C, 0x1E, 0x84, 0xCB, 0x8E, 0x57, 0x57, + 0xC9, 0xE1, 0x89, 0x6B, 0x60, 0x58, 0x14, 0x41, + 0xED, 0x61, 0x8A, 0xA5, 0xB2, 0x6D, 0xA5, 0x6C, + 0x0A, 0x5A, 0x73, 0xC4, 0xDC, 0xFD, 0x75, 0x5E, + 0x61, 0x0B, 0x4F, 0xC8, 0x1F, 0xF8, 0x4E, 0x21, + 0xD2, 0xE5, 0x74, 0xDF, 0xD8, 0xCD, 0x0A, 0xE8, + 0x93, 0xAA, 0x7E, 0x12, 0x5B, 0x44, 0xB9, 0x24, + 0xF4, 0x52, 0x23, 0xEC, 0x09, 0xF2, 0xAD, 0x11, + 0x41, 0xEA, 0x93, 0xA6, 0x80, 0x50, 0xDB, 0xF6, + 0x99, 0xE3, 0x24, 0x68, 0x84, 0x18, 0x1F, 0x8E, + 0x1D, 0xD4, 0x4E, 0x0C, 0x76, 0x29, 0x09, 0x33, + 0x30, 0x22, 0x1F, 0xD6, 0x7D, 0x9B, 0x7D, 0x6E, + 0x15, 0x10, 0xB2, 0xDB, 0xAD, 0x87, 0x62, 0xF7 + }; +#endif + static byte pubKey[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE]; + static byte privKey[WC_ML_KEM_MAX_PRIVATE_KEY_SIZE]; + + key = (MlKemKey*)XMALLOC(sizeof(MlKemKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + if (key != NULL) { + XMEMSET(key, 0, sizeof(MlKemKey)); + } + +#ifndef WOLFSSL_NO_ML_KEM_512 + ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_512, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_MlKemKey_MakeKeyWithRandom(key, seed_512, sizeof(seed_512)), + 0); + ExpectIntEQ(wc_MlKemKey_EncodePublicKey(key, pubKey, + WC_ML_KEM_512_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(wc_MlKemKey_EncodePrivateKey(key, privKey, + WC_ML_KEM_512_PRIVATE_KEY_SIZE), 0); + ExpectIntEQ(XMEMCMP(pubKey, ek_512, WC_ML_KEM_512_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(XMEMCMP(privKey, dk_512, WC_ML_KEM_512_PRIVATE_KEY_SIZE), 0); + wc_MlKemKey_Free(key); +#endif +#ifndef WOLFSSL_NO_ML_KEM_768 + ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_768, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_MlKemKey_MakeKeyWithRandom(key, seed_768, sizeof(seed_768)), + 0); + ExpectIntEQ(wc_MlKemKey_EncodePublicKey(key, pubKey, + WC_ML_KEM_768_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(wc_MlKemKey_EncodePrivateKey(key, privKey, + WC_ML_KEM_768_PRIVATE_KEY_SIZE), 0); + ExpectIntEQ(XMEMCMP(pubKey, ek_768, WC_ML_KEM_768_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(XMEMCMP(privKey, dk_768, WC_ML_KEM_768_PRIVATE_KEY_SIZE), 0); + wc_MlKemKey_Free(key); +#endif +#ifndef WOLFSSL_NO_ML_KEM_1024 + ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_1024, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_MlKemKey_MakeKeyWithRandom(key, seed_1024, + sizeof(seed_1024)), 0); + ExpectIntEQ(wc_MlKemKey_EncodePublicKey(key, pubKey, + WC_ML_KEM_1024_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(wc_MlKemKey_EncodePrivateKey(key, privKey, + WC_ML_KEM_1024_PRIVATE_KEY_SIZE), 0); + ExpectIntEQ(XMEMCMP(pubKey, ek_1024, WC_ML_KEM_1024_PUBLIC_KEY_SIZE), 0); + ExpectIntEQ(XMEMCMP(privKey, dk_1024, WC_ML_KEM_1024_PRIVATE_KEY_SIZE), 0); + wc_MlKemKey_Free(key); +#endif + + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +int test_wc_mlkem_encapsulate_kats(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_HAVE_MLKEM) && defined(WOLFSSL_WC_MLKEM) && \ + !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) + MlKemKey* key; +#ifndef WOLFSSL_NO_ML_KEM_512 + static const byte ek_512[WC_ML_KEM_512_PUBLIC_KEY_SIZE] = { + 0xDD, 0x19, 0x24, 0x93, 0x5A, 0xA8, 0xE6, 0x17, + 0xAF, 0x18, 0xB5, 0xA0, 0x65, 0xAC, 0x45, 0x72, + 0x77, 0x67, 0xEE, 0x89, 0x7C, 0xF4, 0xF9, 0x44, + 0x2B, 0x2A, 0xCE, 0x30, 0xC0, 0x23, 0x7B, 0x30, + 0x7D, 0x3E, 0x76, 0xBF, 0x8E, 0xEB, 0x78, 0xAD, + 0xDC, 0x4A, 0xAC, 0xD1, 0x64, 0x63, 0xD8, 0x60, + 0x2F, 0xD5, 0x48, 0x7B, 0x63, 0xC8, 0x8B, 0xB6, + 0x60, 0x27, 0xF3, 0x7D, 0x0D, 0x61, 0x4D, 0x6F, + 0x9C, 0x24, 0x60, 0x3C, 0x42, 0x94, 0x76, 0x64, + 0xAC, 0x43, 0x98, 0xC6, 0xC5, 0x23, 0x83, 0x46, + 0x9B, 0x4F, 0x97, 0x77, 0xE5, 0xEC, 0x72, 0x06, + 0x21, 0x0F, 0x3E, 0x5A, 0x79, 0x6B, 0xF4, 0x5C, + 0x53, 0x26, 0x8E, 0x25, 0xF3, 0x9A, 0xC2, 0x61, + 0xAF, 0x3B, 0xFA, 0x2E, 0xE7, 0x55, 0xBE, 0xB8, + 0xB6, 0x7A, 0xB3, 0xAC, 0x8D, 0xF6, 0xC6, 0x29, + 0xC1, 0x17, 0x6E, 0x9E, 0x3B, 0x96, 0x5E, 0x93, + 0x69, 0xF9, 0xB3, 0xB9, 0x2A, 0xD7, 0xC2, 0x09, + 0x55, 0x64, 0x1D, 0x99, 0x52, 0x6F, 0xE7, 0xB9, + 0xFE, 0x8C, 0x85, 0x08, 0x20, 0x27, 0x5C, 0xD9, + 0x64, 0x84, 0x92, 0x50, 0x09, 0x07, 0x33, 0xCE, + 0x12, 0x4E, 0xCF, 0x31, 0x66, 0x24, 0x37, 0x4B, + 0xD1, 0x8B, 0x7C, 0x35, 0x8C, 0x06, 0xE9, 0xC1, + 0x36, 0xEE, 0x12, 0x59, 0xA9, 0x24, 0x5A, 0xBC, + 0x55, 0xB9, 0x64, 0xD6, 0x89, 0xF5, 0xA0, 0x82, + 0x92, 0xD2, 0x82, 0x65, 0x65, 0x8E, 0xBB, 0x40, + 0xCB, 0xFE, 0x48, 0x8A, 0x22, 0x28, 0x27, 0x55, + 0x90, 0xAB, 0x9F, 0x32, 0xA3, 0x41, 0x09, 0x70, + 0x9C, 0x1C, 0x29, 0x1D, 0x4A, 0x23, 0x33, 0x72, + 0x74, 0xC7, 0xA5, 0xA5, 0x99, 0x1C, 0x7A, 0x87, + 0xB8, 0x1C, 0x97, 0x4A, 0xB1, 0x8C, 0xE7, 0x78, + 0x59, 0xE4, 0x99, 0x5E, 0x7C, 0x14, 0xF0, 0x37, + 0x17, 0x48, 0xB7, 0x71, 0x2F, 0xB5, 0x2C, 0x59, + 0x66, 0xCD, 0x63, 0x06, 0x3C, 0x4F, 0x3B, 0x81, + 0xB4, 0x7C, 0x45, 0xDD, 0xE8, 0x3F, 0xB3, 0xA2, + 0x72, 0x40, 0x29, 0xB1, 0x0B, 0x32, 0x30, 0x21, + 0x4C, 0x04, 0xFA, 0x05, 0x77, 0xFC, 0x29, 0xAC, + 0x90, 0x86, 0xAE, 0x18, 0xC5, 0x3B, 0x3E, 0xD4, + 0x4E, 0x50, 0x74, 0x12, 0xFC, 0xA0, 0x4B, 0x4F, + 0x53, 0x8A, 0x51, 0x58, 0x8E, 0xC1, 0xF1, 0x02, + 0x9D, 0x15, 0x2D, 0x9A, 0xE7, 0x73, 0x5F, 0x76, + 0xA0, 0x77, 0xAA, 0x94, 0x84, 0x38, 0x0A, 0xED, + 0x91, 0x89, 0xE5, 0x91, 0x24, 0x87, 0xFC, 0xC5, + 0xB7, 0xC7, 0x01, 0x2D, 0x92, 0x23, 0xDD, 0x96, + 0x7E, 0xEC, 0xDA, 0xC3, 0x00, 0x8A, 0x89, 0x31, + 0xB6, 0x48, 0x24, 0x35, 0x37, 0xF5, 0x48, 0xC1, + 0x71, 0x69, 0x8C, 0x5B, 0x38, 0x1D, 0x84, 0x6A, + 0x72, 0xE5, 0xC9, 0x2D, 0x42, 0x26, 0xC5, 0xA8, + 0x90, 0x98, 0x84, 0xF1, 0xC4, 0xA3, 0x40, 0x4C, + 0x17, 0x20, 0xA5, 0x27, 0x94, 0x14, 0xD7, 0xF2, + 0x7B, 0x2B, 0x98, 0x26, 0x52, 0xB6, 0x74, 0x02, + 0x19, 0xC5, 0x6D, 0x21, 0x77, 0x80, 0xD7, 0xA5, + 0xE5, 0xBA, 0x59, 0x83, 0x63, 0x49, 0xF7, 0x26, + 0x88, 0x1D, 0xEA, 0x18, 0xEF, 0x75, 0xC0, 0x77, + 0x2A, 0x8B, 0x92, 0x27, 0x66, 0x95, 0x37, 0x18, + 0xCA, 0xCC, 0x14, 0xCC, 0xBA, 0xCB, 0x5F, 0xC4, + 0x12, 0xA2, 0xD0, 0xBE, 0x52, 0x18, 0x17, 0x64, + 0x5A, 0xB2, 0xBF, 0x6A, 0x47, 0x85, 0xE9, 0x2B, + 0xC9, 0x4C, 0xAF, 0x47, 0x7A, 0x96, 0x78, 0x76, + 0x79, 0x6C, 0x0A, 0x51, 0x90, 0x31, 0x5A, 0xC0, + 0x88, 0x56, 0x71, 0xA4, 0xC7, 0x49, 0x56, 0x4C, + 0x3B, 0x2C, 0x7A, 0xED, 0x90, 0x64, 0xEB, 0xA2, + 0x99, 0xEF, 0x21, 0x4B, 0xA2, 0xF4, 0x04, 0x93, + 0x66, 0x7C, 0x8B, 0xD0, 0x32, 0xAE, 0xC5, 0x62, + 0x17, 0x11, 0xB4, 0x1A, 0x38, 0x52, 0xC5, 0xC2, + 0xBA, 0xB4, 0xA3, 0x49, 0xCE, 0x4B, 0x7F, 0x08, + 0x5A, 0x81, 0x2B, 0xBB, 0xC8, 0x20, 0xB8, 0x1B, + 0xEF, 0xE6, 0x3A, 0x05, 0xB8, 0xBC, 0xDF, 0xE9, + 0xC2, 0xA7, 0x0A, 0x8B, 0x1A, 0xCA, 0x9B, 0xF9, + 0x81, 0x64, 0x81, 0x90, 0x7F, 0xF4, 0x43, 0x24, + 0x61, 0x11, 0x12, 0x87, 0x30, 0x3F, 0x0B, 0xD8, + 0x17, 0xC0, 0x57, 0x26, 0xBF, 0xA1, 0x8A, 0x2E, + 0x24, 0xC7, 0x72, 0x49, 0x21, 0x02, 0x80, 0x32, + 0xF6, 0x22, 0xBD, 0x96, 0x0A, 0x31, 0x7D, 0x83, + 0xB3, 0x56, 0xB5, 0x7F, 0x4A, 0x80, 0x04, 0x49, + 0x9C, 0xBC, 0x73, 0xC9, 0x7D, 0x1E, 0xB7, 0x74, + 0x59, 0x72, 0x63, 0x1C, 0x05, 0x61, 0xC1, 0xA3, + 0xAB, 0x6E, 0xF9, 0x1B, 0xD3, 0x63, 0x28, 0x0A, + 0x10, 0x54, 0x5D, 0xA6, 0x93, 0xE6, 0xD5, 0x8A, + 0xED, 0x68, 0x45, 0xE7, 0xCC, 0x5F, 0x0D, 0x08, + 0xCA, 0x79, 0x05, 0x05, 0x2C, 0x77, 0x36, 0x6D, + 0x19, 0x72, 0xCC, 0xFC, 0xC1, 0xA2, 0x76, 0x10, + 0xCB, 0x54, 0x36, 0x65, 0xAA, 0x79, 0x8E, 0x20, + 0x94, 0x01, 0x28, 0xB9, 0x56, 0x7A, 0x7E, 0xDB, + 0x7A, 0x90, 0x04, 0x07, 0xC7, 0x0D, 0x35, 0x94, + 0x38, 0x43, 0x5E, 0x13, 0x96, 0x16, 0x08, 0xD5, + 0x52, 0xA9, 0x4C, 0x5C, 0xDA, 0x78, 0x59, 0x22, + 0x05, 0x09, 0xB4, 0x83, 0xC5, 0xC5, 0x2A, 0x21, + 0x0E, 0x9C, 0x81, 0x2B, 0xC0, 0xC2, 0x32, 0x8C, + 0xA0, 0x0E, 0x78, 0x9A, 0x56, 0xB2, 0x60, 0x6B, + 0x90, 0x29, 0x2E, 0x35, 0x43, 0xDA, 0xCA, 0xA2, + 0x43, 0x18, 0x41, 0xD6, 0x1A, 0x22, 0xCA, 0x90, + 0xC1, 0xCC, 0xF0, 0xB5, 0xB4, 0xE0, 0xA6, 0xF6, + 0x40, 0x53, 0x6D, 0x1A, 0x26, 0xAB, 0x5B, 0x8D, + 0x21, 0x51, 0x32, 0x79, 0x28, 0xCE, 0x02, 0x90, + 0x4C, 0xF1, 0xD1, 0x5E, 0x32, 0x78, 0x8A, 0x95, + 0xF6, 0x2D, 0x3C, 0x27, 0x0B, 0x6F, 0xA1, 0x50, + 0x8F, 0x97, 0xB9, 0x15, 0x5A, 0x27, 0x26, 0xD8, + 0x0A, 0x1A, 0xFA, 0x3C, 0x53, 0x87, 0xA2, 0x76, + 0xA4, 0xD0, 0x31, 0xA0, 0x8A, 0xBF, 0x4F, 0x2E, + 0x74, 0xF1, 0xA0, 0xBB, 0x8A, 0x0F, 0xD3, 0xCB + }; + static const byte seed_512[WC_ML_KEM_ENC_RAND_SZ] = { + 0x6F, 0xF0, 0x2E, 0x1D, 0xC7, 0xFD, 0x91, 0x1B, + 0xEE, 0xE0, 0xC6, 0x92, 0xC8, 0xBD, 0x10, 0x0C, + 0x3E, 0x5C, 0x48, 0x96, 0x4D, 0x31, 0xDF, 0x92, + 0x99, 0x42, 0x18, 0xE8, 0x06, 0x64, 0xA6, 0xCA + }; + static const byte c_512[WC_ML_KEM_512_CIPHER_TEXT_SIZE] = { + 0x19, 0xC5, 0x92, 0x50, 0x59, 0x07, 0xC2, 0x4C, + 0x5F, 0xA2, 0xEB, 0xFA, 0x93, 0x2D, 0x2C, 0xBB, + 0x48, 0xF3, 0xE4, 0x34, 0x0A, 0x28, 0xF7, 0xEB, + 0xA5, 0xD0, 0x68, 0xFC, 0xAC, 0xAB, 0xED, 0xF7, + 0x77, 0x84, 0xE2, 0xB2, 0x4D, 0x79, 0x61, 0x77, + 0x5F, 0x0B, 0xF1, 0xA9, 0x97, 0xAE, 0x8B, 0xA9, + 0xFC, 0x43, 0x11, 0xBE, 0x63, 0x71, 0x67, 0x79, + 0xC2, 0xB7, 0x88, 0xF8, 0x12, 0xCB, 0xB7, 0x8C, + 0x74, 0xE7, 0x51, 0x7E, 0x22, 0xE9, 0x10, 0xEF, + 0xF5, 0xF3, 0x8D, 0x44, 0x46, 0x9C, 0x50, 0xDE, + 0x16, 0x75, 0xAE, 0x19, 0x8F, 0xD6, 0xA2, 0x89, + 0xAE, 0x7E, 0x6C, 0x30, 0xA9, 0xD4, 0x35, 0x1B, + 0x3D, 0x1F, 0x4C, 0x36, 0xEF, 0xF9, 0xC6, 0x8D, + 0xA9, 0x1C, 0x40, 0xB8, 0x2D, 0xC9, 0xB2, 0x79, + 0x9A, 0x33, 0xA2, 0x6B, 0x60, 0xA4, 0xE7, 0x0D, + 0x71, 0x01, 0x86, 0x27, 0x79, 0x46, 0x9F, 0x3A, + 0x9D, 0xAE, 0xC8, 0xE3, 0xE8, 0xF8, 0xC6, 0xA1, + 0x6B, 0xF0, 0x92, 0xFB, 0xA5, 0x86, 0x61, 0x86, + 0xB8, 0xD2, 0x08, 0xFD, 0xEB, 0x27, 0x4A, 0xC1, + 0xF8, 0x29, 0x65, 0x9D, 0xC2, 0xBE, 0x4A, 0xC4, + 0xF3, 0x06, 0xCB, 0x55, 0x84, 0xBA, 0xD1, 0x93, + 0x6A, 0x92, 0xC9, 0xB7, 0x68, 0x19, 0x23, 0x42, + 0x81, 0xBB, 0x39, 0x58, 0x41, 0xC2, 0x57, 0x56, + 0x08, 0x6E, 0xA5, 0x64, 0xCA, 0x3E, 0x22, 0x7E, + 0x3D, 0x9F, 0x10, 0x52, 0xC0, 0x76, 0x6D, 0x2E, + 0xB7, 0x9A, 0x47, 0xC1, 0x50, 0x72, 0x1E, 0x0D, + 0xEA, 0x7C, 0x00, 0x69, 0xD5, 0x51, 0xB2, 0x64, + 0x80, 0x1B, 0x77, 0x27, 0xEC, 0xAF, 0x82, 0xEE, + 0xCB, 0x99, 0xA8, 0x76, 0xFD, 0xA0, 0x90, 0xBF, + 0x6C, 0x3F, 0xC6, 0xB1, 0x09, 0xF1, 0x70, 0x14, + 0x85, 0xF0, 0x3C, 0xE6, 0x62, 0x74, 0xB8, 0x43, + 0x5B, 0x0A, 0x01, 0x4C, 0xFB, 0x3E, 0x79, 0xCC, + 0xED, 0x67, 0x05, 0x7B, 0x5A, 0xE2, 0xAD, 0x7F, + 0x52, 0x79, 0xEB, 0x71, 0x49, 0x42, 0xE4, 0xC1, + 0xCC, 0xFF, 0x7E, 0x85, 0xC0, 0xDB, 0x43, 0xE5, + 0xD4, 0x12, 0x89, 0x20, 0x73, 0x63, 0xB4, 0x44, + 0xBB, 0x51, 0xBB, 0x8A, 0xB0, 0x37, 0x1E, 0x70, + 0xCB, 0xD5, 0x5F, 0x0F, 0x3D, 0xAD, 0x40, 0x3E, + 0x10, 0x51, 0x76, 0xE3, 0xE8, 0xA2, 0x25, 0xD8, + 0x4A, 0xC8, 0xBE, 0xE3, 0x8C, 0x82, 0x1E, 0xE0, + 0xF5, 0x47, 0x43, 0x11, 0x45, 0xDC, 0xB3, 0x13, + 0x92, 0x86, 0xAB, 0xB1, 0x17, 0x94, 0xA4, 0x3A, + 0x3C, 0x1B, 0x52, 0x29, 0xE4, 0xBC, 0xFE, 0x95, + 0x9C, 0x78, 0xAD, 0xAE, 0xE2, 0xD5, 0xF2, 0x49, + 0x7B, 0x5D, 0x24, 0xBC, 0x21, 0xFA, 0x03, 0xA9, + 0xA5, 0x8C, 0x24, 0x55, 0x37, 0x3E, 0xC8, 0x95, + 0x83, 0xE7, 0xE5, 0x88, 0xD7, 0xFE, 0x67, 0x99, + 0x1E, 0xE9, 0x37, 0x83, 0xED, 0x4A, 0x6F, 0x9E, + 0xEA, 0xE0, 0x4E, 0x64, 0xE2, 0xE1, 0xE0, 0xE6, + 0x99, 0xF6, 0xDC, 0x9C, 0x5D, 0x39, 0xEF, 0x92, + 0x78, 0xC9, 0x85, 0xE7, 0xFD, 0xF2, 0xA7, 0x64, + 0xFF, 0xD1, 0xA0, 0xB9, 0x57, 0x92, 0xAD, 0x68, + 0x1E, 0x93, 0x0D, 0x76, 0xDF, 0x4E, 0xFE, 0x5D, + 0x65, 0xDB, 0xBD, 0x0F, 0x14, 0x38, 0x48, 0x1E, + 0xD8, 0x33, 0xAD, 0x49, 0x46, 0xAD, 0x1C, 0x69, + 0xAD, 0x21, 0xDD, 0x7C, 0x86, 0x18, 0x57, 0x74, + 0x42, 0x6F, 0x3F, 0xCF, 0x53, 0xB5, 0x2A, 0xD4, + 0xB4, 0x0D, 0x22, 0x8C, 0xE1, 0x24, 0x07, 0x2F, + 0x59, 0x2C, 0x7D, 0xAA, 0x05, 0x7F, 0x17, 0xD7, + 0x90, 0xA5, 0xBD, 0x5B, 0x93, 0x83, 0x4D, 0x58, + 0xC0, 0x8C, 0x88, 0xDC, 0x8F, 0x0E, 0xF4, 0x88, + 0x15, 0x64, 0x25, 0xB7, 0x44, 0x65, 0x4E, 0xAC, + 0xA9, 0xD6, 0x48, 0x58, 0xA4, 0xD6, 0xCE, 0xB4, + 0x78, 0x79, 0x51, 0x94, 0xBF, 0xAD, 0xB1, 0x8D, + 0xC0, 0xEA, 0x05, 0x4F, 0x97, 0x71, 0x21, 0x5A, + 0xD3, 0xCB, 0x1F, 0xD0, 0x31, 0xD7, 0xBE, 0x45, + 0x98, 0x62, 0x19, 0x26, 0x47, 0x8D, 0x37, 0x5A, + 0x18, 0x45, 0xAA, 0x91, 0xD7, 0xC7, 0x33, 0xF8, + 0xF0, 0xE1, 0x88, 0xC8, 0x38, 0x96, 0xED, 0xF8, + 0x3B, 0x86, 0x46, 0xC9, 0x9E, 0x29, 0xC0, 0xDA, + 0x22, 0x90, 0xE7, 0x1C, 0x3D, 0x2E, 0x97, 0x07, + 0x20, 0xC9, 0x7B, 0x5B, 0x7F, 0x95, 0x04, 0x86, + 0x03, 0x3C, 0x6A, 0x25, 0x71, 0xDD, 0xF2, 0xBC, + 0xCD, 0xAB, 0xB2, 0xDF, 0xA5, 0xFC, 0xE4, 0xC3, + 0xA1, 0x88, 0x46, 0x06, 0x04, 0x1D, 0x18, 0x1C, + 0x72, 0x87, 0x94, 0xAE, 0x0E, 0x80, 0x6E, 0xCB, + 0x49, 0xAF, 0x16, 0x75, 0x6A, 0x4C, 0xE7, 0x3C, + 0x87, 0xBD, 0x42, 0x34, 0xE6, 0x0F, 0x05, 0x53, + 0x5F, 0xA5, 0x92, 0x9F, 0xD5, 0xA3, 0x44, 0x73, + 0x26, 0x64, 0x01, 0xF6, 0x3B, 0xBD, 0x6B, 0x90, + 0xE0, 0x03, 0x47, 0x2A, 0xC0, 0xCE, 0x88, 0xF1, + 0xB6, 0x66, 0x59, 0x72, 0x79, 0xD0, 0x56, 0xA6, + 0x32, 0xC8, 0xD6, 0xB7, 0x90, 0xFD, 0x41, 0x17, + 0x67, 0x84, 0x8A, 0x69, 0xE3, 0x7A, 0x8A, 0x83, + 0x9B, 0xC7, 0x66, 0xA0, 0x2C, 0xA2, 0xF6, 0x95, + 0xEC, 0x63, 0xF0, 0x56, 0xA4, 0xE2, 0xA1, 0x14, + 0xCA, 0xCF, 0x9F, 0xD9, 0x0D, 0x73, 0x0C, 0x97, + 0x0D, 0xB3, 0x87, 0xF6, 0xDE, 0x73, 0x39, 0x5F, + 0x70, 0x1A, 0x1D, 0x95, 0x3B, 0x2A, 0x89, 0xDD, + 0x7E, 0xDA, 0xD4, 0x39, 0xFC, 0x20, 0x5A, 0x54, + 0xA4, 0x81, 0xE8, 0x89, 0xB0, 0x98, 0xD5, 0x25, + 0x56, 0x70, 0xF0, 0x26, 0xB4, 0xA2, 0xBF, 0x02, + 0xD2, 0xBD, 0xDE, 0x87, 0xC7, 0x66, 0xB2, 0x5F, + 0xC5, 0xE0, 0xFD, 0x45, 0x37, 0x57, 0xE7, 0x56, + 0xD1, 0x8C, 0x8C, 0xD9, 0x12, 0xF9, 0xA7, 0x7F, + 0x8E, 0x6B, 0xF0, 0x20, 0x53, 0x74, 0xB4, 0x62 + }; + static const byte k_512[WC_ML_KEM_SS_SZ] = { + 0x0B, 0xF3, 0x23, 0x33, 0x8D, 0x6F, 0x0A, 0x21, + 0xD5, 0x51, 0x4B, 0x67, 0x3C, 0xD1, 0x0B, 0x71, + 0x4C, 0xE6, 0xE3, 0x6F, 0x35, 0xBC, 0xD1, 0xBF, + 0x54, 0x41, 0x96, 0x36, 0x8E, 0xE5, 0x1A, 0x13 + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM_768 + static const byte ek_768[WC_ML_KEM_768_PUBLIC_KEY_SIZE] = { + 0x89, 0xD2, 0xCB, 0x65, 0xF9, 0x4D, 0xCB, 0xFC, + 0x89, 0x0E, 0xFC, 0x7D, 0x0E, 0x5A, 0x7A, 0x38, + 0x34, 0x4D, 0x16, 0x41, 0xA3, 0xD0, 0xB0, 0x24, + 0xD5, 0x07, 0x97, 0xA5, 0xF2, 0x3C, 0x3A, 0x18, + 0xB3, 0x10, 0x1A, 0x12, 0x69, 0x06, 0x9F, 0x43, + 0xA8, 0x42, 0xBA, 0xCC, 0x09, 0x8A, 0x88, 0x21, + 0x27, 0x1C, 0x67, 0x3D, 0xB1, 0xBE, 0xB3, 0x30, + 0x34, 0xE4, 0xD7, 0x77, 0x4D, 0x16, 0x63, 0x5C, + 0x7C, 0x2C, 0x3C, 0x27, 0x63, 0x45, 0x35, 0x38, + 0xBC, 0x16, 0x32, 0xE1, 0x85, 0x15, 0x91, 0xA5, + 0x16, 0x42, 0x97, 0x4E, 0x59, 0x28, 0xAB, 0xB8, + 0xE5, 0x5F, 0xE5, 0x56, 0x12, 0xF9, 0xB1, 0x41, + 0xAF, 0xF0, 0x15, 0x54, 0x53, 0x94, 0xB2, 0x09, + 0x2E, 0x59, 0x09, 0x70, 0xEC, 0x29, 0xA7, 0xB7, + 0xE7, 0xAA, 0x1F, 0xB4, 0x49, 0x3B, 0xF7, 0xCB, + 0x73, 0x19, 0x06, 0xC2, 0xA5, 0xCB, 0x49, 0xE6, + 0x61, 0x48, 0x59, 0x06, 0x4E, 0x19, 0xB8, 0xFA, + 0x26, 0xAF, 0x51, 0xC4, 0x4B, 0x5E, 0x75, 0x35, + 0xBF, 0xDA, 0xC0, 0x72, 0xB6, 0x46, 0xD3, 0xEA, + 0x49, 0x0D, 0x27, 0x7F, 0x0D, 0x97, 0xCE, 0xD4, + 0x73, 0x95, 0xFE, 0xD9, 0x1E, 0x8F, 0x2B, 0xCE, + 0x0E, 0x3C, 0xA1, 0x22, 0xC2, 0x02, 0x5F, 0x74, + 0x06, 0x7A, 0xB9, 0x28, 0xA8, 0x22, 0xB3, 0x56, + 0x53, 0xA7, 0x4F, 0x06, 0x75, 0x76, 0x29, 0xAF, + 0xB1, 0xA1, 0xCA, 0xF2, 0x37, 0x10, 0x0E, 0xA9, + 0x35, 0xE7, 0x93, 0xC8, 0xF5, 0x8A, 0x71, 0xB3, + 0xD6, 0xAE, 0x2C, 0x86, 0x58, 0xB1, 0x01, 0x50, + 0xD4, 0xA3, 0x8F, 0x57, 0x2A, 0x0D, 0x49, 0xD2, + 0x8A, 0xE8, 0x94, 0x51, 0xD3, 0x38, 0x32, 0x6F, + 0xDB, 0x3B, 0x43, 0x50, 0x03, 0x6C, 0x10, 0x81, + 0x11, 0x77, 0x40, 0xED, 0xB8, 0x6B, 0x12, 0x08, + 0x1C, 0x5C, 0x12, 0x23, 0xDB, 0xB5, 0x66, 0x0D, + 0x5B, 0x3C, 0xB3, 0x78, 0x7D, 0x48, 0x18, 0x49, + 0x30, 0x4C, 0x68, 0xBE, 0x87, 0x54, 0x66, 0xF1, + 0x4E, 0xE5, 0x49, 0x5C, 0x2B, 0xD7, 0x95, 0xAE, + 0x41, 0x2D, 0x09, 0x00, 0x2D, 0x65, 0xB8, 0x71, + 0x9B, 0x90, 0xCB, 0xA3, 0x60, 0x3A, 0xC4, 0x95, + 0x8E, 0xA0, 0x3C, 0xC1, 0x38, 0xC8, 0x6F, 0x78, + 0x51, 0x59, 0x31, 0x25, 0x33, 0x47, 0x01, 0xB6, + 0x77, 0xF8, 0x2F, 0x49, 0x52, 0xA4, 0xC9, 0x3B, + 0x5B, 0x4C, 0x13, 0x4B, 0xB4, 0x2A, 0x85, 0x7F, + 0xD1, 0x5C, 0x65, 0x08, 0x64, 0xA6, 0xAA, 0x94, + 0xEB, 0x69, 0x1C, 0x0B, 0x69, 0x1B, 0xE4, 0x68, + 0x4C, 0x1F, 0x5B, 0x74, 0x90, 0x46, 0x7F, 0xC0, + 0x1B, 0x1D, 0x1F, 0xDA, 0x4D, 0xDA, 0x35, 0xC4, + 0xEC, 0xC2, 0x31, 0xBC, 0x73, 0xA6, 0xFE, 0xF4, + 0x2C, 0x99, 0xD3, 0x4E, 0xB8, 0x2A, 0x4D, 0x01, + 0x49, 0x87, 0xB3, 0xE3, 0x86, 0x91, 0x0C, 0x62, + 0x67, 0x9A, 0x11, 0x8F, 0x3C, 0x5B, 0xD9, 0xF4, + 0x67, 0xE4, 0x16, 0x20, 0x42, 0x42, 0x43, 0x57, + 0xDB, 0x92, 0xEF, 0x48, 0x4A, 0x4A, 0x17, 0x98, + 0xC1, 0x25, 0x7E, 0x87, 0x0A, 0x30, 0xCB, 0x20, + 0xAA, 0xA0, 0x33, 0x5D, 0x83, 0x31, 0x4F, 0xE0, + 0xAA, 0x7E, 0x63, 0xA8, 0x62, 0x64, 0x80, 0x41, + 0xA7, 0x2A, 0x63, 0x21, 0x52, 0x32, 0x20, 0xB1, + 0xAC, 0xE9, 0xBB, 0x70, 0x1B, 0x21, 0xAC, 0x12, + 0x53, 0xCB, 0x81, 0x2C, 0x15, 0x57, 0x5A, 0x90, + 0x85, 0xEA, 0xBE, 0xAD, 0xE7, 0x3A, 0x4A, 0xE7, + 0x6E, 0x6A, 0x7B, 0x15, 0x8A, 0x20, 0x58, 0x6D, + 0x78, 0xA5, 0xAC, 0x62, 0x0A, 0x5C, 0x9A, 0xBC, + 0xC9, 0xC0, 0x43, 0x35, 0x0A, 0x73, 0x65, 0x6B, + 0x0A, 0xBE, 0x82, 0x2D, 0xA5, 0xE0, 0xBA, 0x76, + 0x04, 0x5F, 0xAD, 0x75, 0x40, 0x1D, 0x7A, 0x3B, + 0x70, 0x37, 0x91, 0xB7, 0xE9, 0x92, 0x61, 0x71, + 0x0F, 0x86, 0xB7, 0x24, 0x21, 0xD2, 0x40, 0xA3, + 0x47, 0x63, 0x83, 0x77, 0x20, 0x5A, 0x15, 0x2C, + 0x79, 0x41, 0x30, 0xA4, 0xE0, 0x47, 0x74, 0x2B, + 0x88, 0x83, 0x03, 0xBD, 0xDC, 0x30, 0x91, 0x16, + 0x76, 0x4D, 0xE7, 0x42, 0x4C, 0xEB, 0xEA, 0x6D, + 0xB6, 0x53, 0x48, 0xAC, 0x53, 0x7E, 0x01, 0xA9, + 0xCC, 0x56, 0xEA, 0x66, 0x7D, 0x5A, 0xA8, 0x7A, + 0xC9, 0xAA, 0xA4, 0x31, 0x7D, 0x26, 0x2C, 0x10, + 0x14, 0x30, 0x50, 0xB8, 0xD0, 0x7A, 0x72, 0x8C, + 0xA6, 0x33, 0xC1, 0x3E, 0x46, 0x8A, 0xBC, 0xEA, + 0xD3, 0x72, 0xC7, 0x7B, 0x8E, 0xCF, 0x3B, 0x98, + 0x6B, 0x98, 0xC1, 0xE5, 0x58, 0x60, 0xB2, 0xB4, + 0x21, 0x67, 0x66, 0xAD, 0x87, 0x4C, 0x35, 0xED, + 0x72, 0x05, 0x06, 0x87, 0x39, 0x23, 0x02, 0x20, + 0xB5, 0xA2, 0x31, 0x7D, 0x10, 0x2C, 0x59, 0x83, + 0x56, 0xF1, 0x68, 0xAC, 0xBE, 0x80, 0x60, 0x8D, + 0xE4, 0xC9, 0xA7, 0x10, 0xB8, 0xDD, 0x07, 0x07, + 0x8C, 0xD7, 0xC6, 0x71, 0x05, 0x8A, 0xF1, 0xB0, + 0xB8, 0x30, 0x4A, 0x31, 0x4F, 0x7B, 0x29, 0xBE, + 0x78, 0xA9, 0x33, 0xC7, 0xB9, 0x29, 0x44, 0x24, + 0x95, 0x4A, 0x1B, 0xF8, 0xBC, 0x74, 0x5D, 0xE8, + 0x61, 0x98, 0x65, 0x9E, 0x0E, 0x12, 0x25, 0xA9, + 0x10, 0x72, 0x60, 0x74, 0x96, 0x9C, 0x39, 0xA9, + 0x7C, 0x19, 0x24, 0x06, 0x01, 0xA4, 0x6E, 0x01, + 0x3D, 0xCD, 0xCB, 0x67, 0x7A, 0x8C, 0xBD, 0x2C, + 0x95, 0xA4, 0x06, 0x29, 0xC2, 0x56, 0xF2, 0x4A, + 0x32, 0x89, 0x51, 0xDF, 0x57, 0x50, 0x2A, 0xB3, + 0x07, 0x72, 0xCC, 0x7E, 0x5B, 0x85, 0x00, 0x27, + 0xC8, 0x55, 0x17, 0x81, 0xCE, 0x49, 0x85, 0xBD, + 0xAC, 0xF6, 0xB8, 0x65, 0xC1, 0x04, 0xE8, 0xA4, + 0xBC, 0x65, 0xC4, 0x16, 0x94, 0xD4, 0x56, 0xB7, + 0x16, 0x9E, 0x45, 0xAB, 0x3D, 0x7A, 0xCA, 0xBE, + 0xAF, 0xE2, 0x3A, 0xD6, 0xA7, 0xB9, 0x4D, 0x19, + 0x79, 0xA2, 0xF4, 0xC1, 0xCA, 0xE7, 0xCD, 0x77, + 0xD6, 0x81, 0xD2, 0x90, 0xB5, 0xD8, 0xE4, 0x51, + 0xBF, 0xDC, 0xCC, 0xF5, 0x31, 0x0B, 0x9D, 0x12, + 0xA8, 0x8E, 0xC2, 0x9B, 0x10, 0x25, 0x5D, 0x5E, + 0x17, 0xA1, 0x92, 0x67, 0x0A, 0xA9, 0x73, 0x1C, + 0x5C, 0xA6, 0x7E, 0xC7, 0x84, 0xC5, 0x02, 0x78, + 0x1B, 0xE8, 0x52, 0x7D, 0x6F, 0xC0, 0x03, 0xC6, + 0x70, 0x1B, 0x36, 0x32, 0x28, 0x4B, 0x40, 0x30, + 0x7A, 0x52, 0x7C, 0x76, 0x20, 0x37, 0x7F, 0xEB, + 0x0B, 0x73, 0xF7, 0x22, 0xC9, 0xE3, 0xCD, 0x4D, + 0xEC, 0x64, 0x87, 0x6B, 0x93, 0xAB, 0x5B, 0x7C, + 0xFC, 0x4A, 0x65, 0x7F, 0x85, 0x2B, 0x65, 0x92, + 0x82, 0x86, 0x43, 0x84, 0xF4, 0x42, 0xB2, 0x2E, + 0x8A, 0x21, 0x10, 0x93, 0x87, 0xB8, 0xB4, 0x75, + 0x85, 0xFC, 0x68, 0x0D, 0x0B, 0xA4, 0x5C, 0x7A, + 0x8B, 0x1D, 0x72, 0x74, 0xBD, 0xA5, 0x78, 0x45, + 0xD1, 0x00, 0xD0, 0xF4, 0x2A, 0x3B, 0x74, 0x62, + 0x87, 0x73, 0x35, 0x1F, 0xD7, 0xAC, 0x30, 0x5B, + 0x24, 0x97, 0x63, 0x9B, 0xE9, 0x0B, 0x3F, 0x4F, + 0x71, 0xA6, 0xAA, 0x35, 0x61, 0xEE, 0xCC, 0x6A, + 0x69, 0x1B, 0xB5, 0xCB, 0x39, 0x14, 0xD8, 0x63, + 0x4C, 0xA1, 0xE1, 0xAF, 0x54, 0x3C, 0x04, 0x9A, + 0x8C, 0x6E, 0x86, 0x8C, 0x51, 0xF0, 0x42, 0x3B, + 0xD2, 0xD5, 0xAE, 0x09, 0xB7, 0x9E, 0x57, 0xC2, + 0x7F, 0x3F, 0xE3, 0xAE, 0x2B, 0x26, 0xA4, 0x41, + 0xBA, 0xBF, 0xC6, 0x71, 0x8C, 0xE8, 0xC0, 0x5B, + 0x4F, 0xE7, 0x93, 0xB9, 0x10, 0xB8, 0xFB, 0xCB, + 0xBE, 0x7F, 0x10, 0x13, 0x24, 0x2B, 0x40, 0xE0, + 0x51, 0x4D, 0x0B, 0xDC, 0x5C, 0x88, 0xBA, 0xC5, + 0x94, 0xC7, 0x94, 0xCE, 0x51, 0x22, 0xFB, 0xF3, + 0x48, 0x96, 0x81, 0x91, 0x47, 0xB9, 0x28, 0x38, + 0x15, 0x87, 0x96, 0x3B, 0x0B, 0x90, 0x03, 0x4A, + 0xA0, 0x7A, 0x10, 0xBE, 0x17, 0x6E, 0x01, 0xC8, + 0x0A, 0xD6, 0xA4, 0xB7, 0x1B, 0x10, 0xAF, 0x42, + 0x41, 0x40, 0x0A, 0x2A, 0x4C, 0xBB, 0xC0, 0x59, + 0x61, 0xA1, 0x5E, 0xC1, 0x47, 0x4E, 0xD5, 0x1A, + 0x3C, 0xC6, 0xD3, 0x58, 0x00, 0x67, 0x9A, 0x46, + 0x28, 0x09, 0xCA, 0xA3, 0xAB, 0x4F, 0x70, 0x94, + 0xCD, 0x66, 0x10, 0xB4, 0xA7, 0x00, 0xCB, 0xA9, + 0x39, 0xE7, 0xEA, 0xC9, 0x3E, 0x38, 0xC9, 0x97, + 0x55, 0x90, 0x87, 0x27, 0x61, 0x9E, 0xD7, 0x6A, + 0x34, 0xE5, 0x3C, 0x4F, 0xA2, 0x5B, 0xFC, 0x97, + 0x00, 0x82, 0x06, 0x69, 0x7D, 0xD1, 0x45, 0xE5, + 0xB9, 0x18, 0x8E, 0x5B, 0x01, 0x4E, 0x94, 0x16, + 0x81, 0xE1, 0x5F, 0xE3, 0xE1, 0x32, 0xB8, 0xA3, + 0x90, 0x34, 0x74, 0x14, 0x8B, 0xA2, 0x8B, 0x98, + 0x71, 0x11, 0xC9, 0xBC, 0xB3, 0x98, 0x9B, 0xBB, + 0xC6, 0x71, 0xC5, 0x81, 0xB4, 0x4A, 0x49, 0x28, + 0x45, 0xF2, 0x88, 0xE6, 0x21, 0x96, 0xE4, 0x71, + 0xFE, 0xD3, 0xC3, 0x9C, 0x1B, 0xBD, 0xDB, 0x08, + 0x37, 0xD0, 0xD4, 0x70, 0x6B, 0x09, 0x22, 0xC4 + }; + static const byte seed_768[WC_ML_KEM_ENC_RAND_SZ] = { + 0x2C, 0xE7, 0x4A, 0xD2, 0x91, 0x13, 0x35, 0x18, + 0xFE, 0x60, 0xC7, 0xDF, 0x5D, 0x25, 0x1B, 0x9D, + 0x82, 0xAD, 0xD4, 0x84, 0x62, 0xFF, 0x50, 0x5C, + 0x6E, 0x54, 0x7E, 0x94, 0x9E, 0x6B, 0x6B, 0xF7 + }; + static const byte c_768[WC_ML_KEM_768_CIPHER_TEXT_SIZE] = { + 0x56, 0xB4, 0x2D, 0x59, 0x3A, 0xAB, 0x8E, 0x87, + 0x73, 0xBD, 0x92, 0xD7, 0x6E, 0xAB, 0xDD, 0xF3, + 0xB1, 0x54, 0x6F, 0x83, 0x26, 0xF5, 0x7A, 0x7B, + 0x77, 0x37, 0x64, 0xB6, 0xC0, 0xDD, 0x30, 0x47, + 0x0F, 0x68, 0xDF, 0xF8, 0x2E, 0x0D, 0xCA, 0x92, + 0x50, 0x92, 0x74, 0xEC, 0xFE, 0x83, 0xA9, 0x54, + 0x73, 0x5F, 0xDE, 0x6E, 0x14, 0x67, 0x6D, 0xAA, + 0xA3, 0x68, 0x0C, 0x30, 0xD5, 0x24, 0xF4, 0xEF, + 0xA7, 0x9E, 0xD6, 0xA1, 0xF9, 0xED, 0x7E, 0x1C, + 0x00, 0x56, 0x0E, 0x86, 0x83, 0x53, 0x8C, 0x31, + 0x05, 0xAB, 0x93, 0x1B, 0xE0, 0xD2, 0xB2, 0x49, + 0xB3, 0x8C, 0xB9, 0xB1, 0x3A, 0xF5, 0xCE, 0xAF, + 0x78, 0x87, 0xA5, 0x9D, 0xBA, 0x16, 0x68, 0x8A, + 0x7F, 0x28, 0xDE, 0x0B, 0x14, 0xD1, 0x9F, 0x39, + 0x1E, 0xB4, 0x18, 0x32, 0xA5, 0x64, 0x79, 0x41, + 0x6C, 0xCF, 0x94, 0xE9, 0x97, 0x39, 0x0E, 0xD7, + 0x87, 0x8E, 0xEA, 0xFF, 0x49, 0x32, 0x8A, 0x70, + 0xE0, 0xAB, 0x5F, 0xCE, 0x6C, 0x63, 0xC0, 0x9B, + 0x35, 0xF4, 0xE4, 0x59, 0x94, 0xDE, 0x61, 0x5B, + 0x88, 0xBB, 0x72, 0x2F, 0x70, 0xE8, 0x7D, 0x2B, + 0xBD, 0x72, 0xAE, 0x71, 0xE1, 0xEE, 0x90, 0x08, + 0xE4, 0x59, 0xD8, 0xE7, 0x43, 0x03, 0x9A, 0x8D, + 0xDE, 0xB8, 0x74, 0xFC, 0xE5, 0x30, 0x1A, 0x2F, + 0x8C, 0x0E, 0xE8, 0xC2, 0xFE, 0xE7, 0xA4, 0xEE, + 0x68, 0xB5, 0xED, 0x6A, 0x6D, 0x9A, 0xB7, 0x4F, + 0x98, 0xBB, 0x3B, 0xA0, 0xFE, 0x89, 0xE8, 0x2B, + 0xD5, 0xA5, 0x25, 0xC5, 0xE8, 0x79, 0x0F, 0x81, + 0x8C, 0xCC, 0x60, 0x58, 0x77, 0xD4, 0x6C, 0x8B, + 0xDB, 0x5C, 0x33, 0x7B, 0x02, 0x5B, 0xB8, 0x40, + 0xFF, 0x47, 0x18, 0x96, 0xE4, 0x3B, 0xFA, 0x99, + 0xD7, 0x3D, 0xBE, 0x31, 0x80, 0x5C, 0x27, 0xA4, + 0x3E, 0x57, 0xF0, 0x61, 0x8B, 0x3A, 0xE5, 0x22, + 0xA4, 0x64, 0x4E, 0x0D, 0x4E, 0x4C, 0x1C, 0x54, + 0x84, 0x89, 0x43, 0x1B, 0xE5, 0x58, 0xF3, 0xBF, + 0xC5, 0x0E, 0x16, 0x61, 0x7E, 0x11, 0x0D, 0xD7, + 0xAF, 0x9A, 0x6F, 0xD8, 0x3E, 0x3F, 0xBB, 0x68, + 0xC3, 0x04, 0xD1, 0x5F, 0x6C, 0xB7, 0x00, 0xD6, + 0x1D, 0x7A, 0xA9, 0x15, 0xA6, 0x75, 0x1E, 0xA3, + 0xBA, 0x80, 0x22, 0x3E, 0x65, 0x41, 0x32, 0xA2, + 0x09, 0x99, 0xA4, 0x3B, 0xF4, 0x08, 0x59, 0x27, + 0x30, 0xB9, 0xA9, 0x49, 0x96, 0x36, 0xC0, 0x9F, + 0xA7, 0x29, 0xF9, 0xCB, 0x1F, 0x9D, 0x34, 0x42, + 0xF4, 0x73, 0x57, 0xA2, 0xB9, 0xCF, 0x15, 0xD3, + 0x10, 0x3B, 0x9B, 0xF3, 0x96, 0xC2, 0x30, 0x88, + 0xF1, 0x18, 0xED, 0xE3, 0x46, 0xB5, 0xC0, 0x38, + 0x91, 0xCF, 0xA5, 0xD5, 0x17, 0xCE, 0xF8, 0x47, + 0x13, 0x22, 0xE7, 0xE3, 0x10, 0x87, 0xC4, 0xB0, + 0x36, 0xAB, 0xAD, 0x78, 0x4B, 0xFF, 0x72, 0xA9, + 0xB1, 0x1F, 0xA1, 0x98, 0xFA, 0xCB, 0xCB, 0x91, + 0xF0, 0x67, 0xFE, 0xAF, 0x76, 0xFC, 0xFE, 0x53, + 0x27, 0xC1, 0x07, 0x0B, 0x3D, 0xA6, 0x98, 0x84, + 0x00, 0x75, 0x67, 0x60, 0xD2, 0xD1, 0xF0, 0x60, + 0x29, 0x8F, 0x16, 0x83, 0xD5, 0x1E, 0x36, 0x16, + 0xE9, 0x8C, 0x51, 0xC9, 0xC0, 0x3A, 0xA4, 0x2F, + 0x2E, 0x63, 0x36, 0x51, 0xA4, 0x7A, 0xD3, 0xCC, + 0x2A, 0xB4, 0xA8, 0x52, 0xAE, 0x0C, 0x4B, 0x04, + 0xB4, 0xE1, 0xC3, 0xDD, 0x94, 0x44, 0x45, 0xA2, + 0xB1, 0x2B, 0x4F, 0x42, 0xA6, 0x43, 0x51, 0x05, + 0xC0, 0x41, 0x22, 0xFC, 0x35, 0x87, 0xAF, 0xE4, + 0x09, 0xA0, 0x0B, 0x30, 0x8D, 0x63, 0xC5, 0xDD, + 0x81, 0x63, 0x65, 0x45, 0x04, 0xEE, 0xDB, 0xB7, + 0xB5, 0x32, 0x95, 0x77, 0xC3, 0x5F, 0xBE, 0xB3, + 0xF4, 0x63, 0x87, 0x2C, 0xAC, 0x28, 0x14, 0x2B, + 0x3C, 0x12, 0xA7, 0x40, 0xEC, 0x6E, 0xA7, 0xCE, + 0x9A, 0xD7, 0x8C, 0x6F, 0xC8, 0xFE, 0x1B, 0x4D, + 0xF5, 0xFC, 0x55, 0xC1, 0x66, 0x7F, 0x31, 0xF2, + 0x31, 0x2D, 0xA0, 0x77, 0x99, 0xDC, 0x87, 0x0A, + 0x47, 0x86, 0x08, 0x54, 0x9F, 0xED, 0xAF, 0xE0, + 0x21, 0xF1, 0xCF, 0x29, 0x84, 0x18, 0x03, 0x64, + 0xE9, 0x0A, 0xD9, 0x8D, 0x84, 0x56, 0x52, 0xAA, + 0x3C, 0xDD, 0x7A, 0x8E, 0xB0, 0x9F, 0x5E, 0x51, + 0x42, 0x3F, 0xAB, 0x42, 0xA7, 0xB7, 0xBB, 0x4D, + 0x51, 0x48, 0x64, 0xBE, 0x8D, 0x71, 0x29, 0x7E, + 0x9C, 0x3B, 0x17, 0xA9, 0x93, 0xF0, 0xAE, 0x62, + 0xE8, 0xEF, 0x52, 0x63, 0x7B, 0xD1, 0xB8, 0x85, + 0xBD, 0x9B, 0x6A, 0xB7, 0x27, 0x85, 0x4D, 0x70, + 0x3D, 0x8D, 0xC4, 0x78, 0xF9, 0x6C, 0xB8, 0x1F, + 0xCE, 0x4C, 0x60, 0x38, 0x3A, 0xC0, 0x1F, 0xCF, + 0x0F, 0x97, 0x1D, 0x4C, 0x8F, 0x35, 0x2B, 0x7A, + 0x82, 0xE2, 0x18, 0x65, 0x2F, 0x2C, 0x10, 0x6C, + 0xA9, 0x2A, 0xE6, 0x86, 0xBA, 0xCF, 0xCE, 0xF5, + 0xD3, 0x27, 0x34, 0x7A, 0x97, 0xA9, 0xB3, 0x75, + 0xD6, 0x73, 0x41, 0x55, 0x2B, 0xC2, 0xC5, 0x38, + 0x77, 0x8E, 0x0F, 0x98, 0x01, 0x82, 0x3C, 0xCD, + 0xFC, 0xD1, 0xEA, 0xAD, 0xED, 0x55, 0xB1, 0x8C, + 0x97, 0x57, 0xE3, 0xF2, 0x12, 0xB2, 0x88, 0x9D, + 0x38, 0x57, 0xDB, 0x51, 0xF9, 0x81, 0xD1, 0x61, + 0x85, 0xFD, 0x0F, 0x90, 0x08, 0x53, 0xA7, 0x50, + 0x05, 0xE3, 0x02, 0x0A, 0x8B, 0x95, 0xB7, 0xD8, + 0xF2, 0xF2, 0x63, 0x1C, 0x70, 0xD7, 0x8A, 0x95, + 0x7C, 0x7A, 0x62, 0xE1, 0xB3, 0x71, 0x90, 0x70, + 0xAC, 0xD1, 0xFD, 0x48, 0x0C, 0x25, 0xB8, 0x38, + 0x47, 0xDA, 0x02, 0x7B, 0x6E, 0xBB, 0xC2, 0xEE, + 0xC2, 0xDF, 0x22, 0xC8, 0x7F, 0x9B, 0x46, 0xD5, + 0xD7, 0xBA, 0xF1, 0x56, 0xB5, 0x3C, 0xEE, 0x92, + 0x95, 0x72, 0xB9, 0x2C, 0x47, 0x84, 0xC4, 0xE8, + 0x29, 0xF3, 0x44, 0x6A, 0x1F, 0xFE, 0x47, 0xF9, + 0x9D, 0xEC, 0xD0, 0x43, 0x60, 0x29, 0xDD, 0xEB, + 0xD3, 0xED, 0x8E, 0x87, 0xE5, 0xE7, 0x3D, 0x12, + 0x3D, 0xBE, 0x8A, 0x4D, 0xDA, 0xCF, 0x2A, 0xBD, + 0xE8, 0x7F, 0x33, 0xAE, 0x2B, 0x62, 0x1C, 0x0E, + 0xC5, 0xD5, 0xCA, 0xD1, 0x25, 0x9D, 0xEE, 0xC2, + 0xAE, 0xFF, 0x60, 0x88, 0xF0, 0x4F, 0x27, 0xA2, + 0x03, 0x38, 0xB5, 0x76, 0x25, 0x43, 0xE5, 0x10, + 0x08, 0x99, 0xA4, 0xCB, 0xFB, 0x7B, 0x3C, 0xA4, + 0x56, 0xB3, 0xA1, 0x9B, 0x83, 0xA4, 0xC4, 0x32, + 0x23, 0x0C, 0x23, 0xE1, 0xC7, 0xF1, 0x07, 0xC4, + 0xCB, 0x11, 0x21, 0x52, 0xF1, 0xC0, 0xF3, 0x0D, + 0xA0, 0xBB, 0x33, 0xF4, 0xF1, 0x1F, 0x47, 0xEE, + 0xA4, 0x38, 0x72, 0xBA, 0xFA, 0x84, 0xAE, 0x22, + 0x25, 0x6D, 0x70, 0x8E, 0x06, 0x04, 0xDA, 0xDE, + 0x4B, 0x2A, 0x4D, 0xDE, 0x8C, 0xCC, 0xF1, 0x19, + 0x30, 0xE1, 0x35, 0x53, 0x93, 0x4A, 0xE3, 0xEC, + 0xE5, 0x2F, 0x3D, 0x7C, 0xCC, 0x00, 0x28, 0x73, + 0x77, 0x87, 0x9F, 0xE6, 0xB8, 0xEC, 0xE7, 0xEF, + 0x79, 0x42, 0x35, 0x07, 0xC9, 0xDA, 0x33, 0x95, + 0x59, 0xC2, 0x0D, 0xE1, 0xC5, 0x19, 0x55, 0x99, + 0x9B, 0xAE, 0x47, 0x40, 0x1D, 0xC3, 0xCD, 0xFA, + 0xA1, 0xB2, 0x56, 0xD0, 0x9C, 0x7D, 0xB9, 0xFC, + 0x86, 0x98, 0xBF, 0xCE, 0xFA, 0x73, 0x02, 0xD5, + 0x6F, 0xBC, 0xDE, 0x1F, 0xBA, 0xAA, 0x1C, 0x65, + 0x34, 0x54, 0xE6, 0xFD, 0x3D, 0x84, 0xE4, 0xF7, + 0x9A, 0x93, 0x1C, 0x68, 0x1C, 0xBB, 0x6C, 0xB4, + 0x62, 0xB1, 0x0D, 0xAE, 0x11, 0x2B, 0xDF, 0xB7, + 0xF6, 0x5C, 0x7F, 0xDF, 0x6E, 0x5F, 0xC5, 0x94, + 0xEC, 0x3A, 0x47, 0x4A, 0x94, 0xBD, 0x97, 0xE6, + 0xEC, 0x81, 0xF7, 0x1C, 0x23, 0x0B, 0xF7, 0x0C, + 0xA0, 0xF1, 0x3C, 0xE3, 0xDF, 0xFB, 0xD9, 0xFF, + 0x98, 0x04, 0xEF, 0xD8, 0xF3, 0x7A, 0x4D, 0x36, + 0x29, 0xB4, 0x3A, 0x8F, 0x55, 0x54, 0x4E, 0xBC, + 0x5A, 0xC0, 0xAB, 0xD9, 0xA3, 0x3D, 0x79, 0x69, + 0x90, 0x68, 0x34, 0x6A, 0x0F, 0x1A, 0x3A, 0x96, + 0xE1, 0x15, 0xA5, 0xD8, 0x0B, 0xE1, 0x65, 0xB5, + 0x62, 0xD0, 0x82, 0x98, 0x4D, 0x5A, 0xAC, 0xC3, + 0xA2, 0x30, 0x19, 0x81, 0xA6, 0x41, 0x8F, 0x8B, + 0xA7, 0xD7, 0xB0, 0xD7, 0xCA, 0x58, 0x75, 0xC6 + }; + static const byte k_768[WC_ML_KEM_SS_SZ] = { + 0x26, 0x96, 0xD2, 0x8E, 0x9C, 0x61, 0xC2, 0xA0, + 0x1C, 0xE9, 0xB1, 0x60, 0x8D, 0xCB, 0x9D, 0x29, + 0x27, 0x85, 0xA0, 0xCD, 0x58, 0xEF, 0xB7, 0xFE, + 0x13, 0xB1, 0xDE, 0x95, 0xF0, 0xDB, 0x55, 0xB3 + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM_1024 + static const byte ek_1024[WC_ML_KEM_1024_PUBLIC_KEY_SIZE] = { + 0x30, 0x7A, 0x4C, 0xEA, 0x41, 0x48, 0x21, 0x9B, + 0x95, 0x8E, 0xA0, 0xB7, 0x88, 0x66, 0x59, 0x23, + 0x5A, 0x4D, 0x19, 0x80, 0xB1, 0x92, 0x61, 0x08, + 0x47, 0xD8, 0x6E, 0xF3, 0x27, 0x39, 0xF9, 0x4C, + 0x3B, 0x44, 0x6C, 0x4D, 0x81, 0xD8, 0x9B, 0x8B, + 0x42, 0x2A, 0x9D, 0x07, 0x9C, 0x88, 0xB1, 0x1A, + 0xCA, 0xF3, 0x21, 0xB0, 0x14, 0x29, 0x4E, 0x18, + 0xB2, 0x96, 0xE5, 0x2F, 0x3F, 0x74, 0x4C, 0xF9, + 0x63, 0x4A, 0x4F, 0xB0, 0x1D, 0xB0, 0xD9, 0x9E, + 0xF2, 0x0A, 0x63, 0x3A, 0x55, 0x2E, 0x76, 0xA0, + 0x58, 0x5C, 0x61, 0x09, 0xF0, 0x18, 0x76, 0x8B, + 0x76, 0x3A, 0xF3, 0x67, 0x8B, 0x47, 0x80, 0x08, + 0x9C, 0x13, 0x42, 0xB9, 0x69, 0x07, 0xA2, 0x9A, + 0x1C, 0x11, 0x52, 0x1C, 0x74, 0x4C, 0x27, 0x97, + 0xD0, 0xBF, 0x2B, 0x9C, 0xCD, 0xCA, 0x61, 0x46, + 0x72, 0xB4, 0x50, 0x76, 0x77, 0x3F, 0x45, 0x8A, + 0x31, 0xEF, 0x86, 0x9B, 0xE1, 0xEB, 0x2E, 0xFE, + 0xB5, 0x0D, 0x0E, 0x37, 0x49, 0x5D, 0xC5, 0xCA, + 0x55, 0xE0, 0x75, 0x28, 0x93, 0x4F, 0x62, 0x93, + 0xC4, 0x16, 0x80, 0x27, 0xD0, 0xE5, 0x3D, 0x07, + 0xFA, 0xCC, 0x66, 0x30, 0xCB, 0x08, 0x19, 0x7E, + 0x53, 0xFB, 0x19, 0x3A, 0x17, 0x11, 0x35, 0xDC, + 0x8A, 0xD9, 0x97, 0x94, 0x02, 0xA7, 0x1B, 0x69, + 0x26, 0xBC, 0xDC, 0xDC, 0x47, 0xB9, 0x34, 0x01, + 0x91, 0x0A, 0x5F, 0xCC, 0x1A, 0x81, 0x3B, 0x68, + 0x2B, 0x09, 0xBA, 0x7A, 0x72, 0xD2, 0x48, 0x6D, + 0x6C, 0x79, 0x95, 0x16, 0x46, 0x5C, 0x14, 0x72, + 0x9B, 0x26, 0x94, 0x9B, 0x0B, 0x7C, 0xBC, 0x7C, + 0x64, 0x0F, 0x26, 0x7F, 0xED, 0x80, 0xB1, 0x62, + 0xC5, 0x1F, 0xD8, 0xE0, 0x92, 0x27, 0xC1, 0x01, + 0xD5, 0x05, 0xA8, 0xFA, 0xE8, 0xA2, 0xD7, 0x05, + 0x4E, 0x28, 0xA7, 0x8B, 0xA8, 0x75, 0x0D, 0xEC, + 0xF9, 0x05, 0x7C, 0x83, 0x97, 0x9F, 0x7A, 0xBB, + 0x08, 0x49, 0x45, 0x64, 0x80, 0x06, 0xC5, 0xB2, + 0x88, 0x04, 0xF3, 0x4E, 0x73, 0xB2, 0x38, 0x11, + 0x1A, 0x65, 0xA1, 0xF5, 0x00, 0xB1, 0xCC, 0x60, + 0x6A, 0x84, 0x8F, 0x28, 0x59, 0x07, 0x0B, 0xEB, + 0xA7, 0x57, 0x31, 0x79, 0xF3, 0x61, 0x49, 0xCF, + 0x58, 0x01, 0xBF, 0x89, 0xA1, 0xC3, 0x8C, 0xC2, + 0x78, 0x41, 0x55, 0x28, 0xD0, 0x3B, 0xDB, 0x94, + 0x3F, 0x96, 0x28, 0x0C, 0x8C, 0xC5, 0x20, 0x42, + 0xD9, 0xB9, 0x1F, 0xAA, 0x9D, 0x6E, 0xA7, 0xBC, + 0xBB, 0x7A, 0xB1, 0x89, 0x7A, 0x32, 0x66, 0x96, + 0x6F, 0x78, 0x39, 0x34, 0x26, 0xC7, 0x6D, 0x8A, + 0x49, 0x57, 0x8B, 0x98, 0xB1, 0x59, 0xEB, 0xB4, + 0x6E, 0xE0, 0xA8, 0x83, 0xA2, 0x70, 0xD8, 0x05, + 0x7C, 0xD0, 0x23, 0x1C, 0x86, 0x90, 0x6A, 0x91, + 0xDB, 0xBA, 0xDE, 0x6B, 0x24, 0x69, 0x58, 0x1E, + 0x2B, 0xCA, 0x2F, 0xEA, 0x83, 0x89, 0xF7, 0xC7, + 0x4B, 0xCD, 0x70, 0x96, 0x1E, 0xA5, 0xB9, 0x34, + 0xFB, 0xCF, 0x9A, 0x65, 0x90, 0xBF, 0x86, 0xB8, + 0xDB, 0x54, 0x88, 0x54, 0xD9, 0xA3, 0xFB, 0x30, + 0x11, 0x04, 0x33, 0xBD, 0x7A, 0x1B, 0x65, 0x9C, + 0xA8, 0x56, 0x80, 0x85, 0x63, 0x92, 0x37, 0xB3, + 0xBD, 0xC3, 0x7B, 0x7F, 0xA7, 0x16, 0xD4, 0x82, + 0xA2, 0x5B, 0x54, 0x10, 0x6B, 0x3A, 0x8F, 0x54, + 0xD3, 0xAA, 0x99, 0xB5, 0x12, 0x3D, 0xA9, 0x60, + 0x66, 0x90, 0x45, 0x92, 0xF3, 0xA5, 0x4E, 0xE2, + 0x3A, 0x79, 0x81, 0xAB, 0x60, 0x8A, 0x2F, 0x44, + 0x13, 0xCC, 0x65, 0x89, 0x46, 0xC6, 0xD7, 0x78, + 0x0E, 0xA7, 0x65, 0x64, 0x4B, 0x3C, 0xC0, 0x6C, + 0x70, 0x03, 0x4A, 0xB4, 0xEB, 0x35, 0x19, 0x12, + 0xE7, 0x71, 0x5B, 0x56, 0x75, 0x5D, 0x09, 0x02, + 0x15, 0x71, 0xBF, 0x34, 0x0A, 0xB9, 0x25, 0x98, + 0xA2, 0x4E, 0x81, 0x18, 0x93, 0x19, 0x5B, 0x96, + 0xA1, 0x62, 0x9F, 0x80, 0x41, 0xF5, 0x86, 0x58, + 0x43, 0x15, 0x61, 0xFC, 0x0A, 0xB1, 0x52, 0x92, + 0xB9, 0x13, 0xEC, 0x47, 0x3F, 0x04, 0x47, 0x9B, + 0xC1, 0x45, 0xCD, 0x4C, 0x56, 0x3A, 0x28, 0x62, + 0x35, 0x64, 0x6C, 0xD3, 0x05, 0xA9, 0xBE, 0x10, + 0x14, 0xE2, 0xC7, 0xB1, 0x30, 0xC3, 0x3E, 0xB7, + 0x7C, 0xC4, 0xA0, 0xD9, 0x78, 0x6B, 0xD6, 0xBC, + 0x2A, 0x95, 0x4B, 0xF3, 0x00, 0x57, 0x78, 0xF8, + 0x91, 0x7C, 0xE1, 0x37, 0x89, 0xBB, 0xB9, 0x62, + 0x80, 0x78, 0x58, 0xB6, 0x77, 0x31, 0x57, 0x2B, + 0x6D, 0x3C, 0x9B, 0x4B, 0x52, 0x06, 0xFA, 0xC9, + 0xA7, 0xC8, 0x96, 0x16, 0x98, 0xD8, 0x83, 0x24, + 0xA9, 0x15, 0x18, 0x68, 0x99, 0xB2, 0x99, 0x23, + 0xF0, 0x84, 0x42, 0xA3, 0xD3, 0x86, 0xBD, 0x41, + 0x6B, 0xCC, 0x9A, 0x10, 0x01, 0x64, 0xC9, 0x30, + 0xEC, 0x35, 0xEA, 0xFB, 0x6A, 0xB3, 0x58, 0x51, + 0xB6, 0xC8, 0xCE, 0x63, 0x77, 0x36, 0x6A, 0x17, + 0x5F, 0x3D, 0x75, 0x29, 0x8C, 0x51, 0x8D, 0x44, + 0x89, 0x89, 0x33, 0xF5, 0x3D, 0xEE, 0x61, 0x71, + 0x45, 0x09, 0x33, 0x79, 0xC4, 0x65, 0x9F, 0x68, + 0x58, 0x3B, 0x2B, 0x28, 0x12, 0x26, 0x66, 0xBE, + 0xC5, 0x78, 0x38, 0x99, 0x1F, 0xF1, 0x6C, 0x36, + 0x8D, 0xD2, 0x2C, 0x36, 0xE7, 0x80, 0xC9, 0x1A, + 0x35, 0x82, 0xE2, 0x5E, 0x19, 0x79, 0x4C, 0x6B, + 0xF2, 0xAB, 0x42, 0x45, 0x8A, 0x8D, 0xD7, 0x70, + 0x5D, 0xE2, 0xC2, 0xAA, 0x20, 0xC0, 0x54, 0xE8, + 0x4B, 0x3E, 0xF3, 0x50, 0x32, 0x79, 0x86, 0x26, + 0xC2, 0x48, 0x26, 0x32, 0x53, 0xA7, 0x1A, 0x11, + 0x94, 0x35, 0x71, 0x34, 0x0A, 0x97, 0x8C, 0xD0, + 0xA6, 0x02, 0xE4, 0x7D, 0xEE, 0x54, 0x0A, 0x88, + 0x14, 0xBA, 0x06, 0xF3, 0x14, 0x14, 0x79, 0x7C, + 0xDF, 0x60, 0x49, 0x58, 0x23, 0x61, 0xBB, 0xAB, + 0xA3, 0x87, 0xA8, 0x3D, 0x89, 0x91, 0x3F, 0xE4, + 0xC0, 0xC1, 0x12, 0xB9, 0x56, 0x21, 0xA4, 0xBD, + 0xA8, 0x12, 0x3A, 0x14, 0xD1, 0xA8, 0x42, 0xFB, + 0x57, 0xB8, 0x3A, 0x4F, 0xBA, 0xF3, 0x3A, 0x8E, + 0x55, 0x22, 0x38, 0xA5, 0x96, 0xAA, 0xE7, 0xA1, + 0x50, 0xD7, 0x5D, 0xA6, 0x48, 0xBC, 0x44, 0x64, + 0x49, 0x77, 0xBA, 0x1F, 0x87, 0xA4, 0xC6, 0x8A, + 0x8C, 0x4B, 0xD2, 0x45, 0xB7, 0xD0, 0x07, 0x21, + 0xF7, 0xD6, 0x4E, 0x82, 0x2B, 0x08, 0x5B, 0x90, + 0x13, 0x12, 0xEC, 0x37, 0xA8, 0x16, 0x98, 0x02, + 0x16, 0x0C, 0xCE, 0x11, 0x60, 0xF0, 0x10, 0xBE, + 0x8C, 0xBC, 0xAC, 0xE8, 0xE7, 0xB0, 0x05, 0xD7, + 0x83, 0x92, 0x34, 0xA7, 0x07, 0x86, 0x83, 0x09, + 0xD0, 0x37, 0x84, 0xB4, 0x27, 0x3B, 0x1C, 0x8A, + 0x16, 0x01, 0x33, 0xED, 0x29, 0x81, 0x84, 0x70, + 0x46, 0x25, 0xF2, 0x9C, 0xFA, 0x08, 0x6D, 0x13, + 0x26, 0x3E, 0xE5, 0x89, 0x91, 0x23, 0xC5, 0x96, + 0xBA, 0x78, 0x8E, 0x5C, 0x54, 0xA8, 0xE9, 0xBA, + 0x82, 0x9B, 0x8A, 0x9D, 0x90, 0x4B, 0xC4, 0xBC, + 0x0B, 0xBE, 0xA7, 0x6B, 0xC5, 0x3F, 0xF8, 0x11, + 0x21, 0x45, 0x98, 0x47, 0x2C, 0x9C, 0x20, 0x2B, + 0x73, 0xEF, 0xF0, 0x35, 0xDC, 0x09, 0x70, 0x3A, + 0xF7, 0xBF, 0x1B, 0xAB, 0xAA, 0xC7, 0x31, 0x93, + 0xCB, 0x46, 0x11, 0x7A, 0x7C, 0x94, 0x92, 0xA4, + 0x3F, 0xC9, 0x57, 0x89, 0xA9, 0x24, 0xC5, 0x91, + 0x27, 0x87, 0xB2, 0xE2, 0x09, 0x0E, 0xBB, 0xCF, + 0xD3, 0x79, 0x62, 0x21, 0xF0, 0x6D, 0xEB, 0xF9, + 0xCF, 0x70, 0xE0, 0x56, 0xB8, 0xB9, 0x16, 0x1D, + 0x63, 0x47, 0xF4, 0x73, 0x35, 0xF3, 0xE1, 0x77, + 0x6D, 0xA4, 0xBB, 0x87, 0xC1, 0x5C, 0xC8, 0x26, + 0x14, 0x6F, 0xF0, 0x24, 0x9A, 0x41, 0x3B, 0x45, + 0xAA, 0x93, 0xA8, 0x05, 0x19, 0x6E, 0xA4, 0x53, + 0x11, 0x4B, 0x52, 0x4E, 0x31, 0x0A, 0xED, 0xAA, + 0x46, 0xE3, 0xB9, 0x96, 0x42, 0x36, 0x87, 0x82, + 0x56, 0x6D, 0x04, 0x9A, 0x72, 0x6D, 0x6C, 0xCA, + 0x91, 0x09, 0x93, 0xAE, 0xD6, 0x21, 0xD0, 0x14, + 0x9E, 0xA5, 0x88, 0xA9, 0xAB, 0xD9, 0x09, 0xDB, + 0xB6, 0x9A, 0xA2, 0x28, 0x29, 0xD9, 0xB8, 0x3A, + 0xDA, 0x22, 0x09, 0xA6, 0xC2, 0x65, 0x9F, 0x21, + 0x69, 0xD6, 0x68, 0xB9, 0x31, 0x48, 0x42, 0xC6, + 0xE2, 0x2A, 0x74, 0x95, 0x8B, 0x4C, 0x25, 0xBB, + 0xDC, 0xD2, 0x93, 0xD9, 0x9C, 0xB6, 0x09, 0xD8, + 0x66, 0x74, 0x9A, 0x48, 0x5D, 0xFB, 0x56, 0x02, + 0x48, 0x83, 0xCF, 0x54, 0x65, 0xDB, 0xA0, 0x36, + 0x32, 0x06, 0x58, 0x7F, 0x45, 0x59, 0x7F, 0x89, + 0x00, 0x2F, 0xB8, 0x60, 0x72, 0x32, 0x13, 0x8E, + 0x03, 0xB2, 0xA8, 0x94, 0x52, 0x5F, 0x26, 0x53, + 0x70, 0x05, 0x4B, 0x48, 0x86, 0x36, 0x14, 0x47, + 0x2B, 0x95, 0xD0, 0xA2, 0x30, 0x34, 0x42, 0xE3, + 0x78, 0xB0, 0xDD, 0x1C, 0x75, 0xAC, 0xBA, 0xB9, + 0x71, 0xA9, 0xA8, 0xD1, 0x28, 0x1C, 0x79, 0x61, + 0x3A, 0xCE, 0xC6, 0x93, 0x3C, 0x37, 0x7B, 0x3C, + 0x57, 0x8C, 0x2A, 0x61, 0xA1, 0xEC, 0x18, 0x1B, + 0x10, 0x12, 0x97, 0xA3, 0x7C, 0xC5, 0x19, 0x7B, + 0x29, 0x42, 0xF6, 0xA0, 0xE4, 0x70, 0x4C, 0x0E, + 0xC6, 0x35, 0x40, 0x48, 0x1B, 0x9F, 0x15, 0x9D, + 0xC2, 0x55, 0xB5, 0x9B, 0xB5, 0x5D, 0xF4, 0x96, + 0xAE, 0x54, 0x21, 0x7B, 0x76, 0x89, 0xBD, 0x51, + 0xDB, 0xA0, 0x38, 0x3A, 0x3D, 0x72, 0xD8, 0x52, + 0xFF, 0xCA, 0x76, 0xDF, 0x05, 0xB6, 0x6E, 0xEC, + 0xCB, 0xD4, 0x7B, 0xC5, 0x30, 0x40, 0x81, 0x76, + 0x28, 0xC7, 0x1E, 0x36, 0x1D, 0x6A, 0xF8, 0x89, + 0x08, 0x49, 0x16, 0xB4, 0x08, 0xA4, 0x66, 0xC9, + 0x6E, 0x70, 0x86, 0xC4, 0xA6, 0x0A, 0x10, 0xFC, + 0xF7, 0x53, 0x7B, 0xB9, 0x4A, 0xFB, 0xCC, 0x7D, + 0x43, 0x75, 0x90, 0x91, 0x9C, 0x28, 0x65, 0x0C, + 0x4F, 0x23, 0x68, 0x25, 0x92, 0x26, 0xA9, 0xBF, + 0xDA, 0x3A, 0x3A, 0x0B, 0xA1, 0xB5, 0x08, 0x7D, + 0x9D, 0x76, 0x44, 0x2F, 0xD7, 0x86, 0xC6, 0xF8, + 0x1C, 0x68, 0xC0, 0x36, 0x0D, 0x71, 0x94, 0xD7, + 0x07, 0x2C, 0x45, 0x33, 0xAE, 0xA8, 0x6C, 0x2D, + 0x1F, 0x8C, 0x0A, 0x27, 0x69, 0x60, 0x66, 0xF6, + 0xCF, 0xD1, 0x10, 0x03, 0xF7, 0x97, 0x27, 0x0B, + 0x32, 0x38, 0x97, 0x13, 0xCF, 0xFA, 0x09, 0x3D, + 0x99, 0x1B, 0x63, 0x84, 0x4C, 0x38, 0x5E, 0x72, + 0x27, 0x7F, 0x16, 0x6F, 0x5A, 0x39, 0x34, 0xD6, + 0xBB, 0x89, 0xA4, 0x78, 0x8D, 0xE2, 0x83, 0x21, + 0xDE, 0xFC, 0x74, 0x57, 0xAB, 0x48, 0x4B, 0xD3, + 0x09, 0x86, 0xDC, 0x1D, 0xAB, 0x30, 0x08, 0xCD, + 0x7B, 0x22, 0xF6, 0x97, 0x02, 0xFA, 0xBB, 0x9A, + 0x10, 0x45, 0x40, 0x7D, 0xA4, 0x79, 0x1C, 0x35, + 0x90, 0xFF, 0x59, 0x9D, 0x81, 0xD6, 0x88, 0xCF, + 0xA7, 0xCC, 0x12, 0xA6, 0x8C, 0x50, 0xF5, 0x1A, + 0x10, 0x09, 0x41, 0x1B, 0x44, 0x85, 0x0F, 0x90, + 0x15, 0xDC, 0x84, 0xA9, 0x3B, 0x17, 0xC7, 0xA2, + 0x07, 0x55, 0x2C, 0x66, 0x1E, 0xA9, 0x83, 0x8E, + 0x31, 0xB9, 0x5E, 0xAD, 0x54, 0x62, 0x48, 0xE5, + 0x6B, 0xE7, 0xA5, 0x13, 0x05, 0x05, 0x26, 0x87, + 0x71, 0x19, 0x98, 0x80, 0xA1, 0x41, 0x77, 0x1A, + 0x9E, 0x47, 0xAC, 0xFE, 0xD5, 0x90, 0xCB, 0x3A, + 0xA7, 0xCB, 0x7C, 0x5F, 0x74, 0x91, 0x1D, 0x89, + 0x12, 0xC2, 0x9D, 0x62, 0x33, 0xF4, 0xD5, 0x3B, + 0xC6, 0x41, 0x39, 0xE2, 0xF5, 0x5B, 0xE7, 0x55, + 0x07, 0xDD, 0x77, 0x86, 0x8E, 0x38, 0x4A, 0xEC, + 0x58, 0x1F, 0x3F, 0x41, 0x1D, 0xB1, 0xA7, 0x42, + 0x97, 0x2D, 0x3E, 0xBF, 0xD3, 0x31, 0x5C, 0x84, + 0xA5, 0xAD, 0x63, 0xA0, 0xE7, 0x5C, 0x8B, 0xCA, + 0x3E, 0x30, 0x41, 0xE0, 0x5D, 0x90, 0x67, 0xAF, + 0xF3, 0xB1, 0x24, 0x4F, 0x76, 0x3E, 0x79, 0x83 + }; + static const byte seed_1024[WC_ML_KEM_ENC_RAND_SZ] = { + 0x59, 0xC5, 0x15, 0x4C, 0x04, 0xAE, 0x43, 0xAA, + 0xFF, 0x32, 0x70, 0x0F, 0x08, 0x17, 0x00, 0x38, + 0x9D, 0x54, 0xBE, 0xC4, 0xC3, 0x7C, 0x08, 0x8B, + 0x1C, 0x53, 0xF6, 0x62, 0x12, 0xB1, 0x2C, 0x72 + }; + static const byte c_1024[WC_ML_KEM_1024_CIPHER_TEXT_SIZE] = { + 0xE2, 0xD5, 0xFD, 0x4C, 0x13, 0xCE, 0xA0, 0xB5, + 0x2D, 0x87, 0x4F, 0xEA, 0x90, 0x12, 0xF3, 0xA5, + 0x17, 0x43, 0xA1, 0x09, 0x37, 0x10, 0xBB, 0xF2, + 0x39, 0x50, 0xF9, 0x14, 0x7A, 0x47, 0x2E, 0xE5, + 0x53, 0x39, 0x28, 0xA2, 0xF4, 0x6D, 0x59, 0x2F, + 0x35, 0xDA, 0x8B, 0x4F, 0x75, 0x8C, 0x89, 0x3B, + 0x0D, 0x7B, 0x98, 0x94, 0x8B, 0xE4, 0x47, 0xB1, + 0x7C, 0xB2, 0xAE, 0x58, 0xAF, 0x8A, 0x48, 0x9D, + 0xDD, 0x92, 0x32, 0xB9, 0x9B, 0x1C, 0x0D, 0x2D, + 0xE7, 0x7C, 0xAA, 0x47, 0x2B, 0xC3, 0xBB, 0xD4, + 0xA7, 0xC6, 0x0D, 0xBF, 0xDC, 0xA9, 0x2E, 0xBF, + 0x3A, 0x1C, 0xE1, 0xC2, 0x2D, 0xAD, 0x13, 0xE8, + 0x87, 0x00, 0x4E, 0x29, 0x24, 0xFD, 0x22, 0x65, + 0x6F, 0x5E, 0x50, 0x87, 0x91, 0xDE, 0x06, 0xD8, + 0x5E, 0x1A, 0x14, 0x26, 0x80, 0x8E, 0xD9, 0xA8, + 0x9F, 0x6E, 0x2F, 0xD3, 0xC2, 0x45, 0xD4, 0x75, + 0x8B, 0x22, 0xB0, 0x2C, 0xAD, 0xE3, 0x3B, 0x60, + 0xFC, 0x88, 0x9A, 0x33, 0xFC, 0x44, 0x47, 0xED, + 0xEB, 0xBF, 0xD4, 0x53, 0x0D, 0xE8, 0x65, 0x96, + 0xA3, 0x37, 0x89, 0xD5, 0xDB, 0xA6, 0xE6, 0xEC, + 0x9F, 0x89, 0x87, 0x9A, 0xF4, 0xBE, 0x49, 0x09, + 0xA6, 0x90, 0x17, 0xC9, 0xBB, 0x7A, 0x5E, 0x31, + 0x81, 0x5E, 0xA5, 0xF1, 0x32, 0xEE, 0xC4, 0x98, + 0x4F, 0xAA, 0x7C, 0xCF, 0x59, 0x4D, 0xD0, 0x0D, + 0x4D, 0x84, 0x87, 0xE4, 0x56, 0x21, 0xAF, 0x8F, + 0x6E, 0x33, 0x05, 0x51, 0x43, 0x9C, 0x93, 0xEC, + 0x07, 0x8A, 0x7A, 0x3C, 0xC1, 0x59, 0x4A, 0xF9, + 0x1F, 0x84, 0x17, 0x37, 0x5F, 0xD6, 0x08, 0x8C, + 0xEB, 0x5E, 0x85, 0xC6, 0x70, 0x99, 0x09, 0x1B, + 0xAC, 0x11, 0x49, 0x8A, 0x0D, 0x71, 0x14, 0x55, + 0xF5, 0xE0, 0xD9, 0x5C, 0xD7, 0xBB, 0xE5, 0xCD, + 0xD8, 0xFE, 0xCB, 0x31, 0x9E, 0x68, 0x53, 0xC2, + 0x3C, 0x9B, 0xE2, 0xC7, 0x63, 0xDF, 0x57, 0x86, + 0x66, 0xC4, 0x0A, 0x40, 0xA8, 0x74, 0x86, 0xE4, + 0x6B, 0xA8, 0x71, 0x61, 0x46, 0x19, 0x29, 0x04, + 0x51, 0x0A, 0x6D, 0xC5, 0x9D, 0xA8, 0x02, 0x58, + 0x25, 0x28, 0x3D, 0x68, 0x4D, 0xB9, 0x14, 0x10, + 0xB4, 0xF1, 0x2C, 0x6D, 0x8F, 0xBD, 0x0A, 0xDD, + 0x75, 0xD3, 0x09, 0x89, 0x18, 0xCB, 0x04, 0xAC, + 0x7B, 0xC4, 0xDB, 0x0D, 0x6B, 0xCD, 0xF1, 0x19, + 0x4D, 0xD8, 0x62, 0x92, 0xE0, 0x5B, 0x7B, 0x86, + 0x30, 0x62, 0x5B, 0x58, 0x9C, 0xC5, 0x09, 0xD2, + 0x15, 0xBB, 0xD0, 0x6A, 0x2E, 0x7C, 0x66, 0xF4, + 0x24, 0xCD, 0xF8, 0xC4, 0x0A, 0xC6, 0xC1, 0xE5, + 0xAE, 0x6C, 0x96, 0x4B, 0x7D, 0x9E, 0x92, 0xF9, + 0x5F, 0xC5, 0xC8, 0x85, 0x22, 0x81, 0x62, 0x8B, + 0x81, 0xB9, 0xAF, 0xAB, 0xC7, 0xF0, 0x3B, 0xE3, + 0xF6, 0x2E, 0x80, 0x47, 0xBB, 0x88, 0xD0, 0x1C, + 0x68, 0x68, 0x7B, 0x8D, 0xD4, 0xFE, 0x63, 0x82, + 0x00, 0x62, 0xB6, 0x78, 0x8A, 0x53, 0x72, 0x90, + 0x53, 0x82, 0x6E, 0xD3, 0xB7, 0xC7, 0xEF, 0x82, + 0x41, 0xE1, 0x9C, 0x85, 0x11, 0x7B, 0x3C, 0x53, + 0x41, 0x88, 0x1D, 0x4F, 0x29, 0x9E, 0x50, 0x37, + 0x4C, 0x8E, 0xEF, 0xD5, 0x56, 0x0B, 0xD1, 0x83, + 0x19, 0xA7, 0x96, 0x3A, 0x3D, 0x02, 0xF0, 0xFB, + 0xE8, 0x4B, 0xC4, 0x84, 0xB5, 0xA4, 0x01, 0x8B, + 0x97, 0xD2, 0x74, 0x19, 0x1C, 0x95, 0xF7, 0x02, + 0xBA, 0xB9, 0xB0, 0xD1, 0x05, 0xFA, 0xF9, 0xFD, + 0xCF, 0xF9, 0x7E, 0x43, 0x72, 0x36, 0x56, 0x75, + 0x99, 0xFA, 0xF7, 0x3B, 0x07, 0x5D, 0x40, 0x61, + 0x04, 0xD4, 0x03, 0xCD, 0xF8, 0x12, 0x24, 0xDA, + 0x59, 0x0B, 0xEC, 0x28, 0x97, 0xE3, 0x01, 0x09, + 0xE1, 0xF2, 0xE5, 0xAE, 0x46, 0x10, 0xC8, 0x09, + 0xA7, 0x3F, 0x63, 0x8C, 0x84, 0x21, 0x0B, 0x34, + 0x47, 0xA7, 0xC8, 0xB6, 0xDD, 0xDB, 0x5A, 0xE2, + 0x00, 0xBF, 0x20, 0xE2, 0xFE, 0x4D, 0x4B, 0xA6, + 0xC6, 0xB1, 0x27, 0x67, 0xFB, 0x87, 0x60, 0xF6, + 0x6C, 0x51, 0x18, 0xE7, 0xA9, 0x93, 0x5B, 0x41, + 0xC9, 0xA4, 0x71, 0xA1, 0xD3, 0x23, 0x76, 0x88, + 0xC1, 0xE6, 0x18, 0xCC, 0x3B, 0xE9, 0x36, 0xAA, + 0x3F, 0x5E, 0x44, 0xE0, 0x86, 0x82, 0x0B, 0x81, + 0x0E, 0x06, 0x32, 0x11, 0xFC, 0x21, 0xC4, 0x04, + 0x4B, 0x3A, 0xC4, 0xD0, 0x0D, 0xF1, 0xBC, 0xC7, + 0xB2, 0x4D, 0xC0, 0x7B, 0xA4, 0x8B, 0x23, 0xB0, + 0xFC, 0x12, 0xA3, 0xED, 0x3D, 0x0A, 0x5C, 0xF7, + 0x67, 0x14, 0x15, 0xAB, 0x9C, 0xF2, 0x12, 0x86, + 0xFE, 0x63, 0xFB, 0x41, 0x41, 0x85, 0x70, 0x55, + 0x5D, 0x47, 0x39, 0xB8, 0x81, 0x04, 0xA8, 0x59, + 0x3F, 0x29, 0x30, 0x25, 0xA4, 0xE3, 0xEE, 0x7C, + 0x67, 0xE4, 0xB4, 0x8E, 0x40, 0xF6, 0xBA, 0x8C, + 0x09, 0x86, 0x0C, 0x3F, 0xBB, 0xE5, 0x5D, 0x45, + 0xB4, 0x5F, 0xC9, 0xAB, 0x62, 0x9B, 0x17, 0xC2, + 0x76, 0xC9, 0xC9, 0xE2, 0xAF, 0x3A, 0x04, 0x3B, + 0xEA, 0xFC, 0x18, 0xFD, 0x4F, 0x25, 0xEE, 0x7F, + 0x83, 0xBD, 0xDC, 0xD2, 0xD9, 0x39, 0x14, 0xB7, + 0xED, 0x4F, 0x7C, 0x9A, 0xF1, 0x27, 0xF3, 0xF1, + 0x5C, 0x27, 0x7B, 0xE1, 0x65, 0x51, 0xFE, 0xF3, + 0xAE, 0x03, 0xD7, 0xB9, 0x14, 0x3F, 0x0C, 0x9C, + 0x01, 0x9A, 0xB9, 0x7E, 0xEA, 0x07, 0x63, 0x66, + 0x13, 0x1F, 0x51, 0x83, 0x63, 0x71, 0x1B, 0x34, + 0xE9, 0x6D, 0x3F, 0x8A, 0x51, 0x3F, 0x3E, 0x20, + 0xB1, 0xD4, 0x52, 0xC4, 0xB7, 0xAE, 0x3B, 0x97, + 0x5E, 0xA9, 0x4D, 0x88, 0x0D, 0xAC, 0x66, 0x93, + 0x39, 0x97, 0x50, 0xD0, 0x22, 0x20, 0x40, 0x3F, + 0x0D, 0x3E, 0x3F, 0xC1, 0x17, 0x2A, 0x4D, 0xE9, + 0xDC, 0x28, 0x0E, 0xAF, 0x0F, 0xEE, 0x28, 0x83, + 0xA6, 0x66, 0x0B, 0xF5, 0xA3, 0xD2, 0x46, 0xFF, + 0x41, 0xD2, 0x1B, 0x36, 0xEA, 0x52, 0x1C, 0xF7, + 0xAA, 0x68, 0x9F, 0x80, 0x0D, 0x0F, 0x86, 0xF4, + 0xFA, 0x10, 0x57, 0xD8, 0xA1, 0x3F, 0x9D, 0xA8, + 0xFF, 0xFD, 0x0D, 0xC1, 0xFA, 0xD3, 0xC0, 0x4B, + 0xB1, 0xCC, 0xCB, 0x7C, 0x83, 0x4D, 0xB0, 0x51, + 0xA7, 0xAC, 0x2E, 0x4C, 0x60, 0x30, 0x19, 0x96, + 0xC9, 0x30, 0x71, 0xEA, 0x41, 0x6B, 0x42, 0x17, + 0x59, 0x93, 0x56, 0x59, 0xCF, 0x62, 0xCA, 0x5F, + 0x13, 0xAE, 0x07, 0xC3, 0xB1, 0x95, 0xC1, 0x48, + 0x15, 0x9D, 0x8B, 0xEB, 0x03, 0xD4, 0x40, 0xB0, + 0x0F, 0x53, 0x05, 0x76, 0x5F, 0x20, 0xC0, 0xC4, + 0x6E, 0xEE, 0x59, 0xC6, 0xD1, 0x62, 0x06, 0x40, + 0x2D, 0xB1, 0xC7, 0x15, 0xE8, 0x88, 0xBD, 0xE5, + 0x9C, 0x78, 0x1F, 0x35, 0xA7, 0xCC, 0x7C, 0x1C, + 0x5E, 0xCB, 0x21, 0x55, 0xAE, 0x3E, 0x95, 0x9C, + 0x09, 0x64, 0xCC, 0x1E, 0xF8, 0xD7, 0xC6, 0x9D, + 0x14, 0x58, 0xA9, 0xA4, 0x2F, 0x95, 0xF4, 0xC6, + 0xB5, 0xB9, 0x96, 0x34, 0x57, 0x12, 0xAA, 0x29, + 0x0F, 0xBB, 0xF7, 0xDF, 0xD4, 0xA6, 0xE8, 0x64, + 0x63, 0x02, 0x2A, 0x3F, 0x47, 0x25, 0xF6, 0x51, + 0x1B, 0xF7, 0xEA, 0x5E, 0x95, 0xC7, 0x07, 0xCD, + 0x35, 0x73, 0x60, 0x9A, 0xAD, 0xEA, 0xF5, 0x40, + 0x15, 0x2C, 0x49, 0x5F, 0x37, 0xFE, 0x6E, 0xC8, + 0xBB, 0x9F, 0xA2, 0xAA, 0x61, 0xD1, 0x57, 0x35, + 0x93, 0x4F, 0x47, 0x37, 0x92, 0x8F, 0xDE, 0x90, + 0xBA, 0x99, 0x57, 0x22, 0x46, 0x5D, 0x4A, 0x64, + 0x50, 0x5A, 0x52, 0x01, 0xF0, 0x7A, 0xA5, 0x8C, + 0xFD, 0x8A, 0xE2, 0x26, 0xE0, 0x20, 0x70, 0xB2, + 0xDB, 0xF5, 0x12, 0xB9, 0x75, 0x31, 0x9A, 0x7E, + 0x87, 0x53, 0xB4, 0xFD, 0xAE, 0x0E, 0xB4, 0x92, + 0x28, 0x69, 0xCC, 0x8E, 0x25, 0xC4, 0xA5, 0x56, + 0x0C, 0x2A, 0x06, 0x85, 0xDE, 0x3A, 0xC3, 0x92, + 0xA8, 0x92, 0x5B, 0xA8, 0x82, 0x00, 0x48, 0x94, + 0x74, 0x2E, 0x43, 0xCC, 0xFC, 0x27, 0x74, 0x39, + 0xEC, 0x80, 0x50, 0xA9, 0xAE, 0xB4, 0x29, 0x32, + 0xE0, 0x1C, 0x84, 0x0D, 0xFC, 0xED, 0xCC, 0x34, + 0xD3, 0x99, 0x12, 0x89, 0xA6, 0x2C, 0x17, 0xD1, + 0x28, 0x4C, 0x83, 0x95, 0x14, 0xB9, 0x33, 0x51, + 0xDB, 0xB2, 0xDD, 0xA8, 0x1F, 0x92, 0x45, 0x65, + 0xD7, 0x0E, 0x70, 0x79, 0xD5, 0xB8, 0x12, 0x6C, + 0xAA, 0xB7, 0xA4, 0xA1, 0xC7, 0x31, 0x65, 0x5A, + 0x53, 0xBC, 0xC0, 0x9F, 0x5D, 0x63, 0xEC, 0x90, + 0x86, 0xDE, 0xA6, 0x50, 0x05, 0x59, 0x85, 0xED, + 0xFA, 0x82, 0x97, 0xD9, 0xC9, 0x54, 0x10, 0xC5, + 0xD1, 0x89, 0x4D, 0x17, 0xD5, 0x93, 0x05, 0x49, + 0xAD, 0xBC, 0x2B, 0x87, 0x33, 0xC9, 0x9F, 0xE6, + 0x2E, 0x17, 0xC4, 0xDE, 0x34, 0xA5, 0xD8, 0x9B, + 0x12, 0xD1, 0x8E, 0x42, 0xA4, 0x22, 0xD2, 0xCE, + 0x77, 0x9C, 0x2C, 0x28, 0xEB, 0x2D, 0x98, 0x00, + 0x3D, 0x5C, 0xD3, 0x23, 0xFC, 0xBE, 0xCF, 0x02, + 0xB5, 0x06, 0x6E, 0x0E, 0x73, 0x48, 0x10, 0xF0, + 0x9E, 0xD8, 0x90, 0x13, 0xC0, 0x0F, 0x01, 0x1B, + 0xD2, 0x20, 0xF2, 0xE5, 0xD6, 0xA3, 0x62, 0xDF, + 0x90, 0x59, 0x91, 0x98, 0xA0, 0x93, 0xB0, 0x3C, + 0x8D, 0x8E, 0xFB, 0xFE, 0x0B, 0x61, 0x75, 0x92, + 0xFA, 0xF1, 0xE6, 0x42, 0x20, 0xC4, 0x44, 0x0B, + 0x53, 0xFF, 0xB4, 0x71, 0x64, 0xF3, 0x69, 0xC9, + 0x52, 0x90, 0xBA, 0x9F, 0x31, 0x08, 0xD6, 0x86, + 0xC5, 0x7D, 0xB6, 0x45, 0xC5, 0x3C, 0x01, 0x2E, + 0x57, 0xAF, 0x25, 0xBD, 0x66, 0x93, 0xE2, 0xCC, + 0x6B, 0x57, 0x65, 0x1A, 0xF1, 0x59, 0x1F, 0xE5, + 0xD8, 0x91, 0x66, 0x40, 0xEC, 0x01, 0x7C, 0x25, + 0x3D, 0xF0, 0x60, 0x6B, 0xB6, 0xB3, 0x03, 0x5F, + 0xAE, 0x74, 0x8F, 0x3D, 0x40, 0x34, 0x22, 0x3B, + 0x1B, 0x5E, 0xFB, 0xF5, 0x28, 0x3E, 0x77, 0x8C, + 0x10, 0x94, 0x29, 0x1C, 0xF7, 0xB1, 0x9B, 0xE0, + 0xF3, 0x17, 0x35, 0x0E, 0x6F, 0x85, 0x18, 0xFD, + 0xE0, 0xEF, 0xB1, 0x38, 0x1F, 0xB6, 0xE1, 0x6C, + 0x24, 0x1F, 0x7F, 0x17, 0xA5, 0x21, 0x06, 0x93, + 0xA2, 0x74, 0x15, 0x9E, 0x7F, 0xAC, 0x86, 0x8C, + 0xD0, 0xDC, 0x43, 0x59, 0xC3, 0xD9, 0xEE, 0xFE, + 0xA0, 0xD9, 0xE3, 0x1E, 0x43, 0xFA, 0x65, 0x13, + 0x92, 0xC6, 0x5A, 0x54, 0x3A, 0x59, 0xB3, 0xEE, + 0xE3, 0xA6, 0x39, 0xDC, 0x94, 0x17, 0xD0, 0x56, + 0xA5, 0xFF, 0x0F, 0x16, 0x0B, 0xEE, 0xE2, 0xEA, + 0xC2, 0x9A, 0x7D, 0x88, 0xC0, 0x98, 0x2C, 0xF7, + 0x0B, 0x5A, 0x46, 0x37, 0x9F, 0x21, 0xE5, 0x06, + 0xAA, 0xC6, 0x1A, 0x9B, 0xB1, 0xB8, 0xC2, 0xB9, + 0xDA, 0xB0, 0xE4, 0x4A, 0x82, 0x3B, 0x61, 0xD0, + 0xAA, 0x11, 0xD9, 0x4F, 0x76, 0xA4, 0xA8, 0xE2, + 0x1F, 0x9D, 0x42, 0x80, 0x68, 0x32, 0x08, 0xF4, + 0xEA, 0x91, 0x11, 0x16, 0xF6, 0xFD, 0x6A, 0x97, + 0x42, 0x69, 0x34, 0xEC, 0x34, 0x26, 0xB8, 0xC8, + 0xF7, 0x03, 0xDA, 0x85, 0xE9, 0xDC, 0xF9, 0x93, + 0x36, 0x13, 0x60, 0x03, 0x72, 0x8B, 0x8E, 0xCD, + 0xD0, 0x4A, 0x38, 0x9F, 0x6A, 0x81, 0x7A, 0x78, + 0xBF, 0xA6, 0x1B, 0xA4, 0x60, 0x20, 0xBF, 0x3C, + 0x34, 0x82, 0x95, 0x08, 0xF9, 0xD0, 0x6D, 0x15, + 0x53, 0xCD, 0x98, 0x7A, 0xAC, 0x38, 0x0D, 0x86, + 0xF1, 0x68, 0x84, 0x3B, 0xA3, 0x90, 0x4D, 0xE5, + 0xF7, 0x05, 0x8A, 0x41, 0xB4, 0xCD, 0x38, 0x8B, + 0xC9, 0xCE, 0x3A, 0xBA, 0x7E, 0xE7, 0x13, 0x9B, + 0x7F, 0xC9, 0xE5, 0xB8, 0xCF, 0xAA, 0xA3, 0x89, + 0x90, 0xBD, 0x4A, 0x5D, 0xB3, 0x2E, 0x26, 0x13, + 0xE7, 0xEC, 0x4F, 0x5F, 0x8B, 0x12, 0x92, 0xA3, + 0x8C, 0x6F, 0x4F, 0xF5, 0xA4, 0x04, 0x90, 0xD7, + 0x6B, 0x12, 0x66, 0x52, 0xFC, 0xF8, 0x6E, 0x24, + 0x52, 0x35, 0xD6, 0x36, 0xC6, 0x5C, 0xD1, 0x02, + 0xB0, 0x1E, 0x22, 0x78, 0x1A, 0x72, 0x91, 0x8C + }; + static const byte k_1024[WC_ML_KEM_SS_SZ] = { + 0x72, 0x64, 0xBD, 0xE5, 0xC6, 0xCE, 0xC1, 0x48, + 0x49, 0x69, 0x3E, 0x2C, 0x3C, 0x86, 0xE4, 0x8F, + 0x80, 0x95, 0x8A, 0x4F, 0x61, 0x86, 0xFC, 0x69, + 0x33, 0x3A, 0x41, 0x48, 0xE6, 0xE4, 0x97, 0xF3 + }; +#endif + static byte ct[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE]; + static byte ss[WC_ML_KEM_SS_SZ]; + + key = (MlKemKey*)XMALLOC(sizeof(MlKemKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + if (key != NULL) { + XMEMSET(key, 0, sizeof(MlKemKey)); + } + +#ifndef WOLFSSL_NO_ML_KEM_512 + ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_512, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_MlKemKey_DecodePublicKey(key, ek_512, sizeof(ek_512)), 0); + ExpectIntEQ(wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, seed_512, + sizeof(seed_512)), 0); + ExpectIntEQ(XMEMCMP(ct, c_512, WC_ML_KEM_512_CIPHER_TEXT_SIZE), 0); + ExpectIntEQ(XMEMCMP(ss, k_512, WC_ML_KEM_SS_SZ), 0); + wc_MlKemKey_Free(key); +#endif +#ifndef WOLFSSL_NO_ML_KEM_768 + ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_768, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_MlKemKey_DecodePublicKey(key, ek_768, sizeof(ek_768)), 0); + ExpectIntEQ(wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, seed_768, + sizeof(seed_768)), 0); + ExpectIntEQ(XMEMCMP(ct, c_768, WC_ML_KEM_768_CIPHER_TEXT_SIZE), 0); + ExpectIntEQ(XMEMCMP(ss, k_768, WC_ML_KEM_SS_SZ), 0); + wc_MlKemKey_Free(key); +#endif +#ifndef WOLFSSL_NO_ML_KEM_1024 + ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_1024, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_MlKemKey_DecodePublicKey(key, ek_1024, sizeof(ek_1024)), 0); + ExpectIntEQ(wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, seed_1024, + sizeof(seed_1024)), 0); + ExpectIntEQ(XMEMCMP(ct, c_1024, WC_ML_KEM_1024_CIPHER_TEXT_SIZE), 0); + ExpectIntEQ(XMEMCMP(ss, k_1024, WC_ML_KEM_SS_SZ), 0); + wc_MlKemKey_Free(key); +#endif + + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +int test_wc_mlkem_decapsulate_kats(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_HAVE_MLKEM) && defined(WOLFSSL_WC_MLKEM) && \ + !defined(WOLFSSL_NO_ML_KEM) && !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) + MlKemKey* key; +#ifndef WOLFSSL_NO_ML_KEM_512 + static const byte dk_512[WC_ML_KEM_512_PRIVATE_KEY_SIZE] = { + 0x69, 0xF9, 0xCB, 0xFD, 0x12, 0x37, 0xBA, 0x16, + 0x1C, 0xF6, 0xE6, 0xC1, 0x8F, 0x48, 0x8F, 0xC6, + 0xE3, 0x9A, 0xB4, 0xA5, 0xC9, 0xE6, 0xC2, 0x2E, + 0xA4, 0xE3, 0xAD, 0x8F, 0x26, 0x7A, 0x9C, 0x44, + 0x20, 0x10, 0xD3, 0x2E, 0x61, 0xF8, 0x3E, 0x6B, + 0xFA, 0x5C, 0x58, 0x70, 0x61, 0x45, 0x37, 0x6D, + 0xBB, 0x84, 0x95, 0x28, 0xF6, 0x80, 0x07, 0xC8, + 0x22, 0xB3, 0x3A, 0x95, 0xB8, 0x49, 0x04, 0xDC, + 0xD2, 0x70, 0x8D, 0x03, 0x40, 0xC8, 0xB8, 0x08, + 0xBC, 0xD3, 0xAA, 0xD0, 0xE4, 0x8B, 0x85, 0x84, + 0x95, 0x83, 0xA1, 0xB4, 0xE5, 0x94, 0x5D, 0xD9, + 0x51, 0x4A, 0x7F, 0x64, 0x61, 0xE0, 0x57, 0xB7, + 0xEC, 0xF6, 0x19, 0x57, 0xE9, 0x7C, 0xF6, 0x28, + 0x15, 0xF9, 0xC3, 0x22, 0x94, 0xB3, 0x26, 0xE1, + 0xA1, 0xC4, 0xE3, 0x60, 0xB9, 0x49, 0x8B, 0xA8, + 0x0F, 0x8C, 0xA9, 0x15, 0x32, 0xB1, 0x71, 0xD0, + 0xAE, 0xFC, 0x48, 0x49, 0xFA, 0x53, 0xBC, 0x61, + 0x79, 0x32, 0xE2, 0x08, 0xA6, 0x77, 0xC6, 0x04, + 0x4A, 0x66, 0x00, 0xB8, 0xD8, 0xB8, 0x3F, 0x26, + 0xA7, 0x47, 0xB1, 0x8C, 0xFB, 0x78, 0xBE, 0xAF, + 0xC5, 0x51, 0xAD, 0x52, 0xB7, 0xCA, 0x6C, 0xB8, + 0x8F, 0x3B, 0x5D, 0x9C, 0xE2, 0xAF, 0x6C, 0x67, + 0x95, 0x6C, 0x47, 0x8C, 0xEF, 0x49, 0x1F, 0x59, + 0xE0, 0x19, 0x1B, 0x3B, 0xBE, 0x92, 0x9B, 0x94, + 0xB6, 0x66, 0xC1, 0x76, 0x13, 0x8B, 0x00, 0xF4, + 0x97, 0x24, 0x34, 0x1E, 0xE2, 0xE1, 0x64, 0xB9, + 0x4C, 0x05, 0x3C, 0x18, 0x5A, 0x51, 0xF9, 0x3E, + 0x00, 0xF3, 0x68, 0x61, 0x61, 0x3A, 0x7F, 0xD7, + 0x2F, 0xEB, 0xD2, 0x3A, 0x8B, 0x96, 0xA2, 0x60, + 0x23, 0x42, 0x39, 0xC9, 0x62, 0x8F, 0x99, 0x5D, + 0xC1, 0x38, 0x07, 0xB4, 0x3A, 0x69, 0x46, 0x81, + 0x67, 0xCB, 0x1A, 0x8F, 0x9D, 0xD0, 0x7E, 0xE3, + 0xB3, 0x32, 0x38, 0xF6, 0x30, 0x96, 0xEB, 0xC4, + 0x9D, 0x50, 0x51, 0xC4, 0xB6, 0x59, 0x63, 0xD7, + 0x4A, 0x47, 0x66, 0xC2, 0x26, 0xF0, 0xB9, 0x4F, + 0x18, 0x62, 0xC2, 0x12, 0x4C, 0x8C, 0x74, 0x97, + 0x48, 0xC0, 0xBC, 0x4D, 0xC1, 0x4C, 0xB3, 0x49, + 0x06, 0xB8, 0x1C, 0x55, 0x24, 0xFB, 0x81, 0x00, + 0x79, 0x85, 0x42, 0xDC, 0x6C, 0xC2, 0xAA, 0x0A, + 0x70, 0x85, 0x75, 0xEA, 0xBC, 0xC1, 0x1F, 0x96, + 0xA9, 0xE6, 0x1C, 0x01, 0x7A, 0x96, 0xA7, 0xCE, + 0x93, 0xC4, 0x20, 0x91, 0x73, 0x71, 0x13, 0xAE, + 0x78, 0x3C, 0x0A, 0xE8, 0x75, 0x5E, 0x59, 0x41, + 0x11, 0xED, 0xFA, 0xBF, 0xD8, 0x6C, 0x32, 0x12, + 0xC6, 0x12, 0xA7, 0xB6, 0x2A, 0xFD, 0x3C, 0x7A, + 0x5C, 0x78, 0xB2, 0xF0, 0x73, 0x44, 0xB7, 0x89, + 0xC2, 0xB2, 0xDB, 0xB5, 0xF4, 0x44, 0x8B, 0xE9, + 0x7B, 0xBA, 0x42, 0x33, 0xC0, 0x03, 0x9C, 0x0F, + 0xE8, 0x43, 0x00, 0xF9, 0xB0, 0x3A, 0xC9, 0x94, + 0x97, 0xE6, 0xD4, 0x6B, 0x6E, 0x95, 0x30, 0x8F, + 0xF8, 0x47, 0x90, 0xF6, 0x12, 0xCF, 0x18, 0x6E, + 0xC1, 0x68, 0x11, 0xE8, 0x0C, 0x17, 0x93, 0x16, + 0xA6, 0x3B, 0x25, 0x70, 0x3F, 0x60, 0xB8, 0x42, + 0xB6, 0x19, 0x07, 0xE6, 0x28, 0x94, 0xE7, 0x36, + 0x64, 0x7B, 0x3C, 0x09, 0xDA, 0x6F, 0xEC, 0x59, + 0x32, 0x78, 0x2B, 0x36, 0xE0, 0x63, 0x50, 0x85, + 0xA3, 0x94, 0x9E, 0x69, 0x4D, 0x7E, 0x17, 0xCB, + 0xA3, 0xD9, 0x06, 0x43, 0x30, 0x43, 0x8C, 0x07, + 0x1B, 0x58, 0x36, 0xA7, 0x70, 0xC5, 0x5F, 0x62, + 0x13, 0xCC, 0x14, 0x25, 0x84, 0x5D, 0xE5, 0xA3, + 0x34, 0xD7, 0x5D, 0x3E, 0x50, 0x58, 0xC7, 0x80, + 0x9F, 0xDA, 0x4B, 0xCD, 0x78, 0x19, 0x1D, 0xA9, + 0x79, 0x73, 0x25, 0xE6, 0x23, 0x6C, 0x26, 0x50, + 0xFC, 0x60, 0x4E, 0xE4, 0x3A, 0x83, 0xCE, 0xB3, + 0x49, 0x80, 0x08, 0x44, 0x03, 0xA3, 0x32, 0x59, + 0x85, 0x79, 0x07, 0x79, 0x9A, 0x9D, 0x2A, 0x71, + 0x3A, 0x63, 0x3B, 0x5C, 0x90, 0x47, 0x27, 0xF6, + 0x1E, 0x42, 0x52, 0x09, 0x91, 0xD6, 0x55, 0x70, + 0x5C, 0xB6, 0xBC, 0x1B, 0x74, 0xAF, 0x60, 0x71, + 0x3E, 0xF8, 0x71, 0x2F, 0x14, 0x08, 0x68, 0x69, + 0xBE, 0x8E, 0xB2, 0x97, 0xD2, 0x28, 0xB3, 0x25, + 0xA0, 0x60, 0x9F, 0xD6, 0x15, 0xEA, 0xB7, 0x08, + 0x15, 0x40, 0xA6, 0x1A, 0x82, 0xAB, 0xF4, 0x3B, + 0x7D, 0xF9, 0x8A, 0x59, 0x5B, 0xE1, 0x1F, 0x41, + 0x6B, 0x41, 0xE1, 0xEB, 0x75, 0xBB, 0x57, 0x97, + 0x7C, 0x25, 0xC6, 0x4E, 0x97, 0x43, 0x7D, 0x88, + 0xCA, 0x5F, 0xDA, 0x61, 0x59, 0xD6, 0x68, 0xF6, + 0xBA, 0xB8, 0x15, 0x75, 0x55, 0xB5, 0xD5, 0x4C, + 0x0F, 0x47, 0xCB, 0xCD, 0x16, 0x84, 0x3B, 0x1A, + 0x0A, 0x0F, 0x02, 0x10, 0xEE, 0x31, 0x03, 0x13, + 0x96, 0x7F, 0x3D, 0x51, 0x64, 0x99, 0x01, 0x8F, + 0xDF, 0x31, 0x14, 0x77, 0x24, 0x70, 0xA1, 0x88, + 0x9C, 0xC0, 0x6C, 0xB6, 0xB6, 0x69, 0x0A, 0xC3, + 0x1A, 0xBC, 0xFA, 0xF4, 0xBC, 0x70, 0x76, 0x84, + 0x54, 0x5B, 0x00, 0x0B, 0x58, 0x0C, 0xCB, 0xFC, + 0xBC, 0xE9, 0xFA, 0x70, 0xAA, 0xEA, 0x0B, 0xBD, + 0x91, 0x10, 0x99, 0x2A, 0x7C, 0x6C, 0x06, 0xCB, + 0x36, 0x85, 0x27, 0xFD, 0x22, 0x90, 0x90, 0x75, + 0x7E, 0x6F, 0xE7, 0x57, 0x05, 0xFA, 0x59, 0x2A, + 0x76, 0x08, 0xF0, 0x50, 0xC6, 0xF8, 0x87, 0x03, + 0xCC, 0x28, 0xCB, 0x00, 0x0C, 0x1D, 0x7E, 0x77, + 0xB8, 0x97, 0xB7, 0x2C, 0x62, 0xBC, 0xC7, 0xAE, + 0xA2, 0x1A, 0x57, 0x72, 0x94, 0x83, 0xD2, 0x21, + 0x18, 0x32, 0xBE, 0xD6, 0x12, 0x43, 0x0C, 0x98, + 0x31, 0x03, 0xC6, 0x9E, 0x8C, 0x07, 0x2C, 0x0E, + 0xA7, 0x89, 0x8F, 0x22, 0x83, 0xBE, 0xC4, 0x8C, + 0x5A, 0xC8, 0x19, 0x84, 0xD4, 0xA5, 0xA8, 0x36, + 0x19, 0x73, 0x5A, 0x84, 0x2B, 0xD1, 0x72, 0xC0, + 0xD1, 0xB3, 0x9F, 0x43, 0x58, 0x8A, 0xF1, 0x70, + 0x45, 0x8B, 0xA9, 0xEE, 0x74, 0x92, 0xEA, 0xAA, + 0x94, 0xEA, 0x53, 0xA4, 0xD3, 0x84, 0x98, 0xEC, + 0xBB, 0x98, 0xA5, 0xF4, 0x07, 0xE7, 0xC9, 0x7B, + 0x4E, 0x16, 0x6E, 0x39, 0x71, 0x92, 0xC2, 0x16, + 0x03, 0x30, 0x14, 0xB8, 0x78, 0xE9, 0x38, 0x07, + 0x5C, 0x6C, 0x1F, 0x10, 0xA0, 0x06, 0x5A, 0xBC, + 0x31, 0x63, 0x72, 0x2F, 0x1A, 0x2E, 0xFF, 0xEC, + 0x8D, 0x6E, 0x3A, 0x0C, 0x4F, 0x71, 0x74, 0xFC, + 0x16, 0xB7, 0x9F, 0xB5, 0x18, 0x6A, 0x75, 0x16, + 0x8F, 0x81, 0xA5, 0x6A, 0xA4, 0x8A, 0x20, 0xA0, + 0x4B, 0xDD, 0xF1, 0x82, 0xC6, 0xE1, 0x79, 0xC3, + 0xF6, 0x90, 0x61, 0x55, 0x5E, 0xF7, 0x39, 0x6D, + 0xD0, 0xB7, 0x49, 0x96, 0x01, 0xA6, 0xEB, 0x3A, + 0x96, 0xA9, 0xA2, 0x2D, 0x04, 0xF1, 0x16, 0x8D, + 0xB5, 0x63, 0x55, 0xB0, 0x76, 0x00, 0xA2, 0x03, + 0x70, 0x63, 0x7B, 0x64, 0x59, 0x76, 0xBB, 0xD9, + 0x7B, 0x6D, 0x62, 0x88, 0xA0, 0xD3, 0x03, 0x63, + 0x60, 0x47, 0x2E, 0x3A, 0xC7, 0x1D, 0x56, 0x6D, + 0xB8, 0xFB, 0xB1, 0xB1, 0xD7, 0x6C, 0xB7, 0x55, + 0xCD, 0x0D, 0x68, 0xBD, 0xBF, 0xC0, 0x48, 0xEB, + 0xA2, 0x52, 0x5E, 0xEA, 0x9D, 0xD5, 0xB1, 0x44, + 0xFB, 0x3B, 0x60, 0xFB, 0xC3, 0x42, 0x39, 0x32, + 0x0C, 0xBC, 0x06, 0x9B, 0x35, 0xAB, 0x16, 0xB8, + 0x75, 0x65, 0x36, 0xFB, 0x33, 0xE8, 0xA6, 0xAF, + 0x1D, 0xD4, 0x2C, 0x79, 0xF4, 0x8A, 0xD1, 0x20, + 0xAE, 0x4B, 0x15, 0x9D, 0x3D, 0x8C, 0x31, 0x90, + 0x60, 0xCC, 0xE5, 0x69, 0xC3, 0xF6, 0x03, 0x53, + 0x65, 0x58, 0x5D, 0x34, 0x41, 0x37, 0x95, 0xA6, + 0xA1, 0x8E, 0xC5, 0x13, 0x6A, 0xB1, 0x3C, 0x90, + 0xE3, 0xAF, 0x14, 0xC0, 0xB8, 0xA4, 0x64, 0xC8, + 0x6B, 0x90, 0x73, 0x22, 0x2B, 0x56, 0xB3, 0xF7, + 0x32, 0x8A, 0xEA, 0x79, 0x81, 0x55, 0x32, 0x59, + 0x11, 0x25, 0x0E, 0xF0, 0x16, 0xD7, 0x28, 0x02, + 0xE3, 0x87, 0x8A, 0xA5, 0x05, 0x40, 0xCC, 0x98, + 0x39, 0x56, 0x97, 0x1D, 0x6E, 0xFA, 0x35, 0x2C, + 0x02, 0x55, 0x4D, 0xC7, 0x60, 0xA5, 0xA9, 0x13, + 0x58, 0xEA, 0x56, 0x37, 0x08, 0x84, 0xFD, 0x5B, + 0x3F, 0x85, 0xB7, 0x0E, 0x83, 0xE4, 0x69, 0x7D, + 0xEB, 0x17, 0x05, 0x16, 0x9E, 0x9C, 0x60, 0xA7, + 0x45, 0x28, 0xCF, 0x15, 0x28, 0x1C, 0xB1, 0xB1, + 0xC4, 0x57, 0xD4, 0x67, 0xB5, 0xF9, 0x3A, 0x60, + 0x37, 0x3D, 0x10, 0xE0, 0xCF, 0x6A, 0x83, 0x7A, + 0xA3, 0xC9, 0x59, 0x6A, 0x72, 0xBE, 0xC2, 0x9B, + 0x2D, 0x7E, 0x58, 0x65, 0x3D, 0x53, 0x30, 0x61, + 0xD3, 0x81, 0xD5, 0x17, 0x59, 0x75, 0x22, 0x17, + 0xEB, 0x46, 0xCA, 0xC7, 0x80, 0x7C, 0x4A, 0xD3, + 0x8B, 0x61, 0x16, 0x44, 0xAC, 0xF0, 0xA3, 0xF2, + 0x6B, 0x6B, 0x08, 0x4A, 0xB4, 0x7A, 0x83, 0xBF, + 0x0D, 0x69, 0x6F, 0x8A, 0x47, 0x68, 0xFC, 0x35, + 0xBC, 0xA6, 0xBC, 0x79, 0x03, 0xB2, 0xA2, 0x37, + 0xC2, 0x77, 0x49, 0xF5, 0x51, 0x0C, 0x86, 0x38, + 0x69, 0xE6, 0xAE, 0x56, 0xBB, 0x2A, 0xFE, 0x47, + 0x71, 0xC9, 0x22, 0x18, 0x74, 0xF5, 0x0F, 0x5B, + 0x14, 0xBA, 0xAD, 0x59, 0x93, 0xB4, 0x92, 0x38, + 0xFD, 0x0A, 0x0C, 0x9F, 0x79, 0xB7, 0xB4, 0x58, + 0x4E, 0x41, 0x30, 0x1F, 0x7A, 0x88, 0x5C, 0x9F, + 0x91, 0x81, 0x9B, 0xEA, 0x00, 0xD5, 0x12, 0x58, + 0x17, 0x30, 0x53, 0x9F, 0xB3, 0x7E, 0x59, 0xE8, + 0x6A, 0x6D, 0x19, 0xCA, 0x25, 0xF0, 0xA8, 0x11, + 0xC9, 0xB4, 0x28, 0xBA, 0x86, 0x14, 0xAA, 0x4F, + 0x94, 0x80, 0x7B, 0xC0, 0x31, 0xCB, 0xCC, 0x18, + 0x3F, 0x3B, 0xF0, 0x7F, 0xE2, 0xC1, 0xA6, 0xEB, + 0xA8, 0x0D, 0x5A, 0x70, 0x6E, 0xE0, 0xDA, 0xB2, + 0x7E, 0x23, 0x14, 0x58, 0x02, 0x5D, 0x84, 0xA7, + 0xA9, 0xB0, 0x23, 0x05, 0x01, 0x11, 0x6C, 0x29, + 0x0A, 0x6B, 0xB5, 0x06, 0x26, 0xD9, 0x7B, 0x93, + 0x98, 0x50, 0x94, 0x28, 0x28, 0x39, 0x0B, 0x0A, + 0x20, 0x01, 0xB7, 0x85, 0x3A, 0xD1, 0xAE, 0x9B, + 0x01, 0x1B, 0x2D, 0xB3, 0x6C, 0xAE, 0xEA, 0x73, + 0xA2, 0x32, 0x8E, 0x3C, 0x56, 0x48, 0x5B, 0x49, + 0x1C, 0x29, 0x91, 0x15, 0xA0, 0x17, 0xC9, 0x07, + 0xAB, 0x54, 0x31, 0x72, 0x60, 0xA5, 0x93, 0xA0, + 0xD7, 0xBA, 0x6D, 0x06, 0x61, 0x5D, 0x6E, 0x2C, + 0xA8, 0x4B, 0x86, 0x0E, 0xFF, 0x3C, 0xCB, 0x59, + 0x72, 0x11, 0xBF, 0xE3, 0x6B, 0xDE, 0xF8, 0x06, + 0x9A, 0xFA, 0x36, 0xC5, 0xA7, 0x33, 0x92, 0x72, + 0x26, 0x50, 0xE4, 0x95, 0x7D, 0xCA, 0x59, 0x7A, + 0xCB, 0xA5, 0x60, 0x5B, 0x63, 0xC1, 0x63, 0xCF, + 0xA9, 0x4B, 0x64, 0xDD, 0xD6, 0x23, 0x01, 0xA4, + 0x33, 0x20, 0x83, 0x36, 0x19, 0x72, 0x58, 0x9D, + 0xB0, 0x59, 0x9A, 0x69, 0x4D, 0xD4, 0x54, 0x7A, + 0x5E, 0xE9, 0x19, 0x65, 0x77, 0xC2, 0x2E, 0xD4, + 0x27, 0xAC, 0x89, 0xBB, 0x8B, 0xA3, 0x75, 0x3E, + 0xB7, 0x6C, 0x41, 0xF2, 0xC1, 0x12, 0x9C, 0x8A, + 0x77, 0xD6, 0x80, 0x5F, 0xA7, 0x19, 0xB1, 0xB6, + 0xCA, 0x11, 0xB7, 0x40, 0xA7, 0x8A, 0x3D, 0x41, + 0xB5, 0x33, 0x05, 0x26, 0xAB, 0x87, 0xD5, 0x8D, + 0x59, 0x25, 0x31, 0x5A, 0x14, 0x85, 0xED, 0xC6, + 0x47, 0xC1, 0x60, 0x4E, 0xB3, 0x81, 0x38, 0xDE, + 0x63, 0x7A, 0xD2, 0xC6, 0xCA, 0x5B, 0xE4, 0x4E, + 0x10, 0x08, 0xB2, 0xC0, 0x86, 0x7B, 0x22, 0x9C, + 0xCC, 0x36, 0x61, 0x9E, 0x27, 0x58, 0xC4, 0xC2, + 0x02, 0x9E, 0xAE, 0xB2, 0x6E, 0x7A, 0x80, 0x3F, + 0xCA, 0x30, 0x5A, 0x59, 0xCD, 0x58, 0x5E, 0x11, + 0x7D, 0x69, 0x8E, 0xCE, 0x01, 0x1C, 0xC3, 0xFC, + 0xE5, 0x4D, 0x2E, 0x11, 0x45, 0x45, 0xA2, 0x1A, + 0xC5, 0xBE, 0x67, 0x71, 0xAB, 0x8F, 0x13, 0x12, + 0x2F, 0xAD, 0x29, 0x5E, 0x74, 0x5A, 0x50, 0x3B, + 0x14, 0x2F, 0x91, 0xAE, 0xF7, 0xBD, 0xE9, 0x99, + 0x98, 0x84, 0x5F, 0xDA, 0x04, 0x35, 0x55, 0xC9, + 0xC1, 0xEE, 0x53, 0x5B, 0xE1, 0x25, 0xE5, 0xDC, + 0xE5, 0xD2, 0x66, 0x66, 0x7E, 0x72, 0x3E, 0x67, + 0xB6, 0xBA, 0x89, 0x1C, 0x16, 0xCB, 0xA1, 0x74, + 0x09, 0x8A, 0x3F, 0x35, 0x17, 0x78, 0xB0, 0x88, + 0x8C, 0x95, 0x90, 0xA9, 0x09, 0x0C, 0xD4, 0x04 + }; + static const byte c_512[WC_ML_KEM_512_CIPHER_TEXT_SIZE] = { + 0x16, 0x1C, 0xD2, 0x59, 0xFE, 0xAA, 0x7E, 0xC6, + 0xB2, 0x86, 0x49, 0x8A, 0x9A, 0x6F, 0x69, 0xF8, + 0xB2, 0x62, 0xA2, 0xE2, 0x09, 0x3D, 0x0F, 0xBD, + 0x76, 0xD5, 0xDC, 0x1C, 0x9F, 0xDE, 0x0D, 0xED, + 0xB3, 0x65, 0x81, 0x00, 0x4C, 0xB4, 0x81, 0x12, + 0xF8, 0x52, 0xE7, 0xF8, 0x7F, 0x64, 0x9E, 0x8A, + 0x42, 0xCD, 0x9E, 0x03, 0x49, 0xE7, 0xDA, 0xBD, + 0xF0, 0xA9, 0xAC, 0x1B, 0x52, 0x1C, 0x37, 0xEA, + 0x52, 0x41, 0x37, 0x0A, 0x8A, 0xB2, 0x91, 0x1C, + 0xC7, 0x99, 0x02, 0xC9, 0x5D, 0x28, 0x22, 0x4F, + 0xA8, 0x89, 0x6A, 0xD7, 0x15, 0x20, 0x9E, 0xCD, + 0xD5, 0xD7, 0x84, 0xE9, 0x1D, 0xD9, 0xD0, 0xBE, + 0x91, 0x6B, 0x45, 0x65, 0xF4, 0xD5, 0x66, 0x9A, + 0xEE, 0x0D, 0xEF, 0x93, 0x1E, 0x97, 0x68, 0x29, + 0x4E, 0xEC, 0x52, 0x58, 0xDE, 0x83, 0x91, 0xEC, + 0xE2, 0x71, 0xE7, 0xE4, 0xCF, 0xD9, 0xD2, 0x3A, + 0x79, 0xFA, 0xC3, 0xA8, 0xE0, 0xDB, 0x5D, 0xDD, + 0x6E, 0x01, 0x07, 0x23, 0x56, 0x88, 0xBB, 0xDF, + 0x7B, 0xC5, 0xD5, 0x63, 0x2F, 0x20, 0x6C, 0x63, + 0xA0, 0xC9, 0x56, 0x4F, 0x30, 0x96, 0x5C, 0xA5, + 0x8C, 0x69, 0xFF, 0x92, 0xD2, 0x5A, 0x4F, 0x93, + 0xA0, 0x9E, 0xAB, 0x9B, 0x90, 0x85, 0x94, 0x7E, + 0x07, 0x8A, 0x23, 0xE4, 0xD9, 0xC1, 0x3B, 0x8A, + 0x56, 0xE7, 0x3E, 0x18, 0xDF, 0x42, 0xD6, 0x94, + 0x9F, 0xAF, 0x59, 0x21, 0xF2, 0xE3, 0x73, 0xD4, + 0x50, 0xC8, 0xC0, 0x9D, 0x07, 0xB1, 0x52, 0xA9, + 0x7C, 0x24, 0x54, 0x47, 0x42, 0x94, 0x81, 0xD4, + 0x98, 0xBE, 0xB7, 0x25, 0x6B, 0xC4, 0x7F, 0x68, + 0xF9, 0x92, 0x2B, 0x0B, 0x1C, 0x62, 0xD9, 0xC2, + 0x3F, 0x9F, 0x73, 0x3D, 0xD7, 0x37, 0x92, 0xCF, + 0xC7, 0xB4, 0x3C, 0xBC, 0xEA, 0x27, 0x7D, 0x51, + 0xB2, 0xB8, 0xAD, 0x4A, 0x4F, 0x52, 0x2F, 0x64, + 0x2C, 0xAD, 0x5C, 0x5D, 0xEB, 0x21, 0xF3, 0x62, + 0x7F, 0x8A, 0xF4, 0xD3, 0xE5, 0xBC, 0x9E, 0x91, + 0xD4, 0xCB, 0x2F, 0x12, 0x4B, 0x5B, 0xD7, 0xC2, + 0xF4, 0xA0, 0x50, 0xCA, 0x75, 0x5B, 0xDB, 0x80, + 0x56, 0x60, 0x96, 0x63, 0xFB, 0x95, 0x11, 0xC9, + 0xAD, 0x83, 0xB5, 0x03, 0x90, 0x88, 0xCC, 0x01, + 0xF0, 0xDD, 0x54, 0x35, 0x3B, 0x0D, 0xD7, 0x43, + 0x3F, 0x0C, 0x6C, 0xEE, 0x0D, 0x07, 0x59, 0x59, + 0x81, 0x0D, 0xEC, 0x54, 0x16, 0x52, 0x2B, 0xB1, + 0xF1, 0xF6, 0x55, 0x47, 0xA0, 0xC2, 0xE9, 0xCC, + 0x9B, 0xC1, 0x7F, 0x8D, 0x39, 0xD2, 0x93, 0x09, + 0xEB, 0xE7, 0x9F, 0x21, 0x33, 0x1B, 0x75, 0xE1, + 0x2A, 0xF2, 0xE9, 0x3F, 0x03, 0xF7, 0x4F, 0x7F, + 0x87, 0xD3, 0x60, 0xF1, 0xDA, 0xF8, 0x6C, 0xED, + 0x73, 0x60, 0x92, 0xA2, 0x11, 0xA8, 0x15, 0x88, + 0x59, 0xC4, 0x2E, 0x22, 0x3C, 0xFE, 0x2E, 0x6E, + 0x55, 0x34, 0x37, 0xD8, 0x05, 0x76, 0xCF, 0xD1, + 0x94, 0x4E, 0x97, 0xEE, 0xFF, 0x9B, 0x49, 0xE5, + 0xEC, 0xCF, 0xC6, 0x78, 0xEE, 0x16, 0x52, 0x68, + 0xDF, 0xE3, 0xD3, 0x59, 0x6B, 0x4B, 0x86, 0x20, + 0x4A, 0x81, 0xC6, 0x06, 0x3B, 0x0C, 0xDC, 0xE6, + 0x19, 0xFD, 0xBB, 0x96, 0xDF, 0x7D, 0xE6, 0xE0, + 0xBD, 0x52, 0x70, 0xB4, 0xD5, 0x9C, 0x4D, 0xC5, + 0x08, 0x47, 0x6E, 0x7F, 0x07, 0x08, 0xF9, 0x8C, + 0x7A, 0x4F, 0x66, 0x45, 0xC4, 0x9D, 0x06, 0x10, + 0x0C, 0x76, 0x0C, 0x59, 0x95, 0x28, 0xD1, 0xB8, + 0xBB, 0xFE, 0x62, 0x81, 0x91, 0xCC, 0x08, 0x3C, + 0x8D, 0x22, 0x5A, 0x09, 0x3F, 0x9F, 0x17, 0xE3, + 0x55, 0x74, 0x98, 0x6F, 0x86, 0xBA, 0xA4, 0x68, + 0x98, 0xB5, 0x89, 0xF3, 0xCB, 0x7D, 0xB4, 0x6A, + 0x45, 0xF3, 0xED, 0xD4, 0xFA, 0xC2, 0x08, 0x08, + 0xF4, 0xCD, 0x02, 0x49, 0xDA, 0x69, 0x3F, 0x8F, + 0xAB, 0xFB, 0xD4, 0xE1, 0x0C, 0x02, 0xC6, 0x5B, + 0xA8, 0xC8, 0x61, 0x0F, 0xA8, 0xC6, 0xDF, 0x3D, + 0xBA, 0xEB, 0x67, 0x63, 0xDD, 0x48, 0x2A, 0xF4, + 0x15, 0x58, 0xB1, 0xE1, 0x5C, 0xC9, 0xC7, 0xA7, + 0x2E, 0x07, 0x16, 0x85, 0xAC, 0x19, 0xA0, 0x51, + 0xF1, 0x92, 0x45, 0xB9, 0xF7, 0x7C, 0x30, 0x38, + 0xA5, 0x4E, 0x29, 0x58, 0x62, 0x3E, 0xB8, 0x10, + 0x59, 0x55, 0x60, 0x9E, 0x27, 0xD6, 0x7C, 0xF7, + 0x2E, 0xC5, 0xC4, 0xA8, 0xE9, 0xB9, 0xC2, 0x92, + 0x4A, 0x9E, 0x22, 0x98, 0x50, 0x8B, 0xAB, 0xA1, + 0x3C, 0xF1, 0x11, 0xFD, 0xFB, 0x06, 0x2C, 0x96, + 0x07, 0xAC, 0x1A, 0xAA, 0x6C, 0x63, 0x73, 0x10, + 0xA8, 0x89, 0x4B, 0xF0, 0xB9, 0x6F, 0x0C, 0x19, + 0x13, 0x61, 0x86, 0xB6, 0x18, 0xDF, 0xFB, 0x27, + 0x55, 0x28, 0xBE, 0xD1, 0xCC, 0x27, 0x15, 0xDE, + 0xF4, 0x12, 0xF7, 0x7A, 0x3C, 0xF9, 0x66, 0x45, + 0x73, 0x3B, 0x04, 0x8A, 0x78, 0x47, 0x43, 0x20, + 0xD1, 0xA3, 0x80, 0xF5, 0xEE, 0xDB, 0xDA, 0x21, + 0xFA, 0x01, 0x25, 0xC9, 0x1D, 0x3C, 0x37, 0xC5, + 0x4B, 0xF3, 0x75, 0x2A, 0x1F, 0x84, 0x71, 0xC8, + 0x1F, 0xCA, 0xE2, 0xD3, 0xED, 0xA9, 0x66, 0xE1, + 0x4E, 0x66, 0xF2, 0x23, 0xB0, 0x54, 0xD7, 0x98, + 0x48, 0xFF, 0x94, 0x11, 0xD6, 0x34, 0x02, 0x4A, + 0x09, 0x89, 0x70, 0xAD, 0xE6, 0xA8, 0x8B, 0x5F, + 0x90, 0x69, 0xF7, 0x60, 0x58, 0x4D, 0xC4, 0xCF, + 0xFF, 0xCE, 0xA8, 0xEC, 0xE1, 0x1B, 0xB5, 0x56, + 0x6B, 0xD2, 0x36, 0x0A, 0xB7, 0x07, 0xDF, 0x2D, + 0x21, 0xB6, 0x74, 0x88, 0xD9, 0x31, 0xF0, 0x20, + 0x06, 0x91, 0x76, 0x42, 0x3E, 0x69, 0x44, 0x49, + 0x0C, 0xB3, 0x85, 0xE7, 0x0B, 0x35, 0x8A, 0x25, + 0x34, 0x6B, 0xAF, 0xCD, 0xD0, 0x6D, 0x40, 0x2F, + 0xF2, 0x4D, 0x6C, 0x1E, 0x5F, 0x61, 0xA8, 0x5D + }; + static const byte kprime_512[WC_ML_KEM_SS_SZ] = { + 0xDF, 0x46, 0x2A, 0xD6, 0x8F, 0x1E, 0xC8, 0x97, + 0x2E, 0xD9, 0xB0, 0x2D, 0x6D, 0xE0, 0x60, 0x4B, + 0xDE, 0xC7, 0x57, 0x20, 0xE0, 0x50, 0x49, 0x73, + 0x51, 0xE6, 0xEC, 0x93, 0x3E, 0x71, 0xF8, 0x82 + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM_768 + static const byte dk_768[WC_ML_KEM_768_PRIVATE_KEY_SIZE] = { + 0x1E, 0x4A, 0xC8, 0x7B, 0x1A, 0x69, 0x2A, 0x52, + 0x9F, 0xDB, 0xBA, 0xB9, 0x33, 0x74, 0xC5, 0x7D, + 0x11, 0x0B, 0x10, 0xF2, 0xB1, 0xDD, 0xEB, 0xAC, + 0x0D, 0x19, 0x6B, 0x7B, 0xA6, 0x31, 0xB8, 0xE9, + 0x29, 0x30, 0x28, 0xA8, 0xF3, 0x79, 0x88, 0x8C, + 0x42, 0x2D, 0xC8, 0xD3, 0x2B, 0xBF, 0x22, 0x60, + 0x10, 0xC2, 0xC1, 0xEC, 0x73, 0x18, 0x90, 0x80, + 0x45, 0x6B, 0x05, 0x64, 0xB2, 0x58, 0xB0, 0xF2, + 0x31, 0x31, 0xBC, 0x79, 0xC8, 0xE8, 0xC1, 0x1C, + 0xEF, 0x39, 0x38, 0xB2, 0x43, 0xC5, 0xCE, 0x9C, + 0x0E, 0xDD, 0x37, 0xC8, 0xF9, 0xD2, 0x98, 0x77, + 0xDB, 0xBB, 0x61, 0x5B, 0x9B, 0x5A, 0xC3, 0xC9, + 0x48, 0x48, 0x7E, 0x46, 0x71, 0x96, 0xA9, 0x14, + 0x3E, 0xFB, 0xC7, 0xCE, 0xDB, 0x64, 0xB4, 0x5D, + 0x4A, 0xCD, 0xA2, 0x66, 0x6C, 0xBC, 0x28, 0x04, + 0xF2, 0xC8, 0x66, 0x2E, 0x12, 0x8F, 0x6A, 0x99, + 0x69, 0xEC, 0x15, 0xBC, 0x0B, 0x93, 0x51, 0xF6, + 0xF9, 0x63, 0x46, 0xAA, 0x7A, 0xBC, 0x74, 0x3A, + 0x14, 0xFA, 0x03, 0x0E, 0x37, 0xA2, 0xE7, 0x59, + 0x7B, 0xDD, 0xFC, 0x5A, 0x22, 0xF9, 0xCE, 0xDA, + 0xF8, 0x61, 0x48, 0x32, 0x52, 0x72, 0x10, 0xB2, + 0x6F, 0x02, 0x4C, 0x7F, 0x6C, 0x0D, 0xCF, 0x55, + 0x1E, 0x97, 0xA4, 0x85, 0x87, 0x64, 0xC3, 0x21, + 0xD1, 0x83, 0x4A, 0xD5, 0x1D, 0x75, 0xBB, 0x24, + 0x6D, 0x27, 0x72, 0x37, 0xB7, 0xBD, 0x41, 0xDC, + 0x43, 0x62, 0xD0, 0x63, 0xF4, 0x29, 0x82, 0x92, + 0x27, 0x2D, 0x01, 0x01, 0x17, 0x80, 0xB7, 0x98, + 0x56, 0xB2, 0x96, 0xC4, 0xE9, 0x46, 0x65, 0x8B, + 0x79, 0x60, 0x31, 0x97, 0xC9, 0xB2, 0xA9, 0x9E, + 0xC6, 0x6A, 0xCB, 0x06, 0xCE, 0x2F, 0x69, 0xB5, + 0xA5, 0xA6, 0x1E, 0x9B, 0xD0, 0x6A, 0xD4, 0x43, + 0xCE, 0xB0, 0xC7, 0x4E, 0xD6, 0x53, 0x45, 0xA9, + 0x03, 0xB6, 0x14, 0xE8, 0x13, 0x68, 0xAA, 0xC2, + 0xB3, 0xD2, 0xA7, 0x9C, 0xA8, 0xCC, 0xAA, 0x1C, + 0x3B, 0x88, 0xFB, 0x82, 0xA3, 0x66, 0x32, 0x86, + 0x0B, 0x3F, 0x79, 0x50, 0x83, 0x3F, 0xD0, 0x21, + 0x2E, 0xC9, 0x6E, 0xDE, 0x4A, 0xB6, 0xF5, 0xA0, + 0xBD, 0xA3, 0xEC, 0x60, 0x60, 0xA6, 0x58, 0xF9, + 0x45, 0x7F, 0x6C, 0xC8, 0x7C, 0x6B, 0x62, 0x0C, + 0x1A, 0x14, 0x51, 0x98, 0x74, 0x86, 0xE4, 0x96, + 0x61, 0x2A, 0x10, 0x1D, 0x0E, 0x9C, 0x20, 0x57, + 0x7C, 0x57, 0x1E, 0xDB, 0x52, 0x82, 0x60, 0x8B, + 0xF4, 0xE1, 0xAC, 0x92, 0x6C, 0x0D, 0xB1, 0xC8, + 0x2A, 0x50, 0x4A, 0x79, 0x9D, 0x89, 0x88, 0x5C, + 0xA6, 0x25, 0x2B, 0xD5, 0xB1, 0xC1, 0x83, 0xAF, + 0x70, 0x13, 0x92, 0xA4, 0x07, 0xC0, 0x5B, 0x84, + 0x8C, 0x2A, 0x30, 0x16, 0xC4, 0x06, 0x13, 0xF0, + 0x2A, 0x44, 0x9B, 0x3C, 0x79, 0x26, 0xDA, 0x06, + 0x7A, 0x53, 0x31, 0x16, 0x50, 0x68, 0x40, 0x09, + 0x75, 0x10, 0x46, 0x0B, 0xBF, 0xD3, 0x60, 0x73, + 0xDC, 0xB0, 0xBF, 0xA0, 0x09, 0xB3, 0x6A, 0x91, + 0x23, 0xEA, 0xA6, 0x8F, 0x83, 0x5F, 0x74, 0xA0, + 0x1B, 0x00, 0xD2, 0x09, 0x78, 0x35, 0x96, 0x4D, + 0xF5, 0x21, 0xCE, 0x92, 0x10, 0x78, 0x9C, 0x30, + 0xB7, 0xF0, 0x6E, 0x58, 0x44, 0xB4, 0x44, 0xC5, + 0x33, 0x22, 0x39, 0x6E, 0x47, 0x99, 0xBA, 0xF6, + 0xA8, 0x8A, 0xF7, 0x31, 0x58, 0x60, 0xD0, 0x19, + 0x2D, 0x48, 0xC2, 0xC0, 0xDA, 0x6B, 0x5B, 0xA6, + 0x43, 0x25, 0x54, 0x3A, 0xCD, 0xF5, 0x90, 0x0E, + 0x8B, 0xC4, 0x77, 0xAB, 0x05, 0x82, 0x00, 0x72, + 0xD4, 0x63, 0xAF, 0xFE, 0xD0, 0x97, 0xE0, 0x62, + 0xBD, 0x78, 0xC9, 0x9D, 0x12, 0xB3, 0x85, 0x13, + 0x1A, 0x24, 0x1B, 0x70, 0x88, 0x65, 0xB4, 0x19, + 0x0A, 0xF6, 0x9E, 0xA0, 0xA6, 0x4D, 0xB7, 0x14, + 0x48, 0xA6, 0x08, 0x29, 0x36, 0x9C, 0x75, 0x55, + 0x19, 0x8E, 0x43, 0x8C, 0x9A, 0xBC, 0x31, 0x0B, + 0xC7, 0x01, 0x01, 0x91, 0x3B, 0xB1, 0x2F, 0xAA, + 0x5B, 0xEE, 0xF9, 0x75, 0x84, 0x16, 0x17, 0xC8, + 0x47, 0xCD, 0x6B, 0x33, 0x6F, 0x87, 0x79, 0x87, + 0x75, 0x38, 0x22, 0x02, 0x0B, 0x92, 0xC4, 0xCC, + 0x97, 0x05, 0x5C, 0x9B, 0x1E, 0x0B, 0x12, 0x8B, + 0xF1, 0x1F, 0x50, 0x50, 0x05, 0xB6, 0xAB, 0x0E, + 0x62, 0x77, 0x95, 0xA2, 0x06, 0x09, 0xEF, 0xA9, + 0x91, 0xE5, 0x98, 0xB8, 0x0F, 0x37, 0xB1, 0xC6, + 0xA1, 0xC3, 0xA1, 0xE9, 0xAE, 0xE7, 0x02, 0x8F, + 0x77, 0x57, 0x0A, 0xB2, 0x13, 0x91, 0x28, 0xA0, + 0x01, 0x08, 0xC5, 0x0E, 0xB3, 0x05, 0xCD, 0xB8, + 0xF9, 0xA6, 0x03, 0xA6, 0xB0, 0x78, 0x41, 0x3F, + 0x6F, 0x9B, 0x14, 0xC6, 0xD8, 0x2B, 0x51, 0x99, + 0xCE, 0x59, 0xD8, 0x87, 0x90, 0x2A, 0x28, 0x1A, + 0x02, 0x7B, 0x71, 0x74, 0x95, 0xFE, 0x12, 0x67, + 0x2A, 0x12, 0x7B, 0xBF, 0x9B, 0x25, 0x6C, 0x43, + 0x72, 0x0D, 0x7C, 0x16, 0x0B, 0x28, 0x1C, 0x12, + 0x75, 0x7D, 0xA1, 0x35, 0xB1, 0x93, 0x33, 0x52, + 0xBE, 0x4A, 0xB6, 0x7E, 0x40, 0x24, 0x8A, 0xFC, + 0x31, 0x8E, 0x23, 0x70, 0xC3, 0xB8, 0x20, 0x8E, + 0x69, 0x5B, 0xDF, 0x33, 0x74, 0x59, 0xB9, 0xAC, + 0xBF, 0xE5, 0xB4, 0x87, 0xF7, 0x6E, 0x9B, 0x4B, + 0x40, 0x01, 0xD6, 0xCF, 0x90, 0xCA, 0x8C, 0x69, + 0x9A, 0x17, 0x4D, 0x42, 0x97, 0x2D, 0xC7, 0x33, + 0xF3, 0x33, 0x89, 0xFD, 0xF5, 0x9A, 0x1D, 0xAB, + 0xA8, 0x1D, 0x83, 0x49, 0x55, 0x02, 0x73, 0x34, + 0x18, 0x5A, 0xD0, 0x2C, 0x76, 0xCF, 0x29, 0x48, + 0x46, 0xCA, 0x92, 0x94, 0xBA, 0x0E, 0xD6, 0x67, + 0x41, 0xDD, 0xEC, 0x79, 0x1C, 0xAB, 0x34, 0x19, + 0x6A, 0xC5, 0x65, 0x7C, 0x5A, 0x78, 0x32, 0x1B, + 0x56, 0xC3, 0x33, 0x06, 0xB5, 0x10, 0x23, 0x97, + 0xA5, 0xC0, 0x9C, 0x35, 0x08, 0xF7, 0x6B, 0x48, + 0x28, 0x24, 0x59, 0xF8, 0x1D, 0x0C, 0x72, 0xA4, + 0x3F, 0x73, 0x7B, 0xC2, 0xF1, 0x2F, 0x45, 0x42, + 0x26, 0x28, 0xB6, 0x7D, 0xB5, 0x1A, 0xC1, 0x42, + 0x42, 0x76, 0xA6, 0xC0, 0x8C, 0x3F, 0x76, 0x15, + 0x66, 0x5B, 0xBB, 0x8E, 0x92, 0x81, 0x48, 0xA2, + 0x70, 0xF9, 0x91, 0xBC, 0xF3, 0x65, 0xA9, 0x0F, + 0x87, 0xC3, 0x06, 0x87, 0xB6, 0x88, 0x09, 0xC9, + 0x1F, 0x23, 0x18, 0x13, 0xB8, 0x66, 0xBE, 0xA8, + 0x2E, 0x30, 0x37, 0x4D, 0x80, 0xAA, 0x0C, 0x02, + 0x97, 0x34, 0x37, 0x49, 0x8A, 0x53, 0xB1, 0x4B, + 0xF6, 0xB6, 0xCA, 0x1E, 0xD7, 0x6A, 0xB8, 0xA2, + 0x0D, 0x54, 0xA0, 0x83, 0xF4, 0xA2, 0x6B, 0x7C, + 0x03, 0x8D, 0x81, 0x96, 0x76, 0x40, 0xC2, 0x0B, + 0xF4, 0x43, 0x1E, 0x71, 0xDA, 0xCC, 0xE8, 0x57, + 0x7B, 0x21, 0x24, 0x0E, 0x49, 0x4C, 0x31, 0xF2, + 0xD8, 0x77, 0xDA, 0xF4, 0x92, 0x4F, 0xD3, 0x9D, + 0x82, 0xD6, 0x16, 0x7F, 0xBC, 0xC1, 0xF9, 0xC5, + 0xA2, 0x59, 0xF8, 0x43, 0xE3, 0x09, 0x87, 0xCC, + 0xC4, 0xBC, 0xE7, 0x49, 0x3A, 0x24, 0x04, 0xB5, + 0xE4, 0x43, 0x87, 0xF7, 0x07, 0x42, 0x57, 0x81, + 0xB7, 0x43, 0xFB, 0x55, 0x56, 0x85, 0x58, 0x4E, + 0x25, 0x57, 0xCC, 0x03, 0x8B, 0x1A, 0x9B, 0x3F, + 0x40, 0x43, 0x12, 0x1F, 0x54, 0x72, 0xEB, 0x2B, + 0x96, 0xE5, 0x94, 0x1F, 0xEC, 0x01, 0x1C, 0xEE, + 0xA5, 0x07, 0x91, 0x63, 0x6C, 0x6A, 0xBC, 0x26, + 0xC1, 0x37, 0x7E, 0xE3, 0xB5, 0x14, 0x6F, 0xC7, + 0xC8, 0x5C, 0xB3, 0x35, 0xB1, 0xE7, 0x95, 0xEE, + 0xC2, 0x03, 0x3E, 0xE4, 0x4B, 0x9A, 0xA9, 0x06, + 0x85, 0x24, 0x5E, 0xF7, 0xB4, 0x43, 0x6C, 0x00, + 0x0E, 0x66, 0xBC, 0x8B, 0xCB, 0xF1, 0xCD, 0xB8, + 0x03, 0xAC, 0x14, 0x21, 0xB1, 0xFD, 0xB2, 0x66, + 0xD5, 0x29, 0x1C, 0x83, 0x10, 0x37, 0x3A, 0x8A, + 0x3C, 0xE9, 0x56, 0x2A, 0xB1, 0x97, 0x95, 0x38, + 0x71, 0xAB, 0x99, 0xF3, 0x82, 0xCC, 0x5A, 0xA9, + 0xC0, 0xF2, 0x73, 0xD1, 0xDC, 0xA5, 0x5D, 0x27, + 0x12, 0x85, 0x38, 0x71, 0xE1, 0xA8, 0x3C, 0xB3, + 0xB8, 0x54, 0x50, 0xF7, 0x6D, 0x3F, 0x3C, 0x42, + 0xBA, 0xB5, 0x50, 0x5F, 0x72, 0x12, 0xFD, 0xB6, + 0xB8, 0xB7, 0xF6, 0x02, 0x99, 0x72, 0xA8, 0xF3, + 0x75, 0x1E, 0x4C, 0x94, 0xC1, 0x10, 0x8B, 0x02, + 0xD6, 0xAC, 0x79, 0xF8, 0xD9, 0x38, 0xF0, 0x5A, + 0x1B, 0x2C, 0x22, 0x9B, 0x14, 0xB4, 0x2B, 0x31, + 0xB0, 0x1A, 0x36, 0x40, 0x17, 0xE5, 0x95, 0x78, + 0xC6, 0xB0, 0x33, 0x83, 0x37, 0x74, 0xCB, 0x9B, + 0x57, 0x0F, 0x90, 0x86, 0xB7, 0x22, 0x90, 0x3B, + 0x37, 0x54, 0x46, 0xB4, 0x95, 0xD8, 0xA2, 0x9B, + 0xF8, 0x07, 0x51, 0x87, 0x7A, 0x80, 0xFB, 0x72, + 0x4A, 0x02, 0x10, 0xC3, 0xE1, 0x69, 0x2F, 0x39, + 0x7C, 0x2F, 0x1D, 0xDC, 0x2E, 0x6B, 0xA1, 0x7A, + 0xF8, 0x1B, 0x92, 0xAC, 0xFA, 0xBE, 0xF5, 0xF7, + 0x57, 0x3C, 0xB4, 0x93, 0xD1, 0x84, 0x02, 0x7B, + 0x71, 0x82, 0x38, 0xC8, 0x9A, 0x35, 0x49, 0xB8, + 0x90, 0x5B, 0x28, 0xA8, 0x33, 0x62, 0x86, 0x7C, + 0x08, 0x2D, 0x30, 0x19, 0xD3, 0xCA, 0x70, 0x70, + 0x07, 0x31, 0xCE, 0xB7, 0x3E, 0x84, 0x72, 0xC1, + 0xA3, 0xA0, 0x93, 0x36, 0x1C, 0x5F, 0xEA, 0x6A, + 0x7D, 0x40, 0x95, 0x5D, 0x07, 0xA4, 0x1B, 0x64, + 0xE5, 0x00, 0x81, 0xA3, 0x61, 0xB6, 0x04, 0xCC, + 0x51, 0x84, 0x47, 0xC8, 0xE2, 0x57, 0x65, 0xAB, + 0x7D, 0x68, 0xB2, 0x43, 0x27, 0x52, 0x07, 0xAF, + 0x8C, 0xA6, 0x56, 0x4A, 0x4C, 0xB1, 0xE9, 0x41, + 0x99, 0xDB, 0xA1, 0x87, 0x8C, 0x59, 0xBE, 0xC8, + 0x09, 0xAB, 0x48, 0xB2, 0xF2, 0x11, 0xBA, 0xDC, + 0x6A, 0x19, 0x98, 0xD9, 0xC7, 0x22, 0x7C, 0x13, + 0x03, 0xF4, 0x69, 0xD4, 0x6A, 0x9C, 0x7E, 0x53, + 0x03, 0xF9, 0x8A, 0xBA, 0x67, 0x56, 0x9A, 0xE8, + 0x22, 0x7C, 0x16, 0xBA, 0x1F, 0xB3, 0x24, 0x44, + 0x66, 0xA2, 0x5E, 0x7F, 0x82, 0x36, 0x71, 0x81, + 0x0C, 0xC2, 0x62, 0x06, 0xFE, 0xB2, 0x9C, 0x7E, + 0x2A, 0x1A, 0x91, 0x95, 0x9E, 0xEB, 0x03, 0xA9, + 0x82, 0x52, 0xA4, 0xF7, 0x41, 0x26, 0x74, 0xEB, + 0x9A, 0x4B, 0x27, 0x7E, 0x1F, 0x25, 0x95, 0xFC, + 0xA6, 0x40, 0x33, 0xB4, 0x1B, 0x40, 0x33, 0x08, + 0x12, 0xE9, 0x73, 0x5B, 0x7C, 0x60, 0x75, 0x01, + 0xCD, 0x81, 0x83, 0xA2, 0x2A, 0xFC, 0x33, 0x92, + 0x55, 0x37, 0x44, 0xF3, 0x3C, 0x4D, 0x20, 0x25, + 0x26, 0x94, 0x5C, 0x6D, 0x78, 0xA6, 0x0E, 0x20, + 0x1A, 0x16, 0x98, 0x7A, 0x6F, 0xA5, 0x9D, 0x94, + 0x46, 0x4B, 0x56, 0x50, 0x65, 0x56, 0x78, 0x48, + 0x24, 0xA0, 0x70, 0x58, 0xF5, 0x73, 0x20, 0xE7, + 0x6C, 0x82, 0x5B, 0x93, 0x47, 0xF2, 0x93, 0x6F, + 0x4A, 0x0E, 0x5C, 0xDA, 0xA1, 0x8C, 0xF8, 0x83, + 0x39, 0x45, 0xAE, 0x31, 0x2A, 0x36, 0xB5, 0xF5, + 0xA3, 0x81, 0x0A, 0xAC, 0x82, 0x38, 0x1F, 0xDA, + 0xE4, 0xCB, 0x9C, 0x68, 0x31, 0xD8, 0xEB, 0x8A, + 0xBA, 0xB8, 0x50, 0x41, 0x64, 0x43, 0xD7, 0x39, + 0x08, 0x6B, 0x1C, 0x32, 0x6F, 0xC2, 0xA3, 0x97, + 0x57, 0x04, 0xE3, 0x96, 0xA5, 0x96, 0x80, 0xC3, + 0xB5, 0xF3, 0x60, 0xF5, 0x48, 0x0D, 0x2B, 0x62, + 0x16, 0x9C, 0xD9, 0x4C, 0xA7, 0x1B, 0x37, 0xBC, + 0x58, 0x78, 0xBA, 0x29, 0x85, 0xE0, 0x68, 0xBA, + 0x05, 0x0B, 0x2C, 0xE5, 0x07, 0x26, 0xD4, 0xB4, + 0x45, 0x1B, 0x77, 0xAA, 0xA8, 0x67, 0x6E, 0xAE, + 0x09, 0x49, 0x82, 0x21, 0x01, 0x92, 0x19, 0x7B, + 0x1E, 0x92, 0xA2, 0x7F, 0x59, 0x86, 0x8B, 0x78, + 0x86, 0x78, 0x87, 0xB9, 0xA7, 0x0C, 0x32, 0xAF, + 0x84, 0x63, 0x0A, 0xA9, 0x08, 0x81, 0x43, 0x79, + 0xE6, 0x51, 0x91, 0x50, 0xBA, 0x16, 0x43, 0x9B, + 0x5E, 0x2B, 0x06, 0x03, 0xD0, 0x6A, 0xA6, 0x67, + 0x45, 0x57, 0xF5, 0xB0, 0x98, 0x3E, 0x5C, 0xB6, + 0xA9, 0x75, 0x96, 0x06, 0x9B, 0x01, 0xBB, 0x31, + 0x28, 0xC4, 0x16, 0x68, 0x06, 0x57, 0x20, 0x4F, + 0xD0, 0x76, 0x40, 0x39, 0x2E, 0x16, 0xB1, 0x9F, + 0x33, 0x7A, 0x99, 0xA3, 0x04, 0x84, 0x4E, 0x1A, + 0xA4, 0x74, 0xE9, 0xC7, 0x99, 0x06, 0x29, 0x71, + 0xF6, 0x72, 0x26, 0x89, 0x60, 0xF5, 0xA8, 0x2F, + 0x95, 0x00, 0x70, 0xBB, 0xE9, 0xC2, 0xA7, 0x19, + 0x50, 0xA3, 0x78, 0x5B, 0xDF, 0x0B, 0x84, 0x40, + 0x25, 0x5E, 0xD6, 0x39, 0x28, 0xD2, 0x57, 0x84, + 0x51, 0x68, 0xB1, 0xEC, 0xCC, 0x41, 0x91, 0x32, + 0x5A, 0xA7, 0x66, 0x45, 0x71, 0x9B, 0x28, 0xEB, + 0xD8, 0x93, 0x02, 0xDC, 0x67, 0x23, 0xC7, 0x86, + 0xDF, 0x52, 0x17, 0xB2, 0x43, 0x09, 0x9C, 0xA7, + 0x82, 0x38, 0xE5, 0x7E, 0x64, 0x69, 0x2F, 0x20, + 0x6B, 0x17, 0x7A, 0xBC, 0x25, 0x96, 0x60, 0x39, + 0x5C, 0xD7, 0x86, 0x0F, 0xB3, 0x5A, 0x16, 0xF6, + 0xB2, 0xFE, 0x65, 0x48, 0xC8, 0x5A, 0xB6, 0x63, + 0x30, 0xC5, 0x17, 0xFA, 0x74, 0xCD, 0xF3, 0xCB, + 0x49, 0xD2, 0x6B, 0x11, 0x81, 0x90, 0x1A, 0xF7, + 0x75, 0xA1, 0xE1, 0x80, 0x81, 0x3B, 0x6A, 0x24, + 0xC4, 0x56, 0x82, 0x9B, 0x5C, 0x38, 0x10, 0x4E, + 0xCE, 0x43, 0xC7, 0x6A, 0x43, 0x7A, 0x6A, 0x33, + 0xB6, 0xFC, 0x6C, 0x5E, 0x65, 0xC8, 0xA8, 0x94, + 0x66, 0xC1, 0x42, 0x54, 0x85, 0xB2, 0x9B, 0x9E, + 0x18, 0x54, 0x36, 0x8A, 0xFC, 0xA3, 0x53, 0xE1, + 0x43, 0xD0, 0xA9, 0x0A, 0x6C, 0x6C, 0x9E, 0x7F, + 0xDB, 0x62, 0xA6, 0x06, 0x85, 0x6B, 0x56, 0x14, + 0xF1, 0x2B, 0x64, 0xB7, 0x96, 0x02, 0x0C, 0x35, + 0x34, 0xC3, 0x60, 0x5C, 0xFD, 0xC7, 0x3B, 0x86, + 0x71, 0x4F, 0x41, 0x18, 0x50, 0x22, 0x8A, 0x28, + 0xB8, 0xF4, 0xB4, 0x9E, 0x66, 0x34, 0x16, 0xC8, + 0x4F, 0x7E, 0x38, 0x1F, 0x6A, 0xF1, 0x07, 0x13, + 0x43, 0xBF, 0x9D, 0x39, 0xB4, 0x54, 0x39, 0x24, + 0x0C, 0xC0, 0x38, 0x97, 0x29, 0x5F, 0xEA, 0x08, + 0x0B, 0x14, 0xBB, 0x2D, 0x81, 0x19, 0xA8, 0x80, + 0xE1, 0x64, 0x49, 0x5C, 0x61, 0xBE, 0xBC, 0x71, + 0x39, 0xC1, 0x18, 0x57, 0xC8, 0x5E, 0x17, 0x50, + 0x33, 0x8D, 0x63, 0x43, 0x91, 0x37, 0x06, 0xA5, + 0x07, 0xC9, 0x56, 0x64, 0x64, 0xCD, 0x28, 0x37, + 0xCF, 0x91, 0x4D, 0x1A, 0x3C, 0x35, 0xE8, 0x9B, + 0x23, 0x5C, 0x6A, 0xB7, 0xED, 0x07, 0x8B, 0xED, + 0x23, 0x47, 0x57, 0xC0, 0x2E, 0xF6, 0x99, 0x3D, + 0x4A, 0x27, 0x3C, 0xB8, 0x15, 0x05, 0x28, 0xDA, + 0x4D, 0x76, 0x70, 0x81, 0x77, 0xE9, 0x42, 0x55, + 0x46, 0xC8, 0x3E, 0x14, 0x70, 0x39, 0x76, 0x66, + 0x03, 0xB3, 0x0D, 0xA6, 0x26, 0x8F, 0x45, 0x98, + 0xA5, 0x31, 0x94, 0x24, 0x0A, 0x28, 0x32, 0xA3, + 0xD6, 0x75, 0x33, 0xB5, 0x05, 0x6F, 0x9A, 0xAA, + 0xC6, 0x1B, 0x4B, 0x17, 0xB9, 0xA2, 0x69, 0x3A, + 0xA0, 0xD5, 0x88, 0x91, 0xE6, 0xCC, 0x56, 0xCD, + 0xD7, 0x72, 0x41, 0x09, 0x00, 0xC4, 0x05, 0xAF, + 0x20, 0xB9, 0x03, 0x79, 0x7C, 0x64, 0x87, 0x69, + 0x15, 0xC3, 0x7B, 0x84, 0x87, 0xA1, 0x44, 0x9C, + 0xE9, 0x24, 0xCD, 0x34, 0x5C, 0x29, 0xA3, 0x6E, + 0x08, 0x23, 0x8F, 0x7A, 0x15, 0x7C, 0xC7, 0xE5, + 0x16, 0xAB, 0x5B, 0xA7, 0x3C, 0x80, 0x63, 0xF7, + 0x26, 0xBB, 0x5A, 0x0A, 0x03, 0x19, 0xE5, 0x71, + 0x27, 0x43, 0x8C, 0x7F, 0xC6, 0x01, 0xC9, 0x9C, + 0xCA, 0xAE, 0x4C, 0x1A, 0x83, 0x72, 0x6F, 0xDC, + 0xB5, 0x04, 0x5E, 0xD1, 0xA8, 0x2A, 0x98, 0x5E, + 0xA9, 0x95, 0x39, 0x6D, 0x77, 0x27, 0x2C, 0x66, + 0xCE, 0x49, 0x32, 0x89, 0xF6, 0x11, 0x09, 0x10, + 0xF3, 0x7C, 0x27, 0x41, 0xCE, 0x47, 0x02, 0x6A, + 0x6F, 0x82, 0x61, 0x99, 0x9C, 0x64, 0x82, 0x57, + 0x2B, 0x16, 0x93, 0x91, 0x2E, 0xF1, 0x2E, 0xEB, + 0xEA, 0x7A, 0xCF, 0x92, 0x34, 0xFB, 0x40, 0x9F, + 0x2A, 0x60, 0x90, 0xE6, 0xB0, 0xBF, 0xD8, 0x95, + 0x46, 0x9D, 0x0B, 0x2A, 0x92, 0x1B, 0xB7, 0x23, + 0xF8, 0x7A, 0x33, 0xEA, 0x54, 0x65, 0xAB, 0x90, + 0xF5, 0x14, 0xB6, 0x76, 0x98, 0xC0, 0x76, 0x8B, + 0x6C, 0xA4, 0x98, 0xB0, 0x22, 0xC5, 0x12, 0xFA, + 0x08, 0x75, 0xF0, 0x54, 0xAA, 0x22, 0x65, 0x86, + 0x7E, 0x31, 0xC0, 0xE5, 0x22, 0x65, 0x1E, 0x02, + 0x4A, 0x07, 0xD6, 0x0D, 0xD9, 0xF6, 0x33, 0x16, + 0x69, 0x21, 0xF4, 0x12, 0x6B, 0xC2, 0xB6, 0xAA, + 0x01, 0xCC, 0x15, 0xA0, 0x9B, 0x85, 0xBF, 0xF8, + 0x21, 0x8C, 0x5A, 0xAE, 0x95, 0xBC, 0x1F, 0xFB, + 0x26, 0xAE, 0x5A, 0x13, 0x76, 0x70, 0xF0, 0x49, + 0x10, 0xCA, 0x9D, 0x72, 0x41, 0xB6, 0x66, 0x0C, + 0x39, 0x4C, 0x54, 0x55, 0x91, 0x77, 0x46, 0xA2, + 0x66, 0x82, 0xFB, 0x71, 0xA4, 0x32, 0xEA, 0x95, + 0x30, 0xE8, 0x39, 0xBD, 0xEB, 0x07, 0x43, 0x30, + 0x04, 0xF4, 0x5A, 0x0D, 0xDA, 0xA0, 0xB2, 0x4E, + 0x3A, 0x56, 0x6A, 0x54, 0x08, 0x15, 0xF2, 0x81, + 0xE3, 0xFC, 0x25, 0x9A, 0xC6, 0xCB, 0xC0, 0xAC, + 0xB8, 0xD6, 0x22, 0x68, 0xB6, 0x03, 0xBC, 0x67, + 0x6A, 0xB4, 0x15, 0xC4, 0x74, 0xBB, 0x94, 0x87, + 0x3E, 0x44, 0x87, 0xAE, 0x31, 0xA4, 0xE3, 0x84, + 0x5C, 0x79, 0x90, 0x15, 0x50, 0x89, 0x0E, 0xE8, + 0x78, 0x4E, 0xEF, 0x90, 0x4F, 0xEE, 0x62, 0xBA, + 0x8C, 0x5F, 0x95, 0x2C, 0x68, 0x41, 0x30, 0x52, + 0xE0, 0xA7, 0xE3, 0x38, 0x8B, 0xB8, 0xFF, 0x0A, + 0xD6, 0x02, 0xAE, 0x3E, 0xA1, 0x4D, 0x9D, 0xF6, + 0xDD, 0x5E, 0x4C, 0xC6, 0xA3, 0x81, 0xA4, 0x1D, + 0xA5, 0xC1, 0x37, 0xEC, 0xC4, 0x9D, 0xF5, 0x87, + 0xE1, 0x78, 0xEA, 0xF4, 0x77, 0x02, 0xEC, 0x62, + 0x37, 0x80, 0x69, 0x1A, 0x32, 0x33, 0xF6, 0x9F, + 0x12, 0xBD, 0x9C, 0x9B, 0x96, 0x37, 0xC5, 0x13, + 0x78, 0xAD, 0x71, 0xA8, 0x31, 0x05, 0x52, 0x77, + 0x25, 0x4C, 0xC6, 0x3C, 0x5A, 0xD4, 0xCB, 0x76, + 0xB4, 0xAB, 0x82, 0xE5, 0xFC, 0xA1, 0x35, 0xE8, + 0xD2, 0x6A, 0x6B, 0x3A, 0x89, 0xFA, 0x5B, 0x6F + }; + static const byte c_768[WC_ML_KEM_768_CIPHER_TEXT_SIZE] = { + 0xA5, 0xC8, 0x1C, 0x76, 0xC2, 0x43, 0x05, 0xE1, + 0xCE, 0x5D, 0x81, 0x35, 0xD4, 0x15, 0x23, 0x68, + 0x2E, 0x9E, 0xE6, 0xD7, 0xB4, 0x0A, 0xD4, 0x1D, + 0xF1, 0xF3, 0x7C, 0x9B, 0x17, 0xDC, 0xE7, 0x80, + 0x76, 0x01, 0x9A, 0x6B, 0x0B, 0x7C, 0x95, 0xC9, + 0xBE, 0x7A, 0xF2, 0x95, 0x07, 0xB2, 0xD5, 0xA6, + 0x98, 0x7C, 0x8E, 0xE3, 0x25, 0x91, 0x90, 0x85, + 0x52, 0x43, 0xE6, 0xE5, 0x6F, 0x56, 0x20, 0x60, + 0x8C, 0x52, 0xD9, 0x6F, 0xAB, 0x10, 0x3A, 0x87, + 0x00, 0xFB, 0xA1, 0xA8, 0x7D, 0xCA, 0x60, 0x78, + 0x11, 0x8A, 0x08, 0x71, 0x76, 0x2C, 0x95, 0x34, + 0xC0, 0xC0, 0xC3, 0x97, 0x8C, 0x91, 0xC3, 0xA0, + 0x1F, 0x0F, 0x60, 0x8D, 0xCF, 0x75, 0x78, 0x15, + 0x43, 0x8F, 0xE8, 0x95, 0x7C, 0x8A, 0x85, 0x91, + 0x83, 0xB1, 0xB6, 0x72, 0x1A, 0x08, 0x65, 0xBE, + 0xBC, 0x79, 0x9D, 0x4E, 0x5C, 0x0E, 0x7B, 0xD3, + 0xEA, 0xE4, 0x85, 0x8E, 0x6A, 0xB6, 0xA2, 0xE7, + 0x65, 0x8E, 0xD8, 0x0D, 0x4E, 0xD1, 0x58, 0xB0, + 0x36, 0xB9, 0x3F, 0xA0, 0x3A, 0xFA, 0x6A, 0xE3, + 0x13, 0x6C, 0xF3, 0xD6, 0x93, 0xC9, 0x11, 0xBC, + 0xC7, 0x59, 0x05, 0xE5, 0xB0, 0xCB, 0x28, 0x65, + 0xB9, 0xE9, 0x88, 0x45, 0x22, 0xA7, 0x77, 0x77, + 0x61, 0x3E, 0x53, 0x11, 0x1D, 0x5A, 0x1C, 0x7D, + 0x3D, 0xAB, 0x73, 0x4C, 0xEB, 0x03, 0x65, 0x7A, + 0xE0, 0xC8, 0x97, 0x63, 0xE9, 0x94, 0x71, 0x05, + 0x47, 0x76, 0xBA, 0xE7, 0xD5, 0x1B, 0x0E, 0x73, + 0xA5, 0xBB, 0x35, 0xAE, 0xC3, 0x0F, 0xF6, 0xBC, + 0x93, 0x68, 0x49, 0x16, 0xFE, 0xF1, 0x16, 0x25, + 0x86, 0x45, 0x2F, 0x42, 0x66, 0x53, 0xE2, 0xCA, + 0x84, 0x4D, 0x57, 0x44, 0x30, 0x7F, 0xF9, 0xAE, + 0xB2, 0x87, 0xA6, 0x44, 0x77, 0x83, 0xB2, 0x1A, + 0x0E, 0x93, 0x9C, 0x81, 0x42, 0x1D, 0x63, 0x1F, + 0x5D, 0xCB, 0x45, 0x2E, 0x51, 0xED, 0x34, 0xE3, + 0xDA, 0xD1, 0xCF, 0x50, 0x4E, 0x0A, 0x3B, 0x0F, + 0x47, 0x11, 0xA8, 0xDC, 0x64, 0x99, 0xD1, 0x69, + 0x1D, 0x10, 0x95, 0x69, 0x33, 0x6C, 0xE1, 0x55, + 0x8A, 0x4C, 0x0A, 0x46, 0x4E, 0x20, 0x87, 0xEA, + 0x8F, 0x9E, 0x3B, 0x18, 0xF7, 0x47, 0xEF, 0x61, + 0xF4, 0x57, 0x6A, 0xEB, 0x42, 0xB1, 0x7C, 0xAD, + 0xB7, 0xF0, 0xFD, 0x84, 0xDA, 0x8E, 0x3A, 0x6F, + 0x47, 0x1D, 0x95, 0xED, 0xFA, 0x65, 0xBE, 0x9E, + 0x6C, 0x9F, 0x6A, 0xE7, 0x56, 0xA2, 0x2A, 0x4F, + 0x1A, 0x5C, 0x54, 0x3C, 0x26, 0xBA, 0x7B, 0xAD, + 0x88, 0xE1, 0x6D, 0x5F, 0x5B, 0x7E, 0x12, 0xE2, + 0xD4, 0xCA, 0x34, 0xB3, 0xA6, 0x4D, 0x17, 0xF8, + 0x7C, 0xCF, 0xC4, 0xFF, 0x8C, 0x5E, 0x4F, 0x53, + 0x75, 0x2A, 0x07, 0x7C, 0x68, 0x72, 0x1E, 0x8C, + 0xC8, 0x17, 0xF9, 0xFF, 0x24, 0x87, 0x61, 0x70, + 0xFF, 0x2A, 0xF8, 0x9F, 0xA9, 0x58, 0x55, 0xA5, + 0xB1, 0xDE, 0x34, 0x7C, 0x07, 0xFD, 0xDB, 0xCF, + 0xE7, 0x26, 0x4A, 0xA5, 0xED, 0x64, 0x01, 0x49, + 0x15, 0x61, 0xD8, 0x31, 0x53, 0x8F, 0x85, 0x2B, + 0x0E, 0xD7, 0xB9, 0xE8, 0xEB, 0xAF, 0xFC, 0x06, + 0x02, 0x84, 0xF2, 0x2D, 0x2B, 0xAE, 0xE5, 0x6F, + 0xA9, 0xF6, 0xD0, 0x14, 0x32, 0xA1, 0x15, 0xA2, + 0xD6, 0xA6, 0x4C, 0x38, 0xAE, 0x0A, 0x50, 0xBA, + 0x36, 0x2F, 0xB5, 0x7B, 0x53, 0xE3, 0xE8, 0x55, + 0xB8, 0x3C, 0xE8, 0xC4, 0x22, 0x74, 0x04, 0x55, + 0x99, 0xF6, 0x5F, 0xA6, 0xA8, 0x92, 0x1D, 0x85, + 0xF9, 0x4E, 0xD2, 0x30, 0xB5, 0x16, 0x71, 0x2D, + 0xB6, 0xFD, 0x2F, 0xF2, 0x8B, 0x3A, 0x33, 0x71, + 0xD9, 0xBE, 0x05, 0x8A, 0xE7, 0x5C, 0x2F, 0xA5, + 0x91, 0xB7, 0xEC, 0x3C, 0x3D, 0xAA, 0x1F, 0x76, + 0x42, 0xBC, 0x26, 0xC3, 0x24, 0xC0, 0x80, 0x90, + 0x60, 0x7E, 0x66, 0x62, 0x15, 0x4D, 0xB3, 0x7C, + 0xF7, 0x47, 0x96, 0x7A, 0x1F, 0x9F, 0xC2, 0x90, + 0x89, 0xF5, 0x70, 0xEB, 0xE6, 0x0E, 0xEE, 0xF8, + 0x9F, 0xD2, 0x44, 0x81, 0x02, 0x8C, 0x85, 0xAE, + 0xF1, 0xDC, 0x3B, 0x09, 0xF2, 0x2C, 0xD3, 0x69, + 0x1B, 0xBB, 0xB8, 0x21, 0xC7, 0xA8, 0xA0, 0xF3, + 0x5A, 0xD1, 0x2B, 0xE1, 0xDD, 0x19, 0x9B, 0x97, + 0x70, 0x48, 0xF3, 0xD4, 0x8C, 0x16, 0xBB, 0x2C, + 0xA9, 0x4C, 0xEC, 0xB8, 0x92, 0x87, 0x70, 0xD5, + 0xBB, 0x32, 0x9A, 0x03, 0x27, 0xE0, 0xB2, 0x86, + 0xFA, 0xA1, 0xC6, 0x52, 0x81, 0x03, 0x1A, 0x31, + 0xC8, 0x4F, 0x2E, 0xDC, 0x9C, 0x04, 0xD4, 0x75, + 0xED, 0x4E, 0x12, 0x8E, 0x51, 0xEF, 0xA9, 0x7D, + 0x01, 0x48, 0xCB, 0xA6, 0xC9, 0x5F, 0x67, 0x4C, + 0x58, 0x9F, 0x30, 0x1C, 0x26, 0x5B, 0xED, 0x70, + 0x8E, 0x9A, 0xD8, 0xDA, 0x3C, 0x5C, 0xEC, 0xBD, + 0xEE, 0xED, 0x35, 0xEF, 0x1E, 0x25, 0x31, 0x32, + 0xBA, 0x89, 0x92, 0x0D, 0x78, 0x6B, 0x88, 0x23, + 0x0B, 0x01, 0x3B, 0xCF, 0x2D, 0xC9, 0x2D, 0x6B, + 0x15, 0x7A, 0xFA, 0x8D, 0xA8, 0x59, 0x2C, 0xD0, + 0x74, 0x3D, 0x49, 0x82, 0xBE, 0x60, 0xD7, 0xC2, + 0xD5, 0xC4, 0x72, 0xAB, 0x9F, 0xA7, 0xF4, 0xCC, + 0x3D, 0x12, 0xB0, 0xEB, 0xAF, 0x0A, 0xBE, 0x55, + 0x5C, 0x75, 0x80, 0x54, 0x26, 0x84, 0x4D, 0xD9, + 0x42, 0x86, 0x43, 0xF8, 0x44, 0x06, 0xA1, 0xB8, + 0xD6, 0xFA, 0xED, 0xFD, 0x8A, 0xE6, 0xE7, 0x3A, + 0x72, 0x77, 0x2A, 0x21, 0x59, 0xAC, 0xAB, 0xD9, + 0x72, 0xAE, 0xB6, 0xF7, 0xDE, 0x09, 0x1A, 0xC5, + 0xFD, 0xD7, 0xF4, 0x9A, 0x3D, 0xC6, 0x64, 0x1C, + 0xDF, 0x62, 0x44, 0x6B, 0x4B, 0x04, 0xA3, 0x1F, + 0x73, 0xB8, 0x0A, 0x62, 0xF8, 0x0A, 0x40, 0x4A, + 0x8C, 0xB1, 0x8C, 0xE3, 0xE6, 0x54, 0x80, 0xEF, + 0x7B, 0x52, 0xBF, 0x00, 0x91, 0x11, 0x7E, 0x5D, + 0x08, 0xEA, 0xE1, 0xB0, 0xAA, 0xBB, 0x72, 0xE6, + 0xDF, 0xFF, 0xF7, 0x6F, 0x6E, 0x44, 0xBB, 0xD7, + 0xEA, 0x57, 0x0D, 0x66, 0x04, 0xBC, 0x2E, 0x74, + 0x31, 0x8B, 0xAF, 0xA3, 0x15, 0xA3, 0x88, 0x61, + 0xAA, 0x1B, 0x21, 0xAF, 0xB2, 0xA5, 0x3F, 0x26, + 0x14, 0xF1, 0xD6, 0x40, 0x07, 0x59, 0x84, 0xAE, + 0x62, 0xE2, 0xFC, 0xA1, 0xD1, 0xB4, 0xDB, 0x36, + 0x9F, 0x15, 0x70, 0x5C, 0xE7, 0xD4, 0xDF, 0x8A, + 0xE9, 0x82, 0x64, 0x50, 0x10, 0x51, 0xC0, 0xDE, + 0xF2, 0x1D, 0x64, 0x5D, 0x49, 0x62, 0x5A, 0xF0, + 0x2C, 0xA4, 0x28, 0xD9, 0xF0, 0xC2, 0xCD, 0x9F, + 0xBA, 0xEE, 0xAB, 0x97, 0xE8, 0xE9, 0x15, 0x16, + 0x62, 0xB6, 0x99, 0x2B, 0x4C, 0x99, 0xAB, 0x1B, + 0x92, 0x5D, 0x08, 0x92, 0x03, 0x63, 0x37, 0x3F, + 0x76, 0xD3, 0xFD, 0xF0, 0x82, 0x8C, 0xAA, 0x69, + 0xC8, 0xB1, 0xBD, 0xC6, 0xF5, 0x21, 0xDF, 0x64, + 0x1C, 0xF1, 0xC8, 0xA4, 0xE7, 0xEF, 0x0C, 0x23, + 0x28, 0x9A, 0x4E, 0x2C, 0xF1, 0x8A, 0xCE, 0xBB, + 0xE4, 0xC1, 0xE6, 0x83, 0x69, 0xBD, 0x52, 0x35, + 0x12, 0x01, 0x42, 0xEC, 0xDD, 0x1A, 0x73, 0x81, + 0x1E, 0x2E, 0x53, 0x3A, 0x64, 0x7D, 0x7A, 0xEE, + 0x16, 0xDA, 0xA0, 0x3B, 0x68, 0x36, 0x39, 0xDC, + 0xF1, 0xE1, 0xF1, 0xE7, 0x1C, 0xFA, 0xED, 0x48, + 0xF6, 0x9A, 0xEC, 0x3E, 0x83, 0x17, 0x33, 0xDA, + 0x19, 0xCE, 0xBE, 0xC1, 0xDD, 0xBF, 0x71, 0xCB, + 0xAE, 0x08, 0x00, 0xF2, 0xF6, 0xD6, 0x4A, 0x09, + 0x6E, 0xC4, 0x95, 0xD6, 0x2F, 0x43, 0x44, 0xF7, + 0xAA, 0x56, 0x21, 0xB3, 0x22, 0x35, 0x3A, 0x79, + 0x5A, 0xA0, 0x99, 0xEA, 0x3A, 0x07, 0x02, 0x72, + 0xD0, 0x53, 0xD4, 0x65, 0x3A, 0x20, 0xCF, 0x21, + 0x0E, 0xAA, 0xF1, 0x2C, 0xAE, 0x60, 0x23, 0xD8, + 0xE5, 0x11, 0x8D, 0xF0, 0x4B, 0x38, 0x4A, 0x44, + 0xD1, 0xED, 0xB9, 0x1C, 0x44, 0x98, 0x9E, 0xF7, + 0xEE, 0x57, 0xF2, 0xBF, 0x81, 0xA2, 0x4B, 0xDC, + 0x76, 0x80, 0x7D, 0xA9, 0x67, 0xEE, 0x65, 0x25, + 0x41, 0x0C, 0x5C, 0x48, 0x50, 0x67, 0xEF, 0xC3, + 0xD3, 0x9A, 0x9A, 0xD4, 0x2C, 0xC7, 0x53, 0xBA, + 0xA5, 0x9A, 0x1F, 0xD2, 0x8A, 0xF3, 0x5C, 0x00, + 0xD1, 0x8A, 0x40, 0x6A, 0x28, 0xFC, 0x79, 0xBA + }; + static const byte kprime_768[WC_ML_KEM_SS_SZ] = { + 0xDC, 0x5B, 0x88, 0x88, 0xBC, 0x1E, 0xBA, 0x5C, + 0x19, 0x69, 0xC2, 0x11, 0x64, 0xEA, 0x43, 0xE2, + 0x2E, 0x7A, 0xC0, 0xCD, 0x01, 0x2A, 0x2F, 0x26, + 0xCB, 0x8C, 0x48, 0x7E, 0x69, 0xEF, 0x7C, 0xE4 + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM_1024 + static const byte dk_1024[WC_ML_KEM_1024_PRIVATE_KEY_SIZE] = { + 0x84, 0x45, 0xC3, 0x36, 0xF3, 0x51, 0x8B, 0x29, + 0x81, 0x63, 0xDC, 0xBB, 0x63, 0x57, 0x59, 0x79, + 0x83, 0xCA, 0x2E, 0x87, 0x3D, 0xCB, 0x49, 0x61, + 0x0C, 0xF5, 0x2F, 0x14, 0xDB, 0xCB, 0x94, 0x7C, + 0x1F, 0x3E, 0xE9, 0x26, 0x69, 0x67, 0x27, 0x6B, + 0x0C, 0x57, 0x6C, 0xF7, 0xC3, 0x0E, 0xE6, 0xB9, + 0x3D, 0xEA, 0x51, 0x18, 0x67, 0x6C, 0xBE, 0xE1, + 0xB1, 0xD4, 0x79, 0x42, 0x06, 0xFB, 0x36, 0x9A, + 0xBA, 0x41, 0x16, 0x7B, 0x43, 0x93, 0x85, 0x5C, + 0x84, 0xEB, 0xA8, 0xF3, 0x23, 0x73, 0xC0, 0x5B, + 0xAE, 0x76, 0x31, 0xC8, 0x02, 0x74, 0x4A, 0xAD, + 0xB6, 0xC2, 0xDE, 0x41, 0x25, 0x0C, 0x49, 0x43, + 0x15, 0x23, 0x0B, 0x52, 0x82, 0x6C, 0x34, 0x58, + 0x7C, 0xB2, 0x1B, 0x18, 0x3B, 0x49, 0xB2, 0xA5, + 0xAC, 0x04, 0x92, 0x1A, 0xC6, 0xBF, 0xAC, 0x1B, + 0x24, 0xA4, 0xB3, 0x7A, 0x93, 0xA4, 0xB1, 0x68, + 0xCC, 0xE7, 0x59, 0x1B, 0xE6, 0x11, 0x1F, 0x47, + 0x62, 0x60, 0xF2, 0x76, 0x29, 0x59, 0xF5, 0xC1, + 0x64, 0x01, 0x18, 0xC2, 0x42, 0x37, 0x72, 0xE2, + 0xAD, 0x03, 0xDC, 0x71, 0x68, 0xA3, 0x8C, 0x6D, + 0xD3, 0x9F, 0x5F, 0x72, 0x54, 0x26, 0x42, 0x80, + 0xC8, 0xBC, 0x10, 0xB9, 0x14, 0x16, 0x80, 0x70, + 0x47, 0x2F, 0xA8, 0x80, 0xAC, 0xB8, 0x60, 0x1A, + 0x8A, 0x08, 0x37, 0xF2, 0x5F, 0xE1, 0x94, 0x68, + 0x7C, 0xD6, 0x8B, 0x7D, 0xE2, 0x34, 0x0F, 0x03, + 0x6D, 0xAD, 0x89, 0x1D, 0x38, 0xD1, 0xB0, 0xCE, + 0x9C, 0x26, 0x33, 0x35, 0x5C, 0xF5, 0x7B, 0x50, + 0xB8, 0x96, 0x03, 0x6F, 0xCA, 0x26, 0x0D, 0x26, + 0x69, 0xF8, 0x5B, 0xAC, 0x79, 0x71, 0x4F, 0xDA, + 0xFB, 0x41, 0xEF, 0x80, 0xB8, 0xC3, 0x02, 0x64, + 0xC3, 0x13, 0x86, 0xAE, 0x60, 0xB0, 0x5F, 0xAA, + 0x54, 0x2A, 0x26, 0xB4, 0x1E, 0xB8, 0x5F, 0x67, + 0x06, 0x8F, 0x08, 0x80, 0x34, 0xFF, 0x67, 0xAA, + 0x2E, 0x81, 0x5A, 0xAB, 0x8B, 0xCA, 0x6B, 0xF7, + 0x1F, 0x70, 0xEC, 0xC3, 0xCB, 0xCB, 0xC4, 0x5E, + 0xF7, 0x01, 0xFC, 0xD5, 0x42, 0xBD, 0x21, 0xC7, + 0xB0, 0x95, 0x68, 0xF3, 0x69, 0xC6, 0x69, 0xF3, + 0x96, 0x47, 0x38, 0x44, 0xFB, 0xA1, 0x49, 0x57, + 0xF5, 0x19, 0x74, 0xD8, 0x52, 0xB9, 0x78, 0x01, + 0x46, 0x03, 0xA2, 0x10, 0xC0, 0x19, 0x03, 0x62, + 0x87, 0x00, 0x89, 0x94, 0xF2, 0x12, 0x55, 0xB2, + 0x50, 0x99, 0xAD, 0x82, 0xAA, 0x13, 0x24, 0x38, + 0x96, 0x3B, 0x2C, 0x0A, 0x47, 0xCD, 0xF5, 0xF3, + 0x2B, 0xA4, 0x6B, 0x76, 0xC7, 0xA6, 0x55, 0x9F, + 0x18, 0xBF, 0xD5, 0x55, 0xB7, 0x62, 0xE4, 0x87, + 0xB6, 0xAC, 0x99, 0x2F, 0xE2, 0x0E, 0x28, 0x3C, + 0xA0, 0xB3, 0xF6, 0x16, 0x44, 0x96, 0x95, 0x59, + 0x95, 0xC3, 0xB2, 0x8A, 0x57, 0xBB, 0xC2, 0x98, + 0x26, 0xF0, 0x6F, 0xB3, 0x8B, 0x25, 0x34, 0x70, + 0xAF, 0x63, 0x1B, 0xC4, 0x6C, 0x3A, 0x8F, 0x9C, + 0xE8, 0x24, 0x32, 0x19, 0x85, 0xDD, 0x01, 0xC0, + 0x5F, 0x69, 0xB8, 0x24, 0xF9, 0x16, 0x63, 0x3B, + 0x40, 0x65, 0x4C, 0x75, 0xAA, 0xEB, 0x93, 0x85, + 0x57, 0x6F, 0xFD, 0xE2, 0x99, 0x0A, 0x6B, 0x0A, + 0x3B, 0xE8, 0x29, 0xD6, 0xD8, 0x4E, 0x34, 0xF1, + 0x78, 0x05, 0x89, 0xC7, 0x92, 0x04, 0xC6, 0x3C, + 0x79, 0x8F, 0x55, 0xD2, 0x31, 0x87, 0xE4, 0x61, + 0xD4, 0x8C, 0x21, 0xE5, 0xC0, 0x47, 0xE5, 0x35, + 0xB1, 0x9F, 0x45, 0x8B, 0xBA, 0x13, 0x45, 0xB9, + 0xE4, 0x1E, 0x0C, 0xB4, 0xA9, 0xC2, 0xD8, 0xC4, + 0x0B, 0x49, 0x0A, 0x3B, 0xAB, 0xC5, 0x53, 0xB3, + 0x02, 0x6B, 0x16, 0x72, 0xD2, 0x8C, 0xBC, 0x8B, + 0x49, 0x8A, 0x3A, 0x99, 0x57, 0x9A, 0x83, 0x2F, + 0xEA, 0xE7, 0x46, 0x10, 0xF0, 0xB6, 0x25, 0x0C, + 0xC3, 0x33, 0xE9, 0x49, 0x3E, 0xB1, 0x62, 0x1E, + 0xD3, 0x4A, 0xA4, 0xAB, 0x17, 0x5F, 0x2C, 0xA2, + 0x31, 0x15, 0x25, 0x09, 0xAC, 0xB6, 0xAC, 0x86, + 0xB2, 0x0F, 0x6B, 0x39, 0x10, 0x84, 0x39, 0xE5, + 0xEC, 0x12, 0xD4, 0x65, 0xA0, 0xFE, 0xF3, 0x50, + 0x03, 0xE1, 0x42, 0x77, 0xA2, 0x18, 0x12, 0x14, + 0x6B, 0x25, 0x44, 0x71, 0x6D, 0x6A, 0xB8, 0x2D, + 0x1B, 0x07, 0x26, 0xC2, 0x7A, 0x98, 0xD5, 0x89, + 0xEB, 0xDA, 0xCC, 0x4C, 0x54, 0xBA, 0x77, 0xB2, + 0x49, 0x8F, 0x21, 0x7E, 0x14, 0xE3, 0x4E, 0x66, + 0x02, 0x5A, 0x2A, 0x14, 0x3A, 0x99, 0x25, 0x20, + 0xA6, 0x1C, 0x06, 0x72, 0xCC, 0x9C, 0xCE, 0xD7, + 0xC9, 0x45, 0x0C, 0x68, 0x3E, 0x90, 0xA3, 0xE4, + 0x65, 0x1D, 0xB6, 0x23, 0xA6, 0xDB, 0x39, 0xAC, + 0x26, 0x12, 0x5B, 0x7F, 0xC1, 0x98, 0x6D, 0x7B, + 0x04, 0x93, 0xB8, 0xB7, 0x2D, 0xE7, 0x70, 0x7D, + 0xC2, 0x0B, 0xBD, 0xD4, 0x37, 0x13, 0x15, 0x6A, + 0xF7, 0xD9, 0x43, 0x0E, 0xF4, 0x53, 0x99, 0x66, + 0x3C, 0x22, 0x02, 0x73, 0x91, 0x68, 0x69, 0x2D, + 0xD6, 0x57, 0x54, 0x5B, 0x05, 0x6D, 0x9C, 0x92, + 0x38, 0x5A, 0x7F, 0x41, 0x4B, 0x34, 0xB9, 0x0C, + 0x79, 0x60, 0xD5, 0x7B, 0x35, 0xBA, 0x7D, 0xDE, + 0x7B, 0x81, 0xFC, 0xA0, 0x11, 0x9D, 0x74, 0x1B, + 0x12, 0x78, 0x09, 0x26, 0x01, 0x8F, 0xE4, 0xC8, + 0x03, 0x0B, 0xF0, 0x38, 0xE1, 0x8B, 0x4F, 0xA3, + 0x37, 0x43, 0xD0, 0xD3, 0xC8, 0x46, 0x41, 0x7E, + 0x9D, 0x59, 0x15, 0xC2, 0x46, 0x31, 0x59, 0x38, + 0xB1, 0xE2, 0x33, 0x61, 0x45, 0x01, 0xD0, 0x26, + 0x95, 0x95, 0x51, 0x25, 0x8B, 0x23, 0x32, 0x30, + 0xD4, 0x28, 0xB1, 0x81, 0xB1, 0x32, 0xF1, 0xD0, + 0xB0, 0x26, 0x06, 0x7B, 0xA8, 0x16, 0x99, 0x9B, + 0xC0, 0xCD, 0x6B, 0x54, 0x7E, 0x54, 0x8B, 0x63, + 0xC9, 0xEA, 0xA0, 0x91, 0xBA, 0xC4, 0x93, 0xDC, + 0x59, 0x8D, 0xBC, 0x2B, 0x0E, 0x14, 0x6A, 0x25, + 0x91, 0xC2, 0xA8, 0xC0, 0x09, 0xDD, 0x51, 0x70, + 0xAA, 0xE0, 0x27, 0xC5, 0x41, 0xA1, 0xB5, 0xE6, + 0x6E, 0x45, 0xC6, 0x56, 0x12, 0x98, 0x4C, 0x46, + 0x77, 0x04, 0x93, 0xEC, 0x89, 0x6E, 0xF2, 0x5A, + 0xA9, 0x30, 0x5E, 0x9F, 0x06, 0x69, 0x2C, 0xD0, + 0xB2, 0xF0, 0x69, 0x62, 0xE2, 0x05, 0xBE, 0xBE, + 0x11, 0x3A, 0x34, 0xEB, 0xB1, 0xA4, 0x83, 0x0A, + 0x9B, 0x37, 0x49, 0x64, 0x1B, 0xB9, 0x35, 0x00, + 0x7B, 0x23, 0xB2, 0x4B, 0xFE, 0x57, 0x69, 0x56, + 0x25, 0x4D, 0x7A, 0x35, 0xAA, 0x49, 0x6A, 0xC4, + 0x46, 0xC6, 0x7A, 0x7F, 0xEC, 0x85, 0xA6, 0x00, + 0x57, 0xE8, 0x58, 0x06, 0x17, 0xBC, 0xB3, 0xFA, + 0xD1, 0x5C, 0x76, 0x44, 0x0F, 0xED, 0x54, 0xCC, + 0x78, 0x93, 0x94, 0xFE, 0xA2, 0x44, 0x52, 0xCC, + 0x6B, 0x05, 0x85, 0xB7, 0xEB, 0x0A, 0x88, 0xBB, + 0xA9, 0x50, 0x0D, 0x98, 0x00, 0xE6, 0x24, 0x1A, + 0xFE, 0xB5, 0x23, 0xB5, 0x5A, 0x96, 0xA5, 0x35, + 0x15, 0x1D, 0x10, 0x49, 0x57, 0x32, 0x06, 0xE5, + 0x9C, 0x7F, 0xEB, 0x07, 0x09, 0x66, 0x82, 0x36, + 0x34, 0xF7, 0x7D, 0x5F, 0x12, 0x91, 0x75, 0x5A, + 0x24, 0x31, 0x19, 0x62, 0x1A, 0xF8, 0x08, 0x4A, + 0xB7, 0xAC, 0x1E, 0x22, 0xA0, 0x56, 0x8C, 0x62, + 0x01, 0x41, 0x7C, 0xBE, 0x36, 0x55, 0xD8, 0xA0, + 0x8D, 0xD5, 0xB5, 0x13, 0x88, 0x4C, 0x98, 0xD5, + 0xA4, 0x93, 0xFD, 0x49, 0x38, 0x2E, 0xA4, 0x18, + 0x60, 0xF1, 0x33, 0xCC, 0xD6, 0x01, 0xE8, 0x85, + 0x96, 0x64, 0x26, 0xA2, 0xB1, 0xF2, 0x3D, 0x42, + 0xD8, 0x2E, 0x24, 0x58, 0x2D, 0x99, 0x72, 0x51, + 0x92, 0xC2, 0x17, 0x77, 0x46, 0x7B, 0x14, 0x57, + 0xB1, 0xDD, 0x42, 0x9A, 0x0C, 0x41, 0xA5, 0xC3, + 0xD7, 0x04, 0xCE, 0xA0, 0x62, 0x78, 0xC5, 0x99, + 0x41, 0xB4, 0x38, 0xC6, 0x27, 0x27, 0x09, 0x78, + 0x09, 0xB4, 0x53, 0x0D, 0xBE, 0x83, 0x7E, 0xA3, + 0x96, 0xB6, 0xD3, 0x10, 0x77, 0xFA, 0xD3, 0x73, + 0x30, 0x53, 0x98, 0x9A, 0x84, 0x42, 0xAA, 0xC4, + 0x25, 0x5C, 0xB1, 0x63, 0xB8, 0xCA, 0x2F, 0x27, + 0x50, 0x1E, 0xA9, 0x67, 0x30, 0x56, 0x95, 0xAB, + 0xD6, 0x59, 0xAA, 0x02, 0xC8, 0x3E, 0xE6, 0x0B, + 0xB5, 0x74, 0x20, 0x3E, 0x99, 0x37, 0xAE, 0x1C, + 0x62, 0x1C, 0x8E, 0xCB, 0x5C, 0xC1, 0xD2, 0x1D, + 0x55, 0x69, 0x60, 0xB5, 0xB9, 0x16, 0x1E, 0xA9, + 0x6F, 0xFF, 0xEB, 0xAC, 0x72, 0xE1, 0xB8, 0xA6, + 0x15, 0x4F, 0xC4, 0xD8, 0x8B, 0x56, 0xC0, 0x47, + 0x41, 0xF0, 0x90, 0xCB, 0xB1, 0x56, 0xA7, 0x37, + 0xC9, 0xE6, 0xA2, 0x2B, 0xA8, 0xAC, 0x70, 0x4B, + 0xC3, 0x04, 0xF8, 0xE1, 0x7E, 0x5E, 0xA8, 0x45, + 0xFD, 0xE5, 0x9F, 0xBF, 0x78, 0x8C, 0xCE, 0x0B, + 0x97, 0xC8, 0x76, 0x1F, 0x89, 0xA2, 0x42, 0xF3, + 0x05, 0x25, 0x83, 0xC6, 0x84, 0x4A, 0x63, 0x20, + 0x31, 0xC9, 0x64, 0xA6, 0xC4, 0xA8, 0x5A, 0x12, + 0x8A, 0x28, 0x61, 0x9B, 0xA1, 0xBB, 0x3D, 0x1B, + 0xEA, 0x4B, 0x49, 0x84, 0x1F, 0xC8, 0x47, 0x61, + 0x4A, 0x06, 0x68, 0x41, 0xF5, 0x2E, 0xD0, 0xEB, + 0x8A, 0xE0, 0xB8, 0xB0, 0x96, 0xE9, 0x2B, 0x81, + 0x95, 0x40, 0x58, 0x15, 0xB2, 0x31, 0x26, 0x6F, + 0x36, 0xB1, 0x8C, 0x1A, 0x53, 0x33, 0x3D, 0xAB, + 0x95, 0xD2, 0xA9, 0xA3, 0x74, 0xB5, 0x47, 0x8A, + 0x4A, 0x41, 0xFB, 0x87, 0x59, 0x95, 0x7C, 0x9A, + 0xB2, 0x2C, 0xAE, 0x54, 0x5A, 0xB5, 0x44, 0xBA, + 0x8D, 0xD0, 0x5B, 0x83, 0xF3, 0xA6, 0x13, 0xA2, + 0x43, 0x7A, 0xDB, 0x07, 0x3A, 0x96, 0x35, 0xCB, + 0x4B, 0xBC, 0x96, 0x5F, 0xB4, 0x54, 0xCF, 0x27, + 0xB2, 0x98, 0xA4, 0x0C, 0xD0, 0xDA, 0x3B, 0x8F, + 0x9C, 0xA9, 0x9D, 0x8C, 0xB4, 0x28, 0x6C, 0x5E, + 0xB4, 0x76, 0x41, 0x67, 0x96, 0x07, 0x0B, 0xA5, + 0x35, 0xAA, 0xA5, 0x8C, 0xDB, 0x45, 0x1C, 0xD6, + 0xDB, 0x5C, 0xBB, 0x0C, 0xA2, 0x0F, 0x0C, 0x71, + 0xDE, 0x97, 0xC3, 0x0D, 0xA9, 0x7E, 0xC7, 0x90, + 0x6D, 0x06, 0xB4, 0xB9, 0x39, 0x39, 0x60, 0x28, + 0xC4, 0x6B, 0xA0, 0xE7, 0xA8, 0x65, 0xBC, 0x83, + 0x08, 0xA3, 0x81, 0x0F, 0x12, 0x12, 0x00, 0x63, + 0x39, 0xF7, 0xBC, 0x16, 0x9B, 0x16, 0x66, 0xFD, + 0xF4, 0x75, 0x91, 0x1B, 0xBC, 0x8A, 0xAA, 0xB4, + 0x17, 0x55, 0xC9, 0xA8, 0xAA, 0xBF, 0xA2, 0x3C, + 0x0E, 0x37, 0xF8, 0x4F, 0xE4, 0x69, 0x99, 0xE0, + 0x30, 0x49, 0x4B, 0x92, 0x98, 0xEF, 0x99, 0x34, + 0xE8, 0xA6, 0x49, 0xC0, 0xA5, 0xCC, 0xE2, 0xB2, + 0x2F, 0x31, 0x80, 0x9A, 0xFE, 0xD2, 0x39, 0x55, + 0xD8, 0x78, 0x81, 0xD9, 0x9F, 0xC1, 0xD3, 0x52, + 0x89, 0x6C, 0xAC, 0x90, 0x55, 0xBE, 0xA0, 0xD0, + 0x16, 0xCC, 0xBA, 0x78, 0x05, 0xA3, 0xA5, 0x0E, + 0x22, 0x16, 0x30, 0x37, 0x9B, 0xD0, 0x11, 0x35, + 0x22, 0x1C, 0xAD, 0x5D, 0x95, 0x17, 0xC8, 0xCC, + 0x42, 0x63, 0x7B, 0x9F, 0xC0, 0x71, 0x8E, 0x9A, + 0x9B, 0xB4, 0x94, 0x5C, 0x72, 0xD8, 0xD1, 0x1D, + 0x3D, 0x65, 0x9D, 0x83, 0xA3, 0xC4, 0x19, 0x50, + 0x9A, 0xF5, 0xB4, 0x70, 0xDD, 0x89, 0xB7, 0xF3, + 0xAC, 0xCF, 0x5F, 0x35, 0xCF, 0xC3, 0x22, 0x11, + 0x5F, 0xD6, 0x6A, 0x5C, 0xD2, 0x87, 0x56, 0x51, + 0x32, 0x6F, 0x9B, 0x31, 0x68, 0x91, 0x3B, 0xE5, + 0xB9, 0xC8, 0x7A, 0xE0, 0xB0, 0x25, 0xEC, 0x7A, + 0x2F, 0x4A, 0x07, 0x27, 0x50, 0x94, 0x6A, 0xC6, + 0x11, 0x70, 0xA7, 0x82, 0x6D, 0x97, 0x04, 0xC5, + 0xA2, 0x3A, 0x1C, 0x0A, 0x23, 0x25, 0x14, 0x6C, + 0x3B, 0xC1, 0x85, 0x88, 0x26, 0xC6, 0xB3, 0x92, + 0x79, 0xC2, 0xDA, 0x74, 0x38, 0xA3, 0x70, 0xED, + 0x8A, 0x0A, 0xA5, 0x16, 0x9E, 0x3B, 0xEC, 0x29, + 0xED, 0x88, 0x47, 0x87, 0x32, 0x75, 0x8D, 0x45, + 0x41, 0x43, 0xE2, 0x27, 0xF8, 0x59, 0x58, 0x83, + 0x29, 0x78, 0x42, 0xE6, 0xAF, 0x13, 0x3B, 0x17, + 0xE4, 0x81, 0x1B, 0x0F, 0x57, 0x13, 0xAC, 0x73, + 0xB7, 0xE3, 0x47, 0x42, 0x3E, 0xB9, 0x28, 0x22, + 0xD2, 0x30, 0x6F, 0xA1, 0x45, 0x00, 0xA7, 0x20, + 0x7A, 0x06, 0x72, 0x67, 0x20, 0x46, 0x54, 0x4A, + 0xCC, 0x4E, 0xA9, 0xC1, 0x6E, 0xD7, 0x42, 0x1A, + 0x06, 0x9E, 0x0D, 0x73, 0x7A, 0x98, 0x62, 0x85, + 0x19, 0xC6, 0xA2, 0x9A, 0x42, 0x4A, 0x86, 0x8B, + 0x46, 0xD9, 0xA0, 0xCC, 0x7C, 0x6C, 0x9D, 0xDD, + 0x8B, 0x8B, 0xCB, 0xF4, 0x22, 0xC8, 0xF4, 0x8A, + 0x73, 0x14, 0x3D, 0x5A, 0xBB, 0x66, 0xBC, 0x55, + 0x49, 0x94, 0x18, 0x43, 0x08, 0x02, 0xBA, 0xC5, + 0x44, 0x46, 0x3C, 0xC7, 0x31, 0x9D, 0x17, 0x99, + 0x8F, 0x29, 0x41, 0x13, 0x65, 0x76, 0x6D, 0x04, + 0xC8, 0x47, 0xF3, 0x12, 0x9D, 0x90, 0x77, 0xB7, + 0xD8, 0x33, 0x9B, 0xFB, 0x96, 0xA6, 0x73, 0x9C, + 0x3F, 0x6B, 0x74, 0xA8, 0xF0, 0x5F, 0x91, 0x38, + 0xAB, 0x2F, 0xE3, 0x7A, 0xCB, 0x57, 0x63, 0x4D, + 0x18, 0x20, 0xB5, 0x01, 0x76, 0xF5, 0xA0, 0xB6, + 0xBC, 0x29, 0x40, 0xF1, 0xD5, 0x93, 0x8F, 0x19, + 0x36, 0xB5, 0xF9, 0x58, 0x28, 0xB9, 0x2E, 0xB7, + 0x29, 0x73, 0xC1, 0x59, 0x0A, 0xEB, 0x7A, 0x55, + 0x2C, 0xEC, 0xA1, 0x0B, 0x00, 0xC3, 0x03, 0xB7, + 0xC7, 0x5D, 0x40, 0x20, 0x71, 0xA7, 0x9E, 0x2C, + 0x81, 0x0A, 0xF7, 0xC7, 0x45, 0xE3, 0x33, 0x67, + 0x12, 0x49, 0x2A, 0x42, 0x04, 0x3F, 0x29, 0x03, + 0xA3, 0x7C, 0x64, 0x34, 0xCE, 0xE2, 0x0B, 0x1D, + 0x15, 0x9B, 0x05, 0x76, 0x99, 0xFF, 0x9C, 0x1D, + 0x3B, 0xD6, 0x80, 0x29, 0x83, 0x9A, 0x08, 0xF4, + 0x3E, 0x6C, 0x1C, 0x81, 0x99, 0x13, 0x53, 0x2F, + 0x91, 0x1D, 0xD3, 0x70, 0xC7, 0x02, 0x14, 0x88, + 0xE1, 0x1C, 0xB5, 0x04, 0xCB, 0x9C, 0x70, 0x57, + 0x0F, 0xFF, 0x35, 0xB4, 0xB4, 0x60, 0x11, 0x91, + 0xDC, 0x1A, 0xD9, 0xE6, 0xAD, 0xC5, 0xFA, 0x96, + 0x18, 0x79, 0x8D, 0x7C, 0xC8, 0x60, 0xC8, 0x7A, + 0x93, 0x9E, 0x4C, 0xCF, 0x85, 0x33, 0x63, 0x22, + 0x68, 0xCF, 0x1A, 0x51, 0xAF, 0xF0, 0xCB, 0x81, + 0x1C, 0x55, 0x45, 0xCB, 0x16, 0x56, 0xE6, 0x52, + 0x69, 0x47, 0x74, 0x30, 0x69, 0x9C, 0xCD, 0xEA, + 0x38, 0x00, 0x63, 0x0B, 0x78, 0xCD, 0x58, 0x10, + 0x33, 0x4C, 0xCF, 0x02, 0xE0, 0x13, 0xF3, 0xB8, + 0x02, 0x44, 0xE7, 0x0A, 0xCD, 0xB0, 0x60, 0xBB, + 0xE7, 0xA5, 0x53, 0xB0, 0x63, 0x45, 0x6B, 0x2E, + 0xA8, 0x07, 0x47, 0x34, 0x13, 0x16, 0x5C, 0xE5, + 0x7D, 0xD5, 0x63, 0x47, 0x3C, 0xFB, 0xC9, 0x06, + 0x18, 0xAD, 0xE1, 0xF0, 0xB8, 0x88, 0xAA, 0x48, + 0xE7, 0x22, 0xBB, 0x27, 0x51, 0x85, 0x8F, 0xE1, + 0x96, 0x87, 0x44, 0x2A, 0x48, 0xE7, 0xCA, 0x0D, + 0x2A, 0x29, 0xCD, 0x51, 0xBF, 0xD8, 0xF7, 0x8C, + 0x17, 0xB9, 0x66, 0x0B, 0xFB, 0x54, 0xA4, 0x70, + 0xB2, 0xAE, 0x9A, 0x95, 0x5C, 0x6A, 0xB8, 0xD6, + 0xE5, 0xCC, 0x92, 0xAC, 0x8E, 0xD3, 0xC1, 0x85, + 0xDA, 0xA8, 0xBC, 0x29, 0xF0, 0x57, 0x8E, 0xBB, + 0x81, 0x2B, 0x97, 0xC9, 0xE5, 0xA8, 0x48, 0xA6, + 0x38, 0x4D, 0xE4, 0xE7, 0x5A, 0x31, 0x47, 0x0B, + 0x53, 0x06, 0x6A, 0x8D, 0x02, 0x7B, 0xA4, 0x4B, + 0x21, 0x74, 0x9C, 0x04, 0x92, 0x46, 0x5F, 0x90, + 0x72, 0xB2, 0x83, 0x76, 0xC4, 0xE2, 0x90, 0xB3, + 0x0C, 0x18, 0x63, 0xF9, 0xE5, 0xB7, 0x99, 0x96, + 0x08, 0x34, 0x22, 0xBD, 0x8C, 0x27, 0x2C, 0x10, + 0xEC, 0xC6, 0xEB, 0x9A, 0x0A, 0x82, 0x25, 0xB3, + 0x1A, 0xA0, 0xA6, 0x6E, 0x35, 0xB9, 0xC0, 0xB9, + 0xA7, 0x95, 0x82, 0xBA, 0x20, 0xA3, 0xC0, 0x4C, + 0xD2, 0x99, 0x14, 0xF0, 0x83, 0xA0, 0x15, 0x82, + 0x88, 0xBA, 0x4D, 0x6E, 0xB6, 0x2D, 0x87, 0x26, + 0x4B, 0x91, 0x2B, 0xCA, 0x39, 0x73, 0x2F, 0xBD, + 0xE5, 0x36, 0xA3, 0x77, 0xAD, 0x02, 0xB8, 0xC8, + 0x35, 0xD4, 0xA2, 0xF4, 0xE7, 0xB1, 0xCE, 0x11, + 0x5D, 0x0C, 0x86, 0x0B, 0xEA, 0xA7, 0x95, 0x5A, + 0x49, 0xAD, 0x68, 0x95, 0x86, 0xA8, 0x9A, 0x2B, + 0x9F, 0x9B, 0x10, 0xD1, 0x59, 0x5D, 0x2F, 0xC0, + 0x65, 0xAD, 0x01, 0x8A, 0x7D, 0x56, 0xC6, 0x14, + 0x47, 0x1F, 0x8E, 0x94, 0x6F, 0xE8, 0xAB, 0x49, + 0xE8, 0x22, 0x65, 0x91, 0x11, 0x9F, 0xCA, 0xDB, + 0x4F, 0x9A, 0x86, 0x16, 0x31, 0x37, 0x87, 0x36, + 0xB6, 0x68, 0x8B, 0x78, 0x2D, 0x58, 0xE9, 0x7E, + 0x45, 0x72, 0x75, 0x3A, 0x96, 0x64, 0xB6, 0xB8, + 0x53, 0x68, 0x12, 0xB2, 0x59, 0x11, 0xAA, 0x76, + 0xA2, 0x42, 0x37, 0x54, 0x33, 0x19, 0x27, 0x38, + 0xEE, 0xE7, 0x62, 0xF6, 0xB8, 0x43, 0x15, 0xBB, + 0x34, 0x36, 0x23, 0x1E, 0x0A, 0x9B, 0x27, 0x7E, + 0xD2, 0x8A, 0xE0, 0x05, 0x07, 0x28, 0x34, 0x64, + 0x57, 0xE1, 0x34, 0x05, 0x06, 0x2D, 0xB2, 0x80, + 0x4B, 0x8D, 0xA6, 0x0B, 0xB5, 0xC7, 0x93, 0xD4, + 0xCC, 0x0E, 0x10, 0x1C, 0xBA, 0x2D, 0x91, 0x82, + 0xFD, 0x71, 0x24, 0xFF, 0x52, 0xBF, 0x4C, 0xA2, + 0x82, 0x92, 0xAC, 0x26, 0xD6, 0x78, 0x08, 0x89, + 0x53, 0x97, 0x1D, 0xBA, 0x0B, 0x6F, 0xEC, 0x2C, + 0x96, 0x59, 0x35, 0x32, 0x91, 0xC7, 0x0C, 0x5B, + 0x92, 0x45, 0xA0, 0xCA, 0x25, 0x33, 0x04, 0xAF, + 0xD3, 0xC9, 0x51, 0x02, 0xBE, 0xA6, 0x68, 0x75, + 0xC6, 0x20, 0x16, 0x80, 0xB4, 0xBD, 0xA3, 0x86, + 0x87, 0xB6, 0x48, 0xC2, 0x8E, 0xB3, 0x74, 0x78, + 0xE3, 0xBC, 0x00, 0xCA, 0x8A, 0x3C, 0xC2, 0x72, + 0x04, 0x64, 0x2B, 0x42, 0xB6, 0x8F, 0xCB, 0xE7, + 0xB2, 0x1A, 0x36, 0x6D, 0x06, 0x68, 0xA5, 0x02, + 0x9A, 0x7D, 0xEE, 0xF9, 0x4C, 0xDD, 0x6A, 0x95, + 0xD7, 0xEA, 0x89, 0x31, 0x67, 0x3B, 0xF7, 0x11, + 0x2D, 0x40, 0x42, 0x10, 0x7B, 0x1B, 0x8B, 0x97, + 0x00, 0xC9, 0x74, 0xF9, 0xC4, 0xE8, 0x3A, 0x8F, + 0xAC, 0xD8, 0x9B, 0xFE, 0x0C, 0xA3, 0xCC, 0x4C, + 0x2F, 0xCE, 0x80, 0xA0, 0x3D, 0x35, 0x76, 0xC2, + 0x22, 0xA7, 0x92, 0xB7, 0x2B, 0x1F, 0x07, 0x0A, + 0xB7, 0xF6, 0xB6, 0xF2, 0xB5, 0xCA, 0x2A, 0xF5, + 0x05, 0x4A, 0xFA, 0x70, 0xA8, 0x96, 0x99, 0x01, + 0x59, 0xB4, 0x5D, 0x10, 0x03, 0xE2, 0xA0, 0x56, + 0x48, 0x67, 0x5E, 0x59, 0x60, 0x16, 0xF1, 0xB7, + 0x1D, 0xD0, 0xF7, 0xBD, 0xA7, 0xE2, 0x09, 0x7F, + 0xC7, 0x3B, 0x3A, 0x14, 0x3D, 0x12, 0xC7, 0x26, + 0x02, 0x0A, 0xC3, 0x49, 0x58, 0xAD, 0x70, 0x62, + 0xB9, 0x2B, 0x9A, 0xBF, 0x3C, 0xA6, 0xBE, 0x5A, + 0xE2, 0x9F, 0x57, 0x13, 0x5E, 0x62, 0x5A, 0x36, + 0x79, 0x71, 0x83, 0x7E, 0x63, 0x63, 0xD1, 0x53, + 0x20, 0x94, 0xE0, 0x22, 0xA2, 0x34, 0x67, 0xCF, + 0x93, 0x2E, 0x1F, 0x89, 0xB5, 0xB0, 0x80, 0x3C, + 0x1E, 0xC9, 0x9B, 0x58, 0x5A, 0x78, 0xB5, 0x86, + 0x50, 0x96, 0x74, 0x6F, 0x32, 0x25, 0x82, 0x14, + 0xEC, 0xB3, 0x80, 0x65, 0xC9, 0x7F, 0x45, 0x5E, + 0x15, 0x5A, 0xCC, 0x2D, 0xD0, 0x05, 0xA9, 0xC7, + 0x6B, 0xED, 0x59, 0xCD, 0xA7, 0x38, 0x37, 0xD3, + 0x03, 0x50, 0x4E, 0x6C, 0x97, 0x6A, 0x60, 0x6A, + 0x2B, 0xE7, 0xBB, 0xEC, 0x59, 0x48, 0xB9, 0x1A, + 0x34, 0x9E, 0x89, 0x36, 0x68, 0x8C, 0xC0, 0x27, + 0x97, 0x54, 0xB7, 0x43, 0xAB, 0xC5, 0x86, 0x66, + 0xB1, 0x9B, 0x6C, 0x32, 0x60, 0x05, 0x1F, 0x19, + 0x20, 0x6B, 0xB9, 0x62, 0xBB, 0x66, 0x33, 0xEB, + 0x00, 0x48, 0xE3, 0x2B, 0xAA, 0xCC, 0x5B, 0x02, + 0x0D, 0x02, 0xC8, 0x6C, 0xA9, 0x77, 0x0A, 0xD4, + 0x69, 0xDB, 0x54, 0xA1, 0x06, 0xAC, 0x73, 0xA3, + 0x5B, 0x80, 0x57, 0x42, 0x2B, 0x3D, 0xB2, 0x02, + 0xC5, 0xA5, 0xB4, 0xE3, 0xD5, 0x35, 0xF0, 0xFC, + 0x99, 0x32, 0x6C, 0x4B, 0x8B, 0x7B, 0x16, 0xF1, + 0xCB, 0x5A, 0xF9, 0x68, 0x03, 0xFA, 0x8C, 0x19, + 0x5F, 0xC0, 0xBC, 0xED, 0xDA, 0xAF, 0x01, 0x2A, + 0x51, 0x72, 0x8B, 0x76, 0x48, 0x90, 0x82, 0x37, + 0x3C, 0x91, 0xE9, 0x2C, 0x87, 0xAC, 0xCA, 0x79, + 0x51, 0x60, 0x78, 0x2E, 0x3B, 0x0D, 0xD6, 0x43, + 0x54, 0x4B, 0xB9, 0x6A, 0xBC, 0x27, 0x08, 0xD4, + 0x9B, 0x75, 0x9C, 0xF0, 0x57, 0xAA, 0x22, 0x3B, + 0xAF, 0xD9, 0x6A, 0x33, 0x0B, 0xAF, 0x39, 0x81, + 0x0F, 0xE8, 0x67, 0x1B, 0x43, 0x43, 0xC2, 0x97, + 0xDA, 0x1E, 0x19, 0x69, 0xC9, 0x96, 0x21, 0x6A, + 0xB5, 0x10, 0x6D, 0xA6, 0x68, 0x94, 0x1B, 0x16, + 0x0D, 0x44, 0x77, 0x01, 0x71, 0x36, 0xCB, 0xCA, + 0x5B, 0x5A, 0x8D, 0x44, 0xC4, 0xA8, 0xB1, 0xCF, + 0x3E, 0xF7, 0x97, 0x85, 0xE5, 0xAA, 0x25, 0xC3, + 0xA1, 0xAD, 0x6C, 0x24, 0xFD, 0x14, 0x0F, 0x79, + 0x20, 0x7D, 0xE5, 0xA4, 0x99, 0xF8, 0xA1, 0x53, + 0x4F, 0xFA, 0x80, 0x4A, 0xA7, 0xB3, 0x88, 0x9C, + 0xBE, 0x25, 0xC0, 0x41, 0x47, 0x04, 0xAA, 0x57, + 0x89, 0x7F, 0x17, 0x86, 0x23, 0x64, 0xEC, 0xA5, + 0x62, 0x58, 0x00, 0x72, 0x48, 0x81, 0x39, 0x12, + 0xB8, 0x36, 0x49, 0x7F, 0x03, 0x59, 0xC2, 0xF7, + 0x23, 0x8A, 0x05, 0xD3, 0x05, 0xA0, 0xEA, 0x15, + 0x2E, 0x72, 0xB4, 0x44, 0x17, 0xA8, 0x68, 0x13, + 0x4E, 0x91, 0xB3, 0xCA, 0x79, 0x31, 0x23, 0x2F, + 0xD4, 0xC2, 0x5F, 0x8C, 0x2A, 0x49, 0x2A, 0x33, + 0x9C, 0xDC, 0x0A, 0x13, 0x89, 0x67, 0x21, 0x14, + 0x51, 0xF2, 0x56, 0x26, 0x78, 0xFA, 0x14, 0x08, + 0x0A, 0x34, 0x43, 0x6C, 0x42, 0xB0, 0x78, 0x65, + 0xAC, 0x03, 0x6A, 0x81, 0xE9, 0x7A, 0x77, 0x87, + 0xA9, 0x38, 0x02, 0x5C, 0xAF, 0x81, 0x34, 0x50, + 0x36, 0x8B, 0xED, 0x0C, 0x94, 0xB1, 0x85, 0x76, + 0x04, 0x52, 0x64, 0x05, 0xD2, 0x7A, 0x1C, 0x1A, + 0xBC, 0x81, 0xB5, 0xB6, 0xEC, 0x13, 0xC7, 0x19, + 0x30, 0xA9, 0x7D, 0x92, 0x32, 0xCF, 0x70, 0x21, + 0xEF, 0x87, 0xA4, 0xD1, 0x55, 0x32, 0x8E, 0x62, + 0xB5, 0x83, 0xA8, 0x3B, 0x4A, 0xF2, 0x1F, 0x9F, + 0x57, 0x50, 0xF8, 0x57, 0x51, 0x50, 0x42, 0x4F, + 0x63, 0xB8, 0x99, 0xD7, 0x1C, 0xAD, 0x26, 0x7C, + 0x09, 0xE4, 0x46, 0x71, 0x46, 0xE1, 0x6E, 0x9B, + 0x6C, 0x65, 0x3F, 0x00, 0x8C, 0x31, 0x13, 0x75, + 0xE2, 0xE0, 0x06, 0xD4, 0x07, 0x6A, 0x54, 0x6B, + 0x82, 0xF5, 0x31, 0x42, 0x22, 0xF7, 0xC6, 0x54, + 0x31, 0x7E, 0x79, 0xEC, 0x60, 0x35, 0xB7, 0x3F, + 0xAF, 0x49, 0x17, 0x57, 0xE6, 0x1C, 0x82, 0x83, + 0x26, 0xD5, 0x30, 0x44, 0x54, 0x1C, 0x4D, 0x45, + 0x37, 0xAB, 0xD3, 0xEA, 0x1E, 0x67, 0x99, 0x8C, + 0x33, 0x82, 0x97, 0x4C, 0xA7, 0x8A, 0xE1, 0xB1, + 0x96, 0x0E, 0x4A, 0x92, 0x26, 0xB0, 0x21, 0x9A, + 0xB0, 0x70, 0xF0, 0xD7, 0xAA, 0x66, 0xD7, 0x6F, + 0x93, 0x16, 0xAD, 0xB8, 0x0C, 0x54, 0xD6, 0x49, + 0x97, 0x71, 0xB4, 0x71, 0xE8, 0x16, 0x8D, 0x47, + 0xBC, 0xAA, 0x08, 0x32, 0x4A, 0xB6, 0xBA, 0x92, + 0xC3, 0xA7, 0x02, 0x75, 0xF2, 0x4F, 0xA4, 0xDC, + 0x10, 0xE2, 0x51, 0x63, 0x3F, 0xB9, 0x8D, 0x16, + 0x2B, 0xB5, 0x53, 0x72, 0x02, 0xC6, 0xA5, 0x53, + 0xCE, 0x78, 0x41, 0xC4, 0xD4, 0x0B, 0x87, 0x3B, + 0x85, 0xCA, 0x03, 0xA0, 0xA1, 0xE1, 0xCF, 0xAD, + 0xE6, 0xBA, 0x51, 0x80, 0xAB, 0x13, 0x23, 0xCC, + 0xBA, 0x9A, 0x3E, 0x9C, 0x53, 0xD3, 0x75, 0x75, + 0xAB, 0x1F, 0xD9, 0xE7, 0x31, 0x6C, 0x6F, 0xEE, + 0xCB, 0x0A, 0x14, 0xDF, 0x6F, 0x2D, 0xA5, 0x6C, + 0x2F, 0x56, 0xF5, 0x5A, 0x89, 0x63, 0x5C, 0xFC, + 0xFD, 0xA4, 0x79, 0x27, 0xAF, 0x1F, 0x0A, 0x47, + 0xB2, 0xD4, 0xE4, 0xE6, 0x16, 0x34, 0xB1, 0xB5, + 0x1D, 0x37, 0xA3, 0xA3, 0x07, 0xA9, 0x72, 0x42, + 0x0D, 0xE1, 0xB7, 0xA4, 0x81, 0xB8, 0x3E, 0x58, + 0x3B, 0x6A, 0xF1, 0x6F, 0x63, 0xCB, 0x00, 0xC6 + }; + static const byte c_1024[WC_ML_KEM_1024_CIPHER_TEXT_SIZE] = { + 0x0C, 0x68, 0x1B, 0x4A, 0xA8, 0x1F, 0x26, 0xAD, + 0xFB, 0x64, 0x5E, 0xC2, 0x4B, 0x37, 0x52, 0xF6, + 0xB3, 0x2C, 0x68, 0x64, 0x5A, 0xA5, 0xE7, 0xA9, + 0x99, 0xB6, 0x20, 0x36, 0xA5, 0x3D, 0xC5, 0xCB, + 0x06, 0x0A, 0x47, 0x3C, 0x08, 0xE5, 0xDA, 0x5C, + 0x0F, 0x5A, 0xF0, 0xE5, 0x17, 0x0C, 0x65, 0x97, + 0xE5, 0x0E, 0xC0, 0x80, 0x60, 0xF9, 0x9B, 0x0C, + 0x00, 0xEE, 0x9B, 0xDD, 0xAD, 0x7E, 0x7D, 0x25, + 0xA2, 0x2B, 0x22, 0x6F, 0x90, 0x14, 0x9B, 0x4C, + 0xE8, 0x87, 0xC7, 0x2F, 0xB6, 0x0A, 0xFF, 0x21, + 0x44, 0xEA, 0x2A, 0x72, 0x38, 0x3B, 0x31, 0x18, + 0xF9, 0x22, 0xD0, 0x32, 0xA1, 0x6F, 0x55, 0x42, + 0x89, 0x90, 0x2A, 0x14, 0xCF, 0x77, 0x55, 0x51, + 0x2B, 0xB1, 0x18, 0x6B, 0xAF, 0xAF, 0xFE, 0x79, + 0x4D, 0x2B, 0x6C, 0xDE, 0x90, 0x10, 0x9E, 0x65, + 0x82, 0xD3, 0x9C, 0xE0, 0xC9, 0x61, 0x97, 0x48, + 0x4B, 0x3F, 0xA0, 0x7F, 0xC9, 0x1D, 0x39, 0x4F, + 0xC8, 0xD8, 0x8E, 0x7F, 0xC4, 0xBE, 0x00, 0x2E, + 0x2D, 0xB5, 0x6F, 0x0C, 0x4D, 0x9D, 0x3F, 0xBD, + 0xA2, 0x74, 0x53, 0x6A, 0x0B, 0x86, 0xAB, 0xC6, + 0xE3, 0x9B, 0xDA, 0x52, 0x93, 0x1A, 0xEB, 0xB8, + 0xF1, 0x08, 0x4C, 0x5C, 0x1F, 0x7C, 0xB3, 0x17, + 0x77, 0x88, 0xB7, 0xF3, 0x31, 0xB7, 0x07, 0x43, + 0x61, 0x16, 0x34, 0x91, 0xD4, 0x28, 0xE7, 0x8B, + 0xCB, 0xB5, 0x7B, 0x63, 0x08, 0x41, 0xAA, 0x98, + 0x73, 0x33, 0x37, 0x7C, 0xF0, 0x95, 0x69, 0xCF, + 0xD1, 0x4C, 0xC2, 0xA1, 0x1C, 0x50, 0x1B, 0xDF, + 0x82, 0xC9, 0x3D, 0xE0, 0x5B, 0xEA, 0x20, 0x06, + 0x0D, 0xE8, 0x9C, 0x68, 0x6B, 0x82, 0x45, 0x71, + 0xCE, 0xF9, 0x4A, 0xB3, 0xFD, 0xAF, 0xA8, 0x51, + 0x26, 0x19, 0x81, 0x36, 0x69, 0xD4, 0xF5, 0x36, + 0x37, 0xFE, 0xFA, 0x4D, 0x02, 0x8C, 0xB2, 0x33, + 0xE5, 0x69, 0x30, 0xE2, 0x23, 0x5F, 0x7E, 0x60, + 0x34, 0xCA, 0x94, 0xB1, 0x43, 0xB7, 0x7A, 0xD4, + 0xA6, 0x87, 0x56, 0xE8, 0xA9, 0x18, 0x4D, 0xBA, + 0x61, 0xA8, 0x9F, 0x91, 0xED, 0xFB, 0x51, 0xA3, + 0x92, 0x11, 0x40, 0x24, 0x73, 0xA5, 0xF8, 0x91, + 0x45, 0x73, 0x6B, 0x2B, 0xF8, 0x56, 0x9C, 0x70, + 0x5B, 0x0C, 0xDB, 0x89, 0x80, 0xA4, 0x47, 0xE4, + 0xE1, 0xEA, 0xAD, 0x3E, 0x7E, 0x05, 0x78, 0xF5, + 0xF8, 0x6B, 0x8D, 0x03, 0xC9, 0xDA, 0xFE, 0x87, + 0x5E, 0x33, 0x9B, 0x44, 0x23, 0x84, 0x56, 0x16, + 0x79, 0x9E, 0xDC, 0xE0, 0x5F, 0x31, 0xB9, 0x26, + 0x64, 0xC5, 0xA5, 0x92, 0x53, 0xA6, 0x0E, 0x9D, + 0x89, 0x54, 0x8A, 0x30, 0x0C, 0x1A, 0xDB, 0x6D, + 0x19, 0x0A, 0x77, 0x5C, 0x5E, 0xE6, 0xE8, 0xA8, + 0x9B, 0x6E, 0x77, 0x9B, 0x03, 0x4C, 0x34, 0x00, + 0xA6, 0x25, 0xF4, 0xBB, 0xED, 0xBF, 0x91, 0x9C, + 0x45, 0xB2, 0xBC, 0xD1, 0x4C, 0x66, 0x92, 0x48, + 0xFC, 0x43, 0xC3, 0xEF, 0x47, 0xE1, 0x00, 0x75, + 0x89, 0x42, 0xE7, 0x5E, 0x8E, 0xD6, 0x07, 0x5A, + 0x96, 0xD7, 0x0D, 0x4E, 0xBD, 0x2B, 0x61, 0x35, + 0x82, 0x24, 0xDD, 0xA1, 0xEC, 0x4C, 0x19, 0xC2, + 0xA9, 0x28, 0x98, 0x17, 0x6F, 0xEB, 0x3C, 0x02, + 0xED, 0xCB, 0x99, 0x08, 0xBA, 0xE4, 0x9B, 0xD9, + 0x4A, 0xF0, 0x28, 0xED, 0xF8, 0xCF, 0xC2, 0xE5, + 0xF2, 0xE0, 0xBD, 0x37, 0x50, 0x06, 0x98, 0x6A, + 0xD4, 0x9E, 0x71, 0x75, 0x48, 0xE7, 0x46, 0xFE, + 0xF4, 0x9C, 0x86, 0x8B, 0xCE, 0xA2, 0x79, 0x0A, + 0xA9, 0x7E, 0x04, 0x06, 0x1B, 0x75, 0x60, 0x5C, + 0xB3, 0x9E, 0xFD, 0x46, 0x3D, 0x7B, 0x3D, 0x68, + 0xBA, 0x57, 0x44, 0x34, 0xFF, 0x7B, 0xE8, 0xE2, + 0xB8, 0x4B, 0xFC, 0x47, 0xE6, 0x7E, 0x9C, 0xD1, + 0x5F, 0x3E, 0xD4, 0x50, 0xC6, 0x1A, 0xFB, 0xA7, + 0x9A, 0x20, 0xB0, 0xB6, 0xF2, 0x87, 0x77, 0x7C, + 0x72, 0xF4, 0xAD, 0x24, 0x81, 0x74, 0xF1, 0x95, + 0x94, 0x77, 0xAA, 0x7A, 0x7C, 0x97, 0xF1, 0x22, + 0xC5, 0x04, 0x47, 0xC7, 0x48, 0x4F, 0x38, 0x2B, + 0xC4, 0x7D, 0x81, 0xFC, 0xC9, 0xC7, 0xE8, 0x92, + 0xC8, 0x83, 0x9D, 0x37, 0xB3, 0x53, 0x94, 0xB5, + 0x3E, 0x6B, 0x2B, 0x18, 0x95, 0xAB, 0xB0, 0xDE, + 0x8C, 0x98, 0xF2, 0x63, 0x3D, 0xC4, 0x41, 0x3A, + 0x8D, 0x57, 0x35, 0xDF, 0xC9, 0xA6, 0x40, 0x26, + 0xB6, 0xF3, 0x47, 0x79, 0xD6, 0xAC, 0x8A, 0xD9, + 0x9C, 0xC3, 0x1A, 0xA8, 0x98, 0xC2, 0xE7, 0x05, + 0x7F, 0x3D, 0xB8, 0xA1, 0xA8, 0xA9, 0x85, 0x27, + 0xA7, 0x9E, 0x43, 0x55, 0x2F, 0x28, 0xD1, 0x02, + 0x3E, 0x1F, 0x6A, 0x6B, 0x84, 0x85, 0x5C, 0xF5, + 0xE6, 0xDF, 0x88, 0x9B, 0xA2, 0x69, 0xF0, 0x48, + 0x94, 0x6E, 0x84, 0x02, 0x1C, 0x65, 0xC5, 0xA9, + 0x3B, 0x00, 0x7B, 0x07, 0x74, 0x1C, 0x1E, 0xE1, + 0x76, 0xC7, 0x39, 0x49, 0x11, 0x0F, 0x54, 0x8E, + 0xF4, 0x33, 0x2D, 0xCD, 0xD4, 0x91, 0xD2, 0xCE, + 0xFD, 0x02, 0x48, 0x88, 0x3F, 0x5E, 0x95, 0x25, + 0xBC, 0x91, 0xF3, 0x0A, 0xF1, 0x7C, 0xF5, 0xA9, + 0x8D, 0xD4, 0x4E, 0xF9, 0xA7, 0x1F, 0x99, 0xBB, + 0x73, 0x29, 0x85, 0xBA, 0x10, 0xA7, 0x23, 0xEF, + 0x47, 0x6F, 0xCF, 0x96, 0x6D, 0xA9, 0x45, 0x6B, + 0x24, 0x97, 0x8E, 0x33, 0x05, 0x0D, 0x0E, 0xC9, + 0x0D, 0x3C, 0xE4, 0x63, 0x78, 0x85, 0x1C, 0x9E, + 0xCF, 0xCF, 0xD3, 0x6C, 0x89, 0x5D, 0x44, 0xE9, + 0xE5, 0x06, 0x99, 0x30, 0x82, 0x52, 0x3D, 0x26, + 0x18, 0x57, 0x66, 0xB2, 0x35, 0x68, 0xCB, 0x95, + 0xE6, 0x41, 0x08, 0xF8, 0x9D, 0x10, 0x14, 0x74, + 0x7C, 0x67, 0xB6, 0xF3, 0xC8, 0x76, 0x7B, 0xE5, + 0xFC, 0x34, 0x12, 0x27, 0xDE, 0x94, 0x88, 0x86, + 0x1C, 0x5F, 0xE8, 0x11, 0x40, 0x9F, 0x80, 0x95, + 0x7D, 0x07, 0x52, 0x2A, 0x72, 0xCF, 0x6A, 0xB0, + 0x37, 0x8D, 0x0F, 0x2F, 0x28, 0xAF, 0x54, 0x81, + 0x85, 0xC3, 0x93, 0x67, 0x77, 0x99, 0x44, 0x66, + 0xA0, 0x19, 0xD3, 0x3B, 0x18, 0xA5, 0x4F, 0x38, + 0x0A, 0x33, 0x89, 0x2A, 0xB4, 0xD4, 0xBD, 0x50, + 0x7B, 0x5A, 0x61, 0xD0, 0xD3, 0x58, 0x34, 0x1A, + 0xC9, 0x2F, 0x07, 0xB4, 0x3B, 0x8F, 0x6A, 0xFC, + 0x69, 0x91, 0xBB, 0x6A, 0x1E, 0xAC, 0x23, 0xCA, + 0x6F, 0x73, 0xE9, 0x1F, 0x24, 0x64, 0xBD, 0x11, + 0x90, 0x98, 0xD7, 0xE7, 0x68, 0xE7, 0x7E, 0xCE, + 0x53, 0xFB, 0x89, 0x9B, 0xEB, 0x42, 0x26, 0x5E, + 0xCF, 0x7B, 0x27, 0x1F, 0x66, 0x54, 0x62, 0x82, + 0xD4, 0x72, 0xC3, 0x62, 0x39, 0x00, 0x6B, 0xB0, + 0xAB, 0xAB, 0xCC, 0xA2, 0x45, 0x50, 0xBA, 0xA0, + 0xA6, 0x01, 0x34, 0x8C, 0x81, 0x0F, 0xF5, 0xF9, + 0xEE, 0x50, 0x4B, 0xF7, 0x15, 0x5D, 0xEE, 0x41, + 0x41, 0xA1, 0x16, 0x05, 0xA4, 0xF3, 0x50, 0x9A, + 0xC9, 0xCA, 0xEF, 0x66, 0x24, 0xD2, 0x1D, 0xE3, + 0x32, 0xD5, 0xD5, 0x08, 0x28, 0xB5, 0x2E, 0x92, + 0x88, 0x5D, 0x3B, 0x90, 0x55, 0x3B, 0x14, 0x46, + 0x3A, 0xFB, 0x1E, 0xDC, 0xCD, 0x3B, 0x56, 0x9B, + 0x5A, 0x7F, 0x00, 0xBB, 0x66, 0x76, 0x9D, 0xAD, + 0xAC, 0x23, 0xAD, 0x8B, 0xB5, 0xD7, 0x3A, 0x6F, + 0x39, 0x0E, 0x6F, 0xC2, 0xF6, 0xF8, 0xEE, 0x3C, + 0xF4, 0x00, 0x9A, 0x5C, 0x3E, 0x1E, 0xF6, 0x0E, + 0x8F, 0x04, 0x06, 0x72, 0xD2, 0x62, 0xE6, 0x49, + 0x03, 0x79, 0xBB, 0xC7, 0x04, 0x95, 0xDF, 0xF2, + 0x37, 0xBE, 0xCD, 0x99, 0x52, 0xCD, 0x7E, 0xDE, + 0xB6, 0xD1, 0xDF, 0xC3, 0x60, 0xB3, 0xFC, 0x8B, + 0x0A, 0xF4, 0x80, 0xFF, 0xE0, 0x24, 0xAE, 0xEF, + 0xCD, 0x4E, 0x9C, 0xE9, 0x5D, 0x9B, 0x46, 0x9C, + 0x9A, 0x70, 0xE5, 0x11, 0x0D, 0xA0, 0xBA, 0xC1, + 0x24, 0xFC, 0x37, 0x41, 0xDC, 0xF4, 0x91, 0x16, + 0x26, 0x17, 0x96, 0x50, 0x4D, 0x5F, 0x49, 0x0B, + 0x43, 0x3C, 0x33, 0xC4, 0x0E, 0xDC, 0xE2, 0xB7, + 0x51, 0x51, 0xDA, 0x25, 0x6A, 0x86, 0x8A, 0x5E, + 0x35, 0xF8, 0x62, 0x26, 0xB8, 0x15, 0x1C, 0x91, + 0x93, 0x4C, 0xCC, 0x3D, 0xAC, 0xA3, 0x91, 0xDE, + 0xCC, 0xA7, 0x45, 0x37, 0x56, 0x60, 0xB6, 0xEC, + 0x41, 0xAE, 0x5D, 0x81, 0x08, 0x38, 0xCB, 0xEE, + 0xFF, 0xA1, 0x25, 0x57, 0x88, 0x44, 0x12, 0x35, + 0x7B, 0x10, 0x08, 0x36, 0x3D, 0x32, 0xB2, 0x37, + 0xAA, 0x1D, 0xD8, 0xE2, 0xD9, 0xC6, 0x36, 0x7A, + 0xDA, 0x09, 0xB2, 0xC9, 0x50, 0x60, 0x20, 0x6C, + 0xEC, 0x3E, 0xED, 0x39, 0x1F, 0xDC, 0x5D, 0xBE, + 0xF6, 0xF0, 0x8B, 0xDF, 0x04, 0x08, 0xE5, 0x85, + 0xAE, 0x5E, 0xBC, 0x8E, 0x97, 0x45, 0xD4, 0x4F, + 0xEC, 0xA9, 0x75, 0xAB, 0xBC, 0x14, 0x0B, 0xB3, + 0x7B, 0x8A, 0xDD, 0x16, 0xFC, 0xC2, 0x95, 0x69, + 0x10, 0xDC, 0x72, 0xBB, 0x3F, 0x02, 0xE9, 0xA1, + 0x30, 0xC9, 0xA8, 0x4F, 0x9C, 0xCB, 0x74, 0xD1, + 0x34, 0xCD, 0xF4, 0x0A, 0xFC, 0xBA, 0x20, 0x09, + 0xC8, 0xF0, 0x04, 0x02, 0x39, 0xBC, 0x99, 0x22, + 0x0E, 0xF6, 0x4C, 0x4D, 0xCC, 0xDE, 0x2E, 0x2E, + 0x5C, 0x9B, 0x68, 0x60, 0x2F, 0xBE, 0x8E, 0xF4, + 0xC9, 0x8B, 0x34, 0x68, 0xC7, 0x9D, 0xF4, 0xE0, + 0x78, 0x51, 0x1B, 0xFB, 0x8A, 0xA3, 0xDA, 0x09, + 0x59, 0x7A, 0x02, 0x51, 0x1E, 0x7C, 0x21, 0xA7, + 0xCF, 0x66, 0xA9, 0x38, 0x43, 0xA9, 0x48, 0x68, + 0xF1, 0x9E, 0x85, 0x52, 0x55, 0x2E, 0x3A, 0xCD, + 0xF6, 0xCB, 0x81, 0x06, 0x34, 0xDB, 0x97, 0xCB, + 0xC4, 0xBB, 0x56, 0x97, 0x09, 0xDA, 0xD4, 0x84, + 0x56, 0x45, 0x44, 0x6F, 0xA8, 0xD2, 0x89, 0xFC, + 0x59, 0x30, 0x7B, 0x80, 0x1E, 0x60, 0xCE, 0x2A, + 0x91, 0xE0, 0x6E, 0x9C, 0x22, 0xC1, 0x6E, 0x2E, + 0x59, 0xBD, 0xE3, 0x8A, 0x41, 0x6B, 0xB1, 0xB4, + 0xAC, 0x54, 0x57, 0x43, 0x8F, 0xDC, 0x5D, 0x64, + 0x45, 0x0A, 0x89, 0xEC, 0xB8, 0x32, 0xC1, 0xBB, + 0x27, 0x9D, 0xBF, 0x59, 0x33, 0x46, 0x81, 0x77, + 0x6A, 0xC0, 0x04, 0x09, 0x84, 0x6D, 0x09, 0xD6, + 0xF6, 0x87, 0x77, 0x2E, 0x34, 0x08, 0x50, 0xAB, + 0x86, 0x73, 0x38, 0x42, 0x15, 0xE1, 0x2C, 0x8D, + 0x0F, 0x53, 0x1C, 0x45, 0x1E, 0x58, 0x49, 0x3E, + 0x0E, 0xE4, 0x15, 0xAD, 0x59, 0x4D, 0xF3, 0x8C, + 0x34, 0x40, 0x8C, 0x7E, 0xD9, 0xF0, 0xC3, 0x92, + 0xF1, 0x53, 0x46, 0x04, 0xEA, 0xC3, 0xD9, 0xC1, + 0x54, 0x65, 0xA9, 0xA4, 0x66, 0x32, 0x21, 0x4B, + 0x53, 0x69, 0x90, 0xD7, 0x80, 0x78, 0xE5, 0xBD, + 0x7E, 0xAE, 0x20, 0x13, 0xFF, 0xF8, 0xFD, 0xD8, + 0xB2, 0x75, 0xC8, 0x9D, 0x97, 0xC9, 0x35, 0x3D, + 0xF3, 0xC4, 0x2A, 0x28, 0xE8, 0x14, 0xD8, 0x46, + 0x8E, 0x2B, 0x48, 0xDB, 0x09, 0x76, 0xD8, 0x8F, + 0x5E, 0xEC, 0xEF, 0xEA, 0xFB, 0x8F, 0x7F, 0x4A, + 0xF2, 0x91, 0xA7, 0x28, 0xF6, 0x24, 0x9E, 0xCF, + 0x56, 0x22, 0x33, 0x92, 0x69, 0xAA, 0x94, 0x53, + 0x29, 0xE9, 0x19, 0xF8, 0xB4, 0x41, 0xC8, 0x3D, + 0x55, 0x07, 0xF3, 0x0D, 0xF0, 0xFD, 0x2B, 0x13, + 0xFF, 0x80, 0x6F, 0x52, 0x2D, 0xAA, 0x11, 0xAF, + 0x67, 0x6A, 0x51, 0x3C, 0x14, 0x9C, 0x70, 0xF0, + 0xD6, 0xE9, 0x9A, 0x88, 0x04, 0x50, 0xA5, 0x4E, + 0x04, 0x17, 0xFE, 0x3C, 0x1E, 0x51, 0x3E, 0x9D, + 0x92, 0x0E, 0x30, 0xA8, 0xB4, 0x28, 0x91, 0x26, + 0x7A, 0x2D, 0xC5, 0x0A, 0xD8, 0x1F, 0x98, 0x04, + 0x49, 0x20, 0xC0, 0x99, 0xDF, 0x22, 0xC7, 0x39, + 0x98, 0xA2, 0x5C, 0x58, 0x1A, 0x51, 0x78, 0xC7, + 0x2B, 0x17, 0xAC, 0x87, 0x5B, 0xC6, 0x85, 0x48, + 0xA0, 0xFB, 0x0C, 0xBE, 0xE3, 0x8F, 0x05, 0x01, + 0x7B, 0x12, 0x43, 0x33, 0x43, 0xA6, 0x58, 0xF1, + 0x98, 0x0C, 0x81, 0x24, 0xEA, 0x6D, 0xD8, 0x1F + }; + static const byte kprime_1024[WC_ML_KEM_SS_SZ] = { + 0x8F, 0x33, 0x6E, 0x9C, 0x28, 0xDF, 0x34, 0x9E, + 0x03, 0x22, 0x0A, 0xF0, 0x1C, 0x42, 0x83, 0x2F, + 0xEF, 0xAB, 0x1F, 0x2A, 0x74, 0xC1, 0x6F, 0xAF, + 0x6F, 0x64, 0xAD, 0x07, 0x1C, 0x1A, 0x33, 0x94 + }; +#endif + static byte ss[WC_ML_KEM_SS_SZ]; + + key = (MlKemKey*)XMALLOC(sizeof(MlKemKey), NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(key); + if (key != NULL) { + XMEMSET(key, 0, sizeof(MlKemKey)); + } + +#ifndef WOLFSSL_NO_ML_KEM_512 + ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_512, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_MlKemKey_DecodePrivateKey(key, dk_512, sizeof(dk_512)), 0); + ExpectIntEQ(wc_MlKemKey_Decapsulate(key, ss, c_512, sizeof(c_512)), 0); + ExpectIntEQ(XMEMCMP(ss, kprime_512, WC_ML_KEM_SS_SZ), 0); + wc_MlKemKey_Free(key); +#endif +#ifndef WOLFSSL_NO_ML_KEM_768 + ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_768, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_MlKemKey_DecodePrivateKey(key, dk_768, sizeof(dk_768)), 0); + ExpectIntEQ(wc_MlKemKey_Decapsulate(key, ss, c_768, sizeof(c_768)), 0); + ExpectIntEQ(XMEMCMP(ss, kprime_768, WC_ML_KEM_SS_SZ), 0); + wc_MlKemKey_Free(key); +#endif +#ifndef WOLFSSL_NO_ML_KEM_1024 + ExpectIntEQ(wc_MlKemKey_Init(key, WC_ML_KEM_1024, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_MlKemKey_DecodePrivateKey(key, dk_1024, sizeof(dk_1024)), 0); + ExpectIntEQ(wc_MlKemKey_Decapsulate(key, ss, c_1024, sizeof(c_1024)), 0); + ExpectIntEQ(XMEMCMP(ss, kprime_1024, WC_ML_KEM_SS_SZ), 0); + wc_MlKemKey_Free(key); +#endif + + XFREE(key, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_mlkem.h b/test/ssl/wolfssl/tests/api/test_mlkem.h new file mode 100644 index 000000000..262a66e1e --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_mlkem.h @@ -0,0 +1,36 @@ +/* test_mlkem.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_MLKEM_H +#define WOLFCRYPT_TEST_MLKEM_H + +#include + +int test_wc_mlkem_make_key_kats(void); +int test_wc_mlkem_encapsulate_kats(void); +int test_wc_mlkem_decapsulate_kats(void); + +#define TEST_MLKEM_DECLS \ + TEST_DECL_GROUP("mlkem", test_wc_mlkem_make_key_kats), \ + TEST_DECL_GROUP("mlkem", test_wc_mlkem_encapsulate_kats), \ + TEST_DECL_GROUP("mlkem", test_wc_mlkem_decapsulate_kats) + +#endif /* WOLFCRYPT_TEST_MLKEM_H */ diff --git a/test/ssl/wolfssl/tests/api/test_ocsp.c b/test/ssl/wolfssl/tests/api/test_ocsp.c new file mode 100644 index 000000000..7f035a137 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ocsp.c @@ -0,0 +1,1027 @@ +/* test_ocsp.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#include +#include +#include +#include +#include + +#if defined(HAVE_OCSP) && !defined(NO_SHA) && !defined(NO_RSA) +struct ocsp_cb_ctx { + byte* response; + int responseSz; +}; + +struct test_conf { + unsigned char* resp; + int respSz; + unsigned char* ca0; + int ca0Sz; + unsigned char* ca1; + int ca1Sz; + unsigned char* targetCert; + int targetCertSz; +}; + +static int ocsp_cb(void* ctx, const char* url, int urlSz, unsigned char* req, + int reqSz, unsigned char** respBuf) +{ + struct ocsp_cb_ctx* cb_ctx = (struct ocsp_cb_ctx*)ctx; + (void)url; + (void)urlSz; + (void)req; + (void)reqSz; + + *respBuf = cb_ctx->response; + return cb_ctx->responseSz; +} + +static int test_ocsp_response_with_cm(struct test_conf* c, int expectedRet) +{ + EXPECT_DECLS; + WOLFSSL_CERT_MANAGER* cm = NULL; + struct ocsp_cb_ctx cb_ctx; + + ExpectNotNull(cm = wolfSSL_CertManagerNew()); + ExpectIntEQ(wolfSSL_CertManagerEnableOCSP(cm, + WOLFSSL_OCSP_URL_OVERRIDE | WOLFSSL_OCSP_NO_NONCE), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CertManagerSetOCSPOverrideURL(cm, "http://foo.com"), + WOLFSSL_SUCCESS); + cb_ctx.response = (byte*)c->resp; + cb_ctx.responseSz = c->respSz; + ExpectIntEQ( + wolfSSL_CertManagerSetOCSP_Cb(cm, ocsp_cb, NULL, (void*)&cb_ctx), + WOLFSSL_SUCCESS); + /* add ca in cm */ + if (c->ca0 != NULL) { + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, c->ca0, c->ca0Sz, + WOLFSSL_FILETYPE_ASN1), + WOLFSSL_SUCCESS); + } + if (c->ca1 != NULL) { + ExpectIntEQ(wolfSSL_CertManagerLoadCABuffer(cm, c->ca1, c->ca1Sz, + WOLFSSL_FILETYPE_ASN1), + WOLFSSL_SUCCESS); + } + /* check cert */ + ExpectIntEQ( + wolfSSL_CertManagerCheckOCSP(cm, c->targetCert, c->targetCertSz), + expectedRet); + if (cm != NULL) + wolfSSL_CertManagerFree(cm); + return EXPECT_RESULT(); +} + +int test_ocsp_response_parsing(void) +{ + EXPECT_DECLS; + struct test_conf conf; + int expectedRet; + + conf.resp = (unsigned char*)resp; + conf.respSz = sizeof(resp); + conf.ca0 = root_ca_cert_pem; + conf.ca0Sz = sizeof(root_ca_cert_pem); + conf.ca1 = NULL; + conf.ca1Sz = 0; + conf.targetCert = intermediate1_ca_cert_pem; + conf.targetCertSz = sizeof(intermediate1_ca_cert_pem); + ExpectIntEQ(test_ocsp_response_with_cm(&conf, WOLFSSL_SUCCESS), + TEST_SUCCESS); + + conf.resp = (unsigned char*)resp_multi; + conf.respSz = sizeof(resp_multi); + conf.ca0 = root_ca_cert_pem; + conf.ca0Sz = sizeof(root_ca_cert_pem); + conf.ca1 = NULL; + conf.ca1Sz = 0; + conf.targetCert = intermediate1_ca_cert_pem; + conf.targetCertSz = sizeof(intermediate1_ca_cert_pem); + ExpectIntEQ(test_ocsp_response_with_cm(&conf, WOLFSSL_SUCCESS), + TEST_SUCCESS); + + conf.resp = (unsigned char*)resp_bad_noauth; + conf.respSz = sizeof(resp_bad_noauth); + conf.ca0 = root_ca_cert_pem; + conf.ca0Sz = sizeof(root_ca_cert_pem); + conf.ca1 = ca_cert_pem; + conf.ca1Sz = sizeof(ca_cert_pem); + conf.targetCert = server_cert_pem; + conf.targetCertSz = sizeof(server_cert_pem); + expectedRet = OCSP_LOOKUP_FAIL; +#ifdef WOLFSSL_NO_OCSP_ISSUER_CHECK + expectedRet = WOLFSSL_SUCCESS; +#endif + ExpectIntEQ(test_ocsp_response_with_cm(&conf, expectedRet), TEST_SUCCESS); + + /* Test response with unusable internal cert but that can be verified in CM + */ + conf.resp = (unsigned char*)resp_bad_embedded_cert; + conf.respSz = sizeof(resp_bad_embedded_cert); + conf.ca0 = root_ca_cert_pem; + conf.ca0Sz = sizeof(root_ca_cert_pem); + conf.ca1 = NULL; + conf.ca1Sz = 0; + conf.targetCert = intermediate1_ca_cert_pem; + conf.targetCertSz = sizeof(intermediate1_ca_cert_pem); + ExpectIntEQ(test_ocsp_response_with_cm(&conf, WOLFSSL_SUCCESS), + TEST_SUCCESS); + return EXPECT_SUCCESS(); +} +#else /* HAVE_OCSP && !NO_SHA */ +int test_ocsp_response_parsing(void) +{ + return TEST_SKIPPED; +} +#endif /* HAVE_OCSP && !NO_SHA */ + +#if defined(HAVE_OCSP) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA)) && \ + !defined(NO_RSA) +static int test_ocsp_create_x509store(WOLFSSL_X509_STORE** store, + unsigned char* ca, int caSz) +{ + EXPECT_DECLS; + WOLFSSL_X509* cert = NULL; + + ExpectNotNull(*store = wolfSSL_X509_STORE_new()); + ExpectNotNull(cert = wolfSSL_X509_d2i(&cert, ca, caSz)); + ExpectIntEQ(wolfSSL_X509_STORE_add_cert(*store, cert), WOLFSSL_SUCCESS); + wolfSSL_X509_free(cert); + return EXPECT_RESULT(); +} + +static int test_create_stack_of_x509(WOLF_STACK_OF(WOLFSSL_X509) * *certs, + unsigned char* der, int derSz) +{ + EXPECT_DECLS; + WOLFSSL_X509* cert = NULL; + + ExpectNotNull(*certs = wolfSSL_sk_X509_new_null()); + ExpectNotNull(cert = wolfSSL_X509_d2i(&cert, der, derSz)); + ExpectIntEQ(wolfSSL_sk_X509_push(*certs, cert), 1); + return EXPECT_RESULT(); +} + +int test_ocsp_basic_verify(void) +{ + EXPECT_DECLS; + WOLF_STACK_OF(WOLFSSL_X509)* certs = NULL; + WOLFSSL_X509_STORE* store = NULL; + const unsigned char* ptr = NULL; + OcspResponse* response = NULL; + DecodedCert cert; + int expectedRet; + + wc_InitDecodedCert(&cert, ocsp_responder_cert_pem, + sizeof(ocsp_responder_cert_pem), NULL); + ExpectIntEQ(wc_ParseCert(&cert, CERT_TYPE, 0, NULL), 0); + + /* just decoding */ + ptr = (const unsigned char*)resp; + ExpectNotNull( + response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp))); + ExpectIntEQ(response->responseStatus, 0); + ExpectIntEQ(response->responderIdType, OCSP_RESPONDER_ID_NAME); + ExpectBufEQ(response->responderId.nameHash, cert.subjectHash, + OCSP_DIGEST_SIZE); + wolfSSL_OCSP_RESPONSE_free(response); + + /* responder Id by key hash */ + ptr = (const unsigned char*)resp_rid_bykey; + ExpectNotNull(response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, + sizeof(resp_rid_bykey))); + ExpectIntEQ(response->responseStatus, 0); + ExpectIntEQ(response->responderIdType, OCSP_RESPONDER_ID_KEY); + ExpectBufEQ(response->responderId.keyHash, cert.subjectKeyHash, + OCSP_RESPONDER_ID_KEY_SZ); + wolfSSL_OCSP_RESPONSE_free(response); + + /* decoding with no embedded certificates */ + ptr = (const unsigned char*)resp_nocert; + ExpectNotNull( + response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert))); + ExpectIntEQ(response->responseStatus, 0); + wolfSSL_OCSP_RESPONSE_free(response); + + /* decoding an invalid response */ + ptr = (const unsigned char*)resp_bad; + ExpectNull( + response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_bad))); + + ptr = (const unsigned char*)resp; + ExpectNotNull( + response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp))); + /* no verify signer certificate */ + ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, NULL, OCSP_NOVERIFY), + WOLFSSL_SUCCESS); + /* verify that the signature is checked */ + if (EXPECT_SUCCESS()) { + response->sig[0] ^= 0xff; + } + ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, NULL, OCSP_NOVERIFY), + WOLFSSL_FAILURE); + wolfSSL_OCSP_RESPONSE_free(response); + response = NULL; + + /* populate a store with root-ca-cert */ + ExpectIntEQ(test_ocsp_create_x509store(&store, root_ca_cert_pem, + sizeof(root_ca_cert_pem)), + TEST_SUCCESS); + + /* populate a WOLF_STACK_OF(WOLFSSL_X509) with responder certificate */ + ExpectIntEQ(test_create_stack_of_x509(&certs, ocsp_responder_cert_pem, + sizeof(ocsp_responder_cert_pem)), + TEST_SUCCESS); + + /* cert not embedded, cert in certs, validated using store */ + ptr = (const unsigned char*)resp_nocert; + ExpectNotNull( + response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert))); + ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0), + WOLFSSL_SUCCESS); + wolfSSL_OCSP_RESPONSE_free(response); + response = NULL; + + /* cert embedded, verified using store */ + ptr = (const unsigned char*)resp; + ExpectNotNull( + response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp))); + ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, store, 0), + WOLFSSL_SUCCESS); + /* make invalid signature */ + if (EXPECT_SUCCESS()) { + response->sig[0] ^= 0xff; + } + ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, NULL, store, 0), + WOLFSSL_FAILURE); + if (EXPECT_SUCCESS()) { + response->sig[0] ^= 0xff; + } + + /* cert embedded and in certs, no store needed bc OCSP_TRUSTOTHER */ + ExpectIntEQ( + wolfSSL_OCSP_basic_verify(response, certs, NULL, OCSP_TRUSTOTHER), + WOLFSSL_SUCCESS); + /* this should also pass */ + ExpectIntEQ( + wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_NOINTERN), + WOLFSSL_SUCCESS); + /* this should not */ + ExpectIntNE(wolfSSL_OCSP_basic_verify(response, NULL, store, OCSP_NOINTERN), + WOLFSSL_SUCCESS); + wolfSSL_OCSP_RESPONSE_free(response); + response = NULL; + + /* cert not embedded, not certs */ + ptr = (const unsigned char*)resp_nocert; + ExpectNotNull( + response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_nocert))); + ExpectIntNE(wolfSSL_OCSP_basic_verify(response, NULL, store, 0), + WOLFSSL_SUCCESS); + wolfSSL_OCSP_RESPONSE_free(response); + response = NULL; + + wolfSSL_sk_X509_pop_free(certs, wolfSSL_X509_free); + certs = NULL; + wolfSSL_X509_STORE_free(store); + store = NULL; + + ExpectIntEQ(test_ocsp_create_x509store(&store, root_ca_cert_pem, + sizeof(root_ca_cert_pem)), + TEST_SUCCESS); + ExpectIntEQ(test_create_stack_of_x509(&certs, root_ca_cert_pem, + sizeof(root_ca_cert_pem)), + TEST_SUCCESS); + + /* multiple responses in a ocsp response */ + ptr = (const unsigned char*)resp_multi; + ExpectNotNull( + response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, sizeof(resp_multi))); + ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0), + WOLFSSL_SUCCESS); + wolfSSL_OCSP_RESPONSE_free(response); + response = NULL; + + /* cert in certs, cert verified on store, not authorized to verify all + * responses */ + ptr = (const unsigned char*)resp_bad_noauth; + ExpectNotNull(response = wolfSSL_d2i_OCSP_RESPONSE(NULL, &ptr, + sizeof(resp_bad_noauth))); + + expectedRet = WOLFSSL_FAILURE; +#ifdef WOLFSSL_NO_OCSP_ISSUER_CHECK + expectedRet = WOLFSSL_SUCCESS; +#endif + ExpectIntEQ(wolfSSL_OCSP_basic_verify(response, certs, store, 0), + expectedRet); + /* should pass with OCSP_NOCHECKS ...*/ + ExpectIntEQ( + wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_NOCHECKS), + WOLFSSL_SUCCESS); + /* or with OSCP_TRUSTOTHER */ + ExpectIntEQ( + wolfSSL_OCSP_basic_verify(response, certs, store, OCSP_TRUSTOTHER), + WOLFSSL_SUCCESS); + wolfSSL_OCSP_RESPONSE_free(response); + + wc_FreeDecodedCert(&cert); + wolfSSL_sk_X509_pop_free(certs, wolfSSL_X509_free); + wolfSSL_X509_STORE_free(store); + return EXPECT_RESULT(); +} +#else +int test_ocsp_basic_verify(void) +{ + return TEST_SKIPPED; +} +#endif /* HAVE_OCSP && (OPENSSL_ALL || OPENSSL_EXTRA) */ + +#if defined(HAVE_OCSP) && defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST) && !defined(WOLFSSL_NO_TLS12) && \ + defined(OPENSSL_ALL) && !defined(WOLFSSL_SMALL_CERT_VERIFY) + +struct _test_ocsp_status_callback_ctx { + byte* ocsp_resp; + int ocsp_resp_sz; + int invoked; +}; + +static int test_ocsp_status_callback_cb(WOLFSSL* ssl, void* ctx) +{ + struct _test_ocsp_status_callback_ctx* _ctx = + (struct _test_ocsp_status_callback_ctx*)ctx; + byte* allocated; + + _ctx->invoked++; + allocated = (byte*)XMALLOC(_ctx->ocsp_resp_sz, NULL, 0); + if (allocated == NULL) + return SSL_TLSEXT_ERR_ALERT_FATAL; + XMEMCPY(allocated, _ctx->ocsp_resp, _ctx->ocsp_resp_sz); + SSL_set_tlsext_status_ocsp_resp(ssl, allocated, _ctx->ocsp_resp_sz); + return SSL_TLSEXT_ERR_OK; +} + +static int test_ocsp_status_callback_cb_noack(WOLFSSL* ssl, void* ctx) +{ + struct _test_ocsp_status_callback_ctx* _ctx = + (struct _test_ocsp_status_callback_ctx*)ctx; + (void)ssl; + + _ctx->invoked++; + return SSL_TLSEXT_ERR_NOACK; +} + +static int test_ocsp_status_callback_cb_err(WOLFSSL* ssl, void* ctx) +{ + struct _test_ocsp_status_callback_ctx* _ctx = + (struct _test_ocsp_status_callback_ctx*)ctx; + (void)ssl; + + _ctx->invoked++; + return SSL_TLSEXT_ERR_ALERT_FATAL; +} + +static int test_ocsp_status_callback_test_setup( + struct _test_ocsp_status_callback_ctx* cb_ctx, + struct test_ssl_memio_ctx* test_ctx, method_provider cm, method_provider sm) +{ + int ret; + + cb_ctx->invoked = 0; + XMEMSET(test_ctx, 0, sizeof(*test_ctx)); + test_ctx->c_cb.caPemFile = "./certs/ocsp/root-ca-cert.pem"; + test_ctx->s_cb.certPemFile = "./certs/ocsp/server1-cert.pem"; + test_ctx->s_cb.keyPemFile = "./certs/ocsp/server1-key.pem"; + test_ctx->c_cb.method = cm; + test_ctx->s_cb.method = sm; + ret = test_ssl_memio_setup(test_ctx); + wolfSSL_set_verify(test_ctx->c_ssl, WOLFSSL_VERIFY_DEFAULT, NULL); + return ret; +} + +int test_ocsp_status_callback(void) +{ + struct test_params { + method_provider c_method; + method_provider s_method; + }; + + const char* responseFile = "./certs/ocsp/test-leaf-response.der"; + struct _test_ocsp_status_callback_ctx cb_ctx; + struct test_ssl_memio_ctx test_ctx; + int enable_client_ocsp; + int enable_must_staple; + XFILE f = XBADFILE; + byte data[4096]; + unsigned int i; + EXPECT_DECLS; + + struct test_params params[] = { + {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method}, +#if defined(WOLFSSL_TLS13) + {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method}, +#endif +#if defined(WOLFSSL_DTLS) + {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method}, +#endif +#if defined(WOLFSSL_DTLS13) + {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method}, +#endif + }; + + XMEMSET(&cb_ctx, 0, sizeof(cb_ctx)); + f = XFOPEN(responseFile, "rb"); + if (f == XBADFILE) + return -1; + cb_ctx.ocsp_resp_sz = (word32)XFREAD(data, 1, 4096, f); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + cb_ctx.ocsp_resp = data; + + for (i = 0; i < sizeof(params) / sizeof(params[0]); i++) { + for (enable_client_ocsp = 0; enable_client_ocsp <= 1; + enable_client_ocsp++) { + ExpectIntEQ(test_ocsp_status_callback_test_setup(&cb_ctx, &test_ctx, + params[i].c_method, params[i].s_method), + TEST_SUCCESS); + ExpectIntEQ(SSL_CTX_set_tlsext_status_cb(test_ctx.s_ctx, + test_ocsp_status_callback_cb), + SSL_SUCCESS); + ExpectIntEQ( + SSL_CTX_set_tlsext_status_arg(test_ctx.s_ctx, (void*)&cb_ctx), + SSL_SUCCESS); + if (enable_client_ocsp) { + ExpectIntEQ(wolfSSL_UseOCSPStapling(test_ctx.c_ssl, + WOLFSSL_CSR_OCSP, 0), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(test_ctx.c_ctx), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(test_ctx.c_ctx), + WOLFSSL_SUCCESS); + } + ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), + TEST_SUCCESS); + ExpectIntEQ(cb_ctx.invoked, enable_client_ocsp ? 1 : 0); + test_ssl_memio_cleanup(&test_ctx); + if (!EXPECT_SUCCESS()) + return EXPECT_RESULT(); + } + } +#if defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) + /* test client sending both OCSPv1 and OCSPv2/MultiOCSP */ + /* StatusCb only supports OCSPv1 */ + ExpectIntEQ(test_ocsp_status_callback_test_setup(&cb_ctx, &test_ctx, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), + TEST_SUCCESS); + ExpectIntEQ(SSL_CTX_set_tlsext_status_cb(test_ctx.s_ctx, + test_ocsp_status_callback_cb), + SSL_SUCCESS); + ExpectIntEQ(SSL_CTX_set_tlsext_status_arg(test_ctx.s_ctx, (void*)&cb_ctx), + SSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(test_ctx.c_ctx), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(test_ctx.c_ctx), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_UseOCSPStapling(test_ctx.c_ssl, WOLFSSL_CSR_OCSP, 0), + WOLFSSL_SUCCESS); + ExpectIntEQ( + wolfSSL_UseOCSPStaplingV2(test_ctx.c_ssl, WOLFSSL_CSR2_OCSP_MULTI, 0), + WOLFSSL_SUCCESS); + wolfSSL_set_verify(test_ctx.c_ssl, WOLFSSL_VERIFY_DEFAULT, NULL); + ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), TEST_SUCCESS); + ExpectIntEQ(cb_ctx.invoked, 1); + test_ssl_memio_cleanup(&test_ctx); + + if (!EXPECT_SUCCESS()) + return EXPECT_RESULT(); +#endif /* defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2) */ + /* test cb returning NO_ACK, not acking the OCSP */ + for (i = 0; i < sizeof(params) / sizeof(params[0]); i++) { + for (enable_must_staple = 0; enable_must_staple <= 1; + enable_must_staple++) { + ExpectIntEQ(test_ocsp_status_callback_test_setup(&cb_ctx, &test_ctx, + params[i].c_method, params[i].s_method), + TEST_SUCCESS); + ExpectIntEQ(SSL_CTX_set_tlsext_status_cb(test_ctx.s_ctx, + test_ocsp_status_callback_cb_noack), + SSL_SUCCESS); + ExpectIntEQ( + SSL_CTX_set_tlsext_status_arg(test_ctx.s_ctx, (void*)&cb_ctx), + SSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(test_ctx.c_ctx), + WOLFSSL_SUCCESS); + ExpectIntEQ( + wolfSSL_UseOCSPStapling(test_ctx.c_ssl, WOLFSSL_CSR_OCSP, 0), + WOLFSSL_SUCCESS); + if (enable_must_staple) + ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(test_ctx.c_ctx), + WOLFSSL_SUCCESS); + wolfSSL_set_verify(test_ctx.c_ssl, WOLFSSL_VERIFY_DEFAULT, NULL); + ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), + enable_must_staple ? TEST_FAIL : TEST_SUCCESS); + ExpectIntEQ(cb_ctx.invoked, 1); + test_ssl_memio_cleanup(&test_ctx); + if (!EXPECT_SUCCESS()) + return EXPECT_RESULT(); + } + } + + /* test cb returning err aborting handshake */ + for (i = 0; i < sizeof(params) / sizeof(params[0]); i++) { + for (enable_client_ocsp = 0; enable_client_ocsp <= 1; + enable_client_ocsp++) { + ExpectIntEQ(test_ocsp_status_callback_test_setup(&cb_ctx, &test_ctx, + params[i].c_method, params[i].s_method), + TEST_SUCCESS); + ExpectIntEQ(SSL_CTX_set_tlsext_status_cb(test_ctx.s_ctx, + test_ocsp_status_callback_cb_err), + SSL_SUCCESS); + ExpectIntEQ( + SSL_CTX_set_tlsext_status_arg(test_ctx.s_ctx, (void*)&cb_ctx), + SSL_SUCCESS); + if (enable_client_ocsp) + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(test_ctx.c_ctx), + WOLFSSL_SUCCESS); + ExpectIntEQ( + wolfSSL_UseOCSPStapling(test_ctx.c_ssl, WOLFSSL_CSR_OCSP, 0), + WOLFSSL_SUCCESS); + wolfSSL_set_verify(test_ctx.c_ssl, WOLFSSL_VERIFY_DEFAULT, NULL); + ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), + enable_client_ocsp ? TEST_FAIL : TEST_SUCCESS); + ExpectIntEQ(cb_ctx.invoked, enable_client_ocsp ? 1 : 0); + test_ssl_memio_cleanup(&test_ctx); + if (!EXPECT_SUCCESS()) + return EXPECT_RESULT(); + } + } + + return EXPECT_RESULT(); +} + +#else +int test_ocsp_status_callback(void) +{ + return TEST_SKIPPED; +} +#endif /* defined(HAVE_OCSP) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) \ + && defined(HAVE_CERTIFICATE_STATUS_REQUEST) && \ + !defined(WOLFSSL_NO_TLS12) \ + && defined(OPENSSL_ALL) */ + +#if !defined(NO_SHA) && defined(OPENSSL_ALL) && defined(HAVE_OCSP) && \ + !defined(WOLFSSL_SM3) && !defined(WOLFSSL_SM2) && !defined(NO_RSA) +int test_ocsp_certid_enc_dec(void) +{ + EXPECT_DECLS; + WOLFSSL_OCSP_CERTID* certIdDec = NULL; + WOLFSSL_OCSP_CERTID* certId = NULL; + WOLFSSL_X509* subject = NULL; + WOLFSSL_X509* issuer = NULL; + unsigned char* temp = NULL; + unsigned char* der2 = NULL; + unsigned char* der = NULL; + int derSz = 0, derSz1 = 0; + + /* Load test certificates */ + ExpectNotNull( + subject = wolfSSL_X509_load_certificate_file( + "./certs/ocsp/intermediate1-ca-cert.pem", WOLFSSL_FILETYPE_PEM)); + ExpectNotNull(issuer = wolfSSL_X509_load_certificate_file( + "./certs/ocsp/root-ca-cert.pem", WOLFSSL_FILETYPE_PEM)); + + /* Create CERTID from certificates */ + ExpectNotNull(certId = wolfSSL_OCSP_cert_to_id(NULL, subject, issuer)); + + /* get len */ + ExpectIntGT(derSz = wolfSSL_i2d_OCSP_CERTID(certId, NULL), 0); + + /* encode it */ + ExpectIntGT(derSz1 = wolfSSL_i2d_OCSP_CERTID(certId, &der), 0); + ExpectIntEQ(derSz, derSz1); + + if (EXPECT_SUCCESS()) + temp = der2 = (unsigned char*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_OPENSSL); + ExpectNotNull(der2); + /* encode without allocation */ + ExpectIntGT(derSz1 = wolfSSL_i2d_OCSP_CERTID(certId, &der2), 0); + ExpectIntEQ(derSz, derSz1); + ExpectPtrEq(der2, temp + derSz); + ExpectBufEQ(der, temp, derSz); + XFREE(temp, NULL, DYNAMIC_TYPE_OPENSSL); + + /* save original */ + temp = der; + /* decode it */ + ExpectNotNull(certIdDec = wolfSSL_d2i_OCSP_CERTID(NULL, + (const unsigned char**)&der, derSz)); + /* check ptr is advanced */ + ExpectPtrEq(der, temp + derSz); + der = der2; + XFREE(temp, NULL, DYNAMIC_TYPE_OPENSSL); + + /* compare */ + ExpectIntEQ(wolfSSL_OCSP_id_cmp(certId, certIdDec), 0); + + wolfSSL_OCSP_CERTID_free(certId); + wolfSSL_OCSP_CERTID_free(certIdDec); + wolfSSL_X509_free(subject); + wolfSSL_X509_free(issuer); + return EXPECT_SUCCESS(); +} +#else /* !NO_SHA && OPENSSL_ALL && HAVE_OCSP && !WOLFSSL_SM3 && !WOLFSSL_SM2 */ +int test_ocsp_certid_enc_dec(void) +{ + return TEST_SKIPPED; +} +#endif + +#if defined(HAVE_OCSP) && defined(WOLFSSL_CERT_SETUP_CB) && \ + defined(HAVE_SSL_MEMIO_TESTS_DEPENDENCIES) && !defined(NO_RSA) && \ + (defined(HAVE_CERTIFICATE_STATUS_REQUEST) || \ + defined(HAVE_CERTIFICATE_STATUS_REQUEST_V2)) && \ + defined(SESSION_CERTS) + +static struct { + size_t chainLen; + byte failStaple:2; +} test_ocsp_tls_cert_cb_opts; +/* --- certificate-selection callback ----------------------------------- */ +static int test_ocsp_tls_cert_cb_cert_cb(WOLFSSL* ssl, void* arg) +{ + (void)arg; + switch (test_ocsp_tls_cert_cb_opts.chainLen) { + case 1: + if (wolfSSL_use_certificate_file(ssl, + "./certs/ocsp/server1-cert.pem", WOLFSSL_FILETYPE_PEM) + != WOLFSSL_SUCCESS) + return 0; + break; + case 2: { + /* We need to limit the buffer to only the leaf and int certs */ + byte* buf = NULL; + size_t bufLen = 0; + byte* lastCert = NULL; + byte loaded = 0; + + if (wc_FileLoad("./certs/ocsp/server1-cert.pem", &buf, &bufLen, + NULL) != 0) + return 0; + /* Find the last cert */ + lastCert = (byte*)XSTRNSTR((char*)buf, + "-----BEGIN CERTIFICATE-----", (unsigned int)bufLen); + if (lastCert != NULL) { + lastCert = (byte*)XSTRNSTR((char*)lastCert + 1, + "-----BEGIN CERTIFICATE-----", + (unsigned int)(bufLen - (lastCert - buf))); + } + if (lastCert != NULL) { + lastCert = (byte*)XSTRNSTR((char*)lastCert + 1, + "-----BEGIN CERTIFICATE-----", + (unsigned int)(bufLen - (lastCert - buf))); + } + if (lastCert != NULL) { + if (wolfSSL_use_certificate_chain_buffer(ssl, buf, lastCert - buf) + == WOLFSSL_SUCCESS) + loaded = 1; + } + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + if (!loaded) + return 0; + break; + } + case 3: + if (wolfSSL_use_certificate_chain_file(ssl, + "./certs/ocsp/server1-cert.pem") + != WOLFSSL_SUCCESS) + return 0; + break; + } + if (wolfSSL_use_PrivateKey_file(ssl, + "./certs/ocsp/server1-key.pem", WOLFSSL_FILETYPE_PEM) + != WOLFSSL_SUCCESS) + return 0; + return 1; /* success */ +} + +static int test_ocsp_tls_cert_cb_status_cb(WOLFSSL* ssl, void* ioCtx) +{ + byte* leaf_resp = NULL; + byte* int_resp = NULL; + byte* root_resp = NULL; + int ret = WOLFSSL_OCSP_STATUS_CB_ALERT_FATAL; + (void)ioCtx; + leaf_resp = (byte*)XMALLOC(sizeof(resp_server1_cert), NULL, 0); + int_resp = (byte*)XMALLOC(sizeof(resp_intermediate1_cert), NULL, 0); + root_resp = (byte*)XMALLOC(sizeof(resp_root_ca_cert), NULL, 0); + if (leaf_resp != NULL && int_resp != NULL && root_resp != NULL) { + XMEMCPY(leaf_resp, resp_server1_cert, sizeof(resp_server1_cert)); + XMEMCPY(int_resp, resp_intermediate1_cert, sizeof(resp_intermediate1_cert)); + XMEMCPY(root_resp, resp_root_ca_cert, sizeof(resp_root_ca_cert)); + /* 320 is inside the signature so flipping bits should cause errors */ + switch (test_ocsp_tls_cert_cb_opts.failStaple) { + case 1: + leaf_resp[320] = ~leaf_resp[320]; + break; + case 2: + int_resp[320] = ~int_resp[320]; + break; + case 3: + root_resp[320] = ~root_resp[320]; + break; + } + if (wolfSSL_set_tlsext_status_ocsp_resp_multi(ssl, leaf_resp, + sizeof(resp_server1_cert), 0) == WOLFSSL_SUCCESS) + leaf_resp = NULL; + if (wolfSSL_set_tlsext_status_ocsp_resp_multi(ssl, int_resp, + sizeof(resp_intermediate1_cert), 1) == WOLFSSL_SUCCESS) + int_resp = NULL; + if (wolfSSL_set_tlsext_status_ocsp_resp_multi(ssl, root_resp, + sizeof(resp_root_ca_cert), 2) == WOLFSSL_SUCCESS) + root_resp = NULL; + /* If all responses loaded then return OK */ + if (leaf_resp == NULL && int_resp == NULL && root_resp == NULL) + ret = WOLFSSL_OCSP_STATUS_CB_OK; + } + XFREE(leaf_resp, NULL, 0); + XFREE(int_resp, NULL, 0); + XFREE(root_resp, NULL, 0); + return ret; +} + +static int test_ocsp_tls_cert_cb_verify_cb(int preverify, + WOLFSSL_X509_STORE_CTX* store) +{ + int ret = 1; + int err = wolfSSL_X509_STORE_CTX_get_error(store); + int idx = wolfSSL_X509_STORE_CTX_get_error_depth(store); + + if (err == WC_NO_ERR_TRACE(ASN_NO_SIGNER_E) || + err == WC_NO_ERR_TRACE(ASN_SELF_SIGNED_E) +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_EXTRA_X509_SMALL) || \ + defined(HAVE_WEBSERVER) || defined(HAVE_MEMCACHED) + || err == WOLFSSL_X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY + || err == WOLFSSL_X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT +#endif + ) { + WOLFSSL_BUFFER_INFO* bInfo = &store->certs[idx]; + WOLFSSL_CERT_MANAGER* cm = NULL; + DecodedCert cert; + byte certInit = 0; + + ret = 1; + cm = wolfSSL_CertManagerNew(); + if (cm == NULL) + ret = 0; + if (ret == 1 && + wolfSSL_CertManagerLoadCA(cm, "./certs/ocsp/root-ca-cert.pem", NULL) + != WOLFSSL_SUCCESS) + ret = 0; + /* If verifying leaf cert then we need to load the intermediate CA */ + if (ret == 1 && idx == 0 && + wolfSSL_CertManagerLoadCA(cm, "./certs/ocsp/intermediate1-ca-cert.pem", NULL) + != WOLFSSL_SUCCESS) + ret = 0; + + /* Verify cert with CA */ + if (ret == 1) { + wc_InitDecodedCert(&cert, bInfo->buffer, bInfo->length, NULL); + certInit = 1; + } + if (ret == 1 && wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm) != 0) + ret = 0; + + if (certInit) + wc_FreeDecodedCert(&cert); + wolfSSL_CertManagerFree(cm); + } + (void)preverify; + return ret; +} + +static int test_ocsp_tls_cert_cb_ocsp_verify_cb(WOLFSSL* ssl, int err, + byte* staple, word32 stapleSz, word32 idx, void* arg) +{ + (void)ssl; + (void)arg; + if (err != 0) { + WOLFSSL_CERT_MANAGER* cm = NULL; + DecodedCert cert; + byte certInit = 0; + WOLFSSL_OCSP* ocsp = NULL; + WOLFSSL_X509_CHAIN* peerCerts; + + cm = wolfSSL_CertManagerNew(); + if (cm == NULL) + goto cleanup; + if (wolfSSL_CertManagerLoadCA(cm, "./certs/ocsp/root-ca-cert.pem", NULL) + != WOLFSSL_SUCCESS) + goto cleanup; + /* If verifying leaf cert then we need to load the intermediate CA */ + if (idx == 0 && wolfSSL_CertManagerLoadCA(cm, + "./certs/ocsp/intermediate1-ca-cert.pem", NULL) + != WOLFSSL_SUCCESS) + goto cleanup; + + peerCerts = wolfSSL_get_peer_chain(ssl); + if (peerCerts == NULL || wolfSSL_get_chain_count(peerCerts) <= (int)idx) + goto cleanup; + + /* Verify cert with CA */ + wc_InitDecodedCert(&cert, wolfSSL_get_chain_cert(peerCerts, idx), + wolfSSL_get_chain_length(peerCerts, idx), NULL); + certInit = 1; + if (wc_ParseCert(&cert, CERT_TYPE, VERIFY, cm) != 0) + goto cleanup; + if ((ocsp = wc_NewOCSP(cm)) == NULL) + goto cleanup; + if (wc_CheckCertOcspResponse(ocsp, &cert, staple, stapleSz, NULL) != 0) + goto cleanup; + + err = 0; +cleanup: + wc_FreeOCSP(ocsp); + if (certInit) + wc_FreeDecodedCert(&cert); + wolfSSL_CertManagerFree(cm); + } + return err; +} + +static int test_ocsp_tls_cert_cb_ctx_ready(WOLFSSL_CTX* ctx) +{ + /* server: dynamic cert */ + wolfSSL_CTX_set_cert_cb(ctx, test_ocsp_tls_cert_cb_cert_cb, NULL); + return TEST_SUCCESS; +} + +/* --- very small OCSP-status callback ---------------------------------- */ +/* no status callback path - context struct not needed */ + +/* --- the actual test case --------------------------------------------- */ +int test_ocsp_tls_cert_cb(void) +{ + EXPECT_DECLS; + size_t i, j, chainLen; + struct { + method_provider client_meth; + method_provider server_meth; + const char* tls_version; + byte useV2:1; + byte useV2multi:1; + byte maxFail:2; + } params[] = { +#if !defined(WOLFSSL_NO_TLS12) + { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2", 0, 0, 1 }, + { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2", 1, 0, 1 }, + { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2", 1, 1, 1 }, + { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2", 0, 0, 1 }, + { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2", 1, 0, 1 }, + { wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, "TLSv1_2", 1, 1, 3 }, +#ifdef WOLFSSL_DTLS + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2", 0, 0, 1 }, + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2", 1, 0, 1 }, + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2", 1, 1, 1 }, + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2", 0, 0, 1 }, + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2", 1, 0, 1 }, + { wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, "DTLSv1_2", 1, 1, 3 }, +#endif +#endif +#ifdef WOLFSSL_TLS13 + { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLSv1_3", 0, 0, 3 }, + { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, "TLSv1_3", 0, 0, 1 }, +#ifdef WOLFSSL_DTLS13 + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLSv1_3", 0, 0, 3 }, + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, "DTLSv1_3", 0, 0, 1 }, +#endif +#endif + }; + + for (i = 0; i < XELEM_CNT(params) && !EXPECT_FAIL(); i++) { + printf("\nTesting %s\n", params[i].tls_version); + for (chainLen = 1; chainLen <= 3 && !EXPECT_FAIL(); chainLen++) { + printf("\tWith chain length %zu\n", chainLen); + /* 0 - all staples valid + * 1-3 - break the corresponding staple */ + for (j = 0; j <= params[i].maxFail && j <= chainLen && !EXPECT_FAIL(); j++) { + struct test_ssl_memio_ctx test_ctx; + byte skip = 0; + + test_ocsp_tls_cert_cb_opts.failStaple = j; + printf("\t%s (%zu)", j ? "with failing staple" : "correct staple", j); + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + test_ctx.c_cb.caPemFile = ""; + /* Do NOT preload any cert/key into the server context: leave empty strings + so that ctx setup code skips loading them entirely and the only cert + comes from the per-connection callback below. */ + test_ctx.s_cb.certPemFile = ""; /* nothing pre-loaded */ + test_ctx.s_cb.keyPemFile = ""; + + test_ctx.c_cb.method = params[i].client_meth; + test_ctx.s_cb.method = params[i].server_meth; + + test_ocsp_tls_cert_cb_opts.chainLen = chainLen; + + test_ctx.s_cb.ctx_ready = test_ocsp_tls_cert_cb_ctx_ready; + + ExpectIntEQ(test_ssl_memio_setup(&test_ctx), TEST_SUCCESS); + + /* Unload the certificate that test helpers may have put into the server + SSL object - we want the server to *not* have any certificate at the + moment it parses ClientHello so that the early OCSP code path fails. */ + ExpectIntEQ(wolfSSL_UnloadCertsKeys(test_ctx.s_ssl), WOLFSSL_SUCCESS); + + /* turn on OCSP stapling on the server side */ + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(test_ctx.s_ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_set_tlsext_status_cb(test_ctx.s_ctx, + test_ocsp_tls_cert_cb_status_cb), WOLFSSL_SUCCESS); + + /* client: request stapling */ + wolfSSL_set_verify(test_ctx.c_ssl, WOLFSSL_VERIFY_DEFAULT, + test_ocsp_tls_cert_cb_verify_cb); + wolfSSL_CTX_set_ocsp_status_verify_cb(test_ctx.c_ctx, + test_ocsp_tls_cert_cb_ocsp_verify_cb, NULL); + + /* Set the ssl object as the cert callback context as there is + * no way to get ssl from the store without OPENSSL_EXTRA */ + wolfSSL_SetCertCbCtx(test_ctx.c_ssl, test_ctx.c_ssl); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPStapling(test_ctx.c_ctx), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_EnableOCSPMustStaple(test_ctx.c_ctx), WOLFSSL_SUCCESS); + if (params[i].useV2) { + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST_V2 + printf("\twith V2 %s\n", params[i].useV2multi ? "multi" : "single"); + ExpectIntEQ(wolfSSL_UseOCSPStaplingV2(test_ctx.c_ssl, + params[i].useV2multi ? + WOLFSSL_CSR2_OCSP_MULTI : WOLFSSL_CSR2_OCSP, + WOLFSSL_CSR2_OCSP_USE_NONCE), + WOLFSSL_SUCCESS); + #else + skip = 1; + #endif + } + else { + #ifdef HAVE_CERTIFICATE_STATUS_REQUEST + printf("\twith V1\n"); + ExpectIntEQ(wolfSSL_UseOCSPStapling(test_ctx.c_ssl, + WOLFSSL_CSR_OCSP, 0), + WOLFSSL_SUCCESS); + #else + skip = 1; + #endif + } + + if (!skip) { + ExpectIntEQ(test_ssl_memio_do_handshake(&test_ctx, 10, NULL), + j == 0 ? TEST_SUCCESS : TEST_FAIL); + if (j != 0) { + WOLFSSL_ALERT_HISTORY h; + XMEMSET(&h, 0, sizeof(h)); + ExpectIntEQ(wolfSSL_get_alert_history(test_ctx.s_ssl, &h), + WOLFSSL_SUCCESS); + ExpectIntEQ(h.last_rx.level, alert_fatal); + ExpectIntEQ(h.last_rx.code, bad_certificate_status_response); + } + } + else { + /* coverity[deadcode] - skip is only set for some build configs */ + printf("\tskipping test case\n"); + } + + test_ssl_memio_cleanup(&test_ctx); + } + } + } + + return EXPECT_RESULT(); +} + +#else /* feature guards */ +int test_ocsp_tls_cert_cb(void) +{ + return TEST_SKIPPED; +} +#endif diff --git a/test/ssl/wolfssl/tests/api/test_ocsp.h b/test/ssl/wolfssl/tests/api/test_ocsp.h new file mode 100644 index 000000000..267809f5a --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ocsp.h @@ -0,0 +1,31 @@ +/* test_ocsp.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFSSL_TEST_OCSP_H +#define WOLFSSL_TEST_OCSP_H + +int test_ocsp_certid_enc_dec(void); +int test_ocsp_status_callback(void); +int test_ocsp_basic_verify(void); +int test_ocsp_response_parsing(void); +int test_ocsp_tls_cert_cb(void); +#endif /* WOLFSSL_TEST_OCSP_H */ + diff --git a/test/ssl/wolfssl/tests/api/test_ocsp_test_blobs.h b/test/ssl/wolfssl/tests/api/test_ocsp_test_blobs.h new file mode 100644 index 000000000..a3e65771f --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ocsp_test_blobs.h @@ -0,0 +1,1682 @@ +/* +* This file is generated automatically by running ./tests/api/create_ocsp_test_blobs.py. +* +* ocsp_test_blobs.h +* + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ +#ifndef OCSP_TEST_BLOBS_H +#define OCSP_TEST_BLOBS_H + +unsigned char resp[] = { + 0x30, 0x82, 0x07, 0x04, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x06, 0xfd, 0x30, + 0x82, 0x06, 0xf9, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x06, 0xea, 0x30, 0x82, 0x06, 0xe6, 0x30, 0x82, + 0x01, 0x06, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, + 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, + 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, + 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, + 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, + 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, + 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, + 0x31, 0x31, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, + 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, + 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, + 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, + 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, + 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, + 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x31, 0x5a, + 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x77, 0xa3, 0x5a, 0x2a, 0x99, 0x67, + 0x53, 0x05, 0x9a, 0x78, 0x1d, 0x37, 0x22, 0x63, 0x0d, 0x59, 0x9e, 0x41, + 0x38, 0xef, 0xc2, 0x2a, 0x6e, 0x6e, 0xad, 0x35, 0xd4, 0x4d, 0xa9, 0x91, + 0x33, 0xf8, 0x74, 0xef, 0xf9, 0xaa, 0x18, 0xb7, 0x29, 0xf8, 0x3b, 0xe0, + 0x49, 0xe8, 0x50, 0x3c, 0x38, 0xd8, 0xee, 0x53, 0xd9, 0xb6, 0xe2, 0xda, + 0x63, 0x84, 0xef, 0xe3, 0xa8, 0xbc, 0x7c, 0x6d, 0x65, 0x9b, 0x97, 0x13, + 0x3f, 0x25, 0x82, 0x48, 0x61, 0x9b, 0x28, 0xdc, 0xae, 0xad, 0xa3, 0xb1, + 0x56, 0x42, 0xb8, 0x78, 0x10, 0x53, 0x03, 0x77, 0x51, 0x28, 0xd5, 0x7d, + 0x4d, 0x88, 0x9c, 0x15, 0xee, 0x7c, 0xac, 0x54, 0x86, 0x6b, 0xc2, 0x5e, + 0x2d, 0x64, 0xfb, 0xd9, 0x35, 0xfd, 0x18, 0x7e, 0xc3, 0x89, 0x3c, 0x72, + 0x8e, 0x22, 0xd0, 0x31, 0xb5, 0x5f, 0xc9, 0x2b, 0xed, 0x89, 0xec, 0xff, + 0x4b, 0xba, 0xde, 0x1a, 0x9e, 0xed, 0x61, 0x79, 0x4f, 0x85, 0xbc, 0x5c, + 0xc5, 0x50, 0xe3, 0x8a, 0xb1, 0x28, 0x45, 0x75, 0xb5, 0x65, 0x0b, 0xb9, + 0xb3, 0x6f, 0xd4, 0x4b, 0x4f, 0x6d, 0x45, 0x0a, 0x8f, 0xbf, 0xe5, 0xdf, + 0x87, 0x33, 0xd2, 0xaf, 0x09, 0x8a, 0x19, 0x5b, 0x3b, 0x4e, 0xad, 0xb3, + 0x6f, 0xdd, 0xf3, 0xf4, 0x4f, 0xd3, 0x68, 0xc5, 0x70, 0x74, 0x7c, 0xa0, + 0x77, 0xa8, 0x88, 0x73, 0x05, 0x6c, 0xe8, 0x56, 0x43, 0xa4, 0xe3, 0x9f, + 0x66, 0xa1, 0xbb, 0x3e, 0xbf, 0xbb, 0x49, 0xaf, 0x13, 0xa7, 0x13, 0x09, + 0x04, 0x52, 0x87, 0xdd, 0x0a, 0x72, 0x7b, 0x69, 0xd9, 0x5b, 0xa9, 0xfc, + 0xa5, 0x5a, 0x33, 0xad, 0xc6, 0x95, 0x26, 0x2c, 0x64, 0x3d, 0x6c, 0x47, + 0x3d, 0x88, 0xcb, 0x8b, 0x5b, 0x73, 0xf4, 0x93, 0x57, 0x70, 0x3e, 0xc1, + 0xbf, 0xfc, 0x54, 0xd1, 0xfb, 0xe3, 0x1f, 0x73, 0x9d, 0x47, 0xa0, 0x82, + 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, + 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, + 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, + 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, + 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, + 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, + 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, + 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, + 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, 0x31, 0x31, 0x33, 0x32, 0x30, 0x34, + 0x31, 0x33, 0x35, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30, 0x38, 0x30, 0x39, + 0x32, 0x30, 0x34, 0x31, 0x33, 0x35, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, + 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, + 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, + 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23, + 0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, + 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, + 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, + 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41, + 0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, + 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, + 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, + 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce, + 0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, + 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, + 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, + 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a, + 0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, + 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, + 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, + 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11, + 0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, + 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, + 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, + 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3, + 0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, + 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, + 0x01, 0x06, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, + 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, + 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, + 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, + 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, + 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, + 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, + 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, + 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, + 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x01, 0x63, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, + 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x22, 0xcf, 0xe2, 0xc4, + 0x3c, 0x0e, 0xcf, 0x43, 0xc2, 0x2b, 0x77, 0xd9, 0x53, 0xbb, 0xbf, 0x46, + 0x5a, 0x67, 0x26, 0x1f, 0xd6, 0x8c, 0xe2, 0xae, 0xd3, 0x6b, 0xda, 0x7c, + 0xa5, 0xb4, 0x79, 0x29, 0x0f, 0xb8, 0xf0, 0x14, 0x71, 0x90, 0x21, 0x7c, + 0x3c, 0x23, 0x2e, 0x5b, 0xb6, 0xb6, 0x66, 0xb5, 0xd2, 0xfd, 0x96, 0x21, + 0x4c, 0x7c, 0x9d, 0x9f, 0x85, 0x69, 0x8c, 0xd8, 0xc2, 0xbf, 0x3b, 0x1f, + 0x7b, 0xaf, 0x27, 0xb9, 0x30, 0x5b, 0x51, 0x4a, 0x16, 0x07, 0xa0, 0x14, + 0x80, 0x47, 0x31, 0x45, 0xf0, 0x31, 0x35, 0xb9, 0x93, 0x39, 0x77, 0x32, + 0x51, 0xa0, 0x8b, 0x93, 0x91, 0x96, 0x77, 0x41, 0x1a, 0x30, 0x15, 0xb8, + 0xe6, 0xeb, 0x49, 0x8e, 0x3c, 0xa5, 0x11, 0x46, 0x68, 0x13, 0xf5, 0x61, + 0x07, 0xac, 0x42, 0x3e, 0x69, 0xf3, 0x9f, 0x6b, 0x64, 0xd5, 0xe4, 0x42, + 0x1d, 0xed, 0x6c, 0xb7, 0x3b, 0xb1, 0x78, 0xc6, 0x9a, 0xb0, 0x38, 0xe2, + 0xe6, 0xfe, 0x5b, 0xc3, 0x87, 0x11, 0x49, 0x1e, 0x48, 0x73, 0x5a, 0x88, + 0x77, 0x89, 0xfb, 0xc7, 0x87, 0xef, 0x87, 0xe1, 0x17, 0x8b, 0x66, 0x16, + 0x44, 0x7c, 0x6e, 0x5f, 0x2d, 0x5a, 0x2f, 0xd0, 0xbe, 0x76, 0x69, 0x84, + 0xda, 0x3c, 0xa3, 0x4f, 0xbf, 0x00, 0xff, 0xcc, 0x67, 0x06, 0x16, 0x40, + 0x0f, 0x75, 0xdc, 0xe3, 0x20, 0xd6, 0x7b, 0x99, 0xc7, 0xbf, 0x38, 0x21, + 0x51, 0x30, 0x4a, 0x4b, 0x77, 0xd7, 0x39, 0xd3, 0xe2, 0x4d, 0x67, 0x68, + 0x0e, 0x7c, 0x95, 0xc4, 0x51, 0x22, 0xc4, 0x0f, 0x74, 0xa5, 0xdd, 0xf5, + 0xac, 0xa8, 0xf5, 0x8c, 0xfb, 0x90, 0xba, 0xff, 0x5e, 0x3e, 0x1f, 0xaa, + 0x7d, 0x61, 0xbb, 0xa4, 0x22, 0x35, 0x16, 0x64, 0xfc, 0x42, 0x27, 0x0b, + 0xc9, 0xe3, 0xba, 0x21, 0xad, 0x7b, 0x24, 0x2a, 0xa5, 0x25, 0xb7, 0xc4, +}; + +unsigned char resp_rid_bykey[] = { + 0x30, 0x82, 0x06, 0x76, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x06, 0x6f, 0x30, + 0x82, 0x06, 0x6b, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x06, 0x5c, 0x30, 0x82, 0x06, 0x58, 0x30, 0x7a, + 0xa2, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, + 0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, + 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, + 0x34, 0x35, 0x31, 0x31, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, + 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, + 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, + 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, + 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, + 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, + 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, + 0x31, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x96, 0x55, 0xb7, 0x59, + 0xc8, 0x72, 0xda, 0xa4, 0xae, 0xa4, 0x38, 0x1f, 0x65, 0x2e, 0x3f, 0x2c, + 0x19, 0x66, 0xa0, 0x10, 0x5d, 0xcf, 0x45, 0x52, 0x84, 0xcc, 0xe3, 0x45, + 0xd8, 0x6c, 0x74, 0x39, 0x01, 0x1d, 0x6b, 0x6a, 0x9c, 0x65, 0xc0, 0x26, + 0x32, 0x24, 0x38, 0x0d, 0xd3, 0xcd, 0x14, 0xa4, 0x22, 0x7e, 0x49, 0x10, + 0xee, 0xf0, 0xda, 0xb4, 0x7b, 0x92, 0x04, 0x3a, 0xe0, 0xce, 0x8b, 0x0c, + 0xdf, 0xa4, 0xf5, 0xe7, 0x94, 0x6d, 0x8b, 0x4b, 0x7c, 0x9e, 0xd3, 0x3f, + 0x20, 0xf8, 0x0a, 0x7f, 0xe6, 0x1a, 0x20, 0xd0, 0x7e, 0xde, 0x65, 0x38, + 0xe8, 0xc9, 0x99, 0xb2, 0x82, 0xf7, 0x95, 0xce, 0xf6, 0x25, 0x5e, 0xb6, + 0xb5, 0xad, 0x73, 0x63, 0x84, 0x4f, 0x6c, 0x54, 0xe2, 0x48, 0xb1, 0x65, + 0x6a, 0x6d, 0x2c, 0xe8, 0xf1, 0x6d, 0x42, 0x0e, 0x75, 0x02, 0x8f, 0x90, + 0xc4, 0x3d, 0x27, 0x64, 0x55, 0xfe, 0x31, 0x63, 0x4b, 0x9c, 0xa2, 0x99, + 0xa5, 0xb8, 0xa4, 0x10, 0x6f, 0xf9, 0x86, 0xbd, 0xb6, 0xeb, 0x49, 0x10, + 0x6c, 0x73, 0xd2, 0x9e, 0x9a, 0x8e, 0xe1, 0xb3, 0xde, 0x8a, 0xfe, 0x8b, + 0xdd, 0xb3, 0x81, 0x79, 0x26, 0x4a, 0x75, 0x70, 0xb9, 0x3a, 0x95, 0x27, + 0x6a, 0xe3, 0x2a, 0xaf, 0x57, 0x0e, 0xf8, 0x56, 0xc0, 0x71, 0x65, 0x75, + 0xdd, 0x3e, 0x51, 0x11, 0xda, 0x63, 0xae, 0x26, 0x8f, 0x8e, 0xc1, 0x5e, + 0xfb, 0xee, 0xa9, 0x39, 0xfa, 0xc8, 0xbe, 0xec, 0x62, 0x56, 0xf1, 0x5b, + 0x9c, 0xa0, 0x63, 0xde, 0x2b, 0xbf, 0x1f, 0xef, 0xd5, 0xec, 0x17, 0x13, + 0xba, 0x48, 0x30, 0x22, 0x19, 0xe1, 0xce, 0x25, 0xee, 0x90, 0xff, 0x2a, + 0x7d, 0xd4, 0x88, 0x79, 0x5b, 0xe7, 0x23, 0xe1, 0xbe, 0x8d, 0x84, 0x3d, + 0x1c, 0x4e, 0x1a, 0xdb, 0x15, 0x65, 0x79, 0xf7, 0xb1, 0xf8, 0xb0, 0x19, + 0xa0, 0x82, 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, + 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, + 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, + 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, + 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, + 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, + 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, + 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, + 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, + 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, 0x31, 0x31, 0x33, 0x32, + 0x30, 0x34, 0x31, 0x33, 0x35, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30, 0x38, + 0x30, 0x39, 0x32, 0x30, 0x34, 0x31, 0x33, 0x35, 0x5a, 0x30, 0x81, 0x9e, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, + 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, + 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, + 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, + 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, + 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, + 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, + 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, + 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, + 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb8, + 0xba, 0x23, 0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, + 0xa1, 0xf5, 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, 0x50, 0x6d, 0xf8, 0x7c, + 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, 0xf7, 0x63, 0x88, 0xd1, + 0x07, 0x7a, 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, 0x22, 0xb4, + 0x94, 0x41, 0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, + 0xc5, 0xdb, 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, 0x5a, 0x3f, 0x41, 0x74, + 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, 0x42, 0xf8, 0x8d, 0xeb, + 0x92, 0x95, 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, 0x16, 0x80, + 0x90, 0xce, 0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, + 0x2d, 0xb3, 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, 0x50, 0xee, 0x4a, 0x16, + 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, 0x99, 0xe2, 0x10, 0xa7, + 0x06, 0x72, 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, 0x76, 0xf8, + 0xe0, 0x4a, 0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, + 0x66, 0x03, 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, 0xfe, 0x97, 0xf5, 0x1e, + 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, 0x3c, 0xab, 0x82, 0x71, + 0x78, 0xff, 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, 0x8c, 0x27, + 0xac, 0x11, 0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, + 0xae, 0xda, 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, 0x65, 0x6c, 0x00, 0x76, + 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, 0x26, 0x14, 0x87, 0x95, + 0xc3, 0x5f, 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, 0x0a, 0x8b, + 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, + 0x65, 0xe5, 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x0a, + 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, + 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, + 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, + 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, 0x30, 0x81, + 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, + 0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, + 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, + 0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, + 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, + 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, + 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, + 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, + 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, + 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, + 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x22, 0xcf, + 0xe2, 0xc4, 0x3c, 0x0e, 0xcf, 0x43, 0xc2, 0x2b, 0x77, 0xd9, 0x53, 0xbb, + 0xbf, 0x46, 0x5a, 0x67, 0x26, 0x1f, 0xd6, 0x8c, 0xe2, 0xae, 0xd3, 0x6b, + 0xda, 0x7c, 0xa5, 0xb4, 0x79, 0x29, 0x0f, 0xb8, 0xf0, 0x14, 0x71, 0x90, + 0x21, 0x7c, 0x3c, 0x23, 0x2e, 0x5b, 0xb6, 0xb6, 0x66, 0xb5, 0xd2, 0xfd, + 0x96, 0x21, 0x4c, 0x7c, 0x9d, 0x9f, 0x85, 0x69, 0x8c, 0xd8, 0xc2, 0xbf, + 0x3b, 0x1f, 0x7b, 0xaf, 0x27, 0xb9, 0x30, 0x5b, 0x51, 0x4a, 0x16, 0x07, + 0xa0, 0x14, 0x80, 0x47, 0x31, 0x45, 0xf0, 0x31, 0x35, 0xb9, 0x93, 0x39, + 0x77, 0x32, 0x51, 0xa0, 0x8b, 0x93, 0x91, 0x96, 0x77, 0x41, 0x1a, 0x30, + 0x15, 0xb8, 0xe6, 0xeb, 0x49, 0x8e, 0x3c, 0xa5, 0x11, 0x46, 0x68, 0x13, + 0xf5, 0x61, 0x07, 0xac, 0x42, 0x3e, 0x69, 0xf3, 0x9f, 0x6b, 0x64, 0xd5, + 0xe4, 0x42, 0x1d, 0xed, 0x6c, 0xb7, 0x3b, 0xb1, 0x78, 0xc6, 0x9a, 0xb0, + 0x38, 0xe2, 0xe6, 0xfe, 0x5b, 0xc3, 0x87, 0x11, 0x49, 0x1e, 0x48, 0x73, + 0x5a, 0x88, 0x77, 0x89, 0xfb, 0xc7, 0x87, 0xef, 0x87, 0xe1, 0x17, 0x8b, + 0x66, 0x16, 0x44, 0x7c, 0x6e, 0x5f, 0x2d, 0x5a, 0x2f, 0xd0, 0xbe, 0x76, + 0x69, 0x84, 0xda, 0x3c, 0xa3, 0x4f, 0xbf, 0x00, 0xff, 0xcc, 0x67, 0x06, + 0x16, 0x40, 0x0f, 0x75, 0xdc, 0xe3, 0x20, 0xd6, 0x7b, 0x99, 0xc7, 0xbf, + 0x38, 0x21, 0x51, 0x30, 0x4a, 0x4b, 0x77, 0xd7, 0x39, 0xd3, 0xe2, 0x4d, + 0x67, 0x68, 0x0e, 0x7c, 0x95, 0xc4, 0x51, 0x22, 0xc4, 0x0f, 0x74, 0xa5, + 0xdd, 0xf5, 0xac, 0xa8, 0xf5, 0x8c, 0xfb, 0x90, 0xba, 0xff, 0x5e, 0x3e, + 0x1f, 0xaa, 0x7d, 0x61, 0xbb, 0xa4, 0x22, 0x35, 0x16, 0x64, 0xfc, 0x42, + 0x27, 0x0b, 0xc9, 0xe3, 0xba, 0x21, 0xad, 0x7b, 0x24, 0x2a, 0xa5, 0x25, + 0xb7, 0xc4, +}; + +unsigned char resp_nocert[] = { + 0x30, 0x82, 0x02, 0x3a, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x02, 0x33, 0x30, + 0x82, 0x02, 0x2f, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x02, 0x20, 0x30, 0x82, 0x02, 0x1c, 0x30, 0x82, + 0x01, 0x06, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, + 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, + 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, + 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, + 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, + 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, + 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, + 0x31, 0x32, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, + 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, + 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, + 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, + 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, + 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, + 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x32, 0x5a, + 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x0c, 0x08, 0xa7, 0x1f, 0x3b, 0x80, + 0x04, 0x81, 0x91, 0x97, 0xf6, 0xe1, 0x1f, 0xb9, 0x88, 0x02, 0x83, 0xb2, + 0xe9, 0x25, 0x0c, 0x4e, 0x27, 0xcd, 0x5f, 0xc7, 0x8b, 0x40, 0x01, 0xb9, + 0x3b, 0xa1, 0xd4, 0x5b, 0xb4, 0x88, 0x30, 0x47, 0x35, 0xa9, 0xe4, 0x9c, + 0x6d, 0xee, 0x4c, 0xbf, 0x2c, 0x34, 0x41, 0x3e, 0x7a, 0x23, 0x0a, 0x37, + 0x19, 0x4c, 0x57, 0xce, 0xa6, 0x95, 0xda, 0xc9, 0x0f, 0xb3, 0x3a, 0x33, + 0x82, 0x93, 0x07, 0x84, 0x0b, 0x2b, 0x3f, 0x31, 0x00, 0x9c, 0xe2, 0xae, + 0x82, 0x44, 0x0e, 0x96, 0x01, 0x19, 0xa9, 0x95, 0x13, 0xd2, 0xcc, 0x8e, + 0xf2, 0x42, 0xac, 0x90, 0x4a, 0xfb, 0x54, 0xb8, 0x67, 0x09, 0x70, 0x87, + 0x02, 0xa9, 0x29, 0xfa, 0xee, 0x41, 0xf1, 0xf0, 0x0b, 0x6a, 0x8c, 0xeb, + 0x83, 0x55, 0xcf, 0x63, 0xc4, 0x92, 0x31, 0xa2, 0x4e, 0x1c, 0xad, 0x53, + 0x24, 0x96, 0x71, 0x03, 0x06, 0x15, 0xac, 0x8a, 0x6e, 0x17, 0x23, 0x2a, + 0x6e, 0x55, 0xae, 0xcb, 0xe4, 0x6a, 0x90, 0x31, 0x87, 0x32, 0x55, 0x02, + 0xc6, 0xf8, 0x84, 0xd9, 0x53, 0x87, 0x63, 0x74, 0x01, 0x8c, 0x75, 0x35, + 0xa7, 0x01, 0x94, 0xd4, 0x06, 0x77, 0xb5, 0xac, 0x13, 0xe6, 0x21, 0x59, + 0x42, 0x7c, 0x3f, 0x5a, 0x19, 0x79, 0xb7, 0xd5, 0xde, 0xac, 0x80, 0x03, + 0xd8, 0x52, 0x5c, 0xc9, 0xcd, 0xf1, 0x1c, 0xe2, 0x86, 0x72, 0x5f, 0xe7, + 0xfc, 0xe8, 0xa3, 0xa9, 0xb1, 0xb0, 0xbc, 0x06, 0xe8, 0xe7, 0x33, 0x71, + 0x64, 0xb3, 0x9d, 0xb3, 0x61, 0x1c, 0x13, 0x86, 0x16, 0x55, 0xc0, 0x8e, + 0x3d, 0x60, 0xea, 0x36, 0xdd, 0xbf, 0x88, 0x08, 0x2c, 0x07, 0x7d, 0xb0, + 0xac, 0xe9, 0x48, 0xd5, 0xf4, 0x1f, 0x0e, 0xb4, 0xe3, 0x79, 0xbe, 0x75, + 0x7e, 0x74, 0x0a, 0xa3, 0xb3, 0xf6, 0x5a, 0x85, 0x03, 0x38, +}; + +unsigned char resp_multi[] = { + 0x30, 0x82, 0x02, 0x83, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x02, 0x7c, 0x30, + 0x82, 0x02, 0x78, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x02, 0x69, 0x30, 0x82, 0x02, 0x65, 0x30, 0x82, + 0x01, 0x4f, 0xa1, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, + 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, + 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, + 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, + 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, + 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x32, 0x5a, 0x30, 0x81, 0x9e, 0x30, + 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, + 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, + 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, + 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, + 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, + 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, + 0x33, 0x34, 0x35, 0x31, 0x32, 0x5a, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, + 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, + 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, + 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, + 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, + 0x72, 0x15, 0x21, 0x02, 0x01, 0x02, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, + 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x32, + 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x6c, 0x2b, 0x73, 0x06, 0x9f, + 0x64, 0x03, 0xa4, 0x84, 0xdc, 0x1d, 0x19, 0x1e, 0x2e, 0xee, 0x6e, 0xfd, + 0x96, 0x07, 0x6d, 0xa1, 0x79, 0xad, 0x65, 0xbd, 0x6e, 0xe5, 0xf1, 0x0d, + 0xae, 0xd2, 0x3d, 0xda, 0xf0, 0xc3, 0x2b, 0x21, 0xd7, 0x31, 0x7c, 0x77, + 0x74, 0x86, 0xc8, 0xad, 0xb7, 0xb0, 0xc3, 0x13, 0x42, 0x37, 0x58, 0x39, + 0xf6, 0xb1, 0x1a, 0x15, 0x57, 0x0c, 0x5e, 0xe6, 0xe7, 0x5b, 0x29, 0x3c, + 0x59, 0xba, 0x41, 0x91, 0xe1, 0x8f, 0x7a, 0x95, 0x9e, 0xaf, 0xa0, 0xbc, + 0xf2, 0x69, 0x85, 0x34, 0xe0, 0xb0, 0x9e, 0xc3, 0x73, 0x67, 0xec, 0xd3, + 0x67, 0xbe, 0x15, 0xbd, 0x5f, 0xa0, 0x07, 0xd4, 0x37, 0xda, 0xd5, 0x3d, + 0xf5, 0x4c, 0xfc, 0x40, 0xe3, 0x61, 0xdc, 0xb4, 0x42, 0x04, 0x64, 0xb8, + 0xf7, 0x68, 0x86, 0x3d, 0x2b, 0x68, 0xf3, 0xf1, 0x80, 0xf9, 0x52, 0x93, + 0x5f, 0x9e, 0x67, 0xa9, 0xec, 0x4c, 0x37, 0x2a, 0xfe, 0xbe, 0x57, 0xa5, + 0x28, 0x0b, 0xfb, 0xc7, 0xa2, 0x18, 0x4b, 0xed, 0xee, 0xc0, 0x23, 0x8e, + 0xd3, 0x73, 0x5c, 0x6a, 0x58, 0xf4, 0x8e, 0x39, 0x3e, 0x54, 0xf2, 0x93, + 0x97, 0x4b, 0x46, 0xd7, 0x64, 0xc9, 0x8c, 0x0b, 0x5f, 0x69, 0xeb, 0x34, + 0x73, 0x69, 0xd0, 0x99, 0x4e, 0x84, 0x3d, 0x3b, 0x1c, 0x6c, 0x39, 0x5f, + 0xfa, 0x19, 0xd2, 0xa9, 0xd4, 0xf9, 0xc5, 0x99, 0x6e, 0xfa, 0x8e, 0xdb, + 0x67, 0x14, 0x01, 0xf8, 0x20, 0xfa, 0xad, 0x29, 0x27, 0xf9, 0x58, 0x97, + 0xbe, 0x78, 0x6b, 0xb5, 0xa2, 0x02, 0x15, 0xff, 0xde, 0x41, 0xbb, 0xec, + 0x07, 0x75, 0xcf, 0xe5, 0x6a, 0x3e, 0x87, 0x8d, 0x35, 0xc4, 0xf0, 0xbc, + 0x6e, 0x47, 0x66, 0x6c, 0x8f, 0x23, 0x0e, 0xb0, 0xfe, 0x52, 0xa7, 0xc0, + 0xf3, 0x54, 0x9c, 0xee, 0xea, 0x14, 0xd4, 0xb7, 0x10, 0x1c, 0x73, +}; + +unsigned char resp_bad_noauth[] = { + 0x30, 0x82, 0x02, 0x83, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x02, 0x7c, 0x30, + 0x82, 0x02, 0x78, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x02, 0x69, 0x30, 0x82, 0x02, 0x65, 0x30, 0x82, + 0x01, 0x4f, 0xa1, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, + 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, + 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, + 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, + 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, + 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x32, 0x5a, 0x30, 0x81, 0x9e, 0x30, + 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, + 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, + 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, + 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, + 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, + 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, + 0x33, 0x34, 0x35, 0x31, 0x32, 0x5a, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, + 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0xff, 0x66, 0x21, + 0x8a, 0x6e, 0xc5, 0x86, 0x61, 0x84, 0x25, 0x9a, 0xba, 0xd6, 0x55, 0x39, + 0xfb, 0x25, 0x51, 0x2c, 0xdd, 0x04, 0x14, 0x27, 0x8e, 0x67, 0x11, 0x74, + 0xc3, 0x26, 0x1d, 0x3f, 0xed, 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, 0x30, + 0xe5, 0xe8, 0xd5, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, + 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x32, + 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x05, 0xf6, 0xc6, 0x48, 0x26, + 0x16, 0xf7, 0x42, 0x1d, 0x97, 0xa4, 0x49, 0xc9, 0x3d, 0xad, 0x42, 0x72, + 0x01, 0xe7, 0x76, 0x9b, 0x4b, 0xc6, 0x61, 0x6d, 0xa4, 0x62, 0xc4, 0x0e, + 0x24, 0x67, 0xdd, 0xfa, 0xd0, 0xa2, 0x10, 0x73, 0x0d, 0x23, 0xb1, 0xd1, + 0xd1, 0x19, 0x3d, 0x26, 0x8b, 0xd1, 0x0d, 0x43, 0xfe, 0x30, 0x23, 0xf8, + 0xde, 0x0a, 0x9a, 0x61, 0xe4, 0xb6, 0xa8, 0x1b, 0xec, 0xd5, 0x79, 0x9b, + 0x8f, 0x06, 0x2b, 0x78, 0x26, 0xca, 0xfc, 0xa3, 0x45, 0x07, 0x77, 0x69, + 0xab, 0x65, 0x9c, 0x66, 0x08, 0x0b, 0x94, 0xe1, 0x2b, 0x3e, 0xd2, 0x84, + 0xed, 0x68, 0xdd, 0x12, 0x76, 0x47, 0x43, 0x7e, 0xc3, 0x5c, 0x3d, 0x88, + 0x39, 0x6c, 0xf0, 0xb5, 0x86, 0xc1, 0x17, 0xb9, 0x2e, 0xdc, 0xf3, 0x4c, + 0xd8, 0x9b, 0xe4, 0xfe, 0xd1, 0x12, 0xee, 0x8e, 0xbd, 0xc3, 0xb8, 0x20, + 0x36, 0x4e, 0x06, 0xdc, 0x64, 0xab, 0x97, 0xd0, 0x81, 0x57, 0xc0, 0xf0, + 0x6c, 0x09, 0xe6, 0x3a, 0x13, 0x49, 0xc7, 0x66, 0x23, 0xf6, 0xd1, 0xec, + 0x06, 0xe7, 0x8a, 0xca, 0xfc, 0x24, 0xec, 0x1f, 0xc4, 0x37, 0x04, 0x6e, + 0x10, 0x0d, 0xbf, 0x73, 0x5c, 0x8c, 0x5b, 0xc3, 0xb6, 0xb7, 0xf0, 0xc7, + 0x80, 0xbc, 0x45, 0xa3, 0x34, 0x4c, 0x87, 0x94, 0x5e, 0x1c, 0xc8, 0xb0, + 0x46, 0xc5, 0xc6, 0x80, 0x83, 0x82, 0x66, 0x2a, 0x22, 0xa9, 0x66, 0xf3, + 0x3e, 0x7e, 0x17, 0xd7, 0x43, 0x11, 0x34, 0xf3, 0xf6, 0x83, 0x51, 0xd6, + 0x5a, 0x70, 0x3b, 0xe6, 0x79, 0xab, 0x47, 0x76, 0x83, 0x45, 0x93, 0xb9, + 0xc5, 0x11, 0xa9, 0x76, 0x93, 0x16, 0x58, 0xf3, 0x4f, 0x46, 0x9f, 0x13, + 0x6c, 0x41, 0x3d, 0xc0, 0x07, 0xac, 0x40, 0x6a, 0x23, 0x30, 0x97, 0x92, + 0x9f, 0x9a, 0xbf, 0x10, 0x9b, 0x0e, 0x14, 0xcd, 0x9a, 0x93, 0x49, +}; + +unsigned char resp_bad_embedded_cert[] = { + 0x30, 0x82, 0x07, 0x2e, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x07, 0x27, 0x30, + 0x82, 0x07, 0x23, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x07, 0x14, 0x30, 0x82, 0x07, 0x10, 0x30, 0x81, + 0xff, 0xa1, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, + 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, + 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, + 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, + 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, + 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, + 0x6f, 0x6d, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, + 0x31, 0x33, 0x34, 0x35, 0x31, 0x32, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, + 0x38, 0x30, 0x07, 0x06, 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, + 0x44, 0xa8, 0xdb, 0xd1, 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, + 0x4c, 0xb8, 0xd2, 0x52, 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, + 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, + 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, + 0x0f, 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, + 0x35, 0x31, 0x32, 0x5a, 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x39, 0xb1, + 0xe0, 0x89, 0x79, 0xb7, 0x70, 0x14, 0xb9, 0x05, 0x0a, 0x2d, 0xf1, 0xa7, + 0x48, 0xbc, 0x28, 0x31, 0xc4, 0x8c, 0xd9, 0xe8, 0x99, 0x99, 0x0d, 0xb8, + 0x7c, 0x05, 0xc1, 0xd8, 0x16, 0x72, 0x30, 0x98, 0x85, 0xbb, 0xc9, 0xc3, + 0x99, 0x79, 0xaa, 0x2b, 0x82, 0xb3, 0x24, 0xc9, 0xe1, 0x27, 0x71, 0x37, + 0x6c, 0x07, 0x6a, 0x44, 0x96, 0xa3, 0x5e, 0x8b, 0x07, 0x54, 0x4a, 0x2b, + 0x3d, 0xe0, 0x1f, 0xfb, 0xa6, 0xce, 0xb7, 0x0a, 0x40, 0x1a, 0xb8, 0x8e, + 0xff, 0x5c, 0xeb, 0xb7, 0x87, 0xcf, 0xfc, 0xfb, 0x2d, 0xf0, 0x14, 0x60, + 0xc0, 0x9a, 0xfa, 0xc7, 0x1a, 0x91, 0x61, 0xe9, 0x66, 0x32, 0x52, 0x73, + 0x2b, 0x44, 0x28, 0xd9, 0xe9, 0xb9, 0xcd, 0x3d, 0x8e, 0x8a, 0x56, 0x09, + 0x21, 0x24, 0xf4, 0x74, 0xd9, 0xad, 0xf2, 0x52, 0xb9, 0x7e, 0xd0, 0x34, + 0xa0, 0xfe, 0xf0, 0xfc, 0x3f, 0x2f, 0x27, 0x0b, 0x85, 0x26, 0x52, 0xc4, + 0x0f, 0xb2, 0x75, 0xdd, 0x9e, 0xd6, 0xd2, 0xcf, 0x78, 0x47, 0x72, 0x5c, + 0x31, 0xdc, 0x95, 0x4e, 0x4a, 0x97, 0x67, 0xbd, 0x81, 0x80, 0xee, 0xc3, + 0xc8, 0xb6, 0xd2, 0x8d, 0xb2, 0x67, 0xfd, 0x79, 0x3c, 0xc6, 0xa4, 0xbf, + 0xf8, 0xea, 0xcf, 0xf8, 0x95, 0x66, 0x65, 0x1d, 0x28, 0x6c, 0x52, 0x91, + 0xdc, 0x2a, 0x6c, 0x17, 0x54, 0x2b, 0x89, 0x44, 0xd9, 0xe3, 0x9c, 0x4c, + 0xf3, 0x8d, 0x1c, 0x02, 0x1b, 0x8d, 0x83, 0xbe, 0x4d, 0x67, 0xed, 0x13, + 0x47, 0xbd, 0xfb, 0x45, 0xa6, 0x7c, 0x6d, 0x20, 0x1a, 0xbc, 0x6f, 0x28, + 0xa3, 0xa2, 0xc5, 0xfc, 0x89, 0x12, 0xc6, 0x3d, 0x9e, 0x0b, 0x32, 0xdc, + 0x7d, 0x62, 0x96, 0xaa, 0x08, 0x05, 0x55, 0xf4, 0x6b, 0x8c, 0xa8, 0x27, + 0xbb, 0x10, 0xdf, 0xe1, 0xdc, 0x01, 0x4b, 0x2a, 0x2b, 0x88, 0x48, 0x4d, + 0x42, 0x11, 0xa0, 0x82, 0x04, 0xf8, 0x30, 0x82, 0x04, 0xf4, 0x30, 0x82, + 0x04, 0xf0, 0x30, 0x82, 0x03, 0xd8, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, + 0x01, 0x02, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, + 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, + 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, + 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, + 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, 0x31, 0x31, + 0x33, 0x32, 0x30, 0x34, 0x31, 0x33, 0x35, 0x5a, 0x17, 0x0d, 0x32, 0x38, + 0x30, 0x38, 0x30, 0x39, 0x32, 0x30, 0x34, 0x31, 0x33, 0x35, 0x5a, 0x30, + 0x81, 0xa1, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, + 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, + 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, + 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, + 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x22, + 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x77, 0x6f, 0x6c, + 0x66, 0x53, 0x53, 0x4c, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6d, 0x65, + 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x20, 0x32, 0x31, 0x1f, + 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, + 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, + 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, + 0x82, 0x01, 0x01, 0x00, 0xd0, 0x20, 0x3c, 0x35, 0x19, 0x6f, 0x2c, 0x44, + 0xb4, 0x7e, 0x42, 0xc7, 0x75, 0xb4, 0x6a, 0x2b, 0xa9, 0x23, 0x85, 0xbf, + 0x87, 0xb4, 0xee, 0xca, 0xd7, 0x4b, 0x1f, 0x31, 0xd7, 0x11, 0x02, 0xa1, + 0xab, 0x58, 0x3d, 0xfb, 0xdc, 0x51, 0xca, 0x3a, 0x1d, 0x1f, 0x95, 0xa6, + 0x56, 0x82, 0xf7, 0x8f, 0xff, 0x6b, 0x50, 0xbb, 0xea, 0x10, 0xe1, 0x47, + 0x1d, 0x35, 0x77, 0x2e, 0x4b, 0x28, 0xc5, 0x53, 0x46, 0x23, 0x2b, 0x82, + 0xfd, 0x5a, 0xd3, 0xf4, 0x21, 0xdb, 0x0e, 0xe0, 0xf2, 0x76, 0x33, 0x47, + 0xb3, 0x00, 0xbe, 0x3a, 0xb1, 0x23, 0x98, 0x53, 0xeb, 0xea, 0xa0, 0xde, + 0x1b, 0xcc, 0x05, 0x4e, 0xee, 0x63, 0xa8, 0x2c, 0x93, 0x24, 0xd6, 0x98, + 0x78, 0x74, 0x03, 0xe4, 0xc8, 0x89, 0x43, 0x61, 0xf1, 0x25, 0xb8, 0xcd, + 0x3b, 0x87, 0xc1, 0x31, 0x25, 0xfd, 0xba, 0x4c, 0xfc, 0x29, 0x94, 0x45, + 0x9e, 0x69, 0xd7, 0x67, 0x0a, 0x8a, 0x8e, 0xd5, 0x52, 0x93, 0x30, 0xa2, + 0x0e, 0xdd, 0x6a, 0x1c, 0xb0, 0x94, 0x77, 0xdb, 0x52, 0x52, 0xb7, 0x89, + 0x21, 0xbe, 0x96, 0x75, 0x24, 0xcb, 0xe9, 0x49, 0xdf, 0x81, 0x9d, 0x9d, + 0xf8, 0x55, 0x7d, 0x01, 0x2a, 0xeb, 0x78, 0x03, 0x12, 0xe2, 0x20, 0x6e, + 0xdb, 0x63, 0x35, 0xcd, 0xa1, 0x96, 0xf0, 0xf8, 0x8c, 0x20, 0x35, 0x69, + 0x87, 0x01, 0xca, 0xb4, 0x54, 0x36, 0xa0, 0x15, 0xe0, 0x23, 0x7d, 0xb9, + 0xfb, 0xbe, 0x99, 0x05, 0x50, 0xf0, 0xbf, 0xec, 0x7f, 0x12, 0xe1, 0x3d, + 0x75, 0x15, 0x4e, 0xc8, 0xc2, 0x30, 0xe6, 0x8b, 0xfe, 0xe5, 0x8b, 0x55, + 0xf8, 0x44, 0x5e, 0xe5, 0xe3, 0x56, 0xe0, 0x66, 0x2d, 0x6f, 0x42, 0x5a, + 0x45, 0x6b, 0x96, 0xaa, 0xc7, 0x5d, 0x41, 0x08, 0x5f, 0xce, 0xd7, 0xdc, + 0x9f, 0x20, 0xe4, 0x46, 0x78, 0xff, 0xd9, 0x99, 0x02, 0x03, 0x01, 0x00, + 0x01, 0xa3, 0x82, 0x01, 0x39, 0x30, 0x82, 0x01, 0x35, 0x30, 0x0c, 0x06, + 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, + 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x05, 0xd1, + 0xba, 0x86, 0x00, 0xa2, 0xee, 0x2a, 0x05, 0x24, 0xb7, 0x11, 0xad, 0x2d, + 0x60, 0xf1, 0x90, 0x14, 0x8f, 0x17, 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, + 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, 0x73, 0xb0, + 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, + 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, 0x81, 0x9a, + 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, + 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, + 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, + 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, + 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, + 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, + 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, + 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, + 0x63, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, 0x03, 0x02, + 0x01, 0x06, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x01, 0x01, 0x04, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, 0x68, 0x74, 0x74, 0x70, + 0x3a, 0x2f, 0x2f, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, 0x2e, 0x31, + 0x3a, 0x32, 0x32, 0x32, 0x32, 0x30, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x01, 0x00, 0x14, 0x28, 0x63, 0xb9, 0xba, 0xcc, 0x8b, 0xe6, 0x78, 0x22, + 0x08, 0xdf, 0x6a, 0x26, 0x01, 0x54, 0x0c, 0x18, 0x57, 0xa3, 0x3d, 0x3b, + 0xeb, 0xfe, 0xa7, 0x6f, 0x8f, 0xee, 0xb6, 0x93, 0xf8, 0x09, 0xf5, 0x76, + 0x8b, 0xe9, 0xad, 0x3b, 0x89, 0xb3, 0x7d, 0xc4, 0x87, 0x10, 0x9a, 0xfe, + 0xc0, 0x98, 0x0a, 0x67, 0xfe, 0xe9, 0xee, 0x83, 0x5f, 0x45, 0xd6, 0x56, + 0x14, 0x40, 0xee, 0x92, 0x6c, 0x88, 0x34, 0x7a, 0x0a, 0x99, 0x17, 0xc5, + 0x4b, 0xf3, 0x12, 0xf3, 0xa7, 0xb0, 0x33, 0x67, 0x12, 0x56, 0x67, 0xd1, + 0x46, 0x4d, 0x73, 0x3a, 0xe8, 0xb7, 0x48, 0x4e, 0xc5, 0x39, 0xeb, 0x37, + 0x9c, 0xd5, 0xdd, 0x75, 0x6c, 0xb1, 0xca, 0x8f, 0x3f, 0x91, 0x64, 0xb0, + 0x8a, 0x2c, 0xca, 0xb0, 0xc3, 0xf4, 0x8e, 0x42, 0x15, 0x33, 0x2d, 0xf9, + 0xa6, 0x3b, 0x07, 0xb6, 0xba, 0xee, 0x50, 0xe4, 0xff, 0xc8, 0xb3, 0x9d, + 0x1f, 0xaf, 0x10, 0x74, 0x14, 0xd7, 0x77, 0xf9, 0x66, 0x30, 0x22, 0x21, + 0x41, 0xef, 0x7b, 0xa4, 0x3d, 0xde, 0x6a, 0xf8, 0xf4, 0x1f, 0x33, 0x34, + 0xd7, 0xd2, 0x71, 0xf3, 0x68, 0xbb, 0x1d, 0x2b, 0x07, 0xe1, 0x8e, 0xae, + 0x20, 0x41, 0x15, 0x6d, 0xc1, 0xc2, 0x13, 0x65, 0x21, 0x1b, 0x10, 0xea, + 0x27, 0x14, 0x19, 0x13, 0xbf, 0xdf, 0x15, 0x24, 0xfe, 0x08, 0xfb, 0x45, + 0xc3, 0xf4, 0xe4, 0x00, 0x20, 0x70, 0x6c, 0x91, 0x94, 0xc7, 0x05, 0x0f, + 0xb4, 0xe1, 0x5b, 0xb3, 0x51, 0xe4, 0x16, 0x74, 0xf2, 0x84, 0xba, 0xd8, + 0x6e, 0x68, 0x7b, 0x5a, 0xe1, 0xc8, 0xcb, 0x60, 0x71, 0x71, 0x0b, 0x09, + 0x7d, 0x3d, 0x0a, 0xe9, 0x97, 0x00, 0x20, 0x9c, 0xc3, 0xed, 0xb3, 0x9e, + 0xd1, 0x1d, 0x78, 0x19, 0xa0, 0x0e, 0x6d, 0x3d, 0xcf, 0x08, 0xda, 0x18, + 0x63, 0xc4, 0x6f, 0x11, 0x22, 0x28, +}; + +unsigned char resp_server1_cert[] = { + 0x30, 0x82, 0x07, 0x04, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x06, 0xfd, 0x30, + 0x82, 0x06, 0xf9, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x06, 0xea, 0x30, 0x82, 0x06, 0xe6, 0x30, 0x82, + 0x01, 0x06, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, + 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, + 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, + 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, + 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, + 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, + 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, + 0x31, 0x33, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, + 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x71, 0x4d, 0x82, 0x23, + 0x40, 0x59, 0xc0, 0x96, 0xa1, 0x37, 0x43, 0xfa, 0x31, 0xdb, 0xba, 0xb1, + 0x43, 0x18, 0xda, 0x04, 0x04, 0x14, 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, + 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2, 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, + 0xda, 0x0e, 0x02, 0x01, 0x05, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, + 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x33, 0x5a, + 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x92, 0xf3, 0x3c, 0x80, 0x59, 0xca, + 0xcd, 0xd6, 0xf4, 0x67, 0x69, 0x0d, 0x23, 0x4a, 0x0c, 0xa7, 0x0e, 0xfb, + 0xf7, 0xef, 0x99, 0xdf, 0x5b, 0xef, 0xac, 0x95, 0x8e, 0x81, 0x94, 0x4d, + 0x81, 0xf2, 0x8c, 0xb8, 0x93, 0x67, 0x84, 0x39, 0xdb, 0x6d, 0x97, 0x3e, + 0xc3, 0xff, 0xef, 0xb4, 0x66, 0x34, 0xb4, 0xb4, 0x66, 0xfa, 0x8a, 0xc0, + 0x17, 0x8b, 0xac, 0x8b, 0x02, 0x70, 0x49, 0x5b, 0x9b, 0xc7, 0xf7, 0xc3, + 0xcd, 0x8c, 0x2a, 0xd8, 0x07, 0xfd, 0xc2, 0x64, 0x37, 0x09, 0x2b, 0x29, + 0xba, 0xa4, 0xfc, 0xb2, 0xcd, 0x9c, 0xbf, 0x53, 0xa6, 0xe4, 0x41, 0xa4, + 0x3b, 0x75, 0x48, 0x6e, 0xd3, 0x23, 0xca, 0x9e, 0xbd, 0x49, 0xcc, 0xaf, + 0x41, 0x78, 0x93, 0xba, 0x91, 0xa6, 0xae, 0xd3, 0xbf, 0x2e, 0x79, 0x0a, + 0x9c, 0xa2, 0x89, 0xe3, 0x0d, 0xe1, 0x4c, 0x1e, 0xf0, 0x53, 0x62, 0x19, + 0xc4, 0x89, 0x18, 0xc9, 0x67, 0x64, 0x14, 0x4a, 0x4c, 0x50, 0xf1, 0xdf, + 0x64, 0xe8, 0x49, 0xc2, 0x19, 0xca, 0x74, 0xb6, 0x3d, 0xdb, 0x50, 0x59, + 0x33, 0x96, 0x72, 0x43, 0x5b, 0x7c, 0x51, 0x0b, 0x88, 0x5f, 0x90, 0x67, + 0x1b, 0xdd, 0x77, 0xca, 0xef, 0xb1, 0x32, 0x01, 0xcb, 0x4c, 0x9d, 0xbb, + 0x42, 0xbc, 0x68, 0x30, 0xc6, 0xa0, 0x61, 0x1f, 0xcd, 0xbd, 0x79, 0xc5, + 0x5d, 0x61, 0x87, 0x04, 0xad, 0x03, 0x6a, 0xdc, 0xd4, 0xfa, 0x36, 0xc5, + 0xde, 0x77, 0xd3, 0xf0, 0x5b, 0x26, 0x26, 0x17, 0x13, 0xbe, 0x03, 0x5d, + 0x19, 0x0b, 0x80, 0x52, 0xf7, 0x0c, 0xa9, 0x2a, 0xba, 0x03, 0x21, 0xe9, + 0xaf, 0x0b, 0xf8, 0x38, 0x3e, 0x01, 0x84, 0x5e, 0xd7, 0xe1, 0x1f, 0x29, + 0xd9, 0xb8, 0xb3, 0x7b, 0x4c, 0x2b, 0xb2, 0x1f, 0xcb, 0xb3, 0xb8, 0x98, + 0x0d, 0x42, 0xa8, 0x25, 0x61, 0x7f, 0x48, 0xa6, 0xb4, 0xd8, 0xa0, 0x82, + 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, + 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, + 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, + 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, + 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, + 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, + 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, + 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, + 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, 0x31, 0x31, 0x33, 0x32, 0x30, 0x34, + 0x31, 0x33, 0x35, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30, 0x38, 0x30, 0x39, + 0x32, 0x30, 0x34, 0x31, 0x33, 0x35, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, + 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, + 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, + 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23, + 0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, + 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, + 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, + 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41, + 0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, + 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, + 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, + 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce, + 0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, + 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, + 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, + 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a, + 0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, + 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, + 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, + 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11, + 0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, + 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, + 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, + 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3, + 0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, + 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, + 0x01, 0x06, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, + 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, + 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, + 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, + 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, + 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, + 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, + 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, + 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, + 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x01, 0x63, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, + 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x22, 0xcf, 0xe2, 0xc4, + 0x3c, 0x0e, 0xcf, 0x43, 0xc2, 0x2b, 0x77, 0xd9, 0x53, 0xbb, 0xbf, 0x46, + 0x5a, 0x67, 0x26, 0x1f, 0xd6, 0x8c, 0xe2, 0xae, 0xd3, 0x6b, 0xda, 0x7c, + 0xa5, 0xb4, 0x79, 0x29, 0x0f, 0xb8, 0xf0, 0x14, 0x71, 0x90, 0x21, 0x7c, + 0x3c, 0x23, 0x2e, 0x5b, 0xb6, 0xb6, 0x66, 0xb5, 0xd2, 0xfd, 0x96, 0x21, + 0x4c, 0x7c, 0x9d, 0x9f, 0x85, 0x69, 0x8c, 0xd8, 0xc2, 0xbf, 0x3b, 0x1f, + 0x7b, 0xaf, 0x27, 0xb9, 0x30, 0x5b, 0x51, 0x4a, 0x16, 0x07, 0xa0, 0x14, + 0x80, 0x47, 0x31, 0x45, 0xf0, 0x31, 0x35, 0xb9, 0x93, 0x39, 0x77, 0x32, + 0x51, 0xa0, 0x8b, 0x93, 0x91, 0x96, 0x77, 0x41, 0x1a, 0x30, 0x15, 0xb8, + 0xe6, 0xeb, 0x49, 0x8e, 0x3c, 0xa5, 0x11, 0x46, 0x68, 0x13, 0xf5, 0x61, + 0x07, 0xac, 0x42, 0x3e, 0x69, 0xf3, 0x9f, 0x6b, 0x64, 0xd5, 0xe4, 0x42, + 0x1d, 0xed, 0x6c, 0xb7, 0x3b, 0xb1, 0x78, 0xc6, 0x9a, 0xb0, 0x38, 0xe2, + 0xe6, 0xfe, 0x5b, 0xc3, 0x87, 0x11, 0x49, 0x1e, 0x48, 0x73, 0x5a, 0x88, + 0x77, 0x89, 0xfb, 0xc7, 0x87, 0xef, 0x87, 0xe1, 0x17, 0x8b, 0x66, 0x16, + 0x44, 0x7c, 0x6e, 0x5f, 0x2d, 0x5a, 0x2f, 0xd0, 0xbe, 0x76, 0x69, 0x84, + 0xda, 0x3c, 0xa3, 0x4f, 0xbf, 0x00, 0xff, 0xcc, 0x67, 0x06, 0x16, 0x40, + 0x0f, 0x75, 0xdc, 0xe3, 0x20, 0xd6, 0x7b, 0x99, 0xc7, 0xbf, 0x38, 0x21, + 0x51, 0x30, 0x4a, 0x4b, 0x77, 0xd7, 0x39, 0xd3, 0xe2, 0x4d, 0x67, 0x68, + 0x0e, 0x7c, 0x95, 0xc4, 0x51, 0x22, 0xc4, 0x0f, 0x74, 0xa5, 0xdd, 0xf5, + 0xac, 0xa8, 0xf5, 0x8c, 0xfb, 0x90, 0xba, 0xff, 0x5e, 0x3e, 0x1f, 0xaa, + 0x7d, 0x61, 0xbb, 0xa4, 0x22, 0x35, 0x16, 0x64, 0xfc, 0x42, 0x27, 0x0b, + 0xc9, 0xe3, 0xba, 0x21, 0xad, 0x7b, 0x24, 0x2a, 0xa5, 0x25, 0xb7, 0xc4, +}; + +unsigned char resp_intermediate1_cert[] = { + 0x30, 0x82, 0x07, 0x04, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x06, 0xfd, 0x30, + 0x82, 0x06, 0xf9, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x06, 0xea, 0x30, 0x82, 0x06, 0xe6, 0x30, 0x82, + 0x01, 0x06, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, + 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, + 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, + 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, + 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, + 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, + 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, + 0x31, 0x33, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, + 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, + 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, + 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, + 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, + 0x15, 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, + 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x33, 0x5a, + 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0x70, 0xd2, 0x32, 0xbe, 0x2d, 0x7d, + 0x94, 0xce, 0x8d, 0x9b, 0x71, 0x1a, 0x2c, 0x84, 0x82, 0xa4, 0x3b, 0x1a, + 0x94, 0x5f, 0x47, 0x58, 0xb7, 0x1d, 0xae, 0xd2, 0xf3, 0xdd, 0x96, 0x96, + 0xe0, 0x94, 0x9e, 0x04, 0xf7, 0x98, 0x2f, 0x3a, 0x8e, 0x03, 0x18, 0x7f, + 0x06, 0x91, 0xdb, 0x13, 0x37, 0xb5, 0xb8, 0x44, 0x82, 0x84, 0xf2, 0x87, + 0xc2, 0xf8, 0x28, 0x1d, 0x19, 0x66, 0x98, 0x88, 0x0e, 0xc0, 0x7c, 0xec, + 0x7e, 0x82, 0xe3, 0x64, 0xa3, 0xf7, 0x83, 0x11, 0xbb, 0x83, 0x34, 0xfc, + 0x98, 0x6d, 0xbd, 0x37, 0xaa, 0x36, 0xd2, 0x98, 0x3a, 0xce, 0x80, 0x95, + 0x21, 0xad, 0x8d, 0x10, 0xb3, 0xb4, 0x91, 0x59, 0xc7, 0x2c, 0x79, 0xda, + 0xc0, 0x4a, 0xe1, 0xed, 0x07, 0x4d, 0x04, 0xad, 0x4c, 0x51, 0x40, 0x28, + 0xd8, 0x83, 0xe6, 0xd7, 0x83, 0x2b, 0x0b, 0xfa, 0x46, 0xda, 0x9a, 0x06, + 0xf9, 0x3c, 0xf6, 0x05, 0x53, 0xb9, 0xce, 0x56, 0xa0, 0x51, 0xa8, 0x3f, + 0xe0, 0x2a, 0xa8, 0x50, 0x2d, 0xa9, 0x36, 0x48, 0x2e, 0x80, 0x16, 0x31, + 0x1e, 0xbb, 0x57, 0x5f, 0x57, 0x5d, 0x45, 0xd0, 0xc5, 0x2b, 0x0f, 0xe4, + 0xa2, 0xa5, 0x00, 0x4f, 0x90, 0x58, 0x0d, 0x4c, 0x0a, 0xae, 0xc1, 0x5d, + 0xda, 0x22, 0xa2, 0xe3, 0x81, 0x9a, 0xb1, 0x5a, 0xb8, 0xf7, 0x9d, 0xd9, + 0xb6, 0x11, 0x0b, 0x89, 0x59, 0x51, 0x79, 0xa5, 0x94, 0x1f, 0xae, 0xa1, + 0x74, 0x14, 0x95, 0xea, 0xce, 0xf6, 0x72, 0x6d, 0x8d, 0x3c, 0xd7, 0xe2, + 0x62, 0x9c, 0x60, 0xe6, 0x30, 0x46, 0xba, 0x94, 0x5b, 0x28, 0x04, 0x4c, + 0xe4, 0x32, 0xeb, 0xc5, 0xc1, 0x82, 0x87, 0x50, 0x00, 0xd2, 0xc0, 0x21, + 0xec, 0xff, 0xda, 0xf1, 0x87, 0x8b, 0xa4, 0x19, 0xc2, 0x0c, 0x3b, 0x75, + 0xbb, 0x4e, 0xf9, 0x7f, 0x4d, 0x68, 0xef, 0xa8, 0x46, 0x93, 0xa0, 0x82, + 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, + 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, + 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, + 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, + 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, + 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, + 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, + 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, + 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, 0x31, 0x31, 0x33, 0x32, 0x30, 0x34, + 0x31, 0x33, 0x35, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30, 0x38, 0x30, 0x39, + 0x32, 0x30, 0x34, 0x31, 0x33, 0x35, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, + 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, + 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, + 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23, + 0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, + 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, + 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, + 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41, + 0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, + 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, + 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, + 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce, + 0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, + 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, + 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, + 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a, + 0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, + 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, + 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, + 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11, + 0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, + 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, + 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, + 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3, + 0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, + 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, + 0x01, 0x06, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, + 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, + 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, + 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, + 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, + 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, + 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, + 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, + 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, + 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x01, 0x63, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, + 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x22, 0xcf, 0xe2, 0xc4, + 0x3c, 0x0e, 0xcf, 0x43, 0xc2, 0x2b, 0x77, 0xd9, 0x53, 0xbb, 0xbf, 0x46, + 0x5a, 0x67, 0x26, 0x1f, 0xd6, 0x8c, 0xe2, 0xae, 0xd3, 0x6b, 0xda, 0x7c, + 0xa5, 0xb4, 0x79, 0x29, 0x0f, 0xb8, 0xf0, 0x14, 0x71, 0x90, 0x21, 0x7c, + 0x3c, 0x23, 0x2e, 0x5b, 0xb6, 0xb6, 0x66, 0xb5, 0xd2, 0xfd, 0x96, 0x21, + 0x4c, 0x7c, 0x9d, 0x9f, 0x85, 0x69, 0x8c, 0xd8, 0xc2, 0xbf, 0x3b, 0x1f, + 0x7b, 0xaf, 0x27, 0xb9, 0x30, 0x5b, 0x51, 0x4a, 0x16, 0x07, 0xa0, 0x14, + 0x80, 0x47, 0x31, 0x45, 0xf0, 0x31, 0x35, 0xb9, 0x93, 0x39, 0x77, 0x32, + 0x51, 0xa0, 0x8b, 0x93, 0x91, 0x96, 0x77, 0x41, 0x1a, 0x30, 0x15, 0xb8, + 0xe6, 0xeb, 0x49, 0x8e, 0x3c, 0xa5, 0x11, 0x46, 0x68, 0x13, 0xf5, 0x61, + 0x07, 0xac, 0x42, 0x3e, 0x69, 0xf3, 0x9f, 0x6b, 0x64, 0xd5, 0xe4, 0x42, + 0x1d, 0xed, 0x6c, 0xb7, 0x3b, 0xb1, 0x78, 0xc6, 0x9a, 0xb0, 0x38, 0xe2, + 0xe6, 0xfe, 0x5b, 0xc3, 0x87, 0x11, 0x49, 0x1e, 0x48, 0x73, 0x5a, 0x88, + 0x77, 0x89, 0xfb, 0xc7, 0x87, 0xef, 0x87, 0xe1, 0x17, 0x8b, 0x66, 0x16, + 0x44, 0x7c, 0x6e, 0x5f, 0x2d, 0x5a, 0x2f, 0xd0, 0xbe, 0x76, 0x69, 0x84, + 0xda, 0x3c, 0xa3, 0x4f, 0xbf, 0x00, 0xff, 0xcc, 0x67, 0x06, 0x16, 0x40, + 0x0f, 0x75, 0xdc, 0xe3, 0x20, 0xd6, 0x7b, 0x99, 0xc7, 0xbf, 0x38, 0x21, + 0x51, 0x30, 0x4a, 0x4b, 0x77, 0xd7, 0x39, 0xd3, 0xe2, 0x4d, 0x67, 0x68, + 0x0e, 0x7c, 0x95, 0xc4, 0x51, 0x22, 0xc4, 0x0f, 0x74, 0xa5, 0xdd, 0xf5, + 0xac, 0xa8, 0xf5, 0x8c, 0xfb, 0x90, 0xba, 0xff, 0x5e, 0x3e, 0x1f, 0xaa, + 0x7d, 0x61, 0xbb, 0xa4, 0x22, 0x35, 0x16, 0x64, 0xfc, 0x42, 0x27, 0x0b, + 0xc9, 0xe3, 0xba, 0x21, 0xad, 0x7b, 0x24, 0x2a, 0xa5, 0x25, 0xb7, 0xc4, +}; + +unsigned char resp_root_ca_cert[] = { + 0x30, 0x82, 0x07, 0x04, 0x0a, 0x01, 0x00, 0xa0, 0x82, 0x06, 0xfd, 0x30, + 0x82, 0x06, 0xf9, 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, + 0x01, 0x01, 0x04, 0x82, 0x06, 0xea, 0x30, 0x82, 0x06, 0xe6, 0x30, 0x82, + 0x01, 0x06, 0xa1, 0x81, 0xa1, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, + 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, + 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, + 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, + 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, + 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, + 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, + 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x18, 0x0f, + 0x32, 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, + 0x31, 0x34, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, + 0x05, 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, + 0xbc, 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, + 0x37, 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, + 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, + 0x15, 0x21, 0x02, 0x01, 0x63, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, + 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x34, 0x5a, + 0x30, 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x03, 0x82, 0x01, 0x01, 0x00, 0xa7, 0x77, 0x60, 0x0d, 0x73, 0x9f, + 0x30, 0x09, 0xeb, 0x2f, 0xe4, 0x30, 0x7e, 0xf6, 0x42, 0x81, 0x60, 0x26, + 0x7d, 0x7e, 0x75, 0x2f, 0xe4, 0xb6, 0xd3, 0xe4, 0xd7, 0x04, 0x3c, 0x89, + 0xcd, 0x43, 0x51, 0x39, 0x25, 0xdc, 0x7e, 0xa4, 0xad, 0x7b, 0x26, 0xd3, + 0xe3, 0xa6, 0xe3, 0x5b, 0xf6, 0x5f, 0x1a, 0x28, 0xdb, 0xcd, 0xef, 0x78, + 0xe8, 0xde, 0x91, 0x5b, 0xe4, 0x10, 0x6d, 0xfb, 0x36, 0x74, 0x34, 0xf7, + 0xb5, 0xec, 0xb3, 0x4b, 0x02, 0xf2, 0x58, 0x5c, 0x97, 0x0a, 0xad, 0x2a, + 0xc8, 0x0c, 0xba, 0x2e, 0x7c, 0x90, 0x0b, 0x97, 0xa4, 0xc3, 0x2a, 0x58, + 0x77, 0xc4, 0x09, 0xc1, 0x9e, 0x63, 0xd9, 0x1e, 0x14, 0x63, 0x1a, 0x13, + 0xfa, 0xd6, 0xd1, 0xdd, 0xb8, 0xa0, 0x20, 0xda, 0x74, 0x49, 0x4f, 0x63, + 0xc9, 0x51, 0x7e, 0xa5, 0x14, 0x2c, 0xe1, 0xc1, 0x0d, 0x44, 0xe2, 0x60, + 0xc3, 0xdd, 0x6b, 0xd8, 0x8f, 0x09, 0x77, 0x7d, 0x17, 0x35, 0x44, 0x1b, + 0x24, 0x4e, 0x06, 0x1c, 0x25, 0x35, 0xc3, 0x2e, 0xe2, 0x61, 0x0e, 0xc9, + 0x19, 0xe7, 0x91, 0x62, 0x78, 0x04, 0x8d, 0x8c, 0xb6, 0x67, 0xfe, 0xda, + 0x7e, 0x29, 0x7e, 0xf1, 0xa5, 0x1e, 0x44, 0xe1, 0xdb, 0x6e, 0x6c, 0xd9, + 0x5d, 0x9c, 0x03, 0x2f, 0xb6, 0x86, 0xae, 0xe7, 0x47, 0x2e, 0x0f, 0xb0, + 0xac, 0xbf, 0x94, 0x03, 0x9c, 0xdb, 0x8b, 0xdc, 0x3c, 0xe6, 0x46, 0x69, + 0xf7, 0x3a, 0x17, 0x5b, 0x5e, 0xea, 0xbe, 0x2c, 0xf0, 0x34, 0xe9, 0x59, + 0xa8, 0xac, 0x38, 0x48, 0xb7, 0xda, 0x79, 0xe9, 0x77, 0x71, 0x3a, 0xa2, + 0xdc, 0xb2, 0x26, 0x48, 0x35, 0x6e, 0xac, 0x19, 0x5d, 0x4d, 0xd5, 0xe4, + 0xe5, 0x9c, 0xae, 0x4f, 0xe4, 0x70, 0x7d, 0xe3, 0xc1, 0x4d, 0x35, 0x00, + 0x58, 0xed, 0x18, 0x6c, 0x8a, 0x36, 0x82, 0x0f, 0x49, 0x66, 0xa0, 0x82, + 0x04, 0xc6, 0x30, 0x82, 0x04, 0xc2, 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, + 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, + 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, + 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, + 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, + 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, + 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, + 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, + 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, 0x31, 0x31, 0x33, 0x32, 0x30, 0x34, + 0x31, 0x33, 0x35, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30, 0x38, 0x30, 0x39, + 0x32, 0x30, 0x34, 0x31, 0x33, 0x35, 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, + 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, + 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, + 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23, + 0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, + 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, + 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, + 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41, + 0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, + 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, + 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, + 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, 0x18, 0xde, 0x16, 0x80, 0x90, 0xce, + 0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, + 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, + 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, + 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a, + 0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, + 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, + 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, + 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11, + 0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, + 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, + 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, + 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3, + 0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, + 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, + 0x01, 0x06, 0x30, 0x09, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, + 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, + 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, + 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, + 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, + 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, + 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, + 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, + 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, + 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x01, 0x63, 0x30, 0x13, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, + 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x22, 0xcf, 0xe2, 0xc4, + 0x3c, 0x0e, 0xcf, 0x43, 0xc2, 0x2b, 0x77, 0xd9, 0x53, 0xbb, 0xbf, 0x46, + 0x5a, 0x67, 0x26, 0x1f, 0xd6, 0x8c, 0xe2, 0xae, 0xd3, 0x6b, 0xda, 0x7c, + 0xa5, 0xb4, 0x79, 0x29, 0x0f, 0xb8, 0xf0, 0x14, 0x71, 0x90, 0x21, 0x7c, + 0x3c, 0x23, 0x2e, 0x5b, 0xb6, 0xb6, 0x66, 0xb5, 0xd2, 0xfd, 0x96, 0x21, + 0x4c, 0x7c, 0x9d, 0x9f, 0x85, 0x69, 0x8c, 0xd8, 0xc2, 0xbf, 0x3b, 0x1f, + 0x7b, 0xaf, 0x27, 0xb9, 0x30, 0x5b, 0x51, 0x4a, 0x16, 0x07, 0xa0, 0x14, + 0x80, 0x47, 0x31, 0x45, 0xf0, 0x31, 0x35, 0xb9, 0x93, 0x39, 0x77, 0x32, + 0x51, 0xa0, 0x8b, 0x93, 0x91, 0x96, 0x77, 0x41, 0x1a, 0x30, 0x15, 0xb8, + 0xe6, 0xeb, 0x49, 0x8e, 0x3c, 0xa5, 0x11, 0x46, 0x68, 0x13, 0xf5, 0x61, + 0x07, 0xac, 0x42, 0x3e, 0x69, 0xf3, 0x9f, 0x6b, 0x64, 0xd5, 0xe4, 0x42, + 0x1d, 0xed, 0x6c, 0xb7, 0x3b, 0xb1, 0x78, 0xc6, 0x9a, 0xb0, 0x38, 0xe2, + 0xe6, 0xfe, 0x5b, 0xc3, 0x87, 0x11, 0x49, 0x1e, 0x48, 0x73, 0x5a, 0x88, + 0x77, 0x89, 0xfb, 0xc7, 0x87, 0xef, 0x87, 0xe1, 0x17, 0x8b, 0x66, 0x16, + 0x44, 0x7c, 0x6e, 0x5f, 0x2d, 0x5a, 0x2f, 0xd0, 0xbe, 0x76, 0x69, 0x84, + 0xda, 0x3c, 0xa3, 0x4f, 0xbf, 0x00, 0xff, 0xcc, 0x67, 0x06, 0x16, 0x40, + 0x0f, 0x75, 0xdc, 0xe3, 0x20, 0xd6, 0x7b, 0x99, 0xc7, 0xbf, 0x38, 0x21, + 0x51, 0x30, 0x4a, 0x4b, 0x77, 0xd7, 0x39, 0xd3, 0xe2, 0x4d, 0x67, 0x68, + 0x0e, 0x7c, 0x95, 0xc4, 0x51, 0x22, 0xc4, 0x0f, 0x74, 0xa5, 0xdd, 0xf5, + 0xac, 0xa8, 0xf5, 0x8c, 0xfb, 0x90, 0xba, 0xff, 0x5e, 0x3e, 0x1f, 0xaa, + 0x7d, 0x61, 0xbb, 0xa4, 0x22, 0x35, 0x16, 0x64, 0xfc, 0x42, 0x27, 0x0b, + 0xc9, 0xe3, 0xba, 0x21, 0xad, 0x7b, 0x24, 0x2a, 0xa5, 0x25, 0xb7, 0xc4, +}; + +unsigned char ocsp_responder_cert_pem[] = { + 0x30, 0x82, 0x04, 0xbe, 0x30, 0x82, 0x03, 0xa6, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x01, 0x04, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, + 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, + 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, + 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, + 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, + 0x31, 0x31, 0x33, 0x32, 0x30, 0x34, 0x31, 0x33, 0x35, 0x5a, 0x17, 0x0d, + 0x32, 0x38, 0x30, 0x38, 0x30, 0x39, 0x32, 0x30, 0x34, 0x31, 0x33, 0x35, + 0x5a, 0x30, 0x81, 0x9e, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, + 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, + 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, + 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, + 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x16, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x4f, 0x43, 0x53, 0x50, 0x20, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x64, 0x65, 0x72, 0x31, 0x1f, 0x30, + 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, + 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, + 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, + 0x01, 0x01, 0x00, 0xb8, 0xba, 0x23, 0xb4, 0xf6, 0xc3, 0x7b, 0x14, 0xc3, + 0xa4, 0xf5, 0x1d, 0x61, 0xa1, 0xf5, 0x1e, 0x63, 0xb9, 0x85, 0x23, 0x34, + 0x50, 0x6d, 0xf8, 0x7c, 0xa2, 0x8a, 0x04, 0x8b, 0xd5, 0x75, 0x5c, 0x2d, + 0xf7, 0x63, 0x88, 0xd1, 0x07, 0x7a, 0xea, 0x0b, 0x45, 0x35, 0x2b, 0xeb, + 0x1f, 0xb1, 0x22, 0xb4, 0x94, 0x41, 0x38, 0xe2, 0x9d, 0x74, 0xd6, 0x8b, + 0x30, 0x22, 0x10, 0x51, 0xc5, 0xdb, 0xca, 0x3f, 0x46, 0x2b, 0xfe, 0xe5, + 0x5a, 0x3f, 0x41, 0x74, 0x67, 0x75, 0x95, 0xa9, 0x94, 0xd5, 0xc3, 0xee, + 0x42, 0xf8, 0x8d, 0xeb, 0x92, 0x95, 0xe1, 0xd9, 0x65, 0xb7, 0x43, 0xc4, + 0x18, 0xde, 0x16, 0x80, 0x90, 0xce, 0x24, 0x35, 0x21, 0xc4, 0x55, 0xac, + 0x5a, 0x51, 0xe0, 0x2e, 0x2d, 0xb3, 0x0a, 0x5a, 0x4f, 0x4a, 0x73, 0x31, + 0x50, 0xee, 0x4a, 0x16, 0xbd, 0x39, 0x8b, 0xad, 0x05, 0x48, 0x87, 0xb1, + 0x99, 0xe2, 0x10, 0xa7, 0x06, 0x72, 0x67, 0xca, 0x5c, 0xd1, 0x97, 0xbd, + 0xc8, 0xf1, 0x76, 0xf8, 0xe0, 0x4a, 0xec, 0xbc, 0x93, 0xf4, 0x66, 0x4c, + 0x28, 0x71, 0xd1, 0xd8, 0x66, 0x03, 0xb4, 0x90, 0x30, 0xbb, 0x17, 0xb0, + 0xfe, 0x97, 0xf5, 0x1e, 0xe8, 0xc7, 0x5d, 0x9b, 0x8b, 0x11, 0x19, 0x12, + 0x3c, 0xab, 0x82, 0x71, 0x78, 0xff, 0xae, 0x3f, 0x32, 0xb2, 0x08, 0x71, + 0xb2, 0x1b, 0x8c, 0x27, 0xac, 0x11, 0xb8, 0xd8, 0x43, 0x49, 0xcf, 0xb0, + 0x70, 0xb1, 0xf0, 0x8c, 0xae, 0xda, 0x24, 0x87, 0x17, 0x3b, 0xd8, 0x04, + 0x65, 0x6c, 0x00, 0x76, 0x50, 0xef, 0x15, 0x08, 0xd7, 0xb4, 0x73, 0x68, + 0x26, 0x14, 0x87, 0x95, 0xc3, 0x5f, 0x6e, 0x61, 0xb8, 0x87, 0x84, 0xfa, + 0x80, 0x1a, 0x0a, 0x8b, 0x98, 0xf3, 0xe3, 0xff, 0x4e, 0x44, 0x1c, 0x65, + 0x74, 0x7c, 0x71, 0x54, 0x65, 0xe5, 0x39, 0x02, 0x03, 0x01, 0x00, 0x01, + 0xa3, 0x82, 0x01, 0x0a, 0x30, 0x82, 0x01, 0x06, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x1d, 0x13, 0x04, 0x02, 0x30, 0x00, 0x30, 0x1d, 0x06, 0x03, 0x55, + 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, + 0x81, 0xfc, 0x9f, 0x23, 0x0c, 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, + 0x30, 0x36, 0x30, 0x81, 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, + 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, + 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, + 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, + 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, + 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, + 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, + 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, + 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, + 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, + 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, + 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, + 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, + 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x13, 0x06, + 0x03, 0x55, 0x1d, 0x25, 0x04, 0x0c, 0x30, 0x0a, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x03, 0x09, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, + 0x01, 0x00, 0x22, 0xcf, 0xe2, 0xc4, 0x3c, 0x0e, 0xcf, 0x43, 0xc2, 0x2b, + 0x77, 0xd9, 0x53, 0xbb, 0xbf, 0x46, 0x5a, 0x67, 0x26, 0x1f, 0xd6, 0x8c, + 0xe2, 0xae, 0xd3, 0x6b, 0xda, 0x7c, 0xa5, 0xb4, 0x79, 0x29, 0x0f, 0xb8, + 0xf0, 0x14, 0x71, 0x90, 0x21, 0x7c, 0x3c, 0x23, 0x2e, 0x5b, 0xb6, 0xb6, + 0x66, 0xb5, 0xd2, 0xfd, 0x96, 0x21, 0x4c, 0x7c, 0x9d, 0x9f, 0x85, 0x69, + 0x8c, 0xd8, 0xc2, 0xbf, 0x3b, 0x1f, 0x7b, 0xaf, 0x27, 0xb9, 0x30, 0x5b, + 0x51, 0x4a, 0x16, 0x07, 0xa0, 0x14, 0x80, 0x47, 0x31, 0x45, 0xf0, 0x31, + 0x35, 0xb9, 0x93, 0x39, 0x77, 0x32, 0x51, 0xa0, 0x8b, 0x93, 0x91, 0x96, + 0x77, 0x41, 0x1a, 0x30, 0x15, 0xb8, 0xe6, 0xeb, 0x49, 0x8e, 0x3c, 0xa5, + 0x11, 0x46, 0x68, 0x13, 0xf5, 0x61, 0x07, 0xac, 0x42, 0x3e, 0x69, 0xf3, + 0x9f, 0x6b, 0x64, 0xd5, 0xe4, 0x42, 0x1d, 0xed, 0x6c, 0xb7, 0x3b, 0xb1, + 0x78, 0xc6, 0x9a, 0xb0, 0x38, 0xe2, 0xe6, 0xfe, 0x5b, 0xc3, 0x87, 0x11, + 0x49, 0x1e, 0x48, 0x73, 0x5a, 0x88, 0x77, 0x89, 0xfb, 0xc7, 0x87, 0xef, + 0x87, 0xe1, 0x17, 0x8b, 0x66, 0x16, 0x44, 0x7c, 0x6e, 0x5f, 0x2d, 0x5a, + 0x2f, 0xd0, 0xbe, 0x76, 0x69, 0x84, 0xda, 0x3c, 0xa3, 0x4f, 0xbf, 0x00, + 0xff, 0xcc, 0x67, 0x06, 0x16, 0x40, 0x0f, 0x75, 0xdc, 0xe3, 0x20, 0xd6, + 0x7b, 0x99, 0xc7, 0xbf, 0x38, 0x21, 0x51, 0x30, 0x4a, 0x4b, 0x77, 0xd7, + 0x39, 0xd3, 0xe2, 0x4d, 0x67, 0x68, 0x0e, 0x7c, 0x95, 0xc4, 0x51, 0x22, + 0xc4, 0x0f, 0x74, 0xa5, 0xdd, 0xf5, 0xac, 0xa8, 0xf5, 0x8c, 0xfb, 0x90, + 0xba, 0xff, 0x5e, 0x3e, 0x1f, 0xaa, 0x7d, 0x61, 0xbb, 0xa4, 0x22, 0x35, + 0x16, 0x64, 0xfc, 0x42, 0x27, 0x0b, 0xc9, 0xe3, 0xba, 0x21, 0xad, 0x7b, + 0x24, 0x2a, 0xa5, 0x25, 0xb7, 0xc4, +}; + +unsigned char root_ca_cert_pem[] = { + 0x30, 0x82, 0x04, 0xe6, 0x30, 0x82, 0x03, 0xce, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x01, 0x63, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, + 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, + 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, + 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, + 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, + 0x31, 0x31, 0x33, 0x32, 0x30, 0x34, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d, + 0x32, 0x38, 0x30, 0x38, 0x30, 0x39, 0x32, 0x30, 0x34, 0x31, 0x33, 0x34, + 0x5a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, + 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, + 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, + 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, + 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, + 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, + 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, + 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, + 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xab, 0x2c, 0xb4, 0x2f, + 0x1d, 0x06, 0x09, 0xef, 0x4e, 0x29, 0x86, 0x84, 0x7e, 0xcc, 0xbf, 0xa6, + 0x79, 0x7c, 0xf0, 0xc0, 0xc1, 0x64, 0x25, 0x8c, 0x75, 0xb7, 0x10, 0x05, + 0xca, 0x48, 0x27, 0x0c, 0x0e, 0x32, 0x1c, 0xb0, 0xfe, 0x99, 0x85, 0x39, + 0xb6, 0xb9, 0xa2, 0xf7, 0x27, 0xff, 0x6d, 0x3c, 0x8c, 0x16, 0x73, 0x29, + 0x21, 0x7f, 0x8b, 0xa6, 0x54, 0x71, 0x90, 0xad, 0xcc, 0x05, 0xb9, 0x9f, + 0x15, 0xc7, 0x0a, 0x3f, 0x5f, 0x69, 0xf4, 0x0a, 0x5f, 0x8c, 0x71, 0xb5, + 0x2c, 0xbf, 0x66, 0xe2, 0x03, 0x9a, 0x32, 0xf4, 0xd2, 0xec, 0x2a, 0x89, + 0x4b, 0xf9, 0x35, 0x88, 0x14, 0x33, 0x47, 0x4e, 0x2e, 0x05, 0x79, 0x01, + 0xed, 0x64, 0x36, 0x76, 0xb9, 0xf8, 0x85, 0xcd, 0x01, 0x88, 0xac, 0xc5, + 0xb2, 0xb1, 0x59, 0xb8, 0xcd, 0x5a, 0xf4, 0x09, 0x09, 0x38, 0x9b, 0xda, + 0x5a, 0xcf, 0xce, 0x78, 0x99, 0x1f, 0x49, 0x3d, 0x41, 0xd6, 0x06, 0x7c, + 0x52, 0x99, 0xc8, 0x97, 0xd1, 0xb3, 0x80, 0x3a, 0xa2, 0x4f, 0x36, 0xc4, + 0xc5, 0x96, 0x30, 0x77, 0x31, 0x38, 0xc8, 0x70, 0xcc, 0xe1, 0x67, 0x06, + 0xb3, 0x2b, 0x2f, 0x93, 0xb5, 0x69, 0xcf, 0x83, 0x7e, 0x88, 0x53, 0x9b, + 0x0f, 0x46, 0x21, 0x4c, 0xd6, 0x05, 0x36, 0x44, 0x99, 0x60, 0x68, 0x47, + 0xe5, 0x32, 0x01, 0x12, 0xd4, 0x10, 0x73, 0xae, 0x9a, 0x34, 0x94, 0xfa, + 0x6e, 0xb8, 0x58, 0x4f, 0x7b, 0x5b, 0x8a, 0x92, 0x97, 0xad, 0xfd, 0x97, + 0xb9, 0x75, 0xca, 0xc2, 0xd4, 0x45, 0x7d, 0x17, 0x6b, 0xcd, 0x2f, 0xf3, + 0x63, 0x7a, 0x0e, 0x30, 0xb5, 0x0b, 0xa9, 0xd9, 0xa6, 0x7c, 0x74, 0x60, + 0x9d, 0xcc, 0x09, 0x03, 0x43, 0xf1, 0x0f, 0x90, 0xd3, 0xb7, 0xfe, 0x6c, + 0x9f, 0xd9, 0xcd, 0x78, 0x4b, 0x15, 0xae, 0x8c, 0x5b, 0xf9, 0x99, 0x81, + 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x39, 0x30, 0x82, 0x01, + 0x35, 0x30, 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, + 0x01, 0x01, 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, + 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, + 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0x30, 0x81, + 0xc4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, + 0x80, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, + 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, + 0x9d, 0xa4, 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, + 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, + 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, + 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, + 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, + 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, + 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, + 0x6f, 0x6d, 0x82, 0x01, 0x63, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, + 0x04, 0x04, 0x03, 0x02, 0x01, 0x06, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, + 0x01, 0x05, 0x05, 0x07, 0x01, 0x01, 0x04, 0x26, 0x30, 0x24, 0x30, 0x22, + 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, + 0x68, 0x74, 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x31, 0x32, 0x37, 0x2e, 0x30, + 0x2e, 0x30, 0x2e, 0x31, 0x3a, 0x32, 0x32, 0x32, 0x32, 0x30, 0x30, 0x0d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x58, 0x41, 0x01, 0xe5, 0x1b, 0xce, + 0xbc, 0x51, 0x0c, 0x23, 0xb2, 0x66, 0xdf, 0x39, 0xd9, 0x1e, 0xb1, 0xbd, + 0x9a, 0xdb, 0xfa, 0xda, 0x16, 0x83, 0x26, 0x6e, 0x7e, 0x2e, 0xf9, 0x5d, + 0x46, 0x9a, 0x52, 0xa0, 0x09, 0x6f, 0xf2, 0xc0, 0x96, 0xba, 0x49, 0xad, + 0x29, 0x54, 0x06, 0xe9, 0x21, 0xd6, 0x36, 0x5e, 0xd5, 0x43, 0x07, 0x2c, + 0x5d, 0x4e, 0xb7, 0xbf, 0x7c, 0xe5, 0x91, 0x75, 0xea, 0x0d, 0x56, 0x7c, + 0xa3, 0xfd, 0x82, 0xd8, 0x2e, 0x70, 0xfa, 0xfc, 0xab, 0x36, 0x36, 0xd5, + 0xba, 0x63, 0xd5, 0x42, 0xda, 0x21, 0xb4, 0x50, 0x9a, 0x86, 0x8a, 0xdf, + 0x21, 0x26, 0x03, 0xe8, 0xca, 0x6f, 0xc7, 0x51, 0x50, 0x6c, 0xcc, 0x40, + 0xda, 0x4e, 0x8f, 0x06, 0x15, 0xc0, 0x9a, 0x0d, 0x7a, 0x80, 0x2c, 0x95, + 0xaa, 0x5a, 0xad, 0xe2, 0x66, 0xb0, 0x32, 0xd6, 0x74, 0x87, 0xea, 0x7a, + 0xb2, 0x46, 0xd5, 0x2c, 0xcf, 0xfa, 0x18, 0x8a, 0x2f, 0xe0, 0x3a, 0xae, + 0x17, 0x6a, 0xf2, 0xce, 0x75, 0x8d, 0xe4, 0x4d, 0x74, 0x8f, 0xe7, 0xc6, + 0x21, 0x29, 0x65, 0x5d, 0x41, 0x07, 0xfb, 0x29, 0xd9, 0xbe, 0xea, 0xb2, + 0xe3, 0x80, 0x07, 0x8c, 0x14, 0x8d, 0xa3, 0x7d, 0xd1, 0x51, 0xaf, 0x26, + 0x9d, 0xcd, 0x01, 0xd5, 0x80, 0xaf, 0x68, 0x12, 0x41, 0x2b, 0xeb, 0x94, + 0xcc, 0x45, 0xd1, 0xc7, 0x66, 0xf3, 0xf9, 0x15, 0x72, 0xbe, 0x94, 0xe3, + 0x21, 0x6d, 0xf1, 0x08, 0x78, 0xb6, 0x5a, 0xee, 0x73, 0x09, 0x4b, 0xf4, + 0x1a, 0x5e, 0x02, 0x2a, 0x25, 0xf0, 0x3d, 0xd2, 0x03, 0xf2, 0x22, 0x15, + 0x4b, 0x3d, 0xaa, 0x35, 0xea, 0x90, 0xca, 0x44, 0x4e, 0x61, 0x77, 0xdb, + 0xb4, 0x94, 0x46, 0x77, 0xc6, 0x8c, 0x33, 0x09, 0xb6, 0x84, 0x3c, 0x4e, + 0xac, 0xad, 0x9d, 0xe0, 0x2f, 0x22, 0x5a, 0xbe, 0x25, 0x19, +}; + +unsigned char ca_cert_pem[] = { + 0x30, 0x82, 0x04, 0xff, 0x30, 0x82, 0x03, 0xe7, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x3f, 0x29, 0x11, 0x20, 0x57, 0x71, 0xe7, 0x8e, 0xf9, + 0x18, 0x0d, 0xca, 0x70, 0x4d, 0x5b, 0x15, 0x2a, 0x43, 0xd6, 0x24, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, + 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, + 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06, 0x03, + 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, 0x74, + 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0a, + 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, 0x18, + 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, + 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, + 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, + 0x0d, 0x32, 0x35, 0x31, 0x31, 0x31, 0x33, 0x32, 0x30, 0x34, 0x31, 0x31, + 0x31, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30, 0x38, 0x30, 0x39, 0x32, 0x30, + 0x34, 0x31, 0x31, 0x31, 0x5a, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, + 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, + 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, + 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, + 0x6f, 0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, + 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, + 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, + 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xbf, 0x0c, 0xca, + 0x2d, 0x14, 0xb2, 0x1e, 0x84, 0x42, 0x5b, 0xcd, 0x38, 0x1f, 0x4a, 0xf2, + 0x4d, 0x75, 0x10, 0xf1, 0xb6, 0x35, 0x9f, 0xdf, 0xca, 0x7d, 0x03, 0x98, + 0xd3, 0xac, 0xde, 0x03, 0x66, 0xee, 0x2a, 0xf1, 0xd8, 0xb0, 0x7d, 0x6e, + 0x07, 0x54, 0x0b, 0x10, 0x98, 0x21, 0x4d, 0x80, 0xcb, 0x12, 0x20, 0xe7, + 0xcc, 0x4f, 0xde, 0x45, 0x7d, 0xc9, 0x72, 0x77, 0x32, 0xea, 0xca, 0x90, + 0xbb, 0x69, 0x52, 0x10, 0x03, 0x2f, 0xa8, 0xf3, 0x95, 0xc5, 0xf1, 0x8b, + 0x62, 0x56, 0x1b, 0xef, 0x67, 0x6f, 0xa4, 0x10, 0x41, 0x95, 0xad, 0x0a, + 0x9b, 0xe3, 0xa5, 0xc0, 0xb0, 0xd2, 0x70, 0x76, 0x50, 0x30, 0x5b, 0xa8, + 0xe8, 0x08, 0x2c, 0x7c, 0xed, 0xa7, 0xa2, 0x7a, 0x8d, 0x38, 0x29, 0x1c, + 0xac, 0xc7, 0xed, 0xf2, 0x7c, 0x95, 0xb0, 0x95, 0x82, 0x7d, 0x49, 0x5c, + 0x38, 0xcd, 0x77, 0x25, 0xef, 0xbd, 0x80, 0x75, 0x53, 0x94, 0x3c, 0x3d, + 0xca, 0x63, 0x5b, 0x9f, 0x15, 0xb5, 0xd3, 0x1d, 0x13, 0x2f, 0x19, 0xd1, + 0x3c, 0xdb, 0x76, 0x3a, 0xcc, 0xb8, 0x7d, 0xc9, 0xe5, 0xc2, 0xd7, 0xda, + 0x40, 0x6f, 0xd8, 0x21, 0xdc, 0x73, 0x1b, 0x42, 0x2d, 0x53, 0x9c, 0xfe, + 0x1a, 0xfc, 0x7d, 0xab, 0x7a, 0x36, 0x3f, 0x98, 0xde, 0x84, 0x7c, 0x05, + 0x67, 0xce, 0x6a, 0x14, 0x38, 0x87, 0xa9, 0xf1, 0x8c, 0xb5, 0x68, 0xcb, + 0x68, 0x7f, 0x71, 0x20, 0x2b, 0xf5, 0xa0, 0x63, 0xf5, 0x56, 0x2f, 0xa3, + 0x26, 0xd2, 0xb7, 0x6f, 0xb1, 0x5a, 0x17, 0xd7, 0x38, 0x99, 0x08, 0xfe, + 0x93, 0x58, 0x6f, 0xfe, 0xc3, 0x13, 0x49, 0x08, 0x16, 0x0b, 0xa7, 0x4d, + 0x67, 0x00, 0x52, 0x31, 0x67, 0x23, 0x4e, 0x98, 0xed, 0x51, 0x45, 0x1d, + 0xb9, 0x04, 0xd9, 0x0b, 0xec, 0xd8, 0x28, 0xb3, 0x4b, 0xbd, 0xed, 0x36, + 0x79, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x45, 0x30, 0x82, + 0x01, 0x41, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, + 0x14, 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, 0x3f, 0xed, 0x33, + 0x63, 0xb3, 0xa4, 0xd8, 0x1d, 0x30, 0xe5, 0xe8, 0xd5, 0x30, 0x81, 0xd4, + 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xcc, 0x30, 0x81, 0xc9, 0x80, + 0x14, 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, 0x3f, 0xed, 0x33, + 0x63, 0xb3, 0xa4, 0xd8, 0x1d, 0x30, 0xe5, 0xe8, 0xd5, 0xa1, 0x81, 0x9a, + 0xa4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, + 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, + 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, + 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, + 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, 0x06, + 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, 0x6f, + 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, + 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, 0x31, + 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, + 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, + 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, + 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x14, + 0x3f, 0x29, 0x11, 0x20, 0x57, 0x71, 0xe7, 0x8e, 0xf9, 0x18, 0x0d, 0xca, + 0x70, 0x4d, 0x5b, 0x15, 0x2a, 0x43, 0xd6, 0x24, 0x30, 0x0c, 0x06, 0x03, + 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, 0x1c, + 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, 0x04, + 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, + 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, + 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0x0f, 0xae, 0x89, 0xd5, 0x68, + 0xe4, 0x41, 0xf8, 0x9b, 0xe0, 0xc5, 0x61, 0x06, 0x57, 0xff, 0xa0, 0x92, + 0x0f, 0xb2, 0xed, 0xd3, 0x99, 0x5b, 0x99, 0x5e, 0x32, 0x7e, 0x97, 0xc7, + 0xaf, 0x6c, 0xfe, 0x8c, 0xa6, 0xae, 0x32, 0xa1, 0x0d, 0xca, 0xcd, 0xfc, + 0x18, 0xe5, 0xd1, 0xf8, 0x20, 0x5b, 0x5a, 0x38, 0x81, 0x46, 0x5b, 0x48, + 0x87, 0xa5, 0x3f, 0x3b, 0x7b, 0xc7, 0xea, 0xf5, 0x35, 0x29, 0x31, 0x15, + 0x39, 0x38, 0x5d, 0x48, 0xe6, 0x01, 0x81, 0x5c, 0x5e, 0x7c, 0x10, 0xf5, + 0x16, 0xe3, 0x59, 0xaf, 0x44, 0xc8, 0xb5, 0x8d, 0xc1, 0x32, 0x23, 0xb3, + 0xb8, 0x12, 0x6e, 0x5c, 0x8d, 0xe6, 0xc2, 0xd2, 0x41, 0x03, 0xeb, 0x17, + 0x42, 0xe2, 0x7f, 0xbc, 0x00, 0x5d, 0xa5, 0x31, 0xef, 0xc6, 0x48, 0xee, + 0xdb, 0xcc, 0xe0, 0xf1, 0x56, 0xf5, 0xd4, 0xca, 0x45, 0xa1, 0x59, 0xb5, + 0xe4, 0xd7, 0x60, 0x9c, 0x57, 0xe0, 0xa7, 0x5a, 0xf2, 0x35, 0x1e, 0xa0, + 0x22, 0xdb, 0x5e, 0x1c, 0x0c, 0x61, 0xbd, 0xa1, 0xc5, 0x7b, 0x9f, 0x69, + 0xf2, 0xd5, 0x95, 0xe2, 0xbc, 0x52, 0xb9, 0x1d, 0x9c, 0x2c, 0xda, 0xb6, + 0x73, 0x75, 0x4a, 0x84, 0xe5, 0x94, 0xb8, 0x19, 0x4d, 0xdd, 0x70, 0xbd, + 0x7f, 0x4c, 0xb9, 0x17, 0x6a, 0x58, 0x16, 0x89, 0x22, 0x44, 0x37, 0x57, + 0x55, 0x26, 0x42, 0xe3, 0xb7, 0xe5, 0xc7, 0x2b, 0x40, 0x0c, 0xe9, 0xe4, + 0x7f, 0x52, 0x75, 0xdf, 0x06, 0xc9, 0xfb, 0x01, 0x44, 0x34, 0xac, 0x20, + 0x3c, 0xb4, 0xbe, 0x2b, 0x3e, 0xef, 0x85, 0x38, 0x96, 0x5b, 0x9b, 0x1e, + 0x25, 0x86, 0x18, 0x4c, 0xa4, 0x06, 0x70, 0x06, 0x6a, 0xc8, 0x4b, 0x6f, + 0x5f, 0xc4, 0x05, 0x1f, 0x03, 0x62, 0x30, 0x11, 0x61, 0xbc, 0xc1, 0x40, + 0x31, 0x66, 0xdc, 0x64, 0xf0, 0x4f, 0x6b, 0xb9, 0xec, 0xc8, 0x29, +}; + +unsigned char server_cert_pem[] = { + 0x30, 0x82, 0x04, 0xe8, 0x30, 0x82, 0x03, 0xd0, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x94, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, + 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, + 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, + 0x11, 0x30, 0x0f, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, + 0x77, 0x74, 0x6f, 0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x0b, 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, + 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, + 0x0c, 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, + 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, + 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, + 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, 0x31, 0x31, 0x33, + 0x32, 0x30, 0x34, 0x31, 0x31, 0x33, 0x5a, 0x17, 0x0d, 0x32, 0x38, 0x30, + 0x38, 0x30, 0x39, 0x32, 0x30, 0x34, 0x31, 0x31, 0x33, 0x5a, 0x30, 0x81, + 0x90, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, + 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, + 0x61, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x07, 0x53, 0x75, 0x70, 0x70, 0x6f, + 0x72, 0x74, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, + 0x0f, 0x77, 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, + 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, + 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, + 0x6d, 0x30, 0x82, 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, + 0x00, 0x30, 0x82, 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc0, 0x95, + 0x08, 0xe1, 0x57, 0x41, 0xf2, 0x71, 0x6d, 0xb7, 0xd2, 0x45, 0x41, 0x27, + 0x01, 0x65, 0xc6, 0x45, 0xae, 0xf2, 0xbc, 0x24, 0x30, 0xb8, 0x95, 0xce, + 0x2f, 0x4e, 0xd6, 0xf6, 0x1c, 0x88, 0xbc, 0x7c, 0x9f, 0xfb, 0xa8, 0x67, + 0x7f, 0xfe, 0x5c, 0x9c, 0x51, 0x75, 0xf7, 0x8a, 0xca, 0x07, 0xe7, 0x35, + 0x2f, 0x8f, 0xe1, 0xbd, 0x7b, 0xc0, 0x2f, 0x7c, 0xab, 0x64, 0xa8, 0x17, + 0xfc, 0xca, 0x5d, 0x7b, 0xba, 0xe0, 0x21, 0xe5, 0x72, 0x2e, 0x6f, 0x2e, + 0x86, 0xd8, 0x95, 0x73, 0xda, 0xac, 0x1b, 0x53, 0xb9, 0x5f, 0x3f, 0xd7, + 0x19, 0x0d, 0x25, 0x4f, 0xe1, 0x63, 0x63, 0x51, 0x8b, 0x0b, 0x64, 0x3f, + 0xad, 0x43, 0xb8, 0xa5, 0x1c, 0x5c, 0x34, 0xb3, 0xae, 0x00, 0xa0, 0x63, + 0xc5, 0xf6, 0x7f, 0x0b, 0x59, 0x68, 0x78, 0x73, 0xa6, 0x8c, 0x18, 0xa9, + 0x02, 0x6d, 0xaf, 0xc3, 0x19, 0x01, 0x2e, 0xb8, 0x10, 0xe3, 0xc6, 0xcc, + 0x40, 0xb4, 0x69, 0xa3, 0x46, 0x33, 0x69, 0x87, 0x6e, 0xc4, 0xbb, 0x17, + 0xa6, 0xf3, 0xe8, 0xdd, 0xad, 0x73, 0xbc, 0x7b, 0x2f, 0x21, 0xb5, 0xfd, + 0x66, 0x51, 0x0c, 0xbd, 0x54, 0xb3, 0xe1, 0x6d, 0x5f, 0x1c, 0xbc, 0x23, + 0x73, 0xd1, 0x09, 0x03, 0x89, 0x14, 0xd2, 0x10, 0xb9, 0x64, 0xc3, 0x2a, + 0xd0, 0xa1, 0x96, 0x4a, 0xbc, 0xe1, 0xd4, 0x1a, 0x5b, 0xc7, 0xa0, 0xc0, + 0xc1, 0x63, 0x78, 0x0f, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, 0x32, 0x23, + 0x95, 0xa1, 0x77, 0xba, 0x13, 0xd2, 0x97, 0x73, 0xe2, 0x5d, 0x25, 0xc9, + 0x6a, 0x0d, 0xc3, 0x39, 0x60, 0xa4, 0xb4, 0xb0, 0x69, 0x42, 0x42, 0x09, + 0xe9, 0xd8, 0x08, 0xbc, 0x33, 0x20, 0xb3, 0x58, 0x22, 0xa7, 0xaa, 0xeb, + 0xc4, 0xe1, 0xe6, 0x61, 0x83, 0xc5, 0xd2, 0x96, 0xdf, 0xd9, 0xd0, 0x4f, + 0xad, 0xd7, 0x02, 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x45, 0x30, + 0x82, 0x01, 0x41, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, + 0x04, 0x14, 0xb3, 0x11, 0x32, 0xc9, 0x92, 0x98, 0x84, 0xe2, 0xc9, 0xf8, + 0xd0, 0x3b, 0x6e, 0x03, 0x42, 0xca, 0x1f, 0x0e, 0x8e, 0x3c, 0x30, 0x81, + 0xd4, 0x06, 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xcc, 0x30, 0x81, 0xc9, + 0x80, 0x14, 0x27, 0x8e, 0x67, 0x11, 0x74, 0xc3, 0x26, 0x1d, 0x3f, 0xed, + 0x33, 0x63, 0xb3, 0xa4, 0xd8, 0x1d, 0x30, 0xe5, 0xe8, 0xd5, 0xa1, 0x81, + 0x9a, 0xa4, 0x81, 0x97, 0x30, 0x81, 0x94, 0x31, 0x0b, 0x30, 0x09, 0x06, + 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, 0x6f, 0x6e, 0x74, 0x61, + 0x6e, 0x61, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, + 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, 0x31, 0x11, 0x30, 0x0f, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x08, 0x53, 0x61, 0x77, 0x74, 0x6f, + 0x6f, 0x74, 0x68, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x74, 0x69, 0x6e, 0x67, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, + 0x77, 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, + 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, + 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, + 0x14, 0x3f, 0x29, 0x11, 0x20, 0x57, 0x71, 0xe7, 0x8e, 0xf9, 0x18, 0x0d, + 0xca, 0x70, 0x4d, 0x5b, 0x15, 0x2a, 0x43, 0xd6, 0x24, 0x30, 0x0c, 0x06, + 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xff, 0x30, + 0x1c, 0x06, 0x03, 0x55, 0x1d, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, + 0x65, 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, 0x6f, 0x6d, 0x87, + 0x04, 0x7f, 0x00, 0x00, 0x01, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, + 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x03, 0x01, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, + 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, 0x05, 0x00, 0x03, 0x82, 0x01, 0x01, 0x00, 0xbb, 0xde, 0x9b, 0x8d, + 0xeb, 0x6b, 0x17, 0x42, 0xa4, 0xde, 0x1f, 0x9d, 0x61, 0x80, 0x80, 0x7d, + 0xf3, 0x3a, 0x5e, 0xc1, 0xb9, 0xa2, 0xb4, 0x0d, 0x28, 0x5a, 0x92, 0x4e, + 0xd6, 0x02, 0x47, 0x2f, 0x99, 0x1a, 0x43, 0xfa, 0xa4, 0x8b, 0xd8, 0x56, + 0x45, 0x22, 0xc3, 0xbb, 0xf3, 0x7d, 0xd4, 0x07, 0xdb, 0x9b, 0x99, 0x0b, + 0x01, 0x35, 0x04, 0xd3, 0x13, 0xd9, 0xad, 0x6e, 0x88, 0xb9, 0x89, 0xdb, + 0x35, 0xed, 0xe4, 0xbf, 0x12, 0x6e, 0x66, 0xbd, 0xc2, 0xa6, 0x8f, 0x0a, + 0x95, 0x8d, 0xf7, 0x6e, 0x6e, 0x4c, 0xff, 0xfc, 0xd0, 0xb4, 0xd7, 0xee, + 0xc9, 0x5f, 0xc3, 0x44, 0xef, 0x2a, 0x9b, 0x6f, 0xfa, 0x69, 0xfe, 0x2e, + 0xd6, 0x10, 0x64, 0xda, 0x9f, 0x9b, 0x33, 0xf0, 0x5f, 0x49, 0xe3, 0x6f, + 0xe1, 0x9e, 0xd5, 0xf7, 0x4a, 0x2a, 0x1d, 0x4c, 0xc8, 0xd0, 0x82, 0xd0, + 0xc7, 0xa6, 0x54, 0xc0, 0x57, 0xf1, 0xa8, 0xe8, 0xd2, 0x24, 0xc9, 0x59, + 0x7d, 0xdc, 0x3c, 0x21, 0xcf, 0x2d, 0xff, 0x36, 0x5d, 0x14, 0xed, 0x3c, + 0x4b, 0x74, 0x53, 0xf6, 0x3a, 0x25, 0x2f, 0x42, 0x9d, 0x76, 0xfb, 0xdc, + 0x60, 0x2c, 0x28, 0xeb, 0x2d, 0xc5, 0x35, 0x65, 0xb5, 0xbc, 0xf1, 0xdc, + 0x70, 0x5d, 0xfd, 0x76, 0xce, 0x8c, 0xb6, 0xda, 0xbb, 0xde, 0xd7, 0xb1, + 0xff, 0xf0, 0x56, 0xdb, 0x1f, 0x7b, 0x41, 0xe8, 0x6f, 0x3c, 0x4b, 0x92, + 0x4d, 0xed, 0x2f, 0x23, 0x46, 0x91, 0xaa, 0x7c, 0x73, 0x98, 0xc1, 0xbf, + 0x28, 0x6e, 0x7f, 0x50, 0x30, 0xe8, 0xb5, 0x51, 0x3c, 0xac, 0xce, 0xb4, + 0xb4, 0xc8, 0x83, 0x36, 0xb7, 0x40, 0x6f, 0x68, 0xd0, 0x8f, 0x12, 0x63, + 0x93, 0xd5, 0xa4, 0x42, 0xb9, 0xc5, 0xc6, 0x93, 0x55, 0x33, 0xed, 0x84, + 0xc1, 0xfc, 0x19, 0xad, 0x70, 0x98, 0x15, 0x68, 0x03, 0x9e, 0x65, 0xc9, +}; + +unsigned char intermediate1_ca_cert_pem[] = { + 0x30, 0x82, 0x04, 0xf0, 0x30, 0x82, 0x03, 0xd8, 0xa0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x01, 0x01, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, + 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x97, 0x31, 0x0b, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, + 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, + 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, + 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, + 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, + 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, + 0x20, 0x72, 0x6f, 0x6f, 0x74, 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, + 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, + 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, 0x0d, 0x32, 0x35, 0x31, + 0x31, 0x31, 0x33, 0x32, 0x30, 0x34, 0x31, 0x33, 0x34, 0x5a, 0x17, 0x0d, + 0x32, 0x38, 0x30, 0x38, 0x30, 0x39, 0x32, 0x30, 0x34, 0x31, 0x33, 0x34, + 0x5a, 0x30, 0x81, 0xa1, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, + 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x74, + 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, + 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, 0x53, + 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, 0x0c, + 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, 0x67, + 0x31, 0x22, 0x30, 0x20, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x19, 0x77, + 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6d, 0x65, 0x64, 0x69, 0x61, 0x74, 0x65, 0x20, 0x43, 0x41, 0x20, 0x31, + 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, 0x40, 0x77, 0x6f, + 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, 0x01, + 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x01, 0x05, 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, 0x01, + 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xde, 0xb4, 0xc8, 0x5c, 0x77, 0xe0, + 0x2d, 0xb1, 0xf5, 0xb9, 0xad, 0x16, 0x47, 0x35, 0xa0, 0x35, 0x65, 0x65, + 0xc6, 0xe1, 0x40, 0xab, 0x1e, 0xb4, 0xb9, 0x13, 0xb7, 0xcb, 0x8c, 0xbb, + 0x77, 0xa5, 0x76, 0xda, 0x6d, 0x87, 0x87, 0xf6, 0x4a, 0x4d, 0x13, 0xe4, + 0x26, 0x3e, 0x27, 0x87, 0xee, 0x5b, 0xc7, 0x6a, 0x3f, 0x45, 0x30, 0x61, + 0x55, 0x5c, 0xf6, 0x35, 0xd1, 0x65, 0xfa, 0x98, 0x11, 0xa3, 0xa7, 0x55, + 0xd5, 0xbe, 0x91, 0x82, 0x4b, 0xfc, 0xbe, 0x90, 0xd6, 0x50, 0x53, 0x63, + 0x9a, 0x2c, 0x22, 0xe1, 0x35, 0x11, 0xdc, 0x78, 0x02, 0x97, 0x8a, 0xe4, + 0x46, 0x92, 0x9c, 0x53, 0x08, 0x76, 0xde, 0x1f, 0x53, 0xb6, 0xb8, 0xca, + 0x77, 0x3e, 0x79, 0x6e, 0xbc, 0xd0, 0xe3, 0x0d, 0x30, 0x5b, 0x4c, 0xf6, + 0x94, 0x0d, 0x30, 0x29, 0x64, 0x9f, 0x04, 0xe5, 0xdb, 0xfb, 0x89, 0x60, + 0x67, 0xbb, 0xaf, 0x26, 0x83, 0x51, 0x77, 0x24, 0x2f, 0x2b, 0x0b, 0xa1, + 0x94, 0x81, 0x10, 0x98, 0xe8, 0xeb, 0x26, 0xa8, 0x1e, 0x7c, 0xe4, 0xc4, + 0x6c, 0x67, 0x06, 0x95, 0x55, 0x4a, 0xdd, 0x52, 0xf4, 0xf2, 0x60, 0x6d, + 0x01, 0x2b, 0x19, 0x91, 0x35, 0x6d, 0xa4, 0x08, 0x47, 0x06, 0x71, 0x24, + 0x00, 0xd9, 0xde, 0xc6, 0x56, 0xf3, 0x8b, 0x53, 0x2c, 0xe2, 0x9a, 0x96, + 0xa5, 0xf3, 0x62, 0xe5, 0xc4, 0xe3, 0x23, 0xf2, 0xd2, 0xfc, 0x21, 0xea, + 0x0f, 0x62, 0x76, 0x8d, 0xd5, 0x99, 0x48, 0xce, 0xdc, 0x58, 0xc4, 0xbb, + 0x7f, 0xda, 0x94, 0x2c, 0x80, 0x74, 0x83, 0xc5, 0xe0, 0xb0, 0x15, 0x7e, + 0x41, 0xfd, 0x0e, 0xf2, 0xf4, 0xf0, 0x78, 0x76, 0x7b, 0xad, 0x26, 0x0d, + 0xaa, 0x48, 0x96, 0x17, 0x2f, 0x21, 0xe3, 0x95, 0x2b, 0x26, 0x37, 0xf9, + 0xaa, 0x80, 0x2f, 0xfe, 0xde, 0xf6, 0x5e, 0xbc, 0x97, 0x7f, 0x02, 0x03, + 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x39, 0x30, 0x82, 0x01, 0x35, 0x30, + 0x0c, 0x06, 0x03, 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, + 0xff, 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, + 0x83, 0xc6, 0x3a, 0x89, 0x2c, 0x81, 0xf4, 0x02, 0xd7, 0x9d, 0x4c, 0xe2, + 0x2a, 0xc0, 0x71, 0x82, 0x64, 0x44, 0xda, 0x0e, 0x30, 0x81, 0xc4, 0x06, + 0x03, 0x55, 0x1d, 0x23, 0x04, 0x81, 0xbc, 0x30, 0x81, 0xb9, 0x80, 0x14, + 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, 0xcf, 0x47, 0xa5, 0x38, 0xd7, + 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, 0x21, 0xa1, 0x81, 0x9d, 0xa4, + 0x81, 0x9a, 0x30, 0x81, 0x97, 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, + 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0c, 0x0a, 0x57, 0x61, 0x73, 0x68, 0x69, 0x6e, 0x67, + 0x74, 0x6f, 0x6e, 0x31, 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x07, 0x53, 0x65, 0x61, 0x74, 0x74, 0x6c, 0x65, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x0a, 0x0c, 0x07, 0x77, 0x6f, 0x6c, 0x66, + 0x53, 0x53, 0x4c, 0x31, 0x14, 0x30, 0x12, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x0b, 0x45, 0x6e, 0x67, 0x69, 0x6e, 0x65, 0x65, 0x72, 0x69, 0x6e, + 0x67, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, + 0x77, 0x6f, 0x6c, 0x66, 0x53, 0x53, 0x4c, 0x20, 0x72, 0x6f, 0x6f, 0x74, + 0x20, 0x43, 0x41, 0x31, 0x1f, 0x30, 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, + 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, 0x6f, + 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, + 0x82, 0x01, 0x63, 0x30, 0x0b, 0x06, 0x03, 0x55, 0x1d, 0x0f, 0x04, 0x04, + 0x03, 0x02, 0x01, 0x06, 0x30, 0x32, 0x06, 0x08, 0x2b, 0x06, 0x01, 0x05, + 0x05, 0x07, 0x01, 0x01, 0x04, 0x26, 0x30, 0x24, 0x30, 0x22, 0x06, 0x08, + 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x86, 0x16, 0x68, 0x74, + 0x74, 0x70, 0x3a, 0x2f, 0x2f, 0x31, 0x32, 0x37, 0x2e, 0x30, 0x2e, 0x30, + 0x2e, 0x31, 0x3a, 0x32, 0x32, 0x32, 0x32, 0x30, 0x30, 0x0d, 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, + 0x82, 0x01, 0x01, 0x00, 0x77, 0xec, 0x89, 0x37, 0xd4, 0x35, 0x2e, 0x24, + 0xfd, 0xd2, 0xde, 0xd9, 0x98, 0x87, 0xbe, 0x52, 0xae, 0xb5, 0xd4, 0xf6, + 0x13, 0x34, 0x12, 0x2c, 0xf0, 0x78, 0x98, 0x07, 0x9f, 0xf7, 0xe4, 0x76, + 0xdf, 0x6e, 0xeb, 0x97, 0xc7, 0x03, 0xa3, 0xe6, 0x15, 0x6e, 0xe2, 0x94, + 0x16, 0x6b, 0xed, 0x59, 0xa9, 0x4a, 0x10, 0xa0, 0xcc, 0xc2, 0x61, 0x78, + 0xc7, 0xfb, 0x1c, 0x04, 0x4a, 0x20, 0xc1, 0xfc, 0x94, 0xc6, 0x99, 0xb0, + 0x3a, 0x8c, 0x2f, 0x2b, 0x7d, 0x15, 0x30, 0x53, 0xc7, 0x9b, 0x73, 0x54, + 0x6f, 0x4d, 0x16, 0xa6, 0xab, 0x2d, 0x8a, 0x51, 0x70, 0x1f, 0x1b, 0x8e, + 0x60, 0x0b, 0x56, 0x8b, 0xf2, 0x94, 0x01, 0xfd, 0x81, 0x5f, 0x73, 0xcb, + 0xed, 0x5e, 0xcc, 0x4a, 0x71, 0xc1, 0xa9, 0x1a, 0xd7, 0xc7, 0x2b, 0x5a, + 0x66, 0x02, 0x77, 0xda, 0x10, 0xe8, 0x45, 0x42, 0xa0, 0x7c, 0xef, 0x78, + 0xff, 0xdd, 0x08, 0xf6, 0x84, 0x2f, 0x41, 0xf5, 0x18, 0xc9, 0xa2, 0x48, + 0xd1, 0x5d, 0xb6, 0xa4, 0x4d, 0x32, 0xaf, 0x83, 0x5d, 0xb9, 0x64, 0xec, + 0x40, 0xe9, 0x62, 0x38, 0xef, 0x1b, 0xd1, 0x8e, 0xc9, 0xe8, 0xfd, 0xb3, + 0xe8, 0xe1, 0xa1, 0xda, 0x16, 0x1e, 0x26, 0x3c, 0x82, 0x36, 0xcb, 0x8d, + 0x80, 0x67, 0x33, 0xca, 0x30, 0xbf, 0x93, 0x03, 0xc8, 0x9c, 0xbe, 0xa2, + 0x6f, 0xaa, 0x7c, 0x76, 0x24, 0x3d, 0x06, 0x99, 0xab, 0xa7, 0xfe, 0x12, + 0xf3, 0xdb, 0xfd, 0xa0, 0x8a, 0xb5, 0x0d, 0xc1, 0x9c, 0x90, 0xb7, 0xca, + 0x7e, 0x6d, 0xfb, 0xff, 0x2a, 0xc3, 0xfe, 0x7c, 0x9f, 0x41, 0xe8, 0xc2, + 0x7f, 0x4f, 0xfa, 0x4b, 0x49, 0xc4, 0xa0, 0xd0, 0xbc, 0xfd, 0x38, 0x34, + 0x22, 0xff, 0xd5, 0x83, 0x79, 0x70, 0x7f, 0x6c, 0x30, 0x8d, 0xad, 0x93, + 0xfb, 0xb8, 0x77, 0x01, 0x34, 0xaf, 0xcc, 0x0e, +}; + +unsigned char resp_bad[] = { + 0x30, 0x82, 0x01, 0xa9, 0xa0, 0x82, 0x01, 0xa5, 0x30, 0x82, 0x01, 0xa1, + 0x06, 0x09, 0x2b, 0x06, 0x01, 0x05, 0x05, 0x07, 0x30, 0x01, 0x01, 0x04, + 0x82, 0x01, 0x92, 0x30, 0x82, 0x01, 0x8e, 0x30, 0x7a, 0xa2, 0x16, 0x04, + 0x14, 0x32, 0x67, 0xe1, 0xb1, 0x79, 0xd2, 0x81, 0xfc, 0x9f, 0x23, 0x0c, + 0x70, 0x40, 0x50, 0xb5, 0x46, 0x56, 0xb8, 0x30, 0x36, 0x18, 0x0f, 0x32, + 0x30, 0x32, 0x35, 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, + 0x34, 0x5a, 0x30, 0x4f, 0x30, 0x4d, 0x30, 0x38, 0x30, 0x07, 0x06, 0x05, + 0x2b, 0x0e, 0x03, 0x02, 0x1a, 0x04, 0x14, 0x44, 0xa8, 0xdb, 0xd1, 0xbc, + 0x97, 0x0a, 0x83, 0x3b, 0x5b, 0x31, 0x9a, 0x4c, 0xb8, 0xd2, 0x52, 0x37, + 0x15, 0x8a, 0x88, 0x04, 0x14, 0x73, 0xb0, 0x1c, 0xa4, 0x2f, 0x82, 0xcb, + 0xcf, 0x47, 0xa5, 0x38, 0xd7, 0xb0, 0x04, 0x82, 0x3a, 0x7e, 0x72, 0x15, + 0x21, 0x02, 0x01, 0x01, 0x80, 0x00, 0x18, 0x0f, 0x32, 0x30, 0x32, 0x35, + 0x31, 0x31, 0x31, 0x32, 0x31, 0x33, 0x34, 0x35, 0x31, 0x34, 0x5a, 0x30, + 0x0b, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x0b, + 0x03, 0x82, 0x01, 0x01, 0x00, 0x8a, 0x57, 0x27, 0xd9, 0x0b, 0x43, 0xe2, + 0x38, 0x39, 0x8e, 0x8d, 0xa4, 0x00, 0x93, 0xbc, 0x55, 0xbd, 0x95, 0x8e, + 0xbc, 0x4a, 0x10, 0x36, 0xde, 0xff, 0x9d, 0x87, 0x9c, 0xee, 0x69, 0xa8, + 0x3d, 0x7c, 0x16, 0x8d, 0x43, 0xec, 0x40, 0x64, 0x11, 0x4b, 0x92, 0x62, + 0xfd, 0xa9, 0x19, 0xac, 0xeb, 0xa5, 0x84, 0x88, 0xab, 0x16, 0x94, 0xb2, + 0x2e, 0x69, 0xd7, 0x02, 0x27, 0xf0, 0x4a, 0x81, 0xd2, 0xee, 0x74, 0x66, + 0x14, 0x88, 0xb3, 0xf5, 0x55, 0xc6, 0x4b, 0xdb, 0x63, 0xad, 0x45, 0x39, + 0x3d, 0x68, 0x54, 0x13, 0x97, 0x66, 0xc6, 0x78, 0xad, 0xa2, 0x97, 0xd4, + 0xc5, 0xea, 0xf5, 0x2d, 0xfd, 0x53, 0xf4, 0x91, 0x9c, 0x5e, 0xeb, 0x52, + 0x83, 0x6d, 0x84, 0x7a, 0x6c, 0x1c, 0xaa, 0x7a, 0x89, 0xf5, 0xfb, 0x4b, + 0x4e, 0xe4, 0xc9, 0x7c, 0x6f, 0xa8, 0x8b, 0x40, 0xc7, 0xf0, 0x52, 0x4a, + 0xca, 0xf4, 0x4d, 0x6d, 0x2d, 0x16, 0x60, 0x3c, 0xcf, 0xcd, 0xa3, 0x32, + 0xc1, 0x38, 0x97, 0x0d, 0x37, 0x95, 0x6d, 0x57, 0x21, 0x83, 0xf0, 0x92, + 0x43, 0x76, 0x09, 0x21, 0x3c, 0x6b, 0xcc, 0xdb, 0xe0, 0x4b, 0x89, 0xc5, + 0x95, 0x00, 0xe2, 0xab, 0xe3, 0xaa, 0x1e, 0x5f, 0x45, 0x2e, 0xec, 0x19, + 0xe9, 0x4a, 0x55, 0x5e, 0xd6, 0x17, 0xed, 0xed, 0x8a, 0x24, 0x23, 0x4d, + 0x73, 0x17, 0x79, 0x1f, 0xe6, 0x73, 0x94, 0xe8, 0x74, 0x0e, 0xcb, 0xe9, + 0x8e, 0xc7, 0xf8, 0x2b, 0xdd, 0xc6, 0x3d, 0xd2, 0xda, 0x48, 0x92, 0x47, + 0x17, 0x01, 0x36, 0xbf, 0xd5, 0x5e, 0x1f, 0x00, 0x04, 0x3e, 0x7d, 0xe4, + 0xcf, 0x1a, 0x2b, 0x18, 0x07, 0x9e, 0x3e, 0x17, 0x08, 0x56, 0x78, 0x36, + 0x93, 0x95, 0x14, 0x1c, 0x9a, 0x71, 0xc7, 0xd3, 0x5a, 0x6e, 0x21, 0x85, + 0xb8, 0x14, 0x3b, 0x73, 0xa7, 0x90, 0xad, 0xd5, 0x53, +}; + +#endif /* OCSP_TEST_BLOBS_H */ diff --git a/test/ssl/wolfssl/tests/api/test_ossl_asn1.c b/test/ssl/wolfssl/tests/api/test_ossl_asn1.c new file mode 100644 index 000000000..b046fd4c3 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_asn1.c @@ -0,0 +1,2784 @@ +/* test_ossl_asn1.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include +#include + +/******************************************************************************* + * ASN.1 OpenSSL compatibility API Testing + ******************************************************************************/ + +int test_wolfSSL_ASN1_BIT_STRING(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && defined(OPENSSL_ALL) + ASN1_BIT_STRING* str = NULL; + ASN1_BIT_STRING* str2 = NULL; + unsigned char* der = NULL; + + ExpectNotNull(str = ASN1_BIT_STRING_new()); + /* Empty data testing. */ + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 1), 0); + ASN1_BIT_STRING_free(str); + str = NULL; + + ExpectNotNull(str = ASN1_BIT_STRING_new()); + + /* Invalid parameter testing. */ + ExpectIntEQ(ASN1_BIT_STRING_set_bit(NULL, 42, 1), 0); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, -1, 1), 0); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 2), 0); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, -1), 0); + + /* No bit string - bit is always 0. */ + ExpectIntEQ(ASN1_BIT_STRING_get_bit(NULL, 42), 0); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(NULL, -1), 0); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, -1), 0); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 0), 0); + + ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 1), 1); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 1); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 41), 0); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, -1), 0); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 84, 1), 1); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 84), 1); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 83), 0); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 91, 0), 1); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 91), 0); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 89, 0), 1); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 89), 0); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(str, 42, 0), 1); + ExpectIntEQ(ASN1_BIT_STRING_get_bit(str, 42), 0); + + ExpectIntEQ(i2d_ASN1_BIT_STRING(str, NULL), 14); + ExpectIntEQ(i2d_ASN1_BIT_STRING(str, &der), 14); +#ifdef WOLFSSL_ASN_TEMPLATE + { + const unsigned char* tmp = der; + ExpectNotNull(d2i_ASN1_BIT_STRING(&str2, &tmp, 14)); + } +#endif + + ASN1_BIT_STRING_free(str); + ASN1_BIT_STRING_free(str2); + ASN1_BIT_STRING_free(NULL); + XFREE(der, NULL, DYNAMIC_TYPE_ASN1); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_INTEGER(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) + ASN1_INTEGER* a = NULL; + ASN1_INTEGER* dup = NULL; + const unsigned char invalidLenDer[] = { + 0x02, 0x20, 0x00 + }; + const unsigned char longDer[] = { + 0x02, 0x20, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 + }; + const unsigned char* p; + + /* Invalid parameter testing. */ + ASN1_INTEGER_free(NULL); + ExpectNull(wolfSSL_ASN1_INTEGER_dup(NULL)); + + ExpectNotNull(a = ASN1_INTEGER_new()); + ExpectNotNull(dup = wolfSSL_ASN1_INTEGER_dup(a)); + ASN1_INTEGER_free(dup); + dup = NULL; + ASN1_INTEGER_free(a); + a = NULL; + + p = invalidLenDer; + ExpectNull(d2i_ASN1_INTEGER(NULL, &p, sizeof(invalidLenDer))); + + p = longDer; + ExpectNotNull(a = d2i_ASN1_INTEGER(NULL, &p, sizeof(longDer))); + ExpectPtrNE(p, longDer); + ExpectNotNull(dup = wolfSSL_ASN1_INTEGER_dup(a)); + ASN1_INTEGER_free(dup); + ASN1_INTEGER_free(a); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_INTEGER_cmp(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) + ASN1_INTEGER* a = NULL; + ASN1_INTEGER* b = NULL; + + ExpectNotNull(a = ASN1_INTEGER_new()); + ExpectNotNull(b = ASN1_INTEGER_new()); + ExpectIntEQ(ASN1_INTEGER_set(a, 1), 1); + ExpectIntEQ(ASN1_INTEGER_set(b, 1), 1); + + /* Invalid parameter testing. */ + ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(NULL, NULL), -1); + ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, NULL), -1); + ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(NULL, b), -1); + + ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); + ExpectIntEQ(ASN1_INTEGER_set(b, -1), 1); + ExpectIntGT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); + ExpectIntEQ(ASN1_INTEGER_set(a, -2), 1); + ExpectIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); + ExpectIntEQ(ASN1_INTEGER_set(b, 1), 1); + ExpectIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); + ExpectIntEQ(ASN1_INTEGER_set(a, 0x01), 1); + ExpectIntEQ(ASN1_INTEGER_set(b, 0x1000), 1); + ExpectIntLT(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); + ExpectIntGT(wolfSSL_ASN1_INTEGER_cmp(b, a), 0); + + ASN1_INTEGER_free(b); + ASN1_INTEGER_free(a); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_INTEGER_BN(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) + ASN1_INTEGER* ai = NULL; + ASN1_INTEGER* ai2 = NULL; + BIGNUM* bn = NULL; + BIGNUM* bn2 = NULL; + + ExpectNotNull(ai = ASN1_INTEGER_new()); + ExpectNotNull(bn2 = BN_new()); + + /* Invalid parameter testing. */ + ExpectNull(bn = ASN1_INTEGER_to_BN(NULL, NULL)); + ExpectNull(ai2 = BN_to_ASN1_INTEGER(NULL, NULL)); + + /* at the moment hard setting since no set function */ + if (ai != NULL) { + ai->data[0] = 0xff; /* No DER encoding. */ + ai->length = 1; + } +#if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) + ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL)); + BN_free(bn); + bn = NULL; +#else + ExpectNull(ASN1_INTEGER_to_BN(ai, NULL)); +#endif + + if (ai != NULL) { + ai->data[0] = 0x02; /* tag for ASN_INTEGER */ + ai->data[1] = 0x04; /* bad length of integer */ + ai->data[2] = 0x03; + ai->length = 3; + } +#if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) + /* Interpreted as a number 0x020403. */ + ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL)); + BN_free(bn); + bn = NULL; +#else + ExpectNull(ASN1_INTEGER_to_BN(ai, NULL)); +#endif + + if (ai != NULL) { + ai->data[0] = 0x02; /* tag for ASN_INTEGER */ + ai->data[1] = 0x01; /* length of integer */ + ai->data[2] = 0x03; + ai->length = 3; + } + ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, NULL)); + ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, NULL)); + ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0); + ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2)); + ExpectIntEQ(BN_cmp(bn, bn2), 0); + + if (ai != NULL) { + ai->data[0] = 0x02; /* tag for ASN_INTEGER */ + ai->data[1] = 0x02; /* length of integer */ + ai->data[2] = 0x00; /* padding byte to ensure positive */ + ai->data[3] = 0xff; + ai->length = 4; + } + ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, bn)); + ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2)); + ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0); + ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2)); + ExpectIntEQ(BN_cmp(bn, bn2), 0); + + if (ai != NULL) { + ai->data[0] = 0x02; /* tag for ASN_INTEGER */ + ai->data[1] = 0x01; /* length of integer */ + ai->data[2] = 0x00; + ai->length = 3; + } + ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, bn)); + ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2)); + ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0); + ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2)); + ExpectIntEQ(BN_cmp(bn, bn2), 0); + + if (ai != NULL) { + ai->data[0] = 0x02; /* tag for ASN_INTEGER */ + ai->data[1] = 0x01; /* length of integer */ + ai->data[2] = 0x01; + ai->length = 3; + ai->negative = 1; + } + ExpectNotNull(bn = ASN1_INTEGER_to_BN(ai, bn)); + ExpectNotNull(ai2 = BN_to_ASN1_INTEGER(bn, ai2)); + ExpectIntEQ(ASN1_INTEGER_cmp(ai, ai2), 0); + ExpectNotNull(bn2 = ASN1_INTEGER_to_BN(ai2, bn2)); + ExpectIntEQ(BN_cmp(bn, bn2), 0); + + BN_free(bn2); + BN_free(bn); + ASN1_INTEGER_free(ai2); + ASN1_INTEGER_free(ai); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_INTEGER_get_set(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) + ASN1_INTEGER *a = NULL; + long val; + + ExpectNotNull(a = ASN1_INTEGER_new()); + /* Invalid parameter testing. */ + ExpectIntEQ(ASN1_INTEGER_get(NULL), 0); +#if defined(WOLFSSL_QT) || defined(WOLFSSL_HAPROXY) + ExpectIntEQ(ASN1_INTEGER_get(a), 0); +#else + ExpectIntEQ(ASN1_INTEGER_get(a), -1); +#endif + ASN1_INTEGER_free(a); + a = NULL; + + ExpectNotNull(a = ASN1_INTEGER_new()); + val = 0; + ExpectIntEQ(ASN1_INTEGER_set(NULL, val), 0); + ASN1_INTEGER_free(a); + a = NULL; + + /* 0 */ + ExpectNotNull(a = ASN1_INTEGER_new()); + val = 0; + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); + ASN1_INTEGER_free(a); + a = NULL; + + /* 40 */ + ExpectNotNull(a = ASN1_INTEGER_new()); + val = 40; + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); + ASN1_INTEGER_free(a); + a = NULL; + + /* -40 */ + ExpectNotNull(a = ASN1_INTEGER_new()); + val = -40; + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); + ASN1_INTEGER_free(a); + a = NULL; + + /* 128 */ + ExpectNotNull(a = ASN1_INTEGER_new()); + val = 128; + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); + ASN1_INTEGER_free(a); + a = NULL; + + /* -128 */ + ExpectNotNull(a = ASN1_INTEGER_new()); + val = -128; + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); + ASN1_INTEGER_free(a); + a = NULL; + + /* 200 */ + ExpectNotNull(a = ASN1_INTEGER_new()); + val = 200; + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); + ASN1_INTEGER_free(a); + a = NULL; + + /* int max (2147483647) */ + ExpectNotNull(a = ASN1_INTEGER_new()); + val = 2147483647; + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); + ASN1_INTEGER_free(a); + a = NULL; + + /* int min (-2147483648) */ + ExpectNotNull(a = ASN1_INTEGER_new()); + val = -2147483647 - 1; + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); + ASN1_INTEGER_free(a); + a = NULL; + + /* long max positive */ + ExpectNotNull(a = ASN1_INTEGER_new()); + val = (long)(((unsigned long)-1) >> 1); + ExpectIntEQ(ASN1_INTEGER_set(a, val), 1); + ExpectTrue(ASN1_INTEGER_get(a) == val); + ASN1_INTEGER_free(a); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) +typedef struct ASN1IntTestVector { + const byte* der; + const size_t derSz; + const long value; +} ASN1IntTestVector; +#endif +int test_wolfSSL_d2i_ASN1_INTEGER(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + size_t i; + WOLFSSL_ASN1_INTEGER* a = NULL; + WOLFSSL_ASN1_INTEGER* b = NULL; + WOLFSSL_ASN1_INTEGER* c = NULL; + const byte* p = NULL; + byte* p2 = NULL; + byte* reEncoded = NULL; + int reEncodedSz = 0; + + static const byte zeroDer[] = { + 0x02, 0x01, 0x00 + }; + static const byte oneDer[] = { + 0x02, 0x01, 0x01 + }; + static const byte negativeDer[] = { + 0x02, 0x03, 0xC1, 0x16, 0x0D + }; + static const byte positiveDer[] = { + 0x02, 0x03, 0x01, 0x00, 0x01 + }; + static const byte primeDer[] = { + 0x02, 0x82, 0x01, 0x01, 0x00, 0xc0, 0x95, 0x08, 0xe1, 0x57, 0x41, + 0xf2, 0x71, 0x6d, 0xb7, 0xd2, 0x45, 0x41, 0x27, 0x01, 0x65, 0xc6, + 0x45, 0xae, 0xf2, 0xbc, 0x24, 0x30, 0xb8, 0x95, 0xce, 0x2f, 0x4e, + 0xd6, 0xf6, 0x1c, 0x88, 0xbc, 0x7c, 0x9f, 0xfb, 0xa8, 0x67, 0x7f, + 0xfe, 0x5c, 0x9c, 0x51, 0x75, 0xf7, 0x8a, 0xca, 0x07, 0xe7, 0x35, + 0x2f, 0x8f, 0xe1, 0xbd, 0x7b, 0xc0, 0x2f, 0x7c, 0xab, 0x64, 0xa8, + 0x17, 0xfc, 0xca, 0x5d, 0x7b, 0xba, 0xe0, 0x21, 0xe5, 0x72, 0x2e, + 0x6f, 0x2e, 0x86, 0xd8, 0x95, 0x73, 0xda, 0xac, 0x1b, 0x53, 0xb9, + 0x5f, 0x3f, 0xd7, 0x19, 0x0d, 0x25, 0x4f, 0xe1, 0x63, 0x63, 0x51, + 0x8b, 0x0b, 0x64, 0x3f, 0xad, 0x43, 0xb8, 0xa5, 0x1c, 0x5c, 0x34, + 0xb3, 0xae, 0x00, 0xa0, 0x63, 0xc5, 0xf6, 0x7f, 0x0b, 0x59, 0x68, + 0x78, 0x73, 0xa6, 0x8c, 0x18, 0xa9, 0x02, 0x6d, 0xaf, 0xc3, 0x19, + 0x01, 0x2e, 0xb8, 0x10, 0xe3, 0xc6, 0xcc, 0x40, 0xb4, 0x69, 0xa3, + 0x46, 0x33, 0x69, 0x87, 0x6e, 0xc4, 0xbb, 0x17, 0xa6, 0xf3, 0xe8, + 0xdd, 0xad, 0x73, 0xbc, 0x7b, 0x2f, 0x21, 0xb5, 0xfd, 0x66, 0x51, + 0x0c, 0xbd, 0x54, 0xb3, 0xe1, 0x6d, 0x5f, 0x1c, 0xbc, 0x23, 0x73, + 0xd1, 0x09, 0x03, 0x89, 0x14, 0xd2, 0x10, 0xb9, 0x64, 0xc3, 0x2a, + 0xd0, 0xa1, 0x96, 0x4a, 0xbc, 0xe1, 0xd4, 0x1a, 0x5b, 0xc7, 0xa0, + 0xc0, 0xc1, 0x63, 0x78, 0x0f, 0x44, 0x37, 0x30, 0x32, 0x96, 0x80, + 0x32, 0x23, 0x95, 0xa1, 0x77, 0xba, 0x13, 0xd2, 0x97, 0x73, 0xe2, + 0x5d, 0x25, 0xc9, 0x6a, 0x0d, 0xc3, 0x39, 0x60, 0xa4, 0xb4, 0xb0, + 0x69, 0x42, 0x42, 0x09, 0xe9, 0xd8, 0x08, 0xbc, 0x33, 0x20, 0xb3, + 0x58, 0x22, 0xa7, 0xaa, 0xeb, 0xc4, 0xe1, 0xe6, 0x61, 0x83, 0xc5, + 0xd2, 0x96, 0xdf, 0xd9, 0xd0, 0x4f, 0xad, 0xd7 + }; + static const byte garbageDer[] = {0xDE, 0xAD, 0xBE, 0xEF}; + + static const ASN1IntTestVector testVectors[] = { + {zeroDer, sizeof(zeroDer), 0}, + {oneDer, sizeof(oneDer), 1}, + {negativeDer, sizeof(negativeDer), -4123123}, + {positiveDer, sizeof(positiveDer), 65537}, + {primeDer, sizeof(primeDer), 0} + }; + static const size_t NUM_TEST_VECTORS = + sizeof(testVectors)/sizeof(testVectors[0]); + + /* Check d2i error conditions */ + /* NULL pointer to input. */ + ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, NULL, 1))); + ExpectNull(b); + /* NULL input. */ + ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 1))); + ExpectNull(b); + /* 0 length. */ + p = testVectors[0].der; + ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, 0))); + ExpectNull(b); + /* Negative length. */ + p = testVectors[0].der; + ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, -1))); + ExpectNull(b); + /* Garbage DER input. */ + p = garbageDer; + ExpectNull((a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, sizeof(garbageDer)))); + ExpectNull(b); + + /* Check i2d error conditions */ + /* NULL input. */ + ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(NULL, &p2), 0); + /* 0 length input data buffer (a->length == 0). */ + ExpectNotNull((a = wolfSSL_ASN1_INTEGER_new())); + ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0); + if (a != NULL) + a->data = NULL; + /* NULL input data buffer. */ + ExpectIntLT(wolfSSL_i2d_ASN1_INTEGER(a, &p2), 0); + if (a != NULL) { + /* Reset a->data. */ + a->isDynamic = 0; + a->data = a->intData; + } + /* Reset p2 to NULL. */ + XFREE(p2, NULL, DYNAMIC_TYPE_ASN1); + + /* Set a to valid value. */ + ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(a, 1), WOLFSSL_SUCCESS); + /* NULL output buffer. */ + ExpectIntEQ(wolfSSL_i2d_ASN1_INTEGER(a, NULL), 3); + wolfSSL_ASN1_INTEGER_free(a); + a = NULL; + + for (i = 0; i < NUM_TEST_VECTORS; ++i) { + p = testVectors[i].der; + ExpectNotNull(a = wolfSSL_d2i_ASN1_INTEGER(&b, &p, + testVectors[i].derSz)); + ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, b), 0); + + if (testVectors[i].derSz <= sizeof(long)) { + ExpectNotNull(c = wolfSSL_ASN1_INTEGER_new()); + ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(c, testVectors[i].value), 1); + ExpectIntEQ(wolfSSL_ASN1_INTEGER_cmp(a, c), 0); + wolfSSL_ASN1_INTEGER_free(c); + c = NULL; + } + + /* Convert to DER without a pre-allocated output buffer. */ + ExpectIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &reEncoded)), 0); + ExpectIntEQ(reEncodedSz, testVectors[i].derSz); + ExpectIntEQ(XMEMCMP(reEncoded, testVectors[i].der, reEncodedSz), 0); + + /* Convert to DER with a pre-allocated output buffer. In this case, the + * output buffer pointer should be incremented just past the end of the + * encoded data. */ + p2 = reEncoded; + ExpectIntGT((reEncodedSz = wolfSSL_i2d_ASN1_INTEGER(a, &p2)), 0); + ExpectIntEQ(reEncodedSz, testVectors[i].derSz); + ExpectPtrEq(reEncoded, p2 - reEncodedSz); + ExpectIntEQ(XMEMCMP(reEncoded, testVectors[i].der, reEncodedSz), 0); + + XFREE(reEncoded, NULL, DYNAMIC_TYPE_ASN1); + reEncoded = NULL; + wolfSSL_ASN1_INTEGER_free(a); + a = NULL; + } +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_a2i_ASN1_INTEGER(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) + BIO* bio = NULL; + BIO* out = NULL; + BIO* fixed = NULL; + ASN1_INTEGER* ai = NULL; + char buf[] = "123456\n12345\n1123456789123456\\\n78901234567890 \r\n\n"; + char tmp[1024]; + int tmpSz; + + const char expected1[] = "123456"; + const char expected2[] = "112345678912345678901234567890"; + char longStr[] = "123456781234567812345678123456781234567812345678\n" + "123456781234567812345678123456781234567812345678\\\n12345678\n"; + + ExpectNotNull(out = BIO_new(BIO_s_mem())); + ExpectNotNull(ai = ASN1_INTEGER_new()); + + ExpectNotNull(bio = BIO_new_mem_buf(buf, -1)); + + /* Invalid parameter testing. */ + ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, -1), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(bio, NULL, NULL, -1), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(NULL, ai, NULL, -1), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, tmp, -1), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(NULL, NULL, NULL, sizeof(tmp)), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(NULL, ai, tmp, sizeof(tmp)), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(bio, NULL, tmp, sizeof(tmp)), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, NULL, sizeof(tmp)), 0); + ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, -1), 0); + ExpectIntEQ(i2a_ASN1_INTEGER(NULL, NULL), 0); + ExpectIntEQ(i2a_ASN1_INTEGER(bio, NULL), 0); + ExpectIntEQ(i2a_ASN1_INTEGER(NULL, ai), 0); + + /* No data to read from BIO. */ + ExpectIntEQ(a2i_ASN1_INTEGER(out, ai, tmp, sizeof(tmp)), 0); + + /* read first line */ + ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1); + ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 6); + XMEMSET(tmp, 0, sizeof(tmp)); + tmpSz = BIO_read(out, tmp, sizeof(tmp)); + ExpectIntEQ(tmpSz, 6); + ExpectIntEQ(XMEMCMP(tmp, expected1, tmpSz), 0); + + /* fail on second line (not % 2) */ + ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 0); + + /* read 3rd long line */ + ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1); + ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 30); + XMEMSET(tmp, 0, sizeof(tmp)); + tmpSz = BIO_read(out, tmp, sizeof(tmp)); + ExpectIntEQ(tmpSz, 30); + ExpectIntEQ(XMEMCMP(tmp, expected2, tmpSz), 0); + + /* fail on empty line */ + ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 0); + + BIO_free(bio); + bio = NULL; + + /* Make long integer, requiring dynamic memory, even longer. */ + ExpectNotNull(bio = BIO_new_mem_buf(longStr, -1)); + ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1); + ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 48); + XMEMSET(tmp, 0, sizeof(tmp)); + tmpSz = BIO_read(out, tmp, sizeof(tmp)); + ExpectIntEQ(tmpSz, 48); + ExpectIntEQ(a2i_ASN1_INTEGER(bio, ai, tmp, sizeof(tmp)), 1); + ExpectIntEQ(i2a_ASN1_INTEGER(out, ai), 56); + XMEMSET(tmp, 0, sizeof(tmp)); + tmpSz = BIO_read(out, tmp, sizeof(tmp)); + ExpectIntEQ(tmpSz, 56); + ExpectIntEQ(wolfSSL_ASN1_INTEGER_set(ai, 1), 1); + BIO_free(bio); + BIO_free(out); + + ExpectNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem())); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + /* Ensure there is 0 bytes available to write into. */ + ExpectIntEQ(BIO_write(fixed, tmp, 1), 1); + ExpectIntEQ(i2a_ASN1_INTEGER(fixed, ai), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(i2a_ASN1_INTEGER(fixed, ai), 0); + BIO_free(fixed); + + ASN1_INTEGER_free(ai); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_i2c_ASN1_INTEGER(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) + ASN1_INTEGER *a = NULL; + unsigned char *pp = NULL,*tpp = NULL; + int ret = 0; + + ExpectNotNull(a = wolfSSL_ASN1_INTEGER_new()); + + /* Invalid parameter testing. */ + /* Set pp to an invalid value. */ + pp = NULL; + ExpectIntEQ(i2c_ASN1_INTEGER(NULL, &pp), 0); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &pp), 0); + ExpectIntEQ(i2c_ASN1_INTEGER(NULL, NULL), 0); + + /* 40 */ + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 40; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + tpp = pp; + if (tpp != NULL) { + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1); + tpp--; + ExpectIntEQ(*tpp, 40); + } + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; + + /* 128 */ + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 128; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + tpp = pp; + if (tpp != NULL) { + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2); + tpp--; + ExpectIntEQ(*(tpp--), 128); + ExpectIntEQ(*tpp, 0); + } + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; + + /* -40 */ + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 40; + a->negative = 1; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + tpp = pp; + if (tpp != NULL) { + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1); + tpp--; + ExpectIntEQ(*tpp, 216); + } + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; + + /* -128 */ + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 128; + a->negative = 1; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + tpp = pp; + if (tpp != NULL) { + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1); + tpp--; + ExpectIntEQ(*tpp, 128); + } + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; + + /* -200 */ + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 200; + a->negative = 1; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + tpp = pp; + if (tpp != NULL) { + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2); + tpp--; + ExpectIntEQ(*(tpp--), 56); + ExpectIntEQ(*tpp, 255); + } + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; + + /* Empty */ + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 0; + a->negative = 0; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + tpp = pp; + if (tpp != NULL) { + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1); + tpp--; + ExpectIntEQ(*tpp, 0); + } + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; + + /* 0 */ + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 1; + a->intData[2] = 0; + a->negative = 1; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 1); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + if (tpp != NULL) { + tpp = pp; + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 1); + tpp--; + ExpectIntEQ(*tpp, 0); + } + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; + + /* 0x100 */ + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 2; + a->intData[2] = 0x01; + a->intData[3] = 0x00; + a->negative = 0; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + if (tpp != NULL) { + tpp = pp; + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2); + tpp -= 2; + ExpectIntEQ(tpp[0], 0x01); + ExpectIntEQ(tpp[1], 0x00); + } + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; + + /* -0x8000 => 0x8000 */ + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 2; + a->intData[2] = 0x80; + a->intData[3] = 0x00; + a->negative = 1; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 2); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + tpp = pp; + if (tpp != NULL) { + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 2); + tpp -= 2; + ExpectIntEQ(tpp[0], 0x80); + ExpectIntEQ(tpp[1], 0x00); + } + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + pp = NULL; + + /* -0x8001 => 0xFF7FFF */ + if (a != NULL) { + a->intData[0] = ASN_INTEGER; + a->intData[1] = 2; + a->intData[2] = 0x80; + a->intData[3] = 0x01; + a->negative = 1; + } + ExpectIntEQ(ret = i2c_ASN1_INTEGER(a, NULL), 3); + ExpectNotNull(pp = (unsigned char*)XMALLOC(ret + 1, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + tpp = pp; + if (tpp != NULL) { + ExpectNotNull(XMEMSET(tpp, 0, ret + 1)); + ExpectIntEQ(i2c_ASN1_INTEGER(a, &tpp), 3); + tpp -= 3; + ExpectIntEQ(tpp[0], 0xFF); + ExpectIntEQ(tpp[1], 0x7F); + ExpectIntEQ(tpp[2], 0xFF); + } + XFREE(pp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + wolfSSL_ASN1_INTEGER_free(a); +#endif /* OPENSSL_EXTRA && !NO_ASN */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_OBJECT(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + ASN1_OBJECT* a = NULL; + ASN1_OBJECT s; + const unsigned char der[] = { 0x06, 0x01, 0x00 }; + + /* Invalid parameter testing. */ + ASN1_OBJECT_free(NULL); + ExpectNull(wolfSSL_ASN1_OBJECT_dup(NULL)); + + /* Test that a static ASN1_OBJECT can be freed. */ + XMEMSET(&s, 0, sizeof(ASN1_OBJECT)); + ASN1_OBJECT_free(&s); + ExpectNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s)); + ASN1_OBJECT_free(a); + a = NULL; + s.obj = der; + s.objSz = sizeof(der); + ExpectNotNull(a = wolfSSL_ASN1_OBJECT_dup(&s)); + ASN1_OBJECT_free(a); + ASN1_OBJECT_free(&s); +#endif /* OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_get_object(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) + const unsigned char* derBuf = cliecc_cert_der_256; + const unsigned char* nullPtr = NULL; + const unsigned char objDerInvalidLen[] = { 0x30, 0x81 }; + const unsigned char objDerBadLen[] = { 0x30, 0x04 }; + const unsigned char objDerNotObj[] = { 0x02, 0x01, 0x00 }; + const unsigned char objDerNoData[] = { 0x06, 0x00 }; + const unsigned char* p; + unsigned char objDer[10]; + unsigned char* der; + unsigned char* derPtr; + int len = sizeof_cliecc_cert_der_256; + long asnLen = 0; + int tag = 0; + int cls = 0; + ASN1_OBJECT* a = NULL; + ASN1_OBJECT s; + + XMEMSET(&s, 0, sizeof(ASN1_OBJECT)); + + /* Invalid encoding at length. */ + p = objDerInvalidLen; + ExpectIntEQ(ASN1_get_object(&p, &asnLen, &tag, &cls, sizeof(objDerBadLen)), + 0x80); + p = objDerBadLen; + /* Error = 0x80, Constructed = 0x20 */ + ExpectIntEQ(ASN1_get_object(&p, &asnLen, &tag, &cls, sizeof(objDerBadLen)), + 0x80 | 0x20); + + /* Read a couple TLV triplets and make sure they match the expected values + */ + + /* SEQUENCE */ + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, len) & 0x80, 0); + ExpectIntEQ(asnLen, 861); + ExpectIntEQ(tag, 0x10); + ExpectIntEQ(cls, 0); + + /* SEQUENCE */ + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, + len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); + ExpectIntEQ(asnLen, 772); + ExpectIntEQ(tag, 0x10); + ExpectIntEQ(cls, 0); + + /* [0] */ + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, + len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); + ExpectIntEQ(asnLen, 3); + ExpectIntEQ(tag, 0); + ExpectIntEQ(cls, 0x80); + + /* INTEGER */ + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, + len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); + ExpectIntEQ(asnLen, 1); + ExpectIntEQ(tag, 0x2); + ExpectIntEQ(cls, 0); + derBuf += asnLen; + + /* INTEGER */ + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, + len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); + ExpectIntEQ(asnLen, 20); + ExpectIntEQ(tag, 0x2); + ExpectIntEQ(cls, 0); + derBuf += asnLen; + + /* SEQUENCE */ + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, + len - (derBuf - cliecc_cert_der_256)) & 0x80, 0); + ExpectIntEQ(asnLen, 10); + ExpectIntEQ(tag, 0x10); + ExpectIntEQ(cls, 0); + + /* Found OBJECT_ID. */ + + /* Invalid parameter testing. */ + ExpectIntEQ(ASN1_get_object(NULL, NULL, NULL, NULL, 0), 0x80); + ExpectIntEQ(ASN1_get_object(&nullPtr, NULL, NULL, NULL, 0), 0x80); + ExpectIntEQ(ASN1_get_object(NULL, &asnLen, &tag, &cls, len), 0x80); + ExpectIntEQ(ASN1_get_object(&nullPtr, &asnLen, &tag, &cls, len), 0x80); + ExpectIntEQ(ASN1_get_object(&derBuf, NULL, &tag, &cls, len), 0x80); + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, NULL, &cls, len), 0x80); + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, NULL, len), 0x80); + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, 0), 0x80); + ExpectIntEQ(ASN1_get_object(&derBuf, &asnLen, &tag, &cls, -1), 0x80); + ExpectNull(d2i_ASN1_OBJECT(NULL, NULL, -1)); + ExpectNull(d2i_ASN1_OBJECT(NULL, &nullPtr, -1)); + ExpectNull(d2i_ASN1_OBJECT(NULL, &derBuf, -1)); + ExpectNull(d2i_ASN1_OBJECT(NULL, NULL, 0)); + ExpectNull(d2i_ASN1_OBJECT(&a, NULL, len)); + ExpectNull(d2i_ASN1_OBJECT(&a, &nullPtr, len)); + ExpectNull(d2i_ASN1_OBJECT(&a, &derBuf, -1)); + ExpectNull(c2i_ASN1_OBJECT(NULL, NULL, -1)); + ExpectNull(c2i_ASN1_OBJECT(NULL, &nullPtr, -1)); + ExpectNull(c2i_ASN1_OBJECT(NULL, &derBuf, -1)); + ExpectNull(c2i_ASN1_OBJECT(NULL, NULL, 1)); + ExpectNull(c2i_ASN1_OBJECT(NULL, &nullPtr, 1)); + + /* Invalid encoding at length. */ + p = objDerInvalidLen; + ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerInvalidLen))); + p = objDerBadLen; + ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerBadLen))); + p = objDerNotObj; + ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerNotObj))); + p = objDerNoData; + ExpectNull(d2i_ASN1_OBJECT(&a, &p, sizeof(objDerNoData))); + + /* Create an ASN OBJECT from content */ + p = derBuf + 2; + ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 8)); + ASN1_OBJECT_free(a); + a = NULL; + /* Create an ASN OBJECT from DER */ + ExpectNotNull(d2i_ASN1_OBJECT(&a, &derBuf, len)); + + /* Invalid parameter testing. */ + ExpectIntEQ(i2d_ASN1_OBJECT(NULL, NULL), 0); + ExpectIntEQ(i2d_ASN1_OBJECT(&s, NULL), 0); + + ExpectIntEQ(i2d_ASN1_OBJECT(a, NULL), 10); + der = NULL; + ExpectIntEQ(i2d_ASN1_OBJECT(a, &der), 10); + derPtr = objDer; + ExpectIntEQ(i2d_ASN1_OBJECT(a, &derPtr), 10); + ExpectPtrNE(derPtr, objDer); + ExpectIntEQ(XMEMCMP(der, objDer, 10), 0); + XFREE(der, NULL, DYNAMIC_TYPE_OPENSSL); + + ASN1_OBJECT_free(a); +#endif /* OPENSSL_EXTRA && HAVE_ECC && USE_CERT_BUFFERS_256 */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_i2a_ASN1_OBJECT(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO) + ASN1_OBJECT* obj = NULL; + ASN1_OBJECT* a = NULL; + BIO *bio = NULL; + const unsigned char notObjDer[] = { 0x04, 0x01, 0xff }; + const unsigned char* p; + + ExpectNotNull(obj = OBJ_nid2obj(NID_sha256)); + ExpectTrue((bio = BIO_new(BIO_s_mem())) != NULL); + + ExpectIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, obj), 0); + ExpectIntGT(wolfSSL_i2a_ASN1_OBJECT(bio, NULL), 0); + + ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(NULL, obj), 0); + + /* No DER encoding in ASN1_OBJECT. */ + ExpectNotNull(a = wolfSSL_ASN1_OBJECT_new()); + ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 0); + ASN1_OBJECT_free(a); + a = NULL; + /* DER encoding */ + p = notObjDer; + ExpectNotNull(a = c2i_ASN1_OBJECT(NULL, &p, 3)); + ExpectIntEQ(wolfSSL_i2a_ASN1_OBJECT(bio, a), 5); + ASN1_OBJECT_free(a); + + BIO_free(bio); + ASN1_OBJECT_free(obj); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_i2t_ASN1_OBJECT(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) + char buf[50] = {0}; + ASN1_OBJECT* obj; + const char* oid = "2.5.29.19"; + const char* ln = "X509v3 Basic Constraints"; + + obj = NULL; + ExpectIntEQ(i2t_ASN1_OBJECT(NULL, sizeof(buf), obj), 0); + ExpectIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), NULL), 0); + ExpectIntEQ(i2t_ASN1_OBJECT(buf, 0, NULL), 0); + + ExpectNotNull(obj = OBJ_txt2obj(oid, 0)); + XMEMSET(buf, 0, sizeof(buf)); + ExpectIntEQ(i2t_ASN1_OBJECT(buf, sizeof(buf), obj), XSTRLEN(ln)); + ExpectIntEQ(XSTRNCMP(buf, ln, XSTRLEN(ln)), 0); + ASN1_OBJECT_free(obj); +#endif /* OPENSSL_EXTRA && WOLFSSL_CERT_EXT && WOLFSSL_CERT_GEN */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_sk_ASN1_OBJECT(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) + WOLFSSL_STACK* sk = NULL; + WOLFSSL_ASN1_OBJECT* obj; + + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + + ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj()); + wolfSSL_sk_ASN1_OBJECT_free(sk); + sk = NULL; + + ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj()); + ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, NULL), -1); + ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, NULL), 0); + ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(NULL, obj), -1); + ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1); + wolfSSL_sk_ASN1_OBJECT_pop_free(sk, NULL); + sk = NULL; + /* obj freed in pop_free call. */ + + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + ExpectNotNull(sk = wolfSSL_sk_new_asn1_obj()); + ExpectIntEQ(wolfSSL_sk_ASN1_OBJECT_push(sk, obj), 1); + ExpectPtrEq(obj, wolfSSL_sk_ASN1_OBJECT_pop(sk)); + wolfSSL_sk_ASN1_OBJECT_free(sk); + wolfSSL_ASN1_OBJECT_free(obj); +#endif /* !NO_ASN && (OPENSSL_EXTRA || WOLFSSL_WPAS_SMALL) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_STRING(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + ASN1_STRING* str = NULL; + ASN1_STRING* c = NULL; + const char data[] = "hello wolfSSL"; + const char data2[] = "Same len data"; + const char longData[] = + "This string must be longer than CTC_NAME_SIZE that is defined as 64."; + + ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); + ASN1_STRING_free(str); + str = NULL; + + ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); + ExpectIntEQ(ASN1_STRING_type(str), V_ASN1_OCTET_STRING); + ExpectIntEQ(ASN1_STRING_type(NULL), 0); + /* Check setting to NULL works. */ + ExpectIntEQ(ASN1_STRING_set(str, NULL, 0), 1); + ExpectIntEQ(ASN1_STRING_set(str, (const void*)data, sizeof(data)), 1); + ExpectIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1); + ExpectIntEQ(ASN1_STRING_set(str, NULL, -1), 0); + ExpectIntEQ(ASN1_STRING_set(NULL, NULL, 0), 0); + + ExpectIntEQ(wolfSSL_ASN1_STRING_copy(NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ASN1_STRING_copy(str, NULL), 0); + ExpectIntEQ(wolfSSL_ASN1_STRING_copy(NULL, str), 0); + ExpectNull(wolfSSL_ASN1_STRING_dup(NULL)); + + ExpectNotNull(c = wolfSSL_ASN1_STRING_dup(str)); + ExpectIntEQ(ASN1_STRING_cmp(NULL, NULL), -1); + ExpectIntEQ(ASN1_STRING_cmp(str, NULL), -1); + ExpectIntEQ(ASN1_STRING_cmp(NULL, c), -1); + ExpectIntEQ(ASN1_STRING_cmp(str, c), 0); + ExpectIntEQ(ASN1_STRING_set(c, (const void*)data2, -1), 1); + ExpectIntGT(ASN1_STRING_cmp(str, c), 0); + ExpectIntEQ(ASN1_STRING_set(str, (const void*)longData, -1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_copy(c, str), 1); + ExpectIntEQ(ASN1_STRING_cmp(str, c), 0); + /* Check setting back to smaller size frees dynamic data. */ + ExpectIntEQ(ASN1_STRING_set(str, (const void*)data, -1), 1); + ExpectIntLT(ASN1_STRING_cmp(str, c), 0); + ExpectIntGT(ASN1_STRING_cmp(c, str), 0); + + ExpectNull(ASN1_STRING_get0_data(NULL)); + ExpectNotNull(ASN1_STRING_get0_data(str)); + ExpectNull(ASN1_STRING_data(NULL)); + ExpectNotNull(ASN1_STRING_data(str)); + ExpectIntEQ(ASN1_STRING_length(NULL), 0); + ExpectIntGT(ASN1_STRING_length(str), 0); + + ASN1_STRING_free(c); + ASN1_STRING_free(str); + ASN1_STRING_free(NULL); + +#ifndef NO_WOLFSSL_STUB + ExpectNull(d2i_DISPLAYTEXT(NULL, NULL, 0)); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_STRING_to_UTF8(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_RSA) && \ + !defined(NO_FILESYSTEM) + WOLFSSL_X509* x509 = NULL; + WOLFSSL_X509_NAME* subject = NULL; + WOLFSSL_X509_NAME_ENTRY* e = NULL; + WOLFSSL_ASN1_STRING* a = NULL; + FILE* file = XBADFILE; + int idx = 0; + char targetOutput[16] = "www.wolfssl.com"; + unsigned char* actual_output = NULL; + int len = 0; + + ExpectNotNull(file = fopen("./certs/server-cert.pem", "rb")); + ExpectNotNull(x509 = wolfSSL_PEM_read_X509(file, NULL, NULL, NULL)); + if (file != XBADFILE) + fclose(file); + + /* wolfSSL_ASN1_STRING_to_UTF8(): NID_commonName */ + ExpectNotNull(subject = wolfSSL_X509_get_subject_name(x509)); + ExpectIntEQ((idx = wolfSSL_X509_NAME_get_index_by_NID(subject, + NID_commonName, -1)), 5); + ExpectNotNull(e = wolfSSL_X509_NAME_get_entry(subject, idx)); + ExpectNotNull(a = wolfSSL_X509_NAME_ENTRY_get_data(e)); + ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a)), 15); + ExpectIntEQ(strncmp((const char*)actual_output, targetOutput, (size_t)len), 0); + a = NULL; + + /* wolfSSL_ASN1_STRING_to_UTF8(NULL, valid) */ + ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, a)), -1); + + /* wolfSSL_ASN1_STRING_to_UTF8(valid, NULL) */ + ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(&actual_output, NULL)), -1); + + /* wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL) */ + ExpectIntEQ((len = wolfSSL_ASN1_STRING_to_UTF8(NULL, NULL)), -1); + + wolfSSL_X509_free(x509); + XFREE(actual_output, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + ExpectNotNull(a = ASN1_STRING_new()); + ExpectIntEQ(wolfSSL_ASN1_STRING_to_UTF8(&actual_output, a), -1); + ASN1_STRING_free(a); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_i2s_ASN1_STRING(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) + WOLFSSL_ASN1_STRING* str = NULL; + const char* data = "test_wolfSSL_i2s_ASN1_STRING"; + char* ret = NULL; + + ExpectNotNull(str = ASN1_STRING_new()); + + ExpectNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, NULL)); + XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ret = NULL; + /* No data. */ + ExpectNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str)); + XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ret = NULL; + + ExpectIntEQ(ASN1_STRING_set(str, data, 0), 1); + ExpectNotNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str)); + XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ret = NULL; + + ExpectIntEQ(ASN1_STRING_set(str, data, -1), 1); + /* No type. */ + ExpectNotNull(ret = wolfSSL_i2s_ASN1_STRING(NULL, str)); + XFREE(ret, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + ASN1_STRING_free(str); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_STRING_canon(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TEST_STATIC_BUILD) +#if !defined(NO_CERTS) && (defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) + WOLFSSL_ASN1_STRING* orig = NULL; + WOLFSSL_ASN1_STRING* canon = NULL; + const char* data = "test_wolfSSL_ASN1_STRING_canon"; + const char* whitespaceOnly = "\t\r\n"; + const char* modData = " \x01\f\t\x02\r\n\v\xff\nTt \n"; + const char* canonData = "\x01 \x02 \xff tt"; + const char longData[] = + "This string must be longer than CTC_NAME_SIZE that is defined as 64."; + + ExpectNotNull(orig = ASN1_STRING_new()); + ExpectNotNull(canon = ASN1_STRING_new()); + + /* Invalid parameter testing. */ + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(NULL, orig), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); + ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0); + + ExpectIntEQ(ASN1_STRING_set(orig, longData, (int)XSTRLEN(data)), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); + ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0); + + ExpectIntEQ(ASN1_STRING_set(orig, data, (int)XSTRLEN(data)), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); + ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0); + + ASN1_STRING_free(orig); + orig = NULL; + + ExpectNotNull(orig = ASN1_STRING_type_new(MBSTRING_UTF8)); + ExpectIntEQ(ASN1_STRING_set(orig, modData, 15), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); + ExpectIntEQ(ASN1_STRING_set(orig, canonData, 8), 1); + ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0); + ASN1_STRING_free(orig); + orig = NULL; + + ExpectNotNull(orig = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)); + ExpectIntEQ(ASN1_STRING_set(orig, whitespaceOnly, 3), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_canon(canon, orig), 1); + ASN1_STRING_free(orig); + orig = NULL; + ExpectNotNull(orig = ASN1_STRING_type_new(MBSTRING_UTF8)); + ExpectIntEQ(ASN1_STRING_cmp(orig, canon), 0); + + ASN1_STRING_free(orig); + ASN1_STRING_free(canon); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_STRING_print(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_ASN) && !defined(NO_CERTS) && \ + !defined(NO_BIO) + ASN1_STRING* asnStr = NULL; + const char HELLO_DATA[]= \ + {'H','e','l','l','o',' ','w','o','l','f','S','S','L','!'}; + #define MAX_UNPRINTABLE_CHAR 32 + #define MAX_BUF 255 + unsigned char unprintableData[MAX_UNPRINTABLE_CHAR + sizeof(HELLO_DATA)]; + unsigned char expected[sizeof(unprintableData)+1]; + unsigned char rbuf[MAX_BUF]; + BIO *bio = NULL; + int p_len; + int i; + + /* setup */ + + for (i = 0; i < (int)sizeof(HELLO_DATA); i++) { + unprintableData[i] = (unsigned char)HELLO_DATA[i]; + expected[i] = (unsigned char)HELLO_DATA[i]; + } + + for (i = 0; i < (int)MAX_UNPRINTABLE_CHAR; i++) { + unprintableData[sizeof(HELLO_DATA)+i] = i; + + if (i == (int)'\n' || i == (int)'\r') + expected[sizeof(HELLO_DATA)+i] = i; + else + expected[sizeof(HELLO_DATA)+i] = '.'; + } + + unprintableData[sizeof(unprintableData)-1] = '\0'; + expected[sizeof(expected)-1] = '\0'; + + XMEMSET(rbuf, 0, MAX_BUF); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(BIO_set_write_buf_size(bio, MAX_BUF), 0); + + ExpectNotNull(asnStr = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); + ExpectIntEQ(ASN1_STRING_set(asnStr,(const void*)unprintableData, + (int)sizeof(unprintableData)), 1); + /* test */ + ExpectIntEQ(wolfSSL_ASN1_STRING_print(NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, NULL), 0); + ExpectIntEQ(wolfSSL_ASN1_STRING_print(NULL, asnStr), 0); + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print(bio, asnStr), 46); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 46), 46); + + ExpectStrEQ((char*)rbuf, (const char*)expected); + + BIO_free(bio); + bio = NULL; + + ExpectNotNull(bio = BIO_new(wolfSSL_BIO_s_fixed_mem())); + ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1); + /* Ensure there is 0 bytes available to write into. */ + ExpectIntEQ(BIO_write(bio, rbuf, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0); + ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0); + ExpectIntEQ(BIO_set_write_buf_size(bio, 45), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print(bio, asnStr), 0); + BIO_free(bio); + + ASN1_STRING_free(asnStr); +#endif /* OPENSSL_EXTRA && !NO_ASN && !NO_CERTS && !NO_BIO */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_STRING_print_ex(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(NO_BIO) + ASN1_STRING* asn_str = NULL; + const char data[] = "Hello wolfSSL!"; + ASN1_STRING* esc_str = NULL; + const char esc_data[] = "a+;<>"; + ASN1_STRING* neg_int = NULL; + const char neg_int_data[] = "\xff"; + ASN1_STRING* neg_enum = NULL; + const char neg_enum_data[] = "\xff"; + BIO *bio = NULL; + BIO *fixed = NULL; + unsigned long flags; + int p_len; + unsigned char rbuf[255]; + + /* setup */ + XMEMSET(rbuf, 0, 255); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(BIO_set_write_buf_size(bio, 255), 0); + ExpectNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem())); + + ExpectNotNull(asn_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); + ExpectIntEQ(ASN1_STRING_set(asn_str, (const void*)data, sizeof(data)), 1); + ExpectNotNull(esc_str = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); + ExpectIntEQ(ASN1_STRING_set(esc_str, (const void*)esc_data, + sizeof(esc_data)), 1); + ExpectNotNull(neg_int = ASN1_STRING_type_new(V_ASN1_NEG_INTEGER)); + ExpectIntEQ(ASN1_STRING_set(neg_int, (const void*)neg_int_data, + sizeof(neg_int_data) - 1), 1); + ExpectNotNull(neg_enum = ASN1_STRING_type_new(V_ASN1_NEG_ENUMERATED)); + ExpectIntEQ(ASN1_STRING_set(neg_enum, (const void*)neg_enum_data, + sizeof(neg_enum_data) - 1), 1); + + /* Invalid parameter testing. */ + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(NULL, NULL, 0), 0); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(bio, NULL, 0), 0); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(NULL, asn_str, 0), 0); + + /* no flags */ + XMEMSET(rbuf, 0, 255); + flags = 0; + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 15); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 15), 15); + ExpectStrEQ((char*)rbuf, "Hello wolfSSL!"); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + /* Ensure there is 0 bytes available to write into. */ + ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 14), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + + /* RFC2253 Escape */ + XMEMSET(rbuf, 0, 255); + flags = ASN1_STRFLGS_ESC_2253; + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, esc_str, flags), 9); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 9), 9); + ExpectStrEQ((char*)rbuf, "a\\+\\;\\<\\>"); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + /* Ensure there is 0 bytes available to write into. */ + ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 8), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, esc_str, flags), 0); + + /* Show type */ + XMEMSET(rbuf, 0, 255); + flags = ASN1_STRFLGS_SHOW_TYPE; + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 28); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 28), 28); + ExpectStrEQ((char*)rbuf, "OCTET STRING:Hello wolfSSL!"); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + /* Ensure there is 0 bytes available to write into. */ + ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 12), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 27), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + + /* Dump All */ + XMEMSET(rbuf, 0, 255); + flags = ASN1_STRFLGS_DUMP_ALL; + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 31); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 31), 31); + ExpectStrEQ((char*)rbuf, "#48656C6C6F20776F6C6653534C2100"); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + /* Ensure there is 0 bytes available to write into. */ + ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 30), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + + /* Dump Der */ + XMEMSET(rbuf, 0, 255); + flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_DUMP_DER; + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 35); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 35), 35); + ExpectStrEQ((char*)rbuf, "#040F48656C6C6F20776F6C6653534C2100"); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + /* Ensure there is 0 bytes available to write into. */ + ExpectIntEQ(BIO_write(fixed, rbuf, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 2), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 30), 1); + ExpectIntEQ(wolfSSL_ASN1_STRING_print_ex(fixed, asn_str, flags), 0); + + /* Dump All + Show type */ + XMEMSET(rbuf, 0, 255); + flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE; + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, asn_str, flags), 44); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 44), 44); + ExpectStrEQ((char*)rbuf, "OCTET STRING:#48656C6C6F20776F6C6653534C2100"); + + /* Dump All + Show type - Negative Integer. */ + XMEMSET(rbuf, 0, 255); + flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE; + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, neg_int, flags), 11); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 11), 11); + ExpectStrEQ((char*)rbuf, "INTEGER:#FF"); + + /* Dump All + Show type - Negative Enumerated. */ + XMEMSET(rbuf, 0, 255); + flags = ASN1_STRFLGS_DUMP_ALL | ASN1_STRFLGS_SHOW_TYPE; + ExpectIntEQ(p_len = wolfSSL_ASN1_STRING_print_ex(bio, neg_enum, flags), 14); + ExpectIntEQ(BIO_read(bio, (void*)rbuf, 14), 14); + ExpectStrEQ((char*)rbuf, "ENUMERATED:#FF"); + + BIO_free(fixed); + BIO_free(bio); + ASN1_STRING_free(asn_str); + ASN1_STRING_free(esc_str); + ASN1_STRING_free(neg_int); + ASN1_STRING_free(neg_enum); + + ExpectStrEQ(wolfSSL_ASN1_tag2str(-1), "(unknown)"); + ExpectStrEQ(wolfSSL_ASN1_tag2str(31), "(unknown)"); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_ASN) + ASN1_STRING* asn1str_test = NULL; + ASN1_STRING* asn1str_answer = NULL; + /* Each character is encoded using 4 bytes */ + char input[] = { + 0, 0, 0, 'T', + 0, 0, 0, 'e', + 0, 0, 0, 's', + 0, 0, 0, 't', + }; + char output[] = "Test"; + char badInput[] = { + 1, 0, 0, 'T', + 0, 1, 0, 'e', + 0, 0, 1, 's', + }; + + ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(NULL), 0); + /* Test wrong type. */ + ExpectNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); + ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); + ASN1_STRING_free(asn1str_test); + asn1str_test = NULL; + + ExpectNotNull(asn1str_test = ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING)); + + /* Test bad length. */ + ExpectIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input) - 1), 1); + ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); + /* Test bad input. */ + ExpectIntEQ(ASN1_STRING_set(asn1str_test, badInput + 0, 4), 1); + ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); + ExpectIntEQ(ASN1_STRING_set(asn1str_test, badInput + 4, 4), 1); + ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); + ExpectIntEQ(ASN1_STRING_set(asn1str_test, badInput + 8, 4), 1); + ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 0); + + ExpectIntEQ(ASN1_STRING_set(asn1str_test, input, sizeof(input)), 1); + ExpectIntEQ(ASN1_UNIVERSALSTRING_to_string(asn1str_test), 1); + + ExpectNotNull( + asn1str_answer = ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING)); + ExpectIntEQ(ASN1_STRING_set(asn1str_answer, output, sizeof(output)-1), 1); + + ExpectIntEQ(ASN1_STRING_cmp(asn1str_test, asn1str_answer), 0); + + ASN1_STRING_free(asn1str_test); + ASN1_STRING_free(asn1str_answer); +#endif /* OPENSSL_ALL && !NO_ASN */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_GENERALIZEDTIME_free(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) + WOLFSSL_ASN1_GENERALIZEDTIME* asn1_gtime = NULL; + + ExpectNotNull(asn1_gtime = ASN1_GENERALIZEDTIME_new()); + if (asn1_gtime != NULL) + XMEMCPY(asn1_gtime->data, "20180504123500Z", ASN_GENERALIZED_TIME_SIZE); + ASN1_GENERALIZEDTIME_free(asn1_gtime); +#endif /* OPENSSL_EXTRA && !NO_ASN_TIME */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_GENERALIZEDTIME_print(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO) + WOLFSSL_ASN1_GENERALIZEDTIME* gtime = NULL; + BIO* bio = NULL; + unsigned char buf[24]; + int i; + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + BIO_set_write_buf_size(bio, 24); + + ExpectNotNull(gtime = ASN1_GENERALIZEDTIME_new()); + /* Type not set. */ + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 0); + ExpectIntEQ(wolfSSL_ASN1_TIME_set_string(gtime, "20180504123500Z"), 1); + + /* Invalid parameters testing. */ + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(NULL, gtime), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 1); + ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 20); + ExpectIntEQ(XMEMCMP(buf, "May 04 12:35:00 2018", 20), 0); + + BIO_free(bio); + bio = NULL; + + ExpectNotNull(bio = BIO_new(wolfSSL_BIO_s_fixed_mem())); + ExpectIntEQ(BIO_set_write_buf_size(bio, 1), 1); + /* Ensure there is 0 bytes available to write into. */ + ExpectIntEQ(BIO_write(bio, buf, 1), 1); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 0); + for (i = 1; i < 20; i++) { + ExpectIntEQ(BIO_set_write_buf_size(bio, i), 1); + ExpectIntEQ(wolfSSL_ASN1_GENERALIZEDTIME_print(bio, gtime), 0); + } + BIO_free(bio); + + wolfSSL_ASN1_GENERALIZEDTIME_free(gtime); +#endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_TIME(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) + WOLFSSL_ASN1_TIME* asn_time = NULL; + unsigned char *data = NULL; + + ExpectNotNull(asn_time = ASN1_TIME_new()); + +#ifndef NO_WOLFSSL_STUB + ExpectNotNull(ASN1_TIME_set(asn_time, 1)); +#endif + ExpectIntEQ(ASN1_TIME_set_string(NULL, NULL), 0); + ExpectIntEQ(ASN1_TIME_set_string(asn_time, NULL), 0); + ExpectIntEQ(ASN1_TIME_set_string(NULL, + "String longer than CTC_DATA_SIZE that is 32 bytes"), 0); + ExpectIntEQ(ASN1_TIME_set_string(NULL, "101219181011Z"), 1); + ExpectIntEQ(ASN1_TIME_set_string(asn_time, "101219181011Z"), 1); + + ExpectIntEQ(wolfSSL_ASN1_TIME_get_length(NULL), 0); + ExpectIntEQ(wolfSSL_ASN1_TIME_get_length(asn_time), ASN_UTC_TIME_SIZE - 1); + ExpectNull(wolfSSL_ASN1_TIME_get_data(NULL)); + ExpectNotNull(data = wolfSSL_ASN1_TIME_get_data(asn_time)); + ExpectIntEQ(XMEMCMP(data, "101219181011Z", 14), 0); + + ExpectIntEQ(ASN1_TIME_check(NULL), 0); + ExpectIntEQ(ASN1_TIME_check(asn_time), 1); + + ExpectIntEQ(ASN1_TIME_set_string_X509(asn_time, "101219181011Z"), 1); + ExpectIntEQ(ASN1_TIME_set_string_X509(asn_time, "101219181011Za"), 0); + + ASN1_TIME_free(asn_time); + ASN1_TIME_free(NULL); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_TIME_to_string(void) +{ + EXPECT_DECLS; +#ifndef NO_ASN_TIME +#if defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) + WOLFSSL_ASN1_TIME* t = NULL; + char buf[ASN_GENERALIZED_TIME_SIZE]; + + ExpectNotNull((t = ASN1_TIME_new())); + ExpectIntEQ(ASN1_TIME_set_string(t, "030222211515Z"), 1); + + /* Invalid parameter testing. */ + ExpectNull(ASN1_TIME_to_string(NULL, NULL, 4)); + ExpectNull(ASN1_TIME_to_string(t, NULL, 4)); + ExpectNull(ASN1_TIME_to_string(NULL, buf, 4)); + ExpectNull(ASN1_TIME_to_string(NULL, NULL, 5)); + ExpectNull(ASN1_TIME_to_string(NULL, buf, 5)); + ExpectNull(ASN1_TIME_to_string(t, NULL, 5)); + ExpectNull(ASN1_TIME_to_string(t, buf, 4)); + /* Buffer needs to be longer than minimum of 5 characters. */ + ExpectNull(ASN1_TIME_to_string(t, buf, 5)); + + ASN1_TIME_free(t); +#endif +#endif /* NO_ASN_TIME */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_TIME_diff_compare(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) + ASN1_TIME* fromTime = NULL; + ASN1_TIME* closeToTime = NULL; + ASN1_TIME* toTime = NULL; + ASN1_TIME* invalidTime = NULL; + int daysDiff = 0; + int secsDiff = 0; + + ExpectNotNull((fromTime = ASN1_TIME_new())); + /* Feb 22, 2003, 21:15:15 */ + ExpectIntEQ(ASN1_TIME_set_string(fromTime, "030222211515Z"), 1); + ExpectNotNull((closeToTime = ASN1_TIME_new())); + /* Feb 22, 2003, 21:16:15 */ + ExpectIntEQ(ASN1_TIME_set_string(closeToTime, "030222211615Z"), 1); + ExpectNotNull((toTime = ASN1_TIME_new())); + /* Dec 19, 2010, 18:10:11 */ + ExpectIntEQ(ASN1_TIME_set_string(toTime, "101219181011Z"), 1); + ExpectNotNull((invalidTime = ASN1_TIME_new())); + /* Dec 19, 2010, 18:10:11 but 'U' instead of 'Z' which is invalid. */ + ExpectIntEQ(ASN1_TIME_set_string(invalidTime, "102519181011U"), 1); + + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, invalidTime), 0); + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, invalidTime, toTime), 0); + + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); + + /* Test when secsDiff or daysDiff is NULL. */ + ExpectIntEQ(ASN1_TIME_diff(NULL, &secsDiff, fromTime, toTime), 1); + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, NULL, fromTime, toTime), 1); + ExpectIntEQ(ASN1_TIME_diff(NULL, NULL, fromTime, toTime), 1); + + /* If both times are NULL, difference is 0. */ + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, NULL), 1); + ExpectIntEQ(daysDiff, 0); + ExpectIntEQ(secsDiff, 0); + + /* If one time is NULL, it defaults to the current time. */ + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, NULL, toTime), 1); + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, NULL), 1); + + /* Normal operation. Both times non-NULL. */ + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); + ExpectIntEQ(daysDiff, 2856); + ExpectIntEQ(secsDiff, 75296); + /* Swapping the times should return negative values. */ + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, toTime, fromTime), 1); + ExpectIntEQ(daysDiff, -2856); + ExpectIntEQ(secsDiff, -75296); + + /* Compare with invalid time string. */ + ExpectIntEQ(ASN1_TIME_compare(fromTime, invalidTime), -2); + ExpectIntEQ(ASN1_TIME_compare(invalidTime, toTime), -2); + /* Compare with days difference of 0. */ + ExpectIntEQ(ASN1_TIME_compare(fromTime, closeToTime), -1); + ExpectIntEQ(ASN1_TIME_compare(closeToTime, fromTime), 1); + /* Days and seconds differences not 0. */ + ExpectIntEQ(ASN1_TIME_compare(fromTime, toTime), -1); + ExpectIntEQ(ASN1_TIME_compare(toTime, fromTime), 1); + /* Same time. */ + ExpectIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0); + + /* Compare regression test: No seconds difference, just difference in days. + */ + ASN1_TIME_set_string(fromTime, "19700101000000Z"); + ASN1_TIME_set_string(toTime, "19800101000000Z"); + ExpectIntEQ(ASN1_TIME_compare(fromTime, toTime), -1); + ExpectIntEQ(ASN1_TIME_compare(toTime, fromTime), 1); + ExpectIntEQ(ASN1_TIME_compare(fromTime, fromTime), 0); + + /* Edge case with Unix epoch. */ + ExpectNotNull(ASN1_TIME_set_string(fromTime, "19700101000000Z")); + ExpectNotNull(ASN1_TIME_set_string(toTime, "19800101000000Z")); + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); + ExpectIntEQ(daysDiff, 3652); + ExpectIntEQ(secsDiff, 0); + + /* Edge case with year > 2038 (year 2038 problem). */ + ExpectNotNull(ASN1_TIME_set_string(toTime, "99991231235959Z")); + ExpectIntEQ(ASN1_TIME_diff(&daysDiff, &secsDiff, fromTime, toTime), 1); + ExpectIntEQ(daysDiff, 2932896); + ExpectIntEQ(secsDiff, 86399); + + ASN1_TIME_free(fromTime); + ASN1_TIME_free(closeToTime); + ASN1_TIME_free(toTime); + ASN1_TIME_free(invalidTime); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_TIME_adj(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && \ + !defined(USER_TIME) && !defined(TIME_OVERRIDES) + const int year = 365*24*60*60; + const int day = 24*60*60; + const int hour = 60*60; + const int mini = 60; + const byte asn_utc_time = ASN_UTC_TIME; +#if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) + const byte asn_gen_time = ASN_GENERALIZED_TIME; +#endif + WOLFSSL_ASN1_TIME* asn_time = NULL; + WOLFSSL_ASN1_TIME* s = NULL; + int offset_day; + long offset_sec; + char date_str[CTC_DATE_SIZE + 1]; + time_t t; + + ExpectNotNull(s = wolfSSL_ASN1_TIME_new()); + /* UTC notation test */ + /* 2000/2/15 20:30:00 */ + t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 7 * day; + offset_day = 7; + offset_sec = 45 * mini; + /* offset_sec = -45 * min;*/ + ExpectNotNull(asn_time = + wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec)); + if (asn_time != NULL) { + ExpectTrue(asn_time->type == asn_utc_time); + ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data, + CTC_DATE_SIZE)); + date_str[CTC_DATE_SIZE] = '\0'; + ExpectIntEQ(0, XMEMCMP(date_str, "000222211500Z", 13)); + if (asn_time != s) { + XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); + } + asn_time = NULL; + } + + /* negative offset */ + offset_sec = -45 * mini; + asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, offset_sec); + ExpectNotNull(asn_time); + if (asn_time != NULL) { + ExpectTrue(asn_time->type == asn_utc_time); + ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data, + CTC_DATE_SIZE)); + date_str[CTC_DATE_SIZE] = '\0'; + ExpectIntEQ(0, XMEMCMP(date_str, "000222194500Z", 13)); + if (asn_time != s) { + XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); + } + asn_time = NULL; + } + + XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); + s = NULL; + XMEMSET(date_str, 0, sizeof(date_str)); + + /* Generalized time will overflow time_t if not long */ +#if !defined(TIME_T_NOT_64BIT) && !defined(NO_64BIT) + s = (WOLFSSL_ASN1_TIME*)XMALLOC(sizeof(WOLFSSL_ASN1_TIME), NULL, + DYNAMIC_TYPE_OPENSSL); + /* GeneralizedTime notation test */ + /* 2055/03/01 09:00:00 */ + t = (time_t)85 * year + 59 * day + 9 * hour + 21 * day; + offset_day = 12; + offset_sec = 10 * mini; + ExpectNotNull(asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, + offset_sec)); + if (asn_time != NULL) { + ExpectTrue(asn_time->type == asn_gen_time); + ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data, + CTC_DATE_SIZE)); + date_str[CTC_DATE_SIZE] = '\0'; + ExpectIntEQ(0, XMEMCMP(date_str, "20550313091000Z", 15)); + if (asn_time != s) { + XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); + } + asn_time = NULL; + } + + XFREE(s, NULL, DYNAMIC_TYPE_OPENSSL); + s = NULL; + XMEMSET(date_str, 0, sizeof(date_str)); +#endif /* !TIME_T_NOT_64BIT && !NO_64BIT */ + + /* if WOLFSSL_ASN1_TIME struct is not allocated */ + s = NULL; + + t = (time_t)30 * year + 45 * day + 20 * hour + 30 * mini + 15 + 7 * day; + offset_day = 7; + offset_sec = 45 * mini; + ExpectNotNull(asn_time = wolfSSL_ASN1_TIME_adj(s, t, offset_day, + offset_sec)); + if (asn_time != NULL) { + ExpectTrue(asn_time->type == asn_utc_time); + ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data, + CTC_DATE_SIZE)); + date_str[CTC_DATE_SIZE] = '\0'; + ExpectIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13)); + XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); + asn_time = NULL; + } + ExpectNotNull(asn_time = wolfSSL_ASN1_TIME_adj(NULL, t, offset_day, + offset_sec)); + if (asn_time != NULL) { + ExpectTrue(asn_time->type == asn_utc_time); + ExpectNotNull(XSTRNCPY(date_str, (const char*)&asn_time->data, + CTC_DATE_SIZE)); + date_str[CTC_DATE_SIZE] = '\0'; + ExpectIntEQ(0, XMEMCMP(date_str, "000222211515Z", 13)); + XFREE(asn_time, NULL, DYNAMIC_TYPE_OPENSSL); + asn_time = NULL; + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_TIME_to_tm(void) +{ + EXPECT_DECLS; +#if (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_ALL)) && !defined(NO_ASN_TIME) + ASN1_TIME asnTime; + struct tm tm; + time_t testTime = 1683926567; /* Fri May 12 09:22:47 PM UTC 2023 */ + + XMEMSET(&tm, 0, sizeof(struct tm)); + + XMEMSET(&asnTime, 0, sizeof(ASN1_TIME)); + ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515Z"), 1); + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, NULL), 1); + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1); + + ExpectIntEQ(tm.tm_sec, 15); + ExpectIntEQ(tm.tm_min, 15); + ExpectIntEQ(tm.tm_hour, 21); + ExpectIntEQ(tm.tm_mday, 22); + ExpectIntEQ(tm.tm_mon, 1); + ExpectIntEQ(tm.tm_year, 100); + ExpectIntEQ(tm.tm_isdst, 0); +#ifdef XMKTIME + ExpectIntEQ(tm.tm_wday, 2); + ExpectIntEQ(tm.tm_yday, 52); +#endif + + ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "500222211515Z"), 1); + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1); + ExpectIntEQ(tm.tm_year, 50); + + /* Get current time. */ + ExpectIntEQ(ASN1_TIME_to_tm(NULL, NULL), 0); + ExpectIntEQ(ASN1_TIME_to_tm(NULL, &tm), 1); + + XMEMSET(&asnTime, 0, sizeof(ASN1_TIME)); + /* 0 length. */ + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); + /* No type. */ + asnTime.length = 1; + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); + /* Not UTCTIME length. */ + asnTime.type = V_ASN1_UTCTIME; + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); + /* Not GENERALIZEDTIME length. */ + asnTime.type = V_ASN1_GENERALIZEDTIME; + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); + + /* Not Zulu timezone. */ + ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "000222211515U"), 1); + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); + ExpectIntEQ(ASN1_TIME_set_string(&asnTime, "20000222211515U"), 1); + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 0); + +#ifdef XMKTIME + ExpectNotNull(ASN1_TIME_adj(&asnTime, testTime, 0, 0)); + ExpectIntEQ(ASN1_TIME_to_tm(&asnTime, &tm), 1); + ExpectIntEQ(tm.tm_sec, 47); + ExpectIntEQ(tm.tm_min, 22); + ExpectIntEQ(tm.tm_hour, 21); + ExpectIntEQ(tm.tm_mday, 12); + ExpectIntEQ(tm.tm_mon, 4); + ExpectIntEQ(tm.tm_year, 123); + ExpectIntEQ(tm.tm_wday, 5); + ExpectIntEQ(tm.tm_yday, 131); + /* Confirm that when used with a tm struct from ASN1_TIME_adj, all other + fields are zeroed out as expected. */ + ExpectIntEQ(tm.tm_isdst, 0); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_TIME_to_generalizedtime(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) + WOLFSSL_ASN1_TIME *t = NULL; + WOLFSSL_ASN1_TIME *out = NULL; + WOLFSSL_ASN1_TIME *gtime = NULL; + int tlen = 0; + unsigned char *data = NULL; + + ExpectNotNull(t = wolfSSL_ASN1_TIME_new()); + ExpectNull(wolfSSL_ASN1_TIME_to_generalizedtime(NULL, &out)); + /* type not set. */ + ExpectNull(wolfSSL_ASN1_TIME_to_generalizedtime(t, &out)); + XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); + t = NULL; + + /* UTC Time test */ + ExpectNotNull(t = wolfSSL_ASN1_TIME_new()); + if (t != NULL) { + XMEMSET(t->data, 0, ASN_GENERALIZED_TIME_SIZE); + t->type = ASN_UTC_TIME; + t->length = ASN_UTC_TIME_SIZE; + XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE); + } + + ExpectIntEQ(tlen = wolfSSL_ASN1_TIME_get_length(t), ASN_UTC_TIME_SIZE); + ExpectStrEQ((char*)(data = wolfSSL_ASN1_TIME_get_data(t)), "050727123456Z"); + + out = NULL; + ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out)); + wolfSSL_ASN1_TIME_free(gtime); + gtime = NULL; + ExpectNotNull(out = wolfSSL_ASN1_TIME_new()); + ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out)); + ExpectPtrEq(gtime, out); + ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME); + ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); + ExpectStrEQ((char*)gtime->data, "20050727123456Z"); + + /* Generalized Time test */ + ExpectNotNull(XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE)); + ExpectNotNull(XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE)); + ExpectNotNull(XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE)); + if (t != NULL) { + t->type = ASN_GENERALIZED_TIME; + t->length = ASN_GENERALIZED_TIME_SIZE; + XMEMCPY(t->data, "20050727123456Z", ASN_GENERALIZED_TIME_SIZE); + } + + ExpectIntEQ(tlen = wolfSSL_ASN1_TIME_get_length(t), + ASN_GENERALIZED_TIME_SIZE); + ExpectStrEQ((char*)(data = wolfSSL_ASN1_TIME_get_data(t)), + "20050727123456Z"); + ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out)); + ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME); + ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); + ExpectStrEQ((char*)gtime->data, "20050727123456Z"); + + /* UTC Time to Generalized Time 1900's test */ + ExpectNotNull(XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE)); + ExpectNotNull(XMEMSET(out, 0, ASN_GENERALIZED_TIME_SIZE)); + ExpectNotNull(XMEMSET(data, 0, ASN_GENERALIZED_TIME_SIZE)); + if (t != NULL) { + t->type = ASN_UTC_TIME; + t->length = ASN_UTC_TIME_SIZE; + XMEMCPY(t->data, "500727123456Z", ASN_UTC_TIME_SIZE); + } + + ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, &out)); + ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME); + ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); + ExpectStrEQ((char*)gtime->data, "19500727123456Z"); + XFREE(out, NULL, DYNAMIC_TYPE_TMP_BUFFER); + + /* Null parameter test */ + ExpectNotNull(XMEMSET(t, 0, ASN_GENERALIZED_TIME_SIZE)); + gtime = NULL; + out = NULL; + if (t != NULL) { + t->type = ASN_UTC_TIME; + t->length = ASN_UTC_TIME_SIZE; + XMEMCPY(t->data, "050727123456Z", ASN_UTC_TIME_SIZE); + } + ExpectNotNull(gtime = wolfSSL_ASN1_TIME_to_generalizedtime(t, NULL)); + ExpectIntEQ(gtime->type, ASN_GENERALIZED_TIME); + ExpectIntEQ(gtime->length, ASN_GENERALIZED_TIME_SIZE); + ExpectStrEQ((char*)gtime->data, "20050727123456Z"); + + XFREE(gtime, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(t, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_TIME_print(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && !defined(NO_RSA) && !defined(NO_BIO) && \ + (defined(WOLFSSL_MYSQL_COMPATIBLE) || defined(WOLFSSL_NGINX) || \ + defined(WOLFSSL_HAPROXY) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_ALL)) && defined(USE_CERT_BUFFERS_2048) && \ + !defined(NO_ASN_TIME) + BIO* bio = NULL; + BIO* fixed = NULL; + X509* x509 = NULL; + const unsigned char* der = client_cert_der_2048; + ASN1_TIME* notAfter = NULL; + ASN1_TIME* notBefore = NULL; + unsigned char buf[25]; + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectNotNull(fixed = BIO_new(wolfSSL_BIO_s_fixed_mem())); + ExpectNotNull(x509 = wolfSSL_X509_load_certificate_buffer(der, + sizeof_client_cert_der_2048, WOLFSSL_FILETYPE_ASN1)); + ExpectNotNull(notBefore = X509_get_notBefore(x509)); + + ExpectIntEQ(ASN1_TIME_print(NULL, NULL), 0); + ExpectIntEQ(ASN1_TIME_print(bio, NULL), 0); + ExpectIntEQ(ASN1_TIME_print(NULL, notBefore), 0); + + ExpectIntEQ(ASN1_TIME_print(bio, notBefore), 1); + ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); + ExpectIntEQ(XMEMCMP(buf, "Nov 13 20:41:10 2025 GMT", sizeof(buf) - 1), 0); + + /* Test BIO_write fails. */ + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + /* Ensure there is 0 bytes available to write into. */ + ExpectIntEQ(BIO_write(fixed, buf, 1), 1); + ExpectIntEQ(ASN1_TIME_print(fixed, notBefore), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 1), 1); + ExpectIntEQ(ASN1_TIME_print(fixed, notBefore), 0); + ExpectIntEQ(BIO_set_write_buf_size(fixed, 23), 1); + ExpectIntEQ(ASN1_TIME_print(fixed, notBefore), 0); + + /* create a bad time and test results */ + ExpectNotNull(notAfter = X509_get_notAfter(x509)); + ExpectIntEQ(ASN1_TIME_check(notAfter), 1); + if (EXPECT_SUCCESS()) { + notAfter->data[8] = 0; + notAfter->data[3] = 0; + } + ExpectIntNE(ASN1_TIME_print(bio, notAfter), 1); + ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 14); + ExpectIntEQ(XMEMCMP(buf, "Bad time value", 14), 0); + ExpectIntEQ(ASN1_TIME_check(notAfter), 0); + + BIO_free(bio); + BIO_free(fixed); + X509_free(x509); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_UTCTIME_print(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN_TIME) && !defined(NO_BIO) + BIO* bio = NULL; + ASN1_UTCTIME* utc = NULL; + unsigned char buf[25]; + const char* validDate = "190424111501Z"; /* UTC = YYMMDDHHMMSSZ */ + const char* invalidDate = "190424111501X"; /* UTC = YYMMDDHHMMSSZ */ + const char* genDate = "20190424111501Z"; /* GEN = YYYYMMDDHHMMSSZ */ + + /* Valid date */ + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectNotNull(utc = (ASN1_UTCTIME*)XMALLOC(sizeof(ASN1_UTCTIME), NULL, + DYNAMIC_TYPE_ASN1)); + if (utc != NULL) { + utc->type = ASN_UTC_TIME; + utc->length = ASN_UTC_TIME_SIZE; + XMEMCPY(utc->data, (byte*)validDate, ASN_UTC_TIME_SIZE); + } + + ExpectIntEQ(ASN1_UTCTIME_print(NULL, NULL), 0); + ExpectIntEQ(ASN1_UTCTIME_print(bio, NULL), 0); + ExpectIntEQ(ASN1_UTCTIME_print(NULL, utc), 0); + + ExpectIntEQ(ASN1_UTCTIME_print(bio, utc), 1); + ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 24); + ExpectIntEQ(XMEMCMP(buf, "Apr 24 11:15:01 2019 GMT", sizeof(buf)-1), 0); + + XMEMSET(buf, 0, sizeof(buf)); + BIO_free(bio); + bio = NULL; + + /* Invalid format */ + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + if (utc != NULL) { + utc->type = ASN_UTC_TIME; + utc->length = ASN_UTC_TIME_SIZE; + XMEMCPY(utc->data, (byte*)invalidDate, ASN_UTC_TIME_SIZE); + } + ExpectIntEQ(ASN1_UTCTIME_print(bio, utc), 0); + ExpectIntEQ(BIO_read(bio, buf, sizeof(buf)), 14); + ExpectIntEQ(XMEMCMP(buf, "Bad time value", 14), 0); + + /* Invalid type */ + if (utc != NULL) { + utc->type = ASN_GENERALIZED_TIME; + utc->length = ASN_GENERALIZED_TIME_SIZE; + XMEMCPY(utc->data, (byte*)genDate, ASN_GENERALIZED_TIME_SIZE); + } + ExpectIntEQ(ASN1_UTCTIME_print(bio, utc), 0); + + XFREE(utc, NULL, DYNAMIC_TYPE_ASN1); + BIO_free(bio); +#endif /* OPENSSL_EXTRA && !NO_ASN_TIME && !NO_BIO */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_ASN1_TYPE(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) || defined(WOLFSSL_APACHE_HTTPD) || \ + defined(WOLFSSL_HAPROXY) || defined(WOLFSSL_WPAS) + WOLFSSL_ASN1_TYPE* t = NULL; + WOLFSSL_ASN1_OBJECT* obj = NULL; +#ifndef NO_ASN_TIME + WOLFSSL_ASN1_TIME* time = NULL; +#endif + WOLFSSL_ASN1_STRING* str = NULL; + unsigned char data[] = { 0x00 }; + + ASN1_TYPE_set(NULL, V_ASN1_NULL, NULL); + + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ASN1_TYPE_set(t, V_ASN1_EOC, NULL); + wolfSSL_ASN1_TYPE_free(t); + t = NULL; + + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ASN1_TYPE_set(t, V_ASN1_NULL, NULL); + ASN1_TYPE_set(t, V_ASN1_NULL, data); + wolfSSL_ASN1_TYPE_free(t); + t = NULL; + + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(obj = wolfSSL_ASN1_OBJECT_new()); + ASN1_TYPE_set(t, V_ASN1_OBJECT, obj); + wolfSSL_ASN1_TYPE_free(t); + t = NULL; + +#ifndef NO_ASN_TIME + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(time = wolfSSL_ASN1_TIME_new()); + ASN1_TYPE_set(t, V_ASN1_UTCTIME, time); + wolfSSL_ASN1_TYPE_free(t); + t = NULL; + + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(time = wolfSSL_ASN1_TIME_new()); + ASN1_TYPE_set(t, V_ASN1_GENERALIZEDTIME, time); + wolfSSL_ASN1_TYPE_free(t); + t = NULL; +#endif + + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ASN1_TYPE_set(t, V_ASN1_UTF8STRING, str); + wolfSSL_ASN1_TYPE_free(t); + t = NULL; + + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ASN1_TYPE_set(t, V_ASN1_PRINTABLESTRING, str); + wolfSSL_ASN1_TYPE_free(t); + t = NULL; + + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ASN1_TYPE_set(t, V_ASN1_T61STRING, str); + wolfSSL_ASN1_TYPE_free(t); + t = NULL; + + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ASN1_TYPE_set(t, V_ASN1_IA5STRING, str); + wolfSSL_ASN1_TYPE_free(t); + t = NULL; + + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ASN1_TYPE_set(t, V_ASN1_UNIVERSALSTRING, str); + wolfSSL_ASN1_TYPE_free(t); + t = NULL; + + ExpectNotNull(t = wolfSSL_ASN1_TYPE_new()); + ExpectNotNull(str = wolfSSL_ASN1_STRING_new()); + ASN1_TYPE_set(t, V_ASN1_SEQUENCE, str); + wolfSSL_ASN1_TYPE_free(t); + t = NULL; +#endif + return EXPECT_RESULT(); +} + +/* Testing code used in old dpp.c in hostap */ +#if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) +typedef struct { + /* AlgorithmIdentifier ecPublicKey with optional parameters present + * as an OID identifying the curve */ + X509_ALGOR *alg; + /* Compressed format public key per ANSI X9.63 */ + ASN1_BIT_STRING *pub_key; +} DPP_BOOTSTRAPPING_KEY; + +ASN1_SEQUENCE(DPP_BOOTSTRAPPING_KEY) = { + ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, alg, X509_ALGOR), + ASN1_SIMPLE(DPP_BOOTSTRAPPING_KEY, pub_key, ASN1_BIT_STRING) +} ASN1_SEQUENCE_END(DPP_BOOTSTRAPPING_KEY) + +IMPLEMENT_ASN1_FUNCTIONS(DPP_BOOTSTRAPPING_KEY) + +typedef struct { + int type; + union { + ASN1_BIT_STRING *str1; + ASN1_BIT_STRING *str2; + ASN1_BIT_STRING *str3; + } d; +} ASN1_CHOICE_TEST; + +ASN1_CHOICE(ASN1_CHOICE_TEST) = { + ASN1_IMP(ASN1_CHOICE_TEST, d.str1, ASN1_BIT_STRING, 1), + ASN1_IMP(ASN1_CHOICE_TEST, d.str2, ASN1_BIT_STRING, 2), + ASN1_IMP(ASN1_CHOICE_TEST, d.str3, ASN1_BIT_STRING, 3) +} ASN1_CHOICE_END(ASN1_CHOICE_TEST) + +IMPLEMENT_ASN1_FUNCTIONS(ASN1_CHOICE_TEST) + +/* Test nested objects */ +typedef struct { + DPP_BOOTSTRAPPING_KEY* key; + ASN1_INTEGER* asnNum; + ASN1_INTEGER* expNum; + STACK_OF(ASN1_GENERALSTRING) *strList; + ASN1_CHOICE_TEST* str; +} TEST_ASN1_NEST1; + +ASN1_SEQUENCE(TEST_ASN1_NEST1) = { + ASN1_SIMPLE(TEST_ASN1_NEST1, key, DPP_BOOTSTRAPPING_KEY), + ASN1_SIMPLE(TEST_ASN1_NEST1, asnNum, ASN1_INTEGER), + ASN1_EXP(TEST_ASN1_NEST1, expNum, ASN1_INTEGER, 0), + ASN1_EXP_SEQUENCE_OF(TEST_ASN1_NEST1, strList, ASN1_GENERALSTRING, 1), + ASN1_SIMPLE(TEST_ASN1_NEST1, str, ASN1_CHOICE_TEST) +} ASN1_SEQUENCE_END(TEST_ASN1_NEST1) + +IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_NEST1) + +typedef struct { + ASN1_INTEGER* num; + DPP_BOOTSTRAPPING_KEY* key; + TEST_ASN1_NEST1* asn1_obj; +} TEST_ASN1_NEST2; + +ASN1_SEQUENCE(TEST_ASN1_NEST2) = { + ASN1_SIMPLE(TEST_ASN1_NEST2, num, ASN1_INTEGER), + ASN1_SIMPLE(TEST_ASN1_NEST2, key, DPP_BOOTSTRAPPING_KEY), + ASN1_SIMPLE(TEST_ASN1_NEST2, asn1_obj, TEST_ASN1_NEST1) +} ASN1_SEQUENCE_END(TEST_ASN1_NEST2) + +IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_NEST2) +/* End nested objects */ + +typedef struct { + ASN1_INTEGER *integer; +} TEST_ASN1; + +ASN1_SEQUENCE(TEST_ASN1) = { + ASN1_SIMPLE(TEST_ASN1, integer, ASN1_INTEGER), +} ASN1_SEQUENCE_END(TEST_ASN1) + +IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1) + +typedef STACK_OF(ASN1_INTEGER) TEST_ASN1_ITEM; + +ASN1_ITEM_TEMPLATE(TEST_ASN1_ITEM) = + ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, MemName, ASN1_INTEGER) +ASN1_ITEM_TEMPLATE_END(TEST_ASN1_ITEM) + +IMPLEMENT_ASN1_FUNCTIONS(TEST_ASN1_ITEM) +#endif + +int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void) +{ + EXPECT_DECLS; + /* Testing code used in dpp.c in hostap */ +#if defined(OPENSSL_ALL) && defined(HAVE_ECC) && defined(USE_CERT_BUFFERS_256) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + EC_KEY *eckey = NULL; + EVP_PKEY *key = NULL; + size_t len = 0; + unsigned char *der = NULL; + unsigned char *der2 = NULL; + const unsigned char *tmp = NULL; + DPP_BOOTSTRAPPING_KEY *bootstrap = NULL, *bootstrap2 = NULL; + const unsigned char *in = ecc_clikey_der_256; + WOLFSSL_ASN1_OBJECT* ec_obj = NULL; + WOLFSSL_ASN1_OBJECT* group_obj = NULL; + const EC_GROUP *group = NULL; + const EC_POINT *point = NULL; + int nid; + TEST_ASN1 *test_asn1 = NULL; + TEST_ASN1 *test_asn1_2 = NULL; + + const unsigned char badObjDer[] = { 0x06, 0x00 }; + const unsigned char goodObjDer[] = { + 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01 + }; + WOLFSSL_ASN1_ITEM emptyTemplate; + + XMEMSET(&emptyTemplate, 0, sizeof(WOLFSSL_ASN1_ITEM)); + + ExpectNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new()); + + der = NULL; + ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(NULL, &der), -1); + ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, NULL), -1); + ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), -1); + + ExpectNotNull(key = d2i_PrivateKey(EVP_PKEY_EC, NULL, &in, + (long)sizeof_ecc_clikey_der_256)); + ExpectNotNull(eckey = EVP_PKEY_get1_EC_KEY(key)); + ExpectNotNull(group = EC_KEY_get0_group(eckey)); + ExpectNotNull(point = EC_KEY_get0_public_key(eckey)); + nid = EC_GROUP_get_curve_name(group); + + ec_obj = OBJ_nid2obj(EVP_PKEY_EC); + group_obj = OBJ_nid2obj(nid); + if ((ec_obj != NULL) && (group_obj != NULL)) { + ExpectIntEQ(X509_ALGOR_set0(NULL, ec_obj, V_ASN1_OBJECT, + group_obj), 0); + ExpectIntEQ(X509_ALGOR_set0(bootstrap->alg, NULL, V_ASN1_OBJECT, + NULL), 1); + ExpectIntEQ(X509_ALGOR_set0(bootstrap->alg, ec_obj, V_ASN1_OBJECT, + group_obj), 1); + if (EXPECT_SUCCESS()) { + ec_obj = NULL; + group_obj = NULL; + } + } + wolfSSL_ASN1_OBJECT_free(group_obj); + wolfSSL_ASN1_OBJECT_free(ec_obj); + ExpectIntEQ(EC_POINT_point2oct(group, point, 0, NULL, 0, NULL), 0); +#ifdef HAVE_COMP_KEY + ExpectIntGT((len = EC_POINT_point2oct( + group, point, POINT_CONVERSION_COMPRESSED, + NULL, 0, NULL)), 0); +#else + ExpectIntGT((len = EC_POINT_point2oct( + group, point, POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, NULL)), 0); +#endif + ExpectNotNull(der = (unsigned char*)XMALLOC(len, NULL, DYNAMIC_TYPE_ASN1)); +#ifdef HAVE_COMP_KEY + ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, + der, len-1, NULL), 0); + ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_COMPRESSED, + der, len, NULL), len); +#else + ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, + der, len-1, NULL), 0); + ExpectIntEQ(EC_POINT_point2oct(group, point, POINT_CONVERSION_UNCOMPRESSED, + der, len, NULL), len); +#endif + if (EXPECT_SUCCESS()) { + bootstrap->pub_key->data = der; + bootstrap->pub_key->length = (int)len; + /* Not actually used */ + bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; + } + + ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, NULL), 16+len); + der = NULL; + ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 16+len); + der2 = NULL; +#ifdef WOLFSSL_ASN_TEMPLATE + tmp = der; + ExpectNotNull(d2i_DPP_BOOTSTRAPPING_KEY(&bootstrap2, &tmp, 16+len)); + ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap2, &der2), 16+len); + ExpectBufEQ(der, der2, 49); +#endif + + XFREE(der, NULL, DYNAMIC_TYPE_ASN1); + XFREE(der2, NULL, DYNAMIC_TYPE_ASN1); + EVP_PKEY_free(key); + EC_KEY_free(eckey); + DPP_BOOTSTRAPPING_KEY_free(bootstrap); + DPP_BOOTSTRAPPING_KEY_free(bootstrap2); + bootstrap = NULL; + DPP_BOOTSTRAPPING_KEY_free(NULL); + + /* Create bootstrap key with bad OBJECT_ID DER data, parameter that is + * a NULL and an empty BIT_STRING. */ + ExpectNotNull(bootstrap = DPP_BOOTSTRAPPING_KEY_new()); + ExpectNotNull(bootstrap->alg->algorithm = wolfSSL_ASN1_OBJECT_new()); + if (EXPECT_SUCCESS()) { + bootstrap->alg->algorithm->obj = badObjDer; + bootstrap->alg->algorithm->objSz = (unsigned int)sizeof(badObjDer); + } + ExpectNotNull(bootstrap->alg->parameter = wolfSSL_ASN1_TYPE_new()); + if (EXPECT_SUCCESS()) { + bootstrap->alg->parameter->type = V_ASN1_NULL; + bootstrap->alg->parameter->value.ptr = NULL; + bootstrap->pub_key->data = NULL; + bootstrap->pub_key->length = 0; + /* Not actually used */ + bootstrap->pub_key->flags &= ~(ASN1_STRING_FLAG_BITS_LEFT | 0x07); + bootstrap->pub_key->flags |= ASN1_STRING_FLAG_BITS_LEFT; + } + /* Encode with bad OBJECT_ID. */ + der = NULL; + ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), -1); + + /* Fix OBJECT_ID and encode with empty BIT_STRING. */ + if (EXPECT_SUCCESS()) { + bootstrap->alg->algorithm->obj = goodObjDer; + bootstrap->alg->algorithm->objSz = (unsigned int)sizeof(goodObjDer); + bootstrap->alg->algorithm->grp = 2; + } + der = NULL; + ExpectIntEQ(i2d_DPP_BOOTSTRAPPING_KEY(bootstrap, &der), 16); + ExpectIntEQ(wolfSSL_ASN1_item_i2d(bootstrap, &der, &emptyTemplate), -1); + XFREE(der, NULL, DYNAMIC_TYPE_ASN1); + DPP_BOOTSTRAPPING_KEY_free(bootstrap); + + /* Test integer */ + ExpectNotNull(test_asn1 = TEST_ASN1_new()); + der = NULL; + ExpectIntEQ(ASN1_INTEGER_set(test_asn1->integer, 100), 1); + ExpectIntEQ(i2d_TEST_ASN1(test_asn1, &der), 5); + tmp = der; + ExpectNotNull(d2i_TEST_ASN1(&test_asn1_2, &tmp, 5)); + der2 = NULL; + ExpectIntEQ(i2d_TEST_ASN1(test_asn1_2, &der2), 5); + ExpectBufEQ(der, der2, 5); + XFREE(der, NULL, DYNAMIC_TYPE_ASN1); + XFREE(der2, NULL, DYNAMIC_TYPE_ASN1); + TEST_ASN1_free(test_asn1); + TEST_ASN1_free(test_asn1_2); + + /* Test integer cases. */ + ExpectNull(wolfSSL_ASN1_item_new(NULL)); + TEST_ASN1_free(NULL); + + /* Test nested asn1 objects */ + { + TEST_ASN1_NEST2 *nested_asn1 = NULL; + TEST_ASN1_NEST2 *nested_asn1_2 = NULL; + int i; + + ExpectNotNull(nested_asn1 = TEST_ASN1_NEST2_new()); + /* Populate nested_asn1 with some random data */ + /* nested_asn1->num */ + ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->num, 30003), 1); + /* nested_asn1->key */ + ec_obj = OBJ_nid2obj(EVP_PKEY_EC); + group_obj = OBJ_nid2obj(NID_secp256k1); + ExpectIntEQ(X509_ALGOR_set0(nested_asn1->key->alg, ec_obj, + V_ASN1_OBJECT, group_obj), 1); + if (EXPECT_SUCCESS()) { + ec_obj = NULL; + group_obj = NULL; + } + else { + wolfSSL_ASN1_OBJECT_free(ec_obj); + wolfSSL_ASN1_OBJECT_free(group_obj); + } + ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->key->pub_key, 50, 1), + 1); + /* nested_asn1->asn1_obj->key */ + ec_obj = OBJ_nid2obj(EVP_PKEY_EC); + group_obj = OBJ_nid2obj(NID_secp256k1); + ExpectIntEQ(X509_ALGOR_set0(nested_asn1->asn1_obj->key->alg, ec_obj, + V_ASN1_OBJECT, group_obj), 1); + if (EXPECT_SUCCESS()) { + ec_obj = NULL; + group_obj = NULL; + } + else { + wolfSSL_ASN1_OBJECT_free(ec_obj); + wolfSSL_ASN1_OBJECT_free(group_obj); + } + ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->key->pub_key, + 500, 1), 1); + /* nested_asn1->asn1_obj->asnNum */ + ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->asn1_obj->asnNum, 666666), 1); + /* nested_asn1->asn1_obj->expNum */ + ExpectIntEQ(ASN1_INTEGER_set(nested_asn1->asn1_obj->expNum, 22222), 1); + /* nested_asn1->asn1_obj->strList */ + for (i = 10; i >= 0; i--) { + ASN1_GENERALSTRING* genStr = NULL; + char fmtStr[20]; + + ExpectIntGT(snprintf(fmtStr, sizeof(fmtStr), "Bonjour #%d", i), 0); + ExpectNotNull(genStr = ASN1_GENERALSTRING_new()); + ExpectIntEQ(ASN1_GENERALSTRING_set(genStr, fmtStr, -1), 1); + ExpectIntGT( + sk_ASN1_GENERALSTRING_push(nested_asn1->asn1_obj->strList, + genStr), 0); + if (EXPECT_FAIL()) { + ASN1_GENERALSTRING_free(genStr); + } + } + /* nested_asn1->asn1_obj->str */ + ExpectNotNull(nested_asn1->asn1_obj->str->d.str2 + = ASN1_BIT_STRING_new()); + ExpectIntEQ(ASN1_BIT_STRING_set_bit(nested_asn1->asn1_obj->str->d.str2, + 150, 1), 1); + if (nested_asn1 != NULL) { + nested_asn1->asn1_obj->str->type = 2; + } + + der = NULL; + ExpectIntEQ(i2d_TEST_ASN1_NEST2(nested_asn1, &der), 285); +#ifdef WOLFSSL_ASN_TEMPLATE + tmp = der; + ExpectNotNull(d2i_TEST_ASN1_NEST2(&nested_asn1_2, &tmp, 285)); + der2 = NULL; + ExpectIntEQ(i2d_TEST_ASN1_NEST2(nested_asn1_2, &der2), 285); + ExpectBufEQ(der, der2, 285); + XFREE(der2, NULL, DYNAMIC_TYPE_ASN1); +#endif + XFREE(der, NULL, DYNAMIC_TYPE_ASN1); + + TEST_ASN1_NEST2_free(nested_asn1); + TEST_ASN1_NEST2_free(nested_asn1_2); + } + + /* Test ASN1_ITEM_TEMPLATE */ + { + TEST_ASN1_ITEM* asn1_item = NULL; + TEST_ASN1_ITEM* asn1_item2 = NULL; + int i; + + ExpectNotNull(asn1_item = TEST_ASN1_ITEM_new()); + for (i = 0; i < 11; i++) { + ASN1_INTEGER* asn1_num = NULL; + + ExpectNotNull(asn1_num = ASN1_INTEGER_new()); + ExpectIntEQ(ASN1_INTEGER_set(asn1_num, i), 1); + ExpectIntGT(wolfSSL_sk_insert(asn1_item, asn1_num, -1), 0); + if (EXPECT_FAIL()) { + ASN1_INTEGER_free(asn1_num); + } + } + + der = NULL; + ExpectIntEQ(i2d_TEST_ASN1_ITEM(asn1_item, &der), 35); + tmp = der; + ExpectNotNull(d2i_TEST_ASN1_ITEM(&asn1_item2, &tmp, 35)); + der2 = NULL; + ExpectIntEQ(i2d_TEST_ASN1_ITEM(asn1_item2, &der2), 35); + ExpectBufEQ(der, der2, 35); + XFREE(der, NULL, DYNAMIC_TYPE_ASN1); + XFREE(der2, NULL, DYNAMIC_TYPE_ASN1); + + TEST_ASN1_ITEM_free(asn1_item); + TEST_ASN1_ITEM_free(asn1_item2); + } + +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* OPENSSL_ALL && HAVE_ECC && USE_CERT_BUFFERS_256 */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_i2d_ASN1_TYPE(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + /* Taken from one of sssd's certs othernames */ + unsigned char str_bin[] = { + 0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d, + 0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93 + }; + ASN1_TYPE* asn1type = NULL; + unsigned char* der = NULL; + + /* Create ASN1_TYPE manually as we don't have a d2i version yet */ + { + ASN1_STRING* str = NULL; + ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE)); + ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1); + ExpectNotNull(asn1type = ASN1_TYPE_new()); + if (asn1type != NULL) { + ASN1_TYPE_set(asn1type, V_ASN1_SEQUENCE, str); + } + else { + ASN1_STRING_free(str); + } + } + + ExpectIntEQ(i2d_ASN1_TYPE(asn1type, NULL), sizeof(str_bin)); + ExpectIntEQ(i2d_ASN1_TYPE(asn1type, &der), sizeof(str_bin)); + ExpectBufEQ(der, str_bin, sizeof(str_bin)); + + ASN1_TYPE_free(asn1type); + XFREE(der, NULL, DYNAMIC_TYPE_ASN1); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_i2d_ASN1_SEQUENCE(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + /* Taken from one of sssd's certs othernames */ + unsigned char str_bin[] = { + 0x04, 0x10, 0xa4, 0x9b, 0xc8, 0xf4, 0x85, 0x8e, 0x89, 0x4d, 0x85, 0x8d, + 0x27, 0xbd, 0x63, 0xaa, 0x93, 0x93 + }; + ASN1_STRING* str = NULL; + unsigned char* der = NULL; + + ExpectNotNull(str = ASN1_STRING_type_new(V_ASN1_SEQUENCE)); + ExpectIntEQ(ASN1_STRING_set(str, str_bin, sizeof(str_bin)), 1); + ExpectIntEQ(i2d_ASN1_SEQUENCE(str, NULL), sizeof(str_bin)); + ExpectIntEQ(i2d_ASN1_SEQUENCE(str, &der), sizeof(str_bin)); + + ASN1_STRING_free(str); + XFREE(der, NULL, DYNAMIC_TYPE_ASN1); +#endif + return EXPECT_RESULT(); +} + +int test_ASN1_strings(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + char text[] = "\0\0test string"; + unsigned char* der = NULL; + ASN1_STRING* str = NULL; + + /* Set the length byte */ + text[1] = XSTRLEN(text + 2); + + /* GENERALSTRING */ + { + const unsigned char* p = (const unsigned char*)text; + text[0] = ASN_GENERALSTRING; + ExpectNotNull(d2i_ASN1_GENERALSTRING(&str, &p, sizeof(text))); + ExpectIntEQ(i2d_ASN1_GENERALSTRING(str, &der), 13); + ASN1_STRING_free(str); + str = NULL; + XFREE(der, NULL, DYNAMIC_TYPE_ASN1); + der = NULL; + } + + /* OCTET_STRING */ + { + const unsigned char* p = (const unsigned char*)text; + text[0] = ASN_OCTET_STRING; + ExpectNotNull(d2i_ASN1_OCTET_STRING(&str, &p, sizeof(text))); + ExpectIntEQ(i2d_ASN1_OCTET_STRING(str, &der), 13); + ASN1_STRING_free(str); + str = NULL; + XFREE(der, NULL, DYNAMIC_TYPE_ASN1); + der = NULL; + } + + /* UTF8STRING */ + { + const unsigned char* p = (const unsigned char*)text; + text[0] = ASN_UTF8STRING; + ExpectNotNull(d2i_ASN1_UTF8STRING(&str, &p, sizeof(text))); + ExpectIntEQ(i2d_ASN1_UTF8STRING(str, &der), 13); + ASN1_STRING_free(str); + str = NULL; + XFREE(der, NULL, DYNAMIC_TYPE_ASN1); + der = NULL; + } + +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_asn1.h b/test/ssl/wolfssl/tests/api/test_ossl_asn1.h new file mode 100644 index 000000000..58f496ed9 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_asn1.h @@ -0,0 +1,112 @@ +/* test_ossl_asn1.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_ASN1_H +#define WOLFCRYPT_TEST_OSSL_ASN1_H + +#include + +int test_wolfSSL_ASN1_BIT_STRING(void); +int test_wolfSSL_ASN1_INTEGER(void); +int test_wolfSSL_ASN1_INTEGER_cmp(void); +int test_wolfSSL_ASN1_INTEGER_BN(void); +int test_wolfSSL_ASN1_INTEGER_get_set(void); +int test_wolfSSL_d2i_ASN1_INTEGER(void); +int test_wolfSSL_a2i_ASN1_INTEGER(void); +int test_wolfSSL_i2c_ASN1_INTEGER(void); +int test_wolfSSL_ASN1_OBJECT(void); +int test_wolfSSL_ASN1_get_object(void); +int test_wolfSSL_i2a_ASN1_OBJECT(void); +int test_wolfSSL_i2t_ASN1_OBJECT(void); +int test_wolfSSL_sk_ASN1_OBJECT(void); +int test_wolfSSL_ASN1_STRING(void); +int test_wolfSSL_ASN1_STRING_to_UTF8(void); +int test_wolfSSL_i2s_ASN1_STRING(void); +int test_wolfSSL_ASN1_STRING_canon(void); +int test_wolfSSL_ASN1_STRING_print(void); +int test_wolfSSL_ASN1_STRING_print_ex(void); +int test_wolfSSL_ASN1_UNIVERSALSTRING_to_string(void); +int test_wolfSSL_ASN1_GENERALIZEDTIME_free(void); +int test_wolfSSL_ASN1_GENERALIZEDTIME_print(void); +int test_wolfSSL_ASN1_TIME(void); +int test_wolfSSL_ASN1_TIME_to_string(void); +int test_wolfSSL_ASN1_TIME_diff_compare(void); +int test_wolfSSL_ASN1_TIME_adj(void); +int test_wolfSSL_ASN1_TIME_to_tm(void); +int test_wolfSSL_ASN1_TIME_to_generalizedtime(void); +int test_wolfSSL_ASN1_TIME_print(void); +int test_wolfSSL_ASN1_UTCTIME_print(void); +int test_wolfSSL_ASN1_TYPE(void); +int test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS(void); +int test_wolfSSL_i2d_ASN1_TYPE(void); +int test_wolfSSL_i2d_ASN1_SEQUENCE(void); +int test_ASN1_strings(void); + +#define TEST_OSSL_ASN1_BIT_STRING_DECLS \ + TEST_DECL_GROUP("ossl_asn1_bs", test_wolfSSL_ASN1_BIT_STRING) + +#define TEST_OSSL_ASN1_INTEGER_DECLS \ + TEST_DECL_GROUP("ossl_asn1_int", test_wolfSSL_ASN1_INTEGER), \ + TEST_DECL_GROUP("ossl_asn1_int", test_wolfSSL_ASN1_INTEGER_cmp), \ + TEST_DECL_GROUP("ossl_asn1_int", test_wolfSSL_ASN1_INTEGER_BN), \ + TEST_DECL_GROUP("ossl_asn1_int", test_wolfSSL_ASN1_INTEGER_get_set), \ + TEST_DECL_GROUP("ossl_asn1_int", test_wolfSSL_d2i_ASN1_INTEGER), \ + TEST_DECL_GROUP("ossl_asn1_int", test_wolfSSL_a2i_ASN1_INTEGER), \ + TEST_DECL_GROUP("ossl_asn1_int", test_wolfSSL_i2c_ASN1_INTEGER) + +#define TEST_OSSL_ASN1_OBJECT_DECLS \ + TEST_DECL_GROUP("ossl_asn1_obj", test_wolfSSL_ASN1_OBJECT), \ + TEST_DECL_GROUP("ossl_asn1_obj", test_wolfSSL_ASN1_get_object), \ + TEST_DECL_GROUP("ossl_asn1_obj", test_wolfSSL_i2a_ASN1_OBJECT), \ + TEST_DECL_GROUP("ossl_asn1_obj", test_wolfSSL_i2t_ASN1_OBJECT), \ + TEST_DECL_GROUP("ossl_asn1_obj", test_wolfSSL_sk_ASN1_OBJECT) + +#define TEST_OSSL_ASN1_STRING_DECLS \ + TEST_DECL_GROUP("ossl_asn1_str", test_wolfSSL_ASN1_STRING), \ + TEST_DECL_GROUP("ossl_asn1_str", test_wolfSSL_ASN1_STRING_to_UTF8), \ + TEST_DECL_GROUP("ossl_asn1_str", test_wolfSSL_i2s_ASN1_STRING), \ + TEST_DECL_GROUP("ossl_asn1_str", test_wolfSSL_ASN1_STRING_canon), \ + TEST_DECL_GROUP("ossl_asn1_str", test_wolfSSL_ASN1_STRING_print), \ + TEST_DECL_GROUP("ossl_asn1_str", test_wolfSSL_ASN1_STRING_print_ex), \ + TEST_DECL_GROUP("ossl_asn1_str", \ + test_wolfSSL_ASN1_UNIVERSALSTRING_to_string), \ + TEST_DECL_GROUP("ossl_asn1_str", test_ASN1_strings) + +#define TEST_OSSL_ASN1_TIME_DECLS \ + TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_GENERALIZEDTIME_free), \ + TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_GENERALIZEDTIME_print), \ + TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_TIME), \ + TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_TIME_to_string), \ + TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_TIME_diff_compare), \ + TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_TIME_adj), \ + TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_TIME_to_tm), \ + TEST_DECL_GROUP("ossl_asn1_tm", \ + test_wolfSSL_ASN1_TIME_to_generalizedtime), \ + TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_TIME_print), \ + TEST_DECL_GROUP("ossl_asn1_tm", test_wolfSSL_ASN1_UTCTIME_print) + +#define TEST_OSSL_ASN1_TYPE_DECLS \ + TEST_DECL_GROUP("ossl_asn1_type", test_wolfSSL_ASN1_TYPE), \ + TEST_DECL_GROUP("ossl_asn1_type", test_wolfSSL_IMPLEMENT_ASN1_FUNCTIONS), \ + TEST_DECL_GROUP("ossl_asn1_type", test_wolfSSL_i2d_ASN1_TYPE), \ + TEST_DECL_GROUP("ossl_asn1_type", test_wolfSSL_i2d_ASN1_SEQUENCE) + +#endif /* WOLFCRYPT_TEST_OSSL_ASN1_H */ diff --git a/test/ssl/wolfssl/tests/api/test_ossl_bio.c b/test/ssl/wolfssl/tests/api/test_ossl_bio.c new file mode 100644 index 000000000..cedf9f918 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_bio.c @@ -0,0 +1,1160 @@ +/* test_ossl_bio.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/******************************************************************************* + * BIO OpenSSL compatibility API Testing + ******************************************************************************/ + +#ifndef NO_BIO + +int test_wolfSSL_BIO_gets(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + BIO* bio = NULL; + BIO* bio2 = NULL; + char msg[] = "\nhello wolfSSL\n security plus\t---...**adf\na...b.c"; + char emp[] = ""; + char bio_buffer[20]; + int bufferSz = 20; +#ifdef OPENSSL_ALL + BUF_MEM* emp_bm = NULL; + BUF_MEM* msg_bm = NULL; +#endif + + /* try with bad args */ + ExpectNull(bio = BIO_new_mem_buf(NULL, sizeof(msg))); +#ifdef OPENSSL_ALL + ExpectIntEQ(BIO_set_mem_buf(bio, NULL, BIO_NOCLOSE), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + /* try with real msg */ + ExpectNotNull(bio = BIO_new_mem_buf((void*)msg, -1)); + XMEMSET(bio_buffer, 0, bufferSz); + ExpectNotNull(BIO_push(bio, BIO_new(BIO_s_bio()))); + ExpectNull(bio2 = BIO_find_type(bio, BIO_TYPE_FILE)); + ExpectNotNull(bio2 = BIO_find_type(bio, BIO_TYPE_BIO)); + ExpectFalse(bio2 != BIO_next(bio)); + + /* make buffer filled with no terminating characters */ + XMEMSET(bio_buffer, 1, bufferSz); + + /* BIO_gets reads a line of data */ + ExpectIntEQ(BIO_gets(bio, bio_buffer, -3), 0); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14); + ExpectStrEQ(bio_buffer, "hello wolfSSL\n"); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8); + ExpectIntEQ(BIO_gets(bio, bio_buffer, -1), 0); + +#ifdef OPENSSL_ALL + /* test setting the mem_buf manually */ + BIO_free(bio); + ExpectNotNull(bio = BIO_new_mem_buf((void*)msg, -1)); + ExpectNotNull(emp_bm = BUF_MEM_new()); + ExpectNotNull(msg_bm = BUF_MEM_new()); + ExpectIntEQ(BUF_MEM_grow(msg_bm, sizeof(msg)), sizeof(msg)); + if (EXPECT_SUCCESS()) { + XFREE(msg_bm->data, NULL, DYNAMIC_TYPE_OPENSSL); + msg_bm->data = NULL; + } + /* emp size is 1 for terminator */ + ExpectIntEQ(BUF_MEM_grow(emp_bm, sizeof(emp)), sizeof(emp)); + if (EXPECT_SUCCESS()) { + XFREE(emp_bm->data, NULL, DYNAMIC_TYPE_OPENSSL); + emp_bm->data = emp; + msg_bm->data = msg; + } + ExpectIntEQ(BIO_set_mem_buf(bio, emp_bm, BIO_CLOSE), WOLFSSL_SUCCESS); + + /* check reading an empty string */ + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); /* just terminator */ + ExpectStrEQ(emp, bio_buffer); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */ + + /* BIO_gets reads a line of data */ + ExpectIntEQ(BIO_set_mem_buf(bio, msg_bm, BIO_NOCLOSE), WOLFSSL_SUCCESS); + ExpectIntEQ(BIO_gets(bio, bio_buffer, -3), 0); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14); + ExpectStrEQ(bio_buffer, "hello wolfSSL\n"); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8); + ExpectIntEQ(BIO_gets(bio, bio_buffer, -1), 0); + + if (EXPECT_SUCCESS()) + emp_bm->data = NULL; + BUF_MEM_free(emp_bm); + if (EXPECT_SUCCESS()) + msg_bm->data = NULL; + BUF_MEM_free(msg_bm); +#endif + + /* check not null terminated string */ + BIO_free(bio); + bio = NULL; + msg[0] = 0x33; + msg[1] = 0x33; + msg[2] = 0x33; + ExpectNotNull(bio = BIO_new_mem_buf((void*)msg, 3)); + ExpectIntEQ(BIO_gets(bio, bio_buffer, 3), 2); + ExpectIntEQ(bio_buffer[0], msg[0]); + ExpectIntEQ(bio_buffer[1], msg[1]); + ExpectIntNE(bio_buffer[2], msg[2]); + + BIO_free(bio); + bio = NULL; + msg[3] = 0x33; + bio_buffer[3] = 0x33; + ExpectNotNull(bio = BIO_new_mem_buf((void*)msg, 3)); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 3); + ExpectIntEQ(bio_buffer[0], msg[0]); + ExpectIntEQ(bio_buffer[1], msg[1]); + ExpectIntEQ(bio_buffer[2], msg[2]); + ExpectIntNE(bio_buffer[3], 0x33); /* make sure null terminator was set */ + + /* check reading an empty string */ + BIO_free(bio); + bio = NULL; + ExpectNotNull(bio = BIO_new_mem_buf((void*)emp, sizeof(emp))); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); /* just terminator */ + ExpectStrEQ(emp, bio_buffer); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */ + + /* check error cases */ + BIO_free(bio); + bio = NULL; + ExpectIntEQ(BIO_gets(NULL, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */ + +#if !defined(NO_FILESYSTEM) + { + BIO* f_bio = NULL; + XFILE f = XBADFILE; + + ExpectNotNull(f_bio = BIO_new(BIO_s_file())); + ExpectIntLE(BIO_gets(f_bio, bio_buffer, bufferSz), 0); + + ExpectTrue((f = XFOPEN(svrCertFile, "rb")) != XBADFILE); + ExpectIntEQ((int)BIO_set_fp(f_bio, f, BIO_CLOSE), SSL_SUCCESS); + if (EXPECT_FAIL() && (f != XBADFILE)) { + XFCLOSE(f); + } + ExpectIntGT(BIO_gets(f_bio, bio_buffer, bufferSz), 0); + + BIO_free(f_bio); + f_bio = NULL; + } +#endif /* NO_FILESYSTEM */ + + BIO_free(bio); + bio = NULL; + BIO_free(bio2); + bio2 = NULL; + + /* try with type BIO */ + XMEMCPY(msg, "\nhello wolfSSL\n security plus\t---...**adf\na...b.c", + sizeof(msg)); + ExpectNotNull(bio = BIO_new(BIO_s_bio())); + ExpectIntEQ(BIO_gets(bio, bio_buffer, 2), 0); /* nothing to read */ + ExpectNotNull(bio2 = BIO_new(BIO_s_bio())); + + ExpectIntEQ(BIO_set_write_buf_size(bio, 10), SSL_SUCCESS); + ExpectIntEQ(BIO_set_write_buf_size(bio2, sizeof(msg)), SSL_SUCCESS); + ExpectIntEQ(BIO_make_bio_pair(bio, bio2), SSL_SUCCESS); + + ExpectIntEQ(BIO_write(bio2, msg, sizeof(msg)), sizeof(msg)); + ExpectIntEQ(BIO_gets(bio, bio_buffer, -3), 0); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 1); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 14); + ExpectStrEQ(bio_buffer, "hello wolfSSL\n"); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 19); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 8); + ExpectIntEQ(BIO_gets(bio, bio_buffer, -1), 0); + + BIO_free(bio); + bio = NULL; + BIO_free(bio2); + bio2 = NULL; + + /* check reading an empty string */ + ExpectNotNull(bio = BIO_new(BIO_s_bio())); + ExpectIntEQ(BIO_set_write_buf_size(bio, sizeof(emp)), SSL_SUCCESS); + ExpectIntEQ(BIO_gets(bio, bio_buffer, bufferSz), 0); /* Nothing to read */ + ExpectStrEQ(emp, bio_buffer); + + BIO_free(bio); + bio = NULL; +#endif + return EXPECT_RESULT(); +} + + +int test_wolfSSL_BIO_puts(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + BIO* bio = NULL; + char input[] = "hello\0world\n.....ok\n\0"; + char output[128]; + + XMEMSET(output, 0, sizeof(output)); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(BIO_puts(bio, input), 5); + ExpectIntEQ(BIO_pending(bio), 5); + ExpectIntEQ(BIO_puts(bio, input + 6), 14); + ExpectIntEQ(BIO_pending(bio), 19); + ExpectIntEQ(BIO_gets(bio, output, sizeof(output)), 11); + ExpectStrEQ(output, "helloworld\n"); + ExpectIntEQ(BIO_pending(bio), 8); + ExpectIntEQ(BIO_gets(bio, output, sizeof(output)), 8); + ExpectStrEQ(output, ".....ok\n"); + ExpectIntEQ(BIO_pending(bio), 0); + ExpectIntEQ(BIO_puts(bio, ""), -1); + + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_BIO_dump(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) + BIO* bio; + static const unsigned char data[] = { + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48, 0xCE, + 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xBF, 0xF4, + 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, + 0x4D, 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, + 0xEC, 0x5A, 0x4C, 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, + 0xEF, 0xA2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xC6, 0x56, + 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, 0x75, 0x1A, 0x42, + 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, 0x7F, + 0xB4 + }; + /* Generated with OpenSSL. */ + static const char expected[] = +"0000 - 30 59 30 13 06 07 2a 86-48 ce 3d 02 01 06 08 2a 0Y0...*.H.=....*\n" +"0010 - 86 48 ce 3d 03 01 07 03-42 00 04 55 bf f4 0f 44 .H.=....B..U...D\n" +"0020 - 50 9a 3d ce 9b b7 f0 c5-4d f5 70 7b d4 ec 24 8e P.=.....M.p{..$.\n" +"0030 - 19 80 ec 5a 4c a2 24 03-62 2c 9b da ef a2 35 12 ...ZL.$.b,....5.\n" +"0040 - 43 84 76 16 c6 56 95 06-cc 01 a9 bd f6 75 1a 42 C.v..V.......u.B\n" +"0050 - f7 bd a9 b2 36 22 5f c7-5d 7f b4 ....6\"_.]..\n"; + static const char expectedAll[] = +"0000 - 00 01 02 03 04 05 06 07-08 09 0a 0b 0c 0d 0e 0f ................\n" +"0010 - 10 11 12 13 14 15 16 17-18 19 1a 1b 1c 1d 1e 1f ................\n" +"0020 - 20 21 22 23 24 25 26 27-28 29 2a 2b 2c 2d 2e 2f !\"#$%&'()*+,-./\n" +"0030 - 30 31 32 33 34 35 36 37-38 39 3a 3b 3c 3d 3e 3f 0123456789:;<=>?\n" +"0040 - 40 41 42 43 44 45 46 47-48 49 4a 4b 4c 4d 4e 4f @ABCDEFGHIJKLMNO\n" +"0050 - 50 51 52 53 54 55 56 57-58 59 5a 5b 5c 5d 5e 5f PQRSTUVWXYZ[\\]^_\n" +"0060 - 60 61 62 63 64 65 66 67-68 69 6a 6b 6c 6d 6e 6f `abcdefghijklmno\n" +"0070 - 70 71 72 73 74 75 76 77-78 79 7a 7b 7c 7d 7e 7f pqrstuvwxyz{|}~.\n" +"0080 - 80 81 82 83 84 85 86 87-88 89 8a 8b 8c 8d 8e 8f ................\n" +"0090 - 90 91 92 93 94 95 96 97-98 99 9a 9b 9c 9d 9e 9f ................\n" +"00a0 - a0 a1 a2 a3 a4 a5 a6 a7-a8 a9 aa ab ac ad ae af ................\n" +"00b0 - b0 b1 b2 b3 b4 b5 b6 b7-b8 b9 ba bb bc bd be bf ................\n" +"00c0 - c0 c1 c2 c3 c4 c5 c6 c7-c8 c9 ca cb cc cd ce cf ................\n" +"00d0 - d0 d1 d2 d3 d4 d5 d6 d7-d8 d9 da db dc dd de df ................\n" +"00e0 - e0 e1 e2 e3 e4 e5 e6 e7-e8 e9 ea eb ec ed ee ef ................\n" +"00f0 - f0 f1 f2 f3 f4 f5 f6 f7-f8 f9 fa fb fc fd fe ff ................\n"; + char output[16 * 80]; + int i; + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + + /* Example key dumped. */ + ExpectIntEQ(BIO_dump(bio, (const char*)data, (int)sizeof(data)), + sizeof(expected) - 1); + ExpectIntEQ(BIO_read(bio, output, sizeof(output)), sizeof(expected) - 1); + ExpectIntEQ(XMEMCMP(output, expected, sizeof(expected) - 1), 0); + + /* Try every possible value for a character. */ + for (i = 0; i < 256; i++) + output[i] = i; + ExpectIntEQ(BIO_dump(bio, output, 256), sizeof(expectedAll) - 1); + ExpectIntEQ(BIO_read(bio, output, sizeof(output)), sizeof(expectedAll) - 1); + ExpectIntEQ(XMEMCMP(output, expectedAll, sizeof(expectedAll) - 1), 0); + + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO) +static int forceWantRead(WOLFSSL *ssl, char *buf, int sz, void *ctx) +{ + (void)ssl; + (void)buf; + (void)sz; + (void)ctx; + return WOLFSSL_CBIO_ERR_WANT_READ; +} +#endif + +int test_wolfSSL_BIO_should_retry(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + !defined(NO_RSA) && defined(HAVE_EXT_CACHE) && \ + defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(USE_WOLFSSL_IO) + tcp_ready ready; + func_args server_args; + THREAD_TYPE serverThread; + SOCKET_T sockfd = 0; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + char msg[64] = "hello wolfssl!"; + char reply[1024]; + int msgSz = (int)XSTRLEN(msg); + int ret; + BIO* bio = NULL; + + XMEMSET(&server_args, 0, sizeof(func_args)); +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + StartTCP(); + InitTcpReady(&ready); + +#if defined(USE_WINDOWS_API) + /* use RNG to get random port if using windows */ + ready.port = GetRandomPort(); +#endif + + server_args.signal = &ready; + start_thread(test_server_nofail, &server_args, &serverThread); + wait_tcp_ready(&server_args); + + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); +#ifdef OPENSSL_COMPATIBLE_DEFAULTS + ExpectIntEQ(wolfSSL_CTX_clear_mode(ctx, SSL_MODE_AUTO_RETRY), 0); +#endif + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); + tcp_connect(&sockfd, wolfSSLIP, server_args.signal->port, 0, 0, NULL); + + /* force retry */ + ExpectNotNull(bio = wolfSSL_BIO_new_ssl(ctx, 1)); + ExpectIntEQ(BIO_get_ssl(bio, &ssl), 1); + ExpectNotNull(ssl); + ExpectIntEQ(wolfSSL_set_fd(ssl, sockfd), WOLFSSL_SUCCESS); + wolfSSL_SSLSetIORecv(ssl, forceWantRead); + if (EXPECT_FAIL()) { + wolfSSL_free(ssl); + ssl = NULL; + } + + ExpectIntLE(BIO_write(bio, msg, msgSz), 0); + ExpectIntNE(BIO_should_retry(bio), 0); + ExpectIntEQ(BIO_should_read(bio), 0); + ExpectIntEQ(BIO_should_write(bio), 0); + + + /* now perform successful connection */ + wolfSSL_SSLSetIORecv(ssl, EmbedReceive); + ExpectIntEQ(BIO_write(bio, msg, msgSz), msgSz); + ExpectIntNE(BIO_read(bio, reply, sizeof(reply)), 0); + ret = wolfSSL_get_error(ssl, -1); + if (ret == WOLFSSL_ERROR_WANT_READ || ret == WOLFSSL_ERROR_WANT_WRITE) { + ExpectIntNE(BIO_should_retry(bio), 0); + + if (ret == WOLFSSL_ERROR_WANT_READ) + ExpectIntEQ(BIO_should_read(bio), 1); + else + ExpectIntEQ(BIO_should_read(bio), 0); + + if (ret == WOLFSSL_ERROR_WANT_WRITE) + ExpectIntEQ(BIO_should_write(bio), 1); + else + ExpectIntEQ(BIO_should_write(bio), 0); + } + else { + ExpectIntEQ(BIO_should_retry(bio), 0); + ExpectIntEQ(BIO_should_read(bio), 0); + ExpectIntEQ(BIO_should_write(bio), 0); + } + ExpectIntEQ(XMEMCMP(reply, "I hear you fa shizzle!", + XSTRLEN("I hear you fa shizzle!")), 0); + BIO_free(bio); + wolfSSL_CTX_free(ctx); + + CloseSocket(sockfd); + + join_thread(serverThread); + FreeTcpReady(&ready); + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_BIO_connect(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ + defined(HAVE_HTTP_CLIENT) && !defined(NO_WOLFSSL_CLIENT) + tcp_ready ready; + func_args server_args; + THREAD_TYPE serverThread; + BIO *tcpBio = NULL; + BIO *sslBio = NULL; + SSL_CTX* ctx = NULL; + SSL *ssl = NULL; + SSL *sslPtr; + char msg[] = "hello wolfssl!"; + char reply[30]; + char buff[10] = {0}; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfSSLv23_client_method())); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_use_certificate_file(ctx, cliCertFile, SSL_FILETYPE_PEM)); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_use_PrivateKey_file(ctx, cliKeyFile, SSL_FILETYPE_PEM)); + + /* Setup server */ + XMEMSET(&server_args, 0, sizeof(func_args)); + StartTCP(); + InitTcpReady(&ready); +#if defined(USE_WINDOWS_API) + /* use RNG to get random port if using windows */ + ready.port = GetRandomPort(); +#endif + server_args.signal = &ready; + start_thread(test_server_nofail, &server_args, &serverThread); + wait_tcp_ready(&server_args); + ExpectIntGT(XSNPRINTF(buff, sizeof(buff), "%d", ready.port), 0); + + /* Start the test proper */ + /* Setup the TCP BIO */ + ExpectNotNull(tcpBio = BIO_new_connect(wolfSSLIP)); + ExpectIntEQ(BIO_set_conn_port(tcpBio, buff), 1); + /* Setup the SSL object */ + ExpectNotNull(ssl = SSL_new(ctx)); + SSL_set_connect_state(ssl); + /* Setup the SSL BIO */ + ExpectNotNull(sslBio = BIO_new(BIO_f_ssl())); + ExpectIntEQ(BIO_set_ssl(sslBio, ssl, BIO_CLOSE), 1); + if (EXPECT_FAIL()) { + wolfSSL_free(ssl); + } + /* Verify that BIO_get_ssl works. */ + ExpectIntEQ(BIO_get_ssl(sslBio, &sslPtr), 1); + ExpectPtrEq(ssl, sslPtr); + /* Link BIO's so that sslBio uses tcpBio for IO */ + ExpectPtrEq(BIO_push(sslBio, tcpBio), sslBio); + /* Do TCP connect */ + ExpectIntEQ(BIO_do_connect(sslBio), 1); + /* Do TLS handshake */ + ExpectIntEQ(BIO_do_handshake(sslBio), 1); + /* Test writing */ + ExpectIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg)); + /* Expect length of default wolfSSL reply */ + ExpectIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23); + + /* Clean it all up */ + BIO_free_all(sslBio); + /* Server clean up */ + join_thread(serverThread); + FreeTcpReady(&ready); + + /* Run the same test, but use BIO_new_ssl_connect and set the IP and port + * after. */ + XMEMSET(&server_args, 0, sizeof(func_args)); + StartTCP(); + InitTcpReady(&ready); +#if defined(USE_WINDOWS_API) + /* use RNG to get random port if using windows */ + ready.port = GetRandomPort(); +#endif + server_args.signal = &ready; + start_thread(test_server_nofail, &server_args, &serverThread); + wait_tcp_ready(&server_args); + ExpectIntGT(XSNPRINTF(buff, sizeof(buff), "%d", ready.port), 0); + + ExpectNotNull(sslBio = BIO_new_ssl_connect(ctx)); + ExpectIntEQ(BIO_set_conn_hostname(sslBio, (char*)wolfSSLIP), 1); + ExpectIntEQ(BIO_set_conn_port(sslBio, buff), 1); + ExpectIntEQ(BIO_do_connect(sslBio), 1); + ExpectIntEQ(BIO_do_handshake(sslBio), 1); + ExpectIntEQ(BIO_write(sslBio, msg, sizeof(msg)), sizeof(msg)); + ExpectIntEQ(BIO_read(sslBio, reply, sizeof(reply)), 23); + /* Attempt to close the TLS connection gracefully. */ + BIO_ssl_shutdown(sslBio); + + BIO_free_all(sslBio); + join_thread(serverThread); + FreeTcpReady(&ready); + + SSL_CTX_free(ctx); + +#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) + wc_ecc_fp_free(); /* free per thread cache */ +#endif +#endif + return EXPECT_RESULT(); +} + + +int test_wolfSSL_BIO_tls(void) +{ + EXPECT_DECLS; +#if !defined(NO_BIO) && defined(OPENSSL_EXTRA) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_TLS) + SSL_CTX* ctx = NULL; + SSL *ssl = NULL; + BIO *readBio = NULL; + BIO *writeBio = NULL; + int ret; + int err = 0; + + ExpectNotNull(ctx = SSL_CTX_new(SSLv23_method())); + ExpectNotNull(ssl = SSL_new(ctx)); + + ExpectNotNull(readBio = BIO_new(BIO_s_mem())); + ExpectNotNull(writeBio = BIO_new(BIO_s_mem())); + /* Qt reads data from write-bio, + * then writes the read data into plain packet. + * Qt reads data from plain packet, + * then writes the read data into read-bio. + */ + SSL_set_bio(ssl, readBio, writeBio); + + do { + #ifdef WOLFSSL_ASYNC_CRYPT + if (err == WC_NO_ERR_TRACE(WC_PENDING_E)) { + ret = wolfSSL_AsyncPoll(ssl, WOLF_POLL_FLAG_CHECK_HW); + if (ret < 0) { break; } else if (ret == 0) { continue; } + } + #endif + ret = SSL_connect(ssl); + err = SSL_get_error(ssl, 0); + } while (err == WC_NO_ERR_TRACE(WC_PENDING_E)); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + /* in this use case, should return WANT READ + * so that Qt will read the data from plain packet for next state. + */ + ExpectIntEQ(err, SSL_ERROR_WANT_READ); + + SSL_free(ssl); + SSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + + +int test_wolfSSL_BIO_datagram(void) +{ + EXPECT_DECLS; +#if !defined(NO_BIO) && defined(WOLFSSL_DTLS) && defined(WOLFSSL_HAVE_BIO_ADDR) && defined(OPENSSL_EXTRA) + int ret; + SOCKET_T fd1 = SOCKET_INVALID, fd2 = SOCKET_INVALID; + WOLFSSL_BIO *bio1 = NULL, *bio2 = NULL; + WOLFSSL_BIO_ADDR *bio_addr1 = NULL, *bio_addr2 = NULL; + SOCKADDR_IN sin1, sin2; + socklen_t slen; + static const char test_msg[] = "I am a datagram, short and stout."; + char test_msg_recvd[sizeof(test_msg) + 10]; +#ifdef USE_WINDOWS_API + static const DWORD timeout = 250; /* ms */ +#else + static const struct timeval timeout = { 0, 250000 }; +#endif + + StartTCP(); + + if (EXPECT_SUCCESS()) { + fd1 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + ExpectIntNE(fd1, SOCKET_INVALID); + } + if (EXPECT_SUCCESS()) { + fd2 = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + ExpectIntNE(fd2, SOCKET_INVALID); + } + + if (EXPECT_SUCCESS()) { + bio1 = wolfSSL_BIO_new_dgram(fd1, 1 /* closeF */); + ExpectNotNull(bio1); + } + + if (EXPECT_SUCCESS()) { + bio2 = wolfSSL_BIO_new_dgram(fd2, 1 /* closeF */); + ExpectNotNull(bio2); + } + + if (EXPECT_SUCCESS()) { + sin1.sin_family = AF_INET; + sin1.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + sin1.sin_port = 0; + slen = (socklen_t)sizeof(sin1); + ExpectIntEQ(bind(fd1, (const struct sockaddr *)&sin1, slen), 0); + ExpectIntEQ(setsockopt(fd1, SOL_SOCKET, SO_RCVTIMEO, (const char *)&timeout, sizeof(timeout)), 0); + ExpectIntEQ(getsockname(fd1, (struct sockaddr *)&sin1, &slen), 0); + } + + if (EXPECT_SUCCESS()) { + sin2.sin_family = AF_INET; + sin2.sin_addr.s_addr = htonl(INADDR_LOOPBACK); + sin2.sin_port = 0; + slen = (socklen_t)sizeof(sin2); + ExpectIntEQ(bind(fd2, (const struct sockaddr *)&sin2, slen), 0); + ExpectIntEQ(setsockopt(fd2, SOL_SOCKET, SO_RCVTIMEO, (const char *)&timeout, sizeof(timeout)), 0); + ExpectIntEQ(getsockname(fd2, (struct sockaddr *)&sin2, &slen), 0); + } + + if (EXPECT_SUCCESS()) { + bio_addr1 = wolfSSL_BIO_ADDR_new(); + ExpectNotNull(bio_addr1); + } + + if (EXPECT_SUCCESS()) { + bio_addr2 = wolfSSL_BIO_ADDR_new(); + ExpectNotNull(bio_addr2); + } + + if (EXPECT_SUCCESS()) { + /* for OpenSSL compatibility, direct copying of sockaddrs into BIO_ADDRs must work right. */ + XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS); + wolfSSL_BIO_ADDR_clear(bio_addr2); + } + + test_msg_recvd[0] = 0; + ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); + ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); + +#ifdef WOLFSSL_BIO_HAVE_FLOW_STATS + ExpectIntEQ(wolfSSL_BIO_number_written(bio1), sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_number_read(bio2), sizeof(test_msg)); +#endif + + /* bio2 should now have bio1's addr stored as its peer_addr, because the + * BIOs aren't "connected" yet. use it to send a reply. + */ + + test_msg_recvd[0] = 0; + ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); + ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); + + ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR); + ExpectIntNE(BIO_should_retry(bio1), 0); + + ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), WOLFSSL_BIO_ERROR); + ExpectIntNE(BIO_should_retry(bio2), 0); + + /* now "connect" the sockets. */ + + ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin2, (socklen_t)sizeof(sin2)), 0); + ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0); + + if (EXPECT_SUCCESS()) { + XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr2), WOLFSSL_SUCCESS); + wolfSSL_BIO_ADDR_clear(bio_addr2); + } + + if (EXPECT_SUCCESS()) { + XMEMCPY(&bio_addr1->sa_in, &sin1, sizeof(sin1)); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, bio_addr1), WOLFSSL_SUCCESS); + wolfSSL_BIO_ADDR_clear(bio_addr1); + } + + test_msg_recvd[0] = 0; + ExpectIntEQ(wolfSSL_BIO_write(bio2, test_msg, sizeof(test_msg)), (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_read(bio1, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); + ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); + + test_msg_recvd[0] = 0; + ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), (int)sizeof(test_msg)); + ExpectIntEQ(wolfSSL_BIO_read(bio2, test_msg_recvd, sizeof(test_msg_recvd)), (int)sizeof(test_msg)); + ExpectIntEQ(XMEMCMP(test_msg_recvd, test_msg, sizeof(test_msg)), 0); + +#ifdef __linux__ + /* now "disconnect" the sockets and attempt transmits expected to fail. */ + + sin1.sin_family = AF_UNSPEC; + ExpectIntEQ(connect(fd1, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0); + ExpectIntEQ(connect(fd2, (const struct sockaddr *)&sin1, (socklen_t)sizeof(sin1)), 0); + sin1.sin_family = AF_INET; + + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio2, BIO_CTRL_DGRAM_SET_CONNECTED, 0, NULL), WOLFSSL_SUCCESS); + + if (EXPECT_SUCCESS()) { + sin2.sin_addr.s_addr = htonl(0xc0a8c0a8); /* 192.168.192.168 -- invalid for loopback interface. */ + XMEMCPY(&bio_addr2->sa_in, &sin2, sizeof(sin2)); + ExpectIntEQ((int)wolfSSL_BIO_ctrl(bio1, BIO_CTRL_DGRAM_SET_PEER, 0, bio_addr2), WOLFSSL_SUCCESS); + wolfSSL_BIO_ADDR_clear(bio_addr2); + } + + test_msg_recvd[0] = 0; + errno = 0; + ExpectIntEQ(wolfSSL_BIO_write(bio1, test_msg, sizeof(test_msg)), -1); + ExpectTrue((errno == EINVAL) || (errno == ENETUNREACH)); + +#endif /* __linux__ */ + + + if (bio1) { + ret = wolfSSL_BIO_free(bio1); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + } else if (fd1 != SOCKET_INVALID) + CloseSocket(fd1); + if (bio2) { + ret = wolfSSL_BIO_free(bio2); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); + } else if (fd2 != SOCKET_INVALID) + CloseSocket(fd2); + if (bio_addr1) + wolfSSL_BIO_ADDR_free(bio_addr1); + if (bio_addr2) + wolfSSL_BIO_ADDR_free(bio_addr2); + +#endif /* !NO_BIO && WOLFSSL_DTLS && WOLFSSL_HAVE_BIO_ADDR && OPENSSL_EXTRA */ + + return EXPECT_RESULT(); +} + +int test_wolfSSL_BIO_s_null(void) +{ + EXPECT_DECLS; +#if !defined(NO_BIO) && defined(OPENSSL_EXTRA) + BIO *b = NULL; + char testData[10] = {'t','e','s','t',0}; + + ExpectNotNull(b = BIO_new(BIO_s_null())); + ExpectIntEQ(BIO_write(b, testData, sizeof(testData)), sizeof(testData)); + ExpectIntEQ(BIO_read(b, testData, sizeof(testData)), 0); + ExpectIntEQ(BIO_puts(b, testData), 4); + ExpectIntEQ(BIO_gets(b, testData, sizeof(testData)), 0); + ExpectIntEQ(BIO_pending(b), 0); + ExpectIntEQ(BIO_eof(b), 1); + + BIO_free(b); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ + defined(HAVE_HTTP_CLIENT) +static THREAD_RETURN WOLFSSL_THREAD test_wolfSSL_BIO_accept_client(void* args) +{ + BIO* clientBio; + SSL* sslClient; + SSL_CTX* ctx; + char connectAddr[20]; /* IP + port */; + + (void)args; + + AssertIntGT(snprintf(connectAddr, sizeof(connectAddr), "%s:%d", wolfSSLIP, wolfSSLPort), 0); + clientBio = BIO_new_connect(connectAddr); + AssertNotNull(clientBio); + AssertIntEQ(BIO_do_connect(clientBio), 1); + ctx = SSL_CTX_new(SSLv23_method()); + AssertNotNull(ctx); + sslClient = SSL_new(ctx); + AssertNotNull(sslClient); + AssertIntEQ(wolfSSL_CTX_load_verify_locations(ctx, caCertFile, 0), WOLFSSL_SUCCESS); + SSL_set_bio(sslClient, clientBio, clientBio); + AssertIntEQ(SSL_connect(sslClient), 1); + + SSL_free(sslClient); + SSL_CTX_free(ctx); + +#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) + wc_ecc_fp_free(); /* free per thread cache */ +#endif + + WOLFSSL_RETURN_FROM_THREAD(0); +} +#endif + +int test_wolfSSL_BIO_accept(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && defined(HAVE_IO_TESTS_DEPENDENCIES) && \ + defined(HAVE_HTTP_CLIENT) + BIO* serverBindBio = NULL; + BIO* serverAcceptBio = NULL; + SSL* sslServer = NULL; + SSL_CTX* ctx = NULL; + func_args args; + THREAD_TYPE thread; + char port[10]; /* 10 bytes should be enough to store the string + * representation of the port */ + + ExpectIntGT(snprintf(port, sizeof(port), "%d", wolfSSLPort), 0); + ExpectNotNull(serverBindBio = BIO_new_accept(port)); + + /* First BIO_do_accept binds the port */ + ExpectIntEQ(BIO_do_accept(serverBindBio), 1); + + XMEMSET(&args, 0, sizeof(func_args)); + start_thread(test_wolfSSL_BIO_accept_client, &args, &thread); + + ExpectIntEQ(BIO_do_accept(serverBindBio), 1); + /* Let's plug it into SSL to test */ + ExpectNotNull(ctx = SSL_CTX_new(SSLv23_method())); + ExpectIntEQ(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + SSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + SSL_FILETYPE_PEM), WOLFSSL_SUCCESS); + ExpectNotNull(sslServer = SSL_new(ctx)); + ExpectNotNull(serverAcceptBio = BIO_pop(serverBindBio)); + SSL_set_bio(sslServer, serverAcceptBio, serverAcceptBio); + ExpectIntEQ(SSL_accept(sslServer), 1); + + join_thread(thread); + + BIO_free(serverBindBio); + SSL_free(sslServer); + SSL_CTX_free(ctx); + +#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) + wc_ecc_fp_free(); /* free per thread cache */ +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_BIO_write(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_BASE64_ENCODE) + BIO* bio = NULL; + BIO* bio64 = NULL; + BIO* bio_mem = NULL; + BIO* ptr = NULL; + int sz; + char msg[] = "conversion test"; + char out[40]; + char expected[] = "Y29udmVyc2lvbiB0ZXN0AA==\n"; + void* bufPtr = NULL; + BUF_MEM* buf = NULL; + + ExpectNotNull(bio64 = BIO_new(BIO_f_base64())); + ExpectNotNull(bio = BIO_push(bio64, BIO_new(BIO_s_mem()))); + if (EXPECT_FAIL()) { + BIO_free(bio64); + } + + /* now should convert to base64 then write to memory */ + ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg)); + BIO_flush(bio); + + /* test BIO chain */ + ExpectIntEQ(SSL_SUCCESS, (int)BIO_get_mem_ptr(bio, &buf)); + ExpectNotNull(buf); + ExpectIntEQ(buf->length, 25); + ExpectIntEQ(BIO_get_mem_data(bio, &bufPtr), 25); + ExpectPtrEq(buf->data, bufPtr); + + ExpectNotNull(ptr = BIO_find_type(bio, BIO_TYPE_MEM)); + sz = sizeof(out); + XMEMSET(out, 0, sz); + ExpectIntEQ((sz = BIO_read(ptr, out, sz)), 25); + ExpectIntEQ(XMEMCMP(out, expected, sz), 0); + + /* write then read should return the same message */ + ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg)); + sz = sizeof(out); + XMEMSET(out, 0, sz); + ExpectIntEQ(BIO_read(bio, out, sz), 16); + ExpectIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0); + + /* now try encoding with no line ending */ + BIO_set_flags(bio64, BIO_FLAGS_BASE64_NO_NL); +#ifdef HAVE_EX_DATA + BIO_set_ex_data(bio64, 0, (void*) "data"); + ExpectIntEQ(strcmp((const char*)BIO_get_ex_data(bio64, 0), "data"), 0); +#endif + ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg)); + BIO_flush(bio); + sz = sizeof(out); + XMEMSET(out, 0, sz); + ExpectIntEQ((sz = BIO_read(ptr, out, sz)), 24); + ExpectIntEQ(XMEMCMP(out, expected, sz), 0); + + BIO_free_all(bio); /* frees bio64 also */ + bio = NULL; + + /* test with more than one bio64 in list */ + ExpectNotNull(bio64 = BIO_new(BIO_f_base64())); + ExpectNotNull(bio = BIO_push(BIO_new(BIO_f_base64()), bio64)); + if (EXPECT_FAIL()) { + BIO_free_all(bio); + bio = NULL; + bio64 = NULL; + } + ExpectNotNull(bio_mem = BIO_new(BIO_s_mem())); + ExpectNotNull(BIO_push(bio64, bio_mem)); + if (EXPECT_FAIL()) { + BIO_free(bio_mem); + } + + /* now should convert to base64 when stored and then decode with read */ + if (bio == NULL) { + ExpectNotNull(bio = BIO_new(BIO_f_base64())); + } + ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), 25); + BIO_flush(bio); + sz = sizeof(out); + XMEMSET(out, 0, sz); + ExpectIntEQ((sz = BIO_read(bio, out, sz)), 16); + ExpectIntEQ(XMEMCMP(out, msg, sz), 0); + BIO_clear_flags(bio64, ~0); + BIO_set_retry_read(bio); + BIO_free_all(bio); /* frees bio64s also */ + bio = NULL; + + ExpectNotNull(bio = BIO_new_mem_buf(out, 0)); + ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), sizeof(msg)); + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + + +int test_wolfSSL_BIO_printf(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) + BIO* bio = NULL; + int sz = 7; + char msg[] = "TLS 1.3 for the world"; + char out[60]; + char expected[] = "TLS 1.3 for the world : sz = 7"; + + XMEMSET(out, 0, sizeof(out)); + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(BIO_printf(bio, "%s : sz = %d", msg, sz), 30); + ExpectIntEQ(BIO_printf(NULL, ""), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + ExpectIntEQ(BIO_read(bio, out, sizeof(out)), 30); + ExpectIntEQ(XSTRNCMP(out, expected, sizeof(expected)), 0); + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_BIO_f_md(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_SHA256) + BIO* bio = NULL; + BIO* mem = NULL; + char msg[] = "message to hash"; + char out[60]; + EVP_MD_CTX* ctx = NULL; + const unsigned char testKey[] = + { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b + }; + const char testData[] = "Hi There"; + const unsigned char testResult[] = + { + 0xb0, 0x34, 0x4c, 0x61, 0xd8, 0xdb, 0x38, 0x53, + 0x5c, 0xa8, 0xaf, 0xce, 0xaf, 0x0b, 0xf1, 0x2b, + 0x88, 0x1d, 0xc2, 0x00, 0xc9, 0x83, 0x3d, 0xa7, + 0x26, 0xe9, 0x37, 0x6c, 0x2e, 0x32, 0xcf, 0xf7 + }; + const unsigned char expectedHash[] = + { + 0x66, 0x49, 0x3C, 0xE8, 0x8A, 0x57, 0xB0, 0x60, + 0xDC, 0x55, 0x7D, 0xFC, 0x1F, 0xA5, 0xE5, 0x07, + 0x70, 0x5A, 0xF6, 0xD7, 0xC4, 0x1F, 0x1A, 0xE4, + 0x2D, 0xA6, 0xFD, 0xD1, 0x29, 0x7D, 0x60, 0x0D + }; + const unsigned char emptyHash[] = + { + 0xE3, 0xB0, 0xC4, 0x42, 0x98, 0xFC, 0x1C, 0x14, + 0x9A, 0xFB, 0xF4, 0xC8, 0x99, 0x6F, 0xB9, 0x24, + 0x27, 0xAE, 0x41, 0xE4, 0x64, 0x9B, 0x93, 0x4C, + 0xA4, 0x95, 0x99, 0x1B, 0x78, 0x52, 0xB8, 0x55 + }; + unsigned char check[sizeof(testResult) + 1]; + size_t checkSz = sizeof(check); + EVP_PKEY* key = NULL; + + XMEMSET(out, 0, sizeof(out)); + ExpectNotNull(bio = BIO_new(BIO_f_md())); + ExpectNotNull(mem = BIO_new(BIO_s_mem())); + + ExpectIntEQ(BIO_get_md_ctx(bio, &ctx), 1); + ExpectIntEQ(EVP_DigestInit(ctx, EVP_sha256()), 1); + + /* should not be able to write/read yet since just digest wrapper and no + * data is passing through the bio */ + ExpectIntEQ(BIO_write(bio, msg, 0), 0); + ExpectIntEQ(BIO_pending(bio), 0); + ExpectIntEQ(BIO_read(bio, out, sizeof(out)), 0); + ExpectIntEQ(BIO_gets(bio, out, 3), 0); + ExpectIntEQ(BIO_gets(bio, out, sizeof(out)), 32); + ExpectIntEQ(XMEMCMP(emptyHash, out, 32), 0); + BIO_reset(bio); + + /* append BIO mem to bio in order to read/write */ + ExpectNotNull(bio = BIO_push(bio, mem)); + + XMEMSET(out, 0, sizeof(out)); + ExpectIntEQ(BIO_write(mem, msg, sizeof(msg)), 16); + ExpectIntEQ(BIO_pending(bio), 16); + + /* this just reads the message and does not hash it (gets calls final) */ + ExpectIntEQ(BIO_read(bio, out, sizeof(out)), 16); + ExpectIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0); + + /* create a message digest using BIO */ + XMEMSET(out, 0, sizeof(out)); + ExpectIntEQ(BIO_write(bio, msg, sizeof(msg)), 16); + ExpectIntEQ(BIO_pending(mem), 16); + ExpectIntEQ(BIO_pending(bio), 16); + ExpectIntEQ(BIO_gets(bio, out, sizeof(out)), 32); + ExpectIntEQ(XMEMCMP(expectedHash, out, 32), 0); + BIO_free(bio); + bio = NULL; + BIO_free(mem); + mem = NULL; + + /* test with HMAC */ + XMEMSET(out, 0, sizeof(out)); + ExpectNotNull(bio = BIO_new(BIO_f_md())); + ExpectNotNull(mem = BIO_new(BIO_s_mem())); + BIO_get_md_ctx(bio, &ctx); + ExpectNotNull(key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, testKey, + (int)sizeof(testKey))); + EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, key); + ExpectNotNull(bio = BIO_push(bio, mem)); + BIO_write(bio, testData, (int)strlen(testData)); + checkSz = sizeof(check); + ExpectIntEQ(EVP_DigestSignFinal(ctx, NULL, &checkSz), 1); + checkSz = sizeof(check); + ExpectIntEQ(EVP_DigestSignFinal(ctx, check, &checkSz), 1); + + ExpectIntEQ(XMEMCMP(check, testResult, sizeof(testResult)), 0); + + EVP_PKEY_free(key); + BIO_free(bio); + BIO_free(mem); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_BIO_up_ref(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) + BIO* bio = NULL; + + ExpectNotNull(bio = BIO_new(BIO_f_md())); + ExpectIntEQ(BIO_up_ref(NULL), 0); + ExpectIntEQ(BIO_up_ref(bio), 1); + BIO_free(bio); + ExpectIntEQ(BIO_up_ref(bio), 1); + BIO_free(bio); + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} +int test_wolfSSL_BIO_reset(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) || defined(OPENSSL_EXTRA) + BIO* bio = NULL; + byte buf[16]; + + ExpectNotNull(bio = BIO_new_mem_buf("secure your data", + (word32)XSTRLEN("secure your data"))); + ExpectIntEQ(BIO_read(bio, buf, 6), 6); + ExpectIntEQ(XMEMCMP(buf, "secure", 6), 0); + XMEMSET(buf, 0, 16); + ExpectIntEQ(BIO_read(bio, buf, 16), 10); + ExpectIntEQ(XMEMCMP(buf, " your data", 10), 0); + /* You cannot write to MEM BIO with read-only mode. */ + ExpectIntEQ(BIO_write(bio, "WriteToReadonly", 15), 0); + ExpectIntEQ(BIO_read(bio, buf, 16), -1); + XMEMSET(buf, 0, 16); + ExpectIntEQ(BIO_reset(bio), 1); + ExpectIntEQ(BIO_read(bio, buf, 16), 16); + ExpectIntEQ(XMEMCMP(buf, "secure your data", 16), 0); + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_BIO_get_len(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && !defined(NO_FILESYSTEM) + BIO *bio = NULL; + const char txt[] = "Some example text to push to the BIO."; + + ExpectIntEQ(wolfSSL_BIO_get_len(bio), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectNotNull(bio = wolfSSL_BIO_new(wolfSSL_BIO_s_mem())); + + ExpectIntEQ(wolfSSL_BIO_write(bio, txt, sizeof(txt)), sizeof(txt)); + ExpectIntEQ(wolfSSL_BIO_get_len(bio), sizeof(txt)); + BIO_free(bio); + bio = NULL; + + ExpectNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE)); + ExpectIntEQ(wolfSSL_BIO_get_len(bio), WC_NO_ERR_TRACE(WOLFSSL_BAD_FILE)); + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +#endif /* !NO_BIO */ + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_bio.h b/test/ssl/wolfssl/tests/api/test_ossl_bio.h new file mode 100644 index 000000000..8bcbc743f --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_bio.h @@ -0,0 +1,65 @@ +/* test_ossl_bio.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_BIO_H +#define WOLFCRYPT_TEST_OSSL_BIO_H + +#include + +#ifndef NO_BIO +int test_wolfSSL_BIO_gets(void); +int test_wolfSSL_BIO_puts(void); +int test_wolfSSL_BIO_dump(void); +int test_wolfSSL_BIO_should_retry(void); +int test_wolfSSL_BIO_connect(void); +int test_wolfSSL_BIO_tls(void); +int test_wolfSSL_BIO_datagram(void); +int test_wolfSSL_BIO_s_null(void); +int test_wolfSSL_BIO_accept(void); +int test_wolfSSL_BIO_write(void); +int test_wolfSSL_BIO_printf(void); +int test_wolfSSL_BIO_f_md(void); +int test_wolfSSL_BIO_up_ref(void); +int test_wolfSSL_BIO_reset(void); +int test_wolfSSL_BIO_get_len(void); + +#define TEST_OSSL_BIO_DECLS \ + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_gets), \ + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_puts), \ + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_dump), \ + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_should_retry), \ + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_s_null), \ + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_write), \ + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_printf), \ + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_f_md), \ + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_up_ref), \ + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_reset), \ + TEST_DECL_GROUP("ossl_bio", test_wolfSSL_BIO_get_len) + +#define TEST_OSSL_BIO_TLS_DECLS \ + TEST_DECL_GROUP("ossl_bio_tls", test_wolfSSL_BIO_connect), \ + TEST_DECL_GROUP("ossl_bio_tls", test_wolfSSL_BIO_accept), \ + TEST_DECL_GROUP("ossl_bio_tls", test_wolfSSL_BIO_tls), \ + TEST_DECL_GROUP("ossl_bio_tls", test_wolfSSL_BIO_datagram) + +#endif + +#endif /* WOLFCRYPT_TEST_OSSL_BIO_H */ diff --git a/test/ssl/wolfssl/tests/api/test_ossl_bn.c b/test/ssl/wolfssl/tests/api/test_ossl_bn.c new file mode 100644 index 000000000..176772eec --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_bn.c @@ -0,0 +1,1090 @@ +/* test_ossl_bn.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/******************************************************************************* + * BN OpenSSL compatibility API Testing + ******************************************************************************/ + +int test_wolfSSL_BN_CTX(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ + !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) + WOLFSSL_BN_CTX* bn_ctx = NULL; + + ExpectNotNull(bn_ctx = BN_CTX_new()); + + ExpectNull(BN_CTX_get(NULL)); + ExpectNotNull(BN_CTX_get(bn_ctx)); + ExpectNotNull(BN_CTX_get(bn_ctx)); + ExpectNotNull(BN_CTX_get(bn_ctx)); + ExpectNotNull(BN_CTX_get(bn_ctx)); + ExpectNotNull(BN_CTX_get(bn_ctx)); + ExpectNotNull(BN_CTX_get(bn_ctx)); + +#ifndef NO_WOLFSSL_STUB + /* No implementation. */ + BN_CTX_start(NULL); + BN_CTX_start(bn_ctx); + BN_CTX_init(NULL); +#endif + + BN_CTX_free(NULL); + BN_CTX_free(bn_ctx); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_BN(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ + !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) + BIGNUM* a = NULL; + BIGNUM* b = NULL; + BIGNUM* c = NULL; + BIGNUM* d = NULL; + BIGNUM emptyBN; + + /* Setup */ + XMEMSET(&emptyBN, 0, sizeof(emptyBN)); + /* internal not set emptyBN. */ + + ExpectNotNull(a = BN_new()); + ExpectNotNull(b = BN_new()); + ExpectNotNull(c = BN_dup(b)); + ExpectNotNull(d = BN_new()); + + /* Invalid parameter testing. */ + BN_free(NULL); + ExpectNull(BN_dup(NULL)); + ExpectNull(BN_dup(&emptyBN)); + + ExpectNull(BN_copy(NULL, NULL)); + ExpectNull(BN_copy(b, NULL)); + ExpectNull(BN_copy(NULL, c)); + ExpectNull(BN_copy(b, &emptyBN)); + ExpectNull(BN_copy(&emptyBN, c)); + + BN_clear(NULL); + BN_clear(&emptyBN); + + ExpectIntEQ(BN_num_bytes(NULL), 0); + ExpectIntEQ(BN_num_bytes(&emptyBN), 0); + + ExpectIntEQ(BN_num_bits(NULL), 0); + ExpectIntEQ(BN_num_bits(&emptyBN), 0); + + ExpectIntEQ(BN_is_negative(NULL), 0); + ExpectIntEQ(BN_is_negative(&emptyBN), 0); + /* END Invalid Parameters */ + + ExpectIntEQ(BN_set_word(a, 3), SSL_SUCCESS); + ExpectIntEQ(BN_set_word(b, 2), SSL_SUCCESS); + ExpectIntEQ(BN_set_word(c, 5), SSL_SUCCESS); + + ExpectIntEQ(BN_num_bits(a), 2); + ExpectIntEQ(BN_num_bytes(a), 1); + +#if !defined(WOLFSSL_SP_MATH) && (!defined(WOLFSSL_SP_MATH_ALL) || \ + defined(WOLFSSL_SP_INT_NEGATIVE)) + ExpectIntEQ(BN_set_word(a, 1), SSL_SUCCESS); + ExpectIntEQ(BN_set_word(b, 5), SSL_SUCCESS); + ExpectIntEQ(BN_is_word(a, (WOLFSSL_BN_ULONG)BN_get_word(a)), SSL_SUCCESS); + ExpectIntEQ(BN_is_word(a, 3), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(BN_sub(c, a, b), SSL_SUCCESS); +#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) + { + /* Do additional tests on negative BN conversions. */ + char* ret = NULL; + ASN1_INTEGER* asn1 = NULL; + BIGNUM* tmp = NULL; + + /* Sanity check we have a negative BN. */ + ExpectIntEQ(BN_is_negative(c), 1); + ExpectNotNull(ret = BN_bn2dec(c)); + ExpectIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0); + XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL); + ret = NULL; + + /* Convert to ASN1_INTEGER and back to BN. */ + ExpectNotNull(asn1 = BN_to_ASN1_INTEGER(c, NULL)); + ExpectNotNull(tmp = ASN1_INTEGER_to_BN(asn1, NULL)); + + /* After converting back BN should be negative and correct. */ + ExpectIntEQ(BN_is_negative(tmp), 1); + ExpectNotNull(ret = BN_bn2dec(tmp)); + ExpectIntEQ(XMEMCMP(ret, "-4", sizeof("-4")), 0); + XFREE(ret, NULL, DYNAMIC_TYPE_OPENSSL); + ASN1_INTEGER_free(asn1); + BN_free(tmp); + } +#endif + ExpectIntEQ(BN_get_word(c), 4); +#endif + + ExpectIntEQ(BN_set_word(a, 3), 1); + ExpectIntEQ(BN_set_word(b, 3), 1); + ExpectIntEQ(BN_set_word(c, 4), 1); + + /* NULL == NULL, NULL < num, num > NULL */ + ExpectIntEQ(BN_cmp(NULL, NULL), 0); + ExpectIntEQ(BN_cmp(&emptyBN, &emptyBN), 0); + ExpectIntLT(BN_cmp(NULL, b), 0); + ExpectIntLT(BN_cmp(&emptyBN, b), 0); + ExpectIntGT(BN_cmp(a, NULL), 0); + ExpectIntGT(BN_cmp(a, &emptyBN), 0); + + ExpectIntEQ(BN_cmp(a, b), 0); + ExpectIntLT(BN_cmp(a, c), 0); + ExpectIntGT(BN_cmp(c, b), 0); + +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) + ExpectIntEQ(BN_print_fp(XBADFILE, NULL), 0); + ExpectIntEQ(BN_print_fp(XBADFILE, &emptyBN), 0); + ExpectIntEQ(BN_print_fp(stderr, NULL), 0); + ExpectIntEQ(BN_print_fp(stderr, &emptyBN), 0); + ExpectIntEQ(BN_print_fp(XBADFILE, a), 0); + + ExpectIntEQ(BN_print_fp(stderr, a), 1); +#endif + + BN_clear(a); + + BN_free(a); + BN_free(b); + BN_free(c); + BN_clear_free(d); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_BN_init(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ + !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) +#if !defined(USE_INTEGER_HEAP_MATH) && !defined(HAVE_WOLF_BIGINT) + BIGNUM* ap = NULL; + BIGNUM bv; + BIGNUM cv; + BIGNUM dv; + + ExpectNotNull(ap = BN_new()); + + BN_init(NULL); + XMEMSET(&bv, 0, sizeof(bv)); + ExpectNull(BN_dup(&bv)); + + BN_init(&bv); + BN_init(&cv); + BN_init(&dv); + + ExpectIntEQ(BN_set_word(ap, 3), SSL_SUCCESS); + ExpectIntEQ(BN_set_word(&bv, 2), SSL_SUCCESS); + ExpectIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS); + + /* a^b mod c = */ + ExpectIntEQ(BN_mod_exp(&dv, NULL, &bv, &cv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(BN_mod_exp(&dv, ap, &bv, &cv, NULL), WOLFSSL_SUCCESS); + + /* check result 3^2 mod 5 */ + ExpectIntEQ(BN_get_word(&dv), 4); + + /* a*b mod c = */ + ExpectIntEQ(BN_mod_mul(&dv, NULL, &bv, &cv, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(BN_mod_mul(&dv, ap, &bv, &cv, NULL), SSL_SUCCESS); + + /* check result 3*2 mod 5 */ + ExpectIntEQ(BN_get_word(&dv), 1); + + { + BN_MONT_CTX* montCtx = NULL; + ExpectNotNull(montCtx = BN_MONT_CTX_new()); + + ExpectIntEQ(BN_MONT_CTX_set(montCtx, &cv, NULL), SSL_SUCCESS); + ExpectIntEQ(BN_set_word(&bv, 2), SSL_SUCCESS); + ExpectIntEQ(BN_set_word(&cv, 5), SSL_SUCCESS); + ExpectIntEQ(BN_mod_exp_mont_word(&dv, 3, &bv, &cv, NULL, NULL), + WOLFSSL_SUCCESS); + /* check result 3^2 mod 5 */ + ExpectIntEQ(BN_get_word(&dv), 4); + + BN_MONT_CTX_free(montCtx); + } + + BN_free(ap); +#endif +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_BN_enc_dec(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(WOLFSSL_SP_MATH) + BIGNUM* a = NULL; + BIGNUM* b = NULL; + BIGNUM* c = NULL; + BIGNUM emptyBN; + char* str = NULL; + const char* emptyStr = ""; + const char* numberStr = "12345"; + const char* badStr = "g12345"; +#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) + const char* twoStr = "2"; +#endif + unsigned char binNum[] = { 0x01, 0x02, 0x03, 0x04, 0x05 }; + unsigned char outNum[5]; + + /* Setup */ + XMEMSET(&emptyBN, 0, sizeof(emptyBN)); + ExpectNotNull(a = BN_new()); + ExpectNotNull(b = BN_new()); + + /* Invalid parameters */ + ExpectIntEQ(BN_bn2bin(NULL, NULL), -1); + ExpectIntEQ(BN_bn2bin(&emptyBN, NULL), -1); + ExpectIntEQ(BN_bn2bin(NULL, outNum), -1); + ExpectIntEQ(BN_bn2bin(&emptyBN, outNum), -1); + ExpectNull(BN_bn2hex(NULL)); + ExpectNull(BN_bn2hex(&emptyBN)); + ExpectNull(BN_bn2dec(NULL)); + ExpectNull(BN_bn2dec(&emptyBN)); + + ExpectNotNull(c = BN_bin2bn(NULL, 0, NULL)); + BN_clear(c); + BN_free(c); + c = NULL; + + ExpectNotNull(BN_bin2bn(NULL, sizeof(binNum), a)); + BN_free(a); + a = NULL; + ExpectNotNull(a = BN_new()); + ExpectIntEQ(BN_set_word(a, 2), 1); + ExpectNull(BN_bin2bn(binNum, -1, a)); + ExpectNull(BN_bin2bn(binNum, -1, NULL)); + ExpectNull(BN_bin2bn(binNum, sizeof(binNum), &emptyBN)); + + ExpectIntEQ(BN_hex2bn(NULL, NULL), 0); + ExpectIntEQ(BN_hex2bn(NULL, numberStr), 0); + ExpectIntEQ(BN_hex2bn(&a, NULL), 0); + ExpectIntEQ(BN_hex2bn(&a, emptyStr), 0); + ExpectIntEQ(BN_hex2bn(&a, badStr), 0); + ExpectIntEQ(BN_hex2bn(&c, badStr), 0); + + ExpectIntEQ(BN_dec2bn(NULL, NULL), 0); + ExpectIntEQ(BN_dec2bn(NULL, numberStr), 0); + ExpectIntEQ(BN_dec2bn(&a, NULL), 0); + ExpectIntEQ(BN_dec2bn(&a, emptyStr), 0); + ExpectIntEQ(BN_dec2bn(&a, badStr), 0); + ExpectIntEQ(BN_dec2bn(&c, badStr), 0); + + ExpectIntEQ(BN_set_word(a, 2), 1); + + ExpectIntEQ(BN_bn2bin(a, NULL), 1); + ExpectIntEQ(BN_bn2bin(a, outNum), 1); + ExpectNotNull(BN_bin2bn(outNum, 1, b)); + ExpectIntEQ(BN_cmp(a, b), 0); + ExpectNotNull(BN_bin2bn(binNum, sizeof(binNum), b)); + ExpectIntEQ(BN_cmp(a, b), -1); + + ExpectNotNull(str = BN_bn2hex(a)); + ExpectNotNull(BN_hex2bn(&b, str)); + ExpectIntEQ(BN_cmp(a, b), 0); + ExpectNotNull(BN_hex2bn(&b, numberStr)); + ExpectIntEQ(BN_cmp(a, b), -1); + XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL); + str = NULL; + +#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) + ExpectNotNull(str = BN_bn2dec(a)); + ExpectStrEQ(str, twoStr); + XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL); + str = NULL; + +#ifndef NO_RSA + ExpectNotNull(str = BN_bn2dec(a)); + ExpectNotNull(BN_dec2bn(&b, str)); + ExpectIntEQ(BN_cmp(a, b), 0); + ExpectNotNull(BN_dec2bn(&b, numberStr)); + ExpectIntEQ(BN_cmp(a, b), -1); + XFREE(str, NULL, DYNAMIC_TYPE_OPENSSL); + str = NULL; +#else + /* No implementation - fail with good parameters. */ + ExpectIntEQ(BN_dec2bn(&a, numberStr), 0); +#endif +#endif + + BN_free(b); + BN_free(a); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_BN_word(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && !defined(WOLFSSL_SP_MATH) + BIGNUM* a = NULL; + BIGNUM* b = NULL; + BIGNUM* c = NULL; + BIGNUM av; + + ExpectNotNull(a = BN_new()); + ExpectNotNull(b = BN_new()); + ExpectNotNull(c = BN_new()); + XMEMSET(&av, 0, sizeof(av)); + + /* Invalid parameter. */ + ExpectIntEQ(BN_add_word(NULL, 3), 0); + ExpectIntEQ(BN_add_word(&av, 3), 0); + ExpectIntEQ(BN_sub_word(NULL, 3), 0); + ExpectIntEQ(BN_sub_word(&av, 3), 0); + ExpectIntEQ(BN_set_word(NULL, 3), 0); + ExpectIntEQ(BN_set_word(&av, 3), 0); + ExpectIntEQ(BN_get_word(NULL), 0); + ExpectIntEQ(BN_get_word(&av), 0); + ExpectIntEQ(BN_is_word(NULL, 3), 0); + ExpectIntEQ(BN_is_word(&av, 3), 0); +#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \ + !defined(NO_DSA)) + ExpectIntEQ(BN_mod_word(NULL, 3), -1); + ExpectIntEQ(BN_mod_word(&av, 3), -1); +#endif + ExpectIntEQ(BN_one(NULL), 0); + ExpectIntEQ(BN_one(&av), 0); + BN_zero(NULL); + BN_zero(&av); + ExpectIntEQ(BN_is_one(NULL), 0); + ExpectIntEQ(BN_is_one(&av), 0); + ExpectIntEQ(BN_is_zero(NULL), 0); + ExpectIntEQ(BN_is_zero(&av), 0); + + ExpectIntEQ(BN_set_word(a, 3), 1); + ExpectIntEQ(BN_set_word(b, 2), 1); + ExpectIntEQ(BN_set_word(c, 5), 1); + + /* a + 3 = */ + ExpectIntEQ(BN_add_word(a, 3), 1); + + /* check result 3 + 3*/ + ExpectIntEQ(BN_get_word(a), 6); + ExpectIntEQ(BN_is_word(a, 6), 1); + ExpectIntEQ(BN_is_word(a, 5), 0); + + /* set a back to 3 */ + ExpectIntEQ(BN_set_word(a, 3), 1); + + /* a - 3 = */ + ExpectIntEQ(BN_sub_word(a, 3), 1); + + /* check result 3 - 3*/ + ExpectIntEQ(BN_get_word(a), 0); + + ExpectIntEQ(BN_one(a), 1); + ExpectIntEQ(BN_is_word(a, 1), 1); + ExpectIntEQ(BN_is_word(a, 0), 0); + ExpectIntEQ(BN_is_one(a), 1); + ExpectIntEQ(BN_is_zero(a), 0); + BN_zero(a); + ExpectIntEQ(BN_is_word(a, 0), 1); + ExpectIntEQ(BN_is_word(a, 1), 0); + ExpectIntEQ(BN_is_zero(a), 1); + ExpectIntEQ(BN_is_one(a), 0); + +#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || \ + !defined(NO_DSA)) + ExpectIntEQ(BN_set_word(a, 5), 1); + ExpectIntEQ(BN_mod_word(a, 3), 2); + ExpectIntEQ(BN_mod_word(a, 0), -1); +#endif + + ExpectIntEQ(BN_set_word(a, 5), 1); + ExpectIntEQ(BN_mul_word(a, 5), 1); + /* check result 5 * 5 */ + ExpectIntEQ(BN_get_word(a), 25); +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) + ExpectIntEQ(BN_div_word(a, 5), 1); + /* check result 25 / 5 */ + ExpectIntEQ(BN_get_word(a), 5); +#endif + + BN_free(c); + BN_free(b); + BN_free(a); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_BN_bits(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ + !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) + BIGNUM* a = NULL; + BIGNUM emptyBN; + + /* Setup */ + XMEMSET(&emptyBN, 0, sizeof(emptyBN)); + ExpectNotNull(a = BN_new()); + + /* Invalid parameters. */ + ExpectIntEQ(BN_set_bit(NULL, 1), 0); + ExpectIntEQ(BN_set_bit(&emptyBN, 1), 0); + ExpectIntEQ(BN_set_bit(a, -1), 0); + ExpectIntEQ(BN_clear_bit(NULL, 1), 0); + ExpectIntEQ(BN_clear_bit(&emptyBN, 1), 0); + ExpectIntEQ(BN_clear_bit(a, -1), 0); + ExpectIntEQ(BN_is_bit_set(NULL, 1), 0); + ExpectIntEQ(BN_is_bit_set(&emptyBN, 1), 0); + ExpectIntEQ(BN_is_bit_set(a, -1), 0); + ExpectIntEQ(BN_is_odd(NULL), 0); + ExpectIntEQ(BN_is_odd(&emptyBN), 0); + + ExpectIntEQ(BN_set_word(a, 0), 1); + ExpectIntEQ(BN_is_zero(a), 1); + ExpectIntEQ(BN_set_bit(a, 0x45), 1); + ExpectIntEQ(BN_is_zero(a), 0); + ExpectIntEQ(BN_is_bit_set(a, 0x45), 1); + ExpectIntEQ(BN_clear_bit(a, 0x45), 1); + ExpectIntEQ(BN_is_bit_set(a, 0x45), 0); + ExpectIntEQ(BN_is_zero(a), 1); + + ExpectIntEQ(BN_set_bit(a, 0), 1); + ExpectIntEQ(BN_is_odd(a), 1); + ExpectIntEQ(BN_clear_bit(a, 0), 1); + ExpectIntEQ(BN_is_odd(a), 0); + ExpectIntEQ(BN_set_bit(a, 1), 1); + ExpectIntEQ(BN_is_odd(a), 0); + + ExpectIntEQ(BN_set_bit(a, 129), 1); + ExpectIntEQ(BN_get_word(a), WOLFSSL_BN_MAX_VAL); + +#ifndef NO_WOLFSSL_STUB + ExpectIntEQ(BN_mask_bits(a, 1), 0); +#endif + + BN_free(a); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_BN_shift(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ + !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) + BIGNUM* a = NULL; + BIGNUM* b = NULL; + BIGNUM emptyBN; + + /* Setup */ + XMEMSET(&emptyBN, 0, sizeof(emptyBN)); + ExpectNotNull(a = BN_new()); + ExpectNotNull(b = BN_new()); + + /* Invalid parameters. */ + ExpectIntEQ(BN_lshift(NULL, NULL, 1), 0); + ExpectIntEQ(BN_lshift(&emptyBN, NULL, 1), 0); + ExpectIntEQ(BN_lshift(NULL, &emptyBN, 1), 0); + ExpectIntEQ(BN_lshift(b, NULL, 1), 0); + ExpectIntEQ(BN_lshift(b, &emptyBN, 1), 0); + ExpectIntEQ(BN_lshift(NULL, a, 1), 0); + ExpectIntEQ(BN_lshift(&emptyBN, a, 1), 0); + ExpectIntEQ(BN_lshift(b, a, -1), 0); + + ExpectIntEQ(BN_rshift(NULL, NULL, 1), 0); + ExpectIntEQ(BN_rshift(&emptyBN, NULL, 1), 0); + ExpectIntEQ(BN_rshift(NULL, &emptyBN, 1), 0); + ExpectIntEQ(BN_rshift(b, NULL, 1), 0); + ExpectIntEQ(BN_rshift(b, &emptyBN, 1), 0); + ExpectIntEQ(BN_rshift(NULL, a, 1), 0); + ExpectIntEQ(BN_rshift(&emptyBN, a, 1), 0); + ExpectIntEQ(BN_rshift(b, a, -1), 0); + + ExpectIntEQ(BN_set_word(a, 1), 1); + ExpectIntEQ(BN_lshift(b, a, 1), 1); + ExpectIntEQ(BN_is_word(b, 2), 1); + ExpectIntEQ(BN_lshift(a, a, 1), 1); + ExpectIntEQ(BN_is_word(a, 2), 1); + ExpectIntEQ(BN_rshift(b, a, 1), 1); + ExpectIntEQ(BN_is_word(b, 1), 1); + ExpectIntEQ(BN_rshift(a, a, 1), 1); + ExpectIntEQ(BN_is_word(a, 1), 1); + + BN_free(b); + BN_free(a); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_BN_math(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ + !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) + BIGNUM* a = NULL; + BIGNUM* b = NULL; + BIGNUM* r = NULL; + BIGNUM* rem = NULL; + BIGNUM emptyBN; + BN_ULONG val1; + BN_ULONG val2; + + /* Setup */ + XMEMSET(&emptyBN, 0, sizeof(emptyBN)); + ExpectNotNull(a = BN_new()); + ExpectNotNull(b = BN_new()); + ExpectNotNull(r = BN_new()); + ExpectNotNull(rem = BN_new()); + + /* Invalid parameters. */ + ExpectIntEQ(BN_add(NULL, NULL, NULL), 0); + ExpectIntEQ(BN_add(r, NULL, NULL), 0); + ExpectIntEQ(BN_add(NULL, a, NULL), 0); + ExpectIntEQ(BN_add(NULL, NULL, b), 0); + ExpectIntEQ(BN_add(r, a, NULL), 0); + ExpectIntEQ(BN_add(r, NULL, b), 0); + ExpectIntEQ(BN_add(NULL, a, b), 0); + + ExpectIntEQ(BN_add(&emptyBN, &emptyBN, &emptyBN), 0); + ExpectIntEQ(BN_add(r, &emptyBN, &emptyBN), 0); + ExpectIntEQ(BN_add(&emptyBN, a, &emptyBN), 0); + ExpectIntEQ(BN_add(&emptyBN, &emptyBN, b), 0); + ExpectIntEQ(BN_add(r, a, &emptyBN), 0); + ExpectIntEQ(BN_add(r, &emptyBN, b), 0); + ExpectIntEQ(BN_add(&emptyBN, a, b), 0); + + ExpectIntEQ(BN_sub(NULL, NULL, NULL), 0); + ExpectIntEQ(BN_sub(r, NULL, NULL), 0); + ExpectIntEQ(BN_sub(NULL, a, NULL), 0); + ExpectIntEQ(BN_sub(NULL, NULL, b), 0); + ExpectIntEQ(BN_sub(r, a, NULL), 0); + ExpectIntEQ(BN_sub(r, NULL, b), 0); + ExpectIntEQ(BN_sub(NULL, a, b), 0); + + ExpectIntEQ(BN_sub(&emptyBN, &emptyBN, &emptyBN), 0); + ExpectIntEQ(BN_sub(r, &emptyBN, &emptyBN), 0); + ExpectIntEQ(BN_sub(&emptyBN, a, &emptyBN), 0); + ExpectIntEQ(BN_sub(&emptyBN, &emptyBN, b), 0); + ExpectIntEQ(BN_sub(r, a, &emptyBN), 0); + ExpectIntEQ(BN_sub(r, &emptyBN, b), 0); + ExpectIntEQ(BN_sub(&emptyBN, a, b), 0); + + ExpectIntEQ(BN_mul(NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_mul(r, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_mul(NULL, a, NULL, NULL), 0); + ExpectIntEQ(BN_mul(NULL, NULL, b, NULL), 0); + ExpectIntEQ(BN_mul(r, a, NULL, NULL), 0); + ExpectIntEQ(BN_mul(r, NULL, b, NULL), 0); + ExpectIntEQ(BN_mul(NULL, a, b, NULL), 0); + + ExpectIntEQ(BN_mul(&emptyBN, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mul(r, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mul(&emptyBN, a, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mul(&emptyBN, &emptyBN, b, NULL), 0); + ExpectIntEQ(BN_mul(r, a, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mul(r, &emptyBN, b, NULL), 0); + ExpectIntEQ(BN_mul(&emptyBN, a, b, NULL), 0); + + ExpectIntEQ(BN_div(NULL, NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_div(r, NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_div(NULL, rem, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_div(NULL, NULL, a, NULL, NULL), 0); + ExpectIntEQ(BN_div(NULL, NULL, NULL, b, NULL), 0); + ExpectIntEQ(BN_div(NULL, rem, a, b, NULL), 0); + ExpectIntEQ(BN_div(r, NULL, a, b, NULL), 0); + ExpectIntEQ(BN_div(r, rem, NULL, b, NULL), 0); + ExpectIntEQ(BN_div(r, rem, a, NULL, NULL), 0); + + ExpectIntEQ(BN_div(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_div(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_div(&emptyBN, rem, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_div(&emptyBN, &emptyBN, a, &emptyBN, NULL), 0); + ExpectIntEQ(BN_div(&emptyBN, &emptyBN, &emptyBN, b, NULL), 0); + ExpectIntEQ(BN_div(&emptyBN, rem, a, b, NULL), 0); + ExpectIntEQ(BN_div(r, &emptyBN, a, b, NULL), 0); + ExpectIntEQ(BN_div(r, rem, &emptyBN, b, NULL), 0); + ExpectIntEQ(BN_div(r, rem, a, &emptyBN, NULL), 0); + + ExpectIntEQ(BN_mod(NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_mod(r, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_mod(NULL, a, NULL, NULL), 0); + ExpectIntEQ(BN_mod(NULL, NULL, b, NULL), 0); + ExpectIntEQ(BN_mod(r, a, NULL, NULL), 0); + ExpectIntEQ(BN_mod(r, NULL, b, NULL), 0); + ExpectIntEQ(BN_mod(NULL, a, b, NULL), 0); + + ExpectIntEQ(BN_mod(&emptyBN, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mod(r, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mod(&emptyBN, a, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mod(&emptyBN, &emptyBN, b, NULL), 0); + ExpectIntEQ(BN_mod(r, a, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mod(r, &emptyBN, b, NULL), 0); + ExpectIntEQ(BN_mod(&emptyBN, a, b, NULL), 0); + /* END Invalid parameters. */ + + val1 = 8; + val2 = 3; + ExpectIntEQ(BN_set_word(a, val1), 1); + ExpectIntEQ(BN_set_word(b, val2), 1); + ExpectIntEQ(BN_add(r, a, b), 1); + ExpectIntEQ(BN_is_word(r, val1 + val2), 1); + ExpectIntEQ(BN_sub(r, a, b), 1); + ExpectIntEQ(BN_is_word(r, val1 - val2), 1); + ExpectIntEQ(BN_mul(r, a, b, NULL), 1); + ExpectIntEQ(BN_is_word(r, val1 * val2), 1); + ExpectIntEQ(BN_div(r, rem, a, b, NULL), 1); + ExpectIntEQ(BN_is_word(r, val1 / val2), 1); + ExpectIntEQ(BN_is_word(rem, val1 % val2), 1); + ExpectIntEQ(BN_mod(r, a, b, NULL), 1); + ExpectIntEQ(BN_is_word(r, val1 % val2), 1); + + BN_free(rem); + BN_free(r); + BN_free(b); + BN_free(a); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_BN_math_mod(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ + !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) + BIGNUM* a = NULL; + BIGNUM* b = NULL; + BIGNUM* m = NULL; + BIGNUM* r = NULL; + BIGNUM* t = NULL; + BIGNUM emptyBN; + BN_ULONG val1; + BN_ULONG val2; + BN_ULONG val3; + + /* Setup */ + XMEMSET(&emptyBN, 0, sizeof(emptyBN)); + ExpectNotNull(a = BN_new()); + ExpectNotNull(b = BN_new()); + ExpectNotNull(m = BN_new()); + ExpectNotNull(r = BN_new()); + + /* Invalid parameters. */ + ExpectIntEQ(BN_mod_add(NULL, NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_mod_add(r, NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_mod_add(NULL, a, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_mod_add(NULL, NULL, b, NULL, NULL), 0); + ExpectIntEQ(BN_mod_add(NULL, NULL, NULL, m, NULL), 0); + ExpectIntEQ(BN_mod_add(NULL, a, b, m, NULL), 0); + ExpectIntEQ(BN_mod_add(r, NULL, b, m, NULL), 0); + ExpectIntEQ(BN_mod_add(r, a, NULL, m, NULL), 0); + ExpectIntEQ(BN_mod_add(r, a, m, NULL, NULL), 0); + + ExpectIntEQ(BN_mod_add(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mod_add(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mod_add(&emptyBN, a, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mod_add(&emptyBN, &emptyBN, b, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mod_add(&emptyBN, &emptyBN, &emptyBN, m, NULL), 0); + ExpectIntEQ(BN_mod_add(&emptyBN, a, b, m, NULL), 0); + ExpectIntEQ(BN_mod_add(r, &emptyBN, b, m, NULL), 0); + ExpectIntEQ(BN_mod_add(r, a, &emptyBN, m, NULL), 0); + ExpectIntEQ(BN_mod_add(r, a, m, &emptyBN, NULL), 0); + + ExpectIntEQ(BN_mod_mul(NULL, NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_mod_mul(r, NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_mod_mul(NULL, a, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_mod_mul(NULL, NULL, b, NULL, NULL), 0); + ExpectIntEQ(BN_mod_mul(NULL, NULL, NULL, m, NULL), 0); + ExpectIntEQ(BN_mod_mul(NULL, a, b, m, NULL), 0); + ExpectIntEQ(BN_mod_mul(r, NULL, b, m, NULL), 0); + ExpectIntEQ(BN_mod_mul(r, a, NULL, m, NULL), 0); + ExpectIntEQ(BN_mod_mul(r, a, m, NULL, NULL), 0); + + ExpectIntEQ(BN_mod_mul(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mod_mul(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mod_mul(&emptyBN, a, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mod_mul(&emptyBN, &emptyBN, b, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mod_mul(&emptyBN, &emptyBN, &emptyBN, m, NULL), 0); + ExpectIntEQ(BN_mod_mul(&emptyBN, a, b, m, NULL), 0); + ExpectIntEQ(BN_mod_mul(r, &emptyBN, b, m, NULL), 0); + ExpectIntEQ(BN_mod_mul(r, a, &emptyBN, m, NULL), 0); + ExpectIntEQ(BN_mod_mul(r, a, m, &emptyBN, NULL), 0); + + ExpectIntEQ(BN_mod_exp(NULL, NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_mod_exp(r, NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_mod_exp(NULL, a, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_mod_exp(NULL, NULL, b, NULL, NULL), 0); + ExpectIntEQ(BN_mod_exp(NULL, NULL, NULL, m, NULL), 0); + ExpectIntEQ(BN_mod_exp(NULL, a, b, m, NULL), 0); + ExpectIntEQ(BN_mod_exp(r, NULL, b, m, NULL), 0); + ExpectIntEQ(BN_mod_exp(r, a, NULL, m, NULL), 0); + ExpectIntEQ(BN_mod_exp(r, a, m, NULL, NULL), 0); + + ExpectIntEQ(BN_mod_exp(&emptyBN, &emptyBN, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mod_exp(r, &emptyBN, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mod_exp(&emptyBN, a, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mod_exp(&emptyBN, &emptyBN, b, &emptyBN, NULL), 0); + ExpectIntEQ(BN_mod_exp(&emptyBN, &emptyBN, &emptyBN, m, NULL), 0); + ExpectIntEQ(BN_mod_exp(&emptyBN, a, b, m, NULL), 0); + ExpectIntEQ(BN_mod_exp(r, &emptyBN, b, m, NULL), 0); + ExpectIntEQ(BN_mod_exp(r, a, &emptyBN, m, NULL), 0); + ExpectIntEQ(BN_mod_exp(r, a, m, &emptyBN, NULL), 0); + + ExpectNull(BN_mod_inverse(r, NULL, NULL, NULL)); + ExpectNull(BN_mod_inverse(r, a, NULL, NULL)); + ExpectNull(BN_mod_inverse(r, NULL, m, NULL)); + ExpectNull(BN_mod_inverse(r, NULL, m, NULL)); + ExpectNull(BN_mod_inverse(r, a, NULL, NULL)); + + ExpectNull(BN_mod_inverse(&emptyBN, &emptyBN, &emptyBN, NULL)); + ExpectNull(BN_mod_inverse(r, &emptyBN, &emptyBN, NULL)); + ExpectNull(BN_mod_inverse(&emptyBN, a, &emptyBN, NULL)); + ExpectNull(BN_mod_inverse(&emptyBN, &emptyBN, m, NULL)); + ExpectNull(BN_mod_inverse(&emptyBN, a, m, NULL)); + ExpectNull(BN_mod_inverse(r, &emptyBN, m, NULL)); + ExpectNull(BN_mod_inverse(r, a, &emptyBN, NULL)); + /* END Invalid parameters. */ + + val1 = 9; + val2 = 13; + val3 = 5; + ExpectIntEQ(BN_set_word(a, val1), 1); + ExpectIntEQ(BN_set_word(b, val2), 1); + ExpectIntEQ(BN_set_word(m, val3), 1); + ExpectIntEQ(BN_mod_add(r, a, b, m, NULL), 1); + ExpectIntEQ(BN_is_word(r, (val1 + val2) % val3), 1); + ExpectIntEQ(BN_mod_mul(r, a, b, m, NULL), 1); + ExpectIntEQ(BN_is_word(r, (val1 * val2) % val3), 1); + + ExpectIntEQ(BN_set_word(a, 2), 1); + ExpectIntEQ(BN_set_word(b, 3), 1); + ExpectIntEQ(BN_set_word(m, 5), 1); + /* (2 ^ 3) % 5 = 8 % 5 = 3 */ + ExpectIntEQ(BN_mod_exp(r, a, b, m, NULL), 1); + ExpectIntEQ(BN_is_word(r, 3), 1); + + /* (2 * 3) % 5 = 6 % 5 = 1 => inv = 3 */ + ExpectNotNull(BN_mod_inverse(r, a, m, NULL)); + ExpectIntEQ(BN_is_word(r, 3), 1); + ExpectNotNull(t = BN_mod_inverse(NULL, a, m, NULL)); + ExpectIntEQ(BN_is_word(t, 3), 1); + BN_free(t); + /* No inverse case. No inverse when a divides b. */ + ExpectIntEQ(BN_set_word(a, 3), 1); + ExpectIntEQ(BN_set_word(m, 9), 1); + ExpectNull(BN_mod_inverse(r, a, m, NULL)); + + BN_free(r); + BN_free(m); + BN_free(b); + BN_free(a); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_BN_math_other(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ + !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + BIGNUM* a = NULL; + BIGNUM* b = NULL; + BIGNUM* r = NULL; + BIGNUM emptyBN; + + /* Setup */ + XMEMSET(&emptyBN, 0, sizeof(emptyBN)); + ExpectNotNull(a = BN_new()); + ExpectNotNull(b = BN_new()); + ExpectNotNull(r = BN_new()); + + /* Invalid parameters. */ + ExpectIntEQ(BN_gcd(NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_gcd(r, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_gcd(NULL, a, NULL, NULL), 0); + ExpectIntEQ(BN_gcd(NULL, NULL, b, NULL), 0); + ExpectIntEQ(BN_gcd(NULL, a, b, NULL), 0); + ExpectIntEQ(BN_gcd(r, NULL, b, NULL), 0); + ExpectIntEQ(BN_gcd(r, a, NULL, NULL), 0); + + ExpectIntEQ(BN_gcd(&emptyBN, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_gcd(r, &emptyBN, &emptyBN, NULL), 0); + ExpectIntEQ(BN_gcd(&emptyBN, a, &emptyBN, NULL), 0); + ExpectIntEQ(BN_gcd(&emptyBN, &emptyBN, b, NULL), 0); + ExpectIntEQ(BN_gcd(&emptyBN, a, b, NULL), 0); + ExpectIntEQ(BN_gcd(r, &emptyBN, b, NULL), 0); + ExpectIntEQ(BN_gcd(r, a, &emptyBN, NULL), 0); + /* END Invalid parameters. */ + + /* No common factors between 2 and 3. */ + ExpectIntEQ(BN_set_word(a, 2), 1); + ExpectIntEQ(BN_set_word(b, 3), 1); + ExpectIntEQ(BN_gcd(r, a, b, NULL), 1); + ExpectIntEQ(BN_is_word(r, 1), 1); + /* 3 is largest value that divides both 6 and 9. */ + ExpectIntEQ(BN_set_word(a, 6), 1); + ExpectIntEQ(BN_set_word(b, 9), 1); + ExpectIntEQ(BN_gcd(r, a, b, NULL), 1); + ExpectIntEQ(BN_is_word(r, 3), 1); + /* GCD of 0 and 0 is undefined. */ + ExpectIntEQ(BN_set_word(a, 0), 1); + ExpectIntEQ(BN_set_word(b, 0), 1); + ExpectIntEQ(BN_gcd(r, a, b, NULL), 0); + + /* Teardown */ + BN_free(r); + BN_free(b); + BN_free(a); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_BN_rand(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(OPENSSL_EXTRA_NO_BN) + BIGNUM* bn = NULL; + BIGNUM* range = NULL; + BIGNUM emptyBN; + + XMEMSET(&emptyBN, 0, sizeof(emptyBN)); + ExpectNotNull(bn = BN_new()); + ExpectNotNull(range = BN_new()); + + /* Invalid parameters. */ + ExpectIntEQ(BN_rand(NULL, -1, 0, 0), 0); + ExpectIntEQ(BN_rand(bn, -1, 0, 0), 0); + ExpectIntEQ(BN_rand(NULL, 1, 0, 0), 0); + ExpectIntEQ(BN_rand(&emptyBN, -1, 0, 0), 0); + ExpectIntEQ(BN_rand(bn, -1, 0, 0), 0); + ExpectIntEQ(BN_rand(&emptyBN, 1, 0, 0), 0); + + ExpectIntEQ(BN_pseudo_rand(NULL, -1, 0, 0), 0); + ExpectIntEQ(BN_pseudo_rand(bn, -1, 0, 0), 0); + ExpectIntEQ(BN_pseudo_rand(NULL, 1, 0, 0), 0); + ExpectIntEQ(BN_pseudo_rand(&emptyBN, -1, 0, 0), 0); + ExpectIntEQ(BN_pseudo_rand(bn, -1, 0, 0), 0); + ExpectIntEQ(BN_pseudo_rand(&emptyBN, 1, 0, 0), 0); + + ExpectIntEQ(BN_rand_range(NULL, NULL), 0); + ExpectIntEQ(BN_rand_range(bn, NULL), 0); + ExpectIntEQ(BN_rand_range(NULL, range), 0); + ExpectIntEQ(BN_rand_range(&emptyBN, &emptyBN), 0); + ExpectIntEQ(BN_rand_range(bn, &emptyBN), 0); + ExpectIntEQ(BN_rand_range(&emptyBN, range), 0); + + /* 0 bit random value must be 0 and so cannot set bit in any position. */ + ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE, + WOLFSSL_BN_RAND_BOTTOM_ODD), 0); + ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO, + WOLFSSL_BN_RAND_BOTTOM_ODD), 0); + ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY, + WOLFSSL_BN_RAND_BOTTOM_ODD), 0); + ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE, + WOLFSSL_BN_RAND_BOTTOM_ANY), 0); + ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO, + WOLFSSL_BN_RAND_BOTTOM_ANY), 0); + ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE, + WOLFSSL_BN_RAND_BOTTOM_ODD), 0); + ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO, + WOLFSSL_BN_RAND_BOTTOM_ODD), 0); + ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY, + WOLFSSL_BN_RAND_BOTTOM_ODD), 0); + ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ONE, + WOLFSSL_BN_RAND_BOTTOM_ANY), 0); + ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_TWO, + WOLFSSL_BN_RAND_BOTTOM_ANY), 0); + + /* 1 bit random value must have no more than one top bit set. */ + ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO, + WOLFSSL_BN_RAND_BOTTOM_ANY), 0); + ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO, + WOLFSSL_BN_RAND_BOTTOM_ODD), 0); + ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO, + WOLFSSL_BN_RAND_BOTTOM_ANY), 0); + ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_TWO, + WOLFSSL_BN_RAND_BOTTOM_ODD), 0); + /* END Invalid parameters. */ + + /* 0 bit random: 0. */ + ExpectIntEQ(BN_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY, + WOLFSSL_BN_RAND_BOTTOM_ANY), 1); + ExpectIntEQ(BN_is_zero(bn), 1); + + ExpectIntEQ(BN_set_word(bn, 2), 1); /* Make sure not zero. */ + ExpectIntEQ(BN_pseudo_rand(bn, 0, WOLFSSL_BN_RAND_TOP_ANY, + WOLFSSL_BN_RAND_BOTTOM_ANY), 1); + ExpectIntEQ(BN_is_zero(bn), 1); + + /* 1 bit random: 0 or 1. */ + ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ANY, + WOLFSSL_BN_RAND_BOTTOM_ANY), 1); + ExpectIntLT(BN_get_word(bn), 2); /* Make sure valid range. */ + ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE, + WOLFSSL_BN_RAND_BOTTOM_ANY), 1); + ExpectIntEQ(BN_get_word(bn), 1); + ExpectIntEQ(BN_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE, + WOLFSSL_BN_RAND_BOTTOM_ODD), 1); + ExpectIntEQ(BN_get_word(bn), 1); + + ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ANY, + WOLFSSL_BN_RAND_BOTTOM_ANY), 1); + ExpectIntLT(BN_get_word(bn), 2); /* Make sure valid range. */ + ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE, + WOLFSSL_BN_RAND_BOTTOM_ANY), 1); + ExpectIntEQ(BN_get_word(bn), 1); + ExpectIntEQ(BN_pseudo_rand(bn, 1, WOLFSSL_BN_RAND_TOP_ONE, + WOLFSSL_BN_RAND_BOTTOM_ODD), 1); + ExpectIntEQ(BN_get_word(bn), 1); + + ExpectIntEQ(BN_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE, + WOLFSSL_BN_RAND_BOTTOM_ANY), 1); + ExpectIntEQ(BN_num_bits(bn), 8); + ExpectIntEQ(BN_is_bit_set(bn, 7), 1); + ExpectIntEQ(BN_pseudo_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE, + WOLFSSL_BN_RAND_BOTTOM_ANY), 1); + ExpectIntEQ(BN_num_bits(bn), 8); + ExpectIntEQ(BN_is_bit_set(bn, 7), 1); + + ExpectIntEQ(BN_rand(bn, 8, WOLFSSL_BN_RAND_TOP_TWO, + WOLFSSL_BN_RAND_BOTTOM_ANY), 1); + ExpectIntEQ(BN_is_bit_set(bn, 7), 1); + ExpectIntEQ(BN_is_bit_set(bn, 6), 1); + ExpectIntEQ(BN_pseudo_rand(bn, 8, WOLFSSL_BN_RAND_TOP_TWO, + WOLFSSL_BN_RAND_BOTTOM_ANY), 1); + ExpectIntEQ(BN_is_bit_set(bn, 7), 1); + ExpectIntEQ(BN_is_bit_set(bn, 6), 1); + + ExpectIntEQ(BN_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE, + WOLFSSL_BN_RAND_BOTTOM_ODD), 1); + ExpectIntEQ(BN_is_bit_set(bn, 0), 1); + ExpectIntEQ(BN_pseudo_rand(bn, 8, WOLFSSL_BN_RAND_TOP_ONE, + WOLFSSL_BN_RAND_BOTTOM_ODD), 1); + ExpectIntEQ(BN_is_bit_set(bn, 0), 1); + + /* Regression test: Older versions of wolfSSL_BN_rand would round the + * requested number of bits up to the nearest multiple of 8. E.g. in this + * case, requesting a 13-bit random number would actually return a 16-bit + * random number. */ + ExpectIntEQ(BN_rand(bn, 13, WOLFSSL_BN_RAND_TOP_ONE, + WOLFSSL_BN_RAND_BOTTOM_ANY), 1); + ExpectIntEQ(BN_num_bits(bn), 13); + + ExpectIntEQ(BN_rand(range, 64, WOLFSSL_BN_RAND_TOP_ONE, + WOLFSSL_BN_RAND_BOTTOM_ANY), 1); + ExpectIntEQ(BN_rand_range(bn, range), 1); + + ExpectIntEQ(BN_set_word(range, 0), 1); + ExpectIntEQ(BN_rand_range(bn, range), 1); + ExpectIntEQ(BN_set_word(range, 1), 1); + ExpectIntEQ(BN_rand_range(bn, range), 1); + + BN_free(bn); + BN_free(range); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_BN_prime(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ASN) && \ + !defined(OPENSSL_EXTRA_NO_BN) && !defined(WOLFSSL_SP_MATH) +#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_RSA) || !defined(NO_DH) || !defined(NO_DSA)) + BIGNUM* a = NULL; + BIGNUM* add = NULL; + BIGNUM* rem = NULL; + BIGNUM emptyBN; + + XMEMSET(&emptyBN, 0, sizeof(emptyBN)); + ExpectNotNull(a = BN_new()); + ExpectNotNull(add = BN_new()); + ExpectNotNull(rem = BN_new()); + + /* Invalid parameters. */ + /* BN_generate_prime_ex() + * prime - must have valid BIGNUM + * bits - Greater then 0 + * safe - not supported, must be 0 + * add - not supported, must be NULL + * rem - not supported, must be NULL + * cb - anything + */ + ExpectIntEQ(BN_generate_prime_ex(NULL, -1, 1, add, rem, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(&emptyBN, -1, 1, add, rem, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(a, -1, 1, add, rem, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(NULL, 2, 1, add, rem, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(&emptyBN, 2, 1, add, rem, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(NULL, -1, 0, add, rem, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(&emptyBN, -1, 0, add, rem, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(NULL, -1, 1, NULL, rem, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(&emptyBN, -1, 1, NULL, rem, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(NULL, -1, 1, add, NULL, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(&emptyBN, -1, 1, add, NULL, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(NULL, 2, 0, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(&emptyBN, 2, 0, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(a, -1, 0, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(a, 0, 0, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(a, 2, 1, NULL, NULL, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(a, 2, 0, add, NULL, NULL), 0); + ExpectIntEQ(BN_generate_prime_ex(a, 2, 0, NULL, rem, NULL), 0); + + ExpectIntEQ(BN_is_prime_ex(NULL, -1, NULL, NULL), -1); + ExpectIntEQ(BN_is_prime_ex(&emptyBN, -1, NULL, NULL), -1); + ExpectIntEQ(BN_is_prime_ex(a, -1, NULL, NULL), -1); + ExpectIntEQ(BN_is_prime_ex(a, 2048, NULL, NULL), -1); + ExpectIntEQ(BN_is_prime_ex(NULL, 1, NULL, NULL), -1); + ExpectIntEQ(BN_is_prime_ex(&emptyBN, 1, NULL, NULL), -1); + /* END Invalid parameters. */ + + ExpectIntEQ(BN_generate_prime_ex(a, 512, 0, NULL, NULL, NULL), 1); + ExpectIntEQ(BN_is_prime_ex(a, 8, NULL, NULL), 1); + + ExpectIntEQ(BN_clear_bit(a, 0), 1); + ExpectIntEQ(BN_is_prime_ex(a, 8, NULL, NULL), 0); + + BN_free(rem); + BN_free(add); + BN_free(a); +#endif +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_ASN) */ + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_bn.h b/test/ssl/wolfssl/tests/api/test_ossl_bn.h new file mode 100644 index 000000000..2793533b9 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_bn.h @@ -0,0 +1,54 @@ +/* test_ossl_bn.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_BN_H +#define WOLFCRYPT_TEST_OSSL_BN_H + +#include + +int test_wolfSSL_BN_CTX(void); +int test_wolfSSL_BN(void); +int test_wolfSSL_BN_init(void); +int test_wolfSSL_BN_enc_dec(void); +int test_wolfSSL_BN_word(void); +int test_wolfSSL_BN_bits(void); +int test_wolfSSL_BN_shift(void); +int test_wolfSSL_BN_math(void); +int test_wolfSSL_BN_math_mod(void); +int test_wolfSSL_BN_math_other(void); +int test_wolfSSL_BN_rand(void); +int test_wolfSSL_BN_prime(void); + +#define TEST_OSSL_ASN1_BN_DECLS \ + TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_CTX), \ + TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN), \ + TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_init), \ + TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_enc_dec), \ + TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_word), \ + TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_bits), \ + TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_shift), \ + TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_math), \ + TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_math_mod), \ + TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_math_other), \ + TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_rand), \ + TEST_DECL_GROUP("ossl_bn", test_wolfSSL_BN_prime) + +#endif /* WOLFCRYPT_TEST_OSSL_BN_H */ diff --git a/test/ssl/wolfssl/tests/api/test_ossl_cipher.c b/test/ssl/wolfssl/tests/api/test_ossl_cipher.c new file mode 100644 index 000000000..bfb5fc2eb --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_cipher.c @@ -0,0 +1,958 @@ +/* test_ossl_cipher.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include +#include +#include + +/******************************************************************************* + * Cipher OpenSSL compatibility API Testing + ******************************************************************************/ + +int test_wolfSSL_DES(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) + const_DES_cblock myDes; + DES_cblock iv; + DES_key_schedule key; + word32 i = 0; + DES_LONG dl = 0; + unsigned char msg[] = "hello wolfssl"; + unsigned char weakKey[][8] = { + { 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01 }, + { 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE }, + { 0xE0, 0xE0, 0xE0, 0xE0, 0xF1, 0xF1, 0xF1, 0xF1 }, + { 0x1F, 0x1F, 0x1F, 0x1F, 0x0E, 0x0E, 0x0E, 0x0E } + }; + unsigned char semiWeakKey[][8] = { + { 0x01, 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E }, + { 0x1F, 0x01, 0x1F, 0x01, 0x0E, 0x01, 0x0E, 0x01 }, + { 0x01, 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1 }, + { 0xE0, 0x01, 0xE0, 0x01, 0xF1, 0x01, 0xF1, 0x01 }, + { 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE }, + { 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01, 0xFE, 0x01 }, + { 0x1F, 0xE0, 0x1F, 0xE0, 0x0E, 0xF1, 0x0E, 0xF1 }, + { 0xE0, 0x1F, 0xE0, 0x1F, 0xF1, 0x0E, 0xF1, 0x0E }, + { 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E, 0xFE }, + { 0xFE, 0x1F, 0xFE, 0x1F, 0xFE, 0x0E, 0xFE, 0x0E }, + { 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1, 0xFE }, + { 0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1 } + }; + + /* check, check of odd parity */ + XMEMSET(myDes, 4, sizeof(const_DES_cblock)); + XMEMSET(key, 5, sizeof(DES_key_schedule)); + + DES_set_key(&myDes, &key); + + myDes[0] = 6; /* set even parity */ + ExpectIntEQ(DES_set_key_checked(&myDes, &key), -1); + ExpectIntNE(key[0], myDes[0]); /* should not have copied over key */ + ExpectIntEQ(DES_set_key_checked(NULL, NULL), -2); + ExpectIntEQ(DES_set_key_checked(&myDes, NULL), -2); + ExpectIntEQ(DES_set_key_checked(NULL, &key), -2); + + /* set odd parity for success case */ + DES_set_odd_parity(&myDes); + ExpectIntEQ(DES_check_key_parity(&myDes), 1); + fprintf(stderr, "%02x %02x %02x %02x", myDes[0], myDes[1], myDes[2], + myDes[3]); + ExpectIntEQ(DES_set_key_checked(&myDes, &key), 0); + for (i = 0; i < sizeof(DES_key_schedule); i++) { + ExpectIntEQ(key[i], myDes[i]); + } + ExpectIntEQ(DES_is_weak_key(&myDes), 0); + + /* check weak key */ + XMEMSET(myDes, 1, sizeof(const_DES_cblock)); + XMEMSET(key, 5, sizeof(DES_key_schedule)); + ExpectIntEQ(DES_set_key_checked(&myDes, &key), -2); + ExpectIntNE(key[0], myDes[0]); /* should not have copied over key */ + + DES_set_key_unchecked(NULL, NULL); + DES_set_key_unchecked(&myDes, NULL); + DES_set_key_unchecked(NULL, &key); + /* compare arrays, should be the same */ + /* now do unchecked copy of a weak key over */ + DES_set_key_unchecked(&myDes, &key); + /* compare arrays, should be the same */ + for (i = 0; i < sizeof(DES_key_schedule); i++) { + ExpectIntEQ(key[i], myDes[i]); + } + ExpectIntEQ(DES_is_weak_key(&myDes), 1); + + myDes[7] = 2; + ExpectIntEQ(DES_set_key_checked(&myDes, &key), 0); + ExpectIntEQ(DES_is_weak_key(&myDes), 0); + ExpectIntEQ(DES_is_weak_key(NULL), 1); + + /* Test all weak keys. */ + for (i = 0; i < sizeof(weakKey) / sizeof(*weakKey); i++) { + ExpectIntEQ(DES_set_key_checked(&weakKey[i], &key), -2); + } + /* Test all semi-weak keys. */ + for (i = 0; i < sizeof(semiWeakKey) / sizeof(*semiWeakKey); i++) { + ExpectIntEQ(DES_set_key_checked(&semiWeakKey[i], &key), -2); + } + + /* check DES_key_sched API */ + XMEMSET(key, 1, sizeof(DES_key_schedule)); + ExpectIntEQ(DES_key_sched(&myDes, NULL), 0); + ExpectIntEQ(DES_key_sched(NULL, &key), 0); + ExpectIntEQ(DES_key_sched(&myDes, &key), 0); + /* compare arrays, should be the same */ + for (i = 0; i < sizeof(DES_key_schedule); i++) { + ExpectIntEQ(key[i], myDes[i]); + } + + + ExpectIntEQ((DES_cbc_cksum(NULL, NULL, 0, NULL, NULL)), 0); + ExpectIntEQ((DES_cbc_cksum(msg, NULL, 0, NULL, NULL)), 0); + ExpectIntEQ((DES_cbc_cksum(NULL, &key, 0, NULL, NULL)), 0); + ExpectIntEQ((DES_cbc_cksum(NULL, NULL, 0, &myDes, NULL)), 0); + ExpectIntEQ((DES_cbc_cksum(NULL, NULL, 0, NULL, &iv)), 0); + ExpectIntEQ((DES_cbc_cksum(NULL, &key, sizeof(msg), &myDes, &iv)), 0); + ExpectIntEQ((DES_cbc_cksum(msg, NULL, sizeof(msg), &myDes, &iv)), 0); + ExpectIntEQ((DES_cbc_cksum(msg, &key, sizeof(msg), NULL, &iv)), 0); + ExpectIntEQ((DES_cbc_cksum(msg, &key, sizeof(msg), &myDes, NULL)), 0); + /* DES_cbc_cksum should return the last 4 of the last 8 bytes after + * DES_cbc_encrypt on the input */ + XMEMSET(iv, 0, sizeof(DES_cblock)); + XMEMSET(myDes, 5, sizeof(DES_key_schedule)); + ExpectIntGT((dl = DES_cbc_cksum(msg, &key, sizeof(msg), &myDes, &iv)), 0); + ExpectIntEQ(dl, 480052723); +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_DES3) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_DES_ncbc(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) + const_DES_cblock myDes; + DES_cblock iv = {1}; + DES_key_schedule key = {0}; + unsigned char msg[] = "hello wolfssl"; + unsigned char out[DES_BLOCK_SIZE * 2] = {0}; + unsigned char pln[DES_BLOCK_SIZE * 2] = {0}; + + unsigned char exp[] = {0x31, 0x98, 0x2F, 0x3A, 0x55, 0xBF, 0xD8, 0xC4}; + unsigned char exp2[] = {0xC7, 0x45, 0x8B, 0x28, 0x10, 0x53, 0xE0, 0x58}; + + /* partial block test */ + DES_set_key(&key, &myDes); + DES_ncbc_encrypt(msg, out, 3, &myDes, &iv, DES_ENCRYPT); + ExpectIntEQ(XMEMCMP(exp, out, DES_BLOCK_SIZE), 0); + ExpectIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0); + + DES_set_key(&key, &myDes); + XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE); + *((byte*)&iv) = 1; + DES_ncbc_encrypt(out, pln, 3, &myDes, &iv, DES_DECRYPT); + ExpectIntEQ(XMEMCMP(msg, pln, 3), 0); + ExpectIntEQ(XMEMCMP(exp, iv, DES_BLOCK_SIZE), 0); + + /* full block test */ + DES_set_key(&key, &myDes); + XMEMSET(pln, 0, DES_BLOCK_SIZE); + XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE); + *((byte*)&iv) = 1; + DES_ncbc_encrypt(msg, out, 8, &myDes, &iv, DES_ENCRYPT); + ExpectIntEQ(XMEMCMP(exp2, out, DES_BLOCK_SIZE), 0); + ExpectIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0); + + DES_set_key(&key, &myDes); + XMEMSET((byte*)&iv, 0, DES_BLOCK_SIZE); + *((byte*)&iv) = 1; + DES_ncbc_encrypt(out, pln, 8, &myDes, &iv, DES_DECRYPT); + ExpectIntEQ(XMEMCMP(msg, pln, 8), 0); + ExpectIntEQ(XMEMCMP(exp2, iv, DES_BLOCK_SIZE), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_DES_ecb_encrypt(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) && defined(WOLFSSL_DES_ECB) + WOLFSSL_DES_cblock input1, input2, output1, output2, back1, back2; + WOLFSSL_DES_key_schedule key; + + XMEMCPY(key, "12345678", sizeof(WOLFSSL_DES_key_schedule)); + XMEMCPY(input1, "Iamhuman", sizeof(WOLFSSL_DES_cblock)); + XMEMCPY(input2, "Whoisit?", sizeof(WOLFSSL_DES_cblock)); + XMEMSET(output1, 0, sizeof(WOLFSSL_DES_cblock)); + XMEMSET(output2, 0, sizeof(WOLFSSL_DES_cblock)); + XMEMSET(back1, 0, sizeof(WOLFSSL_DES_cblock)); + XMEMSET(back2, 0, sizeof(WOLFSSL_DES_cblock)); + + wolfSSL_DES_ecb_encrypt(NULL, NULL, NULL, DES_ENCRYPT); + wolfSSL_DES_ecb_encrypt(&input1, NULL, NULL, DES_ENCRYPT); + wolfSSL_DES_ecb_encrypt(NULL, &output1, NULL, DES_ENCRYPT); + wolfSSL_DES_ecb_encrypt(NULL, NULL, &key, DES_ENCRYPT); + wolfSSL_DES_ecb_encrypt(&input1, &output1, NULL, DES_ENCRYPT); + wolfSSL_DES_ecb_encrypt(&input1, NULL, &key, DES_ENCRYPT); + wolfSSL_DES_ecb_encrypt(NULL, &output1, &key, DES_ENCRYPT); + + /* Encrypt messages */ + wolfSSL_DES_ecb_encrypt(&input1, &output1, &key, DES_ENCRYPT); + wolfSSL_DES_ecb_encrypt(&input2, &output2, &key, DES_ENCRYPT); + + { + /* Decrypt messages */ + int ret1 = 0; + int ret2 = 0; + wolfSSL_DES_ecb_encrypt(&output1, &back1, &key, DES_DECRYPT); + ExpectIntEQ(ret1 = XMEMCMP((unsigned char *)back1, + (unsigned char *)input1, sizeof(WOLFSSL_DES_cblock)), 0); + wolfSSL_DES_ecb_encrypt(&output2, &back2, &key, DES_DECRYPT); + ExpectIntEQ(ret2 = XMEMCMP((unsigned char *)back2, + (unsigned char *)input2, sizeof(WOLFSSL_DES_cblock)), 0); + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_DES_ede3_cbc_encrypt(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_DES3) + unsigned char input1[8], input2[8]; + unsigned char output1[8], output2[8]; + unsigned char back1[8], back2[8]; + WOLFSSL_DES_cblock iv1, iv2; + WOLFSSL_DES_key_schedule key1, key2, key3; + int i; + + XMEMCPY(key1, "12345678", sizeof(WOLFSSL_DES_key_schedule)); + XMEMCPY(key2, "23456781", sizeof(WOLFSSL_DES_key_schedule)); + XMEMCPY(key3, "34567823", sizeof(WOLFSSL_DES_key_schedule)); + XMEMCPY(input1, "Iamhuman", sizeof(input1)); + XMEMCPY(input2, "Whoisit?", sizeof(input2)); + + XMEMSET(output1, 0, sizeof(output1)); + XMEMSET(output2, 0, sizeof(output2)); + XMEMSET(back1, 0, sizeof(back1)); + XMEMSET(back2, 0, sizeof(back2)); + + XMEMCPY(iv1, "87654321", sizeof(WOLFSSL_DES_cblock)); + XMEMCPY(iv2, "98765432", sizeof(WOLFSSL_DES_cblock)); + /* Encrypt messages */ + wolfSSL_DES_ede3_cbc_encrypt(input1, output1, 8, &key1, &key2, &key3, &iv1, + DES_ENCRYPT); + wolfSSL_DES_ede3_cbc_encrypt(input2, output2, 8, &key1, &key2, &key3, &iv2, + DES_ENCRYPT); + + { + XMEMCPY(iv1, "87654321", sizeof(WOLFSSL_DES_cblock)); + XMEMCPY(iv2, "98765432", sizeof(WOLFSSL_DES_cblock)); + /* Decrypt messages */ + wolfSSL_DES_ede3_cbc_encrypt(output1, back1, 8, &key1, &key2, &key3, + &iv1, DES_DECRYPT); + ExpectIntEQ(XMEMCMP(back1, input1, sizeof(input1)), 0); + wolfSSL_DES_ede3_cbc_encrypt(output2, back2, 8, &key1, &key2, &key3, + &iv2, DES_DECRYPT); + ExpectIntEQ(XMEMCMP(back2, input2, sizeof(input2)), 0); + } + + for (i = 0; i < 8; i++) { + XMEMSET(output1, 0, sizeof(output1)); + XMEMSET(output2, 0, sizeof(output2)); + XMEMSET(back1, 0, sizeof(back1)); + XMEMSET(back2, 0, sizeof(back2)); + + XMEMCPY(iv1, "87654321", sizeof(WOLFSSL_DES_cblock)); + XMEMCPY(iv2, "98765432", sizeof(WOLFSSL_DES_cblock)); + /* Encrypt partial messages */ + wolfSSL_DES_ede3_cbc_encrypt(input1, output1, i, &key1, &key2, &key3, + &iv1, DES_ENCRYPT); + wolfSSL_DES_ede3_cbc_encrypt(input2, output2, i, &key1, &key2, &key3, + &iv2, DES_ENCRYPT); + + { + XMEMCPY(iv1, "87654321", sizeof(WOLFSSL_DES_cblock)); + XMEMCPY(iv2, "98765432", sizeof(WOLFSSL_DES_cblock)); + /* Decrypt messages */ + wolfSSL_DES_ede3_cbc_encrypt(output1, back1, i, &key1, &key2, + &key3, &iv1, DES_DECRYPT); + ExpectIntEQ(XMEMCMP(back1, input1, i), 0); + wolfSSL_DES_ede3_cbc_encrypt(output2, back2, i, &key1, &key2, + &key3, &iv2, DES_DECRYPT); + ExpectIntEQ(XMEMCMP(back2, input2, i), 0); + } + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_AES_encrypt(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && \ + defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) && \ + !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) + AES_KEY enc; + AES_KEY dec; + const byte msg[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a + }; + const byte exp[] = { + 0xf3, 0xee, 0xd1, 0xbd, 0xb5, 0xd2, 0xa0, 0x3c, + 0x06, 0x4b, 0x5a, 0x7e, 0x3d, 0xb1, 0x81, 0xf8, + }; + const byte key[] = { + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 + }; + byte eout[sizeof(msg)]; + byte dout[sizeof(msg)]; + + ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &enc), 0); + ExpectIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &dec), 0); + + wolfSSL_AES_encrypt(NULL, NULL, NULL); + wolfSSL_AES_encrypt(msg, NULL, NULL); + wolfSSL_AES_encrypt(NULL, eout, NULL); + wolfSSL_AES_encrypt(NULL, NULL, &enc); + wolfSSL_AES_encrypt(msg, eout, NULL); + wolfSSL_AES_encrypt(msg, NULL, &enc); + wolfSSL_AES_encrypt(NULL, eout, &enc); + + wolfSSL_AES_decrypt(NULL, NULL, NULL); + wolfSSL_AES_decrypt(eout, NULL, NULL); + wolfSSL_AES_decrypt(NULL, dout, NULL); + wolfSSL_AES_decrypt(NULL, NULL, &dec); + wolfSSL_AES_decrypt(eout, dout, NULL); + wolfSSL_AES_decrypt(eout, NULL, &dec); + wolfSSL_AES_decrypt(NULL, dout, &dec); + + wolfSSL_AES_encrypt(msg, eout, &enc); + ExpectIntEQ(XMEMCMP(eout, exp, AES_BLOCK_SIZE), 0); + wolfSSL_AES_decrypt(eout, dout, &dec); + ExpectIntEQ(XMEMCMP(dout, msg, AES_BLOCK_SIZE), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_AES_ecb_encrypt(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(HAVE_AES_ECB) && \ + defined(WOLFSSL_AES_256) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) + AES_KEY aes; + const byte msg[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + const byte verify[] = + { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + + const byte key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + + byte out[AES_BLOCK_SIZE]; + + ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aes), 0); + XMEMSET(out, 0, AES_BLOCK_SIZE); + AES_ecb_encrypt(msg, out, &aes, AES_ENCRYPT); + ExpectIntEQ(XMEMCMP(out, verify, AES_BLOCK_SIZE), 0); + +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(AES_set_decrypt_key(key, sizeof(key)*8, &aes), 0); + XMEMSET(out, 0, AES_BLOCK_SIZE); + AES_ecb_encrypt(verify, out, &aes, AES_DECRYPT); + ExpectIntEQ(XMEMCMP(out, msg, AES_BLOCK_SIZE), 0); +#endif + + /* test bad arguments */ + AES_ecb_encrypt(NULL, out, &aes, AES_DECRYPT); + AES_ecb_encrypt(verify, NULL, &aes, AES_DECRYPT); + AES_ecb_encrypt(verify, out, NULL, AES_DECRYPT); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_AES_cbc_encrypt(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) && \ + !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) + AES_KEY aes; + AES_KEY* aesN = NULL; + size_t len = 0; + size_t lenB = 0; + int keySz0 = 0; + int keySzN = -1; + byte out[AES_BLOCK_SIZE] = {0}; + byte* outN = NULL; + + /* Test vectors retrieved from: + * + * https://csrc.nist.gov/ + * CSRC/media/Projects/Cryptographic-Algorithm-Validation-Program/ + * documents/aes/KAT_AES.zip + * + */ + const byte* pt128N = NULL; + byte* key128N = NULL; + byte* iv128N = NULL; + byte iv128tmp[AES_BLOCK_SIZE] = {0}; + + const byte pt128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; + + const byte ct128[] = { 0x87,0x85,0xb1,0xa7,0x5b,0x0f,0x3b,0xd9, + 0x58,0xdc,0xd0,0xe2,0x93,0x18,0xc5,0x21 }; + +#ifdef WOLFSSL_AES_128 + const byte iv128[] = { 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 }; +#endif + + byte key128[] = { 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xf0,0x00,0x00,0x00,0x00,0x00 }; + + + len = sizeof(pt128); + + #define STRESS_T(a, b, c, d, e, f, g, h, i) \ + wolfSSL_AES_cbc_encrypt(a, b, c, d, e, f); \ + ExpectIntNE(XMEMCMP(b, g, h), i) + + #define RESET_IV(x, y) XMEMCPY(x, y, AES_BLOCK_SIZE) + + /* Stressing wolfSSL_AES_cbc_encrypt() */ + STRESS_T(pt128N, out, len, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0); + STRESS_T(pt128, out, len, &aes, iv128N, 1, ct128, AES_BLOCK_SIZE, 0); + + wolfSSL_AES_cbc_encrypt(pt128, outN, len, &aes, iv128tmp, AES_ENCRYPT); + ExpectIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); + wolfSSL_AES_cbc_encrypt(pt128, out, len, aesN, iv128tmp, AES_ENCRYPT); + ExpectIntNE(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); + + STRESS_T(pt128, out, lenB, &aes, iv128tmp, 1, ct128, AES_BLOCK_SIZE, 0); + + /* Stressing wolfSSL_AES_set_encrypt_key */ + ExpectIntNE(wolfSSL_AES_set_encrypt_key(key128N, sizeof(key128)*8, &aes),0); + ExpectIntNE(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, aesN),0); + ExpectIntNE(wolfSSL_AES_set_encrypt_key(key128, keySz0, &aes), 0); + ExpectIntNE(wolfSSL_AES_set_encrypt_key(key128, keySzN, &aes), 0); + + /* Stressing wolfSSL_AES_set_decrypt_key */ + ExpectIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, &aes),0); + ExpectIntNE(wolfSSL_AES_set_decrypt_key(key128N, sizeof(key128)*8, aesN),0); + ExpectIntNE(wolfSSL_AES_set_decrypt_key(key128, keySz0, &aes), 0); + ExpectIntNE(wolfSSL_AES_set_decrypt_key(key128, keySzN, &aes), 0); + + #ifdef WOLFSSL_AES_128 + + /* wolfSSL_AES_cbc_encrypt() 128-bit */ + XMEMSET(out, 0, AES_BLOCK_SIZE); + RESET_IV(iv128tmp, iv128); + + ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key128, sizeof(key128)*8, &aes), 0); + wolfSSL_AES_cbc_encrypt(pt128, out, len, &aes, iv128tmp, AES_ENCRYPT); + ExpectIntEQ(XMEMCMP(out, ct128, AES_BLOCK_SIZE), 0); + wc_AesFree((Aes*)&aes); + + #ifdef HAVE_AES_DECRYPT + + /* wolfSSL_AES_cbc_encrypt() 128-bit in decrypt mode */ + XMEMSET(out, 0, AES_BLOCK_SIZE); + RESET_IV(iv128tmp, iv128); + len = sizeof(ct128); + + ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key128, sizeof(key128)*8, &aes), 0); + wolfSSL_AES_cbc_encrypt(ct128, out, len, &aes, iv128tmp, AES_DECRYPT); + ExpectIntEQ(XMEMCMP(out, pt128, AES_BLOCK_SIZE), 0); + wc_AesFree((Aes*)&aes); + + #endif + + #endif /* WOLFSSL_AES_128 */ + #ifdef WOLFSSL_AES_192 + { + /* Test vectors from NIST Special Publication 800-38A, 2001 Edition + * Appendix F.2.3 */ + + byte iv192tmp[AES_BLOCK_SIZE] = {0}; + + const byte pt192[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a }; + + const byte ct192[] = { 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d, + 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 }; + + const byte iv192[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F }; + + byte key192[] = { 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b }; + + len = sizeof(pt192); + + /* wolfSSL_AES_cbc_encrypt() 192-bit */ + XMEMSET(out, 0, AES_BLOCK_SIZE); + RESET_IV(iv192tmp, iv192); + + ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key192, sizeof(key192)*8, &aes), 0); + wolfSSL_AES_cbc_encrypt(pt192, out, len, &aes, iv192tmp, AES_ENCRYPT); + ExpectIntEQ(XMEMCMP(out, ct192, AES_BLOCK_SIZE), 0); + wc_AesFree((Aes*)&aes); + + #ifdef HAVE_AES_DECRYPT + + /* wolfSSL_AES_cbc_encrypt() 192-bit in decrypt mode */ + len = sizeof(ct192); + RESET_IV(iv192tmp, iv192); + XMEMSET(out, 0, AES_BLOCK_SIZE); + + ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key192, sizeof(key192)*8, &aes), 0); + wolfSSL_AES_cbc_encrypt(ct192, out, len, &aes, iv192tmp, AES_DECRYPT); + ExpectIntEQ(XMEMCMP(out, pt192, AES_BLOCK_SIZE), 0); + wc_AesFree((Aes*)&aes); + + #endif + } + #endif /* WOLFSSL_AES_192 */ + #ifdef WOLFSSL_AES_256 + { + /* Test vectors from NIST Special Publication 800-38A, 2001 Edition, + * Appendix F.2.5 */ + byte iv256tmp[AES_BLOCK_SIZE] = {0}; + + const byte pt256[] = { 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a }; + + const byte ct256[] = { 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba, + 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 }; + + const byte iv256[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F }; + + byte key256[] = { 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 }; + + + len = sizeof(pt256); + + /* wolfSSL_AES_cbc_encrypt() 256-bit */ + XMEMSET(out, 0, AES_BLOCK_SIZE); + RESET_IV(iv256tmp, iv256); + + ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0); + wolfSSL_AES_cbc_encrypt(pt256, out, len, &aes, iv256tmp, AES_ENCRYPT); + ExpectIntEQ(XMEMCMP(out, ct256, AES_BLOCK_SIZE), 0); + wc_AesFree((Aes*)&aes); + + #ifdef HAVE_AES_DECRYPT + + /* wolfSSL_AES_cbc_encrypt() 256-bit in decrypt mode */ + len = sizeof(ct256); + RESET_IV(iv256tmp, iv256); + XMEMSET(out, 0, AES_BLOCK_SIZE); + + ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); + wolfSSL_AES_cbc_encrypt(ct256, out, len, &aes, iv256tmp, AES_DECRYPT); + ExpectIntEQ(XMEMCMP(out, pt256, AES_BLOCK_SIZE), 0); + wc_AesFree((Aes*)&aes); + + #endif + + #if defined(HAVE_AES_KEYWRAP) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + { + byte wrapCipher[sizeof(key256) + KEYWRAP_BLOCK_SIZE] = { 0 }; + byte wrapPlain[sizeof(key256)] = { 0 }; + byte wrapIV[KEYWRAP_BLOCK_SIZE] = { 0 }; + + /* wolfSSL_AES_wrap_key() 256-bit NULL iv */ + ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0); + ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256, + 15), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256, + sizeof(key256)), sizeof(wrapCipher)); + wc_AesFree((Aes*)&aes); + + /* wolfSSL_AES_unwrap_key() 256-bit NULL iv */ + ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); + ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher, + 23), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher, + sizeof(wrapCipher)), sizeof(wrapPlain)); + ExpectIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0); + XMEMSET(wrapCipher, 0, sizeof(wrapCipher)); + XMEMSET(wrapPlain, 0, sizeof(wrapPlain)); + wc_AesFree((Aes*)&aes); + + /* wolfSSL_AES_wrap_key() 256-bit custom iv */ + ExpectIntEQ(wolfSSL_AES_set_encrypt_key(key256, sizeof(key256)*8, &aes), 0); + ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, key256, + sizeof(key256)), sizeof(wrapCipher)); + wc_AesFree((Aes*)&aes); + + /* wolfSSL_AES_unwrap_key() 256-bit custom iv */ + ExpectIntEQ(wolfSSL_AES_set_decrypt_key(key256, sizeof(key256)*8, &aes), 0); + ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, wrapPlain, wrapCipher, + sizeof(wrapCipher)), sizeof(wrapPlain)); + ExpectIntEQ(XMEMCMP(wrapPlain, key256, sizeof(key256)), 0); + wc_AesFree((Aes*)&aes); + + ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, NULL, NULL, NULL, 0), 0); + ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, NULL, NULL, 0), 0); + ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, wrapIV, NULL, NULL, 0), 0); + ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, NULL, wrapCipher, NULL, 0), 0); + ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, NULL, NULL, key256, 0), 0); + ExpectIntEQ(wolfSSL_AES_wrap_key(NULL, wrapIV, wrapCipher, key256, 0), 0); + ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, NULL, wrapCipher, key256, 0), 0); + ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, NULL, key256, 0), 0); + ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapCipher, NULL, 0), 0); + + ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, NULL, NULL, NULL, 0), 0); + ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, NULL, NULL, 0), 0); + ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, wrapIV, NULL, NULL, 0), 0); + ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, NULL, wrapPlain, NULL, 0), 0); + ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, NULL, NULL, wrapCipher, 0), 0); + ExpectIntEQ(wolfSSL_AES_unwrap_key(NULL, wrapIV, wrapPlain, wrapCipher, 0), + 0); + ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, NULL, wrapPlain, wrapCipher, 0), + 0); + ExpectIntEQ(wolfSSL_AES_unwrap_key(&aes, wrapIV, NULL, wrapCipher, 0), 0); + ExpectIntEQ(wolfSSL_AES_wrap_key(&aes, wrapIV, wrapPlain, NULL, 0), 0); + } + #endif /* HAVE_AES_KEYWRAP */ + } + #endif /* WOLFSSL_AES_256 */ +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_AES_cfb128_encrypt(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_AES) && defined(WOLFSSL_AES_CFB) && \ + !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) + AES_KEY aesEnc; + AES_KEY aesDec; + const byte msg[] = { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a + }; + const byte exp[] = { + 0x2c, 0x4e, 0xc4, 0x58, 0x4b, 0xf3, 0xb3, 0xad, + 0xd0, 0xe6, 0xf1, 0x80, 0x43, 0x59, 0x54, 0x6b + }; + const byte key[] = { + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81 + }; + const byte ivData[] = { + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + }; + byte out[AES_BLOCK_SIZE]; + byte iv[AES_BLOCK_SIZE]; + word32 i; + int num; + + ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aesEnc), 0); + XMEMCPY(iv, ivData, sizeof(iv)); + XMEMSET(out, 0, AES_BLOCK_SIZE); + AES_cfb128_encrypt(msg, out, sizeof(msg), &aesEnc, iv, NULL, AES_ENCRYPT); + ExpectIntEQ(XMEMCMP(out, exp, sizeof(msg)), 0); + ExpectIntNE(XMEMCMP(iv, ivData, sizeof(iv)), 0); + +#ifdef HAVE_AES_DECRYPT + ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aesDec), 0); + XMEMCPY(iv, ivData, sizeof(iv)); + XMEMSET(out, 0, AES_BLOCK_SIZE); + AES_cfb128_encrypt(exp, out, sizeof(msg), &aesDec, iv, NULL, AES_DECRYPT); + ExpectIntEQ(XMEMCMP(out, msg, sizeof(msg)), 0); + ExpectIntNE(XMEMCMP(iv, ivData, sizeof(iv)), 0); +#endif + + for (i = 0; EXPECT_SUCCESS() && (i <= sizeof(msg)); i++) { + ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aesEnc), 0); + XMEMCPY(iv, ivData, sizeof(iv)); + XMEMSET(out, 0, AES_BLOCK_SIZE); + AES_cfb128_encrypt(msg, out, i, &aesEnc, iv, &num, AES_ENCRYPT); + ExpectIntEQ(num, i % AES_BLOCK_SIZE); + ExpectIntEQ(XMEMCMP(out, exp, i), 0); + if (i == 0) { + ExpectIntEQ(XMEMCMP(iv, ivData, sizeof(iv)), 0); + } + else { + ExpectIntNE(XMEMCMP(iv, ivData, sizeof(iv)), 0); + } + + #ifdef HAVE_AES_DECRYPT + ExpectIntEQ(AES_set_encrypt_key(key, sizeof(key)*8, &aesDec), 0); + XMEMCPY(iv, ivData, sizeof(iv)); + XMEMSET(out, 0, AES_BLOCK_SIZE); + AES_cfb128_encrypt(exp, out, i, &aesDec, iv, &num, AES_DECRYPT); + ExpectIntEQ(num, i % AES_BLOCK_SIZE); + ExpectIntEQ(XMEMCMP(out, msg, i), 0); + if (i == 0) { + ExpectIntEQ(XMEMCMP(iv, ivData, sizeof(iv)), 0); + } + else { + ExpectIntNE(XMEMCMP(iv, ivData, sizeof(iv)), 0); + } + #endif + } + + if (EXPECT_SUCCESS()) { + /* test bad arguments */ + AES_cfb128_encrypt(NULL, NULL, 0, NULL, NULL, NULL, AES_DECRYPT); + AES_cfb128_encrypt(msg, NULL, 0, NULL, NULL, NULL, AES_DECRYPT); + AES_cfb128_encrypt(NULL, out, 0, NULL, NULL, NULL, AES_DECRYPT); + AES_cfb128_encrypt(NULL, NULL, 0, &aesDec, NULL, NULL, AES_DECRYPT); + AES_cfb128_encrypt(NULL, NULL, 0, NULL, iv, NULL, AES_DECRYPT); + AES_cfb128_encrypt(NULL, out, 0, &aesDec, iv, NULL, AES_DECRYPT); + AES_cfb128_encrypt(msg, NULL, 0, &aesDec, iv, NULL, AES_DECRYPT); + AES_cfb128_encrypt(msg, out, 0, NULL, iv, NULL, AES_DECRYPT); + AES_cfb128_encrypt(msg, out, 0, &aesDec, NULL, NULL, AES_DECRYPT); + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_CRYPTO_cts128(void) +{ + EXPECT_DECLS; +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(OPENSSL_EXTRA) && \ + defined(HAVE_CTS) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \ + defined(WOLFSSL_AES_128) + byte tmp[64]; /* Largest vector size */ + /* Test vectors taken form RFC3962 Appendix B */ + const testVector vects[] = { + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20", + "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4\xd8\xa5\x80\x36\x2d\xa7\xff\x7f" + "\x97", + 17, 17 + }, + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20", + "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1\xd4\x45\xd4\xc8\xef\xf7\xed\x22" + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5", + 31, 31 + }, + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43", + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84", + 32, 32 + }, + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" + "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c", + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + "\xb3\xff\xfd\x94\x0c\x16\xa1\x8c\x1b\x55\x49\xd2\xf8\x38\x02\x9e" + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5", + 47, 47 + }, + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" + "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20", + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8" + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8", + 48, 48 + }, + { + "\x49\x20\x77\x6f\x75\x6c\x64\x20\x6c\x69\x6b\x65\x20\x74\x68\x65" + "\x20\x47\x65\x6e\x65\x72\x61\x6c\x20\x47\x61\x75\x27\x73\x20\x43" + "\x68\x69\x63\x6b\x65\x6e\x2c\x20\x70\x6c\x65\x61\x73\x65\x2c\x20" + "\x61\x6e\x64\x20\x77\x6f\x6e\x74\x6f\x6e\x20\x73\x6f\x75\x70\x2e", + "\x97\x68\x72\x68\xd6\xec\xcc\xc0\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84" + "\x39\x31\x25\x23\xa7\x86\x62\xd5\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8" + "\x48\x07\xef\xe8\x36\xee\x89\xa5\x26\x73\x0d\xbc\x2f\x7b\xc8\x40" + "\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8", + 64, 64 + } + }; + byte keyBytes[AES_128_KEY_SIZE] = { + 0x63, 0x68, 0x69, 0x63, 0x6b, 0x65, 0x6e, 0x20, + 0x74, 0x65, 0x72, 0x69, 0x79, 0x61, 0x6b, 0x69 + }; + size_t i; + AES_KEY encKey; + byte iv[AES_IV_SIZE]; /* All-zero IV for all cases */ + + XMEMSET(tmp, 0, sizeof(tmp)); + + for (i = 0; i < sizeof(vects)/sizeof(vects[0]); i++) { + AES_KEY decKey; + + ExpectIntEQ(AES_set_encrypt_key(keyBytes, AES_128_KEY_SIZE * 8, + &encKey), 0); + ExpectIntEQ(AES_set_decrypt_key(keyBytes, AES_128_KEY_SIZE * 8, + &decKey), 0); + XMEMSET(iv, 0, sizeof(iv)); + ExpectIntEQ(CRYPTO_cts128_encrypt((const unsigned char*)vects[i].input, + tmp, vects[i].inLen, &encKey, iv, (cbc128_f)AES_cbc_encrypt), + vects[i].outLen); + ExpectIntEQ(XMEMCMP(tmp, vects[i].output, vects[i].outLen), 0); + XMEMSET(iv, 0, sizeof(iv)); + ExpectIntEQ(CRYPTO_cts128_decrypt((const unsigned char*)vects[i].output, + tmp, vects[i].outLen, &decKey, iv, (cbc128_f)AES_cbc_encrypt), + vects[i].inLen); + ExpectIntEQ(XMEMCMP(tmp, vects[i].input, vects[i].inLen), 0); + } + + ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, NULL, 17, NULL, NULL, NULL), 0); + ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, NULL, 17, NULL, NULL, NULL), 0); + ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, tmp, 17, NULL, NULL, NULL), 0); + ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, NULL, 17, &encKey, NULL, NULL), 0); + ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, NULL, 17, NULL, iv, NULL), 0); + ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, NULL, 17, NULL, NULL, + (cbc128_f)AES_cbc_encrypt), 0); + ExpectIntEQ(CRYPTO_cts128_encrypt(NULL, tmp, 17, &encKey, iv, + (cbc128_f)AES_cbc_encrypt), 0); + ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, NULL, 17, &encKey, iv, + (cbc128_f)AES_cbc_encrypt), 0); + ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, tmp, 17, NULL, iv, + (cbc128_f)AES_cbc_encrypt), 0); + ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, tmp, 17, &encKey, NULL, + (cbc128_f)AES_cbc_encrypt), 0); + ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, tmp, 17, &encKey, iv, NULL), 0); + /* Length too small. */ + ExpectIntEQ(CRYPTO_cts128_encrypt(tmp, tmp, 0, &encKey, iv, + (cbc128_f)AES_cbc_encrypt), 0); + + ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, NULL, 17, NULL, NULL, NULL), 0); + ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, NULL, 17, NULL, NULL, NULL), 0); + ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, tmp, 17, NULL, NULL, NULL), 0); + ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, NULL, 17, &encKey, NULL, NULL), 0); + ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, NULL, 17, NULL, iv, NULL), 0); + ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, NULL, 17, NULL, NULL, + (cbc128_f)AES_cbc_encrypt), 0); + ExpectIntEQ(CRYPTO_cts128_decrypt(NULL, tmp, 17, &encKey, iv, + (cbc128_f)AES_cbc_encrypt), 0); + ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, NULL, 17, &encKey, iv, + (cbc128_f)AES_cbc_encrypt), 0); + ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, tmp, 17, NULL, iv, + (cbc128_f)AES_cbc_encrypt), 0); + ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, tmp, 17, &encKey, NULL, + (cbc128_f)AES_cbc_encrypt), 0); + ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, tmp, 17, &encKey, iv, NULL), 0); + /* Length too small. */ + ExpectIntEQ(CRYPTO_cts128_decrypt(tmp, tmp, 0, &encKey, iv, + (cbc128_f)AES_cbc_encrypt), 0); +#endif /* !NO_AES && HAVE_AES_CBC && OPENSSL_EXTRA && HAVE_CTS */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_RC4(void) +{ + EXPECT_DECLS; +#if !defined(NO_RC4) && defined(OPENSSL_EXTRA) + WOLFSSL_RC4_KEY rc4Key; + unsigned char key[] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + }; + unsigned char data[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + }; + unsigned char enc[sizeof(data)]; + unsigned char dec[sizeof(data)]; + word32 i; + word32 j; + + wolfSSL_RC4_set_key(NULL, -1, NULL); + wolfSSL_RC4_set_key(&rc4Key, -1, NULL); + wolfSSL_RC4_set_key(NULL, 0, NULL); + wolfSSL_RC4_set_key(NULL, -1, key); + wolfSSL_RC4_set_key(&rc4Key, 0, NULL); + wolfSSL_RC4_set_key(&rc4Key, -1, key); + wolfSSL_RC4_set_key(NULL, 0, key); + + wolfSSL_RC4(NULL, 0, NULL, NULL); + wolfSSL_RC4(&rc4Key, 0, NULL, NULL); + wolfSSL_RC4(NULL, 0, data, NULL); + wolfSSL_RC4(NULL, 0, NULL, enc); + wolfSSL_RC4(&rc4Key, 0, data, NULL); + wolfSSL_RC4(&rc4Key, 0, NULL, enc); + wolfSSL_RC4(NULL, 0, data, enc); + + ExpectIntEQ(1, 1); + for (i = 0; EXPECT_SUCCESS() && (i <= sizeof(key)); i++) { + for (j = 0; EXPECT_SUCCESS() && (j <= sizeof(data)); j++) { + XMEMSET(enc, 0, sizeof(enc)); + XMEMSET(dec, 0, sizeof(dec)); + + /* Encrypt */ + wolfSSL_RC4_set_key(&rc4Key, (int)i, key); + wolfSSL_RC4(&rc4Key, j, data, enc); + /* Decrypt */ + wolfSSL_RC4_set_key(&rc4Key, (int)i, key); + wolfSSL_RC4(&rc4Key, j, enc, dec); + + ExpectIntEQ(XMEMCMP(dec, data, j), 0); + } + } +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_cipher.h b/test/ssl/wolfssl/tests/api/test_ossl_cipher.h new file mode 100644 index 000000000..ae691990e --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_cipher.h @@ -0,0 +1,51 @@ +/* test_ossl_cipher.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_CIPHER_H +#define WOLFCRYPT_TEST_OSSL_CIPHER_H + +#include + +int test_wolfSSL_DES(void); +int test_wolfSSL_DES_ncbc(void); +int test_wolfSSL_DES_ecb_encrypt(void); +int test_wolfSSL_DES_ede3_cbc_encrypt(void); +int test_wolfSSL_AES_encrypt(void); +int test_wolfSSL_AES_ecb_encrypt(void); +int test_wolfSSL_AES_cbc_encrypt(void); +int test_wolfSSL_AES_cfb128_encrypt(void); +int test_wolfSSL_CRYPTO_cts128(void); +int test_wolfSSL_RC4(void); + +#define TEST_OSSL_CIPHER_DECLS \ + TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_DES), \ + TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_DES_ncbc), \ + TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_DES_ecb_encrypt), \ + TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_DES_ede3_cbc_encrypt), \ + TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_AES_encrypt), \ + TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_AES_ecb_encrypt), \ + TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_AES_cbc_encrypt), \ + TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_AES_cfb128_encrypt), \ + TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_CRYPTO_cts128), \ + TEST_DECL_GROUP("ossl_cipher", test_wolfSSL_RC4) + +#endif /* WOLFCRYPT_TEST_OSSL_CIPHER_H */ + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_dgst.c b/test/ssl/wolfssl/tests/api/test_ossl_dgst.c new file mode 100644 index 000000000..8bc6c467e --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_dgst.c @@ -0,0 +1,752 @@ +/* test_ossl_dgst.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include +#include +#include + +/******************************************************************************* + * Digest OpenSSL compatibility API Testing + ******************************************************************************/ + +int test_wolfSSL_MD4(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_MD4) + MD4_CTX md4; + unsigned char out[16]; /* MD4_DIGEST_SIZE */ + const char* msg = "12345678901234567890123456789012345678901234567890123456" + "789012345678901234567890"; + const char* test = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f" + "\xcc\x05\x36"; + int msgSz = (int)XSTRLEN(msg); + + + XMEMSET(out, 0, sizeof(out)); + MD4_Init(&md4); + MD4_Update(&md4, (const void*)msg, (word32)msgSz); + MD4_Final(out, &md4); + ExpectIntEQ(XMEMCMP(out, test, sizeof(out)), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_MD5(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_MD5) + byte input1[] = ""; + byte input2[] = "message digest"; + byte hash[WC_MD5_DIGEST_SIZE]; + unsigned char output1[] = + "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42\x7e"; + unsigned char output2[] = + "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61\xd0"; + WOLFSSL_MD5_CTX md5; + + XMEMSET(&md5, 0, sizeof(md5)); + + /* Test cases for illegal parameters */ + ExpectIntEQ(MD5_Init(NULL), 0); + ExpectIntEQ(MD5_Init(&md5), 1); + ExpectIntEQ(MD5_Update(NULL, input1, 0), 0); + ExpectIntEQ(MD5_Update(NULL, NULL, 0), 0); + ExpectIntEQ(MD5_Update(&md5, NULL, 1), 0); + ExpectIntEQ(MD5_Final(NULL, &md5), 0); + ExpectIntEQ(MD5_Final(hash, NULL), 0); + ExpectIntEQ(MD5_Final(NULL, NULL), 0); + + /* Init MD5 CTX */ + ExpectIntEQ(wolfSSL_MD5_Init(&md5), 1); + ExpectIntEQ(wolfSSL_MD5_Update(&md5, input1, XSTRLEN((const char*)&input1)), + 1); + ExpectIntEQ(wolfSSL_MD5_Final(hash, &md5), 1); + ExpectIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0); + + /* Init MD5 CTX */ + ExpectIntEQ(wolfSSL_MD5_Init(&md5), 1); + ExpectIntEQ(wolfSSL_MD5_Update(&md5, input2, + (int)XSTRLEN((const char*)input2)), 1); + ExpectIntEQ(wolfSSL_MD5_Final(hash, &md5), 1); + ExpectIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0); +#if !defined(NO_OLD_NAMES) && \ + (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))) + ExpectPtrNE(MD5(NULL, 1, (byte*)&hash), &hash); + ExpectPtrEq(MD5(input1, 0, (byte*)&hash), &hash); + ExpectPtrNE(MD5(input1, 1, NULL), NULL); + ExpectPtrNE(MD5(NULL, 0, NULL), NULL); + + ExpectPtrEq(MD5(input1, (int)XSTRLEN((const char*)&input1), (byte*)&hash), + &hash); + ExpectIntEQ(XMEMCMP(&hash, output1, WC_MD5_DIGEST_SIZE), 0); + + ExpectPtrEq(MD5(input2, (int)XSTRLEN((const char*)&input2), (byte*)&hash), + &hash); + ExpectIntEQ(XMEMCMP(&hash, output2, WC_MD5_DIGEST_SIZE), 0); + { + byte data[] = "Data to be hashed."; + XMEMSET(hash, 0, WC_MD5_DIGEST_SIZE); + + ExpectNotNull(MD5(data, sizeof(data), NULL)); + ExpectNotNull(MD5(data, sizeof(data), hash)); + ExpectNotNull(MD5(NULL, 0, hash)); + ExpectNull(MD5(NULL, sizeof(data), hash)); + } +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_MD5_Transform(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_MD5) + byte input1[] = ""; + byte input2[] = "abc"; + byte local[WC_MD5_BLOCK_SIZE]; + word32 sLen = 0; +#ifdef BIG_ENDIAN_ORDER + unsigned char output1[] = + "\x03\x1f\x1d\xac\x6e\xa5\x8e\xd0\x1f\xab\x67\xb7\x74\x31\x77\x91"; + unsigned char output2[] = + "\xef\xd3\x79\x8d\x67\x17\x25\x90\xa4\x13\x79\xc7\xe3\xa7\x7b\xbc"; +#else + unsigned char output1[] = + "\xac\x1d\x1f\x03\xd0\x8e\xa5\x6e\xb7\x67\xab\x1f\x91\x77\x31\x74"; + unsigned char output2[] = + "\x8d\x79\xd3\xef\x90\x25\x17\x67\xc7\x79\x13\xa4\xbc\x7b\xa7\xe3"; +#endif + + union { + wc_Md5 native; + MD5_CTX compat; + } md5; + + XMEMSET(&md5.compat, 0, sizeof(md5.compat)); + XMEMSET(&local, 0, sizeof(local)); + + /* sanity check */ + ExpectIntEQ(MD5_Transform(NULL, NULL), 0); + ExpectIntEQ(MD5_Transform(NULL, (const byte*)&input1), 0); + ExpectIntEQ(MD5_Transform(&md5.compat, NULL), 0); + ExpectIntEQ(wc_Md5Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Md5Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Md5Transform(&md5.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Init MD5 CTX */ + ExpectIntEQ(wolfSSL_MD5_Init(&md5.compat), 1); + /* Do Transform*/ + sLen = (word32)XSTRLEN((char*)input1); + XMEMCPY(local, input1, sLen); + ExpectIntEQ(MD5_Transform(&md5.compat, (const byte*)&local[0]), 1); + + ExpectIntEQ(XMEMCMP(md5.native.digest, output1, WC_MD5_DIGEST_SIZE), 0); + + /* Init MD5 CTX */ + ExpectIntEQ(MD5_Init(&md5.compat), 1); + sLen = (word32)XSTRLEN((char*)input2); + XMEMSET(local, 0, WC_MD5_BLOCK_SIZE); + XMEMCPY(local, input2, sLen); + ExpectIntEQ(MD5_Transform(&md5.compat, (const byte*)&local[0]), 1); + ExpectIntEQ(XMEMCMP(md5.native.digest, output2, WC_MD5_DIGEST_SIZE), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_SHA(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(HAVE_SELFTEST) + #if !defined(NO_SHA) && defined(NO_OLD_SHA_NAMES) && \ + (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) + { + const unsigned char in[] = "abc"; + unsigned char expected[] = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E" + "\x25\x71\x78\x50\xC2\x6C\x9C\xD0\xD8\x9D"; + unsigned char out[WC_SHA_DIGEST_SIZE]; + unsigned char* p = NULL; + WOLFSSL_SHA_CTX sha; + + XMEMSET(out, 0, WC_SHA_DIGEST_SIZE); + ExpectNotNull(SHA1(in, XSTRLEN((char*)in), out)); + ExpectIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0); + + /* SHA interface test */ + XMEMSET(out, 0, WC_SHA_DIGEST_SIZE); + + ExpectNull(SHA(NULL, XSTRLEN((char*)in), out)); + ExpectNotNull(SHA(in, 0, out)); + ExpectNotNull(SHA(in, XSTRLEN((char*)in), NULL)); + ExpectNotNull(SHA(NULL, 0, out)); + ExpectNotNull(SHA(NULL, 0, NULL)); + + ExpectNotNull(SHA(in, XSTRLEN((char*)in), out)); + ExpectIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0); + ExpectNotNull(p = SHA(in, XSTRLEN((char*)in), NULL)); + ExpectIntEQ(XMEMCMP(p, expected, WC_SHA_DIGEST_SIZE), 0); + + ExpectIntEQ(wolfSSL_SHA_Init(&sha), 1); + ExpectIntEQ(wolfSSL_SHA_Update(&sha, in, XSTRLEN((char*)in)), 1); + ExpectIntEQ(wolfSSL_SHA_Final(out, &sha), 1); + ExpectIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0); + + ExpectIntEQ(wolfSSL_SHA1_Init(&sha), 1); + ExpectIntEQ(wolfSSL_SHA1_Update(&sha, in, XSTRLEN((char*)in)), 1); + ExpectIntEQ(wolfSSL_SHA1_Final(out, &sha), 1); + ExpectIntEQ(XMEMCMP(out, expected, WC_SHA_DIGEST_SIZE), 0); + } + #endif + + #if !defined(NO_SHA256) + { + const unsigned char in[] = "abc"; + unsigned char expected[] = + "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" + "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" + "\x15\xAD"; + unsigned char out[WC_SHA256_DIGEST_SIZE]; + unsigned char* p = NULL; + + XMEMSET(out, 0, WC_SHA256_DIGEST_SIZE); +#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS) + ExpectNotNull(SHA256(in, XSTRLEN((char*)in), out)); +#else + ExpectNotNull(wolfSSL_SHA256(in, XSTRLEN((char*)in), out)); +#endif + ExpectIntEQ(XMEMCMP(out, expected, WC_SHA256_DIGEST_SIZE), 0); +#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS) + ExpectNotNull(p = SHA256(in, XSTRLEN((char*)in), NULL)); +#else + ExpectNotNull(p = wolfSSL_SHA256(in, XSTRLEN((char*)in), NULL)); +#endif + ExpectIntEQ(XMEMCMP(p, expected, WC_SHA256_DIGEST_SIZE), 0); + } + #endif + + #if defined(WOLFSSL_SHA384) + { + const unsigned char in[] = "abc"; + unsigned char expected[] = + "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" + "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff" + "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" + "\xc8\x25\xa7"; + unsigned char out[WC_SHA384_DIGEST_SIZE]; + unsigned char* p = NULL; + + XMEMSET(out, 0, WC_SHA384_DIGEST_SIZE); +#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS) + ExpectNotNull(SHA384(in, XSTRLEN((char*)in), out)); +#else + ExpectNotNull(wolfSSL_SHA384(in, XSTRLEN((char*)in), out)); +#endif + ExpectIntEQ(XMEMCMP(out, expected, WC_SHA384_DIGEST_SIZE), 0); +#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS) + ExpectNotNull(p = SHA384(in, XSTRLEN((char*)in), NULL)); +#else + ExpectNotNull(p = wolfSSL_SHA384(in, XSTRLEN((char*)in), NULL)); +#endif + ExpectIntEQ(XMEMCMP(p, expected, WC_SHA384_DIGEST_SIZE), 0); + } + #endif + + #if defined(WOLFSSL_SHA512) + { + const unsigned char in[] = "abc"; + unsigned char expected[] = + "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41" + "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55" + "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3" + "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f" + "\xa5\x4c\xa4\x9f"; + unsigned char out[WC_SHA512_DIGEST_SIZE]; + unsigned char* p = NULL; + + XMEMSET(out, 0, WC_SHA512_DIGEST_SIZE); +#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS) + ExpectNotNull(SHA512(in, XSTRLEN((char*)in), out)); +#else + ExpectNotNull(wolfSSL_SHA512(in, XSTRLEN((char*)in), out)); +#endif + ExpectIntEQ(XMEMCMP(out, expected, WC_SHA512_DIGEST_SIZE), 0); +#if !defined(NO_OLD_NAMES) && !defined(HAVE_FIPS) + ExpectNotNull(p = SHA512(in, XSTRLEN((char*)in), NULL)); +#else + ExpectNotNull(p = wolfSSL_SHA512(in, XSTRLEN((char*)in), NULL)); +#endif + ExpectIntEQ(XMEMCMP(p, expected, WC_SHA512_DIGEST_SIZE), 0); + } + #endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_SHA_Transform(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_SHA) +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + byte input1[] = ""; + byte input2[] = "abc"; + byte local[WC_SHA_BLOCK_SIZE]; + word32 sLen = 0; +#ifdef BIG_ENDIAN_ORDER + unsigned char output1[] = + "\x92\xb4\x04\xe5\x56\x58\x8c\xed\x6c\x1a\xcd\x4e\xbf\x05\x3f\x68" + "\x09\xf7\x3a\x93"; + unsigned char output2[] = + "\x97\xb2\x74\x8b\x4f\x5b\xbc\xca\x5b\xc0\xe6\xea\x2d\x40\xb4\xa0" + "\x7c\x6e\x08\xb8"; +#else + unsigned char output1[] = + "\xe5\x04\xb4\x92\xed\x8c\x58\x56\x4e\xcd\x1a\x6c\x68\x3f\x05\xbf" + "\x93\x3a\xf7\x09"; + unsigned char output2[] = + "\x8b\x74\xb2\x97\xca\xbc\x5b\x4f\xea\xe6\xc0\x5b\xa0\xb4\x40\x2d" + "\xb8\x08\x6e\x7c"; +#endif + + union { + wc_Sha native; + SHA_CTX compat; + } sha; + union { + wc_Sha native; + SHA_CTX compat; + } sha1; + + XMEMSET(&sha.compat, 0, sizeof(sha.compat)); + XMEMSET(&local, 0, sizeof(local)); + + /* sanity check */ + ExpectIntEQ(SHA_Transform(NULL, NULL), 0); + ExpectIntEQ(SHA_Transform(NULL, (const byte*)&input1), 0); + ExpectIntEQ(SHA_Transform(&sha.compat, NULL), 0); + ExpectIntEQ(SHA1_Transform(NULL, NULL), 0); + ExpectIntEQ(SHA1_Transform(NULL, (const byte*)&input1), 0); + ExpectIntEQ(SHA1_Transform(&sha.compat, NULL), 0); + ExpectIntEQ(wc_ShaTransform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ShaTransform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ShaTransform(&sha.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Init SHA CTX */ + ExpectIntEQ(SHA_Init(&sha.compat), 1); + /* Do Transform*/ + sLen = (word32)XSTRLEN((char*)input1); + XMEMCPY(local, input1, sLen); + ExpectIntEQ(SHA_Transform(&sha.compat, (const byte*)&local[0]), 1); + ExpectIntEQ(XMEMCMP(sha.native.digest, output1, WC_SHA_DIGEST_SIZE), 0); + ExpectIntEQ(SHA_Final(local, &sha.compat), 1); /* frees resources */ + + /* Init SHA CTX */ + ExpectIntEQ(SHA_Init(&sha.compat), 1); + sLen = (word32)XSTRLEN((char*)input2); + XMEMSET(local, 0, WC_SHA_BLOCK_SIZE); + XMEMCPY(local, input2, sLen); + ExpectIntEQ(SHA_Transform(&sha.compat, (const byte*)&local[0]), 1); + ExpectIntEQ(XMEMCMP(sha.native.digest, output2, WC_SHA_DIGEST_SIZE), 0); + ExpectIntEQ(SHA_Final(local, &sha.compat), 1); /* frees resources */ + + /* SHA1 */ + XMEMSET(local, 0, WC_SHA_BLOCK_SIZE); + /* Init SHA CTX */ + ExpectIntEQ(SHA1_Init(&sha1.compat), 1); + /* Do Transform*/ + sLen = (word32)XSTRLEN((char*)input1); + XMEMCPY(local, input1, sLen); + ExpectIntEQ(SHA1_Transform(&sha1.compat, (const byte*)&local[0]), 1); + ExpectIntEQ(XMEMCMP(sha1.native.digest, output1, WC_SHA_DIGEST_SIZE), 0); + ExpectIntEQ(SHA1_Final(local, &sha1.compat), 1); /* frees resources */ + + /* Init SHA CTX */ + ExpectIntEQ(SHA1_Init(&sha1.compat), 1); + sLen = (word32)XSTRLEN((char*)input2); + XMEMSET(local, 0, WC_SHA_BLOCK_SIZE); + XMEMCPY(local, input2, sLen); + ExpectIntEQ(SHA1_Transform(&sha1.compat, (const byte*)&local[0]), 1); + ExpectIntEQ(XMEMCMP(sha1.native.digest, output2, WC_SHA_DIGEST_SIZE), 0); + ExpectIntEQ(SHA_Final(local, &sha1.compat), 1); /* frees resources */ +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_SHA224(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA224) && \ + !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) + unsigned char input[] = + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + unsigned char output[] = + "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01" + "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25"; + size_t inLen; + byte hash[WC_SHA224_DIGEST_SIZE]; + unsigned char* p = NULL; + + inLen = XSTRLEN((char*)input); + + XMEMSET(hash, 0, WC_SHA224_DIGEST_SIZE); + + ExpectNull(SHA224(NULL, inLen, hash)); + ExpectNotNull(SHA224(input, 0, hash)); + ExpectNotNull(SHA224(input, inLen, NULL)); + ExpectNotNull(SHA224(NULL, 0, hash)); + ExpectNotNull(SHA224(NULL, 0, NULL)); + + ExpectNotNull(SHA224(input, inLen, hash)); + ExpectIntEQ(XMEMCMP(hash, output, WC_SHA224_DIGEST_SIZE), 0); + ExpectNotNull(p = SHA224(input, inLen, NULL)); + ExpectIntEQ(XMEMCMP(p, output, WC_SHA224_DIGEST_SIZE), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_SHA256(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) && \ + defined(NO_OLD_SHA_NAMES) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + unsigned char input[] = + "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + unsigned char output[] = + "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" + "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" + "\x06\xC1"; + size_t inLen; + byte hash[WC_SHA256_DIGEST_SIZE]; + + inLen = XSTRLEN((char*)input); + + XMEMSET(hash, 0, WC_SHA256_DIGEST_SIZE); + ExpectNotNull(SHA256(input, inLen, hash)); + ExpectIntEQ(XMEMCMP(hash, output, WC_SHA256_DIGEST_SIZE), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_SHA256_Transform(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_SHA256) +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \ + !defined(WOLFSSL_DEVCRYPTO_HASH) && !defined(WOLFSSL_AFALG_HASH) && \ + !defined(WOLFSSL_KCAPI_HASH) + byte input1[] = ""; + byte input2[] = "abc"; + byte local[WC_SHA256_BLOCK_SIZE]; + word32 sLen = 0; +#ifdef BIG_ENDIAN_ORDER + unsigned char output1[] = + "\xda\x56\x98\xbe\x17\xb9\xb4\x69\x62\x33\x57\x99\x77\x9f\xbe\xca" + "\x8c\xe5\xd4\x91\xc0\xd2\x62\x43\xba\xfe\xf9\xea\x18\x37\xa9\xd8"; + unsigned char output2[] = + "\x1d\x4e\xd4\x67\x67\x7c\x61\x67\x44\x10\x76\x26\x78\x10\xff\xb8" + "\x40\xc8\x9a\x39\x73\x16\x60\x8c\xa6\x61\xd6\x05\x91\xf2\x8c\x35"; +#else + unsigned char output1[] = + "\xbe\x98\x56\xda\x69\xb4\xb9\x17\x99\x57\x33\x62\xca\xbe\x9f\x77" + "\x91\xd4\xe5\x8c\x43\x62\xd2\xc0\xea\xf9\xfe\xba\xd8\xa9\x37\x18"; + unsigned char output2[] = + "\x67\xd4\x4e\x1d\x67\x61\x7c\x67\x26\x76\x10\x44\xb8\xff\x10\x78" + "\x39\x9a\xc8\x40\x8c\x60\x16\x73\x05\xd6\x61\xa6\x35\x8c\xf2\x91"; +#endif + union { + wc_Sha256 native; + SHA256_CTX compat; + } sha256; + + XMEMSET(&sha256.compat, 0, sizeof(sha256.compat)); + XMEMSET(&local, 0, sizeof(local)); + + /* sanity check */ + ExpectIntEQ(SHA256_Transform(NULL, NULL), 0); + ExpectIntEQ(SHA256_Transform(NULL, (const byte*)&input1), 0); + ExpectIntEQ(SHA256_Transform(&sha256.compat, NULL), 0); + ExpectIntEQ(wc_Sha256Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sha256Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sha256Transform(&sha256.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Init SHA256 CTX */ + ExpectIntEQ(SHA256_Init(&sha256.compat), 1); + /* Do Transform*/ + sLen = (word32)XSTRLEN((char*)input1); + XMEMCPY(local, input1, sLen); + ExpectIntEQ(SHA256_Transform(&sha256.compat, (const byte*)&local[0]), 1); + ExpectIntEQ(XMEMCMP(sha256.native.digest, output1, WC_SHA256_DIGEST_SIZE), + 0); + ExpectIntEQ(SHA256_Final(local, &sha256.compat), 1); /* frees resources */ + + /* Init SHA256 CTX */ + ExpectIntEQ(SHA256_Init(&sha256.compat), 1); + sLen = (word32)XSTRLEN((char*)input2); + XMEMSET(local, 0, WC_SHA256_BLOCK_SIZE); + XMEMCPY(local, input2, sLen); + ExpectIntEQ(SHA256_Transform(&sha256.compat, (const byte*)&local[0]), 1); + ExpectIntEQ(XMEMCMP(sha256.native.digest, output2, WC_SHA256_DIGEST_SIZE), + 0); + ExpectIntEQ(SHA256_Final(local, &sha256.compat), 1); /* frees resources */ +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_SHA512_Transform(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512) +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \ + !defined(WOLFSSL_KCAPI_HASH) + byte input1[] = ""; + byte input2[] = "abc"; + byte local[WC_SHA512_BLOCK_SIZE]; + word32 sLen = 0; +#ifdef BIG_ENDIAN_ORDER + unsigned char output1[] = + "\xcf\x78\x81\xd5\x77\x4a\xcb\xe8\x53\x33\x62\xe0\xfb\xc7\x80\x70" + "\x02\x67\x63\x9d\x87\x46\x0e\xda\x30\x86\xcb\x40\xe8\x59\x31\xb0" + "\x71\x7d\xc9\x52\x88\xa0\x23\xa3\x96\xba\xb2\xc1\x4c\xe0\xb5\xe0" + "\x6f\xc4\xfe\x04\xea\xe3\x3e\x0b\x91\xf4\xd8\x0c\xbd\x66\x8b\xee"; + unsigned char output2[] = + "\x11\x10\x93\x4e\xeb\xa0\xcc\x0d\xfd\x33\x43\x9c\xfb\x04\xc8\x21" + "\xa9\xb4\x26\x3d\xca\xab\x31\x41\xe2\xc6\xaa\xaf\xe1\x67\xd7\xab" + "\x31\x8f\x2e\x54\x2c\xba\x4e\x83\xbe\x88\xec\x9d\x8f\x2b\x38\x98" + "\x14\xd2\x4e\x9d\x53\x8b\x5e\x4d\xde\x68\x6c\x69\xaf\x20\x96\xf0"; +#else + unsigned char output1[] = + "\xe8\xcb\x4a\x77\xd5\x81\x78\xcf\x70\x80\xc7\xfb\xe0\x62\x33\x53" + "\xda\x0e\x46\x87\x9d\x63\x67\x02\xb0\x31\x59\xe8\x40\xcb\x86\x30" + "\xa3\x23\xa0\x88\x52\xc9\x7d\x71\xe0\xb5\xe0\x4c\xc1\xb2\xba\x96" + "\x0b\x3e\xe3\xea\x04\xfe\xc4\x6f\xee\x8b\x66\xbd\x0c\xd8\xf4\x91"; + unsigned char output2[] = + "\x0d\xcc\xa0\xeb\x4e\x93\x10\x11\x21\xc8\x04\xfb\x9c\x43\x33\xfd" + "\x41\x31\xab\xca\x3d\x26\xb4\xa9\xab\xd7\x67\xe1\xaf\xaa\xc6\xe2" + "\x83\x4e\xba\x2c\x54\x2e\x8f\x31\x98\x38\x2b\x8f\x9d\xec\x88\xbe" + "\x4d\x5e\x8b\x53\x9d\x4e\xd2\x14\xf0\x96\x20\xaf\x69\x6c\x68\xde"; +#endif + union { + wc_Sha512 native; + SHA512_CTX compat; + } sha512; + + XMEMSET(&sha512.compat, 0, sizeof(sha512.compat)); + XMEMSET(&local, 0, sizeof(local)); + + /* sanity check */ + ExpectIntEQ(SHA512_Transform(NULL, NULL), 0); + ExpectIntEQ(SHA512_Transform(NULL, (const byte*)&input1), 0); + ExpectIntEQ(SHA512_Transform(&sha512.compat, NULL), 0); + ExpectIntEQ(wc_Sha512Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sha512Transform(NULL, (const byte*)&input1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sha512Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Init SHA512 CTX */ + ExpectIntEQ(wolfSSL_SHA512_Init(&sha512.compat), 1); + + /* Do Transform*/ + sLen = (word32)XSTRLEN((char*)input1); + XMEMCPY(local, input1, sLen); + ExpectIntEQ(SHA512_Transform(&sha512.compat, (const byte*)&local[0]), 1); + ExpectIntEQ(XMEMCMP(sha512.native.digest, output1, + WC_SHA512_DIGEST_SIZE), 0); + ExpectIntEQ(SHA512_Final(local, &sha512.compat), 1); /* frees resources */ + + /* Init SHA512 CTX */ + ExpectIntEQ(SHA512_Init(&sha512.compat), 1); + sLen = (word32)XSTRLEN((char*)input2); + XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE); + XMEMCPY(local, input2, sLen); + ExpectIntEQ(SHA512_Transform(&sha512.compat, (const byte*)&local[0]), 1); + ExpectIntEQ(XMEMCMP(sha512.native.digest, output2, + WC_SHA512_DIGEST_SIZE), 0); + ExpectIntEQ(SHA512_Final(local, &sha512.compat), 1); /* frees resources */ + + (void)input1; +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_SHA512_224_Transform(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512) && \ + !defined(WOLFSSL_NOSHA512_224) +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \ + !defined(WOLFSSL_KCAPI_HASH) + byte input1[] = ""; + byte input2[] = "abc"; + byte local[WC_SHA512_BLOCK_SIZE]; + word32 sLen = 0; + unsigned char output1[] = + "\x94\x24\x66\xd4\x60\x3a\xeb\x23\x1d\xa8\x69\x31\x3c\xd2\xde\x11" + "\x48\x0f\x4a\x5a\xdf\x3a\x8d\x87\xcf\xcd\xbf\xa5\x03\x21\x50\xf1" + "\x8a\x0d\x0f\x0d\x3c\x07\xba\x52\xe0\xaa\x3c\xbb\xf1\xd3\x3f\xca" + "\x12\xa7\x61\xf8\x47\xda\x0d\x1b\x79\xc2\x65\x13\x92\xc1\x9c\xa5"; + unsigned char output2[] = + "\x51\x28\xe7\x0b\xca\x1e\xbc\x5f\xd7\x34\x0b\x48\x30\xd7\xc2\x75" + "\x6d\x8d\x48\x2c\x1f\xc7\x9e\x2b\x20\x5e\xbb\x0f\x0e\x4d\xb7\x61" + "\x31\x76\x33\xa0\xb4\x3d\x5f\x93\xc1\x73\xac\xf7\x21\xff\x69\x17" + "\xce\x66\xe5\x1e\x31\xe7\xf3\x22\x0f\x0b\x34\xd7\x5a\x57\xeb\xbf"; + union { + wc_Sha512 native; + SHA512_CTX compat; + } sha512; + +#ifdef BIG_ENDIAN_ORDER + ByteReverseWords64((word64*)output1, (word64*)output1, sizeof(output1)); + ByteReverseWords64((word64*)output2, (word64*)output2, sizeof(output2)); +#endif + + XMEMSET(&sha512.compat, 0, sizeof(sha512.compat)); + XMEMSET(&local, 0, sizeof(local)); + + /* sanity check */ + ExpectIntEQ(SHA512_224_Transform(NULL, NULL), 0); + ExpectIntEQ(SHA512_224_Transform(NULL, (const byte*)&input1), 0); + ExpectIntEQ(SHA512_224_Transform(&sha512.compat, NULL), 0); + ExpectIntEQ(wc_Sha512_224Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sha512_224Transform(NULL, (const byte*)&input1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sha512_224Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Init SHA512 CTX */ + ExpectIntEQ(wolfSSL_SHA512_224_Init(&sha512.compat), 1); + + /* Do Transform*/ + sLen = (word32)XSTRLEN((char*)input1); + XMEMCPY(local, input1, sLen); + ExpectIntEQ(SHA512_224_Transform(&sha512.compat, (const byte*)&local[0]), + 1); + ExpectIntEQ(XMEMCMP(sha512.native.digest, output1, + WC_SHA512_DIGEST_SIZE), 0); + /* frees resources */ + ExpectIntEQ(SHA512_224_Final(local, &sha512.compat), 1); + + /* Init SHA512 CTX */ + ExpectIntEQ(SHA512_224_Init(&sha512.compat), 1); + sLen = (word32)XSTRLEN((char*)input2); + XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE); + XMEMCPY(local, input2, sLen); + ExpectIntEQ(SHA512_224_Transform(&sha512.compat, (const byte*)&local[0]), + 1); + ExpectIntEQ(XMEMCMP(sha512.native.digest, output2, + WC_SHA512_DIGEST_SIZE), 0); + /* frees resources */ + ExpectIntEQ(SHA512_224_Final(local, &sha512.compat), 1); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_SHA512_256_Transform(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_SHA512) && \ + !defined(WOLFSSL_NOSHA512_256) +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \ + !defined(WOLFSSL_KCAPI_HASH) + byte input1[] = ""; + byte input2[] = "abc"; + byte local[WC_SHA512_BLOCK_SIZE]; + word32 sLen = 0; + unsigned char output1[] = + "\xf8\x37\x37\x5a\xd7\x2e\x56\xec\xe2\x51\xa8\x31\x3a\xa0\x63\x2b" + "\x7e\x7c\x64\xcc\xd9\xff\x2b\x6b\xeb\xc3\xd4\x4d\x7f\x8a\x3a\xb5" + "\x61\x85\x0b\x37\x30\x9f\x3b\x08\x5e\x7b\xd3\xbc\x6d\x00\x61\xc0" + "\x65\x9a\xd7\x73\xda\x40\xbe\xc1\xe5\x2f\xc6\x5d\xb7\x9f\xbe\x60"; + unsigned char output2[] = + "\x22\xad\xc0\x30\xee\xd4\x6a\xef\x13\xee\x5a\x95\x8b\x1f\xb7\xb6" + "\xb6\xba\xc0\x44\xb8\x18\x3b\xf0\xf6\x4b\x70\x9f\x03\xba\x64\xa1" + "\xe1\xe3\x45\x15\x91\x7d\xcb\x0b\x9a\xf0\xd2\x8e\x47\x8b\x37\x78" + "\x91\x41\xa6\xc4\xb0\x29\x8f\x8b\xdd\x78\x5c\xf2\x73\x3f\x21\x31"; + union { + wc_Sha512 native; + SHA512_CTX compat; + } sha512; + +#ifdef BIG_ENDIAN_ORDER + ByteReverseWords64((word64*)output1, (word64*)output1, sizeof(output1)); + ByteReverseWords64((word64*)output2, (word64*)output2, sizeof(output2)); +#endif + + XMEMSET(&sha512.compat, 0, sizeof(sha512.compat)); + XMEMSET(&local, 0, sizeof(local)); + + /* sanity check */ + ExpectIntEQ(SHA512_256_Transform(NULL, NULL), 0); + ExpectIntEQ(SHA512_256_Transform(NULL, (const byte*)&input1), 0); + ExpectIntEQ(SHA512_256_Transform(&sha512.compat, NULL), 0); + ExpectIntEQ(wc_Sha512_256Transform(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sha512_256Transform(NULL, (const byte*)&input1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sha512_256Transform(&sha512.native, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Init SHA512 CTX */ + ExpectIntEQ(wolfSSL_SHA512_256_Init(&sha512.compat), 1); + + /* Do Transform*/ + sLen = (word32)XSTRLEN((char*)input1); + XMEMCPY(local, input1, sLen); + ExpectIntEQ(SHA512_256_Transform(&sha512.compat, (const byte*)&local[0]), + 1); + ExpectIntEQ(XMEMCMP(sha512.native.digest, output1, + WC_SHA512_DIGEST_SIZE), 0); + /* frees resources */ + ExpectIntEQ(SHA512_256_Final(local, &sha512.compat), 1); + + /* Init SHA512 CTX */ + ExpectIntEQ(SHA512_256_Init(&sha512.compat), 1); + sLen = (word32)XSTRLEN((char*)input2); + XMEMSET(local, 0, WC_SHA512_BLOCK_SIZE); + XMEMCPY(local, input2, sLen); + ExpectIntEQ(SHA512_256_Transform(&sha512.compat, (const byte*)&local[0]), + 1); + ExpectIntEQ(XMEMCMP(sha512.native.digest, output2, + WC_SHA512_DIGEST_SIZE), 0); + /* frees resources */ + ExpectIntEQ(SHA512_256_Final(local, &sha512.compat), 1); +#endif +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_dgst.h b/test/ssl/wolfssl/tests/api/test_ossl_dgst.h new file mode 100644 index 000000000..3b77f535a --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_dgst.h @@ -0,0 +1,53 @@ +/* test_ossl_dgst.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_DGST_H +#define WOLFCRYPT_TEST_OSSL_DGST_H + +#include + +int test_wolfSSL_MD4(void); +int test_wolfSSL_MD5(void); +int test_wolfSSL_MD5_Transform(void); +int test_wolfSSL_SHA(void); +int test_wolfSSL_SHA_Transform(void); +int test_wolfSSL_SHA224(void); +int test_wolfSSL_SHA256(void); +int test_wolfSSL_SHA256_Transform(void); +int test_wolfSSL_SHA512_Transform(void); +int test_wolfSSL_SHA512_224_Transform(void); +int test_wolfSSL_SHA512_256_Transform(void); + +#define TEST_OSSL_DIGEST_DECLS \ + TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_MD4), \ + TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_MD5), \ + TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_MD5_Transform), \ + TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_SHA), \ + TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_SHA_Transform), \ + TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_SHA224), \ + TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_SHA256), \ + TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_SHA256_Transform), \ + TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_SHA512_Transform), \ + TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_SHA512_224_Transform), \ + TEST_DECL_GROUP("ossl_dgst", test_wolfSSL_SHA512_256_Transform) + +#endif /* WOLFCRYPT_TEST_OSSL_DGST_H */ + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_dh.c b/test/ssl/wolfssl/tests/api/test_ossl_dh.c new file mode 100644 index 000000000..687155eb9 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_dh.c @@ -0,0 +1,1145 @@ +/* test_ossl_dh.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/******************************************************************************* + * DH OpenSSL compatibility API Testing + ******************************************************************************/ + +int test_wolfSSL_DH(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_DH) + DH *dh = NULL; + BIGNUM* p; + BIGNUM* q; + BIGNUM* g; + BIGNUM* pub = NULL; + BIGNUM* priv = NULL; +#if defined(OPENSSL_ALL) +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)) + FILE* f = NULL; + unsigned char buf[268]; + const unsigned char* pt = buf; + long len = 0; + + dh = NULL; + XMEMSET(buf, 0, sizeof(buf)); + /* Test 2048 bit parameters */ + ExpectTrue((f = XFOPEN("./certs/dh2048.der", "rb")) != XBADFILE); + ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectNotNull(dh = d2i_DHparams(NULL, &pt, len)); + ExpectNotNull(dh->p); + ExpectNotNull(dh->g); + ExpectTrue(pt == buf); + ExpectIntEQ(DH_generate_key(dh), 1); + + /* first, test for expected successful key agreement. */ + if (EXPECT_SUCCESS()) { + DH *dh2 = NULL; + unsigned char buf2[268]; + int sz1 = 0, sz2 = 0; + + ExpectNotNull(dh2 = d2i_DHparams(NULL, &pt, len)); + ExpectIntEQ(DH_generate_key(dh2), 1); + + ExpectIntGT(sz1=DH_compute_key(buf, dh2->pub_key, dh), 0); + ExpectIntGT(sz2=DH_compute_key(buf2, dh->pub_key, dh2), 0); + ExpectIntEQ(sz1, sz2); + ExpectIntEQ(XMEMCMP(buf, buf2, (size_t)sz1), 0); + + ExpectIntNE(sz1 = DH_size(dh), 0); + ExpectIntEQ(DH_compute_key_padded(buf, dh2->pub_key, dh), sz1); + ExpectIntEQ(DH_compute_key_padded(buf2, dh->pub_key, dh2), sz1); + ExpectIntEQ(XMEMCMP(buf, buf2, (size_t)sz1), 0); + + if (dh2 != NULL) + DH_free(dh2); + } + + ExpectIntEQ(DH_generate_key(dh), 1); + ExpectIntEQ(DH_compute_key(NULL, NULL, NULL), -1); + ExpectNotNull(pub = BN_new()); + ExpectIntEQ(BN_set_word(pub, 1), 1); + ExpectIntEQ(DH_compute_key(buf, NULL, NULL), -1); + ExpectIntEQ(DH_compute_key(NULL, pub, NULL), -1); + ExpectIntEQ(DH_compute_key(NULL, NULL, dh), -1); + ExpectIntEQ(DH_compute_key(buf, pub, NULL), -1); + ExpectIntEQ(DH_compute_key(buf, NULL, dh), -1); + ExpectIntEQ(DH_compute_key(NULL, pub, dh), -1); + ExpectIntEQ(DH_compute_key(buf, pub, dh), -1); + BN_free(pub); + pub = NULL; + + DH_get0_pqg(dh, (const BIGNUM**)&p, + (const BIGNUM**)&q, + (const BIGNUM**)&g); + ExpectPtrEq(p, dh->p); + ExpectPtrEq(q, dh->q); + ExpectPtrEq(g, dh->g); + DH_get0_key(NULL, (const BIGNUM**)&pub, (const BIGNUM**)&priv); + DH_get0_key(dh, (const BIGNUM**)&pub, (const BIGNUM**)&priv); + ExpectPtrEq(pub, dh->pub_key); + ExpectPtrEq(priv, dh->priv_key); + DH_get0_key(dh, (const BIGNUM**)&pub, NULL); + ExpectPtrEq(pub, dh->pub_key); + DH_get0_key(dh, NULL, (const BIGNUM**)&priv); + ExpectPtrEq(priv, dh->priv_key); + pub = NULL; + priv = NULL; + ExpectNotNull(pub = BN_new()); + ExpectNotNull(priv = BN_new()); + ExpectIntEQ(DH_set0_key(NULL, pub, priv), 0); + ExpectIntEQ(DH_set0_key(dh, pub, priv), 1); + if (EXPECT_FAIL()) { + BN_free(pub); + BN_free(priv); + } + pub = NULL; + priv = NULL; + ExpectNotNull(pub = BN_new()); + ExpectIntEQ(DH_set0_key(dh, pub, NULL), 1); + if (EXPECT_FAIL()) { + BN_free(pub); + } + ExpectNotNull(priv = BN_new()); + ExpectIntEQ(DH_set0_key(dh, NULL, priv), 1); + if (EXPECT_FAIL()) { + BN_free(priv); + } + ExpectPtrEq(pub, dh->pub_key); + ExpectPtrEq(priv, dh->priv_key); + pub = NULL; + priv = NULL; + + DH_free(dh); + dh = NULL; + + ExpectNotNull(dh = DH_new()); + p = NULL; + ExpectNotNull(p = BN_new()); + ExpectIntEQ(BN_set_word(p, 1), 1); + ExpectIntEQ(DH_compute_key(buf, p, dh), -1); + ExpectNotNull(pub = BN_new()); + ExpectNotNull(priv = BN_new()); + ExpectIntEQ(DH_set0_key(dh, pub, priv), 1); + if (EXPECT_FAIL()) { + BN_free(pub); + BN_free(priv); + } + pub = NULL; + priv = NULL; + ExpectIntEQ(DH_compute_key(buf, p, dh), -1); + BN_free(p); + p = NULL; + DH_free(dh); + dh = NULL; + +#ifdef WOLFSSL_KEY_GEN + ExpectNotNull(dh = DH_generate_parameters(2048, 2, NULL, NULL)); + ExpectIntEQ(wolfSSL_DH_generate_parameters_ex(NULL, 2048, 2, NULL), 0); + DH_free(dh); + dh = NULL; +#endif +#endif /* !HAVE_FIPS || (HAVE_FIPS_VERSION && HAVE_FIPS_VERSION > 2) */ +#endif /* OPENSSL_ALL */ + + (void)dh; + (void)p; + (void)q; + (void)g; + (void)pub; + (void)priv; + + ExpectNotNull(dh = wolfSSL_DH_new()); + + /* invalid parameters test */ + DH_get0_pqg(NULL, (const BIGNUM**)&p, + (const BIGNUM**)&q, + (const BIGNUM**)&g); + + DH_get0_pqg(dh, NULL, + (const BIGNUM**)&q, + (const BIGNUM**)&g); + + DH_get0_pqg(dh, NULL, NULL, (const BIGNUM**)&g); + + DH_get0_pqg(dh, NULL, NULL, NULL); + + DH_get0_pqg(dh, (const BIGNUM**)&p, + (const BIGNUM**)&q, + (const BIGNUM**)&g); + + ExpectPtrEq(p, NULL); + ExpectPtrEq(q, NULL); + ExpectPtrEq(g, NULL); + DH_free(dh); + dh = NULL; + +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS) && !defined(WOLFSSL_DH_EXTRA)) \ + || (defined(HAVE_FIPS_VERSION) && FIPS_VERSION_GT(2,0)) +#if defined(OPENSSL_ALL) || \ + defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L + dh = wolfSSL_DH_new(); + ExpectNotNull(dh); + p = wolfSSL_BN_new(); + ExpectNotNull(p); + ExpectIntEQ(BN_set_word(p, 11), 1); + g = wolfSSL_BN_new(); + ExpectNotNull(g); + ExpectIntEQ(BN_set_word(g, 2), 1); + q = wolfSSL_BN_new(); + ExpectNotNull(q); + ExpectIntEQ(BN_set_word(q, 5), 1); + ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, p, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, q, NULL), 0); + ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, NULL, NULL, g), 0); + ExpectIntEQ(wolfSSL_DH_set0_pqg(NULL, p, q, g), 0); + ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, q, g), 0); + ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, q, NULL), 0); + /* Don't need q. */ + ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1); + if (EXPECT_FAIL()) { + BN_free(p); + BN_free(g); + } + p = NULL; + g = NULL; + /* Setting again will free the p and g. */ + wolfSSL_BN_free(q); + q = NULL; + DH_free(dh); + dh = NULL; + + dh = wolfSSL_DH_new(); + ExpectNotNull(dh); + + p = wolfSSL_BN_new(); + ExpectNotNull(p); + ExpectIntEQ(BN_set_word(p, 11), 1); + g = wolfSSL_BN_new(); + ExpectNotNull(g); + ExpectIntEQ(BN_set_word(g, 2), 1); + q = wolfSSL_BN_new(); + ExpectNotNull(q); + ExpectIntEQ(BN_set_word(q, 5), 1); + ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, q, g), 1); + /* p, q and g are now owned by dh - don't free. */ + if (EXPECT_FAIL()) { + BN_free(p); + BN_free(q); + BN_free(g); + } + p = NULL; + q = NULL; + g = NULL; + + p = wolfSSL_BN_new(); + ExpectNotNull(p); + ExpectIntEQ(BN_set_word(p, 11), 1); + g = wolfSSL_BN_new(); + ExpectNotNull(g); + ExpectIntEQ(BN_set_word(g, 2), 1); + q = wolfSSL_BN_new(); + ExpectNotNull(q); + ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, NULL), 1); + if (EXPECT_FAIL()) { + BN_free(p); + } + p = NULL; + ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, q, NULL), 1); + if (EXPECT_FAIL()) { + BN_free(q); + } + q = NULL; + ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, g), 1); + if (EXPECT_FAIL()) { + BN_free(g); + } + g = NULL; + ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, NULL, NULL, NULL), 1); + /* p, q and g are now owned by dh - don't free. */ + + DH_free(dh); + dh = NULL; + + ExpectIntEQ(DH_generate_key(NULL), 0); + ExpectNotNull(dh = DH_new()); + ExpectIntEQ(DH_generate_key(dh), 0); + p = wolfSSL_BN_new(); + ExpectNotNull(p); + ExpectIntEQ(BN_set_word(p, 0), 1); + g = wolfSSL_BN_new(); + ExpectNotNull(g); + ExpectIntEQ(BN_set_word(g, 2), 1); + ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1); + if (EXPECT_FAIL()) { + BN_free(p); + BN_free(g); + } + p = NULL; + g = NULL; + ExpectIntEQ(DH_generate_key(dh), 0); + DH_free(dh); + dh = NULL; +#endif +#endif + + /* Test DH_up_ref() */ + dh = wolfSSL_DH_new(); + ExpectNotNull(dh); + ExpectIntEQ(wolfSSL_DH_up_ref(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_DH_up_ref(dh), WOLFSSL_SUCCESS); + DH_free(dh); /* decrease ref count */ + DH_free(dh); /* free WOLFSSL_DH */ + dh = NULL; + q = NULL; + + ExpectNull((dh = DH_new_by_nid(NID_sha1))); +#if (defined(HAVE_PUBLIC_FFDHE) || (defined(HAVE_FIPS) && \ + FIPS_VERSION_EQ(2,0))) || (!defined(HAVE_PUBLIC_FFDHE) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0))) +#ifdef HAVE_FFDHE_2048 + ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe2048))); + DH_free(dh); + dh = NULL; + q = NULL; +#endif +#ifdef HAVE_FFDHE_3072 + ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe3072))); + DH_free(dh); + dh = NULL; + q = NULL; +#endif +#ifdef HAVE_FFDHE_4096 + ExpectNotNull((dh = DH_new_by_nid(NID_ffdhe4096))); + DH_free(dh); + dh = NULL; + q = NULL; +#endif +#else + ExpectNull((dh = DH_new_by_nid(NID_ffdhe2048))); +#endif /* (HAVE_PUBLIC_FFDHE || (HAVE_FIPS && HAVE_FIPS_VERSION == 2)) || + * (!HAVE_PUBLIC_FFDHE && (!HAVE_FIPS || HAVE_FIPS_VERSION > 2))*/ + + ExpectIntEQ(wolfSSL_DH_size(NULL), -1); +#endif /* OPENSSL_EXTRA && !NO_DH */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_DH_dup(void) +{ + EXPECT_DECLS; +#if !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) || defined(WOLFSSL_OPENSSH) || \ + defined(OPENSSL_EXTRA) + DH *dh = NULL; + DH *dhDup = NULL; + + ExpectNotNull(dh = wolfSSL_DH_new()); + + ExpectNull(dhDup = wolfSSL_DH_dup(NULL)); + ExpectNull(dhDup = wolfSSL_DH_dup(dh)); + +#if defined(OPENSSL_ALL) || \ + defined(OPENSSL_VERSION_NUMBER) && OPENSSL_VERSION_NUMBER >= 0x10100000L + { + WOLFSSL_BIGNUM* p = NULL; + WOLFSSL_BIGNUM* g = NULL; + + ExpectNotNull(p = wolfSSL_BN_new()); + ExpectNotNull(g = wolfSSL_BN_new()); + ExpectIntEQ(wolfSSL_BN_set_word(p, 11), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_BN_set_word(g, 2), WOLFSSL_SUCCESS); + + ExpectIntEQ(wolfSSL_DH_set0_pqg(dh, p, NULL, g), 1); + if (EXPECT_FAIL()) { + wolfSSL_BN_free(p); + wolfSSL_BN_free(g); + } + + ExpectNotNull(dhDup = wolfSSL_DH_dup(dh)); + wolfSSL_DH_free(dhDup); + } +#endif + + wolfSSL_DH_free(dh); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_DH_check(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL +#ifndef NO_DH +#ifndef NO_BIO +#ifndef NO_DSA + byte buf[6000]; + char file[] = "./certs/dsaparams.pem"; + XFILE f = XBADFILE; + int bytes = 0; + BIO* bio = NULL; + DSA* dsa = NULL; +#elif !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0) + static const byte dh2048[] = { + 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, + 0xba, 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5, + 0x00, 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a, + 0xc6, 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53, + 0x0a, 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84, + 0xbf, 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1, + 0x8a, 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91, + 0xe6, 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66, + 0x48, 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9, + 0x3d, 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e, + 0x19, 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d, + 0x9f, 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d, + 0x2a, 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75, + 0xe6, 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa, + 0x04, 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93, + 0x38, 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c, + 0xe5, 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35, + 0x8e, 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e, + 0x5a, 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76, + 0xcc, 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62, + 0xa7, 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0, + 0x36, 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40, + 0x90, 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a, + 0xc3, 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4, + 0x48, 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4, + 0x9a, 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90, + 0xab, 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58, + 0x4b, 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f, + 0x08, 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6, + 0xb6, 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67, + 0x6b, 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7, + 0xfa, 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f, + 0x93, 0x02, 0x01, 0x02 + }; + const byte* params; +#endif + DH* dh = NULL; + WOLFSSL_BIGNUM* p = NULL; + WOLFSSL_BIGNUM* g = NULL; + WOLFSSL_BIGNUM* pTmp = NULL; + WOLFSSL_BIGNUM* gTmp = NULL; + int codes = -1; + +#ifndef NO_DSA + /* Initialize DH */ + ExpectTrue((f = XFOPEN(file, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectNotNull(bio = BIO_new_mem_buf((void*)buf, bytes)); + + ExpectNotNull(dsa = wolfSSL_PEM_read_bio_DSAparams(bio, NULL, NULL, NULL)); + + ExpectNotNull(dh = wolfSSL_DSA_dup_DH(dsa)); + ExpectNotNull(dh); + + BIO_free(bio); + DSA_free(dsa); +#elif !defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0) + params = dh2048; + ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, ¶ms, + (long)sizeof(dh2048))); +#else + ExpectNotNull(dh = wolfSSL_DH_new_by_nid(NID_ffdhe2048)); +#endif + + /* Test assumed to be valid dh. + * Should return WOLFSSL_SUCCESS + * codes should be 0 + * Invalid codes = {DH_NOT_SUITABLE_GENERATOR, DH_CHECK_P_NOT_PRIME} + */ + ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1); + ExpectIntEQ(codes, 0); + + /* Test NULL dh: expected BAD_FUNC_ARG */ + ExpectIntEQ(wolfSSL_DH_check(NULL, &codes), 0); + + /* Break dh prime to test if codes = DH_CHECK_P_NOT_PRIME */ + if (dh != NULL) { + pTmp = dh->p; + dh->p = NULL; + } + ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1); + ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0); + ExpectIntEQ(codes, DH_CHECK_P_NOT_PRIME); + /* set dh->p back to normal so it won't fail on next tests */ + if (dh != NULL) { + dh->p = pTmp; + pTmp = NULL; + } + + /* Break dh generator to test if codes = DH_NOT_SUITABLE_GENERATOR */ + if (dh != NULL) { + gTmp = dh->g; + dh->g = NULL; + } + ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1); + ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0); + ExpectIntEQ(codes, DH_NOT_SUITABLE_GENERATOR); + if (dh != NULL) { + dh->g = gTmp; + gTmp = NULL; + } + + /* Cleanup */ + DH_free(dh); + dh = NULL; + + dh = DH_new(); + ExpectNotNull(dh); + /* Check empty DH. */ + ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1); + ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0); + ExpectIntEQ(codes, DH_NOT_SUITABLE_GENERATOR | DH_CHECK_P_NOT_PRIME); + /* Check non-prime valued p. */ + ExpectNotNull(p = BN_new()); + ExpectIntEQ(BN_set_word(p, 4), 1); + ExpectNotNull(g = BN_new()); + ExpectIntEQ(BN_set_word(g, 2), 1); + ExpectIntEQ(DH_set0_pqg(dh, p, NULL, g), 1); + if (EXPECT_FAIL()) { + wolfSSL_BN_free(p); + wolfSSL_BN_free(g); + } + ExpectIntEQ(wolfSSL_DH_check(dh, &codes), 1); + ExpectIntEQ(wolfSSL_DH_check(dh, NULL), 0); + ExpectIntEQ(codes, DH_CHECK_P_NOT_PRIME); + DH_free(dh); + dh = NULL; +#endif +#endif /* !NO_DH && !NO_DSA */ +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_DH_prime(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_DH) + WOLFSSL_BIGNUM* bn = NULL; +#if WOLFSSL_MAX_BN_BITS >= 768 + WOLFSSL_BIGNUM* bn2 = NULL; +#endif + + bn = wolfSSL_DH_768_prime(NULL); +#if WOLFSSL_MAX_BN_BITS >= 768 + ExpectNotNull(bn); + bn2 = wolfSSL_DH_768_prime(bn); + ExpectNotNull(bn2); + ExpectTrue(bn == bn2); + wolfSSL_BN_free(bn); + bn = NULL; +#else + ExpectNull(bn); +#endif + + bn = wolfSSL_DH_1024_prime(NULL); +#if WOLFSSL_MAX_BN_BITS >= 1024 + ExpectNotNull(bn); + wolfSSL_BN_free(bn); + bn = NULL; +#else + ExpectNull(bn); +#endif + bn = wolfSSL_DH_2048_prime(NULL); +#if WOLFSSL_MAX_BN_BITS >= 2048 + ExpectNotNull(bn); + wolfSSL_BN_free(bn); + bn = NULL; +#else + ExpectNull(bn); +#endif + bn = wolfSSL_DH_3072_prime(NULL); +#if WOLFSSL_MAX_BN_BITS >= 3072 + ExpectNotNull(bn); + wolfSSL_BN_free(bn); + bn = NULL; +#else + ExpectNull(bn); +#endif + bn = wolfSSL_DH_4096_prime(NULL); +#if WOLFSSL_MAX_BN_BITS >= 4096 + ExpectNotNull(bn); + wolfSSL_BN_free(bn); + bn = NULL; +#else + ExpectNull(bn); +#endif + bn = wolfSSL_DH_6144_prime(NULL); +#if WOLFSSL_MAX_BN_BITS >= 6144 + ExpectNotNull(bn); + wolfSSL_BN_free(bn); + bn = NULL; +#else + ExpectNull(bn); +#endif + bn = wolfSSL_DH_8192_prime(NULL); +#if WOLFSSL_MAX_BN_BITS >= 8192 + ExpectNotNull(bn); + wolfSSL_BN_free(bn); + bn = NULL; +#else + ExpectNull(bn); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_DH_1536_prime(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_DH) + BIGNUM* bn = NULL; + unsigned char bits[200]; + int sz = 192; /* known binary size */ + const byte expected[] = { + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xC9,0x0F,0xDA,0xA2,0x21,0x68,0xC2,0x34, + 0xC4,0xC6,0x62,0x8B,0x80,0xDC,0x1C,0xD1, + 0x29,0x02,0x4E,0x08,0x8A,0x67,0xCC,0x74, + 0x02,0x0B,0xBE,0xA6,0x3B,0x13,0x9B,0x22, + 0x51,0x4A,0x08,0x79,0x8E,0x34,0x04,0xDD, + 0xEF,0x95,0x19,0xB3,0xCD,0x3A,0x43,0x1B, + 0x30,0x2B,0x0A,0x6D,0xF2,0x5F,0x14,0x37, + 0x4F,0xE1,0x35,0x6D,0x6D,0x51,0xC2,0x45, + 0xE4,0x85,0xB5,0x76,0x62,0x5E,0x7E,0xC6, + 0xF4,0x4C,0x42,0xE9,0xA6,0x37,0xED,0x6B, + 0x0B,0xFF,0x5C,0xB6,0xF4,0x06,0xB7,0xED, + 0xEE,0x38,0x6B,0xFB,0x5A,0x89,0x9F,0xA5, + 0xAE,0x9F,0x24,0x11,0x7C,0x4B,0x1F,0xE6, + 0x49,0x28,0x66,0x51,0xEC,0xE4,0x5B,0x3D, + 0xC2,0x00,0x7C,0xB8,0xA1,0x63,0xBF,0x05, + 0x98,0xDA,0x48,0x36,0x1C,0x55,0xD3,0x9A, + 0x69,0x16,0x3F,0xA8,0xFD,0x24,0xCF,0x5F, + 0x83,0x65,0x5D,0x23,0xDC,0xA3,0xAD,0x96, + 0x1C,0x62,0xF3,0x56,0x20,0x85,0x52,0xBB, + 0x9E,0xD5,0x29,0x07,0x70,0x96,0x96,0x6D, + 0x67,0x0C,0x35,0x4E,0x4A,0xBC,0x98,0x04, + 0xF1,0x74,0x6C,0x08,0xCA,0x23,0x73,0x27, + 0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + }; + + ExpectNotNull(bn = get_rfc3526_prime_1536(NULL)); + ExpectIntEQ(sz, BN_bn2bin((const BIGNUM*)bn, bits)); + ExpectIntEQ(0, XMEMCMP(expected, bits, sz)); + + BN_free(bn); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_DH_get_2048_256(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_DH) + WOLFSSL_DH* dh = NULL; + const WOLFSSL_BIGNUM* pBn; + const WOLFSSL_BIGNUM* gBn; + const WOLFSSL_BIGNUM* qBn; + const byte pExpected[] = { + 0x87, 0xA8, 0xE6, 0x1D, 0xB4, 0xB6, 0x66, 0x3C, 0xFF, 0xBB, 0xD1, 0x9C, + 0x65, 0x19, 0x59, 0x99, 0x8C, 0xEE, 0xF6, 0x08, 0x66, 0x0D, 0xD0, 0xF2, + 0x5D, 0x2C, 0xEE, 0xD4, 0x43, 0x5E, 0x3B, 0x00, 0xE0, 0x0D, 0xF8, 0xF1, + 0xD6, 0x19, 0x57, 0xD4, 0xFA, 0xF7, 0xDF, 0x45, 0x61, 0xB2, 0xAA, 0x30, + 0x16, 0xC3, 0xD9, 0x11, 0x34, 0x09, 0x6F, 0xAA, 0x3B, 0xF4, 0x29, 0x6D, + 0x83, 0x0E, 0x9A, 0x7C, 0x20, 0x9E, 0x0C, 0x64, 0x97, 0x51, 0x7A, 0xBD, + 0x5A, 0x8A, 0x9D, 0x30, 0x6B, 0xCF, 0x67, 0xED, 0x91, 0xF9, 0xE6, 0x72, + 0x5B, 0x47, 0x58, 0xC0, 0x22, 0xE0, 0xB1, 0xEF, 0x42, 0x75, 0xBF, 0x7B, + 0x6C, 0x5B, 0xFC, 0x11, 0xD4, 0x5F, 0x90, 0x88, 0xB9, 0x41, 0xF5, 0x4E, + 0xB1, 0xE5, 0x9B, 0xB8, 0xBC, 0x39, 0xA0, 0xBF, 0x12, 0x30, 0x7F, 0x5C, + 0x4F, 0xDB, 0x70, 0xC5, 0x81, 0xB2, 0x3F, 0x76, 0xB6, 0x3A, 0xCA, 0xE1, + 0xCA, 0xA6, 0xB7, 0x90, 0x2D, 0x52, 0x52, 0x67, 0x35, 0x48, 0x8A, 0x0E, + 0xF1, 0x3C, 0x6D, 0x9A, 0x51, 0xBF, 0xA4, 0xAB, 0x3A, 0xD8, 0x34, 0x77, + 0x96, 0x52, 0x4D, 0x8E, 0xF6, 0xA1, 0x67, 0xB5, 0xA4, 0x18, 0x25, 0xD9, + 0x67, 0xE1, 0x44, 0xE5, 0x14, 0x05, 0x64, 0x25, 0x1C, 0xCA, 0xCB, 0x83, + 0xE6, 0xB4, 0x86, 0xF6, 0xB3, 0xCA, 0x3F, 0x79, 0x71, 0x50, 0x60, 0x26, + 0xC0, 0xB8, 0x57, 0xF6, 0x89, 0x96, 0x28, 0x56, 0xDE, 0xD4, 0x01, 0x0A, + 0xBD, 0x0B, 0xE6, 0x21, 0xC3, 0xA3, 0x96, 0x0A, 0x54, 0xE7, 0x10, 0xC3, + 0x75, 0xF2, 0x63, 0x75, 0xD7, 0x01, 0x41, 0x03, 0xA4, 0xB5, 0x43, 0x30, + 0xC1, 0x98, 0xAF, 0x12, 0x61, 0x16, 0xD2, 0x27, 0x6E, 0x11, 0x71, 0x5F, + 0x69, 0x38, 0x77, 0xFA, 0xD7, 0xEF, 0x09, 0xCA, 0xDB, 0x09, 0x4A, 0xE9, + 0x1E, 0x1A, 0x15, 0x97 + }; + const byte gExpected[] = { + 0x3F, 0xB3, 0x2C, 0x9B, 0x73, 0x13, 0x4D, 0x0B, 0x2E, 0x77, 0x50, 0x66, + 0x60, 0xED, 0xBD, 0x48, 0x4C, 0xA7, 0xB1, 0x8F, 0x21, 0xEF, 0x20, 0x54, + 0x07, 0xF4, 0x79, 0x3A, 0x1A, 0x0B, 0xA1, 0x25, 0x10, 0xDB, 0xC1, 0x50, + 0x77, 0xBE, 0x46, 0x3F, 0xFF, 0x4F, 0xED, 0x4A, 0xAC, 0x0B, 0xB5, 0x55, + 0xBE, 0x3A, 0x6C, 0x1B, 0x0C, 0x6B, 0x47, 0xB1, 0xBC, 0x37, 0x73, 0xBF, + 0x7E, 0x8C, 0x6F, 0x62, 0x90, 0x12, 0x28, 0xF8, 0xC2, 0x8C, 0xBB, 0x18, + 0xA5, 0x5A, 0xE3, 0x13, 0x41, 0x00, 0x0A, 0x65, 0x01, 0x96, 0xF9, 0x31, + 0xC7, 0x7A, 0x57, 0xF2, 0xDD, 0xF4, 0x63, 0xE5, 0xE9, 0xEC, 0x14, 0x4B, + 0x77, 0x7D, 0xE6, 0x2A, 0xAA, 0xB8, 0xA8, 0x62, 0x8A, 0xC3, 0x76, 0xD2, + 0x82, 0xD6, 0xED, 0x38, 0x64, 0xE6, 0x79, 0x82, 0x42, 0x8E, 0xBC, 0x83, + 0x1D, 0x14, 0x34, 0x8F, 0x6F, 0x2F, 0x91, 0x93, 0xB5, 0x04, 0x5A, 0xF2, + 0x76, 0x71, 0x64, 0xE1, 0xDF, 0xC9, 0x67, 0xC1, 0xFB, 0x3F, 0x2E, 0x55, + 0xA4, 0xBD, 0x1B, 0xFF, 0xE8, 0x3B, 0x9C, 0x80, 0xD0, 0x52, 0xB9, 0x85, + 0xD1, 0x82, 0xEA, 0x0A, 0xDB, 0x2A, 0x3B, 0x73, 0x13, 0xD3, 0xFE, 0x14, + 0xC8, 0x48, 0x4B, 0x1E, 0x05, 0x25, 0x88, 0xB9, 0xB7, 0xD2, 0xBB, 0xD2, + 0xDF, 0x01, 0x61, 0x99, 0xEC, 0xD0, 0x6E, 0x15, 0x57, 0xCD, 0x09, 0x15, + 0xB3, 0x35, 0x3B, 0xBB, 0x64, 0xE0, 0xEC, 0x37, 0x7F, 0xD0, 0x28, 0x37, + 0x0D, 0xF9, 0x2B, 0x52, 0xC7, 0x89, 0x14, 0x28, 0xCD, 0xC6, 0x7E, 0xB6, + 0x18, 0x4B, 0x52, 0x3D, 0x1D, 0xB2, 0x46, 0xC3, 0x2F, 0x63, 0x07, 0x84, + 0x90, 0xF0, 0x0E, 0xF8, 0xD6, 0x47, 0xD1, 0x48, 0xD4, 0x79, 0x54, 0x51, + 0x5E, 0x23, 0x27, 0xCF, 0xEF, 0x98, 0xC5, 0x82, 0x66, 0x4B, 0x4C, 0x0F, + 0x6C, 0xC4, 0x16, 0x59 + }; + const byte qExpected[] = { + 0x8C, 0xF8, 0x36, 0x42, 0xA7, 0x09, 0xA0, 0x97, 0xB4, 0x47, 0x99, 0x76, + 0x40, 0x12, 0x9D, 0xA2, 0x99, 0xB1, 0xA4, 0x7D, 0x1E, 0xB3, 0x75, 0x0B, + 0xA3, 0x08, 0xB0, 0xFE, 0x64, 0xF5, 0xFB, 0xD3 + }; + int pSz = 0; + int qSz = 0; + int gSz = 0; + byte* pReturned = NULL; + byte* qReturned = NULL; + byte* gReturned = NULL; + + ExpectNotNull((dh = wolfSSL_DH_get_2048_256())); + wolfSSL_DH_get0_pqg(dh, &pBn, &qBn, &gBn); + + ExpectIntGT((pSz = wolfSSL_BN_num_bytes(pBn)), 0); + ExpectNotNull(pReturned = (byte*)XMALLOC(pSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntGT((pSz = wolfSSL_BN_bn2bin(pBn, pReturned)), 0); + ExpectIntEQ(pSz, sizeof(pExpected)); + ExpectIntEQ(XMEMCMP(pExpected, pReturned, pSz), 0); + + ExpectIntGT((qSz = wolfSSL_BN_num_bytes(qBn)), 0); + ExpectNotNull(qReturned = (byte*)XMALLOC(qSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntGT((qSz = wolfSSL_BN_bn2bin(qBn, qReturned)), 0); + ExpectIntEQ(qSz, sizeof(qExpected)); + ExpectIntEQ(XMEMCMP(qExpected, qReturned, qSz), 0); + + ExpectIntGT((gSz = wolfSSL_BN_num_bytes(gBn)), 0); + ExpectNotNull(gReturned = (byte*)XMALLOC(gSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntGT((gSz = wolfSSL_BN_bn2bin(gBn, gReturned)), 0); + ExpectIntEQ(gSz, sizeof(gExpected)); + ExpectIntEQ(XMEMCMP(gExpected, gReturned, gSz), 0); + + wolfSSL_DH_free(dh); + XFREE(pReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(gReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(qReturned, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_read_DHparams(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && \ + !defined(NO_FILESYSTEM) + DH* dh = NULL; + XFILE fp = XBADFILE; + unsigned char derOut[300]; + unsigned char* derOutBuf = derOut; + int derOutSz = 0; + + unsigned char derExpected[300]; + int derExpectedSz = 0; + + XMEMSET(derOut, 0, sizeof(derOut)); + XMEMSET(derExpected, 0, sizeof(derExpected)); + + /* open DH param file, read into DH struct */ + ExpectTrue((fp = XFOPEN(dhParamFile, "rb")) != XBADFILE); + + /* bad args */ + ExpectNull(dh = PEM_read_DHparams(NULL, &dh, NULL, NULL)); + ExpectNull(dh = PEM_read_DHparams(NULL, NULL, NULL, NULL)); + + /* good args */ + ExpectNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + /* read in certs/dh2048.der for comparison against exported params */ + ExpectTrue((fp = XFOPEN("./certs/dh2048.der", "rb")) != XBADFILE); + ExpectIntGT(derExpectedSz = (int)XFREAD(derExpected, 1, sizeof(derExpected), + fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + /* export DH back to DER and compare */ + derOutSz = wolfSSL_i2d_DHparams(dh, &derOutBuf); + ExpectIntEQ(derOutSz, derExpectedSz); + ExpectIntEQ(XMEMCMP(derOut, derExpected, derOutSz), 0); + + DH_free(dh); + dh = NULL; + + /* Test parsing with X9.42 header */ + ExpectTrue((fp = XFOPEN("./certs/x942dh2048.pem", "rb")) != XBADFILE); + ExpectNotNull(dh = PEM_read_DHparams(fp, &dh, NULL, NULL)); + if (fp != XBADFILE) + XFCLOSE(fp); + + DH_free(dh); + dh = NULL; +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_write_DHparams(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) && \ + !defined(NO_DH) && defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) + DH* dh = NULL; + BIO* bio = NULL; + XFILE fp = XBADFILE; + byte pem[2048]; + int pemSz = 0; + const char expected[] = + "-----BEGIN DH PARAMETERS-----\n" + "MIIBCAKCAQEAsKEIBpwIE7pZBjy8MNX1AMFPRKfW70rGJScc6NKWUwpckd2iwpSE\n" + "v32yRJ+b0sGKxb5yXKfnkebUn3MHhVtmSMdw+rTuAsk9mkraPcFGPhlp0RdGB6NN\n" + "nyuWFzltMI0q85TTdc+gdebykh8acAWqBINXMPvadpM4UOgn/WPuPOW3yAmub1A1\n" + "joTOSgDpEn5aMdcz/CETdswWMNsM/MVipzW477ewrMA29tnJRkj5QJAAKxuqbOMa\n" + "wwsDnhvCRuRITiJzb8Nf1JrWMAdI1oyQq9T28eNI01hLprnNKb9oHwhLY4YvXGvW\n" + "tgZl96bcAGdru8OpQYP7x/rI4h5+rwA/kwIBAg==\n" + "-----END DH PARAMETERS-----\n"; + const char badPem[] = + "-----BEGIN DH PARAMETERS-----\n" + "-----END DH PARAMETERS-----\n"; + const char emptySeqPem[] = + "-----BEGIN DH PARAMETERS-----\n" + "MAA=\n" + "-----END DH PARAMETERS-----\n"; + + ExpectTrue((fp = XFOPEN(dhParamFile, "rb")) != XBADFILE); + ExpectIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectNull(PEM_read_bio_DHparams(NULL, NULL, NULL, NULL)); + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)); + ExpectIntEQ(BIO_write(bio, badPem, (int)sizeof(badPem)), + (int)sizeof(badPem)); + ExpectNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)); + ExpectIntEQ(BIO_write(bio, emptySeqPem, (int)sizeof(emptySeqPem)), + (int)sizeof(emptySeqPem)); + ExpectNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntEQ(BIO_write(bio, pem, pemSz), pemSz); + ExpectNotNull(dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; + + ExpectNotNull(fp = XFOPEN("./test-write-dhparams.pem", "wb")); + ExpectIntEQ(PEM_write_DHparams(fp, dh), WOLFSSL_SUCCESS); + ExpectIntEQ(PEM_write_DHparams(fp, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + DH_free(dh); + dh = NULL; + + dh = wolfSSL_DH_new(); + ExpectIntEQ(PEM_write_DHparams(fp, dh), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + wolfSSL_DH_free(dh); + dh = NULL; + + /* check results */ + XMEMSET(pem, 0, sizeof(pem)); + ExpectTrue((fp = XFOPEN("./test-write-dhparams.pem", "rb")) != XBADFILE); + ExpectIntGT((pemSz = (int)XFREAD(pem, 1, sizeof(pem), fp)), 0); + ExpectIntEQ(XMEMCMP(pem, expected, pemSz), 0); + if (fp != XBADFILE) + XFCLOSE(fp); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_d2i_DHparams(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL +#if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072)) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + XFILE f = XBADFILE; + unsigned char buf[4096]; + const unsigned char* pt = buf; +#ifdef HAVE_FFDHE_2048 + const char* params1 = "./certs/dh2048.der"; +#endif +#ifdef HAVE_FFDHE_3072 + const char* params2 = "./certs/dh3072.der"; +#endif + long len = 0; + WOLFSSL_DH* dh = NULL; + XMEMSET(buf, 0, sizeof(buf)); + + /* Test 2048 bit parameters */ +#ifdef HAVE_FFDHE_2048 + ExpectTrue((f = XFOPEN(params1, "rb")) != XBADFILE); + ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + /* Valid case */ + ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); + ExpectNotNull(dh->p); + ExpectNotNull(dh->g); + ExpectTrue(pt == buf); + ExpectIntEQ(DH_set_length(NULL, BN_num_bits(dh->p)), 0); + ExpectIntEQ(DH_set_length(dh, BN_num_bits(dh->p)), 1); + ExpectIntEQ(DH_generate_key(dh), WOLFSSL_SUCCESS); + + /* Invalid cases */ + ExpectNull(wolfSSL_d2i_DHparams(NULL, NULL, len)); + ExpectNull(wolfSSL_d2i_DHparams(NULL, &pt, -1)); + ExpectNull(wolfSSL_d2i_DHparams(NULL, &pt, 10)); + + DH_free(dh); + dh = NULL; + + *buf = 0; + pt = buf; +#endif /* HAVE_FFDHE_2048 */ + + /* Test 3072 bit parameters */ +#ifdef HAVE_FFDHE_3072 + ExpectTrue((f = XFOPEN(params2, "rb")) != XBADFILE); + ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + /* Valid case */ + ExpectNotNull(dh = wolfSSL_d2i_DHparams(&dh, &pt, len)); + ExpectNotNull(dh->p); + ExpectNotNull(dh->g); + ExpectTrue(pt != buf); + ExpectIntEQ(DH_generate_key(dh), 1); + + /* Invalid cases */ + ExpectNull(wolfSSL_d2i_DHparams(NULL, NULL, len)); + ExpectNull(wolfSSL_d2i_DHparams(NULL, &pt, -1)); + + DH_free(dh); + dh = NULL; +#endif /* HAVE_FFDHE_3072 */ + +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* !NO_DH */ +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_DH_LoadDer(void) +{ + EXPECT_DECLS; +#if !defined(NO_DH) && (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) && \ + defined(OPENSSL_EXTRA) + static const byte dh2048[] = { + 0x30, 0x82, 0x01, 0x08, 0x02, 0x82, 0x01, 0x01, + 0x00, 0xb0, 0xa1, 0x08, 0x06, 0x9c, 0x08, 0x13, + 0xba, 0x59, 0x06, 0x3c, 0xbc, 0x30, 0xd5, 0xf5, + 0x00, 0xc1, 0x4f, 0x44, 0xa7, 0xd6, 0xef, 0x4a, + 0xc6, 0x25, 0x27, 0x1c, 0xe8, 0xd2, 0x96, 0x53, + 0x0a, 0x5c, 0x91, 0xdd, 0xa2, 0xc2, 0x94, 0x84, + 0xbf, 0x7d, 0xb2, 0x44, 0x9f, 0x9b, 0xd2, 0xc1, + 0x8a, 0xc5, 0xbe, 0x72, 0x5c, 0xa7, 0xe7, 0x91, + 0xe6, 0xd4, 0x9f, 0x73, 0x07, 0x85, 0x5b, 0x66, + 0x48, 0xc7, 0x70, 0xfa, 0xb4, 0xee, 0x02, 0xc9, + 0x3d, 0x9a, 0x4a, 0xda, 0x3d, 0xc1, 0x46, 0x3e, + 0x19, 0x69, 0xd1, 0x17, 0x46, 0x07, 0xa3, 0x4d, + 0x9f, 0x2b, 0x96, 0x17, 0x39, 0x6d, 0x30, 0x8d, + 0x2a, 0xf3, 0x94, 0xd3, 0x75, 0xcf, 0xa0, 0x75, + 0xe6, 0xf2, 0x92, 0x1f, 0x1a, 0x70, 0x05, 0xaa, + 0x04, 0x83, 0x57, 0x30, 0xfb, 0xda, 0x76, 0x93, + 0x38, 0x50, 0xe8, 0x27, 0xfd, 0x63, 0xee, 0x3c, + 0xe5, 0xb7, 0xc8, 0x09, 0xae, 0x6f, 0x50, 0x35, + 0x8e, 0x84, 0xce, 0x4a, 0x00, 0xe9, 0x12, 0x7e, + 0x5a, 0x31, 0xd7, 0x33, 0xfc, 0x21, 0x13, 0x76, + 0xcc, 0x16, 0x30, 0xdb, 0x0c, 0xfc, 0xc5, 0x62, + 0xa7, 0x35, 0xb8, 0xef, 0xb7, 0xb0, 0xac, 0xc0, + 0x36, 0xf6, 0xd9, 0xc9, 0x46, 0x48, 0xf9, 0x40, + 0x90, 0x00, 0x2b, 0x1b, 0xaa, 0x6c, 0xe3, 0x1a, + 0xc3, 0x0b, 0x03, 0x9e, 0x1b, 0xc2, 0x46, 0xe4, + 0x48, 0x4e, 0x22, 0x73, 0x6f, 0xc3, 0x5f, 0xd4, + 0x9a, 0xd6, 0x30, 0x07, 0x48, 0xd6, 0x8c, 0x90, + 0xab, 0xd4, 0xf6, 0xf1, 0xe3, 0x48, 0xd3, 0x58, + 0x4b, 0xa6, 0xb9, 0xcd, 0x29, 0xbf, 0x68, 0x1f, + 0x08, 0x4b, 0x63, 0x86, 0x2f, 0x5c, 0x6b, 0xd6, + 0xb6, 0x06, 0x65, 0xf7, 0xa6, 0xdc, 0x00, 0x67, + 0x6b, 0xbb, 0xc3, 0xa9, 0x41, 0x83, 0xfb, 0xc7, + 0xfa, 0xc8, 0xe2, 0x1e, 0x7e, 0xaf, 0x00, 0x3f, + 0x93, 0x02, 0x01, 0x02 + }; + WOLFSSL_DH* dh = NULL; + + ExpectNotNull(dh = wolfSSL_DH_new()); + + ExpectIntEQ(wolfSSL_DH_LoadDer(NULL, NULL, 0), -1); + ExpectIntEQ(wolfSSL_DH_LoadDer(dh, NULL, 0), -1); + ExpectIntEQ(wolfSSL_DH_LoadDer(NULL, dh2048, sizeof(dh2048)), -1); + + ExpectIntEQ(wolfSSL_DH_LoadDer(dh, dh2048, sizeof(dh2048)), 1); + + wolfSSL_DH_free(dh); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_i2d_DHparams(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_ALL +#if !defined(NO_DH) && (defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072)) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + XFILE f = XBADFILE; + unsigned char buf[4096]; + const unsigned char* pt; + unsigned char* pt2; +#ifdef HAVE_FFDHE_2048 + const char* params1 = "./certs/dh2048.der"; +#endif +#ifdef HAVE_FFDHE_3072 + const char* params2 = "./certs/dh3072.der"; +#endif + long len = 0; + WOLFSSL_DH* dh = NULL; + + /* Test 2048 bit parameters */ +#ifdef HAVE_FFDHE_2048 + pt = buf; + pt2 = buf; + + ExpectTrue((f = XFOPEN(params1, "rb")) != XBADFILE); + ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + /* Valid case */ + ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); + ExpectTrue(pt == buf); + ExpectIntEQ(DH_generate_key(dh), 1); + ExpectIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 268); + + /* Invalid case */ + ExpectIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0); + + /* Return length only */ + ExpectIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 268); + + DH_free(dh); + dh = NULL; + + *buf = 0; +#endif + + /* Test 3072 bit parameters */ +#ifdef HAVE_FFDHE_3072 + pt = buf; + pt2 = buf; + + ExpectTrue((f = XFOPEN(params2, "rb")) != XBADFILE); + ExpectTrue((len = (long)XFREAD(buf, 1, sizeof(buf), f)) > 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + /* Valid case */ + ExpectNotNull(dh = wolfSSL_d2i_DHparams(NULL, &pt, len)); + ExpectTrue(pt == buf); + ExpectIntEQ(DH_generate_key(dh), 1); + ExpectIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 396); + + /* Invalid case */ + ExpectIntEQ(wolfSSL_i2d_DHparams(NULL, &pt2), 0); + + /* Return length only */ + ExpectIntEQ(wolfSSL_i2d_DHparams(dh, NULL), 396); + + DH_free(dh); + dh = NULL; +#endif + + dh = DH_new(); + ExpectNotNull(dh); + pt2 = buf; + ExpectIntEQ(wolfSSL_i2d_DHparams(dh, &pt2), 0); + DH_free(dh); + dh = NULL; +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* !NO_DH && (HAVE_FFDHE_2048 || HAVE_FFDHE_3072) */ +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_dh.h b/test/ssl/wolfssl/tests/api/test_ossl_dh.h new file mode 100644 index 000000000..01bd200d2 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_dh.h @@ -0,0 +1,53 @@ +/* test_ossl_dh.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_DH_H +#define WOLFCRYPT_TEST_OSSL_DH_H + +#include + +int test_wolfSSL_DH(void); +int test_wolfSSL_DH_dup(void); +int test_wolfSSL_DH_check(void); +int test_wolfSSL_DH_prime(void); +int test_wolfSSL_DH_1536_prime(void); +int test_wolfSSL_DH_get_2048_256(void); +int test_wolfSSL_PEM_read_DHparams(void); +int test_wolfSSL_PEM_write_DHparams(void); +int test_wolfSSL_d2i_DHparams(void); +int test_wolfSSL_DH_LoadDer(void); +int test_wolfSSL_i2d_DHparams(void); + +#define TEST_OSSL_DH_DECLS \ + TEST_DECL_GROUP("ossl_dh", test_wolfSSL_DH), \ + TEST_DECL_GROUP("ossl_dh", test_wolfSSL_DH_dup), \ + TEST_DECL_GROUP("ossl_dh", test_wolfSSL_DH_check), \ + TEST_DECL_GROUP("ossl_dh", test_wolfSSL_DH_prime), \ + TEST_DECL_GROUP("ossl_dh", test_wolfSSL_DH_1536_prime), \ + TEST_DECL_GROUP("ossl_dh", test_wolfSSL_DH_get_2048_256), \ + TEST_DECL_GROUP("ossl_dh", test_wolfSSL_PEM_read_DHparams), \ + TEST_DECL_GROUP("ossl_dh", test_wolfSSL_PEM_write_DHparams), \ + TEST_DECL_GROUP("ossl_dh", test_wolfSSL_d2i_DHparams), \ + TEST_DECL_GROUP("ossl_dh", test_wolfSSL_DH_LoadDer), \ + TEST_DECL_GROUP("ossl_dh", test_wolfSSL_i2d_DHparams) + +#endif /* WOLFCRYPT_TEST_OSSL_DH_H */ + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_dsa.c b/test/ssl/wolfssl/tests/api/test_ossl_dsa.c new file mode 100644 index 000000000..7d0958636 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_dsa.c @@ -0,0 +1,162 @@ +/* test_ossl_dsa.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/******************************************************************************* + * DSA OpenSSL compatibility API Testing + ******************************************************************************/ + +int test_DSA_do_sign_verify(void) +{ + EXPECT_DECLS; +#if !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ + !defined(NO_DSA) + unsigned char digest[WC_SHA_DIGEST_SIZE]; + DSA_SIG* sig = NULL; + DSA* dsa = NULL; + word32 bytes; + byte sigBin[DSA_SIG_SIZE]; + int dsacheck; + +#ifdef USE_CERT_BUFFERS_1024 + byte tmp[ONEK_BUF]; + + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); + bytes = sizeof_dsa_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + byte tmp[TWOK_BUF]; + + XMEMSET(tmp, 0, sizeof(tmp)); + XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); + bytes = sizeof_dsa_key_der_2048; +#else + byte tmp[TWOK_BUF]; + XFILE fp = XBADFILE; + + XMEMSET(tmp, 0, sizeof(tmp)); + ExpectTrue((fp = XFOPEN("./certs/dsa2048.der", "rb") != XBADFILE); + ExpectIntGT(bytes = (word32) XFREAD(tmp, 1, sizeof(tmp), fp), 0); + if (fp != XBADFILE) + XFCLOSE(fp); +#endif /* END USE_CERT_BUFFERS_1024 */ + + XMEMSET(digest, 202, sizeof(digest)); + + ExpectNotNull(dsa = DSA_new()); + ExpectIntEQ(DSA_LoadDer(dsa, tmp, (int)bytes), 1); + + ExpectIntEQ(wolfSSL_DSA_do_sign(digest, sigBin, dsa), 1); + ExpectIntEQ(wolfSSL_DSA_do_verify(digest, sigBin, dsa, &dsacheck), 1); + + ExpectNotNull(sig = DSA_do_sign(digest, WC_SHA_DIGEST_SIZE, dsa)); + ExpectIntEQ(DSA_do_verify(digest, WC_SHA_DIGEST_SIZE, sig, dsa), 1); + + DSA_SIG_free(sig); + DSA_free(dsa); +#endif +#endif /* !HAVE_SELFTEST && !HAVE_FIPS */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_DSA_generate_parameters(void) +{ + EXPECT_DECLS; +#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_FIPS) && defined(OPENSSL_ALL) + DSA *dsa = NULL; + + ExpectNotNull(dsa = DSA_generate_parameters(2048, NULL, 0, NULL, NULL, NULL, + NULL)); + DSA_free(dsa); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_DSA_SIG(void) +{ + EXPECT_DECLS; +#if !defined(NO_DSA) && !defined(HAVE_SELFTEST) && defined(WOLFSSL_KEY_GEN) && \ + !defined(HAVE_FIPS) && defined(OPENSSL_ALL) + DSA *dsa = NULL; + DSA *dsa2 = NULL; + DSA_SIG *sig = NULL; + const BIGNUM *p = NULL; + const BIGNUM *q = NULL; + const BIGNUM *g = NULL; + const BIGNUM *pub = NULL; + const BIGNUM *priv = NULL; + BIGNUM *dup_p = NULL; + BIGNUM *dup_q = NULL; + BIGNUM *dup_g = NULL; + BIGNUM *dup_pub = NULL; + BIGNUM *dup_priv = NULL; + const byte digest[WC_SHA_DIGEST_SIZE] = {0}; + + ExpectNotNull(dsa = DSA_new()); + ExpectIntEQ(DSA_generate_parameters_ex(dsa, 2048, NULL, 0, NULL, NULL, + NULL), 1); + ExpectIntEQ(DSA_generate_key(dsa), 1); + DSA_get0_pqg(dsa, &p, &q, &g); + DSA_get0_key(dsa, &pub, &priv); + ExpectNotNull(dup_p = BN_dup(p)); + ExpectNotNull(dup_q = BN_dup(q)); + ExpectNotNull(dup_g = BN_dup(g)); + ExpectNotNull(dup_pub = BN_dup(pub)); + ExpectNotNull(dup_priv = BN_dup(priv)); + + ExpectNotNull(sig = DSA_do_sign(digest, sizeof(digest), dsa)); + ExpectNotNull(dsa2 = DSA_new()); + ExpectIntEQ(DSA_set0_pqg(dsa2, dup_p, dup_q, dup_g), 1); + if (EXPECT_FAIL()) { + BN_free(dup_p); + BN_free(dup_q); + BN_free(dup_g); + } + ExpectIntEQ(DSA_set0_key(dsa2, dup_pub, dup_priv), 1); + if (EXPECT_FAIL()) { + BN_free(dup_pub); + BN_free(dup_priv); + } + ExpectIntEQ(DSA_do_verify(digest, sizeof(digest), sig, dsa2), 1); + + DSA_free(dsa); + DSA_free(dsa2); + DSA_SIG_free(sig); +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_dsa.h b/test/ssl/wolfssl/tests/api/test_ossl_dsa.h new file mode 100644 index 000000000..21629d77a --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_dsa.h @@ -0,0 +1,37 @@ +/* test_ossl_dsa.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_DSA_H +#define WOLFCRYPT_TEST_OSSL_DSA_H + +#include + +int test_DSA_do_sign_verify(void); +int test_wolfSSL_DSA_generate_parameters(void); +int test_wolfSSL_DSA_SIG(void); + +#define TEST_OSSL_DSA_DECLS \ + TEST_DECL_GROUP("ossl_dsa", test_DSA_do_sign_verify), \ + TEST_DECL_GROUP("ossl_dsa", test_wolfSSL_DSA_generate_parameters), \ + TEST_DECL_GROUP("ossl_dsa", test_wolfSSL_DSA_SIG) + +#endif /* WOLFCRYPT_TEST_OSSL_DSA_H */ + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_ec.c b/test/ssl/wolfssl/tests/api/test_ossl_ec.c new file mode 100644 index 000000000..dd5bf28cb --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_ec.c @@ -0,0 +1,1605 @@ +/* test_ossl_ec.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include +#include + +/******************************************************************************* + * EC OpenSSL compatibility API Testing + ******************************************************************************/ + +#if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK) + +int test_wolfSSL_EC_GROUP(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + EC_GROUP *group = NULL; + EC_GROUP *group2 = NULL; + EC_GROUP *group3 = NULL; +#ifndef HAVE_ECC_BRAINPOOL + EC_GROUP *group4 = NULL; +#endif + WOLFSSL_BIGNUM* order = NULL; + int group_bits; + int i; + static const int knownEccNids[] = { + NID_X9_62_prime192v1, + NID_X9_62_prime192v2, + NID_X9_62_prime192v3, + NID_X9_62_prime239v1, + NID_X9_62_prime239v2, + NID_X9_62_prime239v3, + NID_X9_62_prime256v1, + NID_secp112r1, + NID_secp112r2, + NID_secp128r1, + NID_secp128r2, + NID_secp160r1, + NID_secp160r2, + NID_secp224r1, + NID_secp384r1, + NID_secp521r1, + NID_secp160k1, + NID_secp192k1, + NID_secp224k1, + NID_secp256k1, + NID_brainpoolP160r1, + NID_brainpoolP192r1, + NID_brainpoolP224r1, + NID_brainpoolP256r1, + NID_brainpoolP320r1, + NID_brainpoolP384r1, + NID_brainpoolP512r1, + }; + int knowEccNidsLen = (int)(sizeof(knownEccNids) / sizeof(*knownEccNids)); + static const int knownEccEnums[] = { + ECC_SECP192R1, + ECC_PRIME192V2, + ECC_PRIME192V3, + ECC_PRIME239V1, + ECC_PRIME239V2, + ECC_PRIME239V3, + ECC_SECP256R1, + ECC_SECP112R1, + ECC_SECP112R2, + ECC_SECP128R1, + ECC_SECP128R2, + ECC_SECP160R1, + ECC_SECP160R2, + ECC_SECP224R1, + ECC_SECP384R1, + ECC_SECP521R1, + ECC_SECP160K1, + ECC_SECP192K1, + ECC_SECP224K1, + ECC_SECP256K1, + ECC_BRAINPOOLP160R1, + ECC_BRAINPOOLP192R1, + ECC_BRAINPOOLP224R1, + ECC_BRAINPOOLP256R1, + ECC_BRAINPOOLP320R1, + ECC_BRAINPOOLP384R1, + ECC_BRAINPOOLP512R1, + }; + int knowEccEnumsLen = (int)(sizeof(knownEccEnums) / sizeof(*knownEccEnums)); + + ExpectNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); + ExpectNotNull(group2 = EC_GROUP_dup(group)); + ExpectNotNull(group3 = wolfSSL_EC_GROUP_new_by_curve_name(NID_secp384r1)); +#ifndef HAVE_ECC_BRAINPOOL + ExpectNotNull(group4 = wolfSSL_EC_GROUP_new_by_curve_name( + NID_brainpoolP256r1)); +#endif + + ExpectNull(EC_GROUP_dup(NULL)); + + ExpectIntEQ(wolfSSL_EC_GROUP_get_curve_name(NULL), 0); + ExpectIntEQ(wolfSSL_EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1); + + ExpectIntEQ((group_bits = EC_GROUP_order_bits(NULL)), 0); + ExpectIntEQ((group_bits = EC_GROUP_order_bits(group)), 256); +#ifndef HAVE_ECC_BRAINPOOL + ExpectIntEQ((group_bits = EC_GROUP_order_bits(group4)), 0); +#endif + + ExpectIntEQ(wolfSSL_EC_GROUP_get_degree(NULL), 0); + ExpectIntEQ(wolfSSL_EC_GROUP_get_degree(group), 256); + + ExpectNotNull(order = BN_new()); + ExpectIntEQ(wolfSSL_EC_GROUP_get_order(NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_EC_GROUP_get_order(group, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_EC_GROUP_get_order(NULL, order, NULL), 0); + ExpectIntEQ(wolfSSL_EC_GROUP_get_order(group, order, NULL), 1); + wolfSSL_BN_free(order); + + ExpectNotNull(EC_GROUP_method_of(group)); + + ExpectIntEQ(EC_METHOD_get_field_type(NULL), 0); + ExpectIntEQ(EC_METHOD_get_field_type(EC_GROUP_method_of(group)), + NID_X9_62_prime_field); + + ExpectIntEQ(wolfSSL_EC_GROUP_cmp(NULL, NULL, NULL), -1); + ExpectIntEQ(wolfSSL_EC_GROUP_cmp(group, NULL, NULL), -1); + ExpectIntEQ(wolfSSL_EC_GROUP_cmp(NULL, group, NULL), -1); + ExpectIntEQ(wolfSSL_EC_GROUP_cmp(group, group3, NULL), 1); + +#ifndef NO_WOLFSSL_STUB + wolfSSL_EC_GROUP_set_asn1_flag(group, OPENSSL_EC_NAMED_CURVE); +#endif + +#ifndef HAVE_ECC_BRAINPOOL + EC_GROUP_free(group4); +#endif + EC_GROUP_free(group3); + EC_GROUP_free(group2); + EC_GROUP_free(group); + + for (i = 0; i < knowEccNidsLen; i++) { + group = NULL; + ExpectNotNull(group = EC_GROUP_new_by_curve_name(knownEccNids[i])); + ExpectIntGT(wolfSSL_EC_GROUP_get_degree(group), 0); + EC_GROUP_free(group); + } + for (i = 0; i < knowEccEnumsLen; i++) { + group = NULL; + ExpectNotNull(group = EC_GROUP_new_by_curve_name(knownEccEnums[i])); + ExpectIntEQ(wolfSSL_EC_GROUP_get_curve_name(group), knownEccNids[i]); + EC_GROUP_free(group); + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_read_bio_ECPKParameters(void) +{ + EXPECT_DECLS; +#if !defined(NO_FILESYSTEM) && defined(OPENSSL_EXTRA) && !defined(NO_BIO) + EC_GROUP *group = NULL; + BIO* bio = NULL; +#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 384 && !defined(NO_ECC_SECP) + EC_GROUP *ret = NULL; + static char ec_nc_p384[] = "-----BEGIN EC PARAMETERS-----\n" + "BgUrgQQAIg==\n" + "-----END EC PARAMETERS-----"; +#endif + static char ec_nc_bad_1[] = "-----BEGIN EC PARAMETERS-----\n" + "MAA=\n" + "-----END EC PARAMETERS-----"; + static char ec_nc_bad_2[] = "-----BEGIN EC PARAMETERS-----\n" + "BgA=\n" + "-----END EC PARAMETERS-----"; + static char ec_nc_bad_3[] = "-----BEGIN EC PARAMETERS-----\n" + "BgE=\n" + "-----END EC PARAMETERS-----"; + static char ec_nc_bad_4[] = "-----BEGIN EC PARAMETERS-----\n" + "BgE*\n" + "-----END EC PARAMETERS-----"; + + /* Test that first parameter, bio, being NULL fails. */ + ExpectNull(PEM_read_bio_ECPKParameters(NULL, NULL, NULL, NULL)); + + /* Test that reading named parameters works. */ + ExpectNotNull(bio = BIO_new(BIO_s_file())); + ExpectIntEQ(BIO_read_filename(bio, eccKeyFile), WOLFSSL_SUCCESS); + ExpectNotNull(group = PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL)); + ExpectIntEQ(EC_GROUP_get_curve_name(group), NID_X9_62_prime256v1); + BIO_free(bio); + bio = NULL; + EC_GROUP_free(group); + group = NULL; + +#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 384 && !defined(NO_ECC_SECP) + /* Test that reusing group works. */ + ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_p384, + sizeof(ec_nc_p384))); + ExpectNotNull(group = PEM_read_bio_ECPKParameters(bio, &group, NULL, NULL)); + ExpectIntEQ(EC_GROUP_get_curve_name(group), NID_secp384r1); + BIO_free(bio); + bio = NULL; + EC_GROUP_free(group); + group = NULL; + + /* Test that returning through group works. */ + ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_p384, + sizeof(ec_nc_p384))); + ExpectNotNull(ret = PEM_read_bio_ECPKParameters(bio, &group, NULL, NULL)); + ExpectIntEQ(ret == group, 1); + ExpectIntEQ(EC_GROUP_get_curve_name(group), NID_secp384r1); + BIO_free(bio); + bio = NULL; + EC_GROUP_free(group); + group = NULL; +#endif + + /* Test 0x30, 0x00 (not and object id) fails. */ + ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_1, + sizeof(ec_nc_bad_1))); + ExpectNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; + + /* Test 0x06, 0x00 (empty object id) fails. */ + ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_2, + sizeof(ec_nc_bad_2))); + ExpectNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; + + /* Test 0x06, 0x01 (badly formed object id) fails. */ + ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_3, + sizeof(ec_nc_bad_3))); + ExpectNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL)); + BIO_free(bio); + bio = NULL; + + /* Test invalid PEM encoding - invalid character. */ + ExpectNotNull(bio = BIO_new_mem_buf((unsigned char*)ec_nc_bad_4, + sizeof(ec_nc_bad_4))); + ExpectNull(PEM_read_bio_ECPKParameters(bio, NULL, NULL, NULL)); + BIO_free(bio); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_i2d_ECPKParameters(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + EC_GROUP* grp = NULL; + unsigned char p256_oid[] = { + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 + }; + unsigned char *der = p256_oid; + unsigned char out_der[sizeof(p256_oid)]; + + XMEMSET(out_der, 0, sizeof(out_der)); + ExpectNotNull(d2i_ECPKParameters(&grp, (const unsigned char **)&der, + sizeof(p256_oid))); + der = out_der; + ExpectIntEQ(i2d_ECPKParameters(grp, &der), sizeof(p256_oid)); + ExpectBufEQ(p256_oid, out_der, sizeof(p256_oid)); + EC_GROUP_free(grp); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EC_POINT(void) +{ + EXPECT_DECLS; +#if !defined(WOLFSSL_SP_MATH) && \ + (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2))) + +#ifdef OPENSSL_EXTRA + BN_CTX* ctx = NULL; + EC_GROUP* group = NULL; +#ifndef HAVE_ECC_BRAINPOOL + EC_GROUP* group2 = NULL; +#endif + EC_POINT* Gxy = NULL; + EC_POINT* new_point = NULL; + EC_POINT* set_point = NULL; + EC_POINT* get_point = NULL; + EC_POINT* infinity = NULL; + BIGNUM* k = NULL; + BIGNUM* Gx = NULL; + BIGNUM* Gy = NULL; + BIGNUM* Gz = NULL; + BIGNUM* X = NULL; + BIGNUM* Y = NULL; + BIGNUM* set_point_bn = NULL; + char* hexStr = NULL; + + const char* kTest = "F4F8338AFCC562C5C3F3E1E46A7EFECD" + "17AF381913FF7A96314EA47055EA0FD0"; + /* NISTP256R1 Gx/Gy */ + const char* kGx = "6B17D1F2E12C4247F8BCE6E563A440F2" + "77037D812DEB33A0F4A13945D898C296"; + const char* kGy = "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16" + "2BCE33576B315ECECBB6406837BF51F5"; + const char* uncompG + = "046B17D1F2E12C4247F8BCE6E563A440F2" + "77037D812DEB33A0F4A13945D898C296" + "4FE342E2FE1A7F9B8EE7EB4A7C0F9E16" + "2BCE33576B315ECECBB6406837BF51F5"; + const char* compG + = "036B17D1F2E12C4247F8BCE6E563A440F2" + "77037D812DEB33A0F4A13945D898C296"; + +#ifndef HAVE_SELFTEST + EC_POINT *tmp = NULL; + size_t bin_len; + unsigned int blen = 0; + unsigned char* buf = NULL; + unsigned char bufInf[1] = { 0x00 }; + + const unsigned char binUncompG[] = { + 0x04, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, + 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, + 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, + 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, + 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, + 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, + }; + const unsigned char binUncompGBad[] = { + 0x09, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, + 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, + 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, + 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, + 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, + 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, + }; + +#ifdef HAVE_COMP_KEY + const unsigned char binCompG[] = { + 0x03, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, + 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, + 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, + }; +#endif +#endif + + ExpectNotNull(ctx = BN_CTX_new()); + ExpectNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); +#ifndef HAVE_ECC_BRAINPOOL + /* Used to make groups curve_idx == -1. */ + ExpectNotNull(group2 = EC_GROUP_new_by_curve_name(NID_brainpoolP256r1)); +#endif + + ExpectNull(EC_POINT_new(NULL)); + ExpectNotNull(Gxy = EC_POINT_new(group)); + ExpectNotNull(new_point = EC_POINT_new(group)); + ExpectNotNull(set_point = EC_POINT_new(group)); + ExpectNotNull(X = BN_new()); + ExpectNotNull(Y = BN_new()); + ExpectNotNull(set_point_bn = BN_new()); + + ExpectNotNull(infinity = EC_POINT_new(group)); + + /* load test values */ + ExpectIntEQ(BN_hex2bn(&k, kTest), WOLFSSL_SUCCESS); + ExpectIntEQ(BN_hex2bn(&Gx, kGx), WOLFSSL_SUCCESS); + ExpectIntEQ(BN_hex2bn(&Gy, kGy), WOLFSSL_SUCCESS); + ExpectIntEQ(BN_hex2bn(&Gz, "1"), WOLFSSL_SUCCESS); + + /* populate coordinates for input point */ + if (Gxy != NULL) { + Gxy->X = Gx; + Gxy->Y = Gy; + Gxy->Z = Gz; + } + + /* Test handling of NULL point. */ + EC_POINT_clear_free(NULL); + + ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, NULL, + NULL, NULL, ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, NULL, + NULL, NULL, ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, Gxy, + NULL, NULL, ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, NULL, + X, NULL, ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, NULL, + NULL, Y, ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(NULL, Gxy, + X, Y, ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, NULL, + X, Y, ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, Gxy, + NULL, Y, ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, Gxy, + X, NULL, ctx), 0); + /* Getting point at infinity returns an error. */ + ExpectIntEQ(wolfSSL_EC_POINT_get_affine_coordinates_GFp(group, infinity, + X, Y, ctx), 0); + +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) + ExpectIntEQ(EC_POINT_add(NULL, NULL, NULL, NULL, ctx), 0); + ExpectIntEQ(EC_POINT_add(group, NULL, NULL, NULL, ctx), 0); + ExpectIntEQ(EC_POINT_add(NULL, new_point, NULL, NULL, ctx), 0); + ExpectIntEQ(EC_POINT_add(NULL, NULL, new_point, NULL, ctx), 0); + ExpectIntEQ(EC_POINT_add(NULL, NULL, NULL, Gxy, ctx), 0); + ExpectIntEQ(EC_POINT_add(NULL, new_point, new_point, Gxy, ctx), 0); + ExpectIntEQ(EC_POINT_add(group, NULL, new_point, Gxy, ctx), 0); + ExpectIntEQ(EC_POINT_add(group, new_point, NULL, Gxy, ctx), 0); + ExpectIntEQ(EC_POINT_add(group, new_point, new_point, NULL, ctx), 0); + + ExpectIntEQ(EC_POINT_mul(NULL, NULL, Gx, Gxy, k, ctx), 0); + ExpectIntEQ(EC_POINT_mul(NULL, new_point, Gx, Gxy, k, ctx), 0); + ExpectIntEQ(EC_POINT_mul(group, NULL, Gx, Gxy, k, ctx), 0); + + ExpectIntEQ(EC_POINT_add(group, new_point, new_point, Gxy, ctx), 1); + /* perform point multiplication */ + ExpectIntEQ(EC_POINT_mul(group, new_point, Gx, Gxy, k, ctx), 1); + ExpectIntEQ(BN_is_zero(new_point->X), 0); + ExpectIntEQ(BN_is_zero(new_point->Y), 0); + ExpectIntEQ(BN_is_zero(new_point->Z), 0); + ExpectIntEQ(EC_POINT_mul(group, new_point, NULL, Gxy, k, ctx), 1); + ExpectIntEQ(BN_is_zero(new_point->X), 0); + ExpectIntEQ(BN_is_zero(new_point->Y), 0); + ExpectIntEQ(BN_is_zero(new_point->Z), 0); + ExpectIntEQ(EC_POINT_mul(group, new_point, Gx, NULL, NULL, ctx), 1); + ExpectIntEQ(BN_is_zero(new_point->X), 0); + ExpectIntEQ(BN_is_zero(new_point->Y), 0); + ExpectIntEQ(BN_is_zero(new_point->Z), 0); + ExpectIntEQ(EC_POINT_mul(group, new_point, NULL, NULL, NULL, ctx), 1); + ExpectIntEQ(BN_is_zero(new_point->X), 1); + ExpectIntEQ(BN_is_zero(new_point->Y), 1); + ExpectIntEQ(BN_is_zero(new_point->Z), 1); + /* Set point to something. */ + ExpectIntEQ(EC_POINT_add(group, new_point, Gxy, Gxy, ctx), 1); +#else + ExpectIntEQ(EC_POINT_set_affine_coordinates_GFp(group, new_point, Gx, Gy, + ctx), 1); + ExpectIntEQ(BN_is_zero(new_point->X), 0); + ExpectIntEQ(BN_is_zero(new_point->Y), 0); + ExpectIntEQ(BN_is_zero(new_point->Z), 0); +#endif + + /* check if point X coordinate is zero */ + ExpectIntEQ(BN_is_zero(new_point->X), 0); + +#if defined(USE_ECC_B_PARAM) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GT(2,0)) + ExpectIntEQ(EC_POINT_is_on_curve(group, new_point, ctx), 1); +#endif + + /* extract the coordinates from point */ + ExpectIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y, + ctx), WOLFSSL_SUCCESS); + + /* check if point X coordinate is zero */ + ExpectIntEQ(BN_is_zero(X), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + /* set the same X and Y points in another object */ + ExpectIntEQ(EC_POINT_set_affine_coordinates_GFp(group, set_point, X, Y, + ctx), WOLFSSL_SUCCESS); + + /* compare points as they should be the same */ + ExpectIntEQ(EC_POINT_cmp(NULL, NULL, NULL, ctx), -1); + ExpectIntEQ(EC_POINT_cmp(group, NULL, NULL, ctx), -1); + ExpectIntEQ(EC_POINT_cmp(NULL, new_point, NULL, ctx), -1); + ExpectIntEQ(EC_POINT_cmp(NULL, NULL, set_point, ctx), -1); + ExpectIntEQ(EC_POINT_cmp(NULL, new_point, set_point, ctx), -1); + ExpectIntEQ(EC_POINT_cmp(group, NULL, set_point, ctx), -1); + ExpectIntEQ(EC_POINT_cmp(group, new_point, NULL, ctx), -1); + ExpectIntEQ(EC_POINT_cmp(group, new_point, set_point, ctx), 0); + + /* Test copying */ + ExpectIntEQ(EC_POINT_copy(NULL, NULL), 0); + ExpectIntEQ(EC_POINT_copy(NULL, set_point), 0); + ExpectIntEQ(EC_POINT_copy(new_point, NULL), 0); + ExpectIntEQ(EC_POINT_copy(new_point, set_point), 1); + + /* Test inverting */ + ExpectIntEQ(EC_POINT_invert(NULL, NULL, ctx), 0); + ExpectIntEQ(EC_POINT_invert(NULL, new_point, ctx), 0); + ExpectIntEQ(EC_POINT_invert(group, NULL, ctx), 0); + ExpectIntEQ(EC_POINT_invert(group, new_point, ctx), 1); + +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_SP_MATH) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) + { + EC_POINT* orig_point = NULL; + ExpectNotNull(orig_point = EC_POINT_new(group)); + ExpectIntEQ(EC_POINT_add(group, orig_point, set_point, set_point, NULL), + 1); + /* new_point should be set_point inverted so adding it will revert + * the point back to set_point */ + ExpectIntEQ(EC_POINT_add(group, orig_point, orig_point, new_point, + NULL), 1); + ExpectIntEQ(EC_POINT_cmp(group, orig_point, set_point, NULL), 0); + EC_POINT_free(orig_point); + } +#endif + + /* Test getting affine converts from projective. */ + ExpectIntEQ(EC_POINT_copy(set_point, new_point), 1); + /* Force non-affine coordinates */ + ExpectIntEQ(BN_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(), + (WOLFSSL_BIGNUM*)BN_value_one()), 1); + if (new_point != NULL) { + new_point->inSet = 0; + } + /* extract the coordinates from point */ + ExpectIntEQ(EC_POINT_get_affine_coordinates_GFp(group, new_point, X, Y, + ctx), WOLFSSL_SUCCESS); + /* check if point ordinates have changed. */ + ExpectIntNE(BN_cmp(X, set_point->X), 0); + ExpectIntNE(BN_cmp(Y, set_point->Y), 0); + + /* Test check for infinity */ +#ifndef WOLF_CRYPTO_CB_ONLY_ECC + ExpectIntEQ(EC_POINT_is_at_infinity(NULL, NULL), 0); + ExpectIntEQ(EC_POINT_is_at_infinity(NULL, infinity), 0); + ExpectIntEQ(EC_POINT_is_at_infinity(group, NULL), 0); + ExpectIntEQ(EC_POINT_is_at_infinity(group, infinity), 1); + ExpectIntEQ(EC_POINT_is_at_infinity(group, Gxy), 0); +#else + ExpectIntEQ(EC_POINT_is_at_infinity(group, infinity), 0); +#endif + + ExpectPtrEq(EC_POINT_point2bn(group, set_point, + POINT_CONVERSION_UNCOMPRESSED, set_point_bn, ctx), set_point_bn); + + /* check bn2hex */ + hexStr = BN_bn2hex(k); + ExpectStrEQ(hexStr, kTest); +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \ + defined(XFPRINTF) + BN_print_fp(stderr, k); + fprintf(stderr, "\n"); +#endif + XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); + + hexStr = BN_bn2hex(Gx); + ExpectStrEQ(hexStr, kGx); +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \ + defined(XFPRINTF) + BN_print_fp(stderr, Gx); + fprintf(stderr, "\n"); +#endif + XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); + + hexStr = BN_bn2hex(Gy); + ExpectStrEQ(hexStr, kGy); +#if !defined(NO_FILESYSTEM) && !defined(NO_STDIO_FILESYSTEM) && \ + defined(XFPRINTF) + BN_print_fp(stderr, Gy); + fprintf(stderr, "\n"); +#endif + XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); + + /* Test point to hex */ + ExpectNull(EC_POINT_point2hex(NULL, NULL, POINT_CONVERSION_UNCOMPRESSED, + ctx)); + ExpectNull(EC_POINT_point2hex(NULL, Gxy, POINT_CONVERSION_UNCOMPRESSED, + ctx)); + ExpectNull(EC_POINT_point2hex(group, NULL, POINT_CONVERSION_UNCOMPRESSED, + ctx)); +#ifndef HAVE_ECC_BRAINPOOL + /* Group not supported in wolfCrypt. */ + ExpectNull(EC_POINT_point2hex(group2, Gxy, POINT_CONVERSION_UNCOMPRESSED, + ctx)); +#endif + + hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, ctx); + ExpectNotNull(hexStr); + ExpectStrEQ(hexStr, uncompG); + ExpectNotNull(get_point = EC_POINT_hex2point(group, hexStr, NULL, ctx)); + ExpectIntEQ(EC_POINT_cmp(group, Gxy, get_point, ctx), 0); + XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); + + hexStr = EC_POINT_point2hex(group, Gxy, POINT_CONVERSION_COMPRESSED, ctx); + ExpectNotNull(hexStr); + ExpectStrEQ(hexStr, compG); + #ifdef HAVE_COMP_KEY + ExpectNotNull(get_point = EC_POINT_hex2point + (group, hexStr, get_point, ctx)); + ExpectIntEQ(EC_POINT_cmp(group, Gxy, get_point, ctx), 0); + #endif + XFREE(hexStr, NULL, DYNAMIC_TYPE_ECC); + EC_POINT_free(get_point); + +#ifndef HAVE_SELFTEST + /* Test point to oct */ + ExpectIntEQ(EC_POINT_point2oct(NULL, NULL, POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), 0); + ExpectIntEQ(EC_POINT_point2oct(NULL, Gxy, POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), 0); + ExpectIntEQ(EC_POINT_point2oct(group, NULL, POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx), 0); + bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, + NULL, 0, ctx); + ExpectIntEQ(bin_len, sizeof(binUncompG)); + ExpectNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, + DYNAMIC_TYPE_ECC)); + ExpectIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_UNCOMPRESSED, + buf, bin_len, ctx), bin_len); + ExpectIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0); + XFREE(buf, NULL, DYNAMIC_TYPE_ECC); + + /* Infinity (x=0, y=0) encodes as '0x00'. */ + ExpectIntEQ(EC_POINT_point2oct(group, infinity, + POINT_CONVERSION_UNCOMPRESSED, NULL, 0, ctx), 1); + ExpectIntEQ(EC_POINT_point2oct(group, infinity, + POINT_CONVERSION_UNCOMPRESSED, bufInf, 0, ctx), 0); + ExpectIntEQ(EC_POINT_point2oct(group, infinity, + POINT_CONVERSION_UNCOMPRESSED, bufInf, 1, ctx), 1); + ExpectIntEQ(bufInf[0], 0); + + wolfSSL_EC_POINT_dump(NULL, NULL); + /* Test point i2d */ + ExpectIntEQ(ECPoint_i2d(NULL, NULL, NULL, &blen), 0); + ExpectIntEQ(ECPoint_i2d(NULL, Gxy, NULL, &blen), 0); + ExpectIntEQ(ECPoint_i2d(group, NULL, NULL, &blen), 0); + ExpectIntEQ(ECPoint_i2d(group, Gxy, NULL, NULL), 0); + ExpectIntEQ(ECPoint_i2d(group, Gxy, NULL, &blen), 1); + ExpectIntEQ(blen, sizeof(binUncompG)); + ExpectNotNull(buf = (unsigned char*)XMALLOC(blen, NULL, DYNAMIC_TYPE_ECC)); + blen--; + ExpectIntEQ(ECPoint_i2d(group, Gxy, buf, &blen), 0); + blen++; + ExpectIntEQ(ECPoint_i2d(group, Gxy, buf, &blen), 1); + ExpectIntEQ(XMEMCMP(buf, binUncompG, sizeof(binUncompG)), 0); + XFREE(buf, NULL, DYNAMIC_TYPE_ECC); + +#ifdef HAVE_COMP_KEY + /* Test point to oct compressed */ + bin_len = EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, NULL, + 0, ctx); + ExpectIntEQ(bin_len, sizeof(binCompG)); + ExpectNotNull(buf = (unsigned char*)XMALLOC(bin_len, NULL, + DYNAMIC_TYPE_ECC)); + ExpectIntEQ(EC_POINT_point2oct(group, Gxy, POINT_CONVERSION_COMPRESSED, buf, + bin_len, ctx), bin_len); + ExpectIntEQ(XMEMCMP(buf, binCompG, sizeof(binCompG)), 0); + XFREE(buf, NULL, DYNAMIC_TYPE_ECC); +#endif + + /* Test point BN */ + ExpectNull(wolfSSL_EC_POINT_point2bn(NULL, NULL, + POINT_CONVERSION_UNCOMPRESSED, NULL, ctx)); + ExpectNull(wolfSSL_EC_POINT_point2bn(NULL, Gxy, + POINT_CONVERSION_UNCOMPRESSED, NULL, ctx)); + ExpectNull(wolfSSL_EC_POINT_point2bn(group, NULL, + POINT_CONVERSION_UNCOMPRESSED, NULL, ctx)); + ExpectNull(wolfSSL_EC_POINT_point2bn(group, Gxy, 0, NULL, ctx)); + + /* Test oct to point */ + ExpectNotNull(tmp = EC_POINT_new(group)); + ExpectIntEQ(EC_POINT_oct2point(NULL, NULL, binUncompG, sizeof(binUncompG), + ctx), 0); + ExpectIntEQ(EC_POINT_oct2point(NULL, tmp, binUncompG, sizeof(binUncompG), + ctx), 0); + ExpectIntEQ(EC_POINT_oct2point(group, NULL, binUncompG, sizeof(binUncompG), + ctx), 0); + ExpectIntEQ(EC_POINT_oct2point(group, tmp, binUncompGBad, + sizeof(binUncompGBad), ctx), 0); + ExpectIntEQ(EC_POINT_oct2point(group, tmp, binUncompG, sizeof(binUncompG), + ctx), 1); + ExpectIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0); + EC_POINT_free(tmp); + tmp = NULL; + + /* Test setting BN ordinates. */ + ExpectNotNull(tmp = EC_POINT_new(group)); + ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, NULL, NULL, + NULL, ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, NULL, NULL, + NULL, ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, tmp, NULL, + NULL, ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, NULL, Gx, + NULL, ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, NULL, NULL, + Gy, ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(NULL, tmp, Gx, Gy, + ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, NULL, Gx, Gy, + ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, tmp, NULL, + Gy, ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, tmp, Gx, + NULL, ctx), 0); + ExpectIntEQ(wolfSSL_EC_POINT_set_affine_coordinates_GFp(group, tmp, Gx, Gy, + ctx), 1); + EC_POINT_free(tmp); + tmp = NULL; + + /* Test point d2i */ + ExpectNotNull(tmp = EC_POINT_new(group)); + ExpectIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), NULL, NULL), 0); + ExpectIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), NULL, NULL), 0); + ExpectIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), group, NULL), 0); + ExpectIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), NULL, tmp), 0); + ExpectIntEQ(ECPoint_d2i(NULL, sizeof(binUncompG), group, tmp), 0); + ExpectIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), NULL, tmp), 0); + ExpectIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), group, NULL), 0); + ExpectIntEQ(ECPoint_d2i(binUncompGBad, sizeof(binUncompG), group, tmp), 0); + ExpectIntEQ(ECPoint_d2i(binUncompG, sizeof(binUncompG), group, tmp), 1); + ExpectIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0); + EC_POINT_free(tmp); + tmp = NULL; + +#ifdef HAVE_COMP_KEY + /* Test oct compressed to point */ + ExpectNotNull(tmp = EC_POINT_new(group)); + ExpectIntEQ(EC_POINT_oct2point(group, tmp, binCompG, sizeof(binCompG), ctx), + 1); + ExpectIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0); + EC_POINT_free(tmp); + tmp = NULL; + + /* Test point d2i - compressed */ + ExpectNotNull(tmp = EC_POINT_new(group)); + ExpectIntEQ(ECPoint_d2i(binCompG, sizeof(binCompG), group, tmp), 1); + ExpectIntEQ(EC_POINT_cmp(group, tmp, Gxy, ctx), 0); + EC_POINT_free(tmp); + tmp = NULL; +#endif +#endif + + /* test BN_mod_add */ + ExpectIntEQ(BN_mod_add(new_point->Z, (WOLFSSL_BIGNUM*)BN_value_one(), + (WOLFSSL_BIGNUM*)BN_value_one(), (WOLFSSL_BIGNUM*)BN_value_one(), NULL), + 1); + ExpectIntEQ(BN_is_zero(new_point->Z), 1); + + /* cleanup */ + BN_free(X); + BN_free(Y); + BN_free(k); + BN_free(set_point_bn); + EC_POINT_free(infinity); + EC_POINT_free(new_point); + EC_POINT_free(set_point); + EC_POINT_clear_free(Gxy); +#ifndef HAVE_ECC_BRAINPOOL + EC_GROUP_free(group2); +#endif + EC_GROUP_free(group); + BN_CTX_free(ctx); +#endif +#endif /* !WOLFSSL_SP_MATH && ( !HAVE_FIPS || HAVE_FIPS_VERSION > 2) */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_SPAKE(void) +{ + EXPECT_DECLS; + +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) && !defined(WOLFSSL_ATECC508A) \ + && !defined(WOLFSSL_ATECC608A) && !defined(HAVE_SELFTEST) && \ + !defined(WOLFSSL_SP_MATH) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + BIGNUM* x = NULL; /* kdc priv */ + BIGNUM* y = NULL; /* client priv */ + BIGNUM* w = NULL; /* shared value */ + byte M_bytes[] = { + /* uncompressed */ + 0x04, + /* x */ + 0x88, 0x6e, 0x2f, 0x97, 0xac, 0xe4, 0x6e, 0x55, 0xba, 0x9d, 0xd7, 0x24, + 0x25, 0x79, 0xf2, 0x99, 0x3b, 0x64, 0xe1, 0x6e, 0xf3, 0xdc, 0xab, 0x95, + 0xaf, 0xd4, 0x97, 0x33, 0x3d, 0x8f, 0xa1, 0x2f, + /* y */ + 0x5f, 0xf3, 0x55, 0x16, 0x3e, 0x43, 0xce, 0x22, 0x4e, 0x0b, 0x0e, 0x65, + 0xff, 0x02, 0xac, 0x8e, 0x5c, 0x7b, 0xe0, 0x94, 0x19, 0xc7, 0x85, 0xe0, + 0xca, 0x54, 0x7d, 0x55, 0xa1, 0x2e, 0x2d, 0x20 + }; + EC_POINT* M = NULL; /* shared value */ + byte N_bytes[] = { + /* uncompressed */ + 0x04, + /* x */ + 0xd8, 0xbb, 0xd6, 0xc6, 0x39, 0xc6, 0x29, 0x37, 0xb0, 0x4d, 0x99, 0x7f, + 0x38, 0xc3, 0x77, 0x07, 0x19, 0xc6, 0x29, 0xd7, 0x01, 0x4d, 0x49, 0xa2, + 0x4b, 0x4f, 0x98, 0xba, 0xa1, 0x29, 0x2b, 0x49, + /* y */ + 0x07, 0xd6, 0x0a, 0xa6, 0xbf, 0xad, 0xe4, 0x50, 0x08, 0xa6, 0x36, 0x33, + 0x7f, 0x51, 0x68, 0xc6, 0x4d, 0x9b, 0xd3, 0x60, 0x34, 0x80, 0x8c, 0xd5, + 0x64, 0x49, 0x0b, 0x1e, 0x65, 0x6e, 0xdb, 0xe7 + }; + EC_POINT* N = NULL; /* shared value */ + EC_POINT* T = NULL; /* kdc pub */ + EC_POINT* tmp1 = NULL; /* kdc pub */ + EC_POINT* tmp2 = NULL; /* kdc pub */ + EC_POINT* S = NULL; /* client pub */ + EC_POINT* client_secret = NULL; + EC_POINT* kdc_secret = NULL; + EC_GROUP* group = NULL; + BN_CTX* bn_ctx = NULL; + + /* Values taken from a test run of Kerberos 5 */ + + ExpectNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); + ExpectNotNull(bn_ctx = BN_CTX_new()); + + ExpectNotNull(M = EC_POINT_new(group)); + ExpectNotNull(N = EC_POINT_new(group)); + ExpectNotNull(T = EC_POINT_new(group)); + ExpectNotNull(tmp1 = EC_POINT_new(group)); + ExpectNotNull(tmp2 = EC_POINT_new(group)); + ExpectNotNull(S = EC_POINT_new(group)); + ExpectNotNull(client_secret = EC_POINT_new(group)); + ExpectNotNull(kdc_secret = EC_POINT_new(group)); + ExpectIntEQ(BN_hex2bn(&x, "DAC3027CD692B4BDF0EDFE9B7D0E4E7" + "E5D8768A725EAEEA6FC68EC239A17C0"), 1); + ExpectIntEQ(BN_hex2bn(&y, "6F6A1D394E26B1655A54B26DCE30D49" + "90CC47EBE08F809EF3FF7F6AEAABBB5"), 1); + ExpectIntEQ(BN_hex2bn(&w, "1D992AB8BA851B9BA05353453D81EE9" + "506AB395478F0AAB647752CF117B36250"), 1); + ExpectIntEQ(EC_POINT_oct2point(group, M, M_bytes, sizeof(M_bytes), bn_ctx), + 1); + ExpectIntEQ(EC_POINT_oct2point(group, N, N_bytes, sizeof(N_bytes), bn_ctx), + 1); + + /* Function pattern similar to ossl_keygen and ossl_result in krb5 */ + + /* kdc */ + /* T=x*P+w*M */ + /* All in one function call */ + ExpectIntEQ(EC_POINT_mul(group, T, x, M, w, bn_ctx), 1); + /* Spread into separate calls */ + ExpectIntEQ(EC_POINT_mul(group, tmp1, x, NULL, NULL, bn_ctx), 1); + ExpectIntEQ(EC_POINT_mul(group, tmp2, NULL, M, w, bn_ctx), 1); + ExpectIntEQ(EC_POINT_add(group, tmp1, tmp1, tmp2, bn_ctx), + 1); + ExpectIntEQ(EC_POINT_cmp(group, T, tmp1, bn_ctx), 0); + /* client */ + /* S=y*P+w*N */ + /* All in one function call */ + ExpectIntEQ(EC_POINT_mul(group, S, y, N, w, bn_ctx), 1); + /* Spread into separate calls */ + ExpectIntEQ(EC_POINT_mul(group, tmp1, y, NULL, NULL, bn_ctx), 1); + ExpectIntEQ(EC_POINT_mul(group, tmp2, NULL, N, w, bn_ctx), 1); + ExpectIntEQ(EC_POINT_add(group, tmp1, tmp1, tmp2, bn_ctx), + 1); + ExpectIntEQ(EC_POINT_cmp(group, S, tmp1, bn_ctx), 0); + /* K=y*(T-w*M) */ + ExpectIntEQ(EC_POINT_mul(group, client_secret, NULL, M, w, bn_ctx), 1); + ExpectIntEQ(EC_POINT_invert(group, client_secret, bn_ctx), 1); + ExpectIntEQ(EC_POINT_add(group, client_secret, T, client_secret, bn_ctx), + 1); + ExpectIntEQ(EC_POINT_mul(group, client_secret, NULL, client_secret, y, + bn_ctx), 1); + /* kdc */ + /* K=x*(S-w*N) */ + ExpectIntEQ(EC_POINT_mul(group, kdc_secret, NULL, N, w, bn_ctx), 1); + ExpectIntEQ(EC_POINT_invert(group, kdc_secret, bn_ctx), 1); + ExpectIntEQ(EC_POINT_add(group, kdc_secret, S, kdc_secret, bn_ctx), + 1); + ExpectIntEQ(EC_POINT_mul(group, kdc_secret, NULL, kdc_secret, x, bn_ctx), + 1); + + /* kdc_secret == client_secret */ + ExpectIntEQ(EC_POINT_cmp(group, client_secret, kdc_secret, bn_ctx), 0); + + BN_free(x); + BN_free(y); + BN_free(w); + EC_POINT_free(M); + EC_POINT_free(N); + EC_POINT_free(T); + EC_POINT_free(tmp1); + EC_POINT_free(tmp2); + EC_POINT_free(S); + EC_POINT_free(client_secret); + EC_POINT_free(kdc_secret); + EC_GROUP_free(group); + BN_CTX_free(bn_ctx); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EC_KEY_generate(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + WOLFSSL_EC_KEY* key = NULL; +#ifndef HAVE_ECC_BRAINPOOL + WOLFSSL_EC_GROUP* group = NULL; +#endif + + ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(NULL), 0); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), 1); + wolfSSL_EC_KEY_free(key); + key = NULL; + +#ifndef HAVE_ECC_BRAINPOOL + ExpectNotNull(group = wolfSSL_EC_GROUP_new_by_curve_name( + NID_brainpoolP256r1)); + ExpectNotNull(key = wolfSSL_EC_KEY_new()); + ExpectIntEQ(wolfSSL_EC_KEY_set_group(key, group), 1); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), 0); + wolfSSL_EC_KEY_free(key); + wolfSSL_EC_GROUP_free(group); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_EC_i2d(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(HAVE_FIPS) + EC_KEY *key = NULL; + EC_KEY *copy = NULL; + int len = 0; + unsigned char *buf = NULL; + unsigned char *p = NULL; + const unsigned char *tmp = NULL; + const unsigned char octBad[] = { + 0x09, 0x6b, 0x17, 0xd1, 0xf2, 0xe1, 0x2c, 0x42, 0x47, 0xf8, 0xbc, + 0xe6, 0xe5, 0x63, 0xa4, 0x40, 0xf2, 0x77, 0x03, 0x7d, 0x81, 0x2d, + 0xeb, 0x33, 0xa0, 0xf4, 0xa1, 0x39, 0x45, 0xd8, 0x98, 0xc2, 0x96, + 0x4f, 0xe3, 0x42, 0xe2, 0xfe, 0x1a, 0x7f, 0x9b, 0x8e, 0xe7, 0xeb, + 0x4a, 0x7c, 0x0f, 0x9e, 0x16, 0x2b, 0xce, 0x33, 0x57, 0x6b, 0x31, + 0x5e, 0xce, 0xcb, 0xb6, 0x40, 0x68, 0x37, 0xbf, 0x51, 0xf5, + }; + + ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + ExpectIntEQ(EC_KEY_generate_key(key), 1); + ExpectIntGT((len = i2d_EC_PUBKEY(key, NULL)), 0); + ExpectNotNull(buf = (unsigned char*)XMALLOC(len, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + p = buf; + ExpectIntEQ(i2d_EC_PUBKEY(key, &p), len); + + ExpectNull(o2i_ECPublicKey(NULL, NULL, -1)); + ExpectNull(o2i_ECPublicKey(©, NULL, -1)); + ExpectNull(o2i_ECPublicKey(&key, NULL, -1)); + ExpectNull(o2i_ECPublicKey(NULL, &tmp, -1)); + ExpectNull(o2i_ECPublicKey(NULL, NULL, 0)); + ExpectNull(o2i_ECPublicKey(&key, NULL, 0)); + ExpectNull(o2i_ECPublicKey(&key, &tmp, 0)); + tmp = buf; + ExpectNull(o2i_ECPublicKey(NULL, &tmp, 0)); + ExpectNull(o2i_ECPublicKey(©, &tmp, 0)); + ExpectNull(o2i_ECPublicKey(NULL, &tmp, -1)); + ExpectNull(o2i_ECPublicKey(&key, &tmp, -1)); + + ExpectIntEQ(i2o_ECPublicKey(NULL, NULL), 0); + ExpectIntEQ(i2o_ECPublicKey(NULL, &buf), 0); + + tmp = buf; + ExpectNull(d2i_ECPrivateKey(NULL, &tmp, 0)); + ExpectNull(d2i_ECPrivateKey(NULL, &tmp, 1)); + ExpectNull(d2i_ECPrivateKey(©, &tmp, 0)); + ExpectNull(d2i_ECPrivateKey(©, &tmp, 1)); + ExpectNull(d2i_ECPrivateKey(&key, &tmp, 0)); + + { + EC_KEY *pubkey = NULL; + BIO* bio = NULL; + + ExpectNotNull(bio = BIO_new(BIO_s_mem())); + ExpectIntGT(BIO_write(bio, buf, len), 0); + ExpectNotNull(d2i_EC_PUBKEY_bio(bio, &pubkey)); + + BIO_free(bio); + EC_KEY_free(pubkey); + } + + ExpectIntEQ(i2d_ECPrivateKey(NULL, &p), 0); + ExpectIntEQ(i2d_ECPrivateKey(NULL, NULL), 0); + + ExpectIntEQ(wolfSSL_EC_KEY_LoadDer(NULL, NULL, -1), -1); + ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, NULL, -1, 0), -1); + ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, NULL, -1, 0), -1); + ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, buf, -1, 0), -1); + ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, NULL, 0, 0), -1); + ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, NULL, -1, + WOLFSSL_EC_KEY_LOAD_PUBLIC), -1); + ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(NULL, buf, len, + WOLFSSL_EC_KEY_LOAD_PUBLIC), -1); + ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, NULL, len, + WOLFSSL_EC_KEY_LOAD_PUBLIC), -1); + ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, buf, -1, + WOLFSSL_EC_KEY_LOAD_PUBLIC), -1); + ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, buf, len, 0), -1); + ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, buf, len, + WOLFSSL_EC_KEY_LOAD_PRIVATE), -1); + ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, octBad, sizeof(octBad), + WOLFSSL_EC_KEY_LOAD_PRIVATE), -1); + ExpectIntEQ(wolfSSL_EC_KEY_LoadDer_ex(key, octBad, sizeof(octBad), + WOLFSSL_EC_KEY_LOAD_PUBLIC), -1); + + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + buf = NULL; + buf = NULL; + + ExpectIntGT((len = i2d_ECPrivateKey(key, NULL)), 0); + ExpectNotNull(buf = (unsigned char*)XMALLOC(len, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + p = buf; + ExpectIntEQ(i2d_ECPrivateKey(key, &p), len); + + p = NULL; + ExpectIntEQ(i2d_ECPrivateKey(key, &p), len); + XFREE(p, NULL, DYNAMIC_TYPE_TMP_BUFFER); + p = NULL; + + /* Bad point is also an invalid private key. */ + tmp = octBad; + ExpectNull(d2i_ECPrivateKey(©, &tmp, sizeof(octBad))); + tmp = buf; + ExpectNotNull(d2i_ECPrivateKey(©, &tmp, len)); + XFREE(buf, NULL, DYNAMIC_TYPE_TMP_BUFFER); + buf = NULL; + buf = NULL; + + ExpectIntGT((len = i2o_ECPublicKey(key, NULL)), 0); + ExpectNotNull(buf = (unsigned char*)XMALLOC(len, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + p = buf; + ExpectIntGT((len = i2o_ECPublicKey(key, &p)), 0); + p = NULL; + ExpectIntGT((len = i2o_ECPublicKey(key, &p)), 0); + tmp = buf; + ExpectNotNull(o2i_ECPublicKey(©, &tmp, len)); + tmp = octBad; + ExpectNull(o2i_ECPublicKey(&key, &tmp, sizeof(octBad))); + + ExpectIntEQ(EC_KEY_check_key(NULL), 0); + ExpectIntEQ(EC_KEY_check_key(key), 1); + + XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL); + XFREE(buf, NULL, DYNAMIC_TYPE_OPENSSL); + + EC_KEY_free(key); + EC_KEY_free(copy); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EC_curve(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) + int nid = NID_secp160k1; + const char* nid_name = NULL; + + ExpectNull(EC_curve_nid2nist(NID_sha256)); + + ExpectNotNull(nid_name = EC_curve_nid2nist(nid)); + ExpectIntEQ(XMEMCMP(nid_name, "K-160", XSTRLEN("K-160")), 0); + + ExpectIntEQ(EC_curve_nist2nid("INVALID"), 0); + ExpectIntEQ(EC_curve_nist2nid(nid_name), nid); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EC_KEY_dup(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_ALL) && !defined(NO_CERTS) + WOLFSSL_EC_KEY* ecKey = NULL; + WOLFSSL_EC_KEY* dupKey = NULL; + ecc_key* srcKey = NULL; + ecc_key* destKey = NULL; + + ExpectNotNull(ecKey = wolfSSL_EC_KEY_new()); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); + + /* Valid cases */ + ExpectNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); + ExpectIntEQ(EC_KEY_check_key(dupKey), 1); + + /* Compare pubkey */ + if (ecKey != NULL) { + srcKey = (ecc_key*)ecKey->internal; + } + if (dupKey != NULL) { + destKey = (ecc_key*)dupKey->internal; + } + ExpectIntEQ(wc_ecc_cmp_point(&srcKey->pubkey, &destKey->pubkey), 0); + + /* compare EC_GROUP */ + ExpectIntEQ(wolfSSL_EC_GROUP_cmp(ecKey->group, dupKey->group, NULL), MP_EQ); + + /* compare EC_POINT */ + ExpectIntEQ(wolfSSL_EC_POINT_cmp(ecKey->group, ecKey->pub_key, \ + dupKey->pub_key, NULL), MP_EQ); + + /* compare BIGNUM */ + ExpectIntEQ(wolfSSL_BN_cmp(ecKey->priv_key, dupKey->priv_key), MP_EQ); + wolfSSL_EC_KEY_free(dupKey); + dupKey = NULL; + + /* Invalid cases */ + /* NULL key */ + ExpectNull(dupKey = wolfSSL_EC_KEY_dup(NULL)); + /* NULL ecc_key */ + if (ecKey != NULL) { + wc_ecc_free((ecc_key*)ecKey->internal); + XFREE(ecKey->internal, NULL, DYNAMIC_TYPE_ECC); + ecKey->internal = NULL; /* Set ecc_key to NULL */ + } + ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); + wolfSSL_EC_KEY_free(ecKey); + ecKey = NULL; + wolfSSL_EC_KEY_free(dupKey); + dupKey = NULL; + + /* NULL Group */ + ExpectNotNull(ecKey = wolfSSL_EC_KEY_new()); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); + if (ecKey != NULL) { + wolfSSL_EC_GROUP_free(ecKey->group); + ecKey->group = NULL; /* Set group to NULL */ + } + ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); + wolfSSL_EC_KEY_free(ecKey); + ecKey = NULL; + wolfSSL_EC_KEY_free(dupKey); + dupKey = NULL; + + /* NULL public key */ + ExpectNotNull(ecKey = wolfSSL_EC_KEY_new()); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); + if (ecKey != NULL) { + wc_ecc_del_point((ecc_point*)ecKey->pub_key->internal); + ecKey->pub_key->internal = NULL; /* Set ecc_point to NULL */ + } + + ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); + if (ecKey != NULL) { + wolfSSL_EC_POINT_free(ecKey->pub_key); + ecKey->pub_key = NULL; /* Set pub_key to NULL */ + } + ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); + wolfSSL_EC_KEY_free(ecKey); + ecKey = NULL; + wolfSSL_EC_KEY_free(dupKey); + dupKey = NULL; + + /* NULL private key */ + ExpectNotNull(ecKey = wolfSSL_EC_KEY_new()); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), 1); + + if (ecKey != NULL) { + wolfSSL_BN_free(ecKey->priv_key); + ecKey->priv_key = NULL; /* Set priv_key to NULL */ + } + ExpectNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); + + wolfSSL_EC_KEY_free(ecKey); + ecKey = NULL; + wolfSSL_EC_KEY_free(dupKey); + dupKey = NULL; + + /* Test EC_KEY_up_ref */ + ExpectNotNull(ecKey = wolfSSL_EC_KEY_new()); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(ecKey), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EC_KEY_up_ref(NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(wolfSSL_EC_KEY_up_ref(ecKey), WOLFSSL_SUCCESS); + /* reference count doesn't follow duplicate */ + ExpectNotNull(dupKey = wolfSSL_EC_KEY_dup(ecKey)); + ExpectIntEQ(wolfSSL_EC_KEY_up_ref(dupKey), WOLFSSL_SUCCESS); /* +1 */ + ExpectIntEQ(wolfSSL_EC_KEY_up_ref(dupKey), WOLFSSL_SUCCESS); /* +2 */ + wolfSSL_EC_KEY_free(dupKey); /* 3 */ + wolfSSL_EC_KEY_free(dupKey); /* 2 */ + wolfSSL_EC_KEY_free(dupKey); /* 1, free */ + wolfSSL_EC_KEY_free(ecKey); /* 2 */ + wolfSSL_EC_KEY_free(ecKey); /* 1, free */ +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EC_KEY_set_group(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \ + defined(OPENSSL_EXTRA) + EC_KEY *key = NULL; + EC_GROUP *group = NULL; + const EC_GROUP *group2 = NULL; + + ExpectNotNull(group = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1)); + ExpectNotNull(key = EC_KEY_new()); + + ExpectNull(EC_KEY_get0_group(NULL)); + ExpectIntEQ(EC_KEY_set_group(NULL, NULL), 0); + ExpectIntEQ(EC_KEY_set_group(key, NULL), 0); + ExpectIntEQ(EC_KEY_set_group(NULL, group), 0); + + ExpectIntEQ(EC_KEY_set_group(key, group), WOLFSSL_SUCCESS); + ExpectNotNull(group2 = EC_KEY_get0_group(key)); + ExpectIntEQ(EC_GROUP_cmp(group2, group, NULL), 0); + + EC_GROUP_free(group); + EC_KEY_free(key); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EC_KEY_set_conv_form(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && defined(OPENSSL_EXTRA) && !defined(NO_BIO) && \ + !defined(NO_FILESYSTEM) + BIO* bio = NULL; + EC_KEY* key = NULL; + + /* Error condition: NULL key. */ + ExpectIntLT(EC_KEY_get_conv_form(NULL), 0); + + ExpectNotNull(bio = BIO_new_file("./certs/ecc-keyPub.pem", "rb")); + ExpectNotNull(key = PEM_read_bio_EC_PUBKEY(bio, NULL, NULL, NULL)); + /* Conversion form defaults to uncompressed. */ + ExpectIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_UNCOMPRESSED); +#ifdef HAVE_COMP_KEY + /* Explicitly set to compressed. */ + EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED); + ExpectIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_COMPRESSED); +#else + /* Will still work just won't change anything. */ + EC_KEY_set_conv_form(key, POINT_CONVERSION_COMPRESSED); + ExpectIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_UNCOMPRESSED); + EC_KEY_set_conv_form(key, POINT_CONVERSION_UNCOMPRESSED); + ExpectIntEQ(EC_KEY_get_conv_form(key), POINT_CONVERSION_UNCOMPRESSED); +#endif + EC_KEY_set_conv_form(NULL, POINT_CONVERSION_UNCOMPRESSED); + + BIO_free(bio); + EC_KEY_free(key); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EC_KEY_private_key(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) + WOLFSSL_EC_KEY* key = NULL; + WOLFSSL_BIGNUM* priv = NULL; + WOLFSSL_BIGNUM* priv2 = NULL; + WOLFSSL_BIGNUM* bn = NULL; + + ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + ExpectNotNull(priv = wolfSSL_BN_new()); + ExpectNotNull(priv2 = wolfSSL_BN_new()); + ExpectIntNE(BN_set_word(priv, 2), 0); + ExpectIntNE(BN_set_word(priv2, 2), 0); + + ExpectNull(wolfSSL_EC_KEY_get0_private_key(NULL)); + /* No private key set. */ + ExpectNull(wolfSSL_EC_KEY_get0_private_key(key)); + + ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(NULL, NULL), 0); + ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(key, NULL), 0); + ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(NULL, priv), 0); + + ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(key, priv), 1); + ExpectNotNull(bn = wolfSSL_EC_KEY_get0_private_key(key)); + ExpectPtrNE(bn, priv); + ExpectIntEQ(wolfSSL_EC_KEY_set_private_key(key, priv2), 1); + ExpectNotNull(bn = wolfSSL_EC_KEY_get0_private_key(key)); + ExpectPtrNE(bn, priv2); + + wolfSSL_BN_free(priv2); + wolfSSL_BN_free(priv); + wolfSSL_EC_KEY_free(key); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EC_KEY_public_key(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) + WOLFSSL_EC_KEY* key = NULL; + WOLFSSL_EC_POINT* pub = NULL; + WOLFSSL_EC_POINT* point = NULL; + + ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + + ExpectNull(wolfSSL_EC_KEY_get0_public_key(NULL)); + ExpectNotNull(wolfSSL_EC_KEY_get0_public_key(key)); + + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), 1); + + ExpectNotNull(pub = wolfSSL_EC_KEY_get0_public_key(key)); + + ExpectIntEQ(wolfSSL_EC_KEY_set_public_key(NULL, NULL), 0); + ExpectIntEQ(wolfSSL_EC_KEY_set_public_key(key, NULL), 0); + ExpectIntEQ(wolfSSL_EC_KEY_set_public_key(NULL, pub), 0); + + ExpectIntEQ(wolfSSL_EC_KEY_set_public_key(key, pub), 1); + ExpectNotNull(point = wolfSSL_EC_KEY_get0_public_key(key)); + ExpectPtrEq(point, pub); + + wolfSSL_EC_KEY_free(key); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EC_KEY_print_fp(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ECC) && ((defined(HAVE_ECC224) && defined(HAVE_ECC256)) || \ + defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 && \ + defined(OPENSSL_EXTRA) && defined(XFPRINTF) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) + EC_KEY* key = NULL; + + /* Bad file pointer. */ + ExpectIntEQ(wolfSSL_EC_KEY_print_fp(NULL, key, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + /* NULL key. */ + ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, NULL, 0), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectNotNull((key = wolfSSL_EC_KEY_new_by_curve_name(NID_secp224r1))); + /* Negative indent. */ + ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, -1), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS); + wolfSSL_EC_KEY_free(key); + + ExpectNotNull((key = wolfSSL_EC_KEY_new_by_curve_name( + NID_X9_62_prime256v1))); + ExpectIntEQ(wolfSSL_EC_KEY_generate_key(key), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_EC_KEY_print_fp(stderr, key, 4), WOLFSSL_SUCCESS); + wolfSSL_EC_KEY_free(key); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_EC_get_builtin_curves(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + EC_builtin_curve* curves = NULL; + size_t crv_len = 0; + size_t i = 0; + + ExpectIntGT((crv_len = EC_get_builtin_curves(NULL, 0)), 0); + ExpectNotNull(curves = (EC_builtin_curve*)XMALLOC( + sizeof(EC_builtin_curve) * crv_len, NULL, DYNAMIC_TYPE_TMP_BUFFER)); + + ExpectIntEQ((EC_get_builtin_curves(curves, 0)), crv_len); + ExpectIntEQ(EC_get_builtin_curves(curves, crv_len), crv_len); + + for (i = 0; EXPECT_SUCCESS() && (i < crv_len); i++) { + if (curves[i].comment != NULL) { + ExpectStrEQ(OBJ_nid2sn(curves[i].nid), curves[i].comment); + } + } + + if (crv_len > 1) { + ExpectIntEQ(EC_get_builtin_curves(curves, crv_len - 1), crv_len - 1); + } + + XFREE(curves, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* OPENSSL_EXTRA || OPENSSL_ALL */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_ECDSA_SIG(void) +{ + EXPECT_DECLS; +#ifdef OPENSSL_EXTRA + WOLFSSL_ECDSA_SIG* sig = NULL; + WOLFSSL_ECDSA_SIG* sig2 = NULL; + WOLFSSL_BIGNUM* r = NULL; + WOLFSSL_BIGNUM* s = NULL; + const WOLFSSL_BIGNUM* r2 = NULL; + const WOLFSSL_BIGNUM* s2 = NULL; + const unsigned char* cp = NULL; + unsigned char* p = NULL; + unsigned char outSig[8]; + unsigned char sigData[8] = + { 0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 }; + unsigned char sigDataBad[8] = + { 0x30, 0x07, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01 }; + + wolfSSL_ECDSA_SIG_free(NULL); + + ExpectNotNull(sig = wolfSSL_ECDSA_SIG_new()); + ExpectNotNull(r = wolfSSL_BN_new()); + ExpectNotNull(s = wolfSSL_BN_new()); + ExpectIntEQ(wolfSSL_BN_set_word(r, 1), 1); + ExpectIntEQ(wolfSSL_BN_set_word(s, 1), 1); + + wolfSSL_ECDSA_SIG_get0(NULL, NULL, NULL); + wolfSSL_ECDSA_SIG_get0(NULL, &r2, NULL); + wolfSSL_ECDSA_SIG_get0(NULL, NULL, &s2); + wolfSSL_ECDSA_SIG_get0(NULL, &r2, &s2); + ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(sig, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, r, NULL), 0); + ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, NULL, s), 0); + ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(NULL, r, s), 0); + ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(sig, NULL, s), 0); + ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(sig, r, NULL), 0); + + r2 = NULL; + s2 = NULL; + wolfSSL_ECDSA_SIG_get0(NULL, &r2, &s2); + ExpectNull(r2); + ExpectNull(s2); + ExpectIntEQ(wolfSSL_ECDSA_SIG_set0(sig, r, s), 1); + if (EXPECT_FAIL()) { + wolfSSL_BN_free(r); + wolfSSL_BN_free(s); + } + wolfSSL_ECDSA_SIG_get0(sig, &r2, &s2); + ExpectPtrEq(r2, r); + ExpectPtrEq(s2, s); + r2 = NULL; + wolfSSL_ECDSA_SIG_get0(sig, &r2, NULL); + ExpectPtrEq(r2, r); + s2 = NULL; + wolfSSL_ECDSA_SIG_get0(sig, NULL, &s2); + ExpectPtrEq(s2, s); + + /* r and s are freed when sig is freed. */ + wolfSSL_ECDSA_SIG_free(sig); + sig = NULL; + + ExpectNull(wolfSSL_d2i_ECDSA_SIG(NULL, NULL, sizeof(sigData))); + cp = sigDataBad; + ExpectNull(wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigDataBad))); + cp = sigData; + ExpectNotNull((sig = wolfSSL_d2i_ECDSA_SIG(NULL, &cp, sizeof(sigData)))); + ExpectIntEQ((cp == sigData + 8), 1); + cp = sigData; + ExpectNull(wolfSSL_d2i_ECDSA_SIG(&sig, NULL, sizeof(sigData))); + ExpectNotNull((sig2 = wolfSSL_d2i_ECDSA_SIG(&sig, &cp, sizeof(sigData)))); + ExpectIntEQ((sig == sig2), 1); + cp = outSig; + + p = outSig; + ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, &p), 0); + ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(NULL, NULL), 0); + ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, NULL), 8); + ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), sizeof(sigData)); + ExpectIntEQ((p == outSig + 8), 1); + ExpectIntEQ(XMEMCMP(sigData, outSig, 8), 0); + + p = NULL; + ExpectIntEQ(wolfSSL_i2d_ECDSA_SIG(sig, &p), 8); +#ifndef WOLFSSL_I2D_ECDSA_SIG_ALLOC + ExpectNull(p); +#else + ExpectNotNull(p); + ExpectIntEQ(XMEMCMP(p, outSig, 8), 0); + XFREE(p, NULL, DYNAMIC_TYPE_OPENSSL); +#endif + + wolfSSL_ECDSA_SIG_free(sig); +#endif + return EXPECT_RESULT(); +} + +int test_ECDSA_size_sign(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) + EC_KEY* key = NULL; + ECDSA_SIG* ecdsaSig = NULL; + int id; + byte hash[WC_MAX_DIGEST_SIZE]; + byte hash2[WC_MAX_DIGEST_SIZE]; + byte sig[ECC_MAX_SIG_SIZE]; + unsigned int sigSz = sizeof(sig); + + XMEMSET(hash, 123, sizeof(hash)); + XMEMSET(hash2, 234, sizeof(hash2)); + + id = wc_ecc_get_curve_id_from_name("SECP256R1"); + ExpectIntEQ(id, ECC_SECP256R1); + + ExpectNotNull(key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + ExpectIntEQ(EC_KEY_generate_key(key), 1); + + ExpectIntGE(ECDSA_size(NULL), 0); + + ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, NULL), 0); + ExpectIntEQ(ECDSA_sign(0, NULL, sizeof(hash), sig, &sigSz, key), 0); + ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), NULL, &sigSz, key), 0); + ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, (int)sigSz, NULL), 0); + ExpectIntEQ(ECDSA_verify(0, NULL, sizeof(hash), sig, (int)sigSz, key), 0); + ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), NULL, (int)sigSz, key), 0); + + ExpectIntEQ(ECDSA_sign(0, hash, sizeof(hash), sig, &sigSz, key), 1); + ExpectIntGE(ECDSA_size(key), sigSz); + ExpectIntEQ(ECDSA_verify(0, hash, sizeof(hash), sig, (int)sigSz, key), 1); + ExpectIntEQ(ECDSA_verify(0, hash2, sizeof(hash2), sig, (int)sigSz, key), 0); + + ExpectNull(ECDSA_do_sign(NULL, sizeof(hash), NULL)); + ExpectNull(ECDSA_do_sign(NULL, sizeof(hash), key)); + ExpectNull(ECDSA_do_sign(hash, sizeof(hash), NULL)); + ExpectNotNull(ecdsaSig = ECDSA_do_sign(hash, sizeof(hash), key)); + ExpectIntEQ(ECDSA_do_verify(NULL, sizeof(hash), NULL, NULL), -1); + ExpectIntEQ(ECDSA_do_verify(hash, sizeof(hash), NULL, NULL), -1); + ExpectIntEQ(ECDSA_do_verify(NULL, sizeof(hash), ecdsaSig, NULL), -1); + ExpectIntEQ(ECDSA_do_verify(NULL, sizeof(hash), NULL, key), -1); + ExpectIntEQ(ECDSA_do_verify(NULL, sizeof(hash), ecdsaSig, key), -1); + ExpectIntEQ(ECDSA_do_verify(hash, sizeof(hash), NULL, key), -1); + ExpectIntEQ(ECDSA_do_verify(hash, sizeof(hash), ecdsaSig, NULL), -1); + ExpectIntEQ(ECDSA_do_verify(hash, sizeof(hash), ecdsaSig, key), 1); + ExpectIntEQ(ECDSA_do_verify(hash2, sizeof(hash2), ecdsaSig, key), 0); + ECDSA_SIG_free(ecdsaSig); + + EC_KEY_free(key); +#endif /* OPENSSL_EXTRA && !NO_ECC256 && !NO_ECC_SECP */ + return EXPECT_RESULT(); +} + +int test_ECDH_compute_key(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_ECC256) && !defined(NO_ECC_SECP) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) + EC_KEY* key1 = NULL; + EC_KEY* key2 = NULL; + EC_POINT* pub1 = NULL; + EC_POINT* pub2 = NULL; + byte secret1[32]; + byte secret2[32]; + int i; + + ExpectNotNull(key1 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + ExpectIntEQ(EC_KEY_generate_key(key1), 1); + ExpectNotNull(pub1 = wolfSSL_EC_KEY_get0_public_key(key1)); + ExpectNotNull(key2 = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); + ExpectIntEQ(EC_KEY_generate_key(key2), 1); + ExpectNotNull(pub2 = wolfSSL_EC_KEY_get0_public_key(key2)); + + ExpectIntEQ(ECDH_compute_key(NULL, sizeof(secret1), NULL, NULL, NULL), 0); + ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1), NULL, NULL, NULL), + 0); + ExpectIntEQ(ECDH_compute_key(NULL, sizeof(secret1), pub2, NULL, NULL), 0); + ExpectIntEQ(ECDH_compute_key(NULL, sizeof(secret1), NULL, key1, NULL), 0); + ExpectIntEQ(ECDH_compute_key(NULL, sizeof(secret1), pub2, key1, NULL), 0); + ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1), NULL, key1, NULL), + 0); + ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1), pub2, NULL, NULL), + 0); + + ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1) - 16, pub2, key1, + NULL), 0); + + ExpectIntEQ(ECDH_compute_key(secret1, sizeof(secret1), pub2, key1, NULL), + sizeof(secret1)); + ExpectIntEQ(ECDH_compute_key(secret2, sizeof(secret2), pub1, key2, NULL), + sizeof(secret2)); + + for (i = 0; i < (int)sizeof(secret1); i++) { + ExpectIntEQ(secret1[i], secret2[i]); + } + + EC_KEY_free(key2); + EC_KEY_free(key1); +#endif /* OPENSSL_EXTRA && !NO_ECC256 && !NO_ECC_SECP && + * !WOLF_CRYPTO_CB_ONLY_ECC */ + return EXPECT_RESULT(); +} + +#endif /* HAVE_ECC && !OPENSSL_NO_PK */ + + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_ec.h b/test/ssl/wolfssl/tests/api/test_ossl_ec.h new file mode 100644 index 000000000..c577e322a --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_ec.h @@ -0,0 +1,72 @@ +/* test_ossl_ec.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_EC_H +#define WOLFCRYPT_TEST_OSSL_EC_H + +#include + +#if defined(HAVE_ECC) && !defined(OPENSSL_NO_PK) + +int test_wolfSSL_EC_GROUP(void); +int test_wolfSSL_PEM_read_bio_ECPKParameters(void); +int test_wolfSSL_i2d_ECPKParameters(void); +int test_wolfSSL_EC_POINT(void); +int test_wolfSSL_SPAKE(void); +int test_wolfSSL_EC_KEY_generate(void); +int test_EC_i2d(void); +int test_wolfSSL_EC_curve(void); +int test_wolfSSL_EC_KEY_dup(void); +int test_wolfSSL_EC_KEY_set_group(void); +int test_wolfSSL_EC_KEY_set_conv_form(void); +int test_wolfSSL_EC_KEY_private_key(void); +int test_wolfSSL_EC_KEY_public_key(void); +int test_wolfSSL_EC_KEY_print_fp(void); +int test_wolfSSL_EC_get_builtin_curves(void); +int test_wolfSSL_ECDSA_SIG(void); +int test_ECDSA_size_sign(void); +int test_ECDH_compute_key(void); + + +#define TEST_OSSL_EC_DECLS \ + TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_GROUP), \ + TEST_DECL_GROUP("ossl_ec", test_wolfSSL_PEM_read_bio_ECPKParameters), \ + TEST_DECL_GROUP("ossl_ec", test_wolfSSL_i2d_ECPKParameters), \ + TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_POINT), \ + TEST_DECL_GROUP("ossl_ec", test_wolfSSL_SPAKE), \ + TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_KEY_generate), \ + TEST_DECL_GROUP("ossl_ec", test_EC_i2d), \ + TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_curve), \ + TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_KEY_dup), \ + TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_KEY_set_group), \ + TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_KEY_set_conv_form), \ + TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_KEY_private_key), \ + TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_KEY_public_key), \ + TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_KEY_print_fp), \ + TEST_DECL_GROUP("ossl_ec", test_wolfSSL_EC_get_builtin_curves), \ + TEST_DECL_GROUP("ossl_ec", test_wolfSSL_ECDSA_SIG), \ + TEST_DECL_GROUP("ossl_ec", test_ECDSA_size_sign), \ + TEST_DECL_GROUP("ossl_ec", test_ECDH_compute_key) + +#endif + +#endif /* WOLFCRYPT_TEST_OSSL_EC_H */ + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_ecx.c b/test/ssl/wolfssl/tests/api/test_ossl_ecx.c new file mode 100644 index 000000000..b86a09ce7 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_ecx.c @@ -0,0 +1,445 @@ +/* test_ossl_ecx.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +/******************************************************************************* + * ECX OpenSSL compatibility API Testing + ******************************************************************************/ + +#ifdef OPENSSL_EXTRA +int test_EC25519(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE25519) && defined(WOLFSSL_KEY_GEN) + byte priv[CURVE25519_KEYSIZE]; + unsigned int privSz = CURVE25519_KEYSIZE; + byte pub[CURVE25519_KEYSIZE]; + unsigned int pubSz = CURVE25519_KEYSIZE; + byte priv2[CURVE25519_KEYSIZE]; + unsigned int priv2Sz = CURVE25519_KEYSIZE; + byte pub2[CURVE25519_KEYSIZE]; + unsigned int pub2Sz = CURVE25519_KEYSIZE; + byte shared[CURVE25519_KEYSIZE]; + unsigned int sharedSz = CURVE25519_KEYSIZE; + byte shared2[CURVE25519_KEYSIZE]; + unsigned int shared2Sz = CURVE25519_KEYSIZE; + + /* Bad parameter testing of key generation. */ + ExpectIntEQ(wolfSSL_EC25519_generate_key(NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_EC25519_generate_key(NULL, &privSz, NULL, &pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_generate_key(NULL, &privSz, pub, &pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, NULL, pub, &pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, NULL, &pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, NULL), 0); + /* Bad length */ + privSz = 1; + ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, &pubSz), 0); + privSz = CURVE25519_KEYSIZE; + pubSz = 1; + ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, &pubSz), 0); + pubSz = CURVE25519_KEYSIZE; + + /* Good case of generating key. */ + ExpectIntEQ(wolfSSL_EC25519_generate_key(priv, &privSz, pub, &pubSz), 1); + ExpectIntEQ(wolfSSL_EC25519_generate_key(priv2, &priv2Sz, pub2, &pub2Sz), + 1); + ExpectIntEQ(privSz, CURVE25519_KEYSIZE); + ExpectIntEQ(pubSz, CURVE25519_KEYSIZE); + + /* Bad parameter testing of shared key. */ + ExpectIntEQ(wolfSSL_EC25519_shared_key( NULL, NULL, NULL, privSz, + NULL, pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_shared_key( NULL, &sharedSz, NULL, privSz, + NULL, pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_shared_key( NULL, &sharedSz, priv, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, NULL, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz, + NULL, pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_shared_key( NULL, &sharedSz, priv, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, NULL, priv, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, NULL, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz, + NULL, pubSz), 0); + /* Bad length. */ + sharedSz = 1; + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz, + pub, pubSz), 0); + sharedSz = CURVE25519_KEYSIZE; + privSz = 1; + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz, + pub, pubSz), 0); + privSz = CURVE25519_KEYSIZE; + pubSz = 1; + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz, + pub, pubSz), 0); + pubSz = CURVE25519_KEYSIZE; + + /* Good case of shared key. */ + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared, &sharedSz, priv, privSz, + pub2, pub2Sz), 1); + ExpectIntEQ(wolfSSL_EC25519_shared_key(shared2, &shared2Sz, priv2, priv2Sz, + pub, pubSz), 1); + ExpectIntEQ(sharedSz, CURVE25519_KEYSIZE); + ExpectIntEQ(shared2Sz, CURVE25519_KEYSIZE); + ExpectIntEQ(XMEMCMP(shared, shared2, sharedSz), 0); +#endif /* HAVE_CURVE25519 && WOLFSSL_KEY_GEN */ + return EXPECT_RESULT(); +} + +int test_ED25519(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED25519) && defined(HAVE_ED25519_KEY_EXPORT) && \ + defined(WOLFSSL_KEY_GEN) + byte priv[ED25519_PRV_KEY_SIZE]; + unsigned int privSz = (unsigned int)sizeof(priv); + byte pub[ED25519_PUB_KEY_SIZE]; + unsigned int pubSz = (unsigned int)sizeof(pub); +#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT) + const char* msg = TEST_STRING; + unsigned int msglen = (unsigned int)TEST_STRING_SZ; + byte sig[ED25519_SIG_SIZE]; + unsigned int sigSz = (unsigned int)sizeof(sig); +#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */ + + /* Bad parameter testing of key generation. */ + ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL, &privSz, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL, NULL, pub, NULL), 0); + ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL, NULL, NULL, &pubSz), 0); + ExpectIntEQ(wolfSSL_ED25519_generate_key(NULL, &privSz, pub, &pubSz), 0); + ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, NULL, pub, &pubSz), 0); + ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, NULL, &pubSz), 0); + ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, NULL), 0); + /* Bad length. */ + privSz = 1; + ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz), 0); + privSz = ED25519_PRV_KEY_SIZE; + pubSz = 1; + ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz), 0); + pubSz = ED25519_PUB_KEY_SIZE; + + /* Good case of generating key. */ + ExpectIntEQ(wolfSSL_ED25519_generate_key(priv, &privSz, pub, &pubSz), + 1); + ExpectIntEQ(privSz, ED25519_PRV_KEY_SIZE); + ExpectIntEQ(pubSz, ED25519_PUB_KEY_SIZE); + +#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_IMPORT) + /* Bad parameter testing of signing. */ + ExpectIntEQ(wolfSSL_ED25519_sign( NULL, msglen, NULL, privSz, NULL, + NULL), 0); + ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, NULL, privSz, NULL, + NULL), 0); + ExpectIntEQ(wolfSSL_ED25519_sign( NULL, msglen, priv, privSz, NULL, + NULL), 0); + ExpectIntEQ(wolfSSL_ED25519_sign( NULL, msglen, NULL, privSz, sig, + NULL), 0); + ExpectIntEQ(wolfSSL_ED25519_sign( NULL, msglen, NULL, privSz, NULL, + &sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_sign( NULL, msglen, priv, privSz, sig, + &sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, NULL, privSz, sig, + &sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, NULL, + &sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig, + NULL), 0); + /* Bad length. */ + privSz = 1; + ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig, + &sigSz), 0); + privSz = ED25519_PRV_KEY_SIZE; + sigSz = 1; + ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig, + &sigSz), 0); + sigSz = ED25519_SIG_SIZE; + + /* Good case of signing. */ + ExpectIntEQ(wolfSSL_ED25519_sign((byte*)msg, msglen, priv, privSz, sig, + &sigSz), 1); + ExpectIntEQ(sigSz, ED25519_SIG_SIZE); + +#ifdef HAVE_ED25519_VERIFY + /* Bad parameter testing of verification. */ + ExpectIntEQ(wolfSSL_ED25519_verify( NULL, msglen, NULL, pubSz, NULL, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, NULL, pubSz, NULL, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_verify( NULL, msglen, pub, pubSz, NULL, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_verify( NULL, msglen, NULL, pubSz, sig, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_verify( NULL, msglen, pub, pubSz, sig, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, NULL, pubSz, sig, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, NULL, + sigSz), 0); + /* Bad length. */ + pubSz = 1; + ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig, + sigSz), 0); + pubSz = ED25519_PUB_KEY_SIZE; + sigSz = 1; + ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig, + sigSz), 0); + sigSz = ED25519_SIG_SIZE; + + /* Good case of verification. */ + ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig, + sigSz), 1); + /* Bad signature. */ + if (EXPECT_SUCCESS()) { + sig[1] ^= 0x80; + } + ExpectIntEQ(wolfSSL_ED25519_verify((byte*)msg, msglen, pub, pubSz, sig, + sigSz), 0); +#endif /* HAVE_ED25519_VERIFY */ +#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_IMPORT */ +#endif /* HAVE_ED25519 && HAVE_ED25519_KEY_EXPORT && WOLFSSL_KEY_GEN */ + return EXPECT_RESULT(); +} + +int test_EC448(void) +{ + EXPECT_DECLS; +#if defined(HAVE_CURVE448) && defined(WOLFSSL_KEY_GEN) + byte priv[CURVE448_KEY_SIZE]; + unsigned int privSz = CURVE448_KEY_SIZE; + byte pub[CURVE448_KEY_SIZE]; + unsigned int pubSz = CURVE448_KEY_SIZE; + byte priv2[CURVE448_KEY_SIZE]; + unsigned int priv2Sz = CURVE448_KEY_SIZE; + byte pub2[CURVE448_KEY_SIZE]; + unsigned int pub2Sz = CURVE448_KEY_SIZE; + byte shared[CURVE448_KEY_SIZE]; + unsigned int sharedSz = CURVE448_KEY_SIZE; + byte shared2[CURVE448_KEY_SIZE]; + unsigned int shared2Sz = CURVE448_KEY_SIZE; + + /* Bad parameter testing of key generation. */ + ExpectIntEQ(wolfSSL_EC448_generate_key(NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_EC448_generate_key(NULL, &privSz, NULL, &pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_generate_key(NULL, &privSz, pub, &pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_generate_key(priv, NULL, pub, &pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, NULL, &pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, NULL), 0); + /* Bad length. */ + privSz = 1; + ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, &pubSz), 0); + privSz = CURVE448_KEY_SIZE; + pubSz = 1; + ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, &pubSz), 0); + pubSz = CURVE448_KEY_SIZE; + + /* Good case of generating key. */ + ExpectIntEQ(wolfSSL_EC448_generate_key(priv, &privSz, pub, &pubSz), 1); + ExpectIntEQ(wolfSSL_EC448_generate_key(priv2, &priv2Sz, pub2, &pub2Sz), 1); + ExpectIntEQ(privSz, CURVE448_KEY_SIZE); + ExpectIntEQ(pubSz, CURVE448_KEY_SIZE); + + /* Bad parameter testing of shared key. */ + ExpectIntEQ(wolfSSL_EC448_shared_key( NULL, NULL, NULL, privSz, + NULL, pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_shared_key( NULL, &sharedSz, NULL, privSz, + NULL, pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_shared_key( NULL, &sharedSz, priv, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, NULL, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz, + NULL, pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_shared_key( NULL, &sharedSz, priv, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, NULL, priv, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, NULL, privSz, + pub, pubSz), 0); + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz, + NULL, pubSz), 0); + /* Bad length. */ + sharedSz = 1; + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz, + pub, pubSz), 0); + sharedSz = CURVE448_KEY_SIZE; + privSz = 1; + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz, + pub, pubSz), 0); + privSz = CURVE448_KEY_SIZE; + pubSz = 1; + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz, + pub, pubSz), 0); + pubSz = CURVE448_KEY_SIZE; + + /* Good case of shared key. */ + ExpectIntEQ(wolfSSL_EC448_shared_key(shared, &sharedSz, priv, privSz, + pub2, pub2Sz), 1); + ExpectIntEQ(wolfSSL_EC448_shared_key(shared2, &shared2Sz, priv2, priv2Sz, + pub, pubSz), 1); + ExpectIntEQ(sharedSz, CURVE448_KEY_SIZE); + ExpectIntEQ(shared2Sz, CURVE448_KEY_SIZE); + ExpectIntEQ(XMEMCMP(shared, shared2, sharedSz), 0); +#endif /* HAVE_CURVE448 && WOLFSSL_KEY_GEN */ + return EXPECT_RESULT(); +} + +int test_ED448(void) +{ + EXPECT_DECLS; +#if defined(HAVE_ED448) && defined(HAVE_ED448_KEY_EXPORT) && \ + defined(WOLFSSL_KEY_GEN) + byte priv[ED448_PRV_KEY_SIZE]; + unsigned int privSz = (unsigned int)sizeof(priv); + byte pub[ED448_PUB_KEY_SIZE]; + unsigned int pubSz = (unsigned int)sizeof(pub); +#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT) + const char* msg = TEST_STRING; + unsigned int msglen = (unsigned int)TEST_STRING_SZ; + byte sig[ED448_SIG_SIZE]; + unsigned int sigSz = (unsigned int)sizeof(sig); +#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */ + + /* Bad parameter testing of key generation. */ + ExpectIntEQ(wolfSSL_ED448_generate_key(NULL, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ED448_generate_key(priv, NULL, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ED448_generate_key(NULL, &privSz, NULL, NULL), 0); + ExpectIntEQ(wolfSSL_ED448_generate_key(NULL, NULL, pub, NULL), 0); + ExpectIntEQ(wolfSSL_ED448_generate_key(NULL, NULL, NULL, &pubSz), 0); + ExpectIntEQ(wolfSSL_ED448_generate_key(NULL, &privSz, pub, &pubSz), 0); + ExpectIntEQ(wolfSSL_ED448_generate_key(priv, NULL, pub, &pubSz), 0); + ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, NULL, &pubSz), 0); + ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, NULL), 0); + /* Bad length. */ + privSz = 1; + ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), 0); + privSz = ED448_PRV_KEY_SIZE; + pubSz = 1; + ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), 0); + pubSz = ED448_PUB_KEY_SIZE; + + /* Good case of generating key. */ + ExpectIntEQ(wolfSSL_ED448_generate_key(priv, &privSz, pub, &pubSz), 1); + ExpectIntEQ(privSz, ED448_PRV_KEY_SIZE); + ExpectIntEQ(pubSz, ED448_PUB_KEY_SIZE); + +#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_IMPORT) + /* Bad parameter testing of signing. */ + ExpectIntEQ(wolfSSL_ED448_sign( NULL, msglen, NULL, privSz, NULL, + NULL), 0); + ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, NULL, privSz, NULL, + NULL), 0); + ExpectIntEQ(wolfSSL_ED448_sign( NULL, msglen, priv, privSz, NULL, + NULL), 0); + ExpectIntEQ(wolfSSL_ED448_sign( NULL, msglen, NULL, privSz, sig, + NULL), 0); + ExpectIntEQ(wolfSSL_ED448_sign( NULL, msglen, NULL, privSz, NULL, + &sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_sign( NULL, msglen, priv, privSz, sig, + &sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, NULL, privSz, sig, + &sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, NULL, + &sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig, + NULL), 0); + /* Bad length. */ + privSz = 1; + ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig, + &sigSz), 0); + privSz = ED448_PRV_KEY_SIZE; + sigSz = 1; + ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig, + &sigSz), 0); + sigSz = ED448_SIG_SIZE; + + /* Good case of signing. */ + ExpectIntEQ(wolfSSL_ED448_sign((byte*)msg, msglen, priv, privSz, sig, + &sigSz), 1); + ExpectIntEQ(sigSz, ED448_SIG_SIZE); + +#ifdef HAVE_ED448_VERIFY + /* Bad parameter testing of verification. */ + ExpectIntEQ(wolfSSL_ED448_verify( NULL, msglen, NULL, pubSz, NULL, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, NULL, pubSz, NULL, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_verify( NULL, msglen, pub, pubSz, NULL, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_verify( NULL, msglen, NULL, pubSz, sig, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_verify( NULL, msglen, pub, pubSz, sig, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, NULL, pubSz, sig, + sigSz), 0); + ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, NULL, + sigSz), 0); + /* Bad length. */ + pubSz = 1; + ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig, + sigSz), 0); + pubSz = ED448_PUB_KEY_SIZE; + sigSz = 1; + ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig, + sigSz), 0); + sigSz = ED448_SIG_SIZE; + + /* Good case of verification. */ + ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig, + sigSz), 1); + /* Bad signature. */ + if (EXPECT_SUCCESS()) { + sig[1] ^= 0x80; + } + ExpectIntEQ(wolfSSL_ED448_verify((byte*)msg, msglen, pub, pubSz, sig, + sigSz), 0); +#endif /* HAVE_ED448_VERIFY */ +#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_IMPORT */ +#endif /* HAVE_ED448 && HAVE_ED448_KEY_EXPORT && WOLFSSL_KEY_GEN */ + return EXPECT_RESULT(); +} +#endif /* OPENSSL_EXTRA */ + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_ecx.h b/test/ssl/wolfssl/tests/api/test_ossl_ecx.h new file mode 100644 index 000000000..6187138f9 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_ecx.h @@ -0,0 +1,43 @@ +/* test_ossl_ecx.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_ECX_H +#define WOLFCRYPT_TEST_OSSL_ECX_H + +#include + +#ifdef OPENSSL_EXTRA + +int test_EC25519(void); +int test_ED25519(void); +int test_EC448(void); +int test_ED448(void); + +#define TEST_OSSL_ECX_DECLS \ + TEST_DECL_GROUP("ossl_ecx", test_EC25519), \ + TEST_DECL_GROUP("ossl_ecx", test_ED25519), \ + TEST_DECL_GROUP("ossl_ecx", test_EC448), \ + TEST_DECL_GROUP("ossl_ecx", test_ED448) + +#endif + +#endif /* WOLFCRYPT_TEST_OSSL_ECX_H */ + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_mac.c b/test/ssl/wolfssl/tests/api/test_ossl_mac.c new file mode 100644 index 000000000..c28d7f1b6 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_mac.c @@ -0,0 +1,525 @@ +/* test_ossl_mac.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/******************************************************************************* + * MAC OpenSSL compatibility API Testing + ******************************************************************************/ + +#if defined(OPENSSL_EXTRA) && !defined(NO_HMAC) +/* helper function for test_wolfSSL_HMAC_CTX, digest size is expected to be a + * buffer of 64 bytes. + * + * returns the size of the digest buffer on success and a negative value on + * failure. + */ +static int test_HMAC_CTX_helper(const EVP_MD* type, unsigned char* digest, + int* sz) +{ + EXPECT_DECLS; + HMAC_CTX ctx1; + HMAC_CTX ctx2; + + unsigned char key[] = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b"; + unsigned char long_key[] = + "0123456789012345678901234567890123456789" + "0123456789012345678901234567890123456789" + "0123456789012345678901234567890123456789" + "0123456789012345678901234567890123456789"; + + unsigned char msg[] = "message to hash"; + unsigned int digestSz = 64; + int keySz = sizeof(key); + int long_keySz = sizeof(long_key); + int msgSz = sizeof(msg); + + unsigned char digest2[64]; + unsigned int digestSz2 = 64; + + HMAC_CTX_init(&ctx1); + HMAC_CTX_init(&ctx2); + + ExpectIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS); + ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS); + + ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS); + HMAC_CTX_cleanup(&ctx1); + + ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_Final(&ctx2, digest2, &digestSz2), SSL_SUCCESS); + HMAC_CTX_cleanup(&ctx2); + + ExpectIntEQ(digestSz, digestSz2); + ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0); + + /* test HMAC_Init with NULL key */ + + /* init after copy */ + HMAC_CTX_init(&ctx1); + ExpectIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS); + ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS); + + ExpectIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS); + ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS); + HMAC_CTX_cleanup(&ctx1); + + ExpectIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS); + ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS); + HMAC_CTX_cleanup(&ctx2); + + ExpectIntEQ(digestSz, digestSz2); + ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0); + + /* long key */ + HMAC_CTX_init(&ctx1); + ExpectIntEQ(HMAC_Init(&ctx1, (const void*)long_key, long_keySz, type), + SSL_SUCCESS); + ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS); + + ExpectIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS); + ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS); + HMAC_CTX_cleanup(&ctx1); + + ExpectIntEQ(HMAC_Init(&ctx2, NULL, 0, NULL), SSL_SUCCESS); + ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS); + HMAC_CTX_cleanup(&ctx2); + + ExpectIntEQ(digestSz, digestSz2); + ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0); + + /* init before copy */ + HMAC_CTX_init(&ctx1); + ExpectIntEQ(HMAC_Init(&ctx1, (const void*)key, keySz, type), SSL_SUCCESS); + ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_Init(&ctx1, NULL, 0, NULL), SSL_SUCCESS); + ExpectIntEQ(HMAC_CTX_copy(&ctx2, &ctx1), SSL_SUCCESS); + + ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_Update(&ctx1, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_Final(&ctx1, digest, &digestSz), SSL_SUCCESS); + HMAC_CTX_cleanup(&ctx1); + + ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_Update(&ctx2, msg, msgSz), SSL_SUCCESS); + ExpectIntEQ(HMAC_Final(&ctx2, digest2, &digestSz), SSL_SUCCESS); + HMAC_CTX_cleanup(&ctx2); + + ExpectIntEQ(digestSz, digestSz2); + ExpectIntEQ(XMEMCMP(digest, digest2, digestSz), 0); + + *sz = (int)digestSz; + return EXPECT_RESULT(); +} +#endif /* defined(OPENSSL_EXTRA) && !defined(NO_HMAC) */ + +int test_wolfSSL_HMAC_CTX(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_HMAC) + unsigned char digest[64]; + int digestSz; + WOLFSSL_HMAC_CTX* hmac_ctx = NULL; + WOLFSSL_HMAC_CTX ctx1; + WOLFSSL_HMAC_CTX ctx2; + + ExpectNotNull(hmac_ctx = wolfSSL_HMAC_CTX_new()); + ExpectIntEQ(wolfSSL_HMAC_CTX_Init(NULL), 1); + ExpectIntEQ(wolfSSL_HMAC_CTX_Init(hmac_ctx), 1); + wolfSSL_HMAC_CTX_free(NULL); + wolfSSL_HMAC_CTX_free(hmac_ctx); + + XMEMSET(&ctx2, 0, sizeof(WOLFSSL_HMAC_CTX)); + ExpectIntEQ(HMAC_CTX_init(NULL), 1); + ExpectIntEQ(HMAC_CTX_init(&ctx2), 1); + ExpectIntEQ(HMAC_CTX_copy(NULL, NULL), 0); + ExpectIntEQ(HMAC_CTX_copy(NULL, &ctx2), 0); + ExpectIntEQ(HMAC_CTX_copy(&ctx2, NULL), 0); +#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && \ + ((! defined(HAVE_FIPS_VERSION)) || \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2))) + /* Copy object that hasn't had a digest set - MD5. */ + ExpectIntEQ(HMAC_CTX_copy(&ctx1, &ctx2), 1); +#else + /* Copy object that hasn't had a digest set. */ + ExpectIntEQ(HMAC_CTX_copy(&ctx1, &ctx2), 0); +#endif + HMAC_CTX_cleanup(NULL); + HMAC_CTX_cleanup(&ctx2); + + ExpectNull(HMAC_CTX_get_md(NULL)); + + #ifndef NO_SHA + ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha1(), digest, &digestSz)), + TEST_SUCCESS); + ExpectIntEQ(digestSz, 20); + ExpectIntEQ(XMEMCMP("\xD9\x68\x77\x23\x70\xFB\x53\x70\x53\xBA\x0E\xDC\xDA" + "\xBF\x03\x98\x31\x19\xB2\xCC", digest, digestSz), 0); + #endif /* !NO_SHA */ + #ifdef WOLFSSL_SHA224 + ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha224(), digest, &digestSz)), + TEST_SUCCESS); + ExpectIntEQ(digestSz, 28); + ExpectIntEQ(XMEMCMP("\x57\xFD\xF4\xE1\x2D\xB0\x79\xD7\x4B\x25\x7E\xB1\x95" + "\x9C\x11\xAC\x2D\x1E\x78\x94\x4F\x3A\x0F\xED\xF8\xAD" + "\x02\x0E", digest, digestSz), 0); + #endif /* WOLFSSL_SHA224 */ + #ifndef NO_SHA256 + ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha256(), digest, &digestSz)), + TEST_SUCCESS); + ExpectIntEQ(digestSz, 32); + ExpectIntEQ(XMEMCMP("\x13\xAB\x76\x91\x0C\x37\x86\x8D\xB3\x7E\x30\x0C\xFC" + "\xB0\x2E\x8E\x4A\xD7\xD4\x25\xCC\x3A\xA9\x0F\xA2\xF2" + "\x47\x1E\x62\x6F\x5D\xF2", digest, digestSz), 0); + #endif /* !NO_SHA256 */ + + #ifdef WOLFSSL_SHA384 + ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha384(), digest, &digestSz)), + TEST_SUCCESS); + ExpectIntEQ(digestSz, 48); + ExpectIntEQ(XMEMCMP("\x9E\xCB\x07\x0C\x11\x76\x3F\x23\xC3\x25\x0E\xC4\xB7" + "\x28\x77\x95\x99\xD5\x9D\x7A\xBB\x1A\x9F\xB7\xFD\x25" + "\xC9\x72\x47\x9F\x8F\x86\x76\xD6\x20\x57\x87\xB7\xE7" + "\xCD\xFB\xC2\xCC\x9F\x2B\xC5\x41\xAB", + digest, digestSz), 0); + #endif /* WOLFSSL_SHA384 */ + #ifdef WOLFSSL_SHA512 + ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha512(), digest, &digestSz)), + TEST_SUCCESS); + ExpectIntEQ(digestSz, 64); + ExpectIntEQ(XMEMCMP("\xD4\x21\x0C\x8B\x60\x6F\xF4\xBF\x07\x2F\x26\xCC\xAD" + "\xBC\x06\x0B\x34\x78\x8B\x4F\xD6\xC0\x42\xF1\x33\x10" + "\x6C\x4F\x1E\x55\x59\xDD\x2A\x9F\x15\x88\x62\xF8\x60" + "\xA3\x99\x91\xE2\x08\x7B\xF7\x95\x3A\xB0\x92\x48\x60" + "\x88\x8B\x5B\xB8\x5F\xE9\xB6\xB1\x96\xE3\xB5\xF0", + digest, digestSz), 0); + #endif /* WOLFSSL_SHA512 */ + +#ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha3_224(), digest, &digestSz)), + TEST_SUCCESS); + ExpectIntEQ(digestSz, 28); + ExpectIntEQ(XMEMCMP("\xdc\x53\x25\x3f\xc0\x9d\x2b\x0c\x7f\x59\x11\x17\x08" + "\x5c\xe8\x43\x31\x01\x5a\xb3\xe3\x08\x37\x71\x26\x0b" + "\x29\x0f", digest, digestSz), 0); + #endif + #ifndef WOLFSSL_NOSHA3_256 + ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha3_256(), digest, &digestSz)), + TEST_SUCCESS); + ExpectIntEQ(digestSz, 32); + ExpectIntEQ(XMEMCMP("\x0f\x00\x89\x82\x15\xce\xd6\x45\x01\x83\xce\xc8\x35" + "\xab\x71\x07\xc9\xfe\x61\x22\x38\xf9\x09\xad\x35\x65" + "\x43\x77\x24\xd4\x1e\xf4", digest, digestSz), 0); + #endif + #ifndef WOLFSSL_NOSHA3_384 + ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha3_384(), digest, &digestSz)), + TEST_SUCCESS); + ExpectIntEQ(digestSz, 48); + ExpectIntEQ(XMEMCMP("\x0f\x6a\xc0\xfb\xc3\xf2\x80\xb1\xb4\x04\xb6\xc8\x45" + "\x23\x3b\xb4\xbe\xc6\xea\x85\x07\xca\x8c\x71\xbb\x6e" + "\x79\xf6\xf9\x2b\x98\xf5\xef\x11\x39\xd4\x5d\xd3\xca" + "\xc0\xe6\x81\xf7\x73\xf9\x85\x5d\x4f", + digest, digestSz), 0); + #endif + #ifndef WOLFSSL_NOSHA3_512 + ExpectIntEQ((test_HMAC_CTX_helper(EVP_sha3_512(), digest, &digestSz)), + TEST_SUCCESS); + ExpectIntEQ(digestSz, 64); + ExpectIntEQ(XMEMCMP("\x3e\x77\xe3\x59\x42\x89\xed\xc3\xa4\x26\x3d\xa4\x75" + "\xd2\x84\x8c\xb2\xf3\x25\x04\x47\x61\xce\x1c\x42\x86" + "\xcd\xf4\x56\xaa\x2f\x84\xb1\x3b\x18\xed\xe6\xd6\x48" + "\x15\xb0\x29\xc5\x9d\x32\xef\xdd\x3e\x09\xf6\xed\x9e" + "\x70\xbc\x1c\x63\xf7\x3b\x3e\xe1\xdc\x84\x9c\x1c", + digest, digestSz), 0); + #endif +#endif + + #if !defined(NO_MD5) && (!defined(HAVE_FIPS_VERSION) || \ + HAVE_FIPS_VERSION <= 2) + ExpectIntEQ((test_HMAC_CTX_helper(EVP_md5(), digest, &digestSz)), + TEST_SUCCESS); + ExpectIntEQ(digestSz, 16); + ExpectIntEQ(XMEMCMP("\xB7\x27\xC4\x41\xE5\x2E\x62\xBA\x54\xED\x72\x70\x9F" + "\xE4\x98\xDD", digest, digestSz), 0); + #endif /* !NO_MD5 */ +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \ + defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \ + defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3)) +static int test_openssl_hmac(const WOLFSSL_EVP_MD* md, int md_len) +{ + EXPECT_DECLS; + static const unsigned char key[] = "simple test key"; + HMAC_CTX* hmac = NULL; + ENGINE* e = NULL; + unsigned char hash[WC_MAX_DIGEST_SIZE]; + unsigned int len; + + ExpectNotNull(hmac = HMAC_CTX_new()); + HMAC_CTX_init(hmac); +#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && \ + ((! defined(HAVE_FIPS_VERSION)) || \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION <= 2))) + /* Get size on object that hasn't had a digest set - MD5. */ + ExpectIntEQ(HMAC_size(hmac), 16); + ExpectIntEQ(HMAC_Init(hmac, NULL, 0, NULL), 1); + ExpectIntEQ(HMAC_Init(hmac, (void*)key, (int)sizeof(key), NULL), 1); + ExpectIntEQ(HMAC_Init(hmac, NULL, 0, md), 1); +#else + ExpectIntEQ(HMAC_size(hmac), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(HMAC_Init(hmac, NULL, 0, NULL), 0); + ExpectIntEQ(HMAC_Init(hmac, (void*)key, (int)sizeof(key), NULL), 0); + ExpectIntEQ(HMAC_Init(hmac, NULL, 0, md), 0); +#endif + ExpectIntEQ(HMAC_Init_ex(NULL, (void*)key, (int)sizeof(key), md, e), 0); + ExpectIntEQ(HMAC_Init_ex(hmac, (void*)key, (int)sizeof(key), md, e), 1); + + /* reusing test key as data to hash */ + ExpectIntEQ(HMAC_Update(NULL, key, (int)sizeof(key)), 0); + ExpectIntEQ(HMAC_Update(hmac, key, (int)sizeof(key)), 1); + ExpectIntEQ(HMAC_Update(hmac, key, 0), 1); + ExpectIntEQ(HMAC_Update(hmac, NULL, 0), 1); + ExpectIntEQ(HMAC_Update(hmac, NULL, (int)sizeof(key)), 1); + ExpectIntEQ(HMAC_Final(NULL, NULL, &len), 0); + ExpectIntEQ(HMAC_Final(hmac, NULL, &len), 0); + ExpectIntEQ(HMAC_Final(NULL, hash, &len), 0); + ExpectIntEQ(HMAC_Final(hmac, hash, &len), 1); + ExpectIntEQ(HMAC_Final(hmac, hash, NULL), 1); + ExpectIntEQ(len, md_len); + ExpectIntEQ(HMAC_size(NULL), 0); + ExpectIntEQ(HMAC_size(hmac), md_len); + ExpectStrEQ(HMAC_CTX_get_md(hmac), md); + + HMAC_cleanup(NULL); + HMAC_cleanup(hmac); + HMAC_CTX_free(hmac); + + len = 0; + ExpectNull(HMAC(NULL, key, (int)sizeof(key), NULL, 0, hash, &len)); + ExpectNull(HMAC(md, NULL, (int)sizeof(key), NULL, 0, hash, &len)); + ExpectNull(HMAC(md, key, (int)sizeof(key), NULL, 0, NULL, &len)); + ExpectNotNull(HMAC(md, key, (int)sizeof(key), NULL, 0, hash, &len)); + ExpectIntEQ(len, md_len); + ExpectNotNull(HMAC(md, key, (int)sizeof(key), NULL, 0, hash, NULL)); + /* With data. */ + ExpectNotNull(HMAC(md, key, (int)sizeof(key), key, (int)sizeof(key), hash, + &len)); + /* With NULL data. */ + ExpectNull(HMAC(md, key, (int)sizeof(key), NULL, (int)sizeof(key), hash, + &len)); + /* With zero length data. */ + ExpectNotNull(HMAC(md, key, (int)sizeof(key), key, 0, hash, &len)); + + return EXPECT_RESULT(); +} +#endif + +int test_wolfSSL_HMAC(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && (!defined(NO_SHA256) || \ + defined(WOLFSSL_SHA224) || defined(WOLFSSL_SHA384) || \ + defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA3)) +#ifndef NO_SHA256 + ExpectIntEQ(test_openssl_hmac(EVP_sha256(), (int)WC_SHA256_DIGEST_SIZE), + TEST_SUCCESS); +#endif +#ifdef WOLFSSL_SHA224 + ExpectIntEQ(test_openssl_hmac(EVP_sha224(), (int)WC_SHA224_DIGEST_SIZE), + TEST_SUCCESS); +#endif +#ifdef WOLFSSL_SHA384 + ExpectIntEQ(test_openssl_hmac(EVP_sha384(), (int)WC_SHA384_DIGEST_SIZE), + TEST_SUCCESS); +#endif +#ifdef WOLFSSL_SHA512 + ExpectIntEQ(test_openssl_hmac(EVP_sha512(), (int)WC_SHA512_DIGEST_SIZE), + TEST_SUCCESS); +#endif +#ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + ExpectIntEQ(test_openssl_hmac(EVP_sha3_224(), + (int)WC_SHA3_224_DIGEST_SIZE), TEST_SUCCESS); + #endif + #ifndef WOLFSSL_NOSHA3_256 + ExpectIntEQ(test_openssl_hmac(EVP_sha3_256(), + (int)WC_SHA3_256_DIGEST_SIZE), TEST_SUCCESS); + #endif + #ifndef WOLFSSL_NOSHA3_384 + ExpectIntEQ(test_openssl_hmac(EVP_sha3_384(), + (int)WC_SHA3_384_DIGEST_SIZE), TEST_SUCCESS); + #endif + #ifndef WOLFSSL_NOSHA3_512 + ExpectIntEQ(test_openssl_hmac(EVP_sha3_512(), + (int)WC_SHA3_512_DIGEST_SIZE), TEST_SUCCESS); + #endif +#endif +#ifndef NO_SHA + ExpectIntEQ(test_openssl_hmac(EVP_sha1(), (int)WC_SHA_DIGEST_SIZE), + TEST_SUCCESS); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_CMAC(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_CMAC) && defined(OPENSSL_EXTRA) && \ + defined(WOLFSSL_AES_DIRECT) + int i; + byte key[AES_256_KEY_SIZE]; + CMAC_CTX* cmacCtx = NULL; + byte out[AES_BLOCK_SIZE]; +#if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_192) + size_t outLen = AES_BLOCK_SIZE; +#endif + + for (i=0; i < AES_256_KEY_SIZE; ++i) { + key[i] = i; + } + +#ifdef WOLFSSL_AES_128 + ExpectNotNull(cmacCtx = CMAC_CTX_new()); + /* Check CMAC_CTX_get0_cipher_ctx; return value not used. */ + ExpectNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx)); + ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(), + NULL), 1); + /* reusing test key as data to hash */ + ExpectIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), 1); + ExpectIntEQ(CMAC_Update(cmacCtx, NULL, 0), 1); + ExpectIntEQ(CMAC_Final(cmacCtx, out, &outLen), 1); + ExpectIntEQ(outLen, AES_BLOCK_SIZE); + + /* No Update works. */ + ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(), + NULL), 1); + ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1); + + ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_cbc(), + NULL), 1); + /* Test parameters with CMAC_Update. */ + ExpectIntEQ(CMAC_Update(NULL, NULL, 0), 0); + ExpectIntEQ(CMAC_Update(NULL, key, 0), 0); + ExpectIntEQ(CMAC_Update(NULL, NULL, AES_128_KEY_SIZE), 0); + ExpectIntEQ(CMAC_Update(NULL, key, AES_128_KEY_SIZE), 0); + ExpectIntEQ(CMAC_Update(cmacCtx, key, 0), 1); + ExpectIntEQ(CMAC_Update(cmacCtx, NULL, 0), 1); + ExpectIntEQ(CMAC_Update(cmacCtx, NULL, AES_128_KEY_SIZE), 1); + /* Test parameters with CMAC_Final. */ + ExpectIntEQ(CMAC_Final(NULL, NULL, NULL), 0); + ExpectIntEQ(CMAC_Final(NULL, out, NULL), 0); + ExpectIntEQ(CMAC_Final(NULL, NULL, &outLen), 0); + ExpectIntEQ(CMAC_Final(NULL, out, &outLen), 0); + ExpectIntEQ(CMAC_Final(cmacCtx, NULL, NULL), 1); + ExpectIntEQ(CMAC_Final(cmacCtx, NULL, &outLen), 1); + ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1); + CMAC_CTX_free(cmacCtx); +#endif + +#ifdef WOLFSSL_AES_192 + /* Test parameters with CMAC Init. */ + cmacCtx = NULL; + ExpectNotNull(cmacCtx = CMAC_CTX_new()); + ExpectNotNull(CMAC_CTX_get0_cipher_ctx(cmacCtx)); + ExpectIntEQ(CMAC_Init(NULL, NULL, 0, NULL, NULL), 0); + ExpectIntEQ(CMAC_Init(NULL, key, AES_192_KEY_SIZE, EVP_aes_192_cbc(), + NULL), 0); + ExpectIntEQ(CMAC_Init(cmacCtx, NULL, AES_192_KEY_SIZE, EVP_aes_192_cbc(), + NULL), 0); + /* give a key too small for the cipher, verify we get failure */ + ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_192_cbc(), + NULL), 0); + ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_192_KEY_SIZE, NULL, NULL), 0); + #if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) + /* Only AES-CBC supported. */ + ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_128_KEY_SIZE, EVP_aes_128_gcm(), + NULL), 0); + #endif + CMAC_CTX_free(cmacCtx); + + ExpectNull(CMAC_CTX_get0_cipher_ctx(NULL)); + cmacCtx = NULL; + ExpectNotNull(cmacCtx = CMAC_CTX_new()); + /* No Init. */ + ExpectIntEQ(CMAC_Final(cmacCtx, out, &outLen), 0); + CMAC_CTX_free(cmacCtx); +#endif + + /* Test AES-256-CBC */ +#ifdef WOLFSSL_AES_256 + cmacCtx = NULL; + ExpectNotNull(cmacCtx = CMAC_CTX_new()); + ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_256_KEY_SIZE, EVP_aes_256_cbc(), + NULL), 1); + ExpectIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), 1); + ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1); + CMAC_CTX_free(cmacCtx); +#endif + + /* Test AES-192-CBC */ +#ifdef WOLFSSL_AES_192 + cmacCtx = NULL; + ExpectNotNull(cmacCtx = CMAC_CTX_new()); + ExpectIntEQ(CMAC_Init(cmacCtx, key, AES_192_KEY_SIZE, EVP_aes_192_cbc(), + NULL), 1); + ExpectIntEQ(CMAC_Update(cmacCtx, key, AES_128_KEY_SIZE), 1); + ExpectIntEQ(CMAC_Final(cmacCtx, out, NULL), 1); + CMAC_CTX_free(cmacCtx); +#endif + + cmacCtx = NULL; + ExpectNotNull(cmacCtx = CMAC_CTX_new()); + CMAC_CTX_free(cmacCtx); +#endif /* WOLFSSL_CMAC && OPENSSL_EXTRA && WOLFSSL_AES_DIRECT */ + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_mac.h b/test/ssl/wolfssl/tests/api/test_ossl_mac.h new file mode 100644 index 000000000..8008354c6 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_mac.h @@ -0,0 +1,37 @@ +/* test_ossl_mac.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_MAC_H +#define WOLFCRYPT_TEST_OSSL_MAC_H + +#include + +int test_wolfSSL_HMAC_CTX(void); +int test_wolfSSL_HMAC(void); +int test_wolfSSL_CMAC(void); + +#define TEST_OSSL_MAC_DECLS \ + TEST_DECL_GROUP("ossl_mac", test_wolfSSL_HMAC_CTX), \ + TEST_DECL_GROUP("ossl_mac", test_wolfSSL_HMAC), \ + TEST_DECL_GROUP("ossl_mac", test_wolfSSL_CMAC) + +#endif /* WOLFCRYPT_TEST_OSSL_MAC_H */ + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_rsa.c b/test/ssl/wolfssl/tests/api/test_ossl_rsa.c new file mode 100644 index 000000000..1947ad7ee --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_rsa.c @@ -0,0 +1,1646 @@ +/* test_ossl_rsa.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include +#include + +/******************************************************************************* + * RSA OpenSSL compatibility API Testing + ******************************************************************************/ + +int test_wolfSSL_RSA(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + RSA* rsa = NULL; + const BIGNUM *n = NULL; + const BIGNUM *e = NULL; + const BIGNUM *d = NULL; + const BIGNUM *p = NULL; + const BIGNUM *q = NULL; + const BIGNUM *dmp1 = NULL; + const BIGNUM *dmq1 = NULL; + const BIGNUM *iqmp = NULL; + + ExpectNotNull(rsa = RSA_new()); + ExpectIntEQ(RSA_size(NULL), 0); + ExpectIntEQ(RSA_size(rsa), 0); + ExpectIntEQ(RSA_set0_key(rsa, NULL, NULL, NULL), 0); + ExpectIntEQ(RSA_set0_crt_params(rsa, NULL, NULL, NULL), 0); + ExpectIntEQ(RSA_set0_factors(rsa, NULL, NULL), 0); +#ifdef WOLFSSL_RSA_KEY_CHECK + ExpectIntEQ(RSA_check_key(rsa), 0); +#endif + + RSA_free(rsa); + rsa = NULL; + ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); + ExpectIntEQ(RSA_size(rsa), 256); + +#if (!defined(HAVE_FIPS) || FIPS_VERSION3_GT(6,0,0)) && !defined(HAVE_SELFTEST) + { + /* Test setting only subset of parameters */ + RSA *rsa2 = NULL; + unsigned char hash[SHA256_DIGEST_LENGTH]; + unsigned char signature[2048/8]; + unsigned int signatureLen = 0; + BIGNUM* n2 = NULL; + BIGNUM* e2 = NULL; + BIGNUM* d2 = NULL; + BIGNUM* p2 = NULL; + BIGNUM* q2 = NULL; + BIGNUM* dmp12 = NULL; + BIGNUM* dmq12 = NULL; + BIGNUM* iqmp2 = NULL; + + XMEMSET(hash, 0, sizeof(hash)); + RSA_get0_key(rsa, &n, &e, &d); + RSA_get0_factors(rsa, &p, &q); + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); + + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa), 1); + /* Quick sanity check */ + ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, + signatureLen, rsa), 1); + + /* Verifying */ + ExpectNotNull(n2 = BN_dup(n)); + ExpectNotNull(e2 = BN_dup(e)); + ExpectNotNull(p2 = BN_dup(p)); + ExpectNotNull(q2 = BN_dup(q)); + ExpectNotNull(dmp12 = BN_dup(dmp1)); + ExpectNotNull(dmq12 = BN_dup(dmq1)); + ExpectNotNull(iqmp2 = BN_dup(iqmp)); + + ExpectNotNull(rsa2 = RSA_new()); + ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, NULL), 1); + if (EXPECT_SUCCESS()) { + n2 = NULL; + e2 = NULL; + } + ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, + signatureLen, rsa2), 1); + ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1); + if (EXPECT_SUCCESS()) { + p2 = NULL; + q2 = NULL; + } + ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, + signatureLen, rsa2), 1); + ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1); + if (EXPECT_SUCCESS()) { + dmp12 = NULL; + dmq12 = NULL; + iqmp2 = NULL; + } + ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, + signatureLen, rsa2), 1); + RSA_free(rsa2); + rsa2 = NULL; + + BN_free(iqmp2); + iqmp2 = NULL; + BN_free(dmq12); + dmq12 = NULL; + BN_free(dmp12); + dmp12 = NULL; + BN_free(q2); + q2 = NULL; + BN_free(p2); + p2 = NULL; + BN_free(e2); + e2 = NULL; + BN_free(n2); + n2 = NULL; + + ExpectNotNull(n2 = BN_dup(n)); + ExpectNotNull(e2 = BN_dup(e)); + ExpectNotNull(d2 = BN_dup(d)); + ExpectNotNull(p2 = BN_dup(p)); + ExpectNotNull(q2 = BN_dup(q)); + ExpectNotNull(dmp12 = BN_dup(dmp1)); + ExpectNotNull(dmq12 = BN_dup(dmq1)); + ExpectNotNull(iqmp2 = BN_dup(iqmp)); + + /* Signing */ + XMEMSET(signature, 0, sizeof(signature)); + ExpectNotNull(rsa2 = RSA_new()); + ExpectIntEQ(RSA_set0_key(rsa2, n2, e2, d2), 1); + if (EXPECT_SUCCESS()) { + n2 = NULL; + e2 = NULL; + d2 = NULL; + } +#if defined(WOLFSSL_SP_MATH) && !defined(RSA_LOW_MEM) + /* SP is not support signing without CRT parameters. */ + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa2), 0); + ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1); + if (EXPECT_SUCCESS()) { + p2 = NULL; + q2 = NULL; + } + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa2), 0); +#else + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa2), 1); + ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, + signatureLen, rsa), 1); + ExpectIntEQ(RSA_set0_factors(rsa2, p2, q2), 1); + if (EXPECT_SUCCESS()) { + p2 = NULL; + q2 = NULL; + } + XMEMSET(signature, 0, sizeof(signature)); + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa2), 1); + ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, + signatureLen, rsa), 1); +#endif + ExpectIntEQ(RSA_set0_crt_params(rsa2, dmp12, dmq12, iqmp2), 1); + if (EXPECT_SUCCESS()) { + dmp12 = NULL; + dmq12 = NULL; + iqmp2 = NULL; + } + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa2), 1); + ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, + signatureLen, rsa), 1); + RSA_free(rsa2); + rsa2 = NULL; + + BN_free(iqmp2); + BN_free(dmq12); + BN_free(dmp12); + BN_free(q2); + BN_free(p2); + BN_free(d2); + BN_free(e2); + BN_free(n2); + } +#endif + +#ifdef WOLFSSL_RSA_KEY_CHECK + ExpectIntEQ(RSA_check_key(NULL), 0); + ExpectIntEQ(RSA_check_key(rsa), 1); +#endif + + /* sanity check */ + ExpectIntEQ(RSA_bits(NULL), 0); + + /* key */ + ExpectIntEQ(RSA_bits(rsa), 2048); + RSA_get0_key(rsa, &n, &e, &d); + ExpectPtrEq(rsa->n, n); + ExpectPtrEq(rsa->e, e); + ExpectPtrEq(rsa->d, d); + n = NULL; + e = NULL; + d = NULL; + ExpectNotNull(n = BN_new()); + ExpectNotNull(e = BN_new()); + ExpectNotNull(d = BN_new()); + ExpectIntEQ(RSA_set0_key(rsa, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 1); + if (EXPECT_FAIL()) { + BN_free((BIGNUM*)n); + BN_free((BIGNUM*)e); + BN_free((BIGNUM*)d); + } + ExpectPtrEq(rsa->n, n); + ExpectPtrEq(rsa->e, e); + ExpectPtrEq(rsa->d, d); + ExpectIntEQ(RSA_set0_key(rsa, NULL, NULL, NULL), 1); + ExpectIntEQ(RSA_set0_key(NULL, (BIGNUM*)n, (BIGNUM*)e, (BIGNUM*)d), 0); + + /* crt_params */ + RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp); + ExpectPtrEq(rsa->dmp1, dmp1); + ExpectPtrEq(rsa->dmq1, dmq1); + ExpectPtrEq(rsa->iqmp, iqmp); + dmp1 = NULL; + dmq1 = NULL; + iqmp = NULL; + ExpectNotNull(dmp1 = BN_new()); + ExpectNotNull(dmq1 = BN_new()); + ExpectNotNull(iqmp = BN_new()); + ExpectIntEQ(RSA_set0_crt_params(rsa, (BIGNUM*)dmp1, (BIGNUM*)dmq1, + (BIGNUM*)iqmp), 1); + if (EXPECT_FAIL()) { + BN_free((BIGNUM*)dmp1); + BN_free((BIGNUM*)dmq1); + BN_free((BIGNUM*)iqmp); + } + ExpectPtrEq(rsa->dmp1, dmp1); + ExpectPtrEq(rsa->dmq1, dmq1); + ExpectPtrEq(rsa->iqmp, iqmp); + ExpectIntEQ(RSA_set0_crt_params(rsa, NULL, NULL, NULL), 1); + ExpectIntEQ(RSA_set0_crt_params(NULL, (BIGNUM*)dmp1, (BIGNUM*)dmq1, + (BIGNUM*)iqmp), 0); + RSA_get0_crt_params(NULL, NULL, NULL, NULL); + RSA_get0_crt_params(rsa, NULL, NULL, NULL); + RSA_get0_crt_params(NULL, &dmp1, &dmq1, &iqmp); + ExpectNull(dmp1); + ExpectNull(dmq1); + ExpectNull(iqmp); + + /* factors */ + RSA_get0_factors(rsa, NULL, NULL); + RSA_get0_factors(rsa, &p, &q); + ExpectPtrEq(rsa->p, p); + ExpectPtrEq(rsa->q, q); + p = NULL; + q = NULL; + ExpectNotNull(p = BN_new()); + ExpectNotNull(q = BN_new()); + ExpectIntEQ(RSA_set0_factors(rsa, (BIGNUM*)p, (BIGNUM*)q), 1); + if (EXPECT_FAIL()) { + BN_free((BIGNUM*)p); + BN_free((BIGNUM*)q); + } + ExpectPtrEq(rsa->p, p); + ExpectPtrEq(rsa->q, q); + ExpectIntEQ(RSA_set0_factors(rsa, NULL, NULL), 1); + ExpectIntEQ(RSA_set0_factors(NULL, (BIGNUM*)p, (BIGNUM*)q), 0); + RSA_get0_factors(NULL, NULL, NULL); + RSA_get0_factors(NULL, &p, &q); + ExpectNull(p); + ExpectNull(q); + + ExpectIntEQ(BN_hex2bn(&rsa->n, "1FFFFF"), 1); + ExpectIntEQ(RSA_bits(rsa), 21); + RSA_free(rsa); + rsa = NULL; + +#if !defined(USE_FAST_MATH) || (FP_MAX_BITS >= (3072*2)) + ExpectNotNull(rsa = RSA_generate_key(3072, 17, NULL, NULL)); + ExpectIntEQ(RSA_size(rsa), 384); + ExpectIntEQ(RSA_bits(rsa), 3072); + RSA_free(rsa); + rsa = NULL; +#endif + + /* remove for now with odd key size until adjusting rsa key size check with + wc_MakeRsaKey() + ExpectNotNull(rsa = RSA_generate_key(2999, 65537, NULL, NULL)); + RSA_free(rsa); + rsa = NULL; + */ + + ExpectNull(RSA_generate_key(-1, 3, NULL, NULL)); + ExpectNull(RSA_generate_key(RSA_MIN_SIZE - 1, 3, NULL, NULL)); + ExpectNull(RSA_generate_key(RSA_MAX_SIZE + 1, 3, NULL, NULL)); + ExpectNull(RSA_generate_key(2048, 0, NULL, NULL)); + + +#if !defined(NO_FILESYSTEM) && !defined(NO_ASN) + { + byte buff[FOURK_BUF]; + byte der[FOURK_BUF]; + const char PrivKeyPemFile[] = "certs/client-keyEnc.pem"; + + XFILE f = XBADFILE; + int bytes = 0; + + /* test loading encrypted RSA private pem w/o password */ + ExpectTrue((f = XFOPEN(PrivKeyPemFile, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buff, 1, sizeof(buff), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + XMEMSET(der, 0, sizeof(der)); + /* test that error value is returned with no password */ + ExpectIntLT(wc_KeyPemToDer(buff, bytes, der, (word32)sizeof(der), ""), + 0); + } +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_RSA_DER(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA) && defined(OPENSSL_EXTRA) + RSA *rsa = NULL; + int i; + const unsigned char *buff = NULL; + unsigned char *newBuff = NULL; + + struct tbl_s + { + const unsigned char *der; + int sz; + } tbl[] = { + +#ifdef USE_CERT_BUFFERS_1024 + {client_key_der_1024, sizeof_client_key_der_1024}, + {server_key_der_1024, sizeof_server_key_der_1024}, +#endif +#ifdef USE_CERT_BUFFERS_2048 + {client_key_der_2048, sizeof_client_key_der_2048}, + {server_key_der_2048, sizeof_server_key_der_2048}, +#endif + {NULL, 0} + }; + + /* Public Key DER */ + struct tbl_s pub[] = { +#ifdef USE_CERT_BUFFERS_1024 + {client_keypub_der_1024, sizeof_client_keypub_der_1024}, +#endif +#ifdef USE_CERT_BUFFERS_2048 + {client_keypub_der_2048, sizeof_client_keypub_der_2048}, +#endif + {NULL, 0} + }; + + ExpectNull(d2i_RSAPublicKey(&rsa, NULL, pub[0].sz)); + buff = pub[0].der; + ExpectNull(d2i_RSAPublicKey(&rsa, &buff, 1)); + ExpectNull(d2i_RSAPrivateKey(&rsa, NULL, tbl[0].sz)); + buff = tbl[0].der; + ExpectNull(d2i_RSAPrivateKey(&rsa, &buff, 1)); + + ExpectIntEQ(i2d_RSAPublicKey(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + rsa = RSA_new(); + ExpectIntEQ(i2d_RSAPublicKey(rsa, NULL), 0); + RSA_free(rsa); + rsa = NULL; + + for (i = 0; tbl[i].der != NULL; i++) + { + /* Passing in pointer results in pointer moving. */ + buff = tbl[i].der; + ExpectNotNull(d2i_RSAPublicKey(&rsa, &buff, tbl[i].sz)); + ExpectNotNull(rsa); + RSA_free(rsa); + rsa = NULL; + } + for (i = 0; tbl[i].der != NULL; i++) + { + /* Passing in pointer results in pointer moving. */ + buff = tbl[i].der; + ExpectNotNull(d2i_RSAPrivateKey(&rsa, &buff, tbl[i].sz)); + ExpectNotNull(rsa); + RSA_free(rsa); + rsa = NULL; + } + + for (i = 0; pub[i].der != NULL; i++) + { + buff = pub[i].der; + ExpectNotNull(d2i_RSAPublicKey(&rsa, &buff, pub[i].sz)); + ExpectNotNull(rsa); + ExpectIntEQ(i2d_RSAPublicKey(rsa, NULL), pub[i].sz); + newBuff = NULL; + ExpectIntEQ(i2d_RSAPublicKey(rsa, &newBuff), pub[i].sz); + ExpectNotNull(newBuff); + ExpectIntEQ(XMEMCMP((void *)newBuff, (void *)pub[i].der, pub[i].sz), 0); + XFREE((void *)newBuff, NULL, DYNAMIC_TYPE_TMP_BUFFER); + RSA_free(rsa); + rsa = NULL; + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_RSA_print(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) && \ + !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(NO_BIO) && defined(XFPRINTF) + BIO *bio = NULL; + WOLFSSL_RSA* rsa = NULL; + + ExpectNotNull(bio = BIO_new_fd(STDERR_FILENO, BIO_NOCLOSE)); + ExpectNotNull(rsa = RSA_new()); + + ExpectIntEQ(RSA_print(NULL, rsa, 0), -1); + ExpectIntEQ(RSA_print_fp(XBADFILE, rsa, 0), 0); + ExpectIntEQ(RSA_print(bio, NULL, 0), -1); + ExpectIntEQ(RSA_print_fp(stderr, NULL, 0), 0); + /* Some very large number of indent spaces. */ + ExpectIntEQ(RSA_print(bio, rsa, 128), -1); + /* RSA is empty. */ + ExpectIntEQ(RSA_print(bio, rsa, 0), 0); + ExpectIntEQ(RSA_print_fp(stderr, rsa, 0), 0); + + RSA_free(rsa); + rsa = NULL; + ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); + + ExpectIntEQ(RSA_print(bio, rsa, 0), 1); + ExpectIntEQ(RSA_print(bio, rsa, 4), 1); + ExpectIntEQ(RSA_print(bio, rsa, -1), 1); + ExpectIntEQ(RSA_print_fp(stderr, rsa, 0), 1); + ExpectIntEQ(RSA_print_fp(stderr, rsa, 4), 1); + ExpectIntEQ(RSA_print_fp(stderr, rsa, -1), 1); + + BIO_free(bio); + RSA_free(rsa); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_RSA_padding_add_PKCS1_PSS(void) +{ + EXPECT_DECLS; +#ifndef NO_RSA +#if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG) +#if !defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION>2)) + RSA *rsa = NULL; + const unsigned char *derBuf = client_key_der_2048; + unsigned char em[256] = {0}; /* len = 2048/8 */ + /* Random data simulating a hash */ + const unsigned char mHash[WC_SHA256_DIGEST_SIZE] = { + 0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4, + 0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb, + 0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28 + }; + + ExpectNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048)); + ExpectIntEQ(RSA_padding_add_PKCS1_PSS(NULL, em, mHash, EVP_sha256(), + RSA_PSS_SALTLEN_DIGEST), 0); + ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, NULL, mHash, EVP_sha256(), + RSA_PSS_SALTLEN_DIGEST), 0); + ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, NULL, EVP_sha256(), + RSA_PSS_SALTLEN_DIGEST), 0); + ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, NULL, + RSA_PSS_SALTLEN_DIGEST), 0); + ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), -5), 0); + + ExpectIntEQ(RSA_verify_PKCS1_PSS(NULL, mHash, EVP_sha256(), em, + RSA_PSS_SALTLEN_MAX_SIGN), 0); + ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, NULL, EVP_sha256(), em, + RSA_PSS_SALTLEN_MAX_SIGN), 0); + ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, NULL, em, + RSA_PSS_SALTLEN_MAX_SIGN), 0); + ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), NULL, + RSA_PSS_SALTLEN_MAX_SIGN), 0); + ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, + RSA_PSS_SALTLEN_MAX_SIGN), 0); + ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, -5), 0); + + ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), + RSA_PSS_SALTLEN_DIGEST), 1); + ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, + RSA_PSS_SALTLEN_DIGEST), 1); + + ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), + RSA_PSS_SALTLEN_MAX_SIGN), 1); + ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, + RSA_PSS_SALTLEN_MAX_SIGN), 1); + + ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), + RSA_PSS_SALTLEN_MAX), 1); + ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, + RSA_PSS_SALTLEN_MAX), 1); + + ExpectIntEQ(RSA_padding_add_PKCS1_PSS(rsa, em, mHash, EVP_sha256(), 10), 1); + ExpectIntEQ(RSA_verify_PKCS1_PSS(rsa, mHash, EVP_sha256(), em, 10), 1); + + RSA_free(rsa); +#endif /* !HAVE_FIPS || HAVE_FIPS_VERSION > 2 */ +#endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/ +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_RSA_sign_sha3(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) +#if defined(OPENSSL_ALL) && defined(WC_RSA_PSS) && !defined(WC_NO_RNG) + RSA* rsa = NULL; + const unsigned char *derBuf = client_key_der_2048; + unsigned char sigRet[256] = {0}; + unsigned int sigLen = sizeof(sigRet); + /* Random data simulating a hash */ + const unsigned char mHash[WC_SHA3_256_DIGEST_SIZE] = { + 0x28, 0x6e, 0xfd, 0xf8, 0x76, 0xc7, 0x00, 0x3d, 0x91, 0x4e, 0x59, 0xe4, + 0x8e, 0xb7, 0x40, 0x7b, 0xd1, 0x0c, 0x98, 0x4b, 0xe3, 0x3d, 0xb3, 0xeb, + 0x6f, 0x8a, 0x3c, 0x42, 0xab, 0x21, 0xad, 0x28 + }; + + ExpectNotNull(d2i_RSAPrivateKey(&rsa, &derBuf, sizeof_client_key_der_2048)); + ExpectIntEQ(RSA_sign(NID_sha3_256, mHash, sizeof(mHash), sigRet, &sigLen, + rsa), 1); + + RSA_free(rsa); +#endif /* OPENSSL_ALL && WC_RSA_PSS && !WC_NO_RNG*/ +#endif /* !NO_RSA && WOLFSSL_SHA3 && !WOLFSSL_NOSHA3_256*/ + return EXPECT_RESULT(); +} + +int test_wolfSSL_RSA_get0_key(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) + RSA *rsa = NULL; + const BIGNUM* n = NULL; + const BIGNUM* e = NULL; + const BIGNUM* d = NULL; + + const unsigned char* der; + int derSz; + +#ifdef USE_CERT_BUFFERS_1024 + der = client_key_der_1024; + derSz = sizeof_client_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + der = client_key_der_2048; + derSz = sizeof_client_key_der_2048; +#else + der = NULL; + derSz = 0; +#endif + + if (der != NULL) { + RSA_get0_key(NULL, NULL, NULL, NULL); + RSA_get0_key(rsa, NULL, NULL, NULL); + RSA_get0_key(NULL, &n, &e, &d); + ExpectNull(n); + ExpectNull(e); + ExpectNull(d); + + ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, derSz)); + ExpectNotNull(rsa); + + RSA_get0_key(rsa, NULL, NULL, NULL); + RSA_get0_key(rsa, &n, NULL, NULL); + ExpectNotNull(n); + RSA_get0_key(rsa, NULL, &e, NULL); + ExpectNotNull(e); + RSA_get0_key(rsa, NULL, NULL, &d); + ExpectNotNull(d); + RSA_get0_key(rsa, &n, &e, &d); + ExpectNotNull(n); + ExpectNotNull(e); + ExpectNotNull(d); + + RSA_free(rsa); + } +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_RSA_meth(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) + RSA *rsa = NULL; + RSA_METHOD *rsa_meth = NULL; + +#ifdef WOLFSSL_KEY_GEN + ExpectNotNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); + RSA_free(rsa); + rsa = NULL; +#else + ExpectNull(rsa = RSA_generate_key(2048, 3, NULL, NULL)); +#endif + + ExpectNotNull(RSA_get_default_method()); + + wolfSSL_RSA_meth_free(NULL); + + ExpectNull(wolfSSL_RSA_meth_new(NULL, 0)); + + ExpectNotNull(rsa_meth = RSA_meth_new("placeholder RSA method", + RSA_METHOD_FLAG_NO_CHECK)); + +#ifndef NO_WOLFSSL_STUB + ExpectIntEQ(RSA_meth_set_pub_enc(rsa_meth, NULL), 1); + ExpectIntEQ(RSA_meth_set_pub_dec(rsa_meth, NULL), 1); + ExpectIntEQ(RSA_meth_set_priv_enc(rsa_meth, NULL), 1); + ExpectIntEQ(RSA_meth_set_priv_dec(rsa_meth, NULL), 1); + ExpectIntEQ(RSA_meth_set_init(rsa_meth, NULL), 1); + ExpectIntEQ(RSA_meth_set_finish(rsa_meth, NULL), 1); + ExpectIntEQ(RSA_meth_set0_app_data(rsa_meth, NULL), 1); +#endif + + ExpectIntEQ(RSA_flags(NULL), 0); + RSA_set_flags(NULL, RSA_FLAG_CACHE_PUBLIC); + RSA_clear_flags(NULL, RSA_FLAG_CACHE_PUBLIC); + ExpectIntEQ(RSA_test_flags(NULL, RSA_FLAG_CACHE_PUBLIC), 0); + + ExpectNotNull(rsa = RSA_new()); + /* No method set. */ + ExpectIntEQ(RSA_flags(rsa), 0); + RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC); + RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC); + ExpectIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0); + + ExpectIntEQ(RSA_set_method(NULL, rsa_meth), 1); + ExpectIntEQ(RSA_set_method(rsa, rsa_meth), 1); + if (EXPECT_FAIL()) { + wolfSSL_RSA_meth_free(rsa_meth); + } + ExpectNull(RSA_get_method(NULL)); + ExpectPtrEq(RSA_get_method(rsa), rsa_meth); + ExpectIntEQ(RSA_flags(rsa), RSA_METHOD_FLAG_NO_CHECK); + RSA_set_flags(rsa, RSA_FLAG_CACHE_PUBLIC); + ExpectIntNE(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0); + ExpectIntEQ(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC | + RSA_METHOD_FLAG_NO_CHECK); + RSA_clear_flags(rsa, RSA_FLAG_CACHE_PUBLIC); + ExpectIntEQ(RSA_test_flags(rsa, RSA_FLAG_CACHE_PUBLIC), 0); + ExpectIntNE(RSA_flags(rsa), RSA_FLAG_CACHE_PUBLIC); + + /* rsa_meth is freed here */ + RSA_free(rsa); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_RSA_verify(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_FILESYSTEM) +#ifndef NO_BIO + XFILE fp = XBADFILE; + RSA *pKey = NULL; + RSA *pubKey = NULL; + X509 *cert = NULL; + const char *text = "Hello wolfSSL !"; + unsigned char hash[SHA256_DIGEST_LENGTH]; + unsigned char signature[2048/8]; + unsigned int signatureLength; + byte *buf = NULL; + BIO *bio = NULL; + SHA256_CTX c; + EVP_PKEY *evpPkey = NULL; + EVP_PKEY *evpPubkey = NULL; + long lsz = 0; + size_t sz; + + /* generate hash */ + SHA256_Init(&c); + SHA256_Update(&c, text, strlen(text)); + SHA256_Final(hash, &c); +#ifdef WOLFSSL_SMALL_STACK_CACHE + /* workaround for small stack cache case */ + wc_Sha256Free((wc_Sha256*)&c); +#endif + + /* read private key file */ + ExpectTrue((fp = XFOPEN(svrKeyFile, "rb")) != XBADFILE); + ExpectIntEQ(XFSEEK(fp, 0, XSEEK_END), 0); + ExpectTrue((lsz = XFTELL(fp)) > 0); + sz = (size_t)lsz; + ExpectIntEQ(XFSEEK(fp, 0, XSEEK_SET), 0); + ExpectNotNull(buf = (byte*)XMALLOC(sz, NULL, DYNAMIC_TYPE_FILE)); + ExpectIntEQ(XFREAD(buf, 1, sz, fp), sz); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + /* read private key and sign hash data */ + ExpectNotNull(bio = BIO_new_mem_buf(buf, (int)sz)); + ExpectNotNull(evpPkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, NULL)); + ExpectNotNull(pKey = EVP_PKEY_get1_RSA(evpPkey)); + ExpectIntEQ(RSA_sign(NID_sha256, hash, SHA256_DIGEST_LENGTH, + signature, &signatureLength, pKey), SSL_SUCCESS); + + /* read public key and verify signed data */ + ExpectTrue((fp = XFOPEN(svrCertFile,"rb")) != XBADFILE); + ExpectNotNull(cert = PEM_read_X509(fp, 0, 0, 0 )); + if (fp != XBADFILE) + XFCLOSE(fp); + ExpectNull(X509_get_pubkey(NULL)); + ExpectNotNull(evpPubkey = X509_get_pubkey(cert)); + ExpectNotNull(pubKey = EVP_PKEY_get1_RSA(evpPubkey)); + ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature, + signatureLength, pubKey), SSL_SUCCESS); + + ExpectIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, NULL, + signatureLength, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(RSA_verify(NID_sha256, NULL, SHA256_DIGEST_LENGTH, signature, + signatureLength, pubKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, NULL, + signatureLength, pubKey), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + ExpectIntEQ(RSA_verify(NID_sha256, hash, SHA256_DIGEST_LENGTH, signature, + signatureLength, NULL), WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); + + + RSA_free(pKey); + EVP_PKEY_free(evpPkey); + RSA_free(pubKey); + EVP_PKEY_free(evpPubkey); + X509_free(cert); + BIO_free(bio); + XFREE(buf, NULL, DYNAMIC_TYPE_FILE); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_RSA_sign(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) + RSA *rsa; + unsigned char hash[SHA256_DIGEST_LENGTH]; +#ifdef USE_CERT_BUFFERS_1024 + const unsigned char* privDer = client_key_der_1024; + size_t privDerSz = sizeof_client_key_der_1024; + const unsigned char* pubDer = client_keypub_der_1024; + size_t pubDerSz = sizeof_client_keypub_der_1024; + unsigned char signature[1024/8]; +#else + const unsigned char* privDer = client_key_der_2048; + size_t privDerSz = sizeof_client_key_der_2048; + const unsigned char* pubDer = client_keypub_der_2048; + size_t pubDerSz = sizeof_client_keypub_der_2048; + unsigned char signature[2048/8]; +#endif + unsigned int signatureLen; + const unsigned char* der; + + XMEMSET(hash, 0, sizeof(hash)); + + der = privDer; + rsa = NULL; + ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz)); + + /* Invalid parameters. */ + ExpectIntEQ(RSA_sign(NID_rsaEncryption, NULL, 0, NULL, NULL, NULL), 0); + ExpectIntEQ(RSA_sign(NID_rsaEncryption, hash, sizeof(hash), signature, + &signatureLen, rsa), 0); + ExpectIntEQ(RSA_sign(NID_sha256, NULL, sizeof(hash), signature, + &signatureLen, rsa), 0); + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), NULL, + &signatureLen, rsa), 0); + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + NULL, rsa), 0); + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, NULL), 0); + + ExpectIntEQ(RSA_sign(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa), 1); + + RSA_free(rsa); + der = pubDer; + rsa = NULL; + ExpectNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz)); + + ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, + signatureLen, rsa), 1); + + RSA_free(rsa); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_RSA_sign_ex(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) + RSA *rsa = NULL; + unsigned char hash[SHA256_DIGEST_LENGTH]; +#ifdef USE_CERT_BUFFERS_1024 + const unsigned char* privDer = client_key_der_1024; + size_t privDerSz = sizeof_client_key_der_1024; + const unsigned char* pubDer = client_keypub_der_1024; + size_t pubDerSz = sizeof_client_keypub_der_1024; + unsigned char signature[1024/8]; +#else + const unsigned char* privDer = client_key_der_2048; + size_t privDerSz = sizeof_client_key_der_2048; + const unsigned char* pubDer = client_keypub_der_2048; + size_t pubDerSz = sizeof_client_keypub_der_2048; + unsigned char signature[2048/8]; +#endif + unsigned int signatureLen; + const unsigned char* der; + unsigned char encodedHash[51]; + unsigned int encodedHashLen; + const unsigned char expEncHash[] = { + 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, + 0x00, 0x04, 0x20, + /* Hash data */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + }; + + XMEMSET(hash, 0, sizeof(hash)); + + ExpectNotNull(rsa = wolfSSL_RSA_new()); + ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa, 1), 0); + wolfSSL_RSA_free(rsa); + + der = privDer; + rsa = NULL; + ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz)); + + ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_rsaEncryption,NULL, 0, NULL, NULL, NULL, + -1), 0); + ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_rsaEncryption, hash, sizeof(hash), + signature, &signatureLen, rsa, 1), 0); + ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, NULL, sizeof(hash), signature, + &signatureLen, rsa, 1), 0); + ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), NULL, + &signatureLen, rsa, 1), 0); + ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature, + NULL, rsa, 1), 0); + ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, NULL, 1), 0); + ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa, -1), 0); + ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, NULL, sizeof(hash), signature, + &signatureLen, rsa, 0), 0); + ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), NULL, + &signatureLen, rsa, 0), 0); + ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature, + NULL, rsa, 0), 0); + + ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), signature, + &signatureLen, rsa, 1), 1); + /* Test returning encoded hash. */ + ExpectIntEQ(wolfSSL_RSA_sign_ex(NID_sha256, hash, sizeof(hash), encodedHash, + &encodedHashLen, rsa, 0), 1); + ExpectIntEQ(encodedHashLen, sizeof(expEncHash)); + ExpectIntEQ(XMEMCMP(encodedHash, expEncHash, sizeof(expEncHash)), 0); + + RSA_free(rsa); + der = pubDer; + rsa = NULL; + ExpectNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz)); + + ExpectIntEQ(RSA_verify(NID_sha256, hash, sizeof(hash), signature, + signatureLen, rsa), 1); + + RSA_free(rsa); +#endif + return EXPECT_RESULT(); +} + + +int test_wolfSSL_RSA_public_decrypt(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) + RSA *rsa; + unsigned char msg[SHA256_DIGEST_LENGTH]; +#ifdef USE_CERT_BUFFERS_1024 + const unsigned char* pubDer = client_keypub_der_1024; + size_t pubDerSz = sizeof_client_keypub_der_1024; + unsigned char decMsg[1024/8]; + const unsigned char encMsg[] = { + 0x45, 0x8e, 0x6e, 0x7a, 0x9c, 0xe1, 0x67, 0x36, + 0x72, 0xfc, 0x9d, 0x05, 0xdf, 0xc2, 0xaf, 0x54, + 0xc5, 0x2f, 0x94, 0xb8, 0xc7, 0x82, 0x40, 0xfa, + 0xa7, 0x8c, 0xb1, 0x89, 0x40, 0xc3, 0x59, 0x5a, + 0x77, 0x08, 0x54, 0x93, 0x43, 0x7f, 0xc4, 0xb7, + 0xc4, 0x78, 0xf1, 0xf8, 0xab, 0xbf, 0xc2, 0x81, + 0x5d, 0x97, 0xea, 0x7a, 0x60, 0x90, 0x51, 0xb7, + 0x47, 0x78, 0x48, 0x1e, 0x88, 0x6b, 0x89, 0xde, + 0xce, 0x41, 0x41, 0xae, 0x49, 0xf6, 0xfd, 0x2d, + 0x2d, 0x9c, 0x70, 0x7d, 0xf9, 0xcf, 0x77, 0x5f, + 0x06, 0xc7, 0x20, 0xe3, 0x57, 0xd4, 0xd8, 0x1a, + 0x96, 0xa2, 0x39, 0xb0, 0x6e, 0x8e, 0x68, 0xf8, + 0x57, 0x7b, 0x26, 0x88, 0x17, 0xc4, 0xb7, 0xf1, + 0x59, 0xfa, 0xb6, 0x95, 0xdd, 0x1e, 0xe8, 0xd8, + 0x4e, 0xbd, 0xcd, 0x41, 0xad, 0xc7, 0xe2, 0x39, + 0xb8, 0x00, 0xca, 0xf5, 0x59, 0xdf, 0xf8, 0x43 + }; +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \ + defined(WC_RSA_NO_PADDING) + const unsigned char encMsgNoPad[] = { + 0x0d, 0x41, 0x5a, 0xc7, 0x60, 0xd7, 0xbe, 0xb6, + 0x42, 0xd1, 0x65, 0xb1, 0x7e, 0x59, 0x54, 0xcc, + 0x76, 0x62, 0xd0, 0x2f, 0x4d, 0xe3, 0x23, 0x62, + 0xc8, 0x14, 0xfe, 0x5e, 0xa1, 0xc7, 0x05, 0xee, + 0x9e, 0x28, 0x2e, 0xf5, 0xfd, 0xa4, 0xc0, 0x43, + 0x55, 0xa2, 0x6b, 0x6b, 0x16, 0xa7, 0x63, 0x06, + 0xa7, 0x78, 0x4f, 0xda, 0xae, 0x10, 0x6d, 0xd1, + 0x2e, 0x1d, 0xbb, 0xbc, 0xc4, 0x1d, 0x82, 0xe4, + 0xc6, 0x76, 0x77, 0xa6, 0x0a, 0xef, 0xd2, 0x89, + 0xff, 0x30, 0x85, 0x22, 0xa0, 0x68, 0x88, 0x54, + 0xa3, 0xd1, 0x92, 0xd1, 0x3f, 0x57, 0xe4, 0xc7, + 0x43, 0x5a, 0x8b, 0xb3, 0x86, 0xaf, 0xd5, 0x6d, + 0x07, 0xe1, 0xa0, 0x5f, 0xe1, 0x9a, 0x06, 0xba, + 0x56, 0xd2, 0xb0, 0x73, 0xf5, 0xb3, 0xd0, 0x5f, + 0xc0, 0xbf, 0x22, 0x4c, 0x54, 0x4e, 0x11, 0xe2, + 0xc5, 0xf8, 0x66, 0x39, 0x9d, 0x70, 0x90, 0x31 + }; +#endif +#else + const unsigned char* pubDer = client_keypub_der_2048; + size_t pubDerSz = sizeof_client_keypub_der_2048; + unsigned char decMsg[2048/8]; + const unsigned char encMsg[] = { + 0x16, 0x5d, 0xbb, 0x00, 0x38, 0x73, 0x01, 0x34, + 0xca, 0x59, 0xc6, 0x8b, 0x64, 0x70, 0x89, 0xf5, + 0x50, 0x2d, 0x1d, 0x69, 0x1f, 0x07, 0x1e, 0x31, + 0xae, 0x9b, 0xa6, 0x6e, 0xee, 0x80, 0xd9, 0x9e, + 0x59, 0x33, 0x70, 0x30, 0x28, 0x42, 0x7d, 0x24, + 0x36, 0x95, 0x6b, 0xf9, 0x0a, 0x23, 0xcb, 0xce, + 0x66, 0xa5, 0x07, 0x5e, 0x11, 0xa7, 0xdc, 0xfb, + 0xd9, 0xc2, 0x51, 0xf0, 0x05, 0xc9, 0x39, 0xb3, + 0xae, 0xff, 0xfb, 0xe9, 0xb1, 0x9a, 0x54, 0xac, + 0x1d, 0xca, 0x42, 0x1a, 0xfd, 0x7c, 0x97, 0xa0, + 0x60, 0x2b, 0xcd, 0xb6, 0x36, 0x33, 0xfc, 0x44, + 0x69, 0xf7, 0x2e, 0x8c, 0x3b, 0x5f, 0xb4, 0x9f, + 0xa7, 0x02, 0x8f, 0x6d, 0x6b, 0x79, 0x10, 0x32, + 0x7d, 0xf4, 0x5d, 0xa1, 0x63, 0x22, 0x59, 0xc4, + 0x44, 0x8e, 0x44, 0x24, 0x8b, 0x14, 0x9d, 0x2b, + 0xb5, 0xd3, 0xad, 0x9a, 0x87, 0x0d, 0xe7, 0x70, + 0x6d, 0xe9, 0xae, 0xaa, 0x52, 0xbf, 0x1a, 0x9b, + 0xc8, 0x3d, 0x45, 0x7c, 0xd1, 0x90, 0xe3, 0xd9, + 0x57, 0xcf, 0xc3, 0x29, 0x69, 0x05, 0x07, 0x96, + 0x2e, 0x46, 0x74, 0x0a, 0xa7, 0x76, 0x8b, 0xc0, + 0x1c, 0x04, 0x80, 0x08, 0xa0, 0x94, 0x7e, 0xbb, + 0x2d, 0x99, 0xe9, 0xab, 0x18, 0x4d, 0x48, 0x2d, + 0x94, 0x5e, 0x50, 0x21, 0x42, 0xdf, 0xf5, 0x61, + 0x42, 0x7d, 0x86, 0x5d, 0x9e, 0x89, 0xc9, 0x5b, + 0x24, 0xab, 0xa1, 0xd8, 0x20, 0x45, 0xcb, 0x81, + 0xcf, 0xc5, 0x25, 0x7d, 0x11, 0x6e, 0xbd, 0x80, + 0xac, 0xba, 0xdc, 0xef, 0xb9, 0x05, 0x9c, 0xd5, + 0xc2, 0x26, 0x57, 0x69, 0x8b, 0x08, 0x27, 0xc7, + 0xea, 0xbe, 0xaf, 0x52, 0x21, 0x95, 0x9f, 0xa0, + 0x2f, 0x2f, 0x53, 0x7c, 0x2f, 0xa3, 0x0b, 0x79, + 0x39, 0x01, 0xa3, 0x37, 0x46, 0xa8, 0xc4, 0x34, + 0x41, 0x20, 0x7c, 0x3f, 0x70, 0x9a, 0x47, 0xe8 + }; +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \ + defined(WC_RSA_NO_PADDING) + const unsigned char encMsgNoPad[] = { + 0x79, 0x69, 0xdc, 0x0d, 0xff, 0x09, 0xeb, 0x91, + 0xbc, 0xda, 0xe4, 0xd3, 0xcd, 0xd5, 0xd3, 0x1c, + 0xb9, 0x66, 0xa8, 0x02, 0xf3, 0x75, 0x40, 0xf1, + 0x38, 0x4a, 0x37, 0x7b, 0x19, 0xc8, 0xcd, 0xea, + 0x79, 0xa8, 0x51, 0x32, 0x00, 0x3f, 0x4c, 0xde, + 0xaa, 0xe5, 0xe2, 0x7c, 0x10, 0xcd, 0x6e, 0x00, + 0xc6, 0xc4, 0x63, 0x98, 0x58, 0x9b, 0x38, 0xca, + 0xf0, 0x5d, 0xc8, 0xf0, 0x57, 0xf6, 0x21, 0x50, + 0x3f, 0x63, 0x05, 0x9f, 0xbf, 0xb6, 0x3b, 0x50, + 0x85, 0x06, 0x34, 0x08, 0x57, 0xb9, 0x44, 0xce, + 0xe4, 0x66, 0xbf, 0x0c, 0xfe, 0x36, 0xa4, 0x5b, + 0xed, 0x2d, 0x7d, 0xed, 0xf1, 0xbd, 0xda, 0x3e, + 0x19, 0x1f, 0x99, 0xc8, 0xe4, 0xc2, 0xbb, 0xb5, + 0x6c, 0x83, 0x22, 0xd1, 0xe7, 0x57, 0xcf, 0x1b, + 0x91, 0x0c, 0xa5, 0x47, 0x06, 0x71, 0x8f, 0x93, + 0xf3, 0xad, 0xdb, 0xe3, 0xf8, 0xa0, 0x0b, 0xcd, + 0x89, 0x4e, 0xa5, 0xb5, 0x03, 0x68, 0x61, 0x89, + 0x0b, 0xe2, 0x03, 0x8b, 0x1f, 0x54, 0xae, 0x0f, + 0xfa, 0xf0, 0xb7, 0x0f, 0x8c, 0x84, 0x35, 0x13, + 0x8d, 0x65, 0x1f, 0x2c, 0xd5, 0xce, 0xc4, 0x6c, + 0x98, 0x67, 0xe4, 0x1a, 0x85, 0x67, 0x69, 0x17, + 0x17, 0x5a, 0x5d, 0xfd, 0x23, 0xdd, 0x03, 0x3f, + 0x6d, 0x7a, 0xb6, 0x8b, 0x99, 0xc0, 0xb6, 0x70, + 0x86, 0xac, 0xf6, 0x02, 0xc2, 0x28, 0x42, 0xed, + 0x06, 0xcf, 0xca, 0x3d, 0x07, 0x16, 0xf0, 0x0e, + 0x04, 0x55, 0x1e, 0x59, 0x3f, 0x32, 0xc7, 0x12, + 0xc5, 0x0d, 0x9d, 0x64, 0x7d, 0x2e, 0xd4, 0xbc, + 0x8c, 0x24, 0x42, 0x94, 0x2b, 0xf6, 0x11, 0x7f, + 0xb1, 0x1c, 0x09, 0x12, 0x6f, 0x5e, 0x2e, 0x7a, + 0xc6, 0x01, 0xe0, 0x98, 0x31, 0xb7, 0x13, 0x03, + 0xce, 0x29, 0xe1, 0xef, 0x9d, 0xdf, 0x9b, 0xa5, + 0xba, 0x0b, 0xad, 0xf2, 0xeb, 0x2f, 0xf9, 0xd1 + }; +#endif +#endif + const unsigned char* der; +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \ + defined(WC_RSA_NO_PADDING) + int i; +#endif + + XMEMSET(msg, 0, sizeof(msg)); + + der = pubDer; + rsa = NULL; + ExpectNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz)); + + ExpectIntEQ(RSA_public_decrypt(0, NULL, NULL, NULL, 0), -1); + ExpectIntEQ(RSA_public_decrypt(-1, encMsg, decMsg, rsa, + RSA_PKCS1_PADDING), -1); + ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), NULL, decMsg, rsa, + RSA_PKCS1_PADDING), -1); + ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, NULL, rsa, + RSA_PKCS1_PADDING), -1); + ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, NULL, + RSA_PKCS1_PADDING), -1); + ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, rsa, + RSA_PKCS1_PSS_PADDING), -1); + + ExpectIntEQ(RSA_public_decrypt(sizeof(encMsg), encMsg, decMsg, rsa, + RSA_PKCS1_PADDING), 32); + ExpectIntEQ(XMEMCMP(decMsg, msg, sizeof(msg)), 0); + +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && HAVE_FIPS_VERSION > 2)) && \ + defined(WC_RSA_NO_PADDING) + ExpectIntEQ(RSA_public_decrypt(sizeof(encMsgNoPad), encMsgNoPad, decMsg, + rsa, RSA_NO_PADDING), sizeof(decMsg)); + /* Zeros before actual data. */ + for (i = 0; i < (int)(sizeof(decMsg) - sizeof(msg)); i += sizeof(msg)) { + ExpectIntEQ(XMEMCMP(decMsg + i, msg, sizeof(msg)), 0); + } + /* Check actual data. */ + XMEMSET(msg, 0x01, sizeof(msg)); + ExpectIntEQ(XMEMCMP(decMsg + i, msg, sizeof(msg)), 0); +#endif + + RSA_free(rsa); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_RSA_private_encrypt(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) + RSA *rsa; + unsigned char msg[SHA256_DIGEST_LENGTH]; +#ifdef USE_CERT_BUFFERS_1024 + const unsigned char* privDer = client_key_der_1024; + size_t privDerSz = sizeof_client_key_der_1024; + unsigned char encMsg[1024/8]; + const unsigned char expEncMsg[] = { + 0x45, 0x8e, 0x6e, 0x7a, 0x9c, 0xe1, 0x67, 0x36, + 0x72, 0xfc, 0x9d, 0x05, 0xdf, 0xc2, 0xaf, 0x54, + 0xc5, 0x2f, 0x94, 0xb8, 0xc7, 0x82, 0x40, 0xfa, + 0xa7, 0x8c, 0xb1, 0x89, 0x40, 0xc3, 0x59, 0x5a, + 0x77, 0x08, 0x54, 0x93, 0x43, 0x7f, 0xc4, 0xb7, + 0xc4, 0x78, 0xf1, 0xf8, 0xab, 0xbf, 0xc2, 0x81, + 0x5d, 0x97, 0xea, 0x7a, 0x60, 0x90, 0x51, 0xb7, + 0x47, 0x78, 0x48, 0x1e, 0x88, 0x6b, 0x89, 0xde, + 0xce, 0x41, 0x41, 0xae, 0x49, 0xf6, 0xfd, 0x2d, + 0x2d, 0x9c, 0x70, 0x7d, 0xf9, 0xcf, 0x77, 0x5f, + 0x06, 0xc7, 0x20, 0xe3, 0x57, 0xd4, 0xd8, 0x1a, + 0x96, 0xa2, 0x39, 0xb0, 0x6e, 0x8e, 0x68, 0xf8, + 0x57, 0x7b, 0x26, 0x88, 0x17, 0xc4, 0xb7, 0xf1, + 0x59, 0xfa, 0xb6, 0x95, 0xdd, 0x1e, 0xe8, 0xd8, + 0x4e, 0xbd, 0xcd, 0x41, 0xad, 0xc7, 0xe2, 0x39, + 0xb8, 0x00, 0xca, 0xf5, 0x59, 0xdf, 0xf8, 0x43 + }; +#ifdef WC_RSA_NO_PADDING + const unsigned char expEncMsgNoPad[] = { + 0x0d, 0x41, 0x5a, 0xc7, 0x60, 0xd7, 0xbe, 0xb6, + 0x42, 0xd1, 0x65, 0xb1, 0x7e, 0x59, 0x54, 0xcc, + 0x76, 0x62, 0xd0, 0x2f, 0x4d, 0xe3, 0x23, 0x62, + 0xc8, 0x14, 0xfe, 0x5e, 0xa1, 0xc7, 0x05, 0xee, + 0x9e, 0x28, 0x2e, 0xf5, 0xfd, 0xa4, 0xc0, 0x43, + 0x55, 0xa2, 0x6b, 0x6b, 0x16, 0xa7, 0x63, 0x06, + 0xa7, 0x78, 0x4f, 0xda, 0xae, 0x10, 0x6d, 0xd1, + 0x2e, 0x1d, 0xbb, 0xbc, 0xc4, 0x1d, 0x82, 0xe4, + 0xc6, 0x76, 0x77, 0xa6, 0x0a, 0xef, 0xd2, 0x89, + 0xff, 0x30, 0x85, 0x22, 0xa0, 0x68, 0x88, 0x54, + 0xa3, 0xd1, 0x92, 0xd1, 0x3f, 0x57, 0xe4, 0xc7, + 0x43, 0x5a, 0x8b, 0xb3, 0x86, 0xaf, 0xd5, 0x6d, + 0x07, 0xe1, 0xa0, 0x5f, 0xe1, 0x9a, 0x06, 0xba, + 0x56, 0xd2, 0xb0, 0x73, 0xf5, 0xb3, 0xd0, 0x5f, + 0xc0, 0xbf, 0x22, 0x4c, 0x54, 0x4e, 0x11, 0xe2, + 0xc5, 0xf8, 0x66, 0x39, 0x9d, 0x70, 0x90, 0x31 + }; +#endif +#else + const unsigned char* privDer = client_key_der_2048; + size_t privDerSz = sizeof_client_key_der_2048; + unsigned char encMsg[2048/8]; + const unsigned char expEncMsg[] = { + 0x16, 0x5d, 0xbb, 0x00, 0x38, 0x73, 0x01, 0x34, + 0xca, 0x59, 0xc6, 0x8b, 0x64, 0x70, 0x89, 0xf5, + 0x50, 0x2d, 0x1d, 0x69, 0x1f, 0x07, 0x1e, 0x31, + 0xae, 0x9b, 0xa6, 0x6e, 0xee, 0x80, 0xd9, 0x9e, + 0x59, 0x33, 0x70, 0x30, 0x28, 0x42, 0x7d, 0x24, + 0x36, 0x95, 0x6b, 0xf9, 0x0a, 0x23, 0xcb, 0xce, + 0x66, 0xa5, 0x07, 0x5e, 0x11, 0xa7, 0xdc, 0xfb, + 0xd9, 0xc2, 0x51, 0xf0, 0x05, 0xc9, 0x39, 0xb3, + 0xae, 0xff, 0xfb, 0xe9, 0xb1, 0x9a, 0x54, 0xac, + 0x1d, 0xca, 0x42, 0x1a, 0xfd, 0x7c, 0x97, 0xa0, + 0x60, 0x2b, 0xcd, 0xb6, 0x36, 0x33, 0xfc, 0x44, + 0x69, 0xf7, 0x2e, 0x8c, 0x3b, 0x5f, 0xb4, 0x9f, + 0xa7, 0x02, 0x8f, 0x6d, 0x6b, 0x79, 0x10, 0x32, + 0x7d, 0xf4, 0x5d, 0xa1, 0x63, 0x22, 0x59, 0xc4, + 0x44, 0x8e, 0x44, 0x24, 0x8b, 0x14, 0x9d, 0x2b, + 0xb5, 0xd3, 0xad, 0x9a, 0x87, 0x0d, 0xe7, 0x70, + 0x6d, 0xe9, 0xae, 0xaa, 0x52, 0xbf, 0x1a, 0x9b, + 0xc8, 0x3d, 0x45, 0x7c, 0xd1, 0x90, 0xe3, 0xd9, + 0x57, 0xcf, 0xc3, 0x29, 0x69, 0x05, 0x07, 0x96, + 0x2e, 0x46, 0x74, 0x0a, 0xa7, 0x76, 0x8b, 0xc0, + 0x1c, 0x04, 0x80, 0x08, 0xa0, 0x94, 0x7e, 0xbb, + 0x2d, 0x99, 0xe9, 0xab, 0x18, 0x4d, 0x48, 0x2d, + 0x94, 0x5e, 0x50, 0x21, 0x42, 0xdf, 0xf5, 0x61, + 0x42, 0x7d, 0x86, 0x5d, 0x9e, 0x89, 0xc9, 0x5b, + 0x24, 0xab, 0xa1, 0xd8, 0x20, 0x45, 0xcb, 0x81, + 0xcf, 0xc5, 0x25, 0x7d, 0x11, 0x6e, 0xbd, 0x80, + 0xac, 0xba, 0xdc, 0xef, 0xb9, 0x05, 0x9c, 0xd5, + 0xc2, 0x26, 0x57, 0x69, 0x8b, 0x08, 0x27, 0xc7, + 0xea, 0xbe, 0xaf, 0x52, 0x21, 0x95, 0x9f, 0xa0, + 0x2f, 0x2f, 0x53, 0x7c, 0x2f, 0xa3, 0x0b, 0x79, + 0x39, 0x01, 0xa3, 0x37, 0x46, 0xa8, 0xc4, 0x34, + 0x41, 0x20, 0x7c, 0x3f, 0x70, 0x9a, 0x47, 0xe8 + }; +#ifdef WC_RSA_NO_PADDING + const unsigned char expEncMsgNoPad[] = { + 0x79, 0x69, 0xdc, 0x0d, 0xff, 0x09, 0xeb, 0x91, + 0xbc, 0xda, 0xe4, 0xd3, 0xcd, 0xd5, 0xd3, 0x1c, + 0xb9, 0x66, 0xa8, 0x02, 0xf3, 0x75, 0x40, 0xf1, + 0x38, 0x4a, 0x37, 0x7b, 0x19, 0xc8, 0xcd, 0xea, + 0x79, 0xa8, 0x51, 0x32, 0x00, 0x3f, 0x4c, 0xde, + 0xaa, 0xe5, 0xe2, 0x7c, 0x10, 0xcd, 0x6e, 0x00, + 0xc6, 0xc4, 0x63, 0x98, 0x58, 0x9b, 0x38, 0xca, + 0xf0, 0x5d, 0xc8, 0xf0, 0x57, 0xf6, 0x21, 0x50, + 0x3f, 0x63, 0x05, 0x9f, 0xbf, 0xb6, 0x3b, 0x50, + 0x85, 0x06, 0x34, 0x08, 0x57, 0xb9, 0x44, 0xce, + 0xe4, 0x66, 0xbf, 0x0c, 0xfe, 0x36, 0xa4, 0x5b, + 0xed, 0x2d, 0x7d, 0xed, 0xf1, 0xbd, 0xda, 0x3e, + 0x19, 0x1f, 0x99, 0xc8, 0xe4, 0xc2, 0xbb, 0xb5, + 0x6c, 0x83, 0x22, 0xd1, 0xe7, 0x57, 0xcf, 0x1b, + 0x91, 0x0c, 0xa5, 0x47, 0x06, 0x71, 0x8f, 0x93, + 0xf3, 0xad, 0xdb, 0xe3, 0xf8, 0xa0, 0x0b, 0xcd, + 0x89, 0x4e, 0xa5, 0xb5, 0x03, 0x68, 0x61, 0x89, + 0x0b, 0xe2, 0x03, 0x8b, 0x1f, 0x54, 0xae, 0x0f, + 0xfa, 0xf0, 0xb7, 0x0f, 0x8c, 0x84, 0x35, 0x13, + 0x8d, 0x65, 0x1f, 0x2c, 0xd5, 0xce, 0xc4, 0x6c, + 0x98, 0x67, 0xe4, 0x1a, 0x85, 0x67, 0x69, 0x17, + 0x17, 0x5a, 0x5d, 0xfd, 0x23, 0xdd, 0x03, 0x3f, + 0x6d, 0x7a, 0xb6, 0x8b, 0x99, 0xc0, 0xb6, 0x70, + 0x86, 0xac, 0xf6, 0x02, 0xc2, 0x28, 0x42, 0xed, + 0x06, 0xcf, 0xca, 0x3d, 0x07, 0x16, 0xf0, 0x0e, + 0x04, 0x55, 0x1e, 0x59, 0x3f, 0x32, 0xc7, 0x12, + 0xc5, 0x0d, 0x9d, 0x64, 0x7d, 0x2e, 0xd4, 0xbc, + 0x8c, 0x24, 0x42, 0x94, 0x2b, 0xf6, 0x11, 0x7f, + 0xb1, 0x1c, 0x09, 0x12, 0x6f, 0x5e, 0x2e, 0x7a, + 0xc6, 0x01, 0xe0, 0x98, 0x31, 0xb7, 0x13, 0x03, + 0xce, 0x29, 0xe1, 0xef, 0x9d, 0xdf, 0x9b, 0xa5, + 0xba, 0x0b, 0xad, 0xf2, 0xeb, 0x2f, 0xf9, 0xd1 + }; +#endif +#endif + const unsigned char* der; + + XMEMSET(msg, 0x00, sizeof(msg)); + + der = privDer; + rsa = NULL; + ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz)); + + ExpectIntEQ(RSA_private_encrypt(0, NULL, NULL, NULL, 0), -1); + ExpectIntEQ(RSA_private_encrypt(0, msg, encMsg, rsa, RSA_PKCS1_PADDING), + -1); + ExpectIntEQ(RSA_private_encrypt(sizeof(msg), NULL, encMsg, rsa, + RSA_PKCS1_PADDING), -1); + ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, NULL, rsa, + RSA_PKCS1_PADDING), -1); + ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, NULL, + RSA_PKCS1_PADDING), -1); + ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa, + RSA_PKCS1_PSS_PADDING), -1); + + ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa, + RSA_PKCS1_PADDING), sizeof(encMsg)); + ExpectIntEQ(XMEMCMP(encMsg, expEncMsg, sizeof(expEncMsg)), 0); + +#ifdef WC_RSA_NO_PADDING + /* Non-zero message. */ + XMEMSET(msg, 0x01, sizeof(msg)); + ExpectIntEQ(RSA_private_encrypt(sizeof(msg), msg, encMsg, rsa, + RSA_NO_PADDING), sizeof(encMsg)); + ExpectIntEQ(XMEMCMP(encMsg, expEncMsgNoPad, sizeof(expEncMsgNoPad)), 0); +#endif + + RSA_free(rsa); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_RSA_public_encrypt(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) + RSA* rsa = NULL; + const unsigned char msg[2048/8] = { 0 }; + unsigned char encMsg[2048/8]; + + ExpectNotNull(rsa = RSA_new()); + + ExpectIntEQ(RSA_public_encrypt(-1, msg, encMsg, rsa, + RSA_PKCS1_PADDING), -1); + ExpectIntEQ(RSA_public_encrypt(sizeof(msg), NULL, encMsg, rsa, + RSA_PKCS1_PADDING), -1); + ExpectIntEQ(RSA_public_encrypt(sizeof(msg), msg, NULL, rsa, + RSA_PKCS1_PADDING), -1); + ExpectIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, NULL, + RSA_PKCS1_PADDING), -1); + ExpectIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, rsa, + RSA_PKCS1_PSS_PADDING), -1); + /* Empty RSA key. */ + ExpectIntEQ(RSA_public_encrypt(sizeof(msg), msg, encMsg, rsa, + RSA_PKCS1_PADDING), -1); + + RSA_free(rsa); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_RSA_private_decrypt(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) + RSA* rsa = NULL; + unsigned char msg[2048/8]; + const unsigned char encMsg[2048/8] = { 0 }; + + ExpectNotNull(rsa = RSA_new()); + + ExpectIntEQ(RSA_private_decrypt(-1, encMsg, msg, rsa, + RSA_PKCS1_PADDING), -1); + ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), NULL, msg, rsa, + RSA_PKCS1_PADDING), -1); + ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, NULL, rsa, + RSA_PKCS1_PADDING), -1); + ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, NULL, + RSA_PKCS1_PADDING), -1); + ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, rsa, + RSA_PKCS1_PSS_PADDING), -1); + /* Empty RSA key. */ + ExpectIntEQ(RSA_private_decrypt(sizeof(encMsg), encMsg, msg, rsa, + RSA_PKCS1_PADDING), -1); + + RSA_free(rsa); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_RSA_GenAdd(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) + RSA *rsa; +#ifdef USE_CERT_BUFFERS_1024 + const unsigned char* privDer = client_key_der_1024; + size_t privDerSz = sizeof_client_key_der_1024; + const unsigned char* pubDer = client_keypub_der_1024; + size_t pubDerSz = sizeof_client_keypub_der_1024; +#else + const unsigned char* privDer = client_key_der_2048; + size_t privDerSz = sizeof_client_key_der_2048; + const unsigned char* pubDer = client_keypub_der_2048; + size_t pubDerSz = sizeof_client_keypub_der_2048; +#endif + const unsigned char* der; + + der = privDer; + rsa = NULL; + ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz)); + + ExpectIntEQ(wolfSSL_RSA_GenAdd(NULL), -1); +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ + !defined(RSA_LOW_MEM) + ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), 1); +#else + /* dmp1 and dmq1 are not set (allocated) in this config */ + ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), -1); +#endif + + RSA_free(rsa); + der = pubDer; + rsa = NULL; + ExpectNotNull(d2i_RSAPublicKey(&rsa, &der, pubDerSz)); + /* Need private values. */ + ExpectIntEQ(wolfSSL_RSA_GenAdd(rsa), -1); + + RSA_free(rsa); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_RSA_blinding_on(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) && !defined(NO_RSA) && !defined(NO_WOLFSSL_STUB) + RSA *rsa; + WOLFSSL_BN_CTX *bnCtx = NULL; +#ifdef USE_CERT_BUFFERS_1024 + const unsigned char* privDer = client_key_der_1024; + size_t privDerSz = sizeof_client_key_der_1024; +#else + const unsigned char* privDer = client_key_der_2048; + size_t privDerSz = sizeof_client_key_der_2048; +#endif + const unsigned char* der; + + der = privDer; + rsa = NULL; + ExpectNotNull(d2i_RSAPrivateKey(&rsa, &der, privDerSz)); + ExpectNotNull(bnCtx = wolfSSL_BN_CTX_new()); + + /* Does nothing so all parameters are valid. */ + ExpectIntEQ(wolfSSL_RSA_blinding_on(NULL, NULL), 1); + ExpectIntEQ(wolfSSL_RSA_blinding_on(rsa, NULL), 1); + ExpectIntEQ(wolfSSL_RSA_blinding_on(NULL, bnCtx), 1); + ExpectIntEQ(wolfSSL_RSA_blinding_on(rsa, bnCtx), 1); + + wolfSSL_BN_CTX_free(bnCtx); + RSA_free(rsa); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_RSA_ex_data(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) + RSA* rsa = NULL; + unsigned char data[1]; + + ExpectNotNull(rsa = RSA_new()); + + ExpectNull(wolfSSL_RSA_get_ex_data(NULL, 0)); + ExpectNull(wolfSSL_RSA_get_ex_data(rsa, 0)); +#ifdef MAX_EX_DATA + ExpectNull(wolfSSL_RSA_get_ex_data(rsa, MAX_EX_DATA)); + ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, MAX_EX_DATA, data), 0); +#endif + ExpectIntEQ(wolfSSL_RSA_set_ex_data(NULL, 0, NULL), 0); + ExpectIntEQ(wolfSSL_RSA_set_ex_data(NULL, 0, data), 0); + +#ifdef HAVE_EX_DATA + ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, NULL), 1); + ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, data), 1); + ExpectPtrEq(wolfSSL_RSA_get_ex_data(rsa, 0), data); +#else + ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, NULL), 0); + ExpectIntEQ(wolfSSL_RSA_set_ex_data(rsa, 0, data), 0); + ExpectNull(wolfSSL_RSA_get_ex_data(rsa, 0)); +#endif + + RSA_free(rsa); +#endif /* !NO_RSA && OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +int test_wolfSSL_RSA_LoadDer(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) + RSA *rsa = NULL; +#ifdef USE_CERT_BUFFERS_1024 + const unsigned char* privDer = client_key_der_1024; + size_t privDerSz = sizeof_client_key_der_1024; +#else + const unsigned char* privDer = client_key_der_2048; + size_t privDerSz = sizeof_client_key_der_2048; +#endif + + ExpectNotNull(rsa = RSA_new()); + + ExpectIntEQ(wolfSSL_RSA_LoadDer(NULL, privDer, (int)privDerSz), -1); + ExpectIntEQ(wolfSSL_RSA_LoadDer(rsa, NULL, (int)privDerSz), -1); + ExpectIntEQ(wolfSSL_RSA_LoadDer(rsa, privDer, 0), -1); + + ExpectIntEQ(wolfSSL_RSA_LoadDer(rsa, privDer, (int)privDerSz), 1); + + RSA_free(rsa); +#endif /* !NO_RSA && OPENSSL_EXTRA */ + return EXPECT_RESULT(); +} + +/* Local API. */ +int test_wolfSSL_RSA_To_Der(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_TEST_STATIC_BUILD +#if defined(WOLFSSL_KEY_GEN) && defined(OPENSSL_EXTRA) && !defined(NO_RSA) + RSA* rsa; +#ifdef USE_CERT_BUFFERS_1024 + const unsigned char* privDer = client_key_der_1024; + size_t privDerSz = sizeof_client_key_der_1024; + const unsigned char* pubDer = client_keypub_der_1024; + size_t pubDerSz = sizeof_client_keypub_der_1024; + unsigned char out[sizeof(client_key_der_1024)]; +#else + const unsigned char* privDer = client_key_der_2048; + size_t privDerSz = sizeof_client_key_der_2048; + const unsigned char* pubDer = client_keypub_der_2048; + size_t pubDerSz = sizeof_client_keypub_der_2048; + unsigned char out[sizeof(client_key_der_2048)]; +#endif + const unsigned char* der; + unsigned char* outDer = NULL; + + der = privDer; + rsa = NULL; + ExpectNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz)); + + ExpectIntEQ(wolfSSL_RSA_To_Der(NULL, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 2, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, NULL, 0, HEAP_HINT), privDerSz); + outDer = out; + ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), privDerSz); + ExpectIntEQ(XMEMCMP(out, privDer, privDerSz), 0); + outDer = NULL; + ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), privDerSz); + ExpectNotNull(outDer); + ExpectIntEQ(XMEMCMP(outDer, privDer, privDerSz), 0); + XFREE(outDer, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, NULL, 1, HEAP_HINT), pubDerSz); + outDer = out; + ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), pubDerSz); + ExpectIntEQ(XMEMCMP(out, pubDer, pubDerSz), 0); + + RSA_free(rsa); + + ExpectNotNull(rsa = RSA_new()); + ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 1, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + RSA_free(rsa); + + der = pubDer; + rsa = NULL; + ExpectNotNull(wolfSSL_d2i_RSAPublicKey(&rsa, &der, pubDerSz)); + ExpectIntEQ(wolfSSL_RSA_To_Der(rsa, &outDer, 0, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + RSA_free(rsa); +#endif +#endif + return EXPECT_RESULT(); +} + +/* wolfSSL_PEM_read_RSAPublicKey is a stub function. */ +int test_wolfSSL_PEM_read_RSAPublicKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) + XFILE file = XBADFILE; + const char* fname = "./certs/server-keyPub.pem"; + RSA *rsa = NULL; + + ExpectNull(wolfSSL_PEM_read_RSAPublicKey(XBADFILE, NULL, NULL, NULL)); + + ExpectTrue((file = XFOPEN(fname, "rb")) != XBADFILE); + ExpectNotNull(rsa = PEM_read_RSA_PUBKEY(file, NULL, NULL, NULL)); + ExpectIntEQ(RSA_size(rsa), 256); + RSA_free(rsa); + if (file != XBADFILE) + XFCLOSE(file); +#endif + return EXPECT_RESULT(); +} + +/* wolfSSL_PEM_read_RSAPublicKey is a stub function. */ +int test_wolfSSL_PEM_write_RSA_PUBKEY(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && !defined(NO_FILESYSTEM) && \ + defined(WOLFSSL_KEY_GEN) + RSA* rsa = NULL; + + ExpectIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(XBADFILE, NULL), 0); + ExpectIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(stderr, NULL), 0); + /* Valid but stub so returns 0. */ + ExpectIntEQ(wolfSSL_PEM_write_RSA_PUBKEY(stderr, rsa), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_write_RSAPrivateKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \ + (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) && \ + !defined(NO_FILESYSTEM) + RSA* rsa = NULL; +#ifdef USE_CERT_BUFFERS_1024 + const unsigned char* privDer = client_key_der_1024; + size_t privDerSz = sizeof_client_key_der_1024; +#else + const unsigned char* privDer = client_key_der_2048; + size_t privDerSz = sizeof_client_key_der_2048; +#endif + const unsigned char* der; +#ifndef NO_AES + unsigned char passwd[] = "password"; +#endif + + ExpectNotNull(rsa = RSA_new()); + ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0, + NULL, NULL), 0); + RSA_free(rsa); + + der = privDer; + rsa = NULL; + ExpectNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz)); + + ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(XBADFILE, rsa, NULL, NULL, 0, + NULL, NULL), 0); + ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, NULL, NULL, NULL, 0, + NULL, NULL), 0); + + ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, NULL, NULL, 0, + NULL, NULL), 1); +#if !defined(NO_AES) && defined(HAVE_AES_CBC) + ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, EVP_aes_128_cbc(), + NULL, 0, NULL, NULL), 1); + ExpectIntEQ(wolfSSL_PEM_write_RSAPrivateKey(stderr, rsa, EVP_aes_128_cbc(), + passwd, sizeof(passwd) - 1, NULL, NULL), 1); +#endif + + RSA_free(rsa); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_PEM_write_mem_RSAPrivateKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN) && \ + (defined(WOLFSSL_PEM_TO_DER) || defined(WOLFSSL_DER_TO_PEM)) + RSA* rsa = NULL; +#ifdef USE_CERT_BUFFERS_1024 + const unsigned char* privDer = client_key_der_1024; + size_t privDerSz = sizeof_client_key_der_1024; +#else + const unsigned char* privDer = client_key_der_2048; + size_t privDerSz = sizeof_client_key_der_2048; +#endif + const unsigned char* der; +#ifndef NO_AES + unsigned char passwd[] = "password"; +#endif + unsigned char* pem = NULL; + int plen; + + ExpectNotNull(rsa = RSA_new()); + ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem, + &plen), 0); + RSA_free(rsa); + + der = privDer; + rsa = NULL; + ExpectNotNull(wolfSSL_d2i_RSAPrivateKey(&rsa, &der, privDerSz)); + + ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(NULL, NULL, NULL, 0, &pem, + &plen), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, NULL, + &plen), 0); + ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem, + NULL), 0); + + ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, NULL, NULL, 0, &pem, + &plen), 1); + XFREE(pem, NULL, DYNAMIC_TYPE_KEY); + pem = NULL; +#if !defined(NO_AES) && defined(HAVE_AES_CBC) + ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, EVP_aes_128_cbc(), + NULL, 0, &pem, &plen), 1); + XFREE(pem, NULL, DYNAMIC_TYPE_KEY); + pem = NULL; + ExpectIntEQ(wolfSSL_PEM_write_mem_RSAPrivateKey(rsa, EVP_aes_128_cbc(), + passwd, sizeof(passwd) - 1, &pem, &plen), 1); + XFREE(pem, NULL, DYNAMIC_TYPE_KEY); +#endif + + RSA_free(rsa); +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_rsa.h b/test/ssl/wolfssl/tests/api/test_ossl_rsa.h new file mode 100644 index 000000000..d6ce93630 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_rsa.h @@ -0,0 +1,77 @@ +/* test_ossl_rsa.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_OSSL_RSA_H +#define WOLFCRYPT_TEST_OSSL_RSA_H + +#include + +int test_wolfSSL_RSA(void); +int test_wolfSSL_RSA_DER(void); +int test_wolfSSL_RSA_print(void); +int test_wolfSSL_RSA_padding_add_PKCS1_PSS(void); +int test_wolfSSL_RSA_sign_sha3(void); +int test_wolfSSL_RSA_get0_key(void); +int test_wolfSSL_RSA_meth(void); +int test_wolfSSL_RSA_verify(void); +int test_wolfSSL_RSA_sign(void); +int test_wolfSSL_RSA_sign_ex(void); +int test_wolfSSL_RSA_public_decrypt(void); +int test_wolfSSL_RSA_private_encrypt(void); +int test_wolfSSL_RSA_public_encrypt(void); +int test_wolfSSL_RSA_private_decrypt(void); +int test_wolfSSL_RSA_GenAdd(void); +int test_wolfSSL_RSA_blinding_on(void); +int test_wolfSSL_RSA_ex_data(void); +int test_wolfSSL_RSA_LoadDer(void); +int test_wolfSSL_RSA_To_Der(void); +int test_wolfSSL_PEM_read_RSAPublicKey(void); +int test_wolfSSL_PEM_write_RSA_PUBKEY(void); +int test_wolfSSL_PEM_write_RSAPrivateKey(void); +int test_wolfSSL_PEM_write_mem_RSAPrivateKey(void); + +#define TEST_OSSL_RSA_DECLS \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_DER), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_print), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_padding_add_PKCS1_PSS), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_sign_sha3), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_get0_key), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_meth), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_verify), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_sign), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_sign_ex), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_public_decrypt), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_private_encrypt), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_public_encrypt), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_private_decrypt), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_GenAdd), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_blinding_on), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_ex_data), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_LoadDer), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_RSA_To_Der), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_PEM_read_RSAPublicKey), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_PEM_write_RSA_PUBKEY), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_PEM_write_RSAPrivateKey), \ + TEST_DECL_GROUP("ossl_rsa", test_wolfSSL_PEM_write_mem_RSAPrivateKey) + +#endif /* WOLFCRYPT_TEST_OSSL_RSA_H */ + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_sk.c b/test/ssl/wolfssl/tests/api/test_ossl_sk.c new file mode 100644 index 000000000..9cfe8306a --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_sk.c @@ -0,0 +1,486 @@ +/* test_ossl_sk.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + + +int test_wolfSSL_sk_new_free_node(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) + WOLFSSL_STACK* node = NULL; + + wolfSSL_sk_free_node(NULL); + + ExpectNotNull(node = wolfSSL_sk_new_node(HEAP_HINT)); + wolfSSL_sk_free_node(node); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_sk_push_get_node(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && defined(OPENSSL_EXTRA) + WOLFSSL_STACK* stack = NULL; + WOLFSSL_STACK* node1 = NULL; + WOLFSSL_STACK* node2 = NULL; + WOLFSSL_STACK* node; + + ExpectNotNull(node1 = wolfSSL_sk_new_node(HEAP_HINT)); + ExpectNotNull(node2 = wolfSSL_sk_new_node(HEAP_HINT)); + + ExpectNull(wolfSSL_sk_get_node(NULL, -1)); + ExpectNull(wolfSSL_sk_get_node(stack, -1)); + + ExpectIntEQ(wolfSSL_sk_push_node(NULL, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_sk_push_node(&stack, NULL), WOLFSSL_FAILURE); + ExpectIntEQ(wolfSSL_sk_push_node(NULL, node1), WOLFSSL_FAILURE); + + ExpectIntEQ(wolfSSL_sk_push_node(&stack, node1), WOLFSSL_SUCCESS); + ExpectPtrEq(stack, node1); + ExpectIntEQ(wolfSSL_sk_push_node(&stack, node2), WOLFSSL_SUCCESS); + ExpectPtrEq(stack, node2); + + ExpectNull(wolfSSL_sk_get_node(stack, -1)); + ExpectNull(wolfSSL_sk_get_node(stack, 2)); + + ExpectNotNull(node = wolfSSL_sk_get_node(stack, 1)); + ExpectPtrEq(node, node1); + ExpectNotNull(node = wolfSSL_sk_get_node(stack, 0)); + ExpectPtrEq(node, node2); + + wolfSSL_sk_free_node(node2); + wolfSSL_sk_free_node(node1); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_sk_free(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) + WOLFSSL_STACK* stack = NULL; + + wolfSSL_sk_free(NULL); + + /* If there is ever a public API that creates a stack with the same ifdef + * protection then use it here instead of wolfSSL_sk_new_node(). */ + ExpectNotNull(stack = wolfSSL_sk_new_node(HEAP_HINT)); + wolfSSL_sk_free(stack); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_sk_push_pop(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \ + !defined(NO_CERTS) + WOLFSSL_STACK* stack = NULL; + unsigned char data_1[1] = { 1 }; + unsigned char data_2[1] = { 2 }; + unsigned char data_3[1] = { 3 }; + + /* If there is ever a public API that creates a stack with the same ifdef + * protection then use it here instead of wolfSSL_sk_new_node(). */ + ExpectNotNull(stack = wolfSSL_sk_new_node(HEAP_HINT)); + /* First node created and now have something to put data onto. */ + + ExpectIntEQ(wolfSSL_sk_push(NULL , NULL ), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_sk_push(NULL , data_1), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_sk_push(stack, NULL ), WOLFSSL_FAILURE); + + ExpectNull(wolfSSL_sk_pop(NULL)); + + ExpectIntEQ(wolfSSL_sk_push(stack, data_1), 1); + ExpectIntEQ(wolfSSL_sk_push(stack, data_2), 2); + ExpectIntEQ(wolfSSL_sk_push(stack, data_3), 3); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_3); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_2); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_1); + ExpectIntEQ(wolfSSL_sk_push(stack, data_3), 1); + ExpectIntEQ(wolfSSL_sk_push(stack, data_2), 2); + ExpectIntEQ(wolfSSL_sk_push(stack, data_1), 3); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_1); + ExpectIntEQ(wolfSSL_sk_push(stack, data_1), 3); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_1); + + wolfSSL_sk_free(stack); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_sk_insert(void) +{ + EXPECT_DECLS; +#if (defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL)) && \ + !defined(NO_CERTS) + WOLFSSL_STACK* stack = NULL; + unsigned char data_1[1] = { 1 }; + unsigned char data_2[1] = { 2 }; + unsigned char data_3[1] = { 3 }; + + /* If there is ever a public API that creates a stack with the same ifdef + * protection then use it here instead of wolfSSL_sk_new_node(). */ + ExpectNotNull(stack = wolfSSL_sk_new_node(HEAP_HINT)); + /* First node created and now have something to put data onto. */ + + ExpectIntEQ(wolfSSL_sk_insert(NULL , NULL , 0), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_sk_insert(NULL , data_1, 0), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_sk_insert(stack, NULL , 0), WOLFSSL_FAILURE); + + ExpectIntEQ(wolfSSL_sk_insert(stack, data_1, 0), 1); + ExpectIntEQ(wolfSSL_sk_insert(stack, data_2, 0), 2); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_1); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_2); + /* Zero or negative creates a node at the bottom of the stack. */ + ExpectIntEQ(wolfSSL_sk_insert(stack, data_1, -2), 1); + ExpectIntEQ(wolfSSL_sk_insert(stack, data_2, -2), 2); + ExpectIntEQ(wolfSSL_sk_insert(stack, data_3, -2), 3); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_3); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_2); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_1); + ExpectIntEQ(wolfSSL_sk_insert(stack, data_1, 0), 1); + ExpectIntEQ(wolfSSL_sk_insert(stack, data_2, 1), 2); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_2); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_1); + ExpectIntEQ(wolfSSL_sk_insert(stack, data_1, 1), 1); + ExpectIntEQ(wolfSSL_sk_insert(stack, data_2, 0), 2); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_1); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_2); + ExpectIntEQ(wolfSSL_sk_insert(stack, data_1, 1), 1); + ExpectIntEQ(wolfSSL_sk_insert(stack, data_2, 1), 2); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_2); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_1); + ExpectIntEQ(wolfSSL_sk_insert(stack, data_1, 2), 1); + ExpectIntEQ(wolfSSL_sk_insert(stack, data_2, 1), 2); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_2); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_1); + ExpectIntEQ(wolfSSL_sk_insert(stack, data_1, 1), 1); + ExpectIntEQ(wolfSSL_sk_insert(stack, data_2, 2), 2); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_2); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_1); + + wolfSSL_sk_free(stack); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_shallow_sk_dup(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) + WOLFSSL_STACK* stack = NULL; + WOLFSSL_STACK* stack_dup = NULL; + unsigned char data_1[1] = { 1 }; + unsigned char data_2[1] = { 2 }; + unsigned char data_3[1] = { 3 }; + + ExpectNull(wolfSSL_shallow_sk_dup(NULL)); + + /* If there is ever a public API that creates a stack with the same ifdef + * protection then use it here instead of wolfSSL_sk_new_node(). */ + ExpectNotNull(stack = wolfSSL_sk_new_node(HEAP_HINT)); + /* First node created and now have something to put data onto. */ + + ExpectIntEQ(wolfSSL_sk_insert(stack, data_1, 0), 1); + ExpectIntEQ(wolfSSL_sk_insert(stack, data_2, 0), 2); + ExpectIntEQ(wolfSSL_sk_insert(stack, data_3, 0), 3); + ExpectNotNull(stack_dup = wolfSSL_shallow_sk_dup(stack)); + ExpectPtrEq(wolfSSL_sk_pop(stack_dup), data_1); + ExpectPtrEq(wolfSSL_sk_pop(stack_dup), data_2); + ExpectPtrEq(wolfSSL_sk_pop(stack_dup), data_3); + + wolfSSL_sk_free(stack_dup); + wolfSSL_sk_free(stack); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_sk_num(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) + WOLFSSL_STACK* stack = NULL; + unsigned char data_1[1] = { 1 }; + unsigned char data_2[1] = { 2 }; + unsigned char data_3[1] = { 3 }; + + ExpectIntEQ(wolfSSL_sk_num(NULL), 0); + + /* If there is ever a public API that creates a stack with the same ifdef + * protection then use it here instead of wolfSSL_sk_new_node(). */ + ExpectNotNull(stack = wolfSSL_sk_new_node(HEAP_HINT)); + /* First node created and now have something to put data onto. */ + + ExpectIntEQ(wolfSSL_sk_push(stack, data_1), 1); + ExpectIntEQ(wolfSSL_sk_num(stack), 1); + ExpectIntEQ(wolfSSL_sk_push(stack, data_2), 2); + ExpectIntEQ(wolfSSL_sk_num(stack), 2); + ExpectIntEQ(wolfSSL_sk_push(stack, data_3), 3); + ExpectIntEQ(wolfSSL_sk_num(stack), 3); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_3); + ExpectIntEQ(wolfSSL_sk_num(stack), 2); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_2); + ExpectIntEQ(wolfSSL_sk_num(stack), 1); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_1); + ExpectIntEQ(wolfSSL_sk_num(stack), 0); + ExpectIntEQ(wolfSSL_sk_push(stack, data_3), 1); + ExpectIntEQ(wolfSSL_sk_num(stack), 1); + ExpectIntEQ(wolfSSL_sk_push(stack, data_2), 2); + ExpectIntEQ(wolfSSL_sk_num(stack), 2); + ExpectIntEQ(wolfSSL_sk_push(stack, data_1), 3); + ExpectIntEQ(wolfSSL_sk_num(stack), 3); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_1); + ExpectIntEQ(wolfSSL_sk_num(stack), 2); + ExpectIntEQ(wolfSSL_sk_push(stack, data_1), 3); + ExpectIntEQ(wolfSSL_sk_num(stack), 3); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_1); + ExpectIntEQ(wolfSSL_sk_num(stack), 2); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_2); + ExpectIntEQ(wolfSSL_sk_num(stack), 1); + ExpectIntEQ(wolfSSL_sk_push(stack, data_2), 2); + ExpectIntEQ(wolfSSL_sk_num(stack), 2); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_2); + ExpectIntEQ(wolfSSL_sk_num(stack), 1); + ExpectPtrEq(wolfSSL_sk_pop(stack), data_3); + ExpectIntEQ(wolfSSL_sk_num(stack), 0); + + wolfSSL_sk_free(stack); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_sk_value(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) + WOLFSSL_STACK* stack = NULL; + unsigned char data_1[1] = { 1 }; + unsigned char data_2[1] = { 2 }; + unsigned char data_3[1] = { 3 }; + + /* If there is ever a public API that creates a stack with the same ifdef + * protection then use it here instead of wolfSSL_sk_new_node(). */ + ExpectNotNull(stack = wolfSSL_sk_new_node(HEAP_HINT)); + /* First node created and now have something to put data onto. */ + + ExpectNull(wolfSSL_sk_value(NULL, -1)); + ExpectNull(wolfSSL_sk_value(NULL, 1)); + ExpectNull(wolfSSL_sk_value(stack, -1)); + ExpectNull(wolfSSL_sk_value(stack, 0)); + + ExpectIntEQ(wolfSSL_sk_push(stack, data_1), 1); + ExpectNull(wolfSSL_sk_value(stack, 1)); + ExpectPtrEq(wolfSSL_sk_value(stack, 0), data_1); + ExpectIntEQ(wolfSSL_sk_push(stack, data_2), 2); + ExpectNull(wolfSSL_sk_value(stack, 2)); + ExpectPtrEq(wolfSSL_sk_value(stack, 1), data_2); + ExpectPtrEq(wolfSSL_sk_value(stack, 0), data_1); + ExpectIntEQ(wolfSSL_sk_push(stack, data_3), 3); + ExpectNull(wolfSSL_sk_value(stack, 3)); + ExpectPtrEq(wolfSSL_sk_value(stack, 2), data_3); + ExpectPtrEq(wolfSSL_sk_value(stack, 1), data_2); + ExpectPtrEq(wolfSSL_sk_value(stack, 0), data_1); + + wolfSSL_sk_free(stack); +#endif + return EXPECT_RESULT(); +} + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) +static void test_sk_xfree(void* data) +{ + XFREE(data, NULL, DYNAMIC_TYPE_OPENSSL); +} +#endif + +int test_wolfssl_sk_GENERIC(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) + WOLFSSL_STACK* stack = NULL; + unsigned char data_1[1] = { 1 }; + unsigned char data_2[1] = { 2 }; + unsigned char data_3[1] = { 3 }; + char* str_1 = NULL; + + /* If there is ever a public API that creates a stack with the same ifdef + * protection then use it here instead of wolfSSL_sk_new_node(). */ + ExpectNotNull(stack = wolfSSL_sk_new_node(HEAP_HINT)); + + ExpectIntEQ(wolfSSL_sk_GENERIC_push(stack, data_1), 1); + ExpectNull(wolfSSL_sk_value(stack, 1)); + ExpectPtrEq(wolfSSL_sk_value(stack, 0), data_1); + ExpectIntEQ(wolfSSL_sk_GENERIC_push(stack, data_2), 2); + ExpectNull(wolfSSL_sk_value(stack, 2)); + ExpectPtrEq(wolfSSL_sk_value(stack, 1), data_2); + ExpectPtrEq(wolfSSL_sk_value(stack, 0), data_1); + ExpectIntEQ(wolfSSL_sk_GENERIC_push(stack, data_3), 3); + ExpectNull(wolfSSL_sk_value(stack, 3)); + ExpectPtrEq(wolfSSL_sk_value(stack, 2), data_3); + ExpectPtrEq(wolfSSL_sk_value(stack, 1), data_2); + ExpectPtrEq(wolfSSL_sk_value(stack, 0), data_1); + + wolfSSL_sk_GENERIC_free(stack); + stack = NULL; + + /* If there is ever a public API that creates a stack with the same ifdef + * protection then use it here instead of wolfSSL_sk_new_node(). */ + ExpectNotNull(stack = wolfSSL_sk_new_node(HEAP_HINT)); + wolfSSL_sk_GENERIC_pop_free(stack, test_sk_xfree); + + /* If there is ever a public API that creates a stack with the same ifdef + * protection then use it here instead of wolfSSL_sk_new_node(). */ + ExpectNotNull(stack = wolfSSL_sk_new_node(HEAP_HINT)); + ExpectNotNull(str_1 = (char*)XMALLOC(2, NULL, DYNAMIC_TYPE_OPENSSL)); + if (EXPECT_SUCCESS()) { + XSTRNCPY(str_1, "1", 2); + } + ExpectIntEQ(wolfSSL_sk_GENERIC_push(stack, str_1), 1); + if (EXPECT_FAIL()) { + XFREE(str_1, NULL, DYNAMIC_TYPE_OPENSSL); + } + + wolfSSL_sk_GENERIC_pop_free(NULL, NULL); + wolfSSL_sk_GENERIC_pop_free(NULL, test_sk_xfree); + wolfSSL_sk_GENERIC_pop_free(stack, test_sk_xfree); +#endif + return EXPECT_RESULT(); +} + +int test_wolfssl_sk_SSL_COMP(void) +{ + EXPECT_DECLS; +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_WPAS_SMALL) + ExpectIntEQ(wolfSSL_sk_SSL_COMP_num(NULL), 0); +#endif + +#if defined(OPENSSL_EXTRA) && !defined(NO_WOLFSSL_STUB) + ExpectIntEQ(wolfSSL_sk_SSL_COMP_zero(NULL), WOLFSSL_FAILURE); +#endif + return EXPECT_RESULT(); +} + +int test_wolfSSL_sk_CIPHER(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_QT) || defined(OPENSSL_ALL) + /* TODO: figure out a way to get a WOLFSSL_CIPHER to test with. */ + WOLFSSL_STACK* ciphers = NULL; + + ExpectNotNull(ciphers = wolfSSL_sk_new_cipher()); + +#ifndef NO_WOLFSSL_STUB + ExpectNull(wolfSSL_sk_CIPHER_pop(NULL)); + ExpectNull(wolfSSL_sk_CIPHER_pop(ciphers)); +#endif + + ExpectIntEQ(wolfSSL_sk_CIPHER_push(NULL, NULL), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_sk_CIPHER_push(ciphers, NULL), WOLFSSL_FAILURE); + +#ifdef OPENSSL_EXTRA + wolfSSL_sk_CIPHER_free(NULL); + wolfSSL_sk_CIPHER_free(ciphers); +#else + wolfSSL_sk_free(ciphers); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wolfssl_sk_WOLFSSL_STRING(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_NGINX) || defined(WOLFSSL_HAPROXY) || \ + defined(OPENSSL_EXTRA) || defined(OPENSSL_ALL) + WOLF_STACK_OF(WOLFSSL_STRING)* strings = NULL; + char* str_1 = NULL; + char* str = NULL; + + ExpectNotNull(str_1 = (char*)XMALLOC(2, NULL, DYNAMIC_TYPE_OPENSSL)); + if (str_1 != NULL) { + XSTRNCPY(str_1, "1", 2); + } + + ExpectNotNull(strings = wolfSSL_sk_WOLFSSL_STRING_new()); + ExpectIntEQ(wolfSSL_sk_WOLFSSL_STRING_num(strings), 0); + + ExpectNull(wolfSSL_sk_WOLFSSL_STRING_value(NULL, 0)); + ExpectNull(wolfSSL_sk_WOLFSSL_STRING_value(NULL, 1)); + ExpectNull(wolfSSL_sk_WOLFSSL_STRING_value(strings, -1)); + ExpectNull(wolfSSL_sk_WOLFSSL_STRING_value(strings, 0)); + + ExpectIntEQ(wolfSSL_sk_push(strings, str_1), 1); + ExpectIntEQ(wolfSSL_sk_WOLFSSL_STRING_num(strings), 1); + ExpectNull(wolfSSL_sk_WOLFSSL_STRING_value(strings, 1)); + ExpectPtrEq(str = wolfSSL_sk_WOLFSSL_STRING_value(strings, 0), str_1); + if (str != str_1) { + XFREE(str_1, NULL, DYNAMIC_TYPE_OPENSSL); + } + + wolfSSL_sk_WOLFSSL_STRING_free(NULL); + wolfSSL_sk_WOLFSSL_STRING_free(strings); +#endif + return EXPECT_RESULT(); +} + +int test_wolfssl_lh_retrieve(void) +{ + EXPECT_DECLS; +#if !defined(NO_CERTS) && defined(OPENSSL_EXTRA) && defined(OPENSSL_ALL) + WOLFSSL_STACK* stack = NULL; + unsigned char data_1[1] = { 1 }; + + /* If there is ever a public API that creates a stack with the same ifdef + * protection then use it here instead of wolfSSL_sk_new_node(). */ + ExpectNotNull(stack = wolfSSL_sk_new_node(HEAP_HINT)); + + ExpectNull(wolfSSL_lh_retrieve(NULL, NULL)); + ExpectNull(wolfSSL_lh_retrieve(stack, NULL)); + ExpectNull(wolfSSL_lh_retrieve(NULL, data_1)); + /* No hash function. */ + ExpectNull(wolfSSL_lh_retrieve(stack, data_1)); + + ExpectIntEQ(wolfSSL_sk_push(stack, data_1), 1); + /* No hash function - data present. */ + ExpectNull(wolfSSL_lh_retrieve(stack, data_1)); + + /* No public API to set hash function. */ + + wolfSSL_sk_free(stack); +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_ossl_sk.h b/test/ssl/wolfssl/tests/api/test_ossl_sk.h new file mode 100644 index 000000000..0ab75398e --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ossl_sk.h @@ -0,0 +1,57 @@ +/* test_ossl_sk.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_SSL_SK_H +#define WOLFCRYPT_TEST_SSL_SK_H + +#include + +int test_wolfSSL_sk_new_free_node(void); +int test_wolfSSL_sk_push_get_node(void); +int test_wolfSSL_sk_free(void); +int test_wolfSSL_sk_push_pop(void); +int test_wolfSSL_sk_insert(void); +int test_wolfSSL_shallow_sk_dup(void); +int test_wolfSSL_sk_num(void); +int test_wolfSSL_sk_value(void); +int test_wolfssl_sk_GENERIC(void); +int test_wolfssl_sk_SSL_COMP(void); +int test_wolfSSL_sk_CIPHER(void); +int test_wolfssl_sk_WOLFSSL_STRING(void); +int test_wolfssl_lh_retrieve(void); + +#define TEST_SSL_SK_DECLS \ + TEST_DECL_GROUP("ossl_sk", test_wolfSSL_sk_new_free_node), \ + TEST_DECL_GROUP("ossl_sk", test_wolfSSL_sk_push_get_node), \ + TEST_DECL_GROUP("ossl_sk", test_wolfSSL_sk_free), \ + TEST_DECL_GROUP("ossl_sk", test_wolfSSL_sk_push_pop), \ + TEST_DECL_GROUP("ossl_sk", test_wolfSSL_sk_insert), \ + TEST_DECL_GROUP("ossl_sk", test_wolfSSL_shallow_sk_dup), \ + TEST_DECL_GROUP("ossl_sk", test_wolfSSL_sk_num), \ + TEST_DECL_GROUP("ossl_sk", test_wolfSSL_sk_value), \ + TEST_DECL_GROUP("ossl_sk", test_wolfssl_sk_GENERIC), \ + TEST_DECL_GROUP("ossl_sk", test_wolfssl_sk_SSL_COMP), \ + TEST_DECL_GROUP("ossl_sk", test_wolfSSL_sk_CIPHER), \ + TEST_DECL_GROUP("ossl_sk", test_wolfssl_sk_WOLFSSL_STRING), \ + TEST_DECL_GROUP("ossl_sk", test_wolfssl_lh_retrieve) + +#endif /* WOLFCRYPT_TEST_SSL_SK_H */ + diff --git a/test/ssl/wolfssl/tests/api/test_pkcs12.c b/test/ssl/wolfssl/tests/api/test_pkcs12.c new file mode 100644 index 000000000..4dfb3cfbc --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_pkcs12.c @@ -0,0 +1,198 @@ +/* test_pkcs12.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/******************************************************************************* + * PKCS#12 + ******************************************************************************/ + +int test_wc_i2d_PKCS12(void) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && !defined(NO_PWDBASED) && defined(HAVE_PKCS12) \ + && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ + && !defined(NO_AES) && !defined(NO_SHA) && !defined(NO_SHA256) + WC_PKCS12* pkcs12 = NULL; + unsigned char der[FOURK_BUF * 2]; + unsigned char* pt; + int derSz = 0; + unsigned char out[FOURK_BUF * 2]; + int outSz = FOURK_BUF * 2; + const char p12_f[] = "./certs/test-servercert.p12"; + XFILE f = XBADFILE; + + ExpectTrue((f = XFOPEN(p12_f, "rb")) != XBADFILE); + ExpectIntGT(derSz = (int)XFREAD(der, 1, sizeof(der), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + + ExpectNotNull(pkcs12 = wc_PKCS12_new()); + ExpectIntEQ(wc_d2i_PKCS12(der, (word32)derSz, pkcs12), 0); + ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + ExpectIntEQ(outSz, derSz); + + outSz = derSz - 1; + pt = out; + ExpectIntLE(wc_i2d_PKCS12(pkcs12, &pt, &outSz), 0); + + outSz = derSz; + ExpectIntEQ(wc_i2d_PKCS12(pkcs12, &pt, &outSz), derSz); + ExpectIntEQ((pt == out), 0); + + pt = NULL; + ExpectIntEQ(wc_i2d_PKCS12(pkcs12, &pt, NULL), derSz); + XFREE(pt, NULL, DYNAMIC_TYPE_PKCS); + wc_PKCS12_free(pkcs12); + pkcs12 = NULL; + + /* Run the same test but use wc_d2i_PKCS12_fp. */ + ExpectNotNull(pkcs12 = wc_PKCS12_new()); + ExpectIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0); + ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + ExpectIntEQ(outSz, derSz); + wc_PKCS12_free(pkcs12); + pkcs12 = NULL; + + /* wc_d2i_PKCS12_fp can also allocate the PKCS12 object for the caller. */ + ExpectIntEQ(wc_d2i_PKCS12_fp("./certs/test-servercert.p12", &pkcs12), 0); + ExpectIntEQ(wc_i2d_PKCS12(pkcs12, NULL, &outSz), WC_NO_ERR_TRACE(LENGTH_ONLY_E)); + ExpectIntEQ(outSz, derSz); + wc_PKCS12_free(pkcs12); + pkcs12 = NULL; +#endif + return EXPECT_RESULT(); +} + +static int test_wc_PKCS12_create_once(int keyEncType, int certEncType) +{ + EXPECT_DECLS; +#if !defined(NO_ASN) && defined(HAVE_PKCS12) && !defined(NO_PWDBASED) && \ + !defined(NO_RSA) && !defined(NO_ASN_CRYPT) && \ + !defined(NO_HMAC) && !defined(NO_CERTS) && defined(USE_CERT_BUFFERS_2048) + + byte* inKey = (byte*) server_key_der_2048; + const word32 inKeySz= sizeof_server_key_der_2048; + byte* inCert = (byte*) server_cert_der_2048; + const word32 inCertSz = sizeof_server_cert_der_2048; + WC_DerCertList inCa = { + (byte*)ca_cert_der_2048, sizeof_ca_cert_der_2048, NULL + }; + char pkcs12Passwd[] = "test_wc_PKCS12_create"; + + WC_PKCS12* pkcs12Export = NULL; + WC_PKCS12* pkcs12Import = NULL; + byte* pkcs12Der = NULL; + byte* outKey = NULL; + byte* outCert = NULL; + WC_DerCertList* outCaList = NULL; + word32 pkcs12DerSz = 0; + word32 outKeySz = 0; + word32 outCertSz = 0; + + ExpectNotNull(pkcs12Export = wc_PKCS12_create(pkcs12Passwd, + sizeof(pkcs12Passwd) - 1, + (char*) "friendlyName" /* not used currently */, + inKey, inKeySz, inCert, inCertSz, &inCa, keyEncType, certEncType, + 2048, 2048, 0 /* not used currently */, NULL)); + pkcs12Der = NULL; + ExpectIntGE((pkcs12DerSz = wc_i2d_PKCS12(pkcs12Export, &pkcs12Der, NULL)), + 0); + + ExpectNotNull(pkcs12Import = wc_PKCS12_new_ex(NULL)); + ExpectIntGE(wc_d2i_PKCS12(pkcs12Der, pkcs12DerSz, pkcs12Import), 0); + ExpectIntEQ(wc_PKCS12_parse(pkcs12Import, pkcs12Passwd, &outKey, &outKeySz, + &outCert, &outCertSz, &outCaList), 0); + + ExpectIntEQ(outKeySz, inKeySz); + ExpectIntEQ(outCertSz, inCertSz); + ExpectNotNull(outCaList); + ExpectNotNull(outCaList->buffer); + ExpectIntEQ(outCaList->bufferSz, inCa.bufferSz); + ExpectNull(outCaList->next); + + ExpectIntEQ(XMEMCMP(inKey, outKey, outKeySz), 0); + ExpectIntEQ(XMEMCMP(inCert, outCert, outCertSz), 0); + ExpectIntEQ(XMEMCMP(inCa.buffer, outCaList->buffer, outCaList->bufferSz), + 0); + + XFREE(outKey, NULL, DYNAMIC_TYPE_PUBLIC_KEY); + XFREE(outCert, NULL, DYNAMIC_TYPE_PKCS); + wc_FreeCertList(outCaList, NULL); + wc_PKCS12_free(pkcs12Import); + XFREE(pkcs12Der, NULL, DYNAMIC_TYPE_PKCS); + wc_PKCS12_free(pkcs12Export); +#endif + (void) keyEncType; + (void) certEncType; + + return EXPECT_RESULT(); +} + +int test_wc_PKCS12_create(void) +{ + EXPECT_DECLS; + +#ifndef NO_SHA256 + EXPECT_TEST(test_wc_PKCS12_create_once(-1, -1)); +#if !defined(NO_RC4) && !defined(NO_SHA) + EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_RC4_128, PBE_SHA1_RC4_128)); +#endif +#if !defined(NO_DES3) && !defined(NO_SHA) + EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_DES, PBE_SHA1_DES)); +#endif +#if !defined(NO_DES3) && !defined(NO_SHA) + EXPECT_TEST(test_wc_PKCS12_create_once(PBE_SHA1_DES3, PBE_SHA1_DES3)); +#endif +#if defined(HAVE_AES_CBC) && !defined(NO_AES) && !defined(NO_AES_256) && \ + !defined(NO_SHA) && defined(WOLFSSL_ASN_TEMPLATE) + /* Encoding certificate with PBE_AES256_CBC needs WOLFSSL_ASN_TEMPLATE */ + EXPECT_TEST(test_wc_PKCS12_create_once(PBE_AES256_CBC, PBE_AES256_CBC)); +#endif +#if defined(HAVE_AES_CBC) && !defined(NO_AES) && !defined(NO_AES_128) && \ + !defined(NO_SHA) && defined(WOLFSSL_ASN_TEMPLATE) + /* Encoding certificate with PBE_AES128_CBC needs WOLFSSL_ASN_TEMPLATE */ + EXPECT_TEST(test_wc_PKCS12_create_once(PBE_AES128_CBC, PBE_AES128_CBC)); +#endif +/* Testing a mixture of 2 algorithms */ +#if defined(HAVE_AES_CBC) && !defined(NO_AES) && !defined(NO_AES_256) && \ + !defined(NO_SHA) && defined(WOLFSSL_ASN_TEMPLATE) && !defined(NO_DES3) + EXPECT_TEST(test_wc_PKCS12_create_once(PBE_AES256_CBC, PBE_SHA1_DES3)); +#endif +#endif + + (void) test_wc_PKCS12_create_once; + + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_pkcs12.h b/test/ssl/wolfssl/tests/api/test_pkcs12.h new file mode 100644 index 000000000..45823f0ed --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_pkcs12.h @@ -0,0 +1,34 @@ +/* test_pkcs12.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_PKCS12_H +#define WOLFCRYPT_TEST_PKCS12_H + +#include + +int test_wc_i2d_PKCS12(void); +int test_wc_PKCS12_create(void); + +#define TEST_PKCS12_DECLS \ + TEST_DECL_GROUP("pkcs12", test_wc_i2d_PKCS12), \ + TEST_DECL_GROUP("pkcs12", test_wc_PKCS12_create) + +#endif /* WOLFCRYPT_TEST_PKCS12_H */ diff --git a/test/ssl/wolfssl/tests/api/test_pkcs7.c b/test/ssl/wolfssl/tests/api/test_pkcs7.c new file mode 100644 index 000000000..6c5706f9d --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_pkcs7.c @@ -0,0 +1,4386 @@ +/* test_pkcs7.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#ifdef HAVE_LIBZ + #include +#endif +#include +#include +#include + +/******************************************************************************* + * PKCS#7 + ******************************************************************************/ + +#if defined(HAVE_PKCS7) + typedef struct { + const byte* content; + word32 contentSz; + int contentOID; + int encryptOID; + int keyWrapOID; + int keyAgreeOID; + byte* cert; + size_t certSz; + byte* privateKey; + word32 privateKeySz; + } pkcs7EnvelopedVector; + + #ifndef NO_PKCS7_ENCRYPTED_DATA + typedef struct { + const byte* content; + word32 contentSz; + int contentOID; + int encryptOID; + byte* encryptionKey; + word32 encryptionKeySz; + } pkcs7EncryptedVector; + #endif +#endif /* HAVE_PKCS7 */ + +/* + * Testing wc_PKCS7_New() + */ +int test_wc_PKCS7_New(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) + PKCS7* pkcs7 = NULL; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, testDevId)); + wc_PKCS7_Free(pkcs7); +#endif + return EXPECT_RESULT(); +} /* END test-wc_PKCS7_New */ + +/* + * Testing wc_PKCS7_Init() + */ +int test_wc_PKCS7_Init(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) + PKCS7* pkcs7 = NULL; + void* heap = NULL; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId)); + + ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0); + /* Pass in bad args. */ + ExpectIntEQ(wc_PKCS7_Init(NULL, heap, testDevId), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_PKCS7_Free(pkcs7); +#endif + return EXPECT_RESULT(); +} /* END test-wc_PKCS7_Init */ + + +/* + * Testing wc_PKCS7_InitWithCert() + */ +int test_wc_PKCS7_InitWithCert(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) + PKCS7* pkcs7 = NULL; + +#ifndef NO_RSA + #if defined(USE_CERT_BUFFERS_2048) + unsigned char cert[sizeof(client_cert_der_2048)]; + int certSz = (int)sizeof(cert); + + XMEMSET(cert, 0, certSz); + XMEMCPY(cert, client_cert_der_2048, sizeof(client_cert_der_2048)); + #elif defined(USE_CERT_BUFFERS_1024) + unsigned char cert[sizeof(client_cert_der_1024)]; + int certSz = (int)sizeof(cert); + + XMEMSET(cert, 0, certSz); + XMEMCPY(cert, client_cert_der_1024, sizeof_client_cert_der_1024); + #else + unsigned char cert[ONEK_BUF]; + XFILE fp = XBADFILE; + int certSz; + + ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, + fp), 0); + if (fp != XBADFILE) + XFCLOSE(fp); + #endif +#elif defined(HAVE_ECC) + #if defined(USE_CERT_BUFFERS_256) + unsigned char cert[sizeof(cliecc_cert_der_256)]; + int certSz = (int)sizeof(cert); + + XMEMSET(cert, 0, certSz); + XMEMCPY(cert, cliecc_cert_der_256, sizeof(cliecc_cert_der_256)); + #else + unsigned char cert[ONEK_BUF]; + XFILE fp = XBADFILE; + int certSz; + + ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof(cliecc_cert_der_256), + fp), 0); + if (fp != XBADFILE) + XFCLOSE(fp); + #endif +#else + #error PKCS7 requires ECC or RSA +#endif + +#ifdef HAVE_ECC + { + /* bad test case from ZD 11011, malformed cert gives bad ECC key */ + static unsigned char certWithInvalidEccKey[] = { + 0x30, 0x82, 0x03, 0x5F, 0x30, 0x82, 0x03, 0x04, 0xA0, 0x03, 0x02, 0x01, + 0x02, 0x02, 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, + 0x42, 0x83, 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x31, 0xAA, 0x2C, 0x30, + 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, 0x30, + 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, + 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, + 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, + 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, + 0x1E, 0x17, 0x0D, 0x32, 0x30, 0x30, 0x36, 0x31, 0x39, 0x31, 0x33, 0x32, + 0x33, 0x34, 0x31, 0x5A, 0x17, 0x0D, 0x32, 0x33, 0x30, 0x33, 0x31, 0x36, + 0x31, 0x33, 0x32, 0x33, 0x34, 0x31, 0x5A, 0x30, 0x81, 0x8D, 0x31, 0x0B, + 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, + 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0C, 0x06, 0x4F, 0x72, + 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, 0x06, 0x03, 0x55, 0x04, + 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, 0x31, 0x13, 0x30, 0x11, + 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, 0x6C, 0x69, 0x65, 0x6E, + 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, 0x0B, 0x06, 0x03, 0x55, + 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, 0x31, 0x18, 0x30, 0x26, + 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x31, 0x1F, + 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, + 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, 0x77, 0x6F, 0x6C, 0x66, + 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x30, 0x59, 0x30, 0x13, 0x06, + 0x07, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, + 0x48, 0xCE, 0x3D, 0x03, 0x01, 0x07, 0x03, 0x02, 0x00, 0x04, 0x55, 0xBF, + 0xF4, 0x0F, 0x44, 0x50, 0x9A, 0x3D, 0xCE, 0x9B, 0xB7, 0xF0, 0xC5, 0x4D, + 0xF5, 0x70, 0x7B, 0xD4, 0xEC, 0x24, 0x8E, 0x19, 0x80, 0xEC, 0x5A, 0x4C, + 0xA2, 0x24, 0x03, 0x62, 0x2C, 0x9B, 0xDA, 0xEF, 0xA2, 0x35, 0x12, 0x43, + 0x84, 0x76, 0x16, 0xC6, 0x56, 0x95, 0x06, 0xCC, 0x01, 0xA9, 0xBD, 0xF6, + 0x75, 0x1A, 0x42, 0xF7, 0xBD, 0xA9, 0xB2, 0x36, 0x22, 0x5F, 0xC7, 0x5D, + 0x7F, 0xB4, 0xA3, 0x82, 0x01, 0x3E, 0x30, 0x82, 0x01, 0x3A, 0x30, 0x1D, + 0x06, 0x03, 0x55, 0x1D, 0x0E, 0x04, 0x16, 0x04, 0x14, 0xEB, 0xD4, 0x4B, + 0x59, 0x6B, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41, + 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0x30, 0x81, 0xCD, 0x06, 0x03, 0x55, 0x1D, + 0x23, 0x04, 0x81, 0xC5, 0x30, 0x81, 0xC2, 0x80, 0x14, 0xEB, 0xD4, 0x4B, + 0x59, 0x72, 0x95, 0x61, 0x3F, 0x51, 0x57, 0xB6, 0x04, 0x4D, 0x89, 0x41, + 0x88, 0x44, 0x5C, 0xAB, 0xF2, 0xA1, 0x81, 0x93, 0xA4, 0x81, 0x90, 0x30, + 0x81, 0x8D, 0x31, 0x0B, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, + 0x02, 0x55, 0x53, 0x31, 0x0F, 0x30, 0x0D, 0x06, 0x03, 0x55, 0x08, 0x08, + 0x0C, 0x06, 0x4F, 0x72, 0x65, 0x67, 0x6F, 0x6E, 0x31, 0x0E, 0x30, 0x0C, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x05, 0x53, 0x61, 0x6C, 0x65, 0x6D, + 0x31, 0x13, 0x30, 0x11, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, 0x0A, 0x43, + 0x6C, 0x69, 0x65, 0x6E, 0x74, 0x20, 0x45, 0x43, 0x43, 0x31, 0x0D, 0x30, + 0x0B, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x04, 0x46, 0x61, 0x73, 0x74, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, 0x03, 0x0C, 0x0F, 0x77, + 0x77, 0x77, 0x2E, 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x30, 0x1F, 0x30, 0x1D, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, 0x6F, 0x6D, 0x82, + 0x14, 0x61, 0xB3, 0x1E, 0x59, 0xF3, 0x68, 0x6C, 0xA4, 0x79, 0x42, 0x83, + 0x2F, 0x1A, 0x50, 0x71, 0x03, 0xBE, 0x32, 0xAA, 0x2C, 0x30, 0x0C, 0x06, + 0x03, 0x55, 0x1D, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, 0x01, 0xFF, 0x30, + 0x1C, 0x06, 0x03, 0x55, 0x1D, 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0B, + 0x65, 0x78, 0x61, 0x6D, 0x70, 0x6C, 0x65, 0x2E, 0x63, 0x6F, 0x6D, 0x87, + 0x04, 0x23, 0x00, 0x00, 0x01, 0x30, 0x1D, 0x06, 0x03, 0x55, 0x1D, 0x25, + 0x04, 0x16, 0x30, 0x14, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, + 0x03, 0x01, 0x06, 0x08, 0x2B, 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, + 0x30, 0x0A, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x04, 0x03, 0x02, + 0x03, 0x49, 0x00, 0x30, 0x46, 0x02, 0x21, 0x00, 0xE4, 0xA0, 0x23, 0x26, + 0x2B, 0x0B, 0x42, 0x0F, 0x97, 0x37, 0x6D, 0xCB, 0x14, 0x23, 0xC3, 0xC3, + 0xE6, 0x44, 0xCF, 0x5F, 0x4C, 0x26, 0xA3, 0x72, 0x64, 0x7A, 0x9C, 0xCB, + 0x64, 0xAB, 0xA6, 0xBE, 0x02, 0x21, 0x00, 0xAA, 0xC5, 0xA3, 0x50, 0xF6, + 0xF1, 0xA5, 0xDB, 0x05, 0xE0, 0x75, 0xD2, 0xF7, 0xBA, 0x49, 0x5F, 0x8F, + 0x7D, 0x1C, 0x44, 0xB1, 0x6E, 0xDF, 0xC8, 0xDA, 0x10, 0x48, 0x2D, 0x53, + 0x08, 0xA8, 0xB4 + }; +#endif + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + /* If initialization is not successful, it's free'd in init func. */ + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), + 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + /* Valid initialization usage. */ + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + + /* Pass in bad args. No need free for null checks, free at end.*/ + ExpectIntEQ(wc_PKCS7_InitWithCert(NULL, (byte*)cert, (word32)certSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, (word32)certSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#ifdef HAVE_ECC + ExpectIntLT(wc_PKCS7_InitWithCert(pkcs7, certWithInvalidEccKey, + sizeof(certWithInvalidEccKey)), 0); + } +#endif + + wc_PKCS7_Free(pkcs7); +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_InitWithCert */ + + +/* + * Testing wc_PKCS7_EncodeData() + */ +int test_wc_PKCS7_EncodeData(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) + PKCS7* pkcs7 = NULL; + byte output[FOURK_BUF]; + byte data[] = "My encoded DER cert."; + +#ifndef NO_RSA + #if defined(USE_CERT_BUFFERS_2048) + unsigned char cert[sizeof(client_cert_der_2048)]; + unsigned char key[sizeof(client_key_der_2048)]; + int certSz = (int)sizeof(cert); + int keySz = (int)sizeof(key); + + XMEMSET(cert, 0, certSz); + XMEMSET(key, 0, keySz); + XMEMCPY(cert, client_cert_der_2048, certSz); + XMEMCPY(key, client_key_der_2048, keySz); + #elif defined(USE_CERT_BUFFERS_1024) + unsigned char cert[sizeof(sizeof_client_cert_der_1024)]; + unsigned char key[sizeof_client_key_der_1024]; + int certSz = (int)sizeof(cert); + int keySz = (int)sizeof(key); + + XMEMSET(cert, 0, certSz); + XMEMSET(key, 0, keySz); + XMEMCPY(cert, client_cert_der_1024, certSz); + XMEMCPY(key, client_key_der_1024, keySz); + #else + unsigned char cert[ONEK_BUF]; + unsigned char key[ONEK_BUF]; + XFILE fp = XBADFILE; + int certSz; + int keySz; + + ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, + fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) != + XBADFILE); + ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp), + 0); + if (fp != XBADFILE) + XFCLOSE(fp); + #endif +#elif defined(HAVE_ECC) + #if defined(USE_CERT_BUFFERS_256) + unsigned char cert[sizeof(cliecc_cert_der_256)]; + unsigned char key[sizeof(ecc_clikey_der_256)]; + int certSz = (int)sizeof(cert); + int keySz = (int)sizeof(key); + XMEMSET(cert, 0, certSz); + XMEMSET(key, 0, keySz); + XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); + XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); + #else + unsigned char cert[ONEK_BUF]; + unsigned char key[ONEK_BUF]; + XFILE fp = XBADFILE; + int certSz, keySz; + + ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, + fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) != + XBADFILE); + ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp), + 0); + if (fp != XBADFILE) + XFCLOSE(fp); + #endif +#endif + + XMEMSET(output, 0, sizeof(output)); + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)cert, (word32)certSz), 0); + + if (pkcs7 != NULL) { + pkcs7->content = data; + pkcs7->contentSz = sizeof(data); + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)keySz; + } + ExpectIntGT(wc_PKCS7_EncodeData(pkcs7, output, (word32)sizeof(output)), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_PKCS7_EncodeData(NULL, output, (word32)sizeof(output)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, NULL, (word32)sizeof(output)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_EncodeData(pkcs7, output, 5), WC_NO_ERR_TRACE(BUFFER_E)); + + wc_PKCS7_Free(pkcs7); +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_EncodeData */ + + +#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \ + !defined(NO_RSA) && !defined(NO_SHA256) +/* RSA sign raw digest callback */ +static int rsaSignRawDigestCb(PKCS7* pkcs7, byte* digest, word32 digestSz, + byte* out, word32 outSz, byte* privateKey, + word32 privateKeySz, int devid, int hashOID) +{ + /* specific DigestInfo ASN.1 encoding prefix for a SHA2565 digest */ + byte digInfoEncoding[] = { + 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, + 0x00, 0x04, 0x20 + }; + + int ret; + byte digestInfo[ONEK_BUF]; + byte sig[FOURK_BUF]; + word32 digestInfoSz = 0; + word32 idx = 0; + RsaKey rsa; + + /* SHA-256 required only for this example callback due to above + * digInfoEncoding[] */ + if (pkcs7 == NULL || digest == NULL || out == NULL || + (sizeof(digestInfo) < sizeof(digInfoEncoding) + digestSz) || + (hashOID != SHA256h)) { + return -1; + } + + /* build DigestInfo */ + XMEMCPY(digestInfo, digInfoEncoding, sizeof(digInfoEncoding)); + digestInfoSz += sizeof(digInfoEncoding); + XMEMCPY(digestInfo + digestInfoSz, digest, digestSz); + digestInfoSz += digestSz; + + /* set up RSA key */ + ret = wc_InitRsaKey_ex(&rsa, pkcs7->heap, devid); + if (ret != 0) { + return ret; + } + + ret = wc_RsaPrivateKeyDecode(privateKey, &idx, &rsa, privateKeySz); + + /* sign DigestInfo */ + if (ret == 0) { + ret = wc_RsaSSL_Sign(digestInfo, digestInfoSz, sig, sizeof(sig), + &rsa, pkcs7->rng); + if (ret > 0) { + if (ret > (int)outSz) { + /* output buffer too small */ + ret = -1; + } + else { + /* success, ret holds sig size */ + XMEMCPY(out, sig, ret); + } + } + } + + wc_FreeRsaKey(&rsa); + + return ret; +} +#endif + +#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER) +typedef struct encodeSignedDataStream { + byte out[FOURK_BUF*3]; + int idx; + word32 outIdx; + word32 chunkSz; /* max amount of data to be returned */ +} encodeSignedDataStream; + + +/* content is 8k of partially created bundle */ +static int GetContentCB(PKCS7* pkcs7, byte** content, void* ctx) +{ + int ret = 0; + encodeSignedDataStream* strm = (encodeSignedDataStream*)ctx; + + if (strm->outIdx < pkcs7->contentSz) { + ret = (pkcs7->contentSz > strm->outIdx + strm->chunkSz)? + strm->chunkSz : pkcs7->contentSz - strm->outIdx; + *content = strm->out + strm->outIdx; + strm->outIdx += ret; + } + + (void)pkcs7; + return ret; +} + +static int StreamOutputCB(PKCS7* pkcs7, const byte* output, word32 outputSz, + void* ctx) +{ + encodeSignedDataStream* strm = (encodeSignedDataStream*)ctx; + + XMEMCPY(strm->out + strm->idx, output, outputSz); + strm->idx += outputSz; + (void)pkcs7; + return 0; +} +#endif + + +/* + * Testing wc_PKCS7_EncodeSignedData() + */ +int test_wc_PKCS7_EncodeSignedData(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) + PKCS7* pkcs7 = NULL; + WC_RNG rng; + byte output[FOURK_BUF]; + byte badOut[1]; + word32 outputSz = (word32)sizeof(output); + word32 badOutSz = 0; + byte data[] = "Test data to encode."; +#ifndef NO_RSA + int encryptOid = RSAk; + #if defined(USE_CERT_BUFFERS_2048) + byte key[sizeof(client_key_der_2048)]; + byte cert[sizeof(client_cert_der_2048)]; + word32 keySz = (word32)sizeof(key); + word32 certSz = (word32)sizeof(cert); + XMEMSET(key, 0, keySz); + XMEMSET(cert, 0, certSz); + XMEMCPY(key, client_key_der_2048, keySz); + XMEMCPY(cert, client_cert_der_2048, certSz); + #elif defined(USE_CERT_BUFFERS_1024) + byte key[sizeof_client_key_der_1024]; + byte cert[sizeof(sizeof_client_cert_der_1024)]; + word32 keySz = (word32)sizeof(key); + word32 certSz = (word32)sizeof(cert); + XMEMSET(key, 0, keySz); + XMEMSET(cert, 0, certSz); + XMEMCPY(key, client_key_der_1024, keySz); + XMEMCPY(cert, client_cert_der_1024, certSz); + #else + unsigned char cert[ONEK_BUF]; + unsigned char key[ONEK_BUF]; + XFILE fp = XBADFILE; + int certSz; + int keySz; + + ExpectTrue((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, + fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) != + XBADFILE); + ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp), + 0); + if (fp != XBADFILE) + XFCLOSE(fp); + #endif +#elif defined(HAVE_ECC) + int encryptOid = ECDSAk; + #if defined(USE_CERT_BUFFERS_256) + unsigned char cert[sizeof(cliecc_cert_der_256)]; + unsigned char key[sizeof(ecc_clikey_der_256)]; + int certSz = (int)sizeof(cert); + int keySz = (int)sizeof(key); + XMEMSET(cert, 0, certSz); + XMEMSET(key, 0, keySz); + XMEMCPY(cert, cliecc_cert_der_256, certSz); + XMEMCPY(key, ecc_clikey_der_256, keySz); + #else + unsigned char cert[ONEK_BUF]; + unsigned char key[ONEK_BUF]; + XFILE fp = XBADFILE; + int certSz; + int keySz; + + ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(certSz = (int)XFREAD(cert, 1, ONEK_BUF, fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) != + XBADFILE); + ExpectIntGT(keySz = (int)XFREAD(key, 1, ONEK_BUF, fp), 0); + if (fp != XBADFILE) + XFCLOSE(fp); + #endif +#endif + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + XMEMSET(output, 0, outputSz); + ExpectIntEQ(wc_InitRng(&rng), 0); + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + + if (pkcs7 != NULL) { + pkcs7->content = data; + pkcs7->contentSz = (word32)sizeof(data); + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)sizeof(key); + pkcs7->encryptOID = encryptOid; + #ifdef NO_SHA + pkcs7->hashOID = SHA256h; + #else + pkcs7->hashOID = SHAh; + #endif + pkcs7->rng = &rng; + } + + ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); + +#if defined(ASN_BER_TO_DER) && !defined(NO_RSA) + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + /* reinitialize and test setting stream mode */ + { + int signedSz = 0, i; + encodeSignedDataStream strm; + static const int numberOfChunkSizes = 4; + static const word32 chunkSizes[] = { 4080, 4096, 5000, 9999 }; + /* chunkSizes were chosen to test around the default 4096 octet string + * size used in pkcs7.c */ + + XMEMSET(&strm, 0, sizeof(strm)); + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + + if (pkcs7 != NULL) { + pkcs7->content = data; + pkcs7->contentSz = (word32)sizeof(data); + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)sizeof(key); + pkcs7->encryptOID = encryptOid; + #ifdef NO_SHA + pkcs7->hashOID = SHA256h; + #else + pkcs7->hashOID = SHAh; + #endif + pkcs7->rng = &rng; + } + ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 0); + ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL, NULL), 0); + ExpectIntEQ(wc_PKCS7_SetStreamMode(NULL, 1, NULL, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 1); + + ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, output, + outputSz), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + + /* use exact signed buffer size since BER encoded */ + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, + (word32)signedSz), 0); + wc_PKCS7_Free(pkcs7); + + /* now try with using callbacks for IO */ + for (i = 0; i < numberOfChunkSizes; i++) { + strm.idx = 0; + strm.outIdx = 0; + strm.chunkSz = chunkSizes[i]; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + + if (pkcs7 != NULL) { + pkcs7->contentSz = 10000; + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)sizeof(key); + pkcs7->encryptOID = encryptOid; + #ifdef NO_SHA + pkcs7->hashOID = SHA256h; + #else + pkcs7->hashOID = SHAh; + #endif + pkcs7->rng = &rng; + } + ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB, + StreamOutputCB, (void*)&strm), 0); + + ExpectIntGT(signedSz = wc_PKCS7_EncodeSignedData(pkcs7, NULL, 0), + 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + + /* use exact signed buffer size since BER encoded */ + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, strm.out, + (word32)signedSz), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + } + } +#endif +#ifndef NO_PKCS7_STREAM + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + { + word32 z; + int ret; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + + /* test for streaming mode */ + ret = -1; + for (z = 0; z < outputSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + ExpectIntNE(pkcs7->contentSz, 0); + ExpectNotNull(pkcs7->contentDynamic); + } +#endif /* !NO_PKCS7_STREAM */ + + + /* Pass in bad args. */ + ExpectIntEQ(wc_PKCS7_EncodeSignedData(NULL, output, outputSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, NULL, outputSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, badOut, + badOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + if (pkcs7 != NULL) { + pkcs7->hashOID = 0; /* bad hashOID */ + } + ExpectIntEQ(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#if defined(HAVE_PKCS7) && defined(HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK) && \ + !defined(NO_RSA) && !defined(NO_SHA256) + /* test RSA sign raw digest callback, if using RSA and compiled in. + * Example callback assumes SHA-256, so only run test if compiled in. */ + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + + if (pkcs7 != NULL) { + pkcs7->content = data; + pkcs7->contentSz = (word32)sizeof(data); + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)sizeof(key); + pkcs7->encryptOID = RSAk; + pkcs7->hashOID = SHA256h; + pkcs7->rng = &rng; + } + + ExpectIntEQ(wc_PKCS7_SetRsaSignRawDigestCb(pkcs7, rsaSignRawDigestCb), 0); + + ExpectIntGT(wc_PKCS7_EncodeSignedData(pkcs7, output, outputSz), 0); +#endif + + wc_PKCS7_Free(pkcs7); + DoExpectIntEQ(wc_FreeRng(&rng), 0); + +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_EncodeSignedData */ + + +/* + * Testing wc_PKCS7_EncodeSignedData_ex() and wc_PKCS7_VerifySignedData_ex() + */ +int test_wc_PKCS7_EncodeSignedData_ex(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) + int i; + PKCS7* pkcs7 = NULL; + WC_RNG rng; + byte outputHead[FOURK_BUF/2]; + byte outputFoot[FOURK_BUF/2]; + word32 outputHeadSz = (word32)sizeof(outputHead); + word32 outputFootSz = (word32)sizeof(outputFoot); + byte data[FOURK_BUF]; + wc_HashAlg hash; +#ifdef NO_SHA + enum wc_HashType hashType = WC_HASH_TYPE_SHA256; +#else + enum wc_HashType hashType = WC_HASH_TYPE_SHA; +#endif + byte hashBuf[WC_MAX_DIGEST_SIZE]; + word32 hashSz = (word32)wc_HashGetDigestSize(hashType); + +#ifndef NO_RSA + #if defined(USE_CERT_BUFFERS_2048) + byte key[sizeof(client_key_der_2048)]; + byte cert[sizeof(client_cert_der_2048)]; + word32 keySz = (word32)sizeof(key); + word32 certSz = (word32)sizeof(cert); + XMEMSET(key, 0, keySz); + XMEMSET(cert, 0, certSz); + XMEMCPY(key, client_key_der_2048, keySz); + XMEMCPY(cert, client_cert_der_2048, certSz); + #elif defined(USE_CERT_BUFFERS_1024) + byte key[sizeof_client_key_der_1024]; + byte cert[sizeof(sizeof_client_cert_der_1024)]; + word32 keySz = (word32)sizeof(key); + word32 certSz = (word32)sizeof(cert); + XMEMSET(key, 0, keySz); + XMEMSET(cert, 0, certSz); + XMEMCPY(key, client_key_der_1024, keySz); + XMEMCPY(cert, client_cert_der_1024, certSz); + #else + unsigned char cert[ONEK_BUF]; + unsigned char key[ONEK_BUF]; + XFILE fp = XBADFILE; + int certSz; + int keySz; + + ExpectTure((fp = XFOPEN("./certs/1024/client-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_client_cert_der_1024, + fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectTrue((fp = XFOPEN("./certs/1024/client-key.der", "rb")) != + XBADFILE); + ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_client_key_der_1024, fp), + 0); + if (fp != XBADFILE) + XFCLOSE(fp); + #endif +#elif defined(HAVE_ECC) + #if defined(USE_CERT_BUFFERS_256) + unsigned char cert[sizeof(cliecc_cert_der_256)]; + unsigned char key[sizeof(ecc_clikey_der_256)]; + int certSz = (int)sizeof(cert); + int keySz = (int)sizeof(key); + + XMEMSET(cert, 0, certSz); + XMEMSET(key, 0, keySz); + XMEMCPY(cert, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); + XMEMCPY(key, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); + #else + unsigned char cert[ONEK_BUF]; + unsigned char key[ONEK_BUF]; + XFILE fp = XBADFILE; + int certSz; + int keySz; + + ExpectTrue((fp = XFOPEN("./certs/client-ecc-cert.der", "rb")) != + XBADFILE); + ExpectIntGT(certSz = (int)XFREAD(cert, 1, sizeof_cliecc_cert_der_256, + fp), 0); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + + ExpectTrue((fp = XFOPEN("./certs/client-ecc-key.der", "rb")) != + XBADFILE); + ExpectIntGT(keySz = (int)XFREAD(key, 1, sizeof_ecc_clikey_der_256, fp), + 0); + if (fp != XBADFILE) + XFCLOSE(fp); + #endif +#endif + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + /* initialize large data with sequence */ + for (i=0; i<(int)sizeof(data); i++) + data[i] = i & 0xff; + + XMEMSET(outputHead, 0, outputHeadSz); + XMEMSET(outputFoot, 0, outputFootSz); + ExpectIntEQ(wc_InitRng(&rng), 0); + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + + if (pkcs7 != NULL) { + pkcs7->content = NULL; /* not used for ex */ + pkcs7->contentSz = (word32)sizeof(data); + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)sizeof(key); + pkcs7->encryptOID = RSAk; + #ifdef NO_SHA + pkcs7->hashOID = SHA256h; + #else + pkcs7->hashOID = SHAh; + #endif + pkcs7->rng = &rng; + } + + /* calculate hash for content */ + XMEMSET(&hash, 0, sizeof(wc_HashAlg)); + ExpectIntEQ(wc_HashInit(&hash, hashType), 0); + ExpectIntEQ(wc_HashUpdate(&hash, hashType, data, sizeof(data)), 0); + ExpectIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0); + DoExpectIntEQ(wc_HashFree(&hash, hashType), 0); + + /* Perform PKCS7 sign using hash directly */ + ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, + outputHead, &outputHeadSz, outputFoot, &outputFootSz), 0); + ExpectIntGT(outputHeadSz, 0); + ExpectIntGT(outputFootSz, 0); + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + + /* required parameter even on verify when using _ex, if using outputHead + * and outputFoot */ + if (pkcs7 != NULL) { + pkcs7->contentSz = (word32)sizeof(data); + } + ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, + outputHead, outputHeadSz, outputFoot, outputFootSz), 0); + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + /* assembly complete PKCS7 sign and use normal verify */ + { + byte* output = NULL; + word32 outputSz = 0; + #ifndef NO_PKCS7_STREAM + word32 z; + int ret; + #endif /* !NO_PKCS7_STREAM */ + + ExpectNotNull(output = (byte*)XMALLOC( + outputHeadSz + sizeof(data) + outputFootSz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + if (output != NULL) { + XMEMCPY(&output[outputSz], outputHead, outputHeadSz); + outputSz += outputHeadSz; + XMEMCPY(&output[outputSz], data, sizeof(data)); + outputSz += sizeof(data); + XMEMCPY(&output[outputSz], outputFoot, outputFootSz); + outputSz += outputFootSz; + } + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); + + #ifndef NO_PKCS7_STREAM + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + + /* test for streaming mode */ + ret = -1; + for (z = 0; z < outputSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + ExpectIntNE(pkcs7->contentSz, 0); + ExpectNotNull(pkcs7->contentDynamic); + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + #endif /* !NO_PKCS7_STREAM */ + + XFREE(output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + + /* Pass in bad args. */ + ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(NULL, hashBuf, hashSz, outputHead, + &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, NULL, hashSz, outputHead, + &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, 0, outputHead, + &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, NULL, + &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, + outputHead, NULL, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, + outputHead, &outputHeadSz, NULL, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, + outputHead, &outputHeadSz, outputFoot, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + if (pkcs7 != NULL) { + pkcs7->hashOID = 0; /* bad hashOID */ + } + ExpectIntEQ(wc_PKCS7_EncodeSignedData_ex(pkcs7, hashBuf, hashSz, + outputHead, &outputHeadSz, outputFoot, &outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(NULL, hashBuf, hashSz, outputHead, + outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, NULL, hashSz, outputHead, + outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_PKCS7_STREAM + ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead, + outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); +#else + ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, 0, outputHead, + outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BUFFER_E)); +#endif + ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, NULL, + outputHeadSz, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_PKCS7_STREAM + /* can pass in 0 buffer length with streaming API */ + ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, + outputHead, 0, outputFoot, outputFootSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); +#else + ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, + outputHead, 0, outputFoot, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, + outputHead, outputHeadSz, NULL, outputFootSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_PKCS7_STREAM + ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, + outputHead, outputHeadSz, outputFoot, 0), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); +#else + ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, + outputHead, outputHeadSz, outputFoot, 0), WC_NO_ERR_TRACE(BUFFER_E)); +#endif + + wc_PKCS7_Free(pkcs7); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_EncodeSignedData_ex */ + + +#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) + +/** + * Loads certs/keys from files or buffers into the argument buffers, + * helper function called by CreatePKCS7SignedData(). + * + * Returns 0 on success, negative on error. + */ +static int LoadPKCS7SignedDataCerts( + int useIntermediateCertChain, int pkAlgoType, + byte* intCARoot, word32* intCARootSz, + byte* intCA1, word32* intCA1Sz, + byte* intCA2, word32* intCA2Sz, + byte* cert, word32* certSz, + byte* key, word32* keySz) +{ + EXPECT_DECLS; + int ret = 0; + XFILE fp = XBADFILE; + +#ifndef NO_RSA + const char* intCARootRSA = "./certs/ca-cert.der"; + const char* intCA1RSA = "./certs/intermediate/ca-int-cert.der"; + const char* intCA2RSA = "./certs/intermediate/ca-int2-cert.der"; + const char* intServCertRSA = "./certs/intermediate/server-int-cert.der"; + const char* intServKeyRSA = "./certs/server-key.der"; + + #if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_1024) + const char* cli1024Cert = "./certs/1024/client-cert.der"; + const char* cli1024Key = "./certs/1024/client-key.der"; + #endif +#endif +#ifdef HAVE_ECC + const char* intCARootECC = "./certs/ca-ecc-cert.der"; + const char* intCA1ECC = "./certs/intermediate/ca-int-ecc-cert.der"; + const char* intCA2ECC = "./certs/intermediate/ca-int2-ecc-cert.der"; + const char* intServCertECC = "./certs/intermediate/server-int-ecc-cert.der"; + const char* intServKeyECC = "./certs/ecc-key.der"; + + #ifndef USE_CERT_BUFFERS_256 + const char* cliEccCert = "./certs/client-ecc-cert.der"; + const char* cliEccKey = "./certs/client-ecc-key.der"; + #endif +#endif + + if (cert == NULL || certSz == NULL || key == NULL || keySz == NULL || + ((useIntermediateCertChain == 1) && + (intCARoot == NULL || intCARootSz == NULL || intCA1 == NULL || + intCA1Sz == NULL || intCA2 == NULL || intCA2Sz == NULL))) { + return BAD_FUNC_ARG; + } + + /* Read/load certs and keys to use for signing based on PK type and chain */ + switch (pkAlgoType) { +#ifndef NO_RSA + case RSA_TYPE: + if (useIntermediateCertChain == 1) { + ExpectTrue((fp = XFOPEN(intCARootRSA, "rb")) != XBADFILE); + *intCARootSz = (word32)XFREAD(intCARoot, 1, *intCARootSz, fp); + if (fp != XBADFILE) { + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(*intCARootSz, 0); + + ExpectTrue((fp = XFOPEN(intCA1RSA, "rb")) != XBADFILE); + if (fp != XBADFILE) { + *intCA1Sz = (word32)XFREAD(intCA1, 1, *intCA1Sz, fp); + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(*intCA1Sz, 0); + + ExpectTrue((fp = XFOPEN(intCA2RSA, "rb")) != XBADFILE); + if (fp != XBADFILE) { + *intCA2Sz = (word32)XFREAD(intCA2, 1, *intCA2Sz, fp); + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(*intCA2Sz, 0); + + ExpectTrue((fp = XFOPEN(intServCertRSA, "rb")) != XBADFILE); + if (fp != XBADFILE) { + *certSz = (word32)XFREAD(cert, 1, *certSz, fp); + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(*certSz, 0); + + ExpectTrue((fp = XFOPEN(intServKeyRSA, "rb")) != XBADFILE); + if (fp != XBADFILE) { + *keySz = (word32)XFREAD(key, 1, *keySz, fp); + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(*keySz, 0); + } + else { + #if defined(USE_CERT_BUFFERS_2048) + *keySz = sizeof_client_key_der_2048; + *certSz = sizeof_client_cert_der_2048; + XMEMCPY(key, client_key_der_2048, *keySz); + XMEMCPY(cert, client_cert_der_2048, *certSz); + #elif defined(USE_CERT_BUFFERS_1024) + *keySz = sizeof_client_key_der_1024; + *certSz = sizeof_client_cert_der_1024; + XMEMCPY(key, client_key_der_1024, *keySz); + XMEMCPY(cert, client_cert_der_1024, *certSz); + #else + ExpectTrue((fp = XFOPEN(cli1024Key, "rb")) != XBADFILE); + if (fp != XBADFILE) { + *keySz = (word32)XFREAD(key, 1, *keySz, fp); + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(*keySz, 0); + + ExpectTrue((fp = XFOPEN(cli1024Cert, "rb")) != XBADFILE); + if (fp != XBADFILE) { + *certSz = (word32)XFREAD(cert, 1, *certSz, fp); + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(*certSz, 0); + #endif /* USE_CERT_BUFFERS_2048 */ + } + break; +#endif /* !NO_RSA */ +#ifdef HAVE_ECC + case ECC_TYPE: + if (useIntermediateCertChain == 1) { + ExpectTrue((fp = XFOPEN(intCARootECC, "rb")) != XBADFILE); + if (fp != XBADFILE) { + *intCARootSz = (word32)XFREAD(intCARoot, 1, *intCARootSz, + fp); + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(*intCARootSz, 0); + + ExpectTrue((fp = XFOPEN(intCA1ECC, "rb")) != XBADFILE); + if (fp != XBADFILE) { + *intCA1Sz = (word32)XFREAD(intCA1, 1, *intCA1Sz, fp); + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(*intCA1Sz, 0); + + ExpectTrue((fp = XFOPEN(intCA2ECC, "rb")) != XBADFILE); + if (fp != XBADFILE) { + *intCA2Sz = (word32)XFREAD(intCA2, 1, *intCA2Sz, fp); + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(*intCA2Sz, 0); + + ExpectTrue((fp = XFOPEN(intServCertECC, "rb")) != XBADFILE); + if (fp != XBADFILE) { + *certSz = (word32)XFREAD(cert, 1, *certSz, fp); + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(*certSz, 0); + + ExpectTrue((fp = XFOPEN(intServKeyECC, "rb")) != XBADFILE); + if (fp != XBADFILE) { + *keySz = (word32)XFREAD(key, 1, *keySz, fp); + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(*keySz, 0); + } + else { + #if defined(USE_CERT_BUFFERS_256) + *keySz = sizeof_ecc_clikey_der_256; + *certSz = sizeof_cliecc_cert_der_256; + XMEMCPY(key, ecc_clikey_der_256, *keySz); + XMEMCPY(cert, cliecc_cert_der_256, *certSz); + #else + ExpectTrue((fp = XFOPEN(cliEccKey, "rb")) != XBADFILE); + if (fp != XBADFILE) { + *keySz = (word32)XFREAD(key, 1, *keySz, fp); + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(*keySz, 0); + + ExpectTrue((fp = XFOPEN(cliEccCert, "rb")) != XBADFILE); + if (fp != XBADFILE) { + *certSz = (word32)XFREAD(cert, 1, *certSz, fp); + XFCLOSE(fp); + fp = XBADFILE; + } + ExpectIntGT(*certSz, 0); + #endif /* USE_CERT_BUFFERS_256 */ + } + break; +#endif /* HAVE_ECC */ + default: + WOLFSSL_MSG("Unsupported SignedData PK type"); + ret = BAD_FUNC_ARG; + break; + } + + if (EXPECT_FAIL() && (ret == 0)) { + ret = BAD_FUNC_ARG; + } + return ret; +} + +/** + * Creates a PKCS7/CMS SignedData bundle to use for testing. + * + * output output buffer to place SignedData + * outputSz size of output buffer + * data data buffer to be signed + * dataSz size of data buffer + * withAttribs [1/0] include attributes in SignedData message + * detachedSig [1/0] create detached signature, no content + * useIntCertChain [1/0] use certificate chain and include intermediate and + * root CAs in bundle + * pkAlgoType RSA_TYPE or ECC_TYPE, choose what key/cert type to use + * + * Return size of bundle created on success, negative on error */ +int CreatePKCS7SignedData(unsigned char* output, int outputSz, + byte* data, word32 dataSz, + int withAttribs, int detachedSig, + int useIntermediateCertChain, + int pkAlgoType) +{ + EXPECT_DECLS; + int ret = 0; + WC_RNG rng; + PKCS7* pkcs7 = NULL; + + static byte messageTypeOid[] = + { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, + 0x09, 0x02 }; + static byte messageType[] = { 0x13, 2, '1', '9' }; + + PKCS7Attrib attribs[] = + { + { messageTypeOid, sizeof(messageTypeOid), messageType, + sizeof(messageType) } + }; + + byte intCARoot[TWOK_BUF]; + byte intCA1[TWOK_BUF]; + byte intCA2[TWOK_BUF]; + byte cert[TWOK_BUF]; + byte key[TWOK_BUF]; + + word32 intCARootSz = sizeof(intCARoot); + word32 intCA1Sz = sizeof(intCA1); + word32 intCA2Sz = sizeof(intCA2); + word32 certSz = sizeof(cert); + word32 keySz = sizeof(key); + + XMEMSET(intCARoot, 0, intCARootSz); + XMEMSET(intCA1, 0, intCA1Sz); + XMEMSET(intCA2, 0, intCA2Sz); + XMEMSET(cert, 0, certSz); + XMEMSET(key, 0, keySz); + + ret = LoadPKCS7SignedDataCerts(useIntermediateCertChain, pkAlgoType, + intCARoot, &intCARootSz, intCA1, &intCA1Sz, intCA2, &intCA2Sz, + cert, &certSz, key, &keySz); + ExpectIntEQ(ret, 0); + + XMEMSET(output, 0, outputSz); + ExpectIntEQ(wc_InitRng(&rng), 0); + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, certSz), 0); + + if (useIntermediateCertChain == 1) { + /* Add intermediate and root CA certs into SignedData Certs SET */ + ExpectIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCA2, intCA2Sz), 0); + ExpectIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCA1, intCA1Sz), 0); + ExpectIntEQ(wc_PKCS7_AddCertificate(pkcs7, intCARoot, intCARootSz), 0); + } + + if (pkcs7 != NULL) { + pkcs7->content = data; + pkcs7->contentSz = dataSz; + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)sizeof(key); + if (pkAlgoType == RSA_TYPE) { + pkcs7->encryptOID = RSAk; + } + else { + pkcs7->encryptOID = ECDSAk; + } + #ifdef NO_SHA + pkcs7->hashOID = SHA256h; + #else + pkcs7->hashOID = SHAh; + #endif + pkcs7->rng = &rng; + if (withAttribs) { + /* include a signed attribute */ + pkcs7->signedAttribs = attribs; + pkcs7->signedAttribsSz = (sizeof(attribs)/sizeof(PKCS7Attrib)); + } + } + + if (detachedSig) { + ExpectIntEQ(wc_PKCS7_SetDetached(pkcs7, 1), 0); + } + + outputSz = wc_PKCS7_EncodeSignedData(pkcs7, output, (word32)outputSz); + ExpectIntGT(outputSz, 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + if (detachedSig && (pkcs7 != NULL)) { + pkcs7->content = data; + pkcs7->contentSz = dataSz; + } + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, (word32)outputSz), 0); + + wc_PKCS7_Free(pkcs7); + wc_FreeRng(&rng); + + if (EXPECT_FAIL()) { + outputSz = 0; + } + return outputSz; +} +#endif + +/* + * Testing wc_PKCS_VerifySignedData() + */ +int test_wc_PKCS7_VerifySignedData_RSA(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) + PKCS7* pkcs7 = NULL; + byte output[6000]; /* Large size needed for bundles with int CA certs */ + word32 outputSz = sizeof(output); + byte data[] = "Test data to encode."; + byte badOut[1]; + word32 badOutSz = 0; + byte badContent[] = "This is different content than was signed"; + wc_HashAlg hash; +#ifdef NO_SHA + enum wc_HashType hashType = WC_HASH_TYPE_SHA256; +#else + enum wc_HashType hashType = WC_HASH_TYPE_SHA; +#endif + byte hashBuf[WC_MAX_DIGEST_SIZE]; + word32 hashSz = (word32)wc_HashGetDigestSize(hashType); +#ifndef NO_RSA + PKCS7DecodedAttrib* decodedAttrib = NULL; + /* contentType OID (1.2.840.113549.1.9.3) */ + static const byte contentTypeOid[] = + { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xF7, 0x0d, 0x01, 0x09, 0x03 }; + + /* PKCS#7 DATA content type (contentType defaults to DATA) */ + static const byte dataType[] = + { 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 }; + + /* messageDigest OID (1.2.840.113549.1.9.4) */ + static const byte messageDigestOid[] = + { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x04 }; +#ifndef NO_ASN_TIME + /* signingTime OID () */ + static const byte signingTimeOid[] = + { 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x09, 0x05}; +#endif +#if !defined(NO_ASN) && !defined(NO_ASN_TIME) + int dateLength = 0; + byte dateFormat; + const byte* datePart = NULL; + struct tm timearg; + time_t now; + struct tm* nowTm = NULL; +#ifdef NEED_TMP_TIME + struct tm tmpTimeStorage; + struct tm* tmpTime = &tmpTimeStorage; +#endif +#endif /* !NO_ASN && !NO_ASN_TIME */ +#ifndef NO_PKCS7_STREAM + word32 z; + int ret; +#endif /* !NO_PKCS7_STREAM */ + + XMEMSET(&hash, 0, sizeof(wc_HashAlg)); + + /* Success test with RSA certs/key */ + ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data, + (word32)sizeof(data), 0, 0, 0, RSA_TYPE)), 0); + + /* calculate hash for content, used later */ + ExpectIntEQ(wc_HashInit(&hash, hashType), 0); + ExpectIntEQ(wc_HashUpdate(&hash, hashType, data, sizeof(data)), 0); + ExpectIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0); + DoExpectIntEQ(wc_HashFree(&hash, hashType), 0); + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); + +#ifndef NO_PKCS7_STREAM + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + + /* test for streaming */ + ret = -1; + for (z = 0; z < outputSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + ExpectIntNE(pkcs7->contentSz, 0); + ExpectNotNull(pkcs7->contentDynamic); +#endif /* !NO_PKCS7_STREAM */ + + /* Check that decoded signed attributes are correct */ + + /* messageDigest should be first */ + if (pkcs7 != NULL) { + decodedAttrib = pkcs7->decodedAttrib; + } + ExpectNotNull(decodedAttrib); + ExpectIntEQ(decodedAttrib->oidSz, (word32)sizeof(messageDigestOid)); + ExpectIntEQ(XMEMCMP(decodedAttrib->oid, messageDigestOid, + decodedAttrib->oidSz), 0); + /* + 2 for OCTET STRING and length bytes */ + ExpectIntEQ(decodedAttrib->valueSz, hashSz + 2); + ExpectNotNull(decodedAttrib->value); + ExpectIntEQ(XMEMCMP(decodedAttrib->value + 2, hashBuf, hashSz), 0); + +#ifndef NO_ASN_TIME + /* signingTime should be second */ + if (decodedAttrib != NULL) { + decodedAttrib = decodedAttrib->next; + } + ExpectNotNull(decodedAttrib); + ExpectIntEQ(decodedAttrib->oidSz, (word32)sizeof(signingTimeOid)); + ExpectIntEQ(XMEMCMP(decodedAttrib->oid, signingTimeOid, + decodedAttrib->oidSz), 0); + + ExpectIntGT(decodedAttrib->valueSz, 0); + ExpectNotNull(decodedAttrib->value); +#endif + + /* Verify signingTime if ASN and time are available */ +#if !defined(NO_ASN) && !defined(NO_ASN_TIME) + ExpectIntEQ(wc_GetDateInfo(decodedAttrib->value, decodedAttrib->valueSz, + &datePart, &dateFormat, &dateLength), 0); + ExpectNotNull(datePart); + ExpectIntGT(dateLength, 0); + XMEMSET(&timearg, 0, sizeof(timearg)); + ExpectIntEQ(wc_GetDateAsCalendarTime(datePart, dateLength, dateFormat, + &timearg), 0); + + /* Get current time and compare year/month/day against attribute value */ + ExpectIntEQ(wc_GetTime(&now, sizeof(now)), 0); + nowTm = (struct tm*)XGMTIME((time_t*)&now, tmpTime); + ExpectNotNull(nowTm); + + ExpectIntEQ(timearg.tm_year, nowTm->tm_year); + ExpectIntEQ(timearg.tm_mon, nowTm->tm_mon); + ExpectIntEQ(timearg.tm_mday, nowTm->tm_mday); +#endif /* !NO_ASN && !NO_ASN_TIME */ + + /* contentType should be third */ + if (decodedAttrib != NULL) { + decodedAttrib = decodedAttrib->next; + } + ExpectNotNull(decodedAttrib); + ExpectIntEQ(decodedAttrib->oidSz, (word32)sizeof(contentTypeOid)); + ExpectIntEQ(XMEMCMP(decodedAttrib->oid, contentTypeOid, + decodedAttrib->oidSz), 0); + ExpectIntEQ(decodedAttrib->valueSz, (int)sizeof(dataType) + 2); + ExpectNotNull(decodedAttrib->value); + ExpectIntEQ(XMEMCMP(decodedAttrib->value + 2, dataType, sizeof(dataType)), + 0); +#endif /* !NO_RSA */ + + /* Test bad args. */ + ExpectIntEQ(wc_PKCS7_VerifySignedData(NULL, output, outputSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, NULL, outputSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #ifndef NO_PKCS7_STREAM + /* can pass in 0 buffer length with streaming API */ + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut, + badOutSz), WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + #else + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, badOut, + badOutSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #endif + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + +#ifndef NO_RSA + /* Try RSA certs/key/sig first */ + outputSz = sizeof(output); + XMEMSET(output, 0, outputSz); + ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data, + (word32)sizeof(data), + 1, 1, 0, RSA_TYPE)), 0); + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + if (pkcs7 != NULL) { + pkcs7->content = badContent; + pkcs7->contentSz = sizeof(badContent); + } + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), + WC_NO_ERR_TRACE(SIG_VERIFY_E)); + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + +#ifndef NO_PKCS7_STREAM + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + if (pkcs7 != NULL) { + pkcs7->content = badContent; + pkcs7->contentSz = sizeof(badContent); + } + /* test for streaming */ + ret = -1; + for (z = 0; z < outputSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1); + if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){ + continue; + } + else if (ret < 0) { + break; + } + } + ExpectIntEQ(ret, WC_NO_ERR_TRACE(SIG_VERIFY_E)); + ExpectIntNE(pkcs7->contentSz, 0); + ExpectNotNull(pkcs7->contentDynamic); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; +#endif /* !NO_PKCS7_STREAM */ + + + /* Test success case with detached signature and valid content */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + if (pkcs7 != NULL) { + pkcs7->content = data; + pkcs7->contentSz = sizeof(data); + } + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + +#ifndef NO_PKCS7_STREAM + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + if (pkcs7 != NULL) { + pkcs7->content = data; + pkcs7->contentSz = sizeof(data); + } + + /* test for streaming */ + ret = -1; + for (z = 0; z < outputSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + ExpectIntNE(pkcs7->contentSz, 0); + ExpectNotNull(pkcs7->contentDynamic); + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; +#endif /* !NO_PKCS7_STREAM */ + + /* verify using pre-computed content digest only (no content) */ + { + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, NULL, 0), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, + output, outputSz, NULL, 0), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + } +#endif /* !NO_RSA */ + + /* Test verify on signedData containing intermediate/root CA certs */ +#ifndef NO_RSA + outputSz = sizeof(output); + XMEMSET(output, 0, outputSz); + ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data, + (word32)sizeof(data), + 0, 0, 1, RSA_TYPE)), 0); + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + +#ifndef NO_PKCS7_STREAM + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + + /* test for streaming */ + ret = -1; + for (z = 0; z < outputSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + ExpectIntNE(pkcs7->contentSz, 0); + ExpectNotNull(pkcs7->contentDynamic); + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; +#endif /* !NO_PKCS7_STREAM */ + +#endif /* !NO_RSA */ +#if defined(ASN_BER_TO_DER) && !defined(NO_PKCS7_STREAM) && \ + !defined(NO_FILESYSTEM) + { + XFILE signedBundle = XBADFILE; + int signedBundleSz = 0; + int chunkSz = 1; + int i, rc = 0; + byte* buf = NULL; + + ExpectTrue((signedBundle = XFOPEN("./certs/test-stream-sign.p7b", + "rb")) != XBADFILE); + ExpectTrue(XFSEEK(signedBundle, 0, XSEEK_END) == 0); + ExpectIntGT(signedBundleSz = (int)XFTELL(signedBundle), 0); + ExpectTrue(XFSEEK(signedBundle, 0, XSEEK_SET) == 0); + ExpectNotNull(buf = (byte*)XMALLOC(signedBundleSz, HEAP_HINT, + DYNAMIC_TYPE_FILE)); + if (buf != NULL) { + ExpectIntEQ(XFREAD(buf, 1, (size_t)signedBundleSz, signedBundle), + signedBundleSz); + } + if (signedBundle != XBADFILE) { + XFCLOSE(signedBundle); + signedBundle = XBADFILE; + } + + if (buf != NULL) { + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + for (i = 0; i < signedBundleSz;) { + int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i : + chunkSz; + rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, (word32)sz); + if (rc < 0 ) { + if (rc == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { + i += sz; + continue; + } + break; + } + else { + break; + } + } + ExpectIntEQ(rc, WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK)); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + } + + /* now try with malformed bundle */ + if (buf != NULL) { + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + buf[signedBundleSz - 2] = buf[signedBundleSz - 2] + 1; + for (i = 0; i < signedBundleSz;) { + int sz = (i + chunkSz > signedBundleSz)? signedBundleSz - i : + chunkSz; + rc = wc_PKCS7_VerifySignedData(pkcs7, buf + i, (word32)sz); + if (rc < 0 ) { + if (rc == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { + i += sz; + continue; + } + break; + } + else { + break; + } + } + ExpectIntEQ(rc, WC_NO_ERR_TRACE(ASN_PARSE_E)); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + } + + if (buf != NULL) + XFREE(buf, HEAP_HINT, DYNAMIC_TYPE_FILE); + } +#endif /* BER and stream */ +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_VerifySignedData()_RSA */ + +/* + * Testing wc_PKCS_VerifySignedData() + */ +int test_wc_PKCS7_VerifySignedData_ECC(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && defined(HAVE_ECC) + PKCS7* pkcs7 = NULL; + byte output[6000]; /* Large size needed for bundles with int CA certs */ + word32 outputSz = sizeof(output); + byte data[] = "Test data to encode."; + byte badContent[] = "This is different content than was signed"; + wc_HashAlg hash; +#ifndef NO_PKCS7_STREAM + word32 z; + int ret; +#endif /* !NO_PKCS7_STREAM */ +#ifdef NO_SHA + enum wc_HashType hashType = WC_HASH_TYPE_SHA256; +#else + enum wc_HashType hashType = WC_HASH_TYPE_SHA; +#endif + byte hashBuf[WC_MAX_DIGEST_SIZE]; + word32 hashSz = (word32)wc_HashGetDigestSize(hashType); + + XMEMSET(&hash, 0, sizeof(wc_HashAlg)); + + /* Success test with ECC certs/key */ + outputSz = sizeof(output); + XMEMSET(output, 0, outputSz); + ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data, + (word32)sizeof(data), 0, 0, 0, ECC_TYPE)), 0); + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + +#ifndef NO_PKCS7_STREAM + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + + /* test for streaming */ + ret = -1; + for (z = 0; z < outputSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + ExpectIntNE(pkcs7->contentSz, 0); + ExpectNotNull(pkcs7->contentDynamic); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; +#endif /* !NO_PKCS7_STREAM */ + + /* Invalid content should error, use detached signature so we can + * easily change content */ + outputSz = sizeof(output); + XMEMSET(output, 0, outputSz); + ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data, + (word32)sizeof(data), 1, 1, 0, ECC_TYPE)), 0); + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + if (pkcs7 != NULL) { + pkcs7->content = badContent; + pkcs7->contentSz = sizeof(badContent); + } + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), + WC_NO_ERR_TRACE(SIG_VERIFY_E)); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + +#ifndef NO_PKCS7_STREAM + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + if (pkcs7 != NULL) { + pkcs7->content = badContent; + pkcs7->contentSz = sizeof(badContent); + } + + /* test for streaming */ + ret = -1; + for (z = 0; z < outputSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1); + if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){ + continue; + } + else if (ret < 0) { + break; + } + } + ExpectIntEQ(ret, WC_NO_ERR_TRACE(SIG_VERIFY_E)); + ExpectIntNE(pkcs7->contentSz, 0); + ExpectNotNull(pkcs7->contentDynamic); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; +#endif /* !NO_PKCS7_STREAM */ + + + /* Test success case with detached signature and valid content */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + if (pkcs7 != NULL) { + pkcs7->content = data; + pkcs7->contentSz = sizeof(data); + } + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + +#ifndef NO_PKCS7_STREAM + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + if (pkcs7 != NULL) { + pkcs7->content = data; + pkcs7->contentSz = sizeof(data); + } + + /* test for streaming */ + ret = -1; + for (z = 0; z < outputSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + ExpectIntNE(pkcs7->contentSz, 0); + ExpectNotNull(pkcs7->contentDynamic); + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; +#endif /* !NO_PKCS7_STREAM */ + + /* verify using pre-computed content digest only (no content) */ + { + /* calculate hash for content */ + ExpectIntEQ(wc_HashInit(&hash, hashType), 0); + ExpectIntEQ(wc_HashUpdate(&hash, hashType, data, sizeof(data)), 0); + ExpectIntEQ(wc_HashFinal(&hash, hashType, hashBuf), 0); + ExpectIntEQ(wc_HashFree(&hash, hashType), 0); + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, NULL, 0), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData_ex(pkcs7, hashBuf, hashSz, + output, outputSz, NULL, 0), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + } + + /* Test verify on signedData containing intermediate/root CA certs */ + outputSz = sizeof(output); + XMEMSET(output, 0, outputSz); + ExpectIntGT((outputSz = (word32)CreatePKCS7SignedData(output, (int)outputSz, data, + (word32)sizeof(data), 0, 0, 1, ECC_TYPE)), 0); + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, output, outputSz), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + +#ifndef NO_PKCS7_STREAM + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + + /* test for streaming */ + ret = -1; + for (z = 0; z < outputSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, output + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + ExpectIntNE(pkcs7->contentSz, 0); + ExpectNotNull(pkcs7->contentDynamic); + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; +#endif /* !NO_PKCS7_STREAM */ + +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_VerifySignedData_ECC() */ + + +#if defined(HAVE_PKCS7) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ + defined(WOLFSSL_AES_256) && defined(HAVE_AES_KEYWRAP) +static const byte defKey[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 +}; +static byte aesHandle[32]; /* simulated hardware key handle */ + + +/* return 0 on success */ +static int myDecryptionFunc(PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, + byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, + byte* in, int inSz, byte* out, void* usrCtx) +{ + int ret; + Aes aes; + + if (usrCtx == NULL) { + /* no simulated handle passed in */ + return -1; + } + + switch (encryptOID) { + case AES256CBCb: + if (ivSz != AES_BLOCK_SIZE) + return BAD_FUNC_ARG; + break; + + default: + WOLFSSL_MSG("Unsupported content cipher type for test"); + return ALGO_ID_E; + }; + + /* simulate using handle to get key */ + ret = wc_AesInit(&aes, HEAP_HINT, INVALID_DEVID); + if (ret == 0) { + ret = wc_AesSetKey(&aes, (byte*)usrCtx, 32, iv, AES_DECRYPTION); + if (ret == 0) + ret = wc_AesCbcDecrypt(&aes, out, in, (word32)inSz); + wc_AesFree(&aes); + } + + (void)aad; + (void)aadSz; + (void)authTag; + (void)authTagSz; + (void)pkcs7; + return ret; +} + + +/* returns key size on success */ +static int myCEKwrapFunc(PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId, + word32 keyIdSz, byte* orginKey, word32 orginKeySz, + byte* out, word32 outSz, int keyWrapAlgo, int type, int direction) +{ + int ret = -1; + + (void)cekSz; + (void)cek; + (void)outSz; + (void)keyIdSz; + (void)direction; + (void)orginKey; /* used with KAKRI */ + (void)orginKeySz; + + if (out == NULL) + return BAD_FUNC_ARG; + + if (keyId[0] != 0x00) { + return -1; + } + + if (type != (int)PKCS7_KEKRI) { + return -1; + } + + switch (keyWrapAlgo) { + case AES256_WRAP: + /* simulate setting a handle for later decryption but use key + * as handle in the test case here */ + ret = wc_AesKeyUnWrap(defKey, sizeof(defKey), cek, cekSz, + aesHandle, sizeof(aesHandle), NULL); + if (ret < 0) + return ret; + + ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)aesHandle); + if (ret < 0) + return ret; + + /* return key size on success */ + return sizeof(defKey); + + default: + WOLFSSL_MSG("Unsupported key wrap algorithm in example"); + return BAD_KEYWRAP_ALG_E; + }; +} +#endif /* HAVE_PKCS7 && !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 && + HAVE_AES_KEYWRAP */ + + +#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER) && !defined(NO_RSA) +#define MAX_TEST_DECODE_SIZE 6000 +static int test_wc_PKCS7_DecodeEnvelopedData_stream_decrypt_cb(wc_PKCS7* pkcs7, + const byte* output, word32 outputSz, void* ctx) { + WOLFSSL_BUFFER_INFO* out = (WOLFSSL_BUFFER_INFO*)ctx; + + if (out == NULL) { + return -1; + } + + if (outputSz + out->length > MAX_TEST_DECODE_SIZE) { + printf("Example buffer size needs increased"); + } + + /* printf("Decoded in %d bytes\n", outputSz); + * for (word32 z = 0; z < outputSz; z++) printf("%02X", output[z]); + * printf("\n"); + */ + + XMEMCPY(out->buffer + out->length, output, outputSz); + out->length += outputSz; + + (void)pkcs7; + return 0; +} +#endif /* HAVE_PKCS7 && ASN_BER_TO_DER */ + +/* + * Testing wc_PKCS7_DecodeEnvelopedData with streaming + */ +int test_wc_PKCS7_DecodeEnvelopedData_stream(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && defined(ASN_BER_TO_DER) && !defined(NO_RSA) + PKCS7* pkcs7 = NULL; + int ret = 0; + XFILE f = XBADFILE; + const char* testStream = "./certs/test-stream-dec.p7b"; + byte testStreamBuffer[100]; + size_t testStreamBufferSz = 0; + byte decodedData[MAX_TEST_DECODE_SIZE]; /* large enough to hold result of decode, which is ca-cert.pem */ + WOLFSSL_BUFFER_INFO out; + + out.length = 0; + out.buffer = decodedData; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048, + sizeof_client_cert_der_2048), 0); + + ExpectIntEQ(wc_PKCS7_SetKey(pkcs7, (byte*)client_key_der_2048, + sizeof_client_key_der_2048), 0); + ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, + test_wc_PKCS7_DecodeEnvelopedData_stream_decrypt_cb, (void*)&out), 0); + + ExpectTrue((f = XFOPEN(testStream, "rb")) != XBADFILE); + if (EXPECT_SUCCESS()) { + do { + testStreamBufferSz = XFREAD(testStreamBuffer, 1, + sizeof(testStreamBuffer), f); + if (testStreamBufferSz == 0) { + break; + } + + ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, testStreamBuffer, + (word32)testStreamBufferSz, NULL, 0); + if (testStreamBufferSz < sizeof(testStreamBuffer)) { + break; + } + } while (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + #ifdef NO_DES3 + ExpectIntEQ(ret, ALGO_ID_E); + #else + /* expecting the size of ca-cert.pem */ + ExpectIntEQ(ret, 5512); + #endif + } + + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + wc_PKCS7_Free(pkcs7); +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_DecodeEnvelopedData_stream() */ + + +/* + * Testing wc_PKCS7_DecodeEnvelopedData with streaming + */ +int test_wc_PKCS7_DecodeEnvelopedData_multiple_recipients(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(NO_RSA) + PKCS7* pkcs7 = NULL; + int ret = 0; + XFILE f = XBADFILE; + const char* testFile = "./certs/test-multiple-recipients.p7b"; + byte testDerBuffer[8192]; /* test-multiple-recipients is currently 6433 + bytes */ + size_t testDerBufferSz = 0; + byte decodedData[8192]; + + ExpectTrue((f = XFOPEN(testFile, "rb")) != XBADFILE); + if (f != XBADFILE) { + testDerBufferSz = XFREAD(testDerBuffer, 1, + sizeof(testDerBuffer), f); + ExpectIntGT(testDerBufferSz, 0); + XFCLOSE(f); + f = XBADFILE; + } + + /* test with server cert recipient */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + if (pkcs7) { + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)server_cert_der_2048, + sizeof_server_cert_der_2048), 0); + + ExpectIntEQ(wc_PKCS7_SetKey(pkcs7, (byte*)server_key_der_2048, + sizeof_server_key_der_2048), 0); + + ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, testDerBuffer, + (word32)testDerBufferSz, decodedData, sizeof(decodedData)); + #if defined(NO_AES) || defined(NO_AES_256) + ExpectIntEQ(ret, ALGO_ID_E); + #else + ExpectIntGT(ret, 0); + #endif + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + } + + /* test with client cert recipient */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + if (pkcs7) { + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048, + sizeof_client_cert_der_2048), 0); + + ExpectIntEQ(wc_PKCS7_SetKey(pkcs7, (byte*)client_key_der_2048, + sizeof_client_key_der_2048), 0); + + ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, testDerBuffer, + (word32)testDerBufferSz, decodedData, sizeof(decodedData)); + #if defined(NO_AES) || defined(NO_AES_256) + ExpectIntEQ(ret, ALGO_ID_E); + #else + ExpectIntGT(ret, 0); + #endif + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + } + + /* test with ca cert recipient (which should fail) */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + if (pkcs7) { + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)ca_cert_der_2048, + sizeof_ca_cert_der_2048), 0); + + ExpectIntEQ(wc_PKCS7_SetKey(pkcs7, (byte*)ca_key_der_2048, + sizeof_ca_key_der_2048), 0); + + ret = wc_PKCS7_DecodeEnvelopedData(pkcs7, testDerBuffer, + (word32)testDerBufferSz, decodedData, sizeof(decodedData)); + ExpectIntLT(ret, 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + } + +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_DecodeEnvelopedData_multiple_recipients() */ + +/* + * Testing wc_PKCS7_EncodeEnvelopedData(), wc_PKCS7_DecodeEnvelopedData() + */ +int test_wc_PKCS7_EncodeDecodeEnvelopedData(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) + PKCS7* pkcs7 = NULL; +#ifdef ASN_BER_TO_DER + int encodedSz = 0; +#endif +#ifdef ECC_TIMING_RESISTANT + WC_RNG rng; +#endif +#ifdef HAVE_AES_KEYWRAP + word32 tempWrd32 = 0; + byte* tmpBytePtr = NULL; +#endif + const char input[] = "Test data to encode."; + int i; + int testSz = 0; + #if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) || \ + !defined(NO_SHA256) || defined(WOLFSSL_SHA512))) + byte* rsaCert = NULL; + byte* rsaPrivKey = NULL; + word32 rsaCertSz; + word32 rsaPrivKeySz; + #if !defined(NO_FILESYSTEM) && (!defined(USE_CERT_BUFFERS_1024) && \ + !defined(USE_CERT_BUFFERS_2048) ) + static const char* rsaClientCert = "./certs/client-cert.der"; + static const char* rsaClientKey = "./certs/client-key.der"; + rsaCertSz = (word32)sizeof(rsaClientCert); + rsaPrivKeySz = (word32)sizeof(rsaClientKey); + #endif + #endif + #if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \ + !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512)) + byte* eccCert = NULL; + byte* eccPrivKey = NULL; + word32 eccCertSz; + word32 eccPrivKeySz; + #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_256) + static const char* eccClientCert = "./certs/client-ecc-cert.der"; + static const char* eccClientKey = "./certs/ecc-client-key.der"; + #endif + #endif + /* Generic buffer size. */ + byte output[ONEK_BUF]; + byte decoded[sizeof(input)/sizeof(char)]; + int decodedSz = 0; +#ifndef NO_FILESYSTEM + XFILE certFile = XBADFILE; + XFILE keyFile = XBADFILE; +#endif + +#ifdef ECC_TIMING_RESISTANT + XMEMSET(&rng, 0, sizeof(WC_RNG)); +#endif + +#if !defined(NO_RSA) && (!defined(NO_AES) || (!defined(NO_SHA) ||\ + !defined(NO_SHA256) || defined(WOLFSSL_SHA512))) + /* RSA certs and keys. */ + #if defined(USE_CERT_BUFFERS_1024) + rsaCertSz = (word32)sizeof_client_cert_der_1024; + /* Allocate buffer space. */ + ExpectNotNull(rsaCert = (byte*)XMALLOC(rsaCertSz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + /* Init buffer. */ + if (rsaCert != NULL) { + XMEMCPY(rsaCert, client_cert_der_1024, rsaCertSz); + } + rsaPrivKeySz = (word32)sizeof_client_key_der_1024; + ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + if (rsaPrivKey != NULL) { + XMEMCPY(rsaPrivKey, client_key_der_1024, rsaPrivKeySz); + } + #elif defined(USE_CERT_BUFFERS_2048) + rsaCertSz = (word32)sizeof_client_cert_der_2048; + /* Allocate buffer */ + ExpectNotNull(rsaCert = (byte*)XMALLOC(rsaCertSz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + /* Init buffer. */ + if (rsaCert != NULL) { + XMEMCPY(rsaCert, client_cert_der_2048, rsaCertSz); + } + rsaPrivKeySz = (word32)sizeof_client_key_der_2048; + ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(rsaPrivKeySz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + if (rsaPrivKey != NULL) { + XMEMCPY(rsaPrivKey, client_key_der_2048, rsaPrivKeySz); + } + #else + /* File system. */ + ExpectTrue((certFile = XFOPEN(rsaClientCert, "rb")) != XBADFILE); + rsaCertSz = (word32)FOURK_BUF; + ExpectNotNull(rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectTrue((rsaCertSz = (word32)XFREAD(rsaCert, 1, rsaCertSz, + certFile)) > 0); + if (certFile != XBADFILE) + XFCLOSE(certFile); + ExpectTrue((keyFile = XFOPEN(rsaClientKey, "rb")) != XBADFILE); + ExpectNotNull(rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + rsaPrivKeySz = (word32)FOURK_BUF; + ExpectTrue((rsaPrivKeySz = (word32)XFREAD(rsaPrivKey, 1, rsaPrivKeySz, + keyFile)) > 0); + if (keyFile != XBADFILE) + XFCLOSE(keyFile); + #endif /* USE_CERT_BUFFERS */ +#endif /* NO_RSA */ + +/* ECC */ +#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \ + !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512)) + + #ifdef USE_CERT_BUFFERS_256 + ExpectNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + /* Init buffer. */ + eccCertSz = (word32)sizeof_cliecc_cert_der_256; + if (eccCert != NULL) { + XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz); + } + ExpectNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256; + if (eccPrivKey != NULL) { + XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz); + } + #else /* File system. */ + ExpectTrue((certFile = XFOPEN(eccClientCert, "rb")) != XBADFILE); + eccCertSz = (word32)FOURK_BUF; + ExpectNotNull(eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectTrue((eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz, + certFile)) > 0); + if (certFile != XBADFILE) { + XFCLOSE(certFile); + } + ExpectTrue((keyFile = XFOPEN(eccClientKey, "rb")) != XBADFILE); + eccPrivKeySz = (word32)FOURK_BUF; + ExpectNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectTrue((eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz, + keyFile)) > 0); + if (keyFile != XBADFILE) { + XFCLOSE(keyFile); + } + #endif /* USE_CERT_BUFFERS_256 */ +#endif /* END HAVE_ECC */ + +#ifndef NO_FILESYSTEM + /* Silence. */ + (void)keyFile; + (void)certFile; +#endif + + { + const pkcs7EnvelopedVector testVectors[] = { + /* DATA is a global variable defined in the makefile. */ +#if !defined(NO_RSA) + #ifndef NO_DES3 + {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, DES3b, 0, 0, + rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, + #endif /* NO_DES3 */ + #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP) + #ifdef WOLFSSL_AES_128 + {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES128CBCb, + 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, + #endif + #ifdef WOLFSSL_AES_192 + {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES192CBCb, + 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, + #endif + #ifdef WOLFSSL_AES_256 + {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, AES256CBCb, + 0, 0, rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz}, + #endif + #endif /* NO_AES && HAVE_AES_CBC */ + +#endif /* NO_RSA */ +#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) + #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP) + #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) + {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, + AES128CBCb, AES128_WRAP, dhSinglePass_stdDH_sha1kdf_scheme, + eccCert, eccCertSz, eccPrivKey, eccPrivKeySz}, + #endif + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) + {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, + AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha256kdf_scheme, + eccCert, eccCertSz, eccPrivKey, eccPrivKeySz}, + #endif + #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256) + {(byte*)input, (word32)(sizeof(input)/sizeof(char)), DATA, + AES256CBCb, AES256_WRAP, dhSinglePass_stdDH_sha512kdf_scheme, + eccCert, eccCertSz, eccPrivKey, eccPrivKeySz}, + #endif + #endif /* NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */ +#endif /* END HAVE_ECC */ + }; /* END pkcs7EnvelopedVector */ + +#ifdef ECC_TIMING_RESISTANT + ExpectIntEQ(wc_InitRng(&rng), 0); +#endif + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0); + + testSz = (int)sizeof(testVectors)/(int)sizeof(pkcs7EnvelopedVector); + for (i = 0; i < testSz; i++) { + #ifdef ASN_BER_TO_DER + encodeSignedDataStream strm; + + /* test setting stream mode, the first one using IO callbacks */ + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert, + (word32)(testVectors + i)->certSz), 0); + if (pkcs7 != NULL) { + #ifdef ECC_TIMING_RESISTANT + pkcs7->rng = &rng; + #endif + + if (i != 0) + pkcs7->content = (byte*)(testVectors + i)->content; + pkcs7->contentSz = (testVectors + i)->contentSz; + pkcs7->contentOID = (testVectors + i)->contentOID; + pkcs7->encryptOID = (testVectors + i)->encryptOID; + pkcs7->keyWrapOID = (testVectors + i)->keyWrapOID; + pkcs7->keyAgreeOID = (testVectors + i)->keyAgreeOID; + pkcs7->privateKey = (testVectors + i)->privateKey; + pkcs7->privateKeySz = (testVectors + i)->privateKeySz; + } + + if (i == 0) { + XMEMSET(&strm, 0, sizeof(strm)); + strm.chunkSz = FOURK_BUF; + ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, GetContentCB, + StreamOutputCB, (void*)&strm), 0); + encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL, 0); + } + else { + ExpectIntEQ(wc_PKCS7_SetStreamMode(pkcs7, 1, NULL, NULL, NULL), 0); + encodedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output, + (word32)sizeof(output)); + } + + switch ((testVectors + i)->encryptOID) { + #ifndef NO_DES3 + case DES3b: + case DESb: + ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + break; + #endif + #ifdef HAVE_AESCCM + #ifdef WOLFSSL_AES_128 + case AES128CCMb: + ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + break; + #endif + #ifdef WOLFSSL_AES_192 + case AES192CCMb: + ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + break; + #endif + #ifdef WOLFSSL_AES_256 + case AES256CCMb: + ExpectIntEQ(encodedSz, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + break; + #endif + #endif + default: + ExpectIntGE(encodedSz, 0); + } + + if (encodedSz > 0) { + if (i == 0) { + decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, + strm.out, (word32)encodedSz, decoded, + (word32)sizeof(decoded)); + } + else { + decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output, + (word32)encodedSz, decoded, (word32)sizeof(decoded)); + } + ExpectIntGE(decodedSz, 0); + /* Verify the size of each buffer. */ + ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz); + } + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + #endif + + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (testVectors + i)->cert, + (word32)(testVectors + i)->certSz), 0); + if (pkcs7 != NULL) { +#ifdef ECC_TIMING_RESISTANT + pkcs7->rng = &rng; +#endif + + pkcs7->content = (byte*)(testVectors + i)->content; + pkcs7->contentSz = (testVectors + i)->contentSz; + pkcs7->contentOID = (testVectors + i)->contentOID; + pkcs7->encryptOID = (testVectors + i)->encryptOID; + pkcs7->keyWrapOID = (testVectors + i)->keyWrapOID; + pkcs7->keyAgreeOID = (testVectors + i)->keyAgreeOID; + pkcs7->privateKey = (testVectors + i)->privateKey; + pkcs7->privateKeySz = (testVectors + i)->privateKeySz; + } + + #ifdef ASN_BER_TO_DER + /* test without setting stream mode */ + ExpectIntEQ(wc_PKCS7_GetStreamMode(pkcs7), 0); + #endif + + ExpectIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, + (word32)sizeof(output)), 0); + + decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output, + (word32)sizeof(output), decoded, (word32)sizeof(decoded)); + ExpectIntGE(decodedSz, 0); + /* Verify the size of each buffer. */ + ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz); + + /* Don't free the last time through the loop. */ + if (i < testSz - 1) { + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + } + } /* END test loop. */ + } + + /* Test bad args. */ + ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(NULL, output, + (word32)sizeof(output)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, NULL, + (word32)sizeof(output)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Decode. */ + ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(NULL, output, + (word32)sizeof(output), decoded, (word32)sizeof(decoded)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, + (word32)sizeof(output), NULL, (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, + (word32)sizeof(output), decoded, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, NULL, + (word32)sizeof(output), decoded, (word32)sizeof(decoded)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, 0, decoded, + (word32)sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Should get a return of BAD_FUNC_ARG with structure data. Order matters.*/ +#if defined(HAVE_ECC) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ + defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF) + /* only a failure for KARI test cases */ + if (pkcs7 != NULL) { + tempWrd32 = pkcs7->singleCertSz; + pkcs7->singleCertSz = 0; + } + #if defined(WOLFSSL_ASN_TEMPLATE) + ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, + (word32)sizeof(output), decoded, (word32)sizeof(decoded)), + WC_NO_ERR_TRACE(BUFFER_E)); + #else + ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, + (word32)sizeof(output), decoded, (word32)sizeof(decoded)), + WC_NO_ERR_TRACE(ASN_PARSE_E)); + #endif + if (pkcs7 != NULL) { + pkcs7->singleCertSz = tempWrd32; + + tmpBytePtr = pkcs7->singleCert; + pkcs7->singleCert = NULL; + } + #ifndef NO_RSA + #if defined(NO_PKCS7_STREAM) + /* when none streaming mode is used and PKCS7 is in bad state buffer error + * is returned from kari parse which gets set to bad func arg */ + ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, + (word32)sizeof(output), decoded, (word32)sizeof(decoded)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #else + ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, + (word32)sizeof(output), decoded, (word32)sizeof(decoded)), + WC_NO_ERR_TRACE(ASN_PARSE_E)); + #endif + #endif /* !NO_RSA */ + if (pkcs7 != NULL) { + pkcs7->singleCert = tmpBytePtr; + } +#endif +#ifdef HAVE_AES_KEYWRAP + if (pkcs7 != NULL) { + tempWrd32 = pkcs7->privateKeySz; + pkcs7->privateKeySz = 0; + } + ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, + (word32)sizeof(output), decoded, (word32)sizeof(decoded)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + if (pkcs7 != NULL) { + pkcs7->privateKeySz = tempWrd32; + + tmpBytePtr = pkcs7->privateKey; + pkcs7->privateKey = NULL; + } + ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, output, + (word32)sizeof(output), decoded, (word32)sizeof(decoded)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + if (pkcs7 != NULL) { + pkcs7->privateKey = tmpBytePtr; + } +#endif + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \ + defined(HAVE_AES_KEYWRAP) + /* test of decrypt callback with KEKRI enveloped data */ + { + int envelopedSz = 0; + const byte keyId[] = { 0x00 }; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + if (pkcs7 != NULL) { + pkcs7->content = (byte*)input; + pkcs7->contentSz = (word32)(sizeof(input)/sizeof(char)); + pkcs7->contentOID = DATA; + pkcs7->encryptOID = AES256CBCb; + } + ExpectIntGT(wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP, + (byte*)defKey, sizeof(defKey), (byte*)keyId, + sizeof(keyId), NULL, NULL, 0, NULL, 0, 0), 0); + ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0); + ExpectIntGT((envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, output, + (word32)sizeof(output))), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + /* decode envelopedData */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_SetWrapCEKCb(pkcs7, myCEKwrapFunc), 0); + ExpectIntEQ(wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc), 0); + ExpectIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output, + (word32)envelopedSz, decoded, sizeof(decoded))), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + } +#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 && HAVE_AES_KEYWRAP */ + +#ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* NO_RSA */ +#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) + XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* HAVE_ECC */ + +#ifdef ECC_TIMING_RESISTANT + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + +#if defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && \ + !defined(NO_RSA) && !defined(NO_SHA) + { + byte out[7]; + byte *cms = NULL; + word32 cmsSz; + XFILE cmsFile = XBADFILE; + + XMEMSET(out, 0, sizeof(out)); + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectTrue((cmsFile = XFOPEN("./certs/test/ktri-keyid-cms.msg", "rb")) + != XBADFILE); + cmsSz = (word32)FOURK_BUF; + ExpectNotNull(cms = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectTrue((cmsSz = (word32)XFREAD(cms, 1, cmsSz, cmsFile)) > 0); + if (cmsFile != XBADFILE) + XFCLOSE(cmsFile); + + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte*)client_cert_der_2048, + sizeof_client_cert_der_2048), 0); + if (pkcs7 != NULL) { + pkcs7->privateKey = (byte*)client_key_der_2048; + pkcs7->privateKeySz = sizeof_client_key_der_2048; + } + ExpectIntLT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out, + 2), 0); + ExpectIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, cms, cmsSz, out, + sizeof(out)), 0); + XFREE(cms, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ExpectIntEQ(XMEMCMP(out, "test", 4), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + } +#endif /* USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */ +#endif /* HAVE_PKCS7 */ + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_EncodeDecodeEnvelopedData() */ + + +#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && defined(HAVE_X963_KDF) && \ + !defined(NO_SHA256) && defined(WOLFSSL_AES_256) +static int wasAESKeyWrapCbCalled = 0; +static int wasAESKeyUnwrapCbCalled = 0; + +static int testAESKeyWrapUnwrapCb(const byte* key, word32 keySz, + const byte* in, word32 inSz, int wrap, byte* out, word32 outSz) +{ + (void)key; + (void)keySz; + (void)wrap; + if (wrap) + wasAESKeyWrapCbCalled = 1; + else + wasAESKeyUnwrapCbCalled = 1; + XMEMSET(out, 0xEE, outSz); + if (inSz <= outSz) { + XMEMCPY(out, in, inSz); + } + return inSz; +} +#endif + + +/* + * Test custom AES key wrap/unwrap callback + */ +int test_wc_PKCS7_SetAESKeyWrapUnwrapCb(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && defined(HAVE_ECC) && defined(HAVE_X963_KDF) && \ + !defined(NO_SHA256) && defined(WOLFSSL_AES_256) + static const char input[] = "Test input for AES key wrapping"; + PKCS7 * pkcs7 = NULL; + byte * eccCert = NULL; + byte * eccPrivKey = NULL; + word32 eccCertSz = 0; + word32 eccPrivKeySz = 0; + byte output[ONEK_BUF]; + byte decoded[sizeof(input)/sizeof(char)]; + int decodedSz = 0; +#ifdef ECC_TIMING_RESISTANT + WC_RNG rng; +#endif + +#ifdef ECC_TIMING_RESISTANT + XMEMSET(&rng, 0, sizeof(WC_RNG)); + ExpectIntEQ(wc_InitRng(&rng), 0); +#endif + +/* Load test certs */ +#ifdef USE_CERT_BUFFERS_256 + ExpectNotNull(eccCert = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + /* Init buffer. */ + eccCertSz = (word32)sizeof_cliecc_cert_der_256; + if (eccCert != NULL) { + XMEMCPY(eccCert, cliecc_cert_der_256, eccCertSz); + } + ExpectNotNull(eccPrivKey = (byte*)XMALLOC(TWOK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + eccPrivKeySz = (word32)sizeof_ecc_clikey_der_256; + if (eccPrivKey != NULL) { + XMEMCPY(eccPrivKey, ecc_clikey_der_256, eccPrivKeySz); + } +#else /* File system. */ + ExpectTrue((certFile = XFOPEN(eccClientCert, "rb")) != XBADFILE); + eccCertSz = (word32)FOURK_BUF; + ExpectNotNull(eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectTrue((eccCertSz = (word32)XFREAD(eccCert, 1, eccCertSz, + certFile)) > 0); + if (certFile != XBADFILE) { + XFCLOSE(certFile); + } + ExpectTrue((keyFile = XFOPEN(eccClientKey, "rb")) != XBADFILE); + eccPrivKeySz = (word32)FOURK_BUF; + ExpectNotNull(eccPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectTrue((eccPrivKeySz = (word32)XFREAD(eccPrivKey, 1, eccPrivKeySz, + keyFile)) > 0); + if (keyFile != XBADFILE) { + XFCLOSE(keyFile); + } +#endif /* USE_CERT_BUFFERS_256 */ + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, eccCert, eccCertSz), 0); + if (pkcs7 != NULL) { + pkcs7->content = (byte*)input; + pkcs7->contentSz = sizeof(input); + pkcs7->contentOID = DATA; + pkcs7->encryptOID = AES256CBCb; + pkcs7->keyWrapOID = AES256_WRAP; + pkcs7->keyAgreeOID = dhSinglePass_stdDH_sha256kdf_scheme; + pkcs7->privateKey = eccPrivKey; + pkcs7->privateKeySz = eccPrivKeySz; + pkcs7->singleCert = eccCert; + pkcs7->singleCertSz = (word32)eccCertSz; +#ifdef ECC_TIMING_RESISTANT + pkcs7->rng = &rng; +#endif + } + + /* Test custom AES key wrap/unwrap callback */ + ExpectIntEQ(wc_PKCS7_SetAESKeyWrapUnwrapCb(pkcs7, testAESKeyWrapUnwrapCb), 0); + + ExpectIntGE(wc_PKCS7_EncodeEnvelopedData(pkcs7, output, + (word32)sizeof(output)), 0); + + decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, output, + (word32)sizeof(output), decoded, (word32)sizeof(decoded)); + ExpectIntGE(decodedSz, 0); + /* Verify the size of each buffer. */ + ExpectIntEQ((word32)sizeof(input)/sizeof(char), decodedSz); + + ExpectIntEQ(wasAESKeyWrapCbCalled, 1); + ExpectIntEQ(wasAESKeyUnwrapCbCalled, 1); + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef ECC_TIMING_RESISTANT + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif +#endif + return EXPECT_RESULT(); +} + +/* + * Testing wc_PKCS7_GetEnvelopedDataKariRid(). + */ +int test_wc_PKCS7_GetEnvelopedDataKariRid(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) +#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) && (!defined(NO_AES) || \ + !defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA512)) + /* The kari-keyid-cms.msg generated by openssl has a 68 byte RID structure. + * Reserve a bit more than that in case it might grow. */ + byte rid[256]; + byte cms[1024]; + XFILE cmsFile = XBADFILE; + int ret; + word32 ridSz = sizeof(rid); + XFILE skiHexFile = XBADFILE; + byte skiHex[256]; + word32 cmsSz = 0; + word32 skiHexSz = 0; + size_t i = 0; + const word32 ridKeyIdentifierOffset = 4; + + ExpectTrue((cmsFile = XFOPEN("./certs/test/kari-keyid-cms.msg", "rb")) + != XBADFILE); + ExpectTrue((cmsSz = (word32)XFREAD(cms, 1, sizeof(cms), cmsFile)) > 0); + if (cmsFile != XBADFILE) + XFCLOSE(cmsFile); + + ExpectTrue((skiHexFile = XFOPEN("./certs/test/client-ecc-cert-ski.hex", + "rb")) != XBADFILE); + ExpectTrue((skiHexSz = (word32)XFREAD(skiHex, 1, sizeof(skiHex), + skiHexFile)) > 0); + if (skiHexFile != XBADFILE) + XFCLOSE(skiHexFile); + + if (EXPECT_SUCCESS()) { + ret = wc_PKCS7_GetEnvelopedDataKariRid(cms, cmsSz, rid, &ridSz); + } + ExpectIntEQ(ret, 0); + ExpectIntLT(ridSz, sizeof(rid)); + ExpectIntGT(ridSz, ridKeyIdentifierOffset); + /* The Subject Key Identifier hex file should have 2 hex characters for each + * byte of the key identifier in the returned recipient ID (rid), plus a + * terminating new line character. */ + ExpectIntGE(skiHexSz, ((ridSz - ridKeyIdentifierOffset) * 2) + 1); + if (EXPECT_SUCCESS()) { + for (i = 0; i < (ridSz - ridKeyIdentifierOffset); i++) + { + size_t j; + byte ridKeyIdByte = rid[ridKeyIdentifierOffset + i]; + byte skiByte = 0; + for (j = 0; j <= 1; j++) + { + byte hexChar = skiHex[i * 2 + j]; + skiByte = skiByte << 4; + if ('0' <= hexChar && hexChar <= '9') + skiByte |= (hexChar - '0'); + else if ('A' <= hexChar && hexChar <= 'F') + skiByte |= (hexChar - 'A' + 10); + else + ExpectTrue(0); + } + ExpectIntEQ(ridKeyIdByte, skiByte); + } + } +#endif +#endif /* HAVE_PKCS7 */ + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_GetEnvelopedDataKariRid() */ + + +/* + * Testing wc_PKCS7_EncodeEncryptedData() + */ +int test_wc_PKCS7_EncodeEncryptedData(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(NO_PKCS7_ENCRYPTED_DATA) + PKCS7* pkcs7 = NULL; + byte* tmpBytePtr = NULL; + byte encrypted[TWOK_BUF]; + byte decoded[TWOK_BUF]; + word32 tmpWrd32 = 0; + int tmpInt = 0; + int decodedSz = 0; + int encryptedSz = 0; + int testSz = 0; + int i = 0; + const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + #ifndef NO_DES3 + byte desKey[] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef + }; + byte des3Key[] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + #endif + #if !defined(NO_AES) && defined(HAVE_AES_CBC) + #ifdef WOLFSSL_AES_128 + byte aes128Key[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 + }; + #endif + #ifdef WOLFSSL_AES_192 + byte aes192Key[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 + }; + #endif + #ifdef WOLFSSL_AES_256 + byte aes256Key[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 + }; + #endif + #endif /* !NO_AES && HAVE_AES_CBC */ + const pkcs7EncryptedVector testVectors[] = + { + #ifndef NO_DES3 + {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key)}, + + {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey)}, + #endif /* !NO_DES3 */ + #if !defined(NO_AES) && defined(HAVE_AES_CBC) + #ifdef WOLFSSL_AES_128 + {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key, + sizeof(aes128Key)}, + #endif + + #ifdef WOLFSSL_AES_192 + {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key, + sizeof(aes192Key)}, + #endif + + #ifdef WOLFSSL_AES_256 + {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key, + sizeof(aes256Key)}, + #endif + + #endif /* !NO_AES && HAVE_AES_CBC */ + }; + + testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector); + + for (i = 0; i < testSz; i++) { + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0); + if (pkcs7 != NULL) { + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->encryptionKey = testVectors[i].encryptionKey; + pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz; + pkcs7->heap = HEAP_HINT; + } + + /* encode encryptedData */ + ExpectIntGT(encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, + sizeof(encrypted)), 0); + + /* Decode encryptedData */ + ExpectIntGT(decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, + (word32)encryptedSz, decoded, sizeof(decoded)), 0); + + ExpectIntEQ(XMEMCMP(decoded, data, decodedSz), 0); + /* Keep values for last itr. */ + if (i < testSz - 1) { + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + } + } + if (pkcs7 == NULL || testSz == 0) { + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0); + } + + ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(NULL, encrypted, + sizeof(encrypted)),WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, NULL, + sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Testing the struct. */ + if (pkcs7 != NULL) { + tmpBytePtr = pkcs7->content; + pkcs7->content = NULL; + } + ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, + sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + if (pkcs7 != NULL) { + pkcs7->content = tmpBytePtr; + tmpWrd32 = pkcs7->contentSz; + pkcs7->contentSz = 0; + } + ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, + sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + if (pkcs7 != NULL) { + pkcs7->contentSz = tmpWrd32; + tmpInt = pkcs7->encryptOID; + pkcs7->encryptOID = 0; + } + ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, + sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + if (pkcs7 != NULL) { + pkcs7->encryptOID = tmpInt; + tmpBytePtr = pkcs7->encryptionKey; + pkcs7->encryptionKey = NULL; + } + ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, + sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + if (pkcs7 != NULL) { + pkcs7->encryptionKey = tmpBytePtr; + tmpWrd32 = pkcs7->encryptionKeySz; + pkcs7->encryptionKeySz = 0; + } + ExpectIntEQ(wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, + sizeof(encrypted)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + if (pkcs7 != NULL) { + pkcs7->encryptionKeySz = tmpWrd32; + } + + ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(NULL, encrypted, (word32)encryptedSz, + decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, NULL, (word32)encryptedSz, + decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, 0, + decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz, + NULL, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz, + decoded, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Test struct fields */ + + if (pkcs7 != NULL) { + tmpBytePtr = pkcs7->encryptionKey; + pkcs7->encryptionKey = NULL; + } + ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz, + decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + if (pkcs7 != NULL) { + pkcs7->encryptionKey = tmpBytePtr; + pkcs7->encryptionKeySz = 0; + } + ExpectIntEQ(wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz, + decoded, sizeof(decoded)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + wc_PKCS7_Free(pkcs7); +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_EncodeEncryptedData() */ + + +#if defined(HAVE_PKCS7) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && !defined(NO_RSA) && !defined(NO_SHA) +static void build_test_EncryptedKeyPackage(byte * out, word32 * out_size, byte * in_data, word32 in_size, size_t in_content_type, size_t test_vector) +{ + /* EncryptedKeyPackage ContentType TLV DER */ + static const byte ekp_oid_tlv[] = {0x06U, 10U, + 0X60U, 0X86U, 0X48U, 0X01U, 0X65U, 0X02U, 0X01U, 0X02U, 0X4EU, 0X02U}; + if (in_content_type == ENCRYPTED_DATA) { + /* EncryptedData subtype */ + size_t ekp_content_der_size = 2U + in_size; + size_t ekp_content_info_size = sizeof(ekp_oid_tlv) + ekp_content_der_size; + /* EncryptedKeyPackage ContentType */ + out[0] = 0x30U; + out[1] = ekp_content_info_size & 0x7FU; + /* EncryptedKeyPackage ContentInfo */ + XMEMCPY(&out[2], ekp_oid_tlv, sizeof(ekp_oid_tlv)); + /* EncryptedKeyPackage content [0] */ + out[14] = 0xA0U; + out[15] = in_size & 0x7FU; + XMEMCPY(&out[16], in_data, in_size); + *out_size = 16U + in_size; + switch (test_vector) + { + case 1: out[0] = 0x20U; break; + case 2: out[2] = 0x01U; break; + case 3: out[7] = 0x42U; break; + case 4: out[14] = 0xA2U; break; + } + } + else if (in_content_type == ENVELOPED_DATA) { + /* EnvelopedData subtype */ + size_t ekp_choice_der_size = 4U + in_size; + size_t ekp_content_der_size = 4U + ekp_choice_der_size; + size_t ekp_content_info_size = sizeof(ekp_oid_tlv) + ekp_content_der_size; + /* EncryptedKeyPackage ContentType */ + out[0] = 0x30U; + out[1] = 0x82U; + out[2] = ekp_content_info_size >> 8U; + out[3] = ekp_content_info_size & 0xFFU; + /* EncryptedKeyPackage ContentInfo */ + XMEMCPY(&out[4], ekp_oid_tlv, sizeof(ekp_oid_tlv)); + /* EncryptedKeyPackage content [0] */ + out[16] = 0xA0U; + out[17] = 0x82U; + out[18] = ekp_choice_der_size >> 8U; + out[19] = ekp_choice_der_size & 0xFFU; + /* EncryptedKeyPackage CHOICE [0] EnvelopedData */ + out[20] = 0xA0U; + out[21] = 0x82U; + out[22] = in_size >> 8U; + out[23] = in_size & 0xFFU; + XMEMCPY(&out[24], in_data, in_size); + *out_size = 24U + in_size; + switch (test_vector) + { + case 1: out[0] = 0x20U; break; + case 2: out[4] = 0x01U; break; + case 3: out[9] = 0x42U; break; + case 4: out[16] = 0xA2U; break; + } + } +} +#endif /* HAVE_PKCS7 && USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */ + +/* + * Test wc_PKCS7_DecodeEncryptedKeyPackage(). + */ +int test_wc_PKCS7_DecodeEncryptedKeyPackage(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && defined(USE_CERT_BUFFERS_2048) && !defined(NO_DES3) && !defined(NO_RSA) && !defined(NO_SHA) + static const struct { + const char * msg_file_name; + word32 msg_content_type; + } test_messages[] = { + {"./certs/test/ktri-keyid-cms.msg", ENVELOPED_DATA}, + {"./certs/test/encrypteddata.msg", ENCRYPTED_DATA}, + }; + static const int test_vectors[] = { + 0, + WC_NO_ERR_TRACE(ASN_PARSE_E), + WC_NO_ERR_TRACE(ASN_PARSE_E), + WC_NO_ERR_TRACE(PKCS7_OID_E), + WC_NO_ERR_TRACE(ASN_PARSE_E), + }; + static const byte key[] = { + 0x01U, 0x23U, 0x45U, 0x67U, 0x89U, 0xABU, 0xCDU, 0xEFU, + 0x00U, 0x11U, 0x22U, 0x33U, 0x44U, 0x55U, 0x66U, 0x77U, + }; + size_t test_msg = 0U; + size_t test_vector = 0U; + + for (test_msg = 0U; test_msg < (sizeof(test_messages)/sizeof(test_messages[0])); test_msg++) + { + for (test_vector = 0U; test_vector < (sizeof(test_vectors)/sizeof(test_vectors[0])); test_vector++) + { + byte * ekp_cms_der = NULL; + word32 ekp_cms_der_size = 0U; + byte * inner_cms_der = NULL; + word32 inner_cms_der_size = (word32)FOURK_BUF; + XFILE inner_cms_file = XBADFILE; + PKCS7 * pkcs7 = NULL; + byte out[15] = {0}; + int result = 0; + + ExpectNotNull(ekp_cms_der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); + /* Check for possible previous test failure. */ + if (ekp_cms_der == NULL) { + break; + } + + ExpectNotNull(inner_cms_der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)); + ExpectTrue((inner_cms_file = XFOPEN(test_messages[test_msg].msg_file_name, "rb")) != XBADFILE); + ExpectTrue((inner_cms_der_size = (word32)XFREAD(inner_cms_der, 1, inner_cms_der_size, inner_cms_file)) > 0); + if (inner_cms_file != XBADFILE) { + XFCLOSE(inner_cms_file); + } + if (test_messages[test_msg].msg_content_type == ENVELOPED_DATA) { + /* Verify that the build_test_EncryptedKeyPackage can format as expected. */ + ExpectIntGT(inner_cms_der_size, 127); + } + if (test_messages[test_msg].msg_content_type == ENCRYPTED_DATA) { + /* Verify that the build_test_EncryptedKeyPackage can format as expected. */ + ExpectIntLT(inner_cms_der_size, 124); + } + build_test_EncryptedKeyPackage(ekp_cms_der, &ekp_cms_der_size, inner_cms_der, inner_cms_der_size, test_messages[test_msg].msg_content_type, test_vector); + XFREE(inner_cms_der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, (byte *)client_cert_der_2048, sizeof_client_cert_der_2048), 0); + if (pkcs7 != NULL) { + if (test_messages[test_msg].msg_content_type == ENVELOPED_DATA) { + /* To test EnvelopedData, set private key. */ + pkcs7->privateKey = (byte *)client_key_der_2048; + pkcs7->privateKeySz = sizeof_client_key_der_2048; + } + if (test_messages[test_msg].msg_content_type == ENCRYPTED_DATA) { + /* To test EncryptedData, set symmetric encryption key. */ + pkcs7->encryptionKey = (byte *)key; + pkcs7->encryptionKeySz = sizeof(key); + } + } + ExpectIntEQ(wc_PKCS7_DecodeEncryptedKeyPackage(pkcs7, NULL, ekp_cms_der_size, out, sizeof(out)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + result = wc_PKCS7_DecodeEncryptedKeyPackage(pkcs7, ekp_cms_der, ekp_cms_der_size, out, sizeof(out)); + if (result == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { + result = wc_PKCS7_DecodeEncryptedKeyPackage(pkcs7, ekp_cms_der, ekp_cms_der_size, out, sizeof(out)); + } + if (test_vectors[test_vector] == 0U) { + if (test_messages[test_msg].msg_content_type == ENVELOPED_DATA) { + ExpectIntGT(result, 0); + ExpectIntEQ(XMEMCMP(out, "test", 4), 0); + } + if (test_messages[test_msg].msg_content_type == ENCRYPTED_DATA) { +#ifndef NO_PKCS7_ENCRYPTED_DATA + ExpectIntGT(result, 0); + ExpectIntEQ(XMEMCMP(out, "testencrypt", 11), 0); +#else + ExpectIntEQ(result, WC_NO_ERR_TRACE(ASN_PARSE_E)); +#endif + } + } + else { + ExpectIntEQ(result, test_vectors[test_vector]); + } + XFREE(ekp_cms_der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_PKCS7_Free(pkcs7); + } + } +#endif /* HAVE_PKCS7 && USE_CERT_BUFFERS_2048 && !NO_DES3 && !NO_RSA && !NO_SHA */ + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_DecodeEncryptedKeyPackage() */ + + +/* + * Test wc_PKCS7_DecodeSymmetricKeyPackage(). + */ +int test_wc_PKCS7_DecodeSymmetricKeyPackage(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) + const byte * item; + word32 itemSz; + int ret; + + { + const byte one_key[] = { + 0x30, 0x08, /* SymmetricKeyPackage SEQUENCE header */ + 0x02, 0x01, 0x01, /* version v1 */ + 0x30, 0x03, /* sKeys SEQUENCE OF */ + 0x02, 0x01, 0x01, /* INTEGER standin for OneSymmetricKey */ + }; + /* NULL input data pointer */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + NULL, sizeof(one_key), 0, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* NULL output item pointer */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + one_key, sizeof(one_key), 0, NULL, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* NULL output size pointer */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + one_key, sizeof(one_key), 0, &item, NULL); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid key index 0 extraction */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + one_key, sizeof(one_key), 0, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &one_key[7]); + ExpectIntEQ(itemSz, 3); + + /* Key index 1 out of range */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + one_key, sizeof(one_key), 1, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E)); + + /* Attribute index 0 out of range */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute( + one_key, sizeof(one_key), 0, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E)); + + /* Attribute index 1 out of range */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute( + one_key, sizeof(one_key), 1, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E)); + } + + /* Invalid SKP SEQUENCE header. */ + { + const byte bad_seq_header[] = { + 0x02, 0x01, 0x42, /* Invalid SymmetricKeyPackage SEQUENCE header */ + }; + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + bad_seq_header, sizeof(bad_seq_header), 0, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E)); + } + + /* Missing version object */ + { + const byte missing_version[] = { + 0x30, 0x05, /* SymmetricKeyPackage SEQUENCE header */ + 0x30, 0x03, /* sKeys SEQUENCE OF */ + 0x02, 0x01, 0x01, /* INTEGER standin for OneSymmetricKey */ + }; + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + missing_version, sizeof(missing_version), 0, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E)); + } + + /* Invalid version number */ + { + const byte bad_version[] = { + 0x30, 0x08, /* SymmetricKeyPackage SEQUENCE header */ + 0x02, 0x01, 0x00, /* version 0 (invalid) */ + 0x30, 0x03, /* sKeys SEQUENCE OF */ + 0x02, 0x01, 0x01, /* INTEGER standin for OneSymmetricKey */ + }; + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + bad_version, sizeof(bad_version), 0, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E)); + } + + { + const byte key3_attr2[] = { + 0x30, 0x18, /* SymmetricKeyPackage SEQUENCE header */ + 0x02, 0x01, 0x01, /* version v1 */ + 0xA0, 0x08, /* sKeyPkgAttrs EXPLICIT [0] header */ + 0x30, 0x06, /* sKeyPkgAttrs SEQUENCE OF header */ + 0x02, 0x01, 0x40, /* INTEGER standin for Attribute 0 */ + 0x02, 0x01, 0x41, /* INTEGER standin for Attribute 1 */ + 0x30, 0x09, /* sKeys SEQUENCE OF header */ + 0x02, 0x01, 0x0A, /* INTEGER standin for OneSymmetricKey 0 */ + 0x02, 0x01, 0x0B, /* INTEGER standin for OneSymmetricKey 1 */ + 0x02, 0x01, 0x0C, /* INTEGER standin for OneSymmetricKey 2 */ + }; + + /* Valid attribute index 0 extraction */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute( + key3_attr2, sizeof(key3_attr2), 0, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key3_attr2[9]); + ExpectIntEQ(itemSz, 3); + + /* Valid attribute index 1 extraction */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute( + key3_attr2, sizeof(key3_attr2), 1, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key3_attr2[12]); + ExpectIntEQ(itemSz, 3); + + /* Attribute index 2 out of range */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageAttribute( + key3_attr2, sizeof(key3_attr2), 2, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E)); + + /* Valid key index 0 extraction */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + key3_attr2, sizeof(key3_attr2), 0, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key3_attr2[17]); + ExpectIntEQ(itemSz, 3); + + /* Valid key index 1 extraction */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + key3_attr2, sizeof(key3_attr2), 1, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key3_attr2[20]); + ExpectIntEQ(itemSz, 3); + + /* Valid key index 2 extraction */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + key3_attr2, sizeof(key3_attr2), 2, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key3_attr2[23]); + ExpectIntEQ(itemSz, 3); + + /* Key index 3 out of range */ + ret = wc_PKCS7_DecodeSymmetricKeyPackageKey( + key3_attr2, sizeof(key3_attr2), 3, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E)); + } +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_DecodeSymmetricKeyPackage() */ + + +/* + * Test wc_PKCS7_DecodeOneSymmetricKey(). + */ +int test_wc_PKCS7_DecodeOneSymmetricKey(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) + const byte * item; + word32 itemSz; + int ret; + + { + const byte key1_attr2[] = { + 0x30, 0x0E, /* OneSymmetricKey SEQUENCE header */ + 0x30, 0x06, /* sKeyAttrs SEQUENCE OF header */ + 0x02, 0x01, 0x0A, /* INTEGER standin for Attribute 0 */ + 0x02, 0x01, 0x0B, /* INTEGER standin for Attribute 1 */ + 0x04, 0x04, 0xAA, 0xBB, 0xCC, 0xDD /* sKey OCTET STRING */ + }; + + /* NULL input data pointer */ + ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute( + NULL, sizeof(key1_attr2), 0, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* NULL output pointer */ + ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute( + key1_attr2, sizeof(key1_attr2), 0, NULL, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* NULL output size pointer */ + ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute( + key1_attr2, sizeof(key1_attr2), 0, &item, NULL); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid attribute 0 access */ + ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute( + key1_attr2, sizeof(key1_attr2), 0, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key1_attr2[4]); + ExpectIntEQ(itemSz, 3); + + /* Valid attribute 1 access */ + ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute( + key1_attr2, sizeof(key1_attr2), 1, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key1_attr2[7]); + ExpectIntEQ(itemSz, 3); + + /* Attribute index 2 out of range */ + ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute( + key1_attr2, sizeof(key1_attr2), 2, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E)); + + /* Valid key access */ + ret = wc_PKCS7_DecodeOneSymmetricKeyKey( + key1_attr2, sizeof(key1_attr2), &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key1_attr2[12]); + ExpectIntEQ(itemSz, 4); + } + + { + const byte no_attrs[] = { + 0x30, 0x06, /* OneSymmetricKey SEQUENCE header */ + 0x04, 0x04, 0xAA, 0xBB, 0xCC, 0xDD /* sKey OCTET STRING */ + }; + + /* Attribute index 0 out of range */ + ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute( + no_attrs, sizeof(no_attrs), 0, &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(BAD_INDEX_E)); + + /* Valid key access */ + ret = wc_PKCS7_DecodeOneSymmetricKeyKey( + no_attrs, sizeof(no_attrs), &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &no_attrs[4]); + ExpectIntEQ(itemSz, 4); + } + + { + const byte key0_attr2[] = { + 0x30, 0x08, /* OneSymmetricKey SEQUENCE header */ + 0x30, 0x06, /* sKeyAttrs SEQUENCE OF header */ + 0x02, 0x01, 0x0A, /* INTEGER standin for Attribute 0 */ + 0x02, 0x01, 0x0B, /* INTEGER standin for Attribute 1 */ + }; + + /* Valid attribute 0 access */ + ret = wc_PKCS7_DecodeOneSymmetricKeyAttribute( + key0_attr2, sizeof(key0_attr2), 0, &item, &itemSz); + ExpectIntEQ(ret, 0); + ExpectPtrEq(item, &key0_attr2[4]); + ExpectIntEQ(itemSz, 3); + + /* Invalid key access */ + ret = wc_PKCS7_DecodeOneSymmetricKeyKey( + key0_attr2, sizeof(key0_attr2), &item, &itemSz); + ExpectIntEQ(ret, WC_NO_ERR_TRACE(ASN_PARSE_E)); + } + +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_DecodeOneSymmetricKey() */ + + +/* + * Testing wc_PKCS7_Degenerate() + */ +int test_wc_PKCS7_Degenerate(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) + PKCS7* pkcs7 = NULL; + char fName[] = "./certs/test-degenerate.p7b"; + XFILE f = XBADFILE; + byte der[4096]; + word32 derSz = 0; +#ifndef NO_PKCS7_STREAM + word32 z; + int ret; +#endif /* !NO_PKCS7_STREAM */ + ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE); + ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0); + if (f != XBADFILE) + XFCLOSE(f); + + /* test degenerate success */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); +#ifndef NO_RSA + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); + + #ifndef NO_PKCS7_STREAM + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + + /* test for streaming */ + ret = -1; + for (z = 0; z < derSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + #endif /* !NO_PKCS7_STREAM */ +#else + ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); +#endif /* NO_RSA */ + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + /* test with turning off degenerate cases */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */ + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), + WC_NO_ERR_TRACE(PKCS7_NO_SIGNER_E)); + + #ifndef NO_PKCS7_STREAM + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + wc_PKCS7_AllowDegenerate(pkcs7, 0); /* override allowing degenerate case */ + + /* test for streaming */ + ret = -1; + for (z = 0; z < derSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1); + if (ret == WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)){ + continue; + } + else + break; + } + ExpectIntEQ(ret, WC_NO_ERR_TRACE(PKCS7_NO_SIGNER_E)); + #endif /* !NO_PKCS7_STREAM */ + + wc_PKCS7_Free(pkcs7); +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_Degenerate() */ + +#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ + defined(ASN_BER_TO_DER) && !defined(NO_DES3) && !defined(NO_SHA) +static byte berContent[] = { + 0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x07, 0x03, 0xA0, 0x80, 0x30, + 0x80, 0x02, 0x01, 0x00, 0x31, 0x82, 0x01, 0x48, + 0x30, 0x82, 0x01, 0x44, 0x02, 0x01, 0x00, 0x30, + 0x81, 0xAC, 0x30, 0x81, 0x9E, 0x31, 0x0B, 0x30, + 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, 0x13, 0x02, + 0x55, 0x53, 0x31, 0x10, 0x30, 0x0E, 0x06, 0x03, + 0x55, 0x04, 0x08, 0x0C, 0x07, 0x4D, 0x6F, 0x6E, + 0x74, 0x61, 0x6E, 0x61, 0x31, 0x10, 0x30, 0x0E, + 0x06, 0x03, 0x55, 0x04, 0x07, 0x0C, 0x07, 0x42, + 0x6F, 0x7A, 0x65, 0x6D, 0x61, 0x6E, 0x31, 0x15, + 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, 0x0A, 0x0C, + 0x0C, 0x77, 0x6F, 0x6C, 0x66, 0x53, 0x53, 0x4C, + 0x5F, 0x31, 0x30, 0x32, 0x34, 0x31, 0x19, 0x30, + 0x17, 0x06, 0x03, 0x55, 0x04, 0x0B, 0x0C, 0x10, + 0x50, 0x72, 0x6F, 0x67, 0x72, 0x61, 0x6D, 0x6D, + 0x69, 0x6E, 0x67, 0x2D, 0x31, 0x30, 0x32, 0x34, + 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, 0x55, 0x04, + 0x03, 0x0C, 0x0F, 0x77, 0x77, 0x77, 0x2E, 0x77, + 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, 0x63, + 0x6F, 0x6D, 0x31, 0x1F, 0x30, 0x1D, 0x06, 0x09, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x09, + 0x01, 0x16, 0x10, 0x69, 0x6E, 0x66, 0x6F, 0x40, + 0x77, 0x6F, 0x6C, 0x66, 0x73, 0x73, 0x6C, 0x2E, + 0x63, 0x6F, 0x6D, 0x02, 0x09, 0x00, 0xBB, 0xD3, + 0x10, 0x03, 0xE6, 0x9D, 0x28, 0x03, 0x30, 0x0D, + 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x81, 0x80, + 0x2F, 0xF9, 0x77, 0x4F, 0x04, 0x5C, 0x16, 0x62, + 0xF0, 0x77, 0x8D, 0x95, 0x4C, 0xB1, 0x44, 0x9A, + 0x8C, 0x3C, 0x8C, 0xE4, 0xD1, 0xC1, 0x14, 0x72, + 0xD0, 0x4A, 0x1A, 0x94, 0x27, 0x0F, 0xAA, 0xE8, + 0xD0, 0xA2, 0xE7, 0xED, 0x4C, 0x7F, 0x0F, 0xC7, + 0x1B, 0xFB, 0x81, 0x0E, 0x76, 0x8F, 0xDD, 0x32, + 0x11, 0x68, 0xA0, 0x13, 0xD2, 0x8D, 0x95, 0xEF, + 0x80, 0x53, 0x81, 0x0E, 0x1F, 0xC8, 0xD6, 0x76, + 0x5C, 0x31, 0xD3, 0x77, 0x33, 0x29, 0xA6, 0x1A, + 0xD3, 0xC6, 0x14, 0x36, 0xCA, 0x8E, 0x7D, 0x72, + 0xA0, 0x29, 0x4C, 0xC7, 0x3A, 0xAF, 0xFE, 0xF7, + 0xFC, 0xD7, 0xE2, 0x8F, 0x6A, 0x20, 0x46, 0x09, + 0x40, 0x22, 0x2D, 0x79, 0x38, 0x11, 0xB1, 0x4A, + 0xE3, 0x48, 0xE8, 0x10, 0x37, 0xA0, 0x22, 0xF7, + 0xB4, 0x79, 0xD1, 0xA9, 0x3D, 0xC2, 0xAB, 0x37, + 0xAE, 0x82, 0x68, 0x1A, 0x16, 0xEF, 0x33, 0x0C, + 0x30, 0x80, 0x06, 0x09, 0x2A, 0x86, 0x48, 0x86, + 0xF7, 0x0D, 0x01, 0x07, 0x01, 0x30, 0x14, 0x06, + 0x08, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x03, + 0x07, 0x04, 0x08, 0xAD, 0xD0, 0x38, 0x9B, 0x16, + 0x4B, 0x7F, 0x99, 0xA0, 0x80, 0x04, 0x82, 0x03, + 0xE8, 0x6D, 0x48, 0xFB, 0x8A, 0xBD, 0xED, 0x6C, + 0xCD, 0xC6, 0x48, 0xFD, 0xB7, 0xB0, 0x7C, 0x86, + 0x2C, 0x8D, 0xF0, 0x23, 0x12, 0xD8, 0xA3, 0x2A, + 0x21, 0x6F, 0x8B, 0x75, 0xBB, 0x47, 0x7F, 0xC9, + 0xBA, 0xBA, 0xFF, 0x91, 0x09, 0x01, 0x7A, 0x5C, + 0x96, 0x02, 0xB8, 0x8E, 0xF8, 0x67, 0x7E, 0x8F, + 0xF9, 0x51, 0x0E, 0xFF, 0x8E, 0xE2, 0x61, 0xC0, + 0xDF, 0xFA, 0xE2, 0x4C, 0x50, 0x90, 0xAE, 0xA1, + 0x15, 0x38, 0x3D, 0xBE, 0x88, 0xD7, 0x57, 0xC0, + 0x11, 0x44, 0xA2, 0x61, 0x05, 0x49, 0x6A, 0x94, + 0x04, 0x10, 0xD9, 0xC2, 0x2D, 0x15, 0x20, 0x0D, + 0xBD, 0xA2, 0xEF, 0xE4, 0x68, 0xFA, 0x39, 0x75, + 0x7E, 0xD8, 0x64, 0x44, 0xCB, 0xE0, 0x00, 0x6D, + 0x57, 0x4E, 0x8A, 0x17, 0xA9, 0x83, 0x6C, 0x7F, + 0xFE, 0x01, 0xEE, 0xDE, 0x99, 0x3A, 0xB2, 0xFF, + 0xD3, 0x72, 0x78, 0xBA, 0xF1, 0x23, 0x54, 0x48, + 0x02, 0xD8, 0x38, 0xA9, 0x54, 0xE5, 0x4A, 0x81, + 0xB9, 0xC0, 0x67, 0xB2, 0x7D, 0x3C, 0x6F, 0xCE, + 0xA4, 0xDD, 0x34, 0x5F, 0x60, 0xB1, 0xA3, 0x7A, + 0xE4, 0x43, 0xF2, 0x89, 0x64, 0x35, 0x09, 0x32, + 0x51, 0xFB, 0x5C, 0x67, 0x0C, 0x3B, 0xFC, 0x36, + 0x6B, 0x37, 0x43, 0x6C, 0x03, 0xCD, 0x44, 0xC7, + 0x2B, 0x62, 0xD6, 0xD1, 0xF4, 0x07, 0x7B, 0x19, + 0x91, 0xF0, 0xD7, 0xF5, 0x54, 0xBC, 0x0F, 0x42, + 0x6B, 0x69, 0xF7, 0xA3, 0xC8, 0xEE, 0xB9, 0x7A, + 0x9E, 0x3D, 0xDF, 0x53, 0x47, 0xF7, 0x50, 0x67, + 0x00, 0xCF, 0x2B, 0x3B, 0xE9, 0x85, 0xEE, 0xBD, + 0x4C, 0x64, 0x66, 0x0B, 0x77, 0x80, 0x9D, 0xEF, + 0x11, 0x32, 0x77, 0xA8, 0xA4, 0x5F, 0xEE, 0x2D, + 0xE0, 0x43, 0x87, 0x76, 0x87, 0x53, 0x4E, 0xD7, + 0x1A, 0x04, 0x7B, 0xE1, 0xD1, 0xE1, 0xF5, 0x87, + 0x51, 0x13, 0xE0, 0xC2, 0xAA, 0xA3, 0x4B, 0xAA, + 0x9E, 0xB4, 0xA6, 0x1D, 0x4E, 0x28, 0x57, 0x0B, + 0x80, 0x90, 0x81, 0x4E, 0x04, 0xF5, 0x30, 0x8D, + 0x51, 0xCE, 0x57, 0x2F, 0x88, 0xC5, 0x70, 0xC4, + 0x06, 0x8F, 0xDD, 0x37, 0xC1, 0x34, 0x1E, 0x0E, + 0x15, 0x32, 0x23, 0x92, 0xAB, 0x40, 0xEA, 0xF7, + 0x43, 0xE2, 0x1D, 0xE2, 0x4B, 0xC9, 0x91, 0xF4, + 0x63, 0x21, 0x34, 0xDB, 0xE9, 0x86, 0x83, 0x1A, + 0xD2, 0x52, 0xEF, 0x7A, 0xA2, 0xEE, 0xA4, 0x11, + 0x56, 0xD3, 0x6C, 0xF5, 0x6D, 0xE4, 0xA5, 0x2D, + 0x99, 0x02, 0x10, 0xDF, 0x29, 0xC5, 0xE3, 0x0B, + 0xC4, 0xA1, 0xEE, 0x5F, 0x4A, 0x10, 0xEE, 0x85, + 0x73, 0x2A, 0x92, 0x15, 0x2C, 0xC8, 0xF4, 0x8C, + 0xD7, 0x3D, 0xBC, 0xAD, 0x18, 0xE0, 0x59, 0xD3, + 0xEE, 0x75, 0x90, 0x1C, 0xCC, 0x76, 0xC6, 0x64, + 0x17, 0xD2, 0xD0, 0x91, 0xA6, 0xD0, 0xC1, 0x4A, + 0xAA, 0x58, 0x22, 0xEC, 0x45, 0x98, 0xF2, 0xCC, + 0x4C, 0xE4, 0xBF, 0xED, 0xF6, 0x44, 0x72, 0x36, + 0x65, 0x3F, 0xE3, 0xB5, 0x8B, 0x3E, 0x54, 0x9C, + 0x82, 0x86, 0x5E, 0xB0, 0xF2, 0x12, 0xE5, 0x69, + 0xFA, 0x46, 0xA2, 0x54, 0xFC, 0xF5, 0x4B, 0xE0, + 0x24, 0x3B, 0x99, 0x04, 0x1A, 0x7A, 0xF7, 0xD1, + 0xFF, 0x68, 0x97, 0xB2, 0x85, 0x82, 0x95, 0x27, + 0x2B, 0xF4, 0xE7, 0x1A, 0x74, 0x19, 0xEC, 0x8C, + 0x4E, 0xA7, 0x0F, 0xAD, 0x4F, 0x5A, 0x02, 0x80, + 0xC1, 0x6A, 0x9E, 0x54, 0xE4, 0x8E, 0xA3, 0x41, + 0x3F, 0x6F, 0x9C, 0x82, 0x9F, 0x83, 0xB0, 0x44, + 0x01, 0x5F, 0x10, 0x9D, 0xD3, 0xB6, 0x33, 0x5B, + 0xAF, 0xAC, 0x6B, 0x57, 0x2A, 0x01, 0xED, 0x0E, + 0x17, 0xB9, 0x80, 0x76, 0x12, 0x1C, 0x51, 0x56, + 0xDD, 0x6D, 0x94, 0xAB, 0xD2, 0xE5, 0x15, 0x2D, + 0x3C, 0xC5, 0xE8, 0x62, 0x05, 0x8B, 0x40, 0xB1, + 0xC2, 0x83, 0xCA, 0xAC, 0x4B, 0x8B, 0x39, 0xF7, + 0xA0, 0x08, 0x43, 0x5C, 0xF7, 0xE8, 0xED, 0x40, + 0x72, 0x73, 0xE3, 0x6B, 0x18, 0x67, 0xA0, 0xB6, + 0x0F, 0xED, 0x8F, 0x9A, 0xE4, 0x27, 0x62, 0x23, + 0xAA, 0x6D, 0x6C, 0x31, 0xC9, 0x9D, 0x6B, 0xE0, + 0xBF, 0x9D, 0x7D, 0x2E, 0x76, 0x71, 0x06, 0x39, + 0xAC, 0x96, 0x1C, 0xAF, 0x30, 0xF2, 0x62, 0x9C, + 0x84, 0x3F, 0x43, 0x5E, 0x19, 0xA8, 0xE5, 0x3C, + 0x9D, 0x43, 0x3C, 0x43, 0x41, 0xE8, 0x82, 0xE7, + 0x5B, 0xF3, 0xE2, 0x15, 0xE3, 0x52, 0x20, 0xFD, + 0x0D, 0xB2, 0x4D, 0x48, 0xAD, 0x53, 0x7E, 0x0C, + 0xF0, 0xB9, 0xBE, 0xC9, 0x58, 0x4B, 0xC8, 0xA8, + 0xA3, 0x36, 0xF1, 0x2C, 0xD2, 0xE1, 0xC8, 0xC4, + 0x3C, 0x48, 0x70, 0xC2, 0x6D, 0x6C, 0x3D, 0x99, + 0xAC, 0x43, 0x19, 0x69, 0xCA, 0x67, 0x1A, 0xC9, + 0xE1, 0x47, 0xFA, 0x0A, 0xE6, 0x5B, 0x6F, 0x61, + 0xD0, 0x03, 0xE4, 0x03, 0x4B, 0xFD, 0xE2, 0xA5, + 0x8D, 0x83, 0x01, 0x7E, 0xC0, 0x7B, 0x2E, 0x0B, + 0x29, 0xDD, 0xD6, 0xDC, 0x71, 0x46, 0xBD, 0x9A, + 0x40, 0x46, 0x1E, 0x0A, 0xB1, 0x00, 0xE7, 0x71, + 0x29, 0x77, 0xFC, 0x9A, 0x76, 0x8A, 0x5F, 0x66, + 0x9B, 0x63, 0x91, 0x12, 0x78, 0xBF, 0x67, 0xAD, + 0xA1, 0x72, 0x9E, 0xC5, 0x3E, 0xE5, 0xCB, 0xAF, + 0xD6, 0x5A, 0x0D, 0xB6, 0x9B, 0xA3, 0x78, 0xE8, + 0xB0, 0x8F, 0x69, 0xED, 0xC1, 0x73, 0xD5, 0xE5, + 0x1C, 0x18, 0xA0, 0x58, 0x4C, 0x49, 0xBD, 0x91, + 0xCE, 0x15, 0x0D, 0xAA, 0x5A, 0x07, 0xEA, 0x1C, + 0xA7, 0x4B, 0x11, 0x31, 0x80, 0xAF, 0xA1, 0x0A, + 0xED, 0x6C, 0x70, 0xE4, 0xDB, 0x75, 0x86, 0xAE, + 0xBF, 0x4A, 0x05, 0x72, 0xDE, 0x84, 0x8C, 0x7B, + 0x59, 0x81, 0x58, 0xE0, 0xC0, 0x15, 0xB5, 0xF3, + 0xD5, 0x73, 0x78, 0x83, 0x53, 0xDA, 0x92, 0xC1, + 0xE6, 0x71, 0x74, 0xC7, 0x7E, 0xAA, 0x36, 0x06, + 0xF0, 0xDF, 0xBA, 0xFB, 0xEF, 0x54, 0xE8, 0x11, + 0xB2, 0x33, 0xA3, 0x0B, 0x9E, 0x0C, 0x59, 0x75, + 0x13, 0xFA, 0x7F, 0x88, 0xB9, 0x86, 0xBD, 0x1A, + 0xDB, 0x52, 0x12, 0xFB, 0x6D, 0x1A, 0xCB, 0x49, + 0x94, 0x94, 0xC4, 0xA9, 0x99, 0xC0, 0xA4, 0xB6, + 0x60, 0x36, 0x09, 0x94, 0x2A, 0xD5, 0xC4, 0x26, + 0xF4, 0xA3, 0x6A, 0x0E, 0x57, 0x8B, 0x7C, 0xA4, + 0x1D, 0x75, 0xE8, 0x2A, 0xF3, 0xC4, 0x3C, 0x7D, + 0x45, 0x6D, 0xD8, 0x24, 0xD1, 0x3B, 0xF7, 0xCF, + 0xE4, 0x45, 0x2A, 0x55, 0xE5, 0xA9, 0x1F, 0x1C, + 0x8F, 0x55, 0x8D, 0xC1, 0xF7, 0x74, 0xCC, 0x26, + 0xC7, 0xBA, 0x2E, 0x5C, 0xC1, 0x71, 0x0A, 0xAA, + 0xD9, 0x6D, 0x76, 0xA7, 0xF9, 0xD1, 0x18, 0xCB, + 0x5A, 0x52, 0x98, 0xA8, 0x0D, 0x3F, 0x06, 0xFC, + 0x49, 0x11, 0x21, 0x5F, 0x86, 0x19, 0x33, 0x81, + 0xB5, 0x7A, 0xDA, 0xA1, 0x47, 0xBF, 0x7C, 0xD7, + 0x05, 0x96, 0xC7, 0xF5, 0xC1, 0x61, 0xE5, 0x18, + 0xA5, 0x38, 0x68, 0xED, 0xB4, 0x17, 0x62, 0x0D, + 0x01, 0x5E, 0xC3, 0x04, 0xA6, 0xBA, 0xB1, 0x01, + 0x60, 0x5C, 0xC1, 0x3A, 0x34, 0x97, 0xD6, 0xDB, + 0x67, 0x73, 0x4D, 0x33, 0x96, 0x01, 0x67, 0x44, + 0xEA, 0x47, 0x5E, 0x44, 0xB5, 0xE5, 0xD1, 0x6C, + 0x20, 0xA9, 0x6D, 0x4D, 0xBC, 0x02, 0xF0, 0x70, + 0xE4, 0xDD, 0xE9, 0xD5, 0x5C, 0x28, 0x29, 0x0B, + 0xB4, 0x60, 0x2A, 0xF1, 0xF7, 0x1A, 0xF0, 0x36, + 0xAE, 0x51, 0x3A, 0xAE, 0x6E, 0x48, 0x7D, 0xC7, + 0x5C, 0xF3, 0xDC, 0xF6, 0xED, 0x27, 0x4E, 0x8E, + 0x48, 0x18, 0x3E, 0x08, 0xF1, 0xD8, 0x3D, 0x0D, + 0xE7, 0x2F, 0x65, 0x8A, 0x6F, 0xE2, 0x1E, 0x06, + 0xC1, 0x04, 0x58, 0x7B, 0x4A, 0x75, 0x60, 0x92, + 0x13, 0xC6, 0x40, 0x2D, 0x3A, 0x8A, 0xD1, 0x03, + 0x05, 0x1F, 0x28, 0x66, 0xC2, 0x57, 0x2A, 0x4C, + 0xE1, 0xA3, 0xCB, 0xA1, 0x95, 0x30, 0x10, 0xED, + 0xDF, 0xAE, 0x70, 0x49, 0x4E, 0xF6, 0xB4, 0x5A, + 0xB6, 0x22, 0x56, 0x37, 0x05, 0xE7, 0x3E, 0xB2, + 0xE3, 0x96, 0x62, 0xEC, 0x09, 0x53, 0xC0, 0x50, + 0x3D, 0xA7, 0xBC, 0x9B, 0x39, 0x02, 0x26, 0x16, + 0xB5, 0x34, 0x17, 0xD4, 0xCA, 0xFE, 0x1D, 0xE4, + 0x5A, 0xDA, 0x4C, 0xC2, 0xCA, 0x8E, 0x79, 0xBF, + 0xD8, 0x4C, 0xBB, 0xFA, 0x30, 0x7B, 0xA9, 0x3E, + 0x52, 0x19, 0xB1, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00 +}; +#endif /* HAVE_PKCS7 && !NO_FILESYSTEM && ASN_BER_TO_DER && + * !NO_DES3 && !NO_SHA + */ + +/* + * Testing wc_PKCS7_BER() + */ +int test_wc_PKCS7_BER(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && \ + !defined(NO_SHA) && defined(ASN_BER_TO_DER) + PKCS7* pkcs7 = NULL; + char fName[] = "./certs/test-ber-exp02-05-2022.p7b"; + XFILE f = XBADFILE; + byte der[4096]; +#ifndef NO_DES3 + byte decoded[2048]; +#endif + word32 derSz = 0; +#if !defined(NO_PKCS7_STREAM) && !defined(NO_RSA) + word32 z; + int ret; +#endif /* !NO_PKCS7_STREAM && !NO_RSA */ + + ExpectTrue((f = XFOPEN(fName, "rb")) != XBADFILE); + ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); +#ifndef NO_RSA + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); + + #ifndef NO_PKCS7_STREAM + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + + /* test for streaming */ + ret = -1; + for (z = 0; z < derSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, der + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + #endif /* !NO_PKCS7_STREAM */ +#else + ExpectIntNE(wc_PKCS7_VerifySignedData(pkcs7, der, derSz), 0); +#endif + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + +#ifndef NO_DES3 + /* decode BER content */ + ExpectTrue((f = XFOPEN("./certs/1024/client-cert.der", "rb")) != XBADFILE); + ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); +#ifndef NO_RSA + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0); +#else + ExpectIntNE(wc_PKCS7_InitWithCert(pkcs7, der, derSz), 0); +#endif + + ExpectTrue((f = XFOPEN("./certs/1024/client-key.der", "rb")) != XBADFILE); + ExpectTrue((derSz = (word32)XFREAD(der, 1, sizeof(der), f)) > 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + if (pkcs7 != NULL) { + pkcs7->privateKey = der; + pkcs7->privateKeySz = derSz; + } +#ifndef NO_RSA +#ifdef WOLFSSL_SP_MATH + ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent, + sizeof(berContent), decoded, sizeof(decoded)), WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); +#else + ExpectIntGT(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent, + sizeof(berContent), decoded, sizeof(decoded)), 0); +#endif +#else + ExpectIntEQ(wc_PKCS7_DecodeEnvelopedData(pkcs7, berContent, + sizeof(berContent), decoded, sizeof(decoded)), WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif + wc_PKCS7_Free(pkcs7); +#endif /* !NO_DES3 */ +#endif + return EXPECT_RESULT(); +} /* END test_wc_PKCS7_BER() */ + +int test_wc_PKCS7_signed_enveloped(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(NO_RSA) && !defined(NO_AES) && \ + defined(WOLFSSL_AES_256) && !defined(NO_FILESYSTEM) + XFILE f = XBADFILE; + PKCS7* pkcs7 = NULL; +#ifdef HAVE_AES_CBC + PKCS7* inner = NULL; +#endif + WC_RNG rng; + unsigned char key[FOURK_BUF/2]; + unsigned char cert[FOURK_BUF/2]; + unsigned char env[FOURK_BUF]; + int envSz = FOURK_BUF; + int keySz = 0; + int certSz = 0; + unsigned char sig[FOURK_BUF * 2]; + int sigSz = FOURK_BUF * 2; +#ifdef HAVE_AES_CBC + unsigned char decoded[FOURK_BUF]; + int decodedSz = FOURK_BUF; +#endif +#ifndef NO_PKCS7_STREAM + int z; + int ret; +#endif /* !NO_PKCS7_STREAM */ + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + /* load cert */ + ExpectTrue((f = XFOPEN(cliCertDerFile, "rb")) != XBADFILE); + ExpectIntGT((certSz = (int)XFREAD(cert, 1, sizeof(cert), f)), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + + /* load key */ + ExpectTrue((f = XFOPEN(cliKeyFile, "rb")) != XBADFILE); + ExpectIntGT((keySz = (int)XFREAD(key, 1, sizeof(key), f)), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + ExpectIntGT(keySz = wolfSSL_KeyPemToDer(key, keySz, key, keySz, NULL), 0); + + /* sign cert for envelope */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0); + if (pkcs7 != NULL) { + pkcs7->content = cert; + pkcs7->contentSz = (word32)certSz; + pkcs7->contentOID = DATA; + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)keySz; + pkcs7->encryptOID = RSAk; + pkcs7->hashOID = SHA256h; + pkcs7->rng = &rng; + } + ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + DoExpectIntEQ(wc_FreeRng(&rng), 0); + +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) + /* create envelope */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0); + if (pkcs7 != NULL) { + pkcs7->content = sig; + pkcs7->contentSz = (word32)sigSz; + pkcs7->contentOID = DATA; + pkcs7->encryptOID = AES256CBCb; + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)keySz; + } + ExpectIntGT((envSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, env, (word32)envSz)), 0); + ExpectIntLT(wc_PKCS7_EncodeEnvelopedData(pkcs7, env, 2), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; +#endif + + /* create bad signed enveloped data */ + sigSz = FOURK_BUF * 2; + ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0); + if (pkcs7 != NULL) { + pkcs7->content = env; + pkcs7->contentSz = (word32)envSz; + pkcs7->contentOID = DATA; + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)keySz; + pkcs7->encryptOID = RSAk; + pkcs7->hashOID = SHA256h; + pkcs7->rng = &rng; + } + + /* Set no certs in bundle for this test. */ + if (pkcs7 != NULL) { + ExpectIntEQ(wc_PKCS7_SetNoCerts(pkcs7, 1), 0); + ExpectIntEQ(wc_PKCS7_SetNoCerts(NULL, 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_GetNoCerts(pkcs7), 1); + } + ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + /* check verify fails */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz), + WC_NO_ERR_TRACE(PKCS7_SIGNEEDS_CHECK)); + + /* try verifying the signature manually */ + { + RsaKey rKey; + word32 idx = 0; + byte digest[MAX_SEQ_SZ + MAX_ALGO_SZ + MAX_OCTET_STR_SZ + + WC_MAX_DIGEST_SIZE]; + int digestSz = 0; + + ExpectIntEQ(wc_InitRsaKey(&rKey, HEAP_HINT), 0); + ExpectIntEQ(wc_RsaPrivateKeyDecode(key, &idx, &rKey, (word32)keySz), 0); + ExpectIntGT(digestSz = wc_RsaSSL_Verify(pkcs7->signature, + pkcs7->signatureSz, digest, sizeof(digest), &rKey), 0); + ExpectIntEQ(digestSz, pkcs7->pkcs7DigestSz); + ExpectIntEQ(XMEMCMP(digest, pkcs7->pkcs7Digest, digestSz), 0); + ExpectIntEQ(wc_FreeRsaKey(&rKey), 0); + /* verify was success */ + } + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + /* initializing the PKCS7 struct with the signing certificate should pass */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz), 0); + +#ifndef NO_PKCS7_STREAM + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0); + + /* test for streaming */ + ret = -1; + for (z = 0; z < sigSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); +#endif /* !NO_PKCS7_STREAM */ + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + /* create valid degenerate bundle */ + sigSz = FOURK_BUF * 2; + ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); + if (pkcs7 != NULL) { + pkcs7->content = env; + pkcs7->contentSz = (word32)envSz; + pkcs7->contentOID = DATA; + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)keySz; + pkcs7->encryptOID = RSAk; + pkcs7->hashOID = SHA256h; + pkcs7->rng = &rng; + } + ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0); + ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + wc_FreeRng(&rng); + + /* check verify */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, sig, (word32)sigSz), 0); + ExpectNotNull(pkcs7->content); + +#ifndef NO_PKCS7_STREAM + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + /* create valid degenerate bundle */ + sigSz = FOURK_BUF * 2; + ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); + if (pkcs7 != NULL) { + pkcs7->content = env; + pkcs7->contentSz = (word32)envSz; + pkcs7->contentOID = DATA; + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)keySz; + pkcs7->encryptOID = RSAk; + pkcs7->hashOID = SHA256h; + pkcs7->rng = &rng; + } + ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, DEGENERATE_SID), 0); + ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, (word32)sigSz)), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + wc_FreeRng(&rng); + + /* check verify */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, HEAP_HINT, testDevId), 0); + /* test for streaming */ + ret = -1; + for (z = 0; z < sigSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, sig + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); +#endif /* !NO_PKCS7_STREAM */ + +#ifdef HAVE_AES_CBC + /* check decode */ + ExpectNotNull(inner = wc_PKCS7_New(NULL, 0)); + ExpectIntEQ(wc_PKCS7_InitWithCert(inner, cert, (word32)certSz), 0); + if (inner != NULL) { + inner->privateKey = key; + inner->privateKeySz = (word32)keySz; + } + ExpectIntGT((decodedSz = wc_PKCS7_DecodeEnvelopedData(inner, pkcs7->content, + pkcs7->contentSz, decoded, (word32)decodedSz)), 0); + wc_PKCS7_Free(inner); + inner = NULL; +#endif + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + +#ifdef HAVE_AES_CBC + /* check cert set */ + ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + ExpectIntEQ(wc_PKCS7_VerifySignedData(pkcs7, decoded, (word32)decodedSz), 0); + ExpectNotNull(pkcs7->singleCert); + ExpectIntNE(pkcs7->singleCertSz, 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + +#ifndef NO_PKCS7_STREAM + ExpectNotNull(pkcs7 = wc_PKCS7_New(NULL, 0)); + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, NULL, 0), 0); + /* test for streaming */ + ret = -1; + for (z = 0; z < decodedSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, decoded + z, 1); + if (ret < 0){ + ExpectIntEQ(ret, WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)); + } + } + ExpectIntEQ(ret, 0); + ExpectNotNull(pkcs7->singleCert); + ExpectIntNE(pkcs7->singleCertSz, 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; +#endif /* !NO_PKCS7_STREAM */ +#endif + + { + /* arbitrary custom SKID */ + const byte customSKID[] = { + 0x40, 0x25, 0x77, 0x56 + }; + + ExpectIntEQ(wc_InitRng(&rng), 0); + sigSz = FOURK_BUF * 2; + ExpectNotNull(pkcs7 = wc_PKCS7_New(HEAP_HINT, testDevId)); + if (pkcs7 != NULL) { + ExpectIntEQ(wc_PKCS7_InitWithCert(pkcs7, cert, (word32)certSz), 0); + pkcs7->content = cert; + pkcs7->contentSz = (word32)certSz; + pkcs7->contentOID = DATA; + pkcs7->privateKey = key; + pkcs7->privateKeySz = (word32)keySz; + pkcs7->encryptOID = RSAk; + pkcs7->hashOID = SHA256h; + pkcs7->rng = &rng; + ExpectIntEQ(wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID), 0); + ExpectIntEQ(wc_PKCS7_SetCustomSKID(pkcs7, customSKID, + sizeof(customSKID)), 0); + ExpectIntGT((sigSz = wc_PKCS7_EncodeSignedData(pkcs7, sig, + (word32)sigSz)), 0); + } + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + wc_FreeRng(&rng); + } +#endif /* HAVE_PKCS7 && !NO_RSA && !NO_AES */ + return EXPECT_RESULT(); +} + +int test_wc_PKCS7_NoDefaultSignedAttribs(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ + && !defined(NO_AES) + PKCS7* pkcs7 = NULL; + void* heap = NULL; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0); + + ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_NoDefaultSignedAttribs(pkcs7), 0); + + wc_PKCS7_Free(pkcs7); +#endif + return EXPECT_RESULT(); +} + +int test_wc_PKCS7_SetOriEncryptCtx(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ + && !defined(NO_AES) + PKCS7* pkcs7 = NULL; + void* heap = NULL; + WOLFSSL_CTX* ctx = NULL; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0); + + ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(NULL, ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_SetOriEncryptCtx(pkcs7, ctx), 0); + + wc_PKCS7_Free(pkcs7); +#endif + return EXPECT_RESULT(); +} + +int test_wc_PKCS7_SetOriDecryptCtx(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ + && !defined(NO_AES) + PKCS7* pkcs7 = NULL; + void* heap = NULL; + WOLFSSL_CTX* ctx = NULL; + + ExpectNotNull(pkcs7 = wc_PKCS7_New(heap, testDevId)); + ExpectIntEQ(wc_PKCS7_Init(pkcs7, heap, testDevId), 0); + + ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(NULL, ctx), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_PKCS7_SetOriDecryptCtx(pkcs7, ctx), 0); + + wc_PKCS7_Free(pkcs7); +#endif + return EXPECT_RESULT(); +} + +int test_wc_PKCS7_DecodeCompressedData(void) +{ + EXPECT_DECLS; +#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) && !defined(NO_RSA) \ + && !defined(NO_AES) && defined(HAVE_LIBZ) + PKCS7* pkcs7 = NULL; + void* heap = NULL; + byte out[4096]; + byte* decompressed = NULL; + int outSz; + int decompressedSz; + const char* cert = "./certs/client-cert.pem"; + byte* cert_buf = NULL; + size_t cert_sz = 0; + + ExpectIntEQ(load_file(cert, &cert_buf, &cert_sz), 0); + ExpectNotNull((decompressed = (byte*)XMALLOC(cert_sz, heap, + DYNAMIC_TYPE_TMP_BUFFER))); + decompressedSz = (int)cert_sz; + ExpectNotNull((pkcs7 = wc_PKCS7_New(heap, testDevId))); + + if (pkcs7 != NULL) { + pkcs7->content = (byte*)cert_buf; + pkcs7->contentSz = (word32)cert_sz; + pkcs7->contentOID = DATA; + } + + ExpectIntGT((outSz = wc_PKCS7_EncodeCompressedData(pkcs7, out, + sizeof(out))), 0); + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + + /* compressed key should be smaller than when started */ + ExpectIntLT(outSz, cert_sz); + + /* test decompression */ + ExpectNotNull((pkcs7 = wc_PKCS7_New(heap, testDevId))); + ExpectIntEQ(pkcs7->contentOID, 0); + + /* fail case with out buffer too small */ + ExpectIntLT(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz, + decompressed, outSz), 0); + + /* success case */ + ExpectIntEQ(wc_PKCS7_DecodeCompressedData(pkcs7, out, outSz, + decompressed, decompressedSz), cert_sz); + ExpectIntEQ(pkcs7->contentOID, DATA); + ExpectIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0); + XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER); + decompressed = NULL; + + /* test decompression function with different 'max' inputs */ + outSz = sizeof(out); + ExpectIntGT((outSz = wc_Compress(out, outSz, cert_buf, (word32)cert_sz, 0)), + 0); + ExpectIntLT(wc_DeCompressDynamic(&decompressed, 1, DYNAMIC_TYPE_TMP_BUFFER, + out, outSz, 0, heap), 0); + ExpectNull(decompressed); + ExpectIntGT(wc_DeCompressDynamic(&decompressed, -1, DYNAMIC_TYPE_TMP_BUFFER, + out, outSz, 0, heap), 0); + ExpectNotNull(decompressed); + ExpectIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0); + XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER); + decompressed = NULL; + + ExpectIntGT(wc_DeCompressDynamic(&decompressed, DYNAMIC_TYPE_TMP_BUFFER, 5, + out, outSz, 0, heap), 0); + ExpectNotNull(decompressed); + ExpectIntEQ(XMEMCMP(decompressed, cert_buf, cert_sz), 0); + XFREE(decompressed, heap, DYNAMIC_TYPE_TMP_BUFFER); + + if (cert_buf != NULL) + free(cert_buf); + wc_PKCS7_Free(pkcs7); +#endif + return EXPECT_RESULT(); +} + + diff --git a/test/ssl/wolfssl/tests/api/test_pkcs7.h b/test/ssl/wolfssl/tests/api/test_pkcs7.h new file mode 100644 index 000000000..054eda248 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_pkcs7.h @@ -0,0 +1,87 @@ +/* test_pkcs7.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_PKCS7_H +#define WOLFCRYPT_TEST_PKCS7_H + +#include + +int test_wc_PKCS7_New(void); +int test_wc_PKCS7_Init(void); +int test_wc_PKCS7_InitWithCert(void); +int test_wc_PKCS7_EncodeData(void); +int test_wc_PKCS7_EncodeSignedData(void); +int test_wc_PKCS7_EncodeSignedData_ex(void); +int test_wc_PKCS7_VerifySignedData_RSA(void); +int test_wc_PKCS7_VerifySignedData_ECC(void); +int test_wc_PKCS7_DecodeEnvelopedData_stream(void); +int test_wc_PKCS7_EncodeDecodeEnvelopedData(void); +int test_wc_PKCS7_SetAESKeyWrapUnwrapCb(void); +int test_wc_PKCS7_GetEnvelopedDataKariRid(void); +int test_wc_PKCS7_EncodeEncryptedData(void); +int test_wc_PKCS7_DecodeEncryptedKeyPackage(void); +int test_wc_PKCS7_DecodeSymmetricKeyPackage(void); +int test_wc_PKCS7_DecodeOneSymmetricKey(void); +int test_wc_PKCS7_Degenerate(void); +int test_wc_PKCS7_BER(void); +int test_wc_PKCS7_signed_enveloped(void); +int test_wc_PKCS7_NoDefaultSignedAttribs(void); +int test_wc_PKCS7_SetOriEncryptCtx(void); +int test_wc_PKCS7_SetOriDecryptCtx(void); +int test_wc_PKCS7_DecodeCompressedData(void); +int test_wc_PKCS7_DecodeEnvelopedData_multiple_recipients(void); + + +#define TEST_PKCS7_DECLS \ + TEST_DECL_GROUP("pkcs7", test_wc_PKCS7_New), \ + TEST_DECL_GROUP("pkcs7", test_wc_PKCS7_Init) + +#define TEST_PKCS7_SIGNED_DATA_DECLS \ + TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_InitWithCert), \ + TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_EncodeData), \ + TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_EncodeSignedData), \ + TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_EncodeSignedData_ex), \ + TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_VerifySignedData_RSA), \ + TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_VerifySignedData_ECC), \ + TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_Degenerate), \ + TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_BER), \ + TEST_DECL_GROUP("pkcs7_sd", test_wc_PKCS7_NoDefaultSignedAttribs) + +#define TEST_PKCS7_ENCRYPTED_DATA_DECLS \ + TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_DecodeEnvelopedData_stream), \ + TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_EncodeDecodeEnvelopedData), \ + TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_SetAESKeyWrapUnwrapCb), \ + TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_GetEnvelopedDataKariRid), \ + TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_EncodeEncryptedData), \ + TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_DecodeEncryptedKeyPackage), \ + TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_DecodeSymmetricKeyPackage), \ + TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_DecodeOneSymmetricKey), \ + TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_SetOriEncryptCtx), \ + TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_SetOriDecryptCtx), \ + TEST_DECL_GROUP("pkcs7_ed", test_wc_PKCS7_DecodeEnvelopedData_multiple_recipients) + +#define TEST_PKCS7_SIGNED_ENCRYPTED_DATA_DECLS \ + TEST_DECL_GROUP("pkcs7_sed", test_wc_PKCS7_signed_enveloped) + +#define TEST_PKCS7_COMPRESSED_DATA_DECLS \ + TEST_DECL_GROUP("pkcs7_cd", test_wc_PKCS7_DecodeCompressedData) + +#endif /* WOLFCRYPT_TEST_PKCS7_H */ diff --git a/test/ssl/wolfssl/tests/api/test_poly1305.c b/test/ssl/wolfssl/tests/api/test_poly1305.c new file mode 100644 index 000000000..d0d863dca --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_poly1305.c @@ -0,0 +1,65 @@ +/* test_poly1305.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/* + * unit test for wc_Poly1305SetKey() + */ +int test_wc_Poly1305SetKey(void) +{ + EXPECT_DECLS; +#ifdef HAVE_POLY1305 + Poly1305 ctx; + const byte key[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }; + word32 keySz = (word32)(sizeof(key)/sizeof(byte)); + + ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, keySz), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_Poly1305SetKey(NULL, key,keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Poly1305SetKey(&ctx, NULL, keySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Poly1305SetKey(&ctx, key, 18), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Poly1305_SetKey() */ + diff --git a/test/ssl/wolfssl/tests/api/test_poly1305.h b/test/ssl/wolfssl/tests/api/test_poly1305.h new file mode 100644 index 000000000..f2220fac3 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_poly1305.h @@ -0,0 +1,32 @@ +/* test_poly1305.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_POLY1305_H +#define WOLFCRYPT_TEST_POLY1305_H + +#include + +int test_wc_Poly1305SetKey(void); + +#define TEST_POLY1305_DECLS \ + TEST_DECL_GROUP("poly1305", test_wc_Poly1305SetKey) + +#endif /* WOLFCRYPT_TEST_POLY1305_H */ diff --git a/test/ssl/wolfssl/tests/api/test_random.c b/test/ssl/wolfssl/tests/api/test_random.c new file mode 100644 index 000000000..fa7c820c9 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_random.c @@ -0,0 +1,527 @@ +/* test_random.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + + +int test_wc_InitRng(void) +{ + EXPECT_DECLS; +#ifndef WC_NO_RNG + WC_RNG rng[1]; + + (void)rng; + + /* Bad parameter. */ + ExpectIntEQ(wc_InitRng(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitRng_ex(NULL, HEAP_HINT, INVALID_DEVID), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_FreeRng(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + +#ifdef HAVE_HASHDRBG + /* Good parameter. */ + ExpectIntEQ(wc_InitRng(rng), 0); + ExpectIntEQ(wc_FreeRng(rng), 0); + ExpectIntEQ(wc_InitRng_ex(rng, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_FreeRng(rng), 0); +#endif +#elif !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + WC_RNG rng[1]; + + (void)rng; + + ExpectIntEQ(wc_InitRng(NULL), WC_NO_ERR_TRACE(NOT_COMPILED_IN)); + ExpectIntEQ(wc_InitRng_ex(NULL, HEAP_HINT, INVALID_DEVID), + WC_NO_ERR_TRACE(NOT_COMPILED_IN)); + ExpectIntEQ(wc_FreeRng(NULL), WC_NO_ERR_TRACE(NOT_COMPILED_IN)); + + ExpectIntEQ(wc_InitRng(rng), WC_NO_ERR_TRACE(NOT_COMPILED_IN)); + ExpectIntEQ(wc_InitRng_ex(rng, HEAP_HINT, INVALID_DEVID), + WC_NO_ERR_TRACE(NOT_COMPILED_IN)); + ExpectIntEQ(wc_FreeRng(rng), WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif + return EXPECT_RESULT(); +} + + +int test_wc_RNG_GenerateBlock_Reseed(void) +{ + EXPECT_DECLS; +#if defined(HAVE_HASHDRBG) && defined(TEST_RESEED_INTERVAL) + int i; + WC_RNG rng; + byte key[32]; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + for (i = 0; i < WC_RESEED_INTERVAL + 10; i++) { + ExpectIntEQ(wc_RNG_GenerateBlock(&rng, key, sizeof(key)), 0); + } + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_RNG_GenerateBlock(void) +{ + EXPECT_DECLS; +#ifdef HAVE_HASHDRBG + int i; + WC_RNG rng; + byte key[32]; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + + /* Bad parameters. */ + ExpectIntEQ(wc_RNG_GenerateBlock(NULL, NULL, sizeof(key)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RNG_GenerateBlock(&rng, NULL, sizeof(key)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RNG_GenerateBlock(NULL, key , sizeof(key)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + for (i = 0; i < (int)sizeof(key); i++) { + ExpectIntEQ(wc_RNG_GenerateBlock(&rng, key + i, sizeof(key) - i), 0); + } + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_RNG_GenerateByte(void) +{ + EXPECT_DECLS; +#ifdef HAVE_HASHDRBG + int i; + WC_RNG rng; + byte output[10]; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + + /* Bad parameters. */ + ExpectIntEQ(wc_RNG_GenerateByte(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RNG_GenerateByte(&rng, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RNG_GenerateByte(NULL, output), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + for (i = 0; i < (int)sizeof(output); i++) { + ExpectIntEQ(wc_RNG_GenerateByte(&rng, output + i), 0); + } + + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_InitRngNonce(void) +{ + EXPECT_DECLS; +#if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + HAVE_FIPS_VERSION >= 2)) + WC_RNG rng; + byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE" + "\x45\xAC\x13\x7A\xE1\x48\xAF\x16"; + word32 nonceSz = sizeof(nonce); + + /* Bad parameters. */ + ExpectIntEQ(wc_InitRngNonce(NULL, NULL , nonceSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitRngNonce(&rng, NULL , nonceSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitRngNonce(NULL, nonce, nonceSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Good parameters. */ + ExpectIntEQ(wc_InitRngNonce(&rng, nonce, nonceSz), 0); + ExpectIntEQ(wc_FreeRng(&rng), 0); + ExpectIntEQ(wc_InitRngNonce(&rng, NULL, 0), 0); + ExpectIntEQ(wc_FreeRng(&rng), 0); + ExpectIntEQ(wc_InitRngNonce(&rng, nonce, 0), 0); + ExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_InitRngNonce_ex(void) +{ + EXPECT_DECLS; +#if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + HAVE_FIPS_VERSION >= 2)) + WC_RNG rng; + byte nonce[] = "\x0D\x74\xDB\x42\xA9\x10\x77\xDE" + "\x45\xAC\x13\x7A\xE1\x48\xAF\x16"; + word32 nonceSz = sizeof(nonce); + + /* Bad parameters. */ + ExpectIntEQ(wc_InitRngNonce_ex(NULL, NULL , nonceSz, HEAP_HINT, testDevId), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitRngNonce_ex(&rng, NULL , nonceSz, HEAP_HINT, testDevId), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_InitRngNonce_ex(NULL, nonce, nonceSz, HEAP_HINT, testDevId), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_InitRngNonce_ex(&rng, nonce, nonceSz, HEAP_HINT, testDevId), + 0); + ExpectIntEQ(wc_FreeRng(&rng), 0); + ExpectIntEQ(wc_InitRngNonce_ex(&rng, NULL, 0, HEAP_HINT, testDevId), 0); + ExpectIntEQ(wc_FreeRng(&rng), 0); + ExpectIntEQ(wc_InitRngNonce_ex(&rng, nonce, 0, HEAP_HINT, testDevId), 0); + ExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_GenerateSeed(void) +{ + EXPECT_DECLS; +#if !defined(WC_NO_RNG) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + OS_Seed seed[1]; + byte output[16]; + + XMEMSET(seed, 0, sizeof(OS_Seed)); + + /* Different configurations have different paths and different errors or + * no error at all. */ +#ifdef TEST_WC_GENERATE_SEED_PARAMS + /* Bad parameters. */ + ExpectIntEQ(wc_GenerateSeed(NULL, NULL , 16), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntLT(wc_GenerateSeed(seed, NULL , 16), 0); + ExpectIntEQ(wc_GenerateSeed(NULL, output, 16), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + /* Good parameters. */ + ExpectIntEQ(wc_GenerateSeed(seed, output, 16), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_rng_new(void) +{ + EXPECT_DECLS; +#if !defined(WC_NO_RNG) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + !defined(WOLFSSL_NO_MALLOC) + WC_RNG* rng = NULL; + unsigned char nonce[16]; + word32 nonceSz = (word32)sizeof(nonce); + + XMEMSET(nonce, 0xa5, nonceSz); + + /* Bad parameters. */ + ExpectNull(wc_rng_new(NULL, nonceSz, HEAP_HINT)); + ExpectIntEQ(wc_rng_new_ex(&rng, NULL, nonceSz, HEAP_HINT, INVALID_DEVID), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectNull(rng); + + /* Good parameters. */ + ExpectNotNull(rng = wc_rng_new(nonce, nonceSz, HEAP_HINT)); +#ifdef HAVE_HASHDRBG + /* Ensure random object is usable. */ + ExpectIntEQ(wc_RNG_GenerateBlock(rng, nonce, nonceSz), 0); +#endif + wc_rng_free(rng); + rng = NULL; + ExpectNotNull(rng = wc_rng_new(nonce, 0, HEAP_HINT)); +#ifdef HAVE_HASHDRBG + /* Ensure random object is usable. */ + ExpectIntEQ(wc_RNG_GenerateBlock(rng, nonce, nonceSz), 0); +#endif + wc_rng_free(rng); + rng = NULL; + + ExpectIntEQ(wc_rng_new_ex(&rng, nonce, nonceSz, HEAP_HINT, INVALID_DEVID), + 0); + ExpectNotNull(rng); +#ifdef HAVE_HASHDRBG + /* Ensure random object is usable. */ + ExpectIntEQ(wc_RNG_GenerateBlock(rng, nonce, nonceSz), 0); +#endif + wc_rng_free(rng); + rng = NULL; + ExpectIntEQ(wc_rng_new_ex(&rng, nonce, 0, HEAP_HINT, INVALID_DEVID), 0); + ExpectNotNull(rng); +#ifdef HAVE_HASHDRBG + /* Ensure random object is usable. */ + ExpectIntEQ(wc_RNG_GenerateBlock(rng, nonce, nonceSz), 0); +#endif + wc_rng_free(rng); + + wc_rng_free(NULL); +#endif + return EXPECT_RESULT(); +} + +int test_wc_RNG_DRBG_Reseed(void) +{ + EXPECT_DECLS; +#if defined(HAVE_HASHDRBG) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + WC_RNG rng[1]; + byte entropy[16]; + word32 entropySz = sizeof(entropy); + + XMEMSET(entropy, 0xa5, entropySz); + + ExpectIntEQ(wc_InitRng(rng), 0); + + /* Bad Parameters. */ + ExpectIntEQ(wc_RNG_DRBG_Reseed(NULL, NULL, entropySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RNG_DRBG_Reseed(rng, NULL, entropySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RNG_DRBG_Reseed(NULL, entropy, entropySz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Good Parameters. */ + ExpectIntEQ(wc_RNG_DRBG_Reseed(rng, entropy, entropySz), 0); + ExpectIntEQ(wc_RNG_GenerateBlock(rng, entropy, entropySz), 0); + ExpectIntEQ(wc_RNG_DRBG_Reseed(rng, entropy, 0), 0); + ExpectIntEQ(wc_RNG_GenerateBlock(rng, entropy, entropySz), 0); + + ExpectIntEQ(wc_FreeRng(rng), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_RNG_TestSeed(void) +{ + EXPECT_DECLS; +#if defined(HAVE_HASHDRBG) && \ + (!(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) + byte seed[16]; + byte i; + +#ifdef TEST_WC_RNG_TESTSEED_BAD_PARAMS + /* Doesn't handle NULL. */ + ExpectIntEQ(wc_RNG_TestSeed(NULL, sizeof(seed)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Doesn't handle seed being less than SEED_BLOCK_SZ which is not public + * and is different for different configurations. */ + for (i = 0; i < 4; i++) { + ExpectIntEQ(wc_RNG_TestSeed(seed, i), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + } +#endif + + /* Bad seed as it repeats. */ + XMEMSET(seed, 0xa5, sizeof(seed)); + /* Return value is DRBG_CONT_FAILURE which is not public. */ + ExpectIntGT(wc_RNG_TestSeed(seed, sizeof(seed)), 0); + + /* Good seed. */ + for (i = 0; i < (byte)sizeof(seed); i++) + seed[i] = i; + ExpectIntEQ(wc_RNG_TestSeed(seed, sizeof(seed)), 0); +#endif + return EXPECT_RESULT(); +} + +int test_wc_RNG_HealthTest(void) +{ + EXPECT_DECLS; +#if defined(HAVE_HASHDRBG) + static const byte test1Seed[] = { + 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, + 0xff, 0xe8, 0x75, 0xc3, 0xa2, 0xe7, 0x1f, 0x42, + 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19, + 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, + 0x85, 0x81, 0xf9, 0x31, 0x75, 0x17, 0x27, 0x6e, + 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e + }; + static const byte test1Output[] = { + 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, + 0xb2, 0x62, 0x82, 0x64, 0xd1, 0x75, 0x10, 0x60, + 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5, + 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, + 0xaa, 0xf6, 0xa6, 0xc3, 0x5a, 0x91, 0xbb, 0x45, + 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11, + 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, + 0x52, 0x8f, 0x01, 0x81, 0x21, 0xb3, 0xfe, 0xbd, + 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63, + 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, + 0x77, 0xcf, 0xa6, 0xb7, 0x1f, 0xe8, 0xab, 0x1d, + 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c, + 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, + 0x0e, 0xea, 0xeb, 0x91, 0x12, 0x04, 0x15, 0x52, + 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d, + 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf + }; + static const byte test2SeedA[] = { + 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, + 0x8d, 0xeb, 0x0a, 0xb4, 0xa8, 0xed, 0x68, 0x3f, + 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00, + 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, + 0x80, 0x8a, 0xa3, 0x8f, 0x2a, 0x72, 0xa6, 0x23, + 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68 + }; + static const byte test2SeedB[] = { + 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, + 0x98, 0x05, 0x66, 0xe3, 0xbf, 0xe3, 0xc0, 0x49, + 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22, + 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3 + }; + static const byte test2Output[] = { + 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, + 0x63, 0x0a, 0x1a, 0xfb, 0xe7, 0x24, 0x94, 0x9d, + 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79, + 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, + 0x1c, 0x18, 0xbd, 0xdc, 0xdd, 0x8d, 0x99, 0xfc, + 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac, + 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, + 0xdd, 0xd6, 0xc0, 0x71, 0x31, 0x8a, 0x60, 0x18, + 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0, + 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, + 0x5d, 0x92, 0x99, 0xb8, 0xaf, 0x99, 0xaa, 0x07, + 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d, + 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, + 0x88, 0x96, 0xff, 0x22, 0x82, 0xc9, 0x55, 0xa8, + 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07, + 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17 + }; +#if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + static const byte testEx1Nonce[] = { + 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01, + 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8 + }; + static const byte testEx1Output[] = { + 0x2d, 0xa7, 0x72, 0x76, 0xe2, 0xab, 0xf5, 0x79, + 0x08, 0x4f, 0x1a, 0xf3, 0x53, 0xb4, 0xec, 0x58, + 0x07, 0x09, 0x1f, 0x61, 0xa4, 0x3c, 0x65, 0x38, + 0xd3, 0x43, 0x66, 0x29, 0x10, 0x81, 0x33, 0xa6, + 0xb8, 0x71, 0x8d, 0xc0, 0x27, 0x80, 0xfe, 0x11, + 0x85, 0xc6, 0xe6, 0x40, 0x69, 0x23, 0x39, 0x74, + 0x4a, 0xc9, 0xdc, 0x68, 0x6f, 0x47, 0x5c, 0x5c, + 0x56, 0xc8, 0x00, 0x78, 0xcf, 0x12, 0x7a, 0x67, + 0x27, 0x1b, 0xe7, 0x14, 0xdf, 0x9d, 0x22, 0xb5, + 0x5a, 0x8a, 0x2f, 0xdd, 0x7b, 0x6f, 0xb7, 0xf4, + 0xe3, 0x58, 0x8e, 0x6c, 0x79, 0x09, 0xf1, 0xe3, + 0x15, 0x1d, 0x9f, 0x1f, 0x69, 0x23, 0x70, 0x2f, + 0xd0, 0xee, 0x4e, 0xdd, 0x02, 0x56, 0xeb, 0x3f, + 0x25, 0xcc, 0x63, 0x06, 0x70, 0x97, 0x07, 0x76, + 0xb3, 0xe1, 0x39, 0xbd, 0xd3, 0xc2, 0x12, 0xeb, + 0x42, 0x77, 0xe8, 0xc5, 0xd0, 0xde, 0xf1, 0x4f + }; + static const byte testEx2Nonce[] = { + 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff, + 0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57 + }; + static const byte testEx2Output[] = { + 0x40, 0xb2, 0xeb, 0x2b, 0x10, 0x53, 0x30, 0x8f, + 0xe4, 0xa0, 0x47, 0xe0, 0x24, 0x22, 0xe7, 0x03, + 0x03, 0x90, 0x91, 0x7b, 0xa5, 0xa8, 0xa2, 0xfd, + 0xba, 0x3b, 0xc9, 0x8e, 0xfb, 0x39, 0xef, 0xd9, + 0xae, 0x62, 0xb7, 0x0b, 0x21, 0xe6, 0x93, 0x22, + 0xeb, 0x3d, 0x3b, 0x00, 0x59, 0xaa, 0xc0, 0x27, + 0x0c, 0xde, 0xb4, 0xbd, 0x5c, 0x73, 0xa6, 0x51, + 0xf5, 0x55, 0x2c, 0xf4, 0xb8, 0xc8, 0x46, 0x04, + 0x03, 0x63, 0xa7, 0x9f, 0x81, 0xd1, 0x34, 0x1c, + 0x93, 0x86, 0x43, 0x09, 0x4c, 0x0e, 0x0a, 0x7d, + 0x54, 0x63, 0xc4, 0x72, 0xbe, 0xe3, 0x30, 0x39, + 0x3b, 0x1b, 0x8d, 0xbe, 0x55, 0x9a, 0x46, 0x11, + 0x75, 0x22, 0x00, 0xcc, 0x5a, 0xa6, 0xbb, 0x8c, + 0xd1, 0x70, 0xba, 0xbc, 0x3c, 0xf5, 0xcf, 0x81, + 0xa5, 0x17, 0x5a, 0x34, 0x0c, 0x29, 0xca, 0xcf, + 0x2b, 0x27, 0x38, 0x42, 0x21, 0x32, 0x9b, 0xc0 + }; +#endif + byte output[WC_SHA256_DIGEST_SIZE * 4]; + + /* Bad parameters. */ + ExpectIntEQ(wc_RNG_HealthTest(0, NULL , 0 , NULL, 0, + NULL , 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RNG_HealthTest(0, test1Seed, sizeof(test1Seed), NULL, 0, + NULL , 0 ), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RNG_HealthTest(0, NULL , 0 , NULL, 0, + output, sizeof(output)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RNG_HealthTest(0, test1Seed, sizeof(test1Seed), NULL, 0, + output, 0 ), WC_NO_ERR_TRACE(-1)); + + /* Good parameters. */ + ExpectIntEQ(wc_RNG_HealthTest(0, test1Seed, sizeof(test1Seed), NULL, 0, + output, sizeof(output)), 0); + ExpectBufEQ(test1Output, output, sizeof(output)); + + ExpectIntEQ(wc_RNG_HealthTest(1, test2SeedA, sizeof(test2SeedA), test2SeedB, + sizeof(test2SeedB), output, sizeof(output)), 0); + ExpectBufEQ(test2Output, output, sizeof(output)); + +#if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + /* Bad parameters. */ + ExpectIntEQ(wc_RNG_HealthTest_ex(0, NULL, 0, NULL , 0 , + NULL, 0, NULL , 0 , HEAP_HINT, INVALID_DEVID), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RNG_HealthTest_ex(0, NULL, 0, test1Seed, sizeof(test1Seed), + NULL, 0, NULL , 0 , HEAP_HINT, + INVALID_DEVID), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RNG_HealthTest_ex(0, NULL, 0, NULL , 0 , + NULL, 0, output, sizeof(output), HEAP_HINT, INVALID_DEVID), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RNG_HealthTest_ex(0, NULL, 0, test1Seed, sizeof(test1Seed), + NULL, 0, output, 0 , HEAP_HINT, INVALID_DEVID), + WC_NO_ERR_TRACE(-1)); + + /* Good parameters. */ + ExpectIntEQ(wc_RNG_HealthTest_ex(0, NULL, 0, test1Seed, sizeof(test1Seed), + NULL, 0, output, sizeof(output), HEAP_HINT, INVALID_DEVID), 0); + ExpectBufEQ(test1Output, output, sizeof(output)); + /* with nonce */ + ExpectIntEQ(wc_RNG_HealthTest_ex(0, testEx1Nonce, sizeof(testEx1Nonce), + test1Seed, sizeof(test1Seed), NULL, 0, output, sizeof(output), + HEAP_HINT, INVALID_DEVID), 0); + ExpectBufEQ(testEx1Output, output, sizeof(output)); + + ExpectIntEQ(wc_RNG_HealthTest_ex(1, NULL, 0, test2SeedA, sizeof(test2SeedA), + test2SeedB, sizeof(test2SeedB), output, sizeof(output), HEAP_HINT, + INVALID_DEVID), 0); + ExpectBufEQ(test2Output, output, sizeof(output)); + /* with nonce */ + ExpectIntEQ(wc_RNG_HealthTest_ex(1, testEx2Nonce, sizeof(testEx2Nonce), + test2SeedA, sizeof(test2SeedA), test2SeedB, sizeof(test2SeedB), output, + sizeof(output), HEAP_HINT, INVALID_DEVID), 0); + ExpectBufEQ(testEx2Output, output, sizeof(output)); +#endif +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_random.h b/test/ssl/wolfssl/tests/api/test_random.h new file mode 100644 index 000000000..1493dc3a4 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_random.h @@ -0,0 +1,52 @@ +/* test_random.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_RANDOM_H +#define WOLFCRYPT_TEST_RANDOM_H + +#include + +int test_wc_InitRng(void); +int test_wc_RNG_GenerateBlock_Reseed(void); +int test_wc_RNG_GenerateBlock(void); +int test_wc_RNG_GenerateByte(void); +int test_wc_InitRngNonce(void); +int test_wc_InitRngNonce_ex(void); +int test_wc_GenerateSeed(void); +int test_wc_rng_new(void); +int test_wc_RNG_DRBG_Reseed(void); +int test_wc_RNG_TestSeed(void); +int test_wc_RNG_HealthTest(void); + +#define TEST_RANDOM_DECLS \ + TEST_DECL_GROUP("random", test_wc_InitRng), \ + TEST_DECL_GROUP("random", test_wc_RNG_GenerateBlock_Reseed), \ + TEST_DECL_GROUP("random", test_wc_RNG_GenerateBlock), \ + TEST_DECL_GROUP("random", test_wc_RNG_GenerateByte), \ + TEST_DECL_GROUP("random", test_wc_InitRngNonce), \ + TEST_DECL_GROUP("random", test_wc_InitRngNonce_ex), \ + TEST_DECL_GROUP("random", test_wc_GenerateSeed), \ + TEST_DECL_GROUP("random", test_wc_rng_new), \ + TEST_DECL_GROUP("random", test_wc_RNG_DRBG_Reseed), \ + TEST_DECL_GROUP("random", test_wc_RNG_TestSeed), \ + TEST_DECL_GROUP("random", test_wc_RNG_HealthTest) + +#endif /* WOLFCRYPT_TEST_RANDOM_H */ diff --git a/test/ssl/wolfssl/tests/api/test_rc2.c b/test/ssl/wolfssl/tests/api/test_rc2.c new file mode 100644 index 000000000..0e01a3f04 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_rc2.c @@ -0,0 +1,222 @@ +/* test_rc2.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/* + * Testing function for wc_Rc2SetKey(). + */ +int test_wc_Rc2SetKey(void) +{ + EXPECT_DECLS; +#ifdef WC_RC2 + Rc2 rc2; + byte key40[] = { 0x01, 0x02, 0x03, 0x04, 0x05 }; + byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; + + /* valid key and IV */ + ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte), + iv, 40), 0); + /* valid key, no IV */ + ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32) sizeof(key40) / sizeof(byte), + NULL, 40), 0); + + /* bad arguments */ + /* null Rc2 struct */ + ExpectIntEQ(wc_Rc2SetKey(NULL, key40, (word32) sizeof(key40) / sizeof(byte), + iv, 40), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null key */ + ExpectIntEQ(wc_Rc2SetKey(&rc2, NULL, (word32) sizeof(key40) / sizeof(byte), + iv, 40), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* key size == 0 */ + ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 0, iv, 40), + WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); + /* key size > 128 */ + ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, 129, iv, 40), + WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); + /* effective bits == 0 */ + ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte), + iv, 0), WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); + /* effective bits > 1024 */ + ExpectIntEQ(wc_Rc2SetKey(&rc2, key40, (word32)sizeof(key40) / sizeof(byte), + iv, 1025), WC_NO_ERR_TRACE(WC_KEY_SIZE_E)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Rc2SetKey */ + +/* + * Testing function for wc_Rc2SetIV(). + */ +int test_wc_Rc2SetIV(void) +{ + EXPECT_DECLS; +#ifdef WC_RC2 + Rc2 rc2; + byte iv[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; + + /* valid IV */ + ExpectIntEQ(wc_Rc2SetIV(&rc2, iv), 0); + /* valid NULL IV */ + ExpectIntEQ(wc_Rc2SetIV(&rc2, NULL), 0); + + /* bad arguments */ + ExpectIntEQ(wc_Rc2SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Rc2SetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Rc2SetIV */ + +/* + * Testing function for wc_Rc2EcbEncrypt() and wc_Rc2EcbDecrypt(). + */ +int test_wc_Rc2EcbEncryptDecrypt(void) +{ + EXPECT_DECLS; +#ifdef WC_RC2 + Rc2 rc2; + int effectiveKeyBits = 63; + byte cipher[RC2_BLOCK_SIZE]; + byte plain[RC2_BLOCK_SIZE]; + byte key[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + byte input[] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; + byte output[] = { 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff }; + + XMEMSET(cipher, 0, sizeof(cipher)); + XMEMSET(plain, 0, sizeof(plain)); + + ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte), + NULL, effectiveKeyBits), 0); + ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, RC2_BLOCK_SIZE), 0); + ExpectIntEQ(XMEMCMP(cipher, output, RC2_BLOCK_SIZE), 0); + + ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, cipher, RC2_BLOCK_SIZE), 0); + ExpectIntEQ(XMEMCMP(plain, input, RC2_BLOCK_SIZE), 0); + + /* Rc2EcbEncrypt bad arguments */ + /* null Rc2 struct */ + ExpectIntEQ(wc_Rc2EcbEncrypt(NULL, cipher, input, RC2_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null out buffer */ + ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, NULL, input, RC2_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null input buffer */ + ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, NULL, RC2_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* output buffer sz != RC2_BLOCK_SIZE (8) */ + ExpectIntEQ(wc_Rc2EcbEncrypt(&rc2, cipher, input, 7), + WC_NO_ERR_TRACE(BUFFER_E)); + + /* Rc2EcbDecrypt bad arguments */ + /* null Rc2 struct */ + ExpectIntEQ(wc_Rc2EcbDecrypt(NULL, plain, output, RC2_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null out buffer */ + ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, NULL, output, RC2_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null input buffer */ + ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, NULL, RC2_BLOCK_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* output buffer sz != RC2_BLOCK_SIZE (8) */ + ExpectIntEQ(wc_Rc2EcbDecrypt(&rc2, plain, output, 7), + WC_NO_ERR_TRACE(BUFFER_E)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Rc2EcbEncryptDecrypt */ + +/* + * Testing function for wc_Rc2CbcEncrypt() and wc_Rc2CbcDecrypt(). + */ +int test_wc_Rc2CbcEncryptDecrypt(void) +{ + EXPECT_DECLS; +#ifdef WC_RC2 + Rc2 rc2; + int effectiveKeyBits = 63; + byte cipher[RC2_BLOCK_SIZE*2]; + byte plain[RC2_BLOCK_SIZE*2]; + /* vector taken from test.c */ + byte key[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + byte iv[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + byte input[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 + }; + byte output[] = { + 0xeb, 0xb7, 0x73, 0xf9, 0x93, 0x27, 0x8e, 0xff, + 0xf0, 0x51, 0x77, 0x8b, 0x65, 0xdb, 0x13, 0x57 + }; + + XMEMSET(cipher, 0, sizeof(cipher)); + XMEMSET(plain, 0, sizeof(plain)); + + ExpectIntEQ(wc_Rc2SetKey(&rc2, key, (word32) sizeof(key) / sizeof(byte), + iv, effectiveKeyBits), 0); + ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, input, sizeof(input)), 0); + ExpectIntEQ(XMEMCMP(cipher, output, sizeof(output)), 0); + + /* reset IV for decrypt */ + ExpectIntEQ(wc_Rc2SetIV(&rc2, iv), 0); + ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, cipher, sizeof(cipher)), 0); + ExpectIntEQ(XMEMCMP(plain, input, sizeof(input)), 0); + + /* Rc2CbcEncrypt bad arguments */ + /* null Rc2 struct */ + ExpectIntEQ(wc_Rc2CbcEncrypt(NULL, cipher, input, sizeof(input)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null out buffer */ + ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, NULL, input, sizeof(input)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null input buffer */ + ExpectIntEQ(wc_Rc2CbcEncrypt(&rc2, cipher, NULL, sizeof(input)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Rc2CbcDecrypt bad arguments */ + /* in size is 0 */ + ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, output, 0), 0); + /* null Rc2 struct */ + ExpectIntEQ(wc_Rc2CbcDecrypt(NULL, plain, output, sizeof(output)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null out buffer */ + ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, NULL, output, sizeof(output)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* null input buffer */ + ExpectIntEQ(wc_Rc2CbcDecrypt(&rc2, plain, NULL, sizeof(output)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Rc2CbcEncryptDecrypt */ + diff --git a/test/ssl/wolfssl/tests/api/test_rc2.h b/test/ssl/wolfssl/tests/api/test_rc2.h new file mode 100644 index 000000000..9184ef24e --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_rc2.h @@ -0,0 +1,38 @@ +/* test_rc2.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_RC2_H +#define WOLFCRYPT_TEST_RC2_H + +#include + +int test_wc_Rc2SetKey(void); +int test_wc_Rc2SetIV(void); +int test_wc_Rc2EcbEncryptDecrypt(void); +int test_wc_Rc2CbcEncryptDecrypt(void); + +#define TEST_RC2_DECLS \ + TEST_DECL_GROUP("rc2", test_wc_Rc2SetKey), \ + TEST_DECL_GROUP("rc2", test_wc_Rc2SetIV), \ + TEST_DECL_GROUP("rc2", test_wc_Rc2EcbEncryptDecrypt), \ + TEST_DECL_GROUP("rc2", test_wc_Rc2CbcEncryptDecrypt) + +#endif /* WOLFCRYPT_TEST_RC2_H */ diff --git a/test/ssl/wolfssl/tests/api/test_ripemd.c b/test/ssl/wolfssl/tests/api/test_ripemd.c new file mode 100644 index 000000000..45800bd04 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ripemd.c @@ -0,0 +1,235 @@ +/* test_ripemd.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/* + * Testing wc_InitRipeMd() + */ +int test_wc_InitRipeMd(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_RIPEMD + RipeMd ripemd; + + /* Test bad arg. */ + ExpectIntEQ(wc_InitRipeMd(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test good arg. */ + ExpectIntEQ(wc_InitRipeMd(&ripemd), 0); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_InitRipeMd */ + +/* + * Testing wc_RipeMdUpdate() + */ +int test_wc_RipeMdUpdate(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_RIPEMD + RipeMd ripemd; + + ExpectIntEQ(wc_InitRipeMd(&ripemd), 0); + + /* Test bad arg. */ + ExpectIntEQ(wc_RipeMdUpdate(NULL , NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RipeMdUpdate(&ripemd, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RipeMdUpdate(NULL , NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test good arg. */ + ExpectIntEQ(wc_RipeMdUpdate(&ripemd, NULL, 0), 0); + ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)"a", 1), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_RipeMdUdpate */ + +/* + * Unit test function for wc_RipeMdFinal() + */ +int test_wc_RipeMdFinal(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_RIPEMD + RipeMd ripemd; + byte hash[RIPEMD_DIGEST_SIZE]; + + /* Initialize */ + ExpectIntEQ(wc_InitRipeMd(&ripemd), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_RipeMdFinal(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RipeMdFinal(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RipeMdFinal(&ripemd, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test good args. */ + ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_RipeMdFinal */ + +#define RIPEMD_KAT_CNT 7 +int test_wc_RipeMd_KATs( void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_RIPEMD + RipeMd ripemd; + testVector ripemd_kat[RIPEMD_KAT_CNT]; + byte hash[RIPEMD_DIGEST_SIZE]; + int i = 0; + + ripemd_kat[i].input = ""; + ripemd_kat[i].inLen = 0; + ripemd_kat[i].output = + "\x9c\x11\x85\xa5\xc5\xe9\xfc\x54" + "\x61\x28\x08\x97\x7e\xe8\xf5\x48" + "\xb2\x25\x8d\x31"; + ripemd_kat[i].outLen = 0; + i++; + ripemd_kat[i].input = "a"; + ripemd_kat[i].inLen = 1; + ripemd_kat[i].output = + "\x0b\xdc\x9d\x2d\x25\x6b\x3e\xe9" + "\xda\xae\x34\x7b\xe6\xf4\xdc\x83" + "\x5a\x46\x7f\xfe"; + ripemd_kat[i].outLen = 0; + i++; + ripemd_kat[i].input = "abc"; + ripemd_kat[i].inLen = 3; + ripemd_kat[i].output = + "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a" + "\x9b\x04\x4a\x8e\x98\xc6\xb0\x87" + "\xf1\x5a\x0b\xfc"; + ripemd_kat[i].outLen = 0; + i++; + ripemd_kat[i].input = "message digest"; + ripemd_kat[i].inLen = 14; + ripemd_kat[i].output = + "\x5d\x06\x89\xef\x49\xd2\xfa\xe5" + "\x72\xb8\x81\xb1\x23\xa8\x5f\xfa" + "\x21\x59\x5f\x36"; + ripemd_kat[i].outLen = 0; + i++; + ripemd_kat[i].input = "abcdefghijklmnopqrstuvwxyz"; + ripemd_kat[i].inLen = 26; + ripemd_kat[i].output = + "\xf7\x1c\x27\x10\x9c\x69\x2c\x1b" + "\x56\xbb\xdc\xeb\x5b\x9d\x28\x65" + "\xb3\x70\x8d\xbc"; + ripemd_kat[i].outLen = 0; + i++; + ripemd_kat[i].input = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789"; + ripemd_kat[i].inLen = 62; + ripemd_kat[i].output = + "\xb0\xe2\x0b\x6e\x31\x16\x64\x02" + "\x86\xed\x3a\x87\xa5\x71\x30\x79" + "\xb2\x1f\x51\x89"; + ripemd_kat[i].outLen = 0; + i++; + ripemd_kat[i].input = "1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890"; + ripemd_kat[i].inLen = 80; + ripemd_kat[i].output = + "\x9b\x75\x2e\x45\x57\x3d\x4b\x39" + "\xf4\xdb\xd3\x32\x3c\xab\x82\xbf" + "\x63\x32\x6b\xfb"; + ripemd_kat[i].outLen = 0; + + ExpectIntEQ(wc_InitRipeMd(&ripemd), 0); + for (i = 0; i < RIPEMD_KAT_CNT; i++) { + /* Do KAT. */ + ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)ripemd_kat[i].input, + (word32)ripemd_kat[i].inLen), 0); + ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0); + ExpectBufEQ(hash, (byte*)ripemd_kat[i].output, RIPEMD_DIGEST_SIZE); + } +#endif + return EXPECT_RESULT(); +} + +int test_wc_RipeMd_other(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_RIPEMD + RipeMd ripemd; + byte hash[RIPEMD_DIGEST_SIZE + 1]; + byte data[RIPEMD_DIGEST_SIZE * 8 + 1]; + int dataLen = RIPEMD_DIGEST_SIZE * 8; + const char* expHash = + "\x11\x8f\x4f\x23\xa9\xc2\xcb\x04" + "\x10\x10\xbb\x44\x5a\x1d\xfb\x17" + "\x6b\x68\x09\xb4"; + int i; + int j; + + XMEMSET(data, 0xa5, sizeof(data)); + + /* Initialize */ + ExpectIntEQ(wc_InitRipeMd(&ripemd), 0); + + /* Unaligned input and output buffer. */ + ExpectIntEQ(wc_RipeMdUpdate(&ripemd, data + 1, dataLen), 0); + ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash + 1), 0); + ExpectBufEQ(hash + 1, (byte*)expHash, RIPEMD_DIGEST_SIZE); + + /* Test that empty updates work. */ + ExpectIntEQ(wc_InitRipeMd(&ripemd), 0); + ExpectIntEQ(wc_RipeMdUpdate(&ripemd, NULL, 0), 0); + ExpectIntEQ(wc_RipeMdUpdate(&ripemd, (byte*)"", 0), 0); + ExpectIntEQ(wc_RipeMdUpdate(&ripemd, data, dataLen), 0); + ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0); + ExpectBufEQ(hash, (byte*)expHash, RIPEMD_DIGEST_SIZE); + + /* Ensure chunking works. */ + for (i = 1; i < dataLen; i++) { + ExpectIntEQ(wc_InitRipeMd(&ripemd), 0); + for (j = 0; j < dataLen; j += i) { + int len = dataLen - j; + if (i < len) + len = i; + ExpectIntEQ(wc_RipeMdUpdate(&ripemd, data + j, len), 0); + } + ExpectIntEQ(wc_RipeMdFinal(&ripemd, hash), 0); + ExpectBufEQ(hash, (byte*)expHash, RIPEMD_DIGEST_SIZE); + } +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_ripemd.h b/test/ssl/wolfssl/tests/api/test_ripemd.h new file mode 100644 index 000000000..dd73b5334 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_ripemd.h @@ -0,0 +1,40 @@ +/* test_ripemd.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_RIPEMD_H +#define WOLFCRYPT_TEST_RIPEMD_H + +#include + +int test_wc_InitRipeMd(void); +int test_wc_RipeMdUpdate(void); +int test_wc_RipeMdFinal(void); +int test_wc_RipeMd_KATs(void); +int test_wc_RipeMd_other(void); + +#define TEST_RIPEMD_DECLS \ + TEST_DECL_GROUP("ripemd", test_wc_InitRipeMd), \ + TEST_DECL_GROUP("ripemd", test_wc_RipeMdUpdate), \ + TEST_DECL_GROUP("ripemd", test_wc_RipeMdFinal), \ + TEST_DECL_GROUP("ripemd", test_wc_RipeMd_KATs), \ + TEST_DECL_GROUP("ripemd", test_wc_RipeMd_other) + +#endif /* WOLFCRYPT_TEST_RIPEMD_H */ diff --git a/test/ssl/wolfssl/tests/api/test_rsa.c b/test/ssl/wolfssl/tests/api/test_rsa.c new file mode 100644 index 000000000..40786e467 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_rsa.c @@ -0,0 +1,1144 @@ +/* test_rsa.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + #define WOLFSSL_SMALL_STACK +#endif + +#include +#include +#include +#include + +/* + * Testing wc_Init RsaKey() + */ +int test_wc_InitRsaKey(void) +{ + EXPECT_DECLS; +#ifndef NO_RSA + RsaKey key; + + XMEMSET(&key, 0, sizeof(RsaKey)); + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_InitRsaKey(NULL, HEAP_HINT), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_InitRsaKey */ + + +/* + * Testing wc_RsaPrivateKeyDecode() + */ +int test_wc_RsaPrivateKeyDecode(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && (defined(USE_CERT_BUFFERS_1024) || \ + defined(USE_CERT_BUFFERS_2048)) && !defined(HAVE_FIPS) + RsaKey key; + byte* tmp = NULL; + word32 idx = 0; + int bytes = 0; + + XMEMSET(&key, 0, sizeof(RsaKey)); + + ExpectNotNull(tmp = (byte*)XMALLOC(FOURK_BUF, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + if (tmp != NULL) { + #ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024); + bytes = sizeof_client_key_der_1024; + #else + XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048); + bytes = sizeof_client_key_der_2048; + #endif /* Use cert buffers. */ + } + + ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, &key, (word32)bytes), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_RsaPrivateKeyDecode(NULL, &idx, &key, (word32)bytes), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, NULL, &key, (word32)bytes), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, NULL, (word32)bytes), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_RsaPrivateKeyDecode */ + +/* + * Testing wc_RsaPublicKeyDecode() + */ +int test_wc_RsaPublicKeyDecode(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && !defined(NO_SHA256) && \ + (defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)) && \ + !defined(HAVE_FIPS) + RsaKey keyPub; + byte* tmp = NULL; + word32 idx = 0; + int bytes = 0; + word32 keySz = 0; + word32 tstKeySz = 0; +#if defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) + XFILE f = XBADFILE; + const char* rsaPssPubKey = "./certs/rsapss/ca-rsapss-key.der"; + const char* rsaPssPubKeyNoParams = "./certs/rsapss/ca-3072-rsapss-key.der"; + byte buf[4096]; +#endif + + XMEMSET(&keyPub, 0, sizeof(RsaKey)); + + ExpectNotNull(tmp = (byte*)XMALLOC(GEN_BUF, NULL, DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(wc_InitRsaKey(&keyPub, HEAP_HINT), 0); + if (tmp != NULL) { + #ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); + bytes = sizeof_client_keypub_der_1024; + keySz = 1024; + #else + XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); + bytes = sizeof_client_keypub_der_2048; + keySz = 2048; + #endif + } + + ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, &keyPub, (word32)bytes), 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_RsaPublicKeyDecode(NULL, &idx, &keyPub, (word32)bytes), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, NULL, &keyPub, (word32)bytes), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPublicKeyDecode(tmp, &idx, NULL, (word32)bytes), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRsaKey(&keyPub), 0); + + /* Test for getting modulus key size */ + idx = 0; + ExpectIntEQ(wc_RsaPublicKeyDecode_ex(tmp, &idx, (word32)bytes, NULL, + &tstKeySz, NULL, NULL), 0); + ExpectIntEQ(tstKeySz, keySz/8); + +#if defined(WC_RSA_PSS) && !defined(NO_FILESYSTEM) + ExpectTrue((f = XFOPEN(rsaPssPubKey, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) { + XFCLOSE(f); + f = XBADFILE; + } + idx = 0; + ExpectIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, (word32)bytes, NULL, NULL, + NULL, NULL), 0); + ExpectTrue((f = XFOPEN(rsaPssPubKeyNoParams, "rb")) != XBADFILE); + ExpectIntGT(bytes = (int)XFREAD(buf, 1, sizeof(buf), f), 0); + if (f != XBADFILE) + XFCLOSE(f); + idx = 0; + ExpectIntEQ(wc_RsaPublicKeyDecode_ex(buf, &idx, (word32)bytes, NULL, NULL, + NULL, NULL), 0); +#endif + + XFREE(tmp, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return EXPECT_RESULT(); +} /* END test_wc_RsaPublicKeyDecode */ + +/* + * Testing wc_RsaPublicKeyDecodeRaw() + */ +int test_wc_RsaPublicKeyDecodeRaw(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) + RsaKey key; + const byte n = 0x23; + const byte e = 0x03; + word32 nSz = sizeof(n); + word32 eSz = sizeof(e); + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, &key), 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(NULL, nSz, &e, eSz, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, NULL, eSz, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPublicKeyDecodeRaw(&n, nSz, &e, eSz, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_RsaPublicKeyDecodeRaw */ + +/* + * Testing wc_RsaPrivateKeyDecodeRaw() + */ +int test_wc_RsaPrivateKeyDecodeRaw(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + RsaKey key; + const byte n = 33; + const byte e = 3; + const byte d = 7; + const byte u = 2; + const byte p = 3; + const byte q = 11; + const byte dp = 1; + const byte dq = 7; + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), NULL, 0, + NULL, 0, &key), 0); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + NULL, 0, &key), 0); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), NULL, 0, + &dq, sizeof(dq), &key), 0); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(NULL, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, 0, + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + NULL, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, 0, &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), NULL, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, 0, &u, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + NULL, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, 0, &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), NULL, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, sizeof(u), + &p, sizeof(p), &q, 0, &dp, sizeof(dp), + &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#if defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || !defined(RSA_LOW_MEM) + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, 0, + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), NULL, sizeof(u), + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPrivateKeyDecodeRaw(&n, sizeof(n), + &e, sizeof(e), &d, sizeof(d), &u, 0, + &p, sizeof(p), &q, sizeof(q), &dp, sizeof(dp), + &dq, sizeof(dq), &key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_RsaPrivateKeyDecodeRaw */ + +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + /* In FIPS builds, wc_MakeRsaKey() will return an error if it cannot find + * a probable prime in 5*(modLen/2) attempts. In non-FIPS builds, it keeps + * trying until it gets a probable prime. */ + #ifdef HAVE_FIPS + int MakeRsaKeyRetry(RsaKey* key, int size, long e, WC_RNG* rng) + { + int ret; + + for (;;) { + ret = wc_MakeRsaKey(key, size, e, rng); + if (ret != WC_NO_ERR_TRACE(PRIME_GEN_E)) break; + fprintf(stderr, "MakeRsaKey couldn't find prime; " + "trying again.\n"); + } + + return ret; + } + #endif +#endif + +/* + * Testing wc_MakeRsaKey() + */ +int test_wc_MakeRsaKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + + RsaKey genKey; + WC_RNG rng; +#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \ + (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024)) + int bits = 1024; +#else + int bits = 2048; +#endif + + XMEMSET(&genKey, 0, sizeof(RsaKey)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRsaKey(&genKey, HEAP_HINT), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, &rng), 0); + DoExpectIntEQ(wc_FreeRsaKey(&genKey), 0); + + /* Test bad args. */ + ExpectIntEQ(MAKE_RSA_KEY(NULL, bits, WC_RSA_EXPONENT, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, WC_RSA_EXPONENT, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* e < 3 */ + ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 2, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* e & 1 == 0 */ + ExpectIntEQ(MAKE_RSA_KEY(&genKey, bits, 6, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_MakeRsaKey */ + +/* + * Testing wc_CheckProbablePrime() + */ +int test_wc_CheckProbablePrime(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \ + !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) +#define CHECK_PROBABLE_PRIME_KEY_BITS 2048 + RsaKey key; + WC_RNG rng; + byte e[3]; + word32 eSz = (word32)sizeof(e); + byte n[CHECK_PROBABLE_PRIME_KEY_BITS / 8]; + word32 nSz = (word32)sizeof(n); + byte d[CHECK_PROBABLE_PRIME_KEY_BITS / 8]; + word32 dSz = (word32)sizeof(d); + byte p[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2]; + word32 pSz = (word32)sizeof(p); + byte q[CHECK_PROBABLE_PRIME_KEY_BITS / 8 / 2]; + word32 qSz = (word32)sizeof(q); + int nlen = CHECK_PROBABLE_PRIME_KEY_BITS; + int* isPrime; + int test[5]; + isPrime = test; + + XMEMSET(&key, 0, sizeof(RsaKey)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0); + ExpectIntEQ(wc_MakeRsaKey(&key, CHECK_PROBABLE_PRIME_KEY_BITS, + WC_RSA_EXPONENT, &rng), 0); + PRIVATE_KEY_UNLOCK(); + ExpectIntEQ(wc_RsaExportKey(&key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, + &qSz), 0); + PRIVATE_KEY_LOCK(); + + /* Bad cases */ + ExpectIntEQ(wc_CheckProbablePrime(NULL, pSz, q, qSz, e, eSz, nlen, isPrime), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CheckProbablePrime(p, 0, q, qSz, e, eSz, nlen, isPrime), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CheckProbablePrime(p, pSz, NULL, qSz, e, eSz, nlen, isPrime), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, 0, e, eSz, nlen, isPrime), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, NULL, eSz, nlen, isPrime), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, e, 0, nlen, isPrime), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_CheckProbablePrime(NULL, 0, NULL, 0, NULL, 0, nlen, isPrime), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Good case */ + ExpectIntEQ(wc_CheckProbablePrime(p, pSz, q, qSz, e, eSz, nlen, isPrime), + 0); + + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); + wc_FreeRng(&rng); +#undef CHECK_PROBABLE_PRIME_KEY_BITS +#endif + return EXPECT_RESULT(); +} /* END test_wc_CheckProbablePrime */ + +/* + * Testing wc_RsaPSS_Verify() + */ +int test_wc_RsaPSS_Verify(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \ + !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS) + RsaKey key; + WC_RNG rng; + int sz = 256; + const char* szMessage = "This is the string to be signed"; + unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */ + unsigned char pDecrypted[2048/8]; + byte* pt = pDecrypted; + word32 outLen = sizeof(pDecrypted); + + XMEMSET(&key, 0, sizeof(RsaKey)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0); + ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0); + + ExpectIntGT(sz = wc_RsaPSS_Sign((byte*)szMessage, + (word32)XSTRLEN(szMessage)+1, pSignature, sizeof(pSignature), + WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0); + + /* Bad cases */ + ExpectIntEQ(wc_RsaPSS_Verify(NULL, (word32)sz, pt, outLen, + WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPSS_Verify(pSignature, 0, pt, outLen, + WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPSS_Verify(pSignature, (word32)sz, NULL, outLen, + WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPSS_Verify(NULL, 0, NULL, outLen, + WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Good case */ + ExpectIntGT(wc_RsaPSS_Verify(pSignature, (word32)sz, pt, outLen, + WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0); + + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); + wc_FreeRng(&rng); +#endif + return EXPECT_RESULT(); +} /* END test_wc_RsaPSS_Verify */ + +/* + * Testing wc_RsaPSS_VerifyCheck() + */ +int test_wc_RsaPSS_VerifyCheck(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \ + !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS) + RsaKey key; + WC_RNG rng; + int sz = 256; /* 2048/8 */ + byte digest[32]; + word32 digestSz = sizeof(digest); + unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */ + word32 pSignatureSz = sizeof(pSignature); + unsigned char pDecrypted[2048/8]; + byte* pt = pDecrypted; + word32 outLen = sizeof(pDecrypted); + + XMEMSET(&key, 0, sizeof(RsaKey)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + XMEMSET(digest, 0, sizeof(digest)); + XMEMSET(pSignature, 0, sizeof(pSignature)); + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0); + ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0); + ExpectTrue((digestSz = (word32)wc_HashGetDigestSize(WC_HASH_TYPE_SHA256)) > + 0); + ExpectIntEQ(wc_Hash(WC_HASH_TYPE_SHA256, pSignature, (word32)sz, digest, + digestSz), 0); + + ExpectIntGT(sz = wc_RsaPSS_Sign(digest, digestSz, pSignature, pSignatureSz, + WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0); + + /* Bad cases */ + ExpectIntEQ(wc_RsaPSS_VerifyCheck(NULL, (word32)sz, pt, outLen, digest, + digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPSS_VerifyCheck(pSignature, 0, pt, outLen, digest, + digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPSS_VerifyCheck(pSignature, (word32)sz, NULL, outLen, + digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPSS_VerifyCheck(NULL, 0, NULL, outLen, digest, + digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Good case */ + ExpectIntGT(wc_RsaPSS_VerifyCheck(pSignature, (word32)sz, pt, outLen, + digest, digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0); + + ExpectIntEQ(wc_FreeRsaKey(&key), 0); + wc_FreeRng(&rng); +#endif + return EXPECT_RESULT(); +} /* END test_wc_RsaPSS_VerifyCheck */ + +/* + * Testing wc_RsaPSS_VerifyCheckInline() + */ +int test_wc_RsaPSS_VerifyCheckInline(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_SELFTEST) && \ + !defined(HAVE_FIPS) && defined(WC_RSA_BLINDING) && defined(WC_RSA_PSS) + RsaKey key; + WC_RNG rng; + int sz = 256; + byte digest[32]; + word32 digestSz = sizeof(digest); + unsigned char pSignature[2048/8]; /* 2048 is RSA_KEY_SIZE */ + unsigned char pDecrypted[2048/8]; + byte* pt = pDecrypted; + + XMEMSET(&key, 0, sizeof(RsaKey)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + XMEMSET(digest, 0, sizeof(digest)); + XMEMSET(pSignature, 0, sizeof(pSignature)); + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0); + ExpectIntEQ(wc_MakeRsaKey(&key, 2048, WC_RSA_EXPONENT, &rng), 0); + ExpectTrue((digestSz = (word32)wc_HashGetDigestSize(WC_HASH_TYPE_SHA256)) > + 0); + ExpectIntEQ(wc_Hash(WC_HASH_TYPE_SHA256, pSignature, (word32)sz, digest, + digestSz), 0); + + ExpectIntGT(sz = wc_RsaPSS_Sign(digest, digestSz, pSignature, + sizeof(pSignature), WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key, &rng), 0); + + /* Bad Cases */ + ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(NULL, (word32)sz, &pt, digest, + digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(pSignature, 0, NULL, digest, + digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(NULL, 0, &pt, digest, + digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaPSS_VerifyCheckInline(pSignature, (word32)sz, &pt, digest, + digestSz, WC_HASH_TYPE_SHA, WC_MGF1SHA256, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Good case */ + ExpectIntGT(wc_RsaPSS_VerifyCheckInline(pSignature, (word32)sz, &pt, digest, + digestSz, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, &key), 0); + + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); + wc_FreeRng(&rng); +#endif + return EXPECT_RESULT(); +} /* END test_wc_RsaPSS_VerifyCheckInline */ + +/* + * Testing wc_RsaKeyToDer() + */ +int test_wc_RsaKeyToDer(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && \ + (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_KEY_TO_DER)) + RsaKey key; + byte* der = NULL; + word32 derSz = 0; +#if defined(WOLFSSL_KEY_GEN) + WC_RNG rng; +#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \ + (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024)) + int bits = 1024; +#else + int bits = 2048; +#endif +#else + word32 idx = 0; + byte* key_der = NULL; +#if !defined(NO_FILESYSTEM) + const char* key_fname = "./certs/client-key.der"; + XFILE file = XBADFILE; +#endif +#endif /* WOLFSSL_KEY_GEN */ + +#if defined(WOLFSSL_KEY_GEN) + XMEMSET(&rng, 0, sizeof(rng)); +#endif + XMEMSET(&key, 0, sizeof(key)); + + /* Init RSA structure */ + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + +#if defined(WOLFSSL_KEY_GEN) + /* Init RMG */ + ExpectIntEQ(wc_InitRng(&rng), 0); + /* Make key */ + ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0); +#else + /* Import a key */ +#if !defined(NO_FILESYSTEM) + ExpectTrue((file = XFOPEN(key_fname, "rb")) != XBADFILE); + ExpectIntEQ(XFSEEK(file, 0, XSEEK_END), 0); + ExpectIntGT(derSz = (word32)XFTELL(file), 0); + ExpectIntEQ(XFSEEK(file, 0, XSEEK_SET), 0); + ExpectNotNull(key_der = (byte*)XMALLOC(derSz, NULL, + DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ((int)XFREAD(key_der, 1, derSz, file), derSz); + XFCLOSE(file); +#elif defined(USE_CERT_BUFFERS_1024) && \ + (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024)) + key_der = (byte*)client_key_der_1024; + derSz = (word32)sizeof_client_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + key_der = (byte*)client_key_der_2048; + derSz = (word32)sizeof_client_key_der_2048; +#elif defined(USE_CERT_BUFFERS_3072) + key_der = (byte*)client_key_der_3072; + derSz = (word32)sizeof_client_key_der_3072; +#elif defined(USE_CERT_BUFFERS_4096) + key_der = (byte*)client_key_der_4096; + derSz = (word32)sizeof_client_key_der_4096; +#endif + + /* Import private key */ + ExpectIntEQ(wc_RsaPrivateKeyDecode(key_der, &idx, &key, derSz), 0); + +#if !defined(NO_FILESYSTEM) + XFREE(key_der, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#endif /* WOLFSSL_KEY_GEN */ + + /* Get output length */ + ExpectIntGT((derSz = wc_RsaKeyToDer(&key, NULL, 0)), 0); + ExpectNotNull(der = (byte*)XMALLOC(derSz, NULL, DYNAMIC_TYPE_TMP_BUFFER)); + + /* Test exporting private key to DER */ + ExpectIntGT(wc_RsaKeyToDer(&key, der, derSz), 0); + + /* Pass good/bad args. */ + ExpectIntEQ(wc_RsaKeyToDer(NULL, der, derSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* Try Public Key. */ + key.type = 0; + ExpectIntEQ(wc_RsaKeyToDer(&key, der, derSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + #ifdef WOLFSSL_CHECK_MEM_ZERO + /* Put back to Private Key */ + key.type = 1; + #endif + + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); + #if defined(WOLFSSL_KEY_GEN) + DoExpectIntEQ(wc_FreeRng(&rng), 0); + #endif +#endif + return EXPECT_RESULT(); +} /* END test_wc_RsaKeyToDer */ + +/* + * Testing wc_RsaKeyToPublicDer() + */ +int test_wc_RsaKeyToPublicDer(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + RsaKey key; + WC_RNG rng; + byte* der = NULL; +#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \ + (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024)) + int bits = 1024; + word32 derLen = 162; +#else + int bits = 2048; + word32 derLen = 294; +#endif + int ret = 0; + + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(&key, 0, sizeof(key)); + + ExpectNotNull(der = (byte*)XMALLOC(derLen, NULL, DYNAMIC_TYPE_TMP_BUFFER)); + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0); + + /* test getting size only */ + ExpectIntGT(wc_RsaKeyToPublicDer(&key, NULL, derLen), 0); + ExpectIntGT(wc_RsaKeyToPublicDer(&key, der, derLen), 0); + + /* test getting size only */ + ExpectIntGT(wc_RsaKeyToPublicDer_ex(&key, NULL, derLen, 0), 0); + ExpectIntGT(wc_RsaKeyToPublicDer_ex(&key, der, derLen, 0), 0); + + /* Pass in bad args. */ + ExpectIntEQ(wc_RsaKeyToPublicDer(NULL, der, derLen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntLT(ret = wc_RsaKeyToPublicDer(&key, der, -1), 0); + ExpectTrue((ret == WC_NO_ERR_TRACE(BUFFER_E)) || + (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG))); + + XFREE(der, NULL, DYNAMIC_TYPE_TMP_BUFFER); + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_RsaKeyToPublicDer */ + +/* + * Testing wc_RsaPublicEncrypt() and wc_RsaPrivateDecrypt() + */ +int test_wc_RsaPublicEncryptDecrypt(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY) + RsaKey key; + WC_RNG rng; + const char inStr[] = TEST_STRING; + const word32 plainLen = (word32)TEST_STRING_SZ; + const word32 inLen = (word32)TEST_STRING_SZ; + int bits = TEST_RSA_BITS; + const word32 cipherLen = TEST_RSA_BYTES; + word32 cipherLenResult = cipherLen; + WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL); + WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL); + WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL); + + WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL); + WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL); + WC_ALLOC_VAR(cipher, byte, TEST_RSA_BYTES, NULL); + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(in); + ExpectNotNull(plain); + ExpectNotNull(cipher); +#endif + ExpectNotNull(XMEMCPY(in, inStr, inLen)); + + /* Initialize stack structures. */ + XMEMSET(&key, 0, sizeof(RsaKey)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0); + + /* Encrypt. */ + ExpectIntGT(cipherLenResult = (word32)wc_RsaPublicEncrypt(in, inLen, cipher, + cipherLen, &key, &rng), 0); + /* Pass bad args - tested in another testing function.*/ + + /* Decrypt */ +#if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) + /* Bind rng */ + ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0); +#endif + ExpectIntGE(wc_RsaPrivateDecrypt(cipher, cipherLenResult, plain, plainLen, + &key), 0); + ExpectIntEQ(XMEMCMP(plain, inStr, plainLen), 0); + /* Pass bad args - tested in another testing function.*/ + + WC_FREE_VAR(in, NULL); + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_RsaPublicEncryptDecrypt */ + +/* + * Testing wc_RsaPrivateDecrypt_ex() and wc_RsaPrivateDecryptInline_ex() + */ +int test_wc_RsaPublicEncryptDecrypt_ex(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && \ + !defined(WC_NO_RSA_OAEP) && !defined(NO_SHA256) + RsaKey key; + WC_RNG rng; + const char inStr[] = TEST_STRING; + const word32 inLen = (word32)TEST_STRING_SZ; + int idx = 0; + int bits = TEST_RSA_BITS; + const word32 cipherSz = TEST_RSA_BYTES; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + const word32 plainSz = (word32)TEST_STRING_SZ; + byte* res = NULL; + + WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL); +#endif + WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL); + WC_DECLARE_VAR(cipher, byte, TEST_RSA_BYTES, NULL); + + WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL); + WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL); + WC_ALLOC_VAR(cipher, byte, TEST_RSA_BYTES, NULL); + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(in); + ExpectNotNull(plain); + ExpectNotNull(cipher); +#endif + ExpectNotNull(XMEMCPY(in, inStr, inLen)); + + /* Initialize stack structures. */ + XMEMSET(&key, 0, sizeof(RsaKey)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRsaKey_ex(&key, HEAP_HINT, INVALID_DEVID), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0); + + /* Encrypt */ + ExpectIntGE(idx = wc_RsaPublicEncrypt_ex(in, inLen, cipher, cipherSz, &key, + &rng, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0), 0); + /* Pass bad args - tested in another testing function.*/ + +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + /* Decrypt */ + #if defined(WC_RSA_BLINDING) && !defined(HAVE_FIPS) + ExpectIntEQ(wc_RsaSetRNG(&key, &rng), 0); + #endif + ExpectIntGE(wc_RsaPrivateDecrypt_ex(cipher, (word32)idx, plain, plainSz, + &key, WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0), 0); + ExpectIntEQ(XMEMCMP(plain, inStr, plainSz), 0); + /* Pass bad args - tested in another testing function.*/ + + ExpectIntGE(wc_RsaPrivateDecryptInline_ex(cipher, (word32)idx, &res, &key, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0), 0); + ExpectIntEQ(XMEMCMP(inStr, res, plainSz), 0); +#endif + + WC_FREE_VAR(in, NULL); + WC_FREE_VAR(plain, NULL); + WC_FREE_VAR(cipher, NULL); + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_RsaPublicEncryptDecrypt_ex */ + +/* + * Tesing wc_RsaSSL_Sign() and wc_RsaSSL_Verify() + */ +int test_wc_RsaSSL_SignVerify(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + RsaKey key; + WC_RNG rng; + const char inStr[] = TEST_STRING; + const word32 plainSz = (word32)TEST_STRING_SZ; + const word32 inLen = (word32)TEST_STRING_SZ; + word32 idx = 0; + int bits = TEST_RSA_BITS; + const word32 outSz = TEST_RSA_BYTES; + + WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, NULL); + WC_DECLARE_VAR(out, byte, TEST_RSA_BYTES, NULL); + WC_DECLARE_VAR(plain, byte, TEST_STRING_SZ, NULL); + + WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, NULL); + WC_ALLOC_VAR(out, byte, TEST_RSA_BYTES, NULL); + WC_ALLOC_VAR(plain, byte, TEST_STRING_SZ, NULL); + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + ExpectNotNull(in); + ExpectNotNull(out); + ExpectNotNull(plain); +#endif + ExpectNotNull(XMEMCPY(in, inStr, inLen)); + + XMEMSET(&key, 0, sizeof(RsaKey)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0); + + /* Sign. */ + ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, &key, &rng), (int)outSz); + idx = (int)outSz; + + /* Test bad args. */ + ExpectIntEQ(wc_RsaSSL_Sign(NULL, inLen, out, outSz, &key, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaSSL_Sign(in, 0, out, outSz, &key, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, NULL, outSz, &key, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaSSL_Sign(in, inLen, out, outSz, NULL, &rng), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Verify. */ + ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, &key), (int)inLen); + + /* Pass bad args. */ + ExpectIntEQ(wc_RsaSSL_Verify(NULL, idx, plain, plainSz, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaSSL_Verify(out, 0, plain, plainSz, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaSSL_Verify(out, idx, NULL, plainSz, &key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaSSL_Verify(out, idx, plain, plainSz, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + WC_FREE_VAR(in, NULL); + WC_FREE_VAR(out, NULL); + WC_FREE_VAR(plain, NULL); + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_RsaSSL_SignVerify */ + +/* + * Testing wc_RsaEncryptSize() + */ +int test_wc_RsaEncryptSize(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + RsaKey key; + WC_RNG rng; + + XMEMSET(&key, 0, sizeof(RsaKey)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + +#if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \ + (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024)) + ExpectIntEQ(MAKE_RSA_KEY(&key, 1024, WC_RSA_EXPONENT, &rng), 0); + + ExpectIntEQ(wc_RsaEncryptSize(&key), 128); + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); +#endif + + ExpectIntEQ(MAKE_RSA_KEY(&key, 2048, WC_RSA_EXPONENT, &rng), 0); + ExpectIntEQ(wc_RsaEncryptSize(&key), 256); + + /* Pass in bad arg. */ + ExpectIntEQ(wc_RsaEncryptSize(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_RsaEncryptSize*/ + +/* + * Testing wc_RsaFlattenPublicKey() + */ +int test_wc_RsaFlattenPublicKey(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + RsaKey key; + WC_RNG rng; + byte e[256]; + byte n[256]; + word32 eSz = sizeof(e); + word32 nSz = sizeof(n); + #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 4)) && \ + (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024)) + int bits = 1024; + #else + int bits = 2048; + #endif + + XMEMSET(&key, 0, sizeof(RsaKey)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + ExpectIntEQ(MAKE_RSA_KEY(&key, bits, WC_RSA_EXPONENT, &rng), 0); + + ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, &nSz), 0); + + /* Pass bad args. */ + ExpectIntEQ(wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaFlattenPublicKey(&key, NULL, &eSz, n, &nSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, NULL, n, &nSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, NULL, &nSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_RsaFlattenPublicKey(&key, e, &eSz, n, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); + +} /* END test_wc_RsaFlattenPublicKey */ + +/* + * Test the bounds checking on the cipher text versus the key modulus. + * 1. Make a new RSA key. + * 2. Set c to 1. + * 3. Decrypt c into k. (error) + * 4. Copy the key modulus to c and sub 1 from the copy. + * 5. Decrypt c into k. (error) + * Valid bounds test cases are covered by all the other RSA tests. + */ +int test_wc_RsaDecrypt_BoundsCheck(void) +{ + EXPECT_DECLS; +#if !defined(NO_RSA) && defined(WC_RSA_NO_PADDING) && \ + (defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048)) && \ + defined(WOLFSSL_PUBLIC_MP) && !defined(NO_RSA_BOUNDS_CHECK) + WC_RNG rng; + RsaKey key; + byte flatC[256]; + word32 flatCSz = 0; + byte out[256]; + word32 outSz = sizeof(out); + + XMEMSET(&key, 0, sizeof(RsaKey)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRsaKey(&key, HEAP_HINT), 0); + ExpectIntEQ(wc_InitRng(&rng), 0); + + if (EXPECT_SUCCESS()) { + const byte* derKey; + word32 derKeySz; + word32 idx = 0; + + #ifdef USE_CERT_BUFFERS_1024 + derKey = server_key_der_1024; + derKeySz = (word32)sizeof_server_key_der_1024; + flatCSz = 128; + #else + derKey = server_key_der_2048; + derKeySz = (word32)sizeof_server_key_der_2048; + flatCSz = 256; + #endif + + ExpectIntEQ(wc_RsaPrivateKeyDecode(derKey, &idx, &key, derKeySz), 0); + } + + if (EXPECT_SUCCESS()) { + XMEMSET(flatC, 0, flatCSz); + flatC[flatCSz-1] = 1; + + ExpectIntEQ(wc_RsaDirect(flatC, flatCSz, out, &outSz, &key, + RSA_PRIVATE_DECRYPT, &rng), WC_NO_ERR_TRACE(RSA_OUT_OF_RANGE_E)); + if (EXPECT_SUCCESS()) { + mp_int c; + #ifndef WOLFSSL_SP_MATH + ExpectIntEQ(mp_init_copy(&c, &key.n), 0); + #else + ExpectIntEQ(mp_init(&c), 0); + ExpectIntEQ(mp_copy(&key.n, &c), 0); + #endif + ExpectIntEQ(mp_sub_d(&c, 1, &c), 0); + ExpectIntEQ(mp_to_unsigned_bin(&c, flatC), 0); + ExpectIntEQ(wc_RsaDirect(flatC, flatCSz, out, &outSz, &key, + RSA_PRIVATE_DECRYPT, NULL), + WC_NO_ERR_TRACE(RSA_OUT_OF_RANGE_E)); + mp_clear(&c); + } + } + + DoExpectIntEQ(wc_FreeRsaKey(&key), 0); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_RsaDecryptBoundsCheck */ + diff --git a/test/ssl/wolfssl/tests/api/test_rsa.h b/test/ssl/wolfssl/tests/api/test_rsa.h new file mode 100644 index 000000000..707e688b2 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_rsa.h @@ -0,0 +1,66 @@ +/* test_rsa.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_RSA_H +#define WOLFCRYPT_TEST_RSA_H + +#include + +int test_wc_InitRsaKey(void); +int test_wc_RsaPrivateKeyDecode(void); +int test_wc_RsaPublicKeyDecode(void); +int test_wc_RsaPublicKeyDecodeRaw(void); +int test_wc_RsaPrivateKeyDecodeRaw(void); +int test_wc_MakeRsaKey(void); +int test_wc_CheckProbablePrime(void); +int test_wc_RsaPSS_Verify(void); +int test_wc_RsaPSS_VerifyCheck(void); +int test_wc_RsaPSS_VerifyCheckInline(void); +int test_wc_RsaKeyToDer(void); +int test_wc_RsaKeyToPublicDer(void); +int test_wc_RsaPublicEncryptDecrypt(void); +int test_wc_RsaPublicEncryptDecrypt_ex(void); +int test_wc_RsaEncryptSize(void); +int test_wc_RsaSSL_SignVerify(void); +int test_wc_RsaFlattenPublicKey(void); +int test_wc_RsaDecrypt_BoundsCheck(void); + +#define TEST_RSA_DECLS \ + TEST_DECL_GROUP("rsa", test_wc_InitRsaKey), \ + TEST_DECL_GROUP("rsa", test_wc_RsaPrivateKeyDecode), \ + TEST_DECL_GROUP("rsa", test_wc_RsaPublicKeyDecode), \ + TEST_DECL_GROUP("rsa", test_wc_RsaPublicKeyDecodeRaw), \ + TEST_DECL_GROUP("rsa", test_wc_RsaPrivateKeyDecodeRaw), \ + TEST_DECL_GROUP("rsa", test_wc_MakeRsaKey), \ + TEST_DECL_GROUP("rsa", test_wc_CheckProbablePrime), \ + TEST_DECL_GROUP("rsa", test_wc_RsaPSS_Verify), \ + TEST_DECL_GROUP("rsa", test_wc_RsaPSS_VerifyCheck), \ + TEST_DECL_GROUP("rsa", test_wc_RsaPSS_VerifyCheckInline), \ + TEST_DECL_GROUP("rsa", test_wc_RsaKeyToDer), \ + TEST_DECL_GROUP("rsa", test_wc_RsaKeyToPublicDer), \ + TEST_DECL_GROUP("rsa", test_wc_RsaPublicEncryptDecrypt), \ + TEST_DECL_GROUP("rsa", test_wc_RsaPublicEncryptDecrypt_ex), \ + TEST_DECL_GROUP("rsa", test_wc_RsaEncryptSize), \ + TEST_DECL_GROUP("rsa", test_wc_RsaSSL_SignVerify), \ + TEST_DECL_GROUP("rsa", test_wc_RsaFlattenPublicKey), \ + TEST_DECL_GROUP("rsa", test_wc_RsaDecrypt_BoundsCheck) + +#endif /* WOLFCRYPT_TEST_RSA_H */ diff --git a/test/ssl/wolfssl/tests/api/test_sha.c b/test/ssl/wolfssl/tests/api/test_sha.c new file mode 100644 index 000000000..df0177d6b --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_sha.c @@ -0,0 +1,206 @@ +/* test_sha.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/* + * Unit test for the wc_InitSha() + */ +int test_wc_InitSha(void) +{ + EXPECT_DECLS; +#ifndef NO_SHA + DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha, Sha); +#endif + return EXPECT_RESULT(); +} /* END test_wc_InitSha */ + +/* + * Tesing wc_ShaUpdate() + */ +int test_wc_ShaUpdate(void) +{ + EXPECT_DECLS; +#ifndef NO_SHA + DIGEST_UPDATE_TEST(wc_Sha, Sha); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ShaUpdate() */ + +/* + * Unit test on wc_ShaFinal + */ +int test_wc_ShaFinal(void) +{ + EXPECT_DECLS; +#ifndef NO_SHA + DIGEST_FINAL_TEST(wc_Sha, Sha, SHA); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ShaFinal */ + +/* + * Unit test on wc_ShaFinalRaw + */ +int test_wc_ShaFinalRaw(void) +{ + EXPECT_DECLS; +#if !defined(NO_SHA) && !defined(HAVE_SELFTEST) && \ + !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \ + !defined(WOLFSSL_NO_HASH_RAW) + DIGEST_FINAL_RAW_TEST(wc_Sha, Sha, SHA, + "\x67\x45\x23\x01\xef\xcd\xab\x89" + "\x98\xba\xdc\xfe\x10\x32\x54\x76" + "\xc3\xd2\xe1\xf0"); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ShaFinal */ + +#define SHA_KAT_CNT 7 +int test_wc_Sha_KATs(void) +{ + EXPECT_DECLS; +#ifndef NO_SHA + DIGEST_KATS_TEST_VARS(wc_Sha, SHA); + + DIGEST_KATS_ADD("", 0, + "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d" + "\x32\x55\xbf\xef\x95\x60\x18\x90" + "\xaf\xd8\x07\x09"); + DIGEST_KATS_ADD("a", 1, + "\x86\xf7\xe4\x37\xfa\xa5\xa7\xfc" + "\xe1\x5d\x1d\xdc\xb9\xea\xea\xea" + "\x37\x76\x67\xb8"); + DIGEST_KATS_ADD("abc", 3, + "\xa9\x99\x3e\x36\x47\x06\x81\x6a" + "\xba\x3e\x25\x71\x78\x50\xc2\x6c" + "\x9c\xd0\xd8\x9d"); + DIGEST_KATS_ADD("message digest", 14, + "\xc1\x22\x52\xce\xda\x8b\xe8\x99" + "\x4d\x5f\xa0\x29\x0a\x47\x23\x1c" + "\x1d\x16\xaa\xe3"); + DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26, + "\x32\xd1\x0c\x7b\x8c\xf9\x65\x70" + "\xca\x04\xce\x37\xf2\xa1\x9d\x84" + "\x24\x0d\x3a\x89"); + DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", 62, + "\x76\x1c\x45\x7b\xf7\x3b\x14\xd2" + "\x7e\x9e\x92\x65\xc4\x6f\x4b\x4d" + "\xda\x11\xf9\x40"); + DIGEST_KATS_ADD("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", 80, + "\x50\xab\xf5\x70\x6a\x15\x09\x90" + "\xa0\x8b\x2c\x5e\xa4\x0f\xa0\xe5" + "\x85\x55\x47\x32"); + + DIGEST_KATS_TEST(Sha, SHA); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ShaFinal */ + +int test_wc_Sha_other(void) +{ + EXPECT_DECLS; +#ifndef NO_SHA + DIGEST_OTHER_TEST(wc_Sha, Sha, SHA, + "\xf0\xc2\x3f\xeb\xe0\xb0\xd9\x8c" + "\x01\x23\x6c\x4c\x3b\x72\x7b\x01" + "\xc7\x0d\x2b\x60"); +#endif + return EXPECT_RESULT(); +} /* END test_wc_ShaFinal */ + +int test_wc_ShaCopy(void) +{ + EXPECT_DECLS; +#ifndef NO_SHA + DIGEST_COPY_TEST(wc_Sha, Sha, SHA, + "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d" + "\x32\x55\xbf\xef\x95\x60\x18\x90" + "\xaf\xd8\x07\x09", + "\xa9\x99\x3e\x36\x47\x06\x81\x6a" + "\xba\x3e\x25\x71\x78\x50\xc2\x6c" + "\x9c\xd0\xd8\x9d"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_ShaGetHash(void) +{ + EXPECT_DECLS; +#ifndef NO_SHA + DIGEST_GET_HASH_TEST(wc_Sha, Sha, SHA, + "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d" + "\x32\x55\xbf\xef\x95\x60\x18\x90" + "\xaf\xd8\x07\x09", + "\xa9\x99\x3e\x36\x47\x06\x81\x6a" + "\xba\x3e\x25\x71\x78\x50\xc2\x6c" + "\x9c\xd0\xd8\x9d"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_ShaTransform(void) +{ + EXPECT_DECLS; +#if !defined(NO_SHA) && (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \ + !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) + DIGEST_TRANSFORM_FINAL_RAW_TEST(wc_Sha, Sha, SHA, + "\x80\x63\x62\x61\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x18\x00\x00\x00", + "\xa9\x99\x3e\x36\x47\x06\x81\x6a" + "\xba\x3e\x25\x71\x78\x50\xc2\x6c" + "\x9c\xd0\xd8\x9d"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha_Flags(void) +{ + EXPECT_DECLS; +#if !defined(NO_SHA) && defined(WOLFSSL_HASH_FLAGS) + DIGEST_FLAGS_TEST(wc_Sha, Sha); +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_sha.h b/test/ssl/wolfssl/tests/api/test_sha.h new file mode 100644 index 000000000..47ec01305 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_sha.h @@ -0,0 +1,50 @@ +/* test_sha.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_SHA_H +#define WOLFCRYPT_TEST_SHA_H + +#include + +int test_wc_InitSha(void); +int test_wc_ShaUpdate(void); +int test_wc_ShaFinal(void); +int test_wc_ShaFinalRaw(void); +int test_wc_Sha_KATs(void); +int test_wc_Sha_other(void); +int test_wc_ShaCopy(void); +int test_wc_ShaGetHash(void); +int test_wc_ShaTransform(void); +int test_wc_Sha_Flags(void); + +#define TEST_SHA_DECLS \ + TEST_DECL_GROUP("sha", test_wc_InitSha), \ + TEST_DECL_GROUP("sha", test_wc_ShaUpdate), \ + TEST_DECL_GROUP("sha", test_wc_ShaFinal), \ + TEST_DECL_GROUP("sha", test_wc_ShaFinalRaw), \ + TEST_DECL_GROUP("sha", test_wc_Sha_KATs), \ + TEST_DECL_GROUP("sha", test_wc_Sha_other), \ + TEST_DECL_GROUP("sha", test_wc_ShaCopy), \ + TEST_DECL_GROUP("sha", test_wc_ShaGetHash), \ + TEST_DECL_GROUP("sha", test_wc_ShaTransform), \ + TEST_DECL_GROUP("sha", test_wc_Sha_Flags) + +#endif /* WOLFCRYPT_TEST_SHA_H */ diff --git a/test/ssl/wolfssl/tests/api/test_sha256.c b/test/ssl/wolfssl/tests/api/test_sha256.c new file mode 100644 index 000000000..ffdecbf7c --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_sha256.c @@ -0,0 +1,373 @@ +/* test_sha256.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/******************************************************************************* + * SHA-256 + ******************************************************************************/ + +/* + * Unit test for the wc_InitSha256() + */ +int test_wc_InitSha256(void) +{ + EXPECT_DECLS; +#ifndef NO_SHA256 + DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha256, Sha256); +#endif + return EXPECT_RESULT(); +} /* END test_wc_InitSha256 */ + +/* + * Tesing wc_Sha256Update() + */ +int test_wc_Sha256Update(void) +{ + EXPECT_DECLS; +#ifndef NO_SHA256 + DIGEST_UPDATE_TEST(wc_Sha256, Sha256); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha256Update() */ + +/* + * Unit test on wc_Sha256Final + */ +int test_wc_Sha256Final(void) +{ + EXPECT_DECLS; +#ifndef NO_SHA256 + DIGEST_FINAL_TEST(wc_Sha256, Sha256, SHA256); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha256Final */ + +/* + * Unit test on wc_Sha256FinalRaw + */ +int test_wc_Sha256FinalRaw(void) +{ + EXPECT_DECLS; +#if !defined(NO_SHA256) && !defined(HAVE_SELFTEST) && \ + !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \ + !defined(WOLFSSL_NO_HASH_RAW) + DIGEST_FINAL_RAW_TEST(wc_Sha256, Sha256, SHA256, + "\x6a\x09\xe6\x67\xbb\x67\xae\x85" + "\x3c\x6e\xf3\x72\xa5\x4f\xf5\x3a" + "\x51\x0e\x52\x7f\x9b\x05\x68\x8c" + "\x1f\x83\xd9\xab\x5b\xe0\xcd\x19"); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha256Final */ + +#define SHA256_KAT_CNT 7 +int test_wc_Sha256_KATs(void) +{ + EXPECT_DECLS; +#ifndef NO_SHA256 + DIGEST_KATS_TEST_VARS(wc_Sha256, SHA256); + + DIGEST_KATS_ADD("", 0, + "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14" + "\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24" + "\x27\xae\x41\xe4\x64\x9b\x93\x4c" + "\xa4\x95\x99\x1b\x78\x52\xb8\x55"); + DIGEST_KATS_ADD("a", 1, + "\xca\x97\x81\x12\xca\x1b\xbd\xca" + "\xfa\xc2\x31\xb3\x9a\x23\xdc\x4d" + "\xa7\x86\xef\xf8\x14\x7c\x4e\x72" + "\xb9\x80\x77\x85\xaf\xee\x48\xbb"); + DIGEST_KATS_ADD("abc", 3, + "\xba\x78\x16\xbf\x8f\x01\xcf\xea" + "\x41\x41\x40\xde\x5d\xae\x22\x23" + "\xb0\x03\x61\xa3\x96\x17\x7a\x9c" + "\xb4\x10\xff\x61\xf2\x00\x15\xad"); + DIGEST_KATS_ADD("message digest", 14, + "\xf7\x84\x6f\x55\xcf\x23\xe1\x4e" + "\xeb\xea\xb5\xb4\xe1\x55\x0c\xad" + "\x5b\x50\x9e\x33\x48\xfb\xc4\xef" + "\xa3\xa1\x41\x3d\x39\x3c\xb6\x50"); + DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26, + "\x71\xc4\x80\xdf\x93\xd6\xae\x2f" + "\x1e\xfa\xd1\x44\x7c\x66\xc9\x52" + "\x5e\x31\x62\x18\xcf\x51\xfc\x8d" + "\x9e\xd8\x32\xf2\xda\xf1\x8b\x73"); + DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", 62, + "\xdb\x4b\xfc\xbd\x4d\xa0\xcd\x85" + "\xa6\x0c\x3c\x37\xd3\xfb\xd8\x80" + "\x5c\x77\xf1\x5f\xc6\xb1\xfd\xfe" + "\x61\x4e\xe0\xa7\xc8\xfd\xb4\xc0"); + DIGEST_KATS_ADD("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", 80, + "\xf3\x71\xbc\x4a\x31\x1f\x2b\x00" + "\x9e\xef\x95\x2d\xd8\x3c\xa8\x0e" + "\x2b\x60\x02\x6c\x8e\x93\x55\x92" + "\xd0\xf9\xc3\x08\x45\x3c\x81\x3e"); + + DIGEST_KATS_TEST(Sha256, SHA256); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha256Final */ + +int test_wc_Sha256_other(void) +{ + EXPECT_DECLS; +#ifndef NO_SHA256 + DIGEST_OTHER_TEST(wc_Sha256, Sha256, SHA256, + "\x2c\x41\xa1\xdd\x58\x4e\x37\x73" + "\xb9\x56\x74\x84\x1b\x68\x5f\x36" + "\xc7\x6b\x48\xec\x4d\xb7\x58\x63" + "\x37\x2c\x2f\xd6\xe1\x9a\x61\xce"); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha256Final */ + +int test_wc_Sha256Copy(void) +{ + EXPECT_DECLS; +#ifndef NO_SHA256 + DIGEST_COPY_TEST(wc_Sha256, Sha256, SHA256, + "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14" + "\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24" + "\x27\xae\x41\xe4\x64\x9b\x93\x4c" + "\xa4\x95\x99\x1b\x78\x52\xb8\x55", + "\xba\x78\x16\xbf\x8f\x01\xcf\xea" + "\x41\x41\x40\xde\x5d\xae\x22\x23" + "\xb0\x03\x61\xa3\x96\x17\x7a\x9c" + "\xb4\x10\xff\x61\xf2\x00\x15\xad"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha256GetHash(void) +{ + EXPECT_DECLS; +#ifndef NO_SHA256 + DIGEST_GET_HASH_TEST(wc_Sha256, Sha256, SHA256, + "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14" + "\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24" + "\x27\xae\x41\xe4\x64\x9b\x93\x4c" + "\xa4\x95\x99\x1b\x78\x52\xb8\x55", + "\xba\x78\x16\xbf\x8f\x01\xcf\xea" + "\x41\x41\x40\xde\x5d\xae\x22\x23" + "\xb0\x03\x61\xa3\x96\x17\x7a\x9c" + "\xb4\x10\xff\x61\xf2\x00\x15\xad"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha256Transform(void) +{ + EXPECT_DECLS; +#if !defined(NO_SHA256) && (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \ + !defined(WOLFSSL_KCAPI_HASH) && !defined(WOLFSSL_AFALG_HASH) && \ + !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) + DIGEST_TRANSFORM_FINAL_RAW_TEST(wc_Sha256, Sha256, SHA256, + "\x80\x63\x62\x61\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x18\x00\x00\x00", + "\xba\x78\x16\xbf\x8f\x01\xcf\xea" + "\x41\x41\x40\xde\x5d\xae\x22\x23" + "\xb0\x03\x61\xa3\x96\x17\x7a\x9c" + "\xb4\x10\xff\x61\xf2\x00\x15\xad"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha256_Flags(void) +{ + EXPECT_DECLS; +#if !defined(NO_SHA256) && defined(WOLFSSL_HASH_FLAGS) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) + DIGEST_FLAGS_TEST(wc_Sha256, Sha256); +#endif + return EXPECT_RESULT(); +} + +/******************************************************************************* + * SHA-224 + ******************************************************************************/ + +/* + * Unit test for the wc_InitSha224() + */ +int test_wc_InitSha224(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA224 + DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha224, Sha224); +#endif + return EXPECT_RESULT(); +} /* END test_wc_InitSha224 */ + +/* + * Tesing wc_Sha224Update() + */ +int test_wc_Sha224Update(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA224 + DIGEST_UPDATE_TEST(wc_Sha224, Sha224); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha224Update() */ + +/* + * Unit test on wc_Sha224Final + */ +int test_wc_Sha224Final(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA224 + DIGEST_FINAL_TEST(wc_Sha224, Sha224, SHA224); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha224Final */ + +#define SHA224_KAT_CNT 7 +int test_wc_Sha224_KATs(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA224 + DIGEST_KATS_TEST_VARS(wc_Sha224, SHA224); + + DIGEST_KATS_ADD("", 0, + "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9" + "\x47\x61\x02\xbb\x28\x82\x34\xc4" + "\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a" + "\xc5\xb3\xe4\x2f"); + DIGEST_KATS_ADD("a", 1, + "\xab\xd3\x75\x34\xc7\xd9\xa2\xef" + "\xb9\x46\x5d\xe9\x31\xcd\x70\x55" + "\xff\xdb\x88\x79\x56\x3a\xe9\x80" + "\x78\xd6\xd6\xd5"); + DIGEST_KATS_ADD("abc", 3, + "\x23\x09\x7d\x22\x34\x05\xd8\x22" + "\x86\x42\xa4\x77\xbd\xa2\x55\xb3" + "\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7" + "\xe3\x6c\x9d\xa7"); + DIGEST_KATS_ADD("message digest", 14, + "\x2c\xb2\x1c\x83\xae\x2f\x00\x4d" + "\xe7\xe8\x1c\x3c\x70\x19\xcb\xcb" + "\x65\xb7\x1a\xb6\x56\xb2\x2d\x6d" + "\x0c\x39\xb8\xeb"); + DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26, + "\x45\xa5\xf7\x2c\x39\xc5\xcf\xf2" + "\x52\x2e\xb3\x42\x97\x99\xe4\x9e" + "\x5f\x44\xb3\x56\xef\x92\x6b\xcf" + "\x39\x0d\xcc\xc2"); + DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", 62, + "\xbf\xf7\x2b\x4f\xcb\x7d\x75\xe5" + "\x63\x29\x00\xac\x5f\x90\xd2\x19" + "\xe0\x5e\x97\xa7\xbd\xe7\x2e\x74" + "\x0d\xb3\x93\xd9"); + DIGEST_KATS_ADD("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", 80, + "\xb5\x0a\xec\xbe\x4e\x9b\xb0\xb5" + "\x7b\xc5\xf3\xae\x76\x0a\x8e\x01" + "\xdb\x24\xf2\x03\xfb\x3c\xdc\xd1" + "\x31\x48\x04\x6e"); + + DIGEST_KATS_TEST(Sha224, SHA224); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha224Final */ + +int test_wc_Sha224_other(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA224 + DIGEST_OTHER_TEST(wc_Sha224, Sha224, SHA224, + "\x60\x81\xdf\x2f\xae\xe2\x25\xe9" + "\x87\x61\x2a\x8e\x25\x19\x16\x39" + "\x80\xfb\x77\xfa\x28\x74\x17\x4d" + "\xf3\x15\x52\x2b"); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha224Final */ + +int test_wc_Sha224Copy(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA224 + DIGEST_COPY_TEST(wc_Sha224, Sha224, SHA224, + "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9" + "\x47\x61\x02\xbb\x28\x82\x34\xc4" + "\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a" + "\xc5\xb3\xe4\x2f", + "\x23\x09\x7d\x22\x34\x05\xd8\x22" + "\x86\x42\xa4\x77\xbd\xa2\x55\xb3" + "\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7" + "\xe3\x6c\x9d\xa7"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha224GetHash(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA224 + DIGEST_GET_HASH_TEST(wc_Sha224, Sha224, SHA224, + "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9" + "\x47\x61\x02\xbb\x28\x82\x34\xc4" + "\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a" + "\xc5\xb3\xe4\x2f", + "\x23\x09\x7d\x22\x34\x05\xd8\x22" + "\x86\x42\xa4\x77\xbd\xa2\x55\xb3" + "\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7" + "\xe3\x6c\x9d\xa7"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha224_Flags(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA224) && defined(WOLFSSL_HASH_FLAGS) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) + DIGEST_FLAGS_TEST(wc_Sha224, Sha224); +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_sha256.h b/test/ssl/wolfssl/tests/api/test_sha256.h new file mode 100644 index 000000000..0f21fdd90 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_sha256.h @@ -0,0 +1,69 @@ +/* test_sha256.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_SHA256_H +#define WOLFCRYPT_TEST_SHA256_H + +#include + +int test_wc_InitSha256(void); +int test_wc_Sha256Update(void); +int test_wc_Sha256Final(void); +int test_wc_Sha256FinalRaw(void); +int test_wc_Sha256_KATs(void); +int test_wc_Sha256_other(void); +int test_wc_Sha256Copy(void); +int test_wc_Sha256GetHash(void); +int test_wc_Sha256Transform(void); +int test_wc_Sha256_Flags(void); + +int test_wc_InitSha224(void); +int test_wc_Sha224Update(void); +int test_wc_Sha224Final(void); +int test_wc_Sha224_KATs(void); +int test_wc_Sha224_other(void); +int test_wc_Sha224Copy(void); +int test_wc_Sha224GetHash(void); +int test_wc_Sha224_Flags(void); + +#define TEST_SHA256_DECLS \ + TEST_DECL_GROUP("sha256", test_wc_InitSha256), \ + TEST_DECL_GROUP("sha256", test_wc_Sha256Update), \ + TEST_DECL_GROUP("sha256", test_wc_Sha256Final), \ + TEST_DECL_GROUP("sha256", test_wc_Sha256FinalRaw), \ + TEST_DECL_GROUP("sha256", test_wc_Sha256_KATs), \ + TEST_DECL_GROUP("sha256", test_wc_Sha256_other), \ + TEST_DECL_GROUP("sha256", test_wc_Sha256Copy), \ + TEST_DECL_GROUP("sha256", test_wc_Sha256GetHash), \ + TEST_DECL_GROUP("sha256", test_wc_Sha256Transform), \ + TEST_DECL_GROUP("sha256", test_wc_Sha256_Flags) + +#define TEST_SHA224_DECLS \ + TEST_DECL_GROUP("sha224", test_wc_InitSha224), \ + TEST_DECL_GROUP("sha224", test_wc_Sha224Update), \ + TEST_DECL_GROUP("sha224", test_wc_Sha224Final), \ + TEST_DECL_GROUP("sha224", test_wc_Sha224_KATs), \ + TEST_DECL_GROUP("sha224", test_wc_Sha224_other), \ + TEST_DECL_GROUP("sha224", test_wc_Sha224Copy), \ + TEST_DECL_GROUP("sha224", test_wc_Sha224GetHash), \ + TEST_DECL_GROUP("sha224", test_wc_Sha224_Flags) + +#endif /* WOLFCRYPT_TEST_SHA256_H */ diff --git a/test/ssl/wolfssl/tests/api/test_sha3.c b/test/ssl/wolfssl/tests/api/test_sha3.c new file mode 100644 index 000000000..7313e6bb9 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_sha3.c @@ -0,0 +1,1458 @@ +/* test_sha3.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +#if defined(HAVE_SELFTEST) || (defined(HAVE_FIPS) && \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION < 3))) + #define WC_SHA3_128_BLOCK_SIZE 168 + #define WC_SHA3_224_BLOCK_SIZE 144 + #define WC_SHA3_256_BLOCK_SIZE 136 + #define WC_SHA3_384_BLOCK_SIZE 104 + #define WC_SHA3_512_BLOCK_SIZE 72 +#endif + +/******************************************************************************* + * SHA-3 + ******************************************************************************/ + +#define SHA3_KATS_TEST(name, upper) \ + (void)i; \ + \ + /* Initialize */ \ + ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0); \ + \ + for (i = 0; i < upper##_KAT_CNT; i++) { \ + /* Do KAT. */ \ + ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)dgst_kat[i].input, \ + (word32)dgst_kat[i].inLen), 0); \ + ExpectIntEQ(wc_##name##_Final(&dgst, hash), 0); \ + ExpectBufEQ(hash, (byte*)dgst_kat[i].output, \ + WC_##upper##_DIGEST_SIZE); \ + } \ + \ + wc_##name##_Free(&dgst) + +#define SHA3_GET_HASH_TEST(name, upper, emptyHashStr, abcHashStr) \ +do { \ + wc_Sha3 dgst; \ + byte hash[WC_##upper##_DIGEST_SIZE]; \ + const char* emptyHash = emptyHashStr; \ + const char* abcHash = abcHashStr; \ + \ + XMEMSET(&dgst, 0, sizeof(dgst)); \ + \ + ExpectIntEQ(wc_Init##name(&dgst, HEAP_HINT, INVALID_DEVID), 0); \ + \ + ExpectIntEQ(wc_##name##_GetHash(NULL, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##_GetHash(&dgst, NULL), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + ExpectIntEQ(wc_##name##_GetHash(NULL, hash), \ + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); \ + \ + ExpectIntEQ(wc_##name##_GetHash(&dgst, hash), 0); \ + ExpectBufEQ(hash, emptyHash, WC_##upper##_DIGEST_SIZE); \ + /* Test that the hash state hasn't been modified. */ \ + ExpectIntEQ(wc_##name##_Update(&dgst, (byte*)"abc", 3), 0); \ + ExpectIntEQ(wc_##name##_GetHash(&dgst, hash), 0); \ + ExpectBufEQ(hash, abcHash, WC_##upper##_DIGEST_SIZE); \ + \ + wc_##name##_Free(&dgst); \ +} while (0) + + +int test_wc_InitSha3(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + DIGEST_INIT_TEST(wc_Sha3, Sha3_224); + #endif + #ifndef WOLFSSL_NOSHA3_256 + DIGEST_INIT_TEST(wc_Sha3, Sha3_256); + #endif + #ifndef WOLFSSL_NOSHA3_384 + DIGEST_INIT_TEST(wc_Sha3, Sha3_384); + #endif + #ifndef WOLFSSL_NOSHA3_512 + DIGEST_INIT_TEST(wc_Sha3, Sha3_512); + #endif +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha3_Update(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + DIGEST_ALT_UPDATE_TEST(wc_Sha3, Sha3_224); + #endif + #ifndef WOLFSSL_NOSHA3_256 + DIGEST_ALT_UPDATE_TEST(wc_Sha3, Sha3_256); + #endif + #ifndef WOLFSSL_NOSHA3_384 + DIGEST_ALT_UPDATE_TEST(wc_Sha3, Sha3_384); + #endif + #ifndef WOLFSSL_NOSHA3_512 + DIGEST_ALT_UPDATE_TEST(wc_Sha3, Sha3_512); + #endif +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha3_Final(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + DIGEST_ALT_FINAL_TEST(wc_Sha3, Sha3_224, SHA3_224); + #endif + #ifndef WOLFSSL_NOSHA3_256 + DIGEST_ALT_FINAL_TEST(wc_Sha3, Sha3_256, SHA3_256); + #endif + #ifndef WOLFSSL_NOSHA3_384 + DIGEST_ALT_FINAL_TEST(wc_Sha3, Sha3_384, SHA3_384); + #endif + #ifndef WOLFSSL_NOSHA3_512 + DIGEST_ALT_FINAL_TEST(wc_Sha3, Sha3_512, SHA3_512); + #endif +#endif + return EXPECT_RESULT(); +} + +#define SHA3_224_KAT_CNT 7 +int test_wc_Sha3_224_KATs(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) + DIGEST_KATS_TEST_VARS(wc_Sha3, SHA3_224); + + DIGEST_KATS_ADD("", 0, + "\x6b\x4e\x03\x42\x36\x67\xdb\xb7" + "\x3b\x6e\x15\x45\x4f\x0e\xb1\xab" + "\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f" + "\x5b\x5a\x6b\xc7"); + DIGEST_KATS_ADD("a", 1, + "\x9e\x86\xff\x69\x55\x7c\xa9\x5f" + "\x40\x5f\x08\x12\x69\x68\x5b\x38" + "\xe3\xa8\x19\xb3\x09\xee\x94\x2f" + "\x48\x2b\x6a\x8b"); + DIGEST_KATS_ADD("abc", 3, + "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a" + "\xd0\x92\x34\xee\x7d\x3c\x76\x6f" + "\xc9\xa3\xa5\x16\x8d\x0c\x94\xad" + "\x73\xb4\x6f\xdf"); + DIGEST_KATS_ADD("message digest", 14, + "\x18\x76\x8b\xb4\xc4\x8e\xb7\xfc" + "\x88\xe5\xdd\xb1\x7e\xfc\xf2\x96" + "\x4a\xbd\x77\x98\xa3\x9d\x86\xa4" + "\xb4\xa1\xe4\xc8"); + DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26, + "\x5c\xde\xca\x81\xe1\x23\xf8\x7c" + "\xad\x96\xb9\xcb\xa9\x99\xf1\x6f" + "\x6d\x41\x54\x96\x08\xd4\xe0\xf4" + "\x68\x1b\x82\x39"); + DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", 62, + "\xa6\x7c\x28\x9b\x82\x50\xa6\xf4" + "\x37\xa2\x01\x37\x98\x5d\x60\x55" + "\x89\xa8\xc1\x63\xd4\x52\x61\xb1" + "\x54\x19\x55\x6e"); + DIGEST_KATS_ADD("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", 80, + "\x05\x26\x89\x8e\x18\x58\x69\xf9" + "\x1b\x3e\x2a\x76\xdd\x72\xa1\x5d" + "\xc6\x94\x0a\x67\xc8\x16\x4a\x04" + "\x4c\xd2\x5c\xc8"); + + SHA3_KATS_TEST(Sha3_224, SHA3_224); +#endif + return EXPECT_RESULT(); +} + +#define SHA3_256_KAT_CNT 7 +int test_wc_Sha3_256_KATs(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + DIGEST_KATS_TEST_VARS(wc_Sha3, SHA3_256); + + DIGEST_KATS_ADD("", 0, + "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66" + "\x51\xc1\x47\x56\xa0\x61\xd6\x62" + "\xf5\x80\xff\x4d\xe4\x3b\x49\xfa" + "\x82\xd8\x0a\x4b\x80\xf8\x43\x4a"); + DIGEST_KATS_ADD("a", 1, + "\x80\x08\x4b\xf2\xfb\xa0\x24\x75" + "\x72\x6f\xeb\x2c\xab\x2d\x82\x15" + "\xea\xb1\x4b\xc6\xbd\xd8\xbf\xb2" + "\xc8\x15\x12\x57\x03\x2e\xcd\x8b"); + DIGEST_KATS_ADD("abc", 3, + "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2" + "\x04\x5c\x17\x2d\x6b\xd3\x90\xbd" + "\x85\x5f\x08\x6e\x3e\x9d\x52\x5b" + "\x46\xbf\xe2\x45\x11\x43\x15\x32"); + DIGEST_KATS_ADD("message digest", 14, + "\xed\xcd\xb2\x06\x93\x66\xe7\x52" + "\x43\x86\x0c\x18\xc3\xa1\x14\x65" + "\xec\xa3\x4b\xce\x61\x43\xd3\x0c" + "\x86\x65\xce\xfc\xfd\x32\xbf\xfd"); + DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26, + "\x7c\xab\x2d\xc7\x65\xe2\x1b\x24" + "\x1d\xbc\x1c\x25\x5c\xe6\x20\xb2" + "\x9f\x52\x7c\x6d\x5e\x7f\x5f\x84" + "\x3e\x56\x28\x8f\x0d\x70\x75\x21"); + DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", 62, + "\xa7\x9d\x6a\x9d\xa4\x7f\x04\xa3" + "\xb9\xa9\x32\x3e\xc9\x99\x1f\x21" + "\x05\xd4\xc7\x8a\x7b\xc7\xbe\xeb" + "\x10\x38\x55\xa7\xa1\x1d\xfb\x9f"); + DIGEST_KATS_ADD("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", 80, + "\x29\x3e\x5c\xe4\xce\x54\xee\x71" + "\x99\x0a\xb0\x6e\x51\x1b\x7c\xcd" + "\x62\x72\x2b\x1b\xeb\x41\x4f\x5f" + "\xf6\x5c\x82\x74\xe0\xf5\xbe\x1d"); + + SHA3_KATS_TEST(Sha3_256, SHA3_256); +#endif + return EXPECT_RESULT(); +} + +#define SHA3_384_KAT_CNT 7 +int test_wc_Sha3_384_KATs(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) + DIGEST_KATS_TEST_VARS(wc_Sha3, SHA3_384); + + DIGEST_KATS_ADD("", 0, + "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d" + "\x01\x10\x7d\x85\x2e\x4c\x24\x85" + "\xc5\x1a\x50\xaa\xaa\x94\xfc\x61" + "\x99\x5e\x71\xbb\xee\x98\x3a\x2a" + "\xc3\x71\x38\x31\x26\x4a\xdb\x47" + "\xfb\x6b\xd1\xe0\x58\xd5\xf0\x04"); + DIGEST_KATS_ADD("a", 1, + "\x18\x15\xf7\x74\xf3\x20\x49\x1b" + "\x48\x56\x9e\xfe\xc7\x94\xd2\x49" + "\xee\xb5\x9a\xae\x46\xd2\x2b\xf7" + "\x7d\xaf\xe2\x5c\x5e\xdc\x28\xd7" + "\xea\x44\xf9\x3e\xe1\x23\x4a\xa8" + "\x8f\x61\xc9\x19\x12\xa4\xcc\xd9"); + DIGEST_KATS_ADD("abc", 3, + "\xec\x01\x49\x82\x88\x51\x6f\xc9" + "\x26\x45\x9f\x58\xe2\xc6\xad\x8d" + "\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25" + "\x96\xda\x7c\xf0\xe4\x9b\xe4\xb2" + "\x98\xd8\x8c\xea\x92\x7a\xc7\xf5" + "\x39\xf1\xed\xf2\x28\x37\x6d\x25"); + DIGEST_KATS_ADD("message digest", 14, + "\xd9\x51\x97\x09\xf4\x4a\xf7\x3e" + "\x2c\x8e\x29\x11\x09\xa9\x79\xde" + "\x3d\x61\xdc\x02\xbf\x69\xde\xf7" + "\xfb\xff\xdf\xff\xe6\x62\x75\x15" + "\x13\xf1\x9a\xd5\x7e\x17\xd4\xb9" + "\x3b\xa1\xe4\x84\xfc\x19\x80\xd5"); + DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26, + "\xfe\xd3\x99\xd2\x21\x7a\xaf\x4c" + "\x71\x7a\xd0\xc5\x10\x2c\x15\x58" + "\x9e\x1c\x99\x0c\xc2\xb9\xa5\x02" + "\x90\x56\xa7\xf7\x48\x58\x88\xd6" + "\xab\x65\xdb\x23\x70\x07\x7a\x5c" + "\xad\xb5\x3f\xc9\x28\x0d\x27\x8f"); + DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", 62, + "\xd5\xb9\x72\x30\x2f\x50\x80\xd0" + "\x83\x0e\x0d\xe7\xb6\xb2\xcf\x38" + "\x36\x65\xa0\x08\xf4\xc4\xf3\x86" + "\xa6\x11\x12\x65\x2c\x74\x2d\x20" + "\xcb\x45\xaa\x51\xbd\x4f\x54\x2f" + "\xc7\x33\xe2\x71\x9e\x99\x92\x91"); + DIGEST_KATS_ADD("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", 80, + "\x3c\x21\x3a\x17\xf5\x14\x63\x8a" + "\xcb\x3b\xf1\x7f\x10\x9f\x3e\x24" + "\xc1\x6f\x9f\x14\xf0\x85\xb5\x2a" + "\x2f\x2b\x81\xad\xc0\xdb\x83\xdf" + "\x1a\x58\xdb\x2c\xe0\x13\x19\x1b" + "\x8b\xa7\x2d\x8f\xae\x7e\x2a\x5e"); + + SHA3_KATS_TEST(Sha3_384, SHA3_384); +#endif + return EXPECT_RESULT(); +} + +#define SHA3_512_KAT_CNT 7 +int test_wc_Sha3_512_KATs(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) + DIGEST_KATS_TEST_VARS(wc_Sha3, SHA3_512); + + DIGEST_KATS_ADD("", 0, + "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5" + "\xc8\xb5\x67\xdc\x18\x5a\x75\x6e" + "\x97\xc9\x82\x16\x4f\xe2\x58\x59" + "\xe0\xd1\xdc\xc1\x47\x5c\x80\xa6" + "\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c" + "\x11\xe3\xe9\x40\x2c\x3a\xc5\x58" + "\xf5\x00\x19\x9d\x95\xb6\xd3\xe3" + "\x01\x75\x85\x86\x28\x1d\xcd\x26"); + DIGEST_KATS_ADD("a", 1, + "\x69\x7f\x2d\x85\x61\x72\xcb\x83" + "\x09\xd6\xb8\xb9\x7d\xac\x4d\xe3" + "\x44\xb5\x49\xd4\xde\xe6\x1e\xdf" + "\xb4\x96\x2d\x86\x98\xb7\xfa\x80" + "\x3f\x4f\x93\xff\x24\x39\x35\x86" + "\xe2\x8b\x5b\x95\x7a\xc3\xd1\xd3" + "\x69\x42\x0c\xe5\x33\x32\x71\x2f" + "\x99\x7b\xd3\x36\xd0\x9a\xb0\x2a"); + DIGEST_KATS_ADD("abc", 3, + "\xb7\x51\x85\x0b\x1a\x57\x16\x8a" + "\x56\x93\xcd\x92\x4b\x6b\x09\x6e" + "\x08\xf6\x21\x82\x74\x44\xf7\x0d" + "\x88\x4f\x5d\x02\x40\xd2\x71\x2e" + "\x10\xe1\x16\xe9\x19\x2a\xf3\xc9" + "\x1a\x7e\xc5\x76\x47\xe3\x93\x40" + "\x57\x34\x0b\x4c\xf4\x08\xd5\xa5" + "\x65\x92\xf8\x27\x4e\xec\x53\xf0"); + DIGEST_KATS_ADD("message digest", 14, + "\x34\x44\xe1\x55\x88\x1f\xa1\x55" + "\x11\xf5\x77\x26\xc7\xd7\xcf\xe8" + "\x03\x02\xa7\x43\x30\x67\xb2\x9d" + "\x59\xa7\x14\x15\xca\x9d\xd1\x41" + "\xac\x89\x2d\x31\x0b\xc4\xd7\x81" + "\x28\xc9\x8f\xda\x83\x9d\x18\xd7" + "\xf0\x55\x6f\x2f\xe7\xac\xb3\xc0" + "\xcd\xa4\xbf\xf3\xa2\x5f\x5f\x59"); + DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26, + "\xaf\x32\x8d\x17\xfa\x28\x75\x3a" + "\x3c\x9f\x5c\xb7\x2e\x37\x6b\x90" + "\x44\x0b\x96\xf0\x28\x9e\x57\x03" + "\xb7\x29\x32\x4a\x97\x5a\xb3\x84" + "\xed\xa5\x65\xfc\x92\xaa\xde\xd1" + "\x43\x66\x99\x00\xd7\x61\x86\x16" + "\x87\xac\xdc\x0a\x5f\xfa\x35\x8b" + "\xd0\x57\x1a\xaa\xd8\x0a\xca\x68"); + DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", 62, + "\xd1\xdb\x17\xb4\x74\x5b\x25\x5e" + "\x5e\xb1\x59\xf6\x65\x93\xcc\x9c" + "\x14\x38\x50\x97\x9f\xc7\xa3\x95" + "\x17\x96\xab\xa8\x01\x65\xaa\xb5" + "\x36\xb4\x61\x74\xce\x19\xe3\xf7" + "\x07\xf0\xe5\xc6\x48\x7f\x5f\x03" + "\x08\x4b\xc0\xec\x94\x61\x69\x1e" + "\xf2\x01\x13\xe4\x2a\xd2\x81\x63"); + DIGEST_KATS_ADD("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", 80, + "\x95\x24\xb9\xa5\x53\x6b\x91\x06" + "\x95\x26\xb4\xf6\x19\x6b\x7e\x94" + "\x75\xb4\xda\x69\xe0\x1f\x0c\x85" + "\x57\x97\xf2\x24\xcd\x73\x35\xdd" + "\xb2\x86\xfd\x99\xb9\xb3\x2f\xfe" + "\x33\xb5\x9a\xd4\x24\xcc\x17\x44" + "\xf6\xeb\x59\x13\x7f\x5f\xb8\x60" + "\x19\x32\xe8\xa8\xaf\x0a\xe9\x30"); + + SHA3_KATS_TEST(Sha3_512, SHA3_512); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha3_other(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA3 +#ifndef WOLFSSL_NOSHA3_224 + DIGEST_ALT_OTHER_TEST(wc_Sha3, Sha3_224, SHA3_224, + "\xbb\x4e\xb3\xf7\xfb\x7b\x50\xff" + "\x3b\xf8\xb0\x53\x8c\x13\x40\xce" + "\x0c\x43\x5f\xff\x6a\x08\x43\x87" + "\x34\x9f\x7a\x4c"); +#endif +#ifndef WOLFSSL_NOSHA3_256 + DIGEST_ALT_OTHER_TEST(wc_Sha3, Sha3_256, SHA3_256, + "\x78\xc4\x14\xa4\x5d\x85\x07\xf4" + "\x48\x64\xe0\x5f\x73\x2c\x3b\x78" + "\xce\x5a\x78\x45\x97\x0b\x29\xa8" + "\xb4\x53\xed\x38\x19\xd2\x4e\xa9"); +#endif +#ifndef WOLFSSL_NOSHA3_384 + DIGEST_ALT_OTHER_TEST(wc_Sha3, Sha3_384, SHA3_384, + "\x22\x29\x8c\x46\xa7\xf0\xf9\xc7" + "\xa7\xaf\x66\x5d\x58\x88\xb3\x6c" + "\xc2\x02\x43\x83\x71\x5f\xce\x12" + "\x65\x1b\x11\xba\x1c\xde\x52\xdc" + "\x6f\xde\x26\x43\xf1\x9f\xbe\xea" + "\x5f\xd6\x25\x06\x7c\xad\x16\xed"); +#endif +#ifndef WOLFSSL_NOSHA3_512 + DIGEST_ALT_OTHER_TEST(wc_Sha3, Sha3_512, SHA3_512, + "\xc3\xaf\x62\x06\x69\x92\xa1\x2f" + "\xa5\x66\xcc\xcd\xec\x80\xdd\x27" + "\x93\xbd\x11\xb0\xb7\xba\x6a\x5e" + "\x36\xcf\x23\x4c\x1a\xf4\x8d\x37" + "\xb9\xb6\x7f\xb1\xb4\x9a\x04\x23" + "\x23\x42\x51\x5d\x8f\x07\x0d\x42" + "\x04\x68\x84\xc4\x56\x24\x14\x65" + "\x84\x28\xa9\x2f\x10\x35\x7b\x6d"); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha3_Copy(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA3 +#ifndef WOLFSSL_NOSHA3_224 + DIGEST_ALT_COPY_TEST(wc_Sha3, Sha3_224, SHA3_224, + "\x6b\x4e\x03\x42\x36\x67\xdb\xb7" + "\x3b\x6e\x15\x45\x4f\x0e\xb1\xab" + "\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f" + "\x5b\x5a\x6b\xc7", + "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a" + "\xd0\x92\x34\xee\x7d\x3c\x76\x6f" + "\xc9\xa3\xa5\x16\x8d\x0c\x94\xad" + "\x73\xb4\x6f\xdf"); +#endif +#ifndef WOLFSSL_NOSHA3_256 + DIGEST_ALT_COPY_TEST(wc_Sha3, Sha3_256, SHA3_256, + "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66" + "\x51\xc1\x47\x56\xa0\x61\xd6\x62" + "\xf5\x80\xff\x4d\xe4\x3b\x49\xfa" + "\x82\xd8\x0a\x4b\x80\xf8\x43\x4a", + "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2" + "\x04\x5c\x17\x2d\x6b\xd3\x90\xbd" + "\x85\x5f\x08\x6e\x3e\x9d\x52\x5b" + "\x46\xbf\xe2\x45\x11\x43\x15\x32"); +#endif +#ifndef WOLFSSL_NOSHA3_384 + DIGEST_ALT_COPY_TEST(wc_Sha3, Sha3_384, SHA3_384, + "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d" + "\x01\x10\x7d\x85\x2e\x4c\x24\x85" + "\xc5\x1a\x50\xaa\xaa\x94\xfc\x61" + "\x99\x5e\x71\xbb\xee\x98\x3a\x2a" + "\xc3\x71\x38\x31\x26\x4a\xdb\x47" + "\xfb\x6b\xd1\xe0\x58\xd5\xf0\x04", + "\xec\x01\x49\x82\x88\x51\x6f\xc9" + "\x26\x45\x9f\x58\xe2\xc6\xad\x8d" + "\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25" + "\x96\xda\x7c\xf0\xe4\x9b\xe4\xb2" + "\x98\xd8\x8c\xea\x92\x7a\xc7\xf5" + "\x39\xf1\xed\xf2\x28\x37\x6d\x25"); +#endif +#ifndef WOLFSSL_NOSHA3_512 + DIGEST_ALT_COPY_TEST(wc_Sha3, Sha3_512, SHA3_512, + "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5" + "\xc8\xb5\x67\xdc\x18\x5a\x75\x6e" + "\x97\xc9\x82\x16\x4f\xe2\x58\x59" + "\xe0\xd1\xdc\xc1\x47\x5c\x80\xa6" + "\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c" + "\x11\xe3\xe9\x40\x2c\x3a\xc5\x58" + "\xf5\x00\x19\x9d\x95\xb6\xd3\xe3" + "\x01\x75\x85\x86\x28\x1d\xcd\x26", + "\xb7\x51\x85\x0b\x1a\x57\x16\x8a" + "\x56\x93\xcd\x92\x4b\x6b\x09\x6e" + "\x08\xf6\x21\x82\x74\x44\xf7\x0d" + "\x88\x4f\x5d\x02\x40\xd2\x71\x2e" + "\x10\xe1\x16\xe9\x19\x2a\xf3\xc9" + "\x1a\x7e\xc5\x76\x47\xe3\x93\x40" + "\x57\x34\x0b\x4c\xf4\x08\xd5\xa5" + "\x65\x92\xf8\x27\x4e\xec\x53\xf0"); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha3_GetHash(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA3 +#ifndef WOLFSSL_NOSHA3_224 + SHA3_GET_HASH_TEST(Sha3_224, SHA3_224, + "\x6b\x4e\x03\x42\x36\x67\xdb\xb7" + "\x3b\x6e\x15\x45\x4f\x0e\xb1\xab" + "\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f" + "\x5b\x5a\x6b\xc7", + "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a" + "\xd0\x92\x34\xee\x7d\x3c\x76\x6f" + "\xc9\xa3\xa5\x16\x8d\x0c\x94\xad" + "\x73\xb4\x6f\xdf"); +#endif +#ifndef WOLFSSL_NOSHA3_256 + SHA3_GET_HASH_TEST(Sha3_256, SHA3_256, + "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66" + "\x51\xc1\x47\x56\xa0\x61\xd6\x62" + "\xf5\x80\xff\x4d\xe4\x3b\x49\xfa" + "\x82\xd8\x0a\x4b\x80\xf8\x43\x4a", + "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2" + "\x04\x5c\x17\x2d\x6b\xd3\x90\xbd" + "\x85\x5f\x08\x6e\x3e\x9d\x52\x5b" + "\x46\xbf\xe2\x45\x11\x43\x15\x32"); +#endif +#ifndef WOLFSSL_NOSHA3_384 + SHA3_GET_HASH_TEST(Sha3_384, SHA3_384, + "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d" + "\x01\x10\x7d\x85\x2e\x4c\x24\x85" + "\xc5\x1a\x50\xaa\xaa\x94\xfc\x61" + "\x99\x5e\x71\xbb\xee\x98\x3a\x2a" + "\xc3\x71\x38\x31\x26\x4a\xdb\x47" + "\xfb\x6b\xd1\xe0\x58\xd5\xf0\x04", + "\xec\x01\x49\x82\x88\x51\x6f\xc9" + "\x26\x45\x9f\x58\xe2\xc6\xad\x8d" + "\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25" + "\x96\xda\x7c\xf0\xe4\x9b\xe4\xb2" + "\x98\xd8\x8c\xea\x92\x7a\xc7\xf5" + "\x39\xf1\xed\xf2\x28\x37\x6d\x25"); +#endif +#ifndef WOLFSSL_NOSHA3_512 + SHA3_GET_HASH_TEST(Sha3_512, SHA3_512, + "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5" + "\xc8\xb5\x67\xdc\x18\x5a\x75\x6e" + "\x97\xc9\x82\x16\x4f\xe2\x58\x59" + "\xe0\xd1\xdc\xc1\x47\x5c\x80\xa6" + "\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c" + "\x11\xe3\xe9\x40\x2c\x3a\xc5\x58" + "\xf5\x00\x19\x9d\x95\xb6\xd3\xe3" + "\x01\x75\x85\x86\x28\x1d\xcd\x26", + "\xb7\x51\x85\x0b\x1a\x57\x16\x8a" + "\x56\x93\xcd\x92\x4b\x6b\x09\x6e" + "\x08\xf6\x21\x82\x74\x44\xf7\x0d" + "\x88\x4f\x5d\x02\x40\xd2\x71\x2e" + "\x10\xe1\x16\xe9\x19\x2a\xf3\xc9" + "\x1a\x7e\xc5\x76\x47\xe3\x93\x40" + "\x57\x34\x0b\x4c\xf4\x08\xd5\xa5" + "\x65\x92\xf8\x27\x4e\xec\x53\xf0"); +#endif +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha3_Flags(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA3) && defined(WOLFSSL_HASH_FLAGS) && \ + !defined(WOLFSSL_NOSHA3_256) + DIGEST_ALT_FLAGS_TEST(wc_Sha3, Sha3, Sha3_256); +#endif + return EXPECT_RESULT(); +} + +/******************************************************************************* + * SHAKE-128 + ******************************************************************************/ + +int test_wc_InitShake128(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE128 + DIGEST_INIT_TEST(wc_Shake, Shake128); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Shake128_Update(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE128 + DIGEST_ALT_UPDATE_TEST(wc_Shake, Shake128); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Shake128_Final(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE128 + DIGEST_COUNT_FINAL_TEST(wc_Shake, Shake128, SHA3_128); +#endif + return EXPECT_RESULT(); +} + +#define SHAKE128_KAT_CNT 7 +int test_wc_Shake128_KATs(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE128 + DIGEST_COUNT_KATS_TEST_VARS(wc_Shake, SHAKE128, SHA3_128); + + DIGEST_KATS_ADD("", 0, + "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d" + "\x61\x60\x45\x50\x76\x05\x85\x3e" + "\xd7\x3b\x80\x93\xf6\xef\xbc\x88" + "\xeb\x1a\x6e\xac\xfa\x66\xef\x26" + "\x3c\xb1\xee\xa9\x88\x00\x4b\x93" + "\x10\x3c\xfb\x0a\xee\xfd\x2a\x68" + "\x6e\x01\xfa\x4a\x58\xe8\xa3\x63" + "\x9c\xa8\xa1\xe3\xf9\xae\x57\xe2" + "\x35\xb8\xcc\x87\x3c\x23\xdc\x62" + "\xb8\xd2\x60\x16\x9a\xfa\x2f\x75" + "\xab\x91\x6a\x58\xd9\x74\x91\x88" + "\x35\xd2\x5e\x6a\x43\x50\x85\xb2" + "\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5" + "\xef\xbb\x7b\xcc\x4b\x59\xd5\x38" + "\xdf\x9a\x04\x30\x2e\x10\xc8\xbc" + "\x1c\xbf\x1a\x0b\x3a\x51\x20\xea" + "\x17\xcd\xa7\xcf\xad\x76\x5f\x56" + "\x23\x47\x4d\x36\x8c\xcc\xa8\xaf" + "\x00\x07\xcd\x9f\x5e\x4c\x84\x9f" + "\x16\x7a\x58\x0b\x14\xaa\xbd\xef" + "\xae\xe7\xee\xf4\x7c\xb0\xfc\xa9"); + DIGEST_KATS_ADD("a", 1, + "\x85\xc8\xde\x88\xd2\x88\x66\xbf" + "\x08\x68\x09\x0b\x39\x61\x16\x2b" + "\xf8\x23\x92\xf6\x90\xd9\xe4\x73" + "\x09\x10\xf4\xaf\x7c\x6a\xb3\xee" + "\x43\x54\xb4\x9c\xa7\x29\xeb\x35" + "\x6e\xe3\xf5\xb0\xfb\xd2\x9b\x66" + "\x76\x93\x83\xe5\xe4\x01\xb1\xf8" + "\x5e\x04\x4c\x92\xbb\x52\x31\xaa" + "\x4d\xee\x17\x99\xaf\x7a\x7c\xee" + "\x21\x3a\x23\xad\xcd\x03\xc4\x80" + "\x6c\x9a\x8b\x0d\x8a\x2e\xea\xd8" + "\xea\x7a\x61\x34\xc1\x3e\x52\x3c" + "\xcf\x93\xad\x39\xd2\x27\xd3\xe7" + "\xd0\x22\xd9\x65\x4f\x3b\x49\x41" + "\x37\x88\x75\x8a\x64\x17\xe4\x2d" + "\x41\x95\x7c\xb3\x0c\xf0\x4d\xa3" + "\x7f\x26\x89\x7c\x2c\xf2\xf8\x00" + "\x55\x84\x62\x93\xfd\xe0\x23\x31" + "\xcf\x4a\x26\x9a\xaf\x2d\x47\xeb" + "\x27\xab\xa0\xfa\xba\x4a\x67\x8e" + "\xc0\x02\xbc\x0d\x30\x64\xea\xd0"); + DIGEST_KATS_ADD("abc", 3, + "\x58\x81\x09\x2d\xd8\x18\xbf\x5c" + "\xf8\xa3\xdd\xb7\x93\xfb\xcb\xa7" + "\x40\x97\xd5\xc5\x26\xa6\xd3\x5f" + "\x97\xb8\x33\x51\x94\x0f\x2c\xc8" + "\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c" + "\xdd\x06\x65\x68\x70\x6f\x50\x9b" + "\xc1\xbd\xde\x58\x29\x5d\xae\x3f" + "\x89\x1a\x9a\x0f\xca\x57\x83\x78" + "\x9a\x41\xf8\x61\x12\x14\xce\x61" + "\x23\x94\xdf\x28\x6a\x62\xd1\xa2" + "\x25\x2a\xa9\x4d\xb9\xc5\x38\x95" + "\x6c\x71\x7d\xc2\xbe\xd4\xf2\x32" + "\xa0\x29\x4c\x85\x7c\x73\x0a\xa1" + "\x60\x67\xac\x10\x62\xf1\x20\x1f" + "\xb0\xd3\x77\xcf\xb9\xcd\xe4\xc6" + "\x35\x99\xb2\x7f\x34\x62\xbb\xa4" + "\xa0\xed\x29\x6c\x80\x1f\x9f\xf7" + "\xf5\x73\x02\xbb\x30\x76\xee\x14" + "\x5f\x97\xa3\x2a\xe6\x8e\x76\xab" + "\x66\xc4\x8d\x51\x67\x5b\xd4\x9a" + "\xcc\x29\x08\x2f\x56\x47\x58\x4e"); + DIGEST_KATS_ADD("message digest", 14, + "\xcb\xef\x73\x29\x61\xb5\x5b\x4c" + "\x31\x39\x67\x96\x57\x7d\xf4\x91" + "\xb6\xee\xd6\x1d\x89\x49\xce\x96" + "\x72\x26\x80\x1e\x41\x1e\x53\xf0" + "\x95\x44\xc1\x3f\xe4\xdf\x40\xfc" + "\x8d\xf5\xf9\x85\x3e\x85\x41\xd0" + "\x45\x41\xf1\x00\x77\xd9\xd4\x4e" + "\x74\x93\xe8\x7f\x16\x0a\x0a\x0d" + "\x37\xb3\xd6\xda\xc9\x64\x59\x88" + "\xed\x5d\x06\xdd\x53\x21\x99\x3d" + "\x87\x35\x74\xd1\x47\xe3\x36\xd7" + "\x23\x3a\x68\x27\x31\x87\x21\x48" + "\xe9\x3e\x72\x28\x16\xb3\xb1\xcc" + "\x31\x3b\xc4\x33\x94\x5f\x74\xf2" + "\x14\x39\xdf\xd8\xc8\x9b\xc5\x9b" + "\xf3\xd1\x6d\x48\x9a\x5d\x5c\xaf" + "\xdf\x77\xac\x07\xbe\x5d\x96\xa7" + "\x6e\x95\x27\x53\x07\xd8\x83\xca" + "\xd6\x25\x71\x43\xb5\x61\x00\x73" + "\xcb\xbf\x7b\x8e\x89\x70\x31\x74" + "\x66\xa8\xb6\x85\xd4\x81\x78\xb8"); + DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26, + "\x96\x1c\x91\x9c\x08\x54\x57\x6e" + "\x56\x13\x20\xe8\x15\x14\xbf\x37" + "\x24\x19\x7d\x07\x15\xe1\x6a\x36" + "\x45\x20\x38\x4e\xe9\x97\xf6\xef" + "\x3b\xe7\xad\x1a\xb6\x87\xd3\x1e" + "\xbd\x7e\x66\x04\xef\x2c\x76\x52" + "\x93\x2e\x42\x06\x11\x3d\x26\x35" + "\x14\xe7\x2f\x31\xf5\xe1\xdf\x87" + "\xc5\xf5\x4f\xc4\x3e\x8f\x85\x7f" + "\xc4\xa5\x2b\xbb\x56\x5b\xd6\xd4" + "\x58\x69\xdf\x92\x59\xc0\x97\x74" + "\x72\x83\x94\xe3\xe0\xc3\xb3\x26" + "\x41\x00\x85\xc3\x56\xe5\xb1\x73" + "\xd5\x70\x08\x79\x45\xb0\xf0\x68" + "\xe4\xc6\x3a\x5b\x19\x1f\xef\x22" + "\xd9\x3b\x9f\xd4\x21\x13\x28\xd7" + "\x0e\x51\x4f\xec\x92\xb1\xb4\x86" + "\x43\x49\x59\x18\xb6\x41\xea\xb0" + "\x54\x60\xd0\x79\x8c\xbe\x42\xfd" + "\xa4\x7a\x23\x75\xf1\x06\x5d\x03" + "\x7e\xbc\x76\xbd\xce\xff\x29\xef"); + DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", 62, + "\x54\xdd\x20\x1e\x53\x24\x99\x10" + "\xdb\x3c\x7d\x36\x65\x74\xfb\xb6" + "\x4e\x71\xfa\xe4\x42\xa4\xba\xc1" + "\x34\x39\xf2\x6d\xd4\x89\x68\x83" + "\x70\xd0\x12\xa1\x55\x86\xd8\x7e" + "\x73\x00\xbe\xed\xd9\x23\x3e\xea" + "\x98\xf9\x16\xda\xb2\x66\x51\x38" + "\x02\x50\x24\x40\x31\x5b\xba\x9e" + "\x40\xcd\xb8\x60\x09\x7b\x12\xdf" + "\xd8\x8d\x4f\x24\x2f\x77\xc2\x2e" + "\x93\xad\xfd\x3e\xb7\x89\x94\x82" + "\xd3\x9f\x7c\x0f\x16\x0e\xcc\x07" + "\x04\x73\x47\x82\x94\x73\x31\x46" + "\x74\xa5\x6a\x13\xe7\x01\xd5\xd8" + "\xaa\x37\x54\x6b\x43\xc5\x73\x36" + "\x56\xc1\xac\x3c\xa4\x69\x7a\x30" + "\x32\x0b\x98\xad\xf9\xbc\xa3\xc6" + "\x8b\xec\x9f\x14\xe3\x3b\x8f\xae" + "\x30\xd5\x5e\xc6\x0e\x80\x15\xa5" + "\x16\x80\xbb\x37\xeb\x5a\x7e\xbc" + "\x90\x88\xcd\xcf\x09\xff\x2d\x6b"); + DIGEST_KATS_ADD("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", 80, + "\x7b\xf4\x51\xc9\x2f\xdc\x77\xb9" + "\x77\x1e\x6c\x90\x56\x44\x58\x94" + "\xee\x86\x7f\x00\xc2\xb7\x0d\x3a" + "\xf0\xd1\x96\xa0\xcf\x6b\x28\xe1" + "\x2c\xed\x96\x05\x37\xf2\x2a\x0e" + "\x90\x33\x41\x03\x67\x58\x44\x99" + "\x3c\x4f\xd7\x13\x64\x68\x00\xbd" + "\x89\x99\x51\xe5\x6f\x06\x45\xfc" + "\xf0\x39\x78\xa6\x27\xc0\x7c\x62" + "\xa7\x5a\x54\x3b\x8a\xf7\xed\xb0" + "\xaf\xe7\x64\x3d\x94\x95\x36\x3b" + "\x30\xbc\xc5\x50\x1c\x74\xdf\x19" + "\x5b\x2a\xd4\x28\x83\x1b\x77\x9b" + "\xf1\xab\x2a\x0d\xfc\x92\xa5\x92" + "\x5a\xc8\xd5\x97\x90\xee\xbc\xf2" + "\xec\x29\xb3\x33\x8f\x66\x0c\x5a" + "\x6f\x66\x73\xce\x32\x2c\xc1\x03" + "\x9a\xe5\xf1\x46\x3b\x86\xca\x7e" + "\x96\xaa\xa9\x9a\x27\x09\x93\x02" + "\x6a\xc8\x13\xda\xc4\xb9\xeb\x82" + "\x14\xe3\x1c\xe8\x68\x27\xcb\x21"); + + DIGEST_COUNT_KATS_TEST(Shake128, SHAKE128, SHA3_128); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Shake128_other(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE128 + DIGEST_COUNT_OTHER_TEST(wc_Shake, Shake128, SHA3_128, + "\x1b\xbe\x22\xa0\x40\xc7\x15\x88" + "\xcc\x2b\xaa\x3e\x5a\x7c\x89\x03" + "\x33\xd4\xac\x54\x27\x14\xf9\x96" + "\x0e\x60\x3d\x8f\x13\x9a\xf8\x1e" + "\x8f\x45\xc8\x37\xa8\x63\x16\x7b" + "\x96\x69\xd4\xe4\x2e\x45\x9f\x1d" + "\x50\xaa\x92\x2e\x0d\x32\x37\x97" + "\xf7\xd7\xcc\x7c\x5c\xfa\x71\x42" + "\xf3\x23\x68\x6a\x36\x03\xd4\x0a" + "\x77\x7d\xd3\x84\x40\x75\xc5\xad" + "\x1f\xb7\xa4\x90\x80\x66\x91\x49" + "\x7d\x3e\x8a\x69\xb9\x94\xbf\x0f" + "\x0a\x09\xde\xc8\xfe\x10\xb5\x4f" + "\xe5\x78\xda\x4c\x3a\xcd\xcd\xc2" + "\x30\xb0\x14\x75\x45\x2b\x2e\x40" + "\x74\xf4\x5c\xad\x2e\xcf\x1c\xa0" + "\x0b\x8d\x58\x30\xcd\x0f\xaa\x11" + "\x68\x84\x2b\x55\xa7\x62\x1b\x9a" + "\xec\x6e\xd6\xcc\xa1\xc9\x9f\xc8" + "\x11\x74\xb4\x22\x18\xc0\xe6\x37" + "\xc4\xef\xc2\xe4\xc3\x26\x27\x0b"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Shake128_Copy(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE128 + DIGEST_COUNT_COPY_TEST(wc_Shake, Shake128, SHA3_128, + "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d" + "\x61\x60\x45\x50\x76\x05\x85\x3e" + "\xd7\x3b\x80\x93\xf6\xef\xbc\x88" + "\xeb\x1a\x6e\xac\xfa\x66\xef\x26" + "\x3c\xb1\xee\xa9\x88\x00\x4b\x93" + "\x10\x3c\xfb\x0a\xee\xfd\x2a\x68" + "\x6e\x01\xfa\x4a\x58\xe8\xa3\x63" + "\x9c\xa8\xa1\xe3\xf9\xae\x57\xe2" + "\x35\xb8\xcc\x87\x3c\x23\xdc\x62" + "\xb8\xd2\x60\x16\x9a\xfa\x2f\x75" + "\xab\x91\x6a\x58\xd9\x74\x91\x88" + "\x35\xd2\x5e\x6a\x43\x50\x85\xb2" + "\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5" + "\xef\xbb\x7b\xcc\x4b\x59\xd5\x38" + "\xdf\x9a\x04\x30\x2e\x10\xc8\xbc" + "\x1c\xbf\x1a\x0b\x3a\x51\x20\xea" + "\x17\xcd\xa7\xcf\xad\x76\x5f\x56" + "\x23\x47\x4d\x36\x8c\xcc\xa8\xaf" + "\x00\x07\xcd\x9f\x5e\x4c\x84\x9f" + "\x16\x7a\x58\x0b\x14\xaa\xbd\xef" + "\xae\xe7\xee\xf4\x7c\xb0\xfc\xa9", + "\x58\x81\x09\x2d\xd8\x18\xbf\x5c" + "\xf8\xa3\xdd\xb7\x93\xfb\xcb\xa7" + "\x40\x97\xd5\xc5\x26\xa6\xd3\x5f" + "\x97\xb8\x33\x51\x94\x0f\x2c\xc8" + "\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c" + "\xdd\x06\x65\x68\x70\x6f\x50\x9b" + "\xc1\xbd\xde\x58\x29\x5d\xae\x3f" + "\x89\x1a\x9a\x0f\xca\x57\x83\x78" + "\x9a\x41\xf8\x61\x12\x14\xce\x61" + "\x23\x94\xdf\x28\x6a\x62\xd1\xa2" + "\x25\x2a\xa9\x4d\xb9\xc5\x38\x95" + "\x6c\x71\x7d\xc2\xbe\xd4\xf2\x32" + "\xa0\x29\x4c\x85\x7c\x73\x0a\xa1" + "\x60\x67\xac\x10\x62\xf1\x20\x1f" + "\xb0\xd3\x77\xcf\xb9\xcd\xe4\xc6" + "\x35\x99\xb2\x7f\x34\x62\xbb\xa4" + "\xa0\xed\x29\x6c\x80\x1f\x9f\xf7" + "\xf5\x73\x02\xbb\x30\x76\xee\x14" + "\x5f\x97\xa3\x2a\xe6\x8e\x76\xab" + "\x66\xc4\x8d\x51\x67\x5b\xd4\x9a" + "\xcc\x29\x08\x2f\x56\x47\x58\x4e"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Shake128Hash(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE128 + const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + word32 len = sizeof(data); + byte hash[WC_SHA3_128_COUNT * 8]; + word32 hashLen = sizeof(hash); + const char* expHash = + "\x12\x27\xc5\xf8\x82\xf9\xc5\x7b" + "\xf2\xe3\xe4\x8d\x2c\x87\xeb\x20" + "\xf3\x82\xa4\xb6\x39\xb5\x4d\x26" + "\xf6\xd5\x95\xff\x3d\xb9\x06\x4d" + "\x07\x4e\xe7\x88\xf0\x74\x7c\xa3" + "\xfc\x46\xce\x86\x93\x6c\xfc\x6b" + "\xd3\x63\x8d\xae\x5a\x2b\x7d\x65" + "\x92\x52\x29\x98\xd6\xda\x6f\xaa" + "\x5f\x5d\x41\x5d\x99\xd5\x56\x51" + "\x46\xee\x3c\xd2\xb8\xec\x15\x38" + "\xbc\x62\xdd\xe9\x46\x94\x9b\x23" + "\xb8\xcf\x3c\xa3\xe4\x7f\x35\x2d" + "\x3c\x46\x2f\x16\x87\x10\x84\x34" + "\xf7\x84\x95\x2c\xcf\xe3\x26\xaf" + "\xdf\x78\x53\xb3\x98\x20\x22\xca" + "\x14\x82\xbc\x9c\xd1\x8f\x9a\x6c" + "\xe0\x92\x0b\x8f\x34\x5a\xa0\x4e" + "\x7f\xd5\x83\xa4\xe2\x01\x25\x33" + "\x45\x0b\x00\xc1\x6a\x5a\x14\xe8" + "\x6a\xd1\x45\x0c\x4e\x8a\x4a\x6f" + "\x37\xb4\x15\x5d\xd6\x0d\xd1\xab"; + + ExpectIntEQ(wc_Shake128Hash(data, len, hash, hashLen), 0); + ExpectBufEQ(hash, expHash, hashLen); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Shake128_Absorb(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE128 + wc_Shake shake128; + + ExpectIntEQ(wc_InitShake128(&shake128, HEAP_HINT, INVALID_DEVID), 0); + +#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0) + ExpectIntEQ(wc_Shake128_Absorb(NULL , NULL , 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Shake128_Absorb(&shake128, NULL , 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Shake128_Absorb(NULL , NULL , 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_Shake128_Absorb(&shake128, NULL, 0), 0); +#endif + + ExpectIntEQ(wc_Shake128_Absorb(&shake128, (byte*)"a", 1), 0); + + wc_Shake128_Free(&shake128); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Shake128_SqueezeBlocks(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE128 + wc_Shake shake128; + byte hash[WC_SHA3_128_COUNT * 8]; + + ExpectIntEQ(wc_InitShake128(&shake128, HEAP_HINT, INVALID_DEVID), 0); + +#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0) + ExpectIntEQ(wc_Shake128_SqueezeBlocks(NULL , NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Shake128_SqueezeBlocks(&shake128, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Shake128_SqueezeBlocks(NULL , NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_Shake128_SqueezeBlocks(&shake128, NULL, 0), 0); +#endif + ExpectIntEQ(wc_Shake128_SqueezeBlocks(&shake128, hash, 1), 0); + + wc_Shake128_Free(&shake128); +#endif + return EXPECT_RESULT(); +} + +#define TEST_SHAKE128_MAX_BLOCKS 3 +int test_wc_Shake128_XOF(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE128 + wc_Shake shake128; + byte hash[WC_SHA3_128_COUNT * 8 * TEST_SHAKE128_MAX_BLOCKS]; + const char* expOut = + "\xf4\x2f\xac\xcf\x13\x0e\x25\x5f" + "\xfd\x4a\x29\xbb\x9d\x47\x25\xea" + "\x19\xfe\x86\xd3\xeb\x58\xd7\x74" + "\xc1\x3c\xf9\xc7\x0e\xdc\xc6\x3b" + "\x4b\x97\x0d\x2b\xbc\xa6\x89\x4c" + "\xda\x48\x8c\x02\x62\x15\x1f\x2e" + "\x36\xb1\x95\x78\xfe\x02\x81\x35" + "\x30\x55\x5f\x3c\x06\x47\x2b\x93" + "\x1e\xf5\x8e\xf2\xfc\x81\x5b\xec" + "\x9f\xde\xf3\xee\xc0\xac\xb0\x90" + "\x5c\x19\xc8\x3e\x8a\xa4\xf6\xa7" + "\xdf\xa3\x39\xdf\x22\x03\x6c\x07" + "\xaa\xbb\xea\x3d\xec\x00\xc2\xb2" + "\x6e\x4c\x6b\xdc\xb8\x39\x8b\xb5" + "\x67\x3f\xdc\x2a\xf5\x91\x32\xb9" + "\x07\xbc\x1d\xb3\x92\x79\x13\xdb" + "\x56\xe5\xae\x43\x91\x58\x18\x41" + "\xa8\xe1\x75\x8e\x5b\xeb\xac\x4f" + "\xeb\x41\xac\x5d\x8b\x4a\x3d\xf6" + "\xb6\x5f\xe6\x9c\x19\x1e\x33\x97" + "\xbc\x7c\xa7\x7e\xed\x5c\xe5\x4b" + "\xdb\xa2\x34\xcd\x90\x94\x46\x19" + "\x2e\x60\xbb\xf4\xb1\xe6\x78\xc8" + "\xb2\x89\x0b\x2b\x0a\xb9\x69\x81" + "\x90\x36\xc7\x5e\xcc\x36\x46\xde" + "\x5e\x1d\xb2\x1d\x62\x46\x58\xdf" + "\x9a\x07\xea\xe5\x6e\xac\x06\x53" + "\x4f\xb4\xb5\x1e\xe3\x78\x60\x84" + "\xe0\x96\xfd\xe8\xc0\xf4\x3b\x80" + "\x7a\x2d\xb5\x22\x3e\xb5\x0f\x21" + "\xcb\x47\x13\x2d\x97\xb5\x28\x25" + "\xe7\x84\xa1\x64\x46\xa8\xeb\x8d" + "\xa7\xf9\xbe\x89\x3f\x96\x8a\x08" + "\x97\x8d\x5c\x72\x7c\x9d\x52\x27" + "\xea\xb2\xf0\x9d\x9c\x00\x0d\x3e" + "\xd1\xa4\x0f\xdd\xba\x43\x41\xfb" + "\xf8\x26\x13\x98\x27\x88\xae\x8b" + "\xfb\x8f\xcd\x37\x72\xb3\x37\x09" + "\xf4\xde\xde\x33\x8e\x1f\xbd\x49" + "\x90\x3c\x8a\x8b\xd2\x89\xb0\x26" + "\x39\xc8\x2f\xc7\xfc\x2d\xf9\xa7" + "\xd3\x5d\x69\x3d\x90\x17\x9c\xc1" + "\x83\xc7\x1d\xd6\xd3\xa2\x01\x57" + "\x33\x4f\x0d\xfc\x52\x9e\x2a\xd1" + "\x9e\xfb\x36\xdf\x3e\xb3\x49\x9f" + "\x83\x22\xa8\x24\x0e\xa1\xfb\xca" + "\xd5\x17\x58\x1a\x40\x3f\x4f\x54" + "\x3f\xd4\xed\x99\xd2\x39\xad\x37" + "\x03\x39\xf7\x3b\xcf\x52\x55\xc4" + "\x76\x74\x1d\x33\x04\x76\x44\x0d" + "\xf6\x93\x89\x9d\x74\x19\x9c\x09" + "\xd9\xf4\x5f\x0b\xbc\xf4\x13\xec" + "\x2c\xce\x5f\x2b\x00\xeb\x8b\xa0" + "\xa2\xf1\xdd\x93\xc0\x9c\x7c\xb5" + "\xca\xe2\xfb\x07\xa9\x1b\xa8\xc9" + "\xc9\x84\x2b\x7e\x1e\x05\x8c\x98" + "\xfd\x8d\x2a\xd0\xf2\x3a\x7b\x88" + "\x26\x4d\xed\x2b\xdb\x99\xb8\x9f" + "\x88\x01\x47\x29\xeb\x23\x80\x81" + "\x2b\xdd\xac\xbf\xcb\x1e\x80\x0d" + "\x4f\xba\xc3\x13\xfa\xb1\xa6\xa9" + "\x69\x09\x48\xe6\xb8\xd5\x55\x12" + "\xb5\x25\xba\xf6\xd4\x2a\x5e\xf0"; + int i; + int j; + + for (i = 1; i <= TEST_SHAKE128_MAX_BLOCKS; i++) { + ExpectIntEQ(wc_InitShake128(&shake128, HEAP_HINT, INVALID_DEVID), 0); + + ExpectIntEQ(wc_Shake128_Absorb(&shake128, (byte*)"Starting point", 15), + 0); + + for (j = 0; j < TEST_SHAKE128_MAX_BLOCKS; j += i) { + int cnt = TEST_SHAKE128_MAX_BLOCKS - j; + if (i < cnt) + cnt = i; + ExpectIntEQ(wc_Shake128_SqueezeBlocks(&shake128, + hash + WC_SHA3_128_COUNT * 8 * j, cnt), 0); + } + ExpectBufEQ(hash, expOut, + WC_SHA3_128_COUNT * 8 * TEST_SHAKE128_MAX_BLOCKS); + } + + wc_Shake128_Free(&shake128); +#endif + return EXPECT_RESULT(); +} + +/******************************************************************************* + * SHAKE-256 + ******************************************************************************/ + +int test_wc_InitShake256(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE256 + DIGEST_INIT_TEST(wc_Shake, Shake256); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Shake256_Update(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE256 + DIGEST_ALT_UPDATE_TEST(wc_Shake, Shake256); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Shake256_Final(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE256 + DIGEST_COUNT_FINAL_TEST(wc_Shake, Shake256, SHA3_256); +#endif + return EXPECT_RESULT(); +} + +#define SHAKE256_KAT_CNT 7 +int test_wc_Shake256_KATs(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE256 + DIGEST_COUNT_KATS_TEST_VARS(wc_Shake, SHAKE256, SHA3_256); + + DIGEST_KATS_ADD("", 0, + "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13" + "\x23\x3b\x3f\xeb\x74\x3e\xeb\x24" + "\x3f\xcd\x52\xea\x62\xb8\x1b\x82" + "\xb5\x0c\x27\x64\x6e\xd5\x76\x2f" + "\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00" + "\xcb\x05\x01\x9d\x67\xb5\x92\xf6" + "\xfc\x82\x1c\x49\x47\x9a\xb4\x86" + "\x40\x29\x2e\xac\xb3\xb7\xc4\xbe" + "\x14\x1e\x96\x61\x6f\xb1\x39\x57" + "\x69\x2c\xc7\xed\xd0\xb4\x5a\xe3" + "\xdc\x07\x22\x3c\x8e\x92\x93\x7b" + "\xef\x84\xbc\x0e\xab\x86\x28\x53" + "\x34\x9e\xc7\x55\x46\xf5\x8f\xb7" + "\xc2\x77\x5c\x38\x46\x2c\x50\x10" + "\xd8\x46\xc1\x85\xc1\x51\x11\xe5" + "\x95\x52\x2a\x6b\xcd\x16\xcf\x86" + "\xf3\xd1\x22\x10\x9e\x3b\x1f\xdd"); + DIGEST_KATS_ADD("a", 1, + "\x86\x7e\x2c\xb0\x4f\x5a\x04\xdc" + "\xbd\x59\x25\x01\xa5\xe8\xfe\x9c" + "\xea\xaf\xca\x50\x25\x56\x26\xca" + "\x73\x6c\x13\x80\x42\x53\x0b\xa4" + "\x36\xb7\xb1\xec\x0e\x06\xa2\x79" + "\xbc\x79\x07\x33\xbb\x0a\xee\x6f" + "\xa8\x02\x68\x3c\x7b\x35\x50\x63" + "\xc4\x34\xe9\x11\x89\xb0\xc6\x51" + "\xd0\x92\xb0\x1e\x55\xce\x4d\x61" + "\x0b\x54\xa5\x46\x6d\x02\xf8\x8f" + "\xc3\x78\x09\x6f\xb0\xda\xd0\x25" + "\x48\x57\xfe\x1e\x63\x81\xab\xc0" + "\x4e\x07\xe3\x3d\x91\x69\x35\x93" + "\x56\x36\x00\x48\x96\xc5\xb1\x25" + "\x34\x64\xf1\xcb\x5e\xa7\x3b\x00" + "\x7b\xc5\x02\x8b\xbb\xea\x13\xeb" + "\xc2\x86\x68\xdb\xfc\x26\xb1\x24"); + DIGEST_KATS_ADD("abc", 3, + "\x48\x33\x66\x60\x13\x60\xa8\x77" + "\x1c\x68\x63\x08\x0c\xc4\x11\x4d" + "\x8d\xb4\x45\x30\xf8\xf1\xe1\xee" + "\x4f\x94\xea\x37\xe7\x8b\x57\x39" + "\xd5\xa1\x5b\xef\x18\x6a\x53\x86" + "\xc7\x57\x44\xc0\x52\x7e\x1f\xaa" + "\x9f\x87\x26\xe4\x62\xa1\x2a\x4f" + "\xeb\x06\xbd\x88\x01\xe7\x51\xe4" + "\x13\x85\x14\x12\x04\xf3\x29\x97" + "\x9f\xd3\x04\x7a\x13\xc5\x65\x77" + "\x24\xad\xa6\x4d\x24\x70\x15\x7b" + "\x3c\xdc\x28\x86\x20\x94\x4d\x78" + "\xdb\xcd\xdb\xd9\x12\x99\x3f\x09" + "\x13\xf1\x64\xfb\x2c\xe9\x51\x31" + "\xa2\xd0\x9a\x3e\x6d\x51\xcb\xfc" + "\x62\x27\x20\xd7\xa7\x5c\x63\x34" + "\xe8\xa2\xd7\xec\x71\xa7\xcc\x29"); + DIGEST_KATS_ADD("message digest", 14, + "\x71\x8e\x22\x40\x88\x85\x68\x40" + "\xad\xe4\xdc\x73\x48\x7e\x15\x82" + "\x6a\x07\xec\xb8\xed\x5e\x2b\xda" + "\x52\x6c\xc1\xac\xdd\xb9\x9d\x00" + "\x60\x49\x81\x58\x44\xbe\x0c\x6c" + "\x29\xb7\x59\xdb\x80\xb7\xda\xa6" + "\x84\xcb\x46\xd9\x0f\x7e\xef\x10" + "\x7d\x24\xaa\xfc\xfa\xf0\xda\xca" + "\xca\x28\x88\xdf\xaa\x73\x76\x94" + "\xbc\x46\xd5\xc9\x5f\x17\xc5\xcf" + "\xe7\xb0\xc9\x5c\xfd\x6a\x12\x6d" + "\xd9\x64\x0c\x8e\x62\xe5\xad\x1c" + "\x06\xe5\x75\x61\x6a\x2d\xec\x06" + "\x46\x06\x6e\x80\x37\xe5\x1a\x00" + "\x54\x78\x3d\x82\x0b\x92\xc1\x14" + "\x17\x96\xf7\xc3\xe9\x35\x03\x8e" + "\x67\x13\xbb\xba\x46\x08\x0b\x2e"); + DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26, + "\xb7\xb7\x8b\x04\xa3\xdd\x30\xa2" + "\x65\xc8\x88\x6c\x33\xfd\xa9\x47" + "\x99\x85\x3d\xe5\xd3\xd1\x05\x41" + "\xfd\x4e\x9f\x46\x13\x70\x1c\x61" + "\x07\x52\x49\xbe\xd1\x6b\x07\x81" + "\x10\x8f\xcf\xe0\x86\xdb\xf3\x8a" + "\x7f\xb8\x30\x08\x07\xce\xa8\x5c" + "\xc6\x49\x32\x8d\x07\xd4\xff\x2b" + "\x5e\x89\x08\x56\x3f\xf0\xfd\xcc" + "\x06\xa8\x09\x2f\xbf\xe7\x72\xf8" + "\x0e\x49\xf8\x7a\x10\x3b\x2a\xee" + "\x12\x99\x0c\xcb\x47\x98\xe9\xec" + "\x03\xaa\x48\x18\xa4\xbf\x5a\xbd" + "\xa0\x84\xe1\xa5\xfe\x68\x7c\x2c" + "\xfe\xf4\x40\x68\x46\xfe\x47\xa0" + "\xd0\x7b\xf4\x50\x55\xa2\x69\x9c" + "\x37\xd6\xb6\xd9\xcd\x6c\x4f\xf0"); + DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", 62, + "\x31\xf1\x9a\x09\x7c\x72\x3e\x91" + "\xfa\x59\xb0\x99\x8d\xd8\x52\x3c" + "\x2a\x9e\x7e\x13\xb4\x02\x5d\x6b" + "\x48\xfc\xbc\x32\x89\x73\xa1\x08" + "\x78\xcf\xbe\xb3\x81\x0d\x88\x2f" + "\xdb\x6a\x06\xe8\x7f\x3e\xa5\x2c" + "\xf8\x26\xca\x55\x22\x31\x6f\xb6" + "\x45\xb7\x08\xac\xbe\x43\xb2\xcb" + "\x32\x52\x09\x24\x32\x42\x70\x60" + "\xc9\x63\x9e\x21\xa8\x98\xd3\x88" + "\xa7\xe1\x53\xe4\x2a\x8b\x89\x33" + "\xf2\xad\x0c\x27\x52\x97\x69\x8e" + "\x25\x7e\x05\xd2\x62\x75\x39\xb4" + "\x2c\x10\x1b\x97\x67\xbc\x6d\x90" + "\x06\x39\x31\x1f\x8e\x4a\x2e\x88" + "\x26\x7b\xbb\x85\xb3\xfa\x4e\xad" + "\xf4\x01\xe0\x74\x18\x9f\x6b\xbf"); + DIGEST_KATS_ADD("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", 80, + "\x24\xc5\x08\xad\xef\xdf\x5e\x3f" + "\x25\x96\xe8\xb5\xa8\x88\xfe\x10" + "\xeb\x7b\x5b\x22\xe1\xf3\x5d\x85" + "\x8e\x6e\xff\x30\x25\xc4\xcc\x18" + "\xa3\xc9\xac\xe5\x1d\xdd\x24\x3d" + "\x08\xc8\xc7\x0c\xf6\x8e\x91\xd1" + "\x70\x60\x3d\xc3\xe2\xa3\x1c\x6c" + "\xa8\x9f\x20\xc4\xa5\x95\xa2\x65" + "\x4f\xb7\xd5\x35\x29\x42\x7e\x81" + "\x2d\xea\x48\xe8\xe8\x9a\xbe\x06" + "\x2b\x88\x90\x2f\x9b\xff\xb5\xee" + "\xf2\x8a\x65\x80\xfb\x24\x1a\x15" + "\x20\x1f\x18\xf5\x29\x9d\x03\xc3" + "\xe7\x17\x3d\x41\x43\x88\x68\x80" + "\xe4\xfb\x0b\xe1\xf5\x03\xeb\x4a" + "\x10\x9a\xf6\xf9\xe9\x7f\xa8\xdc" + "\x2e\xe6\x42\xe3\xc9\x18\x1b\x85"); + + DIGEST_COUNT_KATS_TEST(Shake256, SHAKE256, SHA3_256); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Shake256_other(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE256 + DIGEST_COUNT_OTHER_TEST(wc_Shake, Shake256, SHA3_256, + "\x97\x52\xa7\xbe\xe4\x06\x06\x10" + "\xb2\x43\xb5\xca\x1e\x3a\x76\x06" + "\x68\xac\x62\xfe\xad\xa4\xad\xc9" + "\x23\xa2\x72\xeb\x90\x54\xeb\xd9" + "\x06\x7f\x1e\xea\x2d\x80\x92\xb2" + "\xd1\xe7\xae\x6b\xc0\x1d\x46\x6a" + "\x3f\x62\x67\x35\x7b\x50\x4b\xe2" + "\x05\x63\xf7\x97\x10\x4e\x9c\x14" + "\xff\x21\x64\x40\xf6\xd4\x55\x79" + "\x2e\x7b\x9b\x5b\xfb\xa2\x15\xf9" + "\x6d\x6a\x54\xae\x5e\x7d\x6c\x72" + "\x4a\x4e\x91\xcc\xc2\x37\x1c\x9d" + "\x14\x95\x27\x38\x64\x6c\x62\x10" + "\x19\x04\x6f\x19\xde\x61\x5e\xc8" + "\x6d\xd2\xcc\x5b\xf4\xe0\xf2\x54" + "\x0f\xe9\x2a\xe7\x0a\x7d\xb0\x55" + "\x8a\x74\x83\x49\xf0\x2a\x6e\xa9"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Shake256_Copy(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE256 + DIGEST_COUNT_COPY_TEST(wc_Shake, Shake256, SHA3_256, + "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13" + "\x23\x3b\x3f\xeb\x74\x3e\xeb\x24" + "\x3f\xcd\x52\xea\x62\xb8\x1b\x82" + "\xb5\x0c\x27\x64\x6e\xd5\x76\x2f" + "\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00" + "\xcb\x05\x01\x9d\x67\xb5\x92\xf6" + "\xfc\x82\x1c\x49\x47\x9a\xb4\x86" + "\x40\x29\x2e\xac\xb3\xb7\xc4\xbe" + "\x14\x1e\x96\x61\x6f\xb1\x39\x57" + "\x69\x2c\xc7\xed\xd0\xb4\x5a\xe3" + "\xdc\x07\x22\x3c\x8e\x92\x93\x7b" + "\xef\x84\xbc\x0e\xab\x86\x28\x53" + "\x34\x9e\xc7\x55\x46\xf5\x8f\xb7" + "\xc2\x77\x5c\x38\x46\x2c\x50\x10" + "\xd8\x46\xc1\x85\xc1\x51\x11\xe5" + "\x95\x52\x2a\x6b\xcd\x16\xcf\x86" + "\xf3\xd1\x22\x10\x9e\x3b\x1f\xdd", + "\x48\x33\x66\x60\x13\x60\xa8\x77" + "\x1c\x68\x63\x08\x0c\xc4\x11\x4d" + "\x8d\xb4\x45\x30\xf8\xf1\xe1\xee" + "\x4f\x94\xea\x37\xe7\x8b\x57\x39" + "\xd5\xa1\x5b\xef\x18\x6a\x53\x86" + "\xc7\x57\x44\xc0\x52\x7e\x1f\xaa" + "\x9f\x87\x26\xe4\x62\xa1\x2a\x4f" + "\xeb\x06\xbd\x88\x01\xe7\x51\xe4" + "\x13\x85\x14\x12\x04\xf3\x29\x97" + "\x9f\xd3\x04\x7a\x13\xc5\x65\x77" + "\x24\xad\xa6\x4d\x24\x70\x15\x7b" + "\x3c\xdc\x28\x86\x20\x94\x4d\x78" + "\xdb\xcd\xdb\xd9\x12\x99\x3f\x09" + "\x13\xf1\x64\xfb\x2c\xe9\x51\x31" + "\xa2\xd0\x9a\x3e\x6d\x51\xcb\xfc" + "\x62\x27\x20\xd7\xa7\x5c\x63\x34" + "\xe8\xa2\xd7\xec\x71\xa7\xcc\x29"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Shake256Hash(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE256 + const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + word32 len = sizeof(data); + byte hash[WC_SHA3_256_COUNT * 8]; + word32 hashLen = sizeof(hash); + const char* expHash = + "\x84\x0d\x1c\xe8\x1a\x43\x27\x84" + "\x0b\x54\xcb\x1d\x41\x99\x07\xfd" + "\x1f\x62\x35\x9b\xad\x33\x65\x6e" + "\x05\x86\x53\xd2\xe4\x17\x2a\x43" + "\xac\xc9\x58\xdb\xec\x0c\xf0\xd4" + "\x73\xdb\x45\x8c\xe1\xc0\x07\xaa" + "\x6e\xb4\x0e\xac\x92\xaa\x0e\x65" + "\x20\x2e\xdb\x4d\x7f\xee\xd3\x78" + "\x8a\x77\xed\x6a\x6d\xdc\x5a\xbf" + "\xbf\xbf\xf7\x2f\x22\xf4\x9e\x66" + "\x7e\x45\x03\x2c\x1e\xe8\xcf\xb0" + "\x79\xf8\x08\x9b\x43\xd1\x6a\xe6" + "\xe5\x8f\x06\x3a\x4d\x93\xef\x36" + "\x99\xb3\x2b\x9d\x00\xb3\x3c\x37" + "\x2c\x10\xa4\x8d\x72\xf6\x4d\xa0" + "\x25\x97\xf4\xfa\x23\xd5\x89\x0a" + "\x4d\x65\x0a\xcb\x7b\xf8\xd2\x36"; + + ExpectIntEQ(wc_Shake256Hash(data, len, hash, hashLen), 0); + ExpectBufEQ(hash, expHash, hashLen); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Shake256Hash */ + +int test_wc_Shake256_Absorb(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE256 + wc_Shake shake256; + + ExpectIntEQ(wc_InitShake256(&shake256, HEAP_HINT, INVALID_DEVID), 0); + +#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0) + ExpectIntEQ(wc_Shake256_Absorb(NULL , NULL , 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Shake256_Absorb(&shake256, NULL , 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Shake256_Absorb(NULL , NULL , 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_Shake256_Absorb(&shake256, NULL, 0), 0); +#endif + ExpectIntEQ(wc_Shake256_Absorb(&shake256, (byte*)"a", 1), 0); + + wc_Shake256_Free(&shake256); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Shake256_SqueezeBlocks(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE256 + wc_Shake shake256; + byte hash[WC_SHA3_256_COUNT * 8]; + + ExpectIntEQ(wc_InitShake256(&shake256, HEAP_HINT, INVALID_DEVID), 0); + +#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0) + ExpectIntEQ(wc_Shake256_SqueezeBlocks(NULL , NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Shake256_SqueezeBlocks(&shake256, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Shake256_SqueezeBlocks(NULL , NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_Shake256_SqueezeBlocks(&shake256, NULL, 0), 0); +#endif + ExpectIntEQ(wc_Shake256_SqueezeBlocks(&shake256, hash, 1), 0); + + wc_Shake256_Free(&shake256); +#endif + return EXPECT_RESULT(); +} + +#define TEST_SHAKE256_MAX_BLOCKS 3 +int test_wc_Shake256_XOF(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHAKE256 + wc_Shake shake256; + byte hash[WC_SHA3_256_COUNT * 8 * TEST_SHAKE256_MAX_BLOCKS]; + const char* expOut = + "\x26\x16\x27\x51\x34\xae\xba\x85" + "\x2e\x81\x43\x9a\x50\x72\x03\xd8" + "\x1c\x58\x2b\x87\xb5\x89\x3a\x45" + "\x66\xfe\x0e\x5a\xde\x60\x8e\xca" + "\x2e\x27\x87\x25\x08\x0f\x13\x0e" + "\x4e\x82\xb0\x6a\x4b\xe0\xca\x79" + "\xcc\x55\xd8\x3f\xb4\x36\x74\x18" + "\x5d\x2d\xb9\xa7\x95\x25\x6b\x44" + "\x70\xc5\xa0\xa5\x21\x7e\x88\xed" + "\x70\x67\x71\x57\x61\xb2\x3c\xb8" + "\x89\x0f\x43\x28\x8a\xa9\xf1\x29" + "\x4c\x71\x33\xe7\x96\x4e\x8b\x58" + "\x7c\x16\x12\xed\xac\x10\xfb\xc8" + "\xf8\xd2\x1f\xa3\x12\x29\x34\xb2" + "\xf1\xaa\xcd\x4a\x10\x7a\xd1\x68" + "\x00\xc1\xb2\xb8\x4b\xb2\xe5\x8a" + "\xa3\xa0\xda\x73\x15\x3e\xb4\x50" + "\x70\x3a\x3c\x7f\x8d\xd7\xa8\xfc" + "\x03\x63\x0f\x80\x15\xd7\x05\x4f" + "\x48\x42\x52\x12\x4f\xa1\x87\x85" + "\xb9\xa4\x9b\x04\x17\xdb\x9f\x62" + "\x9a\xbb\x07\x40\x56\x6c\xb0\xb9" + "\x20\xf1\x85\x18\x36\x4f\x2e\x71" + "\x16\x7d\xc0\xed\xb3\x89\x22\x3c" + "\x93\xbd\xee\x71\x36\x59\x25\x7b" + "\xae\x3c\x8b\x4b\xa8\xac\x63\xef" + "\xd5\xfe\x6c\x07\x6b\xb9\x3b\x41" + "\x8f\x30\x6d\xee\x7b\x1d\xfc\x6c" + "\xda\x21\x1f\xaa\x63\x72\xc6\xf1" + "\x51\x27\xce\xdc\x6b\xb2\x84\x7c" + "\x79\x3b\xa3\xaf\xf0\xb7\x2d\xd8" + "\x6e\xd9\xc5\x2e\x5e\x48\x42\xbc" + "\xc3\xe5\x3a\xee\x82\x6c\x90\x21" + "\xc9\x17\x9e\x17\x2c\x30\x11\x34" + "\x0a\x53\x33\x93\x47\xca\x7d\x9e" + "\x4e\xb4\xea\x70\xb7\x58\x39\xc2" + "\x3c\x29\x6c\x9d\x75\x45\x88\x3d" + "\x68\x5c\x1c\x6a\x52\x56\x6c\xe5" + "\x28\x51\xf1\x64\xce\x0b\x45\x66" + "\x7a\xc4\xb7\x42\x08\x39\x00\x17" + "\xbe\x55\xd2\xda\x05\x5e\x70\xc3" + "\xdc\x65\x36\x0b\xa9\x49\x95\xce" + "\x8a\x04\x04\x4e\xb2\xff\xfa\x31" + "\x07\x09\x5d\xe4\xa8\x04\x10\xf2" + "\x84\x3c\x5d\xf4\x99\x5d\x75\x23" + "\x03\x66\xed\xac\x07\xbb\x89\x61" + "\xd6\xd0\x5f\x19\xd2\x2f\x1c\xd7" + "\x73\x4d\x92\x12\x85\x07\x9c\x38" + "\xd2\x50\x6e\xe5\xe8\x15\x6c\xf6" + "\xde\x66\x9a\x10\x6f\xa1\xaf\x20" + "\x99\x1d\xc0\xe6\xdc\xeb\xbc\x74"; + int i; + int j; + + for (i = 1; i <= TEST_SHAKE256_MAX_BLOCKS; i++) { + ExpectIntEQ(wc_InitShake256(&shake256, HEAP_HINT, INVALID_DEVID), 0); + + ExpectIntEQ(wc_Shake256_Absorb(&shake256, (byte*)"Starting point", 15), + 0); + + for (j = 0; j < TEST_SHAKE256_MAX_BLOCKS; j += i) { + int cnt = TEST_SHAKE256_MAX_BLOCKS - j; + if (i < cnt) + cnt = i; + ExpectIntEQ(wc_Shake256_SqueezeBlocks(&shake256, + hash + WC_SHA3_256_COUNT * 8 * j, cnt), 0); + } + ExpectBufEQ(hash, expOut, + WC_SHA3_256_COUNT * 8 * TEST_SHAKE256_MAX_BLOCKS); + } + + wc_Shake256_Free(&shake256); +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_sha3.h b/test/ssl/wolfssl/tests/api/test_sha3.h new file mode 100644 index 000000000..16160bda9 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_sha3.h @@ -0,0 +1,98 @@ +/* test_sha3.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_SHA3_H +#define WOLFCRYPT_TEST_SHA3_H + +#include + +int test_wc_InitSha3(void); +int test_wc_Sha3_Update(void); +int test_wc_Sha3_Final(void); +int test_wc_Sha3_224_KATs(void); +int test_wc_Sha3_256_KATs(void); +int test_wc_Sha3_384_KATs(void); +int test_wc_Sha3_512_KATs(void); +int test_wc_Sha3_other(void); +int test_wc_Sha3_Copy(void); +int test_wc_Sha3_GetHash(void); +int test_wc_Sha3_Flags(void); + +int test_wc_InitShake128(void); +int test_wc_Shake128_Update(void); +int test_wc_Shake128_Final(void); +int test_wc_Shake128_KATs(void); +int test_wc_Shake128_other(void); +int test_wc_Shake128_Copy(void); +int test_wc_Shake128Hash(void); +int test_wc_Shake128_Absorb(void); +int test_wc_Shake128_SqueezeBlocks(void); +int test_wc_Shake128_XOF(void); + +int test_wc_InitShake256(void); +int test_wc_Shake256_Update(void); +int test_wc_Shake256_Final(void); +int test_wc_Shake256_KATs(void); +int test_wc_Shake256_other(void); +int test_wc_Shake256_Copy(void); +int test_wc_Shake256Hash(void); +int test_wc_Shake256_Absorb(void); +int test_wc_Shake256_SqueezeBlocks(void); +int test_wc_Shake256_XOF(void); + +#define TEST_SHA3_DECLS \ + TEST_DECL_GROUP("sha3", test_wc_InitSha3), \ + TEST_DECL_GROUP("sha3", test_wc_Sha3_Update), \ + TEST_DECL_GROUP("sha3", test_wc_Sha3_Final), \ + TEST_DECL_GROUP("sha3", test_wc_Sha3_224_KATs), \ + TEST_DECL_GROUP("sha3", test_wc_Sha3_256_KATs), \ + TEST_DECL_GROUP("sha3", test_wc_Sha3_384_KATs), \ + TEST_DECL_GROUP("sha3", test_wc_Sha3_512_KATs), \ + TEST_DECL_GROUP("sha3", test_wc_Sha3_other), \ + TEST_DECL_GROUP("sha3", test_wc_Sha3_Copy), \ + TEST_DECL_GROUP("sha3", test_wc_Sha3_GetHash), \ + TEST_DECL_GROUP("sha3", test_wc_Sha3_Flags) + +#define TEST_SHAKE128_DECLS \ + TEST_DECL_GROUP("shake128", test_wc_InitShake128), \ + TEST_DECL_GROUP("shake128", test_wc_Shake128_Update), \ + TEST_DECL_GROUP("shake128", test_wc_Shake128_Final), \ + TEST_DECL_GROUP("shake128", test_wc_Shake128_KATs), \ + TEST_DECL_GROUP("shake128", test_wc_Shake128_other), \ + TEST_DECL_GROUP("shake128", test_wc_Shake128_Copy), \ + TEST_DECL_GROUP("shake128", test_wc_Shake128Hash), \ + TEST_DECL_GROUP("shake128", test_wc_Shake128_Absorb), \ + TEST_DECL_GROUP("shake128", test_wc_Shake128_SqueezeBlocks), \ + TEST_DECL_GROUP("shake128", test_wc_Shake128_XOF) + +#define TEST_SHAKE256_DECLS \ + TEST_DECL_GROUP("shake256", test_wc_InitShake256), \ + TEST_DECL_GROUP("shake256", test_wc_Shake256_Update), \ + TEST_DECL_GROUP("shake256", test_wc_Shake256_Final), \ + TEST_DECL_GROUP("shake256", test_wc_Shake256_KATs), \ + TEST_DECL_GROUP("shake256", test_wc_Shake256_other), \ + TEST_DECL_GROUP("shake256", test_wc_Shake256_Copy), \ + TEST_DECL_GROUP("shake256", test_wc_Shake256Hash), \ + TEST_DECL_GROUP("shake256", test_wc_Shake256_Absorb), \ + TEST_DECL_GROUP("shake256", test_wc_Shake256_SqueezeBlocks), \ + TEST_DECL_GROUP("shake256", test_wc_Shake256_XOF) + +#endif /* WOLFCRYPT_TEST_SHA3_H */ diff --git a/test/ssl/wolfssl/tests/api/test_sha512.c b/test/ssl/wolfssl/tests/api/test_sha512.c new file mode 100644 index 000000000..7eb277a82 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_sha512.c @@ -0,0 +1,876 @@ +/* test_sha512.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +/******************************************************************************* + * SHA-512 + ******************************************************************************/ + +/* + * Unit test for the wc_InitSha512() + */ +int test_wc_InitSha512(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA512 + DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha512, Sha512); +#endif + return EXPECT_RESULT(); +} /* END test_wc_InitSha512 */ + +/* + * Tesing wc_Sha512Update() + */ +int test_wc_Sha512Update(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA512 + DIGEST_UPDATE_TEST(wc_Sha512, Sha512); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha512Update() */ + +/* + * Unit test on wc_Sha512Final + */ +int test_wc_Sha512Final(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA512 + DIGEST_FINAL_TEST(wc_Sha512, Sha512, SHA512); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha512Final */ + +/* + * Unit test on wc_Sha512FinalRaw + */ +int test_wc_Sha512FinalRaw(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(HAVE_SELFTEST) && \ + !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \ + !defined(WOLFSSL_NO_HASH_RAW) + DIGEST_FINAL_RAW_TEST(wc_Sha512, Sha512, SHA512, + "\x6a\x09\xe6\x67\xf3\xbc\xc9\x08" + "\xbb\x67\xae\x85\x84\xca\xa7\x3b" + "\x3c\x6e\xf3\x72\xfe\x94\xf8\x2b" + "\xa5\x4f\xf5\x3a\x5f\x1d\x36\xf1" + "\x51\x0e\x52\x7f\xad\xe6\x82\xd1" + "\x9b\x05\x68\x8c\x2b\x3e\x6c\x1f" + "\x1f\x83\xd9\xab\xfb\x41\xbd\x6b" + "\x5b\xe0\xcd\x19\x13\x7e\x21\x79"); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha512Final */ + +#define SHA512_KAT_CNT 7 +int test_wc_Sha512_KATs(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA512 + DIGEST_KATS_TEST_VARS(wc_Sha512, SHA512); + + DIGEST_KATS_ADD("", 0, + "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd" + "\xf1\x54\x28\x50\xd6\x6d\x80\x07" + "\xd6\x20\xe4\x05\x0b\x57\x15\xdc" + "\x83\xf4\xa9\x21\xd3\x6c\xe9\xce" + "\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0" + "\xff\x83\x18\xd2\x87\x7e\xec\x2f" + "\x63\xb9\x31\xbd\x47\x41\x7a\x81" + "\xa5\x38\x32\x7a\xf9\x27\xda\x3e"); + DIGEST_KATS_ADD("a", 1, + "\x1f\x40\xfc\x92\xda\x24\x16\x94" + "\x75\x09\x79\xee\x6c\xf5\x82\xf2" + "\xd5\xd7\xd2\x8e\x18\x33\x5d\xe0" + "\x5a\xbc\x54\xd0\x56\x0e\x0f\x53" + "\x02\x86\x0c\x65\x2b\xf0\x8d\x56" + "\x02\x52\xaa\x5e\x74\x21\x05\x46" + "\xf3\x69\xfb\xbb\xce\x8c\x12\xcf" + "\xc7\x95\x7b\x26\x52\xfe\x9a\x75"); + DIGEST_KATS_ADD("abc", 3, + "\xdd\xaf\x35\xa1\x93\x61\x7a\xba" + "\xcc\x41\x73\x49\xae\x20\x41\x31" + "\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2" + "\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a" + "\x21\x92\x99\x2a\x27\x4f\xc1\xa8" + "\x36\xba\x3c\x23\xa3\xfe\xeb\xbd" + "\x45\x4d\x44\x23\x64\x3c\xe8\x0e" + "\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f"); + DIGEST_KATS_ADD("message digest", 14, + "\x10\x7d\xbf\x38\x9d\x9e\x9f\x71" + "\xa3\xa9\x5f\x6c\x05\x5b\x92\x51" + "\xbc\x52\x68\xc2\xbe\x16\xd6\xc1" + "\x34\x92\xea\x45\xb0\x19\x9f\x33" + "\x09\xe1\x64\x55\xab\x1e\x96\x11" + "\x8e\x8a\x90\x5d\x55\x97\xb7\x20" + "\x38\xdd\xb3\x72\xa8\x98\x26\x04" + "\x6d\xe6\x66\x87\xbb\x42\x0e\x7c"); + DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26, + "\x4d\xbf\xf8\x6c\xc2\xca\x1b\xae" + "\x1e\x16\x46\x8a\x05\xcb\x98\x81" + "\xc9\x7f\x17\x53\xbc\xe3\x61\x90" + "\x34\x89\x8f\xaa\x1a\xab\xe4\x29" + "\x95\x5a\x1b\xf8\xec\x48\x3d\x74" + "\x21\xfe\x3c\x16\x46\x61\x3a\x59" + "\xed\x54\x41\xfb\x0f\x32\x13\x89" + "\xf7\x7f\x48\xa8\x79\xc7\xb1\xf1"); + DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", 62, + "\x1e\x07\xbe\x23\xc2\x6a\x86\xea" + "\x37\xea\x81\x0c\x8e\xc7\x80\x93" + "\x52\x51\x5a\x97\x0e\x92\x53\xc2" + "\x6f\x53\x6c\xfc\x7a\x99\x96\xc4" + "\x5c\x83\x70\x58\x3e\x0a\x78\xfa" + "\x4a\x90\x04\x1d\x71\xa4\xce\xab" + "\x74\x23\xf1\x9c\x71\xb9\xd5\xa3" + "\xe0\x12\x49\xf0\xbe\xbd\x58\x94"); + DIGEST_KATS_ADD("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", 80, + "\x72\xec\x1e\xf1\x12\x4a\x45\xb0" + "\x47\xe8\xb7\xc7\x5a\x93\x21\x95" + "\x13\x5b\xb6\x1d\xe2\x4e\xc0\xd1" + "\x91\x40\x42\x24\x6e\x0a\xec\x3a" + "\x23\x54\xe0\x93\xd7\x6f\x30\x48" + "\xb4\x56\x76\x43\x46\x90\x0c\xb1" + "\x30\xd2\xa4\xfd\x5d\xd1\x6a\xbb" + "\x5e\x30\xbc\xb8\x50\xde\xe8\x43"); + + DIGEST_KATS_TEST(Sha512, SHA512); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha512Final */ + +int test_wc_Sha512_other(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA512 + DIGEST_OTHER_TEST(wc_Sha512, Sha512, SHA512, + "\xf2\x7d\xa3\xe0\x25\x71\x51\x3f" + "\x75\xf4\xdc\xea\xdc\xf7\x7f\xf1" + "\xad\x5a\x51\x32\x07\x73\x1d\xf8" + "\xdd\xaa\xf1\x15\x3e\xa3\x3c\xc5" + "\x00\x76\x6e\x1d\xa5\xa2\x4a\x44" + "\x99\x3e\x2d\xaa\xa8\x05\xc8\x49" + "\xf0\x83\x34\x02\x07\x43\x8b\xac" + "\xfb\xe6\x02\x40\x6b\x48\x54\x8e"); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha512Final */ + +int test_wc_Sha512Copy(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA512 + DIGEST_COPY_TEST(wc_Sha512, Sha512, SHA512, + "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd" + "\xf1\x54\x28\x50\xd6\x6d\x80\x07" + "\xd6\x20\xe4\x05\x0b\x57\x15\xdc" + "\x83\xf4\xa9\x21\xd3\x6c\xe9\xce" + "\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0" + "\xff\x83\x18\xd2\x87\x7e\xec\x2f" + "\x63\xb9\x31\xbd\x47\x41\x7a\x81" + "\xa5\x38\x32\x7a\xf9\x27\xda\x3e", + "\xdd\xaf\x35\xa1\x93\x61\x7a\xba" + "\xcc\x41\x73\x49\xae\x20\x41\x31" + "\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2" + "\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a" + "\x21\x92\x99\x2a\x27\x4f\xc1\xa8" + "\x36\xba\x3c\x23\xa3\xfe\xeb\xbd" + "\x45\x4d\x44\x23\x64\x3c\xe8\x0e" + "\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha512GetHash(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA512 + DIGEST_GET_HASH_TEST(wc_Sha512, Sha512, SHA512, + "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd" + "\xf1\x54\x28\x50\xd6\x6d\x80\x07" + "\xd6\x20\xe4\x05\x0b\x57\x15\xdc" + "\x83\xf4\xa9\x21\xd3\x6c\xe9\xce" + "\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0" + "\xff\x83\x18\xd2\x87\x7e\xec\x2f" + "\x63\xb9\x31\xbd\x47\x41\x7a\x81" + "\xa5\x38\x32\x7a\xf9\x27\xda\x3e", + "\xdd\xaf\x35\xa1\x93\x61\x7a\xba" + "\xcc\x41\x73\x49\xae\x20\x41\x31" + "\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2" + "\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a" + "\x21\x92\x99\x2a\x27\x4f\xc1\xa8" + "\x36\xba\x3c\x23\xa3\xfe\xeb\xbd" + "\x45\x4d\x44\x23\x64\x3c\xe8\x0e" + "\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha512Transform(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && \ + (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \ + !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) + DIGEST_TRANSFORM_FINAL_RAW_ALL_TEST(wc_Sha512, Sha512, SHA512, + "\x80\x63\x62\x61\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x18\x00\x00\x00", + "\x54\x52\xb6\x73\x58\x3e\x6f\x12" + "\xcb\x0b\xf3\x61\x38\xb9\x76\xe8" + "\x2e\x46\x13\xd9\x4a\x67\xe3\x7c" + "\x5c\xd7\xa5\xe6\x43\x55\x16\xa2" + "\x83\x06\x9a\x32\x69\x55\x63\x95" + "\x68\x75\xde\x70\x09\x4d\xcd\xfe" + "\xbe\x11\x20\xd6\xe7\x7c\x49\xd3" + "\x5b\xd7\x07\x75\x19\xc9\x8a\xfa"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha512_Flags(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && defined(WOLFSSL_HASH_FLAGS) + DIGEST_FLAGS_TEST(wc_Sha512, Sha512); +#endif + return EXPECT_RESULT(); +} + +/******************************************************************************* + * SHA-512-224 + ******************************************************************************/ + +/* + * Unit test for the wc_InitSha512_224() + */ +int test_wc_InitSha512_224(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha512, Sha512_224); +#endif + return EXPECT_RESULT(); +} /* END test_wc_InitSha512_224 */ + +/* + * Tesing wc_Sha512_224Update() + */ +int test_wc_Sha512_224Update(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + DIGEST_UPDATE_TEST(wc_Sha512, Sha512_224); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha512_224Update() */ + +/* + * Unit test on wc_Sha512_224Final + */ +int test_wc_Sha512_224Final(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + DIGEST_FINAL_TEST(wc_Sha512, Sha512_224, SHA512_224); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha512_224Final */ + +/* + * Unit test on wc_Sha512_224FinalRaw + */ +int test_wc_Sha512_224FinalRaw(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_DEVCRYPTO) && \ + (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION >= 3))) && !defined(WOLFSSL_NO_HASH_RAW) + DIGEST_FINAL_RAW_TEST(wc_Sha512, Sha512_224, SHA512_224, + "\x8c\x3d\x37\xc8\x19\x54\x4d\xa2" + "\x73\xe1\x99\x66\x89\xdc\xd4\xd6" + "\x1d\xfa\xb7\xae\x32\xff\x9c\x82" + "\x67\x9d\xd5\x14"); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha512_224Final */ + +#define SHA512_224_KAT_CNT 7 +int test_wc_Sha512_224_KATs(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + DIGEST_KATS_TEST_VARS(wc_Sha512, SHA512_224); + + DIGEST_KATS_ADD("", 0, + "\x6e\xd0\xdd\x02\x80\x6f\xa8\x9e" + "\x25\xde\x06\x0c\x19\xd3\xac\x86" + "\xca\xbb\x87\xd6\xa0\xdd\xd0\x5c" + "\x33\x3b\x84\xf4"); + DIGEST_KATS_ADD("a", 1, + "\xd5\xcd\xb9\xcc\xc7\x69\xa5\x12" + "\x1d\x41\x75\xf2\xbf\xdd\x13\xd6" + "\x31\x0e\x0d\x3d\x36\x1e\xa7\x5d" + "\x82\x10\x83\x27"); + DIGEST_KATS_ADD("abc", 3, + "\x46\x34\x27\x0f\x70\x7b\x6a\x54" + "\xda\xae\x75\x30\x46\x08\x42\xe2" + "\x0e\x37\xed\x26\x5c\xee\xe9\xa4" + "\x3e\x89\x24\xaa"); + DIGEST_KATS_ADD("message digest", 14, + "\xad\x1a\x4d\xb1\x88\xfe\x57\x06" + "\x4f\x4f\x24\x60\x9d\x2a\x83\xcd" + "\x0a\xfb\x9b\x39\x8e\xb2\xfc\xae" + "\xaa\xe2\xc5\x64"); + DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26, + "\xff\x83\x14\x8a\xa0\x7e\xc3\x06" + "\x55\xc1\xb4\x0a\xff\x86\x14\x1c" + "\x02\x15\xfe\x2a\x54\xf7\x67\xd3" + "\xf3\x87\x43\xd8"); + DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", 62, + "\xa8\xb4\xb9\x17\x4b\x99\xff\xc6" + "\x7d\x6f\x49\xbe\x99\x81\x58\x7b" + "\x96\x44\x10\x51\xe1\x6e\x6d\xd0" + "\x36\xb1\x40\xd3"); + DIGEST_KATS_ADD("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", 80, + "\xae\x98\x8f\xaa\xa4\x7e\x40\x1a" + "\x45\xf7\x04\xd1\x27\x2d\x99\x70" + "\x24\x58\xfe\xa2\xdd\xc6\x58\x28" + "\x27\x55\x6d\xd2"); + + DIGEST_KATS_TEST(Sha512_224, SHA512_224); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha512_224Final */ + +int test_wc_Sha512_224_other(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + DIGEST_OTHER_TEST(wc_Sha512, Sha512_224, SHA512_224, + "\xbe\xbb\x85\xa0\x14\x9f\xd7\xae" + "\xc4\xbe\xa4\x8f\xa3\xeb\xac\xc0" + "\x88\x02\x6b\xa0\xe8\x22\x5c\xb3" + "\x12\x11\xa0\x48"); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha512_224Final */ + +int test_wc_Sha512_224Copy(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + DIGEST_COPY_TEST(wc_Sha512, Sha512_224, SHA512_224, + "\x6e\xd0\xdd\x02\x80\x6f\xa8\x9e" + "\x25\xde\x06\x0c\x19\xd3\xac\x86" + "\xca\xbb\x87\xd6\xa0\xdd\xd0\x5c" + "\x33\x3b\x84\xf4", + "\x46\x34\x27\x0f\x70\x7b\x6a\x54" + "\xda\xae\x75\x30\x46\x08\x42\xe2" + "\x0e\x37\xed\x26\x5c\xee\xe9\xa4" + "\x3e\x89\x24\xaa"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha512_224GetHash(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) + DIGEST_GET_HASH_TEST(wc_Sha512, Sha512_224, SHA512_224, + "\x6e\xd0\xdd\x02\x80\x6f\xa8\x9e" + "\x25\xde\x06\x0c\x19\xd3\xac\x86" + "\xca\xbb\x87\xd6\xa0\xdd\xd0\x5c" + "\x33\x3b\x84\xf4", + "\x46\x34\x27\x0f\x70\x7b\x6a\x54" + "\xda\xae\x75\x30\x46\x08\x42\xe2" + "\x0e\x37\xed\x26\x5c\xee\xe9\xa4" + "\x3e\x89\x24\xaa"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha512_224Transform(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \ + (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \ + !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) + DIGEST_TRANSFORM_FINAL_RAW_ALL_TEST(wc_Sha512, Sha512_224, SHA512_224, + "\x61\x62\x63\x80\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x18", + "\x46\x34\x27\x0f\x70\x7b\x6a\x54" + "\xda\xae\x75\x30\x46\x08\x42\xe2" + "\x0e\x37\xed\x26\x5c\xee\xe9\xa4" + "\x3e\x89\x24\xaa"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha512_224_Flags(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_224) && \ + defined(WOLFSSL_HASH_FLAGS) + DIGEST_FLAGS_TEST(wc_Sha512, Sha512_224); +#endif + return EXPECT_RESULT(); +} + +/******************************************************************************* + * SHA-512-256 + ******************************************************************************/ + +/* + * Unit test for the wc_InitSha512_256() + */ +int test_wc_InitSha512_256(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha512, Sha512_256); +#endif + return EXPECT_RESULT(); +} /* END test_wc_InitSha512_256 */ + +/* + * Tesing wc_Sha512_256Update() + */ +int test_wc_Sha512_256Update(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + DIGEST_UPDATE_TEST(wc_Sha512, Sha512_256); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha512_256Update() */ + +/* + * Unit test on wc_Sha512_256Final + */ +int test_wc_Sha512_256Final(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + DIGEST_FINAL_TEST(wc_Sha512, Sha512_256, SHA512_256); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha512_256Final */ + +/* + * Unit test on wc_Sha512_256FinalRaw + */ +int test_wc_Sha512_256FinalRaw(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \ + !defined(HAVE_SELFTEST) && !defined(WOLFSSL_DEVCRYPTO) && \ + (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION >= 3))) && !defined(WOLFSSL_NO_HASH_RAW) + DIGEST_FINAL_RAW_TEST(wc_Sha512, Sha512_256, SHA512_256, + "\x22\x31\x21\x94\xfc\x2b\xf7\x2c" + "\x9f\x55\x5f\xa3\xc8\x4c\x64\xc2" + "\x23\x93\xb8\x6b\x6f\x53\xb1\x51" + "\x96\x38\x77\x19\x59\x40\xea\xbd"); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha512_256Final */ + +#define SHA512_256_KAT_CNT 7 +int test_wc_Sha512_256_KATs(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + DIGEST_KATS_TEST_VARS(wc_Sha512, SHA512_256); + + DIGEST_KATS_ADD("", 0, + "\xc6\x72\xb8\xd1\xef\x56\xed\x28" + "\xab\x87\xc3\x62\x2c\x51\x14\x06" + "\x9b\xdd\x3a\xd7\xb8\xf9\x73\x74" + "\x98\xd0\xc0\x1e\xce\xf0\x96\x7a"); + DIGEST_KATS_ADD("a", 1, + "\x45\x5e\x51\x88\x24\xbc\x06\x01" + "\xf9\xfb\x85\x8f\xf5\xc3\x7d\x41" + "\x7d\x67\xc2\xf8\xe0\xdf\x2b\xab" + "\xe4\x80\x88\x58\xae\xa8\x30\xf8"); + DIGEST_KATS_ADD("abc", 3, + "\x53\x04\x8e\x26\x81\x94\x1e\xf9" + "\x9b\x2e\x29\xb7\x6b\x4c\x7d\xab" + "\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46" + "\xe0\xe2\xf1\x31\x07\xe7\xaf\x23"); + DIGEST_KATS_ADD("message digest", 14, + "\x0c\xf4\x71\xfd\x17\xed\x69\xd9" + "\x90\xda\xf3\x43\x3c\x89\xb1\x6d" + "\x63\xde\xc1\xbb\x9c\xb4\x2a\x60" + "\x94\x60\x4e\xe5\xd7\xb4\xe9\xfb"); + DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26, + "\xfc\x31\x89\x44\x3f\x9c\x26\x8f" + "\x62\x6a\xea\x08\xa7\x56\xab\xe7" + "\xb7\x26\xb0\x5f\x70\x1c\xb0\x82" + "\x22\x31\x2c\xcf\xd6\x71\x0a\x26"); + DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", 62, + "\xcd\xf1\xcc\x0e\xff\xe2\x6e\xcc" + "\x0c\x13\x75\x8f\x7b\x4a\x48\xe0" + "\x00\x61\x5d\xf2\x41\x28\x41\x85" + "\xc3\x9e\xb0\x5d\x35\x5b\xb9\xc8"); + DIGEST_KATS_ADD("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", 80, + "\x2c\x9f\xdb\xc0\xc9\x0b\xdd\x87" + "\x61\x2e\xe8\x45\x54\x74\xf9\x04" + "\x48\x50\x24\x1d\xc1\x05\xb1\xe8" + "\xb9\x4b\x8d\xdf\x5f\xac\x91\x48"); + + DIGEST_KATS_TEST(Sha512_256, SHA512_256); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha512_256Final */ + +int test_wc_Sha512_256_other(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + DIGEST_OTHER_TEST(wc_Sha512, Sha512_256, SHA512_256, + "\x0c\x80\x73\xf5\xf4\xc8\xc7\x13" + "\x4a\xc4\x8a\xda\x04\xfc\x77\x74" + "\xea\xa0\x85\xa9\x29\xb3\x54\xa4" + "\x08\xef\x2a\x87\x61\x1f\x8c\xb8"); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha512_256Final */ + +int test_wc_Sha512_256Copy(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + DIGEST_COPY_TEST(wc_Sha512, Sha512_256, SHA512_256, + "\xc6\x72\xb8\xd1\xef\x56\xed\x28" + "\xab\x87\xc3\x62\x2c\x51\x14\x06" + "\x9b\xdd\x3a\xd7\xb8\xf9\x73\x74" + "\x98\xd0\xc0\x1e\xce\xf0\x96\x7a", + "\x53\x04\x8e\x26\x81\x94\x1e\xf9" + "\x9b\x2e\x29\xb7\x6b\x4c\x7d\xab" + "\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46" + "\xe0\xe2\xf1\x31\x07\xe7\xaf\x23"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha512_256GetHash(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) + DIGEST_GET_HASH_TEST(wc_Sha512, Sha512_256, SHA512_256, + "\xc6\x72\xb8\xd1\xef\x56\xed\x28" + "\xab\x87\xc3\x62\x2c\x51\x14\x06" + "\x9b\xdd\x3a\xd7\xb8\xf9\x73\x74" + "\x98\xd0\xc0\x1e\xce\xf0\x96\x7a", + "\x53\x04\x8e\x26\x81\x94\x1e\xf9" + "\x9b\x2e\x29\xb7\x6b\x4c\x7d\xab" + "\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46" + "\xe0\xe2\xf1\x31\x07\xe7\xaf\x23"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha512_256Transform(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \ + (defined(OPENSSL_EXTRA) || defined(HAVE_CURL)) && \ + !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) + DIGEST_TRANSFORM_FINAL_RAW_ALL_TEST(wc_Sha512, Sha512_256, SHA512_256, + "\x61\x62\x63\x80\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x18", + "\x53\x04\x8e\x26\x81\x94\x1e\xf9" + "\x9b\x2e\x29\xb7\x6b\x4c\x7d\xab" + "\xe4\xc2\xd0\xc6\x34\xfc\x6d\x46" + "\xe0\xe2\xf1\x31\x07\xe7\xaf\x23"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha512_256_Flags(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA512) && !defined(WOLFSSL_NOSHA512_256) && \ + defined(WOLFSSL_HASH_FLAGS) + DIGEST_FLAGS_TEST(wc_Sha512, Sha512_256); +#endif + return EXPECT_RESULT(); +} + +/******************************************************************************* + * SHA-384 + ******************************************************************************/ + +/* + * Unit test for the wc_InitSha384() + */ +int test_wc_InitSha384(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA384 + DIGEST_INIT_AND_INIT_EX_TEST(wc_Sha384, Sha384); +#endif + return EXPECT_RESULT(); +} /* END test_wc_InitSha384 */ + +/* + * Tesing wc_Sha384Update() + */ +int test_wc_Sha384Update(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA384 + DIGEST_UPDATE_TEST(wc_Sha384, Sha384); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha384Update() */ + +/* + * Unit test on wc_Sha384Final + */ +int test_wc_Sha384Final(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA384 + DIGEST_FINAL_TEST(wc_Sha384, Sha384, SHA384); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha384Final */ + +/* + * Unit test on wc_Sha384FinalRaw + */ +int test_wc_Sha384FinalRaw(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA384) && !defined(HAVE_SELFTEST) && \ + !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \ + !defined(WOLFSSL_NO_HASH_RAW) + DIGEST_FINAL_RAW_TEST(wc_Sha384, Sha384, SHA384, + "\xcb\xbb\x9d\x5d\xc1\x05\x9e\xd8" + "\x62\x9a\x29\x2a\x36\x7c\xd5\x07" + "\x91\x59\x01\x5a\x30\x70\xdd\x17" + "\x15\x2f\xec\xd8\xf7\x0e\x59\x39" + "\x67\x33\x26\x67\xff\xc0\x0b\x31" + "\x8e\xb4\x4a\x87\x68\x58\x15\x11"); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha384 */ + +#define SHA384_KAT_CNT 7 +int test_wc_Sha384_KATs(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA384 + DIGEST_KATS_TEST_VARS(wc_Sha384, SHA384); + + DIGEST_KATS_ADD("", 0, + "\x38\xb0\x60\xa7\x51\xac\x96\x38" + "\x4c\xd9\x32\x7e\xb1\xb1\xe3\x6a" + "\x21\xfd\xb7\x11\x14\xbe\x07\x43" + "\x4c\x0c\xc7\xbf\x63\xf6\xe1\xda" + "\x27\x4e\xde\xbf\xe7\x6f\x65\xfb" + "\xd5\x1a\xd2\xf1\x48\x98\xb9\x5b"); + DIGEST_KATS_ADD("a", 1, + "\x54\xa5\x9b\x9f\x22\xb0\xb8\x08" + "\x80\xd8\x42\x7e\x54\x8b\x7c\x23" + "\xab\xd8\x73\x48\x6e\x1f\x03\x5d" + "\xce\x9c\xd6\x97\xe8\x51\x75\x03" + "\x3c\xaa\x88\xe6\xd5\x7b\xc3\x5e" + "\xfa\xe0\xb5\xaf\xd3\x14\x5f\x31"); + DIGEST_KATS_ADD("abc", 3, + "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b" + "\xb5\xa0\x3d\x69\x9a\xc6\x50\x07" + "\x27\x2c\x32\xab\x0e\xde\xd1\x63" + "\x1a\x8b\x60\x5a\x43\xff\x5b\xed" + "\x80\x86\x07\x2b\xa1\xe7\xcc\x23" + "\x58\xba\xec\xa1\x34\xc8\x25\xa7"); + DIGEST_KATS_ADD("message digest", 14, + "\x47\x3e\xd3\x51\x67\xec\x1f\x5d" + "\x8e\x55\x03\x68\xa3\xdb\x39\xbe" + "\x54\x63\x9f\x82\x88\x68\xe9\x45" + "\x4c\x23\x9f\xc8\xb5\x2e\x3c\x61" + "\xdb\xd0\xd8\xb4\xde\x13\x90\xc2" + "\x56\xdc\xbb\x5d\x5f\xd9\x9c\xd5"); + DIGEST_KATS_ADD("abcdefghijklmnopqrstuvwxyz", 26, + "\xfe\xb6\x73\x49\xdf\x3d\xb6\xf5" + "\x92\x48\x15\xd6\xc3\xdc\x13\x3f" + "\x09\x18\x09\x21\x37\x31\xfe\x5c" + "\x7b\x5f\x49\x99\xe4\x63\x47\x9f" + "\xf2\x87\x7f\x5f\x29\x36\xfa\x63" + "\xbb\x43\x78\x4b\x12\xf3\xeb\xb4"); + DIGEST_KATS_ADD("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789", 62, + "\x17\x61\x33\x6e\x3f\x7c\xbf\xe5" + "\x1d\xeb\x13\x7f\x02\x6f\x89\xe0" + "\x1a\x44\x8e\x3b\x1f\xaf\xa6\x40" + "\x39\xc1\x46\x4e\xe8\x73\x2f\x11" + "\xa5\x34\x1a\x6f\x41\xe0\xc2\x02" + "\x29\x47\x36\xed\x64\xdb\x1a\x84"); + DIGEST_KATS_ADD("1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890", 80, + "\xb1\x29\x32\xb0\x62\x7d\x1c\x06" + "\x09\x42\xf5\x44\x77\x64\x15\x56" + "\x55\xbd\x4d\xa0\xc9\xaf\xa6\xdd" + "\x9b\x9e\xf5\x31\x29\xaf\x1b\x8f" + "\xb0\x19\x59\x96\xd2\xde\x9c\xa0" + "\xdf\x9d\x82\x1f\xfe\xe6\x70\x26"); + + DIGEST_KATS_TEST(Sha384, SHA384); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha384Final */ + +int test_wc_Sha384_other(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA384 + DIGEST_OTHER_TEST(wc_Sha384, Sha384, SHA384, + "\xbe\x28\x56\x36\xd3\xae\x1c\x63" + "\x94\x7a\xc0\x7f\xb1\x71\x5c\x19" + "\x45\xfd\x81\x7b\x46\xfb\x03\xc2" + "\x46\x2c\x80\x8d\xd2\xc0\x16\x91" + "\x23\x51\x6b\xa5\x0d\x71\x6f\x8b" + "\x2f\x52\x74\x86\x0d\x05\xa5\x95"); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Sha384Final */ + +int test_wc_Sha384Copy(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA384 + DIGEST_COPY_TEST(wc_Sha384, Sha384, SHA384, + "\x38\xb0\x60\xa7\x51\xac\x96\x38" + "\x4c\xd9\x32\x7e\xb1\xb1\xe3\x6a" + "\x21\xfd\xb7\x11\x14\xbe\x07\x43" + "\x4c\x0c\xc7\xbf\x63\xf6\xe1\xda" + "\x27\x4e\xde\xbf\xe7\x6f\x65\xfb" + "\xd5\x1a\xd2\xf1\x48\x98\xb9\x5b", + "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b" + "\xb5\xa0\x3d\x69\x9a\xc6\x50\x07" + "\x27\x2c\x32\xab\x0e\xde\xd1\x63" + "\x1a\x8b\x60\x5a\x43\xff\x5b\xed" + "\x80\x86\x07\x2b\xa1\xe7\xcc\x23" + "\x58\xba\xec\xa1\x34\xc8\x25\xa7"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha384GetHash(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SHA384 + DIGEST_GET_HASH_TEST(wc_Sha384, Sha384, SHA384, + "\x38\xb0\x60\xa7\x51\xac\x96\x38" + "\x4c\xd9\x32\x7e\xb1\xb1\xe3\x6a" + "\x21\xfd\xb7\x11\x14\xbe\x07\x43" + "\x4c\x0c\xc7\xbf\x63\xf6\xe1\xda" + "\x27\x4e\xde\xbf\xe7\x6f\x65\xfb" + "\xd5\x1a\xd2\xf1\x48\x98\xb9\x5b", + "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b" + "\xb5\xa0\x3d\x69\x9a\xc6\x50\x07" + "\x27\x2c\x32\xab\x0e\xde\xd1\x63" + "\x1a\x8b\x60\x5a\x43\xff\x5b\xed" + "\x80\x86\x07\x2b\xa1\xe7\xcc\x23" + "\x58\xba\xec\xa1\x34\xc8\x25\xa7"); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sha384_Flags(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_HASH_FLAGS) + DIGEST_FLAGS_TEST(wc_Sha384, Sha384); +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_sha512.h b/test/ssl/wolfssl/tests/api/test_sha512.h new file mode 100644 index 000000000..26c500ebb --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_sha512.h @@ -0,0 +1,117 @@ +/* test_sha512.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_SHA512_H +#define WOLFCRYPT_TEST_SHA512_H + +#include + +int test_wc_InitSha512(void); +int test_wc_Sha512Update(void); +int test_wc_Sha512Final(void); +int test_wc_Sha512FinalRaw(void); +int test_wc_Sha512_KATs(void); +int test_wc_Sha512_other(void); +int test_wc_Sha512Copy(void); +int test_wc_Sha512GetHash(void); +int test_wc_Sha512Transform(void); +int test_wc_Sha512_Flags(void); + +int test_wc_InitSha512_224(void); +int test_wc_Sha512_224Update(void); +int test_wc_Sha512_224Final(void); +int test_wc_Sha512_224FinalRaw(void); +int test_wc_Sha512_224_KATs(void); +int test_wc_Sha512_224_other(void); +int test_wc_Sha512_224Copy(void); +int test_wc_Sha512_224GetHash(void); +int test_wc_Sha512_224Transform(void); +int test_wc_Sha512_224_Flags(void); + +int test_wc_InitSha512_256(void); +int test_wc_Sha512_256Update(void); +int test_wc_Sha512_256Final(void); +int test_wc_Sha512_256FinalRaw(void); +int test_wc_Sha512_256_KATs(void); +int test_wc_Sha512_256_other(void); +int test_wc_Sha512_256Copy(void); +int test_wc_Sha512_256GetHash(void); +int test_wc_Sha512_256Transform(void); +int test_wc_Sha512_256_Flags(void); + +int test_wc_InitSha384(void); +int test_wc_Sha384Update(void); +int test_wc_Sha384Final(void); +int test_wc_Sha384FinalRaw(void); +int test_wc_Sha384_KATs(void); +int test_wc_Sha384_other(void); +int test_wc_Sha384Copy(void); +int test_wc_Sha384GetHash(void); +int test_wc_Sha384_Flags(void); + +#define TEST_SHA512_DECLS \ + TEST_DECL_GROUP("sha512", test_wc_InitSha512), \ + TEST_DECL_GROUP("sha512", test_wc_Sha512Update), \ + TEST_DECL_GROUP("sha512", test_wc_Sha512Final), \ + TEST_DECL_GROUP("sha512", test_wc_Sha512FinalRaw), \ + TEST_DECL_GROUP("sha512", test_wc_Sha512_KATs), \ + TEST_DECL_GROUP("sha512", test_wc_Sha512_other), \ + TEST_DECL_GROUP("sha512", test_wc_Sha512Copy), \ + TEST_DECL_GROUP("sha512", test_wc_Sha512GetHash), \ + TEST_DECL_GROUP("sha512", test_wc_Sha512Transform), \ + TEST_DECL_GROUP("sha512", test_wc_Sha512_Flags) + +#define TEST_SHA512_224_DECLS \ + TEST_DECL_GROUP("sha512_224", test_wc_InitSha512_224), \ + TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224Update), \ + TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224Final), \ + TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224FinalRaw), \ + TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224_KATs), \ + TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224_other), \ + TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224Copy), \ + TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224GetHash), \ + TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224Transform), \ + TEST_DECL_GROUP("sha512_224", test_wc_Sha512_224_Flags) + +#define TEST_SHA512_256_DECLS \ + TEST_DECL_GROUP("sha512_256", test_wc_InitSha512_256), \ + TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256Update), \ + TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256Final), \ + TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256FinalRaw), \ + TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256_KATs), \ + TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256_other), \ + TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256Copy), \ + TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256GetHash), \ + TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256Transform), \ + TEST_DECL_GROUP("sha512_256", test_wc_Sha512_256_Flags) + +#define TEST_SHA384_DECLS \ + TEST_DECL_GROUP("sha384", test_wc_InitSha384), \ + TEST_DECL_GROUP("sha384", test_wc_Sha384Update), \ + TEST_DECL_GROUP("sha384", test_wc_Sha384Final), \ + TEST_DECL_GROUP("sha384", test_wc_Sha384FinalRaw), \ + TEST_DECL_GROUP("sha384", test_wc_Sha384_KATs), \ + TEST_DECL_GROUP("sha384", test_wc_Sha384_other), \ + TEST_DECL_GROUP("sha384", test_wc_Sha384Copy), \ + TEST_DECL_GROUP("sha384", test_wc_Sha384GetHash), \ + TEST_DECL_GROUP("sha384", test_wc_Sha384_Flags) + +#endif /* WOLFCRYPT_TEST_SHA512_H */ diff --git a/test/ssl/wolfssl/tests/api/test_signature.c b/test/ssl/wolfssl/tests/api/test_signature.c new file mode 100644 index 000000000..b0dfc875c --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_signature.c @@ -0,0 +1,149 @@ +/* test_signature.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include +#include + +/* Testing wc_SignatureGetSize() for signature type ECC */ +int test_wc_SignatureGetSize_ecc(void) +{ + EXPECT_DECLS; +#if !defined(NO_SIG_WRAPPER) && defined(HAVE_ECC) && !defined(NO_ECC256) + enum wc_SignatureType sig_type; + word32 key_len; + ecc_key ecc; + const char* qx = + "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; + const char* qy = + "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; + const char* d = + "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; + + XMEMSET(&ecc, 0, sizeof(ecc_key)); + + ExpectIntEQ(wc_ecc_init(&ecc), 0); + ExpectIntEQ(wc_ecc_import_raw(&ecc, qx, qy, d, "SECP256R1"), 0); + /* Input for signature type ECC */ + sig_type = WC_SIGNATURE_TYPE_ECC; + key_len = sizeof(ecc_key); + ExpectIntGT(wc_SignatureGetSize(sig_type, &ecc, key_len), 0); + + /* Test bad args */ + /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */ + sig_type = (enum wc_SignatureType) 100; + /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */ + ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + sig_type = WC_SIGNATURE_TYPE_ECC; + ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), 0); + key_len = (word32)0; + ExpectIntEQ(wc_SignatureGetSize(sig_type, &ecc, key_len), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_ecc_free(&ecc), 0); +#endif /* !NO_SIG_WRAPPER && HAVE_ECC && !NO_ECC256 */ + return EXPECT_RESULT(); +} /* END test_wc_SignatureGetSize_ecc() */ + +/* Testing wc_SignatureGetSize() for signature type rsa */ +int test_wc_SignatureGetSize_rsa(void) +{ + EXPECT_DECLS; +#if !defined(NO_SIG_WRAPPER) && !defined(NO_RSA) + enum wc_SignatureType sig_type; + word32 key_len; + word32 idx = 0; + RsaKey rsa_key; + byte* tmp = NULL; + size_t bytes; + + XMEMSET(&rsa_key, 0, sizeof(RsaKey)); + + #ifdef USE_CERT_BUFFERS_1024 + bytes = (size_t)sizeof_client_key_der_1024; + if (bytes < (size_t)sizeof_client_key_der_1024) + bytes = (size_t)sizeof_client_cert_der_1024; + #elif defined(USE_CERT_BUFFERS_2048) + bytes = (size_t)sizeof_client_key_der_2048; + if (bytes < (size_t)sizeof_client_cert_der_2048) + bytes = (size_t)sizeof_client_cert_der_2048; + #else + bytes = FOURK_BUF; + #endif + + ExpectNotNull(tmp = (byte*)XMALLOC(bytes, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER)); + if (tmp != NULL) { + #ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); + #elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); + #elif !defined(NO_FILESYSTEM) + XFILE file = XBADFILE; + ExpectTrue((file = XFOPEN(clientKey, "rb")) != XBADFILE); + ExpectIntGT(bytes = (size_t)XFREAD(tmp, 1, FOURK_BUF, file), 0); + if (file != XBADFILE) { + XFCLOSE(file); + } + #else + ExpectFail(); + #endif + } + + ExpectIntEQ(wc_InitRsaKey_ex(&rsa_key, HEAP_HINT, testDevId), 0); + ExpectIntEQ(wc_RsaPrivateKeyDecode(tmp, &idx, &rsa_key, (word32)bytes), 0); + /* Input for signature type RSA */ + sig_type = WC_SIGNATURE_TYPE_RSA; + key_len = sizeof(RsaKey); + ExpectIntGT(wc_SignatureGetSize(sig_type, &rsa_key, key_len), 0); + + /* Test bad args */ + /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */ + sig_type = (enum wc_SignatureType)100; + /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */ + ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + sig_type = WC_SIGNATURE_TYPE_RSA; + ExpectIntEQ(wc_SignatureGetSize(sig_type, NULL, key_len), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + key_len = (word32)0; + ExpectIntEQ(wc_SignatureGetSize(sig_type, &rsa_key, key_len), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRsaKey(&rsa_key), 0); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* !NO_SIG_WRAPPER && !NO_RSA */ + return EXPECT_RESULT(); +} /* END test_wc_SignatureGetSize_rsa(void) */ + diff --git a/test/ssl/wolfssl/tests/api/test_signature.h b/test/ssl/wolfssl/tests/api/test_signature.h new file mode 100644 index 000000000..4c8e93aeb --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_signature.h @@ -0,0 +1,34 @@ +/* test_signature.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_SIGNATURE_H +#define WOLFCRYPT_TEST_SIGNATURE_H + +#include + +int test_wc_SignatureGetSize_ecc(void); +int test_wc_SignatureGetSize_rsa(void); + +#define TEST_SIGNATURE_DECLS \ + TEST_DECL_GROUP("signature", test_wc_SignatureGetSize_ecc), \ + TEST_DECL_GROUP("signature", test_wc_SignatureGetSize_ecc) + +#endif /* WOLFCRYPT_TEST_SIGNATURE_H */ diff --git a/test/ssl/wolfssl/tests/api/test_sm2.c b/test/ssl/wolfssl/tests/api/test_sm2.c new file mode 100644 index 000000000..ad9857efc --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_sm2.c @@ -0,0 +1,649 @@ +/* test_sm2.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +///#include +#include +#include +#include + +/* + * Testing wc_ecc_sm2_make_key() + */ +int test_wc_ecc_sm2_make_key(void) +{ + int res = TEST_SKIPPED; +#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) + EXPECT_DECLS; + WC_RNG rng[1]; + ecc_key key[1]; + + XMEMSET(rng, 0, sizeof(*rng)); + XMEMSET(key, 0, sizeof(*key)); + + ExpectIntEQ(wc_InitRng(rng), 0); + ExpectIntEQ(wc_ecc_init(key), 0); + + /* Test invalid parameters. */ + ExpectIntEQ(wc_ecc_sm2_make_key(NULL, NULL, WC_ECC_FLAG_NONE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_make_key(rng, NULL, WC_ECC_FLAG_NONE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_make_key(NULL, key, WC_ECC_FLAG_NONE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test valid parameters. */ + ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0); + ExpectIntEQ(key->dp->id, ECC_SM2P256V1); + + wc_ecc_free(key); + wc_FreeRng(rng); +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif + + res = EXPECT_RESULT(); +#endif + return res; +} + +/* + * Testing wc_ecc_sm2_shared_secret() + */ +int test_wc_ecc_sm2_shared_secret(void) +{ + int res = TEST_SKIPPED; +#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) + EXPECT_DECLS; + WC_RNG rng[1]; + ecc_key keyA[1]; + ecc_key keyB[1]; + byte outA[32]; + byte outB[32]; + word32 outALen = 32; + word32 outBLen = 32; + + XMEMSET(rng, 0, sizeof(*rng)); + XMEMSET(keyA, 0, sizeof(*keyA)); + XMEMSET(keyB, 0, sizeof(*keyB)); + + ExpectIntEQ(wc_InitRng(rng), 0); + ExpectIntEQ(wc_ecc_init(keyA), 0); + ExpectIntEQ(wc_ecc_init(keyB), 0); + ExpectIntEQ(wc_ecc_sm2_make_key(rng, keyA, WC_ECC_FLAG_NONE), 0); + ExpectIntEQ(wc_ecc_sm2_make_key(rng, keyB, WC_ECC_FLAG_NONE), 0); + +#ifdef ECC_TIMING_RESISTANT + ExpectIntEQ(wc_ecc_set_rng(keyA, rng), 0); + ExpectIntEQ(wc_ecc_set_rng(keyB, rng), 0); +#endif + + /* Test invalid parameters. */ + ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, NULL, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, keyB, NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, outA, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, NULL, NULL, &outALen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_shared_secret(NULL, keyB, outA, &outALen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, NULL, outA, &outALen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, NULL, &outALen), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, outA, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test valid parameters. */ + ExpectIntEQ(wc_ecc_sm2_shared_secret(keyA, keyB, outA, &outALen), 0); + ExpectIntLE(outALen, 32); + ExpectIntEQ(wc_ecc_sm2_shared_secret(keyB, keyA, outB, &outBLen), 0); + ExpectIntLE(outBLen, 32); + ExpectIntEQ(outALen, outBLen); + ExpectBufEQ(outA, outB, outALen); + + wc_ecc_free(keyB); + wc_ecc_free(keyA); + wc_FreeRng(rng); +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif + + res = EXPECT_RESULT(); +#endif + return res; +} + +/* + * Testing wc_ecc_sm2_create_digest() + */ +int test_wc_ecc_sm2_create_digest(void) +{ + int res = TEST_SKIPPED; +#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && !defined(NO_HASH_WRAPPER) && \ + (defined(WOLFSSL_SM3) || !defined(NO_SHA256)) + EXPECT_DECLS; + ecc_key key[1]; + enum wc_HashType hashType; + unsigned char pub[] = { + 0x04, + 0x63, 0x7F, 0x1B, 0x13, 0x50, 0x36, 0xC9, 0x33, + 0xDC, 0x3F, 0x7A, 0x8E, 0xBB, 0x1B, 0x7B, 0x2F, + 0xD1, 0xDF, 0xBD, 0x26, 0x8D, 0x4F, 0x89, 0x4B, + 0x5A, 0xD4, 0x7D, 0xBD, 0xBE, 0xCD, 0x55, 0x8F, + 0xE8, 0x81, 0x01, 0xD0, 0x80, 0x48, 0xE3, 0x6C, + 0xCB, 0xF6, 0x1C, 0xA3, 0x8D, 0xDF, 0x7A, 0xBA, + 0x54, 0x2B, 0x44, 0x86, 0xE9, 0x9E, 0x49, 0xF3, + 0xA7, 0x47, 0x0A, 0x85, 0x7A, 0x09, 0x64, 0x33 + }; + unsigned char id[] = { + 0x01, 0x02, 0x03, + }; + unsigned char msg[] = { + 0x01, 0x02, 0x03, + }; + unsigned char hash[32]; +#ifdef WOLFSSL_SM3 + unsigned char expHash[32] = { + 0xc1, 0xdd, 0x92, 0xc5, 0x60, 0xd3, 0x94, 0x28, + 0xeb, 0x0f, 0x57, 0x79, 0x3f, 0xc9, 0x96, 0xc5, + 0xfa, 0xf5, 0x90, 0xb2, 0x64, 0x2f, 0xaf, 0x9c, + 0xc8, 0x57, 0x21, 0x6a, 0x52, 0x7e, 0xf1, 0x95 + }; +#else + unsigned char expHash[32] = { + 0xea, 0x41, 0x55, 0x21, 0x61, 0x00, 0x5c, 0x9a, + 0x57, 0x35, 0x6b, 0x49, 0xca, 0x8f, 0x65, 0xc2, + 0x0e, 0x29, 0x0c, 0xa0, 0x1d, 0xa7, 0xc4, 0xed, + 0xdd, 0x51, 0x12, 0xf6, 0xe7, 0x55, 0xc5, 0xf4 + }; +#endif + +#ifdef WOLFSSL_SM3 + hashType = WC_HASH_TYPE_SM3; +#else + hashType = WC_HASH_TYPE_SHA256; +#endif + + XMEMSET(key, 0, sizeof(*key)); + + ExpectIntEQ(wc_ecc_init(key), 0); + + /* Test with no curve set. */ + ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg), + hashType, hash, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0); + + /* Test invalid parameters. */ + ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg), + hashType, NULL, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), NULL, sizeof(msg), + hashType, NULL, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), msg, sizeof(msg), + hashType, NULL, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg), + hashType, hash, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), NULL, sizeof(msg), + hashType, NULL, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_create_digest(NULL, sizeof(id), msg, sizeof(msg), + hashType, hash, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), NULL, sizeof(msg), + hashType, hash, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg), + hashType, NULL, sizeof(hash), key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg), + hashType, hash, sizeof(hash), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Bad hash type. */ + /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */ + ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg), + -1, hash, 0, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */ + /* Bad hash size. */ + ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg), + hashType, hash, 0, key), WC_NO_ERR_TRACE(BUFFER_E)); + + /* Test valid parameters. */ + ExpectIntEQ(wc_ecc_sm2_create_digest(id, sizeof(id), msg, sizeof(msg), + hashType, hash, sizeof(hash), key), 0); + ExpectBufEQ(hash, expHash, sizeof(expHash)); + + wc_ecc_free(key); + + res = EXPECT_RESULT(); +#endif + return res; +} + +/* + * Testing wc_ecc_sm2_verify_hash_ex() + */ +int test_wc_ecc_sm2_verify_hash_ex(void) +{ + int res = TEST_SKIPPED; +#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(HAVE_ECC_VERIFY) && \ + defined(WOLFSSL_PUBLIC_MP) + EXPECT_DECLS; + ecc_key key[1]; + mp_int r[1]; + mp_int s[1]; + int verified; + unsigned char pub[] = { + 0x04, + 0x63, 0x7F, 0x1B, 0x13, 0x50, 0x36, 0xC9, 0x33, + 0xDC, 0x3F, 0x7A, 0x8E, 0xBB, 0x1B, 0x7B, 0x2F, + 0xD1, 0xDF, 0xBD, 0x26, 0x8D, 0x4F, 0x89, 0x4B, + 0x5A, 0xD4, 0x7D, 0xBD, 0xBE, 0xCD, 0x55, 0x8F, + 0xE8, 0x81, 0x01, 0xD0, 0x80, 0x48, 0xE3, 0x6C, + 0xCB, 0xF6, 0x1C, 0xA3, 0x8D, 0xDF, 0x7A, 0xBA, + 0x54, 0x2B, 0x44, 0x86, 0xE9, 0x9E, 0x49, 0xF3, + 0xA7, 0x47, 0x0A, 0x85, 0x7A, 0x09, 0x64, 0x33 + }; + unsigned char hash[] = { + 0x3B, 0xFA, 0x5F, 0xFB, 0xC4, 0x27, 0x8C, 0x9D, + 0x02, 0x3A, 0x19, 0xCB, 0x1E, 0xAA, 0xD2, 0xF1, + 0x50, 0x69, 0x5B, 0x20 + }; + unsigned char rData[] = { + 0xD2, 0xFC, 0xA3, 0x88, 0xE3, 0xDF, 0xA3, 0x00, + 0x73, 0x9B, 0x3C, 0x2A, 0x0D, 0xAD, 0x44, 0xA2, + 0xFC, 0x62, 0xD5, 0x6B, 0x84, 0x54, 0xD8, 0x40, + 0x22, 0x62, 0x3D, 0x5C, 0xA6, 0x61, 0x9B, 0xE7, + }; + unsigned char sData[] = { + 0x1D, + 0xB5, 0xB5, 0xD9, 0xD8, 0xF1, 0x20, 0xDD, 0x97, + 0x92, 0xBF, 0x7E, 0x9B, 0x3F, 0xE6, 0x3C, 0x4B, + 0x03, 0xD8, 0x80, 0xBD, 0xB7, 0x27, 0x7E, 0x6A, + 0x84, 0x23, 0xDE, 0x61, 0x7C, 0x8D, 0xDC + }; + unsigned char rBadData[] = { + 0xD2, 0xFC, 0xA3, 0x88, 0xE3, 0xDF, 0xA3, 0x00, + 0x73, 0x9B, 0x3C, 0x2A, 0x0D, 0xAD, 0x44, 0xA2, + 0xFC, 0x62, 0xD5, 0x6B, 0x84, 0x54, 0xD8, 0x40, + 0x22, 0x62, 0x3D, 0x5C, 0xA6, 0x61, 0x9B, 0xE8, + }; + + XMEMSET(key, 0, sizeof(*key)); + XMEMSET(r, 0, sizeof(*r)); + XMEMSET(s, 0, sizeof(*s)); + + ExpectIntEQ(mp_init(r), 0); + ExpectIntEQ(mp_init(s), 0); + ExpectIntEQ(mp_read_unsigned_bin(r, rData, sizeof(rData)), 0); + ExpectIntEQ(mp_read_unsigned_bin(s, sData, sizeof(sData)), 0); + + ExpectIntEQ(wc_ecc_init(key), 0); + + /* Test with no curve set. */ + ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash), + &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0); + + /* Test invalid parameters. */ + ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash), + NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, NULL, NULL, sizeof(hash), + NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, s, NULL, sizeof(hash), + NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, hash, sizeof(hash), + NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash), + &verified, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, NULL, NULL, sizeof(hash), + NULL, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(NULL, s, hash, sizeof(hash), + &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, NULL, hash, sizeof(hash), + &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, NULL, sizeof(hash), + &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash), + NULL, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash), + &verified, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Make key not on the SM2 curve. */ + ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0); + ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash), + &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0); + + /* Test valid parameters. */ + ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash), + &verified, key), 0); + ExpectIntEQ(verified, 1); + + ExpectIntEQ(mp_read_unsigned_bin(r, rBadData, sizeof(rBadData)), 0); + ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash), + &verified, key), 0); + ExpectIntEQ(verified, 0); + + mp_free(s); + mp_free(r); + wc_ecc_free(key); +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif + + res = EXPECT_RESULT(); +#endif + return res; +} + +/* + * Testing wc_ecc_sm2_verify_hash() + */ +int test_wc_ecc_sm2_verify_hash(void) +{ + int res = TEST_SKIPPED; +#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(HAVE_ECC_VERIFY) + EXPECT_DECLS; + ecc_key key[1]; + int verified; + unsigned char pub[] = { + 0x04, + 0x63, 0x7F, 0x1B, 0x13, 0x50, 0x36, 0xC9, 0x33, + 0xDC, 0x3F, 0x7A, 0x8E, 0xBB, 0x1B, 0x7B, 0x2F, + 0xD1, 0xDF, 0xBD, 0x26, 0x8D, 0x4F, 0x89, 0x4B, + 0x5A, 0xD4, 0x7D, 0xBD, 0xBE, 0xCD, 0x55, 0x8F, + 0xE8, 0x81, 0x01, 0xD0, 0x80, 0x48, 0xE3, 0x6C, + 0xCB, 0xF6, 0x1C, 0xA3, 0x8D, 0xDF, 0x7A, 0xBA, + 0x54, 0x2B, 0x44, 0x86, 0xE9, 0x9E, 0x49, 0xF3, + 0xA7, 0x47, 0x0A, 0x85, 0x7A, 0x09, 0x64, 0x33 + }; + unsigned char hash[] = { + 0x3B, 0xFA, 0x5F, 0xFB, 0xC4, 0x27, 0x8C, 0x9D, + 0x02, 0x3A, 0x19, 0xCB, 0x1E, 0xAA, 0xD2, 0xF1, + 0x50, 0x69, 0x5B, 0x20 + }; + unsigned char sig[] = { + 0x30, 0x45, 0x02, 0x21, 0x00, 0xD2, 0xFC, 0xA3, + 0x88, 0xE3, 0xDF, 0xA3, 0x00, 0x73, 0x9B, 0x3C, + 0x2A, 0x0D, 0xAD, 0x44, 0xA2, 0xFC, 0x62, 0xD5, + 0x6B, 0x84, 0x54, 0xD8, 0x40, 0x22, 0x62, 0x3D, + 0x5C, 0xA6, 0x61, 0x9B, 0xE7, 0x02, 0x20, 0x1D, + 0xB5, 0xB5, 0xD9, 0xD8, 0xF1, 0x20, 0xDD, 0x97, + 0x92, 0xBF, 0x7E, 0x9B, 0x3F, 0xE6, 0x3C, 0x4B, + 0x03, 0xD8, 0x80, 0xBD, 0xB7, 0x27, 0x7E, 0x6A, + 0x84, 0x23, 0xDE, 0x61, 0x7C, 0x8D, 0xDC + }; + unsigned char sigBad[] = { + 0x30, 0x45, 0x02, 0x21, 0x00, 0xD2, 0xFC, 0xA3, + 0x88, 0xE3, 0xDF, 0xA3, 0x00, 0x73, 0x9B, 0x3C, + 0x2A, 0x0D, 0xAD, 0x44, 0xA2, 0xFC, 0x62, 0xD5, + 0x6B, 0x84, 0x54, 0xD8, 0x40, 0x22, 0x62, 0x3D, + 0x5C, 0xA6, 0x61, 0x9B, 0xE7, 0x02, 0x20, 0x1D, + 0xB5, 0xB5, 0xD9, 0xD8, 0xF1, 0x20, 0xDD, 0x97, + 0x92, 0xBF, 0x7E, 0x9B, 0x3F, 0xE6, 0x3C, 0x4B, + 0x03, 0xD8, 0x80, 0xBD, 0xB7, 0x27, 0x7E, 0x6A, + 0x84, 0x23, 0xDE, 0x61, 0x7C, 0x8D, 0xDD + }; + + + XMEMSET(key, 0, sizeof(*key)); + ExpectIntEQ(wc_ecc_init(key), 0); + + /* Test with no curve set. */ + ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash), + &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ecc_import_x963_ex(pub, sizeof(pub), key, ECC_SM2P256V1), 0); + + /* Test invalid parameters. */ + ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash), + NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), NULL, sizeof(hash), + NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), hash, sizeof(hash), + NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash), + &verified, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), NULL, sizeof(hash), + NULL, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash(NULL, sizeof(sig), hash, sizeof(hash), + &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), NULL, sizeof(hash), + &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash), + NULL, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash), + &verified, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Make key not on the SM2 curve. */ + ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0); + ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash), + &verified, key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0); + + /* Test valid parameters. */ + ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash), + &verified, key), 0); + ExpectIntEQ(verified, 1); + + ExpectIntEQ(wc_ecc_sm2_verify_hash(sigBad, sizeof(sigBad), hash, + sizeof(hash), &verified, key), 0); + ExpectIntEQ(verified, 0); + + wc_ecc_free(key); +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif + + res = EXPECT_RESULT(); +#endif + return res; +} + +/* + * Testing wc_ecc_sm2_sign_hash_ex() + */ +int test_wc_ecc_sm2_sign_hash_ex(void) +{ + int res = TEST_SKIPPED; +#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(HAVE_ECC_SIGN) && \ + defined(WOLFSSL_PUBLIC_MP) + EXPECT_DECLS; + WC_RNG rng[1]; + ecc_key key[1]; + mp_int r[1]; + mp_int s[1]; + unsigned char hash[32]; +#ifdef HAVE_ECC_VERIFY + int verified; +#endif + + XMEMSET(rng, 0, sizeof(*rng)); + XMEMSET(key, 0, sizeof(*key)); + XMEMSET(r, 0, sizeof(*r)); + XMEMSET(s, 0, sizeof(*s)); + + ExpectIntEQ(wc_InitRng(rng), 0); + ExpectIntEQ(mp_init(r), 0); + ExpectIntEQ(mp_init(s), 0); + ExpectIntEQ(wc_RNG_GenerateBlock(rng, hash, sizeof(hash)), 0); + + ExpectIntEQ(wc_ecc_init(key), 0); + + /* Test with no curve set. */ + ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, s), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0); + + /* Test invalid parameters. */ + ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, NULL, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), NULL, NULL, NULL, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), rng, NULL, NULL, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, key, NULL, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, r, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), NULL, NULL, NULL, + s), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(NULL, sizeof(hash), rng, key, r, s), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), NULL, key, r, s), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, NULL, r, s), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, NULL, s), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Make key not on the SM2 curve. */ + ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0); + ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, s), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0); + +#ifdef WOLFSSL_SP_MATH_ALL + { + mp_int smallR[1]; + sp_init_size(smallR, 1); + /* Force failure in _ecc_sm2_calc_r_s by r being too small. */ + ExpectIntLT(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, + smallR, s), 0); + } +#endif + + /* Test valid parameters. */ + ExpectIntEQ(wc_ecc_sm2_sign_hash_ex(hash, sizeof(hash), rng, key, r, s), + 0); +#ifdef HAVE_ECC_VERIFY + ExpectIntEQ(wc_ecc_sm2_verify_hash_ex(r, s, hash, sizeof(hash), &verified, + key), 0); + ExpectIntEQ(verified, 1); +#endif + + mp_free(s); + mp_free(r); + wc_ecc_free(key); + wc_FreeRng(rng); +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif + + res = EXPECT_RESULT(); +#endif + return res; +} + +/* + * Testing wc_ecc_sm2_sign_hash() + */ +int test_wc_ecc_sm2_sign_hash(void) +{ + int res = TEST_SKIPPED; +#if defined(HAVE_ECC) && defined(WOLFSSL_SM2) && defined(HAVE_ECC_SIGN) + EXPECT_DECLS; + WC_RNG rng[1]; + ecc_key key[1]; + unsigned char hash[32]; + unsigned char sig[72]; + word32 sigSz = sizeof(sig); +#ifdef HAVE_ECC_VERIFY + int verified; +#endif + + XMEMSET(rng, 0, sizeof(*rng)); + XMEMSET(key, 0, sizeof(*key)); + + ExpectIntEQ(wc_InitRng(rng), 0); + ExpectIntEQ(wc_RNG_GenerateBlock(rng, hash, sizeof(hash)), 0); + + ExpectIntEQ(wc_ecc_init(key), 0); + + /* Test with no curve set. */ + ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_ecc_sm2_make_key(rng, key, WC_ECC_FLAG_NONE), 0); + + /* Test invalid parameters. */ + ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, NULL, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), NULL, NULL, NULL, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), sig, NULL, NULL, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, &sigSz, NULL, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, rng, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), NULL, NULL, NULL, + key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash(NULL, sizeof(hash), sig, &sigSz, rng, + key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), NULL, &sigSz, rng, + key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, NULL, rng, + key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, NULL, + key), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, + NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Make key not on the SM2 curve. */ + ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SECP256R1), 0); + ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_ecc_set_curve(key, 32, ECC_SM2P256V1), 0); + + /* Test valid parameters. */ + ExpectIntEQ(wc_ecc_sm2_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key), + 0); +#ifdef HAVE_ECC_VERIFY + ExpectIntEQ(wc_ecc_sm2_verify_hash(sig, sigSz, hash, sizeof(hash), + &verified, key), 0); + ExpectIntEQ(verified, 1); +#endif + + wc_ecc_free(key); + wc_FreeRng(rng); +#ifdef FP_ECC + wc_ecc_fp_free(); +#endif + + res = EXPECT_RESULT(); +#endif + return res; +} + diff --git a/test/ssl/wolfssl/tests/api/test_sm2.h b/test/ssl/wolfssl/tests/api/test_sm2.h new file mode 100644 index 000000000..62f2924da --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_sm2.h @@ -0,0 +1,44 @@ +/* test_sm2.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_SM2_H +#define WOLFCRYPT_TEST_SM2_H + +#include + +int test_wc_ecc_sm2_make_key(void); +int test_wc_ecc_sm2_shared_secret(void); +int test_wc_ecc_sm2_create_digest(void); +int test_wc_ecc_sm2_verify_hash_ex(void); +int test_wc_ecc_sm2_verify_hash(void); +int test_wc_ecc_sm2_sign_hash_ex(void); +int test_wc_ecc_sm2_sign_hash(void); + +#define TEST_SM2_DECLS \ + TEST_DECL_GROUP("sm2", test_wc_ecc_sm2_make_key), \ + TEST_DECL_GROUP("sm2", test_wc_ecc_sm2_shared_secret), \ + TEST_DECL_GROUP("sm2", test_wc_ecc_sm2_create_digest), \ + TEST_DECL_GROUP("sm2", test_wc_ecc_sm2_verify_hash_ex), \ + TEST_DECL_GROUP("sm2", test_wc_ecc_sm2_verify_hash), \ + TEST_DECL_GROUP("sm2", test_wc_ecc_sm2_sign_hash_ex), \ + TEST_DECL_GROUP("sm2", test_wc_ecc_sm2_sign_hash) + +#endif /* WOLFCRYPT_TEST_SM2_H */ diff --git a/test/ssl/wolfssl/tests/api/test_sm3.c b/test/ssl/wolfssl/tests/api/test_sm3.c new file mode 100644 index 000000000..b205322f2 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_sm3.c @@ -0,0 +1,417 @@ +/* test_sm3.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +///#include +#include +#include +#include +#include + + +int test_wc_InitSm3(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SM3 + wc_Sm3 sm3; + + /* Test bad arg. */ + ExpectIntEQ(wc_InitSm3(NULL, HEAP_HINT, INVALID_DEVID), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test good arg. */ + ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0); + wc_Sm3Free(&sm3); + + wc_Sm3Free(NULL); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sm3Update(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SM3 + wc_Sm3 sm3; + + /* Initialize */ + ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0); + + /* Pass in bad values. */ + ExpectIntEQ(wc_Sm3Update(NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm3Update(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 0), 0); + ExpectIntEQ(wc_Sm3Update(&sm3, (byte*)"a", 1), 0); + + wc_Sm3Free(&sm3); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sm3Final(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SM3 + wc_Sm3 sm3; + byte hash[WC_SM3_DIGEST_SIZE]; + + /* Initialize */ + ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_Sm3Final(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm3Final(&sm3, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm3Final(NULL, hash), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test good args. */ + ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0); + + wc_Sm3Free(&sm3); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sm3FinalRaw(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SM3) && !defined(HAVE_SELFTEST) && \ + !defined(WOLFSSL_DEVCRYPTO) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3))) && \ + !defined(WOLFSSL_NO_HASH_RAW) + wc_Sm3 sm3; + byte hash[WC_SM3_DIGEST_SIZE]; + const char* expHash = + "\x73\x80\x16\x6f\x49\x14\xb2\xb9" + "\x17\x24\x42\xd7\xda\x8a\x06\x00" + "\xa9\x6f\x30\xbc\x16\x31\x38\xaa" + "\xe3\x8d\xee\x4d\xb0\xfb\x0e\x4e"; + + /* Initialize */ + ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0); + + /* Test bad args. */ + ExpectIntEQ(wc_Sm3FinalRaw(NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm3FinalRaw(&sm3, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm3FinalRaw(NULL, hash), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test good args. */ + ExpectIntEQ(wc_Sm3FinalRaw(&sm3, hash), 0); + ExpectBufEQ(hash, expHash, WC_SM3_DIGEST_SIZE); + + wc_Sm3Free(&sm3); +#endif + return EXPECT_RESULT(); +} + +#define SM3_KAT_CNT 7 +int test_wc_Sm3_KATs(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SM3 + wc_Sm3 sm3; + + testVector sm3_kat[SM3_KAT_CNT]; + byte hash[WC_SM3_DIGEST_SIZE]; + int i = 0; + + sm3_kat[i].input = ""; + sm3_kat[i].inLen = 0; + sm3_kat[i].output = + "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f" + "\x8e\x61\x19\x48\x31\xe8\x1a\x8f" + "\x22\xbe\xc8\xc7\x28\xfe\xfb\x74" + "\x7e\xd0\x35\xeb\x50\x82\xaa\x2b"; + sm3_kat[i].outLen = 0; + i++; + sm3_kat[i].input = "a"; + sm3_kat[i].inLen = 1; + sm3_kat[i].output = + "\x62\x34\x76\xac\x18\xf6\x5a\x29" + "\x09\xe4\x3c\x7f\xec\x61\xb4\x9c" + "\x7e\x76\x4a\x91\xa1\x8c\xcb\x82" + "\xf1\x91\x7a\x29\xc8\x6c\x5e\x88"; + sm3_kat[i].outLen = 0; + i++; + sm3_kat[i].input = "abc"; + sm3_kat[i].inLen = 3; + sm3_kat[i].output = + "\x66\xc7\xf0\xf4\x62\xee\xed\xd9" + "\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2" + "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2" + "\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0"; + sm3_kat[i].outLen = 0; + i++; + sm3_kat[i].input = "message digest"; + sm3_kat[i].inLen = 14; + sm3_kat[i].output = + "\xc5\x22\xa9\x42\xe8\x9b\xd8\x0d" + "\x97\xdd\x66\x6e\x7a\x55\x31\xb3" + "\x61\x88\xc9\x81\x71\x49\xe9\xb2" + "\x58\xdf\xe5\x1e\xce\x98\xed\x77"; + sm3_kat[i].outLen = 0; + i++; + sm3_kat[i].input = "abcdefghijklmnopqrstuvwxyz"; + sm3_kat[i].inLen = 26; + sm3_kat[i].output = + "\xb8\x0f\xe9\x7a\x4d\xa2\x4a\xfc" + "\x27\x75\x64\xf6\x6a\x35\x9e\xf4" + "\x40\x46\x2a\xd2\x8d\xcc\x6d\x63" + "\xad\xb2\x4d\x5c\x20\xa6\x15\x95"; + sm3_kat[i].outLen = 0; + i++; + sm3_kat[i].input = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz" + "0123456789"; + sm3_kat[i].inLen = 62; + sm3_kat[i].output = + "\x29\x71\xd1\x0c\x88\x42\xb7\x0c" + "\x97\x9e\x55\x06\x34\x80\xc5\x0b" + "\xac\xff\xd9\x0e\x98\xe2\xe6\x0d" + "\x25\x12\xab\x8a\xbf\xdf\xce\xc5"; + sm3_kat[i].outLen = 0; + i++; + sm3_kat[i].input = "1234567890123456789012345678901234567890" + "1234567890123456789012345678901234567890"; + sm3_kat[i].inLen = 80; + sm3_kat[i].output = + "\xad\x81\x80\x53\x21\xf3\xe6\x9d" + "\x25\x12\x35\xbf\x88\x6a\x56\x48" + "\x44\x87\x3b\x56\xdd\x7d\xde\x40" + "\x0f\x05\x5b\x7d\xde\x39\x30\x7a"; + sm3_kat[i].outLen = 0; + + ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0); + + for (i = 0; i < SM3_KAT_CNT; i++) { + /* Do KAT. */ + ExpectIntEQ(wc_Sm3Update(&sm3, (byte*)sm3_kat[i].input, + (word32)sm3_kat[i].inLen), 0); + ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0); + ExpectBufEQ(hash, (byte*)sm3_kat[i].output, WC_SM3_DIGEST_SIZE); + } + + wc_Sm3Free(&sm3); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sm3_other(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SM3 + wc_Sm3 sm3; + byte hash[WC_SM3_DIGEST_SIZE + 1]; + byte data[WC_SM3_DIGEST_SIZE * 8 + 1]; + int dataLen = WC_SM3_DIGEST_SIZE * 8; + const char* expHash = + "\x76\x6e\x30\x64\x3f\x02\x26\x7f" + "\xb1\x94\x26\xd4\x41\xd1\xed\x87" + "\x40\x5a\x58\xa5\xaa\x65\xd6\x61" + "\xe9\x95\xcc\x5d\xdd\xe8\x49\x34"; + int i; + int j; + + XMEMSET(data, 0xa5, sizeof(data)); + + /* Initialize */ + ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0); + + /* Unaligned input and output buffer. */ + ExpectIntEQ(wc_Sm3Update(&sm3, data + 1, dataLen), 0); + ExpectIntEQ(wc_Sm3Final(&sm3, hash + 1), 0); + ExpectBufEQ(hash + 1, (byte*)expHash, WC_SM3_DIGEST_SIZE); + + /* Test that empty updates work. */ + ExpectIntEQ(wc_Sm3Update(&sm3, NULL, 0), 0); + ExpectIntEQ(wc_Sm3Update(&sm3, (byte*)"", 0), 0); + ExpectIntEQ(wc_Sm3Update(&sm3, data, dataLen), 0); + ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0); + ExpectBufEQ(hash, (byte*)expHash, WC_SM3_DIGEST_SIZE); + + /* Ensure chunking works. */ + for (i = 1; i < dataLen; i++) { + for (j = 0; j < dataLen; j += i) { + int len = dataLen - j; + if (i < len) + len = i; + ExpectIntEQ(wc_Sm3Update(&sm3, data + j, len), 0); + } + ExpectIntEQ(wc_Sm3Final(&sm3, hash), 0); + ExpectBufEQ(hash, (byte*)expHash, WC_SM3_DIGEST_SIZE); + } + + wc_Sm3Free(&sm3); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sm3Copy(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SM3 + wc_Sm3 src; + wc_Sm3 dst; + byte hashSrc[WC_SM3_DIGEST_SIZE]; + byte hashDst[WC_SM3_DIGEST_SIZE]; + const char* emptyHash = + "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f" + "\x8e\x61\x19\x48\x31\xe8\x1a\x8f" + "\x22\xbe\xc8\xc7\x28\xfe\xfb\x74" + "\x7e\xd0\x35\xeb\x50\x82\xaa\x2b"; + const char* abcHash = + "\x66\xc7\xf0\xf4\x62\xee\xed\xd9" + "\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2" + "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2" + "\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0"; + byte data[WC_SM3_BLOCK_SIZE]; + + XMEMSET(data, 0xa5, sizeof(data)); + + ExpectIntEQ(wc_InitSm3(&src, HEAP_HINT, INVALID_DEVID), 0); + XMEMSET(&dst, 0, sizeof(dst)); + + ExpectIntEQ(wc_Sm3Copy(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm3Copy(&src, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm3Copy(NULL, &dst), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Test copy works. */ + ExpectIntEQ(wc_Sm3Copy(&src, &dst), 0); + ExpectIntEQ(wc_Sm3Final(&src, hashSrc), 0); + ExpectIntEQ(wc_Sm3Final(&dst, hashDst), 0); + ExpectBufEQ(hashSrc, emptyHash, WC_SM3_DIGEST_SIZE); + ExpectBufEQ(hashDst, emptyHash, WC_SM3_DIGEST_SIZE); + wc_Sm3Free(&dst); + + /* Test buffered data is copied. */ + ExpectIntEQ(wc_Sm3Update(&src, (byte*)"abc", 3), 0); + ExpectIntEQ(wc_Sm3Copy(&src, &dst), 0); + ExpectIntEQ(wc_Sm3Final(&src, hashSrc), 0); + ExpectIntEQ(wc_Sm3Final(&dst, hashDst), 0); + ExpectBufEQ(hashSrc, abcHash, WC_SM3_DIGEST_SIZE); + ExpectBufEQ(hashDst, abcHash, WC_SM3_DIGEST_SIZE); + wc_Sm3Free(&dst); + + /* Test count of length is copied. */ + ExpectIntEQ(wc_Sm3Update(&src, data, sizeof(data)), 0); + ExpectIntEQ(wc_Sm3Copy(&src, &dst), 0); + ExpectIntEQ(wc_Sm3Final(&src, hashSrc), 0); + ExpectIntEQ(wc_Sm3Final(&dst, hashDst), 0); + ExpectBufEQ(hashSrc, hashDst, WC_SM3_DIGEST_SIZE); + wc_Sm3Free(&dst); + + wc_Sm3Free(&src); +#endif + return EXPECT_RESULT(); +} + +int test_wc_Sm3GetHash(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_SM3 + wc_Sm3 sm3; + byte hash[WC_SM3_DIGEST_SIZE]; + const char* emptyHash = + "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f" + "\x8e\x61\x19\x48\x31\xe8\x1a\x8f" + "\x22\xbe\xc8\xc7\x28\xfe\xfb\x74" + "\x7e\xd0\x35\xeb\x50\x82\xaa\x2b"; + const char* abcHash = + "\x66\xc7\xf0\xf4\x62\xee\xed\xd9" + "\xd1\xf2\xd4\x6b\xdc\x10\xe4\xe2" + "\x41\x67\xc4\x87\x5c\xf2\xf7\xa2" + "\x29\x7d\xa0\x2b\x8f\x4b\xa8\xe0"; + + ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0); + + ExpectIntEQ(wc_Sm3GetHash(NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm3GetHash(&sm3, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm3GetHash(NULL, hash), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_Sm3GetHash(&sm3, hash), 0); + ExpectBufEQ(hash, emptyHash, WC_SM3_DIGEST_SIZE); + /* Test that the hash state hasn't been modified. */ + ExpectIntEQ(wc_Sm3Update(&sm3, (byte*)"abc", 3), 0); + ExpectIntEQ(wc_Sm3GetHash(&sm3, hash), 0); + ExpectBufEQ(hash, abcHash, WC_SM3_DIGEST_SIZE); + + wc_Sm3Free(&sm3); +#endif + return EXPECT_RESULT(); +} + + +int test_wc_Sm3_Flags(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_SM3) && defined(WOLFSSL_HASH_FLAGS) + wc_Sm3 sm3; + wc_Sm3 sm3_copy; + word32 flags; + + XMEMSET(&sm3_copy, 0, sizeof(sm3_copy)); + ExpectIntEQ(wc_InitSm3(&sm3, HEAP_HINT, INVALID_DEVID), 0); + + /* Do nothing. */ + ExpectIntEQ(wc_Sm3GetFlags(NULL, NULL), 0); + ExpectIntEQ(wc_Sm3GetFlags(&sm3, NULL), 0); + ExpectIntEQ(wc_Sm3GetFlags(NULL, &flags), 0); + ExpectIntEQ(wc_Sm3SetFlags(NULL, 1), 0); + + ExpectIntEQ(wc_Sm3GetFlags(&sm3, &flags), 0); + ExpectIntEQ(flags, 0); + + ExpectIntEQ(wc_Sm3Copy(&sm3, &sm3_copy), 0); + ExpectIntEQ(wc_Sm3GetFlags(&sm3, &flags), 0); + ExpectIntEQ(flags, 0); + ExpectIntEQ(wc_Sm3GetFlags(&sm3_copy, &flags), 0); + ExpectIntEQ(flags, WC_HASH_FLAG_ISCOPY); + + ExpectIntEQ(wc_Sm3SetFlags(&sm3, WC_HASH_FLAG_WILLCOPY), 0); + ExpectIntEQ(wc_Sm3GetFlags(&sm3, &flags), 0); + ExpectIntEQ(flags, WC_HASH_FLAG_WILLCOPY); + ExpectIntEQ(wc_Sm3SetFlags(&sm3, 0), 0); + + wc_Sm3Free(&sm3_copy); + wc_Sm3Free(&sm3); +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_sm3.h b/test/ssl/wolfssl/tests/api/test_sm3.h new file mode 100644 index 000000000..9a7ee2549 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_sm3.h @@ -0,0 +1,48 @@ +/* test_sm3.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_SM3_H +#define WOLFCRYPT_TEST_SM3_H + +#include + +int test_wc_InitSm3(void); +int test_wc_Sm3Update(void); +int test_wc_Sm3Final(void); +int test_wc_Sm3FinalRaw(void); +int test_wc_Sm3_KATs(void); +int test_wc_Sm3_other(void); +int test_wc_Sm3Copy(void); +int test_wc_Sm3GetHash(void); +int test_wc_Sm3_Flags(void); + +#define TEST_SM3_DECLS \ + TEST_DECL_GROUP("sm3", test_wc_InitSm3), \ + TEST_DECL_GROUP("sm3", test_wc_Sm3Update), \ + TEST_DECL_GROUP("sm3", test_wc_Sm3Final), \ + TEST_DECL_GROUP("sm3", test_wc_Sm3FinalRaw), \ + TEST_DECL_GROUP("sm3", test_wc_Sm3_KATs), \ + TEST_DECL_GROUP("sm3", test_wc_Sm3_other), \ + TEST_DECL_GROUP("sm3", test_wc_Sm3Copy), \ + TEST_DECL_GROUP("sm3", test_wc_Sm3GetHash), \ + TEST_DECL_GROUP("sm3", test_wc_Sm3_Flags) + +#endif /* WOLFCRYPT_TEST_SM3_H */ diff --git a/test/ssl/wolfssl/tests/api/test_sm4.c b/test/ssl/wolfssl/tests/api/test_sm4.c new file mode 100644 index 000000000..fecd68738 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_sm4.c @@ -0,0 +1,787 @@ +/* test_sm4.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +////#include +#include +#include +#include + +/* + * Testing streaming SM4 API. + */ +int test_wc_Sm4(void) +{ + int res = TEST_SKIPPED; +#ifdef WOLFSSL_SM4 + EXPECT_DECLS; + wc_Sm4 sm4; +#if defined(WOLFSSL_SM4_ECB) || defined(WOLFSSL_SM4_CBC) || \ + defined(WOLFSSL_SM4_CTR) || defined(WOLFSSL_SM4_CCM) + unsigned char key[SM4_KEY_SIZE]; +#endif +#if defined(WOLFSSL_SM4_CBC) || defined(WOLFSSL_SM4_CTR) + unsigned char iv[SM4_IV_SIZE]; +#endif + + /* Invalid parameters - wc_Sm4Init */ + ExpectIntEQ(wc_Sm4Init(NULL, NULL, INVALID_DEVID), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4Init */ + ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); + +#if defined(WOLFSSL_SM4_ECB) || defined(WOLFSSL_SM4_CBC) || \ + defined(WOLFSSL_SM4_CTR) || defined(WOLFSSL_SM4_CCM) + XMEMSET(key, 0, sizeof(key)); + + /* Invalid parameters - wc_Sm4SetKey. */ + ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetKey(NULL, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetKey(NULL, NULL, SM4_KEY_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetKey(&sm4, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetKey(&sm4, NULL, SM4_KEY_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetKey(NULL, key, SM4_KEY_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE-1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE+1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4SetKey. */ + ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0); +#endif + +#if defined(WOLFSSL_SM4_CBC) || defined(WOLFSSL_SM4_CTR) + XMEMSET(iv, 0, sizeof(iv)); + + /* Invalid parameters - wc_Sm4SetIV. */ + ExpectIntEQ(wc_Sm4SetIV(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetIV(&sm4, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4SetIV(NULL, iv), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4SetIV. */ + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); +#endif + + /* Valid cases - wc_Sm4Free */ + wc_Sm4Free(NULL); + wc_Sm4Free(&sm4); + + res = EXPECT_RESULT(); +#endif + return res; +} /* END test_wc_Sm4 */ + +/* + * Testing block based SM4-ECB API. + */ +int test_wc_Sm4Ecb(void) +{ + int res = TEST_SKIPPED; +#ifdef WOLFSSL_SM4_ECB + EXPECT_DECLS; + wc_Sm4 sm4; + unsigned char key[SM4_KEY_SIZE]; + unsigned char in[SM4_BLOCK_SIZE * 2]; + unsigned char out[SM4_BLOCK_SIZE * 2]; + unsigned char out2[SM4_BLOCK_SIZE]; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(in, 0, sizeof(in)); + + ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), + WC_NO_ERR_TRACE(MISSING_KEY)); + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), + WC_NO_ERR_TRACE(MISSING_KEY)); + + /* Tested in test_wc_Sm4. */ + ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0); + + /* Invalid parameters - wc_Sm4EcbEncrypt. */ + ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, in, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbEncrypt(NULL, out, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, NULL, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4EcbEncrypt. */ + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, 0), 0); + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0); + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0); + /* In and out are same pointer. */ + ExpectIntEQ(wc_Sm4EcbEncrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0); + + /* Invalid parameters - wc_Sm4EcbDecrypt. */ + ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, in, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbDecrypt(NULL, out, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, NULL, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4EcbDecrypt. */ + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, 0), 0); + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0); + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0); + /* In and out are same pointer. */ + ExpectIntEQ(wc_Sm4EcbDecrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0); + + wc_Sm4Free(&sm4); + + res = EXPECT_RESULT(); +#endif + return res; +} /* END test_wc_Sm4Ecb */ + +/* + * Testing block based SM4-CBC API. + */ +int test_wc_Sm4Cbc(void) +{ + int res = TEST_SKIPPED; +#ifdef WOLFSSL_SM4_CBC + EXPECT_DECLS; + wc_Sm4 sm4; + unsigned char key[SM4_KEY_SIZE]; + unsigned char iv[SM4_IV_SIZE]; + unsigned char in[SM4_BLOCK_SIZE * 2]; + unsigned char out[SM4_BLOCK_SIZE * 2]; + unsigned char out2[SM4_BLOCK_SIZE]; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(iv, 0, sizeof(iv)); + XMEMSET(in, 0, sizeof(in)); + + ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), + WC_NO_ERR_TRACE(MISSING_KEY)); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), + WC_NO_ERR_TRACE(MISSING_KEY)); + /* Tested in test_wc_Sm4. */ + ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), + WC_NO_ERR_TRACE(MISSING_IV)); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), + WC_NO_ERR_TRACE(MISSING_IV)); + /* Tested in test_wc_Sm4. */ + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + + /* Invalid parameters - wc_Sm4CbcEncrypt. */ + ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, in, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcEncrypt(NULL, out, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, NULL, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4CbcEncrypt. */ + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, 0), 0); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0); + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0); + /* In and out are same pointer. */ + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CbcEncrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0); + + /* Invalid parameters - wc_Sm4CbcDecrypt. */ + ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, NULL, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, in, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcDecrypt(NULL, out, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, NULL, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + /* Valid cases - wc_Sm4CbcDecrypt. */ + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, 0), 0); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0); + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0); + /* In and out are same pointer. */ + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CbcDecrypt(&sm4, in, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0); + + wc_Sm4Free(&sm4); + + res = EXPECT_RESULT(); +#endif + return res; +} /* END test_wc_Sm4Cbc */ + +/* + * Testing streaming SM4-CTR API. + */ +int test_wc_Sm4Ctr(void) +{ + int res = TEST_SKIPPED; +#ifdef WOLFSSL_SM4_CTR + EXPECT_DECLS; + wc_Sm4 sm4; + unsigned char key[SM4_KEY_SIZE]; + unsigned char iv[SM4_IV_SIZE]; + unsigned char in[SM4_BLOCK_SIZE * 4]; + unsigned char out[SM4_BLOCK_SIZE * 4]; + unsigned char out2[SM4_BLOCK_SIZE * 4]; + word32 chunk; + word32 i; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(iv, 0, sizeof(iv)); + XMEMSET(in, 0, sizeof(in)); + + ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), + WC_NO_ERR_TRACE(MISSING_KEY)); + /* Tested in test_wc_Sm4. */ + ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), + WC_NO_ERR_TRACE(MISSING_IV)); + /* Tested in test_wc_Sm4. */ + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + + /* Invalid parameters - wc_Sm4CtrEncrypt. */ + ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, NULL, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, NULL, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CtrEncrypt(NULL, out, in, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4CtrEncrypt. */ + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 0), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, 1), 0); + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, 2), 0); + ExpectIntEQ(XMEMCMP(out, out2, 1), 0); + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, SM4_BLOCK_SIZE), 0); + ExpectIntEQ(XMEMCMP(out2, out, 2), 0); + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(out, out2, SM4_BLOCK_SIZE), 0); + /* In and out are same pointer. Also check encrypt of cipher text produces + * plaintext. + */ + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, out, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(in, out, SM4_BLOCK_SIZE * 2), 0); + + /* Chunking tests. */ + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, in, (word32)sizeof(in)), 0); + for (chunk = 1; chunk <= SM4_BLOCK_SIZE + 1; chunk++) { + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + for (i = 0; i + chunk <= (word32)sizeof(in); i += chunk) { + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out + i, in + i, chunk), 0); + } + if (i < (word32)sizeof(in)) { + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out + i, in + i, + (word32)sizeof(in) - i), 0); + } + ExpectIntEQ(XMEMCMP(out, out2, (word32)sizeof(out)), 0); + } + + for (i = 0; i < (word32)sizeof(iv); i++) { + iv[i] = 0xff; + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(wc_Sm4SetIV(&sm4, iv), 0); + ExpectIntEQ(wc_Sm4CtrEncrypt(&sm4, out2, out, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(XMEMCMP(out2, in, SM4_BLOCK_SIZE * 2), 0); + } + + wc_Sm4Free(&sm4); + + res = EXPECT_RESULT(); +#endif + return res; +} /* END test_wc_Sm4Ctr */ + +/* + * Testing stream SM4-GCM API. + */ +int test_wc_Sm4Gcm(void) +{ + int res = TEST_SKIPPED; +#ifdef WOLFSSL_SM4_GCM + EXPECT_DECLS; + wc_Sm4 sm4; + unsigned char key[SM4_KEY_SIZE]; + unsigned char nonce[GCM_NONCE_MAX_SZ]; + unsigned char in[SM4_BLOCK_SIZE * 2]; + unsigned char in2[SM4_BLOCK_SIZE * 2]; + unsigned char out[SM4_BLOCK_SIZE * 2]; + unsigned char out2[SM4_BLOCK_SIZE * 2]; + unsigned char dec[SM4_BLOCK_SIZE * 2]; + unsigned char tag[SM4_BLOCK_SIZE]; + unsigned char aad[SM4_BLOCK_SIZE * 2]; + word32 i; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(nonce, 0, sizeof(nonce)); + XMEMSET(in, 0, sizeof(in)); + XMEMSET(in2, 0, sizeof(in2)); + XMEMSET(aad, 0, sizeof(aad)); + + ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce, GCM_NONCE_MID_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY)); + + /* Invalid parameters - wc_Sm4GcmSetKey. */ + ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmSetKey(NULL, NULL, SM4_KEY_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, NULL, SM4_KEY_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmSetKey(NULL, key, SM4_KEY_SIZE), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid parameters - wc_Sm4GcmSetKey. */ + ExpectIntEQ(wc_Sm4GcmSetKey(&sm4, key, SM4_KEY_SIZE), 0); + + /* Invalid parameters - wc_Sm4GcmEncrypt. */ + ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ, + NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag, + SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, 0, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, + NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, + WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, + SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Invalid parameters - wc_Sm4GcmDecrypt. */ + ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, nonce, GCM_NONCE_MID_SZ, + NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag, + SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(NULL, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, in, 1, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, NULL, 1, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, NULL, GCM_NONCE_MID_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, 0, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, + NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, + WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 1, nonce, GCM_NONCE_MID_SZ, tag, + SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */ + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, NULL, NULL, 0, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(in2, out, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(in2, in, SM4_BLOCK_SIZE * 2), 0); + + /* Check vald values of nonce - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */ + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce, + GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce, + GCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce, + GCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), + WC_NO_ERR_TRACE(SM4_GCM_AUTH_E)); + + /* Check valid values of tag size - wc_Sm4GcmEncrypt/wc_Sm4GcmDecrypt. */ + for (i = WOLFSSL_MIN_AUTH_TAG_SZ; i < SM4_BLOCK_SIZE; i++) { + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + GCM_NONCE_MID_SZ, tag, i, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + GCM_NONCE_MID_SZ, tag, i, aad, sizeof(aad)), 0); + } + + /* Check different in/out sizes. */ + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 0, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, out, in, 0, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, 1, nonce, + GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + for (i = 2; i <= SM4_BLOCK_SIZE * 2; i++) { + XMEMCPY(out2, out, i - 1); + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, out, in, i, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(out, out2, i - 1), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, dec, out, i, nonce, GCM_NONCE_MID_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(in, dec, i), 0); + } + + /* Force the counter to roll over in first byte. */ + { + static unsigned char largeIn[256 * SM4_BLOCK_SIZE]; + static unsigned char largeOut[256 * SM4_BLOCK_SIZE]; + + ExpectIntEQ(wc_Sm4GcmEncrypt(&sm4, largeOut, largeIn, sizeof(largeIn), + nonce, GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4GcmDecrypt(&sm4, largeOut, largeOut, sizeof(largeIn), + nonce, GCM_NONCE_MID_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(largeOut, largeIn, sizeof(largeIn)), 0); + } + + wc_Sm4Free(&sm4); + + res = EXPECT_RESULT(); +#endif + return res; +} /* END test_wc_Sm4Gcm */ + +/* + * Testing stream SM4-CCM API. + */ +int test_wc_Sm4Ccm(void) +{ + int res = TEST_SKIPPED; +#ifdef WOLFSSL_SM4_CCM + EXPECT_DECLS; + wc_Sm4 sm4; + unsigned char key[SM4_KEY_SIZE]; + unsigned char nonce[CCM_NONCE_MAX_SZ]; + unsigned char in[SM4_BLOCK_SIZE * 2]; + unsigned char in2[SM4_BLOCK_SIZE * 2]; + unsigned char out[SM4_BLOCK_SIZE * 2]; + unsigned char out2[SM4_BLOCK_SIZE * 2]; + unsigned char dec[SM4_BLOCK_SIZE * 2]; + unsigned char tag[SM4_BLOCK_SIZE]; + unsigned char aad[SM4_BLOCK_SIZE * 2]; + word32 i; + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(nonce, 0, sizeof(nonce)); + XMEMSET(in, 0, sizeof(in)); + XMEMSET(in2, 0, sizeof(in2)); + XMEMSET(aad, 0, sizeof(aad)); + + ExpectIntEQ(wc_Sm4Init(&sm4, NULL, INVALID_DEVID), 0); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce, CCM_NONCE_MAX_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(MISSING_KEY)); + ExpectIntEQ(wc_Sm4SetKey(&sm4, key, SM4_KEY_SIZE), 0); + + /* Invalid parameters - wc_Sm4CcmEncrypt. */ + ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ, + NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, NULL, NULL, 1, NULL, 0, tag, + SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, 0, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, + NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, + WOLFSSL_MIN_AUTH_TAG_SZ-1, aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, + SM4_BLOCK_SIZE+1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Invalid parameters - wc_Sm4CcmDecrypt. */ + ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, NULL, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, in, 1, NULL, 0, NULL, 0, NULL, + 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, nonce, CCM_NONCE_MAX_SZ, + NULL, 0, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, NULL, NULL, 1, NULL, 0, tag, + SM4_BLOCK_SIZE, NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(NULL, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, in, 1, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, NULL, 1, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, NULL, CCM_NONCE_MAX_SZ, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, 0, tag, + SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, + NULL, SM4_BLOCK_SIZE, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, + WOLFSSL_MIN_AUTH_TAG_SZ - 1, aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 1, nonce, CCM_NONCE_MAX_SZ, tag, + SM4_BLOCK_SIZE + 1, aad, sizeof(aad)), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + /* Valid cases - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */ + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, NULL, NULL, 0, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 1), 0); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE * 2, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE * 2, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(in2, out, SM4_BLOCK_SIZE * 2), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in2, in2, SM4_BLOCK_SIZE * 2, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(in2, in, SM4_BLOCK_SIZE * 2), 0); + + /* Check vald values of nonce - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */ + for (i = CCM_NONCE_MIN_SZ; i <= CCM_NONCE_MAX_SZ; i++) { + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + i, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + i, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + } + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MIN_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), + WC_NO_ERR_TRACE(SM4_CCM_AUTH_E)); + + /* Check invalid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. */ + for (i = 0; i < 4; i++) { + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + } + /* Odd values in range 4..SM4_BLOCK_SIZE. */ + for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) { + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, i * 2 + 1, aad, sizeof(aad)), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + } + /* Check valid values of tag size - wc_Sm4CcmEncrypt/wc_Sm4CcmDecrypt. + * Even values in range 4..SM4_BLOCK_SIZE. + */ + for (i = 2; i < SM4_BLOCK_SIZE / 2; i++) { + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, i * 2, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, in, out, SM4_BLOCK_SIZE, nonce, + CCM_NONCE_MAX_SZ, tag, i * 2, aad, sizeof(aad)), 0); + } + + /* Check different in/out sizes. */ + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 0, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, out, in, 0, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, 1, nonce, + CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, NULL, 0), 0); + for (i = 2; i <= SM4_BLOCK_SIZE * 2; i++) { + XMEMCPY(out2, out, i - 1); + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, out, in, i, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(out, out2, i - 1), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, dec, out, i, nonce, CCM_NONCE_MAX_SZ, + tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(in, dec, i), 0); + } + + /* Force the counter to roll over in first byte. */ + { + static unsigned char largeIn[256 * SM4_BLOCK_SIZE]; + static unsigned char largeOut[256 * SM4_BLOCK_SIZE]; + + ExpectIntEQ(wc_Sm4CcmEncrypt(&sm4, largeOut, largeIn, sizeof(largeIn), + nonce, CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(wc_Sm4CcmDecrypt(&sm4, largeOut, largeOut, sizeof(largeIn), + nonce, CCM_NONCE_MAX_SZ, tag, SM4_BLOCK_SIZE, aad, sizeof(aad)), 0); + ExpectIntEQ(XMEMCMP(largeOut, largeIn, sizeof(largeIn)), 0); + } + + wc_Sm4Free(&sm4); + + res = EXPECT_RESULT(); +#endif + return res; +} /* END test_wc_Sm4Ccm */ + diff --git a/test/ssl/wolfssl/tests/api/test_sm4.h b/test/ssl/wolfssl/tests/api/test_sm4.h new file mode 100644 index 000000000..09acf46ca --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_sm4.h @@ -0,0 +1,42 @@ +/* test_sm4.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_SM4_H +#define WOLFCRYPT_TEST_SM4_H + +#include + +int test_wc_Sm4(void); +int test_wc_Sm4Ecb(void); +int test_wc_Sm4Cbc(void); +int test_wc_Sm4Ctr(void); +int test_wc_Sm4Gcm(void); +int test_wc_Sm4Ccm(void); + +#define TEST_SM4_DECLS \ + TEST_DECL_GROUP("sm4", test_wc_Sm4), \ + TEST_DECL_GROUP("sm4", test_wc_Sm4Ecb), \ + TEST_DECL_GROUP("sm4", test_wc_Sm4Cbc), \ + TEST_DECL_GROUP("sm4", test_wc_Sm4Ctr), \ + TEST_DECL_GROUP("sm4", test_wc_Sm4Gcm), \ + TEST_DECL_GROUP("sm4", test_wc_Sm4Ccm) + +#endif /* WOLFCRYPT_TEST_SM4_H */ diff --git a/test/ssl/wolfssl/tests/api/test_tls.c b/test/ssl/wolfssl/tests/api/test_tls.c new file mode 100644 index 000000000..91cf52459 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_tls.c @@ -0,0 +1,668 @@ +/* test_tls.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include + + +int test_utils_memio_move_message(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLS_client_method, wolfTLS_server_method), 0); + wolfSSL_set_verify(ssl_s, WOLFSSL_VERIFY_PEER, NULL); + ExpectIntEQ(wolfSSL_clear_group_messages(ssl_s), 1); + /* start handshake, send first ClientHello */ + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* send server's flight */ + ExpectIntEQ(wolfSSL_accept(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + /* Move messages around but they should be the same at the end */ + ExpectIntEQ(test_memio_move_message(&test_ctx, 1, 1, 2), 0); + ExpectIntEQ(test_memio_move_message(&test_ctx, 1, 2, 1), 0); + ExpectIntEQ(test_memio_move_message(&test_ctx, 1, 1, 3), 0); + ExpectIntEQ(test_memio_move_message(&test_ctx, 1, 3, 1), 0); + ExpectIntEQ(test_memio_move_message(&test_ctx, 1, 0, 2), 0); + ExpectIntEQ(test_memio_move_message(&test_ctx, 1, 2, 0), 0); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +int test_tls12_unexpected_ccs(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && !defined(WOLFSSL_NO_TLS12) + const byte ccs[] = { + 0x14, /* ccs type */ + 0x03, 0x03, /* version */ + 0x00, 0x01, /* length */ + 0x01, /* ccs value */ + }; + const byte badccs[] = { + 0x14, /* ccs type */ + 0x03, 0x03, /* version */ + 0x00, 0x01, /* length */ + 0x99, /* wrong ccs value */ + }; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + /* ccs in the wrong place */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + /* inject SH */ + ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, + (const char*)ccs, sizeof(ccs)), 0); + ExpectIntEQ(test_memio_setup(&test_ctx, NULL, &ctx_s, NULL, &ssl_s, + NULL, wolfTLSv1_2_server_method), 0); + ExpectIntEQ(wolfSSL_accept(ssl_s), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), + OUT_OF_ORDER_E); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ctx_s = NULL; + ssl_s = NULL; + + /* malformed ccs */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, + (const char*)badccs, sizeof(badccs)), 0); + ExpectIntEQ(test_memio_setup(&test_ctx, NULL, &ctx_s, NULL, &ssl_s, + NULL, wolfTLSv1_2_server_method), 0); + ExpectIntEQ(wolfSSL_accept(ssl_s), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), + LENGTH_ERROR); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +int test_tls13_unexpected_ccs(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) + const byte ccs[] = { + 0x14, /* ccs type */ + 0x03, 0x03, /* version */ + 0x00, 0x01, /* length */ + 0x01, /* ccs value */ + }; + const byte badccs[] = { + 0x14, /* ccs type */ + 0x03, 0x03, /* version */ + 0x00, 0x01, /* length */ + 0x99, /* wrong ccs value */ + }; + const byte unexpectedAlert[] = { + 0x15, /* alert type */ + 0x03, 0x03, /* version */ + 0x00, 0x02, /* length */ + 0x02, /* level: fatal */ + 0x0a /* protocol version */ + }; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + + /* ccs can't appear before a CH */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, + (const char*)ccs, sizeof(ccs)), 0); + ExpectIntEQ(test_memio_setup(&test_ctx, NULL, &ctx_s, NULL, &ssl_s, + NULL, wolfTLSv1_3_server_method), 0); + ExpectIntEQ(wolfSSL_accept(ssl_s), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), + UNKNOWN_RECORD_TYPE); + ExpectIntEQ(test_ctx.c_len, sizeof(unexpectedAlert)); + ExpectBufEQ(test_ctx.c_buff, unexpectedAlert, sizeof(unexpectedAlert)); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ctx_s = NULL; + ssl_s = NULL; + + /* malformed ccs */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 0, + (const char*)badccs, sizeof(badccs)), 0); + ExpectIntEQ(test_memio_setup(&test_ctx, NULL, &ctx_s, NULL, &ssl_s, + NULL, wolfTLSv1_3_server_method), 0); + ExpectIntEQ(wolfSSL_accept(ssl_s), WOLFSSL_FATAL_ERROR); + ExpectIntEQ(wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR), + UNKNOWN_RECORD_TYPE); + ExpectIntEQ(test_ctx.c_len, sizeof(unexpectedAlert)); + ExpectBufEQ(test_ctx.c_buff, unexpectedAlert, sizeof(unexpectedAlert)); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} +int test_tls12_curve_intersection(void) { + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_NO_TLS12) && defined(HAVE_ECC) && \ + defined(HAVE_CURVE25519) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + int ret; + const char* curve_name; + int test1[] = {WOLFSSL_ECC_SECP256R1}; + int test2[] = {WOLFSSL_ECC_SECP384R1}; + int test3[] = {WOLFSSL_ECC_SECP256R1, WOLFSSL_ECC_SECP384R1}; + int test4[] = {WOLFSSL_ECC_SECP384R1, WOLFSSL_ECC_SECP256R1}; + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + ExpectIntEQ(wolfSSL_set_groups(ssl_c, + test1, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* Fix: Get curve name and compare with string comparison or use curve + * ID function */ + curve_name = wolfSSL_get_curve_name(ssl_s); + /* or use appropriate string comparison */ + ExpectStrEQ(curve_name, "SECP256R1"); + curve_name = wolfSSL_get_curve_name(ssl_c); + ExpectStrEQ(curve_name, "SECP256R1"); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + ssl_c = NULL; + ssl_s = NULL; + ctx_c = NULL; + ctx_s = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + ExpectIntEQ(wolfSSL_set_groups(ssl_c, + test2, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set_groups(ssl_s, + test1, 1), WOLFSSL_SUCCESS); + ExpectIntNE(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + ret = wolfSSL_get_error(ssl_s, WOLFSSL_FATAL_ERROR); + + /* Fix: Use proper constant or define HANDSHAKE_FAILURE */ + ExpectTrue(ret == WC_NO_ERR_TRACE(ECC_CURVE_ERROR)); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + ssl_c = NULL; + ssl_s = NULL; + ctx_c = NULL; + ctx_s = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + ExpectIntEQ(wolfSSL_set_groups(ssl_c, + test3, 2), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set_groups(ssl_s, + test4, 2), + WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + curve_name = wolfSSL_get_curve_name(ssl_s); + ExpectStrEQ(curve_name, "SECP256R1"); + curve_name = wolfSSL_get_curve_name(ssl_c); + ExpectStrEQ(curve_name, "SECP256R1"); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +int test_tls13_curve_intersection(void) { + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_TLS13) && defined(HAVE_ECC) && defined(HAVE_CURVE25519) + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + const char* curve_name; + int test1[] ={WOLFSSL_ECC_SECP256R1}; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0); + ExpectIntEQ(wolfSSL_set_groups(ssl_c, + test1, 1), WOLFSSL_SUCCESS); + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + curve_name = wolfSSL_get_curve_name(ssl_s); + ExpectStrEQ(curve_name, "SECP256R1"); + curve_name = wolfSSL_get_curve_name(ssl_c); + ExpectStrEQ(curve_name, "SECP256R1"); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + + +int test_tls_certreq_order(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + !defined(WOLFSSL_NO_TLS12) && defined(HAVE_AESGCM) && \ + defined(WOLFSSL_AES_256) && defined(WOLFSSL_SHA384) && !defined(NO_RSA) && \ + defined(HAVE_ECC) + /* This test checks that a certificate request message + * received before server certificate message is properly detected. + */ + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + int i = 0; + const char* msg = NULL; + int msgSz = 0; + int certIdx = 0; + int certReqIdx = 0; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method), 0); + wolfSSL_set_verify(ssl_s, WOLFSSL_VERIFY_PEER, NULL); + ExpectIntEQ(wolfSSL_clear_group_messages(ssl_s), 1); + + /* start handshake, send first ClientHello */ + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + /* send server's flight */ + ExpectIntEQ(wolfSSL_accept(ssl_s), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + for (i = 0; test_memio_get_message(&test_ctx, 1, &msg, &msgSz, i) == 0; i++) { + if (msg[5] == 11) /* cert */ + certIdx = i; + if (msg[5] == 13) /* certreq */ + certReqIdx = i; + } + ExpectIntNE(certIdx, 0); + ExpectIntNE(certReqIdx, 0); + ExpectIntEQ(test_memio_move_message(&test_ctx, 1, certReqIdx, certIdx), 0); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), OUT_OF_ORDER_E); + + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + +#if !defined(WOLFSSL_NO_TLS12) && !defined(NO_RSA) && defined(HAVE_ECC) && \ + !defined(NO_WOLFSSL_SERVER) +/* Called when writing. */ +static int CsSend(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + (void)ssl; + (void)buf; + (void)ctx; + + return sz; +} +/* Called when reading. */ +static int CsRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx; + int len = (int)msg->length; + + (void)ssl; + (void)sz; + + /* Pass back as much of message as will fit in buffer. */ + if (len > sz) + len = sz; + XMEMCPY(buf, msg->buffer, len); + /* Move over returned data. */ + msg->buffer += len; + msg->length -= len; + + /* Amount actually copied. */ + return len; +} +#endif + +int test_tls12_bad_cv_sig_alg(void) +{ + EXPECT_DECLS; +#if !defined(WOLFSSL_NO_TLS12) && !defined(NO_RSA) && defined(HAVE_ECC) && \ + !defined(NO_WOLFSSL_SERVER) + byte clientMsgs[] = { + /* Client Hello */ + 0x16, 0x03, 0x03, 0x00, 0xe7, + 0x01, 0x00, 0x00, 0xe3, 0x03, 0x03, 0x65, 0x27, + 0x41, 0xdf, 0xd9, 0x17, 0xdb, 0x02, 0x5c, 0x2e, + 0xf8, 0x4b, 0x77, 0x86, 0x5a, 0x20, 0x57, 0x7f, + 0xc0, 0xe7, 0xef, 0x8f, 0x56, 0xef, 0xfa, 0x71, + 0x36, 0xec, 0x55, 0x1d, 0x4e, 0xa2, 0x00, 0x00, + 0x64, 0xc0, 0x2c, 0xc0, 0x2b, 0xc0, 0x30, 0xc0, + 0x2f, 0x00, 0x9f, 0x00, 0x9e, 0x00, 0xab, 0x00, + 0x34, 0x00, 0xa7, 0x00, 0xaa, 0xcc, 0xa9, 0xcc, + 0xa8, 0xcc, 0xaa, 0xc0, 0x27, 0xc0, 0x23, 0xc0, + 0x28, 0xc0, 0x24, 0xc0, 0x0a, 0xc0, 0x09, 0xc0, + 0x07, 0xc0, 0x14, 0xc0, 0x13, 0xc0, 0x11, 0xc0, + 0xac, 0xc0, 0xae, 0xc0, 0xaf, 0x00, 0x6b, 0x00, + 0x67, 0x00, 0x39, 0x00, 0x33, 0xcc, 0x14, 0xcc, + 0x13, 0xcc, 0x15, 0xc0, 0x06, 0x00, 0xb3, 0x00, + 0xb2, 0xc0, 0xa6, 0xc0, 0xa7, 0xcc, 0xab, 0xcc, + 0xac, 0xcc, 0xad, 0xc0, 0x37, 0xd0, 0x01, 0x00, + 0xb5, 0xc0, 0x3a, 0x00, 0xb4, 0x00, 0x45, 0x00, + 0x88, 0x00, 0xbe, 0x00, 0xc4, 0x01, 0x00, 0x00, + 0x56, 0x00, 0x0d, 0x00, 0x20, 0x00, 0x1e, 0x06, + 0x03, 0x05, 0x03, 0x04, 0x03, 0x08, 0x07, 0x08, + 0x08, 0x08, 0x06, 0x08, 0x0b, 0x08, 0x05, 0x08, + 0x0a, 0x08, 0x04, 0x08, 0x09, 0x06, 0x01, 0x05, + 0x01, 0x04, 0x01, 0x03, 0x01, 0x00, 0x0b, 0x00, + 0x02, 0x01, 0x00, 0x00, 0x0a, 0x00, 0x1c, 0x00, + 0x1a, 0x00, 0x19, 0x00, 0x1c, 0x00, 0x18, 0x00, + 0x1b, 0x00, 0x1e, 0x00, 0x17, 0x00, 0x16, 0x00, + 0x1a, 0x00, 0x1d, 0x00, 0x15, 0x00, 0x14, 0x01, + 0x01, 0x01, 0x00, 0x00, 0x16, 0x00, 0x00, 0x00, + 0x23, 0x00, 0x00, 0x00, 0x17, 0x00, 0x00, + /* Certificate */ + 0x16, 0x03, 0x03, 0x05, 0x2b, + 0x0b, 0x00, 0x05, 0x27, 0x00, 0x05, 0x24, 0x00, + 0x05, 0x21, 0x30, 0x82, 0x05, 0x1d, 0x30, 0x82, + 0x04, 0x05, 0xa0, 0x03, 0x02, 0x01, 0x02, 0x02, + 0x14, 0x4f, 0x0d, 0x8c, 0xc5, 0xfa, 0xee, 0xa2, + 0x9b, 0xb7, 0x35, 0x9e, 0xe9, 0x4a, 0x17, 0x99, + 0xf0, 0xcc, 0x23, 0xf2, 0xec, 0x30, 0x0d, 0x06, + 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, + 0x01, 0x0b, 0x05, 0x00, 0x30, 0x81, 0x9e, 0x31, + 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, 0x06, + 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, 0x0e, + 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, 0x4d, + 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, 0x10, + 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, 0x0c, + 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, 0x6e, + 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, 0x04, + 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c, 0x66, 0x53, + 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, 0x31, + 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, 0x0b, + 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67, 0x72, 0x61, + 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, 0x30, + 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, 0x03, + 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, 0x77, + 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, 0x6c, + 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, 0x1d, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, + 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, 0x66, + 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, + 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x1e, 0x17, + 0x0d, 0x32, 0x34, 0x31, 0x32, 0x31, 0x38, 0x32, + 0x31, 0x32, 0x35, 0x32, 0x39, 0x5a, 0x17, 0x0d, + 0x32, 0x37, 0x30, 0x39, 0x31, 0x34, 0x32, 0x31, + 0x32, 0x35, 0x32, 0x39, 0x5a, 0x30, 0x81, 0x9e, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, + 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, + 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c, 0x66, + 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, + 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, + 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67, 0x72, + 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, + 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, + 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, + 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, + 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, + 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, + 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x30, 0x82, + 0x01, 0x22, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, + 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, + 0x00, 0x03, 0x82, 0x01, 0x0f, 0x00, 0x30, 0x82, + 0x01, 0x0a, 0x02, 0x82, 0x01, 0x01, 0x00, 0xc3, + 0x03, 0xd1, 0x2b, 0xfe, 0x39, 0xa4, 0x32, 0x45, + 0x3b, 0x53, 0xc8, 0x84, 0x2b, 0x2a, 0x7c, 0x74, + 0x9a, 0xbd, 0xaa, 0x2a, 0x52, 0x07, 0x47, 0xd6, + 0xa6, 0x36, 0xb2, 0x07, 0x32, 0x8e, 0xd0, 0xba, + 0x69, 0x7b, 0xc6, 0xc3, 0x44, 0x9e, 0xd4, 0x81, + 0x48, 0xfd, 0x2d, 0x68, 0xa2, 0x8b, 0x67, 0xbb, + 0xa1, 0x75, 0xc8, 0x36, 0x2c, 0x4a, 0xd2, 0x1b, + 0xf7, 0x8b, 0xba, 0xcf, 0x0d, 0xf9, 0xef, 0xec, + 0xf1, 0x81, 0x1e, 0x7b, 0x9b, 0x03, 0x47, 0x9a, + 0xbf, 0x65, 0xcc, 0x7f, 0x65, 0x24, 0x69, 0xa6, + 0xe8, 0x14, 0x89, 0x5b, 0xe4, 0x34, 0xf7, 0xc5, + 0xb0, 0x14, 0x93, 0xf5, 0x67, 0x7b, 0x3a, 0x7a, + 0x78, 0xe1, 0x01, 0x56, 0x56, 0x91, 0xa6, 0x13, + 0x42, 0x8d, 0xd2, 0x3c, 0x40, 0x9c, 0x4c, 0xef, + 0xd1, 0x86, 0xdf, 0x37, 0x51, 0x1b, 0x0c, 0xa1, + 0x3b, 0xf5, 0xf1, 0xa3, 0x4a, 0x35, 0xe4, 0xe1, + 0xce, 0x96, 0xdf, 0x1b, 0x7e, 0xbf, 0x4e, 0x97, + 0xd0, 0x10, 0xe8, 0xa8, 0x08, 0x30, 0x81, 0xaf, + 0x20, 0x0b, 0x43, 0x14, 0xc5, 0x74, 0x67, 0xb4, + 0x32, 0x82, 0x6f, 0x8d, 0x86, 0xc2, 0x88, 0x40, + 0x99, 0x36, 0x83, 0xba, 0x1e, 0x40, 0x72, 0x22, + 0x17, 0xd7, 0x52, 0x65, 0x24, 0x73, 0xb0, 0xce, + 0xef, 0x19, 0xcd, 0xae, 0xff, 0x78, 0x6c, 0x7b, + 0xc0, 0x12, 0x03, 0xd4, 0x4e, 0x72, 0x0d, 0x50, + 0x6d, 0x3b, 0xa3, 0x3b, 0xa3, 0x99, 0x5e, 0x9d, + 0xc8, 0xd9, 0x0c, 0x85, 0xb3, 0xd9, 0x8a, 0xd9, + 0x54, 0x26, 0xdb, 0x6d, 0xfa, 0xac, 0xbb, 0xff, + 0x25, 0x4c, 0xc4, 0xd1, 0x79, 0xf4, 0x71, 0xd3, + 0x86, 0x40, 0x18, 0x13, 0xb0, 0x63, 0xb5, 0x72, + 0x4e, 0x30, 0xc4, 0x97, 0x84, 0x86, 0x2d, 0x56, + 0x2f, 0xd7, 0x15, 0xf7, 0x7f, 0xc0, 0xae, 0xf5, + 0xfc, 0x5b, 0xe5, 0xfb, 0xa1, 0xba, 0xd3, 0x02, + 0x03, 0x01, 0x00, 0x01, 0xa3, 0x82, 0x01, 0x4f, + 0x30, 0x82, 0x01, 0x4b, 0x30, 0x1d, 0x06, 0x03, + 0x55, 0x1d, 0x0e, 0x04, 0x16, 0x04, 0x14, 0x33, + 0xd8, 0x45, 0x66, 0xd7, 0x68, 0x87, 0x18, 0x7e, + 0x54, 0x0d, 0x70, 0x27, 0x91, 0xc7, 0x26, 0xd7, + 0x85, 0x65, 0xc0, 0x30, 0x81, 0xde, 0x06, 0x03, + 0x55, 0x1d, 0x23, 0x04, 0x81, 0xd6, 0x30, 0x81, + 0xd3, 0x80, 0x14, 0x33, 0xd8, 0x45, 0x66, 0xd7, + 0x68, 0x87, 0x18, 0x7e, 0x54, 0x0d, 0x70, 0x27, + 0x91, 0xc7, 0x26, 0xd7, 0x85, 0x65, 0xc0, 0xa1, + 0x81, 0xa4, 0xa4, 0x81, 0xa1, 0x30, 0x81, 0x9e, + 0x31, 0x0b, 0x30, 0x09, 0x06, 0x03, 0x55, 0x04, + 0x06, 0x13, 0x02, 0x55, 0x53, 0x31, 0x10, 0x30, + 0x0e, 0x06, 0x03, 0x55, 0x04, 0x08, 0x0c, 0x07, + 0x4d, 0x6f, 0x6e, 0x74, 0x61, 0x6e, 0x61, 0x31, + 0x10, 0x30, 0x0e, 0x06, 0x03, 0x55, 0x04, 0x07, + 0x0c, 0x07, 0x42, 0x6f, 0x7a, 0x65, 0x6d, 0x61, + 0x6e, 0x31, 0x15, 0x30, 0x13, 0x06, 0x03, 0x55, + 0x04, 0x0a, 0x0c, 0x0c, 0x77, 0x6f, 0x6c, 0x66, + 0x53, 0x53, 0x4c, 0x5f, 0x32, 0x30, 0x34, 0x38, + 0x31, 0x19, 0x30, 0x17, 0x06, 0x03, 0x55, 0x04, + 0x0b, 0x0c, 0x10, 0x50, 0x72, 0x6f, 0x67, 0x72, + 0x61, 0x6d, 0x6d, 0x69, 0x6e, 0x67, 0x2d, 0x32, + 0x30, 0x34, 0x38, 0x31, 0x18, 0x30, 0x16, 0x06, + 0x03, 0x55, 0x04, 0x03, 0x0c, 0x0f, 0x77, 0x77, + 0x77, 0x2e, 0x77, 0x6f, 0x6c, 0x66, 0x73, 0x73, + 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x31, 0x1f, 0x30, + 0x1d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x09, 0x01, 0x16, 0x10, 0x69, 0x6e, + 0x66, 0x6f, 0x40, 0x77, 0x6f, 0x6c, 0x66, 0x73, + 0x73, 0x6c, 0x2e, 0x63, 0x6f, 0x6d, 0x82, 0x14, + 0x4f, 0x0d, 0x8c, 0xc5, 0xfa, 0xee, 0xa2, 0x9b, + 0xb7, 0x35, 0x9e, 0xe9, 0x4a, 0x17, 0x99, 0xf0, + 0xcc, 0x23, 0xf2, 0xec, 0x30, 0x0c, 0x06, 0x03, + 0x55, 0x1d, 0x13, 0x04, 0x05, 0x30, 0x03, 0x01, + 0x01, 0xff, 0x30, 0x1c, 0x06, 0x03, 0x55, 0x1d, + 0x11, 0x04, 0x15, 0x30, 0x13, 0x82, 0x0b, 0x65, + 0x78, 0x61, 0x6d, 0x70, 0x6c, 0x65, 0x2e, 0x63, + 0x6f, 0x6d, 0x87, 0x04, 0x7f, 0x00, 0x00, 0x01, + 0x30, 0x1d, 0x06, 0x03, 0x55, 0x1d, 0x25, 0x04, + 0x16, 0x30, 0x14, 0x06, 0x08, 0x2b, 0x06, 0x01, + 0x05, 0x05, 0x07, 0x03, 0x01, 0x06, 0x08, 0x2b, + 0x06, 0x01, 0x05, 0x05, 0x07, 0x03, 0x02, 0x30, + 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, + 0x0d, 0x01, 0x01, 0x0b, 0x05, 0x00, 0x03, 0x82, + 0x01, 0x01, 0x00, 0x46, 0xab, 0xe4, 0x6d, 0xae, + 0x49, 0x5b, 0x6a, 0x0b, 0xa9, 0x87, 0xe1, 0x95, + 0x32, 0xa6, 0xd7, 0xae, 0xde, 0x28, 0xdc, 0xc7, + 0x99, 0x68, 0xe2, 0x5f, 0xc9, 0x5a, 0x4c, 0x64, + 0xb8, 0xf5, 0x28, 0x42, 0x5a, 0xe8, 0x5c, 0x59, + 0x32, 0xfe, 0xd0, 0x1f, 0x0b, 0x55, 0x89, 0xdb, + 0x67, 0xe7, 0x78, 0xf3, 0x70, 0xcf, 0x18, 0x51, + 0x57, 0x8b, 0xf3, 0x2b, 0xa4, 0x66, 0x0b, 0xf6, + 0x03, 0x6e, 0x11, 0xac, 0x83, 0x52, 0x16, 0x7e, + 0xa2, 0x7c, 0x36, 0x77, 0xf6, 0xbb, 0x13, 0x19, + 0x40, 0x2c, 0xb8, 0x8c, 0xca, 0xd6, 0x7e, 0x79, + 0x7d, 0xf4, 0x14, 0x8d, 0xb5, 0xa4, 0x09, 0xf6, + 0x2d, 0x4c, 0xe7, 0xf9, 0xb8, 0x25, 0x41, 0x15, + 0x78, 0xf4, 0xca, 0x80, 0x41, 0xea, 0x3a, 0x05, + 0x08, 0xf6, 0xb5, 0x5b, 0xa1, 0x3b, 0x5b, 0x48, + 0xa8, 0x4b, 0x8c, 0x19, 0x8d, 0x6c, 0x87, 0x31, + 0x76, 0x74, 0x02, 0x16, 0x8b, 0xdd, 0x7f, 0xd1, + 0x11, 0x62, 0x27, 0x42, 0x39, 0xe0, 0x9a, 0x63, + 0x26, 0x31, 0x19, 0xce, 0x3d, 0x41, 0xd5, 0x24, + 0x47, 0x32, 0x0f, 0x76, 0xd6, 0x41, 0x37, 0x44, + 0xad, 0x73, 0xf1, 0xb8, 0xec, 0x2b, 0x6e, 0x9c, + 0x4f, 0x84, 0xc4, 0x4e, 0xd7, 0x92, 0x10, 0x7e, + 0x23, 0x32, 0xa0, 0x75, 0x6a, 0xe7, 0xfe, 0x55, + 0x95, 0x9f, 0x0a, 0xad, 0xdf, 0xf9, 0x2a, 0xa2, + 0x1a, 0x59, 0xd5, 0x82, 0x63, 0xd6, 0x5d, 0x7d, + 0x79, 0xf4, 0xa7, 0x2d, 0xdc, 0x8c, 0x04, 0xcd, + 0x98, 0xb0, 0x42, 0x0e, 0x84, 0xfa, 0x86, 0x50, + 0x10, 0x61, 0xac, 0x73, 0xcd, 0x79, 0x45, 0x30, + 0xe8, 0x42, 0xa1, 0x6a, 0xf6, 0x77, 0x55, 0xec, + 0x07, 0xdb, 0x52, 0x29, 0xca, 0x7a, 0xc8, 0xa2, + 0xda, 0xe9, 0xf5, 0x98, 0x33, 0x6a, 0xe8, 0xbc, + 0x89, 0xed, 0x01, 0xe2, 0xfe, 0x44, 0x86, 0x86, + 0x80, 0x39, 0xec, + /* ClientKeyExchange */ + 0x16, 0x03, 0x03, 0x00, 0x46, + 0x10, 0x00, 0x00, 0x42, 0x41, 0x04, 0xc5, 0xb9, + 0x0f, 0xbc, 0x84, 0xe6, 0x0c, 0x02, 0xa6, 0x8d, + 0x34, 0xa6, 0x3e, 0x1e, 0xb7, 0x88, 0xb8, 0x68, + 0x29, 0x2b, 0x85, 0x67, 0xe2, 0x62, 0x4d, 0xd9, + 0xa4, 0x38, 0xb3, 0xec, 0x33, 0xa1, 0xe5, 0xe1, + 0xae, 0xe9, 0x07, 0xd1, 0xea, 0x1b, 0xec, 0xa6, + 0xaf, 0x1f, 0x80, 0x87, 0x7c, 0x53, 0x80, 0x04, + 0xee, 0x20, 0xeb, 0x64, 0x0d, 0xa0, 0xf7, 0x62, + 0xb1, 0xcc, 0x73, 0x97, 0xf5, 0x80, + /* CertificateVerify */ + 0x16, 0x03, 0x03, 0x01, 0x08, + /* 0x04 - sha256, changed to 0x02 - sha1 */ + 0x0f, 0x00, 0x01, 0x04, 0x08, 0x02, 0x01, 0x00, + 0x8b, 0x09, 0xa4, 0x58, 0x8d, 0x68, 0xd9, 0xc9, + 0xef, 0xe9, 0xa5, 0x98, 0x7f, 0xa3, 0xa9, 0x7b, + 0x56, 0xf7, 0xaa, 0x5f, 0x8f, 0x47, 0x7f, 0xd0, + 0x7b, 0xcf, 0x4f, 0x84, 0xe1, 0xa9, 0x0e, 0xa8, + 0x83, 0x19, 0xd8, 0xb3, 0x97, 0x23, 0x98, 0xc5, + 0x2b, 0x56, 0x82, 0x66, 0x94, 0xcc, 0xd7, 0x23, + 0xe6, 0x6e, 0x60, 0x83, 0x78, 0xfb, 0xaf, 0x8e, + 0x8b, 0xae, 0x1f, 0x3c, 0x34, 0x96, 0x3b, 0xd5, + 0x8d, 0x1e, 0xaf, 0x98, 0x1d, 0x27, 0x86, 0x97, + 0x42, 0xd4, 0xfc, 0x62, 0xbc, 0x43, 0x94, 0x98, + 0x19, 0x26, 0x87, 0xb0, 0x8c, 0xb5, 0x22, 0xa7, + 0x6a, 0x5e, 0x56, 0x73, 0x0a, 0x75, 0xc9, 0xb9, + 0x0e, 0xf7, 0x49, 0x4f, 0xa2, 0x0f, 0xfb, 0xdf, + 0x3e, 0xe4, 0xc8, 0x31, 0x26, 0xc5, 0x5c, 0x83, + 0x9f, 0x13, 0xcb, 0x4c, 0xdc, 0x21, 0xe6, 0x24, + 0x2d, 0xd3, 0xe8, 0x18, 0x04, 0xaf, 0x5c, 0x42, + 0x03, 0xa3, 0x0a, 0xb5, 0xfc, 0xb9, 0xbc, 0x8e, + 0xd3, 0xe0, 0x78, 0xdc, 0xef, 0xb9, 0x91, 0x9f, + 0x5b, 0xdc, 0xe3, 0x84, 0xd2, 0xca, 0x32, 0x33, + 0x00, 0x7c, 0x13, 0xd3, 0x2d, 0x85, 0x65, 0x00, + 0xc0, 0xb0, 0xde, 0x85, 0x37, 0x38, 0x18, 0xd2, + 0x81, 0xd4, 0x35, 0xeb, 0xf1, 0xfb, 0x9f, 0x6c, + 0x96, 0x95, 0xf5, 0xaa, 0xfd, 0x22, 0xca, 0x20, + 0xfd, 0x3b, 0xa9, 0xa7, 0xb6, 0x5a, 0x26, 0x02, + 0xb6, 0x0e, 0xdd, 0xaa, 0x0f, 0xa8, 0x96, 0x18, + 0xaa, 0xb1, 0x79, 0x9c, 0x17, 0xb0, 0x7e, 0xa7, + 0x4f, 0xc0, 0x98, 0x27, 0xbe, 0xac, 0x00, 0xda, + 0x3b, 0x2e, 0xd4, 0x11, 0x41, 0x54, 0x34, 0x53, + 0x5f, 0xc5, 0xcd, 0x72, 0xd7, 0x36, 0x04, 0xe1, + 0x7f, 0xcf, 0x1e, 0x01, 0x97, 0xec, 0xeb, 0xad, + 0x1c, 0xc6, 0x7f, 0x2d, 0x8c, 0x68, 0x29, 0xd1, + 0x93, 0x47, 0x59, 0xc0, 0xe2, 0x4a, 0x36, 0x6c + }; + WOLFSSL_CTX* ctx = NULL; + WOLFSSL* ssl = NULL; + WOLFSSL_BUFFER_INFO msg; + + /* Set up wolfSSL context. */ + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + CERT_FILETYPE)); + if (EXPECT_SUCCESS()) { + wolfSSL_CTX_set_verify(ctx, WOLFSSL_VERIFY_NONE, NULL); + } + /* Read from 'msg'. */ + wolfSSL_SetIORecv(ctx, CsRecv); + /* No where to send to - dummy sender. */ + wolfSSL_SetIOSend(ctx, CsSend); + + ExpectNotNull(ssl = wolfSSL_new(ctx)); + msg.buffer = clientMsgs; + msg.length = (unsigned int)sizeof(clientMsgs); + if (EXPECT_SUCCESS()) { + wolfSSL_SetIOReadCtx(ssl, &msg); + } + /* Read all message include CertificateVerify with invalid signature + * algorithm. */ + ExpectIntEQ(wolfSSL_accept(ssl), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + /* Expect an invalid parameter error. */ + ExpectIntEQ(wolfSSL_get_error(ssl, WOLFSSL_FATAL_ERROR), -425); + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + diff --git a/test/ssl/wolfssl/tests/api/test_tls.h b/test/ssl/wolfssl/tests/api/test_tls.h new file mode 100644 index 000000000..b964503ba --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_tls.h @@ -0,0 +1,42 @@ +/* test_tls.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef TESTS_API_TEST_TLS_H +#define TESTS_API_TEST_TLS_H + +int test_utils_memio_move_message(void); +int test_tls12_unexpected_ccs(void); +int test_tls13_unexpected_ccs(void); +int test_tls12_curve_intersection(void); +int test_tls13_curve_intersection(void); +int test_tls_certreq_order(void); +int test_tls12_bad_cv_sig_alg(void); + +#define TEST_TLS_DECLS \ + TEST_DECL_GROUP("tls", test_utils_memio_move_message), \ + TEST_DECL_GROUP("tls", test_tls12_unexpected_ccs), \ + TEST_DECL_GROUP("tls", test_tls13_unexpected_ccs), \ + TEST_DECL_GROUP("tls", test_tls12_curve_intersection), \ + TEST_DECL_GROUP("tls", test_tls13_curve_intersection), \ + TEST_DECL_GROUP("tls", test_tls_certreq_order), \ + TEST_DECL_GROUP("tls", test_tls12_bad_cv_sig_alg) + +#endif /* TESTS_API_TEST_TLS_H */ diff --git a/test/ssl/wolfssl/tests/api/test_tls13.c b/test/ssl/wolfssl/tests/api/test_tls13.c new file mode 100644 index 000000000..dc23854f5 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_tls13.c @@ -0,0 +1,2326 @@ +/* test_tls13.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include + +#if defined(WOLFSSL_SEND_HRR_COOKIE) && !defined(NO_WOLFSSL_SERVER) +#ifdef WC_SHA384_DIGEST_SIZE + WC_MAYBE_UNUSED static byte fixedKey[WC_SHA384_DIGEST_SIZE] = { 0, }; +#else + WC_MAYBE_UNUSED static byte fixedKey[WC_SHA256_DIGEST_SIZE] = { 0, }; +#endif +#endif +#ifdef WOLFSSL_EARLY_DATA +static const char earlyData[] = "Early Data"; +static char earlyDataBuffer[1]; +#endif + +int test_tls13_apis(void) +{ + EXPECT_DECLS; +#ifdef WOLFSSL_TLS13 +#if defined(HAVE_SUPPORTED_CURVES) && defined(HAVE_ECC) && \ + (!defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT)) + int ret; +#endif +#ifndef WOLFSSL_NO_TLS12 +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_CTX* clientTls12Ctx = NULL; + WOLFSSL* clientTls12Ssl = NULL; +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_CTX* serverTls12Ctx = NULL; + WOLFSSL* serverTls12Ssl = NULL; +#endif +#endif +#ifndef NO_WOLFSSL_CLIENT + WOLFSSL_CTX* clientCtx = NULL; + WOLFSSL* clientSsl = NULL; +#endif +#ifndef NO_WOLFSSL_SERVER + WOLFSSL_CTX* serverCtx = NULL; + WOLFSSL* serverSsl = NULL; +#if !defined(NO_CERTS) && !defined(NO_FILESYSTEM) +#ifndef NO_RSA + const char* ourCert = svrCertFile; + const char* ourKey = svrKeyFile; +#elif defined(HAVE_ECC) + const char* ourCert = eccCertFile; + const char* ourKey = eccKeyFile; +#elif defined(HAVE_ED25519) + const char* ourCert = edCertFile; + const char* ourKey = edKeyFile; +#elif defined(HAVE_ED448) + const char* ourCert = ed448CertFile; + const char* ourKey = ed448KeyFile; +#endif +#endif +#endif + int required; +#ifdef WOLFSSL_EARLY_DATA + int outSz; +#endif +#if defined(HAVE_ECC) && defined(HAVE_SUPPORTED_CURVES) + int groups[2] = { WOLFSSL_ECC_SECP256R1, +#ifdef WOLFSSL_HAVE_MLKEM +#ifdef WOLFSSL_MLKEM_KYBER + #ifndef WOLFSSL_NO_KYBER512 + WOLFSSL_KYBER_LEVEL1 + #elif !defined(WOLFSSL_NO_KYBER768) + WOLFSSL_KYBER_LEVEL3 + #else + WOLFSSL_KYBER_LEVEL5 + #endif +#else + #ifndef WOLFSSL_NO_ML_KEM_512 + WOLFSSL_ML_KEM_512 + #elif !defined(WOLFSSL_NO_ML_KEM_768) + WOLFSSL_ML_KEM_768 + #else + WOLFSSL_ML_KEM_1024 + #endif +#endif +#else + WOLFSSL_ECC_SECP256R1 +#endif + }; +#if !defined(NO_WOLFSSL_SERVER) || !defined(NO_WOLFSSL_CLIENT) + int bad_groups[2] = { 0xDEAD, 0xBEEF }; +#endif /* !NO_WOLFSSL_SERVER || !NO_WOLFSSL_CLIENT */ + int numGroups = 2; +#endif + +/* LIBBITCOIN: fux unused variable warning. */ +#ifdef HAVE_SUPPORTED_CURVES + +#if defined(OPENSSL_EXTRA) && defined(HAVE_ECC) + char groupList[] = +#ifdef HAVE_CURVE25519 + "X25519:" +#endif +#ifdef HAVE_CURVE448 + "X448:" +#endif +#ifndef NO_ECC_SECP +#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 + "P-521:secp521r1:" +#endif +#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 + "P-384:secp384r1:" +#endif +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 + "P-256:secp256r1" +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \ + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +#ifdef WOLFSSL_MLKEM_KYBER + #ifndef WOLFSSL_NO_KYBER512 + ":P256_KYBER_LEVEL1" + #elif !defined(WOLFSSL_NO_KYBER768) + ":P256_KYBER_LEVEL3" + #else + ":P256_KYBER_LEVEL5" + #endif +#else + #ifndef WOLFSSL_NO_KYBER512 + ":SecP256r1MLKEM512" + #elif !defined(WOLFSSL_NO_KYBER768) + ":SecP384r1MLKEM768" + #else + ":SecP521r1MLKEM1024" + #endif +#endif +#endif +#endif +#endif /* !defined(NO_ECC_SECP) */ +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \ + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +#ifdef WOLFSSL_MLKEM_KYBER + #ifndef WOLFSSL_NO_KYBER512 + ":KYBER_LEVEL1" + #elif !defined(WOLFSSL_NO_KYBER768) + ":KYBER_LEVEL3" + #else + ":KYBER_LEVEL5" + #endif +#else + #ifndef WOLFSSL_NO_KYBER512 + ":ML_KEM_512" + #elif !defined(WOLFSSL_NO_KYBER768) + ":ML_KEM_768" + #else + ":ML_KEM_1024" + #endif +#endif +#endif + ""; +#endif /* defined(OPENSSL_EXTRA) && defined(HAVE_ECC) */ +#endif /* HAVE_SUPPORTED_CURVES */ + +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \ + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) + int mlkemLevel; +#endif + +#ifndef WOLFSSL_NO_TLS12 +#ifndef NO_WOLFSSL_CLIENT + clientTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_client_method()); + clientTls12Ssl = wolfSSL_new(clientTls12Ctx); +#endif +#ifndef NO_WOLFSSL_SERVER + serverTls12Ctx = wolfSSL_CTX_new(wolfTLSv1_2_server_method()); +#if !defined(NO_CERTS) + #if !defined(NO_FILESYSTEM) + wolfSSL_CTX_use_certificate_chain_file(serverTls12Ctx, ourCert); + wolfSSL_CTX_use_PrivateKey_file(serverTls12Ctx, ourKey, + CERT_FILETYPE); + #elif defined(USE_CERT_BUFFERS_2048) + wolfSSL_CTX_use_certificate_chain_buffer_format(serverTls12Ctx, + server_cert_der_2048, sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1); + wolfSSL_CTX_use_PrivateKey_buffer(serverTls12Ctx, server_key_der_2048, + sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1); + #elif defined(USE_CERT_BUFFERS_256) + wolfSSL_CTX_use_certificate_chain_buffer_format(serverTls12Ctx, + serv_ecc_der_256, sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1); + wolfSSL_CTX_use_PrivateKey_buffer(serverTls12Ctx, ecc_key_der_256, + sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1); + #endif +#endif + serverTls12Ssl = wolfSSL_new(serverTls12Ctx); +#endif +#endif + +#ifndef NO_WOLFSSL_CLIENT + clientCtx = wolfSSL_CTX_new(wolfTLSv1_3_client_method()); + clientSsl = wolfSSL_new(clientCtx); +#endif +#ifndef NO_WOLFSSL_SERVER + serverCtx = wolfSSL_CTX_new(wolfTLSv1_3_server_method()); +#if !defined(NO_CERTS) + /* ignore load failures, since we just need the server to have a cert set */ + #if !defined(NO_FILESYSTEM) + wolfSSL_CTX_use_certificate_chain_file(serverCtx, ourCert); + wolfSSL_CTX_use_PrivateKey_file(serverCtx, ourKey, CERT_FILETYPE); + #elif defined(USE_CERT_BUFFERS_2048) + wolfSSL_CTX_use_certificate_chain_buffer_format(serverCtx, + server_cert_der_2048, sizeof_server_cert_der_2048, + WOLFSSL_FILETYPE_ASN1); + wolfSSL_CTX_use_PrivateKey_buffer(serverCtx, server_key_der_2048, + sizeof_server_key_der_2048, WOLFSSL_FILETYPE_ASN1); + #elif defined(USE_CERT_BUFFERS_256) + wolfSSL_CTX_use_certificate_chain_buffer_format(serverCtx, serv_ecc_der_256, + sizeof_serv_ecc_der_256, WOLFSSL_FILETYPE_ASN1); + wolfSSL_CTX_use_PrivateKey_buffer(serverCtx, ecc_key_der_256, + sizeof_ecc_key_der_256, WOLFSSL_FILETYPE_ASN1); + #endif +#endif + serverSsl = wolfSSL_new(serverCtx); + ExpectNotNull(serverSsl); +#endif + +#ifdef WOLFSSL_SEND_HRR_COOKIE + ExpectIntEQ(wolfSSL_send_hrr_cookie(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_send_hrr_cookie(clientSsl, NULL, 0), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_SERVER +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_send_hrr_cookie(serverTls12Ssl, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + ExpectIntEQ(wolfSSL_send_hrr_cookie(serverSsl, NULL, 0), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_send_hrr_cookie(serverSsl, fixedKey, sizeof(fixedKey)), + WOLFSSL_SUCCESS); +#endif +#endif + +#ifdef HAVE_SUPPORTED_CURVES +#ifdef HAVE_ECC + ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + do { + ret = wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_SECP256R1); + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(serverSsl, WOLF_POLL_FLAG_CHECK_HW); + #endif + } + while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + do { + ret = wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1); + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(clientTls12Ssl, WOLF_POLL_FLAG_CHECK_HW); + #endif + } + while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); +#endif + do { + ret = wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1); + #ifdef WOLFSSL_ASYNC_CRYPT + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) + wolfSSL_AsyncPoll(clientSsl, WOLF_POLL_FLAG_CHECK_HW); + #endif + } + while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + ExpectIntEQ(ret, WOLFSSL_SUCCESS); +#endif +#elif defined(HAVE_CURVE25519) + ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X25519), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X25519), + WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X25519), + WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X25519), + WOLFSSL_SUCCESS); +#endif +#elif defined(HAVE_CURVE448) + ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_X448), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, WOLFSSL_ECC_X448), + WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_X448), + WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_X448), + WOLFSSL_SUCCESS); +#endif +#else + ExpectIntEQ(wolfSSL_UseKeyShare(NULL, WOLFSSL_ECC_SECP256R1), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, WOLFSSL_ECC_SECP256R1), + WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif + ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, WOLFSSL_ECC_SECP256R1), + WC_NO_ERR_TRACE(NOT_COMPILED_IN)); +#endif +#endif + +#if defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_MALLOC) && \ + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) && \ + !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +#ifndef WOLFSSL_NO_ML_KEM +#ifndef WOLFSSL_NO_ML_KEM_768 + mlkemLevel = WOLFSSL_ML_KEM_768; +#elif !defined(WOLFSSL_NO_ML_KEM_1024) + mlkemLevel = WOLFSSL_ML_KEM_1024; +#else + mlkemLevel = WOLFSSL_ML_KEM_512; +#endif +#else +#ifndef WOLFSSL_NO_KYBER768 + mlkemLevel = WOLFSSL_KYBER_LEVEL3; +#elif !defined(WOLFSSL_NO_KYBER1024) + mlkemLevel = WOLFSSL_KYBER_LEVEL5; +#else + mlkemLevel = WOLFSSL_KYBER_LEVEL1; +#endif +#endif + ExpectIntEQ(wolfSSL_UseKeyShare(NULL, mlkemLevel), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_UseKeyShare(serverSsl, mlkemLevel), + WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_UseKeyShare(clientTls12Ssl, mlkemLevel), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_UseKeyShare(clientSsl, mlkemLevel), + WOLFSSL_SUCCESS); +#endif +#endif + + ExpectIntEQ(wolfSSL_NoKeyShares(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_NoKeyShares(serverSsl), WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_NoKeyShares(clientTls12Ssl), WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_NoKeyShares(clientSsl), WOLFSSL_SUCCESS); +#endif +#endif /* HAVE_SUPPORTED_CURVES */ + + ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(clientCtx), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_SERVER +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverTls12Ctx), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_CTX_no_ticket_TLSv13(serverCtx), 0); +#endif + + ExpectIntEQ(wolfSSL_no_ticket_TLSv13(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_no_ticket_TLSv13(clientSsl), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_SERVER +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverTls12Ssl), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_no_ticket_TLSv13(serverSsl), 0); +#endif + + ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientTls12Ctx), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(clientCtx), 0); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_CTX_no_dhe_psk(serverCtx), 0); +#endif + + ExpectIntEQ(wolfSSL_no_dhe_psk(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_no_dhe_psk(clientTls12Ssl), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_no_dhe_psk(clientSsl), 0); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_no_dhe_psk(serverSsl), 0); +#endif + + ExpectIntEQ(wolfSSL_update_keys(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_update_keys(clientTls12Ssl), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_update_keys(clientSsl), + WC_NO_ERR_TRACE(BUILD_MSG_ERROR)); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_update_keys(serverSsl), + WC_NO_ERR_TRACE(BUILD_MSG_ERROR)); +#endif + + ExpectIntEQ(wolfSSL_key_update_response(NULL, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_key_update_response(NULL, &required), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_key_update_response(clientTls12Ssl, &required), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_key_update_response(clientSsl, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_key_update_response(serverSsl, NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + +#if !defined(NO_CERTS) && defined(WOLFSSL_POST_HANDSHAKE_AUTH) + ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(serverCtx), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientTls12Ctx), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_CTX_allow_post_handshake_auth(clientCtx), 0); +#endif + + ExpectIntEQ(wolfSSL_allow_post_handshake_auth(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_allow_post_handshake_auth(serverSsl), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientTls12Ssl), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_allow_post_handshake_auth(clientSsl), 0); +#endif + + ExpectIntEQ(wolfSSL_request_certificate(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_request_certificate(clientSsl), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_SERVER +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_request_certificate(serverTls12Ssl), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_request_certificate(serverSsl), + WC_NO_ERR_TRACE(NOT_READY_ERROR)); +#endif +#endif + +#ifdef HAVE_ECC +#ifndef WOLFSSL_NO_SERVER_GROUPS_EXT + ExpectIntEQ(wolfSSL_preferred_group(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_preferred_group(serverSsl), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_preferred_group(clientTls12Ssl), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_preferred_group(clientSsl), + WC_NO_ERR_TRACE(NOT_READY_ERROR)); +#endif +#endif + +#ifdef HAVE_SUPPORTED_CURVES + ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_CTX_set_groups(NULL, groups, numGroups), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_CTX_set_groups(clientTls12Ctx, groups, numGroups), + WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, + WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, groups, numGroups), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_set_groups(clientCtx, bad_groups, numGroups), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, groups, numGroups), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_CTX_set_groups(serverCtx, bad_groups, numGroups), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + + ExpectIntEQ(wolfSSL_set_groups(NULL, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_set_groups(clientSsl, NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_set_groups(NULL, groups, numGroups), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_set_groups(clientTls12Ssl, groups, numGroups), + WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, + WOLFSSL_MAX_GROUP_COUNT + 1), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_set_groups(clientSsl, groups, numGroups), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set_groups(clientSsl, bad_groups, numGroups), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_set_groups(serverSsl, groups, numGroups), + WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_set_groups(serverSsl, bad_groups, numGroups), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + +#ifdef OPENSSL_EXTRA + ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + ExpectIntEQ(wolfSSL_CTX_set1_groups_list(NULL, groupList), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientTls12Ctx, groupList), + WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_CTX_set1_groups_list(clientCtx, groupList), + WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_CTX_set1_groups_list(serverCtx, groupList), + WOLFSSL_SUCCESS); +#endif + + ExpectIntEQ(wolfSSL_set1_groups_list(NULL, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, NULL), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#endif + ExpectIntEQ(wolfSSL_set1_groups_list(NULL, groupList), + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)); +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_set1_groups_list(clientTls12Ssl, groupList), + WOLFSSL_SUCCESS); +#endif + ExpectIntEQ(wolfSSL_set1_groups_list(clientSsl, groupList), + WOLFSSL_SUCCESS); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_set1_groups_list(serverSsl, groupList), + WOLFSSL_SUCCESS); +#endif +#endif /* OPENSSL_EXTRA */ +#endif /* HAVE_SUPPORTED_CURVES */ +#endif /* HAVE_ECC */ + +#ifdef WOLFSSL_EARLY_DATA +#ifndef OPENSSL_EXTRA + ExpectIntEQ(wolfSSL_CTX_set_max_early_data(NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_get_max_early_data(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#else + ExpectIntEQ(SSL_CTX_set_max_early_data(NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(SSL_CTX_get_max_early_data(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef OPENSSL_EXTRA + ExpectIntEQ(wolfSSL_CTX_set_max_early_data(clientCtx, 0), + WC_NO_ERR_TRACE(SIDE_ERROR)); + ExpectIntEQ(wolfSSL_CTX_get_max_early_data(clientCtx), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#else + ExpectIntEQ(SSL_CTX_set_max_early_data(clientCtx, 0), + WC_NO_ERR_TRACE(SIDE_ERROR)); + ExpectIntEQ(SSL_CTX_get_max_early_data(clientCtx), + WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#endif +#ifndef NO_WOLFSSL_SERVER +#ifndef WOLFSSL_NO_TLS12 +#ifndef OPENSSL_EXTRA + ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverTls12Ctx, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverTls12Ctx), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#else + ExpectIntEQ(SSL_CTX_set_max_early_data(serverTls12Ctx, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(SSL_CTX_get_max_early_data(serverTls12Ctx), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#endif +#ifndef OPENSSL_EXTRA +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), + WOLFSSL_SUCCESS); +#else + ExpectIntEQ(wolfSSL_CTX_set_max_early_data(serverCtx, 32), 0); +#endif + ExpectIntEQ(wolfSSL_CTX_get_max_early_data(serverCtx), 32); +#else + ExpectIntEQ(SSL_CTX_set_max_early_data(serverCtx, 32), 1); + ExpectIntEQ(SSL_CTX_get_max_early_data(serverCtx), 32); +#endif +#endif + +#ifndef OPENSSL_EXTRA + ExpectIntEQ(wolfSSL_set_max_early_data(NULL, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_get_max_early_data(NULL), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#else + ExpectIntEQ(SSL_set_max_early_data(NULL, 0), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(SSL_get_max_early_data(NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef OPENSSL_EXTRA +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS); +#else + ExpectIntEQ(wolfSSL_set_max_early_data(clientSsl, 17), 0); +#endif + ExpectIntEQ(wolfSSL_get_max_early_data(clientSsl), 17); +#else + ExpectIntEQ(SSL_set_max_early_data(clientSsl, 17), WOLFSSL_SUCCESS); + ExpectIntEQ(SSL_get_max_early_data(clientSsl), 17); +#endif +#endif +#ifndef NO_WOLFSSL_SERVER +#ifndef WOLFSSL_NO_TLS12 +#ifndef OPENSSL_EXTRA + ExpectIntEQ(wolfSSL_set_max_early_data(serverTls12Ssl, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_get_max_early_data(serverTls12Ssl), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#else + ExpectIntEQ(SSL_set_max_early_data(serverTls12Ssl, 0), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(SSL_get_max_early_data(serverTls12Ssl), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#endif +#ifndef OPENSSL_EXTRA +#ifdef WOLFSSL_ERROR_CODE_OPENSSL + ExpectIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), WOLFSSL_SUCCESS); +#else + ExpectIntEQ(wolfSSL_set_max_early_data(serverSsl, 16), 0); +#endif + ExpectIntEQ(wolfSSL_get_max_early_data(serverSsl), 16); +#else + ExpectIntEQ(SSL_set_max_early_data(serverSsl, 16), 1); + ExpectIntEQ(SSL_get_max_early_data(serverSsl), 16); +#endif +#endif + + + ExpectIntEQ(wolfSSL_write_early_data(NULL, earlyData, sizeof(earlyData), + &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_write_early_data(clientSsl, NULL, sizeof(earlyData), + &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, -1, &outSz), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, + sizeof(earlyData), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_write_early_data(serverSsl, earlyData, + sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_CLIENT +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_write_early_data(clientTls12Ssl, earlyData, + sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_write_early_data(clientSsl, earlyData, + sizeof(earlyData), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); +#endif + + ExpectIntEQ(wolfSSL_read_early_data(NULL, earlyDataBuffer, + sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#ifndef NO_WOLFSSL_SERVER + ExpectIntEQ(wolfSSL_read_early_data(serverSsl, NULL, + sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, -1, + &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, + sizeof(earlyDataBuffer), NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif +#ifndef NO_WOLFSSL_CLIENT + ExpectIntEQ(wolfSSL_read_early_data(clientSsl, earlyDataBuffer, + sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(SIDE_ERROR)); +#endif +#ifndef NO_WOLFSSL_SERVER +#ifndef WOLFSSL_NO_TLS12 + ExpectIntEQ(wolfSSL_read_early_data(serverTls12Ssl, earlyDataBuffer, + sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); +#endif + ExpectIntEQ(wolfSSL_read_early_data(serverSsl, earlyDataBuffer, + sizeof(earlyDataBuffer), &outSz), WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); +#endif +#endif + +#if defined(OPENSSL_EXTRA) && defined(WOLFSSL_EARLY_DATA) + ExpectIntLT(SSL_get_early_data_status(NULL), 0); +#endif + + +#ifndef NO_WOLFSSL_SERVER + wolfSSL_free(serverSsl); + wolfSSL_CTX_free(serverCtx); +#endif +#ifndef NO_WOLFSSL_CLIENT + wolfSSL_free(clientSsl); + wolfSSL_CTX_free(clientCtx); +#endif + +#ifndef WOLFSSL_NO_TLS12 +#ifndef NO_WOLFSSL_SERVER + wolfSSL_free(serverTls12Ssl); + wolfSSL_CTX_free(serverTls12Ctx); +#endif +#ifndef NO_WOLFSSL_CLIENT + wolfSSL_free(clientTls12Ssl); + wolfSSL_CTX_free(clientTls12Ctx); +#endif +#endif +#endif /* WOLFSSL_TLS13 */ + + return EXPECT_RESULT(); +} + +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && \ + !defined(NO_WOLFSSL_SERVER) && defined(HAVE_ECC) && \ + defined(BUILD_TLS_AES_128_GCM_SHA256) && \ + defined(BUILD_TLS_AES_256_GCM_SHA384) +/* Called when writing. */ +static int CsSend(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + (void)ssl; + (void)buf; + (void)sz; + (void)ctx; + + /* Force error return from wolfSSL_accept_TLSv13(). */ + return WANT_WRITE; +} +/* Called when reading. */ +static int CsRecv(WOLFSSL* ssl, char* buf, int sz, void* ctx) +{ + WOLFSSL_BUFFER_INFO* msg = (WOLFSSL_BUFFER_INFO*)ctx; + int len = (int)msg->length; + + (void)ssl; + (void)sz; + + /* Pass back as much of message as will fit in buffer. */ + if (len > sz) + len = sz; + XMEMCPY(buf, msg->buffer, len); + /* Move over returned data. */ + msg->buffer += len; + msg->length -= len; + + /* Amount actually copied. */ + return len; +} +#endif + +int test_tls13_cipher_suites(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && defined(HAVE_SESSION_TICKET) && \ + !defined(NO_WOLFSSL_SERVER) && defined(HAVE_ECC) && \ + defined(BUILD_TLS_AES_128_GCM_SHA256) && \ + defined(BUILD_TLS_AES_256_GCM_SHA384) + WOLFSSL_CTX* ctx = NULL; + WOLFSSL *ssl = NULL; + int i; + byte clientHello[] = { + 0x16, 0x03, 0x03, 0x01, 0x9b, 0x01, 0x00, 0x01, + 0x97, 0x03, 0x03, 0xf4, 0x65, 0xbd, 0x22, 0xfe, + 0x6e, 0xab, 0x66, 0xdd, 0xcf, 0xe9, 0x65, 0x55, + 0xe8, 0xdf, 0xc3, 0x8e, 0x4b, 0x00, 0xbc, 0xf8, + 0x23, 0x57, 0x1b, 0xa0, 0xc8, 0xa9, 0xe2, 0x8c, + 0x91, 0x6e, 0xf9, 0x20, 0xf7, 0x5c, 0xc5, 0x5b, + 0x75, 0x8c, 0x47, 0x0a, 0x0e, 0xc4, 0x1a, 0xda, + 0xef, 0x75, 0xe5, 0x21, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x04, + /* Cipher suites: 0x13, 0x01 = TLS13-AES128-GCM-SHA256, twice. */ + 0x13, 0x01, + 0x13, 0x01, 0x01, 0x00, 0x01, 0x4a, 0x00, 0x2d, + 0x00, 0x03, 0x02, 0x00, 0x01, 0x00, 0x33, 0x00, + 0x47, 0x00, 0x45, 0x00, 0x17, 0x00, 0x41, 0x04, + 0x90, 0xfc, 0xe2, 0x97, 0x05, 0x7c, 0xb5, 0x23, + 0x5d, 0x5f, 0x5b, 0xcd, 0x0c, 0x1e, 0xe0, 0xe9, + 0xab, 0x38, 0x6b, 0x1e, 0x20, 0x5c, 0x1c, 0x90, + 0x2a, 0x9e, 0x68, 0x8e, 0x70, 0x05, 0x10, 0xa8, + 0x02, 0x1b, 0xf9, 0x5c, 0xef, 0xc9, 0xaf, 0xca, + 0x1a, 0x3b, 0x16, 0x8b, 0xe4, 0x1b, 0x3c, 0x15, + 0xb8, 0x0d, 0xbd, 0xaf, 0x62, 0x8d, 0xa7, 0x13, + 0xa0, 0x7c, 0xe0, 0x59, 0x0c, 0x4f, 0x8a, 0x6d, + 0x00, 0x2b, 0x00, 0x03, 0x02, 0x03, 0x04, 0x00, + 0x0d, 0x00, 0x20, 0x00, 0x1e, 0x06, 0x03, 0x05, + 0x03, 0x04, 0x03, 0x02, 0x03, 0x08, 0x06, 0x08, + 0x0b, 0x08, 0x05, 0x08, 0x0a, 0x08, 0x04, 0x08, + 0x09, 0x06, 0x01, 0x05, 0x01, 0x04, 0x01, 0x03, + 0x01, 0x02, 0x01, 0x00, 0x0a, 0x00, 0x04, 0x00, + 0x02, 0x00, 0x17, 0x00, 0x16, 0x00, 0x00, 0x00, + 0x23, 0x00, 0x00, 0x00, 0x29, 0x00, 0xb9, 0x00, + 0x94, 0x00, 0x8e, 0x0f, 0x12, 0xfa, 0x84, 0x1f, + 0x76, 0x94, 0xd7, 0x09, 0x5e, 0xad, 0x08, 0x51, + 0xb6, 0x80, 0x28, 0x31, 0x8b, 0xfd, 0xc6, 0xbd, + 0x9e, 0xf5, 0x3b, 0x4d, 0x02, 0xbe, 0x1d, 0x73, + 0xea, 0x13, 0x68, 0x00, 0x4c, 0xfd, 0x3d, 0x48, + 0x51, 0xf9, 0x06, 0xbb, 0x92, 0xed, 0x42, 0x9f, + 0x7f, 0x2c, 0x73, 0x9f, 0xd9, 0xb4, 0xef, 0x05, + 0x26, 0x5b, 0x60, 0x5c, 0x0a, 0xfc, 0xa3, 0xbd, + 0x2d, 0x2d, 0x8b, 0xf9, 0xaa, 0x5c, 0x96, 0x3a, + 0xf2, 0xec, 0xfa, 0xe5, 0x57, 0x2e, 0x87, 0xbe, + 0x27, 0xc5, 0x3d, 0x4f, 0x5d, 0xdd, 0xde, 0x1c, + 0x1b, 0xb3, 0xcc, 0x27, 0x27, 0x57, 0x5a, 0xd9, + 0xea, 0x99, 0x27, 0x23, 0xa6, 0x0e, 0xea, 0x9c, + 0x0d, 0x85, 0xcb, 0x72, 0xeb, 0xd7, 0x93, 0xe3, + 0xfe, 0xf7, 0x5c, 0xc5, 0x5b, 0x75, 0x8c, 0x47, + 0x0a, 0x0e, 0xc4, 0x1a, 0xda, 0xef, 0x75, 0xe5, + 0x21, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0xfb, 0x92, 0xce, 0xaa, 0x00, 0x21, 0x20, + 0xcb, 0x73, 0x25, 0x80, 0x46, 0x78, 0x4f, 0xe5, + 0x34, 0xf6, 0x91, 0x13, 0x7f, 0xc8, 0x8d, 0xdc, + 0x81, 0x04, 0xb7, 0x0d, 0x49, 0x85, 0x2e, 0x12, + 0x7a, 0x07, 0x23, 0xe9, 0x13, 0xa4, 0x6d, 0x8c + }; + WOLFSSL_BUFFER_INFO msg; + /* Offset into ClientHello message data of first cipher suite. */ + const int csOff = 78; + /* Server cipher list. */ + const char* serverCs = "TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256"; + /* Suite list with duplicates. */ + const char* dupCs = "TLS13-AES128-GCM-SHA256:" + "TLS13-AES128-GCM-SHA256:" + "TLS13-AES256-GCM-SHA384:" + "TLS13-AES256-GCM-SHA384:" + "TLS13-AES128-GCM-SHA256"; +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES) + const byte dupCsBytes[] = { TLS13_BYTE, TLS_AES_256_GCM_SHA384, + TLS13_BYTE, TLS_AES_256_GCM_SHA384, + TLS13_BYTE, TLS_AES_128_GCM_SHA256, + TLS13_BYTE, TLS_AES_128_GCM_SHA256, + TLS13_BYTE, TLS_AES_256_GCM_SHA384 }; +#endif + + /* Set up wolfSSL context. */ + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, eccCertFile, + CERT_FILETYPE)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, eccKeyFile, + CERT_FILETYPE)); + /* Read from 'msg'. */ + wolfSSL_SetIORecv(ctx, CsRecv); + /* No where to send to - dummy sender. */ + wolfSSL_SetIOSend(ctx, CsSend); + + /* Test cipher suite list with many copies of a cipher suite. */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + msg.buffer = clientHello; + msg.length = (unsigned int)sizeof(clientHello); + wolfSSL_SetIOReadCtx(ssl, &msg); + /* Force server to have as many occurrences of same cipher suite as + * possible. */ + if (ssl != NULL) { + Suites* suites = (Suites*)WOLFSSL_SUITES(ssl); + suites->suiteSz = WOLFSSL_MAX_SUITE_SZ; + for (i = 0; i < suites->suiteSz; i += 2) { + suites->suites[i + 0] = TLS13_BYTE; + suites->suites[i + 1] = TLS_AES_128_GCM_SHA256; + } + } + /* Test multiple occurrences of same cipher suite. */ + ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + wolfSSL_free(ssl); + ssl = NULL; + + /* Set client order opposite to server order: + * TLS13-AES128-GCM-SHA256:TLS13-AES256-GCM-SHA384 */ + clientHello[csOff + 0] = TLS13_BYTE; + clientHello[csOff + 1] = TLS_AES_128_GCM_SHA256; + clientHello[csOff + 2] = TLS13_BYTE; + clientHello[csOff + 3] = TLS_AES_256_GCM_SHA384; + + /* Test server order negotiation. */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + msg.buffer = clientHello; + msg.length = (unsigned int)sizeof(clientHello); + wolfSSL_SetIOReadCtx(ssl, &msg); + /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */ + ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS); + /* Negotiate cipher suites in server order: TLS13-AES256-GCM-SHA384 */ + ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + /* Check refined order - server order. */ + ExpectIntEQ(ssl->suites->suiteSz, 4); + ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE); + ExpectIntEQ(ssl->suites->suites[1], TLS_AES_256_GCM_SHA384); + ExpectIntEQ(ssl->suites->suites[2], TLS13_BYTE); + ExpectIntEQ(ssl->suites->suites[3], TLS_AES_128_GCM_SHA256); + wolfSSL_free(ssl); + ssl = NULL; + + /* Test client order negotiation. */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + msg.buffer = clientHello; + msg.length = (unsigned int)sizeof(clientHello); + wolfSSL_SetIOReadCtx(ssl, &msg); + /* Server order: TLS13-AES256-GCM-SHA384:TLS13-AES128-GCM-SHA256 */ + ExpectIntEQ(wolfSSL_set_cipher_list(ssl, serverCs), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_UseClientSuites(ssl), 0); + /* Negotiate cipher suites in client order: TLS13-AES128-GCM-SHA256 */ + ExpectIntEQ(wolfSSL_accept_TLSv13(ssl), + WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)); + /* Check refined order - client order. */ + ExpectIntEQ(ssl->suites->suiteSz, 4); + ExpectIntEQ(ssl->suites->suites[0], TLS13_BYTE); + ExpectIntEQ(ssl->suites->suites[1], TLS_AES_128_GCM_SHA256); + ExpectIntEQ(ssl->suites->suites[2], TLS13_BYTE); + ExpectIntEQ(ssl->suites->suites[3], TLS_AES_256_GCM_SHA384); + wolfSSL_free(ssl); + ssl = NULL; + + /* Check duplicate detection is working. */ + ExpectIntEQ(wolfSSL_CTX_set_cipher_list(ctx, dupCs), WOLFSSL_SUCCESS); + ExpectIntEQ(ctx->suites->suiteSz, 4); + ExpectIntEQ(ctx->suites->suites[0], TLS13_BYTE); + ExpectIntEQ(ctx->suites->suites[1], TLS_AES_128_GCM_SHA256); + ExpectIntEQ(ctx->suites->suites[2], TLS13_BYTE); + ExpectIntEQ(ctx->suites->suites[3], TLS_AES_256_GCM_SHA384); + +#if defined(OPENSSL_EXTRA) || defined(WOLFSSL_SET_CIPHER_BYTES) + ExpectIntEQ(wolfSSL_CTX_set_cipher_list_bytes(ctx, dupCsBytes, + sizeof(dupCsBytes)), WOLFSSL_SUCCESS); + ExpectIntEQ(ctx->suites->suiteSz, 4); + ExpectIntEQ(ctx->suites->suites[0], TLS13_BYTE); + ExpectIntEQ(ctx->suites->suites[1], TLS_AES_256_GCM_SHA384); + ExpectIntEQ(ctx->suites->suites[2], TLS13_BYTE); + ExpectIntEQ(ctx->suites->suites[3], TLS_AES_128_GCM_SHA256); +#endif + + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + + +#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\ + && !defined(NO_PSK) +static unsigned int test_tls13_bad_psk_binder_client_cb(WOLFSSL* ssl, + const char* hint, char* identity, unsigned int id_max_len, + unsigned char* key, unsigned int key_max_len) +{ + (void)ssl; + (void)hint; + (void)key_max_len; + + /* see internal.h MAX_PSK_ID_LEN for PSK identity limit */ + XSTRNCPY(identity, "Client_identity", id_max_len); + + key[0] = 0x20; + return 1; +} + +static unsigned int test_tls13_bad_psk_binder_server_cb(WOLFSSL* ssl, + const char* id, unsigned char* key, unsigned int key_max_len) +{ + (void)ssl; + (void)id; + (void)key_max_len; + /* zero means error */ + key[0] = 0x10; + return 1; +} +#endif + +int test_tls13_bad_psk_binder(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES)\ + && !defined(NO_PSK) + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + struct test_memio_ctx test_ctx; + WOLFSSL_ALERT_HISTORY h; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method), 0); + + wolfSSL_set_psk_client_callback(ssl_c, test_tls13_bad_psk_binder_client_cb); + wolfSSL_set_psk_server_callback(ssl_s, test_tls13_bad_psk_binder_server_cb); + + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WOLFSSL_ERROR_WANT_READ); + + ExpectIntNE(wolfSSL_accept(ssl_s), WOLFSSL_SUCCESS); + ExpectIntEQ( wolfSSL_get_error(ssl_s, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WC_NO_ERR_TRACE(BAD_BINDER)); + + ExpectIntNE(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_get_error(ssl_c, WC_NO_ERR_TRACE(WOLFSSL_FATAL_ERROR)), + WC_NO_ERR_TRACE(FATAL_ERROR)); + ExpectIntEQ(wolfSSL_get_alert_history(ssl_c, &h), WOLFSSL_SUCCESS); + ExpectIntEQ(h.last_rx.code, illegal_parameter); + ExpectIntEQ(h.last_rx.level, alert_fatal); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + + +#if defined(HAVE_RPK) && !defined(NO_TLS) + +#define svrRpkCertFile "./certs/rpk/server-cert-rpk.der" +#define clntRpkCertFile "./certs/rpk/client-cert-rpk.der" + +#if defined(WOLFSSL_ALWAYS_VERIFY_CB) && defined(WOLFSSL_TLS13) +static int MyRpkVerifyCb(int mode, WOLFSSL_X509_STORE_CTX* strctx) +{ + int ret = WOLFSSL_SUCCESS; + (void)mode; + (void)strctx; + WOLFSSL_ENTER("MyRpkVerifyCb"); + return ret; +} +#endif /* WOLFSSL_ALWAYS_VERIFY_CB && WOLFSSL_TLS13 */ + +static WC_INLINE int test_rpk_memio_setup( + struct test_memio_ctx *ctx, + WOLFSSL_CTX **ctx_c, + WOLFSSL_CTX **ctx_s, + WOLFSSL **ssl_c, + WOLFSSL **ssl_s, + method_provider method_c, + method_provider method_s, + const char* certfile_c, int fmt_cc, /* client cert file path and format */ + const char* certfile_s, int fmt_cs, /* server cert file path and format */ + const char* pkey_c, int fmt_kc, /* client private key and format */ + const char* pkey_s, int fmt_ks /* server private key and format */ + ) +{ + int ret; + if (ctx_c != NULL && *ctx_c == NULL) { + *ctx_c = wolfSSL_CTX_new(method_c()); + if (*ctx_c == NULL) { + return -1; + } + wolfSSL_CTX_set_verify(*ctx_c, WOLFSSL_VERIFY_PEER, NULL); + + ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0); + if (ret != WOLFSSL_SUCCESS) { + return -1; + } + wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb); + wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb); + + ret = wolfSSL_CTX_use_certificate_file(*ctx_c, certfile_c, fmt_cc); + if (ret != WOLFSSL_SUCCESS) { + return -1; + } + ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_c, pkey_c, fmt_kc); + if (ret != WOLFSSL_SUCCESS) { + return -1; + } + } + + if (ctx_s != NULL && *ctx_s == NULL) { + *ctx_s = wolfSSL_CTX_new(method_s()); + if (*ctx_s == NULL) { + return -1; + } + wolfSSL_CTX_set_verify(*ctx_s, WOLFSSL_VERIFY_PEER, NULL); + + ret = wolfSSL_CTX_load_verify_locations(*ctx_s, cliCertFile, 0); + if (ret != WOLFSSL_SUCCESS) { + return -1; + } + + ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, pkey_s, fmt_ks); + if (ret != WOLFSSL_SUCCESS) { + return -1; + } + ret = wolfSSL_CTX_use_certificate_file(*ctx_s, certfile_s, fmt_cs); + if (ret != WOLFSSL_SUCCESS) { + return -1; + } + wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb); + wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb); + if (ctx->s_ciphers != NULL) { + ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers); + if (ret != WOLFSSL_SUCCESS) { + return -1; + } + } + } + + if (ctx_c != NULL && ssl_c != NULL) { + *ssl_c = wolfSSL_new(*ctx_c); + if (*ssl_c == NULL) { + return -1; + } + wolfSSL_SetIOWriteCtx(*ssl_c, ctx); + wolfSSL_SetIOReadCtx(*ssl_c, ctx); + } + if (ctx_s != NULL && ssl_s != NULL) { + *ssl_s = wolfSSL_new(*ctx_s); + if (*ssl_s == NULL) { + return -1; + } + wolfSSL_SetIOWriteCtx(*ssl_s, ctx); + wolfSSL_SetIOReadCtx(*ssl_s, ctx); +#if !defined(NO_DH) + SetDH(*ssl_s); +#endif + } + + return 0; +} +#endif /* HAVE_RPK && !NO_TLS */ + + +int test_tls13_rpk_handshake(void) +{ + EXPECT_DECLS; +#if defined(HAVE_RPK) && (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13)) +#ifdef WOLFSSL_TLS13 + int ret = 0; +#endif + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + struct test_memio_ctx test_ctx; + int err; + char certType_c[MAX_CLIENT_CERT_TYPE_CNT]; + char certType_s[MAX_CLIENT_CERT_TYPE_CNT]; + int typeCnt_c; + int typeCnt_s; + int tp = 0; +#if defined(WOLFSSL_ALWAYS_VERIFY_CB) && defined(WOLFSSL_TLS13) + int isServer; +#endif + + (void)err; + (void)typeCnt_c; + (void)typeCnt_s; + (void)certType_c; + (void)certType_s; + +#ifndef WOLFSSL_NO_TLS12 + /* TLS1.2 + * Both client and server load x509 cert and start handshaking. + * Check no negotiation occurred. + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, + cliCertFile, CERT_FILETYPE, + svrCertFile, CERT_FILETYPE, + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE) + , 0); + + + /* set client certificate type in client end */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_c = 2; + + certType_s[0] = WOLFSSL_CERT_TYPE_RPK; + certType_s[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_s = 2; + + /* both client and server do not call client/server_cert_type APIs, + * expecting default settings works and no negotiation performed. + */ + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* confirm no negotiation occurred */ + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ((int)tp, WOLFSSL_CERT_TYPE_UNKNOWN); + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + (void)typeCnt_c; + (void)typeCnt_s; + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; +#endif + +#ifdef WOLFSSL_TLS13 + /* Both client and server load x509 cert and start handshaking. + * Check no negotiation occurred. + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + cliCertFile, CERT_FILETYPE, + svrCertFile, CERT_FILETYPE, + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE ) + , 0); + + /* set client certificate type in client end */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_c = 2; + + certType_s[0] = WOLFSSL_CERT_TYPE_RPK; + certType_s[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_s = 2; + + /* both client and server do not call client/server_cert_type APIs, + * expecting default settings works and no negotiation performed. + */ + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + /* confirm no negotiation occurred */ + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ((int)tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + (void)typeCnt_c; + (void)typeCnt_s; + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; + + + /* Both client and server load RPK cert and start handshaking. + * Confirm negotiated cert types match as expected. + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, + svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE ) + , 0); + + /* set client certificate type in client end */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_c = 2; + + certType_s[0] = WOLFSSL_CERT_TYPE_RPK; + certType_s[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_s = 2; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* set server certificate type in client end */ + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* set client certificate type in server end */ + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* set server certificate type in server end */ + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; +#endif + + +#ifndef WOLFSSL_NO_TLS12 + /* TLS1.2 + * Both client and server load RPK cert and start handshaking. + * Confirm negotiated cert types match as expected. + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, + clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, + svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE ) + , 0); + + /* set client certificate type in client end */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_c = 2; + + certType_s[0] = WOLFSSL_CERT_TYPE_RPK; + certType_s[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_s = 2; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* set server certificate type in client end */ + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* set client certificate type in server end */ + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* set server certificate type in server end */ + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0) + return TEST_FAIL; + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; +#endif + + +#ifdef WOLFSSL_TLS13 + /* Both client and server load x509 cert. + * Have client call set_client_cert_type with both RPK and x509. + * This doesn't makes client add client cert type extension to ClientHello, + * since it does not load RPK cert actually. + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + cliCertFile, CERT_FILETYPE, + svrCertFile, CERT_FILETYPE, + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE ) + , 0); + + /* set client certificate type in client end + * + * client indicates both RPK and x509 certs are available but loaded RPK + * cert only. It does not have client add client-cert-type extension in CH. + */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_c = 2; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* client indicates both RPK and x509 certs are acceptable */ + certType_s[0] = WOLFSSL_CERT_TYPE_RPK; + certType_s[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_s = 2; + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* server indicates both RPK and x509 certs are acceptable */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_c = 2; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* server should indicate only RPK cert is available */ + certType_s[0] = WOLFSSL_CERT_TYPE_X509; + certType_s[1] = -1; + typeCnt_s = 1; + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0) + return TEST_FAIL; + + /* Negotiation for client-cert-type should NOT happen. Therefore -1 should + * be returned as cert type. + */ + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; + + + /* Have client load RPK cert and have server load x509 cert. + * Check the negotiation result from both ends. + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, + svrCertFile, CERT_FILETYPE, + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE ) + , 0); + + /* have client tell to use RPK cert */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = -1; + typeCnt_c = 1; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* have client tell to accept both RPK and x509 cert */ + certType_s[0] = WOLFSSL_CERT_TYPE_X509; + certType_s[1] = WOLFSSL_CERT_TYPE_RPK; + typeCnt_s = 2; + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* have server accept to both RPK and x509 cert */ + certType_c[0] = WOLFSSL_CERT_TYPE_X509; + certType_c[1] = WOLFSSL_CERT_TYPE_RPK; + typeCnt_c = 2; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* does not call wolfSSL_set_server_cert_type intentionally in sesrver + * end, expecting the default setting works. + */ + + + if (test_memio_do_handshake(ssl_c, ssl_s, 10, NULL) != 0) + return TEST_FAIL; + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; + + + /* Have both client and server load RPK cert, however, have server + * indicate its cert type x509. + * Client is expected to detect the cert type mismatch then to send alert + * with "unsupported_certificate". + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, + svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, /* server sends RPK cert */ + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE ) + , 0); + + /* have client tell to use RPK cert */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = -1; + typeCnt_c = 1; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* have client tell to accept both RPK and x509 cert */ + certType_s[0] = WOLFSSL_CERT_TYPE_X509; + certType_s[1] = WOLFSSL_CERT_TYPE_RPK; + typeCnt_s = 2; + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* have server accept to both RPK and x509 cert */ + certType_c[0] = WOLFSSL_CERT_TYPE_X509; + certType_c[1] = WOLFSSL_CERT_TYPE_RPK; + typeCnt_c = 2; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* have server tell to use x509 cert intentionally. This will bring + * certificate type mismatch in client side. + */ + certType_s[0] = WOLFSSL_CERT_TYPE_X509; + certType_s[1] = -1; + typeCnt_s = 1; + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* expect client detect cert type mismatch then send Alert */ + ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); + if (ret != -1) + return TEST_FAIL; + + ExpectIntEQ(wolfSSL_get_error(ssl_c, ret), + WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE)); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; + + + /* Have client load x509 cert and server load RPK cert, + * however, have client indicate its cert type RPK. + * Server is expected to detect the cert type mismatch then to send alert + * with "unsupported_certificate". + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + cliCertFile, CERT_FILETYPE, + svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE ) + , 0); + + /* have client tell to use RPK cert intentionally */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = -1; + typeCnt_c = 1; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* have client tell to accept both RPK and x509 cert */ + certType_s[0] = WOLFSSL_CERT_TYPE_X509; + certType_s[1] = WOLFSSL_CERT_TYPE_RPK; + typeCnt_s = 2; + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* have server accept to both RPK and x509 cert */ + certType_c[0] = WOLFSSL_CERT_TYPE_X509; + certType_c[1] = WOLFSSL_CERT_TYPE_RPK; + typeCnt_c = 2; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* have server tell to use x509 cert intentionally. This will bring + * certificate type mismatch in client side. + */ + certType_s[0] = WOLFSSL_CERT_TYPE_X509; + certType_s[1] = -1; + typeCnt_s = 1; + + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); + + /* expect server detect cert type mismatch then send Alert */ + ExpectIntNE(ret, 0); + err = wolfSSL_get_error(ssl_c, ret); + ExpectIntEQ(err, WC_NO_ERR_TRACE(UNSUPPORTED_CERTIFICATE)); + + /* client did not load RPK cert actually, so negotiation did not happen */ + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); + + /* client did not load RPK cert actually, so negotiation did not happen */ + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_UNKNOWN); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_X509); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; + + +#if defined(WOLFSSL_ALWAYS_VERIFY_CB) + /* Both client and server load RPK cert and set certificate verify + * callbacks then start handshaking. + * Confirm both side can refer the peer's cert. + */ + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ( + test_rpk_memio_setup( + &test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + clntRpkCertFile, WOLFSSL_FILETYPE_ASN1, + svrRpkCertFile, WOLFSSL_FILETYPE_ASN1, + cliKeyFile, CERT_FILETYPE, + svrKeyFile, CERT_FILETYPE ) + , 0); + + /* set client certificate type in client end */ + certType_c[0] = WOLFSSL_CERT_TYPE_RPK; + certType_c[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_c = 2; + + certType_s[0] = WOLFSSL_CERT_TYPE_RPK; + certType_s[1] = WOLFSSL_CERT_TYPE_X509; + typeCnt_s = 2; + + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_c, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* set server certificate type in client end */ + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_c, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* set client certificate type in server end */ + ExpectIntEQ(wolfSSL_set_client_cert_type(ssl_s, certType_c, typeCnt_c), + WOLFSSL_SUCCESS); + + /* set server certificate type in server end */ + ExpectIntEQ(wolfSSL_set_server_cert_type(ssl_s, certType_s, typeCnt_s), + WOLFSSL_SUCCESS); + + /* set certificate verify callback to both client and server */ + isServer = 0; + wolfSSL_SetCertCbCtx(ssl_c, &isServer); + wolfSSL_set_verify(ssl_c, SSL_VERIFY_PEER, MyRpkVerifyCb); + + isServer = 1; + wolfSSL_SetCertCbCtx(ssl_c, &isServer); + wolfSSL_set_verify(ssl_s, SSL_VERIFY_PEER, MyRpkVerifyCb); + + ret = test_memio_do_handshake(ssl_c, ssl_s, 10, NULL); + if (ret != 0) + return TEST_FAIL; + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_c, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_client_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + ExpectIntEQ(wolfSSL_get_negotiated_server_cert_type(ssl_s, &tp), + WOLFSSL_SUCCESS); + ExpectIntEQ(tp, WOLFSSL_CERT_TYPE_RPK); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_s); + ssl_c = ssl_s = NULL; + ctx_c = ctx_s = NULL; +#endif /* WOLFSSL_ALWAYS_VERIFY_CB */ +#endif /* WOLFSSL_TLS13 */ + +#endif /* HAVE_RPK && (!WOLFSSL_NO_TLS12 || WOLFSSL_TLS13) */ + return EXPECT_RESULT(); +} + + +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \ + defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) +static void test_tls13_pq_groups_ctx_ready(WOLFSSL_CTX* ctx) +{ +#ifndef WOLFSSL_NO_ML_KEM_1024 +#ifdef WOLFSSL_MLKEM_KYBER + int group = WOLFSSL_KYBER_LEVEL5; +#else + int group = WOLFSSL_ML_KEM_1024; +#endif /* WOLFSSL_MLKEM_KYBER */ +#elif !defined(WOLFSSL_NO_ML_KEM_768) +#ifdef WOLFSSL_MLKEM_KYBER + int group = WOLFSSL_KYBER_LEVEL3; +#else + int group = WOLFSSL_ML_KEM_768; +#endif /* WOLFSSL_MLKEM_KYBER */ +#else +#ifdef WOLFSSL_MLKEM_KYBER + int group = WOLFSSL_KYBER_LEVEL1; +#else + int group = WOLFSSL_ML_KEM_512; +#endif /* WOLFSSL_MLKEM_KYBER */ +#endif + + AssertIntEQ(wolfSSL_CTX_set_groups(ctx, &group, 1), WOLFSSL_SUCCESS); +} + +static void test_tls13_pq_groups_on_result(WOLFSSL* ssl) +{ +#ifndef WOLFSSL_NO_ML_KEM_1024 +#ifdef WOLFSSL_MLKEM_KYBER + AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL5"); +#else + AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_1024"); +#endif /* WOLFSSL_MLKEM_KYBER */ +#elif !defined(WOLFSSL_NO_ML_KEM_768) +#ifdef WOLFSSL_MLKEM_KYBER + AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL3"); +#else + AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_768"); +#endif /* WOLFSSL_MLKEM_KYBER */ +#else +#ifdef WOLFSSL_MLKEM_KYBER + AssertStrEQ(wolfSSL_get_curve_name(ssl), "KYBER_LEVEL1"); +#else + AssertStrEQ(wolfSSL_get_curve_name(ssl), "ML_KEM_512"); +#endif /* WOLFSSL_MLKEM_KYBER */ +#endif +} +#endif + +int test_tls13_pq_groups(void) +{ + EXPECT_DECLS; +#if defined(HAVE_IO_TESTS_DEPENDENCIES) && defined(WOLFSSL_TLS13) && \ + defined(WOLFSSL_HAVE_MLKEM) && !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) + callback_functions func_cb_client; + callback_functions func_cb_server; + + XMEMSET(&func_cb_client, 0, sizeof(callback_functions)); + XMEMSET(&func_cb_server, 0, sizeof(callback_functions)); + + func_cb_client.method = wolfTLSv1_3_client_method; + func_cb_server.method = wolfTLSv1_3_server_method; + func_cb_client.ctx_ready = test_tls13_pq_groups_ctx_ready; + func_cb_client.on_result = test_tls13_pq_groups_on_result; + func_cb_server.on_result = test_tls13_pq_groups_on_result; + + test_wolfSSL_client_server_nofail(&func_cb_client, &func_cb_server); + + ExpectIntEQ(func_cb_client.return_code, TEST_SUCCESS); + ExpectIntEQ(func_cb_server.return_code, TEST_SUCCESS); +#endif + return EXPECT_RESULT(); +} + +int test_tls13_early_data(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_EARLY_DATA) && defined(HAVE_SESSION_TICKET) + int written = 0; + int read = 0; + size_t i; + int splitEarlyData; + char msg[] = "This is early data"; + char msg2[] = "This is client data"; + char msg3[] = "This is server data"; + char msg4[] = "This is server immediate data"; + char msgBuf[50]; + struct { + method_provider client_meth; + method_provider server_meth; + const char* tls_version; + int isUdp; + } params[] = { +#ifdef WOLFSSL_TLS13 + { wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, + "TLS 1.3", 0 }, +#endif +#ifdef WOLFSSL_DTLS13 + { wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, + "DTLS 1.3", 1 }, +#endif + }; + + for (i = 0; i < sizeof(params)/sizeof(*params) && !EXPECT_FAIL(); i++) { + for (splitEarlyData = 0; splitEarlyData < 2; splitEarlyData++) { + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + WOLFSSL_SESSION *sess = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + fprintf(stderr, "\tEarly data with %s\n", params[i].tls_version); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, + &ssl_s, params[i].client_meth, params[i].server_meth), 0); + + /* Get a ticket so that we can do 0-RTT on the next connection */ + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + /* Make sure we read the ticket */ + ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectNotNull(sess = wolfSSL_get1_session(ssl_c)); + + wolfSSL_free(ssl_c); + ssl_c = NULL; + wolfSSL_free(ssl_s); + ssl_s = NULL; + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, + &ssl_s, params[i].client_meth, params[i].server_meth), 0); + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_set_session(ssl_c, sess), WOLFSSL_SUCCESS); +#ifdef WOLFSSL_DTLS13 + if (params[i].isUdp) { + wolfSSL_SetLoggingPrefix("server"); +#ifdef WOLFSSL_DTLS13_NO_HRR_ON_RESUME + ExpectIntEQ(wolfSSL_dtls13_no_hrr_on_resume(ssl_s, 1), + WOLFSSL_SUCCESS); +#else + /* Let's test this but we generally don't recommend turning off + * the cookie exchange */ + ExpectIntEQ(wolfSSL_disable_hrr_cookie(ssl_s), WOLFSSL_SUCCESS); +#endif + } +#endif + + /* Test 0-RTT data */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg), + &written), sizeof(msg)); + ExpectIntEQ(written, sizeof(msg)); + + if (splitEarlyData) { + ExpectIntEQ(wolfSSL_write_early_data(ssl_c, msg, sizeof(msg), + &written), sizeof(msg)); + ExpectIntEQ(written, sizeof(msg)); + } + + /* Read first 0-RTT data (if split otherwise entire data) */ + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, sizeof(msgBuf), + &read), sizeof(msg)); + ExpectIntEQ(read, sizeof(msg)); + ExpectStrEQ(msg, msgBuf); + + /* Test 0.5-RTT data */ + ExpectIntEQ(wolfSSL_write(ssl_s, msg4, sizeof(msg4)), sizeof(msg4)); + + if (splitEarlyData) { + /* Read second 0-RTT data */ + ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, + sizeof(msgBuf), &read), sizeof(msg)); + ExpectIntEQ(read, sizeof(msg)); + ExpectStrEQ(msg, msgBuf); + } + + if (params[i].isUdp) { + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), + WC_NO_ERR_TRACE(APP_DATA_READY)); + + /* Read server 0.5-RTT data */ + ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), + sizeof(msg4)); + ExpectStrEQ(msg4, msgBuf); + + /* Complete handshake */ + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), + WOLFSSL_ERROR_WANT_READ); + /* Use wolfSSL_is_init_finished to check if handshake is + * complete. Normally a user would loop until it is true but + * here we control both sides so we just assert the expected + * value. wolfSSL_read_early_data does not provide handshake + * status to us with non-blocking IO and we can't use + * wolfSSL_accept as TLS layer may return ZERO_RETURN due to + * early data parsing logic. */ + wolfSSL_SetLoggingPrefix("server"); + ExpectFalse(wolfSSL_is_init_finished(ssl_s)); + ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, + sizeof(msgBuf), &read), 0); + ExpectIntEQ(read, 0); + ExpectTrue(wolfSSL_is_init_finished(ssl_s)); + + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + } + else { + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_connect(ssl_c), WOLFSSL_SUCCESS); + + wolfSSL_SetLoggingPrefix("server"); + ExpectFalse(wolfSSL_is_init_finished(ssl_s)); + ExpectIntEQ(wolfSSL_read_early_data(ssl_s, msgBuf, + sizeof(msgBuf), &read), 0); + ExpectIntEQ(read, 0); + ExpectTrue(wolfSSL_is_init_finished(ssl_s)); + + /* Read server 0.5-RTT data */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), + sizeof(msg4)); + ExpectStrEQ(msg4, msgBuf); + } + + /* Test bi-directional write */ + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_write(ssl_c, msg2, sizeof(msg2)), sizeof(msg2)); + wolfSSL_SetLoggingPrefix("server"); + ExpectIntEQ(wolfSSL_read(ssl_s, msgBuf, sizeof(msgBuf)), + sizeof(msg2)); + ExpectStrEQ(msg2, msgBuf); + ExpectIntEQ(wolfSSL_write(ssl_s, msg3, sizeof(msg3)), sizeof(msg3)); + wolfSSL_SetLoggingPrefix("client"); + ExpectIntEQ(wolfSSL_read(ssl_c, msgBuf, sizeof(msgBuf)), + sizeof(msg3)); + ExpectStrEQ(msg3, msgBuf); + + wolfSSL_SetLoggingPrefix(NULL); + ExpectTrue(wolfSSL_session_reused(ssl_c)); + ExpectTrue(wolfSSL_session_reused(ssl_s)); + + wolfSSL_SESSION_free(sess); + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + } + } +#endif + return EXPECT_RESULT(); +} + + +/* Check that the client won't send the same CH after a HRR. An HRR without + * a KeyShare or a Cookie extension will trigger the error. */ +int test_tls13_same_ch(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_TLS13) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AESGCM) && !defined(NO_SHA256) && \ + /* middlebox compat requires that the session ID is echoed */ \ + !defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL *ssl_c = NULL; + struct test_memio_ctx test_ctx; + /* Transport Layer Security + * TLSv1.3 Record Layer: Handshake Protocol: Hello Retry Request + * Content Type: Handshake (22) + * Version: TLS 1.2 (0x0303) + * Length: 50 + * Handshake Protocol: Hello Retry Request + * Handshake Type: Server Hello (2) + * Length: 46 + * Version: TLS 1.2 (0x0303) + * Random: cf21ad74e59a6111be1d8c021e65b891c2a211167abb8c5e079e09e2c8a8339c (HelloRetryRequest magic) + * Session ID Length: 0 + * Cipher Suite: TLS_AES_128_GCM_SHA256 (0x1301) + * Compression Method: null (0) + * Extensions Length: 6 + * Extension: supported_versions (len=2) TLS 1.3 */ + unsigned char hrr[] = { + 0x16, 0x03, 0x03, 0x00, 0x32, 0x02, 0x00, 0x00, 0x2e, 0x03, 0x03, 0xcf, + 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02, 0x1e, + 0x65, 0xb8, 0x91, 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e, 0x07, + 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c, 0x00, 0x13, 0x01, 0x00, 0x00, + 0x06, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04 + }; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL, + wolfTLSv1_3_client_method, NULL), 0); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 1, (char*)hrr, + sizeof(hrr)), 0); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), DUPLICATE_MSG_E); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); +#endif + return EXPECT_RESULT(); +} + +int test_tls13_hrr_different_cs(void) +{ + EXPECT_DECLS; +#if defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(WOLFSSL_TLS13) && \ + defined(BUILD_TLS_AES_256_GCM_SHA384) && \ + defined(BUILD_TLS_CHACHA20_POLY1305_SHA256) && \ + defined(HAVE_ECC) && defined(HAVE_ECC384) && \ + !defined(WOLFSSL_TLS13_MIDDLEBOX_COMPAT) + /* + * TLSv1.3 Record Layer: Handshake Protocol: Hello Retry Request + * Content Type: Handshake (22) + * Version: TLS 1.2 (0x0303) + * Length: 56 + * Handshake Protocol: Hello Retry Request + * Handshake Type: Server Hello (2) + * Length: 52 + * Version: TLS 1.2 (0x0303) + * Random: cf21ad74e59a6111be1d8c021e65b891c2a211167abb8c5e079e09e2c8a8339c (HelloRetryRequest magic) + * Session ID Length: 0 + * Cipher Suite: TLS_AES_256_GCM_SHA384 (0x1302) + * Compression Method: null (0) + * Extensions Length: 12 + * Extension: supported_versions (len=2) TLS 1.3 + * Extension: key_share (len=2) secp384r1 + * + */ + unsigned char hrr[] = { + 0x16, 0x03, 0x03, 0x00, 0x38, 0x02, 0x00, 0x00, 0x34, 0x03, 0x03, 0xcf, + 0x21, 0xad, 0x74, 0xe5, 0x9a, 0x61, 0x11, 0xbe, 0x1d, 0x8c, 0x02, 0x1e, + 0x65, 0xb8, 0x91, 0xc2, 0xa2, 0x11, 0x16, 0x7a, 0xbb, 0x8c, 0x5e, 0x07, + 0x9e, 0x09, 0xe2, 0xc8, 0xa8, 0x33, 0x9c, 0x00, 0x13, 0x02, 0x00, 0x00, + 0x0c, 0x00, 0x2b, 0x00, 0x02, 0x03, 0x04, 0x00, 0x33, 0x00, 0x02, 0x00, + 0x18 + }; + /* + * TLSv1.3 Record Layer: Handshake Protocol: Server Hello + * Content Type: Handshake (22) + * Version: TLS 1.2 (0x0303) + * Length: 155 + * Handshake Protocol: Server Hello + * Handshake Type: Server Hello (2) + * Length: 151 + * Version: TLS 1.2 (0x0303) + * Random: 0101010101010101010101010101010101010101010101010101010101010101 + * Session ID Length: 0 + * Cipher Suite: TLS_CHACHA20_POLY1305_SHA256 (0x1303) + * Compression Method: null (0) + * Extensions Length: 111 + * Extension: key_share (len=101) secp384r1 + * Extension: supported_versions (len=2) TLS 1.3 + * + */ + unsigned char sh[] = { + 0x16, 0x03, 0x03, 0x00, 0x9b, 0x02, 0x00, 0x00, 0x97, 0x03, 0x03, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, + 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x00, 0x13, 0x03, 0x00, 0x00, + 0x6f, 0x00, 0x33, 0x00, 0x65, 0x00, 0x18, 0x00, 0x61, 0x04, 0x53, 0x3e, + 0xe5, 0xbf, 0x40, 0xec, 0x2d, 0x67, 0x98, 0x8b, 0x77, 0xf3, 0x17, 0x48, + 0x9b, 0xb6, 0xdf, 0x95, 0x29, 0x25, 0xc7, 0x09, 0xfc, 0x03, 0x81, 0x11, + 0x1a, 0x59, 0x56, 0xf2, 0xd7, 0x58, 0x11, 0x0e, 0x59, 0xd3, 0xd7, 0xc1, + 0x72, 0x9e, 0x2c, 0x0d, 0x70, 0xea, 0xf7, 0x73, 0xe6, 0x12, 0x01, 0x16, + 0x42, 0x6d, 0xe2, 0x43, 0x6a, 0x2f, 0x5f, 0xdd, 0x7f, 0xe5, 0x4f, 0xaf, + 0x95, 0x2b, 0x04, 0xfd, 0x13, 0xf5, 0x16, 0xce, 0x62, 0x7f, 0x89, 0xd2, + 0x01, 0x9d, 0x4c, 0x87, 0x96, 0x95, 0x9e, 0x43, 0x33, 0xc7, 0x06, 0x5b, + 0x49, 0x6c, 0xa6, 0x34, 0xd5, 0xdc, 0x63, 0xbd, 0xe9, 0x1f, 0x00, 0x2b, + 0x00, 0x02, 0x03, 0x04 + }; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL *ssl_c = NULL; + struct test_memio_ctx test_ctx; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, NULL, &ssl_c, NULL, + wolfTLSv1_3_client_method, NULL), 0); + + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 1, (char*)hrr, + sizeof(hrr)), 0); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(test_memio_inject_message(&test_ctx, 1, (char*)sh, + sizeof(sh)), 0); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), INVALID_PARAMETER); + + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_c); +#endif + return EXPECT_RESULT(); +} diff --git a/test/ssl/wolfssl/tests/api/test_tls13.h b/test/ssl/wolfssl/tests/api/test_tls13.h new file mode 100644 index 000000000..42a19073b --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_tls13.h @@ -0,0 +1,46 @@ +/* test_tls13.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_TLS13_H +#define WOLFCRYPT_TEST_TLS13_H + +#include + +int test_tls13_apis(void); +int test_tls13_cipher_suites(void); +int test_tls13_bad_psk_binder(void); +int test_tls13_rpk_handshake(void); +int test_tls13_pq_groups(void); +int test_tls13_early_data(void); +int test_tls13_same_ch(void); +int test_tls13_hrr_different_cs(void); + +#define TEST_TLS13_DECLS \ + TEST_DECL_GROUP("tls13", test_tls13_apis), \ + TEST_DECL_GROUP("tls13", test_tls13_cipher_suites), \ + TEST_DECL_GROUP("tls13", test_tls13_bad_psk_binder), \ + TEST_DECL_GROUP("tls13", test_tls13_rpk_handshake), \ + TEST_DECL_GROUP("tls13", test_tls13_pq_groups), \ + TEST_DECL_GROUP("tls13", test_tls13_early_data), \ + TEST_DECL_GROUP("tls13", test_tls13_same_ch), \ + TEST_DECL_GROUP("tls13", test_tls13_hrr_different_cs) + +#endif /* WOLFCRYPT_TEST_TLS13_H */ diff --git a/test/ssl/wolfssl/tests/api/test_tls_ext.c b/test/ssl/wolfssl/tests/api/test_tls_ext.c new file mode 100644 index 000000000..cf1505850 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_tls_ext.c @@ -0,0 +1,415 @@ +/* test_tls_ext.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include + +int test_tls_ems_downgrade(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_TLS13) && !defined(WOLFSSL_NO_TLS12) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) && \ + defined(HAVE_SESSION_TICKET) && !defined(WOLFSSL_NO_DEF_TICKET_ENC_CB) + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL; + WOLFSSL_CTX *ctx_s = NULL; + WOLFSSL *ssl_c = NULL; + WOLFSSL *ssl_s = NULL; + WOLFSSL_SESSION* session = NULL; + /* TLS EMS extension in binary form */ + const char ems_ext[] = { 0x00, 0x17, 0x00, 0x00 }; + char data = 0; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLS_client_method, wolfTLS_server_method), 0); + + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + /* Verify that the EMS extension is present in Client's message */ + ExpectNotNull(mymemmem(test_ctx.s_buff, test_ctx.s_len, + ems_ext, sizeof(ems_ext))); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + ExpectIntEQ(wolfSSL_version(ssl_c), TLS1_3_VERSION); + + /* Do a round of reads to exchange the ticket message */ + ExpectIntEQ(wolfSSL_read(ssl_s, &data, sizeof(data)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_s, -1), WOLFSSL_ERROR_WANT_READ); + ExpectIntEQ(wolfSSL_read(ssl_c, &data, sizeof(data)), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + ExpectNotNull(session = wolfSSL_get1_session(ssl_c)); + ExpectTrue(session->haveEMS); + + wolfSSL_free(ssl_c); + ssl_c = NULL; + wolfSSL_free(ssl_s); + ssl_s = NULL; + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLS_client_method, wolfTLS_server_method), 0); + + /* Resuming the connection */ + ExpectIntEQ(wolfSSL_set_session(ssl_c, session), WOLFSSL_SUCCESS); + ExpectIntEQ(wolfSSL_connect(ssl_c), -1); + ExpectIntEQ(wolfSSL_get_error(ssl_c, -1), WOLFSSL_ERROR_WANT_READ); + + /* Verify that the EMS extension is still present in the resumption CH + * even though we used TLS 1.3 */ + ExpectNotNull(mymemmem(test_ctx.s_buff, test_ctx.s_len, + ems_ext, sizeof(ems_ext))); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + ExpectIntEQ(wolfSSL_version(ssl_c), TLS1_3_VERSION); + + wolfSSL_SESSION_free(session); + wolfSSL_free(ssl_c); + wolfSSL_free(ssl_s); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); +#endif + return EXPECT_RESULT(); +} + + +int test_wolfSSL_DisableExtendedMasterSecret(void) +{ + EXPECT_DECLS; +#if defined(HAVE_EXTENDED_MASTER) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_TLS) + WOLFSSL_CTX *ctx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + WOLFSSL *ssl = wolfSSL_new(ctx); + + ExpectNotNull(ctx); + ExpectNotNull(ssl); + + /* error cases */ + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(NULL)); + ExpectIntNE(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(NULL)); + + /* success cases */ + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_CTX_DisableExtendedMasterSecret(ctx)); + ExpectIntEQ(WOLFSSL_SUCCESS, wolfSSL_DisableExtendedMasterSecret(ssl)); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); +#endif + return EXPECT_RESULT(); +} + + +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(WOLFSSL_NO_CA_NAMES) && !defined(NO_BIO) && \ + !defined(NO_CERTS) && !defined(NO_TLS) && (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) && (defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \ + (defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12)) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) +struct client_cb_arg { + WOLF_STACK_OF(X509_NAME) *names1; + WOLF_STACK_OF(X509_NAME) *names2; +}; + +static int certificate_authorities_client_cb(WOLFSSL *ssl, void *_arg) { + struct client_cb_arg *arg = (struct client_cb_arg *)_arg; + arg->names1 = wolfSSL_get_client_CA_list(ssl); + arg->names2 = wolfSSL_get0_peer_CA_list(ssl); + + if (!wolfSSL_use_certificate_file(ssl, cliCertFile, SSL_FILETYPE_PEM)) + return 0; + if (!wolfSSL_use_PrivateKey_file(ssl, cliKeyFile, SSL_FILETYPE_PEM)) + return 0; + return 1; +} +#endif + +int test_certificate_authorities_certificate_request(void) { + EXPECT_DECLS; +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(WOLFSSL_NO_CA_NAMES) && !defined(NO_BIO) && \ + !defined(NO_CERTS) && !defined(NO_TLS) && (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) && (defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \ + (defined(WOLFSSL_TLS13) || !defined(WOLFSSL_NO_TLS12)) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) + struct test_params { + method_provider client_meth; + method_provider server_meth; + int doUdp; + } params[] = { +#ifdef WOLFSSL_TLS13 + /* TLS 1.3 uses certificate_authorities extension */ + {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, 0}, +#endif +#if !defined(WOLFSSL_NO_TLS12) && (defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) + /* TLS 1.2 directly embeds CA names in CertificateRequest */ + {wolfTLSv1_2_client_method, wolfTLSv1_2_server_method, 0}, +#endif +#ifdef WOLFSSL_DTLS13 + {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, 1}, +#endif +#if defined(WOLFSSL_DTLS) && (defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) + {wolfDTLSv1_2_client_method, wolfDTLSv1_2_server_method, 1}, +#endif + }; + size_t i; + + for (i = 0; i < sizeof(params) / sizeof(*params); i++) { + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_srv = NULL; + WOLFSSL *ssl_srv = NULL; + WOLFSSL_CTX *ctx_cli = NULL; + WOLFSSL *ssl_cli = NULL; + WOLF_STACK_OF(X509_NAME) *names1 = NULL, *names2 = NULL; + X509_NAME *name = NULL; + struct client_cb_arg cb_arg = { NULL, NULL }; + const char *expected_names[] = { + "/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048" + "/CN=www.wolfssl.com/emailAddress=info@wolfssl.com", + "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting" + "/CN=www.wolfssl.com/emailAddress=info@wolfssl.com" + }; + + if (EXPECT_FAIL()) + break; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(0, test_memio_setup(&test_ctx, &ctx_cli, &ctx_srv, + &ssl_cli, NULL, params[i].client_meth, + params[i].server_meth)); + + wolfSSL_CTX_set_verify(ctx_srv, + SSL_VERIFY_PEER | SSL_VERIFY_FAIL_IF_NO_PEER_CERT, NULL); + ExpectIntEQ(WOLFSSL_SUCCESS, + wolfSSL_CTX_load_verify_locations(ctx_srv, cliCertFile, NULL)); + + ExpectNotNull(ssl_srv = wolfSSL_new(ctx_srv)); + wolfSSL_SetIOReadCtx(ssl_srv, &test_ctx); + wolfSSL_SetIOWriteCtx(ssl_srv, &test_ctx); + + names1 = wolfSSL_load_client_CA_file(cliCertFile); + ExpectNotNull(names1); + names2 = wolfSSL_load_client_CA_file(caCertFile); + ExpectNotNull(names2); + ExpectNotNull(name = wolfSSL_sk_X509_NAME_value(names2, 0)); + ExpectIntEQ(2, wolfSSL_sk_X509_NAME_push(names1, name)); + if (EXPECT_FAIL()) { + wolfSSL_X509_NAME_free(name); + name = NULL; + } + wolfSSL_sk_X509_NAME_free(names2); + names2 = wolfSSL_load_client_CA_file(caCertFile); + ExpectNotNull(names2); + + /* Check that client_CA_list and CA_list are separate internally */ + wolfSSL_CTX_set_client_CA_list(ctx_srv, names1); + wolfSSL_CTX_set0_CA_list(ctx_srv, names2); + ExpectNotNull(names1 = wolfSSL_CTX_get_client_CA_list(ctx_srv)); + ExpectNotNull(names2 = wolfSSL_CTX_get0_CA_list(ctx_srv)); + ExpectIntEQ(2, wolfSSL_sk_X509_NAME_num(names1)); + ExpectIntEQ(1, wolfSSL_sk_X509_NAME_num(names2)); + + /* Check that get_client_CA_list and get0_CA_list on ssl return same as + * ctx when not set */ + ExpectNotNull(names1 = wolfSSL_get_client_CA_list(ssl_srv)); + ExpectNotNull(names2 = wolfSSL_get0_CA_list(ssl_srv)); + ExpectIntEQ(2, wolfSSL_sk_X509_NAME_num(names1)); + ExpectIntEQ(1, wolfSSL_sk_X509_NAME_num(names2)); + + /* Same checks as before, but on ssl rather than ctx */ + names1 = wolfSSL_load_client_CA_file(cliCertFile); + ExpectNotNull(names1); + names2 = wolfSSL_load_client_CA_file(caCertFile); + ExpectNotNull(names2); + ExpectNotNull(name = wolfSSL_sk_X509_NAME_value(names2, 0)); + ExpectIntEQ(2, wolfSSL_sk_X509_NAME_push(names1, name)); + if (EXPECT_FAIL()) { + wolfSSL_X509_NAME_free(name); + name = NULL; + } + wolfSSL_sk_X509_NAME_free(names2); + names2 = wolfSSL_load_client_CA_file(caCertFile); + ExpectNotNull(names2); + + wolfSSL_set_client_CA_list(ssl_srv, names1); + wolfSSL_set0_CA_list(ssl_srv, names2); + ExpectNotNull(names1 = wolfSSL_get_client_CA_list(ssl_srv)); + ExpectNotNull(names2 = wolfSSL_get0_CA_list(ssl_srv)); + ExpectIntEQ(2, wolfSSL_sk_X509_NAME_num(names1)); + ExpectIntEQ(1, wolfSSL_sk_X509_NAME_num(names2)); + +#if !defined(NO_DH) + SetDH(ssl_srv); +#endif + + /* Certs will be loaded in callback */ + wolfSSL_CTX_set_cert_cb(ctx_cli, + certificate_authorities_client_cb, &cb_arg); + + ExpectIntEQ(0, test_memio_do_handshake(ssl_cli, ssl_srv, 10, NULL)); + + ExpectNotNull(cb_arg.names1); + ExpectNotNull(cb_arg.names2); + ExpectIntEQ(2, wolfSSL_sk_X509_NAME_num(cb_arg.names1)); + ExpectIntEQ(2, wolfSSL_sk_X509_NAME_num(cb_arg.names2)); + + if (EXPECT_SUCCESS()) { + ExpectStrEQ(wolfSSL_sk_X509_NAME_value(cb_arg.names1, 0)->name, + expected_names[0]); + ExpectStrEQ(wolfSSL_sk_X509_NAME_value(cb_arg.names1, 1)->name, + expected_names[1]); + } + + wolfSSL_shutdown(ssl_cli); + wolfSSL_free(ssl_cli); + wolfSSL_CTX_free(ctx_cli); + wolfSSL_free(ssl_srv); + wolfSSL_CTX_free(ctx_srv); + } +#endif + return EXPECT_RESULT(); +} + + +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(WOLFSSL_NO_CA_NAMES) && !defined(NO_BIO) && \ + !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) && (defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \ + defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) +static int certificate_authorities_server_cb(WOLFSSL *ssl, void *_arg) { + WOLF_STACK_OF(X509_NAME) **names_out = (WOLF_STACK_OF(X509_NAME) **)_arg; + WOLF_STACK_OF(X509_NAME) *names = wolfSSL_get0_peer_CA_list(ssl); + *names_out = names; + if (!wolfSSL_use_certificate_file(ssl, svrCertFile, SSL_FILETYPE_PEM)) + return 0; + if (!wolfSSL_use_PrivateKey_file(ssl, svrKeyFile, SSL_FILETYPE_PEM)) + return 0; + return 1; +} +#endif + +int test_certificate_authorities_client_hello(void) { + EXPECT_DECLS; +#if !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(WOLFSSL_NO_CA_NAMES) && !defined(NO_BIO) && \ + !defined(NO_CERTS) && (defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) && (defined(OPENSSL_ALL) || \ + defined(WOLFSSL_NGINX) || defined(HAVE_LIGHTY)) && \ + defined(WOLFSSL_TLS13) && defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) + + struct test_params { + method_provider client_meth; + method_provider server_meth; + int doUdp; + } params[] = { + /* TLS >= 1.3 only */ +#ifdef WOLFSSL_TLS13 + {wolfTLSv1_3_client_method, wolfTLSv1_3_server_method, 0}, +#endif +#ifdef WOLFSSL_DTLS13 + {wolfDTLSv1_3_client_method, wolfDTLSv1_3_server_method, 1}, +#endif + }; + size_t i; + + for (i = 0; i < sizeof(params) / sizeof(*params); i++) { + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_srv = NULL; + WOLFSSL *ssl_srv = NULL; + WOLFSSL_CTX *ctx_cli = NULL; + WOLFSSL *ssl_cli = NULL; + WOLF_STACK_OF(X509_NAME) *cb_arg = NULL; + WOLF_STACK_OF(X509_NAME) *names1 = NULL, *names2 = NULL; + X509_NAME *name = NULL; + const char *expected_names[] = { + "/C=US/ST=Montana/L=Bozeman/O=Sawtooth/OU=Consulting" + "/CN=www.wolfssl.com/emailAddress=info@wolfssl.com", + "/C=US/ST=Montana/L=Bozeman/O=wolfSSL_2048/OU=Programming-2048" + "/CN=www.wolfssl.com/emailAddress=info@wolfssl.com" + }; + + if (EXPECT_FAIL()) + break; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(0, test_memio_setup(&test_ctx, &ctx_cli, &ctx_srv, + &ssl_cli, &ssl_srv, params[i].client_meth, + params[i].server_meth)); + + wolfSSL_CTX_set_cert_cb(ctx_srv, certificate_authorities_server_cb, + &cb_arg); + + names1 = wolfSSL_load_client_CA_file(caCertFile); + ExpectNotNull(names1); + names2 = wolfSSL_load_client_CA_file(cliCertFile); + ExpectNotNull(names2); + ExpectNotNull(name = wolfSSL_sk_X509_NAME_value(names2, 0)); + ExpectIntEQ(2, wolfSSL_sk_X509_NAME_push(names1, name)); + if (EXPECT_FAIL()) { + wolfSSL_X509_NAME_free(name); + name = NULL; + } + wolfSSL_sk_X509_NAME_free(names2); + names2 = wolfSSL_load_client_CA_file(cliCertFile); + ExpectNotNull(names2); + + /* verify that set0_CA_list takes precedence */ + wolfSSL_set0_CA_list(ssl_cli, names1); + wolfSSL_CTX_set0_CA_list(ctx_cli, names2); + + ExpectIntEQ(0, test_memio_do_handshake(ssl_cli, ssl_srv, 10, NULL)); + + ExpectIntEQ(wolfSSL_sk_X509_NAME_num(cb_arg), 2); + + if (EXPECT_SUCCESS()) { + ExpectStrEQ(wolfSSL_sk_X509_NAME_value(cb_arg, 0)->name, + expected_names[0]); + ExpectStrEQ(wolfSSL_sk_X509_NAME_value(cb_arg, 1)->name, + expected_names[1]); + } + + wolfSSL_shutdown(ssl_cli); + wolfSSL_free(ssl_cli); + wolfSSL_CTX_free(ctx_cli); + wolfSSL_free(ssl_srv); + wolfSSL_CTX_free(ctx_srv); + } +#endif + return EXPECT_RESULT(); +} diff --git a/test/ssl/wolfssl/tests/api/test_tls_ext.h b/test/ssl/wolfssl/tests/api/test_tls_ext.h new file mode 100644 index 000000000..3506d02e9 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_tls_ext.h @@ -0,0 +1,30 @@ +/* test_tls_ext.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef TESTS_API_TEST_TLS_EXT_H +#define TESTS_API_TEST_TLS_EXT_H + +int test_tls_ems_downgrade(void); +int test_wolfSSL_DisableExtendedMasterSecret(void); +int test_certificate_authorities_certificate_request(void); +int test_certificate_authorities_client_hello(void); + +#endif /* TESTS_API_TEST_TLS_EMS_H */ diff --git a/test/ssl/wolfssl/tests/api/test_wc_encrypt.c b/test/ssl/wolfssl/tests/api/test_wc_encrypt.c new file mode 100644 index 000000000..be2966e45 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_wc_encrypt.c @@ -0,0 +1,91 @@ +/* test_wc_encrypt.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/* + * Unit test for wc_Des3_CbcEncryptWithKey and wc_Des3_CbcDecryptWithKey + */ +int test_wc_Des3_CbcEncryptDecryptWithKey(void) +{ + EXPECT_DECLS; +#ifndef NO_DES3 + word32 vectorSz, cipherSz; + byte cipher[24]; + byte plain[24]; + byte vector[] = { /* Now is the time for all w/o trailing 0 */ + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + byte key[] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + byte iv[] = { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 + }; + + vectorSz = sizeof(byte) * 24; + cipherSz = sizeof(byte) * 24; + + ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, iv), + 0); + ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, iv), 0); + ExpectIntEQ(XMEMCMP(plain, vector, 24), 0); + + /* pass in bad args. */ + ExpectIntEQ(wc_Des3_CbcEncryptWithKey(NULL, vector, vectorSz, key, iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, NULL, vectorSz, key, iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, NULL, iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcEncryptWithKey(cipher, vector, vectorSz, key, NULL), + 0); + + ExpectIntEQ(wc_Des3_CbcDecryptWithKey(NULL, cipher, cipherSz, key, iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, NULL, cipherSz, key, iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, NULL, iv), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(wc_Des3_CbcDecryptWithKey(plain, cipher, cipherSz, key, NULL), + 0); +#endif + return EXPECT_RESULT(); +} /* END test_wc_Des3_CbcEncryptDecryptWithKey */ + diff --git a/test/ssl/wolfssl/tests/api/test_wc_encrypt.h b/test/ssl/wolfssl/tests/api/test_wc_encrypt.h new file mode 100644 index 000000000..30430bb31 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_wc_encrypt.h @@ -0,0 +1,32 @@ +/* test_wc_encrypt.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_WC_ENCRYPT_H +#define WOLFCRYPT_TEST_WC_ENCRYPT_H + +#include + +int test_wc_Des3_CbcEncryptDecryptWithKey(void); + +#define TEST_WC_ENCRYPT_DECLS \ + TEST_DECL_GROUP("wc_encrypt", test_wc_Des3_CbcEncryptDecryptWithKey) + +#endif /* WOLFCRYPT_TEST_WC_ENCRYPT_H */ diff --git a/test/ssl/wolfssl/tests/api/test_wolfmath.c b/test/ssl/wolfssl/tests/api/test_wolfmath.c new file mode 100644 index 000000000..6484a7ac3 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_wolfmath.c @@ -0,0 +1,196 @@ +/* test_wolfmath.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +/* + * Testing mp_get_digit_count + */ +int test_mp_get_digit_count(void) +{ + EXPECT_DECLS; +#if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_PUBLIC_MP) + mp_int a; + + XMEMSET(&a, 0, sizeof(mp_int)); + + ExpectIntEQ(mp_init(&a), 0); + + ExpectIntEQ(mp_get_digit_count(NULL), 0); + ExpectIntEQ(mp_get_digit_count(&a), 0); + + mp_clear(&a); +#endif + return EXPECT_RESULT(); +} /* End test_get_digit_count */ + +/* + * Testing mp_get_digit + */ +int test_mp_get_digit(void) +{ + EXPECT_DECLS; +#if defined(WOLFSSL_PUBLIC_MP) + mp_int a; + int n = 0; + + XMEMSET(&a, 0, sizeof(mp_int)); + + ExpectIntEQ(mp_init(&a), MP_OKAY); + ExpectIntEQ(mp_get_digit(NULL, n), 0); + ExpectIntEQ(mp_get_digit(&a, n), 0); + + mp_clear(&a); +#endif + return EXPECT_RESULT(); +} /* End test_get_digit */ + +/* + * Testing mp_get_rand_digit + */ +int test_mp_get_rand_digit(void) +{ + EXPECT_DECLS; +#if !defined(WC_NO_RNG) && defined(WOLFSSL_PUBLIC_MP) + WC_RNG rng; + mp_digit d; + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(wc_InitRng(&rng), 0); + + ExpectIntEQ(mp_get_rand_digit(&rng, &d), 0); + ExpectIntEQ(mp_get_rand_digit(NULL, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(mp_get_rand_digit(NULL, &d), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(mp_get_rand_digit(&rng, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} /* End test_get_rand_digit */ + +/* + * Testing mp_cond_copy + */ +int test_mp_cond_copy(void) +{ + EXPECT_DECLS; +#if (defined(HAVE_ECC) || defined(WOLFSSL_MP_COND_COPY)) && \ + defined(WOLFSSL_PUBLIC_MP) + mp_int a; + mp_int b; + int copy = 0; + + XMEMSET(&a, 0, sizeof(mp_int)); + XMEMSET(&b, 0, sizeof(mp_int)); + + ExpectIntEQ(mp_init(&a), MP_OKAY); + ExpectIntEQ(mp_init(&b), MP_OKAY); + + ExpectIntEQ(mp_cond_copy(NULL, copy, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(mp_cond_copy(NULL, copy, &b), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(mp_cond_copy(&a, copy, NULL), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(mp_cond_copy(&a, copy, &b), 0); + + mp_clear(&a); + mp_clear(&b); +#endif + return EXPECT_RESULT(); +} /* End test_mp_cond_copy */ + +/* + * Testing mp_rand + */ +int test_mp_rand(void) +{ + EXPECT_DECLS; +#if defined(WC_RSA_BLINDING) && defined(WOLFSSL_PUBLIC_MP) + mp_int a; + WC_RNG rng; + int digits = 1; + + XMEMSET(&a, 0, sizeof(mp_int)); + XMEMSET(&rng, 0, sizeof(WC_RNG)); + + ExpectIntEQ(mp_init(&a), MP_OKAY); + ExpectIntEQ(wc_InitRng(&rng), 0); + + ExpectIntEQ(mp_rand(&a, digits, NULL), WC_NO_ERR_TRACE(MISSING_RNG_E)); + ExpectIntEQ(mp_rand(NULL, digits, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(mp_rand(&a, 0, &rng), WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + ExpectIntEQ(mp_rand(&a, digits, &rng), 0); + + mp_clear(&a); + DoExpectIntEQ(wc_FreeRng(&rng), 0); +#endif + return EXPECT_RESULT(); +} /* End test_mp_rand */ + +/* + * Testing wc_export_int + */ +int test_wc_export_int(void) +{ + EXPECT_DECLS; +#if (defined(HAVE_ECC) || defined(WOLFSSL_EXPORT_INT)) && \ + defined(WOLFSSL_PUBLIC_MP) + mp_int mp; + byte buf[32]; + word32 keySz = (word32)sizeof(buf); + word32 len = (word32)sizeof(buf); + + XMEMSET(&mp, 0, sizeof(mp_int)); + + ExpectIntEQ(mp_init(&mp), MP_OKAY); + ExpectIntEQ(mp_set(&mp, 1234), 0); + + ExpectIntEQ(wc_export_int(NULL, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN), + WC_NO_ERR_TRACE(BAD_FUNC_ARG)); + len = sizeof(buf)-1; + ExpectIntEQ(wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN), + WC_NO_ERR_TRACE(BUFFER_E)); + len = sizeof(buf); + ExpectIntEQ(wc_export_int(&mp, buf, &len, keySz, WC_TYPE_UNSIGNED_BIN), 0); + len = 4; /* test input too small */ + ExpectIntEQ(wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR), + WC_NO_ERR_TRACE(BUFFER_E)); + len = sizeof(buf); + ExpectIntEQ(wc_export_int(&mp, buf, &len, 0, WC_TYPE_HEX_STR), 0); + /* hex version of 1234 is 04D2 and should be 4 digits + 1 null */ + ExpectIntEQ(len, 5); + + mp_clear(&mp); +#endif + return EXPECT_RESULT(); +} /* End test_wc_export_int */ + diff --git a/test/ssl/wolfssl/tests/api/test_wolfmath.h b/test/ssl/wolfssl/tests/api/test_wolfmath.h new file mode 100644 index 000000000..2a2a9d8d4 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_wolfmath.h @@ -0,0 +1,42 @@ +/* test_wolfmath.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_WOLFMATH_H +#define WOLFCRYPT_TEST_WOLFMATH_H + +#include + +int test_mp_get_digit_count(void); +int test_mp_get_digit(void); +int test_mp_get_rand_digit(void); +int test_mp_cond_copy(void); +int test_mp_rand(void); +int test_wc_export_int(void); + +#define TEST_WOLFMATH_DECLS \ + TEST_DECL_GROUP("wolfmath", test_mp_get_digit_count), \ + TEST_DECL_GROUP("wolfmath", test_mp_get_digit), \ + TEST_DECL_GROUP("wolfmath", test_mp_get_rand_digit), \ + TEST_DECL_GROUP("wolfmath", test_mp_cond_copy), \ + TEST_DECL_GROUP("wolfmath", test_mp_rand), \ + TEST_DECL_GROUP("wolfmath", test_wc_export_int) + +#endif /* WOLFCRYPT_TEST_WOLFMATH_H */ diff --git a/test/ssl/wolfssl/tests/api/test_x509.c b/test/ssl/wolfssl/tests/api/test_x509.c new file mode 100644 index 000000000..5f4300b88 --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_x509.c @@ -0,0 +1,150 @@ +/* test_x509.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include +#include +#include +#include + +#if defined(OPENSSL_ALL) && \ + defined(HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES) +#define HAVE_TEST_X509_RFC2818_VERIFICATION_CALLBACK +/* callback taken and simplified from + * include/boost/asio/ssl/impl/rfc2818_verification.ipp + * version: boost-1.84.0 */ +static int rfc2818_verification_callback(int preverify, + WOLFSSL_X509_STORE_CTX* store) +{ + EXPECT_DECLS; + int depth; + X509* cert; + GENERAL_NAMES* gens; + byte address_bytes[] = { 127, 0, 0, 1 }; + X509_NAME* name; + int i; + ASN1_STRING* common_name = 0; + int matches = 0; + + /* Don't bother looking at certificates that have + * failed pre-verification. */ + if (!preverify) + return 0; + + /* We're only interested in checking the certificate at + * the end of the chain. */ + depth = X509_STORE_CTX_get_error_depth(store); + if (depth > 0) + return 1; + + /* Try converting the host name to an address. If it is an address then we + * need to look for an IP address in the certificate rather than a + * host name. */ + + cert = X509_STORE_CTX_get_current_cert(store); + + /* Go through the alternate names in the certificate looking for matching + * DNS or IP address entries. */ + gens = (GENERAL_NAMES*)X509_get_ext_d2i( + cert, NID_subject_alt_name, NULL, NULL); + for (i = 0; i < sk_GENERAL_NAME_num(gens); ++i) { + GENERAL_NAME* gen = sk_GENERAL_NAME_value(gens, i); + if (gen->type == GEN_DNS) { + ASN1_IA5STRING* domain = gen->d.dNSName; + if (domain->type == V_ASN1_IA5STRING && domain->data && + domain->length && + XSTRCMP(domain->data, "example.com") == 0) + matches++; + } + else if (gen->type == GEN_IPADD) + { + ASN1_OCTET_STRING* ip_address = gen->d.iPAddress; + if (ip_address->type == V_ASN1_OCTET_STRING && ip_address->data && + ip_address->length == sizeof(address_bytes) && + XMEMCMP(address_bytes, ip_address->data, 4) == 0) + matches++; + } + } + GENERAL_NAMES_free(gens); + + /* No match in the alternate names, so try the common names. We should only + * use the "most specific" common name, which is the last one in + * the list. */ + name = X509_get_subject_name(cert); + i = -1; + while ((i = X509_NAME_get_index_by_NID(name, NID_commonName, i)) >= 0) + { + X509_NAME_ENTRY* name_entry = X509_NAME_get_entry(name, i); + common_name = X509_NAME_ENTRY_get_data(name_entry); + } + if (common_name && common_name->data && common_name->length) + { + if (XSTRCMP(common_name->data, "www.wolfssl.com") == 0) + matches++; + } + + ExpectIntEQ(matches, 3); + return matches == 3; +} +#endif + +int test_x509_rfc2818_verification_callback(void) +{ + EXPECT_DECLS; +#ifdef HAVE_TEST_X509_RFC2818_VERIFICATION_CALLBACK + struct test_memio_ctx test_ctx; + WOLFSSL_CTX *ctx_c = NULL, *ctx_s = NULL; + WOLFSSL *ssl_c = NULL, *ssl_s = NULL; + + XMEMSET(&test_ctx, 0, sizeof(test_ctx)); + + ExpectIntEQ(test_memio_setup(&test_ctx, &ctx_c, &ctx_s, &ssl_c, &ssl_s, + wolfTLS_client_method, wolfTLS_server_method), 0); + + ExpectIntEQ(wolfSSL_use_certificate_file(ssl_c, cliCertFile, + WOLFSSL_FILETYPE_PEM), 1); + ExpectIntEQ(wolfSSL_use_PrivateKey_file(ssl_c, cliKeyFile, + WOLFSSL_FILETYPE_PEM), 1); + + ExpectIntEQ(wolfSSL_CTX_load_verify_locations(ctx_s, cliCertFile, NULL), 1); + wolfSSL_set_verify(ssl_s, WOLFSSL_VERIFY_PEER, + rfc2818_verification_callback); + + ExpectIntEQ(test_memio_do_handshake(ssl_c, ssl_s, 10, NULL), 0); + + wolfSSL_free(ssl_s); + wolfSSL_free(ssl_c); + wolfSSL_CTX_free(ctx_s); + wolfSSL_CTX_free(ctx_c); +#endif + return EXPECT_RESULT(); +} diff --git a/test/ssl/wolfssl/tests/api/test_x509.h b/test/ssl/wolfssl/tests/api/test_x509.h new file mode 100644 index 000000000..f8d53f3fd --- /dev/null +++ b/test/ssl/wolfssl/tests/api/test_x509.h @@ -0,0 +1,30 @@ +/* test_x509.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifndef WOLFCRYPT_TEST_X509_H +#define WOLFCRYPT_TEST_X509_H + +int test_x509_rfc2818_verification_callback(void); + +#define TEST_X509_DECLS \ + TEST_DECL_GROUP("x509", test_x509_rfc2818_verification_callback) + +#endif /* WOLFCRYPT_TEST_X509_H */ diff --git a/test/ssl/wolfssl/tests/quic.c b/test/ssl/wolfssl/tests/quic.c new file mode 100644 index 000000000..f3144b096 --- /dev/null +++ b/test/ssl/wolfssl/tests/quic.c @@ -0,0 +1,1922 @@ +/* quic.c QUIC unit tests + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef WOLFSSL_QUIC + +#include +#include +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif +#include +#include + +#if defined(WOLFSSL_SHA384) && defined(WOLFSSL_AES_256) + #define DEFAULT_TLS_DIGEST_SZ WC_SHA384_DIGEST_SIZE +#else + #define DEFAULT_TLS_DIGEST_SZ WC_SHA256_DIGEST_SIZE +#endif + +#define testingFmt " %s:" +#define resultFmt " %s\n" +static const char* pass = "pass"; +static const char* fail = "fail"; + +typedef struct { + const char *name; + WOLFSSL_METHOD * (*method)(void); + int is_server; +} ctx_setups; + +static int dummy_set_encryption_secrets(WOLFSSL *ssl, + WOLFSSL_ENCRYPTION_LEVEL level, + const uint8_t *read_secret, + const uint8_t *write_secret, + size_t secret_len) +{ + (void)ssl; + printf("QUIC_set_encryption_secrets(level=%d, length=%d, rx=%s, tx=%s)\n", + level, (int)secret_len, read_secret? "yes" : "no", + write_secret? "yes" : "no"); + return 1; +} + +static int dummy_set_encryption_secrets_fail(WOLFSSL *ssl, + WOLFSSL_ENCRYPTION_LEVEL level, + const uint8_t *read_secret, + const uint8_t *write_secret, + size_t secret_len) +{ + (void)ssl; + printf("QUIC_set_encryption_secrets(level=%d, length=%d, rx=%s, tx=%s)\n", + level, (int)secret_len, read_secret? "yes" : "no", + write_secret? "yes" : "no"); + return 0; +} + +static int dummy_add_handshake_data(WOLFSSL *ssl, + WOLFSSL_ENCRYPTION_LEVEL level, + const uint8_t *data, size_t len) +{ + (void)ssl; + (void)data; + printf("QUIC_add_handshake_data(level=%d, length=%d)\n", level, (int)len); + return 1; +} + +static int dummy_flush_flight(WOLFSSL *ssl) +{ + (void)ssl; + printf("QUIC_flush_flight()\n"); + return 1; +} + +static int dummy_send_alert(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, + uint8_t err) +{ + (void)ssl; + printf("QUIC_send_alert(level=%d, err=%d)\n", level, err); + return 1; +} + +static WOLFSSL_QUIC_METHOD dummy_method = { + dummy_set_encryption_secrets, + dummy_add_handshake_data, + dummy_flush_flight, + dummy_send_alert, +}; + +static WOLFSSL_QUIC_METHOD null_method = { + NULL, NULL, NULL, NULL +}; + +static ctx_setups valids[] = { +#ifdef WOLFSSL_TLS13 + { "TLSv1.3 server", wolfTLSv1_3_server_method, 1}, + { "TLSv1.3 client", wolfTLSv1_3_client_method, 0}, +#endif + { NULL, NULL, 0} +}; + +static ctx_setups invalids[] = { +#ifndef WOLFSSL_NO_TLS12 + { "TLSv1.2 server", wolfTLSv1_2_server_method, 1}, + { "TLSv1.2 client", wolfTLSv1_2_client_method, 0}, +#endif +#ifndef NO_OLD_TLS + { "TLSv1.1 server", wolfTLSv1_1_server_method, 1}, + { "TLSv1.1 client", wolfTLSv1_1_client_method, 0}, +#endif + { NULL, NULL, 0} +}; + + +static int test_set_quic_method(void) { + EXPECT_DECLS; + WOLFSSL_CTX * ctx = NULL; + WOLFSSL * ssl = NULL; + int i = 0; + const uint8_t * data = NULL; + size_t data_len = 0;; + + for (i = 0; valids[i].name != NULL; ++i) { + ExpectNotNull(ctx = wolfSSL_CTX_new(valids[i].method())); + if (ctx == NULL) { + break; + } + if (valids[i].is_server) { + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + } + /* ctx does not have quic enabled, so will SSL* derived from it */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + if (ssl == NULL) { + break; + } + ExpectFalse(wolfSSL_is_quic(ssl)); + /* Enable quic on the SSL* */ + ExpectFalse(wolfSSL_set_quic_method(ssl, &null_method) == WOLFSSL_SUCCESS); + ExpectTrue(wolfSSL_set_quic_method(ssl, &dummy_method) == WOLFSSL_SUCCESS); + ExpectTrue(wolfSSL_is_quic(ssl)); + /* Check some default, initial behaviour */ + ExpectTrue(wolfSSL_set_quic_transport_params(ssl, NULL, 0) == WOLFSSL_SUCCESS); + wolfSSL_get_peer_quic_transport_params(ssl, &data, &data_len); + ExpectNull(data); + ExpectTrue(data_len == 0); + ExpectTrue(wolfSSL_quic_read_level(ssl) == wolfssl_encryption_initial); + ExpectTrue(wolfSSL_quic_write_level(ssl) == wolfssl_encryption_initial); + ExpectTrue(wolfSSL_get_quic_transport_version(ssl) == 0); + wolfSSL_set_quic_transport_version(ssl, TLSX_KEY_QUIC_TP_PARAMS); + ExpectTrue(wolfSSL_get_quic_transport_version(ssl) == TLSX_KEY_QUIC_TP_PARAMS); + wolfSSL_set_quic_use_legacy_codepoint(ssl, 1); + ExpectTrue(wolfSSL_get_quic_transport_version(ssl) == TLSX_KEY_QUIC_TP_PARAMS_DRAFT); + wolfSSL_set_quic_use_legacy_codepoint(ssl, 0); + ExpectTrue(wolfSSL_get_quic_transport_version(ssl) == TLSX_KEY_QUIC_TP_PARAMS); + /* max flight len during stages of handhshake, we us 16k initial and on + * app data, and during handshake allow larger for cert exchange. This is + * more advisory for the network code. ngtcp2 has its own ideas, for example. + */ + data_len = wolfSSL_quic_max_handshake_flight_len(ssl, wolfssl_encryption_initial); + ExpectTrue(data_len == 16*1024); + data_len = wolfSSL_quic_max_handshake_flight_len(ssl, wolfssl_encryption_early_data); + ExpectTrue(data_len == 0); + data_len = wolfSSL_quic_max_handshake_flight_len(ssl, wolfssl_encryption_handshake); + ExpectTrue(data_len >= 16*1024); + data_len = wolfSSL_quic_max_handshake_flight_len(ssl, wolfssl_encryption_application); + ExpectTrue(data_len == 16*1024); + wolfSSL_free(ssl); + ssl = NULL; + /* Enabled quic on the ctx */ + ExpectTrue(wolfSSL_CTX_set_quic_method(ctx, &dummy_method) == WOLFSSL_SUCCESS); + /* It will be enabled on the SSL* */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + if (ssl == NULL) { + break; + } + ExpectTrue(wolfSSL_is_quic(ssl)); + wolfSSL_free(ssl); + ssl = NULL; + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + + for (i = 0; invalids[i].name != NULL; ++i) { + ExpectNotNull(ctx = wolfSSL_CTX_new(invalids[i].method())); + if (ctx == NULL) { + break; + } + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + ExpectFalse(wolfSSL_CTX_set_quic_method(ctx, &dummy_method) == WOLFSSL_SUCCESS); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + if (ssl == NULL) { + break; + } + ExpectFalse(wolfSSL_set_quic_method(ssl, &dummy_method) == WOLFSSL_SUCCESS); + ExpectFalse(wolfSSL_is_quic(ssl)); + /* even though not quic, this is the only level we can return */ + ExpectTrue(wolfSSL_quic_read_level(ssl) == wolfssl_encryption_initial); + ExpectTrue(wolfSSL_quic_write_level(ssl) == wolfssl_encryption_initial); + wolfSSL_free(ssl); + ssl = NULL; + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + + /* cleanup */ + if (ssl != NULL) { + wolfSSL_free(ssl); + ssl = NULL; + } + if (ctx != NULL) { + wolfSSL_CTX_free(ctx); + ctx = NULL; + } + + printf(" test_set_quic_method: %s\n", (EXPECT_SUCCESS()) ? pass : fail); + return EXPECT_RESULT(); +} + +static size_t fake_record(byte rtype, word32 rlen, uint8_t *rec) +{ + rec[0] = (uint8_t)rtype; + c32to24(rlen, rec+1); + return rlen + 4; +} + +static size_t shift_record(uint8_t *rec, size_t len, size_t written) +{ + len -= written; + XMEMMOVE(rec, rec+written, len); + return len; +} + +static void dump_buffer(const char *name, const byte *p, size_t len, int indent) +{ + size_t i = 0; + + printf("%s[%d] = {", name, (int)len); + while((p != NULL) && (i < len)) { + if((i % 0x10) == 0) { + printf("\n"); + printf("%*s %04X - ", indent, " ", (int)i); + } + else if((i % 0x08) == 0) { + printf(" "); + } + printf("%02X ", p[i]); + i++; + } + printf("\n%*s};\n", indent, " "); +} + +static void dump_ssl_buffers(WOLFSSL *ssl, FILE *fp) +{ + QuicRecord *qr = ssl->quic.input_head; + + fprintf(fp, "SSL quic data buffered: \n"); + while (qr) { + fprintf(fp, " - %d-%d/%d (cap %d, level=%d)\n", + qr->start, qr->end, qr->len, qr->capacity, qr->level); + qr = qr->next; + } + if ((qr = ssl->quic.scratch)) { + fprintf(fp, " scratch: %d-%d/%d (cap %d, level=%d)\n", + qr->start, qr->end, qr->len, qr->capacity, qr->level); + } + else { + fprintf(fp, " scratch: -\n"); + } +} + +static int provide_data(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, + const uint8_t *data, size_t len, int excpect_fail) +{ + int ret; + + ret = (wolfSSL_provide_quic_data(ssl, level, data, len) == WOLFSSL_SUCCESS); + if (!!ret != !excpect_fail) { + dump_ssl_buffers(ssl, stdout); + return 0; + } + return 1; +} + +static int test_provide_quic_data(void) { + EXPECT_DECLS; + WOLFSSL_CTX * ctx = NULL; + WOLFSSL * ssl = NULL; + uint8_t lbuffer[16*1024]; + size_t len = 0; + + XMEMSET(lbuffer, 0, sizeof(lbuffer)); + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + ExpectTrue(wolfSSL_CTX_set_quic_method(ctx, &dummy_method) == WOLFSSL_SUCCESS); + /* provide_quic_data() feeds CRYPTO packets inside a QUIC Frame into + * the TLSv1.3 state machine. + * The data fed is not the QUIC frame, but the TLS record inside it. + * This may be called several times before SSL_do_handshake() is invoked + * to process them. + * During buffering this data, the code checks that: + * - encryption level only ever increases for subsequent TLS records + * - a TLS record is received complete before the encryption level increases + */ + ExpectNotNull(ssl = wolfSSL_new(ctx)); + len = fake_record(1, 100, lbuffer); + ExpectTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, 1, 0)); + ExpectTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer+1, 3, 0)); + ExpectTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer+4, len, 0) + ); + len = fake_record(2, 1523, lbuffer); + ExpectTrue(provide_data(ssl, wolfssl_encryption_handshake, lbuffer, len, 0)); + len = fake_record(2, 1, lbuffer); + len += fake_record(3, 190, lbuffer+len); + ExpectTrue(provide_data(ssl, wolfssl_encryption_handshake, lbuffer, len, 0)); + len = fake_record(5, 2049, lbuffer); + ExpectTrue(provide_data(ssl, wolfssl_encryption_application, lbuffer, len, 0)); + /* adding another record with decreased level must fail */ + len = fake_record(1, 100, lbuffer); + ExpectTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, len, 1)); + wolfSSL_free(ssl); + ssl = NULL; + + ExpectNotNull(ssl = wolfSSL_new(ctx)); + len = fake_record(1, 100, lbuffer); + ExpectTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, 24, 0)); + len = shift_record(lbuffer, len, 24); + len += fake_record(2, 4000, lbuffer+len); + ExpectTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, len - 99, 0)); + len = shift_record(lbuffer, len, len - 99); + len += fake_record(5, 2049, lbuffer+len); + ExpectTrue(provide_data(ssl, wolfssl_encryption_initial, lbuffer, len, 0)); + /* should be recognized as complete and level increase needs to be accepted */ + len = fake_record(2, 1, lbuffer); + len += fake_record(3, 190, lbuffer+len); + ExpectTrue(provide_data(ssl, wolfssl_encryption_handshake, lbuffer, len - 10, 0)); + len = shift_record(lbuffer, len, len - 10); + /* Change level with incomplete record in lbuffer, needs to fail */ + len += fake_record(5, 8102, lbuffer+len); + ExpectTrue(provide_data(ssl, wolfssl_encryption_application, lbuffer, len - 10, 1)); + wolfSSL_free(ssl); + + wolfSSL_CTX_free(ctx); + + printf(" test_provide_quic_data: %s\n", (EXPECT_SUCCESS()) ? pass : fail); + return EXPECT_RESULT(); +} + + +static int test_quic_crypt(void) { + EXPECT_DECLS; + WOLFSSL_CTX * ctx = NULL; + WOLFSSL * ssl = NULL; + const WOLFSSL_EVP_CIPHER * aead_cipher = NULL; + /* check that our enc-/decrypt support in quic rount-trips */ + static const uint8_t key[16] = + {0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff}; + static const uint8_t aad[] = + {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19}; + static const uint8_t iv[] = + {20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31}; + static const uint8_t plaintext[] = + "hello world\nhello world\nhello world\nhello world\nhello world\n" + "hello world\nhello world\n"; + static const uint8_t expected[] = + {0xd3, 0xa8, 0x1d, 0x96, 0x4c, 0x9b, 0x02, 0xd7, + 0x9a, 0xb0, 0x41, 0x07, 0x4c, 0x8c, 0xe2, 0xe0, + 0x2e, 0x83, 0x54, 0x52, 0x45, 0xcb, 0xd4, 0x68, + 0xc8, 0x43, 0x45, 0xca, 0x91, 0xfb, 0xa3, 0x7a, + 0x67, 0xed, 0xe8, 0xd7, 0x5e, 0xe2, 0x33, 0xd1, + 0x3e, 0xbf, 0x50, 0xc2, 0x4b, 0x86, 0x83, 0x55, + 0x11, 0xbb, 0x17, 0x4f, 0xf5, 0x78, 0xb8, 0x65, + 0xeb, 0x9a, 0x2b, 0x8f, 0x77, 0x08, 0xa9, 0x60, + 0x17, 0x73, 0xc5, 0x07, 0xf3, 0x04, 0xc9, 0x3f, + 0x67, 0x4d, 0x12, 0xa1, 0x02, 0x93, 0xc2, 0x3c, + 0xd3, 0xf8, 0x59, 0x33, 0xd5, 0x01, 0xc3, 0xbb, + 0xaa, 0xe6, 0x3f, 0xbb, 0x23, 0x66, 0x94, 0x26, + 0x28, 0x43, 0xa5, 0xfd, 0x2f}; + WOLFSSL_EVP_CIPHER_CTX * enc_ctx = NULL; + WOLFSSL_EVP_CIPHER_CTX * dec_ctx = NULL; + uint8_t * encrypted = NULL; + uint8_t * decrypted = NULL; + size_t tag_len = 0; + size_t enc_len = 0; + size_t dec_len = 0; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + ExpectTrue(wolfSSL_CTX_set_quic_method(ctx, &dummy_method) == WOLFSSL_SUCCESS); + ExpectNotNull(ssl = wolfSSL_new(ctx)); + + /* don't have an AEAD cipher selected before start */ + ExpectTrue(wolfSSL_CIPHER_get_id(wolfSSL_get_current_cipher(ssl)) == 0); + ExpectNotNull(aead_cipher = wolfSSL_EVP_aes_128_gcm()); + ExpectTrue(wolfSSL_quic_aead_is_gcm(aead_cipher) != 0); + ExpectTrue(wolfSSL_quic_aead_is_ccm(aead_cipher) == 0); + ExpectTrue(wolfSSL_quic_aead_is_chacha20(aead_cipher) == 0); + + tag_len = wolfSSL_quic_get_aead_tag_len(aead_cipher); + ExpectTrue(tag_len == 16); + dec_len = sizeof(plaintext); + enc_len = dec_len + tag_len; + encrypted = (uint8_t*)XMALLOC(enc_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(encrypted); + decrypted = (uint8_t*)XMALLOC(dec_len, NULL, DYNAMIC_TYPE_TMP_BUFFER); + ExpectNotNull(decrypted); + + ExpectNotNull(enc_ctx = wolfSSL_quic_crypt_new(aead_cipher, key, iv, 1)); + ExpectTrue(wolfSSL_quic_aead_encrypt(encrypted, enc_ctx, + plaintext, sizeof(plaintext), + NULL, aad, sizeof(aad)) == WOLFSSL_SUCCESS); + ExpectTrue(memcmp(expected, encrypted, dec_len) == 0); + ExpectTrue(memcmp(expected+dec_len, encrypted+dec_len, tag_len) == 0); + + ExpectNotNull(dec_ctx = wolfSSL_quic_crypt_new(aead_cipher, key, iv, 0)); + ExpectTrue(wolfSSL_quic_aead_decrypt(decrypted, dec_ctx, + encrypted, enc_len, + NULL, aad, sizeof(aad)) == WOLFSSL_SUCCESS); + ExpectTrue(memcmp(plaintext, decrypted, dec_len) == 0); + + XFREE(encrypted, NULL, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decrypted, NULL, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_CIPHER_CTX_free(enc_ctx); + wolfSSL_EVP_CIPHER_CTX_free(dec_ctx); + + wolfSSL_free(ssl); + wolfSSL_CTX_free(ctx); + printf(" test_quic_crypt: %s\n", (EXPECT_SUCCESS()) ? pass : fail); + return EXPECT_RESULT(); +} + +typedef struct OutputBuffer { + byte data[64*1024]; + size_t len; + WOLFSSL_ENCRYPTION_LEVEL level; + struct OutputBuffer *next; +} OutputBuffer; + +typedef struct { + const char *name; + WOLFSSL *ssl; + OutputBuffer output; + byte rx_secret[4][1024]; + size_t rx_secret_len[4]; + byte tx_secret[4][1024]; + size_t tx_secret_len[4]; + int handshake_done; + int alert_level; + int alert; + int flushed; + int verbose; + byte ticket[16*1024]; + word32 ticket_len; + byte session[16*1024]; + word32 session_len; +} QuicTestContext; + +static int ctx_set_encryption_secrets(WOLFSSL *ssl, + WOLFSSL_ENCRYPTION_LEVEL level, + const uint8_t *read_secret, + const uint8_t *write_secret, + size_t secret_len); +static int ctx_add_handshake_data(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, + const uint8_t *data, size_t len); +static int ctx_flush_flight(WOLFSSL *ssl); +static int ctx_send_alert(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, + uint8_t err); +#ifdef HAVE_SESSION_TICKET +static int ctx_session_ticket_cb(WOLFSSL* ssl, + const unsigned char* ticket, int ticketSz, + void* cb_ctx); +#endif + +static WOLFSSL_QUIC_METHOD ctx_method = { + ctx_set_encryption_secrets, + ctx_add_handshake_data, + ctx_flush_flight, + ctx_send_alert, +}; + +static WOLFSSL_QUIC_METHOD ctx_method_fail = { + dummy_set_encryption_secrets_fail, + ctx_add_handshake_data, + ctx_flush_flight, + ctx_send_alert, +}; + +static void QuicTestContext_init(QuicTestContext *tctx, WOLFSSL_CTX *ctx, + const char *name, int verbose) +{ + static const byte tp_params_c[] = {0, 1, 2, 3, 4, 5, 6, 7}; + static const byte tp_params_s[] = {7, 6, 5, 4, 3, 2, 1, 0, 1}; + + AssertNotNull(tctx); + memset(tctx, 0, sizeof(*tctx)); + tctx->name = name; + tctx->ssl = wolfSSL_new(ctx); + AssertNotNull(tctx->ssl); + tctx->verbose = verbose; + wolfSSL_set_app_data(tctx->ssl, tctx); + AssertTrue(wolfSSL_set_quic_method(tctx->ssl, &ctx_method) == WOLFSSL_SUCCESS); + wolfSSL_set_verify(tctx->ssl, SSL_VERIFY_NONE, 0); +#ifdef HAVE_SESSION_TICKET + wolfSSL_UseSessionTicket(tctx->ssl); + wolfSSL_set_SessionTicket_cb(tctx->ssl, ctx_session_ticket_cb, NULL); +#endif + if (wolfSSL_is_server(tctx->ssl)) { + wolfSSL_set_quic_transport_version(tctx->ssl, 0); + wolfSSL_set_quic_transport_params(tctx->ssl, tp_params_s, sizeof(tp_params_s)); + } + else { + wolfSSL_set_quic_transport_version(tctx->ssl, 0); + wolfSSL_set_quic_transport_params(tctx->ssl, tp_params_c, sizeof(tp_params_c)); + } + (void)ctx_method; +} + +static void QuicTestContext_init_fail_cb(QuicTestContext *tctx, WOLFSSL_CTX *ctx, + const char *name, int verbose) +{ + static const byte tp_params_c[] = {0, 1, 2, 3, 4, 5, 6, 7}; + static const byte tp_params_s[] = {7, 6, 5, 4, 3, 2, 1, 0, 1}; + + AssertNotNull(tctx); + memset(tctx, 0, sizeof(*tctx)); + tctx->name = name; + tctx->ssl = wolfSSL_new(ctx); + AssertNotNull(tctx->ssl); + tctx->verbose = verbose; + wolfSSL_set_app_data(tctx->ssl, tctx); + AssertTrue(wolfSSL_set_quic_method(tctx->ssl, &ctx_method_fail) == WOLFSSL_SUCCESS); + wolfSSL_set_verify(tctx->ssl, SSL_VERIFY_NONE, 0); +#ifdef HAVE_SESSION_TICKET + wolfSSL_UseSessionTicket(tctx->ssl); + wolfSSL_set_SessionTicket_cb(tctx->ssl, ctx_session_ticket_cb, NULL); +#endif + if (wolfSSL_is_server(tctx->ssl)) { + wolfSSL_set_quic_transport_version(tctx->ssl, 0); + wolfSSL_set_quic_transport_params(tctx->ssl, tp_params_s, sizeof(tp_params_s)); + } + else { + wolfSSL_set_quic_transport_version(tctx->ssl, 0); + wolfSSL_set_quic_transport_params(tctx->ssl, tp_params_c, sizeof(tp_params_c)); + } + (void)ctx_method; +} + +static void QuicTestContext_free(QuicTestContext *tctx) +{ + OutputBuffer *out, *n; + + if (tctx->ssl) { + wolfSSL_free(tctx->ssl); + tctx->ssl = NULL; + } + out = tctx->output.next; + while (out) { + n = out->next; + free(out); + out = n; + } +} + +static int ctx_set_encryption_secrets(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, + const uint8_t *read_secret, + const uint8_t *write_secret, size_t secret_len) +{ + QuicTestContext *ctx = (QuicTestContext*)wolfSSL_get_app_data(ssl); + + AssertNotNull(ctx); + AssertTrue(secret_len <= sizeof(ctx->rx_secret[0])); + if (read_secret) { + memcpy(ctx->rx_secret[level], read_secret, secret_len); + ctx->rx_secret_len[level] = secret_len; + } + if (write_secret) { + memcpy(ctx->tx_secret[level], write_secret, secret_len); + ctx->tx_secret_len[level] = secret_len; + } + AssertNotNull(ctx); + return 1; +} + +static int ctx_add_handshake_data(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, + const uint8_t *data, size_t len) +{ + QuicTestContext *ctx = (QuicTestContext*)wolfSSL_get_app_data(ssl); + OutputBuffer *out; + + AssertNotNull(ctx); + out = &ctx->output; + while (out->next) { + out = out->next; + } + if (out->level != level) { + if (out->len > 0) { + out->next = (OutputBuffer*)calloc(1, sizeof(OutputBuffer)); + out = out->next; + AssertNotNull(out); + } + out->level = level; + } + if (ctx->verbose) { + printf("[%s] add_handshake[enc_level=%d]: %d bytes\n", ctx->name, level, (int)len); + /* dump_buffer("add", data, len, 0); */ + } + if (len > 0) { + AssertTrue(out->len + len < sizeof(out->data)); + memcpy(out->data + out->len, data, len); + out->len += len; + } + return 1; +} + +static int ctx_flush_flight(WOLFSSL *ssl) +{ + QuicTestContext *ctx = (QuicTestContext*)wolfSSL_get_app_data(ssl); + + AssertNotNull(ctx); + ctx->flushed = 1; + return 1; +} + +static int ctx_send_alert(WOLFSSL *ssl, WOLFSSL_ENCRYPTION_LEVEL level, uint8_t err) +{ + QuicTestContext *ctx = (QuicTestContext*)wolfSSL_get_app_data(ssl); + + AssertNotNull(ctx); + + if (ctx->verbose) { + printf("[%s] send_alert: level=%d, err=%d\n", ctx->name, level, err); + } + ctx->alert_level = (int)level; + ctx->alert = alert; + return 1; +} + +#ifdef HAVE_SESSION_TICKET +static int ctx_session_ticket_cb(WOLFSSL* ssl, + const unsigned char* ticket, int ticketSz, + void* cb_ctx) +{ + QuicTestContext *ctx = (QuicTestContext*)wolfSSL_get_app_data(ssl); + + AssertNotNull(ctx); + + (void)cb_ctx; + if (ticketSz < 0 || (size_t)ticketSz > sizeof(ctx->ticket)) { + printf("SESSION TICKET callback: ticket given is too large: %d bytes\n", + ticketSz); + return 1; + } + memset(ctx->ticket, 0, sizeof(ctx->ticket)); + ctx->ticket_len = (word32)ticketSz; + memcpy(ctx->ticket, ticket, (size_t)ticketSz); + if (ctx->verbose) { + printf("Session Ticket[%s]: ", ctx->name); + dump_buffer("", ticket, (size_t)ticketSz, 4); + } + return 0; +} +#endif + +static void ctx_dump_output(QuicTestContext *ctx) +{ + dump_buffer("Output", ctx->output.data, ctx->output.len, 0); +} + +static void check_handshake_record(const byte *data, size_t data_len, + int *ptype, size_t *prlen) +{ + word32 rlen; + AssertTrue(data_len >= HANDSHAKE_HEADER_SZ); + *ptype = data[0]; + c24to32(&data[1], &rlen); + *prlen = rlen + HANDSHAKE_HEADER_SZ; +} + +static void ext_dump(const byte *data, size_t data_len, int indent) +{ + size_t idx = 0; + word16 len16, etype, i; + + printf("%*sextensions:\n", indent, " "); + while (idx < data_len) { + ato16(&data[idx], &etype); /* extension type */ + ato16(&data[idx+2], &len16); /* extension length */ + printf(" extension: %04x [", etype); + for (i = 0; i < len16; ++i) { + printf("%s0x%02x", (i? ", ": ""), data[idx+4+i]); + } + printf("]\n"); + idx += 2 + 2 + len16; + } +} + +static const byte *ext_find(const byte *data, size_t data_len, int ext_type) +{ + size_t idx = 0; + word16 len16, etype; + + while (idx < data_len) { + ato16(&data[idx], &etype); /* extension type */ + if (etype == ext_type) { + return data + idx; + } + ato16(&data[idx+2], &len16); /* extension length */ + idx += 2 + 2 + len16; + } + return NULL; +} + +static int ext_has(const byte *data, size_t data_len, int ext_type) +{ + return ext_find(data, data_len,ext_type) != NULL; +} + +static void ext_equals(const byte *data, size_t data_len, int ext_type, + const byte *exp_data, size_t exp_len) +{ + const byte *ext; + word16 len16; + + ext = ext_find(data, data_len, ext_type); + AssertNotNull(ext); + ato16(&ext[2], &len16); + AssertTrue(len16 == exp_len); + AssertTrue(memcmp(ext + 4, exp_data, exp_len) == 0); +} + +static void check_quic_client_hello(const byte *data, size_t data_len, + int verbose, int indent) +{ + size_t idx; + word16 len16; + const byte *exts; + size_t exts_len, rec_len; + int rec_type; + static byte ext_sup_version[3] = {0x02, 0x03, 0x04}; + + check_handshake_record(data, data_len, &rec_type, &rec_len); + AssertIntEQ(rec_type, client_hello); + idx = HANDSHAKE_HEADER_SZ; + /* the client hello arrives alone */ + AssertIntEQ(rec_len, data_len); + AssertTrue(data[idx] == SSLv3_MAJOR); + idx++; + AssertTrue(data[idx] == TLSv1_2_MINOR); + idx++; + idx += 32; /* 32 bytes RANDOM */ + AssertIntEQ(data[idx], 0); /* session id length MUST be 0, RFC9001 ch. 8.4 */ + idx += 1 + data[idx]; + ato16(&data[idx], &len16); /* ciphers length */ + AssertTrue(len16 > 0); + idx += 2 + len16; + AssertTrue(data[idx] == 1); /* compressions */ + AssertTrue(data[idx+1] == 0); /* no compression */ + idx += 2; + ato16(&data[idx], &len16); /* extensions length */ + AssertTrue(len16 > 0); + exts_len = len16; + idx += 2; + exts = &data[idx]; + idx += exts_len; + AssertTrue(idx <= rec_len); /* should fit */ + for (; idx < rec_len; ++idx) { + AssertTrue(data[idx] == 0); /* padding */ + } + ext_equals(exts, exts_len, TLSX_SUPPORTED_VERSIONS, + ext_sup_version, sizeof(ext_sup_version)); + if (verbose) { + ext_dump(exts, exts_len, indent); + dump_buffer("", data, data_len, indent); + } +} + +static void check_quic_client_hello_tp(OutputBuffer *out, int tp_v1, + int tp_draft) +{ + size_t idx; + word16 len16; + const byte *exts; + size_t exts_len, rec_len; + int rec_type; + + check_handshake_record(out->data, out->len, &rec_type, &rec_len); + AssertIntEQ(rec_type, client_hello); + idx = HANDSHAKE_HEADER_SZ; + idx += 2; /* old version */ + idx += 32; /* 32 bytes RANDOM */ + idx += 1 + out->data[idx]; /* session id */ + ato16(&out->data[idx], &len16); /* ciphers length */ + idx += 2 + len16; + idx += 2; /* compression */ + ato16(&out->data[idx], &len16); /* extensions length */ + AssertTrue(len16 > 0); + exts_len = len16; + idx += 2; + exts = &out->data[idx]; + + AssertTrue(!ext_has(exts, exts_len, TLSX_KEY_QUIC_TP_PARAMS) == !tp_v1); + AssertTrue(!ext_has(exts, exts_len, TLSX_KEY_QUIC_TP_PARAMS_DRAFT) == !tp_draft); +} + +static void check_secrets(QuicTestContext *ctx, WOLFSSL_ENCRYPTION_LEVEL level, + size_t rx_len, size_t tx_len) +{ + int idx = (int)level; + AssertTrue(idx < 4); + AssertIntEQ(ctx->rx_secret_len[idx], rx_len); + AssertIntEQ(ctx->tx_secret_len[idx], tx_len); +} + +static void assert_secrets_EQ(QuicTestContext *ctx1, QuicTestContext *ctx2, + WOLFSSL_ENCRYPTION_LEVEL level) +{ + int idx = (int)level; + /* rx secrets are the other ones tx secrets */ + AssertIntEQ(ctx1->rx_secret_len[idx], ctx2->tx_secret_len[idx]); + AssertIntEQ(ctx1->tx_secret_len[idx], ctx2->rx_secret_len[idx]); + AssertIntEQ(memcmp(ctx1->rx_secret[idx], ctx2->tx_secret[idx], + ctx1->rx_secret_len[idx]), 0); + AssertIntEQ(memcmp(ctx1->tx_secret[idx], ctx2->rx_secret[idx], + ctx1->tx_secret_len[idx]), 0); +} + +static void check_ee(const byte *data, size_t data_len, int verbose, + int indent) +{ + size_t rec_len, exts_len, idx; + word16 len16; + const byte *exts; + int rec_type; + + check_handshake_record(data, data_len, &rec_type, &rec_len); + AssertIntEQ(rec_type, encrypted_extensions); + idx = HANDSHAKE_HEADER_SZ; + ato16(&data[idx], &len16); /* extensions length */ + AssertTrue(len16 > 0); + exts_len = len16; + idx += 2; + exts = &data[idx]; + if (verbose) { + ext_dump(exts, exts_len, indent); + dump_buffer("", data, data_len, indent); + } +} + +static void check_quic_server_hello(const byte *data, size_t data_len, + int verbose, int indent) +{ + size_t idx; + word16 len16, cipher; + const byte *exts; + size_t exts_len, rec_len; + static byte ext_sup_version[2] = {0x03, 0x04}; + int rec_type; + + check_handshake_record(data, data_len, &rec_type, &rec_len); + AssertIntEQ(rec_type, server_hello); + idx = HANDSHAKE_HEADER_SZ; + AssertTrue(data[idx] == SSLv3_MAJOR); + idx++; + AssertTrue(data[idx] == TLSv1_2_MINOR); + idx++; + idx += 32; /* 32 bytes RANDOM */ + /* AssertIntEQ(data[idx], 0); session id of len 0 */ + idx += 1 + data[idx]; + ato16(&data[idx], &cipher); /* cipher selected */ + AssertTrue(cipher != 0); + idx += 2; + AssertTrue(data[idx] == 0); /* null compression */ + idx += 1; + ato16(&data[idx], &len16); /* extensions length */ + AssertTrue(len16 > 0); + exts_len = len16; + idx += 2; + exts = &data[idx]; + idx += exts_len; + AssertTrue(idx <= rec_len); /* should fit */ + for (; idx < rec_len; ++idx) { + AssertTrue(data[idx] == 0); /* padding */ + } + if (verbose) { + ext_dump(exts, exts_len, indent); + dump_buffer("", data, rec_len, indent); + } + ext_equals(exts, exts_len, TLSX_SUPPORTED_VERSIONS, + ext_sup_version, sizeof(ext_sup_version)); +} + +static void check_crypto_rec(const byte *data, size_t data_len, int verbose, + int indent) +{ + size_t rec_len; + int rec_type; + + check_handshake_record(data, data_len, &rec_type, &rec_len); + if (verbose) { + dump_buffer("", data, rec_len, indent); + } +} + +static void check_crypto_records(QuicTestContext *from, OutputBuffer *out, + int indent, char *rec_log, + size_t rec_log_size) +{ + const byte *data = out->data; + size_t data_len = out->len; + size_t rec_len; + int rec_type; + const char *rec_name; + char lbuffer[128]; + void (*check_rec) (const byte *d, size_t l, int v, int indent); + + while (data_len > 0) { + check_handshake_record(data, data_len, &rec_type, &rec_len); + if (rec_len > data_len) { + printf("%*sINCOMPLETE CRYPTO?: ", indent, " "); + dump_buffer("", data, data_len, indent); + } + AssertTrue(rec_len <= data_len); + check_rec = check_crypto_rec; + switch (rec_type) { + case client_hello: + rec_name = "ClientHello"; + check_rec = check_quic_client_hello; + break; + case server_hello: + rec_name = "ServerHello"; + check_rec = check_quic_server_hello; + break; + case session_ticket: + rec_name = "SessionTicket"; + break; + case encrypted_extensions: + rec_name = "EncryptedExtension"; + check_rec = check_ee; + break; + case certificate: + rec_name = "Certificate"; + break; + case certificate_verify: + rec_name = "CertificateVerify"; + break; + case finished: + rec_name = "Finished"; + break; + default: + (void)XSNPRINTF(lbuffer, sizeof(lbuffer), "%d", rec_type); + rec_name = lbuffer; + break; + } + + if (rec_log) { + if (*rec_log) XSTRLCAT(rec_log, ":", rec_log_size); + XSTRLCAT(rec_log, rec_name, rec_log_size); + } + if (from->verbose) printf("%*sCRYPTO[%s]: ", indent, " ", rec_name); + check_rec(data, rec_len, from->verbose, indent); + if (from->verbose) printf("\n"); + data += rec_len; + data_len -= rec_len; + } +} + +static void QuicTestContext_forward(QuicTestContext *from, QuicTestContext *to, + char *rec_log, size_t rec_log_size) +{ + int ret; + OutputBuffer *out, *old; + + out = &from->output; + while (out->len > 0) { + if (from->verbose) { + printf("[%s -> %s] forward %d bytes at level %d\n", + from->name, to->name, (int)out->len, out->level); + } + if (out->level == wolfssl_encryption_early_data) { + if (from->verbose) { + dump_buffer("EarlyData", out->data, out->len, 4); + } + } + else { + check_crypto_records(from, out, 4, rec_log, rec_log_size); + } + ret = wolfSSL_provide_quic_data(to->ssl, out->level, out->data, + out->len); + out->len = 0; + AssertIntEQ(ret, WOLFSSL_SUCCESS); + if (out->next) { + old = out->next; + memcpy(out, out->next, sizeof(*out)); + free(old); + } + } +} + +typedef struct { + QuicTestContext *client; + QuicTestContext *server; + int started; + int verbose; + char rec_log[16*1024]; + int sent_early_data; + int accept_early_data; + char early_data[16*1024]; + size_t early_data_len; +} QuicConversation; + +static void QuicConversation_init(QuicConversation *conv, + QuicTestContext *tclient, + QuicTestContext *tserver) +{ + memset(conv, 0, sizeof(*conv)); + conv->client = tclient; + conv->server = tserver; + conv->verbose = tclient->verbose && tserver->verbose; +} + +static int QuicConversation_start(QuicConversation *conv, const byte *data, + size_t data_len, size_t *pwritten) +{ + int ret; + + AssertFalse(conv->started); + + if (conv->verbose) { + printf("[%s <-> %s] starting\n", conv->client->name, + conv->server->name); + } + if (data && data_len > 0) { +#ifdef WOLFSSL_EARLY_DATA + int written; + ret = wolfSSL_write_early_data(conv->client->ssl, data, (int)data_len, + &written); + if (ret < 0) { + int err = wolfSSL_get_error(conv->client->ssl, ret); + char lbuffer[1024]; + printf("EARLY DATA ret = %d, error = %d, %s\n", ret, err, + wolfSSL_ERR_error_string((unsigned long)err, lbuffer)); + AssertTrue(0); + } + *pwritten = (size_t)written; + conv->sent_early_data = 1; +#else + fprintf(stderr, "Cannot send EARLY DATA without feature enabled!\n"); + AssertTrue(0); +#endif + } + else { + ret = wolfSSL_connect(conv->client->ssl); + if (ret != WOLFSSL_SUCCESS) { + AssertIntEQ(wolfSSL_get_error(conv->client->ssl, 0), + WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)); + } + if (pwritten) *pwritten = 0; + } + conv->started = 1; + return ret; +} + +static int QuicConversation_step(QuicConversation *conv, int may_fail) +{ + int n; + + if (!conv->started) { + n = wolfSSL_connect(conv->client->ssl); + if ((n != WOLFSSL_SUCCESS) && + (wolfSSL_get_error(conv->client->ssl, 0) != + WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ))) { + if (may_fail) return 0; + AssertIntEQ(WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ), + wolfSSL_get_error(conv->client->ssl, 0)); + } + conv->started = 1; + } + if (conv->server->output.len > 0) { + QuicTestContext_forward(conv->server, conv->client, conv->rec_log, + sizeof(conv->rec_log)); + n = wolfSSL_quic_read_write(conv->client->ssl); + if ((n != WOLFSSL_SUCCESS) && + (wolfSSL_get_error(conv->client->ssl, 0) != + WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ))) { + if (may_fail) return 0; + AssertIntEQ(WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ), + wolfSSL_get_error(conv->client->ssl, 0)); + } + return 1; + } + else if (conv->client->output.len > 0) { + QuicTestContext_forward(conv->client, conv->server, conv->rec_log, + sizeof(conv->rec_log)); +#ifdef WOLFSSL_EARLY_DATA + if (conv->accept_early_data) { + int written; + n = wolfSSL_read_early_data(conv->server->ssl, + conv->early_data + conv->early_data_len, + (int)(sizeof(conv->early_data) - conv->early_data_len), + &written); + if (n < 0) { + if (wolfSSL_get_error(conv->server->ssl, 0) != WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)) { + if (may_fail) return 0; + AssertIntEQ(wolfSSL_get_error(conv->server->ssl, 0), + WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)); + } + } + else if (n > 0) { + conv->early_data_len += (size_t)n; + if (conv->verbose) + printf("RECVed early data, len now=%d\n", + (int)conv->early_data_len); + } + } + else + #endif /* WOLFSSL_EARLY_DATA */ + { + n = wolfSSL_quic_read_write(conv->server->ssl); + if (n != WOLFSSL_SUCCESS + && wolfSSL_get_error(conv->server->ssl, 0) != WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)) { + if (may_fail) return 0; + AssertIntEQ(wolfSSL_get_error(conv->server->ssl, 0), + WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)); + } + } + return 1; + } + return 0; +} + +static void QuicConversation_do(QuicConversation *conv) +{ + if (!conv->started) { + QuicConversation_start(conv, NULL, 0, NULL); + } + + while (1) { + if (!QuicConversation_step(conv, 0)) { + int c_err = wolfSSL_get_error(conv->client->ssl, 0); + int s_err = wolfSSL_get_error(conv->server->ssl, 0); + if (c_err == 0 && s_err == 0) { + break; /* handshake done */ + } + printf("Neither tclient nor server have anything to send, " + "but client_error=%d, server_error=%d\n", + c_err, s_err); + AssertFalse(1); + } + } +} + +#ifdef HAVE_SESSION_TICKET + +static void QuicConversation_fail(QuicConversation *conv) +{ + if (!conv->started) { + QuicConversation_start(conv, NULL, 0, NULL); + } + + while (1) { + if (!QuicConversation_step(conv, 1)) { + int c_err = wolfSSL_get_error(conv->client->ssl, 0); + int s_err = wolfSSL_get_error(conv->server->ssl, 0); + AssertTrue(c_err != 0 || s_err != 0); + break; + } + } +} + +#endif /* HAVE_SESSION_TICKET */ + +static int test_quic_client_hello(int verbose) { + EXPECT_DECLS; + WOLFSSL_CTX * ctx = NULL; + QuicTestContext tctx; + + (void)ctx_dump_output; + + ExpectNotNull(ctx = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + + QuicTestContext_init(&tctx, ctx, "client", verbose); + /* Without any QUIC transport params, this needs to fail */ + ExpectTrue(wolfSSL_set_quic_transport_params(tctx.ssl, NULL, 0) == WOLFSSL_SUCCESS); + ExpectTrue(wolfSSL_quic_read_write(tctx.ssl) != 0); + ExpectIntEQ(wolfSSL_get_error(tctx.ssl, 0), + WC_NO_ERR_TRACE(QUIC_TP_MISSING_E)); + QuicTestContext_free(&tctx); + + /* Set transport params, expect both extensions */ + QuicTestContext_init(&tctx, ctx, "client", verbose); +#ifdef HAVE_SNI + wolfSSL_UseSNI(tctx.ssl, WOLFSSL_SNI_HOST_NAME, + "wolfssl.com", sizeof("wolfssl.com")-1); +#endif + ExpectTrue(wolfSSL_connect(tctx.ssl) != 0); + ExpectIntEQ(wolfSSL_get_error(tctx.ssl, 0), + WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)); + check_quic_client_hello_tp(&tctx.output, 1, 1); + QuicTestContext_free(&tctx); + + /* Set transport params v1, expect v1 extension */ + QuicTestContext_init(&tctx, ctx, "client", verbose); + wolfSSL_set_quic_transport_version(tctx.ssl, TLSX_KEY_QUIC_TP_PARAMS); + ExpectTrue(wolfSSL_connect(tctx.ssl) != 0); + check_quic_client_hello_tp(&tctx.output, 1, 0); + QuicTestContext_free(&tctx); + + /* Set transport params draft, expect draft extension */ + QuicTestContext_init(&tctx, ctx, "client", verbose); + wolfSSL_set_quic_transport_version(tctx.ssl, + TLSX_KEY_QUIC_TP_PARAMS_DRAFT); + ExpectTrue(wolfSSL_connect(tctx.ssl) != 0); + check_quic_client_hello_tp(&tctx.output, 0, 1); + QuicTestContext_free(&tctx); + + /* Set transport params 0, expect both extension */ + QuicTestContext_init(&tctx, ctx, "client", verbose); + wolfSSL_set_quic_transport_version(tctx.ssl, 0); + ExpectTrue(wolfSSL_connect(tctx.ssl) != 0); + check_quic_client_hello_tp(&tctx.output, 1, 1); + QuicTestContext_free(&tctx); + + wolfSSL_CTX_free(ctx); + printf(" test_quic_client_hello: %s\n", EXPECT_SUCCESS() ? pass : fail); + + return EXPECT_RESULT(); +} + +static int test_quic_server_hello(int verbose) { + EXPECT_DECLS; + WOLFSSL_CTX * ctx_c = NULL; + WOLFSSL_CTX * ctx_s = NULL; + QuicTestContext tclient, tserver; + QuicConversation conv; + + ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + + /* setup ssls */ + QuicTestContext_init(&tclient, ctx_c, "client", verbose); + QuicTestContext_init(&tserver, ctx_s, "server", verbose); + + /* connect */ + QuicConversation_init(&conv, &tclient, &tserver); + QuicConversation_step(&conv, 0); + /* check established/missing secrets */ + check_secrets(&tserver, wolfssl_encryption_initial, 0, 0); + check_secrets(&tserver, wolfssl_encryption_handshake, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); + check_secrets(&tserver, wolfssl_encryption_application, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); + check_secrets(&tclient, wolfssl_encryption_handshake, 0, 0); + /* feed the server data to the client */ + QuicConversation_step(&conv, 0); + /* client has generated handshake secret */ + check_secrets(&tclient, wolfssl_encryption_handshake, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); + /* continue the handshake till done */ + conv.started = 1; + /* run till end */ + QuicConversation_do(&conv); + ExpectIntEQ(tclient.output.len, 0); + ExpectIntEQ(tserver.output.len, 0); + /* what have we seen? */ +#ifdef HAVE_SESSION_TICKET + ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:" + "Certificate:CertificateVerify:Finished:Finished:SessionTicket"); +#else + ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:" + "Certificate:CertificateVerify:Finished:Finished"); +#endif + /* we are at application encryption level */ + ExpectTrue(wolfSSL_quic_read_level(tclient.ssl) == wolfssl_encryption_application); + ExpectTrue(wolfSSL_quic_write_level(tclient.ssl) == wolfssl_encryption_application); + ExpectTrue(wolfSSL_quic_read_level(tserver.ssl) == wolfssl_encryption_application); + ExpectTrue(wolfSSL_quic_write_level(tserver.ssl) == wolfssl_encryption_application); + /* the last client write (FINISHED) was at handshake level */ + ExpectTrue(tclient.output.level == wolfssl_encryption_handshake); + /* we have the app secrets */ + check_secrets(&tclient, wolfssl_encryption_application, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); + check_secrets(&tserver, wolfssl_encryption_application, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); + /* verify client and server have the same secrets established */ + assert_secrets_EQ(&tclient, &tserver, wolfssl_encryption_handshake); + assert_secrets_EQ(&tclient, &tserver, wolfssl_encryption_application); + /* AEAD cipher should be known */ + ExpectNotNull(wolfSSL_quic_get_aead(tclient.ssl)); + ExpectNotNull(wolfSSL_quic_get_aead(tserver.ssl)); + /* What was negiotiated and is it the same? */ + ExpectIntEQ(wolfSSL_get_peer_quic_transport_version(tclient.ssl), + wolfSSL_get_peer_quic_transport_version(tserver.ssl)); + + QuicTestContext_free(&tclient); + QuicTestContext_free(&tserver); + + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + printf(" test_quic_server_hello: %s\n", EXPECT_RESULT() ? pass : fail); + return EXPECT_RESULT(); +} + +static int test_quic_server_hello_fail(int verbose) { + EXPECT_DECLS; + WOLFSSL_CTX * ctx_c = NULL; + WOLFSSL_CTX * ctx_s = NULL; + QuicTestContext tclient, tserver; + QuicConversation conv; + + ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + + /* setup ssls */ + QuicTestContext_init_fail_cb(&tclient, ctx_c, "client", verbose); + QuicTestContext_init(&tserver, ctx_s, "server", verbose); + + /* connect */ + QuicConversation_init(&conv, &tclient, &tserver); + QuicConversation_step(&conv, 0); + /* check established/missing secrets */ + check_secrets(&tserver, wolfssl_encryption_initial, 0, 0); + check_secrets(&tserver, wolfssl_encryption_handshake, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); + check_secrets(&tserver, wolfssl_encryption_application, + DEFAULT_TLS_DIGEST_SZ, DEFAULT_TLS_DIGEST_SZ); + check_secrets(&tclient, wolfssl_encryption_handshake, 0, 0); + /* feed the server data to the client. This is when the cb will fail */ + QuicConversation_step(&conv, 1); + /* confirm failure to generate secrets */ + { + int idx = (int)wolfssl_encryption_handshake; + ExpectTrue(idx < 4); + ExpectIntEQ(tclient.rx_secret_len[idx], 0); + ExpectIntEQ(tclient.tx_secret_len[idx], 0); + } + QuicTestContext_free(&tclient); + QuicTestContext_free(&tserver); + + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + printf(" test_quic_server_hello_fail: %s\n", + EXPECT_RESULT() ? pass : fail); + return EXPECT_RESULT(); +} + +/* This has gotten a bit out of hand. */ +#if (defined(OPENSSL_ALL) || (defined(OPENSSL_EXTRA) && \ + (defined(HAVE_STUNNEL) || defined(WOLFSSL_NGINX) || \ + defined(HAVE_LIGHTY) || defined(WOLFSSL_HAPROXY) || \ + defined(WOLFSSL_OPENSSH) || defined(HAVE_SBLIM_SFCB)))) \ + && defined(HAVE_ALPN) && defined(HAVE_SNI) +#define REALLY_HAVE_ALPN_AND_SNI +#else +#undef REALLY_HAVE_ALPN_AND_SNI +#endif + +#ifdef REALLY_HAVE_ALPN_AND_SNI +struct stripe_buffer { + char stripe[256]; +}; + +static int inspect_SNI(WOLFSSL *ssl, int *ad, void *baton) +{ + struct stripe_buffer *stripe = (struct stripe_buffer *)baton; + + (void)ssl; + *ad = 0; + XSTRLCAT(stripe->stripe, "S", sizeof(stripe->stripe)); + return 0; +} + +static int select_ALPN(WOLFSSL *ssl, + const unsigned char **out, + unsigned char *outlen, + const unsigned char *in, + unsigned int inlen, + void *baton) +{ + struct stripe_buffer *stripe = (struct stripe_buffer *)baton; + + (void)ssl; + (void)inlen; + /* just select the first */ + *out = in + 1; + *outlen = in[0]; + XSTRLCAT(stripe->stripe, "A", sizeof(stripe->stripe)); + return 0; +} + +static int test_quic_alpn(int verbose) { + EXPECT_DECLS; + WOLFSSL_CTX * ctx_c = NULL; + WOLFSSL_CTX * ctx_s = NULL; + QuicTestContext tclient, tserver; + QuicConversation conv; + struct stripe_buffer stripe; + unsigned char alpn_protos[256]; + + XMEMSET(&stripe, 0, sizeof(stripe)); + XMEMSET(alpn_protos, 0, sizeof(alpn_protos)); + + ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + + stripe.stripe[0] = '\0'; + wolfSSL_CTX_set_servername_callback(ctx_s, inspect_SNI); + wolfSSL_CTX_set_servername_arg(ctx_s, &stripe); + wolfSSL_CTX_set_alpn_select_cb(ctx_s, select_ALPN, &stripe); + + /* setup ssls */ + QuicTestContext_init(&tclient, ctx_c, "client", verbose); + QuicTestContext_init(&tserver, ctx_s, "server", verbose); + + /* set SNI and ALPN callbacks on server side, + * provide values on client side */ + wolfSSL_UseSNI(tclient.ssl, WOLFSSL_SNI_HOST_NAME, + "wolfssl.com", sizeof("wolfssl.com")-1); + /* connect */ + QuicConversation_init(&conv, &tclient, &tserver); + + XSTRLCPY((char*)(alpn_protos + 1), "test", sizeof(alpn_protos)); + alpn_protos[0] = strlen("test"); + wolfSSL_set_alpn_protos(tclient.ssl, alpn_protos, 1 + strlen("test")); + + QuicConversation_do(&conv); + ExpectIntEQ(tclient.output.len, 0); + ExpectIntEQ(tserver.output.len, 0); + + /* SNI callback needs to be called before ALPN callback */ + ExpectStrEQ(stripe.stripe, "SA"); + + QuicTestContext_free(&tclient); + QuicTestContext_free(&tserver); + + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + printf(" test_quic_alpn: %s\n", (EXPECT_SUCCESS())? pass : fail); + return EXPECT_RESULT(); +} +#endif /* REALLY_HAVE_ALPN_AND_SNI */ + + +#ifdef HAVE_SESSION_TICKET + +static int test_quic_key_share(int verbose) { + EXPECT_DECLS; + WOLFSSL_CTX * ctx_c = NULL; + WOLFSSL_CTX * ctx_s = NULL; + QuicTestContext tclient, tserver; + QuicConversation conv; + + ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + + /* setup & handshake defaults */ + QuicTestContext_init(&tclient, ctx_c, "client", verbose); + QuicTestContext_init(&tserver, ctx_s, "server", verbose); + QuicConversation_init(&conv, &tclient, &tserver); + QuicConversation_do(&conv); + ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:" + "Certificate:CertificateVerify:Finished:Finished:SessionTicket"); + QuicTestContext_free(&tclient); + QuicTestContext_free(&tserver); + + /* setup & handshake, restricted groups. KEY_SHARE should use + * the first configured group. */ + /*If that is supported by the server, expect a smooth handshake.*/ + QuicTestContext_init(&tclient, ctx_c, "client", verbose); + QuicTestContext_init(&tserver, ctx_s, "server", verbose); + +#ifdef HAVE_CURVE25519 + ExpectTrue(wolfSSL_set1_curves_list(tclient.ssl, "X25519:P-256") + == WOLFSSL_SUCCESS); + ExpectTrue(wolfSSL_set1_curves_list(tserver.ssl, "X25519") + == WOLFSSL_SUCCESS); +#else + ExpectTrue(wolfSSL_set1_curves_list(tclient.ssl, "P-256:P-384") + == WOLFSSL_SUCCESS); + ExpectTrue(wolfSSL_set1_curves_list(tserver.ssl, "P-256") + == WOLFSSL_SUCCESS); +#endif + + QuicConversation_init(&conv, &tclient, &tserver); + QuicConversation_do(&conv); + ExpectStrEQ(conv.rec_log, + "ClientHello:ServerHello:EncryptedExtension:" + "Certificate:CertificateVerify:Finished:Finished:SessionTicket"); + QuicTestContext_free(&tclient); + QuicTestContext_free(&tserver); + printf(" test_quic_key_share: priority ok\n"); + + /* If group is not supported by server, expect HelloRetry */ + QuicTestContext_init(&tclient, ctx_c, "client", verbose); + QuicTestContext_init(&tserver, ctx_s, "server", verbose); + +#ifdef HAVE_CURVE25519 + ExpectTrue(wolfSSL_set1_curves_list(tclient.ssl, "X25519:P-256") + == WOLFSSL_SUCCESS); + ExpectTrue(wolfSSL_set1_curves_list(tserver.ssl, "P-256") + == WOLFSSL_SUCCESS); +#else + ExpectTrue(wolfSSL_set1_curves_list(tclient.ssl, "P-384:P-256") + == WOLFSSL_SUCCESS); + ExpectTrue(wolfSSL_set1_curves_list(tserver.ssl, "P-256") + == WOLFSSL_SUCCESS); +#endif + + QuicConversation_init(&conv, &tclient, &tserver); + QuicConversation_do(&conv); + ExpectStrEQ(conv.rec_log, + "ClientHello:ServerHello:ClientHello:ServerHello:EncryptedExtension:" + "Certificate:CertificateVerify:Finished:Finished:SessionTicket"); + QuicTestContext_free(&tclient); + QuicTestContext_free(&tserver); + printf(" test_quic_key_share: retry ok\n"); + + /* If no group overlap, expect failure */ + QuicTestContext_init(&tclient, ctx_c, "client", verbose); + QuicTestContext_init(&tserver, ctx_s, "server", verbose); + +#ifdef HAVE_CURVE25519 + ExpectTrue(wolfSSL_set1_curves_list(tclient.ssl, "P-256") + == WOLFSSL_SUCCESS); + ExpectTrue(wolfSSL_set1_curves_list(tserver.ssl, "X25519") + == WOLFSSL_SUCCESS); +#else + ExpectTrue(wolfSSL_set1_curves_list(tclient.ssl, "P-256") + == WOLFSSL_SUCCESS); + ExpectTrue(wolfSSL_set1_curves_list(tserver.ssl, "P-384") + == WOLFSSL_SUCCESS); +#endif + + QuicConversation_init(&conv, &tclient, &tserver); + QuicConversation_fail(&conv); + ExpectIntEQ(wolfSSL_get_error(tserver.ssl, 0), + WC_NO_ERR_TRACE(SSL_ERROR_WANT_READ)); + ExpectIntEQ(wolfSSL_get_error(tclient.ssl, 0), + WC_NO_ERR_TRACE(BAD_KEY_SHARE_DATA)); + QuicTestContext_free(&tclient); + QuicTestContext_free(&tserver); + printf(" test_quic_key_share: no match ok\n"); + + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + printf(" test_quic_key_share: %s\n", EXPECT_SUCCESS() ? pass : fail); + return EXPECT_RESULT(); +} + +static int test_quic_resumption(int verbose) { + EXPECT_DECLS; + WOLFSSL_CTX * ctx_c = NULL; + WOLFSSL_CTX * ctx_s = NULL; + WOLFSSL_SESSION * session = NULL; + WOLFSSL_SESSION * session_restored = NULL; + QuicTestContext tclient, tserver; + QuicConversation conv; + unsigned char session_buffer[16 * 1024]; + unsigned char * session_data = NULL; + const unsigned char * session_data2 = NULL; + unsigned int session_size = 0; + + ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + + /* setup ssls */ + QuicTestContext_init(&tclient, ctx_c, "client", verbose); + QuicTestContext_init(&tserver, ctx_s, "server", verbose); + + QuicConversation_init(&conv, &tclient, &tserver); + /* run till end */ + QuicConversation_do(&conv); + /* what have we seen? */ + ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:" + "Certificate:CertificateVerify:Finished:Finished:SessionTicket"); + + /* Should have received a session ticket, save the session + * and also make a serialized/deserialized copy to check that persisting + * a session works. */ + ExpectTrue(tclient.ticket_len > 0); + ExpectNotNull(session = wolfSSL_get1_session(tclient.ssl)); + session_size = (unsigned int)wolfSSL_i2d_SSL_SESSION(session, NULL); + ExpectTrue(session_size > 0); + ExpectTrue((size_t)session_size < sizeof(session_buffer)); + session_data2 = session_data = session_buffer; + session_size = (unsigned int)wolfSSL_i2d_SSL_SESSION(session, + &session_data); + session_restored = wolfSSL_d2i_SSL_SESSION(NULL, &session_data2, + session_size); + ExpectNotNull(session_restored); + + QuicTestContext_free(&tserver); + QuicTestContext_free(&tclient); + + /* Do a Session resumption with the session object */ + QuicTestContext_init(&tserver, ctx_s, "server", verbose); + QuicTestContext_init(&tclient, ctx_c, "client_resume", verbose); + ExpectIntEQ(wolfSSL_set_session(tclient.ssl, session), WOLFSSL_SUCCESS); + /* let them talk */ + QuicConversation_init(&conv, &tclient, &tserver); + QuicConversation_do(&conv); + /* this is what should happen. Look Ma, no certificate! */ + ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:" + "Finished:Finished:SessionTicket"); + QuicTestContext_free(&tclient); + QuicTestContext_free(&tserver); + + /* Do a Session resumption with the restored session object */ + QuicTestContext_init(&tserver, ctx_s, "server", verbose); + QuicTestContext_init(&tclient, ctx_c, "client_resume_restored", verbose); + ExpectIntEQ(wolfSSL_set_session(tclient.ssl, session_restored), + WOLFSSL_SUCCESS); + /* let them talk */ + QuicConversation_init(&conv, &tclient, &tserver); + QuicConversation_do(&conv); + /* this is what should happen. Look Ma, no certificate! */ + ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:" + "Finished:Finished:SessionTicket"); + QuicTestContext_free(&tclient); + QuicTestContext_free(&tserver); + + { + /* Do a Session resumption with a new server ctx */ + WOLFSSL_CTX * ctx_s2 = NULL; + ExpectNotNull(ctx_s2 = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx_s2, eccCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s2, eccKeyFile, + WOLFSSL_FILETYPE_PEM)); + + QuicTestContext_init(&tserver, ctx_s2, "server2", verbose); + QuicTestContext_init(&tclient, ctx_c, "client_resume2", verbose); + ExpectIntEQ(wolfSSL_set_session(tclient.ssl, session_restored), + WOLFSSL_SUCCESS); + /* let them talk */ + QuicConversation_init(&conv, &tclient, &tserver); + QuicConversation_do(&conv); + ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:" + "Certificate:CertificateVerify:Finished:Finished:SessionTicket"); + QuicTestContext_free(&tclient); + QuicTestContext_free(&tserver); + wolfSSL_CTX_free(ctx_s2); + } + + wolfSSL_SESSION_free(session); + wolfSSL_SESSION_free(session_restored); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + + printf(" test_quic_resumption: %s\n", EXPECT_SUCCESS() ? pass : fail); + return EXPECT_RESULT(); +} + +#ifdef WOLFSSL_EARLY_DATA +static int test_quic_early_data(int verbose) { + EXPECT_DECLS; + WOLFSSL_CTX * ctx_c = NULL; + WOLFSSL_CTX * ctx_s = NULL; + QuicTestContext tclient, tserver; + QuicConversation conv; + const byte early_data[] = "Nulla dies sine linea!"; + size_t ed_written = 0; + WOLFSSL_SESSION * session = NULL; + unsigned int max_early_sz = 0; + + ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + wolfSSL_CTX_UseSessionTicket(ctx_c); + + ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + + /* setup ssls */ + QuicTestContext_init(&tclient, ctx_c, "client", verbose); + QuicTestContext_init(&tserver, ctx_s, "server", verbose); + wolfSSL_set_quic_early_data_enabled(tserver.ssl, 1); + /* QUIC only allows 0xffffffff or 0x0 as values */ + ExpectIntEQ(wolfSSL_get_max_early_data(tserver.ssl), UINT32_MAX); + + QuicConversation_init(&conv, &tclient, &tserver); + /* run till end */ + QuicConversation_do(&conv); + /* what have we seen? */ + ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:" + "Certificate:CertificateVerify:Finished:Finished:SessionTicket"); + + /* Should have received a session ticket, save the session */ + ExpectTrue(tclient.ticket_len > 0); + ExpectNotNull(session = wolfSSL_get1_session(tclient.ssl)); + QuicTestContext_free(&tclient); + QuicTestContext_free(&tserver); + + /* check for error value with null argument */ + ExpectIntEQ(wolfSSL_SESSION_get_max_early_data(NULL), BAD_FUNC_ARG); + + /* QUIC requires 0 or 0xffffffff as only allowed values. + * Since we enabled early data in the server that created the session, + * we need to see it here. */ + max_early_sz = wolfSSL_SESSION_get_max_early_data(session); + ExpectIntEQ(max_early_sz, UINT32_MAX); + + /* Do a Session resumption with the ticket */ + QuicTestContext_init(&tserver, ctx_s, "server", verbose); + QuicTestContext_init(&tclient, ctx_c, "client", verbose); + ExpectIntEQ(wolfSSL_set_session(tclient.ssl, session), WOLFSSL_SUCCESS); + /* enable early data -*/ + wolfSSL_set_quic_early_data_enabled(tserver.ssl, 1); + /* client will send, and server will receive implicitly */ + QuicConversation_init(&conv, &tclient, &tserver); + QuicConversation_start(&conv, early_data, sizeof(early_data), &ed_written); + QuicConversation_do(&conv); + ExpectIntEQ(wolfSSL_get_early_data_status(tclient.ssl), + WOLFSSL_EARLY_DATA_ACCEPTED); + + QuicTestContext_free(&tclient); + QuicTestContext_free(&tserver); + + QuicTestContext_init(&tserver, ctx_s, "server", verbose); + QuicTestContext_init(&tclient, ctx_c, "client", verbose); + ExpectIntEQ(wolfSSL_set_session(tclient.ssl, session), WOLFSSL_SUCCESS); + /* client will send, and server will receive */ + QuicConversation_init(&conv, &tclient, &tserver); + /* make QuicConversation_do() use wolfSSL_read_early_data() */ + conv.accept_early_data = 1; + QuicConversation_start(&conv, early_data, sizeof(early_data), &ed_written); + QuicConversation_do(&conv); + ExpectIntEQ(wolfSSL_get_early_data_status(tclient.ssl), + WOLFSSL_EARLY_DATA_ACCEPTED); + ExpectIntEQ(conv.early_data_len, sizeof(early_data)); + ExpectStrEQ(conv.early_data, (const char*)early_data); + + QuicTestContext_free(&tclient); + QuicTestContext_free(&tserver); + + wolfSSL_SESSION_free(session); + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + printf(" test_quic_early_data: %s\n", EXPECT_SUCCESS() ? pass : fail); + return EXPECT_RESULT(); +} +#endif /* WOLFSSL_EARLY_DATA */ + +static int new_session_cb(WOLFSSL *ssl, WOLFSSL_SESSION *session) +{ + QuicTestContext * ctx = (QuicTestContext*)wolfSSL_get_app_data(ssl); + byte * data = NULL; + int ret = 0; + int sz = 0; + + AssertNotNull(ctx); + + sz = wolfSSL_i2d_SSL_SESSION(session, NULL); + if (sz <= 0) { + printf("[%s] session serialization error: %d <- ", ctx->name, sz); + return sz; + } + if ((size_t)sz > sizeof(ctx->session)) { + printf("[%s] session serialization too large: %d <- ", ctx->name, sz); + return -1; + } + data = ctx->session; + ctx->session_len = (word32)wolfSSL_i2d_SSL_SESSION(session, &data); + if (ctx->verbose) { + printf("[%s]", ctx->name); + dump_buffer(" new SESSION", ctx->session, ctx->session_len, 4); + } + return ret; +} + +static int test_quic_session_export(int verbose) +{ + EXPECT_DECLS; + WOLFSSL_CTX * ctx_c = NULL; + WOLFSSL_CTX * ctx_s = NULL; + WOLFSSL_SESSION * session = NULL; + QuicTestContext tclient, tserver; + QuicConversation conv; + byte session_data[16*1024]; + const byte * bp = NULL; + word32 session_len = 0; + + ExpectNotNull(ctx_c = wolfSSL_CTX_new(wolfTLSv1_3_client_method())); + ExpectNotNull(ctx_s = wolfSSL_CTX_new(wolfTLSv1_3_server_method())); + ExpectTrue(wolfSSL_CTX_use_certificate_file(ctx_s, svrCertFile, + WOLFSSL_FILETYPE_PEM)); + ExpectTrue(wolfSSL_CTX_use_PrivateKey_file(ctx_s, svrKeyFile, + WOLFSSL_FILETYPE_PEM)); + + /* Uses CTX session callback for new sessions */ + wolfSSL_CTX_sess_set_new_cb(ctx_c, new_session_cb); + + /* setup ssls */ + QuicTestContext_init(&tclient, ctx_c, "client", verbose); + QuicTestContext_init(&tserver, ctx_s, "server", verbose); + + QuicConversation_init(&conv, &tclient, &tserver); + /* run till end */ + QuicConversation_do(&conv); + /* what have we seen? */ + ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:" + "Certificate:CertificateVerify:Finished:Finished:" + "SessionTicket"); + + /* Should have received a session, save it */ + ExpectTrue(tclient.session_len > 0); + memcpy(session_data, tclient.session, tclient.session_len); + session_len = tclient.session_len; + if (verbose) + dump_buffer("copied SESSION", session_data, session_len, 0); + + QuicTestContext_free(&tserver); + QuicTestContext_free(&tclient); + + /* Do a Session resumption with the ticket */ + QuicTestContext_init(&tserver, ctx_s, "server", verbose); + QuicTestContext_init(&tclient, ctx_c, "client_resume", verbose); + bp = session_data; + ExpectNotNull(session = wolfSSL_d2i_SSL_SESSION(NULL, &bp, session_len)); + ExpectIntEQ(wolfSSL_set_session(tclient.ssl, session), WOLFSSL_SUCCESS); + wolfSSL_SESSION_free(session); + + /* let them talk */ + QuicConversation_init(&conv, &tclient, &tserver); + QuicConversation_do(&conv); + /* this is what should happen. Look Ma, no certificate! */ + ExpectStrEQ(conv.rec_log, "ClientHello:ServerHello:EncryptedExtension:" + "Finished:Finished:SessionTicket"); + + QuicTestContext_free(&tclient); + QuicTestContext_free(&tserver); + + wolfSSL_CTX_free(ctx_c); + wolfSSL_CTX_free(ctx_s); + printf(" test_quic_session_export: %s\n", EXPECT_RESULT() ? pass : fail); + return EXPECT_RESULT(); +} +#endif /* WOLFSSL_SESSION_EXPORT */ + +#endif /* WOLFSSL_QUIC */ + + +int QuicTest(void) +{ + int ret = 0; +#ifdef WOLFSSL_QUIC + int verbose = 0; + printf(" Begin QUIC Tests\n"); + + if ((ret = test_set_quic_method()) != TEST_SUCCESS) goto leave; + if ((ret = test_provide_quic_data()) != TEST_SUCCESS) goto leave; + if ((ret = test_quic_crypt()) != TEST_SUCCESS) goto leave; + if ((ret = test_quic_client_hello(verbose)) != TEST_SUCCESS) goto leave; + if ((ret = test_quic_server_hello(verbose)) != TEST_SUCCESS) goto leave; + if ((ret = test_quic_server_hello_fail(verbose)) != TEST_SUCCESS) goto leave; +#ifdef REALLY_HAVE_ALPN_AND_SNI + if ((ret = test_quic_alpn(verbose)) != TEST_SUCCESS) goto leave; +#endif /* REALLY_HAVE_ALPN_AND_SNI */ +#ifdef HAVE_SESSION_TICKET + if ((ret = test_quic_key_share(verbose)) != TEST_SUCCESS) goto leave; + if ((ret = test_quic_resumption(verbose)) != TEST_SUCCESS) goto leave; +#ifdef WOLFSSL_EARLY_DATA + if ((ret = test_quic_early_data(verbose)) != TEST_SUCCESS) goto leave; +#endif /* WOLFSSL_EARLY_DATA */ + if ((ret = test_quic_session_export(verbose)) != TEST_SUCCESS) goto leave; +#endif /* HAVE_SESSION_TICKET */ + +leave: + if (ret != TEST_SUCCESS) { + printf(" FAILED: some tests did not pass.\n"); + } + printf(" End QUIC Tests\n"); +#endif + return ret == TEST_SUCCESS ? 0 : -1; +} diff --git a/test/ssl/wolfssl/tests/srp.c b/test/ssl/wolfssl/tests/srp.c new file mode 100644 index 000000000..cea2dd0d0 --- /dev/null +++ b/test/ssl/wolfssl/tests/srp.c @@ -0,0 +1,865 @@ +/* srp.c SRP unit tests + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#include +#include + +#if defined(WOLFCRYPT_HAVE_SRP) && defined(WOLFSSL_SHA512) + +static byte username[] = "user"; +static word32 usernameSz = 4; + +static byte srp_N[] = { + 0xD4, 0xC7, 0xF8, 0xA2, 0xB3, 0x2C, 0x11, 0xB8, 0xFB, 0xA9, 0x58, 0x1E, + 0xC4, 0xBA, 0x4F, 0x1B, 0x04, 0x21, 0x56, 0x42, 0xEF, 0x73, 0x55, 0xE3, + 0x7C, 0x0F, 0xC0, 0x44, 0x3E, 0xF7, 0x56, 0xEA, 0x2C, 0x6B, 0x8E, 0xEB, + 0x75, 0x5A, 0x1C, 0x72, 0x30, 0x27, 0x66, 0x3C, 0xAA, 0x26, 0x5E, 0xF7, + 0x85, 0xB8, 0xFF, 0x6A, 0x9B, 0x35, 0x22, 0x7A, 0x52, 0xD8, 0x66, 0x33, + 0xDB, 0xDF, 0xCA, 0x43 +}; + +static byte srp_g[] = { + 0x02 +}; + +static byte srp_salt[] = { + 0x80, 0x66, 0x61, 0x5B, 0x7D, 0x33, 0xA2, 0x2E, 0x79, 0x18 +}; + +#ifdef NO_SHA + +#define SRP_TYPE_TEST_DEFAULT SRP_TYPE_SHA256 + +#else /* SHA-1 */ + +#define SRP_TYPE_TEST_DEFAULT SRP_TYPE_SHA + +static byte password[] = "password"; +static word32 passwordSz = 8; + +static byte srp_verifier[] = { + 0x24, 0x5F, 0xA5, 0x1B, 0x2A, 0x28, 0xF8, 0xFF, 0xE2, 0xA0, 0xF8, 0x61, + 0x7B, 0x0F, 0x3C, 0x05, 0xD6, 0x4A, 0x55, 0xDF, 0x74, 0x31, 0x54, 0x47, + 0xA1, 0xFA, 0x9D, 0x25, 0x7B, 0x02, 0x88, 0x0A, 0xE8, 0x5A, 0xBA, 0x8B, + 0xA2, 0xD3, 0x8A, 0x62, 0x46, 0x8C, 0xEC, 0x52, 0xBE, 0xDE, 0xFC, 0x75, + 0xF5, 0xDB, 0x9C, 0x8C, 0x9B, 0x34, 0x7A, 0xE7, 0x4A, 0x5F, 0xBB, 0x96, + 0x38, 0x19, 0xAB, 0x24 +}; + +static byte srp_a[] = { + 0x37, 0x95, 0xF2, 0xA6, 0xF1, 0x6F, 0x0D, 0x58, 0xBF, 0xED, 0x44, 0x87, + 0xE0, 0xB6, 0xCC, 0x1C, 0xA0, 0x50, 0xC6, 0x61, 0xBB, 0x36, 0xE0, 0x9A, + 0xF3, 0xF7, 0x1E, 0x7A, 0x61, 0x86, 0x5A, 0xF5 +}; + +static byte srp_A[] = { + 0x8D, 0x28, 0xC5, 0x6A, 0x46, 0x5C, 0x82, 0xDB, 0xC7, 0xF6, 0x8B, 0x62, + 0x1A, 0xAD, 0xA1, 0x76, 0x1B, 0x55, 0xFF, 0xAB, 0x10, 0x2F, 0xFF, 0x4A, + 0xAA, 0x46, 0xAD, 0x33, 0x64, 0xDE, 0x28, 0x2E, 0x82, 0x7A, 0xBE, 0xEA, + 0x32, 0xFC, 0xD6, 0x14, 0x01, 0x71, 0xE6, 0xC8, 0xC9, 0x53, 0x69, 0x55, + 0xE1, 0xF8, 0x3D, 0xDD, 0xC7, 0xD5, 0x21, 0xCE, 0xFF, 0x17, 0xFC, 0x23, + 0xBF, 0xCF, 0x2D, 0xB0 +}; + +static byte srp_b[] = { + 0x2B, 0xDD, 0x30, 0x30, 0x53, 0xAF, 0xD8, 0x3A, 0xE7, 0xE0, 0x17, 0x82, + 0x39, 0x44, 0x2C, 0xDB, 0x30, 0x88, 0x0F, 0xC8, 0x88, 0xC2, 0xB2, 0xC1, + 0x78, 0x43, 0x2F, 0xD5, 0x60, 0xD4, 0xDA, 0x43 +}; + +static byte srp_B[] = { + 0xB5, 0x80, 0x36, 0x7F, 0x50, 0x89, 0xC1, 0x04, 0x42, 0x98, 0xD7, 0x6A, + 0x37, 0x8E, 0xF1, 0x81, 0x52, 0xC5, 0x7A, 0xA1, 0xD5, 0xB7, 0x66, 0x84, + 0xA1, 0x3E, 0x32, 0x82, 0x2B, 0x3A, 0xB5, 0xD7, 0x3D, 0x50, 0xF1, 0x58, + 0xBD, 0x89, 0x75, 0xC7, 0x51, 0xCF, 0x6C, 0x03, 0xD4, 0xCA, 0xD5, 0x6E, + 0x97, 0x4D, 0xA3, 0x1E, 0x19, 0x0B, 0xF0, 0xAA, 0x7D, 0x14, 0x90, 0x80, + 0x0E, 0xC7, 0x92, 0xAD +}; + +static byte srp_key[] = { + 0x66, 0x00, 0x9D, 0x58, 0xB3, 0xD2, 0x0D, 0x4B, 0x69, 0x7F, 0xCF, 0x48, + 0xFF, 0x8F, 0x15, 0x81, 0x4C, 0x4B, 0xFE, 0x9D, 0x85, 0x77, 0x88, 0x60, + 0x1D, 0x1E, 0x51, 0xCF, 0x75, 0xCC, 0x58, 0x00, 0xE7, 0x8D, 0x22, 0x87, + 0x13, 0x6C, 0x88, 0x55 +}; + +static byte srp_client_proof[] = { + 0x0D, 0x49, 0xE1, 0x9C, 0x3A, 0x88, 0x43, 0x15, 0x45, 0xA8, 0xAC, 0xAB, + 0xEA, 0x15, 0x1A, 0xEE, 0xF9, 0x38, 0x4D, 0x21 +}; + +static byte srp_server_proof[] = { + 0xBD, 0xB1, 0x20, 0x70, 0x46, 0xC9, 0xD6, 0xCC, 0xE2, 0x1D, 0x75, 0xA2, + 0xD0, 0xAF, 0xC5, 0xBC, 0xAE, 0x12, 0xFC, 0x75 +}; + +#endif /* SHA-1 */ + +static void test_SrpInit(void) +{ + Srp srp; + + /* invalid params */ + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpInit(NULL, SRP_TYPE_TEST_DEFAULT, + SRP_CLIENT_SIDE)); + /* // NOLINTBEGIN(clang-analyzer-optin.core.EnumCastOutOfRange) */ + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpInit(&srp, (SrpType)255, SRP_CLIENT_SIDE)); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, + (SrpSide)255)); + /* // NOLINTEND(clang-analyzer-optin.core.EnumCastOutOfRange) */ + + /* success */ + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE)); + + wc_SrpTerm(&srp); +} + +static void test_SrpSetUsername(void) +{ + Srp srp; + + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE)); + + /* invalid params */ + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetUsername(NULL, username, usernameSz)); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetUsername(&srp, NULL, usernameSz)); + + /* success */ + AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); + AssertIntEQ((int) usernameSz, srp.userSz); + AssertIntEQ(0, XMEMCMP(srp.user, username, usernameSz)); + + wc_SrpTerm(&srp); +} + +static void test_SrpSetParams(void) +{ + Srp srp; + + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_TEST_DEFAULT, SRP_CLIENT_SIDE)); + + /* invalid call order */ + AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), wc_SrpSetParams(&srp, + srp_N, sizeof(srp_N), + srp_g, sizeof(srp_g), + srp_salt, sizeof(srp_salt))); + + /* fix call order */ + AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); + + /* invalid params */ + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetParams(NULL, + srp_N, sizeof(srp_N), + srp_g, sizeof(srp_g), + srp_salt, sizeof(srp_salt))); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetParams(&srp, + NULL, sizeof(srp_N), + srp_g, sizeof(srp_g), + srp_salt, sizeof(srp_salt))); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetParams(&srp, + srp_N, sizeof(srp_N), + NULL, sizeof(srp_g), + srp_salt, sizeof(srp_salt))); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetParams(&srp, + srp_N, sizeof(srp_N), + srp_g, sizeof(srp_g), + NULL, sizeof(srp_salt))); + + /* success */ + AssertIntEQ(0, wc_SrpSetParams(&srp, srp_N, sizeof(srp_N), + srp_g, sizeof(srp_g), + srp_salt, sizeof(srp_salt))); + + AssertIntEQ(sizeof(srp_salt), srp.saltSz); + AssertIntEQ(0, XMEMCMP(srp.salt, srp_salt, srp.saltSz)); + + wc_SrpTerm(&srp); +} + +#ifndef NO_SHA + +static void test_SrpSetPassword(void) +{ + Srp srp; + byte v[64]; + word32 vSz = 0; + + XMEMSET(v, 0, sizeof(v)); + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); + + /* invalid call order */ + AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), + wc_SrpSetPassword(&srp, password, passwordSz)); + AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), + wc_SrpGetVerifier(&srp, v, &vSz)); + + /* fix call order */ + AssertIntEQ(0, wc_SrpSetParams(&srp, srp_N, sizeof(srp_N), + srp_g, sizeof(srp_g), + srp_salt, sizeof(srp_salt))); + + /* invalid params */ + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetPassword(NULL, password, passwordSz)); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetPassword(&srp, NULL, passwordSz)); + + /* success */ + AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz)); + + /* invalid params */ + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetVerifier(NULL, v, &vSz)); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetVerifier(&srp, NULL, &vSz)); + AssertIntEQ(WC_NO_ERR_TRACE(BUFFER_E), wc_SrpGetVerifier(&srp, v, &vSz)); + + /* success */ + vSz = sizeof(v); + AssertIntEQ(0, wc_SrpGetVerifier(&srp, v, &vSz)); + AssertIntEQ(vSz, sizeof(srp_verifier)); + AssertIntEQ(0, XMEMCMP(srp_verifier, v, vSz)); + + /* invalid params - client side srp */ + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetVerifier(&srp, v, vSz)); + + wc_SrpTerm(&srp); + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE)); + + /* invalid params */ + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetVerifier(NULL, v, vSz)); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpSetVerifier(&srp, NULL, vSz)); + + /* success */ + AssertIntEQ(0, wc_SrpSetVerifier(&srp, v, vSz)); + + wc_SrpTerm(&srp); +} + +static void test_SrpGetPublic(void) +{ + Srp srp; + byte pub[64]; + word32 pubSz = 0; + + XMEMSET(pub, 0, sizeof(pub)); + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); + AssertIntEQ(0, wc_SrpSetParams(&srp, srp_N, sizeof(srp_N), + srp_g, sizeof(srp_g), + srp_salt, sizeof(srp_salt))); + + /* invalid call order */ + AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), wc_SrpGetPublic(&srp, pub, &pubSz)); + + /* fix call order */ + AssertIntEQ(0, wc_SrpSetPassword(&srp, password, passwordSz)); + + /* invalid params */ + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetPublic(NULL, pub, &pubSz)); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetPublic(&srp, NULL, &pubSz)); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetPublic(&srp, pub, NULL)); + AssertIntEQ(WC_NO_ERR_TRACE(BUFFER_E), wc_SrpGetPublic(&srp, pub, &pubSz)); + + /* success */ + pubSz = sizeof(pub); + AssertIntEQ(0, wc_SrpSetPrivate(&srp, srp_a, sizeof(srp_a))); + AssertIntEQ(0, wc_SrpGetPublic(&srp, pub, &pubSz)); + AssertIntEQ(pubSz, sizeof(srp_A)); + AssertIntEQ(0, XMEMCMP(pub, srp_A, pubSz)); + + wc_SrpTerm(&srp); + + AssertIntEQ(0, wc_SrpInit(&srp, SRP_TYPE_SHA, SRP_SERVER_SIDE)); + AssertIntEQ(0, wc_SrpSetUsername(&srp, username, usernameSz)); + AssertIntEQ(0, wc_SrpSetParams(&srp, srp_N, sizeof(srp_N), + srp_g, sizeof(srp_g), + srp_salt, sizeof(srp_salt))); + + /* invalid call order */ + AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), wc_SrpGetPublic(&srp, pub, &pubSz)); + + /* fix call order */ + AssertIntEQ(0, wc_SrpSetVerifier(&srp, srp_verifier, sizeof(srp_verifier))); + + /* success */ + AssertIntEQ(0, wc_SrpSetPrivate(&srp, srp_b, sizeof(srp_b))); + AssertIntEQ(0, wc_SrpGetPublic(&srp, pub, &pubSz)); + AssertIntEQ(pubSz, sizeof(srp_B)); + AssertIntEQ(0, XMEMCMP(pub, srp_B, pubSz)); + + wc_SrpTerm(&srp); +} + +static void test_SrpComputeKey(void) +{ + Srp cli, srv; + byte clientPubKey[64]; + byte serverPubKey[64]; + word32 clientPubKeySz = 64; + word32 serverPubKeySz = 64; + + XMEMSET(clientPubKey, 0, sizeof(clientPubKey)); + XMEMSET(serverPubKey, 0, sizeof(serverPubKey)); + AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE)); + + /* invalid call order */ + AssertIntEQ(WC_NO_ERR_TRACE(SRP_CALL_ORDER_E), wc_SrpComputeKey(&cli, + clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + + /* fix call order */ + AssertIntEQ(0, wc_SrpSetUsername(&cli, username, usernameSz)); + AssertIntEQ(0, wc_SrpSetUsername(&srv, username, usernameSz)); + + AssertIntEQ(0, wc_SrpSetParams(&cli, srp_N, sizeof(srp_N), + srp_g, sizeof(srp_g), + srp_salt, sizeof(srp_salt))); + AssertIntEQ(0, wc_SrpSetParams(&srv, srp_N, sizeof(srp_N), + srp_g, sizeof(srp_g), + srp_salt, sizeof(srp_salt))); + + AssertIntEQ(0, wc_SrpSetPassword(&cli, password, passwordSz)); + AssertIntEQ(0, wc_SrpSetVerifier(&srv, srp_verifier, sizeof(srp_verifier))); + + AssertIntEQ(0, wc_SrpSetPrivate(&cli, srp_a, sizeof(srp_a))); + AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz)); + AssertIntEQ(0, XMEMCMP(clientPubKey, srp_A, clientPubKeySz)); + AssertIntEQ(0, wc_SrpSetPrivate(&srv, srp_b, sizeof(srp_b))); + AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(serverPubKey, srp_B, serverPubKeySz)); + + /* invalid params */ + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(NULL, + clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(&cli, + NULL, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(&cli, + clientPubKey, 0, + serverPubKey, serverPubKeySz)); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(&cli, + clientPubKey, clientPubKeySz, + NULL, serverPubKeySz)); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpComputeKey(&cli, + clientPubKey, clientPubKeySz, + serverPubKey, 0)); + + /* success */ + AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(cli.key, srp_key, sizeof(srp_key))); + AssertIntEQ(0, XMEMCMP(srv.key, srp_key, sizeof(srp_key))); + + wc_SrpTerm(&cli); + wc_SrpTerm(&srv); +} + +static void test_SrpGetProofAndVerify(void) +{ + Srp cli, srv; + byte clientPubKey[64]; + byte serverPubKey[64]; + word32 clientPubKeySz = 64; + word32 serverPubKeySz = 64; + byte clientProof[SRP_MAX_DIGEST_SIZE]; + byte serverProof[SRP_MAX_DIGEST_SIZE]; + word32 clientProofSz = SRP_MAX_DIGEST_SIZE; + word32 serverProofSz = SRP_MAX_DIGEST_SIZE; + + XMEMSET(clientPubKey, 0, sizeof(clientPubKey)); + XMEMSET(serverPubKey, 0, sizeof(serverPubKey)); + XMEMSET(clientProof, 0, sizeof(clientProof)); + XMEMSET(serverProof, 0, sizeof(serverProof)); + AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA, SRP_SERVER_SIDE)); + + AssertIntEQ(0, wc_SrpSetUsername(&cli, username, usernameSz)); + AssertIntEQ(0, wc_SrpSetUsername(&srv, username, usernameSz)); + + AssertIntEQ(0, wc_SrpSetParams(&cli, srp_N, sizeof(srp_N), + srp_g, sizeof(srp_g), + srp_salt, sizeof(srp_salt))); + AssertIntEQ(0, wc_SrpSetParams(&srv, srp_N, sizeof(srp_N), + srp_g, sizeof(srp_g), + srp_salt, sizeof(srp_salt))); + + AssertIntEQ(0, wc_SrpSetPassword(&cli, password, passwordSz)); + AssertIntEQ(0, wc_SrpSetVerifier(&srv, srp_verifier, sizeof(srp_verifier))); + + AssertIntEQ(0, wc_SrpSetPrivate(&cli, srp_a, sizeof(srp_a))); + AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz)); + AssertIntEQ(0, XMEMCMP(clientPubKey, srp_A, clientPubKeySz)); + + AssertIntEQ(0, wc_SrpSetPrivate(&srv, srp_b, sizeof(srp_b))); + AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(serverPubKey, srp_B, serverPubKeySz)); + + AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(cli.key, srp_key, sizeof(srp_key))); + + AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(srv.key, srp_key, sizeof(srp_key))); + + /* invalid params */ + serverProofSz = 0; + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetProof(NULL, clientProof,&clientProofSz)); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetProof(&cli, NULL, &clientProofSz)); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), wc_SrpGetProof(&cli, clientProof,NULL)); + AssertIntEQ(WC_NO_ERR_TRACE(BUFFER_E), wc_SrpGetProof(&srv, serverProof,&serverProofSz)); + + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), + wc_SrpVerifyPeersProof(NULL, clientProof, clientProofSz)); + AssertIntEQ(WC_NO_ERR_TRACE(BAD_FUNC_ARG), + wc_SrpVerifyPeersProof(&cli, NULL, clientProofSz)); + AssertIntEQ(WC_NO_ERR_TRACE(BUFFER_E), + wc_SrpVerifyPeersProof(&srv, serverProof, serverProofSz)); + serverProofSz = SRP_MAX_DIGEST_SIZE; + + /* success */ + AssertIntEQ(0, wc_SrpGetProof(&cli, clientProof, &clientProofSz)); + AssertIntEQ(0, XMEMCMP(clientProof, srp_client_proof, + sizeof(srp_client_proof))); + AssertIntEQ(0, wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz)); + AssertIntEQ(0, wc_SrpGetProof(&srv, serverProof, &serverProofSz)); + AssertIntEQ(0, XMEMCMP(serverProof, srp_server_proof, + sizeof(srp_server_proof))); + AssertIntEQ(0, wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz)); + + wc_SrpTerm(&cli); + wc_SrpTerm(&srv); +} + +#endif /* !NO_SHA */ + +static int sha512_key_gen(Srp* srp, byte* secret, word32 size) +{ + wc_Sha512 hash; + int r; + + srp->key = (byte*)XMALLOC(WC_SHA512_DIGEST_SIZE, NULL, DYNAMIC_TYPE_SRP); + if (srp->key == NULL) + return MEMORY_E; + + srp->keySz = WC_SHA512_DIGEST_SIZE; + + r = wc_InitSha512(&hash); + if (!r) r = wc_Sha512Update(&hash, secret, size); + if (!r) r = wc_Sha512Final(&hash, srp->key); + wc_Sha512Free(&hash); + + XMEMSET(&hash, 0, sizeof(wc_Sha512)); + + return r; +} + +static void test_SrpKeyGenFunc_cb(void) +{ + Srp cli, srv; + byte clientPubKey[1024]; + byte serverPubKey[1024]; + word32 clientPubKeySz = 1024; + word32 serverPubKeySz = 1024; + byte clientProof[SRP_MAX_DIGEST_SIZE]; + byte serverProof[SRP_MAX_DIGEST_SIZE]; + word32 clientProofSz = SRP_MAX_DIGEST_SIZE; + word32 serverProofSz = SRP_MAX_DIGEST_SIZE; + + byte username_[] = "alice"; + word32 usernameSz_ = 5; + + byte password_[] = "password123"; + word32 passwordSz_ = 11; + +#if !defined(FP_MAX_BITS) || FP_MAX_BITS > 3072 * 2 + byte N_[] = { + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xC9, 0x0F, 0xDA, 0xA2, + 0x21, 0x68, 0xC2, 0x34, 0xC4, 0xC6, 0x62, 0x8B, 0x80, 0xDC, 0x1C, 0xD1, + 0x29, 0x02, 0x4E, 0x08, 0x8A, 0x67, 0xCC, 0x74, 0x02, 0x0B, 0xBE, 0xA6, + 0x3B, 0x13, 0x9B, 0x22, 0x51, 0x4A, 0x08, 0x79, 0x8E, 0x34, 0x04, 0xDD, + 0xEF, 0x95, 0x19, 0xB3, 0xCD, 0x3A, 0x43, 0x1B, 0x30, 0x2B, 0x0A, 0x6D, + 0xF2, 0x5F, 0x14, 0x37, 0x4F, 0xE1, 0x35, 0x6D, 0x6D, 0x51, 0xC2, 0x45, + 0xE4, 0x85, 0xB5, 0x76, 0x62, 0x5E, 0x7E, 0xC6, 0xF4, 0x4C, 0x42, 0xE9, + 0xA6, 0x37, 0xED, 0x6B, 0x0B, 0xFF, 0x5C, 0xB6, 0xF4, 0x06, 0xB7, 0xED, + 0xEE, 0x38, 0x6B, 0xFB, 0x5A, 0x89, 0x9F, 0xA5, 0xAE, 0x9F, 0x24, 0x11, + 0x7C, 0x4B, 0x1F, 0xE6, 0x49, 0x28, 0x66, 0x51, 0xEC, 0xE4, 0x5B, 0x3D, + 0xC2, 0x00, 0x7C, 0xB8, 0xA1, 0x63, 0xBF, 0x05, 0x98, 0xDA, 0x48, 0x36, + 0x1C, 0x55, 0xD3, 0x9A, 0x69, 0x16, 0x3F, 0xA8, 0xFD, 0x24, 0xCF, 0x5F, + 0x83, 0x65, 0x5D, 0x23, 0xDC, 0xA3, 0xAD, 0x96, 0x1C, 0x62, 0xF3, 0x56, + 0x20, 0x85, 0x52, 0xBB, 0x9E, 0xD5, 0x29, 0x07, 0x70, 0x96, 0x96, 0x6D, + 0x67, 0x0C, 0x35, 0x4E, 0x4A, 0xBC, 0x98, 0x04, 0xF1, 0x74, 0x6C, 0x08, + 0xCA, 0x18, 0x21, 0x7C, 0x32, 0x90, 0x5E, 0x46, 0x2E, 0x36, 0xCE, 0x3B, + 0xE3, 0x9E, 0x77, 0x2C, 0x18, 0x0E, 0x86, 0x03, 0x9B, 0x27, 0x83, 0xA2, + 0xEC, 0x07, 0xA2, 0x8F, 0xB5, 0xC5, 0x5D, 0xF0, 0x6F, 0x4C, 0x52, 0xC9, + 0xDE, 0x2B, 0xCB, 0xF6, 0x95, 0x58, 0x17, 0x18, 0x39, 0x95, 0x49, 0x7C, + 0xEA, 0x95, 0x6A, 0xE5, 0x15, 0xD2, 0x26, 0x18, 0x98, 0xFA, 0x05, 0x10, + 0x15, 0x72, 0x8E, 0x5A, 0x8A, 0xAA, 0xC4, 0x2D, 0xAD, 0x33, 0x17, 0x0D, + 0x04, 0x50, 0x7A, 0x33, 0xA8, 0x55, 0x21, 0xAB, 0xDF, 0x1C, 0xBA, 0x64, + 0xEC, 0xFB, 0x85, 0x04, 0x58, 0xDB, 0xEF, 0x0A, 0x8A, 0xEA, 0x71, 0x57, + 0x5D, 0x06, 0x0C, 0x7D, 0xB3, 0x97, 0x0F, 0x85, 0xA6, 0xE1, 0xE4, 0xC7, + 0xAB, 0xF5, 0xAE, 0x8C, 0xDB, 0x09, 0x33, 0xD7, 0x1E, 0x8C, 0x94, 0xE0, + 0x4A, 0x25, 0x61, 0x9D, 0xCE, 0xE3, 0xD2, 0x26, 0x1A, 0xD2, 0xEE, 0x6B, + 0xF1, 0x2F, 0xFA, 0x06, 0xD9, 0x8A, 0x08, 0x64, 0xD8, 0x76, 0x02, 0x73, + 0x3E, 0xC8, 0x6A, 0x64, 0x52, 0x1F, 0x2B, 0x18, 0x17, 0x7B, 0x20, 0x0C, + 0xBB, 0xE1, 0x17, 0x57, 0x7A, 0x61, 0x5D, 0x6C, 0x77, 0x09, 0x88, 0xC0, + 0xBA, 0xD9, 0x46, 0xE2, 0x08, 0xE2, 0x4F, 0xA0, 0x74, 0xE5, 0xAB, 0x31, + 0x43, 0xDB, 0x5B, 0xFC, 0xE0, 0xFD, 0x10, 0x8E, 0x4B, 0x82, 0xD1, 0x20, + 0xA9, 0x3A, 0xD2, 0xCA, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF + }; + + byte g_[] = { + 0x05 + }; + + byte salt_[] = { + 0xBE, 0xB2, 0x53, 0x79, 0xD1, 0xA8, 0x58, 0x1E, 0xB5, 0xA7, 0x27, 0x67, + 0x3A, 0x24, 0x41, 0xEE + }; + + byte verifier_[] = { + 0x9B, 0x5E, 0x06, 0x17, 0x01, 0xEA, 0x7A, 0xEB, 0x39, 0xCF, 0x6E, 0x35, + 0x19, 0x65, 0x5A, 0x85, 0x3C, 0xF9, 0x4C, 0x75, 0xCA, 0xF2, 0x55, 0x5E, + 0xF1, 0xFA, 0xF7, 0x59, 0xBB, 0x79, 0xCB, 0x47, 0x70, 0x14, 0xE0, 0x4A, + 0x88, 0xD6, 0x8F, 0xFC, 0x05, 0x32, 0x38, 0x91, 0xD4, 0xC2, 0x05, 0xB8, + 0xDE, 0x81, 0xC2, 0xF2, 0x03, 0xD8, 0xFA, 0xD1, 0xB2, 0x4D, 0x2C, 0x10, + 0x97, 0x37, 0xF1, 0xBE, 0xBB, 0xD7, 0x1F, 0x91, 0x24, 0x47, 0xC4, 0xA0, + 0x3C, 0x26, 0xB9, 0xFA, 0xD8, 0xED, 0xB3, 0xE7, 0x80, 0x77, 0x8E, 0x30, + 0x25, 0x29, 0xED, 0x1E, 0xE1, 0x38, 0xCC, 0xFC, 0x36, 0xD4, 0xBA, 0x31, + 0x3C, 0xC4, 0x8B, 0x14, 0xEA, 0x8C, 0x22, 0xA0, 0x18, 0x6B, 0x22, 0x2E, + 0x65, 0x5F, 0x2D, 0xF5, 0x60, 0x3F, 0xD7, 0x5D, 0xF7, 0x6B, 0x3B, 0x08, + 0xFF, 0x89, 0x50, 0x06, 0x9A, 0xDD, 0x03, 0xA7, 0x54, 0xEE, 0x4A, 0xE8, + 0x85, 0x87, 0xCC, 0xE1, 0xBF, 0xDE, 0x36, 0x79, 0x4D, 0xBA, 0xE4, 0x59, + 0x2B, 0x7B, 0x90, 0x4F, 0x44, 0x2B, 0x04, 0x1C, 0xB1, 0x7A, 0xEB, 0xAD, + 0x1E, 0x3A, 0xEB, 0xE3, 0xCB, 0xE9, 0x9D, 0xE6, 0x5F, 0x4B, 0xB1, 0xFA, + 0x00, 0xB0, 0xE7, 0xAF, 0x06, 0x86, 0x3D, 0xB5, 0x3B, 0x02, 0x25, 0x4E, + 0xC6, 0x6E, 0x78, 0x1E, 0x3B, 0x62, 0xA8, 0x21, 0x2C, 0x86, 0xBE, 0xB0, + 0xD5, 0x0B, 0x5B, 0xA6, 0xD0, 0xB4, 0x78, 0xD8, 0xC4, 0xE9, 0xBB, 0xCE, + 0xC2, 0x17, 0x65, 0x32, 0x6F, 0xBD, 0x14, 0x05, 0x8D, 0x2B, 0xBD, 0xE2, + 0xC3, 0x30, 0x45, 0xF0, 0x38, 0x73, 0xE5, 0x39, 0x48, 0xD7, 0x8B, 0x79, + 0x4F, 0x07, 0x90, 0xE4, 0x8C, 0x36, 0xAE, 0xD6, 0xE8, 0x80, 0xF5, 0x57, + 0x42, 0x7B, 0x2F, 0xC0, 0x6D, 0xB5, 0xE1, 0xE2, 0xE1, 0xD7, 0xE6, 0x61, + 0xAC, 0x48, 0x2D, 0x18, 0xE5, 0x28, 0xD7, 0x29, 0x5E, 0xF7, 0x43, 0x72, + 0x95, 0xFF, 0x1A, 0x72, 0xD4, 0x02, 0x77, 0x17, 0x13, 0xF1, 0x68, 0x76, + 0xDD, 0x05, 0x0A, 0xE5, 0xB7, 0xAD, 0x53, 0xCC, 0xB9, 0x08, 0x55, 0xC9, + 0x39, 0x56, 0x64, 0x83, 0x58, 0xAD, 0xFD, 0x96, 0x64, 0x22, 0xF5, 0x24, + 0x98, 0x73, 0x2D, 0x68, 0xD1, 0xD7, 0xFB, 0xEF, 0x10, 0xD7, 0x80, 0x34, + 0xAB, 0x8D, 0xCB, 0x6F, 0x0F, 0xCF, 0x88, 0x5C, 0xC2, 0xB2, 0xEA, 0x2C, + 0x3E, 0x6A, 0xC8, 0x66, 0x09, 0xEA, 0x05, 0x8A, 0x9D, 0xA8, 0xCC, 0x63, + 0x53, 0x1D, 0xC9, 0x15, 0x41, 0x4D, 0xF5, 0x68, 0xB0, 0x94, 0x82, 0xDD, + 0xAC, 0x19, 0x54, 0xDE, 0xC7, 0xEB, 0x71, 0x4F, 0x6F, 0xF7, 0xD4, 0x4C, + 0xD5, 0xB8, 0x6F, 0x6B, 0xD1, 0x15, 0x81, 0x09, 0x30, 0x63, 0x7C, 0x01, + 0xD0, 0xF6, 0x01, 0x3B, 0xC9, 0x74, 0x0F, 0xA2, 0xC6, 0x33, 0xBA, 0x89 + }; + + byte a_[] = { + 0x60, 0x97, 0x55, 0x27, 0x03, 0x5C, 0xF2, 0xAD, 0x19, 0x89, 0x80, 0x6F, + 0x04, 0x07, 0x21, 0x0B, 0xC8, 0x1E, 0xDC, 0x04, 0xE2, 0x76, 0x2A, 0x56, + 0xAF, 0xD5, 0x29, 0xDD, 0xDA, 0x2D, 0x43, 0x93 + }; + + byte A_[] = { + 0xFA, 0xB6, 0xF5, 0xD2, 0x61, 0x5D, 0x1E, 0x32, 0x35, 0x12, 0xE7, 0x99, + 0x1C, 0xC3, 0x74, 0x43, 0xF4, 0x87, 0xDA, 0x60, 0x4C, 0xA8, 0xC9, 0x23, + 0x0F, 0xCB, 0x04, 0xE5, 0x41, 0xDC, 0xE6, 0x28, 0x0B, 0x27, 0xCA, 0x46, + 0x80, 0xB0, 0x37, 0x4F, 0x17, 0x9D, 0xC3, 0xBD, 0xC7, 0x55, 0x3F, 0xE6, + 0x24, 0x59, 0x79, 0x8C, 0x70, 0x1A, 0xD8, 0x64, 0xA9, 0x13, 0x90, 0xA2, + 0x8C, 0x93, 0xB6, 0x44, 0xAD, 0xBF, 0x9C, 0x00, 0x74, 0x5B, 0x94, 0x2B, + 0x79, 0xF9, 0x01, 0x2A, 0x21, 0xB9, 0xB7, 0x87, 0x82, 0x31, 0x9D, 0x83, + 0xA1, 0xF8, 0x36, 0x28, 0x66, 0xFB, 0xD6, 0xF4, 0x6B, 0xFC, 0x0D, 0xDB, + 0x2E, 0x1A, 0xB6, 0xE4, 0xB4, 0x5A, 0x99, 0x06, 0xB8, 0x2E, 0x37, 0xF0, + 0x5D, 0x6F, 0x97, 0xF6, 0xA3, 0xEB, 0x6E, 0x18, 0x20, 0x79, 0x75, 0x9C, + 0x4F, 0x68, 0x47, 0x83, 0x7B, 0x62, 0x32, 0x1A, 0xC1, 0xB4, 0xFA, 0x68, + 0x64, 0x1F, 0xCB, 0x4B, 0xB9, 0x8D, 0xD6, 0x97, 0xA0, 0xC7, 0x36, 0x41, + 0x38, 0x5F, 0x4B, 0xAB, 0x25, 0xB7, 0x93, 0x58, 0x4C, 0xC3, 0x9F, 0xC8, + 0xD4, 0x8D, 0x4B, 0xD8, 0x67, 0xA9, 0xA3, 0xC1, 0x0F, 0x8E, 0xA1, 0x21, + 0x70, 0x26, 0x8E, 0x34, 0xFE, 0x3B, 0xBE, 0x6F, 0xF8, 0x99, 0x98, 0xD6, + 0x0D, 0xA2, 0xF3, 0xE4, 0x28, 0x3C, 0xBE, 0xC1, 0x39, 0x3D, 0x52, 0xAF, + 0x72, 0x4A, 0x57, 0x23, 0x0C, 0x60, 0x4E, 0x9F, 0xBC, 0xE5, 0x83, 0xD7, + 0x61, 0x3E, 0x6B, 0xFF, 0xD6, 0x75, 0x96, 0xAD, 0x12, 0x1A, 0x87, 0x07, + 0xEE, 0xC4, 0x69, 0x44, 0x95, 0x70, 0x33, 0x68, 0x6A, 0x15, 0x5F, 0x64, + 0x4D, 0x5C, 0x58, 0x63, 0xB4, 0x8F, 0x61, 0xBD, 0xBF, 0x19, 0xA5, 0x3E, + 0xAB, 0x6D, 0xAD, 0x0A, 0x18, 0x6B, 0x8C, 0x15, 0x2E, 0x5F, 0x5D, 0x8C, + 0xAD, 0x4B, 0x0E, 0xF8, 0xAA, 0x4E, 0xA5, 0x00, 0x88, 0x34, 0xC3, 0xCD, + 0x34, 0x2E, 0x5E, 0x0F, 0x16, 0x7A, 0xD0, 0x45, 0x92, 0xCD, 0x8B, 0xD2, + 0x79, 0x63, 0x93, 0x98, 0xEF, 0x9E, 0x11, 0x4D, 0xFA, 0xAA, 0xB9, 0x19, + 0xE1, 0x4E, 0x85, 0x09, 0x89, 0x22, 0x4D, 0xDD, 0x98, 0x57, 0x6D, 0x79, + 0x38, 0x5D, 0x22, 0x10, 0x90, 0x2E, 0x9F, 0x9B, 0x1F, 0x2D, 0x86, 0xCF, + 0xA4, 0x7E, 0xE2, 0x44, 0x63, 0x54, 0x65, 0xF7, 0x10, 0x58, 0x42, 0x1A, + 0x01, 0x84, 0xBE, 0x51, 0xDD, 0x10, 0xCC, 0x9D, 0x07, 0x9E, 0x6F, 0x16, + 0x04, 0xE7, 0xAA, 0x9B, 0x7C, 0xF7, 0x88, 0x3C, 0x7D, 0x4C, 0xE1, 0x2B, + 0x06, 0xEB, 0xE1, 0x60, 0x81, 0xE2, 0x3F, 0x27, 0xA2, 0x31, 0xD1, 0x84, + 0x32, 0xD7, 0xD1, 0xBB, 0x55, 0xC2, 0x8A, 0xE2, 0x1F, 0xFC, 0xF0, 0x05, + 0xF5, 0x75, 0x28, 0xD1, 0x5A, 0x88, 0x88, 0x1B, 0xB3, 0xBB, 0xB7, 0xFE + }; + + byte b_[] = { + 0xE4, 0x87, 0xCB, 0x59, 0xD3, 0x1A, 0xC5, 0x50, 0x47, 0x1E, 0x81, 0xF0, + 0x0F, 0x69, 0x28, 0xE0, 0x1D, 0xDA, 0x08, 0xE9, 0x74, 0xA0, 0x04, 0xF4, + 0x9E, 0x61, 0xF5, 0xD1, 0x05, 0x28, 0x4D, 0x20 + }; + + byte B_[] = { + 0x40, 0xF5, 0x70, 0x88, 0xA4, 0x82, 0xD4, 0xC7, 0x73, 0x33, 0x84, 0xFE, + 0x0D, 0x30, 0x1F, 0xDD, 0xCA, 0x90, 0x80, 0xAD, 0x7D, 0x4F, 0x6F, 0xDF, + 0x09, 0xA0, 0x10, 0x06, 0xC3, 0xCB, 0x6D, 0x56, 0x2E, 0x41, 0x63, 0x9A, + 0xE8, 0xFA, 0x21, 0xDE, 0x3B, 0x5D, 0xBA, 0x75, 0x85, 0xB2, 0x75, 0x58, + 0x9B, 0xDB, 0x27, 0x98, 0x63, 0xC5, 0x62, 0x80, 0x7B, 0x2B, 0x99, 0x08, + 0x3C, 0xD1, 0x42, 0x9C, 0xDB, 0xE8, 0x9E, 0x25, 0xBF, 0xBD, 0x7E, 0x3C, + 0xAD, 0x31, 0x73, 0xB2, 0xE3, 0xC5, 0xA0, 0xB1, 0x74, 0xDA, 0x6D, 0x53, + 0x91, 0xE6, 0xA0, 0x6E, 0x46, 0x5F, 0x03, 0x7A, 0x40, 0x06, 0x25, 0x48, + 0x39, 0xA5, 0x6B, 0xF7, 0x6D, 0xA8, 0x4B, 0x1C, 0x94, 0xE0, 0xAE, 0x20, + 0x85, 0x76, 0x15, 0x6F, 0xE5, 0xC1, 0x40, 0xA4, 0xBA, 0x4F, 0xFC, 0x9E, + 0x38, 0xC3, 0xB0, 0x7B, 0x88, 0x84, 0x5F, 0xC6, 0xF7, 0xDD, 0xDA, 0x93, + 0x38, 0x1F, 0xE0, 0xCA, 0x60, 0x84, 0xC4, 0xCD, 0x2D, 0x33, 0x6E, 0x54, + 0x51, 0xC4, 0x64, 0xCC, 0xB6, 0xEC, 0x65, 0xE7, 0xD1, 0x6E, 0x54, 0x8A, + 0x27, 0x3E, 0x82, 0x62, 0x84, 0xAF, 0x25, 0x59, 0xB6, 0x26, 0x42, 0x74, + 0x21, 0x59, 0x60, 0xFF, 0xF4, 0x7B, 0xDD, 0x63, 0xD3, 0xAF, 0xF0, 0x64, + 0xD6, 0x13, 0x7A, 0xF7, 0x69, 0x66, 0x1C, 0x9D, 0x4F, 0xEE, 0x47, 0x38, + 0x26, 0x03, 0xC8, 0x8E, 0xAA, 0x09, 0x80, 0x58, 0x1D, 0x07, 0x75, 0x84, + 0x61, 0xB7, 0x77, 0xE4, 0x35, 0x6D, 0xDA, 0x58, 0x35, 0x19, 0x8B, 0x51, + 0xFE, 0xEA, 0x30, 0x8D, 0x70, 0xF7, 0x54, 0x50, 0xB7, 0x16, 0x75, 0xC0, + 0x8C, 0x7D, 0x83, 0x02, 0xFD, 0x75, 0x39, 0xDD, 0x1F, 0xF2, 0xA1, 0x1C, + 0xB4, 0x25, 0x8A, 0xA7, 0x0D, 0x23, 0x44, 0x36, 0xAA, 0x42, 0xB6, 0xA0, + 0x61, 0x5F, 0x3F, 0x91, 0x5D, 0x55, 0xCC, 0x3B, 0x96, 0x6B, 0x27, 0x16, + 0xB3, 0x6E, 0x4D, 0x1A, 0x06, 0xCE, 0x5E, 0x5D, 0x2E, 0xA3, 0xBE, 0xE5, + 0xA1, 0x27, 0x0E, 0x87, 0x51, 0xDA, 0x45, 0xB6, 0x0B, 0x99, 0x7B, 0x0F, + 0xFD, 0xB0, 0xF9, 0x96, 0x2F, 0xEE, 0x4F, 0x03, 0xBE, 0xE7, 0x80, 0xBA, + 0x0A, 0x84, 0x5B, 0x1D, 0x92, 0x71, 0x42, 0x17, 0x83, 0xAE, 0x66, 0x01, + 0xA6, 0x1E, 0xA2, 0xE3, 0x42, 0xE4, 0xF2, 0xE8, 0xBC, 0x93, 0x5A, 0x40, + 0x9E, 0xAD, 0x19, 0xF2, 0x21, 0xBD, 0x1B, 0x74, 0xE2, 0x96, 0x4D, 0xD1, + 0x9F, 0xC8, 0x45, 0xF6, 0x0E, 0xFC, 0x09, 0x33, 0x8B, 0x60, 0xB6, 0xB2, + 0x56, 0xD8, 0xCA, 0xC8, 0x89, 0xCC, 0xA3, 0x06, 0xCC, 0x37, 0x0A, 0x0B, + 0x18, 0xC8, 0xB8, 0x86, 0xE9, 0x5D, 0xA0, 0xAF, 0x52, 0x35, 0xFE, 0xF4, + 0x39, 0x30, 0x20, 0xD2, 0xB7, 0xF3, 0x05, 0x69, 0x04, 0x75, 0x90, 0x42 + }; + + byte key_[] = { + 0x5C, 0xBC, 0x21, 0x9D, 0xB0, 0x52, 0x13, 0x8E, 0xE1, 0x14, 0x8C, 0x71, + 0xCD, 0x44, 0x98, 0x96, 0x3D, 0x68, 0x25, 0x49, 0xCE, 0x91, 0xCA, 0x24, + 0xF0, 0x98, 0x46, 0x8F, 0x06, 0x01, 0x5B, 0xEB, 0x6A, 0xF2, 0x45, 0xC2, + 0x09, 0x3F, 0x98, 0xC3, 0x65, 0x1B, 0xCA, 0x83, 0xAB, 0x8C, 0xAB, 0x2B, + 0x58, 0x0B, 0xBF, 0x02, 0x18, 0x4F, 0xEF, 0xDF, 0x26, 0x14, 0x2F, 0x73, + 0xDF, 0x95, 0xAC, 0x50 + }; +#else + byte N_[] = { + 0xAC, 0x6B, 0xDB, 0x41, 0x32, 0x4A, 0x9A, 0x9B, 0xF1, 0x66, 0xDE, 0x5E, + 0x13, 0x89, 0x58, 0x2F, 0xAF, 0x72, 0xB6, 0x65, 0x19, 0x87, 0xEE, 0x07, + 0xFC, 0x31, 0x92, 0x94, 0x3D, 0xB5, 0x60, 0x50, 0xA3, 0x73, 0x29, 0xCB, + 0xB4, 0xA0, 0x99, 0xED, 0x81, 0x93, 0xE0, 0x75, 0x77, 0x67, 0xA1, 0x3D, + 0xD5, 0x23, 0x12, 0xAB, 0x4B, 0x03, 0x31, 0x0D, 0xCD, 0x7F, 0x48, 0xA9, + 0xDA, 0x04, 0xFD, 0x50, 0xE8, 0x08, 0x39, 0x69, 0xED, 0xB7, 0x67, 0xB0, + 0xCF, 0x60, 0x95, 0x17, 0x9A, 0x16, 0x3A, 0xB3, 0x66, 0x1A, 0x05, 0xFB, + 0xD5, 0xFA, 0xAA, 0xE8, 0x29, 0x18, 0xA9, 0x96, 0x2F, 0x0B, 0x93, 0xB8, + 0x55, 0xF9, 0x79, 0x93, 0xEC, 0x97, 0x5E, 0xEA, 0xA8, 0x0D, 0x74, 0x0A, + 0xDB, 0xF4, 0xFF, 0x74, 0x73, 0x59, 0xD0, 0x41, 0xD5, 0xC3, 0x3E, 0xA7, + 0x1D, 0x28, 0x1E, 0x44, 0x6B, 0x14, 0x77, 0x3B, 0xCA, 0x97, 0xB4, 0x3A, + 0x23, 0xFB, 0x80, 0x16, 0x76, 0xBD, 0x20, 0x7A, 0x43, 0x6C, 0x64, 0x81, + 0xF1, 0xD2, 0xB9, 0x07, 0x87, 0x17, 0x46, 0x1A, 0x5B, 0x9D, 0x32, 0xE6, + 0x88, 0xF8, 0x77, 0x48, 0x54, 0x45, 0x23, 0xB5, 0x24, 0xB0, 0xD5, 0x7D, + 0x5E, 0xA7, 0x7A, 0x27, 0x75, 0xD2, 0xEC, 0xFA, 0x03, 0x2C, 0xFB, 0xDB, + 0xF5, 0x2F, 0xB3, 0x78, 0x61, 0x60, 0x27, 0x90, 0x04, 0xE5, 0x7A, 0xE6, + 0xAF, 0x87, 0x4E, 0x73, 0x03, 0xCE, 0x53, 0x29, 0x9C, 0xCC, 0x04, 0x1C, + 0x7B, 0xC3, 0x08, 0xD8, 0x2A, 0x56, 0x98, 0xF3, 0xA8, 0xD0, 0xC3, 0x82, + 0x71, 0xAE, 0x35, 0xF8, 0xE9, 0xDB, 0xFB, 0xB6, 0x94, 0xB5, 0xC8, 0x03, + 0xD8, 0x9F, 0x7A, 0xE4, 0x35, 0xDE, 0x23, 0x6D, 0x52, 0x5F, 0x54, 0x75, + 0x9B, 0x65, 0xE3, 0x72, 0xFC, 0xD6, 0x8E, 0xF2, 0x0F, 0xA7, 0x11, 0x1F, + 0x9E, 0x4A, 0xFF, 0x73 + }; + + byte g_[] = { + 0x02 + }; + + byte salt_[] = { + 0xBE, 0xB2, 0x53, 0x79, 0xD1, 0xA8, 0x58, 0x1E, 0xB5, 0xA7, 0x27, 0x67, + 0x3A, 0x24, 0x41, 0xEE + }; + + byte verifier_[] = { + 0xab, 0x58, 0xc3, 0x49, 0x79, 0xda, 0x9c, 0x1c, 0x0c, 0x5f, 0x6a, 0xe8, + 0xa1, 0xc4, 0x20, 0x78, 0x16, 0xe0, 0x29, 0x6f, 0xdc, 0x09, 0x62, 0xe7, + 0x5d, 0x49, 0x09, 0xd2, 0xd3, 0x48, 0x0b, 0x03, 0xbb, 0xf4, 0x96, 0x58, + 0x93, 0xa5, 0x69, 0xd4, 0x89, 0x10, 0x7f, 0xe2, 0x23, 0x73, 0xf2, 0x8c, + 0xc6, 0x5b, 0x52, 0x5d, 0x2a, 0x2b, 0xa5, 0x23, 0x27, 0xa6, 0x5c, 0xf7, + 0x8d, 0x65, 0x1f, 0xcf, 0x5e, 0x18, 0x70, 0xb7, 0xfd, 0x08, 0x4e, 0xa8, + 0x42, 0xbe, 0x5f, 0x73, 0xf4, 0x8b, 0xa0, 0x4a, 0xf6, 0xfa, 0x85, 0xd2, + 0xd7, 0xf6, 0x4f, 0xc0, 0xc5, 0xba, 0x42, 0x32, 0xc5, 0xbb, 0x57, 0xb2, + 0x60, 0xdb, 0xc4, 0x27, 0x28, 0x4a, 0x7c, 0xdc, 0x5f, 0x64, 0x8a, 0xc2, + 0x51, 0x47, 0x96, 0xd9, 0x9f, 0xd7, 0x64, 0x29, 0x30, 0xe3, 0x64, 0xfa, + 0xd2, 0x42, 0xfa, 0x8b, 0xc9, 0xa0, 0x78, 0xc5, 0xcf, 0x3b, 0x1b, 0x60, + 0x2a, 0xcd, 0x35, 0x8b, 0xfd, 0xbd, 0x62, 0xd6, 0x3b, 0x22, 0x29, 0x1d, + 0xb0, 0xeb, 0xaa, 0x00, 0xdf, 0x99, 0x1f, 0x82, 0xef, 0x9d, 0x1a, 0xad, + 0xe2, 0x4d, 0xa1, 0xca, 0xb2, 0x8f, 0x1d, 0xed, 0x5e, 0xc2, 0xbc, 0x48, + 0xae, 0xe8, 0x5f, 0x52, 0xad, 0xb3, 0xcb, 0xa5, 0x4e, 0xff, 0x52, 0x8c, + 0x9b, 0x11, 0x58, 0xe2, 0xd9, 0x94, 0xcd, 0x6c, 0x66, 0x87, 0xf8, 0xc1, + 0x3c, 0x94, 0x87, 0xce, 0x2c, 0x4a, 0x05, 0x66, 0xc3, 0x20, 0x62, 0x67, + 0x79, 0xc0, 0x33, 0xf1, 0x6e, 0x3f, 0xee, 0xc8, 0xbe, 0x8e, 0x56, 0xc6, + 0x98, 0x72, 0x0e, 0x37, 0x4b, 0x89, 0x4c, 0xba, 0xd9, 0x45, 0xf4, 0x9e, + 0x78, 0x7a, 0x6e, 0x1e, 0xdf, 0xff, 0x23, 0xcf, 0xef, 0xdc, 0x7d, 0x1c, + 0xf1, 0x96, 0x70, 0x2a, 0xa8, 0x6c, 0x20, 0xde, 0xce, 0x6e, 0x3e, 0x89, + 0x11, 0x44, 0x2b, 0x02 + }; + + byte a_[] = { + 0x60, 0x97, 0x55, 0x27, 0x03, 0x5C, 0xF2, 0xAD, 0x19, 0x89, 0x80, 0x6F, + 0x04, 0x07, 0x21, 0x0B, 0xC8, 0x1E, 0xDC, 0x04, 0xE2, 0x76, 0x2A, 0x56, + 0xAF, 0xD5, 0x29, 0xDD, 0xDA, 0x2D, 0x43, 0x93 + }; + + byte A_[] = { + 0x4b, 0x70, 0x0f, 0x8d, 0x48, 0xe6, 0x9c, 0x9a, 0xae, 0x40, 0xc6, 0x84, + 0xac, 0x7c, 0x7c, 0x03, 0x12, 0x1e, 0x2b, 0x76, 0x02, 0xeb, 0x4c, 0x35, + 0x14, 0x80, 0x4c, 0xca, 0xda, 0x0e, 0xd4, 0x01, 0x91, 0x93, 0xa3, 0x51, + 0xec, 0xc6, 0x5a, 0x6f, 0x85, 0x4e, 0xde, 0x91, 0xeb, 0x09, 0x6e, 0x72, + 0x1b, 0x22, 0xd7, 0x01, 0xc7, 0xad, 0xc6, 0x4e, 0x9c, 0xed, 0xac, 0xd7, + 0x5f, 0x2e, 0x26, 0xbb, 0x2f, 0x5e, 0x45, 0xdd, 0x53, 0xdc, 0x8d, 0xbe, + 0xaf, 0xff, 0xe8, 0x2a, 0xa4, 0x9f, 0xca, 0x05, 0x73, 0x44, 0x46, 0x91, + 0x21, 0x25, 0x37, 0xa7, 0x3c, 0xf8, 0x0e, 0x25, 0x03, 0x92, 0x58, 0x20, + 0x5a, 0x7e, 0xdf, 0x47, 0x49, 0xb3, 0x0a, 0xda, 0xf2, 0x58, 0x77, 0xc6, + 0x2f, 0xcd, 0x09, 0xd6, 0x61, 0x35, 0x98, 0xbc, 0xd4, 0xba, 0xf2, 0xa9, + 0x72, 0x7a, 0x53, 0x70, 0x6a, 0x27, 0x81, 0x48, 0x99, 0x2b, 0x2a, 0xbb, + 0x23, 0xad, 0x5d, 0x51, 0x2d, 0x26, 0x9e, 0x16, 0xca, 0x11, 0xbc, 0x08, + 0x95, 0xb5, 0xa3, 0xb5, 0xec, 0x47, 0x21, 0xcd, 0xe4, 0x0a, 0x8c, 0x39, + 0xc7, 0x96, 0xe9, 0x4f, 0x0b, 0xe8, 0x6d, 0xbb, 0xeb, 0x33, 0xda, 0x70, + 0x37, 0x01, 0x89, 0x83, 0x92, 0x1a, 0xba, 0x3f, 0x50, 0x53, 0x19, 0x5d, + 0x5a, 0xc1, 0xda, 0x4e, 0x56, 0x7e, 0x3c, 0x0e, 0x75, 0xd9, 0xe0, 0x60, + 0x9f, 0x92, 0xe8, 0x50, 0x65, 0x7b, 0x2b, 0xe4, 0x77, 0x1f, 0x41, 0x5b, + 0x9c, 0xac, 0xc5, 0xc1, 0xec, 0xed, 0xc3, 0x01, 0x33, 0xbf, 0x64, 0x74, + 0xf5, 0x02, 0x2c, 0x65, 0x19, 0xd7, 0x80, 0x76, 0x0c, 0xa4, 0xd8, 0xd3, + 0xb9, 0x66, 0xb0, 0x34, 0xbd, 0x73, 0x87, 0x7c, 0x1b, 0x3b, 0x33, 0xf4, + 0x74, 0xb9, 0xc3, 0xc5, 0x29, 0x9a, 0x19, 0x68, 0xf3, 0xe6, 0xcd, 0x3b, + 0xfe, 0x84, 0x44, 0x5a + }; + + byte b_[] = { + 0xE4, 0x87, 0xCB, 0x59, 0xD3, 0x1A, 0xC5, 0x50, 0x47, 0x1E, 0x81, 0xF0, + 0x0F, 0x69, 0x28, 0xE0, 0x1D, 0xDA, 0x08, 0xE9, 0x74, 0xA0, 0x04, 0xF4, + 0x9E, 0x61, 0xF5, 0xD1, 0x05, 0x28, 0x4D, 0x20 + }; + + byte B_[] = { + 0x03, 0xaf, 0xa6, 0xe2, 0x14, 0xf3, 0x63, 0x35, 0xf5, 0x51, 0x1d, 0xae, + 0x57, 0x34, 0x24, 0xf4, 0xc2, 0x18, 0xaf, 0x11, 0xf8, 0xef, 0xc7, 0x14, + 0x44, 0xa6, 0x52, 0x19, 0x7b, 0xae, 0x65, 0xe9, 0x86, 0x5f, 0x45, 0x33, + 0xae, 0xeb, 0x71, 0xd3, 0xfe, 0xa9, 0x7d, 0x26, 0xe0, 0xc9, 0xc7, 0xf2, + 0x2e, 0x4f, 0x95, 0xea, 0xb0, 0x83, 0x1d, 0xad, 0x77, 0xca, 0x32, 0x82, + 0x01, 0x21, 0x00, 0xc5, 0x47, 0x52, 0x67, 0xf1, 0x1b, 0x5c, 0x64, 0xd3, + 0xae, 0x61, 0x1a, 0x7d, 0x76, 0x0e, 0x7d, 0x23, 0x1e, 0x9c, 0xa0, 0x02, + 0x7c, 0x44, 0xa8, 0x6f, 0xf9, 0x27, 0x52, 0xd0, 0xa9, 0xc7, 0xd4, 0xbb, + 0x31, 0x69, 0x39, 0xfc, 0xb7, 0xa7, 0xcd, 0x86, 0xa1, 0x55, 0x71, 0x8a, + 0xb7, 0x48, 0x02, 0x73, 0x16, 0xf5, 0x9d, 0x83, 0x2f, 0xa8, 0x7e, 0x08, + 0x2f, 0x2d, 0xc4, 0xc3, 0xae, 0x6c, 0x65, 0x72, 0x42, 0xc1, 0x74, 0xd9, + 0x95, 0xd0, 0x10, 0xa1, 0x25, 0x9c, 0x5a, 0xf9, 0xa5, 0x08, 0x0d, 0xa2, + 0xed, 0x3a, 0xf1, 0xf7, 0x69, 0xc6, 0x29, 0xf4, 0x47, 0x43, 0x40, 0x7e, + 0x6d, 0x8b, 0xff, 0xae, 0x04, 0xf0, 0x09, 0x1d, 0x5f, 0x64, 0xd4, 0x7c, + 0xb8, 0x47, 0xf3, 0x84, 0xf2, 0x0f, 0x4a, 0x16, 0x32, 0xd1, 0xaf, 0x80, + 0x5a, 0xd6, 0x0b, 0xd8, 0xc5, 0xa4, 0x07, 0x0e, 0xbe, 0x52, 0x35, 0x99, + 0x9a, 0xa1, 0x4f, 0x44, 0x5d, 0xb7, 0x4d, 0x5d, 0xb1, 0xe2, 0xf9, 0x84, + 0x33, 0x6c, 0x51, 0xd6, 0xff, 0x27, 0x64, 0x86, 0x45, 0x56, 0xab, 0x73, + 0x1e, 0xb0, 0x21, 0x6e, 0x65, 0x19, 0x21, 0xf9, 0x97, 0x09, 0xb3, 0xec, + 0x32, 0x38, 0x79, 0x28, 0xe2, 0xd2, 0x03, 0x3a, 0x8d, 0xed, 0x8b, 0x34, + 0xa7, 0xf8, 0x0e, 0x26, 0x5b, 0x60, 0x20, 0x76, 0x43, 0x67, 0xe9, 0xea, + 0x3b, 0x0b, 0xbf, 0x25 + }; + + byte key_[] = { + 0x25, 0x9f, 0xb6, 0xab, 0x17, 0xc4, 0xd8, 0x08, 0x07, 0x57, 0xa4, 0x90, + 0x57, 0x5a, 0x31, 0xff, 0x15, 0x98, 0xb4, 0x2e, 0x86, 0x4e, 0x7a, 0xcd, + 0xe3, 0x02, 0x58, 0x6f, 0xa8, 0x4b, 0x5c, 0xab, 0xcc, 0x91, 0xad, 0x8a, + 0xbd, 0xbe, 0x49, 0x51, 0x75, 0xed, 0x2d, 0xe9, 0x15, 0x8c, 0xfe, 0x19, + 0x68, 0x4a, 0xbf, 0x74, 0xf6, 0xe2, 0x60, 0xa7, 0xad, 0x89, 0x92, 0xdf, + 0x9d, 0x6d, 0x66, 0x4c + }; +#endif + + XMEMSET(clientPubKey, 0, sizeof(clientPubKey)); + XMEMSET(serverPubKey, 0, sizeof(serverPubKey)); + XMEMSET(clientProof, 0, sizeof(clientProof)); + XMEMSET(serverProof, 0, sizeof(serverProof)); + AssertIntEQ(0, wc_SrpInit(&cli, SRP_TYPE_SHA512, SRP_CLIENT_SIDE)); + AssertIntEQ(0, wc_SrpInit(&srv, SRP_TYPE_SHA512, SRP_SERVER_SIDE)); + + AssertIntEQ(0, wc_SrpSetUsername(&cli, username_, usernameSz_)); + AssertIntEQ(0, wc_SrpSetUsername(&srv, username_, usernameSz_)); + + AssertIntEQ(0, wc_SrpSetParams(&cli, N_, sizeof(N_), + g_, sizeof(g_), + salt_, sizeof(salt_))); + AssertIntEQ(0, wc_SrpSetParams(&srv, N_, sizeof(N_), + g_, sizeof(g_), + salt_, sizeof(salt_))); + + AssertIntEQ(0, wc_SrpSetPassword(&cli, password_, passwordSz_)); + AssertIntEQ(0, wc_SrpSetVerifier(&srv, verifier_, sizeof(verifier_))); + + AssertIntEQ(0, wc_SrpSetPrivate(&cli, a_, sizeof(a_))); + AssertIntEQ(0, wc_SrpGetPublic(&cli, clientPubKey, &clientPubKeySz)); + AssertIntEQ(0, XMEMCMP(clientPubKey, A_, clientPubKeySz)); + + AssertIntEQ(0, wc_SrpSetPrivate(&srv, b_, sizeof(b_))); + AssertIntEQ(0, wc_SrpGetPublic(&srv, serverPubKey, &serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(serverPubKey, B_, serverPubKeySz)); + + cli.keyGenFunc_cb = sha512_key_gen; + AssertIntEQ(0, wc_SrpComputeKey(&cli, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(cli.key, key_, sizeof(key_))); + + srv.keyGenFunc_cb = sha512_key_gen; + AssertIntEQ(0, wc_SrpComputeKey(&srv, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz)); + AssertIntEQ(0, XMEMCMP(srv.key, key_, sizeof(key_))); + + AssertIntEQ(0, wc_SrpGetProof(&cli, clientProof, &clientProofSz)); + AssertIntEQ(0, wc_SrpVerifyPeersProof(&srv, clientProof, clientProofSz)); + + AssertIntEQ(0, wc_SrpGetProof(&srv, serverProof, &serverProofSz)); + AssertIntEQ(0, wc_SrpVerifyPeersProof(&cli, serverProof, serverProofSz)); + + wc_SrpTerm(&cli); + wc_SrpTerm(&srv); +} + +#endif + +void SrpTest(void) +{ +#if defined(WOLFCRYPT_HAVE_SRP) && defined(WOLFSSL_SHA512) + wolfCrypt_Init(); + test_SrpInit(); + test_SrpSetUsername(); + test_SrpSetParams(); +#ifndef NO_SHA + test_SrpSetPassword(); + test_SrpGetPublic(); + test_SrpComputeKey(); + test_SrpGetProofAndVerify(); +#endif /* !NO_SHA */ + test_SrpKeyGenFunc_cb(); + wolfCrypt_Cleanup(); +#endif +} diff --git a/test/ssl/wolfssl/tests/suites.c b/test/ssl/wolfssl/tests/suites.c new file mode 100644 index 000000000..60a727ea0 --- /dev/null +++ b/test/ssl/wolfssl/tests/suites.c @@ -0,0 +1,1543 @@ +/* suites.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#include +#include +#include +#include + +#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \ + && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE)) +#include +#endif + +#include /* for LARGEST_MEM_BUCKET */ + +#define MAX_ARGS 40 +#define MAX_COMMAND_SZ 240 +#ifdef WOLFSSL_TLS13 + #define MAX_SUITE_SZ 200 +#else + #define MAX_SUITE_SZ 80 +#endif +#define NOT_BUILT_IN (-123) +#if defined(NO_OLD_TLS) || !defined(WOLFSSL_ALLOW_SSLV3) || \ + !defined(WOLFSSL_ALLOW_TLSV10) + #define VERSION_TOO_OLD (-124) +#endif + +#include "examples/client/client.h" +#include "examples/server/server.h" + +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_TLS) && !defined(SINGLE_THREADED) +static WOLFSSL_CTX* cipherSuiteCtx = NULL; +static char nonblockFlag[] = "-N"; +static char noVerifyFlag[] = "-d"; +static char disableEMSFlag[] = "-n"; +static char flagSep[] = " "; +#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) + static char portFlag[] = "-p"; + static char svrPort[] = "0"; +#endif +static char intTestFlag[] = "-H"; +static char forceDefCipherListFlag[] = "defCipherList"; +static char exitWithRetFlag[] = "exitWithRet"; +static char disableDHPrimeTest[] = "-2"; + +#ifdef WOLFSSL_ASYNC_CRYPT + static int devId = INVALID_DEVID; +#endif + + +#ifdef VERSION_TOO_OLD +static int GetTlsVersion(const char* line) +{ + int version = -1; + const char* find = "-v "; + const char* begin = strstr(line, find); + + if (begin) { + begin += 3; + if (*begin == 'd' || *begin == 'e') + begin += 2; + + version = atoi(begin); + } + return version; +} + +#ifndef WOLFSSL_ALLOW_SSLV3 +/* if the protocol version is sslv3 return 1, else 0 */ +static int IsSslVersion(const char* line) +{ + int version = GetTlsVersion(line); + return (version == 0) ? 1 : 0; +} +#endif /* !WOLFSSL_ALLOW_SSLV3 */ + +#ifndef WOLFSSL_ALLOW_TLSV10 +/* if the protocol version is TLSv1.0 return 1, else 0 */ +static int IsTls10Version(const char* line) +{ + int version = GetTlsVersion(line); + return (version == 1) ? 1 : 0; +} +#endif /* !WOLFSSL_ALLOW_TLSV10 */ + +#ifdef NO_OLD_TLS +/* if the protocol version is less than tls 1.2 return 1, else 0 */ +static int IsOldTlsVersion(const char* line) +{ + int version = GetTlsVersion(line); + return (version < 3) ? 1 : 0; +} +#endif /* NO_OLD_TLS */ +#endif /* VERSION_TOO_OLD */ + + +/* if the cipher suite on line is valid store in suite and return 1, else 0 */ +static int IsValidCipherSuite(const char* line, char *suite, size_t suite_spc) +{ + int found = 0; + int valid = 0; + + const char* find = "-l "; + const char* begin = strstr(line, find); + const char* end; + + if (suite_spc < MAX_SUITE_SZ+1) + return 0; + + suite[0] = '\0'; + + if (begin) { + begin += 3; + + end = XSTRSTR(begin, " "); + + if (end) { + long len = end - begin; + if (len > MAX_SUITE_SZ) { + printf("suite too long!\n"); + return 0; + } + XMEMCPY(suite, begin, (size_t) len); + suite[len] = '\0'; + } + else + XSTRNCPY(suite, begin, MAX_SUITE_SZ); + + suite[MAX_SUITE_SZ] = '\0'; + found = 1; + } + + if (found) { + if (wolfSSL_CTX_set_cipher_list(cipherSuiteCtx, suite) == WOLFSSL_SUCCESS) + valid = 1; + } + + return valid; +} + +#if defined(WOLFSSL_HAVE_MLKEM) +static int IsKyberLevelAvailable(const char* line) +{ + int available = 0; + const char* find = "--pqc "; + const char* begin = strstr(line, find); + const char* end; + + if (begin != NULL) { + begin += 6; + end = XSTRSTR(begin, " "); + + #ifndef WOLFSSL_NO_ML_KEM + if ((size_t)end - (size_t)begin == 10) { + #ifndef WOLFSSL_NO_ML_KEM_512 + if (XSTRNCMP(begin, "ML_KEM_512", 10) == 0) { + available = 1; + } + #endif + #ifndef WOLFSSL_NO_ML_KEM_768 + if (XSTRNCMP(begin, "ML_KEM_768", 10) == 0) { + available = 1; + } + #endif + } + #ifndef WOLFSSL_NO_ML_KEM_1024 + if ((size_t)end - (size_t)begin == 11) { + if (XSTRNCMP(begin, "ML_KEM_1024", 11) == 0) { + available = 1; + } + } + #endif + #endif + #ifdef WOLFSSL_MLKEM_KYBER + if ((size_t)end - (size_t)begin == 12) { + #ifndef WOLFSSL_NO_KYBER512 + if (XSTRNCMP(begin, "KYBER_LEVEL1", 12) == 0) { + available = 1; + } + #endif + #ifndef WOLFSSL_NO_KYBER768 + if (XSTRNCMP(begin, "KYBER_LEVEL3", 12) == 0) { + available = 1; + } + #endif + #ifndef WOLFSSL_NO_KYBER1024 + if (XSTRNCMP(begin, "KYBER_LEVEL5", 12) == 0) { + available = 1; + } + #endif + } + #endif + } + +#if defined(WOLFSSL_MLKEM_NO_MAKE_KEY) || \ + defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ + defined(WOLFSSL_MLKEM_NO_DECAPSULATE) + (void)available; + return begin == NULL; +#else + return (begin == NULL) || available; +#endif +} +#endif + +static int IsValidCert(const char* line) +{ + int ret = 1; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + WOLFSSL_CTX* ctx; + size_t i; + const char* begin; + char cert[80]; +#ifdef WOLFSSL_STATIC_MEMORY + FILE* fStream = NULL; + long chkSz = 0; +#endif + + begin = XSTRSTR(line, "-c "); + if (begin == NULL) + return 1; + + begin += 3; + for (i = 0; i < sizeof(cert) - 1 && *begin != ' ' && *begin != '\0'; i++) + cert[i] = *(begin++); + cert[i] = '\0'; +#ifdef WOLFSSL_STATIC_MEMORY + fStream = XFOPEN(cert, "rb"); + if (fStream == NULL) { + printf("Failed to open file %s\n", cert); + printf("Invalid cert, skipping test\n"); + return 0; + } else { + printf("Successfully opened file\n"); + } + + XFSEEK(fStream, 0L, SEEK_END); + chkSz = XFTELL(fStream); + XFCLOSE(fStream); + if (chkSz > LARGEST_MEM_BUCKET) { + printf("File is larger than largest bucket, skipping this test\n"); + return 0; + } +#endif + + ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex(NULL)); + if (ctx == NULL) + return 0; + ret = wolfSSL_CTX_use_certificate_chain_file(ctx, cert) == WOLFSSL_SUCCESS; + wolfSSL_CTX_free(ctx); +#endif /* !NO_FILESYSTEM && !NO_CERTS */ + + (void)line; + + return ret; +} + +static int IsValidCA(const char* line) +{ + int ret = 1; +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) + WOLFSSL_CTX* ctx; + size_t i; + const char* begin; + char cert[80]; + + begin = XSTRSTR(line, "-A "); + if (begin == NULL) + return 1; + + begin += 3; + for (i = 0; i < sizeof(cert) - 1 && *begin != ' ' && *begin != '\0'; i++) + cert[i] = *(begin++); + cert[i] = '\0'; + + ctx = wolfSSL_CTX_new(wolfSSLv23_server_method_ex(NULL)); + if (ctx == NULL) + return 0; + ret = wolfSSL_CTX_use_certificate_chain_file(ctx, cert) == WOLFSSL_SUCCESS; + wolfSSL_CTX_free(ctx); +#endif /* !NO_FILESYSTEM && !NO_CERTS */ + + (void)line; + + return ret; +} + +#ifdef WOLFSSL_NO_CLIENT_AUTH +static int IsClientAuth(const char* line, int* reqClientCert) +{ + const char* begin; + + begin = XSTRSTR(line, "-H verifyFail"); + if (begin != NULL) { + return 1; + } + + begin = XSTRSTR(line, "-d"); + if (begin != NULL) { + *reqClientCert = 0; + } + else { + *reqClientCert = 1; + } + + return 0; +} +#endif + +#ifdef NO_CERTS +static int IsUsingCert(const char* line) +{ + return XSTRSTR(line, "-c ") != NULL; +} +#endif + +#if defined(NO_CERTS) || defined(WOLFSSL_NO_CLIENT_AUTH) +static int IsNoClientCert(const char* line) +{ + const char* begin; + + begin = XSTRSTR(line, "-x"); + if (begin != NULL) { + return 1; + } + + return 0; +} +#endif + +#if (defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)) && \ + !defined(NO_RSA) && !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) +static int IsEcdsaCipherSuiteDefRsaCert(const char* line) +{ + int found; + + found = (strstr(line, "-ECDSA-") != NULL); + found &= (strstr(line, "-c ") == NULL); + found &= (strstr(line, "-x") == NULL); + + return found; +} +#endif + +static int execute_test_case(int svr_argc, char** svr_argv, + int cli_argc, char** cli_argv, + int addNoVerify, int addNonBlocking, + int addDisableEMS, int forceSrvDefCipherList, + int forceCliDefCipherList) +{ +#if defined(WOLFSSL_TIRTOS) || defined(WOLFSSL_SRTP) + func_args cliArgs = {0, NULL, 0, NULL, NULL, NULL}; + func_args svrArgs = {0, NULL, 0, NULL, NULL, NULL}; +#else + func_args cliArgs = {0, NULL, 0, NULL, NULL}; + func_args svrArgs = {0, NULL, 0, NULL, NULL}; +#endif + + tcp_ready ready; + THREAD_TYPE serverThread; + char commandLine[MAX_COMMAND_SZ]; + char cipherSuite[MAX_SUITE_SZ+1]; + int i; + size_t added; + static int tests = 1; +#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) + static char portNumber[8]; +#endif + int cliTestShouldFail = 0, svrTestShouldFail = 0; +#ifdef WOLFSSL_NO_CLIENT_AUTH + int reqClientCert; +#endif +#if defined(WOLFSSL_SRTP) && defined(WOLFSSL_COND) + srtp_test_helper srtp_helper; +#endif + + cliArgs.argc = cli_argc; + cliArgs.argv = cli_argv; + svrArgs.argc = svr_argc; + svrArgs.argv = svr_argv; + + /* Is Valid Cipher and Version Checks */ + /* build command list for the Is checks below */ + commandLine[0] = '\0'; + added = 0; + for (i = 0; i < svrArgs.argc; i++) { + added += XSTRLEN(svr_argv[i]) + 2; + if (added >= MAX_COMMAND_SZ) { + printf("server command line too long\n"); + break; + } + XSTRLCAT(commandLine, svr_argv[i], sizeof commandLine); + XSTRLCAT(commandLine, flagSep, sizeof commandLine); + } + if (IsValidCipherSuite(commandLine, cipherSuite, sizeof cipherSuite) == 0) { + #ifdef DEBUG_SUITE_TESTS + printf("cipher suite %s not supported in build\n", cipherSuite); + #endif + return NOT_BUILT_IN; + } +#ifdef WOLFSSL_HAVE_MLKEM + if (!IsKyberLevelAvailable(commandLine)) { + #ifdef DEBUG_SUITE_TESTS + printf("Kyber level not supported in build: %s\n", commandLine); + #endif + return NOT_BUILT_IN; + } +#endif + if (!IsValidCert(commandLine)) { + #ifdef DEBUG_SUITE_TESTS + printf("certificate %s not supported in build\n", commandLine); + #endif + return NOT_BUILT_IN; + } + +#ifndef WOLFSSL_ALLOW_SSLV3 + if (IsSslVersion(commandLine) == 1) { + #ifdef DEBUG_SUITE_TESTS + printf("protocol version on line %s is too old\n", commandLine); + #endif + return VERSION_TOO_OLD; + } +#endif +#ifndef WOLFSSL_ALLOW_TLSV10 + if (IsTls10Version(commandLine) == 1) { + #ifdef DEBUG_SUITE_TESTS + printf("protocol version on line %s is too old\n", commandLine); + #endif + return VERSION_TOO_OLD; + } +#endif +#ifdef NO_OLD_TLS + if (IsOldTlsVersion(commandLine) == 1) { + #ifdef DEBUG_SUITE_TESTS + printf("protocol version on line %s is too old\n", commandLine); + #endif + return VERSION_TOO_OLD; + } +#endif +#ifdef WOLFSSL_NO_CLIENT_AUTH + if (IsClientAuth(commandLine, &reqClientCert)) { + #ifdef DEBUG_SUITE_TESTS + printf("client auth on line %s not supported in build\n", + commandLine); + #endif + return NOT_BUILT_IN; + } +#endif +#ifdef NO_CERTS + if (IsUsingCert(commandLine)) { + #ifdef DEBUG_SUITE_TESTS + printf("certificate %s not supported in build\n", commandLine); + #endif + return NOT_BUILT_IN; + } +#endif + + /* Build Server Command */ + if (addNoVerify) { + printf("repeating test with client cert request off\n"); + if (svrArgs.argc >= MAX_ARGS) + printf("server command line too long\n"); + else + svr_argv[svrArgs.argc++] = noVerifyFlag; + } + if (addNonBlocking) { + printf("repeating test with non blocking on\n"); + if (svrArgs.argc >= MAX_ARGS) + printf("server command line too long\n"); + else + svr_argv[svrArgs.argc++] = nonblockFlag; + } + #if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) + /* add port */ + if (svrArgs.argc + 2 > MAX_ARGS) + printf("cannot add the magic port number flag to server\n"); + else { + svr_argv[svrArgs.argc++] = portFlag; + svr_argv[svrArgs.argc++] = svrPort; + } + #endif + if (forceSrvDefCipherList) { + if (svrArgs.argc + 2 > MAX_ARGS) + printf("cannot add the force def cipher list flag to server\n"); + else { + svr_argv[svrArgs.argc++] = intTestFlag; + svr_argv[svrArgs.argc++] = forceDefCipherListFlag; + } + } +#ifdef TEST_PK_PRIVKEY + svr_argv[svrArgs.argc++] = (char*)"-P"; +#endif + + + /* update server flags list */ + commandLine[0] = '\0'; + added = 0; + for (i = 0; i < svrArgs.argc; i++) { + added += XSTRLEN(svr_argv[i]) + 2; + if (added >= MAX_COMMAND_SZ) { + printf("server command line too long\n"); + break; + } + XSTRLCAT(commandLine, svr_argv[i], sizeof commandLine); + XSTRLCAT(commandLine, flagSep, sizeof commandLine); + } + printf("trying server command line[%d]: %s\n", tests, commandLine); + + tests++; /* test count */ + + /* determine based on args if this test is expected to fail */ + if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) { + svrTestShouldFail = 1; + } + + + commandLine[0] = '\0'; + added = 0; + for (i = 0; i < cliArgs.argc; i++) { + added += XSTRLEN(cli_argv[i]) + 2; + if (added >= MAX_COMMAND_SZ) { + printf("client command line too long\n"); + break; + } + XSTRLCAT(commandLine, cli_argv[i], sizeof commandLine); + XSTRLCAT(commandLine, flagSep, sizeof commandLine); + } + if (!IsValidCA(commandLine)) { + #ifdef DEBUG_SUITE_TESTS + printf("certificate %s not supported in build\n", commandLine); + #endif + return NOT_BUILT_IN; + } +#ifdef WOLFSSL_NO_CLIENT_AUTH + if (reqClientCert && IsNoClientCert(commandLine)) { + #ifdef DEBUG_SUITE_TESTS + printf("client auth on line %s not supported in build\n", + commandLine); + #endif + return NOT_BUILT_IN; + } +#else + if (!IsValidCert(commandLine)) { + #ifdef DEBUG_SUITE_TESTS + printf("certificate %s not supported in build\n", commandLine); + #endif + return NOT_BUILT_IN; + } +#endif +#ifdef NO_CERTS + if (IsNoClientCert(commandLine)) { + #ifdef DEBUG_SUITE_TESTS + printf("certificate %s not supported in build\n", commandLine); + #endif + return NOT_BUILT_IN; + } +#endif +#if (defined(HAVE_ECC) || defined(HAVE_ED25519) || defined(HAVE_ED448)) && \ + !defined(NO_RSA) && !defined(NO_CERTS) && !defined(WOLFSSL_NO_CLIENT_AUTH) + if (IsEcdsaCipherSuiteDefRsaCert(commandLine)) { + return NOT_BUILT_IN; + } +#endif + + + InitTcpReady(&ready); + +#if defined(WOLFSSL_SRTP) && defined(WOLFSSL_COND) + srtp_helper_init(&srtp_helper); + cliArgs.srtp_helper = &srtp_helper; + svrArgs.srtp_helper = &srtp_helper; +#endif + +#ifdef WOLFSSL_TIRTOS + fdOpenSession(Task_self()); +#endif + + /* start server */ + svrArgs.signal = &ready; + start_thread(server_test, &svrArgs, &serverThread); + wait_tcp_ready(&svrArgs); + + + /* Build Client Command */ + if (addNonBlocking) { + if (cliArgs.argc >= MAX_ARGS) + printf("cannot add the non block flag to client\n"); + else + cli_argv[cliArgs.argc++] = nonblockFlag; + } + if (addDisableEMS) { + printf("repeating test without extended master secret\n"); + if (cliArgs.argc >= MAX_ARGS) + printf("cannot add the disable EMS flag to client\n"); + else + cli_argv[cliArgs.argc++] = disableEMSFlag; + } +#if !defined(USE_WINDOWS_API) && !defined(WOLFSSL_TIRTOS) + if (ready.port != 0) { + if (cliArgs.argc + 2 > MAX_ARGS) + printf("cannot add the magic port number flag to client\n"); + else { + (void)snprintf(portNumber, sizeof(portNumber), "%d", + (int)ready.port); + cli_argv[cliArgs.argc++] = portFlag; + cli_argv[cliArgs.argc++] = portNumber; + } + } +#endif + if (forceCliDefCipherList) { + if (cliArgs.argc + 2 > MAX_ARGS) + printf("cannot add the force def cipher list flag to client\n"); + else { + cli_argv[cliArgs.argc++] = intTestFlag; + cli_argv[cliArgs.argc++] = forceDefCipherListFlag; + } + } +#ifdef TEST_PK_PRIVKEY + cli_argv[cliArgs.argc++] = (char*)"-P"; +#endif + + commandLine[0] = '\0'; + added = 0; + for (i = 0; i < cliArgs.argc; i++) { + added += XSTRLEN(cli_argv[i]) + 2; + if (added >= MAX_COMMAND_SZ) { + printf("client command line too long\n"); + break; + } + XSTRLCAT(commandLine, cli_argv[i], sizeof commandLine); + XSTRLCAT(commandLine, flagSep, sizeof commandLine); + } + printf("trying client command line[%d]: %s\n", tests, commandLine); + tests++; + + /* determine based on args if this test is expected to fail */ + if (XSTRSTR(commandLine, exitWithRetFlag) != NULL) { + cliTestShouldFail = 1; + } + + /* start client */ + client_test(&cliArgs); + + /* verify results */ + if ((cliArgs.return_code != 0 && cliTestShouldFail == 0) || + (cliArgs.return_code == 0 && cliTestShouldFail != 0)) { + printf("client_test failed %d %s\n", cliArgs.return_code, + cliTestShouldFail ? "(should fail)" : ""); + XEXIT(EXIT_FAILURE); + } + + join_thread(serverThread); + if ((svrArgs.return_code != 0 && svrTestShouldFail == 0) || + (svrArgs.return_code == 0 && svrTestShouldFail != 0)) { + printf("server_test failed %d %s\n", svrArgs.return_code, + svrTestShouldFail ? "(should fail)" : ""); + XEXIT(EXIT_FAILURE); + } + +#ifdef WOLFSSL_TIRTOS + fdCloseSession(Task_self()); +#endif + FreeTcpReady(&ready); + +#if defined (WOLFSSL_SRTP) && defined(WOLFSSL_COND) + srtp_helper_free(&srtp_helper); +#endif + + /* only run the first test for expected failure cases */ + /* the example server/client are not designed to handle expected failure in + all cases, such as non-blocking, etc... */ + if (svrTestShouldFail || cliTestShouldFail) { + return NOT_BUILT_IN; + } + + return 0; +} + +static void test_harness(void* vargs) +{ + func_args* args = (func_args*)vargs; + char* script; + long sz, len; + int cliMode = 0; /* server or client command flag, server first */ + int ret; + FILE* file; + char* svrArgs[MAX_ARGS]; + int svrArgsSz; + char* cliArgs[MAX_ARGS]; + int cliArgsSz; + char* cursor; + char* comment; + char lastChar = '\0'; + int do_it = 0; + const char* fname = "tests/test.conf"; + const char* addArgs = NULL; + + if (args->argc == 1) { + printf("notice: using default file %s\n", fname); + } + else if (args->argc == 3) { + addArgs = args->argv[2]; + } + else if (args->argc > 3) { + printf("usage: harness [FILE] [ARG]\n"); + args->return_code = 1; + return; + } + + if (args->argc >= 2) { + fname = args->argv[1]; + } + + file = fopen(fname, "rb"); + if (file == NULL) { + fprintf(stderr, "unable to open %s\n", fname); + args->return_code = 1; + return; + } + if (fseek(file, 0, SEEK_END) < 0) { + fprintf(stderr, "error %d fseeking %s\n", errno, fname); + fclose(file); + args->return_code = 1; + return; + } + sz = ftell(file); + if (sz <= 0) { + fprintf(stderr, "%s is empty\n", fname); + fclose(file); + args->return_code = 1; + return; + } + if (fseek(file, 0, SEEK_SET) < 0) { + fprintf(stderr, "error %d fseeking %s\n", errno, fname); + fclose(file); + args->return_code = 1; + return; + } + + script = (char*)malloc((size_t)(sz+1)); + if (script == 0) { + fprintf(stderr, "unable to allocate script buffer\n"); + fclose(file); + args->return_code = 1; + return; + } + + len = (long) fread(script, 1, (size_t)sz, file); + if (len != sz) { + fprintf(stderr, "read error\n"); + fclose(file); + free(script); + args->return_code = 1; + return; + } + + fclose(file); + script[sz] = 0; + + cursor = script; + svrArgsSz = 1; + svrArgs[0] = args->argv[0]; + cliArgsSz = 1; + cliArgs[0] = args->argv[0]; + + while (cursor && *cursor != 0) { + switch (*cursor) { + case '\n': + /* A blank line triggers test case execution or switches + to client mode if we don't have the client command yet */ + if (lastChar != '\n' && (cliArgsSz > 1 || svrArgsSz > 1)) { + if (cliMode == 0) + cliMode = 1; /* switch to client mode processing */ + else + do_it = 1; /* Do It, we have server and client */ + } + #ifdef DEBUG_SUITE_TESTS + else { + /* skip extra new-lines */ + printf("skipping extra new line\n"); + } + #endif + lastChar = *cursor; + cursor++; + break; + case '#': + lastChar = *cursor; + /* Ignore lines that start with a # */ + comment = XSTRSEP(&cursor, "\n"); + #ifdef DEBUG_SUITE_TESTS + printf("%s\n", comment); + #else + (void)comment; + #endif + break; + case '-': + default: + /* Parameters start with a -. They end in either a newline + * or a space. Capture until either, save in Args list. */ + lastChar = *cursor; + if (cliMode) + cliArgs[cliArgsSz++] = XSTRSEP(&cursor, " \n"); + else + svrArgs[svrArgsSz++] = XSTRSEP(&cursor, " \n"); + if (cursor == NULL || *cursor == '\0') /* eof */ + do_it = 1; + break; + } + + if (svrArgsSz == MAX_ARGS || cliArgsSz == MAX_ARGS) { + fprintf(stderr, "too many arguments, forcing test run\n"); + do_it = 1; + } + + if (do_it) { + /* additional arguments processing */ + if (cliArgsSz+2 < MAX_ARGS && svrArgsSz+2 < MAX_ARGS) { + if (addArgs == NULL || XSTRSTR(addArgs, "doDH") == NULL) { + /* The `-2` disable DH prime check is added to all tests by default */ + cliArgs[cliArgsSz++] = disableDHPrimeTest; + svrArgs[svrArgsSz++] = disableDHPrimeTest; + } + if (addArgs && XSTRSTR(addArgs, "expFail")) { + /* Tests should expect to fail */ + cliArgs[cliArgsSz++] = intTestFlag; + cliArgs[cliArgsSz++] = exitWithRetFlag; + svrArgs[svrArgsSz++] = intTestFlag; + svrArgs[svrArgsSz++] = exitWithRetFlag; + } + } + + ret = execute_test_case(svrArgsSz, svrArgs, + cliArgsSz, cliArgs, 0, 0, 0, 0, 0); + /* don't repeat if not supported in build */ + if (ret == 0) { + /* test with default cipher list on server side */ + execute_test_case(svrArgsSz, svrArgs, + cliArgsSz, cliArgs, 0, 0, 0, 1, 0); + /* test with default cipher list on client side */ + execute_test_case(svrArgsSz, svrArgs, + cliArgsSz, cliArgs, 0, 0, 0, 0, 1); + + execute_test_case(svrArgsSz, svrArgs, + cliArgsSz, cliArgs, 0, 1, 0, 0, 0); + execute_test_case(svrArgsSz, svrArgs, + cliArgsSz, cliArgs, 1, 0, 0, 0, 0); + execute_test_case(svrArgsSz, svrArgs, + cliArgsSz, cliArgs, 1, 1, 0, 0, 0); +#ifdef HAVE_EXTENDED_MASTER + execute_test_case(svrArgsSz, svrArgs, + cliArgsSz, cliArgs, 0, 0, 1, 0, 0); + execute_test_case(svrArgsSz, svrArgs, + cliArgsSz, cliArgs, 0, 1, 1, 0, 0); + execute_test_case(svrArgsSz, svrArgs, + cliArgsSz, cliArgs, 1, 0, 1, 0, 0); + execute_test_case(svrArgsSz, svrArgs, + cliArgsSz, cliArgs, 1, 1, 1, 0, 0); +#endif + } + svrArgsSz = 1; + cliArgsSz = 1; + cliMode = 0; + do_it = 0; + } + } + + free(script); + args->return_code = 0; +} +#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT */ + + +int SuiteTest(int argc, char** argv) +{ +#if !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(NO_TLS) && !defined(SINGLE_THREADED) && \ + !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + func_args args; + char argv0[3][80]; + char* myArgv[3]; + + printf(" Begin Cipher Suite Tests\n"); + + /* setup */ + myArgv[0] = argv0[0]; + myArgv[1] = argv0[1]; + myArgv[2] = argv0[2]; + args.argv = myArgv; + XSTRLCPY(argv0[0], "SuiteTest", sizeof(argv0[0])); + +#ifdef WOLFSSL_STATIC_MEMORY + byte memory[200000]; +#endif + + cipherSuiteCtx = wolfSSL_CTX_new(wolfSSLv23_client_method()); + if (cipherSuiteCtx == NULL) { + printf("can't get cipher suite ctx\n"); + args.return_code = EXIT_FAILURE; + goto exit; + } + + /* load in static memory buffer if enabled */ +#ifdef WOLFSSL_STATIC_MEMORY + if (wolfSSL_CTX_load_static_memory(&cipherSuiteCtx, NULL, + memory, sizeof(memory), 0, 1) + != WOLFSSL_SUCCESS) { + printf("unable to load static memory and create ctx"); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + if (wolfAsync_DevOpen(&devId) < 0) { + printf("Async device open failed"); + args.return_code = EXIT_FAILURE; + goto exit; + } + wolfSSL_CTX_SetDevId(cipherSuiteCtx, devId); +#endif /* WOLFSSL_ASYNC_CRYPT */ + + /* support for custom command line tests */ + if (argc > 1) { + /* Examples: + ./tests/unit.test tests/test-altchains.conf + ./tests/unit.test tests/test-fails.conf expFail + ./tests/unit.test tests/test-dhprime.conf doDH + */ + args.argc = argc; + args.argv = argv; + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + } + goto exit; + } + + /* default case */ + args.argc = 1; + printf("starting default cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + + /* any extra cases will need another argument */ + args.argc = 2; + +#ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES + /* SHA-2 cipher suites in old TLS versions */ + XSTRLCPY(argv0[1], "tests/test-sha2.conf", sizeof(argv0[1])); + printf("starting SHA-2 cipher suite in old TLS versions tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif + +#ifdef WOLFSSL_TLS13 + /* add TLSv13 extra suites */ + XSTRLCPY(argv0[1], "tests/test-tls13.conf", sizeof(argv0[1])); + printf("starting TLSv13 extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #ifdef HAVE_ECC + /* add TLSv13 ECC extra suites */ + XSTRLCPY(argv0[1], "tests/test-tls13-ecc.conf", sizeof(argv0[1])); + printf("starting TLSv13 ECC extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #endif + #ifndef WOLFSSL_NO_TLS12 + /* add TLSv13 downgrade tests */ + XSTRLCPY(argv0[1], "tests/test-tls13-down.conf", sizeof(argv0[1])); + printf("starting TLSv13 Downgrade extra tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #endif + #ifdef HAVE_PQC + /* add TLSv13 pq tests */ + XSTRLCPY(argv0[1], "tests/test-tls13-pq.conf", sizeof(argv0[1])); + printf("starting TLSv13 post-quantum groups tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + /* add TLSv13 pq hybrid tests */ + XSTRLCPY(argv0[1], "tests/test-tls13-pq-hybrid.conf", sizeof(argv0[1])); + printf("starting TLSv13 post-quantum groups tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #endif + #if defined(HAVE_PQC) && defined(WOLFSSL_DTLS13) + /* add DTLSv13 pq tests */ + XSTRLCPY(argv0[1], "tests/test-dtls13-pq.conf", sizeof(argv0[1])); + printf("starting DTLSv13 post-quantum groups tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + /* add DTLSv13 pq hybrid tests */ + XSTRLCPY(argv0[1], "tests/test-dtls13-pq-hybrid.conf", sizeof(argv0[1])); + printf("starting DTLSv13 post-quantum 2 groups tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #ifdef WOLFSSL_DTLS_CH_FRAG + /* add DTLSv13 pq frag tests */ + XSTRLCPY(argv0[1], "tests/test-dtls13-pq-frag.conf", sizeof(argv0[1])); + printf("starting DTLSv13 post-quantum groups tests with fragmentation\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + /* add DTLSv13 pq hybrid frag tests */ + XSTRLCPY(argv0[1], "tests/test-dtls13-pq-hybrid-frag.conf", sizeof(argv0[1])); + printf("starting DTLSv13 post-quantum 2 groups tests with fragmentation\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #endif + #endif +#endif +#if defined(WC_RSA_PSS) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) && \ + (!defined(HAVE_SELFTEST) || (defined(HAVE_SELFTEST_VERSION) && \ + (HAVE_SELFTEST_VERSION > 2))) + /* add RSA-PSS certificate cipher suite tests */ + XSTRLCPY(argv0[1], "tests/test-rsapss.conf", sizeof(argv0[1])); + printf("starting RSA-PSS extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif +#if defined(HAVE_CURVE25519) && defined(HAVE_ED25519) && \ + defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_VERIFY) && \ + defined(HAVE_ED25519_KEY_IMPORT) && defined(HAVE_ED25519_KEY_EXPORT) + /* add ED25519 certificate cipher suite tests */ + XSTRLCPY(argv0[1], "tests/test-ed25519.conf", sizeof(argv0[1])); + printf("starting ED25519 extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif +#if defined(HAVE_CURVE448) && defined(HAVE_ED448) && \ + defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_VERIFY) && \ + defined(HAVE_ED448_KEY_IMPORT) && defined(HAVE_ED448_KEY_EXPORT) + /* add ED448 certificate cipher suite tests */ + XSTRLCPY(argv0[1], "tests/test-ed448.conf", sizeof(argv0[1])); + printf("starting ED448 extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif +#if defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && \ + (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) + /* add P-521 certificate cipher suite tests */ + XSTRLCPY(argv0[1], "tests/test-p521.conf", sizeof(argv0[1])); + printf("starting P-521 extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif +#if defined(HAVE_ECC) && !defined(NO_SHA256) && defined(WOLFSSL_CUSTOM_CURVES) && \ + defined(HAVE_ECC_KOBLITZ) && defined(HAVE_ECC_BRAINPOOL) && \ + /* Intel QuickAssist and Cavium Nitrox do not support custom curves */ \ + !defined(HAVE_INTEL_QA) && !defined(HAVE_CAVIUM_V) && \ + /* only supported with newer ASN template code */ \ + defined(WOLFSSL_ASN_TEMPLATE) + + /* TLS non-NIST curves (Koblitz / Brainpool) */ + XSTRLCPY(argv0[1], "tests/test-ecc-cust-curves.conf", sizeof(argv0[1])); + printf("starting TLS test of non-NIST curves (Koblitz / Brainpool)\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif +#ifdef WOLFSSL_DTLS + /* add dtls extra suites */ + XSTRLCPY(argv0[1], "tests/test-dtls.conf", sizeof(argv0[1])); + printf("starting dtls extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + /* add dtls grouping tests */ + XSTRLCPY(argv0[1], "tests/test-dtls-group.conf", sizeof(argv0[1])); + printf("starting dtls message grouping tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + /* add dtls session resumption tests */ + XSTRLCPY(argv0[1], "tests/test-dtls-resume.conf", sizeof(argv0[1])); + printf("starting dtls session resumption tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#ifdef HAVE_SECURE_RENEGOTIATION + /* add dtls renegotiation tests */ + XSTRLCPY(argv0[1], "tests/test-dtls-reneg-client.conf", sizeof(argv0[1])); + printf("starting dtls secure renegotiation client tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + XSTRLCPY(argv0[1], "tests/test-dtls-reneg-server.conf", sizeof(argv0[1])); + printf("starting dtls secure renegotiation server tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif +#ifdef WOLFSSL_DTLS_MTU + /* Add dtls different MTU size tests. + * These also use grouping to force wolfSSL to + * bounce off the MTU limit more */ + XSTRLCPY(argv0[1], "tests/test-dtls-mtu.conf", sizeof(argv0[1])); + printf("starting dtls MTU tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif + + /* Add dtls downgrade test */ + XSTRLCPY(argv0[1], "tests/test-dtls-downgrade.conf", sizeof(argv0[1])); + printf("starting dtls downgrade tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + +#ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES + /* add dtls extra suites */ + XSTRLCPY(argv0[1], "tests/test-dtls-sha2.conf", sizeof(argv0[1])); + printf("starting dtls extra cipher suite tests - old TLS sha-2 cs\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif +#ifndef WOLFSSL_NO_DTLS_SIZE_CHECK + /* failure tests */ + args.argc = 3; + XSTRLCPY(argv0[1], "tests/test-dtls-fails.conf", sizeof(argv0[1])); + XSTRLCPY(argv0[2], "expFail", sizeof(argv0[2])); /* tests are expected to fail */ + printf("starting dtls tests that expect failure\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + XSTRLCPY(argv0[2], "", sizeof(argv0[2])); +#endif +#if defined(WOLFSSL_EXTRA_ALERTS) && defined(WOLFSSL_AES_256) + /* failure tests */ + args.argc = 3; + XSTRLCPY(argv0[1], "tests/test-dtls-fails-cipher.conf", sizeof(argv0[1])); + XSTRLCPY(argv0[2], "expFail", sizeof(argv0[2])); /* tests are expected to fail */ + printf("starting dtls cipher mismatch tests that expect failure\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + XSTRLCPY(argv0[2], "", sizeof(argv0[2])); +#endif + +#ifdef WOLFSSL_SRTP + args.argc = 2; + strcpy(argv0[1], "tests/test-dtls-srtp.conf"); + printf("starting dtls srtp suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + + /* failure tests */ + args.argc = 3; + strcpy(argv0[1], "tests/test-dtls-srtp-fails.conf"); + strcpy(argv0[2], "expFail"); /* tests are expected to fail */ + printf("starting dtls srtp profile mismatch tests that expect failure\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + strcpy(argv0[2], ""); +#endif + +#ifdef WOLFSSL_DTLS13 + args.argc = 2; + strcpy(argv0[1], "tests/test-dtls13.conf"); + printf("starting DTLSv1.3 suite\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + +#ifndef WOLFSSL_NO_TLS12 + args.argc = 2; + strcpy(argv0[1], "tests/test-dtls13-downgrade.conf"); + printf("starting DTLSv1.3 suite - downgrade\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + args.argc = 3; + strcpy(argv0[1], "tests/test-dtls13-downgrade-fails.conf"); + strcpy(argv0[2], "expFail"); + printf("starting DTLSv1.3 suite - downgrade - (expFails)\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + args.argc = 2; + XMEMSET(argv0[2], 0, sizeof(argv0[2])); +#endif /* WOLFSSL_NO_TLS12 */ + +#ifndef NO_PSK + XSTRLCPY(argv0[1], "tests/test-dtls13-psk.conf", sizeof(argv0[1])); + printf("starting DTLS 1.3 psk suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif /* NO_PSK */ + +#ifdef WOLFSSL_DTLS_CID + XSTRLCPY(argv0[1], "tests/test-dtls13-cid.conf", sizeof(argv0[1])); + printf("starting DTLS 1.3 ConnectionID suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif /* WOLFSSL_DTLS_CID */ + +#endif /* WOLFSSL_DTLS13 */ + +#endif +#ifdef WOLFSSL_SCTP + /* add dtls-sctp extra suites */ + XSTRLCPY(argv0[1], "tests/test-sctp.conf", sizeof(argv0[1])); + printf("starting dtls-sctp extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#ifdef WOLFSSL_OLDTLS_SHA2_CIPHERSUITES + /* add dtls-sctp extra suites */ + XSTRLCPY(argv0[1], "tests/test-sctp-sha2.conf", sizeof(argv0[1])); + printf("starting dtls-sctp extra cipher suite tests - old TLS sha-2 cs\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif +#endif +#ifndef WC_STRICT_SIG +#if !defined(NO_RSA) && defined(HAVE_ECC) /* testing mixed ECC/RSA cert */ + /* add extra signature test suites */ + XSTRLCPY(argv0[1], "tests/test-sig.conf", sizeof(argv0[1])); + printf("starting sig extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif /* !NO__RSA and HAVE_ECC */ +#endif /* !WC_STRICT_SIG */ +#if defined(WOLFSSL_SM2) && defined(WOLFSSL_SM3) && \ + (defined(WOLFSSL_SM4_GCM) || defined(WOLFSSL_SM4_CCM)) + /* add SM2/SM3/SM4 test suites */ + XSTRLCPY(argv0[1], "tests/test-sm2.conf", sizeof(argv0[1])); + printf("starting SM2/SM3/SM4 cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif +#ifndef NO_PSK + #ifndef WOLFSSL_NO_TLS12 + #if !defined(NO_RSA) || defined(HAVE_ECC) + /* add psk cipher suites */ + XSTRLCPY(argv0[1], "tests/test-psk.conf", sizeof(argv0[1])); + printf("starting psk cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #endif + #endif + #ifdef WOLFSSL_TLS13 + /* add psk extra suites */ + XSTRLCPY(argv0[1], "tests/test-tls13-psk.conf", sizeof(argv0[1])); + printf("starting TLS 1.3 psk no identity extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #endif +#endif +#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_DES3) && !defined(NO_MD5) &&\ + !defined(NO_SHA) + /* test encrypted keys */ + XSTRLCPY(argv0[1], "tests/test-enckeys.conf", sizeof(argv0[1])); + printf("starting encrypted keys extra cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif + +#ifdef HAVE_MAX_FRAGMENT + /* Max fragment cipher suite tests */ + XSTRLCPY(argv0[1], "tests/test-maxfrag.conf", sizeof(argv0[1])); + printf("starting max fragment cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + + #ifdef WOLFSSL_DTLS + XSTRLCPY(argv0[1], "tests/test-maxfrag-dtls.conf", sizeof(argv0[1])); + printf("starting dtls max fragment cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + #endif +#endif + +#ifdef WOLFSSL_ALT_CERT_CHAINS + /* tests for alt chains */ + XSTRLCPY(argv0[1], "tests/test-altchains.conf", sizeof(argv0[1])); + printf("starting certificate alternate chain cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#else + /* tests for chains */ + XSTRLCPY(argv0[1], "tests/test-chains.conf", sizeof(argv0[1])); + printf("starting certificate chain cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif + +#ifdef WOLFSSL_TRUST_PEER_CERT + /* tests for trusted peer cert */ + XSTRLCPY(argv0[1], "tests/test-trustpeer.conf", sizeof(argv0[1])); + printf("starting trusted peer certificate cipher suite tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } +#endif + + /* tests for dh prime */ + args.argc = 3; + XSTRLCPY(argv0[1], "tests/test-dhprime.conf", sizeof(argv0[1])); + XSTRLCPY(argv0[2], "doDH", sizeof(argv0[2])); /* add DH prime flag */ + printf("starting dh prime tests\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + + /* failure tests */ + args.argc = 3; + XSTRLCPY(argv0[1], "tests/test-fails.conf", sizeof(argv0[1])); + XSTRLCPY(argv0[2], "expFail", sizeof(argv0[2])); /* tests are expected to fail */ + printf("starting tests that expect failure\n"); + test_harness(&args); + if (args.return_code != 0) { + printf("error from script %d\n", args.return_code); + args.return_code = EXIT_FAILURE; + goto exit; + } + +exit: + + if (args.return_code == 0) + printf("\n Success -- All results as expected.\n"); + + printf(" End Cipher Suite Tests\n"); + + wolfSSL_CTX_free(cipherSuiteCtx); + wolfSSL_Cleanup(); + +#if defined(HAVE_ECC) && defined(FP_ECC) && defined(HAVE_THREAD_LS) \ + && (defined(NO_MAIN_DRIVER) || defined(HAVE_STACK_SIZE)) + wc_ecc_fp_free(); /* free per thread cache */ +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + wolfAsync_DevClose(&devId); +#endif + + return args.return_code; +#else + (void)argc; + (void)argv; + return NOT_COMPILED_IN; +#endif /* !NO_WOLFSSL_SERVER && !NO_WOLFSSL_CLIENT && !NO_TLS */ +} diff --git a/test/ssl/wolfssl/tests/unit.c b/test/ssl/wolfssl/tests/unit.c new file mode 100644 index 000000000..5ccb92ebf --- /dev/null +++ b/test/ssl/wolfssl/tests/unit.c @@ -0,0 +1,333 @@ +/* unit.c API unit tests driver + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* Name change compatibility layer no longer need to be included here */ + +#include + +#include + +#include +#include + +#ifndef NO_CRYPT_TEST +#include +#include "wolfcrypt/test/test.h" +#endif + +int allTesting = 1; +int apiTesting = 1; +int myoptind = 0; +char* myoptarg = NULL; +int unit_test(int argc, char** argv); + +#ifndef NO_TESTSUITE_MAIN_DRIVER +int main(int argc, char** argv) +{ + return unit_test(argc, argv); +} +#endif + +/* Print usage options for unit test. + */ +static void UnitTest_Usage(void) +{ + printf("Usage: ./tests/unit.test \n"); + printf(" -?, --help Display this usage information.\n"); + printf(" --list List the API tests.\n"); + printf(" --api Only perform API tests.\n"); + printf(" --no-api Do not perform API tests.\n"); + printf(" --stopOnFail Stops API testing on first failure.\n"); + printf(" --groups List known group names.\n"); + printf(" --group Functions in this group are tested.\n"); + printf(" - Run the API test identified by number.\n"); + printf(" Can be specified multiple times.\n"); + printf(" - Run the API test identified by name.\n"); + printf(" Can be specified multiple times.\n"); + printf(" -~ Functions with this substring are tested.\n"); + printf(" Name of cipher suite testing file.\n"); +} + +int unit_test(int argc, char** argv) +{ + int ret = 0; + + (void)argc; + (void)argv; +#ifdef WOLFSSL_FORCE_MALLOC_FAIL_TEST + if (argc > 1) { + int memFailCount = atoi(argv[1]); + fprintf(stderr, "\n--- SET RNG MALLOC FAIL AT %d---\n", memFailCount); + wolfSSL_SetMemFailCount(memFailCount); + } +#endif + + printf("starting unit tests...\n"); + fflush(stdout); + +#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND) + wolfSSL_Debugging_ON(); +#endif + +#ifdef WC_RNG_SEED_CB + wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT); +#endif +#ifdef HAVE_WNR + if (wc_InitNetRandom(wnrConfig, NULL, 5000) != 0) + err_sys("Whitewood netRandom global config failed"); +#endif /* HAVE_WNR */ + +#ifndef WOLFSSL_TIRTOS + ChangeToWolfRoot(); +#endif + +#if defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 5) +#if !defined(NO_AES) && !defined(NO_AES_CBC) + if (wc_RunCast_fips(FIPS_CAST_AES_CBC) != 0) { + err_sys("AES-CBC CAST failed"); + } +#endif +#ifdef HAVE_AESGCM + if (wc_RunCast_fips(FIPS_CAST_AES_GCM) != 0) { + err_sys("AES-GCM CAST failed"); + } +#endif +#ifndef NO_SHA + if (wc_RunCast_fips(FIPS_CAST_HMAC_SHA1) != 0) { + err_sys("HMAC-SHA1 CAST failed"); + } +#endif + /* the only non-optional CAST */ + if (wc_RunCast_fips(FIPS_CAST_HMAC_SHA2_256) != 0) { + err_sys("HMAC-SHA2-256 CAST failed"); + } +#ifdef WOLFSSL_SHA512 + if (wc_RunCast_fips(FIPS_CAST_HMAC_SHA2_512) != 0) { + err_sys("HMAC-SHA2-512 CAST failed"); + } +#endif +#ifdef WOLFSSL_SHA3 + if (wc_RunCast_fips(FIPS_CAST_HMAC_SHA3_256) != 0) { + err_sys("HMAC-SHA3-256 CAST failed"); + } +#endif +#ifdef HAVE_HASHDRBG + if (wc_RunCast_fips(FIPS_CAST_DRBG) != 0) { + err_sys("Hash_DRBG CAST failed"); + } +#endif +#ifndef NO_RSA + if (wc_RunCast_fips(FIPS_CAST_RSA_SIGN_PKCS1v15) != 0) { + err_sys("RSA sign CAST failed"); + } +#endif +#if defined(HAVE_ECC_CDH) && defined(HAVE_ECC_CDH_CAST) + if (wc_RunCast_fips(FIPS_CAST_ECC_CDH) != 0) { + err_sys("RSA sign CAST failed"); + } +#endif +#ifdef HAVE_ECC_DHE + if (wc_RunCast_fips(FIPS_CAST_ECC_PRIMITIVE_Z) != 0) { + err_sys("ECC Primitive Z CAST failed"); + } +#endif +#ifdef HAVE_ECC + if (wc_RunCast_fips(FIPS_CAST_ECDSA) != 0) { + err_sys("ECDSA CAST failed"); + } +#endif +#ifndef NO_DH + if (wc_RunCast_fips(FIPS_CAST_DH_PRIMITIVE_Z) != 0) { + err_sys("DH Primitive Z CAST failed"); + } +#endif +#ifdef WOLFSSL_HAVE_PRF + if (wc_RunCast_fips(FIPS_CAST_KDF_TLS12) != 0) { + err_sys("KDF TLSv1.2 CAST failed"); + } +#endif +#if defined(HAVE_HKDF) && !defined(NO_HMAC) + if (wc_RunCast_fips(FIPS_CAST_KDF_TLS13) != 0) { + err_sys("KDF TLSv1.3 CAST failed"); + } +#endif +#ifdef WOLFSSL_WOLFSSH + if (wc_RunCast_fips(FIPS_CAST_KDF_SSH) != 0) { + err_sys("KDF SSHv2.0 CAST failed"); + } +#endif +#endif /* HAVE_FIPS && HAVE_FIPS_VERSION == 5 */ +#if FIPS_VERSION3_GT(5,2,0) + if (wc_RunAllCast_fips() != 0) { + err_sys("wc_RunAllCast_fips() failed\n"); + } +#endif + + while (argc > 1) { + if (argv[1][0] != '-') { + break; + } + + if (XSTRCMP(argv[1], "-?") == 0 || XSTRCMP(argv[1], "--help") == 0) { + UnitTest_Usage(); + goto exit; + } + else if (XSTRCMP(argv[1], "--list") == 0) { + ApiTest_PrintTestCases(); + goto exit; + } + else if (XSTRCMP(argv[1], "--api") == 0) { + allTesting = 0; + } + else if (XSTRCMP(argv[1], "--no-api") == 0) { + apiTesting = 0; + } + else if (XSTRCMP(argv[1], "--stopOnFail") == 0) { + ApiTest_StopOnFail(); + } + else if (XSTRCMP(argv[1], "--groups") == 0) { + ApiTest_PrintGroups(); + goto exit; + } + else if (XSTRCMP(argv[1], "--group") == 0) { + if (argc == 2) { + fprintf(stderr, "No group name supplied\n"); + ret = -1; + goto exit; + } + ret = ApiTest_RunGroup(argv[2]); + if (ret != 0) { + goto exit; + } + allTesting = 0; + argc--; + argv++; + } + else if (argv[1][0] == '-' && argv[1][1] >= '0' && argv[1][1] <= '9') { + ret = ApiTest_RunIdx(atoi(argv[1] + 1)); + if (ret != 0) { + goto exit; + } + allTesting = 0; + } + else if (argv[1][0] == '-' && argv[1][1] == '~') { + ret = ApiTest_RunPartName(argv[1] + 2); + if (ret != 0) { + goto exit; + } + allTesting = 0; + } + else { + ret = ApiTest_RunName(argv[1] + 1); + if (ret != 0) { + goto exit; + } + allTesting = 0; + } + + argc--; + argv++; + } + +#ifndef NO_CRYPT_TEST + /* wc_ test */ + if (allTesting) { + func_args wc_args; + + printf("\nwolfCrypt unit test:\n"); + + if ((ret = wolfCrypt_Init()) != 0) { + fprintf(stderr, "wolfCrypt_Init failed: %d\n", (int)ret); + goto exit; + } + + XMEMSET(&wc_args, 0, sizeof(wc_args)); + wolfcrypt_test(&wc_args); + if (wc_args.return_code != 0) { + ret = 1; + goto exit; + } + + if ((ret = wolfCrypt_Cleanup()) != 0) { + fprintf(stderr, "wolfCrypt_Cleanup failed: %d\n", (int)ret); + goto exit; + } + + printf("wolfCrypt unit test completed successfully.\n\n"); + } +#endif + +#ifdef WOLFSSL_ALLOW_SKIP_UNIT_TESTS + if (argc == 1) +#endif + { + if (apiTesting) { + ret = ApiTest(); + if (ret != 0) + goto exit; + } + + if (!allTesting) { + goto exit; + } + + #ifdef WOLFSSL_W64_WRAPPER + if ((ret = w64wrapper_test()) != 0) { + fprintf(stderr, "w64wrapper test failed with %d\n", ret); + goto exit; + } + #endif /* WOLFSSL_W64_WRAPPER */ + + #ifdef WOLFSSL_QUIC + if ((ret = QuicTest()) != 0) { + fprintf(stderr, "quic test failed with %d\n", ret); + goto exit; + } + #endif + + SrpTest(); + } + +#if !defined(NO_WOLFSSL_CIPHER_SUITE_TEST) && \ + !defined(NO_WOLFSSL_CLIENT) && !defined(NO_WOLFSSL_SERVER) && \ + !defined(NO_TLS) && \ + !defined(SINGLE_THREADED) && \ + defined(WOLFSSL_PEM_TO_DER) + if ((ret = SuiteTest(argc, argv)) != 0) { + fprintf(stderr, "suite test failed with %d\n", ret); + goto exit; + } +#endif + +exit: +#ifdef HAVE_WNR + if (wc_FreeNetRandom() < 0) + err_sys("Failed to free netRandom context"); +#endif /* HAVE_WNR */ + + if (ret == 0) { + puts("\nunit_test: Success for all configured tests."); + fflush(stdout); + } + + return ret; +} diff --git a/test/ssl/wolfssl/tests/unit.h b/test/ssl/wolfssl/tests/unit.h new file mode 100644 index 000000000..8516a1e47 --- /dev/null +++ b/test/ssl/wolfssl/tests/unit.h @@ -0,0 +1,482 @@ +/* unit.c API unit tests driver + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef TESTS_UNIT_H +#define TESTS_UNIT_H + +#define WOLFSSL_VIS_FOR_TESTS + +#ifdef HAVE_CONFIG_H + #include +#endif + +#ifndef WOLFSSL_USER_SETTINGS + #include +#endif +#include + +#undef TEST_OPENSSL_COEXIST /* can't use this option with unit tests */ +#undef OPENSSL_COEXIST /* can't use this option with unit tests */ + +#include +#include /* thread and tcp stuff */ + +#ifdef WOLFSSL_FORCE_MALLOC_FAIL_TEST +#define XABORT() WC_DO_NOTHING +#else +#define XABORT() abort() +#endif + +#ifndef WOLFSSL_PASSTHRU_ERR +#define Fail(description, result) do { \ + printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__); \ + fputs("\n expected: ", stdout); printf description; \ + fputs("\n result: ", stdout); printf result; fputs("\n\n", stdout); \ + fflush(stdout); \ + XABORT(); \ +} while(0) +#else +#define Fail(description, result) do { \ + printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__); \ + fputs("\n expected: ", stdout); printf description; \ + fputs("\n result: ", stdout); printf result; fputs("\n\n", stdout); \ + fflush(stdout); \ +} while (0) +#endif + +#define Assert(test, description, result) if (!(test)) Fail(description, result) + +#define AssertTrue(x) Assert( (x), ("%s is true", #x), (#x " => FALSE")) +#define AssertFalse(x) Assert(!(x), ("%s is false", #x), (#x " => TRUE")) +#define AssertNotNull(x) Assert( (x), ("%s is not null", #x), (#x " => NULL")) + +#define AssertNull(x) do { \ + PEDANTIC_EXTENSION void* _x = (void*)(x); \ + Assert(!_x, ("%s is null", #x), (#x " => %p", _x)); \ +} while(0) + +#define AssertInt(x, y, op, er) do { \ + int _x = (int)(x); \ + int _y = (int)(y); \ + Assert(_x op _y, ("%s " #op " %s", #x, #y), ("%d " #er " %d", _x, _y)); \ +} while(0) + +#define AssertIntEQ(x, y) AssertInt(x, y, ==, !=) +#define AssertIntNE(x, y) AssertInt(x, y, !=, ==) +#define AssertIntGT(x, y) AssertInt(x, y, >, <=) +#define AssertIntLT(x, y) AssertInt(x, y, <, >=) +#define AssertIntGE(x, y) AssertInt(x, y, >=, <) +#define AssertIntLE(x, y) AssertInt(x, y, <=, >) + +#define AssertStr(x, y, op, er) do { \ + const char* _x = (const char*)(x); \ + const char* _y = (const char*)(y); \ + int _z = (_x && _y) ? strcmp(_x, _y) : -1; \ + Assert(_z op 0, ("%s " #op " %s", #x, #y), \ + ("\"%s\" " #er " \"%s\"", _x, _y));\ +} while(0) + +#define AssertStrEQ(x, y) AssertStr(x, y, ==, !=) +#define AssertStrNE(x, y) AssertStr(x, y, !=, ==) +#define AssertStrGT(x, y) AssertStr(x, y, >, <=) +#define AssertStrLT(x, y) AssertStr(x, y, <, >=) +#define AssertStrGE(x, y) AssertStr(x, y, >=, <) +#define AssertStrLE(x, y) AssertStr(x, y, <=, >) + +#ifdef WOLF_C89 + +#define AssertPtr(x, y, op, er) do { \ + void* _x = (void*)(x); \ + void* _y = (void*)(y); \ + Assert(_x op _y, ("%s " #op " %s", #x, #y), ("%p " #er " %p", _x, _y)); \ +} while(0) + +#else + +#define AssertPtr(x, y, op, er) do { \ + PRAGMA_GCC_DIAG_PUSH \ + /* remarkably, without this inhibition, */ \ + /* the _Pragma()s make the declarations warn. */ \ + PRAGMA_GCC("GCC diagnostic ignored \"-Wdeclaration-after-statement\"") \ + /* inhibit "ISO C forbids conversion of function pointer */ \ + /* to object pointer type [-Werror=pedantic]" */ \ + PRAGMA_GCC("GCC diagnostic ignored \"-Wpedantic\"") \ + void* _x = (void*)(x); \ + void* _y = (void*)(y); \ + Assert(_x op _y, ("%s " #op " %s", #x, #y), ("%p " #er " %p", _x, _y)); \ + PRAGMA_GCC_DIAG_POP \ +} while(0) + +#endif + +#define AssertPtrEq(x, y) AssertPtr(x, y, ==, !=) +#define AssertPtrNE(x, y) AssertPtr(x, y, !=, ==) +#define AssertPtrGT(x, y) AssertPtr(x, y, >, <=) +#define AssertPtrLT(x, y) AssertPtr(x, y, <, >=) +#define AssertPtrGE(x, y) AssertPtr(x, y, >=, <) +#define AssertPtrLE(x, y) AssertPtr(x, y, <=, >) + +#define TEST_FAIL 0 +#define TEST_SUCCESS 1 +#define TEST_SUCCESS_NO_MSGS 2 +#define TEST_SKIPPED 3 /* Test skipped - not run. */ +#define TEST_SKIPPED_NO_MSGS 4 /* Test skipped - not run. */ + +#define EXPECT_DECLS \ + int _ret = TEST_SKIPPED, _fail_codepoint_id = TEST_FAIL +#define EXPECT_SUCCESS_DECLS \ + int _ret = TEST_SUCCESS, _fail_codepoint_id = TEST_SUCCESS +#define EXPECT_DECLS_NO_MSGS(fail_codepoint_offset) \ + int _ret = TEST_SKIPPED_NO_MSGS, \ + _fail_codepoint_id = (fail_codepoint_offset) +#define EXPECT_FAILURE_CODEPOINT_ID _fail_codepoint_id +#define EXPECT_RESULT() \ + ((void)_fail_codepoint_id, \ + _ret == TEST_SUCCESS_NO_MSGS ? TEST_SUCCESS : \ + _ret == TEST_SKIPPED_NO_MSGS ? TEST_SKIPPED : \ + _ret) +#define EXPECT_SUCCESS() \ + ((_ret == TEST_SUCCESS) || \ + (_ret == TEST_SKIPPED) || \ + (_ret == TEST_SUCCESS_NO_MSGS) || \ + (_ret == TEST_SKIPPED_NO_MSGS)) +#define EXPECT_FAIL() \ + (! EXPECT_SUCCESS()) + +#define EXPECT_TEST(ret) do { \ + if (EXPECT_SUCCESS()) { \ + _ret = (ret); \ + } \ +} while (0) + +#define ExpFail(description, result) do { \ + if ((_ret == TEST_SUCCESS_NO_MSGS) || (_ret == TEST_SKIPPED_NO_MSGS)) \ + _ret = _fail_codepoint_id; \ + else { \ + printf("\nERROR - %s line %d failed with:", __FILE__, __LINE__); \ + fputs("\n expected: ", stdout); printf description; \ + fputs("\n result: ", stdout); printf result; \ + fputs("\n\n", stdout); \ + fflush(stdout); \ + _ret = TEST_FAIL; \ + } \ +} while (0) + +#define Expect(test, description, result) do { \ + if (EXPECT_SUCCESS()) { \ + if (!(test)) \ + ExpFail(description, result); \ + else if (_ret == TEST_SKIPPED_NO_MSGS) \ + _ret = TEST_SUCCESS_NO_MSGS; \ + else \ + _ret = TEST_SUCCESS; \ + } \ + if (_ret == TEST_SUCCESS_NO_MSGS) \ + --_fail_codepoint_id; \ +} while (0) + +#define ExpectTrue(x) Expect( (x), ("%s is true", #x), (#x " => FALSE")) +#define ExpectFalse(x) Expect(!(x), ("%s is false", #x), (#x " => TRUE")) +#define ExpectNotNull(x) Expect( (x), ("%s is not null", #x), (#x " => NULL")) + +#define ExpectNull(x) do { \ + if (EXPECT_SUCCESS()) { \ + PEDANTIC_EXTENSION void* _x = (void*)(x); \ + Expect(!_x, ("%s is null", #x), (#x " => %p", _x)); \ + } \ +} while(0) + +#define ExpectInt(x, y, op, er) do { \ + if (EXPECT_SUCCESS()) { \ + int _x = (int)(x); \ + int _y = (int)(y); \ + Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%d " #er " %d", _x, _y));\ + } \ +} while(0) + +#define ExpectIntEQ(x, y) ExpectInt(x, y, ==, !=) +#define ExpectIntNE(x, y) ExpectInt(x, y, !=, ==) +#define ExpectIntGT(x, y) ExpectInt(x, y, >, <=) +#define ExpectIntLT(x, y) ExpectInt(x, y, <, >=) +#define ExpectIntGE(x, y) ExpectInt(x, y, >=, <) +#define ExpectIntLE(x, y) ExpectInt(x, y, <=, >) + +#define ExpectStr(x, y, op, er) do { \ + if (EXPECT_SUCCESS()) { \ + const char* _x = (const char*)(x); \ + const char* _y = (const char*)(y); \ + int _z = (_x && _y) ? XSTRCMP(_x, _y) : -1; \ + Expect(_z op 0, ("%s " #op " %s", #x, #y), \ + ("\"%s\" " #er " \"%s\"", _x, _y));\ + } \ +} while(0) + +#define ExpectStrEQ(x, y) ExpectStr(x, y, ==, !=) +#define ExpectStrNE(x, y) ExpectStr(x, y, !=, ==) +#define ExpectStrGT(x, y) ExpectStr(x, y, >, <=) +#define ExpectStrLT(x, y) ExpectStr(x, y, <, >=) +#define ExpectStrGE(x, y) ExpectStr(x, y, >=, <) +#define ExpectStrLE(x, y) ExpectStr(x, y, <=, >) + +#define ExpectPtr(x, y, op, er) do { \ + if (EXPECT_SUCCESS()) { \ + PRAGMA_DIAG_PUSH \ + /* remarkably, without this inhibition, */ \ + /* the _Pragma()s make the declarations warn. */ \ + PRAGMA("GCC diagnostic ignored \"-Wdeclaration-after-statement\"") \ + /* inhibit "ISO C forbids conversion of function pointer */ \ + /* to object pointer type [-Werror=pedantic]" */ \ + PRAGMA("GCC diagnostic ignored \"-Wpedantic\"") \ + void* _x = (void*)(x); \ + void* _y = (void*)(y); \ + Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%p " #er " %p", _x, _y));\ + PRAGMA_DIAG_POP \ + } \ +} while(0) + +#define ExpectPtrEq(x, y) ExpectPtr(x, y, ==, !=) +#define ExpectPtrNE(x, y) ExpectPtr(x, y, !=, ==) +#define ExpectPtrGT(x, y) ExpectPtr(x, y, >, <=) +#define ExpectPtrLT(x, y) ExpectPtr(x, y, <, >=) +#define ExpectPtrGE(x, y) ExpectPtr(x, y, >=, <) +#define ExpectPtrLE(x, y) ExpectPtr(x, y, <=, >) + +#define ExpectBuf(x, y, z, op, er) do { \ + if (EXPECT_SUCCESS()) { \ + const byte* _x = (const byte*)(x); \ + const byte* _y = (const byte*)(y); \ + int _z = (int)(z); \ + int _w = ((_x) && (_y)) ? XMEMCMP(_x, _y, (unsigned long)_z) : -1; \ + Expect(_w op 0, ("%s " #op " %s for %s", #x, #y, #z), \ + ("\"%p\" " #er " \"%p\" for \"%d\"", \ + (const void *)_x, (const void *)_y, _z)); \ + } \ +} while(0) + +#define ExpectBufEQ(x, y, z) ExpectBuf(x, y, z, ==, !=) +#define ExpectBufNE(x, y, z) ExpectBuf(x, y, z, !=, ==) + +#define ExpectFail() ExpectTrue(0) + + +#define DoExpectNull(x) do { \ + PEDANTIC_EXTENSION void* _x = (void*)(x); \ + Expect(!_x, ("%s is null", #x), (#x " => %p", _x)); \ +} while(0) + +#define DoExpectInt(x, y, op, er) do { \ + int _x = (int)(x); \ + int _y = (int)(y); \ + Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%d " #er " %d", _x, _y)); \ +} while(0) + +#define DoExpectIntEQ(x, y) DoExpectInt(x, y, ==, !=) +#define DoExpectIntNE(x, y) DoExpectInt(x, y, !=, ==) +#define DoExpectIntGT(x, y) DoExpectInt(x, y, >, <=) +#define DoExpectIntLT(x, y) DoExpectInt(x, y, <, >=) +#define DoExpectIntGE(x, y) DoExpectInt(x, y, >=, <) +#define DoExpectIntLE(x, y) DoExpectInt(x, y, <=, >) + +#define DoExpectStr(x, y, op, er) do { \ + const char* _x = (const char*)(x); \ + const char* _y = (const char*)(y); \ + int _z = (_x && _y) ? strcmp(_x, _y) : -1; \ + Expect(_z op 0, ("%s " #op " %s", #x, #y), \ + ("\"%s\" " #er " \"%s\"", _x, _y));\ +} while(0) + +#define DoExpectStrEQ(x, y) DoExpectStr(x, y, ==, !=) +#define DoExpectStrNE(x, y) DoExpectStr(x, y, !=, ==) +#define DoExpectStrGT(x, y) DoExpectStr(x, y, >, <=) +#define DoExpectStrLT(x, y) DoExpectStr(x, y, <, >=) +#define DoExpectStrGE(x, y) DoExpectStr(x, y, >=, <) +#define DoExpectStrLE(x, y) DoExpectStr(x, y, <=, >) + +#define DoExpectPtr(x, y, op, er) do { \ + PRAGMA_DIAG_PUSH \ + /* remarkably, without this inhibition, */ \ + /* the _Pragma()s make the declarations warn. */ \ + PRAGMA("GCC diagnostic ignored \"-Wdeclaration-after-statement\"") \ + /* inhibit "ISO C forbids conversion of function pointer */ \ + /* to object pointer type [-Werror=pedantic]" */ \ + PRAGMA("GCC diagnostic ignored \"-Wpedantic\"") \ + void* _x = (void*)(x); \ + void* _y = (void*)(y); \ + Expect(_x op _y, ("%s " #op " %s", #x, #y), ("%p " #er " %p", _x, _y)); \ + PRAGMA_DIAG_POP \ +} while(0) + +#define DoExpectPtrEq(x, y) DoExpectPtr(x, y, ==, !=) +#define DoExpectPtrNE(x, y) DoExpectPtr(x, y, !=, ==) +#define DoExpectPtrGT(x, y) DoExpectPtr(x, y, >, <=) +#define DoExpectPtrLT(x, y) DoExpectPtr(x, y, <, >=) +#define DoExpectPtrGE(x, y) DoExpectPtr(x, y, >=, <) +#define DoExpectPtrLE(x, y) DoExpectPtr(x, y, <=, >) + +#define DoExpectBuf(x, y, z, op, er) do { \ + const byte* _x = (const byte*)(x); \ + const byte* _y = (const byte*)(y); \ + int _z = (int)(z); \ + int _w = ((_x) && (_y)) ? XMEMCMP(_x, _y, _z) : -1; \ + Expect(_w op 0, ("%s " #op " %s for %s", #x, #y, #z), \ + ("\"%p\" " #er " \"%p\" for \"%d\"", _x, _y, _z));\ +} while(0) + +#define DoExpectBufEQ(x, y, z) DoExpectBuf(x, y, z, ==, !=) +#define DoExpectBufNE(x, y, z) DoExpectBuf(x, y, z, !=, ==) + + +#define ApiDumpData(name, data, len) do { \ + int _i; \ + fprintf(stderr, "%s: %d bytes\n", name, (int)(len)); \ + for (_i = 0; _i < (int)(len); _i++) { \ + fprintf(stderr, "0x%02x,", ((byte*)(data))[_i]); \ + if ((_i & 7) == 7) fprintf(stderr, "\n"); \ + else fprintf(stderr, " "); \ + } \ + if ((_i & 7) != 0) fprintf(stderr, "\n"); \ +} while(0) + + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_RSA) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + !defined(WOLFSSL_TIRTOS) + #define HAVE_SSL_MEMIO_TESTS_DEPENDENCIES +#endif +#ifdef HAVE_SSL_MEMIO_TESTS_DEPENDENCIES + +typedef int (*ctx_cb)(WOLFSSL_CTX* ctx); +typedef int (*ssl_cb)(WOLFSSL* ssl); +typedef int (*test_cbType)(WOLFSSL_CTX *ctx, WOLFSSL *ssl); +typedef int (*hs_cb)(WOLFSSL_CTX **ctx, WOLFSSL **ssl); + +typedef struct test_ssl_cbf { + method_provider method; + ctx_cb ctx_ready; + ssl_cb ssl_ready; + ssl_cb on_result; + ctx_cb on_ctx_cleanup; + ssl_cb on_cleanup; + hs_cb on_handshake; + WOLFSSL_CTX* ctx; + const char* caPemFile; + const char* certPemFile; + const char* keyPemFile; + const char* crlPemFile; +#ifdef WOLFSSL_STATIC_MEMORY + byte* mem; + word32 memSz; + wolfSSL_method_func method_ex; +#endif + int devId; + int return_code; + int last_err; + unsigned char isSharedCtx:1; + unsigned char loadToSSL:1; + unsigned char ticNoInit:1; + unsigned char doUdp:1; +} test_ssl_cbf; + +#define TEST_SSL_MEMIO_BUF_SZ (64 * 1024) +#define TEST_MEMIO_MAX_MSGS 32 + +typedef struct test_ssl_memio_ctx { + WOLFSSL_CTX* s_ctx; + WOLFSSL_CTX* c_ctx; + WOLFSSL* s_ssl; + WOLFSSL* c_ssl; + + const char* c_ciphers; + const char* s_ciphers; + + char* c_msg; + int c_msglen; + char* s_msg; + int s_msglen; + + test_ssl_cbf s_cb; + test_ssl_cbf c_cb; + + byte c_buff[TEST_SSL_MEMIO_BUF_SZ]; + int c_len; + byte s_buff[TEST_SSL_MEMIO_BUF_SZ]; + int s_len; + + int c_msg_sizes[TEST_MEMIO_MAX_MSGS]; + int c_msg_count; + int c_msg_pos; + int c_msg_offset; + + int s_msg_sizes[TEST_MEMIO_MAX_MSGS]; + int s_msg_count; + int s_msg_pos; + int s_msg_offset; +} test_ssl_memio_ctx; + +int test_ssl_memio_setup(test_ssl_memio_ctx *ctx); +int test_ssl_memio_do_handshake(test_ssl_memio_ctx* ctx, int max_rounds, + int* rounds); +void test_ssl_memio_cleanup(test_ssl_memio_ctx* ctx); +int test_wolfSSL_client_server_nofail_memio(test_ssl_cbf* client_cb, + test_ssl_cbf* server_cb, test_cbType client_on_handshake); +#endif /* HAVE_SSL_MEMIO_TESTS_DEPENDENCIES */ + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && !defined(NO_TLS) && \ + !defined(NO_RSA) && !defined(SINGLE_THREADED) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) + #define HAVE_IO_TESTS_DEPENDENCIES +#endif + +#ifdef HAVE_IO_TESTS_DEPENDENCIES +THREAD_RETURN WOLFSSL_THREAD test_server_nofail(void* args); +int test_client_nofail(void* args, cbType cb); +#endif + +#if defined(OPENSSL_EXTRA) && !defined(NO_BIO) +WOLFSSL_BIO_METHOD* wolfSSL_BIO_s_fixed_mem(void); +#endif + +#if defined(HAVE_PKCS7) && !defined(NO_FILESYSTEM) +int CreatePKCS7SignedData(unsigned char* output, int outputSz, + byte* data, word32 dataSz, + int withAttribs, int detachedSig, + int useIntermediateCertChain, + int pkAlgoType); +#endif + +void ApiTest_StopOnFail(void); +void ApiTest_PrintTestCases(void); +void ApiTest_PrintGroups(void); +int ApiTest_RunGroup(char* name); +int ApiTest_RunIdx(int idx); +int ApiTest_RunPartName(char* name); +int ApiTest_RunName(char* name); +int ApiTest(void); + +int SuiteTest(int argc, char** argv); +void SrpTest(void); +int w64wrapper_test(void); +int QuicTest(void); + + +#endif /* TESTS_UNIT_H */ diff --git a/test/ssl/wolfssl/tests/utils.c b/test/ssl/wolfssl/tests/utils.c new file mode 100644 index 000000000..08150c3e3 --- /dev/null +++ b/test/ssl/wolfssl/tests/utils.c @@ -0,0 +1,772 @@ +/* utils.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include +#include + +#ifdef HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES + +/* This set of memio functions allows for more fine tuned control of the TLS + * connection operations. For new tests, try to use ssl_memio first. */ + +/* To dump the memory in gdb use + * dump memory client.bin test_ctx.c_buff test_ctx.c_buff+test_ctx.c_len + * dump memory server.bin test_ctx.s_buff test_ctx.s_buff+test_ctx.s_len + * This can be imported into Wireshark by transforming the file with + * od -Ax -tx1 -v client.bin > client.hex + * od -Ax -tx1 -v server.bin > server.hex + * Then transform the files into pcap (use -u instead of -T for UDP) + * text2pcap -T 50,60 client.hex client.pcap + * text2pcap -T 50,60 server.hex server.pcap + * Then open in wireshark + * wireshark client.pcap + * wireshark server.pcap + */ + +int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz, void *ctx) +{ + struct test_memio_ctx *test_ctx; + byte *buf; + int *len; + int *msg_sizes; + int *msg_count; + int *forceWantWrite; + + test_ctx = (struct test_memio_ctx*)ctx; + + if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) { + buf = test_ctx->c_buff; + len = &test_ctx->c_len; + msg_sizes = test_ctx->c_msg_sizes; + msg_count = &test_ctx->c_msg_count; + forceWantWrite = &test_ctx->s_force_want_write; + } + else { + buf = test_ctx->s_buff; + len = &test_ctx->s_len; + msg_sizes = test_ctx->s_msg_sizes; + msg_count = &test_ctx->s_msg_count; + forceWantWrite = &test_ctx->c_force_want_write; + } + + if (*forceWantWrite) + return WOLFSSL_CBIO_ERR_WANT_WRITE; + + if ((unsigned)(*len + sz) > TEST_MEMIO_BUF_SZ) + return WOLFSSL_CBIO_ERR_WANT_WRITE; + + if (*msg_count >= TEST_MEMIO_MAX_MSGS) + return WOLFSSL_CBIO_ERR_WANT_WRITE; + +#ifdef WOLFSSL_DUMP_MEMIO_STREAM + { + char dump_file_name[64]; + WOLFSSL_BIO *dump_file; + sprintf(dump_file_name, "%s/%s.dump", tmpDirName, currentTestName); + dump_file = wolfSSL_BIO_new_file(dump_file_name, "a"); + if (dump_file != NULL) { + (void)wolfSSL_BIO_write(dump_file, data, sz); + wolfSSL_BIO_free(dump_file); + } + } +#endif + XMEMCPY(buf + *len, data, (size_t)sz); + msg_sizes[*msg_count] = sz; + (*msg_count)++; + *len += sz; + + return sz; +} + +int test_memio_read_cb(WOLFSSL *ssl, char *data, int sz, void *ctx) +{ + struct test_memio_ctx *test_ctx; + int read_sz; + byte *buf; + int *len; + int *msg_sizes; + int *msg_count; + int *msg_pos; + int is_dtls; + + test_ctx = (struct test_memio_ctx*)ctx; + is_dtls = wolfSSL_dtls(ssl); + + if (wolfSSL_GetSide(ssl) == WOLFSSL_SERVER_END) { + buf = test_ctx->s_buff; + len = &test_ctx->s_len; + msg_sizes = test_ctx->s_msg_sizes; + msg_count = &test_ctx->s_msg_count; + msg_pos = &test_ctx->s_msg_pos; + } + else { + buf = test_ctx->c_buff; + len = &test_ctx->c_len; + msg_sizes = test_ctx->c_msg_sizes; + msg_count = &test_ctx->c_msg_count; + msg_pos = &test_ctx->c_msg_pos; + } + + if (*len == 0 || *msg_pos >= *msg_count) + return WOLFSSL_CBIO_ERR_WANT_READ; + + /* Calculate how much we can read from current message */ + read_sz = msg_sizes[*msg_pos]; + if (read_sz > sz) + read_sz = sz; + + if (read_sz > *len) { + return WOLFSSL_CBIO_ERR_GENERAL; + } + + /* Copy data from current message */ + XMEMCPY(data, buf, (size_t)read_sz); + /* remove the read data from the buffer */ + XMEMMOVE(buf, buf + read_sz, (size_t)(*len - read_sz)); + *len -= read_sz; + msg_sizes[*msg_pos] -= read_sz; + + /* if we are on dtls, discard the rest of the message */ + if (is_dtls && msg_sizes[*msg_pos] > 0) { + XMEMMOVE(buf, buf + msg_sizes[*msg_pos], (size_t)(*len - msg_sizes[*msg_pos])); + *len -= msg_sizes[*msg_pos]; + msg_sizes[*msg_pos] = 0; + } + + /* If we've read the entire message */ + if (msg_sizes[*msg_pos] == 0) { + /* Move to next message */ + (*msg_pos)++; + if (*msg_pos >= *msg_count) { + *msg_pos = 0; + *msg_count = 0; + } + } + + return read_sz; +} + +int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s, + int max_rounds, int *rounds) +{ + byte handshake_complete = 0, hs_c = 0, hs_s = 0; + int ret, err; + + if (rounds != NULL) + *rounds = 0; + while (!handshake_complete && max_rounds > 0) { + if (!hs_c) { + wolfSSL_SetLoggingPrefix("client"); + ret = wolfSSL_connect(ssl_c); + wolfSSL_SetLoggingPrefix(NULL); + if (ret == WOLFSSL_SUCCESS) { + hs_c = 1; + } + else { + err = wolfSSL_get_error(ssl_c, ret); + if (err != WOLFSSL_ERROR_WANT_READ && + err != WOLFSSL_ERROR_WANT_WRITE) + return -1; + } + } + if (!hs_s) { + wolfSSL_SetLoggingPrefix("server"); + ret = wolfSSL_accept(ssl_s); + wolfSSL_SetLoggingPrefix(NULL); + if (ret == WOLFSSL_SUCCESS) { + hs_s = 1; + } + else { + err = wolfSSL_get_error(ssl_s, ret); + if (err != WOLFSSL_ERROR_WANT_READ && + err != WOLFSSL_ERROR_WANT_WRITE) + return -1; + } + } + handshake_complete = hs_c && hs_s; + max_rounds--; + if (rounds != NULL) + *rounds = *rounds + 1; + } + + if (!handshake_complete) + return -1; + + return 0; +} + +int test_memio_setup_ex(struct test_memio_ctx *ctx, + WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s, + method_provider method_c, method_provider method_s, + byte *caCert, int caCertSz, byte *serverCert, int serverCertSz, + byte *serverKey, int serverKeySz) +{ + int ret; + (void)caCert; + (void)caCertSz; + (void)serverCert; + (void)serverCertSz; + (void)serverKey; + (void)serverKeySz; + + if (ctx_c != NULL && *ctx_c == NULL) { + *ctx_c = wolfSSL_CTX_new(method_c()); + if (*ctx_c == NULL) + return -1; +#ifndef NO_CERTS + if (caCert == NULL) { + ret = wolfSSL_CTX_load_verify_locations(*ctx_c, caCertFile, 0); + } + else { + ret = wolfSSL_CTX_load_verify_buffer(*ctx_c, caCert, (long)caCertSz, + WOLFSSL_FILETYPE_ASN1); + } + if (ret != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(*ctx_c); + *ctx_c = NULL; + return -1; + } +#endif /* NO_CERTS */ + wolfSSL_SetIORecv(*ctx_c, test_memio_read_cb); + wolfSSL_SetIOSend(*ctx_c, test_memio_write_cb); + if (ctx->c_ciphers != NULL) { + ret = wolfSSL_CTX_set_cipher_list(*ctx_c, ctx->c_ciphers); + if (ret != WOLFSSL_SUCCESS) { + wolfSSL_CTX_free(*ctx_c); + *ctx_c = NULL; + return -1; + } + } + } + + if (ctx_s != NULL && *ctx_s == NULL) { + *ctx_s = wolfSSL_CTX_new(method_s()); + if (*ctx_s == NULL) { + if (ctx_c != NULL) { + wolfSSL_CTX_free(*ctx_c); + *ctx_c = NULL; + } + return -1; + } +#ifndef NO_CERTS + if (serverKey == NULL) { + ret = wolfSSL_CTX_use_PrivateKey_file(*ctx_s, svrKeyFile, + CERT_FILETYPE); + } + else { + ret = wolfSSL_CTX_use_PrivateKey_buffer(*ctx_s, serverKey, + (long)serverKeySz, WOLFSSL_FILETYPE_ASN1); + } + if (ret != WOLFSSL_SUCCESS) { + if (ctx_s != NULL) { + wolfSSL_CTX_free(*ctx_s); + *ctx_s = NULL; + } + if (ctx_c != NULL) { + wolfSSL_CTX_free(*ctx_c); + *ctx_c = NULL; + } + return -1; + } + + if (serverCert == NULL) { + ret = wolfSSL_CTX_use_certificate_file(*ctx_s, svrCertFile, + CERT_FILETYPE); + } + else { + ret = wolfSSL_CTX_use_certificate_chain_buffer_format(*ctx_s, + serverCert, (long)serverCertSz, WOLFSSL_FILETYPE_ASN1); + } + if (ret != WOLFSSL_SUCCESS) { + if (ctx_s != NULL) { + wolfSSL_CTX_free(*ctx_s); + *ctx_s = NULL; + } + if (ctx_c != NULL) { + wolfSSL_CTX_free(*ctx_c); + *ctx_c = NULL; + } + return -1; + } +#endif /* NO_CERTS */ + wolfSSL_SetIORecv(*ctx_s, test_memio_read_cb); + wolfSSL_SetIOSend(*ctx_s, test_memio_write_cb); + if (ctx->s_ciphers != NULL) { + ret = wolfSSL_CTX_set_cipher_list(*ctx_s, ctx->s_ciphers); + if (ret != WOLFSSL_SUCCESS) { + if (ctx_s != NULL) { + wolfSSL_CTX_free(*ctx_s); + *ctx_s = NULL; + } + if (ctx_c != NULL) { + wolfSSL_CTX_free(*ctx_c); + *ctx_c = NULL; + } + return -1; + } + } + } + + if (ctx_c != NULL && ssl_c != NULL) { + *ssl_c = wolfSSL_new(*ctx_c); + if (*ssl_c == NULL) { + if (ctx_s != NULL) { + wolfSSL_CTX_free(*ctx_s); + *ctx_s = NULL; + } + if (ctx_c != NULL) { + wolfSSL_CTX_free(*ctx_c); + *ctx_c = NULL; + } + return -1; + } + wolfSSL_SetIOWriteCtx(*ssl_c, ctx); + wolfSSL_SetIOReadCtx(*ssl_c, ctx); + } + if (ctx_s != NULL && ssl_s != NULL) { + *ssl_s = wolfSSL_new(*ctx_s); + if (*ssl_s == NULL) { + if (ssl_c != NULL) { + wolfSSL_free(*ssl_c); + *ssl_c = NULL; + } + if (ctx_s != NULL) { + wolfSSL_CTX_free(*ctx_s); + *ctx_s = NULL; + } + if (ctx_c != NULL) { + wolfSSL_CTX_free(*ctx_c); + *ctx_c = NULL; + } + return -1; + } + wolfSSL_SetIOWriteCtx(*ssl_s, ctx); + wolfSSL_SetIOReadCtx(*ssl_s, ctx); +#if !defined(NO_DH) + SetDH(*ssl_s); +#endif + } + + return 0; +} + +void test_memio_simulate_want_write(struct test_memio_ctx *ctx, int is_client, + int enable) +{ + if (ctx == NULL) + return; + + if (is_client) + ctx->c_force_want_write = (enable != 0); + else + ctx->s_force_want_write = (enable != 0); +} + +void test_memio_clear_buffer(struct test_memio_ctx *ctx, int is_client) +{ + if (is_client) { + ctx->c_len = 0; + ctx->c_msg_pos = 0; + ctx->c_msg_count = 0; + ctx->c_force_want_write = 0; + } else { + ctx->s_len = 0; + ctx->s_msg_pos = 0; + ctx->s_msg_count = 0; + ctx->s_force_want_write = 0; + } +} + +/* Inject a message into the buffer for client or server */ +int test_memio_inject_message(struct test_memio_ctx* ctx, int client, + const char* data, int sz) +{ + int* len; + int* msg_count; + int* msg_sizes; + byte* buff; + + /* Select buffer and metadata for client or server */ + if (client) { + buff = ctx->c_buff; + len = &ctx->c_len; + msg_count = &ctx->c_msg_count; + msg_sizes = ctx->c_msg_sizes; + } + else { + buff = ctx->s_buff; + len = &ctx->s_len; + msg_count = &ctx->s_msg_count; + msg_sizes = ctx->s_msg_sizes; + } + + /* Check if buffer has enough space for new message */ + if (*len + sz > TEST_MEMIO_BUF_SZ) { + return -1; + } + /* Check if message count does not exceed maximum allowed */ + if (*msg_count >= TEST_MEMIO_MAX_MSGS) { + return -1; + } + + /* Copy message data into buffer */ + XMEMCPY(buff + *len, data, (size_t)sz); + + /* Record message size and increment message count */ + msg_sizes[*msg_count] = sz; + (*msg_count)++; + *len += sz; + + return 0; +} + +/* Copy a message from the buffer to an output buffer */ +int test_memio_copy_message(const struct test_memio_ctx *ctx, int client, + char *out, int *out_sz, int msg_pos) +{ + const char* buff = NULL; + int buff_sz = 0; + + /* Retrieve message pointer and size for given position */ + if (test_memio_get_message(ctx, client, &buff, &buff_sz, msg_pos) != 0) + return -1; + + /* Ensure output buffer is large enough */ + if (*out_sz < buff_sz) + return -1; + + /* Copy message to output buffer */ + XMEMCPY(out, buff, (size_t)buff_sz); + *out_sz = buff_sz; + + return 0; +} + +/* Get a pointer and size to a message in the buffer */ +int test_memio_get_message(const struct test_memio_ctx *ctx, int client, + const char **out, int *out_sz, int msg_pos) +{ + int msg_count; + const int* msg_sizes; + int i; + const byte* buff; + + /* Select buffer and message metadata for client or server */ + if (client) { + buff = ctx->c_buff; + msg_count = ctx->c_msg_count; + msg_sizes = ctx->c_msg_sizes; + } + else { + buff = ctx->s_buff; + msg_count = ctx->s_msg_count; + msg_sizes = ctx->s_msg_sizes; + } + + /* Validate message position */ + if (msg_pos < 0 || msg_pos >= msg_count) { + return -1; + } + + /* Find start of the message in the buffer */ + for (i = 0; i < msg_pos; i++) { + buff += msg_sizes[i]; + } + + /* Set output pointers to message data and size */ + *out = (const char*)buff; + *out_sz = msg_sizes[msg_pos]; + + return 0; +} + +int test_memio_move_message(struct test_memio_ctx *ctx, int client, + int msg_pos_in, int msg_pos_out) +{ + int msg_count; + int* msg_sizes; + int i; + byte* buff; + byte* buff_in; + byte* buff_out; + int total_size = 0; + int msg_in_size; + + /* Select buffer and message metadata for client or server */ + if (client) { + buff = buff_in = buff_out = ctx->c_buff; + msg_count = ctx->c_msg_count; + msg_sizes = ctx->c_msg_sizes; + } + else { + buff = buff_in = buff_out = ctx->s_buff; + msg_count = ctx->s_msg_count; + msg_sizes = ctx->s_msg_sizes; + } + + /* Validate input and output message positions */ + if (msg_pos_in < 0 || msg_pos_in >= msg_count) + return -1; + if (msg_pos_out < 0 || msg_pos_out >= msg_count) + msg_pos_out = msg_count-1; + if (msg_pos_in == msg_pos_out) + return 0; + + /* Get the size of the message to move */ + msg_in_size = msg_sizes[msg_pos_in]; + + /* Calculate the total size of all messages */ + for (i = 0; i < msg_count; i++) + total_size += msg_sizes[i]; + + /* Check if buffer has enough space for the move */ + if (total_size + msg_in_size > TEST_MEMIO_BUF_SZ) + return -1; + + /* Find the start of the input message in the buffer */ + for (i = 0; i < msg_pos_in; i++) + buff_in += msg_sizes[i]; + + /* Find the position to move the message to in the buffer */ + for (i = 0; i < msg_pos_out + (msg_pos_out > msg_pos_in ? 1 : 0); i++) + buff_out += msg_sizes[i]; + + /* Make space for the moved message at the output position */ + XMEMMOVE(buff_out + msg_in_size, buff_out, + total_size - (buff_out - buff)); + total_size += msg_in_size; + + /* Adjust input pointer if it was after the output position */ + if (buff_in > buff_out) + buff_in += msg_in_size; + + /* Copy the message to its new position */ + XMEMCPY(buff_out, buff_in, msg_in_size); + + /* Remove the original message from its old position */ + XMEMMOVE(buff_in, buff_in + msg_in_size, + total_size - (buff_in - buff) - msg_in_size); + + /* Update the message sizes array to reflect the move */ + if (msg_pos_in < msg_pos_out) { + XMEMMOVE(msg_sizes + msg_pos_in, msg_sizes + msg_pos_in + 1, + sizeof(*msg_sizes) * + ((msg_sizes + msg_pos_out) - (msg_sizes + msg_pos_in))); + msg_sizes[msg_pos_out] = msg_in_size; + } + else { + XMEMMOVE(msg_sizes + msg_pos_out + 1, msg_sizes + msg_pos_out, + sizeof(*msg_sizes) * + ((msg_sizes + msg_pos_in) - (msg_sizes + msg_pos_out))); + msg_sizes[msg_pos_out] = msg_in_size; + } + + return 0; +} + +/* Drop (remove) a message from the buffer and update metadata */ +int test_memio_drop_message(struct test_memio_ctx *ctx, int client, int msg_pos) +{ + int *len; + int *msg_count; + int *msg_sizes; + int msg_off, msg_sz; + int i; + byte *buff; + + /* Select buffer and metadata for client or server */ + if (client) { + buff = ctx->c_buff; + len = &ctx->c_len; + msg_count = &ctx->c_msg_count; + msg_sizes = ctx->c_msg_sizes; + } else { + buff = ctx->s_buff; + len = &ctx->s_len; + msg_count = &ctx->s_msg_count; + msg_sizes = ctx->s_msg_sizes; + } + + /* Check for empty message list */ + if (*msg_count == 0) { + return -1; + } + + msg_off = 0; + /* Validate message position */ + if (msg_pos >= *msg_count) { + return -1; + } + + /* Find offset and size of message to drop */ + msg_sz = msg_sizes[msg_pos]; + for (i = 0; i < msg_pos; i++) { + msg_off += msg_sizes[i]; + } + + /* Remove message from buffer by shifting remaining data */ + XMEMMOVE(buff + msg_off, buff + msg_off + msg_sz, *len - msg_off - msg_sz); + + /* Update message sizes array */ + for (i = msg_pos; i < *msg_count - 1; i++) { + msg_sizes[i] = msg_sizes[i + 1]; + } + + /* Update buffer length and message count */ + *len -= msg_sz; + (*msg_count)--; + + return 0; +} + +/* Remove a region from the buffer, possibly dropping or shrinking a message */ +int test_memio_remove_from_buffer(struct test_memio_ctx* ctx, int client, + int off, int sz) +{ + int* len; + int* msg_count; + int* msg_sizes; + int msg_off; + int i; + byte* buff; + + /* Select buffer and metadata for client or server */ + if (client) { + buff = ctx->c_buff; + len = &ctx->c_len; + msg_count = &ctx->c_msg_count; + msg_sizes = ctx->c_msg_sizes; + } + else { + buff = ctx->s_buff; + len = &ctx->s_len; + msg_count = &ctx->s_msg_count; + msg_sizes = ctx->s_msg_sizes; + } + + /* Validate buffer and offset */ + if (*len == 0) { + return -1; + } + if (off >= *len) { + return -1; + } + if (off + sz > *len) { + return -1; + } + + /* Find which message the offset is in */ + msg_off = 0; + for (i = 0; i < *msg_count; i++) { + if (off >= msg_off && off < msg_off + msg_sizes[i]) { + break; + } + msg_off += msg_sizes[i]; + } + + /* Don't support records split across messages */ + if (off + sz > msg_off + msg_sizes[i]) { + return -1; + } + if (i == *msg_count) { + return -1; + } + + /* If removing entire message, drop it */ + if (sz == msg_sizes[i]) { + return test_memio_drop_message(ctx, client, i); + } + + /* Remove part of message by shifting buffer and updating size */ + XMEMMOVE(buff + off, buff + off + sz, *len - off - sz); + msg_sizes[i] -= sz; + *len -= sz; + + return 0; +} + +/* Modify the length of a message in the buffer, shifting data as needed */ +int test_memio_modify_message_len(struct test_memio_ctx* ctx, int client, + int msg_pos, int new_len) +{ + int* len; + int* msg_count; + int* msg_sizes; + int msg_off, msg_sz; + int i; + byte* buff; + + /* Select buffer and metadata for client or server */ + if (client) { + buff = ctx->c_buff; + len = &ctx->c_len; + msg_count = &ctx->c_msg_count; + msg_sizes = ctx->c_msg_sizes; + } + else { + buff = ctx->s_buff; + len = &ctx->s_len; + msg_count = &ctx->s_msg_count; + msg_sizes = ctx->s_msg_sizes; + } + + /* Validate message count and position */ + if (*msg_count == 0) { + return -1; + } + if (msg_pos >= *msg_count) { + return -1; + } + + /* Find offset and size of message to modify */ + msg_off = 0; + for (i = 0; i < msg_pos; i++) { + msg_off += msg_sizes[i]; + } + msg_sz = msg_sizes[msg_pos]; + + /* Check if buffer has enough space for length increase */ + if (new_len > msg_sz) { + if (*len + (new_len - msg_sz) > TEST_MEMIO_BUF_SZ) { + return -1; + } + } + + /* Shift buffer contents to accommodate new message length */ + XMEMMOVE(buff + msg_off + new_len, buff + msg_off + msg_sz, + *len - msg_off - msg_sz); + + /* Update message size and buffer length */ + msg_sizes[msg_pos] = new_len; + *len = *len - msg_sz + new_len; + + return 0; +} + +int test_memio_setup(struct test_memio_ctx *ctx, + WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s, + method_provider method_c, method_provider method_s) +{ + return test_memio_setup_ex(ctx, ctx_c, ctx_s, ssl_c, ssl_s, method_c, + method_s, NULL, 0, NULL, 0, NULL, 0); +} + +#endif /* HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES */ diff --git a/test/ssl/wolfssl/tests/utils.h b/test/ssl/wolfssl/tests/utils.h new file mode 100644 index 000000000..aa5c2d436 --- /dev/null +++ b/test/ssl/wolfssl/tests/utils.h @@ -0,0 +1,85 @@ +/* utils.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include +#include +#include +#include + +#ifndef TESTS_UTILS_H +#define TESTS_UTILS_H + +#if !defined(NO_FILESYSTEM) && !defined(NO_CERTS) && \ + (!defined(NO_RSA) || defined(HAVE_RPK)) && \ + !defined(NO_WOLFSSL_SERVER) && !defined(NO_WOLFSSL_CLIENT) && \ + (!defined(WOLFSSL_NO_TLS12) || defined(WOLFSSL_TLS13)) +#define HAVE_MANUAL_MEMIO_TESTS_DEPENDENCIES +#define TEST_MEMIO_BUF_SZ (64 * 1024) +#define TEST_MEMIO_MAX_MSGS 32 + +struct test_memio_ctx +{ + byte c_buff[TEST_MEMIO_BUF_SZ]; + int c_len; + const char* c_ciphers; + byte s_buff[TEST_MEMIO_BUF_SZ]; + int s_len; + const char* s_ciphers; + + int c_force_want_write; + int s_force_want_write; + + int c_msg_sizes[TEST_MEMIO_MAX_MSGS]; + int c_msg_count; + int c_msg_pos; + + int s_msg_sizes[TEST_MEMIO_MAX_MSGS]; + int s_msg_count; + int s_msg_pos; +}; +int test_memio_write_cb(WOLFSSL *ssl, char *data, int sz, void *ctx); +int test_memio_read_cb(WOLFSSL *ssl, char *data, int sz, void *ctx); +int test_memio_do_handshake(WOLFSSL *ssl_c, WOLFSSL *ssl_s, + int max_rounds, int *rounds); +int test_memio_setup(struct test_memio_ctx *ctx, + WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s, + method_provider method_c, method_provider method_s); +int test_memio_setup_ex(struct test_memio_ctx *ctx, + WOLFSSL_CTX **ctx_c, WOLFSSL_CTX **ctx_s, WOLFSSL **ssl_c, WOLFSSL **ssl_s, + method_provider method_c, method_provider method_s, + byte *caCert, int caCertSz, byte *serverCert, int serverCertSz, + byte *serverKey, int serverKeySz); +void test_memio_simulate_want_write(struct test_memio_ctx *ctx, int is_client, + int enable); +void test_memio_clear_buffer(struct test_memio_ctx *ctx, int is_client); +int test_memio_inject_message(struct test_memio_ctx *ctx, int client, const char *data, int sz); +int test_memio_copy_message(const struct test_memio_ctx *ctx, int client, + char *out, int *out_sz, int msg_pos); +int test_memio_get_message(const struct test_memio_ctx *ctx, int client, + const char **out, int *out_sz, int msg_pos); +int test_memio_move_message(struct test_memio_ctx *ctx, int client, + int msg_pos_in, int msg_pos_out); +int test_memio_drop_message(struct test_memio_ctx *ctx, int client, int msg_pos); +int test_memio_modify_message_len(struct test_memio_ctx *ctx, int client, int msg_pos, int new_len); +int test_memio_remove_from_buffer(struct test_memio_ctx *ctx, int client, int off, int sz); +#endif + +#endif /* TESTS_UTILS_H */ diff --git a/test/ssl/wolfssl/tests/w64wrapper.c b/test/ssl/wolfssl/tests/w64wrapper.c new file mode 100644 index 000000000..964ce1b76 --- /dev/null +++ b/test/ssl/wolfssl/tests/w64wrapper.c @@ -0,0 +1,214 @@ +/* w64wrapper.c w64wrapper unit tests + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#include + +#ifdef WOLFSSL_W64_WRAPPER + +#ifndef NO_INLINE +#define WOLFSSL_MISC_INCLUDED +#include +#else +#include +#endif + +int w64wrapper_test(void) +{ + w64wrapper a, b, c; + byte wrap, raw[8]; + + a = w64From32(0x01020304, 0x05060708); +#if defined(WORD64_AVAILABLE) && !defined(WOLFSSL_W64_WRAPPER_TEST) + if (a.n != 0x0102030405060708LL) + return -1; +#else + if (a.n[0] != 0x01020304 || a.n[1] != 0x05060708) + return -1; +#endif /* WORD64_AVAILABLE && WOLFSSL_W64_WRAPPER_TEST */ + + if (w64GetLow32(a) != 0x05060708) + return -2; + if (w64GetHigh32(a) != 0x01020304) + return -3; + w64SetLow32(&a, 0xabcdefff); + if (w64GetLow32(a) != 0xabcdefff || w64GetHigh32(a) != 0x01020304) + return -4; + + a = w64From32(0,0); + w64Increment(&a); + if (w64GetLow32(a) != 1 || w64GetHigh32(a) != 0) + return -5; + + a = w64From32(0, 0xffffffff); + w64Increment(&a); + if (w64GetLow32(a) != 0 || w64GetHigh32(a) != 1) + return -6; + + a = w64From32(0,1); + w64Decrement(&a); + if (w64GetLow32(a) != 0 || w64GetHigh32(a) != 0) + return -7; + + a = w64From32(1,0); + w64Decrement(&a); + if (w64GetLow32(a) != 0xffffffff || w64GetHigh32(a) != 0) + return -8; + + a = w64From32(0xabcdef, 0xdeed); + b = w64From32(0xabcdef, 0xdeed); + if (!w64Equal(a, b)) + return -9; + + a = w64From32(1, 1); + b = w64From32(0, 1); + if (w64Equal(a, b)) + return -10; + + wrap = 0; + a = w64From32(0x0, 0x1); + b = w64Add32(a, 0x1, &wrap); + if (w64GetLow32(b) != 0x2 || w64GetHigh32(b) != 0x0 || wrap) + return -11; + + wrap = 0; + a = w64From32(0x0, 0xffffffff); + b = w64Add32(a, 0x1, &wrap); + if (w64GetLow32(b) != 0x0 || w64GetHigh32(b) != 0x01 || wrap) + return -12; + + wrap = 0; + a = w64From32(0xffffffff, 0xffffffff); + b = w64Add32(a, 0x1, &wrap); + if (w64GetLow32(b) != 0x0 || w64GetHigh32(b) != 0x00 || !wrap) + return -13; + + wrap = 0; + a = w64From32(0x0, 0x1); + b = w64Sub32(a, 0x1, &wrap); + if (w64GetLow32(b) != 0x0 || w64GetHigh32(b) != 0x00 || wrap) + return -14; + + wrap = 0; + a = w64From32(0xffffffff, 0x0); + b = w64Sub32(a, 0x1, &wrap); + if (w64GetLow32(b) != 0xffffffff || + w64GetHigh32(b) != 0xfffffffe || wrap) + return -15; + + wrap = 0; + a = w64From32(0x0, 0x0); + b = w64Sub32(a, 0x1, &wrap); + if (w64GetLow32(b) != 0xffffffff || + w64GetHigh32(b) != 0xffffffff || !wrap) + return -16; + + a = w64From32(0x0, 0x0); + b = w64From32(0x0, 0x0); + if (w64GT(a,b) || w64GT(b,a) || !w64GTE(a,b) || w64LT(a,b) || w64LT(b,a)) + return -17; + + a = w64From32(0x0, 0x1); + b = w64From32(0x0, 0x0); + if (!w64GT(a, b) || w64GT(b, a) || !w64GTE(a, b) || w64GTE(b, a) || + w64LT(a, b) || !w64LT(b, a)) + return -18; + + a = w64From32(0x1, 0x0); + b = w64From32(0x0, 0x0); + if (!w64GT(a, b) || w64GT(b, a) || !w64GTE(a, b) || w64GTE(b, a) || + !w64LT(b, a) || w64LT(a, b)) + return -19; + + a = w64From32(0x1, 0x0); + b = w64From32(0x1, 0x0); + if (w64GT(a,b) || w64GT(b,a) || !w64GTE(a,b) || w64LT(a,b)) + return -20; + + a = w64From32(0x1, 0x1); + b = w64From32(0x1, 0x0); + if (!w64GT(a, b) || w64GT(b, a) || !w64GTE(a, b) || w64GTE(b, a) || + w64LT(a, b) || !w64LT(b, a)) + return -21; + + a = w64From32(0x2, 0x1); + b = w64From32(0x1, 0x3); + if (!w64GT(a, b) || w64GT(b, a) || !w64GTE(a, b) || w64GTE(b, a) || + w64LT(a, b) || !w64LT(b, a)) + return -22; + + a = w64From32(0x0, 0x0); + if (!w64IsZero(a)) + return -23; + + a = w64From32(0x01020304, 0x05060708); + c64toa(&a, raw); + if (raw[0] != 0x01 + ||raw[1] != 0x02 + ||raw[2] != 0x03 + ||raw[3] != 0x04 + ||raw[4] != 0x05 + ||raw[5] != 0x06 + ||raw[6] != 0x07 + ||raw[7] != 0x08) { + return -24; + } + + b = w64From32(0x0,0x0); + ato64(raw, &b); + if (w64GetHigh32(b) != 0x01020304 || w64GetLow32(b) != 0x05060708) + return -25; + + w64Zero(&b); + if (w64GetHigh32(b) != 0x0 || w64GetLow32(b) != 0x0) + return -26; + + b = w64From32(0x0, 0xffffffff); + w64Increment(&b); + if (w64GetHigh32(b) != 0x1 || w64GetLow32(b) != 0x0) + return -27; + b = w64From32(0xffffffff, 0xffffffff); + w64Increment(&b); + if (w64GetHigh32(b) != 0x0 || w64GetLow32(b) != 0x0) + return -28; + b = w64From32(0xffffffff, 0x0); + w64Decrement(&b); + if (w64GetHigh32(b) != 0xfffffffe || w64GetLow32(b) != 0xffffffff) + return -29; + + a = w64From32(0x01, 0x20); + b = w64From32(0x01, 0x10); + c = w64Sub(a,b); + if (w64GetHigh32(c) != 0x0 || w64GetLow32(c) != 0x10) + return -30; + c = w64Sub(b,a); + if (w64GetHigh32(c) != 0xffffffff || w64GetLow32(c) != 0xfffffff0) + return -31; + + a = w64From32(0x01, 0x10); + b = w64From32(0x00, 0x20); + c = w64Sub(a,b); + if (w64GetHigh32(c) != 0x00000000 || w64GetLow32(c) != 0xfffffff0) + return -32; + + return 0; +} + +#endif /* WOLFSSL_W64_WRAPPER */ diff --git a/test/ssl/wolfssl/testsuite/utils.h b/test/ssl/wolfssl/testsuite/utils.h new file mode 100644 index 000000000..9a2625804 --- /dev/null +++ b/test/ssl/wolfssl/testsuite/utils.h @@ -0,0 +1,40 @@ +/* utils.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* This is a set of utility functions that are used by testsuite.c. They are + * also used in api.c but we want to keep the utils for testsuite.c as small + * as possible. */ + +#ifndef TESTSUITE_UTILS_H +#define TESTSUITE_UTILS_H + +/* Return + * tmpDir on success + * NULL on failure */ +char* create_tmp_dir(char* tmpDir, int len); +/* Remaining functions return + * 0 on success + * -1 on failure */ +int rem_dir(const char* dirName); +int rem_file(const char* fileName); +int copy_file(const char* in, const char* out); + +#endif /* TESTSUITE_UTILS_H */ diff --git a/test/ssl/wolfssl/testsuite/utils1.c b/test/ssl/wolfssl/testsuite/utils1.c new file mode 100644 index 000000000..6579b6d7f --- /dev/null +++ b/test/ssl/wolfssl/testsuite/utils1.c @@ -0,0 +1,191 @@ +/* utils.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include + +#include +#include +#include + +#ifndef NO_FILESYSTEM + +#if defined(_MSC_VER) +#include +#elif defined(__WATCOMC__) +#ifdef __LINUX__ +#include +#else +#include +#endif +#endif + +#define TMP_DIR_PREFIX "tmpDir-" +/* len is length of tmpDir name, assuming + * len does not include null terminating character */ +char* create_tmp_dir(char *tmpDir, int len) +{ + if (len < (int)XSTR_SIZEOF(TMP_DIR_PREFIX)) + return NULL; + + XMEMCPY(tmpDir, TMP_DIR_PREFIX, XSTR_SIZEOF(TMP_DIR_PREFIX)); + + if (mymktemp(tmpDir, len, len - (int)XSTR_SIZEOF(TMP_DIR_PREFIX)) == NULL) + return NULL; + +#ifdef _MSC_VER + if (_mkdir(tmpDir) != 0) + return NULL; +#elif defined(__MINGW32__) + if (mkdir(tmpDir) != 0) + return NULL; +#elif defined(__WATCOMC__) && !defined(__LINUX__) + if (mkdir(tmpDir) != 0) + return NULL; +#else + if (mkdir(tmpDir, 0700) != 0) + return NULL; +#endif + + return tmpDir; +} + +int rem_dir(const char* dirName) +{ +#ifdef _MSC_VER + if (_rmdir(dirName) != 0) + return -1; +#else + if (rmdir(dirName) != 0) + return -1; +#endif + return 0; +} + +int rem_file(const char* fileName) +{ +#ifdef _MSC_VER + if (_unlink(fileName) != 0) + return -1; +#else + if (unlink(fileName) != 0) + return -1; +#endif + return 0; +} + +int copy_file(const char* in, const char* out) +{ + byte buf[100]; + XFILE inFile = XBADFILE; + XFILE outFile = XBADFILE; + size_t sz; + int ret = -1; + + inFile = XFOPEN(in, "rb"); + if (inFile == XBADFILE) + goto cleanup; + + outFile = XFOPEN(out, "wb"); + if (outFile == XBADFILE) + goto cleanup; + + while ((sz = XFREAD(buf, 1, sizeof(buf), inFile)) != 0) { + if (XFERROR(inFile)) + goto cleanup; + if (XFWRITE(buf, 1, sz, outFile) != sz) + goto cleanup; + if (XFEOF(inFile)) + break; + } + + ret = 0; +cleanup: + if (inFile != XBADFILE) + XFCLOSE(inFile); + if (outFile != XBADFILE) + XFCLOSE(outFile); + return ret; +} + +#if defined(__MACH__) || defined(__FreeBSD__) +int link_file(const char* in, const char* out) +{ + return link(in, out); +} +#endif +#endif /* !NO_FILESYSTEM */ + +#if !defined(SINGLE_THREADED) && defined(WOLFSSL_COND) +void signal_ready(tcp_ready* ready) +{ + THREAD_CHECK_RET(wolfSSL_CondStart(&ready->cond)); + ready->ready = 1; + THREAD_CHECK_RET(wolfSSL_CondSignal(&ready->cond)); + THREAD_CHECK_RET(wolfSSL_CondEnd(&ready->cond)); +} +#endif + +void wait_tcp_ready(func_args* args) +{ +#if !defined(SINGLE_THREADED) && defined(WOLFSSL_COND) + tcp_ready* ready = args->signal; + THREAD_CHECK_RET(wolfSSL_CondStart(&ready->cond)); + if (!ready->ready) { + THREAD_CHECK_RET(wolfSSL_CondWait(&ready->cond)); + } + ready->ready = 0; /* reset */ + THREAD_CHECK_RET(wolfSSL_CondEnd(&ready->cond)); +#else + /* no threading wait or single threaded */ + (void)args; +#endif +} + +#ifndef SINGLE_THREADED +/* Start a thread. + * + * @param [in] fun Function to execute in thread. + * @param [in] args Object to send to function in thread. + * @param [out] thread Handle to thread. + */ +void start_thread(THREAD_CB fun, func_args* args, THREAD_TYPE* thread) +{ + THREAD_CHECK_RET(wolfSSL_NewThread(thread, fun, args)); +} + + +/* Join thread to wait for completion. + * + * @param [in] thread Handle to thread. + */ +void join_thread(THREAD_TYPE thread) +{ + THREAD_CHECK_RET(wolfSSL_JoinThread(thread)); +} +#endif /* SINGLE_THREADED */ + diff --git a/test/ssl/wolfssl/wolfcrypt/benchmark/README.md b/test/ssl/wolfssl/wolfcrypt/benchmark/README.md new file mode 100644 index 000000000..bbc928200 --- /dev/null +++ b/test/ssl/wolfssl/wolfcrypt/benchmark/README.md @@ -0,0 +1,123 @@ +# wolfCrypt Benchmarks + +Tool for performing cryptographic algorithm benchmarking. + +## Measurements + +* Symmetric algorithms like AES and ChaCha20 are measured in Killobytes (KB) or Megabytes (MB) per second. +* Asymmetric algorithms like RSA and ECC are measured using Operations Per Second (Ops) per second. +* When built with `--enable-memory --enable-trackmemory=verbose --enable-stacksize=verbose`, each result also reports peak heap bytes/allocations and peak stack bytes consumed during the timed run. + +## Compile Options + +Compile with the following options for fixed units. Otherwise the units will auto-scale. See `-base10` parameter option, below. + +`-DWOLFSSL_BENCHMARK_FIXED_UNITS_GB` for GB/GiB +`-DWOLFSSL_BENCHMARK_FIXED_UNITS_MB` for MB/MiB +`-DWOLFSSL_BENCHMARK_FIXED_UNITS_KB` for KB/KiB +`-DWOLFSSL_BENCHMARK_FIXED_UNITS_B` for Bytes + +To set the output to always be CSV: + +`-DWOLFSSL_BENCHMARK_FIXED_CSV` + +To track per-algorithm heap and stack usage in the output, configure wolfSSL with: + +``` +./configure --enable-memory --enable-trackmemory=verbose --enable-stacksize=verbose +``` + +## Usage + +```sh +./wolfcrypt/benchmark/benchmark -? +benchmark +-? Help, print this usage + 0: English, 1: Japanese +-csv Print terminal output in csv format +-base10 Display bytes as power of 10 (eg 1 kB = 1000 Bytes) +-no_aad No additional authentication data passed. +-dgst_full Full digest operation performed. +-rsa_sign Measure RSA sign/verify instead of encrypt/decrypt. + -rsa-sz + Measure RSA performance. +- Algorithm to benchmark. Available algorithms include: + cipher aes-cbc aes-gcm aes-ecb aes-xts aes-cfb aes-ctr aes-ccm + camellia arc4 chacha20 chacha20-poly1305 des + digest md5 poly1305 sha sha2 sha224 sha256 sha384 sha512 sha3 + sha3-224 sha3-256 sha3-384 sha3-512 ripemd + mac cmac hmac hmac-md5 hmac-sha hmac-sha224 hmac-sha256 + hmac-sha384 hmac-sha512 pbkdf2 + asym rsa-kg rsa rsa-sz dh ecc-kg ecc ecc-enc curve25519_kg x25519 + ed25519-kg ed25519 + other rng scrypt +-lng Display benchmark result by specified language. + 0: English, 1: Japanese + Size of block in bytes +``` + +The `-base10` option shows as thousands of bytes (kB). + +## Example Output + +Run on Intel(R) Core(TM) i7-7920HQ CPU @ 3.10GHz. + +```sh +./configure --enable-intelasm --enable-aesni --enable-sp --enable-sp-asm && make + +./wolfcrypt/benchmark/benchmark +------------------------------------------------------------------------------ + wolfSSL version 4.0.0 +------------------------------------------------------------------------------ +wolfCrypt Benchmark (block bytes 1048576, min 1.0 sec each) +RNG 180 MB took 1.022 seconds, 176.201 MB/s Cycles per byte = 16.76 +AES-128-CBC-enc 1250 MB took 1.002 seconds, 1247.878 MB/s Cycles per byte = 2.37 +AES-128-CBC-dec 4595 MB took 1.001 seconds, 4591.703 MB/s Cycles per byte = 0.64 +AES-192-CBC-enc 1005 MB took 1.003 seconds, 1002.018 MB/s Cycles per byte = 2.95 +AES-192-CBC-dec 4345 MB took 1.000 seconds, 4344.744 MB/s Cycles per byte = 0.68 +AES-256-CBC-enc 905 MB took 1.005 seconds, 900.386 MB/s Cycles per byte = 3.28 +AES-256-CBC-dec 3255 MB took 1.001 seconds, 3251.618 MB/s Cycles per byte = 0.91 +AES-128-GCM-enc 4730 MB took 1.001 seconds, 4726.267 MB/s Cycles per byte = 0.62 +AES-128-GCM-dec 5140 MB took 1.000 seconds, 5137.596 MB/s Cycles per byte = 0.57 +AES-192-GCM-enc 4475 MB took 1.001 seconds, 4471.056 MB/s Cycles per byte = 0.66 +AES-192-GCM-dec 3405 MB took 1.001 seconds, 3403.179 MB/s Cycles per byte = 0.87 +AES-256-GCM-enc 2640 MB took 1.000 seconds, 2638.905 MB/s Cycles per byte = 1.12 +AES-256-GCM-dec 2780 MB took 1.001 seconds, 2776.632 MB/s Cycles per byte = 1.06 +CHACHA 2615 MB took 1.000 seconds, 2614.357 MB/s Cycles per byte = 1.13 +CHA-POLY 1490 MB took 1.001 seconds, 1488.344 MB/s Cycles per byte = 1.98 +MD5 440 MB took 1.010 seconds, 435.763 MB/s Cycles per byte = 6.78 +POLY1305 4900 MB took 1.001 seconds, 4896.430 MB/s Cycles per byte = 0.60 +SHA 515 MB took 1.011 seconds, 509.459 MB/s Cycles per byte = 5.80 +SHA-224 425 MB took 1.005 seconds, 422.737 MB/s Cycles per byte = 6.98 +SHA-256 420 MB took 1.006 seconds, 417.312 MB/s Cycles per byte = 7.08 +SHA-384 615 MB took 1.003 seconds, 613.018 MB/s Cycles per byte = 4.82 +SHA-512 560 MB took 1.007 seconds, 556.230 MB/s Cycles per byte = 5.31 +SHA3-224 295 MB took 1.003 seconds, 294.133 MB/s Cycles per byte = 10.04 +SHA3-256 280 MB took 1.003 seconds, 279.088 MB/s Cycles per byte = 10.58 +SHA3-384 215 MB took 1.002 seconds, 214.654 MB/s Cycles per byte = 13.76 +SHA3-512 145 MB took 1.005 seconds, 144.266 MB/s Cycles per byte = 20.47 +HMAC-MD5 485 MB took 1.004 seconds, 483.019 MB/s Cycles per byte = 6.11 +HMAC-SHA 505 MB took 1.006 seconds, 502.159 MB/s Cycles per byte = 5.88 +HMAC-SHA224 415 MB took 1.007 seconds, 411.965 MB/s Cycles per byte = 7.17 +HMAC-SHA256 380 MB took 1.002 seconds, 379.398 MB/s Cycles per byte = 7.78 +HMAC-SHA384 610 MB took 1.006 seconds, 606.370 MB/s Cycles per byte = 4.87 +HMAC-SHA512 620 MB took 1.001 seconds, 619.377 MB/s Cycles per byte = 4.77 +RSA 2048 public 52000 ops took 1.001 sec, avg 0.019 ms, 51932.223 ops/sec +RSA 2048 private 1700 ops took 1.022 sec, avg 0.601 ms, 1662.697 ops/sec +DH 2048 key gen 3491 ops took 1.000 sec, avg 0.286 ms, 3490.745 ops/sec +DH 2048 agree 3500 ops took 1.014 sec, avg 0.290 ms, 3452.191 ops/sec +ECC 256 key gen 88961 ops took 1.000 sec, avg 0.011 ms, 88960.279 ops/sec +ECDHE 256 agree 20700 ops took 1.005 sec, avg 0.049 ms, 20605.239 ops/sec +ECDSA 256 sign 53200 ops took 1.001 sec, avg 0.019 ms, 53157.214 ops/sec +ECDSA 256 verify 17200 ops took 1.004 sec, avg 0.058 ms, 17124.208 ops/sec +Benchmark complete +``` + + +## Windows Visual Studio + +For building wolfCrypt Benchmark project in Visual Studio open the `benchmark.sln`. For newer Visual Studio version it may prompt for a one-way upgrade. If prompted to overwrite the `benchmark.vcxproj` project, select "No". Then you may have to right-click on the solution and choose `Retarget solution` to update the project files for your Visual Studio version. + +If you see an error about `rc.exe` then you'll need to update the "Target Platform Version". You can do this by right-clicking on the benchmark project -> General -> "Target Platform Version" and changing to 8.1 (needs to match the wolfssl library project). + +This solution includes the wolfSSL library project at `wolfssl.vcxproj` and will compile the library, then the benchmark project. diff --git a/test/ssl/wolfssl/wolfcrypt/benchmark/benchmark.c b/test/ssl/wolfssl/wolfcrypt/benchmark/benchmark.c new file mode 100644 index 000000000..1a710aaf5 --- /dev/null +++ b/test/ssl/wolfssl/wolfcrypt/benchmark/benchmark.c @@ -0,0 +1,16623 @@ +/* benchmark.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +/* wolfCrypt benchmark */ + +/* Some common, optional build settings: + * these can also be set in wolfssl/options.h or user_settings.h + * ------------------------------------------------------------- + * make the binary always use CSV format: + * WOLFSSL_BENCHMARK_FIXED_CSV + * + * choose to use the same units, regardless of scale. pick 1: + * WOLFSSL_BENCHMARK_FIXED_UNITS_GB + * WOLFSSL_BENCHMARK_FIXED_UNITS_MB + * WOLFSSL_BENCHMARK_FIXED_UNITS_KB + * WOLFSSL_BENCHMARK_FIXED_UNITS_B + * + * when the output should be in machine-parseable format: + * GENERATE_MACHINE_PARSEABLE_REPORT + * + * use microseconds as the unit of time: + * BENCH_MICROSECOND + * + * display mean, max, min and sd of operation durations: + * MULTI_VALUE_STATISTICS + * + * Enable tracking of the stats into an allocated linked list: + * (use -print to display results): + * WC_BENCH_TRACK_STATS + * + * set the default devId for cryptocb to the value instead of INVALID_DEVID + * WC_USE_DEVID=0x1234 + * + * Turn on benchmark timing debugging (CPU Cycles, RTOS ticks, etc) + * DEBUG_WOLFSSL_BENCHMARK_TIMING + * + * Turn on timer debugging (used when CPU cycles not available) + * WOLFSSL_BENCHMARK_TIMER_DEBUG + */ + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include /* also picks up user_settings.h */ + +/* Macro to disable benchmark */ +#ifndef NO_CRYPT_BENCHMARK + +#ifdef WOLFSSL_ASYNC_CRYPT + #define WOLFSSL_SMALL_STACK +#endif +#define WC_ALLOC_DO_ON_FAILURE() do { printf("out of memory at benchmark.c L %d\n", __LINE__); ret = MEMORY_E; goto exit; } while (0) + +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef WOLFSSL_LINUXKM + /* remap current_time() -- collides with a function in kernel linux/fs.h */ + #define current_time benchmark_current_time +#endif /* WOLFSSL_LINUXKM */ + +#ifdef HAVE_CHACHA + #include +#endif +#ifdef HAVE_POLY1305 + #include +#endif +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + #include +#endif +#ifndef NO_AES + #include +#endif +#ifdef HAVE_CAMELLIA + #include +#endif +#ifdef WOLFSSL_SM4 + #include +#endif +#ifndef NO_MD5 + #include +#endif +#ifndef NO_SHA + #include +#endif +#ifndef NO_SHA256 + #include +#endif +#if defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384) + #include +#endif +#ifdef WOLFSSL_SHA3 + #include +#endif +#ifdef WOLFSSL_SM3 + #include +#endif +#ifndef NO_RSA + #include +#endif +#ifdef WOLFSSL_RIPEMD + #include +#endif +#ifdef WOLFSSL_CMAC + #include +#endif +#ifndef NO_DH + #include +#endif +#ifndef NO_DES3 + #include +#endif +#ifndef NO_RC4 + #include +#endif +#ifndef NO_HMAC + #include +#endif +#ifdef WOLFSSL_SIPHASH + #include +#endif + #include +#ifndef NO_PWDBASED + #include +#endif +#ifdef HAVE_ECC + #include +#endif +#ifdef WOLFSSL_SM2 + #include +#endif +#ifdef HAVE_CURVE25519 + #include +#endif +#ifdef HAVE_ED25519 + #include +#endif +#ifdef HAVE_CURVE448 + #include +#endif +#ifdef HAVE_ED448 + #include +#endif +#ifdef WOLFSSL_HAVE_MLKEM + #include + #ifdef WOLFSSL_WC_MLKEM + #include + #endif + #if defined(HAVE_LIBOQS) + #include + #endif +#endif +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) + #include + #ifdef HAVE_LIBLMS + #include + #else + #include + #endif +#endif +#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) + #include + #ifdef HAVE_LIBXMSS + #include + #else + #include + #endif +#endif +#ifdef WOLFCRYPT_HAVE_ECCSI + #include +#endif +#ifdef WOLFCRYPT_HAVE_SAKKE + #include +#endif + +#if defined(HAVE_FALCON) + #include +#endif +#if defined(HAVE_DILITHIUM) + #include +#endif +#if defined(HAVE_SPHINCS) + #include +#endif + +#ifdef WOLF_CRYPTO_CB + #include + #ifdef HAVE_INTEL_QA_SYNC + #include + #endif + #ifdef HAVE_CAVIUM_OCTEON_SYNC + #include + #endif + #ifdef HAVE_RENESAS_SYNC + #include + #endif + #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include + #endif +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif + +#include + +#ifdef USE_FLAT_BENCHMARK_H + #include "benchmark.h" +#else + #include "wolfcrypt/benchmark/benchmark.h" +#endif + +/* define the max length for each string of metric reported */ +#ifndef WC_BENCH_MAX_LINE_LEN +#define WC_BENCH_MAX_LINE_LEN 150 +#endif + +/* default units per second. See WOLFSSL_BENCHMARK_FIXED_UNITS_* to change */ +#define WOLFSSL_FIXED_UNIT "MB" /* may be re-set by fixed units */ +#define MILLION_VALUE 1000000.0 + +#ifdef BENCH_MICROSECOND + #define WOLFSSL_FIXED_TIME_UNIT "μs" + #define WOLFSSL_BENCHMARK_FIXED_UNITS_KB +#else + #define WOLFSSL_FIXED_TIME_UNIT "s" +#endif + +#if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY) + #define WC_BENCH_HEAP_TRACKING +#endif + +#if defined(HAVE_STACK_SIZE_VERBOSE) + #define WC_BENCH_STACK_TRACKING +#endif + +#if (defined(WC_BENCH_HEAP_TRACKING) || defined(WC_BENCH_STACK_TRACKING)) && \ + (WC_BENCH_MAX_LINE_LEN < 240) + #undef WC_BENCH_MAX_LINE_LEN + #define WC_BENCH_MAX_LINE_LEN 240 +#endif + +#if defined(WC_BENCH_HEAP_TRACKING) || defined(WC_BENCH_STACK_TRACKING) + #include +#endif + +#ifdef WC_BENCH_STACK_TRACKING +static long bench_last_stack_bytes; +#define BENCH_LAST_STACK_BYTES bench_last_stack_bytes +#else +#define BENCH_LAST_STACK_BYTES 0 +#endif + +#ifdef WC_BENCH_HEAP_TRACKING +static long bench_heap_baseline_allocs; +static long bench_heap_baseline_bytes; + +static WC_INLINE void bench_heap_checkpoint_prepare(void) +{ + (void)wolfCrypt_heap_peakAllocs_checkpoint(); + bench_heap_baseline_allocs = wolfCrypt_heap_peakAllocs_checkpoint(); + (void)wolfCrypt_heap_peakBytes_checkpoint(); + bench_heap_baseline_bytes = wolfCrypt_heap_peakBytes_checkpoint(); +} + +static WC_INLINE void bench_heap_checkpoint_measure(long* allocs, + long* bytes) +{ + long peak_allocs = wolfCrypt_heap_peakAllocs_checkpoint(); + long peak_bytes = wolfCrypt_heap_peakBytes_checkpoint(); + + if (allocs != NULL) { + long relative = peak_allocs - bench_heap_baseline_allocs; + *allocs = (relative > 0) ? relative : 0; + } + if (bytes != NULL) { + long relative = peak_bytes - bench_heap_baseline_bytes; + *bytes = (relative > 0) ? relative : 0; + } + + bench_heap_baseline_allocs = wolfCrypt_heap_peakAllocs_checkpoint(); + bench_heap_baseline_bytes = wolfCrypt_heap_peakBytes_checkpoint(); +} +#else +static WC_INLINE void bench_heap_checkpoint_prepare(void) {} +static WC_INLINE void bench_heap_checkpoint_measure(long* allocs, + long* bytes) +{ + if (allocs != NULL) + *allocs = 0; + if (bytes != NULL) + *bytes = 0; +} +#endif + +#ifdef WC_BENCH_STACK_TRACKING +static WC_INLINE void bench_stack_checkpoint_prepare(void) +{ + (void)StackSizeHWMReset(); +} + +static WC_INLINE long bench_stack_checkpoint_measure(void) +{ + long used = (long)StackSizeHWM_OffsetCorrected(); + if (used < 0) + used = 0; + (void)StackSizeHWMReset(); +#ifdef WC_BENCH_STACK_TRACKING + bench_last_stack_bytes = used; +#endif + return used; +} +#else +static WC_INLINE void bench_stack_checkpoint_prepare(void) {} +static WC_INLINE long bench_stack_checkpoint_measure(void) +{ + return 0; +} +#endif + +#if defined(WC_BENCH_HEAP_TRACKING) || defined(WC_BENCH_STACK_TRACKING) +static int bench_stats_resources_prepared; +#ifdef WC_BENCH_HEAP_TRACKING +static long bench_stats_heap_setup_allocs; +static long bench_stats_heap_setup_bytes; +#endif +#ifdef WC_BENCH_STACK_TRACKING +static long bench_stats_stack_setup_bytes; +#endif + +static WC_INLINE void bench_stats_reset_setup_offsets(void) +{ +#ifdef WC_BENCH_HEAP_TRACKING + bench_stats_heap_setup_allocs = 0; + bench_stats_heap_setup_bytes = 0; +#endif +#ifdef WC_BENCH_STACK_TRACKING + bench_stats_stack_setup_bytes = 0; +#endif +} +#endif + +static WC_INLINE void bench_stats_prepare(void) +{ + bench_heap_checkpoint_prepare(); + bench_stack_checkpoint_prepare(); +#if defined(WC_BENCH_HEAP_TRACKING) || defined(WC_BENCH_STACK_TRACKING) + bench_stats_reset_setup_offsets(); + bench_stats_resources_prepared = 1; +#endif +} + +#if defined(WC_BENCH_HEAP_TRACKING) || defined(WC_BENCH_STACK_TRACKING) +static WC_INLINE void bench_append_memory_info(char* buffer, size_t size, + int asCsv, long heapAllocs, long heapBytes, long stackBytes) +{ + size_t len; + + if (heapAllocs < 0) + heapAllocs = 0; + if (heapBytes < 0) + heapBytes = 0; + if (stackBytes < 0) + stackBytes = 0; + + len = XSTRLEN(buffer); + if (len == 0) + return; + + if (buffer[len - 1] == '\n') { + buffer[--len] = '\0'; + } + + if (asCsv) { + if (len > 0 && buffer[len - 1] == '\n') { + buffer[--len] = '\0'; + } + if (len > 0 && buffer[len - 1] == ',') { + buffer[--len] = '\0'; + } + XSNPRINTF(buffer + len, size - len, ",%ld,%ld,%ld\n", + heapBytes, heapAllocs, stackBytes); + return; + } + else { + int first = 1; + XSNPRINTF(buffer + len, size - len, " ["); + len = XSTRLEN(buffer); + XSNPRINTF(buffer + len, size - len, + "%sheap %ld bytes (%ld allocs)", + first ? "" : ", ", heapBytes, heapAllocs); + first = 0; + len = XSTRLEN(buffer); + XSNPRINTF(buffer + len, size - len, + "%sstack %ld bytes", first ? "" : ", ", stackBytes); + len = XSTRLEN(buffer); + XSNPRINTF(buffer + len, size - len, "]"); + len = XSTRLEN(buffer); + } + + len = XSTRLEN(buffer); + if (len == 0 || buffer[len - 1] != '\n') { + if (len + 1 < size) { + buffer[len++] = '\n'; + buffer[len] = '\0'; + } + } +} +#else +static WC_INLINE void bench_append_memory_info(char* buffer, size_t size, + int asCsv, long heapAllocs, long heapBytes, long stackBytes) +{ + (void)buffer; + (void)size; + (void)asCsv; + (void)heapAllocs; + (void)heapBytes; + (void)stackBytes; +} +#endif + +#ifdef MULTI_VALUE_STATISTICS + #define STATS_CLAUSE_SEPARATOR "" + #define DECLARE_MULTI_VALUE_STATS_VARS() double max = 0, min = 0, sum = 0,\ + squareSum = 0, prev = 0, delta;\ + int runs = 0; + #define RECORD_MULTI_VALUE_STATS() if (runs == 0) {\ + delta = current_time(0) - start;\ + min = delta;\ + max = delta;\ + }\ + else {\ + delta = current_time(0) - prev;\ + }\ + if (max < delta)\ + max = delta;\ + else if (min > delta)\ + min = delta;\ + sum += delta;\ + squareSum += delta * delta;\ + runs++;\ + prev = current_time(0) + #define RESET_MULTI_VALUE_STATS_VARS() prev = 0;\ + runs = 0;\ + sum = 0;\ + squareSum = 0 +#else + #define STATS_CLAUSE_SEPARATOR "\n" + #define DECLARE_MULTI_VALUE_STATS_VARS() + #define RECORD_MULTI_VALUE_STATS() WC_DO_NOTHING + #define RESET_MULTI_VALUE_STATS_VARS() WC_DO_NOTHING +#endif + +#ifdef WOLFSSL_NO_FLOAT_FMT + #define FLT_FMT "%0ld,%09lu" + #define FLT_FMT_PREC "%0ld.%0*lu" + #define FLT_FMT_PREC2 FLT_FMT_PREC + #define FLT_FMT_ARGS(x) (long)(x), ((x) < 0) ? \ + (unsigned long)(-(((x) - (double)(long)(x)) * 1000000000.0)) : \ + (unsigned long)(((x) - (double)(long)(x)) * 1000000000.0) + static const double pow_10_array[] = { 0.0, 1.0, 10.0, 100.0, 1000.0, \ + 10000.0, 100000.0, 1000000.0, \ + 10000000.0, 100000000.0, \ + 1000000000.0 }; + #define FLT_FMT_PREC_ARGS(p, x) \ + (long)(x), \ + p, \ + (x) >= 0.0 ? \ + (unsigned long int)((((x) - (double)(long)(x)) * \ + pow_10_array[(p)+1]) + 0.5) : \ + (unsigned long int)((((-(x)) - (double)((long)-(x))) * \ + pow_10_array[(p)+1]) + 0.5) + #define FLT_FMT_PREC2_ARGS(w, p, x) FLT_FMT_PREC_ARGS(p, x) +#else + #define FLT_FMT "%f" + #define FLT_FMT_PREC "%.*f" + #define FLT_FMT_PREC2 "%*.*f" + #define FLT_FMT_ARGS(x) x + #define FLT_FMT_PREC_ARGS(p, x) p, x + #define FLT_FMT_PREC2_ARGS(w, p, x) w, p, x +#endif /* WOLFSSL_NO_FLOAT_FMT */ + +#ifdef WOLFSSL_ESPIDF + #include + + /* Benchmark uses 64 bit integer formatting support. When new nanolib is + * enabled, all if the values in report are blank. */ + #ifdef CONFIG_NEWLIB_NANO_FORMAT + #if CONFIG_NEWLIB_NANO_FORMAT == 1 + #error "Nano newlib formatting must not be enabled for benchmark" + #endif + #endif + #if ESP_IDF_VERSION_MAJOR >= 5 + #define TFMT "%lu" + #else + #define TFMT "%d" + #endif + + #ifdef configTICK_RATE_HZ + /* Define CPU clock cycles per tick of FreeRTOS clock + * CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ is typically a value like 240 + * configTICK_RATE_HZ is typically 100 or 1000. + **/ + #if defined(CONFIG_IDF_TARGET_ESP8266) + #ifndef CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP8266_DEFAULT_CPU_FREQ_MHZ + #endif + #ifndef CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ configCPU_CLOCK_HZ + #endif + #endif + #ifndef CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ + /* This section is for pre-v5 ESP-IDF */ + #if defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ) + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ + #elif defined(CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ) + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP32C2_DEFAULT_CPU_FREQ_MHZ + #elif defined(CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ) + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP32S2_DEFAULT_CPU_FREQ_MHZ + #elif defined(CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ) + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP32S3_DEFAULT_CPU_FREQ_MHZ + #elif defined(CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ) + #define CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ \ + CONFIG_ESP32H2_DEFAULT_CPU_FREQ_MHZ + #else + /* TODO unsupported */ + #endif /* older CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ */ + #endif + #define CPU_TICK_CYCLES ( \ + (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) \ + / configTICK_RATE_HZ \ + ) + #endif /* WOLFSSL_ESPIDF configTICK_RATE_HZ */ + + #if defined(CONFIG_IDF_TARGET_ESP32C2) + #include "driver/gptimer.h" + static gptimer_handle_t esp_gptimer = NULL; + static gptimer_config_t esp_timer_config = { + .clk_src = GPTIMER_CLK_SRC_DEFAULT, + .direction = GPTIMER_COUNT_UP, + .resolution_hz = CONFIG_XTAL_FREQ * 100000, + }; + #elif defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + #include + #if ESP_IDF_VERSION_MAJOR >= 5 + #include + #endif + #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG + #define RESOLUTION_SCALE 100 + /* CONFIG_XTAL_FREQ = 40, CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = 160 */ + static gptimer_handle_t esp_gptimer = NULL; + static gptimer_config_t esp_timer_config = { + .clk_src = GPTIMER_CLK_SRC_DEFAULT, + .direction = GPTIMER_COUNT_UP, + /* CONFIG_XTAL_FREQ = 40, + * CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ = 160 */ + .resolution_hz = CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * + (MILLION_VALUE / RESOLUTION_SCALE), + }; + #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */ + + #elif defined(CONFIG_IDF_TARGET_ESP32) || \ + defined(CONFIG_IDF_TARGET_ESP32S2) || \ + defined(CONFIG_IDF_TARGET_ESP32S3) + #include + #elif defined(CONFIG_IDF_TARGET_ESP8266) + /* no CPU HAL for ESP8266, we'll use RTOS tick calc estimates */ + #include + #include + #include + #include + #elif defined(CONFIG_IDF_TARGET_ESP32H2) + /* TODO add ESP32-H2 benchmark support */ + #else + /* Other platform */ + #endif + #include +#endif /* WOLFSSL_ESPIDF */ + +#if defined(HAVE_PTHREAD) || \ + (!defined(NO_CRYPT_BENCHMARK) && !defined(NO_STDIO_FILESYSTEM) && \ + !defined(NO_ERROR_STRINGS) && !defined(NO_MAIN_DRIVER) && \ + !defined(BENCH_EMBEDDED)) + #include + #if !defined(WOLFSSL_ZEPHYR) && !defined(_WIN32) + #include + #endif +#endif + +#if defined(WOLFSSL_ZEPHYR) || defined(NO_STDIO_FILESYSTEM) || !defined(XFFLUSH) + /* fflush in Zephyr doesn't work on stdout and stderr. Use + * CONFIG_LOG_MODE_IMMEDIATE compilation option instead. */ + #undef XFFLUSH + #define XFFLUSH(...) WC_DO_NOTHING +#endif + +/* only for stack size check */ +#include + +#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_NO_ASYNC_THREADING) + #define WC_ENABLE_BENCH_THREADING +#endif +/* enable tracking of stats for threaded benchmark */ +#if defined(WC_ENABLE_BENCH_THREADING) && !defined(WC_BENCH_TRACK_STATS) + #define WC_BENCH_TRACK_STATS +#endif + +#ifdef GENERATE_MACHINE_PARSEABLE_REPORT + static const char info_prefix[] = "###, "; + static const char err_prefix[] = "!!!, "; +#else + static const char info_prefix[] = ""; + static const char err_prefix[] = ""; +#endif + + +/* printf mappings */ +#ifdef FREESCALE_MQX + #include + /* see wc_port.h for fio.h and nio.h includes */ +#elif defined(FREESCALE_KSDK_1_3) + #include "fsl_debug_console.h" + #include "fsl_os_abstraction.h" + + #undef printf + #define printf PRINTF +#elif defined(WOLFSSL_DEOS) + #include + #include + #undef printf + #define printf printx +#elif defined(MICRIUM) + #if (OS_VERSION < 50000) + #include + void BSP_Ser_Printf (CPU_CHAR* format, ...); + #undef printf + #define printf BSP_Ser_Printf + #endif +#elif defined(WOLFSSL_ZEPHYR) + #include + #include + #define BENCH_EMBEDDED + #define printf printfk + static int printfk(const char *fmt, ...) + { + int ret; + char line[WC_BENCH_MAX_LINE_LEN]; + va_list ap; + + va_start(ap, fmt); + + ret = vsnprintf(line, sizeof(line), fmt, ap); + line[sizeof(line)-1] = '\0'; + printk("%s", line); + + va_end(ap); + + return ret; + } + +#elif defined(WOLFSSL_TELIT_M2MB) + #include + #include + #include + #include "m2m_log.h" /* for M2M_LOG_INFO - not standard API */ + /* remap printf */ + #undef printf + #define printf M2M_LOG_INFO + /* OS requires occasional sleep() */ + #ifndef TEST_SLEEP_MS + #define TEST_SLEEP_MS 50 + #endif + #define TEST_SLEEP() m2mb_os_taskSleep(M2MB_OS_MS2TICKS(TEST_SLEEP_MS)) + /* don't use file system for these tests, since ./certs dir isn't loaded */ + #undef NO_FILESYSTEM + #define NO_FILESYSTEM + +/* ANDROID_V454 (for android studio) displays information in a textview + * and redirects printf to the textview output instead of using + * __android_log_print() */ +#elif defined(ANDROID) && !defined(ANDROID_V454) + #ifdef XMALLOC_USER + #include /* we're using malloc / free direct here */ + #endif + #ifndef STRING_USER + #include + #endif + #include + + #define printf(...) \ + __android_log_print(ANDROID_LOG_DEBUG, "[WOLFCRYPT]", __VA_ARGS__) + #define fprintf(fp, ...) \ + __android_log_print(ANDROID_LOG_DEBUG, "[WOLFCRYPT]", __VA_ARGS__) + +#else + #if defined(XMALLOC_USER) || defined(FREESCALE_MQX) + /* MQX classic needs for EXIT_FAILURE */ + #include /* we're using malloc / free direct here */ + #endif + + #if !defined(STRING_USER) && !defined(NO_STDIO_FILESYSTEM) + #include + #include + #endif + + /* enable way for customer to override test/bench printf */ + #ifdef XPRINTF + #undef printf + #define printf XPRINTF + #elif defined(NETOS) + int dc_log_printf(char* format, ...); + #undef printf + #define printf dc_log_printf + #endif +#endif + +#ifdef HAVE_ASCON + #include +#endif + +#ifdef HAVE_FIPS + #include + + static void myFipsCb(int ok, int err, const char* hash) + { + printf("%sin my Fips callback, ok = %d, err = %d\n", + ok ? info_prefix : err_prefix, ok, err); + printf("%smessage = %s\n", ok ? info_prefix : err_prefix, + wc_GetErrorString(err)); + printf("%shash = %s\n", ok ? info_prefix : err_prefix, hash); + + if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) { + printf("%sIn core integrity hash check failure, copy above hash\n", + err_prefix); + printf("%sinto verifyCore[] in fips_test.c and rebuild\n", + err_prefix); + } + } +#endif + +#ifdef WOLFSSL_STATIC_MEMORY + static WOLFSSL_HEAP_HINT* HEAP_HINT; +#else + #define HEAP_HINT NULL +#endif /* WOLFSSL_STATIC_MEMORY */ + +#ifndef EXIT_FAILURE +#define EXIT_FAILURE 1 +#endif + +#undef LIBCALL_CHECK_RET +#if defined(NO_STDIO_FILESYSTEM) || defined(NO_ERROR_STRINGS) || \ + defined(NO_MAIN_DRIVER) || defined(BENCH_EMBEDDED) +#define LIBCALL_CHECK_RET(...) (void)(__VA_ARGS__) +#else +#define LIBCALL_CHECK_RET(...) do { \ + int _libcall_ret = (__VA_ARGS__); \ + if (_libcall_ret < 0) { \ + printf("%s%s L%d error %d for \"%s\"\n", \ + err_prefix, __FILE__, __LINE__, \ + errno, #__VA_ARGS__); \ + XFFLUSH(stdout); \ + _exit(1); \ + } \ + } while(0) +#endif + +#undef THREAD_CHECK_RET +#define THREAD_CHECK_RET(...) do { \ + int _thread_ret = (__VA_ARGS__); \ + if (_thread_ret != 0) { \ + errno = _thread_ret; \ + printf("%s%s L%d error %d for \"%s\"\n", \ + err_prefix, __FILE__, __LINE__, \ + _thread_ret, #__VA_ARGS__); \ + XFFLUSH(stdout); \ + _exit(1); \ + } \ + } while(0) + +/* optional macro to add sleep between tests */ +#ifndef TEST_SLEEP + #define TEST_SLEEP() WC_RELAX_LONG_LOOP() +#endif + +#define TEST_STRING "Everyone gets Friday off." +#define TEST_STRING_SZ 25 + + +/* Bit values for each algorithm that is able to be benchmarked. + * Common grouping of algorithms also. + * Each algorithm has a unique value for its type e.g. cipher. + */ +/* Cipher algorithms. */ +#define BENCH_AES_CBC 0x00000001 +#define BENCH_AES_GCM 0x00000002 +#define BENCH_AES_GMAC 0x00400000 +#define BENCH_AES_ECB 0x00000004 +#define BENCH_AES_XTS 0x00000008 +#define BENCH_AES_CTR 0x00000010 +#define BENCH_AES_CCM 0x00000020 +#define BENCH_CAMELLIA 0x00000100 +#define BENCH_ARC4 0x00000200 +#define BENCH_CHACHA20 0x00001000 +#define BENCH_CHACHA20_POLY1305 0x00002000 +#define BENCH_DES 0x00004000 +#define BENCH_AES_CFB 0x00010000 +#define BENCH_AES_OFB 0x00020000 +#define BENCH_AES_SIV 0x00040000 +#define BENCH_SM4_CBC 0x00080000 +#define BENCH_SM4_GCM 0x00100000 +#define BENCH_SM4_CCM 0x00200000 +#define BENCH_SM4 (BENCH_SM4_CBC | BENCH_SM4_GCM | BENCH_SM4_CCM) +/* Digest algorithms. */ +#define BENCH_MD5 0x00000001 +#define BENCH_POLY1305 0x00000002 +#define BENCH_SHA 0x00000004 +#define BENCH_SHA224 0x00000010 +#define BENCH_SHA256 0x00000020 +#define BENCH_SHA384 0x00000040 +#define BENCH_SHA512 0x00000080 +#define BENCH_SHA2 (BENCH_SHA224 | BENCH_SHA256 | \ + BENCH_SHA384 | BENCH_SHA512) +#define BENCH_SHA3_224 0x00000100 +#define BENCH_SHA3_256 0x00000200 +#define BENCH_SHA3_384 0x00000400 +#define BENCH_SHA3_512 0x00000800 +#define BENCH_SHA3 (BENCH_SHA3_224 | BENCH_SHA3_256 | \ + BENCH_SHA3_384 | BENCH_SHA3_512) +#define BENCH_SHAKE128 0x00001000 +#define BENCH_SHAKE256 0x00002000 +#define BENCH_SHAKE (BENCH_SHAKE128 | BENCH_SHAKE256) +#define BENCH_RIPEMD 0x00004000 +#define BENCH_BLAKE2B 0x00008000 +#define BENCH_BLAKE2S 0x00010000 +#define BENCH_SM3 0x00020000 +#define BENCH_ASCON_HASH256 0x00040000 +#define BENCH_ASCON_AEAD128 0x00080000 + +/* MAC algorithms. */ +#define BENCH_CMAC 0x00000001 +#define BENCH_HMAC_MD5 0x00000002 +#define BENCH_HMAC_SHA 0x00000004 +#define BENCH_HMAC_SHA224 0x00000010 +#define BENCH_HMAC_SHA256 0x00000020 +#define BENCH_HMAC_SHA384 0x00000040 +#define BENCH_HMAC_SHA512 0x00000080 +#define BENCH_HMAC (BENCH_HMAC_MD5 | BENCH_HMAC_SHA | \ + BENCH_HMAC_SHA224 | BENCH_HMAC_SHA256 | \ + BENCH_HMAC_SHA384 | BENCH_HMAC_SHA512) +#define BENCH_PBKDF2 0x00000100 +#define BENCH_SIPHASH 0x00000200 + +/* KDF algorithms */ +#define BENCH_SRTP_KDF 0x00000001 + +/* Asymmetric algorithms. */ +#define BENCH_RSA_KEYGEN 0x00000001 +#define BENCH_RSA 0x00000002 +#define BENCH_RSA_SZ 0x00000004 +#define BENCH_DH 0x00000010 +#define BENCH_ECC_MAKEKEY 0x00001000 +#define BENCH_ECC 0x00002000 +#define BENCH_ECC_ENCRYPT 0x00004000 +#define BENCH_ECC_ALL 0x00008000 +#define BENCH_CURVE25519_KEYGEN 0x00010000 +#define BENCH_CURVE25519_KA 0x00020000 +#define BENCH_ED25519_KEYGEN 0x00040000 +#define BENCH_ED25519_SIGN 0x00080000 +#define BENCH_CURVE448_KEYGEN 0x00100000 +#define BENCH_CURVE448_KA 0x00200000 +#define BENCH_ED448_KEYGEN 0x00400000 +#define BENCH_ED448_SIGN 0x00800000 +#define BENCH_ECC_P256 0x01000000 +#define BENCH_ECC_P384 0x02000000 +#define BENCH_ECC_P521 0x04000000 +#define BENCH_SM2 0x08000000 +#define BENCH_ECCSI_KEYGEN 0x00000020 +#define BENCH_ECCSI_PAIRGEN 0x00000040 +#define BENCH_ECCSI_VALIDATE 0x00000080 +#define BENCH_ECCSI 0x00000400 +#define BENCH_SAKKE_KEYGEN 0x10000000 +#define BENCH_SAKKE_RSKGEN 0x20000000 +#define BENCH_SAKKE_VALIDATE 0x40000000 +#define BENCH_SAKKE 0x80000000 + +/* Post-Quantum Asymmetric algorithms. */ +#define BENCH_KYBER512 0x00000020 +#define BENCH_KYBER768 0x00000040 +#define BENCH_KYBER1024 0x00000080 +#define BENCH_KYBER (BENCH_KYBER512 | BENCH_KYBER768 | \ + BENCH_KYBER1024) +#define BENCH_ML_KEM_512 0x00000020 +#define BENCH_ML_KEM_768 0x00000040 +#define BENCH_ML_KEM_1024 0x00000080 +#define BENCH_ML_KEM (BENCH_ML_KEM_512 | BENCH_ML_KEM_768 | \ + BENCH_ML_KEM_1024) +#define BENCH_FALCON_LEVEL1_SIGN 0x00000001 +#define BENCH_FALCON_LEVEL5_SIGN 0x00000002 +#define BENCH_DILITHIUM_LEVEL2_SIGN 0x04000000 +#define BENCH_DILITHIUM_LEVEL3_SIGN 0x08000000 +#define BENCH_DILITHIUM_LEVEL5_SIGN 0x10000000 +#define BENCH_ML_DSA_44_SIGN 0x04000000 +#define BENCH_ML_DSA_65_SIGN 0x08000000 +#define BENCH_ML_DSA_87_SIGN 0x10000000 +#define BENCH_ML_DSA_SIGN (BENCH_ML_DSA_44_SIGN | \ + BENCH_ML_DSA_65_SIGN | \ + BENCH_ML_DSA_87_SIGN) + +/* Post-Quantum Asymmetric algorithms. (Part 2) */ +#define BENCH_SPHINCS_FAST_LEVEL1_SIGN 0x00000001 +#define BENCH_SPHINCS_FAST_LEVEL3_SIGN 0x00000002 +#define BENCH_SPHINCS_FAST_LEVEL5_SIGN 0x00000004 +#define BENCH_SPHINCS_SMALL_LEVEL1_SIGN 0x00000008 +#define BENCH_SPHINCS_SMALL_LEVEL3_SIGN 0x00000010 +#define BENCH_SPHINCS_SMALL_LEVEL5_SIGN 0x00000020 + +/* Post-Quantum Stateful Hash-Based sig algorithms. */ +#define BENCH_LMS_HSS 0x00000001 +#define BENCH_XMSS_XMSSMT_SHA256 0x00000002 +#define BENCH_XMSS_XMSSMT_SHA512 0x00000004 +#define BENCH_XMSS_XMSSMT_SHAKE128 0x00000008 +#define BENCH_XMSS_XMSSMT_SHAKE256 0x00000010 +#ifndef NO_SHA256 +#define BENCH_XMSS_XMSSMT BENCH_XMSS_XMSSMT_SHA256 +#elif defined(WOLFSSL_SHA512) +#define BENCH_XMSS_XMSSMT BENCH_XMSS_XMSSMT_SHA512 +#elif defined(WOLFSSL_SHAKE128) +#define BENCH_XMSS_XMSSMT BENCH_XMSS_XMSSMT_SHAKE128 +#elif defined(WOLFSSL_SHAKE256) +#define BENCH_XMSS_XMSSMT BENCH_XMSS_XMSSMT_SHAKE256 +#else +#define BENCH_XMSS_XMSSMT 0x00000000 +#endif + +/* Other */ +#define BENCH_RNG 0x00000001 +#define BENCH_SCRYPT 0x00000002 + +#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ + (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) +/* Define AES_AUTH_ADD_SZ already here, since it's used in the + * static declaration of `bench_Usage_msg1`. */ +#if !defined(AES_AUTH_ADD_SZ) && \ + (defined(STM32_CRYPTO) || \ + defined(WOLFSSL_XILINX_CRYPT_VERSAL)) + /* For STM32 use multiple of 4 to leverage crypto hardware + * Xilinx Versal requires to use multiples of 16 bytes */ + #define AES_AUTH_ADD_SZ 16 +#endif +#ifndef AES_AUTH_ADD_SZ + #define AES_AUTH_ADD_SZ 13 +#endif +#endif + +#if (defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY)) || \ + (defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)) + #define BENCH_PQ_STATEFUL_HBS +#endif + +/* Benchmark all compiled in algorithms. + * When 1, ignore other benchmark algorithm values. + * 0, only benchmark algorithm values set. + */ +static int bench_all = 1; +/* Cipher algorithms to benchmark. */ +static word32 bench_cipher_algs = 0; +/* Digest algorithms to benchmark. */ +static word32 bench_digest_algs = 0; +/* MAC algorithms to benchmark. */ +static word32 bench_mac_algs = 0; +/* KDF algorithms to benchmark. */ +static word32 bench_kdf_algs = 0; +/* Asymmetric algorithms to benchmark. */ +static word32 bench_asym_algs = 0; +/* Post-Quantum Asymmetric algorithms to benchmark. */ +static word32 bench_pq_asym_algs = 0; +/* Post-Quantum Asymmetric algorithms to benchmark. (Part 2)*/ +static word32 bench_pq_asym_algs2 = 0; +/* Other cryptographic algorithms to benchmark. */ +static word32 bench_other_algs = 0; +/* Post-Quantum Stateful Hash-Based sig algorithms to benchmark. */ +static word32 bench_pq_hash_sig_algs = 0; + +#if !defined(WOLFSSL_BENCHMARK_ALL) && !defined(NO_MAIN_DRIVER) + +/* The mapping of command line option to bit values. */ +typedef struct bench_alg { + /* Command line option string. */ + const char* str; + /* Bit values to set. */ + word32 val; +} bench_alg; + +#ifndef MAIN_NO_ARGS +/* All recognized cipher algorithm choosing command line options. */ +static const bench_alg bench_cipher_opt[] = { + { "-cipher", 0xffffffff }, +#ifdef HAVE_AES_CBC + { "-aes-cbc", BENCH_AES_CBC }, +#endif +#ifdef HAVE_AESGCM + { "-aes-gcm", BENCH_AES_GCM }, +#endif +#ifdef HAVE_AESGCM + { "-aes-gmac", BENCH_AES_GMAC }, +#endif +#ifdef WOLFSSL_AES_DIRECT + { "-aes-ecb", BENCH_AES_ECB }, +#endif +#ifdef WOLFSSL_AES_XTS + { "-aes-xts", BENCH_AES_XTS }, +#endif +#ifdef WOLFSSL_AES_CFB + { "-aes-cfb", BENCH_AES_CFB }, +#endif +#ifdef WOLFSSL_AES_OFB + { "-aes-ofb", BENCH_AES_OFB }, +#endif +#ifdef WOLFSSL_AES_COUNTER + { "-aes-ctr", BENCH_AES_CTR }, +#endif +#ifdef HAVE_AESCCM + { "-aes-ccm", BENCH_AES_CCM }, +#endif +#ifdef WOLFSSL_AES_SIV + { "-aes-siv", BENCH_AES_SIV }, +#endif +#ifdef HAVE_CAMELLIA + { "-camellia", BENCH_CAMELLIA }, +#endif +#ifndef NO_RC4 + { "-arc4", BENCH_ARC4 }, +#endif +#ifdef HAVE_CHACHA + { "-chacha20", BENCH_CHACHA20 }, +#endif +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + { "-chacha20-poly1305", BENCH_CHACHA20_POLY1305 }, +#endif +#ifdef WOLFSSL_SM4_CBC + { "-sm4-cbc", BENCH_SM4_CBC }, +#endif +#ifdef WOLFSSL_SM4_GCM + { "-sm4-gcm", BENCH_SM4_GCM }, +#endif +#ifdef WOLFSSL_SM4_CCM + { "-sm4-ccm", BENCH_SM4_CCM }, +#endif +#ifdef WOLFSSL_SM4 + { "-sm4", BENCH_SM4 }, +#endif +#ifndef NO_DES3 + { "-des", BENCH_DES }, +#endif +#ifdef HAVE_ASCON + { "-ascon-aead", BENCH_ASCON_AEAD128 }, +#endif + { NULL, 0 } +}; + +/* All recognized digest algorithm choosing command line options. */ +static const bench_alg bench_digest_opt[] = { + { "-digest", 0xffffffff }, +#ifndef NO_MD5 + { "-md5", BENCH_MD5 }, +#endif +#ifdef HAVE_POLY1305 + { "-poly1305", BENCH_POLY1305 }, +#endif +#ifndef NO_SHA + { "-sha", BENCH_SHA }, +#endif +#if defined(WOLFSSL_SHA224) || !defined(NO_SHA256) || defined(WOLFSSL_SHA384) \ + || defined(WOLFSSL_SHA512) + { "-sha2", BENCH_SHA2 }, +#endif +#ifdef WOLFSSL_SHA224 + { "-sha224", BENCH_SHA224 }, +#endif +#ifndef NO_SHA256 + { "-sha256", BENCH_SHA256 }, +#endif +#ifdef WOLFSSL_SHA384 + { "-sha384", BENCH_SHA384 }, +#endif +#ifdef WOLFSSL_SHA512 + { "-sha512", BENCH_SHA512 }, +#endif +#ifdef WOLFSSL_SHA3 + { "-sha3", BENCH_SHA3 }, + #ifndef WOLFSSL_NOSHA3_224 + { "-sha3-224", BENCH_SHA3_224 }, + #endif + #ifndef WOLFSSL_NOSHA3_256 + { "-sha3-256", BENCH_SHA3_256 }, + #endif + #ifndef WOLFSSL_NOSHA3_384 + { "-sha3-384", BENCH_SHA3_384 }, + #endif + #ifndef WOLFSSL_NOSHA3_512 + { "-sha3-512", BENCH_SHA3_512 }, + #endif + #if defined(WOLFSSL_SHAKE128) || defined(WOLFSSL_SHAKE256) + { "-shake", BENCH_SHAKE }, + #endif + #ifdef WOLFSSL_SHAKE128 + { "-shake128", BENCH_SHAKE128 }, + #endif + #ifdef WOLFSSL_SHAKE256 + { "-shake256", BENCH_SHAKE256 }, + #endif +#endif +#ifdef WOLFSSL_SM3 + { "-sm3", BENCH_SM3 }, +#endif +#ifdef WOLFSSL_RIPEMD + { "-ripemd", BENCH_RIPEMD }, +#endif +#ifdef HAVE_BLAKE2 + { "-blake2b", BENCH_BLAKE2B }, +#endif +#ifdef HAVE_BLAKE2S + { "-blake2s", BENCH_BLAKE2S }, +#endif +#ifdef HAVE_ASCON + { "-ascon-hash", BENCH_ASCON_HASH256 }, +#endif + { NULL, 0 } +}; + +/* All recognized MAC algorithm choosing command line options. */ +static const bench_alg bench_mac_opt[] = { + { "-mac", 0xffffffff }, +#ifdef WOLFSSL_CMAC + { "-cmac", BENCH_CMAC }, +#endif +#ifndef NO_HMAC + { "-hmac", BENCH_HMAC }, + #ifndef NO_MD5 + { "-hmac-md5", BENCH_HMAC_MD5 }, + #endif + #ifndef NO_SHA + { "-hmac-sha", BENCH_HMAC_SHA }, + #endif + #ifdef WOLFSSL_SHA224 + { "-hmac-sha224", BENCH_HMAC_SHA224 }, + #endif + #ifndef NO_SHA256 + { "-hmac-sha256", BENCH_HMAC_SHA256 }, + #endif + #ifdef WOLFSSL_SHA384 + { "-hmac-sha384", BENCH_HMAC_SHA384 }, + #endif + #ifdef WOLFSSL_SHA512 + { "-hmac-sha512", BENCH_HMAC_SHA512 }, + #endif + #ifndef NO_PWDBASED + { "-pbkdf2", BENCH_PBKDF2 }, + #endif +#endif + #ifdef WOLFSSL_SIPHASH + { "-siphash", BENCH_SIPHASH }, + #endif + { NULL, 0 } +}; + +/* All recognized KDF algorithm choosing command line options. */ +static const bench_alg bench_kdf_opt[] = { + { "-kdf", 0xffffffff }, +#ifdef WC_SRTP_KDF + { "-srtp-kdf", BENCH_SRTP_KDF }, +#endif + { NULL, 0 } +}; + +/* All recognized asymmetric algorithm choosing command line options. */ +static const bench_alg bench_asym_opt[] = { + { "-asym", 0xffffffff }, +#ifndef NO_RSA + #ifdef WOLFSSL_KEY_GEN + { "-rsa-kg", BENCH_RSA_KEYGEN }, + #endif + { "-rsa", BENCH_RSA }, + #ifdef WOLFSSL_KEY_GEN + { "-rsa-sz", BENCH_RSA_SZ }, + #endif +#endif +#ifndef NO_DH + { "-dh", BENCH_DH }, +#endif +#ifdef HAVE_ECC + { "-ecc-kg", BENCH_ECC_MAKEKEY }, + { "-ecc", BENCH_ECC }, + #ifdef HAVE_ECC_ENCRYPT + { "-ecc-enc", BENCH_ECC_ENCRYPT }, + #endif + { "-ecc-all", BENCH_ECC_ALL }, +#endif +#ifdef WOLFSSL_SM2 + { "-sm2", BENCH_SM2 }, +#endif +#ifdef HAVE_CURVE25519 + { "-curve25519-kg", BENCH_CURVE25519_KEYGEN }, + #ifdef HAVE_CURVE25519_SHARED_SECRET + { "-x25519", BENCH_CURVE25519_KA }, + #endif +#endif +#ifdef HAVE_ED25519 + { "-ed25519-kg", BENCH_ED25519_KEYGEN }, + { "-ed25519", BENCH_ED25519_SIGN }, +#endif +#ifdef HAVE_CURVE448 + { "-curve448-kg", BENCH_CURVE448_KEYGEN }, + #ifdef HAVE_CURVE448_SHARED_SECRET + { "-x448", BENCH_CURVE448_KA }, + #endif +#endif +#ifdef HAVE_ED448 + { "-ed448-kg", BENCH_ED448_KEYGEN }, + { "-ed448", BENCH_ED448_SIGN }, +#endif +#ifdef WOLFCRYPT_HAVE_ECCSI + { "-eccsi-kg", BENCH_ECCSI_KEYGEN }, + { "-eccsi-pair", BENCH_ECCSI_PAIRGEN }, + { "-eccsi-val", BENCH_ECCSI_VALIDATE }, + { "-eccsi", BENCH_ECCSI }, +#endif +#ifdef WOLFCRYPT_HAVE_SAKKE + { "-sakke-kg", BENCH_SAKKE_KEYGEN }, + { "-sakke-rsk", BENCH_SAKKE_RSKGEN }, + { "-sakke-val", BENCH_SAKKE_VALIDATE }, + { "-sakke", BENCH_SAKKE }, +#endif + { NULL, 0 } +}; + +/* All recognized other cryptographic algorithm choosing command line options. + */ +static const bench_alg bench_other_opt[] = { + { "-other", 0xffffffff }, +#ifndef WC_NO_RNG + { "-rng", BENCH_RNG }, +#endif +#ifdef HAVE_SCRYPT + { "-scrypt", BENCH_SCRYPT }, +#endif + { NULL, 0} +}; +#endif /* MAIN_NO_ARGS */ + +#endif /* !WOLFSSL_BENCHMARK_ALL && !NO_MAIN_DRIVER */ + +#if defined(BENCH_PQ_STATEFUL_HBS) +typedef struct bench_pq_hash_sig_alg { + /* Command line option string. */ + const char* str; + /* Bit values to set. */ + word32 val; +} bench_pq_hash_sig_alg; + +static const bench_pq_hash_sig_alg bench_pq_hash_sig_opt[] = { + { "-pq_hash_sig", 0xffffffff}, +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) + { "-lms_hss", BENCH_LMS_HSS}, +#endif +#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) + { "-xmss_xmssmt", BENCH_XMSS_XMSSMT}, +#ifdef WC_XMSS_SHA256 + { "-xmss_xmssmt_sha256", BENCH_XMSS_XMSSMT_SHA256}, +#endif +#ifdef WC_XMSS_SHA512 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512 + { "-xmss_xmssmt_sha512", BENCH_XMSS_XMSSMT_SHA512}, +#endif +#endif +#ifdef WC_XMSS_SHAKE128 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256 + { "-xmss_xmssmt_shake128", BENCH_XMSS_XMSSMT_SHAKE128}, +#endif +#endif +#ifdef WC_XMSS_SHAKE256 + { "-xmss_xmssmt_shake256", BENCH_XMSS_XMSSMT_SHAKE256}, +#endif +#endif + { NULL, 0} +}; +#endif /* BENCH_PQ_STATEFUL_HBS */ + +#ifndef WOLFSSL_BENCHMARK_ALL +#if defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_FALCON) || \ + defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS) +/* The post-quantum-specific mapping of command line option to bit values and + * OQS name. */ +typedef struct bench_pq_alg { + /* Command line option string. */ + const char* str; + /* Bit values to set. */ + word32 val; +} bench_pq_alg; + +/* All recognized post-quantum asymmetric algorithm choosing command line + * options. */ +static const bench_pq_alg bench_pq_asym_opt[] = { + { "-pq", 0xffffffff }, +#ifdef WOLFSSL_HAVE_MLKEM + { "-kyber", BENCH_KYBER }, + { "-kyber512", BENCH_KYBER512 }, + { "-kyber768", BENCH_KYBER768 }, + { "-kyber1024", BENCH_KYBER1024 }, + { "-ml-kem", BENCH_ML_KEM }, + { "-ml-kem-512", BENCH_ML_KEM_512 }, + { "-ml-kem-768", BENCH_ML_KEM_768 }, + { "-ml-kem-1024", BENCH_ML_KEM_1024 }, +#endif +#if defined(HAVE_FALCON) + { "-falcon_level1", BENCH_FALCON_LEVEL1_SIGN }, + { "-falcon_level5", BENCH_FALCON_LEVEL5_SIGN }, +#endif +#if defined(HAVE_DILITHIUM) + { "-dilithium_level2", BENCH_DILITHIUM_LEVEL2_SIGN }, + { "-dilithium_level3", BENCH_DILITHIUM_LEVEL3_SIGN }, + { "-dilithium_level5", BENCH_DILITHIUM_LEVEL5_SIGN }, + { "-ml-dsa", BENCH_ML_DSA_SIGN }, + { "-ml-dsa-44", BENCH_ML_DSA_44_SIGN }, + { "-ml-dsa-65", BENCH_ML_DSA_65_SIGN }, + { "-ml-dsa-87", BENCH_ML_DSA_87_SIGN }, +#endif + { NULL, 0 } +}; + +#if defined(HAVE_SPHINCS) +/* All recognized post-quantum asymmetric algorithm choosing command line + * options. (Part 2) */ +static const bench_pq_alg bench_pq_asym_opt2[] = { + { "-pq", 0xffffffff }, + { "-sphincs_fast_level1", BENCH_SPHINCS_FAST_LEVEL1_SIGN }, + { "-sphincs_fast_level3", BENCH_SPHINCS_FAST_LEVEL3_SIGN }, + { "-sphincs_fast_level5", BENCH_SPHINCS_FAST_LEVEL5_SIGN }, + { "-sphincs_small_level1", BENCH_SPHINCS_SMALL_LEVEL1_SIGN }, + { "-sphincs_small_level3", BENCH_SPHINCS_SMALL_LEVEL3_SIGN }, + { "-sphincs_small_level5", BENCH_SPHINCS_SMALL_LEVEL5_SIGN }, + { NULL, 0, } +}; +#endif /* HAVE_SPHINCS */ +#endif + +#endif + +#ifdef HAVE_WNR + const char* wnrConfigFile = "wnr-example.conf"; +#endif + +#if defined(WOLFSSL_MDK_ARM) + extern XFILE wolfSSL_fopen(const char *fname, const char *mode); + #define fopen wolfSSL_fopen +#endif + +static int lng_index = 0; + +#ifndef NO_MAIN_DRIVER +#ifndef MAIN_NO_ARGS +static const char* bench_Usage_msg1[][29] = { + /* 0 English */ + { "-? Help, print this usage\n", + " 0: English, 1: Japanese\n", + "-csv Print terminal output in csv format\n", + "-base10 Display bytes as power of 10 (eg 1 kB = 1000 Bytes)\n", + "-same_buf Use same buffer for out as in (AES-CBC/AES-CTR)\n", + "-no_aad No additional authentication data passed.\n", + "-aad_size With bytes of AAD.\n", + ("-all_aad With AAD length of 0, " + WC_STRINGIFY(AES_AUTH_ADD_SZ) + " and\n" + " (if set via -aad_size) bytes.\n" + ), + "-dgst_full Full digest operation performed.\n", + "-mac_final MAC update and final operation timed.\n", + "-aead_set_key Set the key as part of the timing of AEAD ciphers.\n", + "-rsa_sign Measure RSA sign/verify instead of encrypt/decrypt.\n", + " -rsa-sz\n Measure RSA performance.\n", + "-ffhdhe2048 Measure DH using FFDHE 2048-bit parameters.\n", + "-ffhdhe3072 Measure DH using FFDHE 3072-bit parameters.\n", + "-p256 Measure ECC using P-256 curve.\n", + "-p384 Measure ECC using P-384 curve.\n", + "-p521 Measure ECC using P-521 curve.\n", + "-ecc-all Bench all enabled ECC curves.\n", + "- Algorithm to benchmark. Available algorithms include:\n", + ("-lng Display benchmark result by specified language.\n" + " 0: English, 1: Japanese\n" + ), + " Size of block in bytes\n", + ("-blocks Number of blocks. Can be used together with the " + "'Size of block'\n" + " option, but must be used after that one.\n" + ), + "-threads Number of threads to run\n", + "-print Show benchmark stats summary\n", + "-hash_input Input data to use for hash benchmarking\n", + "-cipher_input Input data to use for cipher benchmarking\n", + "-min_runs Specify minimum number of operation runs\n", + "-freq Actual clock frequency\n" + }, +#ifndef NO_MULTIBYTE_PRINT + /* 1 Japanese */ + { "-? ヘルプ, 使い方を表示します。\n", + " 0: 英語、 1: 日本語\n", + "-csv csv 形式で端末に出力します。\n", + "-base10 バイトを10のべき乗で表示します。(例 1 kB = 1000 Bytes)\n", + "-same_buf Use the same buffer for in and out in AES-CBC\n", + "-no_aad 追加の認証データを使用しません.\n", + "-aad_size TBD.\n", + "-all_aad TBD.\n", + "-dgst_full フルの digest 暗号操作を実施します。\n", + "-mac_final MAC update and final operation timed.\n", + "-aead_set_key Set the key as part of the timing of AEAD ciphers.\n", + "-rsa_sign 暗号/復号化の代わりに RSA の署名/検証を測定します。\n", + " -rsa-sz\n RSA の性能を測定します。\n", + "-ffhdhe2048 Measure DH using FFDHE 2048-bit parameters.\n", + "-ffhdhe3072 Measure DH using FFDHE 3072-bit parameters.\n", + "-p256 Measure ECC using P-256 curve.\n", + "-p384 Measure ECC using P-384 curve.\n", + "-p521 Measure ECC using P-521 curve.\n", + "-ecc-all Bench all enabled ECC curves.\n", + ("- アルゴリズムのベンチマークを実施します。\n" + " 利用可能なアルゴリズムは下記を含みます:\n" + ), + ("-lng 指定された言語でベンチマーク結果を表示します。\n" + " 0: 英語、 1: 日本語\n" + ), + " ブロックサイズをバイト単位で指定します。\n", + "-blocks TBD.\n", + "-threads 実行するスレッド数\n", + "-print ベンチマーク統計の要約を表示する\n", + /* TODO: translate below */ + "-hash_input Input data to use for hash benchmarking\n", + "-cipher_input Input data to use for cipher benchmarking\n", + "-min_runs Specify minimum number of operation runs\n", + "-freq Actual clock frequency\n" + }, +#endif +}; +#endif /* MAIN_NO_ARGS */ +#endif + +static const char* bench_result_words1[][5] = { + { "took", +#ifdef BENCH_MICROSECOND + "microseconds" +#else + "seconds" +#endif + , "Cycles per byte", "Cycles/op", + NULL }, /* 0 English */ +#ifndef NO_MULTIBYTE_PRINT + { "を" , "秒で処理", "1バイトあたりのサイクル数", "Cycles/op", + NULL }, /* 1 Japanese */ +#endif +}; + +#if !defined(NO_RSA) || \ + defined(HAVE_ECC) || !defined(NO_DH) || defined(HAVE_ECC_ENCRYPT) || \ + defined(HAVE_CURVE25519) || defined(HAVE_CURVE25519_SHARED_SECRET) || \ + defined(HAVE_ED25519) || defined(HAVE_CURVE448) || \ + defined(HAVE_CURVE448_SHARED_SECRET) || defined(HAVE_ED448) || \ + defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) + +static const char* bench_desc_words[][15] = { + /* 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 */ + {"public", "private", "key gen", "agree" , "sign", "verify", "encrypt", "decrypt", "rsk gen", "encap", "derive", "valid", "pair gen", "decap", NULL}, /* 0 English */ +#ifndef NO_MULTIBYTE_PRINT + {"公開鍵", "秘密鍵" ,"鍵生成" , "鍵共有" , "署名", "検証" , "暗号化" , "復号化" , "rsk gen", "encap", "derive", "valid", "pair gen", "decap", NULL}, /* 1 Japanese */ +#endif +}; + +#endif + +#ifdef MULTI_VALUE_STATISTICS +static const char* bench_result_words3[][5] = { + /* 0 English */ + { "max duration", "min duration" , "mean duration", "sd", NULL }, + /* TODO: Add japenese version */ + { "max duration", "min duration" , "mean duration", "sd", NULL } +}; +#endif + +#if defined(__GNUC__) && defined(__x86_64__) && !defined(NO_ASM) && \ + !defined(WOLFSSL_SGX) + #define HAVE_GET_CYCLES + static WC_INLINE word64 get_intel_cycles(void); + static THREAD_LS_T word64 total_cycles; + #define INIT_CYCLE_COUNTER + #define BEGIN_CYCLES total_cycles = get_intel_cycles(); + #define END_CYCLES total_cycles = get_intel_cycles() - total_cycles; + /* s == size in bytes that 1 count represents, normally BENCH_SIZE */ + #define SHOW_CYCLES(b, n, s) \ + (void)XSNPRINTF((b) + XSTRLEN(b), (n) - XSTRLEN(b), \ + " %s = " FLT_FMT_PREC2 STATS_CLAUSE_SEPARATOR, \ + bench_result_words1[lng_index][2], \ + FLT_FMT_PREC2_ARGS(6, 2, count == 0 ? 0 : \ + (double)total_cycles / ((word64)count*(s)))) + #define SHOW_CYCLES_OPS(b, n) \ + (void)XSNPRINTF((b) + XSTRLEN(b), (n) - XSTRLEN(b), \ + " " FLT_FMT_PREC2 " %s" STATS_CLAUSE_SEPARATOR, \ + FLT_FMT_PREC2_ARGS(10, 1, count == 0 ? 0 : \ + (double)total_cycles / (word64)count), \ + bench_result_words1[lng_index][3]) + #define SHOW_CYCLES_CSV(b, n, s) \ + (void)XSNPRINTF((b) + XSTRLEN(b), (n) - XSTRLEN(b), FLT_FMT_PREC "," \ + STATS_CLAUSE_SEPARATOR, FLT_FMT_PREC_ARGS(6, count == 0 ? 0 : \ + (double)total_cycles / ((word64)count*(s)))) +#elif defined(LINUX_CYCLE_COUNT) + #include + #include + #include + + static THREAD_LS_T word64 begin_cycles; + static THREAD_LS_T word64 total_cycles; + static THREAD_LS_T int cycles = -1; + static THREAD_LS_T struct perf_event_attr atr; + + #define INIT_CYCLE_COUNTER do { \ + atr.type = PERF_TYPE_HARDWARE; \ + atr.config = PERF_COUNT_HW_CPU_CYCLES; \ + cycles = (int)syscall(__NR_perf_event_open, &atr, 0, -1, -1, 0); \ + } while (0); + + #define BEGIN_CYCLES read(cycles, &begin_cycles, sizeof(begin_cycles)); + #define END_CYCLES do { \ + read(cycles, &total_cycles, sizeof(total_cycles)); \ + total_cycles = total_cycles - begin_cycles; \ + } while (0); + + /* s == size in bytes that 1 count represents, normally BENCH_SIZE */ + #define SHOW_CYCLES(b, n, s) \ + (void)XSNPRINTF(b + XSTRLEN(b), n - XSTRLEN(b), \ + " %s = " FLT_FMT_PREC2 STATS_CLAUSE_SEPARATOR, \ + bench_result_words1[lng_index][2], \ + FLT_FMT_PREC2_ARGS(6, 2, (double)total_cycles / \ + (count*s))) + #define SHOW_CYCLES_OPS(b, n) \ + (void)XSNPRINTF(b + XSTRLEN(b), n - XSTRLEN(b), \ + " " FLT_FMT_PREC2 " %s" STATS_CLAUSE_SEPARATOR, \ + FLT_FMT_PREC2_ARGS(10, 1, (double)total_cycles / (count)), \ + bench_result_words1[lng_index][3]); + #define SHOW_CYCLES_CSV(b, n, s) \ + (void)XSNPRINTF(b + XSTRLEN(b), n - XSTRLEN(b), FLT_FMT_PREC "," \ + STATS_CLAUSE_SEPARATOR, FLT_FMT_PREC_ARGS(6, (double)total_cycles \ + / (count*s))) + +#elif defined(SYNERGY_CYCLE_COUNT) + #include "hal_data.h" + static THREAD_LS_T word64 begin_cycles; + static THREAD_LS_T word64 total_cycles; + + #define INIT_CYCLE_COUNTER + #define BEGIN_CYCLES begin_cycles = DWT->CYCCNT = 0; + #define END_CYCLES total_cycles = DWT->CYCCNT - begin_cycles; + + /* s == size in bytes that 1 count represents, normally BENCH_SIZE */ + #define SHOW_CYCLES(b, n, s) \ + (void)XSNPRINTF(b + XSTRLEN(b), n - XSTRLEN(b), \ + " %s = " FLT_FMT_PREC2 STATS_CLAUSE_SEPARATOR, \ + bench_result_words1[lng_index][2], \ + FLT_FMT_PREC2_ARGS(6, 2, (double)total_cycles / (count*s))) + #define SHOW_CYCLES_OPS(b, n) \ + (void)XSNPRINTF(b + XSTRLEN(b), n - XSTRLEN(b), \ + " " FLT_FMT_PREC2 " %s" STATS_CLAUSE_SEPARATOR, \ + FLT_FMT_PREC2_ARGS(10, 1, (double)total_cycles / (count)), \ + bench_result_words1[lng_index][3]) + #define SHOW_CYCLES_CSV(b, n, s) \ + (void)XSNPRINTF(b + XSTRLEN(b), n - XSTRLEN(b), FLT_FMT_PREC ",\n", \ + FLT_FMT_PREC_ARGS(6, (double)total_cycles / (count*s))) +#elif defined(WOLFSSL_ESPIDF) + /* TAG for ESP_LOGx() */ + static const char* TAG = "wolfssl_benchmark"; + + static THREAD_LS_T word64 begin_cycles = 0; + static THREAD_LS_T word64 begin_cycles_ticks = 0; + static THREAD_LS_T word64 end_cycles = 0; + static THREAD_LS_T word64 total_cycles = 0; + + /* the return value, as a global var */ + static THREAD_LS_T word64 _esp_get_cycle_count_ex = 0; + + /* the last value seen, adjusted for an overflow, as a global var */ + static THREAD_LS_T word64 _esp_cpu_count_last = 0; + + static THREAD_LS_T TickType_t last_tickCount = 0; /* last FreeRTOS value */ + + /* esp_get_cpu_benchmark_cycles(void): + * + * Architecture-independant CPU clock counter. + * WARNING: the hal UINT xthal_get_ccount() quietly rolls over. */ + static WC_INLINE word64 esp_get_cpu_benchmark_cycles(void); + + /* Some vars for debugging, compare ticks to cycles */ + #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG + static THREAD_LS_T word64 _esp_cpu_timer_last = 0; + static THREAD_LS_T word64 _esp_cpu_timer_diff = 0; + static THREAD_LS_T word64 _xthal_get_ccount_exAlt = 0; + static THREAD_LS_T word64 _xthal_get_ccount_exDiff = 0; + #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */ + + /* The ESP32 (both Xtensa and RISC-V have raw CPU counters). */ + #if ESP_IDF_VERSION_MAJOR >= 5 + /* esp_cpu_set_cycle_count() introduced in ESP-IDF v5 */ + #define HAVE_GET_CYCLES + #define INIT_CYCLE_COUNTER do { \ + ESP_LOGV(TAG, "INIT_CYCLE_COUNTER"); \ + esp_cpu_set_cycle_count(0); \ + } while (0); + #else + #define HAVE_GET_CYCLES + #define INIT_CYCLE_COUNTER do { \ + ESP_LOGV(TAG, "INIT_CYCLE_COUNTER"); \ + } while (0); + #endif + + #define BEGIN_ESP_CYCLES do { \ + ESP_LOGV(TAG, "BEGIN_ESP_CYCLES"); \ + begin_cycles = esp_get_cpu_benchmark_cycles(); \ + begin_cycles_ticks = xTaskGetTickCount(); \ + } while (0); + + /* since it rolls over, we have something that will tolerate one */ + #define END_ESP_CYCLES \ + end_cycles = esp_get_cpu_benchmark_cycles(); \ + ESP_LOGV(TAG,"END_ESP_CYCLES %llu - %llu", \ + end_cycles, \ + begin_cycles \ + ); \ + total_cycles = (end_cycles - begin_cycles); + + #define SHOW_ESP_CYCLES(b, n, s) \ + (void)XSNPRINTF(b + XSTRLEN(b), n - XSTRLEN(b), \ + " %s = " FLT_FMT_PREC2 "\n", \ + bench_result_words1[lng_index][2], \ + FLT_FMT_PREC2_ARGS(6, 2, (double)total_cycles / (count*s)) \ + ) + #define SHOW_ESP_CYCLES_OPS(b, n) \ + (void)XSNPRINTF(b + XSTRLEN(b), n - XSTRLEN(b), \ + " " FLT_FMT_PREC2 " %s\n", \ + FLT_FMT_PREC2_ARGS(6, 2, (double)total_cycles / (count)), \ + bench_result_words1[lng_index][3] \ + ) + + #define SHOW_ESP_CYCLES_CSV(b, n, s) \ + (void)XSNPRINTF(b + XSTRLEN(b), n - XSTRLEN(b), FLT_FMT_PREC ",\n", \ + FLT_FMT_PREC_ARGS(6, (double)total_cycles / (count*s))) + + #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG + /* 64 bit, unisgned, absolute difference + * used in CPU cycle counter debug calcs. */ + static uint64_t esp_cycle_abs_diff(uint64_t x, uint64_t y) + { + uint64_t ret; + ret = (x > y) ? (x - y) : (y - x); + return ret; + } + #endif + + /* esp_get_cycle_count_ex() is a single-overflow-tolerant extension to + ** the Espressif `unsigned xthal_get_ccount()` (Xtensa) or + ** `esp_cpu_get_cycle_count` (RISC-V) which are known to overflow + ** at least once during full benchmark tests. + ** + ** To test timing overflow, add a delay longer than max cycles: + ** vTaskDelay( (const TickType_t)(configTICK_RATE_HZ * 17 * 5) ); + */ + uint64_t esp_get_cycle_count_ex() + { + /* reminder: unsigned long long max = 18,446,744,073,709,551,615 */ + /* unsigned int max = 4,294,967,295 */ + uint64_t thisVal = 0; /* CPU counter, "this current value" as read. */ + uint64_t thisIncrement = 0; /* The adjusted increment amount. */ + uint64_t expected_diff = 0; /* FreeRTOS estimated expected CPU diff.*/ + #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING + uint64_t tickCount = 0; /* Current rtos tick counter. */ + uint64_t tickDiff = 0; /* Tick difference from last check. */ + uint64_t tickBeginDiff = 0; /* Tick difference from beginning. */ + #endif + #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG + uint64_t thisTimerVal = 0; /* Timer Value as alternate to compare */ + uint64_t diffDiff = 0; /* Difference between CPU & Timer differences: + * (current - last) */ + #endif + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + + #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG + ESP_ERROR_CHECK(gptimer_get_raw_count(esp_gptimer, &thisTimerVal)); + thisTimerVal = thisTimerVal * RESOLUTION_SCALE; + #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */ + + #if ESP_IDF_VERSION_MAJOR >= 5 + thisVal = esp_cpu_get_cycle_count(); + #else + thisVal = cpu_hal_get_cycle_count(); + #endif + + #elif defined(CONFIG_IDF_TARGET_ESP32H2) + thisVal = esp_cpu_get_cycle_count(); + #elif defined(CONFIG_IDF_TARGET_ESP8266) + thisVal = esp_timer_get_time(); + #else + /* TODO: Why doesn't esp_cpu_get_cycle_count work for Xtensa? + * Calling current_time(1) to reset time causes thisVal overflow, + * on Xtensa, but not on RISC-V architecture. See also, below */ + #if defined(CONFIG_IDF_TARGET_ESP8266) || (ESP_IDF_VERSION_MAJOR < 5) + #ifndef configCPU_CLOCK_HZ + /* esp_cpu_get_cycle_count not available in ESP-IDF v4 */ + #define configCPU_CLOCK_HZ \ + (CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) + #endif + /* There's no CPU counter on the ESP8266 (Tensilica). Using RTOS */ + thisVal = (uint64_t)xTaskGetTickCount() * + (uint64_t)(configCPU_CLOCK_HZ / CONFIG_FREERTOS_HZ); + #elif defined(__XTENSA__) + thisVal = esp_cpu_get_cycle_count(); + #else + /* Not Tensilica(ESP8266), not Xtensa(ESP32/-S2/-S3, then RISC-V */ + thisVal = xthal_get_ccount(); /* or esp_cpu_get_cycle_count(); */ + #endif + #endif + + #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING + { + tickCount = xTaskGetTickCount(); /* Our local FreeRTOS tick count */ + tickDiff = tickCount - last_tickCount; /* ticks since bench start */ + expected_diff = CPU_TICK_CYCLES * tickDiff; /* CPU expected count */ + ESP_LOGV(TAG, "CPU_TICK_CYCLES = %d", (int)CPU_TICK_CYCLES); + ESP_LOGV(TAG, "tickCount = %llu", tickCount); + ESP_LOGV(TAG, "last_tickCount = " TFMT, last_tickCount); + ESP_LOGV(TAG, "tickDiff = %llu", tickDiff); + ESP_LOGV(TAG, "expected_diff1 = %llu", expected_diff); + } + #endif + + /* If either thisVal is smaller than last (overflow), and/or the + * expected value calculated from FreeRTOS tick difference that would + * have never fit into an unsigned 32 bit integer anyhow... then we + * need to adjust thisVal to save. */ + if ( (thisVal < _esp_cpu_count_last) || (expected_diff > UINT_MAX) ) + { + /* Warning: we assume the return type of esp_cpu_get_cycle_count() + ** will always be unsigned int (or uint32_t) to add UINT_MAX. + ** + ** NOTE for long duration between calls with multiple overflows: + ** + ** WILL NOT BE DETECTED - the return value will be INCORRECT. + ** + ** At this time no single test overflows. This is currently only a + ** concern for cumulative counts over multiple tests. As long + ** as well call xthal_get_ccount_ex() with no more than one + ** overflow CPU tick count, all will be well. + */ + #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING + ESP_LOGW(TAG, "Alert: Detected xthal_get_ccount overflow at " + "(%llu < %llu) adding UINT_MAX = %llu.", + thisVal, _esp_cpu_count_last, (uint64_t) UINT_MAX); + #endif + #if !defined(CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ) && \ + !defined(CONFIG_ESP32_DEFAULT_CPU_FREQ_MHZ) + #error "CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ not found" + #endif + + /* double check expected diff calc */ + #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING + #if defined(CONFIG_IDF_TARGET_ESP8266) + expected_diff = (CONFIG_ESP8266_DEFAULT_CPU_FREQ_MHZ + * MILLION_VALUE) + * tickDiff / configTICK_RATE_HZ; + #else + expected_diff = (CONFIG_ESP_DEFAULT_CPU_FREQ_MHZ * MILLION_VALUE) + * tickDiff / configTICK_RATE_HZ; + + #endif + ESP_LOGI(TAG, "expected_diff2 = %llu", expected_diff); + #endif + if (expected_diff > UINT_MAX) { + /* The number of cycles expected from FreeRTOS ticks is + * greater than the maximum size of an unsigned 32-bit + * integer, meaning multiple overflows occurred. */ + #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING + ESP_LOGW(TAG, "expected_diff > UINT_MAX (%u)", UINT_MAX); + #endif + thisVal += expected_diff; /* FreeRTOS calc to our 64 bit val */ + } + else { + thisVal += (word64)UINT_MAX; /* add 32 bit max to our 64 bit */ + } + + #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING + { + tickBeginDiff = tickCount - begin_cycles_ticks; + + ESP_LOGI(TAG, "begin_cycles_ticks = %llu", begin_cycles_ticks); + ESP_LOGI(TAG, "tickDiff = %llu", tickDiff); + ESP_LOGI(TAG, "expected_diff = %llu", expected_diff); + ESP_LOGI(TAG, "tickBeginDiff = %llu", tickBeginDiff); + + ESP_LOGW(TAG, WOLFSSL_ESPIDF_BLANKLINE_MESSAGE); + } + #endif + } + else { + #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING + ESP_LOGI(TAG, "thisVal, read CPU = %llu", thisVal); + #endif + } /* if thisVal adjustment check */ + + #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG + if (thisTimerVal < _esp_cpu_timer_last) + { + ESP_LOGW(TAG, "Alert: Detected xthal_get_ccountAlt overflow, " + "adding %ull", UINT_MAX); + thisTimerVal += (word64)UINT_MAX; + } + /* Check an alternate counter using a timer */ + + _esp_cpu_timer_diff = esp_cycle_abs_diff(_esp_cpu_count_last, _esp_cpu_timer_last); + #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */ + + /* Adjust our actual returned value that takes into account overflow, + * increment 64 bit extended total by this 32 bit differential: */ + thisIncrement = (thisVal - _esp_cpu_count_last); + + #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING + ESP_LOGI(TAG, "thisIncrement = %llu", thisIncrement); + #endif + + /* Add our adjustment, taking into account overflows (see above) */ + _esp_get_cycle_count_ex += thisIncrement; + + #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG + _xthal_get_ccount_exDiff = esp_cycle_abs_diff(_esp_get_cycle_count_ex, _xthal_get_ccount_exAlt); + _xthal_get_ccount_exAlt += (thisTimerVal - _esp_cpu_timer_last); + diffDiff = esp_cycle_abs_diff(_xthal_get_ccount_exDiff, _esp_cpu_timer_diff); + #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */ + + /* all of this took some time, so reset the "last seen" value + * for the next measurement. */ + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + { + #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG + ESP_ERROR_CHECK(gptimer_get_raw_count(esp_gptimer, + &_esp_cpu_timer_last)); + ESP_LOGI(TAG, "thisVal = %llu", thisVal); + ESP_LOGI(TAG, "thisTimerVal = %llu", thisTimerVal); + ESP_LOGI(TAG, "diffDiff = %llu", diffDiff); + ESP_LOGI(TAG, "_xthal_get_ccount_exDiff = %llu", _xthal_get_ccount_exDiff); + #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */ + + #if ESP_IDF_VERSION_MAJOR >= 5 + _esp_cpu_count_last = esp_cpu_get_cycle_count(); + #else + _esp_cpu_count_last = cpu_hal_get_cycle_count(); + #endif + + ESP_LOGV(TAG, "_xthal_get_ccount_last = %llu", _esp_cpu_count_last); + } + #elif defined(CONFIG_IDF_TARGET_ESP32H2) + _esp_cpu_count_last = esp_cpu_get_cycle_count(); + #else + /* TODO: Why doesn't esp_cpu_get_cycle_count work for Xtensa + * when resetting CPU cycle counter? FreeRTOS tick collision? + * thisVal = esp_cpu_get_cycle_count(); See also, above + * or thisVal = xthal_get_ccount(); */ + #if defined(CONFIG_IDF_TARGET_ESP8266) + /* There's no CPU counter on the ESP8266, so we'll estimate + * cycles based on defined CPU frequency from sdkconfig and + * the RTOS tick frequency */ + _esp_cpu_count_last = (uint64_t)xTaskGetTickCount() * + (uint64_t)(configCPU_CLOCK_HZ / CONFIG_FREERTOS_HZ); + #elif ESP_IDF_VERSION_MAJOR < 5 + _esp_cpu_count_last = xthal_get_ccount(); + #else + _esp_cpu_count_last = esp_cpu_get_cycle_count(); + #endif + #endif + + #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING + ESP_LOGI(TAG, "_esp_cpu_count_last = %llu", _esp_cpu_count_last); + #endif + + /* Return the 64 bit extended total from 32 bit counter. */ + return _esp_get_cycle_count_ex; + } /* esp_get_cycle_count_ex for esp_get_cpu_benchmark_cycles() */ + +#elif defined(__aarch64__) + #define HAVE_GET_CYCLES + static WC_INLINE word64 get_aarch64_cycles(void); + static THREAD_LS_T word64 total_cycles; + #define INIT_CYCLE_COUNTER + #define BEGIN_CYCLES \ + total_cycles = get_aarch64_cycles(); + #define END_CYCLES \ + total_cycles = get_aarch64_cycles() - total_cycles; + /* s == size in bytes that 1 count represents, normally BENCH_SIZE */ + #define SHOW_CYCLES(b, n, s) \ + (void)XSNPRINTF((b) + XSTRLEN(b), (n) - XSTRLEN(b), \ + " %s = " FLT_FMT_PREC2 STATS_CLAUSE_SEPARATOR, \ + bench_result_words1[lng_index][2], \ + FLT_FMT_PREC2_ARGS(6, 2, count == 0 ? 0 : \ + (double)total_cycles / ((word64)count*(s)))) + #define SHOW_CYCLES_OPS(b, n) \ + (void)XSNPRINTF((b) + XSTRLEN(b), (n) - XSTRLEN(b), \ + " " FLT_FMT_PREC2 " %s" STATS_CLAUSE_SEPARATOR, \ + FLT_FMT_PREC2_ARGS(10, 1, count == 0 ? 0 : \ + (double)total_cycles / (word64)count), \ + bench_result_words1[lng_index][3]) + #define SHOW_CYCLES_CSV(b, n, s) \ + (void)XSNPRINTF((b) + XSTRLEN(b), (n) - XSTRLEN(b), FLT_FMT_PREC "," \ + STATS_CLAUSE_SEPARATOR, FLT_FMT_PREC_ARGS(6, count == 0 ? 0 : \ + (double)total_cycles / ((word64)count*(s)))) + word64 tick_freq = 0; + word64 actual_freq = 0; + +/* implement other architecture cycle counters here */ + +#else + /* if we don't know the platform, it is unlikely we can count CPU cycles */ + #undef HAVE_GET_CYCLES + + #define INIT_CYCLE_COUNTER + #define BEGIN_CYCLES + #define END_CYCLES + #ifdef MULTI_VALUE_STATISTICS + #define SHOW_CYCLES(b, n, s) WC_DO_NOTHING + #define SHOW_CYCLES_OPS(b, n) WC_DO_NOTHING + #define SHOW_CYCLES_CSV(b, n, s) WC_DO_NOTHING + #else + #define SHOW_CYCLES(b, n, s) b[XSTRLEN(b)] = '\n' + #define SHOW_CYCLES_OPS(b, n) b[XSTRLEN(b)] = '\n' + #define SHOW_CYCLES_CSV(b, n, s) b[XSTRLEN(b)] = '\n' + #endif +#endif + +/* determine benchmark buffer to use (if NO_FILESYSTEM) */ +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) + #define USE_CERT_BUFFERS_2048 /* default to 2048 */ +#endif + +#if defined(USE_CERT_BUFFERS_1024) || defined(USE_CERT_BUFFERS_2048) || \ + defined(USE_CERT_BUFFERS_3072) || defined(USE_CERT_BUFFERS_4096) || \ + !defined(NO_DH) + /* include test cert and key buffers for use with NO_FILESYSTEM */ + #include +#endif + +#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) + #include +#endif + +#ifdef _MSC_VER + /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ + #pragma warning(disable: 4996) +#endif + +#ifdef WOLFSSL_CURRTIME_REMAP + #define current_time WOLFSSL_CURRTIME_REMAP +#else + double current_time(int reset); +#endif + +#ifdef LINUX_RUSAGE_UTIME + static void check_for_excessive_stime(const char *algo, + int strength, + const char *desc, + const char *desc_extra); +#endif + +#if !defined(WC_NO_RNG) && \ + ((!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) \ + || !defined(NO_DH) || defined(WOLFSSL_KEY_GEN) || defined(HAVE_ECC) \ + || defined(HAVE_CURVE25519) || defined(HAVE_ED25519) \ + || defined(HAVE_CURVE448) || defined(HAVE_ED448) \ + || defined(WOLFSSL_HAVE_MLKEM)) + #define HAVE_LOCAL_RNG + static THREAD_LS_T WC_RNG gRng; + #define GLOBAL_RNG &gRng +#else + #define GLOBAL_RNG NULL +#endif + +#if defined(HAVE_ED25519) || defined(HAVE_CURVE25519) || \ + defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ + defined(HAVE_ECC) || !defined(NO_DH) || \ + !defined(NO_RSA) || defined(HAVE_SCRYPT) || \ + defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) || \ + defined(WOLFSSL_HAVE_LMS) + #define BENCH_ASYM +#endif + +#if defined(BENCH_ASYM) +#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ + defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ + defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ + defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) || \ + defined(WOLFSSL_HAVE_LMS) +static const char* bench_result_words2[][6] = { +#ifdef BENCH_MICROSECOND + { "ops took", "μsec" , "avg" , "ops/μsec", "cycles/op", + NULL }, /* 0 English for μsec */ +#else + { "ops took", "sec" , "avg" , "ops/sec", "cycles/op", + NULL }, /* 0 English */ +#endif +#ifndef NO_MULTIBYTE_PRINT + { "回処理を", "秒で実施", "平均", "処理/秒", "cycles/op", + NULL }, /* 1 Japanese */ +#endif +}; +#endif +#endif + +#ifdef WOLFSSL_CAAM + #include + #ifdef WOLFSSL_SECO_CAAM + #define SECO_MAX_UPDATES 10000 + #define SECO_BENCHMARK_NONCE 0x7777 + #define SECO_KEY_STORE_ID 1 + #endif + + static THREAD_LS_T int devId = WOLFSSL_CAAM_DEVID; +#else + #ifdef WC_USE_DEVID + static THREAD_LS_T int devId = WC_USE_DEVID; + #else + static THREAD_LS_T int devId = INVALID_DEVID; + #endif +#endif + +/* Asynchronous helper macros */ +#ifdef WC_ENABLE_BENCH_THREADING + typedef struct ThreadData { + pthread_t thread_id; + } ThreadData; + static ThreadData* g_threadData; + static volatile int g_threadCount; +#endif + +#if defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLFSSL_CAAM) || defined(WC_USE_DEVID) + #ifndef NO_HW_BENCH + #define BENCH_DEVID + #endif + #if !defined(BENCH_DEVID_GET_NAME) + #ifndef HAVE_RENESAS_SYNC + #define BENCH_DEVID_GET_NAME(useDeviceID) (useDeviceID) ? "HW" : "SW" + #else + #define BENCH_DEVID_GET_NAME(useDeviceID) "" + #endif + #endif +#else + #define BENCH_DEVID_GET_NAME(useDeviceID) "" +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + static WOLF_EVENT_QUEUE eventQueue; + + #define BENCH_ASYNC_GET_DEV(obj) (&(obj)->asyncDev) + #define BENCH_MAX_PENDING (WOLF_ASYNC_MAX_PENDING) + + + static int bench_async_check(int* ret, WC_ASYNC_DEV* asyncDev, + int callAgain, int* times, int limit, int* pending) + { + int allowNext = 0; + + /* this state can be set from a different thread */ + WOLF_EVENT_STATE state = asyncDev->event.state; + + /* if algo doesn't require calling again then use this flow */ + if (state == WOLF_EVENT_STATE_DONE) { + if (callAgain) { + /* needs called again, so allow it and handle completion in + * bench_async_handle */ + allowNext = 1; + } + else { + *ret = asyncDev->event.ret; + asyncDev->event.state = WOLF_EVENT_STATE_READY; + (*times)++; + if (*pending > 0) /* to support case where async blocks */ + (*pending)--; + + if ((*times + *pending) < limit) + allowNext = 1; + } + } + + /* if slot is available and we haven't reached limit, start another */ + else if (state == WOLF_EVENT_STATE_READY && (*times + *pending) < limit) { + allowNext = 1; + } + + return allowNext; + } + + static int bench_async_handle(int* ret, WC_ASYNC_DEV* asyncDev, + int callAgain, int* times, int* pending) + { + WOLF_EVENT_STATE state = asyncDev->event.state; + + if (*ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + if (state == WOLF_EVENT_STATE_DONE) { + *ret = asyncDev->event.ret; + asyncDev->event.state = WOLF_EVENT_STATE_READY; + (*times)++; + (*pending)--; + } + else { + (*pending)++; + *ret = wc_AsyncHandle(asyncDev, &eventQueue, + callAgain ? WC_ASYNC_FLAG_CALL_AGAIN : WC_ASYNC_FLAG_NONE); + } + } + else if (*ret >= 0) { + *ret = asyncDev->event.ret; + asyncDev->event.state = WOLF_EVENT_STATE_READY; + (*times)++; + if (*pending > 0) /* to support case where async blocks */ + (*pending)--; + } + + return (*ret >= 0) ? 1 : 0; + } + + static WC_INLINE int bench_async_poll(int* pending) + { + int ret, asyncDone = 0; + + ret = wolfAsync_EventQueuePoll(&eventQueue, NULL, NULL, 0, + WOLF_POLL_FLAG_CHECK_HW, &asyncDone); + if (ret != 0) { + printf("%sAsync poll failed %d\n", err_prefix, ret); + return ret; + } + + if (asyncDone == 0) { + #ifndef WC_NO_ASYNC_THREADING + /* give time to other threads */ + wc_AsyncThreadYield(); + #endif + } + + (void)pending; + + return asyncDone; + } + +#else + #define BENCH_MAX_PENDING 1 + #define BENCH_ASYNC_GET_DEV(obj) NULL + + static WC_INLINE int bench_async_check(int* ret, void* asyncDev, + int callAgain, int* times, int limit, int* pending) + { + (void)ret; + (void)asyncDev; + (void)callAgain; + (void)times; + (void)limit; + (void)pending; + + return 1; + } + + static WC_INLINE int bench_async_handle(int* ret, void* asyncDev, + int callAgain, int* times, int* pending) + { + (void)asyncDev; + (void)callAgain; + (void)pending; + + if (*ret >= 0) { + /* operation completed */ + (*times)++; + return 1; + } + return 0; + } + #define bench_async_poll(p) WC_DO_NOTHING +#endif /* WOLFSSL_ASYNC_CRYPT */ + + + +/* maximum runtime for each benchmark */ +#ifndef BENCH_MIN_RUNTIME_SEC + #define BENCH_MIN_RUNTIME_SEC 1.0F +#endif + +#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) || \ + (defined(HAVE_CHACHA) && defined(HAVE_POLY1305)) + static word32 aesAuthAddSz = AES_AUTH_ADD_SZ; +#endif +#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + #define AES_AUTH_TAG_SZ 16 + #define BENCH_CIPHER_ADD AES_AUTH_TAG_SZ + #if !defined(AES_AAD_OPTIONS_DEFAULT) + #if !defined(NO_MAIN_DRIVER) + #define AES_AAD_OPTIONS_DEFAULT 0x1U + #else + #define AES_AAD_OPTIONS_DEFAULT 0x3U + #endif + #endif + #define AES_AAD_STRING(s) \ + (aesAuthAddSz == 0 ? (s "-no_AAD") : \ + (aesAuthAddSz == AES_AUTH_ADD_SZ ? (s) : (s "-custom"))) + enum en_aad_options { + AAD_SIZE_DEFAULT = 0x1U, + AAD_SIZE_ZERO = 0x2U, + AAD_SIZE_CUSTOM = 0x4U, + }; + static word32 aes_aad_options = AES_AAD_OPTIONS_DEFAULT; + static word32 aes_aad_size = 0; + static void bench_aes_aad_options_wrap(void (*fn)(int), int i) + { + word32 aesAuthAddSz_orig = aesAuthAddSz; + word32 options = aes_aad_options; + while(options) { + if (options & AAD_SIZE_DEFAULT) { + aesAuthAddSz = AES_AUTH_ADD_SZ; + options &= ~(word32)AAD_SIZE_DEFAULT; + } + else if (options & AAD_SIZE_ZERO) { + aesAuthAddSz = 0; + options &= ~(word32)AAD_SIZE_ZERO; + } + else if (options & AAD_SIZE_CUSTOM) { + aesAuthAddSz = aes_aad_size; + options &= ~(word32)AAD_SIZE_CUSTOM; + } + fn(i); + aesAuthAddSz = aesAuthAddSz_orig; + } + } +#endif + +#ifndef BENCH_CIPHER_ADD + #define BENCH_CIPHER_ADD 0 +#endif + + + +#if defined(WOLFSSL_DEVCRYPTO) && defined(WOLFSSL_AUTHSZ_BENCH) + #warning Large/Unalligned AuthSz could result in errors with /dev/crypto +#endif + +/* use kB instead of mB for embedded benchmarking */ +#ifdef BENCH_EMBEDDED + #ifndef BENCH_NTIMES + #define BENCH_NTIMES 2 + #endif + #ifndef BENCH_AGREETIMES + #define BENCH_AGREETIMES 2 + #endif + enum BenchmarkBounds { + scryptCnt = 1, + ntimes = BENCH_NTIMES, + genTimes = BENCH_MAX_PENDING, + agreeTimes = BENCH_AGREETIMES + }; + /* how many kB to test (en/de)cryption */ + #define NUM_BLOCKS 25 + #define BENCH_SIZE (1024uL) +#else + #ifndef BENCH_NTIMES + #define BENCH_NTIMES 100 + #endif + #ifndef BENCH_AGREETIMES + #define BENCH_AGREETIMES 100 + #endif + enum BenchmarkBounds { + scryptCnt = 10, + ntimes = BENCH_NTIMES, + genTimes = BENCH_MAX_PENDING, /* must be at least BENCH_MAX_PENDING */ + agreeTimes = BENCH_AGREETIMES + }; + /* how many megs to test (en/de)cryption */ + #define NUM_BLOCKS 5 + #define BENCH_SIZE (1024*1024uL) +#endif + +static int numBlocks = NUM_BLOCKS; +static word32 bench_size = BENCH_SIZE; +static int base2 = 1; +static int digest_stream = 1; +static int mac_stream = 1; + +/* LIBBITCOIN: added condition to fix unused variable warning. */ +#if defined(HAVE_AESGCM) +static int aead_set_key = 0; +#endif + +#ifdef HAVE_CHACHA +static int encrypt_only = 0; +#endif +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AESGCM) +static int cipher_same_buffer = 0; +#endif + +#ifdef MULTI_VALUE_STATISTICS +static int minimum_runs = 0; +#endif + +#ifndef NO_RSA + /* Don't measure RSA sign/verify by default */ + static int rsa_sign_verify = 0; +#endif + +#ifndef NO_DH + /* Use the FFDHE parameters */ + static int use_ffdhe = 0; +#endif + +/* Don't print out in CSV format by default */ +static int csv_format = 0; + +#ifdef WOLFSSL_XILINX_CRYPT_VERSAL + /* Versal PLM maybe prints an error message to the same console. + * In order to not mix those outputs up, sleep a little while + * before erroring out. + */ + #define SLEEP_ON_ERROR(ret) do{ if (ret != 0) { sleep(1); } }while(0) +#else + #define SLEEP_ON_ERROR(ret) do{ /* noop */ }while(0) +#endif + +/* globals for cipher tests */ +static THREAD_LS_T byte* bench_plain = NULL; +static THREAD_LS_T byte* bench_cipher = NULL; +#ifndef NO_FILESYSTEM +static THREAD_LS_T char* hash_input = NULL; +static THREAD_LS_T char* cipher_input = NULL; +#endif + +static const XGEN_ALIGN byte bench_key_buf[] = +{ + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67, + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff, + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f, +}; + +static const XGEN_ALIGN byte bench_iv_buf[] = +{ + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 +}; +static THREAD_LS_T byte* bench_key = NULL; +static THREAD_LS_T byte* bench_iv = NULL; +#ifdef HAVE_RENESAS_SYNC +static THREAD_LS_T byte* bench_key1 = NULL; +static THREAD_LS_T byte* bench_key2 = NULL; +#endif +#ifdef WOLFSSL_STATIC_MEMORY + #ifdef WOLFSSL_STATIC_MEMORY_TEST_SZ + static byte gBenchMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ]; + #elif defined(BENCH_EMBEDDED) + static byte gBenchMemory[50000]; + #else + static byte gBenchMemory[400000]; + #endif +#endif + + +/* This code handles cases with systems where static (non cost) ram variables + aren't properly initialized with data */ +static void benchmark_static_init(int force) +{ + static int gBenchStaticInit = 0; + if (gBenchStaticInit == 0 || force) { + gBenchStaticInit = 1; + + /* Init static variables */ + numBlocks = NUM_BLOCKS; + bench_size = BENCH_SIZE; + #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + aesAuthAddSz = AES_AUTH_ADD_SZ; + aes_aad_options = AES_AAD_OPTIONS_DEFAULT; + aes_aad_size = 0; + #endif + base2 = 1; + digest_stream = 1; + #ifdef MULTI_VALUE_STATISTICS + minimum_runs = 0; + #endif + + bench_all = 1; + bench_cipher_algs = 0; + bench_digest_algs = 0; + bench_mac_algs = 0; + bench_kdf_algs = 0; + bench_asym_algs = 0; + bench_pq_asym_algs = 0; + bench_other_algs = 0; + bench_pq_hash_sig_algs = 0; + csv_format = 0; + } +} + + + +/*****************************************************************************/ +/* Begin Stats Functions */ +/*****************************************************************************/ +typedef enum bench_stat_type { + BENCH_STAT_ASYM, + BENCH_STAT_SYM, + BENCH_STAT_IGNORE, +} bench_stat_type_t; + +#ifdef WC_BENCH_TRACK_STATS + static int gPrintStats = 0; + #ifdef WC_ENABLE_BENCH_THREADING + static pthread_mutex_t bench_lock = PTHREAD_MUTEX_INITIALIZER; + #endif + #ifndef BENCH_MAX_NAME_SZ + #define BENCH_MAX_NAME_SZ 24 + #endif + typedef struct bench_stats { + struct bench_stats* next; + struct bench_stats* prev; + char algo[BENCH_MAX_NAME_SZ+1]; /* may not be static, so make copy */ + const char* desc; + double perfsec; + int strength; + int useDeviceID; + int finishCount; + bench_stat_type_t type; + int lastRet; + const char* perftype; +#ifdef WC_BENCH_HEAP_TRACKING + long heapPeakBytes; + long heapPeakAllocs; +#endif +#ifdef WC_BENCH_STACK_TRACKING + long stackPeakBytes; +#endif + } bench_stats_t; + static bench_stats_t* bench_stats_head; + static bench_stats_t* bench_stats_tail; + + static bench_stats_t* bench_stats_add(bench_stat_type_t type, + const char* algo, int strength, const char* desc, int useDeviceID, + double perfsec, const char* perftype, int ret, + long heapAllocs, long heapBytes, long stackBytes) + { + bench_stats_t* bstat = NULL; + +#ifndef WC_BENCH_HEAP_TRACKING + (void)heapAllocs; + (void)heapBytes; +#endif +#ifndef WC_BENCH_STACK_TRACKING + (void)stackBytes; +#endif + + #ifdef WC_ENABLE_BENCH_THREADING + /* protect bench_stats_head and bench_stats_tail access */ + THREAD_CHECK_RET(pthread_mutex_lock(&bench_lock)); + #endif + + if (algo != NULL) { + /* locate existing in list */ + for (bstat = bench_stats_head; bstat != NULL; bstat = bstat->next) { + /* match based on algo, strength and desc */ + if (XSTRNCMP(bstat->algo, algo, BENCH_MAX_NAME_SZ) == 0 && + bstat->strength == strength && + bstat->desc == desc && + bstat->useDeviceID == useDeviceID) { + break; + } + } + } + + if (bstat == NULL) { + /* allocate new and put on list */ + bstat = (bench_stats_t*)XMALLOC(sizeof(bench_stats_t), NULL, + DYNAMIC_TYPE_INFO); + if (bstat) { + XMEMSET(bstat, 0, sizeof(bench_stats_t)); + + /* add to list */ + bstat->next = NULL; + if (bench_stats_tail == NULL) { + bench_stats_head = bstat; + } + else { + bench_stats_tail->next = bstat; + bstat->prev = bench_stats_tail; + } + bench_stats_tail = bstat; /* add to the end either way */ + } + } + if (bstat) { + bstat->type = type; + if (algo != NULL) + XSTRNCPY(bstat->algo, algo, BENCH_MAX_NAME_SZ); + bstat->strength = strength; + bstat->desc = desc; + bstat->useDeviceID = useDeviceID; + bstat->perfsec += perfsec; + bstat->finishCount++; + bstat->perftype = perftype; + if (bstat->lastRet > ret) + bstat->lastRet = ret; /* track last error */ +#ifdef WC_BENCH_HEAP_TRACKING + if (heapBytes > bstat->heapPeakBytes) + bstat->heapPeakBytes = heapBytes; + if (heapAllocs > bstat->heapPeakAllocs) + bstat->heapPeakAllocs = heapAllocs; +#endif +#ifdef WC_BENCH_STACK_TRACKING + if (stackBytes > bstat->stackPeakBytes) + bstat->stackPeakBytes = stackBytes; +#endif + } + #ifdef WC_ENABLE_BENCH_THREADING + THREAD_CHECK_RET(pthread_mutex_unlock(&bench_lock)); + #endif + return bstat; + } + + void bench_stats_print(void) + { + bench_stats_t* bstat; + int digits; + + #ifdef WC_ENABLE_BENCH_THREADING + /* protect bench_stats_head and bench_stats_tail access */ + THREAD_CHECK_RET(pthread_mutex_lock(&bench_lock)); + #endif + + #ifdef BENCH_MICROSECOND + digits = 5; + #else + digits = 3; + #endif + + for (bstat = bench_stats_head; bstat != NULL; ) { + char line[WC_BENCH_MAX_LINE_LEN]; + + line[0] = '\0'; + if (bstat->type == BENCH_STAT_SYM) { + (void)XSNPRINTF(line, sizeof(line), + "%-16s%s " FLT_FMT_PREC2 " %s/" + WOLFSSL_FIXED_TIME_UNIT "\n", + bstat->desc, + BENCH_DEVID_GET_NAME(bstat->useDeviceID), + FLT_FMT_PREC2_ARGS(8, digits, bstat->perfsec), + base2 ? "MB" : "mB"); + } + else { + (void)XSNPRINTF(line, sizeof(line), + "%-5s %4d %-9s %s " FLT_FMT_PREC " ops/" + WOLFSSL_FIXED_TIME_UNIT "ec\n", + bstat->algo, bstat->strength, bstat->desc, + BENCH_DEVID_GET_NAME(bstat->useDeviceID), + FLT_FMT_PREC_ARGS(digits, bstat->perfsec)); + } + + bench_append_memory_info(line, sizeof(line), 0, +#ifdef WC_BENCH_HEAP_TRACKING + bstat->heapPeakAllocs, bstat->heapPeakBytes, +#else + 0, 0, +#endif +#ifdef WC_BENCH_STACK_TRACKING + bstat->stackPeakBytes +#else + 0 +#endif + ); + + printf("%s", line); + bstat = bstat->next; + } + + #ifdef WC_ENABLE_BENCH_THREADING + THREAD_CHECK_RET(pthread_mutex_unlock(&bench_lock)); + #endif + } +#endif /* WC_BENCH_TRACK_STATS */ + +static WC_INLINE void bench_stats_init(void) +{ +#ifdef WC_BENCH_TRACK_STATS + bench_stats_head = NULL; + bench_stats_tail = NULL; +#endif +#if defined(WC_BENCH_HEAP_TRACKING) || defined(WC_BENCH_STACK_TRACKING) + bench_stats_reset_setup_offsets(); + bench_stats_resources_prepared = 0; +#endif + INIT_CYCLE_COUNTER +} + +static WC_INLINE void bench_stats_start(int* count, double* start) +{ + *count = 0; + *start = current_time(1); + +#if defined(WC_BENCH_HEAP_TRACKING) || defined(WC_BENCH_STACK_TRACKING) + if (bench_stats_resources_prepared) { +#ifdef WC_BENCH_HEAP_TRACKING + long prepAllocs = 0; + long prepBytes = 0; + bench_heap_checkpoint_measure(&prepAllocs, &prepBytes); + bench_stats_heap_setup_allocs += prepAllocs; + bench_stats_heap_setup_bytes += prepBytes; +#else + (void)bench_heap_checkpoint_measure(NULL, NULL); +#endif +#ifdef WC_BENCH_STACK_TRACKING + bench_stats_stack_setup_bytes += bench_stack_checkpoint_measure(); +#else + (void)bench_stack_checkpoint_measure(); +#endif + bench_heap_checkpoint_prepare(); + bench_stack_checkpoint_prepare(); + } + else { + bench_heap_checkpoint_prepare(); + bench_stack_checkpoint_prepare(); + bench_stats_reset_setup_offsets(); + } + bench_stats_resources_prepared = 0; +#else + bench_heap_checkpoint_prepare(); + bench_stack_checkpoint_prepare(); +#endif + +#ifdef WOLFSSL_ESPIDF + #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING + ESP_LOGI(TAG, "bench_stats_start total_cycles = %llu" + ", start=" FLT_FMT, + total_cycles, FLT_FMT_ARGS(*start) ); + #endif + BEGIN_ESP_CYCLES +#else + BEGIN_CYCLES +#endif +} + +#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS + #define bench_stats_start(count, start) do { \ + SAVE_VECTOR_REGISTERS(pr_err( \ + "ERROR: SAVE_VECTOR_REGISTERS failed for benchmark run."); \ + return; ); \ + bench_stats_start(count, start); \ + } while (0) +#elif defined(WOLFSSL_LINUXKM) + /* we're using floating point to figure the statistics, so we need to + * FPU save+lock even without SIMD. + */ + #define bench_stats_start(count, start) do { \ + kernel_fpu_begin(); \ + bench_stats_start(count, start); \ + } while (0) +#endif + +static WC_INLINE int bench_stats_check(double start) +{ + int ret = 0; + double this_current_time = 0.0; + this_current_time = current_time(0); /* get the timestamp, no reset */ + +#if defined(DEBUG_WOLFSSL_BENCHMARK_TIMING) && defined(WOLFSSL_ESPIDF) + #if defined(WOLFSSL_ESPIDF) + ESP_LOGI(TAG, "bench_stats_check Current time = %f, start = %f", + this_current_time, start ); + #endif +#endif + + ret = ((this_current_time - start) < BENCH_MIN_RUNTIME_SEC +#ifdef BENCH_MICROSECOND + * 1000000 +#endif + ); + + return ret; +} + +/* return text for units and scale the value of blocks as needed */ +static const char* get_blocktype(double* blocks) +{ + const char* rt; + +#if ( defined(WOLFSSL_BENCHMARK_FIXED_UNITS_G) || \ + defined(WOLFSSL_BENCHMARK_FIXED_UNITS_GB)) + #undef WOLFSSL_FIXED_UNIT + #define WOLFSSL_FIXED_UNIT "GB" + *blocks /= (1024UL * 1024UL * 1024UL); + rt = "GiB"; +#elif (defined(WOLFSSL_BENCHMARK_FIXED_UNITS_M) || \ + defined(WOLFSSL_BENCHMARK_FIXED_UNITS_MB)) + #undef WOLFSSL_FIXED_UNIT + #define WOLFSSL_FIXED_UNIT "MB" + *blocks /= (1024UL * 1024UL); + rt = "MiB"; +#elif (defined(WOLFSSL_BENCHMARK_FIXED_UNITS_K) || \ + defined(WOLFSSL_BENCHMARK_FIXED_UNITS_KB)) + #undef WOLFSSL_FIXED_UNIT + #define WOLFSSL_FIXED_UNIT "KB" + *blocks /= 1024; + rt = "KiB"; +#elif defined (WOLFSSL_BENCHMARK_FIXED_UNITS_B) + #undef WOLFSSL_FIXED_UNIT + #define WOLFSSL_FIXED_UNIT "bytes" + (void)(*blocks); /* no adjustment, just appease compiler for not used */ + rt = "bytes"; +#else + /* If no user-specified, auto-scale each metric (results vary). + * Determine if we should show as KB or MB or bytes. No GiB here. */ + if (*blocks > (1024UL * 1024UL)) { + *blocks /= (1024UL * 1024UL); + rt = "MiB"; + } + else if (*blocks > 1024) { + *blocks /= 1024; + rt = "KiB"; + } + else { + rt = "bytes"; + } +#endif + + return rt; +} + +/* return text for units and scale the value of blocks as needed for base2 */ +static const char* get_blocktype_base10(double* blocks) +{ + const char* rt; + +#if ( defined(WOLFSSL_BENCHMARK_FIXED_UNITS_G) || \ + defined(WOLFSSL_BENCHMARK_FIXED_UNITS_GB)) + *blocks /= (1000UL * 1000UL * 1000UL); + rt = "GB"; +#elif (defined(WOLFSSL_BENCHMARK_FIXED_UNITS_M) || \ + defined(WOLFSSL_BENCHMARK_FIXED_UNITS_MB)) + *blocks /= (1000UL * 1000UL); + rt = "MB"; +#elif (defined(WOLFSSL_BENCHMARK_FIXED_UNITS_K) || \ + defined(WOLFSSL_BENCHMARK_FIXED_UNITS_KB)) + *blocks /= (1000UL); + rt = "KB"; +#elif defined (WOLFSSL_BENCHMARK_FIXED_UNITS_B) + (void)(*blocks); /* no adjustment, just appease compiler */ + rt = "bytes"; +#else + /* If not user-specified, auto-scale each metric (results vary). + * Determine if we should show as KB or MB or bytes */ + if (*blocks > (1000UL * 1000UL)) { + *blocks /= (1000UL * 1000UL); + rt = "MB"; + } + else if (*blocks > 1000) { + *blocks /= 1000; /* make KB */ + rt = "KB"; + } + else { + rt = "bytes"; + } +#endif + + return rt; +} + +#ifdef MULTI_VALUE_STATISTICS +static double wc_sqroot(double in) +{ + /* do 32 iterations for the sqroot */ + int iter = 32; + double root = in/3.0; + + if (in < 0.0) + return -1; + + for (int i=0; i < iter; i++) + root = (root + in / root) / 2.0; + + return root; +} + +static void bench_multi_value_stats(double max, double min, double sum, + double squareSum, int runs) +{ + double mean = 0; + double sd = 0; + char msg[WC_BENCH_MAX_LINE_LEN]; + const char** word = bench_result_words3[lng_index]; + + XMEMSET(msg, 0, sizeof(msg)); + + mean = sum / runs; + + /* Calculating standard deviation */ + sd = (squareSum / runs) - (mean * mean); + sd = wc_sqroot(sd); + + if (csv_format == 1) { + (void)XSNPRINTF(msg, sizeof(msg), FLT_FMT_PREC2 "," + FLT_FMT_PREC2 "," FLT_FMT_PREC2 "," FLT_FMT_PREC2 ",\n", + FLT_FMT_PREC2_ARGS(3, 3, max), + FLT_FMT_PREC2_ARGS(3, 3, min), + FLT_FMT_PREC2_ARGS(3, 3, mean), + FLT_FMT_PREC2_ARGS(3, 3, sd)); + } + else{ + (void)XSNPRINTF(msg, sizeof(msg), ", %s " FLT_FMT_PREC2 " " + WOLFSSL_FIXED_TIME_UNIT ", %s " FLT_FMT_PREC2 " " + WOLFSSL_FIXED_TIME_UNIT ", %s " FLT_FMT_PREC2 " " + WOLFSSL_FIXED_TIME_UNIT ", %s " FLT_FMT_PREC2 " " + WOLFSSL_FIXED_TIME_UNIT "\n", + word[0], FLT_FMT_PREC2_ARGS(3, 3, max), + word[1], FLT_FMT_PREC2_ARGS(3, 3, min), + word[2], FLT_FMT_PREC2_ARGS(3, 3, mean), + word[3], FLT_FMT_PREC2_ARGS(3, 3, sd)); + } + printf("%s", msg); + +#ifndef WOLFSSL_SGX + XFFLUSH(stdout); +#endif + +} +#endif + +/* countSz is number of bytes that 1 count represents. Normally bench_size, + * except for AES direct that operates on WC_AES_BLOCK_SIZE blocks */ +static void bench_stats_sym_finish(const char* desc, int useDeviceID, + int count, word32 countSz, + double start, int ret) +{ + double total, persec = 0, blocks = (double)count; + const char* blockType; +#ifdef WC_BENCH_HEAP_TRACKING + long heapAllocs = 0; + long heapBytes = 0; +#endif + char msg[WC_BENCH_MAX_LINE_LEN]; + const char** word = bench_result_words1[lng_index]; + static int sym_header_printed = 0; + + XMEMSET(msg, 0, sizeof(msg)); + +#ifdef WOLFSSL_ESPIDF + END_ESP_CYCLES +#else + END_CYCLES +#endif + + total = current_time(0) - start; + +#if defined(WOLFSSL_ESPIDF) && defined(DEBUG_WOLFSSL_BENCHMARK_TIMING) + ESP_LOGI(TAG, "%s total_cycles = %llu", desc, total_cycles); +#endif + +#ifdef LINUX_RUSAGE_UTIME + check_for_excessive_stime(desc, 0, "", ""); +#endif + + /* calculate actual bytes */ + blocks *= countSz; + if (csv_format == 1) { + /* only print out header once */ + if (sym_header_printed == 0) { + +#ifdef GENERATE_MACHINE_PARSEABLE_REPORT + /* machine parseable CSV */ + #ifdef HAVE_GET_CYCLES + printf("%s", "\"sym\",Algorithm,HW/SW,bytes_total," + WOLFSSL_FIXED_TIME_UNIT "econds_total," + WOLFSSL_FIXED_UNIT "/" WOLFSSL_FIXED_TIME_UNIT + ",cycles_total,Cycles per byte," +#ifdef WC_BENCH_HEAP_TRACKING + "heap_bytes,heap_allocs," +#endif +#ifdef WC_BENCH_STACK_TRACKING + "stack_bytes," +#endif + ); + #else + printf("%s", "\"sym\",Algorithm,HW/SW,bytes_total," + WOLFSSL_FIXED_TIME_UNIT "econds_total," + WOLFSSL_FIXED_UNIT "/" WOLFSSL_FIXED_TIME_UNIT + ",cycles_total," +#ifdef WC_BENCH_HEAP_TRACKING + "heap_bytes,heap_allocs," +#endif +#ifdef WC_BENCH_STACK_TRACKING + "stack_bytes," +#endif + ); + #endif +#else + /* normal CSV */ + #ifdef BENCH_DEVID + #define BENCH_DEVID_COLUMN_HEADER "HW/SW," + #else + #define BENCH_DEVID_COLUMN_HEADER + #endif + #ifdef HAVE_GET_CYCLES + printf("\n\nSymmetric Ciphers:\n\n"); + printf("Algorithm," + BENCH_DEVID_COLUMN_HEADER + WOLFSSL_FIXED_UNIT "/" WOLFSSL_FIXED_TIME_UNIT + ",Cycles per byte" +#ifdef WC_BENCH_HEAP_TRACKING + ",heap_bytes,heap_allocs" +#endif +#ifdef WC_BENCH_STACK_TRACKING + ",stack_bytes" +#endif + ","); + #else + printf("\n\nSymmetric Ciphers:\n\n"); + printf("Algorithm," + BENCH_DEVID_COLUMN_HEADER + WOLFSSL_FIXED_UNIT "/" WOLFSSL_FIXED_TIME_UNIT +#ifdef WC_BENCH_HEAP_TRACKING + ",heap_bytes,heap_allocs" +#endif +#ifdef WC_BENCH_STACK_TRACKING + ",stack_bytes" +#endif + ","); + #endif +#endif + #ifdef MULTI_VALUE_STATISTICS + printf("max duration,min duration,mean duration,sd,\n"); + #else + printf("\n"); + #endif + sym_header_printed = 1; + } + } + + /* determine if we have fixed units, or auto-scale bits or bytes for units. + * note that the blockType text is assigned AND the blocks param is scaled. + */ + if (base2) { + blockType = get_blocktype(&blocks); + } + else { + blockType = get_blocktype_base10(&blocks); + } + + /* calculate blocks per second */ + if (total > 0) { + persec = (1 / total) * blocks; + } + + bench_heap_checkpoint_measure( +#ifdef WC_BENCH_HEAP_TRACKING + &heapAllocs, + &heapBytes +#else + NULL, + NULL +#endif + ); +#ifdef WC_BENCH_HEAP_TRACKING + heapAllocs += bench_stats_heap_setup_allocs; + heapBytes += bench_stats_heap_setup_bytes; + bench_stats_heap_setup_allocs = 0; + bench_stats_heap_setup_bytes = 0; +#endif +#ifdef WC_BENCH_STACK_TRACKING + { + long stackUsed = bench_stack_checkpoint_measure(); + stackUsed += bench_stats_stack_setup_bytes; + bench_last_stack_bytes = stackUsed; + } + bench_stats_stack_setup_bytes = 0; +#else + (void)bench_stack_checkpoint_measure(); +#endif + + SLEEP_ON_ERROR(ret); + /* format and print to terminal */ + if (csv_format == 1) { + +#ifdef GENERATE_MACHINE_PARSEABLE_REPORT + #ifdef WOLFSSL_ESPIDF + unsigned long bytes_processed = + (unsigned long)count * (unsigned long)countSz; + #else + word64 bytes_processed = (word64)count * (word64)countSz; + #endif + + /* note this codepath brings in all the fields from the non-CSV case. */ + #ifdef WOLFSSL_ESPIDF + #ifdef HAVE_GET_CYCLES + (void)XSNPRINTF(msg, sizeof(msg), + "sym,%s,%s,%lu," FLT_FMT "," FLT_FMT ",%lu,", desc, + BENCH_DEVID_GET_NAME(useDeviceID), + bytes_processed, FLT_FMT_ARGS(total), + FLT_FMT_ARGS(persec), + (long unsigned int) total_cycles); + #else + #warning "HAVE_GET_CYCLES should be defined for WOLFSSL_ESPIDF" + #endif + + /* implement other architectures here */ + + #else + #ifdef HAVE_GET_CYCLES + (void)XSNPRINTF(msg, sizeof(msg), + "sym,%s,%s,%lu," FLT_FMT "," FLT_FMT ",%lu,", desc, + BENCH_DEVID_GET_NAME(useDeviceID), + bytes_processed, FLT_FMT_ARGS(total), + FLT_FMT_ARGS(persec), total_cycles); + #else + (void)XSNPRINTF(msg, sizeof(msg), + "sym,%s,%s,%lu," FLT_FMT "," FLT_FMT ",", desc, + BENCH_DEVID_GET_NAME(useDeviceID), + bytes_processed, FLT_FMT_ARGS(total), + FLT_FMT_ARGS(persec)); + #endif + #endif +#elif defined(BENCH_DEVID) + (void)XSNPRINTF(msg, sizeof(msg), "%s,%s," FLT_FMT ",", desc, + BENCH_DEVID_GET_NAME(useDeviceID), FLT_FMT_ARGS(persec)); +#else + (void)XSNPRINTF(msg, sizeof(msg), "%s," FLT_FMT ",", desc, + FLT_FMT_ARGS(persec)); +#endif + + #ifdef WOLFSSL_ESPIDF + SHOW_ESP_CYCLES_CSV(msg, sizeof(msg), countSz); + #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING + ESP_LOGI(TAG, "bench_stats_sym_finish total_cycles = %llu", + total_cycles); + #endif + + /* implement other cycle counters here */ + + #else + /* the default cycle counter is Intel */ + SHOW_CYCLES_CSV(msg, sizeof(msg), (unsigned)countSz); + #endif + } /* if (csv_format == 1) */ + + else { +#ifdef GENERATE_MACHINE_PARSEABLE_REPORT + #ifdef HAVE_GET_CYCLES + (void)XSNPRINTF(msg, sizeof(msg), + "%-24s%s " FLT_FMT_PREC2 " %s %s " FLT_FMT_PREC2 " %s, " + FLT_FMT_PREC2 " %s/" WOLFSSL_FIXED_TIME_UNIT ", %lu cycles,", + desc, BENCH_DEVID_GET_NAME(useDeviceID), + FLT_FMT_PREC2_ARGS(5, 0, blocks), blockType, + word[0], FLT_FMT_PREC2_ARGS(5, 3, total), word[1], + FLT_FMT_PREC2_ARGS(8, 3, persec), blockType, + (unsigned long) total_cycles); + #else + (void)XSNPRINTF(msg, sizeof(msg), + "%-24s%s " FLT_FMT_PREC2 " %s %s " FLT_FMT_PREC2 " %s, " + FLT_FMT_PREC2 " %s/" WOLFSSL_FIXED_TIME_UNIT ",", + desc, BENCH_DEVID_GET_NAME(useDeviceID), + FLT_FMT_PREC2_ARGS(5, 0, blocks), blockType, + word[0], FLT_FMT_PREC2_ARGS(5, 3, total), word[1], + FLT_FMT_PREC2_ARGS(8, 3, persec), blockType); + #endif /* HAVE_GET_CYCLES */ +#else + (void)XSNPRINTF(msg, sizeof(msg), + "%-24s%s " FLT_FMT_PREC2 " %s %s " FLT_FMT_PREC2 " %s, " + FLT_FMT_PREC2 " %s/" WOLFSSL_FIXED_TIME_UNIT, + desc, BENCH_DEVID_GET_NAME(useDeviceID), + FLT_FMT_PREC2_ARGS(5, 0, blocks), blockType, + word[0], FLT_FMT_PREC2_ARGS(5, 3, total), word[1], + FLT_FMT_PREC2_ARGS(8, 3, persec), blockType); +#endif + +#ifdef WOLFSSL_ESPIDF + SHOW_ESP_CYCLES(msg, sizeof(msg), countSz); + +/* implement other architecture cycle counters here */ + +#else + SHOW_CYCLES(msg, sizeof(msg), (unsigned)countSz); +#endif + } /* not CSV format */ + + bench_append_memory_info(msg, sizeof(msg), csv_format == 1, +#ifdef WC_BENCH_HEAP_TRACKING + heapAllocs, + heapBytes, +#else + 0, + 0, +#endif + BENCH_LAST_STACK_BYTES + ); + printf("%s", msg); + + /* show errors */ + if (ret < 0) { + printf("%sBenchmark %s failed: %d\n", err_prefix, desc, ret); + } + +#ifndef WOLFSSL_SGX + XFFLUSH(stdout); +#endif + +#ifdef WC_BENCH_TRACK_STATS + /* Add to thread stats */ + bench_stats_add(BENCH_STAT_SYM, desc, 0, desc, useDeviceID, persec, + blockType, ret, +#ifdef WC_BENCH_HEAP_TRACKING + heapAllocs, heapBytes, +#else + 0, 0, +#endif + BENCH_LAST_STACK_BYTES + ); +#endif + + (void)useDeviceID; + (void)ret; + +#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS + RESTORE_VECTOR_REGISTERS(); +#elif defined(WOLFSSL_LINUXKM) + kernel_fpu_end(); +#endif + + bench_stats_prepare(); + TEST_SLEEP(); +} /* bench_stats_sym_finish */ + +#ifdef BENCH_ASYM +#if defined(HAVE_ECC) || !defined(NO_RSA) || !defined(NO_DH) || \ + defined(HAVE_CURVE25519) || defined(HAVE_ED25519) || \ + defined(HAVE_CURVE448) || defined(HAVE_ED448) || \ + defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_DILITHIUM) || \ + defined(WOLFSSL_HAVE_LMS) +static void bench_stats_asym_finish_ex(const char* algo, int strength, + const char* desc, const char* desc_extra, int useDeviceID, int count, + double start, int ret) +{ + double total, each = 0, opsSec, milliEach; + const char **word = bench_result_words2[lng_index]; +#ifdef WC_BENCH_TRACK_STATS + const char* kOpsSec = "Ops/Sec"; +#endif + char msg[256]; + static int asym_header_printed = 0; +#ifdef BENCH_MICROSECOND + const int digits = 5; +#else + const int digits = 3; +#endif +#ifdef WC_BENCH_HEAP_TRACKING + long heapAllocs = 0; + long heapBytes = 0; +#endif + XMEMSET(msg, 0, sizeof(msg)); + + total = current_time(0) - start; + +#ifdef LINUX_RUSAGE_UTIME + check_for_excessive_stime(algo, strength, desc, desc_extra); +#endif + +#ifdef WOLFSSL_ESPIDF + END_ESP_CYCLES +#else + END_CYCLES +#endif + + /* some sanity checks on the final numbers */ + if (count > 0) { + each = total / count; /* per second */ + } + else { + count = 0; + each = 0; + } + + if (total > 0) { + opsSec = count / total; /* ops second */ + } + else { + opsSec = 0; + } + +#ifdef BENCH_MICROSECOND + milliEach = each / 1000; /* milliseconds */ +#else + milliEach = each * 1000; /* milliseconds */ +#endif + + bench_heap_checkpoint_measure( +#ifdef WC_BENCH_HEAP_TRACKING + &heapAllocs, + &heapBytes +#else + NULL, + NULL +#endif + ); +#ifdef WC_BENCH_HEAP_TRACKING + heapAllocs += bench_stats_heap_setup_allocs; + heapBytes += bench_stats_heap_setup_bytes; + bench_stats_heap_setup_allocs = 0; + bench_stats_heap_setup_bytes = 0; +#endif +#ifdef WC_BENCH_STACK_TRACKING + { + long stackUsed = bench_stack_checkpoint_measure(); + stackUsed += bench_stats_stack_setup_bytes; + bench_last_stack_bytes = stackUsed; + } + bench_stats_stack_setup_bytes = 0; +#else + (void)bench_stack_checkpoint_measure(); +#endif + + SLEEP_ON_ERROR(ret); + +#ifdef MULTI_VALUE_STATISTICS /* Print without avg ms */ + (void)milliEach; + + /* format and print to terminal */ + if (csv_format == 1) { + /* only print out header once */ + if (asym_header_printed == 0) { +#ifdef GENERATE_MACHINE_PARSEABLE_REPORT + #ifdef HAVE_GET_CYCLES + printf("%s", "\"asym\",Algorithm,key size,operation,ops/" + WOLFSSL_FIXED_TIME_UNIT "ec,ops," WOLFSSL_FIXED_TIME_UNIT + "ecs,cycles,cycles/op," +#ifdef WC_BENCH_HEAP_TRACKING + "heap_bytes,heap_allocs," +#endif +#ifdef WC_BENCH_STACK_TRACKING + "stack_bytes," +#endif + ); + #else + printf("%s", "\"asym\",Algorithm,key size,operation,ops/" + WOLFSSL_FIXED_TIME_UNIT "ec,ops," WOLFSSL_FIXED_TIME_UNIT + "ecs," +#ifdef WC_BENCH_HEAP_TRACKING + "heap_bytes,heap_allocs," +#endif +#ifdef WC_BENCH_STACK_TRACKING + "stack_bytes," +#endif + ); + #endif +#else + printf("\n%sAsymmetric Ciphers:\n\n", info_prefix); + #ifdef HAVE_GET_CYCLES + printf("%sAlgorithm,key size,operation,ops/" + WOLFSSL_FIXED_TIME_UNIT "ec,cycles/op,", info_prefix); + #else + printf("%sAlgorithm,key size,operation,ops/" + WOLFSSL_FIXED_TIME_UNIT "ec,", info_prefix); + #endif + printf("%s", +#ifdef WC_BENCH_HEAP_TRACKING + "heap_bytes,heap_allocs," +#endif +#ifdef WC_BENCH_STACK_TRACKING + "stack_bytes," +#endif + ""); +#endif + printf("max duration,min duration,mean duration,sd,\n"); + asym_header_printed = 1; + } +#ifdef GENERATE_MACHINE_PARSEABLE_REPORT + #ifdef HAVE_GET_CYCLES + (void)XSNPRINTF(msg, sizeof(msg), + "asym,%s,%d,%s%s," FLT_FMT_PREC ",%d," + FLT_FMT ",%lu," FLT_FMT_PREC STATS_CLAUSE_SEPARATOR, + algo, strength, desc, desc_extra, + FLT_FMT_PREC_ARGS(digits, opsSec), + count, FLT_FMT_ARGS(total), (unsigned long)total_cycles, + FLT_FMT_PREC_ARGS(6, + (double)total_cycles / (double)count)); + #else + (void)XSNPRINTF(msg, sizeof(msg), + "asym,%s,%d,%s%s," FLT_FMT_PREC ",%d," + FLT_FMT STATS_CLAUSE_SEPARATOR, + algo, strength, desc, desc_extra, + FLT_FMT_PREC_ARGS(digits, opsSec), + count, FLT_FMT_ARGS(total)); + #endif +#else + #ifdef HAVE_GET_CYCLES + (void)XSNPRINTF(msg, sizeof(msg), "%s,%d,%s%s," + FLT_FMT_PREC "," FLT_FMT_PREC "," + STATS_CLAUSE_SEPARATOR, + algo, strength, desc, desc_extra, + FLT_FMT_PREC_ARGS(digits, opsSec), + FLT_FMT_PREC_ARGS(2, (double)total_cycles / + (double)count)); + #else + (void)XSNPRINTF(msg, sizeof(msg), "%s,%d,%s%s," + FLT_FMT_PREC "," STATS_CLAUSE_SEPARATOR, + algo, strength, desc, desc_extra, + FLT_FMT_PREC_ARGS(digits, opsSec)); + #endif +#endif + } /* if (csv_format == 1) */ + + else { +#ifdef GENERATE_MACHINE_PARSEABLE_REPORT + #ifdef HAVE_GET_CYCLES + (void)XSNPRINTF(msg, sizeof(msg), + "%-6s %5d %8s%-2s %s %6d %s " FLT_FMT_PREC2 " %s, " + FLT_FMT_PREC " %s, %lu cycles" STATS_CLAUSE_SEPARATOR, + algo, strength, desc, desc_extra, + BENCH_DEVID_GET_NAME(useDeviceID), count, word[0], + FLT_FMT_PREC2_ARGS(5, 3, total), word[1], + FLT_FMT_PREC_ARGS(digits, opsSec), word[3], + (unsigned long)total_cycles); + #else + (void)XSNPRINTF(msg, sizeof(msg), + "%-6s %5d %8s%-2s %s %6d %s " FLT_FMT_PREC2 " %s, " + FLT_FMT_PREC " %s" STATS_CLAUSE_SEPARATOR, + algo, strength, desc, desc_extra, + BENCH_DEVID_GET_NAME(useDeviceID), count, word[0], + FLT_FMT_PREC2_ARGS(5, 3, total), word[1], + FLT_FMT_PREC_ARGS(digits, opsSec), word[3]); + #endif /* HAVE_GET_CYCLES */ +#else + #ifdef HAVE_GET_CYCLES + (void)XSNPRINTF(msg, sizeof(msg), + "%-6s %5d %8s%-2s %s %6d %s " FLT_FMT_PREC2 " %s, " + FLT_FMT_PREC " %s, " FLT_FMT_PREC2 " %s" + STATS_CLAUSE_SEPARATOR, + algo, strength, desc, desc_extra, + BENCH_DEVID_GET_NAME(useDeviceID), count, word[0], + FLT_FMT_PREC2_ARGS(5, 3, total), word[1], + FLT_FMT_PREC_ARGS(digits, opsSec), word[3], + FLT_FMT_PREC2_ARGS(10, 1, (double)total_cycles / + (word64)count), word[4]); + #else + (void)XSNPRINTF(msg, sizeof(msg), + "%-6s %5d %8s%-2s %s %6d %s " FLT_FMT_PREC2 " %s, " + FLT_FMT_PREC " %s" STATS_CLAUSE_SEPARATOR, + algo, strength, desc, desc_extra, + BENCH_DEVID_GET_NAME(useDeviceID), count, word[0], + FLT_FMT_PREC2_ARGS(5, 3, total), word[1], + FLT_FMT_PREC_ARGS(digits, opsSec), word[3]); + #endif +#endif + } +#else /* MULTI_VALUE_STATISTICS. Print with avg ms */ + /* format and print to terminal */ + if (csv_format == 1) { + /* only print out header once */ + if (asym_header_printed == 0) { +#ifdef GENERATE_MACHINE_PARSEABLE_REPORT + #ifdef HAVE_GET_CYCLES + printf("%s", "\"asym\",Algorithm,key size,operation,avg ms,ops/" + WOLFSSL_FIXED_TIME_UNIT "ec,ops," WOLFSSL_FIXED_TIME_UNIT + "ecs,cycles,cycles/op," +#ifdef WC_BENCH_HEAP_TRACKING + "heap_bytes,heap_allocs," +#endif +#ifdef WC_BENCH_STACK_TRACKING + "stack_bytes," +#endif + ); + #else + printf("%s", "\"asym\",Algorithm,key size,operation,avg ms,ops/" + WOLFSSL_FIXED_TIME_UNIT "ec,ops," WOLFSSL_FIXED_TIME_UNIT + "ecs," +#ifdef WC_BENCH_HEAP_TRACKING + "heap_bytes,heap_allocs," +#endif +#ifdef WC_BENCH_STACK_TRACKING + "stack_bytes," +#endif + ); + #endif +#else + printf("\n%sAsymmetric Ciphers:\n\n", info_prefix); + printf("%sAlgorithm,key size,operation,avg ms,ops/" + WOLFSSL_FIXED_TIME_UNIT "ec,", info_prefix); + printf("%s", +#ifdef WC_BENCH_HEAP_TRACKING + "heap_bytes,heap_allocs," +#endif +#ifdef WC_BENCH_STACK_TRACKING + "stack_bytes," +#endif + ""); +#endif + printf("\n"); + asym_header_printed = 1; + } +#ifdef GENERATE_MACHINE_PARSEABLE_REPORT + #ifdef HAVE_GET_CYCLES + (void)XSNPRINTF(msg, sizeof(msg), + "asym,%s,%d,%s%s," FLT_FMT_PREC "," FLT_FMT_PREC ",%d," + FLT_FMT ",%lu," FLT_FMT_PREC STATS_CLAUSE_SEPARATOR, + algo, strength, desc, desc_extra, + FLT_FMT_PREC_ARGS(3, milliEach), + FLT_FMT_PREC_ARGS(digits, opsSec), + count, FLT_FMT_ARGS(total), (unsigned long)total_cycles, + FLT_FMT_PREC_ARGS(6, + (double)total_cycles / (double)count)); + #else + (void)XSNPRINTF(msg, sizeof(msg), + "asym,%s,%d,%s%s," FLT_FMT_PREC "," FLT_FMT_PREC ",%d," + FLT_FMT STATS_CLAUSE_SEPARATOR, + algo, strength, desc, desc_extra, + FLT_FMT_PREC_ARGS(3, milliEach), + FLT_FMT_PREC_ARGS(digits, opsSec), + count, FLT_FMT_ARGS(total)); + #endif +#else + (void)XSNPRINTF(msg, sizeof(msg), "%s,%d,%s%s," FLT_FMT_PREC "," + FLT_FMT_PREC "," STATS_CLAUSE_SEPARATOR, + algo, strength, desc, desc_extra, + FLT_FMT_PREC_ARGS(3, milliEach), + FLT_FMT_PREC_ARGS(digits, opsSec)); +#endif + } /* if (csv_format == 1) */ + + else { +#ifdef GENERATE_MACHINE_PARSEABLE_REPORT + #ifdef HAVE_GET_CYCLES + (void)XSNPRINTF(msg, sizeof(msg), + "%-6s %5d %8s%-2s %s %6d %s " FLT_FMT_PREC2 " %s, %s " + FLT_FMT_PREC2 " ms, " FLT_FMT_PREC " %s, %lu cycles", + algo, strength, desc, desc_extra, + BENCH_DEVID_GET_NAME(useDeviceID), count, word[0], + FLT_FMT_PREC2_ARGS(5, 3, total), word[1], word[2], + FLT_FMT_PREC2_ARGS(5, 3, milliEach), + FLT_FMT_PREC_ARGS(digits, opsSec), word[3], + (unsigned long)total_cycles); + #else + (void)XSNPRINTF(msg, sizeof(msg), + "%-6s %5d %8s%-2s %s %6d %s " FLT_FMT_PREC2 " %s, %s " + FLT_FMT_PREC2 " ms, " FLT_FMT_PREC " %s", + algo, strength, desc, desc_extra, + BENCH_DEVID_GET_NAME(useDeviceID), count, word[0], + FLT_FMT_PREC2_ARGS(5, 3, total), word[1], word[2], + FLT_FMT_PREC2_ARGS(5, 3, milliEach), + FLT_FMT_PREC_ARGS(digits, opsSec), word[3]); + #endif /* HAVE_GET_CYCLES */ +#else + #ifdef HAVE_GET_CYCLES + (void)XSNPRINTF(msg, sizeof(msg), + "%-6s %5d %8s%-2s %s %6d %s " FLT_FMT_PREC2 " %s, %s " + FLT_FMT_PREC2 " ms, " FLT_FMT_PREC2 " %s, %lu cycles", + algo, strength, desc, desc_extra, + BENCH_DEVID_GET_NAME(useDeviceID), count, word[0], + FLT_FMT_PREC2_ARGS(5, 3, total), word[1], word[2], + FLT_FMT_PREC2_ARGS(5, 3, milliEach), + FLT_FMT_PREC2_ARGS(digits + 6, digits, opsSec), + word[3], (unsigned long)total_cycles); + #else + (void)XSNPRINTF(msg, sizeof(msg), + "%-6s %5d %8s%-2s %s %6d %s " FLT_FMT_PREC2 " %s, %s " + FLT_FMT_PREC2 " ms, " FLT_FMT_PREC2 " %s", + algo, strength, desc, desc_extra, + BENCH_DEVID_GET_NAME(useDeviceID), count, word[0], + FLT_FMT_PREC2_ARGS(5, 3, total), word[1], word[2], + FLT_FMT_PREC2_ARGS(5, 3, milliEach), + FLT_FMT_PREC2_ARGS(digits + 6, digits, opsSec), + word[3]); + #endif /* HAVE_GET_CYCLES */ +#endif +#ifdef WOLFSSL_ESPIDF + SHOW_ESP_CYCLES_OPS(msg, sizeof(msg)); + +/* implement other architecture cycle counters here */ + +#else + SHOW_CYCLES_OPS(msg, sizeof(msg)); +#endif + } +#endif /* MULTI_VALUE_STATISTICS */ + bench_append_memory_info(msg, sizeof(msg), csv_format == 1, +#ifdef WC_BENCH_HEAP_TRACKING + heapAllocs, + heapBytes, +#else + 0, + 0, +#endif + BENCH_LAST_STACK_BYTES + ); + printf("%s", msg); + + /* show errors */ + if (ret < 0) { + printf("%sBenchmark %s %s %d failed: %d\n", + err_prefix, algo, desc, strength, ret); + } + +#ifndef WOLFSSL_SGX + XFFLUSH(stdout); +#endif + +#ifdef WC_BENCH_TRACK_STATS + /* Add to thread stats */ + bench_stats_add(BENCH_STAT_ASYM, algo, strength, desc, useDeviceID, opsSec, + kOpsSec, ret, +#ifdef WC_BENCH_HEAP_TRACKING + heapAllocs, heapBytes, +#else + 0, 0, +#endif + BENCH_LAST_STACK_BYTES + ); +#endif + + (void)useDeviceID; + (void)ret; + +#ifdef WOLFSSL_USE_SAVE_VECTOR_REGISTERS + RESTORE_VECTOR_REGISTERS(); +#elif defined(WOLFSSL_LINUXKM) + kernel_fpu_end(); +#endif + + bench_stats_prepare(); + TEST_SLEEP(); +} /* bench_stats_asym_finish_ex */ + +static void bench_stats_asym_finish(const char* algo, int strength, + const char* desc, int useDeviceID, int count, double start, int ret) +{ + bench_stats_asym_finish_ex(algo, strength, desc, "", useDeviceID, count, + start, ret); +} +#endif +#endif /* BENCH_ASYM */ + +static WC_INLINE void bench_stats_free(void) +{ +#ifdef WC_BENCH_TRACK_STATS + bench_stats_t* bstat; + for (bstat = bench_stats_head; bstat != NULL; ) { + bench_stats_t* next = bstat->next; + XFREE(bstat, NULL, DYNAMIC_TYPE_INFO); + bstat = next; + } + bench_stats_head = NULL; + bench_stats_tail = NULL; +#endif +} + +/*****************************************************************************/ +/* End Stats Functions */ +/*****************************************************************************/ + + +static void* benchmarks_do(void* args) +{ + long bench_buf_size; + +#ifdef WOLFSSL_ASYNC_CRYPT +#ifndef WC_NO_ASYNC_THREADING + ThreadData* threadData = (ThreadData*)args; + + if (wolfAsync_DevOpenThread(&devId, &threadData->thread_id) < 0) +#else + if (wolfAsync_DevOpen(&devId) < 0) +#endif + { + printf("%sAsync device open failed\n%sRunning without async\n", + err_prefix, err_prefix); + } +#endif /* WOLFSSL_ASYNC_CRYPT */ + + (void)args; + +#ifdef WOLFSSL_ASYNC_CRYPT + if (wolfEventQueue_Init(&eventQueue) != 0) { + printf("%sAsync event queue init failure!\n", err_prefix); + } +#endif + +#ifdef WOLF_CRYPTO_CB +#ifdef HAVE_INTEL_QA_SYNC + devId = wc_CryptoCb_InitIntelQa(); + if (devId == INVALID_DEVID) { + printf("%sCouldn't init the Intel QA\n", err_prefix); + } +#endif +#ifdef HAVE_CAVIUM_OCTEON_SYNC + devId = wc_CryptoCb_InitOcteon(); + if (devId == INVALID_DEVID) { + printf("%sCouldn't get the Octeon device ID\n", err_prefix); + } +#endif +#ifdef HAVE_RENESAS_SYNC + devId = wc_CryptoCb_CryptInitRenesasCmn(NULL, &guser_PKCbInfo); + if (devId == INVALID_DEVID) { + printf("%sCouldn't get the Renesas device ID\n", err_prefix); + } +#endif +#endif + +#if defined(HAVE_LOCAL_RNG) + { + int rngRet; + +#ifndef HAVE_FIPS + rngRet = wc_InitRng_ex(&gRng, HEAP_HINT, devId); +#else + rngRet = wc_InitRng(&gRng); +#endif + if (rngRet < 0) { + printf("%sInitRNG failed\n", err_prefix); + return NULL; + } + } +#endif + + /* setup bench plain, cipher, key and iv globals */ + /* make sure bench buffer is multiple of 16 (AES block size) */ + bench_buf_size = (int)bench_size + BENCH_CIPHER_ADD; + if (bench_buf_size % 16) + bench_buf_size += 16 - (bench_buf_size % 16); + +#ifdef WOLFSSL_AFALG_XILINX_AES + bench_plain = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16); /* native heap */ + bench_cipher = (byte*)aligned_alloc(64, (size_t)bench_buf_size + 16); /* native heap */ +#else + bench_plain = (byte*)XMALLOC((size_t)bench_buf_size + 16, + HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); + bench_cipher = (byte*)XMALLOC((size_t)bench_buf_size + 16, + HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); +#endif + if (bench_plain == NULL || bench_cipher == NULL) { + XFREE(bench_plain, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); + XFREE(bench_cipher, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); + bench_plain = bench_cipher = NULL; + + printf("%sBenchmark block buffer alloc failed!\n", err_prefix); + goto exit; + } + +#ifndef NO_FILESYSTEM + if (hash_input) { + size_t rawSz; + XFILE file; + file = XFOPEN(hash_input, "rb"); + if (file == XBADFILE) + goto exit; + + if (XFSEEK(file, 0, XSEEK_END) != 0) { + XFCLOSE(file); + goto exit; + } + + bench_buf_size = XFTELL(file); + if(bench_buf_size < 0 || XFSEEK(file, 0, XSEEK_SET) != 0) { + XFCLOSE(file); + goto exit; + } + + XFREE(bench_plain, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); + + rawSz = (size_t)bench_buf_size; + if (bench_buf_size % 16) + bench_buf_size += 16 - (bench_buf_size % 16); + + bench_size = (word32)bench_buf_size; + + bench_plain = (byte*)XMALLOC((size_t)bench_buf_size + 16*2, + HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); + + if (bench_plain == NULL) { + XFCLOSE(file); + goto exit; + } + + if ((size_t)XFREAD(bench_plain, 1, rawSz, file) + != rawSz) { + XFCLOSE(file); + goto exit; + } + + XFCLOSE(file); + } + else { + XMEMSET(bench_plain, 0, (size_t)bench_buf_size); + } + + if (cipher_input) { + size_t rawSz; + XFILE file; + file = XFOPEN(cipher_input, "rb"); + if (file == XBADFILE) + goto exit; + + if (XFSEEK(file, 0, XSEEK_END) != 0) { + XFCLOSE(file); + goto exit; + } + + bench_buf_size = XFTELL(file); + if (bench_buf_size < 0 || XFSEEK(file, 0, XSEEK_SET) != 0) { + XFCLOSE(file); + goto exit; + } + + XFREE(bench_cipher, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); + + rawSz = (size_t)bench_buf_size; + if (bench_buf_size % 16) + bench_buf_size += 16 - (bench_buf_size % 16); + + if (bench_size > (word32)bench_buf_size) + bench_size = (word32)bench_buf_size; + + bench_cipher = (byte*)XMALLOC((size_t)bench_buf_size + 16*2, + HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); + + if (bench_cipher == NULL) { + XFCLOSE(file); + goto exit; + } + + if ((size_t)XFREAD(bench_cipher, 1, rawSz, file) + != rawSz) { + XFCLOSE(file); + goto exit; + } + + XFCLOSE(file); + } + else { + XMEMSET(bench_cipher, 0, (size_t)bench_buf_size); + } +#endif + +#if defined(WOLFSSL_ASYNC_CRYPT) || defined(HAVE_INTEL_QA_SYNC) + bench_key = (byte*)XMALLOC(sizeof(bench_key_buf), + HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); + bench_iv = (byte*)XMALLOC(sizeof(bench_iv_buf), + HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); + + if (bench_key == NULL || bench_iv == NULL) { + XFREE(bench_key, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); + XFREE(bench_iv, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); + bench_key = bench_iv = NULL; + + printf("%sBenchmark cipher buffer alloc failed!\n", err_prefix); + goto exit; + } + XMEMCPY(bench_key, bench_key_buf, sizeof(bench_key_buf)); + XMEMCPY(bench_iv, bench_iv_buf, sizeof(bench_iv_buf)); +#elif defined(HAVE_RENESAS_SYNC) + bench_key1 = (byte*)guser_PKCbInfo.wrapped_key_aes128; + bench_key2 = (byte*)guser_PKCbInfo.wrapped_key_aes256; + bench_key = (byte*)bench_key_buf; + bench_iv = (byte*)bench_iv_buf; +#else + bench_key = (byte*)bench_key_buf; + bench_iv = (byte*)bench_iv_buf; +#endif + +#ifndef WC_NO_RNG + if (bench_all || (bench_other_algs & BENCH_RNG)) + bench_rng(); +#endif /* WC_NO_RNG */ +#ifndef NO_AES +#ifdef HAVE_AES_CBC + if (bench_all || (bench_cipher_algs & BENCH_AES_CBC)) { + #ifndef NO_SW_BENCH + bench_aescbc(0); + #endif + #if defined(BENCH_DEVID) + bench_aescbc(1); + #endif + } +#endif +#ifdef HAVE_AESGCM + if (bench_all || (bench_cipher_algs & BENCH_AES_GCM)) { + #ifndef NO_SW_BENCH + bench_aes_aad_options_wrap(bench_aesgcm, 0); + #endif + #if ((defined(WOLFSSL_ASYNC_CRYPT) && defined(WC_ASYNC_ENABLE_3DES)) || \ + defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \ + defined(HAVE_RENESAS_SYNC) || defined(WOLFSSL_CAAM) || \ + defined(BENCH_DEVID)) || \ + ((defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD)) && \ + defined(WOLF_CRYPTO_CB)) && !defined(NO_HW_BENCH) + bench_aes_aad_options_wrap(bench_aesgcm, 1); + #endif + } + if (bench_all || (bench_cipher_algs & BENCH_AES_GCM) || + (bench_cipher_algs & BENCH_AES_GMAC)) { + #ifndef NO_SW_BENCH + bench_gmac(0); + #endif + #if defined(BENCH_DEVID) + bench_gmac(1); + #endif + } +#endif +#ifdef HAVE_AES_ECB + if (bench_all || (bench_cipher_algs & BENCH_AES_ECB)) { + #ifndef NO_SW_BENCH + bench_aesecb(0); + #endif + #ifdef BENCH_DEVID + bench_aesecb(1); + #endif + } +#endif +#ifdef WOLFSSL_AES_XTS + if (bench_all || (bench_cipher_algs & BENCH_AES_XTS)) + bench_aesxts(); +#endif +#ifdef WOLFSSL_AES_CFB + if (bench_all || (bench_cipher_algs & BENCH_AES_CFB)) + bench_aescfb(); +#endif +#ifdef WOLFSSL_AES_OFB + if (bench_all || (bench_cipher_algs & BENCH_AES_OFB)) + bench_aesofb(); +#endif +#ifdef WOLFSSL_AES_COUNTER + if (bench_all || (bench_cipher_algs & BENCH_AES_CTR)) { + #ifndef NO_SW_BENCH + bench_aesctr(0); + #endif + #ifdef BENCH_DEVID + bench_aesctr(1); + #endif + } +#endif +#ifdef HAVE_AESCCM + if (bench_all || (bench_cipher_algs & BENCH_AES_CCM)) { + bench_aes_aad_options_wrap(bench_aesccm, 0); + #ifdef BENCH_DEVID + bench_aes_aad_options_wrap(bench_aesccm, 1); + #endif + } +#endif +#ifdef WOLFSSL_AES_SIV + if (bench_all || (bench_cipher_algs & BENCH_AES_SIV)) + bench_aessiv(); +#endif +#endif /* !NO_AES */ + +#ifdef HAVE_CAMELLIA + if (bench_all || (bench_cipher_algs & BENCH_CAMELLIA)) + bench_camellia(); +#endif +#ifdef WOLFSSL_SM4_CBC + if (bench_all || (bench_cipher_algs & BENCH_SM4_CBC)) + bench_sm4_cbc(); +#endif +#ifdef WOLFSSL_SM4_GCM + if (bench_all || (bench_cipher_algs & BENCH_SM4_GCM)) + bench_sm4_gcm(); +#endif +#ifdef WOLFSSL_SM4_CCM + if (bench_all || (bench_cipher_algs & BENCH_SM4_CCM)) + bench_sm4_ccm(); +#endif +#ifndef NO_RC4 + if (bench_all || (bench_cipher_algs & BENCH_ARC4)) { + #ifndef NO_SW_BENCH + bench_arc4(0); + #endif + #ifdef BENCH_DEVID + bench_arc4(1); + #endif + } +#endif +#ifdef HAVE_CHACHA + if (bench_all || (bench_cipher_algs & BENCH_CHACHA20)) + bench_chacha(); +#endif +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + if (bench_all || (bench_cipher_algs & BENCH_CHACHA20_POLY1305)) + bench_chacha20_poly1305_aead(); +#endif +#ifndef NO_DES3 + if (bench_all || (bench_cipher_algs & BENCH_DES)) { + #ifndef NO_SW_BENCH + bench_des(0); + #endif + #ifdef BENCH_DEVID + bench_des(1); + #endif + } +#endif +#ifdef HAVE_ASCON + if (bench_all || (bench_cipher_algs & BENCH_ASCON_AEAD128)) + bench_ascon_aead(); +#endif +#ifndef NO_MD5 + if (bench_all || (bench_digest_algs & BENCH_MD5)) { + #ifndef NO_SW_BENCH + bench_md5(0); + #endif + #ifdef BENCH_DEVID + bench_md5(1); + #endif + } +#endif +#ifdef HAVE_POLY1305 + if (bench_all || (bench_digest_algs & BENCH_POLY1305)) + bench_poly1305(); +#endif +#ifndef NO_SHA + if (bench_all || (bench_digest_algs & BENCH_SHA)) { + #ifndef NO_SW_BENCH + bench_sha(0); + #endif + #ifdef BENCH_DEVID + bench_sha(1); + #endif + } +#endif +#ifdef WOLFSSL_SHA224 + if (bench_all || (bench_digest_algs & BENCH_SHA224)) { + #ifndef NO_SW_BENCH + bench_sha224(0); + #endif + #ifdef BENCH_DEVID + bench_sha224(1); + #endif + } +#endif +#ifndef NO_SHA256 + if (bench_all || (bench_digest_algs & BENCH_SHA256)) { + #ifndef NO_SW_BENCH + bench_sha256(0); + #endif + #ifdef BENCH_DEVID + bench_sha256(1); + #endif + } +#endif +#ifdef WOLFSSL_SHA384 + if (bench_all || (bench_digest_algs & BENCH_SHA384)) { + #ifndef NO_SW_BENCH + bench_sha384(0); + #endif + #ifdef BENCH_DEVID + bench_sha384(1); + #endif + } +#endif +#ifdef WOLFSSL_SHA512 + if (bench_all || (bench_digest_algs & BENCH_SHA512)) { + #ifndef NO_SW_BENCH + bench_sha512(0); + #endif + #ifdef BENCH_DEVID + bench_sha512(1); + #endif + } + +#if !defined(WOLFSSL_NOSHA512_224) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) + if (bench_all || (bench_digest_algs & BENCH_SHA512)) { + #ifndef NO_SW_BENCH + bench_sha512_224(0); + #endif + #ifdef BENCH_DEVID + bench_sha512_224(1); + #endif + } +#endif /* WOLFSSL_NOSHA512_224 */ + +#if !defined(WOLFSSL_NOSHA512_256) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) + if (bench_all || (bench_digest_algs & BENCH_SHA512)) { + #ifndef NO_SW_BENCH + bench_sha512_256(0); + #endif + #ifdef BENCH_DEVID + bench_sha512_256(1); + #endif + } +#endif /* WOLFSSL_NOSHA512_256 */ +#endif /* WOLFSSL_SHA512 */ + +#ifdef WOLFSSL_SHA3 + #ifndef WOLFSSL_NOSHA3_224 + if (bench_all || (bench_digest_algs & BENCH_SHA3_224)) { + #ifndef NO_SW_BENCH + bench_sha3_224(0); + #endif + #ifdef BENCH_DEVID + bench_sha3_224(1); + #endif + } + #endif /* WOLFSSL_NOSHA3_224 */ + #ifndef WOLFSSL_NOSHA3_256 + if (bench_all || (bench_digest_algs & BENCH_SHA3_256)) { + #ifndef NO_SW_BENCH + bench_sha3_256(0); + #endif + #ifdef BENCH_DEVID + bench_sha3_256(1); + #endif + } + #endif /* WOLFSSL_NOSHA3_256 */ + #ifndef WOLFSSL_NOSHA3_384 + if (bench_all || (bench_digest_algs & BENCH_SHA3_384)) { + #ifndef NO_SW_BENCH + bench_sha3_384(0); + #endif + #ifdef BENCH_DEVID + bench_sha3_384(1); + #endif + } + #endif /* WOLFSSL_NOSHA3_384 */ + #ifndef WOLFSSL_NOSHA3_512 + if (bench_all || (bench_digest_algs & BENCH_SHA3_512)) { + #ifndef NO_SW_BENCH + bench_sha3_512(0); + #endif + #ifdef BENCH_DEVID + bench_sha3_512(1); + #endif + } + #endif /* WOLFSSL_NOSHA3_512 */ + #ifdef WOLFSSL_SHAKE128 + if (bench_all || (bench_digest_algs & BENCH_SHAKE128)) { + #ifndef NO_SW_BENCH + bench_shake128(0); + #endif + #ifdef BENCH_DEVID + bench_shake128(1); + #endif + } + #endif /* WOLFSSL_SHAKE128 */ + #ifdef WOLFSSL_SHAKE256 + if (bench_all || (bench_digest_algs & BENCH_SHAKE256)) { + #ifndef NO_SW_BENCH + bench_shake256(0); + #endif + #ifdef BENCH_DEVID + bench_shake256(1); + #endif + } + #endif /* WOLFSSL_SHAKE256 */ +#endif +#ifdef WOLFSSL_SM3 + if (bench_all || (bench_digest_algs & BENCH_SM3)) { + #ifndef NO_SW_BENCH + bench_sm3(0); + #endif + #ifdef BENCH_DEVID + bench_sm3(1); + #endif + } +#endif +#ifdef WOLFSSL_RIPEMD + if (bench_all || (bench_digest_algs & BENCH_RIPEMD)) + bench_ripemd(); +#endif +#ifdef HAVE_BLAKE2 + if (bench_all || (bench_digest_algs & BENCH_BLAKE2B)) + bench_blake2b(); +#endif +#ifdef HAVE_BLAKE2S + if (bench_all || (bench_digest_algs & BENCH_BLAKE2S)) + bench_blake2s(); +#endif +#ifdef HAVE_ASCON + if (bench_all || (bench_digest_algs & BENCH_ASCON_HASH256)) + bench_ascon_hash(); +#endif +#ifdef WOLFSSL_CMAC + if (bench_all || (bench_mac_algs & BENCH_CMAC)) { + bench_cmac(0); + #ifdef BENCH_DEVID + bench_cmac(1); + #endif + } +#endif + +#ifndef NO_HMAC + #ifndef NO_MD5 + if (bench_all || (bench_mac_algs & BENCH_HMAC_MD5)) { + #ifndef NO_SW_BENCH + bench_hmac_md5(0); + #endif + #ifdef BENCH_DEVID + bench_hmac_md5(1); + #endif + } + #endif + #ifndef NO_SHA + if (bench_all || (bench_mac_algs & BENCH_HMAC_SHA)) { + #ifndef NO_SW_BENCH + bench_hmac_sha(0); + #endif + #ifdef BENCH_DEVID + bench_hmac_sha(1); + #endif + } + #endif + #ifdef WOLFSSL_SHA224 + if (bench_all || (bench_mac_algs & BENCH_HMAC_SHA224)) { + #ifndef NO_SW_BENCH + bench_hmac_sha224(0); + #endif + #ifdef BENCH_DEVID + bench_hmac_sha224(1); + #endif + } + #endif + #ifndef NO_SHA256 + if (bench_all || (bench_mac_algs & BENCH_HMAC_SHA256)) { + #ifndef NO_SW_BENCH + bench_hmac_sha256(0); + #endif + #ifdef BENCH_DEVID + bench_hmac_sha256(1); + #endif + } + #endif + #ifdef WOLFSSL_SHA384 + if (bench_all || (bench_mac_algs & BENCH_HMAC_SHA384)) { + #ifndef NO_SW_BENCH + bench_hmac_sha384(0); + #endif + #ifdef BENCH_DEVID + bench_hmac_sha384(1); + #endif + } + #endif + #ifdef WOLFSSL_SHA512 + if (bench_all || (bench_mac_algs & BENCH_HMAC_SHA512)) { + #ifndef NO_SW_BENCH + bench_hmac_sha512(0); + #endif + #ifdef BENCH_DEVID + bench_hmac_sha512(1); + #endif + } + #endif + #ifndef NO_PWDBASED + if (bench_all || (bench_mac_algs & BENCH_PBKDF2)) { + bench_pbkdf2(); + } + #endif +#endif /* NO_HMAC */ +#ifdef WOLFSSL_SIPHASH + if (bench_all || (bench_mac_algs & BENCH_SIPHASH)) { + bench_siphash(); + } +#endif + +#ifdef WC_SRTP_KDF + if (bench_all || (bench_kdf_algs & BENCH_SRTP_KDF)) { + bench_srtpkdf(); + } +#endif + +#ifdef HAVE_SCRYPT + if (bench_all || (bench_other_algs & BENCH_SCRYPT)) + bench_scrypt(); +#endif + +#if !defined(NO_RSA) && !defined(WC_NO_RNG) +#ifndef HAVE_RENESAS_SYNC + #if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) + if (bench_all || (bench_asym_algs & BENCH_RSA_KEYGEN)) { + #ifndef NO_SW_BENCH + if (((word32)bench_asym_algs == 0xFFFFFFFFU) || + (bench_asym_algs & BENCH_RSA_SZ) == 0) { + bench_rsaKeyGen(0); + } + else { + bench_rsaKeyGen_size(0, bench_size); + } + #endif + #ifdef BENCH_DEVID + if (bench_asym_algs & BENCH_RSA_SZ) { + bench_rsaKeyGen_size(1, bench_size); + } + else { + bench_rsaKeyGen(1); + } + #endif + } + #endif /* WOLFSSL_KEY_GEN */ + if (bench_all || (bench_asym_algs & BENCH_RSA)) { + #ifndef NO_SW_BENCH + bench_rsa(0); + #endif + #ifdef BENCH_DEVID + bench_rsa(1); + #endif + } + + #if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) + if (bench_asym_algs & BENCH_RSA_SZ) { + #ifndef NO_SW_BENCH + bench_rsa_key(0, bench_size); + #endif + #ifdef BENCH_DEVID + bench_rsa_key(1, bench_size); + #endif + } + #endif +#endif +#endif /* !NO_RSA && !WC_NO_RNG */ + +#if !defined(NO_DH) && !defined(WC_NO_RNG) + if (bench_all || (bench_asym_algs & BENCH_DH)) { + #ifndef NO_SW_BENCH + bench_dh(0); + #endif + #ifdef BENCH_DEVID + bench_dh(1); + #endif + } +#endif + +#ifdef WOLFSSL_HAVE_MLKEM + if (bench_all || (bench_pq_asym_algs & BENCH_KYBER)) { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + if (bench_all || (bench_pq_asym_algs & BENCH_KYBER512)) { + bench_mlkem(WC_ML_KEM_512); + } + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + if (bench_all || (bench_pq_asym_algs & BENCH_KYBER768)) { + bench_mlkem(WC_ML_KEM_768); + } + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + if (bench_all || (bench_pq_asym_algs & BENCH_KYBER1024)) { + bench_mlkem(WC_ML_KEM_1024); + } + #endif +#endif +#ifdef WOLFSSL_MLKEM_KYBER + #ifdef WOLFSSL_KYBER512 + if (bench_all || (bench_pq_asym_algs & BENCH_KYBER512)) { + bench_mlkem(KYBER512); + } + #endif + #ifdef WOLFSSL_KYBER768 + if (bench_all || (bench_pq_asym_algs & BENCH_KYBER768)) { + bench_mlkem(KYBER768); + } + #endif + #ifdef WOLFSSL_KYBER1024 + if (bench_all || (bench_pq_asym_algs & BENCH_KYBER1024)) { + bench_mlkem(KYBER1024); + } + #endif +#endif + } +#endif + +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) + if (bench_all || (bench_pq_hash_sig_algs & BENCH_LMS_HSS)) { + bench_lms(); + } +#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */ + +#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) + if (bench_all) { + bench_pq_hash_sig_algs |= BENCH_XMSS_XMSSMT; + } +#ifndef NO_SHA256 + if (bench_pq_hash_sig_algs & BENCH_XMSS_XMSSMT_SHA256) { + bench_xmss(WC_HASH_TYPE_SHA256); + } +#endif +#ifdef WOLFSSL_SHA512 + if (bench_pq_hash_sig_algs & BENCH_XMSS_XMSSMT_SHA512) { + bench_xmss(WC_HASH_TYPE_SHA512); + } +#endif +#ifdef WOLFSSL_SHAKE128 + if (bench_pq_hash_sig_algs & BENCH_XMSS_XMSSMT_SHAKE128) { + bench_xmss(WC_HASH_TYPE_SHAKE128); + } +#endif +#ifdef WOLFSSL_SHAKE256 + if (bench_pq_hash_sig_algs & BENCH_XMSS_XMSSMT_SHAKE256) { + bench_xmss(WC_HASH_TYPE_SHAKE256); + } +#endif +#endif /* if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) */ + +#if defined(HAVE_ECC) && !defined(WC_NO_RNG) + if (bench_all || (bench_asym_algs & BENCH_ECC_MAKEKEY) || + (bench_asym_algs & BENCH_ECC) || + (bench_asym_algs & BENCH_ECC_ALL) || + (bench_asym_algs & BENCH_ECC_ENCRYPT)) { + + if (bench_asym_algs & BENCH_ECC_ALL) { + #if defined(HAVE_FIPS) || defined(HAVE_SELFTEST) + printf("%snot supported in FIPS mode (no ending enum value)\n", + err_prefix); + #else + int curveId = (int)ECC_SECP192R1; + + /* set make key and encrypt */ + bench_asym_algs |= BENCH_ECC_MAKEKEY | BENCH_ECC | + BENCH_ECC_ENCRYPT; + if (csv_format != 1) { + printf("\n%sECC Benchmarks:\n", info_prefix); + } + + do { + #ifdef WOLFCRYPT_HAVE_SAKKE + /* SAKKE is not usable with ECDH/ECDSA. Run separate test. */ + if (curveId == ECC_SAKKE_1) { + curveId++; + continue; + } + #endif + + if (wc_ecc_get_curve_size_from_id(curveId) != + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) { + bench_ecc_curve(curveId); + if (csv_format != 1) { + printf("\n"); + } + } + curveId++; + } while (curveId != (int)ECC_CURVE_MAX); + #endif + } + else if (bench_asym_algs & BENCH_ECC_P256) { + bench_ecc_curve((int)ECC_SECP256R1); + } + else if (bench_asym_algs & BENCH_ECC_P384) { + bench_ecc_curve((int)ECC_SECP384R1); + } + else if (bench_asym_algs & BENCH_ECC_P521) { + bench_ecc_curve((int)ECC_SECP521R1); + } + else { + #ifndef NO_ECC256 + bench_ecc_curve((int)ECC_SECP256R1); + #elif defined(HAVE_ECC384) + bench_ecc_curve((int)ECC_SECP384R1); + #elif defined(HAVE_ECC521) + bench_ecc_curve((int)ECC_SECP521R1); + #endif + #ifdef HAVE_ECC_BRAINPOOL + bench_ecc_curve((int)ECC_BRAINPOOLP256R1); + #endif + } + } +#endif +#ifdef WOLFSSL_SM2 + if (bench_all || (bench_asym_algs & BENCH_SM2)) { + bench_sm2(0); + } +#endif + +#ifdef HAVE_CURVE25519 + if (bench_all || (bench_asym_algs & BENCH_CURVE25519_KEYGEN)) { + #ifndef NO_SW_BENCH + bench_curve25519KeyGen(0); + #endif + #ifdef BENCH_DEVID + bench_curve25519KeyGen(1); + #endif + } + + #ifdef HAVE_CURVE25519_SHARED_SECRET + if (bench_all || (bench_asym_algs & BENCH_CURVE25519_KA)) { + bench_curve25519KeyAgree(0); + #ifdef BENCH_DEVID + bench_curve25519KeyAgree(1); + #endif + } + #endif +#endif + +#ifdef HAVE_ED25519 + if (bench_all || (bench_asym_algs & BENCH_ED25519_KEYGEN)) + bench_ed25519KeyGen(); + if (bench_all || (bench_asym_algs & BENCH_ED25519_SIGN)) + bench_ed25519KeySign(); +#endif + +#ifdef HAVE_CURVE448 + if (bench_all || (bench_asym_algs & BENCH_CURVE448_KEYGEN)) + bench_curve448KeyGen(); + #ifdef HAVE_CURVE448_SHARED_SECRET + if (bench_all || (bench_asym_algs & BENCH_CURVE448_KA)) + bench_curve448KeyAgree(); + #endif +#endif + +#ifdef HAVE_ED448 + if (bench_all || (bench_asym_algs & BENCH_ED448_KEYGEN)) + bench_ed448KeyGen(); + if (bench_all || (bench_asym_algs & BENCH_ED448_SIGN)) + bench_ed448KeySign(); +#endif + +#ifdef WOLFCRYPT_HAVE_ECCSI + #ifdef WOLFCRYPT_ECCSI_KMS + if (bench_all || (bench_asym_algs & BENCH_ECCSI_KEYGEN)) { + bench_eccsiKeyGen(); + } + if (bench_all || (bench_asym_algs & BENCH_ECCSI_PAIRGEN)) { + bench_eccsiPairGen(); + } + #endif + #ifdef WOLFCRYPT_ECCSI_CLIENT + if (bench_all || (bench_asym_algs & BENCH_ECCSI_VALIDATE)) { + bench_eccsiValidate(); + } + if (bench_all || (bench_asym_algs & BENCH_ECCSI)) { + bench_eccsi(); + } + #endif +#endif + +#ifdef WOLFCRYPT_HAVE_SAKKE + #ifdef WOLFCRYPT_SAKKE_KMS + if (bench_all || (bench_asym_algs & BENCH_SAKKE_KEYGEN)) { + bench_sakkeKeyGen(); + } + if (bench_all || (bench_asym_algs & BENCH_SAKKE_RSKGEN)) { + bench_sakkeRskGen(); + } + #endif + #ifdef WOLFCRYPT_SAKKE_CLIENT + if (bench_all || (bench_asym_algs & BENCH_SAKKE_VALIDATE)) { + bench_sakkeValidate(); + } + if (bench_all || (bench_asym_algs & BENCH_SAKKE)) { + bench_sakke(); + } + #endif +#endif + +#ifdef HAVE_FALCON + if (bench_all || (bench_pq_asym_algs & BENCH_FALCON_LEVEL1_SIGN)) + bench_falconKeySign(1); + if (bench_all || (bench_pq_asym_algs & BENCH_FALCON_LEVEL5_SIGN)) + bench_falconKeySign(5); +#endif +#ifdef HAVE_DILITHIUM +#ifndef WOLFSSL_NO_ML_DSA_44 + if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL2_SIGN)) + bench_dilithiumKeySign(2); +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL3_SIGN)) + bench_dilithiumKeySign(3); +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + if (bench_all || (bench_pq_asym_algs & BENCH_DILITHIUM_LEVEL5_SIGN)) + bench_dilithiumKeySign(5); +#endif +#endif +#ifdef HAVE_SPHINCS + if (bench_all || (bench_pq_asym_algs2 & BENCH_SPHINCS_FAST_LEVEL1_SIGN)) + bench_sphincsKeySign(1, FAST_VARIANT); + if (bench_all || (bench_pq_asym_algs2 & BENCH_SPHINCS_FAST_LEVEL3_SIGN)) + bench_sphincsKeySign(3, FAST_VARIANT); + if (bench_all || (bench_pq_asym_algs2 & BENCH_SPHINCS_FAST_LEVEL5_SIGN)) + bench_sphincsKeySign(5, FAST_VARIANT); + if (bench_all || (bench_pq_asym_algs2 & BENCH_SPHINCS_SMALL_LEVEL1_SIGN)) + bench_sphincsKeySign(1, SMALL_VARIANT); + if (bench_all || (bench_pq_asym_algs2 & BENCH_SPHINCS_SMALL_LEVEL3_SIGN)) + bench_sphincsKeySign(3, SMALL_VARIANT); + if (bench_all || (bench_pq_asym_algs2 & BENCH_SPHINCS_SMALL_LEVEL5_SIGN)) + bench_sphincsKeySign(5, SMALL_VARIANT); +#endif + +exit: + /* free benchmark buffers */ + XFREE(bench_plain, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); + XFREE(bench_cipher, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); +#ifdef WOLFSSL_ASYNC_CRYPT + XFREE(bench_key, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); + XFREE(bench_iv, HEAP_HINT, DYNAMIC_TYPE_WOLF_BIGINT); +#endif + +#if defined(HAVE_LOCAL_RNG) + wc_FreeRng(&gRng); +#endif + +/* cleanup the thread if fixed point cache is enabled and have thread local */ +#if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC) + wc_ecc_fp_free(); +#endif + + (void)bench_cipher_algs; + (void)bench_digest_algs; + (void)bench_mac_algs; + (void)bench_asym_algs; + (void)bench_other_algs; + (void)bench_pq_asym_algs; + (void)bench_pq_asym_algs2; + + return NULL; +} + +#if defined(HAVE_CPUID) && defined(WOLFSSL_TEST_STATIC_BUILD) +static void print_cpu_features(void) +{ + word32 cpuid_flags = cpuid_get_flags(); + + printf("CPU: "); +#ifdef HAVE_CPUID_INTEL + printf("Intel"); +#ifdef WOLFSSL_X86_64_BUILD + printf(" x86_64"); +#else + printf(" x86"); +#endif + printf(" -"); + if (IS_INTEL_AVX1(cpuid_flags)) printf(" avx1"); + if (IS_INTEL_AVX2(cpuid_flags)) printf(" avx2"); + if (IS_INTEL_RDRAND(cpuid_flags)) printf(" rdrand"); + if (IS_INTEL_RDSEED(cpuid_flags)) printf(" rdseed"); + if (IS_INTEL_BMI2(cpuid_flags)) printf(" bmi2"); + if (IS_INTEL_AESNI(cpuid_flags)) printf(" aesni"); + if (IS_INTEL_ADX(cpuid_flags)) printf(" adx"); + if (IS_INTEL_MOVBE(cpuid_flags)) printf(" movbe"); + if (IS_INTEL_BMI1(cpuid_flags)) printf(" bmi1"); + if (IS_INTEL_SHA(cpuid_flags)) printf(" sha"); +#endif +#ifdef __aarch64__ + printf("Aarch64 -"); + if (IS_AARCH64_AES(cpuid_flags)) printf(" aes"); + if (IS_AARCH64_PMULL(cpuid_flags)) printf(" pmull"); + if (IS_AARCH64_SHA256(cpuid_flags)) printf(" sha256"); + if (IS_AARCH64_SHA512(cpuid_flags)) printf(" sha512"); + if (IS_AARCH64_RDM(cpuid_flags)) printf(" rdm"); + if (IS_AARCH64_SHA3(cpuid_flags)) printf(" sha3"); + if (IS_AARCH64_SM3(cpuid_flags)) printf(" sm3"); + if (IS_AARCH64_SM4(cpuid_flags)) printf(" sm4"); +#endif + printf("\n"); +} +#endif + +static void print_clock_freq(void) +{ +#ifdef __aarch64__ + __asm__ __volatile__ ( + "isb\n\t" + "mrs %[freq], cntfrq_el0\n\t" + : [freq] "=r" (tick_freq) + : + : + ); + if (tick_freq != 0 && actual_freq != 0) { + printf("Tick frequency: %ld Hz, Clock frequency: %ld Hz\n", tick_freq, + actual_freq); + } + else { + printf("Clock frequency: %ld Hz\n", tick_freq); + } +#endif +} + +int benchmark_init(void) +{ + int ret = 0; + + benchmark_static_init(0); + +#ifdef WOLFSSL_STATIC_MEMORY + ret = wc_LoadStaticMemory(&HEAP_HINT, gBenchMemory, + sizeof(gBenchMemory), WOLFMEM_GENERAL, 1); + + if (ret != 0) { + printf("%sunable to load static memory %d\n", err_prefix, ret); + } +#endif /* WOLFSSL_STATIC_MEMORY */ + + if ((ret = wolfCrypt_Init()) != 0) { + printf("%swolfCrypt_Init failed %d\n", err_prefix, ret); + return EXIT_FAILURE; + } + +#if defined(HAVE_CPUID) && defined(WOLFSSL_TEST_STATIC_BUILD) + print_cpu_features(); +#endif + print_clock_freq(); + +#ifdef HAVE_WC_INTROSPECTION + printf("Math: %s\n", wc_GetMathInfo()); +#endif + +#ifdef WOLFSSL_SECO_CAAM + if (wc_SECO_OpenHSM(SECO_KEY_STORE_ID, + SECO_BENCHMARK_NONCE, SECO_MAX_UPDATES, CAAM_KEYSTORE_CREATE) + != 0) { + printf("%sunable to open HSM\n", err_prefix); + wolfCrypt_Cleanup(); + return EXIT_FAILURE; + } +#endif + +#ifdef WC_RNG_SEED_CB + wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT); +#endif + + bench_stats_init(); + +#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND) + wolfSSL_Debugging_ON(); +#endif + + printf("%swolfCrypt Benchmark (block bytes %d, min " FLT_FMT_PREC " sec each)\n", + info_prefix, (int)bench_size, FLT_FMT_PREC_ARGS(1, BENCH_MIN_RUNTIME_SEC)); + +#ifndef GENERATE_MACHINE_PARSEABLE_REPORT + if (csv_format == 1) { + printf("This format allows you to easily copy " + "the output to a csv file."); + } +#endif + +#ifdef HAVE_WNR + ret = wc_InitNetRandom(wnrConfigFile, NULL, 5000); + if (ret != 0) { + printf("%sWhitewood netRandom config init failed %d\n", + err_prefix, ret); + } +#endif /* HAVE_WNR */ + + return ret; +} + +int benchmark_free(void) +{ + int ret; + +#ifdef WC_BENCH_TRACK_STATS + if (gPrintStats || devId != INVALID_DEVID) { + bench_stats_print(); + } +#endif + + bench_stats_free(); + +#ifdef WOLF_CRYPTO_CB +#ifdef HAVE_INTEL_QA_SYNC + wc_CryptoCb_CleanupIntelQa(&devId); +#endif +#ifdef HAVE_CAVIUM_OCTEON_SYNC + wc_CryptoCb_CleanupOcteon(&devId); +#endif +#ifdef HAVE_RENESAS_SYNC + wc_CryptoCb_CleanupRenesasCmn(&devId); +#endif +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + /* free event queue */ + wolfEventQueue_Free(&eventQueue); + + /* close device */ + wolfAsync_DevClose(&devId); +#endif + +#ifdef HAVE_WNR + ret = wc_FreeNetRandom(); + if (ret < 0) { + printf("%sFailed to free netRandom context %d\n", err_prefix, ret); + } +#endif + +#ifdef WOLFSSL_SECO_CAAM + if (wc_SECO_CloseHSM() != 0) { + printf("%sError closing down the key store\n", err_prefix); + } +#endif + + if ((ret = wolfCrypt_Cleanup()) != 0) { + printf("%serror %d with wolfCrypt_Cleanup\n", err_prefix, ret); + } + + return ret; +} + + +#if defined(WC_ENABLE_BENCH_THREADING) && !defined(WOLFSSL_ASYNC_CRYPT) +static THREAD_RETURN WOLFSSL_THREAD run_bench(void* args) +{ + benchmark_test(args); + + EXIT_TEST(0); +} + +static int benchmark_test_threaded(void* args) +{ + int i; + + printf("%sThreads: %d\n", info_prefix, g_threadCount); + + g_threadData = (ThreadData*)XMALLOC(sizeof(ThreadData) * g_threadCount, + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (g_threadData == NULL) { + printf("%sThread data alloc failed!\n", err_prefix); + return EXIT_FAILURE; + } + + for (i = 0; i < g_threadCount; i++) { + THREAD_CHECK_RET(pthread_create(&g_threadData[i].thread_id, + NULL, run_bench, args)); + } + + for (i = 0; i < g_threadCount; i++) { + THREAD_CHECK_RET(pthread_join(g_threadData[i].thread_id, 0)); + } + + printf("\n"); + bench_stats_print(); + + return 0; +} +#endif + +/* so embedded projects can pull in tests on their own */ +#ifdef HAVE_STACK_SIZE +THREAD_RETURN WOLFSSL_THREAD benchmark_test(void* args) +#else +int benchmark_test(void *args) +#endif +{ + int ret; + + (void)args; + +#ifdef HAVE_STACK_SIZE_VERBOSE + STACK_SIZE_INIT(); +#endif + +#ifdef HAVE_FIPS + wolfCrypt_SetCb_fips(myFipsCb); +#endif + + ret = benchmark_init(); + if (ret != 0) + EXIT_TEST(ret); + +#if defined(WOLFSSL_ASYNC_CRYPT) && !defined(WC_NO_ASYNC_THREADING) +{ + /* See the documentation when turning on WOLFSSL_ASYNC_CRYPT + ** + ** Chapter Two, Build Options: + ** + ** https://www.wolfssl.com/documentation/manuals/wolfssl/wolfSSL-Manual.pdf + ** + ** asynchronous cryptography using hardware based adapters such as + ** the Intel QuickAssist or Marvell (Cavium) Nitrox V. + */ + int i; + + if (g_threadCount == 0) { + #ifdef WC_ASYNC_BENCH_THREAD_COUNT + g_threadCount = WC_ASYNC_BENCH_THREAD_COUNT; + #else + g_threadCount = wc_AsyncGetNumberOfCpus(); + if (g_threadCount > 0) { + g_threadCount /= 2; /* use physical core count */ + } + #endif + } + if (g_threadCount <= 0) { + g_threadCount = 1; + } + + printf("%sCPUs: %d\n", info_prefix, g_threadCount); + + g_threadData = (ThreadData*)XMALLOC(sizeof(ThreadData) * g_threadCount, + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (g_threadData == NULL) { + printf("%sThread data alloc failed!\n", err_prefix); + EXIT_TEST(EXIT_FAILURE); + } + + /* Create threads */ + for (i = 0; i < g_threadCount; i++) { + ret = wc_AsyncThreadCreate(&g_threadData[i].thread_id, + benchmarks_do, &g_threadData[i]); + if (ret != 0) { + printf("%sError creating benchmark thread %d\n", err_prefix, ret); + EXIT_TEST(EXIT_FAILURE); + } + } + + /* Start threads */ + for (i = 0; i < g_threadCount; i++) { + wc_AsyncThreadJoin(&g_threadData[i].thread_id); + } + + XFREE(g_threadData, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +} +#else + benchmarks_do(NULL); +#endif + SLEEP_ON_ERROR(1); + printf("%sBenchmark complete\n", info_prefix); + + ret = benchmark_free(); + + EXIT_TEST(ret); +} + + +#ifndef WC_NO_RNG +void bench_rng(void) +{ + int ret, i, count; + double start; + long pos, len, remain; + WC_RNG myrng; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&myrng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&myrng); +#endif + if (ret < 0) { + printf("InitRNG failed %d\n", ret); + return; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + /* Split request to handle large RNG request */ + pos = 0; + remain = (int)bench_size; + while (remain > 0) { + len = remain; + if (len > RNG_MAX_BLOCK_LEN) + len = RNG_MAX_BLOCK_LEN; + ret = wc_RNG_GenerateBlock(&myrng, &bench_plain[pos], + (word32)len); + if (ret < 0) + goto exit_rng; + + remain -= len; + pos += len; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); +exit_rng: + bench_stats_sym_finish("RNG", 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + wc_FreeRng(&myrng); +} +#endif /* WC_NO_RNG */ + + +#ifndef NO_AES + +#ifdef HAVE_AES_CBC +static void bench_aescbc_internal(int useDeviceID, + const byte* key, word32 keySz, + const byte* iv, const char* encLabel, + const char* decLabel) +{ + const byte* in = bench_cipher; + byte* out = bench_plain; + int ret = 0, i, count = 0, times, pending = 0; + WC_DECLARE_ARRAY(enc, Aes, BENCH_MAX_PENDING, + sizeof(Aes), HEAP_HINT); + double start; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(enc, Aes, BENCH_MAX_PENDING, + sizeof(Aes), HEAP_HINT); + + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if ((ret = wc_AesInit(enc[i], HEAP_HINT, + useDeviceID ? devId: INVALID_DEVID)) != 0) { + printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret); + goto exit; + } + + ret = wc_AesSetKey(enc[i], key, keySz, iv, AES_ENCRYPTION); + if (ret != 0) { + printf("AesSetKey failed, ret = %d\n", ret); + goto exit; + } + } + + if (cipher_same_buffer) { + in = bench_plain; + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0, + ×, numBlocks, &pending)) { + ret = wc_AesCbcEncrypt(enc[i], out, in, bench_size); + + if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]), + 0, ×, &pending)) { + goto exit_aes_enc; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_aes_enc: + bench_stats_sym_finish(encLabel, useDeviceID, count, + bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + if (ret < 0) { + goto exit; + } + +#ifdef HAVE_AES_DECRYPT + + if (WC_ARRAY_OK(enc)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_AesFree(enc[i]); + } + WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT); + } + + bench_stats_prepare(); + WC_CALLOC_ARRAY(enc, Aes, BENCH_MAX_PENDING, + sizeof(Aes), HEAP_HINT); + + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_AesInit(enc[i], HEAP_HINT, + useDeviceID ? devId: INVALID_DEVID); + if (ret != 0) { + printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret); + goto exit; + } + + ret = wc_AesSetKey(enc[i], key, keySz, iv, AES_DECRYPTION); + if (ret != 0) { + printf("AesSetKey failed, ret = %d\n", ret); + goto exit; + } + } + + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0, + ×, numBlocks, &pending)) { + ret = wc_AesCbcDecrypt(enc[i], out, in, bench_size); + + if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]), + 0, ×, &pending)) { + goto exit_aes_dec; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_aes_dec: + bench_stats_sym_finish(decLabel, useDeviceID, count, bench_size, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +#endif /* HAVE_AES_DECRYPT */ + + (void)decLabel; +exit: + + if (WC_ARRAY_OK(enc)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_AesFree(enc[i]); + } + WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT); + } +} + +void bench_aescbc(int useDeviceID) +{ +#ifdef WOLFSSL_AES_128 +#ifdef HAVE_RENESAS_SYNC + bench_aescbc_internal(useDeviceID, bench_key1, 16, bench_iv, + "AES-128-CBC-enc", "AES-128-CBC-dec"); +#else + bench_aescbc_internal(useDeviceID, bench_key, 16, bench_iv, + "AES-128-CBC-enc", "AES-128-CBC-dec"); +#endif +#endif +#ifdef WOLFSSL_AES_192 + bench_aescbc_internal(useDeviceID, bench_key, 24, bench_iv, + "AES-192-CBC-enc", "AES-192-CBC-dec"); +#endif +#ifdef WOLFSSL_AES_256 +#ifdef HAVE_RENESAS_SYNC + bench_aescbc_internal(useDeviceID, bench_key2, 32, bench_iv, + "AES-256-CBC-enc", "AES-256-CBC-dec"); +#else + bench_aescbc_internal(useDeviceID, bench_key, 32, bench_iv, + "AES-256-CBC-enc", "AES-256-CBC-dec"); +#endif +#endif +} + +#endif /* HAVE_AES_CBC */ + +#ifdef HAVE_AESGCM +static void bench_aesgcm_internal(int useDeviceID, + const byte* key, word32 keySz, + const byte* iv, word32 ivSz, + const char* encLabel, const char* decLabel) +{ + int ret = 0, i, count = 0, times, pending = 0; + WC_DECLARE_ARRAY(enc, Aes, BENCH_MAX_PENDING, + sizeof(Aes), HEAP_HINT); +#ifdef HAVE_AES_DECRYPT + WC_DECLARE_ARRAY(dec, Aes, BENCH_MAX_PENDING, + sizeof(Aes), HEAP_HINT); +#endif + const byte* in = bench_plain; + byte* out = bench_cipher; + double start; + DECLARE_MULTI_VALUE_STATS_VARS() + WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT); + WC_DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT); + + bench_stats_prepare(); + + WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT); + WC_ALLOC_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT); + WC_CALLOC_ARRAY(enc, Aes, BENCH_MAX_PENDING, + sizeof(Aes), HEAP_HINT); + + XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ); + XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ); + + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if ((ret = wc_AesInit(enc[i], HEAP_HINT, + useDeviceID ? devId: INVALID_DEVID)) != 0) { + printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret); + goto exit; + } + + if (!aead_set_key) { + ret = wc_AesGcmSetKey(enc[i], key, keySz); + if (ret != 0) { + printf("AesGcmSetKey failed, ret = %d\n", ret); + goto exit; + } + } + } + + if (cipher_same_buffer) { + out = bench_plain; + } + + /* GCM uses same routine in backend for both encrypt and decrypt */ + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0, + ×, numBlocks, &pending)) { + if (aead_set_key) { + ret = wc_AesGcmSetKey(enc[i], key, keySz); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(enc[i]), 0, + ×, &pending)) { + goto exit_aes_gcm; + } + } + ret = wc_AesGcmEncrypt(enc[i], out, in, bench_size, + iv, ivSz, bench_tag, AES_AUTH_TAG_SZ, + bench_additional, aesAuthAddSz); + if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]), + 0, ×, &pending)) { + goto exit_aes_gcm; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_aes_gcm: + bench_stats_sym_finish(encLabel, useDeviceID, count, bench_size, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +#ifdef HAVE_AES_DECRYPT + + if (cipher_same_buffer) { + ret = wc_AesGcmSetKey(enc[0], key, keySz); + if (ret != 0) { + goto exit_aes_gcm; + } + ret = wc_AesGcmEncrypt(enc[0], bench_cipher, bench_plain, bench_size, + iv, ivSz, bench_tag, AES_AUTH_TAG_SZ, + bench_additional, aesAuthAddSz); + if (ret != 0) { + goto exit_aes_gcm; + } + } + + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_prepare(); + WC_CALLOC_ARRAY(dec, Aes, BENCH_MAX_PENDING, + sizeof(Aes), HEAP_HINT); + + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if ((ret = wc_AesInit(dec[i], HEAP_HINT, + useDeviceID ? devId: INVALID_DEVID)) != 0) { + printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret); + goto exit; + } + + if (!aead_set_key) { + ret = wc_AesGcmSetKey(dec[i], key, keySz); + if (ret != 0) { + printf("AesGcmSetKey failed, ret = %d\n", ret); + goto exit; + } + } + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(dec[i]), 0, + ×, numBlocks, &pending)) { + if (aead_set_key) { + ret = wc_AesGcmSetKey(dec[i], key, keySz); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(dec[i]), 0, + ×, &pending)) { + goto exit_aes_gcm_dec; + } + } + ret = wc_AesGcmDecrypt(dec[i], bench_plain, + bench_cipher, bench_size, + iv, ivSz, bench_tag, AES_AUTH_TAG_SZ, + bench_additional, aesAuthAddSz); + if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(dec[i]), + 0, ×, &pending)) { + goto exit_aes_gcm_dec; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_aes_gcm_dec: + bench_stats_sym_finish(decLabel, useDeviceID, count, bench_size, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +#endif /* HAVE_AES_DECRYPT */ + + (void)decLabel; + +exit: + + if (ret < 0) { + printf("bench_aesgcm failed: %d\n", ret); + } +#ifdef HAVE_AES_DECRYPT + if (WC_ARRAY_OK(dec)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_AesFree(dec[i]); + } + WC_FREE_ARRAY(dec, BENCH_MAX_PENDING, HEAP_HINT); + } +#endif + if (WC_ARRAY_OK(enc)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_AesFree(enc[i]); + } + WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT); + } + + WC_FREE_VAR(bench_additional, HEAP_HINT); + WC_FREE_VAR(bench_tag, HEAP_HINT); +} + +#ifdef WOLFSSL_AESGCM_STREAM +static void bench_aesgcm_stream_internal(int useDeviceID, + const byte* key, word32 keySz, const byte* iv, word32 ivSz, + const char* encLabel, const char* decLabel) +{ + int ret = 0, i, count = 0, times, pending = 0; + WC_DECLARE_ARRAY(enc, Aes, BENCH_MAX_PENDING, + sizeof(Aes), HEAP_HINT); +#ifdef HAVE_AES_DECRYPT + WC_DECLARE_ARRAY(dec, Aes, BENCH_MAX_PENDING, + sizeof(Aes), HEAP_HINT); +#endif + double start; + DECLARE_MULTI_VALUE_STATS_VARS() + + WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT); + WC_DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT); + + bench_stats_prepare(); + + WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT); + WC_ALLOC_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT); + + WC_CALLOC_ARRAY(enc, Aes, BENCH_MAX_PENDING, + sizeof(Aes), HEAP_HINT); +#ifdef HAVE_AES_DECRYPT + WC_CALLOC_ARRAY(dec, Aes, BENCH_MAX_PENDING, + sizeof(Aes), HEAP_HINT); +#endif + + XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ); + XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ); + + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if ((ret = wc_AesInit(enc[i], HEAP_HINT, + useDeviceID ? devId: INVALID_DEVID)) != 0) { + printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret); + goto exit; + } + + ret = wc_AesGcmSetKey(enc[i], key, keySz); + if (ret != 0) { + printf("AesGcmSetKey failed, ret = %d\n", ret); + goto exit; + } + } + + /* GCM uses same routine in backend for both encrypt and decrypt */ + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0, + ×, numBlocks, &pending)) { + ret = wc_AesGcmEncryptInit(enc[i], NULL, 0, iv, ivSz); + if (ret == 0) { + ret = wc_AesGcmEncryptUpdate(enc[i], bench_cipher, + bench_plain, bench_size, bench_additional, + aesAuthAddSz); + } + if (ret == 0) { + ret = wc_AesGcmEncryptFinal(enc[i], bench_tag, + AES_AUTH_TAG_SZ); + } + if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]), + 0, ×, &pending)) { + goto exit_aes_gcm; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_aes_gcm: + bench_stats_sym_finish(encLabel, useDeviceID, count, bench_size, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +#ifdef HAVE_AES_DECRYPT + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if ((ret = wc_AesInit(dec[i], HEAP_HINT, + useDeviceID ? devId: INVALID_DEVID)) != 0) { + printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret); + goto exit; + } + + ret = wc_AesGcmSetKey(dec[i], key, keySz); + if (ret != 0) { + printf("AesGcmSetKey failed, ret = %d\n", ret); + goto exit; + } + } + + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(dec[i]), 0, + ×, numBlocks, &pending)) { + ret = wc_AesGcmDecryptInit(enc[i], NULL, 0, iv, ivSz); + if (ret == 0) { + ret = wc_AesGcmDecryptUpdate(enc[i], bench_plain, + bench_cipher, bench_size, bench_additional, + aesAuthAddSz); + } + if (ret == 0) { + ret = wc_AesGcmDecryptFinal(enc[i], bench_tag, + AES_AUTH_TAG_SZ); + } + if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(dec[i]), + 0, ×, &pending)) { + goto exit_aes_gcm_dec; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_aes_gcm_dec: + bench_stats_sym_finish(decLabel, useDeviceID, count, bench_size, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +#endif /* HAVE_AES_DECRYPT */ + + (void)decLabel; + +exit: + + if (ret < 0) { + printf("bench_aesgcm failed: %d\n", ret); + } +#ifdef HAVE_AES_DECRYPT + if (WC_ARRAY_OK(dec)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_AesFree(dec[i]); + } + WC_FREE_ARRAY(dec, BENCH_MAX_PENDING, HEAP_HINT); + } +#endif + if (WC_ARRAY_OK(enc)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_AesFree(enc[i]); + } + WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT); + } + + WC_FREE_VAR(bench_additional, HEAP_HINT); + WC_FREE_VAR(bench_tag, HEAP_HINT); +} +#endif + +void bench_aesgcm(int useDeviceID) +{ +#define AES_GCM_STRING(n, dir) AES_AAD_STRING("AES-" #n "-GCM-" #dir) +#if defined(WOLFSSL_AES_128) && !defined(WOLFSSL_AFALG_XILINX_AES) \ + && !defined(WOLFSSL_XILINX_CRYPT) \ + || defined(WOLFSSL_XILINX_CRYPT_VERSAL) +#ifdef HAVE_RENESAS_SYNC + bench_aesgcm_internal(useDeviceID, bench_key1, 16, bench_iv, 12, + AES_GCM_STRING(128, enc), AES_GCM_STRING(128, dec)); +#else + bench_aesgcm_internal(useDeviceID, bench_key, 16, bench_iv, 12, + AES_GCM_STRING(128, enc), AES_GCM_STRING(128, dec)); +#endif +#endif +#if defined(WOLFSSL_AES_192) && !defined(WOLFSSL_AFALG_XILINX_AES) \ + && !defined(WOLFSSL_XILINX_CRYPT) + bench_aesgcm_internal(useDeviceID, bench_key, 24, bench_iv, 12, + AES_GCM_STRING(192, enc), AES_GCM_STRING(192, dec)); +#endif +#ifdef WOLFSSL_AES_256 +#ifdef HAVE_RENESAS_SYNC + bench_aesgcm_internal(useDeviceID, bench_key2, 32, bench_iv, 12, + AES_GCM_STRING(256, enc), AES_GCM_STRING(256, dec)); +#else + bench_aesgcm_internal(useDeviceID, bench_key, 32, bench_iv, 12, + AES_GCM_STRING(256, enc), AES_GCM_STRING(256, dec)); +#endif +#endif +#ifdef WOLFSSL_AESGCM_STREAM +#undef AES_GCM_STRING +#define AES_GCM_STRING(n, dir) AES_AAD_STRING("AES-" #n "-GCM-STREAM-" #dir) +#if defined(WOLFSSL_AES_128) && !defined(WOLFSSL_AFALG_XILINX_AES) \ + && !defined(WOLFSSL_XILINX_CRYPT) \ + || defined(WOLFSSL_XILINX_CRYPT_VERSAL) + bench_aesgcm_stream_internal(useDeviceID, bench_key, 16, bench_iv, 12, + AES_GCM_STRING(128, enc), AES_GCM_STRING(128, dec)); +#endif +#if defined(WOLFSSL_AES_192) && !defined(WOLFSSL_AFALG_XILINX_AES) \ + && !defined(WOLFSSL_XILINX_CRYPT) + bench_aesgcm_stream_internal(useDeviceID, bench_key, 24, bench_iv, 12, + AES_GCM_STRING(192, enc), AES_GCM_STRING(192, dec)); +#endif +#ifdef WOLFSSL_AES_256 + bench_aesgcm_stream_internal(useDeviceID, bench_key, 32, bench_iv, 12, + AES_GCM_STRING(256, enc), AES_GCM_STRING(256, dec)); +#endif +#endif /* WOLFSSL_AESGCM_STREAM */ +#undef AES_GCM_STRING +} + +/* GMAC */ +void bench_gmac(int useDeviceID) +{ + int ret = 0, times, count = 0; + Gmac gmac; + double start; + byte tag[AES_AUTH_TAG_SZ]; + DECLARE_MULTI_VALUE_STATS_VARS() + + /* determine GCM GHASH method */ +#if defined(WOLFSSL_ARMASM) + const char* gmacStr = "GMAC ARM ASM"; +#elif defined(GCM_SMALL) + const char* gmacStr = "GMAC Small"; +#elif defined(GCM_TABLE) + const char* gmacStr = "GMAC Table"; +#elif defined(GCM_TABLE_4BIT) + const char* gmacStr = "GMAC Table 4-bit"; +#elif defined(GCM_WORD32) + const char* gmacStr = "GMAC Word32"; +#else + const char* gmacStr = "GMAC Default"; +#endif + + bench_stats_prepare(); + +/* Implementations of /Dev/Crypto will error out if the size of Auth in is */ +/* greater than the system's page size */ +#if defined(WOLFSSL_DEVCRYPTO) && defined(WOLFSSL_AUTHSZ_BENCH) + bench_size = WOLFSSL_AUTHSZ_BENCH; +#elif defined(WOLFSSL_DEVCRYPTO) + bench_size = sysconf(_SC_PAGESIZE); +#endif + + /* init keys */ + XMEMSET(bench_plain, 0, bench_size); + XMEMSET(tag, 0, sizeof(tag)); + XMEMSET(&gmac, 0, sizeof(Gmac)); /* clear context */ + (void)wc_AesInit((Aes*)&gmac, HEAP_HINT, + useDeviceID ? devId: INVALID_DEVID); +#ifdef HAVE_RENESAS_SYNC + wc_GmacSetKey(&gmac, bench_key1, 16); +#else + wc_GmacSetKey(&gmac, bench_key, 16); +#endif + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks; times++) { + ret = wc_GmacUpdate(&gmac, bench_iv, 12, bench_plain, bench_size, + tag, sizeof(tag)); + + } /* for times */ + count += times; + RECORD_MULTI_VALUE_STATS(); + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + wc_AesFree((Aes*)&gmac); + + bench_stats_sym_finish(gmacStr, 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +#if defined(WOLFSSL_DEVCRYPTO) + if (ret != 0 && (bench_size > sysconf(_SC_PAGESIZE))) { + printf("authIn Buffer Size[%d] greater than System Page Size[%ld]\n", + bench_size, sysconf(_SC_PAGESIZE)); + } + bench_size = BENCH_SIZE; +#endif +} + +#endif /* HAVE_AESGCM */ + + +#ifdef HAVE_AES_ECB +static void bench_aesecb_internal(int useDeviceID, + const byte* key, word32 keySz, + const char* encLabel, const char* decLabel) +{ + int ret = 0, i, count = 0, times, pending = 0; + WC_DECLARE_ARRAY(enc, Aes, BENCH_MAX_PENDING, + sizeof(Aes), HEAP_HINT); + double start; + DECLARE_MULTI_VALUE_STATS_VARS() +#ifdef HAVE_FIPS + const word32 benchSz = WC_AES_BLOCK_SIZE; +#else + const word32 benchSz = bench_size; +#endif + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(enc, Aes, BENCH_MAX_PENDING, + sizeof(Aes), HEAP_HINT); + + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if ((ret = wc_AesInit(enc[i], HEAP_HINT, + useDeviceID ? devId: INVALID_DEVID)) != 0) { + printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret); + goto exit; + } + + ret = wc_AesSetKey(enc[i], key, keySz, bench_iv, AES_ENCRYPTION); + if (ret != 0) { + printf("AesSetKey failed, ret = %d\n", ret); + goto exit; + } + } + + bench_stats_start(&count, &start); + do { + int outer_loop_limit = (int)((bench_size / benchSz) * 10) + 1; + for (times = 0; + times < outer_loop_limit /* numBlocks */ || pending > 0; + ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0, + ×, outer_loop_limit, &pending)) { + #ifdef HAVE_FIPS + #if defined(WOLFSSL_KERNEL_MODE) || FIPS_VERSION_GE(6, 0) + ret = wc_AesEncryptDirect(enc[i], bench_cipher, bench_plain); + if (ret != 0) + goto exit_aes_enc; + #else + wc_AesEncryptDirect(enc[i], bench_cipher, bench_plain); + #endif + #else + wc_AesEcbEncrypt(enc[i], bench_cipher, bench_plain, + benchSz); + #endif + ret = 0; + if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]), + 0, ×, &pending)) { + goto exit_aes_enc; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_aes_enc: + bench_stats_sym_finish(encLabel, useDeviceID, count, benchSz, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +#ifdef HAVE_AES_DECRYPT + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_AesSetKey(enc[i], key, keySz, bench_iv, AES_DECRYPTION); + if (ret != 0) { + printf("AesSetKey failed, ret = %d\n", ret); + goto exit; + } + } + + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + do { + int outer_loop_limit = (int)(10 * (bench_size / benchSz)) + 1; + for (times = 0; times < outer_loop_limit || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0, + ×, outer_loop_limit, &pending)) { + #ifdef HAVE_FIPS + #if defined(WOLFSSL_KERNEL_MODE) || FIPS_VERSION_GE(6, 0) + ret = wc_AesDecryptDirect(enc[i], bench_plain, bench_cipher); + if (ret != 0) + goto exit_aes_dec; + #else + wc_AesDecryptDirect(enc[i], bench_plain, bench_cipher); + #endif + #else + wc_AesEcbDecrypt(enc[i], bench_plain, bench_cipher, + benchSz); + #endif + ret = 0; + if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]), + 0, ×, &pending)) { + goto exit_aes_dec; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_aes_dec: + bench_stats_sym_finish(decLabel, useDeviceID, count, benchSz, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +#endif /* HAVE_AES_DECRYPT */ + + (void)decLabel; + +exit: + + if (WC_ARRAY_OK(enc)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_AesFree(enc[i]); + } + WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT); + } +} + +void bench_aesecb(int useDeviceID) +{ +#ifdef WOLFSSL_AES_128 + bench_aesecb_internal(useDeviceID, bench_key, 16, + "AES-128-ECB-enc", "AES-128-ECB-dec"); +#endif +#ifdef WOLFSSL_AES_192 + bench_aesecb_internal(useDeviceID, bench_key, 24, + "AES-192-ECB-enc", "AES-192-ECB-dec"); +#endif +#ifdef WOLFSSL_AES_256 + bench_aesecb_internal(useDeviceID, bench_key, 32, + "AES-256-ECB-enc", "AES-256-ECB-dec"); +#endif +} +#endif /* HAVE_AES_ECB */ + +#ifdef WOLFSSL_AES_CFB +static void bench_aescfb_internal(const byte* key, + word32 keySz, const byte* iv, + const char* label_enc, const char* label_dec) +{ + Aes enc; + double start; + int i, ret, count; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + ret = wc_AesInit(&enc, HEAP_HINT, INVALID_DEVID); + if (ret != 0) { + printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret); + return; + } + + ret = wc_AesSetKey(&enc, key, keySz, iv, AES_ENCRYPTION); + if (ret != 0) { + printf("AesSetKey failed, ret = %d\n", ret); + goto out; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + if((ret = wc_AesCfbEncrypt(&enc, bench_plain, bench_cipher, + bench_size)) != 0) { + printf("wc_AesCfbEncrypt failed, ret = %d\n", ret); + goto out; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish(label_enc, 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + ret = wc_AesSetKey(&enc, key, keySz, iv, AES_DECRYPTION); + if (ret != 0) { + printf("AesSetKey failed, ret = %d\n", ret); + goto out; + } + +#ifdef HAVE_AES_DECRYPT + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + if((ret = wc_AesCfbDecrypt(&enc, bench_cipher, bench_plain, + bench_size)) != 0) { + printf("wc_AesCfbDecrypt failed, ret = %d\n", ret); + goto out; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish(label_dec, 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +#endif + + (void)label_dec; +out: + + wc_AesFree(&enc); + return; +} + +void bench_aescfb(void) +{ +#ifdef WOLFSSL_AES_128 + bench_aescfb_internal(bench_key, 16, bench_iv, + "AES-128-CFB-enc", "AES-128-CFB-dec"); +#endif +#ifdef WOLFSSL_AES_192 + bench_aescfb_internal(bench_key, 24, bench_iv, + "AES-192-CFB-enc", "AES-192-CFB-dec"); +#endif +#ifdef WOLFSSL_AES_256 + bench_aescfb_internal(bench_key, 32, bench_iv, + "AES-256-CFB-enc", "AES-256-CFB-dec"); +#endif +} +#endif /* WOLFSSL_AES_CFB */ + + +#ifdef WOLFSSL_AES_OFB +static void bench_aesofb_internal(const byte* key, + word32 keySz, const byte* iv, + const char* label_enc, const char* label_dec) +{ + Aes enc; + double start; + int i, ret, count; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + ret = wc_AesInit(&enc, NULL, INVALID_DEVID); + if (ret != 0) { + printf("AesInit failed at L%d, ret = %d\n", __LINE__, ret); + return; + } + + ret = wc_AesSetKey(&enc, key, keySz, iv, AES_ENCRYPTION); + if (ret != 0) { + printf("AesSetKey failed, ret = %d\n", ret); + return; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + if((ret = wc_AesOfbEncrypt(&enc, bench_plain, bench_cipher, + bench_size)) != 0) { + printf("wc_AesOfbEncrypt failed, ret = %d\n", ret); + return; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish(label_enc, 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + ret = wc_AesSetKey(&enc, key, keySz, iv, AES_DECRYPTION); + if (ret != 0) { + printf("AesSetKey failed, ret = %d\n", ret); + return; + } + +#ifdef HAVE_AES_DECRYPT + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + if((ret = wc_AesOfbDecrypt(&enc, bench_cipher, bench_plain, + bench_size)) != 0) { + printf("wc_AesOfbDecrypt failed, ret = %d\n", ret); + return; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish(label_dec, 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +#endif + + (void)label_dec; + + wc_AesFree(&enc); +} + +void bench_aesofb(void) +{ +#ifdef WOLFSSL_AES_128 + bench_aesofb_internal(bench_key, 16, bench_iv, + "AES-128-OFB-enc", "AES-128-OFB-dec"); +#endif +#ifdef WOLFSSL_AES_192 + bench_aesofb_internal(bench_key, 24, bench_iv, + "AES-192-OFB-enc", "AES-192-OFB-dec"); +#endif +#ifdef WOLFSSL_AES_256 + bench_aesofb_internal(bench_key, 32, bench_iv, + "AES-256-OFB-enc", "AES-256-OFB-dec"); +#endif +} +#endif /* WOLFSSL_AES_CFB */ + + +#ifdef WOLFSSL_AES_XTS +void bench_aesxts(void) +{ +#ifdef WOLFSSL_AES_128 + WC_DECLARE_VAR(aes, XtsAes, 1, HEAP_HINT); + double start; + int i, count, ret; + DECLARE_MULTI_VALUE_STATS_VARS() + + static const unsigned char k1[] = { + 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, + 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62, + 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18, + 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f + }; + + static const unsigned char i1[] = { + 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, + 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 + }; + + bench_stats_prepare(); + + WC_ALLOC_VAR(aes, XtsAes, 1, HEAP_HINT); + + + ret = wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_ENCRYPTION, + HEAP_HINT, devId); + if (ret != 0) { + printf("wc_AesXtsSetKey failed, ret = %d\n", ret); + goto exit; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + if ((ret = wc_AesXtsEncrypt(aes, bench_cipher, bench_plain, + bench_size, i1, sizeof(i1))) != 0) { + printf("wc_AesXtsEncrypt failed, ret = %d\n", ret); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish("AES-XTS-enc", 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + wc_AesXtsFree(aes); + + /* decryption benchmark */ + ret = wc_AesXtsSetKey(aes, k1, sizeof(k1), AES_DECRYPTION, + HEAP_HINT, devId); + if (ret != 0) { + printf("wc_AesXtsSetKey failed, ret = %d\n", ret); + goto exit; + } + +#ifdef HAVE_AES_DECRYPT + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + if ((ret = wc_AesXtsDecrypt(aes, bench_plain, bench_cipher, + bench_size, i1, sizeof(i1))) != 0) { + printf("wc_AesXtsDecrypt failed, ret = %d\n", ret); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish("AES-XTS-dec", 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +#endif + +exit: + + wc_AesXtsFree(aes); + WC_FREE_VAR(aes, HEAP_HINT); +#else + printf("AES-XTS benchmark is with 128-bit keys only\n"); +#endif +} +#endif /* WOLFSSL_AES_XTS */ + + +#ifdef WOLFSSL_AES_COUNTER +static void bench_aesctr_internal(const byte* key, word32 keySz, + const byte* iv, const char* label, + int useDeviceID) +{ + Aes enc; + double start; + int i, count, ret = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + const byte* in = bench_cipher; + byte* out = bench_plain; + + bench_stats_prepare(); + + if ((ret = wc_AesInit(&enc, HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID)) != 0) { + printf("wc_AesInit failed, ret = %d\n", ret); + } + + if (wc_AesSetKeyDirect(&enc, key, keySz, iv, AES_ENCRYPTION) < 0) { + printf("wc_AesSetKeyDirect failed, ret = %d\n", ret); + return; + } + + if (cipher_same_buffer) { + in = bench_plain; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + if((ret = wc_AesCtrEncrypt(&enc, out, in, bench_size)) != 0) { + printf("wc_AesCtrEncrypt failed, ret = %d\n", ret); + return; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish(label, useDeviceID, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + wc_AesFree(&enc); +} + +void bench_aesctr(int useDeviceID) +{ +#ifdef WOLFSSL_AES_128 + bench_aesctr_internal(bench_key, 16, bench_iv, "AES-128-CTR", useDeviceID); +#endif +#ifdef WOLFSSL_AES_192 + bench_aesctr_internal(bench_key, 24, bench_iv, "AES-192-CTR", useDeviceID); +#endif +#ifdef WOLFSSL_AES_256 + bench_aesctr_internal(bench_key, 32, bench_iv, "AES-256-CTR", useDeviceID); +#endif +} +#endif /* WOLFSSL_AES_COUNTER */ + + +#ifdef HAVE_AESCCM +void bench_aesccm(int useDeviceID) +{ + Aes enc; + int enc_inited = 0; + double start; + int ret, i, count; + DECLARE_MULTI_VALUE_STATS_VARS() + + WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT); + WC_DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT); + + bench_stats_prepare(); + + WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT); + WC_ALLOC_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT); + + XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ); + XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ); + + if ((ret = wc_AesInit(&enc, HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID)) != 0) + { + printf("wc_AesInit failed, ret = %d\n", ret); + goto exit; + } + + if ((ret = wc_AesCcmSetKey(&enc, bench_key, 16)) != 0) { + printf("wc_AesCcmSetKey failed, ret = %d\n", ret); + goto exit; + } + enc_inited = 1; + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret |= wc_AesCcmEncrypt(&enc, bench_cipher, bench_plain, bench_size, + bench_iv, 12, bench_tag, AES_AUTH_TAG_SZ, + bench_additional, 0); + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish(AES_AAD_STRING("AES-CCM-enc"), useDeviceID, count, + bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + if (ret != 0) { + printf("wc_AesCcmEncrypt failed, ret = %d\n", ret); + goto exit; + } + +#ifdef HAVE_AES_DECRYPT + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret |= wc_AesCcmDecrypt(&enc, bench_plain, bench_cipher, bench_size, + bench_iv, 12, bench_tag, AES_AUTH_TAG_SZ, + bench_additional, 0); + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish(AES_AAD_STRING("AES-CCM-dec"), useDeviceID, count, + bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + if (ret != 0) { + printf("wc_AesCcmEncrypt failed, ret = %d\n", ret); + goto exit; + } +#endif + + exit: + + if (enc_inited) + wc_AesFree(&enc); + + WC_FREE_VAR(bench_additional, HEAP_HINT); + WC_FREE_VAR(bench_tag, HEAP_HINT); +} +#endif /* HAVE_AESCCM */ + + +#ifdef WOLFSSL_AES_SIV +static void bench_aessiv_internal(const byte* key, word32 keySz, const char* + encLabel, const char* decLabel) +{ + int i; + int ret = 0; + byte assoc[WC_AES_BLOCK_SIZE]; + byte nonce[WC_AES_BLOCK_SIZE]; + byte siv[WC_AES_BLOCK_SIZE]; + int count = 0; + double start; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_AesSivEncrypt(key, keySz, assoc, WC_AES_BLOCK_SIZE, nonce, + WC_AES_BLOCK_SIZE, bench_plain, bench_size, + siv, bench_cipher); + if (ret != 0) { + printf("wc_AesSivEncrypt failed (%d)\n", ret); + return; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish(encLabel, 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_AesSivDecrypt(key, keySz, assoc, WC_AES_BLOCK_SIZE, nonce, + WC_AES_BLOCK_SIZE, bench_cipher, bench_size, + siv, bench_plain); + if (ret != 0) { + printf("wc_AesSivDecrypt failed (%d)\n", ret); + return; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish(decLabel, 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +} + +void bench_aessiv(void) +{ + bench_aessiv_internal(bench_key, 32, "AES-256-SIV-enc", "AES-256-SIV-dec"); + bench_aessiv_internal(bench_key, 48, "AES-384-SIV-enc", "AES-384-SIV-dec"); + bench_aessiv_internal(bench_key, 64, "AES-512-SIV-enc", "AES-512-SIV-dec"); +} +#endif /* WOLFSSL_AES_SIV */ +#endif /* !NO_AES */ + + +#ifdef HAVE_POLY1305 +void bench_poly1305(void) +{ + Poly1305 enc; + byte mac[16]; + double start; + int ret = 0, i, count; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + if (digest_stream) { + ret = wc_Poly1305SetKey(&enc, bench_key, 32); + if (ret != 0) { + printf("Poly1305SetKey failed, ret = %d\n", ret); + return; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_Poly1305Update(&enc, bench_plain, bench_size); + if (ret != 0) { + printf("Poly1305Update failed: %d\n", ret); + break; + } + RECORD_MULTI_VALUE_STATS(); + } + wc_Poly1305Final(&enc, mac); + count += i; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_Poly1305SetKey(&enc, bench_key, 32); + if (ret != 0) { + printf("Poly1305SetKey failed, ret = %d\n", ret); + return; + } + ret = wc_Poly1305Update(&enc, bench_plain, bench_size); + if (ret != 0) { + printf("Poly1305Update failed: %d\n", ret); + break; + } + wc_Poly1305Final(&enc, mac); + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + bench_stats_sym_finish("POLY1305", 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +} +#endif /* HAVE_POLY1305 */ + + +#ifdef HAVE_CAMELLIA +void bench_camellia(void) +{ + wc_Camellia cam; + double start; + int ret, i, count; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + ret = wc_CamelliaSetKey(&cam, bench_key, 16, bench_iv); + if (ret != 0) { + printf("CamelliaSetKey failed, ret = %d\n", ret); + return; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_CamelliaCbcEncrypt(&cam, bench_cipher, bench_plain, + bench_size); + if (ret < 0) { + printf("CamelliaCbcEncrypt failed: %d\n", ret); + return; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish("Camellia", 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +} +#endif + +#ifdef WOLFSSL_SM4_CBC +void bench_sm4_cbc(void) +{ + wc_Sm4 sm4; + double start; + int ret; + int i; + int count; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + ret = wc_Sm4SetKey(&sm4, bench_key, SM4_KEY_SIZE); + if (ret != 0) { + printf("Sm4SetKey failed, ret = %d\n", ret); + return; + } + ret = wc_Sm4SetIV(&sm4, bench_iv); + if (ret != 0) { + printf("Sm4SetIV failed, ret = %d\n", ret); + return; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_Sm4CbcEncrypt(&sm4, bench_cipher, bench_plain, bench_size); + if (ret < 0) { + printf("Sm4CbcEncrypt failed: %d\n", ret); + return; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish("SM4-CBC-enc", 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_Sm4CbcDecrypt(&sm4, bench_plain, bench_cipher, bench_size); + if (ret < 0) { + printf("Sm4CbcDecrypt failed: %d\n", ret); + return; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish("SM4-CBC-dec", 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +} +#endif + +#ifdef WOLFSSL_SM4_GCM +void bench_sm4_gcm(void) +{ + wc_Sm4 sm4; + double start; + int ret; + int i; + int count; + DECLARE_MULTI_VALUE_STATS_VARS() + + WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT); + WC_DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT); + + bench_stats_prepare(); + + WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT); + WC_ALLOC_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT); + + ret = wc_Sm4GcmSetKey(&sm4, bench_key, SM4_KEY_SIZE); + if (ret != 0) { + printf("Sm4GcmSetKey failed, ret = %d\n", ret); + goto exit; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_Sm4GcmEncrypt(&sm4, bench_cipher, bench_plain, bench_size, + bench_iv, GCM_NONCE_MID_SZ, bench_tag, SM4_BLOCK_SIZE, + bench_additional, aesAuthAddSz); + if (ret < 0) { + printf("Sm4GcmEncrypt failed: %d\n", ret); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish("SM4-GCM-enc", 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_Sm4GcmDecrypt(&sm4, bench_plain, bench_cipher, bench_size, + bench_iv, GCM_NONCE_MID_SZ, bench_tag, SM4_BLOCK_SIZE, + bench_additional, aesAuthAddSz); + if (ret < 0) { + printf("Sm4GcmDecrypt failed: %d\n", ret); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish("SM4-GCM-dec", 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + WC_FREE_VAR(bench_additional, HEAP_HINT); + WC_FREE_VAR(bench_tag, HEAP_HINT); +} +#endif + +#ifdef WOLFSSL_SM4_CCM +void bench_sm4_ccm(void) +{ + wc_Sm4 enc; + double start; + int ret, i, count; + DECLARE_MULTI_VALUE_STATS_VARS() + + WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT); + WC_DECLARE_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT); + + bench_stats_prepare(); + + WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT); + WC_ALLOC_VAR(bench_tag, byte, AES_AUTH_TAG_SZ, HEAP_HINT); + + XMEMSET(bench_tag, 0, AES_AUTH_TAG_SZ); + XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ); + + if ((ret = wc_Sm4SetKey(&enc, bench_key, 16)) != 0) { + printf("wc_Sm4SetKey failed, ret = %d\n", ret); + goto exit; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret |= wc_Sm4CcmEncrypt(&enc, bench_cipher, bench_plain, bench_size, + bench_iv, 12, bench_tag, AES_AUTH_TAG_SZ, + bench_additional, 0); + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish("SM4-CCM-enc", 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + if (ret != 0) { + printf("wc_Sm4Encrypt failed, ret = %d\n", ret); + goto exit; + } + + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret |= wc_Sm4CcmDecrypt(&enc, bench_plain, bench_cipher, bench_size, + bench_iv, 12, bench_tag, AES_AUTH_TAG_SZ, + bench_additional, 0); + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish("SM4-CCM-dec", 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + if (ret != 0) { + printf("wc_Sm4Decrypt failed, ret = %d\n", ret); + goto exit; + } + + exit: + + WC_FREE_VAR(bench_additional, HEAP_HINT); + WC_FREE_VAR(bench_tag, HEAP_HINT); +} +#endif /* HAVE_AESCCM */ +#ifndef NO_DES3 +void bench_des(int useDeviceID) +{ + int ret = 0, i, count = 0, times, pending = 0; + WC_DECLARE_ARRAY(enc, Des3, BENCH_MAX_PENDING, + sizeof(Des3), HEAP_HINT); + double start; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(enc, Des3, BENCH_MAX_PENDING, + sizeof(Des3), HEAP_HINT); + + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if ((ret = wc_Des3Init(enc[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID)) != 0) { + printf("Des3Init failed, ret = %d\n", ret); + goto exit; + } + + ret = wc_Des3_SetKey(enc[i], bench_key, bench_iv, DES_ENCRYPTION); + if (ret != 0) { + printf("Des3_SetKey failed, ret = %d\n", ret); + goto exit; + } + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0, + ×, numBlocks, &pending)) { + ret = wc_Des3_CbcEncrypt(enc[i], + bench_cipher, + bench_plain, bench_size); + if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]), + 0, ×, &pending)) { + goto exit_3des; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_3des: + bench_stats_sym_finish("3DES", useDeviceID, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + if (WC_ARRAY_OK(enc)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_Des3Free(enc[i]); + } + WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT); + } +} +#endif /* !NO_DES3 */ + + +#ifndef NO_RC4 +void bench_arc4(int useDeviceID) +{ + int ret = 0, i, count = 0, times, pending = 0; + WC_DECLARE_ARRAY(enc, Arc4, BENCH_MAX_PENDING, + sizeof(Arc4), HEAP_HINT); + double start; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(enc, Arc4, BENCH_MAX_PENDING, + sizeof(Arc4), HEAP_HINT); + + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if ((ret = wc_Arc4Init(enc[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID)) != 0) { + printf("Arc4Init failed, ret = %d\n", ret); + goto exit; + } + + ret = wc_Arc4SetKey(enc[i], bench_key, 16); + if (ret != 0) { + printf("Arc4SetKey failed, ret = %d\n", ret); + goto exit; + } + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(enc[i]), 0, + ×, numBlocks, &pending)) { + ret = wc_Arc4Process(enc[i], bench_cipher, bench_plain, + bench_size); + if (!bench_async_handle(&ret, BENCH_ASYNC_GET_DEV(enc[i]), + 0, ×, &pending)) { + goto exit_arc4; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_arc4: + bench_stats_sym_finish("ARC4", useDeviceID, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + if (WC_ARRAY_OK(enc)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_Arc4Free(enc[i]); + } + WC_FREE_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT); + } +} +#endif /* !NO_RC4 */ + + +#ifdef HAVE_CHACHA +void bench_chacha(void) +{ + WC_DECLARE_VAR(enc, ChaCha, 1, HEAP_HINT); + double start; + int ret, i, count; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + WC_ALLOC_VAR(enc, ChaCha, 1, HEAP_HINT); + + XMEMSET(enc, 0, sizeof(ChaCha)); + wc_Chacha_SetKey(enc, bench_key, 16); + + if (encrypt_only) { + ret = wc_Chacha_SetIV(enc, bench_iv, 0); + if (ret < 0) { + printf("wc_Chacha_SetIV error: %d\n", ret); + goto exit; + } + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_Chacha_Process(enc, bench_cipher, bench_plain, + bench_size); + if (ret < 0) { + printf("wc_Chacha_Process error: %d\n", ret); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_Chacha_SetIV(enc, bench_iv, 0); + if (ret < 0) { + printf("wc_Chacha_SetIV error: %d\n", ret); + goto exit; + } + ret = wc_Chacha_Process(enc, bench_cipher, bench_plain, + bench_size); + if (ret < 0) { + printf("wc_Chacha_Process error: %d\n", ret); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + + bench_stats_sym_finish("CHACHA", 0, count, bench_size, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + WC_FREE_VAR(enc, HEAP_HINT); +} +#endif /* HAVE_CHACHA*/ + +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +void bench_chacha20_poly1305_aead(void) +{ + double start; + int ret = 0, i, count; + DECLARE_MULTI_VALUE_STATS_VARS() + + WC_DECLARE_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT); + WC_DECLARE_VAR(authTag, byte, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, HEAP_HINT); + + bench_stats_prepare(); + + WC_ALLOC_VAR(bench_additional, byte, AES_AUTH_ADD_SZ, HEAP_HINT); + WC_ALLOC_VAR(authTag, byte, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE, HEAP_HINT); + XMEMSET(bench_additional, 0, AES_AUTH_ADD_SZ); + XMEMSET(authTag, 0, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_ChaCha20Poly1305_Encrypt(bench_key, bench_iv, + bench_additional, aesAuthAddSz, bench_plain, bench_size, + bench_cipher, authTag); + if (ret < 0) { + printf("wc_ChaCha20Poly1305_Encrypt error: %d\n", ret); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish("CHA-POLY", 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + WC_FREE_VAR(authTag, HEAP_HINT); + WC_FREE_VAR(bench_additional, HEAP_HINT); +} +#endif /* HAVE_CHACHA && HAVE_POLY1305 */ + +#ifdef HAVE_ASCON + +void bench_ascon_aead(void) +{ +#define ASCON_AD (byte*)"ADADADADAD" +#define ASCON_AD_SZ XSTR_SIZEOF(ASCON_AD) + double start; + int ret = 0, i, count; + WC_DECLARE_VAR(authTag, byte, ASCON_AEAD128_TAG_SZ, HEAP_HINT); + WC_DECLARE_VAR(enc, wc_AsconAEAD128, 1, HEAP_HINT); + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + WC_ALLOC_VAR(authTag, byte, ASCON_AEAD128_TAG_SZ, HEAP_HINT); + XMEMSET(authTag, 0, ASCON_AEAD128_TAG_SZ); + + WC_ALLOC_VAR(enc, wc_AsconAEAD128, 1, HEAP_HINT); + XMEMSET(enc, 0, sizeof(wc_AsconAEAD128)); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_AsconAEAD128_Init(enc); + if (ret == 0) + ret = wc_AsconAEAD128_SetKey(enc, bench_key); + if (ret == 0) + ret = wc_AsconAEAD128_SetNonce(enc, bench_iv); + if (ret == 0) + ret = wc_AsconAEAD128_SetAD(enc, ASCON_AD, ASCON_AD_SZ); + if (ret == 0) { + ret = wc_AsconAEAD128_EncryptUpdate(enc, bench_cipher, + bench_plain, bench_size); + } + if (ret == 0) + ret = wc_AsconAEAD128_EncryptFinal(enc, authTag); + wc_AsconAEAD128_Clear(enc); + + if (ret != 0) { + printf("ASCON-AEAD error: %d\n", ret); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish("ASCON-AEAD", 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + WC_FREE_VAR(authTag, HEAP_HINT); + WC_FREE_VAR(enc, HEAP_HINT); +} + +#endif /* HAVE_ASCON */ + +#ifndef NO_MD5 +void bench_md5(int useDeviceID) +{ + WC_DECLARE_ARRAY(hash, wc_Md5, BENCH_MAX_PENDING, + sizeof(wc_Md5), HEAP_HINT); + double start = 0; + int ret = 0, i, count = 0, times, pending = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_MD5_DIGEST_SIZE, HEAP_HINT); + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(hash, wc_Md5, BENCH_MAX_PENDING, + sizeof(wc_Md5), HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_MD5_DIGEST_SIZE, HEAP_HINT); + + if (digest_stream) { + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_InitMd5_ex(hash[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("InitMd5_ex failed, ret = %d\n", ret); + goto exit; + } + #ifdef WOLFSSL_PIC32MZ_HASH + wc_Md5SizeSet(hash[i], numBlocks * bench_size); + #endif + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Md5Update(hash[i], bench_plain, + bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, &pending)) { + goto exit_md5; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + + times = 0; + do { + bench_async_poll(&pending); + + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Md5Final(hash[i], digest[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_md5; + } + } + } /* for i */ + } while (pending > 0); + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks; times++) { + ret = wc_InitMd5_ex(hash[0], HEAP_HINT, INVALID_DEVID); + if (ret == 0) + ret = wc_Md5Update(hash[0], bench_plain, bench_size); + if (ret == 0) + ret = wc_Md5Final(hash[0], digest[0]); + if (ret != 0) + goto exit_md5; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } +exit_md5: + bench_stats_sym_finish("MD5", useDeviceID, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + +#ifdef WOLFSSL_ASYNC_CRYPT + if (WC_ARRAY_OK(hash)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_Md5Free(hash[i]); + } + } +#endif + + WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT); + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +} +#endif /* !NO_MD5 */ + + +#ifndef NO_SHA +void bench_sha(int useDeviceID) +{ + WC_DECLARE_ARRAY(hash, wc_Sha, BENCH_MAX_PENDING, + sizeof(wc_Sha), HEAP_HINT); + double start; + int ret = 0, i, count = 0, times, pending = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA_DIGEST_SIZE, HEAP_HINT); + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(hash, wc_Sha, BENCH_MAX_PENDING, + sizeof(wc_Sha), HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA_DIGEST_SIZE, HEAP_HINT); + + if (digest_stream) { + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_InitSha_ex(hash[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("InitSha failed, ret = %d\n", ret); + goto exit; + } + #ifdef WOLFSSL_PIC32MZ_HASH + wc_ShaSizeSet(hash[i], numBlocks * bench_size); + #endif + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_ShaUpdate(hash[i], bench_plain, + bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + + times = 0; + do { + bench_async_poll(&pending); + + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_ShaFinal(hash[i], digest[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha; + } + } + } /* for i */ + } while (pending > 0); + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks; times++) { + ret = wc_InitSha_ex(hash[0], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret == 0) + ret = wc_ShaUpdate(hash[0], bench_plain, bench_size); + if (ret == 0) + ret = wc_ShaFinal(hash[0], digest[0]); + if (ret != 0) + goto exit_sha; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } +exit_sha: + bench_stats_sym_finish("SHA", useDeviceID, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + if (WC_ARRAY_OK(hash)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_ShaFree(hash[i]); + } + WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT); + } + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +} +#endif /* NO_SHA */ + + +#ifdef WOLFSSL_SHA224 +void bench_sha224(int useDeviceID) +{ + WC_DECLARE_ARRAY(hash, wc_Sha224, BENCH_MAX_PENDING, + sizeof(wc_Sha224), HEAP_HINT); + double start; + int ret = 0, i, count = 0, times, pending = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA224_DIGEST_SIZE, HEAP_HINT); + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(hash, wc_Sha224, BENCH_MAX_PENDING, + sizeof(wc_Sha224), HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA224_DIGEST_SIZE, HEAP_HINT); + + if (digest_stream) { + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_InitSha224_ex(hash[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("InitSha224_ex failed, ret = %d\n", ret); + goto exit; + } + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha224Update(hash[i], bench_plain, + bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha224; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + + times = 0; + do { + bench_async_poll(&pending); + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha224Final(hash[i], digest[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha224; + } + } + } /* for i */ + } while (pending > 0); + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks; times++) { + ret = wc_InitSha224_ex(hash[0], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret == 0) + ret = wc_Sha224Update(hash[0], bench_plain, bench_size); + if (ret == 0) + ret = wc_Sha224Final(hash[0], digest[0]); + if (ret != 0) + goto exit_sha224; + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } +exit_sha224: + bench_stats_sym_finish("SHA-224", useDeviceID, count, + bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + if (WC_ARRAY_OK(hash)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_Sha224Free(hash[i]); + } + WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT); + } + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +} +#endif + + +#ifndef NO_SHA256 +void bench_sha256(int useDeviceID) +{ + WC_DECLARE_ARRAY(hash, wc_Sha256, BENCH_MAX_PENDING, + sizeof(wc_Sha256), HEAP_HINT); + double start; + int ret = 0, i, count = 0, times, pending = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA256_DIGEST_SIZE, HEAP_HINT); + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(hash, wc_Sha256, BENCH_MAX_PENDING, + sizeof(wc_Sha256), HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA256_DIGEST_SIZE, HEAP_HINT); + + if (digest_stream) { + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_InitSha256_ex(hash[i], HEAP_HINT, + useDeviceID ? devId: INVALID_DEVID); + if (ret != 0) { + printf("InitSha256_ex failed, ret = %d\n", ret); + goto exit; + } + #ifdef WOLFSSL_PIC32MZ_HASH + wc_Sha256SizeSet(hash[i], numBlocks * bench_size); + #endif + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha256Update(hash[i], bench_plain, + bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha256; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + + times = 0; + do { + bench_async_poll(&pending); + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha256Final(hash[i], digest[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha256; + } + } + } /* for i */ + } while (pending > 0); + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks; times++) { + ret = wc_InitSha256_ex(hash[0], HEAP_HINT, + useDeviceID ? devId: INVALID_DEVID); + if (ret == 0) + ret = wc_Sha256Update(hash[0], bench_plain, bench_size); + if (ret == 0) + ret = wc_Sha256Final(hash[0], digest[0]); + if (ret != 0) + goto exit_sha256; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } +exit_sha256: + bench_stats_sym_finish("SHA-256", useDeviceID, count, bench_size, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +exit: + if (WC_ARRAY_OK(hash)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_Sha256Free(hash[i]); + } + WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT); + } + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +} +#endif + +#ifdef WOLFSSL_SHA384 +void bench_sha384(int useDeviceID) +{ + WC_DECLARE_ARRAY(hash, wc_Sha384, BENCH_MAX_PENDING, + sizeof(wc_Sha384), HEAP_HINT); + double start; + int ret = 0, i, count = 0, times, pending = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA384_DIGEST_SIZE, HEAP_HINT); + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(hash, wc_Sha384, BENCH_MAX_PENDING, + sizeof(wc_Sha384), HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA384_DIGEST_SIZE, HEAP_HINT); + + if (digest_stream) { + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_InitSha384_ex(hash[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("InitSha384_ex failed, ret = %d\n", ret); + goto exit; + } + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha384Update(hash[i], bench_plain, + bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha384; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + + times = 0; + do { + bench_async_poll(&pending); + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha384Final(hash[i], digest[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha384; + } + } + } /* for i */ + } while (pending > 0); + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks; times++) { + ret = wc_InitSha384_ex(hash[0], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret == 0) + ret = wc_Sha384Update(hash[0], bench_plain, bench_size); + if (ret == 0) + ret = wc_Sha384Final(hash[0], digest[0]); + if (ret != 0) + goto exit_sha384; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } +exit_sha384: + bench_stats_sym_finish("SHA-384", useDeviceID, count, bench_size, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + if (WC_ARRAY_OK(hash)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_Sha384Free(hash[i]); + } + WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT); + } + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +} +#endif + +#ifdef WOLFSSL_SHA512 +void bench_sha512(int useDeviceID) +{ + WC_DECLARE_ARRAY(hash, wc_Sha512, BENCH_MAX_PENDING, + sizeof(wc_Sha512), HEAP_HINT); + double start; + int ret = 0, i, count = 0, times, pending = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA512_DIGEST_SIZE, HEAP_HINT); + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(hash, wc_Sha512, BENCH_MAX_PENDING, + sizeof(wc_Sha512), HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA512_DIGEST_SIZE, HEAP_HINT); + + if (digest_stream) { + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_InitSha512_ex(hash[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("InitSha512_ex failed, ret = %d\n", ret); + goto exit; + } + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha512Update(hash[i], bench_plain, + bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha512; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + + times = 0; + do { + bench_async_poll(&pending); + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha512Final(hash[i], digest[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha512; + } + } + } /* for i */ + } while (pending > 0); + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks; times++) { + ret = wc_InitSha512_ex(hash[0], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret == 0) + ret = wc_Sha512Update(hash[0], bench_plain, bench_size); + if (ret == 0) + ret = wc_Sha512Final(hash[0], digest[0]); + if (ret != 0) + goto exit_sha512; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } +exit_sha512: + bench_stats_sym_finish("SHA-512", useDeviceID, count, bench_size, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + if (WC_ARRAY_OK(hash)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_Sha512Free(hash[i]); + } + WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT); + } + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +} + +#if !defined(WOLFSSL_NOSHA512_224) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +void bench_sha512_224(int useDeviceID) +{ + WC_DECLARE_ARRAY(hash, wc_Sha512_224, BENCH_MAX_PENDING, + sizeof(wc_Sha512_224), HEAP_HINT); + double start; + int ret = 0, i, count = 0, times, pending = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA512_224_DIGEST_SIZE, HEAP_HINT); + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(hash, wc_Sha512_224, BENCH_MAX_PENDING, + sizeof(wc_Sha512_224), HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA512_224_DIGEST_SIZE, HEAP_HINT); + + if (digest_stream) { + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_InitSha512_224_ex(hash[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("InitSha512_224_ex failed, ret = %d\n", ret); + goto exit; + } + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha512_224Update(hash[i], bench_plain, + bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha512_224; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + + times = 0; + do { + bench_async_poll(&pending); + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha512_224Final(hash[i], digest[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha512_224; + } + } + } /* for i */ + } while (pending > 0); + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks; times++) { + ret = wc_InitSha512_224_ex(hash[0], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret == 0) + ret = wc_Sha512_224Update(hash[0], bench_plain, bench_size); + if (ret == 0) + ret = wc_Sha512_224Final(hash[0], digest[0]); + if (ret != 0) + goto exit_sha512_224; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } +exit_sha512_224: + bench_stats_sym_finish("SHA-512/224", useDeviceID, count, bench_size, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + if (WC_ARRAY_OK(hash)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_Sha512_224Free(hash[i]); + } + WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT); + } + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +} +#endif /* WOLFSSL_NOSHA512_224 && !FIPS ... */ + +#if !defined(WOLFSSL_NOSHA512_256) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +void bench_sha512_256(int useDeviceID) +{ + WC_DECLARE_ARRAY(hash, wc_Sha512_256, BENCH_MAX_PENDING, + sizeof(wc_Sha512_256), HEAP_HINT); + double start; + int ret = 0, i, count = 0, times, pending = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA512_256_DIGEST_SIZE, HEAP_HINT); + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(hash, wc_Sha512_256, BENCH_MAX_PENDING, + sizeof(wc_Sha512_256), HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA512_256_DIGEST_SIZE, HEAP_HINT); + + if (digest_stream) { + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_InitSha512_256_ex(hash[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("InitSha512_256_ex failed, ret = %d\n", ret); + goto exit; + } + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha512_256Update(hash[i], bench_plain, + bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha512_256; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + + times = 0; + do { + bench_async_poll(&pending); + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha512_256Final(hash[i], digest[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha512_256; + } + } + } /* for i */ + } while (pending > 0); + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks; times++) { + ret = wc_InitSha512_256_ex(hash[0], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret == 0) + ret = wc_Sha512_256Update(hash[0], bench_plain, bench_size); + if (ret == 0) + ret = wc_Sha512_256Final(hash[0], digest[0]); + if (ret != 0) + goto exit_sha512_256; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } +exit_sha512_256: + bench_stats_sym_finish("SHA-512/256", useDeviceID, count, bench_size, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + if (WC_ARRAY_OK(hash)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_Sha512_256Free(hash[i]); + } + WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT); + } + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +} +#endif /* WOLFSSL_NOSHA512_256 && !FIPS ... */ + +#endif /* WOLFSSL_SHA512 */ + + +#ifdef WOLFSSL_SHA3 +#ifndef WOLFSSL_NOSHA3_224 +void bench_sha3_224(int useDeviceID) +{ + WC_DECLARE_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING, + sizeof(wc_Sha3), HEAP_HINT); + double start; + int ret = 0, i, count = 0, times, pending = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA3_224_DIGEST_SIZE, HEAP_HINT); + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING, + sizeof(wc_Sha3), HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA3_224_DIGEST_SIZE, HEAP_HINT); + + if (digest_stream) { + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_InitSha3_224(hash[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("InitSha3_224 failed, ret = %d\n", ret); + goto exit; + } + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha3_224_Update(hash[i], bench_plain, + bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha3_224; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + + times = 0; + do { + bench_async_poll(&pending); + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha3_224_Final(hash[i], digest[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha3_224; + } + } + } /* for i */ + } while (pending > 0); + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks; times++) { + ret = wc_InitSha3_224(hash[0], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret == 0) + ret = wc_Sha3_224_Update(hash[0], bench_plain, bench_size); + if (ret == 0) + ret = wc_Sha3_224_Final(hash[0], digest[0]); + if (ret != 0) + goto exit_sha3_224; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } +exit_sha3_224: + bench_stats_sym_finish("SHA3-224", useDeviceID, count, bench_size, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + if (WC_ARRAY_OK(hash)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_Sha3_224_Free(hash[i]); + } + WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT); + } + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +} +#endif /* WOLFSSL_NOSHA3_224 */ + +#ifndef WOLFSSL_NOSHA3_256 +void bench_sha3_256(int useDeviceID) +{ + WC_DECLARE_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING, + sizeof(wc_Sha3), HEAP_HINT); + double start; + DECLARE_MULTI_VALUE_STATS_VARS() + int ret = 0, i, count = 0, times, pending = 0; + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA3_256_DIGEST_SIZE, HEAP_HINT); + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING, + sizeof(wc_Sha3), HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA3_256_DIGEST_SIZE, HEAP_HINT); + + if (digest_stream) { + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_InitSha3_256(hash[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("InitSha3_256 failed, ret = %d\n", ret); + goto exit; + } + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha3_256_Update(hash[i], bench_plain, + bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha3_256; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + + times = 0; + do { + bench_async_poll(&pending); + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha3_256_Final(hash[i], digest[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha3_256; + } + } + } /* for i */ + } while (pending > 0); + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks; times++) { + ret = wc_InitSha3_256(hash[0], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret == 0) + ret = wc_Sha3_256_Update(hash[0], bench_plain, bench_size); + if (ret == 0) + ret = wc_Sha3_256_Final(hash[0], digest[0]); + if (ret != 0) + goto exit_sha3_256; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } +exit_sha3_256: + bench_stats_sym_finish("SHA3-256", useDeviceID, count, bench_size, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + if (WC_ARRAY_OK(hash)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_Sha3_256_Free(hash[i]); + } + WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT); + } + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +} +#endif /* WOLFSSL_NOSHA3_256 */ + +#ifndef WOLFSSL_NOSHA3_384 +void bench_sha3_384(int useDeviceID) +{ + WC_DECLARE_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING, + sizeof(wc_Sha3), HEAP_HINT); + double start; + int ret = 0, i, count = 0, times, pending = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA3_384_DIGEST_SIZE, HEAP_HINT); + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING, + sizeof(wc_Sha3), HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA3_384_DIGEST_SIZE, HEAP_HINT); + + if (digest_stream) { + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_InitSha3_384(hash[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("InitSha3_384 failed, ret = %d\n", ret); + goto exit; + } + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha3_384_Update(hash[i], bench_plain, + bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha3_384; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + + times = 0; + do { + bench_async_poll(&pending); + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha3_384_Final(hash[i], digest[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha3_384; + } + } + } /* for i */ + } while (pending > 0); + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks; times++) { + ret = wc_InitSha3_384(hash[0], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret == 0) + ret = wc_Sha3_384_Update(hash[0], bench_plain, bench_size); + if (ret == 0) + ret = wc_Sha3_384_Final(hash[0], digest[0]); + if (ret != 0) + goto exit_sha3_384; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } +exit_sha3_384: + bench_stats_sym_finish("SHA3-384", useDeviceID, count, bench_size, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + if (WC_ARRAY_OK(hash)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_Sha3_384_Free(hash[i]); + } + WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT); + } + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +} +#endif /* WOLFSSL_NOSHA3_384 */ + +#ifndef WOLFSSL_NOSHA3_512 +void bench_sha3_512(int useDeviceID) +{ + WC_DECLARE_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING, + sizeof(wc_Sha3), HEAP_HINT); + double start; + int ret = 0, i, count = 0, times, pending = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA3_512_DIGEST_SIZE, HEAP_HINT); + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(hash, wc_Sha3, BENCH_MAX_PENDING, + sizeof(wc_Sha3), HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA3_512_DIGEST_SIZE, HEAP_HINT); + + if (digest_stream) { + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_InitSha3_512(hash[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("InitSha3_512 failed, ret = %d\n", ret); + goto exit; + } + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha3_512_Update(hash[i], bench_plain, + bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha3_512; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + + times = 0; + do { + bench_async_poll(&pending); + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sha3_512_Final(hash[i], digest[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_sha3_512; + } + } + } /* for i */ + } while (pending > 0); + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks; times++) { + ret = wc_InitSha3_512(hash[0], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret == 0) + ret = wc_Sha3_512_Update(hash[0], bench_plain, bench_size); + if (ret == 0) + ret = wc_Sha3_512_Final(hash[0], digest[0]); + if (ret != 0) + goto exit_sha3_512; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } +exit_sha3_512: + bench_stats_sym_finish("SHA3-512", useDeviceID, count, bench_size, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + if (WC_ARRAY_OK(hash)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_Sha3_512_Free(hash[i]); + } + WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT); + } + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +} +#endif /* WOLFSSL_NOSHA3_512 */ + +#ifdef WOLFSSL_SHAKE128 +void bench_shake128(int useDeviceID) +{ + WC_DECLARE_ARRAY(hash, wc_Shake, BENCH_MAX_PENDING, + sizeof(wc_Shake), HEAP_HINT); + double start; + int ret = 0, i, count = 0, times, pending = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA3_128_BLOCK_SIZE, HEAP_HINT); + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(hash, wc_Shake, BENCH_MAX_PENDING, + sizeof(wc_Shake), HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA3_128_BLOCK_SIZE, HEAP_HINT); + + if (digest_stream) { + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_InitShake128(hash[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("InitShake128 failed, ret = %d\n", ret); + goto exit; + } + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Shake128_Update(hash[i], bench_plain, + bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_shake128; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + + times = 0; + do { + bench_async_poll(&pending); + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Shake128_Final(hash[i], digest[i], + WC_SHA3_128_BLOCK_SIZE); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_shake128; + } + } + } /* for i */ + } while (pending > 0); + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks; times++) { + ret = wc_InitShake128(hash[0], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret == 0) + ret = wc_Shake128_Update(hash[0], bench_plain, bench_size); + if (ret == 0) + ret = wc_Shake128_Final(hash[0], digest[0], + WC_SHA3_128_BLOCK_SIZE); + if (ret != 0) + goto exit_shake128; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } +exit_shake128: + bench_stats_sym_finish("SHAKE128", useDeviceID, count, bench_size, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + if (WC_ARRAY_OK(hash)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_Shake128_Free(hash[i]); + } + WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT); + } + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +} +#endif /* WOLFSSL_SHAKE128 */ + +#ifdef WOLFSSL_SHAKE256 +void bench_shake256(int useDeviceID) +{ + WC_DECLARE_ARRAY(hash, wc_Shake, BENCH_MAX_PENDING, + sizeof(wc_Shake), HEAP_HINT); + double start; + int ret = 0, i, count = 0, times, pending = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA3_256_BLOCK_SIZE, HEAP_HINT); + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(hash, wc_Shake, BENCH_MAX_PENDING, + sizeof(wc_Shake), HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_SHA3_256_BLOCK_SIZE, HEAP_HINT); + + if (digest_stream) { + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_InitShake256(hash[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("InitShake256 failed, ret = %d\n", ret); + goto exit; + } + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Shake256_Update(hash[i], bench_plain, + bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_shake256; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + + times = 0; + do { + bench_async_poll(&pending); + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Shake256_Final(hash[i], digest[i], + WC_SHA3_256_BLOCK_SIZE); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, + ×, &pending)) { + goto exit_shake256; + } + } + } /* for i */ + } while (pending > 0); + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks; times++) { + ret = wc_InitShake256(hash[0], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret == 0) + ret = wc_Shake256_Update(hash[0], bench_plain, bench_size); + if (ret == 0) + ret = wc_Shake256_Final(hash[0], digest[0], + WC_SHA3_256_BLOCK_SIZE); + if (ret != 0) + goto exit_shake256; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } +exit_shake256: + bench_stats_sym_finish("SHAKE256", useDeviceID, count, bench_size, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + if (WC_ARRAY_OK(hash)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_Shake256_Free(hash[i]); + } + WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT); + } + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +} +#endif /* WOLFSSL_SHAKE256 */ +#endif + +#ifdef WOLFSSL_SM3 +void bench_sm3(int useDeviceID) +{ + WC_DECLARE_ARRAY(hash, wc_Sm3, BENCH_MAX_PENDING, + sizeof(wc_Sm3), HEAP_HINT); + double start; + int ret = 0, i, count = 0, times, pending = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SM3_DIGEST_SIZE, + HEAP_HINT); + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(hash, wc_Sm3, BENCH_MAX_PENDING, + sizeof(wc_Sm3), HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, WC_SM3_DIGEST_SIZE, + HEAP_HINT); + + if (digest_stream) { + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_InitSm3(hash[i], HEAP_HINT, + useDeviceID ? devId: INVALID_DEVID); + if (ret != 0) { + printf("InitSm3 failed, ret = %d\n", ret); + goto exit; + } + } + + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sm3Update(hash[i], bench_plain, + bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, ×, &pending)) { + goto exit_sm3; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + + times = 0; + do { + bench_async_poll(&pending); + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(hash[i]), + 0, ×, numBlocks, &pending)) { + ret = wc_Sm3Final(hash[i], digest[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hash[i]), 0, ×, &pending)) { + goto exit_sm3; + } + } + } /* for i */ + } while (pending > 0); + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks; times++) { + ret = wc_InitSm3(hash[0], HEAP_HINT, + useDeviceID ? devId: INVALID_DEVID); + if (ret == 0) + ret = wc_Sm3Update(hash[0], bench_plain, bench_size); + if (ret == 0) + ret = wc_Sm3Final(hash[0], digest[0]); + if (ret != 0) + goto exit_sm3; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } +exit_sm3: + bench_stats_sym_finish("SM3", useDeviceID, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + if (WC_ARRAY_OK(hash)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_Sm3Free(hash[i]); + } + WC_FREE_ARRAY(hash, BENCH_MAX_PENDING, HEAP_HINT); + } + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +} +#endif + + +#ifdef WOLFSSL_RIPEMD +void bench_ripemd(void) +{ + RipeMd hash; + byte digest[RIPEMD_DIGEST_SIZE]; + double start; + int i, count, ret = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + if (digest_stream) { + ret = wc_InitRipeMd(&hash); + if (ret != 0) { + printf("wc_InitRipeMd failed, retval %d\n", ret); + return; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_RipeMdUpdate(&hash, bench_plain, bench_size); + if (ret != 0) { + printf("wc_RipeMdUpdate failed, retval %d\n", ret); + return; + } + RECORD_MULTI_VALUE_STATS(); + } + ret = wc_RipeMdFinal(&hash, digest); + if (ret != 0) { + printf("wc_RipeMdFinal failed, retval %d\n", ret); + return; + } + + count += i; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_InitRipeMd(&hash); + if (ret != 0) { + printf("wc_InitRipeMd failed, retval %d\n", ret); + return; + } + ret = wc_RipeMdUpdate(&hash, bench_plain, bench_size); + if (ret != 0) { + printf("wc_RipeMdUpdate failed, retval %d\n", ret); + return; + } + ret = wc_RipeMdFinal(&hash, digest); + if (ret != 0) { + printf("wc_RipeMdFinal failed, retval %d\n", ret); + return; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + bench_stats_sym_finish("RIPEMD", 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + return; +} +#endif + + +#ifdef HAVE_BLAKE2 +void bench_blake2b(void) +{ + Blake2b b2b; + byte digest[64]; + double start; + int ret = 0, i, count; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + if (digest_stream) { + ret = wc_InitBlake2b(&b2b, 64); + if (ret != 0) { + printf("InitBlake2b failed, ret = %d\n", ret); + return; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_Blake2bUpdate(&b2b, bench_plain, bench_size); + if (ret != 0) { + printf("Blake2bUpdate failed, ret = %d\n", ret); + return; + } + RECORD_MULTI_VALUE_STATS(); + } + ret = wc_Blake2bFinal(&b2b, digest, 64); + if (ret != 0) { + printf("Blake2bFinal failed, ret = %d\n", ret); + return; + } + count += i; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_InitBlake2b(&b2b, 64); + if (ret != 0) { + printf("InitBlake2b failed, ret = %d\n", ret); + return; + } + ret = wc_Blake2bUpdate(&b2b, bench_plain, bench_size); + if (ret != 0) { + printf("Blake2bUpdate failed, ret = %d\n", ret); + return; + } + ret = wc_Blake2bFinal(&b2b, digest, 64); + if (ret != 0) { + printf("Blake2bFinal failed, ret = %d\n", ret); + return; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + bench_stats_sym_finish("BLAKE2b", 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +} +#endif + +#if defined(HAVE_BLAKE2S) +void bench_blake2s(void) +{ + Blake2s b2s; + byte digest[32]; + double start; + int ret = 0, i, count; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + if (digest_stream) { + ret = wc_InitBlake2s(&b2s, 32); + if (ret != 0) { + printf("InitBlake2s failed, ret = %d\n", ret); + return; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_Blake2sUpdate(&b2s, bench_plain, bench_size); + if (ret != 0) { + printf("Blake2sUpdate failed, ret = %d\n", ret); + return; + } + RECORD_MULTI_VALUE_STATS(); + } + ret = wc_Blake2sFinal(&b2s, digest, 32); + if (ret != 0) { + printf("Blake2sFinal failed, ret = %d\n", ret); + return; + } + count += i; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_InitBlake2s(&b2s, 32); + if (ret != 0) { + printf("InitBlake2b failed, ret = %d\n", ret); + return; + } + ret = wc_Blake2sUpdate(&b2s, bench_plain, bench_size); + if (ret != 0) { + printf("Blake2bUpdate failed, ret = %d\n", ret); + return; + } + ret = wc_Blake2sFinal(&b2s, digest, 32); + if (ret != 0) { + printf("Blake2sFinal failed, ret = %d\n", ret); + return; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + bench_stats_sym_finish("BLAKE2s", 0, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +} +#endif + +#ifdef HAVE_ASCON +void bench_ascon_hash(void) +{ + wc_AsconHash256 ascon; + byte digest[ASCON_HASH256_SZ]; + double start; + int ret = 0, i, count; + + bench_stats_prepare(); + + if (digest_stream) { + ret = wc_AsconHash256_Init(&ascon); + if (ret != 0) { + printf("wc_AsconHash256_Init failed, ret = %d\n", ret); + return; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_AsconHash256_Update(&ascon, bench_plain, bench_size); + if (ret != 0) { + printf("wc_AsconHash256_Update failed, ret = %d\n", ret); + return; + } + } + ret = wc_AsconHash256_Final(&ascon, digest); + if (ret != 0) { + printf("wc_AsconHash256_Final failed, ret = %d\n", ret); + return; + } + count += i; + } while (bench_stats_check(start)); + } + else { + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_AsconHash256_Init(&ascon); + if (ret != 0) { + printf("wc_AsconHash256_Init failed, ret = %d\n", ret); + return; + } + ret = wc_AsconHash256_Update(&ascon, bench_plain, bench_size); + if (ret != 0) { + printf("wc_AsconHash256_Update failed, ret = %d\n", ret); + return; + } + ret = wc_AsconHash256_Final(&ascon, digest); + if (ret != 0) { + printf("wc_AsconHash256_Final failed, ret = %d\n", ret); + return; + } + } + count += i; + } while (bench_stats_check(start)); + } + bench_stats_sym_finish("ASCON hash", 0, count, bench_size, start, ret); +} +#endif + +#ifdef WOLFSSL_CMAC + +#if defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256) +static void bench_cmac_helper(word32 keySz, const char* outMsg, int useDeviceID) +{ + Cmac cmac; + byte digest[WC_AES_BLOCK_SIZE]; + word32 digestSz = sizeof(digest); + double start; + int ret, i, count; + DECLARE_MULTI_VALUE_STATS_VARS() +#ifdef WOLFSSL_SECO_CAAM + unsigned int keyID; + int keyGroup = 1; /* group one was chosen arbitrarily */ + int keyInfo = CAAM_KEY_TRANSIENT; + int keyType = CAAM_KEYTYPE_AES128; + byte pubKey[AES_256_KEY_SIZE]; + + if (keySz == AES_256_KEY_SIZE) { + keyType = CAAM_KEYTYPE_AES256; + } + + if (useDeviceID && + wc_SECO_GenerateKey(CAAM_GENERATE_KEY, keyGroup, pubKey, 0, keyType, + keyInfo, &keyID) != 0) { + printf("Error generating key in hsm\n"); + return; + } +#endif + (void)useDeviceID; + + bench_stats_prepare(); + + bench_stats_start(&count, &start); + do { + #ifdef HAVE_FIPS + ret = wc_InitCmac(&cmac, bench_key, keySz, WC_CMAC_AES, NULL); + #else + ret = wc_InitCmac_ex(&cmac, bench_key, keySz, WC_CMAC_AES, NULL, + HEAP_HINT, useDeviceID ? devId : INVALID_DEVID); + #endif + if (ret != 0) { + printf("InitCmac failed, ret = %d\n", ret); + return; + } + #ifdef WOLFSSL_SECO_CAAM + if (useDeviceID) { + wc_SECO_CMACSetKeyID(&cmac, keyID); + } + #endif + + for (i = 0; i < numBlocks; i++) { + ret = wc_CmacUpdate(&cmac, bench_plain, bench_size); + if (ret != 0) { + printf("CmacUpdate failed, ret = %d\n", ret); + return; + } + RECORD_MULTI_VALUE_STATS(); + } + /* Note: final force zero's the Cmac struct */ + ret = wc_CmacFinal(&cmac, digest, &digestSz); + if (ret != 0) { + printf("CmacFinal failed, ret = %d\n", ret); + return; + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish(outMsg, useDeviceID, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +} +#endif + +void bench_cmac(int useDeviceID) +{ +#ifdef WOLFSSL_AES_128 + bench_cmac_helper(16, "AES-128-CMAC", useDeviceID); +#endif +#ifdef WOLFSSL_AES_256 + bench_cmac_helper(32, "AES-256-CMAC", useDeviceID); +#endif + (void)useDeviceID; +} +#endif /* WOLFSSL_CMAC */ + +#ifdef HAVE_SCRYPT + +void bench_scrypt(void) +{ + byte derived[64]; + double start; + int ret, i, count; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < scryptCnt; i++) { + ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13, + (byte*)"SodiumChloride", 14, 14, 8, 1, + sizeof(derived)); + if (ret != 0) { + printf("scrypt failed, ret = %d\n", ret); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit: + bench_stats_asym_finish("scrypt", 17, "", 0, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +} + +#endif /* HAVE_SCRYPT */ + +#ifndef NO_HMAC + +static void bench_hmac(int useDeviceID, int type, int digestSz, + const byte* key, word32 keySz, const char* label) +{ + WC_DECLARE_ARRAY(hmac, Hmac, BENCH_MAX_PENDING, + sizeof(Hmac), HEAP_HINT); + double start; + int ret = 0, i, count = 0, times, pending = 0; + DECLARE_MULTI_VALUE_STATS_VARS() +#ifdef WOLFSSL_ASYNC_CRYPT + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_MAX_DIGEST_SIZE, HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, + WC_MAX_DIGEST_SIZE, HEAP_HINT); +#else + byte digest[BENCH_MAX_PENDING][WC_MAX_DIGEST_SIZE]; +#endif + + (void)digestSz; + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(hmac, Hmac, BENCH_MAX_PENDING, + sizeof(Hmac), HEAP_HINT); + + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + ret = wc_HmacInit(hmac[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("wc_HmacInit failed for %s, ret = %d\n", label, ret); + goto exit; + } + + ret = wc_HmacSetKey(hmac[i], type, key, keySz); + if (ret != 0) { + printf("wc_HmacSetKey failed for %s, ret = %d\n", label, ret); + goto exit; + } + } + + if (mac_stream) { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, + BENCH_ASYNC_GET_DEV(hmac[i]), 0, + ×, numBlocks, &pending)) { + ret = wc_HmacUpdate(hmac[i], bench_plain, bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hmac[i]), + 0, ×, &pending)) { + goto exit_hmac; + } + } + } /* for i */ + } /* for times */ + count += times; + + times = 0; + do { + bench_async_poll(&pending); + + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, + BENCH_ASYNC_GET_DEV(hmac[i]), 0, + ×, numBlocks, &pending)) { + ret = wc_HmacFinal(hmac[i], digest[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hmac[i]), + 0, ×, &pending)) { + goto exit_hmac; + } + } + RECORD_MULTI_VALUE_STATS(); + } /* for i */ + } while (pending > 0); + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + else { + bench_stats_start(&count, &start); + do { + for (times = 0; times < numBlocks || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, + BENCH_ASYNC_GET_DEV(hmac[i]), 0, + ×, numBlocks, &pending)) { + ret = wc_HmacUpdate(hmac[i], bench_plain, bench_size); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hmac[i]), + 0, ×, &pending)) { + goto exit_hmac; + } + } + if (bench_async_check(&ret, + BENCH_ASYNC_GET_DEV(hmac[i]), 0, + ×, numBlocks, &pending)) { + ret = wc_HmacFinal(hmac[i], digest[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(hmac[i]), + 0, ×, &pending)) { + goto exit_hmac; + } + } + } /* for i */ + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + } + +exit_hmac: + bench_stats_sym_finish(label, useDeviceID, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_HmacFree(hmac[i]); + } + + WC_FREE_ARRAY(hmac, BENCH_MAX_PENDING, HEAP_HINT); +#ifdef WOLFSSL_ASYNC_CRYPT + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +#endif +} + +#ifndef NO_MD5 + +void bench_hmac_md5(int useDeviceID) +{ + WOLFSSL_SMALL_STACK_STATIC const byte key[] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; + + bench_hmac(useDeviceID, WC_MD5, WC_MD5_DIGEST_SIZE, key, sizeof(key), + "HMAC-MD5"); +} + +#endif /* NO_MD5 */ + +#ifndef NO_SHA + +void bench_hmac_sha(int useDeviceID) +{ + WOLFSSL_SMALL_STACK_STATIC const byte key[] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b }; + + bench_hmac(useDeviceID, WC_SHA, WC_SHA_DIGEST_SIZE, key, sizeof(key), + "HMAC-SHA"); +} + +#endif /* NO_SHA */ + +#ifdef WOLFSSL_SHA224 + +void bench_hmac_sha224(int useDeviceID) +{ + WOLFSSL_SMALL_STACK_STATIC const byte key[] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b }; + + bench_hmac(useDeviceID, WC_SHA224, + WC_SHA224_DIGEST_SIZE, key, sizeof(key), + "HMAC-SHA224"); +} + +#endif /* WOLFSSL_SHA224 */ + +#ifndef NO_SHA256 + +void bench_hmac_sha256(int useDeviceID) +{ + WOLFSSL_SMALL_STACK_STATIC const byte key[] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; + + bench_hmac(useDeviceID, WC_SHA256, WC_SHA256_DIGEST_SIZE, key, sizeof(key), + "HMAC-SHA256"); +} + +#endif /* NO_SHA256 */ + +#ifdef WOLFSSL_SHA384 + +void bench_hmac_sha384(int useDeviceID) +{ + WOLFSSL_SMALL_STACK_STATIC const byte key[] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; + + bench_hmac(useDeviceID, WC_SHA384, WC_SHA384_DIGEST_SIZE, key, sizeof(key), + "HMAC-SHA384"); +} + +#endif /* WOLFSSL_SHA384 */ + +#ifdef WOLFSSL_SHA512 + +void bench_hmac_sha512(int useDeviceID) +{ + WOLFSSL_SMALL_STACK_STATIC const byte key[] = { + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; + + bench_hmac(useDeviceID, WC_SHA512, WC_SHA512_DIGEST_SIZE, key, sizeof(key), + "HMAC-SHA512"); +} + +#endif /* WOLFSSL_SHA512 */ + +#ifndef NO_PWDBASED +void bench_pbkdf2(void) +{ + double start; + int ret = 0, count = 0; + const char* passwd32 = "passwordpasswordpasswordpassword"; + WOLFSSL_SMALL_STACK_STATIC const byte salt32[] = { + 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06, + 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06, + 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06, + 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 }; + byte derived[32]; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + bench_stats_start(&count, &start); + PRIVATE_KEY_UNLOCK(); + do { + ret = wc_PBKDF2(derived, (const byte*)passwd32, (int)XSTRLEN(passwd32), + salt32, (int)sizeof(salt32), 1000, 32, WC_SHA256); + count++; + RECORD_MULTI_VALUE_STATS(); + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + PRIVATE_KEY_LOCK(); + + bench_stats_sym_finish("PBKDF2", 32, count, 32, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +} +#endif /* !NO_PWDBASED */ + +#endif /* NO_HMAC */ + +#ifdef WOLFSSL_SIPHASH +void bench_siphash(void) +{ + double start; + int ret = 0, count; + const char* passwd16 = "passwordpassword"; + byte out[16]; + int i; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_SipHash((const byte*)passwd16, bench_plain, bench_size, + out, 8); + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish("SipHash-8", 1, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < numBlocks; i++) { + ret = wc_SipHash((const byte*)passwd16, bench_plain, bench_size, + out, 16); + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_sym_finish("SipHash-16", 1, count, bench_size, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +} +#endif + +#ifdef WC_SRTP_KDF +void bench_srtpkdf(void) +{ + double start; + int count; + int ret = 0; + byte keyE[32]; + byte keyA[20]; + byte keyS[14]; + const byte *key = bench_key_buf; + const byte salt[14] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e }; + const byte idx[6] = { 0x55, 0xAA, 0x55, 0xAA, 0x55, 0xAA }; + int kdrIdx = 0; + int i; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + bench_stats_start(&count, &start); + PRIVATE_KEY_UNLOCK(); + do { + for (i = 0; i < numBlocks * 1000; i++) { + ret = wc_SRTP_KDF(key, AES_128_KEY_SIZE, salt, sizeof(salt), + kdrIdx, idx, keyE, AES_128_KEY_SIZE, keyA, sizeof(keyA), + keyS, sizeof(keyS)); + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + PRIVATE_KEY_LOCK(); + bench_stats_asym_finish("KDF", 128, "SRTP", 0, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + PRIVATE_KEY_UNLOCK(); + do { + for (i = 0; i < numBlocks * 1000; i++) { + ret = wc_SRTP_KDF(key, AES_256_KEY_SIZE, salt, sizeof(salt), + kdrIdx, idx, keyE, AES_256_KEY_SIZE, keyA, sizeof(keyA), + keyS, sizeof(keyS)); + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + PRIVATE_KEY_LOCK(); + bench_stats_asym_finish("KDF", 256, "SRTP", 0, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + PRIVATE_KEY_UNLOCK(); + do { + for (i = 0; i < numBlocks * 1000; i++) { + ret = wc_SRTCP_KDF(key, AES_128_KEY_SIZE, salt, sizeof(salt), + kdrIdx, idx, keyE, AES_128_KEY_SIZE, keyA, sizeof(keyA), + keyS, sizeof(keyS)); + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + PRIVATE_KEY_LOCK(); + bench_stats_asym_finish("KDF", 128, "SRTCP", 0, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + PRIVATE_KEY_UNLOCK(); + do { + for (i = 0; i < numBlocks * 1000; i++) { + ret = wc_SRTCP_KDF(key, AES_256_KEY_SIZE, salt, sizeof(salt), + kdrIdx, idx, keyE, AES_256_KEY_SIZE, keyA, sizeof(keyA), + keyS, sizeof(keyS)); + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + PRIVATE_KEY_LOCK(); + bench_stats_asym_finish("KDF", 256, "SRTCP", 0, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +} +#endif + +#ifndef NO_RSA + +#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) +static void bench_rsaKeyGen_helper(int useDeviceID, word32 keySz) +{ + WC_DECLARE_ARRAY(genKey, RsaKey, BENCH_MAX_PENDING, + sizeof(RsaKey), HEAP_HINT); + double start = 0; + int ret = 0, i, count = 0, times, pending = 0; + const long rsa_e_val = WC_RSA_EXPONENT; + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(genKey, RsaKey, BENCH_MAX_PENDING, + sizeof(RsaKey), HEAP_HINT); + + bench_stats_start(&count, &start); + do { + /* while free pending slots in queue, submit ops */ + for (times = 0; times < genTimes || pending > 0; ) { + bench_async_poll(&pending); + + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), + 0, ×, genTimes, &pending)) { + wc_FreeRsaKey(genKey[i]); + ret = wc_InitRsaKey_ex(genKey[i], HEAP_HINT, devId); + if (ret < 0) { + goto exit; + } + + ret = wc_MakeRsaKey(genKey[i], (int)keySz, rsa_e_val, + &gRng); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(genKey[i]), 0, + ×, &pending)) { + goto exit; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit: + bench_stats_asym_finish("RSA", (int)keySz, desc[2], useDeviceID, count, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + /* cleanup */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_FreeRsaKey(genKey[i]); + } + + WC_FREE_ARRAY(genKey, BENCH_MAX_PENDING, HEAP_HINT); +} + +void bench_rsaKeyGen(int useDeviceID) +{ + int k; + +#if !defined(RSA_MAX_SIZE) || !defined(RSA_MIN_SIZE) + static const word32 keySizes[2] = {1024, 2048 }; +#elif RSA_MAX_SIZE >= 4096 + #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ + (RSA_MIN_SIZE <= 1024) + static const word32 keySizes[4] = {1024, 2048, 3072, 4096 }; + #else + static const word32 keySizes[3] = {2048, 3072, 4096}; + #endif +#elif RSA_MAX_SIZE >= 3072 + #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ + (RSA_MIN_SIZE <= 1024) + static const word32 keySizes[3] = {1024, 2048, 3072 }; + #else + static const word32 keySizes[2] = {2048, 3072 }; + #endif +#elif RSA_MAX_SIZE >= 2048 + #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ + (RSA_MIN_SIZE <= 1024) + static const word32 keySizes[2] = {1024, 2048 }; + #else + static const word32 keySizes[1] = {2048}; + #endif +#else + #if (!defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL)) && \ + (RSA_MIN_SIZE <= 1024) + static const word32 keySizes[1] = {1024 }; + #else + #error No candidate RSA key sizes to benchmark. + #endif +#endif + + for (k = 0; k < (int)(sizeof(keySizes)/sizeof(int)); k++) { + bench_rsaKeyGen_helper(useDeviceID, keySizes[k]); + } +} + + +void bench_rsaKeyGen_size(int useDeviceID, word32 keySz) +{ + bench_rsaKeyGen_helper(useDeviceID, keySz); +} +#endif /* WOLFSSL_KEY_GEN && !WOLFSSL_RSA_PUBLIC_ONLY */ + +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) + #if defined(WOLFSSL_MDK_SHELL) + static char *certRSAname = "certs/rsa2048.der"; + /* set by shell command */ + static void set_Bench_RSA_File(char * cert) { certRSAname = cert ; } + #elif defined(FREESCALE_MQX) + static char *certRSAname = "a:\\certs\\rsa2048.der"; + #else + static const char *certRSAname = "certs/rsa2048.der"; + #endif +#endif + +#define RSA_BUF_SIZE 384 /* for up to 3072 bit */ + +#if defined(WOLFSSL_RSA_VERIFY_INLINE) || defined(WOLFSSL_RSA_PUBLIC_ONLY) +#if defined(USE_CERT_BUFFERS_2048) +static const unsigned char rsa_2048_sig[] = { + 0x8c, 0x9e, 0x37, 0xbf, 0xc3, 0xa6, 0xba, 0x1c, + 0x53, 0x22, 0x40, 0x4b, 0x8b, 0x0d, 0x3c, 0x0e, + 0x2e, 0x8c, 0x31, 0x2c, 0x47, 0xbf, 0x03, 0x48, + 0x18, 0x46, 0x73, 0x8d, 0xd7, 0xdd, 0x17, 0x64, + 0x0d, 0x7f, 0xdc, 0x74, 0xed, 0x80, 0xc3, 0xe8, + 0x9a, 0x18, 0x33, 0xd4, 0xe6, 0xc5, 0xe1, 0x54, + 0x75, 0xd1, 0xbb, 0x40, 0xde, 0xa8, 0xb9, 0x1b, + 0x14, 0xe8, 0xc1, 0x39, 0xeb, 0xa0, 0x69, 0x8a, + 0xc6, 0x9b, 0xef, 0x53, 0xb5, 0x23, 0x2b, 0x78, + 0x06, 0x43, 0x37, 0x11, 0x81, 0x84, 0x73, 0x33, + 0x33, 0xfe, 0xf7, 0x5d, 0x2b, 0x84, 0xd6, 0x83, + 0xd6, 0xdd, 0x55, 0x33, 0xef, 0xd1, 0xf7, 0x12, + 0xb0, 0xc2, 0x0e, 0xb1, 0x78, 0xd4, 0xa8, 0xa3, + 0x25, 0xeb, 0xed, 0x9a, 0xb3, 0xee, 0xc3, 0x7e, + 0xce, 0x13, 0x18, 0x86, 0x31, 0xe1, 0xef, 0x01, + 0x0f, 0x6e, 0x67, 0x24, 0x74, 0xbd, 0x0b, 0x7f, + 0xa9, 0xca, 0x6f, 0xaa, 0x83, 0x28, 0x90, 0x40, + 0xf1, 0xb5, 0x10, 0x0e, 0x26, 0x03, 0x05, 0x5d, + 0x87, 0xb4, 0xe0, 0x4c, 0x98, 0xd8, 0xc6, 0x42, + 0x89, 0x77, 0xeb, 0xb6, 0xd4, 0xe6, 0x26, 0xf3, + 0x31, 0x25, 0xde, 0x28, 0x38, 0x58, 0xe8, 0x2c, + 0xf4, 0x56, 0x7c, 0xb6, 0xfd, 0x99, 0xb0, 0xb0, + 0xf4, 0x83, 0xb6, 0x74, 0xa9, 0x5b, 0x9f, 0xe8, + 0xe9, 0xf1, 0xa1, 0x2a, 0xbd, 0xf6, 0x83, 0x28, + 0x09, 0xda, 0xa6, 0xd6, 0xcd, 0x61, 0x60, 0xf7, + 0x13, 0x4e, 0x46, 0x57, 0x38, 0x1e, 0x11, 0x92, + 0x6b, 0x6b, 0xcf, 0xd3, 0xf4, 0x8b, 0x66, 0x03, + 0x25, 0xa3, 0x7a, 0x2f, 0xce, 0xc1, 0x85, 0xa5, + 0x48, 0x91, 0x8a, 0xb3, 0x4f, 0x5d, 0x98, 0xb1, + 0x69, 0x58, 0x47, 0x69, 0x0c, 0x52, 0xdc, 0x42, + 0x4c, 0xef, 0xe8, 0xd4, 0x4d, 0x6a, 0x33, 0x7d, + 0x9e, 0xd2, 0x51, 0xe6, 0x41, 0xbf, 0x4f, 0xa2 +}; +#elif defined(USE_CERT_BUFFERS_3072) +static const unsigned char rsa_3072_sig[] = { + 0x1a, 0xd6, 0x0d, 0xfd, 0xe3, 0x41, 0x95, 0x76, + 0x27, 0x16, 0x7d, 0xc7, 0x94, 0x16, 0xca, 0xa8, + 0x26, 0x08, 0xbe, 0x78, 0x87, 0x72, 0x4c, 0xd9, + 0xa7, 0xfc, 0x33, 0x77, 0x2d, 0x53, 0x07, 0xb5, + 0x8c, 0xce, 0x48, 0x17, 0x9b, 0xff, 0x9f, 0x9b, + 0x17, 0xc4, 0xbb, 0x72, 0xed, 0xdb, 0xa0, 0x34, + 0x69, 0x5b, 0xc7, 0x4e, 0xbf, 0xec, 0x13, 0xc5, + 0x98, 0x71, 0x9a, 0x4e, 0x18, 0x0e, 0xcb, 0xe7, + 0xc6, 0xd5, 0x21, 0x31, 0x7c, 0x0d, 0xae, 0x14, + 0x2b, 0x87, 0x4f, 0x77, 0x95, 0x2e, 0x26, 0xe2, + 0x83, 0xfe, 0x49, 0x1e, 0x87, 0x19, 0x4a, 0x63, + 0x73, 0x75, 0xf1, 0xf5, 0x71, 0xd2, 0xce, 0xd4, + 0x39, 0x2b, 0xd9, 0xe0, 0x76, 0x70, 0xc8, 0xf8, + 0xed, 0xdf, 0x90, 0x57, 0x17, 0xb9, 0x16, 0xf6, + 0xe9, 0x49, 0x48, 0xce, 0x5a, 0x8b, 0xe4, 0x84, + 0x7c, 0xf3, 0x31, 0x68, 0x97, 0x45, 0x68, 0x38, + 0x50, 0x3a, 0x70, 0xbd, 0xb3, 0xd3, 0xd2, 0xe0, + 0x56, 0x5b, 0xc2, 0x0c, 0x2c, 0x10, 0x70, 0x7b, + 0xd4, 0x99, 0xf9, 0x38, 0x31, 0xb1, 0x86, 0xa0, + 0x07, 0xf1, 0xf6, 0x53, 0xb0, 0x44, 0x82, 0x40, + 0xd2, 0xab, 0x0e, 0x71, 0x5d, 0xe1, 0xea, 0x3a, + 0x77, 0xc9, 0xef, 0xfe, 0x54, 0x65, 0xa3, 0x49, + 0xfd, 0xa5, 0x33, 0xaa, 0x16, 0x1a, 0x38, 0xe7, + 0xaa, 0xb7, 0x13, 0xb2, 0x3b, 0xc7, 0x00, 0x87, + 0x12, 0xfe, 0xfd, 0xf4, 0x55, 0x6d, 0x1d, 0x4a, + 0x0e, 0xad, 0xd0, 0x4c, 0x55, 0x91, 0x60, 0xd9, + 0xef, 0x74, 0x69, 0x22, 0x8c, 0x51, 0x65, 0xc2, + 0x04, 0xac, 0xd3, 0x8d, 0xf7, 0x35, 0x29, 0x13, + 0x6d, 0x61, 0x7c, 0x39, 0x2f, 0x41, 0x4c, 0xdf, + 0x38, 0xfd, 0x1a, 0x7d, 0x42, 0xa7, 0x6f, 0x3f, + 0x3d, 0x9b, 0xd1, 0x97, 0xab, 0xc0, 0xa7, 0x28, + 0x1c, 0xc0, 0x02, 0x26, 0xeb, 0xce, 0xf9, 0xe1, + 0x34, 0x45, 0xaf, 0xbf, 0x8d, 0xb8, 0xe0, 0xff, + 0xd9, 0x6f, 0x77, 0xf3, 0xf7, 0xed, 0x6a, 0xbb, + 0x03, 0x52, 0xfb, 0x38, 0xfc, 0xea, 0x9f, 0xc9, + 0x98, 0xed, 0x21, 0x45, 0xaf, 0x43, 0x2b, 0x64, + 0x96, 0x82, 0x30, 0xe9, 0xb4, 0x36, 0x89, 0x77, + 0x07, 0x4a, 0xc6, 0x1f, 0x38, 0x7a, 0xee, 0xb6, + 0x86, 0xf6, 0x2f, 0x03, 0xec, 0xa2, 0xe5, 0x48, + 0xe5, 0x5a, 0xf5, 0x1c, 0xd2, 0xd9, 0xd8, 0x2d, + 0x9d, 0x06, 0x07, 0xc9, 0x8b, 0x5d, 0xe0, 0x0f, + 0x5e, 0x0c, 0x53, 0x27, 0xff, 0x23, 0xee, 0xca, + 0x5e, 0x4d, 0xf1, 0x95, 0x77, 0x78, 0x1f, 0xf2, + 0x44, 0x5b, 0x7d, 0x01, 0x49, 0x61, 0x6f, 0x6d, + 0xbf, 0xf5, 0x19, 0x06, 0x39, 0xe9, 0xe9, 0x29, + 0xde, 0x47, 0x5e, 0x2e, 0x1f, 0x68, 0xf4, 0x32, + 0x5e, 0xe9, 0xd0, 0xa7, 0xb4, 0x2a, 0x45, 0xdf, + 0x15, 0x7d, 0x0d, 0x5b, 0xef, 0xc6, 0x23, 0xac +}; +#else + #error Not Supported Yet! +#endif +#endif /* WOLFSSL_RSA_VERIFY_INLINE || WOLFSSL_RSA_PUBLIC_ONLY */ + +static void bench_rsa_helper(int useDeviceID, + WC_ARRAY_ARG(rsaKey, + RsaKey, + BENCH_MAX_PENDING, + sizeof(RsaKey)), + word32 rsaKeySz) +{ + int ret = 0, i, times, count = 0, pending = 0; + word32 idx = 0; +#ifndef WOLFSSL_RSA_VERIFY_ONLY + const char* messageStr = TEST_STRING; + const int len = (int)TEST_STRING_SZ; +#endif + double start = 0.0F; + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() +#ifndef WOLFSSL_RSA_VERIFY_ONLY + WC_DECLARE_VAR(message, byte, TEST_STRING_SZ, HEAP_HINT); +#endif + WC_DECLARE_HEAP_ARRAY(enc, byte, BENCH_MAX_PENDING, + rsaKeySz/8, HEAP_HINT); + +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) + WC_DECLARE_HEAP_ARRAY(out, byte, BENCH_MAX_PENDING, + rsaKeySz/8, HEAP_HINT); +#else + byte* out[BENCH_MAX_PENDING]; +#endif + + bench_stats_prepare(); + +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) + WC_CALLOC_HEAP_ARRAY(out, byte, BENCH_MAX_PENDING, + rsaKeySz/8, HEAP_HINT); + if (out[0] == NULL) { + ret = MEMORY_E; + goto exit; + } +#else + XMEMSET(out, 0, sizeof(out)); +#endif + + WC_CALLOC_HEAP_ARRAY(enc, byte, BENCH_MAX_PENDING, + rsaKeySz/8, HEAP_HINT); + if (enc[0] == NULL) { + ret = MEMORY_E; + goto exit; + } + +#ifndef WOLFSSL_RSA_VERIFY_ONLY + WC_ALLOC_VAR(message, byte, TEST_STRING_SZ, HEAP_HINT); + XMEMCPY(message, messageStr, len); +#endif + + if (!rsa_sign_verify) { +#ifndef WOLFSSL_RSA_VERIFY_ONLY + /* begin public RSA */ + bench_stats_start(&count, &start); + do { + for (times = 0; times < ntimes || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, + BENCH_ASYNC_GET_DEV(rsaKey[i]), + 1, ×, ntimes, &pending)) { + ret = wc_RsaPublicEncrypt(message, (word32)len, enc[i], + rsaKeySz/8, rsaKey[i], + GLOBAL_RNG); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV( + rsaKey[i]), 1, ×, + &pending)) { + goto exit_rsa_verify; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + +exit_rsa_verify: + bench_stats_asym_finish("RSA", (int)rsaKeySz, desc[0], + useDeviceID, count, start, ret); + #ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); + #endif +#endif /* !WOLFSSL_RSA_VERIFY_ONLY */ + +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + if (ret < 0) { + goto exit; + } + + RESET_MULTI_VALUE_STATS_VARS(); + + /* capture resulting encrypt length */ + idx = (word32)(rsaKeySz/8); + + /* begin private async RSA */ + bench_stats_start(&count, &start); + do { + for (times = 0; times < ntimes || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, + BENCH_ASYNC_GET_DEV(rsaKey[i]), + 1, ×, ntimes, &pending)) { + ret = wc_RsaPrivateDecrypt(enc[i], idx, out[i], + rsaKeySz/8, rsaKey[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(rsaKey[i]), + 1, ×, &pending)) { + goto exit_rsa_pub; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + +exit_rsa_pub: + bench_stats_asym_finish("RSA", (int)rsaKeySz, desc[1], + useDeviceID, count, start, ret); + #ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); + #endif +#endif /* !WOLFSSL_RSA_PUBLIC_ONLY */ + } + else { +#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) + /* begin RSA sign */ + bench_stats_start(&count, &start); + do { + for (times = 0; times < ntimes || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, + BENCH_ASYNC_GET_DEV(rsaKey[i]), + 1, ×, ntimes, &pending)) { + ret = wc_RsaSSL_Sign(message, len, enc[i], + rsaKeySz/8, rsaKey[i], GLOBAL_RNG); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(rsaKey[i]), + 1, ×, &pending)) { + goto exit_rsa_sign; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + +exit_rsa_sign: + bench_stats_asym_finish("RSA", (int)rsaKeySz, desc[4], useDeviceID, + count, start, ret); + #ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); + #endif + if (ret < 0) { + goto exit; + } + + RESET_MULTI_VALUE_STATS_VARS(); + +#endif /* !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */ + + /* capture resulting encrypt length */ + idx = rsaKeySz/8; + + /* begin RSA verify */ + bench_stats_start(&count, &start); + do { + for (times = 0; times < ntimes || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, + BENCH_ASYNC_GET_DEV(rsaKey[i]), + 1, ×, ntimes, &pending)) { + #if !defined(WOLFSSL_RSA_VERIFY_INLINE) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY) + ret = wc_RsaSSL_Verify(enc[i], idx, out[i], + rsaKeySz/8, rsaKey[i]); + #elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(enc[i], rsa_2048_sig, sizeof(rsa_2048_sig)); + idx = sizeof(rsa_2048_sig); + out[i] = NULL; + ret = wc_RsaSSL_VerifyInline(enc[i], idx, + &out[i], rsaKey[i]); + if (ret > 0) { + ret = 0; + } + + #elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(enc[i], rsa_3072_sig, sizeof(rsa_3072_sig)); + idx = sizeof(rsa_3072_sig); + out[i] = NULL; + ret = wc_RsaSSL_VerifyInline(enc[i], idx, + &out[i], rsaKey[i]); + if (ret > 0) + ret = 0; + #endif + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(rsaKey[i]), + 1, ×, &pending)) { + goto exit_rsa_verifyinline; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) + #ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs + #endif + ); + +exit_rsa_verifyinline: + bench_stats_asym_finish("RSA", (int)rsaKeySz, desc[5], + useDeviceID, count, start, ret); + #ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); + #endif + } + +exit: + + WC_FREE_HEAP_ARRAY(enc, BENCH_MAX_PENDING, HEAP_HINT); +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || !defined(WOLFSSL_RSA_PUBLIC_ONLY) + WC_FREE_HEAP_ARRAY(out, BENCH_MAX_PENDING, HEAP_HINT); +#endif +#ifndef WOLFSSL_RSA_VERIFY_ONLY + WC_FREE_VAR(message, HEAP_HINT); +#endif +} + +void bench_rsa(int useDeviceID) +{ + int i; + WC_DECLARE_ARRAY(rsaKey, RsaKey, BENCH_MAX_PENDING, + sizeof(RsaKey), HEAP_HINT); + int ret = 0; + word32 rsaKeySz = 0; + const byte* tmp; + size_t bytes; +#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) + word32 idx; +#endif + + WC_CALLOC_ARRAY(rsaKey, RsaKey, BENCH_MAX_PENDING, + sizeof(RsaKey), HEAP_HINT); + +#ifdef USE_CERT_BUFFERS_1024 + tmp = rsa_key_der_1024; + bytes = (size_t)sizeof_rsa_key_der_1024; + rsaKeySz = 1024; +#elif defined(USE_CERT_BUFFERS_2048) + tmp = rsa_key_der_2048; + bytes = (size_t)sizeof_rsa_key_der_2048; + rsaKeySz = 2048; +#elif defined(USE_CERT_BUFFERS_3072) + tmp = rsa_key_der_3072; + bytes = (size_t)sizeof_rsa_key_der_3072; + rsaKeySz = 3072; +#elif defined(USE_CERT_BUFFERS_4096) + tmp = client_key_der_4096; + bytes = (size_t)sizeof_client_key_der_4096; + rsaKeySz = 4096; +#else + #error "need a cert buffer size" +#endif /* USE_CERT_BUFFERS */ + + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + /* setup an async context for each key */ + ret = wc_InitRsaKey_ex(rsaKey[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret < 0) { + goto exit; + } + +#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) + #ifdef WC_RSA_BLINDING + ret = wc_RsaSetRNG(rsaKey[i], &gRng); + if (ret != 0) + goto exit; + #endif +#endif + +#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) + /* decode the private key */ + idx = 0; + if ((ret = wc_RsaPrivateKeyDecode(tmp, &idx, + rsaKey[i], (word32)bytes)) != 0) { + printf("wc_RsaPrivateKeyDecode failed! %d\n", ret); + goto exit; + } +#elif defined(WOLFSSL_PUBLIC_MP) + /* get offset to public portion of the RSA key */ + #ifdef USE_CERT_BUFFERS_1024 + bytes = 11; + #elif defined(USE_CERT_BUFFERS_2048) || defined(USE_CERT_BUFFERS_3072) + bytes = 12; + #endif + ret = mp_read_unsigned_bin(&rsaKey[i]->n, &tmp[bytes], rsaKeySz/8); + if (ret != 0) { + printf("wc_RsaPrivateKeyDecode failed! %d\n", ret); + goto exit; + } + ret = mp_set_int(&rsaKey[i]->e, WC_RSA_EXPONENT); + if (ret != 0) { + printf("wc_RsaPrivateKeyDecode failed! %d\n", ret); + goto exit; + } +#else + /* Note: To benchmark public only define WOLFSSL_PUBLIC_MP */ + rsaKeySz = 0; +#endif + } + + if (rsaKeySz > 0) { + bench_rsa_helper(useDeviceID, rsaKey, rsaKeySz); + } + + (void)bytes; + (void)tmp; + +exit: + /* cleanup */ + if (WC_ARRAY_OK(rsaKey)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_FreeRsaKey(rsaKey[i]); + } + WC_FREE_ARRAY(rsaKey, BENCH_MAX_PENDING, HEAP_HINT); + } +} + + +#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) +/* bench any size of RSA key */ +void bench_rsa_key(int useDeviceID, word32 rsaKeySz) +{ + int ret = 0, i, pending = 0; + WC_DECLARE_ARRAY(rsaKey, RsaKey, BENCH_MAX_PENDING, + sizeof(RsaKey), HEAP_HINT); + int isPending[BENCH_MAX_PENDING]; + long exp = 65537L; + + /* clear for done cleanup */ + XMEMSET(isPending, 0, sizeof(isPending)); + + WC_CALLOC_ARRAY(rsaKey, RsaKey, BENCH_MAX_PENDING, + sizeof(RsaKey), HEAP_HINT); + + /* init keys */ + do { + pending = 0; + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (!isPending[i]) { /* if making the key is pending then just call + * wc_MakeRsaKey again */ + /* setup an async context for each key */ + if (wc_InitRsaKey_ex(rsaKey[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID) < 0) { + goto exit; + } + + #ifdef WC_RSA_BLINDING + ret = wc_RsaSetRNG(rsaKey[i], &gRng); + if (ret != 0) + goto exit; + #endif + } + + /* create the RSA key */ + ret = wc_MakeRsaKey(rsaKey[i], (int)rsaKeySz, exp, &gRng); + if (ret == WC_NO_ERR_TRACE(WC_PENDING_E)) { + isPending[i] = 1; + pending = 1; + } + else if (ret != 0) { + printf("wc_MakeRsaKey failed! %d\n", ret); + goto exit; + } + } /* for i */ + } while (pending > 0); + + bench_rsa_helper(useDeviceID, rsaKey, rsaKeySz); +exit: + + /* cleanup */ + if (WC_ARRAY_OK(rsaKey)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_FreeRsaKey(rsaKey[i]); + } + WC_FREE_ARRAY(rsaKey, BENCH_MAX_PENDING, HEAP_HINT); + } +} +#endif /* WOLFSSL_KEY_GEN */ +#endif /* !NO_RSA */ + + +#if !defined(NO_DH) && !defined(WC_NO_RNG) + +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) + #if defined(WOLFSSL_MDK_SHELL) + static char *certDHname = "certs/dh2048.der"; + /* set by shell command */ + void set_Bench_DH_File(char * cert) { certDHname = cert ; } + #elif defined(FREESCALE_MQX) + static char *certDHname = "a:\\certs\\dh2048.der"; + #elif defined(NO_ASN) + /* do nothing, but don't need a file */ + #else + static const char *certDHname = "certs/dh2048.der"; + #endif +#endif + +#ifdef HAVE_FFDHE_4096 +#define BENCH_DH_KEY_SIZE 512 /* for 4096 bit */ +#else +#define BENCH_DH_KEY_SIZE 384 /* for 3072 bit */ +#endif +#define BENCH_DH_PRIV_SIZE (BENCH_DH_KEY_SIZE/8) + +void bench_dh(int useDeviceID) +{ + int ret = 0, i; + int count = 0, times, pending = 0; + const byte* tmp = NULL; + double start = 0.0F; + WC_DECLARE_ARRAY(dhKey, DhKey, BENCH_MAX_PENDING, + sizeof(DhKey), HEAP_HINT); + int dhKeySz = BENCH_DH_KEY_SIZE * 8; /* used in printf */ + const char**desc = bench_desc_words[lng_index]; +#ifndef NO_ASN + size_t bytes = 0; + word32 idx; +#endif + word32 pubSz[BENCH_MAX_PENDING]; + word32 privSz[BENCH_MAX_PENDING]; + word32 pubSz2 = BENCH_DH_KEY_SIZE; + word32 privSz2 = BENCH_DH_PRIV_SIZE; + word32 agreeSz[BENCH_MAX_PENDING]; +#if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072) || defined(HAVE_FFDHE_4096) +#ifdef HAVE_PUBLIC_FFDHE + const DhParams *params = NULL; +#else + int paramName = 0; +#endif +#endif + DECLARE_MULTI_VALUE_STATS_VARS() + + WC_DECLARE_ARRAY(pub, byte, BENCH_MAX_PENDING, + BENCH_DH_KEY_SIZE, HEAP_HINT); + WC_DECLARE_VAR(pub2, byte, + BENCH_DH_KEY_SIZE, HEAP_HINT); + WC_DECLARE_ARRAY(agree, byte, BENCH_MAX_PENDING, + BENCH_DH_KEY_SIZE, HEAP_HINT); + WC_DECLARE_ARRAY(priv, byte, BENCH_MAX_PENDING, + BENCH_DH_PRIV_SIZE, HEAP_HINT); + WC_DECLARE_VAR(priv2, byte, + BENCH_DH_PRIV_SIZE, HEAP_HINT); + + bench_stats_prepare(); + + /* old scan-build misfires -Wmaybe-uninitialized on these. */ + XMEMSET(pub, 0, sizeof(pub)); + XMEMSET(agree, 0, sizeof(agree)); + XMEMSET(priv, 0, sizeof(priv)); + + WC_CALLOC_ARRAY(dhKey, DhKey, BENCH_MAX_PENDING, + sizeof(DhKey), HEAP_HINT); + WC_ALLOC_ARRAY(pub, byte, + BENCH_MAX_PENDING, BENCH_DH_KEY_SIZE, HEAP_HINT); + WC_ALLOC_ARRAY(agree, byte, + BENCH_MAX_PENDING, BENCH_DH_KEY_SIZE, HEAP_HINT); + WC_ALLOC_ARRAY(priv, byte, + BENCH_MAX_PENDING, BENCH_DH_PRIV_SIZE, HEAP_HINT); + + WC_ALLOC_VAR(pub2, byte, BENCH_DH_KEY_SIZE, HEAP_HINT); + WC_ALLOC_VAR(priv2, byte, BENCH_DH_PRIV_SIZE, HEAP_HINT); + + (void)tmp; + + if (!use_ffdhe) { +#if defined(NO_ASN) + dhKeySz = 1024; + /* do nothing, but don't use default FILE */ +#elif defined(USE_CERT_BUFFERS_1024) + tmp = dh_key_der_1024; + bytes = (size_t)sizeof_dh_key_der_1024; + dhKeySz = 1024; +#elif defined(USE_CERT_BUFFERS_2048) + tmp = dh_key_der_2048; + bytes = (size_t)sizeof_dh_key_der_2048; + dhKeySz = 2048; +#elif defined(USE_CERT_BUFFERS_3072) + tmp = dh_key_der_3072; + bytes = (size_t)sizeof_dh_key_der_3072; + dhKeySz = 3072; +#elif defined(USE_CERT_BUFFERS_4096) + tmp = dh_key_der_4096; + bytes = (size_t)sizeof_dh_key_der_4096; + dhKeySz = 4096; +#else + #error "need to define a cert buffer size" +#endif /* USE_CERT_BUFFERS */ + } +#ifdef HAVE_FFDHE_2048 + else if (use_ffdhe == 2048) { +#ifdef HAVE_PUBLIC_FFDHE + params = wc_Dh_ffdhe2048_Get(); +#else + paramName = WC_FFDHE_2048; +#endif + dhKeySz = 2048; + } +#endif +#ifdef HAVE_FFDHE_3072 + else if (use_ffdhe == 3072) { +#ifdef HAVE_PUBLIC_FFDHE + params = wc_Dh_ffdhe3072_Get(); +#else + paramName = WC_FFDHE_3072; +#endif + dhKeySz = 3072; + } +#endif +#ifdef HAVE_FFDHE_4096 + else if (use_ffdhe == 4096) { +#ifdef HAVE_PUBLIC_FFDHE + params = wc_Dh_ffdhe4096_Get(); +#else + paramName = WC_FFDHE_4096; +#endif + dhKeySz = 4096; + } +#endif + + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + /* setup an async context for each key */ + ret = wc_InitDhKey_ex(dhKey[i], HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) + goto exit; + + /* setup key */ + if (!use_ffdhe) { + #ifdef NO_ASN + ret = wc_DhSetKey(dhKey[i], dh_p, + sizeof(dh_p), dh_g, sizeof(dh_g)); + #else + idx = 0; + ret = wc_DhKeyDecode(tmp, &idx, dhKey[i], (word32)bytes); + #endif + } + #if defined(HAVE_FFDHE_2048) || defined(HAVE_FFDHE_3072) || \ + defined(HAVE_FFDHE_4096) + #ifdef HAVE_PUBLIC_FFDHE + else if (params != NULL) { + ret = wc_DhSetKey(dhKey[i], params->p, params->p_len, + params->g, params->g_len); + } + #else + else if (paramName != 0) { + ret = wc_DhSetNamedKey(dhKey[i], paramName); + } + #endif + #endif + if (ret != 0) { + printf("DhKeyDecode failed %d, can't benchmark\n", ret); + goto exit; + } + } + + + /* Key Gen */ + bench_stats_start(&count, &start); + PRIVATE_KEY_UNLOCK(); + do { + /* while free pending slots in queue, submit ops */ + for (times = 0; times < genTimes || pending > 0; ) { + bench_async_poll(&pending); + + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(dhKey[i]), + 0, ×, genTimes, &pending)) { + privSz[i] = BENCH_DH_PRIV_SIZE; + pubSz[i] = BENCH_DH_KEY_SIZE; + ret = wc_DhGenerateKeyPair(dhKey[i], &gRng, + priv[i], &privSz[i], + pub[i], &pubSz[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(dhKey[i]), + 0, ×, &pending)) { + goto exit_dh_gen; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + PRIVATE_KEY_LOCK(); +exit_dh_gen: + bench_stats_asym_finish("DH", dhKeySz, desc[2], + useDeviceID, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + if (ret < 0) { + goto exit; + } + + RESET_MULTI_VALUE_STATS_VARS(); + + /* Generate key to use as other public */ + PRIVATE_KEY_UNLOCK(); + ret = wc_DhGenerateKeyPair(dhKey[0], &gRng, + priv2, &privSz2, pub2, &pubSz2); + PRIVATE_KEY_LOCK(); +#ifdef WOLFSSL_ASYNC_CRYPT + ret = wc_AsyncWait(ret, &dhKey[0]->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + + /* Key Agree */ + bench_stats_start(&count, &start); + PRIVATE_KEY_UNLOCK(); + do { + for (times = 0; times < agreeTimes || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(dhKey[i]), + 0, ×, agreeTimes, &pending)) { + ret = wc_DhAgree(dhKey[i], agree[i], &agreeSz[i], priv[i], + privSz[i], pub2, pubSz2); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(dhKey[i]), 0, ×, &pending)) { + goto exit; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + PRIVATE_KEY_LOCK(); + +exit: + bench_stats_asym_finish("DH", dhKeySz, desc[3], + useDeviceID, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + /* cleanup */ + if (WC_ARRAY_OK(dhKey)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_FreeDhKey(dhKey[i]); + } + WC_FREE_ARRAY(dhKey, BENCH_MAX_PENDING, HEAP_HINT); + } + WC_FREE_ARRAY(pub, BENCH_MAX_PENDING, HEAP_HINT); + WC_FREE_VAR(pub2, HEAP_HINT); + WC_FREE_ARRAY(priv, BENCH_MAX_PENDING, HEAP_HINT); + WC_FREE_VAR(priv2, HEAP_HINT); + WC_FREE_ARRAY(agree, BENCH_MAX_PENDING, HEAP_HINT); +} +#endif /* !NO_DH && !WC_NO_RNG */ + +#ifdef WOLFSSL_HAVE_MLKEM +static void bench_mlkem_keygen(int type, const char* name, int keySize, + KyberKey* key) +{ +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + int ret = 0, times, count, pending = 0; + double start; + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + /* MLKEM Make Key */ + bench_stats_start(&count, &start); + do { + /* while free pending slots in queue, submit ops */ + for (times = 0; times < agreeTimes || pending > 0; times++) { + wc_KyberKey_Free(key); + ret = wc_KyberKey_Init(type, key, HEAP_HINT, INVALID_DEVID); + if (ret != 0) + goto exit; + +#ifdef MLKEM_NONDETERMINISTIC + ret = wc_KyberKey_MakeKey(key, &gRng); +#else + { + unsigned char rand[WC_ML_KEM_MAKEKEY_RAND_SZ] = {0,}; + ret = wc_KyberKey_MakeKeyWithRandom(key, rand, sizeof(rand)); + } +#endif + if (ret != 0) + goto exit; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit: + bench_stats_asym_finish(name, keySize, desc[2], 0, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +#else + (void)type; + (void)name; + (void)keySize; + (void)key; +#endif /* !WOLFSSL_MLKEM_NO_MAKE_KEY */ +} + +#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) +static void bench_mlkem_encap(int type, const char* name, int keySize, + KyberKey* key1, KyberKey* key2) +{ + int ret = 0, times, count, pending = 0; + double start; + const char**desc = bench_desc_words[lng_index]; + byte ct[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE]; + byte ss[WC_ML_KEM_SS_SZ]; + byte pub[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE]; + word32 pubLen; + word32 ctSz; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + ret = wc_KyberKey_PublicKeySize(key1, &pubLen); + if (ret != 0) { + return; + } + ret = wc_KyberKey_EncodePublicKey(key1, pub, pubLen); + if (ret != 0) { + return; + } + ret = wc_KyberKey_Init(type, key2, HEAP_HINT, INVALID_DEVID); + if (ret != 0) { + return; + } + ret = wc_KyberKey_DecodePublicKey(key2, pub, pubLen); + if (ret != 0) { + return; + } + + ret = wc_KyberKey_CipherTextSize(key2, &ctSz); + if (ret != 0) { + return; + } + +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + /* MLKEM Encapsulate */ + bench_stats_start(&count, &start); + do { + /* while free pending slots in queue, submit ops */ + for (times = 0; times < agreeTimes || pending > 0; times++) { +#ifdef MLKEM_NONDETERMINISTIC + ret = wc_KyberKey_Encapsulate(key2, ct, ss, &gRng); +#else + unsigned char rand[WC_ML_KEM_ENC_RAND_SZ] = {0,}; + ret = wc_KyberKey_EncapsulateWithRandom(key2, ct, ss, rand, + sizeof(rand)); +#endif + if (ret != 0) + goto exit_encap; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_encap: + bench_stats_asym_finish(name, keySize, desc[9], 0, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +#endif + +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + RESET_MULTI_VALUE_STATS_VARS(); + + /* MLKEM Decapsulate */ + bench_stats_start(&count, &start); + do { + /* while free pending slots in queue, submit ops */ + for (times = 0; times < agreeTimes || pending > 0; times++) { + ret = wc_KyberKey_Decapsulate(key1, ss, ct, ctSz); + if (ret != 0) + goto exit_decap; + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_decap: + bench_stats_asym_finish(name, keySize, desc[13], 0, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +#endif +} +#endif + +void bench_mlkem(int type) +{ +#ifdef WOLFSSL_SMALL_STACK + KyberKey *key1 = NULL; + KyberKey *key2 = NULL; +#else + KyberKey key1[1]; + KyberKey key2[1]; +#endif + const char* name = NULL; + int keySize = 0; + + switch (type) { +#ifndef WOLFSSL_NO_ML_KEM +#ifdef WOLFSSL_WC_ML_KEM_512 + case WC_ML_KEM_512: + name = "ML-KEM 512 "; + keySize = 128; + break; +#endif +#ifdef WOLFSSL_WC_ML_KEM_768 + case WC_ML_KEM_768: + name = "ML-KEM 768 "; + keySize = 192; + break; +#endif +#ifdef WOLFSSL_WC_ML_KEM_1024 + case WC_ML_KEM_1024: + name = "ML-KEM 1024"; + keySize = 256; + break; +#endif +#endif +#ifdef WOLFSSL_MLKEM_KYBER +#ifdef WOLFSSL_KYBER512 + case KYBER512: + name = "KYBER512 "; + keySize = 128; + break; +#endif +#ifdef WOLFSSL_KYBER768 + case KYBER768: + name = "KYBER768 "; + keySize = 192; + break; +#endif +#ifdef WOLFSSL_KYBER1024 + case KYBER1024: + name = "KYBER1024"; + keySize = 256; + break; +#endif +#endif + default: + return; + } + +#ifdef WOLFSSL_SMALL_STACK + key1 = (KyberKey *)XMALLOC(sizeof(*key1), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (key1 == NULL) + return; + key2 = (KyberKey *)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (key2 == NULL) { + XFREE(key1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return; + } +#endif + + bench_mlkem_keygen(type, name, keySize, key1); +#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) || \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) + bench_mlkem_encap(type, name, keySize, key1, key2); +#endif + + wc_KyberKey_Free(key2); + wc_KyberKey_Free(key1); + + WC_FREE_VAR_EX(key1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +} +#endif + +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) +#ifndef WOLFSSL_WC_LMS_SERIALIZE_STATE +#ifndef WOLFSSL_NO_LMS_SHA256_256 +/* WC_LMS_PARM_L2_H10_W2 + * signature length: 9300 */ +static const byte lms_priv_L2_H10_W2[64] = +{ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x62,0x62,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xC7,0x74,0x25,0x5B,0x2C,0xE8,0xDA,0x53, + 0xF0,0x7C,0x04,0x3F,0x64,0x2D,0x26,0x2C, + 0x46,0x1D,0xC8,0x90,0x77,0x59,0xD6,0xC0, + 0x56,0x46,0x7D,0x97,0x64,0xF2,0xA3,0xA1, + 0xF8,0xD0,0x3B,0x5F,0xAC,0x40,0xB9,0x9E, + 0x83,0x67,0xBF,0x92,0x8D,0xFE,0x45,0x79 +}; + +static const byte lms_pub_L2_H10_W2[60] = +{ + 0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x06, + 0x00,0x00,0x00,0x02,0xF8,0xD0,0x3B,0x5F, + 0xAC,0x40,0xB9,0x9E,0x83,0x67,0xBF,0x92, + 0x8D,0xFE,0x45,0x79,0x41,0xBC,0x2A,0x3B, + 0x9F,0xC0,0x11,0x12,0x93,0xF0,0x5A,0xA5, + 0xC1,0x88,0x29,0x79,0x6C,0x3E,0x0A,0x0F, + 0xEC,0x3B,0x3E,0xE4,0x38,0xD3,0xD2,0x34, + 0x7F,0xC8,0x91,0xB0 +}; + +/* WC_LMS_PARM_L2_H10_W4 + * signature length: 5076 */ +static const byte lms_priv_L2_H10_W4[64] = +{ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x63,0x63,0xFF,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xAE,0x28,0x87,0x19,0x4F,0x4B,0x68,0x61, + 0x93,0x9A,0xC7,0x0E,0x33,0xB8,0xCE,0x96, + 0x66,0x0D,0xC7,0xB1,0xFA,0x94,0x80,0xA2, + 0x28,0x9B,0xCF,0xE2,0x08,0xB5,0x25,0xAC, + 0xFB,0xB8,0x65,0x5E,0xD1,0xCC,0x31,0xDA, + 0x2E,0x49,0x3A,0xEE,0xAF,0x63,0x70,0x5E +}; + +static const byte lms_pub_L2_H10_W4[60] = +{ + 0x00,0x00,0x00,0x02,0x00,0x00,0x00,0x06, + 0x00,0x00,0x00,0x03,0xFB,0xB8,0x65,0x5E, + 0xD1,0xCC,0x31,0xDA,0x2E,0x49,0x3A,0xEE, + 0xAF,0x63,0x70,0x5E,0xA2,0xD5,0xB6,0x15, + 0x33,0x8C,0x9B,0xE9,0xE1,0x91,0x40,0x1A, + 0x12,0xE0,0xD7,0xBD,0xE4,0xE0,0x76,0xF5, + 0x04,0x90,0x76,0xA5,0x9A,0xA7,0x4E,0xFE, + 0x6B,0x9A,0xD3,0x14 +}; + +/* WC_LMS_PARM_L3_H5_W4 + * signature length: 7160 */ +static const byte lms_priv_L3_H5_W4[64] = +{ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x53,0x53,0x53,0xFF,0xFF,0xFF,0xFF,0xFF, + 0x38,0xD1,0xBE,0x68,0xD1,0x93,0xE1,0x14, + 0x6C,0x8B,0xED,0xE2,0x25,0x88,0xED,0xAC, + 0x57,0xBD,0x87,0x9F,0x54,0xF3,0x58,0xD9, + 0x4D,0xF5,0x6A,0xBD,0x71,0x99,0x6A,0x28, + 0x2F,0xE1,0xFC,0xD1,0xD1,0x0C,0x7C,0xF8, + 0xB4,0xDC,0xDF,0x7F,0x14,0x1A,0x7B,0x50 +}; + +static const byte lms_pub_L3_H5_W4[60] = +{ + 0x00,0x00,0x00,0x03,0x00,0x00,0x00,0x05, + 0x00,0x00,0x00,0x03,0x2F,0xE1,0xFC,0xD1, + 0xD1,0x0C,0x7C,0xF8,0xB4,0xDC,0xDF,0x7F, + 0x14,0x1A,0x7B,0x50,0x8E,0x3A,0xD4,0x05, + 0x0C,0x95,0x59,0xA0,0xCA,0x7A,0xD8,0xD6, + 0x5D,0xBD,0x42,0xBB,0xD5,0x82,0xB8,0x9C, + 0x52,0x37,0xB7,0x45,0x03,0xC2,0x06,0xCE, + 0xAB,0x4B,0x51,0x39 +}; + +/* WC_LMS_PARM_L3_H5_W8 + * signature length: 3992 */ +static const byte lms_priv_L3_H5_W8[64] = +{ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x54,0x54,0x54,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xA5,0x46,0x97,0x0C,0xA1,0x3C,0xEA,0x17, + 0x5C,0x9D,0x59,0xF4,0x0E,0x27,0x37,0xF3, + 0x6A,0x1C,0xF7,0x29,0x4A,0xCC,0xCD,0x7B, + 0x4F,0xE7,0x37,0x6E,0xEF,0xC1,0xBD,0xBD, + 0x04,0x5D,0x8E,0xDD,0xAA,0x47,0xCC,0xE6, + 0xCE,0x78,0x46,0x20,0x41,0x87,0xE0,0x85 +}; + +static const byte lms_pub_L3_H5_W8[60] = +{ + 0x00,0x00,0x00,0x03,0x00,0x00,0x00,0x05, + 0x00,0x00,0x00,0x04,0x04,0x5D,0x8E,0xDD, + 0xAA,0x47,0xCC,0xE6,0xCE,0x78,0x46,0x20, + 0x41,0x87,0xE0,0x85,0x0D,0x2C,0x46,0xB9, + 0x39,0x8C,0xA3,0x92,0x4F,0xCE,0x50,0x96, + 0x90,0x9C,0xF3,0x36,0x2E,0x09,0x15,0x3B, + 0x4B,0x34,0x17,0xE7,0xE2,0x55,0xFC,0x5B, + 0x83,0xAB,0x43,0xAF +}; + +/* WC_LMS_PARM_L3_H10_W4 + * signature length: 7640 */ +static const byte lms_priv_L3_H10_W4[64] = +{ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x63,0x63,0x63,0xFF,0xFF,0xFF,0xFF,0xFF, + 0xDF,0x98,0xAB,0xEC,0xFE,0x13,0x9F,0xF8, + 0xD7,0x2B,0x4F,0x4C,0x79,0x34,0xB8,0x89, + 0x24,0x6B,0x26,0x7D,0x7A,0x2E,0xA2,0xCB, + 0x82,0x75,0x4E,0x96,0x54,0x49,0xED,0xA0, + 0xAF,0xC7,0xA5,0xEE,0x8A,0xA2,0x83,0x99, + 0x4B,0x18,0x59,0x2B,0x66,0xC0,0x32,0xDB +}; + +static const byte lms_pub_L3_H10_W4[60] = +{ + 0x00,0x00,0x00,0x03,0x00,0x00,0x00,0x06, + 0x00,0x00,0x00,0x03,0xAF,0xC7,0xA5,0xEE, + 0x8A,0xA2,0x83,0x99,0x4B,0x18,0x59,0x2B, + 0x66,0xC0,0x32,0xDB,0xC4,0x18,0xEB,0x11, + 0x17,0x7D,0xAA,0x93,0xFD,0xA0,0x70,0x4D, + 0x68,0x4B,0x63,0x8F,0xC2,0xE7,0xCA,0x34, + 0x14,0x31,0x0D,0xAA,0x18,0xBF,0x9B,0x32, + 0x8D,0x78,0xD5,0xA8 +}; + +/* WC_LMS_PARM_L4_H5_W8 + * signature length: 5340 */ +static const byte lms_priv_L4_H5_W8[64] = +{ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x54,0x54,0x54,0x54,0xFF,0xFF,0xFF,0xFF, + 0x46,0x8F,0x2A,0x4A,0x14,0x26,0xF0,0x89, + 0xFE,0xED,0x66,0x0F,0x73,0x69,0xB1,0x4C, + 0x47,0xA1,0x35,0x9F,0x7B,0xBA,0x08,0x03, + 0xEE,0xA2,0xEB,0xAD,0xB4,0x82,0x52,0x1F, + 0xFD,0x9B,0x22,0x82,0x42,0x1A,0x96,0x1E, + 0xE4,0xA1,0x9C,0x33,0xED,0xE6,0x9F,0xAB +}; + +static const byte lms_pub_L4_H5_W8[60] = +{ + 0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x05, + 0x00,0x00,0x00,0x04,0xFD,0x9B,0x22,0x82, + 0x42,0x1A,0x96,0x1E,0xE4,0xA1,0x9C,0x33, + 0xED,0xE6,0x9F,0xAB,0x6B,0x47,0x05,0x5B, + 0xA7,0xAD,0xF6,0x88,0xA5,0x4F,0xCD,0xF1, + 0xDA,0x29,0x67,0xC3,0x7F,0x2C,0x11,0xFE, + 0x85,0x1A,0x7A,0xD8,0xD5,0x46,0x74,0x3B, + 0x74,0x24,0x12,0xC8 +}; +#endif +#endif /* WOLFSSL_WC_LMS_SERIALIZE_STATE */ + +static int lms_write_key_mem(const byte* priv, word32 privSz, void* context) +{ + /* WARNING: THIS IS AN INSECURE WRITE CALLBACK THAT SHOULD ONLY + * BE USED FOR TESTING PURPOSES! Production applications should + * write only to non-volatile storage. */ + XMEMCPY(context, priv, privSz); + return WC_LMS_RC_SAVED_TO_NV_MEMORY; +} + +static int lms_read_key_mem(byte* priv, word32 privSz, void* context) +{ + /* WARNING: THIS IS AN INSECURE READ CALLBACK THAT SHOULD ONLY + * BE USED FOR TESTING PURPOSES! */ + XMEMCPY(priv, context, privSz); + return WC_LMS_RC_READ_TO_MEMORY; +} +#ifdef WOLFSSL_WC_LMS_SERIALIZE_STATE +static byte lms_priv[64*1024 + HSS_MAX_PRIVATE_KEY_LEN]; +#else +static byte lms_priv[HSS_MAX_PRIVATE_KEY_LEN]; +#endif + +static void bench_lms_keygen(enum wc_LmsParm parm, byte* pub) +{ + WC_RNG rng; + LmsKey key; + int ret; + word32 pubLen = HSS_MAX_PUBLIC_KEY_LEN; + int times = 0; + int count = 0; + double start = 0.0F; + int levels; + int height; + int winternitz; + const char* str = wc_LmsKey_ParmToStr(parm); + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) { + printf("error: wc_InitRng failed: %d\n", ret); + return; + } + + ret = wc_LmsKey_Init(&key, NULL, INVALID_DEVID); + if (ret) { + printf("wc_LmsKey_Init failed: %d\n", ret); + wc_FreeRng(&rng); + return; + } + + count = 0; + bench_stats_start(&count, &start); + + do { + /* LMS is stateful. Async queuing not practical. */ + for (times = 0; times < 1; ++times) { + + wc_LmsKey_Free(&key); + + ret = wc_LmsKey_Init(&key, NULL, INVALID_DEVID); + if (ret) { + printf("wc_LmsKey_Init failed: %d\n", ret); + goto exit_lms_keygen; + } + + ret = wc_LmsKey_SetLmsParm(&key, parm); + if (ret) { + printf("wc_LmsKey_SetLmsParm failed: %d\n", ret); + goto exit_lms_keygen; + } + + ret = wc_LmsKey_GetParameters(&key, &levels, &height, &winternitz); + if (ret) { + printf("error: wc_LmsKey_GetParameters failed: %d\n", + ret); + goto exit_lms_keygen; + } + + ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem); + if (ret) { + printf("error: wc_LmsKey_SetWriteCb failed: %d\n", + ret); + goto exit_lms_keygen; + } + + ret = wc_LmsKey_SetReadCb(&key, lms_read_key_mem); + if (ret) { + printf("error: wc_LmsKey_SetReadCb failed: %d\n", ret); + goto exit_lms_keygen; + } + + ret = wc_LmsKey_SetContext(&key, (void*)lms_priv); + if (ret) { + printf("error: wc_LmsKey_SetContext failed: %d\n", + ret); + goto exit_lms_keygen; + } + + ret = wc_LmsKey_MakeKey(&key, &rng); + if (ret) { + printf("wc_LmsKey_MakeKey failed: %d\n", ret); + goto exit_lms_keygen; + } + + RECORD_MULTI_VALUE_STATS(); + } + + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish(str, levels * height, "keygen", 0, + count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + ret = wc_LmsKey_ExportPubRaw(&key, pub, &pubLen); + if (ret) { + printf("error: wc_LmsKey_ExportPubRaw failed: %d\n", ret); + } + +exit_lms_keygen: + wc_LmsKey_Free(&key); + wc_FreeRng(&rng); +} + +static void bench_lms_sign_verify(enum wc_LmsParm parm, byte* pub) +{ + LmsKey key; + int ret = 0; + const char * msg = TEST_STRING; + word32 msgSz = TEST_STRING_SZ; + byte * sig = NULL; + word32 sigSz = 0; + word32 privLen = 0; + int loaded = 0; + int times = 0; + int count = 0; + double start = 0.0F; + const char * str = wc_LmsKey_ParmToStr(parm); + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + ret = wc_LmsKey_Init(&key, NULL, INVALID_DEVID); + if (ret) { + printf("wc_LmsKey_Init failed: %d\n", ret); + goto exit_lms_sign_verify; + } + + ret = wc_LmsKey_SetLmsParm(&key, parm); + if (ret) { + printf("wc_LmsKey_SetLmsParm failed: %d\n", ret); + goto exit_lms_sign_verify; + } + +#ifndef WOLFSSL_WC_LMS_SERIALIZE_STATE + switch (parm) { +#ifndef WOLFSSL_NO_LMS_SHA256_256 + case WC_LMS_PARM_L2_H10_W2: + XMEMCPY(lms_priv, lms_priv_L2_H10_W2, sizeof(lms_priv_L2_H10_W2)); + XMEMCPY(key.pub, lms_pub_L2_H10_W2, HSS_MAX_PUBLIC_KEY_LEN); + break; + + case WC_LMS_PARM_L2_H10_W4: + XMEMCPY(lms_priv, lms_priv_L2_H10_W4, sizeof(lms_priv_L2_H10_W4)); + XMEMCPY(key.pub, lms_pub_L2_H10_W4, HSS_MAX_PUBLIC_KEY_LEN); + break; + + case WC_LMS_PARM_L3_H5_W4: + XMEMCPY(lms_priv, lms_priv_L3_H5_W4, sizeof(lms_priv_L3_H5_W4)); + XMEMCPY(key.pub, lms_pub_L3_H5_W4, HSS_MAX_PUBLIC_KEY_LEN); + break; + + case WC_LMS_PARM_L3_H5_W8: + XMEMCPY(lms_priv, lms_priv_L3_H5_W8, sizeof(lms_priv_L3_H5_W8)); + XMEMCPY(key.pub, lms_pub_L3_H5_W8, HSS_MAX_PUBLIC_KEY_LEN); + break; + + case WC_LMS_PARM_L3_H10_W4: + XMEMCPY(lms_priv, lms_priv_L3_H10_W4, sizeof(lms_priv_L3_H10_W4)); + XMEMCPY(key.pub, lms_pub_L3_H10_W4, HSS_MAX_PUBLIC_KEY_LEN); + break; + + case WC_LMS_PARM_L4_H5_W8: + XMEMCPY(lms_priv, lms_priv_L4_H5_W8, sizeof(lms_priv_L4_H5_W8)); + XMEMCPY(key.pub, lms_pub_L4_H5_W8, HSS_MAX_PUBLIC_KEY_LEN); + break; + + case WC_LMS_PARM_NONE: + case WC_LMS_PARM_L1_H15_W2: + case WC_LMS_PARM_L1_H15_W4: + case WC_LMS_PARM_L2_H10_W8: + case WC_LMS_PARM_L3_H5_W2: + case WC_LMS_PARM_L1_H5_W1: + case WC_LMS_PARM_L1_H5_W2: + case WC_LMS_PARM_L1_H5_W4: + case WC_LMS_PARM_L1_H5_W8: + case WC_LMS_PARM_L1_H10_W2: + case WC_LMS_PARM_L1_H10_W4: + case WC_LMS_PARM_L1_H10_W8: + case WC_LMS_PARM_L1_H15_W8: + case WC_LMS_PARM_L1_H20_W2: + case WC_LMS_PARM_L1_H20_W4: + case WC_LMS_PARM_L1_H20_W8: + case WC_LMS_PARM_L2_H5_W2: + case WC_LMS_PARM_L2_H5_W4: + case WC_LMS_PARM_L2_H5_W8: + case WC_LMS_PARM_L2_H15_W2: + case WC_LMS_PARM_L2_H15_W4: + case WC_LMS_PARM_L2_H15_W8: + case WC_LMS_PARM_L2_H20_W2: + case WC_LMS_PARM_L2_H20_W4: + case WC_LMS_PARM_L2_H20_W8: + case WC_LMS_PARM_L3_H10_W8: + case WC_LMS_PARM_L4_H5_W2: + case WC_LMS_PARM_L4_H5_W4: + case WC_LMS_PARM_L4_H10_W4: + case WC_LMS_PARM_L4_H10_W8: +#endif + +#ifdef WOLFSSL_LMS_SHA256_192 + case WC_LMS_PARM_SHA256_192_L1_H5_W1: + case WC_LMS_PARM_SHA256_192_L1_H5_W2: + case WC_LMS_PARM_SHA256_192_L1_H5_W4: + case WC_LMS_PARM_SHA256_192_L1_H5_W8: + case WC_LMS_PARM_SHA256_192_L1_H10_W2: + case WC_LMS_PARM_SHA256_192_L1_H10_W4: + case WC_LMS_PARM_SHA256_192_L1_H10_W8: + case WC_LMS_PARM_SHA256_192_L1_H15_W2: + case WC_LMS_PARM_SHA256_192_L1_H15_W4: + case WC_LMS_PARM_SHA256_192_L1_H20_W2: + case WC_LMS_PARM_SHA256_192_L1_H20_W4: + case WC_LMS_PARM_SHA256_192_L1_H20_W8: + case WC_LMS_PARM_SHA256_192_L2_H10_W2: + case WC_LMS_PARM_SHA256_192_L2_H10_W4: + case WC_LMS_PARM_SHA256_192_L2_H10_W8: + case WC_LMS_PARM_SHA256_192_L3_H5_W2: + case WC_LMS_PARM_SHA256_192_L3_H5_W4: + case WC_LMS_PARM_SHA256_192_L3_H5_W8: + case WC_LMS_PARM_SHA256_192_L3_H10_W4: + case WC_LMS_PARM_SHA256_192_L4_H5_W8: +#endif + + default: + XMEMCPY(key.pub, pub, HSS_MAX_PUBLIC_KEY_LEN); + break; + } +#else + XMEMCPY(key.pub, pub, HSS_MAX_PUBLIC_KEY_LEN); +#endif + + ret = wc_LmsKey_SetWriteCb(&key, lms_write_key_mem); + if (ret) { + printf("error: wc_LmsKey_SetWriteCb failed: %d\n", ret); + goto exit_lms_sign_verify; + } + + ret = wc_LmsKey_SetReadCb(&key, lms_read_key_mem); + if (ret) { + printf("error: wc_LmsKey_SetReadCb failed: %d\n", ret); + goto exit_lms_sign_verify; + } + + ret = wc_LmsKey_SetContext(&key, (void*)lms_priv); + if (ret) { + printf("error: wc_LmsKey_SetContext failed: %d\n", ret); + goto exit_lms_sign_verify; + } + + /* Even with saved priv/pub keys, we must still reload the private + * key before using it. Reloading the private key is the bottleneck + * for larger heights. Only print load time in debug builds. */ + count = 0; + bench_stats_start(&count, &start); + +#ifndef WOLFSSL_WC_LMS_SMALL + do { + #ifdef WOLFSSL_WC_LMS + key.priv.inited = 0; + key.state = WC_LMS_STATE_PARMSET; + #endif + ret = wc_LmsKey_Reload(&key); + if (ret) { + printf("wc_LmsKey_Reload failed: %d\n", ret); + goto exit_lms_sign_verify; + } + RECORD_MULTI_VALUE_STATS(); + + count++; + + ret = wc_LmsKey_GetSigLen(&key, &sigSz); + if (ret) { + printf("wc_LmsKey_GetSigLen failed: %d\n", ret); + goto exit_lms_sign_verify; + } + + ret = wc_LmsKey_GetPrivLen(&key, &privLen); + if (ret) { + printf("wc_LmsKey_GetPrivLen failed: %d\n", ret); + goto exit_lms_sign_verify; + } + #ifdef HAVE_LIBLMS + break; + #endif + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish(str, (int)privLen, "load", 0, + count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); +#else + ret = wc_LmsKey_Reload(&key); + if (ret) { + printf("wc_LmsKey_Reload failed: %d\n", ret); + goto exit_lms_sign_verify; + } + ret = wc_LmsKey_GetSigLen(&key, &sigSz); + if (ret) { + printf("wc_LmsKey_GetSigLen failed: %d\n", ret); + goto exit_lms_sign_verify; + } + ret = wc_LmsKey_GetPrivLen(&key, &privLen); + if (ret) { + printf("wc_LmsKey_GetPrivLen failed: %d\n", ret); + goto exit_lms_sign_verify; + } +#endif + + loaded = 1; + + sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (sig == NULL) { + printf("bench_lms_sign_verify malloc failed\n"); + goto exit_lms_sign_verify; + } + + count = 0; + bench_stats_start(&count, &start); + + do { + /* LMS is stateful. Async queuing not practical. */ +#ifndef WOLFSSL_WC_LMS_SMALL + for (times = 0; times < ntimes; ++times) +#else + for (times = 0; times < 1; ++times) +#endif + { + ret = wc_LmsKey_Sign(&key, sig, &sigSz, (byte *) msg, msgSz); + if (ret) { + printf("wc_LmsKey_Sign failed: %d\n", ret); + goto exit_lms_sign_verify; + } + RECORD_MULTI_VALUE_STATS(); + if (!wc_LmsKey_SigsLeft(&key)) { + break; + } + } + + count += times; + } while (wc_LmsKey_SigsLeft(&key) && (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + )); + + bench_stats_asym_finish(str, (int)sigSz, "sign", 0, + count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + count = 0; + bench_stats_start(&count, &start); + + do { + /* LMS is stateful. Async queuing not practical. */ + for (times = 0; times < ntimes; ++times) { + ret = wc_LmsKey_Verify(&key, sig, sigSz, (byte *) msg, msgSz); + if (ret) { + printf("wc_LmsKey_Verify failed: %d\n", ret); + goto exit_lms_sign_verify; + } + RECORD_MULTI_VALUE_STATS(); + } + + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_lms_sign_verify: + bench_stats_asym_finish(str, (int)sigSz, "verify", 0, + count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + + if (loaded) { + wc_LmsKey_Free(&key); + } + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return; +} + +void bench_lms(void) +{ + byte pub[HSS_MAX_PUBLIC_KEY_LEN]; + +#ifndef WOLFSSL_NO_LMS_SHA256_256 +#ifdef BENCH_LMS_SLOW_KEYGEN +#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15) + bench_lms_keygen(WC_LMS_PARM_L1_H15_W2, pub); + bench_lms_sign_verify(WC_LMS_PARM_L1_H15_W2, pub); + bench_lms_keygen(WC_LMS_PARM_L1_H15_W4, pub); + bench_lms_sign_verify(WC_LMS_PARM_L1_H15_W4, pub); + #undef LMS_PARAMS_BENCHED + #define LMS_PARAMS_BENCHED +#endif +#endif +#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \ + (LMS_MAX_HEIGHT >= 10)) + bench_lms_keygen(WC_LMS_PARM_L2_H10_W2, pub); + bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W2, pub); + bench_lms_keygen(WC_LMS_PARM_L2_H10_W4, pub); + bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W4, pub); + #undef LMS_PARAMS_BENCHED + #define LMS_PARAMS_BENCHED +#ifdef BENCH_LMS_SLOW_KEYGEN + bench_lms_keygen(WC_LMS_PARM_L2_H10_W8, pub); + bench_lms_sign_verify(WC_LMS_PARM_L2_H10_W8, pub); +#endif +#endif +#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3) + bench_lms_keygen(WC_LMS_PARM_L3_H5_W4, pub); + bench_lms_sign_verify(WC_LMS_PARM_L3_H5_W4, pub); + bench_lms_keygen(WC_LMS_PARM_L3_H5_W8, pub); + bench_lms_sign_verify(WC_LMS_PARM_L3_H5_W8, pub); + #undef LMS_PARAMS_BENCHED + #define LMS_PARAMS_BENCHED +#endif +#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \ + (LMS_MAX_HEIGHT >= 10)) + bench_lms_keygen(WC_LMS_PARM_L3_H10_W4, pub); + bench_lms_sign_verify(WC_LMS_PARM_L3_H10_W4, pub); +#endif +#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4) + bench_lms_keygen(WC_LMS_PARM_L4_H5_W8, pub); + bench_lms_sign_verify(WC_LMS_PARM_L4_H5_W8, pub); +#endif + +#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED) + bench_lms_keygen(WC_LMS_PARM_L1_H5_W1, pub); + bench_lms_sign_verify(WC_LMS_PARM_L1_H5_W1, pub); +#endif +#endif /* !WOLFSSL_NO_LMS_SHA256_256 */ + +#ifdef WOLFSSL_LMS_SHA256_192 +#ifdef BENCH_LMS_SLOW_KEYGEN +#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_HEIGHT >= 15) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H15_W2, pub); + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H15_W4, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H15_W4, pub); + #undef LMS_PARAMS_BENCHED + #define LMS_PARAMS_BENCHED +#endif +#endif +#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 2) && \ + (LMS_MAX_HEIGHT >= 10)) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W2, pub); + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W4, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W4, pub); + #undef LMS_PARAMS_BENCHED + #define LMS_PARAMS_BENCHED +#ifdef BENCH_LMS_SLOW_KEYGEN + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L2_H10_W8, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L2_H10_W8, pub); +#endif +#endif +#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 3) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H5_W4, pub); + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H5_W8, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H5_W8, pub); + #undef LMS_PARAMS_BENCHED + #define LMS_PARAMS_BENCHED +#endif +#if !defined(WOLFSSL_WC_LMS) || ((LMS_MAX_LEVELS >= 3) && \ + (LMS_MAX_HEIGHT >= 10)) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L3_H10_W4, pub); +#endif +#if !defined(WOLFSSL_WC_LMS) || (LMS_MAX_LEVELS >= 4) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L4_H5_W8, pub); +#endif + +#if defined(WOLFSSL_WC_LMS) && !defined(LMS_PARAMS_BENCHED) + bench_lms_keygen(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub); + bench_lms_sign_verify(WC_LMS_PARM_SHA256_192_L1_H5_W1, pub); +#endif +#endif /* WOLFSSL_LMS_SHA256_192 */ + + return; +} + +#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */ + +#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) + +static enum wc_XmssRc xmss_write_key_mem(const byte * priv, word32 privSz, + void *context) +{ + /* WARNING: THIS IS AN INSECURE WRITE CALLBACK THAT SHOULD ONLY + * BE USED FOR TESTING PURPOSES! Production applications should + * write only to non-volatile storage. */ + XMEMCPY(context, priv, privSz); + return WC_XMSS_RC_SAVED_TO_NV_MEMORY; +} + +static enum wc_XmssRc xmss_read_key_mem(byte * priv, word32 privSz, + void *context) +{ + /* WARNING: THIS IS AN INSECURE READ CALLBACK THAT SHOULD ONLY + * BE USED FOR TESTING PURPOSES! */ + XMEMCPY(priv, context, privSz); + return WC_XMSS_RC_READ_TO_MEMORY; +} + +static void bench_xmss_sign_verify(const char * params) +{ + WC_RNG rng; + XmssKey key; + word32 pkSz = 0; + word32 skSz = 0; + int freeRng = 0; + int freeKey = 0; + unsigned char * sk = NULL; + const char * msg = "XMSS post quantum signature test"; + word32 msgSz = (word32) XSTRLEN(msg); + int ret = 0; + byte * sig = NULL; + word32 sigSz = 0; + int times = 0; + int count = 0; + double start = 0.0F; + + bench_stats_prepare(); + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, INVALID_DEVID); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) { + printf("error: wc_InitRng failed: %d\n", ret); + goto exit_xmss_sign_verify; + } + + freeRng = 1; + + ret = wc_XmssKey_Init(&key, NULL, INVALID_DEVID); + if (ret != 0) { + printf("wc_XmssKey_Init failed: %d\n", ret); + goto exit_xmss_sign_verify; + } + + ret = wc_XmssKey_SetParamStr(&key, params); + if (ret != 0) { + printf("wc_XmssKey_SetParamStr failed: %d\n", ret); + goto exit_xmss_sign_verify; + } + + ret = wc_XmssKey_GetPubLen(&key, &pkSz); + if (ret != 0) { + printf("wc_XmssKey_GetPubLen failed: %d\n", ret); + goto exit_xmss_sign_verify; + } +#ifndef WOLFSSL_WC_XMSS + if (pkSz != XMSS_SHA256_PUBLEN) { + printf("error: xmss pub len: got %u, expected %d\n", pkSz, + XMSS_SHA256_PUBLEN); + goto exit_xmss_sign_verify; + } +#endif + + ret = wc_XmssKey_GetPrivLen(&key, &skSz); + if (ret != 0 || skSz <= 0) { + printf("error: wc_XmssKey_GetPrivLen failed\n"); + goto exit_xmss_sign_verify; + } + + ret = wc_XmssKey_GetSigLen(&key, &sigSz); + if (ret != 0 || sigSz <= 0) { + printf("error: wc_XmssKey_GetSigLen failed\n"); + goto exit_xmss_sign_verify; + } + + /* Allocate secret keys.*/ + sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (sk == NULL) { + printf("error: allocate xmss sk failed\n"); + goto exit_xmss_sign_verify; + } + + /* Allocate signature array. */ + sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (sig == NULL) { + printf("error: allocate xmss sig failed\n"); + goto exit_xmss_sign_verify; + } + + ret = wc_XmssKey_SetWriteCb(&key, xmss_write_key_mem); + if (ret != 0) { + printf("error: wc_XmssKey_SetWriteCb failed: %d\n", ret); + goto exit_xmss_sign_verify; + } + + ret = wc_XmssKey_SetReadCb(&key, xmss_read_key_mem); + if (ret != 0) { + printf("error: wc_XmssKey_SetReadCb failed: %d\n", ret); + goto exit_xmss_sign_verify; + } + + ret = wc_XmssKey_SetContext(&key, (void *)sk); + if (ret != 0) { + printf("error: wc_XmssKey_SetContext failed: %d\n", ret); + goto exit_xmss_sign_verify; + } + +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK) + printf("params: %s\n", params); + printf("pkSz: %d\n", pkSz); + printf("skSz: %d\n", skSz); + printf("sigSz: %d\n", sigSz); +#endif + + /* Making the private key is the bottleneck for larger heights. */ + count = 0; + bench_stats_start(&count, &start); + + ret = wc_XmssKey_MakeKey(&key, &rng); + if (ret != 0) { + printf("wc_XmssKey_MakeKey failed: %d\n", ret); + goto exit_xmss_sign_verify; + } + /* Can only do one at a time - state changes after make key. */ + + count +=1; + + bench_stats_check(start); + bench_stats_asym_finish(params, (int)skSz, "gen", 0, count, start, ret); + + freeKey = 1; + + count = 0; + bench_stats_start(&count, &start); + + do { + /* XMSS is stateful. Async queuing not practical. */ +#ifndef WOLFSSL_WC_XMSS_SMALL + for (times = 0; times < ntimes; ++times) +#else + for (times = 0; times < 1; ++times) +#endif + { + if (!wc_XmssKey_SigsLeft(&key)) + break; + ret = wc_XmssKey_Sign(&key, sig, &sigSz, (byte *) msg, msgSz); + if (ret) { + printf("wc_XmssKey_Sign failed: %d\n", ret); + goto exit_xmss_sign_verify; + } + } + count += times; + } while (wc_XmssKey_SigsLeft(&key) && bench_stats_check(start)); + + bench_stats_asym_finish(params, (int)sigSz, "sign", 0, count, start, ret); + + count = 0; + bench_stats_start(&count, &start); + + do { + /* XMSS is stateful. Async queuing not practical. */ + for (times = 0; times < ntimes; ++times) { + ret = wc_XmssKey_Verify(&key, sig, sigSz, (byte *) msg, msgSz); + if (ret) { + printf("wc_XmssKey_Verify failed: %d\n", ret); + goto exit_xmss_sign_verify; + } + } + count += times; + } while (bench_stats_check(start)); + +exit_xmss_sign_verify: + bench_stats_asym_finish(params, (int)sigSz, "verify", 0, count, start, ret); + + /* Cleanup everything. */ + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + sig = NULL; + + XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + sk = NULL; + + if (freeRng) { + wc_FreeRng(&rng); + } + + if (freeKey) { + wc_XmssKey_Free(&key); + } + + return; +} + +void bench_xmss(int hash) +{ + /* All NIST SP 800-208 approved SHA256 XMSS/XMSS^MT parameter + * sets. + * + * Note: not testing "XMSS-SHA2_16_256", "XMSS-SHA2_20_256", + * and "XMSSMT-SHA2_60/3_256", because their keygen can be + * very slow, their signatures and private keys quite large, + * and xmss private keys are not portable across different + * XMSS/XMSS^MT implementations. + * + * The bottleneck in key generation is the height of the first + * level tree (or h/d). + * + * h is the total height of the hyper tree, and d the number of + * trees. + */ + /* h/d h d */ +#ifdef WC_XMSS_SHA256 + if (hash == WC_HASH_TYPE_SHA256) { +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10 + bench_xmss_sign_verify("XMSS-SHA2_10_256"); /* 10 10 1 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSS-SHA2_16_256"); /* 16 16 1 */ +#endif +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSS-SHA2_20_256"); /* 20 20 1 */ +#endif +#endif +#endif /* HASH_SIZE 256 */ +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10 + bench_xmss_sign_verify("XMSS-SHA2_10_192"); /* 10 10 1 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSS-SHA2_16_192"); /* 16 16 1 */ +#endif +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSS-SHA2_20_192"); /* 20 20 1 */ +#endif +#endif +#endif /* HASH_SIZE 192 */ +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + bench_xmss_sign_verify("XMSSMT-SHA2_20/2_256"); /* 10 20 2 */ + bench_xmss_sign_verify("XMSSMT-SHA2_20/4_256"); /* 5 20 4 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHA2_40/2_256"); /* 20 40 4 */ +#endif + bench_xmss_sign_verify("XMSSMT-SHA2_40/4_256"); /* 10 40 4 */ + bench_xmss_sign_verify("XMSSMT-SHA2_40/8_256"); /* 5 40 8 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHA2_60/3_256"); /* 20 60 3 */ +#endif + bench_xmss_sign_verify("XMSSMT-SHA2_60/6_256"); /* 10 60 6 */ + bench_xmss_sign_verify("XMSSMT-SHA2_60/12_256"); /* 5 60 12 */ +#endif +#endif /* HASH_SIZE 256 */ +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + bench_xmss_sign_verify("XMSSMT-SHA2_20/2_192"); /* 10 20 2 */ + bench_xmss_sign_verify("XMSSMT-SHA2_20/4_192"); /* 5 20 4 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHA2_40/2_192"); /* 20 40 4 */ +#endif + bench_xmss_sign_verify("XMSSMT-SHA2_40/4_192"); /* 10 40 4 */ + bench_xmss_sign_verify("XMSSMT-SHA2_40/8_192"); /* 5 40 8 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHA2_60/3_192"); /* 20 60 3 */ +#endif + bench_xmss_sign_verify("XMSSMT-SHA2_60/6_192"); /* 10 60 6 */ + bench_xmss_sign_verify("XMSSMT-SHA2_60/12_192"); /* 5 60 12 */ +#endif +#endif /* HASH_SIZE 192 */ + } +#endif +#ifdef WC_XMSS_SHA512 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512 + if (hash == WC_HASH_TYPE_SHA512) { +#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10 + bench_xmss_sign_verify("XMSS-SHA2_10_512"); /* 10 10 1 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSS-SHA2_16_512"); /* 16 16 1 */ +#endif +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSS-SHA2_20_512"); /* 20 20 1 */ +#endif +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + bench_xmss_sign_verify("XMSSMT-SHA2_20/2_512"); /* 10 20 2 */ + bench_xmss_sign_verify("XMSSMT-SHA2_20/4_512"); /* 5 20 4 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHA2_40/2_512"); /* 20 40 4 */ +#endif +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHA2_40/4_512"); /* 10 40 4 */ +#endif + bench_xmss_sign_verify("XMSSMT-SHA2_40/8_512"); /* 5 40 8 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHA2_60/3_512"); /* 20 60 3 */ +#endif +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHA2_60/6_512"); /* 10 60 6 */ +#endif + bench_xmss_sign_verify("XMSSMT-SHA2_60/12_512"); /* 5 60 12 */ +#endif + } +#endif /* HASH_SIZE 512 */ +#endif +#ifdef WC_XMSS_SHAKE128 +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256 + if (hash == WC_HASH_TYPE_SHAKE128) { +#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10 + bench_xmss_sign_verify("XMSS-SHAKE_10_256"); /* 10 10 1 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSS-SHAKE_16_256"); /* 16 16 1 */ +#endif +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSS-SHAKE_20_256"); /* 20 20 1 */ +#endif +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + bench_xmss_sign_verify("XMSSMT-SHAKE_20/2_256"); /* 10 20 2 */ + bench_xmss_sign_verify("XMSSMT-SHAKE_20/4_256"); /* 5 20 4 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE_40/2_256"); /* 20 40 4 */ +#endif +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE_40/4_256"); /* 10 40 4 */ +#endif + bench_xmss_sign_verify("XMSSMT-SHAKE_40/8_256"); /* 5 40 8 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE_60/3_256"); /* 20 60 3 */ +#endif +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE_60/6_256"); /* 10 60 6 */ +#endif + bench_xmss_sign_verify("XMSSMT-SHAKE_60/12_256"); /* 5 60 12 */ +#endif + } +#endif /* HASH_SIZE 256 */ +#endif +#ifdef WC_XMSS_SHAKE256 + if (hash == WC_HASH_TYPE_SHAKE256) { +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10 + bench_xmss_sign_verify("XMSS-SHAKE_10_512"); /* 10 10 1 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSS-SHAKE_16_512"); /* 16 16 1 */ +#endif +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSS-SHAKE_20_512"); /* 20 20 1 */ +#endif +#endif +#endif /* HASH_SIZE 512 */ +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10 + bench_xmss_sign_verify("XMSS-SHAKE256_10_256"); /* 10 10 1 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSS-SHAKE256_16_256"); /* 16 16 1 */ +#endif +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSS-SHAKE256_20_256"); /* 20 20 1 */ +#endif +#endif +#endif /* HASH_SIZE 256 */ +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 && WOLFSSL_XMSS_MAX_HEIGHT >= 10 + bench_xmss_sign_verify("XMSS-SHAKE256_10_192"); /* 10 10 1 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 16 && WOLFSSL_XMSS_MAX_HEIGHT >= 16 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSS-SHAKE256_16_192"); /* 16 16 1 */ +#endif +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSS-SHAKE256_20_192"); /* 20 20 1 */ +#endif +#endif +#endif /* HASH_SIZE 192 */ +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 512 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 512 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE_20/2_512"); /* 10 20 2 */ +#endif + bench_xmss_sign_verify("XMSSMT-SHAKE_20/4_512"); /* 5 20 4 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE_40/2_512"); /* 20 40 4 */ +#endif +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE_40/4_512"); /* 10 40 4 */ +#endif + bench_xmss_sign_verify("XMSSMT-SHAKE_40/8_512"); /* 5 40 8 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE_60/3_512"); /* 20 60 3 */ +#endif +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE_60/6_512"); /* 10 60 6 */ +#endif + bench_xmss_sign_verify("XMSSMT-SHAKE_60/12_512"); /* 5 60 12 */ +#endif +#endif /* HASH_SIZE 512 */ +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 256 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 256 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + bench_xmss_sign_verify("XMSSMT-SHAKE256_20/2_256"); /* 10 20 2 */ + bench_xmss_sign_verify("XMSSMT-SHAKE256_20/4_256"); /* 5 20 4 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE256_40/2_256"); /* 20 40 4 */ +#endif +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE256_40/4_256"); /* 10 40 4 */ +#endif + bench_xmss_sign_verify("XMSSMT-SHAKE256_40/8_256"); /* 5 40 8 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE256_60/3_256"); /* 20 60 3 */ +#endif +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE256_60/6_256"); /* 10 60 6 */ +#endif + bench_xmss_sign_verify("XMSSMT-SHAKE256_60/12_256");/* 5 60 12 */ +#endif +#endif /* HASH_SIZE 256 */ +#if WOLFSSL_WC_XMSS_MIN_HASH_SIZE <= 192 && WOLFSSL_WC_XMSS_MAX_HASH_SIZE >= 192 +#if WOLFSSL_XMSS_MIN_HEIGHT <= 20 && WOLFSSL_XMSS_MAX_HEIGHT >= 20 + bench_xmss_sign_verify("XMSSMT-SHAKE256_20/2_192"); /* 10 20 2 */ + bench_xmss_sign_verify("XMSSMT-SHAKE256_20/4_192"); /* 5 20 4 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 40 && WOLFSSL_XMSS_MAX_HEIGHT >= 40 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE256_40/2_192"); /* 20 40 4 */ +#endif +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE256_40/4_192"); /* 10 40 4 */ +#endif + bench_xmss_sign_verify("XMSSMT-SHAKE256_40/8_192"); /* 5 40 8 */ +#endif +#if WOLFSSL_XMSS_MIN_HEIGHT <= 60 && WOLFSSL_XMSS_MAX_HEIGHT >= 60 +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE256_60/3_192"); /* 20 60 3 */ +#endif +#ifdef BENCH_XMSS_SLOW_KEYGEN + bench_xmss_sign_verify("XMSSMT-SHAKE256_60/6_192"); /* 10 60 6 */ +#endif + bench_xmss_sign_verify("XMSSMT-SHAKE256_60/12_192");/* 5 60 12 */ +#endif +#endif /* HASH_SIZE 192 */ + } +#endif + return; +} +#endif /* if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) */ + +#if defined(HAVE_ECC) && !defined(WC_NO_RNG) + +/* Maximum ECC name plus null terminator: + * "ECC [%15s]" and "ECDHE [%15s]" and "ECDSA [%15s]" */ +#define BENCH_ECC_NAME_SZ (ECC_MAXNAME + 8) + +/* run all benchmarks on a curve */ +void bench_ecc_curve(int curveId) +{ + if (bench_all || (bench_asym_algs & BENCH_ECC_MAKEKEY)) { + #ifndef NO_SW_BENCH + bench_eccMakeKey(0, curveId); + #endif + #if defined(BENCH_DEVID) + bench_eccMakeKey(1, curveId); + #endif + } + if (bench_all || (bench_asym_algs & BENCH_ECC)) { + #ifndef NO_SW_BENCH + bench_ecc(0, curveId); + #endif + #if defined(BENCH_DEVID) + bench_ecc(1, curveId); + #endif + } + #ifdef HAVE_ECC_ENCRYPT + if (bench_all || (bench_asym_algs & BENCH_ECC_ENCRYPT)) + bench_eccEncrypt(curveId); + #endif +} + + +void bench_eccMakeKey(int useDeviceID, int curveId) +{ + int ret = 0, i, times, count = 0, pending = 0; + int deviceID; + int keySize = 0; + WC_DECLARE_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING, + sizeof(ecc_key), HEAP_HINT); + char name[BENCH_ECC_NAME_SZ]; + double start = 0; + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + WC_CALLOC_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING, + sizeof(ecc_key), HEAP_HINT); + + deviceID = useDeviceID ? devId : INVALID_DEVID; + keySize = wc_ecc_get_curve_size_from_id(curveId); + + /* ECC Make Key */ + bench_stats_start(&count, &start); + do { + /* while free pending slots in queue, submit ops */ + for (times = 0; times < agreeTimes || pending > 0; ) { + bench_async_poll(&pending); + + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, + BENCH_ASYNC_GET_DEV(genKey[i]), 0, + ×, agreeTimes, &pending)) { + + wc_ecc_free(genKey[i]); + ret = wc_ecc_init_ex(genKey[i], HEAP_HINT, deviceID); + if (ret < 0) { + goto exit; + } + + ret = wc_ecc_make_key_ex(&gRng, keySize, genKey[i], + curveId); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(genKey[i]), 0, ×, + &pending)) { + goto exit; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit: + (void)XSNPRINTF(name, BENCH_ECC_NAME_SZ, "ECC [%15s]", + wc_ecc_get_name(curveId)); + bench_stats_asym_finish(name, keySize * 8, desc[2], + useDeviceID, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + /* cleanup */ + if (WC_ARRAY_OK(genKey)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_ecc_free(genKey[i]); + } + WC_FREE_ARRAY(genKey, BENCH_MAX_PENDING, HEAP_HINT); + } +} + + +void bench_ecc(int useDeviceID, int curveId) +{ + int ret = 0, i, times, count, pending = 0; + int deviceID; + int keySize; + char name[BENCH_ECC_NAME_SZ]; + WC_DECLARE_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING, + sizeof(ecc_key), HEAP_HINT); +#ifdef HAVE_ECC_DHE + WC_DECLARE_ARRAY(genKey2, ecc_key, BENCH_MAX_PENDING, + sizeof(ecc_key), HEAP_HINT); +#endif + +#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) + #ifdef HAVE_ECC_VERIFY + int verify[BENCH_MAX_PENDING]; + #endif +#endif + + word32 x[BENCH_MAX_PENDING]; + double start = 0; + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() + +#ifdef HAVE_ECC_DHE + WC_DECLARE_ARRAY(shared, byte, + BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT); +#endif + +#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) + WC_DECLARE_ARRAY(sig, byte, + BENCH_MAX_PENDING, ECC_MAX_SIG_SIZE, HEAP_HINT); + WC_DECLARE_ARRAY(digest, byte, + BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT); +#endif + + bench_stats_prepare(); + +#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) + /* old scan-build misfires -Wmaybe-uninitialized on these. */ + XMEMSET(sig, 0, sizeof(sig)); + XMEMSET(digest, 0, sizeof(digest)); +#endif + +#ifdef HAVE_ECC_DHE + XMEMSET(shared, 0, sizeof(shared)); +#endif + WC_CALLOC_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING, + sizeof(ecc_key), HEAP_HINT); + +#ifdef HAVE_ECC_DHE + WC_CALLOC_ARRAY(genKey2, ecc_key, BENCH_MAX_PENDING, + sizeof(ecc_key), HEAP_HINT); + WC_ALLOC_ARRAY(shared, byte, + BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT); +#endif + +#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) + WC_ALLOC_ARRAY(sig, byte, BENCH_MAX_PENDING, ECC_MAX_SIG_SIZE, HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT); +#endif + deviceID = useDeviceID ? devId : INVALID_DEVID; + + keySize = wc_ecc_get_curve_size_from_id(curveId); + + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + /* setup an context for each key */ + if ((ret = wc_ecc_init_ex(genKey[i], HEAP_HINT, deviceID)) < 0) { + goto exit; + } + ret = wc_ecc_make_key_ex(&gRng, keySize, genKey[i], curveId); + #ifdef WOLFSSL_ASYNC_CRYPT + ret = wc_AsyncWait(ret, &genKey[i]->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret < 0) { + goto exit; + } + + #ifdef HAVE_ECC_DHE + if ((ret = wc_ecc_init_ex(genKey2[i], HEAP_HINT, deviceID)) < 0) { + goto exit; + } + if ((ret = wc_ecc_make_key_ex(&gRng, keySize, genKey2[i], + curveId)) > 0) { + goto exit; + } + #endif + } + +#ifdef HAVE_ECC_DHE +#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ + !defined(HAVE_SELFTEST) + for (i = 0; i < BENCH_MAX_PENDING; i++) { + (void)wc_ecc_set_rng(genKey[i], &gRng); + } +#endif + + /* ECC Shared Secret */ + bench_stats_start(&count, &start); + PRIVATE_KEY_UNLOCK(); + do { + for (times = 0; times < agreeTimes || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1, + ×, agreeTimes, &pending)) { + x[i] = (word32)keySize; + ret = wc_ecc_shared_secret(genKey[i], genKey2[i], + shared[i], &x[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(genKey[i]), 1, ×, + &pending)) { + goto exit_ecdhe; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + PRIVATE_KEY_UNLOCK(); +exit_ecdhe: + (void)XSNPRINTF(name, BENCH_ECC_NAME_SZ, "ECDHE [%15s]", + wc_ecc_get_name(curveId)); + + bench_stats_asym_finish(name, keySize * 8, desc[3], + useDeviceID, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + + if (ret < 0) { + goto exit; + } + +#endif /* HAVE_ECC_DHE */ + +#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) + + /* Init digest to sign */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + for (count = 0; count < keySize; count++) { + digest[i][count] = (byte)count; + } + } + + /* ECC Sign */ + bench_stats_start(&count, &start); + do { + for (times = 0; times < agreeTimes || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1, + ×, agreeTimes, &pending)) { + + if (genKey[i]->state == 0) { + x[i] = ECC_MAX_SIG_SIZE; + } + + ret = wc_ecc_sign_hash(digest[i], (word32)keySize, sig[i], + &x[i], GLOBAL_RNG, genKey[i]); + + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(genKey[i]), 1, ×, + &pending)) { + goto exit_ecdsa_sign; + } + } /* bench_async_check */ + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_ecdsa_sign: + (void)XSNPRINTF(name, BENCH_ECC_NAME_SZ, "ECDSA [%15s]", + wc_ecc_get_name(curveId)); + + bench_stats_asym_finish(name, keySize * 8, desc[4], + useDeviceID, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + + if (ret < 0) { + goto exit; + } + +#ifdef HAVE_ECC_VERIFY + + /* ECC Verify */ + bench_stats_start(&count, &start); + do { + for (times = 0; times < agreeTimes || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1, + ×, agreeTimes, &pending)) { + if (genKey[i]->state == 0) { + verify[i] = 0; + } + + ret = wc_ecc_verify_hash(sig[i], x[i], digest[i], + (word32)keySize, &verify[i], + genKey[i]); + + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(genKey[i]), + 1, ×, + &pending)) { + goto exit_ecdsa_verify; + } + } /* if bench_async_check */ + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_ecdsa_verify: + (void)XSNPRINTF(name, BENCH_ECC_NAME_SZ, "ECDSA [%15s]", + wc_ecc_get_name(curveId)); + + bench_stats_asym_finish(name, keySize * 8, desc[5], + useDeviceID, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +#endif /* HAVE_ECC_VERIFY */ +#endif /* !NO_ASN && HAVE_ECC_SIGN */ + +exit: + + /* cleanup */ + if (WC_ARRAY_OK(genKey)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) + wc_ecc_free(genKey[i]); + WC_FREE_ARRAY(genKey, BENCH_MAX_PENDING, HEAP_HINT); + } + #ifdef HAVE_ECC_DHE + if (WC_ARRAY_OK(genKey2)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) + wc_ecc_free(genKey2[i]); + WC_FREE_ARRAY(genKey2, BENCH_MAX_PENDING, HEAP_HINT); + } + #endif + +#ifdef HAVE_ECC_DHE + WC_FREE_ARRAY(shared, BENCH_MAX_PENDING, HEAP_HINT); +#endif +#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) + WC_FREE_ARRAY(sig, BENCH_MAX_PENDING, HEAP_HINT); + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +#endif + + (void)useDeviceID; + (void)pending; + (void)x; + (void)count; + (void)times; + (void)desc; + (void)start; + (void)name; +} + + +#ifdef HAVE_ECC_ENCRYPT +void bench_eccEncrypt(int curveId) +{ +#define BENCH_ECCENCRYPT_MSG_SIZE 48 +#define BENCH_ECCENCRYPT_OUT_SIZE (BENCH_ECCENCRYPT_MSG_SIZE + \ + WC_SHA256_DIGEST_SIZE + \ + (MAX_ECC_BITS+3)/4 + 2) + word32 outSz = BENCH_ECCENCRYPT_OUT_SIZE; +#ifdef WOLFSSL_SMALL_STACK + ecc_key *userA = NULL, *userB = NULL; + byte *msg = NULL; + byte *out = NULL; +#else + ecc_key userA[1], userB[1]; + byte msg[BENCH_ECCENCRYPT_MSG_SIZE]; + byte out[BENCH_ECCENCRYPT_OUT_SIZE]; +#endif + char name[BENCH_ECC_NAME_SZ]; + int keySize; + word32 bench_plainSz = bench_size; + int ret, i, count; + double start; + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + +#ifdef WOLFSSL_SMALL_STACK + userA = (ecc_key *)XMALLOC(sizeof(*userA), + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + userB = (ecc_key *)XMALLOC(sizeof(*userB), + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + msg = (byte *)XMALLOC(BENCH_ECCENCRYPT_MSG_SIZE, + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + out = (byte *)XMALLOC(outSz, + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if ((! userA) || (! userB) || (! msg) || (! out)) { + printf("bench_eccEncrypt malloc failed\n"); + goto exit; + } +#endif + + keySize = wc_ecc_get_curve_size_from_id(curveId); + ret = wc_ecc_init_ex(userA, HEAP_HINT, devId); + if (ret != 0) { + printf("wc_ecc_encrypt make key A failed: %d\n", ret); + goto exit; + } + + ret = wc_ecc_init_ex(userB, HEAP_HINT, devId); + if (ret != 0) { + printf("wc_ecc_encrypt make key B failed: %d\n", ret); + goto exit; + } + +#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ + !defined(HAVE_SELFTEST) + ret = wc_ecc_set_rng(userA, &gRng); + if (ret != 0) { + goto exit; + } + ret = wc_ecc_set_rng(userB, &gRng); + if (ret != 0) { + goto exit; + } +#endif + + ret = wc_ecc_make_key_ex(&gRng, keySize, userA, curveId); +#ifdef WOLFSSL_ASYNC_CRYPT + ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + goto exit; + ret = wc_ecc_make_key_ex(&gRng, keySize, userB, curveId); +#ifdef WOLFSSL_ASYNC_CRYPT + ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + goto exit; + + for (i = 0; i < BENCH_ECCENCRYPT_MSG_SIZE; i++) { + msg[i] = (byte)i; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < ntimes; i++) { + /* encrypt msg to B */ + ret = wc_ecc_encrypt(userA, userB, msg, BENCH_ECCENCRYPT_MSG_SIZE, + out, &outSz, NULL); + if (ret != 0) { + printf("wc_ecc_encrypt failed! %d\n", ret); + goto exit_enc; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_enc: + (void)XSNPRINTF(name, BENCH_ECC_NAME_SZ, "ECC [%15s]", + wc_ecc_get_name(curveId)); + bench_stats_asym_finish(name, keySize * 8, desc[6], 0, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + + if (ret != 0) + goto exit; + + bench_stats_start(&count, &start); + do { + for (i = 0; i < ntimes; i++) { + /* decrypt msg from A */ + ret = wc_ecc_decrypt(userB, userA, out, outSz, bench_plain, + &bench_plainSz, NULL); + if (ret != 0) { + printf("wc_ecc_decrypt failed! %d\n", ret); + goto exit_dec; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_dec: + bench_stats_asym_finish(name, keySize * 8, desc[7], 0, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + /* cleanup */ +#ifdef WOLFSSL_SMALL_STACK + if (userA) { + wc_ecc_free(userA); + XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (userB) { + wc_ecc_free(userB); + XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + wc_ecc_free(userB); + wc_ecc_free(userA); +#endif +} +#endif + +#ifdef WOLFSSL_SM2 +static void bench_sm2_MakeKey(int useDeviceID) +{ + int ret = 0, i, times, count = 0, pending = 0; + int deviceID; + int keySize; + WC_DECLARE_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING, + sizeof(ecc_key), HEAP_HINT); + char name[BENCH_ECC_NAME_SZ]; + double start = 0; + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + deviceID = useDeviceID ? devId : INVALID_DEVID; + keySize = wc_ecc_get_curve_size_from_id(ECC_SM2P256V1); + + WC_CALLOC_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING, + sizeof(ecc_key), HEAP_HINT); + + /* ECC Make Key */ + bench_stats_start(&count, &start); + do { + /* while free pending slots in queue, submit ops */ + for (times = 0; times < agreeTimes || pending > 0; ) { + bench_async_poll(&pending); + + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 0, + ×, agreeTimes, &pending)) { + + wc_ecc_free(genKey[i]); + ret = wc_ecc_init_ex(genKey[i], HEAP_HINT, deviceID); + if (ret < 0) { + goto exit; + } + + ret = wc_ecc_sm2_make_key(&gRng, genKey[i], + WC_ECC_FLAG_NONE); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(genKey[i]), 0, ×, + &pending)) { + goto exit; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit: + (void)XSNPRINTF(name, BENCH_ECC_NAME_SZ, "ECC [%15s]", + wc_ecc_get_name(ECC_SM2P256V1)); + bench_stats_asym_finish(name, keySize * 8, desc[2], useDeviceID, count, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + /* cleanup */ + if (WC_ARRAY_OK(genKey)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) { + wc_ecc_free(genKey[i]); + } + WC_FREE_ARRAY(genKey, BENCH_MAX_PENDING, HEAP_HINT); + } +} + + +void bench_sm2(int useDeviceID) +{ + int ret = 0, i, times, count, pending = 0; + int deviceID; + int keySize; + char name[BENCH_ECC_NAME_SZ]; + WC_DECLARE_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING, + sizeof(ecc_key), HEAP_HINT); +#ifdef HAVE_ECC_DHE + WC_DECLARE_ARRAY(genKey2, ecc_key, BENCH_MAX_PENDING, + sizeof(ecc_key), HEAP_HINT); +#endif +#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) +#ifdef HAVE_ECC_VERIFY + int verify[BENCH_MAX_PENDING]; +#endif +#endif + word32 x[BENCH_MAX_PENDING]; + double start = 0; + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() + +#ifdef HAVE_ECC_DHE + WC_DECLARE_ARRAY(shared, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT); +#endif +#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) + WC_DECLARE_ARRAY(sig, byte, BENCH_MAX_PENDING, ECC_MAX_SIG_SIZE, HEAP_HINT); + WC_DECLARE_ARRAY(digest, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT); +#endif + + bench_stats_prepare(); + +#ifdef HAVE_ECC_DHE + WC_ALLOC_ARRAY(shared, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT); +#endif +#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) + WC_ALLOC_ARRAY(sig, byte, BENCH_MAX_PENDING, ECC_MAX_SIG_SIZE, HEAP_HINT); + WC_ALLOC_ARRAY(digest, byte, BENCH_MAX_PENDING, MAX_ECC_BYTES, HEAP_HINT); +#endif + deviceID = useDeviceID ? devId : INVALID_DEVID; + + bench_sm2_MakeKey(useDeviceID); + + WC_CALLOC_ARRAY(genKey, ecc_key, BENCH_MAX_PENDING, + sizeof(ecc_key), HEAP_HINT); +#ifdef HAVE_ECC_DHE + WC_CALLOC_ARRAY(genKey2, ecc_key, BENCH_MAX_PENDING, + sizeof(ecc_key), HEAP_HINT); +#endif + + keySize = wc_ecc_get_curve_size_from_id(ECC_SM2P256V1); + + /* init keys */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + /* setup an context for each key */ + if ((ret = wc_ecc_init_ex(genKey[i], HEAP_HINT, deviceID)) < 0) { + goto exit; + } + ret = wc_ecc_sm2_make_key(&gRng, genKey[i], WC_ECC_FLAG_NONE); + #ifdef WOLFSSL_ASYNC_CRYPT + ret = wc_AsyncWait(ret, genKey[i].asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret < 0) { + goto exit; + } + + #ifdef HAVE_ECC_DHE + if ((ret = wc_ecc_init_ex(genKey2[i], HEAP_HINT, deviceID)) < 0) { + goto exit; + } + if ((ret = wc_ecc_sm2_make_key(&gRng, genKey2[i], + WC_ECC_FLAG_NONE)) > 0) { + goto exit; + } + #endif + } + +#ifdef HAVE_ECC_DHE +#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ + !defined(HAVE_SELFTEST) + for (i = 0; i < BENCH_MAX_PENDING; i++) { + (void)wc_ecc_set_rng(genKey[i], &gRng); + } +#endif + + /* ECC Shared Secret */ + bench_stats_start(&count, &start); + PRIVATE_KEY_UNLOCK(); + do { + for (times = 0; times < agreeTimes || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1, + ×, agreeTimes, &pending)) { + x[i] = (word32)keySize; + ret = wc_ecc_sm2_shared_secret(genKey[i], genKey2[i], + shared[i], &x[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(genKey[i]), 1, ×, + &pending)) { + goto exit_ecdhe; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + PRIVATE_KEY_UNLOCK(); +exit_ecdhe: + (void)XSNPRINTF(name, BENCH_ECC_NAME_SZ, "ECDHE [%15s]", + wc_ecc_get_name(ECC_SM2P256V1)); + + bench_stats_asym_finish(name, keySize * 8, desc[3], useDeviceID, count, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + if (ret < 0) { + goto exit; + } +#endif /* HAVE_ECC_DHE */ + +#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) + + /* Init digest to sign */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + for (count = 0; count < keySize; count++) { + digest[i][count] = (byte)count; + } + } + + RESET_MULTI_VALUE_STATS_VARS(); + + /* ECC Sign */ + bench_stats_start(&count, &start); + do { + for (times = 0; times < agreeTimes || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1, + ×, agreeTimes, &pending)) { + if (genKey[i]->state == 0) + x[i] = ECC_MAX_SIG_SIZE; + ret = wc_ecc_sm2_sign_hash(digest[i], (word32)keySize, + sig[i], &x[i], &gRng, genKey[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(genKey[i]), 1, ×, + &pending)) { + goto exit_ecdsa_sign; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_ecdsa_sign: + (void)XSNPRINTF(name, BENCH_ECC_NAME_SZ, "ECDSA [%15s]", + wc_ecc_get_name(ECC_SM2P256V1)); + + bench_stats_asym_finish(name, keySize * 8, desc[4], useDeviceID, count, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + if (ret < 0) { + goto exit; + } + +#ifdef HAVE_ECC_VERIFY + + /* ECC Verify */ + bench_stats_start(&count, &start); + do { + for (times = 0; times < agreeTimes || pending > 0; ) { + bench_async_poll(&pending); + + /* while free pending slots in queue, submit ops */ + for (i = 0; i < BENCH_MAX_PENDING; i++) { + if (bench_async_check(&ret, BENCH_ASYNC_GET_DEV(genKey[i]), 1, + ×, agreeTimes, &pending)) { + if (genKey[i]->state == 0) + verify[i] = 0; + ret = wc_ecc_sm2_verify_hash(sig[i], x[i], digest[i], + (word32)keySize, &verify[i], genKey[i]); + if (!bench_async_handle(&ret, + BENCH_ASYNC_GET_DEV(genKey[i]), 1, ×, + &pending)) { + goto exit_ecdsa_verify; + } + } + } /* for i */ + RECORD_MULTI_VALUE_STATS(); + } /* for times */ + count += times; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_ecdsa_verify: + (void)XSNPRINTF(name, BENCH_ECC_NAME_SZ, "ECDSA [%15s]", + wc_ecc_get_name(ECC_SM2P256V1)); + + bench_stats_asym_finish(name, keySize * 8, desc[5], useDeviceID, count, + start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +#endif /* HAVE_ECC_VERIFY */ +#endif /* !NO_ASN && HAVE_ECC_SIGN */ + +exit: + + /* cleanup */ + if (WC_ARRAY_OK(genKey)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) + wc_ecc_free(genKey[i]); + WC_FREE_ARRAY(genKey, BENCH_MAX_PENDING, HEAP_HINT); + } + #ifdef HAVE_ECC_DHE + if (WC_ARRAY_OK(genKey2)) { + for (i = 0; i < BENCH_MAX_PENDING; i++) + wc_ecc_free(genKey2[i]); + WC_FREE_ARRAY(genKey2, BENCH_MAX_PENDING, HEAP_HINT); + } + #endif + +#ifdef HAVE_ECC_DHE + WC_FREE_ARRAY(shared, BENCH_MAX_PENDING, HEAP_HINT); +#endif +#if !defined(NO_ASN) && defined(HAVE_ECC_SIGN) + WC_FREE_ARRAY(sig, BENCH_MAX_PENDING, HEAP_HINT); + WC_FREE_ARRAY(digest, BENCH_MAX_PENDING, HEAP_HINT); +#endif + + + (void)useDeviceID; + (void)pending; + (void)x; + (void)count; + (void)times; + (void)desc; + (void)start; + (void)name; +} +#endif /* WOLFSSL_SM2 */ +#endif /* HAVE_ECC && && !defined(WC_NO_RNG) */ + +#ifdef HAVE_CURVE25519 +void bench_curve25519KeyGen(int useDeviceID) +{ + curve25519_key genKey; + double start; + int ret = 0, i, count; + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + /* Key Gen */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + ret = wc_curve25519_init_ex(&genKey, HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + if (ret != 0) { + printf("wc_curve25519_init_ex failed: %d\n", ret); + break; + } + + ret = wc_curve25519_make_key(&gRng, 32, &genKey); + wc_curve25519_free(&genKey); + if (ret != 0) { + printf("wc_curve25519_make_key failed: %d\n", ret); + break; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish("CURVE", 25519, desc[2], useDeviceID, count, start, + ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +} + +#ifdef HAVE_CURVE25519_SHARED_SECRET +void bench_curve25519KeyAgree(int useDeviceID) +{ + curve25519_key genKey, genKey2; + double start; + int ret, i, count; + byte shared[32]; + const char**desc = bench_desc_words[lng_index]; + word32 x = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + wc_curve25519_init_ex(&genKey, HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + wc_curve25519_init_ex(&genKey2, HEAP_HINT, + useDeviceID ? devId : INVALID_DEVID); + + ret = wc_curve25519_make_key(&gRng, 32, &genKey); + if (ret != 0) { + printf("curve25519_make_key failed\n"); + return; + } + ret = wc_curve25519_make_key(&gRng, 32, &genKey2); + if (ret != 0) { + printf("curve25519_make_key failed: %d\n", ret); + wc_curve25519_free(&genKey); + return; + } + +#ifdef WOLFSSL_CURVE25519_BLINDING + ret = wc_curve25519_set_rng(&genKey, &gRng); + if (ret != 0) { + wc_curve25519_free(&genKey); + wc_curve25519_free(&genKey2); + return; + } + ret = wc_curve25519_set_rng(&genKey2, &gRng); + if (ret != 0) { + wc_curve25519_free(&genKey); + wc_curve25519_free(&genKey2); + return; + } +#endif + + /* Shared secret */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < agreeTimes; i++) { + x = sizeof(shared); + ret = wc_curve25519_shared_secret(&genKey, &genKey2, shared, &x); + if (ret != 0) { + printf("curve25519_shared_secret failed: %d\n", ret); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit: + bench_stats_asym_finish("CURVE", 25519, desc[3], useDeviceID, count, start, + ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + wc_curve25519_free(&genKey2); + wc_curve25519_free(&genKey); +} +#endif /* HAVE_CURVE25519_SHARED_SECRET */ +#endif /* HAVE_CURVE25519 */ + +#ifdef HAVE_ED25519 +void bench_ed25519KeyGen(void) +{ +#ifdef HAVE_ED25519_MAKE_KEY + ed25519_key genKey; + double start; + int i, count; + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + /* Key Gen */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + wc_ed25519_init(&genKey); + (void)wc_ed25519_make_key(&gRng, 32, &genKey); + wc_ed25519_free(&genKey); + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish("ED", 25519, desc[2], 0, count, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +#endif /* HAVE_ED25519_MAKE_KEY */ +} + + +void bench_ed25519KeySign(void) +{ +#ifdef HAVE_ED25519_MAKE_KEY + int ret; +#endif + ed25519_key genKey; +#ifdef HAVE_ED25519_SIGN + double start; + int i, count; + byte sig[ED25519_SIG_SIZE]; + byte msg[512]; + word32 x = 0; + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() +#endif + + bench_stats_prepare(); + + wc_ed25519_init(&genKey); + +#ifdef HAVE_ED25519_MAKE_KEY + ret = wc_ed25519_make_key(&gRng, ED25519_KEY_SIZE, &genKey); + if (ret != 0) { + printf("ed25519_make_key failed\n"); + return; + } +#endif + +#ifdef HAVE_ED25519_SIGN + /* make dummy msg */ + for (i = 0; i < (int)sizeof(msg); i++) + msg[i] = (byte)i; + + bench_stats_start(&count, &start); + do { + for (i = 0; i < agreeTimes; i++) { + x = sizeof(sig); + ret = wc_ed25519_sign_msg(msg, sizeof(msg), sig, &x, &genKey); + if (ret != 0) { + printf("ed25519_sign_msg failed\n"); + goto exit_ed_sign; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_ed_sign: + bench_stats_asym_finish("ED", 25519, desc[4], 0, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + +#ifdef HAVE_ED25519_VERIFY + bench_stats_start(&count, &start); + do { + for (i = 0; i < agreeTimes; i++) { + int verify = 0; + ret = wc_ed25519_verify_msg(sig, x, msg, sizeof(msg), &verify, + &genKey); + if (ret != 0 || verify != 1) { + printf("ed25519_verify_msg failed\n"); + goto exit_ed_verify; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit_ed_verify: + bench_stats_asym_finish("ED", 25519, desc[5], 0, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +#endif /* HAVE_ED25519_VERIFY */ +#endif /* HAVE_ED25519_SIGN */ + + wc_ed25519_free(&genKey); +} +#endif /* HAVE_ED25519 */ + +#ifdef HAVE_CURVE448 +void bench_curve448KeyGen(void) +{ + curve448_key genKey; + double start; + int ret = 0, i, count; + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + /* Key Gen */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + ret = wc_curve448_make_key(&gRng, 56, &genKey); + wc_curve448_free(&genKey); + if (ret != 0) { + printf("wc_curve448_make_key failed: %d\n", ret); + break; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish("CURVE", 448, desc[2], 0, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +} + +#ifdef HAVE_CURVE448_SHARED_SECRET +void bench_curve448KeyAgree(void) +{ + curve448_key genKey, genKey2; + double start; + int ret, i, count; + byte shared[56]; + const char**desc = bench_desc_words[lng_index]; + word32 x = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + wc_curve448_init(&genKey); + wc_curve448_init(&genKey2); + + ret = wc_curve448_make_key(&gRng, 56, &genKey); + if (ret != 0) { + printf("curve448_make_key failed\n"); + return; + } + ret = wc_curve448_make_key(&gRng, 56, &genKey2); + if (ret != 0) { + printf("curve448_make_key failed: %d\n", ret); + wc_curve448_free(&genKey); + return; + } + + /* Shared secret */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < agreeTimes; i++) { + x = sizeof(shared); + ret = wc_curve448_shared_secret(&genKey, &genKey2, shared, &x); + if (ret != 0) { + printf("curve448_shared_secret failed: %d\n", ret); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + +exit: + bench_stats_asym_finish("CURVE", 448, desc[3], 0, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + wc_curve448_free(&genKey2); + wc_curve448_free(&genKey); +} +#endif /* HAVE_CURVE448_SHARED_SECRET */ +#endif /* HAVE_CURVE448 */ + +#ifdef HAVE_ED448 +void bench_ed448KeyGen(void) +{ + ed448_key genKey; + double start; + int i, count; + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + /* Key Gen */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + wc_ed448_init(&genKey); + (void)wc_ed448_make_key(&gRng, ED448_KEY_SIZE, &genKey); + wc_ed448_free(&genKey); + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish("ED", 448, desc[2], 0, count, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +} + +void bench_ed448KeySign(void) +{ + int ret; + WC_DECLARE_VAR(genKey, ed448_key, 1, HEAP_HINT); +#ifdef HAVE_ED448_SIGN + double start; + int i, count; + byte sig[ED448_SIG_SIZE]; + byte msg[512]; + word32 x = 0; + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() +#endif + + bench_stats_prepare(); + + WC_ALLOC_VAR(genKey, ed448_key, 1, HEAP_HINT); + + wc_ed448_init(genKey); + + ret = wc_ed448_make_key(&gRng, ED448_KEY_SIZE, genKey); + if (ret != 0) { + printf("ed448_make_key failed\n"); + goto exit; + } + +#ifdef HAVE_ED448_SIGN + /* make dummy msg */ + for (i = 0; i < (int)sizeof(msg); i++) + msg[i] = (byte)i; + + bench_stats_start(&count, &start); + do { + for (i = 0; i < agreeTimes; i++) { + x = sizeof(sig); + ret = wc_ed448_sign_msg(msg, sizeof(msg), sig, &x, genKey, + NULL, 0); + if (ret != 0) { + printf("ed448_sign_msg failed\n"); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish("ED", 448, desc[4], 0, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + +#ifdef HAVE_ED448_VERIFY + bench_stats_start(&count, &start); + do { + for (i = 0; i < agreeTimes; i++) { + int verify = 0; + ret = wc_ed448_verify_msg(sig, x, msg, sizeof(msg), &verify, + genKey, NULL, 0); + if (ret != 0 || verify != 1) { + printf("ed448_verify_msg failed\n"); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish("ED", 448, desc[5], 0, count, start, ret); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif +#endif /* HAVE_ED448_VERIFY */ +#endif /* HAVE_ED448_SIGN */ + +exit: + + wc_ed448_free(genKey); + WC_FREE_VAR(genKey, HEAP_HINT); +} +#endif /* HAVE_ED448 */ + +#ifdef WOLFCRYPT_HAVE_ECCSI +#ifdef WOLFCRYPT_ECCSI_KMS +void bench_eccsiKeyGen(void) +{ + WC_DECLARE_VAR(genKey, EccsiKey, 1, HEAP_HINT); + double start; + int i, count; + const char**desc = bench_desc_words[lng_index]; + int ret; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + WC_ALLOC_VAR(genKey, EccsiKey, 1, HEAP_HINT); + + /* Key Gen */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + wc_InitEccsiKey(genKey, NULL, INVALID_DEVID); + ret = wc_MakeEccsiKey(genKey, &gRng); + wc_FreeEccsiKey(genKey); + if (ret != 0) { + printf("wc_MakeEccsiKey failed: %d\n", ret); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish("ECCSI", 256, desc[2], 0, count, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + WC_FREE_VAR(genKey, HEAP_HINT); +} + +void bench_eccsiPairGen(void) +{ + WC_DECLARE_VAR(genKey, EccsiKey, 1, HEAP_HINT); + double start; + int i, count; + const char**desc = bench_desc_words[lng_index]; + WC_DECLARE_VAR(ssk, mp_int, 1, HEAP_HINT); + ecc_point* pvt; + static const byte id[] = { 0x01, 0x23, 0x34, 0x45 }; + int ret; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + WC_ALLOC_VAR(genKey, EccsiKey, 1, HEAP_HINT); + WC_ALLOC_VAR(ssk, mp_int, 1, HEAP_HINT); + + (void)mp_init(ssk); + pvt = wc_ecc_new_point(); + wc_InitEccsiKey(genKey, NULL, INVALID_DEVID); + (void)wc_MakeEccsiKey(genKey, &gRng); + + /* RSK Gen */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + ret = wc_MakeEccsiPair(genKey, &gRng, WC_HASH_TYPE_SHA256, id, + sizeof(id), ssk, pvt); + if (ret != 0) { + printf("wc_MakeEccsiPair failed: %d\n", ret); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish("ECCSI", 256, desc[12], 0, count, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + wc_FreeEccsiKey(genKey); + wc_ecc_del_point(pvt); + mp_free(ssk); + +exit: + + WC_FREE_VAR(genKey, HEAP_HINT); + WC_FREE_VAR(ssk, HEAP_HINT); +} +#endif + +#ifdef WOLFCRYPT_ECCSI_CLIENT +void bench_eccsiValidate(void) +{ + WC_DECLARE_VAR(genKey, EccsiKey, 1, HEAP_HINT); + double start; + int i, count; + const char**desc = bench_desc_words[lng_index]; + WC_DECLARE_VAR(ssk, mp_int, 1, HEAP_HINT); + ecc_point* pvt; + static const byte id[] = { 0x01, 0x23, 0x34, 0x45 }; + int valid; + int ret; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + WC_ALLOC_VAR(genKey, EccsiKey, 1, HEAP_HINT); + WC_ALLOC_VAR(ssk, mp_int, 1, HEAP_HINT); + + (void)mp_init(ssk); + pvt = wc_ecc_new_point(); + wc_InitEccsiKey(genKey, NULL, INVALID_DEVID); + (void)wc_MakeEccsiKey(genKey, &gRng); + (void)wc_MakeEccsiPair(genKey, &gRng, WC_HASH_TYPE_SHA256, id, sizeof(id), + ssk, pvt); + + /* Validation of RSK */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + ret = wc_ValidateEccsiPair(genKey, WC_HASH_TYPE_SHA256, id, + sizeof(id), ssk, pvt, &valid); + if (ret != 0 || !valid) { + printf("wc_ValidateEccsiPair failed: %d (valid=%d))\n", ret, + valid); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish("ECCSI", 256, desc[11], 0, count, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + wc_FreeEccsiKey(genKey); + wc_ecc_del_point(pvt); + mp_free(ssk); + +exit: + + WC_FREE_VAR(genKey, HEAP_HINT); + WC_FREE_VAR(ssk, HEAP_HINT); +} + +void bench_eccsi(void) +{ + WC_DECLARE_VAR(genKey, EccsiKey, 1, HEAP_HINT); + double start; + int i, count; + const char**desc = bench_desc_words[lng_index]; + WC_DECLARE_VAR(ssk, mp_int, 1, HEAP_HINT); + ecc_point* pvt; + static const byte id[] = { 0x01, 0x23, 0x34, 0x45 }; + static const byte msg[] = { 0x01, 0x23, 0x34, 0x45 }; + byte hash[WC_SHA256_DIGEST_SIZE]; + byte hashSz = (byte)sizeof(hash); + byte sig[257]; + word32 sigSz = sizeof(sig); + int ret; + int verified; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + WC_ALLOC_VAR(genKey, EccsiKey, 1, HEAP_HINT); + WC_ALLOC_VAR(ssk, mp_int, 1, HEAP_HINT); + + (void)mp_init(ssk); + pvt = wc_ecc_new_point(); + (void)wc_InitEccsiKey(genKey, NULL, INVALID_DEVID); + (void)wc_MakeEccsiKey(genKey, &gRng); + (void)wc_MakeEccsiPair(genKey, &gRng, WC_HASH_TYPE_SHA256, id, sizeof(id), + ssk, pvt); + (void)wc_HashEccsiId(genKey, WC_HASH_TYPE_SHA256, id, sizeof(id), pvt, + hash, &hashSz); + (void)wc_SetEccsiHash(genKey, hash, hashSz); + (void)wc_SetEccsiPair(genKey, ssk, pvt); + + /* Encapsulate */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + ret = wc_SignEccsiHash(genKey, &gRng, WC_HASH_TYPE_SHA256, msg, + sizeof(msg), sig, &sigSz); + if (ret != 0) { + printf("wc_SignEccsiHash failed: %d\n", ret); + break; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish("ECCSI", 256, desc[4], 0, count, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + + /* Derive */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + ret = wc_VerifyEccsiHash(genKey, WC_HASH_TYPE_SHA256, msg, + sizeof(msg), sig, sigSz, &verified); + + if (ret != 0 || !verified) { + printf("wc_VerifyEccsiHash failed: %d (verified: %d)\n", ret, + verified); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish("ECCSI", 256, desc[5], 0, count, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + wc_FreeEccsiKey(genKey); + wc_ecc_del_point(pvt); + +exit: + + WC_FREE_VAR(genKey, HEAP_HINT); + WC_FREE_VAR(ssk, HEAP_HINT); +} +#endif /* WOLFCRYPT_ECCSI_CLIENT */ +#endif /* WOLFCRYPT_HAVE_ECCSI */ + +#ifdef WOLFCRYPT_HAVE_SAKKE +#ifdef WOLFCRYPT_SAKKE_KMS +void bench_sakkeKeyGen(void) +{ + WC_DECLARE_VAR(genKey, SakkeKey, 1, HEAP_HINT); + double start; + int i, count; + const char**desc = bench_desc_words[lng_index]; + int ret; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + WC_ALLOC_VAR(genKey, SakkeKey, 1, HEAP_HINT); + + /* Key Gen */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + wc_InitSakkeKey_ex(genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID); + ret = wc_MakeSakkeKey(genKey, &gRng); + if (ret != 0) { + printf("wc_MakeSakkeKey failed: %d\n", ret); + goto exit; + } + wc_FreeSakkeKey(genKey); + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish("SAKKE", 1024, desc[2], 0, count, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + +exit: + + WC_FREE_VAR(genKey, HEAP_HINT); +} + +void bench_sakkeRskGen(void) +{ + WC_DECLARE_VAR(genKey, SakkeKey, 1, HEAP_HINT); + double start; + int i, count; + const char**desc = bench_desc_words[lng_index]; + ecc_point* rsk; + static const byte id[] = { 0x01, 0x23, 0x34, 0x45 }; + int ret; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + WC_ALLOC_VAR(genKey, SakkeKey, 1, HEAP_HINT); + + rsk = wc_ecc_new_point(); + wc_InitSakkeKey_ex(genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID); + (void)wc_MakeSakkeKey(genKey, &gRng); + + /* RSK Gen */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + ret = wc_MakeSakkeRsk(genKey, id, sizeof(id), rsk); + if (ret != 0) { + printf("wc_MakeSakkeRsk failed: %d\n", ret); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish("SAKKE", 1024, desc[8], 0, count, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + wc_FreeSakkeKey(genKey); + wc_ecc_del_point(rsk); + +exit: + + WC_FREE_VAR(genKey, HEAP_HINT); +} +#endif + +#ifdef WOLFCRYPT_SAKKE_CLIENT +void bench_sakkeValidate(void) +{ + WC_DECLARE_VAR(genKey, SakkeKey, 1, HEAP_HINT); + double start; + int i, count; + const char**desc = bench_desc_words[lng_index]; + ecc_point* rsk; + static const byte id[] = { 0x01, 0x23, 0x34, 0x45 }; + int valid; + int ret; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + WC_ALLOC_VAR(genKey, SakkeKey, 1, HEAP_HINT); + + rsk = wc_ecc_new_point(); + (void)wc_InitSakkeKey_ex(genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID); + (void)wc_MakeSakkeKey(genKey, &gRng); + (void)wc_MakeSakkeRsk(genKey, id, sizeof(id), rsk); + (void)wc_ValidateSakkeRsk(genKey, id, sizeof(id), rsk, &valid); + + /* Validation of RSK */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + ret = wc_ValidateSakkeRsk(genKey, id, sizeof(id), rsk, &valid); + if (ret != 0 || !valid) { + printf("wc_ValidateSakkeRsk failed: %d (valid=%d))\n", ret, + valid); + goto exit; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish("SAKKE", 1024, desc[11], 0, count, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + wc_FreeSakkeKey(genKey); + wc_ecc_del_point(rsk); + +exit: + + WC_FREE_VAR(genKey, HEAP_HINT); +} + +void bench_sakke(void) +{ + WC_DECLARE_VAR(genKey, SakkeKey, 1, HEAP_HINT); + double start; + int i, count; + const char**desc = bench_desc_words[lng_index]; + ecc_point* rsk; + static const byte id[] = { 0x01, 0x23, 0x34, 0x45 }; + static const byte ssv_init[] = { 0x01, 0x23, 0x34, 0x45 }; + byte ssv[sizeof(ssv_init)]; + byte derSSV[sizeof(ssv)]; + byte auth[257]; + word16 authSz = sizeof(auth); + int ret = 0; + byte* table = NULL; + word32 len = 0; + byte* iTable = NULL; + word32 iTableLen = 0; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + WC_ALLOC_VAR(genKey, SakkeKey, 1, HEAP_HINT); + + XMEMCPY(ssv, ssv_init, sizeof ssv); + + rsk = wc_ecc_new_point(); + (void)wc_InitSakkeKey_ex(genKey, 128, ECC_SAKKE_1, NULL, INVALID_DEVID); + (void)wc_MakeSakkeKey(genKey, &gRng); + (void)wc_MakeSakkeRsk(genKey, id, sizeof(id), rsk); + (void)wc_SetSakkeRsk(genKey, rsk, NULL, 0); + (void)wc_SetSakkeIdentity(genKey, id, sizeof(id)); + + /* Encapsulate */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + ret = wc_MakeSakkeEncapsulatedSSV(genKey, + WC_HASH_TYPE_SHA256, + ssv, sizeof(ssv), auth, &authSz); + if (ret != 0) { + printf("wc_MakeSakkeEncapsulatedSSV failed: %d\n", ret); + break; + } + RECORD_MULTI_VALUE_STATS(); + } /* for */ + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish_ex("SAKKE", 1024, desc[9], "-1", + 0, count, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + + /* Derive */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + XMEMCPY(derSSV, ssv, sizeof(ssv)); + ret = wc_DeriveSakkeSSV(genKey, WC_HASH_TYPE_SHA256, derSSV, + sizeof(derSSV), auth, authSz); + if (ret != 0) { + printf("wc_DeriveSakkeSSV failed: %d\n", ret); + break; + } + RECORD_MULTI_VALUE_STATS(); + } + if (ret != 0) break; + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish_ex("SAKKE", 1024, desc[10], "-1", + 0, count, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + /* Calculate Point I and generate table. */ + (void)wc_MakeSakkePointI(genKey, id, sizeof(id)); + iTableLen = 0; + (void)wc_GenerateSakkePointITable(genKey, NULL, &iTableLen); + if (iTableLen != 0) { + iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (iTable == NULL) + WC_ALLOC_DO_ON_FAILURE(); + (void)wc_GenerateSakkePointITable(genKey, iTable, &iTableLen); + } + + /* Encapsulate with Point I table */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + ret = wc_MakeSakkeEncapsulatedSSV(genKey, + WC_HASH_TYPE_SHA256, ssv, + sizeof(ssv), auth, &authSz); + if (ret != 0) { + printf("wc_MakeSakkeEncapsulatedSSV failed: %d\n", ret); + break; + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish_ex("SAKKE", 1024, desc[9], "-2", 0, + count, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + + (void)wc_SetSakkeRsk(genKey, rsk, table, len); + + /* Derive with Point I table */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + XMEMCPY(derSSV, ssv, sizeof(ssv)); + ret = wc_DeriveSakkeSSV(genKey, WC_HASH_TYPE_SHA256, derSSV, + sizeof(derSSV), auth, authSz); + if (ret != 0) { + printf("wc_DeriveSakkeSSV failed: %d\n", ret); + break; + } + RECORD_MULTI_VALUE_STATS(); + } + if (ret != 0) break; + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish_ex("SAKKE", 1024, desc[10], "-2", 0, + count, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + + len = 0; + (void)wc_GenerateSakkeRskTable(genKey, rsk, NULL, &len); + if (len > 0) { + table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (table == NULL) + WC_ALLOC_DO_ON_FAILURE(); + (void)wc_GenerateSakkeRskTable(genKey, rsk, table, &len); + } + (void)wc_SetSakkeRsk(genKey, rsk, table, len); + + /* Derive with Point I table and RSK table */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + XMEMCPY(derSSV, ssv, sizeof(ssv)); + ret = wc_DeriveSakkeSSV(genKey, WC_HASH_TYPE_SHA256, derSSV, + sizeof(derSSV), auth, authSz); + if (ret != 0) { + printf("wc_DeriveSakkeSSV failed: %d\n", ret); + break; + } + RECORD_MULTI_VALUE_STATS(); + } + if (ret != 0) break; + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish_ex("SAKKE", 1024, desc[10], "-3", + 0, count, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + RESET_MULTI_VALUE_STATS_VARS(); + + wc_ClearSakkePointITable(genKey); + /* Derive with RSK table */ + bench_stats_start(&count, &start); + do { + for (i = 0; i < genTimes; i++) { + XMEMCPY(derSSV, ssv, sizeof(ssv)); + ret = wc_DeriveSakkeSSV(genKey, WC_HASH_TYPE_SHA256, derSSV, + sizeof(derSSV), auth, authSz); + if (ret != 0) { + printf("wc_DeriveSakkeSSV failed: %d\n", ret); + break; + } + RECORD_MULTI_VALUE_STATS(); + } + if (ret != 0) break; + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + bench_stats_asym_finish_ex("SAKKE", 1024, desc[10], "-4", 0, + count, start, 0); +#ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); +#endif + + wc_FreeSakkeKey(genKey); + wc_ecc_del_point(rsk); + +exit: + + XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + WC_FREE_VAR(genKey, HEAP_HINT); +} +#endif /* WOLFCRYPT_SAKKE_CLIENT */ +#endif /* WOLFCRYPT_HAVE_SAKKE */ + +#ifdef HAVE_FALCON +void bench_falconKeySign(byte level) +{ + int ret = 0; + falcon_key key; + double start; + int i, count; + byte sig[FALCON_MAX_SIG_SIZE]; + byte msg[512]; + word32 x = 0; + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + ret = wc_falcon_init(&key); + if (ret != 0) { + printf("wc_falcon_init failed %d\n", ret); + return; + } + + ret = wc_falcon_set_level(&key, level); + if (ret != 0) { + printf("wc_falcon_set_level failed %d\n", ret); + } + + if (ret == 0) { + if (level == 1) { + ret = wc_falcon_import_private_key(bench_falcon_level1_key, + sizeof_bench_falcon_level1_key, + NULL, 0, &key); + } + else { + ret = wc_falcon_import_private_key(bench_falcon_level5_key, + sizeof_bench_falcon_level5_key, + NULL, 0, &key); + } + + if (ret != 0) { + printf("wc_falcon_import_private_key failed %d\n", ret); + } + } + + /* make dummy msg */ + for (i = 0; i < (int)sizeof(msg); i++) { + msg[i] = (byte)i; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < agreeTimes; i++) { + if (ret == 0) { + if (level == 1) { + x = FALCON_LEVEL1_SIG_SIZE; + } + else { + x = FALCON_LEVEL5_SIG_SIZE; + } + + ret = wc_falcon_sign_msg(msg, sizeof(msg), sig, &x, &key, GLOBAL_RNG); + if (ret != 0) { + printf("wc_falcon_sign_msg failed\n"); + } + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + if (ret == 0) { + bench_stats_asym_finish("FALCON", level, desc[4], 0, + count, start, ret); + #ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); + #endif + } + + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < agreeTimes; i++) { + if (ret == 0) { + int verify = 0; + ret = wc_falcon_verify_msg(sig, x, msg, sizeof(msg), &verify, + &key); + if (ret != 0 || verify != 1) { + printf("wc_falcon_verify_msg failed %d, verify %d\n", + ret, verify); + ret = -1; + } + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + if (ret == 0) { + bench_stats_asym_finish("FALCON", level, desc[5], + 0, count, start, ret); + #ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); + #endif + } + + wc_falcon_free(&key); +} +#endif /* HAVE_FALCON */ + +#ifdef HAVE_DILITHIUM + +#if defined(WOLFSSL_DILITHIUM_NO_SIGN) && !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + +#ifndef WOLFSSL_NO_ML_DSA_44 +static const unsigned char bench_dilithium_level2_sig[] = { + 0x5e, 0xc1, 0xce, 0x0e, 0x31, 0xea, 0x10, 0x52, 0xa3, 0x7a, + 0xfe, 0x4d, 0xac, 0x07, 0x89, 0x5a, 0x45, 0xbd, 0x5a, 0xe5, + 0x22, 0xed, 0x98, 0x4d, 0x2f, 0xc8, 0x27, 0x00, 0x99, 0x40, + 0x00, 0x79, 0xcd, 0x93, 0x27, 0xd0, 0x40, 0x33, 0x79, 0x4f, + 0xe5, 0x16, 0x89, 0x9f, 0xbd, 0xa6, 0x3f, 0xdd, 0x68, 0x74, + 0x73, 0xc3, 0x97, 0x54, 0x11, 0x1d, 0xc8, 0xb8, 0xc8, 0xfd, + 0x3a, 0xbe, 0xca, 0x17, 0x0f, 0x10, 0x6d, 0x89, 0x6d, 0xe0, + 0xb2, 0xff, 0x3b, 0xe5, 0xa1, 0x75, 0xea, 0x35, 0x16, 0xa3, + 0x0c, 0x6e, 0x4a, 0x7b, 0xdb, 0x28, 0xc6, 0x2a, 0x76, 0x0e, + 0x78, 0x78, 0xa0, 0x4f, 0x4e, 0xf8, 0x99, 0xff, 0xe7, 0x47, + 0x7e, 0xc4, 0x62, 0xa7, 0xb4, 0xb9, 0x2b, 0xc1, 0xc7, 0xd0, + 0x00, 0xb6, 0xaa, 0xa7, 0x37, 0xd5, 0x1e, 0x19, 0xc4, 0xc4, + 0x59, 0x2f, 0xa5, 0x09, 0xa3, 0xda, 0x5d, 0xd4, 0x48, 0x64, + 0x16, 0x0e, 0x92, 0xdf, 0x61, 0xb7, 0x25, 0x3b, 0x90, 0x5a, + 0x08, 0xb5, 0x88, 0xe8, 0x64, 0x80, 0x63, 0xee, 0xbf, 0x59, + 0x0f, 0x4a, 0x48, 0x1e, 0x77, 0xa9, 0x46, 0xc6, 0x9c, 0x0b, + 0x83, 0xad, 0xb5, 0xbf, 0xb5, 0x5b, 0x99, 0xf3, 0x55, 0xe8, + 0xe5, 0xe7, 0x5c, 0x12, 0xac, 0x06, 0x06, 0xe0, 0xc0, 0x32, + 0x5d, 0xb6, 0x9f, 0x2b, 0x8e, 0x19, 0x5c, 0x2a, 0x58, 0xbb, + 0x37, 0xf1, 0x68, 0x56, 0x8b, 0x74, 0x94, 0x58, 0x48, 0x28, + 0xee, 0xf7, 0x0a, 0x8f, 0xad, 0x43, 0x67, 0xe1, 0xa3, 0x8c, + 0x3b, 0x35, 0x48, 0xcc, 0x52, 0x14, 0x36, 0x99, 0x18, 0x71, + 0x1c, 0xb2, 0xfc, 0x82, 0xda, 0xac, 0xd5, 0x55, 0x0a, 0x77, + 0x44, 0x6a, 0x48, 0xed, 0xfc, 0x5a, 0x68, 0xa6, 0x4d, 0x65, + 0xe7, 0x30, 0xaa, 0x23, 0x66, 0x84, 0xdf, 0x83, 0xf1, 0x17, + 0x5c, 0x46, 0xfe, 0x63, 0xcb, 0xc3, 0x6e, 0x4e, 0x47, 0x8d, + 0x30, 0x48, 0x06, 0xda, 0x97, 0x6b, 0x04, 0x5d, 0x44, 0xf3, + 0xb7, 0x2a, 0x6d, 0x2b, 0xbb, 0xcd, 0x97, 0x4e, 0x26, 0x8e, + 0xc9, 0x03, 0x0b, 0x5d, 0x68, 0xed, 0x81, 0xf7, 0x19, 0x61, + 0x81, 0xe9, 0xac, 0x3a, 0x35, 0xcd, 0xe8, 0xfd, 0x99, 0xdb, + 0x89, 0x83, 0x7d, 0x23, 0x6a, 0xc1, 0xc1, 0x10, 0xe9, 0xd3, + 0xfa, 0x9e, 0x5a, 0xcd, 0x73, 0xa3, 0x0a, 0x37, 0xa3, 0x12, + 0xef, 0x72, 0xa2, 0x28, 0xd4, 0x3d, 0x67, 0x53, 0x24, 0x0d, + 0x61, 0x98, 0xbb, 0x07, 0xf3, 0xa7, 0x79, 0x22, 0x74, 0x57, + 0x99, 0xe8, 0x7a, 0xbf, 0x90, 0x84, 0xa2, 0x6b, 0x29, 0x34, + 0xac, 0xc9, 0xff, 0x67, 0x82, 0xd0, 0xd2, 0x7d, 0x69, 0xc0, + 0xf3, 0xd7, 0x4b, 0x5c, 0xf2, 0xa8, 0x53, 0x8b, 0x78, 0x57, + 0xfc, 0x74, 0xf5, 0x81, 0x6e, 0xc2, 0x5b, 0x32, 0x52, 0x9e, + 0x58, 0x84, 0xa1, 0x71, 0xd5, 0x8c, 0xf5, 0x16, 0x36, 0x4d, + 0x11, 0xd4, 0xb5, 0xc2, 0x05, 0xc4, 0x03, 0xce, 0x83, 0xea, + 0x0b, 0x6a, 0x2e, 0xf6, 0x28, 0x5e, 0xb2, 0x40, 0x8c, 0xa3, + 0x6a, 0xc7, 0xee, 0x04, 0x54, 0x93, 0x0f, 0x3b, 0xf9, 0x57, + 0x92, 0x00, 0xf1, 0xc7, 0x1b, 0x48, 0x63, 0xcb, 0xd3, 0xdd, + 0x40, 0x90, 0x46, 0xb0, 0x87, 0x2a, 0xb8, 0xec, 0xbc, 0x07, + 0x09, 0x83, 0x25, 0xb1, 0x88, 0x2c, 0xa0, 0x0a, 0x40, 0x4f, + 0xfd, 0xec, 0xfd, 0xbe, 0x18, 0xae, 0xdd, 0x83, 0x89, 0x83, + 0x2d, 0x10, 0xb4, 0x14, 0x30, 0xac, 0x6c, 0xd9, 0xc9, 0xaa, + 0xbc, 0xdb, 0x5e, 0x14, 0xab, 0x19, 0x64, 0xaa, 0xb1, 0x9c, + 0xc3, 0xf5, 0xdc, 0x2b, 0xcd, 0x26, 0x0b, 0x81, 0x1a, 0x0e, + 0x0a, 0xd6, 0x39, 0x79, 0x10, 0x06, 0xbf, 0xe0, 0xc1, 0x8b, + 0x20, 0x24, 0x90, 0x8b, 0x0f, 0xa4, 0x2d, 0x2d, 0x46, 0x2a, + 0xd4, 0xf3, 0xa9, 0x58, 0x4b, 0xd9, 0xa6, 0x6c, 0x75, 0x3d, + 0xbc, 0x36, 0x76, 0x7f, 0xef, 0x1b, 0xa1, 0x41, 0xba, 0xd0, + 0xfe, 0x16, 0x19, 0xc3, 0x92, 0xe3, 0x59, 0x07, 0x3f, 0x48, + 0x11, 0x70, 0xe0, 0x8a, 0xff, 0x97, 0xbc, 0x71, 0xd5, 0xb9, + 0x4a, 0x9b, 0x4c, 0xb8, 0x4b, 0x50, 0xd6, 0x43, 0xe8, 0x84, + 0x0a, 0x95, 0xd0, 0x20, 0x28, 0xd3, 0x20, 0x4a, 0x0e, 0x1b, + 0xe6, 0x5d, 0x2f, 0x0c, 0xdb, 0x76, 0xab, 0xa3, 0xc2, 0xad, + 0xd5, 0x86, 0xae, 0xb9, 0x26, 0xb2, 0x5d, 0x72, 0x27, 0xbb, + 0xec, 0x23, 0x9f, 0x42, 0x90, 0x58, 0xe1, 0xf8, 0xe9, 0x63, + 0xdf, 0x1a, 0x46, 0x53, 0x65, 0x05, 0xfb, 0x20, 0x21, 0xa6, + 0x64, 0xc8, 0x5c, 0x67, 0x6b, 0x41, 0x6c, 0x04, 0x34, 0xeb, + 0x05, 0x71, 0xeb, 0xbe, 0xed, 0x6d, 0xa2, 0x96, 0x67, 0x45, + 0xe7, 0x47, 0x22, 0x64, 0xaf, 0x82, 0xf8, 0x78, 0x0e, 0xe6, + 0xa1, 0x4a, 0x2d, 0x82, 0x1e, 0xd0, 0xc2, 0x79, 0x4e, 0x29, + 0x89, 0xd9, 0xf3, 0x3f, 0xb6, 0xc4, 0xee, 0x69, 0xb2, 0x8f, + 0x8b, 0xd9, 0x13, 0xd9, 0x6e, 0x3a, 0xc5, 0x9f, 0xdf, 0x25, + 0xb7, 0xc3, 0x16, 0xb8, 0xa2, 0x85, 0x17, 0xae, 0xe9, 0x95, + 0x5d, 0xb8, 0x1d, 0x21, 0xbb, 0xd9, 0x38, 0x11, 0x8f, 0x44, + 0xea, 0xe8, 0x4c, 0x91, 0x82, 0xf5, 0x45, 0xee, 0x8f, 0xf5, + 0x6a, 0x0d, 0x08, 0xe7, 0x6b, 0xb0, 0x91, 0xd5, 0x42, 0x17, + 0x8c, 0x37, 0x6a, 0x5a, 0x0a, 0x87, 0x53, 0x76, 0xc3, 0x59, + 0x35, 0x13, 0x1c, 0xf1, 0x72, 0x2c, 0x2b, 0xb2, 0x9e, 0xda, + 0x10, 0x2a, 0xce, 0x38, 0xb4, 0x67, 0x8c, 0x4b, 0x08, 0xa1, + 0xb6, 0xa3, 0x08, 0x9c, 0xeb, 0xd8, 0x93, 0x1b, 0x29, 0x5a, + 0xa7, 0x03, 0x17, 0x7e, 0xec, 0x58, 0x6b, 0x5b, 0xc5, 0x46, + 0x03, 0x33, 0x7f, 0x0e, 0x93, 0x9a, 0xdd, 0xb5, 0x89, 0xb1, + 0x16, 0x4c, 0xa7, 0xd8, 0x0e, 0x73, 0xd8, 0xc3, 0xd2, 0x36, + 0x85, 0x66, 0xcb, 0x5b, 0x64, 0xf2, 0xdc, 0xba, 0x39, 0xcc, + 0xa5, 0xe0, 0x9b, 0xaa, 0x2a, 0x95, 0x6d, 0xdc, 0x49, 0xde, + 0x3b, 0x61, 0xa2, 0x3b, 0x1f, 0xed, 0x32, 0xfa, 0x10, 0xe4, + 0x88, 0x59, 0xca, 0x5a, 0xe4, 0xf9, 0x5e, 0xe2, 0xca, 0x21, + 0x5a, 0xdc, 0x02, 0x73, 0x7a, 0xc8, 0x90, 0x7a, 0x8e, 0x91, + 0x19, 0x04, 0x53, 0x3c, 0x50, 0x15, 0x8a, 0x84, 0x93, 0x8f, + 0xac, 0x99, 0x82, 0xdd, 0xc6, 0xce, 0xfb, 0x18, 0x84, 0x29, + 0x2a, 0x8d, 0xa2, 0xc5, 0x7f, 0x87, 0xce, 0x4c, 0xf5, 0xdf, + 0x73, 0xd2, 0xba, 0xc2, 0x4f, 0xe3, 0x74, 0xa5, 0x8f, 0xc3, + 0xf4, 0x99, 0xd1, 0xe8, 0x4e, 0xb8, 0xe0, 0x2e, 0xef, 0xd6, + 0x87, 0x70, 0xcf, 0x45, 0x3b, 0xff, 0x03, 0xfd, 0x59, 0x7f, + 0x7c, 0xd0, 0x4e, 0x49, 0xf7, 0xd5, 0x08, 0xd9, 0x06, 0x53, + 0x90, 0x0a, 0x5a, 0x1b, 0x2e, 0xf5, 0xb0, 0x85, 0xb6, 0xb6, + 0x61, 0xa5, 0x71, 0x47, 0xbf, 0x4a, 0xf6, 0xae, 0x9a, 0x19, + 0x6c, 0xd8, 0x2d, 0x9b, 0xb4, 0x40, 0x9e, 0x15, 0x77, 0x2e, + 0x7e, 0xe9, 0xb4, 0x3d, 0x0f, 0x1b, 0xb5, 0x1c, 0xc2, 0x58, + 0x4e, 0x4b, 0xf6, 0x53, 0x9e, 0x6f, 0x09, 0x55, 0xa0, 0xb8, + 0x73, 0x11, 0x64, 0x70, 0x54, 0xb4, 0xcb, 0xb7, 0x27, 0xe5, + 0xdf, 0x58, 0x67, 0x5b, 0xc0, 0xd6, 0xf5, 0x64, 0xa6, 0x66, + 0x6d, 0xdf, 0xd8, 0xf8, 0xd6, 0x85, 0xba, 0xba, 0x30, 0xa7, + 0xca, 0x34, 0xf4, 0x9a, 0xba, 0x0a, 0xfb, 0x0e, 0xa0, 0x65, + 0x98, 0x78, 0xee, 0xaa, 0x14, 0x6a, 0x99, 0x77, 0x67, 0xad, + 0x01, 0x95, 0x5e, 0x50, 0x22, 0xe9, 0x74, 0x95, 0xa7, 0x13, + 0x3f, 0xdd, 0xa6, 0x69, 0x64, 0xf6, 0x50, 0x06, 0x6d, 0xba, + 0x90, 0x5a, 0x8c, 0x81, 0xa0, 0xda, 0x55, 0xe9, 0x97, 0x0e, + 0xd7, 0x10, 0x8e, 0x1f, 0x23, 0x65, 0xd9, 0x14, 0xd4, 0xde, + 0xa5, 0xf9, 0xec, 0xb6, 0xad, 0x65, 0xce, 0x0b, 0x1b, 0x0a, + 0x4c, 0x7d, 0xb0, 0x97, 0xa6, 0xfe, 0x67, 0xfb, 0x4f, 0x8f, + 0x00, 0x92, 0xb6, 0x0d, 0x20, 0x78, 0x65, 0x1d, 0x9a, 0x56, + 0x57, 0xc6, 0x15, 0x88, 0xba, 0x55, 0x02, 0x7a, 0x9a, 0xac, + 0x50, 0x4c, 0xc7, 0x9e, 0x66, 0x8b, 0xfc, 0xf3, 0x67, 0x48, + 0x07, 0xbf, 0x84, 0x94, 0x9b, 0x22, 0x2a, 0xae, 0x1b, 0x25, + 0xe9, 0x94, 0x06, 0xa7, 0xe8, 0x61, 0x52, 0x89, 0xdc, 0x93, + 0x6e, 0x89, 0xdc, 0x30, 0x6e, 0xd9, 0xee, 0xcb, 0x12, 0x38, + 0x58, 0x9d, 0x8b, 0xc5, 0x05, 0x2c, 0x50, 0x4e, 0xc8, 0xc2, + 0xe0, 0x65, 0xb6, 0x49, 0xc4, 0xf0, 0x1e, 0x5c, 0x8e, 0x3c, + 0xe9, 0x77, 0xd2, 0x9e, 0xa8, 0xd5, 0xf5, 0xd9, 0xc5, 0xad, + 0x5b, 0x74, 0x48, 0x08, 0x3a, 0x30, 0x84, 0x57, 0x71, 0x1e, + 0x69, 0x45, 0x09, 0xdd, 0xea, 0x62, 0xec, 0x7c, 0xa3, 0xf9, + 0x92, 0xee, 0x16, 0xdc, 0xe5, 0x9d, 0xcf, 0xb7, 0x08, 0x51, + 0x8a, 0x76, 0x3a, 0x23, 0x94, 0x50, 0x8e, 0x4d, 0x3a, 0xea, + 0xf3, 0xc1, 0x53, 0x2c, 0x65, 0x9c, 0x36, 0x8c, 0x10, 0xe3, + 0x9c, 0x01, 0xa4, 0xe6, 0x45, 0x77, 0xa6, 0x5d, 0x7e, 0x37, + 0x31, 0x95, 0x2f, 0xec, 0x61, 0x92, 0x69, 0x65, 0x53, 0x54, + 0x6d, 0xbe, 0x9e, 0x5a, 0x68, 0x12, 0xc4, 0xe7, 0xe4, 0x06, + 0x51, 0x5a, 0xc0, 0x63, 0xb9, 0x69, 0xb8, 0x3c, 0xd8, 0xae, + 0x8b, 0xff, 0x96, 0x4d, 0x55, 0xce, 0x25, 0x2b, 0x8b, 0x89, + 0xc9, 0x3a, 0x16, 0x48, 0x2a, 0x73, 0xb2, 0x70, 0x8b, 0x62, + 0xd5, 0xb1, 0xa0, 0x30, 0xe5, 0x46, 0xab, 0x8b, 0xc3, 0xeb, + 0x37, 0x2f, 0xbd, 0xb8, 0x4e, 0x6c, 0x30, 0xdc, 0x6c, 0x8a, + 0xf1, 0x89, 0x06, 0xce, 0x64, 0x0a, 0x3e, 0xb2, 0x16, 0x31, + 0xa1, 0xe4, 0x4b, 0x98, 0xe7, 0xf1, 0x99, 0x76, 0x00, 0x5f, + 0xd2, 0xd3, 0x30, 0xf0, 0xbf, 0xa7, 0x4a, 0xf6, 0x9e, 0xa5, + 0x75, 0x74, 0x78, 0xfe, 0xec, 0x72, 0x7c, 0x89, 0xe9, 0xf6, + 0x0d, 0x7e, 0x15, 0xd6, 0xd8, 0x79, 0x85, 0x3c, 0xcf, 0xb0, + 0x21, 0xc8, 0x9c, 0x54, 0x87, 0x63, 0xb3, 0x05, 0xbb, 0x8a, + 0x02, 0xe4, 0x79, 0xdc, 0xa1, 0xa2, 0xd3, 0x19, 0xd8, 0x86, + 0xff, 0x8a, 0x0e, 0x82, 0x89, 0xaf, 0xaa, 0x62, 0x2e, 0xd4, + 0xb2, 0xd0, 0x5d, 0x0d, 0x4f, 0x2a, 0xda, 0x0e, 0x9f, 0x8a, + 0x2b, 0x32, 0xe9, 0x09, 0xf5, 0x55, 0x51, 0xe7, 0xd5, 0x69, + 0x12, 0xdd, 0x33, 0x6b, 0x3d, 0xd7, 0xe9, 0xfd, 0xb2, 0xa7, + 0xf5, 0x97, 0x2a, 0x6d, 0x89, 0x30, 0x65, 0x2a, 0x0d, 0xf2, + 0x00, 0x81, 0xbe, 0xfb, 0xd9, 0xd7, 0x1b, 0xc2, 0x48, 0x7a, + 0x22, 0x30, 0xae, 0x35, 0xf6, 0x32, 0x41, 0x9d, 0xd9, 0x12, + 0xb3, 0xa7, 0x6d, 0xba, 0x74, 0x93, 0x2d, 0x0d, 0xb2, 0xb6, + 0xdc, 0xa9, 0x98, 0x5b, 0x3b, 0xaa, 0x2b, 0x47, 0x06, 0xc4, + 0x36, 0xfd, 0x04, 0x10, 0x94, 0x61, 0x61, 0x47, 0x1c, 0x02, + 0x54, 0x85, 0x4a, 0xcb, 0x75, 0x6b, 0x75, 0xf5, 0xb4, 0x61, + 0x26, 0xb3, 0x12, 0x43, 0x31, 0x55, 0xb5, 0xda, 0x4b, 0xb5, + 0x11, 0xb4, 0xb8, 0xfb, 0x0a, 0xd9, 0xa7, 0x0e, 0x9f, 0x2a, + 0x74, 0x01, 0xf6, 0x1a, 0x33, 0x10, 0x9e, 0x66, 0xff, 0x82, + 0xfa, 0xa9, 0xa4, 0xa0, 0x9b, 0x25, 0x2d, 0x16, 0xbf, 0x60, + 0x0d, 0x87, 0xea, 0x94, 0xad, 0xdd, 0xc4, 0xd0, 0xa8, 0xdd, + 0x2d, 0xc7, 0xc8, 0xac, 0x39, 0x9e, 0x87, 0x69, 0xc4, 0x3a, + 0xbc, 0x28, 0x7e, 0x36, 0x69, 0xfd, 0x20, 0x25, 0xac, 0xa3, + 0xa7, 0x37, 0x96, 0xe9, 0x8a, 0x65, 0xe4, 0xb0, 0x2a, 0x61, + 0x23, 0x28, 0x64, 0xff, 0x17, 0x6c, 0x36, 0x9e, 0x0a, 0xba, + 0xe4, 0x4b, 0xeb, 0x84, 0x24, 0x20, 0x57, 0x0f, 0x34, 0x05, + 0x95, 0x56, 0xc3, 0x2f, 0x2b, 0xf0, 0x36, 0xef, 0xca, 0x68, + 0xfe, 0x78, 0xf8, 0x98, 0x09, 0x4a, 0x25, 0xcc, 0x17, 0xbe, + 0x05, 0x00, 0xff, 0xf9, 0xa5, 0x5b, 0xe6, 0xaa, 0x5b, 0x56, + 0xb6, 0x89, 0x64, 0x9c, 0x16, 0x48, 0xe1, 0xcd, 0x67, 0x87, + 0xdd, 0xba, 0xbd, 0x02, 0x0d, 0xd8, 0xb4, 0xc9, 0x7c, 0x37, + 0x92, 0xd0, 0x39, 0x46, 0xd2, 0xc4, 0x78, 0x13, 0xf0, 0x76, + 0x45, 0x5f, 0xeb, 0x52, 0xd2, 0x3f, 0x61, 0x87, 0x34, 0x09, + 0xb7, 0x24, 0x4e, 0x93, 0xf3, 0xc5, 0x10, 0x19, 0x66, 0x66, + 0x3f, 0x15, 0xe3, 0x05, 0x55, 0x43, 0xb7, 0xf4, 0x62, 0x57, + 0xb4, 0xd9, 0xef, 0x46, 0x47, 0xb5, 0xfb, 0x79, 0xc9, 0x67, + 0xc5, 0xc3, 0x18, 0x91, 0x73, 0x75, 0xec, 0xd5, 0x68, 0x2b, + 0xf6, 0x42, 0xb4, 0xff, 0xfb, 0x27, 0x61, 0x77, 0x28, 0x10, + 0x6b, 0xce, 0x19, 0xad, 0x87, 0xc3, 0x85, 0xe3, 0x78, 0x00, + 0xdb, 0x21, 0xee, 0xd8, 0xfa, 0x9c, 0x81, 0x11, 0x97, 0xac, + 0xd0, 0x50, 0x89, 0x45, 0x23, 0xf6, 0x85, 0x7d, 0x60, 0xb2, + 0xad, 0x0c, 0x5d, 0xd8, 0x9e, 0xe4, 0xe1, 0x25, 0xb2, 0x13, + 0x1a, 0x54, 0x54, 0xfd, 0x7b, 0xab, 0x85, 0x20, 0xe8, 0xda, + 0x52, 0x0f, 0xac, 0x49, 0x70, 0xf1, 0x4c, 0x66, 0x74, 0x8c, + 0x87, 0x6e, 0xca, 0xc1, 0x0d, 0x92, 0xc0, 0xa8, 0x08, 0xfd, + 0x0f, 0x60, 0x55, 0xaf, 0x24, 0xcb, 0x04, 0xb7, 0xff, 0xa9, + 0xc5, 0x07, 0x26, 0xf6, 0xe2, 0x1e, 0x2f, 0xd1, 0x99, 0x6d, + 0xef, 0xc0, 0xdb, 0x5b, 0xf7, 0x06, 0x80, 0x92, 0x5f, 0x56, + 0x54, 0xdb, 0x2e, 0xba, 0x93, 0xb2, 0x94, 0xf2, 0xad, 0xbc, + 0x91, 0x6e, 0x4e, 0xce, 0x21, 0xc4, 0x8b, 0x18, 0xc4, 0xfc, + 0xab, 0xb4, 0x4f, 0xd7, 0xa2, 0xef, 0x55, 0x00, 0x6d, 0x34, + 0x17, 0x59, 0x8d, 0x79, 0x75, 0x02, 0xa3, 0x7a, 0x52, 0x57, + 0x5c, 0x26, 0xb9, 0xae, 0xd6, 0x19, 0x2e, 0x31, 0x02, 0x98, + 0x98, 0xe5, 0x3d, 0xc2, 0xa5, 0x56, 0xb6, 0x02, 0xae, 0x0d, + 0x3b, 0x35, 0x97, 0xd2, 0x43, 0x38, 0x8a, 0x65, 0xfa, 0x86, + 0x20, 0xb7, 0xb5, 0xb0, 0xda, 0x19, 0x01, 0x2f, 0x13, 0xb5, + 0x6d, 0xbd, 0xb2, 0x34, 0xa7, 0xff, 0xae, 0x7e, 0x8f, 0x98, + 0x1b, 0xc4, 0x27, 0xbd, 0xa9, 0x64, 0xdc, 0xab, 0x2a, 0xd2, + 0xb4, 0x27, 0xd0, 0x25, 0xdd, 0xff, 0xdc, 0x0a, 0x96, 0xd3, + 0x85, 0x3e, 0xc5, 0x11, 0x34, 0x60, 0xa2, 0x33, 0x92, 0x90, + 0xbb, 0x4c, 0x86, 0xdd, 0xd6, 0x1e, 0xcb, 0x0a, 0x17, 0xc6, + 0x87, 0x4e, 0x3e, 0x7a, 0x4b, 0xab, 0xef, 0x0a, 0x00, 0x3d, + 0x94, 0x34, 0x8b, 0x63, 0x36, 0xd9, 0xaf, 0x5d, 0x63, 0x40, + 0xbb, 0x32, 0x4b, 0x64, 0xf0, 0x31, 0x48, 0xdb, 0x44, 0x2b, + 0x48, 0x60, 0x6a, 0xea, 0xa4, 0x8c, 0xdd, 0xaf, 0x81, 0x3f, + 0x86, 0x81, 0x99, 0x7a, 0x98, 0xe1, 0xff, 0x21, 0x7a, 0x28, + 0xbc, 0x33, 0xe6, 0x4e, 0xb0, 0x85, 0x6b, 0xec, 0x11, 0x37, + 0x81, 0x7f, 0xf9, 0xdc, 0xbf, 0x1a, 0xa6, 0x6d, 0x4d, 0x0f, + 0x5b, 0x99, 0x73, 0xb8, 0xd2, 0x6e, 0x37, 0xf0, 0x71, 0xf1, + 0x1a, 0xc3, 0x5c, 0xea, 0x12, 0x5f, 0x2e, 0x85, 0x3f, 0xfd, + 0xd5, 0x87, 0x67, 0x9f, 0x67, 0x9f, 0xd7, 0xef, 0x9f, 0x81, + 0xa4, 0xbc, 0x63, 0x1d, 0x00, 0x81, 0xf6, 0x20, 0x77, 0xae, + 0x0b, 0x90, 0xe5, 0x9c, 0xa9, 0x44, 0xb5, 0xd7, 0xb1, 0x61, + 0x33, 0x4f, 0x75, 0xa9, 0xb7, 0xf4, 0xa4, 0x72, 0x9e, 0x72, + 0xec, 0x7b, 0xcd, 0x83, 0xb3, 0xd6, 0x22, 0x50, 0x50, 0x97, + 0x0f, 0x63, 0x0f, 0xe1, 0x15, 0xb3, 0x07, 0xb6, 0xa3, 0xfa, + 0x2f, 0xb5, 0xf3, 0x5b, 0x5d, 0x7f, 0x90, 0x20, 0xcd, 0x5f, + 0x40, 0x48, 0x87, 0x43, 0xfd, 0xa3, 0x69, 0xdc, 0xf8, 0x51, + 0x08, 0x67, 0xc2, 0x2d, 0xff, 0xfe, 0xbf, 0x85, 0x3e, 0x80, + 0xff, 0x91, 0x62, 0xc5, 0x83, 0xe0, 0x80, 0xeb, 0xce, 0xdc, + 0xff, 0xb1, 0xdb, 0x02, 0xb7, 0x01, 0x1e, 0xa6, 0xf0, 0x32, + 0xfb, 0x95, 0x6a, 0x47, 0x44, 0x84, 0x42, 0x6e, 0x3a, 0xb1, + 0xcf, 0xf9, 0x28, 0xb4, 0x3a, 0x8e, 0xa7, 0x8d, 0x48, 0x81, + 0x1c, 0x7e, 0xf5, 0x0b, 0x46, 0x7e, 0x92, 0x4e, 0xb9, 0xa8, + 0x36, 0xb8, 0x81, 0x6d, 0x8c, 0x70, 0x59, 0x33, 0x12, 0x61, + 0xbb, 0xe6, 0x10, 0x8a, 0xe4, 0xc1, 0x2c, 0x50, 0x12, 0xbf, + 0xd3, 0xc6, 0x3c, 0x53, 0x91, 0x50, 0x07, 0xc8, 0x85, 0x32, + 0x3c, 0xe1, 0x67, 0x99, 0x68, 0xc1, 0xf4, 0x74, 0x86, 0x35, + 0x8a, 0x6c, 0x75, 0x1d, 0x8f, 0x8a, 0x60, 0xe1, 0xc7, 0x59, + 0x4e, 0xb0, 0xe0, 0x45, 0x5a, 0x11, 0x05, 0x24, 0xa7, 0x8d, + 0x39, 0x93, 0x60, 0x4c, 0xc5, 0x9e, 0x8a, 0x70, 0xcc, 0x44, + 0x96, 0x92, 0xc8, 0xf7, 0x23, 0x14, 0xc7, 0xf4, 0x82, 0x9d, + 0x5b, 0x1c, 0x26, 0xd0, 0x3c, 0x76, 0x36, 0xe9, 0x98, 0x8a, + 0xbb, 0xe6, 0xa0, 0xad, 0xed, 0xf7, 0xd9, 0x06, 0x50, 0x67, + 0x79, 0x50, 0x4e, 0xd5, 0x80, 0x4e, 0x59, 0x72, 0x5d, 0x8b, + 0xcb, 0x86, 0x3b, 0x57, 0xc4, 0xb2, 0x3d, 0xbc, 0x35, 0x6d, + 0xb1, 0x50, 0xf5, 0x8c, 0xf2, 0x89, 0x72, 0x20, 0xd0, 0x47, + 0x68, 0x13, 0x42, 0x25, 0x1a, 0xb6, 0xc5, 0x07, 0xdf, 0x45, + 0x11, 0xa9, 0x05, 0x5d, 0xad, 0xf0, 0x49, 0x9e, 0x70, 0x78, + 0xed, 0xe7, 0xf9, 0x00, 0x1f, 0x62, 0x76, 0x47, 0xb5, 0x48, + 0x4f, 0x2c, 0x2e, 0xe3, 0x78, 0x6a, 0x44, 0x46, 0x1e, 0x6b, + 0x00, 0x74, 0x54, 0xb9, 0xd1, 0x4f, 0x6d, 0x45, 0xc1, 0xa6, + 0x45, 0x2e, 0x1a, 0xaf, 0x94, 0x3f, 0xd0, 0x72, 0x67, 0x0d, + 0x2e, 0xa9, 0x8d, 0x16, 0xc4, 0x05, 0x01, 0x07, 0x13, 0x1b, + 0x1c, 0x3d, 0x43, 0x71, 0x91, 0x95, 0x9a, 0xae, 0xaf, 0xc4, + 0xe5, 0xe6, 0xe9, 0xff, 0x02, 0x0c, 0x0f, 0x3e, 0x62, 0x67, + 0x68, 0x81, 0xc7, 0xd0, 0xd8, 0xdd, 0xe0, 0xf5, 0x0b, 0x25, + 0x35, 0x45, 0x4a, 0x4b, 0x63, 0x74, 0x79, 0x7e, 0x82, 0xa2, + 0xaf, 0xc6, 0xc7, 0xcc, 0xd2, 0xfa, 0x2a, 0x2d, 0x2f, 0x32, + 0x35, 0x38, 0x3f, 0x4c, 0x7f, 0x80, 0x81, 0x8b, 0x9b, 0x9c, + 0x9d, 0xa7, 0xa9, 0xcb, 0xe9, 0xf0, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x20, 0x32, 0x46, +}; +static const int sizeof_bench_dilithium_level2_sig = + sizeof(bench_dilithium_level2_sig); +#endif + +#ifndef WOLFSSL_NO_ML_DSA_65 +static const unsigned char bench_dilithium_level3_sig[] = { + 0x3e, 0xff, 0xf4, 0x48, 0x80, 0x2d, 0x88, 0x87, 0xf4, 0xcc, + 0xa4, 0x61, 0xe1, 0x27, 0x20, 0x55, 0x66, 0xc8, 0xfe, 0x3e, + 0xdd, 0xf5, 0x5c, 0x70, 0x6c, 0x54, 0xba, 0x50, 0x8a, 0xa2, + 0x4b, 0x88, 0xbc, 0xb8, 0x87, 0xf9, 0x4e, 0x50, 0x3a, 0x04, + 0x18, 0xb3, 0xf4, 0x5f, 0x77, 0x4a, 0x7e, 0xa8, 0xf5, 0xca, + 0x49, 0x00, 0xdc, 0x24, 0xaa, 0x05, 0x35, 0x0f, 0x34, 0xf7, + 0xbf, 0x09, 0xa6, 0xcf, 0x75, 0x37, 0x07, 0xcd, 0x07, 0x99, + 0x92, 0x1d, 0xc7, 0xc9, 0x17, 0x1c, 0xdd, 0x27, 0x8c, 0x66, + 0xf2, 0x8b, 0x75, 0xb0, 0x86, 0x2d, 0xbd, 0x51, 0x16, 0xc2, + 0x50, 0xe0, 0x7e, 0x0a, 0x21, 0x58, 0x93, 0x22, 0x06, 0xcb, + 0x85, 0x8b, 0xfd, 0x97, 0x61, 0xc0, 0xdb, 0xab, 0xfa, 0x4a, + 0x69, 0xef, 0x9c, 0xc1, 0x4e, 0xae, 0xb2, 0xb3, 0xa2, 0x74, + 0xa4, 0x94, 0x0a, 0xed, 0x39, 0x9e, 0xe8, 0x58, 0xeb, 0xfd, + 0x43, 0x05, 0x73, 0x38, 0xd6, 0xbb, 0xeb, 0xb9, 0x9d, 0x3b, + 0xf8, 0x85, 0xb4, 0x4b, 0x16, 0x5c, 0x9e, 0xfe, 0xb8, 0x13, + 0xf8, 0x68, 0x44, 0x90, 0x05, 0x61, 0xb3, 0xed, 0x6f, 0x47, + 0xc9, 0x50, 0xcf, 0x6c, 0xc0, 0xac, 0xdf, 0x4c, 0x4c, 0x1b, + 0x42, 0xce, 0x0a, 0x32, 0x69, 0xb0, 0xfd, 0x87, 0xef, 0xf3, + 0x9c, 0xcc, 0xba, 0x2f, 0x03, 0xd7, 0xdb, 0x76, 0xee, 0xa0, + 0x71, 0x4a, 0x80, 0xcb, 0x90, 0x9e, 0xbb, 0x8f, 0x00, 0x46, + 0x81, 0xe0, 0xde, 0xa6, 0x43, 0xb5, 0x37, 0x79, 0xf2, 0x35, + 0xce, 0x9e, 0xd2, 0xb1, 0x5b, 0xff, 0x91, 0xfb, 0x98, 0xc1, + 0xe1, 0x66, 0x2c, 0x00, 0x1b, 0x89, 0xf2, 0x57, 0x81, 0x73, + 0x7e, 0x9f, 0x8d, 0x50, 0xd0, 0xe0, 0xe3, 0x93, 0xf2, 0x87, + 0x41, 0x64, 0x6c, 0xb7, 0x09, 0x60, 0x91, 0x4e, 0x0b, 0xbe, + 0xbe, 0xd4, 0x98, 0xfa, 0x14, 0x8c, 0x46, 0x09, 0xfa, 0xaa, + 0x82, 0xd6, 0xdd, 0x65, 0x93, 0x39, 0x45, 0x50, 0x90, 0x10, + 0xae, 0x1b, 0xff, 0xab, 0x7e, 0x86, 0xda, 0xb9, 0x4d, 0xf1, + 0xc2, 0x00, 0x54, 0x66, 0xee, 0x40, 0xc0, 0x56, 0x2f, 0xe8, + 0x43, 0x89, 0xbb, 0xb8, 0x59, 0x24, 0x63, 0x45, 0x9a, 0xde, + 0x08, 0xf3, 0x16, 0x94, 0xd2, 0x8d, 0xee, 0xf9, 0xbe, 0x4f, + 0x29, 0xe1, 0x4b, 0x5e, 0x2b, 0x14, 0xef, 0x66, 0xe2, 0x12, + 0xf8, 0x87, 0x2e, 0xb1, 0x75, 0x8b, 0x21, 0xb5, 0x8f, 0x8e, + 0xc5, 0x0e, 0x60, 0x27, 0x15, 0xbd, 0x72, 0xe4, 0x26, 0x4e, + 0x62, 0x7d, 0x3a, 0x46, 0x49, 0x93, 0xa9, 0x52, 0x7f, 0xc2, + 0x27, 0xb9, 0x55, 0x6a, 0x45, 0x9f, 0x2c, 0x7a, 0x5a, 0xc9, + 0xf4, 0x55, 0xaf, 0x49, 0xb3, 0xd5, 0xc0, 0x84, 0xdb, 0x89, + 0x5f, 0x21, 0x04, 0xf5, 0x4c, 0x66, 0x1e, 0x2e, 0x69, 0xdf, + 0x5b, 0x14, 0x60, 0x89, 0x84, 0xf8, 0xa3, 0xaf, 0xdf, 0xb9, + 0x18, 0x5e, 0xbf, 0x81, 0x95, 0x9a, 0x5e, 0x4f, 0x24, 0x45, + 0xad, 0xab, 0xe2, 0x36, 0x7c, 0x19, 0xde, 0xc0, 0xf4, 0x1a, + 0x42, 0xb2, 0xc2, 0x58, 0x2f, 0x5f, 0xd0, 0x2e, 0x28, 0x33, + 0x59, 0x75, 0xc2, 0xde, 0x41, 0xe3, 0x9b, 0x85, 0x46, 0xad, + 0x6d, 0xf1, 0x06, 0xf0, 0x6a, 0xb9, 0xed, 0x71, 0x7b, 0xfd, + 0xf1, 0xc4, 0x56, 0xd8, 0xb3, 0x1a, 0x5f, 0x04, 0xae, 0xe8, + 0xce, 0xde, 0xa1, 0x6d, 0x46, 0x2a, 0x4f, 0x62, 0xee, 0x25, + 0xdf, 0x22, 0x21, 0xb2, 0x8f, 0x5f, 0x26, 0x33, 0x5a, 0xdd, + 0xbe, 0x08, 0xb3, 0x93, 0x16, 0x16, 0xad, 0x2e, 0x00, 0xb8, + 0x14, 0x0c, 0x10, 0xa3, 0x29, 0x89, 0x1f, 0xd7, 0x06, 0x7a, + 0x09, 0xf3, 0x84, 0xf9, 0x18, 0x04, 0x56, 0x2f, 0x7f, 0xbd, + 0x8e, 0x12, 0xdf, 0x4d, 0x58, 0x5c, 0x1d, 0x81, 0x0c, 0x7d, + 0x62, 0x02, 0xe0, 0xf9, 0x1b, 0x69, 0xe9, 0x38, 0x45, 0x84, + 0x2d, 0x9a, 0x4a, 0x3d, 0x7b, 0x48, 0xd5, 0x0d, 0x76, 0xba, + 0xff, 0x20, 0x00, 0xf8, 0x42, 0x7f, 0xd2, 0x25, 0x70, 0x90, + 0x88, 0xb3, 0x98, 0xac, 0xe9, 0xd9, 0xac, 0x58, 0xa6, 0x49, + 0xcc, 0x93, 0xa5, 0x04, 0x0c, 0x68, 0x53, 0x64, 0x72, 0x8c, + 0xfc, 0x8d, 0x61, 0xeb, 0x3f, 0x93, 0x8b, 0x85, 0x98, 0x05, + 0xce, 0x06, 0xd7, 0xbf, 0xbb, 0xa5, 0x22, 0xda, 0xe9, 0x8a, + 0x29, 0x30, 0x5e, 0x82, 0xe4, 0x46, 0x7c, 0x36, 0x5e, 0xf5, + 0xc7, 0xe3, 0x09, 0xdf, 0x20, 0x76, 0x73, 0x33, 0x31, 0x75, + 0xc2, 0x99, 0xe9, 0x74, 0x43, 0x82, 0xb1, 0xeb, 0x74, 0x6f, + 0xad, 0x59, 0x48, 0x12, 0xa0, 0x24, 0xe3, 0x38, 0x48, 0x61, + 0x0c, 0xf6, 0x38, 0x83, 0x3a, 0xcd, 0xd6, 0x45, 0x10, 0x0e, + 0x09, 0x79, 0x31, 0x30, 0x80, 0xfb, 0x34, 0x60, 0x1e, 0x72, + 0x98, 0xe9, 0x5c, 0xbf, 0xab, 0x21, 0x7f, 0xa3, 0x19, 0x7e, + 0x8c, 0xa9, 0xa7, 0xfc, 0x25, 0xe0, 0x8e, 0x6d, 0xa1, 0xb9, + 0x7b, 0x5b, 0x37, 0x33, 0x96, 0xd8, 0x6e, 0x7a, 0xce, 0xa6, + 0x1a, 0xbd, 0xe6, 0x6e, 0x62, 0xc4, 0x8c, 0x69, 0xfe, 0xe4, + 0xcb, 0x0a, 0xa1, 0x6c, 0x66, 0x0e, 0x1a, 0x5e, 0xb9, 0xd1, + 0x4a, 0xa3, 0x91, 0x39, 0xcf, 0x85, 0x07, 0x5b, 0xaf, 0x99, + 0x11, 0xca, 0xee, 0x6f, 0x2e, 0x33, 0xda, 0x60, 0xbf, 0xd6, + 0xa0, 0x7a, 0xdb, 0x91, 0x13, 0xb7, 0xa3, 0x5d, 0x0e, 0x1e, + 0x3b, 0xf9, 0x7a, 0x3e, 0x4f, 0x8d, 0xb3, 0x81, 0xe8, 0x0c, + 0x4d, 0x48, 0x61, 0x06, 0x14, 0x0f, 0x3e, 0x33, 0x9e, 0xea, + 0xa6, 0xd8, 0xd8, 0x4d, 0x9b, 0x00, 0x34, 0x0d, 0x31, 0x62, + 0x54, 0x93, 0x04, 0xd2, 0x02, 0x21, 0x38, 0x91, 0x58, 0xca, + 0x77, 0xd3, 0x6c, 0xd1, 0x94, 0x05, 0xfa, 0x30, 0x6a, 0x0b, + 0xf0, 0x52, 0x52, 0xb7, 0xdb, 0x34, 0xff, 0x18, 0x5c, 0x78, + 0x25, 0x44, 0x39, 0xe4, 0x54, 0x8a, 0xf1, 0x49, 0x04, 0xab, + 0x8a, 0x5f, 0x87, 0xe1, 0x6e, 0x1a, 0xf2, 0xba, 0x39, 0xb4, + 0x7c, 0x71, 0x5b, 0xbe, 0x8d, 0xbb, 0xed, 0x3b, 0xed, 0x20, + 0x95, 0xdf, 0xa7, 0x50, 0xb5, 0x66, 0xff, 0xd0, 0x3a, 0x92, + 0xde, 0xf2, 0xa3, 0xf2, 0xd6, 0x48, 0x6b, 0xd8, 0xef, 0x80, + 0x4d, 0xc2, 0x3c, 0xc7, 0xc6, 0x6e, 0xdf, 0xd1, 0x54, 0xfb, + 0x22, 0xac, 0x1a, 0x11, 0x81, 0x02, 0xc7, 0x66, 0xe0, 0xf3, + 0xad, 0x0b, 0xd0, 0xec, 0xae, 0x93, 0x53, 0xa5, 0xbf, 0xa5, + 0x17, 0x59, 0x14, 0x7d, 0x7e, 0x1e, 0x26, 0x15, 0x7a, 0x74, + 0xfb, 0xb1, 0x7a, 0x0e, 0xd3, 0xb5, 0x7c, 0x8c, 0x3a, 0xd7, + 0x45, 0x38, 0x55, 0xae, 0x4b, 0xe1, 0xfe, 0x5b, 0x57, 0x20, + 0x73, 0x38, 0xb9, 0x67, 0x34, 0xb1, 0xf3, 0x15, 0xb0, 0xb7, + 0x46, 0xa7, 0x1b, 0x19, 0x6d, 0xaf, 0x5e, 0x2c, 0x9c, 0x02, + 0x3f, 0x0f, 0xa3, 0x56, 0x2f, 0x9f, 0x1a, 0x82, 0x0e, 0xb4, + 0x46, 0xf5, 0x69, 0x89, 0x91, 0xf9, 0x2d, 0x99, 0x45, 0xa6, + 0x3c, 0x82, 0x74, 0xac, 0xeb, 0x58, 0x4a, 0xdd, 0x03, 0xaf, + 0xd1, 0x0a, 0xca, 0x4b, 0xe8, 0x4c, 0x63, 0xd4, 0x73, 0x94, + 0xbf, 0xd1, 0xc5, 0x8a, 0x3f, 0x6e, 0x58, 0xfc, 0x70, 0x76, + 0x69, 0x92, 0x05, 0xe0, 0xb9, 0xed, 0x5f, 0x19, 0xd7, 0x6f, + 0xd0, 0x35, 0xbb, 0x5a, 0x8d, 0x45, 0xac, 0x43, 0xcb, 0x74, + 0xcc, 0x92, 0xc3, 0x62, 0x56, 0x02, 0xb0, 0x0a, 0xb6, 0x88, + 0x40, 0x6f, 0x76, 0x1b, 0x89, 0xe4, 0x51, 0xeb, 0x7e, 0x08, + 0x8c, 0xce, 0x24, 0xc8, 0xd8, 0x58, 0xbd, 0x0e, 0x48, 0x57, + 0xc8, 0x9f, 0xad, 0x64, 0xcf, 0x69, 0x72, 0x35, 0xbf, 0x04, + 0x09, 0xfb, 0x0e, 0x62, 0x92, 0x76, 0x8b, 0x8d, 0xd5, 0x16, + 0xa2, 0x51, 0xdb, 0x71, 0xa9, 0x08, 0xb2, 0xf9, 0x1e, 0x07, + 0xe7, 0xf8, 0xf4, 0x79, 0x59, 0x2f, 0x8f, 0xf1, 0x5b, 0x45, + 0xe1, 0xb8, 0xb7, 0xef, 0x86, 0x69, 0x71, 0x51, 0x1c, 0xe5, + 0x61, 0xee, 0xb8, 0x1d, 0xa7, 0xdc, 0x48, 0xba, 0x51, 0xa5, + 0x70, 0x4d, 0xfd, 0x2c, 0x46, 0x21, 0x63, 0x0c, 0x9f, 0xb7, + 0x68, 0x58, 0x7b, 0xb3, 0x7d, 0x64, 0xfd, 0xaf, 0x87, 0x3d, + 0x86, 0x06, 0x36, 0x8a, 0x6d, 0xfe, 0xdf, 0xce, 0xa8, 0x16, + 0x42, 0x46, 0x15, 0xe5, 0xcf, 0x48, 0xa6, 0x4b, 0xe5, 0xc1, + 0xad, 0x14, 0x3a, 0x6d, 0xeb, 0xf9, 0xc9, 0x32, 0xd1, 0x82, + 0x60, 0x23, 0xf0, 0xff, 0xa7, 0xe6, 0x2e, 0xd6, 0x8d, 0x9d, + 0x4f, 0x6d, 0xb3, 0xc4, 0xad, 0xd9, 0xf0, 0xf5, 0x5c, 0x47, + 0x6c, 0x67, 0xf4, 0x0e, 0x18, 0x25, 0xbb, 0x67, 0xfa, 0x11, + 0x70, 0xd5, 0xbc, 0x3a, 0x34, 0xae, 0xa2, 0x76, 0x4b, 0x9f, + 0x59, 0x01, 0x18, 0x69, 0x44, 0xc4, 0x8a, 0xff, 0x00, 0xfc, + 0x2a, 0x45, 0xa9, 0x50, 0x8e, 0x37, 0x6b, 0x78, 0x14, 0x69, + 0xe7, 0x92, 0x3d, 0xf1, 0x34, 0xd5, 0x5c, 0x48, 0xc2, 0x50, + 0xb3, 0x0c, 0x7d, 0x54, 0x05, 0x31, 0x1e, 0xce, 0xaa, 0xc1, + 0x4c, 0xc9, 0x13, 0x33, 0x26, 0x1f, 0x56, 0x7e, 0x7e, 0x74, + 0xd3, 0x78, 0x3e, 0x00, 0x4a, 0xc8, 0xc6, 0x20, 0x5b, 0xb8, + 0x80, 0xb4, 0x13, 0x35, 0x23, 0xff, 0x50, 0xde, 0x25, 0x92, + 0x67, 0x08, 0xb8, 0xa3, 0xb6, 0x39, 0xd4, 0x30, 0xdc, 0xa5, + 0x88, 0x8a, 0x44, 0x08, 0x8b, 0x6d, 0x2e, 0xb8, 0xf3, 0x0d, + 0x23, 0xda, 0x35, 0x08, 0x5a, 0x92, 0xe1, 0x40, 0xac, 0xc7, + 0x15, 0x05, 0x8a, 0xdf, 0xe5, 0x71, 0xd8, 0xe0, 0xd7, 0x9f, + 0x58, 0x03, 0xf4, 0xec, 0x99, 0x3c, 0xb0, 0xe0, 0x07, 0x42, + 0x9b, 0xa0, 0x10, 0x7c, 0x24, 0x60, 0x19, 0xe8, 0x84, 0xd4, + 0xb1, 0x86, 0x19, 0x0a, 0x52, 0x70, 0x6e, 0xc2, 0x3c, 0xe2, + 0x73, 0x8d, 0xfe, 0xf8, 0x7e, 0xdf, 0x78, 0xe7, 0x92, 0x36, + 0x10, 0xf7, 0x2d, 0x76, 0x93, 0x8a, 0x0f, 0x20, 0xc8, 0x30, + 0x59, 0x81, 0xff, 0x3b, 0x70, 0x22, 0xce, 0x6e, 0x23, 0x68, + 0x35, 0x59, 0x0e, 0xcf, 0xf8, 0xf6, 0xcd, 0x45, 0xb6, 0x41, + 0xba, 0xda, 0xe6, 0x35, 0x0b, 0xd1, 0xef, 0xa5, 0x7c, 0xe0, + 0xb9, 0x6f, 0x5b, 0xa9, 0xab, 0x87, 0xe3, 0x3b, 0x92, 0xce, + 0xbe, 0xfe, 0xf7, 0xab, 0x82, 0xa3, 0xe6, 0xbd, 0xfe, 0xce, + 0xa6, 0x17, 0xcb, 0x4c, 0xb4, 0x4c, 0xd6, 0xfe, 0xbb, 0x1c, + 0x10, 0xde, 0x29, 0x3e, 0x92, 0x66, 0x20, 0xf8, 0xee, 0x83, + 0x86, 0x66, 0xe0, 0x66, 0x97, 0x85, 0xaf, 0x3a, 0x8f, 0xa9, + 0x97, 0x09, 0xde, 0x77, 0xda, 0xb7, 0x81, 0x41, 0x10, 0xca, + 0x66, 0x00, 0xec, 0xf8, 0x46, 0x73, 0xa6, 0x24, 0x36, 0xec, + 0x25, 0xbe, 0x93, 0x5e, 0x74, 0x9f, 0xbe, 0xf4, 0x84, 0x15, + 0x9c, 0xc5, 0x43, 0xd9, 0xea, 0x5a, 0xcc, 0x2c, 0x4e, 0x2e, + 0x4e, 0x32, 0xa6, 0x88, 0xb1, 0x25, 0x34, 0xf7, 0xba, 0xab, + 0xd3, 0xa0, 0xc2, 0x06, 0x70, 0xed, 0x66, 0x4d, 0x71, 0x34, + 0xaf, 0x10, 0x99, 0x10, 0x11, 0x4f, 0xe4, 0x7d, 0x42, 0x03, + 0x04, 0x02, 0xc2, 0x41, 0x85, 0x1e, 0xc4, 0xca, 0xae, 0xf0, + 0x83, 0x78, 0x34, 0x98, 0x55, 0x8b, 0x4c, 0xa0, 0x14, 0xea, + 0x15, 0x2c, 0xa1, 0x30, 0xd8, 0xcf, 0xac, 0xd4, 0xca, 0xf7, + 0xf4, 0xc4, 0x20, 0xca, 0xa1, 0xef, 0xce, 0x5d, 0x6b, 0x32, + 0xb6, 0xf0, 0x22, 0x08, 0x49, 0x21, 0x0c, 0x57, 0x0f, 0xf8, + 0xc0, 0xd2, 0xe3, 0xc0, 0xa6, 0x31, 0xc7, 0x87, 0x96, 0xa9, + 0xfe, 0x69, 0xa0, 0x7f, 0xf7, 0x8e, 0x31, 0x92, 0x37, 0xce, + 0xde, 0x36, 0x3f, 0xf5, 0x7d, 0x07, 0xaa, 0xa9, 0x43, 0xee, + 0x3c, 0x8c, 0xd3, 0x7d, 0x2c, 0xa6, 0xc3, 0x98, 0xab, 0xbe, + 0x90, 0x4c, 0xa5, 0x5a, 0x27, 0xeb, 0x0e, 0xed, 0xa1, 0x1e, + 0x3e, 0x44, 0xa3, 0x4b, 0x49, 0xad, 0xe4, 0x19, 0x90, 0xc8, + 0x9e, 0x6e, 0x5b, 0x68, 0xbc, 0x37, 0x54, 0xaf, 0xa6, 0xb7, + 0x71, 0x5c, 0x5d, 0x74, 0x83, 0xf4, 0xb9, 0x2f, 0xe5, 0x1a, + 0x0c, 0x73, 0x30, 0x56, 0x82, 0x04, 0xb3, 0x0e, 0x32, 0x98, + 0xfd, 0x27, 0xa0, 0xfe, 0xe0, 0xe0, 0xf5, 0xb7, 0xe0, 0x47, + 0x2a, 0xa6, 0x4a, 0xe0, 0xfc, 0xb5, 0xd8, 0xfd, 0x01, 0xfe, + 0x4e, 0x96, 0x17, 0x06, 0xcc, 0x92, 0x7c, 0xa1, 0x2f, 0xb5, + 0x04, 0x08, 0x76, 0xcc, 0x40, 0x75, 0x37, 0x4d, 0x2c, 0x74, + 0xcd, 0xc7, 0x62, 0xa6, 0xe6, 0xd8, 0x9e, 0x21, 0x7f, 0x2e, + 0xf5, 0x2c, 0xcf, 0x0b, 0x3f, 0xd7, 0xed, 0x17, 0xee, 0x92, + 0xaf, 0xf9, 0xa4, 0x71, 0x5d, 0x5f, 0x81, 0xb9, 0x2f, 0x12, + 0xe5, 0x57, 0x2d, 0x1e, 0xf1, 0x67, 0x47, 0x2a, 0xde, 0xab, + 0xf2, 0xea, 0xb7, 0xb5, 0x83, 0xdc, 0x46, 0xd4, 0xf3, 0x25, + 0x65, 0x15, 0x4d, 0x66, 0x34, 0x54, 0xab, 0x94, 0x89, 0x80, + 0x39, 0xd3, 0x39, 0xe3, 0xa2, 0xb1, 0x91, 0x2a, 0x5e, 0x55, + 0xe1, 0xa4, 0x0f, 0xc3, 0x4b, 0x5a, 0xa5, 0x4a, 0xb3, 0xc0, + 0x40, 0xea, 0x16, 0x0c, 0xd5, 0x2d, 0x83, 0x3e, 0x28, 0x20, + 0xac, 0x0a, 0x1b, 0x5b, 0x87, 0xcf, 0xf1, 0x51, 0xd6, 0xda, + 0xd1, 0xc9, 0xb1, 0x27, 0xf5, 0x62, 0x03, 0x10, 0xcf, 0x76, + 0x28, 0xa2, 0xea, 0x4b, 0x76, 0xaf, 0x9c, 0x3d, 0xf1, 0x1b, + 0x92, 0xff, 0xb0, 0xca, 0x16, 0xa2, 0x29, 0x94, 0x0e, 0x1e, + 0x51, 0xfb, 0xe1, 0x2b, 0x5a, 0x50, 0xfd, 0xaf, 0xab, 0xd7, + 0x32, 0xaa, 0x43, 0xa7, 0xcb, 0xd3, 0xd3, 0xe9, 0x1e, 0xb1, + 0x70, 0xd2, 0xbb, 0x15, 0x68, 0x49, 0xee, 0x6e, 0x1e, 0xc5, + 0x64, 0x4b, 0x26, 0x08, 0xe7, 0x32, 0x1c, 0x1d, 0x73, 0x8f, + 0x42, 0xfe, 0xeb, 0x67, 0x89, 0x42, 0x25, 0x40, 0xd6, 0x15, + 0x02, 0x55, 0x87, 0xe3, 0x87, 0xdd, 0x78, 0xc1, 0x01, 0x94, + 0xbc, 0x30, 0x5f, 0xbd, 0x89, 0xe1, 0xb0, 0x5c, 0xcd, 0xb7, + 0x68, 0xd5, 0xbb, 0xf4, 0xa0, 0x5d, 0x3d, 0xdd, 0x89, 0x12, + 0xc7, 0xb8, 0x5d, 0x51, 0x8a, 0xf4, 0xd5, 0x05, 0xc6, 0xdd, + 0x7b, 0x44, 0x38, 0xce, 0xb1, 0x24, 0x24, 0xe1, 0x9d, 0xc7, + 0x80, 0x86, 0x46, 0x2a, 0xd2, 0xa4, 0x0f, 0xec, 0xd3, 0x6b, + 0x31, 0xc0, 0x05, 0x31, 0xff, 0xf5, 0x1a, 0x33, 0x35, 0x68, + 0x2e, 0x68, 0x24, 0xbd, 0x62, 0xfc, 0x46, 0x79, 0x54, 0x5e, + 0x1e, 0x27, 0x93, 0x07, 0xed, 0x78, 0x94, 0x50, 0x42, 0x98, + 0x53, 0x88, 0xb7, 0x57, 0x04, 0x7d, 0xe2, 0xe1, 0xb5, 0x61, + 0x9e, 0x5a, 0x88, 0x31, 0x3e, 0x6c, 0x69, 0xbc, 0x8a, 0xe6, + 0xbc, 0x9d, 0x20, 0x7a, 0x86, 0xe5, 0x73, 0x93, 0x02, 0xc5, + 0xde, 0xdc, 0xcc, 0xbf, 0x89, 0x76, 0xdc, 0x4e, 0xa1, 0x89, + 0xe7, 0x95, 0x75, 0x01, 0xf7, 0x43, 0xaa, 0x3f, 0x1b, 0xb7, + 0x8c, 0x92, 0x66, 0x22, 0xbe, 0x34, 0xf1, 0x2f, 0xc3, 0xc7, + 0x21, 0xaf, 0x25, 0x57, 0x9a, 0x2c, 0x80, 0xf0, 0xb3, 0xdd, + 0xb3, 0xb2, 0x82, 0x97, 0x85, 0x73, 0xa9, 0x76, 0xe4, 0x37, + 0xa2, 0x65, 0xf9, 0xc1, 0x3d, 0x11, 0xbf, 0xcb, 0x3c, 0x8e, + 0xdd, 0xaf, 0x98, 0x57, 0x6a, 0xe1, 0x33, 0xe7, 0xf0, 0xff, + 0xed, 0x61, 0x53, 0xfe, 0x1e, 0x2d, 0x06, 0x2f, 0xb8, 0x9e, + 0xf9, 0xa5, 0x21, 0x06, 0xf3, 0x72, 0xf6, 0xa3, 0x77, 0xbb, + 0x63, 0x6e, 0x52, 0xb2, 0x42, 0x47, 0x9b, 0x92, 0x4c, 0xf8, + 0xd2, 0xe6, 0x02, 0xa5, 0x57, 0x2d, 0x6f, 0x30, 0x05, 0xe2, + 0xfd, 0x33, 0xe5, 0xb6, 0x23, 0x85, 0x89, 0x4a, 0x99, 0x20, + 0x33, 0xea, 0x2f, 0xcd, 0x28, 0x27, 0xff, 0xfd, 0x2e, 0x73, + 0x52, 0x29, 0x19, 0x7c, 0x65, 0xf5, 0x6a, 0xaa, 0x97, 0x6e, + 0xe9, 0x42, 0xa8, 0x55, 0x97, 0x56, 0x92, 0x9d, 0xd2, 0xd1, + 0xc4, 0x30, 0xaa, 0x95, 0x86, 0xba, 0x71, 0xdd, 0x2f, 0xf1, + 0xed, 0x66, 0x54, 0x78, 0x4b, 0x13, 0x31, 0xed, 0x9d, 0x2c, + 0xae, 0x0a, 0xc3, 0xca, 0xfb, 0x3f, 0x92, 0x92, 0x30, 0xa3, + 0x8e, 0xc8, 0x6d, 0x7b, 0x42, 0xd5, 0x5d, 0x99, 0x79, 0x42, + 0x28, 0x63, 0x9f, 0x97, 0x8e, 0x94, 0x6d, 0x1d, 0xb4, 0x21, + 0x39, 0xc7, 0x64, 0x48, 0x44, 0x5e, 0x15, 0x10, 0x45, 0x9f, + 0x8a, 0x01, 0x45, 0x20, 0x5c, 0xd1, 0x28, 0x0d, 0xe9, 0xfb, + 0xa9, 0x72, 0x68, 0x07, 0x31, 0x20, 0x75, 0x76, 0x82, 0x76, + 0x5d, 0x7c, 0xc1, 0x5d, 0x42, 0x40, 0xfd, 0x06, 0xa9, 0x66, + 0xb0, 0x36, 0x55, 0x86, 0x6c, 0x96, 0xbd, 0xb8, 0xf7, 0x36, + 0x87, 0xf2, 0xa1, 0x37, 0xd8, 0x2d, 0x83, 0xf5, 0xdc, 0xd8, + 0xde, 0x9e, 0x69, 0xd6, 0xe1, 0x0d, 0xd5, 0x93, 0xc5, 0xee, + 0xba, 0xd3, 0x40, 0x71, 0xbb, 0xc7, 0xbb, 0x50, 0x1a, 0x10, + 0x80, 0x99, 0x62, 0x1c, 0xe3, 0x1f, 0xa2, 0xcc, 0x98, 0xe1, + 0xaa, 0xff, 0xd9, 0x69, 0xe7, 0x87, 0x04, 0x87, 0x76, 0xec, + 0x55, 0x18, 0xaf, 0x82, 0x34, 0x4d, 0x4f, 0xf7, 0x57, 0x1f, + 0xa5, 0x43, 0xcc, 0xe9, 0x7a, 0x4a, 0xc8, 0xb4, 0x1f, 0x61, + 0x40, 0x5e, 0x1d, 0x11, 0xdd, 0xdc, 0xdc, 0xb4, 0x57, 0xf9, + 0x47, 0x96, 0xbc, 0x47, 0x29, 0xf8, 0xf2, 0x43, 0xc4, 0xa0, + 0x8c, 0x14, 0x5e, 0x73, 0x52, 0xac, 0xac, 0x39, 0x3b, 0x06, + 0x19, 0x1a, 0xca, 0x22, 0xc8, 0x96, 0x12, 0x2e, 0x4c, 0x7b, + 0xa0, 0x96, 0x53, 0x16, 0xce, 0x6d, 0x6e, 0xac, 0xb2, 0x07, + 0x17, 0x22, 0x07, 0x30, 0x20, 0x84, 0x9b, 0x0e, 0x92, 0x31, + 0x07, 0xe2, 0x77, 0xcd, 0x6a, 0x3e, 0x16, 0x4f, 0xd6, 0x12, + 0x88, 0x8a, 0x70, 0x5a, 0x87, 0xd8, 0xb9, 0xef, 0x76, 0xab, + 0x14, 0x65, 0x87, 0x3a, 0xef, 0xd8, 0x0e, 0x24, 0x40, 0x73, + 0x93, 0x2b, 0xbf, 0xac, 0xfe, 0x96, 0x8a, 0x9d, 0x12, 0xe6, + 0xc1, 0x5b, 0x00, 0x3b, 0x23, 0xee, 0xe2, 0x10, 0xb6, 0xbe, + 0x0e, 0x2f, 0xa2, 0x77, 0x16, 0x17, 0xfc, 0x4b, 0x2c, 0xd7, + 0x9c, 0xad, 0x66, 0xb4, 0xf2, 0xfd, 0xc1, 0xaf, 0x81, 0x12, + 0xd9, 0xed, 0x14, 0x32, 0xcf, 0x1b, 0xee, 0xc6, 0x63, 0xe8, + 0xe5, 0xe6, 0xb6, 0x91, 0x8d, 0x1b, 0x90, 0x75, 0x5d, 0x69, + 0x4c, 0x5d, 0xd6, 0xac, 0x79, 0xe8, 0xb6, 0xdf, 0xbf, 0x43, + 0x39, 0xd3, 0xb8, 0xf0, 0x39, 0xf4, 0x90, 0xaf, 0x73, 0x26, + 0xc7, 0x73, 0x6f, 0x93, 0xbb, 0xce, 0x6e, 0xdc, 0x1c, 0xd0, + 0x36, 0x23, 0x17, 0xb2, 0x39, 0x37, 0x15, 0xf5, 0x3a, 0x61, + 0xa9, 0x15, 0x52, 0x6e, 0xc5, 0x3a, 0x63, 0x79, 0x5d, 0x45, + 0xdc, 0x3a, 0xd5, 0x26, 0x01, 0x56, 0x97, 0x80, 0x7f, 0x83, + 0xf9, 0xec, 0xde, 0xa0, 0x2e, 0x7a, 0xb2, 0x4b, 0x04, 0x63, + 0x60, 0x05, 0xce, 0x96, 0xeb, 0xe0, 0x0a, 0x5f, 0xb0, 0x7e, + 0x6d, 0x0a, 0x24, 0x32, 0x47, 0x82, 0x7f, 0x0b, 0xd7, 0xe9, + 0xd5, 0x14, 0xa9, 0x6b, 0x10, 0x5d, 0x1e, 0x1f, 0x8a, 0xad, + 0x70, 0x91, 0xd4, 0x33, 0x1d, 0xc2, 0x3e, 0xf8, 0xc8, 0x52, + 0x9a, 0x27, 0x1f, 0x45, 0x2f, 0xb5, 0xc7, 0xb1, 0x8b, 0xf9, + 0xc6, 0x7b, 0xb5, 0x92, 0x7a, 0xdd, 0xeb, 0x07, 0x6c, 0x6f, + 0x11, 0xd7, 0x5b, 0x56, 0x56, 0xec, 0x88, 0x1c, 0xc9, 0xb4, + 0xe8, 0x43, 0xab, 0xdf, 0x0b, 0xc5, 0x28, 0xba, 0x70, 0x5d, + 0xd3, 0xb2, 0xe2, 0xcf, 0xa7, 0xbb, 0x53, 0x04, 0x6b, 0x73, + 0xdf, 0x27, 0xa6, 0x63, 0x58, 0xe1, 0x39, 0x26, 0x2a, 0x1a, + 0x21, 0xec, 0xbb, 0x5f, 0x46, 0x98, 0x3d, 0x48, 0x66, 0xfe, + 0xf3, 0xcb, 0xfc, 0x6e, 0x99, 0x82, 0x91, 0xce, 0x53, 0xfd, + 0x75, 0xc9, 0xb6, 0x08, 0xa8, 0xf3, 0xe4, 0xe0, 0xa0, 0x24, + 0x45, 0xb4, 0x69, 0x11, 0xac, 0x06, 0x1c, 0x39, 0x71, 0xcf, + 0x72, 0xfc, 0x77, 0x9b, 0x5f, 0xf4, 0x8b, 0x02, 0x31, 0xf3, + 0x67, 0xd1, 0x9b, 0xe0, 0x49, 0xa4, 0x69, 0x20, 0x99, 0x38, + 0xa7, 0xf5, 0x43, 0xd2, 0x45, 0x9f, 0x7a, 0xe7, 0xad, 0x7e, + 0x36, 0xee, 0xfd, 0x8c, 0xc5, 0x6a, 0x12, 0x58, 0x15, 0x3b, + 0x02, 0x81, 0x73, 0x8b, 0x10, 0xda, 0x21, 0xc7, 0x1d, 0x38, + 0xd8, 0x40, 0x7a, 0xa3, 0x59, 0x55, 0x35, 0x44, 0xa9, 0x9c, + 0xf5, 0xf4, 0xe4, 0x14, 0xc1, 0xc4, 0x15, 0x26, 0x01, 0xe3, + 0x31, 0xbf, 0xdc, 0xbc, 0x69, 0x0b, 0xcf, 0x71, 0x8c, 0xdb, + 0x16, 0xab, 0x36, 0x3e, 0xb3, 0xa4, 0x9f, 0xcc, 0xbf, 0xa2, + 0x93, 0x93, 0x9a, 0x3b, 0xaf, 0x72, 0x8d, 0x8b, 0x92, 0x44, + 0x5d, 0x6f, 0xc5, 0xf0, 0xdc, 0x65, 0x62, 0xea, 0xba, 0x33, + 0xe7, 0x6c, 0xa4, 0x35, 0xcf, 0xd9, 0xbc, 0x3c, 0xbf, 0x25, + 0x7b, 0x7c, 0x0b, 0x62, 0x92, 0x5a, 0x66, 0x63, 0xe1, 0x27, + 0x89, 0x12, 0xe2, 0xae, 0xb7, 0xf8, 0x04, 0x70, 0xda, 0x4a, + 0x3d, 0xa6, 0x67, 0x12, 0x14, 0x9e, 0x8e, 0xdc, 0xa2, 0xf2, + 0x3d, 0xc7, 0xd2, 0x8f, 0x18, 0x3a, 0x53, 0x8c, 0x83, 0x5d, + 0x66, 0xbb, 0x9f, 0x8c, 0xaf, 0xa8, 0x73, 0x08, 0x2e, 0x6d, + 0x30, 0xa0, 0xd0, 0x20, 0x94, 0x48, 0xad, 0x5e, 0x31, 0xfd, + 0x5e, 0xfd, 0xf9, 0xb5, 0xa2, 0x39, 0xa3, 0xb9, 0xdf, 0x4d, + 0xa4, 0xb1, 0x54, 0xcc, 0x92, 0x63, 0x2c, 0x66, 0x2d, 0x01, + 0x88, 0x8b, 0x7d, 0xc6, 0x5c, 0x9f, 0x18, 0x9a, 0x53, 0x91, + 0x59, 0x66, 0x70, 0xd7, 0x81, 0x0e, 0xa1, 0x3c, 0x7e, 0x86, + 0x85, 0x64, 0x38, 0x6f, 0xec, 0x76, 0x57, 0x80, 0x41, 0x9d, + 0xef, 0x61, 0xb8, 0xb2, 0x8a, 0xeb, 0xe9, 0x26, 0xbb, 0x69, + 0xb3, 0x8d, 0xd4, 0x6b, 0x05, 0xd8, 0x55, 0x1c, 0xbd, 0x9f, + 0x6b, 0x23, 0x46, 0x2b, 0xf7, 0xfb, 0x4d, 0x33, 0x3b, 0x21, + 0x6d, 0xea, 0x1b, 0x15, 0xaf, 0x0f, 0x8c, 0x98, 0xc8, 0xf4, + 0xd1, 0x3c, 0xdd, 0x21, 0xd0, 0x45, 0xdc, 0xaf, 0x89, 0x89, + 0xbf, 0xde, 0xbf, 0x46, 0x9e, 0x9e, 0x18, 0x56, 0x9d, 0x05, + 0x4d, 0x63, 0x5f, 0x1c, 0xd9, 0x15, 0xd1, 0x43, 0x17, 0x0c, + 0x48, 0x3d, 0x36, 0x8b, 0x14, 0x87, 0xc8, 0x10, 0x44, 0xdf, + 0x9c, 0xfd, 0x6e, 0x88, 0x88, 0xae, 0x7f, 0x7f, 0x67, 0xa3, + 0x33, 0x4d, 0xa3, 0x84, 0x8b, 0x58, 0x07, 0x17, 0xd8, 0x1d, + 0x9e, 0x43, 0xd6, 0x41, 0x9c, 0xff, 0xfa, 0x35, 0xa2, 0x42, + 0xa9, 0x5d, 0xa9, 0x4b, 0x95, 0x23, 0x6a, 0x6e, 0x42, 0xd7, + 0xa2, 0x0a, 0x70, 0x00, 0x61, 0x8b, 0x45, 0xbb, 0xac, 0x20, + 0x27, 0xcd, 0xfc, 0x61, 0x17, 0xfe, 0xab, 0x6b, 0xe8, 0xe0, + 0x51, 0xab, 0xa3, 0xbf, 0xe4, 0x85, 0x69, 0x8e, 0xd7, 0xa6, + 0x62, 0x33, 0x8f, 0x7c, 0xba, 0x48, 0xfa, 0x83, 0x94, 0xa5, + 0xdf, 0xa1, 0x76, 0xdc, 0xa9, 0x4b, 0x3c, 0x27, 0xff, 0xd9, + 0xbe, 0xf4, 0x80, 0x5a, 0xca, 0x33, 0xf3, 0x9a, 0x1d, 0xf8, + 0xf3, 0xe1, 0x83, 0x27, 0x0b, 0x59, 0x87, 0x31, 0x7d, 0x4f, + 0x5a, 0x5e, 0xe1, 0xbe, 0xa9, 0x68, 0xe9, 0x6f, 0x10, 0x0a, + 0xe2, 0x70, 0x05, 0xaa, 0xcb, 0xdd, 0x41, 0xd7, 0x49, 0x8a, + 0x98, 0xa0, 0x40, 0x2d, 0xc6, 0x56, 0x49, 0xca, 0x60, 0x16, + 0x9c, 0x38, 0xc9, 0xfe, 0x99, 0x15, 0xfb, 0x79, 0x01, 0x33, + 0xcd, 0x54, 0x2f, 0xf3, 0x70, 0x37, 0x82, 0x36, 0x32, 0x76, + 0x8f, 0x63, 0x00, 0xa2, 0x42, 0xce, 0x39, 0x90, 0xfc, 0xf8, + 0xff, 0x34, 0x38, 0x0a, 0x17, 0x5e, 0x9d, 0x34, 0x86, 0xde, + 0x33, 0x45, 0xac, 0xbf, 0x81, 0xdf, 0xd2, 0xbc, 0xc7, 0xd7, + 0xd1, 0xee, 0xde, 0x2b, 0x5b, 0x50, 0x56, 0xb5, 0x88, 0x00, + 0x92, 0x76, 0x5a, 0x34, 0x0c, 0xfe, 0x8f, 0xc5, 0xa0, 0x92, + 0xb0, 0xed, 0x43, 0xe7, 0x81, 0x39, 0x36, 0x6e, 0xb7, 0x4d, + 0x5b, 0xcf, 0xc7, 0xf0, 0x83, 0xe5, 0xdc, 0xb7, 0x74, 0xf4, + 0xf3, 0xbd, 0xa8, 0xa6, 0x7b, 0xe0, 0xc5, 0x50, 0xaa, 0xc7, + 0x83, 0x4d, 0xd9, 0xc5, 0x97, 0x03, 0x7c, 0x0c, 0x3b, 0x3a, + 0x18, 0xb2, 0x8c, 0xee, 0x67, 0x91, 0x38, 0x84, 0x8f, 0xef, + 0xb4, 0xf4, 0xe4, 0x7c, 0x1a, 0x3f, 0xa3, 0x0a, 0xd9, 0xba, + 0xff, 0x56, 0xd8, 0xe2, 0x82, 0xfc, 0x58, 0x8f, 0xf6, 0x12, + 0x10, 0x65, 0x6a, 0x68, 0x53, 0x2d, 0x9f, 0x2c, 0x77, 0xd1, + 0xb8, 0x21, 0x8a, 0xcb, 0xe9, 0xd4, 0x25, 0x18, 0x22, 0x46, + 0x3e, 0x72, 0x29, 0x2a, 0x68, 0x70, 0x73, 0xe2, 0x61, 0xa2, + 0xa8, 0x1f, 0x24, 0x48, 0x92, 0xa0, 0xd4, 0xdd, 0xde, 0xe5, + 0x02, 0x1b, 0x59, 0x5c, 0x7e, 0x92, 0x9c, 0xd8, 0xf4, 0x2d, + 0x6b, 0x79, 0x7b, 0xc7, 0xcd, 0xef, 0x21, 0x2a, 0x50, 0x7e, + 0xba, 0xdd, 0x02, 0x45, 0x7e, 0xc1, 0xdd, 0xeb, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x03, 0x0c, 0x15, 0x1c, 0x22, 0x28, +}; +static const int sizeof_bench_dilithium_level3_sig = + sizeof(bench_dilithium_level3_sig); +#endif + +#ifndef WOLFSSL_NO_ML_DSA_87 +static const unsigned char bench_dilithium_level5_sig[] = { + 0x78, 0xed, 0x1a, 0x3f, 0x41, 0xab, 0xf8, 0x93, 0x80, 0xf0, + 0xc6, 0xbf, 0x4a, 0xde, 0xaf, 0x29, 0x93, 0xe5, 0x9a, 0xbf, + 0x38, 0x08, 0x18, 0x33, 0xca, 0x7d, 0x5e, 0x65, 0xa4, 0xd2, + 0xd7, 0x45, 0xe3, 0xe7, 0x58, 0xfb, 0x05, 0xab, 0x65, 0x57, + 0xac, 0x6f, 0xf5, 0x43, 0x28, 0x5f, 0x9c, 0x9a, 0x3e, 0x35, + 0x84, 0xe4, 0xef, 0xa5, 0x57, 0x17, 0xad, 0x51, 0x44, 0x70, + 0x09, 0x00, 0x81, 0xbe, 0xfe, 0x14, 0x01, 0xfe, 0x0c, 0x94, + 0xbe, 0xa9, 0x89, 0xfd, 0x47, 0xfc, 0xb9, 0xd8, 0x17, 0x4d, + 0xd8, 0x73, 0xd5, 0x50, 0x9f, 0x13, 0x6c, 0x07, 0x71, 0x47, + 0xaa, 0x3c, 0xc0, 0x64, 0x00, 0x19, 0x2e, 0x74, 0x51, 0x0e, + 0x0f, 0x25, 0x30, 0x7f, 0x13, 0x96, 0xc6, 0xc5, 0xbf, 0xd4, + 0x82, 0xd3, 0x0d, 0xd3, 0x65, 0x4c, 0x72, 0x67, 0xe2, 0x37, + 0x6b, 0x3c, 0x8e, 0xa3, 0x36, 0x84, 0xe9, 0xaa, 0xac, 0x7d, + 0xf3, 0xac, 0xfc, 0x01, 0x50, 0x87, 0x88, 0xf6, 0xbf, 0x84, + 0xc3, 0xa0, 0x23, 0xe4, 0xe8, 0x01, 0x38, 0x39, 0x30, 0x8a, + 0xf3, 0xba, 0x92, 0x62, 0x37, 0xd7, 0x20, 0xd7, 0xf7, 0x41, + 0xff, 0xae, 0x81, 0x02, 0x29, 0x2a, 0x66, 0x8b, 0x20, 0xbe, + 0x61, 0x8d, 0xfb, 0x7c, 0x70, 0x14, 0xad, 0xf4, 0x94, 0x8c, + 0xee, 0x64, 0x3b, 0x9f, 0xe1, 0x6e, 0x68, 0x17, 0x07, 0xb8, + 0xfc, 0x99, 0xdc, 0xde, 0x69, 0x58, 0x8c, 0x97, 0x7d, 0xb3, + 0x2c, 0x9e, 0x90, 0x33, 0x2e, 0x7b, 0xbf, 0xf8, 0x6f, 0xf8, + 0x12, 0x64, 0xda, 0xc0, 0xfb, 0x30, 0xe6, 0xbf, 0x7b, 0x9a, + 0xde, 0xb5, 0xac, 0x9d, 0x6b, 0xcb, 0xe1, 0x0d, 0xf1, 0xbb, + 0xf3, 0x97, 0xc5, 0x08, 0xd3, 0x3e, 0xe3, 0xa4, 0xeb, 0x6f, + 0x6b, 0x62, 0x61, 0xc5, 0x0b, 0xa8, 0x02, 0xc2, 0xf1, 0xbe, + 0xbb, 0x93, 0x13, 0xa5, 0x8d, 0x7b, 0x5a, 0x6d, 0x1f, 0x28, + 0xbc, 0x35, 0xd8, 0xe8, 0xcf, 0x80, 0x8b, 0x4b, 0x02, 0x80, + 0x3b, 0xdc, 0x00, 0xce, 0x88, 0xb0, 0x62, 0x35, 0x7d, 0x51, + 0x7f, 0x5c, 0xb2, 0x23, 0x85, 0x47, 0x7e, 0x73, 0x88, 0x65, + 0xfd, 0x0d, 0x47, 0x33, 0xef, 0xb9, 0x75, 0x05, 0x86, 0x5d, + 0xd3, 0x98, 0xa6, 0x91, 0xe6, 0x8c, 0xe2, 0x71, 0x7a, 0x95, + 0xe0, 0x8c, 0x54, 0x4b, 0x68, 0x4d, 0x5a, 0xec, 0xad, 0xae, + 0x54, 0x4e, 0x3b, 0x0e, 0xcd, 0x70, 0xe6, 0x81, 0xbf, 0xf4, + 0x86, 0xab, 0xfe, 0xd8, 0xed, 0x69, 0xdd, 0x0f, 0x75, 0x8f, + 0x8e, 0xcd, 0x72, 0x40, 0x21, 0xee, 0x80, 0x6f, 0x9e, 0xa0, + 0x80, 0xf7, 0xf6, 0xa2, 0xf5, 0x04, 0x82, 0xea, 0xb6, 0xb1, + 0xa3, 0xfe, 0xa2, 0x2d, 0x83, 0xc7, 0x01, 0x4b, 0x27, 0x19, + 0x6a, 0x31, 0x04, 0x70, 0xce, 0x75, 0x22, 0x4b, 0x7a, 0x21, + 0x29, 0xfd, 0xe9, 0xcb, 0xbb, 0xca, 0x95, 0x0a, 0xd8, 0xcd, + 0x20, 0x2a, 0xb7, 0xbe, 0xdf, 0x2f, 0x0f, 0xfa, 0xf1, 0xc0, + 0x39, 0xf3, 0x74, 0x22, 0x05, 0x33, 0xca, 0x2a, 0x9c, 0x9f, + 0x06, 0x71, 0x90, 0x1e, 0x74, 0x4b, 0xbe, 0x9a, 0xc7, 0x1e, + 0x37, 0x9b, 0x96, 0x19, 0xfd, 0xa0, 0x61, 0x87, 0x93, 0xab, + 0x75, 0x79, 0xac, 0x2f, 0x83, 0xe1, 0x8c, 0x70, 0x54, 0x70, + 0x01, 0x93, 0xce, 0x76, 0x7a, 0x08, 0xe7, 0x75, 0xfb, 0x5e, + 0xa4, 0xcc, 0xd6, 0xeb, 0x90, 0xe2, 0x57, 0x07, 0x53, 0x88, + 0x8f, 0x7f, 0x29, 0x39, 0x80, 0xc4, 0x7f, 0x70, 0x6f, 0xff, + 0x44, 0x25, 0x2b, 0x9e, 0xa1, 0xbb, 0xda, 0x43, 0x53, 0x14, + 0xf8, 0x97, 0x08, 0xa4, 0xaf, 0xa0, 0xa5, 0x0c, 0xfa, 0xcc, + 0xba, 0xcd, 0x4f, 0xd3, 0x90, 0x28, 0x02, 0x25, 0xbe, 0xc6, + 0x35, 0x66, 0x99, 0xb0, 0x69, 0x46, 0xe5, 0xbf, 0x7e, 0x4f, + 0x53, 0x11, 0x1f, 0xa5, 0x2c, 0x9b, 0xd1, 0x70, 0x90, 0x34, + 0x66, 0xaa, 0x9f, 0xa8, 0x02, 0x3a, 0x05, 0x2b, 0x0a, 0xd0, + 0x72, 0x5d, 0x01, 0x7b, 0x02, 0xce, 0x18, 0xb9, 0x63, 0xd1, + 0x7d, 0xd2, 0x34, 0xa3, 0x2d, 0xaa, 0x78, 0xf0, 0x30, 0x6e, + 0x59, 0xe3, 0xf1, 0x1e, 0xf1, 0x33, 0x41, 0xde, 0xc4, 0x4e, + 0x88, 0x61, 0xc3, 0xb4, 0x6b, 0x21, 0x5d, 0xcc, 0x69, 0x44, + 0xf3, 0xb0, 0x84, 0x54, 0x2a, 0x23, 0x22, 0xa2, 0xc4, 0xba, + 0xad, 0x00, 0x57, 0x5b, 0xdf, 0xa0, 0xf7, 0x1c, 0x00, 0xc3, + 0x23, 0x93, 0xc0, 0x2f, 0x3b, 0x9d, 0x6e, 0x8c, 0x38, 0xa6, + 0x5e, 0xd8, 0x98, 0x7a, 0x6c, 0x90, 0xd5, 0x40, 0x3f, 0x8c, + 0xc3, 0xf0, 0x92, 0x66, 0xc4, 0xe5, 0xa8, 0x42, 0x25, 0x4c, + 0x56, 0x42, 0x37, 0x9a, 0xa4, 0x1d, 0xf5, 0xb0, 0xe3, 0x8a, + 0x9c, 0x57, 0x52, 0x63, 0xdc, 0xd9, 0xb0, 0xbf, 0xc3, 0xfc, + 0xfc, 0x6c, 0xab, 0x41, 0xae, 0xec, 0xc7, 0x40, 0x80, 0xb6, + 0x0b, 0x3c, 0xa9, 0xf5, 0x4f, 0x2d, 0xf6, 0x72, 0xe3, 0xba, + 0x13, 0x2c, 0x73, 0x61, 0x98, 0x66, 0x6f, 0x03, 0x88, 0x3b, + 0xe6, 0x95, 0x43, 0x33, 0x3b, 0xfe, 0xfd, 0x63, 0x8c, 0x00, + 0x8a, 0x67, 0x1c, 0x46, 0x0e, 0x0b, 0x51, 0x26, 0x79, 0x4f, + 0x7b, 0xb1, 0x36, 0x34, 0x52, 0x41, 0x7e, 0x74, 0xbb, 0x71, + 0x52, 0x8f, 0xcc, 0xf2, 0x99, 0x24, 0x3f, 0x18, 0xe6, 0xcf, + 0xdf, 0x6b, 0xfe, 0x77, 0xfa, 0xa8, 0x3f, 0xe3, 0x6b, 0xb7, + 0x32, 0x30, 0x8e, 0x16, 0x08, 0x59, 0x66, 0xdf, 0x95, 0x75, + 0x7d, 0xa3, 0x80, 0xf0, 0x0c, 0x1a, 0xa8, 0xe7, 0x87, 0x2f, + 0xe3, 0x39, 0x11, 0x82, 0x00, 0x3e, 0xe5, 0x71, 0x05, 0x7d, + 0x0c, 0x90, 0xae, 0xbc, 0xbf, 0xe0, 0x4b, 0x8f, 0x91, 0x85, + 0x1d, 0x0a, 0xa2, 0x36, 0x66, 0x18, 0x78, 0xd0, 0x0a, 0xa0, + 0xaf, 0x0f, 0x1c, 0x01, 0xdb, 0xb2, 0x21, 0x96, 0x25, 0xf7, + 0x9e, 0x3a, 0x9e, 0xc3, 0xe8, 0x92, 0x34, 0xaf, 0x7e, 0x3b, + 0x5f, 0xd9, 0x23, 0x97, 0x09, 0xf1, 0x87, 0x31, 0x3a, 0x94, + 0xc8, 0x9b, 0x52, 0xf4, 0x57, 0x54, 0x7b, 0x3e, 0x50, 0xd3, + 0x75, 0x2a, 0xba, 0x97, 0xd7, 0xec, 0x95, 0x6c, 0x35, 0x63, + 0xa4, 0xa1, 0x8f, 0xf5, 0xcc, 0xbe, 0x42, 0x65, 0x4e, 0x69, + 0x35, 0x55, 0xa5, 0x3e, 0xc4, 0xf0, 0xde, 0x60, 0x54, 0xdf, + 0xbb, 0x83, 0xad, 0xdf, 0xa5, 0x24, 0x8f, 0xbe, 0x0b, 0x16, + 0xfc, 0xf2, 0x64, 0xd5, 0x79, 0x68, 0xf3, 0x91, 0x81, 0x2a, + 0xd7, 0x1c, 0xc0, 0xdd, 0xe6, 0xb6, 0xb3, 0xa2, 0x4f, 0xc0, + 0x6d, 0x77, 0x02, 0xee, 0x43, 0xd6, 0x5e, 0x82, 0x66, 0x7f, + 0xb4, 0xe6, 0x5c, 0xff, 0x87, 0x1e, 0x1d, 0x6f, 0x1d, 0x96, + 0x6d, 0xbd, 0x90, 0x57, 0x65, 0xc2, 0x01, 0x35, 0xfa, 0x9a, + 0xc6, 0xe0, 0x4e, 0x2c, 0x4b, 0x16, 0xfa, 0x0d, 0x38, 0x87, + 0x39, 0x2c, 0x2b, 0x48, 0x14, 0x92, 0x3d, 0x83, 0x00, 0xa9, + 0x1a, 0x3d, 0x4d, 0x30, 0x23, 0x48, 0xcd, 0xd5, 0xcd, 0x01, + 0xb1, 0x45, 0x85, 0xcc, 0x66, 0x47, 0x1d, 0x63, 0x3d, 0x70, + 0xb8, 0x0c, 0xfd, 0xe3, 0xb2, 0x0f, 0x64, 0x6e, 0xb9, 0x2b, + 0xe5, 0xb0, 0x4d, 0x44, 0x4d, 0x66, 0x1a, 0xfa, 0x49, 0xbb, + 0xc3, 0xb8, 0xad, 0x64, 0x23, 0x7e, 0x71, 0x9f, 0x59, 0xec, + 0x25, 0xa8, 0x5e, 0x11, 0xd6, 0x6e, 0xc9, 0x09, 0xe7, 0xb9, + 0x6a, 0x63, 0x91, 0xaa, 0x5d, 0xd2, 0x8c, 0x91, 0xe8, 0x8d, + 0x35, 0x6d, 0x10, 0xf6, 0xfc, 0x6a, 0x3c, 0x77, 0x90, 0xf8, + 0x2a, 0x49, 0x13, 0x7f, 0xdb, 0xf5, 0x0c, 0xe9, 0xc8, 0x57, + 0xc6, 0xfd, 0x26, 0x8d, 0x79, 0xb5, 0xdd, 0x47, 0x74, 0x6e, + 0xe8, 0x8f, 0x50, 0xf5, 0xa7, 0x9e, 0xd1, 0x74, 0x10, 0xbb, + 0xf4, 0x8f, 0x8f, 0x0d, 0xcd, 0x1f, 0xf6, 0x59, 0xb8, 0x6c, + 0xd2, 0x37, 0x83, 0x28, 0xb2, 0x36, 0xc1, 0x39, 0x5b, 0xde, + 0x59, 0xee, 0x77, 0xa2, 0x6e, 0x67, 0xc6, 0xea, 0x1d, 0x2b, + 0x41, 0x8f, 0x6f, 0x96, 0x94, 0x1b, 0x5d, 0xab, 0x30, 0x53, + 0x1e, 0xf8, 0x17, 0x06, 0xea, 0xcc, 0x98, 0xa8, 0xdf, 0x81, + 0xe1, 0x80, 0xb7, 0xad, 0x69, 0xcb, 0x8f, 0x81, 0x1e, 0x76, + 0x75, 0x3c, 0x11, 0x9b, 0x38, 0x95, 0xa7, 0x87, 0x1f, 0xd9, + 0x76, 0x82, 0x21, 0x13, 0x25, 0x20, 0x42, 0xd3, 0x8c, 0xd9, + 0x1c, 0x64, 0xed, 0xe9, 0x55, 0xb5, 0x29, 0x98, 0x85, 0x7c, + 0x01, 0x94, 0xaa, 0xdd, 0x8c, 0x78, 0x08, 0x99, 0x99, 0x5a, + 0xf6, 0x61, 0x4c, 0xe0, 0x99, 0xf8, 0x15, 0x74, 0x2e, 0x0d, + 0x14, 0x89, 0x11, 0x84, 0xcd, 0x78, 0x0c, 0x6b, 0x48, 0xde, + 0xb4, 0xd6, 0x05, 0xbd, 0x99, 0x58, 0xb7, 0xe5, 0xc5, 0x7a, + 0x43, 0x18, 0x55, 0x33, 0x16, 0x2b, 0xfa, 0x27, 0xf5, 0xbb, + 0xaa, 0x52, 0xb5, 0x28, 0x5c, 0xfe, 0x61, 0x7f, 0x7a, 0x70, + 0xc2, 0x32, 0x4b, 0x05, 0x8d, 0x7b, 0x4d, 0x22, 0x57, 0x25, + 0x40, 0x46, 0x7c, 0xad, 0x2f, 0x8a, 0xc8, 0x16, 0xd6, 0xac, + 0x4e, 0xe3, 0xe3, 0x29, 0xe4, 0xe8, 0x00, 0x2b, 0xc9, 0xe3, + 0x3a, 0x6f, 0x66, 0xf1, 0x37, 0x37, 0x52, 0x88, 0x77, 0xf6, + 0xbd, 0x59, 0x5f, 0xf8, 0x11, 0x46, 0x7b, 0x12, 0x88, 0x2f, + 0x4b, 0x0d, 0x16, 0x89, 0x3e, 0x2a, 0x56, 0x58, 0xa8, 0x1c, + 0xee, 0x23, 0xd5, 0x66, 0x86, 0x5f, 0x59, 0x55, 0xac, 0x07, + 0xfd, 0xda, 0x6b, 0xf1, 0xc7, 0x01, 0x19, 0xdb, 0xff, 0x63, + 0x6f, 0x27, 0xdb, 0xa1, 0xc7, 0xe9, 0xe0, 0xdb, 0xe4, 0x9a, + 0xce, 0xf5, 0xac, 0x68, 0xab, 0x59, 0x0c, 0x83, 0xa3, 0x1c, + 0x2a, 0x86, 0x55, 0xe2, 0xaa, 0xa1, 0xb3, 0xed, 0xc2, 0x2d, + 0x43, 0xc5, 0x13, 0x68, 0xe4, 0x83, 0x3e, 0xd5, 0x7f, 0xf7, + 0xd5, 0xd0, 0x60, 0xd3, 0x70, 0x7f, 0x88, 0xaa, 0xca, 0x74, + 0xcc, 0x50, 0x8d, 0x55, 0x9c, 0xfe, 0x4a, 0xc6, 0xc9, 0x36, + 0xf7, 0x27, 0x26, 0x64, 0xd3, 0x6c, 0xdb, 0x16, 0x31, 0x81, + 0xe9, 0xce, 0x73, 0x60, 0x61, 0x9c, 0x0f, 0xb5, 0x6e, 0x68, + 0xbc, 0xb1, 0x9e, 0x9f, 0xcd, 0x6c, 0x27, 0x31, 0x2d, 0x40, + 0x36, 0xce, 0x91, 0xee, 0x47, 0xdc, 0xa0, 0x4f, 0xd7, 0x14, + 0x4f, 0x93, 0x00, 0xc4, 0x34, 0xca, 0xd4, 0x42, 0x21, 0x90, + 0xf6, 0x9d, 0xea, 0x45, 0x15, 0xfe, 0x2d, 0xd6, 0xab, 0xc2, + 0x36, 0x47, 0xc0, 0x5b, 0xd2, 0xae, 0x53, 0x33, 0xb0, 0x2d, + 0x29, 0xa3, 0x14, 0xda, 0xa4, 0x48, 0xc1, 0x57, 0x0c, 0xdc, + 0x72, 0x4a, 0xd0, 0xf5, 0x5b, 0x9a, 0x57, 0x1d, 0x06, 0xc8, + 0x0f, 0xc7, 0x5b, 0x70, 0xbb, 0x27, 0xf4, 0xe2, 0xf4, 0xf3, + 0x3c, 0xdc, 0xba, 0x43, 0xc4, 0x4e, 0xe2, 0x96, 0xd4, 0x6c, + 0x33, 0x3e, 0xbf, 0x85, 0xf7, 0x3c, 0x1d, 0x46, 0x59, 0x4e, + 0xa1, 0xa7, 0xa3, 0x76, 0x55, 0x8a, 0x72, 0x83, 0xd0, 0x45, + 0x86, 0x38, 0xa5, 0x4d, 0xc8, 0x62, 0xe4, 0x8a, 0xd5, 0x8e, + 0xb7, 0x4c, 0x6e, 0xaf, 0xa4, 0xbe, 0x88, 0x87, 0x77, 0xd1, + 0x7b, 0xb2, 0x1d, 0xe0, 0x1e, 0x53, 0x30, 0x31, 0x15, 0x6c, + 0x10, 0x81, 0x03, 0x55, 0xa7, 0x69, 0xb6, 0xa5, 0x48, 0xf4, + 0xb2, 0x3b, 0x76, 0x8b, 0x2e, 0x42, 0xa6, 0xaa, 0x7e, 0x66, + 0x57, 0xc2, 0x11, 0xc5, 0x2c, 0x7d, 0x96, 0xdf, 0xe3, 0x58, + 0x12, 0x98, 0x18, 0x0d, 0x87, 0xbd, 0x64, 0xbd, 0xfe, 0x6d, + 0xad, 0x6d, 0x1e, 0xf6, 0x34, 0x01, 0xb5, 0x56, 0xe8, 0x6a, + 0xb3, 0x8c, 0x70, 0x84, 0x36, 0x17, 0xd6, 0x4b, 0xaa, 0x57, + 0xab, 0xb3, 0x45, 0x30, 0x36, 0x10, 0xd4, 0xee, 0x8a, 0xc9, + 0x29, 0xd1, 0x92, 0x9b, 0xe2, 0x7c, 0x12, 0xd1, 0x29, 0x62, + 0x41, 0x69, 0xae, 0x3a, 0x50, 0xcc, 0x89, 0x50, 0x2e, 0xe6, + 0x07, 0xf8, 0x9c, 0x98, 0x80, 0xd5, 0xa3, 0xc8, 0x74, 0xfb, + 0xfc, 0x91, 0x16, 0x02, 0xdc, 0xf0, 0x42, 0x49, 0xbc, 0xc9, + 0x2f, 0x7f, 0x8d, 0x93, 0xf7, 0xf0, 0x74, 0xb7, 0xd1, 0x55, + 0xfc, 0x79, 0x03, 0x37, 0xfb, 0xf6, 0x7d, 0x2f, 0x2d, 0xf8, + 0x6b, 0xc5, 0xf9, 0x66, 0x38, 0xf5, 0xfd, 0x64, 0xc6, 0x08, + 0x99, 0xb3, 0x25, 0xad, 0xf4, 0xfd, 0x69, 0x2f, 0xf1, 0x18, + 0x46, 0xd6, 0x5c, 0x1a, 0x37, 0xcd, 0xee, 0xa3, 0xbf, 0x0f, + 0x57, 0x5c, 0xc3, 0x97, 0x94, 0x84, 0x89, 0xbe, 0x00, 0xf6, + 0x40, 0xe9, 0x5a, 0x52, 0xaf, 0x3a, 0x5b, 0xf4, 0x56, 0xb0, + 0x04, 0x49, 0xc6, 0x32, 0x8c, 0xa1, 0x0a, 0xd8, 0x88, 0xa1, + 0xc3, 0xb7, 0x8b, 0x96, 0xc3, 0x39, 0x51, 0x50, 0x83, 0xa6, + 0xf0, 0x6d, 0xe7, 0x6e, 0x20, 0xff, 0x9d, 0xac, 0x03, 0x57, + 0xbc, 0xcb, 0x6a, 0x19, 0xa7, 0xc5, 0xd2, 0x44, 0x4f, 0x17, + 0x1e, 0x9a, 0x8d, 0x97, 0x25, 0x55, 0x52, 0x49, 0xe2, 0x48, + 0xae, 0x4b, 0x3f, 0x94, 0x5a, 0xb2, 0x2d, 0x40, 0xd9, 0x85, + 0xef, 0x03, 0xa0, 0xd3, 0x66, 0x9a, 0x8f, 0x7b, 0xc0, 0x8d, + 0x54, 0x95, 0x42, 0x49, 0xeb, 0x15, 0x00, 0xf3, 0x6d, 0x6f, + 0x40, 0xf2, 0x8b, 0xc1, 0x50, 0xa6, 0x22, 0x3b, 0xd6, 0x88, + 0xa1, 0xf7, 0xb0, 0x1f, 0xcd, 0x20, 0x4e, 0x5b, 0xad, 0x66, + 0x4a, 0xda, 0x40, 0xee, 0x4c, 0x4c, 0x3e, 0xa7, 0x75, 0x51, + 0x90, 0xba, 0xee, 0x59, 0xbc, 0xe3, 0xcd, 0x4d, 0xb9, 0x57, + 0xb7, 0xf8, 0xc1, 0xb9, 0x8d, 0x0f, 0x58, 0x2c, 0x4c, 0x98, + 0xa6, 0x9c, 0xd9, 0x0e, 0x25, 0x4f, 0xea, 0x4c, 0x15, 0x0b, + 0x89, 0xe4, 0xac, 0xa1, 0x5a, 0xa1, 0xfd, 0x5b, 0xc6, 0xfe, + 0xf0, 0xf1, 0x4c, 0xa7, 0x60, 0xbc, 0xc3, 0xa5, 0x80, 0x00, + 0x3b, 0x3f, 0x22, 0x38, 0x60, 0x40, 0x76, 0x52, 0x83, 0x32, + 0xee, 0x20, 0x6a, 0xf9, 0x1e, 0x6b, 0x99, 0x52, 0xe7, 0x04, + 0xdc, 0x5a, 0x9d, 0x77, 0x8a, 0xdd, 0x9b, 0x53, 0x19, 0xff, + 0x69, 0x8c, 0xbc, 0xc6, 0xe0, 0x79, 0x0d, 0x3d, 0x3d, 0x54, + 0x5b, 0xe0, 0x47, 0x5b, 0x71, 0x05, 0x98, 0x8f, 0xbb, 0x65, + 0xe1, 0x31, 0x9a, 0xc8, 0x1e, 0x7a, 0x4a, 0xf8, 0xcb, 0x17, + 0xd1, 0x83, 0x58, 0xb1, 0xc0, 0xe4, 0xb1, 0x85, 0xca, 0xa5, + 0xf8, 0x0e, 0xd1, 0x0c, 0xe8, 0x71, 0xc3, 0xfa, 0xbf, 0x1d, + 0xd6, 0x98, 0x03, 0xed, 0x77, 0x3b, 0x55, 0xaf, 0x69, 0x72, + 0x6b, 0x42, 0x31, 0x98, 0x95, 0xd5, 0x79, 0xa5, 0x4c, 0x51, + 0xcf, 0x02, 0x65, 0x93, 0xf2, 0x71, 0xdc, 0xde, 0x9a, 0xa3, + 0x86, 0xa7, 0xea, 0xcf, 0xd7, 0xe5, 0x00, 0xde, 0x40, 0x02, + 0xcd, 0x6b, 0x46, 0x0b, 0xbb, 0xbf, 0x77, 0x5f, 0x9d, 0x7c, + 0xa4, 0x7f, 0x7c, 0x8a, 0xba, 0xd6, 0x99, 0xc5, 0xaa, 0x06, + 0x36, 0xe1, 0x7e, 0x9c, 0x6f, 0x28, 0xd4, 0x6e, 0x1d, 0x5b, + 0xdd, 0x01, 0x24, 0xbd, 0x6c, 0x5d, 0x87, 0x3c, 0xc1, 0xf6, + 0x93, 0x37, 0xe2, 0x3b, 0x70, 0xc4, 0xd8, 0x10, 0x0e, 0x44, + 0x37, 0x00, 0xe3, 0x07, 0xbd, 0x67, 0xd3, 0x9d, 0xe6, 0xe7, + 0x48, 0x1b, 0xe0, 0x79, 0xb3, 0x30, 0x91, 0x89, 0x0f, 0x89, + 0x77, 0xfa, 0x13, 0x85, 0xd0, 0x32, 0xbd, 0xc1, 0x9e, 0x52, + 0x04, 0x80, 0x54, 0xb1, 0x08, 0x39, 0x20, 0xda, 0x3e, 0xf1, + 0xd9, 0x15, 0x74, 0x55, 0x06, 0xfc, 0x4d, 0x85, 0xd4, 0x98, + 0x02, 0x64, 0x10, 0x86, 0xd7, 0xcd, 0x01, 0x0d, 0x85, 0xa0, + 0x78, 0xb0, 0x58, 0x99, 0x7b, 0xdf, 0xe4, 0x8c, 0x3f, 0xab, + 0xc0, 0xbc, 0xa5, 0x30, 0x28, 0xe1, 0x4e, 0x02, 0x98, 0xab, + 0x03, 0xf3, 0x21, 0xe7, 0xa7, 0xe7, 0xc3, 0x5f, 0x98, 0xc0, + 0x83, 0x02, 0xe8, 0x8a, 0x30, 0x75, 0x95, 0xcf, 0x77, 0x83, + 0xfb, 0x32, 0x5a, 0xf9, 0x13, 0xed, 0xdb, 0xda, 0xc3, 0x84, + 0x4b, 0x8f, 0x1a, 0xf0, 0xad, 0x8e, 0xcf, 0xe3, 0xa7, 0x2b, + 0xb5, 0x44, 0x75, 0xd6, 0xda, 0x33, 0x81, 0x22, 0xa7, 0x6a, + 0xbd, 0x21, 0x64, 0x85, 0xfa, 0x65, 0x8e, 0xc4, 0x58, 0xec, + 0xc4, 0x18, 0x90, 0xa3, 0xcc, 0x2e, 0xaa, 0xa2, 0x2e, 0x46, + 0x7a, 0x4a, 0x35, 0xbf, 0x58, 0x78, 0x2b, 0x1e, 0x72, 0xe5, + 0x80, 0xc9, 0xe0, 0x9e, 0x43, 0x01, 0xcc, 0xe1, 0x0c, 0x00, + 0xe9, 0xc1, 0xa5, 0x1a, 0x9b, 0x4e, 0x6e, 0x34, 0x32, 0xfd, + 0x86, 0xb7, 0xae, 0xc3, 0x6e, 0x69, 0x04, 0xf6, 0x6a, 0x92, + 0x78, 0xb1, 0x1f, 0x9d, 0x5e, 0x0c, 0xf9, 0xc4, 0x1a, 0xf6, + 0xb4, 0x8a, 0x63, 0xb5, 0x87, 0x5b, 0xfb, 0x50, 0xbf, 0xd5, + 0x17, 0x97, 0x8e, 0x55, 0x1c, 0xfe, 0x82, 0xf6, 0xa7, 0x9c, + 0x0b, 0xc9, 0x0a, 0xf6, 0x7f, 0x70, 0xd1, 0x00, 0xed, 0x1c, + 0x6c, 0x3a, 0x95, 0xed, 0x61, 0xa4, 0xd6, 0x57, 0xfb, 0x57, + 0xf8, 0x9b, 0x4c, 0xce, 0x50, 0x26, 0x5c, 0x19, 0xd2, 0xa7, + 0xd6, 0xe8, 0x3c, 0x29, 0x34, 0xfb, 0x26, 0x7f, 0xc5, 0x78, + 0xbf, 0xfe, 0xb6, 0x2a, 0x5a, 0x62, 0x8e, 0x31, 0x9b, 0x57, + 0xa4, 0xe7, 0x4d, 0x3d, 0x18, 0x05, 0xf0, 0x94, 0xbb, 0x04, + 0xfa, 0x0a, 0x92, 0xf4, 0xc6, 0x7f, 0x16, 0xa2, 0x31, 0xed, + 0xc1, 0xb4, 0x62, 0x54, 0x3a, 0x23, 0x12, 0x6a, 0x76, 0xcc, + 0x8c, 0x91, 0x89, 0x58, 0x8c, 0x20, 0x23, 0xd9, 0xaa, 0x0d, + 0x80, 0xbe, 0xb9, 0xb4, 0x40, 0x1e, 0xff, 0xa9, 0xf7, 0x71, + 0x0a, 0xa0, 0x0a, 0xdf, 0x11, 0x0b, 0x66, 0x3f, 0xf2, 0x4d, + 0x5d, 0x39, 0x7c, 0x77, 0xe1, 0xb1, 0x09, 0xa1, 0x6b, 0x2e, + 0x30, 0x43, 0x33, 0x80, 0x6e, 0x6a, 0x1d, 0x47, 0xd9, 0xd6, + 0xac, 0xdc, 0x3f, 0x16, 0xb1, 0x58, 0x11, 0x9f, 0x67, 0xd7, + 0x15, 0x45, 0xd8, 0xc3, 0x69, 0x24, 0x8d, 0xac, 0xff, 0xc3, + 0x43, 0xfd, 0x24, 0xaf, 0xf1, 0xc8, 0x3a, 0xc7, 0xd6, 0x1f, + 0x56, 0x26, 0x16, 0xe6, 0x30, 0xcd, 0x6e, 0x0a, 0x63, 0x2a, + 0x7b, 0x86, 0xd7, 0x65, 0x39, 0x45, 0x7c, 0xe6, 0xa0, 0xe6, + 0x38, 0xed, 0x54, 0x84, 0x00, 0x4d, 0x8e, 0xc2, 0xba, 0x56, + 0x9b, 0xf3, 0xe1, 0xe8, 0x7d, 0xfe, 0x47, 0xf0, 0x58, 0xe7, + 0x59, 0x60, 0x97, 0x2e, 0x57, 0x1a, 0x09, 0x1f, 0x8b, 0x2b, + 0x0b, 0x47, 0x75, 0xc0, 0xb3, 0x79, 0xce, 0x10, 0x47, 0x6d, + 0xfc, 0xcb, 0x22, 0x61, 0x5c, 0x39, 0xc4, 0x3f, 0xc5, 0xef, + 0xb8, 0xc8, 0x88, 0x52, 0xce, 0x90, 0x17, 0xf5, 0x3c, 0xa9, + 0x87, 0x6f, 0xcb, 0x2f, 0x11, 0x53, 0x65, 0x9b, 0x74, 0x21, + 0x3e, 0xdd, 0x7b, 0x1f, 0x19, 0x9f, 0x53, 0xe6, 0xab, 0xc0, + 0x56, 0xba, 0x80, 0x19, 0x5d, 0x3f, 0xc7, 0xe2, 0xfb, 0x8c, + 0xe2, 0x93, 0xe0, 0x31, 0xc9, 0x33, 0x31, 0x23, 0x31, 0xa1, + 0x36, 0x4c, 0x62, 0xd8, 0x0a, 0xfd, 0x85, 0x97, 0xae, 0xa9, + 0xe9, 0x58, 0x29, 0x17, 0x33, 0x09, 0x5a, 0x8e, 0xa3, 0x90, + 0x41, 0xd3, 0xfc, 0x24, 0x98, 0x61, 0x4d, 0x30, 0x1f, 0x76, + 0x8f, 0xfc, 0xd0, 0x96, 0x8b, 0x2e, 0x9b, 0x24, 0x73, 0x35, + 0x00, 0xb7, 0xf6, 0xe8, 0xba, 0xec, 0x98, 0x74, 0x41, 0xa4, + 0x47, 0x10, 0x0d, 0xbc, 0xba, 0xd1, 0xe7, 0xdb, 0x12, 0xcb, + 0x5f, 0x02, 0xb1, 0xa6, 0xa0, 0xd7, 0x28, 0x30, 0x3e, 0x0a, + 0x5c, 0x5f, 0xe6, 0x2f, 0x3c, 0xde, 0x46, 0x60, 0xaf, 0x07, + 0x5f, 0xed, 0x08, 0xc0, 0x06, 0x58, 0xba, 0xd7, 0x36, 0x5b, + 0xa0, 0x4a, 0xf7, 0xa1, 0x05, 0x9b, 0x00, 0xda, 0x49, 0xdc, + 0xbf, 0xea, 0xe1, 0x03, 0xda, 0x95, 0x95, 0xa0, 0xfa, 0x2e, + 0xf1, 0x60, 0x11, 0x47, 0xdd, 0xb3, 0xfb, 0x0b, 0xa2, 0x92, + 0xcf, 0x73, 0xbb, 0xce, 0x82, 0x71, 0xbc, 0xbd, 0x50, 0x64, + 0xf1, 0x96, 0x48, 0x48, 0x93, 0xf8, 0xdc, 0x1c, 0x18, 0x12, + 0xc6, 0x17, 0x6a, 0xa9, 0xc1, 0x4d, 0x6f, 0x76, 0xda, 0x2f, + 0x4e, 0x59, 0xdd, 0x8b, 0x1c, 0xa5, 0x30, 0xb6, 0xe9, 0x88, + 0x8f, 0x75, 0x0c, 0xcd, 0xd8, 0x61, 0xf4, 0x28, 0xc5, 0x9a, + 0xcd, 0x77, 0x0d, 0x36, 0x5f, 0x75, 0xa5, 0x0a, 0x77, 0x20, + 0x28, 0x5a, 0xac, 0x5f, 0xa1, 0x83, 0x67, 0x70, 0xb7, 0xd8, + 0x23, 0x48, 0x60, 0xa8, 0xd0, 0xaf, 0xee, 0x7a, 0xb8, 0x25, + 0xd7, 0x8f, 0x82, 0x8c, 0xd0, 0x81, 0x7a, 0x49, 0x69, 0xe4, + 0x22, 0x73, 0x29, 0x48, 0xc8, 0x09, 0x72, 0x16, 0xf8, 0x3d, + 0xff, 0x13, 0xac, 0x98, 0x03, 0x76, 0x33, 0xcb, 0x19, 0xb0, + 0x22, 0x5b, 0x1e, 0x16, 0x29, 0xb9, 0xcc, 0xa6, 0x92, 0xd8, + 0xed, 0x93, 0x0f, 0xbd, 0x10, 0x98, 0x53, 0x0a, 0x07, 0x7f, + 0xd6, 0x51, 0x76, 0xda, 0xdc, 0x0c, 0xeb, 0x2a, 0x95, 0xd0, + 0x3e, 0xa6, 0xc4, 0xc6, 0xd8, 0xfb, 0x1b, 0x2a, 0x7f, 0xf1, + 0x08, 0xbe, 0xd3, 0xed, 0x67, 0x63, 0x5f, 0x1d, 0x29, 0xdb, + 0x47, 0x03, 0x4a, 0xf4, 0x6b, 0xb4, 0x46, 0x02, 0x28, 0x4f, + 0x88, 0x9b, 0x46, 0x66, 0x40, 0x56, 0x34, 0x4c, 0xec, 0x8e, + 0x0b, 0x5d, 0x14, 0x94, 0x91, 0xfc, 0xdc, 0x0c, 0xdc, 0x5b, + 0x45, 0x12, 0x7e, 0xa1, 0xe9, 0x75, 0x38, 0xcb, 0xd3, 0x6b, + 0xd7, 0xa4, 0x24, 0x94, 0x78, 0x09, 0x7f, 0x77, 0xc8, 0x6d, + 0xe1, 0x82, 0x1c, 0x1c, 0x91, 0xc6, 0x38, 0x9e, 0x3b, 0x3d, + 0x31, 0xdd, 0x9e, 0x46, 0x58, 0x7a, 0x42, 0x16, 0x6f, 0xfd, + 0x7d, 0x8c, 0xf5, 0xf0, 0x9f, 0x92, 0x6e, 0xbe, 0x47, 0xa6, + 0x1e, 0x8e, 0x82, 0x15, 0x24, 0xc3, 0x1b, 0xb0, 0xd1, 0x68, + 0xf9, 0xd1, 0x7c, 0x60, 0x98, 0x86, 0xd9, 0x53, 0xa2, 0x38, + 0x62, 0xf4, 0x72, 0x71, 0xcb, 0xb9, 0x35, 0xef, 0xb9, 0x49, + 0x3a, 0x73, 0xb2, 0xd7, 0x0f, 0x90, 0xf5, 0x2c, 0x5b, 0xf5, + 0xfd, 0x39, 0x17, 0xf7, 0xe4, 0x69, 0x81, 0x0f, 0x6b, 0xe7, + 0x32, 0xd2, 0xdc, 0x5d, 0x40, 0xbf, 0x41, 0x95, 0x89, 0x81, + 0x29, 0x80, 0x40, 0xa3, 0xac, 0xd2, 0xc7, 0xf7, 0xe8, 0xd0, + 0x45, 0xed, 0x48, 0x43, 0x3a, 0xed, 0x8d, 0xef, 0x37, 0xe1, + 0x24, 0x9a, 0x67, 0x9a, 0x6b, 0x71, 0x4f, 0x9a, 0xb9, 0x2c, + 0x1b, 0x10, 0x48, 0xe2, 0x31, 0x1e, 0xbb, 0xf2, 0x4a, 0xad, + 0x04, 0xc7, 0xd7, 0xf2, 0xe8, 0x83, 0x5f, 0xe8, 0xa2, 0x81, + 0x95, 0xf9, 0x60, 0x51, 0x9c, 0x99, 0x76, 0x69, 0x76, 0x4e, + 0xbd, 0x44, 0x52, 0x36, 0xca, 0xd8, 0x6e, 0xf7, 0x1a, 0xa1, + 0x54, 0xdf, 0x90, 0x52, 0x94, 0xb6, 0x3a, 0xcb, 0x43, 0x56, + 0x11, 0xde, 0xa0, 0xe1, 0x45, 0x8a, 0x80, 0x2d, 0xaf, 0x1f, + 0x24, 0x3f, 0x80, 0x17, 0x1f, 0x28, 0xbb, 0xcc, 0x1a, 0xd2, + 0x2d, 0xa6, 0x9e, 0xe0, 0xdc, 0xf0, 0x98, 0x16, 0x58, 0x88, + 0xc6, 0xf1, 0x81, 0x71, 0x91, 0x8f, 0xa2, 0xab, 0xa5, 0xe6, + 0x68, 0x1f, 0xa5, 0x86, 0xb5, 0xd9, 0x05, 0xba, 0x50, 0x67, + 0x0b, 0x1e, 0xfe, 0x42, 0x50, 0xf8, 0x01, 0xf8, 0x38, 0x92, + 0x57, 0x86, 0x08, 0x47, 0xee, 0x23, 0x11, 0x60, 0x61, 0x1a, + 0x77, 0x3c, 0x1a, 0x8e, 0x08, 0xe3, 0xaf, 0x84, 0x04, 0x75, + 0x15, 0x47, 0x7a, 0x83, 0x8e, 0x92, 0x3e, 0xe8, 0xf0, 0xc2, + 0x81, 0x89, 0x3b, 0x73, 0x81, 0xe5, 0xe8, 0x97, 0x97, 0x63, + 0x64, 0xf3, 0xa9, 0x1b, 0x61, 0x65, 0x7f, 0x0e, 0x47, 0x6b, + 0x14, 0x57, 0x29, 0x8f, 0x91, 0x35, 0x43, 0x10, 0x12, 0x86, + 0x99, 0xec, 0xc8, 0x9e, 0x67, 0x90, 0x20, 0x21, 0x3c, 0x83, + 0xdb, 0x73, 0x4e, 0x8e, 0x7d, 0x86, 0xde, 0xb8, 0xd8, 0xfa, + 0x23, 0x1f, 0x5a, 0xe4, 0xc7, 0x0c, 0x1d, 0x5e, 0xd1, 0x10, + 0x58, 0xd5, 0x86, 0xfa, 0x40, 0x30, 0x0a, 0x78, 0x0a, 0xa5, + 0x56, 0xd5, 0xe6, 0x86, 0xd4, 0x14, 0x77, 0x32, 0xcd, 0x07, + 0xf9, 0xbe, 0x7a, 0xd8, 0xbc, 0x91, 0xe0, 0xda, 0x76, 0x6b, + 0x97, 0x10, 0xda, 0xea, 0x27, 0xa2, 0x67, 0x6d, 0x94, 0x27, + 0x6e, 0xea, 0xca, 0x56, 0x45, 0x32, 0x1d, 0x38, 0x12, 0x21, + 0x33, 0x2c, 0x3c, 0x5c, 0x33, 0xb0, 0x9e, 0x80, 0x0b, 0x4e, + 0xbb, 0x09, 0x5e, 0x56, 0x54, 0xb0, 0x9b, 0x7e, 0xb6, 0x00, + 0xe8, 0x63, 0x19, 0x85, 0xf1, 0x4d, 0x65, 0x9d, 0x1f, 0x8d, + 0x18, 0xcc, 0x63, 0xc6, 0xd9, 0xa6, 0xbc, 0xe7, 0x42, 0x55, + 0x12, 0xdc, 0x8c, 0x26, 0x2d, 0x8d, 0xc2, 0xe9, 0x3b, 0xbc, + 0xed, 0x06, 0x08, 0x31, 0xb0, 0xe0, 0x99, 0xe2, 0x86, 0x81, + 0x88, 0x4a, 0xac, 0x1f, 0x4a, 0xb2, 0x1e, 0x1e, 0x4c, 0xb2, + 0x9f, 0x27, 0xa0, 0xd9, 0x8a, 0x7e, 0xe7, 0xa3, 0xad, 0xeb, + 0x2c, 0xfd, 0x14, 0xc6, 0x4b, 0x26, 0xce, 0x38, 0xb9, 0x01, + 0x9e, 0xde, 0xc8, 0x7b, 0x82, 0x2f, 0xaa, 0x72, 0x80, 0xbe, + 0x3a, 0x35, 0x95, 0xc8, 0xf3, 0x7c, 0x36, 0x68, 0x02, 0xdc, + 0xa2, 0xda, 0xef, 0xd7, 0xf1, 0x3e, 0x81, 0xb3, 0x5d, 0x2f, + 0xcf, 0x7e, 0xe6, 0x9c, 0xa0, 0x32, 0x29, 0x8b, 0x52, 0x24, + 0xbd, 0x0d, 0x36, 0xdc, 0x1d, 0xcc, 0x6a, 0x0a, 0x74, 0x52, + 0x1b, 0x68, 0x4d, 0x15, 0x05, 0x47, 0xe1, 0x2f, 0x97, 0x45, + 0x52, 0x17, 0x4b, 0x2a, 0x3b, 0x74, 0xc5, 0x20, 0x35, 0x5c, + 0x37, 0xae, 0xe6, 0xa7, 0x24, 0x0f, 0x34, 0x70, 0xea, 0x7c, + 0x03, 0xa3, 0xde, 0x2d, 0x22, 0x55, 0x88, 0x01, 0x45, 0xf2, + 0x5f, 0x1f, 0xaf, 0x3b, 0xb1, 0xa6, 0x5d, 0xcd, 0x93, 0xfb, + 0xf8, 0x2f, 0x87, 0xcc, 0x26, 0xc5, 0x36, 0xde, 0x06, 0x9b, + 0xe9, 0xa7, 0x66, 0x7e, 0x8c, 0xcd, 0x99, 0x6b, 0x51, 0x1c, + 0xb0, 0xa0, 0xfa, 0xc7, 0x46, 0xfe, 0x65, 0xe4, 0x80, 0x5b, + 0x5f, 0x24, 0x3b, 0xa4, 0xe6, 0x81, 0x31, 0xe5, 0x87, 0x2c, + 0xa4, 0x83, 0xaf, 0x8b, 0x9f, 0x89, 0xb4, 0x3c, 0x7a, 0xbe, + 0x4c, 0xb3, 0xbf, 0x3d, 0xec, 0x78, 0xb0, 0x8a, 0xdd, 0xc8, + 0x43, 0x8c, 0x45, 0xa1, 0xa3, 0x3a, 0x82, 0x7d, 0x06, 0xdf, + 0x20, 0x27, 0x9b, 0x4e, 0x09, 0x90, 0x6a, 0x23, 0xbf, 0x1b, + 0x04, 0x1d, 0x50, 0xe2, 0xb4, 0xff, 0xe0, 0xd0, 0x9b, 0x40, + 0x2b, 0xc0, 0x52, 0xc1, 0x39, 0x29, 0x60, 0x83, 0x06, 0x9b, + 0x48, 0xb8, 0xa7, 0xe1, 0x2b, 0xfb, 0xf0, 0x2b, 0x82, 0xf1, + 0xda, 0xc9, 0x30, 0x47, 0x3f, 0xf5, 0xf9, 0xf7, 0x6c, 0xf0, + 0x0f, 0xe7, 0xb1, 0x4d, 0x46, 0x49, 0xf8, 0xb3, 0xe1, 0xfe, + 0x85, 0x61, 0xcc, 0xf7, 0xfa, 0xd2, 0xf1, 0xbc, 0xf0, 0x7f, + 0x3b, 0xe6, 0x45, 0xa2, 0x1b, 0x55, 0xf6, 0x0c, 0x02, 0x95, + 0xdc, 0x78, 0x94, 0xa0, 0xc4, 0x6a, 0x21, 0x7e, 0xa8, 0x5f, + 0xbd, 0xc3, 0xb3, 0x4d, 0x9b, 0x30, 0x31, 0x1d, 0x5b, 0x8b, + 0x45, 0x3c, 0x18, 0xe9, 0x61, 0xe8, 0x76, 0x3e, 0x91, 0xd2, + 0xfd, 0x1a, 0xd7, 0x30, 0x4d, 0xfe, 0xef, 0x7f, 0xc0, 0x7e, + 0x45, 0x43, 0xe9, 0xf9, 0x23, 0xfe, 0xd8, 0xef, 0xbc, 0xd6, + 0x99, 0x79, 0x54, 0xed, 0x7a, 0x8b, 0x39, 0xa6, 0xe7, 0x9d, + 0x3f, 0x9f, 0x35, 0xe1, 0xe4, 0xd5, 0x26, 0x31, 0x3a, 0x44, + 0x03, 0x79, 0xde, 0xdc, 0x29, 0x1e, 0x8e, 0x26, 0x41, 0xc6, + 0x60, 0xaa, 0xfd, 0xe1, 0x5e, 0xa6, 0xc0, 0x2f, 0x90, 0x1e, + 0x3b, 0xc1, 0xe6, 0xf6, 0xde, 0x60, 0x87, 0x57, 0x51, 0x11, + 0x6a, 0x8e, 0x9d, 0x70, 0x9d, 0x6d, 0x36, 0x21, 0x05, 0x55, + 0xc1, 0x56, 0x9b, 0xc9, 0x91, 0x50, 0x3e, 0xb4, 0xbd, 0x19, + 0x53, 0x44, 0x99, 0xc7, 0xb8, 0xce, 0xce, 0x86, 0x06, 0x5d, + 0x99, 0x85, 0x33, 0xd4, 0x16, 0x21, 0x4a, 0xe9, 0x7e, 0x2e, + 0xcc, 0x7e, 0x3f, 0xc1, 0x47, 0x3b, 0x32, 0xd0, 0x57, 0x1c, + 0xc2, 0x26, 0x67, 0xf0, 0xd9, 0xc4, 0x9e, 0xbb, 0x65, 0xa4, + 0xf7, 0xf7, 0x8d, 0x7d, 0x08, 0xd4, 0x9c, 0x1e, 0x0f, 0xb9, + 0xff, 0x24, 0x2f, 0xaf, 0xfa, 0x24, 0x26, 0xb7, 0xb1, 0x78, + 0xc1, 0xd1, 0xfe, 0x85, 0x55, 0xa0, 0x86, 0x77, 0xf6, 0xc2, + 0xe0, 0x12, 0xe4, 0x45, 0x85, 0xd0, 0xe7, 0x68, 0xf0, 0x31, + 0x4c, 0x9c, 0xb0, 0x5f, 0x89, 0xca, 0xfe, 0xc2, 0xf0, 0x1e, + 0xeb, 0xee, 0x75, 0x64, 0xea, 0x09, 0xd4, 0x1c, 0x72, 0x12, + 0xd4, 0x31, 0xf0, 0x89, 0x71, 0x74, 0x6e, 0x01, 0x32, 0xca, + 0x8a, 0x91, 0x0c, 0xdf, 0xd7, 0x05, 0xe9, 0x35, 0xed, 0x06, + 0x1a, 0x17, 0x5a, 0xf3, 0x65, 0xc5, 0xbd, 0x37, 0xf2, 0x53, + 0x49, 0x2f, 0xcd, 0xc6, 0x15, 0xb3, 0x36, 0x88, 0xd8, 0x7a, + 0x2f, 0xfa, 0x21, 0x7f, 0x55, 0x20, 0xc6, 0xf4, 0x23, 0x59, + 0x6b, 0x3c, 0xeb, 0xe5, 0xd3, 0x78, 0xdc, 0x31, 0xeb, 0x87, + 0x86, 0x3d, 0x7c, 0x10, 0x64, 0x66, 0xa4, 0xad, 0x07, 0xe1, + 0x93, 0x15, 0x07, 0x4c, 0xe4, 0xb4, 0x4a, 0x06, 0xca, 0x2a, + 0x50, 0xa2, 0x85, 0xc6, 0xa1, 0x19, 0x89, 0x7f, 0x8a, 0x05, + 0x00, 0x23, 0x72, 0x5f, 0x89, 0x74, 0x8e, 0x22, 0xa1, 0x5d, + 0x26, 0xf9, 0xfe, 0xdf, 0x6d, 0x98, 0x3a, 0xc4, 0x7c, 0x93, + 0xcf, 0xc4, 0xfe, 0xed, 0x98, 0xb0, 0x31, 0x4c, 0x81, 0x83, + 0x0d, 0x5d, 0x3d, 0x0c, 0x27, 0x4e, 0xca, 0xcf, 0x38, 0x0c, + 0x37, 0xb0, 0xf8, 0xc5, 0xc8, 0x52, 0x14, 0xec, 0x53, 0x80, + 0xb9, 0xd8, 0x8a, 0x05, 0x4e, 0x31, 0x3d, 0x67, 0x57, 0xf0, + 0x7a, 0xa2, 0xc5, 0xc9, 0x02, 0x25, 0x69, 0x83, 0xb9, 0x3e, + 0x1b, 0x04, 0xbf, 0xb2, 0xe6, 0x97, 0x7a, 0x6b, 0x8e, 0x37, + 0x77, 0x2e, 0x16, 0x8b, 0x33, 0xe1, 0xea, 0x2b, 0x30, 0x01, + 0x6e, 0xa0, 0x28, 0x14, 0x17, 0xe9, 0x98, 0xa8, 0x89, 0x72, + 0x68, 0x64, 0x81, 0x60, 0xa8, 0xf7, 0x72, 0xdf, 0x1a, 0xae, + 0xf5, 0xf0, 0x9f, 0x69, 0x35, 0xbc, 0x58, 0x27, 0x38, 0xd6, + 0x7f, 0x7a, 0xd4, 0xc4, 0xf1, 0xcf, 0xee, 0x59, 0x49, 0x31, + 0xda, 0xc1, 0x08, 0x46, 0x65, 0x68, 0xe9, 0x44, 0x18, 0x2b, + 0xf2, 0x2a, 0x13, 0x60, 0x07, 0xae, 0xe4, 0x96, 0xdb, 0x0a, + 0x6f, 0x52, 0x23, 0x9a, 0xcf, 0x9d, 0xa4, 0xc5, 0xc1, 0x74, + 0xa8, 0x0e, 0xe1, 0x5e, 0xfa, 0xa4, 0x06, 0x9c, 0x2e, 0x70, + 0x08, 0x22, 0x25, 0x4f, 0xc1, 0xf1, 0x13, 0x5a, 0x66, 0xa0, + 0x6c, 0x59, 0xa3, 0xfc, 0x03, 0x9c, 0x8a, 0x23, 0x01, 0x00, + 0xa9, 0x49, 0xf0, 0x22, 0xa3, 0x8f, 0x6c, 0xef, 0xcb, 0x69, + 0x06, 0x3a, 0x69, 0x99, 0x96, 0xd2, 0xa7, 0xa0, 0x0b, 0x7e, + 0x44, 0x7d, 0x04, 0xff, 0x7e, 0x9e, 0x1e, 0x77, 0xa0, 0x30, + 0xd1, 0xdf, 0x18, 0xe4, 0xd8, 0xa5, 0x64, 0xbe, 0x8c, 0x80, + 0x28, 0xe2, 0x98, 0x5e, 0xec, 0x9e, 0xb1, 0x0a, 0xb5, 0x25, + 0xaa, 0xb8, 0x0f, 0x78, 0x30, 0x48, 0x06, 0xe5, 0x76, 0xf9, + 0x24, 0x96, 0x87, 0x2a, 0x91, 0x89, 0xb6, 0xce, 0x04, 0xdf, + 0xfc, 0x13, 0x42, 0x19, 0xba, 0x14, 0x46, 0x20, 0x08, 0x47, + 0xe1, 0x82, 0x57, 0x51, 0x74, 0x3b, 0x5b, 0x23, 0x5c, 0xb2, + 0x85, 0x8c, 0xed, 0xe6, 0xda, 0x4d, 0x56, 0xe8, 0x61, 0x31, + 0xec, 0x97, 0x27, 0xeb, 0xf2, 0xa7, 0x7c, 0x13, 0x1b, 0xc5, + 0x44, 0xfe, 0x63, 0x4b, 0x2b, 0x33, 0x22, 0x23, 0x60, 0x86, + 0x7c, 0x3b, 0x57, 0xba, 0x16, 0xde, 0x47, 0x04, 0x3e, 0x2b, + 0xe5, 0xbd, 0x23, 0xa0, 0xab, 0xdf, 0x5d, 0x6e, 0x20, 0xb1, + 0x37, 0x44, 0xcb, 0xbd, 0x03, 0xa9, 0x5c, 0xe6, 0x92, 0x5e, + 0x2f, 0x6f, 0x95, 0xc6, 0x5b, 0x6d, 0xab, 0x39, 0xdd, 0x1e, + 0x34, 0xd5, 0x21, 0xca, 0x92, 0xee, 0x59, 0xf0, 0xb9, 0x65, + 0xe6, 0x81, 0x49, 0xf8, 0x11, 0xec, 0x45, 0x14, 0x6a, 0x19, + 0xb4, 0xce, 0xbf, 0x9e, 0xf7, 0x32, 0x8d, 0x99, 0x78, 0xc3, + 0x07, 0x3d, 0xfd, 0x18, 0x2d, 0x0e, 0x06, 0x2f, 0x27, 0x24, + 0x6f, 0x16, 0xd8, 0x01, 0x33, 0xc8, 0xbb, 0x7f, 0x7d, 0xfa, + 0x73, 0xf6, 0x7d, 0x54, 0xf2, 0xd4, 0x8a, 0x53, 0xe1, 0x62, + 0x45, 0xf4, 0x01, 0xa6, 0x31, 0x6b, 0x3a, 0x06, 0x56, 0xfd, + 0x79, 0x7f, 0x58, 0xd8, 0x47, 0x33, 0x53, 0xc5, 0x78, 0x70, + 0xce, 0x81, 0x7f, 0x66, 0xa1, 0x58, 0x7c, 0x5a, 0xdb, 0x4a, + 0xad, 0x29, 0xff, 0x93, 0x75, 0x95, 0x35, 0xa9, 0xd2, 0xb1, + 0xeb, 0xa0, 0x4f, 0x10, 0x0a, 0xc9, 0x38, 0x69, 0xc8, 0x8d, + 0x57, 0xef, 0x99, 0x0f, 0xa5, 0x69, 0x86, 0xa6, 0xfb, 0x2b, + 0x37, 0xe4, 0xc7, 0xab, 0x3e, 0xcd, 0x8f, 0x3f, 0x93, 0x8c, + 0x0b, 0xc4, 0x4d, 0x16, 0xe0, 0xb0, 0x94, 0x5a, 0x0d, 0x17, + 0xaf, 0x6e, 0x4b, 0x2e, 0x18, 0x29, 0x0e, 0xe0, 0xf5, 0x72, + 0x1a, 0x21, 0x37, 0xef, 0x7d, 0x6a, 0x39, 0xe9, 0xa8, 0xd7, + 0x96, 0xd6, 0xb3, 0x7d, 0x83, 0x0c, 0x13, 0x30, 0x49, 0x03, + 0xe8, 0x6b, 0xe6, 0x77, 0xe8, 0x69, 0x48, 0x56, 0x5f, 0x39, + 0x63, 0xbc, 0x86, 0xa8, 0x26, 0xa1, 0xbd, 0x4b, 0x24, 0xbd, + 0xdd, 0xe8, 0x02, 0x64, 0xcb, 0xae, 0x24, 0x17, 0x62, 0xbd, + 0x27, 0xa7, 0x22, 0x60, 0x51, 0x0c, 0x53, 0xff, 0x9d, 0x63, + 0x1b, 0xf9, 0xff, 0x76, 0x3b, 0x74, 0x05, 0x98, 0x46, 0x0b, + 0xe8, 0xcb, 0xd4, 0x0a, 0xcd, 0x91, 0xdb, 0x5b, 0x21, 0x4d, + 0xa1, 0x87, 0xbd, 0xb7, 0x58, 0xec, 0x28, 0x00, 0x92, 0xc2, + 0x98, 0xe4, 0x8c, 0x1f, 0x9d, 0xa4, 0x80, 0x83, 0x40, 0xb9, + 0x63, 0xfe, 0xc9, 0x18, 0x3f, 0xd6, 0xab, 0x34, 0x00, 0x2c, + 0x53, 0x40, 0x38, 0x0e, 0xb1, 0x69, 0xa8, 0xb8, 0xa9, 0x2e, + 0x9b, 0x7b, 0x89, 0x8d, 0xff, 0x86, 0x01, 0x51, 0x42, 0xde, + 0x04, 0xd6, 0x1d, 0xd1, 0x29, 0x8d, 0x42, 0x46, 0x5f, 0xd6, + 0x02, 0xde, 0x73, 0xee, 0x2d, 0xe9, 0x6e, 0xb0, 0x3f, 0xf0, + 0x47, 0x72, 0xfe, 0x45, 0xff, 0x05, 0x82, 0x2d, 0xc6, 0x4f, + 0xc9, 0xd3, 0xec, 0xf9, 0x5a, 0x22, 0x50, 0x6c, 0x4f, 0x1e, + 0xc8, 0x5f, 0xfc, 0x2c, 0x04, 0x4f, 0xdf, 0xce, 0xe4, 0x18, + 0xd2, 0xd7, 0x8b, 0x67, 0x83, 0x39, 0x96, 0x47, 0x5e, 0x5b, + 0xad, 0x7f, 0x5d, 0x42, 0x56, 0x97, 0x71, 0x39, 0x28, 0x44, + 0x9d, 0x35, 0xde, 0xde, 0x03, 0x20, 0x34, 0x44, 0xdb, 0xdf, + 0xfc, 0xff, 0x1e, 0x3d, 0x58, 0x5f, 0x7a, 0x8e, 0x90, 0xa1, + 0xd3, 0xeb, 0x0c, 0x23, 0x3f, 0x4e, 0x61, 0x77, 0x79, 0xb2, + 0xdc, 0xfb, 0x21, 0x46, 0x5c, 0x82, 0xb6, 0xf6, 0x34, 0x3c, + 0x3f, 0x45, 0x4b, 0x80, 0x9e, 0xa4, 0xe6, 0x02, 0x13, 0x38, + 0x40, 0x7e, 0x87, 0x92, 0x96, 0x51, 0x63, 0x87, 0xae, 0xc8, + 0x02, 0x6a, 0x70, 0xc8, 0xcd, 0xd0, 0xe2, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, + 0x12, 0x1c, 0x22, 0x2b, 0x33, 0x38, 0x3f, +}; +static const int sizeof_bench_dilithium_level5_sig = + sizeof(bench_dilithium_level5_sig); +#endif + +#endif /* !WOLFSSL_DILITHIUM_NO_VERIFY */ + + +void bench_dilithiumKeySign(byte level) +{ + int ret = 0; + double start; + int i, count; +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + word32 x = 0; +#endif + +#define DILITHIUM_BENCH_MSG_SIZE 512 +#ifdef WOLFSSL_SMALL_STACK + dilithium_key *key = NULL; + #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + byte *sig = NULL; + byte *msg = NULL; + #endif +#else + dilithium_key key[1]; + #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + byte sig[DILITHIUM_MAX_SIG_SIZE]; + byte msg[DILITHIUM_BENCH_MSG_SIZE]; + #endif +#endif + + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() + byte params = 0; + + bench_stats_prepare(); + +#ifdef WOLFSSL_SMALL_STACK + key = (dilithium_key *)XMALLOC(sizeof(*key), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + sig = (byte *)XMALLOC(DILITHIUM_MAX_SIG_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + msg = (byte *)XMALLOC(DILITHIUM_BENCH_MSG_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + #endif + + if (key == NULL) { + #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + sig = NULL; + XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + msg = NULL; + #endif + goto out; + } + #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + if ((sig == NULL) || (msg == NULL)) { + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + key = NULL; + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + sig = NULL; + XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + msg = NULL; + goto out; + } + #endif +#endif /* WOLFSSL_SMALL_STACK */ + + if (level == 2) { + params = 44; + } + else if (level == 3) { + params = 65; + } + else if (level == 5) { + params = 87; + } + +#if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + /* make dummy msg */ + for (i = 0; i < DILITHIUM_BENCH_MSG_SIZE; i++) { + msg[i] = (byte)i; + } +#endif + + ret = wc_dilithium_init(key); + if (ret != 0) { + printf("wc_dilithium_init failed %d\n", ret); + goto out; + } + + ret = wc_dilithium_set_level(key, level); + if (ret != 0) { + printf("wc_dilithium_set_level() failed %d\n", ret); + } + +#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY + bench_stats_start(&count, &start); + do { + for (i = 0; i < agreeTimes; i++) { + ret = wc_dilithium_make_key(key, GLOBAL_RNG); + if (ret != 0) { + printf("wc_dilithium_import_private_key failed %d\n", ret); + goto out; + } + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + if (ret == 0) { + bench_stats_asym_finish("ML-DSA", params, desc[2], 0, count, + start, ret); + #ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); + #endif + } + +#elif !defined WOLFSSL_DILITHIUM_NO_SIGN + +#ifndef WOLFSSL_NO_ML_DSA_44 + if (level == 2) { + ret = wc_dilithium_import_private(bench_dilithium_level2_key, + sizeof_bench_dilithium_level2_key, key); + } +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + if (level == 3) { + ret = wc_dilithium_import_private(bench_dilithium_level3_key, + sizeof_bench_dilithium_level3_key, key); + } +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + if (level == 5) { + ret = wc_dilithium_import_private(bench_dilithium_level5_key, + sizeof_bench_dilithium_level5_key, key); + } +#endif + if (ret != 0) { + printf("Failed to load private key\n"); + goto out; + } + +#endif + +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + if (level == 2) { + x = DILITHIUM_LEVEL2_SIG_SIZE; + } + else if (level == 3) { + x = DILITHIUM_LEVEL3_SIG_SIZE; + } + else { + x = DILITHIUM_LEVEL5_SIG_SIZE; + } + + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < agreeTimes; i++) { + if (ret == 0) { + ret = wc_dilithium_sign_msg(msg, DILITHIUM_BENCH_MSG_SIZE, sig, &x, key, + GLOBAL_RNG); + if (ret != 0) { + printf("wc_dilithium_sign_msg failed\n"); + } + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + if (ret == 0) { + bench_stats_asym_finish("ML-DSA", params, desc[4], 0, count, start, + ret); + #ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); + #endif + } + +#endif + +#if !defined(WOLFSSL_DILITHIUM_NO_VERIFY) && \ + (defined(WOLFSSL_DILITHIUM_NO_SIGN) || \ + defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY)) + +#ifndef WOLFSSL_NO_ML_DSA_44 + if (level == 2) { + #ifdef WOLFSSL_DILITHIUM_NO_SIGN + x = sizeof_bench_dilithium_level2_sig; + XMEMCPY(sig, bench_dilithium_level2_sig, x); + #endif + ret = wc_dilithium_import_public(bench_dilithium_level2_pubkey, + sizeof_bench_dilithium_level2_pubkey, key); + } +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 + if (level == 3) { + #ifdef WOLFSSL_DILITHIUM_NO_SIGN + x = sizeof_bench_dilithium_level3_sig; + XMEMCPY(sig, bench_dilithium_level3_sig, x); + #endif + ret = wc_dilithium_import_public(bench_dilithium_level3_pubkey, + sizeof_bench_dilithium_level3_pubkey, key); + } +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 + if (level == 5) { + #ifdef WOLFSSL_DILITHIUM_NO_SIGN + x = sizeof_bench_dilithium_level5_sig; + XMEMCPY(sig, bench_dilithium_level5_sig, x); + #endif + ret = wc_dilithium_import_public(bench_dilithium_level5_pubkey, + sizeof_bench_dilithium_level5_pubkey, key); + } +#endif + if (ret != 0) { + printf("Failed to load public key\n"); + goto out; + } + +#endif + +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < agreeTimes; i++) { + if (ret == 0) { + int verify = 0; + ret = wc_dilithium_verify_msg(sig, x, msg, DILITHIUM_BENCH_MSG_SIZE, + &verify, key); + + if (ret != 0 || verify != 1) { + printf("wc_dilithium_verify_msg failed %d, verify %d\n", + ret, verify); + ret = -1; + } + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + if (ret == 0) { + bench_stats_asym_finish("ML-DSA", params, desc[5], 0, count, start, + ret); + #ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); + #endif + } +#endif + +out: + +#ifdef WOLFSSL_SMALL_STACK + if (key) +#endif + { + wc_dilithium_free(key); + } + +#ifdef WOLFSSL_SMALL_STACK + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #if !defined(WOLFSSL_DILITHIUM_NO_SIGN) || !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif +#endif +} +#endif /* HAVE_DILITHIUM */ + +#ifdef HAVE_SPHINCS +void bench_sphincsKeySign(byte level, byte optim) +{ + int ret = 0; + sphincs_key key; + double start; + int i, count; + byte sig[SPHINCS_MAX_SIG_SIZE]; + byte msg[512]; + word32 x = 0; + const char**desc = bench_desc_words[lng_index]; + DECLARE_MULTI_VALUE_STATS_VARS() + + bench_stats_prepare(); + + ret = wc_sphincs_init(&key); + if (ret != 0) { + printf("wc_sphincs_init failed %d\n", ret); + return; + } + + ret = wc_sphincs_set_level_and_optim(&key, level, optim); + if (ret != 0) { + printf("wc_sphincs_set_level_and_optim() failed %d\n", ret); + } + + if (ret == 0) { + ret = -1; + if ((level == 1) && (optim == FAST_VARIANT)) { + ret = wc_sphincs_import_private_key(bench_sphincs_fast_level1_key, + sizeof_bench_sphincs_fast_level1_key, NULL, 0, &key); + } + else if ((level == 3) && (optim == FAST_VARIANT)) { + ret = wc_sphincs_import_private_key(bench_sphincs_fast_level3_key, + sizeof_bench_sphincs_fast_level3_key, NULL, 0, &key); + } + else if ((level == 5) && (optim == FAST_VARIANT)) { + ret = wc_sphincs_import_private_key(bench_sphincs_fast_level5_key, + sizeof_bench_sphincs_fast_level5_key, NULL, 0, &key); + } + else if ((level == 1) && (optim == SMALL_VARIANT)) { + ret = wc_sphincs_import_private_key( + bench_sphincs_small_level1_key, + sizeof_bench_sphincs_small_level1_key, NULL, 0, &key); + } + else if ((level == 3) && (optim == SMALL_VARIANT)) { + ret = wc_sphincs_import_private_key( + bench_sphincs_small_level3_key, + sizeof_bench_sphincs_small_level3_key, NULL, 0, &key); + } + else if ((level == 5) && (optim == SMALL_VARIANT)) { + ret = wc_sphincs_import_private_key( + bench_sphincs_small_level5_key, + sizeof_bench_sphincs_small_level5_key, NULL, 0, &key); + } + + if (ret != 0) { + printf("wc_sphincs_import_private_key failed %d\n", ret); + } + } + + /* make dummy msg */ + for (i = 0; i < (int)sizeof(msg); i++) { + msg[i] = (byte)i; + } + + bench_stats_start(&count, &start); + do { + for (i = 0; i < agreeTimes; i++) { + if (ret == 0) { + if ((level == 1) && (optim == FAST_VARIANT)) { + x = SPHINCS_FAST_LEVEL1_SIG_SIZE; + } + else if ((level == 3) && (optim == FAST_VARIANT)) { + x = SPHINCS_FAST_LEVEL3_SIG_SIZE; + } + else if ((level == 5) && (optim == FAST_VARIANT)) { + x = SPHINCS_FAST_LEVEL5_SIG_SIZE; + } + else if ((level == 1) && (optim == SMALL_VARIANT)) { + x = SPHINCS_SMALL_LEVEL1_SIG_SIZE; + } + else if ((level == 3) && (optim == SMALL_VARIANT)) { + x = SPHINCS_SMALL_LEVEL3_SIG_SIZE; + } + else if ((level == 5) && (optim == SMALL_VARIANT)) { + x = SPHINCS_SMALL_LEVEL5_SIG_SIZE; + } + + ret = wc_sphincs_sign_msg(msg, sizeof(msg), sig, &x, &key, GLOBAL_RNG); + if (ret != 0) { + printf("wc_sphincs_sign_msg failed\n"); + } + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + if (ret == 0) { + if (optim == FAST_VARIANT) { + bench_stats_asym_finish("SPHINCS-FAST", level, desc[4], 0, count, + start, ret); + } + else { + bench_stats_asym_finish("SPHINCS-SMALL", level, desc[4], 0, count, + start, ret); + } + #ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); + #endif + } + + RESET_MULTI_VALUE_STATS_VARS(); + + bench_stats_start(&count, &start); + do { + for (i = 0; i < agreeTimes; i++) { + if (ret == 0) { + int verify = 0; + ret = wc_sphincs_verify_msg(sig, x, msg, sizeof(msg), &verify, + &key); + + if (ret != 0 || verify != 1) { + printf("wc_sphincs_verify_msg failed %d, verify %d\n", + ret, verify); + ret = -1; + } + } + RECORD_MULTI_VALUE_STATS(); + } + count += i; + } while (bench_stats_check(start) +#ifdef MULTI_VALUE_STATISTICS + || runs < minimum_runs +#endif + ); + + if (ret == 0) { + if (optim == FAST_VARIANT) { + bench_stats_asym_finish("SPHINCS-FAST", level, desc[5], 0, count, + start, ret); + } + else { + bench_stats_asym_finish("SPHINCS-SMALL", level, desc[5], 0, count, + start, ret); + } + #ifdef MULTI_VALUE_STATISTICS + bench_multi_value_stats(max, min, sum, squareSum, runs); + #endif + } + + wc_sphincs_free(&key); +} +#endif /* HAVE_SPHINCS */ + +#if defined(_WIN32) && !defined(INTIME_RTOS) + + #define WIN32_LEAN_AND_MEAN + #define _WINSOCKAPI_ /* block inclusion of winsock.h header file */ + #include + #undef _WINSOCKAPI_ /* undefine it for MINGW winsock2.h header file */ + + double current_time(int reset) + { + static int init = 0; + static LARGE_INTEGER freq; + + LARGE_INTEGER count; + + (void)reset; + + if (!init) { + QueryPerformanceFrequency(&freq); + init = 1; + } + + QueryPerformanceCounter(&count); + +#ifdef BENCH_MICROSECOND + return ((double)count.QuadPart * 1000000) / freq.QuadPart; +#else + return (double)count.QuadPart / freq.QuadPart; +#endif + } + +#elif defined MICROCHIP_PIC32 + #if defined(WOLFSSL_MICROCHIP_PIC32MZ) + #define CLOCK 80000000.0 + #else + #define CLOCK 40000000.0 + #endif + extern void WriteCoreTimer(word32 t); + extern word32 ReadCoreTimer(void); + double current_time(int reset) + { + unsigned int ns; + + if (reset) { + WriteCoreTimer(0); + } + + /* get timer in ns */ + ns = ReadCoreTimer(); + + /* return seconds as a double */ + return ( ns / CLOCK * 2.0); + } + +#elif defined(WOLFSSL_IAR_ARM_TIME) || defined (WOLFSSL_MDK_ARM) || \ + defined(WOLFSSL_USER_CURRTIME) || defined(WOLFSSL_CURRTIME_REMAP) + /* declared above at line 239 */ + /* extern double current_time(int reset); */ + +#elif defined(FREERTOS) + + #ifdef PLATFORMIO + #include + #include + #else + #include "task.h" + #endif + +#if defined(WOLFSSL_ESPIDF) + /* prototype definition */ + int construct_argv(); + extern char* __argv[22]; + + /* current_time(reset) + * + * Benchmark passage of time, in fractional seconds. + * [reset] is non zero to adjust timer or counter to zero + * + * Use care when repeatedly calling calling. See implementation. */ + double current_time(int reset) + { + double ret; + #if ESP_IDF_VERSION_MAJOR >= 4 + TickType_t tickCount; /* typically 32 bit, local FreeRTOS ticks */ + #else + portTickType tickCount; + #endif + + #if defined(__XTENSA__) + (void)reset; + + if (reset) { + /* TODO: Determine a mechanism for reset that does not interfere + * with freeRTOS tick. Using this code for Xtensa appears to cause + * RTOS tick timer to stick. See "last_tickCount unchanged". + ESP_LOGW(TAG, "Current_time() reset!"); + portTICK_TYPE_ENTER_CRITICAL(); + { + esp_cpu_set_cycle_count((esp_cpu_cycle_count_t)0); + _esp_cpu_count_last = xthal_get_ccount(); + _esp_cpu_count_last = esp_cpu_get_cycle_count(); + } + portTICK_TYPE_EXIT_CRITICAL(); + */ + } + #else + /* Only reset the CPU counter for RISC-V */ + if (reset) { + ESP_LOGV(TAG, "current_time() reset!"); + /* TODO: why does Espressif esp_cpu_get_cycle_count() cause + * unexpected rollovers in return values for Xtensa but not RISC-V? + * See also esp_get_cycle_count_ex() */ + #ifdef __XTENSA__ + _esp_cpu_count_last = xthal_get_ccount(); + #else + #if ESP_IDF_VERSION_MAJOR >= 5 + esp_cpu_set_cycle_count((esp_cpu_cycle_count_t)0); + _esp_cpu_count_last = esp_cpu_get_cycle_count(); + #else + cpu_hal_set_cycle_count((uint32_t)0); + _esp_cpu_count_last = cpu_hal_get_cycle_count(); + #endif + #endif + } + #endif + + /* tick count == ms, if configTICK_RATE_HZ is set to 1000 */ + tickCount = xTaskGetTickCount(); /* RTOS ticks, not CPU cycles! + The count of ticks since vTaskStartScheduler was called, + typiclly in app_startup.c */ + + #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING + ESP_LOGV(TAG, "tickCount = " TFMT, tickCount); + if (tickCount == last_tickCount) { + ESP_LOGW(TAG, "last_tickCount unchanged?" TFMT, tickCount); + + } + if (tickCount < last_tickCount) { + ESP_LOGW(TAG, "last_tickCount overflow?"); + } + #endif + + if (reset) { + #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING + ESP_LOGW(TAG, "Assign last_tickCount = " TFMT, tickCount); + #endif + last_tickCount = tickCount; + } + else { + #ifdef DEBUG_WOLFSSL_BENCHMARK_TIMING + ESP_LOGV(TAG, "No Reset last_tickCount = " TFMT, tickCount); + #endif + } + + #if defined(configTICK_RATE_HZ) && defined(CONFIG_FREERTOS_HZ) + ret = (double)tickCount / configTICK_RATE_HZ; + #else + ESP_LOGW(TAG, "Warning: configTICK_RATE_HZ not defined," + "assuming 1000 Hz."); + ret = (double)(tickCount / 1000.0); + #endif /* configTICK_RATE_HZ */ + + return ret; + + } /* current_time */ +#else + /* current_time(reset) + * + * Benchmark passage of time, in fractional seconds. + * [reset] is non zero to adjust timer or counter to zero + * + * Use care when repeatedly calling calling. See implementation. */ + double current_time(int reset) + { + portTickType tickCount = xTaskGetTickCount(); + (void)reset; + /* if configTICK_RATE_HZ is available use if (default is 1000) */ + #ifdef configTICK_RATE_HZ + return (double)tickCount / configTICK_RATE_HZ; + #else + return (double)tickCount / 1000; + #endif + } +#endif + + +#elif defined (WOLFSSL_TIRTOS) + + extern double current_time(int reset); + +#elif defined(FREESCALE_MQX) + + double current_time(int reset) + { + TIME_STRUCT tv; + _time_get(&tv); + + return (double)tv.SECONDS + (double)tv.MILLISECONDS / 1000; + } + +#elif (defined(WOLFSSL_MAX3266X_OLD) || defined(WOLFSSL_MAX3266X)) \ + && defined(MAX3266X_RTC) + + double current_time(int reset) + { + (void)reset; + return wc_MXC_RTC_Time(); + } + +#elif defined(FREESCALE_KSDK_BM) + + double current_time(int reset) + { + return (double)OSA_TimeGetMsec() / 1000; + } + +#elif defined(WOLFSSL_CMSIS_RTOS) || defined(WOLFSSL_CMSIS_RTOSv2) + + double current_time(int reset) + { + (void)reset; + return (double)osKernelGetTickCount() / 1000.0; + } + +#elif defined(WOLFSSL_EMBOS) + + #include "RTOS.h" + + double current_time(int reset) + { + double time_now; + double current_s = OS_GetTime() / 1000.0; + double current_us = OS_GetTime_us() / MILLION_VALUE; + time_now = (double)( current_s + current_us); + + (void) reset; + + return time_now; + } +#elif defined(WOLFSSL_SGX) + double current_time(int reset); + +#elif defined(WOLFSSL_DEOS) + double current_time(int reset) + { + const uint32_t systemTickTimeInHz + = 1000000 / systemTickInMicroseconds(); + + const volatile uint32_t *systemTickPtr = systemTickPointer(); + + (void)reset; + + return (double) *systemTickPtr/systemTickTimeInHz; + } + +#elif defined(MICRIUM) + double current_time(int reset) + { + +#if (OS_VERSION < 50000) + CPU_ERR err; + (void)reset; + return (double) CPU_TS_Get32()/CPU_TS_TmrFreqGet(&err); +#else + RTOS_ERR err; + double ret = 0; + OS_TICK tick = OSTimeGet(&err); + OS_RATE_HZ rate = OSTimeTickRateHzGet(&err); + (void)reset; + + if (RTOS_ERR_CODE_GET(err) == RTOS_ERR_NONE) { + ret = ((double)tick)/rate; + } + return ret; +#endif + } +#elif defined(WOLFSSL_ZEPHYR) + + #include + + double current_time(int reset) + { + int64_t t; + (void)reset; + #if defined(CONFIG_ARCH_POSIX) + k_cpu_idle(); + #endif + t = k_uptime_get(); /* returns current uptime in milliseconds */ + return (double)(t / 1000); + } + +#elif defined(WOLFSSL_NETBURNER) + #include + #include + #include + + double current_time(int reset) + { + DWORD ticks = TimeTick; /* ticks since system start */ + (void)reset; + + return (double) ticks/TICKS_PER_SECOND; + } +#elif defined(WOLFSSL_RPIPICO) + #include "pico/stdlib.h" + + double current_time(int reset) + { + (void)reset; + + return (double) time_us_64() / 1000000; + } +#elif defined(THREADX) + #include "tx_api.h" + double current_time(int reset) + { + (void)reset; + return (double) tx_time_get() / TX_TIMER_TICKS_PER_SECOND; + } + +#elif defined(WOLFSSL_XILINX) + #ifdef XPAR_VERSAL_CIPS_0_PSPMC_0_PSV_CORTEXA72_0_TIMESTAMP_CLK_FREQ + #define COUNTS_PER_SECOND \ + XPAR_VERSAL_CIPS_0_PSPMC_0_PSV_CORTEXA72_0_TIMESTAMP_CLK_FREQ + #else + #define COUNTS_PER_SECOND \ + XPAR_CPU_CORTEXA53_0_TIMESTAMP_CLK_FREQ + #endif + + double current_time(int reset) + { + double timer; + uint64_t cntPct = 0; + asm volatile("mrs %0, CNTPCT_EL0" : "=r" (cntPct)); + + /* Convert to milliseconds */ + timer = (double)(cntPct / (COUNTS_PER_SECOND / 1000)); + /* Convert to seconds.millisecond */ + timer /= 1000; + return timer; + } + +#elif defined(LINUX_RUSAGE_UTIME) + + #include + #include + + static struct rusage base_rusage; + static struct rusage cur_rusage; + + double current_time(int reset) + { + struct rusage rusage; + + (void)reset; + + LIBCALL_CHECK_RET(getrusage(RUSAGE_SELF, &rusage)); + + if (reset) + base_rusage = rusage; + else + cur_rusage = rusage; + + /* only consider user time, as system time is host-related overhead + * outside wolfcrypt. + */ + return (double)rusage.ru_utime.tv_sec + + (double)rusage.ru_utime.tv_usec / MILLION_VALUE; + } + + static void check_for_excessive_stime(const char *algo, + int strength, + const char *desc, + const char *desc_extra) + { + double start_utime = (double)base_rusage.ru_utime.tv_sec + + (double)base_rusage.ru_utime.tv_usec / MILLION_VALUE; + double start_stime = (double)base_rusage.ru_stime.tv_sec + + (double)base_rusage.ru_stime.tv_usec / MILLION_VALUE; + double cur_utime = (double)cur_rusage.ru_utime.tv_sec + + (double)cur_rusage.ru_utime.tv_usec / MILLION_VALUE; + double cur_stime = (double)cur_rusage.ru_stime.tv_sec + + (double)cur_rusage.ru_stime.tv_usec / MILLION_VALUE; + double stime_utime_ratio = + (cur_stime - start_stime) / (cur_utime - start_utime); + if (stime_utime_ratio > .1) { + if (strength > 0) { + printf("%swarning, " + "excessive system time ratio for %s-%d-%s%s (" FLT_FMT_PREC "%%).\n", + err_prefix, algo, strength, desc, desc_extra, + FLT_FMT_PREC_ARGS(3, stime_utime_ratio * 100.0)); + } + else { + printf("%swarning, " + "excessive system time ratio for %s%s%s (" FLT_FMT_PREC "%%).\n", + err_prefix, algo, desc, desc_extra, + FLT_FMT_PREC_ARGS(3, stime_utime_ratio * 100.0)); + } + } + } + +#elif defined(WOLFSSL_LINUXKM) + + double current_time(int reset) + { + (void)reset; + u64 ns = ktime_get_ns(); + return (double)ns / 1000000000.0; + } + +#elif defined(WOLFSSL_GAISLER_BCC) + + #include + double current_time(int reset) + { + (void)reset; + uint32_t us = bcc_timer_get_us(); + return (double)us / 1000000.0; + } + +#elif defined(__WATCOMC__) + + #include + WC_INLINE double current_time(int reset) + { + (void)reset; + return ((double)clock())/CLOCKS_PER_SEC; + } +#else + + #include + #include + + double current_time(int reset) + { + struct timespec tv; + + (void)reset; + + LIBCALL_CHECK_RET(clock_gettime(CLOCK_REALTIME, &tv)); + + #ifdef BENCH_MICROSECOND + return (double)tv.tv_sec * 1000000 + (double)tv.tv_nsec / 1000; + #else + return (double)tv.tv_sec + (double)tv.tv_nsec / 1000000000; + #endif + } + +#endif /* _WIN32 */ + +#if defined(HAVE_GET_CYCLES) + + #if defined(WOLFSSL_ESPIDF) + /* Generic CPU cycle counter for either Xtensa or RISC-V */ + static WC_INLINE word64 esp_get_cpu_benchmark_cycles(void) + { + /* Reminder for long duration between calls with + * multiple overflows will not be detected. */ + return esp_get_cycle_count_ex(); + } + + #elif defined(__aarch64__) + static WC_INLINE word64 get_aarch64_cycles(void) + { + word64 ticks; + __asm__ __volatile__ ( + "isb\n\t" + #ifdef __APPLE__ + "mrs %[ticks], cntpct_el0\n\t" + #else + "mrs %[ticks], cntvct_el0\n\t" + #endif + : [ticks] "=r" (ticks) + : + : + ); + if ((tick_freq != 0) && (actual_freq != 0)) { + ticks *= actual_freq / tick_freq; + } + return ticks; + } + + /* implement other architectures here */ + + #else + static WC_INLINE word64 get_intel_cycles(void) + { + unsigned int lo_c, hi_c; + __asm__ __volatile__ ( + "cpuid\n\t" + "rdtsc" + : "=a"(lo_c), "=d"(hi_c) /* out */ + : "a"(0) /* in */ + : "%ebx", "%ecx"); /* clobber */ + return ((word64)lo_c) | (((word64)hi_c) << 32); + } + #endif + +#endif /* HAVE_GET_CYCLES */ + +void benchmark_configure(word32 block_size) +{ + /* must be greater than 0 */ + if (block_size > 0) { + numBlocks = (int)((word32)numBlocks * bench_size / block_size); + bench_size = block_size; + } +} + +#ifndef NO_MAIN_DRIVER + +#ifndef MAIN_NO_ARGS + +#ifndef WOLFSSL_BENCHMARK_ALL +/* Display the algorithm string and keep to 80 characters per line. + * + * str Algorithm string to print. + * line Length of line used so far. + */ +#ifndef BENCH_MAX_LINE +#define BENCH_MAX_LINE 80 +#endif +static void print_alg(const char* str, int* line) +{ + const char* const ident = " "; + if (*line == 0) { + printf("%s", ident); + *line = (int)XSTRLEN(ident); + } + printf(" %s", str); + *line += (int)XSTRLEN(str) + 1; + if (*line > BENCH_MAX_LINE) { + printf("\n"); + *line = 0; + } +} +#endif /* WOLFSSL_BENCHMARK_ALL */ + +/* Display the usage options of the benchmark program. */ +static void Usage(void) +{ + int e = 0; +#ifndef WOLFSSL_BENCHMARK_ALL + int i; + int line; +#endif + + printf("benchmark\n"); + printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -? */ + printf("%s", bench_Usage_msg1[lng_index][e++]); /* English / Japanese */ + printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -csv */ + printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -base10 */ +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AESGCM) + printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -same_buf */ +#else + e++; +#endif +#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -no_aad */ + printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -aad_size */ + printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -all_aad */ +#else + e += 3; +#endif + printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -dgst_full */ + printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -mac_final */ + printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -aead_set_key */ +#ifndef NO_RSA + printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -rsa_sign */ + #ifdef WOLFSSL_KEY_GEN + printf("%s", bench_Usage_msg1[lng_index][e]); /* option -rsa-sz */ + #endif + e++; +#else + e += 2; +#endif +#if !defined(NO_DH) && defined(HAVE_FFDHE_2048) + printf("%s", bench_Usage_msg1[lng_index][e]); /* option -ffdhe2048 */ +#endif + e++; +#if !defined(NO_DH) && defined(HAVE_FFDHE_3072) + printf("%s", bench_Usage_msg1[lng_index][e]); /* option -ffdhe3072 */ +#endif + e++; +#if defined(HAVE_ECC) && !defined(NO_ECC256) + printf("%s", bench_Usage_msg1[lng_index][e]); /* option -p256 */ +#endif + e++; +#if defined(HAVE_ECC) && defined(HAVE_ECC384) + printf("%s", bench_Usage_msg1[lng_index][e]); /* option -p384 */ +#endif + e++; +#if defined(HAVE_ECC) && defined(HAVE_ECC521) + printf("%s", bench_Usage_msg1[lng_index][e]); /* option -p521 */ +#endif + e++; +#if defined(HAVE_ECC) + printf("%s", bench_Usage_msg1[lng_index][e]); /* option -ecc-all */ +#endif + e++; +#ifndef WOLFSSL_BENCHMARK_ALL + printf("%s", bench_Usage_msg1[lng_index][e]); /* option - */ + line = 0; + for (i=0; bench_cipher_opt[i].str != NULL; i++) + print_alg(bench_cipher_opt[i].str, &line); + for (i=0; bench_digest_opt[i].str != NULL; i++) + print_alg(bench_digest_opt[i].str, &line); + for (i=0; bench_mac_opt[i].str != NULL; i++) + print_alg(bench_mac_opt[i].str, &line); + for (i=0; bench_kdf_opt[i].str != NULL; i++) + print_alg(bench_kdf_opt[i].str, &line); + for (i=0; bench_asym_opt[i].str != NULL; i++) + print_alg(bench_asym_opt[i].str, &line); + for (i=0; bench_other_opt[i].str != NULL; i++) + print_alg(bench_other_opt[i].str, &line); +#if defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_FALCON) || \ + defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS) + for (i=0; bench_pq_asym_opt[i].str != NULL; i++) + print_alg(bench_pq_asym_opt[i].str, &line); +#if defined(HAVE_SPHINCS) + for (i=0; bench_pq_asym_opt2[i].str != NULL; i++) + print_alg(bench_pq_asym_opt2[i].str, &line); +#endif /* HAVE_SPHINCS */ +#endif +#if defined(BENCH_PQ_STATEFUL_HBS) + for (i=0; bench_pq_hash_sig_opt[i].str != NULL; i++) + print_alg(bench_pq_hash_sig_opt[i].str, &line); +#endif /* BENCH_PQ_STATEFUL_HBS */ + printf("\n"); +#endif /* !WOLFSSL_BENCHMARK_ALL */ + e++; + printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -lng */ + printf("%s", bench_Usage_msg1[lng_index][e++]); /* option */ + printf("%s", bench_Usage_msg1[lng_index][e++]); /* option -blocks */ +#ifdef WC_ENABLE_BENCH_THREADING + printf("%s", bench_Usage_msg1[lng_index][e]); /* option -threads */ +#endif + e++; +#ifdef WC_BENCH_TRACK_STATS + printf("%s", bench_Usage_msg1[lng_index][e]); /* option -print */ +#endif + e++; +#ifndef NO_FILESYSTEM + printf("%s", bench_Usage_msg1[lng_index][e]); /* option -hash_input */ +#endif + e++; +#ifndef NO_FILESYSTEM + printf("%s", bench_Usage_msg1[lng_index][e]); /* option -cipher_input */ +#endif + e++; +#ifdef MULTI_VALUE_STATISTICS + printf("%s", bench_Usage_msg1[lng_index][e]); /* option -min_runs */ +#endif + e++; +#if defined(__aarch64__) + printf("%s", bench_Usage_msg1[lng_index][e]); /* option -freq */ +#endif +} + +/* Match the command line argument with the string. + * + * arg Command line argument. + * str String to check for. + * return 1 if the command line argument matches the string, 0 otherwise. + */ +static int string_matches(const char* arg, const char* str) +{ + return XSTRCMP(arg, str) == 0; +} +#endif /* MAIN_NO_ARGS */ + +/* +** ---------------------------------------------------------------------------- +** determine how the benchmarks are called, the function name varies: +** ---------------------------------------------------------------------------- +*/ +#if !defined(NO_MAIN_DRIVER) && !defined(NO_MAIN_FUNCTION) + #if defined(WOLFSSL_ESPIDF) || defined(_WIN32_WCE) + + /* for some environments, we'll call a function wolf_benchmark_task: */ + int wolf_benchmark_task(void) + + #elif defined(MAIN_NO_ARGS) + + /* otherwise we'll use main() with no arguments as desired: */ + int main() + + #else + + /* else we'll be calling main with default arg parameters */ + int main(int argc, char** argv) + + #endif +{ + /* Code for main() or wolf_benchmark_task() */ + #ifdef WOLFSSL_ESPIDF + int argc = construct_argv(); + char** argv = (char**)__argv; + #elif defined(MAIN_NO_ARGS) + int argc = 0; + char** argv = NULL; + #endif + + return wolfcrypt_benchmark_main(argc, argv); +} +#endif /* !NO_MAIN_DRIVER && !NO_MAIN_FUNCTION */ + +int wolfcrypt_benchmark_main(int argc, char** argv) +{ + int ret = 0; + +#ifndef MAIN_NO_ARGS + int optMatched; + #ifndef WOLFSSL_BENCHMARK_ALL + int i; + #endif +#endif + + benchmark_static_init(1); + + printf("%s------------------------------------------------------------------------------\n", + info_prefix); + printf("%s wolfSSL version %s\n", info_prefix, LIBWOLFSSL_VERSION_STRING); + printf("%s------------------------------------------------------------------------------\n", + info_prefix); + +#ifndef MAIN_NO_ARGS + while (argc > 1) { + if (string_matches(argv[1], "-?")) { + if (--argc > 1) { + lng_index = XATOI((++argv)[1]); + if (lng_index<0 || lng_index>1) { + lng_index = 0; + } + } + Usage(); + return 0; + } + else if (string_matches(argv[1], "-lng")) { + argc--; + argv++; + if (argc > 1) { + lng_index = XATOI(argv[1]); + if (lng_index<0 || lng_index>1) { + printf("invalid number(%d) is specified. [ :0-1]\n", + lng_index); + lng_index = 0; + } + } + } + else if (string_matches(argv[1], "-base10")) + base2 = 0; +#if defined(HAVE_AES_CBC) || defined(WOLFSSL_AES_COUNTER) || \ + defined(HAVE_AESGCM) + else if (string_matches(argv[1], "-same_buf")) + cipher_same_buffer = 1; +#endif +#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + else if (string_matches(argv[1], "-no_aad")) + aes_aad_options = AAD_SIZE_ZERO; + else if (string_matches(argv[1], "-all_aad")) + aes_aad_options |= AAD_SIZE_ZERO | AAD_SIZE_DEFAULT; + else if (string_matches(argv[1], "-aad_size")) { + argc--; + argv++; + if (argc > 1) { + aes_aad_size = (word32)XATOI(argv[1]); + aes_aad_options |= AAD_SIZE_CUSTOM; + } + } +#endif + else if (string_matches(argv[1], "-dgst_full")) + digest_stream = 0; + else if (string_matches(argv[1], "-mac_final")) + mac_stream = 0; + else if (string_matches(argv[1], "-aead_set_key")) + aead_set_key = 1; +#ifdef HAVE_CHACHA + else if (string_matches(argv[1], "-enc_only")) + encrypt_only = 1; +#endif +#ifndef NO_RSA + else if (string_matches(argv[1], "-rsa_sign")) + rsa_sign_verify = 1; +#endif +#if !defined(NO_DH) && defined(HAVE_FFDHE_2048) + else if (string_matches(argv[1], "-ffdhe2048")) + use_ffdhe = 2048; +#endif +#if !defined(NO_DH) && defined(HAVE_FFDHE_3072) + else if (string_matches(argv[1], "-ffdhe3072")) + use_ffdhe = 3072; +#endif +#if !defined(NO_DH) && defined(HAVE_FFDHE_4096) + else if (string_matches(argv[1], "-ffdhe4096")) + use_ffdhe = 4096; +#endif +#if defined(HAVE_ECC) && !defined(NO_ECC256) + else if (string_matches(argv[1], "-p256")) + bench_asym_algs |= BENCH_ECC_P256; +#endif +#if defined(HAVE_ECC) && defined(HAVE_ECC384) + else if (string_matches(argv[1], "-p384")) + bench_asym_algs |= BENCH_ECC_P384; +#endif +#if defined(HAVE_ECC) && defined(HAVE_ECC521) + else if (string_matches(argv[1], "-p521")) + bench_asym_algs |= BENCH_ECC_P521; +#endif +#ifdef BENCH_ASYM + else if (string_matches(argv[1], "-csv")) { + csv_format = 1; + } +#endif + +#ifdef WC_ENABLE_BENCH_THREADING + else if (string_matches(argv[1], "-threads")) { + argc--; + argv++; + if (argc > 1) { + g_threadCount = XATOI(argv[1]); + if (g_threadCount < 1 || lng_index > 128){ + printf("invalid number(%d) is specified. [ :1-128]\n", + g_threadCount); + g_threadCount = 0; + } + } + } +#endif +#ifdef WC_BENCH_TRACK_STATS + else if (string_matches(argv[1], "-print")) { + gPrintStats = 1; + } +#endif + else if (string_matches(argv[1], "-blocks")) { + argc--; + argv++; + if (argc > 1) + numBlocks = XATOI(argv[1]); + } +#ifndef NO_FILESYSTEM + else if (string_matches(argv[1], "-hash_input")) { + argc--; + argv++; + if (argc > 1) + hash_input = argv[1]; + } + else if (string_matches(argv[1], "-cipher_input")) { + argc--; + argv++; + if (argc > 1) + cipher_input = argv[1]; + } +#endif +#ifdef MULTI_VALUE_STATISTICS + else if (string_matches(argv[1], "-min_runs")) { + argc--; + argv++; + if (argc > 1) { + minimum_runs = XATOI(argv[1]); + } + } +#endif +#ifdef __aarch64__ + else if (string_matches(argv[1], "-freq")) { + argc--; + argv++; + if (argc > 1) { + actual_freq = strtol(argv[1], NULL, 10); + } + } +#endif + else if (argv[1][0] == '-') { + optMatched = 0; +#ifndef WOLFSSL_BENCHMARK_ALL + /* Check known algorithm choosing command line options. */ + /* Known cipher algorithms */ + for (i=0; !optMatched && bench_cipher_opt[i].str != NULL; i++) { + if (string_matches(argv[1], bench_cipher_opt[i].str)) { + bench_cipher_algs |= bench_cipher_opt[i].val; + bench_all = 0; + optMatched = 1; + } + } + /* Known digest algorithms */ + for (i=0; !optMatched && bench_digest_opt[i].str != NULL; i++) { + if (string_matches(argv[1], bench_digest_opt[i].str)) { + bench_digest_algs |= bench_digest_opt[i].val; + bench_all = 0; + optMatched = 1; + } + } + /* Known MAC algorithms */ + for (i=0; !optMatched && bench_mac_opt[i].str != NULL; i++) { + if (string_matches(argv[1], bench_mac_opt[i].str)) { + bench_mac_algs |= bench_mac_opt[i].val; + bench_all = 0; + optMatched = 1; + } + } + /* Known KDF algorithms */ + for (i=0; !optMatched && bench_kdf_opt[i].str != NULL; i++) { + if (string_matches(argv[1], bench_kdf_opt[i].str)) { + bench_kdf_algs |= bench_kdf_opt[i].val; + bench_all = 0; + optMatched = 1; + } + } + /* Known asymmetric algorithms */ + for (i=0; !optMatched && bench_asym_opt[i].str != NULL; i++) { + if (string_matches(argv[1], bench_asym_opt[i].str)) { + bench_asym_algs |= bench_asym_opt[i].val; + bench_all = 0; + optMatched = 1; + } + } + #if defined(WOLFSSL_HAVE_MLKEM) || defined(HAVE_FALCON) || \ + defined(HAVE_DILITHIUM) || defined(HAVE_SPHINCS) + /* Known asymmetric post-quantum algorithms */ + for (i=0; !optMatched && bench_pq_asym_opt[i].str != NULL; i++) { + if (string_matches(argv[1], bench_pq_asym_opt[i].str)) { + bench_pq_asym_algs |= bench_pq_asym_opt[i].val; + bench_all = 0; + optMatched = 1; + } + } + #ifdef HAVE_SPHINCS + /* Both bench_pq_asym_opt and bench_pq_asym_opt2 are looking for + * -pq, so we need to do a special case for -pq since optMatched + * was set to 1 just above. */ + if ((bench_pq_asym_opt[0].str != NULL) && + string_matches(argv[1], bench_pq_asym_opt[0].str)) + { + bench_pq_asym_algs2 |= bench_pq_asym_opt2[0].val; + bench_all = 0; + optMatched = 1; + } + for (i=1; !optMatched && bench_pq_asym_opt2[i].str != NULL; i++) { + if (string_matches(argv[1], bench_pq_asym_opt2[i].str)) { + bench_pq_asym_algs2 |= bench_pq_asym_opt2[i].val; + bench_all = 0; + optMatched = 1; + } + } + #endif + #endif + /* Other known cryptographic algorithms */ + for (i=0; !optMatched && bench_other_opt[i].str != NULL; i++) { + if (string_matches(argv[1], bench_other_opt[i].str)) { + bench_other_algs |= bench_other_opt[i].val; + bench_all = 0; + optMatched = 1; + } + } + + #if defined(BENCH_PQ_STATEFUL_HBS) + /* post-quantum stateful hash-based signatures */ + for (i=0; !optMatched && bench_pq_hash_sig_opt[i].str != NULL; i++) { + if (string_matches(argv[1], bench_pq_hash_sig_opt[i].str)) { + bench_pq_hash_sig_algs |= bench_pq_hash_sig_opt[i].val; + bench_all = 0; + optMatched = 1; + } + } + #endif /* BENCH_PQ_STATEFUL_HBS */ +#endif + if (!optMatched) { + printf("Option not recognized: %s\n", argv[1]); + Usage(); + return 1; + } + } + else { + /* parse for block size */ + benchmark_configure((word32)XATOI(argv[1])); + } + argc--; + argv++; + } +#endif /* MAIN_NO_ARGS */ + +#if defined(WOLFSSL_BENCHMARK_FIXED_CSV) + /* when defined, we'll always output CSV regardless of params. + ** this is typically convenient in embedded environments. + */ + csv_format = 1; +#endif + +#if defined(WC_ENABLE_BENCH_THREADING) && !defined(WOLFSSL_ASYNC_CRYPT) + if (g_threadCount > 1) { + ret = benchmark_test_threaded(NULL); + } + else +#endif + { + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + { + #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG + if (esp_gptimer == NULL) { + ESP_ERROR_CHECK(gptimer_new_timer(&esp_timer_config, + &esp_gptimer) ); + } + ESP_ERROR_CHECK(gptimer_enable(esp_gptimer)); + ESP_ERROR_CHECK(gptimer_start(esp_gptimer)); + ESP_LOGI(TAG, "Enable %s timer", CONFIG_IDF_TARGET); + #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */ + } + #endif + + #ifdef HAVE_STACK_SIZE + ret = StackSizeCheck(NULL, benchmark_test); + #else + ret = benchmark_test(NULL); + #endif + } + + #if defined(CONFIG_IDF_TARGET_ESP32C2) || \ + defined(CONFIG_IDF_TARGET_ESP32C3) || \ + defined(CONFIG_IDF_TARGET_ESP32C6) + { + #ifdef WOLFSSL_BENCHMARK_TIMER_DEBUG + ESP_ERROR_CHECK(gptimer_stop(esp_gptimer)); + ESP_ERROR_CHECK(gptimer_disable(esp_gptimer)); + #endif /* WOLFSSL_BENCHMARK_TIMER_DEBUG */ + } + #endif + + return ret; +} +#endif /* !NO_MAIN_DRIVER */ + +#else + #if !defined(NO_MAIN_DRIVER) && !defined(NO_MAIN_FUNCTION) + int main(void) { return 0; } + #endif +#endif /* !NO_CRYPT_BENCHMARK */ diff --git a/test/ssl/wolfssl/wolfcrypt/benchmark/benchmark.h b/test/ssl/wolfssl/wolfcrypt/benchmark/benchmark.h new file mode 100644 index 000000000..29cb509db --- /dev/null +++ b/test/ssl/wolfssl/wolfcrypt/benchmark/benchmark.h @@ -0,0 +1,147 @@ +/* wolfcrypt/benchmark/benchmark.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLFCRYPT_BENCHMARK_H +#define WOLFCRYPT_BENCHMARK_H + + +#ifdef __cplusplus + extern "C" { +#endif + +#include /* Needed for 'byte' typedef */ + +/* run all benchmark entry */ +#ifdef HAVE_STACK_SIZE +THREAD_RETURN WOLFSSL_THREAD benchmark_test(void* args); +#else +int benchmark_test(void *args); +#endif +#ifndef NO_MAIN_DRIVER +int wolfcrypt_benchmark_main(int argc, char** argv); +#endif + +/* individual benchmarks */ +int benchmark_init(void); +int benchmark_free(void); +void benchmark_configure(word32 block_size); + +void bench_des(int useDeviceID); +void bench_arc4(int useDeviceID); +void bench_chacha(void); +void bench_chacha20_poly1305_aead(void); +void bench_aescbc(int useDeviceID); +void bench_aesgcm(int useDeviceID); +void bench_gmac(int useDeviceID); +void bench_aesccm(int useDeviceID); +void bench_aesecb(int useDeviceID); +void bench_aesxts(void); +void bench_aesctr(int useDeviceID); +void bench_aescfb(void); +void bench_aesofb(void); +void bench_aessiv(void); +void bench_poly1305(void); +void bench_camellia(void); +void bench_sm4_cbc(void); +void bench_sm4_gcm(void); +void bench_sm4_ccm(void); +void bench_ascon_aead(void); +void bench_md5(int useDeviceID); +void bench_sha(int useDeviceID); +void bench_sha224(int useDeviceID); +void bench_sha256(int useDeviceID); +void bench_sha384(int useDeviceID); +void bench_sha512(int useDeviceID); +#if !defined(WOLFSSL_NOSHA512_224) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +void bench_sha512_224(int useDeviceID); +#endif +#if !defined(WOLFSSL_NOSHA512_256) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +void bench_sha512_256(int useDeviceID); +#endif +void bench_sha3_224(int useDeviceID); +void bench_sha3_256(int useDeviceID); +void bench_sha3_384(int useDeviceID); +void bench_sha3_512(int useDeviceID); +void bench_shake128(int useDeviceID); +void bench_shake256(int useDeviceID); +void bench_sm3(int useDeviceID); +void bench_ripemd(void); +void bench_cmac(int useDeviceID); +void bench_scrypt(void); +void bench_hmac_md5(int useDeviceID); +void bench_hmac_sha(int useDeviceID); +void bench_hmac_sha224(int useDeviceID); +void bench_hmac_sha256(int useDeviceID); +void bench_hmac_sha384(int useDeviceID); +void bench_hmac_sha512(int useDeviceID); +void bench_siphash(void); +void bench_srtpkdf(void); +void bench_rsaKeyGen(int useDeviceID); +void bench_rsaKeyGen_size(int useDeviceID, word32 keySz); +void bench_rsa(int useDeviceID); +void bench_rsa_key(int useDeviceID, word32 keySz); +void bench_dh(int useDeviceID); +void bench_mlkem(int type); +void bench_lms(void); +void bench_xmss(int hash); +void bench_ecc_curve(int curveId); +void bench_eccMakeKey(int useDeviceID, int curveId); +void bench_ecc(int useDeviceID, int curveId); +void bench_eccEncrypt(int curveId); +void bench_sm2(int useDeviceID); +void bench_curve25519KeyGen(int useDeviceID); +void bench_curve25519KeyAgree(int useDeviceID); +void bench_ed25519KeyGen(void); +void bench_ed25519KeySign(void); +void bench_curve448KeyGen(void); +void bench_curve448KeyAgree(void); +void bench_ed448KeyGen(void); +void bench_ed448KeySign(void); +void bench_eccsiKeyGen(void); +void bench_eccsiPairGen(void); +void bench_eccsiValidate(void); +void bench_eccsi(void); +void bench_sakkeKeyGen(void); +void bench_sakkeRskGen(void); +void bench_sakkeValidate(void); +void bench_sakke(void); +void bench_rng(void); +void bench_blake2b(void); +void bench_blake2s(void); +void bench_ascon_hash(void); +void bench_pbkdf2(void); +void bench_falconKeySign(byte level); +void bench_dilithiumKeySign(byte level); +void bench_sphincsKeySign(byte level, byte optim); + +void bench_stats_print(void); + + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* WOLFCRYPT_BENCHMARK_H */ + diff --git a/test/ssl/wolfssl/wolfcrypt/test/test.c b/test/ssl/wolfssl/wolfcrypt/test/test.c new file mode 100644 index 000000000..b01221c29 --- /dev/null +++ b/test/ssl/wolfssl/wolfcrypt/test/test.c @@ -0,0 +1,62855 @@ +/* test.c + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + +/* + * Some common, optional build settings: + * these can also be set in wolfssl/options.h or user_settings.h + * ------------------------------------------------------------- + * + * set the default devId for cryptocb to the value instead of INVALID_DEVID + * WC_USE_DEVID=0x1234 + */ + +#define WOLFSSL_VIS_FOR_TESTS + +#ifdef HAVE_CONFIG_H + #include +#endif + +#if !defined(WOLFSSL_USER_SETTINGS) && !defined(WOLFSSL_NO_OPTIONS_H) + #include +#endif +#include + +#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES + #define WOLFSSL_DEBUG_TRACE_ERROR_CODES_ALWAYS +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + #define WOLFSSL_SMALL_STACK +#endif + +#if !defined(NO_CRYPT_TEST) || defined(WC_TEST_EXPORT_SUBTESTS) + +#include +#include +#include +#include + +#ifdef NO_INLINE + #include +#else + #define WOLFSSL_MISC_INCLUDED + #include +#endif + +#if defined(HAVE_WOLFCRYPT_TEST_OPTIONS) + #include + #define err_sys err_sys_remap /* remap err_sys */ + #include + #undef err_sys +#endif + +#if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \ + defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY) && \ + !defined(NO_STDINT_H) + #include +#endif + +#ifdef HAVE_STACK_SIZE_VERBOSE +#ifdef WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES + static WC_MAYBE_UNUSED ssize_t max_relative_stack = + WOLFSSL_TEST_MAX_RELATIVE_STACK_BYTES; +#else + static WC_MAYBE_UNUSED ssize_t max_relative_stack = -1; +#endif +#endif + +static const byte const_byte_array[] = "A+Gd\0\0\0"; +#define CBPTR_EXPECTED 'A' + +#if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY) +#ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS + static ssize_t max_relative_heap_allocs = WOLFSSL_TEST_MAX_RELATIVE_HEAP_ALLOCS; +#else + static ssize_t max_relative_heap_allocs = -1; +#endif +#ifdef WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES + static ssize_t max_relative_heap_bytes = WOLFSSL_TEST_MAX_RELATIVE_HEAP_BYTES; +#else + static ssize_t max_relative_heap_bytes = -1; +#endif + +/* Optional breadcrumb string (b), and interaction, (i) not implemented */ +#define PRINT_HEAP_CHECKPOINT(b, i) { \ + const ssize_t _rha = wolfCrypt_heap_peakAllocs_checkpoint() - heap_baselineAllocs; \ + const ssize_t _rhb = wolfCrypt_heap_peakBytes_checkpoint() - heap_baselineBytes; \ + printf(" relative heap peak usage: %ld alloc%s, %ld bytes\n", \ + (long int)_rha, \ + _rha == 1 ? "" : "s", \ + (long int)_rhb); \ + if ((max_relative_heap_allocs > 0) && (_rha > max_relative_heap_allocs)) \ + return err_sys("heap allocs exceed designated max.", \ + WC_TEST_RET_ENC_NC); \ + if ((max_relative_heap_bytes > 0) && (_rhb > max_relative_heap_bytes)) \ + return err_sys("heap bytes exceed designated max.", \ + WC_TEST_RET_ENC_NC); \ + heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint(); \ + heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint(); \ + } +#define PRINT_HEAP_ADDRESS(p) \ + printf("Allocated address: %p", (void *)(p)); +#else + #define PRINT_HEAP_CHECKPOINT(b, i) WC_DO_NOTHING; + #define PRINT_HEAP_ADDRESS(p) WC_DO_NOTHING; +#endif /* WOLFSSL_TRACK_MEMORY_VERBOSE && !WOLFSSL_STATIC_MEMORY */ + +#ifdef WOLFSSL_ESPIDF + #undef PRINT_HEAP_CHECKPOINT + #undef PRINT_HEAP_ADDRESS + static int esp_start_heap = 0; + static int esp_last_heap = 0; + static int esp_this_heap = 0; + + #ifdef DEBUG_WOLFSSL_ESP32_HEAP + #define PRINT_HEAP_CHECKPOINT(b, i) \ + esp_last_heap = esp_this_heap; \ + esp_this_heap = (int)heap_caps_get_free_size(MALLOC_CAP_8BIT); \ + if (esp_start_heap == 0) { \ + esp_start_heap = esp_this_heap; \ + } \ + ESP_LOGI(ESPIDF_TAG, "%s #%d; Heap free: %d", \ + ((b) ? (b) : ""), /* breadcumb string */ \ + ((i) ? (i) : 0), /* index */ \ + esp_this_heap); + + #define PRINT_HEAP_ADDRESS(p) \ + ESP_LOGI(ESPIDF_TAG, "Allocated address: %p", (void *)(p)); + #else + /* Even without verbose heap, we'll warn on anomalous values */ + #define PRINT_HEAP_CHECKPOINT(b, i) \ + esp_last_heap = esp_this_heap; \ + esp_this_heap = (int)heap_caps_get_free_size(MALLOC_CAP_8BIT); \ + if (esp_start_heap == 0) { \ + esp_start_heap = esp_this_heap; \ + esp_last_heap = esp_this_heap; \ + } \ + if (esp_this_heap == esp_last_heap) { \ + ESP_LOGV(ESPIDF_TAG, "Heap constant: %d", esp_this_heap); \ + } \ + else { \ + ESP_LOGI(ESPIDF_TAG, "Breadcrumb: %s", ((b) ? (b) : "")); \ + ESP_LOGW(ESPIDF_TAG, "Warning: this heap %d != last %d", \ + esp_this_heap, esp_last_heap); \ + } + + #define PRINT_HEAP_ADDRESS(p) WC_DO_NOTHING; + #endif +#endif /* WOLFSSL_ESPIDF */ + + +#ifdef USE_FLAT_TEST_H + #ifdef HAVE_CONFIG_H + #include "test_paths.h" + #endif + #include "test.h" +#else + #ifdef HAVE_CONFIG_H + #include "wolfcrypt/test/test_paths.h" + #endif + #include "wolfcrypt/test/test.h" +#endif + +/* printf mappings */ +#ifndef WOLFSSL_LOG_PRINTF +#if defined(FREESCALE_MQX) || defined(FREESCALE_KSDK_MQX) + #include + #include + /* see wc_port.h for fio.h and nio.h includes */ +#elif defined(FREESCALE_KSDK_BM) + #include "fsl_debug_console.h" + #undef printf + #define printf PRINTF +#elif defined(WOLFSSL_APACHE_MYNEWT) + #include + #include + #include "sysinit/sysinit.h" + #include "os/os.h" + #ifdef ARCH_sim + #include "mcu/mcu_sim.h" + #endif + #include "os/os_time.h" +#elif defined(WOLFSSL_ESPIDF) + #include + #include + #include + #include + #define ESPIDF_TAG "wc_test" +#elif defined(WOLFSSL_ZEPHYR) + #include + + #define printf printk +#elif defined(MICRIUM) + #include + #if (OS_VERSION < 50000) + #include + void BSP_Ser_Printf (CPU_CHAR* format, ...); + #undef printf + #define printf BSP_Ser_Printf + #else + #include + #endif +#elif defined(WOLFSSL_PB) + #include + int wolfssl_pb_print(const char*, ...); + #undef printf + #define printf wolfssl_pb_print +#elif defined(WOLFSSL_TELIT_M2MB) + #include "wolfssl/wolfcrypt/wc_port.h" /* for m2mb headers */ + #include "m2m_log.h" /* for M2M_LOG_INFO - not standard API */ + /* remap printf */ + #undef printf + #define printf M2M_LOG_INFO + /* OS requires occasional sleep() */ + #ifndef TEST_SLEEP_MS + #define TEST_SLEEP_MS 50 + #endif + #define TEST_SLEEP() m2mb_os_taskSleep(M2MB_OS_MS2TICKS(TEST_SLEEP_MS)) + /* don't use file system for these tests, since ./certs dir isn't loaded */ + #undef NO_FILESYSTEM + #define NO_FILESYSTEM +#elif defined(THREADX) && !defined(WOLFSSL_WICED) && \ + !defined(THREADX_NO_DC_PRINTF) + #ifndef NETOS + /* since just testing, use THREADX log printf instead (NETOS prototypes + * this elsewhere) */ + int dc_log_printf(char*, ...); + #endif + #undef printf + #define printf dc_log_printf +#elif defined(ANDROID) + #ifdef XMALLOC_USER + #include /* we're using malloc / free direct here */ + #endif + #ifndef STRING_USER + #include + #endif + #include + + #ifdef ANDROID_V454 /* See fips/android/wolfCrypt_v454_android */ + #ifndef NO_FILESYSTEM + #define NO_FILESYSTEM /* Turn off tests that want to call SaveDerAndPem() */ + #endif + #else + #define printf(...) \ + __android_log_print(ANDROID_LOG_DEBUG, "[WOLFCRYPT]", __VA_ARGS__) + #define fprintf(fp, ...) \ + __android_log_print(ANDROID_LOG_DEBUG, "[WOLFCRYPT]", __VA_ARGS__) + #endif +#elif defined(WOLFSSL_DEOS) + #include + #undef printf + #define printf printx +#elif defined(WOLFSSL_RENESAS_RSIP) || defined(WOLFSSL_RENESAS_RZN2L) + #ifndef TEST_SLEEP + #define TEST_SLEEP() vTaskDelay(50) + #endif + #undef vprintf + #define vprintf rsip_vprintf + #include /* for var args */ + int rsip_vprintf(const char* restrict format, va_list args) + { + int ret; + char tmpBuf[80]; + + ret = XVSNPRINTF(tmpBuf, sizeof(tmpBuf), format, args); + printf(tmpBuf); + + return ret; + } +#else + #ifdef XMALLOC_USER + #include /* we're using malloc / free direct here */ + #endif + #if !defined(STRING_USER) && !defined(NO_STDIO_FILESYSTEM) + #include + #endif + + #if defined(WOLFSSL_KERNEL_MODE) && !defined(WOLFSSL_KERNEL_VERBOSE_DEBUG) + #undef printf + #define printf(...) ({}) + #endif + + /* enable way for customer to override test/bench printf */ + #ifdef XPRINTF + #undef printf + #define printf XPRINTF + #elif !defined(printf) && !defined(NO_STDIO_FILESYSTEM) + /* arrange for printf() to flush after every message -- this assures + * redirected output (to a log file) records progress right up to the + * moment of a crash/abort(); otherwise anything queued in stdout would + * be lost. + */ + #define printf(...) ( printf(__VA_ARGS__), fflush(stdout) ) + #endif +#endif +#endif /* !WOLFSSL_LOG_PRINTF */ + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#if !defined(WC_NO_RNG) + #include +#endif +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_ASCON + #include +#endif +#include +#include +#include +#ifdef HAVE_ECC + #include +#endif +#ifdef WOLFSSL_SM2 + #include +#endif +#ifdef HAVE_HPKE + #include +#endif +#ifdef HAVE_CURVE25519 + #include +#endif +#ifdef HAVE_ED25519 + #include +#endif +#ifdef HAVE_CURVE448 + #include +#endif +#ifdef HAVE_ED448 + #include +#endif +#ifdef WOLFSSL_HAVE_MLKEM + #include +#ifdef WOLFSSL_WC_MLKEM + #include +#endif +#if defined(HAVE_LIBOQS) + #include +#endif +#endif +#ifdef HAVE_DILITHIUM + #include +#endif +#if defined(WOLFSSL_HAVE_XMSS) + #include +#ifdef HAVE_LIBXMSS + #include +#else + #include +#endif +#endif +#if defined(WOLFSSL_HAVE_LMS) + #include +#ifdef HAVE_LIBLMS + #include +#else + #include +#endif +#endif +#ifdef WOLFCRYPT_HAVE_ECCSI + #include +#endif +#ifdef WOLFCRYPT_HAVE_SAKKE + #include +#endif +#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) + #include +#endif +#ifdef WOLFSSL_SHA3 + #include +#endif +#ifdef WOLFSSL_SM3 + #include +#endif +#ifdef WOLFSSL_SM4 + #include +#endif +#ifdef HAVE_LIBZ + #include +#endif +#ifdef HAVE_PKCS7 + #include +#endif +#ifdef HAVE_PKCS12 + #include +#endif +#ifdef HAVE_FIPS + #include +#endif +#ifdef HAVE_SELFTEST + #include +#endif +#ifdef WOLFSSL_ASYNC_CRYPT + #include +#endif +#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) + #include +#endif +#ifdef WOLFSSL_CAAM + #include +#endif +#ifdef WOLF_CRYPTO_CB + #include + #ifdef HAVE_INTEL_QA_SYNC + #include + #endif + #ifdef HAVE_CAVIUM_OCTEON_SYNC + #include + #endif + #ifdef HAVE_RENESAS_SYNC + #include + #endif + #if defined(WOLFSSL_MAX3266X) || defined(WOLFSSL_MAX3266X_OLD) + #include + #endif +#endif + +#ifdef _MSC_VER + /* 4996 warning to use MS extensions e.g., strcpy_s instead of strncpy */ + #pragma warning(disable: 4996) +#endif + +#ifdef OPENSSL_EXTRA + #ifndef WOLFCRYPT_ONLY + #include + #include + #endif + #include + #include + #include +#endif + +#if defined(NO_FILESYSTEM) || defined(WC_NO_RNG) + #if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) + #define USE_CERT_BUFFERS_2048 + #endif + #if !defined(USE_CERT_BUFFERS_256) + #define USE_CERT_BUFFERS_256 + #endif +#endif + +#if defined(WOLFSSL_CERT_GEN) && (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) + #define ENABLE_ECC384_CERT_GEN_TEST +#endif + +#include + +#ifdef DEVKITPRO + #include +#endif +#ifdef WOLFSSL_NDS + #include + #include + #include + #include + #include +#endif + +#ifndef WOLFSSL_HAVE_ECC_KEY_GET_PRIV + /* FIPS build has replaced ecc.h. */ + #define wc_ecc_key_get_priv(key) (&((key)->k)) + #define WOLFSSL_HAVE_ECC_KEY_GET_PRIV +#endif + +#ifdef WOLFSSL_STATIC_MEMORY + static WOLFSSL_HEAP_HINT* HEAP_HINT; +#else + #define HEAP_HINT NULL +#endif /* WOLFSSL_STATIC_MEMORY */ + +/* these cases do not have intermediate hashing support */ +#if (defined(WOLFSSL_AFALG_XILINX_SHA3) && !defined(WOLFSSL_AFALG_HASH_KEEP)) \ + && !defined(WOLFSSL_XILINX_CRYPT) || defined(WOLFSSL_XILINX_CRYPT_VERSAL) + #define NO_INTM_HASH_TEST +#endif + +#if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(WOLFSSL_RENESAS_SCEPROTECT_CRYPTONLY) || \ + defined(WOLFSSL_SECO_CAAM) + #define HASH_SIZE_LIMIT +#endif + +#if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \ + (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448))) +static void initDefaultName(void); +#endif + +/* for async devices */ +#ifdef WOLFSSL_CAAM_DEVID +static int devId = WOLFSSL_CAAM_DEVID; +#else + #ifdef WC_USE_DEVID +static int devId = WC_USE_DEVID; + #else +static int devId = INVALID_DEVID; + #endif +#endif + +#ifdef HAVE_WNR + const char* wnrConfigFile = "wnr-example.conf"; +#endif + +#define TEST_STRING "Everyone gets Friday off." +#define TEST_STRING_SZ 25 + +typedef struct testVector { + const char* input; + const char* output; + size_t inLen; + size_t outLen; +} testVector; + +#ifdef WOLFCRYPT_TEST_LINT + #define WOLFSSL_TEST_SUBROUTINE static +#else + PRAGMA_GCC("GCC diagnostic ignored \"-Wunused-function\"") + PRAGMA_CLANG("clang diagnostic ignored \"-Wunused-function\"") +#endif + +#ifndef WOLFSSL_TEST_SUBROUTINE + #define WOLFSSL_TEST_SUBROUTINE +#endif + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t macro_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base16_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md5_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void); +#if !defined(WOLFSSL_NOSHA512_224) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void); +#endif +#if !defined(WOLFSSL_NOSHA512_256) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void); +#endif +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void); +#ifdef WOLFSSL_SM3 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void); +#endif +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void); +#if defined(HAVE_HKDF) && !defined(NO_HMAC) +#if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) || \ + defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_AFALG_HASH_KEEP) || \ + defined(WOLFSSL_AFALG_XILINX_RSA) +/* hkdf_test has issue with WOLFSSL_TEST_SUBROUTINE set on Xilinx with afalg */ +static wc_test_ret_t hkdf_test(void); +#else +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void); +#endif +#endif /* HAVE_HKDF && ! NO_HMAC */ +#if defined(WOLFSSL_HAVE_PRF) && defined(HAVE_HKDF) && !defined(NO_HMAC) && \ + defined(WOLFSSL_BASE16) && !defined(WOLFSSL_NO_TLS12) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void); +#endif +#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && \ + defined(WOLFSSL_SHA384) && !defined(WOLFSSL_NO_TLS12) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void); +#endif +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void); +#if defined(WOLFSSL_TLS13) && !defined(NO_HMAC) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void); +#endif +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void); +#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \ + defined(WOLFSSL_AES_256) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void); +#endif +#ifdef WC_SRTP_KDF +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void); +#endif + +#if defined(WC_KDF_NIST_SP_800_56C) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void); +#endif +#if defined(HAVE_CMAC_KDF) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp800108_cmac(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_twostep_cmac(void); +#endif +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void); +#ifdef WC_RC2 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rc2_test(void); +#endif +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void); +#if defined(WOLFSSL_AES_CFB) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void); +#endif +#ifdef WOLFSSL_AES_XTS +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void); +#endif +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesofb_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void); +#ifdef HAVE_ASCON +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_hash256_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_aead128_test(void); +#endif +#if defined(WOLFSSL_SIPHASH) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void); +#endif +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_default_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesccm_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void); +#ifdef WOLFSSL_SM4 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void); +#endif +#ifdef WC_RSA_NO_PADDING +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void); +#endif +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void); +#ifndef WC_NO_RNG +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void); +#endif /* WC_NO_RNG */ +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void); +#if defined(USE_CERT_BUFFERS_2048) && \ + defined(HAVE_PKCS12) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ + !defined(NO_CERTS) && !defined(NO_DES3) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void); +#endif +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void); +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void); /* test mini api */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void); +#endif + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void); +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void); +#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void); +#endif +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); +#ifdef HAVE_ECC + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void); + #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \ + (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256)) + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void); + #endif + #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \ + defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) + /* skip for ATECC508/608A, cannot import private key buffers */ + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void); + #endif +#endif +#ifdef HAVE_CURVE25519 + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void); +#endif +#ifdef HAVE_ED25519 + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void); +#endif +#ifdef HAVE_CURVE448 + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void); +#endif +#ifdef HAVE_ED448 + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void); +#endif +#ifdef WOLFSSL_HAVE_MLKEM + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void); +#endif +#ifdef HAVE_DILITHIUM + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void); +#endif +#if defined(WOLFSSL_HAVE_XMSS) + #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10 + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void); + #endif + #if !defined(WOLFSSL_XMSS_VERIFY_ONLY) + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void); + #endif +#endif +#if defined(WOLFSSL_HAVE_LMS) + #if !defined(WOLFSSL_SMALL_STACK) + #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ + !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void); + #endif + #endif + #if !defined(WOLFSSL_LMS_VERIFY_ONLY) + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void); + #endif +#endif +#ifdef WOLFCRYPT_HAVE_ECCSI + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void); +#endif +#ifdef WOLFCRYPT_HAVE_SAKKE + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void); +#endif +#ifdef HAVE_BLAKE2 + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void); +#endif +#ifdef HAVE_BLAKE2S + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void); +#endif +#ifdef HAVE_LIBZ + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void); +#endif +#ifdef HAVE_PKCS7 + #ifndef NO_PKCS7_ENCRYPTED_DATA + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void); + #endif + #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void); + #endif + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void); + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7enveloped_test(void); + #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void); + #endif + #if !defined(NO_AES) && defined(HAVE_AES_CBC) + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 certSz, byte* key, + word32 keySz); + #endif +#endif +#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void); +#endif +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void); +#endif +#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void); +#endif +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void); +#if defined(WOLFSSL_PUBLIC_MP) && \ + ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(USE_FAST_MATH)) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void); +#endif +#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) && \ + (!defined(NO_DH) || !defined(NO_DSA)) && !defined(WC_NO_RNG) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void); +#endif +#if defined(ASN_BER_TO_DER) && \ + (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void); +#endif +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void); +#if !defined(NO_ASN) && !defined(NO_ASN_TIME) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t time_test(void); +#endif +#if defined(__INCLUDE_NUTTX_CONFIG_H) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t wolfcrypt_mutex_test(void); +#else +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void); +#endif +#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void); +#endif +#ifdef WOLFSSL_CAAM_BLOB +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void); +#endif +#ifdef HAVE_ARIA +#include "wolfssl/wolfcrypt/port/aria/aria-crypt.h" +void printOutput(const char *strName, unsigned char *data, unsigned int dataSz); +WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID); +#endif + +#if defined(WOLF_CRYPTO_CB) && !defined(WC_TEST_NO_CRYPTOCB_SW_TEST) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void); +#endif +#ifdef WOLFSSL_CERT_PIV +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void); +#endif +#if defined(WOLFSSL_AES_SIV) && defined(WOLFSSL_AES_128) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void); +#endif + +#if defined(WOLFSSL_AES_EAX) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void); +#endif /* WOLFSSL_AES_EAX */ + +/* General big buffer size for many tests. */ +#define FOURK_BUF 4096 + +/* If not defined in user_settings, the ERROR_OUT pause is 120 seconds. */ +#ifndef WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION + #define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION 120 +#endif +#if defined(WOLFSSL_ESPIDF_ERROR_PAUSE) + #if defined(CONFIG_FREERTOS_HZ) + #define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS \ + (WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION * CONFIG_FREERTOS_HZ) + #else + /* If not defined, assume RTOS is 1000 ticks per second. */ + #define WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS \ + (WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION * 1000) + #endif + /* When defined, pause at error condition rather than exit with error. */ + #define ERROR_OUT(err, eLabel) \ + do { \ + ret = (err); \ + ESP_LOGE(ESPIDF_TAG, "Failed: Error = %d during %s, line %d", \ + err, __FUNCTION__, __LINE__); \ + ESP_LOGI(ESPIDF_TAG, "Extended system info:"); \ + esp_ShowExtendedSystemInfo(); \ + ESP_LOGW(ESPIDF_TAG, "Paused for %d seconds! " \ + "WOLFSSL_ESPIDF_ERROR_PAUSE is enabled.", \ + WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION); \ + vTaskDelay(WOLFSSL_ESPIDF_ERROR_PAUSE_DURATION_TICKS); \ + goto eLabel; \ + } while (0) +#else + #define ERROR_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0) +#endif + +/* Not all unexpected conditions are actually errors .*/ +#define WARNING_OUT(err, eLabel) do { ret = (err); goto eLabel; } while (0) + +void wc_test_render_error_message(const char* msg, wc_test_ret_t es) +{ + (void)msg; + (void)es; + +#ifdef WOLFSSL_KERNEL_MODE + #define err_sys_printf wc_km_printf +#else + #define err_sys_printf printf +#endif + + switch (WC_TEST_RET_DEC_TAG(es)) { + case WC_TEST_RET_TAG_NC: + err_sys_printf("%s error L=%d\n", msg, WC_TEST_RET_DEC_LN(es)); + break; + case WC_TEST_RET_TAG_EC: +#ifdef NO_ERROR_STRINGS + err_sys_printf("%s error L=%d code=%d\n", msg, + WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es)); +#elif defined(WOLFCRYPT_ONLY) || !defined(WOLFSSL_TYPES_DEFINED) + err_sys_printf("%s error L=%d code=%d (%s)\n", msg, + WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es), + wc_GetErrorString(-WC_TEST_RET_DEC_I(es)) + ); +#else + err_sys_printf("%s error L=%d code=%d (%s)\n", msg, + WC_TEST_RET_DEC_LN(es), -WC_TEST_RET_DEC_I(es), + wolfSSL_ERR_reason_error_string((unsigned long)-WC_TEST_RET_DEC_I(es)) + ); +#endif + break; + case WC_TEST_RET_TAG_ERRNO: + { + +/* strerror_r() comes in two mutually incompatible flavors, a native glibc + * flavor that always returns a non-null char pointer that must be used + * directly, and a POSIX flavor that returns an error int, and iff success, + * stores an error string in the supplied buffer. this is all most + * infelicitous... + */ +#if !defined(STRING_USER) && !defined(NO_ERROR_STRINGS) && \ + (defined(__STDC_VERSION__) && (__STDC_VERSION__ > 199901L)) && \ + ((defined(__GLIBC__) && (__GLIBC__ >= 2) && defined(__USE_GNU)) || \ + (defined(__USE_XOPEN2K) && \ + defined(_POSIX_C_SOURCE) && \ + (_POSIX_C_SOURCE >= 200112L))) + + char errno_buf[64], *errno_string; + /* precisely mirror the gate used in glibc string.h */ +#if defined __USE_XOPEN2K && !defined __USE_GNU + if (strerror_r(WC_TEST_RET_DEC_I(es), + errno_buf, sizeof(errno_buf)) != 0) + XSTRLCPY(errno_buf, "?", sizeof(errno_buf)); + errno_string = errno_buf; +#else + errno_string = strerror_r(WC_TEST_RET_DEC_I(es), + errno_buf, sizeof(errno_buf)); +#endif + err_sys_printf("%s error L=%d errno=%d (%s)\n", msg, + WC_TEST_RET_DEC_LN(es), WC_TEST_RET_DEC_I(es), + errno_string); + +#else /* can't figure out how to strerror_r(), or don't want error strings */ + err_sys_printf("%s error L=%d errno=%d\n", msg, + WC_TEST_RET_DEC_LN(es), WC_TEST_RET_DEC_I(es)); +#endif + break; + } + case WC_TEST_RET_TAG_I: + err_sys_printf("%s error L=%d i=%d\n", msg, + WC_TEST_RET_DEC_LN(es), WC_TEST_RET_DEC_I(es)); + break; + } + +#undef err_sys_printf +} + +static void print_fiducials(void); + +#ifdef HAVE_STACK_SIZE +static THREAD_RETURN err_sys(const char* msg, int es) +#else +static wc_test_ret_t err_sys(const char* msg, wc_test_ret_t es) +#endif +{ + wc_test_render_error_message(msg, es); + print_fiducials(); +#ifdef WOLFSSL_KERNEL_MODE + EXIT_TEST(es); +#else + EXIT_TEST(-1); +#endif +} + +#ifndef HAVE_WOLFCRYPT_TEST_OPTIONS +/* func_args from test.h, so don't have to pull in other stuff */ +typedef struct func_args { + int argc; + char** argv; + wc_test_ret_t return_code; +} func_args; +#endif /* !HAVE_WOLFCRYPT_TEST_OPTIONS */ + +/* Kernel modules implement and install their own FIPS callback with similar + * functionality. + */ +#if defined(HAVE_FIPS) && !defined(WOLFSSL_KERNEL_MODE) +static void myFipsCb(int ok, int err, const char* hash) +{ + printf("in my Fips callback, ok = %d, err = %d\n", ok, err); + printf("message = %s\n", wc_GetErrorString(err)); + printf("hash = %s\n", hash); + + if (err == WC_NO_ERR_TRACE(IN_CORE_FIPS_E)) { + printf("In core integrity hash check failure, copy above hash\n"); + printf("into verifyCore[] in fips_test.c and rebuild\n"); + } +} +#endif /* HAVE_FIPS && !WOLFSSL_KERNEL_MODE */ + +#if defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0) && !defined(WC_NO_CONSTRUCTORS) + +#if !defined(NO_AES) +static WC_MAYBE_UNUSED Aes* wc_AesNew(void* heap, int thisDevId, int *result_code) +{ + int ret; + Aes* aes = (Aes*)XMALLOC(sizeof(Aes), heap, DYNAMIC_TYPE_AES); + if (aes == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_AesInit(aes, heap, thisDevId); + if (ret != 0) { + XFREE(aes, heap, DYNAMIC_TYPE_AES); + aes = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; + + return aes; +} +static WC_MAYBE_UNUSED int wc_AesDelete(Aes *aes, Aes** aes_p) +{ + if (aes == NULL) + return BAD_FUNC_ARG; + wc_AesFree(aes); + XFREE(aes, aes->heap, DYNAMIC_TYPE_AES); + if (aes_p != NULL) + *aes_p = NULL; + return 0; +} +#endif /* !NO_AES */ + +#if !defined(NO_RSA) +static WC_MAYBE_UNUSED RsaKey* wc_NewRsaKey(void* heap, int thisDevId, int *result_code) +{ + int ret; + RsaKey* key = (RsaKey*)XMALLOC(sizeof(RsaKey), heap, DYNAMIC_TYPE_RSA); + if (key == NULL) { + ret = MEMORY_E; + } + else { + ret = wc_InitRsaKey_ex(key, heap, thisDevId); + if (ret != 0) { + XFREE(key, heap, DYNAMIC_TYPE_RSA); + key = NULL; + } + } + + if (result_code != NULL) + *result_code = ret; + + return key; +} +static WC_MAYBE_UNUSED int wc_DeleteRsaKey(RsaKey* key, RsaKey** key_p) +{ + if (key == NULL) + return BAD_FUNC_ARG; + wc_FreeRsaKey(key); + XFREE(key, key->heap, DYNAMIC_TYPE_RSA); + if (key_p != NULL) + *key_p = NULL; + return 0; +} +#endif /* !NO_RSA */ + +#endif /* FIPS_VERSION3_LT(6,0,0) && !WC_NO_CONSTRUCTORS */ + +#ifdef WOLFSSL_STATIC_MEMORY + #if defined(WOLFSSL_STATIC_MEMORY_TEST_SZ) + static byte gTestMemory[WOLFSSL_STATIC_MEMORY_TEST_SZ]; + #elif defined(HAVE_DILITHIUM) + #if defined(WOLFSSL_DILITHIUM_VERIFY_SMALL_MEM) && \ + defined(WOLFSSL_DILITHIUM_SIGN_SMALL_MEM) && \ + defined(WOLFSSL_DILITHIUM_MAKE_KEY_SMALL_MEM) && \ + defined(WOLFSSL_DILITHIUM_VERIFY_ONLY) + static byte gTestMemory[192*1024]; /* Dilithium low mem */ + #else + static byte gTestMemory[576*1024]; /* Dilithium full mem */ + #endif + #elif defined(BENCH_EMBEDDED) + static byte gTestMemory[14000]; + #elif defined(WOLFSSL_CERT_EXT) + static byte gTestMemory[140000]; + #elif (defined(WOLFSSL_SP_MATH_ALL) || defined(USE_FAST_MATH)) && \ + !defined(ALT_ECC_SIZE) + static byte gTestMemory[160000]; + #else + static byte gTestMemory[80000]; + #endif +#endif + +#ifdef WOLFSSL_PB +static int wolfssl_pb_print(const char* msg, ...) +{ + int ret; + va_list args; + char tmpBuf[80]; + + va_start(args, msg); + ret = vsprint(tmpBuf, msg, args); + va_end(args); + + fnDumpStringToSystemLog(tmpBuf); + + return ret; +} +#endif /* WOLFSSL_PB */ + + +#if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \ + !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) +/* Enable support for RNG with crypto callback */ +static int rng_crypto_cb(int thisDevId, wc_CryptoInfo* info, void* ctx) +{ + int rc = WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE); + if (info->algo_type == WC_ALGO_TYPE_RNG) { + rc = wc_GenerateSeed(&info->rng.rng->seed, info->rng.out, info->rng.sz); + } + (void)ctx; + (void)thisDevId; + return rc; +} +#endif + +#if defined(WC_KDF_NIST_SP_800_56C) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) +#define INIT_SP80056C_TEST_VECTOR(_z, _fixedInfo, _derivedKey, _hashType) \ + { \ + .z = (const byte*)(_z), .zSz = sizeof(_z) - 1, \ + .fixedInfo = (const byte*)(_fixedInfo), \ + .fixedInfoSz = sizeof(_fixedInfo) - 1, \ + .derivedKey = (const byte*)(_derivedKey), \ + .derivedKeySz = sizeof(_derivedKey) - 1, .hashType = (_hashType), \ + } + +#define SP800_56C_MAX_OUT 128 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void) +{ + struct sp800_56c_test_vector { + const byte* z; + word32 zSz; + const byte* fixedInfo; + word32 fixedInfoSz; + const byte* derivedKey; + word32 derivedKeySz; + enum wc_HashType hashType; + }; + struct sp800_56c_test_vector* v; + byte output[SP800_56C_MAX_OUT]; + word32 i; + int ret; + /* vectors from + * https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/example-values + * + * (KeyManagement) */ + struct sp800_56c_test_vector vctors[] = { +#if !defined(NO_SHA) + /* SHA-1 */ + INIT_SP80056C_TEST_VECTOR( + "\xad\x42\x01\x82\x63\x3f\x85\x26\xbf\xe9\x54\xac\xda\x37\x6f\x05" + "\xe5\xff\x4f\x83\x7f\x54\xfe\xbe\x0f\xb1\x2a\x1b\x3b\xeb\xf2\x63" + "\xee\x21\x64\x13\xed\x06\xa8\x4a\x12\xeb\x51\x11\x59\xf1\x33\x7d", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x6f\xef\x44\x2f\xc1\x7a\x7e\x2b\x0c\x9d\xec\xe0\xe4\x7a\x57\x48" + "\xac\xb4\x6a\xf1\x98\xd7\x67\x47\x0f\x28\xa1\x04\xb5\x61\x30\xae" + "\xb0\x10\x09\xa4\x56\x82\xa5\xe1", + WC_HASH_TYPE_SHA), + INIT_SP80056C_TEST_VECTOR( + "\xae\x64\xab\x2b\x2b\x75\xa9\x4c\xf8\xef\x24\xda\x24\x56\xbd\x3a" + "\xa3\x6d\xb6\x14\x29\xea\x55\x21", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\xcc\x96\x5a\x52\xd0\x5c\x94\x9e\x52\xc0\x35\xfd\x03\x53\x0d\xb7" + "\xea\xa4\x08\x70\x2c\x9d\x35\x21\x1e\x67\x21\x54\x12\x45\x91\x51" + "\xba\x22\x62\xbd\x1e\x28\xe5\x6b", + WC_HASH_TYPE_SHA), + INIT_SP80056C_TEST_VECTOR( + "\x71\x5d\xc0\xea\x24\x6b\x46\x56\x63\xa8\x9c\xde\x04\x12\xc1\x92" + "\xe1\x9e\x58\xd5\xb0\xb6\x36\x6d\xa7\x89\xad\xbf\x44\x9a\x38\xaa" + "\x46\x69\xfe\x36\x30\xa2\x0f\x7f\xa3\x14\x9c\x9b\x4b\x0a\xb5\xcd" + "\x3e\x14\x18\x2b\x75\x04\xd5\xd2\x75\x2b\xf6\x58\x7a\xab\xc9\xf4" + "\xcb\x8f\xe5\x29\x23\x6a\xb8\x15\x36\xad\xd2\xbd\x25\xd6\xbf\x9d" + "\x5f\x1d\xf5\x76\x16\x5a\xa5\x5c\x24\x99\x61\xd8\xf8\x75\x00\xed" + "\x8d\xbf\xc5\xd2\x50\x53\x4c\x07\xd9\x9a\xc9\x17\xf9\x84\x60\x46" + "\xac\x5c\xb8\xa2\x98\x74\x26\x22\xd3\xc9\x86\x18\x06\x92\x46\xe8" + "\xad\x37\x11\x25\x57\xe0\xe6\x34\xb5\x81\x32\x7a\x4a\xd3\x2c\x7c" + "\x76\x4b\xe8\xf8\x08\x0d\x37\x2c\x63\x20\x93\xa7\x67\xf1\x55\xbd" + "\x22\xec\x00\x3c\xa6\x1c\x8b\x43\x32\x0f\x3a\xbe\xb5\xdd\xc4\xa3" + "\xb1\x89\x82\xfd\xd6\x51\x0f\x88\x3c\x8d\xc1\xe0\xb1\x57\xff\xb9" + "\xcf\xc0\xa5\x9c\xe2\xd4\x05\x5f\xfc\x73\xe7\x15\x2a\x6a\x95\x43" + "\xb9\x19\xe7\x94\xe9\x49\x61\x33\xbe\x2a\x23\x18\xd9\x05\x6e\xfd" + "\x74\x48\x2d\xc6\x3c\x0d\xb5\x8f\xe6\x42\x6b\x0f\xe7\x35\x45\x42" + "\xc2\x19\x7a\xb6\xbd\x35\xf1\xa9\x2d\xce\x90\xb1\xc4\x6d\x32\xc1", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x1b\x5f\xcc\x8d\x81\xa5\xd9\xa9\x36\x94\xe6\x47\x77\x88\xd8\x03" + "\x15\x84\xc3\xf5\x2e\x9f\x11\x7a\xe8\x18\x4d\xba\x56\x47\x9d\x87" + "\x66\x76\x92\xf1\x2d\x7b\xd3\x8b", + WC_HASH_TYPE_SHA), + INIT_SP80056C_TEST_VECTOR( + "\x33\xe0\x50\xbd\x20\x9f\x2d\xf2\x77\x19\x78\xfc\xd1\xd4\xc8\x2e" + "\x49\xd0\x1d\x65\xbb\x62\x03\x20\xd3\x0b\xfe\xa8\x7a\xa8\x69\xe1" + "\x07\xa5\x17\xa4\xc8\x5b\x69\x28\x45\x21\xca\x54\xb7\x7f\x59\xe9" + "\x4a\x85\x6d\xaa\x30\xa3\x85\xa5\x25\xd8\xa3\xf7\xe1\x5e\xe5\xe9" + "\xaa\x12\x8d\x45\xef\x63\xf9\x0c\x10\xe0\x8f\xc5\x26\x36\x13\x77" + "\x81\x54\x7a\x58\x9f\x97\x87\xf9\xd7\xdd\x61\x43\x41\x9a\x26\x16" + "\x80\x16\x82\x40\xaa\xb2\x01\x3d\x80\x20\xdb\xe8\x4b\x7e\x2b\xed" + "\xce\x67\x1b\x94\x03\xbd\x1f\x91\x71\xa2\x57\x90\xce\x66\x7d\xed", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x35\x10\x85\x85\xfc\x55\x62\xb5\xf1\x8f\x20\x7b\xa8\x35\x63\xe4" + "\x49\x28\x45\x6a\x5e\x53\x63\x7e\xae\x6b\xb5\xfc\x33\x88\xae\x02" + "\x91\x79\x0a\x1d\xc8\x31\x4e\x28", + WC_HASH_TYPE_SHA), + INIT_SP80056C_TEST_VECTOR( + "\x5c\x80\x4f\x45\x4d\x30\xd9\xc4\xdf\x85\x27\x1f\x93\x52\x8c\x91" + "\xdf\x6b\x48\xab\x5f\x80\xb3\xb5\x9c\xaa\xc1\xb2\x8f\x8a\xcb\xa9" + "\xcd\x3e\x39\xf3\xcb\x61\x45\x25\xd9\x52\x1d\x2e\x64\x4c\x53\xb8" + "\x07\xb8\x10\xf3\x40\x06\x2f\x25\x7d\x7d\x6f\xbf\xe8\xd5\xe8\xf0" + "\x72\xe9\xb6\xe9\xaf\xda\x94\x13\xea\xfb\x2e\x8b\x06\x99\xb1\xfb" + "\x5a\x0c\xac\xed\xde\xae\xad\x7e\x9c\xfb\xb3\x6a\xe2\xb4\x20\x83" + "\x5b\xd8\x3a\x19\xfb\x0b\x5e\x96\xbf\x8f\xa4\xd0\x9e\x34\x55\x25" + "\x16\x7e\xcd\x91\x55\x41\x6f\x46\xf4\x08\xed\x31\xb6\x3c\x6e\x6d", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\xfa\xa0\x22\xce\x7f\xa9\xba\x95\xeb\xa3\x9f\x3f\x44\xf3\xee\x14" + "\x96\x0a\x0b\x23\x9d\x01\x4b\x57\x70\xe4\x71\xd7\x5a\x99\xea\x87" + "\x10\xe3\x8f\x0c\xef\x0f\xfc\x67", + WC_HASH_TYPE_SHA), + INIT_SP80056C_TEST_VECTOR( + "\xad\x42\x01\x82\x63\x3f\x85\x26\xbf\xe9\x54\xac\xda\x37\x6f\x05" + "\xe5\xff\x4f\x83\x7f\x54\xfe\xbe\x0f\xb1\x2a\x1b\x3b\xeb\xf2\x63" + "\xee\x21\x64\x13\xed\x06\xa8\x4a\x12\xeb\x51\x11\x59\xf1\x33\x7d", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x6f\xef\x44\x2f\xc1\x7a\x7e\x2b\x0c\x9d\xec\xe0\xe4\x7a\x57\x48" + "\xac\xb4\x6a\xf1\x98\xd7\x67\x47\x0f\x28\xa1\x04\xb5\x61\x30\xae" + "\xb0\x10\x09\xa4\x56\x82\xa5\xe1", + WC_HASH_TYPE_SHA), +#endif +#if defined(WOLFSSL_SHA224) + /* SHA-224*/ + INIT_SP80056C_TEST_VECTOR( + "\x8c\x5d\x6e\x5d\x36\x06\x83\xba\x55\xb0\x9d\xb1\x69\x6d\x7c\x64" + "\x02\xff\x87\x88\x5f\xf5\x07\x70\xf2\x76\x7b\x75\x54\x60\x20\x7e" + "\xd5\xc7\x43\xfd\x27\xe7\xeb\x1d\x0c\xa5\x91\xf8\x56\x38\x93\x11" + "\x73\x07\x44\xf2\x04\xd2\xe5\x5b\x8b\xd4\x46\xce\xca\x03\x1f\x7b" + "\xac\xcf\xf1\xa7\x1b\x68\x34\x59\xcc\x54\xd5\x01\xda\xbf\x4a\x84" + "\xcd\xb8\x6d\xfa\xda\xff\x31\x0f\xbd\xba\xf7\x4d\xd5\x1b\xa1\xe1" + "\xe1\x19\x1a\xf1\x4c\x9b\xf8\x94\x43\xbf\x58\x8e\x9c\xe3\x30\x34" + "\xaf\x5e\x89\xbf\x6f\xfc\x47\xd7\xd9\xca\x4a\x5e\x8f\xf8\xa0\x50" + "\x20\xbb\x0f\x95\xbc\xde\x01\x56\xd8\x7f\xb8\x60\xbd\x40\x83\xfa" + "\x5b\x53\x1a\x08\xa4\xfb\x7e\xe0\x20\x1a\xe8\xb3\xcc\xff\xe9\x9f" + "\x27\x0b\xc3\x53\x4b\xaa\xcf\xc0\x01\xcd\xd8\x0a\xd8\x7c\xce\x71" + "\xf0\x91\xe7\x66\xca\x5c\xc2\x75\xcb\x49\x14\x5a\x5e\xe6\x16\x2e" + "\xcc\xf5\x58\xce\xc4\xd3\xee\x53\x1e\x91\xe9\xa5\x29\x69\x63\x4d" + "\x3a\xf8\xd2\x6f\x8d\x15\xdc\x0d\x6f\x6e\x0a\x97\x4b\xe4\x34\x1b" + "\x68\xa0\x19\x90\xdb\xb8\x64\x95\x89\x1a\xd3\xaf\xc1\xe4\xce\xdf" + "\x4c\x6a\xe1\xf1\xcd\x60\x81\xcd\xee\xd8\xe6\xb3\x26\x4e\xc3\xbe" + "\x24\x58\xd1\xc0\xca\x24\x43\x41\x0c\xf3\xb4\x7c\x0c\x25\x4c\x7d" + "\xc8\xec\xb4\x3e\x6c\x23\x64\xe1\xc0\x62\x19\xcc\x7e\xfb\xff\xbb" + "\x63\xd7\xff\xfc\x74\x58\x12\xfd\x24\x0c\x33\xd4\x96\xb9\x99\x2f" + "\x96\x80\xa6\x3c\x07\x96\x3c\x0c\x49\xf3\xc1\xba\xef\xec\xaf\x32" + "\xe2\xaa\x8a\x2f\x7c\xd3\x0d\x8f\x05\x1e\xe2\xf5\x0f\xbf\x05\xab" + "\x13\x96\xa4\xea\x87\x44\x7d\x7b\x98\x1b\x5e\x46\x14\x28\x18\x71" + "\xa6\xf0\xf6\xbf\x1f\xe0\x02\x2f\x7e\xa1\x32\xbe\x0a\xe9\x19\x26" + "\xab\x12\xaf\x6d\xc4\x50\x64\xaa\xd5\x6b\x84\xb9\x0c\x70\x08\x37" + "\x09\xcf\xf7\xe3\x1b\x54\x8f\xb7\xfb\x2c\xf7\x5a\xbf\x96\xe0\x1c" + "\xcd\x3e\x94\x2e\xed\x91\x48\x0d\x4c\x24\xc6\xb7\xf9\x79\xfb\xbe" + "\x5d\xa2\x39\xb3\x76\x16\x7d\x68\x57\x35\x24\xff\xcb\x50\x99\x54" + "\xcc\x80\xa0\xe1\xa7\x1c\x40\xc4\xda\x17\xb8\xd1\x57\x2b\x21\x58" + "\x7a\x8d\x66\xcc\x62\x1c\x7c\xd1\x0f\x49\xab\xd5\xef\x86\x31\x13" + "\xe6\x19\x21\x08\x6f\xac\x25\x31\x2b\x74\x1c\x11\xa8\xfb\xc1\xe3" + "\x3c\x34\xd9\xda\x14\xa8\x22\x47\x7f\xcc\x36\x66\x70\x25\xc4\xf1" + "\x30\xae\x10\x0e\x36\xf1\x5d\xa0\x03\x74\xce\x87\x41\x67\x9f\x61", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x4b\x99\x6a\x60\xc0\x4a\x35\xc5\xe6\xd4\x74\xb1\x0a\x25\x8d\x56" + "\x2e\xa6\xdc\x52\xf6\xc6\x9b\xf3\x9e\xf8\x8c\x89\xe3\xcc\x8a\x54" + "\xda\x2f\x3c\x0b\x56\x1b\x53\xfe\x76\x55\x13\x63\xd6\x9c\x3c\xef" + "\x74\xe3\x4f\xe8\x8e\xb3\xac\x51", + WC_HASH_TYPE_SHA224), + INIT_SP80056C_TEST_VECTOR( + "\x52\x27\x2f\x50\xf4\x6f\x4e\xdc\x91\x51\x56\x90\x92\xf4\x6d\xf2" + "\xd9\x6e\xcc\x3b\x6d\xc1\x71\x4a\x4e\xa9\x49\xfa\x9f\x18\xff\x54" + "\xf8\x87\x23\x07\x3f\x64\xa6\x95\x3d\x04\x91\x4f\x45\xa2\x3e\xee" + "\x7c\xfc\x46\x67\x08\x0a\xa0\xf9", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x77\x56\xbc\xfd\xef\x3e\xe6\x9f\x6a\xc2\x3c\xd2\xdc\x60\x7d\x01" + "\xfa\x8c\xe1\xb2\x4f\x5c\xaa\xaa\x48\xe0\x4b\x81\x63\xe1\x73\x3a" + "\xed\x7a\x04\x0e\x73\xf2\xb5\x42\x36\x8f\x00\x54\x8b\x16\x3c\x3d" + "\xc9\x6d\x70\x09\x99\x16\xf1\x6b", + WC_HASH_TYPE_SHA224), +#endif +#if !defined(NO_SHA256) + /* SHA-256 */ + INIT_SP80056C_TEST_VECTOR( + "\xdd\x0f\x53\x96\x21\x9d\x1e\xa3\x93\x31\x04\x12\xd1\x9a\x08\xf1" + "\xf5\x81\x1e\x9d\xc8\xec\x8e\xea\x7f\x80\xd2\x1c\x82\x0c\x27\x88" + "\x22\x76\x84\xe7\x1f\x5c\x31\x3f\xad\xc9\x1e\x52\x98\x07\xe3\x14" + "\x7d\x53\x14\x5b\x15\xab\xd6\xed\x41\x6a\xd3\x5c\xd7\xe6\x83\x8f", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\xc0\x8b\x3d\xe2\x4f\x1a\x38\x1e\x7a\x56\x75\xa2\xa6\x52\x3b\x08" + "\xf3\x54\x60\x5e\xee\x46\xb9\xf3\x9e\xad\xb1\xe9\x75\x34\x41\x6d" + "\x98\xb4\x3c\xae\x8a\xb0\x4a\xfd\x53\xde\xb3\x7f\x44\x02\x23\x52" + "\xc3\xfb\xde\x1e\x2f\x2c\xec\x53\x1c\xfc\x32\x4f\xdd\x0f\xcc\xa6", + WC_HASH_TYPE_SHA256), + INIT_SP80056C_TEST_VECTOR( + "\x44\xf4\x84\x09\xf3\x1b\xf3\x50\x94\x51\xdb\x4d\x30\x4b\xeb\xd8" + "\x3c\x2a\xd6\x50\x1c\x1b\x85\xe6\x32\xbc\x92\x58\x8e\x2d\x48\xb5" + "\xd2\xb8\x44\x44\x62\xad\x94\xe8\xa4\x44\x94\x1e\xd4\x97\x5c\x97" + "\x91\x17\xd7\x5a\x0a\x2b\xa8\x10\xdf\xa8\x80\x4a\x0f\xe9\x42\x6d" + "\xd7\xeb\x95\xf2\x9c\xa4\x30\xda\x37\xef\xa5\x2c\x42\xda\x1d\xe2" + "\x23\x76\x3b\xdd\xc9\x5e\x46\x6a\xa3\xb8\xd2\x06\xb8\x21\x8e\xdf" + "\x23\x97\x3d\x05\xf3\xc7\xc2\x2b\x22\x46\x53\xd4\xf9\x21\x85\x45" + "\x79\x83\x26\x2f\x27\xbc\x55\xa0\xa7\xae\xe5\x43\x54\x55\xd4\x3c" + "\x0e\x0c\x6d\x80\x67\xad\xaf\x90\x42\xb6\xb7\x77\x7e\x19\x8d\x67" + "\x60\x83\x0d\x96\xb2\x9a\x6a\xae\xf5\x74\xd7\x5e\x2d\x65\x43\x55" + "\x0f\x75\x55\xcf\x89\x82\xc8\x21\xc4\xec\x9b\x82\x66\x2b\x09\x36" + "\x69\xfd\x24\x6d\x4d\xcc\xbf\xf3\x1d\x98\x4e\xf6\x3c\x4f\x95\xd7" + "\x39\xc7\x7e\x66\xf6\x9b\x6d\xb0\xd9\xfc\x1a\x97\x3f\x52\x33\xd1" + "\x1f\xe7\x15\x4b\x8a\x6b\xe1\x50\x46\x7d\x92\xda\xf0\x91\x44\x34" + "\xf0\xcf\x17\x6e\x96\x1b\x31\x3f\xe3\xe2\x3b\xfe\x37\x8b\x87\xba" + "\xf2\x73\x93\x7f\xfa\xa6\x85\x65\x8b\x09\x78\x1d\x26\x97\x86\x4b" + "\x0d\x82\x48\x5c\xf7\xd6\x2f\xfc\xea\x34\x33\x88\xcf\xec\x15\x27" + "\x3a\x39\x4b\x84\x32\xee\xb6\x32\x1b\xe3\x1d\x4f\xcd\x16\x15\xc8" + "\x1c\x69\x37\xc0\x8d\x92\x41\x6e\xdb\xdd\x20\x10\xfa\x8b\x6e\x0a" + "\x8a\x60\x3d\xad\xe0\x10\xbc\x9c\xd7\x6b\x14\xe3\xe2\x19\x0e\x3b" + "\xa3\x00\xe7\x1a\xdd\xbf\x24\x4c\xf8\x06\x29\x49\x76\xea\xf0\x7d" + "\x02\x3b\xdb\x57\xfc\x5d\x19\x64\xc7\xd4\x20\x6e\x72\x06\x1b\xfe" + "\x1e\xe4\xee\xbc\x92\x00\xe1\x3a\x6c\xba\x32\x86\x9d\xbe\x80\x82" + "\xcd\xf3\x64\x5b\x5a\x72\x7d\xd2\x7c\xa5\x03\xf4\xed\xeb\x73\xe8" + "\x8a\x3a\x55\x2c\x7e\x00\xd4\xee\x72\x42\x13\x72\x36\xa0\x96\x5c" + "\x1e\xc3\xeb\xc0\xb4\x8c\x2b\x46\x7e\xb8\x42\x41\x5a\x28\x3f\x55" + "\xe2\x20\xff\xd1\x88\x19\x25\x6d\xa2\x47\x4d\x28\xfc\x3b\x04\xe0" + "\xc0\x7e\x4d\x25\xc1\x74\x93\x41\xd2\x22\x97\x01\x5c\xd8\x17\x8c" + "\x39\x18\xbe\x8c\x5c\xdf\x0f\xbf\xbb\x9a\x5a\xcc\xdd\x82\xaf\x07" + "\x83\xef\xe4\xdf\x64\xa8\xd8\x92\x82\x8f\x8d\xe5\x8c\x5d\x56\x9b" + "\x5b\x08\x45\x58\x96\xc4\xd3\xc3\x4f\xd3\xce\x93\xc4\x34\xc3\x8e" + "\xf5\x6c\xed\x30\x56\x1c\x37\x1a\xf9\xf2\xd8\x64\xfd\xc5\xb6\x2f", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x42\x35\xac\x89\xc9\xf3\x3e\x5d\xbb\x11\x60\x1a\x29\x83\xe3\x76" + "\xe2\x15\x39\x97\x87\xd8\x39\xa0\x38\x55\xfe\x04\x53\x3e\x1a\x67" + "\x66\x91\x5e\x67\xc2\x5e\xeb\x04\x08\x28\xe9\x6c\xd3\xd6\xef\x0a" + "\xb7\xd1\x7b\x43\x13\x43\xa7\xf3\xaa\xc6\x8f\x0c\x4a\x7e\x77\x9b", + WC_HASH_TYPE_SHA256), + /* slightly modified vector to test generation when derivedKeySz % + * hashOutSz != 0*/ + INIT_SP80056C_TEST_VECTOR( + "\xdd\x0f\x53\x96\x21\x9d\x1e\xa3\x93\x31\x04\x12\xd1\x9a\x08\xf1" + "\xf5\x81\x1e\x9d\xc8\xec\x8e\xea\x7f\x80\xd2\x1c\x82\x0c\x27\x88" + "\x22\x76\x84\xe7\x1f\x5c\x31\x3f\xad\xc9\x1e\x52\x98\x07\xe3\x14" + "\x7d\x53\x14\x5b\x15\xab\xd6\xed\x41\x6a\xd3\x5c\xd7\xe6\x83\x8f", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\xc0\x8b\x3d\xe2\x4f\x1a\x38\x1e\x7a\x56\x75\xa2\xa6\x52\x3b\x08" + "\xf3\x54\x60\x5e\xee\x46\xb9\xf3\x9e\xad\xb1\xe9\x75\x34\x41\x6d" + "\x98\xb4\x3c\xae\x8a\xb0\x4a\xfd\x53\xde\xb3\x7f\x44\x02\x23\x52" + "\xc3\xfb\xde\x1e\x2f\x2c\xec\x53\x1c\xfc\x32\x4f\xdd\x0f\xcc", + WC_HASH_TYPE_SHA256), + +#endif +#if defined(WOLFSSL_SHA384) + /* SHA-384 */ + INIT_SP80056C_TEST_VECTOR( + "\x5e\xa1\xfc\x4a\xf7\x25\x6d\x20\x55\x98\x1b\x11\x05\x75\xe0\xa8" + "\xca\xe5\x31\x60\x13\x7d\x90\x4c\x59\xd9\x26\xeb\x1b\x84\x56\xe4" + "\x27\xaa\x8a\x45\x40\x88\x4c\x37\xde\x15\x9a\x58\x02\x8a\xbc\x0e" + "\x88\x76\x9c\xb7\x2f\xc5\xac\x45\x7c\xd5\x8e\x89\x08\x9b\x19\x6a" + "\x70\xbf\x53\x3c\x6d\xc9\x1c\x9c\x7e\x17\x41\xdb\x5e\x7a\xb6\xb0" + "\x84\x9f\x01\xde\xa6\x5f\xed\xd0\x6c\x77\x18\x7c\xd8\x8e\xd0\x30", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x8e\x6e\x26\x5f\x20\x82\xf1\x4d\x34\xda\x23\xe1\x03\x2c\x90\x24" + "\x83\x4a\xf0\x15\x72\xb6\x64\x77\x82\x41\x1b\xdd\xcb\x84\xa5\xda" + "\xee\x11\x7b\xa6\xfb\xa6\xd0\xeb\x28\x08\xef\x8a\xb0\x70\x05\xee" + "\xab\xe5\x2d\x2e\xfd\x31\x12\x1c\x7b\xf9\xd5\xfa\xfc\x40\xe0\x0c" + "\x6d\x6d\xbf\x39\xef\x43\xfe\x97\x15\xc7\x20\x2c\xdc\x2d\xb7\xe8" + "\x2b\x88\xd7\x48\xeb\x84\x25\x8b\xf8\x4d\x85\x82\xf2\xbf\xd9\x40", + WC_HASH_TYPE_SHA384), +#endif +#if defined(WOLFSSL_SHA512) + /* SHA-512 */ + INIT_SP80056C_TEST_VECTOR( + "\x00\xcd\xea\x89\x62\x1c\xfa\x46\xb1\x32\xf9\xe4\xcf\xe2\x26\x1c" + "\xde\x2d\x43\x68\xeb\x56\x56\x63\x4c\x7c\xc9\x8c\x7a\x00\xcd\xe5" + "\x4e\xd1\x86\x6a\x0d\xd3\xe6\x12\x6c\x9d\x2f\x84\x5d\xaf\xf8\x2c" + "\xeb\x1d\xa0\x8f\x5d\x87\x52\x1b\xb0\xeb\xec\xa7\x79\x11\x16\x9c" + "\x20\xcc\x01\x38\xa6\x72\xb6\x95\x8b\xd7\x84\xe5\xd7\xfa\x83\x73" + "\x8a\xc6\x8f\x9b\x34\x23\xb4\x83\xf9\xbf\x53\x9e\x71\x14\x1e\x45" + "\xdb\xfb\x7a\xfe\xd1\x8b\x11\xc0\x02\x8b\x13\xf1\xf8\x60\xef\x43" + "\xc4\x80\xf4\xda\xcd\xa2\x08\x10\x59\xd3\x97\x8c\x99\x9d\x5d\x1a" + "\xde\x34\x54\xe4", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x2d\x4a\x46\xa1\x70\x99\xba\xa8\x33\x0b\xc5\x9d\x4a\x1c\xf5\xae" + "\x3a\x30\x75\xb4\xc6\x2b\xb2\x6e\x7f\xc9\x89\x24\x72\x6d\x27\x4c" + "\x09\x64\x6f\x44\x08\xe6\x85\x8c\x43\xb4\x2d\xae\xd0\x15\xef\x26" + "\x17\x08\xd5\x5e\xf2\x4d\xaa\x7d\x3e\xa3\xd1\xc4\xa0\x8c\xfd\x24" + "\xdb\x60\x00\xa5\xb8\xa6\x7d\xe7\x46\xf3\xd3\xf4\xff\x34\x85\x15" + "\x8f\xd3\xb6\x91\x55\x79\x1d\xf4\x67\x47\xd4\xdb\xbe\x17\xc4\xb5" + "\x58\x46\x2e\x26\xbe\x5e\xd3\x5f\xe6\x80\xe2\x97\x14\x22\xc3\xb0" + "\x1b\x17\xe1\x67\xfc\x43\x7f\x84\x86\x9d\x85\x49\x53\x7b\x33\x38", + WC_HASH_TYPE_SHA512), +#endif + INIT_SP80056C_TEST_VECTOR( + "\x00\xcd\xea\x89\x62\x1c\xfa\x46\xb1\x32\xf9\xe4\xcf\xe2\x26\x1c" + "\xde\x2d\x43\x68\xeb\x56\x56\x63\x4c\x7c\xc9\x8c\x7a\x00\xcd\xe5" + "\x4e\xd1\x86\x6a\x0d\xd3\xe6\x12\x6c\x9d\x2f\x84\x5d\xaf\xf8\x2c" + "\xeb\x1d\xa0\x8f\x5d\x87\x52\x1b\xb0\xeb\xec\xa7\x79\x11\x16\x9c" + "\x20\xcc\x01\x38\xa6\x72\xb6\x95\x8b\xd7\x84\xe5\xd7\xfa\x83\x73" + "\x8a\xc6\x8f\x9b\x34\x23\xb4\x83\xf9\xbf\x53\x9e\x71\x14\x1e\x45" + "\xdb\xfb\x7a\xfe\xd1\x8b\x11\xc0\x02\x8b\x13\xf1\xf8\x60\xef\x43" + "\xc4\x80\xf4\xda\xcd\xa2\x08\x10\x59\xd3\x97\x8c\x99\x9d\x5d\x1a" + "\xde\x34\x54\xe4", + "\x12\x34\x56\x78\x9a\xbc\xde\xf0\x41\x4c\x49\x43\x45\x31\x32\x33" + "\x42\x4f\x42\x42\x59\x34\x35\x36", + "\x2d\x4a", + WC_HASH_TYPE_SHA512), + + }; + + for (i = 0; i < sizeof(vctors) / sizeof(vctors[0]); i++) { + v = &vctors[i]; + ret = wc_KDA_KDF_onestep(v->z, v->zSz, v->fixedInfo, v->fixedInfoSz, + v->derivedKeySz, v->hashType, output, + /* use derivedKeySz to force the function to use a temporary buff + for the last block */ + v->derivedKeySz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(output, v->derivedKey, v->derivedKeySz) != 0) + return WC_TEST_RET_ENC_NC; + } + + /* negative tests */ + ret = wc_KDA_KDF_onestep(NULL, 0, (byte*)"fixed_info", + sizeof("fixed_info"), 16, WC_HASH_TYPE_SHA256, output, 16); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_NC; + ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 1, 16, + WC_HASH_TYPE_SHA256, output, 16); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_NC; + ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 0, 16, + WC_HASH_TYPE_NONE, output, 16); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_NC; + + /* allow empty FixedInfo */ + ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 0, 16, + WC_HASH_TYPE_SHA256, output, 16); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + return 0; +} +#endif /* WC_KDF_NIST_SP_800_56C && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */ + +#if defined(HAVE_CMAC_KDF) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) +/* test vectors from: + * "SP 800-108 Key Derivation Using Pseudorandom Functions - Key-Based" + * - https://csrc.nist.rip/groups/STM/cavp/key-derivation.html + * - CounterMode/KDFCTR_gen.txt + * */ +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp800108_cmac(void) +{ + struct sp800_108_test_vector { + const byte Kin[32]; + word32 KinSz; + const byte fixedInfo[60]; + word32 fixedInfoSz; + const byte Kout[40]; + word32 KoutSz; + }; + struct sp800_108_test_vector * v = NULL; + struct sp800_108_test_vector vctors[] = { + #if !defined(NO_AES_128) + { + /* [PRF=CMAC_AES128] + * [CTRLOCATION=BEFORE_FIXED] + * [RLEN=32_BITS] + * COUNT=0 + * L = 128 + * */ + {0xc1, 0x0b, 0x15, 0x2e, 0x8c, 0x97, 0xb7, 0x7e, + 0x18, 0x70, 0x4e, 0x0f, 0x0b, 0xd3, 0x83, 0x05}, + 16, + {0x98, 0xcd, 0x4c, 0xbb, 0xbe, 0xbe, 0x15, 0xd1, + 0x7d, 0xc8, 0x6e, 0x6d, 0xba, 0xd8, 0x00, 0xa2, + 0xdc, 0xbd, 0x64, 0xf7, 0xc7, 0xad, 0x0e, 0x78, + 0xe9, 0xcf, 0x94, 0xff, 0xdb, 0xa8, 0x9d, 0x03, + 0xe9, 0x7e, 0xad, 0xf6, 0xc4, 0xf7, 0xb8, 0x06, + 0xca, 0xf5, 0x2a, 0xa3, 0x8f, 0x09, 0xd0, 0xeb, + 0x71, 0xd7, 0x1f, 0x49, 0x7b, 0xcc, 0x69, 0x06, + 0xb4, 0x8d, 0x36, 0xc4}, + 60, + {0x26, 0xfa, 0xf6, 0x19, 0x08, 0xad, 0x9e, 0xe8, + 0x81, 0xb8, 0x30, 0x5c, 0x22, 0x1d, 0xb5, 0x3f}, + 16 + }, + { + /* [PRF=CMAC_AES128] + * [CTRLOCATION=BEFORE_FIXED] + * [RLEN=32_BITS] + * COUNT=10 + * L = 256 + * */ + {0x69, 0x5f, 0x1b, 0x1a, 0x16, 0xc9, 0x49, 0xce, + 0xa5, 0x1c, 0xdf, 0x25, 0x54, 0xec, 0x9d, 0x42}, + 16, + {0x4f, 0xce, 0x59, 0x42, 0x83, 0x2a, 0x39, 0x0a, + 0xa1, 0xcb, 0xe8, 0xa0, 0xbf, 0x9d, 0x20, 0x2c, + 0xb7, 0x99, 0xe9, 0x86, 0xc9, 0xd6, 0xb5, 0x1f, + 0x45, 0xe4, 0xd5, 0x97, 0xa6, 0xb5, 0x7f, 0x06, + 0xa4, 0xeb, 0xfe, 0xc6, 0x46, 0x73, 0x35, 0xd1, + 0x16, 0xb7, 0xf5, 0xf9, 0xc5, 0xb9, 0x54, 0x06, + 0x2f, 0x66, 0x18, 0x20, 0xf5, 0xdb, 0x2a, 0x5b, + 0xbb, 0x3e, 0x06, 0x25}, + 60, + {0xd3, 0x4b, 0x60, 0x1e, 0xc1, 0x8c, 0x34, 0xdf, + 0xa0, 0xf9, 0xe0, 0xb7, 0x52, 0x3e, 0x21, 0x8b, + 0xdd, 0xdb, 0x9b, 0xef, 0xe8, 0xd0, 0x8b, 0x6c, + 0x02, 0x02, 0xd7, 0x5a, 0xce, 0x0d, 0xba, 0x89}, + 32 + }, + #endif /* !NO_AES_128 */ + + #if !defined(NO_AES_192) + { + /* [PRF=CMAC_AES192] + * [CTRLOCATION=BEFORE_FIXED] + * [RLEN=32_BITS] + * COUNT=39 + * L = 320 + * */ + {0x4c, 0x51, 0xbe, 0xa8, 0x97, 0x5b, 0xe9, 0xe5, + 0xa0, 0xe4, 0x29, 0xa7, 0xfa, 0xc4, 0x0b, 0x66, + 0x3f, 0x32, 0x99, 0x15, 0x7d, 0x1f, 0x5d, 0x67}, + 24, + {0xf8, 0x6e, 0x42, 0xc6, 0x6d, 0x49, 0xa8, 0xbe, + 0xda, 0x81, 0x8e, 0x54, 0xd7, 0xc5, 0xa8, 0x1d, + 0x00, 0xd0, 0x2f, 0xc8, 0x9d, 0x2a, 0x54, 0xe8, + 0x0f, 0x19, 0xa8, 0x03, 0x4a, 0xd5, 0xe7, 0x0b, + 0xb7, 0x3d, 0x03, 0x27, 0x54, 0x5a, 0xa5, 0xd5, + 0x38, 0x7d, 0xff, 0x0a, 0x60, 0x3e, 0x16, 0x09, + 0x33, 0xf8, 0x94, 0x82, 0x97, 0x71, 0x4d, 0x11, + 0x23, 0x58, 0x55, 0x8f}, + 60, + {0x03, 0xae, 0x7b, 0xa3, 0xd2, 0x05, 0x0b, 0x18, + 0x65, 0xfc, 0x4a, 0x77, 0x91, 0x8a, 0xd4, 0x90, + 0x3a, 0xd5, 0xba, 0xf2, 0x6c, 0x02, 0x29, 0xa4, + 0xda, 0xe4, 0xcc, 0x3b, 0xa6, 0x22, 0x32, 0x54, + 0x7d, 0xcf, 0xbe, 0x65, 0xc1, 0xa2, 0x1e, 0x89}, + 40 + }, + #endif /* !NO_AES_192 */ + + #if !defined(NO_AES_256) + { + /* [PRF=CMAC_AES256] + * [CTRLOCATION=BEFORE_FIXED] + * [RLEN=32_BITS] + * COUNT=39 + * L = 320 + * */ + {0x3a, 0x65, 0x76, 0xa1, 0x54, 0x1e, 0x07, 0xea, + 0xbd, 0x47, 0xc3, 0x53, 0x4a, 0x43, 0x46, 0xab, + 0x39, 0xf1, 0x5e, 0xb0, 0x1d, 0x83, 0xec, 0xf2, + 0x31, 0x90, 0x81, 0xf6, 0xe7, 0xad, 0xa7, 0xe9}, + 32, + {0xa2, 0x59, 0xca, 0xe2, 0xc4, 0xa3, 0x6b, 0x89, + 0x56, 0x3c, 0xb1, 0x48, 0xc7, 0x82, 0x51, 0x34, + 0x3b, 0xbf, 0xab, 0xdc, 0x13, 0xca, 0x7a, 0xc2, + 0x17, 0x1c, 0x2e, 0xb6, 0x02, 0x1f, 0x44, 0x77, + 0xfe, 0xa3, 0x3b, 0x28, 0x72, 0x4d, 0xa7, 0x21, + 0xee, 0x08, 0x7b, 0xff, 0xd7, 0x94, 0xa1, 0x56, + 0x37, 0x54, 0xb4, 0x25, 0xa8, 0xd0, 0x9b, 0x3e, + 0x0d, 0xa5, 0xff, 0xed}, + 60, + {0x99, 0xb7, 0x87, 0xef, 0x90, 0xa1, 0x33, 0xe5, + 0x73, 0x6f, 0xdc, 0xf1, 0x75, 0xc3, 0xa3, 0x80, + 0x50, 0x1f, 0x45, 0xde, 0xc8, 0xf0, 0x93, 0xec, + 0xdd, 0x40, 0x00, 0x65, 0x2f, 0x4f, 0xf1, 0xc6, + 0x57, 0x52, 0x48, 0xa3, 0x63, 0xd4, 0x5d, 0x18}, + 40 + }, + #endif /* !NO_AES_256 */ + }; + size_t i = 0; + int ret = 0; + size_t num_vctors = sizeof(vctors) / sizeof(vctors[0]); + + /* nist vectors tests */ + for (i = 0; i < num_vctors; ++i) { + byte test_Kout[40]; + int n_diff = 0; + + v = &vctors[i]; + XMEMSET(test_Kout, 0, sizeof(test_Kout)); + + ret = wc_KDA_KDF_PRF_cmac(v->Kin, v->KinSz, v->fixedInfo, v->fixedInfoSz, + test_Kout, v->KoutSz, WC_CMAC_AES, + HEAP_HINT, devId); + + if (ret) { + return WC_TEST_RET_ENC_EC(ret); + } + + n_diff = XMEMCMP(v->Kout, test_Kout, v->KoutSz); + if (n_diff) { + WOLFSSL_MSG_EX("error: nist_sp800108_cmac: %d", n_diff); + return WC_TEST_RET_ENC_NC; + } + } + + /* misc tests */ + { + byte dummy_var[WC_AES_BLOCK_SIZE]; + XMEMSET(dummy_var, 0, sizeof(dummy_var)); + + /* test invalid options */ + ret = wc_KDA_KDF_PRF_cmac(NULL, 0, NULL, 0, NULL, 0, + (enum CmacType)0, HEAP_HINT, devId); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + return WC_TEST_RET_ENC_NC; + } + + ret = wc_KDA_KDF_PRF_cmac(dummy_var, 0, dummy_var, 0, dummy_var, 0, + (enum CmacType)0, HEAP_HINT, devId); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + return WC_TEST_RET_ENC_NC; + } + + ret = wc_KDA_KDF_PRF_cmac(dummy_var, 15, dummy_var, 1, dummy_var, 15, + WC_CMAC_AES, HEAP_HINT, devId); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + return WC_TEST_RET_ENC_NC; + } + + ret = wc_KDA_KDF_PRF_cmac(dummy_var, 16, NULL, 1, dummy_var, 1, + WC_CMAC_AES, HEAP_HINT, devId); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + return WC_TEST_RET_ENC_NC; + } + + /* test valid options */ + ret = wc_KDA_KDF_PRF_cmac(dummy_var, 16, dummy_var, 1, dummy_var, 1, + WC_CMAC_AES, HEAP_HINT, devId); + if (ret) { + return WC_TEST_RET_ENC_NC; + } + + ret = wc_KDA_KDF_PRF_cmac(dummy_var, 16, NULL, 0, dummy_var, 1, + WC_CMAC_AES, HEAP_HINT, devId); + if (ret) { + return WC_TEST_RET_ENC_NC; + } + } + + return 0; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_twostep_cmac(void) +{ + int ret = 0; + + #if !defined(NO_AES_192) + { + /* From CMACGenAES192.rsp + * https://csrc.nist.rip/groups/STM/cavp/block-cipher-modes.html + * Count = 40 + * Klen = 24 + * Mlen = 32 + * Tlen = 16 + * produces this intermediate + * K_kdk = {74f74608c04f0f4e47fa640433b6e6fb}, + * and this Kout. */ + const byte salt[AES_192_KEY_SIZE] = + {0x20, 0x51, 0xaf, 0x34, 0x76, 0x2e, 0xbe, 0x55, + 0x6f, 0x72, 0xa5, 0xc6, 0xed, 0xc7, 0x77, 0x1e, + 0xb9, 0x24, 0x5f, 0xad, 0x76, 0xf0, 0x34, 0xbe}; + const byte z[2 * WC_AES_BLOCK_SIZE] = + {0xae, 0x8e, 0x93, 0xc9, 0xc9, 0x91, 0xcf, 0x89, + 0x6a, 0x49, 0x1a, 0x89, 0x07, 0xdf, 0x4e, 0x4b, + 0xe5, 0x18, 0x6a, 0xe4, 0x96, 0xcd, 0x34, 0x0d, + 0xc1, 0x9b, 0x23, 0x78, 0x21, 0xdb, 0x7b, 0x60}; + const byte fixedInfo[60] = + {0xa2, 0x59, 0xca, 0xe2, 0xc4, 0xa3, 0x6b, 0x89, + 0x56, 0x3c, 0xb1, 0x48, 0xc7, 0x82, 0x51, 0x34, + 0x3b, 0xbf, 0xab, 0xdc, 0x13, 0xca, 0x7a, 0xc2, + 0x17, 0x1c, 0x2e, 0xb6, 0x02, 0x1f, 0x44, 0x77, + 0xfe, 0xa3, 0x3b, 0x28, 0x72, 0x4d, 0xa7, 0x21, + 0xee, 0x08, 0x7b, 0xff, 0xd7, 0x94, 0xa1, 0x56, + 0x37, 0x54, 0xb4, 0x25, 0xa8, 0xd0, 0x9b, 0x3e, + 0x0d, 0xa5, 0xff, 0xed}; + const byte Kout[40] = + {0xb4, 0x0c, 0x32, 0xbe, 0x01, 0x27, 0x93, 0xba, + 0xfd, 0xf7, 0x78, 0xc5, 0xf4, 0x54, 0x43, 0xf4, + 0xc9, 0x71, 0x23, 0x93, 0x17, 0x63, 0xd8, 0x3a, + 0x59, 0x27, 0x07, 0xbf, 0xf2, 0xd3, 0x60, 0x59, + 0x50, 0x27, 0x29, 0xca, 0xb8, 0x8b, 0x29, 0x38}; + byte test_Kout[40]; + int n_diff = 0; + + XMEMSET(test_Kout, 0, sizeof(Kout)); + + ret = wc_KDA_KDF_twostep_cmac(salt, sizeof(salt), z, sizeof(z), + fixedInfo, sizeof(fixedInfo), + test_Kout, sizeof(Kout), + HEAP_HINT, devId); + if (ret) { + return WC_TEST_RET_ENC_NC; + } + + n_diff = XMEMCMP(Kout, test_Kout, sizeof(Kout)); + if (n_diff) { + WOLFSSL_MSG_EX("error: nist_sp80056c_cmac: %d", n_diff); + return WC_TEST_RET_ENC_NC; + } + } + #endif /* !NO_AES_192 */ + + { + byte dummy_var[WC_AES_BLOCK_SIZE]; + XMEMSET(dummy_var, 0, sizeof(dummy_var)); + + /* test invalid options */ + ret = wc_KDA_KDF_twostep_cmac(NULL, 0, NULL, 0, NULL, 0, NULL, 0, + HEAP_HINT, devId); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + return WC_TEST_RET_ENC_NC; + } + + ret = wc_KDA_KDF_twostep_cmac(dummy_var, 0, dummy_var, 0, + dummy_var, 0, dummy_var, 0, + HEAP_HINT, devId); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + return WC_TEST_RET_ENC_NC; + } + + ret = wc_KDA_KDF_twostep_cmac(dummy_var, 15, dummy_var, 1, + dummy_var, 1, dummy_var, 1, + HEAP_HINT, devId); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + return WC_TEST_RET_ENC_NC; + } + + ret = wc_KDA_KDF_twostep_cmac(dummy_var, 15, dummy_var, 1, + NULL, 1, dummy_var, 1, + HEAP_HINT, devId); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + return WC_TEST_RET_ENC_NC; + } + + /* test valid options */ + ret = wc_KDA_KDF_twostep_cmac(dummy_var, 16, dummy_var, 1, + dummy_var, 1, dummy_var, 1, + HEAP_HINT, devId); + if (ret) { + return WC_TEST_RET_ENC_NC; + } + + ret = wc_KDA_KDF_twostep_cmac(dummy_var, 16, dummy_var, 1, + NULL, 0, dummy_var, 1, + HEAP_HINT, devId); + if (ret) { + return WC_TEST_RET_ENC_NC; + } + } + + return 0; +} +#endif /* HAVE_CMAC_KDF && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */ + +/* optional macro to add sleep between tests */ +#ifndef TEST_SLEEP +#define TEST_SLEEP() WC_DO_NOTHING +#else + #define TEST_PASS test_pass + #include /* for var args */ + static WC_INLINE void test_pass(const char* fmt, ...) + { + va_list args; + va_start(args, fmt); + STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK(max_relative_stack, vprintf(fmt, args)); + va_end(args); + PRINT_HEAP_CHECKPOINT("",0); + TEST_SLEEP(); + ASSERT_RESTORED_VECTOR_REGISTERS(exit(1);); + } +#endif + +#ifdef TEST_ALWAYS_RUN_TO_END + #define TEST_PASS_stack_size_fail_clause last_failed_test_ret = \ + WC_TEST_RET_ENC_EC(MEMORY_E) +#else + #define TEST_PASS_stack_size_fail_clause \ + return err_sys("post-test check failed", WC_TEST_RET_ENC_NC) +#endif + +/* set test pass output to printf if not overridden */ +#ifndef TEST_PASS + /* redirect to printf */ + #define TEST_PASS(...) { \ + if (STACK_SIZE_CHECKPOINT_WITH_MAX_CHECK \ + (max_relative_stack, printf(__VA_ARGS__)) < 0) { \ + TEST_PASS_stack_size_fail_clause; \ + } \ + PRINT_HEAP_CHECKPOINT("TEST_PASS", 0) \ + ASSERT_RESTORED_VECTOR_REGISTERS(exit(1);); \ + } +#endif + +#ifdef TEST_ALWAYS_RUN_TO_END + #define TEST_FAIL(msg, retval) do { last_failed_test_ret = (retval); wc_test_render_error_message(msg, retval); } while (0) +#elif !defined(TEST_FAIL) + #define TEST_FAIL(msg, retval) return err_sys(msg, retval) +#endif + +#ifdef HAVE_STACK_SIZE +THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args) +#else +wc_test_ret_t wolfcrypt_test(void* args) +#endif +{ + wc_test_ret_t ret; +#if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY) + long heap_baselineAllocs, heap_baselineBytes; +#endif +#ifdef TEST_ALWAYS_RUN_TO_END + int last_failed_test_ret = 0; +#endif + STACK_SIZE_INIT(); + +#if defined(WOLFSSL_TRACK_MEMORY_VERBOSE) && !defined(WOLFSSL_STATIC_MEMORY) + (void)wolfCrypt_heap_peakAllocs_checkpoint(); + heap_baselineAllocs = wolfCrypt_heap_peakAllocs_checkpoint(); + (void)wolfCrypt_heap_peakBytes_checkpoint(); + heap_baselineBytes = wolfCrypt_heap_peakBytes_checkpoint(); +#endif + +#ifdef WC_RNG_SEED_CB + wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT); +#endif + + printf("------------------------------------------------------------------------------\n"); + printf(" wolfSSL version %s\n", LIBWOLFSSL_VERSION_STRING); +#ifdef WOLF_CRYPTO_CB + if (devId != INVALID_DEVID) + printf(" CryptoCB with DevID:%X\n", devId); +#endif + printf("------------------------------------------------------------------------------\n"); + + if (args) { +#ifdef HAVE_WOLFCRYPT_TEST_OPTIONS + int ch; +#endif + ((func_args*)args)->return_code = -1; /* error state */ +#ifdef HAVE_WOLFCRYPT_TEST_OPTIONS + while ((ch = mygetopt(((func_args*)args)->argc, ((func_args*)args)->argv, "s:m:a:h")) != -1) { + switch(ch) { + case 's': +#ifdef HAVE_STACK_SIZE_VERBOSE + max_relative_stack = (ssize_t)atoi(myoptarg); + break; +#else + return err_sys("-s (max relative stack bytes) requires HAVE_STACK_SIZE_VERBOSE (--enable-stacksize=verbose).", WC_TEST_RET_ENC_NC); +#endif + case 'm': +#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE + max_relative_heap_bytes = (ssize_t)atoi(myoptarg); + break; +#else + return err_sys("-m (max relative heap memory bytes) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", WC_TEST_RET_ENC_NC); +#endif + case 'a': +#ifdef WOLFSSL_TRACK_MEMORY_VERBOSE + max_relative_heap_allocs = (ssize_t)atoi(myoptarg); + break; +#else + return err_sys("-a (max relative heap allocs) requires WOLFSSL_TRACK_MEMORY_VERBOSE (--enable-trackmemory=verbose).", WC_TEST_RET_ENC_NC); +#endif + case 'h': + return err_sys("\ +options: [-s max_relative_stack_bytes] [-m max_relative_heap_memory_bytes]\n\ + [-a max_relative_heap_allocs] [-h]\n", 0); + default: + return err_sys("unknown test option. try -h.", WC_TEST_RET_ENC_NC); + } + } +#endif + } + +#ifdef WOLFSSL_STATIC_MEMORY + if (wc_LoadStaticMemory(&HEAP_HINT, gTestMemory, sizeof(gTestMemory), + WOLFMEM_GENERAL, 1) != 0) { + printf("unable to load static memory.\n"); + return(EXIT_FAILURE); + } + #ifndef OPENSSL_EXTRA + wolfSSL_SetGlobalHeapHint(HEAP_HINT); + #endif +#endif + +#if defined(DEBUG_WOLFSSL) && !defined(HAVE_VALGRIND) + wolfSSL_Debugging_ON(); +#endif + +#if defined(OPENSSL_EXTRA) || defined(DEBUG_WOLFSSL_VERBOSE) + wc_SetLoggingHeap(HEAP_HINT); +#endif + +#if defined(HAVE_FIPS) && !defined(WOLFSSL_KERNEL_MODE) + wolfCrypt_SetCb_fips(myFipsCb); + #if FIPS_VERSION3_GE(6,0,0) + printf("FIPS module version in use: %s\n", + wolfCrypt_GetVersion_fips()); + #endif +#endif + +#if !defined(NO_BIG_INT) + if (CheckCtcSettings() != 1) { + printf("Sizeof mismatch (build) %x != (run) %lx\n", + CTC_SETTINGS, (unsigned long)CheckRunTimeSettings()); + return err_sys("Build vs runtime math mismatch\n", WC_TEST_RET_ENC_NC); + } + +#if defined(USE_FAST_MATH) && \ + (!defined(NO_RSA) || !defined(NO_DH) || defined(HAVE_ECC)) + if (CheckFastMathSettings() != 1) + return err_sys("Build vs runtime fastmath FP_MAX_BITS mismatch\n", + WC_TEST_RET_ENC_NC); +#endif /* USE_FAST_MATH */ +#endif /* !NO_BIG_INT */ + +#if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \ + (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448))) + initDefaultName(); +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + ret = wolfAsync_DevOpen(&devId); + if (ret < 0) { + printf("Async device open failed\nRunning without async\n"); + } +#else + (void)devId; +#endif /* WOLFSSL_ASYNC_CRYPT */ + +#ifdef WOLF_CRYPTO_CB +#ifdef HAVE_INTEL_QA_SYNC + devId = wc_CryptoCb_InitIntelQa(); + if (INVALID_DEVID == devId) { + printf("Couldn't init the Intel QA\n"); + } +#endif +#ifdef HAVE_CAVIUM_OCTEON_SYNC + devId = wc_CryptoCb_InitOcteon(); + if (INVALID_DEVID == devId) { + printf("Couldn't init the Cavium Octeon\n"); + } +#endif +#ifdef HAVE_RENESAS_SYNC + devId = wc_CryptoCb_CryptInitRenesasCmn(NULL, &guser_PKCbInfo); + if (devId == INVALID_DEVID) { + printf("Couldn't get the Renesas device ID\n"); + } +#endif +#endif + +#if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \ + !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) + if (devId == INVALID_DEVID) { + /* for testing RNG with crypto callback register function */ + devId = 100; /* any value beside -2 (INVALID_DEVID) */ + wc_CryptoCb_RegisterDevice(devId, rng_crypto_cb, NULL); + } +#endif + + +#ifdef HAVE_SELFTEST + if ( (ret = wolfCrypt_SelfTest()) != 0) + TEST_FAIL("CAVP selftest failed!\n", ret); + else + TEST_PASS("CAVP selftest passed!\n"); +#endif + + if ( (ret = macro_test()) != 0) + TEST_FAIL("macro test failed!\n", ret); + else + TEST_PASS("macro test passed!\n"); + + if ( (ret = error_test()) != 0) + TEST_FAIL("error test failed!\n", ret); + else + TEST_PASS("error test passed!\n"); + + if ( (ret = memory_test()) != 0) + TEST_FAIL("MEMORY test failed!\n", ret); + else + TEST_PASS("MEMORY test passed!\n"); + +#ifndef NO_CODING + if ( (ret = base64_test()) != 0) + TEST_FAIL("base64 test failed!\n", ret); + else + TEST_PASS("base64 test passed!\n"); +#ifdef WOLFSSL_BASE16 + if ( (ret = base16_test()) != 0) + TEST_FAIL("base16 test failed!\n", ret); + else + TEST_PASS("base16 test passed!\n"); +#endif +#endif /* !NO_CODING */ + +#ifndef NO_ASN + if ( (ret = asn_test()) != 0) + TEST_FAIL("asn test failed!\n", ret); + else + TEST_PASS("asn test passed!\n"); +#endif + +#ifndef NO_MD5 + if ( (ret = md5_test()) != 0) + TEST_FAIL("MD5 test failed!\n", ret); + else + TEST_PASS("MD5 test passed!\n"); +#endif + +#ifdef WOLFSSL_MD2 + if ( (ret = md2_test()) != 0) + TEST_FAIL("MD2 test failed!\n", ret); + else + TEST_PASS("MD2 test passed!\n"); +#endif + +#ifndef NO_MD4 + if ( (ret = md4_test()) != 0) + TEST_FAIL("MD4 test failed!\n", ret); + else + TEST_PASS("MD4 test passed!\n"); +#endif + +#ifndef NO_SHA + if ( (ret = sha_test()) != 0) + TEST_FAIL("SHA test failed!\n", ret); + else + TEST_PASS("SHA test passed!\n"); +#endif + +#ifdef WOLFSSL_SHA224 + if ( (ret = sha224_test()) != 0) + TEST_FAIL("SHA-224 test failed!\n", ret); + else + TEST_PASS("SHA-224 test passed!\n"); +#endif + +#ifndef NO_SHA256 + if ( (ret = sha256_test()) != 0) + TEST_FAIL("SHA-256 test failed!\n", ret); + else + TEST_PASS("SHA-256 test passed!\n"); +#endif + +#ifdef WOLFSSL_SHA384 + if ( (ret = sha384_test()) != 0) + TEST_FAIL("SHA-384 test failed!\n", ret); + else + TEST_PASS("SHA-384 test passed!\n"); +#endif + +#ifdef WOLFSSL_SHA512 + if ((ret = sha512_test()) != 0) { + TEST_FAIL("SHA-512 test failed!\n", ret); + } + else { + TEST_PASS("SHA-512 test passed!\n"); + } + +#if !defined(WOLFSSL_NOSHA512_224) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) + if ((ret = sha512_224_test()) != 0) { + TEST_FAIL("SHA-512/224 test failed!\n", ret); + } + else + TEST_PASS("SHA-512/224 test passed!\n"); +#endif /* !defined(WOLFSSL_NOSHA512_224) && !FIPS ... */ + +#if !defined(WOLFSSL_NOSHA512_256) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) + if ((ret = sha512_256_test()) != 0) { + TEST_FAIL("SHA-512/256 test failed!\n", ret); + } + else + TEST_PASS("SHA-512/256 test passed!\n"); +#endif /* !defined(WOLFSSL_NOSHA512_256) & !FIPS ... */ + +#endif /* WOLFSSL_SHA512 */ + +#ifdef WOLFSSL_SHA3 + if ( (ret = sha3_test()) != 0) + TEST_FAIL("SHA-3 test failed!\n", ret); + else + TEST_PASS("SHA-3 test passed!\n"); +#endif + +#ifndef WC_NO_RNG + if ((ret = random_test()) != 0) + TEST_FAIL("RANDOM test failed!\n", ret); + else + TEST_PASS("RANDOM test passed!\n"); +#endif /* WC_NO_RNG */ + +#ifdef WOLFSSL_SHAKE128 + if ( (ret = shake128_test()) != 0) + TEST_FAIL("SHAKE128 test failed!\n", ret); + else + TEST_PASS("SHAKE128 test passed!\n"); +#endif + +#ifdef WOLFSSL_SHAKE256 + if ( (ret = shake256_test()) != 0) + TEST_FAIL("SHAKE256 test failed!\n", ret); + else + TEST_PASS("SHAKE256 test passed!\n"); +#endif + +#ifdef WOLFSSL_SM3 + if ( (ret = sm3_test()) != 0) + return err_sys("SM-3 test failed!\n", ret); + else + TEST_PASS("SM-3 test passed!\n"); +#endif + +#ifndef NO_HASH_WRAPPER + if ( (ret = hash_test()) != 0) + TEST_FAIL("Hash test failed!\n", ret); + else + TEST_PASS("Hash test passed!\n"); +#endif + +#ifdef WOLFSSL_RIPEMD + if ( (ret = ripemd_test()) != 0) + TEST_FAIL("RIPEMD test failed!\n", ret); + else + TEST_PASS("RIPEMD test passed!\n"); +#endif + +#ifdef HAVE_BLAKE2 + if ( (ret = blake2b_test()) != 0) + TEST_FAIL("BLAKE2b test failed!\n", ret); + else + TEST_PASS("BLAKE2b test passed!\n"); +#endif +#ifdef HAVE_BLAKE2S + if ( (ret = blake2s_test()) != 0) + TEST_FAIL("BLAKE2s test failed!\n", ret); + else + TEST_PASS("BLAKE2s test passed!\n"); +#endif + +#ifndef NO_HMAC + #if !defined(NO_MD5) && !(defined(HAVE_FIPS) && defined(HAVE_FIPS_VERSION) \ + && (HAVE_FIPS_VERSION >= 5)) + if ( (ret = hmac_md5_test()) != 0) + TEST_FAIL("HMAC-MD5 test failed!\n", ret); + else + TEST_PASS("HMAC-MD5 test passed!\n"); + #endif + + #ifndef NO_SHA + if ( (ret = hmac_sha_test()) != 0) + TEST_FAIL("HMAC-SHA test failed!\n", ret); + else + TEST_PASS("HMAC-SHA test passed!\n"); + #endif + + #ifdef WOLFSSL_SHA224 + if ( (ret = hmac_sha224_test()) != 0) + TEST_FAIL("HMAC-SHA224 test failed!\n", ret); + else + TEST_PASS("HMAC-SHA224 test passed!\n"); + #endif + + #ifndef NO_SHA256 + if ( (ret = hmac_sha256_test()) != 0) + TEST_FAIL("HMAC-SHA256 test failed!\n", ret); + else + TEST_PASS("HMAC-SHA256 test passed!\n"); + #endif + + #ifdef WOLFSSL_SHA384 + if ( (ret = hmac_sha384_test()) != 0) + TEST_FAIL("HMAC-SHA384 test failed!\n", ret); + else + TEST_PASS("HMAC-SHA384 test passed!\n"); + #endif + + #ifdef WOLFSSL_SHA512 + if ( (ret = hmac_sha512_test()) != 0) + TEST_FAIL("HMAC-SHA512 test failed!\n", ret); + else + TEST_PASS("HMAC-SHA512 test passed!\n"); + #endif + + #if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \ + !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \ + !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512) + if ( (ret = hmac_sha3_test()) != 0) + TEST_FAIL("HMAC-SHA3 test failed!\n", ret); + else + TEST_PASS("HMAC-SHA3 test passed!\n"); + #endif + + #if defined(HAVE_HKDF) && !defined(NO_HMAC) + PRIVATE_KEY_UNLOCK(); + if ( (ret = hkdf_test()) != 0) + TEST_FAIL("HMAC-KDF test failed!\n", ret); + else + TEST_PASS("HMAC-KDF test passed!\n"); + PRIVATE_KEY_LOCK(); + #endif +#endif /* !NO_HMAC */ + +#ifdef WOLFSSL_WOLFSSH + PRIVATE_KEY_UNLOCK(); + if ( (ret = sshkdf_test()) != 0) + TEST_FAIL("SSH-KDF test failed!\n", ret); + else + TEST_PASS("SSH-KDF test passed!\n"); + PRIVATE_KEY_LOCK(); +#endif /* WOLFSSL_WOLFSSH */ + +#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && \ + defined(WOLFSSL_SHA384) && !defined(WOLFSSL_NO_TLS12) + PRIVATE_KEY_UNLOCK(); + if ( (ret = prf_test()) != 0) + TEST_FAIL("PRF test failed!\n", ret); + else + TEST_PASS("PRF test passed!\n"); + PRIVATE_KEY_LOCK(); +#endif /* WOLFSSL_HAVE_PRF && !NO_HMAC && WOLFSSL_SHA384 && !WOLFSSL_NO_TLS12 */ + +#if defined(WOLFSSL_HAVE_PRF) && defined(HAVE_HKDF) && !defined(NO_HMAC) && \ + defined(WOLFSSL_BASE16) && !defined(WOLFSSL_NO_TLS12) + PRIVATE_KEY_UNLOCK(); + if ( (ret = tls12_kdf_test()) != 0) + TEST_FAIL("TLSv1.2 KDF test failed!\n", ret); + else + TEST_PASS("TLSv1.2 KDF test passed!\n"); + PRIVATE_KEY_LOCK(); +#endif /* WOLFSSL_HAVE_PRF && HAVE_HKDF && !NO_HMAC && */ + /* WOLFSSL_BASE16 && !WOLFSSL_NO_TLS12 */ + +#if defined(WOLFSSL_TLS13) && !defined(NO_HMAC) + PRIVATE_KEY_UNLOCK(); + if ( (ret = tls13_kdf_test()) != 0) + TEST_FAIL("TLSv1.3 KDF test failed!\n", ret); + else + TEST_PASS("TLSv1.3 KDF test passed!\n"); + PRIVATE_KEY_LOCK(); +#endif /* WOLFSSL_TLS13 && !NO_HMAC */ + +#if defined(HAVE_X963_KDF) && defined(HAVE_ECC) + if ( (ret = x963kdf_test()) != 0) + TEST_FAIL("X963-KDF test failed!\n", ret); + else + TEST_PASS("X963-KDF test passed!\n"); +#endif + +#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM) && \ + defined(WOLFSSL_AES_256) + PRIVATE_KEY_UNLOCK(); + if ( (ret = hpke_test()) != 0) + TEST_FAIL("HPKE test failed!\n", ret); + else + TEST_PASS("HPKE test passed!\n"); + PRIVATE_KEY_LOCK(); +#endif + +#if defined(WC_SRTP_KDF) + PRIVATE_KEY_UNLOCK(); + if ( (ret = srtpkdf_test()) != 0) + TEST_FAIL("SRTP KDF test failed!\n", ret); + else + TEST_PASS("SRTP KDF test passed!\n"); + PRIVATE_KEY_LOCK(); +#endif + +#if defined(WC_KDF_NIST_SP_800_56C) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) + if ( (ret = nist_sp80056c_kdf_test()) != 0) + TEST_FAIL("NIST SP 800-56C KDF test failed!\n", ret); + else + TEST_PASS("NIST SP 800-56C KDF test passed!\n"); +#endif + +#if defined(HAVE_CMAC_KDF) && (!defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0)) + if ( (ret = nist_sp800108_cmac()) != 0) + TEST_FAIL("NIST SP 800-108 KDF test failed!\n", ret); + else + TEST_PASS("NIST SP 800-108 KDF test passed!\n"); + if ( (ret = nist_sp80056c_twostep_cmac()) != 0) + TEST_FAIL("NIST SP 800-56C two-step KDF test failed!\n", ret); + else + TEST_PASS("NIST SP 800-56C two-step KDF test passed!\n"); +#endif /* HAVE_CMAC_KDF && (!HAVE_FIPS || FIPS_VERSION3_GE(7,0,0)) */ + +#if defined(HAVE_AESGCM) && defined(WOLFSSL_AES_128) && \ + !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \ + !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) + if ( (ret = gmac_test()) != 0) + TEST_FAIL("GMAC test failed!\n", ret); + else + TEST_PASS("GMAC test passed!\n"); +#endif + +#ifdef WC_RC2 + if ( (ret = rc2_test()) != 0) + TEST_FAIL("RC2 test failed!\n", ret); + else + TEST_PASS("RC2 test passed!\n"); +#endif + +#ifndef NO_RC4 + if ( (ret = arc4_test()) != 0) + TEST_FAIL("ARC4 test failed!\n", ret); + else + TEST_PASS("ARC4 test passed!\n"); +#endif + +#ifdef HAVE_CHACHA + if ( (ret = chacha_test()) != 0) + TEST_FAIL("Chacha test failed!\n", ret); + else + TEST_PASS("Chacha test passed!\n"); +#endif + +#ifdef HAVE_XCHACHA + if ( (ret = XChaCha_test()) != 0) + TEST_FAIL("XChacha test failed!\n", ret); + else + TEST_PASS("XChacha test passed!\n"); +#endif + +#ifdef HAVE_POLY1305 + if ( (ret = poly1305_test()) != 0) + TEST_FAIL("POLY1305 test failed!\n", ret); + else + TEST_PASS("POLY1305 test passed!\n"); +#endif + +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) + if ( (ret = chacha20_poly1305_aead_test()) != 0) + TEST_FAIL("ChaCha20-Poly1305 AEAD test failed!\n", ret); + else + TEST_PASS("ChaCha20-Poly1305 AEAD test passed!\n"); +#endif + +#ifdef HAVE_ASCON + if ( (ret = ascon_hash256_test()) != 0) + return err_sys("ASCON Hash test failed!\n", ret); + else + TEST_PASS("ASCON Hash test passed!\n"); + + if ( (ret = ascon_aead128_test()) != 0) + return err_sys("ASCON AEAD test failed!\n", ret); + else + TEST_PASS("ASCON AEAD test passed!\n"); +#endif + +#if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305) + if ( (ret = XChaCha20Poly1305_test()) != 0) + TEST_FAIL("XChaCha20-Poly1305 AEAD test failed!\n", ret); + else + TEST_PASS("XChaCha20-Poly1305 AEAD test passed!\n"); +#endif + +#ifndef NO_DES3 + if ( (ret = des_test()) != 0) + TEST_FAIL("DES test failed!\n", ret); + else + TEST_PASS("DES test passed!\n"); +#endif + +#ifndef NO_DES3 + if ( (ret = des3_test()) != 0) + TEST_FAIL("DES3 test failed!\n", ret); + else + TEST_PASS("DES3 test passed!\n"); +#endif + +#ifndef NO_AES + /* key sizes, ECB and Direct tests */ + if ( (ret = aes_test()) != 0) + TEST_FAIL("AES test failed!\n", ret); + else + TEST_PASS("AES test passed!\n"); + +#if defined(WOLFSSL_AES_192) && \ + !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) + if ( (ret = aes192_test()) != 0) + TEST_FAIL("AES192 test failed!\n", ret); + else + TEST_PASS("AES192 test passed!\n"); +#endif + +#if defined(WOLFSSL_AES_256) + if ( (ret = aes256_test()) != 0) + TEST_FAIL("AES256 test failed!\n", ret); + else + TEST_PASS("AES256 test passed!\n"); +#endif + +#ifdef HAVE_AES_CBC + if ( (ret = aes_cbc_test()) != 0) + TEST_FAIL("AES-CBC test failed!\n", ret); + else + TEST_PASS("AES-CBC test passed!\n"); +#endif + +#ifdef WOLFSSL_AES_COUNTER + if ( (ret = aes_ctr_test()) != 0) + TEST_FAIL("AES-CTR test failed!\n", ret); + else + TEST_PASS("AES-CTR test passed!\n"); +#endif + +#ifdef WOLFSSL_AES_OFB + if ( (ret = aesofb_test()) != 0) + TEST_FAIL("AES-OFB test failed!\n", ret); + else + TEST_PASS("AES-OFB test passed!\n"); +#endif + +#ifdef HAVE_AESGCM + #if !defined(WOLFSSL_AFALG) && !defined(WOLFSSL_DEVCRYPTO) + if ( (ret = aesgcm_test()) != 0) + TEST_FAIL("AES-GCM test failed!\n", ret); + #endif + #if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) && \ + !defined(WOLFSSL_RENESAS_FSPSM_CRYPTONLY) && \ + !defined(WOLFSSL_KCAPI_AES) && !(defined(WOLF_CRYPTO_CB) && \ + (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))) + if ((ret = aesgcm_default_test()) != 0) { + TEST_FAIL("AES-GCM test failed!\n", ret); + } + #endif + if (ret == 0) { + TEST_PASS("AES-GCM test passed!\n"); + } +#endif + +#if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) + if ( (ret = aesccm_test()) != 0) + TEST_FAIL("AES-CCM test failed!\n", ret); + else + TEST_PASS("AES-CCM test passed!\n"); +#endif + +#ifdef WOLFSSL_AES_CFB + if ( (ret = aes_cfb_test()) != 0) + TEST_FAIL("AES-CFB test failed!\n", ret); + else + TEST_PASS("AES-CFB test passed!\n"); +#endif + +#ifdef WOLFSSL_AES_XTS + if ( (ret = aes_xts_test()) != 0) + TEST_FAIL("AES-XTS test failed!\n", ret); + else + TEST_PASS("AES-XTS test passed!\n"); +#endif + +#ifdef HAVE_AES_KEYWRAP + if ( (ret = aeskeywrap_test()) != 0) + TEST_FAIL("AES Key Wrap test failed!\n", ret); + else + TEST_PASS("AES Key Wrap test passed!\n"); +#endif +#if defined(WOLFSSL_AES_SIV) && defined(WOLFSSL_AES_128) + if ( (ret = aes_siv_test()) != 0) + TEST_FAIL("AES-SIV test failed!\n", ret); + else + TEST_PASS("AES-SIV test passed!\n"); +#endif +#endif /* !NO_AES */ + +#if defined(WOLFSSL_AES_EAX) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) + if ( (ret = aes_eax_test()) != 0) + TEST_FAIL("AES-EAX test failed!\n", ret); + else + TEST_PASS("AES-EAX test passed!\n"); +#endif /* WOLFSSL_AES_EAX */ + +#ifdef HAVE_ARIA + if ( (ret = ariagcm_test(MC_ALGID_ARIA_128BITKEY)) != 0) + TEST_FAIL("ARIA128 test failed!\n", ret); + else + TEST_PASS("ARIA128 test passed!\n"); + + if ( (ret = ariagcm_test(MC_ALGID_ARIA_192BITKEY)) != 0) + TEST_FAIL("ARIA192 test failed!\n", ret); + else + TEST_PASS("ARIA192 test passed!\n"); + + if ( (ret = ariagcm_test(MC_ALGID_ARIA_256BITKEY)) != 0) + TEST_FAIL("ARIA256 test failed!\n", ret); + else + TEST_PASS("ARIA256 test passed!\n"); +#endif + +#ifdef HAVE_CAMELLIA + if ( (ret = camellia_test()) != 0) + TEST_FAIL("CAMELLIA test failed!\n", ret); + else + TEST_PASS("CAMELLIA test passed!\n"); +#endif + +#ifdef WOLFSSL_SM4 + if ( (ret = sm4_test()) != 0) + return err_sys("SM-4 test failed!\n", ret); + else + TEST_PASS("SM-4 test passed!\n"); +#endif + +#if !defined(NO_RSA) && !defined(HAVE_RENESAS_SYNC) + #ifdef WC_RSA_NO_PADDING + if ( (ret = rsa_no_pad_test()) != 0) + TEST_FAIL("RSA NOPAD test failed!\n", ret); + else + TEST_PASS("RSA NOPAD test passed!\n"); + #endif + if ( (ret = rsa_test()) != 0) + TEST_FAIL("RSA test failed!\n", ret); + else + TEST_PASS("RSA test passed!\n"); +#endif + +#ifndef NO_DH + PRIVATE_KEY_UNLOCK(); + if ( (ret = dh_test()) != 0) + TEST_FAIL("DH test failed!\n", ret); + else + TEST_PASS("DH test passed!\n"); + PRIVATE_KEY_LOCK(); +#endif + +#ifndef NO_DSA + if ( (ret = dsa_test()) != 0) + TEST_FAIL("DSA test failed!\n", ret); + else + TEST_PASS("DSA test passed!\n"); +#endif + +#ifdef WOLFCRYPT_HAVE_SRP + if ( (ret = srp_test()) != 0) + TEST_FAIL("SRP test failed!\n", ret); + else + TEST_PASS("SRP test passed!\n"); +#endif + +#ifndef NO_PWDBASED + PRIVATE_KEY_UNLOCK(); + if ( (ret = pwdbased_test()) != 0) + TEST_FAIL("PWDBASED test failed!\n", ret); + else + TEST_PASS("PWDBASED test passed!\n"); + PRIVATE_KEY_LOCK(); +#endif + +#if defined(USE_CERT_BUFFERS_2048) && \ + defined(HAVE_PKCS12) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ + !defined(NO_CERTS) && !defined(NO_DES3) + if ( (ret = pkcs12_test()) != 0) + TEST_FAIL("PKCS12 test failed!\n", ret); + else + TEST_PASS("PKCS12 test passed!\n"); +#endif + +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) + if ( (ret = openssl_test()) != 0) + TEST_FAIL("OPENSSL test failed!\n", ret); + else + TEST_PASS("OPENSSL test passed!\n"); + + if ( (ret = openSSL_evpMD_test()) != 0) + TEST_FAIL("OPENSSL (EVP MD) test failed!\n", ret); + else + TEST_PASS("OPENSSL (EVP MD) passed!\n"); + + if ( (ret = openssl_pkey0_test()) != 0) + TEST_FAIL("OPENSSL (PKEY0) test failed!\n", ret); + else + TEST_PASS("OPENSSL (PKEY0) passed!\n"); + + if ( (ret = openssl_pkey1_test()) != 0) + TEST_FAIL("OPENSSL (PKEY1) test failed!\n", ret); + else + TEST_PASS("OPENSSL (PKEY1) passed!\n"); + + #if !defined(WOLF_CRYPTO_CB_ONLY_RSA) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + if ( (ret = openssl_evpSig_test()) != 0) + TEST_FAIL("OPENSSL (EVP Sign/Verify) test failed!\n", ret); + else + TEST_PASS("OPENSSL (EVP Sign/Verify) passed!\n"); + #endif +#endif + +#if defined(HAVE_ECC) + PRIVATE_KEY_UNLOCK(); + if ( (ret = ecc_test()) != 0) + TEST_FAIL("ECC test failed!\n", ret); + else + TEST_PASS("ECC test passed!\n"); + PRIVATE_KEY_LOCK(); + #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \ + (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256)) + if ( (ret = ecc_encrypt_test()) != 0) + TEST_FAIL("ECC Enc test failed!\n", ret); + else + TEST_PASS("ECC Enc test passed!\n"); + #endif + #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \ + defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) + /* skip for ATECC508/608A, cannot import private key buffers */ + if ( (ret = ecc_test_buffers()) != 0) + TEST_FAIL("ECC buffer test failed!\n", ret); + else + TEST_PASS("ECC buffer test passed!\n"); + #endif +#endif + +#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) + if ( (ret = cert_test()) != 0) + TEST_FAIL("CERT test failed!\n", ret); + else + TEST_PASS("CERT test passed!\n"); +#endif + +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT) + if ( (ret = certext_test()) != 0) + TEST_FAIL("CERT EXT test failed!\n", ret); + else + TEST_PASS("CERT EXT test passed!\n"); +#endif + +#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) + if ( (ret = decodedCertCache_test()) != 0) + TEST_FAIL("DECODED CERT CACHE test failed!\n", ret); + else + TEST_PASS("DECODED CERT CACHE test passed!\n"); +#endif + +#ifdef HAVE_CURVE25519 + if ( (ret = curve25519_test()) != 0) + TEST_FAIL("CURVE25519 test failed!\n", ret); + else + TEST_PASS("CURVE25519 test passed!\n"); +#endif + +#ifdef HAVE_ED25519 + PRIVATE_KEY_UNLOCK(); + if ( (ret = ed25519_test()) != 0) + TEST_FAIL("ED25519 test failed!\n", ret); + else + TEST_PASS("ED25519 test passed!\n"); + PRIVATE_KEY_LOCK(); +#endif + +#ifdef HAVE_CURVE448 + if ( (ret = curve448_test()) != 0) + TEST_FAIL("CURVE448 test failed!\n", ret); + else + TEST_PASS("CURVE448 test passed!\n"); +#endif + +#ifdef HAVE_ED448 + PRIVATE_KEY_UNLOCK(); + if ( (ret = ed448_test()) != 0) + TEST_FAIL("ED448 test failed!\n", ret); + else + TEST_PASS("ED448 test passed!\n"); + PRIVATE_KEY_LOCK(); +#endif + +#ifdef WOLFSSL_HAVE_MLKEM + if ( (ret = mlkem_test()) != 0) + TEST_FAIL("MLKEM test failed!\n", ret); + else + TEST_PASS("MLKEM test passed!\n"); +#endif + +#ifdef HAVE_DILITHIUM + if ( (ret = dilithium_test()) != 0) + TEST_FAIL("DILITHIUM test failed!\n", ret); + else + TEST_PASS("DILITHIUM test passed!\n"); +#endif + +#if defined(WOLFSSL_HAVE_XMSS) + #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10 + if ( (ret = xmss_test_verify_only()) != 0) + TEST_FAIL("XMSS Vfy test failed!\n", ret); + else + TEST_PASS("XMSS Vfy test passed!\n"); + #endif + + #if !defined(WOLFSSL_XMSS_VERIFY_ONLY) + if ( (ret = xmss_test()) != 0) + TEST_FAIL("XMSS test failed!\n", ret); + else + TEST_PASS("XMSS test passed!\n"); + #endif +#endif /* if defined(WOLFSSL_HAVE_XMSS) */ + +#if defined(WOLFSSL_HAVE_LMS) + #if !defined(WOLFSSL_SMALL_STACK) + #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ + !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) + if ( (ret = lms_test_verify_only()) != 0) + TEST_FAIL("LMS Vfy test failed!\n", ret); + else + TEST_PASS("LMS Vfy test passed!\n"); + #endif + #endif + + #if !defined(WOLFSSL_LMS_VERIFY_ONLY) + if ( (ret = lms_test()) != 0) + TEST_FAIL("LMS test failed!\n", ret); + else + TEST_PASS("LMS test passed!\n"); + #endif +#endif /* if defined(WOLFSSL_HAVE_LMS) */ + +#ifdef WOLFCRYPT_HAVE_ECCSI + if ( (ret = eccsi_test()) != 0) + TEST_FAIL("ECCSI test failed!\n", ret); + else + TEST_PASS("ECCSI test passed!\n"); +#endif +#ifdef WOLFCRYPT_HAVE_SAKKE + if ( (ret = sakke_test()) != 0) + TEST_FAIL("SAKKE test failed!\n", ret); + else + TEST_PASS("SAKKE test passed!\n"); +#endif + +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) + if ( (ret = cmac_test()) != 0) + TEST_FAIL("CMAC test failed!\n", ret); + else + TEST_PASS("CMAC test passed!\n"); +#endif + +#if defined(WOLFSSL_SIPHASH) + if ( (ret = siphash_test()) != 0) + TEST_FAIL("SipHash test failed!\n", ret); + else + TEST_PASS("SipHash test passed!\n"); +#endif + +#ifdef HAVE_LIBZ + if ( (ret = compress_test()) != 0) + TEST_FAIL("COMPRESS test failed!\n", ret); + else + TEST_PASS("COMPRESS test passed!\n"); +#endif + +#ifdef HAVE_PKCS7 + #ifndef NO_PKCS7_ENCRYPTED_DATA + if ( (ret = pkcs7encrypted_test()) != 0) + TEST_FAIL("PKCS7encrypted test failed!\n", ret); + else + TEST_PASS("PKCS7encrypted test passed!\n"); + #endif + #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + if ( (ret = pkcs7compressed_test()) != 0) + TEST_FAIL("PKCS7compressed test failed!\n", ret); + else + TEST_PASS("PKCS7compressed test passed!\n"); + #endif + if ( (ret = pkcs7signed_test()) != 0) + TEST_FAIL("PKCS7signed test failed!\n", ret); + else + TEST_PASS("PKCS7signed test passed!\n"); + + PRIVATE_KEY_UNLOCK(); + if ( (ret = pkcs7enveloped_test()) != 0) + TEST_FAIL("PKCS7enveloped test failed!\n", ret); + else + TEST_PASS("PKCS7enveloped test passed!\n"); + PRIVATE_KEY_LOCK(); + + #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + PRIVATE_KEY_UNLOCK(); + if ( (ret = pkcs7authenveloped_test()) != 0) + TEST_FAIL("PKCS7authenveloped test failed!\n", ret); + else + TEST_PASS("PKCS7authenveloped test passed!\n"); + PRIVATE_KEY_LOCK(); + #endif +#endif + +#if defined(WOLFSSL_PUBLIC_MP) && \ + ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(USE_FAST_MATH)) + if ( (ret = mp_test()) != 0) + TEST_FAIL("mp test failed!\n", ret); + else + TEST_PASS("mp test passed!\n"); +#endif + +#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) && \ + (!defined(NO_DH) || !defined(NO_DSA)) && !defined(WC_NO_RNG) + if ( (ret = prime_test()) != 0) + TEST_FAIL("prime test failed!\n", ret); + else + TEST_PASS("prime test passed!\n"); +#endif + +#if defined(ASN_BER_TO_DER) && \ + (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) + if ( (ret = berder_test()) != 0) + TEST_FAIL("ber-der test failed!\n", ret); + else + TEST_PASS("ber-der test passed!\n"); +#endif + + if ( (ret = logging_test()) != 0) + TEST_FAIL("logging test failed!\n", ret); + else + TEST_PASS("logging test passed!\n"); + +#if !defined(NO_ASN) && !defined(NO_ASN_TIME) + if ( (ret = time_test()) != 0) + TEST_FAIL("time test failed!\n", ret); + else + TEST_PASS("time test passed!\n"); +#endif + +#if defined(__INCLUDE_NUTTX_CONFIG_H) + if ((ret = wolfcrypt_mutex_test()) != 0) +#else + if ((ret = mutex_test()) != 0) +#endif + TEST_FAIL("mutex test failed!\n", ret); + else + TEST_PASS("mutex test passed!\n"); + +#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS) + if ( (ret = memcb_test()) != 0) + TEST_FAIL("memcb test failed!\n", ret); + else + TEST_PASS("memcb test passed!\n"); +#endif + +#ifdef WOLFSSL_CAAM_BLOB + if ( (ret = blob_test()) != 0) + TEST_FAIL("blob test failed!\n", ret); + else + TEST_PASS("blob test passed!\n"); +#endif + +#if defined(WOLF_CRYPTO_CB) && !defined(WC_TEST_NO_CRYPTOCB_SW_TEST) && \ + !(defined(HAVE_INTEL_QAT_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC) || \ + defined(WOLFSSL_QNX_CAAM) || defined(HAVE_RENESAS_SYNC)) + if ( (ret = cryptocb_test()) != 0) + TEST_FAIL("crypto callback test failed!\n", ret); + else + TEST_PASS("crypto callback test passed!\n"); +#endif + +#ifdef WOLFSSL_CERT_PIV + if ( (ret = certpiv_test()) != 0) + TEST_FAIL("cert piv test failed!\n", ret); + else + TEST_PASS("cert piv test passed!\n"); +#endif + +#ifdef WOLF_CRYPTO_CB +#ifdef HAVE_INTEL_QA_SYNC + wc_CryptoCb_CleanupIntelQa(&devId); +#endif +#ifdef HAVE_CAVIUM_OCTEON_SYNC + wc_CryptoCb_CleanupOcteon(&devId); +#endif +#ifdef HAVE_RENESAS_SYNC + wc_CryptoCb_CleanupRenesasCmn(&devId); +#endif +#endif + +#ifdef WOLFSSL_ASYNC_CRYPT + wolfAsync_DevClose(&devId); +#endif + + /* cleanup the thread if fixed point cache is enabled and have thread local */ +#if defined(HAVE_THREAD_LS) && defined(HAVE_ECC) && defined(FP_ECC) + wc_ecc_fp_free(); +#endif + +#ifdef TEST_ALWAYS_RUN_TO_END + if (last_failed_test_ret != 0) + ret = last_failed_test_ret; +#endif + + if (args) + ((func_args*)args)->return_code = ret; + +/* If hardware acceleration and respective metrics tracked, show results: */ +#ifdef WOLFSSL_HW_METRICS + #if defined(WOLFSSL_ESP32_CRYPT_RSA_PRI) && defined(WOLFSSL_HW_METRICS) + esp_hw_show_mp_metrics(); + #endif +#endif + +#if defined(WOLFSSL_STATIC_MEMORY) && !defined(OPENSSL_EXTRA) + wolfSSL_SetGlobalHeapHint(NULL); +#endif + TEST_PASS("Test complete\n"); + + EXIT_TEST(ret); +} /* end of wolfcrypt_test() */ + +#ifndef NO_MAIN_DRIVER + +#ifdef HAVE_WOLFCRYPT_TEST_OPTIONS + int myoptind = 0; + char* myoptarg = NULL; +#endif + + /* so overall tests can pull in test function */ +#if defined(WOLFSSL_ESPIDF) || defined(_WIN32_WCE) + wc_test_ret_t wolf_test_task(void) +#else +#ifndef NO_MAIN_FUNCTION + int main(int argc, char** argv) + { + if (wolfcrypt_test_main(argc, argv) >= 0) + return 0; + else + return 1; + } +#endif + + wc_test_ret_t wolfcrypt_test_main(int argc, char** argv) +#endif + { + wc_test_ret_t ret; + func_args args = { 0, 0, 0 }; +#if defined(WOLFSSL_ESPIDF) || defined(WOLFSSL_SE050) + /* set dummy wallclock time. */ + struct timeval utctime; + struct timezone tz; + utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */ + utctime.tv_usec = 0; + tz.tz_minuteswest = 0; + tz.tz_dsttime = 0; + settimeofday(&utctime, &tz); +#endif +#ifdef WOLFSSL_APACHE_MYNEWT + #ifdef ARCH_sim + mcu_sim_parse_args(argc, argv); + #endif + sysinit(); + + /* set dummy wallclock time. */ + struct os_timeval utctime; + struct os_timezone tz; + utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */ + utctime.tv_usec = 0; + tz.tz_minuteswest = 0; + tz.tz_dsttime = 0; + os_settimeofday(&utctime, &tz); +#endif +#ifdef WOLFSSL_ZEPHYR + /* set dummy wallclock time. */ + struct timespec utctime; + utctime.tv_sec = 1521725159; /* dummy time: 2018-03-22T13:25:59+00:00 */ + utctime.tv_nsec = 0; + clock_settime(CLOCK_REALTIME, &utctime); +#endif +#ifdef DEVKITPRO + void *framebuffer; + GXRModeObj *rmode = NULL; + + VIDEO_Init(); + WPAD_Init(); + + rmode = VIDEO_GetPreferredMode(NULL); +#pragma GCC diagnostic ignored "-Wbad-function-cast" + framebuffer = MEM_K0_TO_K1(SYS_AllocateFramebuffer(rmode)); +#pragma GCC diagnostic pop + console_init(framebuffer,20,20,rmode->fbWidth,rmode->xfbHeight,rmode->fbWidth*VI_DISPLAY_PIX_SZ); + + VIDEO_Configure(rmode); + VIDEO_SetNextFramebuffer(framebuffer); + VIDEO_SetBlack(FALSE); + VIDEO_Flush(); + VIDEO_WaitVSync(); + if(rmode->viTVMode&VI_NON_INTERLACE) VIDEO_WaitVSync(); +#endif +#ifdef WOLFSSL_NDS + /* Init Console output */ + consoleDemoInit(); + + /* Init the Filesystem */ + fatInitDefault(); +#endif + +#ifdef HAVE_WNR + if ((ret = wc_InitNetRandom(wnrConfigFile, NULL, 5000)) != 0) { + err_sys("Whitewood netRandom global config failed", + WC_TEST_RET_ENC_EC(ret)); + return WC_TEST_RET_ENC_EC(ret); + } +#endif +#ifndef WOLFSSL_ESPIDF + args.argc = argc; + args.argv = argv; +#endif + if ((ret = wolfCrypt_Init()) != 0) { + printf("wolfCrypt_Init failed %d\n", (int)ret); + err_sys("Error with wolfCrypt_Init!\n", WC_TEST_RET_ENC_EC(ret)); + } + +#ifdef HAVE_WC_INTROSPECTION + printf("Math: %s\n", wc_GetMathInfo()); +#endif + + if (ret == 0) { +#ifdef HAVE_STACK_SIZE + StackSizeCheck(&args, wolfcrypt_test); +#else + wolfcrypt_test(&args); +#endif + } + + if ((ret = wolfCrypt_Cleanup()) != 0) { + printf("wolfCrypt_Cleanup failed %d\n", (int)ret); + err_sys("Error with wolfCrypt_Cleanup!\n", WC_TEST_RET_ENC_EC(ret)); + } + +#ifdef HAVE_WNR + if ((ret = wc_FreeNetRandom()) < 0) + err_sys("Failed to free netRandom context", + WC_TEST_RET_ENC_EC(ret)); +#endif /* HAVE_WNR */ +#ifdef DOLPHIN_EMULATOR + /* Returning from main panics the emulator. Just hang + * and let the user force quit the emulator window. */ + printf("args.return_code: %d\n", args.return_code); + printf("Testing complete. You may close the window now\n"); + while (1); +#endif + +#ifdef WOLFSSL_NDS + /* in Nintendo DS returning from main shuts down the Device without letting you see the Results. */ + printf("args.return_code: %d\n", args.return_code); + printf("Testing complete. Press Start to exit the Program\n"); + while(1) { + swiWaitForVBlank(); + scanKeys(); + int keys = keysDown(); + if(keys & KEY_START) break; + } +#endif + +#if defined(WOLFSSL_ESPIDF) + /* ESP_LOGI to print takes up a lot less memory than printf */ + ESP_LOGI(ESPIDF_TAG, "Exiting main with return code: % d\n", + args.return_code); +#else + /* gate this for target platforms wishing to avoid printf reference */ + printf("Exiting main with return code: %ld\n", (long int)args.return_code); +#endif + + return args.return_code; + } /* wolfcrypt_test_main or wolf_test_task */ + +#endif /* NO_MAIN_DRIVER */ + + +/* helper to save DER, convert to PEM and save PEM */ +#if !defined(NO_ASN) && (defined(HAVE_ECC) || !defined(NO_DSA) || \ +(!defined(NO_RSA) && (defined(WOLFSSL_KEY_GEN) || defined(WOLFSSL_CERT_GEN)))) + +#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) +#define SaveDerAndPem(d, dSz, fD, fP, pT) _SaveDerAndPem(d, dSz, fD, fP, pT, WC_TEST_RET_LN) +#else +#define SaveDerAndPem(d, dSz, fD, fP, pT) _SaveDerAndPem(d, dSz, NULL, NULL, pT, WC_TEST_RET_LN) +#endif + +static wc_test_ret_t _SaveDerAndPem(const byte* der, int derSz, + const char* fileDer, const char* filePem, int pemType, int calling_line) +{ +#if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) + wc_test_ret_t ret; + XFILE derFile; + + derFile = XFOPEN(fileDer, "wb"); + if (!derFile) { + return WC_TEST_RET_ENC(calling_line, 0, WC_TEST_RET_TAG_I); + } + ret = (int)XFWRITE(der, 1, (size_t)derSz, derFile); + XFCLOSE(derFile); + if (ret != derSz) { + return WC_TEST_RET_ENC(calling_line, 1, WC_TEST_RET_TAG_I); + } +#endif + +#if defined(WOLFSSL_DER_TO_PEM) && !defined(NO_CERTS) + if (filePem) { + #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) + XFILE pemFile; + #endif + #ifndef WOLFSSL_NO_MALLOC + byte* pem; + #else + byte pem[2048]; + #endif + int pemSz; + + /* calculate PEM size */ + pemSz = wc_DerToPem(der, (word32)derSz, NULL, 0, pemType); + if (pemSz < 0) { + return WC_TEST_RET_ENC(calling_line, 2, WC_TEST_RET_TAG_I); + } + #ifndef WOLFSSL_NO_MALLOC + pem = (byte*)XMALLOC((word32)pemSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pem == NULL) { + return WC_TEST_RET_ENC(calling_line, 3, WC_TEST_RET_TAG_I); + } + #else + if (pemSz > (int)sizeof(pem)) + return WC_TEST_RET_ENC_EC(BAD_FUNC_ARG); + #endif + /* Convert to PEM */ + pemSz = wc_DerToPem(der, (word32)derSz, pem, (word32)pemSz, pemType); + if (pemSz < 0) { + #ifndef WOLFSSL_NO_MALLOC + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return WC_TEST_RET_ENC(calling_line, 4, WC_TEST_RET_TAG_I); + } + #if !defined(NO_FILESYSTEM) && !defined(NO_WRITE_TEMP_FILES) + pemFile = XFOPEN(filePem, "wb"); + if (!pemFile) { + #ifndef WOLFSSL_NO_MALLOC + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return WC_TEST_RET_ENC(calling_line, 5, WC_TEST_RET_TAG_I); + } + ret = (int)XFWRITE(pem, 1, (size_t)pemSz, pemFile); + XFCLOSE(pemFile); + if (ret != pemSz) { + #ifndef WOLFSSL_NO_MALLOC + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return WC_TEST_RET_ENC(calling_line, 6, WC_TEST_RET_TAG_I); + } + #endif + #ifndef WOLFSSL_NO_MALLOC + XFREE(pem, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + } +#endif /* WOLFSSL_DER_TO_PEM */ + + /* suppress unused variable warnings */ + (void)der; + (void)derSz; + (void)filePem; + (void)fileDer; + (void)pemType; + (void)calling_line; + + return 0; +} +#endif /* WOLFSSL_KEY_GEN || WOLFSSL_CERT_GEN */ + +static wc_test_ret_t safe_sum_word32_test(void) { + word32 out; + int ret; + int i; + + static const struct { + word32 a; + word32 b; + word32 e; + int t; + } cases[] = { + #define u_max 4294967295U + #define half (4294967295U / 2U) + { 0, 0, 0, 1 }, + { 1, 1, 2, 1 }, + { u_max, 0, u_max, 1 }, + { u_max - 1, 1, u_max, 1 }, + { u_max, 1, u_max, 0 }, + { 0, u_max, u_max, 1 }, + { half, half, half * 2U, 1 }, + { u_max - 1, 2, u_max, 0 } + #undef half + #undef u_max + }; + + for (i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); ++i) { + ret = WC_SAFE_SUM_UNSIGNED_CLIP(word32, cases[i].a, cases[i].b, out); + if (out != cases[i].e || ret != cases[i].t) + return WC_TEST_RET_ENC_I(i); + out = 10; + ret = WC_SAFE_SUM_UNSIGNED(word32, cases[i].a, cases[i].b, out); + if ((ret != cases[i].t) || (ret && (out != cases[i].e))) + return WC_TEST_RET_ENC_I(i); + } + + return 0; +} + +static wc_test_ret_t safe_sub_word32_test(void) { + word32 out; + int ret; + int i; + + static const struct { + word32 a; + word32 b; + word32 e; + int t; + } cases[] = { + #define u_max 4294967295U + { 5, 3, 2, 1 }, + { 0, 0, 0, 1 }, + { 1, 0, 1, 1 }, + { 0, 1, 0, 0 }, + { u_max, u_max, 0, 1 }, + { u_max, 0, u_max, 1 }, + { u_max, 1, u_max - 1, 1 }, + { 1, 2, 0, 0 }, + #undef u_max + }; + + for (i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); ++i) { + ret = WC_SAFE_SUB_UNSIGNED_CLIP(word32, cases[i].a, cases[i].b, out); + if (out != cases[i].e || ret != cases[i].t) + return WC_TEST_RET_ENC_I(i); + out = 10; + ret = WC_SAFE_SUB_UNSIGNED(word32, cases[i].a, cases[i].b, out); + if ((ret != cases[i].t) || (ret && (out != cases[i].e))) + return WC_TEST_RET_ENC_I(i); + } + + return 0; +} + +static wc_test_ret_t safe_sum_sword32_test(void) { + sword32 out; + int ret; + int i; + + static const struct { + sword32 a; + sword32 b; + sword32 e; + int t; + } cases[] = { + #define i_max 2147483647 + #define i_min (-i_max - 1) + #define half (i_max / 2) + { 0, 0, 0, 1 }, + { 1, 1, 2, 1 }, + { i_max, 0, i_max, 1 }, + { i_max - 1, 1, i_max, 1 }, + { i_max, 1, i_max, 0 }, + { 0, i_max, i_max, 1 }, + { -1, -1, -2, 1 }, + { i_min, 0, i_min, 1 }, + { i_min + 1, -1, i_min, 1 }, + { i_min, -1, i_min, 0 }, + { 1, -1, 0, 1 }, + { -1, 1, 0, 1 }, + { half, half + 1, i_max, 1 }, + { half + 1, half + 1, i_max, 0 } + #undef half + #undef i_min + #undef i_max + }; + + for (i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); ++i) { + ret = WC_SAFE_SUM_SIGNED_CLIP(sword32, cases[i].a, cases[i].b, out); + if (out != cases[i].e || ret != cases[i].t) + return WC_TEST_RET_ENC_I(i); + out = 10; + ret = WC_SAFE_SUM_SIGNED(sword32, cases[i].a, cases[i].b, out); + if ((ret != cases[i].t) || (ret && (out != cases[i].e))) + return WC_TEST_RET_ENC_I(i); + } + + return 0; +} + +static wc_test_ret_t safe_sub_sword32_test(void) { + sword32 out; + int ret; + int i; + + static const struct { + sword32 a; + sword32 b; + sword32 e; + int t; + } cases[] = { + #define i_max 2147483647 + #define i_min (-i_max - 1) + { 0, 0, 0, 1 }, + { 5, 3, 2, 1 }, + { 1, -1, 2, 1 }, + { i_max, 0, i_max, 1 }, + { i_max, -1, i_max, 0 }, + { -5, -3, -2, 1 }, + { 0, 1, -1, 1 }, + { i_min, 0, i_min, 1 }, + { i_min + 1, 1, i_min, 1 }, + { i_min, 1, i_min, 0 }, + { 1, 2, -1, 1 }, + { -1, -2, 1, 1 }, + { -1, i_min, i_max, 1 }, + { i_min, -1, i_min + 1, 1 }, + { 2, -3, 5, 1 } + #undef i_min + #undef i_max + }; + + for (i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); ++i) { + ret = WC_SAFE_SUB_SIGNED_CLIP(sword32, cases[i].a, cases[i].b, out); + if (out != cases[i].e || ret != cases[i].t) + return WC_TEST_RET_ENC_I(i); + out = 10; + ret = WC_SAFE_SUB_SIGNED(sword32, cases[i].a, cases[i].b, out); + if ((ret != cases[i].t) || (ret && (out != cases[i].e))) + return WC_TEST_RET_ENC_I(i); + } + + return 0; +} + +#ifdef WORD64_AVAILABLE +static wc_test_ret_t safe_sum_word64_test(void) { + word64 out; + int ret; + int i; + + static const struct { + word64 a; + word64 b; + word64 e; + int t; + } cases[] = { + #define u_max W64LIT(18446744073709551615) + #define half (u_max / 2) + { 0, 0, 0, 1 }, + { 1, 1, 2, 1 }, + { u_max, 0, u_max, 1 }, + { u_max - 1, 1, u_max, 1 }, + { u_max, 1, u_max, 0 }, + { 0, u_max, u_max, 1 }, + { half, half, half * 2ULL, 1 }, + { u_max - 1, 2, u_max, 0 } + #undef half + #undef u_max + }; + + for (i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); ++i) { + ret = WC_SAFE_SUM_UNSIGNED_CLIP(word64, cases[i].a, cases[i].b, out); + if (out != cases[i].e || ret != cases[i].t) + return WC_TEST_RET_ENC_I(i); + out = 10; + ret = WC_SAFE_SUM_UNSIGNED(word64, cases[i].a, cases[i].b, out); + if ((ret != cases[i].t) || (ret && (out != cases[i].e))) + return WC_TEST_RET_ENC_I(i); + } + + return 0; +} + +static wc_test_ret_t safe_sub_word64_test(void) { + word64 out; + int ret; + int i; + + static const struct { + word64 a; + word64 b; + word64 e; + int t; + } cases[] = { + #define u_max W64LIT(18446744073709551615) + { 5, 3, 2, 1 }, + { 0, 0, 0, 1 }, + { 1, 0, 1, 1 }, + { 0, 1, 0, 0 }, + { u_max, u_max, 0, 1 }, + { u_max, 0, u_max, 1 }, + { u_max, 1, u_max - 1, 1 }, + { 1, 2, 0, 0 } + #undef u_max + }; + + for (i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); ++i) { + ret = WC_SAFE_SUB_UNSIGNED_CLIP(word64, cases[i].a, cases[i].b, out); + if (out != cases[i].e || ret != cases[i].t) + return WC_TEST_RET_ENC_I(i); + out = 10; + ret = WC_SAFE_SUB_UNSIGNED(word64, cases[i].a, cases[i].b, out); + if ((ret != cases[i].t) || (ret && (out != cases[i].e))) + return WC_TEST_RET_ENC_I(i); + } + + return 0; +} + +static wc_test_ret_t safe_sum_sword64_test(void) { + sword64 out; + int ret; + int i; + + static const struct { + sword64 a; + sword64 b; + sword64 e; + int t; + } cases[] = { + #define i_max SW64LIT(9223372036854775807) + #define i_min (-i_max-1) + #define half (i_max / 2) + { 0, 0, 0, 1 }, + { 1, 1, 2, 1 }, + { i_max, 0, i_max, 1 }, + { i_max - 1, 1, i_max, 1 }, + { i_max, 1, i_max, 0 }, + { 0, i_max, i_max, 1 }, + { -1, -1, -2, 1 }, + { i_min, 0, i_min, 1 }, + { i_min + 1, -1, i_min, 1 }, + { i_min, -1, i_min, 0 }, + { 1, -1, 0, 1 }, + { -1, 1, 0, 1 }, + { half, half + 1, i_max, 1 }, + { half + 1, half + 1, i_max, 0 } + #undef half + #undef i_min + #undef i_max + }; + + for (i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); ++i) { + ret = WC_SAFE_SUM_SIGNED_CLIP(sword64, cases[i].a, cases[i].b, out); + if (out != cases[i].e || ret != cases[i].t) + return WC_TEST_RET_ENC_I(i); + out = 10; + ret = WC_SAFE_SUM_SIGNED(sword64, cases[i].a, cases[i].b, out); + if ((ret != cases[i].t) || (ret && (out != cases[i].e))) + return WC_TEST_RET_ENC_I(i); + } + + return 0; +} + +static wc_test_ret_t safe_sub_sword64_test(void) { + sword64 out; + int ret; + int i; + + static const struct { + sword64 a; + sword64 b; + sword64 e; + int t; + } cases[] = { + #define i_max SW64LIT(9223372036854775807) + #define i_min (-i_max-1) + { 0, 0, 0, 1 }, + { 5, 3, 2, 1 }, + { 1, -1, 2, 1 }, + { i_max, 0, i_max, 1 }, + { i_max, -1, i_max, 0 }, + { -5, -3, -2, 1 }, + { 0, 1, -1, 1 }, + { i_min, 0, i_min, 1 }, + { i_min + 1, 1, i_min, 1 }, + { i_min, 1, i_min, 0 }, + { 1, 2, -1, 1 }, + { -1, -2, 1, 1 }, + { -1, i_min, i_max, 1 }, + { i_min, -1, i_min + 1, 1 }, + { 2, -3, 5, 1 } + #undef i_min + #undef i_max + }; + + for (i = 0; i < (int)(sizeof(cases) / sizeof(cases[0])); ++i) { + ret = WC_SAFE_SUB_SIGNED_CLIP(sword64, cases[i].a, cases[i].b, out); + if (out != cases[i].e || ret != cases[i].t) + return WC_TEST_RET_ENC_I(i); + out = 10; + ret = WC_SAFE_SUB_SIGNED(sword64, cases[i].a, cases[i].b, out); + if ((ret != cases[i].t) || (ret && (out != cases[i].e))) + return WC_TEST_RET_ENC_I(i); + } + + return 0; +} +#endif /* WORD64_AVAILABLE */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t macro_test(void) +{ + wc_test_ret_t ret; + + ret = safe_sum_word32_test(); + if (ret == 0) + ret = safe_sub_word32_test(); + if (ret == 0) + ret = safe_sum_sword32_test(); + if (ret == 0) + ret = safe_sub_sword32_test(); + +#ifdef WORD64_AVAILABLE + if (ret == 0) + ret = safe_sum_word64_test(); + if (ret == 0) + ret = safe_sub_word64_test(); + if (ret == 0) + ret = safe_sum_sword64_test(); + if (ret == 0) + ret = safe_sub_sword64_test(); +#endif /* WORD64_AVAILABLE */ + + return ret; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void) +{ + const char* errStr; + char out[WOLFSSL_MAX_ERROR_SZ]; /* test fails if too small, < 64 */ + const char* unknownStr = wc_GetErrorString(0); + +#ifdef NO_ERROR_STRINGS + /* Ensure a valid error code's string matches an invalid code's. + * The string is that error strings are not available. + */ + WOLFSSL_ENTER("error_test NO_ERROR_STRINGS"); + errStr = wc_GetErrorString(WC_NO_ERR_TRACE(OPEN_RAN_E)); + wc_ErrorString(WC_NO_ERR_TRACE(OPEN_RAN_E), out); + if (XSTRCMP(errStr, unknownStr) != 0) + return WC_TEST_RET_ENC_NC; + if (XSTRCMP(out, unknownStr) != 0) + return WC_TEST_RET_ENC_NC; +#else + int i; + int j = 0; + /* Values that are not or no longer error codes. */ + static const struct { + int first; + int last; + } missing[] = { + { -124, -124 }, + { -167, -169 }, + { WC_SPAN1_LAST_E - 1, WC_SPAN2_FIRST_E + 1 }, + { WC_SPAN2_LAST_E - 1, WC_SPAN2_MIN_CODE_E } + }; + + /* Check that all errors have a string and it's the same through the two + * APIs. Check that the values that are not errors map to the unknown + * string. + */ + for (i = WC_SPAN1_FIRST_E; i >= WC_SPAN2_MIN_CODE_E; i--) { + int this_missing = 0; + for (j = 0; j < (int)XELEM_CNT(missing); ++j) { + if ((i <= missing[j].first) && (i >= missing[j].last)) { + this_missing = 1; + break; + } + } + errStr = wc_GetErrorString(i); + wc_ErrorString(i, out); + + if (! this_missing) { + if (XSTRCMP(errStr, unknownStr) == 0) { + WOLFSSL_MSG("errStr unknown"); + return WC_TEST_RET_ENC_I(-i); + } + if (XSTRCMP(out, unknownStr) == 0) { + WOLFSSL_MSG("out unknown"); + return WC_TEST_RET_ENC_I(-i); + } + if (XSTRCMP(errStr, out) != 0) { + WOLFSSL_MSG("errStr does not match output"); + return WC_TEST_RET_ENC_I(-i); + } + if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ) { + WOLFSSL_MSG("errStr too long"); + return WC_TEST_RET_ENC_I(-i); + } + } + else { + j++; + if (XSTRCMP(errStr, unknownStr) != 0) + return WC_TEST_RET_ENC_I(-i); + if (XSTRCMP(out, unknownStr) != 0) + return WC_TEST_RET_ENC_I(-i); + } + } + + /* Check if the next possible value has been given a string. */ + errStr = wc_GetErrorString(i); + wc_ErrorString(i, out); + if (XSTRCMP(errStr, unknownStr) != 0) + return WC_TEST_RET_ENC_NC; + if (XSTRCMP(out, unknownStr) != 0) + return WC_TEST_RET_ENC_NC; +#endif + + return 0; +} + +#ifndef NO_CODING + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void) +{ + wc_test_ret_t ret; + static const byte good[] = "A+Gd\0\0\0"; + static const byte goodEnd[] = "A+Gd \r\n"; + static const byte good_spaces[] = " A + G d \0"; + byte out[128]; + word32 outLen; +#ifdef WOLFSSL_BASE64_ENCODE + byte data[3]; + word32 dataLen; + byte longData[79] = { 0 }; + static const byte symbols[] = "+/A="; +#endif + static const byte badSmall[] = "AAA!Gdj="; + static const byte badLarge[] = "AAA~Gdj="; + static const byte badEOL[] = "A+Gd!AA"; + static const byte badPadding[] = "AA=A"; + static const byte badChar[] = ",-.:;<=>?@[\\]^_`"; + static const byte goodChar[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZ" + "abcdefghijklmnopqrstuvwxyz" + "0123456789+/;"; + static const byte charTest[] = "A+Gd\0\0\0"; + static const byte oneByteTest[] = "YQ=="; + static const byte twoByteTest[] = "YWE="; + static const byte threeByteTest[] = "YWFh"; + static const byte fourByteTest[] = "YWFhYQ=="; + static const byte byteTestOutput[] = "aaaa"; + int i; + WOLFSSL_ENTER("base64_test"); + + /* Good Base64 encodings. */ + outLen = sizeof(out); + ret = Base64_Decode(good, sizeof(good), out, &outLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + outLen = sizeof(out); + ret = Base64_Decode(goodEnd, sizeof(goodEnd), out, &outLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + outLen = sizeof(goodChar); + XMEMCPY(out, goodChar, sizeof(goodChar)); + ret = Base64_Decode(out, sizeof(goodChar), out, &outLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (outLen != 64 / 4 * 3) + return WC_TEST_RET_ENC_NC; + outLen = sizeof(out); + ret = Base64_Decode(good_spaces, sizeof(good_spaces), out, &outLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Bad parameters. */ + outLen = 1; + ret = Base64_Decode(good, sizeof(good), out, &outLen); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + + outLen = sizeof(out); + ret = Base64_Decode(badEOL, sizeof(badEOL), out, &outLen); + if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E)) + return WC_TEST_RET_ENC_EC(ret); + outLen = sizeof(out); + ret = Base64_Decode(badPadding, sizeof(badPadding), out, &outLen); + if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E)) + return WC_TEST_RET_ENC_EC(ret); + /* Bad character at each offset 0-3. */ + for (i = 0; i < 4; i++) { + outLen = sizeof(out); + ret = Base64_Decode(badSmall + i, 4, out, &outLen); + if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E)) + return WC_TEST_RET_ENC_I(i); + ret = Base64_Decode(badLarge + i, 4, out, &outLen); + if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E)) + return WC_TEST_RET_ENC_I(i); + } + /* Invalid character less than 0x2b */ + for (i = 1; i < 0x2b; i++) { + outLen = sizeof(out); + XMEMCPY(out, charTest, sizeof(charTest)); + out[0] = (byte)i; + ret = Base64_Decode(out, sizeof(charTest), out, &outLen); + if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E)) + return WC_TEST_RET_ENC_I(i); + } + /* Bad characters in range 0x2b - 0x7a. */ + for (i = 0; i < (int)sizeof(badChar) - 1; i++) { + outLen = sizeof(out); + XMEMCPY(out, charTest, sizeof(charTest)); + out[0] = badChar[i]; + ret = Base64_Decode(out, sizeof(charTest), out, &outLen); + if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E)) + return WC_TEST_RET_ENC_I(i); + } + /* Invalid character greater than 0x7a */ + for (i = 0x7b; i < 0x100; i++) { + outLen = sizeof(out); + XMEMCPY(out, charTest, sizeof(charTest)); + out[0] = (byte)i; + ret = Base64_Decode(out, sizeof(charTest), out, &outLen); + if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E)) + return WC_TEST_RET_ENC_I(i); + } + + /* overrun/right-sized tests */ +#define N_BYTE_TEST(f, n, t) do { \ + outLen = (n) - 1; \ + ret = (f)(t, sizeof(t), out, &outLen); \ + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) \ + return WC_TEST_RET_ENC_EC(ret); \ + outLen = (n); \ + ret = (f)(t, sizeof(t), out, &outLen); \ + if (ret != 0) \ + return WC_TEST_RET_ENC_EC(ret); \ + if (outLen != (n)) \ + return WC_TEST_RET_ENC_I(outLen); \ + ret = XMEMCMP(out, byteTestOutput, (n)); \ + if (ret != 0) \ + return WC_TEST_RET_ENC_I(ret); \ + ret = (f)(t, sizeof(t) - 1, out, &outLen); \ + if (ret != 0) \ + return WC_TEST_RET_ENC_EC(ret); \ + if (outLen != (n)) \ + return WC_TEST_RET_ENC_I(outLen); \ + ret = XMEMCMP(out, byteTestOutput, (n)); \ + if (ret != 0) \ + return WC_TEST_RET_ENC_I(ret); \ + outLen = (n) + 1; \ + out[n] = 1; \ + ret = (f)(t, sizeof(t), out, &outLen); \ + if (ret != 0) \ + return WC_TEST_RET_ENC_EC(ret); \ + if (outLen != (n)) \ + return WC_TEST_RET_ENC_I(outLen); \ + ret = XMEMCMP(out, byteTestOutput, (n)); \ + if (ret != 0) \ + return WC_TEST_RET_ENC_I(ret); \ + if (out[n] != 0) \ + return WC_TEST_RET_ENC_NC; \ + } while (0) + + N_BYTE_TEST(Base64_Decode, 1, oneByteTest); + N_BYTE_TEST(Base64_Decode, 2, twoByteTest); + N_BYTE_TEST(Base64_Decode, 3, threeByteTest); + N_BYTE_TEST(Base64_Decode, 4, fourByteTest); + + /* Same tests again, using Base64_Decode_nonCT() */ + + /* Good Base64 encodings. */ + outLen = sizeof(out); + ret = Base64_Decode_nonCT(good, sizeof(good), out, &outLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + outLen = sizeof(out); + ret = Base64_Decode_nonCT(goodEnd, sizeof(goodEnd), out, &outLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + outLen = sizeof(goodChar); + XMEMCPY(out, goodChar, sizeof(goodChar)); + ret = Base64_Decode_nonCT(out, sizeof(goodChar), out, &outLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (outLen != 64 / 4 * 3) + return WC_TEST_RET_ENC_NC; + outLen = sizeof(out); + ret = Base64_Decode_nonCT(good_spaces, sizeof(good_spaces), out, &outLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Bad parameters. */ + outLen = 1; + ret = Base64_Decode_nonCT(good, sizeof(good), out, &outLen); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + + outLen = sizeof(out); + ret = Base64_Decode_nonCT(badEOL, sizeof(badEOL), out, &outLen); + if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E)) + return WC_TEST_RET_ENC_EC(ret); + outLen = sizeof(out); + ret = Base64_Decode_nonCT(badPadding, sizeof(badPadding), out, &outLen); + if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E)) + return WC_TEST_RET_ENC_EC(ret); + /* Bad character at each offset 0-3. */ + for (i = 0; i < 4; i++) { + outLen = sizeof(out); + ret = Base64_Decode_nonCT(badSmall + i, 4, out, &outLen); + if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E)) + return WC_TEST_RET_ENC_I(i); + ret = Base64_Decode_nonCT(badLarge + i, 4, out, &outLen); + if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E)) + return WC_TEST_RET_ENC_I(i); + } + /* Invalid character less than 0x2b */ + for (i = 1; i < 0x2b; i++) { + outLen = sizeof(out); + XMEMCPY(out, charTest, sizeof(charTest)); + out[0] = (byte)i; + ret = Base64_Decode_nonCT(out, sizeof(charTest), out, &outLen); + if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E)) + return WC_TEST_RET_ENC_I(i); + } + /* Bad characters in range 0x2b - 0x7a. */ + for (i = 0; i < (int)sizeof(badChar) - 1; i++) { + outLen = sizeof(out); + XMEMCPY(out, charTest, sizeof(charTest)); + out[0] = badChar[i]; + ret = Base64_Decode_nonCT(out, sizeof(charTest), out, &outLen); + if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E)) + return WC_TEST_RET_ENC_I(i); + } + /* Invalid character greater than 0x7a */ + for (i = 0x7b; i < 0x100; i++) { + outLen = sizeof(out); + XMEMCPY(out, charTest, sizeof(charTest)); + out[0] = (byte)i; + ret = Base64_Decode_nonCT(out, sizeof(charTest), out, &outLen); + if (ret != WC_NO_ERR_TRACE(ASN_INPUT_E)) + return WC_TEST_RET_ENC_I(i); + } + + N_BYTE_TEST(Base64_Decode_nonCT, 1, oneByteTest); + N_BYTE_TEST(Base64_Decode_nonCT, 2, twoByteTest); + N_BYTE_TEST(Base64_Decode_nonCT, 3, threeByteTest); + N_BYTE_TEST(Base64_Decode_nonCT, 4, fourByteTest); + +#ifdef WOLFSSL_BASE64_ENCODE + /* Decode and encode all symbols - non-alphanumeric. */ + dataLen = sizeof(data); + ret = Base64_Decode(symbols, sizeof(symbols), data, &dataLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + outLen = sizeof(out); + ret = Base64_Encode(data, dataLen, NULL, &outLen); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + outLen = sizeof(out); + ret = Base64_Encode(data, dataLen, out, &outLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + outLen = 7; + ret = Base64_EncodeEsc(data, dataLen, out, &outLen); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + outLen = sizeof(out); + ret = Base64_EncodeEsc(data, dataLen, NULL, &outLen); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + outLen = sizeof(out); + ret = Base64_EncodeEsc(data, dataLen, out, &outLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + outLen = sizeof(out); + ret = Base64_Encode_NoNl(data, dataLen, out, &outLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Data that results in an encoding longer than one line. */ + outLen = sizeof(out); + dataLen = sizeof(longData); + ret = Base64_Encode(longData, dataLen, out, &outLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + outLen = sizeof(out); + ret = Base64_EncodeEsc(longData, dataLen, out, &outLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + outLen = sizeof(out); + ret = Base64_Encode_NoNl(longData, dataLen, out, &outLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); +#endif + + return 0; +} + +#ifdef WOLFSSL_BASE16 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base16_test(void) +{ + wc_test_ret_t ret; + WOLFSSL_SMALL_STACK_STATIC const byte testData[] = "SomeDataToEncode\n"; + WOLFSSL_SMALL_STACK_STATIC const byte encodedTestData[] = "536F6D6544617461546F456E636F64650A00"; + byte encoded[40]; + word32 encodedLen; + byte plain[40]; + word32 len; + WOLFSSL_ENTER("base16_test"); + + /* length returned includes null termination */ + encodedLen = sizeof(encoded); + ret = Base16_Encode(testData, sizeof(testData), encoded, &encodedLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + len = (word32)XSTRLEN((char*)encoded); + if (len != encodedLen - 1) + return WC_TEST_RET_ENC_NC; + + len = sizeof(plain); + ret = Base16_Decode(encoded, encodedLen - 1, plain, &len); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (len != sizeof(testData) || XMEMCMP(testData, plain, len) != 0) + return WC_TEST_RET_ENC_NC; + + if (encodedLen != sizeof(encodedTestData) || + XMEMCMP(encoded, encodedTestData, encodedLen) != 0) { + return WC_TEST_RET_ENC_NC; + } + + return 0; +} +#endif /* WOLFSSL_BASE16 */ +#endif /* !NO_CODING */ + +#ifndef NO_ASN +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void) +{ + wc_test_ret_t ret; + /* ASN1 encoded date buffer */ + WOLFSSL_SMALL_STACK_STATIC const byte dateBuf[] = { + 0x17, 0x0d, 0x31, 0x36, 0x30, 0x38, 0x31, 0x31, + 0x32, 0x30, 0x30, 0x37, 0x33, 0x37, 0x5a + }; + byte format; + int length; + const byte* datePart; +#ifndef NO_ASN_TIME + struct tm timearg; + time_t now; +#endif + int i; + unsigned char buf[16]; + + WOLFSSL_ENTER("asn_test"); + + ret = wc_GetDateInfo(dateBuf, (int)sizeof(dateBuf), &datePart, &format, + &length); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + +#ifndef NO_ASN_TIME + /* Parameter Validation tests. */ + if ((ret = wc_GetTime(NULL, sizeof(now))) != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + if ((ret = wc_GetTime(&now, 0)) != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + + now = 0; + if ((ret = wc_GetTime(&now, sizeof(now))) != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + if (now == 0) { + printf("RTC/Time not set!\n"); + return WC_TEST_RET_ENC_NC; + } + + ret = wc_GetDateAsCalendarTime(datePart, length, format, &timearg); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); +#endif /* !NO_ASN_TIME */ + + /* Test that only calculating the length works. */ + for (i = 16; i < 32; i++) { + ret = wc_PkcsPad(NULL, i, 16); + if (ret != i + (16 - (i % 16))) + return WC_TEST_RET_ENC_I(i); + } + + /* Test that adding padding works. */ + XMEMSET(buf, 0xa5, sizeof(buf)); + for (i = 15; i >= 0; i--) { + int j; + ret = wc_PkcsPad(buf, i, 16); + if (ret != 16) + return WC_TEST_RET_ENC_I(i); + /* Check padded buffer. */ + for (j = 0; j < 16; j++) { + /* Check buffer bytes haven't been modified. */ + if ((j < i) && (buf[j] != 0xa5)) + return WC_TEST_RET_ENC_I(i); + /* Check padding bytes are correct. */ + if (j >= i && (buf[j] != (16 - i))) + return WC_TEST_RET_ENC_I(i); + } + } + + return 0; +} +#endif /* !NO_ASN */ + +#ifdef WOLFSSL_MD2 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void) +{ + wc_test_ret_t ret = 0; + wc_Md2 md2; + byte hash[WC_MD2_DIGEST_SIZE]; + + testVector a, b, c, d, e, f, g; + testVector test_md2[7]; + int times = sizeof(test_md2) / sizeof(testVector), i; + WOLFSSL_ENTER("md2_test"); + + a.input = ""; + a.output = "\x83\x50\xe5\xa3\xe2\x4c\x15\x3d\xf2\x27\x5c\x9f\x80\x69" + "\x27\x73"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_MD2_DIGEST_SIZE; + + b.input = "a"; + b.output = "\x32\xec\x01\xec\x4a\x6d\xac\x72\xc0\xab\x96\xfb\x34\xc0" + "\xb5\xd1"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_MD2_DIGEST_SIZE; + + c.input = "abc"; + c.output = "\xda\x85\x3b\x0d\x3f\x88\xd9\x9b\x30\x28\x3a\x69\xe6\xde" + "\xd6\xbb"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_MD2_DIGEST_SIZE; + + d.input = "message digest"; + d.output = "\xab\x4f\x49\x6b\xfb\x2a\x53\x0b\x21\x9f\xf3\x30\x31\xfe" + "\x06\xb0"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_MD2_DIGEST_SIZE; + + e.input = "abcdefghijklmnopqrstuvwxyz"; + e.output = "\x4e\x8d\xdf\xf3\x65\x02\x92\xab\x5a\x41\x08\xc3\xaa\x47" + "\x94\x0b"; + e.inLen = XSTRLEN(e.input); + e.outLen = WC_MD2_DIGEST_SIZE; + + f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" + "6789"; + f.output = "\xda\x33\xde\xf2\xa4\x2d\xf1\x39\x75\x35\x28\x46\xc3\x03" + "\x38\xcd"; + f.inLen = XSTRLEN(f.input); + f.outLen = WC_MD2_DIGEST_SIZE; + + g.input = "1234567890123456789012345678901234567890123456789012345678" + "9012345678901234567890"; + g.output = "\xd5\x97\x6f\x79\xd8\x3d\x3a\x0d\xc9\x80\x6c\x3c\x66\xf3" + "\xef\xd8"; + g.inLen = XSTRLEN(g.input); + g.outLen = WC_MD2_DIGEST_SIZE; + + test_md2[0] = a; + test_md2[1] = b; + test_md2[2] = c; + test_md2[3] = d; + test_md2[4] = e; + test_md2[5] = f; + test_md2[6] = g; + + wc_InitMd2(&md2); + + for (i = 0; i < times; ++i) { + wc_Md2Update(&md2, (byte*)test_md2[i].input, (word32)test_md2[i].inLen); + wc_Md2Final(&md2, hash); + + if (XMEMCMP(hash, test_md2[i].output, WC_MD2_DIGEST_SIZE) != 0) + return WC_TEST_RET_ENC_I(i); + } + + for (i = 0; i < times; ++i) { + ret = wc_Md2Hash((byte*)test_md2[i].input, (word32)test_md2[i].inLen, hash); + if (ret != 0) { + return WC_TEST_RET_ENC_I(i); + } + + if (XMEMCMP(hash, test_md2[i].output, WC_MD2_DIGEST_SIZE) != 0) { + return WC_TEST_RET_ENC_I(i); + } + } + + return 0; +} +#endif + +#ifndef NO_MD5 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md5_test(void) +{ + wc_test_ret_t ret = 0; + wc_Md5 md5, md5Copy; + byte hash[WC_MD5_DIGEST_SIZE]; + byte hashcopy[WC_MD5_DIGEST_SIZE]; + testVector a, b, c, d, e, f; + testVector test_md5[6]; + int times = sizeof(test_md5) / sizeof(testVector), i; + WOLFSSL_ENTER("md5_test"); + + a.input = ""; + a.output = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04\xe9\x80\x09\x98\xec\xf8\x42" + "\x7e"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_MD5_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0\xd6\x96\x3f\x7d\x28\xe1\x7f" + "\x72"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_MD5_DIGEST_SIZE; + + c.input = "message digest"; + c.output = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d\x52\x5a\x2f\x31\xaa\xf1\x61" + "\xd0"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_MD5_DIGEST_SIZE; + + d.input = "abcdefghijklmnopqrstuvwxyz"; + d.output = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00\x7d\xfb\x49\x6c\xca\x67\xe1" + "\x3b"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_MD5_DIGEST_SIZE; + + e.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" + "6789"; + e.output = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5\xa5\x61\x1c\x2c\x9f\x41\x9d" + "\x9f"; + e.inLen = XSTRLEN(e.input); + e.outLen = WC_MD5_DIGEST_SIZE; + + f.input = "1234567890123456789012345678901234567890123456789012345678" + "9012345678901234567890"; + f.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" + "\x7a"; + f.inLen = XSTRLEN(f.input); + f.outLen = WC_MD5_DIGEST_SIZE; + + test_md5[0] = a; + test_md5[1] = b; + test_md5[2] = c; + test_md5[3] = d; + test_md5[4] = e; + test_md5[5] = f; + + ret = wc_InitMd5_ex(&md5, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_InitMd5_ex(&md5Copy, HEAP_HINT, devId); + if (ret != 0) { + wc_Md5Free(&md5); + return WC_TEST_RET_ENC_EC(ret); + } + + for (i = 0; i < times; ++i) { + ret = wc_Md5Update(&md5, (byte*)test_md5[i].input, + (word32)test_md5[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + ret = wc_Md5GetHash(&md5, hashcopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + ret = wc_Md5Copy(&md5, &md5Copy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + ret = wc_Md5Final(&md5, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + wc_Md5Free(&md5Copy); + + if (XMEMCMP(hash, test_md5[i].output, WC_MD5_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + if (XMEMCMP(hash, hashcopy, WC_MD5_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + +#ifndef NO_LARGE_HASH_TEST + /* BEGIN LARGE HASH TEST */ { + byte large_input[1024]; + const char* large_digest = + "\x44\xd0\x88\xce\xf1\x36\xd1\x78\xe9\xc8\xba\x84\xc3\xfd\xf6\xca"; + + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } + times = 100; +#ifdef WOLFSSL_PIC32MZ_HASH + wc_Md5SizeSet(&md5, times * sizeof(large_input)); +#endif + for (i = 0; i < times; ++i) { + ret = wc_Md5Update(&md5, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + ret = wc_Md5Final(&md5, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, large_digest, WC_MD5_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } /* END LARGE HASH TEST */ +#endif /* NO_LARGE_HASH_TEST */ + +exit: + + wc_Md5Free(&md5); + wc_Md5Free(&md5Copy); + + return ret; +} +#endif /* NO_MD5 */ + + +#ifndef NO_MD4 + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void) +{ + wc_Md4 md4; + byte hash[WC_MD4_DIGEST_SIZE]; + + testVector a, b, c, d, e, f, g; + testVector test_md4[7]; + int times = sizeof(test_md4) / sizeof(testVector), i; + WOLFSSL_ENTER("md4_test"); + + a.input = ""; + a.output = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31\xb7\x3c\x59\xd7\xe0\xc0\x89" + "\xc0"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_MD4_DIGEST_SIZE; + + b.input = "a"; + b.output = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46\x24\x5e\x05\xfb\xdb\xd6\xfb" + "\x24"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_MD4_DIGEST_SIZE; + + c.input = "abc"; + c.output = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52\x5f\xc1\x0a\xe8\x7a\xa6\x72" + "\x9d"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_MD4_DIGEST_SIZE; + + d.input = "message digest"; + d.output = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8\x18\x87\x48\x06\xe1\xc7\x01" + "\x4b"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_MD4_DIGEST_SIZE; + + e.input = "abcdefghijklmnopqrstuvwxyz"; + e.output = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd\xee\xa8\xed\x63\xdf\x41\x2d" + "\xa9"; + e.inLen = XSTRLEN(e.input); + e.outLen = WC_MD4_DIGEST_SIZE; + + f.input = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz012345" + "6789"; + f.output = "\x04\x3f\x85\x82\xf2\x41\xdb\x35\x1c\xe6\x27\xe1\x53\xe7\xf0" + "\xe4"; + f.inLen = XSTRLEN(f.input); + f.outLen = WC_MD4_DIGEST_SIZE; + + g.input = "1234567890123456789012345678901234567890123456789012345678" + "9012345678901234567890"; + g.output = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19\x9c\x3e\x7b\x16\x4f\xcc\x05" + "\x36"; + g.inLen = XSTRLEN(g.input); + g.outLen = WC_MD4_DIGEST_SIZE; + + test_md4[0] = a; + test_md4[1] = b; + test_md4[2] = c; + test_md4[3] = d; + test_md4[4] = e; + test_md4[5] = f; + test_md4[6] = g; + + wc_InitMd4(&md4); + + for (i = 0; i < times; ++i) { + wc_Md4Update(&md4, (byte*)test_md4[i].input, (word32)test_md4[i].inLen); + wc_Md4Final(&md4, hash); + + if (XMEMCMP(hash, test_md4[i].output, WC_MD4_DIGEST_SIZE) != 0) + return WC_TEST_RET_ENC_I(i); + } + + return 0; +} + +#endif /* NO_MD4 */ + +#ifndef NO_SHA + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void) +{ + wc_test_ret_t ret = 0; + wc_Sha sha, shaCopy; + byte hash[WC_SHA_DIGEST_SIZE]; + byte hashcopy[WC_SHA_DIGEST_SIZE]; + testVector a, b, c, d, e; + testVector test_sha[5]; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + WOLFSSL_ENTER("sha_test"); + + a.input = ""; + a.output = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55\xbf\xef\x95\x60\x18" + "\x90\xaf\xd8\x07\x09"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\xA9\x99\x3E\x36\x47\x06\x81\x6A\xBA\x3E\x25\x71\x78\x50\xC2" + "\x6C\x9C\xD0\xD8\x9D"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA_DIGEST_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x84\x98\x3E\x44\x1C\x3B\xD2\x6E\xBA\xAE\x4A\xA1\xF9\x51\x29" + "\xE5\xE5\x46\x70\xF1"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA_DIGEST_SIZE; + + d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaa"; + d.output = "\x00\x98\xBA\x82\x4B\x5C\x16\x42\x7B\xD7\xA1\x12\x2A\x5A\x44" + "\x2A\x25\xEC\x64\x4D"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA_DIGEST_SIZE; + + e.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaa"; + e.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7" + "\x53\x99\x5E\x26\xA0"; + e.inLen = XSTRLEN(e.input); + e.outLen = WC_SHA_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + test_sha[3] = d; + test_sha[4] = e; + + ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_InitSha_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_ShaFree(&sha); + return WC_TEST_RET_ENC_EC(ret); + } + + for (i = 0; i < times; ++i) { + ret = wc_ShaUpdate(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_ShaGetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_ShaCopy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_ShaFinal(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + wc_ShaFree(&shaCopy); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + if (XMEMCMP(hash, hashcopy, WC_SHA_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + +#ifndef NO_LARGE_HASH_TEST + /* BEGIN LARGE HASH TEST */ { + byte large_input[1024]; +#if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(HASH_SIZE_LIMIT) + const char* large_digest = + "\x1d\x6a\x5a\xf6\xe5\x7c\x86\xce\x7f\x7c\xaf\xd5\xdb\x08\xcd\x59" + "\x15\x8c\x6d\xb6"; +#else + const char* large_digest = + "\x8b\x77\x02\x48\x39\xe8\xdb\xd3\x9a\xf4\x05\x24\x66\x12\x2d\x9e" + "\xc5\xd9\x0a\xac"; +#endif + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } +#if defined(WOLFSSL_RENESAS_TSIP) || defined(WOLFSSL_RENESAS_SCEPROTECT) || \ + defined(HASH_SIZE_LIMIT) + times = 20; +#else + times = 100; +#endif +#ifdef WOLFSSL_PIC32MZ_HASH + wc_ShaSizeSet(&sha, times * sizeof(large_input)); +#endif + for (i = 0; i < times; ++i) { + ret = wc_ShaUpdate(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + ret = wc_ShaFinal(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, large_digest, WC_SHA_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } /* END LARGE HASH TEST */ +#endif /* NO_LARGE_HASH_TEST */ + +exit: + + wc_ShaFree(&sha); + wc_ShaFree(&shaCopy); + + return ret; +} + +#endif /* NO_SHA */ + +#ifdef WOLFSSL_RIPEMD +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void) +{ + RipeMd ripemd; + wc_test_ret_t ret; + byte hash[RIPEMD_DIGEST_SIZE]; + + testVector a, b, c, d; + testVector test_ripemd[4]; + int times = sizeof(test_ripemd) / sizeof(struct testVector), i; + WOLFSSL_ENTER("ripemd_test"); + + a.input = "abc"; + a.output = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04\x4a\x8e\x98\xc6" + "\xb0\x87\xf1\x5a\x0b\xfc"; + a.inLen = XSTRLEN(a.input); + a.outLen = RIPEMD_DIGEST_SIZE; + + b.input = "message digest"; + b.output = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8\x81\xb1\x23\xa8" + "\x5f\xfa\x21\x59\x5f\x36"; + b.inLen = XSTRLEN(b.input); + b.outLen = RIPEMD_DIGEST_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05\xa0\x6c\x27\xdc" + "\xf4\x9a\xda\x62\xeb\x2b"; + c.inLen = XSTRLEN(c.input); + c.outLen = RIPEMD_DIGEST_SIZE; + + d.input = "12345678901234567890123456789012345678901234567890123456" + "789012345678901234567890"; + d.output = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb\xd3\x32\x3c\xab" + "\x82\xbf\x63\x32\x6b\xfb"; + d.inLen = XSTRLEN(d.input); + d.outLen = RIPEMD_DIGEST_SIZE; + + test_ripemd[0] = a; + test_ripemd[1] = b; + test_ripemd[2] = c; + test_ripemd[3] = d; + + ret = wc_InitRipeMd(&ripemd); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + + for (i = 0; i < times; ++i) { + ret = wc_RipeMdUpdate(&ripemd, (byte*)test_ripemd[i].input, + (word32)test_ripemd[i].inLen); + if (ret != 0) { + return WC_TEST_RET_ENC_I(i); + } + + ret = wc_RipeMdFinal(&ripemd, hash); + if (ret != 0) { + return WC_TEST_RET_ENC_I(i); + } + + if (XMEMCMP(hash, test_ripemd[i].output, RIPEMD_DIGEST_SIZE) != 0) + return WC_TEST_RET_ENC_I(i); + } + + return 0; +} +#endif /* WOLFSSL_RIPEMD */ + + +#ifdef HAVE_BLAKE2 + + +#define BLAKE2B_TESTS 3 + +static const byte blake2b_vec[BLAKE2B_TESTS][BLAKE2B_OUTBYTES] = +{ + { + 0x78, 0x6A, 0x02, 0xF7, 0x42, 0x01, 0x59, 0x03, + 0xC6, 0xC6, 0xFD, 0x85, 0x25, 0x52, 0xD2, 0x72, + 0x91, 0x2F, 0x47, 0x40, 0xE1, 0x58, 0x47, 0x61, + 0x8A, 0x86, 0xE2, 0x17, 0xF7, 0x1F, 0x54, 0x19, + 0xD2, 0x5E, 0x10, 0x31, 0xAF, 0xEE, 0x58, 0x53, + 0x13, 0x89, 0x64, 0x44, 0x93, 0x4E, 0xB0, 0x4B, + 0x90, 0x3A, 0x68, 0x5B, 0x14, 0x48, 0xB7, 0x55, + 0xD5, 0x6F, 0x70, 0x1A, 0xFE, 0x9B, 0xE2, 0xCE + }, + { + 0x2F, 0xA3, 0xF6, 0x86, 0xDF, 0x87, 0x69, 0x95, + 0x16, 0x7E, 0x7C, 0x2E, 0x5D, 0x74, 0xC4, 0xC7, + 0xB6, 0xE4, 0x8F, 0x80, 0x68, 0xFE, 0x0E, 0x44, + 0x20, 0x83, 0x44, 0xD4, 0x80, 0xF7, 0x90, 0x4C, + 0x36, 0x96, 0x3E, 0x44, 0x11, 0x5F, 0xE3, 0xEB, + 0x2A, 0x3A, 0xC8, 0x69, 0x4C, 0x28, 0xBC, 0xB4, + 0xF5, 0xA0, 0xF3, 0x27, 0x6F, 0x2E, 0x79, 0x48, + 0x7D, 0x82, 0x19, 0x05, 0x7A, 0x50, 0x6E, 0x4B + }, + { + 0x1C, 0x08, 0x79, 0x8D, 0xC6, 0x41, 0xAB, 0xA9, + 0xDE, 0xE4, 0x35, 0xE2, 0x25, 0x19, 0xA4, 0x72, + 0x9A, 0x09, 0xB2, 0xBF, 0xE0, 0xFF, 0x00, 0xEF, + 0x2D, 0xCD, 0x8E, 0xD6, 0xF8, 0xA0, 0x7D, 0x15, + 0xEA, 0xF4, 0xAE, 0xE5, 0x2B, 0xBF, 0x18, 0xAB, + 0x56, 0x08, 0xA6, 0x19, 0x0F, 0x70, 0xB9, 0x04, + 0x86, 0xC8, 0xA7, 0xD4, 0x87, 0x37, 0x10, 0xB1, + 0x11, 0x5D, 0x3D, 0xEB, 0xBB, 0x43, 0x27, 0xB5 + } +}; + + + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void) +{ + Blake2b b2b; + byte digest[64]; + byte input[64]; + int i, ret; + WOLFSSL_ENTER("blake2b_test"); + + for (i = 0; i < (int)sizeof(input); i++) + input[i] = (byte)i; + + for (i = 0; i < BLAKE2B_TESTS; i++) { + ret = wc_InitBlake2b(&b2b, 64); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + + ret = wc_Blake2bUpdate(&b2b, input, (word32)i); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + + ret = wc_Blake2bFinal(&b2b, digest, 64); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + + if (XMEMCMP(digest, blake2b_vec[i], 64) != 0) { + return WC_TEST_RET_ENC_I(i); + } + } + + return 0; +} +#endif /* HAVE_BLAKE2 */ + +#ifdef HAVE_BLAKE2S + + +#define BLAKE2S_TESTS 3 + +static const byte blake2s_vec[BLAKE2S_TESTS][BLAKE2S_OUTBYTES] = +{ + { + 0x69, 0x21, 0x7a, 0x30, 0x79, 0x90, 0x80, 0x94, + 0xe1, 0x11, 0x21, 0xd0, 0x42, 0x35, 0x4a, 0x7c, + 0x1f, 0x55, 0xb6, 0x48, 0x2c, 0xa1, 0xa5, 0x1e, + 0x1b, 0x25, 0x0d, 0xfd, 0x1e, 0xd0, 0xee, 0xf9, + }, + { + 0xe3, 0x4d, 0x74, 0xdb, 0xaf, 0x4f, 0xf4, 0xc6, + 0xab, 0xd8, 0x71, 0xcc, 0x22, 0x04, 0x51, 0xd2, + 0xea, 0x26, 0x48, 0x84, 0x6c, 0x77, 0x57, 0xfb, + 0xaa, 0xc8, 0x2f, 0xe5, 0x1a, 0xd6, 0x4b, 0xea, + }, + { + 0xdd, 0xad, 0x9a, 0xb1, 0x5d, 0xac, 0x45, 0x49, + 0xba, 0x42, 0xf4, 0x9d, 0x26, 0x24, 0x96, 0xbe, + 0xf6, 0xc0, 0xba, 0xe1, 0xdd, 0x34, 0x2a, 0x88, + 0x08, 0xf8, 0xea, 0x26, 0x7c, 0x6e, 0x21, 0x0c, + } +}; + + + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void) +{ + Blake2s b2s; + byte digest[32]; + byte input[64]; + int i, ret; + WOLFSSL_ENTER("blake2s_test"); + + for (i = 0; i < (int)sizeof(input); i++) + input[i] = (byte)i; + + for (i = 0; i < BLAKE2S_TESTS; i++) { + ret = wc_InitBlake2s(&b2s, 32); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + + ret = wc_Blake2sUpdate(&b2s, input, (word32)i); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + + ret = wc_Blake2sFinal(&b2s, digest, 32); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + + if (XMEMCMP(digest, blake2s_vec[i], 32) != 0) { + return WC_TEST_RET_ENC_I(i); + } + } + + return 0; +} +#endif /* HAVE_BLAKE2S */ + + +#ifdef WOLFSSL_SHA224 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void) +{ + wc_Sha224 sha, shaCopy; + byte hash[WC_SHA224_DIGEST_SIZE]; + byte hashcopy[WC_SHA224_DIGEST_SIZE]; + wc_test_ret_t ret = 0; + + testVector a, b, c; + testVector test_sha[3]; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + WOLFSSL_ENTER("sha224_test"); + + a.input = ""; + a.output = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9\x47\x61\x02\xbb\x28\x82\x34" + "\xc4\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a\xc5\xb3\xe4\x2f"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA224_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\x23\x09\x7d\x22\x34\x05\xd8\x22\x86\x42\xa4\x77\xbd\xa2\x55" + "\xb3\x2a\xad\xbc\xe4\xbd\xa0\xb3\xf7\xe3\x6c\x9d\xa7"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA224_DIGEST_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x75\x38\x8b\x16\x51\x27\x76\xcc\x5d\xba\x5d\xa1\xfd\x89\x01" + "\x50\xb0\xc6\x45\x5c\xb4\xf5\x8b\x19\x52\x52\x25\x25"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA224_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitSha224_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_InitSha224_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha224Free(&sha); + return WC_TEST_RET_ENC_EC(ret); + } + + for (i = 0; i < times; ++i) { + ret = wc_Sha224Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha224GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha224Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha224Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + wc_Sha224Free(&shaCopy); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA224_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + if (XMEMCMP(hash, hashcopy, WC_SHA224_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + +exit: + wc_Sha224Free(&sha); + wc_Sha224Free(&shaCopy); + + return ret; +} +#endif + + +#ifndef NO_SHA256 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void) +{ + wc_Sha256 sha, shaCopy; + byte hash[WC_SHA256_DIGEST_SIZE]; + byte hashcopy[WC_SHA256_DIGEST_SIZE]; + wc_test_ret_t ret = 0; + + testVector a, b, c, d; + testVector test_sha[4]; +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE + byte i_hash[WC_SHA256_DIGEST_SIZE]; + byte i_hashcopy[WC_SHA256_DIGEST_SIZE]; + testVector interleave_test_sha[4]; + wc_Sha256 i_sha, i_shaCopy; +#endif +#ifndef NO_LARGE_HASH_TEST +#define LARGE_HASH_TEST_INPUT_SZ 1024 + WC_DECLARE_VAR(large_input, byte, LARGE_HASH_TEST_INPUT_SZ, 0); +#endif + + int times = sizeof(test_sha) / sizeof(struct testVector), i; + WOLFSSL_ENTER("sha256_test"); + + a.input = ""; + a.output = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14\x9a\xfb\xf4\xc8\x99\x6f\xb9" + "\x24\x27\xae\x41\xe4\x64\x9b\x93\x4c\xa4\x95\x99\x1b\x78\x52" + "\xb8\x55"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA256_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\xBA\x78\x16\xBF\x8F\x01\xCF\xEA\x41\x41\x40\xDE\x5D\xAE\x22" + "\x23\xB0\x03\x61\xA3\x96\x17\x7A\x9C\xB4\x10\xFF\x61\xF2\x00" + "\x15\xAD"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA256_DIGEST_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" + "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" + "\x06\xC1"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA256_DIGEST_SIZE; + + d.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaa"; /* this is BLOCKSIZE length */ + d.output = "\xFF\xE0\x54\xFE\x7A\xE0\xCB\x6D\xC6\x5C\x3A\xF9\xB6\x1D\x52" + "\x09\xF4\x39\x85\x1D\xB4\x3D\x0B\xA5\x99\x73\x37\xDF\x15\x46" + "\x68\xEB"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA256_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + test_sha[3] = d; + +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE + interleave_test_sha[0] = a; + interleave_test_sha[1] = b; + interleave_test_sha[2] = c; + interleave_test_sha[3] = d; +#endif + + ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE + ret = wc_InitSha256_ex(&i_sha, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); +#endif + + ret = wc_InitSha256_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha256Free(&sha); + return WC_TEST_RET_ENC_EC(ret); + } +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE + ret = wc_InitSha256_ex(&i_shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha256Free(&sha); + wc_Sha256Free(&i_sha); + return WC_TEST_RET_ENC_EC(ret); + } +#endif + + for (i = 0; i < times; ++i) { + ret = wc_Sha256Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE + ret = wc_Sha256Update(&i_sha, (byte*)interleave_test_sha[i].input, + (word32)interleave_test_sha[i].inLen); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } +#endif + + ret = wc_Sha256GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE + ret = wc_Sha256GetHash(&i_sha, i_hashcopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); +#endif + + ret = wc_Sha256Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE + ret = wc_Sha256Copy(&i_sha, &i_shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); +#endif + + ret = wc_Sha256Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE + ret = wc_Sha256Final(&i_sha, i_hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); +#endif + + wc_Sha256Free(&shaCopy); +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE + wc_Sha256Free(&i_shaCopy); +#endif + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + if (XMEMCMP(hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE + if (XMEMCMP(i_hash, interleave_test_sha[i].output, + WC_SHA256_DIGEST_SIZE) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + if (XMEMCMP(i_hash, i_hashcopy, WC_SHA256_DIGEST_SIZE) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + if (XMEMCMP(i_hash, test_sha[i].output, WC_SHA256_DIGEST_SIZE) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + if (XMEMCMP(i_hash, hashcopy, WC_SHA256_DIGEST_SIZE) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } +#endif + } + +#ifndef NO_LARGE_HASH_TEST + /* BEGIN LARGE HASH TEST */ { +#ifdef HASH_SIZE_LIMIT + WOLFSSL_SMALL_STACK_STATIC const char* large_digest = + "\xa4\x75\x9e\x7a\xa2\x03\x38\x32\x88\x66\xa2\xea\x17\xea\xf8\xc7" + "\xfe\x4e\xc6\xbb\xe3\xbb\x71\xce\xe7\xdf\x7c\x04\x61\xb3\xc2\x2f"; +#else + WOLFSSL_SMALL_STACK_STATIC const char* large_digest = + "\x27\x78\x3e\x87\x96\x3a\x4e\xfb\x68\x29\xb5\x31\xc9\xba\x57\xb4" + "\x4f\x45\x79\x7f\x67\x70\xbd\x63\x7f\xbf\x0d\x80\x7c\xbd\xba\xe0"; +#endif + + WC_ALLOC_VAR_EX(large_input, byte, LARGE_HASH_TEST_INPUT_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER, + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E),exit)); + + for (i = 0; i < LARGE_HASH_TEST_INPUT_SZ; i++) { + large_input[i] = (byte)(i & 0xFF); + } +#ifdef HASH_SIZE_LIMIT + times = 20; +#else + times = 100; +#endif +#ifdef WOLFSSL_PIC32MZ_HASH + wc_Sha256SizeSet(&sha, times * LARGE_HASH_TEST_INPUT_SZ); +#endif + for (i = 0; i < times; ++i) { + ret = wc_Sha256Update(&sha, (byte*)large_input, + LARGE_HASH_TEST_INPUT_SZ); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + ret = wc_Sha256Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, large_digest, WC_SHA256_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } /* END LARGE HASH TEST */ +#undef LARGE_HASH_TEST_INPUT_SZ +#endif /* NO_LARGE_HASH_TEST */ + +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_FULL_HASH) + { + WOLFSSL_SMALL_STACK_STATIC const unsigned char + data_hb[WC_SHA256_BLOCK_SIZE] = { + 0x61, 0x62, 0x63, 0x80, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x18 + }; + + ret = wc_Sha256HashBlock(&sha, data_hb, hash); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + if (XMEMCMP(hash, b.output, WC_SHA256_DIGEST_SIZE) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } + } +#endif + +exit: + +#if !defined(NO_LARGE_HASH_TEST) && defined(WOLFSSL_SMALL_STACK) + XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + wc_Sha256Free(&sha); + wc_Sha256Free(&shaCopy); +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE + wc_Sha256Free(&i_sha); + wc_Sha256Free(&i_shaCopy); +#endif + return ret; +} +#endif + + +#ifdef WOLFSSL_SHA512 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void) +{ + /* + ** See https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512.pdf + */ + wc_Sha512 sha, shaCopy; + byte hash[WC_SHA512_DIGEST_SIZE]; + byte hashcopy[WC_SHA512_DIGEST_SIZE]; + wc_test_ret_t ret = 0; + + testVector a, b, c; + testVector test_sha[3]; +#ifndef NO_WOLFSSL_SHA512_INTERLEAVE + wc_Sha512 i_sha, i_shaCopy; + byte i_hash[WC_SHA512_DIGEST_SIZE]; + byte i_hashcopy[WC_SHA512_DIGEST_SIZE]; + testVector interleave_test_sha[3]; +#endif +#ifndef NO_LARGE_HASH_TEST +#define LARGE_HASH_TEST_INPUT_SZ 1024 + WC_DECLARE_VAR(large_input, byte, LARGE_HASH_TEST_INPUT_SZ, 0); +#endif + + int times = sizeof(test_sha) / sizeof(struct testVector), i; + WOLFSSL_ENTER("sha512_test"); + + a.input = ""; + a.output = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd\xf1\x54\x28\x50\xd6\x6d\x80" + "\x07\xd6\x20\xe4\x05\x0b\x57\x15\xdc\x83\xf4\xa9\x21\xd3\x6c" + "\xe9\xce\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0\xff\x83\x18\xd2\x87" + "\x7e\xec\x2f\x63\xb9\x31\xbd\x47\x41\x7a\x81\xa5\x38\x32\x7a" + "\xf9\x27\xda\x3e"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA512_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba\xcc\x41\x73\x49\xae\x20\x41" + "\x31\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2\x0a\x9e\xee\xe6\x4b\x55" + "\xd3\x9a\x21\x92\x99\x2a\x27\x4f\xc1\xa8\x36\xba\x3c\x23\xa3" + "\xfe\xeb\xbd\x45\x4d\x44\x23\x64\x3c\xe8\x0e\x2a\x9a\xc9\x4f" + "\xa5\x4c\xa4\x9f"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA512_DIGEST_SIZE; + + c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + c.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14" + "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88" + "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4" + "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b" + "\x87\x4b\xe9\x09"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA512_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + +#ifndef NO_WOLFSSL_SHA512_INTERLEAVE + interleave_test_sha[0] = a; + interleave_test_sha[1] = b; + interleave_test_sha[2] = c; +#endif + + ret = wc_InitSha512_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); +#ifndef NO_WOLFSSL_SHA512_INTERLEAVE + ret = wc_InitSha512_ex(&i_sha, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); +#endif + + ret = wc_InitSha512_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha512Free(&sha); + return WC_TEST_RET_ENC_EC(ret); + } +#ifndef NO_WOLFSSL_SHA512_INTERLEAVE + ret = wc_InitSha512_ex(&i_shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha512Free(&sha); + wc_Sha512Free(&i_sha); + return WC_TEST_RET_ENC_EC(ret); + } +#endif + + for (i = 0; i < times; ++i) { + ret = wc_Sha512Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); +#ifndef NO_WOLFSSL_SHA512_INTERLEAVE + ret = wc_Sha512Update(&i_sha, (byte*)interleave_test_sha[i].input, + (word32)interleave_test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); +#endif + + ret = wc_Sha512GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); +#ifndef NO_WOLFSSL_SHA512_INTERLEAVE + ret = wc_Sha512GetHash(&i_sha, i_hashcopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); +#endif + + ret = wc_Sha512Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); +#ifndef NO_WOLFSSL_SHA512_INTERLEAVE + ret = wc_Sha512Copy(&i_sha, &i_shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); +#endif + + ret = wc_Sha512Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); +#ifndef NO_WOLFSSL_SHA512_INTERLEAVE + ret = wc_Sha512Final(&i_sha, i_hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); +#endif + + wc_Sha512Free(&shaCopy); +#ifndef NO_WOLFSSL_SHA512_INTERLEAVE + wc_Sha512Free(&i_shaCopy); +#endif + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + if (XMEMCMP(hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); +#ifndef NO_WOLFSSL_SHA512_INTERLEAVE + if (XMEMCMP(i_hash, interleave_test_sha[i].output, + WC_SHA512_DIGEST_SIZE) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + if (XMEMCMP(i_hash, i_hashcopy, WC_SHA512_DIGEST_SIZE) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + if (XMEMCMP(i_hash, test_sha[i].output, WC_SHA512_DIGEST_SIZE) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + if (XMEMCMP(i_hash, hashcopy, WC_SHA512_DIGEST_SIZE) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } +#endif + + } + +#ifndef NO_LARGE_HASH_TEST + /* BEGIN LARGE HASH TEST */ { +#ifdef HASH_SIZE_LIMIT + WOLFSSL_SMALL_STACK_STATIC const char* large_digest = + "\x30\x9B\x96\xA6\xE9\x43\x78\x30\xA3\x71\x51\x61\xC1\xEB\xE1\xBE" + "\xC8\xA5\xF9\x13\x5A\xD6\x6D\x9E\x46\x31\x31\x67\x8D\xE2\xC0\x0B" + "\x2A\x1A\x03\xE1\xF3\x48\xA7\x33\xBD\x49\xF8\xFF\xF1\xC2\xC2\x95" + "\xCB\xF0\xAF\x87\x61\x85\x58\x63\x6A\xCA\x70\x9C\x8B\x83\x3F\x5D"; +#else + WOLFSSL_SMALL_STACK_STATIC const char* large_digest = + "\x5a\x1f\x73\x90\xbd\x8c\xe4\x63\x54\xce\xa0\x9b\xef\x32\x78\x2d" + "\x2e\xe7\x0d\x5e\x2f\x9d\x15\x1b\xdd\x2d\xde\x65\x0c\x7b\xfa\x83" + "\x5e\x80\x02\x13\x84\xb8\x3f\xff\x71\x62\xb5\x09\x89\x63\xe1\xdc" + "\xa5\xdc\xfc\xfa\x9d\x1a\x4d\xc0\xfa\x3a\x14\xf6\x01\x51\x90\xa4"; +#endif + + WC_ALLOC_VAR_EX(large_input, byte, LARGE_HASH_TEST_INPUT_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER, + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E),exit)); + + for (i = 0; i < LARGE_HASH_TEST_INPUT_SZ; i++) { + large_input[i] = (byte)(i & 0xFF); + } +#ifdef HASH_SIZE_LIMIT + times = 20; +#else + times = 100; +#endif + for (i = 0; i < times; ++i) { + ret = wc_Sha512Update(&sha, (byte*)large_input, + LARGE_HASH_TEST_INPUT_SZ); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + ret = wc_Sha512Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, large_digest, WC_SHA512_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + +#ifndef NO_UNALIGNED_MEMORY_TEST + /* Unaligned memory access test */ + for (i = 1; i < 16; i++) { + ret = wc_Sha512Update(&sha, (byte*)large_input + i, + LARGE_HASH_TEST_INPUT_SZ - (word32)i); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha512Final(&sha, hash); + } +#endif + } /* END LARGE HASH TEST */ +#undef LARGE_HASH_TEST_INPUT_SZ +#endif /* NO_LARGE_HASH_TEST */ + +exit: + +#if !defined(NO_LARGE_HASH_TEST) && defined(WOLFSSL_SMALL_STACK) + XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + wc_Sha512Free(&sha); + wc_Sha512Free(&shaCopy); +#ifndef NO_WOLFSSL_SHA256_INTERLEAVE + wc_Sha512Free(&i_sha); + wc_Sha512Free(&i_shaCopy); +#endif + return ret; +} + +#if !defined(WOLFSSL_NOSHA512_224) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void) +{ + /* + ** See https://csrc.nist.gov/Projects/cryptographic-standards-and-guidelines/example-values + ** + ** NIST SHA512/224 Document Example: + ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512_224.pdf + */ + wc_Sha512 sha, shaCopy; + byte hash[WC_SHA512_224_DIGEST_SIZE]; + byte hashcopy[WC_SHA512_224_DIGEST_SIZE]; + wc_test_ret_t ret = 0; + + testVector a, b, c; + testVector test_sha[3]; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + WOLFSSL_ENTER("sha512_224_test"); + + a.input = ""; + a.output = "\x6e\xd0\xdd\x02" + "\x80\x6f\xa8\x9e" "\x25\xde\x06\x0c" + "\x19\xd3\xac\x86" "\xca\xbb\x87\xd6" + "\xa0\xdd\xd0\x5c" "\x33\x3b\x84\xf4"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA512_224_DIGEST_SIZE; + + /* + ** See page 1 in above document for the SHA512/224 "abc" test: + */ + b.input = "abc"; + /* + ** See page 1 in above document for the SHA512/224 "abc" test digest: + */ + b.output = "\x46\x34\x27\x0f" + "\x70\x7b\x6a\x54" "\xda\xae\x75\x30" + "\x46\x08\x42\xe2" "\x0e\x37\xed\x26" + "\x5c\xee\xe9\xa4" "\x3e\x89\x24\xaa"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA512_224_DIGEST_SIZE; + /* + ** See page 4 in above for the 2-block test: + */ + c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + /* + ** see page 9 in above document for the 2-block test message digest: + */ + c.output = "\x23\xfe\xc5\xbb" + "\x94\xd6\x0b\x23" "\x30\x81\x92\x64" + "\x0b\x0c\x45\x33" "\x35\xd6\x64\x73" + "\x4f\xe4\x0e\x72" "\x68\x67\x4a\xf9"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA512_224_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitSha512_224_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_InitSha512_224_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha512_224Free(&sha); + return WC_TEST_RET_ENC_EC(ret); + } + + for (i = 0; i < times; ++i) { + ret = wc_Sha512_224Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha512_224GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha512_224Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha512_224Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + wc_Sha512_224Free(&shaCopy); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_224_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + + if (XMEMCMP(hash, hashcopy, WC_SHA512_224_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + +#ifndef NO_LARGE_HASH_TEST + /* BEGIN LARGE HASH TEST */ { + byte large_input[1024]; +#ifdef HASH_SIZE_LIMIT + const char* large_digest = + "\x98\x68\xc3\xd9\xb9\xef\x17\x53" + "\x43\x66\x0e\x60\xdf\x29\xf8\xef" + "\x96\xe3\x93\x34\x8c\x6f\xc0\xeb" + "\x14\x6c\xcf\x6a"; +#else + const char* large_digest = + "\x26\x5f\x98\xd1\x76\x49\x71\x4e" + "\x82\xb7\x9d\x52\x32\x67\x9d\x56" + "\x91\xf5\x88\xc3\x05\xbb\x3f\x90" + "\xe2\x4e\x85\x05"; +#endif + + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } +#ifdef HASH_SIZE_LIMIT + times = 20; +#else + times = 100; +#endif + for (i = 0; i < times; ++i) { + ret = wc_Sha512_224Update(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + ret = wc_Sha512_224Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, large_digest, WC_SHA512_224_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + +#ifndef NO_UNALIGNED_MEMORY_TEST + /* Unaligned memory access test */ + for (i = 1; i < 16; i++) { + ret = wc_Sha512_224Update(&sha, (byte*)large_input + i, + (word32)sizeof(large_input) - (word32)i); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha512_224Final(&sha, hash); + } +#endif + } /* END LARGE HASH TEST */ +#endif /* NO_LARGE_HASH_TEST */ + +exit: + wc_Sha512_224Free(&sha); + wc_Sha512_224Free(&shaCopy); + + return ret; +} /* sha512_224_test */ +#endif /* !defined(WOLFSSL_NOSHA512_224) && !FIPS ... */ + + +#if !defined(WOLFSSL_NOSHA512_256) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void) +{ + /* + ** See https://csrc.nist.gov/Projects/cryptographic-standards-and-guidelines/example-values + ** NIST SHA512/256 Document Example: + ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA512_256.pdf + */ + wc_Sha512 sha, shaCopy; + byte hash[WC_SHA512_256_DIGEST_SIZE]; + byte hashcopy[WC_SHA512_256_DIGEST_SIZE]; + wc_test_ret_t ret = 0; + + testVector a, b, c; + testVector test_sha[3]; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + WOLFSSL_ENTER("sha512_256_test"); + + a.input = ""; + a.output = "\xc6\x72\xb8\xd1" "\xef\x56\xed\x28" + "\xab\x87\xc3\x62" "\x2c\x51\x14\x06" + "\x9b\xdd\x3a\xd7" "\xb8\xf9\x73\x74" + "\x98\xd0\xc0\x1e" "\xce\xf0\x96\x7a"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA512_256_DIGEST_SIZE; + + /* + ** See page 1 of above document for "abc" example: + */ + b.input = "abc"; + /* + ** See page 4 of above document for "abc" example digest: + */ + b.output = "\x53\x04\x8e\x26" "\x81\x94\x1e\xf9" + "\x9b\x2e\x29\xb7" "\x6b\x4c\x7d\xab" + "\xe4\xc2\xd0\xc6" "\x34\xfc\x6d\x46" + "\xe0\xe2\xf1\x31" "\x07\xe7\xaf\x23"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA512_256_DIGEST_SIZE; + + /* + ** See page 4 of above document for Two Block Message Sample: + */ + c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + /* + ** See page 10 of above document for Two Block Message Sample digest: + */ + c.output = "\x39\x28\xe1\x84" "\xfb\x86\x90\xf8" + "\x40\xda\x39\x88" "\x12\x1d\x31\xbe" + "\x65\xcb\x9d\x3e" "\xf8\x3e\xe6\x14" + "\x6f\xea\xc8\x61" "\xe1\x9b\x56\x3a"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA512_256_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitSha512_256_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_InitSha512_256_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha512_256Free(&sha); + return WC_TEST_RET_ENC_EC(ret); + } + + for (i = 0; i < times; ++i) { + ret = wc_Sha512_256Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha512_256GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha512_256Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha512_256Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + wc_Sha512_256Free(&shaCopy); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA512_256_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + + if (XMEMCMP(hash, hashcopy, WC_SHA512_256_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + +#ifndef NO_LARGE_HASH_TEST + /* BEGIN LARGE HASH TEST */ { + byte large_input[1024]; +#ifdef HASH_SIZE_LIMIT + const char* large_digest = + "\x49\xcc\xbc\x7a\x93\x0b\x02\xb8" + "\xad\x9a\x46\x51\x00\x1f\x13\x80" + "\x35\x84\x36\xf1\xf2\x3c\xeb\xd8" + "\x41\xd4\x06\x8b\x1d\x19\xad\x72"; +#else + const char* large_digest = + "\x7a\xe3\x84\x05\xcb\x06\x22\x08" + "\x7e\x2c\x65\x89\x1f\x26\x45\xfd" + "\xad\xbc\x2e\x29\x83\x12\x84\x4b" + "\xf2\xa0\xde\xbe\x06\x11\xd7\x44"; +#endif + + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } +#ifdef HASH_SIZE_LIMIT + times = 20; +#else + times = 100; +#endif + for (i = 0; i < times; ++i) { + ret = wc_Sha512_256Update(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + ret = wc_Sha512_256Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, large_digest, WC_SHA512_256_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + +#ifndef NO_UNALIGNED_MEMORY_TEST + /* Unaligned memory access test */ + for (i = 1; i < 16; i++) { + ret = wc_Sha512_256Update(&sha, (byte*)large_input + i, + (word32)sizeof(large_input) - (word32)i); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Sha512_256Final(&sha, hash); + } +#endif + } /* END LARGE HASH TEST */ +#endif /* NO_LARGE_HASH_TEST */ + +exit: + wc_Sha512_256Free(&sha); + wc_Sha512_256Free(&shaCopy); + + return ret; +} /* sha512_256_test */ +#endif /* !defined(WOLFSSL_NOSHA512_256) && !FIPS ... */ + +#endif /* WOLFSSL_SHA512 */ + + +#ifdef WOLFSSL_SHA384 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void) +{ + wc_Sha384 sha, shaCopy; + byte hash[WC_SHA384_DIGEST_SIZE]; + byte hashcopy[WC_SHA384_DIGEST_SIZE]; + wc_test_ret_t ret = 0; + + testVector a, b, c; + testVector test_sha[3]; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + WOLFSSL_ENTER("sha384_test"); + + a.input = ""; + + a.output = "\x38\xb0\x60\xa7\x51\xac\x96\x38\x4c\xd9\x32\x7e\xb1\xb1\xe3" + "\x6a\x21\xfd\xb7\x11\x14\xbe\x07\x43\x4c\x0c\xc7\xbf\x63\xf6" + "\xe1\xda\x27\x4e\xde\xbf\xe7\x6f\x65\xfb\xd5\x1a\xd2\xf1\x48" + "\x98\xb9\x5b"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA384_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b\xb5\xa0\x3d\x69\x9a\xc6\x50" + "\x07\x27\x2c\x32\xab\x0e\xde\xd1\x63\x1a\x8b\x60\x5a\x43\xff" + "\x5b\xed\x80\x86\x07\x2b\xa1\xe7\xcc\x23\x58\xba\xec\xa1\x34" + "\xc8\x25\xa7"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA384_DIGEST_SIZE; + + c.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + c.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b" + "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0" + "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91" + "\x74\x60\x39"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA384_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitSha384_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_InitSha384_ex(&shaCopy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sha384Free(&sha); + return WC_TEST_RET_ENC_EC(ret); + } + + for (i = 0; i < times; ++i) { + ret = wc_Sha384Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha384GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha384Copy(&sha, &shaCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha384Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + wc_Sha384Free(&shaCopy); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA384_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + if (XMEMCMP(hash, hashcopy, WC_SHA384_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + +#ifndef NO_LARGE_HASH_TEST + /* BEGIN LARGE HASH TEST */ { + byte large_input[1024]; +#ifdef HASH_SIZE_LIMIT + const char* large_digest = + "\xB5\xAD\x66\x6F\xD9\x58\x5E\x68\xDD\x5E\x30\xD3\x95\x72\x33\xA4" + "\xE9\x4B\x99\x3A\xEF\xF8\xE1\xBF\x1F\x05\x32\xAA\x16\x00\x82\xEC" + "\x15\xDA\xF2\x75\xEE\xE9\x06\xAF\x52\x8A\x5C\xEF\x72\x81\x80\xD6"; +#else + const char* large_digest = + "\x37\x01\xdb\xff\x1e\x40\x4f\xe1\xe2\xea\x0b\x40\xbb\x3b\x39\x9a" + "\xcc\xe8\x44\x8e\x7e\xe5\x64\xb5\x6b\x7f\x56\x64\xa7\x2b\x84\xe3" + "\xc5\xd7\x79\x03\x25\x90\xf7\xa4\x58\xcb\x97\xa8\x8b\xb1\xa4\x81"; +#endif + + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } +#ifdef HASH_SIZE_LIMIT + times = 20; +#else + times = 100; +#endif + for (i = 0; i < times; ++i) { + ret = wc_Sha384Update(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + ret = wc_Sha384Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, large_digest, WC_SHA384_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } /* END LARGE HASH TEST */ +#endif /* NO_LARGE_HASH_TEST */ + +exit: + + wc_Sha384Free(&sha); + wc_Sha384Free(&shaCopy); + + return ret; +} +#endif /* WOLFSSL_SHA384 */ + +#ifdef WOLFSSL_SHA3 +#ifndef WOLFSSL_NOSHA3_224 +static wc_test_ret_t sha3_224_test(void) +{ + wc_Sha3 sha; + byte hash[WC_SHA3_224_DIGEST_SIZE]; + byte hashcopy[WC_SHA3_224_DIGEST_SIZE]; + + testVector a, b, c; + testVector test_sha[3]; + wc_test_ret_t ret = 0; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + a.input = ""; + a.output = "\x6b\x4e\x03\x42\x36\x67\xdb\xb7\x3b\x6e\x15\x45\x4f\x0e\xb1" + "\xab\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f\x5b\x5a\x6b\xc7"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA3_224_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\xe6\x42\x82\x4c\x3f\x8c\xf2\x4a\xd0\x92\x34\xee\x7d\x3c\x76" + "\x6f\xc9\xa3\xa5\x16\x8d\x0c\x94\xad\x73\xb4\x6f\xdf"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA3_224_DIGEST_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x8a\x24\x10\x8b\x15\x4a\xda\x21\xc9\xfd\x55\x74\x49\x44\x79" + "\xba\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea\xd0\xfc\xce\x33"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA3_224_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitSha3_224(&sha, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + for (i = 0; i < times; ++i) { + ret = wc_Sha3_224_Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha3_224_GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha3_224_Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_224_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + if (XMEMCMP(hash, hashcopy, WC_SHA3_224_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + +#ifndef NO_LARGE_HASH_TEST + /* BEGIN LARGE HASH TEST */ { + byte large_input[1024]; + const char* large_digest = + "\x13\xe5\xd3\x98\x7b\x94\xda\x41\x12\xc7\x1e\x92\x3a\x19" + "\x21\x20\x86\x6f\x24\xbf\x0a\x31\xbc\xfd\xd6\x70\x36\xf3"; + + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } + times = 100; + for (i = 0; i < times; ++i) { + ret = wc_Sha3_224_Update(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + ret = wc_Sha3_224_Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, large_digest, WC_SHA3_224_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } /* END LARGE HASH TEST */ +#endif /* NO_LARGE_HASH_TEST */ + +exit: + wc_Sha3_224_Free(&sha); + + return ret; +} +#endif /* WOLFSSL_NOSHA3_224 */ + +#ifndef WOLFSSL_NOSHA3_256 +static wc_test_ret_t sha3_256_test(void) +{ + wc_Sha3 sha; + byte hash[WC_SHA3_256_DIGEST_SIZE]; + byte hashcopy[WC_SHA3_256_DIGEST_SIZE]; + + testVector a, b, c; + testVector test_sha[3]; + wc_test_ret_t ret = 0; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + byte large_input[1024]; + const char* large_digest = + "\xdc\x90\xc0\xb1\x25\xdb\x2c\x34\x81\xa3\xff\xbc\x1e\x2e\x87\xeb" + "\x6d\x70\x85\x61\xe0\xe9\x63\x61\xff\xe5\x84\x4b\x1f\x68\x05\x15"; + +#if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT) + /* test vector with hash of empty string */ + const char* Keccak256EmptyOut = + "\xc5\xd2\x46\x01\x86\xf7\x23\x3c\x92\x7e\x7d\xb2\xdc\xc7\x03\xc0" + "\xe5\x00\xb6\x53\xca\x82\x27\x3b\x7b\xfa\xd8\x04\x5d\x85\xa4\x70"; +#endif + + /* + ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-256_Msg0.pdf + */ + a.input = ""; + a.output = "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66\x51\xc1\x47\x56\xa0\x61\xd6" + "\x62\xf5\x80\xff\x4d\xe4\x3b\x49\xfa\x82\xd8\x0a\x4b\x80\xf8" + "\x43\x4a"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA3_256_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\x3a\x98\x5d\xa7\x4f\xe2\x25\xb2\x04\x5c\x17\x2d\x6b\xd3\x90" + "\xbd\x85\x5f\x08\x6e\x3e\x9d\x52\x5b\x46\xbf\xe2\x45\x11\x43" + "\x15\x32"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA3_256_DIGEST_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08\x49\x10\x03\x76\xa8\x23\x5e" + "\x2c\x82\xe1\xb9\x99\x8a\x99\x9e\x21\xdb\x32\xdd\x97\x49\x6d" + "\x33\x76"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA3_256_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitSha3_256(&sha, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + for (i = 0; i < times; ++i) { + ret = wc_Sha3_256_Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha3_256_GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha3_256_Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_256_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + if (XMEMCMP(hash, hashcopy, WC_SHA3_256_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + +#ifndef NO_LARGE_HASH_TEST + /* BEGIN LARGE HASH TEST */ { + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } + times = 100; + for (i = 0; i < times; ++i) { + ret = wc_Sha3_256_Update(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + ret = wc_Sha3_256_Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, large_digest, WC_SHA3_256_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } /* END LARGE HASH TEST */ +#endif /* NO_LARGE_HASH_TEST */ + + /* this is a software only variant of SHA3 not supported by external hardware devices */ +#if defined(WOLFSSL_HASH_FLAGS) && !defined(WOLFSSL_ASYNC_CRYPT) + /* Test for Keccak256 */ + ret = wc_Sha3_SetFlags(&sha, WC_HASH_SHA3_KECCAK256); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + ret = wc_Sha3_256_Update(&sha, (byte*)"", 0); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + ret = wc_Sha3_256_Final(&sha, hash); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + if (XMEMCMP(hash, Keccak256EmptyOut, WC_SHA3_256_DIGEST_SIZE) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } +#endif /* WOLFSSL_HASH_FLAGS && !WOLFSSL_ASYNC_CRYPT */ + +exit: + wc_Sha3_256_Free(&sha); + + return ret; +} +#endif /* WOLFSSL_NOSHA3_256 */ + +#ifndef WOLFSSL_NOSHA3_384 +static wc_test_ret_t sha3_384_test(void) +{ + wc_Sha3 sha; + byte hash[WC_SHA3_384_DIGEST_SIZE]; + byte buf[64]; +#ifndef NO_INTM_HASH_TEST + byte hashcopy[WC_SHA3_384_DIGEST_SIZE]; +#endif + + testVector a, b, c; + testVector test_sha[3]; + wc_test_ret_t ret; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + /* + ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-384_Msg0.pdf + */ + a.input = ""; + a.output = "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d\x01\x10\x7d\x85\x2e\x4c\x24" + "\x85\xc5\x1a\x50\xaa\xaa\x94\xfc\x61\x99\x5e\x71\xbb\xee\x98" + "\x3a\x2a\xc3\x71\x38\x31\x26\x4a\xdb\x47\xfb\x6b\xd1\xe0\x58" + "\xd5\xf0\x04"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA3_384_DIGEST_SIZE; + +#ifndef NO_INTM_HASH_TEST + /* NIST test vector with a length that is a multiple of 4 */ + b.input = "\x7d\x80\xb1\x60\xc4\xb5\x36\xa3\xbe\xb7\x99\x80\x59\x93\x44" + "\x04\x7c\x5f\x82\xa1\xdf\xc3\xee\xd4"; + b.output = "\x04\x1c\xc5\x86\x1b\xa3\x34\x56\x3c\x61\xd4\xef\x97\x10\xd4" + "\x89\x6c\x31\x1c\x92\xed\xbe\x0d\x7c\xd5\x3e\x80\x3b\xf2\xf4" + "\xeb\x60\x57\x23\x55\x70\x77\x0c\xe8\x7c\x55\x20\xd7\xec\x14" + "\x19\x87\x22"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA3_384_DIGEST_SIZE; +#else + b.input = "abc"; + b.output = "\xec\x01\x49\x82\x88\x51\x6f\xc9\x26\x45\x9f\x58\xe2\xc6\xad" + "\x8d\xf9\xb4\x73\xcb\x0f\xc0\x8c\x25\x96\xda\x7c\xf0\xe4\x9b" + "\xe4\xb2\x98\xd8\x8c\xea\x92\x7a\xc7\xf5\x39\xf1\xed\xf2\x28" + "\x37\x6d\x25"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA3_384_DIGEST_SIZE; +#endif + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b\x6b\xbd\xfb\x75\xc7\x8a\x49" + "\x2e\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42\x9b\xfd\xbc\x32\xb9\xd4" + "\xad\x5a\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1\x9e\xef\x51\xac\xd0" + "\x65\x7c\x22"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA3_384_DIGEST_SIZE; + +#ifndef NO_INTM_HASH_TEST + test_sha[0] = b; /* hardware acc. pre-Versal can not handle "" string */ +#else + test_sha[0] = a; +#endif + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitSha3_384(&sha, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + for (i = 0; i < times; ++i) { + XMEMCPY(buf, test_sha[i].input, test_sha[i].inLen); + ret = wc_Sha3_384_Update(&sha, buf, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + #ifndef NO_INTM_HASH_TEST + ret = wc_Sha3_384_GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + #endif + ret = wc_Sha3_384_Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_384_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + #ifndef NO_INTM_HASH_TEST + if (XMEMCMP(hash, hashcopy, WC_SHA3_384_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + #endif + } + +#ifndef NO_LARGE_HASH_TEST + /* BEGIN LARGE HASH TEST */ { + byte large_input[1024]; + const char* large_digest = + "\x30\x44\xec\x17\xef\x47\x9f\x55\x36\x11\xd6\x3f\x8a\x31\x5a\x71" + "\x8a\x71\xa7\x1d\x8e\x84\xe8\x6c\x24\x02\x2f\x7a\x08\x4e\xea\xd7" + "\x42\x36\x5d\xa8\xc2\xb7\x42\xad\xec\x19\xfb\xca\xc6\x64\xb3\xa4"; + + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } + times = 100; + for (i = 0; i < times; ++i) { + ret = wc_Sha3_384_Update(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + ret = wc_Sha3_384_Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, large_digest, WC_SHA3_384_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } /* END LARGE HASH TEST */ +#endif /* NO_LARGE_HASH_TEST */ + +exit: + wc_Sha3_384_Free(&sha); + + return ret; +} +#endif /* WOLFSSL_NOSHA3_384 */ + +#ifndef WOLFSSL_NOSHA3_512 +static wc_test_ret_t sha3_512_test(void) +{ + wc_Sha3 sha; + byte hash[WC_SHA3_512_DIGEST_SIZE]; + byte hashcopy[WC_SHA3_512_DIGEST_SIZE]; + + testVector a, b, c; + testVector test_sha[3]; + wc_test_ret_t ret; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + /* + ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHA3-512_Msg0.pdf + */ + a.input = ""; + a.output = "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5\xc8\xb5\x67\xdc\x18\x5a\x75" + "\x6e\x97\xc9\x82\x16\x4f\xe2\x58\x59\xe0\xd1\xdc\xc1\x47\x5c" + "\x80\xa6\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c\x11\xe3\xe9\x40\x2c" + "\x3a\xc5\x58\xf5\x00\x19\x9d\x95\xb6\xd3\xe3\x01\x75\x85\x86" + "\x28\x1d\xcd\x26"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA3_512_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\xb7\x51\x85\x0b\x1a\x57\x16\x8a\x56\x93\xcd\x92\x4b\x6b\x09" + "\x6e\x08\xf6\x21\x82\x74\x44\xf7\x0d\x88\x4f\x5d\x02\x40\xd2" + "\x71\x2e\x10\xe1\x16\xe9\x19\x2a\xf3\xc9\x1a\x7e\xc5\x76\x47" + "\xe3\x93\x40\x57\x34\x0b\x4c\xf4\x08\xd5\xa5\x65\x92\xf8\x27" + "\x4e\xec\x53\xf0"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA3_512_DIGEST_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8\xb7\x7c\xb4\x86\x10\xfc\xa8" + "\x18\x2d\xd4\x57\xce\x6f\x32\x6a\x0f\xd3\xd7\xec\x2f\x1e\x91" + "\x63\x6d\xee\x69\x1f\xbe\x0c\x98\x53\x02\xba\x1b\x0d\x8d\xc7" + "\x8c\x08\x63\x46\xb5\x33\xb4\x9c\x03\x0d\x99\xa2\x7d\xaf\x11" + "\x39\xd6\xe7\x5e"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA3_512_DIGEST_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + + ret = wc_InitSha3_512(&sha, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + for (i = 0; i < times; ++i) { + ret = wc_Sha3_512_Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha3_512_GetHash(&sha, hashcopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Sha3_512_Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + if (XMEMCMP(hash, test_sha[i].output, WC_SHA3_512_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + if (XMEMCMP(hash, hashcopy, WC_SHA3_512_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + +#ifndef NO_LARGE_HASH_TEST + /* BEGIN LARGE HASH TEST */ { + byte large_input[1024]; + const char* large_digest = + "\x9c\x13\x26\xb6\x26\xb2\x94\x31\xbc\xf4\x34\xe9\x6f\xf2\xd6\x29" + "\x9a\xd0\x9b\x32\x63\x2f\x18\xa7\x5f\x23\xc9\x60\xc2\x32\x0c\xbc" + "\x57\x77\x33\xf1\x83\x81\x8a\xd3\x15\x7c\x93\xdc\x80\x9f\xed\x61" + "\x41\xa7\x5b\xfd\x32\x0e\x38\x15\xb0\x46\x3b\x7a\x4f\xfd\x44\x88"; + + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } + times = 100; + for (i = 0; i < times; ++i) { + ret = wc_Sha3_512_Update(&sha, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + ret = wc_Sha3_512_Final(&sha, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, large_digest, WC_SHA3_512_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } /* END LARGE HASH TEST */ +#endif /* NO_LARGE_HASH_TEST */ + +exit: + wc_Sha3_512_Free(&sha); + + return ret; +} +#endif /* WOLFSSL_NOSHA3_512 */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void) +{ + wc_test_ret_t ret; + + (void)ret; + WOLFSSL_ENTER("sha3_test"); + +#ifndef WOLFSSL_NOSHA3_224 + if ((ret = sha3_224_test()) != 0) + return ret; +#endif +#ifndef WOLFSSL_NOSHA3_256 + if ((ret = sha3_256_test()) != 0) + return ret; +#endif +#ifndef WOLFSSL_NOSHA3_384 + if ((ret = sha3_384_test()) != 0) + return ret; +#endif +#ifndef WOLFSSL_NOSHA3_512 + if ((ret = sha3_512_test()) != 0) + return ret; +#endif + + return 0; +} +#endif /* WOLFSSL_SHA3 */ + +#ifdef WOLFSSL_SHAKE128 +static wc_test_ret_t shake128_absorb_test(wc_Shake* sha, byte *large_input_buf, + size_t large_input_buf_size) +{ + testVector a, b, c, d, e; + testVector test_sha[5]; + wc_test_ret_t ret = 0; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + static const char large_digest[] = + "\x2b\xd1\x69\x9f\xb3\x75\x40\x74\xb8\xb2\xd2\x0b\x92\x47\x9b\xfe" + "\xc9\x91\x48\xbe\xda\xa4\x09\xd7\x61\x35\x18\x05\x07\x71\xa5\x61" + "\x4d\xc4\x94\xad\xbe\x04\x7d\xad\x95\x2f\xeb\x2c\xc0\x10\x67\x43" + "\x40\xf1\x4a\x58\x1c\x54\xfa\x24\x1c\x1a\x4e\x8d\x9b\xbc\xea\xa7" + "\x32\xf2\x4c\xc7\x86\x05\x36\xdc\xb4\x42\xd8\x35\xd1\xb4\xa2\x79" + "\xa2\xe6\xee\x67\x4f\xbf\x2a\x93\x41\x88\x25\x56\x29\x90\x1a\x06" + "\xba\xfe\x9f\xa6\x1a\x74\xe8\x7e\x85\x4a\xc8\x58\x60\xb1\x7b\x18" + "\xdf\x77\x59\x46\x04\xc1\xff\x4b\x9b\xcb\xad\xfe\x91\x28\xf0\x01" + "\xc1\x33\xd0\x99\x99\x2e\x0c\x86\x84\x67\x4d\x37\xa4\x42\x45\x10" + "\xdc\x8f\xdb\x6f\xa6\x9b\xee\x8a\x60\xa5\x1f\x95\x3f\x8f\xf5\x31" + "\x4b\x1d\x48\x1e\x45\xff\x79\x5c\xbe\x72\xfc\x56\xed\x6d\x1a\x99" + "\x7f\x23\x7c\xd1\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b" + "\xa3\x60\x51\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41" + "\x77\x2c\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59" + "\x0d\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b" + "\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4\xcb\x87\xd8\xb7\x9d\xa8" + "\xbf\xc5\x2e\x5e\xfc\xd3\x6c\x45\xd4\x5d\x72\x0f\x66\xeb\x67\x86" + "\xfa\x6c\xd6\x80\xa4\x23\xcb\x5d\xed\x3c\xde\xdc\x5b\x3d\xca\x95" + "\x43\x4b\xdc\xe8\x49\xd3\xe1\x01\xd4\xf1\xe4\x47\xcf\x56\xba\x71" + "\xb4\x69\xed\xe7\xdb\x0f\x89\xd6\xbb\xcd\x1a\xff\xb4\xbe\x72\x26" + "\xdc\x76\x79\xb3\x1a\x4b\xe6\x8d\x9b\x8e\xd9\xe9\xe6\xf9\xff\xa5"; + + byte hash[sizeof(large_digest) - 1]; + + /* + ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE128_Msg0.pdf + */ + a.input = ""; + a.output = "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d\x61\x60\x45\x50\x76\x05\x85" + "\x3e\xd7\x3b\x80\x93\xf6\xef\xbc\x88\xeb\x1a\x6e\xac\xfa\x66" + "\xef\x26\x3c\xb1\xee\xa9\x88\x00\x4b\x93\x10\x3c\xfb\x0a\xee" + "\xfd\x2a\x68\x6e\x01\xfa\x4a\x58\xe8\xa3\x63\x9c\xa8\xa1\xe3" + "\xf9\xae\x57\xe2\x35\xb8\xcc\x87\x3c\x23\xdc\x62\xb8\xd2\x60" + "\x16\x9a\xfa\x2f\x75\xab\x91\x6a\x58\xd9\x74\x91\x88\x35\xd2" + "\x5e\x6a\x43\x50\x85\xb2\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5\xef" + "\xbb\x7b\xcc\x4b\x59\xd5\x38\xdf\x9a\x04\x30\x2e\x10\xc8\xbc" + "\x1c\xbf\x1a\x0b\x3a\x51\x20\xea\x17\xcd\xa7\xcf\xad\x76\x5f" + "\x56\x23\x47\x4d\x36\x8c\xcc\xa8\xaf\x00\x07\xcd\x9f\x5e\x4c" + "\x84\x9f\x16\x7a\x58\x0b\x14\xaa\xbd\xef\xae\xe7\xee\xf4\x7c" + "\xb0\xfc\xa9"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA3_128_BLOCK_SIZE; + + b.input = "abc"; + b.output = "\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb" + "\xa7\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f" + "\x2c\xc8\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c\xdd\x06\x65\x68\x70" + "\x6f\x50\x9b\xc1\xbd\xde\x58\x29\x5d\xae\x3f\x89\x1a\x9a\x0f" + "\xca\x57\x83\x78\x9a\x41\xf8\x61\x12\x14\xce\x61\x23\x94\xdf" + "\x28\x6a\x62\xd1\xa2\x25\x2a\xa9\x4d\xb9\xc5\x38\x95\x6c\x71" + "\x7d\xc2\xbe\xd4\xf2\x32\xa0\x29\x4c\x85\x7c\x73\x0a\xa1\x60" + "\x67\xac\x10\x62\xf1\x20\x1f\xb0\xd3\x77\xcf\xb9\xcd\xe4\xc6" + "\x35\x99\xb2\x7f\x34\x62\xbb\xa4\xa0\xed\x29\x6c\x80\x1f\x9f" + "\xf7\xf5\x73\x02\xbb\x30\x76\xee\x14\x5f\x97\xa3\x2a\xe6\x8e" + "\x76\xab\x66\xc4\x8d\x51\x67\x5b\xd4\x9a\xcc\x29\x08\x2f\x56" + "\x47\x58\x4e"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA3_128_BLOCK_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e\x74\xe0\xa7\x07\x78\x8f\x55" + "\xe9\x82\x09\xb8\xd9\x1f\xad\xe8\xf3\x2f\x8d\xd5\xcf\xf7\xbf" + "\x21\xf5\x4e\xe5\xf1\x95\x50\x82\x5a\x6e\x07\x00\x30\x51\x9e" + "\x94\x42\x63\xac\x1c\x67\x65\x28\x70\x65\x62\x1f\x9f\xcb\x32" + "\x01\x72\x3e\x32\x23\xb6\x3a\x46\xc2\x93\x8a\xa9\x53\xba\x84" + "\x01\xd0\xea\x77\xb8\xd2\x64\x90\x77\x55\x66\x40\x7b\x95\x67" + "\x3c\x0f\x4c\xc1\xce\x9f\xd9\x66\x14\x8d\x7e\xfd\xff\x26\xbb" + "\xf9\xf4\x8a\x21\xc6\xda\x35\xbf\xaa\x54\x56\x54\xf7\x0a\xe5" + "\x86\xff\x10\x13\x14\x20\x77\x14\x83\xec\x92\xed\xab\x40\x8c" + "\x76\x7b\xf4\xc5\xb4\xff\xfa\xa8\x0c\x8c\xa2\x14\xd8\x4c\x4d" + "\xc7\x00\xd0\xc5\x06\x30\xb2\xff\xc3\x79\x3e\xa4\xd8\x72\x58" + "\xb4\xc9\x54"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA3_128_BLOCK_SIZE; + + /* Taken from NIST CAVP test vectors - full rate output. */ + d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb" + "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8" + "\x85\xe0"; + d.output = "\x93\x68\xf0\x15\x10\x92\x44\xeb\x02\x47\xfa\x3a\x0e\x57\xf5" + "\x2e\xa7\xd9\xeb\xa2\x3d\xae\x7a\x19\x7f\x0a\x29\xe9\x22\x55" + "\x06\x05\x98\x16\xb7\x84\x48\xb6\x49\x7a\x76\xeb\x96\x2d\xb3" + "\xf8\x4d\x37\x60\xf1\xfe\xb4\xbd\xc1\xfd\x4a\xc9\x4e\x91\x7a" + "\xc2\xea\x5e\x4f\x38\x37\x4a\xa5\x6e\x4f\x47\x67\xb8\xd7\x83" + "\x1b\x2d\x51\x49\x5a\xb8\xea\xb7\xc9\x82\x20\xaf\x13\x41\x5a" + "\x59\xbb\x7c\x17\x7a\xcd\x62\x8e\xf0\xff\xe3\x6c\xeb\x18\x59" + "\x5d\x14\x4c\xbf\x25\xef\xc0\x6c\xd9\x56\xa5\x78\x20\x6e\xa8" + "\xf9\x14\x5e\xf9\xce\x19\x50\x6a\x9d\x04\x4e\xc7\x00\x79\x9f" + "\xa1\x41\x9b\xaf\x60\x52\xc0\xc1\xb4\x45\xf8\x35\x17\x57\xb0" + "\xd0\x22\x87\x21\x89\xe2\xc0\x27\x3f\x82\xd9\x69\x69\x66\x3e" + "\x55\x4d\x09"; + d.inLen = 32; + d.outLen = WC_SHA3_128_BLOCK_SIZE; + /* Taken from NIST CAVP test vectors - more than one output block. */ + e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef" + "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67" + "\x47\xe4"; + e.output = "\xe1\x7e\xab\x0d\xa4\x04\xf9\xb6\xac\xc0\x84\x97\x2f\xc5\x79" + "\xe8\x6d\xaa\x76\x10\xa5\xe1\x7c\x23\x2f\x79\x19\x83\x96\xfd" + "\x01\xc2\x4c\x34\xbb\x54\xf4\xb0\x1e\xf7\x40\xb4\x25\x33\x4a" + "\x55\xdd\x24\x81\x3d\xc8\xea\x86\xf5\x6e\xf7\x27\x67\x26\x2b" + "\xf2\x25\x74\x8c\xcc\x3d\x9f\x48\x6f\xfb\x72\x8f\x4e\xad\x29" + "\x60\xc9\x6c\x3e\x44\x63\x86\xea\xce\x21\x9c\x84\x28\x16\x11" + "\x63\x58\xb0\xf4\x2d\x7d\xff\xf7\xdd\x24\x11\xfa\x2a\x56\x79" + "\xfd\x7a\x94\x77\x45\x75\xba\xf9\xfc\xad\x68\xa1\x9e\x30\xd1" + "\x49\xb0\x59\xb5\x9c\x44\x6c\x4e\xdc\xa5\x9b\xc5\xa4\x79\x9d" + "\xc4\x65\xaa\x9e\x78\x2c\xed\x9f\x21\xc5\x5d\xe2\x42\xdd\x25" + "\xd0\xd9\xde\x60\xd0\x9f\xf8\x6a\xba\xf3\xa0\x3a\x76\x71\xb3" + "\x05\x42\xdf\xbe\x72\xfc\x56\xed\x6d\x1a\x99\x7f\x23\x7c\xd1" + "\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b\xa3\x60\x51" + "\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41\x77\x2c" + "\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59\x0d" + "\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b" + "\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4\xcb\x87\xd8\xb7\x9d" + "\xa8\xbf\xc5\x2e\x5e\xfc\xd3\x6c\x45\xd4\x5d\x72\x0f\x66\xeb" + "\x67\x86\xfa\x6c\xd6\x80\xa4\x23\xcb\x5d\xed\x3c\xde\xdc\x5b" + "\x3d\xca\x95\x43\x4b\xdc\xe8\x49\xd3\xe1\x01\xd4\xf1\xe4\x47" + "\xcf\x56\xba\x71\xb4\x69\xed\xe7\xdb\x0f\x89\xd6\xbb\xcd\x1a" + "\xff\xb4\xbe\x72\x26\xdc\x76\x79\xb3\x1a\x4b\xe6\x8d\x9b\x8e" + "\xd9\xe9\xe6\xf9\xff\xa5"; + e.inLen = 32; + e.outLen = 2 * WC_SHA3_128_BLOCK_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + test_sha[3] = d; + test_sha[4] = e; + + for (i = 0; i < times; ++i) { + ret = wc_InitShake128(sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Shake128_Absorb(sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Shake128_SqueezeBlocks(sha, hash, + (word32)test_sha[i].outLen / WC_SHA3_128_BLOCK_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + if (XMEMCMP(hash, test_sha[i].output, (word32)test_sha[i].outLen) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + +#ifndef NO_LARGE_HASH_TEST + /* BEGIN LARGE HASH TEST */ { + for (i = 0; i < (int)large_input_buf_size; i++) { + large_input_buf[i] = (byte)(i & 0xFF); + } + ret = wc_InitShake128(sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + /* Absorb is non-incremental. */ + ret = wc_Shake128_Absorb(sha, (byte*)large_input_buf, + (word32)large_input_buf_size); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + /* Able to squeeze out blocks incrementally. */ + ret = wc_Shake128_SqueezeBlocks(sha, hash, 1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Shake128_SqueezeBlocks(sha, hash, + ((word32)sizeof(hash) / WC_SHA3_128_BLOCK_SIZE) - 1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } /* END LARGE HASH TEST */ +#endif /* NO_LARGE_HASH_TEST */ + +exit: + return ret; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void) +{ + wc_Shake sha; + byte hash[250]; + + testVector a, b, c, d, e; + testVector test_sha[5]; + wc_test_ret_t ret = 0; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + +#define SHAKE128_LARGE_INPUT_BUFSIZ 1024 +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte *large_input = NULL; +#else + byte large_input[SHAKE128_LARGE_INPUT_BUFSIZ]; +#endif + static const char large_digest[] = + "\x88\xd7\x0e\x86\x46\x72\x6b\x3d\x7d\x22\xe1\xa9\x2d\x02\xdb\x35" + "\x92\x4f\x1b\x03\x90\xee\xa3\xce\xd1\x3a\x08\x3a\xd7\x4e\x10\xdf" + "\x09\x67\x33\x35\x4f\xdd\x38\x50\x5b\xcb\x75\xc7\xba\x65\xe5\xe8" + "\xb8\x76\xde\xc5\xee\xd7\xf1\x65\x93\x4e\x5e\xc4\xb1\xd7\x6b\xee" + "\x4b\x57\x48\xf5\x38\x49\x9e\x45\xa0\xf7\x32\xe9\x05\x26\x6a\x10" + "\x70\xd4\x7c\x19\x01\x1f\x6d\x37\xba\x7b\x74\xc2\xbc\xb6\xbc\x74" + "\xa3\x66\x6c\x9b\x11\x84\x9d\x4a\x36\xbc\x8a\x0d\x4c\xe3\x39\xfa" + "\xfa\x1b"; + WOLFSSL_ENTER("shake128_test"); + + + /* + ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE128_Msg0.pdf + */ + a.input = ""; + a.output = "\x7f\x9c\x2b\xa4\xe8\x8f\x82\x7d\x61\x60\x45\x50\x76\x05\x85" + "\x3e\xd7\x3b\x80\x93\xf6\xef\xbc\x88\xeb\x1a\x6e\xac\xfa\x66" + "\xef\x26\x3c\xb1\xee\xa9\x88\x00\x4b\x93\x10\x3c\xfb\x0a\xee" + "\xfd\x2a\x68\x6e\x01\xfa\x4a\x58\xe8\xa3\x63\x9c\xa8\xa1\xe3" + "\xf9\xae\x57\xe2\x35\xb8\xcc\x87\x3c\x23\xdc\x62\xb8\xd2\x60" + "\x16\x9a\xfa\x2f\x75\xab\x91\x6a\x58\xd9\x74\x91\x88\x35\xd2" + "\x5e\x6a\x43\x50\x85\xb2\xba\xdf\xd6\xdf\xaa\xc3\x59\xa5\xef" + "\xbb\x7b\xcc\x4b\x59\xd5\x38\xdf\x9a"; + a.inLen = XSTRLEN(a.input); + a.outLen = 114; + + b.input = "abc"; + b.output = "\x58\x81\x09\x2d\xd8\x18\xbf\x5c\xf8\xa3\xdd\xb7\x93\xfb\xcb" + "\xa7\x40\x97\xd5\xc5\x26\xa6\xd3\x5f\x97\xb8\x33\x51\x94\x0f" + "\x2c\xc8\x44\xc5\x0a\xf3\x2a\xcd\x3f\x2c\xdd\x06\x65\x68\x70" + "\x6f\x50\x9b\xc1\xbd\xde\x58\x29\x5d\xae\x3f\x89\x1a\x9a\x0f" + "\xca\x57\x83\x78\x9a\x41\xf8\x61\x12\x14\xce\x61\x23\x94\xdf" + "\x28\x6a\x62\xd1\xa2\x25\x2a\xa9\x4d\xb9\xc5\x38\x95\x6c\x71" + "\x7d\xc2\xbe\xd4\xf2\x32\xa0\x29\x4c\x85\x7c\x73\x0a\xa1\x60" + "\x67\xac\x10\x62\xf1\x20\x1f\xb0\xd3"; + b.inLen = XSTRLEN(b.input); + b.outLen = 114; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x1a\x96\x18\x2b\x50\xfb\x8c\x7e\x74\xe0\xa7\x07\x78\x8f\x55" + "\xe9\x82\x09\xb8\xd9\x1f\xad\xe8\xf3\x2f\x8d\xd5\xcf\xf7\xbf" + "\x21\xf5\x4e\xe5\xf1\x95\x50\x82\x5a\x6e\x07\x00\x30\x51\x9e" + "\x94\x42\x63\xac\x1c\x67\x65\x28\x70\x65\x62\x1f\x9f\xcb\x32" + "\x01\x72\x3e\x32\x23\xb6\x3a\x46\xc2\x93\x8a\xa9\x53\xba\x84" + "\x01\xd0\xea\x77\xb8\xd2\x64\x90\x77\x55\x66\x40\x7b\x95\x67" + "\x3c\x0f\x4c\xc1\xce\x9f\xd9\x66\x14\x8d\x7e\xfd\xff\x26\xbb" + "\xf9\xf4\x8a\x21\xc6\xda\x35\xbf\xaa"; + c.inLen = XSTRLEN(c.input); + c.outLen = 114; + + /* Taken from NIST CAVP test vectors - full rate output. */ + d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb" + "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8" + "\x85\xe0"; + d.output = "\x93\x68\xf0\x15\x10\x92\x44\xeb\x02\x47\xfa\x3a\x0e\x57\xf5" + "\x2e\xa7\xd9\xeb\xa2\x3d\xae\x7a\x19\x7f\x0a\x29\xe9\x22\x55" + "\x06\x05\x98\x16\xb7\x84\x48\xb6\x49\x7a\x76\xeb\x96\x2d\xb3" + "\xf8\x4d\x37\x60\xf1\xfe\xb4\xbd\xc1\xfd\x4a\xc9\x4e\x91\x7a" + "\xc2\xea\x5e\x4f\x38\x37\x4a\xa5\x6e\x4f\x47\x67\xb8\xd7\x83" + "\x1b\x2d\x51\x49\x5a\xb8\xea\xb7\xc9\x82\x20\xaf\x13\x41\x5a" + "\x59\xbb\x7c\x17\x7a\xcd\x62\x8e\xf0\xff\xe3\x6c\xeb\x18\x59" + "\x5d\x14\x4c\xbf\x25\xef\xc0\x6c\xd9\x56\xa5\x78\x20\x6e\xa8" + "\xf9\x14\x5e\xf9\xce\x19\x50\x6a\x9d\x04\x4e\xc7\x00\x79\x9f" + "\xa1"; + d.inLen = 32; + d.outLen = 136; + /* Taken from NIST CAVP test vectors - more than one output block. */ + e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef" + "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67" + "\x47\xe4"; + e.output = "\xe1\x7e\xab\x0d\xa4\x04\xf9\xb6\xac\xc0\x84\x97\x2f\xc5\x79" + "\xe8\x6d\xaa\x76\x10\xa5\xe1\x7c\x23\x2f\x79\x19\x83\x96\xfd" + "\x01\xc2\x4c\x34\xbb\x54\xf4\xb0\x1e\xf7\x40\xb4\x25\x33\x4a" + "\x55\xdd\x24\x81\x3d\xc8\xea\x86\xf5\x6e\xf7\x27\x67\x26\x2b" + "\xf2\x25\x74\x8c\xcc\x3d\x9f\x48\x6f\xfb\x72\x8f\x4e\xad\x29" + "\x60\xc9\x6c\x3e\x44\x63\x86\xea\xce\x21\x9c\x84\x28\x16\x11" + "\x63\x58\xb0\xf4\x2d\x7d\xff\xf7\xdd\x24\x11\xfa\x2a\x56\x79" + "\xfd\x7a\x94\x77\x45\x75\xba\xf9\xfc\xad\x68\xa1\x9e\x30\xd1" + "\x49\xb0\x59\xb5\x9c\x44\x6c\x4e\xdc\xa5\x9b\xc5\xa4\x79\x9d" + "\xc4\x65\xaa\x9e\x78\x2c\xed\x9f\x21\xc5\x5d\xe2\x42\xdd\x25" + "\xd0\xd9\xde\x60\xd0\x9f\xf8\x6a\xba\xf3\xa0\x3a\x76\x71\xb3" + "\x05\x42\xdf\xbe\x72\xfc\x56\xed\x6d\x1a\x99\x7f\x23\x7c\xd1" + "\xa5\x50\x9e\xb0\x4d\x61\x37\xa5\xcb\x24\x71\x3b\xa3\x60\x51" + "\x2e\x80\x83\x8b\xe0\x55\x50\xa7\x1e\xcc\x9f\xac\x41\x77\x2c" + "\x79\x22\x30\x09\x1b\x1a\x83\x5b\x2c\x48\xdc\x09\x7d\x59\x0d" + "\xf0\x54\x17\xfb\x5e\x38\x68\xde\xdb\xc5\x93\xab\x17\x5f\x4b" + "\x4d\x6d\xf2\xc7\x4e\x15\x1e\x10\x76\xc4"; + e.inLen = 32; + e.outLen = 250; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + test_sha[3] = d; + test_sha[4] = e; + + ret = wc_InitShake128(&sha, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + for (i = 0; i < times; ++i) { + ret = wc_Shake128_Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Shake128_Final(&sha, hash, (word32)test_sha[i].outLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + large_input = (byte *)XMALLOC(SHAKE128_LARGE_INPUT_BUFSIZ, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (large_input == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit); +#endif + +#ifndef NO_LARGE_HASH_TEST + /* BEGIN LARGE HASH TEST */ { + for (i = 0; i < SHAKE128_LARGE_INPUT_BUFSIZ; i++) { + large_input[i] = (byte)(i & 0xFF); + } + times = 100; + for (i = 0; i < times; ++i) { + ret = wc_Shake128_Update(&sha, (byte*)large_input, + SHAKE128_LARGE_INPUT_BUFSIZ); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + ret = wc_Shake128_Final(&sha, hash, (word32)sizeof(hash)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, large_digest, sizeof(large_digest) - 1) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } /* END LARGE HASH TEST */ +#endif /* NO_LARGE_HASH_TEST */ + + ret = shake128_absorb_test(&sha, large_input, SHAKE128_LARGE_INPUT_BUFSIZ); + +exit: + wc_Shake128_Free(&sha); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} +#endif + +#ifdef WOLFSSL_SHAKE256 +static wc_test_ret_t shake256_absorb_test(wc_Shake* sha, byte *large_input_buf, + size_t large_input_buf_size) +{ + testVector a, b, c, d, e; + testVector test_sha[5]; + wc_test_ret_t ret = 0; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + + static const char large_digest[] = + "\x21\x25\x8e\xae\x6e\x4f\xa7\xe1\xb9\x6d\xa7\xc9\x7d\x46\x03\x69" + "\x29\x0d\x81\x49\xba\x5d\xaf\x37\xfd\xeb\x25\x52\x1d\xd9\xbd\x65" + "\xfa\x99\xb9\xd1\x70\x6b\xeb\xd4\xc1\x2c\xea\x24\x20\x27\xa7\xcd" + "\xfa\xe1\x81\xd9\xd5\xc1\x1c\xc7\xe9\x70\xc3\xc7\x21\x6f\x32\x22" + "\xe3\x27\xdb\x58\x5e\xea\x18\x2d\x63\x4d\x14\x6c\x94\xcf\x2b\x7e" + "\x6e\x2a\x74\xf3\xe0\xac\xb3\xb2\xcc\xef\x38\xe9\xe7\x35\xb3\xc5" + "\x77\x9d\xff\xe3\x08\x8e\xf8\x2c\x89\xbb\x45\x22\x16\x99\x91\xc0" + "\xe7\x71\x57\x75\xc5\xb1\xc6\xaf\x27\xcb\x64\x8c\xc4\xee\x3d\x5f" + "\x4c\x35\xfb\x1c\xf3\xf8\x0e\xfd\x5e\xfc\x07\xd8\x4d\x55\x32\x49" + "\x45\x0d\xab\x4a\x49\xc4\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93" + "\x7a\xe6\x6b\xb4\x36\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43" + "\x2f\x3b\xfc\x09\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48" + "\x3d\x0e\xda\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08" + "\xd9\xdc\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a" + "\xb7\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11" + "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c\x68\x1b\x30\xdd\xc4\xe6" + "\x83\x8b\x0f\x23\x58\x7e\x06\x5f\x4a\x2b\xed\xc9\x6c\x97\x68\x44"; + + byte hash[sizeof(large_digest) - 1]; + + /* + ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE256_Msg0.pdf + */ + a.input = ""; + a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb" + "\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5" + "\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67" + "\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac" + "\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7" + "\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84" + "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2" + "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46\xc1\x85\xc1\x51\x11\xe5" + "\x95\x52\x2a\x6b\xcd\x16\xcf\x86\xf3\xd1\x22\x10\x9e\x3b\x1f" + "\xdd"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA3_256_BLOCK_SIZE; + + b.input = "abc"; + b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11" + "\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b" + "\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52" + "\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88" + "\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04" + "\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc" + "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13" + "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0\x9a\x3e\x6d\x51\xcb\xfc" + "\x62\x27\x20\xd7\xa7\x5c\x63\x34\xe8\xa2\xd7\xec\x71\xa7\xcc" + "\x29"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA3_256_BLOCK_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87" + "\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e" + "\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc" + "\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74" + "\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55" + "\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a" + "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60" + "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4\x9d\xd3\xef\x7e\x18\x2b" + "\x15\x24\xdf\x82\xea\x1c\xef\xe1\xc6\xc3\x96\x61\x75\xf0\x22" + "\x8d"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA3_256_BLOCK_SIZE; + + /* Taken from NIST CAVP test vectors - full rate output. */ + d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb" + "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8" + "\x85\xe0"; + d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00" + "\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d" + "\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc" + "\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c" + "\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6" + "\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d" + "\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5" + "\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b" + "\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7" + "\xc2"; + d.inLen = 32; + d.outLen = WC_SHA3_256_BLOCK_SIZE; + /* Taken from NIST CAVP test vectors - more than one output block. */ + e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef" + "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67" + "\x47\xe4"; + e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19" + "\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92" + "\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c" + "\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13" + "\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb" + "\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44" + "\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46" + "\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48" + "\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a" + "\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4" + "\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36" + "\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09" + "\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda" + "\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc" + "\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7" + "\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11" + "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c\x68\x1b\x30\xdd\xc4" + "\xe6\x83\x8b\x0f\x23\x58\x7e\x06\x5f\x4a\x2b\xed\xc9\x6c\x97" + "\x68\x44"; + e.inLen = 32; + e.outLen = 2 * WC_SHA3_256_BLOCK_SIZE; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + test_sha[3] = d; + test_sha[4] = e; + + for (i = 0; i < times; ++i) { + ret = wc_InitShake256(sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Shake256_Absorb(sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Shake256_SqueezeBlocks(sha, hash, + (word32)test_sha[i].outLen / WC_SHA3_256_BLOCK_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + if (XMEMCMP(hash, test_sha[i].output, (word32)test_sha[i].outLen) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + +#ifndef NO_LARGE_HASH_TEST + /* BEGIN LARGE HASH TEST */ { + for (i = 0; i < (int)large_input_buf_size; i++) { + large_input_buf[i] = (byte)(i & 0xFF); + } + ret = wc_InitShake256(sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + /* Absorb is non-incremental. */ + ret = wc_Shake256_Absorb(sha, large_input_buf, + (word32)large_input_buf_size); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + /* Able to squeeze out blocks incrementally. */ + ret = wc_Shake256_SqueezeBlocks(sha, hash, 1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_Shake256_SqueezeBlocks(sha, hash, + ((word32)sizeof(hash) / WC_SHA3_256_BLOCK_SIZE) - 1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, large_digest, sizeof(hash)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } /* END LARGE HASH TEST */ +#endif /* NO_LARGE_HASH_TEST */ + +exit: + return ret; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void) +{ + wc_Shake sha; + byte hash[250]; + + testVector a, b, c, d, e; + testVector test_sha[5]; + wc_test_ret_t ret = 0; + int times = sizeof(test_sha) / sizeof(struct testVector), i; + +#define SHAKE256_LARGE_INPUT_BUFSIZ 1024 +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte *large_input = NULL; +#else + byte large_input[SHAKE256_LARGE_INPUT_BUFSIZ]; +#endif + const char* large_digest = + "\x90\x32\x4a\xcc\xd1\xdf\xb8\x0b\x79\x1f\xb8\xc8\x5b\x54\xc8\xe7" + "\x45\xf5\x60\x6b\x38\x26\xb2\x0a\xee\x38\x01\xf3\xd9\xfa\x96\x9f" + "\x6a\xd7\x15\xdf\xb6\xc2\xf4\x20\x33\x44\x55\xe8\x2a\x09\x2b\x68" + "\x2e\x18\x65\x5e\x65\x93\x28\xbc\xb1\x9e\xe2\xb1\x92\xea\x98\xac" + "\x21\xef\x4c\xe1\xb4\xb7\xbe\x81\x5c\x1d\xd3\xb7\x17\xe5\xbb\xc5" + "\x8c\x68\xb7\xfb\xac\x55\x8a\x9b\x4d\x91\xe4\x9f\x72\xbb\x6e\x38" + "\xaf\x21\x7d\x21\xaa\x98\x4e\x75\xc4\xb4\x1c\x7c\x50\x45\x54\xf9" + "\xea\x26"; + + WOLFSSL_ENTER("shake256_test"); + /* + ** https://csrc.nist.gov/CSRC/media/Projects/Cryptographic-Standards-and-Guidelines/documents/examples/SHAKE256_Msg0.pdf + */ + a.input = ""; + a.output = "\x46\xb9\xdd\x2b\x0b\xa8\x8d\x13\x23\x3b\x3f\xeb\x74\x3e\xeb" + "\x24\x3f\xcd\x52\xea\x62\xb8\x1b\x82\xb5\x0c\x27\x64\x6e\xd5" + "\x76\x2f\xd7\x5d\xc4\xdd\xd8\xc0\xf2\x00\xcb\x05\x01\x9d\x67" + "\xb5\x92\xf6\xfc\x82\x1c\x49\x47\x9a\xb4\x86\x40\x29\x2e\xac" + "\xb3\xb7\xc4\xbe\x14\x1e\x96\x61\x6f\xb1\x39\x57\x69\x2c\xc7" + "\xed\xd0\xb4\x5a\xe3\xdc\x07\x22\x3c\x8e\x92\x93\x7b\xef\x84" + "\xbc\x0e\xab\x86\x28\x53\x34\x9e\xc7\x55\x46\xf5\x8f\xb7\xc2" + "\x77\x5c\x38\x46\x2c\x50\x10\xd8\x46"; + a.inLen = XSTRLEN(a.input); + a.outLen = 114; + + b.input = "abc"; + b.output = "\x48\x33\x66\x60\x13\x60\xa8\x77\x1c\x68\x63\x08\x0c\xc4\x11" + "\x4d\x8d\xb4\x45\x30\xf8\xf1\xe1\xee\x4f\x94\xea\x37\xe7\x8b" + "\x57\x39\xd5\xa1\x5b\xef\x18\x6a\x53\x86\xc7\x57\x44\xc0\x52" + "\x7e\x1f\xaa\x9f\x87\x26\xe4\x62\xa1\x2a\x4f\xeb\x06\xbd\x88" + "\x01\xe7\x51\xe4\x13\x85\x14\x12\x04\xf3\x29\x97\x9f\xd3\x04" + "\x7a\x13\xc5\x65\x77\x24\xad\xa6\x4d\x24\x70\x15\x7b\x3c\xdc" + "\x28\x86\x20\x94\x4d\x78\xdb\xcd\xdb\xd9\x12\x99\x3f\x09\x13" + "\xf1\x64\xfb\x2c\xe9\x51\x31\xa2\xd0"; + b.inLen = XSTRLEN(b.input); + b.outLen = 114; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x4d\x8c\x2d\xd2\x43\x5a\x01\x28\xee\xfb\xb8\xc3\x6f\x6f\x87" + "\x13\x3a\x79\x11\xe1\x8d\x97\x9e\xe1\xae\x6b\xe5\xd4\xfd\x2e" + "\x33\x29\x40\xd8\x68\x8a\x4e\x6a\x59\xaa\x80\x60\xf1\xf9\xbc" + "\x99\x6c\x05\xac\xa3\xc6\x96\xa8\xb6\x62\x79\xdc\x67\x2c\x74" + "\x0b\xb2\x24\xec\x37\xa9\x2b\x65\xdb\x05\x39\xc0\x20\x34\x55" + "\xf5\x1d\x97\xcc\xe4\xcf\xc4\x91\x27\xd7\x26\x0a\xfc\x67\x3a" + "\xf2\x08\xba\xf1\x9b\xe2\x12\x33\xf3\xde\xbe\x78\xd0\x67\x60" + "\xcf\xa5\x51\xee\x1e\x07\x91\x41\xd4"; + c.inLen = XSTRLEN(c.input); + c.outLen = 114; + + /* Taken from NIST CAVP test vectors - full rate output. */ + d.input = "\xdc\x88\x6d\xf3\xf6\x9c\x49\x51\x3d\xe3\x62\x7e\x94\x81\xdb" + "\x58\x71\xe8\xee\x88\xeb\x9f\x99\x61\x15\x41\x93\x0a\x8b\xc8" + "\x85\xe0"; + d.output = "\x00\x64\x8a\xfb\xc5\xe6\x51\x64\x9d\xb1\xfd\x82\x93\x6b\x00" + "\xdb\xbc\x12\x2f\xb4\xc8\x77\x86\x0d\x38\x5c\x49\x50\xd5\x6d" + "\xe7\xe0\x96\xd6\x13\xd7\xa3\xf2\x7e\xd8\xf2\x63\x34\xb0\xcc" + "\xc1\x40\x7b\x41\xdc\xcb\x23\xdf\xaa\x52\x98\x18\xd1\x12\x5c" + "\xd5\x34\x80\x92\x52\x43\x66\xb8\x5f\xab\xb9\x7c\x6c\xd1\xe6" + "\x06\x6f\x45\x9b\xcc\x56\x6d\xa8\x7e\xc9\xb7\xba\x36\x79\x2d" + "\x11\x8a\xc3\x9a\x4c\xce\xf6\x19\x2b\xbf\x3a\x54\xaf\x18\xe5" + "\x7b\x0c\x14\x61\x01\xf6\xae\xaa\x82\x2b\xc4\xb4\xc9\x70\x8b" + "\x09\xf0\xb3\xba\xb4\x1b\xcc\xe9\x64\xd9\x99\xd1\x10\x7b\xd7" + "\xc2"; + d.inLen = 32; + d.outLen = 136; + /* Taken from NIST CAVP test vectors - more than one output block. */ + e.input = "\x8d\x80\x01\xe2\xc0\x96\xf1\xb8\x8e\x7c\x92\x24\xa0\x86\xef" + "\xd4\x79\x7f\xbf\x74\xa8\x03\x3a\x2d\x42\x2a\x2b\x6b\x8f\x67" + "\x47\xe4"; + e.output = "\x2e\x97\x5f\x6a\x8a\x14\xf0\x70\x4d\x51\xb1\x36\x67\xd8\x19" + "\x5c\x21\x9f\x71\xe6\x34\x56\x96\xc4\x9f\xa4\xb9\xd0\x8e\x92" + "\x25\xd3\xd3\x93\x93\x42\x51\x52\xc9\x7e\x71\xdd\x24\x60\x1c" + "\x11\xab\xcf\xa0\xf1\x2f\x53\xc6\x80\xbd\x3a\xe7\x57\xb8\x13" + "\x4a\x9c\x10\xd4\x29\x61\x58\x69\x21\x7f\xdd\x58\x85\xc4\xdb" + "\x17\x49\x85\x70\x3a\x6d\x6d\xe9\x4a\x66\x7e\xac\x30\x23\x44" + "\x3a\x83\x37\xae\x1b\xc6\x01\xb7\x6d\x7d\x38\xec\x3c\x34\x46" + "\x31\x05\xf0\xd3\x94\x9d\x78\xe5\x62\xa0\x39\xe4\x46\x95\x48" + "\xb6\x09\x39\x5d\xe5\xa4\xfd\x43\xc4\x6c\xa9\xfd\x6e\xe2\x9a" + "\xda\x5e\xfc\x07\xd8\x4d\x55\x32\x49\x45\x0d\xab\x4a\x49\xc4" + "\x83\xde\xd2\x50\xc9\x33\x8f\x85\xcd\x93\x7a\xe6\x6b\xb4\x36" + "\xf3\xb4\x02\x6e\x85\x9f\xda\x1c\xa5\x71\x43\x2f\x3b\xfc\x09" + "\xe7\xc0\x3c\xa4\xd1\x83\xb7\x41\x11\x1c\xa0\x48\x3d\x0e\xda" + "\xbc\x03\xfe\xb2\x3b\x17\xee\x48\xe8\x44\xba\x24\x08\xd9\xdc" + "\xfd\x01\x39\xd2\xe8\xc7\x31\x01\x25\xae\xe8\x01\xc6\x1a\xb7" + "\x90\x0d\x1e\xfc\x47\xc0\x78\x28\x17\x66\xf3\x61\xc5\xe6\x11" + "\x13\x46\x23\x5e\x1d\xc3\x83\x25\x66\x6c"; + e.inLen = 32; + e.outLen = 250; + + test_sha[0] = a; + test_sha[1] = b; + test_sha[2] = c; + test_sha[3] = d; + test_sha[4] = e; + + ret = wc_InitShake256(&sha, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + for (i = 0; i < times; ++i) { + ret = wc_Shake256_Update(&sha, (byte*)test_sha[i].input, + (word32)test_sha[i].inLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + ret = wc_Shake256_Final(&sha, hash, (word32)test_sha[i].outLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + if (XMEMCMP(hash, test_sha[i].output, test_sha[i].outLen) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + large_input = (byte *)XMALLOC(SHAKE256_LARGE_INPUT_BUFSIZ, NULL, + DYNAMIC_TYPE_TMP_BUFFER); + if (large_input == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit); +#endif + +#ifndef NO_LARGE_HASH_TEST + /* BEGIN LARGE HASH TEST */ { + for (i = 0; i < SHAKE256_LARGE_INPUT_BUFSIZ; i++) { + large_input[i] = (byte)(i & 0xFF); + } + times = 100; + for (i = 0; i < times; ++i) { + ret = wc_Shake256_Update(&sha, (byte*)large_input, + SHAKE256_LARGE_INPUT_BUFSIZ); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + ret = wc_Shake256_Final(&sha, hash, (word32)sizeof(hash)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, large_digest, 114) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } /* END LARGE HASH TEST */ +#endif /* NO_LARGE_HASH_TEST */ + + ret = shake256_absorb_test(&sha, large_input, SHAKE256_LARGE_INPUT_BUFSIZ); +exit: + wc_Shake256_Free(&sha); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(large_input, NULL, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} +#endif + +#ifdef WOLFSSL_SM3 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void) +{ + wc_Sm3 sm3, sm3Copy; + byte hash[WC_SM3_DIGEST_SIZE]; + byte hashGet[WC_SM3_DIGEST_SIZE]; + byte hashCopy[WC_SM3_DIGEST_SIZE]; + wc_test_ret_t ret = 0; + + testVector a, b, c; + testVector test_sm3[3]; + int times = sizeof(test_sm3) / sizeof(struct testVector), i; + + WOLFSSL_ENTER("sm3_test"); + + a.input = ""; + a.output = "\x1a\xb2\x1d\x83\x55\xcf\xa1\x7f\x8e\x61\x19\x48\x31\xe8\x1a" + "\x8f\x22\xbe\xc8\xc7\x28\xfe\xfb\x74\x7e\xd0\x35\xeb\x50\x82" + "\xaa\x2b"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SM3_DIGEST_SIZE; + + b.input = "abc"; + b.output = "\x66\xc7\xf0\xf4\x62\xee\xed\xd9\xd1\xf2\xd4\x6b\xdc\x10\xe4" + "\xe2\x41\x67\xc4\x87\x5c\xf2\xf7\xa2\x29\x7d\xa0\x2b\x8f\x4b" + "\xa8\xe0"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SM3_DIGEST_SIZE; + + c.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + c.output = "\x63\x9b\x6c\xc5\xe6\x4d\x9e\x37\xa3\x90\xb1\x92\xdf\x4f\xa1" + "\xea\x07\x20\xab\x74\x7f\xf6\x92\xb9\xf3\x8c\x4e\x66\xad\x7b" + "\x8c\x05"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SM3_DIGEST_SIZE; + + test_sm3[0] = a; + test_sm3[1] = b; + test_sm3[2] = c; + + ret = wc_InitSm3(&sm3, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_InitSm3(&sm3Copy, HEAP_HINT, devId); + if (ret != 0) { + wc_Sm3Free(&sm3); + return WC_TEST_RET_ENC_EC(ret); + } + + /* Test all the KATs. */ + for (i = 0; i < times; ++i) { + ret = wc_Sm3Update(&sm3, (byte*)test_sm3[i].input, + (word32)test_sm3[i].inLen); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + /* Get the final hash but leave ready for more updates. */ + ret = wc_Sm3GetHash(&sm3, hashGet); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + /* Make a copy of the hash. */ + ret = wc_Sm3Copy(&sm3, &sm3Copy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + /* Get the final hash with original. */ + ret = wc_Sm3Final(&sm3, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + + /* Get the final hash with copy. */ + ret = wc_Sm3Final(&sm3Copy, hashCopy); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + /* Dispose of copy. */ + wc_Sm3Free(&sm3Copy); + + /* Check hashes match expected. */ + if (XMEMCMP(hash, test_sm3[i].output, WC_SM3_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + if (XMEMCMP(hash, hashGet, WC_SM3_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + if (XMEMCMP(hash, hashCopy, WC_SM3_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + +#ifndef NO_LARGE_HASH_TEST + { + word32 sz; + byte large_input[1024]; + #ifdef HASH_SIZE_LIMIT + const char* large_digest = + "\x6c\x42\x57\x64\x8e\x45\xf3\xb6\xc0\x83\xd3\x41\x83\x66\x51\xb4" + "\x50\xfe\x06\xb5\xb7\x1e\xd5\x0d\x41\xfc\x1e\xe5\xc6\x57\x95\x0f"; + + times = 20; + #else + const char* large_digest = + "\x34\x51\x3c\xde\x7c\x30\xb7\xc5\xaa\x97\x3b\xed\xb3\x16\xb9\x76" + "\x35\x46\x14\x80\x2a\x57\xca\xd9\x48\xf9\x93\xcc\x1f\xdd\xab\x79"; + + times = 100; + #endif + + /* Set large input to something. */ + for (i = 0; i < (int)sizeof(large_input); i++) { + large_input[i] = (byte)(i & 0xFF); + } + + /* Hash a large number of times. */ + for (i = 0; i < times; ++i) { + ret = wc_Sm3Update(&sm3, (byte*)large_input, + (word32)sizeof(large_input)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + /* Calculate hash and compare to expected. */ + ret = wc_Sm3Final(&sm3, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + if (XMEMCMP(hash, large_digest, WC_SM3_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + + + /* Check updating with various sizes works. */ + for (sz = 1; sz <= 64; sz++) { + /* Hash a large number of times. */ + for (i = 0; i < times; ++i) { + word32 o; + + /* Update sz bytes at a time from large input buffer. */ + for (o = 0; o + sz <= (word32)sizeof(large_input); o += sz) { + ret = wc_Sm3Update(&sm3, (byte*)(large_input + o), sz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(o), exit); + } + /* Check for left-overs. */ + if (o < (word32)sizeof(large_input)) { + ret = wc_Sm3Update(&sm3, (byte*)(large_input + o), + (word32)sizeof(large_input) - o); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), exit); + } + } + + /* Calculate hash and compare to expected. */ + ret = wc_Sm3Final(&sm3, hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(sz), exit); + if (XMEMCMP(hash, large_digest, WC_SM3_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(sz), exit); + } + } +#endif /* NO_LARGE_HASH_TEST */ + +exit: + + wc_Sm3Free(&sm3); + wc_Sm3Free(&sm3Copy); + + return ret; +} +#endif + +#ifndef NO_HASH_WRAPPER +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_HashAlg *hash = NULL; +#else + wc_HashAlg hash[1]; +#endif + + int ret, exp_ret; + int i, j; + int digestSz; + byte data[] = "0123456789abcdef0123456789abcdef0123456"; + byte out[WC_MAX_DIGEST_SIZE]; + byte hashOut[WC_MAX_DIGEST_SIZE]; +#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) + enum wc_HashType hashType; +#endif + enum wc_HashType typesGood[] = { WC_HASH_TYPE_MD5, WC_HASH_TYPE_SHA, + WC_HASH_TYPE_SHA224, WC_HASH_TYPE_SHA256, + WC_HASH_TYPE_SHA384, WC_HASH_TYPE_SHA512, + WC_HASH_TYPE_SHA3_224, + WC_HASH_TYPE_SHA3_256, + WC_HASH_TYPE_SHA3_384, + WC_HASH_TYPE_SHA3_512 }; + enum wc_HashType typesNoImpl[] = { +#ifdef NO_MD5 + WC_HASH_TYPE_MD5, +#endif +#ifdef NO_SHA + WC_HASH_TYPE_SHA, +#endif +#ifndef WOLFSSL_SHA224 + WC_HASH_TYPE_SHA224, +#endif +#ifdef NO_SHA256 + WC_HASH_TYPE_SHA256, +#endif +#ifndef WOLFSSL_SHA384 + WC_HASH_TYPE_SHA384, +#endif +#ifndef WOLFSSL_SHA512 + WC_HASH_TYPE_SHA512, +#endif +#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_224) + WC_HASH_TYPE_SHA3_224, +#endif +#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_256) + WC_HASH_TYPE_SHA3_256, +#endif +#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_384) + WC_HASH_TYPE_SHA3_384, +#endif +#if !defined(WOLFSSL_SHA3) || defined(WOLFSSL_NOSHA3_512) + WC_HASH_TYPE_SHA3_512, +#endif + WC_HASH_TYPE_NONE + }; + enum wc_HashType typesBad[] = { WC_HASH_TYPE_NONE, WC_HASH_TYPE_MD5_SHA, + WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4 }; + enum wc_HashType typesHashBad[] = { WC_HASH_TYPE_MD2, WC_HASH_TYPE_MD4, + WC_HASH_TYPE_BLAKE2B, + WC_HASH_TYPE_NONE }; + + WOLFSSL_ENTER("hash_test"); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + hash = wc_HashNew(WC_HASH_TYPE_SHA256, HEAP_HINT, devId, &ret); + if (hash == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + else { + PRINT_HEAP_ADDRESS(hash); + } +#else + XMEMSET(hash, 0, sizeof(wc_HashAlg)); +#endif + + /* Parameter Validation testing. */ + ret = wc_HashInit(NULL, WC_HASH_TYPE_SHA256); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_HashUpdate(hash, WC_HASH_TYPE_SHA256, NULL, sizeof(data)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_HashUpdate(NULL, WC_HASH_TYPE_SHA256, data, sizeof(data)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_HashFinal(hash, WC_HASH_TYPE_SHA256, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_HashFinal(NULL, WC_HASH_TYPE_SHA256, out); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + /* Delete the WC_HASH_TYPE_SHA256 type hash for the following tests */ + ret = wc_HashDelete(hash, &hash); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + + /* Try invalid hash algorithms. */ + for (i = 0; i < (int)(sizeof(typesBad)/sizeof(*typesBad)); i++) { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + hash = wc_HashNew(typesBad[i], HEAP_HINT, devId, &ret); +#endif + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + ret = wc_HashInit(hash, typesBad[i]); + + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + ret = wc_HashUpdate(hash, typesBad[i], data, sizeof(data)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + ret = wc_HashFinal(hash, typesBad[i], out); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + ret = wc_HashFree(hash, typesBad[i]); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ret = wc_HashDelete(hash, &hash); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + WOLFSSL_MSG("ERROR: wc_HashDelete failed, expected BAD_FUNC_ARG."); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } +#endif + } + + /* Try valid hash algorithms. */ + for (i = 0; i < (int)(sizeof(typesGood)/sizeof(*typesGood)); i++) { + exp_ret = 0; /* For valid hash, we expect return result to be zero */ + + /* See if the current hash type is one of the known types that are + * not implemented or not compiled in (disabled): */ + for(j = 0; j < (int)(sizeof(typesNoImpl) / sizeof(*typesNoImpl)); j++) { + if (typesGood[i] == typesNoImpl[j]) { + exp_ret = HASH_TYPE_E; + break; /* found one. don't keep looking. + * we won't test hashes not implemented */ + } + } + + /* If the expected return value is HASH_TYPE_E before we've even started + * it must be a hash type not implemented or disabled, so skip it. */ + if (exp_ret == WC_NO_ERR_TRACE(HASH_TYPE_E)) { + continue; /* go fetch the next typesGood[i] */ + } + + /* Good type and implemented: */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + hash = wc_HashNew(typesGood[i], HEAP_HINT, devId, &ret); + if (hash == NULL) { + WOLFSSL_MSG("ERROR: wc_HashNew failed."); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(BAD_FUNC_ARG), out); + } +#endif + ret = wc_HashInit(hash, typesGood[i]); + if (ret != exp_ret) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + ret = wc_HashUpdate(hash, typesGood[i], data, sizeof(data)); + if (ret != exp_ret) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + ret = wc_HashFinal(hash, typesGood[i], out); + if (ret != exp_ret) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + wc_HashFree(hash, typesGood[i]); + + digestSz = wc_HashGetDigestSize(typesGood[i]); + if (exp_ret == 0 && digestSz < 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + if (exp_ret == 0) { + ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, + (word32)digestSz - 1); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + ret = wc_Hash(typesGood[i], data, sizeof(data), hashOut, (word32)digestSz); + if (ret != exp_ret) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + if (exp_ret == 0 && XMEMCMP(out, hashOut, (word32)digestSz) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + ret = wc_HashGetBlockSize(typesGood[i]); + if (exp_ret == 0 && ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + +#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) + ret = wc_HashGetOID(typesGood[i]); + if ( (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) && (exp_ret == 0)) || + (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) ) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + + hashType = wc_OidGetHash(ret); + if (exp_ret == 0 && hashType != typesGood[i]) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); +#endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */ + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ret = wc_HashDelete(hash, &hash); + if (ret < 0) { + WOLFSSL_MSG("ERROR: Failed to delete hash."); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } +#endif + } /* Valid hash functions */ + + + /* non wc_HashAlg hash object tests follow: */ + for (i = 0; i < (int)(sizeof(typesHashBad)/sizeof(*typesHashBad)); i++) { + ret = wc_Hash(typesHashBad[i], data, sizeof(data), out, sizeof(out)); + if ((ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) && + (ret != WC_NO_ERR_TRACE(BUFFER_E)) && + (ret != WC_NO_ERR_TRACE(HASH_TYPE_E))) + { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + } + +#if !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) + ret = wc_HashGetOID(WC_HASH_TYPE_MD2); +#ifdef WOLFSSL_MD2 + if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) || + ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } +#else + if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#ifdef WOLFSSL_OLD_OID_SUM + hashType = wc_OidGetHash(646); /* Md2h */ +#else + hashType = wc_OidGetHash(0x044a8bdd); /* Md2h */ +#endif +#ifdef WOLFSSL_MD2 + if (hashType != WC_HASH_TYPE_MD2) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + if (hashType != WC_HASH_TYPE_NONE) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + ret = wc_HashGetOID(WC_HASH_TYPE_MD5_SHA); +#ifndef NO_MD5 + if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) || + ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } +#else + if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + ret = wc_HashGetOID(WC_HASH_TYPE_MD4); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_HashGetOID(WC_HASH_TYPE_NONE); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + hashType = wc_OidGetHash(0); + if (hashType != WC_HASH_TYPE_NONE) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* !defined(NO_ASN) || !defined(NO_DH) || defined(HAVE_ECC) */ + + ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD2); +#ifdef WOLFSSL_MD2 + if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) || + ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } +#else + if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD2); +#ifdef WOLFSSL_MD2 + if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) || + ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } +#else + if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + + ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD4); +#ifndef NO_MD4 + if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) || + ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } +#else + if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + ret = wc_HashGetDigestSize(WC_HASH_TYPE_MD4); +#ifndef NO_MD4 + if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) || + ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } +#else + if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + ret = wc_HashGetBlockSize(WC_HASH_TYPE_MD5_SHA); +#if !defined(NO_MD5) && !defined(NO_SHA) + if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) || + ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } +#else + if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + + ret = wc_HashGetBlockSize(WC_HASH_TYPE_BLAKE2B); +#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) + if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) || + ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } +#else + if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + ret = wc_HashGetDigestSize(WC_HASH_TYPE_BLAKE2B); +#if defined(HAVE_BLAKE2) || defined(HAVE_BLAKE2S) + if (ret == WC_NO_ERR_TRACE(HASH_TYPE_E) || + ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } +#else + if (ret != WC_NO_ERR_TRACE(HASH_TYPE_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + + ret = wc_HashGetBlockSize(WC_HASH_TYPE_NONE); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_HashGetDigestSize(WC_HASH_TYPE_NONE); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#if !defined(NO_CERTS) && !defined(NO_ASN) +#if defined(WOLFSSL_MD2) && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + ret = wc_GetCTC_HashOID(WC_HASH_TYPE_MD2); + if (ret == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif +#ifndef NO_MD5 + ret = wc_GetCTC_HashOID(WC_MD5); + if (ret == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif +#ifndef NO_SHA + ret = wc_GetCTC_HashOID(WC_SHA); + if (ret == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif +#ifdef WOLFSSL_SHA224 + ret = wc_GetCTC_HashOID(WC_SHA224); + if (ret == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif +#ifndef NO_SHA256 + ret = wc_GetCTC_HashOID(WC_SHA256); + if (ret == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif +#ifdef WOLFSSL_SHA384 + ret = wc_GetCTC_HashOID(WC_SHA384); + if (ret == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif +#ifdef WOLFSSL_SHA512 + ret = wc_GetCTC_HashOID(WC_SHA512); + if (ret == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + ret = wc_GetCTC_HashOID(-1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + + ret = 0; + +out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + (void)wc_HashDelete(hash, &hash); +#endif + + return ret; +} +#endif /* !NO_HASH_WRAPPER */ + +#if !defined(NO_HMAC) && !defined(NO_MD5) && !(defined(HAVE_FIPS) && \ + defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION >= 5)) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void) +{ + Hmac hmac; + byte hash[WC_MD5_DIGEST_SIZE]; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", + "Jefe", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + }; + + testVector a, b, c, d; + testVector test_hmac[4]; + + wc_test_ret_t ret; + int times = sizeof(test_hmac) / sizeof(testVector), i; + WOLFSSL_ENTER("hmac_md5_test"); + + /* Following test vectors are from RFC 2202 section 2 */ + a.input = "Hi There"; + a.output = "\x92\x94\x72\x7a\x36\x38\xbb\x1c\x13\xf4\x8e\xf8\x15\x8b\xfc" + "\x9d"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_MD5_DIGEST_SIZE; + + b.input = "what do ya want for nothing?"; + b.output = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03\xea\xa8\x6e\x31\x0a\x5d\xb7" + "\x38"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_MD5_DIGEST_SIZE; + + c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD"; + c.output = "\x56\xbe\x34\x52\x1d\x14\x4c\x88\xdb\xb8\xc7\x33\xf0\xe8\xb3" + "\xf6"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_MD5_DIGEST_SIZE; + + d.input = "Test Using Larger Than Block-Size Key - Hash Key First"; + d.output = "\x6b\x1a\xb7\xfe\x4b\xd7\xbf\x8f\x0b\x62\xe6\xce\x61\xb9\xd0" + "\xcd"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_MD5_DIGEST_SIZE; + + + test_hmac[0] = a; + test_hmac[1] = b; + test_hmac[2] = c; + test_hmac[3] = d; + + for (i = 0; i < times; ++i) { + #if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) + if (i == 1) { + continue; /* cavium can't handle short keys, fips not allowed */ + } + #endif + + ret = wc_HmacInit(&hmac, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_HmacSetKey(&hmac, WC_MD5, (byte*)keys[i], + (word32)XSTRLEN(keys[i])); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HmacFinal(&hmac, hash); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(hash, test_hmac[i].output, WC_MD5_DIGEST_SIZE) != 0) + return WC_TEST_RET_ENC_I(i); + + wc_HmacFree(&hmac); + } + +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) + if ((ret = wc_HmacSizeByType(WC_MD5)) != WC_MD5_DIGEST_SIZE) + return WC_TEST_RET_ENC_EC(ret); +#endif + + return 0; +} +#endif /* !NO_HMAC && !NO_MD5 && (!HAVE_FIPS || (HAVE_FIPS_VERSION < 5)) */ + +#if !defined(NO_HMAC) && !defined(NO_SHA) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void) +{ + Hmac hmac; + byte hash[WC_SHA_DIGEST_SIZE]; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", + "Jefe", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + }; + + testVector a, b, c, d; + testVector test_hmac[4]; + + wc_test_ret_t ret; + int times = sizeof(test_hmac) / sizeof(testVector), i; + +#if FIPS_VERSION3_GE(6,0,0) + int allowShortKeyWithFips = 1; +#endif + + WOLFSSL_ENTER("hmac_sha_test"); + + /* Following test vectors are from RFC 2202 section 3 */ + a.input = "Hi There"; + a.output = "\xb6\x17\x31\x86\x55\x05\x72\x64\xe2\x8b\xc0\xb6\xfb\x37\x8c" + "\x8e\xf1\x46\xbe\x00"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA_DIGEST_SIZE; + + b.input = "what do ya want for nothing?"; + b.output = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74\x16\xd5\xf1\x84\xdf" + "\x9c\x25\x9a\x7c\x79"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA_DIGEST_SIZE; + + c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD"; + c.output = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3\x9a\xf4\x8a\xa1\x7b" + "\x4f\x63\xf1\x75\xd3"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA_DIGEST_SIZE; + + d.input = "Test Using Larger Than Block-Size Key - Hash Key First"; + d.output = "\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70\x56\x37\xce\x8a\x3b" + "\x55\xed\x40\x21\x12"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA_DIGEST_SIZE; + + test_hmac[0] = a; + test_hmac[1] = b; + test_hmac[2] = c; + test_hmac[3] = d; + + for (i = 0; i < times; ++i) { +#if defined(HAVE_CAVIUM) || (defined(HAVE_FIPS) && FIPS_VERSION3_LT(6,0,0)) + if (i == 1) + continue; /* cavium can't handle short keys, fips not allowed */ +#endif + + if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_HmacSetKey(&hmac, WC_SHA, (byte*)keys[i], + (word32)XSTRLEN(keys[i])); +#if FIPS_VERSION3_GE(6,0,0) + if (i == 1) { + if (ret != WC_NO_ERR_TRACE(HMAC_MIN_KEYLEN_E)) + return WC_TEST_RET_ENC_EC(ret); + /* Now use the ex and allow short keys with FIPS option */ + ret = wc_HmacSetKey_ex(&hmac, WC_SHA, (byte*) keys[i], + (word32)XSTRLEN(keys[i]), allowShortKeyWithFips); + } +#endif + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HmacFinal(&hmac, hash); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(hash, test_hmac[i].output, WC_SHA_DIGEST_SIZE) != 0) + return WC_TEST_RET_ENC_I(i); + + wc_HmacFree(&hmac); + } + +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) + if ((ret = wc_HmacSizeByType(WC_SHA)) != WC_SHA_DIGEST_SIZE) + return WC_TEST_RET_ENC_EC(ret); +#endif + + return 0; +} +#endif + + +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA224) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void) +{ + Hmac hmac; + byte hash[WC_SHA224_DIGEST_SIZE]; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", + "Jefe", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" + }; + + testVector a, b, c, d; + testVector test_hmac[4]; + + wc_test_ret_t ret; + int times = sizeof(test_hmac) / sizeof(testVector), i; + WOLFSSL_ENTER("hmac_sha224_test"); + + /* Following test vectors are from RFC 4231 section 4 */ + a.input = "Hi There"; + a.output = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19\x68\x32\x10\x7c\xd4\x9d\xf3" + "\x3f\x47\xb4\xb1\x16\x99\x12\xba\x4f\x53\x68\x4b\x22"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA224_DIGEST_SIZE; + + b.input = "what do ya want for nothing?"; + b.output = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf\x45\x69\x0f\x3a\x7e\x9e\x6d" + "\x0f\x8b\xbe\xa2\xa3\x9e\x61\x48\x00\x8f\xd0\x5e\x44"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA224_DIGEST_SIZE; + + c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD"; + c.output = "\x7f\xb3\xcb\x35\x88\xc6\xc1\xf6\xff\xa9\x69\x4d\x7d\x6a\xd2" + "\x64\x93\x65\xb0\xc1\xf6\x5d\x69\xd1\xec\x83\x33\xea"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA224_DIGEST_SIZE; + + d.input = "Test Using Larger Than Block-Size Key - Hash Key First"; + d.output = "\x95\xe9\xa0\xdb\x96\x20\x95\xad\xae\xbe\x9b\x2d\x6f\x0d\xbc\xe2\xd4\x99\xf1\x12\xf2\xd2\xb7\x27\x3f\xa6\x87\x0e"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA224_DIGEST_SIZE; + + test_hmac[0] = a; + test_hmac[1] = b; + test_hmac[2] = c; + test_hmac[3] = d; + + for (i = 0; i < times; ++i) { +#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) + if (i == 1) + continue; /* cavium can't handle short keys, fips not allowed */ +#endif + + if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_HmacSetKey(&hmac, WC_SHA224, (byte*)keys[i], + (word32)XSTRLEN(keys[i])); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HmacFinal(&hmac, hash); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(hash, test_hmac[i].output, WC_SHA224_DIGEST_SIZE) != 0) + return WC_TEST_RET_ENC_I(i); + + wc_HmacFree(&hmac); + } + +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) + if ((ret = wc_HmacSizeByType(WC_SHA224)) != WC_SHA224_DIGEST_SIZE) + return WC_TEST_RET_ENC_EC(ret); +#endif + + return 0; +} +#endif + + +#if !defined(NO_HMAC) && !defined(NO_SHA256) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void) +{ + Hmac hmac; + byte hash[WC_SHA256_DIGEST_SIZE]; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", + "Jefe", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" + }; + + testVector a, b, c, d, e; + testVector test_hmac[5]; + + wc_test_ret_t ret; + int times = sizeof(test_hmac) / sizeof(testVector), i; + WOLFSSL_ENTER("hmac_sha256_test"); + + /* Following test vectors are from RFC 4231 section 4 */ + a.input = "Hi There"; + a.output = "\xb0\x34\x4c\x61\xd8\xdb\x38\x53\x5c\xa8\xaf\xce\xaf\x0b\xf1" + "\x2b\x88\x1d\xc2\x00\xc9\x83\x3d\xa7\x26\xe9\x37\x6c\x2e\x32" + "\xcf\xf7"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA256_DIGEST_SIZE; + + b.input = "what do ya want for nothing?"; + b.output = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e\x6a\x04\x24\x26\x08\x95\x75" + "\xc7\x5a\x00\x3f\x08\x9d\x27\x39\x83\x9d\xec\x58\xb9\x64\xec" + "\x38\x43"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA256_DIGEST_SIZE; + + c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD"; + c.output = "\x77\x3e\xa9\x1e\x36\x80\x0e\x46\x85\x4d\xb8\xeb\xd0\x91\x81" + "\xa7\x29\x59\x09\x8b\x3e\xf8\xc1\x22\xd9\x63\x55\x14\xce\xd5" + "\x65\xfe"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA256_DIGEST_SIZE; + + d.input = 0; + d.output = "\x86\xe5\x4f\xd4\x48\x72\x5d\x7e\x5d\xcf\xe2\x23\x53\xc8\x28" + "\xaf\x48\x78\x1e\xb4\x8c\xae\x81\x06\xa7\xe1\xd4\x98\x94\x9f" + "\x3e\x46"; + d.inLen = 0; + d.outLen = WC_SHA256_DIGEST_SIZE; + + e.input = "Test Using Larger Than Block-Size Key - Hash Key First"; + e.output = "\x60\xe4\x31\x59\x1e\xe0\xb6\x7f\x0d\x8a\x26\xaa\xcb\xf5\xb7" + "\x7f\x8e\x0b\xc6\x21\x37\x28\xc5\x14\x05\x46\x04\x0f\x0e\xe3" + "\x7f\x54"; + e.inLen = XSTRLEN(e.input);; + e.outLen = WC_SHA256_DIGEST_SIZE; + + test_hmac[0] = a; + test_hmac[1] = b; + test_hmac[2] = c; + test_hmac[3] = d; + test_hmac[4] = e; + + for (i = 0; i < times; ++i) { +#if defined(HAVE_FIPS) || defined(HAVE_CAVIUM) + if (i == 1) + continue; /* cavium can't handle short keys, fips not allowed */ +#endif +#if defined(HAVE_INTEL_QA) || defined(HAVE_CAVIUM) + if (i == 3) + continue; /* QuickAssist can't handle empty HMAC */ +#endif + + if (wc_HmacInit(&hmac, HEAP_HINT, devId) != 0) + return WC_TEST_RET_ENC_I(i); + + ret = wc_HmacSetKey(&hmac, WC_SHA256, (byte*)keys[i], + (word32)XSTRLEN(keys[i])); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + if (test_hmac[i].input != NULL) { + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + } + ret = wc_HmacFinal(&hmac, hash); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + + if (XMEMCMP(hash, test_hmac[i].output, WC_SHA256_DIGEST_SIZE) != 0) + return WC_TEST_RET_ENC_I(i); + + wc_HmacFree(&hmac); + } + +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) + if ((ret = wc_HmacSizeByType(WC_SHA256)) != WC_SHA256_DIGEST_SIZE) + return WC_TEST_RET_ENC_EC(ret); +#if FIPS_VERSION3_GE(6,0,0) + if ((ret = wc_HmacSizeByType(21)) != WC_NO_ERR_TRACE(HMAC_KAT_FIPS_E)) +#else + if ((ret = wc_HmacSizeByType(21)) != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) +#endif + { + return WC_TEST_RET_ENC_EC(ret); + } +#endif + if ((ret = wolfSSL_GetHmacMaxSize()) != WC_MAX_DIGEST_SIZE) + return WC_TEST_RET_ENC_EC(ret); + + return 0; +} +#endif + + +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA384) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void) +{ + Hmac hmac; + byte hash[WC_SHA384_DIGEST_SIZE]; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", + "Jefe", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" + }; + + testVector a, b, c, d; + testVector test_hmac[4]; + + wc_test_ret_t ret; + int times = sizeof(test_hmac) / sizeof(testVector), i; + WOLFSSL_ENTER("hmac_sha384_test"); + + /* Following test vectors are from RFC 4231 section 4 */ + a.input = "Hi There"; + a.output = "\xaf\xd0\x39\x44\xd8\x48\x95\x62\x6b\x08\x25\xf4\xab\x46\x90" + "\x7f\x15\xf9\xda\xdb\xe4\x10\x1e\xc6\x82\xaa\x03\x4c\x7c\xeb" + "\xc5\x9c\xfa\xea\x9e\xa9\x07\x6e\xde\x7f\x4a\xf1\x52\xe8\xb2" + "\xfa\x9c\xb6"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA384_DIGEST_SIZE; + + b.input = "what do ya want for nothing?"; + b.output = "\xaf\x45\xd2\xe3\x76\x48\x40\x31\x61\x7f\x78\xd2\xb5\x8a\x6b" + "\x1b\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47\xe4\x2e\xc3\x73\x63\x22" + "\x44\x5e\x8e\x22\x40\xca\x5e\x69\xe2\xc7\x8b\x32\x39\xec\xfa" + "\xb2\x16\x49"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA384_DIGEST_SIZE; + + c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD"; + c.output = "\x88\x06\x26\x08\xd3\xe6\xad\x8a\x0a\xa2\xac\xe0\x14\xc8\xa8" + "\x6f\x0a\xa6\x35\xd9\x47\xac\x9f\xeb\xe8\x3e\xf4\xe5\x59\x66" + "\x14\x4b\x2a\x5a\xb3\x9d\xc1\x38\x14\xb9\x4e\x3a\xb6\xe1\x01" + "\xa3\x4f\x27"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA384_DIGEST_SIZE; + + d.input = "Test Using Larger Than Block-Size Key - Hash Key First"; + d.output = "\x4e\xce\x08\x44\x85\x81\x3e\x90\x88\xd2\xc6\x3a\x04\x1b\xc5" + "\xb4\x4f\x9e\xf1\x01\x2a\x2b\x58\x8f\x3c\xd1\x1f\x05\x03\x3a" + "\xc4\xc6\x0c\x2e\xf6\xab\x40\x30\xfe\x82\x96\x24\x8d\xf1\x63" + "\xf4\x49\x52"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA384_DIGEST_SIZE; + + test_hmac[0] = a; + test_hmac[1] = b; + test_hmac[2] = c; + test_hmac[3] = d; + + for (i = 0; i < times; ++i) { +#if defined(HAVE_FIPS) + if (i == 1) + continue; /* fips not allowed */ +#endif + + if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_HmacSetKey(&hmac, WC_SHA384, (byte*)keys[i], + (word32)XSTRLEN(keys[i])); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HmacFinal(&hmac, hash); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(hash, test_hmac[i].output, WC_SHA384_DIGEST_SIZE) != 0) + return WC_TEST_RET_ENC_I(i); + + wc_HmacFree(&hmac); + } + +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) + if ((ret = wc_HmacSizeByType(WC_SHA384)) != WC_SHA384_DIGEST_SIZE) + return WC_TEST_RET_ENC_EC(ret); +#endif + + return 0; +} +#endif + + +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA512) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void) +{ + Hmac hmac; + byte hash[WC_SHA512_DIGEST_SIZE]; + + const char* keys[]= + { + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b", + "Jefe", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA", + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA\xAA" + "\xAA\xAA\xAA" + }; + + testVector a, b, c, d; + testVector test_hmac[4]; + + wc_test_ret_t ret; + int times = sizeof(test_hmac) / sizeof(testVector), i; + WOLFSSL_ENTER("hmac_sha512_test"); + + /* Following test vectors are from RFC 4231 section 4 */ + a.input = "Hi There"; + a.output = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d\x4f\xf0\xb4\x24\x1a\x1d\x6c" + "\xb0\x23\x79\xf4\xe2\xce\x4e\xc2\x78\x7a\xd0\xb3\x05\x45\xe1" + "\x7c\xde\xda\xa8\x33\xb7\xd6\xb8\xa7\x02\x03\x8b\x27\x4e\xae" + "\xa3\xf4\xe4\xbe\x9d\x91\x4e\xeb\x61\xf1\x70\x2e\x69\x6c\x20" + "\x3a\x12\x68\x54"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_SHA512_DIGEST_SIZE; + + b.input = "what do ya want for nothing?"; + b.output = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2\xe3\x95\xfb\xe7\x3b\x56\xe0" + "\xa3\x87\xbd\x64\x22\x2e\x83\x1f\xd6\x10\x27\x0c\xd7\xea\x25" + "\x05\x54\x97\x58\xbf\x75\xc0\x5a\x99\x4a\x6d\x03\x4f\x65\xf8" + "\xf0\xe6\xfd\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b\x63\x6e\x07\x0a" + "\x38\xbc\xe7\x37"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA512_DIGEST_SIZE; + + c.input = "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD\xDD" + "\xDD\xDD\xDD\xDD\xDD\xDD"; + c.output = "\xfa\x73\xb0\x08\x9d\x56\xa2\x84\xef\xb0\xf0\x75\x6c\x89\x0b" + "\xe9\xb1\xb5\xdb\xdd\x8e\xe8\x1a\x36\x55\xf8\x3e\x33\xb2\x27" + "\x9d\x39\xbf\x3e\x84\x82\x79\xa7\x22\xc8\x06\xb4\x85\xa4\x7e" + "\x67\xc8\x07\xb9\x46\xa3\x37\xbe\xe8\x94\x26\x74\x27\x88\x59" + "\xe1\x32\x92\xfb"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_SHA512_DIGEST_SIZE; + + d.input = "Test Using Larger Than Block-Size Key - Hash Key First"; + d.output = "\x80\xb2\x42\x63\xc7\xc1\xa3\xeb\xb7\x14\x93\xc1\xdd\x7b\xe8" + "\xb4\x9b\x46\xd1\xf4\x1b\x4a\xee\xc1\x12\x1b\x01\x37\x83\xf8" + "\xf3\x52\x6b\x56\xd0\x37\xe0\x5f\x25\x98\xbd\x0f\xd2\x21\x5d" + "\x6a\x1e\x52\x95\xe6\x4f\x73\xf6\x3f\x0a\xec\x8b\x91\x5a\x98" + "\x5d\x78\x65\x98"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA512_DIGEST_SIZE; + + test_hmac[0] = a; + test_hmac[1] = b; + test_hmac[2] = c; + test_hmac[3] = d; + + for (i = 0; i < times; ++i) { +#if defined(HAVE_FIPS) + if (i == 1) + continue; /* fips not allowed */ +#endif + + if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_HmacSetKey(&hmac, WC_SHA512, (byte*)keys[i], + (word32)XSTRLEN(keys[i])); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HmacUpdate(&hmac, (byte*)test_hmac[i].input, + (word32)test_hmac[i].inLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HmacFinal(&hmac, hash); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(hash, test_hmac[i].output, WC_SHA512_DIGEST_SIZE) != 0) + return WC_TEST_RET_ENC_I(i); + + wc_HmacFree(&hmac); + } + +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) + if ((ret = wc_HmacSizeByType(WC_SHA512)) != WC_SHA512_DIGEST_SIZE) + return WC_TEST_RET_ENC_EC(ret); +#endif + + return 0; +} +#endif + + +#if !defined(NO_HMAC) && defined(WOLFSSL_SHA3) && \ + !defined(WOLFSSL_NOSHA3_224) && !defined(WOLFSSL_NOSHA3_256) && \ + !defined(WOLFSSL_NOSHA3_384) && !defined(WOLFSSL_NOSHA3_512) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void) +{ + Hmac hmac; + byte hash[WC_SHA3_512_DIGEST_SIZE]; + + const char* key[4] = + { + "Jefe", + + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b" + "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b", + + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa" + "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa", + + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + "\x01\x02\x03\x04\x05\x06\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08" + }; + + const char* input[4] = + { + "what do ya want for nothing?", + + "Hi There", + + "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" + "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" + "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" + "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd" + "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd", + + "Big Key Input" + }; + + const int hashType[4] = + { + WC_SHA3_224, WC_SHA3_256, WC_SHA3_384, WC_SHA3_512 + }; + + const int hashSz[4] = + { + WC_SHA3_224_DIGEST_SIZE, WC_SHA3_256_DIGEST_SIZE, + WC_SHA3_384_DIGEST_SIZE, WC_SHA3_512_DIGEST_SIZE + }; + + const char* output[16] = + { + /* key = jefe, input = what do ya want for nothing? */ + /* HMAC-SHA3-224 */ + "\x7f\xdb\x8d\xd8\x8b\xd2\xf6\x0d\x1b\x79\x86\x34\xad\x38\x68\x11" + "\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b\xba\xce\x5e\x66", + /* HMAC-SHA3-256 */ + "\xc7\xd4\x07\x2e\x78\x88\x77\xae\x35\x96\xbb\xb0\xda\x73\xb8\x87" + "\xc9\x17\x1f\x93\x09\x5b\x29\x4a\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5", + /* HMAC-SHA3-384 */ + "\xf1\x10\x1f\x8c\xbf\x97\x66\xfd\x67\x64\xd2\xed\x61\x90\x3f\x21" + "\xca\x9b\x18\xf5\x7c\xf3\xe1\xa2\x3c\xa1\x35\x08\xa9\x32\x43\xce" + "\x48\xc0\x45\xdc\x00\x7f\x26\xa2\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a", + /* HMAC-SHA3-512 */ + "\x5a\x4b\xfe\xab\x61\x66\x42\x7c\x7a\x36\x47\xb7\x47\x29\x2b\x83" + "\x84\x53\x7c\xdb\x89\xaf\xb3\xbf\x56\x65\xe4\xc5\xe7\x09\x35\x0b" + "\x28\x7b\xae\xc9\x21\xfd\x7c\xa0\xee\x7a\x0c\x31\xd0\x22\xa9\x5e" + "\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83\x96\x02\x75\xbe\xb4\xe6\x20\x24", + + /* key = 0b..., input = Hi There */ + /* HMAC-SHA3-224 */ + "\x3b\x16\x54\x6b\xbc\x7b\xe2\x70\x6a\x03\x1d\xca\xfd\x56\x37\x3d" + "\x98\x84\x36\x76\x41\xd8\xc5\x9a\xf3\xc8\x60\xf7", + /* HMAC-SHA3-256 */ + "\xba\x85\x19\x23\x10\xdf\xfa\x96\xe2\xa3\xa4\x0e\x69\x77\x43\x51" + "\x14\x0b\xb7\x18\x5e\x12\x02\xcd\xcc\x91\x75\x89\xf9\x5e\x16\xbb", + /* HMAC-SHA3-384 */ + "\x68\xd2\xdc\xf7\xfd\x4d\xdd\x0a\x22\x40\xc8\xa4\x37\x30\x5f\x61" + "\xfb\x73\x34\xcf\xb5\xd0\x22\x6e\x1b\xc2\x7d\xc1\x0a\x2e\x72\x3a" + "\x20\xd3\x70\xb4\x77\x43\x13\x0e\x26\xac\x7e\x3d\x53\x28\x86\xbd", + /* HMAC-SHA3-512 */ + "\xeb\x3f\xbd\x4b\x2e\xaa\xb8\xf5\xc5\x04\xbd\x3a\x41\x46\x5a\xac" + "\xec\x15\x77\x0a\x7c\xab\xac\x53\x1e\x48\x2f\x86\x0b\x5e\xc7\xba" + "\x47\xcc\xb2\xc6\xf2\xaf\xce\x8f\x88\xd2\x2b\x6d\xc6\x13\x80\xf2" + "\x3a\x66\x8f\xd3\x88\x8b\xb8\x05\x37\xc0\xa0\xb8\x64\x07\x68\x9e", + + /* key = aa..., output = dd... */ + /* HMAC-SHA3-224 */ + "\x67\x6c\xfc\x7d\x16\x15\x36\x38\x78\x03\x90\x69\x2b\xe1\x42\xd2" + "\xdf\x7c\xe9\x24\xb9\x09\xc0\xc0\x8d\xbf\xdc\x1a", + /* HMAC-SHA3-256 */ + "\x84\xec\x79\x12\x4a\x27\x10\x78\x65\xce\xdd\x8b\xd8\x2d\xa9\x96" + "\x5e\x5e\xd8\xc3\x7b\x0a\xc9\x80\x05\xa7\xf3\x9e\xd5\x8a\x42\x07", + /* HMAC-SHA3-384 */ + "\x27\x5c\xd0\xe6\x61\xbb\x8b\x15\x1c\x64\xd2\x88\xf1\xf7\x82\xfb" + "\x91\xa8\xab\xd5\x68\x58\xd7\x2b\xab\xb2\xd4\x76\xf0\x45\x83\x73" + "\xb4\x1b\x6a\xb5\xbf\x17\x4b\xec\x42\x2e\x53\xfc\x31\x35\xac\x6e", + /* HMAC-SHA3-512 */ + "\x30\x9e\x99\xf9\xec\x07\x5e\xc6\xc6\xd4\x75\xed\xa1\x18\x06\x87" + "\xfc\xf1\x53\x11\x95\x80\x2a\x99\xb5\x67\x74\x49\xa8\x62\x51\x82" + "\x85\x1c\xb3\x32\xaf\xb6\xa8\x9c\x41\x13\x25\xfb\xcb\xcd\x42\xaf" + "\xcb\x7b\x6e\x5a\xab\x7e\xa4\x2c\x66\x0f\x97\xfd\x85\x84\xbf\x03", + + /* key = big key, input = Big Key Input */ + /* HMAC-SHA3-224 */ + "\x29\xe0\x5e\x46\xc4\xa4\x5e\x46\x74\xbf\xd7\x2d\x1a\xd8\x66\xdb" + "\x2d\x0d\x10\x4e\x2b\xfa\xad\x53\x7d\x15\x69\x8b", + /* HMAC-SHA3-256 */ + "\xb5\x5b\x8d\x64\xb6\x9c\x21\xd0\xbf\x20\x5c\xa2\xf7\xb9\xb1\x4e" + "\x88\x21\x61\x2c\x66\xc3\x91\xae\x6c\x95\x16\x85\x83\xe6\xf4\x9b", + /* HMAC-SHA3-384 */ + "\xaa\x91\xb3\xa6\x2f\x56\xa1\xbe\x8c\x3e\x74\x38\xdb\x58\xd9\xd3" + "\x34\xde\xa0\x60\x6d\x8d\x46\xe0\xec\xa9\xf6\x06\x35\x14\xe6\xed" + "\x83\xe6\x7c\x77\x24\x6c\x11\xb5\x90\x82\xb5\x75\xda\x7b\x83\x2d", + /* HMAC-SHA3-512 */ + "\x1c\xc3\xa9\x24\x4a\x4a\x3f\xbd\xc7\x20\x00\x16\x9b\x79\x47\x03" + "\x78\x75\x2c\xb5\xf1\x2e\x62\x7c\xbe\xef\x4e\x8f\x0b\x11\x2b\x32" + "\xa0\xee\xc9\xd0\x4d\x64\x64\x0b\x37\xf4\xdd\x66\xf7\x8b\xb3\xad" + "\x52\x52\x6b\x65\x12\xde\x0d\x7c\xc0\x8b\x60\x01\x6c\x37\xd7\xa8" + + }; + + int i = 0, iMax = sizeof(input) / sizeof(input[0]), + j, jMax = sizeof(hashType) / sizeof(hashType[0]); + int ret; + WOLFSSL_ENTER("hmac_sha3_test"); + +#ifdef HAVE_FIPS + /* FIPS requires a minimum length for HMAC keys, and "Jefe" is too + * short. Skip it in FIPS builds. */ + i = 1; +#endif + for (; i < iMax; i++) { + for (j = 0; j < jMax; j++) { + if ((ret = wc_HmacInit(&hmac, HEAP_HINT, devId)) != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_HmacSetKey(&hmac, hashType[j], (byte*)key[i], + (word32)XSTRLEN(key[i])); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HmacUpdate(&hmac, (byte*)input[i], + (word32)XSTRLEN(input[i])); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HmacFinal(&hmac, hash); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(hash, output[(i*jMax) + j], (size_t)hashSz[j]) != 0) + return WC_TEST_RET_ENC_NC; + + wc_HmacFree(&hmac); + + if (i > 0) + continue; + + #if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) + ret = wc_HmacSizeByType(hashType[j]); + if (ret != hashSz[j]) + return WC_TEST_RET_ENC_EC(ret); + #endif + } + } + + return 0; +} +#endif + + +#ifdef WC_RC2 +typedef struct rc2TestVector { + const char* input; + const char* output; + const char* key; /* Key, variable up to 128 bytes */ + const char* iv; /* IV, 8-bytes */ + int inLen; + int outLen; + int keyLen; + int effectiveKeyBits; /* Up to 1024 bits supported */ +} rc2TestVector; + +static wc_test_ret_t rc2_ecb_test(void) +{ + wc_test_ret_t ret = 0; + byte cipher[RC2_BLOCK_SIZE]; + byte plain[RC2_BLOCK_SIZE]; + + rc2TestVector a, b, c, d, e, f, g, h; + rc2TestVector test_rc2[8]; + + int times = sizeof(test_rc2) / sizeof(rc2TestVector), i; + + a.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; + a.output = "\xeb\xb7\x73\xf9\x93\x27\x8e\xff"; + a.key = "\x00\x00\x00\x00\x00\x00\x00\x00"; + a.inLen = RC2_BLOCK_SIZE; + a.outLen = RC2_BLOCK_SIZE; + a.keyLen = 8; + a.effectiveKeyBits = 63; + + b.input = "\xff\xff\xff\xff\xff\xff\xff\xff"; + b.output = "\x27\x8b\x27\xe4\x2e\x2f\x0d\x49"; + b.key = "\xff\xff\xff\xff\xff\xff\xff\xff"; + b.inLen = RC2_BLOCK_SIZE; + b.outLen = RC2_BLOCK_SIZE; + b.keyLen = 8; + b.effectiveKeyBits = 64; + + c.input = "\x10\x00\x00\x00\x00\x00\x00\x01"; + c.output = "\x30\x64\x9e\xdf\x9b\xe7\xd2\xc2"; + c.key = "\x30\x00\x00\x00\x00\x00\x00\x00"; + c.inLen = RC2_BLOCK_SIZE; + c.outLen = RC2_BLOCK_SIZE; + c.keyLen = 8; + c.effectiveKeyBits = 64; + + d.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; + d.output = "\x61\xa8\xa2\x44\xad\xac\xcc\xf0"; + d.key = "\x88"; + d.inLen = RC2_BLOCK_SIZE; + d.outLen = RC2_BLOCK_SIZE; + d.keyLen = 1; + d.effectiveKeyBits = 64; + + e.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; + e.output = "\x6c\xcf\x43\x08\x97\x4c\x26\x7f"; + e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a"; + e.inLen = RC2_BLOCK_SIZE; + e.outLen = RC2_BLOCK_SIZE; + e.keyLen = 7; + e.effectiveKeyBits = 64; + + f.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; + f.output = "\x1a\x80\x7d\x27\x2b\xbe\x5d\xb1"; + f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f" + "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"; + f.inLen = RC2_BLOCK_SIZE; + f.outLen = RC2_BLOCK_SIZE; + f.keyLen = 16; + f.effectiveKeyBits = 64; + + g.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; + g.output = "\x22\x69\x55\x2a\xb0\xf8\x5c\xa6"; + g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f" + "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"; + g.inLen = RC2_BLOCK_SIZE; + g.outLen = RC2_BLOCK_SIZE; + g.keyLen = 16; + g.effectiveKeyBits = 128; + + h.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; + h.output = "\x5b\x78\xd3\xa4\x3d\xff\xf1\xf1"; + h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f" + "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2" + "\x16\xf8\x0a\x6f\x85\x92\x05\x84" + "\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf" + "\x1e"; + h.inLen = RC2_BLOCK_SIZE; + h.outLen = RC2_BLOCK_SIZE; + h.keyLen = 33; + h.effectiveKeyBits = 129; + + a.iv = b.iv = c.iv = d.iv = e.iv = f.iv = g.iv = h.iv = NULL; + + test_rc2[0] = a; + test_rc2[1] = b; + test_rc2[2] = c; + test_rc2[3] = d; + test_rc2[4] = e; + test_rc2[5] = f; + test_rc2[6] = g; + test_rc2[7] = h; + + for (i = 0; i < times; ++i) { + Rc2 enc; + + XMEMSET(cipher, 0, RC2_BLOCK_SIZE); + XMEMSET(plain, 0, RC2_BLOCK_SIZE); + + ret = wc_Rc2SetKey(&enc, (byte*)test_rc2[i].key, test_rc2[i].keyLen, + NULL, test_rc2[i].effectiveKeyBits); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + + /* ECB encrypt */ + ret = wc_Rc2EcbEncrypt(&enc, cipher, (byte*)test_rc2[i].input, + (word32)test_rc2[i].outLen); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + + if (XMEMCMP(cipher, test_rc2[i].output, test_rc2[i].outLen)) { + return WC_TEST_RET_ENC_NC; + } + + /* ECB decrypt */ + ret = wc_Rc2EcbDecrypt(&enc, plain, cipher, RC2_BLOCK_SIZE); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + + if (XMEMCMP(plain, test_rc2[i].input, RC2_BLOCK_SIZE)) { + return WC_TEST_RET_ENC_NC; + } + } + + return 0; +} + +static wc_test_ret_t rc2_cbc_test(void) +{ + wc_test_ret_t ret = 0; + byte cipher[128]; + byte plain[128]; + + rc2TestVector a, b, c, d, e, f, g, h, i; + rc2TestVector test_rc2[9]; + + int times = sizeof(test_rc2) / sizeof(rc2TestVector), j; + + /* key length = 7, effective key bits = 63 */ + a.input = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00"; + a.output = "\xEB\xB7\x73\xF9\x93\x27\x8E\xFF" + "\xF0\x51\x77\x8B\x65\xDB\x13\x57"; + a.key = "\x00\x00\x00\x00\x00\x00\x00\x00"; + a.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"; + a.inLen = RC2_BLOCK_SIZE*2; + a.outLen = RC2_BLOCK_SIZE*2; + a.keyLen = 8; + a.effectiveKeyBits = 63; + + /* key length = 8, effective key bits = 64, all 0xFF */ + b.input = "\xff\xff\xff\xff\xff\xff\xff\xff" + "\xff\xff\xff\xff\xff\xff\xff\xff"; + b.output = "\xA3\xA1\x12\x65\x4F\x81\xC5\xCD" + "\xB6\x94\x3E\xEA\x3E\x8B\x9D\x1F"; + b.key = "\xff\xff\xff\xff\xff\xff\xff\xff"; + b.iv = "\xff\xff\xff\xff\xff\xff\xff\xff"; + b.inLen = RC2_BLOCK_SIZE*2; + b.outLen = RC2_BLOCK_SIZE*2; + b.keyLen = 8; + b.effectiveKeyBits = 64; + + /* key length = 8, effective key bits = 64 */ + c.input = "\x10\x00\x00\x00\x00\x00\x00\x01" + "\x10\x00\x00\x00\x00\x00\x00\x01"; + c.output = "\xB5\x70\x14\xA2\x5F\x40\xE3\x6D" + "\x81\x99\x8D\xE0\xB5\xD5\x3A\x05"; + c.key = "\x30\x00\x00\x00\x00\x00\x00\x00"; + c.iv = "\x30\x00\x00\x00\x00\x00\x00\x00"; + c.inLen = RC2_BLOCK_SIZE*2; + c.outLen = RC2_BLOCK_SIZE*2; + c.keyLen = 8; + c.effectiveKeyBits = 64; + + /* key length = 1, effective key bits = 64 */ + d.input = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00"; + d.output = "\x61\xA8\xA2\x44\xAD\xAC\xCC\xF0" + "\x6D\x19\xE8\xF1\xFC\xE7\x38\x87"; + d.key = "\x88"; + d.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"; + d.inLen = RC2_BLOCK_SIZE*2; + d.outLen = RC2_BLOCK_SIZE*2; + d.keyLen = 1; + d.effectiveKeyBits = 64; + + /* key length = 7, effective key bits = 64 */ + e.input = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00"; + e.output = "\x6C\xCF\x43\x08\x97\x4C\x26\x7F" + "\xCC\x3C\x53\x57\x7C\xA1\xA4\x4B"; + e.key = "\x88\xbc\xa9\x0e\x90\x87\x5a"; + e.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"; + e.inLen = RC2_BLOCK_SIZE*2; + e.outLen = RC2_BLOCK_SIZE*2; + e.keyLen = 7; + e.effectiveKeyBits = 64; + + /* key length = 16, effective key bits = 64 */ + f.input = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00"; + f.output = "\x1A\x80\x7D\x27\x2B\xBE\x5D\xB1" + "\x64\xEF\xE1\xC3\xB8\xAD\xFB\xBA"; + f.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f" + "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"; + f.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"; + f.inLen = RC2_BLOCK_SIZE*2; + f.outLen = RC2_BLOCK_SIZE*2; + f.keyLen = 16; + f.effectiveKeyBits = 64; + + /* key length = 16, effective bits = 128 */ + g.input = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00"; + g.output = "\x22\x69\x55\x2A\xB0\xF8\x5C\xA6" + "\x53\x6E\xFD\x2D\x89\xE1\x2A\x73"; + g.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f" + "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2"; + g.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"; + g.inLen = RC2_BLOCK_SIZE*2; + g.outLen = RC2_BLOCK_SIZE*2; + g.keyLen = 16; + g.effectiveKeyBits = 128; + + /* key length = 33, effective bits = 129 */ + h.input = "\x00\x00\x00\x00\x00\x00\x00\x00" + "\x00\x00\x00\x00\x00\x00\x00\x00"; + h.output = "\x5B\x78\xD3\xA4\x3D\xFF\xF1\xF1" + "\x45\x30\xA8\xD5\xC7\x7C\x46\x19"; + h.key = "\x88\xbc\xa9\x0e\x90\x87\x5a\x7f" + "\x0f\x79\xc3\x84\x62\x7b\xaf\xb2" + "\x16\xf8\x0a\x6f\x85\x92\x05\x84" + "\xc4\x2f\xce\xb0\xbe\x25\x5d\xaf" + "\x1e"; + h.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"; + h.inLen = RC2_BLOCK_SIZE*2; + h.outLen = RC2_BLOCK_SIZE*2; + h.keyLen = 33; + h.effectiveKeyBits = 129; + + /* key length = 10, effective bits = 40 */ + i.input = "\x11\x22\x33\x44\x55\x66\x77\x88" + "\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00" + "\x11\x22\x33\x44\x55\x66\x77\x88" + "\x99\xAA\xBB\xCC\xDD\xEE\xFF\x00"; + i.output = "\x71\x2D\x11\x99\xC9\xA0\x78\x4F" + "\xCD\xF1\x1E\x3D\xFD\x21\x7E\xDB" + "\xB2\x6E\x0D\xA4\x72\xBC\x31\x51" + "\x48\xEF\x4E\x68\x3B\xDC\xCD\x7D"; + i.key = "\x26\x1E\x57\x8E\xC9\x62\xBF\xB8" + "\x3E\x96"; + i.iv = "\x01\x02\x03\x04\x05\x06\x07\x08"; + i.inLen = RC2_BLOCK_SIZE*4; + i.outLen = RC2_BLOCK_SIZE*4; + i.keyLen = 10; + i.effectiveKeyBits = 40; + + test_rc2[0] = a; + test_rc2[1] = b; + test_rc2[2] = c; + test_rc2[3] = d; + test_rc2[4] = e; + test_rc2[5] = f; + test_rc2[6] = g; + test_rc2[7] = h; + test_rc2[8] = i; + + for (j = 0; j < times; ++j) { + Rc2 rc2; + + XMEMSET(cipher, 0, sizeof(cipher)); + XMEMSET(plain, 0, sizeof(plain)); + + ret = wc_Rc2SetKey(&rc2, (byte*)test_rc2[j].key, test_rc2[j].keyLen, + (byte*)test_rc2[j].iv, test_rc2[j].effectiveKeyBits); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + + ret = wc_Rc2CbcEncrypt(&rc2, cipher, (byte*)test_rc2[j].input, + test_rc2[j].inLen); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + + if (XMEMCMP(cipher, (byte*)test_rc2[j].output, test_rc2[j].outLen)) { + return WC_TEST_RET_ENC_NC; + } + + /* reset IV for decrypt, since overridden by encrypt operation */ + ret = wc_Rc2SetIV(&rc2, (byte*)test_rc2[j].iv); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + + ret = wc_Rc2CbcDecrypt(&rc2, plain, cipher, test_rc2[j].outLen); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + + if (XMEMCMP(plain, (byte*)test_rc2[j].input, test_rc2[j].inLen)) { + return WC_TEST_RET_ENC_NC; + } + } + + return 0; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rc2_test(void) +{ + wc_test_ret_t ret = 0; + WOLFSSL_ENTER("rc2_test"); + + ret = rc2_ecb_test(); + if (ret != 0) { + return ret; + } + + return rc2_cbc_test(); +} +#endif + + +#ifndef NO_RC4 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void) +{ + byte cipher[16]; + byte plain[16]; + wc_test_ret_t ret; + + const char* keys[] = + { + "\x01\x23\x45\x67\x89\xab\xcd\xef", + "\x01\x23\x45\x67\x89\xab\xcd\xef", + "\x00\x00\x00\x00\x00\x00\x00\x00", + "\xef\x01\x23\x45" + }; + + testVector a, b, c, d; + testVector test_arc4[4]; + + int times = sizeof(test_arc4) / sizeof(testVector), i; + WOLFSSL_ENTER("arc4_test"); + + a.input = "\x01\x23\x45\x67\x89\xab\xcd\xef"; + a.output = "\x75\xb7\x87\x80\x99\xe0\xc5\x96"; + a.inLen = 8; + a.outLen = 8; + + b.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; + b.output = "\x74\x94\xc2\xe7\x10\x4b\x08\x79"; + b.inLen = 8; + b.outLen = 8; + + c.input = "\x00\x00\x00\x00\x00\x00\x00\x00"; + c.output = "\xde\x18\x89\x41\xa3\x37\x5d\x3a"; + c.inLen = 8; + c.outLen = 8; + + d.input = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; + d.output = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf\xbd\x61"; + d.inLen = 10; + d.outLen = 10; + + test_arc4[0] = a; + test_arc4[1] = b; + test_arc4[2] = c; + test_arc4[3] = d; + + for (i = 0; i < times; ++i) { + Arc4 enc; + Arc4 dec; + int keylen = 8; /* XSTRLEN with key 0x00 not good */ + if (i == 3) + keylen = 4; + + ret = wc_Arc4Init(&enc, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Arc4Init(&dec, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Arc4SetKey(&enc, (byte*)keys[i], (word32)keylen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Arc4SetKey(&dec, (byte*)keys[i], (word32)keylen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Arc4Process(&enc, cipher, (byte*)test_arc4[i].input, + (word32)test_arc4[i].outLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Arc4Process(&dec, plain, cipher, (word32)test_arc4[i].outLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(plain, test_arc4[i].input, test_arc4[i].outLen)) + return WC_TEST_RET_ENC_I(i); + + if (XMEMCMP(cipher, test_arc4[i].output, test_arc4[i].outLen)) + return WC_TEST_RET_ENC_I(i); + + wc_Arc4Free(&enc); + wc_Arc4Free(&dec); + } + + return 0; +} +#endif + +#ifdef HAVE_CHACHA +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void) +{ + ChaCha enc; + ChaCha dec; + byte cipher[128]; + byte plain[128]; + byte sliver[64]; + byte input[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + word32 keySz = 32; + wc_test_ret_t ret = 0; + int i; + int times = 4; + + WOLFSSL_SMALL_STACK_STATIC const byte key1[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key2[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key3[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + /* 128 bit key */ + WOLFSSL_SMALL_STACK_STATIC const byte key4[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ivs1[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + WOLFSSL_SMALL_STACK_STATIC const byte ivs2[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + WOLFSSL_SMALL_STACK_STATIC const byte ivs3[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x00}; + WOLFSSL_SMALL_STACK_STATIC const byte ivs4[] = {0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + +#ifndef BENCH_EMBEDDED + WOLFSSL_SMALL_STACK_STATIC const byte cipher_big_result[] = { + 0x06, 0xa6, 0x5d, 0x31, 0x21, 0x6c, 0xdb, 0x37, 0x48, 0x7c, 0x01, 0x9d, + 0x72, 0xdf, 0x0a, 0x5b, 0x64, 0x74, 0x20, 0xba, 0x9e, 0xe0, 0x26, 0x7a, + 0xbf, 0xdf, 0x83, 0x34, 0x3b, 0x4f, 0x94, 0x3f, 0x37, 0x89, 0xaf, 0x00, + 0xdf, 0x0f, 0x2e, 0x75, 0x16, 0x41, 0xf6, 0x7a, 0x86, 0x94, 0x9d, 0x32, + 0x56, 0xf0, 0x79, 0x71, 0x68, 0x6f, 0xa6, 0x6b, 0xc6, 0x59, 0x49, 0xf6, + 0x10, 0x34, 0x03, 0x03, 0x16, 0x53, 0x9a, 0x98, 0x2a, 0x46, 0xde, 0x17, + 0x06, 0x65, 0x70, 0xca, 0x0a, 0x1f, 0xab, 0x80, 0x26, 0x96, 0x3f, 0x3e, + 0x7a, 0x3c, 0xa8, 0x87, 0xbb, 0x65, 0xdd, 0x5e, 0x07, 0x7b, 0x34, 0xe0, + 0x56, 0xda, 0x32, 0x13, 0x30, 0xc9, 0x0c, 0xd7, 0xba, 0xe4, 0x1f, 0xa6, + 0x91, 0x4f, 0x72, 0x9f, 0xd9, 0x5c, 0x62, 0x7d, 0xa6, 0xc2, 0xbc, 0x87, + 0xae, 0x64, 0x11, 0x94, 0x3b, 0xbc, 0x6c, 0x23, 0xbd, 0x7d, 0x00, 0xb4, + 0x99, 0xf2, 0x68, 0xb5, 0x59, 0x70, 0x93, 0xad, 0x69, 0xd0, 0xb1, 0x28, + 0x70, 0x92, 0xeb, 0xec, 0x39, 0x80, 0x82, 0xde, 0x44, 0xe2, 0x8a, 0x26, + 0xb3, 0xe9, 0x45, 0xcf, 0x83, 0x76, 0x9f, 0x6a, 0xa0, 0x46, 0x4a, 0x3d, + 0x26, 0x56, 0xaf, 0x49, 0x41, 0x26, 0x1b, 0x6a, 0x41, 0x37, 0x65, 0x91, + 0x72, 0xc4, 0xe7, 0x3c, 0x17, 0x31, 0xae, 0x2e, 0x2b, 0x31, 0x45, 0xe4, + 0x93, 0xd3, 0x10, 0xaa, 0xc5, 0x62, 0xd5, 0x11, 0x4b, 0x57, 0x1d, 0xad, + 0x48, 0x06, 0xd0, 0x0d, 0x98, 0xa5, 0xc6, 0x5b, 0xd0, 0x9e, 0x22, 0xc0, + 0x00, 0x32, 0x5a, 0xf5, 0x1c, 0x89, 0x6d, 0x54, 0x97, 0x55, 0x6b, 0x46, + 0xc5, 0xc7, 0xc4, 0x48, 0x9c, 0xbf, 0x47, 0xdc, 0x03, 0xc4, 0x1b, 0xcb, + 0x65, 0xa6, 0x91, 0x9d, 0x6d, 0xf1, 0xb0, 0x7a, 0x4d, 0x3b, 0x03, 0x95, + 0xf4, 0x8b, 0x0b, 0xae, 0x39, 0xff, 0x3f, 0xf6, 0xc0, 0x14, 0x18, 0x8a, + 0xe5, 0x19, 0xbd, 0xc1, 0xb4, 0x05, 0x4e, 0x29, 0x2f, 0x0b, 0x33, 0x76, + 0x28, 0x16, 0xa4, 0xa6, 0x93, 0x04, 0xb5, 0x55, 0x6b, 0x89, 0x3d, 0xa5, + 0x0f, 0xd3, 0xad, 0xfa, 0xd9, 0xfd, 0x05, 0x5d, 0x48, 0x94, 0x25, 0x5a, + 0x2c, 0x9a, 0x94, 0x80, 0xb0, 0xe7, 0xcb, 0x4d, 0x77, 0xbf, 0xca, 0xd8, + 0x55, 0x48, 0xbd, 0x66, 0xb1, 0x85, 0x81, 0xb1, 0x37, 0x79, 0xab, 0x52, + 0x08, 0x14, 0x12, 0xac, 0xcd, 0x45, 0x4d, 0x53, 0x6b, 0xca, 0x96, 0xc7, + 0x3b, 0x2f, 0x73, 0xb1, 0x5a, 0x23, 0xbd, 0x65, 0xd5, 0xea, 0x17, 0xb3, + 0xdc, 0xa1, 0x17, 0x1b, 0x2d, 0xb3, 0x9c, 0xd0, 0xdb, 0x41, 0x77, 0xef, + 0x93, 0x20, 0x52, 0x3e, 0x9d, 0xf5, 0xbf, 0x33, 0xf7, 0x52, 0xc1, 0x90, + 0xa0, 0x15, 0x17, 0xce, 0xf7, 0xf7, 0xd0, 0x3a, 0x3b, 0xd1, 0x72, 0x56, + 0x31, 0x81, 0xae, 0x60, 0xab, 0x40, 0xc1, 0xd1, 0x28, 0x77, 0x53, 0xac, + 0x9f, 0x11, 0x0a, 0x88, 0x36, 0x4b, 0xda, 0x57, 0xa7, 0x28, 0x5c, 0x85, + 0xd3, 0x85, 0x9b, 0x79, 0xad, 0x05, 0x1c, 0x37, 0x14, 0x5e, 0x0d, 0xd0, + 0x23, 0x03, 0x42, 0x1d, 0x48, 0x5d, 0xc5, 0x3c, 0x5a, 0x08, 0xa9, 0x0d, + 0x6e, 0x82, 0x7c, 0x2e, 0x3c, 0x41, 0xcc, 0x96, 0x8e, 0xad, 0xee, 0x2a, + 0x61, 0x0b, 0x16, 0x0f, 0xa9, 0x24, 0x40, 0x85, 0xbc, 0x9f, 0x28, 0x8d, + 0xe6, 0x68, 0x4d, 0x8f, 0x30, 0x48, 0xd9, 0x73, 0x73, 0x6c, 0x9a, 0x7f, + 0x67, 0xf7, 0xde, 0x4c, 0x0a, 0x8b, 0xe4, 0xb3, 0x08, 0x2a, 0x52, 0xda, + 0x54, 0xee, 0xcd, 0xb5, 0x62, 0x4a, 0x26, 0x20, 0xfb, 0x40, 0xbb, 0x39, + 0x3a, 0x0f, 0x09, 0xe8, 0x00, 0xd1, 0x24, 0x97, 0x60, 0xe9, 0x83, 0x83, + 0xfe, 0x9f, 0x9c, 0x15, 0xcf, 0x69, 0x03, 0x9f, 0x03, 0xe1, 0xe8, 0x6e, + 0xbd, 0x87, 0x58, 0x68, 0xee, 0xec, 0xd8, 0x29, 0x46, 0x23, 0x49, 0x92, + 0x72, 0x95, 0x5b, 0x49, 0xca, 0xe0, 0x45, 0x59, 0xb2, 0xca, 0xf4, 0xfc, + 0xb7, 0x59, 0x37, 0x49, 0x28, 0xbc, 0xf3, 0xd7, 0x61, 0xbc, 0x4b, 0xf3, + 0xa9, 0x4b, 0x2f, 0x05, 0xa8, 0x01, 0xa5, 0xdc, 0x00, 0x6e, 0x01, 0xb6, + 0x45, 0x3c, 0xd5, 0x49, 0x7d, 0x5c, 0x25, 0xe8, 0x31, 0x87, 0xb2, 0xb9, + 0xbf, 0xb3, 0x01, 0x62, 0x0c, 0xd0, 0x48, 0x77, 0xa2, 0x34, 0x0f, 0x16, + 0x22, 0x28, 0xee, 0x54, 0x08, 0x93, 0x3b, 0xe4, 0xde, 0x7e, 0x63, 0xf7, + 0x97, 0x16, 0x5d, 0x71, 0x58, 0xc2, 0x2e, 0xf2, 0x36, 0xa6, 0x12, 0x65, + 0x94, 0x17, 0xac, 0x66, 0x23, 0x7e, 0xc6, 0x72, 0x79, 0x24, 0xce, 0x8f, + 0x55, 0x19, 0x97, 0x44, 0xfc, 0x55, 0xec, 0x85, 0x26, 0x27, 0xdb, 0x38, + 0xb1, 0x42, 0x0a, 0xdd, 0x05, 0x99, 0x28, 0xeb, 0x03, 0x6c, 0x9a, 0xe9, + 0x17, 0xf6, 0x2c, 0xb0, 0xfe, 0xe7, 0xa4, 0xa7, 0x31, 0xda, 0x4d, 0xb0, + 0x29, 0xdb, 0xdd, 0x8d, 0x12, 0x13, 0x9c, 0xb4, 0xcc, 0x83, 0x97, 0xfb, + 0x1a, 0xdc, 0x08, 0xd6, 0x30, 0x62, 0xe8, 0xeb, 0x8b, 0x61, 0xcb, 0x1d, + 0x06, 0xe3, 0xa5, 0x4d, 0x35, 0xdb, 0x59, 0xa8, 0x2d, 0x87, 0x27, 0x44, + 0x6f, 0xc0, 0x38, 0x97, 0xe4, 0x85, 0x00, 0x02, 0x09, 0xf6, 0x69, 0x3a, + 0xcf, 0x08, 0x1b, 0x21, 0xbb, 0x79, 0xb1, 0xa1, 0x34, 0x09, 0xe0, 0x80, + 0xca, 0xb0, 0x78, 0x8a, 0x11, 0x97, 0xd4, 0x07, 0xbe, 0x1b, 0x6a, 0x5d, + 0xdb, 0xd6, 0x1f, 0x76, 0x6b, 0x16, 0xf0, 0x58, 0x84, 0x5f, 0x59, 0xce, + 0x62, 0x34, 0xc3, 0xdf, 0x94, 0xb8, 0x2f, 0x84, 0x68, 0xf0, 0xb8, 0x51, + 0xd9, 0x6d, 0x8e, 0x4a, 0x1d, 0xe6, 0x5c, 0xd8, 0x86, 0x25, 0xe3, 0x24, + 0xfd, 0x21, 0x61, 0x13, 0x48, 0x3e, 0xf6, 0x7d, 0xa6, 0x71, 0x9b, 0xd2, + 0x6e, 0xe6, 0xd2, 0x08, 0x94, 0x62, 0x6c, 0x98, 0xfe, 0x2f, 0x9c, 0x88, + 0x7e, 0x78, 0x15, 0x02, 0x00, 0xf0, 0xba, 0x24, 0x91, 0xf2, 0xdc, 0x47, + 0x51, 0x4d, 0x15, 0x5e, 0x91, 0x5f, 0x57, 0x5b, 0x1d, 0x35, 0x24, 0x45, + 0x75, 0x9b, 0x88, 0x75, 0xf1, 0x2f, 0x85, 0xe7, 0x89, 0xd1, 0x01, 0xb4, + 0xc8, 0x18, 0xb7, 0x97, 0xef, 0x4b, 0x90, 0xf4, 0xbf, 0x10, 0x27, 0x3c, + 0x60, 0xff, 0xc4, 0x94, 0x20, 0x2f, 0x93, 0x4b, 0x4d, 0xe3, 0x80, 0xf7, + 0x2c, 0x71, 0xd9, 0xe3, 0x68, 0xb4, 0x77, 0x2b, 0xc7, 0x0d, 0x39, 0x92, + 0xef, 0x91, 0x0d, 0xb2, 0x11, 0x50, 0x0e, 0xe8, 0xad, 0x3b, 0xf6, 0xb5, + 0xc6, 0x14, 0x4d, 0x33, 0x53, 0xa7, 0x60, 0x15, 0xc7, 0x27, 0x51, 0xdc, + 0x54, 0x29, 0xa7, 0x0d, 0x6a, 0x7b, 0x72, 0x13, 0xad, 0x7d, 0x41, 0x19, + 0x4e, 0x42, 0x49, 0xcc, 0x42, 0xe4, 0xbd, 0x99, 0x13, 0xd9, 0x7f, 0xf3, + 0x38, 0xa4, 0xb6, 0x33, 0xed, 0x07, 0x48, 0x7e, 0x8e, 0x82, 0xfe, 0x3a, + 0x9d, 0x75, 0x93, 0xba, 0x25, 0x4e, 0x37, 0x3c, 0x0c, 0xd5, 0x69, 0xa9, + 0x2d, 0x9e, 0xfd, 0xe8, 0xbb, 0xf5, 0x0c, 0xe2, 0x86, 0xb9, 0x5e, 0x6f, + 0x28, 0xe4, 0x19, 0xb3, 0x0b, 0xa4, 0x86, 0xd7, 0x24, 0xd0, 0xb8, 0x89, + 0x7b, 0x76, 0xec, 0x05, 0x10, 0x5b, 0x68, 0xe9, 0x58, 0x66, 0xa3, 0xc5, + 0xb6, 0x63, 0x20, 0x0e, 0x0e, 0xea, 0x3d, 0x61, 0x5e, 0xda, 0x3d, 0x3c, + 0xf9, 0xfd, 0xed, 0xa9, 0xdb, 0x52, 0x94, 0x8a, 0x00, 0xca, 0x3c, 0x8d, + 0x66, 0x8f, 0xb0, 0xf0, 0x5a, 0xca, 0x3f, 0x63, 0x71, 0xbf, 0xca, 0x99, + 0x37, 0x9b, 0x75, 0x97, 0x89, 0x10, 0x6e, 0xcf, 0xf2, 0xf5, 0xe3, 0xd5, + 0x45, 0x9b, 0xad, 0x10, 0x71, 0x6c, 0x5f, 0x6f, 0x7f, 0x22, 0x77, 0x18, + 0x2f, 0xf9, 0x99, 0xc5, 0x69, 0x58, 0x03, 0x12, 0x86, 0x82, 0x3e, 0xbf, + 0xc2, 0x12, 0x35, 0x43, 0xa3, 0xd9, 0x18, 0x4f, 0x41, 0x11, 0x6b, 0xf3, + 0x67, 0xaf, 0x3d, 0x78, 0xe4, 0x22, 0x2d, 0xb3, 0x48, 0x43, 0x31, 0x1d, + 0xef, 0xa8, 0xba, 0x49, 0x8e, 0xa9, 0xa7, 0xb6, 0x18, 0x77, 0x84, 0xca, + 0xbd, 0xa2, 0x02, 0x1b, 0x6a, 0xf8, 0x5f, 0xda, 0xff, 0xcf, 0x01, 0x6a, + 0x86, 0x69, 0xa9, 0xe9, 0xcb, 0x60, 0x1e, 0x15, 0xdc, 0x8f, 0x5d, 0x39, + 0xb5, 0xce, 0x55, 0x5f, 0x47, 0x97, 0xb1, 0x19, 0x6e, 0x21, 0xd6, 0x13, + 0x39, 0xb2, 0x24, 0xe0, 0x62, 0x82, 0x9f, 0xed, 0x12, 0x81, 0xed, 0xee, + 0xab, 0xd0, 0x2f, 0x19, 0x89, 0x3f, 0x57, 0x2e, 0xc2, 0xe2, 0x67, 0xe8, + 0xae, 0x03, 0x56, 0xba, 0xd4, 0xd0, 0xa4, 0x89, 0x03, 0x06, 0x5b, 0xcc, + 0xf2, 0x22, 0xb8, 0x0e, 0x76, 0x79, 0x4a, 0x42, 0x1d, 0x37, 0x51, 0x5a, + 0xaa, 0x46, 0x6c, 0x2a, 0xdd, 0x66, 0xfe, 0xc6, 0x68, 0xc3, 0x38, 0xa2, + 0xae, 0x5b, 0x98, 0x24, 0x5d, 0x43, 0x05, 0x82, 0x38, 0x12, 0xd3, 0xd1, + 0x75, 0x2d, 0x4f, 0x61, 0xbd, 0xb9, 0x10, 0x87, 0x44, 0x2a, 0x78, 0x07, + 0xff, 0xf4, 0x0f, 0xa1, 0xf3, 0x68, 0x9f, 0xbe, 0xae, 0xa2, 0x91, 0xf0, + 0xc7, 0x55, 0x7a, 0x52, 0xd5, 0xa3, 0x8d, 0x6f, 0xe4, 0x90, 0x5c, 0xf3, + 0x5f, 0xce, 0x3d, 0x23, 0xf9, 0x8e, 0xae, 0x14, 0xfb, 0x82, 0x9a, 0xa3, + 0x04, 0x5f, 0xbf, 0xad, 0x3e, 0xf2, 0x97, 0x0a, 0x60, 0x40, 0x70, 0x19, + 0x72, 0xad, 0x66, 0xfb, 0x78, 0x1b, 0x84, 0x6c, 0x98, 0xbc, 0x8c, 0xf8, + 0x4f, 0xcb, 0xb5, 0xf6, 0xaf, 0x7a, 0xb7, 0x93, 0xef, 0x67, 0x48, 0x02, + 0x2c, 0xcb, 0xe6, 0x77, 0x0f, 0x7b, 0xc1, 0xee, 0xc5, 0xb6, 0x2d, 0x7e, + 0x62, 0xa0, 0xc0, 0xa7, 0xa5, 0x80, 0x31, 0x92, 0x50, 0xa1, 0x28, 0x22, + 0x95, 0x03, 0x17, 0xd1, 0x0f, 0xf6, 0x08, 0xe5, 0xec + }; +#define CHACHA_BIG_TEST_SIZE 1305 +#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC) + byte cipher_big[CHACHA_BIG_TEST_SIZE] = {0}; + byte plain_big[CHACHA_BIG_TEST_SIZE] = {0}; + byte input_big[CHACHA_BIG_TEST_SIZE] = {0}; +#else + byte* cipher_big = NULL; + byte* plain_big = NULL; + byte* input_big = NULL; +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + int block_size; +#endif /* BENCH_EMBEDDED */ + + const byte a[] = {0x76,0xb8,0xe0,0xad,0xa0,0xf1,0x3d,0x90}; + const byte b[] = {0x45,0x40,0xf0,0x5a,0x9f,0x1f,0xb2,0x96}; + const byte c[] = {0xde,0x9c,0xba,0x7b,0xf3,0xd6,0x9e,0xf5}; + const byte d[] = {0x89,0x67,0x09,0x52,0x60,0x83,0x64,0xfd}; + + const byte* test_chacha[4]; + const byte* keys[4]; + const byte* ivs[4]; + + test_chacha[0] = a; + test_chacha[1] = b; + test_chacha[2] = c; + test_chacha[3] = d; + + keys[0] = key1; + keys[1] = key2; + keys[2] = key3; + keys[3] = key4; + + ivs[0] = ivs1; + ivs[1] = ivs2; + ivs[2] = ivs3; + ivs[3] = ivs4; + + WOLFSSL_ENTER("chacha_test"); + +#ifndef BENCH_EMBEDDED +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + cipher_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (cipher_big == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + plain_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (plain_big == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + input_big = (byte*)XMALLOC(CHACHA_BIG_TEST_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (input_big == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + XMEMSET(cipher_big, 0, CHACHA_BIG_TEST_SIZE); + XMEMSET(plain_big, 0, CHACHA_BIG_TEST_SIZE); + XMEMSET(input_big, 0, CHACHA_BIG_TEST_SIZE); +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ +#endif /* BENCH_EMBEDDED */ + + for (i = 0; i < times; ++i) { + if (i < 3) { + keySz = 32; + } + else { + keySz = 16; + } + + XMEMCPY(plain, keys[i], keySz); + XMEMSET(cipher, 0, 32); + XMEMCPY(cipher + 4, ivs[i], 8); + + ret |= wc_Chacha_SetKey(&enc, keys[i], keySz); + ret |= wc_Chacha_SetKey(&dec, keys[i], keySz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret |= wc_Chacha_SetIV(&enc, cipher, 0); + ret |= wc_Chacha_SetIV(&dec, cipher, 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + XMEMCPY(plain, input, 8); + + ret |= wc_Chacha_Process(&enc, cipher, plain, (word32)8); + ret |= wc_Chacha_Process(&dec, plain, cipher, (word32)8); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(test_chacha[i], cipher, 8)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + if (XMEMCMP(plain, input, 8)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + + /* test of starting at a different counter + encrypts all of the information and decrypts starting at 2nd chunk */ + XMEMSET(plain, 0, sizeof(plain)); + XMEMSET(sliver, 1, sizeof(sliver)); /* set as 1's to not match plain */ + XMEMSET(cipher, 0, sizeof(cipher)); + XMEMCPY(cipher + 4, ivs[0], 8); + + ret |= wc_Chacha_SetKey(&enc, keys[0], keySz); + ret |= wc_Chacha_SetKey(&dec, keys[0], keySz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret |= wc_Chacha_SetIV(&enc, cipher, 0); + ret |= wc_Chacha_SetIV(&dec, cipher, 1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret |= wc_Chacha_Process(&enc, cipher, plain, sizeof(plain)); + ret |= wc_Chacha_Process(&dec, sliver, cipher + 64, sizeof(sliver)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain + 64, sliver, 64)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifndef BENCH_EMBEDDED + /* test of encrypting more data */ + keySz = 32; + + ret |= wc_Chacha_SetKey(&enc, keys[0], keySz); + ret |= wc_Chacha_SetKey(&dec, keys[0], keySz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret |= wc_Chacha_SetIV(&enc, ivs[2], 0); + ret |= wc_Chacha_SetIV(&dec, ivs[2], 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret |= wc_Chacha_Process(&enc, cipher_big, plain_big, CHACHA_BIG_TEST_SIZE); + ret |= wc_Chacha_Process(&dec, plain_big, cipher_big, + CHACHA_BIG_TEST_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + for (i = 0; i < 18; ++i) { + /* this will test all paths + * block sizes: 1 3 7 15 31 63 127 255 511 (i = 0- 8) + * 2 4 8 16 32 64 128 256 512 (i = 9-17) + */ + block_size = (2 << (i%9)) - (i<9?1:0); + keySz = 32; + + ret |= wc_Chacha_SetKey(&enc, keys[0], keySz); + ret |= wc_Chacha_SetKey(&dec, keys[0], keySz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret |= wc_Chacha_SetIV(&enc, ivs[2], 0); + ret |= wc_Chacha_SetIV(&dec, ivs[2], 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret |= wc_Chacha_Process(&enc, cipher_big, plain_big , (word32)block_size); + ret |= wc_Chacha_Process(&dec, plain_big , cipher_big, (word32)block_size); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain_big, input_big, (word32)block_size)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + if (XMEMCMP(cipher_big, cipher_big_result, (word32)block_size)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + + /* Streaming test */ + for (i = 1; i <= (int)CHACHA_CHUNK_BYTES + 1; i++) { + int j, rem; + + ret = wc_Chacha_SetKey(&enc, keys[0], keySz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_Chacha_SetKey(&dec, keys[0], keySz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_Chacha_SetIV(&enc, ivs[2], 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_Chacha_SetIV(&dec, ivs[2], 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (j = 0; j < CHACHA_BIG_TEST_SIZE - i; j+= i) { + ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, (word32)i); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, (word32)i); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + rem = CHACHA_BIG_TEST_SIZE - j; + ret = wc_Chacha_Process(&enc, cipher_big + j, plain_big + j, (word32)rem); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_Chacha_Process(&dec, plain_big + j, cipher_big + j, (word32)rem); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain_big, input_big, CHACHA_BIG_TEST_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + if (XMEMCMP(cipher_big, cipher_big_result, CHACHA_BIG_TEST_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + +#endif /* BENCH_EMBEDDED */ + + ret = 0; + +out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) && \ + !defined(BENCH_EMBEDDED) + XFREE(cipher_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(plain_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(input_big, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + + return ret; +} +#endif /* HAVE_CHACHA */ + + +#ifdef HAVE_POLY1305 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void) +{ + byte tag[16]; + Poly1305 enc; + + WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = { + 0x43,0x72,0x79,0x70,0x74,0x6f,0x67,0x72, + 0x61,0x70,0x68,0x69,0x63,0x20,0x46,0x6f, + 0x72,0x75,0x6d,0x20,0x52,0x65,0x73,0x65, + 0x61,0x72,0x63,0x68,0x20,0x47,0x72,0x6f, + 0x75,0x70 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = { + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x77,0x6f,0x72, + 0x6c,0x64,0x21 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = { + 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb, + 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2, + 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe, + 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6, + 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12, + 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b, + 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29, + 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36, + 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c, + 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58, + 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94, + 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc, + 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d, + 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b, + 0x61,0x16 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msg5[] = { + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msg6[] = { + 0xd3,0x1a,0x8d,0x34,0x64,0x8e,0x60,0xdb, + 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2, + 0xa4,0xad,0xed,0x51,0x29,0x6e,0x08,0xfe, + 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6, + 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12, + 0x82,0xfa,0xfb,0x69,0xda,0x92,0x72,0x8b, + 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94, + 0x1a,0x71,0xde,0x0a,0x9e,0x06,0x0b,0x29, + 0xa9,0xe2,0xb5,0xa7,0x36,0xee,0x62,0xd6, + 0x3d,0xbe,0xa4,0x5e,0x8c,0xa9,0x67,0x12, + 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94, + 0x05,0xd6,0xa5,0xb6,0x7e,0xcd,0x3b,0x36, + 0x92,0xdd,0xbd,0x7f,0x2d,0x77,0x8b,0x8c, + 0x7b,0x86,0xaf,0xbc,0x53,0xef,0x7e,0xc2, + 0x98,0x03,0xae,0xe3,0x28,0x09,0x1b,0x58, + 0xfa,0xb3,0x24,0xe4,0xfa,0xd6,0x75,0x94, + 0x55,0x85,0x80,0x8b,0x48,0x31,0xd7,0xbc, + 0x3f,0xf4,0xde,0xf0,0x8e,0x4b,0x7a,0x9d, + 0xe5,0x76,0xd2,0x65,0x86,0xce,0xc6,0x4b, + 0x61,0x16 + }; + WOLFSSL_SMALL_STACK_STATIC const byte msg7[] = { + 0xe8,0x8c,0x85,0x03,0x43,0xaf,0xa7,0x85, + 0x21,0x6b,0xc3,0x45,0xc4,0x53,0x98,0xf8, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + }; + + byte additional[] = { + 0x50,0x51,0x52,0x53,0xc0,0xc1,0xc2,0xc3, + 0xc4,0xc5,0xc6,0xc7 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte correct0[] = { + 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd, + 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte correct1[] = { + 0xa8,0x06,0x1d,0xc1,0x30,0x51,0x36,0xc6, + 0xc2,0x2b,0x8b,0xaf,0x0c,0x01,0x27,0xa9 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte correct2[] = { + 0xa6,0xf7,0x45,0x00,0x8f,0x81,0xc9,0x16, + 0xa2,0x0d,0xcc,0x74,0xee,0xf2,0xb2,0xf0 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte correct3[] = { + 0x49,0xec,0x78,0x09,0x0e,0x48,0x1e,0xc6, + 0xc2,0x6b,0x33,0xb9,0x1c,0xcc,0x03,0x07 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte correct4[] = { + 0x1a,0xe1,0x0b,0x59,0x4f,0x09,0xe2,0x6a, + 0x7e,0x90,0x2e,0xcb,0xd0,0x60,0x06,0x91 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte correct5[] = { + 0x03,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + }; + + WOLFSSL_SMALL_STACK_STATIC const byte correct6[] = { + 0xea,0x11,0x5c,0x4f,0xd0,0xc0,0x10,0xae, + 0xf7,0xdf,0xda,0x77,0xa2,0xe9,0xaf,0xca + }; + WOLFSSL_SMALL_STACK_STATIC const byte correct7[] = { + 0x14,0x00,0x00,0x88,0x5c,0x00,0x00,0x88, + 0x5c,0x00,0x00,0x88,0x5c,0x00,0x00,0x88 + }; + + + WOLFSSL_SMALL_STACK_STATIC const byte key[] = { + 0x85,0xd6,0xbe,0x78,0x57,0x55,0x6d,0x33, + 0x7f,0x44,0x52,0xfe,0x42,0xd5,0x06,0xa8, + 0x01,0x03,0x80,0x8a,0xfb,0x0d,0xb2,0xfd, + 0x4a,0xbf,0xf6,0xaf,0x41,0x49,0xf5,0x1b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key2[] = { + 0x74,0x68,0x69,0x73,0x20,0x69,0x73,0x20, + 0x33,0x32,0x2d,0x62,0x79,0x74,0x65,0x20, + 0x6b,0x65,0x79,0x20,0x66,0x6f,0x72,0x20, + 0x50,0x6f,0x6c,0x79,0x31,0x33,0x30,0x35 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key4[] = { + 0x7b,0xac,0x2b,0x25,0x2d,0xb4,0x47,0xaf, + 0x09,0xb6,0x7a,0x55,0xa4,0xe9,0x55,0x84, + 0x0a,0xe1,0xd6,0x73,0x10,0x75,0xd9,0xeb, + 0x2a,0x93,0x75,0x78,0x3e,0xd5,0x53,0xff + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key5[] = { + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key7[] = { + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + }; + + const byte* msgs[7]; + const word32 szm[7] = {0, sizeof(msg1), sizeof(msg2), + sizeof(msg3), sizeof(msg5), sizeof(msg6), + sizeof(msg7)}; + const byte* keys[7]; + const byte* tests[7]; + int i; + wc_test_ret_t ret = 0; + WOLFSSL_ENTER("poly1305_test"); + + msgs[0] = NULL; + msgs[1] = msg1; + msgs[2] = msg2; + msgs[3] = msg3; + msgs[4] = msg5; + msgs[5] = msg6; + msgs[6] = msg7; + + keys[0] = key; + keys[1] = key; + keys[2] = key2; + keys[3] = key2; + keys[4] = key5; + keys[5] = key; + keys[6] = key7; + + tests[0] = correct0; + tests[1] = correct1; + tests[2] = correct2; + tests[3] = correct3; + tests[4] = correct5; + tests[5] = correct6; + tests[6] = correct7; + + for (i = 0; i < 7; i++) { + ret = wc_Poly1305SetKey(&enc, keys[i], 32); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + + ret = wc_Poly1305Update(&enc, msgs[i], szm[i]); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + + ret = wc_Poly1305Final(&enc, tag); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + + if (XMEMCMP(tag, tests[i], sizeof(tag))) + return WC_TEST_RET_ENC_I(i); + } + + /* Testing multiple updates with various sizes works. */ + for (i = 1; i < (int)sizeof(msg6); i++) { + int j; + + ret = wc_Poly1305SetKey(&enc, key, 32); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + + for (j = 0; j < (int)sizeof(msg6); j += i) { + int len = (int)sizeof(msg6) - j; + if (len > i) + len = i; + ret = wc_Poly1305Update(&enc, msg6 + j, len); + if (ret != 0) + return WC_TEST_RET_ENC_I(j); + } + + ret = wc_Poly1305Final(&enc, tag); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + + if (XMEMCMP(tag, correct6, sizeof(tag))) + return WC_TEST_RET_ENC_I(i); + } + + /* Check TLS MAC function from 2.8.2 https://tools.ietf.org/html/rfc7539 */ + XMEMSET(tag, 0, sizeof(tag)); + ret = wc_Poly1305SetKey(&enc, key4, sizeof(key4)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional), + (byte*)msg4, sizeof(msg4), tag, sizeof(tag)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(tag, correct4, sizeof(tag))) + return WC_TEST_RET_ENC_NC; + + /* Check fail of TLS MAC function if altering additional data */ + XMEMSET(tag, 0, sizeof(tag)); + additional[0]++; + ret = wc_Poly1305_MAC(&enc, additional, sizeof(additional), + (byte*)msg4, sizeof(msg4), tag, sizeof(tag)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(tag, correct4, sizeof(tag)) == 0) + return WC_TEST_RET_ENC_NC; + + + return 0; +} +#endif /* HAVE_POLY1305 */ + + +#if defined(HAVE_CHACHA) && defined(HAVE_POLY1305) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void) +{ + /* Test #1 from Section 2.8.2 of draft-irtf-cfrg-chacha20-poly1305-10 */ + /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */ + + WOLFSSL_SMALL_STACK_STATIC const byte key1[] = { + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, + 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, + 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f + }; + + WOLFSSL_SMALL_STACK_STATIC const byte plaintext1[] = { + 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, + 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, + 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, + 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, + 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, + 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, + 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, + 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, + 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, + 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, + 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, + 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, + 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, + 0x74, 0x2e + }; + + WOLFSSL_SMALL_STACK_STATIC const byte iv1[] = { + 0x07, 0x00, 0x00, 0x00, 0x40, 0x41, 0x42, 0x43, + 0x44, 0x45, 0x46, 0x47 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte aad1[] = { /* additional data */ + 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, + 0xc4, 0xc5, 0xc6, 0xc7 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] = { /* expected output from operation */ + 0xd3, 0x1a, 0x8d, 0x34, 0x64, 0x8e, 0x60, 0xdb, + 0x7b, 0x86, 0xaf, 0xbc, 0x53, 0xef, 0x7e, 0xc2, + 0xa4, 0xad, 0xed, 0x51, 0x29, 0x6e, 0x08, 0xfe, + 0xa9, 0xe2, 0xb5, 0xa7, 0x36, 0xee, 0x62, 0xd6, + 0x3d, 0xbe, 0xa4, 0x5e, 0x8c, 0xa9, 0x67, 0x12, + 0x82, 0xfa, 0xfb, 0x69, 0xda, 0x92, 0x72, 0x8b, + 0x1a, 0x71, 0xde, 0x0a, 0x9e, 0x06, 0x0b, 0x29, + 0x05, 0xd6, 0xa5, 0xb6, 0x7e, 0xcd, 0x3b, 0x36, + 0x92, 0xdd, 0xbd, 0x7f, 0x2d, 0x77, 0x8b, 0x8c, + 0x98, 0x03, 0xae, 0xe3, 0x28, 0x09, 0x1b, 0x58, + 0xfa, 0xb3, 0x24, 0xe4, 0xfa, 0xd6, 0x75, 0x94, + 0x55, 0x85, 0x80, 0x8b, 0x48, 0x31, 0xd7, 0xbc, + 0x3f, 0xf4, 0xde, 0xf0, 0x8e, 0x4b, 0x7a, 0x9d, + 0xe5, 0x76, 0xd2, 0x65, 0x86, 0xce, 0xc6, 0x4b, + 0x61, 0x16 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte authTag1[] = { /* expected output from operation */ + 0x1a, 0xe1, 0x0b, 0x59, 0x4f, 0x09, 0xe2, 0x6a, + 0x7e, 0x90, 0x2e, 0xcb, 0xd0, 0x60, 0x06, 0x91 + }; + + /* Test #2 from Appendix A.2 in draft-irtf-cfrg-chacha20-poly1305-10 */ + /* https://tools.ietf.org/html/draft-irtf-cfrg-chacha20-poly1305-10 */ + + WOLFSSL_SMALL_STACK_STATIC const byte key2[] = { + 0x1c, 0x92, 0x40, 0xa5, 0xeb, 0x55, 0xd3, 0x8a, + 0xf3, 0x33, 0x88, 0x86, 0x04, 0xf6, 0xb5, 0xf0, + 0x47, 0x39, 0x17, 0xc1, 0x40, 0x2b, 0x80, 0x09, + 0x9d, 0xca, 0x5c, 0xbc, 0x20, 0x70, 0x75, 0xc0 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte plaintext2[] = { + 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x65, 0x74, + 0x2d, 0x44, 0x72, 0x61, 0x66, 0x74, 0x73, 0x20, + 0x61, 0x72, 0x65, 0x20, 0x64, 0x72, 0x61, 0x66, + 0x74, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, + 0x6e, 0x74, 0x73, 0x20, 0x76, 0x61, 0x6c, 0x69, + 0x64, 0x20, 0x66, 0x6f, 0x72, 0x20, 0x61, 0x20, + 0x6d, 0x61, 0x78, 0x69, 0x6d, 0x75, 0x6d, 0x20, + 0x6f, 0x66, 0x20, 0x73, 0x69, 0x78, 0x20, 0x6d, + 0x6f, 0x6e, 0x74, 0x68, 0x73, 0x20, 0x61, 0x6e, + 0x64, 0x20, 0x6d, 0x61, 0x79, 0x20, 0x62, 0x65, + 0x20, 0x75, 0x70, 0x64, 0x61, 0x74, 0x65, 0x64, + 0x2c, 0x20, 0x72, 0x65, 0x70, 0x6c, 0x61, 0x63, + 0x65, 0x64, 0x2c, 0x20, 0x6f, 0x72, 0x20, 0x6f, + 0x62, 0x73, 0x6f, 0x6c, 0x65, 0x74, 0x65, 0x64, + 0x20, 0x62, 0x79, 0x20, 0x6f, 0x74, 0x68, 0x65, + 0x72, 0x20, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, + 0x6e, 0x74, 0x73, 0x20, 0x61, 0x74, 0x20, 0x61, + 0x6e, 0x79, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x2e, + 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x69, + 0x6e, 0x61, 0x70, 0x70, 0x72, 0x6f, 0x70, 0x72, + 0x69, 0x61, 0x74, 0x65, 0x20, 0x74, 0x6f, 0x20, + 0x75, 0x73, 0x65, 0x20, 0x49, 0x6e, 0x74, 0x65, + 0x72, 0x6e, 0x65, 0x74, 0x2d, 0x44, 0x72, 0x61, + 0x66, 0x74, 0x73, 0x20, 0x61, 0x73, 0x20, 0x72, + 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, + 0x20, 0x6d, 0x61, 0x74, 0x65, 0x72, 0x69, 0x61, + 0x6c, 0x20, 0x6f, 0x72, 0x20, 0x74, 0x6f, 0x20, + 0x63, 0x69, 0x74, 0x65, 0x20, 0x74, 0x68, 0x65, + 0x6d, 0x20, 0x6f, 0x74, 0x68, 0x65, 0x72, 0x20, + 0x74, 0x68, 0x61, 0x6e, 0x20, 0x61, 0x73, 0x20, + 0x2f, 0xe2, 0x80, 0x9c, 0x77, 0x6f, 0x72, 0x6b, + 0x20, 0x69, 0x6e, 0x20, 0x70, 0x72, 0x6f, 0x67, + 0x72, 0x65, 0x73, 0x73, 0x2e, 0x2f, 0xe2, 0x80, + 0x9d + }; + + WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = { + 0x00, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, + 0x05, 0x06, 0x07, 0x08 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte aad2[] = { /* additional data */ + 0xf3, 0x33, 0x88, 0x86, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x4e, 0x91 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] = { /* expected output from operation */ + 0x64, 0xa0, 0x86, 0x15, 0x75, 0x86, 0x1a, 0xf4, + 0x60, 0xf0, 0x62, 0xc7, 0x9b, 0xe6, 0x43, 0xbd, + 0x5e, 0x80, 0x5c, 0xfd, 0x34, 0x5c, 0xf3, 0x89, + 0xf1, 0x08, 0x67, 0x0a, 0xc7, 0x6c, 0x8c, 0xb2, + 0x4c, 0x6c, 0xfc, 0x18, 0x75, 0x5d, 0x43, 0xee, + 0xa0, 0x9e, 0xe9, 0x4e, 0x38, 0x2d, 0x26, 0xb0, + 0xbd, 0xb7, 0xb7, 0x3c, 0x32, 0x1b, 0x01, 0x00, + 0xd4, 0xf0, 0x3b, 0x7f, 0x35, 0x58, 0x94, 0xcf, + 0x33, 0x2f, 0x83, 0x0e, 0x71, 0x0b, 0x97, 0xce, + 0x98, 0xc8, 0xa8, 0x4a, 0xbd, 0x0b, 0x94, 0x81, + 0x14, 0xad, 0x17, 0x6e, 0x00, 0x8d, 0x33, 0xbd, + 0x60, 0xf9, 0x82, 0xb1, 0xff, 0x37, 0xc8, 0x55, + 0x97, 0x97, 0xa0, 0x6e, 0xf4, 0xf0, 0xef, 0x61, + 0xc1, 0x86, 0x32, 0x4e, 0x2b, 0x35, 0x06, 0x38, + 0x36, 0x06, 0x90, 0x7b, 0x6a, 0x7c, 0x02, 0xb0, + 0xf9, 0xf6, 0x15, 0x7b, 0x53, 0xc8, 0x67, 0xe4, + 0xb9, 0x16, 0x6c, 0x76, 0x7b, 0x80, 0x4d, 0x46, + 0xa5, 0x9b, 0x52, 0x16, 0xcd, 0xe7, 0xa4, 0xe9, + 0x90, 0x40, 0xc5, 0xa4, 0x04, 0x33, 0x22, 0x5e, + 0xe2, 0x82, 0xa1, 0xb0, 0xa0, 0x6c, 0x52, 0x3e, + 0xaf, 0x45, 0x34, 0xd7, 0xf8, 0x3f, 0xa1, 0x15, + 0x5b, 0x00, 0x47, 0x71, 0x8c, 0xbc, 0x54, 0x6a, + 0x0d, 0x07, 0x2b, 0x04, 0xb3, 0x56, 0x4e, 0xea, + 0x1b, 0x42, 0x22, 0x73, 0xf5, 0x48, 0x27, 0x1a, + 0x0b, 0xb2, 0x31, 0x60, 0x53, 0xfa, 0x76, 0x99, + 0x19, 0x55, 0xeb, 0xd6, 0x31, 0x59, 0x43, 0x4e, + 0xce, 0xbb, 0x4e, 0x46, 0x6d, 0xae, 0x5a, 0x10, + 0x73, 0xa6, 0x72, 0x76, 0x27, 0x09, 0x7a, 0x10, + 0x49, 0xe6, 0x17, 0xd9, 0x1d, 0x36, 0x10, 0x94, + 0xfa, 0x68, 0xf0, 0xff, 0x77, 0x98, 0x71, 0x30, + 0x30, 0x5b, 0xea, 0xba, 0x2e, 0xda, 0x04, 0xdf, + 0x99, 0x7b, 0x71, 0x4d, 0x6c, 0x6f, 0x2c, 0x29, + 0xa6, 0xad, 0x5c, 0xb4, 0x02, 0x2b, 0x02, 0x70, + 0x9b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte authTag2[] = { /* expected output from operation */ + 0xee, 0xad, 0x9d, 0x67, 0x89, 0x0c, 0xbb, 0x22, + 0x39, 0x23, 0x36, 0xfe, 0xa1, 0x85, 0x1f, 0x38 + }; + + byte generatedCiphertext[265]; /* max plaintext2/cipher2 */ + byte generatedPlaintext[265]; /* max plaintext2/cipher2 */ + byte generatedAuthTag[CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE]; + + ChaChaPoly_Aead aead; + +#if !defined(USE_INTEL_CHACHA_SPEEDUP) && !defined(WOLFSSL_ARMASM) + #define TEST_SMALL_CHACHA_CHUNKS 32 +#else + #define TEST_SMALL_CHACHA_CHUNKS 64 +#endif + +#ifdef TEST_SMALL_CHACHA_CHUNKS + word32 testLen; +#endif + wc_test_ret_t err; + + WOLFSSL_ENTER("chacha20_poly1305_aead_test"); + + XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); + XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); + XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); + + /* Parameter Validation testing */ + /* Encrypt */ + err = wc_ChaCha20Poly1305_Encrypt(NULL, iv1, aad1, sizeof(aad1), plaintext1, + sizeof(plaintext1), generatedCiphertext, generatedAuthTag); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_Encrypt(key1, NULL, aad1, sizeof(aad1), + plaintext1, sizeof(plaintext1), generatedCiphertext, + generatedAuthTag); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL, + sizeof(plaintext1), generatedCiphertext, generatedAuthTag); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, + sizeof(plaintext1), NULL, generatedAuthTag); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), plaintext1, + sizeof(plaintext1), generatedCiphertext, NULL); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, aad1, sizeof(aad1), NULL, + sizeof(plaintext1), generatedCiphertext, generatedAuthTag); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + /* Decrypt */ + err = wc_ChaCha20Poly1305_Decrypt(NULL, iv2, aad2, sizeof(aad2), cipher2, + sizeof(cipher2), authTag2, generatedPlaintext); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_Decrypt(key2, NULL, aad2, sizeof(aad2), cipher2, + sizeof(cipher2), authTag2, generatedPlaintext); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL, + sizeof(cipher2), authTag2, generatedPlaintext); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, + sizeof(cipher2), NULL, generatedPlaintext); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), cipher2, + sizeof(cipher2), authTag2, NULL); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, aad2, sizeof(aad2), NULL, + sizeof(cipher2), authTag2, generatedPlaintext); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + + + /* Test #1 */ + err = wc_ChaCha20Poly1305_Encrypt(key1, iv1, + aad1, sizeof(aad1), + plaintext1, sizeof(plaintext1), + generatedCiphertext, generatedAuthTag); + if (err) { + return WC_TEST_RET_ENC_EC(err); + } + + /* -- Check the ciphertext and authtag */ + if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) { + return WC_TEST_RET_ENC_NC; + } + if (XMEMCMP(generatedAuthTag, authTag1, sizeof(authTag1))) { + return WC_TEST_RET_ENC_NC; + } + + /* -- Verify decryption works */ + err = wc_ChaCha20Poly1305_Decrypt(key1, iv1, + aad1, sizeof(aad1), + cipher1, sizeof(cipher1), + authTag1, generatedPlaintext); + if (err) { + return err; + } + if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) { + return WC_TEST_RET_ENC_NC; + } + + + XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); + XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); + XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); + + /* Test #2 */ + err = wc_ChaCha20Poly1305_Encrypt(key2, iv2, + aad2, sizeof(aad2), + plaintext2, sizeof(plaintext2), + generatedCiphertext, generatedAuthTag); + if (err) { + return err; + } + + /* -- Check the ciphertext and authtag */ + if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) { + return WC_TEST_RET_ENC_NC; + } + if (XMEMCMP(generatedAuthTag, authTag2, sizeof(authTag2))) { + return WC_TEST_RET_ENC_NC; + } + + /* -- Verify decryption works */ + err = wc_ChaCha20Poly1305_Decrypt(key2, iv2, + aad2, sizeof(aad2), + cipher2, sizeof(cipher2), + authTag2, generatedPlaintext); + if (err) { + return err; + } + + if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) { + return WC_TEST_RET_ENC_NC; + } + + + /* AEAD init/update/final - bad argument tests */ + err = wc_ChaCha20Poly1305_Init(NULL, key1, iv1, + CHACHA20_POLY1305_AEAD_DECRYPT); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_Init(&aead, NULL, iv1, + CHACHA20_POLY1305_AEAD_DECRYPT); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_Init(&aead, key1, NULL, + CHACHA20_POLY1305_AEAD_DECRYPT); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_UpdateAad(NULL, aad1, sizeof(aad1)); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_UpdateAad(&aead, NULL, sizeof(aad1)); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_UpdateData(NULL, generatedPlaintext, + generatedPlaintext, sizeof(plaintext1)); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, NULL, + sizeof(plaintext1)); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_UpdateData(&aead, NULL, generatedPlaintext, + sizeof(plaintext1)); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_Final(NULL, generatedAuthTag); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_Final(&aead, NULL); + if (err != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(err); + + /* AEAD init/update/final - bad state tests */ + /* clear struct - make valgrind happy to resolve + "Conditional jump or move depends on uninitialised value(s)". + The enum is "int" size and aead.state is "byte" */ + /* The wc_ChaCha20Poly1305_Init function does this normally */ + XMEMSET(&aead, 0, sizeof(aead)); + aead.state = CHACHA20_POLY1305_STATE_INIT; + err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1)); + if (err != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(err); + aead.state = CHACHA20_POLY1305_STATE_DATA; + err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1)); + if (err != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(err); + aead.state = CHACHA20_POLY1305_STATE_INIT; + err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedPlaintext, + generatedPlaintext, sizeof(plaintext1)); + if (err != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(err); + aead.state = CHACHA20_POLY1305_STATE_INIT; + err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); + if (err != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(err); + aead.state = CHACHA20_POLY1305_STATE_READY; + err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); + if (err != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(err); + + XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); + XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); + XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); + + /* Test 1 - Encrypt */ + err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1, + CHACHA20_POLY1305_AEAD_ENCRYPT); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1)); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); +#ifdef TEST_SMALL_CHACHA_CHUNKS + /* test doing data in smaller chunks */ + for (testLen=0; testLen TEST_SMALL_CHACHA_CHUNKS) + dataLen = TEST_SMALL_CHACHA_CHUNKS; + err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext1[testLen], + &generatedCiphertext[testLen], dataLen); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + testLen += dataLen; + } +#else + err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext1, + generatedCiphertext, sizeof(plaintext1)); +#endif + err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + if (XMEMCMP(generatedCiphertext, cipher1, sizeof(cipher1))) { + return WC_TEST_RET_ENC_NC; + } + + /* Test 1 - Decrypt */ + err = wc_ChaCha20Poly1305_Init(&aead, key1, iv1, + CHACHA20_POLY1305_AEAD_DECRYPT); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad1, sizeof(aad1)); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); +#ifdef TEST_SMALL_CHACHA_CHUNKS + /* test doing data in smaller chunks */ + for (testLen=0; testLen TEST_SMALL_CHACHA_CHUNKS) + dataLen = TEST_SMALL_CHACHA_CHUNKS; + err = wc_ChaCha20Poly1305_UpdateData(&aead, + &generatedCiphertext[testLen], &generatedPlaintext[testLen], + dataLen); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + testLen += dataLen; + } +#else + err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext, + generatedPlaintext, sizeof(cipher1)); +#endif + err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag1); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + if (XMEMCMP(generatedPlaintext, plaintext1, sizeof(plaintext1))) { + return WC_TEST_RET_ENC_NC; + } + + XMEMSET(generatedCiphertext, 0, sizeof(generatedCiphertext)); + XMEMSET(generatedAuthTag, 0, sizeof(generatedAuthTag)); + XMEMSET(generatedPlaintext, 0, sizeof(generatedPlaintext)); + + /* Test 2 - Encrypt */ + err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2, + CHACHA20_POLY1305_AEAD_ENCRYPT); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2)); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); +#ifdef TEST_SMALL_CHACHA_CHUNKS + /* test doing data in smaller chunks */ + for (testLen=0; testLen TEST_SMALL_CHACHA_CHUNKS) + dataLen = TEST_SMALL_CHACHA_CHUNKS; + err = wc_ChaCha20Poly1305_UpdateData(&aead, &plaintext2[testLen], + &generatedCiphertext[testLen], dataLen); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + testLen += dataLen; + } +#else + err = wc_ChaCha20Poly1305_UpdateData(&aead, plaintext2, generatedCiphertext, + sizeof(plaintext2)); +#endif + err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + if (XMEMCMP(generatedCiphertext, cipher2, sizeof(cipher2))) { + return WC_TEST_RET_ENC_NC; + } + + /* Test 2 - Decrypt */ + err = wc_ChaCha20Poly1305_Init(&aead, key2, iv2, + CHACHA20_POLY1305_AEAD_DECRYPT); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_UpdateAad(&aead, aad2, sizeof(aad2)); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); +#ifdef TEST_SMALL_CHACHA_CHUNKS + /* test doing data in smaller chunks */ + for (testLen=0; testLen TEST_SMALL_CHACHA_CHUNKS) + dataLen = TEST_SMALL_CHACHA_CHUNKS; + err = wc_ChaCha20Poly1305_UpdateData(&aead, + &generatedCiphertext[testLen], &generatedPlaintext[testLen], + dataLen); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + testLen += dataLen; + } +#else + err = wc_ChaCha20Poly1305_UpdateData(&aead, generatedCiphertext, + generatedPlaintext, sizeof(cipher2)); +#endif + err = wc_ChaCha20Poly1305_Final(&aead, generatedAuthTag); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + err = wc_ChaCha20Poly1305_CheckTag(generatedAuthTag, authTag2); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + if (XMEMCMP(generatedPlaintext, plaintext2, sizeof(plaintext2))) { + return WC_TEST_RET_ENC_NC; + } + + return err; +} +#endif /* HAVE_CHACHA && HAVE_POLY1305 */ + +#ifdef HAVE_ASCON +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_hash256_test(void) +{ + WOLFSSL_SMALL_STACK_STATIC byte msg[1024]; + byte mdOut[ASCON_HASH256_SZ]; + + /* KATs taken from https://github.com/ascon/ascon-c. + * Testing only a subset of KATs here. The rest are tested in + * tests/api/ascon.c. */ + /* crypto_hash/asconhash256/LWC_HASH_KAT_256.txt + * The message is just the byte stream 00 01 02 03 ... */ + WOLFSSL_SMALL_STACK_STATIC const byte hash_output[][32] = { + { 0x0B, 0x3B, 0xE5, 0x85, 0x0F, 0x2F, 0x6B, 0x98, 0xCA, 0xF2, 0x9F, 0x8F, 0xDE, 0xA8, 0x9B, 0x64, 0xA1, 0xFA, 0x70, 0xAA, 0x24, 0x9B, 0x8F, 0x83, 0x9B, 0xD5, 0x3B, 0xAA, 0x30, 0x4D, 0x92, 0xB2 }, + { 0x07, 0x28, 0x62, 0x10, 0x35, 0xAF, 0x3E, 0xD2, 0xBC, 0xA0, 0x3B, 0xF6, 0xFD, 0xE9, 0x00, 0xF9, 0x45, 0x6F, 0x53, 0x30, 0xE4, 0xB5, 0xEE, 0x23, 0xE7, 0xF6, 0xA1, 0xE7, 0x02, 0x91, 0xBC, 0x80 }, + { 0x61, 0x15, 0xE7, 0xC9, 0xC4, 0x08, 0x1C, 0x27, 0x97, 0xFC, 0x8F, 0xE1, 0xBC, 0x57, 0xA8, 0x36, 0xAF, 0xA1, 0xC5, 0x38, 0x1E, 0x55, 0x6D, 0xD5, 0x83, 0x86, 0x0C, 0xA2, 0xDF, 0xB4, 0x8D, 0xD2 }, + { 0x26, 0x5A, 0xB8, 0x9A, 0x60, 0x9F, 0x5A, 0x05, 0xDC, 0xA5, 0x7E, 0x83, 0xFB, 0xBA, 0x70, 0x0F, 0x9A, 0x2D, 0x2C, 0x42, 0x11, 0xBA, 0x4C, 0xC9, 0xF0, 0xA1, 0xA3, 0x69, 0xE1, 0x7B, 0x91, 0x5C }, + { 0xD7, 0xE4, 0xC7, 0xED, 0x9B, 0x8A, 0x32, 0x5C, 0xD0, 0x8B, 0x9E, 0xF2, 0x59, 0xF8, 0x87, 0x70, 0x54, 0xEC, 0xD8, 0x30, 0x4F, 0xE1, 0xB2, 0xD7, 0xFD, 0x84, 0x71, 0x37, 0xDF, 0x67, 0x27, 0xEE }, + }; + + wc_AsconHash256 asconHash; + int err; + word32 i; + + /* init msg buffer */ + for (i = 0; i < sizeof(msg); i++) + msg[i] = (byte)i; + + for (i = 0; i < XELEM_CNT(hash_output); i++) { + XMEMSET(mdOut, 0, sizeof(mdOut)); + err = wc_AsconHash256_Init(&asconHash); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + err = wc_AsconHash256_Update(&asconHash, msg, i); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + err = wc_AsconHash256_Final(&asconHash, mdOut); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + if (XMEMCMP(mdOut, hash_output[i], ASCON_HASH256_SZ) != 0) + return WC_TEST_RET_ENC_NC; + wc_AsconHash256_Clear(&asconHash); + } + + /* Test separated update */ + for (i = 0; i < XELEM_CNT(hash_output); i++) { + word32 half_i = i / 2; + XMEMSET(mdOut, 0, sizeof(mdOut)); + err = wc_AsconHash256_Init(&asconHash); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + err = wc_AsconHash256_Update(&asconHash, msg, half_i); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + err = wc_AsconHash256_Update(&asconHash, msg + half_i, i - half_i); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + err = wc_AsconHash256_Final(&asconHash, mdOut); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + if (XMEMCMP(mdOut, hash_output[i], ASCON_HASH256_SZ) != 0) + return WC_TEST_RET_ENC_NC; + wc_AsconHash256_Clear(&asconHash); + } + + return 0; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_aead128_test(void) +{ + word32 i; + wc_AsconAEAD128 asconAEAD; + int err; + + /* KATs taken from https://github.com/ascon/ascon-c. + * Testing only a subset of KATs here. The rest are tested in + * tests/api/ascon.c. */ + /* crypto_hash/asconaead128/LWC_AEAD_KAT_128_128.txt */ + static const char *aead_kat[][5] = { + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "", + /* CT = */ "4427D64B8E1E1451FC445960F0839BB0", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "00", + /* CT = */ "103AB79D913A0321287715A979BB8585", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "0001", + /* CT = */ "A50E88E30F923B90A9C810181230DF10", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "000102", + /* CT = */ "AE214C9F66630658ED8DC7D31131174C", }, + { /* Key = */ "000102030405060708090A0B0C0D0E0F", + /* Nonce = */ "000102030405060708090A0B0C0D0E0F", + /* PT = */ "", + /* AD = */ "00010203", + /* CT = */ "C6FF3CF70575B144B955820D9BC7685E", }, + }; + + for (i = 0; i < XELEM_CNT(aead_kat); i++) { + byte key[ASCON_AEAD128_KEY_SZ]; + byte nonce[ASCON_AEAD128_NONCE_SZ]; + byte pt[32]; /* longest plaintext we test is 32 bytes */ + word32 ptSz; + byte ad[32]; /* longest AD we test is 32 bytes */ + word32 adSz; + byte ct[48]; /* longest ciphertext we test is 32 bytes + 16 bytes tag */ + word32 ctSz; + word32 j; + byte tag[ASCON_AEAD128_TAG_SZ]; + byte buf[32]; /* longest buffer we test is 32 bytes */ + + XMEMSET(key, 0, sizeof(key)); + XMEMSET(nonce, 0, sizeof(nonce)); + XMEMSET(pt, 0, sizeof(pt)); + XMEMSET(ad, 0, sizeof(ad)); + XMEMSET(ct, 0, sizeof(ct)); + XMEMSET(tag, 0, sizeof(tag)); + + /* Convert HEX strings to byte stream */ + for (j = 0; aead_kat[i][0][j] != '\0'; j += 2) { + key[j/2] = HexCharToByte(aead_kat[i][0][j]) << 4 | + HexCharToByte(aead_kat[i][0][j+1]); + } + for (j = 0; aead_kat[i][1][j] != '\0'; j += 2) { + nonce[j/2] = HexCharToByte(aead_kat[i][1][j]) << 4 | + HexCharToByte(aead_kat[i][1][j+1]); + } + for (j = 0; aead_kat[i][2][j] != '\0'; j += 2) { + pt[j/2] = HexCharToByte(aead_kat[i][2][j]) << 4 | + HexCharToByte(aead_kat[i][2][j+1]); + } + ptSz = j/2; + for (j = 0; aead_kat[i][3][j] != '\0'; j += 2) { + ad[j/2] = HexCharToByte(aead_kat[i][3][j]) << 4 | + HexCharToByte(aead_kat[i][3][j+1]); + } + adSz = j/2; + for (j = 0; aead_kat[i][4][j] != '\0'; j += 2) { + ct[j/2] = HexCharToByte(aead_kat[i][4][j]) << 4 | + HexCharToByte(aead_kat[i][4][j+1]); + } + ctSz = j/2 - ASCON_AEAD128_TAG_SZ; + + for (j = 0; j < 4; j++) { + err = wc_AsconAEAD128_Init(&asconAEAD); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + + err = wc_AsconAEAD128_SetKey(&asconAEAD, key); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + + err = wc_AsconAEAD128_SetNonce(&asconAEAD, nonce); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + + err = wc_AsconAEAD128_SetAD(&asconAEAD, ad, adSz); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + + if (j == 0) { + /* Encryption test */ + err = wc_AsconAEAD128_EncryptUpdate(&asconAEAD, buf, pt, ptSz); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + + if (XMEMCMP(buf, ct, ptSz) != 0) + return WC_TEST_RET_ENC_NC; + + err = wc_AsconAEAD128_EncryptFinal(&asconAEAD, tag); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + + if (XMEMCMP(tag, ct + ptSz, ASCON_AEAD128_TAG_SZ) != 0) + return WC_TEST_RET_ENC_NC; + } + else if (j == 1) { + /* Decryption test */ + err = wc_AsconAEAD128_DecryptUpdate(&asconAEAD, buf, ct, ctSz); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + + if (XMEMCMP(buf, pt, ctSz) != 0) + return WC_TEST_RET_ENC_NC; + + err = wc_AsconAEAD128_DecryptFinal(&asconAEAD, ct + ctSz); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + } + else if (j == 2) { + /* Split encryption test */ + err = wc_AsconAEAD128_EncryptUpdate(&asconAEAD, buf, pt, + ptSz/2); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + + err = wc_AsconAEAD128_EncryptUpdate(&asconAEAD, buf + (ptSz/2), + pt + (ptSz/2), ptSz - (ptSz/2)); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + + if (XMEMCMP(buf, ct, ptSz) != 0) + return WC_TEST_RET_ENC_NC; + + err = wc_AsconAEAD128_EncryptFinal(&asconAEAD, tag); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + + if (XMEMCMP(tag, ct + ptSz, ASCON_AEAD128_TAG_SZ) != 0) + return WC_TEST_RET_ENC_NC; + + } + else if (j == 3) { + /* Split decryption test */ + err = wc_AsconAEAD128_DecryptUpdate(&asconAEAD, buf, ct, + ctSz/2); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + + err = wc_AsconAEAD128_DecryptUpdate(&asconAEAD, buf + (ctSz/2), + ct + (ctSz/2), ctSz - (ctSz/2)); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + + if (XMEMCMP(buf, pt, ctSz) != 0) + return WC_TEST_RET_ENC_NC; + + err = wc_AsconAEAD128_DecryptFinal(&asconAEAD, ct + ctSz); + if (err != 0) + return WC_TEST_RET_ENC_EC(err); + + } + + + wc_AsconAEAD128_Clear(&asconAEAD); + } + } + + return 0; +} +#endif /* HAVE_ASCON */ + +#ifndef NO_DES3 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void) +{ + WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */ + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + byte plain[24]; + byte cipher[24]; + + Des enc; + Des dec; + + WOLFSSL_SMALL_STACK_STATIC const byte key[] = + { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef + }; + + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = + { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef + }; + + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = + { + 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8, + 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73, + 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b + }; + + #ifdef WOLFSSL_DES_ECB + + /* "Stay strong and move on!"" */ + WOLFSSL_SMALL_STACK_STATIC const byte vector_ecb[] = + { + 0x53,0x74,0x61,0x79,0x20,0x73,0x74,0x72, + 0x6F,0x6E,0x67,0x20,0x61,0x6E,0x64,0x20, + 0x6D,0x6F,0x76,0x65,0x20,0x6F,0x6E,0x21 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb[] = + { + 0x70,0x4F,0x20,0xF6,0x72,0xB4,0xD0,0x2A, + 0xB5,0xA9,0x94,0x9F,0x11,0xCF,0x87,0xED, + 0x13,0x33,0x82,0xCB,0x8B,0xF1,0x82,0x56 + }; + + /* "Lemmings" */ + WOLFSSL_SMALL_STACK_STATIC const byte key_ecb[] = + { + 0x4C,0x65,0x6D,0x6D,0x69,0x6E,0x67,0x73 + }; + + #endif /* WOLFSSL_DES_ECB */ + + wc_test_ret_t ret; + WOLFSSL_ENTER("des_test"); + + ret = wc_Des_SetKey(&enc, key, iv, DES_ENCRYPTION); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Des_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Des_SetKey(&dec, key, iv, DES_DECRYPTION); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Des_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(plain, vector, sizeof(plain))) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(cipher, verify, sizeof(cipher))) + return WC_TEST_RET_ENC_NC; + + ret = wc_Des_CbcEncryptWithKey(cipher, vector, sizeof(vector), key, iv); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Test basic ECB Process for DES*/ +#ifdef WOLFSSL_DES_ECB + ret = wc_Des_SetKey(&enc, key_ecb, iv, DES_ENCRYPTION); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Des_EcbEncrypt(&enc, cipher, vector_ecb, sizeof(vector)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Des_SetKey(&dec, key_ecb, iv, DES_DECRYPTION); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Des_EcbDecrypt(&dec, plain, cipher, sizeof(cipher)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(plain, vector_ecb, sizeof(plain))) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(cipher, verify_ecb, sizeof(cipher))) + return WC_TEST_RET_ENC_NC; + +#endif /* WOLFSSL_DES_ECB */ + +#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA) + { + EncryptedInfo info; + XMEMSET(&info, 0, sizeof(EncryptedInfo)); + XMEMCPY(info.iv, iv, sizeof(iv)); + info.ivSz = sizeof(iv); + info.keySz = sizeof(key); + info.cipherType = WC_CIPHER_DES; + + ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key, + sizeof(key), WC_HASH_TYPE_SHA); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Test invalid info ptr */ + ret = wc_BufferKeyEncrypt(NULL, cipher, sizeof(cipher), key, + sizeof(key), WC_HASH_TYPE_SHA); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + #ifndef NO_PWDBASED + /* Test invalid hash type - only applies to wc_PBKDF1 call */ + ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key, + sizeof(key), WC_HASH_TYPE_NONE); + if (ret == 0) + return WC_TEST_RET_ENC_EC(ret); + #endif /* !NO_PWDBASED */ + } +#endif + + return 0; +} +#endif /* !NO_DES3 */ + + +#ifndef NO_DES3 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void) +{ + WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x4e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + byte plain[24]; + byte cipher[24]; + + Des3 enc; + Des3 dec; + + WOLFSSL_SMALL_STACK_STATIC const byte key3[] = + { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; + WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = + { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x11,0x21,0x31,0x41,0x51,0x61,0x71,0x81 + + }; + + WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = + { + 0x43,0xa0,0x29,0x7e,0xd1,0x84,0xf8,0x0e, + 0x89,0x64,0x84,0x32,0x12,0xd5,0x08,0x98, + 0x18,0x94,0x15,0x74,0x87,0x12,0x7d,0xb0 + }; + + #ifdef WOLFSSL_DES_ECB + + /* Stay strong and move on! */ + WOLFSSL_SMALL_STACK_STATIC const byte vector_ecb[] = + { + 0x53,0x74,0x61,0x79,0x20,0x73,0x74,0x72, + 0x6F,0x6E,0x67,0x20,0x61,0x6E,0x64,0x20, + 0x6D,0x6F,0x76,0x65,0x20,0x6F,0x6E,0x21 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte verify3_ecb[] = + { + 0x45,0x7E,0xFA,0xA1,0x05,0xDD,0x48,0x86, + 0x4D,0xB2,0xAB,0xE4,0xF9,0x63,0xD6,0x54, + 0x7C,0x5A,0xB3,0x67,0x32,0x25,0x67,0x3D + }; + + /* "Life is what you make it" */ + WOLFSSL_SMALL_STACK_STATIC const byte key3_ecb[] = + { + 0x4C,0x69,0x66,0x65,0x20,0x69,0x73,0x20, + 0x77,0x68,0x61,0x74,0x20,0x79,0x6F,0x75, + 0x20,0x6D,0x61,0x6B,0x65,0x20,0x69,0x74 + }; + + #endif /* WOLFSSL_DES_ECB */ + + wc_test_ret_t ret; +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) + size_t i; +#endif + WOLFSSL_ENTER("des3_test"); + + ret = wc_Des3Init(&enc, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Des3Init(&dec, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Des3_SetKey(&enc, key3, iv3, DES_ENCRYPTION); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Des3_SetKey(&dec, key3, iv3, DES_DECRYPTION); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Des3_CbcEncrypt(&enc, cipher, vector, sizeof(vector)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Des3_CbcDecrypt(&dec, plain, cipher, sizeof(cipher)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(plain, vector, sizeof(plain))) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(cipher, verify3, sizeof(cipher))) + return WC_TEST_RET_ENC_NC; + +/* Test basic ECB Process for DES3*/ +#ifdef WOLFSSL_DES_ECB + ret = wc_Des3Init(&enc, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Des3Init(&dec, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Des3_SetKey(&enc, key3_ecb, NULL, DES_ENCRYPTION); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Des3_SetKey(&dec, key3_ecb, NULL, DES_DECRYPTION); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Des3_EcbEncrypt(&enc, cipher, vector_ecb, sizeof(vector_ecb)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Des3_EcbDecrypt(&dec, plain, cipher, sizeof(cipher)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(plain, vector_ecb, sizeof(plain))) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(cipher, verify3_ecb, sizeof(cipher))) + return WC_TEST_RET_ENC_NC; + +#endif /* WOLFSSL_DES_ECB */ + +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) + /* test the same vectors with using compatibility layer */ + for (i = 0; i < sizeof(vector); i += DES_BLOCK_SIZE){ + WOLFSSL_DES_key_schedule ks1; + WOLFSSL_DES_key_schedule ks2; + WOLFSSL_DES_key_schedule ks3; + WOLFSSL_DES_cblock iv4; + byte tmp[sizeof(vector)]; + + XMEMCPY(ks1, key3, sizeof(WOLFSSL_DES_key_schedule)); + XMEMCPY(ks2, key3 + 8, sizeof(WOLFSSL_DES_key_schedule)); + XMEMCPY(ks3, key3 + 16, sizeof(WOLFSSL_DES_key_schedule)); + + XMEMSET(plain, 0, sizeof(plain)); + XMEMSET(cipher, 0, sizeof(cipher)); + + /* Test in-place encrypt/decrypt */ + XMEMCPY(tmp, vector, sizeof(vector)); + + /* Use i as the splitter */ + XMEMCPY(iv4, iv3, sizeof(WOLFSSL_DES_cblock)); + wolfSSL_DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3, + &iv4, WC_DES_ENCRYPT); + wolfSSL_DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(vector) - i), + &ks1, &ks2, &ks3, &iv4, WC_DES_ENCRYPT); + XMEMCPY(cipher, tmp, sizeof(cipher)); + XMEMCPY(iv4, iv3, sizeof(WOLFSSL_DES_cblock)); + wolfSSL_DES_ede3_cbc_encrypt(tmp, tmp, (long)i, &ks1, &ks2, &ks3, + &iv4, WC_DES_DECRYPT); + wolfSSL_DES_ede3_cbc_encrypt(tmp + i, tmp + i, (long)(sizeof(cipher) - i), + &ks1, &ks2, &ks3, &iv4, WC_DES_DECRYPT); + XMEMCPY(plain, tmp, sizeof(plain)); + + if (XMEMCMP(plain, vector, sizeof(plain))) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(cipher, verify3, sizeof(cipher))) + return WC_TEST_RET_ENC_NC; + } +#endif /* OPENSSL_EXTRA */ + + wc_Des3Free(&enc); + wc_Des3Free(&dec); + +#if defined(WOLFSSL_ENCRYPTED_KEYS) && !defined(NO_SHA) + { + EncryptedInfo info; + XMEMSET(&info, 0, sizeof(EncryptedInfo)); + XMEMCPY(info.iv, iv3, sizeof(iv3)); + info.ivSz = sizeof(iv3); + info.keySz = sizeof(key3); + info.cipherType = WC_CIPHER_DES3; + + ret = wc_BufferKeyEncrypt(&info, cipher, sizeof(cipher), key3, + sizeof(key3), WC_HASH_TYPE_SHA); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + } +#endif + + return 0; +} +#endif /* NO_DES3 */ + + /* source code reference point -- see print_fiducials() below. */ +static WC_MAYBE_UNUSED const int fiducial1 = WC_TEST_RET_LN; + +#ifndef NO_AES + +#if defined(WOLFSSL_AES_OFB) || defined(WOLFSSL_AES_CFB) || \ + defined(WOLFSSL_AES_XTS) +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \ + && !defined(HAVE_SELFTEST) +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) +/* pass in the function, key, iv, plain text and expected and this function + * tests that the encryption and decryption is successful */ +static wc_test_ret_t EVP_test(const WOLFSSL_EVP_CIPHER* type, const byte* key, + const byte* iv, const byte* plain, int plainSz, + const byte* expected, int expectedSz) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + WOLFSSL_EVP_CIPHER_CTX *ctx = NULL; +#else + WOLFSSL_EVP_CIPHER_CTX ctx[1]; +#endif + int ctx_inited = 0; + int idx, cipherSz; + wc_test_ret_t ret = 0; + byte* cipher; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((ctx = wolfSSL_EVP_CIPHER_CTX_new()) == NULL) + return MEMORY_E; +#endif + + cipher = (byte*)XMALLOC((size_t)plainSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (cipher == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + goto EVP_TEST_END; + } + + /* test encrypt */ + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ctx_inited = 1; + if (wolfSSL_EVP_CipherInit(ctx, type, key, iv, 1) == 0) { + ret = WC_TEST_RET_ENC_NC; + goto EVP_TEST_END; + } + + if (wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, plain, expectedSz) == 0) { + ret = WC_TEST_RET_ENC_NC; + goto EVP_TEST_END; + } + + cipherSz = idx; + if (wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) { + ret = WC_TEST_RET_ENC_NC; + goto EVP_TEST_END; + } + cipherSz += idx; + + if (XMEMCMP(cipher, expected, (size_t)plainSz)) { + ret = WC_TEST_RET_ENC_NC; + goto EVP_TEST_END; + } + + ret = wolfSSL_EVP_CIPHER_CTX_cleanup(ctx); + ctx_inited = 0; + if (ret == WOLFSSL_SUCCESS) + ret = 0; + else { + ret = WC_TEST_RET_ENC_NC; + goto EVP_TEST_END; + } + + /* test decrypt */ + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ctx_inited = 1; + if (wolfSSL_EVP_CipherInit(ctx, type, key, iv, 0) == 0) { + ret = WC_TEST_RET_ENC_NC; + goto EVP_TEST_END; + } + + if (wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, cipher, expectedSz) == 0) { + ret = WC_TEST_RET_ENC_NC; + goto EVP_TEST_END; + } + + cipherSz = idx; + if (wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx) == 0) { + ret = WC_TEST_RET_ENC_NC; + goto EVP_TEST_END; + } + cipherSz += idx; + + if ((expectedSz != cipherSz) || XMEMCMP(plain, cipher, (size_t)plainSz)) { + ret = WC_TEST_RET_ENC_NC; + goto EVP_TEST_END; + } + +EVP_TEST_END: + XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + (void)cipherSz; + + if (ctx_inited) { + int cleanup_ret = wolfSSL_EVP_CIPHER_CTX_cleanup(ctx); + if (cleanup_ret != WOLFSSL_SUCCESS) + ret = WC_TEST_RET_ENC_NC; + } + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wolfSSL_EVP_CIPHER_CTX_free(ctx); +#endif + + return ret; +} +#endif /* !HAVE_FIPS || FIPS_VERSION3_GE(6,0,0) */ +#endif /* OPENSSL_EXTRA && !WOLFCRYPT_ONLY && !HAVE_SELFTEST */ +#endif /* WOLFSSL_AES_OFB || WOLFSSL_AES_CFB */ + +#ifdef WOLFSSL_AES_OFB + /* test vector from https://csrc.nist.gov/Projects/cryptographic-algorithm-validation-program/Block-Ciphers */ + WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesofb_test(void) + { + #ifdef WOLFSSL_AES_256 + WOLFSSL_SMALL_STACK_STATIC const byte key1[] = + { + 0xc4,0xc7,0xfa,0xd6,0x53,0x5c,0xb8,0x71, + 0x4a,0x5c,0x40,0x77,0x9a,0x8b,0xa1,0xd2, + 0x53,0x3e,0x23,0xb4,0xb2,0x58,0x73,0x2a, + 0x5b,0x78,0x01,0xf4,0xe3,0x71,0xa7,0x94 + }; + WOLFSSL_SMALL_STACK_STATIC const byte iv1[] = + { + 0x5e,0xb9,0x33,0x13,0xb8,0x71,0xff,0x16, + 0xb9,0x8a,0x9b,0xcb,0x43,0x33,0x0d,0x6f + }; + WOLFSSL_SMALL_STACK_STATIC const byte plain1[] = + { + 0x6d,0x0b,0xb0,0x79,0x63,0x84,0x71,0xe9, + 0x39,0xd4,0x53,0x14,0x86,0xc1,0x4c,0x25, + 0x9a,0xee,0xc6,0xf3,0xc0,0x0d,0xfd,0xd6, + 0xc0,0x50,0xa8,0xba,0xa8,0x20,0xdb,0x71, + 0xcc,0x12,0x2c,0x4e,0x0c,0x17,0x15,0xef, + 0x55,0xf3,0x99,0x5a,0x6b,0xf0,0x2a,0x4c + }; + WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] = + { + 0x0f,0x54,0x61,0x71,0x59,0xd0,0x3f,0xfc, + 0x1b,0xfa,0xfb,0x60,0x29,0x30,0xd7,0x00, + 0xf4,0xa4,0xa8,0xe6,0xdd,0x93,0x94,0x46, + 0x64,0xd2,0x19,0xc4,0xc5,0x4d,0xde,0x1b, + 0x04,0x53,0xe1,0x73,0xf5,0x18,0x74,0xae, + 0xfd,0x64,0xa2,0xe1,0xe2,0x76,0x13,0xb0 + }; + #endif /* WOLFSSL_AES_256 */ + + + #ifdef WOLFSSL_AES_128 + WOLFSSL_SMALL_STACK_STATIC const byte key2[] = + { + 0x10,0xa5,0x88,0x69,0xd7,0x4b,0xe5,0xa3, + 0x74,0xcf,0x86,0x7c,0xfb,0x47,0x38,0x59 + }; + WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + WOLFSSL_SMALL_STACK_STATIC const byte plain2[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] = + { + 0x6d,0x25,0x1e,0x69,0x44,0xb0,0x51,0xe0, + 0x4e,0xaa,0x6f,0xb4,0xdb,0xf7,0x84,0x65 + }; + #endif /* WOLFSSL_AES_128 */ + + + #ifdef WOLFSSL_AES_192 + WOLFSSL_SMALL_STACK_STATIC const byte key3[] = { + 0xd0,0x77,0xa0,0x3b,0xd8,0xa3,0x89,0x73, + 0x92,0x8c,0xca,0xfe,0x4a,0x9d,0x2f,0x45, + 0x51,0x30,0xbd,0x0a,0xf5,0xae,0x46,0xa9 + }; + WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] = + { + 0xab,0xc7,0x86,0xfb,0x1e,0xdb,0x50,0x45, + 0x80,0xc4,0xd8,0x82,0xef,0x29,0xa0,0xc7 + }; + WOLFSSL_SMALL_STACK_STATIC const byte plain3[] = + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }; + #endif /* WOLFSSL_AES_192 */ + + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *enc = NULL; + #else + Aes enc[1]; + #endif + byte cipher[WC_AES_BLOCK_SIZE * 4]; + #ifdef HAVE_AES_DECRYPT + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *dec = NULL; + #else + Aes dec[1]; + #endif + byte plain [WC_AES_BLOCK_SIZE * 4]; + #endif + wc_test_ret_t ret = 0; + + WOLFSSL_ENTER("aesofb_test"); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif + ret = wc_AesInit(enc, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + ret = wc_AesInit(dec, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + +#ifdef WOLFSSL_AES_128 + /* 128 key size test */ + #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \ + && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + ret = EVP_test(wolfSSL_EVP_aes_128_ofb(), key2, iv2, plain2, sizeof(plain2), + cipher2, sizeof(cipher2)); + if (ret != 0) { + goto out; + } + #endif + + ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesOfbEncrypt(enc, cipher, plain2, WC_AES_BLOCK_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cipher, cipher2, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesOfbDecrypt(dec, plain, cipher2, WC_AES_BLOCK_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain, plain2, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + /* 192 key size test */ + #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \ + && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + ret = EVP_test(wolfSSL_EVP_aes_192_ofb(), key3, iv3, plain3, sizeof(plain3), + cipher3, sizeof(cipher3)); + if (ret != 0) { + goto out; + } + #endif + + ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(dec, key3, sizeof(key3), iv3, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesOfbEncrypt(enc, cipher, plain3, WC_AES_BLOCK_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cipher, cipher3, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesOfbDecrypt(dec, plain, cipher3, WC_AES_BLOCK_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain, plain3, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + /* 256 key size test */ + #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \ + && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + ret = EVP_test(wolfSSL_EVP_aes_256_ofb(), key1, iv1, plain1, sizeof(plain1), + cipher1, sizeof(cipher1)); + if (ret != 0) { + goto out; + } + #endif + + ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesOfbEncrypt(enc, cipher, plain1, WC_AES_BLOCK_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_AesOfbEncrypt(enc, cipher + WC_AES_BLOCK_SIZE, + plain1 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cipher + WC_AES_BLOCK_SIZE, cipher1 + WC_AES_BLOCK_SIZE, + WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesOfbDecrypt(dec, plain, cipher1, WC_AES_BLOCK_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain, plain1, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_AesOfbDecrypt(dec, plain + WC_AES_BLOCK_SIZE, + cipher1 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain + WC_AES_BLOCK_SIZE, plain1 + WC_AES_BLOCK_SIZE, + WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif /* HAVE_AES_DECRYPT */ + + /* multiple blocks at once */ + ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesOfbEncrypt(enc, cipher, plain1, WC_AES_BLOCK_SIZE * 3); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE * 3)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesOfbDecrypt(dec, plain, cipher1, WC_AES_BLOCK_SIZE * 3); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain, plain1, WC_AES_BLOCK_SIZE * 3)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif /* HAVE_AES_DECRYPT */ + + /* inline decrypt/encrypt*/ + ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + + XMEMCPY(cipher, plain1, WC_AES_BLOCK_SIZE * 2); + ret = wc_AesOfbEncrypt(enc, cipher, cipher, WC_AES_BLOCK_SIZE * 2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE * 2)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesOfbDecrypt(dec, cipher, cipher, WC_AES_BLOCK_SIZE * 2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cipher, plain1, WC_AES_BLOCK_SIZE * 2)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif /* HAVE_AES_DECRYPT */ + + /* 256 key size test leftover support */ + ret = wc_AesSetKey(enc, key1, sizeof(key1), iv1, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(dec, key1, sizeof(key1), iv1, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesOfbEncrypt(enc, cipher, plain1, 3); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cipher, cipher1, 3)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_AesOfbEncrypt(enc, cipher + 3, plain1 + 3, WC_AES_BLOCK_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cipher + 3, cipher1 + 3, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesOfbDecrypt(dec, plain, cipher1, 6); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain, plain1, 6)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_AesOfbDecrypt(dec, plain + 6, cipher1 + 6, WC_AES_BLOCK_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain + 6, plain1 + 6, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_256 */ + + out: + + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); + #else + wc_AesFree(enc); + #endif + + #ifdef HAVE_AES_DECRYPT + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); + #else + wc_AesFree(dec); + #endif + #endif + + return ret; + } +#endif /* WOLFSSL_AES_OFB */ + +#if defined(WOLFSSL_AES_CFB) + /* Test cases from NIST SP 800-38A, Recommendation for Block Cipher Modes of + * Operation Methods and Techniques + */ + static wc_test_ret_t aescfb_test_0(void) + { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *enc = NULL; +#else + Aes enc[1]; +#endif + byte cipher[WC_AES_BLOCK_SIZE * 4]; +#ifdef HAVE_AES_DECRYPT + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *dec = NULL; + #else + Aes dec[1]; + #endif + byte plain [WC_AES_BLOCK_SIZE * 4]; +#endif + wc_test_ret_t ret = 0; + + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f + }; + +#ifdef WOLFSSL_AES_128 + WOLFSSL_SMALL_STACK_STATIC const byte key1[] = + { + 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c + }; + + WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] = + { + 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20, + 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a, + 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f, + 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b, + 0x26,0x75,0x1f,0x67,0xa3,0xcb,0xb1,0x40, + 0xb1,0x80,0x8c,0xf1,0x87,0xa4,0xf4,0xdf + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef + }; +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + /* 192 size key test */ + WOLFSSL_SMALL_STACK_STATIC const byte key2[] = + { + 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] = + { + 0xcd,0xc8,0x0d,0x6f,0xdd,0xf1,0x8c,0xab, + 0x34,0xc2,0x59,0x09,0xc9,0x9a,0x41,0x74, + 0x67,0xce,0x7f,0x7f,0x81,0x17,0x36,0x21, + 0x96,0x1a,0x2b,0x70,0x17,0x1d,0x3d,0x7a, + 0x2e,0x1e,0x8a,0x1d,0xd5,0x9b,0x88,0xb1, + 0xc8,0xe6,0x0f,0xed,0x1e,0xfa,0xc4,0xc9, + 0xc0,0x5f,0x9f,0x9c,0xa9,0x83,0x4f,0xa0, + 0x42,0xae,0x8f,0xba,0x58,0x4b,0x09,0xff + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + /* 256 size key simple test */ + WOLFSSL_SMALL_STACK_STATIC const byte key3[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] = + { + 0xdc,0x7e,0x84,0xbf,0xda,0x79,0x16,0x4b, + 0x7e,0xcd,0x84,0x86,0x98,0x5d,0x38,0x60, + 0x39,0xff,0xed,0x14,0x3b,0x28,0xb1,0xc8, + 0x32,0x11,0x3c,0x63,0x31,0xe5,0x40,0x7b, + 0xdf,0x10,0x13,0x24,0x15,0xe5,0x4b,0x92, + 0xa1,0x3e,0xd0,0xa8,0x26,0x7a,0xe2,0xf9, + 0x75,0xa3,0x85,0x74,0x1a,0xb9,0xce,0xf8, + 0x20,0x31,0x62,0x3d,0x55,0xb1,0xe4,0x71 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; +#endif /* WOLFSSL_AES_256 */ + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif + ret = wc_AesInit(enc, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + ret = wc_AesInit(dec, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + +#ifdef WOLFSSL_AES_128 + /* 128 key tests */ + #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \ + && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + ret = EVP_test(wolfSSL_EVP_aes_128_cfb128(), key1, iv, msg1, sizeof(msg1), + cipher1, sizeof(cipher1)); + if (ret != 0) { + return ret; + } + #endif + + ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(dec, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfbEncrypt(enc, cipher, msg1, WC_AES_BLOCK_SIZE * 2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE * 2)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* test restarting encryption process */ + ret = wc_AesCfbEncrypt(enc, cipher + (WC_AES_BLOCK_SIZE * 2), + msg1 + (WC_AES_BLOCK_SIZE * 2), WC_AES_BLOCK_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cipher + (WC_AES_BLOCK_SIZE * 2), + cipher1 + (WC_AES_BLOCK_SIZE * 2), WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesCfbDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE * 3); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain, msg1, WC_AES_BLOCK_SIZE * 3)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + /* 192 key size test */ + #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \ + && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + ret = EVP_test(wolfSSL_EVP_aes_192_cfb128(), key2, iv, msg2, sizeof(msg2), + cipher2, sizeof(cipher2)); + if (ret != 0) { + return ret; + } + #endif + + ret = wc_AesSetKey(enc, key2, sizeof(key2), iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(dec, key2, sizeof(key2), iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfbEncrypt(enc, cipher, msg2, WC_AES_BLOCK_SIZE * 4); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cipher, cipher2, WC_AES_BLOCK_SIZE * 4)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesCfbDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE * 4); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain, msg2, WC_AES_BLOCK_SIZE * 4)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + /* 256 key size test */ + #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \ + && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + ret = EVP_test(wolfSSL_EVP_aes_256_cfb128(), key3, iv, msg3, sizeof(msg3), + cipher3, sizeof(cipher3)); + if (ret != 0) { + return ret; + } + #endif + ret = wc_AesSetKey(enc, key3, sizeof(key3), iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(dec, key3, sizeof(key3), iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + + /* test with data left overs, magic lengths are checking near edges */ + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfbEncrypt(enc, cipher, msg3, 4); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cipher, cipher3, 4)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_AesCfbEncrypt(enc, cipher + 4, msg3 + 4, 27); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cipher + 4, cipher3 + 4, 27)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_AesCfbEncrypt(enc, cipher + 31, msg3 + 31, + (WC_AES_BLOCK_SIZE * 4) - 31); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cipher, cipher3, WC_AES_BLOCK_SIZE * 4)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesCfbDecrypt(dec, plain, cipher, 4); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain, msg3, 4)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_AesCfbDecrypt(dec, plain + 4, cipher + 4, 4); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesCfbDecrypt(dec, plain + 8, cipher + 8, 23); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain + 4, msg3 + 4, 27)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_AesCfbDecrypt(dec, plain + 31, cipher + 31, + (WC_AES_BLOCK_SIZE * 4) - 31); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain, msg3, WC_AES_BLOCK_SIZE * 4)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_256 */ + + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else + wc_AesFree(enc); +#endif +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else + wc_AesFree(dec); +#endif +#endif + + return ret; + } + +#if !defined(WOLFSSL_NO_AES_CFB_1_8) + static wc_test_ret_t aescfb1_test(void) + { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *enc = NULL; +#else + Aes enc[1]; +#endif + byte cipher[WC_AES_BLOCK_SIZE]; + #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *dec = NULL; +#else + Aes dec[1]; +#endif +#ifdef WOLFSSL_AES_128 + byte plain [WC_AES_BLOCK_SIZE]; +#endif + #endif + wc_test_ret_t ret = 0; + +#ifdef WOLFSSL_AES_128 + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = { + 0x4d,0xbb,0xdc,0xaa,0x59,0xf3,0x63,0xc9, + 0x2a,0x3b,0x98,0x43,0xad,0x20,0xe2,0xb7 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key1[] = + { + 0xcd,0xef,0x9d,0x06,0x61,0xba,0xe4,0x73, + 0x8d,0x1a,0x58,0xa2,0xa6,0x22,0x8b,0x66 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] = + { + 0x00 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = + { + 0xC0 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte cipher1_7bit[] = + { + 0x1C + }; +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 + WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = { + 0x57,0xc6,0x89,0x7c,0x99,0x52,0x28,0x13, + 0xbf,0x67,0x9c,0xe1,0x13,0x70,0xaf,0x5e + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key2[] = + { + 0xba,0xa1,0x58,0xa1,0x6b,0x50,0x4a,0x10, + 0x8e,0xd4,0x33,0x2e,0xe7,0xf2,0x9b,0xf6, + 0xd1,0xac,0x46,0xa8,0xde,0x5a,0xfe,0x7a + }; + + WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] = + { + 0x30 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = + { + 0x80 + }; +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_256 + WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = { + 0x63,0x2e,0x9f,0x83,0x1f,0xa3,0x80,0x5e, + 0x52,0x02,0xbc,0xe0,0x6d,0x04,0xf9,0xa0 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key3[] = + { + 0xf6,0xfa,0xe4,0xf1,0x5d,0x91,0xfc,0x50, + 0x88,0x78,0x4f,0x84,0xa5,0x37,0x12,0x7e, + 0x32,0x63,0x55,0x9c,0x62,0x73,0x88,0x20, + 0xc2,0xcf,0x3d,0xe1,0x1c,0x2a,0x30,0x40 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] = + { + 0xF7, 0x00 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = + { + 0x41, 0xC0 + }; +#endif /* WOLFSSL_AES_256 */ + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif + ret = wc_AesInit(enc, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + ret = wc_AesInit(dec, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + +#ifdef WOLFSSL_AES_128 + /* 128 key tests */ + ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(dec, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb1Encrypt(enc, cipher, msg1, 2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (cipher[0] != cipher1[0]) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesCfb1Decrypt(dec, plain, cipher, 2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (plain[0] != msg1[0]) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif /* HAVE_AES_DECRYPT */ + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb1Encrypt(enc, cipher, msg1, 7); + + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (cipher[0] != cipher1_7bit[0]) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + #ifdef OPENSSL_EXTRA + ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb1Encrypt(enc, cipher, msg1, + sizeof(msg1) * WOLFSSL_BIT_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS) + ret = EVP_test(wolfSSL_EVP_aes_128_cfb1(), key1, iv, msg1, sizeof(msg1), + cipher, sizeof(msg1)); + if (ret != 0) { + goto out; + } + #endif + #endif +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 + /* 192 key tests */ + ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb1Encrypt(enc, cipher, msg2, 4); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(cipher, cipher2, sizeof(cipher2)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + #ifdef OPENSSL_EXTRA + ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb1Encrypt(enc, cipher, msg2, + sizeof(msg2) * WOLFSSL_BIT_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS) + ret = EVP_test(wolfSSL_EVP_aes_192_cfb1(), key2, iv2, msg2, sizeof(msg2), + cipher, sizeof(msg2)); + if (ret != 0) { + goto out; + } + #endif + #endif +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + /* 256 key tests */ + ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb1Encrypt(enc, cipher, msg3, 10); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + #ifdef OPENSSL_EXTRA + ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb1Encrypt(enc, cipher, msg3, + sizeof(msg3) * WOLFSSL_BIT_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + #if !defined(WOLFCRYPT_ONLY) && !defined(HAVE_FIPS) + ret = EVP_test(wolfSSL_EVP_aes_256_cfb1(), key3, iv3, msg3, sizeof(msg3), + cipher, sizeof(msg3)); + if (ret != 0) { + goto out; + } + #endif + #endif +#endif /* WOLFSSL_AES_256 */ + + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else + wc_AesFree(enc); +#endif + #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else + wc_AesFree(dec); +#endif + #endif + + return ret; + } + + static wc_test_ret_t aescfb8_test(void) + { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *enc = NULL; +#else + Aes enc[1]; +#endif + byte cipher[WC_AES_BLOCK_SIZE]; + #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *dec = NULL; +#else + Aes dec[1]; +#endif +#ifdef WOLFSSL_AES_128 + byte plain [WC_AES_BLOCK_SIZE]; +#endif + #endif + wc_test_ret_t ret = 0; + +#ifdef WOLFSSL_AES_128 + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = { + 0xf4,0x75,0xc6,0x49,0x91,0xb2,0x0e,0xae, + 0xe1,0x83,0xa2,0x26,0x29,0xe2,0x1e,0x22 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key1[] = + { + 0xc8,0xfe,0x9b,0xf7,0x7b,0x93,0x0f,0x46, + 0xd2,0x07,0x8b,0x8c,0x0e,0x65,0x7c,0xd4 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] = + { + 0xd2,0x76,0x91 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = + { + 0xc9,0x06,0x35 + }; +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 + WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = { + 0x0a,0x02,0x84,0x6b,0x62,0xab,0xb6,0x93, + 0xef,0x31,0xd7,0x54,0x84,0x2e,0xed,0x29 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key2[] = + { + 0xba,0xf0,0x8b,0x76,0x31,0x7a,0x65,0xc5, + 0xf0,0x7a,0xe6,0xf5,0x7e,0xb0,0xe6,0x54, + 0x88,0x65,0x93,0x24,0xd2,0x97,0x09,0xe3 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte cipher2[] = + { + 0x72,0x9c,0x0b,0x6d,0xeb,0x75,0xfa,0x6e, + 0xb5,0xe8 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = + { + 0x98,0x95,0x93,0x24,0x02,0x39,0x3d,0xc3, + 0x3a,0x60 + }; +#endif +#ifdef WOLFSSL_AES_256 + WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = { + 0x33,0x8c,0x55,0x2f,0xf1,0xec,0xa1,0x44, + 0x08,0xe0,0x5d,0x8c,0xf9,0xf3,0xb3,0x1b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key3[] = + { + 0x06,0x48,0x74,0x09,0x2f,0x7a,0x13,0xcc, + 0x44,0x62,0x24,0x7a,0xd4,0x23,0xd0,0xe9, + 0x6e,0xdf,0x42,0xe8,0xb6,0x7a,0x5a,0x23, + 0xb7,0xa0,0xa6,0x47,0x7b,0x09,0x8e,0x66 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte cipher3[] = + { + 0x1c,0xff,0x95 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = + { + 0xb9,0x74,0xfa + }; +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif + ret = wc_AesInit(enc, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + ret = wc_AesInit(dec, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + +#ifdef WOLFSSL_AES_128 + /* 128 key tests */ + #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \ + !defined(HAVE_FIPS) + ret = EVP_test(wolfSSL_EVP_aes_128_cfb8(), key1, iv, msg1, sizeof(msg1), + cipher1, sizeof(cipher1)); + if (ret != 0) { + return ret; + } + #endif + ret = wc_AesSetKey(enc, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + /* decrypt uses AES_ENCRYPTION */ + ret = wc_AesSetKey(dec, key1, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb8Encrypt(enc, cipher, msg1, sizeof(msg1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cipher, cipher1, sizeof(cipher1)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesCfb8Decrypt(dec, plain, cipher, sizeof(msg1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(plain, msg1, sizeof(msg1)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_192 + /* 192 key tests */ + ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb8Encrypt(enc, cipher, msg2, sizeof(msg2)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(cipher, cipher2, sizeof(msg2)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \ + !defined(HAVE_FIPS) + ret = EVP_test(wolfSSL_EVP_aes_192_cfb8(), key2, iv2, msg2, sizeof(msg2), + cipher2, sizeof(msg2)); + if (ret != 0) { + return ret; + } +#endif + +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + /* 256 key tests */ + ret = wc_AesSetKey(enc, key3, sizeof(key3), iv3, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCfb8Encrypt(enc, cipher, msg3, sizeof(msg3)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(cipher, cipher3, sizeof(cipher3)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + #if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) && \ + !defined(HAVE_FIPS) + ret = EVP_test(wolfSSL_EVP_aes_256_cfb8(), key3, iv3, msg3, sizeof(msg3), + cipher3, sizeof(msg3)); + if (ret != 0) { + goto out; + } + #endif +#endif /* WOLFSSL_AES_256 */ + + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else + wc_AesFree(enc); +#endif + #ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else + wc_AesFree(dec); +#endif + #endif + + return ret; + } +#endif /* !WOLFSSL_NO_AES_CFB_1_8 */ +#endif /* WOLFSSL_AES_CFB */ + +#ifndef HAVE_RENESAS_SYNC +static wc_test_ret_t aes_key_size_test(void) +{ + wc_test_ret_t ret; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *aes = NULL; +#else + Aes aes[1]; +#endif + byte key16[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; +#ifndef WOLFSSL_CRYPTOCELL + byte key24[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37 }; +#endif + byte key32[] = { 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66 }; + byte iv[] = "1234567890abcdef"; +#ifndef HAVE_FIPS + word32 keySize; +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + aes = wc_AesNew(HEAP_HINT, devId, &ret); + if (aes == NULL) + return WC_TEST_RET_ENC_EC(ret); +#else + ret = wc_AesInit(aes, HEAP_HINT, devId); + /* 0 check OK for FIPSv1 */ + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + +#if !defined(HAVE_FIPS) || \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2) + /* w/ FIPS v1 (cert 2425) wc_AesInit just returns 0 always as it's not + * supported with that FIPS version */ + ret = wc_AesInit(NULL, HEAP_HINT, devId); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + +#ifndef HAVE_FIPS + /* Parameter Validation testing. */ + ret = wc_AesGetKeySize(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesGetKeySize(aes, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesGetKeySize(NULL, &keySize); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + /* Crashes in FIPS */ + ret = wc_AesSetKey(NULL, key16, sizeof(key16), iv, AES_ENCRYPTION); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + /* NULL IV indicates to use all zeros IV. */ + ret = wc_AesSetKey(aes, key16, sizeof(key16), NULL, AES_ENCRYPTION); +#ifdef WOLFSSL_AES_128 + if (ret != 0) +#else + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) +#endif + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesSetKey(aes, key32, sizeof(key32) - 1, iv, AES_ENCRYPTION); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +/* CryptoCell handles rounds internally */ +#if !defined(HAVE_FIPS) && !defined(WOLFSSL_CRYPTOCELL) + /* PSA don't use aes->rounds */ +#if !defined(WOLFSSL_HAVE_PSA) || defined(WOLFSSL_PSA_NO_AES) + /* Force invalid rounds */ + aes->rounds = 16; + ret = wc_AesGetKeySize(aes, &keySize); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#endif + + ret = wc_AesSetKey(aes, key16, sizeof(key16), iv, AES_ENCRYPTION); +#ifdef WOLFSSL_AES_128 + if (ret != 0) +#else + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) +#endif + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_128) + ret = wc_AesGetKeySize(aes, &keySize); + if (ret != 0 || keySize != sizeof(key16)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#ifndef WOLFSSL_CRYPTOCELL +/* Cryptocell only supports AES-128 key size */ + ret = wc_AesSetKey(aes, key24, sizeof(key24), iv, AES_ENCRYPTION); +#ifdef WOLFSSL_AES_192 + if (ret != 0) +#else + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) +#endif + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_192) + ret = wc_AesGetKeySize(aes, &keySize); + if (ret != 0 || keySize != sizeof(key24)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + + ret = wc_AesSetKey(aes, key32, sizeof(key32), iv, AES_ENCRYPTION); +#ifdef WOLFSSL_AES_256 + if (ret != 0) +#else + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) +#endif + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#if !defined(HAVE_FIPS) && defined(WOLFSSL_AES_256) + ret = wc_AesGetKeySize(aes, &keySize); + if (ret != 0 || keySize != sizeof(key32)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#endif /* !WOLFSSL_CRYPTOCELL */ + ret = 0; /* success */ + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(aes, &aes); +#else + wc_AesFree(aes); +#endif + + return ret; +} +#endif /* !HAVE_RENESAS_SYNC */ + +#if defined(WOLFSSL_AES_XTS) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) + +/* test vectors from http://csrc.nist.gov/groups/STM/cavp/block-cipher-modes.html */ +#ifdef WOLFSSL_AES_128 +static wc_test_ret_t aes_xts_128_test(void) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XtsAes *aes = NULL; +#else + XtsAes aes[1]; +#endif + int aes_inited = 0; + wc_test_ret_t ret = 0; + unsigned char buf[WC_AES_BLOCK_SIZE * 2 + 8]; + unsigned char cipher[WC_AES_BLOCK_SIZE * 2 + 8]; +#ifdef WOLFSSL_AESXTS_STREAM + struct XtsAesStreamData stream; +#endif +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) + #define LARGE_XTS_SZ 1024 + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* large_input = NULL; + #else + byte large_input[LARGE_XTS_SZ]; + #endif +#endif + + /* 128 key tests */ + WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = { + 0xa1, 0xb9, 0x0c, 0xba, 0x3f, 0x06, 0xac, 0x35, + 0x3b, 0x2c, 0x34, 0x38, 0x76, 0x08, 0x17, 0x62, + 0x09, 0x09, 0x23, 0x02, 0x6e, 0x91, 0x77, 0x18, + 0x15, 0xf2, 0x9d, 0xab, 0x01, 0x93, 0x2f, 0x2f + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = { + 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, + 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = { + 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, + 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c + }; + + /* plain text test of partial block is not from NIST test vector list */ + WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = { + 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, + 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c, + 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = { + 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a, + 0x82, 0x50, 0x81, 0xd5, 0xbe, 0x47, 0x1c, 0x63 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = { + 0x39, 0x25, 0x79, 0x05, 0xdf, 0xcc, 0x77, 0x76, + 0x6c, 0x87, 0x0a, 0x80, 0x6a, 0x60, 0xe3, 0xc0, + 0x93, 0xd1, 0x2a, 0xcf, 0xcb, 0x51, 0x42, 0xfa, + 0x09, 0x69, 0x89, 0x62, 0x5b, 0x60, 0xdb, 0x16 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = { + 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a, + 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = { + 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1, + 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba, + 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20, + 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = { + 0xd6, 0xbe, 0x04, 0x6d, 0x41, 0xf2, 0x3b, 0x5e, + 0xd7, 0x0b, 0x6b, 0x3d, 0x5c, 0x8e, 0x66, 0x23, + 0x2b, 0xe6, 0xb8, 0x07, 0xd4, 0xdc, 0xc6, 0x0e, + 0xff, 0x8d, 0xbc, 0x1d, 0x9f, 0x7f, 0xc8, 0x22 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char cp2[] = { + 0x2b, 0xf7, 0x2c, 0xf3, 0xeb, 0x85, 0xef, 0x7b, + 0x0b, 0x76, 0xa0, 0xaa, 0xf3, 0x3f, 0x25, 0x8b, + 0x77, 0x8a, 0xe8, 0xb4, 0x3c, 0xb9, 0x8d, 0x5a + }; + +#ifndef HAVE_FIPS /* FIPS requires different keys for main and tweak. */ + WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = { + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + }; + WOLFSSL_SMALL_STACK_STATIC unsigned char i3[] = { + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + }; + WOLFSSL_SMALL_STACK_STATIC unsigned char p3[] = { + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 + }; + WOLFSSL_SMALL_STACK_STATIC unsigned char c3[] = { + 0xA2, 0x07, 0x47, 0x76, 0x3F, 0xEC, 0x0C, 0x23, + 0x1B, 0xD0, 0xBD, 0x46, 0x9A, 0x27, 0x38, 0x12, + 0x95, 0x02, 0x3D, 0x5D, 0xC6, 0x94, 0x51, 0x36, + 0xA0, 0x85, 0xD2, 0x69, 0x6E, 0x87, 0x0A, 0xBF, + 0xB5, 0x5A, 0xDD, 0xCB, 0x80, 0xE0, 0xFC, 0xCD + }; +#endif /* HAVE_FIPS */ + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif + +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \ + && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + ret = EVP_test(wolfSSL_EVP_aes_128_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2)); + if (ret != 0) { + printf("EVP_aes_128_xts failed!\n"); + goto out; + } +#endif + + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsInit(aes, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + else + aes_inited = 1; + + ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c2, buf, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE, p2 + WC_AES_BLOCK_SIZE, sizeof(p2) - WC_AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(c2, buf, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c2, buf, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + XMEMSET(buf, 0, sizeof(buf)); + + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i2), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(c1, buf, sizeof(c1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + /* partial block encryption test */ + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(cp2, cipher, sizeof(cp2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf, pp, sizeof(pp), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cp2, buf, sizeof(cp2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(cp2, cipher, sizeof(cp2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + +#ifdef HAVE_AES_DECRYPT + /* partial block decrypt test */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(pp, buf, sizeof(pp))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptFinal(aes, buf, cipher, sizeof(pp), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(pp, buf, sizeof(pp))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(pp, buf, sizeof(pp))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + /* NIST decrypt test vector */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p1, buf, sizeof(p1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(p1, buf, sizeof(p1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + /* fail case with decrypting using wrong key */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */ + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* set correct key and retest */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p2, buf, sizeof(p2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ + +#ifndef HAVE_FIPS + + /* Test ciphertext stealing in-place. */ + XMEMCPY(buf, p3, sizeof(p3)); + ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncrypt(aes, buf, buf, sizeof(p3), i3, sizeof(i3)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c3, buf, sizeof(c3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i3, sizeof(i3), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptUpdate(aes, buf, p3, WC_AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE, p3 + WC_AES_BLOCK_SIZE, sizeof(p3) - WC_AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(c3, buf, sizeof(c3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, buf, buf, sizeof(c3), i3, sizeof(i3)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p3, buf, sizeof(p3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsDecryptInit(aes, i3, sizeof(i3), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptUpdate(aes, buf, c3, WC_AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptFinal(aes, buf + WC_AES_BLOCK_SIZE, c3 + WC_AES_BLOCK_SIZE, sizeof(c3) - WC_AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(p3, buf, sizeof(p3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ +#endif /* HAVE_AES_DECRYPT */ + +#endif /* !HAVE_FIPS */ + +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) + { + int i; + int j; +#ifdef WOLFSSL_AESXTS_STREAM + int k; +#endif + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (large_input == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out); + #endif + + for (i = 0; i < (int)LARGE_XTS_SZ; i++) + large_input[i] = (byte)i; + + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + #endif + } + +#ifdef WOLFSSL_AESXTS_STREAM + for (i = 0; i < (int)LARGE_XTS_SZ; i++) + large_input[i] = (byte)i; + + /* first, encrypt block by block then decrypt with a one-shot call. */ + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) { + if ((j - k) < WC_AES_BLOCK_SIZE*2) + ret = wc_AesXtsEncryptFinal(aes, large_input + k, + large_input + k, (word32)(j - k), &stream); + else + ret = wc_AesXtsEncryptUpdate(aes, large_input + k, + large_input + k, WC_AES_BLOCK_SIZE, &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if ((j - k) < WC_AES_BLOCK_SIZE*2) + break; + } + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + #endif + } + + #ifdef HAVE_AES_DECRYPT + /* second, encrypt with a one-shot call then decrypt block by block. */ + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) { + if ((j - k) < WC_AES_BLOCK_SIZE*2) + ret = wc_AesXtsDecryptFinal(aes, large_input + k, + large_input + k, (word32)(j - k), &stream); + else + ret = wc_AesXtsDecryptUpdate(aes, large_input + k, + large_input + k, WC_AES_BLOCK_SIZE, &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if ((j - k) < WC_AES_BLOCK_SIZE*2) + break; + } + + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + } + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AESXTS_STREAM */ + } +#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM && + * !WOLFSSL_AFALG + */ + + out: + + #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \ + !defined(WOLFSSL_NO_MALLOC) + XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + + if (aes_inited) + wc_AesXtsFree(aes); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif + + return ret; +} +#endif /* WOLFSSL_AES_128 */ + +#ifndef HAVE_FIPS +/* FIPS won't allow for XTS-384 (two 192-bit keys) */ +#ifdef WOLFSSL_AES_192 +static wc_test_ret_t aes_xts_192_test(void) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XtsAes *aes = NULL; +#else + XtsAes aes[1]; +#endif + int aes_inited = 0; + wc_test_ret_t ret = 0; + unsigned char buf[WC_AES_BLOCK_SIZE * 2 + 8]; + unsigned char cipher[WC_AES_BLOCK_SIZE * 2 + 8]; +#ifdef WOLFSSL_AESXTS_STREAM + struct XtsAesStreamData stream; +#endif +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) + #define LARGE_XTS_SZ 1024 + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* large_input = NULL; + #else + byte large_input[LARGE_XTS_SZ]; + #endif +#endif + + /* 192 bit key tests */ + WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = { + 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e, + 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14, + 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7, + 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c, + 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d, + 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = { + 0x4f, 0xae, 0xf7, 0x11, 0x7c, 0xda, 0x59, 0xc6, + 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = { + 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, + 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = { + 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, + 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c, + 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = { + 0x65, 0x37, 0x15, 0x53, 0xf1, 0x98, 0xab, 0xb4, + 0xdb, 0x4e, 0xd3, 0x69, 0xdf, 0x8e, 0x3a, 0xe0 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = { + 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba, + 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62, + 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec, + 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec, + 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b, + 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = { + 0x5c, 0xf7, 0x9d, 0xb6, 0xc5, 0xcd, 0x99, 0x1a, + 0x1c, 0x78, 0x81, 0x42, 0x24, 0x95, 0x1e, 0x84 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = { + 0xbd, 0xc5, 0x46, 0x8f, 0xbc, 0x8d, 0x50, 0xa1, + 0x0d, 0x1c, 0x85, 0x7f, 0x79, 0x1c, 0x5c, 0xba, + 0xb3, 0x81, 0x0d, 0x0d, 0x73, 0xcf, 0x8f, 0x20, + 0x46, 0xb1, 0xd1, 0x9e, 0x7d, 0x5d, 0x8a, 0x56 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = { + 0x6c, 0xa6, 0xb5, 0x73, 0x48, 0xf1, 0x89, 0xfa, + 0xdd, 0x80, 0x72, 0x1f, 0xb8, 0x56, 0x0c, 0xa2, + 0x35, 0xd4, 0x08, 0xbf, 0x24, 0xcb, 0xec, 0xdb, + 0x81, 0xe0, 0xe6, 0x4f, 0x3d, 0x1c, 0x5c, 0x46 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char cp2[] = { + 0xe9, 0x58, 0xfe, 0xab, 0x66, 0xb4, 0xf1, 0x79, + 0x91, 0x3f, 0x91, 0xdc, 0x6f, 0xdf, 0xd6, 0xac, + 0x65, 0x37, 0x15, 0x53, 0xf1, 0x98, 0xab, 0xb4 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = { + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 + }; + WOLFSSL_SMALL_STACK_STATIC unsigned char i3[] = { + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + }; + WOLFSSL_SMALL_STACK_STATIC unsigned char p3[] = { + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0xff, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, + 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20, 0x20 + }; + WOLFSSL_SMALL_STACK_STATIC unsigned char c3[] = { + 0xa4, 0xf2, 0x71, 0x5d, 0x80, 0x60, 0x68, 0xa0, + 0x80, 0x61, 0xd7, 0xc1, 0x55, 0xc8, 0x3a, 0x2e, + 0xd7, 0xf4, 0x62, 0xaf, 0xbd, 0x2d, 0xf9, 0x5f, + 0xe8, 0xc5, 0x99, 0x3d, 0x58, 0x3c, 0xeb, 0xba, + 0x86, 0xea, 0x2c, 0x7e, 0x1f, 0xba, 0x81, 0xde + }; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif + + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsInit(aes, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + else + aes_inited = 1; + + ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c2, buf, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE, p2 + WC_AES_BLOCK_SIZE, sizeof(p2) - WC_AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(c2, buf, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c2, buf, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + XMEMSET(buf, 0, sizeof(buf)); + + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(c1, buf, sizeof(c1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + /* partial block encryption test */ + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(cp2, cipher, sizeof(cp2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf, pp, sizeof(pp), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(cp2, buf, sizeof(cp2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(cp2, cipher, sizeof(cp2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + +#ifdef HAVE_AES_DECRYPT + /* partial block decrypt test */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(pp, buf, sizeof(pp))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptFinal(aes, buf, cipher, sizeof(pp), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(pp, buf, sizeof(pp))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(pp, buf, sizeof(pp))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + /* NIST decrypt test vector */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p1, buf, sizeof(p1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(p1, buf, sizeof(p1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS_AESXTS) && \ + defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + /* fail case with decrypting using wrong key */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p2, buf, sizeof(p2)) == 0) /* fail case with wrong key */ + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* set correct key and retest */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p2, buf, sizeof(p2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + /* Test ciphertext stealing in-place. */ + XMEMCPY(buf, p3, sizeof(p3)); + ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncrypt(aes, buf, buf, sizeof(p3), i3, sizeof(i3)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c3, buf, sizeof(c3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i3, sizeof(i3), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptUpdate(aes, buf, p3, WC_AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE, p3 + WC_AES_BLOCK_SIZE, sizeof(p3) - WC_AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(c3, buf, sizeof(c3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, buf, buf, sizeof(c3), i3, sizeof(i3)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p3, buf, sizeof(p3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsDecryptInit(aes, i3, sizeof(i3), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptUpdate(aes, buf, c3, WC_AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptFinal(aes, buf + WC_AES_BLOCK_SIZE, c3 + WC_AES_BLOCK_SIZE, sizeof(c3) - WC_AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(p3, buf, sizeof(p3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ +#endif /* HAVE_AES_DECRYPT */ + +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) + { + int i; + int j; +#ifdef WOLFSSL_AESXTS_STREAM + int k; +#endif + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (large_input == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out); + #endif + + for (i = 0; i < (int)LARGE_XTS_SZ; i++) + large_input[i] = (byte)i; + + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + #endif + } + +#ifdef WOLFSSL_AESXTS_STREAM + for (i = 0; i < (int)LARGE_XTS_SZ; i++) + large_input[i] = (byte)i; + + /* first, encrypt block by block then decrypt with a one-shot call. */ + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) { + if ((j - k) < WC_AES_BLOCK_SIZE*2) + ret = wc_AesXtsEncryptFinal(aes, large_input + k, + large_input + k, (word32)(j - k), &stream); + else + ret = wc_AesXtsEncryptUpdate(aes, large_input + k, + large_input + k, WC_AES_BLOCK_SIZE, &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if ((j - k) < WC_AES_BLOCK_SIZE*2) + break; + } + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + #endif + } + + #ifdef HAVE_AES_DECRYPT + /* second, encrypt with a one-shot call then decrypt block by block. */ + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) { + if ((j - k) < WC_AES_BLOCK_SIZE*2) + ret = wc_AesXtsDecryptFinal(aes, large_input + k, + large_input + k, (word32)(j - k), &stream); + else + ret = wc_AesXtsDecryptUpdate(aes, large_input + k, + large_input + k, WC_AES_BLOCK_SIZE, &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if ((j - k) < WC_AES_BLOCK_SIZE*2) + break; + } + + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + } + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AESXTS_STREAM */ + } +#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM && + * !WOLFSSL_AFALG + */ + + out: + + #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \ + !defined(WOLFSSL_NO_MALLOC) + XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + + if (aes_inited) + wc_AesXtsFree(aes); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif + + return ret; +} +#endif /* WOLFSSL_AES_192 */ +#endif /* HAVE_FIPS */ + +#ifdef WOLFSSL_AES_256 +static wc_test_ret_t aes_xts_256_test(void) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XtsAes *aes = NULL; +#else + XtsAes aes[1]; +#endif + int aes_inited = 0; + wc_test_ret_t ret = 0; + unsigned char buf[WC_AES_BLOCK_SIZE * 3]; + unsigned char cipher[WC_AES_BLOCK_SIZE * 3]; +#ifdef WOLFSSL_AESXTS_STREAM + struct XtsAesStreamData stream; +#endif +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) + #define LARGE_XTS_SZ 1024 + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* large_input = NULL; + #else + byte large_input[LARGE_XTS_SZ]; + #endif +#endif + + /* 256 key tests */ + WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = { + 0x1e, 0xa6, 0x61, 0xc5, 0x8d, 0x94, 0x3a, 0x0e, + 0x48, 0x01, 0xe4, 0x2f, 0x4b, 0x09, 0x47, 0x14, + 0x9e, 0x7f, 0x9f, 0x8e, 0x3e, 0x68, 0xd0, 0xc7, + 0x50, 0x52, 0x10, 0xbd, 0x31, 0x1a, 0x0e, 0x7c, + 0xd6, 0xe1, 0x3f, 0xfd, 0xf2, 0x41, 0x8d, 0x8d, + 0x19, 0x11, 0xc0, 0x04, 0xcd, 0xa5, 0x8d, 0xa3, + 0xd6, 0x19, 0xb7, 0xe2, 0xb9, 0x14, 0x1e, 0x58, + 0x31, 0x8e, 0xea, 0x39, 0x2c, 0xf4, 0x1b, 0x08 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char i1[] = { + 0xad, 0xf8, 0xd9, 0x26, 0x27, 0x46, 0x4a, 0xd2, + 0xf0, 0x42, 0x8e, 0x84, 0xa9, 0xf8, 0x75, 0x64 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = { + 0x2e, 0xed, 0xea, 0x52, 0xcd, 0x82, 0x15, 0xe1, + 0xac, 0xc6, 0x47, 0xe8, 0x10, 0xbb, 0xc3, 0x64, + 0x2e, 0x87, 0x28, 0x7f, 0x8d, 0x2e, 0x57, 0xe3, + 0x6c, 0x0a, 0x24, 0xfb, 0xc1, 0x2a, 0x20, 0x2e + }; + + /* plain text test of partial block is not from NIST test vector list */ + WOLFSSL_SMALL_STACK_STATIC unsigned char pp[] = { + 0xeb, 0xab, 0xce, 0x95, 0xb1, 0x4d, 0x3c, 0x8d, + 0x6f, 0xb3, 0x50, 0x39, 0x07, 0x90, 0x31, 0x1c, + 0x6e, 0x4b, 0x92, 0x01, 0x3e, 0x76, 0x8a, 0xd5 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = { + 0xcb, 0xaa, 0xd0, 0xe2, 0xf6, 0xce, 0xa3, 0xf5, + 0x0b, 0x37, 0xf9, 0x34, 0xd4, 0x6a, 0x9b, 0x13, + 0x0b, 0x9d, 0x54, 0xf0, 0x7e, 0x34, 0xf3, 0x6a, + 0xf7, 0x93, 0xe8, 0x6f, 0x73, 0xc6, 0xd7, 0xdb + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = { + 0xad, 0x50, 0x4b, 0x85, 0xd7, 0x51, 0xbf, 0xba, + 0x69, 0x13, 0xb4, 0xcc, 0x79, 0xb6, 0x5a, 0x62, + 0xf7, 0xf3, 0x9d, 0x36, 0x0f, 0x35, 0xb5, 0xec, + 0x4a, 0x7e, 0x95, 0xbd, 0x9b, 0xa5, 0xf2, 0xec, + 0xc1, 0xd7, 0x7e, 0xa3, 0xc3, 0x74, 0xbd, 0x4b, + 0x13, 0x1b, 0x07, 0x83, 0x87, 0xdd, 0x55, 0x5a, + 0xb5, 0xb0, 0xc7, 0xe5, 0x2d, 0xb5, 0x06, 0x12, + 0xd2, 0xb5, 0x3a, 0xcb, 0x47, 0x8a, 0x53, 0xb4 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char i2[] = { + 0xe6, 0x42, 0x19, 0xed, 0xe0, 0xe1, 0xc2, 0xa0, + 0x0e, 0xf5, 0x58, 0x6a, 0xc4, 0x9b, 0xeb, 0x6f + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = { + 0x24, 0xcb, 0x76, 0x22, 0x55, 0xb5, 0xa8, 0x00, + 0xf4, 0x6e, 0x80, 0x60, 0x56, 0x9e, 0x05, 0x53, + 0xbc, 0xfe, 0x86, 0x55, 0x3b, 0xca, 0xd5, 0x89, + 0xc7, 0x54, 0x1a, 0x73, 0xac, 0xc3, 0x9a, 0xbd, + 0x53, 0xc4, 0x07, 0x76, 0xd8, 0xe8, 0x22, 0x61, + 0x9e, 0xa9, 0xad, 0x77, 0xa0, 0x13, 0x4c, 0xfc + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = { + 0xa3, 0xc6, 0xf3, 0xf3, 0x82, 0x79, 0x5b, 0x10, + 0x87, 0xd7, 0x02, 0x50, 0xdb, 0x2c, 0xd3, 0xb1, + 0xa1, 0x62, 0xa8, 0xb6, 0xdc, 0x12, 0x60, 0x61, + 0xc1, 0x0a, 0x84, 0xa5, 0x85, 0x3f, 0x3a, 0x89, + 0xe6, 0x6c, 0xdb, 0xb7, 0x9a, 0xb4, 0x28, 0x9b, + 0xc3, 0xea, 0xd8, 0x10, 0xe9, 0xc0, 0xaf, 0x92 + }; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif + +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) \ + && !defined(HAVE_SELFTEST) && !defined(HAVE_FIPS) + ret = EVP_test(wolfSSL_EVP_aes_256_xts(), k2, i2, p2, sizeof(p2), c2, sizeof(c2)); + if (ret != 0) { + printf("EVP_aes_256_xts failed\n"); + goto out; + } +#endif + + ret = wc_AesXtsInit(aes, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + else + aes_inited = 1; + + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncrypt(aes, buf, p2, sizeof(p2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c2, buf, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i2, sizeof(i2), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptUpdate(aes, buf, p2, WC_AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf + WC_AES_BLOCK_SIZE, p2 + WC_AES_BLOCK_SIZE, sizeof(p2) - WC_AES_BLOCK_SIZE, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(c2, buf, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsEncrypt(aes, buf, p1, sizeof(p1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptUpdate(aes, buf, p1, sizeof(p1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptFinal(aes, buf, NULL, 0, &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(c1, buf, sizeof(c1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + + /* partial block encryption test */ + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesXtsEncrypt(aes, cipher, pp, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#ifdef HAVE_AES_DECRYPT + /* partial block decrypt test */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, buf, cipher, sizeof(pp), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(pp, buf, sizeof(pp))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* NIST decrypt test vector */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsDecrypt(aes, buf, c1, sizeof(c1), i1, sizeof(i1)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p1, buf, sizeof(p1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef WOLFSSL_AESXTS_STREAM + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptFinal(aes, buf, c1, sizeof(c1), &stream); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(p1, buf, sizeof(p1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* WOLFSSL_AESXTS_STREAM */ + + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, buf, c2, sizeof(c2), i2, sizeof(i2)); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p2, buf, sizeof(p2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ + +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) + { + int i; + int j; +#ifdef WOLFSSL_AESXTS_STREAM + int k; +#endif + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + large_input = (byte *)XMALLOC(LARGE_XTS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (large_input == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out); + #endif + + for (i = 0; i < (int)LARGE_XTS_SZ; i++) + large_input[i] = (byte)i; + + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + #endif /* HAVE_AES_DECRYPT */ + } + +#ifdef WOLFSSL_AESXTS_STREAM + for (i = 0; i < (int)LARGE_XTS_SZ; i++) + large_input[i] = (byte)i; + + /* first, encrypt block by block then decrypt with a one-shot call. */ + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptInit(aes, i1, sizeof(i1), &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) { + if ((j - k) < WC_AES_BLOCK_SIZE*2) + ret = wc_AesXtsEncryptFinal(aes, large_input + k, large_input + k, j - k, &stream); + else + ret = wc_AesXtsEncryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if ((j - k) < WC_AES_BLOCK_SIZE*2) + break; + } + + #ifdef HAVE_AES_DECRYPT + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + #endif /* HAVE_AES_DECRYPT */ + } + + #ifdef HAVE_AES_DECRYPT + /* second, encrypt with a one-shot call then decrypt block by block. */ + for (j = 16; j < (int)LARGE_XTS_SZ; j++) { + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncrypt(aes, large_input, large_input, (word32)j, i1, + sizeof(i1)); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsDecryptInit(aes, i1, sizeof(i1), &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (k = 0; k < j; k += WC_AES_BLOCK_SIZE) { + if ((j - k) < WC_AES_BLOCK_SIZE*2) + ret = wc_AesXtsDecryptFinal(aes, large_input + k, large_input + k, j - k, &stream); + else + ret = wc_AesXtsDecryptUpdate(aes, large_input + k, large_input + k, WC_AES_BLOCK_SIZE, &stream); + #if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, + WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if ((j - k) < WC_AES_BLOCK_SIZE*2) + break; + } + + for (i = 0; i < j; i++) { + if (large_input[i] != (byte)i) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + } + #endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AESXTS_STREAM */ + } +#endif /* !BENCH_EMBEDDED && !HAVE_CAVIUM && + * !WOLFSSL_AFALG + */ + + out: + + #if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_AFALG) && defined(WOLFSSL_SMALL_STACK) && \ + !defined(WOLFSSL_NO_MALLOC) + XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + + if (aes_inited) + wc_AesXtsFree(aes); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif + + return ret; +} +#endif /* WOLFSSL_AES_256 */ + + +#if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256) +/* both 128 and 256 bit key test */ +static wc_test_ret_t aes_xts_sector_test(void) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XtsAes *aes = NULL; +#else + XtsAes aes[1]; +#endif + int aes_inited = 0; + wc_test_ret_t ret = 0; + unsigned char buf[WC_AES_BLOCK_SIZE * 2]; + + /* 128 key tests */ + WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = { + 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed, + 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22, + 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c, + 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = { + 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09, + 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = { + 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac, + 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52 + }; + word64 s1 = 141; + + /* 256 key tests */ + WOLFSSL_SMALL_STACK_STATIC unsigned char k2[] = { + 0xef, 0x01, 0x0c, 0xa1, 0xa3, 0x66, 0x3e, 0x32, + 0x53, 0x43, 0x49, 0xbc, 0x0b, 0xae, 0x62, 0x23, + 0x2a, 0x15, 0x73, 0x34, 0x85, 0x68, 0xfb, 0x9e, + 0xf4, 0x17, 0x68, 0xa7, 0x67, 0x4f, 0x50, 0x7a, + 0x72, 0x7f, 0x98, 0x75, 0x53, 0x97, 0xd0, 0xe0, + 0xaa, 0x32, 0xf8, 0x30, 0x33, 0x8c, 0xc7, 0xa9, + 0x26, 0xc7, 0x73, 0xf0, 0x9e, 0x57, 0xb3, 0x57, + 0xcd, 0x15, 0x6a, 0xfb, 0xca, 0x46, 0xe1, 0xa0 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char p2[] = { + 0xed, 0x98, 0xe0, 0x17, 0x70, 0xa8, 0x53, 0xb4, + 0x9d, 0xb9, 0xe6, 0xaa, 0xf8, 0x8f, 0x0a, 0x41, + 0xb9, 0xb5, 0x6e, 0x91, 0xa5, 0xa2, 0xb1, 0x1d, + 0x40, 0x52, 0x92, 0x54, 0xf5, 0x52, 0x3e, 0x75 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char c2[] = { + 0xca, 0x20, 0xc5, 0x5e, 0x8d, 0xc1, 0x49, 0x68, + 0x7d, 0x25, 0x41, 0xde, 0x39, 0xc3, 0xdf, 0x63, + 0x00, 0xbb, 0x5a, 0x16, 0x3c, 0x10, 0xce, 0xd3, + 0x66, 0x6b, 0x13, 0x57, 0xdb, 0x8b, 0xd3, 0x9d + }; + word64 s2 = 187; + +#if !defined(BENCH_EMBEDDED) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) + /* Sector size for encrypt/decrypt consecutive sectors testcase */ + word32 sectorSz = 512; + + unsigned char data[550]; + + WOLFSSL_SMALL_STACK_STATIC unsigned char k3[] = { + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, + 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22, 0x22 + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char p3[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, + 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, + 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, + 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, + 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, + 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, + 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, + 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, + 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, + 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, + 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, + 0xfc, 0xfd, 0xfe, 0xff, + + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x20, 0x21, 0x22, 0x23, + 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x3a, 0x3b, + 0x3c, 0x3d, 0x3e, 0x3f, 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, 0x50, 0x51, 0x52, 0x53, + 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f, + 0x60, 0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6a, 0x6b, + 0x6c, 0x6d, 0x6e, 0x6f, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, + 0x78, 0x79, 0x7a, 0x7b, 0x7c, 0x7d, 0x7e, 0x7f, 0x80, 0x81, 0x82, 0x83, + 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, + 0x9c, 0x9d, 0x9e, 0x9f, 0xa0, 0xa1, 0xa2, 0xa3, 0xa4, 0xa5, 0xa6, 0xa7, + 0xa8, 0xa9, 0xaa, 0xab, 0xac, 0xad, 0xae, 0xaf, 0xb0, 0xb1, 0xb2, 0xb3, + 0xb4, 0xb5, 0xb6, 0xb7, 0xb8, 0xb9, 0xba, 0xbb, 0xbc, 0xbd, 0xbe, 0xbf, + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, 0xc8, 0xc9, 0xca, 0xcb, + 0xcc, 0xcd, 0xce, 0xcf, 0xd0, 0xd1, 0xd2, 0xd3, 0xd4, 0xd5, 0xd6, 0xd7, + 0xd8, 0xd9, 0xda, 0xdb, 0xdc, 0xdd, 0xde, 0xdf, 0xe0, 0xe1, 0xe2, 0xe3, + 0xe4, 0xe5, 0xe6, 0xe7, 0xe8, 0xe9, 0xea, 0xeb, 0xec, 0xed, 0xee, 0xef, + 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 0xf8, 0xf9, 0xfa, 0xfb, + 0xfc, 0xfd, 0xfe, 0xff, + + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, + 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char c3[] = { + 0xb9, 0x6b, 0x2b, 0xfd, 0x61, 0x87, 0x84, 0xd5, 0x26, 0xd2, 0x8c, 0x62, + 0x63, 0x01, 0xca, 0x46, 0xb1, 0x82, 0xfa, 0xdc, 0xbc, 0x32, 0x18, 0xe9, + 0xda, 0xe6, 0xda, 0xd1, 0x1a, 0x52, 0x77, 0xca, 0xdb, 0x0e, 0xbe, 0x37, + 0x88, 0x36, 0x1c, 0x87, 0x16, 0x60, 0xfe, 0xa8, 0x9e, 0xf6, 0x48, 0x64, + 0x94, 0x34, 0x64, 0xed, 0xf6, 0x9a, 0xc5, 0x28, 0xc9, 0xed, 0x64, 0x80, + 0x85, 0xd8, 0x93, 0xa7, 0x50, 0xb1, 0x9d, 0x2f, 0x1e, 0x34, 0xcc, 0xb4, + 0x03, 0xfb, 0x6b, 0x43, 0x21, 0xa8, 0x5b, 0xc6, 0x59, 0x13, 0xd2, 0xb5, + 0xf5, 0x7b, 0xf6, 0xb2, 0xa4, 0x7a, 0xd2, 0x50, 0x26, 0xcb, 0xa4, 0x83, + 0xc3, 0x56, 0xb0, 0xb1, 0x14, 0x34, 0x12, 0x1b, 0xea, 0x26, 0x97, 0x24, + 0x54, 0xcc, 0x32, 0x4c, 0xa4, 0xc2, 0xa3, 0x07, 0xfa, 0x30, 0xa9, 0xf0, + 0x91, 0x17, 0x60, 0x68, 0x88, 0x7f, 0x34, 0x7e, 0xbd, 0x20, 0x33, 0x95, + 0x6e, 0xc0, 0xb6, 0x2b, 0xff, 0x7e, 0x61, 0x35, 0x9a, 0x88, 0xff, 0xd9, + 0x69, 0x21, 0xe7, 0x8f, 0x45, 0x02, 0xf9, 0xd7, 0xeb, 0xa6, 0x53, 0xf1, + 0x73, 0x04, 0xf1, 0x0b, 0x85, 0xc6, 0x1f, 0x4a, 0x51, 0x2f, 0x95, 0x87, + 0x5a, 0x67, 0x37, 0xb2, 0x87, 0xf7, 0xbe, 0x2a, 0x17, 0x57, 0xca, 0xfc, + 0xdd, 0x5f, 0x37, 0x48, 0x78, 0xbd, 0xfa, 0x75, 0xc9, 0xfa, 0x86, 0x7e, + 0xc4, 0x0f, 0x60, 0x85, 0xce, 0x12, 0x44, 0x7c, 0xd9, 0xb2, 0x50, 0xd9, + 0x57, 0x85, 0xa5, 0xd7, 0x68, 0x59, 0x03, 0x09, 0x97, 0x2e, 0x8e, 0xa5, + 0xe3, 0x98, 0xac, 0x16, 0xfb, 0x6d, 0x54, 0xc5, 0x5d, 0x7a, 0x33, 0x44, + 0x0a, 0x39, 0x91, 0xcc, 0x9f, 0x67, 0xf9, 0x89, 0xbb, 0x62, 0x02, 0xc4, + 0x22, 0xec, 0xcf, 0x97, 0x69, 0x81, 0x3d, 0x00, 0xfd, 0xeb, 0x55, 0x08, + 0xa2, 0xff, 0x97, 0xaa, 0x79, 0xde, 0x3c, 0x8a, 0x78, 0x71, 0x73, 0xa2, + 0x98, 0x2f, 0xd8, 0x5c, 0x62, 0x1c, 0x5c, 0x23, 0x0a, 0xd1, 0xf1, 0x81, + 0x8a, 0x12, 0xe7, 0x4d, 0xdd, 0x4f, 0xd4, 0xf1, 0xe8, 0x0f, 0x25, 0x79, + 0x45, 0x4a, 0x49, 0x49, 0x7e, 0x56, 0x91, 0x4e, 0xaa, 0xba, 0x18, 0xe1, + 0xe4, 0xbe, 0x21, 0xdc, 0x58, 0x60, 0x6f, 0x6a, 0x7f, 0xdc, 0x5e, 0x74, + 0x47, 0xbf, 0xeb, 0x84, 0xc4, 0x1e, 0x5a, 0x61, 0x64, 0xc8, 0x63, 0x68, + 0xfa, 0x17, 0x9c, 0xac, 0x60, 0x1c, 0xa5, 0x6e, 0x00, 0x21, 0x93, 0x3c, + 0xd7, 0xbb, 0x73, 0x45, 0xf7, 0x34, 0x81, 0x6c, 0xfa, 0xf2, 0x33, 0xfd, + 0xb1, 0x40, 0x30, 0x6b, 0x30, 0xd1, 0x83, 0x5e, 0x2e, 0x7a, 0xce, 0xa6, + 0x12, 0x2a, 0x15, 0x03, 0x78, 0x29, 0xb9, 0x07, 0xae, 0xe7, 0xc2, 0x78, + 0x74, 0x72, 0xa5, 0x0e, 0x6b, 0x1f, 0x78, 0xf2, 0x5a, 0x69, 0xb6, 0x2b, + 0x99, 0x94, 0x1f, 0x89, 0xd1, 0x21, 0x14, 0x4a, 0x54, 0xab, 0x5a, 0x9f, + 0xaa, 0xa7, 0x96, 0x0a, 0x21, 0xce, 0x30, 0xb6, 0x70, 0x81, 0xe9, 0xd3, + 0x71, 0xc0, 0xf1, 0x15, 0xe2, 0xf6, 0xd3, 0xcc, 0x41, 0x15, 0x9d, 0xd5, + 0xa3, 0xa4, 0xe0, 0xf8, 0x62, 0xc4, 0x76, 0x65, 0x63, 0x89, 0xa7, 0xe2, + 0xfb, 0xf5, 0xc9, 0x80, 0x15, 0x5b, 0xc1, 0x59, 0xb2, 0xd0, 0x01, 0x3a, + 0xf9, 0xab, 0x5b, 0x79, 0x54, 0xed, 0x6b, 0xf9, 0x1d, 0x9d, 0x87, 0x63, + 0x80, 0x4f, 0xec, 0x9c, 0x4f, 0xad, 0x97, 0x04, 0xff, 0x62, 0x4a, 0x17, + 0xc0, 0x09, 0x2a, 0x2c, 0x23, 0x4b, 0xc3, 0xb6, 0x6d, 0xed, 0xdb, 0x1a, + 0x6f, 0x56, 0x2b, 0x78, 0x92, 0x3a, 0x5c, 0x7f, 0xb2, 0x63, 0xd3, 0xd5, + 0x1a, 0xbe, 0xc2, 0x34, 0xc8, 0xad, 0x36, 0xb7, 0x12, 0xb8, 0xe1, 0xb7, + 0x52, 0x7f, 0x16, 0x84, 0x2c, 0x47, 0x7e, 0xf2, 0xa5, 0x36, 0x2e, 0xad, + 0xe7, 0xbb, 0xc0, 0x6f, 0x27, 0x8e, 0x41, 0x08, 0x75, 0xe5, 0xff, 0xde, + 0x08, 0x9f, 0x8c, 0x91, 0xba, 0xc9, 0x9d, 0x9f, 0x27, 0x90, 0x50, 0x44, + 0x24, 0xe7, 0x3d, 0x6f + }; + + word64 s3 = W64LIT(0x000000ffffffffff); +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif + + ret = wc_AesXtsInit(aes, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + else + aes_inited = 1; + + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptSector(aes, buf, p1, sizeof(p1), s1); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c1, buf, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef HAVE_AES_DECRYPT + /* decrypt test */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecryptSector(aes, buf, c1, sizeof(c1), s1); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p1, buf, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ + + /* 256 bit key tests */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsEncryptSector(aes, buf, p2, sizeof(p2), s2); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c2, buf, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef HAVE_AES_DECRYPT + /* decrypt test */ + XMEMSET(buf, 0, sizeof(buf)); + ret = wc_AesXtsSetKeyNoInit(aes, k2, sizeof(k2), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecryptSector(aes, buf, c2, sizeof(c2), s2); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p2, buf, sizeof(p2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ + +#if !defined(BENCH_EMBEDDED) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) + /* encrypt consecutive sectors test */ + XMEMSET(data, 0, sizeof(buf)); + ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsEncryptConsecutiveSectors(aes, data, p3, + sizeof(p3), s3, sectorSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c3, data, sizeof(c3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef HAVE_AES_DECRYPT + /* decrypt consecutive sectors test */ + XMEMSET(data, 0, sizeof(buf)); + ret = wc_AesXtsSetKeyNoInit(aes, k3, sizeof(k3), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecryptConsecutiveSectors(aes, data, c3, + sizeof(c3), s3, sectorSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p3, data, sizeof(p3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ + +#endif /* !BENCH_EMBEDDED && (!HAVE_FIPS || FIPS_VERSION_GE(5, 3)) */ + +out: + + if (aes_inited) + wc_AesXtsFree(aes); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif + + return ret; +} +#endif /* WOLFSSL_AES_128 && WOLFSSL_AES_256 */ + + +#ifdef WOLFSSL_AES_128 +/* testing of bad arguments */ +static wc_test_ret_t aes_xts_args_test(void) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XtsAes *aes = NULL; +#else + XtsAes aes[1]; +#endif + int aes_inited = 0; + wc_test_ret_t ret; + unsigned char buf[WC_AES_BLOCK_SIZE * 2]; + + /* 128 key tests */ + WOLFSSL_SMALL_STACK_STATIC unsigned char k1[] = { + 0xa3, 0xe4, 0x0d, 0x5b, 0xd4, 0xb6, 0xbb, 0xed, + 0xb2, 0xd1, 0x8c, 0x70, 0x0a, 0xd2, 0xdb, 0x22, + 0x10, 0xc8, 0x11, 0x90, 0x64, 0x6d, 0x67, 0x3c, + 0xbc, 0xa5, 0x3f, 0x13, 0x3e, 0xab, 0x37, 0x3c + }; + + WOLFSSL_SMALL_STACK_STATIC unsigned char p1[] = { + 0x20, 0xe0, 0x71, 0x94, 0x05, 0x99, 0x3f, 0x09, + 0xa6, 0x6a, 0xe5, 0xbb, 0x50, 0x0e, 0x56, 0x2c + }; + +#ifdef HAVE_AES_DECRYPT + WOLFSSL_SMALL_STACK_STATIC unsigned char c1[] = { + 0x74, 0x62, 0x35, 0x51, 0x21, 0x02, 0x16, 0xac, + 0x92, 0x6b, 0x96, 0x50, 0xb6, 0xd3, 0xfa, 0x52 + }; +#endif + word64 s1 = 141; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((aes = (XtsAes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif + + ret = wc_AesXtsInit(aes, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + else + aes_inited = 1; + + if (wc_AesXtsSetKeyNoInit(NULL, k1, sizeof(k1), AES_ENCRYPTION) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (wc_AesXtsSetKeyNoInit(aes, NULL, sizeof(k1), AES_ENCRYPTION) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* encryption operations */ + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesXtsEncryptSector(NULL, buf, p1, sizeof(p1), s1); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_AesXtsEncryptSector(aes, NULL, p1, sizeof(p1), s1); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef HAVE_AES_DECRYPT + /* decryption operations */ + ret = wc_AesXtsSetKeyNoInit(aes, k1, sizeof(k1), AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesXtsDecryptSector(NULL, buf, c1, sizeof(c1), s1); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_AesXtsDecryptSector(aes, NULL, c1, sizeof(c1), s1); +#if defined(WOLFSSL_ASYNC_CRYPT) + #ifdef WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS + ret = wc_AsyncWait(ret, &aes->aes_decrypt.asyncDev, WC_ASYNC_FLAG_NONE); + #else + ret = wc_AsyncWait(ret, &aes->aes.asyncDev, WC_ASYNC_FLAG_NONE); + #endif +#endif + if (ret == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + ret = 0; + + out: + + if (aes_inited) + wc_AesXtsFree(aes); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif + + return ret; +} +#endif /* WOLFSSL_AES_128 */ +#endif /* WOLFSSL_AES_XTS && (!HAVE_FIPS || FIPS_VERSION_GE(5,3)) */ + +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + !defined(HAVE_RENESAS_SYNC) +static wc_test_ret_t aes_cbc_oneshot_test(void) +{ + byte cipher[WC_AES_BLOCK_SIZE]; + byte plain[WC_AES_BLOCK_SIZE]; + wc_test_ret_t ret; + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + byte key[] = "0123456789abcdef "; /* align */ + byte iv[] = "1234567890abcdef "; /* align */ + + XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE); + XMEMSET(plain, 0, WC_AES_BLOCK_SIZE); + + /* Parameter Validation testing. */ + ret = wc_AesCbcEncryptWithKey(cipher, msg, WC_AES_BLOCK_SIZE, key, 17, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); +#ifdef HAVE_AES_DECRYPT + ret = wc_AesCbcDecryptWithKey(plain, cipher, WC_AES_BLOCK_SIZE, key, 17, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); +#endif + + ret = wc_AesCbcEncryptWithKey(cipher, msg, WC_AES_BLOCK_SIZE, key, + WC_AES_BLOCK_SIZE, iv); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); +#ifdef HAVE_AES_DECRYPT + ret = wc_AesCbcDecryptWithKey(plain, cipher, WC_AES_BLOCK_SIZE, key, + WC_AES_BLOCK_SIZE, iv); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE) != 0) + return WC_TEST_RET_ENC_NC; +#endif /* HAVE_AES_DECRYPT */ + + (void)plain; + return 0; +} +#endif + +#if defined(WOLFSSL_AES_COUNTER) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *enc = NULL; + Aes *dec = NULL; +#else + Aes enc[1]; + Aes dec[1]; +#endif + byte cipher[WC_AES_BLOCK_SIZE * 4]; + byte plain [WC_AES_BLOCK_SIZE * 4]; + wc_test_ret_t ret = 0; + + /* test vectors from "Recommendation for Block Cipher Modes of + * Operation" NIST Special Publication 800-38A */ + + WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) + WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap32[] = + { + 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap32_2[] = + { + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xfe + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap64[] = + { + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0x0f,0xff,0xff,0xff,0xff,0xff,0xff,0xff + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap64_2[] = + { + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap96[] = + { + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0x0f,0xff,0xff,0xff + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap96_2[] = + { + 0xff,0xff,0xff,0xf0,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe + }; +#endif + WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128[] = + { + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff + }; +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) + WOLFSSL_SMALL_STACK_STATIC const byte ctrIvWrap128_2[] = + { + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xfe + }; +#endif + + WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] = + { + 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, + 0xc2 + }; + +#ifdef WOLFSSL_AES_128 + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Key[] = + { + 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Cipher[] = + { + 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, + 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, + 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, + 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, + 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, + 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, + 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, + 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee + }; + +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32Cipher[] = + { + 0xb3,0x8b,0x58,0xbc,0xce,0xf4,0x71,0x78, + 0xf6,0x7c,0xdb,0xb4,0x27,0x2b,0x0a,0xbf, + 0x7e,0xad,0xea,0x5c,0xd1 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32CipherLong[] = + { + 0xb3,0x8b,0x58,0xbc,0xce,0xf4,0x71,0x78, + 0xf6,0x7c,0xdb,0xb4,0x27,0x2b,0x0a,0xbf, + 0x7e,0xad,0xea,0x5c,0xd1,0xb7,0x98,0xf0, + 0x22,0x20,0xfe,0x67,0xb0,0x02,0x23,0x50 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap32_2CipherLong[] = + { + 0x6e,0xa1,0x27,0x4d,0xea,0x20,0x5f,0x39, + 0x68,0xc8,0xb6,0x78,0xde,0xfc,0x53,0x5c, + 0x90,0xc8,0xf6,0xc6,0xfa,0xe0,0x7b,0x09, + 0x7c,0xf8,0x9c,0x6a,0x5a,0xa5,0x17,0x7f, + 0x03,0x92,0x5f,0x4e,0x85,0xea,0x26,0xc9, + 0x5a,0xc2,0x74,0xe2,0xbf,0xe4,0x1b,0xd4 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64Cipher[] = + { + 0xdd,0x17,0x10,0x7c,0x45,0x04,0xac,0x43, + 0xef,0xa8,0xcc,0x32,0x34,0x87,0x88,0xd7, + 0xae,0x74,0x94,0x72,0x8e + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64CipherLong[] = + { + 0xdd,0x17,0x10,0x7c,0x45,0x04,0xac,0x43, + 0xef,0xa8,0xcc,0x32,0x34,0x87,0x88,0xd7, + 0xae,0x74,0x94,0x72,0x8e,0xd0,0x71,0xc0, + 0x89,0x8a,0xa1,0xb0,0x29,0xa0,0x10,0x9e + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap64_2CipherLong[] = + { + 0x3f,0xe7,0xd5,0xf3,0xfa,0x09,0xfe,0x40, + 0xa6,0xa1,0x32,0x8b,0x57,0x12,0xb9,0xfa, + 0xf2,0x2d,0xe4,0x3c,0x66,0x1d,0x0a,0x8e, + 0x46,0xf8,0x2e,0x33,0xce,0x8d,0x4e,0x3b, + 0x17,0x67,0x9e,0x9f,0x76,0x9e,0xc2,0x99, + 0xd5,0xd4,0x71,0xed,0xb4,0x33,0xb2,0xcd + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96Cipher[] = + { + 0x55,0x24,0xc2,0x73,0xca,0xa3,0x48,0x03, + 0x0b,0x72,0x8d,0xd7,0x6c,0x99,0x8e,0x04, + 0x9d,0x77,0xc9,0x5f,0x38 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96CipherLong[] = + { + 0x55,0x24,0xc2,0x73,0xca,0xa3,0x48,0x03, + 0x0b,0x72,0x8d,0xd7,0x6c,0x99,0x8e,0x04, + 0x9d,0x77,0xc9,0x5f,0x38,0xb5,0x6e,0x44, + 0x21,0x8e,0xda,0x57,0xe0,0x41,0xc7,0x6a + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap96_2CipherLong[] = + { + 0xc8,0x81,0x1a,0xbe,0xc7,0x5b,0x93,0x6f, + 0xe6,0x52,0xe4,0xb1,0x2d,0x1c,0x39,0xbc, + 0xeb,0x82,0x27,0x0a,0x7e,0xa5,0x0e,0x2d, + 0x32,0xda,0xbe,0x10,0x7a,0x10,0xcc,0xd3, + 0x6f,0xc6,0x83,0x28,0x05,0x57,0x8a,0x24, + 0x44,0x76,0x17,0x81,0xb9,0x5c,0x94,0x81 + }; +#endif + + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128Cipher[] = + { + 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62, + 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86, + 0xd3,0xda,0xe1,0x5b,0x04 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128CipherLong[] = + { + 0xe1,0x33,0x38,0xe3,0x6c,0xb7,0x19,0x62, + 0xe0,0x0d,0x02,0x0b,0x4c,0xed,0xbd,0x86, + 0xd3,0xda,0xe1,0x5b,0x04,0xbb,0x35,0x2f, + 0xa0,0xf5,0x9f,0xeb,0xfc,0xb4,0xda,0x3e + }; +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) + WOLFSSL_SMALL_STACK_STATIC const byte ctr128Wrap128_2CipherLong[] = + { + 0xba,0x76,0xaa,0x54,0xd5,0xb5,0x60,0x67, + 0xc1,0xa7,0x90,0x3b,0x3f,0xdd,0xfa,0x89, + 0x24,0xdf,0x0c,0x56,0x5c,0xf4,0x2a,0x68, + 0x97,0x87,0x13,0xb6,0x7a,0xd1,0x24,0xfd, + 0x4d,0x3f,0x77,0x4a,0xb9,0xe4,0x7d,0xa2, + 0xdb,0xb9,0x31,0x5e,0xa3,0x11,0x06,0x80 + }; +#endif +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] = + { + 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] = + { + 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, + 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b, + 0x09,0x03,0x39,0xec,0x0a,0xa6,0xfa,0xef, + 0xd5,0xcc,0xc2,0xc6,0xf4,0xce,0x8e,0x94, + 0x1e,0x36,0xb2,0x6b,0xd1,0xeb,0xc6,0x70, + 0xd1,0xbd,0x1d,0x66,0x56,0x20,0xab,0xf7, + 0x4f,0x78,0xa7,0xf6,0xd2,0x98,0x09,0x58, + 0x5a,0x97,0xda,0xec,0x58,0xc6,0xb0,0x50 + }; + +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32Cipher[] = + { + 0x28,0xaa,0xfa,0x90,0x72,0x74,0x86,0xaf, + 0x72,0x73,0x35,0x17,0x70,0x4e,0x7d,0xca, + 0x0c,0x33,0x97,0x06,0xc0 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32CipherLong[] = + { + 0x28,0xaa,0xfa,0x90,0x72,0x74,0x86,0xaf, + 0x72,0x73,0x35,0x17,0x70,0x4e,0x7d,0xca, + 0x0c,0x33,0x97,0x06,0xc0,0xbe,0x83,0x87, + 0xdd,0xd3,0xff,0xd8,0xe4,0x6a,0x5b,0x84 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap32_2CipherLong[] = + { + 0xf5,0x00,0xa2,0x91,0x54,0xa3,0x76,0xa2, + 0xdd,0xad,0x16,0x89,0xe5,0xf0,0x1d,0x40, + 0x84,0xcd,0x74,0x84,0xcb,0x8b,0x9e,0x29, + 0xa9,0x8a,0x12,0x65,0xa0,0x79,0x5e,0xce, + 0xd9,0x50,0x65,0x21,0x86,0xb0,0x85,0x0d, + 0x98,0x2d,0x9a,0x5a,0x11,0xbe,0xa5,0x7f + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64Cipher[] = + { + 0xfe,0x39,0x27,0x97,0xac,0xe5,0xb8,0x74, + 0xb9,0x8c,0xbf,0x58,0x71,0xa4,0x80,0x33, + 0x3d,0xf7,0xb4,0xfd,0x8c + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64CipherLong[] = + { + 0xfe,0x39,0x27,0x97,0xac,0xe5,0xb8,0x74, + 0xb9,0x8c,0xbf,0x58,0x71,0xa4,0x80,0x33, + 0x3d,0xf7,0xb4,0xfd,0x8c,0x55,0x47,0x10, + 0xd5,0x91,0x35,0xbe,0xd8,0x0d,0xa5,0x9e + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap64_2CipherLong[] = + { + 0x59,0xf1,0xed,0x70,0x62,0x42,0xa8,0x06, + 0x07,0x36,0xe1,0xc5,0x04,0x79,0xc3,0x9b, + 0xd1,0x14,0x5c,0xcc,0x6f,0x81,0x5f,0x2f, + 0xa0,0xde,0xcf,0x61,0x55,0x18,0x7a,0xac, + 0xb0,0x59,0x37,0x90,0x53,0xb3,0x00,0x88, + 0xb4,0x49,0x90,0x7b,0x96,0xcd,0xcc,0xc3 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96Cipher[] = + { + 0x41,0x21,0x40,0x31,0xfb,0xc8,0xad,0x23, + 0xde,0x00,0x03,0xd8,0x96,0x45,0xc7,0xb5, + 0x47,0xb5,0xf3,0x30,0x3b + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96CipherLong[] = + { + 0x41,0x21,0x40,0x31,0xfb,0xc8,0xad,0x23, + 0xde,0x00,0x03,0xd8,0x96,0x45,0xc7,0xb5, + 0x47,0xb5,0xf3,0x30,0x3b,0xef,0xcd,0x80, + 0xe3,0x61,0x34,0xef,0x4e,0x1b,0x79,0xc1 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap96_2CipherLong[] = + { + 0x3c,0xb2,0xff,0xc0,0x24,0xe1,0xf5,0xc4, + 0x0f,0xd1,0x0a,0x1b,0xbe,0x1f,0x23,0xa1, + 0x8e,0xbf,0x2b,0x96,0xb6,0x37,0xc8,0x25, + 0x06,0x90,0xe2,0xca,0x71,0x24,0x52,0x95, + 0xaa,0x8c,0x80,0xdf,0xb7,0xd7,0x30,0xb0, + 0xcc,0x06,0x4f,0x28,0xa2,0x74,0x27,0xf8 + }; +#endif + + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128Cipher[] = + { + 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67, + 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98, + 0x8c,0x68,0xa7,0xd9,0x57 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128CipherLong[] = + { + 0x5c,0xc3,0x8f,0xab,0x30,0xb6,0xac,0x67, + 0xdc,0xc2,0x1e,0x7b,0x01,0x2e,0xcf,0x98, + 0x8c,0x68,0xa7,0xd9,0x57,0xab,0x09,0x0f, + 0x01,0xc4,0x4e,0x62,0xaf,0xc2,0xdf,0x1a + }; +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Wrap128_2CipherLong[] = + { + 0x88,0x0a,0x26,0x4e,0xa8,0x26,0x21,0xe0, + 0xfc,0xbc,0x63,0xdc,0xd9,0x60,0x52,0xb2, + 0x99,0x2f,0xbb,0x1e,0x00,0xf5,0x9f,0x6d, + 0xab,0x48,0x0f,0xc6,0x37,0x12,0x56,0xe3, + 0x12,0x8d,0x31,0xc8,0xea,0xf4,0x41,0x82, + 0x7a,0x88,0xe0,0xd7,0xf0,0x67,0x03,0xa4 + }; +#endif +#endif +#ifdef WOLFSSL_AES_256 + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] = + { + 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, + 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28, + 0xf4,0x43,0xe3,0xca,0x4d,0x62,0xb5,0x9a, + 0xca,0x84,0xe9,0x90,0xca,0xca,0xf5,0xc5, + 0x2b,0x09,0x30,0xda,0xa2,0x3d,0xe9,0x4c, + 0xe8,0x70,0x17,0xba,0x2d,0x84,0x98,0x8d, + 0xdf,0xc9,0xc5,0x8d,0xb6,0x7a,0xad,0xa6, + 0x13,0xc2,0xdd,0x08,0x45,0x79,0x41,0xa6 + }; + +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32Cipher[] = + { + 0xb0,0xa8,0xc0,0x65,0x85,0x20,0x0d,0x5c, + 0x25,0xcf,0xe7,0x58,0x63,0xc8,0xd4,0xea, + 0xa2,0x13,0x47,0x74,0xda + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32CipherLong[] = + { + 0xb0,0xa8,0xc0,0x65,0x85,0x20,0x0d,0x5c, + 0x25,0xcf,0xe7,0x58,0x63,0xc8,0xd4,0xea, + 0xa2,0x13,0x47,0x74,0xda,0x89,0x77,0x40, + 0x28,0x9c,0xe8,0x19,0x26,0x32,0xd8,0x1f + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap32_2CipherLong[] = + { + 0xf6,0xd9,0x22,0xc6,0x80,0x29,0xaf,0x14, + 0x54,0x6c,0x0a,0xce,0x42,0xea,0x3c,0xa1, + 0x7c,0xeb,0x36,0x0d,0x8e,0xd7,0x8c,0x59, + 0xa8,0x09,0x9f,0x9e,0xba,0x5b,0x95,0xfa, + 0x26,0x8c,0x37,0x59,0xf8,0xae,0x8e,0xaa, + 0x4d,0xe4,0x1c,0xfe,0x51,0xc7,0xb7,0xcc + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64Cipher[] = + { + 0x74,0x1a,0x52,0x41,0x76,0xb4,0x11,0x8f, + 0xfd,0x57,0x31,0xfd,0x3d,0x76,0x8f,0x07, + 0xd4,0x94,0x4c,0xcd,0x4d + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64CipherLong[] = + { + 0x74,0x1a,0x52,0x41,0x76,0xb4,0x11,0x8f, + 0xfd,0x57,0x31,0xfd,0x3d,0x76,0x8f,0x07, + 0xd4,0x94,0x4c,0xcd,0x4d,0x47,0x5a,0x92, + 0x26,0x49,0x81,0x7a,0xda,0x36,0x27,0x01 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap64_2CipherLong[] = + { + 0xf7,0x9c,0xbf,0xf6,0xa2,0xaa,0x8a,0x0a, + 0x63,0x8a,0x20,0x2f,0x12,0xf1,0x8e,0x49, + 0x30,0xc0,0x8d,0x5c,0x5f,0x8b,0xbc,0x16, + 0xdd,0x71,0xee,0x13,0x14,0x7b,0xe1,0x25, + 0xcb,0x87,0x8a,0xc6,0xdc,0x1d,0x54,0x7a, + 0xe1,0xe4,0x6f,0x0d,0x95,0x1b,0xd1,0x8b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96Cipher[] = + { + 0xb9,0x07,0x02,0xb8,0xbe,0x94,0xbf,0x53, + 0xdf,0x83,0x8e,0x23,0x8c,0x67,0x0c,0x81, + 0xb8,0x69,0xa1,0x48,0x45 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96CipherLong[] = + { + 0xb9,0x07,0x02,0xb8,0xbe,0x94,0xbf,0x53, + 0xdf,0x83,0x8e,0x23,0x8c,0x67,0x0c,0x81, + 0xb8,0x69,0xa1,0x48,0x45,0xf1,0xc6,0x27, + 0x36,0xa8,0xb2,0x4b,0x0e,0x62,0x6b,0x72 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap96_2CipherLong[] = + { + 0xd5,0x56,0x73,0xaa,0xb8,0xe4,0x06,0xf6, + 0x83,0x45,0x3a,0xb4,0xb9,0x63,0xec,0xad, + 0x73,0xc5,0xab,0x78,0xb1,0x21,0xab,0xef, + 0x69,0x15,0xb7,0x0c,0xe9,0xb4,0x3a,0xe7, + 0xbc,0xc4,0x22,0xbd,0x93,0xba,0x52,0xe0, + 0x91,0x2f,0x5e,0x8d,0x6d,0x59,0xf7,0xc2 + }; +#endif + + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128Cipher[] = + { + 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48, + 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6, + 0x4b,0x45,0x7c,0xd6,0x8a + }; + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128CipherLong[] = + { + 0x50,0xfd,0x97,0xc3,0xe6,0x1a,0xbb,0x48, + 0x73,0xfb,0x78,0xdf,0x1e,0x8e,0x77,0xe6, + 0x4b,0x45,0x7c,0xd6,0x8a,0xcc,0xda,0x4a, + 0x89,0xfa,0x23,0x6c,0x06,0xbf,0x26,0x05 + }; +#if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Wrap128_2CipherLong[] = + { + 0x24,0x5c,0x09,0xa0,0x3b,0x1a,0x5a,0x94, + 0x2b,0x93,0x56,0x13,0x48,0xa0,0x21,0xce, + 0x95,0x11,0xa3,0x76,0xd6,0x59,0x88,0x42, + 0x04,0x71,0x69,0x62,0x28,0xb2,0xee,0x9d, + 0xd5,0xa0,0xea,0xc7,0x37,0x93,0x92,0xc7, + 0xf2,0xb6,0x8d,0xd9,0x59,0x1a,0xfa,0xbb + }; +#endif +#endif + int i; + struct { + const byte* key; + int keySz; + const byte* iv; + const byte* plain; + int len; + const byte* cipher; + } testVec[] = { +#ifdef WOLFSSL_AES_128 + { ctr128Key, (int)sizeof(ctr128Key), ctrIv, + ctrPlain, (int)sizeof(ctrPlain), ctr128Cipher }, + /* let's try with just 9 bytes, non block size test */ + { ctr128Key, (int)sizeof(ctr128Key), ctrIv, + ctrPlain, (int)sizeof(oddCipher), ctr128Cipher }, + /* and an additional 9 bytes to reuse tmp left buffer */ + { NULL, 0, NULL, ctrPlain, (int)sizeof(oddCipher), oddCipher }, + /* Counter wrapping */ + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128, + ctrPlain, (int)sizeof(ctr128Wrap128Cipher), ctr128Wrap128Cipher }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128, + ctrPlain, (int)sizeof(ctr128Wrap128CipherLong), + ctr128Wrap128CipherLong }, + #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap128_2, + ctrPlain, (int)sizeof(ctr128Wrap128_2CipherLong), + ctr128Wrap128_2CipherLong }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96, + ctrPlain, (int)sizeof(ctr128Wrap96Cipher), ctr128Wrap96Cipher }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96, + ctrPlain, (int)sizeof(ctr128Wrap96CipherLong), + ctr128Wrap96CipherLong }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap96_2, + ctrPlain, (int)sizeof(ctr128Wrap96_2CipherLong), + ctr128Wrap96_2CipherLong }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64, + ctrPlain, (int)sizeof(ctr128Wrap64Cipher), ctr128Wrap64Cipher }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64, + ctrPlain, (int)sizeof(ctr128Wrap64CipherLong), + ctr128Wrap64CipherLong }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap64_2, + ctrPlain, (int)sizeof(ctr128Wrap64_2CipherLong), + ctr128Wrap64_2CipherLong }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32, + ctrPlain, (int)sizeof(ctr128Wrap32Cipher), ctr128Wrap32Cipher }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32, + ctrPlain, (int)sizeof(ctr128Wrap32CipherLong), + ctr128Wrap32CipherLong }, + { ctr128Key, (int)sizeof(ctr128Key), ctrIvWrap32_2, + ctrPlain, (int)sizeof(ctr128Wrap32_2CipherLong), + ctr128Wrap32_2CipherLong }, + #endif +#endif +#ifdef WOLFSSL_AES_192 + { ctr192Key, (int)sizeof(ctr192Key), ctrIv, + ctrPlain, (int)sizeof(ctrPlain), ctr192Cipher }, + /* let's try with just 9 bytes, non block size test */ + { ctr192Key, (int)sizeof(ctr192Key), ctrIv, + ctrPlain, (int)sizeof(oddCipher), ctr192Cipher }, + /* Counter wrapping */ + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128, + ctrPlain, (int)sizeof(ctr192Wrap128Cipher), ctr192Wrap128Cipher }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128, + ctrPlain, (int)sizeof(ctr192Wrap128CipherLong), + ctr192Wrap128CipherLong }, + #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap128_2, + ctrPlain, (int)sizeof(ctr192Wrap128_2CipherLong), + ctr192Wrap128_2CipherLong }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96, + ctrPlain, (int)sizeof(ctr192Wrap96Cipher), ctr192Wrap96Cipher }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96, + ctrPlain, (int)sizeof(ctr192Wrap96CipherLong), + ctr192Wrap96CipherLong }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap96_2, + ctrPlain, (int)sizeof(ctr192Wrap96_2CipherLong), + ctr192Wrap96_2CipherLong }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64, + ctrPlain, (int)sizeof(ctr192Wrap64Cipher), ctr192Wrap64Cipher }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64, + ctrPlain, (int)sizeof(ctr192Wrap64CipherLong), + ctr192Wrap64CipherLong }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap64_2, + ctrPlain, (int)sizeof(ctr192Wrap64_2CipherLong), + ctr192Wrap64_2CipherLong }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32, + ctrPlain, (int)sizeof(ctr192Wrap32Cipher), ctr192Wrap32Cipher }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32, + ctrPlain, (int)sizeof(ctr192Wrap32CipherLong), + ctr192Wrap32CipherLong }, + { ctr192Key, (int)sizeof(ctr192Key), ctrIvWrap32_2, + ctrPlain, (int)sizeof(ctr192Wrap32_2CipherLong), + ctr192Wrap32_2CipherLong }, + #endif +#endif +#ifdef WOLFSSL_AES_256 + { ctr256Key, (int)sizeof(ctr256Key), ctrIv, + ctrPlain, (int)sizeof(ctrPlain), ctr256Cipher }, + /* let's try with just 9 bytes, non block size test */ + { ctr256Key, (int)sizeof(ctr256Key), ctrIv, + ctrPlain, (int)sizeof(oddCipher), ctr256Cipher }, + /* Counter wrapping */ + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128, + ctrPlain, (int)sizeof(ctr256Wrap128Cipher), ctr256Wrap128Cipher }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128, + ctrPlain, (int)sizeof(ctr256Wrap128CipherLong), + ctr256Wrap128CipherLong }, + #if defined(WOLFSSL_ARMASM) || defined(WOLFSSL_RISCV_ASM) + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap128_2, + ctrPlain, (int)sizeof(ctr256Wrap128_2CipherLong), + ctr256Wrap128_2CipherLong }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96, + ctrPlain, (int)sizeof(ctr256Wrap96Cipher), ctr256Wrap96Cipher }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96, + ctrPlain, (int)sizeof(ctr256Wrap96CipherLong), + ctr256Wrap96CipherLong }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap96_2, + ctrPlain, (int)sizeof(ctr256Wrap96_2CipherLong), + ctr256Wrap96_2CipherLong }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64, + ctrPlain, (int)sizeof(ctr256Wrap64Cipher), ctr256Wrap64Cipher }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64, + ctrPlain, (int)sizeof(ctr256Wrap64CipherLong), + ctr256Wrap64CipherLong }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap64_2, + ctrPlain, (int)sizeof(ctr256Wrap64_2CipherLong), + ctr256Wrap64_2CipherLong }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32, + ctrPlain, (int)sizeof(ctr256Wrap32Cipher), ctr256Wrap32Cipher }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32, + ctrPlain, (int)sizeof(ctr256Wrap32CipherLong), + ctr256Wrap32CipherLong }, + { ctr256Key, (int)sizeof(ctr256Key), ctrIvWrap32_2, + ctrPlain, (int)sizeof(ctr256Wrap32_2CipherLong), + ctr256Wrap32_2CipherLong }, + #endif +#endif + }; + #define AES_CTR_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec)) + + WOLFSSL_ENTER("aes_ctr_test"); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#else + XMEMSET(enc, 0, sizeof(Aes)); + XMEMSET(dec, 0, sizeof(Aes)); + ret = wc_AesInit(enc, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesInit(dec, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + + for (i = 0; i < AES_CTR_TEST_LEN; i++) { + if (testVec[i].key != NULL) { + ret = wc_AesSetKeyDirect(enc, testVec[i].key, (word32)testVec[i].keySz, + testVec[i].iv, AES_ENCRYPTION); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + /* Ctr only uses encrypt, even on key setup */ + ret = wc_AesSetKeyDirect(dec, testVec[i].key, (word32)testVec[i].keySz, + testVec[i].iv, AES_ENCRYPTION); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + } + + ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, (word32)testVec[i].len); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + ret = wc_AesCtrEncrypt(dec, plain, cipher, (word32)testVec[i].len); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + + if (XMEMCMP(plain, ctrPlain, (size_t)testVec[i].len)) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } +#if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM)) + if (XMEMCMP(cipher, testVec[i].cipher, (size_t)testVec[i].len)) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } +#endif + } + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) + for (i = 0; i < AES_CTR_TEST_LEN; i++) { + if (testVec[i].key != NULL) { + ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz, + testVec[i].iv, AES_ENCRYPTION); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + /* Ctr only uses encrypt, even on key setup */ + ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz, + testVec[i].iv, AES_ENCRYPTION); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + } + + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len); + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len); + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + + if (XMEMCMP(plain, ctrPlain, testVec[i].len)) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } +#if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM)) + if (XMEMCMP(cipher, testVec[i].cipher, testVec[i].len)) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } +#endif + } + + for (i = 0; i < AES_CTR_TEST_LEN; i++) { + if (testVec[i].key != NULL) { + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + ret = wc_AesSetKeyDirect(enc, testVec[i].key, testVec[i].keySz, + testVec[i].iv, AES_ENCRYPTION); + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + /* Ctr only uses encrypt, even on key setup */ + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + ret = wc_AesSetKeyDirect(dec, testVec[i].key, testVec[i].keySz, + testVec[i].iv, AES_ENCRYPTION); + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + } + + ret = wc_AesCtrEncrypt(enc, cipher, testVec[i].plain, testVec[i].len); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + ret = wc_AesCtrEncrypt(dec, plain, cipher, testVec[i].len); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + + if (XMEMCMP(plain, ctrPlain, testVec[i].len)) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } +#if !(FIPS_VERSION_EQ(2,0) && defined(WOLFSSL_ARMASM)) + if (XMEMCMP(cipher, testVec[i].cipher, testVec[i].len)) { + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } +#endif + } + +#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */ + +out: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else + wc_AesFree(enc); +#endif +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else + wc_AesFree(dec); +#endif +#endif + return ret; +} +#endif /* WOLFSSL_AES_COUNTER */ + +#ifdef HAVE_AES_ECB +static wc_test_ret_t aes_ecb_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) +{ + wc_test_ret_t ret = 0; + /* keys padded to block size (16 bytes) */ +#ifdef WOLFSSL_AES_128 + WOLFSSL_SMALL_STACK_STATIC const byte key_128[] = + "0123456789abcdef "; +#endif +#ifdef WOLFSSL_AES_192 + WOLFSSL_SMALL_STACK_STATIC const byte key_192[] = + "0123456789abcdef01234567 "; +#endif +#ifdef WOLFSSL_AES_256 + WOLFSSL_SMALL_STACK_STATIC const byte key_256[] = + "0123456789abcdef0123456789abcdef "; +#endif + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { + 0x6e, 0x6f, 0x77, 0x20, 0x69, 0x73, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x74, 0x69, 0x6d, 0x65, 0x20 + }; +#ifdef WOLFSSL_AES_128 + WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_128[WC_AES_BLOCK_SIZE] = { + 0xd0, 0xc9, 0xd9, 0xc9, 0x40, 0xe8, 0x97, 0xb6, + 0xc8, 0x8c, 0x33, 0x3b, 0xb5, 0x8f, 0x85, 0xd1 + }; +#endif +#ifdef WOLFSSL_AES_192 + WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_192[WC_AES_BLOCK_SIZE] = { + 0x06, 0x57, 0xee, 0x78, 0x3f, 0x96, 0x00, 0xb1, + 0xec, 0x76, 0x94, 0x30, 0x29, 0xbe, 0x15, 0xab + }; +#endif +#ifdef WOLFSSL_AES_256 + WOLFSSL_SMALL_STACK_STATIC const byte verify_ecb_256[WC_AES_BLOCK_SIZE] = { + 0xcd, 0xf2, 0x81, 0x3e, 0x73, 0x3e, 0xf7, 0x33, + 0x3d, 0x18, 0xfd, 0x41, 0x85, 0x37, 0x04, 0x82 + }; + WOLFSSL_SMALL_STACK_STATIC const byte niKey[] = { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] = { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] = { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; +#endif + + int i; + struct { + const byte* key; + int keySz; + const byte* iv; /* null uses 0's */ + const byte* plain; + const byte* verify; + } testVec[] = { +#ifdef WOLFSSL_AES_128 + { key_128, 16, iv, msg, verify_ecb_128 }, +#endif +#ifdef WOLFSSL_AES_192 + { key_192, 24, iv, msg, verify_ecb_192 }, +#endif +#ifdef WOLFSSL_AES_256 + { key_256, 32, iv, msg, verify_ecb_256 }, + { niKey, 32, NULL, niPlain, niCipher } +#endif + }; + #define AES_ECB_TEST_LEN (int)(sizeof(testVec) / sizeof(*testVec)) + + for (i = 0; i < AES_ECB_TEST_LEN; i++) { + ret = wc_AesSetKey(enc, testVec[i].key, testVec[i].keySz, testVec[i].iv, + AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + ret = wc_AesSetKey(dec, testVec[i].key, testVec[i].keySz, testVec[i].iv, + AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + + XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE); + ret = wc_AesEcbEncrypt(enc, cipher, testVec[i].plain, WC_AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(cipher, testVec[i].verify, WC_AES_BLOCK_SIZE)) { + WOLFSSL_MSG("aes_test cipher vs verify_ecb mismatch!"); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + #ifdef HAVE_AES_DECRYPT + XMEMSET(plain, 0, WC_AES_BLOCK_SIZE); + ret = wc_AesEcbDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(plain, testVec[i].plain, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + #endif /* HAVE_AES_DECRYPT */ + (void)dec; + (void)plain; + } + +out: + return ret; +} +#endif /* HAVE_AES_ECB */ + +#ifdef WOLFSSL_AES_DIRECT +static wc_test_ret_t aes_direct_test(Aes* enc, Aes* dec, byte* cipher, byte* plain) +{ + wc_test_ret_t ret = 0; + + WOLFSSL_ENTER("aes_direct_test"); + +#if defined(WOLFSSL_AES_256) + { + WOLFSSL_SMALL_STACK_STATIC const byte niPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + WOLFSSL_SMALL_STACK_STATIC const byte niCipher[] = + { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte niKey[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE); + ret = wc_AesSetKey(enc, niKey, sizeof(niKey), cipher, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#if !defined(HAVE_SELFTEST) && \ + (defined(WOLFSSL_KERNEL_MODE) || \ + !defined(HAVE_FIPS) || \ + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + ret = wc_AesEncryptDirect(enc, cipher, niPlain); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#else + wc_AesEncryptDirect(enc, cipher, niPlain); +#endif + if (XMEMCMP(cipher, niCipher, WC_AES_BLOCK_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef HAVE_AES_DECRYPT + XMEMSET(plain, 0, WC_AES_BLOCK_SIZE); + ret = wc_AesSetKey(dec, niKey, sizeof(niKey), plain, AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#if !defined(HAVE_SELFTEST) && \ + (defined(WOLFSSL_KERNEL_MODE) || \ + !defined(HAVE_FIPS) || \ + (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + ret = wc_AesDecryptDirect(dec, plain, niCipher); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#else + wc_AesDecryptDirect(dec, plain, niCipher); +#endif + if (XMEMCMP(plain, niPlain, WC_AES_BLOCK_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ + } +out: +#endif /* WOLFSSL_AES_256 */ + (void)enc; + (void)dec; + (void)cipher; + (void)plain; + return ret; +} +#endif /* WOLFSSL_AES_DIRECT */ + +#ifdef HAVE_AES_CBC + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *enc = NULL; +#else + Aes enc[1]; +#endif +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *dec = NULL; +#else + Aes dec[1]; +#endif +#endif +#ifdef WOLFSSL_AES_128 + byte cipher[WC_AES_BLOCK_SIZE * 4]; +#ifdef HAVE_AES_DECRYPT + byte plain [WC_AES_BLOCK_SIZE * 4]; +#endif +#endif + wc_test_ret_t ret = 0; + + WOLFSSL_ENTER("aes_cbc_test"); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif + ret = wc_AesInit(enc, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + ret = wc_AesInit(dec, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + +#ifdef WOLFSSL_AES_128 + { + /* "Now is the time for all " w/o trailing 0 */ + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = + { + 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, + 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb + }; + #ifdef HAVE_RENESAS_SYNC + const byte *key = (byte*)guser_PKCbInfo.wrapped_key_aes128; + #else + /* padded to 16-bytes */ + WOLFSSL_SMALL_STACK_STATIC const byte key[] = "0123456789abcdef "; + #endif + /* padded to 16-bytes */ + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; + + ret = wc_AesSetKey(enc, key, WC_AES_BLOCK_SIZE, iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + ret = wc_AesSetKey(dec, key, WC_AES_BLOCK_SIZE, iv, AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + + XMEMSET(cipher, 0, sizeof(cipher)); + ret = wc_AesCbcEncrypt(enc, cipher, msg, WC_AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + XMEMSET(plain, 0, sizeof(plain)); + ret = wc_AesCbcDecrypt(dec, plain, cipher, WC_AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) { + WOLFSSL_MSG("failed wc_AesCbcDecrypt"); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE)) { + WOLFSSL_MSG("wc_AesCbcDecrypt failed plain compare"); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + #endif /* HAVE_AES_DECRYPT */ + /* skipped because wrapped key use in case of renesas sm */ + #ifndef HAVE_RENESAS_SYNC + if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE)) { + WOLFSSL_MSG("wc_AesCbcDecrypt failed cipher-verify compare"); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + #endif + } +#endif /* WOLFSSL_AES_128 */ + +#if defined(WOLFSSL_AESNI) && defined(HAVE_AES_DECRYPT) && \ + defined(WOLFSSL_AES_192) && defined(WOLFSSL_AES_256) + { + WOLFSSL_SMALL_STACK_STATIC const byte bigMsg[] = { + /* "All work and no play makes Jack a dull boy. " */ + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, + 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, + 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, + 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, + 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, + 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, + 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, + 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, + 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, + 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, + 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, + 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, + 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, + 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, + 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, + 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, + 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, + 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, + 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, + 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, + 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, + 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20, + 0x61,0x20,0x64,0x75,0x6c,0x6c,0x20,0x62, + 0x6f,0x79,0x2e,0x20,0x41,0x6c,0x6c,0x20, + 0x77,0x6f,0x72,0x6b,0x20,0x61,0x6e,0x64, + 0x20,0x6e,0x6f,0x20,0x70,0x6c,0x61,0x79, + 0x20,0x6d,0x61,0x6b,0x65,0x73,0x20,0x4a, + 0x61,0x63,0x6b,0x20,0x61,0x20,0x64,0x75, + 0x6c,0x6c,0x20,0x62,0x6f,0x79,0x2e,0x20, + 0x41,0x6c,0x6c,0x20,0x77,0x6f,0x72,0x6b, + 0x20,0x61,0x6e,0x64,0x20,0x6e,0x6f,0x20, + 0x70,0x6c,0x61,0x79,0x20,0x6d,0x61,0x6b, + 0x65,0x73,0x20,0x4a,0x61,0x63,0x6b,0x20 + }; + WOLFSSL_SMALL_STACK_STATIC const byte bigKey[] = + "0123456789abcdeffedcba9876543210"; + /* padded to 16-bytes */ + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = "1234567890abcdef "; + word32 keySz, msgSz; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte *bigCipher = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + byte *bigPlain = (byte *)XMALLOC(sizeof(bigMsg), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + + if ((bigCipher == NULL) || + (bigPlain == NULL)) { + XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#else + byte bigCipher[sizeof(bigMsg)]; + byte bigPlain[sizeof(bigMsg)]; +#endif + + /* Iterate from one WC_AES_BLOCK_SIZE of bigMsg through the whole + * message by WC_AES_BLOCK_SIZE for each size of AES key. */ + for (keySz = 16; keySz <= 32; keySz += 8) { + for (msgSz = WC_AES_BLOCK_SIZE; + msgSz <= sizeof(bigMsg); + msgSz += WC_AES_BLOCK_SIZE) { + + XMEMSET(bigCipher, 0, sizeof(bigMsg)); + XMEMSET(bigPlain, 0, sizeof(bigMsg)); + ret = wc_AesSetKey(enc, bigKey, keySz, iv, AES_ENCRYPTION); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + break; + } + ret = wc_AesSetKey(dec, bigKey, keySz, iv, AES_DECRYPTION); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + break; + } + + ret = wc_AesCbcEncrypt(enc, bigCipher, bigMsg, msgSz); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + break; + } + + ret = wc_AesCbcDecrypt(dec, bigPlain, bigCipher, msgSz); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + break; + } + + if (XMEMCMP(bigPlain, bigMsg, msgSz)) { + ret = WC_TEST_RET_ENC_NC; + break; + } + } + if (ret != 0) + break; + } + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) + /* Iterate from one WC_AES_BLOCK_SIZE of bigMsg through the whole + * message by WC_AES_BLOCK_SIZE for each size of AES key. */ + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + for (keySz = 16; keySz <= 32; keySz += 8) { + for (msgSz = WC_AES_BLOCK_SIZE; + msgSz <= sizeof(bigMsg); + msgSz += WC_AES_BLOCK_SIZE) { + + XMEMSET(bigCipher, 0, sizeof(bigMsg)); + XMEMSET(bigPlain, 0, sizeof(bigMsg)); + ret = wc_AesSetKey(enc, bigKey, keySz, iv, AES_ENCRYPTION); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + break; + } + ret = wc_AesSetKey(dec, bigKey, keySz, iv, AES_DECRYPTION); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + break; + } + + ret = wc_AesCbcEncrypt(enc, bigCipher, bigMsg, msgSz); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + break; + } + + ret = wc_AesCbcDecrypt(dec, bigPlain, bigCipher, msgSz); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + break; + } + + if (XMEMCMP(bigPlain, bigMsg, msgSz)) { + ret = WC_TEST_RET_ENC_NC; + break; + } + } + if (ret != 0) + break; + } + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); +#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */ + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(bigCipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(bigPlain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + if (ret != 0) + goto out; + } +#endif /* WOLFSSL_AESNI && HAVE_AES_DECRYPT && WOLFSSL_AES_192 && WOLFSSL_AES_256 */ + + /* Test of AES IV state with encrypt/decrypt */ +#if defined(WOLFSSL_AES_128) && !defined(HAVE_RENESAS_SYNC) + { + /* Test Vector from "NIST Special Publication 800-38A, 2001 Edition" + * https://nvlpubs.nist.gov/nistpubs/legacy/sp/nistspecialpublication800-38a.pdf + */ + WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = + { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = + { + 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46, + 0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d, + 0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee, + 0x95, 0xdb, 0x11, 0x3a, 0x91, 0x76, 0x78, 0xb2 + }; + WOLFSSL_SMALL_STACK_STATIC const byte key2[] = { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c + }; + WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f + }; + + + ret = wc_AesSetKey(enc, key2, sizeof(key2), iv2, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE * 2); + ret = wc_AesCbcEncrypt(enc, cipher, msg2, WC_AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifndef HAVE_RENESAS_SYNC + if (XMEMCMP(cipher, verify2, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif + ret = wc_AesCbcEncrypt(enc, cipher + WC_AES_BLOCK_SIZE, + msg2 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(cipher + WC_AES_BLOCK_SIZE, verify2 + WC_AES_BLOCK_SIZE, + WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + #if defined(HAVE_AES_DECRYPT) + ret = wc_AesSetKey(dec, key2, sizeof(key2), iv2, AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + XMEMSET(plain, 0, WC_AES_BLOCK_SIZE * 2); + ret = wc_AesCbcDecrypt(dec, plain, verify2, WC_AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(plain, msg2, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_AesCbcDecrypt(dec, plain + WC_AES_BLOCK_SIZE, + verify2 + WC_AES_BLOCK_SIZE, WC_AES_BLOCK_SIZE); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(plain + WC_AES_BLOCK_SIZE, msg2 + WC_AES_BLOCK_SIZE, + WC_AES_BLOCK_SIZE)) { + WOLFSSL_MSG("wc_AesCbcDecrypt failed plain-msg2 compare"); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + #endif /* HAVE_AES_DECRYPT */ + + aes_cbc_oneshot_test(); + } +#endif /* WOLFSSL_AES_128 && !HAVE_RENESAS_SYNC */ + + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else + wc_AesFree(enc); +#endif +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else + wc_AesFree(dec); +#endif +#endif + + return ret; +} +#endif /* HAVE_AES_CBC */ + +#if defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT) +static wc_test_ret_t aes_ecb_direct_test(void) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *enc = NULL; +#else + Aes enc[1]; +#endif +#if !defined(HAVE_AES_DECRYPT) || \ + (defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC)) + Aes *dec = NULL; +#else + Aes dec[1]; +#endif + byte cipher[WC_AES_BLOCK_SIZE]; + byte plain [WC_AES_BLOCK_SIZE]; + wc_test_ret_t ret = 0; + + WOLFSSL_ENTER("aes_ecb/direct_test"); + +#if !defined(WOLFSSL_SMALL_STACK) || defined(WOLFSSL_NO_MALLOC) + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#else + ret = wc_AesInit(enc, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + ret = wc_AesInit(dec, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + +#ifdef HAVE_AES_ECB + ret = aes_ecb_test(enc, dec, cipher, plain); + if (ret != 0) + return ret; +#endif + +#ifdef WOLFSSL_AES_DIRECT + ret = aes_direct_test(enc, dec, cipher, plain); + if (ret != 0) + return ret; +#endif + + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); + wc_AesDelete(dec, &dec); +#else + wc_AesFree(enc); + wc_AesFree(dec); +#endif + + return ret; +} +#endif /* HAVE_AES_ECB || WOLFSSL_AES_DIRECT */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void) +{ + wc_test_ret_t ret = 0; + + WOLFSSL_ENTER("aes_test"); + +#ifndef HAVE_RENESAS_SYNC + ret = aes_key_size_test(); + if (ret != 0) + goto out; +#endif + +#if defined(HAVE_AES_ECB) || defined(WOLFSSL_AES_DIRECT) + ret = aes_ecb_direct_test(); + if (ret != 0) + return ret; +#endif + + out: + return ret; +} + +#if defined(WOLFSSL_AES_CFB) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void) +{ + int ret; + WOLFSSL_ENTER("aes_cfb_test"); + + ret = aescfb_test_0(); + if (ret != 0) + return ret; +#if !defined(WOLFSSL_NO_AES_CFB_1_8) + ret = aescfb1_test(); + if (ret != 0) + return ret; + + ret = aescfb8_test(); + if (ret != 0) + return ret; +#endif + return 0; +} +#endif + +#if defined(WOLFSSL_AES_XTS) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void) +{ + int ret = 0; + WOLFSSL_ENTER("aes_xts_test"); + + #ifdef WOLFSSL_AES_128 + ret = aes_xts_128_test(); + if (ret != 0) + return ret; + #endif + +/* FIPS won't allow for XTS-384 (two 192-bit keys) */ +#ifndef HAVE_FIPS + #ifdef WOLFSSL_AES_192 + ret = aes_xts_192_test(); + if (ret != 0) + return ret; + #endif +#endif + + #ifdef WOLFSSL_AES_256 + ret = aes_xts_256_test(); + if (ret != 0) + return ret; + #endif + #if defined(WOLFSSL_AES_128) && defined(WOLFSSL_AES_256) + ret = aes_xts_sector_test(); + if (ret != 0) + return ret; + #endif + #ifdef WOLFSSL_AES_128 + ret = aes_xts_args_test(); + if (ret != 0) + return ret; + #endif + return 0; +} +#endif + +#ifdef WOLFSSL_AES_192 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void) +{ + wc_test_ret_t ret = 0; +#ifdef HAVE_AES_CBC +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *enc = NULL; +#else + Aes enc[1]; +#endif + byte cipher[WC_AES_BLOCK_SIZE]; +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *dec = NULL; +#else + Aes dec[1]; +#endif + byte plain[WC_AES_BLOCK_SIZE]; +#endif + + /* Test vectors from NIST Special Publication 800-38A, 2001 Edition + * Appendix F.2.3 */ + + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = + { + 0x4f,0x02,0x1d,0xb2,0x43,0xbc,0x63,0x3d, + 0x71,0x78,0x18,0x3a,0x9f,0xa0,0x71,0xe8 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key[] = { + 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b + }; + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F + }; + WOLFSSL_ENTER("aes192_test"); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif + ret = wc_AesInit(enc, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + ret = wc_AesInit(dec, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + + ret = wc_AesSetKey(enc, key, (int) sizeof(key), iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + ret = wc_AesSetKey(dec, key, (int) sizeof(key), iv, AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + + XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE); + ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef HAVE_AES_DECRYPT + XMEMSET(plain, 0, WC_AES_BLOCK_SIZE); + ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(plain, msg, (int) sizeof(plain))) { + WOLFSSL_MSG("failed wc_AesCbcDecrypt plain-msg compare"); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif + + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else + wc_AesFree(enc); +#endif +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else + wc_AesFree(dec); +#endif +#endif +#endif /* HAVE_AES_CBC */ + + return ret; +} +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void) +{ +#ifdef HAVE_AES_CBC +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *enc = NULL; +#else + Aes enc[1]; +#endif + byte cipher[WC_AES_BLOCK_SIZE]; +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *dec = NULL; +#else + Aes dec[1]; +#endif + byte plain[WC_AES_BLOCK_SIZE]; +#endif +#endif /* HAVE_AES_CBC */ + wc_test_ret_t ret = 0; + +#ifdef HAVE_AES_CBC + /* Test vectors from NIST Special Publication 800-38A, 2001 Edition, + * Appendix F.2.5 */ + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = + { + 0xf5,0x8c,0x4c,0x04,0xd6,0xe5,0xf1,0xba, + 0x77,0x9e,0xab,0xfb,0x5f,0x7b,0xfb,0xd6 + }; +#ifdef HAVE_RENESAS_SYNC + byte *key = + (byte*)guser_PKCbInfo.wrapped_key_aes256; + int keySz = (256/8); +#else + WOLFSSL_SMALL_STACK_STATIC const byte key[] = { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + int keySz = (int)sizeof(key); +#endif + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0A,0x0B,0x0C,0x0D,0x0E,0x0F + }; + WOLFSSL_ENTER("aes256_test"); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#else + XMEMSET(enc, 0, sizeof(Aes)); + #ifdef HAVE_AES_DECRYPT + XMEMSET(dec, 0, sizeof(Aes)); + #endif + ret = wc_AesInit(enc, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifdef HAVE_AES_DECRYPT + ret = wc_AesInit(dec, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + + ret = wc_AesSetKey(enc, key, (word32)keySz, iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + ret = wc_AesSetKey(dec, key, (word32)keySz, iv, AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + + XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE); + ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + XMEMSET(plain, 0, WC_AES_BLOCK_SIZE); + ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(plain, msg, (int) sizeof(plain))) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif +#ifndef HAVE_RENESAS_SYNC + if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) + ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + ret = wc_AesSetKey(dec, key, keySz, iv, AES_DECRYPTION); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + + XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE); + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + XMEMSET(plain, 0, WC_AES_BLOCK_SIZE); + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(plain, msg, (int) sizeof(plain))) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif +#ifndef HAVE_RENESAS_SYNC + if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + ret = wc_AesSetKey(enc, key, keySz, iv, AES_ENCRYPTION); + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + ret = wc_AesSetKey(dec, key, keySz, iv, AES_DECRYPTION); + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + + XMEMSET(cipher, 0, WC_AES_BLOCK_SIZE); + ret = wc_AesCbcEncrypt(enc, cipher, msg, (int) sizeof(msg)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + XMEMSET(plain, 0, WC_AES_BLOCK_SIZE); + ret = wc_AesCbcDecrypt(dec, plain, cipher, (int) sizeof(cipher)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(plain, msg, (int) sizeof(plain))) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif +#ifndef HAVE_RENESAS_SYNC + if (XMEMCMP(cipher, verify, (int) sizeof(cipher))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + +#endif /* DEBUG_VECTOR_REGISTER_ACCESS && WC_C_DYNAMIC_FALLBACK */ + + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else + wc_AesFree(enc); +#endif +#ifdef HAVE_AES_DECRYPT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(dec, &dec); +#else + wc_AesFree(dec); +#endif +#endif +#endif /* HAVE_AES_CBC */ + + return ret; +} +#endif /* WOLFSSL_AES_256 */ + + +#ifdef HAVE_AESGCM + +#ifdef WOLFSSL_AES_128 +static wc_test_ret_t aesgcm_default_test_helper(byte* key, int keySz, byte* iv, int ivSz, + byte* plain, int plainSz, byte* cipher, int cipherSz, + byte* aad, int aadSz, byte* tag, int tagSz) +{ + wc_test_ret_t ret; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *enc = NULL; + Aes *dec = NULL; +#else + Aes enc[1]; + Aes dec[1]; +#endif + + byte resultT[WC_AES_BLOCK_SIZE]; + byte resultP[WC_AES_BLOCK_SIZE * 3]; + byte resultC[WC_AES_BLOCK_SIZE * 3]; + + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + XMEMSET(resultP, 0, sizeof(resultP)); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#else + XMEMSET(enc, 0, sizeof(Aes)); + XMEMSET(dec, 0, sizeof(Aes)); + ret = wc_AesInit(enc, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesInit(dec, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + + ret = wc_AesGcmSetKey(enc, key, (word32)keySz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + ret = wc_AesGcmEncrypt(enc, resultC, plain, (word32)plainSz, iv, (word32)ivSz, + resultT, (word32)tagSz, aad, (word32)aadSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (cipher != NULL) { + if (XMEMCMP(cipher, resultC, (word32)cipherSz)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + if (XMEMCMP(tag, resultT, (unsigned long)tagSz)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + ret = wc_AesGcmEncrypt(enc, resultC, plain, plainSz, iv, ivSz, + resultT, tagSz, aad, aadSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (cipher != NULL) { + if (XMEMCMP(cipher, resultC, (unsigned long)cipherSz)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + if (XMEMCMP(tag, resultT, tagSz)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmSetKey(dec, key, (word32)keySz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)cipherSz, + iv, (word32)ivSz, resultT, (word32)tagSz, aad, (word32)aadSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (plain != NULL) { + if (XMEMCMP(plain, resultP, (unsigned long)plainSz)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + +#if defined(DEBUG_VECTOR_REGISTER_ACCESS) && defined(WC_C_DYNAMIC_FALLBACK) + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(WC_NO_ERR_TRACE(SYSLIB_FAILED_E)); + ret = wc_AesGcmDecrypt(dec, resultP, resultC, cipherSz, + iv, ivSz, resultT, tagSz, aad, aadSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + WC_DEBUG_SET_VECTOR_REGISTERS_RETVAL(0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (plain != NULL) { + if (XMEMCMP(plain, resultP, (unsigned long)plainSz)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif + +#endif /* HAVE_AES_DECRYPT */ + + ret = 0; + + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); + wc_AesDelete(dec, &dec); +#else + wc_AesFree(enc); + wc_AesFree(dec); +#endif + + return ret; +} +#endif + + +/* tests that only use 12 byte IV and 16 or less byte AAD + * test vectors are from NIST SP 800-38D + * https://csrc.nist.gov/Projects/Cryptographic-Algorithm-Validation-Program/CAVP-TESTING-BLOCK-CIPHER-MODES*/ +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_default_test(void) +{ +#ifdef WOLFSSL_AES_128 + byte key1[] = { + 0x29, 0x8e, 0xfa, 0x1c, 0xcf, 0x29, 0xcf, 0x62, + 0xae, 0x68, 0x24, 0xbf, 0xc1, 0x95, 0x57, 0xfc + }; + + byte iv1[] = { + 0x6f, 0x58, 0xa9, 0x3f, 0xe1, 0xd2, 0x07, 0xfa, + 0xe4, 0xed, 0x2f, 0x6d + }; + + ALIGN64 byte plain1[] = { + 0xcc, 0x38, 0xbc, 0xcd, 0x6b, 0xc5, 0x36, 0xad, + 0x91, 0x9b, 0x13, 0x95, 0xf5, 0xd6, 0x38, 0x01, + 0xf9, 0x9f, 0x80, 0x68, 0xd6, 0x5c, 0xa5, 0xac, + 0x63, 0x87, 0x2d, 0xaf, 0x16, 0xb9, 0x39, 0x01 + }; + + byte aad1[] = { + 0x02, 0x1f, 0xaf, 0xd2, 0x38, 0x46, 0x39, 0x73, + 0xff, 0xe8, 0x02, 0x56, 0xe5, 0xb1, 0xc6, 0xb1 + }; + + ALIGN64 byte cipher1[] = { + 0xdf, 0xce, 0x4e, 0x9c, 0xd2, 0x91, 0x10, 0x3d, + 0x7f, 0xe4, 0xe6, 0x33, 0x51, 0xd9, 0xe7, 0x9d, + 0x3d, 0xfd, 0x39, 0x1e, 0x32, 0x67, 0x10, 0x46, + 0x58, 0x21, 0x2d, 0xa9, 0x65, 0x21, 0xb7, 0xdb + }; + + byte tag1[] = { + 0x54, 0x24, 0x65, 0xef, 0x59, 0x93, 0x16, 0xf7, + 0x3a, 0x7a, 0x56, 0x05, 0x09, 0xa2, 0xd9, 0xf2 + }; + + byte key2[] = { + 0x01, 0x6d, 0xbb, 0x38, 0xda, 0xa7, 0x6d, 0xfe, + 0x7d, 0xa3, 0x84, 0xeb, 0xf1, 0x24, 0x03, 0x64 + }; + + byte iv2[] = { + 0x07, 0x93, 0xef, 0x3a, 0xda, 0x78, 0x2f, 0x78, + 0xc9, 0x8a, 0xff, 0xe3 + }; + + ALIGN64 byte plain2[] = { + 0x4b, 0x34, 0xa9, 0xec, 0x57, 0x63, 0x52, 0x4b, + 0x19, 0x1d, 0x56, 0x16, 0xc5, 0x47, 0xf6, 0xb7 + }; + + ALIGN64 byte cipher2[] = { + 0x60, 0x9a, 0xa3, 0xf4, 0x54, 0x1b, 0xc0, 0xfe, + 0x99, 0x31, 0xda, 0xad, 0x2e, 0xe1, 0x5d, 0x0c + }; + + byte tag2[] = { + 0x33, 0xaf, 0xec, 0x59, 0xc4, 0x5b, 0xaf, 0x68, + 0x9a, 0x5e, 0x1b, 0x13, 0xae, 0x42, 0x36, 0x19 + }; + + byte key3[] = { + 0xb0, 0x1e, 0x45, 0xcc, 0x30, 0x88, 0xaa, 0xba, + 0x9f, 0xa4, 0x3d, 0x81, 0xd4, 0x81, 0x82, 0x3f + }; + + byte iv3[] = { + 0x5a, 0x2c, 0x4a, 0x66, 0x46, 0x87, 0x13, 0x45, + 0x6a, 0x4b, 0xd5, 0xe1 + }; + + byte tag3[] = { + 0x01, 0x42, 0x80, 0xf9, 0x44, 0xf5, 0x3c, 0x68, + 0x11, 0x64, 0xb2, 0xff + }; + + wc_test_ret_t ret; + WOLFSSL_ENTER("aesgcm_default_test"); + + ret = aesgcm_default_test_helper(key1, sizeof(key1), iv1, sizeof(iv1), + plain1, sizeof(plain1), cipher1, sizeof(cipher1), + aad1, sizeof(aad1), tag1, sizeof(tag1)); + if (ret != 0) { + return ret; + } + ret = aesgcm_default_test_helper(key2, sizeof(key2), iv2, sizeof(iv2), + plain2, sizeof(plain2), cipher2, sizeof(cipher2), + NULL, 0, tag2, sizeof(tag2)); + if (ret != 0) { + return ret; + } + ret = aesgcm_default_test_helper(key3, sizeof(key3), iv3, sizeof(iv3), + NULL, 0, NULL, 0, + NULL, 0, tag3, sizeof(tag3)); + if (ret != 0) { + return ret; + } +#endif + + return 0; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *enc = NULL; + Aes *dec = NULL; +#else + Aes enc[1]; + Aes dec[1]; +#endif + + /* + * This is Test Case 16 from the document Galois/ + * Counter Mode of Operation (GCM) by McGrew and + * Viega. + */ + WOLFSSL_SMALL_STACK_STATIC const byte p[] = + { + 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5, + 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a, + 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda, + 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72, + 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53, + 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25, + 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57, + 0xba, 0x63, 0x7b, 0x39 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte a[] = + { + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef, + 0xab, 0xad, 0xda, 0xd2 + }; + +#ifdef WOLFSSL_AES_256 +#ifdef HAVE_RENESAS_SYNC + const byte *k1 = (byte*)guser_PKCbInfo.wrapped_key_aes256; + int k1Sz = (int)(256/8); +#else + WOLFSSL_SMALL_STACK_STATIC const byte k1[] = + { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 + }; + int k1Sz = (int)sizeof(k1); +#endif +#endif /* WOLFSSL_AES_256 */ + WOLFSSL_SMALL_STACK_STATIC const byte iv1[] = + { + 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad, + 0xde, 0xca, 0xf8, 0x88 + }; + +#if defined(WOLFSSL_AES_256) || (defined(WOLFSSL_AES_192) && \ + defined(HAVE_AES_DECRYPT)) + WOLFSSL_SMALL_STACK_STATIC const byte c1[] = + { + 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07, + 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d, + 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9, + 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa, + 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d, + 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38, + 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a, + 0xbc, 0xc9, 0xf6, 0x62 + }; +#endif /* WOLFSSL_AES_256 || WOLFSSL_AES_192 */ + + WOLFSSL_SMALL_STACK_STATIC const byte t1[] = + { + 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68, + 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b + }; + + /* FIPS, QAT and PIC32MZ HW Crypto only support 12-byte IV */ +#if !defined(HAVE_FIPS) && \ + !defined(WOLFSSL_PIC32MZ_CRYPT) && \ + !defined(FREESCALE_LTC) && !defined(FREESCALE_MMCAU) && \ + !defined(WOLFSSL_XILINX_CRYPT) && !defined(WOLFSSL_AFALG_XILINX_AES) && \ + !defined(WOLFSSL_SILABS_SE_ACCEL) && !defined(WOLFSSL_KCAPI_AES) && \ + !(defined(WOLF_CRYPTO_CB) && \ + (defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC))) + + #define ENABLE_NON_12BYTE_IV_TEST +#ifdef WOLFSSL_AES_192 + /* Test Case 12, uses same plaintext and AAD data. */ + WOLFSSL_SMALL_STACK_STATIC const byte k2[] = + { + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c, + 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08, + 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c + }; + + WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = + { + 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5, + 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa, + 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1, + 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28, + 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39, + 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54, + 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57, + 0xa6, 0x37, 0xb3, 0x9b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte c2[] = + { + 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c, + 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff, + 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef, + 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45, + 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9, + 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3, + 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7, + 0xe9, 0xb7, 0x37, 0x3b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte t2[] = + { + 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb, + 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 + }; +#endif /* WOLFSSL_AES_192 */ +#if defined(WOLFSSL_AES_128) && !defined(WOLFSSL_AFALG_XILINX_AES) + /* The following is an interesting test case from the example + * FIPS test vectors for AES-GCM. IVlen = 1 byte + * k3 and p3 below, are also part of this. */ + WOLFSSL_SMALL_STACK_STATIC const byte iv3[] = + { + 0xca + }; + + WOLFSSL_SMALL_STACK_STATIC const byte c3[] = + { + 0x6b, 0x5f, 0xb3, 0x9d, 0xc1, 0xc5, 0x7a, 0x4f, + 0xf3, 0x51, 0x4d, 0xc2, 0xd5, 0xf0, 0xd0, 0x07 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte a3[] = + { + 0x40, 0xfc, 0xdc, 0xd7, 0x4a, 0xd7, 0x8b, 0xf1, + 0x3e, 0x7c, 0x60, 0x55, 0x50, 0x51, 0xdd, 0x54 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte t3[] = + { + 0x06, 0x90, 0xed, 0x01, 0x34, 0xdd, 0xc6, 0x95, + 0x31, 0x2e, 0x2a, 0xf9, 0x57, 0x7a, 0x1e, 0xa6 + }; +#endif /* WOLFSSL_AES_128 */ +#ifdef WOLFSSL_AES_256 + int ivlen; +#endif +#endif +#if defined(WOLFSSL_AES_128) && !defined(WOLFSSL_AFALG_XILINX_AES) +#ifdef HAVE_RENESAS_SYNC + const byte *k3 = + (byte*)guser_PKCbInfo.wrapped_key_aes128; + int k3Sz = (int)(128/8); +#else + WOLFSSL_SMALL_STACK_STATIC const byte k3[] = + { + 0xbb, 0x01, 0xd7, 0x03, 0x81, 0x1c, 0x10, 0x1a, + 0x35, 0xe0, 0xff, 0xd2, 0x91, 0xba, 0xf2, 0x4b + }; + int k3Sz = (int)sizeof(k3); +#endif + + WOLFSSL_SMALL_STACK_STATIC const byte p3[] = + { + 0x57, 0xce, 0x45, 0x1f, 0xa5, 0xe2, 0x35, 0xa5, + 0x8e, 0x1a, 0xa2, 0x3b, 0x77, 0xcb, 0xaf, 0xe2 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte c3_3[] = + { + 0x79, 0xa7, 0x08, 0xd4, 0xad, 0x1f, 0x3b, 0xac, + 0x70, 0x16, 0x64, 0x40, 0xde, 0x03, 0xed, 0xea + }; + + WOLFSSL_SMALL_STACK_STATIC const byte t3_3[] = + { + 0x39, 0xb1, 0x1e, 0x73, 0x18, 0xda, 0x04, 0x75, + 0xa1, 0xed, 0x52, 0xb9, 0x0d, 0x5c, 0xe7, 0x28 + }; +#endif /* WOLFSSL_AES_128 */ + + + byte resultT[sizeof(t1) + WC_AES_BLOCK_SIZE]; + byte resultP[sizeof(p) + WC_AES_BLOCK_SIZE]; + byte resultC[sizeof(p) + WC_AES_BLOCK_SIZE]; + wc_test_ret_t ret = 0; + + int alen = 0; + int plen = 0; +#if defined(ENABLE_NON_12BYTE_IV_TEST) && defined(WOLFSSL_AES_128) + int tlen = 0; +#endif +#if defined(WOLFSSL_XILINX_CRYPT_VERSAL) + byte buf[sizeof(p) + WC_AES_BLOCK_SIZE]; + byte bufA[sizeof(a) + 1]; + byte *large_aad = (byte*)XMALLOC((size_t)1024 + 16, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) + #if !defined(BENCH_AESGCM_LARGE) + #define BENCH_AESGCM_LARGE 1024 + #endif + +#ifndef WOLFSSL_NO_MALLOC + byte *large_input = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *large_output = (byte *)XMALLOC(BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *large_outdec = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + (void)alen; + (void)plen; + + if ((! large_input) || (! large_output) || (! large_outdec)) + ERROR_OUT(MEMORY_E, out); + +#else + byte large_input[BENCH_AESGCM_LARGE]; + byte large_output[BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE]; + byte large_outdec[BENCH_AESGCM_LARGE]; +#endif + + XMEMSET(large_input, 0, BENCH_AESGCM_LARGE); + XMEMSET(large_output, 0, BENCH_AESGCM_LARGE + WC_AES_BLOCK_SIZE); + XMEMSET(large_outdec, 0, BENCH_AESGCM_LARGE); +#endif + WOLFSSL_ENTER("aesgcm_test"); + + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + XMEMSET(resultP, 0, sizeof(resultP)); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + dec = wc_AesNew(HEAP_HINT, devId, &ret); + if (dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#else + ret = wc_AesInit(enc, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesInit(dec, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + +#if defined(WOLFSSL_AES_128) && !defined(WOLFSSL_AFALG_XILINX_AES) + ret = wc_AesGcmSetKey(enc, k3, (word32)k3Sz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + ret = wc_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv1, sizeof(iv1), + resultT, sizeof(t3_3), NULL, 0); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifndef HAVE_RENESAS_SYNC + if (XMEMCMP(c3_3, resultC, sizeof(c3_3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(t3_3, resultT, sizeof(t3_3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmSetKey(dec, k3, (word32)k3Sz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c3_3), + iv1, sizeof(iv1), resultT, sizeof(t3_3), NULL, 0); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p3, resultP, sizeof(p3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ +#endif + +#ifdef WOLFSSL_AES_256 + ret = wc_AesGcmSetKey(enc, k1, (word32)k1Sz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1), + resultT, sizeof(t1), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifndef HAVE_RENESAS_SYNC + if (XMEMCMP(c1, resultC, sizeof(c1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(t1, resultT, sizeof(t1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmSetKey(dec, k1, (word32)k1Sz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), + iv1, sizeof(iv1), resultT, sizeof(t1), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p, resultP, sizeof(p))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ + + /* Large buffer test */ +#ifdef BENCH_AESGCM_LARGE + /* setup test buffer */ + for (alen=0; alenasyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmDecrypt(dec, large_outdec, large_output, + BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT, + sizeof(t1), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif /* HAVE_AES_DECRYPT */ +#endif /* BENCH_AESGCM_LARGE */ +#if defined(ENABLE_NON_12BYTE_IV_TEST) && defined(WOLFSSL_AES_256) + /* Variable IV length test */ + for (ivlen=1; ivlenasyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), k1, + (word32)ivlen, resultT, sizeof(t1), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif /* HAVE_AES_DECRYPT */ + } +#endif + +#if !(defined(WOLF_CRYPTO_CB) && defined(HAVE_INTEL_QA_SYNC)) + /* Variable authenticated data length test */ + for (alen=0; alen<(int)sizeof(p); alen++) { + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, + sizeof(iv1), resultT, sizeof(t1), p, (word32)alen); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), iv1, + sizeof(iv1), resultT, sizeof(t1), p, (word32)alen); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif /* HAVE_AES_DECRYPT */ + } +#if defined(WOLFSSL_XILINX_CRYPT_VERSAL) + if (! large_aad) + ERROR_OUT(MEMORY_E, out); + XMEMSET(large_aad, 0, 1024+16); + /* Variable authenticated data length test */ + for (alen=0; alen<=1024; alen+=16) { + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, + sizeof(iv1), resultT, sizeof(t1), large_aad, (word32)alen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmDecrypt(dec, resultP, resultC, sizeof(c1), iv1, + sizeof(iv1), resultT, sizeof(t1), large_aad, (word32)alen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif /* HAVE_AES_DECRYPT */ + } + + /* Test unaligned memory of all potential arguments */ + ret = wc_AesGcmSetKey(enc, k1, k1Sz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + XMEMCPY(&buf[1], p, sizeof(p)); + XMEMCPY(&bufA[1], a, sizeof(a)); + ret = wc_AesGcmEncrypt(enc, &resultC[1], &buf[1], sizeof(p), iv1, sizeof(iv1), + &resultT[1], sizeof(t1), &bufA[1], sizeof(a)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c1, &resultC[1], sizeof(c1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(t1, &resultT[1], sizeof(t1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmSetKey(dec, k1, k1Sz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesGcmDecrypt(dec, &resultP[1], &resultC[1], sizeof(c1), + iv1, sizeof(iv1), &resultT[1], sizeof(t1), &bufA[1], sizeof(a)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p, &resultP[1], sizeof(p))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ + +#endif /* Xilinx Versal */ +#endif + +#if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) +#ifdef BENCH_AESGCM_LARGE + /* Variable plain text length test */ + for (plen=1; plenasyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmDecrypt(dec, large_outdec, large_output, + (word32)plen, iv1, sizeof(iv1), resultT, + sizeof(t1), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif /* HAVE_AES_DECRYPT */ + } +#else /* BENCH_AESGCM_LARGE */ + /* Variable plain text length test */ + for (plen=1; plen<(int)sizeof(p); plen++) { + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + ret = wc_AesGcmEncrypt(enc, resultC, p, (word32)plen, iv1, + sizeof(iv1), resultT, sizeof(t1), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmDecrypt(dec, resultP, resultC, (word32)plen, iv1, + sizeof(iv1), resultT, sizeof(t1), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif /* HAVE_AES_DECRYPT */ + } +#endif /* BENCH_AESGCM_LARGE */ +#endif +#endif /* WOLFSSL_AES_256 */ + + /* test with IV != 12 bytes */ +#ifdef ENABLE_NON_12BYTE_IV_TEST + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + XMEMSET(resultP, 0, sizeof(resultP)); + +#ifdef WOLFSSL_AES_192 + wc_AesGcmSetKey(enc, k2, sizeof(k2)); + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv2, sizeof(iv2), + resultT, sizeof(t1), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c2, resultC, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(t2, resultT, sizeof(t1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c1), + iv2, sizeof(iv2), resultT, sizeof(t1), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p, resultP, sizeof(p))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ + + /* Large buffer test */ +#ifdef BENCH_AESGCM_LARGE + wc_AesGcmSetKey(enc, k2, (word32)sizeof(k2)); + wc_AesGcmSetKey(dec, k2, (word32)sizeof(k2)); + /* setup test buffer */ + for (alen=0; alenasyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmDecrypt(dec, large_outdec, large_output, + BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT, + sizeof(t1), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ +#endif /* BENCH_AESGCM_LARGE */ + + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + XMEMSET(resultP, 0, sizeof(resultP)); +#endif /* WOLFSSL_AES_192 */ +#ifdef WOLFSSL_AES_128 + wc_AesGcmSetKey(enc, k3, (word32)k3Sz); + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + ret = wc_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3), + resultT, sizeof(t3), a3, sizeof(a3)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifndef HAVE_RENESAS_SYNC + if (XMEMCMP(c3, resultC, sizeof(c3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(t3, resultT, sizeof(t3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3), + iv3, sizeof(iv3), resultT, sizeof(t3), a3, sizeof(a3)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p3, resultP, sizeof(p3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ + + for (tlen = WOLFSSL_MIN_AUTH_TAG_SZ; tlen < 16; tlen++) { + int ii; + + XMEMSET(resultT, 0, sizeof(resultT)); + wc_AesGcmSetKey(enc, k3, (word32)k3Sz); + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + ret = wc_AesGcmEncrypt(enc, resultC, p3, sizeof(p3), iv3, sizeof(iv3), + resultT, tlen, a3, sizeof(a3)); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #ifndef HAVE_RENESAS_SYNC + if (XMEMCMP(c3, resultC, sizeof(c3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(t3, resultT, tlen)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + for (ii = tlen; ii < 16; ii++) { + if (resultT[ii] != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + #endif + #ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(c3), + iv3, sizeof(iv3), resultT, tlen, a3, sizeof(a3)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p3, resultP, sizeof(p3))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #endif + } + + /* Large buffer test */ +#ifdef BENCH_AESGCM_LARGE + wc_AesGcmSetKey(enc, k3, (word32)k3Sz); + wc_AesGcmSetKey(dec, k3, (word32)k3Sz); + /* setup test buffer */ + for (alen=0; alenasyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmDecrypt(dec, large_outdec, large_output, + BENCH_AESGCM_LARGE, iv1, sizeof(iv1), resultT, + sizeof(t1), a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ +#endif /* BENCH_AESGCM_LARGE */ +#endif /* WOLFSSL_AES_128 */ +#endif /* ENABLE_NON_12BYTE_IV_TEST */ + +#if defined(WOLFSSL_AES_256) && !defined(WOLFSSL_AFALG_XILINX_AES) && \ + !defined(WOLFSSL_XILINX_CRYPT) && \ + !(defined(WOLF_CRYPTO_CB) && \ + defined(HAVE_INTEL_QA_SYNC) || defined(HAVE_CAVIUM_OCTEON_SYNC)) + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + XMEMSET(resultP, 0, sizeof(resultP)); + + wc_AesGcmSetKey(enc, k1, (word32)k1Sz); + /* AES-GCM encrypt and decrypt both use AES encrypt internally */ + ret = wc_AesGcmEncrypt(enc, resultC, p, sizeof(p), iv1, sizeof(iv1), + resultT + 1, sizeof(t1) - 1, a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifndef HAVE_RENESAS_SYNC + if (XMEMCMP(c1, resultC, sizeof(c1))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(t1, resultT + 1, sizeof(t1) - 1)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmDecrypt(enc, resultP, resultC, sizeof(p), + iv1, sizeof(iv1), resultT + 1, sizeof(t1) - 1, a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p, resultP, sizeof(p))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ +#endif /* WOLFSSL_AES_256 */ + +#if !defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + /* Test encrypt with internally generated IV */ +#if defined(WOLFSSL_AES_256) && !(defined(WC_NO_RNG) || defined(HAVE_SELFTEST)) \ + && !(defined(WOLF_CRYPTO_CB) && defined(HAVE_CAVIUM_OCTEON_SYNC)) + { + WC_RNG rng; + byte randIV[12]; + + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + XMEMSET(randIV, 0, sizeof(randIV)); + XMEMSET(resultT, 0, sizeof(resultT)); + XMEMSET(resultC, 0, sizeof(resultC)); + XMEMSET(resultP, 0, sizeof(resultP)); + + wc_AesGcmSetKey(enc, k1, (word32)k1Sz); + ret = wc_AesGcmSetIV(enc, sizeof(randIV), NULL, 0, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesGcmEncrypt_ex(enc, + resultC, p, sizeof(p), + randIV, sizeof(randIV), + resultT, sizeof(t1), + a, sizeof(a)); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &enc->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* Check the IV has been set. */ + { + word32 i, ivSum = 0; + + for (i = 0; i < sizeof(randIV); i++) + ivSum += randIV[i]; + if (ivSum == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + +#ifdef HAVE_AES_DECRYPT + wc_AesGcmSetKey(dec, k1, (word32)k1Sz); + ret = wc_AesGcmSetIV(dec, sizeof(randIV), NULL, 0, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesGcmDecrypt(dec, + resultP, resultC, sizeof(c1), + randIV, sizeof(randIV), + resultT, sizeof(t1), + a, sizeof(a)); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &dec->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p, resultP, sizeof(p))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ + + wc_FreeRng(&rng); + } +#endif /* WOLFSSL_AES_256 && !(WC_NO_RNG || HAVE_SELFTEST) */ +#endif /* HAVE_FIPS_VERSION >= 2 */ + +#if !defined(WOLFSSL_AFALG_XILINX_AES) && !defined(WOLFSSL_XILINX_CRYPT) +#ifdef WOLFSSL_AES_256 +#ifdef WOLFSSL_AESGCM_STREAM + ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesGcmEncryptUpdate(enc, resultC, p, sizeof(p), a, sizeof(a)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(resultC, c1, sizeof(c1)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(resultT, t1, sizeof(t1)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesGcmDecryptUpdate(enc, resultP, c1, sizeof(c1), a, sizeof(a)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(resultP, p, sizeof(p)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + /* alen is the size to pass in with each update. */ + for (alen = 1; alen < WC_AES_BLOCK_SIZE + 1; alen++) { + ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* plen is the offset into AAD to update with. */ + for (plen = 0; plen < (int)sizeof(a); plen += alen) { + int len = sizeof(a) - plen; + if (len > alen) len = alen; + ret = wc_AesGcmEncryptUpdate(enc, NULL, NULL, 0, a + plen, (word32)len); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + /* plen is the offset into plaintext to update with. */ + for (plen = 0; plen < (int)sizeof(p); plen += alen) { + int len = sizeof(p) - plen; + if (len > alen) len = alen; + ret = wc_AesGcmEncryptUpdate(enc, resultC + plen, p + plen, (word32)len, + NULL, 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + ret = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(resultC, c1, sizeof(c1)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(resultT, t1, sizeof(t1)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + +#ifdef HAVE_AES_DECRYPT + for (alen = 1; alen < WC_AES_BLOCK_SIZE + 1; alen++) { + ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* plen is the offset into AAD to update with. */ + for (plen = 0; plen < (int)sizeof(a); plen += alen) { + int len = sizeof(a) - plen; + if (len > alen) len = alen; + ret = wc_AesGcmDecryptUpdate(enc, NULL, NULL, 0, a + plen, (word32)len); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + /* plen is the offset into cipher text to update with. */ + for (plen = 0; plen < (int)sizeof(c1); plen += alen) { + int len = sizeof(c1) - plen; + if (len > alen) len = alen; + ret = wc_AesGcmDecryptUpdate(enc, resultP + plen, c1 + plen, (word32)len, + NULL, 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + ret = wc_AesGcmDecryptFinal(enc, t1, sizeof(t1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(resultP, p, sizeof(p)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif /* HAVE_AES_DECRYPT */ +#ifdef BENCH_AESGCM_LARGE + /* setup test buffer */ + ret = wc_AesGcmEncryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesGcmEncryptUpdate(enc, large_output, large_input, + BENCH_AESGCM_LARGE, a, sizeof(a)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesGcmEncryptFinal(enc, resultT, sizeof(t1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + ret = wc_AesGcmDecryptInit(enc, k1, sizeof(k1), iv1, sizeof(iv1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesGcmDecryptUpdate(enc, large_outdec, large_output, + BENCH_AESGCM_LARGE, a, sizeof(a)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesGcmDecryptFinal(enc, resultT, sizeof(t1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(large_input, large_outdec, BENCH_AESGCM_LARGE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ +#endif /* BENCH_AESGCM_LARGE */ +#endif /* WOLFSSL_AESGCM_STREAM */ +#endif /* WOLFSSL_AES_256 */ +#endif /* !WOLFSSL_AFALG_XILINX_AES && !WOLFSSL_XILINX_CRYPT */ + + ret = 0; + + out: + +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_NO_MALLOC) + XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(large_output, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(large_outdec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); + wc_AesDelete(dec, &dec); +#else + wc_AesFree(enc); + wc_AesFree(dec); +#endif + + return ret; +} + +#ifdef WOLFSSL_AES_128 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Gmac *gmac = NULL; +#else + Gmac gmac[1]; +#endif + wc_test_ret_t ret; + + WOLFSSL_SMALL_STACK_STATIC const byte k1[] = + { + 0x89, 0xc9, 0x49, 0xe9, 0xc8, 0x04, 0xaf, 0x01, + 0x4d, 0x56, 0x04, 0xb3, 0x94, 0x59, 0xf2, 0xc8 + }; + WOLFSSL_SMALL_STACK_STATIC const byte iv1[] = + { + 0xd1, 0xb1, 0x04, 0xc8, 0x15, 0xbf, 0x1e, 0x94, + 0xe2, 0x8c, 0x8f, 0x16 + }; + WOLFSSL_SMALL_STACK_STATIC const byte a1[] = + { + 0x82, 0xad, 0xcd, 0x63, 0x8d, 0x3f, 0xa9, 0xd9, + 0xf3, 0xe8, 0x41, 0x00, 0xd6, 0x1e, 0x07, 0x77 + }; + WOLFSSL_SMALL_STACK_STATIC const byte t1[] = + { + 0x88, 0xdb, 0x9d, 0x62, 0x17, 0x2e, 0xd0, 0x43, + 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b + }; + WOLFSSL_SMALL_STACK_STATIC const byte t1_15[] = + { + 0x90, 0xda, 0xdf, 0xff, 0x3b, 0x24, 0x7d, 0x13, + 0xbb, 0xb8, 0x1c, 0xca, 0x87, 0x9c, 0x9a, 0xa7 + }; + +#if (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) + + /* FIPS builds only allow 16-byte auth tags. */ + /* This sample uses a 15-byte auth tag. */ + WOLFSSL_SMALL_STACK_STATIC const byte k2[] = + { + 0x40, 0xf7, 0xec, 0xb2, 0x52, 0x6d, 0xaa, 0xd4, + 0x74, 0x25, 0x1d, 0xf4, 0x88, 0x9e, 0xf6, 0x5b + }; + WOLFSSL_SMALL_STACK_STATIC const byte iv2[] = + { + 0xee, 0x9c, 0x6e, 0x06, 0x15, 0x45, 0x45, 0x03, + 0x1a, 0x60, 0x24, 0xa7 + }; + WOLFSSL_SMALL_STACK_STATIC const byte a2[] = + { + 0x94, 0x81, 0x2c, 0x87, 0x07, 0x4e, 0x15, 0x18, + 0x34, 0xb8, 0x35, 0xaf, 0x1c, 0xa5, 0x7e, 0x56 + }; + WOLFSSL_SMALL_STACK_STATIC const byte t2[] = + { + 0xc6, 0x81, 0x79, 0x8e, 0x3d, 0xda, 0xb0, 0x9f, + 0x8d, 0x83, 0xb0, 0xbb, 0x14, 0xb6, 0x91 + }; +#endif + + byte tag[16]; +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_KCAPI) + #define BENCH_GMAC_LARGE 1024 + + WOLFSSL_SMALL_STACK_STATIC const byte t4_lb[16][16] = { + { + 0x80, 0xb3, 0x59, 0x0c, 0xda, 0x18, 0x4c, 0x64, + 0x6a, 0x30, 0x7c, 0xb6, 0xcc, 0x88, 0xd2, 0xae + }, + { + 0xa3, 0x28, 0x93, 0x97, 0x91, 0x91, 0xa1, 0x8d, + 0xca, 0xdf, 0x58, 0xc7, 0x77, 0xa0, 0xa5, 0x6d + }, + { + 0x06, 0xcf, 0x52, 0x19, 0x15, 0x1e, 0x08, 0x62, + 0x12, 0x93, 0xee, 0xbe, 0xf9, 0x41, 0x21, 0x2b + }, + { + 0x20, 0x5a, 0x0f, 0xbe, 0x18, 0x27, 0xce, 0xb4, + 0x18, 0x0e, 0x31, 0x7a, 0x94, 0xee, 0x64, 0xd0 + }, + { + 0xf5, 0xd6, 0xf3, 0xa2, 0x48, 0xff, 0xa7, 0x16, + 0xda, 0xfc, 0x87, 0xa8, 0xda, 0x0a, 0xe7, 0x32 + }, + { + 0x99, 0xd1, 0xd3, 0x24, 0x2d, 0x0e, 0xc7, 0x9f, + 0x2c, 0x6c, 0xf7, 0x3c, 0x96, 0x49, 0x3d, 0xff + }, + { + 0x85, 0x9a, 0xf7, 0x59, 0x6b, 0xf1, 0x17, 0x0b, + 0xf5, 0x1e, 0x7b, 0x2f, 0x87, 0xbb, 0x14, 0xfc + }, + { + 0xfe, 0x59, 0x87, 0x90, 0xbf, 0x6b, 0x43, 0xa6, + 0x9e, 0x21, 0x22, 0x1e, 0xc2, 0x04, 0x6f, 0xe1 + }, + { + 0xcd, 0xb1, 0x1a, 0x04, 0xa4, 0x3c, 0x39, 0x85, + 0x21, 0x3d, 0x74, 0xaf, 0xe5, 0xb5, 0x38, 0xc0 + }, + { + 0x4d, 0xfe, 0x5f, 0xbe, 0x48, 0x8c, 0x00, 0x56, + 0xdd, 0x23, 0x4a, 0x1e, 0xf2, 0x63, 0xe6, 0xc8 + }, + { + 0x9f, 0xc9, 0x6e, 0x0d, 0x51, 0x85, 0xe8, 0x82, + 0x81, 0x05, 0x49, 0xb5, 0xa7, 0xa2, 0x1f, 0xf1 + }, + { + 0xbe, 0xde, 0x0c, 0x37, 0xb6, 0xe5, 0xcb, 0x9c, + 0x80, 0xde, 0xa6, 0x09, 0x40, 0xfa, 0xef, 0xf3 + }, + { + 0x32, 0xa8, 0xb4, 0xb1, 0x5f, 0x65, 0x47, 0xfa, + 0xf2, 0xc8, 0xe8, 0xdd, 0x32, 0x5c, 0x80, 0x28 + }, + { + 0xa9, 0xa7, 0x01, 0x22, 0xdb, 0xd2, 0x62, 0xa2, + 0x26, 0x82, 0xf2, 0x8b, 0xfb, 0xfd, 0x60, 0x4b + }, + { + 0x76, 0x59, 0xd6, 0x05, 0x4e, 0x69, 0xd0, 0xc1, + 0x92, 0xf3, 0xdc, 0x1d, 0x96, 0xbc, 0xef, 0xba + }, + { + 0xd9, 0xbc, 0xb0, 0x33, 0x90, 0x6b, 0x2f, 0x63, + 0xd9, 0x65, 0xe5, 0x07, 0x66, 0xbd, 0x7d, 0xcc + }, + }; + WOLFSSL_SMALL_STACK_STATIC const byte t4[7][16] = { + { + 0xa6, 0xbd, 0x22, 0x9b, 0x37, 0x67, 0xd5, 0xd4, + 0x43, 0x19, 0xe1, 0xec, 0xa0, 0xd1, 0x56, 0x01 + }, + { + 0x3f, 0x09, 0x62, 0x3b, 0x04, 0x68, 0x31, 0x96, + 0xd2, 0x1d, 0x99, 0x9c, 0xcb, 0xf1, 0x1d, 0xda + }, + { + 0x1d, 0xb2, 0x93, 0xfb, 0x6f, 0xce, 0x5d, 0x74, + 0x0b, 0x91, 0x3b, 0x76, 0x5d, 0x6a, 0x51, 0x1d + }, + { + 0xe2, 0xfc, 0x83, 0x77, 0x86, 0xe5, 0x32, 0xcc, + 0xcc, 0x3c, 0x86, 0x9f, 0x23, 0xa4, 0x2d, 0x96 + }, + { + 0xb7, 0xbf, 0x08, 0x03, 0xde, 0x6c, 0x9a, 0x4e, + 0xc0, 0xb5, 0xa5, 0xdb, 0x53, 0x92, 0x59, 0xab + }, + { + 0xd6, 0xce, 0x4b, 0x29, 0x05, 0x51, 0x10, 0x2d, + 0x92, 0x35, 0x36, 0x97, 0x1a, 0xfa, 0x54, 0xf0 + }, + { + 0xc9, 0xf6, 0x41, 0xd6, 0x4f, 0xb5, 0x08, 0x84, + 0xcc, 0x6e, 0x47, 0x9c, 0x2a, 0xfa, 0xf5, 0x73 + }, + }; + int i; +#ifdef WOLFSSL_NO_MALLOC + byte large_input[BENCH_GMAC_LARGE]; +#else + byte *large_input = (byte *)XMALLOC(BENCH_AESGCM_LARGE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + + if (large_input == NULL) + ERROR_OUT(MEMORY_E, out); +#endif + + for (i = 0; i < BENCH_GMAC_LARGE; i++) { + large_input[i] = (byte)i; + } +#endif + + WOLFSSL_ENTER("gmac_test"); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((gmac = (Gmac *)XMALLOC(sizeof *gmac, HEAP_HINT, DYNAMIC_TYPE_AES)) == NULL) + return WC_TEST_RET_ENC_ERRNO; +#endif + + XMEMSET(gmac, 0, sizeof *gmac); /* clear context */ + (void)wc_AesInit(&gmac->aes, HEAP_HINT, devId); /* Make sure devId updated */ + XMEMSET(tag, 0, sizeof(tag)); + wc_GmacSetKey(gmac, k1, sizeof(k1)); + wc_GmacUpdate(gmac, iv1, sizeof(iv1), a1, sizeof(a1), tag, sizeof(t1)); + if (XMEMCMP(t1, tag, sizeof(t1)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + XMEMSET(tag, 0, sizeof(tag)); + wc_GmacSetKey(gmac, k1, sizeof(k1)); + wc_GmacUpdate(gmac, iv1, sizeof(iv1), a1, sizeof(a1) - 1, tag, sizeof(t1)); + if (XMEMCMP(t1_15, tag, sizeof(t1)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#if (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) ) + + XMEMSET(tag, 0, sizeof(tag)); + wc_GmacSetKey(gmac, k2, sizeof(k2)); + wc_GmacUpdate(gmac, iv2, sizeof(iv2), a2, sizeof(a2), tag, sizeof(t2)); + if (XMEMCMP(t2, tag, sizeof(t2)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && !defined(NO_AES_DECRYPT) + { + WOLFSSL_SMALL_STACK_STATIC const byte badT[] = + { + 0xde, 0xad, 0xbe, 0xef, 0x17, 0x2e, 0xd0, 0x43, + 0xaa, 0x10, 0xf1, 0x6d, 0x22, 0x7d, 0xc4, 0x1b + }; + + WC_RNG rng; + byte iv[12]; + + #ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #else + ret = wc_InitRng(&rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + + ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1), + t1, sizeof(t1)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), a1, sizeof(a1), + badT, sizeof(badT)); + if (ret != WC_NO_ERR_TRACE(AES_GCM_AUTH_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_GmacVerify(k2, sizeof(k2), iv2, sizeof(iv2), a2, sizeof(a2), + t2, sizeof(t2)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + XMEMSET(tag, 0, sizeof(tag)); + XMEMSET(iv, 0, sizeof(iv)); + ret = wc_Gmac(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1), + tag, sizeof(tag), &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_GmacVerify(k1, sizeof(k1), iv, sizeof(iv), a1, sizeof(a1), + tag, sizeof(tag)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + wc_FreeRng(&rng); + } +#endif /* !WC_NO_RNG && !HAVE_SELFTEST && !NO_AES_DECRYPT */ +#endif /* HAVE_FIPS */ + +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && !defined(WOLFSSL_KCAPI) + for (i = 0; i < 16; i++) { + XMEMSET(tag, 0, sizeof(tag)); + wc_GmacSetKey(gmac, k1, sizeof(k1)); + wc_GmacUpdate(gmac, iv1, sizeof(iv1), large_input, i, tag, + sizeof(t4[0])); + if (XMEMCMP(t4_lb[i], tag, sizeof(t4_lb[i])) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && !defined(NO_AES_DECRYPT) + ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), large_input, i, + tag, sizeof(t4_lb[i])); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + } + for (i = 0; i < 7; i++) { + XMEMSET(tag, 0, sizeof(tag)); + wc_GmacSetKey(gmac, k1, sizeof(k1)); + wc_GmacUpdate(gmac, iv1, sizeof(iv1), large_input, 1 << (i + 4), tag, + sizeof(t4[0])); + if (XMEMCMP(t4[i], tag, sizeof(t4[i])) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + #if !defined(WC_NO_RNG) && !defined(HAVE_SELFTEST) && !defined(NO_AES_DECRYPT) + ret = wc_GmacVerify(k1, sizeof(k1), iv1, sizeof(iv1), large_input, + 1 << (i + 4), tag, sizeof(t4[i])); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + #endif + } +#endif + + ret = 0; + + out: + wc_AesFree(&gmac->aes); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(gmac, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif +#if !defined(BENCH_EMBEDDED) && !defined(HAVE_CAVIUM) && \ + !defined(WOLFSSL_KCAPI) && !defined(WOLFSSL_NO_MALLOC) + XFREE(large_input, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} +#endif /* WOLFSSL_AES_128 */ +#endif /* HAVE_AESGCM */ + +#if defined(HAVE_AESCCM) + +#if defined(WOLFSSL_AES_256) + +static wc_test_ret_t aesccm_256_test(void) +{ + wc_test_ret_t ret = 0; + /* Test vectors from NIST AES CCM 256-bit CAST Example #1 */ + WOLFSSL_SMALL_STACK_STATIC const byte in_key[32] = { + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D, 0x4E, 0x4F, + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5A, 0x5B, 0x5C, 0x5D, 0x5E, 0x5F + }; + WOLFSSL_SMALL_STACK_STATIC const byte in_nonce[7] = { + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16}; + WOLFSSL_SMALL_STACK_STATIC const byte in_auth[8] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07}; + WOLFSSL_SMALL_STACK_STATIC const byte in_plaintext[4] = { + 0x20, 0x21, 0x22, 0x23}; + WOLFSSL_SMALL_STACK_STATIC const byte exp_ciphertext[4] = { + 0x8A, 0xB1, 0xA8, 0x74}; + WOLFSSL_SMALL_STACK_STATIC const byte exp_tag[4] = { + 0x95, 0xFC, 0x08, 0x20}; + byte output[sizeof(in_plaintext)]; + byte atag[sizeof(exp_tag)]; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes* aes = wc_AesNew(HEAP_HINT, devId, &ret); + if (aes == NULL) { + ret = WC_TEST_RET_ENC_EC(ret); + } +#else + Aes aes[1]; + ret = wc_AesInit(aes, HEAP_HINT, devId); +#endif + if (ret == 0) { + ret = wc_AesCcmSetKey(aes, in_key, sizeof(in_key)); + } + if (ret == 0) { + ret = wc_AesCcmEncrypt(aes, output, in_plaintext, sizeof(in_plaintext), + in_nonce, sizeof(in_nonce), + atag, sizeof(atag), + in_auth, sizeof(in_auth)); + } + /* Verify we produce the proper ciphertext and tag */ + if (ret == 0 && + (XMEMCMP(output, exp_ciphertext, sizeof(output)) || + XMEMCMP(atag, exp_tag, sizeof(atag)))) { + ret = WC_TEST_RET_ENC_NC; + } + +#ifdef HAVE_AES_DECRYPT + if (ret == 0) { + /* decrypt inline */ + ret = wc_AesCcmDecrypt(aes, output, output, sizeof(output), + in_nonce, sizeof(in_nonce), + atag, sizeof(atag), + in_auth, sizeof(in_auth)); + } + + /* Verify decryption was successful */ + if (ret == 0 && + XMEMCMP(output, in_plaintext, sizeof(output))) { + ret = WC_TEST_RET_ENC_NC; + } +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(aes, &aes); +#else + wc_AesFree(aes); +#endif + + return ret; +} + +#endif /* WOLFSSL_AES_256 */ + +#if defined(WOLFSSL_AES_128) + +static wc_test_ret_t aesccm_128_test(void) +{ + wc_test_ret_t ret; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *enc = NULL; +#else + Aes enc[1]; +#endif + + /* key */ + WOLFSSL_SMALL_STACK_STATIC const byte k[] = + { + 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7, + 0xc8, 0xc9, 0xca, 0xcb, 0xcc, 0xcd, 0xce, 0xcf + }; + + /* nonce */ + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = + { + 0x00, 0x00, 0x00, 0x03, 0x02, 0x01, 0x00, 0xa0, + 0xa1, 0xa2, 0xa3, 0xa4, 0xa5 + }; + + /* plaintext */ + WOLFSSL_SMALL_STACK_STATIC const byte p[] = + { + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e + }; + /* plaintext - long */ + WOLFSSL_SMALL_STACK_STATIC const byte pl[] = + { + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f, + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, + 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, + 0x50 + }; + + + WOLFSSL_SMALL_STACK_STATIC const byte a[] = + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + }; + + /* ciphertext */ + WOLFSSL_SMALL_STACK_STATIC const byte c[] = + { + 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, + 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, + 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84 + }; + /* tag - authentication */ + WOLFSSL_SMALL_STACK_STATIC const byte t[] = + { + 0x17, 0xe8, 0xd1, 0x2c, 0xfd, 0xf9, 0x26, 0xe0 + }; + /* ciphertext - long */ + WOLFSSL_SMALL_STACK_STATIC const byte cl[] = + { + 0x58, 0x8c, 0x97, 0x9a, 0x61, 0xc6, 0x63, 0xd2, + 0xf0, 0x66, 0xd0, 0xc2, 0xc0, 0xf9, 0x89, 0x80, + 0x6d, 0x5f, 0x6b, 0x61, 0xda, 0xc3, 0x84, 0xe0, + 0x44, 0x2d, 0xbe, 0x25, 0xfa, 0x48, 0x2b, 0xa8, + 0x36, 0x0b, 0xbf, 0x01, 0xc0, 0x12, 0x45, 0xa4, + 0x82, 0x9f, 0x20, 0x6c, 0xc3, 0xd6, 0xae, 0x5b, + 0x54, 0x8d, 0xd0, 0xb1, 0x69, 0x2c, 0xec, 0x5e, + 0x95, 0xa5, 0x6b, 0x48, 0xc3, 0xc6, 0xc8, 0x9e, + 0xc7, 0x92, 0x98, 0x9d, 0x26, 0x7d, 0x2a, 0x10, + 0x0b + }; + /* tag - authentication - long */ + WOLFSSL_SMALL_STACK_STATIC const byte tl[] = + { + 0x89, 0xd8, 0xd2, 0x02, 0xc5, 0xcf, 0xae, 0xf4 + }; + + /* tag - authentication - empty plaintext */ + WOLFSSL_SMALL_STACK_STATIC const byte t_empty[] = + { + 0xe4, 0x28, 0x8a, 0xc3, 0x78, 0x00, 0x0f, 0xf5 + }; + + byte t2[sizeof(t)]; + byte p2[sizeof(p)]; + byte c2[sizeof(c)]; + byte iv2[sizeof(iv)]; + byte pl2[sizeof(pl)]; + byte cl2[sizeof(cl)]; + byte tl2[sizeof(tl)]; + byte t_empty2[sizeof(t_empty)]; + + XMEMSET(t2, 0, sizeof(t2)); + XMEMSET(c2, 0, sizeof(c2)); + XMEMSET(p2, 0, sizeof(p2)); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + enc = wc_AesNew(HEAP_HINT, devId, &ret); + if (enc == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#else + XMEMSET(enc, 0, sizeof(Aes)); + ret = wc_AesInit(enc, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + + ret = wc_AesCcmSetKey(enc, k, sizeof(k)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* AES-CCM encrypt and decrypt both use AES encrypt internally */ + ret = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv), + t2, sizeof(t2), a, sizeof(a)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(c, c2, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(t, t2, sizeof(t2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesCcmDecrypt(enc, p2, c2, sizeof(p2), iv, sizeof(iv), + t2, sizeof(t2), a, sizeof(a)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(p, p2, sizeof(p2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* Test the authentication failure */ + t2[0]++; /* Corrupt the authentication tag. */ + ret = wc_AesCcmDecrypt(enc, p2, c, sizeof(p2), iv, sizeof(iv), + t2, sizeof(t2), a, sizeof(a)); + if (ret == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* Clear c2 to compare against p2. p2 should be set to zero in case of + * authentication fail. With ACVP_VECTOR_TESTING, this is not cleared */ +#ifndef ACVP_VECTOR_TESTING + XMEMSET(c2, 0, sizeof(c2)); + if (XMEMCMP(p2, c2, sizeof(p2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif +#endif + + XMEMSET(t2, 0, sizeof(t2)); + XMEMSET(c2, 0, sizeof(c2)); + XMEMSET(p2, 0, sizeof(p2)); + XMEMSET(iv2, 0, sizeof(iv2)); + + wc_AesFree(enc); + ret = wc_AesInit(enc, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#ifndef HAVE_SELFTEST + /* selftest build does not have wc_AesCcmSetNonce() or + * wc_AesCcmEncrypt_ex() */ + ret = wc_AesCcmSetKey(enc, k, sizeof(k)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AesCcmSetNonce(enc, iv, sizeof(iv)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesCcmEncrypt_ex(enc, c2, p, sizeof(c2), iv2, sizeof(iv2), + t2, sizeof(t2), a, sizeof(a)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(iv, iv2, sizeof(iv2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(c, c2, sizeof(c2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(t, t2, sizeof(t2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + /* test fail on invalid IV sizes */ + ret = wc_AesCcmSetKey(enc, k, sizeof(k)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* AES-CCM encrypt and decrypt both use AES encrypt internally */ + ret = wc_AesCcmEncrypt(enc, c2, p, sizeof(c2), iv, sizeof(iv), + t2, 1, a, sizeof(a)); + if (ret == 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif + + /* AES-CCM encrypt and decrypt both use AES encrypt internally */ + ret = wc_AesCcmEncrypt(enc, cl2, pl, sizeof(cl2), iv, sizeof(iv), + tl2, sizeof(tl2), a, sizeof(a)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(cl, cl2, sizeof(cl2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(tl, tl2, sizeof(tl2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesCcmDecrypt(enc, pl2, cl2, sizeof(pl2), iv, sizeof(iv), + tl2, sizeof(tl2), a, sizeof(a)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(pl, pl2, sizeof(pl2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + /* test empty message as null input or output with nonzero inSz. */ + ret = wc_AesCcmEncrypt(enc, pl2 /* out */, NULL /* in */, 1 /* inSz */, + iv, sizeof(iv), t_empty2, sizeof(t_empty2), + a, sizeof(a)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesCcmEncrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */, + iv, sizeof(iv), t_empty2, sizeof(t_empty2), + a, sizeof(a)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifdef HAVE_AES_DECRYPT + ret = wc_AesCcmDecrypt(enc, pl2, NULL /* in */, 1 /* inSz */, + iv, sizeof(iv), t_empty2, sizeof(t_empty2), a, + sizeof(a)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_AesCcmDecrypt(enc, NULL /* out */, (const byte *)"" /* in */, 1 /* inSz */, + iv, sizeof(iv), t_empty2, sizeof(t_empty2), a, + sizeof(a)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + + /* test empty message as null input and output with zero inSz -- + * must either succeed, or fail early with BAD_FUNC_ARG. + */ + ret = wc_AesCcmEncrypt(enc, NULL /* out */, NULL /* in */, 0 /* inSz */, + iv, sizeof(iv), t_empty2, sizeof(t_empty2), + a, sizeof(a)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesCcmDecrypt(enc, NULL /* out */, NULL /* in */, + 0 /* inSz */, iv, sizeof(iv), t_empty2, + sizeof(t_empty2), a, sizeof(a)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + } + + /* test empty message as zero-length string -- must work. */ + ret = wc_AesCcmEncrypt(enc, pl2, (const byte *)"", 0 /* inSz */, iv, + sizeof(iv), t_empty2, sizeof(t_empty2), a, + sizeof(a)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(t_empty, t_empty2, sizeof(t_empty2))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#ifdef HAVE_AES_DECRYPT + ret = wc_AesCcmDecrypt(enc, pl2, (const byte *)"", 0 /* inSz */, + iv, sizeof(iv), t_empty2, sizeof(t_empty2), a, + sizeof(a)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + + ret = 0; + + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_AesDelete(enc, &enc); +#else + wc_AesFree(enc); +#endif + + return ret; +} +#endif /* WOLFSSL_AES_128 */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesccm_test(void) +{ + wc_test_ret_t ret = 0; + WOLFSSL_ENTER("aesccm_test"); + +#ifdef WOLFSSL_AES_128 + if (ret == 0) + ret = aesccm_128_test(); +#endif +#ifdef WOLFSSL_AES_256 + if (ret == 0) + ret = aesccm_256_test(); +#endif + return ret; +} +#endif /* HAVE_AESCCM */ + + +#if defined(WOLFSSL_AES_EAX) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void) +{ + typedef struct { + byte key[AES_256_KEY_SIZE]; + int key_length; + byte iv[WC_AES_BLOCK_SIZE]; + int iv_length; + byte aad[WC_AES_BLOCK_SIZE * 2]; + int aad_length; + byte msg[WC_AES_BLOCK_SIZE * 2]; + int msg_length; + byte ct[WC_AES_BLOCK_SIZE * 2]; + int ct_length; + byte tag[WC_AES_BLOCK_SIZE]; + int tag_length; + int valid; + } AadVector; + + /* A small selection of Google wycheproof vectors that use vectors + * from the original paper: eprint.iacr.org/2003/069 + * https://github.com/google/wycheproof/blob/master/testvectors/aes_eax_test.json + */ + WOLFSSL_SMALL_STACK_STATIC const AadVector vectors[] = { + /* Vector from paper - empty message with auth data */ + #ifdef WOLFSSL_AES_128 + { + /* key, key length */ + {0x23, 0x39, 0x52, 0xde, 0xe4, 0xd5, 0xed, 0x5f, + 0x9b, 0x9c, 0x6d, 0x6f, 0xf8, 0x0f, 0xf4, 0x78}, 16, + /* iv, iv length */ + {0x62, 0xec, 0x67, 0xf9, 0xc3, 0xa4, 0xa4, 0x07, + 0xfc, 0xb2, 0xa8, 0xc4, 0x90, 0x31, 0xa8, 0xb3}, 16, + /* aad, aad length */ + {0x6b, 0xfb, 0x91, 0x4f, 0xd0, 0x7e, 0xae, 0x6b}, 8, + /* msg, msg length */ + {0}, 0, + /* ct, ct length */ + {0}, 0, + /* tag, tag length */ + {0xe0, 0x37, 0x83, 0x0e, 0x83, 0x89, 0xf2, + 0x7b, 0x02, 0x5a, 0x2d, 0x65, 0x27, 0xe7, 0x9d, 0x01}, 16, + /* valid */ + 1, + }, + /* Vector from paper - no auth data, valid auth tag */ + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv , iv length */ + {0x3c, 0x8c, 0xc2, 0x97, 0x0a, 0x00, 0x8f, 0x75, + 0xcc, 0x5b, 0xea, 0xe2, 0x84, 0x72, 0x58, 0xc2}, 16, + /* aad, aad length */ + {0}, 0, + /* msg, msg length */ + {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, + 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11, 0x11}, 32, + /* ct, ct length */ + {0x3c, 0x44, 0x1f, 0x32, 0xce, 0x07, 0x82, 0x23, + 0x64, 0xd7, 0xa2, 0x99, 0x0e, 0x50, 0xbb, 0x13, + 0xd7, 0xb0, 0x2a, 0x26, 0x96, 0x9e, 0x4a, 0x93, + 0x7e, 0x5e, 0x90, 0x73, 0xb0, 0xd9, 0xc9, 0x68}, 32, + /* tag, tag length */ + {0xdb, 0x90, 0xbd, 0xb3, 0xda, 0x3d, 0x00, 0xaf, + 0xd0, 0xfc, 0x6a, 0x83, 0x55, 0x1d, 0xa9, 0x5e}, 16, + /* valid */ + 1, + }, + /* Vector from paper - no auth data with invalid auth tag */ + { + /* key, key length */ + {0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f}, 16, + /* iv, iv length */ + {0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, + 0x58, 0x59, 0x5a, 0x5b, 0x5c, 0x5d, 0x5e, 0x5f}, 16, + /* aad, aad length */ + {0}, 0, + /* msg, msg length */ + {0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f}, 16, + /* ct , ct length */ + {0x29, 0xa0, 0x91, 0x4f, 0xec, 0x4b, 0xef, 0x54, + 0xba, 0xbf, 0x66, 0x13, 0xa9, 0xf9, 0xcd, 0x70}, 16, + /* tag, tag length */ + {0xe7, 0x0e, 0x7c, 0x50, 0x13, 0xa6, 0xdb, 0xf2, + 0x52, 0x98, 0xb1, 0x92, 0x9b, 0xc3, 0x56, 0xa7}, 16, + /* valid */ + 0, + }, + #endif + #ifdef WOLFSSL_AES_192 + { + /* key, key length */ + {0x50, 0x19, 0xeb, 0x9f, 0xef, 0x82, 0xe5, 0x75, + 0x0b, 0x63, 0x17, 0x58, 0xf0, 0x21, 0x3e, 0x3e, + 0x5f, 0xcc, 0xa1, 0x27, 0x48, 0xb4, 0x0e, 0xb4}, 24, + /* iv, iv length */ + {0xff, 0x0d, 0xdb, 0x0a, 0x0d, 0x7b, 0x36, 0xd2, + 0x19, 0xda, 0x12, 0xb5}, 12, + /* aad, aad length */ + {0}, 0, + /* msg, msg length */ + {0}, 0, + /* ct, ct length */ + {0}, 0, + /* tag, tag length */ + {0xbc, 0xe2, 0x73, 0xd0, 0xe6, 0x81, 0x12, 0x37, + 0x17, 0x45, 0xe6, 0x65, 0xec, 0xec, 0xa8, 0x23}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x2b, 0xc9, 0x5c, 0x03, 0xe9, 0xc5, 0xb4, 0xb9, + 0x5e, 0x30, 0xfb, 0x59, 0x7f, 0x7e, 0xa6, 0xdd, + 0x1e, 0x8e, 0xaa, 0x68, 0x94, 0x0d, 0xa2, 0x36}, 24, + /* iv , iv length */ + {0xa2, 0x35, 0x7e, 0x33, 0xef, 0x99, 0x92, 0xbe, + 0x34, 0x14, 0x4d, 0x2e, 0x7e, 0x04, 0x32, 0x75}, 16, + /* aad, aad length */ + {0}, 0, + /* msg, msg length */ + {0x3a, 0xa2, 0x30, 0xf4, 0x52, 0x6b, 0x82, 0xff, + 0x6e, 0xbc, 0x0b, 0x3b, 0x54, 0xe6, 0x10, 0x16, + 0xad, 0x45, 0x9c, 0xa8, 0x68, 0x99}, 22, + /* ct, ct length */ + {0xa4, 0xd8, 0x77, 0x92, 0xb6, 0x18, 0x83, 0x32, + 0x27, 0x16, 0xb3, 0x45, 0xf9, 0xc2, 0x9b, 0x5a, + 0x12, 0xa1, 0x04, 0x41, 0xd5, 0xe4}, 22, + /* tag, tag length */ + {0x1c, 0xda, 0x87, 0xea, 0x66, 0xdf, 0xc3, 0x4a, + 0x8d, 0x25, 0x58, 0xc0, 0x01, 0x99, 0x28, 0x63}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0xbf, 0xe0, 0x94, 0x53, 0x95, 0xca, 0x57, 0xa1, + 0xc2, 0x36, 0x8f, 0x56, 0xbb, 0x60, 0x54, 0x75, + 0x5f, 0x1f, 0x16, 0xe6, 0xd6, 0xdc, 0xe5, 0xdc}, 24, + /* iv, iv length */ + {0xea, 0x8b, 0xc8, 0xbd, 0xe2, 0x9e, 0x05, 0x7e, + 0xba, 0xa6, 0x7e, 0x35, 0x16, 0x29, 0x5d, 0x22}, 16, + /* aad, aad length */ + {0x92, 0x2d, 0xc6, 0xf1, 0xed, 0x0d, 0xa9, 0xd2, + 0x55, 0x00, 0xa0, 0xb7, 0x15, 0x7a, 0x10}, 15, + /* msg, msg length */ + {0x21, 0x2b, 0x0b, 0x1f, 0x68, 0x53, 0x00, 0x65, + 0x1e, 0xb4, 0x3b, 0x2e, 0xc0, 0x77, 0x91, 0x26}, 16, + /* ct , ct length */ + {0x73, 0x42, 0x83, 0x85, 0x39, 0xec, 0x97, 0x5f, + 0x2b, 0x4e, 0x3c, 0xf9, 0xa0, 0x8c, 0x86, 0x0e}, 16, + /* tag, tag length */ + {0x1a, 0xb9, 0xc9, 0x2a, 0x3a, 0x2b, 0x2c, 0x0c, + 0x79, 0x96, 0xc8, 0xa2, 0x57, 0x38, 0x95, 0x9c}, 16, + /* valid */ + 1, + }, + #endif + #ifdef WOLFSSL_AES_256 + { + /* key, key length */ + {0x4c, 0x01, 0x0d, 0x95, 0x61, 0xc7, 0x23, 0x4c, + 0x30, 0x8c, 0x01, 0xce, 0xa3, 0x04, 0x0c, 0x92, + 0x5a, 0x9f, 0x32, 0x4d, 0xc9, 0x58, 0xff, 0x90, + 0x4a, 0xe3, 0x9b, 0x37, 0xe6, 0x0e, 0x1e, 0x03}, 32, + /* iv, iv length */ + {0x2a, 0x55, 0xca, 0xa1, 0x37, 0xc5, 0xb0, 0xb6, + 0x6c, 0xf3, 0x80, 0x9e, 0xb8, 0xf7, 0x30, 0xc4}, 16, + /* aad, aad length */ + {0}, 0, + /* msg, msg length */ + {0x2a, 0x09, 0x3c, 0x9e, 0xd7, 0x2b, 0x8f, 0xf4, + 0x99, 0x42, 0x01, 0xe9, 0xf9, 0xe0, 0x10}, 15, + /* ct, ct length */ + {0xcb, 0xfc, 0xaa, 0x36, 0x34, 0xd6, 0xcf, 0xf5, + 0x65, 0x6b, 0xc6, 0xbd, 0xa6, 0xab, 0x5f}, 15, + /* tag, tag length */ + {0x01, 0x44, 0xbe, 0x06, 0x43, 0xb0, 0x36, 0xa8, + 0x14, 0x7e, 0x19, 0xf4, 0xea, 0x9e, 0x7a, 0xf2}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x2f, 0x6c, 0xfb, 0x7a, 0x21, 0x5a, 0x7b, 0xaf, + 0xb6, 0x07, 0xc2, 0x73, 0xf7, 0xe6, 0x6f, 0x9a, + 0x6d, 0x51, 0xd5, 0x7f, 0x9c, 0x29, 0x42, 0x2e, + 0xc6, 0x46, 0x99, 0xba, 0xd0, 0xc6, 0xf3, 0x3b}, 32, + /* iv , iv length */ + {0x21, 0xcb, 0xef, 0xf0, 0xb1, 0x23, 0x79, 0x9d, + 0xa7, 0x4f, 0x4d, 0xaf, 0xf2, 0xe2, 0x79, 0xc5}, 16, + /* aad, aad length */ + {0}, 0, + /* msg, msg length */ + {0x39, 0xdb, 0xc7, 0x1f, 0x68, 0x38, 0xed, 0x6c, + 0x6e, 0x58, 0x21, 0x37, 0x43, 0x6e, 0x1c, 0x61, + 0xbb, 0xbf, 0xb8, 0x05, 0x31, 0xf4}, 22, + /* ct, ct length */ + {0xf5, 0x31, 0x09, 0x7a, 0xa1, 0xbb, 0x35, 0xd9, + 0xf4, 0x01, 0xd4, 0x59, 0x34, 0x0a, 0xfb, 0xd2, + 0x7f, 0x9b, 0xdf, 0x72, 0xc5, 0x37}, 22, + /* tag, tag length */ + {0xe4, 0xe1, 0x81, 0x70, 0xdc, 0xe4, 0xe1, 0xaf, + 0x90, 0xb1, 0x5e, 0xae, 0x64, 0x35, 0x53, 0x31}, 16, + /* valid */ + 1, + }, + { + /* key, key length */ + {0x9f, 0x5c, 0x60, 0xfb, 0x5d, 0xf5, 0xcf, 0x2b, + 0x1b, 0x39, 0x25, 0x4c, 0x3f, 0xa8, 0x0e, 0x51, + 0xd3, 0x0d, 0x64, 0xe3, 0x44, 0xb3, 0xab, 0xa5, + 0x95, 0x74, 0x30, 0x5b, 0x4d, 0x22, 0x12, 0xad}, 32, + /* iv, iv length */ + {0xd4, 0xdf, 0x79, 0xc6, 0x9f, 0x73, 0xb2, 0x6a, + 0x13, 0x59, 0x8a, 0xf0, 0x7e, 0xed, 0x6a, 0x77}, 16, + /* aad, aad length */ + {0x81, 0x33, 0x99, 0xff, 0x1e, 0x1e, 0xf0, 0xb5, + 0x8b, 0xb2, 0xbe, 0x13, 0x0c, 0xe5, 0xd4}, 15, + /* msg, msg length */ + {0xa3, 0xca, 0x2e, 0xf9, 0xbd, 0x1f, 0xdb, 0xaa, + 0x83, 0xdb, 0x4c, 0x7e, 0xae, 0x6d, 0xe9, 0x4e}, 16, + /* ct , ct length */ + {0x65, 0x01, 0x92, 0x12, 0xcc, 0xbb, 0xd4, 0xcd, + 0x2f, 0x99, 0x5c, 0xc5, 0x9d, 0x46, 0xfd, 0x27}, 16, + /* tag, tag length */ + {0x40, 0x26, 0xc4, 0x86, 0x43, 0x0a, 0x1a, 0xe2, + 0xa5, 0xfc, 0x40, 0x81, 0xcd, 0x66, 0x54, 0x68}, 16, + /* valid */ + 1, + }, + #endif + }; + + WOLFSSL_SMALL_STACK_STATIC byte ciphertext[sizeof(vectors[0].ct)]; + WOLFSSL_SMALL_STACK_STATIC byte authtag[sizeof(vectors[0].tag)]; + int i; + int len; + wc_test_ret_t ret; + WOLFSSL_ENTER("aes_eax_test"); + + + for (i = 0; i < (int)(sizeof(vectors)/sizeof(vectors[0])); i++) { + + XMEMSET(ciphertext, 0, sizeof(ciphertext)); + + len = sizeof(authtag); + ret = wc_AesEaxEncryptAuth(vectors[i].key, (word32)vectors[i].key_length, + ciphertext, + vectors[i].msg, (word32)vectors[i].msg_length, + vectors[i].iv, (word32)vectors[i].iv_length, + authtag, (word32)len, + vectors[i].aad, (word32)vectors[i].aad_length); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + + /* check ciphertext matches vector */ + if (XMEMCMP(ciphertext, vectors[i].ct, (size_t)vectors[i].ct_length)) { + return WC_TEST_RET_ENC_NC; + } + + /* check that tag matches vector only for vectors marked as valid */ + ret = XMEMCMP(authtag, vectors[i].tag, len); + if (vectors[i].valid == 1 && ret != 0 ) { + return WC_TEST_RET_ENC_NC; + } + else if (vectors[i].valid == 0 && ret == 0) { + return WC_TEST_RET_ENC_NC; + } + + XMEMSET(ciphertext, 0, sizeof(ciphertext)); + + ret = wc_AesEaxDecryptAuth(vectors[i].key, (word32)vectors[i].key_length, + ciphertext, + vectors[i].ct, (word32)vectors[i].ct_length, + vectors[i].iv, (word32)vectors[i].iv_length, + authtag, (word32)len, + vectors[i].aad, (word32)vectors[i].aad_length); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + + /* check decrypted ciphertext matches vector plaintext */ + if (XMEMCMP(ciphertext, vectors[i].msg, (size_t)vectors[i].msg_length)) { + return WC_TEST_RET_ENC_NC; + } + + } + return 0; +} + +#endif /* WOLFSSL_AES_EAX */ + + + +#ifdef HAVE_AES_KEYWRAP + +#define MAX_KEYWRAP_TEST_OUTLEN 40 +#define MAX_KEYWRAP_TEST_PLAINLEN 32 + +typedef struct keywrapVector { + const byte* kek; + const byte* data; + const byte* verify; + word32 kekLen; + word32 dataLen; + word32 verifyLen; +} keywrapVector; + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void) +{ + int wrapSz, plainSz, testSz, i; + + /* test vectors from RFC 3394 (kek, data, verify) */ + +#ifdef WOLFSSL_AES_128 + /* Wrap 128 bits of Key Data with a 128-bit KEK */ + WOLFSSL_SMALL_STACK_STATIC const byte k1[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }; + + WOLFSSL_SMALL_STACK_STATIC const byte d1[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF + }; + + WOLFSSL_SMALL_STACK_STATIC const byte v1[] = { + 0x1F, 0xA6, 0x8B, 0x0A, 0x81, 0x12, 0xB4, 0x47, + 0xAE, 0xF3, 0x4B, 0xD8, 0xFB, 0x5A, 0x7B, 0x82, + 0x9D, 0x3E, 0x86, 0x23, 0x71, 0xD2, 0xCF, 0xE5 + }; +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + /* Wrap 128 bits of Key Data with a 192-bit KEK */ + WOLFSSL_SMALL_STACK_STATIC const byte k2[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte d2[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF + }; + + WOLFSSL_SMALL_STACK_STATIC const byte v2[] = { + 0x96, 0x77, 0x8B, 0x25, 0xAE, 0x6C, 0xA4, 0x35, + 0xF9, 0x2B, 0x5B, 0x97, 0xC0, 0x50, 0xAE, 0xD2, + 0x46, 0x8A, 0xB8, 0xA1, 0x7A, 0xD8, 0x4E, 0x5D + }; +#endif + +#ifdef WOLFSSL_AES_256 + /* Wrap 128 bits of Key Data with a 256-bit KEK */ + WOLFSSL_SMALL_STACK_STATIC const byte k3[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F + }; + + WOLFSSL_SMALL_STACK_STATIC const byte d3[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF + }; + + WOLFSSL_SMALL_STACK_STATIC const byte v3[] = { + 0x64, 0xE8, 0xC3, 0xF9, 0xCE, 0x0F, 0x5B, 0xA2, + 0x63, 0xE9, 0x77, 0x79, 0x05, 0x81, 0x8A, 0x2A, + 0x93, 0xC8, 0x19, 0x1E, 0x7D, 0x6E, 0x8A, 0xE7 + }; +#endif + +#ifdef WOLFSSL_AES_192 + /* Wrap 192 bits of Key Data with a 192-bit KEK */ + WOLFSSL_SMALL_STACK_STATIC const byte k4[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte d4[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte v4[] = { + 0x03, 0x1D, 0x33, 0x26, 0x4E, 0x15, 0xD3, 0x32, + 0x68, 0xF2, 0x4E, 0xC2, 0x60, 0x74, 0x3E, 0xDC, + 0xE1, 0xC6, 0xC7, 0xDD, 0xEE, 0x72, 0x5A, 0x93, + 0x6B, 0xA8, 0x14, 0x91, 0x5C, 0x67, 0x62, 0xD2 + }; +#endif + +#ifdef WOLFSSL_AES_256 + /* Wrap 192 bits of Key Data with a 256-bit KEK */ + WOLFSSL_SMALL_STACK_STATIC const byte k5[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F + }; + + WOLFSSL_SMALL_STACK_STATIC const byte d5[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte v5[] = { + 0xA8, 0xF9, 0xBC, 0x16, 0x12, 0xC6, 0x8B, 0x3F, + 0xF6, 0xE6, 0xF4, 0xFB, 0xE3, 0x0E, 0x71, 0xE4, + 0x76, 0x9C, 0x8B, 0x80, 0xA3, 0x2C, 0xB8, 0x95, + 0x8C, 0xD5, 0xD1, 0x7D, 0x6B, 0x25, 0x4D, 0xA1 + }; + + /* Wrap 256 bits of Key Data with a 256-bit KEK */ + WOLFSSL_SMALL_STACK_STATIC const byte k6[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F + }; + + WOLFSSL_SMALL_STACK_STATIC const byte d6[] = { + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xAA, 0xBB, 0xCC, 0xDD, 0xEE, 0xFF, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }; + + WOLFSSL_SMALL_STACK_STATIC const byte v6[] = { + 0x28, 0xC9, 0xF4, 0x04, 0xC4, 0xB8, 0x10, 0xF4, + 0xCB, 0xCC, 0xB3, 0x5C, 0xFB, 0x87, 0xF8, 0x26, + 0x3F, 0x57, 0x86, 0xE2, 0xD8, 0x0E, 0xD3, 0x26, + 0xCB, 0xC7, 0xF0, 0xE7, 0x1A, 0x99, 0xF4, 0x3B, + 0xFB, 0x98, 0x8B, 0x9B, 0x7A, 0x02, 0xDD, 0x21 + }; +#endif /* WOLFSSL_AES_256 */ + + byte output[MAX_KEYWRAP_TEST_OUTLEN]; + byte plain [MAX_KEYWRAP_TEST_PLAINLEN]; + + const keywrapVector test_wrap[] = + { + #ifdef WOLFSSL_AES_128 + {k1, d1, v1, sizeof(k1), sizeof(d1), sizeof(v1)}, + #endif + #ifdef WOLFSSL_AES_192 + {k2, d2, v2, sizeof(k2), sizeof(d2), sizeof(v2)}, + #endif + #ifdef WOLFSSL_AES_256 + {k3, d3, v3, sizeof(k3), sizeof(d3), sizeof(v3)}, + #endif + #ifdef WOLFSSL_AES_192 + {k4, d4, v4, sizeof(k4), sizeof(d4), sizeof(v4)}, + #endif + #ifdef WOLFSSL_AES_256 + {k5, d5, v5, sizeof(k5), sizeof(d5), sizeof(v5)}, + {k6, d6, v6, sizeof(k6), sizeof(d6), sizeof(v6)} + #endif + }; + + WOLFSSL_ENTER("aeskeywrap_test"); + + testSz = sizeof(test_wrap) / sizeof(keywrapVector); + + XMEMSET(output, 0, sizeof(output)); + XMEMSET(plain, 0, sizeof(plain)); + + for (i = 0; i < testSz; i++) { + + wrapSz = wc_AesKeyWrap(test_wrap[i].kek, test_wrap[i].kekLen, + test_wrap[i].data, test_wrap[i].dataLen, + output, sizeof(output), NULL); + + if ( (wrapSz < 0) || (wrapSz != (int)test_wrap[i].verifyLen) ) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(output, test_wrap[i].verify, test_wrap[i].verifyLen) != 0) + return WC_TEST_RET_ENC_NC; + + plainSz = wc_AesKeyUnWrap((byte*)test_wrap[i].kek, test_wrap[i].kekLen, + output, (word32)wrapSz, + plain, sizeof(plain), NULL); + + if ( (plainSz < 0) || (plainSz != (int)test_wrap[i].dataLen) ) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(plain, test_wrap[i].data, test_wrap[i].dataLen) != 0) + return WC_TEST_RET_ENC_I(i); + } + + return 0; +} +#endif /* HAVE_AES_KEYWRAP */ + +#endif /* !NO_AES */ + + +#ifdef HAVE_ARIA +void printOutput(const char *strName, unsigned char *data, unsigned int dataSz) +{ + #ifndef DEBUG_WOLFSSL + (void)strName; + (void)data; + (void)dataSz; + #else + WOLFSSL_MSG_EX("%s (%d):", strName,dataSz); + WOLFSSL_BUFFER(data,dataSz); + #endif +} + +WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID algo) +{ + byte data[] = TEST_STRING; + word32 dataSz = TEST_STRING_SZ; + + /* Arbitrarily random long key that we will truncate to the right size */ + byte key[] = { 0x1E, 0xCC, 0x95, 0xCB, 0xD3, 0x74, 0x58, 0x4F, + 0x6F, 0x8A, 0x70, 0x26, 0xF7, 0x3C, 0x8D, 0xB6, + 0xDC, 0x32, 0x76, 0x20, 0xCF, 0x05, 0x4A, 0xCF, + 0x11, 0x86, 0xCD, 0x23, 0x5E, 0xC1, 0x6E, 0x2B }; + byte cipher[2*TEST_STRING_SZ], plain[TEST_STRING_SZ], ad[256], authTag[WC_AES_BLOCK_SIZE]; + word32 keySz, adSz = 256, authTagSz = sizeof(authTag); + + wc_Aria aria; + int ret = 0; + WOLFSSL_ENTER("ariagcm_test"); + + XMEMSET((void *)&aria, 0, sizeof(aria)); + ret = wc_AriaInitCrypt(&aria, algo); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); } + + ret = wc_AriaSetKey(&aria, key); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); } + + MC_GetObjectValue(aria.hSession, aria.hKey, key, &keySz); + printOutput("Key", key, keySz); + + WC_RNG rng; + + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_AriaGcmSetIV(&aria, GCM_NONCE_MID_SZ, NULL, 0, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + wc_FreeRng(&rng); + + printOutput("Plaintext", data, sizeof(data)); + XMEMSET(cipher, 0, sizeof(cipher)); + + ret = wc_AriaEncrypt(&aria, cipher, data, dataSz, + (byte *)aria.nonce, aria.nonceSz, ad, adSz, + authTag, authTagSz); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); } + + printOutput("Ciphertext", cipher, sizeof(cipher)); + printOutput("AuthTag", authTag, sizeof(authTag)); + + XMEMSET(plain, 0, sizeof(plain)); + + ret = wc_AriaDecrypt(&aria, plain, cipher, dataSz, + (byte *)aria.nonce, aria.nonceSz, ad, adSz, + authTag, authTagSz); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret),out); } + + printOutput("Plaintext", plain, sizeof(plain)); + + if (XMEMCMP(plain, data, dataSz) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC,out); +out: + if (ret != 0) { wc_AriaFreeCrypt(&aria); } + else { ret = wc_AriaFreeCrypt(&aria); } + + return ret; +} +#endif /* HAVE_ARIA */ + + +#ifdef HAVE_CAMELLIA + +enum { + CAM_ECB_ENC, CAM_ECB_DEC, CAM_CBC_ENC, CAM_CBC_DEC +}; + +typedef struct { + int type; + const byte* plaintext; + const byte* iv; + const byte* ciphertext; + const byte* key; + word32 keySz; + int errorCode; +} test_vector_t; + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void) +{ + /* Camellia ECB Test Plaintext */ + WOLFSSL_SMALL_STACK_STATIC const byte pte[] = + { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + + /* Camellia ECB Test Initialization Vector */ + WOLFSSL_SMALL_STACK_STATIC const byte ive[] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + + /* Test 1: Camellia ECB 128-bit key */ + WOLFSSL_SMALL_STACK_STATIC const byte k1[] = + { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + WOLFSSL_SMALL_STACK_STATIC const byte c1[] = + { + 0x67, 0x67, 0x31, 0x38, 0x54, 0x96, 0x69, 0x73, + 0x08, 0x57, 0x06, 0x56, 0x48, 0xea, 0xbe, 0x43 + }; + + /* Test 2: Camellia ECB 192-bit key */ + WOLFSSL_SMALL_STACK_STATIC const byte k2[] = + { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77 + }; + WOLFSSL_SMALL_STACK_STATIC const byte c2[] = + { + 0xb4, 0x99, 0x34, 0x01, 0xb3, 0xe9, 0x96, 0xf8, + 0x4e, 0xe5, 0xce, 0xe7, 0xd7, 0x9b, 0x09, 0xb9 + }; + + /* Test 3: Camellia ECB 256-bit key */ + WOLFSSL_SMALL_STACK_STATIC const byte k3[] = + { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef, + 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10, + 0x00, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x77, + 0x88, 0x99, 0xaa, 0xbb, 0xcc, 0xdd, 0xee, 0xff + }; + WOLFSSL_SMALL_STACK_STATIC const byte c3[] = + { + 0x9a, 0xcc, 0x23, 0x7d, 0xff, 0x16, 0xd7, 0x6c, + 0x20, 0xef, 0x7c, 0x91, 0x9e, 0x3a, 0x75, 0x09 + }; + + /* Camellia CBC Test Plaintext */ + WOLFSSL_SMALL_STACK_STATIC const byte ptc[] = + { + 0x6B, 0xC1, 0xBE, 0xE2, 0x2E, 0x40, 0x9F, 0x96, + 0xE9, 0x3D, 0x7E, 0x11, 0x73, 0x93, 0x17, 0x2A + }; + + /* Camellia CBC Test Initialization Vector */ + WOLFSSL_SMALL_STACK_STATIC const byte ivc[] = + { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }; + + /* Test 4: Camellia-CBC 128-bit key */ + WOLFSSL_SMALL_STACK_STATIC const byte k4[] = + { + 0x2B, 0x7E, 0x15, 0x16, 0x28, 0xAE, 0xD2, 0xA6, + 0xAB, 0xF7, 0x15, 0x88, 0x09, 0xCF, 0x4F, 0x3C + }; + WOLFSSL_SMALL_STACK_STATIC const byte c4[] = + { + 0x16, 0x07, 0xCF, 0x49, 0x4B, 0x36, 0xBB, 0xF0, + 0x0D, 0xAE, 0xB0, 0xB5, 0x03, 0xC8, 0x31, 0xAB + }; + + /* Test 5: Camellia-CBC 192-bit key */ + WOLFSSL_SMALL_STACK_STATIC const byte k5[] = + { + 0x8E, 0x73, 0xB0, 0xF7, 0xDA, 0x0E, 0x64, 0x52, + 0xC8, 0x10, 0xF3, 0x2B, 0x80, 0x90, 0x79, 0xE5, + 0x62, 0xF8, 0xEA, 0xD2, 0x52, 0x2C, 0x6B, 0x7B + }; + WOLFSSL_SMALL_STACK_STATIC const byte c5[] = + { + 0x2A, 0x48, 0x30, 0xAB, 0x5A, 0xC4, 0xA1, 0xA2, + 0x40, 0x59, 0x55, 0xFD, 0x21, 0x95, 0xCF, 0x93 + }; + + /* Test 6: CBC 256-bit key */ + WOLFSSL_SMALL_STACK_STATIC const byte k6[] = + { + 0x60, 0x3D, 0xEB, 0x10, 0x15, 0xCA, 0x71, 0xBE, + 0x2B, 0x73, 0xAE, 0xF0, 0x85, 0x7D, 0x77, 0x81, + 0x1F, 0x35, 0x2C, 0x07, 0x3B, 0x61, 0x08, 0xD7, + 0x2D, 0x98, 0x10, 0xA3, 0x09, 0x14, 0xDF, 0xF4 + }; + WOLFSSL_SMALL_STACK_STATIC const byte c6[] = + { + 0xE6, 0xCF, 0xA3, 0x5F, 0xC0, 0x2B, 0x13, 0x4A, + 0x4D, 0x2C, 0x0B, 0x67, 0x37, 0xAC, 0x3E, 0xDA + }; + + byte out[WC_CAMELLIA_BLOCK_SIZE]; + wc_Camellia cam; + WOLFSSL_SMALL_STACK_STATIC const test_vector_t testVectors[] = + { + {CAM_ECB_ENC, pte, ive, c1, k1, sizeof(k1), 114}, + {CAM_ECB_ENC, pte, ive, c2, k2, sizeof(k2), 115}, + {CAM_ECB_ENC, pte, ive, c3, k3, sizeof(k3), 116}, + {CAM_ECB_DEC, pte, ive, c1, k1, sizeof(k1), 117}, + {CAM_ECB_DEC, pte, ive, c2, k2, sizeof(k2), 118}, + {CAM_ECB_DEC, pte, ive, c3, k3, sizeof(k3), 119}, + {CAM_CBC_ENC, ptc, ivc, c4, k4, sizeof(k4), 120}, + {CAM_CBC_ENC, ptc, ivc, c5, k5, sizeof(k5), 121}, + {CAM_CBC_ENC, ptc, ivc, c6, k6, sizeof(k6), 122}, + {CAM_CBC_DEC, ptc, ivc, c4, k4, sizeof(k4), 123}, + {CAM_CBC_DEC, ptc, ivc, c5, k5, sizeof(k5), 124}, + {CAM_CBC_DEC, ptc, ivc, c6, k6, sizeof(k6), 125} + }; + int i, testsSz; + int ret; + WOLFSSL_ENTER("camellia_test"); + + testsSz = sizeof(testVectors)/sizeof(test_vector_t); + for (i = 0; i < testsSz; i++) { + if (wc_CamelliaSetKey(&cam, testVectors[i].key, testVectors[i].keySz, + testVectors[i].iv) != 0) + return WC_TEST_RET_ENC_I(testVectors[i].errorCode); + + switch (testVectors[i].type) { + case CAM_ECB_ENC: + ret = wc_CamelliaEncryptDirect(&cam, out, + testVectors[i].plaintext); + if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext, + WC_CAMELLIA_BLOCK_SIZE)) + return WC_TEST_RET_ENC_I(testVectors[i].errorCode); + break; + case CAM_ECB_DEC: + ret = wc_CamelliaDecryptDirect(&cam, out, + testVectors[i].ciphertext); + if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext, + WC_CAMELLIA_BLOCK_SIZE)) + return WC_TEST_RET_ENC_I(testVectors[i].errorCode); + break; + case CAM_CBC_ENC: + ret = wc_CamelliaCbcEncrypt(&cam, out, testVectors[i].plaintext, + WC_CAMELLIA_BLOCK_SIZE); + if (ret != 0 || XMEMCMP(out, testVectors[i].ciphertext, + WC_CAMELLIA_BLOCK_SIZE)) + return WC_TEST_RET_ENC_I(testVectors[i].errorCode); + break; + case CAM_CBC_DEC: + ret = wc_CamelliaCbcDecrypt(&cam, out, + testVectors[i].ciphertext, WC_CAMELLIA_BLOCK_SIZE); + if (ret != 0 || XMEMCMP(out, testVectors[i].plaintext, + WC_CAMELLIA_BLOCK_SIZE)) + return WC_TEST_RET_ENC_I(testVectors[i].errorCode); + break; + default: + break; + } + } + + /* Setting the IV and checking it was actually set. */ + ret = wc_CamelliaSetIV(&cam, ivc); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(cam.reg, ivc, WC_CAMELLIA_BLOCK_SIZE) != 0) + return WC_TEST_RET_ENC_NC; + + /* Setting the IV to NULL should be same as all zeros IV */ + ret = wc_CamelliaSetIV(&cam, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(cam.reg, ive, WC_CAMELLIA_BLOCK_SIZE) != 0) + return WC_TEST_RET_ENC_NC; + + /* First parameter should never be null */ + if (wc_CamelliaSetIV(NULL, NULL) == 0) + return WC_TEST_RET_ENC_NC; + + /* First parameter should never be null, check it fails */ + if (wc_CamelliaSetKey(NULL, k1, sizeof(k1), NULL) == 0) + return WC_TEST_RET_ENC_NC; + + /* Key should have a size of 16, 24, or 32 */ + if (wc_CamelliaSetKey(&cam, k1, 0, NULL) == 0) + return WC_TEST_RET_ENC_NC; + + return 0; +} +#endif /* HAVE_CAMELLIA */ + +#ifdef WOLFSSL_SM4 +#ifdef WOLFSSL_SM4_ECB +static int sm4_ecb_test(void) +{ + /* draft-ribose-cfrg-sm4-10 A.2.1.1 */ + WOLFSSL_SMALL_STACK_STATIC const byte k1[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + WOLFSSL_SMALL_STACK_STATIC const byte p1[] = { + 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB, + 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD, + 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF, + 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB + }; + WOLFSSL_SMALL_STACK_STATIC const byte c1_ecb[] = { + 0x5E, 0xC8, 0x14, 0x3D, 0xE5, 0x09, 0xCF, 0xF7, + 0xB5, 0x17, 0x9F, 0x8F, 0x47, 0x4B, 0x86, 0x19, + 0x2F, 0x1D, 0x30, 0x5A, 0x7F, 0xB1, 0x7D, 0xF9, + 0x85, 0xF8, 0x1C, 0x84, 0x82, 0x19, 0x23, 0x04 + }; + + wc_Sm4 sm4; + byte enc[SM4_BLOCK_SIZE * 4]; + byte dec[SM4_BLOCK_SIZE * 4]; + int ret; + + ret = wc_Sm4Init(&sm4, NULL, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Encrypt and decrypt with ECB. */ + ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Sm4EcbEncrypt(&sm4, enc, p1, sizeof(p1)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(enc, c1_ecb, sizeof(c1_ecb)) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_Sm4EcbDecrypt(&sm4, dec, enc, sizeof(c1_ecb)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(dec, p1, sizeof(p1)) != 0) + return WC_TEST_RET_ENC_NC; + + wc_Sm4Free(&sm4); + + return 0; +} +#endif + +#ifdef WOLFSSL_SM4_CBC +static int sm4_cbc_test(void) +{ + /* draft-ribose-cfrg-sm4-10 A.2.2.1 */ + WOLFSSL_SMALL_STACK_STATIC const byte k1[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + WOLFSSL_SMALL_STACK_STATIC const byte p1[] = { + 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB, + 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD, + 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF, + 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB + }; + WOLFSSL_SMALL_STACK_STATIC const byte i1[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }; + WOLFSSL_SMALL_STACK_STATIC const byte c1_cbc[] = { + 0x78, 0xEB, 0xB1, 0x1C, 0xC4, 0x0B, 0x0A, 0x48, + 0x31, 0x2A, 0xAE, 0xB2, 0x04, 0x02, 0x44, 0xCB, + 0x4C, 0xB7, 0x01, 0x69, 0x51, 0x90, 0x92, 0x26, + 0x97, 0x9B, 0x0D, 0x15, 0xDC, 0x6A, 0x8F, 0x6D + }; + + wc_Sm4 sm4; + byte enc[SM4_BLOCK_SIZE * 4]; + byte dec[SM4_BLOCK_SIZE * 4]; + int ret; + + ret = wc_Sm4Init(&sm4, NULL, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Encrypt and decrypt with CBC. */ + ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Sm4SetIV(&sm4, i1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Sm4CbcEncrypt(&sm4, enc, p1, sizeof(p1)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(enc, c1_cbc, sizeof(c1_cbc)) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_Sm4SetIV(&sm4, i1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Sm4CbcDecrypt(&sm4, dec, enc, sizeof(c1_cbc)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(dec, p1, sizeof(p1)) != 0) + return WC_TEST_RET_ENC_NC; + + /* Encrypt and decrypt in-place with CBC. */ + ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Sm4SetIV(&sm4, i1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + XMEMCPY(enc, p1, sizeof(p1)); + ret = wc_Sm4CbcEncrypt(&sm4, enc, enc, sizeof(p1)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(enc, c1_cbc, sizeof(c1_cbc)) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_Sm4SetIV(&sm4, i1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Sm4CbcDecrypt(&sm4, enc, enc, sizeof(c1_cbc)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(enc, p1, sizeof(p1)) != 0) + return WC_TEST_RET_ENC_NC; + + wc_Sm4Free(&sm4); + + return 0; +} +#endif + +#ifdef WOLFSSL_SM4_CTR +static int sm4_ctr_test(void) +{ + /* draft-ribose-cfrg-sm4-10 A.2.5.1 */ + WOLFSSL_SMALL_STACK_STATIC const byte k1[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + WOLFSSL_SMALL_STACK_STATIC const byte i1[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F + }; + WOLFSSL_SMALL_STACK_STATIC const byte p2[] = { + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB + }; + WOLFSSL_SMALL_STACK_STATIC const byte c2_ctr[] = { + 0xAC, 0x32, 0x36, 0xCB, 0x97, 0x0C, 0xC2, 0x07, + 0x91, 0x36, 0x4C, 0x39, 0x5A, 0x13, 0x42, 0xD1, + 0xA3, 0xCB, 0xC1, 0x87, 0x8C, 0x6F, 0x30, 0xCD, + 0x07, 0x4C, 0xCE, 0x38, 0x5C, 0xDD, 0x70, 0xC7, + 0xF2, 0x34, 0xBC, 0x0E, 0x24, 0xC1, 0x19, 0x80, + 0xFD, 0x12, 0x86, 0x31, 0x0C, 0xE3, 0x7B, 0x92, + 0x6E, 0x02, 0xFC, 0xD0, 0xFA, 0xA0, 0xBA, 0xF3, + 0x8B, 0x29, 0x33, 0x85, 0x1D, 0x82, 0x45, 0x14 + }; + + wc_Sm4 sm4; + byte enc[SM4_BLOCK_SIZE * 4]; + byte dec[SM4_BLOCK_SIZE * 4]; + int chunk; + int i; + int ret; + + ret = wc_Sm4Init(&sm4, NULL, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Encrypt and decrypt using encrypt with CTR. */ + ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Sm4SetIV(&sm4, i1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Sm4CtrEncrypt(&sm4, enc, p2, sizeof(p2)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(enc, c2_ctr, sizeof(c2_ctr)) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_Sm4SetIV(&sm4, i1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_Sm4CtrEncrypt(&sm4, dec, enc, sizeof(c2_ctr)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(dec, p2, sizeof(p2)) != 0) + return WC_TEST_RET_ENC_NC; + + for (chunk = 1; chunk <= SM4_BLOCK_SIZE + 1; chunk++) { + ret = wc_Sm4SetIV(&sm4, i1); + if (ret != 0) + return WC_TEST_RET_ENC_I(chunk); + + XMEMSET(enc, 0, sizeof(enc)); + for (i = 0; i + chunk <= (int)sizeof(p2); i += chunk) { + ret = wc_Sm4CtrEncrypt(&sm4, enc + i, p2 + i, chunk); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + } + if (i < (int)sizeof(p2)) { + ret = wc_Sm4CtrEncrypt(&sm4, enc + i, p2 + i, sizeof(p2) - i); + if (ret != 0) + return WC_TEST_RET_ENC_I(chunk); + } + if (XMEMCMP(enc, c2_ctr, sizeof(c2_ctr)) != 0) + return WC_TEST_RET_ENC_I(chunk); + } + + wc_Sm4Free(&sm4); + + return 0; +} +#endif + +#ifdef WOLFSSL_SM4_GCM +static int sm4_gcm_test(void) +{ + WOLFSSL_SMALL_STACK_STATIC const byte k1[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + WOLFSSL_SMALL_STACK_STATIC const byte p1[] = { + 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB, + 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD, + 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF, + 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB + }; + WOLFSSL_SMALL_STACK_STATIC const byte i1[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B + }; + WOLFSSL_SMALL_STACK_STATIC const byte a1[] = { + 0xFF, 0xEE, 0xDD + }; + WOLFSSL_SMALL_STACK_STATIC const byte tag1[] = { + 0x83, 0xb2, 0x91, 0xcf, 0x22, 0xc9, 0x5f, 0x89, + 0xde, 0x3d, 0x52, 0x8d, 0xd7, 0x13, 0x50, 0x89 + }; + WOLFSSL_SMALL_STACK_STATIC const byte c1[] = { + 0xff, 0x8b, 0xb2, 0x3b, 0x0a, 0x0a, 0x12, 0xa4, + 0xa8, 0x4c, 0x4f, 0x67, 0x06, 0x81, 0xbb, 0x88, + 0x66, 0x17, 0xc7, 0x43, 0xbf, 0xae, 0x41, 0x40, + 0xec, 0x1e, 0x03, 0x85, 0x2b, 0x56, 0xa8, 0xc0 + }; + /* RFC8998 A.1. */ + WOLFSSL_SMALL_STACK_STATIC const byte i2[] = { + 0x00, 0x00, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00, + 0x00, 0x00, 0xAB, 0xCD + }; + WOLFSSL_SMALL_STACK_STATIC const byte k2[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + WOLFSSL_SMALL_STACK_STATIC const byte p2[] = { + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA + }; + WOLFSSL_SMALL_STACK_STATIC const byte a2[] = { + 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF, + 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF, + 0xAB, 0xAD, 0xDA, 0xD2 + }; + WOLFSSL_SMALL_STACK_STATIC const byte c2[] = { + 0x17, 0xF3, 0x99, 0xF0, 0x8C, 0x67, 0xD5, 0xEE, + 0x19, 0xD0, 0xDC, 0x99, 0x69, 0xC4, 0xBB, 0x7D, + 0x5F, 0xD4, 0x6F, 0xD3, 0x75, 0x64, 0x89, 0x06, + 0x91, 0x57, 0xB2, 0x82, 0xBB, 0x20, 0x07, 0x35, + 0xD8, 0x27, 0x10, 0xCA, 0x5C, 0x22, 0xF0, 0xCC, + 0xFA, 0x7C, 0xBF, 0x93, 0xD4, 0x96, 0xAC, 0x15, + 0xA5, 0x68, 0x34, 0xCB, 0xCF, 0x98, 0xC3, 0x97, + 0xB4, 0x02, 0x4A, 0x26, 0x91, 0x23, 0x3B, 0x8D + }; + WOLFSSL_SMALL_STACK_STATIC const byte tag2[] = { + 0x83, 0xDE, 0x35, 0x41, 0xE4, 0xC2, 0xB5, 0x81, + 0x77, 0xE0, 0x65, 0xA9, 0xBF, 0x7B, 0x62, 0xEC + }; + + wc_Sm4 sm4; + byte enc[SM4_BLOCK_SIZE * 4]; + byte dec[SM4_BLOCK_SIZE * 4]; + byte tag[SM4_BLOCK_SIZE]; + int ret; + + ret = wc_Sm4Init(&sm4, NULL, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Encrypt and decrypt using encrypt with GCM. */ + ret = wc_Sm4GcmSetKey(&sm4, k1, sizeof(k1)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Sm4GcmEncrypt(&sm4, enc, p1, sizeof(p1), i1, sizeof(i1), tag, + sizeof(tag), a1, sizeof(a1)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(enc, c1, sizeof(c1)) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(tag, tag1, sizeof(tag1)) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_Sm4GcmDecrypt(&sm4, dec, enc, sizeof(c1), i1, sizeof(i1), tag, + sizeof(tag), a1, sizeof(a1)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(dec, p1, sizeof(p1)) != 0) + return WC_TEST_RET_ENC_NC; + + /* RFC8998 test vector. */ + ret = wc_Sm4GcmSetKey(&sm4, k2, sizeof(k2)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Sm4GcmEncrypt(&sm4, enc, p2, sizeof(p2), i2, sizeof(i2), tag, + sizeof(tag), a2, sizeof(a2)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(enc, c2, sizeof(c2)) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(tag, tag2, sizeof(tag2)) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_Sm4GcmDecrypt(&sm4, dec, enc, sizeof(c2), i2, sizeof(i2), tag, + sizeof(tag), a2, sizeof(a2)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(dec, p2, sizeof(p2)) != 0) + return WC_TEST_RET_ENC_NC; + + wc_Sm4Free(&sm4); + + return 0; +} +#endif + +#ifdef WOLFSSL_SM4_CCM +static int sm4_ccm_test(void) +{ + WOLFSSL_SMALL_STACK_STATIC const byte k1[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + WOLFSSL_SMALL_STACK_STATIC const byte p1[] = { + 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB, + 0xCC, 0xCC, 0xCC, 0xCC, 0xDD, 0xDD, 0xDD, 0xDD, + 0xEE, 0xEE, 0xEE, 0xEE, 0xFF, 0xFF, 0xFF, 0xFF, + 0xAA, 0xAA, 0xAA, 0xAA, 0xBB, 0xBB, 0xBB, 0xBB + }; + WOLFSSL_SMALL_STACK_STATIC const byte i1[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B + }; + WOLFSSL_SMALL_STACK_STATIC const byte a1[] = { + 0xFF, 0xEE, 0xDD + }; + WOLFSSL_SMALL_STACK_STATIC const byte tag1[] = { + 0x9a, 0x98, 0x04, 0xb6, 0x0f, 0x19, 0x4a, 0x46, + 0xba, 0xed, 0xe6, 0x89, 0x69, 0x34, 0xad, 0x61 + }; + WOLFSSL_SMALL_STACK_STATIC const byte c1[] = { + 0xbd, 0xc0, 0x72, 0x60, 0xda, 0x2d, 0x11, 0xdc, + 0x66, 0x33, 0xcc, 0xec, 0xb2, 0xf4, 0x53, 0x59, + 0x9e, 0xb1, 0xb3, 0x6b, 0x1f, 0x1c, 0xfb, 0x29, + 0xf5, 0x37, 0xfc, 0x00, 0xf2, 0x4e, 0x70, 0x6f + }; + /* RFC8998 A.1. */ + WOLFSSL_SMALL_STACK_STATIC const byte i2[] = { + 0x00, 0x00, 0x12, 0x34, 0x56, 0x78, 0x00, 0x00, + 0x00, 0x00, 0xAB, 0xCD + }; + WOLFSSL_SMALL_STACK_STATIC const byte k2[] = { + 0x01, 0x23, 0x45, 0x67, 0x89, 0xAB, 0xCD, 0xEF, + 0xFE, 0xDC, 0xBA, 0x98, 0x76, 0x54, 0x32, 0x10 + }; + WOLFSSL_SMALL_STACK_STATIC const byte p2[] = { + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, + 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, 0xBB, + 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, 0xCC, + 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, 0xDD, + 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, + 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, + 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, 0xEE, + 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA, 0xAA + }; + WOLFSSL_SMALL_STACK_STATIC const byte a2[] = { + 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF, + 0xFE, 0xED, 0xFA, 0xCE, 0xDE, 0xAD, 0xBE, 0xEF, + 0xAB, 0xAD, 0xDA, 0xD2 + }; + WOLFSSL_SMALL_STACK_STATIC const byte c2[] = { + 0x48, 0xAF, 0x93, 0x50, 0x1F, 0xA6, 0x2A, 0xDB, + 0xCD, 0x41, 0x4C, 0xCE, 0x60, 0x34, 0xD8, 0x95, + 0xDD, 0xA1, 0xBF, 0x8F, 0x13, 0x2F, 0x04, 0x20, + 0x98, 0x66, 0x15, 0x72, 0xE7, 0x48, 0x30, 0x94, + 0xFD, 0x12, 0xE5, 0x18, 0xCE, 0x06, 0x2C, 0x98, + 0xAC, 0xEE, 0x28, 0xD9, 0x5D, 0xF4, 0x41, 0x6B, + 0xED, 0x31, 0xA2, 0xF0, 0x44, 0x76, 0xC1, 0x8B, + 0xB4, 0x0C, 0x84, 0xA7, 0x4B, 0x97, 0xDC, 0x5B + }; + WOLFSSL_SMALL_STACK_STATIC const byte tag2[] = { + 0x16, 0x84, 0x2D, 0x4F, 0xA1, 0x86, 0xF5, 0x6A, + 0xB3, 0x32, 0x56, 0x97, 0x1F, 0xA1, 0x10, 0xF4 + }; + + wc_Sm4 sm4; + byte enc[SM4_BLOCK_SIZE * 4]; + byte dec[SM4_BLOCK_SIZE * 4]; + byte tag[SM4_BLOCK_SIZE]; + int ret; + + ret = wc_Sm4Init(&sm4, NULL, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Encrypt and decrypt using encrypt with CCM. */ + ret = wc_Sm4SetKey(&sm4, k1, sizeof(k1)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Sm4CcmEncrypt(&sm4, enc, p1, sizeof(p1), i1, sizeof(i1), tag, + sizeof(tag), a1, sizeof(a1)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(enc, c1, sizeof(c1)) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(tag, tag1, sizeof(tag1)) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_Sm4CcmDecrypt(&sm4, dec, enc, sizeof(c1), i1, sizeof(i1), tag, + sizeof(tag), a1, sizeof(a1)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(dec, p1, sizeof(p1)) != 0) + return WC_TEST_RET_ENC_NC; + + /* RFC8998 test vector. */ + ret = wc_Sm4SetKey(&sm4, k2, sizeof(k2)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_Sm4CcmEncrypt(&sm4, enc, p2, sizeof(p2), i2, sizeof(i2), tag, + sizeof(tag), a2, sizeof(a2)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(enc, c2, sizeof(c2)) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(tag, tag2, sizeof(tag2)) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_Sm4CcmDecrypt(&sm4, dec, enc, sizeof(c2), i2, sizeof(i2), tag, + sizeof(tag), a2, sizeof(a2)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(dec, p2, sizeof(p2)) != 0) + return WC_TEST_RET_ENC_NC; + + wc_Sm4Free(&sm4); + + return 0; +} +#endif + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void) +{ + wc_test_ret_t ret; + WOLFSSL_ENTER("sm4_test"); + +#ifdef WOLFSSL_SM4_ECB + ret = sm4_ecb_test(); + if (ret != 0) + return ret; +#endif +#ifdef WOLFSSL_SM4_CBC + ret = sm4_cbc_test(); + if (ret != 0) + return ret; +#endif +#ifdef WOLFSSL_SM4_CTR + ret = sm4_ctr_test(); + if (ret != 0) + return ret; +#endif +#ifdef WOLFSSL_SM4_GCM + ret = sm4_gcm_test(); + if (ret != 0) + return ret; +#endif +#ifdef WOLFSSL_SM4_CCM + ret = sm4_ccm_test(); + if (ret != 0) + return ret; +#endif + + return 0; +} +#endif + +#ifdef HAVE_XCHACHA +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void) { + + WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = { + 0x54, 0x68, 0x65, 0x20, 0x64, 0x68, 0x6f, 0x6c, 0x65, 0x20, 0x28, 0x70, 0x72, 0x6f, 0x6e, 0x6f, /* The dhole (prono */ + 0x75, 0x6e, 0x63, 0x65, 0x64, 0x20, 0x22, 0x64, 0x6f, 0x6c, 0x65, 0x22, 0x29, 0x20, 0x69, 0x73, /* unced "dole") is */ + 0x20, 0x61, 0x6c, 0x73, 0x6f, 0x20, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x20, 0x61, 0x73, 0x20, 0x74, /* also known as t */ + 0x68, 0x65, 0x20, 0x41, 0x73, 0x69, 0x61, 0x74, 0x69, 0x63, 0x20, 0x77, 0x69, 0x6c, 0x64, 0x20, /* he Asiatic wild */ + 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x72, 0x65, 0x64, 0x20, 0x64, 0x6f, 0x67, 0x2c, 0x20, 0x61, 0x6e, /* dog, red dog, an */ + 0x64, 0x20, 0x77, 0x68, 0x69, 0x73, 0x74, 0x6c, 0x69, 0x6e, 0x67, 0x20, 0x64, 0x6f, 0x67, 0x2e, /* d whistling dog. */ + 0x20, 0x49, 0x74, 0x20, 0x69, 0x73, 0x20, 0x61, 0x62, 0x6f, 0x75, 0x74, 0x20, 0x74, 0x68, 0x65, /* It is about the */ + 0x20, 0x73, 0x69, 0x7a, 0x65, 0x20, 0x6f, 0x66, 0x20, 0x61, 0x20, 0x47, 0x65, 0x72, 0x6d, 0x61, /* size of a Germa */ + 0x6e, 0x20, 0x73, 0x68, 0x65, 0x70, 0x68, 0x65, 0x72, 0x64, 0x20, 0x62, 0x75, 0x74, 0x20, 0x6c, /* n shepherd but l */ + 0x6f, 0x6f, 0x6b, 0x73, 0x20, 0x6d, 0x6f, 0x72, 0x65, 0x20, 0x6c, 0x69, 0x6b, 0x65, 0x20, 0x61, /* ooks more like a */ + 0x20, 0x6c, 0x6f, 0x6e, 0x67, 0x2d, 0x6c, 0x65, 0x67, 0x67, 0x65, 0x64, 0x20, 0x66, 0x6f, 0x78, /* long-legged fox */ + 0x2e, 0x20, 0x54, 0x68, 0x69, 0x73, 0x20, 0x68, 0x69, 0x67, 0x68, 0x6c, 0x79, 0x20, 0x65, 0x6c, /* . This highly el */ + 0x75, 0x73, 0x69, 0x76, 0x65, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x73, 0x6b, 0x69, 0x6c, 0x6c, 0x65, /* usive and skille */ + 0x64, 0x20, 0x6a, 0x75, 0x6d, 0x70, 0x65, 0x72, 0x20, 0x69, 0x73, 0x20, 0x63, 0x6c, 0x61, 0x73, /* d jumper is clas */ + 0x73, 0x69, 0x66, 0x69, 0x65, 0x64, 0x20, 0x77, 0x69, 0x74, 0x68, 0x20, 0x77, 0x6f, 0x6c, 0x76, /* sified with wolv */ + 0x65, 0x73, 0x2c, 0x20, 0x63, 0x6f, 0x79, 0x6f, 0x74, 0x65, 0x73, 0x2c, 0x20, 0x6a, 0x61, 0x63, /* es, coyotes, jac */ + 0x6b, 0x61, 0x6c, 0x73, 0x2c, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x66, 0x6f, 0x78, 0x65, 0x73, 0x20, /* kals, and foxes */ + 0x69, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x74, 0x61, 0x78, 0x6f, 0x6e, 0x6f, 0x6d, 0x69, 0x63, /* in the taxonomic */ + 0x20, 0x66, 0x61, 0x6d, 0x69, 0x6c, 0x79, 0x20, 0x43, 0x61, 0x6e, 0x69, 0x64, 0x61, 0x65, 0x2e /* family Canidae. */ + }; + + WOLFSSL_SMALL_STACK_STATIC const byte Key[] = { + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f + }; + + WOLFSSL_SMALL_STACK_STATIC const byte IV[] = { + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */ + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x58 }; /* PQRSTUVW */ + + WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = { + 0x45, 0x59, 0xab, 0xba, 0x4e, 0x48, 0xc1, 0x61, 0x02, 0xe8, 0xbb, 0x2c, 0x05, 0xe6, 0x94, 0x7f, + 0x50, 0xa7, 0x86, 0xde, 0x16, 0x2f, 0x9b, 0x0b, 0x7e, 0x59, 0x2a, 0x9b, 0x53, 0xd0, 0xd4, 0xe9, + 0x8d, 0x8d, 0x64, 0x10, 0xd5, 0x40, 0xa1, 0xa6, 0x37, 0x5b, 0x26, 0xd8, 0x0d, 0xac, 0xe4, 0xfa, + 0xb5, 0x23, 0x84, 0xc7, 0x31, 0xac, 0xbf, 0x16, 0xa5, 0x92, 0x3c, 0x0c, 0x48, 0xd3, 0x57, 0x5d, + 0x4d, 0x0d, 0x2c, 0x67, 0x3b, 0x66, 0x6f, 0xaa, 0x73, 0x10, 0x61, 0x27, 0x77, 0x01, 0x09, 0x3a, + 0x6b, 0xf7, 0xa1, 0x58, 0xa8, 0x86, 0x42, 0x92, 0xa4, 0x1c, 0x48, 0xe3, 0xa9, 0xb4, 0xc0, 0xda, + 0xec, 0xe0, 0xf8, 0xd9, 0x8d, 0x0d, 0x7e, 0x05, 0xb3, 0x7a, 0x30, 0x7b, 0xbb, 0x66, 0x33, 0x31, + 0x64, 0xec, 0x9e, 0x1b, 0x24, 0xea, 0x0d, 0x6c, 0x3f, 0xfd, 0xdc, 0xec, 0x4f, 0x68, 0xe7, 0x44, + 0x30, 0x56, 0x19, 0x3a, 0x03, 0xc8, 0x10, 0xe1, 0x13, 0x44, 0xca, 0x06, 0xd8, 0xed, 0x8a, 0x2b, + 0xfb, 0x1e, 0x8d, 0x48, 0xcf, 0xa6, 0xbc, 0x0e, 0xb4, 0xe2, 0x46, 0x4b, 0x74, 0x81, 0x42, 0x40, + 0x7c, 0x9f, 0x43, 0x1a, 0xee, 0x76, 0x99, 0x60, 0xe1, 0x5b, 0xa8, 0xb9, 0x68, 0x90, 0x46, 0x6e, + 0xf2, 0x45, 0x75, 0x99, 0x85, 0x23, 0x85, 0xc6, 0x61, 0xf7, 0x52, 0xce, 0x20, 0xf9, 0xda, 0x0c, + 0x09, 0xab, 0x6b, 0x19, 0xdf, 0x74, 0xe7, 0x6a, 0x95, 0x96, 0x74, 0x46, 0xf8, 0xd0, 0xfd, 0x41, + 0x5e, 0x7b, 0xee, 0x2a, 0x12, 0xa1, 0x14, 0xc2, 0x0e, 0xb5, 0x29, 0x2a, 0xe7, 0xa3, 0x49, 0xae, + 0x57, 0x78, 0x20, 0xd5, 0x52, 0x0a, 0x1f, 0x3f, 0xb6, 0x2a, 0x17, 0xce, 0x6a, 0x7e, 0x68, 0xfa, + 0x7c, 0x79, 0x11, 0x1d, 0x88, 0x60, 0x92, 0x0b, 0xc0, 0x48, 0xef, 0x43, 0xfe, 0x84, 0x48, 0x6c, + 0xcb, 0x87, 0xc2, 0x5f, 0x0a, 0xe0, 0x45, 0xf0, 0xcc, 0xe1, 0xe7, 0x98, 0x9a, 0x9a, 0xa2, 0x20, + 0xa2, 0x8b, 0xdd, 0x48, 0x27, 0xe7, 0x51, 0xa2, 0x4a, 0x6d, 0x5c, 0x62, 0xd7, 0x90, 0xa6, 0x63, + 0x93, 0xb9, 0x31, 0x11, 0xc1, 0xa5, 0x5d, 0xd7, 0x42, 0x1a, 0x10, 0x18, 0x49, 0x74, 0xc7, 0xc5 + }; + + wc_test_ret_t ret; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + struct ChaCha *chacha = (struct ChaCha *)XMALLOC(sizeof *chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER); + byte *buf1 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + WOLFSSL_ENTER("XChaCha_test"); + if ((chacha == NULL) || (buf1 == NULL) || (buf2 == NULL)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + struct ChaCha chacha[1]; + byte buf1[sizeof Plaintext]; + byte buf2[sizeof Plaintext]; + WOLFSSL_ENTER("XChaCha_test"); +#endif + + ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_Chacha_Process(chacha, buf1, Plaintext, sizeof Plaintext); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(buf1, Ciphertext, sizeof Plaintext)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_XChacha_SetKey(chacha, Key, sizeof Key, IV, sizeof IV, 0); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_Chacha_Process(chacha, buf2, buf1, sizeof Plaintext); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(buf2, Plaintext, sizeof Plaintext)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(chacha, HEAP_HINT, DYNAMIC_TYPE_CIPHER); + XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} +#endif /* HAVE_XCHACHA */ + +#if defined(HAVE_XCHACHA) && defined(HAVE_POLY1305) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void) { + + WOLFSSL_SMALL_STACK_STATIC const byte Plaintext[] = { + 0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61, 0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x6c, /* Ladies and Gentl */ + 0x65, 0x6d, 0x65, 0x6e, 0x20, 0x6f, 0x66, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x61, 0x73, /* emen of the clas */ + 0x73, 0x20, 0x6f, 0x66, 0x20, 0x27, 0x39, 0x39, 0x3a, 0x20, 0x49, 0x66, 0x20, 0x49, 0x20, 0x63, /* s of '99: If I c */ + 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x6f, 0x66, 0x66, 0x65, 0x72, 0x20, 0x79, 0x6f, 0x75, 0x20, 0x6f, /* ould offer you o */ + 0x6e, 0x6c, 0x79, 0x20, 0x6f, 0x6e, 0x65, 0x20, 0x74, 0x69, 0x70, 0x20, 0x66, 0x6f, 0x72, 0x20, /* nly one tip for */ + 0x74, 0x68, 0x65, 0x20, 0x66, 0x75, 0x74, 0x75, 0x72, 0x65, 0x2c, 0x20, 0x73, 0x75, 0x6e, 0x73, /* the future, suns */ + 0x63, 0x72, 0x65, 0x65, 0x6e, 0x20, 0x77, 0x6f, 0x75, 0x6c, 0x64, 0x20, 0x62, 0x65, 0x20, 0x69, /* creen would be i */ + 0x74, 0x2e }; /* t. */ + + WOLFSSL_SMALL_STACK_STATIC const byte AAD[] = { 0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3, 0xc4, 0xc5, 0xc6, 0xc7 }; /* PQRS........ */ + + WOLFSSL_SMALL_STACK_STATIC const byte Key[] = { + 0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87, 0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f, + 0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97, 0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f + }; + + WOLFSSL_SMALL_STACK_STATIC const byte IV[] = { + 0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f, /* @ABCDEFGHIJKLMNO */ + 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57 }; /* PQRSTUVW */ + + WOLFSSL_SMALL_STACK_STATIC const byte Ciphertext[] = { + 0xbd, 0x6d, 0x17, 0x9d, 0x3e, 0x83, 0xd4, 0x3b, 0x95, 0x76, 0x57, 0x94, 0x93, 0xc0, 0xe9, 0x39, + 0x57, 0x2a, 0x17, 0x00, 0x25, 0x2b, 0xfa, 0xcc, 0xbe, 0xd2, 0x90, 0x2c, 0x21, 0x39, 0x6c, 0xbb, + 0x73, 0x1c, 0x7f, 0x1b, 0x0b, 0x4a, 0xa6, 0x44, 0x0b, 0xf3, 0xa8, 0x2f, 0x4e, 0xda, 0x7e, 0x39, + 0xae, 0x64, 0xc6, 0x70, 0x8c, 0x54, 0xc2, 0x16, 0xcb, 0x96, 0xb7, 0x2e, 0x12, 0x13, 0xb4, 0x52, + 0x2f, 0x8c, 0x9b, 0xa4, 0x0d, 0xb5, 0xd9, 0x45, 0xb1, 0x1b, 0x69, 0xb9, 0x82, 0xc1, 0xbb, 0x9e, + 0x3f, 0x3f, 0xac, 0x2b, 0xc3, 0x69, 0x48, 0x8f, 0x76, 0xb2, 0x38, 0x35, 0x65, 0xd3, 0xff, 0xf9, + 0x21, 0xf9, 0x66, 0x4c, 0x97, 0x63, 0x7d, 0xa9, 0x76, 0x88, 0x12, 0xf6, 0x15, 0xc6, 0x8b, 0x13, + 0xb5, 0x2e }; + + WOLFSSL_SMALL_STACK_STATIC const byte Tag[] = { + 0xc0, 0x87, 0x59, 0x24, 0xc1, 0xc7, 0x98, 0x79, 0x47, 0xde, 0xaf, 0xd8, 0x78, 0x0a, 0xcf, 0x49 + }; + + wc_test_ret_t ret; + + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte *buf1 = (byte *)XMALLOC(sizeof Ciphertext + sizeof Tag, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *buf2 = (byte *)XMALLOC(sizeof Plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + WOLFSSL_ENTER("XChaCha20Poly1305_test"); + if ((buf1 == NULL) || (buf2 == NULL)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + byte buf1[sizeof Ciphertext + sizeof Tag]; + byte buf2[sizeof Plaintext]; + WOLFSSL_ENTER("XChaCha20Poly1305_test"); +#endif + + ret = wc_XChaCha20Poly1305_Encrypt(buf1, sizeof Ciphertext + sizeof Tag, + Plaintext, sizeof Plaintext, + AAD, sizeof AAD, + IV, sizeof IV, + Key, sizeof Key); + + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(buf1, Ciphertext, sizeof Ciphertext)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(buf1 + sizeof Ciphertext, Tag, CHACHA20_POLY1305_AEAD_AUTHTAG_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_XChaCha20Poly1305_Decrypt(buf2, sizeof Plaintext, + buf1, sizeof Ciphertext + sizeof Tag, + AAD, sizeof AAD, + IV, sizeof IV, + Key, sizeof Key); + + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(buf2, Plaintext, sizeof Plaintext)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(buf1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(buf2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} +#endif /* defined(HAVE_XCHACHA) && defined(HAVE_POLY1305) */ + +#ifndef WC_NO_RNG +static wc_test_ret_t _rng_test(WC_RNG* rng) +{ + byte block[32]; + wc_test_ret_t ret; + int i; + + XMEMSET(block, 0, sizeof(block)); + + ret = wc_RNG_GenerateBlock(rng, block, sizeof(block)); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + + /* Check for 0's */ + for (i=0; i<(int)sizeof(block); i++) { + if (block[i] == 0) { + ret++; + } + } + /* All zeros count check */ + if (ret >= (int)sizeof(block)) { + return WC_TEST_RET_ENC_NC; + } + + ret = wc_RNG_GenerateByte(rng, block); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + + /* Parameter validation testing. */ + ret = wc_RNG_GenerateBlock(NULL, block, sizeof(block)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + return WC_TEST_RET_ENC_EC(ret); + } + ret = wc_RNG_GenerateBlock(rng, NULL, sizeof(block)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + return WC_TEST_RET_ENC_EC(ret); + } + + ret = wc_RNG_GenerateByte(NULL, block); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + return WC_TEST_RET_ENC_EC(ret); + } + ret = wc_RNG_GenerateByte(rng, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + return WC_TEST_RET_ENC_EC(ret); + } + + return 0; +} + +static wc_test_ret_t random_rng_test(void) +{ + WC_RNG localRng; + WC_RNG* rng; + wc_test_ret_t ret; + + rng = &localRng; + /* Test stack based RNG. */ +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(rng); +#endif + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = _rng_test(rng); + + /* Make sure and free RNG */ + wc_FreeRng(rng); + + if (ret != 0) + return ret; + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC) + { + byte nonce[8] = { 0 }; + + /* Test dynamic RNG */ + rng = wc_rng_new(nonce, (word32)sizeof(nonce), HEAP_HINT); + if (rng == NULL) + return WC_TEST_RET_ENC_ERRNO; + + ret = _rng_test(rng); + wc_rng_free(rng); + rng = NULL; + + if (ret != 0) + return ret; + + /* Test dynamic RNG using extended API */ + ret = wc_rng_new_ex(&rng, nonce, (word32)sizeof(nonce), + HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = _rng_test(rng); + wc_rng_free(rng); + + if (ret != 0) + return ret; + } +#endif + + return ret; +} + +#if defined(HAVE_HASHDRBG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) + +#if defined(WC_RNG_SEED_CB) && \ + !(defined(ENTROPY_SCALE_FACTOR) || defined(SEED_BLOCK_SZ)) +static int seed_cb(OS_Seed* os, byte* output, word32 sz) +{ + word32 i; + (void)os; + /* Known answer test. Set the seed to the same value every time. */ + for (i = 0; i < sz; i++) + output[i] = (byte)i; + return 0; +} + +static wc_test_ret_t rng_seed_test(void) +{ + /* The expected PRNG block depends on ENTROPY_SCALE_FACTOR and + * SEED_BLOCK_SZ, which depend on which seed back end is configured. + */ +#if defined(HAVE_ENTROPY_MEMUSE) && defined(HAVE_AMD_RDSEED) && \ + !(defined(HAVE_FIPS) && FIPS_VERSION_LT(6,0)) + #ifdef HAVE_FIPS + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0x35, 0x1e, 0xf9, 0xe8, 0x6b, 0x19, 0xe0, 0xe5, + 0x32, 0xb3, 0x41, 0xe5, 0xc1, 0x35, 0x18, 0x35, + 0x84, 0x2a, 0x3f, 0x84, 0x16, 0xc4, 0xf3, 0x50, + 0xdd, 0x4b, 0xeb, 0xe4, 0xcd, 0xbe, 0x94, 0x84 + }; + #else + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0xb8, 0x3e, 0x23, 0xad, 0x34, 0xb6, 0x1e, 0xc7, + 0x0f, 0xa6, 0x4a, 0x45, 0x12, 0x66, 0xfd, 0x4d, + 0x97, 0xb2, 0x3d, 0xb3, 0xda, 0xcc, 0xed, 0x50, + 0x2e, 0xe0, 0x51, 0x38, 0x1d, 0x0f, 0x81, 0x35 + }; + #endif +#elif defined(HAVE_ENTROPY_MEMUSE) && \ + (defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)) + #ifdef HAVE_FIPS + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0xba, 0xc3, 0x2f, 0xcf, 0xd2, 0x0e, 0xe1, 0x16, + 0x45, 0xdc, 0xc2, 0x87, 0x0d, 0x70, 0xde, 0x5e, + 0x2e, 0x2f, 0x0c, 0x7a, 0x1d, 0x04, 0x89, 0x0d, + 0x0b, 0x9a, 0x51, 0x00, 0x4f, 0x7e, 0xce, 0xd6 + }; + #else + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0xa6, 0xfa, 0x3e, 0xb7, 0x66, 0x85, 0x96, 0x79, + 0xef, 0x91, 0x26, 0xa1, 0xe8, 0x71, 0xa7, 0x13, + 0x03, 0xea, 0xe5, 0x7b, 0x36, 0x52, 0x02, 0x39, + 0x83, 0xbf, 0x41, 0xd1, 0x3e, 0x8f, 0xc0, 0x45 + }; + #endif +#elif defined(HAVE_AMD_RDSEED) && \ + !(defined(HAVE_FIPS) && FIPS_VERSION_LT(6,0)) + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0x2c, 0xd4, 0x9b, 0x1e, 0x1e, 0xe7, 0xb0, 0xb0, + 0xf9, 0xa0, 0xa9, 0xd5, 0x8d, 0xf9, 0x6d, 0x10, + 0xf4, 0x77, 0xaf, 0xac, 0x3d, 0x2f, 0x6b, 0x1f, + 0xa2, 0xe7, 0xe5, 0x90, 0x6d, 0x1f, 0x88, 0x98 + }; +#elif (defined(HAVE_INTEL_RDSEED) || defined(HAVE_INTEL_RDRAND)) && \ + !(defined(HAVE_FIPS) && FIPS_VERSION_LT(6,0)) + #ifdef HAVE_FIPS + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0x27, 0xdd, 0xff, 0x5b, 0x21, 0x26, 0x0a, 0x48, + 0xb3, 0x6b, 0xd8, 0x14, 0x00, 0x55, 0xe8, 0x39, + 0x6d, 0x31, 0xf3, 0x6e, 0xe7, 0xbf, 0xce, 0x08, + 0x1f, 0x61, 0x73, 0xe6, 0x3c, 0xb9, 0x12, 0xea + }; + #else + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0x3b, 0x9d, 0x0d, 0xc8, 0x0e, 0xb4, 0x33, 0x0b, + 0x50, 0x5f, 0x3a, 0xee, 0xc8, 0x68, 0x8d, 0x9f, + 0xdf, 0x39, 0x06, 0x78, 0xf8, 0x6a, 0xd6, 0xc6, + 0xd7, 0x63, 0x57, 0xe8, 0x6d, 0xf7, 0xc8, 0x6b + }; + #endif +#elif defined(HAVE_INTEL_RDSEED) && \ + defined(HAVE_FIPS) && FIPS_VERSION_LT(6,0) + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0x27, 0xdd, 0xff, 0x5b, 0x21, 0x26, 0x0a, 0x48, + 0xb3, 0x6b, 0xd8, 0x14, 0x00, 0x55, 0xe8, 0x39, + 0x6d, 0x31, 0xf3, 0x6e, 0xe7, 0xbf, 0xce, 0x08, + 0x1f, 0x61, 0x73, 0xe6, 0x3c, 0xb9, 0x12, 0xea + }; +#elif defined(HAVE_FIPS) + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0xaf, 0x31, 0xcc, 0xef, 0xa9, 0x29, 0x4c, 0x24, + 0xbd, 0xa5, 0xa3, 0x52, 0x69, 0xf3, 0xb9, 0xb2, + 0x1e, 0xd4, 0x52, 0x3b, 0x9a, 0x96, 0x06, 0x20, + 0xc0, 0x5f, 0x44, 0x06, 0x1f, 0x80, 0xdf, 0xe0 + }; +#else + WOLFSSL_SMALL_STACK_STATIC const byte check[] = + { + 0x83, 0x46, 0x65, 0x2f, 0x5c, 0x44, 0x16, 0x5f, + 0xb3, 0x89, 0x26, 0xde, 0x0b, 0x6b, 0xa2, 0x06, + 0x7e, 0xa7, 0x9a, 0x55, 0x22, 0x01, 0xb0, 0x22, + 0xf4, 0x7e, 0xa2, 0x66, 0xc4, 0x08, 0x6f, 0xba + }; +#endif + byte output[WC_SHA256_DIGEST_SIZE]; + WC_RNG rng; + wc_test_ret_t ret; + + ret = wc_SetSeed_Cb(seed_cb); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + ret = wc_InitRng(&rng); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + ret = wc_RNG_GenerateBlock(&rng, output, sizeof(output)); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + ret = XMEMCMP(output, check, sizeof(output)); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + ret = wc_FreeRng(&rng); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + ret = wc_SetSeed_Cb(WC_GENERATE_SEED_DEFAULT); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + +out: + return ret; +} +#endif /* WC_RNG_SEED_CB) && !(ENTROPY_SCALE_FACTOR || SEED_BLOCK_SZ) */ + + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void) +{ + WOLFSSL_SMALL_STACK_STATIC const byte test1Entropy[] = + { + 0xa6, 0x5a, 0xd0, 0xf3, 0x45, 0xdb, 0x4e, 0x0e, 0xff, 0xe8, 0x75, 0xc3, + 0xa2, 0xe7, 0x1f, 0x42, 0xc7, 0x12, 0x9d, 0x62, 0x0f, 0xf5, 0xc1, 0x19, + 0xa9, 0xef, 0x55, 0xf0, 0x51, 0x85, 0xe0, 0xfb, 0x85, 0x81, 0xf9, 0x31, + 0x75, 0x17, 0x27, 0x6e, 0x06, 0xe9, 0x60, 0x7d, 0xdb, 0xcb, 0xcc, 0x2e + }; + WOLFSSL_SMALL_STACK_STATIC const byte test1Output[] = + { + 0xd3, 0xe1, 0x60, 0xc3, 0x5b, 0x99, 0xf3, 0x40, 0xb2, 0x62, 0x82, 0x64, + 0xd1, 0x75, 0x10, 0x60, 0xe0, 0x04, 0x5d, 0xa3, 0x83, 0xff, 0x57, 0xa5, + 0x7d, 0x73, 0xa6, 0x73, 0xd2, 0xb8, 0xd8, 0x0d, 0xaa, 0xf6, 0xa6, 0xc3, + 0x5a, 0x91, 0xbb, 0x45, 0x79, 0xd7, 0x3f, 0xd0, 0xc8, 0xfe, 0xd1, 0x11, + 0xb0, 0x39, 0x13, 0x06, 0x82, 0x8a, 0xdf, 0xed, 0x52, 0x8f, 0x01, 0x81, + 0x21, 0xb3, 0xfe, 0xbd, 0xc3, 0x43, 0xe7, 0x97, 0xb8, 0x7d, 0xbb, 0x63, + 0xdb, 0x13, 0x33, 0xde, 0xd9, 0xd1, 0xec, 0xe1, 0x77, 0xcf, 0xa6, 0xb7, + 0x1f, 0xe8, 0xab, 0x1d, 0xa4, 0x66, 0x24, 0xed, 0x64, 0x15, 0xe5, 0x1c, + 0xcd, 0xe2, 0xc7, 0xca, 0x86, 0xe2, 0x83, 0x99, 0x0e, 0xea, 0xeb, 0x91, + 0x12, 0x04, 0x15, 0x52, 0x8b, 0x22, 0x95, 0x91, 0x02, 0x81, 0xb0, 0x2d, + 0xd4, 0x31, 0xf4, 0xc9, 0xf7, 0x04, 0x27, 0xdf + }; + WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyA[] = + { + 0x63, 0x36, 0x33, 0x77, 0xe4, 0x1e, 0x86, 0x46, 0x8d, 0xeb, 0x0a, 0xb4, + 0xa8, 0xed, 0x68, 0x3f, 0x6a, 0x13, 0x4e, 0x47, 0xe0, 0x14, 0xc7, 0x00, + 0x45, 0x4e, 0x81, 0xe9, 0x53, 0x58, 0xa5, 0x69, 0x80, 0x8a, 0xa3, 0x8f, + 0x2a, 0x72, 0xa6, 0x23, 0x59, 0x91, 0x5a, 0x9f, 0x8a, 0x04, 0xca, 0x68 + }; + WOLFSSL_SMALL_STACK_STATIC const byte test2EntropyB[] = + { + 0xe6, 0x2b, 0x8a, 0x8e, 0xe8, 0xf1, 0x41, 0xb6, 0x98, 0x05, 0x66, 0xe3, + 0xbf, 0xe3, 0xc0, 0x49, 0x03, 0xda, 0xd4, 0xac, 0x2c, 0xdf, 0x9f, 0x22, + 0x80, 0x01, 0x0a, 0x67, 0x39, 0xbc, 0x83, 0xd3 + }; + WOLFSSL_SMALL_STACK_STATIC const byte test2Output[] = + { + 0x04, 0xee, 0xc6, 0x3b, 0xb2, 0x31, 0xdf, 0x2c, 0x63, 0x0a, 0x1a, 0xfb, + 0xe7, 0x24, 0x94, 0x9d, 0x00, 0x5a, 0x58, 0x78, 0x51, 0xe1, 0xaa, 0x79, + 0x5e, 0x47, 0x73, 0x47, 0xc8, 0xb0, 0x56, 0x62, 0x1c, 0x18, 0xbd, 0xdc, + 0xdd, 0x8d, 0x99, 0xfc, 0x5f, 0xc2, 0xb9, 0x20, 0x53, 0xd8, 0xcf, 0xac, + 0xfb, 0x0b, 0xb8, 0x83, 0x12, 0x05, 0xfa, 0xd1, 0xdd, 0xd6, 0xc0, 0x71, + 0x31, 0x8a, 0x60, 0x18, 0xf0, 0x3b, 0x73, 0xf5, 0xed, 0xe4, 0xd4, 0xd0, + 0x71, 0xf9, 0xde, 0x03, 0xfd, 0x7a, 0xea, 0x10, 0x5d, 0x92, 0x99, 0xb8, + 0xaf, 0x99, 0xaa, 0x07, 0x5b, 0xdb, 0x4d, 0xb9, 0xaa, 0x28, 0xc1, 0x8d, + 0x17, 0x4b, 0x56, 0xee, 0x2a, 0x01, 0x4d, 0x09, 0x88, 0x96, 0xff, 0x22, + 0x82, 0xc9, 0x55, 0xa8, 0x19, 0x69, 0xe0, 0x69, 0xfa, 0x8c, 0xe0, 0x07, + 0xa1, 0x80, 0x18, 0x3a, 0x07, 0xdf, 0xae, 0x17 + }; + + byte output[32 * 4]; + wc_test_ret_t ret; + WOLFSSL_ENTER("random_test"); + + ret = wc_RNG_HealthTest(0, test1Entropy, sizeof(test1Entropy), NULL, 0, + output, sizeof(output)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(test1Output, output, sizeof(output)) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_RNG_HealthTest(1, test2EntropyA, sizeof(test2EntropyA), + test2EntropyB, sizeof(test2EntropyB), + output, sizeof(output)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(test2Output, output, sizeof(output)) != 0) + return WC_TEST_RET_ENC_NC; + + /* Basic RNG generate block test */ + if ((ret = random_rng_test()) != 0) + return ret; + + /* Test the seed check function. */ +#if !(defined(HAVE_FIPS) || defined(HAVE_SELFTEST)) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2)) + { + word32 i, outputSz; + + /* Repeat the same byte over and over. Should fail. */ + outputSz = sizeof(output); + XMEMSET(output, 1, outputSz); + ret = wc_RNG_TestSeed(output, outputSz); + if (ret == 0) + return WC_TEST_RET_ENC_NC; + + /* Every byte of the entropy scratch is different, + * entropy is a single byte that shouldn't match. */ + outputSz = (sizeof(output) / 2) + 1; + for (i = 0; i < outputSz; i++) + output[i] = (byte)i; + ret = wc_RNG_TestSeed(output, outputSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + outputSz = sizeof(output); + for (i = 0; i < outputSz; i++) + output[i] = (byte)i; + ret = wc_RNG_TestSeed(output, outputSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + } +#endif + + /* Test the seed callback. */ +#if defined(WC_RNG_SEED_CB) && \ + !(defined(ENTROPY_SCALE_FACTOR) || defined(SEED_BLOCK_SZ)) + if ((ret = rng_seed_test()) != 0) + return ret; +#endif + + return 0; +} + +#else + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void) +{ + WOLFSSL_ENTER("random_test"); + + /* Basic RNG generate block test */ + return random_rng_test(); +} + +#endif /* HAVE_HASHDRBG && !CUSTOM_RAND_GENERATE_BLOCK */ +#endif /* WC_NO_RNG */ + +#ifndef MEM_TEST_SZ + #define MEM_TEST_SZ 1024 +#endif + +#if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC) +static int simple_mem_test(size_t sz) +{ + int ret = 0; + byte* b; + int i; + + b = (byte*)XMALLOC(sz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (b == NULL) { + return WC_TEST_RET_ENC_NC; + } + /* utilize memory */ + for (i = 0; i < (int)sz; i++) { + b[i] = (byte)i; + } + /* read back and verify */ + for (i = 0; i < (int)sz; i++) { + if (b[i] != (byte)i) { + ret = WC_TEST_RET_ENC_NC; + break; + } + } + XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} +#endif + +/* If successful, returns the first letter of the byte array `in`. +** +** This is a deceptively simple test of a read-only embedded Linux file system. +** (e.g CFLAGS `-mfdpic` and `-mforce-l32`) for Xtensa Linux ESP32. When the +** `-mforce-l32` is missing, access to `in` will fail with Illegal Instruction. +** Const is on read-only memory-mapped file system, *not* loaded in app memory. +** +** Edit with caution. See PR #6523. */ +static wc_test_ret_t const_byte_ptr_test(const byte* in, word32 *outJ) +{ + wc_test_ret_t ret = 0; + volatile word32 j = (word32)-1; /* must be volatile to properly detect error */ + + ret = (wc_test_ret_t)*in; /* accessed *in value. */ + (void)ret; + j = *outJ; /* Found index to use in const array. */ + + if (j == 0) { +#ifdef DEBUG_WOLFSSL + printf("Testing const byte ptr reference...\n"); +#endif + /* although j is zero, in[0] does not detect the Illegal instruction */ + ret = in[j]; /* The big test: can we actually access the `in` data? */ + } + else { + ret = WC_TEST_RET_ENC_I(j); + } + + return ret; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void) +{ + wc_test_ret_t ret = 0; + word32 j = 0; /* used in embedded const pointer test */ + WOLFSSL_ENTER("memory_test"); + +#if defined(COMPLEX_MEM_TEST) || defined(WOLFSSL_STATIC_MEMORY) + int i; +#endif +#ifdef WOLFSSL_STATIC_MEMORY + word32 size[] = { WOLFMEM_BUCKETS }; + word32 dist[] = { WOLFMEM_DIST }; + byte buffer[30000]; /* make large enough to involve many bucket sizes */ + int pad = -(int)((wc_ptr_t)buffer) & (WOLFSSL_STATIC_ALIGN - 1); + /* pad to account for if head of buffer is not at set memory + * alignment when tests are ran */ +#endif + +#ifdef WOLFSSL_STATIC_MEMORY + /* check macro settings */ + if (sizeof(size)/sizeof(word32) != WOLFMEM_DEF_BUCKETS) { + return WC_TEST_RET_ENC_NC; + } + + if (sizeof(dist)/sizeof(word32) != WOLFMEM_DEF_BUCKETS) { + return WC_TEST_RET_ENC_NC; + } + + if (WOLFMEM_DEF_BUCKETS > WOLFMEM_MAX_BUCKETS) { + return WC_TEST_RET_ENC_NC; + } + + for (i = 0; i < WOLFMEM_DEF_BUCKETS; i++) { + if ((size[i] % WOLFSSL_STATIC_ALIGN) != 0) { + /* each element in array should be divisible by alignment size */ + return WC_TEST_RET_ENC_NC; + } + } + + for (i = 1; i < WOLFMEM_DEF_BUCKETS; i++) { + if (size[i - 1] >= size[i]) { + return WC_TEST_RET_ENC_NC; /* sizes should be in increasing order */ + } + } + +#ifndef WOLFSSL_STATIC_MEMORY_LEAN + /* check that padding size returned is possible */ + if (wolfSSL_MemoryPaddingSz() < WOLFSSL_STATIC_ALIGN) { + return WC_TEST_RET_ENC_NC; /* no room for wc_Memory struct */ + } + + ret = wolfSSL_MemoryPaddingSz(); + if (ret < 0) { + return WC_TEST_RET_ENC_EC(ret); + } + + if (wolfSSL_MemoryPaddingSz() % WOLFSSL_STATIC_ALIGN != 0) { + return WC_TEST_RET_ENC_NC; /* not aligned! */ + } + + /* check function to return optimum buffer size (rounded down) */ + ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_GENERAL); + if (ret < 0) { + return WC_TEST_RET_ENC_EC(ret); + } + if ((ret - pad) % WOLFSSL_STATIC_ALIGN != 0) { + return WC_TEST_RET_ENC_NC; /* not aligned! */ + } + + if ((unsigned int)ret > sizeof(buffer)) { + return WC_TEST_RET_ENC_NC; /* did not round down as expected */ + } + + if (ret != wolfSSL_StaticBufferSz(buffer, ret, WOLFMEM_GENERAL)) { + return WC_TEST_RET_ENC_NC; /* return value changed when using suggested + * value + */ + } + + ret = wolfSSL_MemoryPaddingSz(); + ret += pad; /* add space that is going to be needed if buffer not aligned */ + if (wolfSSL_StaticBufferSz(buffer, size[0] + ret + 1, WOLFMEM_GENERAL) != + (ret + (int)size[0])) { + return WC_TEST_RET_ENC_NC; /* did not round down to nearest bucket + * value + */ + } + + ret = wolfSSL_StaticBufferSz(buffer, sizeof(buffer), WOLFMEM_IO_POOL); + if ((ret - pad) < 0) { + return WC_TEST_RET_ENC_NC; + } + + if (((ret - pad) % (WOLFMEM_IO_SZ + wolfSSL_MemoryPaddingSz())) != 0) { + return WC_TEST_RET_ENC_NC; /* not even chunks of memory for IO size */ + } + + if (((ret - pad) % WOLFSSL_STATIC_ALIGN) != 0) { + return WC_TEST_RET_ENC_NC; /* memory not aligned */ + } + + /* check for passing bad or unknown arguments to functions */ + if (wolfSSL_StaticBufferSz(NULL, 1, WOLFMEM_GENERAL) > 0) { + return WC_TEST_RET_ENC_NC; + } + + if (wolfSSL_StaticBufferSz(buffer, 1, WOLFMEM_GENERAL) != 0) { + return WC_TEST_RET_ENC_NC; /* should round to 0 + since struct + bucket will not fit */ + } +#endif + + (void)pad; + (void)dist; /* avoid static analysis warning of variable not used */ +#endif + +#if defined(WOLFSSL_STATIC_MEMORY) || !defined(WOLFSSL_NO_MALLOC) + /* simple test */ + ret = simple_mem_test((size_t)MEM_TEST_SZ); + if (ret != 0) + return ret; +#endif + +#ifdef COMPLEX_MEM_TEST + /* test various size blocks */ + for (i = 1; i < MEM_TEST_SZ; i*=2) { + ret = simple_mem_test((size_t)i); + if (ret != 0) + return ret; + } +#endif + +#if !defined(USE_FAST_MATH) && !defined(WOLFSSL_NO_MALLOC) && defined(XREALLOC) + /* realloc test */ + { + byte *b = (byte*)XMALLOC(MEM_TEST_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + #ifndef WOLFSSL_NO_REALLOC + byte *c = NULL; + if (b) { + c = (byte*)XREALLOC(b, MEM_TEST_SZ+sizeof(word32), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (c) + b = c; + } + #endif + XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (b == NULL + #ifndef WOLFSSL_NO_REALLOC + || c == NULL + #endif + ) { + return WC_TEST_RET_ENC_ERRNO; + } + } +#endif + + if (ret == 0) { + /* This test is only interesting on embedded R/O Flash systems */ + if (const_byte_ptr_test(const_byte_array, &j) != CBPTR_EXPECTED) { + ret = 1; + } + if (ret != 0) + return WC_TEST_RET_ENC_NC; + } + + { + +#ifdef WOLFSSL_NO_ATOMICS + int a_int = WOLFSSL_ATOMIC_INITIALIZER(-2); + unsigned int a_uint = WOLFSSL_ATOMIC_INITIALIZER(2); +#else + wolfSSL_Atomic_Int a_int = WOLFSSL_ATOMIC_INITIALIZER(-2); + wolfSSL_Atomic_Uint a_uint = WOLFSSL_ATOMIC_INITIALIZER(2); +#endif + int int_expected; + unsigned int uint_expected; + void * a_ptr = NULL; + void * ptr_expected = NULL; + + if (WOLFSSL_ATOMIC_LOAD(a_int) != -2) + return WC_TEST_RET_ENC_NC; + if (WOLFSSL_ATOMIC_LOAD(a_uint) != 2) + return WC_TEST_RET_ENC_NC; + wolfSSL_Atomic_Int_Init(&a_int, -3); + if (WOLFSSL_ATOMIC_LOAD(a_int) != -3) + return WC_TEST_RET_ENC_NC; + wolfSSL_Atomic_Uint_Init(&a_uint, 3); + if (WOLFSSL_ATOMIC_LOAD(a_uint) != 3) + return WC_TEST_RET_ENC_NC; + WOLFSSL_ATOMIC_STORE(a_int, -4); + if (WOLFSSL_ATOMIC_LOAD(a_int) != -4) + return WC_TEST_RET_ENC_NC; + WOLFSSL_ATOMIC_STORE(a_uint, 4); + if (WOLFSSL_ATOMIC_LOAD(a_uint) != 4) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_Atomic_Int_FetchAdd(&a_int, 2) != -4) + return WC_TEST_RET_ENC_NC; + if (WOLFSSL_ATOMIC_LOAD(a_int) != -2) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_Atomic_Uint_FetchAdd(&a_uint, 2) != 4) + return WC_TEST_RET_ENC_NC; + if (WOLFSSL_ATOMIC_LOAD(a_uint) != 6) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_Atomic_Int_FetchSub(&a_int, 2) != -2) + return WC_TEST_RET_ENC_NC; + if (WOLFSSL_ATOMIC_LOAD(a_int) != -4) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_Atomic_Uint_FetchSub(&a_uint, 2) != 6) + return WC_TEST_RET_ENC_NC; + if (WOLFSSL_ATOMIC_LOAD(a_uint) != 4) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_Atomic_Int_AddFetch(&a_int, 2) != -2) + return WC_TEST_RET_ENC_NC; + if (WOLFSSL_ATOMIC_LOAD(a_int) != -2) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_Atomic_Uint_AddFetch(&a_uint, 2) != 6) + return WC_TEST_RET_ENC_NC; + if (WOLFSSL_ATOMIC_LOAD(a_uint) != 6) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_Atomic_Int_SubFetch(&a_int, 2) != -4) + return WC_TEST_RET_ENC_NC; + if (WOLFSSL_ATOMIC_LOAD(a_int) != -4) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_Atomic_Uint_SubFetch(&a_uint, 2) != 4) + return WC_TEST_RET_ENC_NC; + if (WOLFSSL_ATOMIC_LOAD(a_uint) != 4) + return WC_TEST_RET_ENC_NC; + + int_expected = -5; + if (wolfSSL_Atomic_Int_CompareExchange(&a_int, &int_expected, -7)) + return WC_TEST_RET_ENC_NC; + if (int_expected != -4) + return WC_TEST_RET_ENC_NC; + if (! wolfSSL_Atomic_Int_CompareExchange(&a_int, &int_expected, -7)) + return WC_TEST_RET_ENC_NC; + if (WOLFSSL_ATOMIC_LOAD(a_int) != -7) + return WC_TEST_RET_ENC_NC; + uint_expected = 5; + if (wolfSSL_Atomic_Uint_CompareExchange(&a_uint, &uint_expected, 7)) + return WC_TEST_RET_ENC_NC; + if (uint_expected != 4) + return WC_TEST_RET_ENC_NC; + if (! wolfSSL_Atomic_Uint_CompareExchange(&a_uint, &uint_expected, 7)) + return WC_TEST_RET_ENC_NC; + if (WOLFSSL_ATOMIC_LOAD(a_uint) != 7) + return WC_TEST_RET_ENC_NC; + + a_ptr = NULL; + ptr_expected = NULL; + if (! wolfSSL_Atomic_Ptr_CompareExchange(&a_ptr, &ptr_expected, &ret)) + return WC_TEST_RET_ENC_NC; + if (a_ptr != &ret) + return WC_TEST_RET_ENC_NC; + } + + return ret; +} + +#ifndef NO_FILESYSTEM + +/* Cert Paths */ +#ifdef FREESCALE_MQX + #define CERT_PREFIX "a:\\" + #define CERT_PATH_SEP "\\" +#elif defined(WOLFSSL_uTKERNEL2) + #define CERT_PREFIX "/uda/" + #define CERT_PATH_SEP "/" +#elif defined(_WIN32_WCE) + #define CERT_PREFIX "\\windows\\" + #define CERT_PATH_SEP "\\" +#elif defined(WOLFSSL_NDS) + #undef CERT_PREFIX + #ifndef WOLFSSL_MELONDS + #define CERT_PREFIX "fat:/_nds/" + #else + #define CERT_PREFIX "_nds/" + #endif + #define CERT_PATH_SEP "/" +#endif + +#ifndef CERT_PREFIX + #define CERT_PREFIX "./" +#endif +#ifndef CERT_PATH_SEP + #define CERT_PATH_SEP "/" +#endif +#ifndef CERT_WRITE_TEMP_DIR + #define CERT_WRITE_TEMP_DIR CERT_PREFIX +#endif + +#define CERT_ROOT CERT_PREFIX "certs" CERT_PATH_SEP + +/* Generated Test Certs */ +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) + #if !defined(NO_RSA) && !defined(NO_ASN) + static const char* clientKey = CERT_ROOT "client-key.der"; + static const char* clientCert = CERT_ROOT "client-cert.der"; + #ifdef WOLFSSL_CERT_EXT + static const char* clientKeyPub = CERT_ROOT "client-keyPub.der"; + #endif + #endif /* !NO_RSA && !NO_ASN */ +#endif +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + #if !defined(NO_RSA) && !defined(NO_ASN) + #if defined(WOLFSSL_CERT_GEN) || defined(HAVE_PKCS7) + static const char* rsaCaKeyFile = CERT_ROOT "ca-key.der"; + #ifdef WOLFSSL_CERT_GEN + static const char* rsaCaCertFile = CERT_ROOT "ca-cert.pem"; + #endif + #if (defined(WOLFSSL_ALT_NAMES) && !defined(WOLFSSL_NO_MALLOC)) || \ + defined(HAVE_PKCS7) + static const char* rsaCaCertDerFile = CERT_ROOT "ca-cert.der"; + #endif + #ifdef HAVE_PKCS7 + static const char* rsaServerCertDerFile = + CERT_ROOT "server-cert.der"; + static const char* rsaServerKeyDerFile = + CERT_ROOT "server-key.der"; + #endif + #endif + #endif /* !NO_RSA && !NO_ASN */ +#endif /* !USE_CERT_BUFFER_* */ +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) + #if !defined(NO_ASN) && !defined(NO_DH) + static const char* dhParamsFile = CERT_ROOT "dh2048.der"; + #endif +#endif +#if !defined(NO_ASN) && !defined(NO_DH) + #if defined(WOLFSSL_DH_EXTRA) && (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + #if !defined(USE_CERT_BUFFERS_2048) + static const char* dhKeyFile = CERT_ROOT "statickeys/dh-ffdhe2048.der"; + static const char* dhKeyPubFile = CERT_ROOT "statickeys/dh-ffdhe2048-pub.der"; + #endif + #endif +#endif +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + #ifndef NO_DSA + static const char* dsaKey = CERT_ROOT "dsa2048.der"; + #endif +#endif /* !USE_CERT_BUFFER_* */ +#if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ECC256) + #ifdef HAVE_ECC + /* cert files to be used in rsa cert gen test, check if RSA enabled */ + #ifdef HAVE_ECC_KEY_IMPORT + static const char* eccKeyDerFile = CERT_ROOT "ecc-key.der"; + #endif +#endif +#if !defined(USE_CERT_BUFFERS_256) && !defined(NO_ASN) + #if defined(HAVE_ECC) && defined(WOLFSSL_CERT_GEN) && \ + !defined(NO_ECC_SECP) + #ifndef NO_RSA + static const char* eccKeyPubFileDer = CERT_ROOT "ecc-keyPub.der"; + #endif + #if !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) + static const char* eccCaKeyFile = CERT_ROOT "ca-ecc-key.der"; + static const char* eccCaCertFile = CERT_ROOT "ca-ecc-cert.pem"; + #ifdef ENABLE_ECC384_CERT_GEN_TEST + static const char* eccCaKey384File = + CERT_ROOT "ca-ecc384-key.der"; + static const char* eccCaCert384File = + CERT_ROOT "ca-ecc384-cert.pem"; + #endif + #endif + #endif + #if defined(HAVE_PKCS7) && defined(HAVE_ECC) + static const char* eccClientKey = CERT_ROOT "ecc-client-key.der"; + static const char* eccClientCert = CERT_ROOT "client-ecc-cert.der"; + #endif + #endif /* HAVE_ECC */ + #ifdef HAVE_ED25519 + #ifdef WOLFSSL_TEST_CERT + static const char* serverEd25519Cert = + CERT_ROOT "ed25519/server-ed25519.der"; + static const char* caEd25519Cert = + CERT_ROOT "ed25519/ca-ed25519.der"; + #endif + #endif + #ifdef HAVE_ED448 + #ifdef WOLFSSL_TEST_CERT + static const char* serverEd448Cert = + CERT_ROOT "ed448/server-ed448.der"; + static const char* caEd448Cert = CERT_ROOT "ed448/ca-ed448.der"; + #endif + #endif +#endif /* !USE_CERT_BUFFER_* */ + +#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) + static const char* certExtNc = + CERT_ROOT "test" CERT_PATH_SEP "cert-ext-nc.der"; + static const char* certExtIa = + CERT_ROOT "test" CERT_PATH_SEP "cert-ext-ia.der"; + static const char* certExtNct = + CERT_ROOT "test" CERT_PATH_SEP "cert-ext-nct.der"; +#ifndef WOLFSSL_ASN_INT_LEAD_0_ANY + static const char* certBadNegInt = + CERT_ROOT "test" CERT_PATH_SEP "cert-bad-neg-int.der"; +#endif + static const char* certBadOid = + CERT_ROOT "test" CERT_PATH_SEP "cert-bad-oid.der"; +#if defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_NO_ASN_STRICT) + static const char* certBadUtf8 = + CERT_ROOT "test" CERT_PATH_SEP "cert-bad-utf8.der"; +#endif +#endif + +#ifndef NO_WRITE_TEMP_FILES +#ifdef HAVE_ECC + #ifndef NO_ECC_SECP + #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \ + !defined(WOLFSSL_NO_MALLOC) + static const char* certEccPemFile = CERT_WRITE_TEMP_DIR "certecc.pem"; + static const char* certEccDerFile = CERT_WRITE_TEMP_DIR "certecc.der"; + #endif + #if defined(WOLFSSL_CERT_GEN) && !defined(NO_RSA) + static const char* certEccRsaPemFile = CERT_WRITE_TEMP_DIR "certeccrsa.pem"; + static const char* certEccRsaDerFile = CERT_WRITE_TEMP_DIR "certeccrsa.der"; + #endif + #endif + #if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ASN_CRYPT) + static const char* eccCaKeyPemFile = CERT_WRITE_TEMP_DIR "ecc-key.pem"; + static const char* eccPubKeyDerFile = CERT_WRITE_TEMP_DIR "ecc-public-key.der"; + static const char* eccCaKeyTempFile = CERT_WRITE_TEMP_DIR "ecc-key.der"; + #if defined(HAVE_PKCS8) && !defined(WC_NO_RNG) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) + static const char* eccPkcs8KeyDerFile = CERT_WRITE_TEMP_DIR "ecc-key-pkcs8.der"; + #endif + #endif /* HAVE_ECC_KEY_EXPORT */ +#endif /* HAVE_ECC */ + +#ifndef NO_RSA + #if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \ + !defined(WOLFSSL_NO_MALLOC) + static const char* otherCertDerFile = CERT_WRITE_TEMP_DIR "othercert.der"; + static const char* certDerFile = CERT_WRITE_TEMP_DIR "cert.der"; + static const char* otherCertPemFile = CERT_WRITE_TEMP_DIR "othercert.pem"; + static const char* certPemFile = CERT_WRITE_TEMP_DIR "cert.pem"; + #if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC) + static const char* certReqDerFile = CERT_WRITE_TEMP_DIR "certreq.der"; + static const char* certReqPemFile = CERT_WRITE_TEMP_DIR "certreq.pem"; + #endif + #endif +#endif /* !NO_RSA */ + +#if !defined(NO_RSA) || !defined(NO_DSA) + #if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) + static const char* keyDerFile = CERT_WRITE_TEMP_DIR "key.der"; + static const char* keyPemFile = CERT_WRITE_TEMP_DIR "key.pem"; + #endif +#endif + +#endif /* !NO_WRITE_TEMP_FILES */ +#endif /* !NO_FILESYSTEM */ + + +#if defined(WOLFSSL_CERT_GEN) && (!defined(NO_RSA) || defined(HAVE_ECC)) || \ + (defined(WOLFSSL_TEST_CERT) && (defined(HAVE_ED25519) || defined(HAVE_ED448))) +static CertName certDefaultName; +static void initDefaultName(void) +{ +#if defined(WOLFSSL_MULTI_ATTRIB) && defined(WOLFSSL_TEST_CERT) + NameAttrib* n; +#endif + + XMEMCPY(certDefaultName.country, "US", sizeof("US")); + certDefaultName.countryEnc = CTC_PRINTABLE; + XMEMCPY(certDefaultName.state, "Oregon", sizeof("Oregon")); + certDefaultName.stateEnc = CTC_UTF8; + XMEMCPY(certDefaultName.street, "Main St", sizeof("Main St")); + certDefaultName.streetEnc = CTC_UTF8; + XMEMCPY(certDefaultName.locality, "Portland", sizeof("Portland")); + certDefaultName.localityEnc = CTC_UTF8; + XMEMCPY(certDefaultName.sur, "Test", sizeof("Test")); + certDefaultName.surEnc = CTC_UTF8; + XMEMCPY(certDefaultName.org, "wolfSSL", sizeof("wolfSSL")); + certDefaultName.orgEnc = CTC_UTF8; + XMEMCPY(certDefaultName.unit, "Development", sizeof("Development")); + certDefaultName.unitEnc = CTC_UTF8; + XMEMCPY(certDefaultName.commonName, "www.wolfssl.com", sizeof("www.wolfssl.com")); + certDefaultName.commonNameEnc = CTC_UTF8; + XMEMCPY(certDefaultName.serialDev, "wolfSSL12345", sizeof("wolfSSL12345")); + certDefaultName.serialDevEnc = CTC_PRINTABLE; + XMEMCPY(certDefaultName.postalCode, "12-456", sizeof("12-456")); + certDefaultName.postalCodeEnc = CTC_PRINTABLE; +#ifdef WOLFSSL_CERT_EXT + XMEMCPY(certDefaultName.busCat, "Private Organization", sizeof("Private Organization")); + certDefaultName.busCatEnc = CTC_UTF8; + XMEMCPY(certDefaultName.joiSt, "US", sizeof("US")); + certDefaultName.joiStEnc = CTC_PRINTABLE; + XMEMCPY(certDefaultName.joiC, "Oregon", sizeof("Oregon")); + certDefaultName.joiCEnc = CTC_PRINTABLE; +#endif + XMEMCPY(certDefaultName.email, "info@wolfssl.com", sizeof("info@wolfssl.com")); + XMEMCPY(certDefaultName.userId, "TestUserID", sizeof("TestUserID")); + certDefaultName.userIdEnc = CTC_PRINTABLE; + +#if defined(WOLFSSL_MULTI_ATTRIB) && defined(WOLFSSL_TEST_CERT) + /* test having additional OUs and setting DC */ + n = &certDefaultName.name[0]; + n->id = ASN_ORGUNIT_NAME; + n->type = CTC_UTF8; + n->sz = XSTRLEN("Development-2"); + XMEMCPY(n->value, "Development-2", sizeof("Development-2")); + + #if CTC_MAX_ATTRIB > 3 + n = &certDefaultName.name[1]; + n->id = ASN_DOMAIN_COMPONENT; + n->type = CTC_UTF8; + n->sz = XSTRLEN("com"); + XMEMCPY(n->value, "com", sizeof("com")); + + n = &certDefaultName.name[2]; + n->id = ASN_DOMAIN_COMPONENT; + n->type = CTC_UTF8; + n->sz = XSTRLEN("wolfssl"); + XMEMCPY(n->value, "wolfssl", sizeof("wolfssl")); + #endif +#endif /* WOLFSSL_MULTI_ATTRIB && WOLFSSL_TEST_CERT */ + +#ifdef WOLFSSL_CUSTOM_OID + /* TODO: Add test case for custom OID's */ +#endif +} + +#ifdef WOLFSSL_CERT_EXT + #if ((defined(HAVE_ED25519) || defined(HAVE_ED448)) && \ + defined(WOLFSSL_TEST_CERT)) || defined(HAVE_ECC) + WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage[] = + "digitalSignature,nonRepudiation"; + #endif + #if defined(WOLFSSL_CERT_REQ) && !defined(NO_RSA) && !defined(NO_ASN_TIME) + WOLFSSL_SMALL_STACK_STATIC const char certKeyUsage2[] = + "digitalSignature,nonRepudiation,keyEncipherment,keyAgreement"; + #endif +#endif /* WOLFSSL_CERT_EXT */ +#endif /* WOLFSSL_CERT_GEN */ + +#ifndef NO_RSA + +#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) +static const byte minSerial[] = { 0x02, 0x01, 0x01 }; +static const byte minName[] = { 0x30, 0x00 }; +static const byte nameBad[] = { + 0x30, 0x08, + 0x31, 0x06, + 0x30, 0x04, + 0x06, 0x02, + 0x55, 0x04, +}; +static const byte minDates[] = { + 0x30, 0x1e, + 0x17, 0x0d, + 0x31, 0x38, 0x30, 0x34, 0x31, 0x33, 0x31, 0x35, + 0x32, 0x33, 0x31, 0x30, 0x5a, + 0x17, 0x0d, + 0x32, 0x31, 0x30, 0x31, 0x30, 0x37, 0x31, 0x35, + 0x32, 0x33, 0x31, 0x30, 0x5a +}; +static const byte minPubKey[] = { + 0x30, 0x1c, + 0x30, 0x0d, + 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x01, + 0x05, 0x00, + 0x03, 0x0b, + 0x00, 0x30, 0x08, + 0x02, 0x01, + 0x03, + 0x02, 0x03, + 0x01, 0x00, 0x01 +}; +static const byte minSigAlg[] = { + 0x30, 0x0d, + 0x06, 0x09, + 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, + 0x0b, + 0x05, 0x00 +}; +static const byte minSig[] = { + 0x03, 0x01, + 0x00 +}; + +static int add_seq(byte* certData, int offset, byte* data, byte length) +{ + XMEMMOVE(certData + offset + 2, data, length); + certData[offset++] = 0x30; + certData[offset++] = length; + return offset + length; +} +static int add_data(byte* certData, int offset, const byte* data, byte length) +{ + XMEMCPY(certData + offset, data, length); + return offset + length; +} + +static wc_test_ret_t cert_asn1_test(void) +{ + wc_test_ret_t ret; + int len[3]; + DecodedCert cert; + byte certData[114]; + byte* badCert = NULL; + + len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial)); + len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg)); + len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName)); + len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates)); + len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName)); + len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey)); + len[1] = add_seq(certData, 0, certData, len[2]); + len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg)); + len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig)); + len[0] = add_seq(certData, 0, certData, len[1]); + + /* Minimal good certificate */ + InitDecodedCert(&cert, certData, len[0], 0); + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); + FreeDecodedCert(&cert); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + /* Bad issuer name */ + len[2] = add_data(certData, 0, minSerial, (byte)sizeof(minSerial)); + len[2] = add_data(certData, len[2], minSigAlg, (byte)sizeof(minSigAlg)); + len[2] = add_data(certData, len[2], nameBad, (byte)sizeof(nameBad)); + len[2] = add_data(certData, len[2], minDates, (byte)sizeof(minDates)); + len[2] = add_data(certData, len[2], minName, (byte)sizeof(minName)); + len[2] = add_data(certData, len[2], minPubKey, (byte)sizeof(minPubKey)); + len[1] = add_seq(certData, 0, certData, len[2]); + len[1] = add_data(certData, len[1], minSigAlg, (byte)sizeof(minSigAlg)); + len[1] = add_data(certData, len[1], minSig, (byte)sizeof(minSig)); + len[0] = add_seq(certData, 0, certData, len[1]); + /* Put data into allocated buffer to allow access error checking. */ + badCert = (byte*)XMALLOC(len[0], HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XMEMCPY(badCert, certData, len[0]); + InitDecodedCert(&cert, badCert, len[0], 0); + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); + FreeDecodedCert(&cert); + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + } + XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + badCert = NULL; + ret = 0; + +done: + XFREE(badCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} + +static wc_test_ret_t cert_load_bad(const char* fname, byte* tmp, int err) +{ + wc_test_ret_t ret; + DecodedCert cert; + XFILE file; + size_t bytes; + + if ((fname == NULL) || (tmp == NULL)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + file = XFOPEN(fname, "rb"); + if (!file) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); + FreeDecodedCert(&cert); + if (ret != err) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + } + ret = 0; + +done: + return ret; +} + +static wc_test_ret_t cert_bad_asn1_test(void) +{ + wc_test_ret_t ret = 0; + byte* tmp; + + tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + } + +#ifndef WOLFSSL_ASN_INT_LEAD_0_ANY + if (ret == 0) { + /* Serial number: 0xff 0xa8. 0xff and top bit set on next byte invalid. + */ + ret = cert_load_bad(certBadNegInt, tmp, ASN_EXPECT_0_E); + } +#endif + if (ret == 0) { + /* Subject name OID: 55 04 f4. Last byte with top bit set invalid. */ + ret = cert_load_bad(certBadOid, tmp, ASN_PARSE_E); + } +#if defined(WOLFSSL_ASN_TEMPLATE) && !defined(WOLFSSL_NO_ASN_STRICT) + if (ret == 0) { + /* Issuer name UTF8STRING: df 52 4e 44. Top bit of second byte not set. + */ + ret = cert_load_bad(certBadUtf8, tmp, ASN_PARSE_E); + } +#endif + + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void) +{ +#if !defined(NO_FILESYSTEM) + DecodedCert cert; + byte* tmp; + size_t bytes; + XFILE file; + wc_test_ret_t ret; + WOLFSSL_ENTER("cert_test"); + + + tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) + return WC_TEST_RET_ENC_ERRNO; + + /* Certificate with Name Constraints extension. */ + file = XFOPEN(certExtNc, "rb"); + if (!file) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + FreeDecodedCert(&cert); + + /* Certificate with Inhibit Any Policy extension. */ + file = XFOPEN(certExtIa, "rb"); + if (!file) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + FreeDecodedCert(&cert); + + /* Certificate with Netscape Certificate Type extension. */ + file = XFOPEN(certExtNct, "rb"); + if (!file) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, NULL); +#ifndef IGNORE_NETSCAPE_CERT_TYPE + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#else + if (ret != WC_NO_ERR_TRACE(ASN_CRIT_EXT_E)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + } + ret = 0; +#endif + +done: + FreeDecodedCert(&cert); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* !NO_FILESYSTEM */ + + if (ret == 0) + ret = cert_asn1_test(); + if (ret == 0) + ret = cert_bad_asn1_test(); + + return ret; +} +#endif /* WOLFSSL_TEST_CERT */ + +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void) +{ + DecodedCert cert; + byte* tmp; + size_t bytes; + XFILE file; + wc_test_ret_t ret; + + /* created from rsa_test : othercert.der */ + byte skid_rsa[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54" + "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0"; + + /* created from rsa_test : othercert.der */ + byte akid_rsa[] = "\x27\x8E\x67\x11\x74\xC3\x26\x1D\x3F\xED" + "\x33\x63\xB3\xA4\xD8\x1D\x30\xE5\xE8\xD5"; + +#ifdef HAVE_ECC + /* created from ecc_test_cert_gen : certecc.der */ +#ifdef ENABLE_ECC384_CERT_GEN_TEST + /* Authority key id from ./certs/ca-ecc384-cert.pem */ + byte akid_ecc[] = "\xAB\xE0\xC3\x26\x4C\x18\xD4\x72\xBB\xD2" + "\x84\x8C\x9C\x0A\x05\x92\x80\x12\x53\x52"; +#else + /* Authority key id from ./certs/ca-ecc-cert.pem */ + byte akid_ecc[] = "\x56\x8E\x9A\xC3\xF0\x42\xDE\x18\xB9\x45" + "\x55\x6E\xF9\x93\xCF\xEA\xC3\xF3\xA5\x21"; +#endif +#endif /* HAVE_ECC */ + + /* created from rsa_test : cert.der */ + byte kid_ca[] = "\x33\xD8\x45\x66\xD7\x68\x87\x18\x7E\x54" + "\x0D\x70\x27\x91\xC7\x26\xD7\x85\x65\xC0"; + WOLFSSL_ENTER("certext_test"); + + tmp = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) + return WC_TEST_RET_ENC_ERRNO; + + /* load othercert.der (Cert signed by an authority) */ + file = XFOPEN(otherCertDerFile, "rb"); + if (!file) { + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return WC_TEST_RET_ENC_ERRNO; + } + + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + return WC_TEST_RET_ENC_ERRNO; + + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* check the SKID from a RSA certificate */ + if ((sizeof(skid_rsa) - 1 != cert.extSubjKeyIdSz) || + (XMEMCMP(skid_rsa, cert.extSubjKeyId, cert.extSubjKeyIdSz))) + return WC_TEST_RET_ENC_NC; + + /* check the AKID from an RSA certificate */ + if ((sizeof(akid_rsa) - 1 != cert.extAuthKeyIdSz) || + (XMEMCMP(akid_rsa, cert.extAuthKeyId, cert.extAuthKeyIdSz))) + return WC_TEST_RET_ENC_NC; + + /* check the Key Usage from an RSA certificate */ + if (!cert.extKeyUsageSet) + return WC_TEST_RET_ENC_NC; + + if (cert.extKeyUsage != (KEYUSE_KEY_ENCIPHER|KEYUSE_KEY_AGREE)) + return WC_TEST_RET_ENC_NC; + + /* check the CA Basic Constraints from an RSA certificate */ + if (cert.isCA) + return WC_TEST_RET_ENC_NC; + +#ifndef WOLFSSL_SEP /* test only if not using SEP policies */ + /* check the Certificate Policies Id */ + if (cert.extCertPoliciesNb != 1) + return WC_TEST_RET_ENC_NC; + + if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23)) + return WC_TEST_RET_ENC_NC; +#endif + + FreeDecodedCert(&cert); + +#ifdef HAVE_ECC + /* load certecc.der (Cert signed by our ECC CA test in ecc_test_cert_gen) */ + file = XFOPEN(certEccDerFile, "rb"); + if (!file) { + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return WC_TEST_RET_ENC_ERRNO; + } + + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + return WC_TEST_RET_ENC_ERRNO; + + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* check the SKID from a ECC certificate - generated dynamically */ + + /* check the AKID from an ECC certificate */ + if ((sizeof(akid_ecc) - 1 != cert.extAuthKeyIdSz) || + (XMEMCMP(akid_ecc, cert.extAuthKeyId, cert.extAuthKeyIdSz))) + return WC_TEST_RET_ENC_NC; + + /* check the Key Usage from an ECC certificate */ + if (!cert.extKeyUsageSet) + return WC_TEST_RET_ENC_NC; + + if (cert.extKeyUsage != (KEYUSE_DIGITAL_SIG|KEYUSE_CONTENT_COMMIT)) + return WC_TEST_RET_ENC_NC; + + /* check the CA Basic Constraints from an ECC certificate */ + if (cert.isCA) + return WC_TEST_RET_ENC_NC; + +#ifndef WOLFSSL_SEP /* test only if not using SEP policies */ + /* check the Certificate Policies Id */ + if (cert.extCertPoliciesNb != 2) + return WC_TEST_RET_ENC_NC; + + if (strncmp(cert.extCertPolicies[0], "2.4.589440.587.101.2.1.9632587.1", 32)) + return WC_TEST_RET_ENC_NC; + + if (strncmp(cert.extCertPolicies[1], "1.2.13025.489.1.113549", 22)) + return WC_TEST_RET_ENC_NC; +#endif + + FreeDecodedCert(&cert); +#endif /* HAVE_ECC */ + + /* load cert.der (self signed certificate) */ + file = XFOPEN(certDerFile, "rb"); + if (!file) { + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return WC_TEST_RET_ENC_ERRNO; + } + + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + return WC_TEST_RET_ENC_ERRNO; + + InitDecodedCert(&cert, tmp, (word32)bytes, 0); + + ret = ParseCert(&cert, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* check the SKID from a CA certificate */ + if ((sizeof(kid_ca) - 1 != cert.extSubjKeyIdSz) || + (XMEMCMP(kid_ca, cert.extSubjKeyId, cert.extSubjKeyIdSz))) + return WC_TEST_RET_ENC_NC; + + /* check the AKID from an CA certificate */ + if ((sizeof(kid_ca) - 1 != cert.extAuthKeyIdSz) || + (XMEMCMP(kid_ca, cert.extAuthKeyId, cert.extAuthKeyIdSz))) + return WC_TEST_RET_ENC_NC; + + /* check the Key Usage from CA certificate */ + if (!cert.extKeyUsageSet) + return WC_TEST_RET_ENC_NC; + + if (cert.extKeyUsage != (KEYUSE_KEY_CERT_SIGN|KEYUSE_CRL_SIGN)) + return WC_TEST_RET_ENC_NC; + + /* check the CA Basic Constraints CA certificate */ + if (!cert.isCA) + return WC_TEST_RET_ENC_NC; + +#ifndef WOLFSSL_SEP /* test only if not using SEP policies */ + /* check the Certificate Policies Id */ + if (cert.extCertPoliciesNb != 2) + return WC_TEST_RET_ENC_NC; + + if (strncmp(cert.extCertPolicies[0], "2.16.840.1.101.3.4.1.42", 23)) + return WC_TEST_RET_ENC_NC; + + if (strncmp(cert.extCertPolicies[1], "1.2.840.113549.1.9.16.6.5", 25)) + return WC_TEST_RET_ENC_NC; +#endif + + FreeDecodedCert(&cert); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return 0; +} +#endif /* WOLFSSL_CERT_EXT && WOLFSSL_TEST_CERT && + !NO_FILESYSTEM && !NO_RSA && WOLFSSL_CERT_GEN */ + +#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void) +{ + wc_test_ret_t ret = 0; + Cert cert; + FILE* file; + byte* der; + word32 derSz; + WOLFSSL_ENTER("decodedCertCache_test"); + + derSz = FOURK_BUF; + der = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) + ret = WC_TEST_RET_ENC_NC; + + if (ret == 0) { + /* load cert.der */ + file = XFOPEN(certDerFile, "rb"); + if (file != NULL) { + derSz = (word32)XFREAD(der, 1, FOURK_BUF, file); + XFCLOSE(file); + if (derSz == 0) + ret = WC_TEST_RET_ENC_ERRNO; + + } + else + ret = WC_TEST_RET_ENC_ERRNO; + } + + if (ret == 0) { + ret = wc_InitCert_ex(&cert, HEAP_HINT, devId); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = wc_SetSubjectBuffer(&cert, der, derSz); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = wc_SetSubjectBuffer(NULL, der, derSz); + if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ret = 0; + else + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = wc_SetSubjectRaw(&cert, der, derSz); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = wc_SetSubjectRaw(NULL, der, derSz); + if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ret = 0; + else + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = wc_SetIssuerBuffer(&cert, der, derSz); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = wc_SetIssuerBuffer(NULL, der, derSz); + if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ret = 0; + else + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = wc_SetIssuerRaw(&cert, der, derSz); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = wc_SetIssuerRaw(NULL, der, derSz); + if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ret = 0; + else + ret = WC_TEST_RET_ENC_EC(ret); + } + +#ifdef WOLFSSL_ALT_NAMES + if (ret == 0) { + ret = wc_SetAltNamesBuffer(&cert, der, derSz); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = wc_SetAltNamesBuffer(NULL, der, derSz); + if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ret = 0; + else + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = wc_SetDatesBuffer(&cert, der, derSz); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = wc_SetDatesBuffer(NULL, der, derSz); + if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ret = 0; + else + ret = WC_TEST_RET_ENC_EC(ret); + } +#endif + + if (ret == 0) { + ret = wc_SetAuthKeyIdFromCert(&cert, der, derSz); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = wc_SetAuthKeyIdFromCert(NULL, der, derSz); + if (ret == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ret = 0; + else + ret = WC_TEST_RET_ENC_NC; + } + + wc_SetCert_Free(&cert); + if (ret == 0) { + if(cert.decodedCert != NULL) + ret = WC_TEST_RET_ENC_NC; + } + + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} +#endif /* defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) */ + +#define RSA_TEST_BYTES 512 /* up to 4096-bit key */ + +#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) +static wc_test_ret_t rsa_flatten_test(RsaKey* key) +{ + wc_test_ret_t ret; + byte e[RSA_TEST_BYTES]; + byte n[RSA_TEST_BYTES]; + word32 eSz = sizeof(e); + word32 nSz = sizeof(n); + + /* Parameter Validation testing. */ + ret = wc_RsaFlattenPublicKey(NULL, e, &eSz, n, &nSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_RsaFlattenPublicKey(key, NULL, &eSz, n, &nSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_RsaFlattenPublicKey(key, e, NULL, n, &nSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_RsaFlattenPublicKey(key, e, &eSz, NULL, &nSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + eSz = 0; + ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); + if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + + eSz = sizeof(e); + nSz = 0; + ret = wc_RsaFlattenPublicKey(key, e, &eSz, n, &nSz); + if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + + return 0; +} +#endif /* NO_ASN */ + +#if !defined(HAVE_FIPS) && !defined(NO_ASN) \ + && !defined(WOLFSSL_RSA_VERIFY_ONLY) +static wc_test_ret_t rsa_export_key_test(RsaKey* key) +{ + wc_test_ret_t ret; + byte e[3]; + word32 eSz = sizeof(e); + byte n[RSA_TEST_BYTES]; + word32 nSz = sizeof(n); + byte d[RSA_TEST_BYTES]; + word32 dSz = sizeof(d); + byte p[RSA_TEST_BYTES/2]; + word32 pSz = sizeof(p); + byte q[RSA_TEST_BYTES/2]; + word32 qSz = sizeof(q); + word32 zero = 0; + + ret = wc_RsaExportKey(NULL, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_RsaExportKey(key, NULL, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_RsaExportKey(key, e, NULL, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_RsaExportKey(key, e, &eSz, NULL, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_RsaExportKey(key, e, &eSz, n, NULL, d, &dSz, p, &pSz, q, &qSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, NULL, &dSz, p, &pSz, q, &qSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, NULL, p, &pSz, q, &qSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, NULL, &pSz, q, &qSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, NULL, q, &qSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, NULL, &qSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_RsaExportKey(key, e, &zero, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_RsaExportKey(key, e, &eSz, n, &zero, d, &dSz, p, &pSz, q, &qSz); + if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &zero, p, &pSz, q, &qSz); + if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &zero, q, &qSz); + if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &zero); + if (ret != WC_NO_ERR_TRACE(RSA_BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ + + ret = wc_RsaExportKey(key, e, &eSz, n, &nSz, d, &dSz, p, &pSz, q, &qSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + return 0; +} +#endif /* !HAVE_FIPS && !NO_ASN && !WOLFSSL_RSA_VERIFY_ONLY */ + +#if !defined(NO_SIG_WRAPPER) && !defined(NO_SHA256) +static wc_test_ret_t rsa_sig_test(RsaKey* key, word32 keyLen, int modLen, WC_RNG* rng) +{ + wc_test_ret_t ret; + word32 sigSz; + WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING; + WOLFSSL_SMALL_STACK_STATIC const byte hash[] = { + 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59, + 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe, + 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83, + 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f + }; + WOLFSSL_SMALL_STACK_STATIC const byte hashEnc[] = { + 0x30, 0x31, 0x30, 0x0d, 0x06, 0x09, 0x60, 0x86, + 0x48, 0x01, 0x65, 0x03, 0x04, 0x02, 0x01, 0x05, + 0x00, 0x04, 0x20, + + 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59, + 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe, + 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83, + 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f + }; + word32 inLen = (word32)XSTRLEN((char*)in); + byte out[RSA_TEST_BYTES]; + + /* Parameter Validation testing. */ + ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_NONE, key, keyLen); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, 0); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + sigSz = (word32)modLen; + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL, + inLen, out, &sigSz, key, keyLen, rng); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + 0, out, &sigSz, key, keyLen, rng); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, NULL, &sigSz, key, keyLen, rng); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, NULL, key, keyLen, rng); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, &sigSz, NULL, keyLen, rng); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, &sigSz, key, 0, rng); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, &sigSz, key, keyLen, NULL); +#if defined(WOLFSSL_AFALG_XILINX_RSA) || defined(WOLFSSL_XILINX_CRYPT) + /* blinding / rng handled with hardware acceleration */ + if (ret != 0) +#elif defined(WOLFSSL_ASYNC_CRYPT) || defined(WOLF_CRYPTO_CB) + /* async may not require RNG */ + #if defined(WOLF_CRYPTO_CB_ONLY_RSA) + if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) + #else + if (ret != 0 && ret != WC_NO_ERR_TRACE(MISSING_RNG_E)) + #endif +#elif defined(HAVE_FIPS) || !defined(WC_RSA_BLINDING) + /* FIPS140 implementation does not do blinding */ + if (ret != 0) +#elif defined(WOLFSSL_RSA_PUBLIC_ONLY) || defined(WOLFSSL_RSA_VERIFY_ONLY) + if (ret != WC_NO_ERR_TRACE(SIG_TYPE_E)) +#elif defined(WOLFSSL_CRYPTOCELL) || defined(WOLFSSL_SE050) + /* RNG is handled by hardware */ + if (ret != 0) +#else + if (ret != WC_NO_ERR_TRACE(MISSING_RNG_E)) +#endif + return WC_TEST_RET_ENC_EC(ret); + sigSz = 0; + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, &sigSz, key, keyLen, rng); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, NULL, + inLen, out, (word32)modLen, key, keyLen); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + 0, out, (word32)modLen, key, keyLen); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, NULL, (word32)modLen, key, keyLen); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, 0, key, keyLen); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, (word32)modLen, NULL, keyLen); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, (word32)modLen, key, 0); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + +#ifndef HAVE_ECC + ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, keyLen); + if (ret != WC_NO_ERR_TRACE(SIG_TYPE_E)) + return WC_TEST_RET_ENC_EC(ret); +#endif +#if defined(WOLF_CRYPTO_CB_ONLY_RSA) + return 0; +#endif + /* Use APIs. */ + ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA, key, keyLen); + if (ret != modLen) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_RSA_W_ENC, key, keyLen); + if (ret != modLen) + return WC_TEST_RET_ENC_EC(ret); + + sigSz = (word32)ret; +#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) && !defined(WOLFSSL_RSA_VERIFY_ONLY) + XMEMSET(out, 0, sizeof(out)); + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, &sigSz, key, keyLen, rng); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, (word32)modLen, key, keyLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + sigSz = (word32)sizeof(out); + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, + in, inLen, out, &sigSz, key, keyLen, rng); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, + in, inLen, out, (word32)modLen, key, keyLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Wrong signature type. */ + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, in, + inLen, out, (word32)modLen, key, keyLen); + if (ret == 0) + return WC_TEST_RET_ENC_EC(ret); + + /* check hash functions */ + sigSz = (word32)sizeof(out); + ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, + hash, (int)sizeof(hash), out, &sigSz, key, keyLen, rng); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, + hash, (int)sizeof(hash), out, (word32)modLen, key, keyLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + sigSz = (word32)sizeof(out); + ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, + hashEnc, (int)sizeof(hashEnc), out, &sigSz, key, keyLen, rng); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA_W_ENC, + hashEnc, (int)sizeof(hashEnc), out, (word32)modLen, key, keyLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); +#else + (void)hash; + (void)hashEnc; +#endif /* !WOLFSSL_RSA_PUBLIC_ONLY && !WOLFSSL_RSA_VERIFY_ONLY */ + + return 0; +} +#endif /* !NO_SIG_WRAPPER && !NO_SHA256 */ + +#ifdef WC_RSA_NONBLOCK +static wc_test_ret_t rsa_nb_test(RsaKey* key, const byte* in, word32 inLen, byte* out, + word32 outSz, byte* plain, word32 plainSz, WC_RNG* rng) +{ + wc_test_ret_t ret = 0; + int count; + int signSz = 0; + RsaNb nb; + byte* inlinePlain = NULL; + + /* Enable non-blocking RSA mode - provide context */ + ret = wc_RsaSetNonBlock(key, &nb); + if (ret != 0) + return ret; + +#ifdef WC_RSA_NONBLOCK_TIME + /* Enable time based RSA blocking. 8 microseconds max (3.1GHz) */ + ret = wc_RsaSetNonBlockTime(key, 8, 3100); + if (ret != 0) + return ret; +#endif + + count = 0; + do { + ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, rng); + count++; /* track number of would blocks */ + if (ret == FP_WOULDBLOCK) { + /* do "other" work here */ + } + } while (ret == FP_WOULDBLOCK); + if (ret < 0) { + return ret; + } +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK) + printf("RSA non-block sign: %d times\n", count); +#endif + signSz = ret; + + /* Test non-blocking verify */ + XMEMSET(plain, 0, plainSz); + count = 0; + do { + ret = wc_RsaSSL_Verify(out, (word32)signSz, plain, plainSz, key); + count++; /* track number of would blocks */ + if (ret == FP_WOULDBLOCK) { + /* do "other" work here */ + } + } while (ret == FP_WOULDBLOCK); + if (ret < 0) { + return ret; + } +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK) + printf("RSA non-block verify: %d times\n", count); +#endif + + if (signSz == ret && XMEMCMP(plain, in, (size_t)ret)) { + return SIG_VERIFY_E; + } + + /* Test inline non-blocking verify */ + count = 0; + do { + ret = wc_RsaSSL_VerifyInline(out, (word32)signSz, &inlinePlain, key); + count++; /* track number of would blocks */ + if (ret == FP_WOULDBLOCK) { + /* do "other" work here */ + } + } while (ret == FP_WOULDBLOCK); + if (ret < 0) { + return ret; + } +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK) + printf("RSA non-block inline verify: %d times\n", count); +#endif + + if (signSz == ret && XMEMCMP(inlinePlain, in, (size_t)ret)) { + return SIG_VERIFY_E; + } + + /* Disabling non-block RSA mode */ + ret = wc_RsaSetNonBlock(key, NULL); + + (void)count; + + return 0; +} +#endif + +#if !defined(NO_ASN) +static wc_test_ret_t rsa_decode_test(RsaKey* keyPub) +{ + wc_test_ret_t ret; + word32 inSz; + word32 inOutIdx; + WOLFSSL_SMALL_STACK_STATIC const byte n[2] = { 0x00, 0x23 }; + WOLFSSL_SMALL_STACK_STATIC const byte e[2] = { 0x00, 0x03 }; + WOLFSSL_SMALL_STACK_STATIC const byte good[] = { 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, + 0x03 }; + WOLFSSL_SMALL_STACK_STATIC const byte goodAlgId[] = { + 0x30, 0x18, 0x30, 0x16, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; + WOLFSSL_SMALL_STACK_STATIC const byte goodAlgIdNull[] = { + 0x30, 0x1a, 0x30, 0x18, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, + 0x02, 0x1, 0x03 }; + WOLFSSL_SMALL_STACK_STATIC const byte badAlgIdNull[] = { + 0x30, 0x1b, 0x30, 0x19, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x05, 0x01, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, + 0x02, 0x1, 0x03 }; + WOLFSSL_SMALL_STACK_STATIC const byte badNotBitString[] = { + 0x30, 0x18, 0x30, 0x16, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x04, 0x09, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; + WOLFSSL_SMALL_STACK_STATIC const byte badBitStringLen[] = { + 0x30, 0x18, 0x30, 0x16, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x03, 0x0a, 0x00, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; + WOLFSSL_SMALL_STACK_STATIC const byte badNoSeq[] = { + 0x30, 0x16, 0x30, 0x14, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x07, 0x00, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; + WOLFSSL_SMALL_STACK_STATIC const byte badNoObj[] = { + 0x30, 0x0f, 0x30, 0x0d, 0x05, 0x00, 0x03, 0x09, 0x00, 0x30, 0x06, + 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; + WOLFSSL_SMALL_STACK_STATIC const byte badIntN[] = { + 0x30, 0x06, 0x02, 0x05, 0x23, 0x02, 0x1, 0x03 }; + WOLFSSL_SMALL_STACK_STATIC const byte badNotIntE[] = { + 0x30, 0x06, 0x02, 0x01, 0x23, 0x04, 0x1, 0x03 }; + WOLFSSL_SMALL_STACK_STATIC const byte badLength[] = { + 0x30, 0x04, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; + WOLFSSL_SMALL_STACK_STATIC const byte badBitStrNoZero[] = { + 0x30, 0x17, 0x30, 0x15, + 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, + 0x03, 0x08, 0x30, 0x06, 0x02, 0x01, 0x23, 0x02, 0x1, 0x03 }; + + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Parameter Validation testing. */ + ret = wc_RsaPublicKeyDecodeRaw(NULL, sizeof(n), e, sizeof(e), keyPub); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), NULL, sizeof(e), keyPub); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_RsaPublicKeyDecodeRaw(n, (word32)-1, e, sizeof(e), keyPub); +#if defined(USE_INTEGER_HEAP_MATH) + if (ret != 0) +#else + if (ret != WC_NO_ERR_TRACE(ASN_GETINT_E)) +#endif + { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, (word32)-1, keyPub); +#if defined(USE_INTEGER_HEAP_MATH) + if (ret != 0) +#else + if (ret != WC_NO_ERR_TRACE(ASN_GETINT_E)) +#endif + { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Use API. */ + ret = wc_RsaPublicKeyDecodeRaw(n, sizeof(n), e, sizeof(e), keyPub); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Parameter Validation testing. */ + inSz = sizeof(good); + ret = wc_RsaPublicKeyDecode(NULL, &inOutIdx, keyPub, inSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_RsaPublicKeyDecode(good, NULL, keyPub, inSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_RsaPublicKeyDecode(good, &inOutIdx, NULL, inSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + + /* Use good data and offset to bad data. */ + inOutIdx = 2; + inSz = sizeof(good) - inOutIdx; + ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + inOutIdx = 2; + inSz = sizeof(goodAlgId) - inOutIdx; + ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + inOutIdx = 2; + inSz = sizeof(goodAlgId); + ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); +#ifndef WOLFSSL_NO_DECODE_EXTRA + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) +#else + if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E)) +#endif + { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + /* Try different bad data. */ + inSz = sizeof(badAlgIdNull); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badAlgIdNull, &inOutIdx, keyPub, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_EXPECT_0_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + inSz = sizeof(badNotBitString); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badNotBitString, &inOutIdx, keyPub, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_BITSTR_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + inSz = sizeof(badBitStringLen); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badBitStringLen, &inOutIdx, keyPub, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + inSz = sizeof(badNoSeq); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badNoSeq, &inOutIdx, keyPub, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + inSz = sizeof(badNoObj); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badNoObj, &inOutIdx, keyPub, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E) && + ret != WC_NO_ERR_TRACE(ASN_OBJECT_ID_E)) + { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + inSz = sizeof(badIntN); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badIntN, &inOutIdx, keyPub, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E) && + ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) + { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + inSz = sizeof(badNotIntE); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badNotIntE, &inOutIdx, keyPub, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_RSA_KEY_E) && + ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) + { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + /* TODO: Shouldn't pass as the sequence length is too small. */ + inSz = sizeof(badLength); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badLength, &inOutIdx, keyPub, inSz); +#ifndef WOLFSSL_ASN_TEMPLATE + if (ret != 0) +#else + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) +#endif + { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + /* TODO: Shouldn't ignore object id's data. */ + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + inSz = sizeof(badBitStrNoZero); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(badBitStrNoZero, &inOutIdx, keyPub, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_EXPECT_0_E) && + ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) + { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Valid data cases. */ + inSz = sizeof(good); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(good, &inOutIdx, keyPub, inSz); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + if (inOutIdx != inSz) { + ret = WC_TEST_RET_ENC_NC; + goto done; + } + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + inSz = sizeof(goodAlgId); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(goodAlgId, &inOutIdx, keyPub, inSz); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + if (inOutIdx != inSz) { + ret = WC_TEST_RET_ENC_NC; + goto done; + } + wc_FreeRsaKey(keyPub); + ret = wc_InitRsaKey(keyPub, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + inSz = sizeof(goodAlgIdNull); + inOutIdx = 0; + ret = wc_RsaPublicKeyDecode(goodAlgIdNull, &inOutIdx, keyPub, inSz); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + if (inOutIdx != inSz) { + ret = WC_TEST_RET_ENC_NC; + goto done; + } + +done: + wc_FreeRsaKey(keyPub); + return ret; +} +#endif + +#if defined(WC_RSA_PSS) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0)) && \ + !defined(WC_NO_RNG) +/* Need to create known good signatures to test with this. */ +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ +!defined(WOLF_CRYPTO_CB_ONLY_RSA) +static wc_test_ret_t rsa_pss_test(WC_RNG* rng, RsaKey* key) +{ + byte digest[WC_MAX_DIGEST_SIZE]; + wc_test_ret_t ret = 0; + const char inStr[] = TEST_STRING; + word32 inLen = (word32)TEST_STRING_SZ; + word32 outSz; + word32 plainSz; + word32 digestSz; + int i, j; +#ifdef RSA_PSS_TEST_WRONG_PARAMS + int k, l; +#endif +#ifndef WOLFSSL_SE050 + int len; +#endif + byte* plain; + int mgf[] = { +#ifndef NO_SHA + WC_MGF1SHA1, +#endif +#ifdef WOLFSSL_SHA224 + WC_MGF1SHA224, +#endif +#ifndef NO_SHA256 + WC_MGF1SHA256, +#endif +#ifdef WOLFSSL_SHA384 + WC_MGF1SHA384, +#endif +#ifdef WOLFSSL_SHA512 + WC_MGF1SHA512 +#endif + }; + enum wc_HashType hash[] = { +#ifndef NO_SHA + WC_HASH_TYPE_SHA, +#endif +#ifdef WOLFSSL_SHA224 + WC_HASH_TYPE_SHA224, +#endif +#ifndef NO_SHA256 + WC_HASH_TYPE_SHA256, +#endif +#ifdef WOLFSSL_SHA384 + WC_HASH_TYPE_SHA384, +#endif +#ifdef WOLFSSL_SHA512 + WC_HASH_TYPE_SHA512, +#endif + }; + + WC_DECLARE_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT); + WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); + WC_DECLARE_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT); + + WC_ALLOC_VAR(in, byte, RSA_TEST_BYTES, HEAP_HINT); + WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); + WC_ALLOC_VAR(sig, byte, RSA_TEST_BYTES, HEAP_HINT); + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + if (in == NULL || out == NULL || sig == NULL) + ERROR_OUT(MEMORY_E, exit_rsa_pss); +#endif + XMEMCPY(in, inStr, inLen); + + /* Test all combinations of hash and MGF. */ + for (j = 0; j < (int)(sizeof(hash)/sizeof(*hash)); j++) { + /* Calculate hash of message. */ + ret = wc_Hash(hash[j], in, inLen, digest, sizeof(digest)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); + digestSz = (word32)wc_HashGetDigestSize(hash[j]); + +#ifdef WOLFSSL_SE050 + /* SE050 only supports MGF matched to same hash type */ + i = j; +#else + for (i = 0; i < (int)(sizeof(mgf)/sizeof(*mgf)); i++) { +#endif + outSz = RSA_TEST_BYTES; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, + hash[j], mgf[i], -1, key, rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret <= 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); + outSz = (word32)ret; + + XMEMCPY(sig, out, outSz); + plain = NULL; + TEST_SLEEP(); + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[j], + mgf[i], -1, key); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret <= 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); + plainSz = (word32)ret; + TEST_SLEEP(); + +#if defined(HAVE_SELFTEST) && \ + (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)) + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, + hash[j], -1); +#elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2) + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, + hash[j], -1, 0); +#else + ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, + hash[j], -1, wc_RsaEncryptSize(key)*8, HEAP_HINT); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); + +#ifdef RSA_PSS_TEST_WRONG_PARAMS + for (k = 0; k < (int)(sizeof(mgf)/sizeof(*mgf)); k++) { + for (l = 0; l < (int)(sizeof(hash)/sizeof(*hash)); l++) { + if (i == k && j == l) + continue; + + XMEMCPY(sig, out, outSz); + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, + (byte**)&plain, hash[l], mgf[k], -1, key); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret >= 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); + } + } +#endif +#ifndef WOLFSSL_SE050 + } /* end mgf for loop */ +#endif + } + +/* SE050 generates salts internally only of hash length */ +#ifndef WOLFSSL_SE050 + /* Test that a salt length of zero works. */ + digestSz = (word32)wc_HashGetDigestSize(hash[0]); + outSz = RSA_TEST_BYTES; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0], + mgf[0], 0, key, rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret <= 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); + outSz = (word32)ret; + TEST_SLEEP(); + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_Verify_ex(out, outSz, sig, outSz, hash[0], mgf[0], + 0, key); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret <= 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); + plainSz = (word32)ret; + TEST_SLEEP(); + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { +#if defined(HAVE_SELFTEST) && \ + (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)) + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz, + hash[0], 0); +#elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2) + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, sig, plainSz, + hash[0], 0, 0); +#else + ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, sig, plainSz, + hash[0], 0, 0, HEAP_HINT); +#endif + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); + + XMEMCPY(sig, out, outSz); + plain = NULL; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0], + 0, key); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret <= 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); + plainSz = (word32)ret; + TEST_SLEEP(); + +#if defined(HAVE_SELFTEST) && \ + (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)) + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, + hash[0], 0); +#elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2) + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, + hash[0], 0, 0); +#else + ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0], + 0, 0, HEAP_HINT); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); + + /* Test bad salt lengths in various APIs. */ + digestSz = (word32)wc_HashGetDigestSize(hash[0]); + outSz = RSA_TEST_BYTES; +#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER + len = -2; +#else + len = -3; +#endif + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0], + mgf[0], len, key, rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_Sign_ex(digest, digestSz, out, outSz, hash[0], + mgf[0], (int)digestSz + 1, key, rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); + TEST_SLEEP(); + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], + mgf[0], -2, key); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); + TEST_SLEEP(); + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, + WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPSS_VerifyInline_ex(sig, outSz, &plain, hash[0], mgf[0], + (int)digestSz + 1, key); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); + TEST_SLEEP(); + +#ifndef WOLFSSL_PSS_SALT_LEN_DISCOVER + len = -2; +#else + len = -3; +#endif +#if defined(HAVE_SELFTEST) && \ + (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)) + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, + hash[0], len); +#elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2) + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, + hash[0], len, 0); +#else + ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0], + len, 0, HEAP_HINT); +#endif + if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); +#ifndef WOLFSSL_PSS_LONG_SALT + len = (int)(digestSz + 1); +#else + len = (int)(plainSz - digestSz - 1); +#endif +#if defined(HAVE_SELFTEST) && \ + (!defined(HAVE_SELFTEST_VERSION) || (HAVE_SELFTEST_VERSION < 2)) + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, + hash[0], len); + if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); +#elif defined(HAVE_SELFTEST) && (HAVE_SELFTEST_VERSION == 2) + ret = wc_RsaPSS_CheckPadding_ex(digest, digestSz, plain, plainSz, + hash[0], len, 0); + if (ret != WC_NO_ERR_TRACE(BAD_PADDING_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); +#else + ret = wc_RsaPSS_CheckPadding_ex2(digest, digestSz, plain, plainSz, hash[0], + len, 0, HEAP_HINT); + if (ret != WC_NO_ERR_TRACE(PSS_SALTLEN_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_pss); +#endif + + ret = 0; +#endif /* WOLFSSL_SE050 */ +exit_rsa_pss: + WC_FREE_VAR(sig, HEAP_HINT); + WC_FREE_VAR(in, HEAP_HINT); + WC_FREE_VAR(out, HEAP_HINT); + + return ret; +} +#endif /* !WOLFSSL_RSA_VERIFY_ONLY && !WOLFSSL_RSA_PUBLIC_ONLY */ +#endif /* WC_RSA_PSS && (!HAVE_FIPS || FIPS_VERSION_GE(5,0)) && !WC_NO_RNG */ + + +#ifdef WC_RSA_NO_PADDING +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void) +{ + WC_RNG rng; + byte* tmp = NULL; + size_t bytes; + wc_test_ret_t ret; + word32 inLen = 0; + word32 idx = 0; + word32 outSz = RSA_TEST_BYTES; + word32 plainSz = RSA_TEST_BYTES; +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ + !defined(NO_FILESYSTEM) + XFILE file; +#endif + WC_DECLARE_VAR(key, RsaKey, 1, HEAP_HINT); + WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); + WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); + + WC_ALLOC_VAR(key, RsaKey, 1, HEAP_HINT); + WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); + WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); + WOLFSSL_ENTER("rsa_no_pad_test"); + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + if (key == NULL || out == NULL || plain == NULL) + ERROR_OUT(MEMORY_E, exit_rsa_nopadding); +#endif + + /* initialize stack structures */ + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(key, 0, sizeof(RsaKey)); +#ifdef USE_CERT_BUFFERS_1024 + bytes = (size_t)sizeof_client_key_der_1024; + if (bytes < (size_t)sizeof_client_cert_der_1024) + bytes = (size_t)sizeof_client_cert_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + bytes = (size_t)sizeof_client_key_der_2048; + if (bytes < (size_t)sizeof_client_cert_der_2048) + bytes = (size_t)sizeof_client_cert_der_2048; +#else + bytes = FOURK_BUF; +#endif + + tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding); + } + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072); +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096); +#elif !defined(NO_FILESYSTEM) + file = XFOPEN(clientKey, "rb"); + if (!file) { + err_sys("can't open clientKey, Please run from wolfSSL home dir", + WC_TEST_RET_ENC_ERRNO); + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_nopadding); + } + + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_nopadding); +#else + /* No key to use. */ + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding); +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding); + } + ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding); + } + + /* after loading in key use tmp as the test buffer */ + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding); + } + +#ifndef WOLFSSL_RSA_VERIFY_ONLY + inLen = (word32)wc_RsaEncryptSize(key); + outSz = inLen; + plainSz = inLen; + XMEMSET(tmp, 7, inLen); + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaDirect(tmp, inLen, out, &outSz, key, + RSA_PRIVATE_ENCRYPT, &rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret <= 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding); + } + + /* encrypted result should not be the same as input */ + if (XMEMCMP(out, tmp, inLen) == 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding); + } + TEST_SLEEP(); + + /* decrypt with public key and compare result */ + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaDirect(out, outSz, plain, &plainSz, key, + RSA_PUBLIC_DECRYPT, &rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret <= 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding); + } + + if (XMEMCMP(plain, tmp, inLen) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding); + } + TEST_SLEEP(); +#endif + +#ifdef WC_RSA_BLINDING + ret = wc_RsaSetRNG(NULL, &rng); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding); + } + + ret = wc_RsaSetRNG(key, &rng); + if (ret < 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding); + } +#endif + + /* test encrypt and decrypt using WC_RSA_NO_PAD */ +#ifndef WOLFSSL_RSA_VERIFY_ONLY + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt_ex(tmp, inLen, out, outSz, key, &rng, + WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ + +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt_ex(out, outSz, plain, plainSz, key, + WC_RSA_NO_PAD, WC_HASH_TYPE_NONE, WC_MGF1NONE, NULL, 0); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding); + } + + if (XMEMCMP(plain, tmp, inLen) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_nopadding); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ + + /* test some bad arguments */ + ret = wc_RsaDirect(out, outSz, plain, &plainSz, key, -1, + &rng); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding); + } + + ret = wc_RsaDirect(out, outSz, plain, &plainSz, NULL, RSA_PUBLIC_DECRYPT, + &rng); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding); + } + + ret = wc_RsaDirect(out, outSz, NULL, &plainSz, key, RSA_PUBLIC_DECRYPT, + &rng); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E) || plainSz != inLen) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding); + } + + ret = wc_RsaDirect(out, outSz - 10, plain, &plainSz, key, + RSA_PUBLIC_DECRYPT, &rng); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_nopadding); + } + + /* if making it to this point of code without hitting an ERROR_OUT then + * all tests have passed */ + ret = 0; + +exit_rsa_nopadding: + wc_FreeRsaKey(key); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR(key, HEAP_HINT); + WC_FREE_VAR(out, HEAP_HINT); + WC_FREE_VAR(plain, HEAP_HINT); + wc_FreeRng(&rng); + + return ret; +} +#endif /* WC_RSA_NO_PADDING */ + +#if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH) +static wc_test_ret_t rsa_even_mod_test(WC_RNG* rng, RsaKey* key) +{ + byte* tmp = NULL; + size_t bytes; + wc_test_ret_t ret; + word32 inLen = 0; +#ifndef NO_ASN + word32 idx = 0; +#endif + word32 outSz = RSA_TEST_BYTES; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + word32 plainSz = RSA_TEST_BYTES; +#endif +#if !defined(USE_CERT_BUFFERS_2048) && !defined(USE_CERT_BUFFERS_3072) && \ + !defined(USE_CERT_BUFFERS_4096) && !defined(NO_FILESYSTEM) + XFILE file; +#endif + WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); +#endif + + WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); +#endif + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + if (out == NULL + #ifndef WOLFSSL_RSA_PUBLIC_ONLY + || plain == NULL + #endif + ) { + ERROR_OUT(MEMORY_E, exit_rsa_even_mod); + } +#endif + +#if defined(USE_CERT_BUFFERS_2048) + bytes = (size_t)sizeof_client_key_der_2048; + if (bytes < (size_t)sizeof_client_cert_der_2048) + bytes = (size_t)sizeof_client_cert_der_2048; +#else + bytes = FOURK_BUF; +#endif + + tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL + #ifdef WOLFSSL_ASYNC_CRYPT + || out == NULL || plain == NULL + #endif + ) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_even_mod); + } + +#if defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072); +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096); +#elif !defined(NO_FILESYSTEM) + file = XFOPEN(clientKey, "rb"); + if (!file) { + err_sys("can't open ./certs/client-key.der, " + "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO); + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_even_mod); + } + + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa_even_mod); +#else + /* No key to use. */ + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa_even_mod); +#endif /* USE_CERT_BUFFERS */ + +#ifndef NO_ASN + ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod); + } +#else + #ifdef USE_CERT_BUFFERS_2048 + ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod); + } + ret = mp_set_int(&key->e, WC_RSA_EXPONENT); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod); + } +#ifndef NO_SIG_WRAPPER + modLen = 2048; +#endif + #else + #error Not supported yet! + #endif +#endif + + key->n.dp[0] &= (mp_digit)-2; + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod); + } + + /* after loading in key use tmp as the test buffer */ +#if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \ + (defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM))) && \ + !defined(WOLFSSL_XILINX_CRYPT) + /* The ARM64_ASM code that was FIPS validated did not return these expected + * failure codes. These tests cases were added after the assembly was + * in-lined in the module and validated, these tests will be available in + * the 140-3 module */ +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) + inLen = 32; + outSz = wc_RsaEncryptSize(key); + XMEMSET(tmp, 7, plainSz); + ret = wc_RsaSSL_Sign(tmp, inLen, out, outSz, key, rng); + if (ret != WC_NO_ERR_TRACE(MP_VAL) && + ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) && + ret != WC_NO_ERR_TRACE(MP_INVMOD_E)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod); + } + + ret = wc_RsaSSL_Verify(out, outSz, tmp, inLen, key); + if (ret != WC_NO_ERR_TRACE(MP_VAL) && + ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod); + } +#endif + +#ifdef WC_RSA_BLINDING + ret = wc_RsaSetRNG(key, rng); + if (ret < 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod); + } +#endif + + /* test encrypt and decrypt using WC_RSA_NO_PAD */ +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) + ret = wc_RsaPublicEncrypt(tmp, inLen, out, (int)outSz, key, rng); + if (ret != WC_NO_ERR_TRACE(MP_VAL) && + ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod); + } +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ + +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + ret = wc_RsaPrivateDecrypt(out, outSz, plain, (int)plainSz, key); + if (ret != WC_NO_ERR_TRACE(MP_VAL) && + ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) && + ret != WC_NO_ERR_TRACE(MP_INVMOD_E)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa_even_mod); + } +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ +#endif /* !(HAVE_FIPS_VERSION == 2 && WOLFSSL_SP_ARMxx_ASM) */ + /* if making it to this point of code without hitting an ERROR_OUT then + * all tests have passed */ + ret = 0; + +exit_rsa_even_mod: + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR(out, HEAP_HINT); +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + WC_FREE_VAR(plain, HEAP_HINT); +#endif + + (void)out; + (void)outSz; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + (void)plain; + (void)plainSz; +#endif + (void)inLen; + (void)rng; + + return ret; +} +#endif /* WOLFSSL_HAVE_SP_RSA */ + +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) +static wc_test_ret_t rsa_certgen_test(RsaKey* key, RsaKey* keypub, WC_RNG* rng, byte* tmp) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef WOLFSSL_TEST_CERT + DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#else + RsaKey caKey[1]; +#ifdef WOLFSSL_TEST_CERT + DecodedCert decode[1]; +#endif +#endif + byte* der = NULL; + wc_test_ret_t ret; + Cert* myCert = NULL; + int certSz; + size_t bytes3; + word32 idx3 = 0; +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + XFILE file3; +#endif +#if defined(WOLFSSL_ALT_NAMES) && !defined(NO_ASN_TIME) + struct tm beforeTime; + struct tm afterTime; +#endif + const byte mySerial[8] = {1,2,3,4,5,6,7,8}; + + (void)keypub; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (caKey == NULL) + ERROR_OUT(MEMORY_E, exit_rsa); +#ifdef WOLFSSL_TEST_CERT + if (decode == NULL) + ERROR_OUT(MEMORY_E, exit_rsa); +#endif + +#endif + + XMEMSET(caKey, 0, sizeof *caKey); + + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); + } + myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (myCert == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); + } + + /* self signed */ + ret = wc_InitCert_ex(myCert, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + } + + XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); + XMEMCPY(myCert->serial, mySerial, sizeof(mySerial)); + myCert->serialSz = (int)sizeof(mySerial); + myCert->isCA = 1; +#ifndef NO_SHA256 + myCert->sigType = CTC_SHA256wRSA; +#else + myCert->sigType = CTC_SHAwRSA; +#endif + +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42", + CTC_MAX_CERTPOL_SZ); + XSTRNCPY(myCert->certPolicies[1], "1.2.840.113549.1.9.16.6.5", + CTC_MAX_CERTPOL_SZ); + myCert->certPoliciesNb = 2; + + /* add SKID from the Public Key */ + ret = wc_SetSubjectKeyIdFromPublicKey(myCert, keypub, NULL); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + } + + /* add AKID from the Public Key */ + ret = wc_SetAuthKeyIdFromPublicKey(myCert, keypub, NULL); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + } + + /* add Key Usage */ + ret = wc_SetKeyUsage(myCert,"cRLSign,keyCertSign"); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + } +#ifdef WOLFSSL_EKU_OID + { + const char unique[] = "2.16.840.1.111111.100.1.10.1"; + ret = wc_SetExtKeyUsageOID(myCert, unique, sizeof(unique), 0, + HEAP_HINT); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + } + } +#endif /* WOLFSSL_EKU_OID */ +#endif /* WOLFSSL_CERT_EXT */ + + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_MakeSelfCert(myCert, der, FOURK_BUF, key, rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + } + certSz = (int)ret; + +#ifdef WOLFSSL_TEST_CERT + InitDecodedCert(decode, der, certSz, HEAP_HINT); + ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(decode); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + } + FreeDecodedCert(decode); +#endif + + ret = SaveDerAndPem(der, certSz, certDerFile, certPemFile, + CERT_TYPE); + if (ret != 0) { + goto exit_rsa; + } + + /* Setup Certificate */ + ret = wc_InitCert_ex(myCert, HEAP_HINT, devId); + if (ret < 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + } +#if defined(WOLFSSL_ALT_NAMES) || defined(HAVE_PKCS7) + /* Get CA Cert for testing */ + #ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, ca_cert_der_1024, sizeof_ca_cert_der_1024); + bytes3 = sizeof_ca_cert_der_1024; + #elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, ca_cert_der_2048, sizeof_ca_cert_der_2048); + bytes3 = sizeof_ca_cert_der_2048; + #else + file3 = XFOPEN(rsaCaCertDerFile, "rb"); + if (!file3) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); + } + bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3); + XFCLOSE(file3); + if (bytes3 == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); + #endif /* USE_CERT_BUFFERS */ + + #if defined(WOLFSSL_ALT_NAMES) + #if !defined(NO_FILESYSTEM) && !defined(USE_CERT_BUFFERS_1024) && \ + !defined(USE_CERT_BUFFERS_2048) && !defined(NO_ASN) + ret = wc_SetAltNames(myCert, rsaCaCertFile); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + #endif + /* get alt names from der */ + ret = wc_SetAltNamesBuffer(myCert, tmp, (int)bytes3); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + /* get dates from der */ + ret = wc_SetDatesBuffer(myCert, tmp, (int)bytes3); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + #ifndef NO_ASN_TIME + ret = wc_GetCertDates(myCert, &beforeTime, &afterTime); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + #endif + #endif /* WOLFSSL_ALT_NAMES */ +#endif /* WOLFSSL_ALT_NAMES || HAVE_PKCS7 */ + + /* Get CA Key */ +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); + bytes3 = sizeof_ca_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); + bytes3 = sizeof_ca_key_der_2048; +#else + file3 = XFOPEN(rsaCaKeyFile, "rb"); + if (!file3) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); + } + + bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3); + XFCLOSE(file3); + if (bytes3 == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitRsaKey(caKey, HEAP_HINT); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + +#ifndef NO_SHA256 + myCert->sigType = CTC_SHA256wRSA; +#else + myCert->sigType = CTC_SHAwRSA; +#endif + + XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); + +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + XSTRNCPY(myCert->certPolicies[0], "2.16.840.1.101.3.4.1.42", + CTC_MAX_CERTPOL_SZ); + myCert->certPoliciesNb =1; + + /* add SKID from the Public Key */ + ret = wc_SetSubjectKeyIdFromPublicKey(myCert, key, NULL); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + /* add AKID from the CA certificate */ +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); +#else + ret = wc_SetAuthKeyId(myCert, rsaCaCertFile); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + /* add Key Usage */ + ret = wc_SetKeyUsage(myCert,"keyEncipherment,keyAgreement"); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); +#endif /* WOLFSSL_CERT_EXT */ + +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); +#else + ret = wc_SetIssuer(myCert, rsaCaCertFile); +#endif + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + certSz = wc_MakeCert(myCert, der, FOURK_BUF, key, NULL, rng); + if (certSz < 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(certSz), exit_rsa); + } + + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &caKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, FOURK_BUF, + caKey, NULL, rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + certSz = (int)ret; + +#ifdef WOLFSSL_TEST_CERT + InitDecodedCert(decode, der, certSz, HEAP_HINT); + ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(decode); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + } + FreeDecodedCert(decode); +#endif + + ret = SaveDerAndPem(der, certSz, otherCertDerFile, otherCertPemFile, + CERT_TYPE); + if (ret != 0) { + goto exit_rsa; + } + +exit_rsa: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (caKey != NULL) { + wc_FreeRsaKey(caKey); + XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#ifdef WOLFSSL_TEST_CERT + XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#else + wc_FreeRsaKey(caKey); +#endif + + XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} +#endif + +#if !defined(NO_RSA) && defined(HAVE_ECC) && !defined(NO_ECC_SECP) && \ + defined(WOLFSSL_CERT_GEN) +/* Make Cert / Sign example for ECC cert and RSA CA */ +static wc_test_ret_t rsa_ecc_certgen_test(WC_RNG* rng, byte* tmp) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + RsaKey *caKey = (RsaKey *)XMALLOC(sizeof *caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ecc_key *caEccKeyPub = (ecc_key *)XMALLOC(sizeof *caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef WOLFSSL_TEST_CERT + DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#else + RsaKey caKey[1]; + ecc_key caEccKey[1]; + ecc_key caEccKeyPub[1]; +#ifdef WOLFSSL_TEST_CERT + DecodedCert decode[1]; +#endif +#endif + byte* der = NULL; + Cert* myCert = NULL; + int certSz; + size_t bytes3; + word32 idx3 = 0; +#if (!defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048)) \ + || !defined(USE_CERT_BUFFERS_256) + #ifndef NO_FILESYSTEM + XFILE file3; + #endif +#endif + wc_test_ret_t ret; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((caKey == NULL) || (caEccKey == NULL) || (caEccKeyPub == NULL) +#ifdef WOLFSSL_TEST_CERT + || (decode == NULL) +#endif + ) + ERROR_OUT(MEMORY_E, exit_rsa); +#endif + + XMEMSET(caKey, 0, sizeof *caKey); + XMEMSET(caEccKey, 0, sizeof *caEccKey); + XMEMSET(caEccKeyPub, 0, sizeof *caEccKeyPub); + + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); + } + myCert = (Cert*)XMALLOC(sizeof(Cert), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (myCert == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); + } + + /* Get CA Key */ +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, ca_key_der_1024, sizeof_ca_key_der_1024); + bytes3 = sizeof_ca_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, ca_key_der_2048, sizeof_ca_key_der_2048); + bytes3 = sizeof_ca_key_der_2048; +#else + file3 = XFOPEN(rsaCaKeyFile, "rb"); + if (!file3) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); + } + + bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3); + XFCLOSE(file3); + if (bytes3 == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitRsaKey(caKey, HEAP_HINT); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + ret = wc_RsaPrivateKeyDecode(tmp, &idx3, caKey, (word32)bytes3); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + /* Get Cert Key */ + #if defined(USE_CERT_BUFFERS_256) + { + XMEMCPY(tmp, ecc_key_pub_der_256, sizeof_ecc_key_pub_der_256); + bytes3 = sizeof_ecc_key_pub_der_256; + } + #elif !defined(NO_FILESYSTEM) + { + file3 = XFOPEN(eccKeyPubFileDer, "rb"); + if (!file3) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); + } + + bytes3 = XFREAD(tmp, 1, FOURK_BUF, file3); + XFCLOSE(file3); + if (bytes3 == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); + } + #else + { + WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(1)"); + ERROR_OUT(ASN_PARSE_E, exit_rsa); + } + #endif + + ret = wc_ecc_init_ex(caEccKeyPub, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + idx3 = 0; + ret = wc_EccPublicKeyDecode(tmp, &idx3, caEccKeyPub, (word32)bytes3); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + /* Setup Certificate */ + ret = wc_InitCert_ex(myCert, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + +#ifndef NO_SHA256 + myCert->sigType = CTC_SHA256wRSA; +#else + myCert->sigType = CTC_SHAwRSA; +#endif + + XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); + +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1", + CTC_MAX_CERTPOL_SZ); + XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549", + CTC_MAX_CERTPOL_SZ); + myCert->certPoliciesNb = 2; + + /* add SKID from the Public Key */ + ret = wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, caEccKeyPub); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + /* add AKID from the CA certificate */ +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetAuthKeyIdFromCert(myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); +#else + ret = wc_SetAuthKeyId(myCert, rsaCaCertFile); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + /* add Key Usage */ + ret = wc_SetKeyUsage(myCert, certKeyUsage); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); +#endif /* WOLFSSL_CERT_EXT */ + +#if defined(USE_CERT_BUFFERS_2048) + ret = wc_SetIssuerBuffer(myCert, ca_cert_der_2048, + sizeof_ca_cert_der_2048); +#elif defined(USE_CERT_BUFFERS_1024) + ret = wc_SetIssuerBuffer(myCert, ca_cert_der_1024, + sizeof_ca_cert_der_1024); +#else + ret = wc_SetIssuer(myCert, rsaCaCertFile); +#endif + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, caEccKeyPub, rng); + if (certSz < 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(certSz), exit_rsa); + } + + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, + FOURK_BUF, caKey, NULL, rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + certSz = (int)ret; + +#ifdef WOLFSSL_TEST_CERT + InitDecodedCert(decode, der, certSz, 0); + ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(decode); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + } + FreeDecodedCert(decode); +#endif + + ret = SaveDerAndPem(der, certSz, certEccRsaDerFile, certEccRsaPemFile, + CERT_TYPE); + if (ret != 0) { + goto exit_rsa; + } + +exit_rsa: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (caKey != NULL) { + wc_FreeRsaKey(caKey); + XFREE(caKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (caEccKey != NULL) { + wc_ecc_free(caEccKey); + XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (caEccKeyPub != NULL) { + wc_ecc_free(caEccKeyPub); + XFREE(caEccKeyPub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#ifdef WOLFSSL_TEST_CERT + XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#else + wc_FreeRsaKey(caKey); + wc_ecc_free(caEccKey); + wc_ecc_free(caEccKeyPub); +#endif + + XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + myCert = NULL; + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; + + if (ret >= 0) + ret = 0; + return ret; +} +#endif /* !NO_RSA && HAVE_ECC && WOLFSSL_CERT_GEN */ + +#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) +static wc_test_ret_t rsa_keygen_test(WC_RNG* rng) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + RsaKey *genKey = (RsaKey *)XMALLOC(sizeof *genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + RsaKey genKey[1]; +#endif + wc_test_ret_t ret; +#ifndef WOLFSSL_NO_MALLOC + byte* der = NULL; +#else + byte der[1280]; +#endif +#ifndef WOLFSSL_CRYPTOCELL + word32 idx = 0; +#endif + int derSz = 0; +#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FIPS) && \ + (defined(RSA_MIN_SIZE) && (RSA_MIN_SIZE <= 1024)) + int keySz = 1024; +#else + int keySz = 2048; +#endif + +#ifdef WOLF_CRYPTO_CB_ONLY_RSA + if (devId == INVALID_DEVID) { + /* must call keygen with devId */ + return 0; + } +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (! genKey) + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa); +#endif + + XMEMSET(genKey, 0, sizeof *genKey); + + ret = wc_InitRsaKey_ex(genKey, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + +#ifdef HAVE_FIPS + for (;;) { +#endif + ret = wc_MakeRsaKey(genKey, keySz, WC_RSA_EXPONENT, rng); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &genKey->asyncDev, WC_ASYNC_FLAG_NONE); +#endif +#ifdef HAVE_FIPS + if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E)) + continue; + break; + } +#endif + + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + TEST_SLEEP(); + +#ifdef WOLFSSL_RSA_KEY_CHECK + ret = wc_CheckRsaKey(genKey); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); +#endif +#ifndef WOLFSSL_NO_MALLOC + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); + } + derSz = FOURK_BUF; +#else + derSz = sizeof(der); +#endif + derSz = wc_RsaKeyToDer(genKey, der, derSz); + if (derSz < 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa); + } + + ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile, + PRIVATEKEY_TYPE); + if (ret != 0) { + goto exit_rsa; + } + + wc_FreeRsaKey(genKey); + ret = wc_InitRsaKey(genKey, HEAP_HINT); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + +#ifndef WOLFSSL_CRYPTOCELL + idx = 0; + /* The private key part of the key gen pairs from cryptocell can't be exported */ + ret = wc_RsaPrivateKeyDecode(der, &idx, genKey, (word32)derSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); +#endif /* WOLFSSL_CRYPTOCELL */ + +exit_rsa: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (genKey) { + wc_FreeRsaKey(genKey); + XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_FreeRsaKey(genKey); +#endif + +#ifndef WOLFSSL_NO_MALLOC + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; +#endif + + return ret; +} +#endif + +#ifndef WOLFSSL_RSA_VERIFY_ONLY +#if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) && \ + (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \ + && !defined(WOLF_CRYPTO_CB_ONLY_RSA) +static wc_test_ret_t rsa_oaep_padding_test(RsaKey* key, WC_RNG* rng) +{ + wc_test_ret_t ret = 0; + word32 idx = 0; + const char inStr[] = TEST_STRING; + const word32 inLen = (word32)TEST_STRING_SZ; + const word32 outSz = RSA_TEST_BYTES; + const word32 plainSz = RSA_TEST_BYTES; + byte* res = NULL; + + WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT); + WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); + WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); + + WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT); + WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); + WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + if (in == NULL || out == NULL || plain == NULL) + ERROR_OUT(MEMORY_E, exit_rsa); +#endif + + XMEMCPY(in, inStr, inLen); + +#ifndef NO_SHA + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + + if (ret >= 0) { + ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + TEST_SLEEP(); + +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + idx = (word32)ret; + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, NULL, 0); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + if (XMEMCMP(plain, in, inLen)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); + } + TEST_SLEEP(); + #endif /* NO_SHA */ +#endif + + #ifndef NO_SHA256 + XMEMSET(plain, 0, plainSz); + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + TEST_SLEEP(); + + idx = (word32)ret; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + if (XMEMCMP(plain, in, inLen)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ + +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPrivateDecryptInline_ex(out, idx, &res, key, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + if (ret != (int)inLen) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); + } + if (XMEMCMP(res, in, inLen)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ + + /* check fails if not using the same optional label */ + XMEMSET(plain, 0, plainSz); + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, NULL, 0); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + TEST_SLEEP(); + +/* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */ +#if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) + /* label is unused in cryptocell and SE050 so it won't detect decrypt error + * due to label */ + idx = (word32)ret; + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret > 0) { /* in this case decrypt should fail */ + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); + } + ret = 0; + TEST_SLEEP(); +#endif /* !HAVE_CAVIUM */ + + /* check using optional label with encrypt/decrypt */ + XMEMSET(plain, 0, plainSz); + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + TEST_SLEEP(); + + idx = (word32)ret; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, in, inLen); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + if (XMEMCMP(plain, in, inLen)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ + + #ifndef NO_SHA + /* check fail using mismatch hash algorithms */ + XMEMSET(plain, 0, plainSz); + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA, WC_MGF1SHA1, in, inLen); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + TEST_SLEEP(); + +/* TODO: investigate why Cavium Nitrox doesn't detect decrypt error here */ +#if !defined(HAVE_CAVIUM) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLFSSL_SE050) + idx = (word32)ret; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA256, WC_MGF1SHA256, + in, inLen); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret > 0) { /* should fail */ + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); + } + ret = 0; + TEST_SLEEP(); + #endif /* !HAVE_CAVIUM */ + #endif /* NO_SHA */ +#endif /* NO_SHA256 */ + +#ifdef WOLFSSL_SHA512 + /* Check valid RSA key size is used while using hash length of SHA512 + If key size is less than (hash length * 2) + 2 then is invalid use + and test, since OAEP padding requires this. + BAD_FUNC_ARG is returned when this case is not met */ + if (wc_RsaEncryptSize(key) > ((int)WC_SHA512_DIGEST_SIZE * 2) + 2) { + XMEMSET(plain, 0, plainSz); + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + TEST_SLEEP(); + + idx = (word32)ret; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key, + WC_RSA_OAEP_PAD, WC_HASH_TYPE_SHA512, WC_MGF1SHA512, NULL, 0); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + if (XMEMCMP(plain, in, inLen)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ + } +#endif /* WOLFSSL_SHA512 */ + + /* check using pkcsv15 padding with _ex API */ + XMEMSET(plain, 0, plainSz); + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt_ex(in, inLen, out, outSz, key, rng, + WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + TEST_SLEEP(); + + idx = (word32)ret; +#ifndef WOLFSSL_RSA_PUBLIC_ONLY + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt_ex(out, idx, plain, plainSz, key, + WC_RSA_PKCSV15_PAD, WC_HASH_TYPE_NONE, 0, NULL, 0); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + if (XMEMCMP(plain, in, inLen)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); + } + TEST_SLEEP(); +#endif /* WOLFSSL_RSA_PUBLIC_ONLY */ + +exit_rsa: + WC_FREE_VAR(in, HEAP_HINT); + WC_FREE_VAR(out, HEAP_HINT); + WC_FREE_VAR(plain, HEAP_HINT); + + (void)idx; + (void)inStr; + (void)res; + + if (ret >= 0) + ret = 0; + + return ret; + +} +#endif +#endif + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void) +{ + wc_test_ret_t ret; + size_t bytes = 0; + WC_RNG rng; +#if !defined(WOLFSSL_NO_MALLOC) + byte* der = NULL; +#endif +#if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC) + Cert *req = NULL; +#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* tmp = NULL; + RsaKey *key = NULL; +#else + RsaKey key[1]; + byte tmp[FOURK_BUF]; +#endif +#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + RsaKey *keypub = NULL; +#else + RsaKey keypub[1]; +#endif +#endif + word32 idx = 0; + const char inStr[] = TEST_STRING; + const word32 inLen = (word32)TEST_STRING_SZ; + const word32 outSz = RSA_TEST_BYTES; + const word32 plainSz = RSA_TEST_BYTES; + byte* res = NULL; +#ifndef NO_SIG_WRAPPER + int modLen; +#endif +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ + !defined(NO_FILESYSTEM) + XFILE file; +#ifdef WOLFSSL_TEST_CERT + XFILE file2; +#endif +#endif +#ifdef WOLFSSL_TEST_CERT +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + DecodedCert *cert = (DecodedCert *)XMALLOC(sizeof *cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + DecodedCert cert[1]; +#endif +#ifndef NO_ASN_TIME + struct tm timearg; + const byte* date; + byte dateFormat; + int dateLength; +#endif +#endif + + WC_DECLARE_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT); + WC_DECLARE_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); + WC_DECLARE_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); + + WC_ALLOC_VAR(in, byte, TEST_STRING_SZ, HEAP_HINT); + WC_ALLOC_VAR(out, byte, RSA_TEST_BYTES, HEAP_HINT); + WC_ALLOC_VAR(plain, byte, RSA_TEST_BYTES, HEAP_HINT); + + WOLFSSL_ENTER("rsa_test"); + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + if (in == NULL || out == NULL || plain == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa); +#endif + + XMEMCPY(in, inStr, inLen); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + key = wc_NewRsaKey(HEAP_HINT, devId, &ret); + if (key == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); +#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) + keypub = wc_NewRsaKey(HEAP_HINT, devId, &ret); + if (keypub == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); +#endif +#ifdef WOLFSSL_TEST_CERT + if (cert == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_rsa); +#endif + +#else /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */ + + ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); +#if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) + ret = wc_InitRsaKey_ex(keypub, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); +#endif + +#endif /* ! (WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC) */ + + /* initialize stack structures */ + XMEMSET(&rng, 0, sizeof(rng)); + +#if !defined(NO_ASN) + ret = rsa_decode_test(key); + if (ret != 0) + ERROR_OUT(ret, exit_rsa); +#endif + +#ifdef USE_CERT_BUFFERS_1024 + bytes = (size_t)sizeof_client_key_der_1024; + if (bytes < (size_t)sizeof_client_cert_der_1024) + bytes = (size_t)sizeof_client_cert_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + bytes = (size_t)sizeof_client_key_der_2048; + if (bytes < (size_t)sizeof_client_cert_der_2048) + bytes = (size_t)sizeof_client_cert_der_2048; +#elif defined(USE_CERT_BUFFERS_3072) + bytes = (size_t)sizeof_client_key_der_3072; + if (bytes < (size_t)sizeof_client_cert_der_3072) + bytes = (size_t)sizeof_client_cert_der_3072; +#elif defined(USE_CERT_BUFFERS_4096) + bytes = (size_t)sizeof_client_key_der_4096; + if (bytes < (size_t)sizeof_client_cert_der_4096) + bytes = (size_t)sizeof_client_cert_der_4096; +#else + bytes = FOURK_BUF; +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); +#endif + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072); +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096); +#elif !defined(NO_FILESYSTEM) + file = XFOPEN(clientKey, "rb"); + if (!file) { + err_sys("can't open ./certs/client-key.der, " + "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO); + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); + } + + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); +#else + /* No key to use. */ + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); +#ifndef NO_ASN + ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); +#ifndef NO_SIG_WRAPPER + modLen = wc_RsaEncryptSize(key); +#endif +#else + #ifdef USE_CERT_BUFFERS_2048 + ret = mp_read_unsigned_bin(&key->n, &tmp[12], 256); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + ret = mp_set_int(&key->e, WC_RSA_EXPONENT); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); +#ifndef NO_SIG_WRAPPER + modLen = 2048; +#endif + #else + #error Not supported yet! + #endif +#endif + +#ifndef WC_NO_RNG +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); +#endif + +#ifndef NO_SIG_WRAPPER +#ifndef NO_SHA256 + ret = rsa_sig_test(key, sizeof *key, modLen, &rng); + if (ret != 0) + goto exit_rsa; +#else /* NO_SHA256 */ + (void)modLen; +#endif /* NO_SHA256 */ +#endif /* !NO_SIG_WRAPPER */ + +#ifdef WC_RSA_NONBLOCK + ret = rsa_nb_test(key, in, inLen, out, outSz, plain, plainSz, &rng); + if (ret != 0) + goto exit_rsa; +#endif + +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_RSA) + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPublicEncrypt(in, inLen, out, outSz, key, &rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + TEST_SLEEP(); + +#ifdef WC_RSA_BLINDING + { + wc_test_ret_t tmpret = ret; + ret = wc_RsaSetRNG(key, &rng); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + ret = tmpret; + } +#endif + + idx = (word32)ret; /* save off encrypted length */ + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPrivateDecrypt(out, idx, plain, plainSz, key); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + if (XMEMCMP(plain, in, inLen)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); + } + TEST_SLEEP(); + + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaPrivateDecryptInline(out, idx, &res, key); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + if (ret != (int)inLen) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); + } + if (XMEMCMP(res, in, inLen)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); + } + TEST_SLEEP(); + + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { + ret = wc_RsaSSL_Sign(in, inLen, out, outSz, key, &rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + TEST_SLEEP(); + +#elif defined(WOLFSSL_PUBLIC_MP) + { + static const byte signature_2048[] = { + 0x07, 0x6f, 0xc9, 0x85, 0x73, 0x9e, 0x21, 0x79, + 0x47, 0xf1, 0xa3, 0xd7, 0xf4, 0x27, 0x29, 0xbe, + 0x99, 0x5d, 0xac, 0xb2, 0x10, 0x3f, 0x95, 0xda, + 0x89, 0x23, 0xb8, 0x96, 0x13, 0x57, 0x72, 0x30, + 0xa1, 0xfe, 0x5a, 0x68, 0x9c, 0x99, 0x9d, 0x1e, + 0x05, 0xa4, 0x80, 0xb0, 0xbb, 0xd9, 0xd9, 0xa1, + 0x69, 0x97, 0x74, 0xb3, 0x41, 0x21, 0x3b, 0x47, + 0xf5, 0x51, 0xb1, 0xfb, 0xc7, 0xaa, 0xcc, 0xdc, + 0xcd, 0x76, 0xa0, 0x28, 0x4d, 0x27, 0x14, 0xa4, + 0xb9, 0x41, 0x68, 0x7c, 0xb3, 0x66, 0xe6, 0x6f, + 0x40, 0x76, 0xe4, 0x12, 0xfd, 0xae, 0x29, 0xb5, + 0x63, 0x60, 0x87, 0xce, 0x49, 0x6b, 0xf3, 0x05, + 0x9a, 0x14, 0xb5, 0xcc, 0xcd, 0xf7, 0x30, 0x95, + 0xd2, 0x72, 0x52, 0x1d, 0x5b, 0x7e, 0xef, 0x4a, + 0x02, 0x96, 0x21, 0x6c, 0x55, 0xa5, 0x15, 0xb1, + 0x57, 0x63, 0x2c, 0xa3, 0x8e, 0x9d, 0x3d, 0x45, + 0xcc, 0xb8, 0xe6, 0xa1, 0xc8, 0x59, 0xcd, 0xf5, + 0xdc, 0x0a, 0x51, 0xb6, 0x9d, 0xfb, 0xf4, 0x6b, + 0xfd, 0x32, 0x71, 0x6e, 0xcf, 0xcb, 0xb3, 0xd9, + 0xe0, 0x4a, 0x77, 0x34, 0xd6, 0x61, 0xf5, 0x7c, + 0xf9, 0xa9, 0xa4, 0xb0, 0x8e, 0x3b, 0xd6, 0x04, + 0xe0, 0xde, 0x2b, 0x5b, 0x5a, 0xbf, 0xd9, 0xef, + 0x8d, 0xa3, 0xf5, 0xb1, 0x67, 0xf3, 0xb9, 0x72, + 0x0a, 0x37, 0x12, 0x35, 0x6c, 0x8e, 0x10, 0x8b, + 0x38, 0x06, 0x16, 0x4b, 0x20, 0x20, 0x13, 0x00, + 0x2e, 0x6d, 0xc2, 0x59, 0x23, 0x67, 0x4a, 0x6d, + 0xa1, 0x46, 0x8b, 0xee, 0xcf, 0x44, 0xb4, 0x3e, + 0x56, 0x75, 0x00, 0x68, 0xb5, 0x7d, 0x0f, 0x20, + 0x79, 0x5d, 0x7f, 0x12, 0x15, 0x32, 0x89, 0x61, + 0x6b, 0x29, 0xb7, 0x52, 0xf5, 0x25, 0xd8, 0x98, + 0xe8, 0x6f, 0xf9, 0x22, 0xb4, 0xbb, 0xe5, 0xff, + 0xd0, 0x92, 0x86, 0x9a, 0x88, 0xa2, 0xaf, 0x6b + }; + ret = sizeof(signature_2048); + XMEMCPY(out, signature_2048, ret); + } +#endif + +#if !defined(WC_NO_RNG) && !defined(WC_NO_RSA_OAEP) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) && defined(WOLFSSL_PUBLIC_MP) && \ + !defined(WOLF_CRYPTO_CB_ONLY_RSA) + idx = (word32)ret; + XMEMSET(plain, 0, plainSz); + do { +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); +#endif + if (ret >= 0) { +#ifndef WOLFSSL_RSA_VERIFY_INLINE + +#if defined(WOLFSSL_CRYPTOCELL) + /* + Cryptocell requires the input data and signature byte array to verify. + + first argument must be the input data + second argument must be the length of input data + third argument must be the signature byte array or the output from + wc_RsaSSL_Sign() + fourth argument must be the length of the signature byte array + */ + + ret = wc_RsaSSL_Verify(in, inLen, out, outSz, key); +#else + ret = wc_RsaSSL_Verify(out, idx, plain, plainSz, key); +#endif /* WOLFSSL_CRYPTOCELL */ +#else + byte* dec = NULL; + ret = wc_RsaSSL_VerifyInline(out, idx, &dec, key); + if (ret > 0) { + XMEMCPY(plain, dec, ret); + } +#endif + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + if (XMEMCMP(plain, in, (size_t)ret)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); + } + TEST_SLEEP(); +#endif + +#ifndef WOLFSSL_RSA_VERIFY_ONLY + #if !defined(WC_NO_RSA_OAEP) && !defined(WC_NO_RNG) + #if (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 2))) \ + && !defined(WOLF_CRYPTO_CB_ONLY_RSA) + ret = rsa_oaep_padding_test(key, &rng); + if (ret != 0) + goto exit_rsa; + + #endif /* !HAVE_FIPS */ + #endif /* WC_NO_RSA_OAEP && !WC_NO_RNG */ +#endif /* WOLFSSL_RSA_VERIFY_ONLY */ + +#if !defined(HAVE_FIPS) && !defined(NO_ASN) \ + && !defined(WOLFSSL_RSA_VERIFY_ONLY) + ret = rsa_export_key_test(key); + if (ret != 0) + goto exit_rsa; +#endif + +#if !defined(NO_ASN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) + ret = rsa_flatten_test(key); + if (ret != 0) + goto exit_rsa; +#endif + +#if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_ASN) && \ + !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) + (void)clientCert; +#endif + +#ifdef WOLFSSL_TEST_CERT + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_cert_der_1024, (size_t)sizeof_client_cert_der_1024); + bytes = (size_t)sizeof_client_cert_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_cert_der_2048, (size_t)sizeof_client_cert_der_2048); + bytes = (size_t)sizeof_client_cert_der_2048; +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, client_cert_der_3072, (size_t)sizeof_client_cert_der_3072); + bytes = (size_t)sizeof_client_cert_der_3072; +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, client_cert_der_4096, (size_t)sizeof_client_cert_der_4096); + bytes = (size_t)sizeof_client_cert_der_4096; +#elif !defined(NO_FILESYSTEM) + file2 = XFOPEN(clientCert, "rb"); + if (!file2) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); + } + + bytes = XFREAD(tmp, 1, FOURK_BUF, file2); + XFCLOSE(file2); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); +#else + /* No certificate to use. */ + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_rsa); +#endif + + InitDecodedCert(cert, tmp, (word32)bytes, NULL); + + ret = ParseCert(cert, CERT_TYPE, NO_VERIFY, NULL); + if (ret != 0) { + FreeDecodedCert(cert); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + } + +#ifndef NO_ASN_TIME + ret = wc_GetDateInfo(cert->afterDate, cert->afterDateLen, &date, + &dateFormat, &dateLength); + if (ret != 0) { + FreeDecodedCert(cert); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + } + ret = wc_GetDateAsCalendarTime(date, dateLength, dateFormat, &timearg); + if (ret != 0) { + FreeDecodedCert(cert); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + } +#endif + + FreeDecodedCert(cert); +#endif /* WOLFSSL_TEST_CERT */ + +#ifdef WOLFSSL_CERT_EXT + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); + bytes = sizeof_client_keypub_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); + bytes = sizeof_client_keypub_der_2048; +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, client_keypub_der_3072, sizeof_client_keypub_der_3072); + bytes = sizeof_client_keypub_der_3072; +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, client_keypub_der_4096, sizeof_client_keypub_der_4096); + bytes = sizeof_client_keypub_der_4096; +#else + file = XFOPEN(clientKeyPub, "rb"); + if (!file) { + err_sys("can't open ./certs/client-keyPub.der, " + "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO); + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); + } + + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitRsaKey(keypub, HEAP_HINT); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + idx = 0; + + ret = wc_RsaPublicKeyDecode(tmp, &idx, keypub, (word32)bytes); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); +#endif /* WOLFSSL_CERT_EXT */ + +#if defined(WOLFSSL_KEY_GEN) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) + ret = rsa_keygen_test(&rng); + if (ret != 0) + goto exit_rsa; +#endif + +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ASN_TIME) && \ + !defined(WOLFSSL_NO_MALLOC) + /* Make Cert / Sign example for RSA cert and RSA CA */ + ret = rsa_certgen_test(key, keypub, &rng, tmp); + if (ret != 0) + goto exit_rsa; + +#if !defined(NO_RSA) && defined(HAVE_ECC) && !defined(NO_ECC_SECP) + ret = rsa_ecc_certgen_test(&rng, tmp); + if (ret != 0) + goto exit_rsa; +#endif + +#if defined(WOLFSSL_CERT_REQ) && !defined(WOLFSSL_NO_MALLOC) + { + int derSz; + + req = (Cert *)XMALLOC(sizeof *req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (! req) + ERROR_OUT(MEMORY_E, exit_rsa); + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT,DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_rsa); + } + + ret = wc_InitCert_ex(req, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + req->version = 0; + req->isCA = 1; + XSTRNCPY(req->challengePw, "wolf123", CTC_NAME_SIZE); + XMEMCPY(&req->subject, &certDefaultName, sizeof(CertName)); + + #ifndef NO_SHA256 + req->sigType = CTC_SHA256wRSA; + #else + req->sigType = CTC_SHAwRSA; + #endif + + #ifdef WOLFSSL_CERT_EXT + /* add SKID from the Public Key */ + ret = wc_SetSubjectKeyIdFromPublicKey(req, keypub, NULL); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + /* add Key Usage */ + ret = wc_SetKeyUsage(req, certKeyUsage2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + + /* add Extended Key Usage */ + ret = wc_SetExtKeyUsage(req, + "serverAuth,clientAuth,codeSigning," + "emailProtection,timeStamping,OCSPSigning"); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + #ifdef WOLFSSL_EKU_OID + { + WOLFSSL_SMALL_STACK_STATIC const char unique[] = + "2.16.840.1.111111.100.1.10.1"; + ret = wc_SetExtKeyUsageOID(req, unique, sizeof(unique), 0, + HEAP_HINT); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + } + #endif /* WOLFSSL_EKU_OID */ + #endif /* WOLFSSL_CERT_EXT */ + + derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL); + if (derSz < 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa); + } + + #ifdef WOLFSSL_CERT_EXT + /* Try again with "any" flag set, will override all others */ + ret = wc_SetExtKeyUsage(req, "any"); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + derSz = wc_MakeCertReq(req, der, FOURK_BUF, key, NULL); + if (derSz < 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa); + } + #endif /* WOLFSSL_CERT_EXT */ + + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_SignCert(req->bodySz, req->sigType, der, FOURK_BUF, + key, NULL, &rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_rsa); + derSz = (int)ret; + + ret = SaveDerAndPem(der, derSz, certReqDerFile, certReqPemFile, + CERTREQ_TYPE); + if (ret != 0) { + goto exit_rsa; + } + + derSz = wc_MakeCertReq_ex(req, der, FOURK_BUF, RSA_TYPE, key); + if (derSz < 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa); + } + + /* Test getting the size of the buffer without providing the buffer. + * derSz is set to the "largest buffer" we are willing to allocate. */ + derSz = wc_MakeCertReq(req, NULL, 10000, key, NULL); + if (derSz < 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), exit_rsa); + } + + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + der = NULL; + XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + req = NULL; + } +#endif /* WOLFSSL_CERT_REQ */ +#endif /* WOLFSSL_CERT_GEN */ + +#if defined(WC_RSA_PSS) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,0)) && \ + !defined(WC_NO_RNG) +/* Need to create known good signatures to test with this. */ +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY) && \ + !defined(WOLF_CRYPTO_CB_ONLY_RSA) + ret = rsa_pss_test(&rng, key); + if (ret != 0) + goto exit_rsa; +#endif +#endif + +#if defined(WOLFSSL_HAVE_SP_RSA) && defined(USE_FAST_MATH) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + /* New key to be loaded in rsa_even_mod_test(). */ + if (key != NULL) +#endif + wc_FreeRsaKey(key); + /* New key to be loaded in rsa_even_mod_test(). */ + ret = rsa_even_mod_test(&rng, key); +#endif + +exit_rsa: + +#if !defined(WOLFSSL_NO_MALLOC) + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #if defined(WOLFSSL_CERT_REQ) + XFREE(req, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif +#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_DeleteRsaKey(key, &key); + #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) + wc_DeleteRsaKey(keypub, &keypub); + #endif + #ifdef WOLFSSL_TEST_CERT + XFREE(cert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + wc_FreeRsaKey(key); + #if defined(WOLFSSL_CERT_EXT) || defined(WOLFSSL_CERT_GEN) + wc_FreeRsaKey(keypub); + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + + wc_FreeRng(&rng); + + WC_FREE_VAR(in, HEAP_HINT); + WC_FREE_VAR(out, HEAP_HINT); + WC_FREE_VAR(plain, HEAP_HINT); + + (void)res; + (void)bytes; + (void)idx; + (void)in; + (void)out; + (void)plain; + (void)idx; + (void)inStr; + (void)inLen; + (void)outSz; + (void)plainSz; + + /* ret can be greater then 0 with certgen but all negative values should + * be returned and treated as an error */ + if (ret >= 0) { + return 0; + } + else { + return ret; + } +} + +#endif /* !NO_RSA */ + + +#ifndef NO_DH + +static wc_test_ret_t dh_fips_generate_test(WC_RNG *rng) +{ + wc_test_ret_t ret = 0; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + DhKey key[1]; +#endif + WOLFSSL_SMALL_STACK_STATIC const byte p[] = { + 0xc5, 0x7c, 0xa2, 0x4f, 0x4b, 0xd6, 0x8c, 0x3c, + 0xda, 0xc7, 0xba, 0xaa, 0xea, 0x2e, 0x5c, 0x1e, + 0x18, 0xb2, 0x7b, 0x8c, 0x55, 0x65, 0x9f, 0xea, + 0xe0, 0xa1, 0x36, 0x53, 0x2b, 0x36, 0xe0, 0x4e, + 0x3e, 0x64, 0xa9, 0xe4, 0xfc, 0x8f, 0x32, 0x62, + 0x97, 0xe4, 0xbe, 0xf7, 0xc1, 0xde, 0x07, 0x5a, + 0x89, 0x28, 0xf3, 0xfe, 0x4f, 0xfe, 0x68, 0xbc, + 0xfb, 0x0a, 0x7c, 0xa4, 0xb3, 0x14, 0x48, 0x89, + 0x9f, 0xaf, 0xb8, 0x43, 0xe2, 0xa0, 0x62, 0x5c, + 0xb4, 0x88, 0x3f, 0x06, 0x50, 0x11, 0xfe, 0x65, + 0x8d, 0x49, 0xd2, 0xf5, 0x4b, 0x74, 0x79, 0xdb, + 0x06, 0x62, 0x92, 0x89, 0xed, 0xda, 0xcb, 0x87, + 0x37, 0x16, 0xd2, 0xa1, 0x7a, 0xe8, 0xde, 0x92, + 0xee, 0x3e, 0x41, 0x4a, 0x91, 0x5e, 0xed, 0xf3, + 0x6c, 0x6b, 0x7e, 0xfd, 0x15, 0x92, 0x18, 0xfc, + 0xa7, 0xac, 0x42, 0x85, 0x57, 0xe9, 0xdc, 0xda, + 0x55, 0xc9, 0x8b, 0x28, 0x9e, 0xc1, 0xc4, 0x46, + 0x4d, 0x88, 0xed, 0x62, 0x8e, 0xdb, 0x3f, 0xb9, + 0xd7, 0xc8, 0xe3, 0xcf, 0xb8, 0x34, 0x2c, 0xd2, + 0x6f, 0x28, 0x06, 0x41, 0xe3, 0x66, 0x8c, 0xfc, + 0x72, 0xff, 0x26, 0x3b, 0x6b, 0x6c, 0x6f, 0x73, + 0xde, 0xf2, 0x90, 0x29, 0xe0, 0x61, 0x32, 0xc4, + 0x12, 0x74, 0x09, 0x52, 0xec, 0xf3, 0x1b, 0xa6, + 0x45, 0x98, 0xac, 0xf9, 0x1c, 0x65, 0x8e, 0x3a, + 0x91, 0x84, 0x4b, 0x23, 0x8a, 0xb2, 0x3c, 0xc9, + 0xfa, 0xea, 0xf1, 0x38, 0xce, 0xd8, 0x05, 0xe0, + 0xfa, 0x44, 0x68, 0x1f, 0xeb, 0xd9, 0x57, 0xb8, + 0x4a, 0x97, 0x5b, 0x88, 0xc5, 0xf1, 0xbb, 0xb0, + 0x49, 0xc3, 0x91, 0x7c, 0xd3, 0x13, 0xb9, 0x47, + 0xbb, 0x91, 0x8f, 0xe5, 0x26, 0x07, 0xab, 0xa9, + 0xc5, 0xd0, 0x3d, 0x95, 0x41, 0x26, 0x92, 0x9d, + 0x13, 0x67, 0xf2, 0x7e, 0x11, 0x88, 0xdc, 0x2d + }; + WOLFSSL_SMALL_STACK_STATIC const byte g[] = { + 0x4a, 0x1a, 0xf3, 0xa4, 0x92, 0xe9, 0xee, 0x74, + 0x6e, 0x57, 0xd5, 0x8c, 0x2c, 0x5b, 0x41, 0x41, + 0x5e, 0xd4, 0x55, 0x19, 0xdc, 0xd9, 0x32, 0x91, + 0xf7, 0xfd, 0xc2, 0x57, 0xff, 0x03, 0x14, 0xdb, + 0xf1, 0xb7, 0x60, 0x0c, 0x43, 0x59, 0x3f, 0xff, + 0xac, 0xf1, 0x80, 0x9a, 0x15, 0x6f, 0xd8, 0x6e, + 0xb7, 0x85, 0x18, 0xc8, 0xec, 0x4e, 0x59, 0x4a, + 0xe2, 0x91, 0x43, 0x4c, 0xeb, 0x95, 0xb6, 0x2e, + 0x9a, 0xea, 0x53, 0x68, 0x80, 0x64, 0x69, 0x40, + 0xf9, 0xec, 0xbd, 0x85, 0x89, 0x26, 0x97, 0x67, + 0xaf, 0xb0, 0xad, 0x00, 0x1b, 0xd4, 0xfd, 0x94, + 0xd3, 0xe9, 0x92, 0xb1, 0xb4, 0xbc, 0x5a, 0xaa, + 0x92, 0x80, 0x89, 0x3b, 0x39, 0x05, 0x6c, 0x22, + 0x26, 0xfe, 0x5a, 0x28, 0x6c, 0x37, 0x50, 0x5a, + 0x38, 0x99, 0xcf, 0xf3, 0xc1, 0x96, 0x45, 0xdc, + 0x01, 0xcb, 0x20, 0x87, 0xa5, 0x00, 0x8c, 0xf5, + 0x4d, 0xc2, 0xef, 0xb8, 0x9b, 0xd1, 0x87, 0xbe, + 0xed, 0xd5, 0x0a, 0x29, 0x15, 0x34, 0x59, 0x4c, + 0x3a, 0x05, 0x22, 0x05, 0x44, 0x4f, 0x9f, 0xc8, + 0x47, 0x12, 0x24, 0x8e, 0xa8, 0x79, 0xe4, 0x67, + 0xba, 0x4d, 0x5b, 0x75, 0x56, 0x95, 0xeb, 0xe8, + 0x8a, 0xfa, 0x8e, 0x01, 0x8c, 0x1b, 0x74, 0x63, + 0xd9, 0x2f, 0xf7, 0xd3, 0x44, 0x8f, 0xa8, 0xf5, + 0xaf, 0x6c, 0x4f, 0xdb, 0xe7, 0xc9, 0x6c, 0x71, + 0x22, 0xa3, 0x1d, 0xf1, 0x40, 0xb2, 0xe0, 0x9a, + 0xb6, 0x72, 0xc9, 0xc0, 0x13, 0x16, 0xa2, 0x4a, + 0xe1, 0x92, 0xc7, 0x54, 0x23, 0xab, 0x9d, 0xa1, + 0xa1, 0xe5, 0x0b, 0xed, 0xba, 0xe8, 0x84, 0x37, + 0xb2, 0xe7, 0xfe, 0x32, 0x8d, 0xfa, 0x1c, 0x53, + 0x77, 0x97, 0xc7, 0xf3, 0x48, 0xc9, 0xdb, 0x2d, + 0x75, 0x52, 0x9d, 0x42, 0x51, 0x78, 0x62, 0x68, + 0x05, 0x45, 0x15, 0xf8, 0xa2, 0x4e, 0xf3, 0x0b + }; + WOLFSSL_SMALL_STACK_STATIC const byte q[] = { + 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, + 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, + 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, + 0x40, 0x52, 0xed, 0x41 + }; + WOLFSSL_SMALL_STACK_STATIC const byte q0[] = { + 0x00, + 0xe0, 0x35, 0x37, 0xaf, 0xb2, 0x50, 0x91, 0x8e, + 0xf2, 0x62, 0x2b, 0xd9, 0x9f, 0x6c, 0x11, 0x75, + 0xec, 0x24, 0x5d, 0x78, 0x59, 0xe7, 0x8d, 0xb5, + 0x40, 0x52, 0xed, 0x41 + }; + byte priv[256]; + byte pub[256]; + word32 privSz = sizeof(priv); + word32 pubSz = sizeof(pub); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (key == NULL) + ERROR_OUT(MEMORY_E, exit_gen_test); +#endif + + /* Parameter Validation testing. */ + ret = wc_DhGenerateKeyPair(NULL, rng, priv, &privSz, pub, &pubSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + ret = wc_DhGenerateKeyPair(key, NULL, priv, &privSz, pub, &pubSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + ret = wc_DhGenerateKeyPair(key, rng, NULL, &privSz, pub, &pubSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + ret = wc_DhGenerateKeyPair(key, rng, priv, NULL, pub, &pubSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, NULL, &pubSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + + ret = wc_InitDhKey_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + + ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q0, sizeof(q0)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + + wc_FreeDhKey(key); + + ret = wc_InitDhKey_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + + ret = wc_DhSetKey_ex(key, p, sizeof(p), g, sizeof(g), q, sizeof(q)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + + /* Use API. */ + ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + + ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q0, sizeof(q0)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + + wc_FreeDhKey(key); + ret = wc_InitDhKey_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + + ret = wc_DhSetKey(key, p, sizeof(p), g, sizeof(g)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + + ret = wc_DhCheckPubKey_ex(key, pub, pubSz, q, sizeof(q)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + +#ifndef HAVE_SELFTEST + ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + + /* Taint the public key so the check fails. */ + pub[0]++; + ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz); + if (ret != WC_NO_ERR_TRACE(MP_CMP_E)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + } + +#ifdef WOLFSSL_KEY_GEN + wc_FreeDhKey(key); + ret = wc_InitDhKey_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + + ret = wc_DhGenerateParams(rng, 2048, key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + + privSz = sizeof(priv); + pubSz = sizeof(pub); + + ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); +#endif /* WOLFSSL_KEY_GEN */ +#endif /* HAVE_SELFTEST */ + + ret = 0; + +exit_gen_test: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (key) { + wc_FreeDhKey(key); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_FreeDhKey(key); +#endif + + return ret; +} + +static wc_test_ret_t dh_generate_test(WC_RNG *rng) +{ + wc_test_ret_t ret = 0; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + DhKey *smallKey = NULL; +#else + DhKey smallKey[1]; +#endif + byte p[2] = { 1, 7 }; /* 263 in decimal */ + byte g[2] = { 0, 2 }; +#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FFDHE) +#ifdef WOLFSSL_DH_CONST + /* the table for constant DH lookup will round to the lowest byte size 21 */ + byte priv[21]; + byte pub[21]; +#else + byte priv[2]; + byte pub[2]; +#endif + word32 privSz = sizeof(priv); + word32 pubSz = sizeof(pub); +#endif + int smallKey_inited = 0; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((smallKey = (DhKey *)XMALLOC(sizeof(*smallKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) + return WC_TEST_RET_ENC_ERRNO; +#endif + + ret = wc_InitDhKey_ex(smallKey, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + smallKey_inited = 1; + + /* Parameter Validation testing. */ + ret = wc_InitDhKey_ex(NULL, HEAP_HINT, devId); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + wc_FreeDhKey(NULL); + + ret = wc_DhSetKey(NULL, p, sizeof(p), g, sizeof(g)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + } + ret = wc_DhSetKey(smallKey, NULL, sizeof(p), g, sizeof(g)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + } + ret = wc_DhSetKey(smallKey, p, 0, g, sizeof(g)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + } + ret = wc_DhSetKey(smallKey, p, sizeof(p), NULL, sizeof(g)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + } + ret = wc_DhSetKey(smallKey, p, sizeof(p), g, 0); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + } + ret = wc_DhSetKey(smallKey, p, sizeof(p), g, sizeof(g)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + +#if !defined(WOLFSSL_SP_MATH) && !defined(HAVE_FFDHE) + /* Use API. */ + ret = wc_DhGenerateKeyPair(smallKey, rng, priv, &privSz, pub, &pubSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &smallKey->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } +#else + (void)rng; + #if defined(HAVE_FIPS) || !defined(WOLFSSL_NO_DH186) + ret = 0; + #endif +#endif + +#if !defined(HAVE_FIPS) && defined(WOLFSSL_NO_DH186) + { + byte priv[260]; + byte pub[260]; + word32 privSz = sizeof(priv); + word32 pubSz = sizeof(pub); + + /* test odd ball param generation with DH */ + wc_FreeDhKey(smallKey); + ret = wc_InitDhKey_ex(smallKey, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + + /* should fail since modSz is 16 and group size is 20 */ + ret = wc_DhGenerateParams(rng, 128, smallKey); + if (ret == 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + + ret = wc_DhGenerateParams(rng, 2056, smallKey); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + + privSz = sizeof(priv); + pubSz = sizeof(pub); + + ret = wc_DhGenerateKeyPair(smallKey, rng, priv, &privSz, pub, &pubSz); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &smallKey->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_gen_test); + } +#endif /* !HAVE_FIPS and WOLFSSL_NO_DH186 */ + +exit_gen_test: + if (smallKey_inited) + wc_FreeDhKey(smallKey); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(smallKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) +typedef struct dh_pubvalue_test { + const byte* data; + word32 len; +} dh_pubvalue_test; + +static wc_test_ret_t dh_test_check_pubvalue(void) +{ + wc_test_ret_t ret; + word32 i; + WOLFSSL_SMALL_STACK_STATIC const byte prime[] = {0x01, 0x00, 0x01}; + WOLFSSL_SMALL_STACK_STATIC const byte pubValZero[] = { 0x00 }; + WOLFSSL_SMALL_STACK_STATIC const byte pubValZeroLong[] = { 0x00, 0x00, 0x00 }; + WOLFSSL_SMALL_STACK_STATIC const byte pubValOne[] = { 0x01 }; + WOLFSSL_SMALL_STACK_STATIC const byte pubValOneLong[] = { 0x00, 0x00, 0x01 }; + WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeMinusOne[] = { 0x01, 0x00, 0x00 }; + WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimeLong[] = {0x00, 0x01, 0x00, 0x01}; + WOLFSSL_SMALL_STACK_STATIC const byte pubValPrimePlusOne[] = { 0x01, 0x00, 0x02 }; + WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig0[] = { 0x02, 0x00, 0x01 }; + WOLFSSL_SMALL_STACK_STATIC const byte pubValTooBig1[] = { 0x01, 0x01, 0x01 }; + WOLFSSL_SMALL_STACK_STATIC const byte pubValTooLong[] = { 0x01, 0x00, 0x00, 0x01 }; + WOLFSSL_SMALL_STACK_STATIC const byte pubValTwo[] = { 0x02 }; + WOLFSSL_SMALL_STACK_STATIC const byte pubValTwoLong[] = { 0x00, 0x00, 0x02 }; + WOLFSSL_SMALL_STACK_STATIC const byte pubValGood[] = { 0x12, 0x34 }; + WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLen[] = { 0x00, 0x12, 0x34 }; + WOLFSSL_SMALL_STACK_STATIC const byte pubValGoodLong[] = { 0x00, 0x00, 0x12, 0x34 }; + dh_pubvalue_test dh_pubval_fail[11]; + dh_pubvalue_test dh_pubval_pass[5]; + + #define INIT_PUBVAL_FAIL(i,y) dh_pubval_fail[i].data = y; dh_pubval_fail[i].len = sizeof(y) + #define INIT_PUBVAL_PASS(i,y) dh_pubval_pass[i].data = y; dh_pubval_pass[i].len = sizeof(y) + + INIT_PUBVAL_FAIL(0, prime); + INIT_PUBVAL_FAIL(1, pubValZero); + INIT_PUBVAL_FAIL(2, pubValZeroLong); + INIT_PUBVAL_FAIL(3, pubValOne); + INIT_PUBVAL_FAIL(4, pubValOneLong); + INIT_PUBVAL_FAIL(5, pubValPrimeMinusOne); + INIT_PUBVAL_FAIL(6, pubValPrimeLong); + INIT_PUBVAL_FAIL(7, pubValPrimePlusOne); + INIT_PUBVAL_FAIL(8, pubValTooBig0); + INIT_PUBVAL_FAIL(9, pubValTooBig1); + INIT_PUBVAL_FAIL(10, pubValTooLong); + + INIT_PUBVAL_PASS(0, pubValTwo); + INIT_PUBVAL_PASS(1, pubValTwoLong); + INIT_PUBVAL_PASS(2, pubValGood); + INIT_PUBVAL_PASS(3, pubValGoodLen); + INIT_PUBVAL_PASS(4, pubValGoodLong); + + #undef INIT_PUBVAL_FAIL + #undef INIT_PUBVAL_PASS + + for (i = 0; i < sizeof(dh_pubval_fail) / sizeof(*dh_pubval_fail); i++) { + ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_fail[i].data, + dh_pubval_fail[i].len); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_I(i); + } + + for (i = 0; i < sizeof(dh_pubval_pass) / sizeof(*dh_pubval_pass); i++) { + ret = wc_DhCheckPubValue(prime, sizeof(prime), dh_pubval_pass[i].data, + dh_pubval_pass[i].len); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + } + + return 0; +} +#endif + +#if defined(HAVE_FFDHE) + +#if defined(HAVE_FFDHE_4096) + #define MAX_DH_PRIV_SZ 39 + #define MAX_DH_KEY_SZ 512 +#elif defined(HAVE_FFDHE_3072) + #define MAX_DH_PRIV_SZ 34 + #define MAX_DH_KEY_SZ 384 +#else + #define MAX_DH_PRIV_SZ 29 + #define MAX_DH_KEY_SZ 256 +#endif + +#ifndef WC_NO_RNG + +#if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \ + (defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM))) + +#ifdef HAVE_PUBLIC_FFDHE +static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, const DhParams* params) +#else +static wc_test_ret_t dh_ffdhe_test(WC_RNG *rng, int name) +#endif +{ + wc_test_ret_t ret; + word32 privSz, pubSz, privSz2, pubSz2; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte *priv = (byte*)XMALLOC(MAX_DH_PRIV_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *pub = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *priv2 = (byte*)XMALLOC(MAX_DH_PRIV_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *pub2 = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *agree = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *agree2 = (byte*)XMALLOC(MAX_DH_KEY_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + DhKey *key = (DhKey*)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + DhKey *key2 = (DhKey*)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + byte priv[MAX_DH_PRIV_SZ]; + byte pub[MAX_DH_KEY_SZ]; + byte priv2[MAX_DH_PRIV_SZ]; + byte pub2[MAX_DH_KEY_SZ]; + byte agree[MAX_DH_KEY_SZ]; + byte agree2[MAX_DH_KEY_SZ]; + DhKey key[1]; + DhKey key2[1]; +#endif + word32 agreeSz = MAX_DH_KEY_SZ; + word32 agreeSz2 = MAX_DH_KEY_SZ; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((priv == NULL) || + (pub == NULL) || + (priv2 == NULL) || + (pub2 == NULL) || + (agree == NULL) || + (agree2 == NULL) || + (key == NULL) || + (key2 == NULL)) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); +#endif + + pubSz = MAX_DH_KEY_SZ; + pubSz2 = MAX_DH_KEY_SZ; + #ifdef HAVE_PUBLIC_FFDHE + privSz = MAX_DH_PRIV_SZ; + privSz2 = MAX_DH_PRIV_SZ; + #else + privSz = wc_DhGetNamedKeyMinSize(name); + privSz2 = privSz; + #endif + + XMEMSET(key, 0, sizeof(*key)); + XMEMSET(key2, 0, sizeof(*key2)); + + ret = wc_InitDhKey_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifdef HAVE_PUBLIC_FFDHE + /* use wc_DhSetKey_ex(), not wc_DhSetKey(), so that trusted=0 is passed to + * _DhSetKey(), exercising the primality check on the modulus: + */ + ret = wc_DhSetKey_ex(key, params->p, params->p_len, params->g, + params->g_len, NULL /* q */, 0 /* qSz */); +#else + ret = wc_DhSetNamedKey(key, name); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifdef HAVE_PUBLIC_FFDHE + ret = wc_DhSetKey_ex(key2, params->p, params->p_len, params->g, + params->g_len, NULL /* q */, 0 /* qSz */); +#else + ret = wc_DhSetNamedKey(key2, name); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_DhGenerateKeyPair(key2, rng, priv2, &privSz2, pub2, &pubSz2); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + + /* wc_DhGeneratePublic_fips() was added in 5.2.3, but some customers are + * building with configure scripts that set version to 5.2.1, but with 5.2.3 + * wolfCrypt sources. 5.3.0 is used for both fips-v5-ready and v5-kcapi, + * and are also missing wc_DhGeneratePublic(). + */ +#if !(defined(HAVE_SELFTEST) || \ + (defined(HAVE_FIPS) && FIPS_VERSION3_LT(5,2,3)) || \ + FIPS_VERSION3_EQ(5,3,0) || \ + FIPS_VERSION3_EQ(6,0,0) || \ + defined(NO_WC_DHGENERATEPUBLIC)) + + /* additional test for wc_DhGeneratePublic: + * 1. reset key2. + * 2. using priv from dh key 1, generate pub2 with + * wc_DhGeneratePublic. + * 3. test equality pub2 == pub1. */ + wc_FreeDhKey(key2); + pubSz2 = MAX_DH_KEY_SZ; + XMEMSET(pub2, 0, pubSz2); + + ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifdef HAVE_PUBLIC_FFDHE + ret = wc_DhSetKey_ex(key2, params->p, params->p_len, params->g, + params->g_len, NULL /* q */, 0 /* qSz */); +#else + ret = wc_DhSetNamedKey(key2, name); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + /* using key 1 private, generate key2 public and test equality. */ + ret = wc_DhGeneratePublic(key2, priv, privSz, pub2, &pubSz2); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + } + + if (pubSz != pubSz2 || XMEMCMP(pub, pub2, pubSz)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } +#endif /* !(NO_WC_DHGENERATEPUBLIC || HAVE_SELFTEST || FIPS <5.2.3 || == 5.3.0 || == 6.0.0 */ + +#if (defined(WOLFSSL_HAVE_SP_DH) || defined(USE_FAST_MATH)) && \ + !defined(HAVE_INTEL_QA) + /* Make p even */ + key->p.dp[0] &= (mp_digit)-2; + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_DhGenerateKeyPair(key, rng, priv, &privSz, pub, &pubSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != WC_NO_ERR_TRACE(MP_VAL) && + ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + } + + ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != WC_NO_ERR_TRACE(MP_VAL) && + ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) && + ret != WC_NO_ERR_TRACE(ASYNC_OP_E)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + } + +#ifndef HAVE_SELFTEST + ret = wc_DhCheckKeyPair(key, pub, pubSz, priv, privSz); + if (ret != WC_NO_ERR_TRACE(MP_VAL) && + ret != WC_NO_ERR_TRACE(MP_EXPTMOD_E) && + ret != WC_NO_ERR_TRACE(MP_CMP_E) && + ret != WC_NO_ERR_TRACE(ASYNC_OP_E)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + } +#endif + + /* Getting here means success - set ret to 0. */ + ret = 0; +#endif /* (SP DH or Fast Math) and not Intel QuickAssist */ + +done: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) && \ + !defined(WC_NO_RNG) + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (key) { + wc_FreeDhKey(key); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (key2) { + wc_FreeDhKey(key2); + XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_FreeDhKey(key); + wc_FreeDhKey(key2); +#endif + + return ret; +} +#endif /* !(HAVE_FIPS_VERSION == 2 && WOLFSSL_SP_ARMxx_ASM) */ +#endif /* !WC_NO_RNG */ +#endif /* HAVE_FFDHE */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void) +{ + wc_test_ret_t ret; + word32 bytes; + word32 idx = 0; + word32 privSz = 0; + word32 pubSz = 0; + word32 privSz2 = 0; + word32 pubSz2 = 0; +#ifndef WC_NO_RNG + WC_RNG rng; + int rngInit = 0; +#endif + int keyInit = 0, key2Init = 0; + +#define DH_TEST_TMP_SIZE 1024 +#if !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) + #define DH_TEST_BUF_SIZE 256 +#else + #define DH_TEST_BUF_SIZE 512 +#endif +#ifndef WC_NO_RNG + word32 agreeSz = DH_TEST_BUF_SIZE; + word32 agreeSz2 = DH_TEST_BUF_SIZE; +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + DhKey *key = (DhKey *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + DhKey *key2 = (DhKey *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *tmp = (byte *)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #if !defined(NO_ASN) && (defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \ + (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))) + byte *tmp2 = NULL; + #endif +#else + DhKey key[1]; + DhKey key2[1]; + byte tmp[DH_TEST_TMP_SIZE]; + #if !defined(NO_ASN) && (defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \ + (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))) + byte tmp2[DH_TEST_TMP_SIZE]; + #endif +#endif + +#ifndef WC_NO_RNG +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte *priv = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *pub = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *priv2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *pub2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *agree = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *agree2 = (byte *)XMALLOC(DH_TEST_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (priv == NULL || pub == NULL || priv2 == NULL || pub2 == NULL || + agree == NULL || agree2 == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } +#else + byte priv[DH_TEST_BUF_SIZE]; + byte pub[DH_TEST_BUF_SIZE]; + byte priv2[DH_TEST_BUF_SIZE]; + byte pub2[DH_TEST_BUF_SIZE]; + byte agree[DH_TEST_BUF_SIZE]; + byte agree2[DH_TEST_BUF_SIZE]; +#endif +#endif /* !WC_NO_RNG */ + + WOLFSSL_ENTER("dh_test"); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (key == NULL || key2 == NULL || tmp == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } +#endif + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, dh_key_der_1024, (size_t)sizeof_dh_key_der_1024); + bytes = (size_t)sizeof_dh_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, dh_key_der_2048, (size_t)sizeof_dh_key_der_2048); + bytes = (size_t)sizeof_dh_key_der_2048; +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, dh_key_der_3072, (size_t)sizeof_dh_key_der_3072); + bytes = (size_t)sizeof_dh_key_der_3072; +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, dh_key_der_4096, (size_t)sizeof_dh_key_der_4096); + bytes = (size_t)sizeof_dh_key_der_4096; +#elif defined(NO_ASN) + /* don't use file, no DER parsing */ +#elif !defined(NO_FILESYSTEM) + { + XFILE file = XFOPEN(dhParamsFile, "rb"); + if (! file) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + + bytes = (word32) XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } +#else + /* No DH key to use. */ + ERROR_OUT(WC_TEST_RET_ENC_NC, done); +#endif /* USE_CERT_BUFFERS */ + + (void)idx; + (void)tmp; + (void)bytes; + + pubSz = DH_TEST_BUF_SIZE; + pubSz2 = DH_TEST_BUF_SIZE; + privSz = DH_TEST_BUF_SIZE; + privSz2 = DH_TEST_BUF_SIZE; + +#ifndef WC_NO_RNG + XMEMSET(&rng, 0, sizeof(rng)); +#endif + + /* Use API for coverage. */ + ret = wc_InitDhKey(key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + wc_FreeDhKey(key); + + ret = wc_InitDhKey_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + keyInit = 1; + ret = wc_InitDhKey_ex(key2, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + key2Init = 1; + +#ifdef NO_ASN +#ifndef WOLFSSL_SP_MATH + ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_DhSetKey(key2, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#else + ret = wc_DhSetKey(key, dh2048_p, sizeof(dh2048_p), dh2048_g, + sizeof(dh2048_g)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_DhSetKey(key2, dh2048_p, sizeof(dh2048_p), dh2048_g, + sizeof(dh2048_g)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif +#else + ret = wc_DhKeyDecode(tmp, &idx, key, bytes); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + idx = 0; + ret = wc_DhKeyDecode(tmp, &idx, key2, bytes); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif + +#ifndef WC_NO_RNG +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + rngInit = 1; + + ret = wc_DhGenerateKeyPair(key, &rng, priv, &privSz, pub, &pubSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_DhGenerateKeyPair(key2, &rng, priv2, &privSz2, pub2, &pubSz2); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_DhAgree(key, agree, &agreeSz, priv, privSz, pub2, pubSz2); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_DhAgree(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key2->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + if (agreeSz != agreeSz2 || XMEMCMP(agree, agree2, agreeSz)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + +#endif /* !WC_NO_RNG */ + +#if defined(WOLFSSL_KEY_GEN) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + ret = wc_DhCheckPrivKey(NULL, NULL, 0); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_DhCheckPrivKey(key, priv, privSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_DhExportParamsRaw(NULL, NULL, NULL, NULL, NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + { + word32 pSz, qSz, gSz; + ret = wc_DhExportParamsRaw(key, NULL, &pSz, NULL, &qSz, NULL, &gSz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + } +#endif + +#if !defined(WC_NO_RNG) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) && \ + !defined(HAVE_SELFTEST) + agreeSz = DH_TEST_BUF_SIZE; + agreeSz2 = DH_TEST_BUF_SIZE; + + ret = wc_DhAgree_ct(key, agree, &agreeSz, priv, privSz, pub2, pubSz2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_DhAgree_ct(key2, agree2, &agreeSz2, priv2, privSz2, pub, pubSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifdef WOLFSSL_PUBLIC_MP + if (agreeSz != (word32)mp_unsigned_bin_size(&key->p)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } +#endif + + if (agreeSz != agreeSz2) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + + if (XMEMCMP(agree, agree2, agreeSz) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } +#endif /* !WC_NO_RNG && (!HAVE_FIPS || FIPS_VERSION_GE(7,0)) && !HAVE_SELFTEST */ + + /* Test DH key import / export */ +#if defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \ + (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + wc_FreeDhKey(key); + ret = wc_InitDhKey_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifndef NO_ASN + { + /* DH Private - Key Export / Import */ + #if defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, dh_ffdhe_statickey_der_2048, sizeof_dh_ffdhe_statickey_der_2048); + bytes = sizeof_dh_ffdhe_statickey_der_2048; + #else + XFILE file = XFOPEN(dhKeyFile, "rb"); + if (!file) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + #endif + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + tmp2 = (byte*)XMALLOC(DH_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp2 == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + #endif + idx = 0; + XMEMSET(tmp2, 0, DH_TEST_TMP_SIZE); + + /* Import DH Private key as DER */ + ret = wc_DhKeyDecode(tmp, &idx, key, bytes); + if (ret == 0) { + /* Export as DER */ + idx = DH_TEST_TMP_SIZE; + ret = wc_DhPrivKeyToDer(key, tmp2, &idx); + } + + /* Verify export matches original */ + if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + + + /* DH Public Key - Export / Import */ + #if defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, dh_ffdhe_pub_statickey_der_2048, sizeof_dh_ffdhe_pub_statickey_der_2048); + bytes = sizeof_dh_ffdhe_pub_statickey_der_2048; + #else + file = XFOPEN(dhKeyPubFile, "rb"); + if (!file) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + bytes = (word32)XFREAD(tmp, 1, DH_TEST_TMP_SIZE, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + #endif + + /* for HAVE_WOLF_BIGINT prevent leak */ + wc_FreeDhKey(key); + (void)wc_InitDhKey_ex(key, HEAP_HINT, devId); + + idx = 0; + XMEMSET(tmp2, 0, DH_TEST_TMP_SIZE); + + /* Import DH Public key as DER */ + ret = wc_DhKeyDecode(tmp, &idx, key, bytes); + if (ret == 0) { + /* Export as DER */ + idx = DH_TEST_TMP_SIZE; + ret = wc_DhPubKeyToDer(key, tmp2, &idx); + } + + /* Verify export matches original */ + if (ret <= 0 || bytes != idx || XMEMCMP(tmp, tmp2, bytes) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + } +#else + ret = wc_DhSetKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif /* !NO_ASN */ + + privSz = DH_TEST_BUF_SIZE; + pubSz = DH_TEST_BUF_SIZE; + ret = wc_DhExportKeyPair(key, priv, &privSz, pub, &pubSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_DhImportKeyPair(key2, priv, privSz, pub, pubSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif /* WOLFSSL_DH_EXTRA && !NO_FILESYSTEM && !FIPS <= 2 */ + +#ifndef WC_NO_RNG + ret = dh_generate_test(&rng); + if (ret != 0) + ERROR_OUT(ret, done); + + ret = dh_fips_generate_test(&rng); + if (ret != 0) + ERROR_OUT(ret, done); +#endif /* !WC_NO_RNG */ + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + ret = dh_test_check_pubvalue(); + if (ret != 0) + ERROR_OUT(ret, done); +#endif + +#if !(defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION == 2) && \ + (defined(WOLFSSL_SP_ARM64_ASM) || defined(WOLFSSL_SP_ARM32_ASM))) +/* RNG with DH and SP_ASM code not supported in the in-lined FIPS ASM code, + * this will be available for testing in the 140-3 module */ +#ifndef WC_NO_RNG + /* Specialized code for key gen when using FFDHE-2048, FFDHE-3072 and FFDHE-4096 */ + #ifdef HAVE_FFDHE_2048 + #ifdef HAVE_PUBLIC_FFDHE + ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe2048_Get()); + #else + ret = dh_ffdhe_test(&rng, WC_FFDHE_2048); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + #endif + #ifdef HAVE_FFDHE_3072 + #ifdef HAVE_PUBLIC_FFDHE + ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe3072_Get()); + #else + ret = dh_ffdhe_test(&rng, WC_FFDHE_3072); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + #endif + #ifdef HAVE_FFDHE_4096 + #ifdef HAVE_PUBLIC_FFDHE + ret = dh_ffdhe_test(&rng, wc_Dh_ffdhe4096_Get()); + #else + ret = dh_ffdhe_test(&rng, WC_FFDHE_4096); + #endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + #endif +#endif /* !WC_NO_RNG */ +#endif /* HAVE_FIPS_VERSION == 2 && !WOLFSSL_SP_ARM64_ASM */ + + wc_FreeDhKey(key); + keyInit = 0; + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + !defined(WOLFSSL_OLD_PRIME_CHECK) && !defined(WC_NO_RNG) + /* Test Check Key */ + ret = wc_DhSetCheckKey(key, dh_p, sizeof(dh_p), dh_g, sizeof(dh_g), + NULL, 0, 0, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + keyInit = 1; /* DhSetCheckKey also initializes the key, free it */ +#endif + +done: + +#ifndef WC_NO_RNG + if (rngInit) + wc_FreeRng(&rng); +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (key) { + if (keyInit) + wc_FreeDhKey(key); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (key2) { + if (key2Init) + wc_FreeDhKey(key2); + XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #if !defined(NO_ASN) && (defined(WOLFSSL_DH_EXTRA) && !defined(NO_FILESYSTEM) && \ + (!defined(HAVE_FIPS) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2)))) + XFREE(tmp2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(agree, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(agree2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + if (keyInit) + wc_FreeDhKey(key); + if (key2Init) + wc_FreeDhKey(key2); +#endif + + (void)privSz; + (void)pubSz; + (void)pubSz2; + (void)privSz2; + + return ret; +#undef DH_TEST_BUF_SIZE +#undef DH_TEST_TMP_SIZE +} + +#endif /* NO_DH */ + + +#ifndef NO_DSA + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void) +{ + wc_test_ret_t ret = 0; + int answer; + word32 bytes; + word32 idx = 0; + WC_RNG rng; + int rng_inited = 0; + wc_Sha sha; + byte hash[WC_SHA_DIGEST_SIZE]; + byte signature[40]; + int key_inited = 0; +#ifdef WOLFSSL_KEY_GEN + int derSz = 0; + int derIn_inited = 0; + int genKey_inited = 0; +#endif +#define DSA_TEST_TMP_SIZE 1024 + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte *tmp = (byte*)XMALLOC(DSA_TEST_TMP_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + DsaKey *key = (DsaKey*)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #ifdef WOLFSSL_KEY_GEN + DsaKey *derIn = (DsaKey*)XMALLOC(sizeof(*derIn), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + DsaKey *genKey = (DsaKey*)XMALLOC(sizeof(*genKey), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte* der = NULL; + #endif +#else + byte tmp[DSA_TEST_TMP_SIZE]; + DsaKey key[1]; + #ifdef WOLFSSL_KEY_GEN + DsaKey derIn[1]; + DsaKey genKey[1]; + byte der[FOURK_BUF]; + #endif +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((tmp == NULL) || + (key == NULL) +#ifdef WOLFSSL_KEY_GEN + || (derIn == NULL) + || (genKey == NULL) +#endif + ) { + ret = WC_TEST_RET_ENC_NC; + goto out; + } +#endif + + WOLFSSL_ENTER("dsa_test"); + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, dsa_key_der_1024, sizeof_dsa_key_der_1024); + bytes = sizeof_dsa_key_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, dsa_key_der_2048, sizeof_dsa_key_der_2048); + bytes = sizeof_dsa_key_der_2048; +#else + { + XFILE file = XFOPEN(dsaKey, "rb"); + if (!file) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + + bytes = (word32) XFREAD(tmp, 1, DSA_TEST_TMP_SIZE, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } +#endif /* USE_CERT_BUFFERS */ + + ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + wc_ShaUpdate(&sha, tmp, bytes); + wc_ShaFinal(&sha, hash); + wc_ShaFree(&sha); + + ret = wc_InitDsaKey(key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + key_inited = 1; + + ret = wc_DsaPrivateKeyDecode(tmp, &idx, key, bytes); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + rng_inited = 1; + + ret = wc_DsaSign(hash, signature, key, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_DsaVerify(hash, signature, key, &answer); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (answer != 1) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + wc_FreeDsaKey(key); + key_inited = 0; + + ret = wc_InitDsaKey_h(key, NULL); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + key_inited = 1; + +#ifdef WOLFSSL_KEY_GEN + ret = wc_InitDsaKey(genKey); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + genKey_inited = 1; + + ret = wc_MakeDsaParameters(&rng, 1024, genKey); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_MakeDsaKey(&rng, genKey); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + + derSz = wc_DsaKeyToDer(genKey, der, FOURK_BUF); + if (derSz < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(derSz), out); + + ret = SaveDerAndPem(der, derSz, keyDerFile, keyPemFile, + DSA_PRIVATEKEY_TYPE); + if (ret != 0) + goto out; + + ret = wc_InitDsaKey(derIn); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + derIn_inited = 1; + + idx = 0; + ret = wc_DsaPrivateKeyDecode(der, &idx, derIn, (word32)derSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif /* WOLFSSL_KEY_GEN */ + +out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (key) { + if (key_inited) + wc_FreeDsaKey(key); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + #ifdef WOLFSSL_KEY_GEN + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (derIn) { + if (derIn_inited) + wc_FreeDsaKey(derIn); + XFREE(derIn, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (genKey) { + if (genKey_inited) + wc_FreeDsaKey(genKey); + XFREE(genKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + #endif +#else + if (key_inited) + wc_FreeDsaKey(key); + #ifdef WOLFSSL_KEY_GEN + if (derIn_inited) + wc_FreeDsaKey(derIn); + if (genKey_inited) + wc_FreeDsaKey(genKey); + #endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + + if (rng_inited) + wc_FreeRng(&rng); + + return ret; +} + +#endif /* !NO_DSA */ + +#ifdef WOLFCRYPT_HAVE_SRP +static wc_test_ret_t generate_random_salt(byte *buf, word32 size) +{ + wc_test_ret_t ret = WC_TEST_RET_ENC_NC; + WC_RNG rng; + + if(NULL == buf || !size) + return WC_TEST_RET_ENC_NC; + + if (buf && size && wc_InitRng_ex(&rng, HEAP_HINT, devId) == 0) { + ret = wc_RNG_GenerateBlock(&rng, (byte *)buf, size); + + wc_FreeRng(&rng); + } + + return ret; +} + +#if ((defined(FP_MAX_BITS) && (FP_MAX_BITS >= 3072)) \ + || (defined(SP_INT_BITS) && (SP_INT_BITS >= 3072))) + #define SRP_TEST_BUFFER_SIZE 192 +#else + #define SRP_TEST_BUFFER_SIZE 128 +#endif + +static wc_test_ret_t srp_test_digest(SrpType dgstType) +{ + wc_test_ret_t r; + + byte clientPubKey[SRP_TEST_BUFFER_SIZE]; /* A */ + byte serverPubKey[SRP_TEST_BUFFER_SIZE]; /* B */ + word32 clientPubKeySz = SRP_TEST_BUFFER_SIZE; + word32 serverPubKeySz = SRP_TEST_BUFFER_SIZE; + + byte username[] = "user"; + word32 usernameSz = 4; + + byte password[] = "password"; + word32 passwordSz = 8; + +#if SRP_TEST_BUFFER_SIZE == 128 + WOLFSSL_SMALL_STACK_STATIC const byte N[] = { + 0xEE, 0xAF, 0x0A, 0xB9, 0xAD, 0xB3, 0x8D, 0xD6, + 0x9C, 0x33, 0xF8, 0x0A, 0xFA, 0x8F, 0xC5, 0xE8, + 0x60, 0x72, 0x61, 0x87, 0x75, 0xFF, 0x3C, 0x0B, + 0x9E, 0xA2, 0x31, 0x4C, 0x9C, 0x25, 0x65, 0x76, + 0xD6, 0x74, 0xDF, 0x74, 0x96, 0xEA, 0x81, 0xD3, + 0x38, 0x3B, 0x48, 0x13, 0xD6, 0x92, 0xC6, 0xE0, + 0xE0, 0xD5, 0xD8, 0xE2, 0x50, 0xB9, 0x8B, 0xE4, + 0x8E, 0x49, 0x5C, 0x1D, 0x60, 0x89, 0xDA, 0xD1, + 0x5D, 0xC7, 0xD7, 0xB4, 0x61, 0x54, 0xD6, 0xB6, + 0xCE, 0x8E, 0xF4, 0xAD, 0x69, 0xB1, 0x5D, 0x49, + 0x82, 0x55, 0x9B, 0x29, 0x7B, 0xCF, 0x18, 0x85, + 0xC5, 0x29, 0xF5, 0x66, 0x66, 0x0E, 0x57, 0xEC, + 0x68, 0xED, 0xBC, 0x3C, 0x05, 0x72, 0x6C, 0xC0, + 0x2F, 0xD4, 0xCB, 0xF4, 0x97, 0x6E, 0xAA, 0x9A, + 0xFD, 0x51, 0x38, 0xFE, 0x83, 0x76, 0x43, 0x5B, + 0x9F, 0xC6, 0x1D, 0x2F, 0xC0, 0xEB, 0x06, 0xE3 + }; +#else + WOLFSSL_SMALL_STACK_STATIC const byte N[] = { + 0xfc, 0x58, 0x7a, 0x8a, 0x70, 0xfb, 0x5a, 0x9a, + 0x5d, 0x39, 0x48, 0xbf, 0x1c, 0x46, 0xd8, 0x3b, + 0x7a, 0xe9, 0x1f, 0x85, 0x36, 0x18, 0xc4, 0x35, + 0x3f, 0xf8, 0x8a, 0x8f, 0x8c, 0x10, 0x2e, 0x01, + 0x58, 0x1d, 0x41, 0xcb, 0xc4, 0x47, 0xa8, 0xaf, + 0x9a, 0x6f, 0x58, 0x14, 0xa4, 0x68, 0xf0, 0x9c, + 0xa6, 0xe7, 0xbf, 0x0d, 0xe9, 0x62, 0x0b, 0xd7, + 0x26, 0x46, 0x5b, 0x27, 0xcb, 0x4c, 0xf9, 0x7e, + 0x1e, 0x8b, 0xe6, 0xdd, 0x29, 0xb7, 0xb7, 0x15, + 0x2e, 0xcf, 0x23, 0xa6, 0x4b, 0x97, 0x9f, 0x89, + 0xd4, 0x86, 0xc4, 0x90, 0x63, 0x92, 0xf4, 0x30, + 0x26, 0x69, 0x48, 0x9d, 0x7a, 0x4f, 0xad, 0xb5, + 0x6a, 0x51, 0xad, 0xeb, 0xf9, 0x90, 0x31, 0x77, + 0x53, 0x30, 0x2a, 0x85, 0xf7, 0x11, 0x21, 0x0c, + 0xb8, 0x4b, 0x56, 0x03, 0x5e, 0xbb, 0x25, 0x33, + 0x7c, 0xd9, 0x5a, 0xd1, 0x5c, 0xb2, 0xd4, 0x53, + 0xc5, 0x16, 0x68, 0xf0, 0xdf, 0x48, 0x55, 0x3e, + 0xd4, 0x59, 0x87, 0x64, 0x59, 0xaa, 0x39, 0x01, + 0x45, 0x89, 0x9c, 0x72, 0xff, 0xdd, 0x8f, 0x6d, + 0xa0, 0x42, 0xbc, 0x6f, 0x6e, 0x62, 0x18, 0x2d, + 0x50, 0xe8, 0x18, 0x97, 0x87, 0xfc, 0xef, 0x1f, + 0xf5, 0x53, 0x68, 0xe8, 0x49, 0xd1, 0xa2, 0xe8, + 0xb9, 0x26, 0x03, 0xba, 0xb5, 0x58, 0x6f, 0x6c, + 0x8b, 0x08, 0xa1, 0x7b, 0x6f, 0x42, 0xc9, 0x53 + }; +#endif + + /* Generator is 2 for both cases. */ + WOLFSSL_SMALL_STACK_STATIC const byte g[] = { + 0x02 + }; + + byte salt[10]; + + byte verifier[SRP_TEST_BUFFER_SIZE]; + word32 v_size = (word32)sizeof(verifier); + + word32 clientProofSz = SRP_MAX_DIGEST_SIZE; + word32 serverProofSz = SRP_MAX_DIGEST_SIZE; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Srp *cli = (Srp *)XMALLOC(sizeof *cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + Srp *srv = (Srp *)XMALLOC(sizeof *srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *clientProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); /* M1 */ + byte *serverProof = (byte *)XMALLOC(SRP_MAX_DIGEST_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); /* M2 */ + + if ((cli == NULL) || + (srv == NULL) || + (clientProof == NULL) || + (serverProof == NULL)) { + r = WC_TEST_RET_ENC_NC; + goto out; + } +#else + Srp cli[1], srv[1]; + byte clientProof[SRP_MAX_DIGEST_SIZE]; /* M1 */ + byte serverProof[SRP_MAX_DIGEST_SIZE]; /* M2 */ +#endif + + + /* set as 0's so if second init on srv not called SrpTerm is not on + * garbage values */ + XMEMSET(srv, 0, sizeof *srv); + XMEMSET(cli, 0, sizeof *cli); + + /* generating random salt */ + + r = generate_random_salt(salt, sizeof(salt)); + + /* client knows username and password. */ + /* server knows N, g, salt and verifier. */ + + if (!r) r = wc_SrpInit_ex(cli, dgstType, SRP_CLIENT_SIDE, HEAP_HINT, devId); + if (!r) r = wc_SrpSetUsername(cli, username, usernameSz); + + /* loading N, g and salt in advance to generate the verifier. */ + + if (!r) r = wc_SrpSetParams(cli, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt)); + if (!r) r = wc_SrpSetPassword(cli, password, passwordSz); + if (!r) r = wc_SrpGetVerifier(cli, verifier, &v_size); + + /* client sends username to server */ + + if (!r) r = wc_SrpInit_ex(srv, dgstType, SRP_SERVER_SIDE, HEAP_HINT, devId); + if (!r) r = wc_SrpSetUsername(srv, username, usernameSz); + if (!r) r = wc_SrpSetParams(srv, N, sizeof(N), + g, sizeof(g), + salt, sizeof(salt)); + if (!r) r = wc_SrpSetVerifier(srv, verifier, v_size); + if (!r) r = wc_SrpGetPublic(srv, serverPubKey, &serverPubKeySz); + + /* server sends N, g, salt and B to client */ + + if (!r) r = wc_SrpGetPublic(cli, clientPubKey, &clientPubKeySz); + if (!r) r = wc_SrpComputeKey(cli, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz); + if (!r) r = wc_SrpGetProof(cli, clientProof, &clientProofSz); + + /* client sends A and M1 to server */ + + if (!r) r = wc_SrpComputeKey(srv, clientPubKey, clientPubKeySz, + serverPubKey, serverPubKeySz); + if (!r) r = wc_SrpVerifyPeersProof(srv, clientProof, clientProofSz); + if (!r) r = wc_SrpGetProof(srv, serverProof, &serverProofSz); + + /* server sends M2 to client */ + + if (!r) r = wc_SrpVerifyPeersProof(cli, serverProof, serverProofSz); + + wc_SrpTerm(cli); + wc_SrpTerm(srv); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + out: + + XFREE(cli, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(srv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(clientProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(serverProof, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return r; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void) +{ + wc_test_ret_t ret; + WOLFSSL_ENTER("srp_test"); + +#ifndef NO_SHA + ret = srp_test_digest(SRP_TYPE_SHA); + if (ret != 0) + return ret; +#endif +#ifndef NO_SHA256 + ret = srp_test_digest(SRP_TYPE_SHA256); + if (ret != 0) + return ret; +#endif +#ifdef WOLFSSL_SHA384 + ret = srp_test_digest(SRP_TYPE_SHA384); + if (ret != 0) + return ret; +#endif +#ifdef WOLFSSL_SHA512 + ret = srp_test_digest(SRP_TYPE_SHA512); + if (ret != 0) + return ret; +#endif + + return ret; +} + +#endif /* WOLFCRYPT_HAVE_SRP */ + +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) + +#if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) +static wc_test_ret_t openssl_aes_test(void) +{ +#ifdef HAVE_AES_CBC +#ifdef WOLFSSL_AES_128 + { + /* EVP_CipherUpdate test */ + WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key[] = + "0123456789abcdef "; /* align */ + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = + "1234567890abcdef "; /* align */ + + byte cipher[WC_AES_BLOCK_SIZE * 4]; + byte plain [WC_AES_BLOCK_SIZE * 4]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new(); + WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new(); +#else + WOLFSSL_EVP_CIPHER_CTX en[1]; + WOLFSSL_EVP_CIPHER_CTX de[1]; +#endif + int outlen ; + int total = 0; + int i; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((en == NULL) || (de == NULL)) + return MEMORY_E; +#endif + + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 1) == 0) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen, + (byte*)cbcPlain, 9) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 0) + return WC_TEST_RET_ENC_NC; + total += outlen; + + if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, + (byte*)&cbcPlain[9] , 9) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 16) + return WC_TEST_RET_ENC_NC; + total += outlen; + + if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 16) + return WC_TEST_RET_ENC_NC; + total += outlen; + if (total != 32) + return 3408; + + wolfSSL_EVP_CIPHER_CTX_cleanup(en); + + total = 0; + wolfSSL_EVP_CIPHER_CTX_init(de); + if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 0) == 0) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 0) + return WC_TEST_RET_ENC_NC; + total += outlen; + + if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, + (byte*)&cipher[6], 12) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 0) + total += outlen; + + if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, + (byte*)&cipher[6+12], 14) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 16) + return WC_TEST_RET_ENC_NC; + total += outlen; + + if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 2) + return WC_TEST_RET_ENC_NC; + total += outlen; + + if (total != 18) + return 3427; + + if (XMEMCMP(plain, cbcPlain, 18)) + return WC_TEST_RET_ENC_NC; + + wolfSSL_EVP_CIPHER_CTX_cleanup(de); + + /* test with encrypting/decrypting more than 16 bytes at once */ + total = 0; + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 1) == 0) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen, + (byte*)cbcPlain, 17) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 16) + return WC_TEST_RET_ENC_NC; + total += outlen; + + if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, + (byte*)&cbcPlain[17] , 1) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 0) + return WC_TEST_RET_ENC_NC; + total += outlen; + + if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 16) + return WC_TEST_RET_ENC_NC; + total += outlen; + if (total != 32) + return WC_TEST_RET_ENC_NC; + + wolfSSL_EVP_CIPHER_CTX_cleanup(en); + + total = 0; + wolfSSL_EVP_CIPHER_CTX_init(de); + if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 0) == 0) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 17) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 16) + return WC_TEST_RET_ENC_NC; + total += outlen; + + /* final call on non block size should fail */ + if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, + (byte*)&cipher[17], 1) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 0) + total += outlen; + + if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, + (byte*)&cipher[17+1], 14) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 0) + return WC_TEST_RET_ENC_NC; + total += outlen; + + if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 2) + return WC_TEST_RET_ENC_NC; + total += outlen; + + if (total != 18) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(plain, cbcPlain, 18)) + return WC_TEST_RET_ENC_NC; + + /* test byte by byte decrypt */ + for (i = 0; i < WC_AES_BLOCK_SIZE * 3; i++) { + plain[i] = i; + } + + wolfSSL_EVP_CIPHER_CTX_cleanup(de); + + total = 0; + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 1) == 0) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen, + (byte*)plain, WC_AES_BLOCK_SIZE * 3) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != WC_AES_BLOCK_SIZE * 3) + return WC_TEST_RET_ENC_NC; + total += outlen; + + if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != WC_AES_BLOCK_SIZE) + return WC_TEST_RET_ENC_NC; + total += outlen; + if (total != sizeof(plain)) + return WC_TEST_RET_ENC_NC; + + wolfSSL_EVP_CIPHER_CTX_cleanup(en); + + total = 0; + wolfSSL_EVP_CIPHER_CTX_init(de); + if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 0) == 0) + return WC_TEST_RET_ENC_NC; + + for (i = 0; i < WC_AES_BLOCK_SIZE * 4; i++) { + if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain + total, &outlen, + (byte*)cipher + i, 1) == 0) + return WC_TEST_RET_ENC_NC; + + if (outlen > 0) { + int j; + + total += outlen; + for (j = 0; j < total; j++) { + if (plain[j] != j) { + return WC_TEST_RET_ENC_NC; + } + } + } + } + + if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0) + return WC_TEST_RET_ENC_NC; + total += outlen; + if (total != WC_AES_BLOCK_SIZE * 3) { + return WC_TEST_RET_ENC_NC; + } + for (i = 0; i < WC_AES_BLOCK_SIZE * 3; i++) { + if (plain[i] != i) { + return WC_TEST_RET_ENC_NC; + } + } + + wolfSSL_EVP_CIPHER_CTX_cleanup(de); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wolfSSL_EVP_CIPHER_CTX_free(en); + wolfSSL_EVP_CIPHER_CTX_free(de); +#endif + } + + /* set buffers to be exact size to catch potential over read/write */ + { + /* EVP_CipherUpdate test */ + WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key[] = + "0123456789abcdef "; /* align */ + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = + "1234567890abcdef "; /* align */ + + #define EVP_TEST_BUF_SZ 18 + #define EVP_TEST_BUF_PAD 32 + byte cipher[EVP_TEST_BUF_SZ]; + byte plain [EVP_TEST_BUF_SZ]; + byte padded[EVP_TEST_BUF_PAD]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new(); + WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new(); +#else + WOLFSSL_EVP_CIPHER_CTX en[1]; + WOLFSSL_EVP_CIPHER_CTX de[1]; +#endif + int outlen ; + int total = 0; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((en == NULL) || (de == NULL)) + return MEMORY_E; +#endif + + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 1) == 0) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 0) != 1) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen, + (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 16) + return WC_TEST_RET_ENC_NC; + total += outlen; + + /* should fail here */ + if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) != 0) + return WC_TEST_RET_ENC_NC; + + wolfSSL_EVP_CIPHER_CTX_cleanup(en); + + /* turn padding back on and do successful encrypt */ + total = 0; + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 1) == 0) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 1) != 1) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_CipherUpdate(en, (byte*)padded, &outlen, + (byte*)cbcPlain, EVP_TEST_BUF_SZ) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 16) + return WC_TEST_RET_ENC_NC; + total += outlen; + + if (wolfSSL_EVP_CipherFinal(en, (byte*)&padded[total], &outlen) == 0) + return WC_TEST_RET_ENC_NC; + total += outlen; + if (total != 32) + return WC_TEST_RET_ENC_NC; + XMEMCPY(cipher, padded, EVP_TEST_BUF_SZ); + + wolfSSL_EVP_CIPHER_CTX_cleanup(en); + + /* test out of bounds read on buffers w/o padding during decryption */ + total = 0; + wolfSSL_EVP_CIPHER_CTX_init(de); + if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 0) == 0) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_CIPHER_CTX_set_padding(de, 0) != 1) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, + EVP_TEST_BUF_SZ) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 16) + return WC_TEST_RET_ENC_NC; + total += outlen; + + /* should fail since not using padding */ + if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) != 0) + return WC_TEST_RET_ENC_NC; + + wolfSSL_EVP_CIPHER_CTX_cleanup(de); + + total = 0; + wolfSSL_EVP_CIPHER_CTX_init(de); + if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 0) == 0) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_CIPHER_CTX_set_padding(de, 1) != 1) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_CipherUpdate(de, (byte*)padded, &outlen, (byte*)padded, + EVP_TEST_BUF_PAD) == 0) + return WC_TEST_RET_ENC_NC; + if (outlen != 16) + return WC_TEST_RET_ENC_NC; + total += outlen; + + if (wolfSSL_EVP_CipherFinal(de, (byte*)&padded[total], &outlen) == 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(padded, cbcPlain, EVP_TEST_BUF_SZ)) + return WC_TEST_RET_ENC_NC; + + wolfSSL_EVP_CIPHER_CTX_cleanup(de); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wolfSSL_EVP_CIPHER_CTX_free(en); + wolfSSL_EVP_CIPHER_CTX_free(de); +#endif + } + + { /* evp_cipher test: EVP_aes_128_cbc */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new(); +#else + WOLFSSL_EVP_CIPHER_CTX ctx[1]; +#endif + + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = + { + 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, + 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key[] = + "0123456789abcdef "; /* align */ + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = + "1234567890abcdef "; /* align */ + + byte cipher[WC_AES_BLOCK_SIZE * 4]; + byte plain [WC_AES_BLOCK_SIZE * 4]; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (ctx == NULL) + return MEMORY_E; +#endif + + wolfSSL_EVP_CIPHER_CTX_init(ctx); + if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 1) == 0) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE)) + return WC_TEST_RET_ENC_NC; + + wolfSSL_EVP_CIPHER_CTX_cleanup(ctx); + + wolfSSL_EVP_CIPHER_CTX_init(ctx); + if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 0) == 0) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_Cipher(ctx, plain, cipher, 16) != 16) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE)) + return WC_TEST_RET_ENC_NC; + + wolfSSL_EVP_CIPHER_CTX_cleanup(ctx); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wolfSSL_EVP_CIPHER_CTX_free(ctx); +#endif + } /* end evp_cipher test: EVP_aes_128_cbc*/ +#endif /* WOLFSSL_AES_128 */ +#endif /* HAVE_AES_CBC */ + +#ifndef WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API + +#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_DIRECT) && \ + defined(WOLFSSL_AES_256) + { /* evp_cipher test: EVP_aes_256_ecb*/ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new(); +#else + WOLFSSL_EVP_CIPHER_CTX ctx[1]; +#endif + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = + { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + + byte cipher[WC_AES_BLOCK_SIZE * 4]; + byte plain [WC_AES_BLOCK_SIZE * 4]; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (ctx == NULL) + return MEMORY_E; +#endif + + wolfSSL_EVP_CIPHER_CTX_init(ctx); + if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1) == 0) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_Cipher(ctx, cipher, (byte*)msg, 16) != 16) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE)) + return WC_TEST_RET_ENC_NC; + + wolfSSL_EVP_CIPHER_CTX_init(ctx); + if (wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0) == 0) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_Cipher(ctx, plain, cipher, 16) != 16) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE)) + return WC_TEST_RET_ENC_NC; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wolfSSL_EVP_CIPHER_CTX_free(ctx); +#endif + } /* end evp_cipher test */ +#endif /* HAVE_AES_ECB && WOLFSSL_AES_256 */ + +#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) + /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */ + { + /* Test: AES_encrypt/decrypt/set Key */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + WOLFSSL_AES_KEY *enc = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES); + #ifdef HAVE_AES_DECRYPT + WOLFSSL_AES_KEY *dec = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES); + #endif +#else + WOLFSSL_AES_KEY enc[1]; + #ifdef HAVE_AES_DECRYPT + WOLFSSL_AES_KEY dec[1]; + #endif +#endif + + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = + { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + byte plain[sizeof(msg)]; + byte cipher[sizeof(msg)]; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (enc == NULL) + return MEMORY_E; + #ifdef HAVE_AES_DECRYPT + if (dec == NULL) + return MEMORY_E; + #endif +#endif + + wolfSSL_AES_set_encrypt_key(key, sizeof(key)*8, enc); + wolfSSL_AES_set_decrypt_key(key, sizeof(key)*8, dec); + + wolfSSL_AES_encrypt(msg, cipher, enc); + + #ifdef HAVE_AES_DECRYPT + wolfSSL_AES_decrypt(cipher, plain, dec); + if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE)) + return WC_TEST_RET_ENC_NC; + #endif /* HAVE_AES_DECRYPT */ + + if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE)) + return WC_TEST_RET_ENC_NC; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); + #ifdef HAVE_AES_DECRYPT + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); + #endif +#endif + } +#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ + +#endif /* !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */ + +/* EVP_Cipher with EVP_aes_xxx_ctr() */ +#ifdef WOLFSSL_AES_COUNTER + { + byte plainBuff [64]; + byte cipherBuff[64]; + +#ifdef WOLFSSL_AES_128 + WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] = + { + 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + + WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] = + { + 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, + 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, + 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, + 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, + 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, + 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, + 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, + 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee + }; + + WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] = + { + 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, + 0xc2 + }; +#endif + + /* test vector from "Recommendation for Block Cipher Modes of Operation" + * NIST Special Publication 800-38A */ +#ifdef WOLFSSL_AES_192 + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] = + { + 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] = + { + 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, + 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b + }; +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + /* test vector from "Recommendation for Block Cipher Modes of Operation" + * NIST Special Publication 800-38A */ + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] = + { + 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, + 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28 + }; +#endif /* WOLFSSL_AES_256 */ + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new(); + WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new(); +#else + WOLFSSL_EVP_CIPHER_CTX en[1]; + WOLFSSL_EVP_CIPHER_CTX de[1]; +#endif +#ifdef WOLFSSL_AES_128 + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + WOLFSSL_EVP_CIPHER_CTX *p_en; + WOLFSSL_EVP_CIPHER_CTX *p_de; +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((en == NULL) || (de == NULL)) + return MEMORY_E; +#endif + + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, + WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4) + return WC_TEST_RET_ENC_NC; + wolfSSL_EVP_CIPHER_CTX_init(de); + if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, + WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(cipherBuff, ctrCipher, WC_AES_BLOCK_SIZE*4)) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(plainBuff, ctrPlain, WC_AES_BLOCK_SIZE*4)) + return WC_TEST_RET_ENC_NC; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + p_en = wolfSSL_EVP_CIPHER_CTX_new(); + if (p_en == NULL) + return WC_TEST_RET_ENC_ERRNO; + p_de = wolfSSL_EVP_CIPHER_CTX_new(); + if (p_de == NULL) + return WC_TEST_RET_ENC_ERRNO; + + if (wolfSSL_EVP_CipherInit(p_en, wolfSSL_EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain, + WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_CipherInit(p_de, wolfSSL_EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff, + WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS) + return WC_TEST_RET_ENC_NC; + + wolfSSL_EVP_CIPHER_CTX_free(p_en); + wolfSSL_EVP_CIPHER_CTX_free(p_de); +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + + if (XMEMCMP(cipherBuff, ctrCipher, WC_AES_BLOCK_SIZE*4)) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(plainBuff, ctrPlain, WC_AES_BLOCK_SIZE*4)) + return WC_TEST_RET_ENC_NC; + + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9) + return WC_TEST_RET_ENC_NC; + + wolfSSL_EVP_CIPHER_CTX_init(de); + if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(plainBuff, ctrPlain, 9)) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(cipherBuff, ctrCipher, 9)) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(plainBuff, ctrPlain, 9)) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(cipherBuff, oddCipher, 9)) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS) + return WC_TEST_RET_ENC_NC; +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_192_ctr(), + (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain, + WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE) + return WC_TEST_RET_ENC_NC; + wolfSSL_EVP_CIPHER_CTX_init(de); + if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_192_ctr(), + (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) + return WC_TEST_RET_ENC_NC; + + XMEMSET(plainBuff, 0, sizeof(plainBuff)); + if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, + WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain))) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher))) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS) + return WC_TEST_RET_ENC_NC; +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_256_ctr(), + (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain, + WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE) + return WC_TEST_RET_ENC_NC; + wolfSSL_EVP_CIPHER_CTX_init(de); + if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_256_ctr(), + (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) + return WC_TEST_RET_ENC_NC; + + XMEMSET(plainBuff, 0, sizeof(plainBuff)); + if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, + WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain))) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher))) + return WC_TEST_RET_ENC_NC; + + if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS) + return WC_TEST_RET_ENC_NC; + if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS) + return WC_TEST_RET_ENC_NC; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wolfSSL_EVP_CIPHER_CTX_free(en); + wolfSSL_EVP_CIPHER_CTX_free(de); +#endif + +#endif /* WOLFSSL_AES_256 */ + } +#endif /* HAVE_AES_COUNTER */ + +#ifndef WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API + +#if defined(WOLFSSL_AES_CFB) && defined(WOLFSSL_AES_128) + { +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + WOLFSSL_AES_KEY *enc = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES); + WOLFSSL_AES_KEY *dec = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES); +#else + WOLFSSL_AES_KEY enc[1]; + WOLFSSL_AES_KEY dec[1]; +#endif + + WOLFSSL_SMALL_STACK_STATIC const byte setIv[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key[] = + { + 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c + }; + + WOLFSSL_SMALL_STACK_STATIC const byte cipher1[] = + { + 0x3b,0x3f,0xd9,0x2e,0xb7,0x2d,0xad,0x20, + 0x33,0x34,0x49,0xf8,0xe8,0x3c,0xfb,0x4a, + 0xc8,0xa6,0x45,0x37,0xa0,0xb3,0xa9,0x3f, + 0xcd,0xe3,0xcd,0xad,0x9f,0x1c,0xe5,0x8b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51 + }; + + byte cipher[WC_AES_BLOCK_SIZE * 2]; + byte iv[WC_AES_BLOCK_SIZE]; /* iv buffer is updeated by API */ + int num = 0; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((enc == NULL) || (dec == NULL)) + return MEMORY_E; +#endif + + XMEMCPY(iv, setIv, sizeof(setIv)); + wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, enc); + wolfSSL_AES_set_encrypt_key(key, sizeof(key) * 8, dec); + + wolfSSL_AES_cfb128_encrypt(msg, cipher, WC_AES_BLOCK_SIZE - 1, enc, iv, + &num, AES_ENCRYPTION); + + if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE - 1)) + return WC_TEST_RET_ENC_NC; + + if (num != 15) /* should have used 15 of the 16 bytes */ + return WC_TEST_RET_ENC_NC; + + wolfSSL_AES_cfb128_encrypt(msg + WC_AES_BLOCK_SIZE - 1, + cipher + WC_AES_BLOCK_SIZE - 1, WC_AES_BLOCK_SIZE + 1, enc, iv, + &num, AES_ENCRYPTION); + + if (XMEMCMP(cipher, cipher1, WC_AES_BLOCK_SIZE * 2)) + return WC_TEST_RET_ENC_NC; + + if (num != 0) + return WC_TEST_RET_ENC_NC; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); +#endif + } +#endif /* WOLFSSL_AES_CFB && WOLFSSL_AES_128 */ + +#endif /* !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */ + + return 0; +} + +#endif /* !NO_AES && !WOLFCRYPT_ONLY */ + + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void) +{ + wc_test_ret_t ret; +#ifdef WOLFSSL_SMALL_STACK + WOLFSSL_EVP_MD_CTX *md_ctx = (WOLFSSL_EVP_MD_CTX *)XMALLOC(sizeof(WOLFSSL_EVP_MD_CTX), NULL, DYNAMIC_TYPE_OPENSSL); + WOLFSSL_EVP_CIPHER_CTX *ctx = wolfSSL_EVP_CIPHER_CTX_new(); + WOLFSSL_EVP_CIPHER_CTX *en = wolfSSL_EVP_CIPHER_CTX_new(); + WOLFSSL_EVP_CIPHER_CTX *de = wolfSSL_EVP_CIPHER_CTX_new(); + WOLFSSL_EVP_CIPHER_CTX *p_en = wolfSSL_EVP_CIPHER_CTX_new(); + WOLFSSL_EVP_CIPHER_CTX *p_de = wolfSSL_EVP_CIPHER_CTX_new(); + #if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \ + defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) + WOLFSSL_AES_KEY *enc = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *enc, HEAP_HINT, DYNAMIC_TYPE_AES); + #ifdef HAVE_AES_DECRYPT + WOLFSSL_AES_KEY *dec = (WOLFSSL_AES_KEY *)XMALLOC(sizeof *dec, HEAP_HINT, DYNAMIC_TYPE_AES); + #endif + #endif /* !NO_AES && !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */ +#else + WOLFSSL_EVP_MD_CTX md_ctx[1]; + WOLFSSL_EVP_CIPHER_CTX ctx[1]; + WOLFSSL_EVP_CIPHER_CTX en[1]; + WOLFSSL_EVP_CIPHER_CTX de[1]; + #if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \ + defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) + WOLFSSL_AES_KEY enc[1]; + #ifdef HAVE_AES_DECRYPT + WOLFSSL_AES_KEY dec[1]; + #endif + #endif /* !NO_AES */ +#endif + testVector a, b, c, d, e, f; + byte hash[WC_SHA256_DIGEST_SIZE*2]; /* max size */ + +#ifdef WOLFSSL_SMALL_STACK + if ((md_ctx == NULL) || (ctx == NULL) || (en == NULL) || (de == NULL) || + (p_en == NULL) || (p_de == NULL) + #if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \ + defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) + || (enc == NULL) + #ifdef HAVE_AES_DECRYPT + || (dec == NULL) + #endif + #endif + ) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out); + } +#endif + + WOLFSSL_ENTER("openssl_test"); + + a.inLen = 0; + b.inLen = c.inLen = d.inLen = e.inLen = f.inLen = a.inLen; + + (void)a; + (void)b; + (void)c; + (void)d; + (void)e; + (void)f; + + /* test malloc / free , 10 is an arbitrary amount of memory chosen */ + { + byte* p; + + p = (byte*)wolfSSL_CRYPTO_malloc(10, "", 0); + + if (p == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } else { + XMEMSET(p, 0, 10); + wolfSSL_CRYPTO_free(p, "", 0); + } + } + +#ifndef NO_MD5 + a.input = "1234567890123456789012345678901234567890123456789012345678" + "9012345678901234567890"; + a.output = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55\xac\x49\xda\x2e\x21\x07\xb6" + "\x7a"; + a.inLen = XSTRLEN(a.input); + a.outLen = WC_MD5_DIGEST_SIZE; + + wolfSSL_EVP_MD_CTX_init(md_ctx); + ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_md5()); + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_DigestUpdate(md_ctx, a.input, (unsigned long)a.inLen); + } + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0); + } + wolfSSL_EVP_MD_CTX_cleanup(md_ctx); + if (ret != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(hash, a.output, WC_MD5_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* NO_MD5 */ + +#ifndef NO_SHA + b.input = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + "aaaaaaaaaa"; + b.output = "\xAD\x5B\x3F\xDB\xCB\x52\x67\x78\xC2\x83\x9D\x2F\x15\x1E\xA7" + "\x53\x99\x5E\x26\xA0"; + b.inLen = XSTRLEN(b.input); + b.outLen = WC_SHA_DIGEST_SIZE; + + wolfSSL_EVP_MD_CTX_init(md_ctx); + ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha1()); + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_DigestUpdate(md_ctx, b.input, (unsigned long)b.inLen); + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0); + } + wolfSSL_EVP_MD_CTX_cleanup(md_ctx); + if (ret != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(hash, b.output, b.outLen) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* NO_SHA */ + +#ifdef WOLFSSL_SHA224 + e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + e.output = "\xc9\x7c\xa9\xa5\x59\x85\x0c\xe9\x7a\x04\xa9\x6d\xef\x6d\x99" + "\xa9\xe0\xe0\xe2\xab\x14\xe6\xb8\xdf\x26\x5f\xc0\xb3"; + e.inLen = XSTRLEN(e.input); + e.outLen = WC_SHA224_DIGEST_SIZE; + + wolfSSL_EVP_MD_CTX_init(md_ctx); + ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha224()); + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen); + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0); + } + wolfSSL_EVP_MD_CTX_cleanup(md_ctx); + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif /* WOLFSSL_SHA224 */ + +#ifndef NO_SHA256 + d.input = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"; + d.output = "\x24\x8D\x6A\x61\xD2\x06\x38\xB8\xE5\xC0\x26\x93\x0C\x3E\x60" + "\x39\xA3\x3C\xE4\x59\x64\xFF\x21\x67\xF6\xEC\xED\xD4\x19\xDB" + "\x06\xC1"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA256_DIGEST_SIZE; + + wolfSSL_EVP_MD_CTX_init(md_ctx); + ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha256()); + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen); + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0); + } + wolfSSL_EVP_MD_CTX_cleanup(md_ctx); + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif /* !NO_SHA256 */ + +#ifdef WOLFSSL_SHA384 + e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + e.output = "\x09\x33\x0c\x33\xf7\x11\x47\xe8\x3d\x19\x2f\xc7\x82\xcd\x1b" + "\x47\x53\x11\x1b\x17\x3b\x3b\x05\xd2\x2f\xa0\x80\x86\xe3\xb0" + "\xf7\x12\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9\x66\xc3\xe9\xfa\x91" + "\x74\x60\x39"; + e.inLen = XSTRLEN(e.input); + e.outLen = WC_SHA384_DIGEST_SIZE; + + wolfSSL_EVP_MD_CTX_init(md_ctx); + ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha384()); + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen); + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0); + } + wolfSSL_EVP_MD_CTX_cleanup(md_ctx); + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif /* WOLFSSL_SHA384 */ + +#ifdef WOLFSSL_SHA512 + f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + f.output = "\x8e\x95\x9b\x75\xda\xe3\x13\xda\x8c\xf4\xf7\x28\x14\xfc\x14" + "\x3f\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1\x72\x99\xae\xad\xb6\x88" + "\x90\x18\x50\x1d\x28\x9e\x49\x00\xf7\xe4\x33\x1b\x99\xde\xc4" + "\xb5\x43\x3a\xc7\xd3\x29\xee\xb6\xdd\x26\x54\x5e\x96\xe5\x5b" + "\x87\x4b\xe9\x09"; + f.inLen = XSTRLEN(f.input); + f.outLen = WC_SHA512_DIGEST_SIZE; + + wolfSSL_EVP_MD_CTX_init(md_ctx); + ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha512()); + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen); + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0); + } + wolfSSL_EVP_MD_CTX_cleanup(md_ctx); + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + +#if !defined(WOLFSSL_NOSHA512_224) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) + + f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + f.output = "\x23\xfe\xc5\xbb\x94\xd6\x0b\x23\x30\x81\x92\x64\x0b\x0c\x45" + "\x33\x35\xd6\x64\x73\x4f\xe4\x0e\x72\x68\x67\x4a\xf9"; + f.inLen = XSTRLEN(f.input); + f.outLen = WC_SHA512_224_DIGEST_SIZE; + + wolfSSL_EVP_MD_CTX_init(md_ctx); + ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha512_224()); + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen); + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0); + } + wolfSSL_EVP_MD_CTX_cleanup(md_ctx); + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */ + +#if !defined(WOLFSSL_NOSHA512_256) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) + f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + f.output = "\x39\x28\xe1\x84\xfb\x86\x90\xf8\x40\xda\x39\x88\x12\x1d\x31" + "\xbe\x65\xcb\x9d\x3e\xf8\x3e\xe6\x14\x6f\xea\xc8\x61\xe1\x9b" + "\x56\x3a"; + f.inLen = XSTRLEN(f.input); + f.outLen = WC_SHA512_256_DIGEST_SIZE; + + wolfSSL_EVP_MD_CTX_init(md_ctx); + ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha512_256()); + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen); + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0); + } + wolfSSL_EVP_MD_CTX_cleanup(md_ctx); + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, f.output, f.outLen) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif /* !WOLFSSL_NOSHA512_224 && !FIPS ... */ +#endif /* WOLFSSL_SHA512 */ + +#ifdef WOLFSSL_SHA3 +#ifndef WOLFSSL_NOSHA3_224 + e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + e.output = "\x54\x3e\x68\x68\xe1\x66\x6c\x1a\x64\x36\x30\xdf\x77\x36\x7a" + "\xe5\xa6\x2a\x85\x07\x0a\x51\xc1\x4c\xbf\x66\x5c\xbc"; + e.inLen = XSTRLEN(e.input); + e.outLen = WC_SHA3_224_DIGEST_SIZE; + + wolfSSL_EVP_MD_CTX_init(md_ctx); + ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_224()); + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen); + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0); + } + wolfSSL_EVP_MD_CTX_cleanup(md_ctx); + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif /* WOLFSSL_NOSHA3_224 */ + +#ifndef WOLFSSL_NOSHA3_256 + d.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + d.output = "\x91\x6f\x60\x61\xfe\x87\x97\x41\xca\x64\x69\xb4\x39\x71\xdf" + "\xdb\x28\xb1\xa3\x2d\xc3\x6c\xb3\x25\x4e\x81\x2b\xe2\x7a\xad" + "\x1d\x18"; + d.inLen = XSTRLEN(d.input); + d.outLen = WC_SHA3_256_DIGEST_SIZE; + + wolfSSL_EVP_MD_CTX_init(md_ctx); + ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_256()); + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_DigestUpdate(md_ctx, d.input, (unsigned long)d.inLen); + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0); + } + wolfSSL_EVP_MD_CTX_cleanup(md_ctx); + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, d.output, d.outLen) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif /* WOLFSSL_NOSHA3_256 */ + + e.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + e.output = "\x79\x40\x7d\x3b\x59\x16\xb5\x9c\x3e\x30\xb0\x98\x22\x97\x47" + "\x91\xc3\x13\xfb\x9e\xcc\x84\x9e\x40\x6f\x23\x59\x2d\x04\xf6" + "\x25\xdc\x8c\x70\x9b\x98\xb4\x3b\x38\x52\xb3\x37\x21\x61\x79" + "\xaa\x7f\xc7"; + e.inLen = XSTRLEN(e.input); + e.outLen = WC_SHA3_384_DIGEST_SIZE; + + wolfSSL_EVP_MD_CTX_init(md_ctx); + ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_384()); + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_DigestUpdate(md_ctx, e.input, (unsigned long)e.inLen); + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0); + } + wolfSSL_EVP_MD_CTX_cleanup(md_ctx); + if (ret != WOLFSSL_SUCCESS || XMEMCMP(hash, e.output, e.outLen) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + +#ifndef WOLFSSL_NOSHA3_512 + f.input = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhi" + "jklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu"; + f.output = "\xaf\xeb\xb2\xef\x54\x2e\x65\x79\xc5\x0c\xad\x06\xd2\xe5\x78" + "\xf9\xf8\xdd\x68\x81\xd7\xdc\x82\x4d\x26\x36\x0f\xee\xbf\x18" + "\xa4\xfa\x73\xe3\x26\x11\x22\x94\x8e\xfc\xfd\x49\x2e\x74\xe8" + "\x2e\x21\x89\xed\x0f\xb4\x40\xd1\x87\xf3\x82\x27\x0c\xb4\x55" + "\xf2\x1d\xd1\x85"; + f.inLen = XSTRLEN(f.input); + f.outLen = WC_SHA3_512_DIGEST_SIZE; + + wolfSSL_EVP_MD_CTX_init(md_ctx); + ret = wolfSSL_EVP_DigestInit(md_ctx, wolfSSL_EVP_sha3_512()); + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_DigestUpdate(md_ctx, f.input, (unsigned long)f.inLen); + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_EVP_DigestFinal(md_ctx, hash, 0); + } + wolfSSL_EVP_MD_CTX_cleanup(md_ctx); + if (ret != WOLFSSL_SUCCESS || + XMEMCMP(hash, f.output, f.outLen) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif /* WOLFSSL_NOSHA3_512 */ +#endif /* WOLFSSL_SHA3 */ + +#ifndef WC_NO_RNG + if (wolfSSL_RAND_bytes(hash, sizeof(hash)) != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif + +#ifndef NO_MD5 + c.input = "what do ya want for nothing?"; + c.output = "\x55\x78\xe8\x48\x4b\xcc\x93\x80\x93\xec\x53\xaf\x22\xd6\x14" + "\x76"; + c.inLen = XSTRLEN(c.input); + c.outLen = WC_MD5_DIGEST_SIZE; + +#if defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2) + /* Expect failure with MD5 + HMAC when using FIPS 140-3. */ + if (wolfSSL_HMAC(wolfSSL_EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, + hash, 0) != NULL) +#else + if (wolfSSL_HMAC(wolfSSL_EVP_md5(), "JefeJefeJefeJefe", 16, (byte*)c.input, (int)c.inLen, + hash, 0) == NULL || + XMEMCMP(hash, c.output, c.outLen) != 0) +#endif + { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif /* NO_MD5 */ + +#ifndef NO_DES3 + { /* des test */ + WOLFSSL_SMALL_STACK_STATIC const byte vector[] = { /* "now is the time for all " w/o trailing 0 */ + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + byte plain[24]; + byte cipher[24]; + WOLFSSL_const_DES_cblock key = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef + }; + WOLFSSL_DES_cblock iv = { + 0x12,0x34,0x56,0x78,0x90,0xab,0xcd,0xef + }; + WOLFSSL_DES_key_schedule sched; + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = { + 0x8b,0x7c,0x52,0xb0,0x01,0x2b,0x6c,0xb8, + 0x4f,0x0f,0xeb,0xf3,0xfb,0x5f,0x86,0x73, + 0x15,0x85,0xb3,0x22,0x4b,0x86,0x2b,0x4b + }; + + wolfSSL_DES_key_sched(&key, &sched); + + wolfSSL_DES_cbc_encrypt(vector, cipher, sizeof(vector), &sched, &iv, WC_DES_ENCRYPT); + wolfSSL_DES_cbc_encrypt(cipher, plain, sizeof(vector), &sched, &iv, WC_DES_DECRYPT); + + if (XMEMCMP(plain, vector, sizeof(vector)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(cipher, verify, sizeof(verify)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* test changing iv */ + wolfSSL_DES_ncbc_encrypt(vector, cipher, 8, &sched, &iv, WC_DES_ENCRYPT); + wolfSSL_DES_ncbc_encrypt(vector + 8, cipher + 8, 16, &sched, &iv, WC_DES_ENCRYPT); + + if (XMEMCMP(cipher, verify, sizeof(verify)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + } /* end des test */ +#endif /* NO_DES3 */ + +#if !defined(NO_AES) && !defined(WOLFCRYPT_ONLY) + if ((ret = openssl_aes_test()) != 0) { + ERROR_OUT(ret, out); + } +#if defined(WOLFSSL_AES_128) && defined(HAVE_AES_CBC) + { /* evp_cipher test: EVP_aes_128_cbc */ + int idx, cipherSz, plainSz; + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { /* "Now is the time for all " w/o trailing 0 */ + 0x6e,0x6f,0x77,0x20,0x69,0x73,0x20,0x74, + 0x68,0x65,0x20,0x74,0x69,0x6d,0x65,0x20, + 0x66,0x6f,0x72,0x20,0x61,0x6c,0x6c,0x20 + }; + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = { + 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, + 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb, + 0x3b,0x5d,0x41,0x97,0x94,0x25,0xa4,0xb4, + 0xae,0x7b,0x34,0xd0,0x3f,0x0c,0xbc,0x06 + }; + WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = { + 0x95,0x94,0x92,0x57,0x5f,0x42,0x81,0x53, + 0x2c,0xcc,0x9d,0x46,0x77,0xa2,0x33,0xcb, + 0x7d,0x37,0x7b,0x0b,0x44,0xaa,0xb5,0xf0, + 0x5f,0x34,0xb4,0xde,0xb5,0xbd,0x2a,0xbb + }; + WOLFSSL_SMALL_STACK_STATIC const byte key[] = + "0123456789abcdef "; /* align */ + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = + "1234567890abcdef "; /* align */ + byte cipher[WC_AES_BLOCK_SIZE * 4]; + byte plain [WC_AES_BLOCK_SIZE * 4]; + + cipherSz = 0; + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 1); + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, (byte*)msg, sizeof(msg)); + if (ret == WOLFSSL_SUCCESS) + cipherSz += idx; + } + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx); + if (ret == WOLFSSL_SUCCESS) + cipherSz += idx; + } + wolfSSL_EVP_CIPHER_CTX_cleanup(ctx); + if (ret != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (cipherSz != (int)sizeof(verify) || XMEMCMP(cipher, verify, cipherSz)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* check partial decrypt (not enough padding for full block) */ + plainSz = 0; + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 0); + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_CipherUpdate(ctx, plain, &idx, cipher, 1); + if (ret == WOLFSSL_SUCCESS) + plainSz += idx; + } + if (ret == WOLFSSL_SUCCESS) { + /* this test should fail... not enough padding for full block */ + ret = wolfSSL_EVP_CipherFinal(ctx, plain + plainSz, &idx); + if (plainSz == 0 && ret != WOLFSSL_SUCCESS) + ret = WOLFSSL_SUCCESS; + else + ret = WC_TEST_RET_ENC_NC; + } + else + ret = WC_TEST_RET_ENC_NC; + wolfSSL_EVP_CIPHER_CTX_cleanup(ctx); + if (ret != WOLFSSL_SUCCESS) + ERROR_OUT(ret, out); + + plainSz = 0; + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 0); + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_CipherUpdate(ctx, plain, &idx, cipher, cipherSz); + if (ret == WOLFSSL_SUCCESS) + plainSz += idx; + } + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_CipherFinal(ctx, plain + plainSz, &idx); + if (ret == WOLFSSL_SUCCESS) + plainSz += idx; + } + wolfSSL_EVP_CIPHER_CTX_cleanup(ctx); + if (ret != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (plainSz != (int)sizeof(msg) || XMEMCMP(plain, msg, sizeof(msg))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + cipherSz = 0; + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_128_cbc(), key, iv, 1); + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_CipherUpdate(ctx, cipher, &idx, msg, WC_AES_BLOCK_SIZE); + if (ret == WOLFSSL_SUCCESS) + cipherSz += idx; + } + if (ret == WOLFSSL_SUCCESS) { + ret = wolfSSL_EVP_CipherFinal(ctx, cipher + cipherSz, &idx); + if (ret == WOLFSSL_SUCCESS) + cipherSz += idx; + } + wolfSSL_EVP_CIPHER_CTX_cleanup(ctx); + if (ret != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (cipherSz != (int)sizeof(verify2) || XMEMCMP(cipher, verify2, cipherSz)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } /* end evp_cipher test: EVP_aes_128_cbc*/ +#endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */ + +#if defined(HAVE_AES_ECB) && defined(WOLFSSL_AES_DIRECT) && \ + defined(WOLFSSL_AES_256) + { /* evp_cipher test: EVP_aes_256_ecb*/ + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + WOLFSSL_SMALL_STACK_STATIC const byte key[] = { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + byte cipher[WC_AES_BLOCK_SIZE * 4]; + byte plain [WC_AES_BLOCK_SIZE * 4]; + + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 1); + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_EVP_Cipher(ctx, cipher, (byte*)msg, 16); + wolfSSL_EVP_CIPHER_CTX_cleanup(ctx); + if (ret != 16) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + wolfSSL_EVP_CIPHER_CTX_init(ctx); + ret = wolfSSL_EVP_CipherInit(ctx, wolfSSL_EVP_aes_256_ecb(), (unsigned char*)key, NULL, 0); + if (ret == WOLFSSL_SUCCESS) + ret = wolfSSL_EVP_Cipher(ctx, plain, cipher, 16); + wolfSSL_EVP_CIPHER_CTX_cleanup(ctx); + if (ret != 16) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } /* end evp_cipher test */ +#endif /* HAVE_AES_ECB && WOLFSSL_AES_128 */ + +#ifndef WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API + +#if defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) + /* enable HAVE_AES_DECRYPT for AES_encrypt/decrypt */ +{ + + /* Test: AES_encrypt/decrypt/set Key */ + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = + { + 0xf3,0xee,0xd1,0xbd,0xb5,0xd2,0xa0,0x3c, + 0x06,0x4b,0x5a,0x7e,0x3d,0xb1,0x81,0xf8 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + byte plain[sizeof(msg)]; + byte cipher[sizeof(msg)]; + + printf("openSSL extra test\n") ; + + wolfSSL_AES_set_encrypt_key(key, sizeof(key)*8, enc); + wolfSSL_AES_set_decrypt_key(key, sizeof(key)*8, dec); + + wolfSSL_AES_encrypt(msg, cipher, enc); + +#ifdef HAVE_AES_DECRYPT + wolfSSL_AES_decrypt(cipher, plain, dec); + if (XMEMCMP(plain, msg, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* HAVE_AES_DECRYPT */ + + if (XMEMCMP(cipher, verify, WC_AES_BLOCK_SIZE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +} + +#endif /* WOLFSSL_AES_DIRECT && WOLFSSL_AES_256 */ + +#endif /* !WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API */ + +/* EVP_Cipher with EVP_aes_xxx_ctr() */ +#ifdef WOLFSSL_AES_COUNTER +{ + byte plainBuff [64]; + byte cipherBuff[64]; + +#ifdef WOLFSSL_AES_128 + WOLFSSL_SMALL_STACK_STATIC const byte ctrKey[] = + { + 0x2b,0x7e,0x15,0x16,0x28,0xae,0xd2,0xa6, + 0xab,0xf7,0x15,0x88,0x09,0xcf,0x4f,0x3c + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctrIv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctrPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctrCipher[] = + { + 0x87,0x4d,0x61,0x91,0xb6,0x20,0xe3,0x26, + 0x1b,0xef,0x68,0x64,0x99,0x0d,0xb6,0xce, + 0x98,0x06,0xf6,0x6b,0x79,0x70,0xfd,0xff, + 0x86,0x17,0x18,0x7b,0xb9,0xff,0xfd,0xff, + 0x5a,0xe4,0xdf,0x3e,0xdb,0xd5,0xd3,0x5e, + 0x5b,0x4f,0x09,0x02,0x0d,0xb0,0x3e,0xab, + 0x1e,0x03,0x1d,0xda,0x2f,0xbe,0x03,0xd1, + 0x79,0x21,0x70,0xa0,0xf3,0x00,0x9c,0xee + }; + + WOLFSSL_SMALL_STACK_STATIC const byte oddCipher[] = + { + 0xb9,0xd7,0xcb,0x08,0xb0,0xe1,0x7b,0xa0, + 0xc2 + }; +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + /* test vector from "Recommendation for Block Cipher Modes of Operation" + * NIST Special Publication 800-38A */ + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Key[] = + { + 0x8e,0x73,0xb0,0xf7,0xda,0x0e,0x64,0x52, + 0xc8,0x10,0xf3,0x2b,0x80,0x90,0x79,0xe5, + 0x62,0xf8,0xea,0xd2,0x52,0x2c,0x6b,0x7b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Iv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Plain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr192Cipher[] = + { + 0x1a,0xbc,0x93,0x24,0x17,0x52,0x1c,0xa2, + 0x4f,0x2b,0x04,0x59,0xfe,0x7e,0x6e,0x0b + }; +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + /* test vector from "Recommendation for Block Cipher Modes of Operation" + * NIST Special Publication 800-38A */ + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Key[] = + { + 0x60,0x3d,0xeb,0x10,0x15,0xca,0x71,0xbe, + 0x2b,0x73,0xae,0xf0,0x85,0x7d,0x77,0x81, + 0x1f,0x35,0x2c,0x07,0x3b,0x61,0x08,0xd7, + 0x2d,0x98,0x10,0xa3,0x09,0x14,0xdf,0xf4 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Iv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Plain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a + }; + + WOLFSSL_SMALL_STACK_STATIC const byte ctr256Cipher[] = + { + 0x60,0x1e,0xc3,0x13,0x77,0x57,0x89,0xa5, + 0xb7,0xa7,0xf5,0x04,0xbb,0xf3,0xd2,0x28 + }; +#endif /* WOLFSSL_AES_256 */ + +#ifdef WOLFSSL_AES_128 + + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, + WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + wolfSSL_EVP_CIPHER_CTX_init(de); + if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, + WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(cipherBuff, ctrCipher, WC_AES_BLOCK_SIZE*4)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(plainBuff, ctrPlain, WC_AES_BLOCK_SIZE*4)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + wolfSSL_EVP_CIPHER_CTX_cleanup(en); + wolfSSL_EVP_CIPHER_CTX_cleanup(de); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (wolfSSL_EVP_CipherInit(p_en, wolfSSL_EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (wolfSSL_EVP_Cipher(p_en, (byte*)cipherBuff, (byte*)ctrPlain, + WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (wolfSSL_EVP_CipherInit(p_de, wolfSSL_EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_Cipher(p_de, (byte*)plainBuff, (byte*)cipherBuff, + WC_AES_BLOCK_SIZE*4) != WC_AES_BLOCK_SIZE*4) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + wolfSSL_EVP_CIPHER_CTX_cleanup(p_en); + wolfSSL_EVP_CIPHER_CTX_cleanup(p_de); +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + + if (XMEMCMP(cipherBuff, ctrCipher, WC_AES_BLOCK_SIZE*4)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(plainBuff, ctrPlain, WC_AES_BLOCK_SIZE*4)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + wolfSSL_EVP_CIPHER_CTX_init(de); + if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_ctr(), + (unsigned char*)ctrKey, (unsigned char*)ctrIv, 0) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(plainBuff, ctrPlain, 9)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(cipherBuff, ctrCipher, 9)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctrPlain, 9) != 9) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, 9) != 9) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(plainBuff, ctrPlain, 9)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(cipherBuff, oddCipher, 9)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + wolfSSL_EVP_CIPHER_CTX_cleanup(en); + wolfSSL_EVP_CIPHER_CTX_cleanup(de); +#endif /* WOLFSSL_AES_128 */ + +#ifdef WOLFSSL_AES_192 + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_192_ctr(), + (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr192Plain, + WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + wolfSSL_EVP_CIPHER_CTX_init(de); + if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_192_ctr(), + (unsigned char*)ctr192Key, (unsigned char*)ctr192Iv, 0) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + XMEMSET(plainBuff, 0, sizeof(plainBuff)); + if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, + WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(plainBuff, ctr192Plain, sizeof(ctr192Plain))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(ctr192Cipher, cipherBuff, sizeof(ctr192Cipher))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + wolfSSL_EVP_CIPHER_CTX_cleanup(en); + wolfSSL_EVP_CIPHER_CTX_cleanup(de); +#endif /* WOLFSSL_AES_192 */ + +#ifdef WOLFSSL_AES_256 + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_256_ctr(), + (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (wolfSSL_EVP_Cipher(en, (byte*)cipherBuff, (byte*)ctr256Plain, + WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + wolfSSL_EVP_CIPHER_CTX_init(de); + if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_256_ctr(), + (unsigned char*)ctr256Key, (unsigned char*)ctr256Iv, 0) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + XMEMSET(plainBuff, 0, sizeof(plainBuff)); + if (wolfSSL_EVP_Cipher(de, (byte*)plainBuff, (byte*)cipherBuff, + WC_AES_BLOCK_SIZE) != WC_AES_BLOCK_SIZE) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(plainBuff, ctr256Plain, sizeof(ctr256Plain))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (XMEMCMP(ctr256Cipher, cipherBuff, sizeof(ctr256Cipher))) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + wolfSSL_EVP_CIPHER_CTX_cleanup(en); + wolfSSL_EVP_CIPHER_CTX_cleanup(de); +#endif /* WOLFSSL_AES_256 */ +} +#endif /* HAVE_AES_COUNTER */ + +#if defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) +{ + /* EVP_CipherUpdate test */ + + + WOLFSSL_SMALL_STACK_STATIC const byte cbcPlain[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + + byte key[] = "0123456789abcdef "; /* align */ + byte iv[] = "1234567890abcdef "; /* align */ + + byte cipher[WC_AES_BLOCK_SIZE * 4]; + byte plain [WC_AES_BLOCK_SIZE * 4]; + int outlen ; + int total = 0; + + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 1) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + /* openSSL compatibility, if(inlen == 0)return 1; */ + if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen, + (byte*)cbcPlain, 0) != 1) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_CipherInit(en, wolfSSL_EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 1) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen, + (byte*)cbcPlain, 9) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if(outlen != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + total += outlen; + + if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, + (byte*)&cbcPlain[9] , 9) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if(outlen != 16) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + total += outlen; + + if (wolfSSL_EVP_CipherFinal(en, (byte*)&cipher[total], &outlen) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if(outlen != 16) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + total += outlen; + if(total != 32) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + total = 0; + wolfSSL_EVP_CIPHER_CTX_init(de); + if (wolfSSL_EVP_CipherInit(de, wolfSSL_EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv, 0) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if(outlen != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + total += outlen; + + if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, + (byte*)&cipher[6], 12) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if(outlen != 0) + total += outlen; + + if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, + (byte*)&cipher[6+12], 14) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if(outlen != 16) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + total += outlen; + + if (wolfSSL_EVP_CipherFinal(de, (byte*)&plain[total], &outlen) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if(outlen != 2) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + total += outlen; + + if(total != 18) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(plain, cbcPlain, 18)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + total = 0; + if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_EncryptInit(en, wolfSSL_EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (wolfSSL_EVP_CipherUpdate(en, (byte*)cipher, &outlen, (byte*)cbcPlain, 9) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if(outlen != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + total += outlen; + + if (wolfSSL_EVP_CipherUpdate(en, (byte*)&cipher[total], &outlen, (byte*)&cbcPlain[9] , 9) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if(outlen != 16) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + total += outlen; + + if (wolfSSL_EVP_EncryptFinal(en, (byte*)&cipher[total], &outlen) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if(outlen != 16) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + total += outlen; + if (total != 32) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + total = 0; + if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + wolfSSL_EVP_CIPHER_CTX_init(de); + if (wolfSSL_EVP_DecryptInit(de, wolfSSL_EVP_aes_128_cbc(), + (unsigned char*)key, (unsigned char*)iv) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_CipherUpdate(de, (byte*)plain, &outlen, (byte*)cipher, 6) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if(outlen != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + total += outlen; + + if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6], 12) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if(outlen != 0) + total += outlen; + + if (wolfSSL_EVP_CipherUpdate(de, (byte*)&plain[total], &outlen, (byte*)&cipher[6+12], 14) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if(outlen != 16) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + total += outlen; + + if (wolfSSL_EVP_DecryptFinal(de, (byte*)&plain[total], &outlen) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if(outlen != 2) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + total += outlen; + + if (total != 18) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(plain, cbcPlain, 18)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_Cipher_key_length(NULL) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_Cipher_key_length(wolfSSL_EVP_aes_128_cbc()) != 16) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_CIPHER_CTX_mode(NULL) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_CIPHER_CTX_mode(en) != (en->flags & WOLFSSL_EVP_CIPH_MODE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_CipherInit_ex(en, wolfSSL_EVP_aes_128_cbc(), NULL, + (unsigned char*)key, (unsigned char*)iv, 0) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + wolfSSL_EVP_CIPHER_CTX_init(en); + if (wolfSSL_EVP_EncryptInit_ex(en, wolfSSL_EVP_aes_128_cbc(), NULL, + (unsigned char*)key, (unsigned char*)iv) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_EncryptFinal_ex(NULL, NULL, NULL) + != WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) + { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + + if (wolfSSL_EVP_EncryptFinal(NULL, NULL, NULL) + != WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) + { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + + if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + wolfSSL_EVP_CIPHER_CTX_init(de); + if (wolfSSL_EVP_DecryptInit_ex(de, wolfSSL_EVP_aes_128_cbc(), NULL, + (unsigned char*)key, (unsigned char*)iv) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_DecryptFinal(NULL, NULL, NULL) + != WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) + { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + + if (wolfSSL_EVP_DecryptFinal_ex(NULL, NULL, NULL) + != WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) + { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + + if (wolfSSL_EVP_CIPHER_CTX_block_size(NULL) != WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + wolfSSL_EVP_CIPHER_CTX_init(en); + wolfSSL_EVP_EncryptInit_ex(en, wolfSSL_EVP_aes_128_cbc(), NULL, + (unsigned char*)key, (unsigned char*)iv); + if (wolfSSL_EVP_CIPHER_CTX_block_size(en) != en->block_size) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_CIPHER_block_size(NULL) != WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_CIPHER_block_size(wolfSSL_EVP_aes_128_cbc()) != WC_AES_BLOCK_SIZE) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (WOLFSSL_EVP_CIPHER_mode(NULL) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_CIPHER_flags(wolfSSL_EVP_aes_128_cbc()) != WOLFSSL_EVP_CIPH_CBC_MODE) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + wolfSSL_EVP_CIPHER_CTX_clear_flags(en, 0xFFFFFFFF); + wolfSSL_EVP_CIPHER_CTX_set_flags(en, 42); + if (en->flags != 42) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_CIPHER_CTX_set_padding(NULL, 0) != + WC_NO_ERR_TRACE(WOLFSSL_FAILURE)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 0) != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (wolfSSL_EVP_CIPHER_CTX_set_padding(en, 1) != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (wolfSSL_EVP_CIPHER_CTX_cleanup(en) != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + if (wolfSSL_EVP_CIPHER_CTX_cleanup(de) != WOLFSSL_SUCCESS) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif /* WOLFSSL_AES_128 && HAVE_AES_CBC */ +#endif /* !NO_AES && !WOLFCRYPT_ONLY */ + + ret = 0; + +out: + +#ifdef WOLFSSL_SMALL_STACK + XFREE(md_ctx, NULL, DYNAMIC_TYPE_OPENSSL); + wolfSSL_EVP_CIPHER_CTX_free(ctx); + wolfSSL_EVP_CIPHER_CTX_free(en); + wolfSSL_EVP_CIPHER_CTX_free(de); + wolfSSL_EVP_CIPHER_CTX_free(p_en); + wolfSSL_EVP_CIPHER_CTX_free(p_de); + #if !defined(NO_AES) && !defined(WOLFSSL_NO_OPENSSL_AES_LOW_LEVEL_API) && \ + defined(WOLFSSL_AES_DIRECT) && defined(WOLFSSL_AES_256) + XFREE(enc, HEAP_HINT, DYNAMIC_TYPE_AES); + #ifdef HAVE_AES_DECRYPT + XFREE(dec, HEAP_HINT, DYNAMIC_TYPE_AES); + #endif + #endif +#else + (void)en; + (void)de; + (void)ctx; +#endif + + return ret; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void) +{ + wc_test_ret_t ret = 0; +#if !defined(NO_SHA256) && !defined(NO_SHA) + WOLFSSL_EVP_MD_CTX* ctx; + WOLFSSL_EVP_MD_CTX* ctx2; + WOLFSSL_ENTER("openSSL_evpMD_test"); + + ctx = wolfSSL_EVP_MD_CTX_new(); + ctx2 = wolfSSL_EVP_MD_CTX_new(); + + ret = wolfSSL_EVP_DigestInit(ctx, wolfSSL_EVP_sha256()); + if (ret != WOLFSSL_SUCCESS) { + ret = WC_TEST_RET_ENC_NC; + goto openSSL_evpMD_test_done; + } + + ret = wolfSSL_EVP_MD_CTX_copy(ctx2, ctx); + if (ret != WOLFSSL_SUCCESS) { + ret = WC_TEST_RET_ENC_NC; + goto openSSL_evpMD_test_done; + } + + if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha256()) != wolfSSL_EVP_MD_CTX_type(ctx2)) { + ret = WC_TEST_RET_ENC_NC; + goto openSSL_evpMD_test_done; + } + + ret = wolfSSL_EVP_DigestInit(ctx, wolfSSL_EVP_sha1()); + if (ret != WOLFSSL_SUCCESS) { + ret = WC_TEST_RET_ENC_NC; + goto openSSL_evpMD_test_done; + } + + if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha256()) != wolfSSL_EVP_MD_CTX_type(ctx2)) { + ret = WC_TEST_RET_ENC_NC; + goto openSSL_evpMD_test_done; + } + + ret = wolfSSL_EVP_MD_CTX_copy_ex(ctx2, ctx); + if (ret != WOLFSSL_SUCCESS) { + ret = WC_TEST_RET_ENC_NC; + goto openSSL_evpMD_test_done; + } + + if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha256()) == wolfSSL_EVP_MD_CTX_type(ctx2)) { + ret = WC_TEST_RET_ENC_NC; + goto openSSL_evpMD_test_done; + } + + if (wolfSSL_EVP_MD_type(wolfSSL_EVP_sha1()) != wolfSSL_EVP_MD_CTX_type(ctx2)) { + ret = WC_TEST_RET_ENC_NC; + goto openSSL_evpMD_test_done; + } + + if (wolfSSL_EVP_DigestInit_ex(ctx, wolfSSL_EVP_sha1(), NULL) != WOLFSSL_SUCCESS) { + ret = WC_TEST_RET_ENC_NC; + goto openSSL_evpMD_test_done; + } + + if (wolfSSL_EVP_add_digest(NULL) != 0) { + ret = WC_TEST_RET_ENC_NC; + goto openSSL_evpMD_test_done; + } + + if (wolfSSL_EVP_add_cipher(NULL) != 0) { + ret = WC_TEST_RET_ENC_NC; + goto openSSL_evpMD_test_done; + } + + ret = 0; /* got to success state without jumping to end with a fail */ + +openSSL_evpMD_test_done: + wolfSSL_EVP_MD_CTX_free(ctx); + wolfSSL_EVP_MD_CTX_free(ctx2); +#endif /* NO_SHA256 */ + + return ret; +} + +#ifdef DEBUG_SIGN +static void show(const char *title, const char *p, unsigned int s) { + char* i; + printf("%s: ", title); + for (i = p; + i < p + s; + printf("%c", *i), i++); + printf("\n"); +} +#else +#define show(a,b,c) WC_DO_NOTHING +#endif + +#define FOURK_BUFF 4096 + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void) +{ + wc_test_ret_t ret = 0; +#if !defined(NO_RSA) && !defined(NO_SHA) + byte* prvTmp; + byte* pubTmp; + int prvBytes; + int pubBytes; + WOLFSSL_RSA *prvRsa = NULL; + WOLFSSL_RSA *pubRsa = NULL; + WOLFSSL_EVP_PKEY *prvPkey = NULL; + WOLFSSL_EVP_PKEY *pubPkey = NULL; + WOLFSSL_EVP_PKEY_CTX *enc = NULL; + WOLFSSL_EVP_PKEY_CTX *dec = NULL; + + byte in[] = TEST_STRING; + byte out[256]; + size_t outlen; + size_t keySz; + byte plain[256]; +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + XFILE keyFile; + XFILE keypubFile; + char cliKey[] = "./certs/client-key.der"; + char cliKeypub[] = "./certs/client-keyPub.der"; +#endif + + WOLFSSL_ENTER("openssl_pkey0_test"); + + prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (prvTmp == NULL) + return WC_TEST_RET_ENC_ERRNO; + pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pubTmp == NULL) { + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return WC_TEST_RET_ENC_NC; + } + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024); + prvBytes = sizeof_client_key_der_1024; + XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); + pubBytes = sizeof_client_keypub_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048); + prvBytes = sizeof_client_key_der_2048; + XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); + pubBytes = sizeof_client_keypub_der_2048; +#else + keyFile = XFOPEN(cliKey, "rb"); + if (!keyFile) { + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + err_sys("can't open ./certs/client-key.der, " + "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO); + return WC_TEST_RET_ENC_ERRNO; + } + prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile); + XFCLOSE(keyFile); + if (prvBytes == 0) { + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return WC_TEST_RET_ENC_ERRNO; + } + keypubFile = XFOPEN(cliKeypub, "rb"); + if (!keypubFile) { + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + err_sys("can't open ./certs/client-cert.der, " + "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO); + return WC_TEST_RET_ENC_ERRNO; + } + pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile); + XFCLOSE(keypubFile); + if (pubBytes == 0) { + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return WC_TEST_RET_ENC_ERRNO; + } +#endif /* USE_CERT_BUFFERS */ + + prvRsa = wolfSSL_RSA_new(); + pubRsa = wolfSSL_RSA_new(); + if((prvRsa == NULL) || (pubRsa == NULL)){ + printf("error with RSA_new\n"); + ret = WC_TEST_RET_ENC_ERRNO; + goto openssl_pkey0_test_done; + } + + ret = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE); + if(ret != WOLFSSL_SUCCESS){ + printf("error with RSA_LoadDer_ex\n"); + ret = WC_TEST_RET_ENC_EC(ret); + goto openssl_pkey0_test_done; + } + + ret = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC); + if(ret != WOLFSSL_SUCCESS){ + printf("error with RSA_LoadDer_ex\n"); + ret = WC_TEST_RET_ENC_EC(ret); + goto openssl_pkey0_test_done; + } + keySz = (size_t)wolfSSL_RSA_size(pubRsa); + + prvPkey = wolfSSL_EVP_PKEY_new(); + pubPkey = wolfSSL_EVP_PKEY_new(); + if((prvPkey == NULL) || (pubPkey == NULL)){ + printf("error with PKEY_new\n"); + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey0_test_done; + } + ret = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa); + ret += wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa); + if(ret != 2){ + printf("error with PKEY_set1_RSA\n"); + ret = WC_TEST_RET_ENC_I(ret); + goto openssl_pkey0_test_done; + } + + dec = wolfSSL_EVP_PKEY_CTX_new(prvPkey, NULL); + enc = wolfSSL_EVP_PKEY_CTX_new(pubPkey, NULL); + if((dec == NULL)||(enc==NULL)){ + printf("error with EVP_PKEY_CTX_new\n"); + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey0_test_done; + } + + ret = wolfSSL_EVP_PKEY_decrypt_init(dec); + if (ret != 1) { + printf("error with decrypt init\n"); + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey0_test_done; + } + ret = wolfSSL_EVP_PKEY_encrypt_init(enc); + if (ret != 1) { + printf("error with encrypt init\n"); + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey0_test_done; + } + XMEMSET(out, 0, sizeof(out)); + ret = wolfSSL_EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); + if (ret != 1) { + printf("error encrypting msg\n"); + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey0_test_done; + } + + show("encrypted msg", out, outlen); + + XMEMSET(plain, 0, sizeof(plain)); + ret = wolfSSL_EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); + if (ret != 1) { + printf("error decrypting msg\n"); + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey0_test_done; + } + show("decrypted msg", plain, outlen); + + /* RSA_PKCS1_OAEP_PADDING test */ + ret = wolfSSL_EVP_PKEY_decrypt_init(dec); + if (ret != 1) { + printf("error with decrypt init\n"); + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey0_test_done; + } + ret = wolfSSL_EVP_PKEY_encrypt_init(enc); + if (ret != 1) { + printf("error with encrypt init\n"); + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey0_test_done; + } + + if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_PADDING) <= 0) { + printf("first set rsa padding error\n"); + ret = WC_TEST_RET_ENC_EC(ret); + goto openssl_pkey0_test_done; + } + +#ifndef HAVE_FIPS + if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_OAEP_PADDING) <= 0){ + printf("second set rsa padding error\n"); + ret = WC_TEST_RET_ENC_EC(ret); + goto openssl_pkey0_test_done; + } + + if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(enc, WC_RSA_PKCS1_OAEP_PADDING) <= 0) { + printf("third set rsa padding error\n"); + ret = WC_TEST_RET_ENC_EC(ret); + goto openssl_pkey0_test_done; + } +#endif + + XMEMSET(out, 0, sizeof(out)); + ret = wolfSSL_EVP_PKEY_encrypt(enc, out, &outlen, in, sizeof(in)); + if (ret != 1) { + printf("error encrypting msg\n"); + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey0_test_done; + } + + show("encrypted msg", out, outlen); + + XMEMSET(plain, 0, sizeof(plain)); + ret = wolfSSL_EVP_PKEY_decrypt(dec, plain, &outlen, out, keySz); + if (ret != 1) { + printf("error decrypting msg\n"); + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey0_test_done; + } + + show("decrypted msg", plain, outlen); + + ret = 0; /* made it to this point without error then set success */ +openssl_pkey0_test_done: + + wolfSSL_RSA_free(prvRsa); + wolfSSL_RSA_free(pubRsa); + wolfSSL_EVP_PKEY_free(pubPkey); + wolfSSL_EVP_PKEY_free(prvPkey); + wolfSSL_EVP_PKEY_CTX_free(dec); + wolfSSL_EVP_PKEY_CTX_free(enc); + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif /* NO_RSA */ + + return ret; +} + + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void) +{ + wc_test_ret_t ret = 0; +#if !defined(NO_FILESYSTEM) && !defined(NO_RSA) && !defined(NO_SHA) + WOLFSSL_EVP_PKEY_CTX* dec = NULL; + WOLFSSL_EVP_PKEY_CTX* enc = NULL; + WOLFSSL_EVP_PKEY* pubKey = NULL; + WOLFSSL_EVP_PKEY* prvKey = NULL; + WOLFSSL_X509* x509 = NULL; + + WOLFSSL_SMALL_STACK_STATIC const unsigned char msg[] = "sugar slapped"; + const unsigned char* clikey; + long cliKeySz; + size_t outlen; + int keyLenBits = 2048; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + unsigned char *tmp = (unsigned char *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + unsigned char *cipher = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + unsigned char *plain = (unsigned char *)XMALLOC(RSA_TEST_BYTES, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + if ((tmp == NULL) || + (cipher == NULL) || + (plain == NULL)) { + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey1_test_done; + } +#else + unsigned char tmp[FOURK_BUF]; + unsigned char cipher[RSA_TEST_BYTES]; + unsigned char plain[RSA_TEST_BYTES]; +#endif + + WOLFSSL_ENTER("openssl_pkey1_test"); + +#if defined(USE_CERT_BUFFERS_1024) + XMEMCPY(tmp, client_key_der_1024, sizeof_client_key_der_1024); + cliKeySz = (long)sizeof_client_key_der_1024; + + x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_1024, + sizeof_client_cert_der_1024, SSL_FILETYPE_ASN1); + keyLenBits = 1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_key_der_2048, sizeof_client_key_der_2048); + cliKeySz = (long)sizeof_client_key_der_2048; + + x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_2048, + sizeof_client_cert_der_2048, SSL_FILETYPE_ASN1); +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, client_key_der_3072, sizeof_client_key_der_3072); + cliKeySz = (long)sizeof_client_key_der_3072; + + x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_3072, + sizeof_client_cert_der_3072, SSL_FILETYPE_ASN1); + keyLenBits = 3072; +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, client_key_der_4096, sizeof_client_key_der_4096); + cliKeySz = (long)sizeof_client_key_der_4096; + + x509 = wolfSSL_X509_load_certificate_buffer(client_cert_der_4096, + sizeof_client_cert_der_4096, SSL_FILETYPE_ASN1); + keyLenBits = 4096; +#else + { + XFILE f; + + f = XFOPEN(clientKey, "rb"); + + if (!f) { + err_sys("can't open ./certs/client-key.der, " + "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO); + ret = WC_TEST_RET_ENC_ERRNO; + goto openssl_pkey1_test_done; + } + + cliKeySz = (long)XFREAD(tmp, 1, FOURK_BUF, f); + XFCLOSE(f); + if (cliKeySz == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, openssl_pkey1_test_done); + } + + /* using existing wolfSSL api to get public and private key */ + x509 = wolfSSL_X509_load_certificate_file(clientCert, WOLFSSL_FILETYPE_ASN1); +#endif /* USE_CERT_BUFFERS */ + clikey = tmp; + + if ((prvKey = wolfSSL_EVP_PKEY_new()) == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + goto openssl_pkey1_test_done; + } + wolfSSL_EVP_PKEY_free(prvKey); + prvKey = NULL; + + if (x509 == NULL) { + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey1_test_done; + } + + pubKey = wolfSSL_X509_get_pubkey(x509); + if (pubKey == NULL) { + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey1_test_done; + } + + prvKey = wolfSSL_d2i_PrivateKey(WC_EVP_PKEY_RSA, NULL, &clikey, cliKeySz); + if (prvKey == NULL) { + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey1_test_done; + } + + /* phase 2 API to create WOLFSSL_EVP_PKEY_CTX and encrypt/decrypt */ + if (wolfSSL_EVP_PKEY_bits(prvKey) != keyLenBits) { + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey1_test_done; + } + + if (wolfSSL_EVP_PKEY_size(prvKey) != keyLenBits/8) { + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey1_test_done; + } + + dec = wolfSSL_EVP_PKEY_CTX_new(prvKey, NULL); + enc = wolfSSL_EVP_PKEY_CTX_new(pubKey, NULL); + if (dec == NULL || enc == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + goto openssl_pkey1_test_done; + } + + if (wolfSSL_EVP_PKEY_decrypt_init(dec) != 1) { + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey1_test_done; + } + + if (wolfSSL_EVP_PKEY_encrypt_init(enc) != 1) { + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey1_test_done; + } + + if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_PADDING) <= 0) { + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey1_test_done; + } + +#ifndef HAVE_FIPS + if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(dec, WC_RSA_PKCS1_OAEP_PADDING) <= 0){ + ret = WC_TEST_RET_ENC_EC(ret); + goto openssl_pkey1_test_done; + } + + if (wolfSSL_EVP_PKEY_CTX_set_rsa_padding(enc, WC_RSA_PKCS1_OAEP_PADDING) <= 0) { + ret = WC_TEST_RET_ENC_EC(ret); + goto openssl_pkey1_test_done; + } +#endif + + XMEMSET(cipher, 0, RSA_TEST_BYTES); + outlen = (size_t)(keyLenBits/8); + if (wolfSSL_EVP_PKEY_encrypt(enc, cipher, &outlen, msg, sizeof(msg)) < 0) { + ret = WC_TEST_RET_ENC_EC(ret); + goto openssl_pkey1_test_done; + } + + XMEMSET(plain, 0, RSA_TEST_BYTES); + if (wolfSSL_EVP_PKEY_decrypt(dec, plain, &outlen, cipher, outlen) != 1) { + ret = WC_TEST_RET_ENC_NC; + goto openssl_pkey1_test_done; + } + +openssl_pkey1_test_done: + if (pubKey != NULL) { + wolfSSL_EVP_PKEY_free(pubKey); + } + if (prvKey != NULL) { + wolfSSL_EVP_PKEY_free(prvKey); + } + if (dec != NULL) { + wolfSSL_EVP_PKEY_CTX_free(dec); + } + if (enc != NULL) { + wolfSSL_EVP_PKEY_CTX_free(enc); + } + if (x509 != NULL) { + wolfSSL_X509_free(x509); + } + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(cipher, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(plain, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#endif + + return ret; +} + + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void) +{ +#if !defined(NO_RSA) && !defined(NO_SHA) + byte* prvTmp; + byte* pubTmp; + int prvBytes; + int pubBytes; + WOLFSSL_RSA *prvRsa; + WOLFSSL_RSA *pubRsa; + WOLFSSL_EVP_PKEY *prvPkey; + WOLFSSL_EVP_PKEY *pubPkey; + + WOLFSSL_EVP_MD_CTX* sign; + WOLFSSL_EVP_MD_CTX* verf; + char msg[] = "see spot run"; + unsigned char sig[256]; + unsigned int sigSz; + const void* pt; + unsigned int count; + wc_test_ret_t ret, ret1, ret2; + +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) + XFILE keyFile; + XFILE keypubFile; + char cliKey[] = "./certs/client-key.der"; + char cliKeypub[] = "./certs/client-keyPub.der"; +#endif + WOLFSSL_ENTER("openssl_evpSig_test"); + + prvTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (prvTmp == NULL) + return WC_TEST_RET_ENC_ERRNO; + pubTmp = (byte*)XMALLOC(FOURK_BUFF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pubTmp == NULL) { + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return WC_TEST_RET_ENC_NC; + } + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(prvTmp, client_key_der_1024, sizeof_client_key_der_1024); + prvBytes = sizeof_client_key_der_1024; + XMEMCPY(pubTmp, client_keypub_der_1024, sizeof_client_keypub_der_1024); + pubBytes = sizeof_client_keypub_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(prvTmp, client_key_der_2048, sizeof_client_key_der_2048); + prvBytes = sizeof_client_key_der_2048; + XMEMCPY(pubTmp, client_keypub_der_2048, sizeof_client_keypub_der_2048); + pubBytes = sizeof_client_keypub_der_2048; +#else + keyFile = XFOPEN(cliKey, "rb"); + if (!keyFile) { + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + err_sys("can't open ./certs/client-key.der, " + "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO); + return WC_TEST_RET_ENC_ERRNO; + } + prvBytes = (int)XFREAD(prvTmp, 1, (int)FOURK_BUFF, keyFile); + XFCLOSE(keyFile); + if (prvBytes == 0) { + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return WC_TEST_RET_ENC_ERRNO; + } + keypubFile = XFOPEN(cliKeypub, "rb"); + if (!keypubFile) { + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + err_sys("can't open ./certs/client-cert.der, " + "Please run from wolfSSL home dir", WC_TEST_RET_ENC_ERRNO); + return WC_TEST_RET_ENC_ERRNO; + } + pubBytes = (int)XFREAD(pubTmp, 1, (int)FOURK_BUFF, keypubFile); + XFCLOSE(keypubFile); + if (pubBytes == 0) { + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return WC_TEST_RET_ENC_ERRNO; + } + #endif /* USE_CERT_BUFFERS */ + + prvRsa = wolfSSL_RSA_new(); + pubRsa = wolfSSL_RSA_new(); + if((prvRsa == NULL) || (pubRsa == NULL)){ + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + err_sys("ERROR with RSA_new", WC_TEST_RET_ENC_NC); + return WC_TEST_RET_ENC_NC; + } + + ret1 = wolfSSL_RSA_LoadDer_ex(prvRsa, prvTmp, prvBytes, WOLFSSL_RSA_LOAD_PRIVATE); + ret2 = wolfSSL_RSA_LoadDer_ex(pubRsa, pubTmp, pubBytes, WOLFSSL_RSA_LOAD_PUBLIC); + if((ret1 != WOLFSSL_SUCCESS) || (ret2 != WOLFSSL_SUCCESS)){ + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + printf("error with RSA_LoadDer_ex\n"); + return WC_TEST_RET_ENC_NC; + } + + prvPkey = wolfSSL_EVP_PKEY_new(); + pubPkey = wolfSSL_EVP_PKEY_new(); + if((prvPkey == NULL) || (pubPkey == NULL)){ + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + printf("error with KEY_new\n"); + return WC_TEST_RET_ENC_NC; + } + ret1 = wolfSSL_EVP_PKEY_set1_RSA(prvPkey, prvRsa); + ret2 = wolfSSL_EVP_PKEY_set1_RSA(pubPkey, pubRsa); + if((ret1 != 1) || (ret2 != 1)){ + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + printf("error with WOLFSSL_EVP_PKEY_set1_RSA\n"); + return WC_TEST_RET_ENC_NC; + } + + /****************** sign and verify *******************/ + sign = wolfSSL_EVP_MD_CTX_new(); + verf = wolfSSL_EVP_MD_CTX_new(); + if((sign == NULL)||(verf == NULL)){ + printf("error with WOLFSSL_EVP_MD_CTX_create\n"); + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_MD_CTX_free(sign); + wolfSSL_EVP_MD_CTX_free(verf); + return WC_TEST_RET_ENC_NC; + } + + ret = wolfSSL_EVP_SignInit(sign, wolfSSL_EVP_sha1()); + if (ret != WOLFSSL_SUCCESS){ + printf("error with EVP_SignInit\n"); + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_MD_CTX_free(sign); + wolfSSL_EVP_MD_CTX_free(verf); + return WC_TEST_RET_ENC_NC; + } + + count = sizeof(msg); + show("message = ", (char *)msg, count); + + /* sign */ + XMEMSET(sig, 0, sizeof(sig)); + pt = (const void*)msg; + ret1 = wolfSSL_EVP_SignUpdate(sign, pt, count); + ret2 = wolfSSL_EVP_SignFinal(sign, sig, &sigSz, prvPkey); + if((ret1 != WOLFSSL_SUCCESS) || (ret2 != WOLFSSL_SUCCESS)){ + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_MD_CTX_free(sign); + wolfSSL_EVP_MD_CTX_free(verf); + printf("error with WOLFSSL_EVP_MD_CTX_create\n"); + return WC_TEST_RET_ENC_NC; + } + show("signature = ", (char *)sig, sigSz); + + /* verify */ + pt = (const void*)msg; + ret1 = wolfSSL_EVP_VerifyInit(verf, wolfSSL_EVP_sha1()); + ret2 = wolfSSL_EVP_VerifyUpdate(verf, pt, count); + if((ret1 != WOLFSSL_SUCCESS) || (ret2 != WOLFSSL_SUCCESS)){ + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_MD_CTX_free(sign); + wolfSSL_EVP_MD_CTX_free(verf); + printf("error with EVP_Verify\n"); + return WC_TEST_RET_ENC_NC; + } + if (wolfSSL_EVP_VerifyFinal(verf, sig, sigSz, pubPkey) != 1) { + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_MD_CTX_free(sign); + wolfSSL_EVP_MD_CTX_free(verf); + printf("error with EVP_VerifyFinal\n"); + return WC_TEST_RET_ENC_NC; + } + + /* expect fail without update */ + wolfSSL_EVP_VerifyInit(verf, wolfSSL_EVP_sha1()); + if (wolfSSL_EVP_VerifyFinal(verf, sig, sigSz, pubPkey) == 1) { + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_MD_CTX_free(sign); + wolfSSL_EVP_MD_CTX_free(verf); + printf("EVP_VerifyInit without update not detected\n"); + return WC_TEST_RET_ENC_NC; + } + + XFREE(pubTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(prvTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wolfSSL_EVP_MD_CTX_free(sign); + wolfSSL_EVP_MD_CTX_free(verf); + + wolfSSL_RSA_free(prvRsa); + wolfSSL_RSA_free(pubRsa); + wolfSSL_EVP_PKEY_free(pubPkey); + wolfSSL_EVP_PKEY_free(prvPkey); + +#endif /* NO_RSA */ + return 0; +} +#endif /* OPENSSL_EXTRA */ + + +#ifndef NO_PWDBASED +#ifdef HAVE_SCRYPT +/* Test vectors taken from RFC 7914: scrypt PBKDF - Section 12. */ +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void) +{ +#ifdef HAVE_FIPS + /* RFC 7914 test vector keys are too short for FIPS. */ +#else + wc_test_ret_t ret; + byte derived[64]; + + WOLFSSL_SMALL_STACK_STATIC const byte verify1[] = { + 0x77, 0xd6, 0x57, 0x62, 0x38, 0x65, 0x7b, 0x20, + 0x3b, 0x19, 0xca, 0x42, 0xc1, 0x8a, 0x04, 0x97, + 0xf1, 0x6b, 0x48, 0x44, 0xe3, 0x07, 0x4a, 0xe8, + 0xdf, 0xdf, 0xfa, 0x3f, 0xed, 0xe2, 0x14, 0x42, + 0xfc, 0xd0, 0x06, 0x9d, 0xed, 0x09, 0x48, 0xf8, + 0x32, 0x6a, 0x75, 0x3a, 0x0f, 0xc8, 0x1f, 0x17, + 0xe8, 0xd3, 0xe0, 0xfb, 0x2e, 0x0d, 0x36, 0x28, + 0xcf, 0x35, 0xe2, 0x0c, 0x38, 0xd1, 0x89, 0x06 + }; +#if !defined(BENCH_EMBEDDED) + WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = { + 0xfd, 0xba, 0xbe, 0x1c, 0x9d, 0x34, 0x72, 0x00, + 0x78, 0x56, 0xe7, 0x19, 0x0d, 0x01, 0xe9, 0xfe, + 0x7c, 0x6a, 0xd7, 0xcb, 0xc8, 0x23, 0x78, 0x30, + 0xe7, 0x73, 0x76, 0x63, 0x4b, 0x37, 0x31, 0x62, + 0x2e, 0xaf, 0x30, 0xd9, 0x2e, 0x22, 0xa3, 0x88, + 0x6f, 0xf1, 0x09, 0x27, 0x9d, 0x98, 0x30, 0xda, + 0xc7, 0x27, 0xaf, 0xb9, 0x4a, 0x83, 0xee, 0x6d, + 0x83, 0x60, 0xcb, 0xdf, 0xa2, 0xcc, 0x06, 0x40 + }; +#endif +#if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_KERNEL_MODE) && !defined(HAVE_INTEL_QA) + WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = { + 0x70, 0x23, 0xbd, 0xcb, 0x3a, 0xfd, 0x73, 0x48, + 0x46, 0x1c, 0x06, 0xcd, 0x81, 0xfd, 0x38, 0xeb, + 0xfd, 0xa8, 0xfb, 0xba, 0x90, 0x4f, 0x8e, 0x3e, + 0xa9, 0xb5, 0x43, 0xf6, 0x54, 0x5d, 0xa1, 0xf2, + 0xd5, 0x43, 0x29, 0x55, 0x61, 0x3f, 0x0f, 0xcf, + 0x62, 0xd4, 0x97, 0x05, 0x24, 0x2a, 0x9a, 0xf9, + 0xe6, 0x1e, 0x85, 0xdc, 0x0d, 0x65, 0x1e, 0x40, + 0xdf, 0xcf, 0x01, 0x7b, 0x45, 0x57, 0x58, 0x87 + }; +#endif +#ifdef SCRYPT_TEST_ALL + /* Test case is very slow. + * Use for confirmation after code change or new platform. + */ + WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = { + 0x21, 0x01, 0xcb, 0x9b, 0x6a, 0x51, 0x1a, 0xae, + 0xad, 0xdb, 0xbe, 0x09, 0xcf, 0x70, 0xf8, 0x81, + 0xec, 0x56, 0x8d, 0x57, 0x4a, 0x2f, 0xfd, 0x4d, + 0xab, 0xe5, 0xee, 0x98, 0x20, 0xad, 0xaa, 0x47, + 0x8e, 0x56, 0xfd, 0x8f, 0x4b, 0xa5, 0xd0, 0x9f, + 0xfa, 0x1c, 0x6d, 0x92, 0x7c, 0x40, 0xf4, 0xc3, + 0x37, 0x30, 0x40, 0x49, 0xe8, 0xa9, 0x52, 0xfb, + 0xcb, 0xf4, 0x5c, 0x6f, 0xa7, 0x7a, 0x41, 0xa4 + }; +#endif + WOLFSSL_ENTER("scrypt_test"); + + ret = wc_scrypt(derived, NULL, 0, NULL, 0, 4, 1, 1, sizeof(verify1)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(derived, verify1, sizeof(verify1)) != 0) + return WC_TEST_RET_ENC_NC; + +#if !defined(BENCH_EMBEDDED) + ret = wc_scrypt(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 10, 8, 16, + sizeof(verify2)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0) + return WC_TEST_RET_ENC_NC; +#endif + + /* Test case with parallel overflowing */ + ret = wc_scrypt(derived, (byte*)"password", 16, (byte*)"NaCl", 16, 2, 4, 8388608, + sizeof(verify1)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + /* Don't run these test on embedded, since they use large mallocs */ +#if !defined(BENCH_EMBEDDED) && !defined(WOLFSSL_KERNEL_MODE) && !defined(HAVE_INTEL_QA) + ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13, + (byte*)"SodiumChloride", 14, 14, 8, 1, sizeof(verify3)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(derived, verify3, sizeof(verify3)) != 0) + return WC_TEST_RET_ENC_NC; + +#ifdef SCRYPT_TEST_ALL + ret = wc_scrypt(derived, (byte*)"pleaseletmein", 13, + (byte*)"SodiumChloride", 14, 20, 8, 1, sizeof(verify4)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(derived, verify4, sizeof(verify4)) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_scrypt(derived,(byte*)"pleaseletmein", 13, + (byte*)"SodiumChloride", 14, 22, 8, 1, sizeof(derived)); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); +#endif +#else +#ifdef SCRYPT_TEST_ALL + (void)verify4; +#endif +#endif /* !BENCH_EMBEDDED && !defined(WOLFSSL_KERNEL_MODE) && !HAVE_INTEL_QA */ + +#if !defined(BENCH_EMBEDDED) + ret = wc_scrypt_ex(derived, (byte*)"password", 8, (byte*)"NaCl", 4, 1<<10, + 8, 16, sizeof(verify2)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(derived, verify2, sizeof(verify2)) != 0) + return WC_TEST_RET_ENC_NC; +#endif + +#endif /* !HAVE_FIPS */ + + return 0; +} +#endif + +#if defined(HAVE_PKCS12) && !defined(NO_SHA256) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void) +{ + WOLFSSL_SMALL_STACK_STATIC const byte passwd[] = { 0x00, 0x73, 0x00, 0x6d, 0x00, 0x65, 0x00, 0x67, + 0x00, 0x00 }; + WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x0a, 0x58, 0xCF, 0x64, 0x53, 0x0d, 0x82, 0x3f }; + + WOLFSSL_SMALL_STACK_STATIC const byte passwd2[] = { 0x00, 0x71, 0x00, 0x75, 0x00, 0x65, 0x00, 0x65, + 0x00, 0x67, 0x00, 0x00 }; + WOLFSSL_SMALL_STACK_STATIC const byte salt2[] = { 0x16, 0x82, 0xC0, 0xfC, 0x5b, 0x3f, 0x7e, 0xc5 }; + byte derived[64]; + + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = { + 0x27, 0xE9, 0x0D, 0x7E, 0xD5, 0xA1, 0xC4, 0x11, + 0xBA, 0x87, 0x8B, 0xC0, 0x90, 0xF5, 0xCE, 0xBE, + 0x5E, 0x9D, 0x5F, 0xE3, 0xD6, 0x2B, 0x73, 0xAA + }; + + WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = { + 0x90, 0x1B, 0x49, 0x70, 0xF0, 0x94, 0xF0, 0xF8, + 0x45, 0xC0, 0xF3, 0xF3, 0x13, 0x59, 0x18, 0x6A, + 0x35, 0xE3, 0x67, 0xFE, 0xD3, 0x21, 0xFD, 0x7C + }; + + int id = 1; + int kLen = 24; + int iterations = 1; + wc_test_ret_t ret; + WOLFSSL_ENTER("pkcs12_pbkdf_test"); + + ret = wc_PKCS12_PBKDF(derived, passwd, sizeof(passwd), salt, 8, + iterations, kLen, WC_SHA256, id); + if (ret < 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(derived, verify, (unsigned long)kLen) != 0) + return WC_TEST_RET_ENC_NC; + + iterations = 1000; + ret = wc_PKCS12_PBKDF(derived, passwd2, sizeof(passwd2), salt2, 8, + iterations, kLen, WC_SHA256, id); + if (ret < 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_PKCS12_PBKDF_ex(derived, passwd2, sizeof(passwd2), salt2, 8, + iterations, kLen, WC_SHA256, id, HEAP_HINT); + if (ret < 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(derived, verify2, 24) != 0) + return WC_TEST_RET_ENC_NC; + + return 0; +} +#endif /* HAVE_PKCS12 && !NO_SHA256 */ + +#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void) +{ + char passwd[] = "passwordpassword"; + WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, + 0x5d, 0x63, 0xcb, 0x06 }; + int iterations = 2048; + int kLen = 24; + byte derived[64]; + + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = { + 0x43, 0x6d, 0xb5, 0xe8, 0xd0, 0xfb, 0x3f, 0x35, 0x42, 0x48, 0x39, 0xbc, + 0x2d, 0xd4, 0xf9, 0x37, 0xd4, 0x95, 0x16, 0xa7, 0x2a, 0x9a, 0x21, 0xd1 + }; + + wc_test_ret_t ret; + WOLFSSL_ENTER("pbkdf2_test"); + + ret = wc_PBKDF2_ex(derived, (byte*)passwd, (int)XSTRLEN(passwd), + salt, (int)sizeof(salt), iterations, + kLen, WC_SHA256, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(derived, verify, sizeof(verify)) != 0) + return WC_TEST_RET_ENC_NC; + + return 0; + +} +#endif /* HAVE_PBKDF2 && !NO_SHA256 && !NO_HMAC */ + +#if defined(HAVE_PBKDF1) && !defined(NO_SHA) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void) +{ + char passwd[] = "password"; + WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { 0x78, 0x57, 0x8E, 0x5a, 0x5d, 0x63, 0xcb, 0x06 }; + int iterations = 1000; + int kLen = 16; + byte derived[16]; + + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = { + 0xDC, 0x19, 0x84, 0x7E, 0x05, 0xC6, 0x4D, 0x2F, + 0xAF, 0x10, 0xEB, 0xFB, 0x4A, 0x3D, 0x2A, 0x20 + }; + + wc_test_ret_t ret; + WOLFSSL_ENTER("pbkdf1_test"); + + ret = wc_PBKDF1_ex(derived, kLen, NULL, 0, (byte*)passwd, + (int)XSTRLEN(passwd), salt, (int)sizeof(salt), iterations, WC_SHA, + HEAP_HINT); + if (ret != 0) + return ret; + + if (XMEMCMP(derived, verify, sizeof(verify)) != 0) + return WC_TEST_RET_ENC_NC; + + return 0; +} +#endif /* HAVE_PBKDF2 && !NO_SHA */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void) +{ + wc_test_ret_t ret = 0; + WOLFSSL_ENTER("pwdbased_test"); + +#if defined(HAVE_PBKDF1) && !defined(NO_SHA) + ret = pbkdf1_test(); + if (ret != 0) + return ret; +#endif +#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC) + ret = pbkdf2_test(); + if (ret != 0) + return ret; +#endif +#if defined(HAVE_PKCS12) && !defined(NO_SHA256) + ret = pkcs12_pbkdf_test(); + if (ret != 0) + return ret; +#endif +#ifdef HAVE_SCRYPT + ret = scrypt_test(); + if (ret != 0) + return ret; +#endif + return ret; +} + +#endif /* NO_PWDBASED */ + +#if defined(USE_CERT_BUFFERS_2048) && \ + defined(HAVE_PKCS12) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ + !defined(NO_CERTS) && !defined(NO_DES3) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void) +{ + wc_test_ret_t ret = 0; + WC_PKCS12* pkcs12 = NULL; + /* Gen vars */ + byte* pkcs12der = NULL; + int pkcs12derSz = 0; + WC_DerCertList derCaList = { + (byte*)ca_cert_der_2048, sizeof_ca_cert_der_2048, NULL + }; + char* pass = (char*)"wolfSSL test"; + /* Parsing vars */ + WC_DerCertList* derCaListOut = NULL; + byte* keyDer = NULL; + byte* certDer = NULL; + word32 keySz; + word32 certSz; + + WOLFSSL_ENTER("pkcs12_test"); + + pkcs12 = wc_PKCS12_create(pass, (word32)XSTRLEN(pass), + (char*)"friendlyName" /* not used currently */, + (byte*)server_key_der_2048, sizeof_server_key_der_2048, + (byte*)server_cert_der_2048, sizeof_server_cert_der_2048, + &derCaList, PBE_SHA1_DES3, PBE_SHA1_DES3, 100, 100, + 0 /* not used currently */, HEAP_HINT); + if (pkcs12 == NULL) { + ret = WC_TEST_RET_ENC_EC(MEMORY_E); + goto out; + } + + ret = wc_i2d_PKCS12(pkcs12, NULL, &pkcs12derSz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + if (ret == 0) + ret = WC_TEST_RET_ENC_NC; + else + ret = WC_TEST_RET_ENC_I(ret); + goto out; + } + + pkcs12der = (byte*)XMALLOC(pkcs12derSz, HEAP_HINT, DYNAMIC_TYPE_PKCS); + if (pkcs12der == NULL) { + ret = WC_TEST_RET_ENC_EC(MEMORY_E); + goto out; + } + + { + /* Use tmp pointer to avoid advancing pkcs12der */ + byte* tmp = pkcs12der; + ret = wc_i2d_PKCS12(pkcs12, &tmp, &pkcs12derSz); + if (ret <= 0) { + if (ret == 0) + ret = WC_TEST_RET_ENC_NC; + else + ret = WC_TEST_RET_ENC_I(ret); + goto out; + } + } + + wc_PKCS12_free(pkcs12); + pkcs12 = wc_PKCS12_new_ex(HEAP_HINT); + if (pkcs12 == NULL) { + ret = WC_TEST_RET_ENC_EC(MEMORY_E); + goto out; + } + + /* convert the DER file into an internal structure */ + ret = wc_d2i_PKCS12(pkcs12der, pkcs12derSz, pkcs12); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + goto out; + } + + /* parse the internal structure into its parts */ + ret = wc_PKCS12_parse(pkcs12, "wolfSSL test", &keyDer, &keySz, + &certDer, &certSz, &derCaListOut); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + goto out; + } + if (keyDer == NULL || certDer == NULL || derCaListOut == NULL) { + ret = WC_TEST_RET_ENC_NC; + goto out; + } + +out: + + if (derCaListOut) + wc_FreeCertList(derCaListOut, HEAP_HINT); + XFREE(keyDer, HEAP_HINT, DYNAMIC_TYPE_PKCS); + XFREE(certDer, HEAP_HINT, DYNAMIC_TYPE_PKCS); + if (pkcs12) + wc_PKCS12_free(pkcs12); + XFREE(pkcs12der, HEAP_HINT, DYNAMIC_TYPE_PKCS); + + return ret; +} +#endif + + +#if defined(HAVE_HKDF) && !defined(NO_HMAC) + +#if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) || \ + defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_AFALG_HASH_KEEP) || \ + defined(WOLFSSL_AFALG_XILINX_RSA) +/* hkdf_test has issue with WOLFSSL_TEST_SUBROUTINE set on Xilinx with afalg */ +static wc_test_ret_t hkdf_test(void) +#else +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void) +#endif +{ + wc_test_ret_t ret = 0; + +#if !defined(NO_SHA) || !defined(NO_SHA256) + int L; + byte okm1[42]; + byte ikm1[22] = { 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, + 0x0b, 0x0b, 0x0b, 0x0b, 0x0b, 0x0b }; +#ifndef HAVE_FIPS + byte salt1[13] ={ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c }; + byte info1[10] ={ 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, + 0xf8, 0xf9 }; +#endif +#ifndef NO_SHA + byte res1[42] = { 0x0a, 0xc1, 0xaf, 0x70, 0x02, 0xb3, 0xd7, 0x61, + 0xd1, 0xe5, 0x52, 0x98, 0xda, 0x9d, 0x05, 0x06, + 0xb9, 0xae, 0x52, 0x05, 0x72, 0x20, 0xa3, 0x06, + 0xe0, 0x7b, 0x6b, 0x87, 0xe8, 0xdf, 0x21, 0xd0, + 0xea, 0x00, 0x03, 0x3d, 0xe0, 0x39, 0x84, 0xd3, + 0x49, 0x18 }; +#ifndef HAVE_FIPS + byte res2[42] = { 0x08, 0x5a, 0x01, 0xea, 0x1b, 0x10, 0xf3, 0x69, + 0x33, 0x06, 0x8b, 0x56, 0xef, 0xa5, 0xad, 0x81, + 0xa4, 0xf1, 0x4b, 0x82, 0x2f, 0x5b, 0x09, 0x15, + 0x68, 0xa9, 0xcd, 0xd4, 0xf1, 0x55, 0xfd, 0xa2, + 0xc2, 0x2e, 0x42, 0x24, 0x78, 0xd3, 0x05, 0xf3, + 0xf8, 0x96 }; +#endif +#endif /* !NO_SHA */ +#ifndef NO_SHA256 + byte res3[42] = { 0x8d, 0xa4, 0xe7, 0x75, 0xa5, 0x63, 0xc1, 0x8f, + 0x71, 0x5f, 0x80, 0x2a, 0x06, 0x3c, 0x5a, 0x31, + 0xb8, 0xa1, 0x1f, 0x5c, 0x5e, 0xe1, 0x87, 0x9e, + 0xc3, 0x45, 0x4e, 0x5f, 0x3c, 0x73, 0x8d, 0x2d, + 0x9d, 0x20, 0x13, 0x95, 0xfa, 0xa4, 0xb6, 0x1a, + 0x96, 0xc8 }; +#ifndef HAVE_FIPS + byte res4[42] = { 0x3c, 0xb2, 0x5f, 0x25, 0xfa, 0xac, 0xd5, 0x7a, + 0x90, 0x43, 0x4f, 0x64, 0xd0, 0x36, 0x2f, 0x2a, + 0x2d, 0x2d, 0x0a, 0x90, 0xcf, 0x1a, 0x5a, 0x4c, + 0x5d, 0xb0, 0x2d, 0x56, 0xec, 0xc4, 0xc5, 0xbf, + 0x34, 0x00, 0x72, 0x08, 0xd5, 0xb8, 0x87, 0x18, + 0x58, 0x65 }; +#endif +#endif /* !NO_SHA256 */ + WOLFSSL_ENTER("hkdf_test"); + + XMEMSET(okm1, 0, sizeof(okm1)); + L = (int)sizeof(okm1); + +#ifndef NO_SHA +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) + ret = wc_HKDF_ex(WC_SHA, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0, + okm1, (word32)L, HEAP_HINT, devId); +#else + ret = wc_HKDF(WC_SHA, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0, + okm1, (word32)L); +#endif + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(okm1, res1, (unsigned long)L) != 0) + return WC_TEST_RET_ENC_NC; + +#ifndef HAVE_FIPS + /* fips can't have key size under 14 bytes, salt is key too */ + L = (int)sizeof(okm1); +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) + ret = wc_HKDF_ex(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1), info1, + (word32)sizeof(info1), okm1, (word32)L, HEAP_HINT, devId); +#else + ret = wc_HKDF(WC_SHA, ikm1, 11, salt1, (word32)sizeof(salt1), info1, + (word32)sizeof(info1), okm1, (word32)L); +#endif + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(okm1, res2, (unsigned long)L) != 0) + return WC_TEST_RET_ENC_NC; +#endif /* HAVE_FIPS */ +#endif /* !NO_SHA */ + +#ifndef NO_SHA256 +#if !defined(HAVE_SELFTEST) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) + ret = wc_HKDF_ex(WC_SHA256, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0, + okm1, (word32)L, HEAP_HINT, devId); +#else + ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1), NULL, 0, NULL, 0, + okm1, (word32)L); +#endif + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(okm1, res3, (unsigned long)L) != 0) + return WC_TEST_RET_ENC_NC; + +#ifndef HAVE_FIPS + /* fips can't have key size under 14 bytes, salt is key too */ +#if !defined(HAVE_SELFTEST) + ret = wc_HKDF_ex(WC_SHA256, ikm1, (word32)sizeof(ikm1), + salt1, (word32)sizeof(salt1), info1, (word32)sizeof(info1), okm1, + (word32)L, HEAP_HINT, devId); +#else + ret = wc_HKDF(WC_SHA256, ikm1, (word32)sizeof(ikm1), salt1, + (word32)sizeof(salt1), info1, (word32)sizeof(info1), okm1, + (word32)L); +#endif + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(okm1, res4, (unsigned long)L) != 0) + return WC_TEST_RET_ENC_NC; +#endif /* HAVE_FIPS */ +#endif /* !NO_SHA256 */ +#endif /* !NO_SHA || !NO_SHA256 */ + + return ret; +} + +#endif /* HAVE_HKDF */ + + +#ifdef WOLFSSL_WOLFSSH + +typedef struct { + byte hashId; + byte keyId; + const byte* k; + word32 kSz; + const byte* h; + word32 hSz; + const byte* sessionId; + word32 sessionIdSz; + const byte* expectedKey; + word32 expectedKeySz; +} SshKdfTestVector; + + +/** Test Vector Set #3: SHA-256 **/ +static const byte sshKdfTvSet3k[] = { + 0x6A, 0xC3, 0x82, 0xEA, 0xAC, 0xA0, 0x93, 0xE1, + 0x25, 0xE2, 0x5C, 0x24, 0xBE, 0xBC, 0x84, 0x64, + 0x0C, 0x11, 0x98, 0x75, 0x07, 0x34, 0x4B, 0x5C, + 0x73, 0x9C, 0xEB, 0x84, 0xA9, 0xE0, 0xB2, 0x22, + 0xB9, 0xA8, 0xB5, 0x1C, 0x83, 0x9E, 0x5E, 0xBE, + 0x49, 0xCF, 0xAD, 0xBF, 0xB3, 0x95, 0x99, 0x76, + 0x4E, 0xD5, 0x22, 0x09, 0x9D, 0xC9, 0x12, 0x75, + 0x19, 0x50, 0xDC, 0x7D, 0xC9, 0x7F, 0xBD, 0xC0, + 0x63, 0x28, 0xB6, 0x8F, 0x22, 0x78, 0x1F, 0xD3, + 0x15, 0xAF, 0x56, 0x80, 0x09, 0xA5, 0x50, 0x9E, + 0x5B, 0x87, 0xA1, 0x1B, 0xF5, 0x27, 0xC0, 0x56, + 0xDA, 0xFF, 0xD8, 0x2A, 0xB6, 0xCB, 0xC2, 0x5C, + 0xCA, 0x37, 0x14, 0x34, 0x59, 0xE7, 0xBC, 0x63, + 0xBC, 0xDE, 0x52, 0x75, 0x7A, 0xDE, 0xB7, 0xDF, + 0x01, 0xCF, 0x12, 0x17, 0x3F, 0x1F, 0xEF, 0x81, + 0x02, 0xEC, 0x5A, 0xB1, 0x42, 0xC2, 0x13, 0xDD, + 0x9D, 0x30, 0x69, 0x62, 0x78, 0xA8, 0xD8, 0xBC, + 0x32, 0xDD, 0xE9, 0x59, 0x2D, 0x28, 0xC0, 0x78, + 0xC6, 0xD9, 0x2B, 0x94, 0x7D, 0x82, 0x5A, 0xCA, + 0xAB, 0x64, 0x94, 0x84, 0x6A, 0x49, 0xDE, 0x24, + 0xB9, 0x62, 0x3F, 0x48, 0x89, 0xE8, 0xAD, 0xC3, + 0x8E, 0x8C, 0x66, 0x9E, 0xFF, 0xEF, 0x17, 0x60, + 0x40, 0xAD, 0x94, 0x5E, 0x90, 0xA7, 0xD3, 0xEE, + 0xC1, 0x5E, 0xFE, 0xEE, 0x78, 0xAE, 0x71, 0x04, + 0x3C, 0x96, 0x51, 0x11, 0x03, 0xA1, 0x6B, 0xA7, + 0xCA, 0xF0, 0xAC, 0xD0, 0x64, 0x2E, 0xFD, 0xBE, + 0x80, 0x99, 0x34, 0xFA, 0xA1, 0xA5, 0xF1, 0xBD, + 0x11, 0x04, 0x36, 0x49, 0xB2, 0x5C, 0xCD, 0x1F, + 0xEE, 0x2E, 0x38, 0x81, 0x5D, 0x4D, 0x5F, 0x5F, + 0xC6, 0xB4, 0x10, 0x29, 0x69, 0xF2, 0x1C, 0x22, + 0xAE, 0x1B, 0x0E, 0x7D, 0x36, 0x03, 0xA5, 0x56, + 0xA1, 0x32, 0x62, 0xFF, 0x62, 0x8D, 0xE2, 0x22 +}; +static const byte sshKdfTvSet3h[] = { + 0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44, + 0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05, + 0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3, + 0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D +}; +static const byte sshKdfTvSet3sid[] = { + 0x7B, 0x70, 0x01, 0x18, 0x5E, 0x25, 0x6D, 0x44, + 0x93, 0x44, 0x5F, 0x39, 0xA5, 0x5F, 0xB9, 0x05, + 0xE6, 0x32, 0x1F, 0x4B, 0x5D, 0xD8, 0xBB, 0xF3, + 0x10, 0x0D, 0x51, 0xBA, 0x0B, 0xDA, 0x3D, 0x2D +}; +static const byte sshKdfTvSet3a[] = { + 0x81, 0xF0, 0x33, 0x0E, 0xF6, 0xF0, 0x53, 0x61, + 0xB3, 0x82, 0x3B, 0xFD, 0xED, 0x6E, 0x1D, 0xE9 +}; +static const byte sshKdfTvSet3b[] = { + 0x3F, 0x6F, 0xD2, 0x06, 0x5E, 0xEB, 0x2B, 0x0B, + 0x1D, 0x93, 0x19, 0x5A, 0x1F, 0xED, 0x48, 0xA5 +}; +static const byte sshKdfTvSet3c[] = { + 0xC3, 0x54, 0x71, 0x03, 0x4E, 0x6F, 0xD6, 0x54, + 0x76, 0x13, 0x17, 0x8E, 0x23, 0x43, 0x5F, 0x21 +}; +static const byte sshKdfTvSet3d[] = { + 0x7E, 0x9D, 0x79, 0x03, 0x20, 0x90, 0xD9, 0x9F, + 0x98, 0xB0, 0x15, 0x63, 0x4D, 0xD9, 0xF4, 0x62 +}; +static const byte sshKdfTvSet3e[] = { + 0x24, 0xEE, 0x55, 0x9A, 0xD7, 0xCE, 0x71, 0x2B, + 0x68, 0x5D, 0x0B, 0x22, 0x71, 0xE4, 0x43, 0xC1, + 0x7A, 0xB1, 0xD1, 0xDC, 0xEB, 0x5A, 0x36, 0x05, + 0x69, 0xD2, 0x5D, 0x5D, 0xC2, 0x43, 0x00, 0x2F +}; +static const byte sshKdfTvSet3f[] = { + 0xC3, 0x41, 0x9C, 0x2B, 0x96, 0x62, 0x35, 0x86, + 0x9D, 0x71, 0x4B, 0xA5, 0xAC, 0x48, 0xDD, 0xB7, + 0xD9, 0xE3, 0x5C, 0x8C, 0x19, 0xAA, 0xC7, 0x34, + 0x22, 0x33, 0x7A, 0x37, 0x34, 0x53, 0x60, 0x7E +}; + +static const SshKdfTestVector sshKdfTestVectors[] = { + {WC_HASH_TYPE_SHA256, 'A', + sshKdfTvSet3k, sizeof(sshKdfTvSet3k), + sshKdfTvSet3h, sizeof(sshKdfTvSet3h), + sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid), + sshKdfTvSet3a, sizeof(sshKdfTvSet3a)}, + {WC_HASH_TYPE_SHA256, 'B', + sshKdfTvSet3k, sizeof(sshKdfTvSet3k), + sshKdfTvSet3h, sizeof(sshKdfTvSet3h), + sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid), + sshKdfTvSet3b, sizeof(sshKdfTvSet3b)}, + {WC_HASH_TYPE_SHA256, 'C', + sshKdfTvSet3k, sizeof(sshKdfTvSet3k), + sshKdfTvSet3h, sizeof(sshKdfTvSet3h), + sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid), + sshKdfTvSet3c, sizeof(sshKdfTvSet3c)}, + {WC_HASH_TYPE_SHA256, 'D', + sshKdfTvSet3k, sizeof(sshKdfTvSet3k), + sshKdfTvSet3h, sizeof(sshKdfTvSet3h), + sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid), + sshKdfTvSet3d, sizeof(sshKdfTvSet3d)}, + {WC_HASH_TYPE_SHA256, 'E', + sshKdfTvSet3k, sizeof(sshKdfTvSet3k), + sshKdfTvSet3h, sizeof(sshKdfTvSet3h), + sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid), + sshKdfTvSet3e, sizeof(sshKdfTvSet3e)}, + {WC_HASH_TYPE_SHA256, 'F', + sshKdfTvSet3k, sizeof(sshKdfTvSet3k), + sshKdfTvSet3h, sizeof(sshKdfTvSet3h), + sshKdfTvSet3sid, sizeof(sshKdfTvSet3sid), + sshKdfTvSet3f, sizeof(sshKdfTvSet3f)}, +}; + + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void) +{ + byte cKey[32]; /* Greater of SHA256_DIGEST_SIZE and WC_AES_BLOCK_SIZE */ + word32 i; + word32 tc = sizeof(sshKdfTestVectors)/sizeof(SshKdfTestVector); + const SshKdfTestVector* tv = NULL; + wc_test_ret_t result = 0; + WOLFSSL_ENTER("sshkdf_test"); + + /* sId - Session ID, eKey - Expected Key, cKey - Calculated Key */ + for (i = 0, tv = sshKdfTestVectors; i < tc; i++, tv++) { + result = wc_SSH_KDF(tv->hashId, tv->keyId, + cKey, tv->expectedKeySz, + tv->k, tv->kSz, tv->h, tv->hSz, + tv->sessionId, tv->sessionIdSz); + + if (result != 0) { + printf("KDF: Could not derive key.\n"); + result = WC_TEST_RET_ENC_EC(result); + } + else { + if (XMEMCMP(cKey, tv->expectedKey, tv->expectedKeySz) != 0) { + printf("KDF: Calculated Key does not match Expected Key.\n"); + result = WC_TEST_RET_ENC_EC(result); + } + } + + if (result != 0) break; + } + + return result; +} + +#endif /* WOLFSSL_WOLFSSH */ + +#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && \ + defined(WOLFSSL_SHA384) && !defined(WOLFSSL_NO_TLS12) +#define DIGL 12 +#define SECL 48 +#define LBSL 63 +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void) +{ + int ret; + byte dig[DIGL] = {0}; + byte secret[SECL] = { + 0x10, 0xbc, 0xb4, 0xa2, 0xe8, 0xdc, 0xf1, 0x9b, 0x4c, + 0x51, 0x9c, 0xed, 0x31, 0x1b, 0x51, 0x57, 0x02, 0x3f, + 0xa1, 0x7d, 0xfb, 0x0e, 0xf3, 0x4e, 0x8f, 0x6f, 0x71, + 0xa3, 0x67, 0x76, 0x6b, 0xfa, 0x5d, 0x46, 0x4a, 0xe8, + 0x61, 0x18, 0x81, 0xc4, 0x66, 0xcc, 0x6f, 0x09, 0x99, + 0x9d, 0xfc, 0x47 + }; + byte lablSd[LBSL] = { + 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x66, 0x69, + 0x6e, 0x69, 0x73, 0x68, 0x65, 0x64, 0x0b, 0x46, 0xba, + 0x56, 0xbf, 0x1f, 0x5d, 0x99, 0xff, 0xe9, 0xbb, 0x43, + 0x01, 0xe7, 0xca, 0x2c, 0x00, 0xdf, 0x9a, 0x39, 0x6e, + 0xcf, 0x6d, 0x15, 0x27, 0x4d, 0xf2, 0x93, 0x96, 0x4a, + 0x91, 0xde, 0x5c, 0xc0, 0x47, 0x7c, 0xa8, 0xae, 0xcf, + 0x5d, 0x93, 0x5f, 0x4c, 0x92, 0xcc, 0x98, 0x5b, 0x43 + }; + byte expected[DIGL] = { + 0xee, 0xcb, 0xb1, 0x30, 0xf2, 0xcd, 0xb3, 0x4a, + 0xbe, 0xda, 0xc1, 0xf6 + }; + int digL = DIGL; + int secL = SECL; + int lblsdL = LBSL; + int hash_type = sha384_mac; + + ret = wc_PRF(dig, (word32)digL, secret, (word32)secL, lablSd, + (word32)lblsdL, hash_type, + HEAP_HINT, devId); + if (ret != 0) { + printf("Failed w/ code: %d\n", ret); + return WC_TEST_RET_ENC_EC(ret); + } + + if (XMEMCMP(expected, dig, DIGL) != 0) { + printf("Got unexpected digest\n"); + return WC_TEST_RET_ENC_NC; + } + + return 0; +} +#endif /* WOLFSSL_HAVE_PRF && !NO_HMAC && WOLFSSL_SHA384 && !WOLFSSL_NO_TLS12 */ + +#if defined(WOLFSSL_HAVE_PRF) && defined(HAVE_HKDF) && !defined(NO_HMAC) && \ + defined(WOLFSSL_BASE16) && !defined(WOLFSSL_NO_TLS12) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void) +{ + const char* preMasterSecret = "D06F9C19BFF49B1E91E4EFE97345D089" + "4E6C2E6C34A165B24540E2970875D641" + "2AA6515871B389B4C199BB8389C71CED"; + const char* helloRandom = "162B81EDFBEAE4F25240320B87E7651C" + "865564191DD782DB0B9ECA275FBA1BB9" + "5A1DA3DF436D68DA86C5E7B4B4A36E46" + "B977C61767983A31BE270D74517BD0F6"; + const char* masterSecret = "EB38B8D89B98B1C266DE44BB3CA14E83" + "C32F009F9955B1D994E61D3C51EE8760" + "90B4EF89CC7AF42F46E72201BFCC7977"; + const char* label = "master secret"; + + byte pms[48] = {0}; + byte seed[64] = {0}; + byte ms[48] = {0}; + byte result[48] = {0}; + + word32 pmsSz = (word32)sizeof(pms); + word32 seedSz = (word32)sizeof(seed); + word32 msSz = (word32)sizeof(ms); + int ret; + + ret = Base16_Decode((const byte*)preMasterSecret, + (word32)XSTRLEN(preMasterSecret), pms, &pmsSz); + if (ret != 0) + return ret; + ret = Base16_Decode((const byte*)helloRandom, + (word32)XSTRLEN(helloRandom), seed, &seedSz); + if (ret != 0) + return ret; + ret = Base16_Decode((const byte*)masterSecret, + (word32)XSTRLEN(masterSecret), ms, &msSz); + if (ret != 0) + return ret; + + ret = wc_PRF_TLS(result, msSz, pms, pmsSz, + (const byte*)label, (word32)XSTRLEN(label), seed, seedSz, + 1, sha256_mac, NULL, devId); + if (ret != 0) { + if (ret == WC_NO_ERR_TRACE(FIPS_PRIVATE_KEY_LOCKED_E)) { + printf(" wc_PRF_TLSv12: Private key locked.\n"); + } + return WC_TEST_RET_ENC_EC(ret); + } + + if (XMEMCMP(result, ms, msSz) != 0) + return WC_TEST_RET_ENC_NC; + return 0; +} +#endif /* WOLFSSL_HAVE_PRF && HAVE_HKDF && !NO_HMAC && */ + /* WOLFSSL_BASE16 && !WOLFSSL_NO_TLS12 */ + +#if defined(WOLFSSL_TLS13) && !defined(NO_HMAC) + +#define TLSV13_PSK_DHE_SZ 40 +typedef struct { + enum wc_HashType hashAlg; + word32 pskSz; + word32 dheSz; + byte psk[TLSV13_PSK_DHE_SZ]; + byte dhe[TLSV13_PSK_DHE_SZ]; + byte hashHello1[WC_MAX_DIGEST_SIZE]; + byte hashHello2[WC_MAX_DIGEST_SIZE]; + byte hashFinished1[WC_MAX_DIGEST_SIZE]; + byte hashFinished2[WC_MAX_DIGEST_SIZE]; + /* Expected */ + byte clientEarlyTrafficSecret[WC_MAX_DIGEST_SIZE]; + byte earlyExporterMasterSecret[WC_MAX_DIGEST_SIZE]; + byte clientHandshakeTrafficSecret[WC_MAX_DIGEST_SIZE]; + byte serverHandshakeTrafficSecret[WC_MAX_DIGEST_SIZE]; + byte clientApplicationTrafficSecret[WC_MAX_DIGEST_SIZE]; + byte serverApplicationTrafficSecret[WC_MAX_DIGEST_SIZE]; + byte exporterMasterSecret[WC_MAX_DIGEST_SIZE]; + byte resumptionMasterSecret[WC_MAX_DIGEST_SIZE]; +} Tls13KdfTestVector; + +/* The following tests come from the CAVP test vectors we used for + * our FIPS validation. The hash values used are the components from + * the test hashed together. hashHello1 is the hash of the + * clientHelloRandom value of the test vector. hashHello2 is the hash + * of the clientHelloRandom and serverHelloRandom values from the test + * vector. hashFinished1 is clientHelloRandom, serverHelloRandom, and + * serverFinishedRandom. hashFinished2 is clientHelloRandom, + * serverHelloRandom, serverFinishedRandom, and clietnFinishedRandom + * hashed together. */ +static const Tls13KdfTestVector tls13KdfTestVectors[] = { +#ifndef NO_SHA256 +{ /* 1 */ + WC_HASH_TYPE_SHA256, 35, 35, + { /* PSK */ + 0x7b, 0xf1, 0x05, 0x31, 0x36, 0xfa, 0x03, 0xdc, + 0x31, 0x97, 0x88, 0x04, 0x9c, 0xbc, 0xee, 0xf7, + 0x8d, 0x84, 0x95, 0x26, 0xaf, 0x1d, 0x68, 0xb0, + 0x60, 0x7a, 0xcc, 0x4f, 0xc1, 0xd3, 0xa1, 0x68, + 0x7f, 0x6d, 0xbe + }, + { /* DHE */ + 0x6e, 0xa1, 0x77, 0xab, 0x2f, 0x43, 0xd2, 0x4b, + 0xe5, 0xa1, 0x09, 0xe0, 0x7a, 0xd0, 0x01, 0x35, + 0x8d, 0xf8, 0xf2, 0x5c, 0x91, 0x02, 0xb0, 0x6c, + 0x3f, 0xeb, 0xee, 0xa4, 0x42, 0x19, 0xce, 0xdc, + 0x81, 0x26, 0x40 + }, + { /* Hello 1 */ + 0xd9, 0x4b, 0xe4, 0x17, 0xef, 0x58, 0x73, 0x7d, + 0x28, 0x3d, 0xf0, 0xcc, 0x05, 0x03, 0xaf, 0xac, + 0x3d, 0x92, 0x79, 0x48, 0xe8, 0x8c, 0xdb, 0xce, + 0x95, 0x82, 0x21, 0x31, 0x7b, 0x61, 0xd7, 0xc6 + }, + { /* Hello 2 */ + 0xb7, 0x7f, 0x29, 0x91, 0xa4, 0x8b, 0x34, 0xdb, + 0xbd, 0xc7, 0x54, 0x1c, 0x3b, 0x86, 0xa3, 0x69, + 0xfe, 0x26, 0xe4, 0x7b, 0xac, 0x57, 0x71, 0xb3, + 0x32, 0x97, 0xed, 0xd2, 0x0e, 0x95, 0xb8, 0x63 + }, + { /* Finished 1 */ + 0x65, 0xdb, 0x6d, 0x71, 0x71, 0xd0, 0xd8, 0x49, + 0xd0, 0x3c, 0x8e, 0x2b, 0x24, 0xdf, 0xc2, 0xe9, + 0xd6, 0xfd, 0xea, 0x04, 0x95, 0x7c, 0xf0, 0x7e, + 0x57, 0x74, 0x7c, 0xdd, 0xa3, 0x0b, 0x2b, 0x36 + }, + { /* Finished 2 */ + 0x28, 0xf2, 0xf2, 0x79, 0xcf, 0x20, 0x52, 0x90, + 0x1d, 0x91, 0x05, 0xad, 0x44, 0x26, 0x23, 0x96, + 0x32, 0xce, 0xec, 0x61, 0xd1, 0xbf, 0x00, 0x48, + 0x4a, 0xa5, 0x60, 0xcc, 0x28, 0xb5, 0x8d, 0x98 + }, + { /* Client Early Traffic Secret */ + 0x07, 0x14, 0x6a, 0x26, 0x5b, 0x6c, 0x7f, 0x4d, 0x6b, 0x47, 0x3f, 0xd5, + 0x03, 0x1d, 0xd2, 0x23, 0x3d, 0x89, 0x3e, 0xc6, 0x51, 0xd1, 0xac, 0xf8, + 0x28, 0xae, 0x4b, 0x76, 0xc8, 0x10, 0x7e, 0xdd + }, + { /* Early Exporter Master Secret */ + 0xb8, 0xd3, 0x25, 0x7e, 0x2d, 0x41, 0x7b, 0xcb, 0x5e, 0x82, 0x49, 0xf5, + 0x51, 0x3d, 0xb7, 0x59, 0x32, 0xb3, 0xdf, 0x99, 0x4e, 0x04, 0x69, 0xc6, + 0x96, 0x8e, 0xe6, 0x3d, 0x91, 0xe4, 0x81, 0x11 + }, + { /* Client Handshake Traffic Secret */ + 0xd9, 0x3b, 0x54, 0xe2, 0xb0, 0xd1, 0x85, 0xf0, 0xfd, 0xf3, 0x48, 0x4a, + 0xf8, 0x0b, 0xa5, 0xdc, 0x4c, 0x37, 0xcb, 0xd4, 0x20, 0xaf, 0x60, 0xc7, + 0xd5, 0x50, 0x5d, 0x0c, 0x77, 0x3b, 0x6f, 0xd2 + }, + { /* Server Handshake Traffic Secret */ + 0x4d, 0x40, 0x2b, 0xd2, 0x8c, 0x33, 0x90, 0x39, 0x67, 0x67, 0x05, 0xf7, + 0x5d, 0x37, 0x1e, 0xdc, 0x4a, 0x70, 0x6b, 0x9e, 0xf8, 0x06, 0x61, 0x89, + 0x70, 0xe1, 0x3d, 0x36, 0xad, 0x88, 0x7e, 0x5b + }, + { /* Client Application Traffic Secret */ + 0x74, 0x6e, 0xa0, 0x13, 0x18, 0x34, 0x48, 0x4d, 0x23, 0x31, 0xf1, 0xf9, + 0xee, 0x44, 0x6d, 0xad, 0xc1, 0xad, 0x92, 0x73, 0xca, 0x27, 0x16, 0x91, + 0xa2, 0x50, 0x9a, 0xfc, 0xec, 0xf0, 0x6b, 0x24 + }, + { /* Server Application Traffic Secret */ + 0x89, 0x18, 0x7e, 0x34, 0x8d, 0xfc, 0x14, 0xb1, 0x4f, 0x21, 0xd8, 0x29, + 0xdb, 0x9b, 0xfb, 0x55, 0xcf, 0xa1, 0x4f, 0x95, 0xf8, 0xe0, 0xb0, 0x83, + 0xd5, 0x34, 0x9e, 0x0b, 0x83, 0x37, 0x42, 0x93 + }, + { /* Exporter Master Secret */ + 0x7d, 0xc8, 0x88, 0x46, 0xd5, 0x57, 0x15, 0xb6, 0x24, 0x25, 0x92, 0x61, + 0xb1, 0x18, 0x86, 0x2a, 0x6d, 0xa5, 0x84, 0xeb, 0x59, 0xdf, 0x13, 0xbd, + 0x73, 0xaa, 0x5d, 0x65, 0xab, 0xd9, 0xb4, 0x56 + }, + { /* Resumption Master Secret */ + 0x20, 0xb7, 0xd0, 0xe3, 0x82, 0x01, 0xa1, 0x04, 0xb8, 0x13, 0x29, 0xed, + 0x35, 0xe4, 0x2f, 0xbf, 0x58, 0x23, 0x7f, 0x21, 0xdb, 0x9f, 0xf8, 0xe0, + 0xe8, 0xe4, 0xab, 0xc4, 0xa1, 0x61, 0xb9, 0xbb + } +}, +{ /* 6 */ + WC_HASH_TYPE_SHA256, 0, 33, + { 0 }, /* PSK */ + { /* DHE */ + 0x7a, 0x46, 0x8c, 0x5a, 0xd1, 0x8e, 0x95, 0xba, + 0x61, 0xe6, 0x6f, 0xe6, 0x76, 0x0c, 0x20, 0x43, + 0x16, 0x82, 0x15, 0xfe, 0x54, 0xa3, 0xc7, 0xfd, + 0x3b, 0x2c, 0x88, 0xb4, 0xd3, 0x42, 0x70, 0x12, + 0x18 + }, + { /* Hello 1 */ + 0x63, 0x83, 0x58, 0xab, 0x36, 0xcd, 0x0c, 0xf3, + 0x26, 0x07, 0xb5, 0x5f, 0x0b, 0x8b, 0x45, 0xd6, + 0x7d, 0x5b, 0x42, 0xdc, 0xa8, 0xaa, 0x06, 0xfb, + 0x20, 0xa5, 0xbb, 0x85, 0xdb, 0x54, 0xd8, 0x8b + }, + { /* Hello 2 */ + 0xea, 0xfe, 0x9e, 0x8e, 0xff, 0x1f, 0x6f, 0x43, + 0xf9, 0x5d, 0xfd, 0xbf, 0xe2, 0x5f, 0x02, 0x2f, + 0x6d, 0x47, 0x60, 0x9a, 0x48, 0x9a, 0x75, 0xfb, + 0xb5, 0x4a, 0xbf, 0x9c, 0x4e, 0xff, 0xbf, 0x0b + }, + { /* Finished 1 */ + 0xca, 0x25, 0xb3, 0x53, 0x8e, 0x6d, 0xc3, 0x36, + 0x17, 0x30, 0x07, 0xdf, 0x0d, 0xd7, 0x79, 0xb0, + 0x7f, 0xcb, 0xbe, 0x7a, 0xbc, 0x2d, 0x9f, 0x2d, + 0x94, 0x44, 0x94, 0xe6, 0xa4, 0xf3, 0xe8, 0x53 + }, + { /* Finished 2 */ + 0x2e, 0xa6, 0x5a, 0xaf, 0xb5, 0xba, 0x9f, 0x2f, + 0x74, 0x83, 0x5d, 0xbf, 0x86, 0xa4, 0xa6, 0xf6, + 0xb9, 0x89, 0xdf, 0x17, 0xe1, 0xa8, 0x14, 0xc0, + 0xe1, 0x50, 0xfa, 0xec, 0xfa, 0xae, 0x8b, 0x7b + }, + { + 0x20, 0x18, 0x72, 0x7c, 0xde, 0x3a, 0x85, 0x17, 0x72, 0xdc, 0xd7, 0x72, + 0xb0, 0xfc, 0x45, 0xd0, 0x62, 0xb9, 0xbb, 0x38, 0x69, 0x05, 0x7b, 0xb4, + 0x5e, 0x58, 0x5d, 0xed, 0xcd, 0x0b, 0x96, 0xd3 + }, + { + 0x68, 0x10, 0x20, 0xd1, 0x5e, 0xfc, 0x0c, 0x53, 0x85, 0xbb, 0xdb, 0x18, + 0xa8, 0x78, 0xf1, 0x2b, 0x13, 0xba, 0x64, 0x1d, 0xe7, 0x09, 0xbe, 0x13, + 0x49, 0x26, 0xf9, 0x98, 0x56, 0xf1, 0x43, 0xfb + }, + { + 0x24, 0x35, 0x3e, 0x10, 0x6f, 0x39, 0x50, 0xd6, 0xa2, 0x12, 0x99, 0xf2, + 0xd5, 0xf5, 0x19, 0xf5, 0x84, 0xed, 0xee, 0x78, 0x2a, 0xa6, 0xfa, 0x3d, + 0x06, 0xa8, 0xa7, 0x5d, 0x97, 0x78, 0xd6, 0x58 + }, + { + 0xf4, 0x57, 0xac, 0x24, 0x7a, 0xfb, 0x7c, 0x3b, 0xb6, 0x39, 0x17, 0x14, + 0xd9, 0xd4, 0x58, 0x4d, 0x46, 0xd5, 0x1b, 0xde, 0xf7, 0x9d, 0x06, 0xee, + 0x8d, 0x1a, 0x2c, 0x25, 0x6d, 0x64, 0xde, 0x89 + }, + { + 0xb6, 0x00, 0xce, 0x63, 0xed, 0x65, 0x8b, 0x66, 0x66, 0x42, 0xc6, 0xbd, + 0x89, 0xc4, 0x71, 0x6f, 0xce, 0x28, 0xb2, 0xac, 0x97, 0x07, 0x5b, 0xea, + 0xb8, 0x1d, 0x4c, 0xeb, 0x9e, 0x71, 0x07, 0x8f + }, + { + 0xf8, 0x92, 0xc8, 0xba, 0xe7, 0x83, 0xfe, 0x68, 0xe4, 0xd6, 0x5e, 0xcb, + 0xb3, 0xef, 0x49, 0xd0, 0xe7, 0xb1, 0xac, 0xcb, 0x39, 0x19, 0xfd, 0xa7, + 0xf7, 0xca, 0xab, 0x1e, 0x42, 0x14, 0xd8, 0xe7 + }, + { + 0x32, 0x4a, 0x1a, 0xad, 0xe2, 0xbb, 0x55, 0x8a, 0xdd, 0xe9, 0xa5, 0x2a, + 0x46, 0x5e, 0x6c, 0x83, 0x66, 0x27, 0x27, 0x94, 0xdd, 0x68, 0x59, 0xa0, + 0xbb, 0xe8, 0x31, 0x7c, 0x39, 0xd7, 0xfd, 0x6d + }, + { + 0x58, 0xbc, 0x6c, 0x5b, 0x24, 0xad, 0x82, 0xb3, 0xcc, 0xc7, 0xd1, 0xa1, + 0xaa, 0x2b, 0x98, 0x9f, 0x2f, 0x7e, 0xa9, 0x63, 0xc2, 0x8e, 0xb6, 0x06, + 0xc2, 0x2b, 0x74, 0x4b, 0x79, 0x19, 0x7e, 0x2e + } +}, +{ /* 11 */ + WC_HASH_TYPE_SHA256, 33, 0, + { /* PSK */ + 0x3d, 0x39, 0x49, 0x36, 0x98, 0xc5, 0xfd, 0xcd, + 0xa0, 0x17, 0xbd, 0x65, 0x0a, 0xdb, 0xd4, 0x07, + 0x56, 0xa2, 0x7b, 0xb8, 0x2a, 0x7e, 0xfb, 0x26, + 0x74, 0xe1, 0xbc, 0x08, 0x4b, 0xf0, 0x30, 0x14, + 0x12 + }, + { 0 }, /* DHE */ + { /* Hello 1 */ + 0xb7, 0x44, 0x74, 0x6c, 0x57, 0x1f, 0xf3, 0x84, + 0x8f, 0x63, 0xfb, 0x8c, 0x94, 0x6c, 0x16, 0x68, + 0x4b, 0xe1, 0xb5, 0xb5, 0x2a, 0x4e, 0x5f, 0xdf, + 0x4b, 0x53, 0xb2, 0x35, 0xfc, 0x30, 0xf1, 0x36 + }, + { /* Hello 2 */ + 0xe6, 0x4f, 0x3a, 0x4f, 0xd7, 0xe0, 0x64, 0xd4, + 0x69, 0x50, 0xe4, 0x8b, 0xba, 0xbc, 0x47, 0x74, + 0xa7, 0x9b, 0x40, 0x91, 0x8f, 0xa8, 0x72, 0x22, + 0x97, 0xad, 0x43, 0xa7, 0x11, 0x86, 0xb5, 0x72 + }, + { /* Finished 1 */ + 0x5f, 0xa6, 0x10, 0xe2, 0xa3, 0x99, 0x0b, 0x5e, + 0x57, 0xee, 0xc3, 0x3a, 0x8e, 0x04, 0xf3, 0x0e, + 0x58, 0x02, 0x09, 0xb2, 0x7e, 0x2d, 0xc6, 0xd2, + 0x08, 0xae, 0x68, 0x0a, 0x55, 0xa5, 0xda, 0x51 + }, + { /* Finished 2 */ + 0xfc, 0x5b, 0xc0, 0x7e, 0x1b, 0xaa, 0xc0, 0xb4, + 0x34, 0x85, 0x49, 0x8e, 0x16, 0x31, 0x98, 0xdf, + 0x10, 0x54, 0x22, 0xda, 0x1e, 0x6b, 0x51, 0xf6, + 0x97, 0x57, 0xa0, 0x7a, 0x92, 0xe7, 0x47, 0x52 + }, + { + 0x80, 0xfa, 0x36, 0x30, 0xb8, 0x65, 0xb3, 0x2a, 0x1d, 0x68, 0x91, 0x06, + 0x98, 0xa0, 0x17, 0x8f, 0xee, 0xb7, 0x9e, 0x3d, 0xd8, 0x84, 0x99, 0x30, + 0xb9, 0xd6, 0x09, 0x25, 0x5e, 0xfb, 0x8f, 0xd3 }, + { + 0xa9, 0x89, 0x29, 0x70, 0xe4, 0x55, 0xec, 0x97, 0xfb, 0x24, 0x5b, 0xf9, + 0xf1, 0xa3, 0x19, 0x3d, 0xf1, 0x31, 0x14, 0xcd, 0x2a, 0xed, 0x21, 0xc8, + 0xb1, 0x53, 0xad, 0x11, 0x0b, 0x9e, 0x5a, 0xee }, + { + 0x72, 0xad, 0x8d, 0x7f, 0xfc, 0xb7, 0x68, 0xda, 0x27, 0x60, 0x37, 0xa3, + 0x4a, 0x63, 0xe8, 0xa5, 0xc8, 0xcd, 0x36, 0x6a, 0x77, 0x99, 0x0d, 0xa9, + 0xb1, 0x5b, 0x2f, 0x47, 0x2e, 0x22, 0xa7, 0x5e }, + { + 0x95, 0x6e, 0x85, 0x09, 0xe5, 0x04, 0x88, 0x14, 0x28, 0x8d, 0xdf, 0xe6, + 0x0d, 0x0f, 0x0d, 0x6b, 0x4e, 0x66, 0x1c, 0x03, 0xb9, 0xaa, 0x2d, 0x45, + 0x56, 0x67, 0x5c, 0x55, 0x29, 0xd6, 0x89, 0xd0 }, + { + 0xe8, 0xf2, 0x14, 0xf9, 0x9b, 0x2b, 0x9f, 0x24, 0x2b, 0x37, 0xbe, 0x86, + 0xdb, 0x23, 0x4b, 0xbe, 0x39, 0x57, 0xe8, 0xa9, 0xa5, 0xee, 0x08, 0xf2, + 0x75, 0x58, 0xdb, 0xd9, 0x51, 0xc1, 0x46, 0x02 }, + { + 0x3d, 0x19, 0xaf, 0xa3, 0x0b, 0x21, 0xf7, 0x3d, 0xe7, 0x37, 0x6e, 0x32, + 0x13, 0x48, 0x9d, 0xea, 0xe0, 0x90, 0xbf, 0x64, 0x48, 0xf7, 0x1e, 0xcc, + 0xf0, 0xbc, 0x92, 0xd7, 0x8a, 0x4a, 0xa8, 0xc1 }, + { + 0x16, 0x35, 0xb1, 0x66, 0x28, 0xa3, 0x3e, 0x19, 0xf5, 0x2d, 0x92, 0x22, + 0x95, 0x48, 0xe8, 0x34, 0x7b, 0x30, 0x50, 0xa2, 0xa0, 0xd9, 0xc2, 0x59, + 0x39, 0xf9, 0x8c, 0x69, 0xf2, 0x2a, 0xb9, 0xff }, + { + 0x32, 0x71, 0xa6, 0x87, 0x0c, 0x97, 0x42, 0x07, 0xdd, 0x5f, 0xc9, 0x44, + 0xa5, 0x7c, 0x50, 0x14, 0xfd, 0xe7, 0x5f, 0x8b, 0xd3, 0x2f, 0xdc, 0x9b, + 0xa9, 0x93, 0x22, 0x19, 0xe6, 0xf2, 0x0c, 0xd8 } +}, +#endif +#ifdef WOLFSSL_SHA384 +{ /* 26 */ + WC_HASH_TYPE_SHA384, 35, 35, + { /* PSK */ + 0x62, 0x83, 0x25, 0xc7, 0xcc, 0x08, 0x5e, 0x63, + 0x64, 0x56, 0xf0, 0xc6, 0x88, 0x27, 0x5a, 0x5b, + 0x68, 0x59, 0x0b, 0x14, 0x55, 0x13, 0x2e, 0xfd, + 0x8f, 0x28, 0x5b, 0x3d, 0xe3, 0xad, 0x67, 0xe4, + 0x68, 0xba, 0xf9 + }, + { /* DHE */ + 0xa8, 0xb1, 0xab, 0xd8, 0xc8, 0x5b, 0x52, 0xdf, + 0x7f, 0x49, 0x10, 0xf4, 0xa1, 0x31, 0xd1, 0x91, + 0x36, 0xc1, 0x87, 0x5d, 0x42, 0x2a, 0xe7, 0x1d, + 0x2c, 0x29, 0x3d, 0x40, 0x64, 0x61, 0x63, 0x76, + 0xd8, 0x66, 0xac + }, + { /* Hello 1 */ + 0x6f, 0xc6, 0x4c, 0xe1, 0xc6, 0x68, 0x34, 0x8c, + 0x0a, 0xe1, 0xf8, 0xb8, 0x3e, 0xd4, 0xf8, 0x0b, + 0x54, 0x50, 0xe4, 0xc5, 0x4a, 0x33, 0x7d, 0xbd, + 0x90, 0xd2, 0xa2, 0xb9, 0xb7, 0x92, 0xed, 0xab, + 0x14, 0xf1, 0xe4, 0x86, 0x22, 0x67, 0xd7, 0x44, + 0x03, 0x21, 0xdc, 0x51, 0x52, 0x7f, 0x35, 0x80 + }, + { /* Hello 2 */ + 0x3e, 0xcf, 0x2f, 0xc3, 0x87, 0xba, 0xc5, 0xbd, + 0x7c, 0xe8, 0x35, 0x5b, 0x95, 0x51, 0x30, 0x3b, + 0x08, 0xcc, 0x2a, 0x7d, 0xb5, 0x74, 0x7c, 0x16, + 0xb3, 0x0b, 0xe7, 0x61, 0xa3, 0x7c, 0x6c, 0xbd, + 0x39, 0x74, 0xfd, 0x1e, 0x4c, 0xff, 0xc8, 0xcc, + 0xa0, 0xef, 0x29, 0x4d, 0x94, 0xaa, 0x55, 0x6f, + }, + { /* Finished 1 */ + 0x06, 0xc1, 0x47, 0x78, 0x66, 0x53, 0x6f, 0x24, + 0x94, 0x61, 0x69, 0xec, 0xd8, 0x60, 0x31, 0x2f, + 0xbf, 0xd6, 0x8a, 0x29, 0x17, 0xff, 0xa3, 0x88, + 0x13, 0x09, 0x8c, 0x9d, 0x6c, 0x64, 0x84, 0x48, + 0x44, 0xdd, 0x2d, 0x29, 0x4d, 0xe6, 0x98, 0x2b, + 0x45, 0x3b, 0x84, 0x33, 0x79, 0xb2, 0x75, 0x68 + }, + { /* Finished 2 */ + 0x28, 0x1e, 0x18, 0xf7, 0x9c, 0x32, 0xa9, 0xbf, + 0x0c, 0x24, 0x58, 0x21, 0xce, 0xbc, 0xf2, 0x44, + 0xb1, 0x18, 0xaf, 0x9d, 0xd9, 0x20, 0xf9, 0xf4, + 0xed, 0xcc, 0x53, 0x82, 0x66, 0x5c, 0x46, 0x94, + 0x8c, 0x36, 0x5e, 0xca, 0x9f, 0xd8, 0x9a, 0xd3, + 0xf0, 0xe1, 0x53, 0x71, 0xdd, 0x19, 0x1e, 0x59 + }, + { + 0xd0, 0xef, 0xa8, 0xcb, 0x5b, 0x14, 0x0f, 0x0a, 0x62, 0xba, 0x5a, 0xb1, + 0xc5, 0xb5, 0x3f, 0x11, 0xda, 0xa1, 0x0c, 0x9c, 0xb4, 0x32, 0x48, 0x4e, + 0xfa, 0x84, 0x4f, 0xe4, 0xe7, 0x91, 0x8f, 0x42, 0x3f, 0xc7, 0x4e, 0xd3, + 0x83, 0x3d, 0x7f, 0x70, 0x12, 0xee, 0x9a, 0x37, 0x01, 0xbb, 0x14, 0xd3 + }, + { + 0x48, 0x6f, 0x77, 0x1d, 0x39, 0x1b, 0xa5, 0x9a, 0x76, 0xd9, 0x1d, 0x7d, + 0xb3, 0xd9, 0xb9, 0x78, 0x35, 0x0f, 0xd0, 0xe1, 0x07, 0x1f, 0x8d, 0xe5, + 0x75, 0x00, 0xda, 0xc0, 0x19, 0x01, 0xfb, 0x08, 0x35, 0xe7, 0x18, 0x8f, + 0xf0, 0x19, 0xfb, 0x46, 0xf6, 0xa5, 0x77, 0x0e, 0x90, 0x38, 0x8b, 0x15 + }, + { + 0x80, 0x8c, 0xa7, 0x24, 0x97, 0xf9, 0xd3, 0x52, 0xb0, 0x69, 0x9d, 0x4b, + 0xa4, 0x19, 0x4a, 0xb1, 0x46, 0x53, 0x3a, 0xc8, 0xe4, 0x02, 0x69, 0xf2, + 0xe7, 0xb6, 0x1d, 0x33, 0x51, 0xcc, 0x14, 0x40, 0x4a, 0xb0, 0xe7, 0x58, + 0x84, 0xba, 0xc2, 0x14, 0x58, 0x6b, 0xb9, 0xdc, 0x50, 0x98, 0x67, 0x01 + }, + { + 0xb1, 0xa8, 0xc0, 0x06, 0xb3, 0x2e, 0xa7, 0x8a, 0x6a, 0x12, 0x88, 0x00, + 0x65, 0x88, 0x9c, 0x5d, 0x35, 0xee, 0xe5, 0x51, 0x0b, 0x62, 0xf8, 0x67, + 0xe5, 0xef, 0x15, 0x1f, 0x23, 0x02, 0x74, 0x08, 0x9c, 0xc8, 0xba, 0x27, + 0x5d, 0x32, 0x19, 0x6f, 0x6d, 0x5d, 0x72, 0x5e, 0x15, 0xde, 0x30, 0xc3 + }, + { + 0xfd, 0xce, 0xf5, 0x65, 0x45, 0x84, 0xfb, 0x8c, 0x79, 0xa4, 0x6c, 0x1b, + 0x0e, 0x1b, 0xfd, 0x26, 0xa2, 0x53, 0xf4, 0x4e, 0x00, 0x4d, 0x4b, 0x0b, + 0x24, 0x6d, 0x35, 0x35, 0xd9, 0x97, 0x70, 0xc5, 0xf4, 0xee, 0xe3, 0xba, + 0x31, 0x1e, 0x2a, 0x42, 0xcb, 0xdf, 0x40, 0xb1, 0x14, 0xb8, 0x53, 0xce + }, + { + 0xbb, 0xb3, 0x26, 0x7c, 0x22, 0x21, 0x9b, 0x72, 0x32, 0xa1, 0x97, 0xfb, + 0x78, 0x8c, 0xbe, 0x3d, 0x71, 0x45, 0xb8, 0xf5, 0x24, 0x8f, 0x0f, 0xac, + 0x42, 0x5b, 0x81, 0xe8, 0xd0, 0x71, 0x4a, 0xcb, 0x32, 0x3f, 0x03, 0xfb, + 0xec, 0x6a, 0x1f, 0x76, 0x80, 0x65, 0x01, 0x7a, 0x3d, 0xce, 0xc4, 0xdf + }, + { + 0x3f, 0xcf, 0x2f, 0x63, 0x94, 0x94, 0x99, 0xfd, 0x04, 0x3a, 0x89, 0x83, + 0xcf, 0x06, 0x05, 0xec, 0x20, 0x3e, 0x5f, 0x51, 0x9d, 0x6e, 0x4a, 0xc6, + 0xf1, 0x2b, 0x37, 0x17, 0x34, 0x72, 0x6e, 0x1d, 0x2a, 0xfd, 0xc7, 0x73, + 0xb5, 0x07, 0x22, 0x81, 0x32, 0x2e, 0x21, 0x85, 0xaf, 0x10, 0xb2, 0x73 + }, + { + 0x52, 0x0c, 0x3d, 0x2e, 0x2d, 0x4a, 0x11, 0xae, 0x96, 0x78, 0xe9, 0x5b, + 0xd8, 0x0f, 0x6c, 0xf4, 0xbd, 0x96, 0x13, 0x55, 0x88, 0xdd, 0xa3, 0x67, + 0x36, 0x86, 0x1e, 0x0b, 0x36, 0x41, 0xec, 0xf6, 0x04, 0xb2, 0xc4, 0x16, + 0xbc, 0x2c, 0xdb, 0x30, 0x02, 0x94, 0xd4, 0x42, 0xbf, 0x38, 0xee, 0x9d + } +}, +{ /* 36 */ + WC_HASH_TYPE_SHA384, 0, 33, + { 0 }, /* PSK */ + { /* DHE */ + 0xd3, 0x00, 0x72, 0x9a, 0xa8, 0xc5, 0xf3, 0xc4, + 0xf1, 0xa0, 0x26, 0x89, 0x65, 0x70, 0xc7, 0x0b, + 0x77, 0xbb, 0xe1, 0x4b, 0x2b, 0xa8, 0x4f, 0xa6, + 0x09, 0x4b, 0xba, 0x45, 0x36, 0x15, 0xee, 0x68, + 0xfd + }, + { /* Hello 1 */ + 0x10, 0x9d, 0x8b, 0xa2, 0x93, 0xe7, 0xd3, 0xb9, + 0xb4, 0x0f, 0xeb, 0x6a, 0xb9, 0x69, 0xcb, 0x39, + 0x16, 0x29, 0xcc, 0xd3, 0xcc, 0x1a, 0x4c, 0x1b, + 0x53, 0x7c, 0x33, 0x88, 0x06, 0xbc, 0x0a, 0x02, + 0xa0, 0xbe, 0x62, 0xc0, 0xe6, 0x5e, 0x97, 0x5b, + 0x6a, 0xa1, 0x98, 0xf3, 0xd2, 0x1e, 0xcd, 0xc5 + }, + { /* Hello 2 */ + 0x74, 0xc0, 0x07, 0x2c, 0xc1, 0x63, 0xcc, 0x11, + 0xad, 0x1a, 0x55, 0x63, 0xbc, 0x20, 0x77, 0x96, + 0x30, 0x1c, 0x68, 0x45, 0x1e, 0x9b, 0xa7, 0xb4, + 0xf3, 0x04, 0x45, 0x16, 0x76, 0x55, 0xf9, 0xdf, + 0x4b, 0x2f, 0x1a, 0xdf, 0x5a, 0xb0, 0x93, 0xc9, + 0xab, 0xf5, 0x32, 0x47, 0x79, 0x9c, 0x01, 0xeb + }, + { /* Finished 1 */ + 0x27, 0x08, 0x8e, 0xa5, 0xf1, 0x30, 0xe1, 0xd6, + 0x4f, 0xa2, 0x9e, 0x3b, 0x03, 0x2d, 0x2e, 0xa3, + 0x84, 0x75, 0x51, 0x3a, 0xc3, 0xf6, 0xee, 0x2e, + 0x37, 0x0c, 0xe3, 0x28, 0x46, 0xa5, 0x2d, 0xc7, + 0xf0, 0x64, 0x78, 0x53, 0x66, 0x43, 0x02, 0xa4, + 0x7a, 0x43, 0x66, 0x4b, 0xa7, 0xcb, 0x97, 0x16 + }, + { /* Finished 2 */ + 0x1d, 0x0d, 0xf8, 0xe1, 0x81, 0xa5, 0xbd, 0xa8, + 0x6f, 0x9d, 0x01, 0xa4, 0x9a, 0x92, 0xe2, 0xef, + 0x08, 0xab, 0xef, 0x3e, 0x2d, 0xd4, 0x82, 0xac, + 0x68, 0x9d, 0xe0, 0x54, 0x17, 0xde, 0x1a, 0xed, + 0x57, 0xcb, 0xd9, 0x2d, 0xc8, 0xbc, 0x93, 0xe6, + 0xa3, 0xec, 0xde, 0xee, 0xa1, 0x1c, 0x41, 0x85 + }, + { + 0x7f, 0x1f, 0xe6, 0x7b, 0xd8, 0xf5, 0x2b, 0x37, 0xbe, 0xb7, 0xd0, 0x37, + 0xce, 0x46, 0xad, 0x04, 0x2f, 0xc7, 0xdb, 0xc9, 0x9a, 0xb6, 0x00, 0x3f, + 0xc1, 0x97, 0xe9, 0x5c, 0x5e, 0x14, 0xd1, 0x38, 0x4d, 0x55, 0xe1, 0x07, + 0xb5, 0x85, 0x6d, 0xfa, 0xa7, 0x66, 0xad, 0xfa, 0xb6, 0xad, 0x29, 0x44 + }, + { + 0x4e, 0x6b, 0x20, 0x99, 0x55, 0x1b, 0x21, 0x89, 0xb6, 0x70, 0xdb, 0xe8, + 0xa7, 0x16, 0x55, 0xf2, 0x93, 0x13, 0x90, 0x7d, 0xfa, 0x62, 0x65, 0x53, + 0xa0, 0x97, 0xe9, 0xb4, 0xc0, 0xf1, 0xc9, 0x1a, 0x67, 0xdd, 0xca, 0x57, + 0xbc, 0xca, 0x39, 0xe6, 0x39, 0x6b, 0x63, 0x47, 0x25, 0x08, 0x3a, 0xd7 + }, + { + 0x35, 0x0d, 0xac, 0xd8, 0x10, 0x6a, 0x46, 0x50, 0x66, 0xae, 0x02, 0xc9, + 0xde, 0x13, 0x48, 0xce, 0x53, 0xd4, 0x92, 0x62, 0xc5, 0x65, 0x10, 0x08, + 0xc2, 0xc2, 0x82, 0xed, 0x9d, 0xc9, 0x6f, 0xa8, 0xc3, 0xc1, 0x0b, 0x7c, + 0xe1, 0x97, 0x85, 0xd6, 0x46, 0x29, 0x0e, 0x42, 0x51, 0xc1, 0x35, 0xcf + }, + { + 0x3d, 0x5d, 0x84, 0xbd, 0x16, 0x46, 0x34, 0xb3, 0xf6, 0x31, 0x49, 0x3e, + 0x8d, 0xdc, 0xcb, 0x8c, 0x6a, 0x42, 0xf4, 0x88, 0xfc, 0x19, 0xfa, 0xa2, + 0x25, 0xc7, 0xa0, 0xa4, 0xca, 0xf0, 0xea, 0x2d, 0xe8, 0xc4, 0x02, 0x14, + 0x63, 0xfb, 0xd3, 0x7b, 0x51, 0x1c, 0xce, 0xca, 0xa3, 0xc3, 0xe4, 0xa5 + }, + { + 0x7c, 0x3a, 0x55, 0x92, 0x2e, 0xdd, 0x75, 0xdd, 0x76, 0x54, 0x4a, 0x9f, + 0xd0, 0xa2, 0x88, 0x83, 0xe9, 0x27, 0xda, 0x30, 0xe9, 0x96, 0x58, 0xc5, + 0xb7, 0x56, 0xfc, 0x4b, 0xb8, 0x5d, 0xee, 0x46, 0x70, 0x4e, 0x1b, 0x06, + 0x86, 0xaf, 0x48, 0x5c, 0x17, 0x35, 0xfa, 0x69, 0xc2, 0x4d, 0xfb, 0x09 + }, + { + 0x00, 0x0e, 0x28, 0x51, 0xc1, 0x7f, 0x41, 0x89, 0x6f, 0x9a, 0xca, 0x15, + 0xee, 0xed, 0x43, 0xca, 0x6d, 0x65, 0x6f, 0x51, 0x18, 0x6c, 0x08, 0x4b, + 0x77, 0xca, 0x75, 0xc4, 0xc3, 0xde, 0x29, 0x41, 0x8b, 0xaf, 0xa7, 0x1c, + 0x28, 0x37, 0xa0, 0xa0, 0x74, 0x8e, 0x09, 0x42, 0x7a, 0x1b, 0x68, 0xdb + }, + { + 0x14, 0x8f, 0xab, 0x28, 0x64, 0xea, 0x45, 0x88, 0xdb, 0xc1, 0xc6, 0xa0, + 0x48, 0xdf, 0x15, 0xd0, 0x28, 0x07, 0x2d, 0x6c, 0xb8, 0x42, 0xbb, 0x60, + 0x02, 0x08, 0x9e, 0x29, 0x9b, 0x8d, 0xd6, 0x1c, 0xaf, 0xf2, 0x1a, 0xdc, + 0xf0, 0x78, 0x0b, 0x4d, 0x90, 0xa1, 0x0c, 0xb3, 0x13, 0xde, 0xca, 0x5a + }, + { + 0x4d, 0x80, 0x7d, 0x0b, 0xb9, 0x00, 0x6f, 0x65, 0x51, 0x65, 0x23, 0xde, + 0x72, 0xdc, 0x4f, 0x04, 0xa5, 0xa2, 0x90, 0x45, 0x51, 0x9e, 0xd0, 0x3a, + 0xe4, 0xd7, 0x78, 0xa3, 0x0f, 0x2d, 0x65, 0x12, 0xad, 0xc8, 0x92, 0x30, + 0x79, 0x9d, 0x9d, 0x08, 0x7a, 0x9c, 0x9f, 0x83, 0xb1, 0xca, 0x59, 0x56 + } +}, +{ /* 41 */ + WC_HASH_TYPE_SHA384, 33, 0, + { /* PSK */ + 0xa4, 0x8b, 0x1b, 0x5f, 0xd0, 0xea, 0x75, 0x62, + 0x06, 0x4d, 0x68, 0x40, 0x85, 0x20, 0x45, 0x95, + 0x4a, 0x00, 0xca, 0x05, 0xeb, 0xd4, 0x1d, 0x48, + 0x81, 0x89, 0xe8, 0x86, 0x43, 0xfa, 0x28, 0x17, + 0x12 + }, + { 0 }, /* DHE */ + { /* Hello 1 */ + 0x03, 0x7c, 0x33, 0x75, 0xdc, 0xc5, 0x46, 0x3a, + 0x0d, 0x56, 0xc6, 0xfb, 0xab, 0x1e, 0x1d, 0xda, + 0x59, 0xc2, 0xb2, 0xb1, 0x7c, 0x48, 0x9b, 0x06, + 0x0a, 0x5a, 0xbb, 0xf8, 0x98, 0x53, 0x78, 0x2d, + 0xd2, 0xcc, 0x87, 0x68, 0x25, 0xdd, 0x88, 0x22, + 0xcd, 0xb7, 0x74, 0x55, 0x21, 0xf9, 0x34, 0x98 + }, + { /* Hello 2 */ + 0x03, 0xb4, 0xfb, 0xcc, 0x28, 0x2c, 0xc1, 0x70, + 0x42, 0x73, 0x57, 0xac, 0xdb, 0x47, 0x71, 0xf6, + 0x2e, 0x11, 0x8a, 0x5b, 0x47, 0x2f, 0x02, 0x54, + 0x95, 0x34, 0xed, 0x5f, 0x19, 0xc1, 0x75, 0xe0, + 0x76, 0xad, 0xb0, 0x90, 0x57, 0xcd, 0xfd, 0xd7, + 0x58, 0x1f, 0x0d, 0x6b, 0x9e, 0x51, 0x3c, 0x08 + }, + { /* Finished 1 */ + 0x2b, 0x50, 0xd9, 0xa7, 0x43, 0x24, 0xda, 0x2c, + 0x7a, 0xaa, 0x0e, 0x37, 0xd7, 0x6b, 0x2c, 0xab, + 0x8e, 0xb2, 0xfe, 0x31, 0x1b, 0xa8, 0x12, 0x59, + 0x5b, 0x7b, 0xdc, 0x3e, 0xa7, 0x86, 0xa5, 0x48, + 0xe4, 0x46, 0x2b, 0x4c, 0xc1, 0x66, 0x4b, 0xf3, + 0x2a, 0x99, 0x93, 0x08, 0xbc, 0x3d, 0x08, 0x76 + }, + { /* Finished 2 */ + 0x7c, 0x34, 0xc8, 0x56, 0x17, 0xf1, 0x62, 0x1c, + 0x9f, 0x0b, 0xeb, 0xfd, 0x69, 0x72, 0x51, 0xc5, + 0xfa, 0x74, 0x87, 0xc9, 0xbd, 0x50, 0xe9, 0x48, + 0xa7, 0x3c, 0x94, 0x3e, 0x06, 0x7d, 0xe8, 0x8e, + 0xc1, 0xd1, 0x08, 0x1f, 0x5d, 0x48, 0x8a, 0x25, + 0xfc, 0xea, 0xe7, 0xd9, 0xd4, 0xd0, 0xf9, 0xad + }, + { + 0x4b, 0x0b, 0xed, 0xb9, 0xc8, 0xb8, 0xa8, 0x1e, 0xb0, 0x81, 0x76, 0xd5, + 0x33, 0x22, 0x71, 0x33, 0x3a, 0x85, 0x19, 0x67, 0x7e, 0x91, 0x37, 0xf2, + 0xa6, 0x11, 0x22, 0xdf, 0x41, 0x04, 0x3d, 0xa9, 0x13, 0xb9, 0xb2, 0xb1, + 0xbb, 0xd8, 0xef, 0x23, 0x7c, 0xc2, 0xab, 0x70, 0x1b, 0x51, 0x9f, 0xc9 + }, + { + 0xeb, 0x96, 0x10, 0x8c, 0x7d, 0x92, 0xea, 0x80, 0x86, 0xb2, 0xf8, 0x27, + 0xf2, 0x9a, 0x09, 0xc1, 0x7c, 0x09, 0x43, 0xbc, 0xfe, 0xc8, 0x75, 0xe0, + 0x97, 0xe7, 0x6d, 0xd5, 0xb2, 0x3c, 0xed, 0x12, 0xb7, 0x74, 0x0e, 0xe3, + 0xb6, 0xe0, 0xba, 0xe1, 0x8d, 0x89, 0xcf, 0x4f, 0x57, 0xf6, 0x6d, 0x90 + }, + { + 0x22, 0xb0, 0x39, 0x34, 0xb6, 0x6c, 0x2d, 0x7a, 0x97, 0x1c, 0x5d, 0xcc, + 0x78, 0x84, 0x71, 0xbb, 0xc6, 0x7b, 0xb6, 0xbc, 0xcc, 0x0b, 0xf8, 0xac, + 0x8e, 0xd7, 0x20, 0xbd, 0xbe, 0x32, 0xf0, 0xd6, 0xe9, 0x69, 0x13, 0xf2, + 0x9a, 0xce, 0xfe, 0x86, 0xd3, 0xee, 0xba, 0x69, 0x51, 0xb6, 0x77, 0x56 + }, + { + 0x16, 0xfd, 0xda, 0xf3, 0x5e, 0xb9, 0xa6, 0x17, 0x24, 0xb2, 0x16, 0x9f, + 0xb6, 0x59, 0x13, 0x0f, 0x25, 0x5a, 0xf1, 0x5b, 0x5f, 0xe4, 0x54, 0x2a, + 0xa7, 0xbf, 0x29, 0xaf, 0x5a, 0x77, 0xf4, 0x4f, 0x25, 0xba, 0x94, 0xad, + 0x6b, 0x91, 0x3b, 0xe7, 0xd5, 0x73, 0x0d, 0xff, 0xaa, 0xe3, 0x72, 0x2c + }, + { + 0x22, 0xb4, 0x94, 0xc0, 0x53, 0xd7, 0x82, 0x06, 0x38, 0x9d, 0x4a, 0xa0, + 0x3f, 0xf1, 0x5f, 0x6e, 0x23, 0x8d, 0x09, 0x62, 0xbf, 0x6f, 0x7c, 0x84, + 0xc6, 0x3e, 0x15, 0xad, 0x18, 0x37, 0x76, 0x29, 0xc7, 0xd6, 0x68, 0x0c, + 0x1e, 0xc6, 0x93, 0x31, 0xef, 0x85, 0x69, 0x30, 0x68, 0xf0, 0x1e, 0x37 + }, + { + 0x6d, 0x4d, 0x20, 0xaf, 0x47, 0xe8, 0x1b, 0xfa, 0xd0, 0xb6, 0xc8, 0x97, + 0xd1, 0x03, 0xfc, 0x9d, 0x59, 0xa0, 0x68, 0x9d, 0xe9, 0x17, 0x8b, 0xce, + 0x48, 0x2c, 0x77, 0x8a, 0x22, 0x4b, 0x5c, 0x54, 0x22, 0xa1, 0x15, 0x12, + 0xe1, 0x07, 0x8e, 0x15, 0xd8, 0x7b, 0x16, 0x65, 0x99, 0x6b, 0xcb, 0x71 + }, + { + 0x79, 0x64, 0x79, 0xdd, 0x75, 0x5c, 0x6f, 0x98, 0xac, 0x03, 0xe0, 0xcd, + 0x92, 0xba, 0x0e, 0x2d, 0xb4, 0xd1, 0x8b, 0x97, 0xd0, 0x85, 0xbb, 0x2e, + 0x4f, 0x26, 0x93, 0xf5, 0x1d, 0xf3, 0xd2, 0x43, 0x4f, 0xd2, 0x47, 0xaa, + 0x91, 0x1e, 0xf3, 0x67, 0x10, 0x18, 0x2c, 0xb9, 0x01, 0xba, 0x10, 0x9f + }, + { + 0x79, 0xb6, 0x9c, 0xbe, 0xf1, 0x6a, 0xb0, 0x92, 0xa0, 0x29, 0x52, 0x61, + 0xf1, 0xcd, 0x3a, 0x67, 0xe1, 0x6b, 0xb8, 0x9d, 0x0d, 0x95, 0xb6, 0x03, + 0x80, 0x1f, 0xd5, 0x75, 0xb6, 0x1d, 0x79, 0x02, 0x93, 0x43, 0x77, 0xa7, + 0x9d, 0x2f, 0xc3, 0x84, 0xc6, 0x83, 0x76, 0x16, 0x06, 0x98, 0x7b, 0x79 + } +}, +#endif /* WOLFSSL_SHA384 */ +}; + +static const char protocolLabel[] = "tls13 "; +static const char ceTrafficLabel[] = "c e traffic"; +static const char eExpMasterLabel[] = "e exp master"; +static const char cHsTrafficLabel[] = "c hs traffic"; +static const char sHsTrafficLabel[] = "s hs traffic"; +static const char cAppTrafficLabel[] = "c ap traffic"; +static const char sAppTrafficLabel[] = "s ap traffic"; +static const char expMasterLabel[] = "exp master"; +static const char resMasterLabel[] = "res master"; +static const char derivedLabel[] = "derived"; + + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void) +{ + wc_test_ret_t ret = 0; + word32 i; + word32 tc = sizeof(tls13KdfTestVectors)/sizeof(Tls13KdfTestVector); + const Tls13KdfTestVector* tv = NULL; + WOLFSSL_ENTER("tls13_kdf_test"); + + for (i = 0, tv = tls13KdfTestVectors; i < tc; i++, tv++) { + byte output[WC_MAX_DIGEST_SIZE]; + byte secret[WC_MAX_DIGEST_SIZE]; + byte salt[WC_MAX_DIGEST_SIZE]; + byte zeroes[WC_MAX_DIGEST_SIZE]; + byte hashZero[WC_MAX_DIGEST_SIZE]; + int hashAlgSz; + + XMEMSET(zeroes, 0, sizeof zeroes); + + hashAlgSz = wc_HashGetDigestSize(tv->hashAlg); + if (hashAlgSz == WC_NO_ERR_TRACE(BAD_FUNC_ARG)) break; + ret = wc_Hash(tv->hashAlg, NULL, 0, hashZero, (word32)hashAlgSz); + if (ret != 0) break; + + ret = wc_Tls13_HKDF_Extract(secret, NULL, 0, + (tv->pskSz == 0) ? zeroes : (byte*)tv->psk, + tv->pskSz, (int)tv->hashAlg); + if (ret != 0) break; + + ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, + secret, (word32)hashAlgSz, + (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), + (byte*)ceTrafficLabel, (word32)XSTRLEN(ceTrafficLabel), + tv->hashHello1, (word32)hashAlgSz, (int)tv->hashAlg); + if (ret != 0) break; + + ret = XMEMCMP(tv->clientEarlyTrafficSecret, output, + (unsigned long)hashAlgSz); + if (ret != 0) break; + + ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, + secret, (word32)hashAlgSz, + (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), + (byte*)eExpMasterLabel, (word32)XSTRLEN(eExpMasterLabel), + tv->hashHello1, (word32)hashAlgSz, (int)tv->hashAlg); + if (ret != 0) break; + + ret = XMEMCMP(tv->earlyExporterMasterSecret, output, + (unsigned long)hashAlgSz); + if (ret != 0) break; + + ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz, + secret, (word32)hashAlgSz, + (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), + (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel), + hashZero, (word32)hashAlgSz, (int)tv->hashAlg); + if (ret != 0) break; + + ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz, + (tv->dheSz == 0) ? zeroes : (byte*)tv->dhe, + tv->dheSz, (int)tv->hashAlg); + if (ret != 0) break; + + ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, + secret, (word32)hashAlgSz, + (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), + (byte*)cHsTrafficLabel, (word32)XSTRLEN(cHsTrafficLabel), + tv->hashHello2, (word32)hashAlgSz, (int)tv->hashAlg); + if (ret != 0) break; + + ret = XMEMCMP(tv->clientHandshakeTrafficSecret, + output, (unsigned long)hashAlgSz); + if (ret != 0) break; + + ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, + secret, (word32)hashAlgSz, + (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), + (byte*)sHsTrafficLabel, (word32)XSTRLEN(sHsTrafficLabel), + tv->hashHello2, (word32)hashAlgSz, (int)tv->hashAlg); + if (ret != 0) break; + + ret = XMEMCMP(tv->serverHandshakeTrafficSecret, output, + (unsigned long)hashAlgSz); + if (ret != 0) break; + + ret = wc_Tls13_HKDF_Expand_Label(salt, (word32)hashAlgSz, + secret, (word32)hashAlgSz, + (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), + (byte*)derivedLabel, (word32)XSTRLEN(derivedLabel), + hashZero, (word32)hashAlgSz, (int)tv->hashAlg); + if (ret != 0) break; + + ret = wc_Tls13_HKDF_Extract(secret, salt, (word32)(word32)hashAlgSz, + zeroes, (word32)(word32)hashAlgSz, (int)tv->hashAlg); + if (ret != 0) break; + + ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, + secret, (word32)hashAlgSz, + (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), + (byte*)cAppTrafficLabel, (word32)XSTRLEN(cAppTrafficLabel), + tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg); + if (ret != 0) break; + + ret = XMEMCMP(tv->clientApplicationTrafficSecret, output, + (unsigned long)hashAlgSz); + if (ret != 0) break; + + ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, + secret, (word32)hashAlgSz, + (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), + (byte*)sAppTrafficLabel, (word32)XSTRLEN(sAppTrafficLabel), + tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg); + if (ret != 0) break; + + ret = XMEMCMP(tv->serverApplicationTrafficSecret, output, + (unsigned long)hashAlgSz); + if (ret != 0) break; + + ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, + secret, (word32)hashAlgSz, + (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), + (byte*)expMasterLabel, (word32)XSTRLEN(expMasterLabel), + tv->hashFinished1, (word32)hashAlgSz, (int)tv->hashAlg); + if (ret != 0) break; + + ret = XMEMCMP(tv->exporterMasterSecret, output, (unsigned long)hashAlgSz); + if (ret != 0) break; + + ret = wc_Tls13_HKDF_Expand_Label(output, (word32)hashAlgSz, + secret, (word32)hashAlgSz, + (byte*)protocolLabel, (word32)XSTRLEN(protocolLabel), + (byte*)resMasterLabel, (word32)XSTRLEN(resMasterLabel), + tv->hashFinished2, (word32)hashAlgSz, (int)tv->hashAlg); + if (ret != 0) break; + + ret = XMEMCMP(tv->resumptionMasterSecret, output, + (unsigned long)hashAlgSz); + if (ret != 0) break; + } + + return ret; +} + +#endif /* WOLFSSL_TLS13 && !NO_HMAC */ + + /* source code reference point -- see print_fiducials() below. */ +static WC_MAYBE_UNUSED const int fiducial2 = WC_TEST_RET_LN; + +#if defined(HAVE_ECC) && defined(HAVE_X963_KDF) + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void) +{ + wc_test_ret_t ret; + byte kek[128]; + +#ifndef NO_SHA + /* SHA-1, COUNT = 0 + * shared secret length: 192 + * SharedInfo length: 0 + * key data length: 128 + */ + WOLFSSL_SMALL_STACK_STATIC const byte Z[] = { + 0x1c, 0x7d, 0x7b, 0x5f, 0x05, 0x97, 0xb0, 0x3d, + 0x06, 0xa0, 0x18, 0x46, 0x6e, 0xd1, 0xa9, 0x3e, + 0x30, 0xed, 0x4b, 0x04, 0xdc, 0x64, 0xcc, 0xdd + }; + + WOLFSSL_SMALL_STACK_STATIC const byte verify[] = { + 0xbf, 0x71, 0xdf, 0xfd, 0x8f, 0x4d, 0x99, 0x22, + 0x39, 0x36, 0xbe, 0xb4, 0x6f, 0xee, 0x8c, 0xcc + }; +#endif + +#ifndef NO_SHA256 + /* SHA-256, COUNT = 3 + * shared secret length: 192 + * SharedInfo length: 0 + * key data length: 128 + */ + WOLFSSL_SMALL_STACK_STATIC const byte Z2[] = { + 0xd3, 0x8b, 0xdb, 0xe5, 0xc4, 0xfc, 0x16, 0x4c, + 0xdd, 0x96, 0x7f, 0x63, 0xc0, 0x4f, 0xe0, 0x7b, + 0x60, 0xcd, 0xe8, 0x81, 0xc2, 0x46, 0x43, 0x8c + }; + + WOLFSSL_SMALL_STACK_STATIC const byte verify2[] = { + 0x5e, 0x67, 0x4d, 0xb9, 0x71, 0xba, 0xc2, 0x0a, + 0x80, 0xba, 0xd0, 0xd4, 0x51, 0x4d, 0xc4, 0x84 + }; +#endif + +#ifdef WOLFSSL_SHA512 + /* SHA-512, COUNT = 0 + * shared secret length: 192 + * SharedInfo length: 0 + * key data length: 128 + */ + WOLFSSL_SMALL_STACK_STATIC const byte Z3[] = { + 0x87, 0xfc, 0x0d, 0x8c, 0x44, 0x77, 0x48, 0x5b, + 0xb5, 0x74, 0xf5, 0xfc, 0xea, 0x26, 0x4b, 0x30, + 0x88, 0x5d, 0xc8, 0xd9, 0x0a, 0xd8, 0x27, 0x82 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte verify3[] = { + 0x94, 0x76, 0x65, 0xfb, 0xb9, 0x15, 0x21, 0x53, + 0xef, 0x46, 0x02, 0x38, 0x50, 0x6a, 0x02, 0x45 + }; + + /* SHA-512, COUNT = 0 + * shared secret length: 521 + * SharedInfo length: 128 + * key data length: 1024 + */ + WOLFSSL_SMALL_STACK_STATIC const byte Z4[] = { + 0x00, 0xaa, 0x5b, 0xb7, 0x9b, 0x33, 0xe3, 0x89, + 0xfa, 0x58, 0xce, 0xad, 0xc0, 0x47, 0x19, 0x7f, + 0x14, 0xe7, 0x37, 0x12, 0xf4, 0x52, 0xca, 0xa9, + 0xfc, 0x4c, 0x9a, 0xdb, 0x36, 0x93, 0x48, 0xb8, + 0x15, 0x07, 0x39, 0x2f, 0x1a, 0x86, 0xdd, 0xfd, + 0xb7, 0xc4, 0xff, 0x82, 0x31, 0xc4, 0xbd, 0x0f, + 0x44, 0xe4, 0x4a, 0x1b, 0x55, 0xb1, 0x40, 0x47, + 0x47, 0xa9, 0xe2, 0xe7, 0x53, 0xf5, 0x5e, 0xf0, + 0x5a, 0x2d + }; + + WOLFSSL_SMALL_STACK_STATIC const byte info4[] = { + 0xe3, 0xb5, 0xb4, 0xc1, 0xb0, 0xd5, 0xcf, 0x1d, + 0x2b, 0x3a, 0x2f, 0x99, 0x37, 0x89, 0x5d, 0x31 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte verify4[] = { + 0x44, 0x63, 0xf8, 0x69, 0xf3, 0xcc, 0x18, 0x76, + 0x9b, 0x52, 0x26, 0x4b, 0x01, 0x12, 0xb5, 0x85, + 0x8f, 0x7a, 0xd3, 0x2a, 0x5a, 0x2d, 0x96, 0xd8, + 0xcf, 0xfa, 0xbf, 0x7f, 0xa7, 0x33, 0x63, 0x3d, + 0x6e, 0x4d, 0xd2, 0xa5, 0x99, 0xac, 0xce, 0xb3, + 0xea, 0x54, 0xa6, 0x21, 0x7c, 0xe0, 0xb5, 0x0e, + 0xef, 0x4f, 0x6b, 0x40, 0xa5, 0xc3, 0x02, 0x50, + 0xa5, 0xa8, 0xee, 0xee, 0x20, 0x80, 0x02, 0x26, + 0x70, 0x89, 0xdb, 0xf3, 0x51, 0xf3, 0xf5, 0x02, + 0x2a, 0xa9, 0x63, 0x8b, 0xf1, 0xee, 0x41, 0x9d, + 0xea, 0x9c, 0x4f, 0xf7, 0x45, 0xa2, 0x5a, 0xc2, + 0x7b, 0xda, 0x33, 0xca, 0x08, 0xbd, 0x56, 0xdd, + 0x1a, 0x59, 0xb4, 0x10, 0x6c, 0xf2, 0xdb, 0xbc, + 0x0a, 0xb2, 0xaa, 0x8e, 0x2e, 0xfa, 0x7b, 0x17, + 0x90, 0x2d, 0x34, 0x27, 0x69, 0x51, 0xce, 0xcc, + 0xab, 0x87, 0xf9, 0x66, 0x1c, 0x3e, 0x88, 0x16 + }; +#endif + + WOLFSSL_ENTER("x963kdf_test"); + +#ifndef NO_SHA + ret = wc_X963_KDF(WC_HASH_TYPE_SHA, Z, sizeof(Z), NULL, 0, + kek, sizeof(verify)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(verify, kek, sizeof(verify)) != 0) + return WC_TEST_RET_ENC_NC; +#endif + +#ifndef NO_SHA256 + ret = wc_X963_KDF(WC_HASH_TYPE_SHA256, Z2, sizeof(Z2), NULL, 0, + kek, sizeof(verify2)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(verify2, kek, sizeof(verify2)) != 0) + return WC_TEST_RET_ENC_NC; +#endif + +#ifdef WOLFSSL_SHA512 + ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z3, sizeof(Z3), NULL, 0, + kek, sizeof(verify3)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(verify3, kek, sizeof(verify3)) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_X963_KDF(WC_HASH_TYPE_SHA512, Z4, sizeof(Z4), info4, + sizeof(info4), kek, sizeof(verify4)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(verify4, kek, sizeof(verify4)) != 0) + return WC_TEST_RET_ENC_NC; +#endif + + return 0; +} + +#endif /* HAVE_X963_KDF */ + +#if defined(HAVE_HPKE) && \ + (defined(HAVE_ECC) || defined(HAVE_CURVE25519) || defined(HAVE_CURVE448)) && \ + defined(HAVE_AESGCM) && defined(WOLFSSL_AES_256) + +static wc_test_ret_t hpke_test_single(Hpke* hpke) +{ + wc_test_ret_t ret = 0; + int rngRet = 0; + WC_RNG rng[1]; + const char* start_text = "this is a test"; + const char* info_text = "info"; + const char* aad_text = "aad"; + byte ciphertext[MAX_HPKE_LABEL_SZ]; + byte plaintext[MAX_HPKE_LABEL_SZ]; + void* receiverKey = NULL; + void* ephemeralKey = NULL; +#ifdef WOLFSSL_SMALL_STACK + byte *pubKey = NULL; /* public key */ + word16 pubKeySz = (word16)HPKE_Npk_MAX; +#else + byte pubKey[HPKE_Npk_MAX]; /* public key */ + word16 pubKeySz = (word16)sizeof(pubKey); +#endif + + rngRet = ret = wc_InitRng(rng); + + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + +#ifdef WOLFSSL_SMALL_STACK + if (ret == 0) { + pubKey = (byte *)XMALLOC(pubKeySz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (pubKey == NULL) + ret = WC_TEST_RET_ENC_EC(MEMORY_E); + } +#endif + + /* generate the keys */ + if (ret == 0) { + ret = wc_HpkeGenerateKeyPair(hpke, &ephemeralKey, rng); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, rng); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + /* seal */ + if (ret == 0) { + ret = wc_HpkeSealBase(hpke, ephemeralKey, receiverKey, + (byte*)info_text, (word32)XSTRLEN(info_text), + (byte*)aad_text, (word32)XSTRLEN(aad_text), + (byte*)start_text, (word32)XSTRLEN(start_text), + ciphertext); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + /* export ephemeral key */ + if (ret == 0) { + ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, pubKey, &pubKeySz); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + /* open with exported ephemeral key */ + if (ret == 0) { + ret = wc_HpkeOpenBase(hpke, receiverKey, pubKey, pubKeySz, + (byte*)info_text, (word32)XSTRLEN(info_text), + (byte*)aad_text, (word32)XSTRLEN(aad_text), + ciphertext, (word32)XSTRLEN(start_text), + plaintext); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = XMEMCMP(plaintext, start_text, XSTRLEN(start_text)); + if (ret != 0) + ret = WC_TEST_RET_ENC_NC; + } + + /* Negative test case with NULL argument */ + if (ret == 0) { + ret = wc_HpkeGenerateKeyPair(NULL, &receiverKey, rng); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ret = WC_TEST_RET_ENC_EC(ret); + else + ret = 0; + } + + if (ret == 0) { + ret = wc_HpkeGenerateKeyPair(hpke, NULL, rng); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ret = WC_TEST_RET_ENC_EC(ret); + else + ret = 0; + } + + if (ret == 0) { + ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ret = WC_TEST_RET_ENC_EC(ret); + else + ret = 0; + } + + if (ephemeralKey != NULL) + wc_HpkeFreeKey(hpke, hpke->kem, ephemeralKey, hpke->heap); + + if (receiverKey != NULL) + wc_HpkeFreeKey(hpke, hpke->kem, receiverKey, hpke->heap); + + WC_FREE_VAR_EX(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + if (rngRet == 0) + wc_FreeRng(rng); + + return ret; +} + +static wc_test_ret_t hpke_test_multi(Hpke* hpke) +{ + wc_test_ret_t ret = 0; + int rngRet = 0; + WC_RNG rng[1]; + const char* start_text = "this is a test"; + const char* info_text = "info"; + const char* aad_text = "aad"; + byte ciphertexts[2][MAX_HPKE_LABEL_SZ]; + byte plaintext[MAX_HPKE_LABEL_SZ]; + void* receiverKey = NULL; + void* ephemeralKey = NULL; +#ifdef WOLFSSL_SMALL_STACK + HpkeBaseContext* context = NULL; + byte *pubKey = NULL; /* public key */ + word16 pubKeySz = (word16)HPKE_Npk_MAX; +#else + HpkeBaseContext context[1]; + byte pubKey[HPKE_Npk_MAX]; /* public key */ + word16 pubKeySz = (word16)sizeof(pubKey); +#endif + rngRet = ret = wc_InitRng(rng); + if (ret != 0) + return ret; +#ifdef WOLFSSL_SMALL_STACK + pubKey = (byte *)XMALLOC(pubKeySz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pubKey == NULL) + ret = MEMORY_E; + if (ret == 0) { + context = (HpkeBaseContext*)XMALLOC(sizeof(HpkeBaseContext), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + } + if (context == NULL) + ret = MEMORY_E; +#endif + /* generate the keys */ + if (ret == 0) + ret = wc_HpkeGenerateKeyPair(hpke, &ephemeralKey, rng); + if (ret == 0) + ret = wc_HpkeGenerateKeyPair(hpke, &receiverKey, rng); + /* setup seal context */ + if (ret == 0) { + ret = wc_HpkeInitSealContext(hpke, context, ephemeralKey, receiverKey, + (byte*)info_text, (word32)XSTRLEN(info_text)); + } + /* seal message 0 */ + if (ret == 0) { + ret = wc_HpkeContextSealBase(hpke, context, + (byte*)aad_text, (word32)XSTRLEN(aad_text), + (byte*)start_text, (word32)XSTRLEN(start_text), + ciphertexts[context->seq]); + } + /* seal message 1 */ + if (ret == 0) { + ret = wc_HpkeContextSealBase(hpke, context, + (byte*)aad_text, (word32)XSTRLEN(aad_text), + (byte*)start_text, (word32)XSTRLEN(start_text), + ciphertexts[context->seq]); + } + /* export ephemeral key */ + if (ret == 0) + ret = wc_HpkeSerializePublicKey(hpke, ephemeralKey, pubKey, &pubKeySz); + /* setup open context */ + if (ret == 0) { + ret = wc_HpkeInitOpenContext(hpke, context, receiverKey, pubKey, + pubKeySz, (byte*)info_text, (word32)XSTRLEN(info_text)); + } + /* open message 0 */ + if (ret == 0) { + ret = wc_HpkeContextOpenBase(hpke, context, (byte*)aad_text, + (word32)XSTRLEN(aad_text), ciphertexts[context->seq], + (word32)XSTRLEN(start_text), plaintext); + } + /* check message 0 */ + if (ret == 0) + ret = XMEMCMP(plaintext, start_text, XSTRLEN(start_text)); + /* open message 1 */ + if (ret == 0) { + ret = wc_HpkeContextOpenBase(hpke, context, (byte*)aad_text, + (word32)XSTRLEN(aad_text), ciphertexts[context->seq], + (word32)XSTRLEN(start_text), plaintext); + } + /* check message 1 */ + if (ret == 0) + ret = XMEMCMP(plaintext, start_text, XSTRLEN(start_text)); + if (ephemeralKey != NULL) + wc_HpkeFreeKey(hpke, hpke->kem, ephemeralKey, hpke->heap); + if (receiverKey != NULL) + wc_HpkeFreeKey(hpke, hpke->kem, receiverKey, hpke->heap); +#ifdef WOLFSSL_SMALL_STACK + if (pubKey != NULL) + XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (context != NULL) + XFREE(context, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + if (rngRet == 0) + wc_FreeRng(rng); + return ret; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void) +{ + wc_test_ret_t ret = 0; + Hpke hpke[1]; + WOLFSSL_ENTER("hpke_test"); + +#if defined(HAVE_ECC) + #if defined(WOLFSSL_SHA224) || !defined(NO_SHA256) + /* p256 */ + ret = wc_HpkeInit(hpke, DHKEM_P256_HKDF_SHA256, HKDF_SHA256, + HPKE_AES_128_GCM, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = hpke_test_single(hpke); + if (ret != 0) + return ret; + ret = hpke_test_multi(hpke); + if (ret != 0) + return ret; + + #endif + + #if defined(WOLFSSL_SHA384) && \ + (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) + /* p384 */ + ret = wc_HpkeInit(hpke, DHKEM_P384_HKDF_SHA384, HKDF_SHA384, + HPKE_AES_128_GCM, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = hpke_test_single(hpke); + if (ret != 0) + return ret; + ret = hpke_test_multi(hpke); + if (ret != 0) + return ret; + #endif + + #if (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \ + (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) + /* p521 */ + ret = wc_HpkeInit(hpke, DHKEM_P521_HKDF_SHA512, HKDF_SHA512, + HPKE_AES_128_GCM, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = hpke_test_single(hpke); + if (ret != 0) + return ret; + ret = hpke_test_multi(hpke); + if (ret != 0) + return ret; + #endif +#endif + +#if defined(HAVE_CURVE25519) + /* test with curve25519 and aes256 */ + ret = wc_HpkeInit(hpke, DHKEM_X25519_HKDF_SHA256, HKDF_SHA256, + HPKE_AES_256_GCM, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = hpke_test_single(hpke); + if (ret != 0) + return ret; + ret = hpke_test_multi(hpke); + if (ret != 0) + return ret; +#endif + + +#if defined(HAVE_CURVE448) && \ + (defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) + /* test with curve448 and aes256 */ + ret = wc_HpkeInit(hpke, DHKEM_X448_HKDF_SHA512, HKDF_SHA512, + HPKE_AES_256_GCM, NULL); + + /* HPKE does not support X448 yet, so expect failure */ + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = hpke_test_single(hpke); + + /* HPKE does not support X448 yet, so expect failure */ + if (WC_TEST_RET_DEC_EC(ret) != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return ret; + ret = 0; /* reset error code */ +#endif + + /* TODO: HPKE chacha20 is not implemented */ + + return ret; +} +#endif /* HAVE_HPKE && HAVE_ECC && HAVE_AESGCM && WOLFSSL_AES_256 */ + +#if defined(WC_SRTP_KDF) +typedef struct Srtp_Kdf_Tv { + const unsigned char* key; + word32 keySz; + const unsigned char* salt; + word32 saltSz; + int kdfIdx; + const unsigned char* index; + const unsigned char* ke; + const unsigned char* ka; + const unsigned char* ks; + const unsigned char* index_c; + const unsigned char* ke_c; + const unsigned char* ka_c; + const unsigned char* ks_c; + word32 keSz; + word32 kaSz; + word32 ksSz; +} Srtp_Kdf_Tv; + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void) +{ + wc_test_ret_t ret = 0; + /* 128-bit key, kdrIdx = -1 */ + WOLFSSL_SMALL_STACK_STATIC const byte key_0[] = { + 0xc4, 0x80, 0x9f, 0x6d, 0x36, 0x98, 0x88, 0x72, + 0x8e, 0x26, 0xad, 0xb5, 0x32, 0x12, 0x98, 0x90 + }; + WOLFSSL_SMALL_STACK_STATIC const byte salt_0[] = { + 0x0e, 0x23, 0x00, 0x6c, 0x6c, 0x04, 0x4f, 0x56, + 0x62, 0x40, 0x0e, 0x9d, 0x1b, 0xd6 + }; + WOLFSSL_SMALL_STACK_STATIC const byte index_0[] = { + 0x48, 0x71, 0x65, 0x64, 0x9c, 0xca + }; + WOLFSSL_SMALL_STACK_STATIC const byte ke_0[] = { + 0xdc, 0x38, 0x21, 0x92, 0xab, 0x65, 0x10, 0x8a, + 0x86, 0xb2, 0x59, 0xb6, 0x1b, 0x3a, 0xf4, 0x6f + }; + WOLFSSL_SMALL_STACK_STATIC const byte ka_0[] = { + 0xb8, 0x39, 0x37, 0xfb, 0x32, 0x17, 0x92, 0xee, + 0x87, 0xb7, 0x88, 0x19, 0x3b, 0xe5, 0xa4, 0xe3, + 0xbd, 0x32, 0x6e, 0xe4 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ks_0[] = { + 0xf1, 0xc0, 0x35, 0xc0, 0x0b, 0x5a, 0x54, 0xa6, + 0x16, 0x92, 0xc0, 0x16, 0x27, 0x6c + }; + WOLFSSL_SMALL_STACK_STATIC const byte index_c_0[] = { + 0x56, 0xf3, 0xf1, 0x97 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ke_c_0[] = { + 0xab, 0x5b, 0xe0, 0xb4, 0x56, 0x23, 0x5d, 0xcf, + 0x77, 0xd5, 0x08, 0x69, 0x29, 0xba, 0xfb, 0x38 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ka_c_0[] = { + 0xc5, 0x2f, 0xde, 0x0b, 0x80, 0xb0, 0xf0, 0xba, + 0xd8, 0xd1, 0x56, 0x45, 0xcb, 0x86, 0xe7, 0xc7, + 0xc3, 0xd8, 0x77, 0x0e + }; + WOLFSSL_SMALL_STACK_STATIC const byte ks_c_0[] = { + 0xde, 0xb5, 0xf8, 0x5f, 0x81, 0x33, 0x6a, 0x96, + 0x5e, 0xd3, 0x2b, 0xb7, 0xed, 0xe8 + }; + /* 192-bit key, kdrIdx = 0 */ + WOLFSSL_SMALL_STACK_STATIC const byte key_1[] = { + 0xbb, 0x04, 0x5b, 0x1f, 0x53, 0xc6, 0x93, 0x2c, + 0x2b, 0xa6, 0x88, 0xf5, 0xe3, 0xf2, 0x24, 0x70, + 0xe1, 0x7d, 0x7d, 0xec, 0x8a, 0x93, 0x4d, 0xf2 + }; + WOLFSSL_SMALL_STACK_STATIC const byte salt_1[] = { + 0xe7, 0x22, 0xab, 0x92, 0xfc, 0x7c, 0x89, 0xb6, + 0x53, 0x8a, 0xf9, 0x3c, 0xb9, 0x52 + }; + WOLFSSL_SMALL_STACK_STATIC const byte index_1[] = { + 0xd7, 0x87, 0x8f, 0x33, 0xb1, 0x76 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ke_1[] = { + 0x2c, 0xc8, 0x3e, 0x54, 0xb2, 0x33, 0x89, 0xb3, + 0x71, 0x65, 0x0f, 0x51, 0x61, 0x65, 0xe4, 0x93, + 0x07, 0x4e, 0xb3, 0x47, 0xba, 0x2d, 0x60, 0x60 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ka_1[] = { + 0x2e, 0x80, 0xe4, 0x82, 0x55, 0xa2, 0xbe, 0x6d, + 0xe0, 0x46, 0xcc, 0xc1, 0x75, 0x78, 0x6e, 0x78, + 0xd1, 0xd1, 0x47, 0x08 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ks_1[] = { + 0xe0, 0xc1, 0xe6, 0xaf, 0x1e, 0x8d, 0x8c, 0xfe, + 0xe5, 0x60, 0x70, 0xb5, 0xe6, 0xea + }; + WOLFSSL_SMALL_STACK_STATIC const byte index_c_1[] = { + 0x40, 0xbf, 0xd4, 0xa9 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ke_c_1[] = { + 0x94, 0x0f, 0x55, 0xce, 0x58, 0xd8, 0x16, 0x65, + 0xf0, 0xfa, 0x46, 0x40, 0x0c, 0xda, 0xb1, 0x11, + 0x9e, 0x69, 0xa0, 0x93, 0x4e, 0xd7, 0xf2, 0x84 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ka_c_1[] = { + 0xf5, 0x41, 0x6f, 0xc2, 0x65, 0xc5, 0xb3, 0xef, + 0xbb, 0x22, 0xc8, 0xfc, 0x6b, 0x00, 0x14, 0xb2, + 0xf3, 0x3b, 0x8e, 0x29 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ks_c_1[] = { + 0x35, 0xb7, 0x42, 0x43, 0xf0, 0x01, 0x01, 0xb4, + 0x68, 0xa1, 0x28, 0x80, 0x37, 0xf0 + }; + /* 256-bit key, kdrIdx = 1 */ + WOLFSSL_SMALL_STACK_STATIC const byte key_2[] = { + 0x10, 0x38, 0x0a, 0xcd, 0xd6, 0x47, 0xab, 0xee, + 0xc0, 0xd4, 0x44, 0xf4, 0x7e, 0x51, 0x36, 0x02, + 0x79, 0xa8, 0x94, 0x80, 0x35, 0x40, 0xed, 0x50, + 0xf4, 0x45, 0x30, 0x3d, 0xb5, 0xf0, 0x2b, 0xbb + }; + WOLFSSL_SMALL_STACK_STATIC const byte salt_2[] = { + 0xc7, 0x31, 0xf2, 0xc8, 0x40, 0x43, 0xb8, 0x74, + 0x8a, 0x61, 0x84, 0x7a, 0x25, 0x8a + }; + WOLFSSL_SMALL_STACK_STATIC const byte index_2[] = { + 0x82, 0xf1, 0x84, 0x8c, 0xac, 0x42 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ke_2[] = { + 0xb2, 0x26, 0x60, 0xaf, 0x08, 0x23, 0x14, 0x98, + 0x91, 0xde, 0x5d, 0x87, 0x95, 0x61, 0xca, 0x8f, + 0x0e, 0xce, 0xfb, 0x68, 0x4d, 0xd6, 0x28, 0xcb, + 0x28, 0xe2, 0x27, 0x20, 0x2d, 0xff, 0x64, 0xbb + }; + WOLFSSL_SMALL_STACK_STATIC const byte ka_2[] = { + 0x12, 0x6f, 0x52, 0xe8, 0x07, 0x7f, 0x07, 0x84, + 0xa0, 0x61, 0x96, 0xf8, 0xee, 0x4d, 0x05, 0x57, + 0x65, 0xc7, 0x50, 0xc1 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ks_2[] = { + 0x18, 0x5a, 0x59, 0xe5, 0x91, 0x4d, 0xc9, 0x6c, + 0xfa, 0x5b, 0x36, 0x06, 0x8c, 0x9a + }; + WOLFSSL_SMALL_STACK_STATIC const byte index_c_2[] = { + 0x31, 0x2d, 0x58, 0x15 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ke_c_2[] = { + 0x14, 0xf2, 0xc8, 0x25, 0x02, 0x79, 0x22, 0xa1, + 0x96, 0xb6, 0xf7, 0x07, 0x76, 0xa6, 0xa3, 0xc4, + 0x37, 0xdf, 0xa0, 0xf8, 0x78, 0x93, 0x2c, 0xfa, + 0xea, 0x35, 0xf0, 0xf3, 0x3f, 0x32, 0x6e, 0xfd + }; + WOLFSSL_SMALL_STACK_STATIC const byte ka_c_2[] = { + 0x6e, 0x3d, 0x4a, 0x99, 0xea, 0x2f, 0x9d, 0x13, + 0x4a, 0x1e, 0x71, 0x2e, 0x15, 0xc0, 0xca, 0xb6, + 0x35, 0x78, 0xdf, 0xa4 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ks_c_2[] = { + 0xae, 0xe4, 0xec, 0x18, 0x31, 0x70, 0x5d, 0x3f, + 0xdc, 0x97, 0x89, 0x88, 0xfd, 0xff + }; + /* 128-bit key, kdrIdx = 8 */ + WOLFSSL_SMALL_STACK_STATIC const byte key_3[] = { + 0x36, 0xb4, 0xde, 0xcb, 0x2e, 0x51, 0x23, 0x76, + 0xe0, 0x27, 0x7e, 0x3e, 0xc8, 0xf6, 0x54, 0x04 + }; + WOLFSSL_SMALL_STACK_STATIC const byte salt_3[] = { + 0x73, 0x26, 0xf4, 0x3f, 0xc0, 0xd9, 0xc6, 0xe3, + 0x2f, 0x92, 0x7d, 0x46, 0x12, 0x76 + }; + WOLFSSL_SMALL_STACK_STATIC const byte index_3[] = { + 0x44, 0x73, 0xb2, 0x2d, 0xb2, 0x60 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ke_3[] = { + 0x79, 0x91, 0x3d, 0x7b, 0x20, 0x5d, 0xea, 0xe2, + 0xeb, 0x46, 0x89, 0x68, 0x5a, 0x06, 0x73, 0x74 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ka_3[] = { + 0x2d, 0x2e, 0x97, 0x4e, 0x76, 0x8c, 0x62, 0xa6, + 0x57, 0x80, 0x13, 0x42, 0x0b, 0x51, 0xa7, 0x66, + 0xea, 0x31, 0x24, 0xe6 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ks_3[] = { + 0xcc, 0xd7, 0x31, 0xf6, 0x3b, 0xf3, 0x89, 0x8a, + 0x5b, 0x7b, 0xb5, 0x8b, 0x4c, 0x3f + }; + WOLFSSL_SMALL_STACK_STATIC const byte index_c_3[] = { + 0x4a, 0x7d, 0xaa, 0x85 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ke_c_3[] = { + 0x34, 0x99, 0x71, 0xfe, 0x12, 0x93, 0xae, 0x8c, + 0x4a, 0xe9, 0x84, 0xe4, 0x93, 0x53, 0x63, 0x88 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ka_c_3[] = { + 0xa4, 0x53, 0x5e, 0x0a, 0x9c, 0xf2, 0xce, 0x13, + 0xef, 0x7a, 0x13, 0xee, 0x0a, 0xef, 0xba, 0x17, + 0x05, 0x18, 0xe3, 0xed + }; + WOLFSSL_SMALL_STACK_STATIC const byte ks_c_3[] = { + 0xe1, 0x29, 0x4f, 0x61, 0x30, 0x3c, 0x4d, 0x46, + 0x5f, 0x5c, 0x81, 0x3c, 0x38, 0xb6 + }; + + /* SRTCP w/ 48-bit idx - KDR 0 (-1) */ + WOLFSSL_SMALL_STACK_STATIC const byte mk48_1[] = { + 0xFF, 0xB6, 0xCB, 0x09, 0x71, 0x3F, 0x63, 0x4D, + 0x7F, 0x42, 0xED, 0xA8, 0x12, 0x81, 0x50, 0xE6 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ms48_1[] = { + 0x1F, 0x04, 0x76, 0xC8, 0x7F, 0x58, 0x23, 0xEF, + 0xD3, 0x57, 0xB2, 0xBD, 0xF1, 0x32 + }; + WOLFSSL_SMALL_STACK_STATIC const byte srtcp48idx_1[] = { + 0x00, 0x00, 0x08, 0x56, 0xBC, 0x39 + }; + WOLFSSL_SMALL_STACK_STATIC const byte srtcpKe_48_1[] = { + 0xD2, 0xC3, 0xF3, 0x49, 0x00, 0x1A, 0x18, 0x0F, + 0xB6, 0x05, 0x5A, 0x5A, 0x67, 0x8E, 0xE5, 0xB2 + }; + WOLFSSL_SMALL_STACK_STATIC const byte srtcpKa_48_1[] = { + 0x8D, 0x54, 0xBE, 0xB5, 0x7B, 0x7F, 0x7A, 0xAB, + 0xF5, 0x46, 0xCE, 0x5B, 0x45, 0x69, 0x4A, 0x75, + 0x81, 0x2A, 0xE2, 0xCB + }; + WOLFSSL_SMALL_STACK_STATIC const byte srtcpKs_48_1[] = { + 0x76, 0x3C, 0x97, 0x6A, 0x45, 0x31, 0xA7, 0x79, + 0x3C, 0x28, 0x4A, 0xA6, 0x82, 0x03 + }; + + /* SRTCP w/ 48-bit idx - KDR 19 */ + WOLFSSL_SMALL_STACK_STATIC const byte mk48_2[] = { + 0xBD, 0x1D, 0x71, 0x6B, 0xDA, 0x28, 0xE3, 0xFC, + 0xA5, 0xA0, 0x66, 0x3F, 0x2E, 0x34, 0xA8, 0x58 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ms48_2[] = { + 0x79, 0x06, 0xE5, 0xAB, 0x5C, 0x2B, 0x1B, 0x69, + 0xFA, 0xEE, 0xD2, 0x29, 0x57, 0x3C + }; + WOLFSSL_SMALL_STACK_STATIC const byte srtcp48idx_2[] = { + 0x00, 0x00, 0x59, 0xD0, 0xC2, 0xE8 + }; + WOLFSSL_SMALL_STACK_STATIC const byte srtcpKe_48_2[] = { + 0xB9, 0xD7, 0xAD, 0xD8, 0x90, 0x94, 0xC2, 0x92, + 0xA5, 0x04, 0x87, 0xC4, 0x8C, 0xEF, 0xE2, 0xA3 + }; + WOLFSSL_SMALL_STACK_STATIC const byte srtcpKa_48_2[] = { + 0x07, 0xD5, 0xC4, 0xD2, 0x06, 0xFB, 0x63, 0x15, + 0xC2, 0x9C, 0x7F, 0x55, 0xD1, 0x16, 0x5C, 0xB5, + 0xB7, 0x44, 0x54, 0xBD + }; + WOLFSSL_SMALL_STACK_STATIC const byte srtcpKs_48_2[] = { + 0x0C, 0x5E, 0x53, 0xC1, 0xD0, 0x75, 0xAD, 0x65, + 0xBF, 0x51, 0x74, 0x50, 0x89, 0xD7 + }; + int kdr_48_1 = -1; + int kdr_48_2 = 19; + + #define SRTP_TV_CNT 4 + Srtp_Kdf_Tv tv[SRTP_TV_CNT] = { + { key_0, (word32)sizeof(key_0), salt_0, (word32)sizeof(salt_0), -1, + index_0, ke_0, ka_0, ks_0, index_c_0, ke_c_0, ka_c_0, ks_c_0, + 16, 20, 14 }, + { key_1, (word32)sizeof(key_1), salt_1, (word32)sizeof(salt_1), 0, + index_1, ke_1, ka_1, ks_1, index_c_1, ke_c_1, ka_c_1, ks_c_1, + 24, 20, 14 }, + { key_2, (word32)sizeof(key_2), salt_2, (word32)sizeof(salt_2), 1, + index_2, ke_2, ka_2, ks_2, index_c_2, ke_c_2, ka_c_2, ks_c_2, + 32, 20, 14 }, + { key_3, (word32)sizeof(key_3), salt_3, (word32)sizeof(salt_3), 8, + index_3, ke_3, ka_3, ks_3, index_c_3, ke_c_3, ka_c_3, ks_c_3, + 16, 20, 14 }, + }; + int i; + int idx; + unsigned char keyE[32]; + unsigned char keyA[20]; + unsigned char keyS[14]; + WOLFSSL_ENTER("srtpkdf_test"); + + for (i = 0; (ret == 0) && (i < SRTP_TV_CNT); i++) { + #ifndef WOLFSSL_AES_128 + if (tv[i].keySz == AES_128_KEY_SIZE) { + continue; + } + #endif + #ifndef WOLFSSL_AES_192 + if (tv[i].keySz == AES_192_KEY_SIZE) { + continue; + } + #endif + #ifndef WOLFSSL_AES_256 + if (tv[i].keySz == AES_256_KEY_SIZE) { + continue; + } + #endif + + ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, + tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(keyE, tv[i].ke, tv[i].keSz) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(keyA, tv[i].ka, tv[i].kaSz) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(keyS, tv[i].ks, tv[i].ksSz) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt, + tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_ENCRYPTION, + keyE, tv[i].keSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(keyE, tv[i].ke, tv[i].keSz) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt, + tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_MSG_AUTH, + keyA, tv[i].kaSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(keyA, tv[i].ka, tv[i].kaSz) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt, + tv[i].saltSz, tv[i].kdfIdx, tv[i].index, WC_SRTP_LABEL_SALT, keyS, + tv[i].ksSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(keyS, tv[i].ks, tv[i].ksSz) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, + tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(keyE, tv[i].ke_c, tv[i].keSz) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(keyA, tv[i].ka_c, tv[i].kaSz) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(keyS, tv[i].ks_c, tv[i].ksSz) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt, + tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, + WC_SRTCP_LABEL_ENCRYPTION, keyE, tv[i].keSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(keyE, tv[i].ke_c, tv[i].keSz) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt, + tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, WC_SRTCP_LABEL_MSG_AUTH, + keyA, tv[i].kaSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(keyA, tv[i].ka_c, tv[i].kaSz) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt, + tv[i].saltSz, tv[i].kdfIdx, tv[i].index_c, WC_SRTCP_LABEL_SALT, + keyS, tv[i].ksSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(keyS, tv[i].ks_c, tv[i].ksSz) != 0) + return WC_TEST_RET_ENC_NC; + } + +#ifdef WOLFSSL_AES_128 + i = 0; +#elif defined(WOLFSSL_AES_192) + i = 1; +#else + i = 2; +#endif + ret = wc_SRTP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz, + tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SRTCP_KDF(tv[i].key, 33, tv[i].salt, tv[i].saltSz, + tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SRTP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz, + tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SRTCP_KDF(tv[i].key, 15, tv[i].salt, tv[i].saltSz, + tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15, + tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, 15, + tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SRTP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz, + tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SRTCP_KDF(NULL, tv[i].keySz, tv[i].salt, tv[i].saltSz, + tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz, + tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, NULL, tv[i].saltSz, + tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, + 25, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, + 25, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, + -2, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, + -2, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, + tv[i].kdfIdx, tv[i].index, NULL, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, + tv[i].kdfIdx, tv[i].index_c, NULL, tv[i].keSz, keyA, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, + tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, NULL, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, + tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, NULL, tv[i].kaSz, + keyS, tv[i].ksSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, + tv[i].kdfIdx, tv[i].index, keyE, tv[i].keSz, keyA, tv[i].kaSz, + NULL, tv[i].ksSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz, + tv[i].kdfIdx, tv[i].index_c, keyE, tv[i].keSz, keyA, tv[i].kaSz, + NULL, tv[i].ksSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + idx = wc_SRTP_KDF_kdr_to_idx(0); + if (idx != -1) + return WC_TEST_RET_ENC_NC; + for (i = 0; i < 32; i++) { + word32 kdr = 1U << i; + + /* SRTCP w/ 48-bit IDX, 128-bit key test */ + if (i == 0) { + ret = wc_SRTCP_KDF_ex(mk48_1, (word32)sizeof(mk48_1), + ms48_1, (word32)sizeof(ms48_1), + kdr_48_1, srtcp48idx_1, keyE, tv[i].keSz, + keyA, tv[i].kaSz, keyS, tv[i].ksSz, + WC_SRTCP_48BIT_IDX); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(keyE, srtcpKe_48_1, tv[i].keSz) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(keyA, srtcpKa_48_1, tv[i].kaSz) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(keyS, srtcpKs_48_1, tv[i].ksSz) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_SRTCP_KDF_ex(mk48_2, (word32)sizeof(mk48_2), + ms48_2, (word32)sizeof(ms48_2), + kdr_48_2, srtcp48idx_2, keyE, tv[i].keSz, + keyA, tv[i].kaSz, keyS, tv[i].ksSz, + WC_SRTCP_48BIT_IDX); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(keyE, srtcpKe_48_2, tv[i].keSz) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(keyA, srtcpKa_48_2, tv[i].kaSz) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(keyS, srtcpKs_48_2, tv[i].ksSz) != 0) + return WC_TEST_RET_ENC_NC; + } + idx = wc_SRTP_KDF_kdr_to_idx(kdr); + if (idx != i) + return WC_TEST_RET_ENC_NC; + } + + return 0; +} +#endif + +#ifdef HAVE_ECC + +/* size to use for ECC key gen tests */ +#ifndef ECC_KEYGEN_SIZE + #if !defined(NO_ECC256) || defined(WOLFSSL_SM2) + #define ECC_KEYGEN_SIZE 32 + #elif defined(HAVE_ECC384) + #define ECC_KEYGEN_SIZE 48 + #elif defined(HAVE_ECC224) + #define ECC_KEYGEN_SIZE 28 + #elif defined(HAVE_ECC521) + #define ECC_KEYGEN_SIZE 66 + #else + #error No ECC keygen size defined for test + #endif +#endif +#ifdef BENCH_EMBEDDED + #define ECC_SHARED_SIZE 128 +#else + #define ECC_SHARED_SIZE MAX_ECC_BYTES +#endif +#if defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) +#define HAVE_ECC_DETERMINISTIC_K +#define ECC_DIGEST_SIZE WC_SHA256_DIGEST_SIZE +#else +#define ECC_DIGEST_SIZE WC_MAX_DIGEST_SIZE +#endif +#define ECC_SIG_SIZE ECC_MAX_SIG_SIZE + +#ifdef NO_ECC_SECP + #define NO_ECC_VECTOR_TEST +#endif + +#ifndef NO_ECC_VECTOR_TEST + #if (defined(HAVE_ECC192) || defined(HAVE_ECC224) ||\ + !defined(NO_ECC256) || defined(HAVE_ECC384) ||\ + defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) + #define HAVE_ECC_VECTOR_TEST + #endif +#endif + +#ifdef HAVE_ECC_VECTOR_TEST +typedef struct eccVector { + const char* msg; /* SHA-1 Encoded Message */ + const char* Qx; + const char* Qy; + const char* d; /* Private Key */ + const char* R; + const char* S; + const char* curveName; + word32 msgLen; + word32 keySize; + const byte* r; + word32 rSz; + const byte* s; + word32 sSz; +} eccVector; + +#if !defined(WOLF_CRYPTO_CB_ONLY_ECC) +static wc_test_ret_t ecc_test_vector_item(const eccVector* vector) +{ + wc_test_ret_t ret = 0; + int verify = 0; + word32 sigSz; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + ecc_key userA[1]; +#endif + WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); +#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) + word32 sigRawSz, rSz = MAX_ECC_BYTES, sSz = MAX_ECC_BYTES; + WC_DECLARE_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT); + WC_DECLARE_VAR(r, byte, MAX_ECC_BYTES, HEAP_HINT); + WC_DECLARE_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT); +#endif + + WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); +#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) + WC_ALLOC_VAR(sigRaw, byte, ECC_SIG_SIZE, HEAP_HINT); + WC_ALLOC_VAR(r, byte, MAX_ECC_BYTES, HEAP_HINT); + WC_ALLOC_VAR(s, byte, MAX_ECC_BYTES, HEAP_HINT); +#endif + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC + if (sig == NULL) + ERROR_OUT(MEMORY_E, done); +#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) + if (sigRaw == NULL || r == NULL || s == NULL) + ERROR_OUT(MEMORY_E, done); +#endif +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (userA == NULL) + ERROR_OUT(MEMORY_E, done); +#endif + + ret = wc_ecc_init_ex(userA, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ecc_import_raw(userA, vector->Qx, vector->Qy, + vector->d, vector->curveName); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#if !defined(NO_ASN) + XMEMSET(sig, 0, ECC_SIG_SIZE); + sigSz = ECC_SIG_SIZE; + ret = wc_ecc_rs_to_sig(vector->R, vector->S, sig, &sigSz); + if (ret != 0) + goto done; + +#if !defined(HAVE_SELFTEST) + XMEMSET(sigRaw, 0, ECC_SIG_SIZE); + sigRawSz = ECC_SIG_SIZE; + ret = wc_ecc_rs_raw_to_sig(vector->r, vector->rSz, vector->s, vector->sSz, + sigRaw, &sigRawSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (sigSz != sigRawSz || XMEMCMP(sig, sigRaw, sigSz) != 0) { + ret = WC_TEST_RET_ENC_NC; + goto done; + } + + ret = wc_ecc_sig_to_rs(sig, sigSz, r, &rSz, s, &sSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (rSz != vector->rSz || XMEMCMP(r, vector->r, rSz) != 0 || + sSz != vector->sSz || XMEMCMP(s, vector->s, sSz) != 0) { + ret = WC_TEST_RET_ENC_NC; + goto done; + } +#endif /* !HAVE_SELFTEST */ +#else + /* Signature will be R+S directly */ + /* Make sure and zero pad if r or s is less than key size */ + XMEMSET(sig, 0, ECC_SIG_SIZE); + sigSz = vector->keySize * 2; + XMEMCPY(sig + (vector->keySize - vector->rSz), + vector->r, vector->rSz); + XMEMCPY(sig + vector->keySize + (vector->keySize - vector->sSz), + vector->s, vector->sSz); +#endif /* !NO_ASN */ + +#ifdef HAVE_ECC_VERIFY + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_verify_hash(sig, sigSz, (byte*)vector->msg, + vector->msgLen, &verify, userA); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + + if (verify != 1) + ret = WC_TEST_RET_ENC_NC; +#endif + +done: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (userA != NULL) { + wc_ecc_free(userA); + XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_ecc_free(userA); +#endif + +#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) + WC_FREE_VAR(sigRaw, HEAP_HINT); + WC_FREE_VAR(r, HEAP_HINT); + WC_FREE_VAR(s, HEAP_HINT); +#endif + WC_FREE_VAR(sig, HEAP_HINT); + + return ret; +} + +static wc_test_ret_t ecc_test_vector(int keySize) +{ + wc_test_ret_t ret; + eccVector vec; + + XMEMSET(&vec, 0, sizeof(vec)); + vec.keySize = (word32)keySize; + + switch(keySize) { + +#if defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES) + case 14: + return 0; +#endif /* HAVE_ECC112 */ +#if defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES) + case 16: + return 0; +#endif /* HAVE_ECC128 */ +#if defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES) + case 20: + return 0; +#endif /* HAVE_ECC160 */ + +#if defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES) + case 24: + /* first [P-192,SHA-1] vector from FIPS 186-3 NIST vectors */ + #if 1 + vec.msg = "\x60\x80\x79\x42\x3f\x12\x42\x1d\xe6\x16\xb7\x49\x3e\xbe\x55\x1c\xf4\xd6\x5b\x92"; + vec.msgLen = 20; + #else + /* This is the raw message prior to SHA-1 */ + vec.msg = + "\xeb\xf7\x48\xd7\x48\xeb\xbc\xa7\xd2\x9f\xb4\x73\x69\x8a\x6e\x6b" + "\x4f\xb1\x0c\x86\x5d\x4a\xf0\x24\xcc\x39\xae\x3d\xf3\x46\x4b\xa4" + "\xf1\xd6\xd4\x0f\x32\xbf\x96\x18\xa9\x1b\xb5\x98\x6f\xa1\xa2\xaf" + "\x04\x8a\x0e\x14\xdc\x51\xe5\x26\x7e\xb0\x5e\x12\x7d\x68\x9d\x0a" + "\xc6\xf1\xa7\xf1\x56\xce\x06\x63\x16\xb9\x71\xcc\x7a\x11\xd0\xfd" + "\x7a\x20\x93\xe2\x7c\xf2\xd0\x87\x27\xa4\xe6\x74\x8c\xc3\x2f\xd5" + "\x9c\x78\x10\xc5\xb9\x01\x9d\xf2\x1c\xdc\xc0\xbc\xa4\x32\xc0\xa3" + "\xee\xd0\x78\x53\x87\x50\x88\x77\x11\x43\x59\xce\xe4\xa0\x71\xcf"; + vec.msgLen = 128; + #endif + vec.Qx = "07008ea40b08dbe76432096e80a2494c94982d2d5bcf98e6"; + vec.Qy = "76fab681d00b414ea636ba215de26d98c41bd7f2e4d65477"; + vec.d = "e14f37b3d1374ff8b03f41b9b3fdd2f0ebccf275d660d7f3"; + vec.R = "6994d962bdd0d793ffddf855ec5bf2f91a9698b46258a63e"; + vec.S = "02ba6465a234903744ab02bc8521405b73cf5fc00e1a9f41"; + vec.curveName = "SECP192R1"; + vec.r = (byte*)"\x69\x94\xd9\x62\xbd\xd0\xd7\x93\xff\xdd\xf8\x55" + "\xec\x5b\xf2\xf9\x1a\x96\x98\xb4\x62\x58\xa6\x3e"; + vec.rSz = 24; + vec.s = (byte*)"\x02\xba\x64\x65\xa2\x34\x90\x37\x44\xab\x02\xbc" + "\x85\x21\x40\x5b\x73\xcf\x5f\xc0\x0e\x1a\x9f\x41"; + vec.sSz = 24; + break; +#endif /* HAVE_ECC192 */ + +#if defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES) + case 28: + /* first [P-224,SHA-1] vector from FIPS 186-3 NIST vectors */ + #if 1 + vec.msg = "\xb9\xa3\xb8\x6d\xb0\xba\x99\xfd\xc6\xd2\x94\x6b\xfe\xbe\x9c\xe8\x3f\x10\x74\xfc"; + vec.msgLen = 20; + #else + /* This is the raw message prior to SHA-1 */ + vec.msg = + "\x36\xc8\xb2\x29\x86\x48\x7f\x67\x7c\x18\xd0\x97\x2a\x9e\x20\x47" + "\xb3\xaf\xa5\x9e\xc1\x62\x76\x4e\xc3\x0b\x5b\x69\xe0\x63\x0f\x99" + "\x0d\x4e\x05\xc2\x73\xb0\xe5\xa9\xd4\x28\x27\xb6\x95\xfc\x2d\x64" + "\xd9\x13\x8b\x1c\xf4\xc1\x21\x55\x89\x4c\x42\x13\x21\xa7\xbb\x97" + "\x0b\xdc\xe0\xfb\xf0\xd2\xae\x85\x61\xaa\xd8\x71\x7f\x2e\x46\xdf" + "\xe3\xff\x8d\xea\xb4\xd7\x93\x23\x56\x03\x2c\x15\x13\x0d\x59\x9e" + "\x26\xc1\x0f\x2f\xec\x96\x30\x31\xac\x69\x38\xa1\x8d\x66\x45\x38" + "\xb9\x4d\xac\x55\x34\xef\x7b\x59\x94\x24\xd6\x9b\xe1\xf7\x1c\x20"; + vec.msgLen = 128; + #endif + vec.Qx = "8a4dca35136c4b70e588e23554637ae251077d1365a6ba5db9585de7"; + vec.Qy = "ad3dee06de0be8279d4af435d7245f14f3b4f82eb578e519ee0057b1"; + vec.d = "97c4b796e1639dd1035b708fc00dc7ba1682cec44a1002a1a820619f"; + vec.R = "147b33758321e722a0360a4719738af848449e2c1d08defebc1671a7"; + vec.S = "24fc7ed7f1352ca3872aa0916191289e2e04d454935d50fe6af3ad5b"; + vec.curveName = "SECP224R1"; + vec.r = (byte*)"\x14\x7b\x33\x75\x83\x21\xe7\x22\xa0\x36\x0a\x47" + "\x19\x73\x8a\xf8\x48\x44\x9e\x2c\x1d\x08\xde\xfe" + "\xbc\x16\x71\xa7"; + vec.rSz = 28; + vec.s = (byte*)"\x24\xfc\x7e\xd7\xf1\x35\x2c\xa3\x87\x2a\xa0\x91" + "\x61\x91\x28\x9e\x2e\x04\xd4\x54\x93\x5d\x50\xfe" + "\x6a\xf3\xad\x5b"; + vec.sSz = 28; + break; +#endif /* HAVE_ECC224 */ + +#if defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES) + case 30: + return 0; +#endif /* HAVE_ECC239 */ + +#if !defined(NO_ECC256) || defined(HAVE_ALL_CURVES) + case 32: + /* first [P-256,SHA-1] vector from FIPS 186-3 NIST vectors */ + #if 1 + vec.msg = "\xa3\xf9\x1a\xe2\x1b\xa6\xb3\x03\x98\x64\x47\x2f\x18\x41\x44\xc6\xaf\x62\xcd\x0e"; + vec.msgLen = 20; + #else + /* This is the raw message prior to SHA-1 */ + vec.msg = + "\xa2\x4b\x21\x76\x2e\x6e\xdb\x15\x3c\xc1\x14\x38\xdb\x0e\x92\xcd" + "\xf5\x2b\x86\xb0\x6c\xa9\x70\x16\x06\x27\x59\xc7\x0d\x36\xd1\x56" + "\x2c\xc9\x63\x0d\x7f\xc7\xc7\x74\xb2\x8b\x54\xe3\x1e\xf5\x58\x72" + "\xb2\xa6\x5d\xf1\xd7\xec\x26\xde\xbb\x33\xe7\xd9\x27\xef\xcc\xf4" + "\x6b\x63\xde\x52\xa4\xf4\x31\xea\xca\x59\xb0\x5d\x2e\xde\xc4\x84" + "\x5f\xff\xc0\xee\x15\x03\x94\xd6\x1f\x3d\xfe\xcb\xcd\xbf\x6f\x5a" + "\x73\x38\xd0\xbe\x3f\x2a\x77\x34\x51\x98\x3e\xba\xeb\x48\xf6\x73" + "\x8f\xc8\x95\xdf\x35\x7e\x1a\x48\xa6\x53\xbb\x35\x5a\x31\xa1\xb4" + vec.msgLen = 128; + #endif + vec.Qx = "fa2737fb93488d19caef11ae7faf6b7f4bcd67b286e3fc54e8a65c2b74aeccb0"; + vec.Qy = "d4ccd6dae698208aa8c3a6f39e45510d03be09b2f124bfc067856c324f9b4d09"; + vec.d = "be34baa8d040a3b991f9075b56ba292f755b90e4b6dc10dad36715c33cfdac25"; + vec.R = "2b826f5d44e2d0b6de531ad96b51e8f0c56fdfead3c236892e4d84eacfc3b75c"; + vec.S = "a2248b62c03db35a7cd63e8a120a3521a89d3d2f61ff99035a2148ae32e3a248"; + vec.r = (byte*)"\x2b\x82\x6f\x5d\x44\xe2\xd0\xb6\xde\x53\x1a\xd9" + "\x6b\x51\xe8\xf0\xc5\x6f\xdf\xea\xd3\xc2\x36\x89" + "\x2e\x4d\x84\xea\xcf\xc3\xb7\x5c"; + vec.rSz = 32; + vec.s = (byte*)"\xa2\x24\x8b\x62\xc0\x3d\xb3\x5a\x7c\xd6\x3e\x8a" + "\x12\x0a\x35\x21\xa8\x9d\x3d\x2f\x61\xff\x99\x03" + "\x5a\x21\x48\xae\x32\xe3\xa2\x48"; + vec.sSz = 32; + vec.curveName = "SECP256R1"; + break; +#endif /* !NO_ECC256 */ + +#if defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES) + case 40: + return 0; +#endif /* HAVE_ECC320 */ + +#if defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES) + case 48: + /* first [P-384,SHA-1] vector from FIPS 186-3 NIST vectors */ + #if 1 + vec.msg = "\x9b\x9f\x8c\x95\x35\xa5\xca\x26\x60\x5d\xb7\xf2\xfa\x57\x3b\xdf\xc3\x2e\xab\x8b"; + vec.msgLen = 20; + #else + /* This is the raw message prior to SHA-1 */ + vec.msg = + "\xab\xe1\x0a\xce\x13\xe7\xe1\xd9\x18\x6c\x48\xf7\x88\x9d\x51\x47" + "\x3d\x3a\x09\x61\x98\x4b\xc8\x72\xdf\x70\x8e\xcc\x3e\xd3\xb8\x16" + "\x9d\x01\xe3\xd9\x6f\xc4\xf1\xd5\xea\x00\xa0\x36\x92\xbc\xc5\xcf" + "\xfd\x53\x78\x7c\x88\xb9\x34\xaf\x40\x4c\x03\x9d\x32\x89\xb5\xba" + "\xc5\xae\x7d\xb1\x49\x68\x75\xb5\xdc\x73\xc3\x09\xf9\x25\xc1\x3d" + "\x1c\x01\xab\xda\xaf\xeb\xcd\xac\x2c\xee\x43\x39\x39\xce\x8d\x4a" + "\x0a\x5d\x57\xbb\x70\x5f\x3b\xf6\xec\x08\x47\x95\x11\xd4\xb4\xa3" + "\x21\x1f\x61\x64\x9a\xd6\x27\x43\x14\xbf\x0d\x43\x8a\x81\xe0\x60" + vec.msgLen = 128; + #endif + vec.Qx = "e55fee6c49d8d523f5ce7bf9c0425ce4ff650708b7de5cfb095901523979a7f042602db30854735369813b5c3f5ef868"; + vec.Qy = "28f59cc5dc509892a988d38a8e2519de3d0c4fd0fbdb0993e38f18506c17606c5e24249246f1ce94983a5361c5be983e"; + vec.d = "a492ce8fa90084c227e1a32f7974d39e9ff67a7e8705ec3419b35fb607582bebd461e0b1520ac76ec2dd4e9b63ebae71"; + vec.R = "6820b8585204648aed63bdff47f6d9acebdea62944774a7d14f0e14aa0b9a5b99545b2daee6b3c74ebf606667a3f39b7"; + vec.S = "491af1d0cccd56ddd520b233775d0bc6b40a6255cc55207d8e9356741f23c96c14714221078dbd5c17f4fdd89b32a907"; + vec.curveName = "SECP384R1"; + vec.r = (byte*)"\x68\x20\xb8\x58\x52\x04\x64\x8a\xed\x63\xbd\xff" + "\x47\xf6\xd9\xac\xeb\xde\xa6\x29\x44\x77\x4a\x7d" + "\x14\xf0\xe1\x4a\xa0\xb9\xa5\xb9\x95\x45\xb2\xda" + "\xee\x6b\x3c\x74\xeb\xf6\x06\x66\x7a\x3f\x39\xb7"; + vec.rSz = 48; + vec.s = (byte*)"\x49\x1a\xf1\xd0\xcc\xcd\x56\xdd\xd5\x20\xb2\x33" + "\x77\x5d\x0b\xc6\xb4\x0a\x62\x55\xcc\x55\x20\x7d" + "\x8e\x93\x56\x74\x1f\x23\xc9\x6c\x14\x71\x42\x21" + "\x07\x8d\xbd\x5c\x17\xf4\xfd\xd8\x9b\x32\xa9\x07"; + vec.sSz = 48; + break; +#endif /* HAVE_ECC384 */ + +#if defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES) + case 64: + return 0; +#endif /* HAVE_ECC512 */ + +#if defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES) + case 66: + /* first [P-521,SHA-1] vector from FIPS 186-3 NIST vectors */ + #if 1 + vec.msg = "\x1b\xf7\x03\x9c\xca\x23\x94\x27\x3f\x11\xa1\xd4\x8d\xcc\xb4\x46\x6f\x31\x61\xdf"; + vec.msgLen = 20; + #else + /* This is the raw message prior to SHA-1 */ + vec.msg = + "\x50\x3f\x79\x39\x34\x0a\xc7\x23\xcd\x4a\x2f\x4e\x6c\xcc\x27\x33" + "\x38\x3a\xca\x2f\xba\x90\x02\x19\x9d\x9e\x1f\x94\x8b\xe0\x41\x21" + "\x07\xa3\xfd\xd5\x14\xd9\x0c\xd4\xf3\x7c\xc3\xac\x62\xef\x00\x3a" + "\x2d\xb1\xd9\x65\x7a\xb7\x7f\xe7\x55\xbf\x71\xfa\x59\xe4\xd9\x6e" + "\xa7\x2a\xe7\xbf\x9d\xe8\x7d\x79\x34\x3b\xc1\xa4\xbb\x14\x4d\x16" + "\x28\xd1\xe9\xe9\xc8\xed\x80\x8b\x96\x2c\x54\xe5\xf9\x6d\x53\xda" + "\x14\x7a\x96\x38\xf9\x4a\x91\x75\xd8\xed\x61\x05\x5f\x0b\xa5\x73" + "\xa8\x2b\xb7\xe0\x18\xee\xda\xc4\xea\x7b\x36\x2e\xc8\x9c\x38\x2b" + vec.msgLen = 128; + #endif + vec.Qx = "12fbcaeffa6a51f3ee4d3d2b51c5dec6d7c726ca353fc014ea2bf7cfbb9b910d32cbfa6a00fe39b6cdb8946f22775398b2e233c0cf144d78c8a7742b5c7a3bb5d23"; + vec.Qy = "09cdef823dd7bf9a79e8cceacd2e4527c231d0ae5967af0958e931d7ddccf2805a3e618dc3039fec9febbd33052fe4c0fee98f033106064982d88f4e03549d4a64d"; + vec.d = "1bd56bd106118eda246155bd43b42b8e13f0a6e25dd3bb376026fab4dc92b6157bc6dfec2d15dd3d0cf2a39aa68494042af48ba9601118da82c6f2108a3a203ad74"; + vec.R = "0bd117b4807710898f9dd7778056485777668f0e78e6ddf5b000356121eb7a220e9493c7f9a57c077947f89ac45d5acb6661bbcd17abb3faea149ba0aa3bb1521be"; + vec.S = "019cd2c5c3f9870ecdeb9b323abdf3a98cd5e231d85c6ddc5b71ab190739f7f226e6b134ba1d5889ddeb2751dabd97911dff90c34684cdbe7bb669b6c3d22f2480c"; + vec.curveName = "SECP521R1"; + vec.r = (byte*)"\xbd\x11\x7b\x48\x07\x71\x08\x98\xf9\xdd\x77\x78" + "\x05\x64\x85\x77\x76\x68\xf0\xe7\x8e\x6d\xdf\x5b" + "\x00\x03\x56\x12\x1e\xb7\xa2\x20\xe9\x49\x3c\x7f" + "\x9a\x57\xc0\x77\x94\x7f\x89\xac\x45\xd5\xac\xb6" + "\x66\x1b\xbc\xd1\x7a\xbb\x3f\xae\xa1\x49\xba\x0a" + "\xa3\xbb\x15\x21\xbe"; + vec.rSz = 65; + vec.s = (byte*)"\x19\xcd\x2c\x5c\x3f\x98\x70\xec\xde\xb9\xb3\x23" + "\xab\xdf\x3a\x98\xcd\x5e\x23\x1d\x85\xc6\xdd\xc5" + "\xb7\x1a\xb1\x90\x73\x9f\x7f\x22\x6e\x6b\x13\x4b" + "\xa1\xd5\x88\x9d\xde\xb2\x75\x1d\xab\xd9\x79\x11" + "\xdf\xf9\x0c\x34\x68\x4c\xdb\xe7\xbb\x66\x9b\x6c" + "\x3d\x22\xf2\x48\x0c"; + vec.sSz = 65; + break; +#endif /* HAVE_ECC521 */ + default: + return WC_TEST_RET_ENC_EC(NOT_COMPILED_IN); /* Invalid key size / + * Not supported + */ + }; /* Switch */ + + ret = ecc_test_vector_item(&vec); + if (ret < 0) { + return ret; + } + + return 0; +} +#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ + +#if defined(HAVE_ECC_SIGN) && \ + (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ + defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 + +static wc_test_ret_t ecdsa_test_deterministic_k_sig(ecc_key *key, + enum wc_HashType hashType, const char* msg, WC_RNG* rng, const byte* expSig, + size_t expSigSz) +{ + wc_test_ret_t ret; + int verify; + byte sig[ECC_MAX_SIG_SIZE]; + word32 sigSz; + unsigned char hash[WC_MAX_DIGEST_SIZE]; + + ret = wc_Hash(hashType, + (byte*)msg, (word32)XSTRLEN(msg), + hash, sizeof(hash)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + /* Sign test */ + sigSz = sizeof(sig); + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_sign_hash(hash, wc_HashGetDigestSize(hashType), + sig, &sigSz, rng, key); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + + /* Compare test vector */ + if (sigSz != expSigSz) { + ret = WC_TEST_RET_ENC_NC; + goto done; + } + if (XMEMCMP(sig, expSig, sigSz) != 0) { + ret = WC_TEST_RET_ENC_NC; + goto done; + } + + /* Verification */ + verify = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_verify_hash(sig, sigSz, + hash, wc_HashGetDigestSize(hashType), &verify, key); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (verify != 1) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } +done: + return ret; +} + +static wc_test_ret_t ecc_test_deterministic_k(WC_RNG* rng) +{ + wc_test_ret_t ret; + WC_DECLARE_VAR(key, ecc_key, 1, 0); + int key_inited = 0; + WOLFSSL_SMALL_STACK_STATIC const char* msg = "sample"; + WOLFSSL_SMALL_STACK_STATIC const char* dIUT = + "C9AFA9D845BA75166B5C215767B1D6934E50C3DB36E89B127B8A622B120F6721"; + WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = + "60FED4BA255A9D31C961EB74C6356D68C049B8923B61FA6CE669622E60F29FB6"; + WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = + "7903FE1008B8BC99A41AE9E95628BC64F2F1B20C2D7E9F5177A3C294D4462299"; +#ifndef NO_SHA256 + WOLFSSL_SMALL_STACK_STATIC const byte expSig256[] = { + 0x30, 0x46, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */ + 0x02, 0x21, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */ + 0x00, 0xEF, 0xD4, 0x8B, 0x2A, 0xAC, 0xB6, 0xA8, + 0xFD, 0x11, 0x40, 0xDD, 0x9C, 0xD4, 0x5E, 0x81, + 0xD6, 0x9D, 0x2C, 0x87, 0x7B, 0x56, 0xAA, 0xF9, + 0x91, 0xC3, 0x4D, 0x0E, 0xA8, 0x4E, 0xAF, 0x37, + 0x16, + 0x02, 0x21, /* ASN_INTEGER = 0x02 (32 bytes) - SIG S */ + 0x00, 0xF7, 0xCB, 0x1C, 0x94, 0x2D, 0x65, 0x7C, + 0x41, 0xD4, 0x36, 0xC7, 0xA1, 0xB6, 0xE2, 0x9F, + 0x65, 0xF3, 0xE9, 0x00, 0xDB, 0xB9, 0xAF, 0xF4, + 0x06, 0x4D, 0xC4, 0xAB, 0x2F, 0x84, 0x3A, 0xCD, + 0xA8 + }; +#endif +#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) + WOLFSSL_SMALL_STACK_STATIC const byte expSig384[] = { + 0x30, 0x44, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */ + 0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */ + 0x0e, 0xaf, 0xea, 0x03, 0x9b, 0x20, 0xe9, 0xb4, + 0x23, 0x09, 0xfb, 0x1d, 0x89, 0xe2, 0x13, 0x05, + 0x7c, 0xbf, 0x97, 0x3d, 0xc0, 0xcf, 0xc8, 0xf1, + 0x29, 0xed, 0xdd, 0xc8, 0x00, 0xef, 0x77, 0x19, + 0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG S */ + 0x48, 0x61, 0xf0, 0x49, 0x1e, 0x69, 0x98, 0xb9, + 0x45, 0x51, 0x93, 0xe3, 0x4e, 0x7b, 0x0d, 0x28, + 0x4d, 0xdd, 0x71, 0x49, 0xa7, 0x4b, 0x95, 0xb9, + 0x26, 0x1f, 0x13, 0xab, 0xde, 0x94, 0x09, 0x54 + }; +#endif +#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) + WOLFSSL_SMALL_STACK_STATIC const byte expSig512[] = { + 0x30, 0x45, /* CONSTRUCTED SEQUENCE: (0x20 | 0x10) = 68 bytes */ + 0x02, 0x21, /* ASN_INTEGER = 0x02 (32 bytes) - SIG R */ + 0x00, 0x84, 0x96, 0xa6, 0x0b, 0x5e, 0x9b, 0x47, + 0xc8, 0x25, 0x48, 0x88, 0x27, 0xe0, 0x49, 0x5b, + 0x0e, 0x3f, 0xa1, 0x09, 0xec, 0x45, 0x68, 0xfd, + 0x3f, 0x8d, 0x10, 0x97, 0x67, 0x8e, 0xb9, 0x7f, + 0x00, + 0x02, 0x20, /* ASN_INTEGER = 0x02 (32 bytes) - SIG S */ + 0x23, 0x62, 0xab, 0x1a, 0xdb, 0xe2, 0xb8, 0xad, + 0xf9, 0xcb, 0x9e, 0xda, 0xb7, 0x40, 0xea, 0x60, + 0x49, 0xc0, 0x28, 0x11, 0x4f, 0x24, 0x60, 0xf9, + 0x65, 0x54, 0xf6, 0x1f, 0xae, 0x33, 0x02, 0xfe + }; +#endif + + WC_ALLOC_VAR_EX(key, ecc_key, 1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER, + return MEMORY_E); + + ret = wc_ecc_init_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + key_inited = 1; + ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1"); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ecc_set_deterministic(key, 1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifndef NO_SHA256 + /* Test for SHA2-256 */ + ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA256, msg, rng, + expSig256, sizeof(expSig256)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif /* !NO_SHA256 */ + +#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) + /* Test for SHA2-384 */ + ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA384, msg, rng, + expSig384, sizeof(expSig384)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif /* WOLFSSL_SHA384 */ + +#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) + /* Test for SHA2-512 */ + ret = ecdsa_test_deterministic_k_sig(key, WC_HASH_TYPE_SHA512, msg, rng, + expSig512, sizeof(expSig512)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif /* WOLFSSL_SHA512 */ + +done: + if (key_inited) + wc_ecc_free(key); + WC_FREE_VAR_EX(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return ret; +} +#endif /* NO_ECC256 || HAVE_ALL_CURVES */ + + +#ifdef WOLFSSL_PUBLIC_MP + +static wc_test_ret_t ecdsa_test_deterministic_k_rs(ecc_key *key, + enum wc_HashType hashType, const char* msg, WC_RNG* rng, + mp_int* r, mp_int* s, + mp_int* expR, mp_int* expS) +{ + wc_test_ret_t ret; + unsigned char hash[WC_MAX_DIGEST_SIZE]; + int verify; + + ret = wc_Hash(hashType, + (byte*)msg, (word32)XSTRLEN(msg), + hash, sizeof(hash)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ecc_sign_hash_ex(hash, wc_HashGetDigestSize(hashType), rng, key, + r, s); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + + if (mp_cmp(r, expR) != MP_EQ && mp_cmp(s, expS) != MP_EQ) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + + /* Verification */ + verify = 0; + ret = wc_ecc_verify_hash_ex(r, s, hash, wc_HashGetDigestSize(hashType), + &verify, key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (verify != 1) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } +done: + return ret; +} + +#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 +/* KAT from RFC6979 */ +static wc_test_ret_t ecc384_test_deterministic_k(WC_RNG* rng) +{ + wc_test_ret_t ret; +#ifdef WOLFSSL_SMALL_STACK + ecc_key *key; + mp_int *r, *s, *expR, *expS; +#else + ecc_key key[1]; + mp_int r[1], s[1], expR[1], expS[1]; +#endif + int key_inited = 0, + tmp_mp_ints_inited = 0; + + WOLFSSL_SMALL_STACK_STATIC const char* msg = "sample"; + WOLFSSL_SMALL_STACK_STATIC const char* dIUT = + "6B9D3DAD2E1B8C1C05B19875B6659F4DE23C3B667BF297BA9AA47740787137D8" + "96D5724E4C70A825F872C9EA60D2EDF5"; + WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = + "EC3A4E415B4E19A4568618029F427FA5DA9A8BC4AE92E02E06AAE5286B300C64" + "DEF8F0EA9055866064A254515480BC13"; + WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = + "8015D9B72D7D57244EA8EF9AC0C621896708A59367F9DFB9F54CA84B3F1C9DB1" + "288B231C3AE0D4FE7344FD2533264720"; +#ifndef NO_SHA256 + WOLFSSL_SMALL_STACK_STATIC const char* expRstr256 = + "21B13D1E013C7FA1392D03C5F99AF8B30C570C6F98D4EA8E354B63A21D3DAA33" + "BDE1E888E63355D92FA2B3C36D8FB2CD"; + WOLFSSL_SMALL_STACK_STATIC const char* expSstr256 = + "F3AA443FB107745BF4BD77CB3891674632068A10CA67E3D45DB2266FA7D1FEEB" + "EFDC63ECCD1AC42EC0CB8668A4FA0AB0"; +#endif +#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) + WOLFSSL_SMALL_STACK_STATIC const char* expRstr384 = + "94EDBB92A5ECB8AAD4736E56C691916B3F88140666CE9FA73D64C4EA95AD133C" + "81A648152E44ACF96E36DD1E80FABE46"; + WOLFSSL_SMALL_STACK_STATIC const char* expSstr384 = + "99EF4AEB15F178CEA1FE40DB2603138F130E740A19624526203B6351D0A3A94F" + "A329C145786E679E7B82C71A38628AC8"; +#endif +#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) + WOLFSSL_SMALL_STACK_STATIC const char* expRstr512 = + "ED0959D5880AB2D869AE7F6C2915C6D60F96507F9CB3E047C0046861DA4A799C" + "FE30F35CC900056D7C99CD7882433709"; + WOLFSSL_SMALL_STACK_STATIC const char* expSstr512 = + "512C8CCEEE3890A84058CE1E22DBC2198F42323CE8ACA9135329F03C068E5112" + "DC7CC3EF3446DEFCEB01A45C2667FDD5"; +#endif + +#ifdef WOLFSSL_SMALL_STACK + key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + r = (mp_int *)XMALLOC(sizeof(*r), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + s = (mp_int *)XMALLOC(sizeof(*s), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + expR = (mp_int *)XMALLOC(sizeof(*expR), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + expS = (mp_int *)XMALLOC(sizeof(*expS), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + if ((key == NULL) || + (r == NULL) || + (s == NULL) || + (expR == NULL) || + (expS == NULL)) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), done); + } +#endif + + ret = mp_init_multi(r, s, expR, expS, NULL, NULL); + if (ret != MP_OKAY) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + tmp_mp_ints_inited = 1; + ret = wc_ecc_init_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + key_inited = 1; + + ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP384R1"); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ecc_set_deterministic(key, 1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifndef NO_SHA256 + /* Test for SHA2-256 */ + mp_read_radix(expR, expRstr256, MP_RADIX_HEX); + mp_read_radix(expS, expSstr256, MP_RADIX_HEX); + ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA256, msg, rng, + r, s, expR, expS); + if (ret != 0) + ERROR_OUT(ret, done); +#endif /* NO_SHA256 */ + +#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) + /* Test for SHA2-384 */ + mp_read_radix(expR, expRstr384, MP_RADIX_HEX); + mp_read_radix(expS, expSstr384, MP_RADIX_HEX); + ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA384, msg, rng, + r, s, expR, expS); + if (ret != 0) + ERROR_OUT(ret, done); +#endif /* WOLFSSL_SHA384 */ + +#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) + /* Test for SHA2-512 */ + mp_read_radix(expR, expRstr512, MP_RADIX_HEX); + mp_read_radix(expS, expSstr512, MP_RADIX_HEX); + ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA512, msg, rng, + r, s, expR, expS); + if (ret != 0) + ERROR_OUT(ret, done); +#endif /* WOLFSSL_SHA512 */ + +done: + if (key_inited) + wc_ecc_free(key); + if (tmp_mp_ints_inited) { + mp_free(r); + mp_free(s); + mp_free(expR); + mp_free(expS); + } + WC_FREE_VAR_EX(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} +#endif /* HAVE_ECC384 */ + +#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 +/* KAT from RFC6979 */ +static wc_test_ret_t ecc521_test_deterministic_k(WC_RNG* rng) +{ + wc_test_ret_t ret; +#ifdef WOLFSSL_SMALL_STACK + ecc_key *key; + mp_int *r, *s, *expR, *expS; +#else + ecc_key key[1]; + mp_int r[1], s[1], expR[1], expS[1]; +#endif + int key_inited = 0, + tmp_mp_ints_inited = 0; + WOLFSSL_SMALL_STACK_STATIC const char* msg = "sample"; + WOLFSSL_SMALL_STACK_STATIC const char* dIUT = + "0FAD06DAA62BA3B25D2FB40133DA757205DE67F5BB0018FEE8C86E1B68C7E75C" + "AA896EB32F1F47C70855836A6D16FCC1466F6D8FBEC67DB89EC0C08B0E996B83" + "538"; + WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = + "1894550D0785932E00EAA23B694F213F8C3121F86DC97A04E5A7167DB4E5BCD3" + "71123D46E45DB6B5D5370A7F20FB633155D38FFA16D2BD761DCAC474B9A2F502" + "3A4"; + WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = + "0493101C962CD4D2FDDF782285E64584139C2F91B47F87FF82354D6630F746A2" + "8A0DB25741B5B34A828008B22ACC23F924FAAFBD4D33F81EA66956DFEAA2BFDF" + "CF5"; +#ifndef NO_SHA256 + WOLFSSL_SMALL_STACK_STATIC const char* expRstr256 = + "1511BB4D675114FE266FC4372B87682BAECC01D3CC62CF2303C92B3526012659" + "D16876E25C7C1E57648F23B73564D67F61C6F14D527D54972810421E7D87589E" + "1A7"; + WOLFSSL_SMALL_STACK_STATIC const char* expSstr256 = + "04A171143A83163D6DF460AAF61522695F207A58B95C0644D87E52AA1A347916" + "E4F7A72930B1BC06DBE22CE3F58264AFD23704CBB63B29B931F7DE6C9D949A7E" + "CFC"; +#endif +#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) + WOLFSSL_SMALL_STACK_STATIC const char* expRstr384 = + "1EA842A0E17D2DE4F92C15315C63DDF72685C18195C2BB95E572B9C5136CA4B4" + "B576AD712A52BE9730627D16054BA40CC0B8D3FF035B12AE75168397F5D50C67" + "451"; + WOLFSSL_SMALL_STACK_STATIC const char* expSstr384 = + "1F21A3CEE066E1961025FB048BD5FE2B7924D0CD797BABE0A83B66F1E35EEAF5" + "FDE143FA85DC394A7DEE766523393784484BDF3E00114A1C857CDE1AA203DB65" + "D61"; +#endif +#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) + WOLFSSL_SMALL_STACK_STATIC const char* expRstr512 = + "0C328FAFCBD79DD77850370C46325D987CB525569FB63C5D3BC53950E6D4C5F1" + "74E25A1EE9017B5D450606ADD152B534931D7D4E8455CC91F9B15BF05EC36E37" + "7FA"; + WOLFSSL_SMALL_STACK_STATIC const char* expSstr512 = + "0617CCE7CF5064806C467F678D3B4080D6F1CC50AF26CA209417308281B68AF2" + "82623EAA63E5B5C0723D8B8C37FF0777B1A20F8CCB1DCCC43997F1EE0E44DA4A" + "67A"; +#endif + +#ifdef WOLFSSL_SMALL_STACK + key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + r = (mp_int *)XMALLOC(sizeof(*r), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + s = (mp_int *)XMALLOC(sizeof(*s), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + expR = (mp_int *)XMALLOC(sizeof(*expR), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + expS = (mp_int *)XMALLOC(sizeof(*expS), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + if ((key == NULL) || + (r == NULL) || + (s == NULL) || + (expR == NULL) || + (expS == NULL)) + { + ret = WC_TEST_RET_ENC_EC(MEMORY_E); + goto done; + } +#endif + + ret = mp_init_multi(r, s, expR, expS, NULL, NULL); + if (ret != MP_OKAY) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + tmp_mp_ints_inited = 1; + ret = wc_ecc_init_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + key_inited = 1; + + ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP521R1"); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ecc_set_deterministic(key, 1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifndef NO_SHA256 + /* Test for SHA2-256 */ + mp_read_radix(expR, expRstr256, MP_RADIX_HEX); + mp_read_radix(expS, expSstr256, MP_RADIX_HEX); + ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA256, msg, rng, + r, s, expR, expS); + if (ret != 0) + ERROR_OUT(ret, done); +#endif /* NO_SHA256 */ + +#if defined(WOLFSSL_SHA384) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) + /* Test for SHA2-384 */ + mp_read_radix(expR, expRstr384, MP_RADIX_HEX); + mp_read_radix(expS, expSstr384, MP_RADIX_HEX); + ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA384, msg, rng, + r, s, expR, expS); + if (ret != 0) + ERROR_OUT(ret, done); +#endif /* WOLFSSL_SHA384 */ + +#if defined(WOLFSSL_SHA512) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6,0)) + /* Test for SHA2-512 */ + mp_read_radix(expR, expRstr512, MP_RADIX_HEX); + mp_read_radix(expS, expSstr512, MP_RADIX_HEX); + ret = ecdsa_test_deterministic_k_rs(key, WC_HASH_TYPE_SHA512, msg, rng, + r, s, expR, expS); + if (ret != 0) + ERROR_OUT(ret, done); +#endif /* WOLFSSL_SHA512 */ + +done: + if (key_inited) + wc_ecc_free(key); + if (tmp_mp_ints_inited) { + mp_free(r); + mp_free(s); + mp_free(expR); + mp_free(expS); + } + WC_FREE_VAR_EX(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(r, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(s, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(expR, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WC_FREE_VAR_EX(expS, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} +#endif /* HAVE_ECC521 */ +#endif /* WOLFSSL_PUBLIC_MP */ +#endif /* HAVE_ECC_SIGN && (WOLFSSL_ECDSA_DETERMINISTIC_K || + WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT) + && (!HAVE_FIPS || FIPS_VERSION_GE(5,3)) */ + + +#if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \ + !defined(WOLFSSL_KCAPI_ECC) +static wc_test_ret_t ecc_test_sign_vectors(WC_RNG* rng) +{ + wc_test_ret_t ret; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key *key = NULL; +#else + ecc_key key[1]; +#endif + int key_inited = 0; + byte sig[72]; + word32 sigSz; + WOLFSSL_SMALL_STACK_STATIC const unsigned char hash[32] = "test wolfSSL deterministic sign"; + WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534"; + WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230"; + WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141"; + WOLFSSL_SMALL_STACK_STATIC const byte k[1] = { 0x02 }; + WOLFSSL_SMALL_STACK_STATIC const byte expSig[71] = { + 0x30, 0x45, 0x02, 0x20, 0x7c, 0xf2, 0x7b, 0x18, + 0x8d, 0x03, 0x4f, 0x7e, 0x8a, 0x52, 0x38, 0x03, + 0x04, 0xb5, 0x1a, 0xc3, 0xc0, 0x89, 0x69, 0xe2, + 0x77, 0xf2, 0x1b, 0x35, 0xa6, 0x0b, 0x48, 0xfc, + 0x47, 0x66, 0x99, 0x78, 0x02, 0x21, 0x00, 0xa8, + 0x43, 0xa0, 0xce, 0x6c, 0x5e, 0x17, 0x8a, 0x53, + 0x4d, 0xaf, 0xd2, 0x95, 0x78, 0x9f, 0x84, 0x4f, + 0x94, 0xb8, 0x75, 0xa3, 0x19, 0xa5, 0xd4, 0xdf, + 0xe1, 0xd4, 0x5e, 0x9d, 0x97, 0xfe, 0x81 + }; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((key = (ecc_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) + return MEMORY_E; +#endif + + ret = wc_ecc_init_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + key_inited = 1; + + ret = wc_ecc_import_raw(key, QIUTx, QIUTy, dIUT, "SECP256R1"); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#if (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) \ + && (HAVE_FIPS_VERSION > 2))) + wc_ecc_set_flags(key, WC_ECC_FLAG_DEC_SIGN); +#endif + + ret = wc_ecc_sign_set_k(k, sizeof(k), key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + sigSz = sizeof(sig); + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + + if (sigSz != sizeof(expSig)) { + ret = WC_TEST_RET_ENC_NC; + goto done; + } + if (XMEMCMP(sig, expSig, sigSz) != 0) { + ret = WC_TEST_RET_ENC_NC; + goto done; + } + + sigSz = sizeof(sig); + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_sign_hash(hash, sizeof(hash), sig, &sigSz, rng, key); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + +done: + if (key_inited) + wc_ecc_free(key); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} +#endif + +#if defined(HAVE_ECC_CDH) && defined(HAVE_ECC_DHE) +static wc_test_ret_t ecc_test_cdh_vectors(WC_RNG* rng) +{ + wc_test_ret_t ret; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key *pub_key = (ecc_key *)XMALLOC(sizeof *pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ecc_key *priv_key = (ecc_key *)XMALLOC(sizeof *priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + ecc_key pub_key[1], priv_key[1]; +#endif + byte sharedA[32] = {0}, sharedB[32] = {0}; + word32 x, z; + + WOLFSSL_SMALL_STACK_STATIC const char* QCAVSx = "700c48f77f56584c5cc632ca65640db91b6bacce3a4df6b42ce7cc838833d287"; + WOLFSSL_SMALL_STACK_STATIC const char* QCAVSy = "db71e509e3fd9b060ddb20ba5c51dcc5948d46fbf640dfe0441782cab85fa4ac"; + WOLFSSL_SMALL_STACK_STATIC const char* dIUT = "7d7dc5f71eb29ddaf80d6214632eeae03d9058af1fb6d22ed80badb62bc1a534"; + WOLFSSL_SMALL_STACK_STATIC const char* QIUTx = "ead218590119e8876b29146ff89ca61770c4edbbf97d38ce385ed281d8a6b230"; + WOLFSSL_SMALL_STACK_STATIC const char* QIUTy = "28af61281fd35e2fa7002523acc85a429cb06ee6648325389f59edfce1405141"; + WOLFSSL_SMALL_STACK_STATIC const char* ZIUT = "46fc62106420ff012e54a434fbdd2d25ccc5852060561e68040dd7778997bd7b"; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((pub_key == NULL) || + (priv_key == NULL)) { + ret = WC_TEST_RET_ENC_EC(MEMORY_E); + goto done; + } +#endif + + XMEMSET(pub_key, 0, sizeof *pub_key); + XMEMSET(priv_key, 0, sizeof *priv_key); + + /* setup private and public keys */ + ret = wc_ecc_init_ex(pub_key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_ecc_init_ex(priv_key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + wc_ecc_set_flags(pub_key, WC_ECC_FLAG_COFACTOR); + wc_ecc_set_flags(priv_key, WC_ECC_FLAG_COFACTOR); + ret = wc_ecc_import_raw(pub_key, QCAVSx, QCAVSy, NULL, "SECP256R1"); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_ecc_import_raw(priv_key, QIUTx, QIUTy, dIUT, "SECP256R1"); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ + !defined(HAVE_SELFTEST) + ret = wc_ecc_set_rng(priv_key, rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#else + (void)rng; +#endif + + /* compute ECC Cofactor shared secret */ + x = sizeof(sharedA); + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &priv_key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_shared_secret(priv_key, pub_key, sharedA, &x); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + + /* read in expected Z */ + z = sizeof(sharedB); + ret = Base16_Decode((const byte*)ZIUT, (word32)XSTRLEN(ZIUT), sharedB, &z); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + /* compare results */ + if (x != z || XMEMCMP(sharedA, sharedB, x)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + +done: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (priv_key) { + wc_ecc_free(priv_key); + XFREE(priv_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (pub_key) { + wc_ecc_free(pub_key); + XFREE(pub_key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_ecc_free(priv_key); + wc_ecc_free(pub_key); +#endif + + return ret; +} +#endif /* HAVE_ECC_CDH && HAVE_ECC_DHE */ +#endif /* HAVE_ECC_VECTOR_TEST */ + +#ifdef HAVE_ECC_KEY_IMPORT +/* returns 0 on success */ +static wc_test_ret_t ecc_test_make_pub(WC_RNG* rng) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) + ecc_key *pub = (ecc_key *)XMALLOC(sizeof *pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + byte *exportBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *tmp = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + ecc_key key[1]; +#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) + ecc_key pub[1]; +#endif + byte exportBuf[ECC_BUFSIZE]; + byte tmp[ECC_BUFSIZE]; +#endif + const byte* msg = (const byte*)"test wolfSSL ECC public gen"; + word32 x; + word32 tmpSz; + wc_test_ret_t ret = 0; + ecc_point* pubPoint = NULL; +#ifdef HAVE_ECC_VERIFY + int verify = 0; +#endif +#ifdef NO_ASN + /* private d for eccKeyDerFile / ecc_key_der_256 */ + const byte keyPriv[] = { + 0x45, 0xB6, 0x69, 0x02, 0x73, 0x9C, 0x6C, 0x85, + 0xA1, 0x38, 0x5B, 0x72, 0xE8, 0xE8, 0xC7, 0xAC, + 0xC4, 0x03, 0x8D, 0x53, 0x35, 0x04, 0xFA, 0x6C, + 0x28, 0xDC, 0x34, 0x8D, 0xE1, 0xA8, 0x09, 0x8C + }; +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((key == NULL) || +#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) + (pub == NULL) || +#endif + (exportBuf == NULL) || + (tmp == NULL)) + ERROR_OUT(MEMORY_E, done); +#endif + + (void)msg; + (void)verify; + (void)exportBuf; + (void)rng; + + wc_ecc_init_ex(key, HEAP_HINT, devId); + +#ifndef NO_ECC256 +#if defined(USE_CERT_BUFFERS_256) + { + XMEMCPY(tmp, ecc_key_der_256, (size_t)sizeof_ecc_key_der_256); + tmpSz = (size_t)sizeof_ecc_key_der_256; + } +#elif !defined(NO_FILESYSTEM) + { + XFILE file = XFOPEN(eccKeyDerFile, "rb"); + if (!file) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } + + tmpSz = (word32)XFREAD(tmp, 1, ECC_BUFSIZE, file); + XFCLOSE(file); + if (tmpSz == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } +#else + { + WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(2)"); + ERROR_OUT(ASN_PARSE_E, done); + } +#endif /* USE_CERT_BUFFERS_256 */ + + /* import private only then test with */ + ret = wc_ecc_import_private_key(tmp, tmpSz, NULL, 0, NULL); + if (ret == 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + + ret = wc_ecc_import_private_key(NULL, tmpSz, NULL, 0, key); + if (ret == 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + +#ifndef NO_ASN + x = 0; + ret = wc_EccPrivateKeyDecode(tmp, &x, key, tmpSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifdef HAVE_ECC_KEY_EXPORT + x = ECC_BUFSIZE; + ret = wc_ecc_export_private_only(key, exportBuf, &x); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + /* make private only key */ + wc_ecc_free(key); + wc_ecc_init_ex(key, HEAP_HINT, devId); + ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + x = ECC_BUFSIZE; + ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0); + if (ret == 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + +#endif /* HAVE_ECC_KEY_EXPORT */ +#else + /* Load raw private d directly */ + ret = wc_ecc_import_private_key(keyPriv, sizeof(keyPriv), NULL, 0, key); +#endif /* !NO_ASN */ + + ret = wc_ecc_make_pub(NULL, NULL); + if (ret == 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + TEST_SLEEP(); + +#ifndef WOLFSSL_NO_MALLOC + pubPoint = wc_ecc_new_point_h(HEAP_HINT); + if (pubPoint == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } +#if !defined(WOLFSSL_CRYPTOCELL) + ret = wc_ecc_make_pub(key, pubPoint); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif /* !WOLFSSL_CRYPTOCELL */ + TEST_SLEEP(); + +#ifdef HAVE_ECC_KEY_EXPORT + /* export should still fail, is private only key */ + x = ECC_BUFSIZE; + ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0); + if (ret == 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } +#endif /* HAVE_ECC_KEY_EXPORT */ +#endif /* !WOLFSSL_NO_MALLOC */ +#endif /* !NO_ECC256 */ + + /* create a new key since above test for loading key is not supported */ +#if defined(WOLFSSL_CRYPTOCELL) || defined(NO_ECC256) || \ + defined(WOLFSSL_QNX_CAAM) || defined(WOLFSSL_SE050) || \ + defined(WOLFSSL_SECO_CAAM) || defined(WOLFSSL_IMXRT1170_CAAM) + ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif + +#if defined(HAVE_ECC_SIGN) && (!defined(ECC_TIMING_RESISTANT) || \ + (defined(ECC_TIMING_RESISTANT) && !defined(WC_NO_RNG))) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(HAVE_ECC_DETERMINISTIC_K) + tmpSz = ECC_BUFSIZE; + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) { + ret = wc_ecc_sign_hash(msg, (word32)XSTRLEN((const char* )msg), tmp, + &tmpSz, rng, key); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + +#ifdef HAVE_ECC_VERIFY + /* try verify with private only key */ + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) { + ret = wc_ecc_verify_hash(tmp, tmpSz, msg, + (word32)XSTRLEN((const char*)msg), &verify, key); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + if (verify != 1) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + TEST_SLEEP(); +#ifdef HAVE_ECC_KEY_EXPORT + /* exporting the public part should now work */ + x = ECC_BUFSIZE; + ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif /* HAVE_ECC_KEY_EXPORT */ +#endif /* HAVE_ECC_VERIFY */ + +#endif /* HAVE_ECC_SIGN */ + +#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) + /* now test private only key with creating a shared secret */ + x = ECC_BUFSIZE; + ret = wc_ecc_export_private_only(key, exportBuf, &x); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#if !defined(WOLFSSL_QNX_CAAM) && !defined(WOLFSSL_SE050) + /* make private only key */ + wc_ecc_free(key); + wc_ecc_init_ex(key, HEAP_HINT, devId); + ret = wc_ecc_import_private_key(exportBuf, x, NULL, 0, key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + /* check that public export fails with private only key */ + x = ECC_BUFSIZE; + ret = wc_ecc_export_x963_ex(key, exportBuf, &x, 0); + if (ret == 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } +#endif /* WOLFSSL_QNX_CAAM */ + +#ifndef WOLF_CRYPTO_CB_ONLY_ECC + /* make public key for shared secret */ + wc_ecc_init_ex(pub, HEAP_HINT, devId); + ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, pub); +#ifdef HAVE_ECC_CDH + wc_ecc_set_flags(key, WC_ECC_FLAG_COFACTOR); +#endif +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &pub->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + +#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ + !defined(HAVE_SELFTEST) + ret = wc_ecc_set_rng(key, rng); + if (ret != 0) + goto done; +#endif + + x = ECC_BUFSIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) { + ret = wc_ecc_shared_secret(key, pub, exportBuf, &x); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + wc_ecc_free(pub); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); +#endif /* HAVE_ECC_DHE && HAVE_ECC_KEY_EXPORT && !WC_NO_RNG */ +#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ + ret = 0; + +done: + + wc_ecc_del_point_h(pubPoint, HEAP_HINT); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (key != NULL) { + wc_ecc_free(key); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#if defined(HAVE_ECC_DHE) && defined(HAVE_ECC_KEY_EXPORT) + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + XFREE(exportBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + wc_ecc_free(key); +#endif + (void)tmpSz; + + return ret; +} + +#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \ + !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) +static wc_test_ret_t ecc_test_key_decode(WC_RNG* rng, int keySize) +{ + wc_test_ret_t ret; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key *eccKey = (ecc_key *)XMALLOC(sizeof *eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte *tmpBuf = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + ecc_key eccKey[1]; + byte tmpBuf[ECC_BUFSIZE]; +#endif + word32 tmpSz; + word32 idx; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((eccKey == NULL) || (tmpBuf == NULL)) + ERROR_OUT(MEMORY_E, done); +#endif + + ret = wc_ecc_init(eccKey); + if (ret != 0) { + goto done; + } + ret = wc_ecc_make_key(rng, keySize, eccKey); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &eccKey->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) { + goto done; + } + + tmpSz = ECC_BUFSIZE; + ret = wc_EccKeyToDer(eccKey, tmpBuf, tmpSz); + wc_ecc_free(eccKey); + if (ret < 0) { + goto done; + } + tmpSz = (word32)ret; + + ret = wc_ecc_init(eccKey); + if (ret != 0) { + goto done; + } + idx = 0; + ret = wc_EccPrivateKeyDecode(tmpBuf, &idx, eccKey, tmpSz); + if (ret != 0) { + goto done; + } + wc_ecc_free(eccKey); + + ret = wc_ecc_init(eccKey); + if (ret != 0) { + goto done; + } + + idx = 0; + ret = wc_EccPublicKeyDecode(tmpBuf, &idx, eccKey, tmpSz); + if (ret != 0) { + goto done; + } + + ret = 0; + + done: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (eccKey != NULL) { + wc_ecc_free(eccKey); + XFREE(eccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + XFREE(tmpBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + wc_ecc_free(eccKey); +#endif + + return ret; +} +#endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */ +#endif /* HAVE_ECC_KEY_IMPORT */ + +#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && \ + !defined(WC_NO_RNG) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) +static wc_test_ret_t ecc_test_key_gen(WC_RNG* rng, int keySize) +{ + wc_test_ret_t ret = 0; + int derSz; +#ifdef HAVE_PKCS8 + word32 pkcs8Sz; +#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte *der = (byte *)XMALLOC(ECC_BUFSIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + byte der[ECC_BUFSIZE]; + ecc_key userA[1]; +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((der == NULL) || (userA == NULL)) + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), done); +#endif + + ret = wc_ecc_init_ex(userA, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ecc_make_key(rng, keySize, userA); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + + ret = wc_ecc_check_key(userA); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + + derSz = wc_EccKeyToDer(userA, der, ECC_BUFSIZE); + if (derSz < 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done); + } + + ret = SaveDerAndPem(der, derSz, eccCaKeyTempFile, eccCaKeyPemFile, + ECC_PRIVATEKEY_TYPE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + /* test export of public key */ + derSz = wc_EccPublicKeyToDer(userA, der, ECC_BUFSIZE, 1); + if (derSz < 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done); + } + if (derSz == 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + +#ifdef HAVE_COMP_KEY + /* test export of compressed public key */ + derSz = wc_EccPublicKeyToDer_ex(userA, der, ECC_BUFSIZE, 1, 1); + if (derSz < 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done); + } + if (derSz == 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } +#endif + + ret = SaveDerAndPem(der, derSz, eccPubKeyDerFile, NULL, 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifdef HAVE_PKCS8 + /* test export of PKCS#8 unencrypted private key */ + pkcs8Sz = FOURK_BUF; + derSz = wc_EccPrivateKeyToPKCS8(userA, der, &pkcs8Sz); + if (derSz < 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(derSz), done); + } + + if (derSz == 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + + ret = SaveDerAndPem(der, derSz, eccPkcs8KeyDerFile, NULL, 0); + if (ret != 0) { + goto done; + } +#endif /* HAVE_PKCS8 */ + +done: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (userA != NULL) { + wc_ecc_free(userA); + XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_ecc_free(userA); +#endif + + return ret; +} +#endif /* HAVE_ECC_KEY_EXPORT && !NO_ASN_CRYPT */ + +static wc_test_ret_t ecc_test_curve_size(WC_RNG* rng, int keySize, int testVerifyCount, + int curve_id, const ecc_set_type* dp) +{ +#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \ + !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) + WC_DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT); + WC_DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT); + word32 y; +#endif +#ifdef HAVE_ECC_KEY_EXPORT + #define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32) + WC_DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT); +#endif + word32 x = 0; +#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \ + !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \ + defined(HAVE_ECC_SIGN) + WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); + WC_DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT); + int i; +#ifdef HAVE_ECC_VERIFY + int verify; +#endif /* HAVE_ECC_VERIFY */ +#endif /* HAVE_ECC_SIGN */ + wc_test_ret_t ret; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ecc_key *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ecc_key *pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + ecc_key userA[1]; + ecc_key userB[1]; + ecc_key pubKey[1]; +#endif +#ifndef WC_NO_RNG + int curveSize; +#endif + +#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \ + !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) + WC_ALLOC_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT); + WC_ALLOC_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT); +#endif +#ifdef HAVE_ECC_KEY_EXPORT + WC_ALLOC_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT); +#endif +#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \ + !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \ + defined(HAVE_ECC_SIGN) + WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); + WC_ALLOC_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT); +#endif + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC +#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) && \ + !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) + if (sharedA == NULL || sharedB == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); +#endif + +#ifdef HAVE_ECC_KEY_EXPORT + if (exportBuf == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); +#endif + +#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \ + !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) && \ + defined(HAVE_ECC_SIGN) + if (sig == NULL || digest == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); +#endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + + (void)testVerifyCount; + (void)dp; + (void)x; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((userA == NULL) || + (userB == NULL) || + (pubKey == NULL)) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); +#endif + + XMEMSET(userA, 0, sizeof *userA); + XMEMSET(userB, 0, sizeof *userB); + XMEMSET(pubKey, 0, sizeof *pubKey); + + ret = wc_ecc_init_ex(userA, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_ecc_init_ex(userB, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifdef WOLFSSL_CUSTOM_CURVES + if (dp != NULL) { + ret = wc_ecc_set_custom_curve(userA, dp); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_ecc_set_custom_curve(userB, dp); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + } +#endif + +#ifndef WC_NO_RNG + ret = wc_ecc_make_key_ex(rng, keySize, userA, curve_id); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE); +#endif +#ifdef WOLF_CRYPTO_CB_ONLY_ECC + if (ret == WC_NO_ERR_TRACE(NO_VALID_DEVID)) { + ret = 0; + goto done; /* no software case */ + } +#endif + if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) + goto done; /* catch case, where curve is not supported */ + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + + if (wc_ecc_get_curve_idx(curve_id) != -1) { + curveSize = wc_ecc_get_curve_size_from_id(userA->dp->id); + if (curveSize != userA->dp->size) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + + ret = wc_ecc_check_key(userA); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + +/* ATECC508/608 configuration may not support more than one ECDH key */ +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) + + ret = wc_ecc_make_key_ex(rng, keySize, userB, curve_id); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + + /* only perform the below tests if the key size matches */ + if (dp == NULL && keySize > 0 && wc_ecc_size(userA) != keySize) + /* Not an error, just not a key size match */ + WARNING_OUT(ECC_CURVE_OID_E, done); + +#ifdef HAVE_ECC_DHE +#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ + !defined(HAVE_SELFTEST) + ret = wc_ecc_set_rng(userA, rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_ecc_set_rng(userB, rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif + + x = ECC_SHARED_SIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_shared_secret(userA, userB, sharedA, &x); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + + y = ECC_SHARED_SIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_shared_secret(userB, userA, sharedB, &y); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + if (y != x) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + + if (XMEMCMP(sharedA, sharedB, x)) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + TEST_SLEEP(); + +#ifdef HAVE_ECC_CDH + /* add cofactor flag */ + wc_ecc_set_flags(userA, WC_ECC_FLAG_COFACTOR); + wc_ecc_set_flags(userB, WC_ECC_FLAG_COFACTOR); + + x = ECC_SHARED_SIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_shared_secret(userA, userB, sharedA, &x); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + + y = ECC_SHARED_SIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_shared_secret(userB, userA, sharedB, &y); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + if (y != x) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + + if (XMEMCMP(sharedA, sharedB, x)) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + TEST_SLEEP(); + + /* remove cofactor flag */ + wc_ecc_set_flags(userA, 0); + wc_ecc_set_flags(userB, 0); +#endif /* HAVE_ECC_CDH */ +#endif /* HAVE_ECC_DHE */ +#endif /* !WOLFSSL_ATECC508A && WOLFSSL_ATECC608A */ + +#ifdef HAVE_ECC_KEY_EXPORT + x = ECC_KEY_EXPORT_BUF_SIZE; + ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifdef HAVE_ECC_KEY_IMPORT + #ifdef WOLFSSL_CUSTOM_CURVES + if (dp != NULL) { + ret = wc_ecc_set_custom_curve(pubKey, dp); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + } + #endif + ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) +#ifdef HAVE_ECC_DHE + y = ECC_SHARED_SIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + if (XMEMCMP(sharedA, sharedB, y)) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + TEST_SLEEP(); +#endif /* HAVE_ECC_DHE */ + + #ifdef HAVE_COMP_KEY + /* try compressed export / import too */ + x = ECC_KEY_EXPORT_BUF_SIZE; + ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + wc_ecc_free(pubKey); + + ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + #ifdef WOLFSSL_CUSTOM_CURVES + if (dp != NULL) { + ret = wc_ecc_set_custom_curve(pubKey, dp); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + } + #endif + ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + #ifdef HAVE_ECC_DHE + y = ECC_SHARED_SIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_shared_secret(userB, pubKey, sharedB, &y); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + if (XMEMCMP(sharedA, sharedB, y)) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + TEST_SLEEP(); + #endif /* HAVE_ECC_DHE */ + #endif /* HAVE_COMP_KEY */ + +#endif /* !WOLFSSL_ATECC508A && !WOLFSSL_ATECC608A */ +#endif /* !WC_NO_RNG */ + +#endif /* HAVE_ECC_KEY_IMPORT */ +#endif /* HAVE_ECC_KEY_EXPORT */ + + /* For KCAPI cannot sign using generated ECDH key */ +#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \ + !defined(WC_NO_RNG) && !defined(WOLFSSL_KCAPI_ECC)) +#ifdef HAVE_ECC_SIGN + /* some hardware doesn't support sign/verify of all zero digest */ +#if !defined(WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST) + /* test DSA sign hash with zeros */ + for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) { + digest[i] = 0; + } + + x = ECC_SIG_SIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, + userA); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + +#ifdef HAVE_ECC_VERIFY + for (i=0; iasyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, + &verify, userA); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + TEST_SLEEP(); + } +#endif /* HAVE_ECC_VERIFY */ +#endif /* !WC_TEST_NO_ECC_SIGN_VERIFY_ZERO_DIGEST */ + + /* test DSA sign hash with sequence (0,1,2,3,4,...) */ + for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) { + digest[i] = (byte)i; + } + + x = ECC_SIG_SIZE; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + +#ifdef HAVE_ECC_VERIFY + for (i=0; iasyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify, userA); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + TEST_SLEEP(); + } +#endif /* HAVE_ECC_VERIFY */ +#endif /* HAVE_ECC_SIGN */ +#endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT && + * !WC_NO_RNG && !WOLFSSL_KCAPI_ECC) */ + +#if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) && \ + !defined(WOLFSSL_ATECC508) && !defined(WOLFSSL_ATECC608A) && \ + !defined(WOLFSSL_KCAPI_ECC) + x = ECC_KEY_EXPORT_BUF_SIZE; + ret = wc_ecc_export_private_only(userA, exportBuf, &x); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#elif defined(HAVE_ECC_KEY_EXPORT) + (void)exportBuf; +#endif /* HAVE_ECC_KEY_EXPORT */ + +done: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (userA != NULL) { + wc_ecc_free(userA); + XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (userB != NULL) { + wc_ecc_free(userB); + XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (pubKey != NULL) { + wc_ecc_free(pubKey); + XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_ecc_free(pubKey); + wc_ecc_free(userB); + wc_ecc_free(userA); +#endif + +#if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH) + WC_FREE_VAR(sharedA, HEAP_HINT); + WC_FREE_VAR(sharedB, HEAP_HINT); +#endif +#ifdef HAVE_ECC_KEY_EXPORT + WC_FREE_VAR(exportBuf, HEAP_HINT); +#endif +#ifdef HAVE_ECC_SIGN + WC_FREE_VAR(sig, HEAP_HINT); + WC_FREE_VAR(digest, HEAP_HINT); +#endif + + (void)keySize; + (void)curve_id; + (void)rng; + + return ret; +} + +#undef ECC_TEST_VERIFY_COUNT +#define ECC_TEST_VERIFY_COUNT 2 +static wc_test_ret_t ecc_test_curve(WC_RNG* rng, int keySize, int curve_id) +{ + wc_test_ret_t ret; + WOLFSSL_MSG_EX("ecc_test_curve keySize = %d", keySize); + +#if FIPS_VERSION3_GE(6,0,0) + #ifdef DEBUG_WOLFSSL + printf("keySize is %d\n", keySize); + #endif + if (keySize < WC_ECC_FIPS_GEN_MIN) { + goto skip_A; + } +#endif + + ret = ecc_test_curve_size(rng, keySize, ECC_TEST_VERIFY_COUNT, curve_id, + NULL); + if (ret < 0) { + if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) { + /* ignore error for curves not found */ + /* some curve sizes are only available with: + HAVE_ECC_SECPR2, HAVE_ECC_SECPR3, HAVE_ECC_BRAINPOOL + and HAVE_ECC_KOBLITZ */ + } + else { + printf("ecc_test_curve_size %d failed!\n", keySize); + return ret; + } + } +#ifndef WOLF_CRYPTO_CB_ONLY_ECC +#if FIPS_VERSION3_GE(6,0,0) + skip_A: +#endif +#ifdef HAVE_ECC_VECTOR_TEST + ret = ecc_test_vector(keySize); + if (ret < 0) { + printf("ecc_test_vector %d failed!\n", keySize); + return ret; + } +#endif + +#if FIPS_VERSION3_GE(6,0,0) + if (keySize < WC_ECC_FIPS_GEN_MIN) { + goto skip_B; + } +#endif + +#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ + !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG) + ret = ecc_test_key_decode(rng, keySize); + if (ret < 0) { + if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) { + /* ignore error for curves not found */ + } + else { + printf("ecc_test_key_decode %d failed!\n", keySize); + return ret; + } + } +#endif + +#if defined(HAVE_ECC_KEY_EXPORT) && !defined(NO_ASN_CRYPT) && !defined(WC_NO_RNG) + ret = ecc_test_key_gen(rng, keySize); + if (ret < 0) { + if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) { + /* ignore error for curves not found */ + } + else { + printf("ecc_test_key_gen %d failed!\n", keySize); + return ret; + } + } +#endif +#if FIPS_VERSION3_GE(6,0,0) + skip_B: +#endif +#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ + return 0; +} + +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ + !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) +static wc_test_ret_t ecc_point_test(void) +{ + wc_test_ret_t ret; + ecc_point* point; + ecc_point* point2; +#ifdef HAVE_COMP_KEY + ecc_point* point3; + ecc_point* point4; +#endif + word32 outLen; + byte out[65]; + byte der[] = { 0x04, /* = Uncompressed */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; +#if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + byte derComp0[] = { 0x02, /* = Compressed, y even */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; + byte derComp1[] = { 0x03, /* = Compressed, y odd */ + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08 }; +#endif + byte altDer[] = { 0x04, /* = Uncompressed */ + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; + int curve_idx = wc_ecc_get_curve_idx(ECC_SECP256R1); + + /* if curve P256 is not enabled then test should not fail */ + if (curve_idx == ECC_CURVE_INVALID) + return 0; + + outLen = sizeof(out); + point = wc_ecc_new_point(); + if (point == NULL) + return WC_TEST_RET_ENC_ERRNO; + point2 = wc_ecc_new_point(); + if (point2 == NULL) { + wc_ecc_del_point(point); + return WC_TEST_RET_ENC_NC; + } +#ifdef HAVE_COMP_KEY + point3 = wc_ecc_new_point(); + if (point3 == NULL) { + wc_ecc_del_point(point2); + wc_ecc_del_point(point); + return WC_TEST_RET_ENC_NC; + } + point4 = wc_ecc_new_point(); + if (point4 == NULL) { + wc_ecc_del_point(point3); + wc_ecc_del_point(point2); + wc_ecc_del_point(point); + return WC_TEST_RET_ENC_NC; + } +#endif + + /* Parameter Validation testing. */ + wc_ecc_del_point(NULL); + ret = wc_ecc_import_point_der(NULL, sizeof(der), curve_idx, point); + if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_ecc_import_point_der(der, sizeof(der), ECC_CURVE_INVALID, point); + if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, NULL); + if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_ecc_export_point_der(-1, point, out, &outLen); + if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_ecc_export_point_der(curve_idx, NULL, out, &outLen); + if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_ecc_export_point_der(curve_idx, point, NULL, &outLen); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E) || outLen != sizeof(out)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_ecc_export_point_der(curve_idx, point, out, NULL); + if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + outLen = 0; + ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_ecc_copy_point(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_ecc_copy_point(NULL, point2); + if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_ecc_copy_point(point, NULL); + if (ret != WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_ecc_cmp_point(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_ecc_cmp_point(NULL, point2); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_ecc_cmp_point(point, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + + /* Use API. */ + ret = wc_ecc_import_point_der(der, sizeof(der), curve_idx, point); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + outLen = sizeof(out); + ret = wc_ecc_export_point_der(curve_idx, point, out, &outLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (outLen != sizeof(der)) { + ret = WC_TEST_RET_ENC_NC; + goto done; + } + if (XMEMCMP(out, der, outLen) != 0) { + ret = WC_TEST_RET_ENC_NC; + goto done; + } + + ret = wc_ecc_copy_point(point2, point); + if (ret != MP_OKAY) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_ecc_cmp_point(point2, point); + if (ret != MP_EQ) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + + ret = wc_ecc_import_point_der(altDer, sizeof(altDer), curve_idx, point2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_ecc_cmp_point(point2, point); + if (ret != MP_GT) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + +#if defined(HAVE_COMP_KEY) && (!defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) || \ + (defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION > 2))) + ret = wc_ecc_import_point_der(derComp0, sizeof(derComp0)*2-1, curve_idx, point3); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ecc_import_point_der_ex(derComp0, sizeof(derComp0), curve_idx, point4, 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ecc_cmp_point(point3, point4); + if (ret != MP_EQ) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + + ret = wc_ecc_import_point_der(derComp1, sizeof(derComp1)*2-1, curve_idx, point3); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ecc_import_point_der_ex(derComp1, sizeof(derComp1), curve_idx, point4, 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ecc_cmp_point(point3, point4); + if (ret != MP_EQ) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } +#endif + +done: +#ifdef HAVE_COMP_KEY + wc_ecc_del_point(point4); + wc_ecc_del_point(point3); +#endif + wc_ecc_del_point(point2); + wc_ecc_del_point(point); + + return ret; +} +#endif /* !WOLFSSL_ATECC508A && HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */ + +#if !defined(NO_SIG_WRAPPER) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \ + !defined(NO_ECC_SIGN) +static wc_test_ret_t ecc_sig_test(WC_RNG* rng, ecc_key* key) +{ +#ifndef NO_SHA256 + wc_test_ret_t ret; + word32 sigSz; + int size; + byte out[ECC_MAX_SIG_SIZE]; + byte in[] = TEST_STRING; + WOLFSSL_SMALL_STACK_STATIC const byte hash[] = { + 0xf2, 0x02, 0x95, 0x65, 0xcb, 0xf6, 0x2a, 0x59, + 0x39, 0x2c, 0x05, 0xff, 0x0e, 0x29, 0xaf, 0xfe, + 0x47, 0x33, 0x8c, 0x99, 0x8d, 0x58, 0x64, 0x83, + 0xa6, 0x58, 0x0a, 0x33, 0x0b, 0x84, 0x5f, 0x5f + }; + word32 inLen = (word32)XSTRLEN((char*)in); + + size = wc_ecc_sig_size(key); + + ret = wc_SignatureGetSize(WC_SIGNATURE_TYPE_ECC, key, sizeof(*key)); + if (ret != size) + return WC_TEST_RET_ENC_NC; + + sigSz = (word32)ret; + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in, + inLen, out, &sigSz, key, sizeof(*key), rng); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + TEST_SLEEP(); + + ret = wc_SignatureVerify(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, in, + inLen, out, sigSz, key, sizeof(*key)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + TEST_SLEEP(); + + sigSz = (word32)sizeof(out); + ret = wc_SignatureGenerateHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, + hash, (int)sizeof(hash), out, &sigSz, key, sizeof(*key), rng); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + TEST_SLEEP(); + + ret = wc_SignatureVerifyHash(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_ECC, + hash, (int)sizeof(hash), out, sigSz, key, sizeof(*key)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + TEST_SLEEP(); +#else + (void)rng; + (void)key; +#endif + + return 0; +} +#endif + +#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) + +static wc_test_ret_t ecc_exp_imp_test(ecc_key* key) +{ + wc_test_ret_t ret; + int curve_id; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key *keyImp = (ecc_key *)XMALLOC(sizeof *keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + ecc_key keyImp[1]; +#endif + byte priv[32]; + word32 privLen; + byte pub[65*2]; + word32 pubLen, pubLenX, pubLenY; + const char qx[] = "7a4e287890a1a47ad3457e52f2f76a83" + "ce46cbc947616d0cbaa82323818a793d"; + const char qy[] = "eec4084f5b29ebf29c44cce3b3059610" + "922f8b30ea6e8811742ac7238fe87308"; + const char d[] = "8c14b793cb19137e323a6d2e2a870bca" + "2e7a493ec1153b3a95feb8a4873f8d08"; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (keyImp == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); +#endif + + wc_ecc_init_ex(keyImp, HEAP_HINT, devId); + + privLen = sizeof(priv); + ret = wc_ecc_export_private_only(key, priv, &privLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + pubLen = sizeof(pub); + ret = wc_ecc_export_point_der(key->idx, &key->pubkey, pub, &pubLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ecc_import_private_key(priv, privLen, pub, pubLen, keyImp); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + wc_ecc_free(keyImp); + wc_ecc_init_ex(keyImp, HEAP_HINT, devId); + + ret = wc_ecc_import_raw_ex(keyImp, qx, qy, d, ECC_SECP256R1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + wc_ecc_free(keyImp); + wc_ecc_init_ex(keyImp, HEAP_HINT, devId); + + curve_id = wc_ecc_get_curve_id(key->idx); + if (curve_id < 0) { + ret = WC_TEST_RET_ENC_EC(curve_id); + goto done; + } + + /* test import private only */ + ret = wc_ecc_import_private_key_ex(priv, privLen, NULL, 0, keyImp, + curve_id); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + wc_ecc_free(keyImp); + wc_ecc_init_ex(keyImp, HEAP_HINT, devId); + + /* test export public raw */ + pubLenX = pubLenY = 32; + ret = wc_ecc_export_public_raw(key, pub, &pubLenX, &pub[32], &pubLenY); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifndef HAVE_SELFTEST + /* test import of public */ + ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], NULL, ECC_SECP256R1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif + + wc_ecc_free(keyImp); + wc_ecc_init_ex(keyImp, HEAP_HINT, devId); + + /* test export private and public raw */ + pubLenX = pubLenY = privLen = 32; + ret = wc_ecc_export_private_raw(key, pub, &pubLenX, &pub[32], &pubLenY, + priv, &privLen); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifndef HAVE_SELFTEST + /* test import of private and public */ + ret = wc_ecc_import_unsigned(keyImp, pub, &pub[32], priv, ECC_SECP256R1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif + +done: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (keyImp != NULL) { + wc_ecc_free(keyImp); + XFREE(keyImp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_ecc_free(keyImp); +#endif + + return ret; +} +#endif /* HAVE_ECC_KEY_IMPORT && HAVE_ECC_KEY_EXPORT */ + +#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \ + !defined(WOLFSSL_CRYPTOCELL) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) +static wc_test_ret_t ecc_mulmod_test(ecc_key* key1) +{ + wc_test_ret_t ret; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key *key2 = (ecc_key *)XMALLOC(sizeof *key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ecc_key *key3 = (ecc_key *)XMALLOC(sizeof *key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + ecc_key key2[1]; + ecc_key key3[1]; +#endif +#ifdef WOLFSSL_PUBLIC_MP + mp_int* priv; +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((key2 == NULL) || (key3 == NULL)) + ERROR_OUT(MEMORY_E, done); +#endif + + wc_ecc_init_ex(key2, HEAP_HINT, devId); + wc_ecc_init_ex(key3, HEAP_HINT, devId); + + /* TODO: Use test data, test with WOLFSSL_VALIDATE_ECC_IMPORT. */ + /* Need base point (Gx,Gy) and parameter A - load them as the public and + * private key in key2. + */ + ret = wc_ecc_import_raw_ex(key2, key1->dp->Gx, key1->dp->Gy, key1->dp->Af, + ECC_SECP256R1); + if (ret != 0) + goto done; + + /* Need a point (Gx,Gy) and prime - load them as the public and private key + * in key3. + */ + ret = wc_ecc_import_raw_ex(key3, key1->dp->Gx, key1->dp->Gy, + key1->dp->prime, ECC_SECP256R1); + if (ret != 0) + goto done; + + ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey, + wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3), + 1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifdef WOLFSSL_PUBLIC_MP + priv = wc_ecc_key_get_priv(key1); + mp_zero(priv); + ret = wc_ecc_mulmod(wc_ecc_key_get_priv(key1), &key2->pubkey, &key3->pubkey, + wc_ecc_key_get_priv(key2), wc_ecc_key_get_priv(key3), + 1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (!wc_ecc_point_is_at_infinity(&key3->pubkey)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + if (mp_cmp_d(key3->pubkey.z, 1) != MP_EQ) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } +#endif + +done: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (key2 != NULL) { + wc_ecc_free(key2); + XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (key3 != NULL) { + wc_ecc_free(key3); + XFREE(key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_ecc_free(key3); + wc_ecc_free(key2); +#endif + + return ret; +} +#endif + +#if defined(HAVE_ECC_DHE) && !defined(WC_NO_RNG) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) && !defined(PLUTON_CRYPTO_ECC) && \ + !defined(WOLFSSL_CRYPTOCELL) +static wc_test_ret_t ecc_ssh_test(ecc_key* key, WC_RNG* rng) +{ + wc_test_ret_t ret; + byte out[128]; + word32 outLen = sizeof(out); + + /* Parameter Validation testing. */ + ret = wc_ecc_shared_secret_ssh(NULL, &key->pubkey, out, &outLen); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ecc_shared_secret_ssh(key, NULL, out, &outLen); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, NULL, &outLen); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + +#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ + !defined(HAVE_SELFTEST) + ret = wc_ecc_set_rng(key, rng); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); +#else + (void)rng; +#endif + + /* Use API. */ + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_shared_secret_ssh(key, &key->pubkey, out, &outLen); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + TEST_SLEEP(); + return 0; +} +#endif /* HAVE_ECC_DHE && !WC_NO_RNG */ + +static wc_test_ret_t ecc_def_curve_test(WC_RNG *rng) +{ + wc_test_ret_t ret; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + ecc_key key[1]; +#endif +#if !defined(NO_ECC_SECP) && !defined(NO_ASN) && \ + ((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \ + (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT))) + word32 idx = 0; +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (key == NULL) + ERROR_OUT(MEMORY_E, done); +#endif + + wc_ecc_init_ex(key, HEAP_HINT, devId); + + /* Use API */ + ret = wc_ecc_set_flags(NULL, 0); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_ecc_set_flags(key, 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#ifndef WOLF_CRYPTO_CB_ONLY_ECC +#ifndef WC_NO_RNG + ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key); + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); + #endif + if (ret != 0) { + goto done; + } + + #if !defined(NO_SIG_WRAPPER) && !defined(NO_ECC_SIGN) + ret = ecc_sig_test(rng, key); + if (ret < 0) + goto done; + #endif + TEST_SLEEP(); + + #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_CRYPTOCELL) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) + ret = ecc_ssh_test(key, rng); + if (ret < 0) + goto done; + #endif + + wc_ecc_free(key); +#else + (void)rng; +#endif /* !WC_NO_RNG */ + +#if !defined(NO_ECC_SECP) && !defined(NO_ASN) && \ + ((defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT)) || \ + (defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT))) + /* Use test ECC key - ensure real private "d" exists */ + #if defined(USE_CERT_BUFFERS_256) + { + ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key, + sizeof_ecc_key_der_256); + } + #elif !defined(NO_FILESYSTEM) + { + XFILE file = XFOPEN(eccKeyDerFile, "rb"); + byte der[128]; + word32 derSz; + if (!file) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } + derSz = (word32)XFREAD(der, 1, sizeof(der), file); + XFCLOSE(file); + if (derSz == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + ret = wc_EccPrivateKeyDecode(der, &idx, key, derSz); + } + #else + { + (void)idx; + WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(3)"); + ERROR_OUT(ASN_PARSE_E, done); + } + #endif + if (ret != 0) { + goto done; + } + +#if defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) + ret = ecc_exp_imp_test(key); + if (ret < 0) + goto done; +#endif +#if defined(HAVE_ECC_KEY_IMPORT) && !defined(WOLFSSL_VALIDATE_ECC_IMPORT) && \ + !defined(WOLFSSL_CRYPTOCELL) + ret = ecc_mulmod_test(key); + if (ret < 0) + goto done; +#endif +#endif +#else + (void)rng; + (void)idx; +#endif /* WOLF_CRYPTO_CB_ONLY_ECC */ +done: + + wc_ecc_free(key); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} +#endif /* !NO_ECC256 || HAVE_ALL_CURVES */ + +#if defined(WOLFSSL_CERT_EXT) && \ + (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 +static wc_test_ret_t ecc_decode_test(void) +{ + wc_test_ret_t ret; + word32 inSz; + word32 inOutIdx; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + ecc_key key[1]; +#endif + + /* SECP256R1 OID: 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07 */ + + /* This is ecc_clikeypub_der_256. */ + WOLFSSL_SMALL_STACK_STATIC const byte good[] = { + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, + 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0x03, 0x42, 0x00, 0x04, 0x55, 0xbf, 0xf4, + 0x0f, 0x44, 0x50, 0x9a, 0x3d, 0xce, 0x9b, 0xb7, 0xf0, 0xc5, + 0x4d, 0xf5, 0x70, 0x7b, 0xd4, 0xec, 0x24, 0x8e, 0x19, 0x80, + 0xec, 0x5a, 0x4c, 0xa2, 0x24, 0x03, 0x62, 0x2c, 0x9b, 0xda, + 0xef, 0xa2, 0x35, 0x12, 0x43, 0x84, 0x76, 0x16, 0xc6, 0x56, + 0x95, 0x06, 0xcc, 0x01, 0xa9, 0xbd, 0xf6, 0x75, 0x1a, 0x42, + 0xf7, 0xbd, 0xa9, 0xb2, 0x36, 0x22, 0x5f, 0xc7, 0x5d, 0x7f, + 0xb4 }; + WOLFSSL_SMALL_STACK_STATIC const byte badNoObjId[] = { 0x30, 0x08, 0x30, 0x06, 0x03, 0x04, + 0x00, 0x04, 0x01, 0x01 }; + WOLFSSL_SMALL_STACK_STATIC const byte badOneObjId[] = { 0x30, 0x0a, 0x30, 0x08, 0x06, 0x00, + 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; + WOLFSSL_SMALL_STACK_STATIC const byte badObjId1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x09, + 0x06, 0x00, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; + WOLFSSL_SMALL_STACK_STATIC const byte badObj2d1Len[] = { 0x30, 0x0c, 0x30, 0x0a, 0x06, 0x00, + 0x06, 0x07, 0x03, 0x04, 0x00, 0x04, 0x01, 0x01 }; + WOLFSSL_SMALL_STACK_STATIC const byte badNotBitStr[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, + 0x04, 0x04, 0x00, 0x04, 0x01, 0x01 }; + WOLFSSL_SMALL_STACK_STATIC const byte badBitStrLen[] = { 0x30, 0x14, 0x30, 0x0b, 0x06, 0x00, + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, + 0x03, 0x05, 0x00, 0x04, 0x01, 0x01 }; + WOLFSSL_SMALL_STACK_STATIC const byte badNoBitStrZero[] = { 0x30, 0x13, 0x30, 0x0a, 0x06, 0x00, + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, + 0x03, 0x03, 0x04, 0x01, 0x01 }; + WOLFSSL_SMALL_STACK_STATIC const byte badPoint[] = { 0x30, 0x12, 0x30, 0x09, 0x06, 0x00, + 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, + 0x03, 0x03, 0x00, 0x04, 0x01 }; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (key == NULL) + ERROR_OUT(MEMORY_E, done); +#endif + + XMEMSET(key, 0, sizeof *key); + wc_ecc_init_ex(key, HEAP_HINT, devId); + + inSz = sizeof(good); + ret = wc_EccPublicKeyDecode(NULL, &inOutIdx, key, inSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_EccPublicKeyDecode(good, NULL, key, inSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_EccPublicKeyDecode(good, &inOutIdx, NULL, inSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, 0); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + + /* Change offset to produce bad input data. */ + inOutIdx = 2; + inSz = sizeof(good) - inOutIdx; + ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + inOutIdx = 4; + inSz = sizeof(good) - inOutIdx; + ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + /* Bad data. */ + inSz = sizeof(badNoObjId); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(badNoObjId, &inOutIdx, key, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_OBJECT_ID_E) && + ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) + { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + inSz = sizeof(badOneObjId); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(badOneObjId, &inOutIdx, key, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_OBJECT_ID_E) && + ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) + { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + inSz = sizeof(badObjId1Len); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(badObjId1Len, &inOutIdx, key, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + inSz = sizeof(badObj2d1Len); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(badObj2d1Len, &inOutIdx, key, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + inSz = sizeof(badNotBitStr); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(badNotBitStr, &inOutIdx, key, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_BITSTR_E) && + ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) + { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + inSz = sizeof(badBitStrLen); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(badBitStrLen, &inOutIdx, key, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + inSz = sizeof(badNoBitStrZero); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(badNoBitStrZero, &inOutIdx, key, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_EXPECT_0_E) && + ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) + { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + inSz = sizeof(badPoint); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(badPoint, &inOutIdx, key, inSz); + if (ret != WC_NO_ERR_TRACE(ASN_ECC_KEY_E) && + ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) + { + ret = WC_TEST_RET_ENC_EC(ret); + goto done; + } + + inSz = sizeof(good); + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(good, &inOutIdx, key, inSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +done: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (key != NULL) { + wc_ecc_free(key); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_ecc_free(key); +#endif + + return ret; +} +#endif /* WOLFSSL_CERT_EXT */ + +#ifdef WOLFSSL_CUSTOM_CURVES +static const byte eccKeyExplicitCurve[] = { + 0x30, 0x81, 0xf5, 0x30, 0x81, 0xae, 0x06, 0x07, + 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01, 0x30, + 0x81, 0xa2, 0x02, 0x01, 0x01, 0x30, 0x2c, 0x06, + 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x01, 0x01, + 0x02, 0x21, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, + 0xff, 0xfc, 0x2f, 0x30, 0x06, 0x04, 0x01, 0x00, + 0x04, 0x01, 0x07, 0x04, 0x41, 0x04, 0x79, 0xbe, + 0x66, 0x7e, 0xf9, 0xdc, 0xbb, 0xac, 0x55, 0xa0, + 0x62, 0x95, 0xce, 0x87, 0x0b, 0x07, 0x02, 0x9b, + 0xfc, 0xdb, 0x2d, 0xce, 0x28, 0xd9, 0x59, 0xf2, + 0x81, 0x5b, 0x16, 0xf8, 0x17, 0x98, 0x48, 0x3a, + 0xda, 0x77, 0x26, 0xa3, 0xc4, 0x65, 0x5d, 0xa4, + 0xfb, 0xfc, 0x0e, 0x11, 0x08, 0xa8, 0xfd, 0x17, + 0xb4, 0x48, 0xa6, 0x85, 0x54, 0x19, 0x9c, 0x47, + 0xd0, 0x8f, 0xfb, 0x10, 0xd4, 0xb8, 0x02, 0x21, + 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xfe, 0xba, 0xae, 0xdc, 0xe6, 0xaf, 0x48, 0xa0, + 0x3b, 0xbf, 0xd2, 0x5e, 0x8c, 0xd0, 0x36, 0x41, + 0x41, 0x02, 0x01, 0x01, 0x03, 0x42, 0x00, 0x04, + 0x3c, 0x4c, 0xc9, 0x5e, 0x2e, 0xa2, 0x3d, 0x49, + 0xcc, 0x5b, 0xff, 0x4f, 0xc9, 0x2e, 0x1d, 0x4a, + 0xc6, 0x21, 0xf6, 0xf3, 0xe6, 0x0b, 0x4f, 0xa9, + 0x9d, 0x74, 0x99, 0xdd, 0x97, 0xc7, 0x6e, 0xbe, + 0x14, 0x2b, 0x39, 0x9d, 0x63, 0xc7, 0x97, 0x0d, + 0x45, 0x25, 0x40, 0x30, 0x77, 0x05, 0x76, 0x88, + 0x38, 0x96, 0x29, 0x7d, 0x9c, 0xe1, 0x50, 0xbe, + 0xac, 0xf0, 0x1d, 0x86, 0xf4, 0x2f, 0x65, 0x0b +}; + +static wc_test_ret_t ecc_test_custom_curves(WC_RNG* rng) +{ + wc_test_ret_t ret; + word32 inOutIdx; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key *key = (ecc_key *)XMALLOC(sizeof *key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + ecc_key key[1]; +#endif + + /* test use of custom curve - using BRAINPOOLP256R1 for test */ +#if defined(HAVE_ECC_BRAINPOOL) && !defined(HAVE_INTEL_QA) + #ifndef WOLFSSL_ECC_CURVE_STATIC + WOLFSSL_SMALL_STACK_STATIC const ecc_oid_t ecc_oid_brainpoolp256r1[] = { + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 + }; + #define ecc_oid_brainpoolp256r1_sz \ + (sizeof(ecc_oid_brainpoolp256r1) / sizeof(ecc_oid_t)) + #else + #define ecc_oid_brainpoolp256r1 { \ + 0x2B,0x24,0x03,0x03,0x02,0x08,0x01,0x01,0x07 \ + } + #define ecc_oid_brainpoolp256r1_sz 9 + #endif + #define ecc_oid_brainpoolp256r1_sum 104 + + WOLFSSL_SMALL_STACK_STATIC const ecc_set_type ecc_dp_brainpool256r1 = { + 32, /* size/bytes */ + ECC_CURVE_CUSTOM, /* ID */ + "BRAINPOOLP256R1", /* curve name */ + "A9FB57DBA1EEA9BC3E660A909D838D726E3BF623D52620282013481D1F6E5377", /* prime */ + "7D5A0975FC2C3057EEF67530417AFFE7FB8055C126DC5C6CE94A4B44F330B5D9", /* A */ + "26DC5C6CE94A4B44F330B5D9BBD77CBF958416295CF7E1CE6BCCDC18FF8C07B6", /* B */ + "A9FB57DBA1EEA9BC3E660A909D838D718C397AA3B561A6F7901E0E82974856A7", /* order */ + "8BD2AEB9CB7E57CB2C4B482FFC81B7AFB9DE27E1E3BD23C23A4453BD9ACE3262", /* Gx */ + "547EF835C3DAC4FD97F8461A14611DC9C27745132DED8E545C1D54C72F046997", /* Gy */ + ecc_oid_brainpoolp256r1, /* oid/oidSz */ + ecc_oid_brainpoolp256r1_sz, + ecc_oid_brainpoolp256r1_sum, /* oid sum */ + 1, /* cofactor */ + }; +#endif /* HAVE_ECC_BRAINPOOL */ + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (! key) { + ret = MEMORY_E; + goto done; + } +#endif + + XMEMSET(key, 0, sizeof *key); + +#if defined(HAVE_ECC_BRAINPOOL) && !defined(HAVE_INTEL_QA) + ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, ECC_CURVE_DEF, + &ecc_dp_brainpool256r1); + if (ret != 0) { + printf("ECC test for custom curve failed!\n"); + goto done; + } +#endif + +#if defined(HAVE_ECC_BRAINPOOL) || defined(HAVE_ECC_KOBLITZ) + { + int curve_id; + #ifdef HAVE_ECC_BRAINPOOL + curve_id = ECC_BRAINPOOLP256R1; + #else + curve_id = ECC_SECP256K1; + #endif + /* Test and demonstrate use of non-SECP curve */ + ret = ecc_test_curve_size(rng, 0, ECC_TEST_VERIFY_COUNT, curve_id, NULL); + if (ret < 0) { + printf("ECC test for curve_id %d failed!\n", curve_id); + goto done; + } + } +#endif + + ret = wc_ecc_init_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + inOutIdx = 0; + ret = wc_EccPublicKeyDecode(eccKeyExplicitCurve, &inOutIdx, key, + sizeof(eccKeyExplicitCurve)); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + + done: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (key) { + wc_ecc_free(key); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_ecc_free(key); +#endif + + (void)rng; + + return ret; +} +#endif /* WOLFSSL_CUSTOM_CURVES */ + +#ifdef WOLFSSL_SM2 +#ifdef HAVE_ECC_VERIFY +#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_CUSTOM_CURVES) + #ifdef HAVE_OID_ENCODING + #define CODED_SM2P256V1 {1,2,156,10197,1,301} + #define CODED_SM2P256V1_SZ 6 + #else + #define CODED_SM2P256V1 {0x06,0x08,0x2A,0x81,0x1C,0xCF,0x55,0x01,0x82,0x2D} + #define CODED_SM2P256V1_SZ 10 + #endif + #ifndef WOLFSSL_ECC_CURVE_STATIC + static const ecc_oid_t ecc_oid_sm2p256v1[] = CODED_SM2P256V1; + #else + #define ecc_oid_sm2p256v1 CODED_SM2P256V1 + #endif + #define ecc_oid_sm2p256v1_sz CODED_SM2P256V1_SZ + #define ECC_SM2P256V1_TEST 102 +static int test_sm2_verify_caseA2(void) +{ + ecc_key key; + int ret, res; + mp_int r,s; + + /* test key values */ + const char qx[] = "0AE4C7798AA0F119471BEE11825BE46202BB79E2A5844495E97C04FF4DF2548A"; + const char qy[] = "7C0240F88F1CD4E16352A73C17B7F16F07353E53A176D684A9FE0C6BB798E857"; + const char d[] = "128B2FA8BD433C6C068C8D803DFF79792A519A55171B1B650C23661D15897263"; + + const ecc_set_type ecc_sm2_A2 = { + 32, /* size/bytes */ + ECC_SM2P256V1_TEST, /* ID */ + "SM2P256V1_TEST", /* curve name */ + + /* from test case A.2 in draft-shen-sm2-ecdsa-02 */ + "8542D69E4C044F18E8B92435BF6FF7DE457283915C45517D722EDB8B08F1DFC3", /* prime */ + "787968B4FA32C3FD2417842E73BBFEFF2F3C848B6831D7E0EC65228B3937E498", /* A */ + "63E4C6D3B23B0C849CF84241484BFE48F61D59A5B16BA06E6E12D1DA27C5249A", /* B */ + "8542D69E4C044F18E8B92435BF6FF7DD297720630485628D5AE74EE7C32E79B7", /* order n */ + "421DEBD61B62EAB6746434EBC3CC315E32220B3BADD50BDC4C4E6C147FEDD43D", /* Gx */ + "0680512BCBB42C07D47349D2153B70C4E5D7FDFCBFA36EA1A85841B9E46E09A2", /* Gy */ + ecc_oid_sm2p256v1, /* oid/oidSz */ + ecc_oid_sm2p256v1_sz, + ECC_SM2P256V1_OID, /* oid sum */ + 1, /* cofactor */ + }; + + /* use canned hash value hash = H(ZA||M) */ + const byte hash[] = { + 0xB5,0x24,0xF5,0x52,0xCD,0x82,0xB8,0xB0, + 0x28,0x47,0x6E,0x00,0x5C,0x37,0x7F,0xB1, + 0x9A,0x87,0xE6,0xFC,0x68,0x2D,0x48,0xBB, + 0x5D,0x42,0xE3,0xD9,0xB9,0xEF,0xFE,0x76 + }; + + /* canned r and s */ + const byte rCan[] = { + 0x40,0xF1,0xEC,0x59,0xF7,0x93,0xD9,0xF4, + 0x9E,0x09,0xDC,0xEF,0x49,0x13,0x0D,0x41, + 0x94,0xF7,0x9F,0xB1,0xEE,0xD2,0xCA,0xA5, + 0x5B,0xAC,0xDB,0x49,0xC4,0xE7,0x55,0xD1 + }; + + const byte sCan[] = { + 0x6F,0xC6,0xDA,0xC3,0x2C,0x5D,0x5C,0xF1, + 0x0C,0x77,0xDF,0xB2,0x0F,0x7C,0x2E,0xB6, + 0x67,0xA4,0x57,0x87,0x2F,0xB0,0x9E,0xC5, + 0x63,0x27,0xA6,0x7E,0xC7,0xDE,0xEB,0xE7 + }; + mp_init(&r); + mp_init(&s); + + ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ecc_set_custom_curve(&key, &ecc_sm2_A2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ecc_import_raw_ex(&key, qx, qy, d, ECC_SM2P256V1_TEST); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + mp_read_unsigned_bin(&r, rCan, sizeof(rCan)); + mp_read_unsigned_bin(&s, sCan, sizeof(sCan)); + + ret = wc_ecc_sm2_verify_hash_ex(&r, &s, hash, sizeof(hash), &res, &key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + if (res != 1) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + +done: + mp_free(&r); + mp_free(&s); + wc_ecc_free(&key); + return ret; +} +#endif /* WOLFSSL_PUBLIC_MP && WOLFSSL_CUSTOM_CURVES */ + +static int test_sm2_verify_case(void) +{ + ecc_key key; + int ret, res; + + /* test key values */ + const char qx[] = "637F1B135036C933DC3F7A8EBB1B7B2FD1DFBD268D4F894B5AD47DBDBECD558F"; + const char qy[] = "E88101D08048E36CCBF61CA38DDF7ABA542B4486E99E49F3A7470A857A096433"; + + /* use canned hash value hash = H(ZA||M) */ + const byte hash[] = { + 0x3B,0xFA,0x5F,0xFB,0xC4,0x27,0x8C,0x9D, + 0x02,0x3A,0x19,0xCB,0x1E,0xAA,0xD2,0xF1, + 0x50,0x69,0x5B,0x20 + }; + + const byte sig[] = { + 0x30,0x45,0x02,0x21,0x00,0xD2,0xFC,0xA3, + 0x88,0xE3,0xDF,0xA3,0x00,0x73,0x9B,0x3C, + 0x2A,0x0D,0xAD,0x44,0xA2,0xFC,0x62,0xD5, + 0x6B,0x84,0x54,0xD8,0x40,0x22,0x62,0x3D, + 0x5C,0xA6,0x61,0x9B,0xE7,0x02,0x20,0x1D, + 0xB5,0xB5,0xD9,0xD8,0xF1,0x20,0xDD,0x97, + 0x92,0xBF,0x7E,0x9B,0x3F,0xE6,0x3C,0x4B, + 0x03,0xD8,0x80,0xBD,0xB7,0x27,0x7E,0x6A, + 0x84,0x23,0xDE,0x61,0x7C,0x8D,0xDC + }; + + const byte badSig[] = { + 0x30,0x45,0x02,0x21,0x00,0xD2,0xFC,0xA3, + 0x88,0xE3,0xDF,0xA3,0x00,0x73,0x9B,0x3C, + 0x2A,0x0D,0xAD,0x44,0xA2,0xFC,0x62,0xD5, + 0x6B,0x84,0x54,0xD8,0x40,0x22,0x62,0x3D, + 0x5C,0xA6,0x61,0x9B,0xE7,0x02,0x20,0x1D, + 0xB5,0xB5,0xE9,0xD8,0xF1,0x20,0xDD,0x97, + 0x92,0xBF,0x7E,0x9B,0x3F,0xE6,0x3C,0x4B, + 0x03,0xD8,0x80,0xBD,0xB7,0x27,0x7E,0x6A, + 0x84,0x23,0xDE,0x61,0x7C,0x8D,0xDC + }; + + + ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_ecc_import_raw(&key, qx, qy, NULL, "SM2P256V1"); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ecc_sm2_verify_hash(sig, sizeof(sig), hash, sizeof(hash), &res, + &key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + if (res != 1) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + + /* now test a case that should fail */ + ret = wc_ecc_sm2_verify_hash(badSig, sizeof(badSig), hash, sizeof(hash), + &res, &key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + if (res == 1) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); +done: + wc_ecc_free(&key); + return ret; +} + +static int ecc_sm2_test_curve(WC_RNG* rng, int testVerifyCount) +{ + const ecc_set_type* dp = wc_ecc_get_curve_params( + wc_ecc_get_curve_idx(ECC_SM2P256V1)); + int keySize = 32; + int curve_id = ECC_SM2P256V1; +#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) + WC_DECLARE_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT); + WC_DECLARE_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT); +#endif +#ifdef HAVE_ECC_KEY_EXPORT + #define ECC_KEY_EXPORT_BUF_SIZE (MAX_ECC_BYTES * 2 + 32) + WC_DECLARE_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT); +#endif + word32 x = 0; +#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) + word32 y; +#endif +#ifdef HAVE_ECC_SIGN + WC_DECLARE_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); + WC_DECLARE_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT); + int i; + int verify; +#endif /* HAVE_ECC_SIGN */ + int ret; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key *userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ecc_key *userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ecc_key *pubKey = (ecc_key *)XMALLOC(sizeof *pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + ecc_key userA[1]; + ecc_key userB[1]; + ecc_key pubKey[1]; +#endif +#ifndef WC_NO_RNG + int curveSize; +#endif + +#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) + WC_ALLOC_VAR(sharedA, byte, ECC_SHARED_SIZE, HEAP_HINT); + WC_ALLOC_VAR(sharedB, byte, ECC_SHARED_SIZE, HEAP_HINT); +#endif +#ifdef HAVE_ECC_KEY_EXPORT + WC_ALLOC_VAR(exportBuf, byte, ECC_KEY_EXPORT_BUF_SIZE, HEAP_HINT); +#endif +#ifdef HAVE_ECC_SIGN + WC_ALLOC_VAR(sig, byte, ECC_SIG_SIZE, HEAP_HINT); + WC_ALLOC_VAR(digest, byte, ECC_DIGEST_SIZE, HEAP_HINT); +#endif + +#ifdef WC_DECLARE_VAR_IS_HEAP_ALLOC +#if (defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH)) && !defined(WC_NO_RNG) + if (sharedA == NULL || sharedB == NULL) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); +#endif + +#ifdef HAVE_ECC_KEY_EXPORT + if (exportBuf == NULL) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); +#endif + +#ifdef HAVE_ECC_SIGN + if (sig == NULL || digest == NULL) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); +#endif +#endif /* WOLFSSL_SMALL_STACK && !WOLFSSL_NO_MALLOC */ + + (void)testVerifyCount; + (void)dp; + (void)x; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((userA == NULL) || + (userB == NULL) || + (pubKey == NULL)) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); +#endif + + XMEMSET(userA, 0, sizeof *userA); + XMEMSET(userB, 0, sizeof *userB); + XMEMSET(pubKey, 0, sizeof *pubKey); + + ret = wc_ecc_init_ex(userA, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_ecc_init_ex(userB, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifndef WC_NO_RNG + ret = wc_ecc_sm2_make_key(rng, userA, WC_ECC_FLAG_NONE); + if (ret == WC_NO_ERR_TRACE(ECC_CURVE_OID_E)) + goto done; /* catch case, where curve is not supported */ + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + + if (wc_ecc_get_curve_idx(curve_id) != -1) { + curveSize = wc_ecc_get_curve_size_from_id(userA->dp->id); + if (curveSize != userA->dp->size) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + } + + ret = wc_ecc_check_key(userA); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + + ret = wc_ecc_sm2_make_key(rng, userB, WC_ECC_FLAG_NONE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + /* only perform the below tests if the key size matches */ + if (dp == NULL && keySize > 0 && wc_ecc_size(userA) != keySize) + if (ret != 0) { + ret = ECC_CURVE_OID_E; + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + } + +#ifdef HAVE_ECC_DHE +#if defined(ECC_TIMING_RESISTANT) + ret = wc_ecc_set_rng(userA, rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_ecc_set_rng(userB, rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif + + x = ECC_SHARED_SIZE; + ret = wc_ecc_sm2_shared_secret(userA, userB, sharedA, &x); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + y = ECC_SHARED_SIZE; + ret = wc_ecc_sm2_shared_secret(userB, userA, sharedB, &y); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + if (y != x) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + + if (XMEMCMP(sharedA, sharedB, x)) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); +#endif /* HAVE_ECC_DHE */ + +#ifdef HAVE_ECC_KEY_EXPORT + x = ECC_KEY_EXPORT_BUF_SIZE; + ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifdef HAVE_ECC_KEY_IMPORT + ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifdef HAVE_ECC_DHE + y = ECC_SHARED_SIZE; + ret = wc_ecc_sm2_shared_secret(userB, pubKey, sharedB, &y); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + if (XMEMCMP(sharedA, sharedB, y)) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); +#endif /* HAVE_ECC_DHE */ + + #ifdef HAVE_COMP_KEY + /* try compressed export / import too */ + x = ECC_KEY_EXPORT_BUF_SIZE; + ret = wc_ecc_export_x963_ex(userA, exportBuf, &x, 1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + wc_ecc_free(pubKey); + + ret = wc_ecc_init_ex(pubKey, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + #endif + ret = wc_ecc_import_x963_ex(exportBuf, x, pubKey, curve_id); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + #ifdef HAVE_ECC_DHE + y = ECC_SHARED_SIZE; + ret = wc_ecc_sm2_shared_secret(userB, pubKey, sharedB, &y); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + if (XMEMCMP(sharedA, sharedB, y)) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + #endif /* HAVE_ECC_DHE */ + +#endif /* HAVE_ECC_KEY_IMPORT */ +#endif /* HAVE_ECC_KEY_EXPORT */ +#endif /* !WC_NO_RNG */ + +#if !defined(ECC_TIMING_RESISTANT) || (defined(ECC_TIMING_RESISTANT) && \ + !defined(WC_NO_RNG)) +#ifdef HAVE_ECC_SIGN + /* ECC w/out Shamir has issue with all 0 digest */ + /* WC_BIGINT doesn't have 0 len well on hardware */ + /* Cryptocell has issues with all 0 digest */ +#if defined(ECC_SHAMIR) + /* test DSA sign hash with zeros */ + for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) { + digest[i] = 0; + } + + x = ECC_SIG_SIZE; + ret = wc_ecc_sm2_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + for (i = 0; i < testVerifyCount; i++) { + verify = 0; + ret = wc_ecc_sm2_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify, + userA); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } +#endif /* ECC_SHAMIR */ + + /* test DSA sign hash with sequence (0,1,2,3,4,...) */ + for (i = 0; i < (int)ECC_DIGEST_SIZE; i++) { + digest[i] = (byte)i; + } + + x = ECC_SIG_SIZE; + ret = wc_ecc_sm2_sign_hash(digest, ECC_DIGEST_SIZE, sig, &x, rng, userA); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + for (i = 0; i < testVerifyCount; i++) { + verify = 0; + ret = wc_ecc_sm2_verify_hash(sig, x, digest, ECC_DIGEST_SIZE, &verify, + userA); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } +#endif /* HAVE_ECC_SIGN */ +#endif /* !ECC_TIMING_RESISTANT || (ECC_TIMING_RESISTANT && !WC_NO_RNG) */ + +#if defined(HAVE_ECC_KEY_EXPORT) && !defined(WC_NO_RNG) + x = ECC_KEY_EXPORT_BUF_SIZE; + ret = wc_ecc_export_private_only(userA, exportBuf, &x); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#elif defined(HAVE_ECC_KEY_EXPORT) + (void)exportBuf; +#endif /* HAVE_ECC_KEY_EXPORT */ + +done: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (userA != NULL) { + wc_ecc_free(userA); + XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (userB != NULL) { + wc_ecc_free(userB); + XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (pubKey != NULL) { + wc_ecc_free(pubKey); + XFREE(pubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_ecc_free(pubKey); + wc_ecc_free(userB); + wc_ecc_free(userA); +#endif + +#if defined(HAVE_ECC_DHE) || defined(HAVE_ECC_CDH) + WC_FREE_VAR(sharedA, HEAP_HINT); + WC_FREE_VAR(sharedB, HEAP_HINT); +#endif +#ifdef HAVE_ECC_KEY_EXPORT + WC_FREE_VAR(exportBuf, HEAP_HINT); +#endif +#ifdef HAVE_ECC_SIGN + WC_FREE_VAR(sig, HEAP_HINT); + WC_FREE_VAR(digest, HEAP_HINT); +#endif + + (void)keySize; + (void)curve_id; + (void)rng; + + return ret; +} +#endif /* HAVE_ECC_VERIFY */ + +static int test_sm2_create_digest(void) +{ +#ifndef WOLFSSL_SM3 + const byte msg[] = "message to sign"; + const byte id[] = "0123456789"; + const byte badId[] = "0123556789"; + byte expected[] = { + 0xdd, 0x4d, 0x65, 0x49, 0xa3, 0x64, 0x76, 0xc0, + 0x73, 0x05, 0xdc, 0x05, 0x16, 0xb5, 0xee, 0x9f, + 0x82, 0xf9, 0xe9, 0x7d, 0x01, 0x1a, 0xdc, 0x88, + 0x5a, 0x59, 0x9c, 0x44, 0xcc, 0x47, 0xa4, 0x78 + }; + ecc_key key; + int ret; + + /* test key values */ + const char qx[] = + "af178b7b8740cc9d5b493fbd22049c12621bc27dcc5802e75ff4d045a4158baf"; + const char qy[] = + "89933faf7a4798f48c5b9b4cd3a7693d54c9e05449946eb489c0dd50a5294805"; + const char d[] = + "b3e66c2dbfb50c6ff6830c1fac4b51293a2562f9e667052b03df2d4b43c1f34a"; + int hash_type = WC_HASH_TYPE_SHA256; + byte digest[WC_SHA256_DIGEST_SIZE]; +#else + ecc_key key; + int ret; + const byte msg[] = { 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x20, + 0x64, 0x69, 0x67, 0x65, 0x73, 0x74, 0x00 }; + const byte id[] = { 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, + 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, + 0x00 }; + const byte badId[] = "0123556789"; + const char qx[] = + "09F9DF311E5421A150DD7D161E4BC5C672179FAD1833FC076BB08FF356F35020"; + const char qy[] = + "CCEA490CE26775A52DC6EA718CC1AA600AED05FBF35E084A6632F6072DA9AD13"; + const char d[] = + "3945208F7B2144B13F36E38AC6D39F95889393692860B51A42FB81EF4DF7C5B8"; + byte expected[] = { + 0xf0, 0xb4, 0x3e, 0x94, 0xba, 0x45, 0xac, 0xca, + 0xac, 0xe6, 0x92, 0xed, 0x53, 0x43, 0x82, 0xeb, + 0x17, 0xe6, 0xab, 0x5a, 0x19, 0xce, 0x7b, 0x31, + 0xf4, 0x48, 0x6f, 0xdf, 0xc0, 0xd2, 0x86, 0x40 + }; + int hash_type = WC_HASH_TYPE_SM3; + byte digest[WC_SM3_DIGEST_SIZE]; +#endif + + ret = wc_ecc_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ecc_import_raw(&key, qx, qy, d, "SM2P256V1"); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ecc_sm2_create_digest(id, (int)XSTRLEN((const char*)id), + msg, (int)XSTRLEN((const char*)msg), hash_type, digest, sizeof(digest), + &key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + if (XMEMCMP(digest, expected, WC_SHA256_DIGEST_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + + ret = wc_ecc_sm2_create_digest(badId, (int)XSTRLEN((const char*)badId), + msg, (int)XSTRLEN((const char*)msg), hash_type, digest, sizeof(digest), + &key); + if (ret != 0) + goto done; + + /* should be different than the previous ID used */ + if (XMEMCMP(digest, expected, WC_SHA256_DIGEST_SIZE) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); +done: + wc_ecc_free(&key); + return ret; +} + +static int test_sm2_verify(void) +{ + int ret = 0; + +#ifdef HAVE_ECC_VERIFY +#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_CUSTOM_CURVES) + ret = test_sm2_verify_caseA2(); + if (ret != 0) + return ret; +#endif + + ret = test_sm2_verify_case(); + if (ret != 0) + return ret; +#endif /* HAVE_ECC_VERIFY */ + + ret = test_sm2_create_digest(); + + return ret; +} +#endif /* WOLFSSL_SM2 */ + + +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \ + !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) + +/* Make Cert / Sign example for ECC cert and ECC CA */ +static wc_test_ret_t ecc_test_cert_gen(WC_RNG* rng) +{ + wc_test_ret_t ret; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Cert *myCert = (Cert *)XMALLOC(sizeof *myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #ifdef WOLFSSL_TEST_CERT + DecodedCert *decode = (DecodedCert *)XMALLOC(sizeof *decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + ecc_key *caEccKey = (ecc_key *)XMALLOC(sizeof *caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ecc_key *certPubKey = (ecc_key *)XMALLOC(sizeof *certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + Cert myCert[1]; + #ifdef WOLFSSL_TEST_CERT + DecodedCert decode[1]; + #endif + ecc_key caEccKey[1]; + ecc_key certPubKey[1]; +#endif + int certSz; + size_t bytes = 0; + word32 idx = 0; +#if !defined(USE_CERT_BUFFERS_256) && !defined(NO_FILESYSTEM) + XFILE file; +#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* der = NULL; +#else + byte der[FOURK_BUF]; +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((myCert == NULL) + #ifdef WOLFSSL_TEST_CERT + || (decode == NULL) + #endif + || (caEccKey == NULL) || (certPubKey == NULL)) + ERROR_OUT(MEMORY_E, exit); +#endif + + XMEMSET(caEccKey, 0, sizeof *caEccKey); + XMEMSET(certPubKey, 0, sizeof *certPubKey); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + der = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit); + } +#endif + + /* Get cert private key */ +#ifdef ENABLE_ECC384_CERT_GEN_TEST + /* Get Cert Key 384 */ + #ifdef USE_CERT_BUFFERS_256 + XMEMCPY(der, ca_ecc_key_der_384, sizeof_ca_ecc_key_der_384); + bytes = sizeof_ca_ecc_key_der_384; + #elif !defined(NO_FILESYSTEM) + file = XFOPEN(eccCaKey384File, "rb"); + if (!file) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit); + } + + bytes = XFREAD(der, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit); + (void)eccCaKeyFile; + #else + WOLFSSL_MSG("No file system and USE_CERT_BUFFERS_256 not defined.(4)"); + ERROR_OUT(ASN_PARSE_E, exit); + #endif /* USE_CERT_BUFFERS_256 */ + + /* end if ENABLE_ECC384_CERT_GEN_TEST */ +#else + /* !ENABLE_ECC384_CERT_GEN_TEST */ + + #ifdef USE_CERT_BUFFERS_256 + XMEMCPY(der, ca_ecc_key_der_256, sizeof_ca_ecc_key_der_256); + bytes = sizeof_ca_ecc_key_der_256; + #else + file = XFOPEN(eccCaKeyFile, "rb"); + if (!file) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit); + } + bytes = XFREAD(der, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit); + + #ifdef ENABLE_ECC384_CERT_GEN_TEST + (void)eccCaKey384File; + #endif + #endif /* USE_CERT_BUFFERS_256 */ +#endif /* ENABLE_ECC384_CERT_GEN_TEST */ + + /* Get CA Key */ + ret = wc_ecc_init_ex(caEccKey, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + ret = wc_EccPrivateKeyDecode(der, &idx, caEccKey, (word32)bytes); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + + /* Make a public key */ + ret = wc_ecc_init_ex(certPubKey, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + + ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, certPubKey); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &certPubKey->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + TEST_SLEEP(); + + /* Setup Certificate */ + ret = wc_InitCert_ex(myCert, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + +#ifndef NO_SHA256 + myCert->sigType = CTC_SHA256wECDSA; +#else + myCert->sigType = CTC_SHAwECDSA; +#endif + XMEMCPY(&myCert->subject, &certDefaultName, sizeof(CertName)); + +#ifdef WOLFSSL_CERT_EXT + /* add Policies */ + XSTRNCPY(myCert->certPolicies[0], "2.4.589440.587.101.2.1.9632587.1", + CTC_MAX_CERTPOL_SZ); + XSTRNCPY(myCert->certPolicies[1], "1.2.13025.489.1.113549", + CTC_MAX_CERTPOL_SZ); + myCert->certPoliciesNb = 2; + + /* add SKID from the Public Key */ + ret = wc_SetSubjectKeyIdFromPublicKey(myCert, NULL, certPubKey); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + + /* add AKID from the Public Key */ + ret = wc_SetAuthKeyIdFromPublicKey(myCert, NULL, caEccKey); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + + /* add Key Usage */ + ret = wc_SetKeyUsage(myCert, certKeyUsage); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); +#endif /* WOLFSSL_CERT_EXT */ + +#ifdef ENABLE_ECC384_CERT_GEN_TEST + #if defined(USE_CERT_BUFFERS_256) + ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_384, + sizeof_ca_ecc_cert_der_384); + #elif !defined(NO_FILESYSTEM) + ret = wc_SetIssuer(myCert, eccCaCert384File); + (void)eccCaCertFile; + #else + /* not testing with embedded, no file system target */ + ERROR_OUT(ASN_PARSE_E, exit); + #endif /* USE_CERT_BUFFERS_256 */ + +#else + /* not ENABLE_ECC384_CERT_GEN_TEST */ + #if defined(USE_CERT_BUFFERS_256) + ret = wc_SetIssuerBuffer(myCert, ca_ecc_cert_der_256, + sizeof_ca_ecc_cert_der_256); + #else + ret = wc_SetIssuer(myCert, eccCaCertFile); + #ifdef ENABLE_ECC384_CERT_GEN_TEST + (void)eccCaCert384File; + #endif + #endif +#endif /* ENABLE_ECC384_CERT_GEN_TEST */ + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + + certSz = wc_MakeCert(myCert, der, FOURK_BUF, NULL, certPubKey, rng); + if (certSz < 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(certSz), exit); + } + + ret = 0; + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &caEccKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret >= 0) { + ret = wc_SignCert(myCert->bodySz, myCert->sigType, der, + FOURK_BUF, NULL, caEccKey, rng); + } + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + certSz = (int)ret; + TEST_SLEEP(); + +#ifdef WOLFSSL_TEST_CERT + InitDecodedCert(decode, der, certSz, HEAP_HINT); + ret = ParseCert(decode, CERT_TYPE, NO_VERIFY, 0); + if (ret != 0) { + FreeDecodedCert(decode); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + + } + FreeDecodedCert(decode); +#endif + + ret = SaveDerAndPem(der, certSz, certEccDerFile, certEccPemFile, + CERT_TYPE); + if (ret != 0) { + goto exit; + } + +exit: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(myCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef WOLFSSL_TEST_CERT + XFREE(decode, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + if (caEccKey != NULL) { + wc_ecc_free(caEccKey); + XFREE(caEccKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (certPubKey != NULL) { + wc_ecc_free(certPubKey); + XFREE(certPubKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_ecc_free(certPubKey); + wc_ecc_free(caEccKey); +#endif + + return ret; +} +#endif /* WOLFSSL_CERT_GEN */ + +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && \ + !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) && \ + (!defined(NO_ECC_SECP) || defined(WOLFSSL_CUSTOM_CURVES)) +/* Test for the wc_ecc_key_new() and wc_ecc_key_free() functions. */ +static wc_test_ret_t ecc_test_allocator(WC_RNG* rng) +{ + wc_test_ret_t ret = 0; + ecc_key* key; +#ifdef WC_NO_RNG + word32 idx = 0; +#endif + + key = wc_ecc_key_new(HEAP_HINT); + if (key == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit); + } + +#ifndef WC_NO_RNG + ret = wc_ecc_make_key(rng, ECC_KEYGEN_SIZE, key); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &key->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); +#else + /* use test ECC key */ + ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, key, + (word32)sizeof_ecc_key_der_256); + (void)rng; +#endif + +exit: + wc_ecc_key_free(key); + return ret; +} +#endif + +/* ECC Non-blocking tests for Sign and Verify */ +/* Requires SP math and supports P384 or P256 */ +/* ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" */ +#if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_HAVE_SP_ECC) && \ + defined(WOLFSSL_PUBLIC_MP) +#ifndef NO_ECC256 +/* ECC Private Key "d" */ +static const byte p256PrivKey[] = { + /* SECP256R1 */ + /* d */ + 0x1e, 0xe7, 0x70, 0x07, 0xd3, 0x30, 0x94, 0x39, + 0x28, 0x90, 0xdf, 0x23, 0x88, 0x2c, 0x4a, 0x34, + 0x15, 0xdb, 0x4c, 0x43, 0xcd, 0xfa, 0xe5, 0x1f, + 0x3d, 0x4c, 0x37, 0xfe, 0x59, 0x3b, 0x96, 0xd8 +}; +#endif +#ifdef HAVE_ECC384 +static const byte p384PrivKey[] = { + /* SECP384R1 */ + /* d */ + 0xa4, 0xe5, 0x06, 0xe8, 0x06, 0x16, 0x3e, 0xab, + 0x89, 0xf8, 0x60, 0x43, 0xc0, 0x60, 0x25, 0xdb, + 0xba, 0x7b, 0xfe, 0x19, 0x35, 0x08, 0x55, 0x65, + 0x76, 0xe2, 0xdc, 0xe0, 0x01, 0x8b, 0x6b, 0x68, + 0xdf, 0xcf, 0x6f, 0x80, 0x12, 0xce, 0x79, 0x37, + 0xeb, 0x2b, 0x9c, 0x7b, 0xc4, 0x68, 0x1c, 0x74 +}; +#endif /* HAVE_ECC384 */ +#ifdef HAVE_ECC521 +static const byte p521PrivKey[] = { + /* SECP521R1 */ + /* d */ + 0x01, 0x68, 0x91, 0x33, 0x53, 0xe2, 0x90, 0x68, + 0x11, 0x8f, 0xaa, 0xa8, 0x76, 0x0c, 0xf7, 0x2a, + 0x07, 0x1b, 0x92, 0x2a, 0xa7, 0x82, 0x3d, 0xfa, + 0x83, 0xce, 0x70, 0xc8, 0xc2, 0x60, 0x82, 0xfe, + 0x18, 0x88, 0x68, 0xda, 0x6a, 0x83, 0x46, 0x78, + 0xe4, 0xe9, 0xe9, 0xcc, 0x51, 0x7f, 0xed, 0x81, + 0x02, 0x32, 0xee, 0x26, 0x87, 0xcc, 0xed, 0x63, + 0x3f, 0x39, 0x27, 0xf0, 0xd7, 0x17, 0x77, 0xa1, + 0xa4, 0x36 +}; +#endif /* HAVE_ECC521 */ + +/* ECC public key Qx/Qy */ +#ifndef NO_ECC256 +static const byte p256PubKey[] = { + /* SECP256R1 */ + /* Qx */ + 0x96, 0x93, 0x1c, 0x53, 0x0b, 0x43, 0x6c, 0x42, + 0x0c, 0x52, 0x90, 0xe4, 0xa7, 0xec, 0x98, 0xb1, + 0xaf, 0xd4, 0x14, 0x49, 0xd8, 0xc1, 0x42, 0x82, + 0x04, 0x78, 0xd1, 0x90, 0xae, 0xa0, 0x6c, 0x07, + /* Qy */ + 0xf2, 0x3a, 0xb5, 0x10, 0x32, 0x8d, 0xce, 0x9e, + 0x76, 0xa0, 0xd2, 0x8c, 0xf3, 0xfc, 0xa9, 0x94, + 0x43, 0x24, 0xe6, 0x82, 0x00, 0x40, 0xc6, 0xdb, + 0x1c, 0x2f, 0xcd, 0x38, 0x4b, 0x60, 0xdd, 0x61 +}; +#endif +#ifdef HAVE_ECC384 +static const byte p384PubKey[] = { + /* SECP384R1 */ + /* Qx */ + 0xea, 0xcf, 0x93, 0x4f, 0x2c, 0x09, 0xbb, 0x39, + 0x14, 0x0f, 0x56, 0x64, 0xc3, 0x40, 0xb4, 0xdf, + 0x0e, 0x63, 0xae, 0xe5, 0x71, 0x4b, 0x00, 0xcc, + 0x04, 0x97, 0xff, 0xe1, 0xe9, 0x38, 0x96, 0xbb, + 0x5f, 0x91, 0xb2, 0x6a, 0xcc, 0xb5, 0x39, 0x5f, + 0x8f, 0x70, 0x59, 0xf1, 0x01, 0xf6, 0x5a, 0x2b, + /* Qy */ + 0x01, 0x6c, 0x68, 0x0b, 0xcf, 0x55, 0x25, 0xaf, + 0x6d, 0x98, 0x48, 0x0a, 0xa8, 0x74, 0xc9, 0xa9, + 0x17, 0xa0, 0x0c, 0xc3, 0xfb, 0xd3, 0x23, 0x68, + 0xfe, 0x04, 0x3c, 0x63, 0x50, 0x88, 0x3b, 0xb9, + 0x4f, 0x7c, 0x67, 0x34, 0xf7, 0x3b, 0xa9, 0x73, + 0xe7, 0x1b, 0xc3, 0x51, 0x5e, 0x22, 0x18, 0xec +}; +#endif +#ifdef HAVE_ECC521 +static const byte p521PubKey[] = { + /* SECP521R1 */ + /* Qx */ + 0x01, 0x62, 0x6e, 0xf1, 0x00, 0xec, 0xd8, 0x99, + 0x58, 0x9b, 0x80, 0x6b, 0xfe, 0x2c, 0xf1, 0xb2, + 0xf0, 0xc8, 0x48, 0xdf, 0xac, 0xd2, 0x3b, 0x71, + 0x29, 0xab, 0xf0, 0x66, 0x63, 0xd8, 0x8e, 0xb5, + 0xc8, 0xc2, 0xfc, 0x99, 0x44, 0xe2, 0x45, 0xb1, + 0x5a, 0x7b, 0xb9, 0x73, 0x01, 0xda, 0x79, 0xec, + 0x9c, 0x26, 0x27, 0x34, 0x45, 0x26, 0xd5, 0x89, + 0x4b, 0x44, 0xfe, 0x69, 0x4e, 0x72, 0x14, 0xe3, + 0x8b, 0xbc, + /* Qy */ + 0x00, 0x0f, 0x09, 0xa2, 0x03, 0xc3, 0x5a, 0xdc, + 0x95, 0x82, 0xf6, 0xf9, 0xf6, 0x9c, 0xff, 0xb5, + 0x6b, 0x75, 0x95, 0x4b, 0xa4, 0x28, 0x5d, 0x9e, + 0x90, 0x04, 0xd1, 0xc0, 0x1e, 0xd5, 0xfd, 0x43, + 0x9e, 0x1e, 0x83, 0xc0, 0x11, 0x2b, 0x2b, 0x07, + 0x6d, 0xa9, 0x7a, 0x10, 0xd7, 0x67, 0xe7, 0x51, + 0x37, 0x24, 0xd8, 0xbf, 0x03, 0x0d, 0x8b, 0xb5, + 0x40, 0x5c, 0x4f, 0xd6, 0x13, 0x73, 0x42, 0xbc, + 0x91, 0xd9 +}; +#endif + +#if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY) + +/* perform verify of signature and hash using public key */ +/* key is public Qx + public Qy */ +/* sig is r + s */ +static wc_test_ret_t crypto_ecc_verify(const byte *key, word32 keySz, + const byte *hash, word32 hashSz, const byte *sig, word32 sigSz, + word32 curveSz, int curveId) +{ + wc_test_ret_t ret; + int verify_res = 0, count = 0; + mp_int r, s; + ecc_key ecc; + ecc_nb_ctx_t nb_ctx; + + /* validate arguments */ + if (key == NULL || hash == NULL || sig == NULL || curveSz == 0 || + hashSz == 0 || keySz < (curveSz*2) || sigSz < (curveSz*2)) + { + return WC_TEST_RET_ENC_NC; + } + + /* Setup the ECC key */ + ret = wc_ecc_init(&ecc); + if (ret < 0) { + return WC_TEST_RET_ENC_EC(ret); + } + + ret = wc_ecc_set_nonblock(&ecc, &nb_ctx); + if (ret != MP_OKAY) { + wc_ecc_free(&ecc); + return WC_TEST_RET_ENC_EC(ret); + } + + /* Setup the signature r/s variables */ + ret = mp_init(&r); + if (ret != MP_OKAY) { + wc_ecc_free(&ecc); + return WC_TEST_RET_ENC_EC(ret); + } + ret = mp_init(&s); + if (ret != MP_OKAY) { + mp_clear(&r); + wc_ecc_free(&ecc); + return WC_TEST_RET_ENC_EC(ret); + } + + /* Import public key x/y */ + ret = wc_ecc_import_unsigned( + &ecc, + (byte*)key, /* Public "x" Coordinate */ + (byte*)(key + curveSz), /* Public "y" Coordinate */ + NULL, /* Private "d" (optional) */ + curveId /* ECC Curve Id */ + ); + /* Make sure it was a public key imported */ + if (ret == 0 && ecc.type != ECC_PUBLICKEY) { + ret = WC_TEST_RET_ENC_NC; /* ECC_BAD_ARG_E */ + } + + /* Import signature r/s */ + if (ret == 0) { + ret = mp_read_unsigned_bin(&r, sig, curveSz); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + ret = mp_read_unsigned_bin(&s, sig + curveSz, curveSz); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + /* Verify ECC Signature */ + if (ret == 0) { + do { + ret = wc_ecc_verify_hash_ex( + &r, &s, /* r/s as mp_int */ + hash, hashSz, /* computed hash digest */ + &verify_res, /* verification result 1=success */ + &ecc + ); + count++; + + /* This is where real-time work could be called */ + } while (ret == FP_WOULDBLOCK); + #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK) + printf("ECC non-block verify: %d times\n", count); + #endif + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + /* check verify result */ + if (ret == 0 && verify_res == 0) { + ret = WC_TEST_RET_ENC_NC /* SIG_VERIFY_E */; + } + + mp_clear(&r); + mp_clear(&s); + wc_ecc_free(&ecc); + + (void)count; + + return ret; +} + +/* perform signature operation against hash using private key */ +static wc_test_ret_t crypto_ecc_sign(const byte *key, word32 keySz, + const byte *hash, word32 hashSz, byte *sig, word32* sigSz, + word32 curveSz, int curveId, WC_RNG* rng) +{ + wc_test_ret_t ret; + int count = 0; + mp_int r, s; + ecc_key ecc; + ecc_nb_ctx_t nb_ctx; + + /* validate arguments */ + if (key == NULL || hash == NULL || sig == NULL || sigSz == NULL || + curveSz == 0 || hashSz == 0 || keySz < curveSz || *sigSz < (curveSz*2)) + { + return WC_TEST_RET_ENC_NC /* BAD_FUNC_ARG */; + } + + /* Initialize signature result */ + memset(sig, 0, curveSz*2); + + /* Setup the ECC key */ + ret = wc_ecc_init(&ecc); + if (ret < 0) { + return WC_TEST_RET_ENC_EC(ret); + } + + ret = wc_ecc_set_nonblock(&ecc, &nb_ctx); + if (ret != MP_OKAY) { + wc_ecc_free(&ecc); + return WC_TEST_RET_ENC_EC(ret); + } + + /* Setup the signature r/s variables */ + ret = mp_init(&r); + if (ret != MP_OKAY) { + wc_ecc_free(&ecc); + return WC_TEST_RET_ENC_EC(ret); + } + ret = mp_init(&s); + if (ret != MP_OKAY) { + mp_clear(&r); + wc_ecc_free(&ecc); + return WC_TEST_RET_ENC_EC(ret); + } + + /* Import private key "k" */ + ret = wc_ecc_import_private_key_ex( + key, keySz, /* private key "d" */ + NULL, 0, /* public (optional) */ + &ecc, + curveId /* ECC Curve Id */ + ); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + + if (ret == 0) { + do { + /* Verify ECC Signature */ + ret = wc_ecc_sign_hash_ex( + hash, hashSz, /* computed hash digest */ + rng, &ecc, /* random and key context */ + &r, &s /* r/s as mp_int */ + ); + count++; + + /* This is where real-time work could be called */ + } while (ret == FP_WOULDBLOCK); + + #if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK) + printf("ECC non-block sign: %d times\n", count); + #endif + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + /* export r/s */ + mp_to_unsigned_bin_len(&r, sig, curveSz); + mp_to_unsigned_bin_len(&s, sig + curveSz, curveSz); + } + + mp_clear(&r); + mp_clear(&s); + wc_ecc_free(&ecc); + + (void)count; + + return ret; +} +#endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */ + +/* + * This test doesn't work with WOLFSSL_VALIDATE_ECC_KEYGEN defined because we + * don't have non-blocking versions of the key checking functions, yet. + */ +#if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_VALIDATE_ECC_KEYGEN) +static wc_test_ret_t ecc_test_nonblock_dhe(int curveId, word32 curveSz, + const byte* privKey, const byte* pubKey, WC_RNG* rng) +{ + wc_test_ret_t ret; + ecc_key keyA; + ecc_key keyB; + ecc_nb_ctx_t nbCtxA; + ecc_nb_ctx_t nbCtxB; + byte secretA[ECC_SHARED_SIZE]; + byte secretB[ECC_SHARED_SIZE]; + word32 secretSzA = ECC_SHARED_SIZE; + word32 secretSzB = ECC_SHARED_SIZE; + int count = 0; + + ret = wc_ecc_init(&keyA); + if (ret == 0) { + ret = wc_ecc_init(&keyB); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + ret = wc_ecc_set_nonblock(&keyA, &nbCtxA); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + ret = wc_ecc_set_nonblock(&keyB, &nbCtxB); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + do { + ret = wc_ecc_make_key_ex(rng, curveSz, &keyA, curveId); + count++; + } while (ret == FP_WOULDBLOCK); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK) + fprintf(stderr, "ECC non-block key gen: %d times\n", count); +#endif + (void)count; + if (ret == 0) { + ret = wc_ecc_check_key(&keyA); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + ret = wc_ecc_import_unsigned(&keyB, pubKey, pubKey + curveSz, + privKey, curveId); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + count = 0; + if (ret == 0) { + do { + ret = wc_ecc_shared_secret(&keyA, &keyB, secretA, &secretSzA); + count++; + } while (ret == FP_WOULDBLOCK); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK) + fprintf(stderr, "ECC non-block shared secret: %d times\n", count); +#endif + if (ret == 0) { + do { + ret = wc_ecc_shared_secret(&keyB, &keyA, secretB, &secretSzB); + } while (ret == FP_WOULDBLOCK); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + if (secretSzA != secretSzB || + XMEMCMP(secretA, secretB, secretSzA) != 0) { + ret = WC_TEST_RET_ENC_NC; + } + } + + wc_ecc_free(&keyA); + wc_ecc_free(&keyB); + + return ret; +} +#endif /* HAVE_ECC_DHE && !WOLFSSL_VALIDATE_ECC_KEYGEN */ + +#if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY) +static wc_test_ret_t ecc_test_nonblock_ecdsa(int curveId, word32 curveSz, + const byte* privKey, word32 privKeySz, const byte* pubKey, word32 pubKeySz, + WC_RNG* rng) +{ + wc_test_ret_t ret = 0; + byte* sig = NULL; + word32 sigSz = curveSz * 2; + static const byte hash[] = { + 0x8d, 0x28, 0xa3, 0x8b, 0x0b, 0xa9, 0xfe, 0xd4, 0x0e, 0x54, 0xc4, 0x17, + 0x3d, 0x54, 0x66, 0x34, 0xbf, 0x5d, 0x6f, 0x46, 0xc2, 0x20, 0xcb, 0xc3, + 0x22, 0xe9, 0xb0, 0xdf, 0xe7, 0x64, 0x3f, 0xd9 + }; + + sig = (byte*)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE); + if (sig == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + } + if (ret == 0) { + /* Sign hash using private key */ + /* Note: result of an ECC sign varies for each call even with same + private key and hash. This is because a new random public key is + used for each operation. */ + ret = crypto_ecc_sign(privKey, privKeySz, hash, sizeof(hash), sig, + &sigSz, curveSz, curveId, rng); + } + if (ret == 0) { + /* Verify generated signature is valid */ + ret = crypto_ecc_verify(pubKey, pubKeySz, hash, sizeof(hash), sig, + sigSz, curveSz, curveId); + } + + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_SIGNATURE); + + return ret; +} +#endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */ + +static wc_test_ret_t ecc_test_nonblock(WC_RNG* rng) +{ + wc_test_ret_t ret = 0; + word32 i; + int curveIds[3] = {0, 0, 0}; + word32 curveSzs[3] = {0, 0, 0}; + const byte* privKeys[3] = {NULL, NULL, NULL}; + word32 privKeySzs[3] = {0, 0, 0}; + const byte* pubKeys[3] = {NULL, NULL, NULL}; + word32 pubKeySzs[3] = {0, 0, 0}; + +#ifndef NO_ECC256 + curveIds[0] = ECC_SECP256R1; + curveSzs[0] = 32; + privKeys[0] = p256PrivKey; + privKeySzs[0] = sizeof(p256PrivKey); + pubKeys[0] = p256PubKey; + pubKeySzs[0] = sizeof(p256PubKey); +#endif +#ifdef HAVE_ECC384 + curveIds[1] = ECC_SECP384R1; + curveSzs[1] = 48; + privKeys[1] = p384PrivKey; + privKeySzs[1] = sizeof(p384PrivKey); + pubKeys[1] = p384PubKey; + pubKeySzs[1] = sizeof(p384PubKey); +#endif +#ifdef HAVE_ECC521 + curveIds[2] = ECC_SECP521R1; + curveSzs[2] = 66; + privKeys[2] = p521PrivKey; + privKeySzs[2] = sizeof(p521PrivKey); + pubKeys[2] = p521PubKey; + pubKeySzs[2] = sizeof(p521PubKey); +#endif + + for (i = 0; ret == 0 && i < sizeof(curveIds) / sizeof(curveIds[0]); ++i) { + if (curveIds[i] == 0) { + continue; + } + + #if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY) + ret = ecc_test_nonblock_ecdsa(curveIds[i], curveSzs[i], privKeys[i], + privKeySzs[i], pubKeys[i], pubKeySzs[i], rng); + #endif /* HAVE_ECC_SIGN && HAVE_ECC_VERIFY */ + + #if defined(HAVE_ECC_DHE) && !defined(WOLFSSL_VALIDATE_ECC_KEYGEN) + if (ret == 0) { + ret = ecc_test_nonblock_dhe(curveIds[i], curveSzs[i], privKeys[i], + pubKeys[i], rng); + } + #endif /* HAVE_ECC_DHE && !WOLFSSL_VALIDATE_ECC_KEYGEN */ + } + + return ret; +} +#endif /* WC_ECC_NONBLOCK && WOLFSSL_HAVE_SP_ECC && WOLFSSL_PUBLIC_MP */ + +#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2))) +static int ecc_test_raw_enc_dec(void) +{ + int ret; + unsigned char r[1]; + word32 rSz; + unsigned char s[1]; + word32 sSz; + unsigned char rZero[] = { 0, 0, 0, 0 }; + unsigned char sOne[] = { 0, 0, 1 }; + unsigned char sigRaw[32]; + word32 sigRawSz; + unsigned char expSig[] = { 0x30, 0x06, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01 }; + + sigRawSz = sizeof(sigRaw); + ret = wc_ecc_rs_raw_to_sig(rZero, sizeof(rZero), sOne, sizeof(sOne), + sigRaw, &sigRawSz); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + if (sigRawSz != sizeof(expSig)) { + return WC_TEST_RET_ENC_EC((int)sigRawSz); + } + if (XMEMCMP(sigRaw, expSig, sizeof(expSig)) != 0) { + return WC_TEST_RET_ENC_NC; + } + + rSz = sizeof(r); + sSz = sizeof(s); + ret = wc_ecc_sig_to_rs(sigRaw, sigRawSz, r, &rSz, s, &sSz); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + if (rSz != 1) { + return WC_TEST_RET_ENC_EC((int)rSz); + } + if (sSz != 1) { + return WC_TEST_RET_ENC_EC((int)sSz); + } + if (r[0] != 0) { + return WC_TEST_RET_ENC_EC(r[0]); + } + if (s[0] != 1) { + return WC_TEST_RET_ENC_EC(s[0]); + } + + return ret; +} +#endif + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void) +{ + wc_test_ret_t ret; + WC_RNG rng; + WOLFSSL_ENTER("ecc_test"); +#if defined(ECC_MIN_KEY_SZ) + WOLFSSL_MSG_EX("ecc_test ECC_MIN_KEY_SZ = %d\n", ECC_MIN_KEY_SZ); +#else + WOLFSSL_MSG("ecc_test ECC_MIN_KEY_SZ not defined."); +#endif + +#if defined(WOLFSSL_CERT_EXT) && \ + (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 + ret = ecc_decode_test(); + if (ret < 0) + return ret; +#endif + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif +#ifndef WC_NO_RNG + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); +#else + (void)ret; +#endif + +#if (defined(HAVE_ECC112) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 112 + ret = ecc_test_curve(&rng, 14, ECC_CURVE_DEF); + if (ret < 0) { + printf("keySize=14, Default\n"); + goto done; + } +#endif /* HAVE_ECC112 */ +#if (defined(HAVE_ECC128) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 128 + ret = ecc_test_curve(&rng, 16, ECC_CURVE_DEF); + if (ret < 0) { + printf("keySize=16, Default\n"); + goto done; + } +#endif /* HAVE_ECC128 */ +#if (defined(HAVE_ECC160) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 160 + ret = ecc_test_curve(&rng, 20, ECC_CURVE_DEF); + if (ret < 0) { + printf("keySize=20, Default\n"); + goto done; + } +#endif /* HAVE_ECC160 */ +#if (defined(HAVE_ECC192) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 192 +#if !FIPS_VERSION3_GE(6,0,0) + ret = ecc_test_curve(&rng, 24, ECC_CURVE_DEF); + if (ret < 0) { + printf("keySize=24, Default\n"); + goto done; + } +#endif +#endif /* HAVE_ECC192 */ +#if (defined(HAVE_ECC224) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 224 + ret = ecc_test_curve(&rng, 28, ECC_CURVE_DEF); + if (ret < 0) { + printf("keySize=28, Default\n"); + goto done; + } +#endif /* HAVE_ECC224 */ +#if (defined(HAVE_ECC239) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 239 + ret = ecc_test_curve(&rng, 30, ECC_CURVE_DEF); + if (ret < 0) { + printf("keySize=30, Default\n"); + goto done; + } +#endif /* HAVE_ECC239 */ +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 + ret = ecc_test_curve(&rng, 32, ECC_CURVE_DEF); + if (ret < 0) { + printf("keySize=32, Default\n"); + goto done; + } +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + defined(HAVE_ECC_KEY_IMPORT) && defined(HAVE_ECC_KEY_EXPORT) && \ + !defined(WOLFSSL_NO_MALLOC) && !defined(WOLF_CRYPTO_CB_ONLY_ECC) + ret = ecc_point_test(); + if (ret < 0) { + goto done; + } +#endif +#if !defined(NO_ECC_SECP) || defined(WOLFSSL_CUSTOM_CURVES) + ret = ecc_def_curve_test(&rng); + if (ret < 0) { + printf("Default\n"); + goto done; + } +#endif +#endif /* !NO_ECC256 */ +#if (defined(HAVE_ECC320) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 320 + ret = ecc_test_curve(&rng, 40, ECC_CURVE_DEF); + if (ret < 0) { + printf("keySize=40, Default\n"); + goto done; + } +#endif /* HAVE_ECC320 */ +#if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 384 + ret = ecc_test_curve(&rng, 48, ECC_CURVE_DEF); + if (ret < 0) { + printf("keySize=48, Default\n"); + goto done; + } +#endif /* HAVE_ECC384 */ +#if (defined(HAVE_ECC512) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 512 + ret = ecc_test_curve(&rng, 64, ECC_CURVE_DEF); + if (ret < 0) { + printf("keySize=64, Default\n"); + goto done; + } +#endif /* HAVE_ECC512 */ +#if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 521 + ret = ecc_test_curve(&rng, 66, ECC_CURVE_DEF); + if (ret < 0) { + printf("keySize=66, Default\n"); + goto done; + } +#endif /* HAVE_ECC521 */ +#ifdef WOLFSSL_SM2 + ret = ecc_test_curve(&rng, 32, ECC_SM2P256V1); + if (ret < 0) { + printf("SM2\n"); + goto done; + } +#endif + +#if !defined(NO_ASN) && !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || (defined(HAVE_FIPS_VERSION) && \ + (HAVE_FIPS_VERSION > 2))) + ret = ecc_test_raw_enc_dec(); + if (ret != 0) { + printf("raw sig encode/decode\n"); + goto done; + } +#endif + +#if defined(WOLFSSL_CUSTOM_CURVES) && !defined(WOLFSSL_NO_MALLOC) + /* custom curves requires allocation of ecc_set_type in asn.c */ + ret = ecc_test_custom_curves(&rng); + if (ret != 0) { + printf("Custom\n"); + goto done; + } +#endif + +#if defined(WOLFSSL_SM2) + ret = test_sm2_verify(); + if (ret != 0) { + printf("SM2 Verify\n"); + goto done; + } + ret = ecc_sm2_test_curve(&rng, ECC_TEST_VERIFY_COUNT); + if (ret != 0) { + printf("SM2 test\n"); + goto done; + } +#endif + +#if defined(HAVE_ECC_SIGN) && \ + (defined(WOLFSSL_ECDSA_DETERMINISTIC_K) || \ + defined(WOLFSSL_ECDSA_DETERMINISTIC_K_VARIANT)) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5,3)) + + #if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && ECC_MIN_KEY_SZ <= 256 + ret = ecc_test_deterministic_k(&rng); + if (ret != 0) { + printf("ecc_test_deterministic_k failed!\n"); + goto done; + } + #endif + + #ifdef WOLFSSL_PUBLIC_MP + #if (defined(HAVE_ECC384) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 384 + ret = ecc384_test_deterministic_k(&rng); + if (ret != 0) { + printf("ecc384_test_deterministic_k failed!\n"); + goto done; + } + #endif + #if (defined(HAVE_ECC521) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 521 + ret = ecc521_test_deterministic_k(&rng); + if (ret != 0) { + printf("ecc512_test_deterministic_k failed!\n"); + goto done; + } + #endif + #endif +#endif + +#if defined(HAVE_ECC_SIGN) && defined(WOLFSSL_ECDSA_SET_K) && \ + !defined(WOLFSSL_KCAPI_ECC) + ret = ecc_test_sign_vectors(&rng); + if (ret != 0) { + printf("ecc_test_sign_vectors failed!\n"); + goto done; + } +#endif +#if defined(HAVE_ECC_VECTOR_TEST) && defined(HAVE_ECC_CDH) && \ + defined(HAVE_ECC_DHE) + ret = ecc_test_cdh_vectors(&rng); + if (ret != 0) { + printf("ecc_test_cdh_vectors failed!\n"); + goto done; + } +#endif +#if !defined(WOLFSSL_ATECC508A) && !defined(WOLFSSL_ATECC608A) && \ + !defined(WOLFSSL_STM32_PKA) && !defined(WOLFSSL_SILABS_SE_ACCEL) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) + ret = ecc_test_make_pub(&rng); + if (ret != 0) { + printf("ecc_test_make_pub failed!\n"); + goto done; + } +#elif defined(HAVE_ECC_KEY_IMPORT) + (void)ecc_test_make_pub; /* for compiler warning */ +#endif +#if defined(WOLFSSL_CERT_GEN) && !defined(NO_ECC_SECP) && \ + !defined(NO_ASN_TIME) && !defined(WOLFSSL_NO_MALLOC) + ret = ecc_test_cert_gen(&rng); + if (ret != 0) { + printf("ecc_test_cert_gen failed!\n"); + goto done; + } +#endif +#if !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) && !defined(WOLFSSL_NO_MALLOC) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) && (!defined(NO_ECC_SECP) || \ + defined(WOLFSSL_CUSTOM_CURVES)) + ret = ecc_test_allocator(&rng); + if (ret != 0) { + printf("ecc_test_allocator failed!\n"); + goto done; + } +#endif + +#if defined(WC_ECC_NONBLOCK) && defined(WOLFSSL_PUBLIC_MP) && \ + defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY) + ret = ecc_test_nonblock(&rng); + if (ret != 0) { + printf("ecc_test_nonblock failed!\n"); + goto done; + } +#endif + +done: + wc_FreeRng(&rng); + + return ret; +} + +#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \ + (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256)) + +#if !defined(WOLFSSL_NO_MALLOC) + +#if ((! defined(HAVE_FIPS)) || FIPS_VERSION_GE(5,3)) +/* maximum encrypted message: + * msgSz (14) + pad (2) + pubKeySz(1+66*2) + ivSz(16) + digestSz(32) = 197 */ +#define MAX_ECIES_TEST_SZ 200 +static wc_test_ret_t ecc_ctx_kdf_salt_test(WC_RNG* rng, ecc_key* a, ecc_key* b) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* plaintext; + byte* encrypted; + byte* decrypted; +#else + byte plaintext[MAX_ECIES_TEST_SZ]; + byte encrypted[MAX_ECIES_TEST_SZ]; + byte decrypted[MAX_ECIES_TEST_SZ]; +#endif + ecEncCtx* aCtx = NULL; + ecEncCtx* bCtx = NULL; + static const byte salt[16] = {0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, + 14, 15}; + wc_test_ret_t ret = 0; + static const char message[] = "Hello wolfSSL!"; + word32 plaintextLen; + word32 encryptLen = MAX_ECIES_TEST_SZ; + word32 decryptLen = MAX_ECIES_TEST_SZ; + int aInit = 0; + int bInit = 0; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + plaintext = (byte*)XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + encrypted = (byte*)XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + decrypted = (byte*)XMALLOC(MAX_ECIES_TEST_SZ, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + wc_ecc_free(a); + wc_ecc_free(b); + + ret = wc_ecc_init(a); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } + else { + aInit = 1; + } + + + if (ret == 0) { + ret = wc_ecc_init(b); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } + else { + bInit = 1; + } + } + + if (ret == 0) + ret = wc_ecc_make_key(rng, 32, a); + + if (ret == 0) + ret = wc_ecc_make_key(rng, 32, b); + + /* create context */ + if (ret == 0) { + aCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng); + + if (aCtx == NULL) + ret = WC_TEST_RET_ENC_NC; + } + + if (ret == 0) { + bCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng); + + if (bCtx == NULL) + ret = WC_TEST_RET_ENC_NC; + } + + /* set salt */ + if (ret == 0) { + ret = wc_ecc_ctx_set_kdf_salt(aCtx, salt, sizeof(salt)); + if (ret != 0) + ret = 10472; + } + + if (ret == 0) { + ret = wc_ecc_ctx_set_kdf_salt(bCtx, salt, sizeof(salt)); + if (ret != 0) + ret = 10473; + } + + XMEMSET(plaintext, 0, MAX_ECIES_TEST_SZ); + XSTRLCPY((char *)plaintext, message, sizeof plaintext); + plaintextLen = (((word32)XSTRLEN(message) + WC_AES_BLOCK_SIZE - 1) / + WC_AES_BLOCK_SIZE) * WC_AES_BLOCK_SIZE; + + /* encrypt */ + if (ret == 0) { + ret = wc_ecc_encrypt(a, b, plaintext, plaintextLen, encrypted, + &encryptLen, aCtx); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + /* decrypt */ + if (ret == 0) { + ret = wc_ecc_decrypt(b, a, encrypted, encryptLen, decrypted, + &decryptLen, bCtx); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + /* compare */ + if (ret == 0 && XMEMCMP(decrypted, plaintext, plaintextLen) != 0) + ret = WC_TEST_RET_ENC_NC; + + if (aInit) { + wc_ecc_free(a); + } + + if (bInit) { + wc_ecc_free(b); + } + + wc_ecc_ctx_free(aCtx); + wc_ecc_ctx_free(bCtx); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(plaintext, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} +#endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */ + +#endif /* !WOLFSSL_NO_MALLOC */ + +/* ecc_encrypt_e2e_test() uses wc_ecc_ctx_set_algo(), which was added in + * wolfFIPS 5.3. + * ecc_encrypt_kat() is used only by ecc_encrypt_e2e_test(). + */ +#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) + +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ + ECC_MIN_KEY_SZ <= 256 && defined(WOLFSSL_AES_128) +static wc_test_ret_t ecc_encrypt_kat(WC_RNG *rng) +{ + wc_test_ret_t ret = 0; +#ifdef WOLFSSL_ECIES_OLD +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key* userA = NULL; +#else + ecc_key userA[1]; +#endif + int userAInit = 0; +#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key* userB = NULL; +#else + ecc_key userB[1]; +#endif + int userBInit = 0; + ecc_key* tmpKey; + byte plain[48]; + word32 plainSz = sizeof(plain); + + WOLFSSL_SMALL_STACK_STATIC const byte privKey[] = { + 0x04, 0x80, 0xef, 0x1d, 0xbe, 0x02, 0x0c, 0x20, + 0x5b, 0xab, 0x80, 0x35, 0x5b, 0x2a, 0x0f, 0x6d, + 0xd3, 0xb0, 0x7f, 0x7e, 0x7f, 0x86, 0x8a, 0x49, + 0xee, 0xb4, 0xaa, 0x09, 0x2d, 0x1e, 0x1d, 0x02 + }; +#if defined(WOLFSSL_ECIES_OLD) || defined(WOLFSSL_QNX_CAAM) + WOLFSSL_SMALL_STACK_STATIC const byte pubKey[] = { + 0x04, + /* X */ + 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0, 0x5a, + 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c, 0x3a, + 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3, 0xc1, + 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63, 0xa0, + /* X */ + 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7, 0xcd, + 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75, 0xaa, + 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe, 0xe8, + 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3, 0x28 + }; +#endif + WOLFSSL_SMALL_STACK_STATIC const byte enc_msg[] = { +#ifdef WOLFSSL_ECIES_OLD + 0x42, 0x70, 0xbf, 0xf9, 0xf4, 0x7e, 0x4b, 0x9b, + 0xb5, 0x4c, 0xcc, 0xc5, 0x94, 0xa7, 0xef, 0xaa, + 0xc3, 0x7c, 0x85, 0xa6, 0x51, 0x6e, 0xd3, 0xfa, + 0x56, 0xc9, 0x10, 0x4d, 0x14, 0x32, 0x61, 0xb8, + 0xbb, 0x66, 0x7a, 0xb5, 0xbc, 0x95, 0xf8, 0xca, + 0xd1, 0x2a, 0x19, 0x51, 0x44, 0xd8, 0x0e, 0x57, + 0x34, 0xed, 0x45, 0x89, 0x2e, 0x57, 0xbe, 0xd5, + 0x06, 0x22, 0xd7, 0x13, 0x0a, 0x0e, 0x40, 0x36, + 0x0d, 0x05, 0x0d, 0xb6, 0xae, 0x61, 0x37, 0x18, + 0x83, 0x90, 0x0a, 0x27, 0x95, 0x41, 0x8c, 0x45 +#elif defined(WOLFSSL_ECIES_ISO18033) + 0x04, 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0, + 0x5a, 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c, + 0x3a, 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3, + 0xc1, 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63, + 0xa0, 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7, + 0xcd, 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75, + 0xaa, 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe, + 0xe8, 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3, + 0x28, 0xbb, 0x9f, 0xa8, 0x2d, 0xe1, 0xf1, 0x67, + 0x45, 0x02, 0x19, 0xdc, 0xc8, 0x24, 0x8b, 0x20, + 0x02, 0xa0, 0x8f, 0x95, 0x12, 0x55, 0x51, 0xf8, + 0x03, 0xc4, 0x54, 0x13, 0x98, 0x2d, 0xf0, 0x31, + 0x51, 0x80, 0x45, 0x24, 0xcb, 0x8b, 0x48, 0xa6, + 0x8b, 0x8e, 0x97, 0x9c, 0x56, 0x4d, 0x70, 0x00, + 0x53, 0xd3, 0x47, 0x00, 0x5a, 0x23, 0x8c, 0xf9, + 0xfd, 0xd2, 0x33, 0x2c, 0x43, 0x6e, 0x9e, 0xb2, + 0xf4, 0x95, 0xd4, 0xcf, 0x30, 0xd6, 0xa2, 0xc5, + 0x35, 0x96, 0x6a, 0xd4, 0x36, 0x15, 0xa9, 0xbd, + 0x7f +#elif defined(WOLFSSL_ECIES_GEN_IV) + /* EC P-256 point */ + 0x04, + /* X */ + 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0, 0x5a, + 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c, 0x3a, + 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3, 0xc1, + 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63, 0xa0, + /* Y */ + 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7, 0xcd, + 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75, 0xaa, + 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe, 0xe8, + 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3, 0x28, + /* IV */ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + /* Encrypted Msg */ + 0xe5, 0x17, 0xaf, 0x0d, 0x65, 0x4d, 0x3d, 0x50, + 0x96, 0x05, 0xc9, 0x63, 0x2c, 0xef, 0x1c, 0x1f, + 0x78, 0xc9, 0x90, 0x7a, 0x14, 0x00, 0xfc, 0x44, + 0x71, 0x6d, 0x57, 0x8c, 0xdf, 0x23, 0xca, 0x65, + 0xcf, 0x93, 0x06, 0xb6, 0x9a, 0xf4, 0x61, 0xbd, + 0x44, 0x1a, 0xeb, 0x52, 0x68, 0x0f, 0xd1, 0xde, + /* HMAC */ + 0x5a, 0x22, 0xc1, 0x5d, 0x99, 0x66, 0x3f, 0x24, + 0x35, 0x96, 0xac, 0xf7, 0xf6, 0x28, 0x45, 0x16, + 0x52, 0x19, 0x0d, 0xe4, 0xb2, 0xca, 0x5b, 0x28, + 0x4e, 0xbb, 0xf3, 0x98, 0x57, 0xd7, 0x3b, 0xe2 +#else + 0x04, 0x50, 0xf2, 0x93, 0xa2, 0x48, 0xa9, 0xc0, + 0x5a, 0x9a, 0xa7, 0x70, 0x34, 0xb7, 0x7f, 0x4c, + 0x3a, 0xad, 0xfc, 0xd8, 0xb6, 0x76, 0x0a, 0xe3, + 0xc1, 0x87, 0x17, 0x07, 0x2d, 0x8d, 0xa3, 0x63, + 0xa0, 0xc1, 0x27, 0xb2, 0x97, 0x9b, 0x84, 0xe7, + 0xcd, 0x20, 0x65, 0x8d, 0x2b, 0x6a, 0x93, 0x75, + 0xaa, 0x8b, 0xe1, 0x3a, 0x7b, 0x24, 0x1a, 0xbe, + 0xe8, 0x36, 0xd2, 0xe6, 0x34, 0x8a, 0x7a, 0xb3, + 0x28, 0xe5, 0x17, 0xaf, 0x0d, 0x65, 0x4d, 0x3d, + 0x50, 0x96, 0x05, 0xc9, 0x63, 0x2c, 0xef, 0x1c, + 0x1f, 0x78, 0xc9, 0x90, 0x7a, 0x14, 0x00, 0xfc, + 0x44, 0x71, 0x6d, 0x57, 0x8c, 0xdf, 0x23, 0xca, + 0x65, 0xcf, 0x93, 0x06, 0xb6, 0x9a, 0xf4, 0x61, + 0xbd, 0x44, 0x1a, 0xeb, 0x52, 0x68, 0x0f, 0xd1, + 0xde, 0xc7, 0x3f, 0x6f, 0xce, 0xbe, 0x49, 0x61, + 0x48, 0x01, 0x77, 0x41, 0xd0, 0xd8, 0x5b, 0x48, + 0xca, 0x4e, 0x47, 0x3e, 0x47, 0xbf, 0x1d, 0x28, + 0x4c, 0x18, 0x1a, 0xfb, 0x96, 0x95, 0xda, 0xde, + 0x55 +#endif + }; + WOLFSSL_SMALL_STACK_STATIC const byte msg[] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f + }; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + userB = (ecc_key *)XMALLOC(sizeof(*userB), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (userB == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + } +#ifdef WOLFSSL_ECIES_OLD + if (ret == 0) { + userA = (ecc_key *)XMALLOC(sizeof(*userA), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (userA == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + } + } +#endif +#endif + + if (ret == 0) { + ret = wc_ecc_init_ex(userB, HEAP_HINT, devId); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + userBInit = 1; +#ifdef WOLFSSL_ECIES_OLD + ret = wc_ecc_init_ex(userA, HEAP_HINT, devId); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + userAInit = 1; + tmpKey = userA; +#else + tmpKey = NULL; +#endif + } + + + if (ret == 0) { +#ifdef WOLFSSL_QNX_CAAM + ret = wc_ecc_import_private_key_ex(privKey, sizeof(privKey), pubKey, + sizeof(pubKey), userB, ECC_SECP256R1); +#else + ret = wc_ecc_import_private_key_ex(privKey, sizeof(privKey), NULL, 0, + userB, ECC_SECP256R1); +#endif + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + +#ifdef WOLFSSL_ECIES_OLD + if (ret == 0) { + ret = wc_ecc_import_x963_ex(pubKey, sizeof(pubKey), userA, + ECC_SECP256R1); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } +#endif + +#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ + !defined(HAVE_SELFTEST) + if (ret == 0) { + ret = wc_ecc_set_rng(userB, rng); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } + } +#else + (void)rng; +#endif + + if (ret == 0) { + ret = wc_ecc_decrypt(userB, tmpKey, enc_msg, sizeof(enc_msg), plain, + &plainSz, NULL); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + if (XMEMCMP(plain, msg, sizeof(msg)) != 0) { + ret = WC_TEST_RET_ENC_NC; + } + } + + if (userBInit) + wc_ecc_free(userB); +#ifdef WOLFSSL_ECIES_OLD + if (userAInit) + wc_ecc_free(userA); +#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef WOLFSSL_ECIES_OLD + XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#endif + + return ret; +} +#endif + +#ifndef WOLFSSL_NO_MALLOC +static wc_test_ret_t ecc_encrypt_e2e_test(WC_RNG* rng, ecc_key* userA, ecc_key* userB, + byte encAlgo, byte kdfAlgo, byte macAlgo) +{ + wc_test_ret_t ret = 0; + byte msg[48]; + byte plain[48]; +#ifdef WOLFSSL_ECIES_OLD + byte out[80]; +#elif defined(WOLFSSL_ECIES_GEN_IV) + byte out[1 + ECC_KEYGEN_SIZE * 2 + 16 + 80]; +#else + byte out[1 + ECC_KEYGEN_SIZE * 2 + 80]; +#endif + word32 outSz = sizeof(out); + word32 plainSz = sizeof(plain); + int i; + ecEncCtx* cliCtx = NULL; + ecEncCtx* srvCtx = NULL; + byte cliSalt[EXCHANGE_SALT_SZ]; + byte srvSalt[EXCHANGE_SALT_SZ]; + const byte* tmpSalt; + byte msg2[48]; + byte plain2[48]; +#ifdef WOLFSSL_ECIES_OLD + byte out2[80]; +#elif defined(WOLFSSL_ECIES_GEN_IV) + byte out2[1 + ECC_KEYGEN_SIZE * 2 + 16 + 80]; +#else + byte out2[1 + ECC_KEYGEN_SIZE * 2 + 80]; +#endif + word32 outSz2 = sizeof(out2); + word32 plainSz2 = sizeof(plain2); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key *tmpKey = (ecc_key *)XMALLOC(sizeof(ecc_key), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); +#else + ecc_key tmpKey[1]; +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (tmpKey == NULL) { + ERROR_OUT(MEMORY_E, done); + } +#endif + ret = wc_ecc_init_ex(tmpKey, HEAP_HINT, devId); + if (ret != 0) + goto done; + + /* set message to incrementing 0,1,2,etc... */ + for (i = 0; i < (int)sizeof(msg); i++) + msg[i] = i; + + /* encrypt msg to B */ + ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz, NULL); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); goto done; + } + +#ifdef WOLFSSL_ECIES_OLD + tmpKey->dp = userA->dp; + ret = wc_ecc_copy_point(&userA->pubkey, &tmpKey->pubkey); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); goto done; + } +#endif + + /* decrypt msg from A */ + ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, NULL); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); goto done; + } + + if (XMEMCMP(plain, msg, sizeof(msg)) != 0) { + ret = WC_TEST_RET_ENC_NC; goto done; + } + +#ifndef WOLFSSL_ECIES_OLD + /* A decrypts msg (response) from B */ + ret = wc_ecc_decrypt(userB, NULL, out, outSz, plain2, &plainSz2, NULL); + if (ret != 0) + goto done; + + if (XMEMCMP(plain, msg, sizeof(msg)) != 0) { + ret = WC_TEST_RET_ENC_NC; goto done; + } +#endif + + /* let's verify message exchange works, A is client, B is server */ + cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng); + srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng); + if (cliCtx == NULL || srvCtx == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; goto done; + } + + ret = wc_ecc_ctx_set_algo(cliCtx, encAlgo, kdfAlgo, macAlgo); + if (ret != 0) + goto done; + ret = wc_ecc_ctx_set_algo(srvCtx, encAlgo, kdfAlgo, macAlgo); + if (ret != 0) + goto done; + + /* get salt to send to peer */ + tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx); + if (tmpSalt == NULL) { + ret = WC_TEST_RET_ENC_NC; goto done; + } + XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ); + + tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx); + if (tmpSalt == NULL) { + ret = WC_TEST_RET_ENC_NC; goto done; + } + XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ); + + /* in actual use, we'd get the peer's salt over the transport */ + ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt); + if (ret != 0) + goto done; + ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt); + if (ret != 0) + goto done; + + ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 11); + if (ret != 0) + goto done; + ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 11); + if (ret != 0) + goto done; + + /* get encrypted msg (request) to send to B */ + outSz = sizeof(out); + ret = wc_ecc_encrypt(userA, userB, msg, sizeof(msg), out, &outSz,cliCtx); + if (ret != 0) + goto done; + +#ifndef WOLFSSL_ECIES_OLD + wc_ecc_free(tmpKey); +#endif + /* B decrypts msg (request) from A */ + plainSz = sizeof(plain); + ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, srvCtx); + if (ret != 0) + goto done; + + if (XMEMCMP(plain, msg, sizeof(msg)) != 0) { + ret = WC_TEST_RET_ENC_NC; goto done; + } + + /* msg2 (response) from B to A */ + for (i = 0; i < (int)sizeof(msg2); i++) + msg2[i] = i + sizeof(msg2); + + /* get encrypted msg (response) to send to B */ + ret = wc_ecc_encrypt(userB, userA, msg2, sizeof(msg2), out2, + &outSz2, srvCtx); + if (ret != 0) + goto done; + +#ifdef WOLFSSL_ECIES_OLD + tmpKey->dp = userB->dp; + ret = wc_ecc_copy_point(&userB->pubkey, &tmpKey->pubkey); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); goto done; + } +#else + wc_ecc_free(tmpKey); +#endif + + /* A decrypts msg (response) from B */ + ret = wc_ecc_decrypt(userA, tmpKey, out2, outSz2, plain2, &plainSz2, + cliCtx); + if (ret != 0) + goto done; + + if (XMEMCMP(plain2, msg2, sizeof(msg2)) != 0) { + ret = WC_TEST_RET_ENC_NC; goto done; + } + +#if defined(HAVE_COMP_KEY) && \ + (! defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3))) + /* Create new client and server contexts. */ + wc_ecc_ctx_free(srvCtx); + wc_ecc_ctx_free(cliCtx); + /* let's verify message exchange works, A is client, B is server */ + cliCtx = wc_ecc_ctx_new(REQ_RESP_CLIENT, rng); + srvCtx = wc_ecc_ctx_new(REQ_RESP_SERVER, rng); + if (cliCtx == NULL || srvCtx == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; goto done; + } + + ret = wc_ecc_ctx_set_algo(cliCtx, encAlgo, kdfAlgo, macAlgo); + if (ret != 0) + goto done; + ret = wc_ecc_ctx_set_algo(srvCtx, encAlgo, kdfAlgo, macAlgo); + if (ret != 0) + goto done; + + /* get salt to send to peer */ + tmpSalt = wc_ecc_ctx_get_own_salt(cliCtx); + if (tmpSalt == NULL) { + ret = WC_TEST_RET_ENC_NC; goto done; + } + XMEMCPY(cliSalt, tmpSalt, EXCHANGE_SALT_SZ); + + tmpSalt = wc_ecc_ctx_get_own_salt(srvCtx); + if (tmpSalt == NULL) { + ret = WC_TEST_RET_ENC_NC; goto done; + } + XMEMCPY(srvSalt, tmpSalt, EXCHANGE_SALT_SZ); + + /* in actual use, we'd get the peer's salt over the transport */ + ret = wc_ecc_ctx_set_peer_salt(cliCtx, srvSalt); + if (ret != 0) + goto done; + ret = wc_ecc_ctx_set_peer_salt(srvCtx, cliSalt); + if (ret != 0) + goto done; + + ret = wc_ecc_ctx_set_info(cliCtx, (byte*)"wolfSSL MSGE", 12); + if (ret != 0) + goto done; + ret = wc_ecc_ctx_set_info(srvCtx, (byte*)"wolfSSL MSGE", 12); + if (ret != 0) + goto done; + + /* get encrypted msg (request) to send to B - compressed public key */ + outSz = sizeof(out); + ret = wc_ecc_encrypt_ex(userA, userB, msg, sizeof(msg), out, &outSz, cliCtx, + 1); + if (ret != 0) + goto done; + +#ifndef WOLFSSL_ECIES_OLD + wc_ecc_free(tmpKey); +#endif + /* B decrypts msg (request) from A - out has a compressed public key */ + plainSz = sizeof(plain); + ret = wc_ecc_decrypt(userB, tmpKey, out, outSz, plain, &plainSz, srvCtx); + if (ret != 0) + goto done; + + if (XMEMCMP(plain, msg, sizeof(msg)) != 0) { + ret = WC_TEST_RET_ENC_NC; goto done; + } +#endif /* HAVE_COMP_KEY && (!FIPS || FIPS>=5.3) */ + +#if (!defined(NO_ECC256) || defined(HAVE_ALL_CURVES)) && \ + (ECC_MIN_KEY_SZ <= 256) && defined(WOLFSSL_AES_128) + ret = ecc_encrypt_kat(rng); +#endif + +done: + + /* cleanup */ + wc_ecc_ctx_free(srvCtx); + wc_ecc_ctx_free(cliCtx); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (tmpKey != NULL) { + wc_ecc_free(tmpKey); + XFREE(tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_ecc_free(tmpKey); +#endif + + return ret; +} +#endif + +#endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void) +{ + WC_RNG rng; + wc_test_ret_t ret; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key *userA; + ecc_key *userB; +#else + ecc_key userA[1]; + ecc_key userB[1]; +#endif + WOLFSSL_ENTER("ecc_encrypt_test"); + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + userA = (ecc_key *)XMALLOC(sizeof *userA, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + userB = (ecc_key *)XMALLOC(sizeof *userB, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if ((userA == NULL) || (userB == NULL)) { + ERROR_OUT(MEMORY_E, done); + } +#endif + + XMEMSET(userA, 0, sizeof *userA); + XMEMSET(userB, 0, sizeof *userB); + + ret = wc_ecc_init_ex(userA, HEAP_HINT, devId); + if (ret != 0) + goto done; + ret = wc_ecc_init_ex(userB, HEAP_HINT, devId); + if (ret != 0) + goto done; + + ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userA); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userA->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0){ + ret = WC_TEST_RET_ENC_EC(ret); goto done; + } + + ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, userB); +#if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &userB->asyncDev, WC_ASYNC_FLAG_NONE); +#endif + if (ret != 0){ + ret = WC_TEST_RET_ENC_EC(ret); goto done; + } + +#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ + !defined(HAVE_SELFTEST) + ret = wc_ecc_set_rng(userA, &rng); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); goto done; + } + ret = wc_ecc_set_rng(userB, &rng); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); goto done; + } +#endif + +#if !defined(HAVE_FIPS) || (defined(FIPS_VERSION_GE) && FIPS_VERSION_GE(5,3)) + +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC) +#ifdef WOLFSSL_AES_128 + if (ret == 0) { + ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC, + ecHKDF_SHA256, ecHMAC_SHA256); + if (ret != 0) { + printf("ECIES: AES_128_CBC, HKDF_SHA256, HMAC_SHA256\n"); + } + } +#ifdef HAVE_X963_KDF + if (ret == 0) { + ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC, + ecKDF_X963_SHA256, ecHMAC_SHA256); + if (ret != 0) { + printf("ECIES: AES_128_CBC, KDF_X963_SHA256, HMAC_SHA256\n"); + } + } + if (ret == 0) { + ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CBC, + ecKDF_SHA256, ecHMAC_SHA256); + if (ret != 0) { + printf("ECIES: AES_128_CBC, KDF_SHA256, HMAC_SHA256\n"); + } + } +#endif +#endif +#ifdef WOLFSSL_AES_256 + if (ret == 0) { + ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_256_CBC, + ecHKDF_SHA256, ecHMAC_SHA256); + if (ret != 0) { + printf("ECIES: AES_256_CBC, HKDF_SHA256, HMAC_SHA256\n"); + } + } +#endif +#endif +#if !defined(NO_AES) && defined(WOLFSSL_AES_COUNTER) && !defined(WOLFSSL_NO_MALLOC) +#ifdef WOLFSSL_AES_128 + if (ret == 0) { + ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_128_CTR, + ecHKDF_SHA256, ecHMAC_SHA256); + if (ret != 0) { + printf("ECIES: AES_128_CTR, HKDF_SHA256, HMAC_SHA256\n"); + } + } +#endif +#ifdef WOLFSSL_AES_256 + if (ret == 0) { + ret = ecc_encrypt_e2e_test(&rng, userA, userB, ecAES_256_CTR, + ecHKDF_SHA256, ecHMAC_SHA256); + if (ret != 0) { + printf("ECIES: AES_256_CTR, HKDF_SHA256, HMAC_SHA256\n"); + } + } +#endif +#endif /* !NO_AES && WOLFSSL_AES_COUNTER */ +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && !defined(WOLFSSL_NO_MALLOC) + if (ret == 0) { + ret = ecc_ctx_kdf_salt_test(&rng, userA, userB); + } +#endif + +#endif /* !HAVE_FIPS || FIPS_VERSION_GE(5,3) */ + +done: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (userA != NULL) { + wc_ecc_free(userA); + XFREE(userA, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (userB != NULL) { + wc_ecc_free(userB); + XFREE(userB, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_ecc_free(userB); + wc_ecc_free(userA); +#endif + + wc_FreeRng(&rng); + + return ret; +} + +#endif /* HAVE_ECC_ENCRYPT && HAVE_AES_CBC && WOLFSSL_AES_128 */ + +#if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \ + defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void) +{ + size_t bytes; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key *cliKey = (ecc_key *)XMALLOC(sizeof *cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ecc_key *servKey = (ecc_key *)XMALLOC(sizeof *servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ecc_key *tmpKey = (ecc_key *)XMALLOC(sizeof *tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + ecc_key cliKey[1]; + ecc_key servKey[1]; + ecc_key tmpKey[1]; +#endif + WC_RNG rng; + word32 idx = 0; + wc_test_ret_t ret; + /* pad our test message to 32 bytes so evenly divisible by AES_BLOCK_SZ */ + byte in[] = "Everyone gets Friday off. ecc p"; + word32 inLen = (word32)XSTRLEN((char*)in); + byte out[256]; + byte plain[256]; + int verify = 0; + word32 x; + WOLFSSL_ENTER("ecc_test_buffers"); + + XMEMSET(&rng, 0, sizeof(WC_RNG)); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((cliKey == NULL) || (servKey == NULL) || (tmpKey == NULL)) { + XFREE(cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return MEMORY_E; + } +#endif + + XMEMSET(cliKey, 0, sizeof(*cliKey)); + XMEMSET(servKey, 0, sizeof(*servKey)); + XMEMSET(tmpKey, 0, sizeof(*tmpKey)); + + ret = wc_ecc_init_ex(cliKey, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_ecc_init_ex(servKey, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_ecc_init_ex(tmpKey, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + bytes = (size_t)sizeof_ecc_clikey_der_256; + /* place client key into ecc_key struct cliKey */ + ret = wc_EccPrivateKeyDecode(ecc_clikey_der_256, &idx, cliKey, + (word32)bytes); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + idx = 0; + bytes = (size_t)sizeof_ecc_key_der_256; + + /* place server key into ecc_key struct servKey */ + ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &idx, servKey, + (word32)bytes); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifndef WC_NO_RNG +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#if defined(ECC_TIMING_RESISTANT) && (!defined(HAVE_FIPS) || \ + (!defined(HAVE_FIPS_VERSION) || (HAVE_FIPS_VERSION != 2))) && \ + !defined(HAVE_SELFTEST) + ret = wc_ecc_set_rng(cliKey, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_ecc_set_rng(servKey, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif +#endif /* !WC_NO_RNG */ + +#if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_HKDF) && \ + defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + { + word32 y; + /* test encrypt and decrypt if they're available */ + x = sizeof(out); + ret = wc_ecc_encrypt(cliKey, servKey, in, sizeof(in), out, &x, NULL); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + #ifdef WOLFSSL_ECIES_OLD + tmpKey->dp = cliKey->dp; + ret = wc_ecc_copy_point(&cliKey->pubkey, &tmpKey->pubkey); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); goto done; + } + #endif + + y = sizeof(plain); + ret = wc_ecc_decrypt(servKey, tmpKey, out, x, plain, &y, NULL); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (XMEMCMP(plain, in, inLen)) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } +#endif + + x = sizeof(out); + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &cliKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_sign_hash(in, inLen, out, &x, &rng, cliKey); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + TEST_SLEEP(); + + XMEMSET(plain, 0, sizeof(plain)); + + do { + #if defined(WOLFSSL_ASYNC_CRYPT) + ret = wc_AsyncWait(ret, &cliKey->asyncDev, WC_ASYNC_FLAG_CALL_AGAIN); + #endif + if (ret == 0) + ret = wc_ecc_verify_hash(out, x, in, inLen, &verify, + cliKey); + } while (ret == WC_NO_ERR_TRACE(WC_PENDING_E)); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + TEST_SLEEP(); + +#ifdef WOLFSSL_CERT_EXT + idx = 0; + + bytes = sizeof_ecc_clikeypub_der_256; + + ret = wc_EccPublicKeyDecode(ecc_clikeypub_der_256, &idx, cliKey, + (word32) bytes); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif + + ret = 0; + + done: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (cliKey != NULL) { + wc_ecc_free(cliKey); + XFREE(cliKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (servKey != NULL) { + wc_ecc_free(servKey); + XFREE(servKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (tmpKey != NULL) { + wc_ecc_free(tmpKey); + XFREE(tmpKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + wc_ecc_free(cliKey); + wc_ecc_free(servKey); + wc_ecc_free(tmpKey); +#endif + + wc_FreeRng(&rng); + + return ret; +} +#endif /* USE_CERT_BUFFERS_256 && !WOLFSSL_ATECCX08A && !NO_ECC256 */ +#endif /* HAVE_ECC */ + + +#ifdef HAVE_CURVE25519 +#if defined(HAVE_CURVE25519_SHARED_SECRET) && \ + defined(HAVE_CURVE25519_KEY_IMPORT) +#ifdef CURVE25519_OVERFLOW_ALL_TESTS +#define X25519_TEST_CNT 5 +#else +#define X25519_TEST_CNT 1 +#endif +static wc_test_ret_t curve25519_overflow_test(WC_RNG* rng) +{ + /* secret key for party a */ + byte sa[X25519_TEST_CNT][32] = { + { + 0x8d,0xaf,0x6e,0x7a,0xc1,0xeb,0x8d,0x30, + 0x99,0x86,0xd3,0x90,0x47,0x96,0x21,0x3c, + 0x3a,0x75,0xc0,0x7b,0x75,0x01,0x75,0xa3, + 0x81,0x4b,0xff,0x5a,0xbc,0x96,0x87,0x28 + }, +#ifdef CURVE25519_OVERFLOW_ALL_TESTS + { + 0x9d,0x63,0x5f,0xce,0xe2,0xe8,0xd7,0xfb, + 0x68,0x77,0x0e,0x44,0xd1,0xad,0x87,0x2b, + 0xf4,0x65,0x06,0xb7,0xbb,0xdb,0xbe,0x6e, + 0x02,0x43,0x24,0xc7,0x3d,0x7b,0x88,0x60 + }, + { + 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9, + 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52, + 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1, + 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0 + }, + { + 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9, + 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52, + 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1, + 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0 + }, + { + 0x63,0xbf,0x76,0xa9,0x73,0xa0,0x09,0xb9, + 0xcc,0xc9,0x4d,0x47,0x2d,0x14,0x0e,0x52, + 0xa3,0x84,0x55,0xb8,0x7c,0xdb,0xce,0xb1, + 0xe4,0x5b,0x8a,0xb9,0x30,0xf1,0xa4,0xa0 + } +#endif + }; + + /* public key for party b */ + byte pb[X25519_TEST_CNT][32] = { + { + 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0 + }, +#ifdef CURVE25519_OVERFLOW_ALL_TESTS + { + /* 0xff first byte in original - invalid! */ + 0x7f,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xf0 + }, + { + 0x36,0x1a,0x74,0x87,0x28,0x59,0xe0,0xb6, + 0xe4,0x2b,0x17,0x9b,0x16,0xb0,0x3b,0xf8, + 0xb8,0x9f,0x2a,0x8f,0xc5,0x33,0x68,0x4f, + 0xde,0x4d,0xd8,0x80,0x63,0xe7,0xb4,0x0a + }, + { + 0x00,0x80,0x38,0x59,0x19,0x3a,0x66,0x12, + 0xfd,0xa1,0xec,0x1c,0x40,0x84,0x40,0xbd, + 0x64,0x10,0x8b,0x53,0x81,0x21,0x03,0x2d, + 0x7d,0x33,0xb4,0x01,0x57,0x0d,0xe1,0x89 + }, + { + 0x1d,0xf8,0xf8,0x33,0x89,0x6c,0xb7,0xba, + 0x94,0x73,0xfa,0xc2,0x36,0xac,0xbe,0x49, + 0xaf,0x85,0x3e,0x93,0x5f,0xae,0xb2,0xc0, + 0xc8,0x80,0x8f,0x4a,0xaa,0xd3,0x55,0x2b + } +#endif + }; + + /* expected shared key */ + byte ss[X25519_TEST_CNT][32] = { + { + 0x5c,0x4c,0x85,0x5f,0xfb,0x20,0x38,0xcc, + 0x55,0x16,0x5b,0x8a,0xa7,0xed,0x57,0x6e, + 0x35,0xaa,0x71,0x67,0x85,0x1f,0xb6,0x28, + 0x17,0x07,0x7b,0xda,0x76,0xdd,0xe0,0xb4 + }, +#ifdef CURVE25519_OVERFLOW_ALL_TESTS + { + 0x33,0xf6,0xc1,0x34,0x62,0x92,0x06,0x02, + 0x95,0xdb,0x91,0x4c,0x5d,0x52,0x54,0xc7, + 0xd2,0x5b,0x24,0xb5,0x4f,0x33,0x59,0x79, + 0x9f,0x6d,0x7e,0x4a,0x4c,0x30,0xd6,0x38 + }, + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02 + }, + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x09 + }, + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x10 + } +#endif + }; + + wc_test_ret_t ret = 0; + int i; + word32 y; + byte shared[32]; + curve25519_key userA; + + wc_curve25519_init_ex(&userA, HEAP_HINT, devId); +#ifdef WOLFSSL_CURVE25519_BLINDING + wc_curve25519_set_rng(&userA, rng); +#endif + (void)rng; + + for (i = 0; i < X25519_TEST_CNT; i++) { + if (wc_curve25519_import_private_raw(sa[i], sizeof(sa[i]), pb[i], + sizeof(pb[i]), &userA) != 0) { + ret = WC_TEST_RET_ENC_I(i); break; + } + + /* test against known test vector */ + XMEMSET(shared, 0, sizeof(shared)); + y = sizeof(shared); + if (wc_curve25519_shared_secret(&userA, &userA, shared, &y) != 0) { + ret = WC_TEST_RET_ENC_I(i); break; + } + + if (XMEMCMP(ss[i], shared, y)) { + ret = WC_TEST_RET_ENC_I(i); break; + } + } + + wc_curve25519_free(&userA); + + return ret; +} + +/* Test the wc_curve25519_check_public API. + * + * returns 0 on success and -ve on failure. + */ +static wc_test_ret_t curve25519_check_public_test(void) +{ + wc_test_ret_t ret; + /* Little-endian values that will fail */ + byte fail_le[][CURVE25519_KEYSIZE] = { + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }, + { + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }, + { + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x81 + }, + }; + /* Big-endian values that will fail */ + byte fail_be[][CURVE25519_KEYSIZE] = { + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }, + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }, + { + 0x81,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }, + }; + /* Good or valid public value */ + byte good[CURVE25519_KEYSIZE] = { + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }; + int i; + + /* Parameter checks */ + /* NULL pointer */ + ret = wc_curve25519_check_public(NULL, 0, EC25519_LITTLE_ENDIAN); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + return WC_TEST_RET_ENC_EC(ret); + } + ret = wc_curve25519_check_public(NULL, 0, EC25519_BIG_ENDIAN); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) { + return WC_TEST_RET_ENC_EC(ret); + } + /* Length of 0 treated differently to other invalid lengths for TLS */ + ret = wc_curve25519_check_public(good, 0, EC25519_LITTLE_ENDIAN); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_curve25519_check_public(good, 0, EC25519_BIG_ENDIAN); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + + /* Length not CURVE25519_KEYSIZE */ + for (i = 1; i < CURVE25519_KEYSIZE + 2; i++) { + if (i == CURVE25519_KEYSIZE) + continue; + if (wc_curve25519_check_public(good, (word32)i, EC25519_LITTLE_ENDIAN) != + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) { + return WC_TEST_RET_ENC_I(i); + } + if (wc_curve25519_check_public(good, (word32)i, EC25519_BIG_ENDIAN) != + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) { + return WC_TEST_RET_ENC_I(i); + } + } + + /* Little-endian fail cases */ + for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) { + if (wc_curve25519_check_public(fail_le[i], CURVE25519_KEYSIZE, + EC25519_LITTLE_ENDIAN) == 0) { + return WC_TEST_RET_ENC_I(i); + } + } + /* Big-endian fail cases */ + for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) { + if (wc_curve25519_check_public(fail_be[i], CURVE25519_KEYSIZE, + EC25519_BIG_ENDIAN) == 0) { + return WC_TEST_RET_ENC_I(i); + } + } + + /* Check a valid public value works! */ + ret = wc_curve25519_check_public(good, CURVE25519_KEYSIZE, + EC25519_LITTLE_ENDIAN); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + ret = wc_curve25519_check_public(good, CURVE25519_KEYSIZE, + EC25519_BIG_ENDIAN); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + + return 0; +} + +#endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */ + +#if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \ + defined(HAVE_CURVE25519_KEY_IMPORT) +static wc_test_ret_t curve255519_der_test(void) +{ + wc_test_ret_t ret = 0; + /* certs/statickeys/x25519.der */ + const byte kCurve25519PrivDer[] = { + 0x30, 0x2E, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E, + 0x04, 0x22, 0x04, 0x20, 0x78, 0x8E, 0x31, 0x5C, 0x33, 0xA9, 0x19, 0xC0, + 0x5E, 0x36, 0x70, 0x1B, 0xA4, 0xE8, 0xEF, 0xC1, 0x89, 0x8C, 0xB3, 0x15, + 0xC6, 0x79, 0xD3, 0xAC, 0x22, 0x00, 0xAE, 0xFA, 0xB3, 0xB7, 0x0F, 0x78 + }; + /* certs/statickeys/x25519-pub.der */ + const byte kCurve25519PubDer[] = { + 0x30, 0x2A, 0x30, 0x05, 0x06, 0x03, 0x2B, 0x65, 0x6E, 0x03, 0x21, 0x00, + 0x09, 0xBC, 0x8C, 0xC7, 0x45, 0x0D, 0xC1, 0xC2, 0x02, 0x57, 0x9A, 0x68, + 0x3A, 0xFD, 0x7A, 0xA8, 0xA5, 0x2F, 0xF0, 0x99, 0x39, 0x98, 0xEA, 0x26, + 0xA2, 0x5B, 0x38, 0xFD, 0x96, 0xDB, 0x2A, 0x26 + }; + curve25519_key key; +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(7,0,0) + byte output[CURVE25519_MAX_KEY_TO_DER_SZ]; +#else + byte output[128]; +#endif + word32 outputSz = (word32)sizeof(output); + word32 idx; + + ret = wc_curve25519_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Test decode / encode of Curve25519 private key only */ + if (ret == 0) { + idx = 0; + ret = wc_Curve25519PrivateKeyDecode(kCurve25519PrivDer, &idx, &key, + (word32)sizeof(kCurve25519PrivDer)); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + outputSz = (word32)sizeof(output); + ret = wc_Curve25519PrivateKeyToDer(&key, output, outputSz); + if (ret >= 0) { + outputSz = (word32)ret; + ret = 0; + } + else { + ret = WC_TEST_RET_ENC_EC(ret); + } + } + if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PrivDer) || + XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) { + ret = WC_TEST_RET_ENC_NC; + } + + /* Test decode / encode of Curve25519 public key only */ + if (ret == 0) { + idx = 0; + ret = wc_Curve25519PublicKeyDecode(kCurve25519PubDer, &idx, &key, + (word32)sizeof(kCurve25519PubDer)); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + outputSz = (word32)sizeof(output); + ret = wc_Curve25519PublicKeyToDer(&key, output, outputSz, 1); + if (ret >= 0) { + outputSz = (word32)ret; + ret = 0; + } + else { + ret = WC_TEST_RET_ENC_EC(ret); + } + } + if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PubDer) || + XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) { + ret = WC_TEST_RET_ENC_NC; + } + + + /* Test decode/encode of Curve25519 private key (only) using generic API */ + if (ret == 0) { + /* clear key, since generic API will try to decode all fields */ + XMEMSET(&key, 0, sizeof(key)); + + idx = 0; + ret = wc_Curve25519KeyDecode(kCurve25519PrivDer, &idx, &key, + (word32)sizeof(kCurve25519PrivDer)); + if (ret < 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } + } + if (ret == 0) { + outputSz = (word32)sizeof(output); + ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1); + if (ret >= 0) { + outputSz = (word32)ret; + ret = 0; + } + else { + ret = WC_TEST_RET_ENC_EC(ret); + } + } + if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PrivDer) || + XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) { + ret = WC_TEST_RET_ENC_NC; + } + + /* Test decode/encode of Curve25519 public key (only) using generic API */ + if (ret == 0) { + /* clear key, since generic API will try to decode all fields */ + XMEMSET(&key, 0, sizeof(key)); + idx = 0; + ret = wc_Curve25519KeyDecode(kCurve25519PubDer, &idx, &key, + (word32)sizeof(kCurve25519PubDer)); + if (ret < 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } + } + if (ret == 0) { + outputSz = (word32)sizeof(output); + ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1); + if (ret >= 0) { + outputSz = (word32)ret; + ret = 0; + } + else { + ret = WC_TEST_RET_ENC_EC(ret); + } + } + if (ret == 0 && (outputSz != (word32)sizeof(kCurve25519PubDer) || + XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) { + ret = WC_TEST_RET_ENC_NC; + } + + /* Test decode/encode key data containing both public and private fields */ + if (ret == 0) { + XMEMSET(&key, 0 , sizeof(key)); + + /* Decode public key */ + idx = 0; + ret = wc_Curve25519KeyDecode(kCurve25519PubDer, &idx, &key, + (word32)sizeof(kCurve25519PubDer)); + if (ret < 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + /* Decode private key */ + idx = 0; + ret = wc_Curve25519KeyDecode(kCurve25519PrivDer, &idx, &key, + (word32)sizeof(kCurve25519PrivDer)); + if (ret < 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } + } + /* Both public and private flags should be set */ + if ((ret == 0) && (!key.pubSet && !key.privSet)) { + ret = WC_TEST_RET_ENC_NC; + } + if (ret == 0) { + /* Export key to temporary DER */ + outputSz = (word32)sizeof(output); + ret = wc_Curve25519KeyToDer(&key, output, outputSz, 1); + if (ret >= 0) { + outputSz = (word32)ret; + ret = 0; + } + else { + ret = WC_TEST_RET_ENC_EC(ret); + } + + /* Re-import temporary DER */ + if (ret == 0) { + idx = 0; + ret = wc_Curve25519KeyDecode(output, &idx, &key, sizeof(output)); + if (ret < 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } + } + + /* Ensure public and private keys survived combined keypair + * export/import by re-exporting DER for private and public keys, + * individually, and re-checking output against known good vectors. + * This is slightly circuitous but does test the functionality + * without requiring the addition of new test keys */ + if (ret == 0) { + idx = 0; + ret = wc_Curve25519PrivateKeyDecode(kCurve25519PrivDer, &idx, + &key, (word32)sizeof(kCurve25519PrivDer)); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + outputSz = (word32)sizeof(output); + ret = wc_Curve25519PrivateKeyToDer(&key, output, outputSz); + if (ret >= 0) { + outputSz = (word32)ret; + ret = 0; + } + else { + ret = WC_TEST_RET_ENC_EC(ret); + } + } + if ((ret == 0) && + (outputSz != (word32)sizeof(kCurve25519PrivDer) || + XMEMCMP(output, kCurve25519PrivDer, outputSz) != 0)) { + ret = WC_TEST_RET_ENC_NC; + } + if (ret == 0) { + idx = 0; + ret = wc_Curve25519PublicKeyDecode(kCurve25519PubDer, &idx, + &key, (word32)sizeof(kCurve25519PubDer)); + if (ret < 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + outputSz = (word32)sizeof(output); + ret = wc_Curve25519PublicKeyToDer(&key, output, outputSz, 1); + if (ret >= 0) { + outputSz = (word32)ret; + ret = 0; + } + else { + ret = WC_TEST_RET_ENC_EC(ret); + } + } + if ((ret == 0) && + (outputSz != (word32)sizeof(kCurve25519PubDer) || + XMEMCMP(output, kCurve25519PubDer, outputSz) != 0)) { + ret = WC_TEST_RET_ENC_NC; + } + } + + } + + wc_curve25519_free(&key); + + return ret; +} +#endif /* !NO_ASN && HAVE_CURVE25519_KEY_EXPORT && HAVE_CURVE25519_KEY_IMPORT */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void) +{ + WC_RNG rng; + wc_test_ret_t ret; +#ifdef HAVE_CURVE25519_SHARED_SECRET + byte sharedA[32]; + byte sharedB[32]; + word32 y; +#endif +#ifdef HAVE_CURVE25519_KEY_EXPORT + byte exportBuf[32]; +#endif + word32 x = 0; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + curve25519_key *userA = NULL, *userB = NULL, *pubKey = NULL; +#else + curve25519_key userA[1], userB[1], pubKey[1]; +#endif + +#if defined(HAVE_CURVE25519_SHARED_SECRET) && \ + defined(HAVE_CURVE25519_KEY_IMPORT) + /* test vectors from + https://tools.ietf.org/html/draft-josefsson-tls-curve25519-03 + */ + + /* secret key for party a */ + byte sa[] = { + 0x5A,0xC9,0x9F,0x33,0x63,0x2E,0x5A,0x76, + 0x8D,0xE7,0xE8,0x1B,0xF8,0x54,0xC2,0x7C, + 0x46,0xE3,0xFB,0xF2,0xAB,0xBA,0xCD,0x29, + 0xEC,0x4A,0xFF,0x51,0x73,0x69,0xC6,0x60 + }; + + /* public key for party a */ + byte pa[] = { + 0x05,0x7E,0x23,0xEA,0x9F,0x1C,0xBE,0x8A, + 0x27,0x16,0x8F,0x6E,0x69,0x6A,0x79,0x1D, + 0xE6,0x1D,0xD3,0xAF,0x7A,0xCD,0x4E,0xEA, + 0xCC,0x6E,0x7B,0xA5,0x14,0xFD,0xA8,0x63 + }; + + /* secret key for party b */ + byte sb[] = { + 0x47,0xDC,0x3D,0x21,0x41,0x74,0x82,0x0E, + 0x11,0x54,0xB4,0x9B,0xC6,0xCD,0xB2,0xAB, + 0xD4,0x5E,0xE9,0x58,0x17,0x05,0x5D,0x25, + 0x5A,0xA3,0x58,0x31,0xB7,0x0D,0x32,0x60 + }; + + /* public key for party b */ + byte pb[] = { + 0x6E,0xB8,0x9D,0xA9,0x19,0x89,0xAE,0x37, + 0xC7,0xEA,0xC7,0x61,0x8D,0x9E,0x5C,0x49, + 0x51,0xDB,0xA1,0xD7,0x3C,0x28,0x5A,0xE1, + 0xCD,0x26,0xA8,0x55,0x02,0x0E,0xEF,0x04 + }; + + /* expected shared key */ + byte ss[] = { + 0x61,0x45,0x0C,0xD9,0x8E,0x36,0x01,0x6B, + 0x58,0x77,0x6A,0x89,0x7A,0x9F,0x0A,0xEF, + 0x73,0x8B,0x99,0xF0,0x94,0x68,0xB8,0xD6, + 0xB8,0x51,0x11,0x84,0xD5,0x34,0x94,0xAB + }; +#endif /* HAVE_CURVE25519_SHARED_SECRET */ + + (void)x; + WOLFSSL_ENTER("curve25519_test"); + + /* wc_FreeRng is always called on exit. Therefore wc_InitRng should be + * called before any exit goto's */ +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + userA = wc_curve25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + userB = wc_curve25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + pubKey = wc_curve25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); +#else + wc_curve25519_init_ex(userA, HEAP_HINT, devId); + wc_curve25519_init_ex(userB, HEAP_HINT, devId); + wc_curve25519_init_ex(pubKey, HEAP_HINT, devId); +#endif +#ifdef WOLFSSL_CURVE25519_BLINDING + wc_curve25519_set_rng(userA, &rng); + wc_curve25519_set_rng(userB, &rng); +#endif + + /* make curve25519 keys */ + ret = wc_curve25519_make_key(&rng, 32, userA); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + ret = wc_curve25519_make_key(&rng, 32, userB); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + +#ifdef HAVE_CURVE25519_SHARED_SECRET + /* find shared secret key */ + x = sizeof(sharedA); + if ((ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x)) != 0) { + printf("wc_curve25519_shared_secret 1 failed\n"); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + } + + y = sizeof(sharedB); + if ((ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y)) != 0) { + printf("wc_curve25519_shared_secret 2 failed\n"); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + } + + /* compare shared secret keys to test they are the same */ + if (y != x) + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); + + if (XMEMCMP(sharedA, sharedB, x)) + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); +#endif + +#ifdef HAVE_CURVE25519_KEY_EXPORT + /* export a public key and import it for another user */ + x = sizeof(exportBuf); + ret = wc_curve25519_export_public(userA, exportBuf, &x); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + +#ifdef HAVE_CURVE25519_KEY_IMPORT + ret = wc_curve25519_import_public(exportBuf, x, pubKey); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); +#endif +#endif + +#if defined(HAVE_CURVE25519_SHARED_SECRET) && \ + defined(HAVE_CURVE25519_KEY_IMPORT) + /* test shared key after importing a public key */ + XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); + if (wc_curve25519_shared_secret(userB, pubKey, sharedB, &y) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); + } + + if (XMEMCMP(sharedA, sharedB, y)) + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); + + /* import RFC test vectors and compare shared key */ + ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), + userA); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + ret = wc_curve25519_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), + userB); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + /* test against known test vector */ + XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); + ret = wc_curve25519_shared_secret(userA, userB, sharedB, &y); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + if (XMEMCMP(ss, sharedB, y)) + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); + + /* test swapping roles of keys and generating same shared key */ + XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); + ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + if (XMEMCMP(ss, sharedB, y)) + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); + + /* test with 1 generated key and 1 from known test vector */ + ret = wc_curve25519_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), + userA); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + wc_curve25519_free(userB); + wc_curve25519_init_ex(userB, HEAP_HINT, devId); +#ifdef WOLFSSL_CURVE25519_BLINDING + wc_curve25519_set_rng(userB, &rng); +#endif + + ret = wc_curve25519_make_key(&rng, 32, userB); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + x = sizeof(sharedA); + ret = wc_curve25519_shared_secret(userA, userB, sharedA, &x); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + y = sizeof(sharedB); + ret = wc_curve25519_shared_secret(userB, userA, sharedB, &y); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + /* compare shared secret keys to test they are the same */ + if (y != x) + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); + + if (XMEMCMP(sharedA, sharedB, x)) + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); + + ret = curve25519_overflow_test(&rng); + if (ret != 0) + goto cleanup; + ret = curve25519_check_public_test(); + if (ret != 0) + goto cleanup; +#endif /* HAVE_CURVE25519_SHARED_SECRET && HAVE_CURVE25519_KEY_IMPORT */ + +#if !defined(NO_ASN) && defined(HAVE_CURVE25519_KEY_EXPORT) && \ + defined(HAVE_CURVE25519_KEY_IMPORT) + ret = curve255519_der_test(); + if (ret != 0) + goto cleanup; +#endif + +cleanup: + + /* clean up keys when done */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_curve25519_delete(pubKey, &pubKey); + wc_curve25519_delete(userB, &userB); + wc_curve25519_delete(userA, &userA); +#else + wc_curve25519_free(pubKey); + wc_curve25519_free(userB); + wc_curve25519_free(userA); +#endif + + wc_FreeRng(&rng); + + return ret; +} +#endif /* HAVE_CURVE25519 */ + + +#ifdef HAVE_ED25519 +#ifdef WOLFSSL_TEST_CERT +static wc_test_ret_t ed25519_test_cert(void) +{ + DecodedCert cert[2]; + DecodedCert* serverCert = NULL; + DecodedCert* caCert = NULL; +#ifdef HAVE_ED25519_VERIFY + ed25519_key key; + ed25519_key* pubKey = NULL; + int verify; +#endif /* HAVE_ED25519_VERIFY */ + wc_test_ret_t ret; + byte* tmp; + size_t bytes; + XFILE file; + + tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } + +#ifdef USE_CERT_BUFFERS_256 + XMEMCPY(tmp, ca_ed25519_cert, sizeof_ca_ed25519_cert); + bytes = sizeof_ca_ed25519_cert; +#elif !defined(NO_FILESYSTEM) + file = XFOPEN(caEd25519Cert, "rb"); + if (file == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); +#else + /* No certificate to use. */ + ERROR_OUT(WC_TEST_RET_ENC_NC, done); +#endif + + InitDecodedCert(&cert[0], tmp, (word32)bytes, 0); + caCert = &cert[0]; + ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifdef USE_CERT_BUFFERS_256 + XMEMCPY(tmp, server_ed25519_cert, sizeof_server_ed25519_cert); + bytes = sizeof_server_ed25519_cert; +#elif !defined(NO_FILESYSTEM) + file = XFOPEN(serverEd25519Cert, "rb"); + if (file == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); +#else + /* No certificate to use. */ + ERROR_OUT(WC_TEST_RET_ENC_NC, done); +#endif + + InitDecodedCert(&cert[1], tmp, (word32)bytes, 0); + serverCert = &cert[1]; + ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifdef HAVE_ED25519_VERIFY + ret = wc_ed25519_init(&key); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + pubKey = &key; + ret = wc_ed25519_import_public(caCert->publicKey, caCert->pubKeySize, + pubKey); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ed25519_verify_msg(serverCert->signature, serverCert->sigLength, + serverCert->source + serverCert->certBegin, + serverCert->sigIndex - serverCert->certBegin, + &verify, pubKey); + if (ret < 0 || verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif /* HAVE_ED25519_VERIFY */ + +done: + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef HAVE_ED25519_VERIFY + wc_ed25519_free(pubKey); +#endif /* HAVE_ED25519_VERIFY */ + if (caCert != NULL) + FreeDecodedCert(caCert); + if (serverCert != NULL) + FreeDecodedCert(serverCert); + + return ret; +} + +static wc_test_ret_t ed25519_test_make_cert(void) +{ + WC_RNG rng; + Cert cert; + DecodedCert decode; + ed25519_key key; + ed25519_key* privKey = NULL; + wc_test_ret_t ret = 0; + byte* tmp = NULL; + + wc_InitCert_ex(&cert, HEAP_HINT, devId); + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + wc_ed25519_init(&key); + privKey = &key; + wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, privKey); + + cert.daysValid = 365 * 2; + cert.selfSigned = 1; + XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName)); + XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName)); + cert.isCA = 0; +#ifdef WOLFSSL_CERT_EXT + ret = wc_SetKeyUsage(&cert, certKeyUsage); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED25519_TYPE, privKey); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif + tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } + + cert.sigType = CTC_ED25519; + ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED25519_TYPE, privKey, &rng); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, + ED25519_TYPE, privKey, &rng); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + InitDecodedCert(&decode, tmp, (word32)ret, HEAP_HINT); + ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); + FreeDecodedCert(&decode); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +done: + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_ed25519_free(privKey); + wc_FreeRng(&rng); + return ret; +} +#endif /* WOLFSSL_TEST_CERT */ + +#if defined(HAVE_ED25519_KEY_IMPORT) +static wc_test_ret_t ed25519_test_check_key(void) +{ + /* Fails to find x-ordinate from this y-ordinate. */ + WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y[] = { + 0x40, + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + }; + /* Y-ordinate value larger than prime. */ + WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_max[] = { + 0x40, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f, + }; + /* Y-ordinate value equal to prime. */ + WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_is_p[] = { + 0x40, + 0xed,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f, + }; + /* Y-ordinate value equal to prime - 1. */ + WOLFSSL_SMALL_STACK_STATIC const byte key_y_is_p_minus_1[] = { + 0x40, + 0xec,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0x7f, + }; + ed25519_key key; + int ret; + int res = 0; + + /* Initialize key for use. */ + ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) { + return WC_TEST_RET_ENC_NC; + } + + /* Load bad public key only and perform checks. */ + ret = wc_ed25519_import_public(key_bad_y, ED25519_PUB_KEY_SIZE + 1, &key); + if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) { + res = WC_TEST_RET_ENC_NC; + } + if (res == 0) { + /* Load bad public key only and perform checks. */ + ret = wc_ed25519_import_public(key_bad_y_max, ED25519_PUB_KEY_SIZE + 1, + &key); + if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) { + res = WC_TEST_RET_ENC_NC; + } + } + if (res == 0) { + /* Load bad public key only and perform checks. */ + ret = wc_ed25519_import_public(key_bad_y_is_p, ED25519_PUB_KEY_SIZE + 1, + &key); + if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) { + res = WC_TEST_RET_ENC_NC; + } + } + if (res == 0) { + /* Load good public key only and perform checks. */ + ret = wc_ed25519_import_public(key_y_is_p_minus_1, + ED25519_PUB_KEY_SIZE + 1, &key); + if (ret != 0) { + res = WC_TEST_RET_ENC_NC; + } + } + + /* Dispose of key. */ + wc_ed25519_free(&key); + + return res; +} +#endif + +#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \ + defined(HAVE_ED25519_KEY_IMPORT) +static wc_test_ret_t ed25519ctx_test(void) +{ + wc_test_ret_t ret; + byte out[ED25519_SIG_SIZE]; + word32 outlen; +#ifdef HAVE_ED25519_VERIFY + int verify = 0; +#endif /* HAVE_ED25519_VERIFY */ + ed25519_key key; + + WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = { + 0x03,0x05,0x33,0x4e,0x38,0x1a,0xf7,0x8f, + 0x14,0x1c,0xb6,0x66,0xf6,0x19,0x9f,0x57, + 0xbc,0x34,0x95,0x33,0x5a,0x25,0x6a,0x95, + 0xbd,0x2a,0x55,0xbf,0x54,0x66,0x63,0xf6 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = { + 0xdf,0xc9,0x42,0x5e,0x4f,0x96,0x8f,0x7f, + 0x0c,0x29,0xf0,0x25,0x9c,0xf5,0xf9,0xae, + 0xd6,0x85,0x1c,0x2b,0xb4,0xad,0x8b,0xfb, + 0x86,0x0c,0xfe,0xe0,0xab,0x24,0x82,0x92 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sigCtx1[] = { + 0x55,0xa4,0xcc,0x2f,0x70,0xa5,0x4e,0x04, + 0x28,0x8c,0x5f,0x4c,0xd1,0xe4,0x5a,0x7b, + 0xb5,0x20,0xb3,0x62,0x92,0x91,0x18,0x76, + 0xca,0xda,0x73,0x23,0x19,0x8d,0xd8,0x7a, + 0x8b,0x36,0x95,0x0b,0x95,0x13,0x00,0x22, + 0x90,0x7a,0x7f,0xb7,0xc4,0xe9,0xb2,0xd5, + 0xf6,0xcc,0xa6,0x85,0xa5,0x87,0xb4,0xb2, + 0x1f,0x4b,0x88,0x8e,0x4e,0x7e,0xdb,0x0d + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sigCtx2[] = { + 0xcc,0x5e,0x63,0xa2,0x7e,0x94,0xaf,0xd3, + 0x41,0x83,0x38,0xd2,0x48,0x6f,0xa9,0x2a, + 0xf9,0x91,0x7c,0x2d,0x98,0x9e,0x06,0xe5, + 0x02,0x77,0x72,0x1c,0x34,0x38,0x18,0xb4, + 0x21,0x96,0xbc,0x29,0x2e,0x68,0xf3,0x4d, + 0x85,0x9b,0xbe,0xad,0x17,0x9f,0x54,0x54, + 0x2d,0x4b,0x04,0xdc,0xfb,0xfa,0x4a,0x68, + 0x4e,0x39,0x50,0xfb,0x1c,0xcd,0x8d,0x0d + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = { + 0xf7,0x26,0x93,0x6d,0x19,0xc8,0x00,0x49, + 0x4e,0x3f,0xda,0xff,0x20,0xb2,0x76,0xa8 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = { + 0x66,0x6f,0x6f + }; + + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + + ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) + return 10800; + + ret = wc_ed25519_import_private_key(sKeyCtx, ED25519_KEY_SIZE, pKeyCtx, + sizeof(pKeyCtx), &key); + if (ret == 0) + ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, + contextCtx, sizeof(contextCtx)); + if (ret == 0 && XMEMCMP(out, sigCtx1, 64) != 0) + ret = WC_TEST_RET_ENC_NC; + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (ret == 0) + ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), + &verify, &key, contextCtx, sizeof(contextCtx)); + if (ret == 0 && verify != 1) + ret = WC_TEST_RET_ENC_NC; +#endif + + if (ret == 0) + ret = wc_ed25519ctx_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, + NULL, 0); + + if (ret == 0 && XMEMCMP(out, sigCtx2, 64) != 0) + ret = WC_TEST_RET_ENC_NC; + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (ret == 0) + ret = wc_ed25519ctx_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), + &verify, &key, NULL, 0); + if (ret == 0 && verify != 1) + ret = WC_TEST_RET_ENC_NC; +#endif + + wc_ed25519_free(&key); + + return ret; +} + +static wc_test_ret_t ed25519ph_test(void) +{ + wc_test_ret_t ret = 0; + byte out[ED25519_SIG_SIZE]; + word32 outlen; +#ifdef HAVE_ED25519_VERIFY + int verify = 0; +#endif /* HAVE_ED25519_VERIFY */ + ed25519_key key; + + WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = { + 0x83,0x3f,0xe6,0x24,0x09,0x23,0x7b,0x9d, + 0x62,0xec,0x77,0x58,0x75,0x20,0x91,0x1e, + 0x9a,0x75,0x9c,0xec,0x1d,0x19,0x75,0x5b, + 0x7d,0xa9,0x01,0xb9,0x6d,0xca,0x3d,0x42 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = { + 0xec,0x17,0x2b,0x93,0xad,0x5e,0x56,0x3b, + 0xf4,0x93,0x2c,0x70,0xe1,0x24,0x50,0x34, + 0xc3,0x54,0x67,0xef,0x2e,0xfd,0x4d,0x64, + 0xeb,0xf8,0x19,0x68,0x34,0x67,0xe2,0xbf + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = { + 0x98,0xa7,0x02,0x22,0xf0,0xb8,0x12,0x1a, + 0xa9,0xd3,0x0f,0x81,0x3d,0x68,0x3f,0x80, + 0x9e,0x46,0x2b,0x46,0x9c,0x7f,0xf8,0x76, + 0x39,0x49,0x9b,0xb9,0x4e,0x6d,0xae,0x41, + 0x31,0xf8,0x50,0x42,0x46,0x3c,0x2a,0x35, + 0x5a,0x20,0x03,0xd0,0x62,0xad,0xf5,0xaa, + 0xa1,0x0b,0x8c,0x61,0xe6,0x36,0x06,0x2a, + 0xaa,0xd1,0x1c,0x2a,0x26,0x08,0x34,0x06 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = { + 0xe0,0x39,0x70,0x2b,0x4c,0x25,0x95,0xa6, + 0xa5,0x41,0xac,0x85,0x09,0x23,0x6e,0x29, + 0x90,0x47,0x47,0x95,0x33,0x0c,0x9b,0x34, + 0xa7,0x5f,0x58,0xa6,0x60,0x12,0x9e,0x08, + 0xfd,0x73,0x69,0x43,0xfb,0x19,0x43,0xa5, + 0x57,0x20,0xb9,0xe0,0x95,0x7b,0x1e,0xd6, + 0x73,0x48,0x16,0x61,0x9f,0x13,0x88,0xf4, + 0x3f,0x73,0xe6,0xe3,0xba,0xa8,0x1c,0x0e + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = { + 0x61,0x62,0x63 + }; + + /* SHA-512 hash of msgPh */ + WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = { + 0xdd,0xaf,0x35,0xa1,0x93,0x61,0x7a,0xba, + 0xcc,0x41,0x73,0x49,0xae,0x20,0x41,0x31, + 0x12,0xe6,0xfa,0x4e,0x89,0xa9,0x7e,0xa2, + 0x0a,0x9e,0xee,0xe6,0x4b,0x55,0xd3,0x9a, + 0x21,0x92,0x99,0x2a,0x27,0x4f,0xc1,0xa8, + 0x36,0xba,0x3c,0x23,0xa3,0xfe,0xeb,0xbd, + 0x45,0x4d,0x44,0x23,0x64,0x3c,0xe8,0x0e, + 0x2a,0x9a,0xc9,0x4f,0xa5,0x4c,0xa4,0x9f + }; + + WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = { + 0x66,0x6f,0x6f + }; + + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + + ret = wc_ed25519_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ed25519_import_private_key(sKeyPh, ED25519_KEY_SIZE, pKeyPh, + sizeof(pKeyPh), &key); + if (ret == 0) + ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, + NULL, 0); + + if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0) + ret = WC_TEST_RET_ENC_NC; + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (ret == 0) + ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), + &verify, &key, NULL, 0); + if (ret == 0 && verify != 1) + ret = WC_TEST_RET_ENC_NC; +#endif + + if (ret == 0) + ret = wc_ed25519ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, + contextPh2, sizeof(contextPh2)); + + if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0) + ret = WC_TEST_RET_ENC_NC; + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (ret == 0) + ret = wc_ed25519ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, + &key, contextPh2, sizeof(contextPh2)); + if (ret == 0 && verify != 1) + ret = WC_TEST_RET_ENC_NC; +#endif + + if (ret == 0) + ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, + NULL, 0); + + if (ret == 0 && XMEMCMP(out, sigPh1, 64) != 0) + ret = WC_TEST_RET_ENC_NC; + +#if defined(HAVE_ED25519_VERIFY) + if (ret == 0) + ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), + &verify, &key, NULL, 0); + if (ret == 0 && verify != 1) + ret = WC_TEST_RET_ENC_NC; +#endif + + if (ret == 0) + ret = wc_ed25519ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, + contextPh2, sizeof(contextPh2)); + if (ret == 0 && XMEMCMP(out, sigPh2, 64) != 0) + ret = WC_TEST_RET_ENC_NC; + +#if defined(HAVE_ED25519_VERIFY) + if (ret == 0) + ret = wc_ed25519ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, + &key, contextPh2, sizeof(contextPh2)); + if (ret == 0 && verify != 1) + ret = WC_TEST_RET_ENC_NC; +#endif + + wc_ed25519_free(&key); + + return ret; +} +#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void) +{ + wc_test_ret_t ret; + WC_RNG rng; +#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) &&\ + defined(HAVE_ED25519_KEY_IMPORT) + byte out[ED25519_SIG_SIZE]; + byte exportPKey[ED25519_KEY_SIZE]; + byte exportSKey[ED25519_KEY_SIZE]; + word32 exportPSz; + word32 exportSSz; + int i; + word32 outlen; +#ifdef HAVE_ED25519_VERIFY +#ifdef WOLFSSL_ED25519_STREAMING_VERIFY + int j; +#endif + int verify; +#endif /* HAVE_ED25519_VERIFY */ +#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ + word32 keySz, sigSz; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ed25519_key* key = NULL; + ed25519_key* key2 = NULL; +#else + ed25519_key key[1]; + ed25519_key key2[1]; +#endif + + +#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \ + defined(HAVE_ED25519_KEY_IMPORT) + /* test vectors from + https://tools.ietf.org/html/draft-josefsson-eddsa-ed25519-02 + */ + + WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = { + 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, + 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, + 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, + 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = { + 0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda, + 0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f, + 0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24, + 0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = { + 0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b, + 0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1, + 0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b, + 0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7 + }; + + /* uncompressed test */ + WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = { + 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, + 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, + 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, + 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 + }; + + /* compressed prefix test */ + WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = { + 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, + 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, + 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, + 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = { + 0xf5,0xe5,0x76,0x7c,0xf1,0x53,0x31,0x95, + 0x17,0x63,0x0f,0x22,0x68,0x76,0xb8,0x6c, + 0x81,0x60,0xcc,0x58,0x3b,0xc0,0x13,0x74, + 0x4c,0x6b,0xf2,0x55,0xf5,0xcc,0x0e,0xe5 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6}; + + WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = { + 0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7, + 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a, + 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25, + 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a + }; + + WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = { + 0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a, + 0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc, + 0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c, + 0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c + }; + + WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = { + 0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3, + 0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58, + 0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac, + 0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25 + }; + + /* uncompressed test */ + WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = { + 0x04,0x55,0xd0,0xe0,0x9a,0x2b,0x9d,0x34, + 0x29,0x22,0x97,0xe0,0x8d,0x60,0xd0,0xf6, + 0x20,0xc5,0x13,0xd4,0x72,0x53,0x18,0x7c, + 0x24,0xb1,0x27,0x86,0xbd,0x77,0x76,0x45, + 0xce,0x1a,0x51,0x07,0xf7,0x68,0x1a,0x02, + 0xaf,0x25,0x23,0xa6,0xda,0xf3,0x72,0xe1, + 0x0e,0x3a,0x07,0x64,0xc9,0xd3,0xfe,0x4b, + 0xd5,0xb7,0x0a,0xb1,0x82,0x01,0x98,0x5a, + 0xd7 + }; + + /* compressed prefix */ + WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = { + 0x40,0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7, + 0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a, + 0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25, + 0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a + }; + + WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = { + 0x27,0x81,0x17,0xfc,0x14,0x4c,0x72,0x34, + 0x0f,0x67,0xd0,0xf2,0x31,0x6e,0x83,0x86, + 0xce,0xff,0xbf,0x2b,0x24,0x28,0xc9,0xc5, + 0x1f,0xef,0x7c,0x59,0x7f,0x1d,0x42,0x6e + }; + + WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6}; + WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3), + sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)}; + + WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = { + 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72, + 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a, + 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74, + 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55, + 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac, + 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b, + 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24, + 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = { + 0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8, + 0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40, + 0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f, + 0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda, + 0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e, + 0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c, + 0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee, + 0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = { + 0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02, + 0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3, + 0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44, + 0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac, + 0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90, + 0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59, + 0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d, + 0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a + }; + + /* uncompressed test */ + WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = { + 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72, + 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a, + 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74, + 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55, + 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac, + 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b, + 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24, + 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b + }; + + /* compressed prefix */ + WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = { + 0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72, + 0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a, + 0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74, + 0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55, + 0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac, + 0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b, + 0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24, + 0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = { + 0x0a,0xab,0x4c,0x90,0x05,0x01,0xb3,0xe2, + 0x4d,0x7c,0xdf,0x46,0x63,0x32,0x6a,0x3a, + 0x87,0xdf,0x5e,0x48,0x43,0xb2,0xcb,0xdb, + 0x67,0xcb,0xf6,0xe4,0x60,0xfe,0xc3,0x50, + 0xaa,0x53,0x71,0xb1,0x50,0x8f,0x9f,0x45, + 0x28,0xec,0xea,0x23,0xc4,0x36,0xd9,0x4b, + 0x5e,0x8f,0xcd,0x4f,0x68,0x1e,0x30,0xa6, + 0xac,0x00,0xa9,0x70,0x4a,0x18,0x8a,0x03 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6}; + + WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = {0x0 }; + WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = {0x72}; + WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = {0xAF,0x82}; + + /* test of a 1024 byte long message */ + WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = { + 0x08,0xb8,0xb2,0xb7,0x33,0x42,0x42,0x43, + 0x76,0x0f,0xe4,0x26,0xa4,0xb5,0x49,0x08, + 0x63,0x21,0x10,0xa6,0x6c,0x2f,0x65,0x91, + 0xea,0xbd,0x33,0x45,0xe3,0xe4,0xeb,0x98, + 0xfa,0x6e,0x26,0x4b,0xf0,0x9e,0xfe,0x12, + 0xee,0x50,0xf8,0xf5,0x4e,0x9f,0x77,0xb1, + 0xe3,0x55,0xf6,0xc5,0x05,0x44,0xe2,0x3f, + 0xb1,0x43,0x3d,0xdf,0x73,0xbe,0x84,0xd8, + 0x79,0xde,0x7c,0x00,0x46,0xdc,0x49,0x96, + 0xd9,0xe7,0x73,0xf4,0xbc,0x9e,0xfe,0x57, + 0x38,0x82,0x9a,0xdb,0x26,0xc8,0x1b,0x37, + 0xc9,0x3a,0x1b,0x27,0x0b,0x20,0x32,0x9d, + 0x65,0x86,0x75,0xfc,0x6e,0xa5,0x34,0xe0, + 0x81,0x0a,0x44,0x32,0x82,0x6b,0xf5,0x8c, + 0x94,0x1e,0xfb,0x65,0xd5,0x7a,0x33,0x8b, + 0xbd,0x2e,0x26,0x64,0x0f,0x89,0xff,0xbc, + 0x1a,0x85,0x8e,0xfc,0xb8,0x55,0x0e,0xe3, + 0xa5,0xe1,0x99,0x8b,0xd1,0x77,0xe9,0x3a, + 0x73,0x63,0xc3,0x44,0xfe,0x6b,0x19,0x9e, + 0xe5,0xd0,0x2e,0x82,0xd5,0x22,0xc4,0xfe, + 0xba,0x15,0x45,0x2f,0x80,0x28,0x8a,0x82, + 0x1a,0x57,0x91,0x16,0xec,0x6d,0xad,0x2b, + 0x3b,0x31,0x0d,0xa9,0x03,0x40,0x1a,0xa6, + 0x21,0x00,0xab,0x5d,0x1a,0x36,0x55,0x3e, + 0x06,0x20,0x3b,0x33,0x89,0x0c,0xc9,0xb8, + 0x32,0xf7,0x9e,0xf8,0x05,0x60,0xcc,0xb9, + 0xa3,0x9c,0xe7,0x67,0x96,0x7e,0xd6,0x28, + 0xc6,0xad,0x57,0x3c,0xb1,0x16,0xdb,0xef, + 0xef,0xd7,0x54,0x99,0xda,0x96,0xbd,0x68, + 0xa8,0xa9,0x7b,0x92,0x8a,0x8b,0xbc,0x10, + 0x3b,0x66,0x21,0xfc,0xde,0x2b,0xec,0xa1, + 0x23,0x1d,0x20,0x6b,0xe6,0xcd,0x9e,0xc7, + 0xaf,0xf6,0xf6,0xc9,0x4f,0xcd,0x72,0x04, + 0xed,0x34,0x55,0xc6,0x8c,0x83,0xf4,0xa4, + 0x1d,0xa4,0xaf,0x2b,0x74,0xef,0x5c,0x53, + 0xf1,0xd8,0xac,0x70,0xbd,0xcb,0x7e,0xd1, + 0x85,0xce,0x81,0xbd,0x84,0x35,0x9d,0x44, + 0x25,0x4d,0x95,0x62,0x9e,0x98,0x55,0xa9, + 0x4a,0x7c,0x19,0x58,0xd1,0xf8,0xad,0xa5, + 0xd0,0x53,0x2e,0xd8,0xa5,0xaa,0x3f,0xb2, + 0xd1,0x7b,0xa7,0x0e,0xb6,0x24,0x8e,0x59, + 0x4e,0x1a,0x22,0x97,0xac,0xbb,0xb3,0x9d, + 0x50,0x2f,0x1a,0x8c,0x6e,0xb6,0xf1,0xce, + 0x22,0xb3,0xde,0x1a,0x1f,0x40,0xcc,0x24, + 0x55,0x41,0x19,0xa8,0x31,0xa9,0xaa,0xd6, + 0x07,0x9c,0xad,0x88,0x42,0x5d,0xe6,0xbd, + 0xe1,0xa9,0x18,0x7e,0xbb,0x60,0x92,0xcf, + 0x67,0xbf,0x2b,0x13,0xfd,0x65,0xf2,0x70, + 0x88,0xd7,0x8b,0x7e,0x88,0x3c,0x87,0x59, + 0xd2,0xc4,0xf5,0xc6,0x5a,0xdb,0x75,0x53, + 0x87,0x8a,0xd5,0x75,0xf9,0xfa,0xd8,0x78, + 0xe8,0x0a,0x0c,0x9b,0xa6,0x3b,0xcb,0xcc, + 0x27,0x32,0xe6,0x94,0x85,0xbb,0xc9,0xc9, + 0x0b,0xfb,0xd6,0x24,0x81,0xd9,0x08,0x9b, + 0xec,0xcf,0x80,0xcf,0xe2,0xdf,0x16,0xa2, + 0xcf,0x65,0xbd,0x92,0xdd,0x59,0x7b,0x07, + 0x07,0xe0,0x91,0x7a,0xf4,0x8b,0xbb,0x75, + 0xfe,0xd4,0x13,0xd2,0x38,0xf5,0x55,0x5a, + 0x7a,0x56,0x9d,0x80,0xc3,0x41,0x4a,0x8d, + 0x08,0x59,0xdc,0x65,0xa4,0x61,0x28,0xba, + 0xb2,0x7a,0xf8,0x7a,0x71,0x31,0x4f,0x31, + 0x8c,0x78,0x2b,0x23,0xeb,0xfe,0x80,0x8b, + 0x82,0xb0,0xce,0x26,0x40,0x1d,0x2e,0x22, + 0xf0,0x4d,0x83,0xd1,0x25,0x5d,0xc5,0x1a, + 0xdd,0xd3,0xb7,0x5a,0x2b,0x1a,0xe0,0x78, + 0x45,0x04,0xdf,0x54,0x3a,0xf8,0x96,0x9b, + 0xe3,0xea,0x70,0x82,0xff,0x7f,0xc9,0x88, + 0x8c,0x14,0x4d,0xa2,0xaf,0x58,0x42,0x9e, + 0xc9,0x60,0x31,0xdb,0xca,0xd3,0xda,0xd9, + 0xaf,0x0d,0xcb,0xaa,0xaf,0x26,0x8c,0xb8, + 0xfc,0xff,0xea,0xd9,0x4f,0x3c,0x7c,0xa4, + 0x95,0xe0,0x56,0xa9,0xb4,0x7a,0xcd,0xb7, + 0x51,0xfb,0x73,0xe6,0x66,0xc6,0xc6,0x55, + 0xad,0xe8,0x29,0x72,0x97,0xd0,0x7a,0xd1, + 0xba,0x5e,0x43,0xf1,0xbc,0xa3,0x23,0x01, + 0x65,0x13,0x39,0xe2,0x29,0x04,0xcc,0x8c, + 0x42,0xf5,0x8c,0x30,0xc0,0x4a,0xaf,0xdb, + 0x03,0x8d,0xda,0x08,0x47,0xdd,0x98,0x8d, + 0xcd,0xa6,0xf3,0xbf,0xd1,0x5c,0x4b,0x4c, + 0x45,0x25,0x00,0x4a,0xa0,0x6e,0xef,0xf8, + 0xca,0x61,0x78,0x3a,0xac,0xec,0x57,0xfb, + 0x3d,0x1f,0x92,0xb0,0xfe,0x2f,0xd1,0xa8, + 0x5f,0x67,0x24,0x51,0x7b,0x65,0xe6,0x14, + 0xad,0x68,0x08,0xd6,0xf6,0xee,0x34,0xdf, + 0xf7,0x31,0x0f,0xdc,0x82,0xae,0xbf,0xd9, + 0x04,0xb0,0x1e,0x1d,0xc5,0x4b,0x29,0x27, + 0x09,0x4b,0x2d,0xb6,0x8d,0x6f,0x90,0x3b, + 0x68,0x40,0x1a,0xde,0xbf,0x5a,0x7e,0x08, + 0xd7,0x8f,0xf4,0xef,0x5d,0x63,0x65,0x3a, + 0x65,0x04,0x0c,0xf9,0xbf,0xd4,0xac,0xa7, + 0x98,0x4a,0x74,0xd3,0x71,0x45,0x98,0x67, + 0x80,0xfc,0x0b,0x16,0xac,0x45,0x16,0x49, + 0xde,0x61,0x88,0xa7,0xdb,0xdf,0x19,0x1f, + 0x64,0xb5,0xfc,0x5e,0x2a,0xb4,0x7b,0x57, + 0xf7,0xf7,0x27,0x6c,0xd4,0x19,0xc1,0x7a, + 0x3c,0xa8,0xe1,0xb9,0x39,0xae,0x49,0xe4, + 0x88,0xac,0xba,0x6b,0x96,0x56,0x10,0xb5, + 0x48,0x01,0x09,0xc8,0xb1,0x7b,0x80,0xe1, + 0xb7,0xb7,0x50,0xdf,0xc7,0x59,0x8d,0x5d, + 0x50,0x11,0xfd,0x2d,0xcc,0x56,0x00,0xa3, + 0x2e,0xf5,0xb5,0x2a,0x1e,0xcc,0x82,0x0e, + 0x30,0x8a,0xa3,0x42,0x72,0x1a,0xac,0x09, + 0x43,0xbf,0x66,0x86,0xb6,0x4b,0x25,0x79, + 0x37,0x65,0x04,0xcc,0xc4,0x93,0xd9,0x7e, + 0x6a,0xed,0x3f,0xb0,0xf9,0xcd,0x71,0xa4, + 0x3d,0xd4,0x97,0xf0,0x1f,0x17,0xc0,0xe2, + 0xcb,0x37,0x97,0xaa,0x2a,0x2f,0x25,0x66, + 0x56,0x16,0x8e,0x6c,0x49,0x6a,0xfc,0x5f, + 0xb9,0x32,0x46,0xf6,0xb1,0x11,0x63,0x98, + 0xa3,0x46,0xf1,0xa6,0x41,0xf3,0xb0,0x41, + 0xe9,0x89,0xf7,0x91,0x4f,0x90,0xcc,0x2c, + 0x7f,0xff,0x35,0x78,0x76,0xe5,0x06,0xb5, + 0x0d,0x33,0x4b,0xa7,0x7c,0x22,0x5b,0xc3, + 0x07,0xba,0x53,0x71,0x52,0xf3,0xf1,0x61, + 0x0e,0x4e,0xaf,0xe5,0x95,0xf6,0xd9,0xd9, + 0x0d,0x11,0xfa,0xa9,0x33,0xa1,0x5e,0xf1, + 0x36,0x95,0x46,0x86,0x8a,0x7f,0x3a,0x45, + 0xa9,0x67,0x68,0xd4,0x0f,0xd9,0xd0,0x34, + 0x12,0xc0,0x91,0xc6,0x31,0x5c,0xf4,0xfd, + 0xe7,0xcb,0x68,0x60,0x69,0x37,0x38,0x0d, + 0xb2,0xea,0xaa,0x70,0x7b,0x4c,0x41,0x85, + 0xc3,0x2e,0xdd,0xcd,0xd3,0x06,0x70,0x5e, + 0x4d,0xc1,0xff,0xc8,0x72,0xee,0xee,0x47, + 0x5a,0x64,0xdf,0xac,0x86,0xab,0xa4,0x1c, + 0x06,0x18,0x98,0x3f,0x87,0x41,0xc5,0xef, + 0x68,0xd3,0xa1,0x01,0xe8,0xa3,0xb8,0xca, + 0xc6,0x0c,0x90,0x5c,0x15,0xfc,0x91,0x08, + 0x40,0xb9,0x4c,0x00,0xa0,0xb9,0xd0 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4}; + WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/, + sizeof(msg2), + sizeof(msg3), + 0 /*sizeof(msg1)*/, + 0 /*sizeof(msg1)*/, + sizeof(msg4) + }; +#ifndef NO_ASN + static const byte privateEd25519[] = { + 0x30,0x2e,0x02,0x01,0x00,0x30,0x05,0x06, + 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20, + 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, + 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, + 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, + 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60 + }; + static const byte badPrivateEd25519[] = { + 0x30,0x52,0x02,0x01,0x00,0x30,0x05,0x06, + 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20, + 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, + 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, + 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, + 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60, + 0xa1,0x22,0x04,0x21,0xd7,0x5a,0x98,0x01, /* octet len 0x20 -> 0x21 */ + 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3, + 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3, + 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68, + 0xf7,0x07,0x51,0x1a, + 0x00 /* add additional bytes to make the pubkey bigger */ + }; + static const byte publicEd25519[] = { + 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65, + 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01, + 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3, + 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3, + 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68, + 0xf7,0x07,0x51,0x1a + }; + + /* size has been altered to catch if sanity check is done */ + static const byte badPublicEd25519[] = { + 0x30,0x2a,0x30,0x05,0x06,0x03,0x2b,0x65, + 0x70,0x03,0x21,0x00,0xd7,0x5a,0x98,0x01, + 0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3, + 0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3, + 0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68, + 0xf7,0x07,0x51,0x1a, + 0x00 /* add an additional byte to make the pubkey appear bigger */ + }; + static const byte privPubEd25519[] = { + 0x30,0x50,0x02,0x01,0x00,0x30,0x05,0x06, + 0x03,0x2b,0x65,0x70,0x04,0x22,0x04,0x20, + 0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60, + 0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4, + 0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19, + 0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60, + 0x81,0x20,0xd7,0x5a,0x98,0x01,0x82,0xb1, + 0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,0xc9,0x64, + 0x07,0x3a,0x0e,0xe1,0x72,0xf3,0xda,0xa6, + 0x23,0x25,0xaf,0x02,0x1a,0x68,0xf7,0x07, + 0x51,0x1a + }; + + word32 idx; +#endif /* NO_ASN */ +#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ +#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN) + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ed25519_key* key3 = NULL; + #else + ed25519_key key3[1]; + #endif +#endif + + WOLFSSL_ENTER("ed25519_test"); + + /* create ed25519 keys */ +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + key = wc_ed25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + key2 = wc_ed25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN) + key3 = wc_ed25519_new(HEAP_HINT, devId, &ret); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + #endif +#else + ret = wc_ed25519_init_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + ret = wc_ed25519_init_ex(key2, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + #if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN) + ret = wc_ed25519_init_ex(key3, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + #endif +#endif + +#ifdef HAVE_ED25519_MAKE_KEY + ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + ret = wc_ed25519_make_key(&rng, ED25519_KEY_SIZE, key2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); +#endif + + /* helper functions for signature and key size */ + keySz = (word32)wc_ed25519_size(key); + sigSz = (word32)wc_ed25519_sig_size(key); + +#if defined(HAVE_ED25519_SIGN) && defined(HAVE_ED25519_KEY_EXPORT) && \ + defined(HAVE_ED25519_KEY_IMPORT) + for (i = 0; i < 6; i++) { + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + + if (wc_ed25519_import_private_key(sKeys[i], ED25519_KEY_SIZE, pKeys[i], + pKeySz[i], key) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); + + if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); + + if (XMEMCMP(out, sigs[i], 64)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, + key) != 0 || verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); + +#ifdef WOLFSSL_ED25519_STREAMING_VERIFY + /* test verify on good msg using streaming interface directly */ + if (wc_ed25519_verify_msg_init(out, outlen, + key, (byte)Ed25519, NULL, 0) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); + for (j = 0; j < msgSz[i]; j += i) { + if (wc_ed25519_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), key) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); + } + if (wc_ed25519_verify_msg_final(out, outlen, &verify, + key) != 0 || verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); +#endif /* WOLFSSL_ED25519_STREAMING_VERIFY */ + + /* test verify on bad msg */ + out[outlen-1] = out[outlen-1] + 1; + if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, + key) == 0 || verify == 1) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); +#endif /* HAVE_ED25519_VERIFY */ + + /* test api for import/exporting keys */ + exportPSz = sizeof(exportPKey); + exportSSz = sizeof(exportSKey); + if (wc_ed25519_export_public(key, exportPKey, &exportPSz) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); + + if (wc_ed25519_import_public_ex(exportPKey, exportPSz, key2, 1) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); + + if (wc_ed25519_export_private_only(key, exportSKey, &exportSSz) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); + + if (wc_ed25519_import_private_key(exportSKey, exportSSz, + exportPKey, exportPSz, key2) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); + + /* clear "out" buffer and test sign with imported keys */ + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + if (wc_ed25519_sign_msg(msgs[i], msgSz[i], out, &outlen, key2) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); + +#if defined(HAVE_ED25519_VERIFY) + if (wc_ed25519_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, + key2) != 0 || verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); + + if (XMEMCMP(out, sigs[i], 64)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), cleanup); +#endif /* HAVE_ED25519_VERIFY */ + } + +#ifdef HAVE_ED25519_VERIFY + { + /* Run tests for some rare code paths */ + /* sig is exactly equal to the order */ + static const byte rareEd1[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, + 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 + }; + /* sig is larger than the order before we get to the low part */ + static const byte rareEd2[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, + 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x10 + }; + /* sig is larger than the order in the low part */ + static const byte rareEd3[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, + 0xd6, 0x9c, 0xf9, 0xa2, 0xde, 0xf9, 0xde, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 + }; + /* sig is smaller than the order */ + static const byte rareEd4[] = { + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, + 0xd6, 0x9c, 0xf1, 0xa2, 0xde, 0xf9, 0xde, 0x14, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10 + }; + + ret = wc_ed25519_import_private_key(sKeys[0], ED25519_KEY_SIZE, + pKeys[0], pKeySz[0], key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + ret = wc_ed25519_verify_msg(rareEd1, sizeof(rareEd1), msgs[0], msgSz[0], + &verify, key); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + ret = wc_ed25519_verify_msg(rareEd2, sizeof(rareEd2), msgs[0], msgSz[0], + &verify, key); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + ret = wc_ed25519_verify_msg(rareEd3, sizeof(rareEd3), msgs[0], msgSz[0], + &verify, key); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + ret = wc_ed25519_verify_msg(rareEd4, sizeof(rareEd4), msgs[0], msgSz[0], + &verify, key); + if (ret != WC_NO_ERR_TRACE(SIG_VERIFY_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + } +#endif /* HAVE_ED25519_VERIFY */ + + ret = ed25519ctx_test(); + if (ret != 0) + goto cleanup; + + ret = ed25519ph_test(); + if (ret != 0) + goto cleanup; + +#ifndef NO_ASN + /* Try ASN.1 encoded private-only key and public key. */ + idx = 0; + ret = wc_Ed25519PrivateKeyDecode(privateEd25519, &idx, key3, + sizeof(privateEd25519)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + idx = 0; + if (wc_Ed25519PrivateKeyDecode(badPrivateEd25519, &idx, key3, + sizeof(badPrivateEd25519)) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); + + ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + /* try with a buffer size that is too large */ + idx = 0; + if (wc_Ed25519PublicKeyDecode(badPublicEd25519, &idx, key3, + sizeof(badPublicEd25519)) == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); + + idx = 0; + ret = wc_Ed25519PublicKeyDecode(publicEd25519, &idx, key3, + sizeof(publicEd25519)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + if (XMEMCMP(out, sigs[0], 64)) + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); + +#if defined(HAVE_ED25519_VERIFY) + /* test verify on good msg */ + ret = wc_ed25519_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, key3); + if (ret != 0 || verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + +#endif /* HAVE_ED25519_VERIFY */ + + wc_ed25519_free(key3); + wc_ed25519_init_ex(key3, HEAP_HINT, devId); + + idx = 0; + ret = wc_Ed25519PrivateKeyDecode(privPubEd25519, &idx, key3, + sizeof(privPubEd25519)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + ret = wc_ed25519_sign_msg(msgs[0], msgSz[0], out, &outlen, key3); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), cleanup); + + if (XMEMCMP(out, sigs[0], 64)) + ERROR_OUT(WC_TEST_RET_ENC_NC, cleanup); +#endif /* NO_ASN */ +#endif /* HAVE_ED25519_SIGN && HAVE_ED25519_KEY_EXPORT && HAVE_ED25519_KEY_IMPORT */ + +#if defined(HAVE_ED25519_KEY_IMPORT) + ret = ed25519_test_check_key(); + if (ret < 0) + goto cleanup; +#endif +#ifdef WOLFSSL_TEST_CERT + ret = ed25519_test_cert(); + if (ret < 0) + goto cleanup; +#if defined(WOLFSSL_CERT_GEN) && defined(HAVE_ED25519_MAKE_KEY) + ret = ed25519_test_make_cert(); + if (ret < 0) + goto cleanup; +#endif /* WOLFSSL_CERT_GEN */ +#endif /* WOLFSSL_TEST_CERT */ + +cleanup: + + /* clean up keys when done */ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + wc_ed25519_delete(key, &key); + wc_ed25519_delete(key2, &key2); +#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN) + wc_ed25519_delete(key3, &key3); +#endif +#else + wc_ed25519_free(key); + wc_ed25519_free(key2); +#if !defined(NO_ASN) && defined(HAVE_ED25519_SIGN) + wc_ed25519_free(key3); +#endif +#endif + +#if defined(HAVE_HASHDRBG) || defined(NO_RC4) + wc_FreeRng(&rng); +#endif + + /* hush warnings of unused keySz and sigSz */ + (void)keySz; + (void)sigSz; + + return ret; +} +#endif /* HAVE_ED25519 */ + +#ifdef HAVE_CURVE448 +#if defined(HAVE_CURVE448_SHARED_SECRET) && \ + defined(HAVE_CURVE448_KEY_IMPORT) +/* Test the wc_curve448_check_public API. + * + * returns 0 on success and -ve on failure. + */ +static wc_test_ret_t curve448_check_public_test(void) +{ + /* Little-endian values that will fail */ + byte fail_le[][CURVE448_KEY_SIZE] = { + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }, + { + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }, + }; + /* Big-endian values that will fail */ + byte fail_be[][CURVE448_KEY_SIZE] = { + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00 + }, + { + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }, + }; + /* Good or valid public value */ + byte good[CURVE448_KEY_SIZE] = { + 0x01,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01 + }; + int i; + wc_test_ret_t ret; + + /* Parameter checks */ + /* NULL pointer */ + ret = wc_curve448_check_public(NULL, 0, EC448_LITTLE_ENDIAN); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_curve448_check_public(NULL, 0, EC448_BIG_ENDIAN); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + /* Length of 0 treated differently to other invalid lengths for TLS */ + ret = wc_curve448_check_public(good, 0, EC448_LITTLE_ENDIAN); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_curve448_check_public(good, 0, EC448_BIG_ENDIAN); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + + /* Length not CURVE448_KEY_SIZE */ + for (i = 1; i < CURVE448_KEY_SIZE + 2; i++) { + if (i == CURVE448_KEY_SIZE) + continue; + if (wc_curve448_check_public(good, (word32)i, EC448_LITTLE_ENDIAN) != + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) { + return WC_TEST_RET_ENC_I(i); + } + if (wc_curve448_check_public(good, (word32)i, EC448_BIG_ENDIAN) != + WC_NO_ERR_TRACE(ECC_BAD_ARG_E)) { + return WC_TEST_RET_ENC_I(i); + } + } + + /* Little-endian fail cases */ + for (i = 0; i < (int)(sizeof(fail_le) / sizeof(*fail_le)); i++) { + if (wc_curve448_check_public(fail_le[i], CURVE448_KEY_SIZE, + EC448_LITTLE_ENDIAN) == 0) { + return WC_TEST_RET_ENC_I(i); + } + } + /* Big-endian fail cases */ + for (i = 0; i < (int)(sizeof(fail_be) / sizeof(*fail_be)); i++) { + if (wc_curve448_check_public(fail_be[i], CURVE448_KEY_SIZE, + EC448_BIG_ENDIAN) == 0) { + return WC_TEST_RET_ENC_I(i); + } + } + + /* Check a valid public value works! */ + ret = wc_curve448_check_public(good, CURVE448_KEY_SIZE, + EC448_LITTLE_ENDIAN); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_curve448_check_public(good, CURVE448_KEY_SIZE, EC448_BIG_ENDIAN); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + return 0; +} + +#endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void) +{ + WC_RNG rng; + wc_test_ret_t ret; +#ifdef HAVE_CURVE448_SHARED_SECRET + byte sharedA[CURVE448_KEY_SIZE]; + byte sharedB[CURVE448_KEY_SIZE]; + word32 y; +#endif +#ifdef HAVE_CURVE448_KEY_EXPORT + byte exportBuf[CURVE448_KEY_SIZE]; +#endif + word32 x = 0; + curve448_key userA, userB, pubKey; + +#if defined(HAVE_CURVE448_SHARED_SECRET) && \ + defined(HAVE_CURVE448_KEY_IMPORT) + /* test vectors from + https://www.rfc-editor.org/rfc/rfc7748.html + */ + + /* secret key for party a */ + byte sa[] = { + 0x6b, 0x72, 0x98, 0xa5, 0xc0, 0xd8, 0xc2, 0x9a, + 0x1d, 0xab, 0x27, 0xf1, 0xa6, 0x82, 0x63, 0x00, + 0x91, 0x73, 0x89, 0x44, 0x97, 0x41, 0xa9, 0x74, + 0xf5, 0xba, 0xc9, 0xd9, 0x8d, 0xc2, 0x98, 0xd4, + 0x65, 0x55, 0xbc, 0xe8, 0xba, 0xe8, 0x9e, 0xee, + 0xd4, 0x00, 0x58, 0x4b, 0xb0, 0x46, 0xcf, 0x75, + 0x57, 0x9f, 0x51, 0xd1, 0x25, 0x49, 0x8f, 0x9a, + }; + + /* public key for party a */ + byte pa[] = { + 0xa0, 0x1f, 0xc4, 0x32, 0xe5, 0x80, 0x7f, 0x17, + 0x53, 0x0d, 0x12, 0x88, 0xda, 0x12, 0x5b, 0x0c, + 0xd4, 0x53, 0xd9, 0x41, 0x72, 0x64, 0x36, 0xc8, + 0xbb, 0xd9, 0xc5, 0x22, 0x2c, 0x3d, 0xa7, 0xfa, + 0x63, 0x9c, 0xe0, 0x3d, 0xb8, 0xd2, 0x3b, 0x27, + 0x4a, 0x07, 0x21, 0xa1, 0xae, 0xd5, 0x22, 0x7d, + 0xe6, 0xe3, 0xb7, 0x31, 0xcc, 0xf7, 0x08, 0x9b, + }; + + /* secret key for party b */ + byte sb[] = { + 0x2d, 0x99, 0x73, 0x51, 0xb6, 0x10, 0x6f, 0x36, + 0xb0, 0xd1, 0x09, 0x1b, 0x92, 0x9c, 0x4c, 0x37, + 0x21, 0x3e, 0x0d, 0x2b, 0x97, 0xe8, 0x5e, 0xbb, + 0x20, 0xc1, 0x27, 0x69, 0x1d, 0x0d, 0xad, 0x8f, + 0x1d, 0x81, 0x75, 0xb0, 0x72, 0x37, 0x45, 0xe6, + 0x39, 0xa3, 0xcb, 0x70, 0x44, 0x29, 0x0b, 0x99, + 0xe0, 0xe2, 0xa0, 0xc2, 0x7a, 0x6a, 0x30, 0x1c, + }; + + /* public key for party b */ + byte pb[] = { + 0x09, 0x36, 0xf3, 0x7b, 0xc6, 0xc1, 0xbd, 0x07, + 0xae, 0x3d, 0xec, 0x7a, 0xb5, 0xdc, 0x06, 0xa7, + 0x3c, 0xa1, 0x32, 0x42, 0xfb, 0x34, 0x3e, 0xfc, + 0x72, 0xb9, 0xd8, 0x27, 0x30, 0xb4, 0x45, 0xf3, + 0xd4, 0xb0, 0xbd, 0x07, 0x71, 0x62, 0xa4, 0x6d, + 0xcf, 0xec, 0x6f, 0x9b, 0x59, 0x0b, 0xfc, 0xbc, + 0xf5, 0x20, 0xcd, 0xb0, 0x29, 0xa8, 0xb7, 0x3e, + }; + + /* expected shared key */ + byte ss[] = { + 0x9d, 0x87, 0x4a, 0x51, 0x37, 0x50, 0x9a, 0x44, + 0x9a, 0xd5, 0x85, 0x30, 0x40, 0x24, 0x1c, 0x52, + 0x36, 0x39, 0x54, 0x35, 0xc3, 0x64, 0x24, 0xfd, + 0x56, 0x0b, 0x0c, 0xb6, 0x2b, 0x28, 0x1d, 0x28, + 0x52, 0x75, 0xa7, 0x40, 0xce, 0x32, 0xa2, 0x2d, + 0xd1, 0x74, 0x0f, 0x4a, 0xa9, 0x16, 0x1c, 0xec, + 0x95, 0xcc, 0xc6, 0x1a, 0x18, 0xf4, 0xff, 0x07, + }; +#endif /* HAVE_CURVE448_SHARED_SECRET */ + + (void)x; + WOLFSSL_ENTER("curve448_test"); + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + wc_curve448_init(&userA); + wc_curve448_init(&userB); + wc_curve448_init(&pubKey); + + /* make curve448 keys */ + ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userA); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_curve448_make_key(&rng, CURVE448_KEY_SIZE, &userB); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + +#ifdef HAVE_CURVE448_SHARED_SECRET + /* find shared secret key */ + x = sizeof(sharedA); + ret = wc_curve448_shared_secret(&userA, &userB, sharedA, &x); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + y = sizeof(sharedB); + ret = wc_curve448_shared_secret(&userB, &userA, sharedB, &y); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* compare shared secret keys to test they are the same */ + if (y != x) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(sharedA, sharedB, x)) + return WC_TEST_RET_ENC_NC; +#endif + +#ifdef HAVE_CURVE448_KEY_EXPORT + /* export a public key and import it for another user */ + x = sizeof(exportBuf); + ret = wc_curve448_export_public(&userA, exportBuf, &x); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + +#ifdef HAVE_CURVE448_KEY_IMPORT + ret = wc_curve448_import_public(exportBuf, x, &pubKey); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); +#endif +#endif + +#if defined(HAVE_CURVE448_SHARED_SECRET) && \ + defined(HAVE_CURVE448_KEY_IMPORT) + /* test shared key after importing a public key */ + XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); + ret = wc_curve448_shared_secret(&userB, &pubKey, sharedB, &y); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(sharedA, sharedB, y)) + return WC_TEST_RET_ENC_NC; + + /* import RFC test vectors and compare shared key */ + ret = wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_curve448_import_private_raw(sb, sizeof(sb), pb, sizeof(pb), &userB); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* test against known test vector */ + XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); + ret = wc_curve448_shared_secret(&userA, &userB, sharedB, &y); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(ss, sharedB, y)) + return WC_TEST_RET_ENC_NC; + + /* test swapping roles of keys and generating same shared key */ + XMEMSET(sharedB, 0, sizeof(sharedB)); + y = sizeof(sharedB); + ret = wc_curve448_shared_secret(&userB, &userA, sharedB, &y); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(ss, sharedB, y)) + return WC_TEST_RET_ENC_NC; + + /* test with 1 generated key and 1 from known test vector */ + ret = wc_curve448_import_private_raw(sa, sizeof(sa), pa, sizeof(pa), &userA); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_curve448_make_key(&rng, 56, &userB); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + x = sizeof(sharedA); + ret = wc_curve448_shared_secret(&userA, &userB, sharedA, &x); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + y = sizeof(sharedB); + ret = wc_curve448_shared_secret(&userB, &userA, sharedB, &y); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* compare shared secret keys to test they are the same */ + if (y != x) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(sharedA, sharedB, x)) + return WC_TEST_RET_ENC_NC; + + ret = curve448_check_public_test(); + if (ret != 0) + return ret; +#endif /* HAVE_CURVE448_SHARED_SECRET && HAVE_CURVE448_KEY_IMPORT */ + + /* clean up keys when done */ + wc_curve448_free(&pubKey); + wc_curve448_free(&userB); + wc_curve448_free(&userA); + + wc_FreeRng(&rng); + + return 0; +} +#endif /* HAVE_CURVE448 */ + +#ifdef HAVE_ED448 +#ifdef WOLFSSL_TEST_CERT +static wc_test_ret_t ed448_test_cert(void) +{ + DecodedCert cert[2]; + DecodedCert* serverCert = NULL; + DecodedCert* caCert = NULL; +#ifdef HAVE_ED448_VERIFY + ed448_key key; + ed448_key* pubKey = NULL; + int verify; +#endif /* HAVE_ED448_VERIFY */ + wc_test_ret_t ret; + byte* tmp; + size_t bytes; + XFILE file; + + tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } + +#ifdef USE_CERT_BUFFERS_256 + XMEMCPY(tmp, ca_ed448_cert, sizeof_ca_ed448_cert); + bytes = sizeof_ca_ed448_cert; +#elif !defined(NO_FILESYSTEM) + file = XFOPEN(caEd448Cert, "rb"); + if (file == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); +#else + /* No certificate to use. */ + ERROR_OUT(WC_TEST_RET_ENC_NC, done); +#endif + + InitDecodedCert(&cert[0], tmp, (word32)bytes, 0); + caCert = &cert[0]; + ret = ParseCert(caCert, CERT_TYPE, NO_VERIFY, NULL); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifdef USE_CERT_BUFFERS_256 + XMEMCPY(tmp, server_ed448_cert, sizeof_server_ed448_cert); + bytes = sizeof_server_ed448_cert; +#elif !defined(NO_FILESYSTEM) + file = XFOPEN(serverEd448Cert, "rb"); + if (file == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); +#else + /* No certificate to use. */ + ERROR_OUT(WC_TEST_RET_ENC_NC, done); +#endif + + InitDecodedCert(&cert[1], tmp, (word32)bytes, 0); + serverCert = &cert[1]; + ret = ParseCert(serverCert, CERT_TYPE, NO_VERIFY, NULL); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifdef HAVE_ED448_VERIFY + ret = wc_ed448_init(&key); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + pubKey = &key; + ret = wc_ed448_import_public(caCert->publicKey, caCert->pubKeySize, pubKey); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + ret = wc_ed448_verify_msg(serverCert->signature, serverCert->sigLength, + serverCert->source + serverCert->certBegin, + serverCert->sigIndex - serverCert->certBegin, + &verify, pubKey, NULL, 0); + if (ret < 0 || verify != 1) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + } +#endif /* HAVE_ED448_VERIFY */ + +done: + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifdef HAVE_ED448_VERIFY + wc_ed448_free(pubKey); +#endif /* HAVE_ED448_VERIFY */ + if (caCert != NULL) + FreeDecodedCert(caCert); + if (serverCert != NULL) + FreeDecodedCert(serverCert); + + return ret; +} + +static wc_test_ret_t ed448_test_make_cert(void) +{ + WC_RNG rng; + Cert cert; + DecodedCert decode; + ed448_key key; + ed448_key* privKey = NULL; + wc_test_ret_t ret = 0; + byte* tmp = NULL; + + wc_InitCert_ex(&cert, HEAP_HINT, devId); + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + wc_ed448_init(&key); + privKey = &key; + wc_ed448_make_key(&rng, ED448_KEY_SIZE, privKey); + + cert.daysValid = 365 * 2; + cert.selfSigned = 1; + XMEMCPY(&cert.issuer, &certDefaultName, sizeof(CertName)); + XMEMCPY(&cert.subject, &certDefaultName, sizeof(CertName)); + cert.isCA = 0; +#ifdef WOLFSSL_CERT_EXT + ret = wc_SetKeyUsage(&cert, certKeyUsage); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_SetSubjectKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_SetAuthKeyIdFromPublicKey_ex(&cert, ED448_TYPE, privKey); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif + tmp = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } + + cert.sigType = CTC_ED448; + ret = wc_MakeCert_ex(&cert, tmp, FOURK_BUF, ED448_TYPE, privKey, &rng); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_SignCert_ex(cert.bodySz, cert.sigType, tmp, FOURK_BUF, ED448_TYPE, + privKey, &rng); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + + InitDecodedCert(&decode, tmp, (word32)ret, HEAP_HINT); + ret = ParseCert(&decode, CERT_TYPE, NO_VERIFY, 0); + FreeDecodedCert(&decode); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +done: + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_ed448_free(privKey); + wc_FreeRng(&rng); + return ret; +} +#endif /* WOLFSSL_TEST_CERT */ + +#if defined(HAVE_ED448_KEY_IMPORT) +static wc_test_ret_t ed448_test_check_key(void) +{ + /* Fails to find x-ordinate from this y-ordinate. */ + WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y[] = { + 0x40, + 0x02,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00, + 0x00 + }; + /* Y-ordinate value larger than prime. */ + WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_max[] = { + 0x40, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff + }; + /* Y-ordinate value equal to prime. */ + WOLFSSL_SMALL_STACK_STATIC const byte key_bad_y_is_p[] = { + 0x40, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff + }; + /* Y-ordinate value equal to prime - 1. */ + WOLFSSL_SMALL_STACK_STATIC const byte key_y_is_p_minus_1[] = { + 0x40, + 0xfe,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xfe,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff,0xff,0xff,0xff,0xff, + 0xff + }; + ed448_key key; + int ret; + int res = 0; + + /* Initialize key for use. */ + ret = wc_ed448_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) { + return WC_TEST_RET_ENC_NC; + } + + /* Load bad public key only and perform checks. */ + ret = wc_ed448_import_public(key_bad_y, ED448_PUB_KEY_SIZE + 1, &key); + if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) { + res = WC_TEST_RET_ENC_NC; + } + if (ret == 0) { + /* Load bad public key only and perform checks. */ + ret = wc_ed448_import_public(key_bad_y_max, ED448_PUB_KEY_SIZE + 1, + &key); + if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) { + res = WC_TEST_RET_ENC_NC; + } + } + if (res == 0) { + /* Load bad public key only and perform checks. */ + ret = wc_ed448_import_public(key_bad_y_is_p, ED448_PUB_KEY_SIZE + 1, + &key); + if (ret != WC_NO_ERR_TRACE(PUBLIC_KEY_E)) { + res = WC_TEST_RET_ENC_NC; + } + } + if (res == 0) { + /* Load good public key only and perform checks. */ + ret = wc_ed448_import_public(key_y_is_p_minus_1, ED448_PUB_KEY_SIZE + 1, + &key); + if (ret != 0) { + res = WC_TEST_RET_ENC_NC; + } + } + + /* Dispose of key. */ + wc_ed448_free(&key); + + return res; +} +#endif + +#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \ + defined(HAVE_ED448_KEY_IMPORT) +static wc_test_ret_t ed448_ctx_test(void) +{ + wc_test_ret_t ret; + byte out[ED448_SIG_SIZE]; + word32 outlen; +#ifdef HAVE_ED448_VERIFY + int verify; +#endif /* HAVE_ED448_VERIFY */ + ed448_key key; + + WOLFSSL_SMALL_STACK_STATIC const byte sKeyCtx[] = { + 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6, + 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d, + 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d, + 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a, + 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c, + 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e, + 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27, + 0x4e + }; + + WOLFSSL_SMALL_STACK_STATIC const byte pKeyCtx[] = { + 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45, + 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a, + 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37, + 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86, + 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02, + 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c, + 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94, + 0x80 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sigCtx[] = { + 0xd4, 0xf8, 0xf6, 0x13, 0x17, 0x70, 0xdd, 0x46, + 0xf4, 0x08, 0x67, 0xd6, 0xfd, 0x5d, 0x50, 0x55, + 0xde, 0x43, 0x54, 0x1f, 0x8c, 0x5e, 0x35, 0xab, + 0xbc, 0xd0, 0x01, 0xb3, 0x2a, 0x89, 0xf7, 0xd2, + 0x15, 0x1f, 0x76, 0x47, 0xf1, 0x1d, 0x8c, 0xa2, + 0xae, 0x27, 0x9f, 0xb8, 0x42, 0xd6, 0x07, 0x21, + 0x7f, 0xce, 0x6e, 0x04, 0x2f, 0x68, 0x15, 0xea, + 0x00, 0x0c, 0x85, 0x74, 0x1d, 0xe5, 0xc8, 0xda, + 0x11, 0x44, 0xa6, 0xa1, 0xab, 0xa7, 0xf9, 0x6d, + 0xe4, 0x25, 0x05, 0xd7, 0xa7, 0x29, 0x85, 0x24, + 0xfd, 0xa5, 0x38, 0xfc, 0xcb, 0xbb, 0x75, 0x4f, + 0x57, 0x8c, 0x1c, 0xad, 0x10, 0xd5, 0x4d, 0x0d, + 0x54, 0x28, 0x40, 0x7e, 0x85, 0xdc, 0xbc, 0x98, + 0xa4, 0x91, 0x55, 0xc1, 0x37, 0x64, 0xe6, 0x6c, + 0x3c, 0x00 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msgCtx[] = { + 0x03 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte contextCtx[] = { + 0x66,0x6f,0x6f + }; + + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + + ret = wc_ed448_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ed448_import_private_key(sKeyCtx, ED448_KEY_SIZE, pKeyCtx, + sizeof(pKeyCtx), &key); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ed448_sign_msg(msgCtx, sizeof(msgCtx), out, &outlen, &key, + contextCtx, sizeof(contextCtx)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(out, sigCtx, sizeof(sigCtx))) + return WC_TEST_RET_ENC_NC; + +#if defined(HAVE_ED448_VERIFY) + /* test verify on good msg */ + ret = wc_ed448_verify_msg(out, outlen, msgCtx, sizeof(msgCtx), &verify, &key, + contextCtx, sizeof(contextCtx)); + if (ret != 0 || verify != 1) + return WC_TEST_RET_ENC_EC(ret); +#endif + + wc_ed448_free(&key); + + return 0; +} + +static wc_test_ret_t ed448ph_test(void) +{ + wc_test_ret_t ret; + byte out[ED448_SIG_SIZE]; + word32 outlen; +#ifdef HAVE_ED448_VERIFY + int verify; +#endif /* HAVE_ED448_VERIFY */ + ed448_key key; + + WOLFSSL_SMALL_STACK_STATIC const byte sKeyPh[] = { + 0x83, 0x3f, 0xe6, 0x24, 0x09, 0x23, 0x7b, 0x9d, + 0x62, 0xec, 0x77, 0x58, 0x75, 0x20, 0x91, 0x1e, + 0x9a, 0x75, 0x9c, 0xec, 0x1d, 0x19, 0x75, 0x5b, + 0x7d, 0xa9, 0x01, 0xb9, 0x6d, 0xca, 0x3d, 0x42, + 0xef, 0x78, 0x22, 0xe0, 0xd5, 0x10, 0x41, 0x27, + 0xdc, 0x05, 0xd6, 0xdb, 0xef, 0xde, 0x69, 0xe3, + 0xab, 0x2c, 0xec, 0x7c, 0x86, 0x7c, 0x6e, 0x2c, + 0x49 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte pKeyPh[] = { + 0x25, 0x9b, 0x71, 0xc1, 0x9f, 0x83, 0xef, 0x77, + 0xa7, 0xab, 0xd2, 0x65, 0x24, 0xcb, 0xdb, 0x31, + 0x61, 0xb5, 0x90, 0xa4, 0x8f, 0x7d, 0x17, 0xde, + 0x3e, 0xe0, 0xba, 0x9c, 0x52, 0xbe, 0xb7, 0x43, + 0xc0, 0x94, 0x28, 0xa1, 0x31, 0xd6, 0xb1, 0xb5, + 0x73, 0x03, 0xd9, 0x0d, 0x81, 0x32, 0xc2, 0x76, + 0xd5, 0xed, 0x3d, 0x5d, 0x01, 0xc0, 0xf5, 0x38, + 0x80 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sigPh1[] = { + 0x82, 0x2f, 0x69, 0x01, 0xf7, 0x48, 0x0f, 0x3d, + 0x5f, 0x56, 0x2c, 0x59, 0x29, 0x94, 0xd9, 0x69, + 0x36, 0x02, 0x87, 0x56, 0x14, 0x48, 0x32, 0x56, + 0x50, 0x56, 0x00, 0xbb, 0xc2, 0x81, 0xae, 0x38, + 0x1f, 0x54, 0xd6, 0xbc, 0xe2, 0xea, 0x91, 0x15, + 0x74, 0x93, 0x2f, 0x52, 0xa4, 0xe6, 0xca, 0xdd, + 0x78, 0x76, 0x93, 0x75, 0xec, 0x3f, 0xfd, 0x1b, + 0x80, 0x1a, 0x0d, 0x9b, 0x3f, 0x40, 0x30, 0xcd, + 0x43, 0x39, 0x64, 0xb6, 0x45, 0x7e, 0xa3, 0x94, + 0x76, 0x51, 0x12, 0x14, 0xf9, 0x74, 0x69, 0xb5, + 0x7d, 0xd3, 0x2d, 0xbc, 0x56, 0x0a, 0x9a, 0x94, + 0xd0, 0x0b, 0xff, 0x07, 0x62, 0x04, 0x64, 0xa3, + 0xad, 0x20, 0x3d, 0xf7, 0xdc, 0x7c, 0xe3, 0x60, + 0xc3, 0xcd, 0x36, 0x96, 0xd9, 0xd9, 0xfa, 0xb9, + 0x0f, 0x00 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sigPh2[] = { + 0xc3, 0x22, 0x99, 0xd4, 0x6e, 0xc8, 0xff, 0x02, + 0xb5, 0x45, 0x40, 0x98, 0x28, 0x14, 0xdc, 0xe9, + 0xa0, 0x58, 0x12, 0xf8, 0x19, 0x62, 0xb6, 0x49, + 0xd5, 0x28, 0x09, 0x59, 0x16, 0xa2, 0xaa, 0x48, + 0x10, 0x65, 0xb1, 0x58, 0x04, 0x23, 0xef, 0x92, + 0x7e, 0xcf, 0x0a, 0xf5, 0x88, 0x8f, 0x90, 0xda, + 0x0f, 0x6a, 0x9a, 0x85, 0xad, 0x5d, 0xc3, 0xf2, + 0x80, 0xd9, 0x12, 0x24, 0xba, 0x99, 0x11, 0xa3, + 0x65, 0x3d, 0x00, 0xe4, 0x84, 0xe2, 0xce, 0x23, + 0x25, 0x21, 0x48, 0x1c, 0x86, 0x58, 0xdf, 0x30, + 0x4b, 0xb7, 0x74, 0x5a, 0x73, 0x51, 0x4c, 0xdb, + 0x9b, 0xf3, 0xe1, 0x57, 0x84, 0xab, 0x71, 0x28, + 0x4f, 0x8d, 0x07, 0x04, 0xa6, 0x08, 0xc5, 0x4a, + 0x6b, 0x62, 0xd9, 0x7b, 0xeb, 0x51, 0x1d, 0x13, + 0x21, 0x00 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte msgPh[] = { + 0x61,0x62,0x63 + }; + + /* SHA-512 hash of msgPh */ + WOLFSSL_SMALL_STACK_STATIC const byte hashPh[] = { + 0x48, 0x33, 0x66, 0x60, 0x13, 0x60, 0xa8, 0x77, + 0x1c, 0x68, 0x63, 0x08, 0x0c, 0xc4, 0x11, 0x4d, + 0x8d, 0xb4, 0x45, 0x30, 0xf8, 0xf1, 0xe1, 0xee, + 0x4f, 0x94, 0xea, 0x37, 0xe7, 0x8b, 0x57, 0x39, + 0xd5, 0xa1, 0x5b, 0xef, 0x18, 0x6a, 0x53, 0x86, + 0xc7, 0x57, 0x44, 0xc0, 0x52, 0x7e, 0x1f, 0xaa, + 0x9f, 0x87, 0x26, 0xe4, 0x62, 0xa1, 0x2a, 0x4f, + 0xeb, 0x06, 0xbd, 0x88, 0x01, 0xe7, 0x51, 0xe4 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte contextPh2[] = { + 0x66,0x6f,0x6f + }; + + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + + ret = wc_ed448_init_ex(&key, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ed448_import_private_key(sKeyPh, ED448_KEY_SIZE, pKeyPh, + sizeof(pKeyPh), &key); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, NULL, + 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(out, sigPh1, sizeof(sigPh1))) + return WC_TEST_RET_ENC_NC; + +#if defined(HAVE_ED448_VERIFY) + /* test verify on good msg */ + ret = wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key, + NULL, 0); + if (ret != 0 || verify != 1) { + return WC_TEST_RET_ENC_EC(ret); + } +#endif + + ret = wc_ed448ph_sign_msg(msgPh, sizeof(msgPh), out, &outlen, &key, + contextPh2, sizeof(contextPh2)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(out, sigPh2, sizeof(sigPh2))) + return WC_TEST_RET_ENC_NC; + +#if defined(HAVE_ED448_VERIFY) + /* test verify on good msg */ + ret = wc_ed448ph_verify_msg(out, outlen, msgPh, sizeof(msgPh), &verify, &key, + contextPh2, sizeof(contextPh2)); + if (ret != 0 || verify != 1) { + return WC_TEST_RET_ENC_EC(ret); + } +#endif + + ret = wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, NULL, + 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(out, sigPh1, sizeof(sigPh1))) + return WC_TEST_RET_ENC_NC; + +#if defined(HAVE_ED448_VERIFY) + ret = wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, + &key, NULL, 0); + if (ret != 0 || verify != 1) { + return WC_TEST_RET_ENC_EC(ret); + } +#endif + + ret = wc_ed448ph_sign_hash(hashPh, sizeof(hashPh), out, &outlen, &key, + contextPh2, sizeof(contextPh2)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + if (XMEMCMP(out, sigPh2, sizeof(sigPh2))) + return WC_TEST_RET_ENC_NC; + +#if defined(HAVE_ED448_VERIFY) + ret = wc_ed448ph_verify_hash(out, outlen, hashPh, sizeof(hashPh), &verify, + &key, contextPh2, sizeof(contextPh2)); + if (ret != 0 || verify != 1) { + return WC_TEST_RET_ENC_EC(ret); + } +#endif + + wc_ed448_free(&key); + + return 0; +} +#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void) +{ + wc_test_ret_t ret; + WC_RNG rng; +#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\ + defined(HAVE_ED448_KEY_IMPORT) + byte out[ED448_SIG_SIZE]; + int i; + word32 outlen; +#ifdef HAVE_ED448_VERIFY +#ifdef WOLFSSL_ED448_STREAMING_VERIFY + int j; +#endif /* WOLFSSL_ED448_STREAMING_VERIFY */ + int verify; +#endif /* HAVE_ED448_VERIFY */ +#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */ + word32 keySz, sigSz; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ed448_key *key = NULL; + ed448_key *key2 = NULL; +#else + ed448_key key[1]; + ed448_key key2[1]; +#endif + +#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) && \ + defined(HAVE_ED448_KEY_IMPORT) + /* test vectors from + https://tools.ietf.org/html/rfc8032 + */ + + WOLFSSL_SMALL_STACK_STATIC const byte sKey1[] = { + 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, + 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, + 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f, + 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, + 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, + 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, + 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, + 0x5b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sKey2[] = { + 0xc4, 0xea, 0xb0, 0x5d, 0x35, 0x70, 0x07, 0xc6, + 0x32, 0xf3, 0xdb, 0xb4, 0x84, 0x89, 0x92, 0x4d, + 0x55, 0x2b, 0x08, 0xfe, 0x0c, 0x35, 0x3a, 0x0d, + 0x4a, 0x1f, 0x00, 0xac, 0xda, 0x2c, 0x46, 0x3a, + 0xfb, 0xea, 0x67, 0xc5, 0xe8, 0xd2, 0x87, 0x7c, + 0x5e, 0x3b, 0xc3, 0x97, 0xa6, 0x59, 0x94, 0x9e, + 0xf8, 0x02, 0x1e, 0x95, 0x4e, 0x0a, 0x12, 0x27, + 0x4e + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sKey3[] = { + 0x25, 0x8c, 0xdd, 0x4a, 0xda, 0x32, 0xed, 0x9c, + 0x9f, 0xf5, 0x4e, 0x63, 0x75, 0x6a, 0xe5, 0x82, + 0xfb, 0x8f, 0xab, 0x2a, 0xc7, 0x21, 0xf2, 0xc8, + 0xe6, 0x76, 0xa7, 0x27, 0x68, 0x51, 0x3d, 0x93, + 0x9f, 0x63, 0xdd, 0xdb, 0x55, 0x60, 0x91, 0x33, + 0xf2, 0x9a, 0xdf, 0x86, 0xec, 0x99, 0x29, 0xdc, + 0xcb, 0x52, 0xc1, 0xc5, 0xfd, 0x2f, 0xf7, 0xe2, + 0x1b + }; + + /* uncompressed test */ + WOLFSSL_SMALL_STACK_STATIC const byte sKey4[] = { + 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, + 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, + 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f, + 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, + 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, + 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, + 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, + 0x5b + }; + + /* compressed prefix test */ + WOLFSSL_SMALL_STACK_STATIC const byte sKey5[] = { + 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, + 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, + 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f, + 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, + 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, + 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, + 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, + 0x5b + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sKey6[] = { + 0x87, 0x2d, 0x09, 0x37, 0x80, 0xf5, 0xd3, 0x73, + 0x0d, 0xf7, 0xc2, 0x12, 0x66, 0x4b, 0x37, 0xb8, + 0xa0, 0xf2, 0x4f, 0x56, 0x81, 0x0d, 0xaa, 0x83, + 0x82, 0xcd, 0x4f, 0xa3, 0xf7, 0x76, 0x34, 0xec, + 0x44, 0xdc, 0x54, 0xf1, 0xc2, 0xed, 0x9b, 0xea, + 0x86, 0xfa, 0xfb, 0x76, 0x32, 0xd8, 0xbe, 0x19, + 0x9e, 0xa1, 0x65, 0xf5, 0xad, 0x55, 0xdd, 0x9c, + 0xe8 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte* sKeys[] = {sKey1, sKey2, sKey3, sKey4, sKey5, sKey6}; + + WOLFSSL_SMALL_STACK_STATIC const byte pKey1[] = { + 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, + 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, + 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, + 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, + 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, + 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, + 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, + 0x80 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte pKey2[] = { + 0x43, 0xba, 0x28, 0xf4, 0x30, 0xcd, 0xff, 0x45, + 0x6a, 0xe5, 0x31, 0x54, 0x5f, 0x7e, 0xcd, 0x0a, + 0xc8, 0x34, 0xa5, 0x5d, 0x93, 0x58, 0xc0, 0x37, + 0x2b, 0xfa, 0x0c, 0x6c, 0x67, 0x98, 0xc0, 0x86, + 0x6a, 0xea, 0x01, 0xeb, 0x00, 0x74, 0x28, 0x02, + 0xb8, 0x43, 0x8e, 0xa4, 0xcb, 0x82, 0x16, 0x9c, + 0x23, 0x51, 0x60, 0x62, 0x7b, 0x4c, 0x3a, 0x94, + 0x80 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte pKey3[] = { + 0x3b, 0xa1, 0x6d, 0xa0, 0xc6, 0xf2, 0xcc, 0x1f, + 0x30, 0x18, 0x77, 0x40, 0x75, 0x6f, 0x5e, 0x79, + 0x8d, 0x6b, 0xc5, 0xfc, 0x01, 0x5d, 0x7c, 0x63, + 0xcc, 0x95, 0x10, 0xee, 0x3f, 0xd4, 0x4a, 0xdc, + 0x24, 0xd8, 0xe9, 0x68, 0xb6, 0xe4, 0x6e, 0x6f, + 0x94, 0xd1, 0x9b, 0x94, 0x53, 0x61, 0x72, 0x6b, + 0xd7, 0x5e, 0x14, 0x9e, 0xf0, 0x98, 0x17, 0xf5, + 0x80 + }; + + /* uncompressed test */ + WOLFSSL_SMALL_STACK_STATIC const byte pKey4[] = { + 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, + 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, + 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, + 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, + 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, + 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, + 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, + 0x80 + }; + + /* compressed prefix */ + WOLFSSL_SMALL_STACK_STATIC const byte pKey5[] = { + 0x5f, 0xd7, 0x44, 0x9b, 0x59, 0xb4, 0x61, 0xfd, + 0x2c, 0xe7, 0x87, 0xec, 0x61, 0x6a, 0xd4, 0x6a, + 0x1d, 0xa1, 0x34, 0x24, 0x85, 0xa7, 0x0e, 0x1f, + 0x8a, 0x0e, 0xa7, 0x5d, 0x80, 0xe9, 0x67, 0x78, + 0xed, 0xf1, 0x24, 0x76, 0x9b, 0x46, 0xc7, 0x06, + 0x1b, 0xd6, 0x78, 0x3d, 0xf1, 0xe5, 0x0f, 0x6c, + 0xd1, 0xfa, 0x1a, 0xbe, 0xaf, 0xe8, 0x25, 0x61, + 0x80 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte pKey6[] = { + 0xa8, 0x1b, 0x2e, 0x8a, 0x70, 0xa5, 0xac, 0x94, + 0xff, 0xdb, 0xcc, 0x9b, 0xad, 0xfc, 0x3f, 0xeb, + 0x08, 0x01, 0xf2, 0x58, 0x57, 0x8b, 0xb1, 0x14, + 0xad, 0x44, 0xec, 0xe1, 0xec, 0x0e, 0x79, 0x9d, + 0xa0, 0x8e, 0xff, 0xb8, 0x1c, 0x5d, 0x68, 0x5c, + 0x0c, 0x56, 0xf6, 0x4e, 0xec, 0xae, 0xf8, 0xcd, + 0xf1, 0x1c, 0xc3, 0x87, 0x37, 0x83, 0x8c, 0xf4, + 0x00 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte* pKeys[] = {pKey1, pKey2, pKey3, pKey4, pKey5, pKey6}; + WOLFSSL_SMALL_STACK_STATIC const byte pKeySz[] = {sizeof(pKey1), sizeof(pKey2), sizeof(pKey3), + sizeof(pKey4), sizeof(pKey5), sizeof(pKey6)}; + + WOLFSSL_SMALL_STACK_STATIC const byte sig1[] = { + 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25, + 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae, + 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2, + 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f, + 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81, + 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78, + 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39, + 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a, + 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d, + 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41, + 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd, + 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb, + 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26, + 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65, + 0x26, 0x00 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sig2[] = { + 0x26, 0xb8, 0xf9, 0x17, 0x27, 0xbd, 0x62, 0x89, + 0x7a, 0xf1, 0x5e, 0x41, 0xeb, 0x43, 0xc3, 0x77, + 0xef, 0xb9, 0xc6, 0x10, 0xd4, 0x8f, 0x23, 0x35, + 0xcb, 0x0b, 0xd0, 0x08, 0x78, 0x10, 0xf4, 0x35, + 0x25, 0x41, 0xb1, 0x43, 0xc4, 0xb9, 0x81, 0xb7, + 0xe1, 0x8f, 0x62, 0xde, 0x8c, 0xcd, 0xf6, 0x33, + 0xfc, 0x1b, 0xf0, 0x37, 0xab, 0x7c, 0xd7, 0x79, + 0x80, 0x5e, 0x0d, 0xbc, 0xc0, 0xaa, 0xe1, 0xcb, + 0xce, 0xe1, 0xaf, 0xb2, 0xe0, 0x27, 0xdf, 0x36, + 0xbc, 0x04, 0xdc, 0xec, 0xbf, 0x15, 0x43, 0x36, + 0xc1, 0x9f, 0x0a, 0xf7, 0xe0, 0xa6, 0x47, 0x29, + 0x05, 0xe7, 0x99, 0xf1, 0x95, 0x3d, 0x2a, 0x0f, + 0xf3, 0x34, 0x8a, 0xb2, 0x1a, 0xa4, 0xad, 0xaf, + 0xd1, 0xd2, 0x34, 0x44, 0x1c, 0xf8, 0x07, 0xc0, + 0x3a, 0x00 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sig3[] = { + 0x7e, 0xee, 0xab, 0x7c, 0x4e, 0x50, 0xfb, 0x79, + 0x9b, 0x41, 0x8e, 0xe5, 0xe3, 0x19, 0x7f, 0xf6, + 0xbf, 0x15, 0xd4, 0x3a, 0x14, 0xc3, 0x43, 0x89, + 0xb5, 0x9d, 0xd1, 0xa7, 0xb1, 0xb8, 0x5b, 0x4a, + 0xe9, 0x04, 0x38, 0xac, 0xa6, 0x34, 0xbe, 0xa4, + 0x5e, 0x3a, 0x26, 0x95, 0xf1, 0x27, 0x0f, 0x07, + 0xfd, 0xcd, 0xf7, 0xc6, 0x2b, 0x8e, 0xfe, 0xaf, + 0x00, 0xb4, 0x5c, 0x2c, 0x96, 0xba, 0x45, 0x7e, + 0xb1, 0xa8, 0xbf, 0x07, 0x5a, 0x3d, 0xb2, 0x8e, + 0x5c, 0x24, 0xf6, 0xb9, 0x23, 0xed, 0x4a, 0xd7, + 0x47, 0xc3, 0xc9, 0xe0, 0x3c, 0x70, 0x79, 0xef, + 0xb8, 0x7c, 0xb1, 0x10, 0xd3, 0xa9, 0x98, 0x61, + 0xe7, 0x20, 0x03, 0xcb, 0xae, 0x6d, 0x6b, 0x8b, + 0x82, 0x7e, 0x4e, 0x6c, 0x14, 0x30, 0x64, 0xff, + 0x3c, 0x00 + }; + + /* uncompressed test */ + WOLFSSL_SMALL_STACK_STATIC const byte sig4[] = { + 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25, + 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae, + 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2, + 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f, + 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81, + 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78, + 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39, + 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a, + 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d, + 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41, + 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd, + 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb, + 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26, + 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65, + 0x26, 0x00 + }; + + /* compressed prefix */ + WOLFSSL_SMALL_STACK_STATIC const byte sig5[] = { + 0x53, 0x3a, 0x37, 0xf6, 0xbb, 0xe4, 0x57, 0x25, + 0x1f, 0x02, 0x3c, 0x0d, 0x88, 0xf9, 0x76, 0xae, + 0x2d, 0xfb, 0x50, 0x4a, 0x84, 0x3e, 0x34, 0xd2, + 0x07, 0x4f, 0xd8, 0x23, 0xd4, 0x1a, 0x59, 0x1f, + 0x2b, 0x23, 0x3f, 0x03, 0x4f, 0x62, 0x82, 0x81, + 0xf2, 0xfd, 0x7a, 0x22, 0xdd, 0xd4, 0x7d, 0x78, + 0x28, 0xc5, 0x9b, 0xd0, 0xa2, 0x1b, 0xfd, 0x39, + 0x80, 0xff, 0x0d, 0x20, 0x28, 0xd4, 0xb1, 0x8a, + 0x9d, 0xf6, 0x3e, 0x00, 0x6c, 0x5d, 0x1c, 0x2d, + 0x34, 0x5b, 0x92, 0x5d, 0x8d, 0xc0, 0x0b, 0x41, + 0x04, 0x85, 0x2d, 0xb9, 0x9a, 0xc5, 0xc7, 0xcd, + 0xda, 0x85, 0x30, 0xa1, 0x13, 0xa0, 0xf4, 0xdb, + 0xb6, 0x11, 0x49, 0xf0, 0x5a, 0x73, 0x63, 0x26, + 0x8c, 0x71, 0xd9, 0x58, 0x08, 0xff, 0x2e, 0x65, + 0x26, 0x00 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte sig6[] = { + 0xe3, 0x01, 0x34, 0x5a, 0x41, 0xa3, 0x9a, 0x4d, + 0x72, 0xff, 0xf8, 0xdf, 0x69, 0xc9, 0x80, 0x75, + 0xa0, 0xcc, 0x08, 0x2b, 0x80, 0x2f, 0xc9, 0xb2, + 0xb6, 0xbc, 0x50, 0x3f, 0x92, 0x6b, 0x65, 0xbd, + 0xdf, 0x7f, 0x4c, 0x8f, 0x1c, 0xb4, 0x9f, 0x63, + 0x96, 0xaf, 0xc8, 0xa7, 0x0a, 0xbe, 0x6d, 0x8a, + 0xef, 0x0d, 0xb4, 0x78, 0xd4, 0xc6, 0xb2, 0x97, + 0x00, 0x76, 0xc6, 0xa0, 0x48, 0x4f, 0xe7, 0x6d, + 0x76, 0xb3, 0xa9, 0x76, 0x25, 0xd7, 0x9f, 0x1c, + 0xe2, 0x40, 0xe7, 0xc5, 0x76, 0x75, 0x0d, 0x29, + 0x55, 0x28, 0x28, 0x6f, 0x71, 0x9b, 0x41, 0x3d, + 0xe9, 0xad, 0xa3, 0xe8, 0xeb, 0x78, 0xed, 0x57, + 0x36, 0x03, 0xce, 0x30, 0xd8, 0xbb, 0x76, 0x17, + 0x85, 0xdc, 0x30, 0xdb, 0xc3, 0x20, 0x86, 0x9e, + 0x1a, 0x00 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte* sigs[] = {sig1, sig2, sig3, sig4, sig5, sig6}; + #define SIGSZ sizeof(sig1) + + PEDANTIC_EXTENSION WOLFSSL_SMALL_STACK_STATIC const byte msg1[] = { 0 }; + WOLFSSL_SMALL_STACK_STATIC const byte msg2[] = { 0x03 }; + WOLFSSL_SMALL_STACK_STATIC const byte msg3[] = { 0x64, 0xa6, 0x5f, 0x3c, 0xde, 0xdc, 0xdd, + 0x66, 0x81, 0x1e, 0x29, 0x15 }; + + /* test of a 1023 byte long message */ + WOLFSSL_SMALL_STACK_STATIC const byte msg4[] = { + 0x6d, 0xdf, 0x80, 0x2e, 0x1a, 0xae, 0x49, 0x86, + 0x93, 0x5f, 0x7f, 0x98, 0x1b, 0xa3, 0xf0, 0x35, + 0x1d, 0x62, 0x73, 0xc0, 0xa0, 0xc2, 0x2c, 0x9c, + 0x0e, 0x83, 0x39, 0x16, 0x8e, 0x67, 0x54, 0x12, + 0xa3, 0xde, 0xbf, 0xaf, 0x43, 0x5e, 0xd6, 0x51, + 0x55, 0x80, 0x07, 0xdb, 0x43, 0x84, 0xb6, 0x50, + 0xfc, 0xc0, 0x7e, 0x3b, 0x58, 0x6a, 0x27, 0xa4, + 0xf7, 0xa0, 0x0a, 0xc8, 0xa6, 0xfe, 0xc2, 0xcd, + 0x86, 0xae, 0x4b, 0xf1, 0x57, 0x0c, 0x41, 0xe6, + 0xa4, 0x0c, 0x93, 0x1d, 0xb2, 0x7b, 0x2f, 0xaa, + 0x15, 0xa8, 0xce, 0xdd, 0x52, 0xcf, 0xf7, 0x36, + 0x2c, 0x4e, 0x6e, 0x23, 0xda, 0xec, 0x0f, 0xbc, + 0x3a, 0x79, 0xb6, 0x80, 0x6e, 0x31, 0x6e, 0xfc, + 0xc7, 0xb6, 0x81, 0x19, 0xbf, 0x46, 0xbc, 0x76, + 0xa2, 0x60, 0x67, 0xa5, 0x3f, 0x29, 0x6d, 0xaf, + 0xdb, 0xdc, 0x11, 0xc7, 0x7f, 0x77, 0x77, 0xe9, + 0x72, 0x66, 0x0c, 0xf4, 0xb6, 0xa9, 0xb3, 0x69, + 0xa6, 0x66, 0x5f, 0x02, 0xe0, 0xcc, 0x9b, 0x6e, + 0xdf, 0xad, 0x13, 0x6b, 0x4f, 0xab, 0xe7, 0x23, + 0xd2, 0x81, 0x3d, 0xb3, 0x13, 0x6c, 0xfd, 0xe9, + 0xb6, 0xd0, 0x44, 0x32, 0x2f, 0xee, 0x29, 0x47, + 0x95, 0x2e, 0x03, 0x1b, 0x73, 0xab, 0x5c, 0x60, + 0x33, 0x49, 0xb3, 0x07, 0xbd, 0xc2, 0x7b, 0xc6, + 0xcb, 0x8b, 0x8b, 0xbd, 0x7b, 0xd3, 0x23, 0x21, + 0x9b, 0x80, 0x33, 0xa5, 0x81, 0xb5, 0x9e, 0xad, + 0xeb, 0xb0, 0x9b, 0x3c, 0x4f, 0x3d, 0x22, 0x77, + 0xd4, 0xf0, 0x34, 0x36, 0x24, 0xac, 0xc8, 0x17, + 0x80, 0x47, 0x28, 0xb2, 0x5a, 0xb7, 0x97, 0x17, + 0x2b, 0x4c, 0x5c, 0x21, 0xa2, 0x2f, 0x9c, 0x78, + 0x39, 0xd6, 0x43, 0x00, 0x23, 0x2e, 0xb6, 0x6e, + 0x53, 0xf3, 0x1c, 0x72, 0x3f, 0xa3, 0x7f, 0xe3, + 0x87, 0xc7, 0xd3, 0xe5, 0x0b, 0xdf, 0x98, 0x13, + 0xa3, 0x0e, 0x5b, 0xb1, 0x2c, 0xf4, 0xcd, 0x93, + 0x0c, 0x40, 0xcf, 0xb4, 0xe1, 0xfc, 0x62, 0x25, + 0x92, 0xa4, 0x95, 0x88, 0x79, 0x44, 0x94, 0xd5, + 0x6d, 0x24, 0xea, 0x4b, 0x40, 0xc8, 0x9f, 0xc0, + 0x59, 0x6c, 0xc9, 0xeb, 0xb9, 0x61, 0xc8, 0xcb, + 0x10, 0xad, 0xde, 0x97, 0x6a, 0x5d, 0x60, 0x2b, + 0x1c, 0x3f, 0x85, 0xb9, 0xb9, 0xa0, 0x01, 0xed, + 0x3c, 0x6a, 0x4d, 0x3b, 0x14, 0x37, 0xf5, 0x20, + 0x96, 0xcd, 0x19, 0x56, 0xd0, 0x42, 0xa5, 0x97, + 0xd5, 0x61, 0xa5, 0x96, 0xec, 0xd3, 0xd1, 0x73, + 0x5a, 0x8d, 0x57, 0x0e, 0xa0, 0xec, 0x27, 0x22, + 0x5a, 0x2c, 0x4a, 0xaf, 0xf2, 0x63, 0x06, 0xd1, + 0x52, 0x6c, 0x1a, 0xf3, 0xca, 0x6d, 0x9c, 0xf5, + 0xa2, 0xc9, 0x8f, 0x47, 0xe1, 0xc4, 0x6d, 0xb9, + 0xa3, 0x32, 0x34, 0xcf, 0xd4, 0xd8, 0x1f, 0x2c, + 0x98, 0x53, 0x8a, 0x09, 0xeb, 0xe7, 0x69, 0x98, + 0xd0, 0xd8, 0xfd, 0x25, 0x99, 0x7c, 0x7d, 0x25, + 0x5c, 0x6d, 0x66, 0xec, 0xe6, 0xfa, 0x56, 0xf1, + 0x11, 0x44, 0x95, 0x0f, 0x02, 0x77, 0x95, 0xe6, + 0x53, 0x00, 0x8f, 0x4b, 0xd7, 0xca, 0x2d, 0xee, + 0x85, 0xd8, 0xe9, 0x0f, 0x3d, 0xc3, 0x15, 0x13, + 0x0c, 0xe2, 0xa0, 0x03, 0x75, 0xa3, 0x18, 0xc7, + 0xc3, 0xd9, 0x7b, 0xe2, 0xc8, 0xce, 0x5b, 0x6d, + 0xb4, 0x1a, 0x62, 0x54, 0xff, 0x26, 0x4f, 0xa6, + 0x15, 0x5b, 0xae, 0xe3, 0xb0, 0x77, 0x3c, 0x0f, + 0x49, 0x7c, 0x57, 0x3f, 0x19, 0xbb, 0x4f, 0x42, + 0x40, 0x28, 0x1f, 0x0b, 0x1f, 0x4f, 0x7b, 0xe8, + 0x57, 0xa4, 0xe5, 0x9d, 0x41, 0x6c, 0x06, 0xb4, + 0xc5, 0x0f, 0xa0, 0x9e, 0x18, 0x10, 0xdd, 0xc6, + 0xb1, 0x46, 0x7b, 0xae, 0xac, 0x5a, 0x36, 0x68, + 0xd1, 0x1b, 0x6e, 0xca, 0xa9, 0x01, 0x44, 0x00, + 0x16, 0xf3, 0x89, 0xf8, 0x0a, 0xcc, 0x4d, 0xb9, + 0x77, 0x02, 0x5e, 0x7f, 0x59, 0x24, 0x38, 0x8c, + 0x7e, 0x34, 0x0a, 0x73, 0x2e, 0x55, 0x44, 0x40, + 0xe7, 0x65, 0x70, 0xf8, 0xdd, 0x71, 0xb7, 0xd6, + 0x40, 0xb3, 0x45, 0x0d, 0x1f, 0xd5, 0xf0, 0x41, + 0x0a, 0x18, 0xf9, 0xa3, 0x49, 0x4f, 0x70, 0x7c, + 0x71, 0x7b, 0x79, 0xb4, 0xbf, 0x75, 0xc9, 0x84, + 0x00, 0xb0, 0x96, 0xb2, 0x16, 0x53, 0xb5, 0xd2, + 0x17, 0xcf, 0x35, 0x65, 0xc9, 0x59, 0x74, 0x56, + 0xf7, 0x07, 0x03, 0x49, 0x7a, 0x07, 0x87, 0x63, + 0x82, 0x9b, 0xc0, 0x1b, 0xb1, 0xcb, 0xc8, 0xfa, + 0x04, 0xea, 0xdc, 0x9a, 0x6e, 0x3f, 0x66, 0x99, + 0x58, 0x7a, 0x9e, 0x75, 0xc9, 0x4e, 0x5b, 0xab, + 0x00, 0x36, 0xe0, 0xb2, 0xe7, 0x11, 0x39, 0x2c, + 0xff, 0x00, 0x47, 0xd0, 0xd6, 0xb0, 0x5b, 0xd2, + 0xa5, 0x88, 0xbc, 0x10, 0x97, 0x18, 0x95, 0x42, + 0x59, 0xf1, 0xd8, 0x66, 0x78, 0xa5, 0x79, 0xa3, + 0x12, 0x0f, 0x19, 0xcf, 0xb2, 0x96, 0x3f, 0x17, + 0x7a, 0xeb, 0x70, 0xf2, 0xd4, 0x84, 0x48, 0x26, + 0x26, 0x2e, 0x51, 0xb8, 0x02, 0x71, 0x27, 0x20, + 0x68, 0xef, 0x5b, 0x38, 0x56, 0xfa, 0x85, 0x35, + 0xaa, 0x2a, 0x88, 0xb2, 0xd4, 0x1f, 0x2a, 0x0e, + 0x2f, 0xda, 0x76, 0x24, 0xc2, 0x85, 0x02, 0x72, + 0xac, 0x4a, 0x2f, 0x56, 0x1f, 0x8f, 0x2f, 0x7a, + 0x31, 0x8b, 0xfd, 0x5c, 0xaf, 0x96, 0x96, 0x14, + 0x9e, 0x4a, 0xc8, 0x24, 0xad, 0x34, 0x60, 0x53, + 0x8f, 0xdc, 0x25, 0x42, 0x1b, 0xee, 0xc2, 0xcc, + 0x68, 0x18, 0x16, 0x2d, 0x06, 0xbb, 0xed, 0x0c, + 0x40, 0xa3, 0x87, 0x19, 0x23, 0x49, 0xdb, 0x67, + 0xa1, 0x18, 0xba, 0xda, 0x6c, 0xd5, 0xab, 0x01, + 0x40, 0xee, 0x27, 0x32, 0x04, 0xf6, 0x28, 0xaa, + 0xd1, 0xc1, 0x35, 0xf7, 0x70, 0x27, 0x9a, 0x65, + 0x1e, 0x24, 0xd8, 0xc1, 0x4d, 0x75, 0xa6, 0x05, + 0x9d, 0x76, 0xb9, 0x6a, 0x6f, 0xd8, 0x57, 0xde, + 0xf5, 0xe0, 0xb3, 0x54, 0xb2, 0x7a, 0xb9, 0x37, + 0xa5, 0x81, 0x5d, 0x16, 0xb5, 0xfa, 0xe4, 0x07, + 0xff, 0x18, 0x22, 0x2c, 0x6d, 0x1e, 0xd2, 0x63, + 0xbe, 0x68, 0xc9, 0x5f, 0x32, 0xd9, 0x08, 0xbd, + 0x89, 0x5c, 0xd7, 0x62, 0x07, 0xae, 0x72, 0x64, + 0x87, 0x56, 0x7f, 0x9a, 0x67, 0xda, 0xd7, 0x9a, + 0xbe, 0xc3, 0x16, 0xf6, 0x83, 0xb1, 0x7f, 0x2d, + 0x02, 0xbf, 0x07, 0xe0, 0xac, 0x8b, 0x5b, 0xc6, + 0x16, 0x2c, 0xf9, 0x46, 0x97, 0xb3, 0xc2, 0x7c, + 0xd1, 0xfe, 0xa4, 0x9b, 0x27, 0xf2, 0x3b, 0xa2, + 0x90, 0x18, 0x71, 0x96, 0x25, 0x06, 0x52, 0x0c, + 0x39, 0x2d, 0xa8, 0xb6, 0xad, 0x0d, 0x99, 0xf7, + 0x01, 0x3f, 0xbc, 0x06, 0xc2, 0xc1, 0x7a, 0x56, + 0x95, 0x00, 0xc8, 0xa7, 0x69, 0x64, 0x81, 0xc1, + 0xcd, 0x33, 0xe9, 0xb1, 0x4e, 0x40, 0xb8, 0x2e, + 0x79, 0xa5, 0xf5, 0xdb, 0x82, 0x57, 0x1b, 0xa9, + 0x7b, 0xae, 0x3a, 0xd3, 0xe0, 0x47, 0x95, 0x15, + 0xbb, 0x0e, 0x2b, 0x0f, 0x3b, 0xfc, 0xd1, 0xfd, + 0x33, 0x03, 0x4e, 0xfc, 0x62, 0x45, 0xed, 0xdd, + 0x7e, 0xe2, 0x08, 0x6d, 0xda, 0xe2, 0x60, 0x0d, + 0x8c, 0xa7, 0x3e, 0x21, 0x4e, 0x8c, 0x2b, 0x0b, + 0xdb, 0x2b, 0x04, 0x7c, 0x6a, 0x46, 0x4a, 0x56, + 0x2e, 0xd7, 0x7b, 0x73, 0xd2, 0xd8, 0x41, 0xc4, + 0xb3, 0x49, 0x73, 0x55, 0x12, 0x57, 0x71, 0x3b, + 0x75, 0x36, 0x32, 0xef, 0xba, 0x34, 0x81, 0x69, + 0xab, 0xc9, 0x0a, 0x68, 0xf4, 0x26, 0x11, 0xa4, + 0x01, 0x26, 0xd7, 0xcb, 0x21, 0xb5, 0x86, 0x95, + 0x56, 0x81, 0x86, 0xf7, 0xe5, 0x69, 0xd2, 0xff, + 0x0f, 0x9e, 0x74, 0x5d, 0x04, 0x87, 0xdd, 0x2e, + 0xb9, 0x97, 0xca, 0xfc, 0x5a, 0xbf, 0x9d, 0xd1, + 0x02, 0xe6, 0x2f, 0xf6, 0x6c, 0xba, 0x87 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte* msgs[] = {msg1, msg2, msg3, msg1, msg1, msg4}; + WOLFSSL_SMALL_STACK_STATIC const word16 msgSz[] = {0 /*sizeof(msg1)*/, + sizeof(msg2), + sizeof(msg3), + 0 /*sizeof(msg1)*/, + 0 /*sizeof(msg1)*/, + sizeof(msg4) + }; +#ifndef NO_ASN + static const byte privateEd448[] = { + 0x30, 0x47, 0x02, 0x01, 0x00, 0x30, 0x05, 0x06, + 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, 0x39, + 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, 0x10, + 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, 0xbf, + 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, 0x9f, + 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, 0xa3, + 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, 0x4e, + 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, 0x8f, + 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, 0xf9, + 0x5b + }; + static const byte publicEd448[] = { + 0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, + 0x71, 0x03, 0x3a, 0x00, 0x5f, 0xd7, 0x44, 0x9b, + 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec, + 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24, + 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d, + 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76, + 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d, + 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe, + 0xaf, 0xe8, 0x25, 0x61, 0x80 + }; + static const byte privPubEd448[] = { + 0x30, 0x81, 0x82, 0x02, 0x01, 0x00, 0x30, 0x05, + 0x06, 0x03, 0x2b, 0x65, 0x71, 0x04, 0x3b, 0x04, + 0x39, 0x6c, 0x82, 0xa5, 0x62, 0xcb, 0x80, 0x8d, + 0x10, 0xd6, 0x32, 0xbe, 0x89, 0xc8, 0x51, 0x3e, + 0xbf, 0x6c, 0x92, 0x9f, 0x34, 0xdd, 0xfa, 0x8c, + 0x9f, 0x63, 0xc9, 0x96, 0x0e, 0xf6, 0xe3, 0x48, + 0xa3, 0x52, 0x8c, 0x8a, 0x3f, 0xcc, 0x2f, 0x04, + 0x4e, 0x39, 0xa3, 0xfc, 0x5b, 0x94, 0x49, 0x2f, + 0x8f, 0x03, 0x2e, 0x75, 0x49, 0xa2, 0x00, 0x98, + 0xf9, 0x5b, 0x81, 0x39, 0x5f, 0xd7, 0x44, 0x9b, + 0x59, 0xb4, 0x61, 0xfd, 0x2c, 0xe7, 0x87, 0xec, + 0x61, 0x6a, 0xd4, 0x6a, 0x1d, 0xa1, 0x34, 0x24, + 0x85, 0xa7, 0x0e, 0x1f, 0x8a, 0x0e, 0xa7, 0x5d, + 0x80, 0xe9, 0x67, 0x78, 0xed, 0xf1, 0x24, 0x76, + 0x9b, 0x46, 0xc7, 0x06, 0x1b, 0xd6, 0x78, 0x3d, + 0xf1, 0xe5, 0x0f, 0x6c, 0xd1, 0xfa, 0x1a, 0xbe, + 0xaf, 0xe8, 0x25, 0x61, 0x80 + }; + + word32 idx; +#endif /* NO_ASN */ +#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */ +#if !defined(NO_ASN) && defined(HAVE_ED448_SIGN) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ed448_key *key3 = NULL; +#else + ed448_key key3[1]; +#endif +#endif + WOLFSSL_ENTER("ed448_test"); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + key = (ed448_key *)XMALLOC(sizeof(*key), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + key2 = (ed448_key *)XMALLOC(sizeof(*key2), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#if !defined(NO_ASN) && defined(HAVE_ED448_SIGN) + key3 = (ed448_key *)XMALLOC(sizeof(*key3), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#endif + + /* create ed448 keys */ +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) { + XMEMSET(&rng, 0, sizeof(rng)); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + ret = wc_ed448_init(key); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_ed448_init(key2); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#if !defined(NO_ASN) && defined(HAVE_ED448_SIGN) + ret = wc_ed448_init(key3); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, key); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_ed448_make_key(&rng, ED448_KEY_SIZE, key2); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* helper functions for signature and key size */ + keySz = (word32)wc_ed448_size(key); + sigSz = (word32)wc_ed448_sig_size(key); + +#if defined(HAVE_ED448_SIGN) && defined(HAVE_ED448_KEY_EXPORT) &&\ + defined(HAVE_ED448_KEY_IMPORT) + for (i = 0; i < 6; i++) { + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + + if (wc_ed448_import_private_key(sKeys[i], ED448_KEY_SIZE, pKeys[i], + pKeySz[i], key) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, key, NULL, + 0) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + if (XMEMCMP(out, sigs[i], 114)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + +#if defined(HAVE_ED448_VERIFY) + /* test verify on good msg */ + if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key, + NULL, 0) != 0 || verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + +#ifdef WOLFSSL_ED448_STREAMING_VERIFY + /* test verify on good msg using streaming interface directly */ + if (wc_ed448_verify_msg_init(out, outlen, + key, (byte)Ed448, NULL, 0) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + for (j = 0; j < msgSz[i]; j += i) { + if (wc_ed448_verify_msg_update(msgs[i] + j, MIN(i, msgSz[i] - j), key) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + if (wc_ed448_verify_msg_final(out, outlen, &verify, + key) != 0 || verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); +#endif /* WOLFSSL_ED448_STREAMING_VERIFY */ + + /* test verify on bad msg */ + out[outlen-2] = out[outlen-2] + 1; + if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key, + NULL, 0) == 0 || verify == 1) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); +#endif /* HAVE_ED448_VERIFY */ + + /* test api for import/exporting keys */ + { + word32 exportPSz = ED448_KEY_SIZE; + word32 exportSSz = ED448_KEY_SIZE; +#ifdef WOLFSSL_NO_MALLOC + byte exportPKey[exportPSz]; + byte exportSKey[exportSSz]; +#else + byte *exportPKey = NULL; + byte *exportSKey = NULL; + + exportPKey = (byte *)XMALLOC(exportPSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + exportSKey = (byte *)XMALLOC(exportSSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if ((exportPKey == NULL) || (exportSKey == NULL)) { + XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } +#endif + + ret = 0; + + do { + if (wc_ed448_export_public(key, exportPKey, &exportPSz) != 0) { + ret = WC_TEST_RET_ENC_I(i); + break; + } + + if (wc_ed448_import_public_ex(exportPKey, exportPSz, key2, 1) != 0) { + ret = WC_TEST_RET_ENC_I(i); + break; + } + + if (wc_ed448_export_private_only(key, exportSKey, &exportSSz) != 0) { + ret = WC_TEST_RET_ENC_I(i); + break; + } + + if (wc_ed448_import_private_key(exportSKey, exportSSz, + exportPKey, exportPSz, key2) != 0) { + ret = WC_TEST_RET_ENC_I(i); + break; + } + + /* clear "out" buffer and test sign with imported keys */ + outlen = sizeof(out); + XMEMSET(out, 0, sizeof(out)); + if (wc_ed448_sign_msg(msgs[i], msgSz[i], out, &outlen, key2, NULL, + 0) != 0) { + ret = WC_TEST_RET_ENC_I(i); + break; + } + } while(0); + + #ifndef WOLFSSL_NO_MALLOC + XFREE(exportPKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(exportSKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + + if (ret != 0) + goto out; + } + +#if defined(HAVE_ED448_VERIFY) + if (wc_ed448_verify_msg(out, outlen, msgs[i], msgSz[i], &verify, key2, + NULL, 0) != 0 || verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + if (XMEMCMP(out, sigs[i], SIGSZ)) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); +#endif /* HAVE_ED448_VERIFY */ + } + + ret = ed448_ctx_test(); + if (ret != 0) + goto out; + + ret = ed448ph_test(); + if (ret != 0) + goto out; + +#ifndef NO_ASN + /* Try ASN.1 encoded private-only key and public key. */ + idx = 0; + ret = wc_Ed448PrivateKeyDecode(privateEd448, &idx, key3, + sizeof(privateEd448)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + idx = 0; + ret = wc_Ed448PublicKeyDecode(publicEd448, &idx, key3, sizeof(publicEd448)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(out, sigs[0], SIGSZ)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + +#if defined(HAVE_ED448_VERIFY) + /* test verify on good msg */ + ret = wc_ed448_verify_msg(out, outlen, msgs[0], msgSz[0], &verify, key3, + NULL, 0); + if (ret != 0 || verify != 1) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif /* HAVE_ED448_VERIFY */ + + wc_ed448_free(key3); + ret = wc_ed448_init(key3); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + idx = 0; + ret = wc_Ed448PrivateKeyDecode(privPubEd448, &idx, key3, + sizeof(privPubEd448)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_ed448_sign_msg(msgs[0], msgSz[0], out, &outlen, key3, NULL, 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(out, sigs[0], SIGSZ)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#endif /* NO_ASN */ +#endif /* HAVE_ED448_SIGN && HAVE_ED448_KEY_EXPORT && HAVE_ED448_KEY_IMPORT */ + + ret = 0; + + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (key) { + wc_ed448_free(key); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (key2) { + wc_ed448_free(key2); + XFREE(key2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#if !defined(NO_ASN) && defined(HAVE_ED448_SIGN) + if (key3) { + wc_ed448_free(key3); + XFREE(key3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#endif +#else + wc_ed448_free(key); + wc_ed448_free(key2); +#if !defined(NO_ASN) && defined(HAVE_ED448_SIGN) + wc_ed448_free(key3); +#endif +#endif + +#if defined(HAVE_HASHDRBG) || defined(NO_RC4) + wc_FreeRng(&rng); +#endif + + if (ret < 0) + return ret; + + /* hush warnings of unused keySz and sigSz */ + (void)keySz; + (void)sigSz; + +#if defined(HAVE_ED448_KEY_IMPORT) + ret = ed448_test_check_key(); + if (ret < 0) + return ret; +#endif +#ifdef WOLFSSL_TEST_CERT + ret = ed448_test_cert(); + if (ret < 0) + return ret; +#ifdef WOLFSSL_CERT_GEN + ret = ed448_test_make_cert(); + if (ret < 0) + return ret; +#endif /* WOLFSSL_CERT_GEN */ +#endif /* WOLFSSL_TEST_CERT */ + + return 0; +} +#endif /* HAVE_ED448 */ + +#ifdef WOLFSSL_HAVE_MLKEM +#ifdef WOLFSSL_WC_MLKEM /* OQS does not support KATs */ +#if !defined(WOLFSSL_NO_KYBER512) && !defined(WOLFSSL_NO_ML_KEM_512) +static wc_test_ret_t mlkem512_kat(void) +{ + wc_test_ret_t ret; +#ifdef WOLFSSL_SMALL_STACK + MlKemKey *key = NULL; +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + byte *priv = NULL; + byte *pub = NULL; +#endif +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + byte *ct = NULL; + byte *ss = NULL; +#endif +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + byte *ss_dec = NULL; +#endif +#else + MlKemKey key[1]; +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + byte priv[KYBER512_PRIVATE_KEY_SIZE]; + byte pub[KYBER512_PUBLIC_KEY_SIZE]; +#endif +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + byte ct[KYBER512_CIPHER_TEXT_SIZE]; + byte ss[KYBER_SS_SZ]; +#endif +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + byte ss_dec[KYBER_SS_SZ]; +#endif +#endif + int key_inited = 0; + WOLFSSL_SMALL_STACK_STATIC const byte kyber512_rand[] = { + 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, + 0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd, + 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03, + 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d, + 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08, + 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21, + 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, + 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F + }; + WOLFSSL_SMALL_STACK_STATIC const byte kyber512enc_rand[] = { + 0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4, + 0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13, + 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74, + 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15 + }; +#ifdef WOLFSSL_MLKEM_KYBER + WOLFSSL_SMALL_STACK_STATIC const byte kyber512_pk[] = { + 0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB, + 0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05, + 0xF6, 0x76, 0x15, 0xA4, 0x88, 0xD7, 0x11, 0xAA, + 0x56, 0x69, 0x8C, 0x56, 0x63, 0xAB, 0x7A, 0xC9, + 0xCE, 0x66, 0xD5, 0x47, 0xC0, 0x59, 0x5F, 0x98, + 0xA4, 0x3F, 0x46, 0x50, 0xBB, 0xE0, 0x8C, 0x36, + 0x4D, 0x97, 0x67, 0x89, 0x11, 0x7D, 0x34, 0xF6, + 0xAE, 0x51, 0xAC, 0x06, 0x3C, 0xB5, 0x5C, 0x6C, + 0xA3, 0x25, 0x58, 0x22, 0x7D, 0xFE, 0xF8, 0x07, + 0xD1, 0x9C, 0x30, 0xDE, 0x41, 0x44, 0x24, 0x09, + 0x7F, 0x6A, 0xA2, 0x36, 0xA1, 0x05, 0x3B, 0x4A, + 0x07, 0xA7, 0x6B, 0xE3, 0x72, 0xA5, 0xC6, 0xB6, + 0x00, 0x27, 0x91, 0xEB, 0xE0, 0xAF, 0xDA, 0xF5, + 0x4E, 0x1C, 0xA2, 0x37, 0xFF, 0x54, 0x5B, 0xA6, + 0x83, 0x43, 0xE7, 0x45, 0xC0, 0x4A, 0xD1, 0x63, + 0x9D, 0xBC, 0x59, 0x03, 0x46, 0xB6, 0xB9, 0x56, + 0x9B, 0x56, 0xDB, 0xBF, 0xE5, 0x31, 0x51, 0x91, + 0x30, 0x66, 0xE5, 0xC8, 0x55, 0x27, 0xDC, 0x94, + 0x68, 0x11, 0x0A, 0x13, 0x6A, 0x41, 0x14, 0x97, + 0xC2, 0x27, 0xDC, 0xB8, 0xC9, 0xB2, 0x55, 0x70, + 0xB7, 0xA0, 0xE4, 0x2A, 0xAD, 0xA6, 0x70, 0x9F, + 0x23, 0x20, 0x8F, 0x5D, 0x49, 0x6E, 0xBA, 0xB7, + 0x84, 0x3F, 0x64, 0x83, 0xBF, 0x0C, 0x0C, 0x73, + 0xA4, 0x02, 0x96, 0xEC, 0x2C, 0x64, 0x40, 0x00, + 0x13, 0x94, 0xC9, 0x9C, 0xA1, 0x73, 0xD5, 0xC7, + 0x75, 0xB7, 0xF4, 0x15, 0xD0, 0x2A, 0x5A, 0x26, + 0xA0, 0x74, 0x07, 0x91, 0x85, 0x87, 0xC4, 0x11, + 0x69, 0xF2, 0xB7, 0x17, 0x87, 0x55, 0xAC, 0xC2, + 0x7F, 0xC8, 0xB1, 0x9C, 0x4C, 0x4B, 0x3F, 0xCD, + 0x41, 0x05, 0x3F, 0x2C, 0x74, 0xC8, 0xA1, 0x0A, + 0x83, 0x21, 0x24, 0x1B, 0x28, 0x02, 0x43, 0x28, + 0x75, 0xAE, 0x80, 0x8B, 0x9E, 0xF1, 0x36, 0x5C, + 0x7B, 0x8A, 0x52, 0x90, 0x2F, 0x13, 0x17, 0xBA, + 0x2F, 0xB0, 0x26, 0x9F, 0x47, 0x93, 0x06, 0x72, + 0x10, 0x7B, 0x47, 0x26, 0xFE, 0xF6, 0x45, 0x47, + 0x39, 0x4D, 0x33, 0x20, 0xC8, 0xF1, 0x20, 0xB3, + 0xC2, 0xF4, 0x72, 0x5B, 0x03, 0x05, 0xFA, 0xB8, + 0x8C, 0xC7, 0x98, 0x1F, 0xCB, 0x09, 0xA7, 0x6A, + 0x1C, 0xBF, 0x7F, 0x17, 0x9F, 0x43, 0xBB, 0x0A, + 0x4C, 0x8B, 0x05, 0x90, 0x85, 0x7F, 0x1E, 0x69, + 0x70, 0x84, 0x66, 0xC7, 0xF8, 0x60, 0x73, 0x91, + 0xE7, 0xBC, 0x52, 0x68, 0xBF, 0xD3, 0xD7, 0xA1, + 0xDF, 0xFC, 0xB4, 0xEC, 0xA2, 0xA1, 0xC9, 0xB5, + 0x97, 0x59, 0x30, 0x13, 0xD5, 0xFC, 0x42, 0x02, + 0xEC, 0x2B, 0x74, 0xE5, 0x7A, 0xB7, 0x6B, 0xBC, + 0xF3, 0x63, 0x2B, 0xBA, 0xF9, 0x7C, 0xDC, 0x41, + 0x8A, 0x6F, 0x16, 0x39, 0x28, 0x38, 0xCA, 0x9B, + 0xF4, 0x5D, 0xDF, 0x02, 0x37, 0x77, 0xB7, 0x56, + 0x18, 0x33, 0xC1, 0x05, 0x19, 0x0F, 0x94, 0xF3, + 0x02, 0xC5, 0x9B, 0x53, 0x19, 0x00, 0xBB, 0xC8, + 0x16, 0x36, 0x1F, 0xAA, 0x5B, 0x33, 0x80, 0xCA, + 0x3A, 0x89, 0x31, 0x04, 0xCA, 0x73, 0x88, 0xB1, + 0x85, 0x67, 0x1B, 0x3E, 0x5F, 0xE3, 0x79, 0x0E, + 0x9A, 0x62, 0x6E, 0xC4, 0x6D, 0x9B, 0x0B, 0x33, + 0xC7, 0xA4, 0x19, 0xAF, 0x7B, 0x32, 0xB6, 0x85, + 0x98, 0x94, 0xF5, 0x75, 0xD8, 0x2A, 0xC5, 0x45, + 0x6B, 0x54, 0x90, 0xA7, 0xAF, 0x8F, 0xE6, 0x10, + 0x46, 0x36, 0x05, 0x89, 0xEC, 0xBA, 0x72, 0x44, + 0x23, 0x6F, 0x41, 0x23, 0x11, 0x6B, 0x61, 0x74, + 0xAA, 0x17, 0x92, 0x49, 0xA4, 0x91, 0x95, 0xB3, + 0x56, 0xC7, 0x2F, 0xC6, 0x64, 0x1F, 0x02, 0x51, + 0x81, 0x2E, 0xAA, 0x98, 0x57, 0x0B, 0x04, 0x66, + 0x99, 0x07, 0x0E, 0x08, 0x19, 0xDC, 0x27, 0x13, + 0xF4, 0x69, 0x13, 0x7D, 0xFC, 0x6A, 0x3D, 0x7B, + 0x92, 0xB2, 0x98, 0x99, 0x5E, 0xE7, 0x80, 0x36, + 0x91, 0x53, 0xAC, 0x36, 0x6B, 0x06, 0xD7, 0x24, + 0x9C, 0xD0, 0x9E, 0x1B, 0x33, 0x78, 0xFB, 0x04, + 0x39, 0x9C, 0xEC, 0xB8, 0x65, 0x05, 0x81, 0xD6, + 0x37, 0xC7, 0x9A, 0xE6, 0x7D, 0x6F, 0x2C, 0xAF, + 0x6A, 0xBA, 0xCF, 0x59, 0x81, 0x59, 0xA7, 0x79, + 0x2C, 0xB3, 0xC9, 0x71, 0xD1, 0x49, 0x9D, 0x23, + 0x73, 0xAD, 0x20, 0xF6, 0x3F, 0x03, 0xBB, 0x59, + 0xED, 0x13, 0x73, 0x84, 0xAC, 0x61, 0xA7, 0x15, + 0x51, 0x43, 0xB8, 0xCA, 0x49, 0x32, 0x61, 0x2E, + 0xC9, 0x15, 0xE4, 0xCA, 0x34, 0x6A, 0x9B, 0xCE, + 0x5D, 0xD6, 0x04, 0x17, 0xC6, 0xB2, 0xA8, 0x9B, + 0x1C, 0xC4, 0x35, 0x64, 0x3F, 0x87, 0x5B, 0xDC, + 0x5A, 0x7E, 0x5B, 0x34, 0x81, 0xCF, 0x91, 0x9E, + 0xA0, 0x91, 0x72, 0xFE, 0xBC, 0x46, 0xD4, 0xFC, + 0x3F, 0xB0, 0xCB, 0x95, 0x91, 0x70, 0x4E, 0xE2, + 0xDB, 0xB6, 0x18, 0x44, 0xB2, 0xF3, 0x31, 0x4A, + 0x06, 0xBB, 0x6C, 0x6D, 0x34, 0x00, 0x5E, 0x48, + 0x5C, 0xE6, 0x67, 0xBD, 0xC7, 0xD0, 0x98, 0x58, + 0x69, 0x28, 0xD2, 0xD9, 0x13, 0x40, 0xF0, 0x04, + 0x19, 0xEA, 0x40, 0x13, 0x51, 0xA2, 0x40, 0xA0, + 0xB0, 0x41, 0x05, 0x8B, 0xEF, 0xB0, 0xC2, 0xFD, + 0x32, 0x64, 0x5B, 0x7A, 0x2D, 0xF8, 0xF5, 0xCB, + 0xFD, 0x87, 0x33, 0x27, 0xC9, 0x78, 0xD7, 0xB3, + 0x51, 0xA2, 0x80, 0x88, 0x43, 0x88, 0x37, 0x02, + 0x4C, 0x52, 0xB9, 0xC2, 0x95, 0xCD, 0x71, 0x36, + 0x46, 0xFB, 0x5D, 0x6C, 0x0C, 0xCF, 0xB4, 0x70, + 0x73, 0x4A, 0xC2, 0xB2, 0xBC, 0x81, 0x23, 0xC2, + 0xC1, 0x3D, 0xF6, 0x93, 0x8E, 0x92, 0x45, 0x5A, + 0x86, 0x26, 0x39, 0xFE, 0xB8, 0xA6, 0x4B, 0x85, + 0x16, 0x3E, 0x32, 0x70, 0x7E, 0x03, 0x7B, 0x38, + 0xD8, 0xAC, 0x39, 0x22, 0xB4, 0x51, 0x87, 0xBB, + 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C, + 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15, + 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C, + 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22 + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM + WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_pk[] = { + 0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, + 0x58, 0x11, 0x13, 0x9b, 0xc0, 0x86, 0x82, 0x57, + 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83, + 0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78, + 0x96, 0xac, 0xf1, 0x26, 0x2c, 0x81, 0x35, 0x10, + 0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49, + 0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c, + 0x0b, 0x9b, 0x58, 0x19, 0x92, 0x63, 0x8c, 0xb7, + 0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81, + 0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9, + 0x88, 0x72, 0x2c, 0x36, 0x35, 0x42, 0x3e, 0x27, + 0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c, + 0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c, + 0x5c, 0x90, 0x35, 0xbb, 0x0a, 0xf2, 0xc9, 0x92, + 0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52, + 0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5, + 0x9e, 0x91, 0x36, 0xb3, 0x9f, 0x95, 0x6c, 0x93, + 0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e, + 0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7, + 0x6b, 0xbf, 0x92, 0xc8, 0x05, 0x45, 0x66, 0x68, + 0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54, + 0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55, + 0x6e, 0xb9, 0x77, 0x82, 0xe2, 0x7a, 0x3c, 0x78, + 0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6, + 0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b, + 0xa9, 0xe1, 0x59, 0x9b, 0x17, 0xb3, 0x0d, 0xcc, + 0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b, + 0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72, + 0xc2, 0xb9, 0xc9, 0x74, 0x43, 0x94, 0xc6, 0xab, + 0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78, + 0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83, + 0x2e, 0xe3, 0x2a, 0x07, 0x65, 0x4a, 0x07, 0x0c, + 0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35, + 0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b, + 0x3f, 0x97, 0x51, 0x92, 0x3e, 0x44, 0x27, 0x4f, + 0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58, + 0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50, + 0x97, 0xca, 0xd9, 0x55, 0x3f, 0x5a, 0x26, 0x3f, + 0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca, + 0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57, + 0xa3, 0x15, 0x3c, 0x0a, 0x5e, 0x0a, 0x1c, 0xcd, + 0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54, + 0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88, + 0x08, 0xca, 0xc3, 0x7f, 0x7d, 0xa6, 0xb1, 0x6f, + 0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49, + 0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32, + 0x86, 0xcc, 0xc7, 0xc3, 0x74, 0x9c, 0x63, 0xc7, + 0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42, + 0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88, + 0x1e, 0xc1, 0x41, 0x2b, 0xda, 0xe3, 0x42, 0x08, + 0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b, + 0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62, + 0xcb, 0x2a, 0x15, 0x5a, 0x10, 0x03, 0x09, 0xd1, + 0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b, + 0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10, + 0xc1, 0x08, 0xf8, 0x50, 0x30, 0x95, 0x04, 0xd7, + 0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62, + 0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb, + 0x25, 0x5e, 0xe7, 0xa6, 0xa0, 0xa7, 0x53, 0xbd, + 0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74, + 0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69, + 0x11, 0x3c, 0xc0, 0x13, 0xff, 0x74, 0x94, 0xba, + 0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa, + 0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58, + 0x9d, 0x57, 0xe3, 0x22, 0xfe, 0xfa, 0x41, 0x00, + 0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25, + 0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8, + 0x9c, 0xb1, 0x0b, 0x27, 0x1a, 0xa0, 0x5d, 0x99, + 0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e, + 0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0, + 0x88, 0x3d, 0xa2, 0x06, 0x4f, 0x79, 0x5e, 0x0e, + 0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30, + 0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c, + 0xa8, 0x01, 0xe5, 0x9f, 0xd7, 0x52, 0xca, 0x6e, + 0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88, + 0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb, + 0x26, 0x0c, 0x92, 0x9a, 0x13, 0x44, 0xa8, 0x49, + 0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29, + 0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71, + 0x44, 0x64, 0x03, 0x1a, 0x78, 0x43, 0x92, 0x87, + 0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e, + 0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c, + 0xca, 0x90, 0x1b, 0x2a, 0xea, 0x12, 0x98, 0x17, + 0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f, + 0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5, + 0x46, 0x71, 0x86, 0x2d, 0x90, 0x47, 0x0b, 0x1e, + 0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07, + 0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb, + 0xcc, 0xe1, 0xdb, 0x77, 0x02, 0xea, 0x9d, 0xd6, + 0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63, + 0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85, + 0x11, 0xf6, 0x6c, 0x3e, 0x0b, 0x92, 0x8d, 0xb8, + 0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7, + 0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3, + 0xb2, 0x75, 0x91, 0xc8, 0x21, 0x92, 0x90, 0x76, + 0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f, + 0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0, + 0x43, 0x29, 0x86, 0xae, 0x4b, 0xc1, 0xa2, 0x42, + 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88, + 0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39 + }; +#endif +#ifdef WOLFSSL_MLKEM_KYBER + WOLFSSL_SMALL_STACK_STATIC const byte kyber512_sk[] = { + 0x6C, 0x89, 0x2B, 0x02, 0x97, 0xA9, 0xC7, 0x64, + 0x14, 0x93, 0xF8, 0x7D, 0xAF, 0x35, 0x33, 0xEE, + 0xD6, 0x1F, 0x07, 0xF4, 0x65, 0x20, 0x66, 0x33, + 0x7E, 0xD7, 0x40, 0x46, 0xDC, 0xC7, 0x1B, 0xA0, + 0x3F, 0x30, 0x96, 0x01, 0x03, 0x16, 0x1F, 0x7D, + 0xEB, 0x53, 0xA7, 0x1B, 0x11, 0x61, 0x72, 0x63, + 0xFE, 0x2A, 0x80, 0x97, 0x69, 0xCE, 0x6D, 0x70, + 0xA8, 0x5F, 0xE6, 0x00, 0xEC, 0xE2, 0x9D, 0x7F, + 0x36, 0xA1, 0x6D, 0x33, 0x1B, 0x8B, 0x2A, 0x9E, + 0x1D, 0xB8, 0xC0, 0x90, 0x74, 0x2D, 0xF0, 0x73, + 0x9F, 0xF0, 0x60, 0xCE, 0xB4, 0xEC, 0xC5, 0xAB, + 0x1C, 0x5E, 0x55, 0xAC, 0x97, 0xBB, 0x66, 0xA7, + 0xF8, 0x95, 0x10, 0x5D, 0x57, 0x78, 0x2B, 0x22, + 0x95, 0x38, 0xE3, 0x42, 0x15, 0x44, 0xA3, 0x42, + 0x14, 0x08, 0xDB, 0xF4, 0x49, 0x10, 0x93, 0x4C, + 0xC4, 0x23, 0x77, 0x4F, 0x16, 0x76, 0xFF, 0x1C, + 0x30, 0x6F, 0x97, 0x55, 0x5F, 0x57, 0xB4, 0xAE, + 0xD7, 0xA6, 0xBA, 0xB9, 0x50, 0xA8, 0x16, 0x3C, + 0x8D, 0x31, 0x8D, 0xEA, 0x62, 0x75, 0x1B, 0xD6, + 0xAB, 0xC5, 0x06, 0x9C, 0x06, 0xC8, 0x8F, 0x33, + 0x00, 0x26, 0xA1, 0x98, 0x06, 0xA0, 0x3B, 0x97, + 0xA7, 0x69, 0x6B, 0x56, 0xDA, 0x21, 0x82, 0x7B, + 0xB4, 0xE8, 0xDC, 0x03, 0x11, 0x52, 0xB4, 0x1B, + 0x89, 0x2A, 0x9E, 0x99, 0xAD, 0xF6, 0xE1, 0x96, + 0x3E, 0x96, 0x57, 0x88, 0x28, 0x15, 0x4F, 0x46, + 0x70, 0x33, 0x84, 0x69, 0x20, 0xFB, 0xB4, 0xB8, + 0x05, 0x44, 0xE7, 0xE8, 0xA8, 0x1A, 0xE9, 0x63, + 0xCF, 0x36, 0x8C, 0x9B, 0xA0, 0x37, 0xA8, 0xC2, + 0xAD, 0x62, 0xE3, 0x2B, 0x6E, 0x61, 0xC9, 0x1D, + 0x75, 0xCE, 0x00, 0x5A, 0xB3, 0x0F, 0x80, 0x99, + 0xA1, 0xF2, 0x9D, 0x7B, 0x63, 0x05, 0xB4, 0xDC, + 0x06, 0xE2, 0x56, 0x80, 0xBB, 0x00, 0x99, 0x2F, + 0x71, 0x7F, 0xE6, 0xC1, 0x15, 0xA8, 0x08, 0x42, + 0x31, 0xCC, 0x79, 0xDD, 0x70, 0x0E, 0xA6, 0x91, + 0x2A, 0xC7, 0xFA, 0x0D, 0x93, 0x7B, 0xB6, 0xA7, + 0x56, 0x66, 0x22, 0x30, 0x47, 0x0C, 0x18, 0x9B, + 0x5A, 0xA1, 0x65, 0x3D, 0xEB, 0x93, 0x7D, 0x5A, + 0x9C, 0x25, 0xA2, 0x1D, 0x93, 0xB1, 0x90, 0x74, + 0xFC, 0x23, 0x9D, 0x81, 0x53, 0x53, 0x97, 0x97, + 0xC7, 0xD4, 0xAB, 0x62, 0x64, 0x9D, 0x76, 0xAA, + 0x55, 0x37, 0x36, 0xA9, 0x49, 0x02, 0x2C, 0x22, + 0xC5, 0x2B, 0xAE, 0xEC, 0x60, 0x5B, 0x32, 0xCE, + 0x9E, 0x5B, 0x93, 0x84, 0x90, 0x35, 0x58, 0xCA, + 0x9D, 0x6A, 0x3A, 0xBA, 0x90, 0x42, 0x3E, 0xED, + 0xA0, 0x1C, 0x94, 0x19, 0x8B, 0x19, 0x2A, 0x8B, + 0xA9, 0x06, 0x34, 0x97, 0xA0, 0xC5, 0x01, 0x33, + 0x07, 0xDD, 0xD8, 0x63, 0x52, 0x64, 0x71, 0xA4, + 0xD9, 0x95, 0x23, 0xEB, 0x41, 0x7F, 0x29, 0x1A, + 0xAC, 0x0C, 0x3A, 0x58, 0x1B, 0x6D, 0xA0, 0x07, + 0x32, 0xE5, 0xE8, 0x1B, 0x1F, 0x7C, 0x87, 0x9B, + 0x16, 0x93, 0xC1, 0x3B, 0x6F, 0x9F, 0x79, 0x31, + 0x62, 0x24, 0x29, 0xE5, 0x42, 0xAF, 0x40, 0x69, + 0x22, 0x2F, 0x04, 0x55, 0x44, 0xE0, 0xCC, 0x4F, + 0xB2, 0x4D, 0x44, 0x48, 0xCF, 0x2C, 0x65, 0x96, + 0xF5, 0xCB, 0x08, 0x62, 0x4B, 0x11, 0x85, 0x01, + 0x3B, 0x6B, 0x02, 0x08, 0x92, 0xF9, 0x6B, 0xDF, + 0xD4, 0xAD, 0xA9, 0x17, 0x9D, 0xE7, 0x27, 0xB8, + 0xD9, 0x42, 0x6E, 0x09, 0x96, 0xB5, 0xD3, 0x49, + 0x48, 0xCE, 0x02, 0xD0, 0xC3, 0x69, 0xB3, 0x7C, + 0xBB, 0x54, 0xD3, 0x47, 0x9E, 0xD8, 0xB5, 0x82, + 0xE9, 0xE7, 0x28, 0x92, 0x9B, 0x4C, 0x71, 0xC9, + 0xBE, 0x11, 0xD4, 0x5B, 0x20, 0xC4, 0xBD, 0xC3, + 0xC7, 0x43, 0x13, 0x22, 0x3F, 0x58, 0x27, 0x4E, + 0x8B, 0xA5, 0x24, 0x44, 0x47, 0xC4, 0x95, 0x95, + 0x0B, 0x84, 0xCB, 0x0C, 0x3C, 0x27, 0x36, 0x40, + 0x10, 0x8A, 0x33, 0x97, 0x94, 0x45, 0x73, 0x27, + 0x93, 0x28, 0x99, 0x6C, 0xDC, 0x0C, 0x91, 0x3C, + 0x95, 0x8A, 0xD6, 0x20, 0xBA, 0x8B, 0x5E, 0x5E, + 0xCB, 0xBB, 0x7E, 0x13, 0xCB, 0x9C, 0x70, 0xBD, + 0x5A, 0xB3, 0x0E, 0xB7, 0x48, 0x8C, 0x97, 0x00, + 0x1C, 0x20, 0x49, 0x8F, 0x1D, 0x7C, 0xC0, 0x6D, + 0xA7, 0x6B, 0xF5, 0x20, 0xC6, 0x58, 0xCC, 0xAD, + 0xFA, 0x29, 0x56, 0x42, 0x45, 0x57, 0xAB, 0xEA, + 0x8A, 0xB8, 0x92, 0x39, 0xC1, 0x78, 0x33, 0xDC, + 0x3A, 0x49, 0xB3, 0x6A, 0x9A, 0xE9, 0xA4, 0x86, + 0x94, 0x05, 0x40, 0xEB, 0x44, 0x4F, 0x97, 0x15, + 0x23, 0x57, 0xE0, 0x20, 0x35, 0x93, 0x9D, 0x75, + 0xA3, 0xC0, 0x25, 0xF4, 0x1A, 0x40, 0x08, 0x23, + 0x82, 0xA0, 0x73, 0x3C, 0x39, 0xB0, 0x62, 0x2B, + 0x74, 0x0E, 0x40, 0x75, 0x92, 0xC6, 0x2E, 0xCA, + 0xEB, 0x14, 0x32, 0xC4, 0x45, 0xB3, 0x70, 0x3A, + 0x86, 0xF6, 0x98, 0x1A, 0x27, 0x81, 0x57, 0xEA, + 0x95, 0xA6, 0xE9, 0x2D, 0x55, 0xE4, 0xB9, 0x72, + 0xF9, 0x36, 0xC2, 0xF0, 0xA6, 0x58, 0x28, 0x0E, + 0xA2, 0xB0, 0x7A, 0x48, 0x99, 0x2D, 0xF8, 0x93, + 0x7E, 0x0A, 0x2A, 0xC1, 0xDC, 0xC9, 0x74, 0xFE, + 0x00, 0xAA, 0xE1, 0xF5, 0x61, 0xFA, 0x25, 0x8E, + 0x2D, 0x25, 0x9C, 0x3E, 0x86, 0x1D, 0xCE, 0x23, + 0x60, 0x39, 0x12, 0x76, 0x06, 0xFC, 0x1C, 0xE0, + 0x09, 0x00, 0x3A, 0x7B, 0xAC, 0x94, 0x21, 0x01, + 0xDC, 0xB8, 0x22, 0xB1, 0xF3, 0xC1, 0x2B, 0xF7, + 0x32, 0x38, 0xF5, 0x46, 0xE0, 0x1C, 0x36, 0xB5, + 0xA6, 0x93, 0x61, 0x92, 0x99, 0x5C, 0xC6, 0x9C, + 0x63, 0x23, 0x74, 0x09, 0xCB, 0x53, 0xC2, 0xE3, + 0x5D, 0x74, 0x89, 0x0D, 0x18, 0x88, 0x53, 0x76, + 0xFA, 0x55, 0x03, 0xB1, 0x07, 0xA2, 0xA3, 0x92, + 0x11, 0x5A, 0xCE, 0x0E, 0x64, 0x67, 0x7C, 0xBB, + 0x7D, 0xCF, 0xC9, 0x3C, 0x16, 0xD3, 0xA3, 0x05, + 0xF6, 0x76, 0x15, 0xA4, 0x88, 0xD7, 0x11, 0xAA, + 0x56, 0x69, 0x8C, 0x56, 0x63, 0xAB, 0x7A, 0xC9, + 0xCE, 0x66, 0xD5, 0x47, 0xC0, 0x59, 0x5F, 0x98, + 0xA4, 0x3F, 0x46, 0x50, 0xBB, 0xE0, 0x8C, 0x36, + 0x4D, 0x97, 0x67, 0x89, 0x11, 0x7D, 0x34, 0xF6, + 0xAE, 0x51, 0xAC, 0x06, 0x3C, 0xB5, 0x5C, 0x6C, + 0xA3, 0x25, 0x58, 0x22, 0x7D, 0xFE, 0xF8, 0x07, + 0xD1, 0x9C, 0x30, 0xDE, 0x41, 0x44, 0x24, 0x09, + 0x7F, 0x6A, 0xA2, 0x36, 0xA1, 0x05, 0x3B, 0x4A, + 0x07, 0xA7, 0x6B, 0xE3, 0x72, 0xA5, 0xC6, 0xB6, + 0x00, 0x27, 0x91, 0xEB, 0xE0, 0xAF, 0xDA, 0xF5, + 0x4E, 0x1C, 0xA2, 0x37, 0xFF, 0x54, 0x5B, 0xA6, + 0x83, 0x43, 0xE7, 0x45, 0xC0, 0x4A, 0xD1, 0x63, + 0x9D, 0xBC, 0x59, 0x03, 0x46, 0xB6, 0xB9, 0x56, + 0x9B, 0x56, 0xDB, 0xBF, 0xE5, 0x31, 0x51, 0x91, + 0x30, 0x66, 0xE5, 0xC8, 0x55, 0x27, 0xDC, 0x94, + 0x68, 0x11, 0x0A, 0x13, 0x6A, 0x41, 0x14, 0x97, + 0xC2, 0x27, 0xDC, 0xB8, 0xC9, 0xB2, 0x55, 0x70, + 0xB7, 0xA0, 0xE4, 0x2A, 0xAD, 0xA6, 0x70, 0x9F, + 0x23, 0x20, 0x8F, 0x5D, 0x49, 0x6E, 0xBA, 0xB7, + 0x84, 0x3F, 0x64, 0x83, 0xBF, 0x0C, 0x0C, 0x73, + 0xA4, 0x02, 0x96, 0xEC, 0x2C, 0x64, 0x40, 0x00, + 0x13, 0x94, 0xC9, 0x9C, 0xA1, 0x73, 0xD5, 0xC7, + 0x75, 0xB7, 0xF4, 0x15, 0xD0, 0x2A, 0x5A, 0x26, + 0xA0, 0x74, 0x07, 0x91, 0x85, 0x87, 0xC4, 0x11, + 0x69, 0xF2, 0xB7, 0x17, 0x87, 0x55, 0xAC, 0xC2, + 0x7F, 0xC8, 0xB1, 0x9C, 0x4C, 0x4B, 0x3F, 0xCD, + 0x41, 0x05, 0x3F, 0x2C, 0x74, 0xC8, 0xA1, 0x0A, + 0x83, 0x21, 0x24, 0x1B, 0x28, 0x02, 0x43, 0x28, + 0x75, 0xAE, 0x80, 0x8B, 0x9E, 0xF1, 0x36, 0x5C, + 0x7B, 0x8A, 0x52, 0x90, 0x2F, 0x13, 0x17, 0xBA, + 0x2F, 0xB0, 0x26, 0x9F, 0x47, 0x93, 0x06, 0x72, + 0x10, 0x7B, 0x47, 0x26, 0xFE, 0xF6, 0x45, 0x47, + 0x39, 0x4D, 0x33, 0x20, 0xC8, 0xF1, 0x20, 0xB3, + 0xC2, 0xF4, 0x72, 0x5B, 0x03, 0x05, 0xFA, 0xB8, + 0x8C, 0xC7, 0x98, 0x1F, 0xCB, 0x09, 0xA7, 0x6A, + 0x1C, 0xBF, 0x7F, 0x17, 0x9F, 0x43, 0xBB, 0x0A, + 0x4C, 0x8B, 0x05, 0x90, 0x85, 0x7F, 0x1E, 0x69, + 0x70, 0x84, 0x66, 0xC7, 0xF8, 0x60, 0x73, 0x91, + 0xE7, 0xBC, 0x52, 0x68, 0xBF, 0xD3, 0xD7, 0xA1, + 0xDF, 0xFC, 0xB4, 0xEC, 0xA2, 0xA1, 0xC9, 0xB5, + 0x97, 0x59, 0x30, 0x13, 0xD5, 0xFC, 0x42, 0x02, + 0xEC, 0x2B, 0x74, 0xE5, 0x7A, 0xB7, 0x6B, 0xBC, + 0xF3, 0x63, 0x2B, 0xBA, 0xF9, 0x7C, 0xDC, 0x41, + 0x8A, 0x6F, 0x16, 0x39, 0x28, 0x38, 0xCA, 0x9B, + 0xF4, 0x5D, 0xDF, 0x02, 0x37, 0x77, 0xB7, 0x56, + 0x18, 0x33, 0xC1, 0x05, 0x19, 0x0F, 0x94, 0xF3, + 0x02, 0xC5, 0x9B, 0x53, 0x19, 0x00, 0xBB, 0xC8, + 0x16, 0x36, 0x1F, 0xAA, 0x5B, 0x33, 0x80, 0xCA, + 0x3A, 0x89, 0x31, 0x04, 0xCA, 0x73, 0x88, 0xB1, + 0x85, 0x67, 0x1B, 0x3E, 0x5F, 0xE3, 0x79, 0x0E, + 0x9A, 0x62, 0x6E, 0xC4, 0x6D, 0x9B, 0x0B, 0x33, + 0xC7, 0xA4, 0x19, 0xAF, 0x7B, 0x32, 0xB6, 0x85, + 0x98, 0x94, 0xF5, 0x75, 0xD8, 0x2A, 0xC5, 0x45, + 0x6B, 0x54, 0x90, 0xA7, 0xAF, 0x8F, 0xE6, 0x10, + 0x46, 0x36, 0x05, 0x89, 0xEC, 0xBA, 0x72, 0x44, + 0x23, 0x6F, 0x41, 0x23, 0x11, 0x6B, 0x61, 0x74, + 0xAA, 0x17, 0x92, 0x49, 0xA4, 0x91, 0x95, 0xB3, + 0x56, 0xC7, 0x2F, 0xC6, 0x64, 0x1F, 0x02, 0x51, + 0x81, 0x2E, 0xAA, 0x98, 0x57, 0x0B, 0x04, 0x66, + 0x99, 0x07, 0x0E, 0x08, 0x19, 0xDC, 0x27, 0x13, + 0xF4, 0x69, 0x13, 0x7D, 0xFC, 0x6A, 0x3D, 0x7B, + 0x92, 0xB2, 0x98, 0x99, 0x5E, 0xE7, 0x80, 0x36, + 0x91, 0x53, 0xAC, 0x36, 0x6B, 0x06, 0xD7, 0x24, + 0x9C, 0xD0, 0x9E, 0x1B, 0x33, 0x78, 0xFB, 0x04, + 0x39, 0x9C, 0xEC, 0xB8, 0x65, 0x05, 0x81, 0xD6, + 0x37, 0xC7, 0x9A, 0xE6, 0x7D, 0x6F, 0x2C, 0xAF, + 0x6A, 0xBA, 0xCF, 0x59, 0x81, 0x59, 0xA7, 0x79, + 0x2C, 0xB3, 0xC9, 0x71, 0xD1, 0x49, 0x9D, 0x23, + 0x73, 0xAD, 0x20, 0xF6, 0x3F, 0x03, 0xBB, 0x59, + 0xED, 0x13, 0x73, 0x84, 0xAC, 0x61, 0xA7, 0x15, + 0x51, 0x43, 0xB8, 0xCA, 0x49, 0x32, 0x61, 0x2E, + 0xC9, 0x15, 0xE4, 0xCA, 0x34, 0x6A, 0x9B, 0xCE, + 0x5D, 0xD6, 0x04, 0x17, 0xC6, 0xB2, 0xA8, 0x9B, + 0x1C, 0xC4, 0x35, 0x64, 0x3F, 0x87, 0x5B, 0xDC, + 0x5A, 0x7E, 0x5B, 0x34, 0x81, 0xCF, 0x91, 0x9E, + 0xA0, 0x91, 0x72, 0xFE, 0xBC, 0x46, 0xD4, 0xFC, + 0x3F, 0xB0, 0xCB, 0x95, 0x91, 0x70, 0x4E, 0xE2, + 0xDB, 0xB6, 0x18, 0x44, 0xB2, 0xF3, 0x31, 0x4A, + 0x06, 0xBB, 0x6C, 0x6D, 0x34, 0x00, 0x5E, 0x48, + 0x5C, 0xE6, 0x67, 0xBD, 0xC7, 0xD0, 0x98, 0x58, + 0x69, 0x28, 0xD2, 0xD9, 0x13, 0x40, 0xF0, 0x04, + 0x19, 0xEA, 0x40, 0x13, 0x51, 0xA2, 0x40, 0xA0, + 0xB0, 0x41, 0x05, 0x8B, 0xEF, 0xB0, 0xC2, 0xFD, + 0x32, 0x64, 0x5B, 0x7A, 0x2D, 0xF8, 0xF5, 0xCB, + 0xFD, 0x87, 0x33, 0x27, 0xC9, 0x78, 0xD7, 0xB3, + 0x51, 0xA2, 0x80, 0x88, 0x43, 0x88, 0x37, 0x02, + 0x4C, 0x52, 0xB9, 0xC2, 0x95, 0xCD, 0x71, 0x36, + 0x46, 0xFB, 0x5D, 0x6C, 0x0C, 0xCF, 0xB4, 0x70, + 0x73, 0x4A, 0xC2, 0xB2, 0xBC, 0x81, 0x23, 0xC2, + 0xC1, 0x3D, 0xF6, 0x93, 0x8E, 0x92, 0x45, 0x5A, + 0x86, 0x26, 0x39, 0xFE, 0xB8, 0xA6, 0x4B, 0x85, + 0x16, 0x3E, 0x32, 0x70, 0x7E, 0x03, 0x7B, 0x38, + 0xD8, 0xAC, 0x39, 0x22, 0xB4, 0x51, 0x87, 0xBB, + 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C, + 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15, + 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C, + 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22, + 0x7F, 0xFA, 0xD1, 0xBC, 0x8A, 0xF7, 0x3B, 0x7E, + 0x87, 0x49, 0x56, 0xB8, 0x1C, 0x2A, 0x2E, 0xF0, + 0xBF, 0xAB, 0xE8, 0xDC, 0x93, 0xD7, 0x7B, 0x2F, + 0xBC, 0x9E, 0x0C, 0x64, 0xEF, 0xA0, 0x1E, 0x84, + 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08, + 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21, + 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, + 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM + WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_sk[] = { + 0x9c, 0xda, 0x16, 0x86, 0xa3, 0x39, 0x6a, 0x7c, + 0x10, 0x9b, 0x41, 0x52, 0x89, 0xf5, 0x6a, 0x9e, + 0xc4, 0x4c, 0xd5, 0xb9, 0xb6, 0x74, 0xc3, 0x8a, + 0x3b, 0xba, 0xb3, 0x0a, 0x2c, 0x90, 0xf0, 0x04, + 0x37, 0xa2, 0x64, 0xb0, 0xbe, 0x9a, 0x1e, 0x8b, + 0xa8, 0x87, 0xd3, 0xc3, 0xb1, 0x00, 0x89, 0x80, + 0x54, 0x27, 0x2f, 0x94, 0x1c, 0x88, 0xa1, 0xf2, + 0x08, 0xf1, 0xc9, 0x14, 0xf9, 0x64, 0xc1, 0xaa, + 0xd6, 0x13, 0xa6, 0xa8, 0x4f, 0x88, 0xe4, 0x2d, + 0x35, 0x56, 0x83, 0x5f, 0xb1, 0x61, 0xfd, 0xc5, + 0xcd, 0x15, 0xa3, 0xbc, 0x7e, 0x74, 0xb6, 0xf2, + 0x61, 0x2f, 0xa8, 0x27, 0x1c, 0x7e, 0xa1, 0x12, + 0xb0, 0x5c, 0x2a, 0x36, 0xcc, 0x70, 0x7c, 0xe3, + 0x8d, 0x5d, 0x1a, 0xcc, 0x51, 0x15, 0x46, 0x2a, + 0x8c, 0x1a, 0xab, 0xf0, 0x72, 0x76, 0xc7, 0x23, + 0x18, 0x33, 0x7f, 0x74, 0xb5, 0xcb, 0xef, 0xea, + 0x7a, 0x80, 0x37, 0x90, 0xbc, 0x03, 0x93, 0xf3, + 0xa5, 0x4c, 0x72, 0x4a, 0x57, 0x65, 0xa4, 0x8f, + 0x29, 0x6b, 0x03, 0xf4, 0x84, 0x37, 0x60, 0x23, + 0x62, 0x69, 0x30, 0x22, 0x27, 0x04, 0xc0, 0x8f, + 0xd3, 0xbc, 0x72, 0x93, 0x15, 0xd1, 0xfc, 0x70, + 0xeb, 0x79, 0x75, 0xa9, 0x7b, 0x9d, 0xee, 0xd1, + 0x62, 0xf4, 0x86, 0xbb, 0xc6, 0x4a, 0x09, 0x71, + 0x11, 0x95, 0x2d, 0x89, 0xb5, 0x7d, 0x76, 0x5e, + 0x8a, 0x99, 0x1a, 0x2e, 0x56, 0x42, 0x06, 0xea, + 0x7b, 0xf5, 0xe4, 0x00, 0x7a, 0x66, 0x35, 0x88, + 0x31, 0xca, 0x0e, 0x34, 0xb2, 0xf6, 0xa8, 0x4d, + 0x10, 0xf7, 0x9c, 0x47, 0x7c, 0xb6, 0x6a, 0x8a, + 0x95, 0x25, 0x69, 0x36, 0x73, 0x88, 0x13, 0x0d, + 0x7b, 0x97, 0x4a, 0x63, 0xaa, 0x51, 0x99, 0x6c, + 0x97, 0x70, 0x9b, 0xb8, 0xea, 0xbc, 0x94, 0xe6, + 0xa5, 0x35, 0xd7, 0x92, 0xd2, 0x90, 0x54, 0x74, + 0x95, 0x2d, 0x6b, 0x8c, 0x22, 0x22, 0xb2, 0xae, + 0x56, 0xdc, 0x66, 0xfb, 0x04, 0x61, 0x19, 0x20, + 0x66, 0xcd, 0xdb, 0x43, 0xec, 0x05, 0x98, 0x4f, + 0xb4, 0x98, 0x26, 0x49, 0x77, 0x13, 0x97, 0xc6, + 0xa8, 0x37, 0x9f, 0x3b, 0x56, 0x43, 0x06, 0x98, + 0x48, 0x87, 0x59, 0x19, 0xe8, 0x9c, 0xc4, 0x39, + 0xa3, 0xbe, 0x2f, 0x08, 0x14, 0x90, 0xf3, 0x41, + 0xbd, 0x12, 0x40, 0xad, 0xd8, 0x0d, 0xdb, 0x8c, + 0x99, 0x63, 0xb4, 0x7a, 0x2a, 0x09, 0x92, 0x29, + 0x03, 0x38, 0xda, 0x9c, 0x3b, 0x72, 0x5c, 0x6d, + 0xa4, 0x47, 0x18, 0xc0, 0x10, 0x46, 0x81, 0x25, + 0x62, 0xaf, 0xb0, 0x84, 0x83, 0x7a, 0xcb, 0x3c, + 0x57, 0x5e, 0x4f, 0x93, 0x93, 0x6c, 0x35, 0x2a, + 0xc0, 0xe7, 0x0a, 0xa3, 0x84, 0x5e, 0xe4, 0x85, + 0x29, 0x6e, 0x6b, 0x02, 0xde, 0x0b, 0x47, 0xb5, + 0xc4, 0xc9, 0x6b, 0x0b, 0x7c, 0xf9, 0x4c, 0x4a, + 0xbe, 0x95, 0x48, 0x61, 0x53, 0x11, 0x8e, 0x43, + 0xc2, 0xb9, 0xc8, 0x4d, 0x9d, 0xa9, 0x1c, 0x6c, + 0x5a, 0xcd, 0x5a, 0x57, 0x00, 0x2d, 0x05, 0x84, + 0x97, 0x99, 0x27, 0x99, 0xe5, 0xba, 0x1c, 0xe6, + 0xc2, 0x5e, 0xb2, 0x98, 0x44, 0xd8, 0x58, 0xba, + 0x1c, 0x37, 0x85, 0x0c, 0x0c, 0x2f, 0x57, 0xc6, + 0x0d, 0xe3, 0x7f, 0x77, 0xc0, 0x82, 0xec, 0x14, + 0x49, 0x4e, 0xba, 0x28, 0x8a, 0x65, 0x91, 0x51, + 0x16, 0xc2, 0x0a, 0x32, 0x5d, 0xe3, 0x1a, 0xaa, + 0xdd, 0x68, 0x0d, 0xb1, 0x9c, 0x0c, 0xfc, 0xc3, + 0x46, 0x0f, 0x0a, 0xa0, 0x1a, 0x87, 0xa6, 0xa5, + 0x80, 0xc6, 0xca, 0x29, 0x1f, 0xae, 0xf0, 0xcc, + 0xc4, 0x9b, 0x76, 0xa8, 0xda, 0xc4, 0xf9, 0xd4, + 0x16, 0x40, 0x50, 0x9d, 0xbd, 0x0b, 0x40, 0x45, + 0xc1, 0x53, 0x0e, 0xd3, 0x47, 0x55, 0xd4, 0x74, + 0x62, 0x70, 0x0f, 0x2a, 0x8c, 0xaf, 0x96, 0x80, + 0xa6, 0xd7, 0xe3, 0x8a, 0x7e, 0x2a, 0x63, 0xe9, + 0x37, 0x65, 0x0a, 0x23, 0x30, 0x6d, 0x85, 0x5d, + 0xa2, 0xa2, 0xb7, 0xef, 0x50, 0x5c, 0xa5, 0x96, + 0xab, 0x04, 0x85, 0x01, 0x3e, 0xa9, 0x27, 0xc7, + 0x34, 0x23, 0x43, 0x61, 0x36, 0x43, 0xba, 0x40, + 0x07, 0xd6, 0xc8, 0x74, 0xb9, 0x80, 0xc7, 0x9c, + 0x3a, 0xa1, 0xc7, 0x4f, 0x85, 0x81, 0xc3, 0x48, + 0x49, 0xb3, 0x6e, 0xa7, 0x98, 0x15, 0xfb, 0xb4, + 0xcc, 0xf9, 0x61, 0x05, 0x83, 0x08, 0x1d, 0x7c, + 0x5b, 0x44, 0x09, 0xb8, 0xd0, 0x53, 0x1c, 0x04, + 0xbc, 0xaf, 0x7c, 0xc7, 0x51, 0x10, 0x3a, 0x5f, + 0xd1, 0xba, 0x44, 0x70, 0x83, 0x3e, 0x89, 0x77, + 0x5a, 0xde, 0xd9, 0x70, 0xb5, 0x47, 0x18, 0x59, + 0x25, 0x0f, 0xe7, 0x26, 0x71, 0x05, 0x83, 0x5f, + 0x39, 0x00, 0x30, 0xc5, 0xe7, 0xcd, 0x3f, 0x96, + 0x10, 0x19, 0xea, 0xae, 0xa2, 0x37, 0x77, 0xd3, + 0x47, 0xbb, 0x2a, 0xdc, 0xb6, 0x73, 0xc0, 0x20, + 0x34, 0xf3, 0x94, 0x34, 0x22, 0x71, 0xbc, 0xea, + 0x64, 0x14, 0xe5, 0x46, 0xc3, 0xb2, 0x0b, 0xd5, + 0x74, 0x81, 0xc7, 0xea, 0x14, 0xc7, 0x7c, 0x38, + 0x8c, 0xc8, 0x62, 0x51, 0xc1, 0x25, 0x58, 0xb1, + 0x00, 0xf8, 0xc5, 0xb3, 0xd0, 0x3c, 0xa2, 0xc7, + 0x07, 0x13, 0x90, 0x96, 0x59, 0xc8, 0xba, 0x26, + 0xd0, 0xd1, 0x76, 0x5e, 0x0b, 0xc8, 0x23, 0xd6, + 0x8c, 0xa5, 0x57, 0x0d, 0xe6, 0x00, 0xcd, 0x09, + 0x41, 0x72, 0x5d, 0x38, 0x6e, 0x14, 0xc1, 0x01, + 0x2d, 0xf5, 0x95, 0x1b, 0xeb, 0x8d, 0x82, 0x81, + 0xa4, 0xf6, 0x81, 0x5d, 0x37, 0x60, 0xb7, 0x64, + 0x29, 0x5a, 0xd0, 0x40, 0x6c, 0x2b, 0xf7, 0x92, + 0x8a, 0xd6, 0x50, 0x32, 0xb6, 0x5f, 0x14, 0xb7, + 0x7c, 0xcb, 0x89, 0x17, 0xc9, 0x3a, 0x29, 0xd6, + 0x28, 0x7d, 0x8a, 0x60, 0x62, 0x39, 0x9c, 0xb6, + 0x40, 0x08, 0x65, 0xed, 0x10, 0xb6, 0x19, 0xaa, + 0x58, 0x11, 0x13, 0x9b, 0xc0, 0x86, 0x82, 0x57, + 0x82, 0xb2, 0xb7, 0x12, 0x4f, 0x75, 0x7c, 0x83, + 0xae, 0x79, 0x44, 0x44, 0xbc, 0x78, 0xa4, 0x78, + 0x96, 0xac, 0xf1, 0x26, 0x2c, 0x81, 0x35, 0x10, + 0x77, 0x89, 0x3b, 0xfc, 0x56, 0xf9, 0x04, 0x49, + 0xc2, 0xfa, 0x5f, 0x6e, 0x58, 0x6d, 0xd3, 0x7c, + 0x0b, 0x9b, 0x58, 0x19, 0x92, 0x63, 0x8c, 0xb7, + 0xe7, 0xbc, 0xbb, 0xb9, 0x9a, 0xfe, 0x47, 0x81, + 0xd8, 0x0a, 0x50, 0xe6, 0x94, 0x63, 0xfb, 0xd9, + 0x88, 0x72, 0x2c, 0x36, 0x35, 0x42, 0x3e, 0x27, + 0x46, 0x6c, 0x71, 0xdc, 0xc6, 0x74, 0x52, 0x7c, + 0xcd, 0x72, 0x89, 0x68, 0xcb, 0xcd, 0xc0, 0x0c, + 0x5c, 0x90, 0x35, 0xbb, 0x0a, 0xf2, 0xc9, 0x92, + 0x2c, 0x78, 0x81, 0xa4, 0x1d, 0xd2, 0x87, 0x52, + 0x73, 0x92, 0x51, 0x31, 0x23, 0x0f, 0x6c, 0xa5, + 0x9e, 0x91, 0x36, 0xb3, 0x9f, 0x95, 0x6c, 0x93, + 0xb3, 0xb2, 0xd1, 0x4c, 0x64, 0x1b, 0x08, 0x9e, + 0x07, 0xd0, 0xa8, 0x40, 0xc8, 0x93, 0xec, 0xd7, + 0x6b, 0xbf, 0x92, 0xc8, 0x05, 0x45, 0x66, 0x68, + 0xd0, 0x7c, 0x62, 0x14, 0x91, 0xc5, 0xc0, 0x54, + 0x99, 0x1a, 0x65, 0x6f, 0x51, 0x16, 0x19, 0x55, + 0x6e, 0xb9, 0x77, 0x82, 0xe2, 0x7a, 0x3c, 0x78, + 0x51, 0x24, 0xc7, 0x0b, 0x0d, 0xab, 0xa6, 0xc6, + 0x24, 0xd1, 0x8e, 0x0f, 0x97, 0x93, 0xf9, 0x6b, + 0xa9, 0xe1, 0x59, 0x9b, 0x17, 0xb3, 0x0d, 0xcc, + 0xc0, 0xb4, 0xf3, 0x76, 0x6a, 0x07, 0xb2, 0x3b, + 0x25, 0x73, 0x09, 0xcd, 0x76, 0xab, 0xa0, 0x72, + 0xc2, 0xb9, 0xc9, 0x74, 0x43, 0x94, 0xc6, 0xab, + 0x9c, 0xb6, 0xc5, 0x4a, 0x97, 0xb5, 0xc5, 0x78, + 0x61, 0xa5, 0x8d, 0xc0, 0xa0, 0x35, 0x19, 0x83, + 0x2e, 0xe3, 0x2a, 0x07, 0x65, 0x4a, 0x07, 0x0c, + 0x0c, 0x8c, 0x4e, 0x86, 0x48, 0xad, 0xdc, 0x35, + 0x5f, 0x27, 0x4f, 0xc6, 0xb9, 0x2a, 0x08, 0x7b, + 0x3f, 0x97, 0x51, 0x92, 0x3e, 0x44, 0x27, 0x4f, + 0x85, 0x8c, 0x49, 0xca, 0xba, 0x72, 0xb6, 0x58, + 0x51, 0xb3, 0xad, 0xc4, 0x89, 0x36, 0x95, 0x50, + 0x97, 0xca, 0xd9, 0x55, 0x3f, 0x5a, 0x26, 0x3f, + 0x18, 0x44, 0xb5, 0x2a, 0x02, 0x0f, 0xf7, 0xca, + 0x89, 0xe8, 0x81, 0xa0, 0x1b, 0x95, 0xd9, 0x57, + 0xa3, 0x15, 0x3c, 0x0a, 0x5e, 0x0a, 0x1c, 0xcd, + 0x66, 0xb1, 0x82, 0x1a, 0x2b, 0x86, 0x32, 0x54, + 0x6e, 0x24, 0xc7, 0xcb, 0xbc, 0x4c, 0xb0, 0x88, + 0x08, 0xca, 0xc3, 0x7f, 0x7d, 0xa6, 0xb1, 0x6f, + 0x8a, 0xce, 0xd0, 0x52, 0xcd, 0xb2, 0x56, 0x49, + 0x48, 0xf1, 0xab, 0x0f, 0x76, 0x8a, 0x0d, 0x32, + 0x86, 0xcc, 0xc7, 0xc3, 0x74, 0x9c, 0x63, 0xc7, + 0x81, 0x53, 0x0f, 0xa1, 0xae, 0x67, 0x05, 0x42, + 0x85, 0x50, 0x04, 0xa6, 0x45, 0xb5, 0x22, 0x88, + 0x1e, 0xc1, 0x41, 0x2b, 0xda, 0xe3, 0x42, 0x08, + 0x5a, 0x9d, 0xd5, 0xf8, 0x12, 0x6a, 0xf9, 0x6b, + 0xbd, 0xb0, 0xc1, 0xaf, 0x69, 0xa1, 0x55, 0x62, + 0xcb, 0x2a, 0x15, 0x5a, 0x10, 0x03, 0x09, 0xd1, + 0xb6, 0x41, 0xd0, 0x8b, 0x2d, 0x4e, 0xd1, 0x7b, + 0xfb, 0xf0, 0xbc, 0x04, 0x26, 0x5f, 0x9b, 0x10, + 0xc1, 0x08, 0xf8, 0x50, 0x30, 0x95, 0x04, 0xd7, + 0x72, 0x81, 0x1b, 0xba, 0x8e, 0x2b, 0xe1, 0x62, + 0x49, 0xaa, 0x73, 0x7d, 0x87, 0x9f, 0xc7, 0xfb, + 0x25, 0x5e, 0xe7, 0xa6, 0xa0, 0xa7, 0x53, 0xbd, + 0x93, 0x74, 0x1c, 0x61, 0x65, 0x8e, 0xc0, 0x74, + 0xf6, 0xe0, 0x02, 0xb0, 0x19, 0x34, 0x57, 0x69, + 0x11, 0x3c, 0xc0, 0x13, 0xff, 0x74, 0x94, 0xba, + 0x83, 0x78, 0xb1, 0x1a, 0x17, 0x22, 0x60, 0xaa, + 0xa5, 0x34, 0x21, 0xbd, 0xe0, 0x3a, 0x35, 0x58, + 0x9d, 0x57, 0xe3, 0x22, 0xfe, 0xfa, 0x41, 0x00, + 0xa4, 0x74, 0x39, 0x26, 0xab, 0x7d, 0x62, 0x25, + 0x8b, 0x87, 0xb3, 0x1c, 0xcb, 0xb5, 0xe6, 0xb8, + 0x9c, 0xb1, 0x0b, 0x27, 0x1a, 0xa0, 0x5d, 0x99, + 0x4b, 0xb5, 0x70, 0x8b, 0x23, 0xab, 0x32, 0x7e, + 0xcb, 0x93, 0xc0, 0xf3, 0x15, 0x68, 0x69, 0xf0, + 0x88, 0x3d, 0xa2, 0x06, 0x4f, 0x79, 0x5e, 0x0e, + 0x2a, 0xb7, 0xd3, 0xc6, 0x4d, 0x61, 0xd2, 0x30, + 0x3f, 0xc3, 0xa2, 0x9e, 0x16, 0x19, 0x92, 0x3c, + 0xa8, 0x01, 0xe5, 0x9f, 0xd7, 0x52, 0xca, 0x6e, + 0x76, 0x49, 0xd3, 0x03, 0xc9, 0xd2, 0x07, 0x88, + 0xe1, 0x21, 0x46, 0x51, 0xb0, 0x69, 0x95, 0xeb, + 0x26, 0x0c, 0x92, 0x9a, 0x13, 0x44, 0xa8, 0x49, + 0xb2, 0x5c, 0xa0, 0xa0, 0x1f, 0x1e, 0xb5, 0x29, + 0x13, 0x68, 0x6b, 0xba, 0x61, 0x9e, 0x23, 0x71, + 0x44, 0x64, 0x03, 0x1a, 0x78, 0x43, 0x92, 0x87, + 0xfc, 0xa7, 0x8f, 0x4c, 0x04, 0x76, 0x22, 0x3e, + 0xea, 0x61, 0xb7, 0xf2, 0x5a, 0x7c, 0xe4, 0x2c, + 0xca, 0x90, 0x1b, 0x2a, 0xea, 0x12, 0x98, 0x17, + 0x89, 0x4b, 0xa3, 0x47, 0x08, 0x23, 0x85, 0x4f, + 0x3e, 0x5b, 0x28, 0xd8, 0x6b, 0xa9, 0x79, 0xe5, + 0x46, 0x71, 0x86, 0x2d, 0x90, 0x47, 0x0b, 0x1e, + 0x78, 0x38, 0x97, 0x2a, 0x81, 0xa4, 0x81, 0x07, + 0xd6, 0xac, 0x06, 0x11, 0x40, 0x6b, 0x21, 0xfb, + 0xcc, 0xe1, 0xdb, 0x77, 0x02, 0xea, 0x9d, 0xd6, + 0xba, 0x6e, 0x40, 0x52, 0x7b, 0x9d, 0xc6, 0x63, + 0xf3, 0xc9, 0x3b, 0xad, 0x05, 0x6d, 0xc2, 0x85, + 0x11, 0xf6, 0x6c, 0x3e, 0x0b, 0x92, 0x8d, 0xb8, + 0x87, 0x9d, 0x22, 0xc5, 0x92, 0x68, 0x5c, 0xc7, + 0x75, 0xa6, 0xcd, 0x57, 0x4a, 0xc3, 0xbc, 0xe3, + 0xb2, 0x75, 0x91, 0xc8, 0x21, 0x92, 0x90, 0x76, + 0x35, 0x8a, 0x22, 0x00, 0xb3, 0x77, 0x36, 0x5f, + 0x7e, 0xfb, 0x9e, 0x40, 0xc3, 0xbf, 0x0f, 0xf0, + 0x43, 0x29, 0x86, 0xae, 0x4b, 0xc1, 0xa2, 0x42, + 0xce, 0x99, 0x21, 0xaa, 0x9e, 0x22, 0x44, 0x88, + 0x19, 0x58, 0x5d, 0xea, 0x30, 0x8e, 0xb0, 0x39, + 0x50, 0xc8, 0xdd, 0x15, 0x2a, 0x45, 0x31, 0xaa, + 0xb5, 0x60, 0xd2, 0xfc, 0x7c, 0xa9, 0xa4, 0x0a, + 0xd8, 0xaf, 0x25, 0xad, 0x1d, 0xd0, 0x8c, 0x6d, + 0x79, 0xaf, 0xe4, 0xdd, 0x4d, 0x1e, 0xee, 0x5a, + 0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08, + 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, + 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f + }; +#endif +#ifdef WOLFSSL_MLKEM_KYBER + WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ct[] = { + 0xED, 0xF2, 0x41, 0x45, 0xE4, 0x3B, 0x4F, 0x6D, + 0xC6, 0xBF, 0x83, 0x32, 0xF5, 0x4E, 0x02, 0xCA, + 0xB0, 0x2D, 0xBF, 0x3B, 0x56, 0x05, 0xDD, 0xC9, + 0x0A, 0x15, 0xC8, 0x86, 0xAD, 0x3E, 0xD4, 0x89, + 0x46, 0x26, 0x99, 0xE4, 0xAB, 0xED, 0x44, 0x35, + 0x0B, 0xC3, 0x75, 0x7E, 0x26, 0x96, 0xFB, 0xFB, + 0x25, 0x34, 0x41, 0x2E, 0x8D, 0xD2, 0x01, 0xF1, + 0xE4, 0x54, 0x0A, 0x39, 0x70, 0xB0, 0x55, 0xFE, + 0x3B, 0x0B, 0xEC, 0x3A, 0x71, 0xF9, 0xE1, 0x15, + 0xB3, 0xF9, 0xF3, 0x91, 0x02, 0x06, 0x5B, 0x1C, + 0xCA, 0x83, 0x14, 0xDC, 0xC7, 0x95, 0xE3, 0xC0, + 0xE8, 0xFA, 0x98, 0xEE, 0x83, 0xCA, 0x66, 0x28, + 0x45, 0x70, 0x28, 0xA4, 0xD0, 0x9E, 0x83, 0x9E, + 0x55, 0x48, 0x62, 0xCF, 0x0B, 0x7B, 0xF5, 0x6C, + 0x5C, 0x0A, 0x82, 0x9E, 0x86, 0x57, 0x94, 0x79, + 0x45, 0xFE, 0x9C, 0x22, 0x56, 0x4F, 0xBA, 0xEB, + 0xC1, 0xB3, 0xAF, 0x35, 0x0D, 0x79, 0x55, 0x50, + 0x8A, 0x26, 0xD8, 0xA8, 0xEB, 0x54, 0x7B, 0x8B, + 0x1A, 0x2C, 0xF0, 0x3C, 0xCA, 0x1A, 0xAB, 0xCE, + 0x6C, 0x34, 0x97, 0x78, 0x3B, 0x64, 0x65, 0xBA, + 0x0B, 0x6E, 0x7A, 0xCB, 0xA8, 0x21, 0x19, 0x51, + 0x24, 0xAE, 0xF0, 0x9E, 0x62, 0x83, 0x82, 0xA1, + 0xF9, 0x14, 0x04, 0x3B, 0xE7, 0x09, 0x6E, 0x95, + 0x2C, 0xBC, 0x4F, 0xB4, 0xAF, 0xED, 0x13, 0x60, + 0x90, 0x46, 0x11, 0x7C, 0x01, 0x1F, 0xD7, 0x41, + 0xEE, 0x28, 0x6C, 0x83, 0x77, 0x16, 0x90, 0xF0, + 0xAE, 0xB5, 0x0D, 0xA0, 0xD7, 0x12, 0x85, 0xA1, + 0x79, 0xB2, 0x15, 0xC6, 0x03, 0x6D, 0xEB, 0x78, + 0x0F, 0x4D, 0x16, 0x76, 0x9F, 0x72, 0xDE, 0x16, + 0xFD, 0xAD, 0xAC, 0x73, 0xBE, 0xFA, 0x5B, 0xEF, + 0x89, 0x43, 0x19, 0x7F, 0x44, 0xC5, 0x95, 0x89, + 0xDC, 0x9F, 0x49, 0x73, 0xDE, 0x14, 0x50, 0xBA, + 0x1D, 0x0C, 0x32, 0x90, 0xD6, 0xB1, 0xD6, 0x83, + 0xF2, 0x94, 0xE7, 0x59, 0xC9, 0x54, 0xAB, 0xE8, + 0xA7, 0xDA, 0x5B, 0x10, 0x54, 0xFD, 0x6D, 0x21, + 0x32, 0x9B, 0x8E, 0x73, 0xD3, 0x75, 0x6A, 0xFD, + 0xA0, 0xDC, 0xB1, 0xFC, 0x8B, 0x15, 0x82, 0xD1, + 0xF9, 0x0C, 0xF2, 0x75, 0xA1, 0x02, 0xAB, 0xC6, + 0xAC, 0x69, 0x9D, 0xF0, 0xC5, 0x87, 0x0E, 0x50, + 0xA1, 0xF9, 0x89, 0xE4, 0xE6, 0x24, 0x1B, 0x60, + 0xAA, 0xA2, 0xEC, 0xF9, 0xE8, 0xE3, 0x3E, 0x0F, + 0xFC, 0xF4, 0x0F, 0xE8, 0x31, 0xE8, 0xFD, 0xC2, + 0xE8, 0x3B, 0x52, 0xCA, 0x7A, 0xB6, 0xD9, 0x3F, + 0x14, 0x6D, 0x29, 0xDC, 0xA5, 0x3C, 0x7D, 0xA1, + 0xDB, 0x4A, 0xC4, 0xF2, 0xDB, 0x39, 0xEA, 0x12, + 0x0D, 0x90, 0xFA, 0x60, 0xF4, 0xD4, 0x37, 0xC6, + 0xD0, 0x0E, 0xF4, 0x83, 0xBC, 0x94, 0xA3, 0x17, + 0x5C, 0xDA, 0x16, 0x3F, 0xC1, 0xC2, 0x82, 0x8B, + 0xE4, 0xDB, 0xD6, 0x43, 0x05, 0x07, 0xB5, 0x84, + 0xBB, 0x51, 0x77, 0xE1, 0x71, 0xB8, 0xDD, 0xA9, + 0xA4, 0x29, 0x3C, 0x32, 0x00, 0x29, 0x5C, 0x80, + 0x3A, 0x86, 0x5D, 0x6D, 0x21, 0x66, 0xF6, 0x6B, + 0xA5, 0x40, 0x1F, 0xB7, 0xA0, 0xE8, 0x53, 0x16, + 0x86, 0x00, 0xA2, 0x94, 0x84, 0x37, 0xE0, 0x36, + 0xE3, 0xBF, 0x19, 0xE1, 0x2F, 0xD3, 0xF2, 0xA2, + 0xB8, 0xB3, 0x43, 0xF7, 0x84, 0x24, 0x8E, 0x8D, + 0x68, 0x5E, 0xB0, 0xAF, 0xDE, 0x63, 0x15, 0x33, + 0x87, 0x30, 0xE7, 0xA1, 0x00, 0x1C, 0x27, 0xD8, + 0xD2, 0xA7, 0x6F, 0xA6, 0x9D, 0x15, 0x7B, 0xA1, + 0xAC, 0x7A, 0xD5, 0x6D, 0xA5, 0xA8, 0xC7, 0x0F, + 0xE4, 0xB5, 0xB8, 0xD7, 0x86, 0xDC, 0x6F, 0xC0, + 0x56, 0x6B, 0xA8, 0xE1, 0xB8, 0x81, 0x63, 0x34, + 0xD3, 0x2A, 0x3F, 0xB1, 0xCE, 0x7D, 0x4D, 0x5E, + 0x4C, 0x33, 0x2A, 0xF7, 0xB0, 0x03, 0xD0, 0x91, + 0x74, 0x1A, 0x3D, 0x5C, 0x96, 0x52, 0x92, 0x25, + 0x5D, 0xFF, 0x8E, 0xD2, 0xBB, 0xF1, 0xF9, 0x11, + 0x6B, 0xE5, 0x0C, 0x17, 0xB8, 0xE5, 0x48, 0x74, + 0x8A, 0xD4, 0xB2, 0xE9, 0x57, 0xBB, 0xD1, 0x95, + 0x34, 0x82, 0xA2, 0xE1, 0x71, 0x8C, 0xEC, 0x66, + 0xCD, 0x2C, 0x81, 0xF5, 0x72, 0xD5, 0x52, 0xB7, + 0x18, 0x78, 0x85, 0xE6, 0xB8, 0x94, 0x3D, 0x64, + 0x31, 0x41, 0x3C, 0x59, 0xEB, 0xB7, 0xE0, 0x36, + 0x04, 0x84, 0x90, 0xBE, 0x52, 0x89, 0xE9, 0x5B, + 0x20, 0xA8, 0x9E, 0x8B, 0x15, 0x9F, 0x61, 0xA9, + 0xA9, 0x88, 0x6E, 0x14, 0x75, 0x68, 0xF4, 0xC9, + 0x02, 0x1F, 0x36, 0x2F, 0x02, 0x68, 0x8A, 0x1C, + 0x8C, 0x3B, 0xB0, 0xD2, 0x40, 0x86, 0x88, 0x0E, + 0x55, 0xB6, 0xED, 0xB4, 0x3F, 0x37, 0x45, 0xD2, + 0xC1, 0x66, 0xDC, 0x1C, 0xB7, 0x43, 0xC7, 0x6F, + 0xE6, 0xBE, 0x52, 0x3A, 0x89, 0x3C, 0xC7, 0x64, + 0xD1, 0x64, 0x35, 0xC3, 0x78, 0x51, 0x25, 0x2A, + 0x81, 0xE2, 0xFF, 0xBA, 0x0F, 0x18, 0x97, 0x1A, + 0x3D, 0xEE, 0x37, 0xD4, 0x87, 0x7C, 0xB9, 0x28, + 0xE3, 0x6E, 0x52, 0x35, 0x03, 0x7A, 0x6B, 0x20, + 0x57, 0x89, 0x7D, 0x51, 0x8A, 0x5F, 0x0E, 0x34, + 0x8E, 0x3A, 0xB6, 0xD5, 0xB5, 0x2D, 0xFC, 0x60, + 0x75, 0x7F, 0x3B, 0x41, 0xA4, 0xFE, 0xC7, 0x82, + 0x8F, 0x1D, 0xEE, 0xAF, 0x45, 0x87, 0xCC, 0xC8, + 0xEA, 0xDF, 0x64, 0x7F, 0x4D, 0x20, 0x3B, 0x2F, + 0xAA, 0x05, 0xA6, 0x49, 0xB5, 0x82, 0x34, 0x0C, + 0xB4, 0xCA, 0xCE, 0x57, 0xA3, 0x07, 0x11, 0xBE, + 0x75, 0x2F, 0xAC, 0xF0, 0x22, 0x7D, 0x0A, 0x80, + 0xC4, 0x12, 0x84, 0x42, 0xDD, 0xC5, 0x44, 0xBE, + 0x80, 0x5B, 0x9C, 0xFE, 0x8F, 0xE9, 0xB1, 0x23, + 0x7C, 0x80, 0xF9, 0x67, 0x87, 0xCD, 0x92, 0x81, + 0xCC, 0xF2, 0x70, 0xC1, 0xAF, 0xC0, 0x67, 0x0D + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM + WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_ct[] = { + 0x11, 0x3d, 0xb2, 0xdd, 0x06, 0x87, 0x12, 0x35, + 0xe7, 0xbc, 0x36, 0xc9, 0xdc, 0xaa, 0x52, 0x8f, + 0xc2, 0x6c, 0xe5, 0xdb, 0x9e, 0xcc, 0x1d, 0xc3, + 0x2e, 0x95, 0x7d, 0x7f, 0xfb, 0x3c, 0x74, 0x29, + 0xd5, 0x0c, 0x3c, 0x35, 0x77, 0xa5, 0x15, 0xd3, + 0x18, 0x3a, 0x1b, 0x9d, 0x26, 0x7b, 0x93, 0x6b, + 0x7e, 0xb8, 0xf5, 0x43, 0xa3, 0xaf, 0xb7, 0x77, + 0x65, 0xca, 0x79, 0x38, 0xf7, 0x8a, 0xa6, 0x43, + 0x8c, 0xe8, 0x0a, 0x06, 0xa6, 0x96, 0x6d, 0x0d, + 0x06, 0xaf, 0x75, 0xba, 0x3e, 0x0d, 0x4f, 0x37, + 0xba, 0xc7, 0x33, 0x69, 0xf5, 0xa7, 0x29, 0xf7, + 0x3e, 0x85, 0x72, 0x9e, 0xdd, 0x97, 0xc8, 0xc2, + 0xa8, 0xcc, 0x26, 0x19, 0xe4, 0xcf, 0x7b, 0x60, + 0x91, 0x86, 0x9e, 0x90, 0x9f, 0xd4, 0x7d, 0x97, + 0x09, 0x14, 0x92, 0x04, 0xb0, 0x83, 0x7d, 0x8d, + 0x6f, 0x25, 0xd2, 0x67, 0x97, 0x2b, 0xe6, 0x3b, + 0xad, 0x34, 0xb5, 0x44, 0x52, 0x3c, 0x01, 0xc0, + 0x9d, 0xe3, 0xb1, 0xfa, 0x1d, 0x6b, 0x7b, 0x05, + 0x9e, 0xee, 0x9e, 0x65, 0x20, 0x62, 0xfe, 0x87, + 0x0f, 0x68, 0xc6, 0x80, 0x05, 0x33, 0x9e, 0xa1, + 0x81, 0xe1, 0xd0, 0x76, 0x7c, 0x15, 0x2a, 0xeb, + 0x38, 0xfa, 0xf0, 0xf9, 0x24, 0x5a, 0xe5, 0x9d, + 0x5c, 0xb0, 0xd2, 0xb7, 0xf2, 0x01, 0x22, 0x9e, + 0xd9, 0x70, 0x20, 0xd0, 0x62, 0x3a, 0x46, 0x10, + 0x0d, 0x09, 0x7b, 0x0c, 0xe1, 0x15, 0x4e, 0x02, + 0x8a, 0xe6, 0x19, 0x4d, 0xe0, 0x5d, 0xe9, 0x7d, + 0xd9, 0xae, 0x2e, 0x85, 0xff, 0xd2, 0x5d, 0x95, + 0xeb, 0x22, 0xef, 0xfe, 0x5b, 0xa1, 0x9c, 0xd8, + 0x07, 0xc5, 0x30, 0xeb, 0xaa, 0x9f, 0xe9, 0xf6, + 0x42, 0xcc, 0xac, 0xff, 0x47, 0xed, 0x15, 0xc2, + 0x2b, 0xfe, 0x30, 0x36, 0xeb, 0xf8, 0xad, 0x9c, + 0x8e, 0xd2, 0x32, 0x40, 0xae, 0xeb, 0xaa, 0x24, + 0xd1, 0x35, 0x75, 0x51, 0x00, 0xb8, 0x5e, 0xce, + 0xe3, 0x17, 0x49, 0x06, 0xe4, 0x63, 0x12, 0x06, + 0x2c, 0xee, 0xca, 0xc7, 0x5d, 0xe5, 0x27, 0x52, + 0x56, 0xc2, 0xc1, 0xa6, 0x53, 0xfd, 0x69, 0x15, + 0xb1, 0xb3, 0x0c, 0x8e, 0xcb, 0xb6, 0xfd, 0x42, + 0x80, 0x43, 0x74, 0x53, 0x17, 0x3a, 0x96, 0x23, + 0x8b, 0xc7, 0xd1, 0x08, 0x89, 0x23, 0x43, 0xe0, + 0x33, 0xbc, 0xd9, 0x8e, 0x43, 0x7e, 0x78, 0x9f, + 0xc5, 0xbe, 0xba, 0xa1, 0x2b, 0x26, 0x34, 0xb5, + 0x1e, 0xd0, 0xd5, 0x89, 0xf1, 0x11, 0x43, 0xa0, + 0x21, 0xd8, 0xec, 0xce, 0x59, 0x4f, 0xdd, 0x48, + 0xda, 0xe8, 0x4c, 0x80, 0x63, 0xef, 0x35, 0x81, + 0xbc, 0x37, 0x8a, 0x48, 0xda, 0x4e, 0x51, 0xbb, + 0x17, 0x5b, 0x0d, 0xb4, 0x7f, 0x9d, 0xcf, 0x99, + 0x31, 0x8c, 0x30, 0x22, 0x5c, 0xa7, 0xfa, 0x79, + 0xc8, 0x79, 0xbf, 0x1c, 0x93, 0x97, 0xb5, 0xcc, + 0xc5, 0xef, 0xad, 0x94, 0xc5, 0x00, 0xed, 0x7f, + 0x9f, 0x38, 0x5d, 0x08, 0x8e, 0x34, 0x93, 0x22, + 0x21, 0xfc, 0x0f, 0xc9, 0xaf, 0xe5, 0x1f, 0x68, + 0x75, 0x54, 0x81, 0x31, 0x69, 0x76, 0x95, 0x47, + 0x8a, 0xbd, 0xc8, 0x73, 0x6f, 0x10, 0x09, 0x5a, + 0x6b, 0x92, 0xec, 0x67, 0x9f, 0xe0, 0xe2, 0xae, + 0x5d, 0x8b, 0x33, 0x53, 0x55, 0xd5, 0x8d, 0xae, + 0x4d, 0x4f, 0x0b, 0x17, 0xaa, 0x5d, 0x1e, 0x52, + 0xf1, 0xd4, 0x55, 0x84, 0xa8, 0x92, 0xc3, 0x4c, + 0xe4, 0xb0, 0x4f, 0xcd, 0x00, 0x98, 0x1d, 0x51, + 0xca, 0xa1, 0x60, 0x64, 0xba, 0xd9, 0x2d, 0x01, + 0x9d, 0xc3, 0xad, 0xed, 0x91, 0x96, 0x84, 0x11, + 0x2b, 0x29, 0xda, 0xa2, 0x8b, 0x9d, 0xae, 0x09, + 0xb8, 0x6b, 0x21, 0xa9, 0x33, 0x10, 0xd5, 0xfb, + 0xc6, 0x52, 0x7b, 0x22, 0x4b, 0x9c, 0xe8, 0x7d, + 0x27, 0x82, 0xbb, 0x29, 0x46, 0x73, 0xf0, 0xec, + 0x06, 0xf2, 0x6b, 0x08, 0x76, 0x52, 0xa1, 0x8d, + 0x6a, 0xd7, 0xb1, 0xc9, 0x33, 0x03, 0xef, 0x05, + 0x61, 0xc0, 0xfc, 0x9c, 0xd4, 0xf6, 0x78, 0xf6, + 0x06, 0xf1, 0x92, 0xcf, 0x5d, 0xf9, 0x2b, 0x15, + 0x48, 0xf5, 0xdd, 0x26, 0x87, 0xed, 0xbe, 0xcc, + 0xfc, 0x6d, 0x4e, 0x9d, 0xe4, 0xbd, 0x50, 0xd3, + 0xc7, 0x4f, 0xb2, 0x75, 0xab, 0xd9, 0xb3, 0xe9, + 0x02, 0x77, 0xdb, 0x4a, 0x00, 0x69, 0xc0, 0xa2, + 0xa7, 0x13, 0x6f, 0x50, 0xce, 0xad, 0x4b, 0x2f, + 0x19, 0x95, 0xfa, 0xaf, 0x16, 0x80, 0x40, 0xe9, + 0xe4, 0xbe, 0xb7, 0xc5, 0x72, 0x20, 0x49, 0xd6, + 0xda, 0x64, 0x02, 0x99, 0x2f, 0xce, 0xa4, 0x50, + 0x97, 0xdf, 0x7c, 0x1c, 0x20, 0xfb, 0x06, 0x82, + 0x22, 0x00, 0x05, 0x76, 0x93, 0x5a, 0x08, 0x06, + 0x77, 0x34, 0x51, 0x92, 0x1f, 0x54, 0xc5, 0x5f, + 0xbf, 0x59, 0x3a, 0x4f, 0x14, 0x7c, 0x1f, 0xef, + 0x3a, 0xca, 0xf0, 0xcf, 0xa9, 0x07, 0xae, 0x48, + 0xc8, 0xc0, 0x63, 0x12, 0xcf, 0xdf, 0x51, 0x86, + 0x90, 0x4b, 0xec, 0x7f, 0xed, 0x4e, 0xd9, 0x33, + 0xc9, 0x25, 0x6a, 0xb0, 0x4c, 0xbf, 0xa0, 0x3a, + 0x96, 0x7c, 0x1f, 0x7e, 0xad, 0x4a, 0xb4, 0x0d, + 0xf1, 0x16, 0xbe, 0x66, 0x0e, 0x27, 0xca, 0x2b, + 0x54, 0x35, 0x26, 0xd4, 0xb9, 0x68, 0x4c, 0x31, + 0xe1, 0xe4, 0x23, 0x83, 0xb9, 0x69, 0xf8, 0x96, + 0x29, 0x9d, 0x71, 0x39, 0x0c, 0xc8, 0x5b, 0x70, + 0x32, 0x02, 0xac, 0xad, 0xec, 0xfa, 0x8c, 0x40, + 0x96, 0x5c, 0x08, 0xc5, 0x3b, 0x56, 0x71, 0xe0, + 0xd5, 0x94, 0x55, 0xbc, 0x5a, 0x85, 0x86, 0xc6, + 0x55, 0xdb, 0x8c, 0x2a, 0xde, 0x4b, 0xa8, 0x87, + 0x7f, 0x19, 0xb6, 0x00, 0x0e, 0x18, 0xf8, 0xfe, + 0xad, 0xda, 0x7e, 0xde, 0x8f, 0xe8, 0x0a, 0xa6, + 0x62, 0xd6, 0x94, 0xc6, 0xd8, 0xc3, 0x3b, 0x52 + }; +#endif +#ifdef WOLFSSL_MLKEM_KYBER + WOLFSSL_SMALL_STACK_STATIC const byte kyber512_ss[] = { + 0x0A, 0x69, 0x25, 0x67, 0x6F, 0x24, 0xB2, 0x2C, + 0x28, 0x6F, 0x4C, 0x81, 0xA4, 0x22, 0x4C, 0xEC, + 0x50, 0x6C, 0x9B, 0x25, 0x7D, 0x48, 0x0E, 0x02, + 0xE3, 0xB4, 0x9F, 0x44, 0xCA, 0xA3, 0x23, 0x7F + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM + WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_512_ss[] = { + 0x31, 0x98, 0x39, 0xe8, 0x2a, 0xb6, 0xb2, 0x22, + 0xde, 0x7b, 0x61, 0x9e, 0x80, 0xda, 0x83, 0x91, + 0x52, 0x2b, 0xbb, 0x37, 0x67, 0x70, 0x18, 0x49, + 0x4a, 0x47, 0x42, 0xc5, 0x3f, 0x9a, 0xbf, 0xdf + }; +#endif + +#ifdef WOLFSSL_SMALL_STACK + key = (MlKemKey *)XMALLOC(sizeof(MlKemKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + priv = (byte *)XMALLOC(WC_ML_KEM_512_PRIVATE_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + pub = (byte *)XMALLOC(WC_ML_KEM_512_PUBLIC_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (pub == NULL || priv == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + ct = (byte *)XMALLOC(WC_ML_KEM_512_CIPHER_TEXT_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + ss = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ct == NULL || ss == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + ss_dec = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ss_dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif +#endif + +#ifdef WOLFSSL_MLKEM_KYBER + ret = wc_KyberKey_Init(KYBER512, key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + else + key_inited = 1; + +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + ret = wc_KyberKey_MakeKeyWithRandom(key, kyber512_rand, + sizeof(kyber512_rand)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_KyberKey_EncodePublicKey(key, pub, KYBER512_PUBLIC_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_KyberKey_EncodePrivateKey(key, priv, KYBER512_PRIVATE_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(pub, kyber512_pk, sizeof(kyber512_pk)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(priv, kyber512_sk, sizeof(kyber512_sk)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)kyber512_rand; + (void)kyber512_pk; + ret = wc_KyberKey_DecodePrivateKey(key, kyber512_sk, + KYBER512_PRIVATE_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand, + sizeof(kyber512enc_rand)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(ct, kyber512_ct, sizeof(kyber512_ct)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(ss, kyber512_ss, sizeof(kyber512_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)kyber512enc_rand; +#endif + +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + ret = wc_KyberKey_Decapsulate(key, ss_dec, kyber512_ct, + sizeof(kyber512_ct)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(ss_dec, kyber512_ss, sizeof(kyber512_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)kyber512_ct; + (void)kyber512_ss; +#endif +#endif +#ifndef WOLFSSL_NO_ML_KEM + ret = wc_MlKemKey_Init(key, WC_ML_KEM_512, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + else + key_inited = 1; + +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + ret = wc_MlKemKey_MakeKeyWithRandom(key, kyber512_rand, + sizeof(kyber512_rand)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_MlKemKey_EncodePublicKey(key, pub, WC_ML_KEM_512_PUBLIC_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_MlKemKey_EncodePrivateKey(key, priv, + WC_ML_KEM_512_PRIVATE_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(pub, ml_kem_512_pk, sizeof(ml_kem_512_pk)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(priv, ml_kem_512_sk, sizeof(ml_kem_512_sk)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)kyber512_rand; + (void)ml_kem_512_pk; + ret = wc_MlKemKey_DecodePrivateKey(key, ml_kem_512_sk, + WC_ML_KEM_512_PRIVATE_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + ret = wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, kyber512enc_rand, + sizeof(kyber512enc_rand)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(ct, ml_kem_512_ct, sizeof(ml_kem_512_ct)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(ss, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)kyber512enc_rand; +#endif + +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + ret = wc_MlKemKey_Decapsulate(key, ss_dec, ml_kem_512_ct, + sizeof(ml_kem_512_ct)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(ss_dec, ml_kem_512_ss, sizeof(ml_kem_512_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)ml_kem_512_ct; + (void)ml_kem_512_ss; +#endif +#endif + +out: + + if (key_inited) + wc_MlKemKey_Free(key); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#endif + + return ret; +} +#endif /* !WOLFSSL_NO_KYBER512 && !WOLFSSL_NO_ML_KEM_512 */ + +#if !defined(WOLFSSL_NO_KYBER768) && !defined(WOLFSSL_NO_ML_KEM_768) +static wc_test_ret_t mlkem768_kat(void) +{ + wc_test_ret_t ret; +#ifdef WOLFSSL_SMALL_STACK + MlKemKey *key = NULL; +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + byte *priv = NULL; + byte *pub = NULL; +#endif +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + byte *ct = NULL; + byte *ss = NULL; +#endif +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + byte *ss_dec = NULL; +#endif +#else + MlKemKey key[1]; +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + byte priv[KYBER768_PRIVATE_KEY_SIZE]; + byte pub[KYBER768_PUBLIC_KEY_SIZE]; +#endif +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + byte ct[KYBER768_CIPHER_TEXT_SIZE]; + byte ss[KYBER_SS_SZ]; +#endif +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + byte ss_dec[KYBER_SS_SZ]; +#endif +#endif + int key_inited = 0; + WOLFSSL_SMALL_STACK_STATIC const byte kyber768_rand[] = { + 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, + 0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd, + 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03, + 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d, + 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08, + 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21, + 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, + 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F + }; + WOLFSSL_SMALL_STACK_STATIC const byte kyber768enc_rand[] = { + 0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4, + 0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13, + 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74, + 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15 + }; + +#ifdef WOLFSSL_MLKEM_KYBER + WOLFSSL_SMALL_STACK_STATIC const byte kyber768_pk[] = { + 0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8, + 0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D, + 0x59, 0x15, 0x9D, 0x9A, 0x87, 0x9A, 0x54, 0x2E, + 0x26, 0x09, 0x22, 0xAD, 0xF9, 0x99, 0x05, 0x1C, + 0xC4, 0x52, 0x00, 0xC9, 0xFF, 0xDB, 0x60, 0x44, + 0x9C, 0x49, 0x46, 0x59, 0x79, 0x27, 0x23, 0x67, + 0xC0, 0x83, 0xA7, 0xD6, 0x26, 0x7A, 0x3E, 0xD7, + 0xA7, 0xFD, 0x47, 0x95, 0x7C, 0x21, 0x93, 0x27, + 0xF7, 0xCA, 0x73, 0xA4, 0x00, 0x7E, 0x16, 0x27, + 0xF0, 0x0B, 0x11, 0xCC, 0x80, 0x57, 0x3C, 0x15, + 0xAE, 0xE6, 0x64, 0x0F, 0xB8, 0x56, 0x2D, 0xFA, + 0x6B, 0x24, 0x0C, 0xA0, 0xAD, 0x35, 0x1A, 0xC4, + 0xAC, 0x15, 0x5B, 0x96, 0xC1, 0x4C, 0x8A, 0xB1, + 0x3D, 0xD2, 0x62, 0xCD, 0xFD, 0x51, 0xC4, 0xBB, + 0x55, 0x72, 0xFD, 0x61, 0x65, 0x53, 0xD1, 0x7B, + 0xDD, 0x43, 0x0A, 0xCB, 0xEA, 0x3E, 0x95, 0xF0, + 0xB6, 0x98, 0xD6, 0x69, 0x90, 0xAB, 0x51, 0xE5, + 0xD0, 0x37, 0x83, 0xA8, 0xB3, 0xD2, 0x78, 0xA5, + 0x72, 0x04, 0x54, 0xCF, 0x96, 0x95, 0xCF, 0xDC, + 0xA0, 0x84, 0x85, 0xBA, 0x09, 0x9C, 0x51, 0xCD, + 0x92, 0xA7, 0xEA, 0x75, 0x87, 0xC1, 0xD1, 0x5C, + 0x28, 0xE6, 0x09, 0xA8, 0x18, 0x52, 0x60, 0x1B, + 0x06, 0x04, 0x01, 0x06, 0x79, 0xAA, 0x48, 0x2D, + 0x51, 0x26, 0x1E, 0xC3, 0x6E, 0x36, 0xB8, 0x71, + 0x96, 0x76, 0x21, 0x7F, 0xD7, 0x4C, 0x54, 0x78, + 0x64, 0x88, 0xF4, 0xB4, 0x96, 0x9C, 0x05, 0xA8, + 0xBA, 0x27, 0xCA, 0x3A, 0x77, 0xCC, 0xE7, 0x3B, + 0x96, 0x59, 0x23, 0xCA, 0x55, 0x4E, 0x42, 0x2B, + 0x9B, 0x61, 0xF4, 0x75, 0x46, 0x41, 0x60, 0x8A, + 0xC1, 0x6C, 0x9B, 0x85, 0x87, 0xA3, 0x2C, 0x1C, + 0x5D, 0xD7, 0x88, 0xF8, 0x8B, 0x36, 0xB7, 0x17, + 0xA4, 0x69, 0x65, 0x63, 0x5D, 0xEB, 0x67, 0xF4, + 0x5B, 0x12, 0x9B, 0x99, 0x07, 0x09, 0x09, 0xC9, + 0x3E, 0xB8, 0x0B, 0x42, 0xC2, 0xB3, 0xF3, 0xF7, + 0x03, 0x43, 0xA7, 0xCF, 0x37, 0xE8, 0x52, 0x0E, + 0x7B, 0xCF, 0xC4, 0x16, 0xAC, 0xA4, 0xF1, 0x8C, + 0x79, 0x81, 0x26, 0x2B, 0xA2, 0xBF, 0xC7, 0x56, + 0xAE, 0x03, 0x27, 0x8F, 0x0E, 0xC6, 0x6D, 0xC2, + 0x05, 0x76, 0x96, 0x82, 0x4B, 0xA6, 0x76, 0x98, + 0x65, 0xA6, 0x01, 0xD7, 0x14, 0x8E, 0xF6, 0xF5, + 0x4E, 0x5A, 0xF5, 0x68, 0x6A, 0xA2, 0x90, 0x6F, + 0x99, 0x4C, 0xE3, 0x8A, 0x5E, 0x0B, 0x93, 0x8F, + 0x23, 0x90, 0x07, 0x00, 0x30, 0x22, 0xC0, 0x33, + 0x92, 0xDF, 0x34, 0x01, 0xB1, 0xE4, 0xA3, 0xA7, + 0xEB, 0xC6, 0x16, 0x14, 0x49, 0xF7, 0x33, 0x74, + 0xC8, 0xB0, 0x14, 0x03, 0x69, 0x34, 0x3D, 0x92, + 0x95, 0xFD, 0xF5, 0x11, 0x84, 0x5C, 0x4A, 0x46, + 0xEB, 0xAA, 0xB6, 0xCA, 0x54, 0x92, 0xF6, 0x80, + 0x0B, 0x98, 0xC0, 0xCC, 0x80, 0x36, 0x53, 0xA4, + 0xB1, 0xD6, 0xE6, 0xAA, 0xED, 0x19, 0x32, 0xBA, + 0xCC, 0x5F, 0xEF, 0xAA, 0x81, 0x8B, 0xA5, 0x02, + 0x85, 0x9B, 0xA5, 0x49, 0x4C, 0x5F, 0x54, 0x02, + 0xC8, 0x53, 0x6A, 0x9C, 0x4C, 0x18, 0x88, 0x15, + 0x06, 0x17, 0xF8, 0x00, 0x98, 0xF6, 0xB2, 0xA9, + 0x9C, 0x39, 0xBC, 0x5D, 0xC7, 0xCF, 0x3B, 0x59, + 0x00, 0xA2, 0x13, 0x29, 0xAB, 0x59, 0x05, 0x3A, + 0xBA, 0xA6, 0x4E, 0xD1, 0x63, 0xE8, 0x59, 0xA8, + 0xB3, 0xB3, 0xCA, 0x33, 0x59, 0xB7, 0x50, 0xCC, + 0xC3, 0xE7, 0x10, 0xC7, 0xAC, 0x43, 0xC8, 0x19, + 0x1C, 0xB5, 0xD6, 0x88, 0x70, 0xC0, 0x63, 0x91, + 0xC0, 0xCB, 0x8A, 0xEC, 0x72, 0xB8, 0x97, 0xAC, + 0x6B, 0xE7, 0xFB, 0xAA, 0xCC, 0x67, 0x6E, 0xD6, + 0x63, 0x14, 0xC8, 0x36, 0x30, 0xE8, 0x94, 0x48, + 0xC8, 0x8A, 0x1D, 0xF0, 0x4A, 0xCE, 0xB2, 0x3A, + 0xBF, 0x2E, 0x40, 0x9E, 0xF3, 0x33, 0xC6, 0x22, + 0x28, 0x9C, 0x18, 0xA2, 0x13, 0x4E, 0x65, 0x0C, + 0x45, 0x25, 0x7E, 0x47, 0x47, 0x5F, 0xA3, 0x3A, + 0xA5, 0x37, 0xA5, 0xA8, 0xF7, 0x68, 0x02, 0x14, + 0x71, 0x6C, 0x50, 0xD4, 0x70, 0xE3, 0x28, 0x49, + 0x63, 0xCA, 0x64, 0xF5, 0x46, 0x77, 0xAE, 0xC5, + 0x4B, 0x52, 0x72, 0x16, 0x2B, 0xF5, 0x2B, 0xC8, + 0x14, 0x2E, 0x1D, 0x41, 0x83, 0xFC, 0x01, 0x74, + 0x54, 0xA6, 0xB5, 0xA4, 0x96, 0x83, 0x17, 0x59, + 0x06, 0x40, 0x24, 0x74, 0x59, 0x78, 0xCB, 0xD5, + 0x1A, 0x6C, 0xED, 0xC8, 0x95, 0x5D, 0xE4, 0xCC, + 0x6D, 0x36, 0x36, 0x70, 0xA4, 0x74, 0x66, 0xE8, + 0x2B, 0xE5, 0xC2, 0x36, 0x03, 0xA1, 0x7B, 0xF2, + 0x2A, 0xCD, 0xB7, 0xCC, 0x98, 0x4A, 0xF0, 0x8C, + 0x87, 0xE1, 0x4E, 0x27, 0x75, 0x3C, 0xF5, 0x87, + 0xA8, 0xEC, 0x34, 0x47, 0xE6, 0x2C, 0x64, 0x9E, + 0x88, 0x7A, 0x67, 0xC3, 0x6C, 0x9C, 0xE9, 0x87, + 0x21, 0xB6, 0x97, 0x21, 0x32, 0x75, 0x64, 0x6B, + 0x19, 0x4F, 0x36, 0x75, 0x86, 0x73, 0xA8, 0xED, + 0x11, 0x28, 0x44, 0x55, 0xAF, 0xC7, 0xA8, 0x52, + 0x9F, 0x69, 0xC9, 0x7A, 0x3C, 0x2D, 0x7B, 0x8C, + 0x63, 0x6C, 0x0B, 0xA5, 0x56, 0x14, 0xB7, 0x68, + 0xE6, 0x24, 0xE7, 0x12, 0x93, 0x0F, 0x77, 0x61, + 0x69, 0xB0, 0x17, 0x15, 0x72, 0x53, 0x51, 0xBC, + 0x74, 0xB4, 0x73, 0x95, 0xED, 0x52, 0xB2, 0x5A, + 0x13, 0x13, 0xC9, 0x51, 0x64, 0x81, 0x4C, 0x34, + 0xC9, 0x79, 0xCB, 0xDF, 0xAB, 0x85, 0x95, 0x46, + 0x62, 0xCA, 0xB4, 0x85, 0xE7, 0x50, 0x87, 0xA9, + 0x8C, 0xC7, 0x4B, 0xB8, 0x2C, 0xA2, 0xD1, 0xB5, + 0xBF, 0x28, 0x03, 0x23, 0x84, 0x80, 0x63, 0x8C, + 0x40, 0xE9, 0x0B, 0x43, 0xC7, 0x46, 0x0E, 0x7A, + 0xA9, 0x17, 0xF0, 0x10, 0x15, 0x1F, 0xAB, 0x11, + 0x69, 0x98, 0x7B, 0x37, 0x2A, 0xBB, 0x59, 0x27, + 0x1F, 0x70, 0x06, 0xC2, 0x4E, 0x60, 0x23, 0x6B, + 0x84, 0xB9, 0xDD, 0xD6, 0x00, 0x62, 0x37, 0x04, + 0x25, 0x46, 0x17, 0xFB, 0x49, 0x8D, 0x89, 0xE5, + 0x8B, 0x03, 0x68, 0xBC, 0xB2, 0x10, 0x3E, 0x79, + 0x35, 0x3E, 0xB5, 0x87, 0x86, 0x0C, 0x14, 0x22, + 0xE4, 0x76, 0x16, 0x2E, 0x42, 0x5B, 0xC2, 0x38, + 0x1D, 0xB8, 0x2C, 0x65, 0x92, 0x73, 0x7E, 0x1D, + 0xD6, 0x02, 0x86, 0x4B, 0x01, 0x67, 0xA7, 0x1E, + 0xC1, 0xF2, 0x23, 0x30, 0x5C, 0x02, 0xFE, 0x25, + 0x05, 0x2A, 0xF2, 0xB3, 0xB5, 0xA5, 0x5A, 0x0D, + 0x7A, 0x20, 0x22, 0xD9, 0xA7, 0x98, 0xDC, 0x0C, + 0x58, 0x74, 0xA9, 0x87, 0x02, 0xAA, 0xF4, 0x05, + 0x4C, 0x5D, 0x80, 0x33, 0x8A, 0x52, 0x48, 0xB5, + 0xB7, 0xBD, 0x09, 0xC5, 0x3B, 0x5E, 0x2A, 0x08, + 0x4B, 0x04, 0x7D, 0x27, 0x7A, 0x86, 0x1B, 0x1A, + 0x73, 0xBB, 0x51, 0x48, 0x8D, 0xE0, 0x4E, 0xF5, + 0x73, 0xC8, 0x52, 0x30, 0xA0, 0x47, 0x0B, 0x73, + 0x17, 0x5C, 0x9F, 0xA5, 0x05, 0x94, 0xF6, 0x6A, + 0x5F, 0x50, 0xB4, 0x15, 0x00, 0x54, 0xC9, 0x3B, + 0x68, 0x18, 0x6F, 0x8B, 0x5C, 0xBC, 0x49, 0x31, + 0x6C, 0x85, 0x48, 0xA6, 0x42, 0xB2, 0xB3, 0x6A, + 0x1D, 0x45, 0x4C, 0x74, 0x89, 0xAC, 0x33, 0xB2, + 0xD2, 0xCE, 0x66, 0x68, 0x09, 0x67, 0x82, 0xA2, + 0xC1, 0xE0, 0x86, 0x6D, 0x21, 0xA6, 0x5E, 0x16, + 0xB5, 0x85, 0xE7, 0xAF, 0x86, 0x18, 0xBD, 0xF3, + 0x18, 0x4C, 0x19, 0x86, 0x87, 0x85, 0x08, 0x91, + 0x72, 0x77, 0xB9, 0x3E, 0x10, 0x70, 0x6B, 0x16, + 0x14, 0x97, 0x2B, 0x2A, 0x94, 0xC7, 0x31, 0x0F, + 0xE9, 0xC7, 0x08, 0xC2, 0x31, 0xA1, 0xA8, 0xAC, + 0x8D, 0x93, 0x14, 0xA5, 0x29, 0xA9, 0x7F, 0x46, + 0x9B, 0xF6, 0x49, 0x62, 0xD8, 0x20, 0x64, 0x84, + 0x43, 0x09, 0x9A, 0x07, 0x6D, 0x55, 0xD4, 0xCE, + 0xA8, 0x24, 0xA5, 0x83, 0x04, 0x84, 0x4F, 0x99, + 0x49, 0x7C, 0x10, 0xA2, 0x51, 0x48, 0x61, 0x8A, + 0x31, 0x5D, 0x72, 0xCA, 0x85, 0x7D, 0x1B, 0x04, + 0xD5, 0x75, 0xB9, 0x4F, 0x85, 0xC0, 0x1D, 0x19, + 0xBE, 0xF2, 0x11, 0xBF, 0x0A, 0xA3, 0x36, 0x2E, + 0x70, 0x41, 0xFD, 0x16, 0x59, 0x6D, 0x80, 0x8E, + 0x86, 0x7B, 0x44, 0xC4, 0xC0, 0x0D, 0x1C, 0xDA, + 0x34, 0x18, 0x96, 0x77, 0x17, 0xF1, 0x47, 0xD0, + 0xEB, 0x21, 0xB4, 0x2A, 0xAE, 0xE7, 0x4A, 0xC3, + 0x5D, 0x0B, 0x92, 0x41, 0x4B, 0x95, 0x85, 0x31, + 0xAA, 0xDF, 0x46, 0x3E, 0xC6, 0x30, 0x5A, 0xE5, + 0xEC, 0xAF, 0x79, 0x17, 0x40, 0x02, 0xF2, 0x6D, + 0xDE, 0xCC, 0x81, 0x3B, 0xF3, 0x26, 0x72, 0xE8, + 0x52, 0x9D, 0x95, 0xA4, 0xE7, 0x30, 0xA7, 0xAB, + 0x4A, 0x3E, 0x8F, 0x8A, 0x8A, 0xF9, 0x79, 0xA6, + 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C, + 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15, + 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C, + 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22 + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM + WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_pk[] = { + 0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, + 0x78, 0xa8, 0x95, 0x4f, 0x00, 0x7b, 0xc7, 0x71, + 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e, + 0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79, + 0x67, 0x53, 0x29, 0x13, 0xa8, 0xd5, 0x3d, 0xfd, + 0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59, + 0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72, + 0xa3, 0xf1, 0x63, 0x25, 0xc4, 0x0c, 0x29, 0x52, + 0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f, + 0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0, + 0xb8, 0x99, 0x42, 0xce, 0xb1, 0x95, 0x53, 0x1c, + 0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e, + 0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0, + 0xca, 0xc5, 0x20, 0x7e, 0x53, 0x5b, 0x26, 0x0a, + 0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05, + 0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb, + 0x68, 0xbb, 0x34, 0x56, 0xc7, 0x3a, 0x01, 0xb7, + 0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17, + 0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b, + 0x2f, 0x56, 0x02, 0xba, 0x65, 0xf0, 0x7e, 0xa9, + 0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5, + 0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c, + 0x8a, 0xfe, 0xcb, 0x74, 0x8e, 0xe3, 0x91, 0xe9, + 0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f, + 0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38, + 0xc3, 0x7b, 0xc6, 0x49, 0xb8, 0x26, 0x34, 0xce, + 0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63, + 0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57, + 0xb4, 0x5e, 0xb6, 0x74, 0x65, 0xe1, 0x6d, 0xe4, + 0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca, + 0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4, + 0x3c, 0xea, 0x88, 0xb0, 0x2a, 0x4c, 0x03, 0xd0, + 0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf, + 0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36, + 0x6c, 0xdc, 0x25, 0x4b, 0xa2, 0x21, 0x29, 0xf4, + 0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3, + 0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b, + 0x2c, 0xa4, 0x80, 0xcf, 0x35, 0x04, 0x09, 0xb2, + 0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c, + 0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab, + 0x90, 0x1e, 0xa2, 0x53, 0xc8, 0x41, 0x5b, 0xd7, + 0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf, + 0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55, + 0xaf, 0x16, 0xd3, 0xbc, 0x69, 0xf7, 0x0c, 0x2e, + 0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91, + 0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33, + 0x1f, 0xa0, 0x4c, 0x19, 0x17, 0xb2, 0x78, 0xc3, + 0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad, + 0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63, + 0xb1, 0xd9, 0x64, 0x4a, 0x61, 0x29, 0x48, 0xa3, + 0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00, + 0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27, + 0x60, 0x9c, 0x76, 0xc7, 0xea, 0x6b, 0x5d, 0xe0, + 0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e, + 0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b, + 0xce, 0xae, 0x1b, 0xa5, 0xcc, 0x72, 0xc7, 0x4a, + 0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b, + 0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2, + 0x6c, 0x7c, 0x61, 0x51, 0xa1, 0x9c, 0x6c, 0xd7, + 0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5, + 0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37, + 0x9d, 0xe3, 0xda, 0xbf, 0xa6, 0x29, 0xa7, 0xc0, + 0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac, + 0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb, + 0x2c, 0xa7, 0xa8, 0x48, 0xcd, 0x36, 0x68, 0x01, + 0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a, + 0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0, + 0x02, 0xba, 0xe9, 0x0a, 0xf6, 0x5c, 0x48, 0x06, + 0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2, + 0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75, + 0x35, 0x94, 0xe6, 0xa7, 0x02, 0x76, 0x1f, 0xc9, + 0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b, + 0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa, + 0x88, 0x09, 0xd9, 0x28, 0xc7, 0xf4, 0xcb, 0xbf, + 0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25, + 0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53, + 0x92, 0x10, 0xc7, 0x11, 0x3b, 0xc3, 0x7b, 0x3e, + 0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb, + 0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89, + 0xcb, 0x7c, 0x70, 0xc0, 0x23, 0x36, 0x6d, 0x78, + 0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b, + 0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6, + 0x5a, 0x94, 0x11, 0x4f, 0xfa, 0xf6, 0x0d, 0x9a, + 0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a, + 0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3, + 0x59, 0x9e, 0x37, 0xc7, 0x68, 0xc7, 0xbc, 0x10, + 0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95, + 0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2, + 0x90, 0xd7, 0x89, 0x2e, 0xa8, 0x54, 0x64, 0xee, + 0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c, + 0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba, + 0x8a, 0x95, 0x9a, 0x68, 0x09, 0x65, 0x47, 0xf6, + 0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94, + 0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a, + 0x65, 0x6c, 0x28, 0x82, 0x8b, 0xeb, 0x91, 0x26, + 0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83, + 0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb, + 0x95, 0x07, 0x26, 0x9d, 0xda, 0xf8, 0xc9, 0x5c, + 0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b, + 0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b, + 0x1e, 0xee, 0xb3, 0x3e, 0xcd, 0xa7, 0x6a, 0xe9, + 0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69, + 0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c, + 0x4c, 0x2c, 0x77, 0xce, 0x87, 0xc4, 0x1f, 0x98, + 0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a, + 0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8, + 0x8e, 0x65, 0xda, 0x4d, 0x8e, 0xe6, 0x4f, 0x68, + 0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf, + 0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a, + 0x00, 0x43, 0x33, 0x48, 0x93, 0x93, 0xa0, 0x74, + 0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f, + 0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72, + 0x71, 0xc0, 0xb2, 0x7b, 0x2d, 0xba, 0xa0, 0x0d, + 0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf, + 0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8, + 0x99, 0x12, 0x2c, 0x97, 0x96, 0xb4, 0xb0, 0x18, + 0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd, + 0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0, + 0x0b, 0xce, 0x8c, 0xac, 0x78, 0x64, 0xcb, 0xb3, + 0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06, + 0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7, + 0xac, 0xc9, 0xc5, 0xa1, 0x88, 0x40, 0x72, 0xd8, + 0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84, + 0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65, + 0x12, 0x61, 0xf9, 0x62, 0xb1, 0x7a, 0x72, 0x15, + 0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38, + 0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71, + 0x95, 0xa8, 0x5b, 0x4f, 0x98, 0xa1, 0xb5, 0x74, + 0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e, + 0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37, + 0x48, 0xd9, 0xb5, 0xcd, 0x6c, 0x17, 0xb9, 0xb3, + 0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83, + 0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15, + 0x78, 0x2a, 0x71, 0xcd, 0xee, 0xe7, 0x92, 0xba, + 0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e, + 0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30, + 0xad, 0x98, 0xb4, 0x63, 0x4f, 0x64, 0xab, 0xa8, + 0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f, + 0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7, + 0xaa, 0xc4, 0x1c, 0x82, 0x88, 0x87, 0x93, 0x18, + 0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e, + 0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29, + 0x11, 0xd8, 0x55, 0x1e, 0x54, 0x66, 0xc5, 0x76, + 0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36, + 0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d, + 0xd8, 0xfa, 0xbb, 0xfb, 0x3f, 0xe8, 0xcb, 0x1d, + 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f, + 0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28 + }; +#endif +#ifdef WOLFSSL_MLKEM_KYBER + WOLFSSL_SMALL_STACK_STATIC const byte kyber768_sk[] = { + 0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3, + 0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE, + 0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D, + 0x50, 0x17, 0x0B, 0xCE, 0xD4, 0x3F, 0x1B, 0x53, + 0x6D, 0x9A, 0x20, 0x4B, 0xB1, 0xF2, 0x26, 0x95, + 0x95, 0x0B, 0xA1, 0xF2, 0xA9, 0xE8, 0xEB, 0x82, + 0x8B, 0x28, 0x44, 0x88, 0x76, 0x0B, 0x3F, 0xC8, + 0x4F, 0xAB, 0xA0, 0x42, 0x75, 0xD5, 0x62, 0x8E, + 0x39, 0xC5, 0xB2, 0x47, 0x13, 0x74, 0x28, 0x3C, + 0x50, 0x32, 0x99, 0xC0, 0xAB, 0x49, 0xB6, 0x6B, + 0x8B, 0xBB, 0x56, 0xA4, 0x18, 0x66, 0x24, 0xF9, + 0x19, 0xA2, 0xBA, 0x59, 0xBB, 0x08, 0xD8, 0x55, + 0x18, 0x80, 0xC2, 0xBE, 0xFC, 0x4F, 0x87, 0xF2, + 0x5F, 0x59, 0xAB, 0x58, 0x7A, 0x79, 0xC3, 0x27, + 0xD7, 0x92, 0xD5, 0x4C, 0x97, 0x4A, 0x69, 0x26, + 0x2F, 0xF8, 0xA7, 0x89, 0x38, 0x28, 0x9E, 0x9A, + 0x87, 0xB6, 0x88, 0xB0, 0x83, 0xE0, 0x59, 0x5F, + 0xE2, 0x18, 0xB6, 0xBB, 0x15, 0x05, 0x94, 0x1C, + 0xE2, 0xE8, 0x1A, 0x5A, 0x64, 0xC5, 0xAA, 0xC6, + 0x04, 0x17, 0x25, 0x69, 0x85, 0x34, 0x9E, 0xE4, + 0x7A, 0x52, 0x42, 0x0A, 0x5F, 0x97, 0x47, 0x7B, + 0x72, 0x36, 0xAC, 0x76, 0xBC, 0x70, 0xE8, 0x28, + 0x87, 0x29, 0x28, 0x7E, 0xE3, 0xE3, 0x4A, 0x3D, + 0xBC, 0x36, 0x83, 0xC0, 0xB7, 0xB1, 0x00, 0x29, + 0xFC, 0x20, 0x34, 0x18, 0x53, 0x7E, 0x74, 0x66, + 0xBA, 0x63, 0x85, 0xA8, 0xFF, 0x30, 0x1E, 0xE1, + 0x27, 0x08, 0xF8, 0x2A, 0xAA, 0x1E, 0x38, 0x0F, + 0xC7, 0xA8, 0x8F, 0x8F, 0x20, 0x5A, 0xB7, 0xE8, + 0x8D, 0x7E, 0x95, 0x95, 0x2A, 0x55, 0xBA, 0x20, + 0xD0, 0x9B, 0x79, 0xA4, 0x71, 0x41, 0xD6, 0x2B, + 0xF6, 0xEB, 0x7D, 0xD3, 0x07, 0xB0, 0x8E, 0xCA, + 0x13, 0xA5, 0xBC, 0x5F, 0x6B, 0x68, 0x58, 0x1C, + 0x68, 0x65, 0xB2, 0x7B, 0xBC, 0xDD, 0xAB, 0x14, + 0x2F, 0x4B, 0x2C, 0xBF, 0xF4, 0x88, 0xC8, 0xA2, + 0x27, 0x05, 0xFA, 0xA9, 0x8A, 0x2B, 0x9E, 0xEA, + 0x35, 0x30, 0xC7, 0x66, 0x62, 0x33, 0x5C, 0xC7, + 0xEA, 0x3A, 0x00, 0x77, 0x77, 0x25, 0xEB, 0xCC, + 0xCD, 0x2A, 0x46, 0x36, 0xB2, 0xD9, 0x12, 0x2F, + 0xF3, 0xAB, 0x77, 0x12, 0x3C, 0xE0, 0x88, 0x3C, + 0x19, 0x11, 0x11, 0x5E, 0x50, 0xC9, 0xE8, 0xA9, + 0x41, 0x94, 0xE4, 0x8D, 0xD0, 0xD0, 0x9C, 0xFF, + 0xB3, 0xAD, 0xCD, 0x2C, 0x1E, 0x92, 0x43, 0x09, + 0x03, 0xD0, 0x7A, 0xDB, 0xF0, 0x05, 0x32, 0x03, + 0x15, 0x75, 0xAA, 0x7F, 0x9E, 0x7B, 0x5A, 0x1F, + 0x33, 0x62, 0xDE, 0xC9, 0x36, 0xD4, 0x04, 0x3C, + 0x05, 0xF2, 0x47, 0x6C, 0x07, 0x57, 0x8B, 0xC9, + 0xCB, 0xAF, 0x2A, 0xB4, 0xE3, 0x82, 0x72, 0x7A, + 0xD4, 0x16, 0x86, 0xA9, 0x6B, 0x25, 0x48, 0x82, + 0x0B, 0xB0, 0x3B, 0x32, 0xF1, 0x1B, 0x28, 0x11, + 0xAD, 0x62, 0xF4, 0x89, 0xE9, 0x51, 0x63, 0x2A, + 0xBA, 0x0D, 0x1D, 0xF8, 0x96, 0x80, 0xCC, 0x8A, + 0x8B, 0x53, 0xB4, 0x81, 0xD9, 0x2A, 0x68, 0xD7, + 0x0B, 0x4E, 0xA1, 0xC3, 0xA6, 0xA5, 0x61, 0xC0, + 0x69, 0x28, 0x82, 0xB5, 0xCA, 0x8C, 0xC9, 0x42, + 0xA8, 0xD4, 0x95, 0xAF, 0xCB, 0x06, 0xDE, 0x89, + 0x49, 0x8F, 0xB9, 0x35, 0xB7, 0x75, 0x90, 0x8F, + 0xE7, 0xA0, 0x3E, 0x32, 0x4D, 0x54, 0xCC, 0x19, + 0xD4, 0xE1, 0xAA, 0xBD, 0x35, 0x93, 0xB3, 0x8B, + 0x19, 0xEE, 0x13, 0x88, 0xFE, 0x49, 0x2B, 0x43, + 0x12, 0x7E, 0x5A, 0x50, 0x42, 0x53, 0x78, 0x6A, + 0x0D, 0x69, 0xAD, 0x32, 0x60, 0x1C, 0x28, 0xE2, + 0xC8, 0x85, 0x04, 0xA5, 0xBA, 0x59, 0x97, 0x06, + 0x02, 0x3A, 0x61, 0x36, 0x3E, 0x17, 0xC6, 0xB9, + 0xBB, 0x59, 0xBD, 0xC6, 0x97, 0x45, 0x2C, 0xD0, + 0x59, 0x45, 0x19, 0x83, 0xD7, 0x38, 0xCA, 0x3F, + 0xD0, 0x34, 0xE3, 0xF5, 0x98, 0x88, 0x54, 0xCA, + 0x05, 0x03, 0x1D, 0xB0, 0x96, 0x11, 0x49, 0x89, + 0x88, 0x19, 0x7C, 0x6B, 0x30, 0xD2, 0x58, 0xDF, + 0xE2, 0x62, 0x65, 0x54, 0x1C, 0x89, 0xA4, 0xB3, + 0x1D, 0x68, 0x64, 0xE9, 0x38, 0x9B, 0x03, 0xCB, + 0x74, 0xF7, 0xEC, 0x43, 0x23, 0xFB, 0x94, 0x21, + 0xA4, 0xB9, 0x79, 0x0A, 0x26, 0xD1, 0x7B, 0x03, + 0x98, 0xA2, 0x67, 0x67, 0x35, 0x09, 0x09, 0xF8, + 0x4D, 0x57, 0xB6, 0x69, 0x4D, 0xF8, 0x30, 0x66, + 0x4C, 0xA8, 0xB3, 0xC3, 0xC0, 0x3E, 0xD2, 0xAE, + 0x67, 0xB8, 0x90, 0x06, 0x86, 0x8A, 0x68, 0x52, + 0x7C, 0xCD, 0x66, 0x64, 0x59, 0xAB, 0x7F, 0x05, + 0x66, 0x71, 0x00, 0x0C, 0x61, 0x64, 0xD3, 0xA7, + 0xF2, 0x66, 0xA1, 0x4D, 0x97, 0xCB, 0xD7, 0x00, + 0x4D, 0x6C, 0x92, 0xCA, 0xCA, 0x77, 0x0B, 0x84, + 0x4A, 0x4F, 0xA9, 0xB1, 0x82, 0xE7, 0xB1, 0x8C, + 0xA8, 0x85, 0x08, 0x2A, 0xC5, 0x64, 0x6F, 0xCB, + 0x4A, 0x14, 0xE1, 0x68, 0x5F, 0xEB, 0x0C, 0x9C, + 0xE3, 0x37, 0x2A, 0xB9, 0x53, 0x65, 0xC0, 0x4F, + 0xD8, 0x30, 0x84, 0xF8, 0x0A, 0x23, 0xFF, 0x10, + 0xA0, 0x5B, 0xF1, 0x5F, 0x7F, 0xA5, 0xAC, 0xC6, + 0xC0, 0xCB, 0x46, 0x2C, 0x33, 0xCA, 0x52, 0x4F, + 0xA6, 0xB8, 0xBB, 0x35, 0x90, 0x43, 0xBA, 0x68, + 0x60, 0x9E, 0xAA, 0x25, 0x36, 0xE8, 0x1D, 0x08, + 0x46, 0x3B, 0x19, 0x65, 0x3B, 0x54, 0x35, 0xBA, + 0x94, 0x6C, 0x9A, 0xDD, 0xEB, 0x20, 0x2B, 0x04, + 0xB0, 0x31, 0xCC, 0x96, 0x0D, 0xCC, 0x12, 0xE4, + 0x51, 0x8D, 0x42, 0x8B, 0x32, 0xB2, 0x57, 0xA4, + 0xFC, 0x73, 0x13, 0xD3, 0xA7, 0x98, 0x0D, 0x80, + 0x08, 0x2E, 0x93, 0x4F, 0x9D, 0x95, 0xC3, 0x2B, + 0x0A, 0x01, 0x91, 0xA2, 0x36, 0x04, 0x38, 0x4D, + 0xD9, 0xE0, 0x79, 0xBB, 0xBA, 0xA2, 0x66, 0xD1, + 0x4C, 0x3F, 0x75, 0x6B, 0x9F, 0x21, 0x33, 0x10, + 0x74, 0x33, 0xA4, 0xE8, 0x3F, 0xA7, 0x18, 0x72, + 0x82, 0xA8, 0x09, 0x20, 0x3A, 0x4F, 0xAF, 0x84, + 0x18, 0x51, 0x83, 0x3D, 0x12, 0x1A, 0xC3, 0x83, + 0x84, 0x3A, 0x5E, 0x55, 0xBC, 0x23, 0x81, 0x42, + 0x5E, 0x16, 0xC7, 0xDB, 0x4C, 0xC9, 0xAB, 0x5C, + 0x1B, 0x0D, 0x91, 0xA4, 0x7E, 0x2B, 0x8D, 0xE0, + 0xE5, 0x82, 0xC8, 0x6B, 0x6B, 0x0D, 0x90, 0x7B, + 0xB3, 0x60, 0xB9, 0x7F, 0x40, 0xAB, 0x5D, 0x03, + 0x8F, 0x6B, 0x75, 0xC8, 0x14, 0xB2, 0x7D, 0x9B, + 0x96, 0x8D, 0x41, 0x98, 0x32, 0xBC, 0x8C, 0x2B, + 0xEE, 0x60, 0x5E, 0xF6, 0xE5, 0x05, 0x9D, 0x33, + 0x10, 0x0D, 0x90, 0x48, 0x5D, 0x37, 0x84, 0x50, + 0x01, 0x42, 0x21, 0x73, 0x6C, 0x07, 0x40, 0x7C, + 0xAC, 0x26, 0x04, 0x08, 0xAA, 0x64, 0x92, 0x66, + 0x19, 0x78, 0x8B, 0x86, 0x01, 0xC2, 0xA7, 0x52, + 0xD1, 0xA6, 0xCB, 0xF8, 0x20, 0xD7, 0xC7, 0xA0, + 0x47, 0x16, 0x20, 0x32, 0x25, 0xB3, 0x89, 0x5B, + 0x93, 0x42, 0xD1, 0x47, 0xA8, 0x18, 0x5C, 0xFC, + 0x1B, 0xB6, 0x5B, 0xA0, 0x6B, 0x41, 0x42, 0x33, + 0x99, 0x03, 0xC0, 0xAC, 0x46, 0x51, 0x38, 0x5B, + 0x45, 0xD9, 0x8A, 0x8B, 0x19, 0xD2, 0x8C, 0xD6, + 0xBA, 0xB0, 0x88, 0x78, 0x7F, 0x7E, 0xE1, 0xB1, + 0x24, 0x61, 0x76, 0x6B, 0x43, 0xCB, 0xCC, 0xB9, + 0x64, 0x34, 0x42, 0x7D, 0x93, 0xC0, 0x65, 0x55, + 0x06, 0x88, 0xF6, 0x94, 0x8E, 0xD1, 0xB5, 0x47, + 0x5A, 0x42, 0x5F, 0x1B, 0x85, 0x20, 0x9D, 0x06, + 0x1C, 0x08, 0xB5, 0x6C, 0x1C, 0xC0, 0x69, 0xF6, + 0xC0, 0xA7, 0xC6, 0xF2, 0x93, 0x58, 0xCA, 0xB9, + 0x11, 0x08, 0x77, 0x32, 0xA6, 0x49, 0xD2, 0x7C, + 0x9B, 0x98, 0xF9, 0xA4, 0x88, 0x79, 0x38, 0x7D, + 0x9B, 0x00, 0xC2, 0x59, 0x59, 0xA7, 0x16, 0x54, + 0xD6, 0xF6, 0xA9, 0x46, 0x16, 0x45, 0x13, 0xE4, + 0x7A, 0x75, 0xD0, 0x05, 0x98, 0x6C, 0x23, 0x63, + 0xC0, 0x9F, 0x6B, 0x53, 0x7E, 0xCA, 0x78, 0xB9, + 0x30, 0x3A, 0x5F, 0xA4, 0x57, 0x60, 0x8A, 0x58, + 0x6A, 0x65, 0x3A, 0x34, 0x7D, 0xB0, 0x4D, 0xFC, + 0xC1, 0x91, 0x75, 0xB3, 0xA3, 0x01, 0x17, 0x25, + 0x36, 0x06, 0x2A, 0x65, 0x8A, 0x95, 0x27, 0x75, + 0x70, 0xC8, 0x85, 0x2C, 0xA8, 0x97, 0x3F, 0x4A, + 0xE1, 0x23, 0xA3, 0x34, 0x04, 0x7D, 0xD7, 0x11, + 0xC8, 0x92, 0x7A, 0x63, 0x4A, 0x03, 0x38, 0x8A, + 0x52, 0x7B, 0x03, 0x4B, 0xF7, 0xA8, 0x17, 0x0F, + 0xA7, 0x02, 0xC1, 0xF7, 0xC2, 0x3E, 0xC3, 0x2D, + 0x18, 0xA2, 0x37, 0x48, 0x90, 0xBE, 0x9C, 0x78, + 0x7A, 0x94, 0x09, 0xC8, 0x2D, 0x19, 0x2C, 0x4B, + 0xB7, 0x05, 0xA2, 0xF9, 0x96, 0xCE, 0x40, 0x5D, + 0xA7, 0x2C, 0x2D, 0x9C, 0x84, 0x3E, 0xE9, 0xF8, + 0x31, 0x3E, 0xCC, 0x7F, 0x86, 0xD6, 0x29, 0x4D, + 0x59, 0x15, 0x9D, 0x9A, 0x87, 0x9A, 0x54, 0x2E, + 0x26, 0x09, 0x22, 0xAD, 0xF9, 0x99, 0x05, 0x1C, + 0xC4, 0x52, 0x00, 0xC9, 0xFF, 0xDB, 0x60, 0x44, + 0x9C, 0x49, 0x46, 0x59, 0x79, 0x27, 0x23, 0x67, + 0xC0, 0x83, 0xA7, 0xD6, 0x26, 0x7A, 0x3E, 0xD7, + 0xA7, 0xFD, 0x47, 0x95, 0x7C, 0x21, 0x93, 0x27, + 0xF7, 0xCA, 0x73, 0xA4, 0x00, 0x7E, 0x16, 0x27, + 0xF0, 0x0B, 0x11, 0xCC, 0x80, 0x57, 0x3C, 0x15, + 0xAE, 0xE6, 0x64, 0x0F, 0xB8, 0x56, 0x2D, 0xFA, + 0x6B, 0x24, 0x0C, 0xA0, 0xAD, 0x35, 0x1A, 0xC4, + 0xAC, 0x15, 0x5B, 0x96, 0xC1, 0x4C, 0x8A, 0xB1, + 0x3D, 0xD2, 0x62, 0xCD, 0xFD, 0x51, 0xC4, 0xBB, + 0x55, 0x72, 0xFD, 0x61, 0x65, 0x53, 0xD1, 0x7B, + 0xDD, 0x43, 0x0A, 0xCB, 0xEA, 0x3E, 0x95, 0xF0, + 0xB6, 0x98, 0xD6, 0x69, 0x90, 0xAB, 0x51, 0xE5, + 0xD0, 0x37, 0x83, 0xA8, 0xB3, 0xD2, 0x78, 0xA5, + 0x72, 0x04, 0x54, 0xCF, 0x96, 0x95, 0xCF, 0xDC, + 0xA0, 0x84, 0x85, 0xBA, 0x09, 0x9C, 0x51, 0xCD, + 0x92, 0xA7, 0xEA, 0x75, 0x87, 0xC1, 0xD1, 0x5C, + 0x28, 0xE6, 0x09, 0xA8, 0x18, 0x52, 0x60, 0x1B, + 0x06, 0x04, 0x01, 0x06, 0x79, 0xAA, 0x48, 0x2D, + 0x51, 0x26, 0x1E, 0xC3, 0x6E, 0x36, 0xB8, 0x71, + 0x96, 0x76, 0x21, 0x7F, 0xD7, 0x4C, 0x54, 0x78, + 0x64, 0x88, 0xF4, 0xB4, 0x96, 0x9C, 0x05, 0xA8, + 0xBA, 0x27, 0xCA, 0x3A, 0x77, 0xCC, 0xE7, 0x3B, + 0x96, 0x59, 0x23, 0xCA, 0x55, 0x4E, 0x42, 0x2B, + 0x9B, 0x61, 0xF4, 0x75, 0x46, 0x41, 0x60, 0x8A, + 0xC1, 0x6C, 0x9B, 0x85, 0x87, 0xA3, 0x2C, 0x1C, + 0x5D, 0xD7, 0x88, 0xF8, 0x8B, 0x36, 0xB7, 0x17, + 0xA4, 0x69, 0x65, 0x63, 0x5D, 0xEB, 0x67, 0xF4, + 0x5B, 0x12, 0x9B, 0x99, 0x07, 0x09, 0x09, 0xC9, + 0x3E, 0xB8, 0x0B, 0x42, 0xC2, 0xB3, 0xF3, 0xF7, + 0x03, 0x43, 0xA7, 0xCF, 0x37, 0xE8, 0x52, 0x0E, + 0x7B, 0xCF, 0xC4, 0x16, 0xAC, 0xA4, 0xF1, 0x8C, + 0x79, 0x81, 0x26, 0x2B, 0xA2, 0xBF, 0xC7, 0x56, + 0xAE, 0x03, 0x27, 0x8F, 0x0E, 0xC6, 0x6D, 0xC2, + 0x05, 0x76, 0x96, 0x82, 0x4B, 0xA6, 0x76, 0x98, + 0x65, 0xA6, 0x01, 0xD7, 0x14, 0x8E, 0xF6, 0xF5, + 0x4E, 0x5A, 0xF5, 0x68, 0x6A, 0xA2, 0x90, 0x6F, + 0x99, 0x4C, 0xE3, 0x8A, 0x5E, 0x0B, 0x93, 0x8F, + 0x23, 0x90, 0x07, 0x00, 0x30, 0x22, 0xC0, 0x33, + 0x92, 0xDF, 0x34, 0x01, 0xB1, 0xE4, 0xA3, 0xA7, + 0xEB, 0xC6, 0x16, 0x14, 0x49, 0xF7, 0x33, 0x74, + 0xC8, 0xB0, 0x14, 0x03, 0x69, 0x34, 0x3D, 0x92, + 0x95, 0xFD, 0xF5, 0x11, 0x84, 0x5C, 0x4A, 0x46, + 0xEB, 0xAA, 0xB6, 0xCA, 0x54, 0x92, 0xF6, 0x80, + 0x0B, 0x98, 0xC0, 0xCC, 0x80, 0x36, 0x53, 0xA4, + 0xB1, 0xD6, 0xE6, 0xAA, 0xED, 0x19, 0x32, 0xBA, + 0xCC, 0x5F, 0xEF, 0xAA, 0x81, 0x8B, 0xA5, 0x02, + 0x85, 0x9B, 0xA5, 0x49, 0x4C, 0x5F, 0x54, 0x02, + 0xC8, 0x53, 0x6A, 0x9C, 0x4C, 0x18, 0x88, 0x15, + 0x06, 0x17, 0xF8, 0x00, 0x98, 0xF6, 0xB2, 0xA9, + 0x9C, 0x39, 0xBC, 0x5D, 0xC7, 0xCF, 0x3B, 0x59, + 0x00, 0xA2, 0x13, 0x29, 0xAB, 0x59, 0x05, 0x3A, + 0xBA, 0xA6, 0x4E, 0xD1, 0x63, 0xE8, 0x59, 0xA8, + 0xB3, 0xB3, 0xCA, 0x33, 0x59, 0xB7, 0x50, 0xCC, + 0xC3, 0xE7, 0x10, 0xC7, 0xAC, 0x43, 0xC8, 0x19, + 0x1C, 0xB5, 0xD6, 0x88, 0x70, 0xC0, 0x63, 0x91, + 0xC0, 0xCB, 0x8A, 0xEC, 0x72, 0xB8, 0x97, 0xAC, + 0x6B, 0xE7, 0xFB, 0xAA, 0xCC, 0x67, 0x6E, 0xD6, + 0x63, 0x14, 0xC8, 0x36, 0x30, 0xE8, 0x94, 0x48, + 0xC8, 0x8A, 0x1D, 0xF0, 0x4A, 0xCE, 0xB2, 0x3A, + 0xBF, 0x2E, 0x40, 0x9E, 0xF3, 0x33, 0xC6, 0x22, + 0x28, 0x9C, 0x18, 0xA2, 0x13, 0x4E, 0x65, 0x0C, + 0x45, 0x25, 0x7E, 0x47, 0x47, 0x5F, 0xA3, 0x3A, + 0xA5, 0x37, 0xA5, 0xA8, 0xF7, 0x68, 0x02, 0x14, + 0x71, 0x6C, 0x50, 0xD4, 0x70, 0xE3, 0x28, 0x49, + 0x63, 0xCA, 0x64, 0xF5, 0x46, 0x77, 0xAE, 0xC5, + 0x4B, 0x52, 0x72, 0x16, 0x2B, 0xF5, 0x2B, 0xC8, + 0x14, 0x2E, 0x1D, 0x41, 0x83, 0xFC, 0x01, 0x74, + 0x54, 0xA6, 0xB5, 0xA4, 0x96, 0x83, 0x17, 0x59, + 0x06, 0x40, 0x24, 0x74, 0x59, 0x78, 0xCB, 0xD5, + 0x1A, 0x6C, 0xED, 0xC8, 0x95, 0x5D, 0xE4, 0xCC, + 0x6D, 0x36, 0x36, 0x70, 0xA4, 0x74, 0x66, 0xE8, + 0x2B, 0xE5, 0xC2, 0x36, 0x03, 0xA1, 0x7B, 0xF2, + 0x2A, 0xCD, 0xB7, 0xCC, 0x98, 0x4A, 0xF0, 0x8C, + 0x87, 0xE1, 0x4E, 0x27, 0x75, 0x3C, 0xF5, 0x87, + 0xA8, 0xEC, 0x34, 0x47, 0xE6, 0x2C, 0x64, 0x9E, + 0x88, 0x7A, 0x67, 0xC3, 0x6C, 0x9C, 0xE9, 0x87, + 0x21, 0xB6, 0x97, 0x21, 0x32, 0x75, 0x64, 0x6B, + 0x19, 0x4F, 0x36, 0x75, 0x86, 0x73, 0xA8, 0xED, + 0x11, 0x28, 0x44, 0x55, 0xAF, 0xC7, 0xA8, 0x52, + 0x9F, 0x69, 0xC9, 0x7A, 0x3C, 0x2D, 0x7B, 0x8C, + 0x63, 0x6C, 0x0B, 0xA5, 0x56, 0x14, 0xB7, 0x68, + 0xE6, 0x24, 0xE7, 0x12, 0x93, 0x0F, 0x77, 0x61, + 0x69, 0xB0, 0x17, 0x15, 0x72, 0x53, 0x51, 0xBC, + 0x74, 0xB4, 0x73, 0x95, 0xED, 0x52, 0xB2, 0x5A, + 0x13, 0x13, 0xC9, 0x51, 0x64, 0x81, 0x4C, 0x34, + 0xC9, 0x79, 0xCB, 0xDF, 0xAB, 0x85, 0x95, 0x46, + 0x62, 0xCA, 0xB4, 0x85, 0xE7, 0x50, 0x87, 0xA9, + 0x8C, 0xC7, 0x4B, 0xB8, 0x2C, 0xA2, 0xD1, 0xB5, + 0xBF, 0x28, 0x03, 0x23, 0x84, 0x80, 0x63, 0x8C, + 0x40, 0xE9, 0x0B, 0x43, 0xC7, 0x46, 0x0E, 0x7A, + 0xA9, 0x17, 0xF0, 0x10, 0x15, 0x1F, 0xAB, 0x11, + 0x69, 0x98, 0x7B, 0x37, 0x2A, 0xBB, 0x59, 0x27, + 0x1F, 0x70, 0x06, 0xC2, 0x4E, 0x60, 0x23, 0x6B, + 0x84, 0xB9, 0xDD, 0xD6, 0x00, 0x62, 0x37, 0x04, + 0x25, 0x46, 0x17, 0xFB, 0x49, 0x8D, 0x89, 0xE5, + 0x8B, 0x03, 0x68, 0xBC, 0xB2, 0x10, 0x3E, 0x79, + 0x35, 0x3E, 0xB5, 0x87, 0x86, 0x0C, 0x14, 0x22, + 0xE4, 0x76, 0x16, 0x2E, 0x42, 0x5B, 0xC2, 0x38, + 0x1D, 0xB8, 0x2C, 0x65, 0x92, 0x73, 0x7E, 0x1D, + 0xD6, 0x02, 0x86, 0x4B, 0x01, 0x67, 0xA7, 0x1E, + 0xC1, 0xF2, 0x23, 0x30, 0x5C, 0x02, 0xFE, 0x25, + 0x05, 0x2A, 0xF2, 0xB3, 0xB5, 0xA5, 0x5A, 0x0D, + 0x7A, 0x20, 0x22, 0xD9, 0xA7, 0x98, 0xDC, 0x0C, + 0x58, 0x74, 0xA9, 0x87, 0x02, 0xAA, 0xF4, 0x05, + 0x4C, 0x5D, 0x80, 0x33, 0x8A, 0x52, 0x48, 0xB5, + 0xB7, 0xBD, 0x09, 0xC5, 0x3B, 0x5E, 0x2A, 0x08, + 0x4B, 0x04, 0x7D, 0x27, 0x7A, 0x86, 0x1B, 0x1A, + 0x73, 0xBB, 0x51, 0x48, 0x8D, 0xE0, 0x4E, 0xF5, + 0x73, 0xC8, 0x52, 0x30, 0xA0, 0x47, 0x0B, 0x73, + 0x17, 0x5C, 0x9F, 0xA5, 0x05, 0x94, 0xF6, 0x6A, + 0x5F, 0x50, 0xB4, 0x15, 0x00, 0x54, 0xC9, 0x3B, + 0x68, 0x18, 0x6F, 0x8B, 0x5C, 0xBC, 0x49, 0x31, + 0x6C, 0x85, 0x48, 0xA6, 0x42, 0xB2, 0xB3, 0x6A, + 0x1D, 0x45, 0x4C, 0x74, 0x89, 0xAC, 0x33, 0xB2, + 0xD2, 0xCE, 0x66, 0x68, 0x09, 0x67, 0x82, 0xA2, + 0xC1, 0xE0, 0x86, 0x6D, 0x21, 0xA6, 0x5E, 0x16, + 0xB5, 0x85, 0xE7, 0xAF, 0x86, 0x18, 0xBD, 0xF3, + 0x18, 0x4C, 0x19, 0x86, 0x87, 0x85, 0x08, 0x91, + 0x72, 0x77, 0xB9, 0x3E, 0x10, 0x70, 0x6B, 0x16, + 0x14, 0x97, 0x2B, 0x2A, 0x94, 0xC7, 0x31, 0x0F, + 0xE9, 0xC7, 0x08, 0xC2, 0x31, 0xA1, 0xA8, 0xAC, + 0x8D, 0x93, 0x14, 0xA5, 0x29, 0xA9, 0x7F, 0x46, + 0x9B, 0xF6, 0x49, 0x62, 0xD8, 0x20, 0x64, 0x84, + 0x43, 0x09, 0x9A, 0x07, 0x6D, 0x55, 0xD4, 0xCE, + 0xA8, 0x24, 0xA5, 0x83, 0x04, 0x84, 0x4F, 0x99, + 0x49, 0x7C, 0x10, 0xA2, 0x51, 0x48, 0x61, 0x8A, + 0x31, 0x5D, 0x72, 0xCA, 0x85, 0x7D, 0x1B, 0x04, + 0xD5, 0x75, 0xB9, 0x4F, 0x85, 0xC0, 0x1D, 0x19, + 0xBE, 0xF2, 0x11, 0xBF, 0x0A, 0xA3, 0x36, 0x2E, + 0x70, 0x41, 0xFD, 0x16, 0x59, 0x6D, 0x80, 0x8E, + 0x86, 0x7B, 0x44, 0xC4, 0xC0, 0x0D, 0x1C, 0xDA, + 0x34, 0x18, 0x96, 0x77, 0x17, 0xF1, 0x47, 0xD0, + 0xEB, 0x21, 0xB4, 0x2A, 0xAE, 0xE7, 0x4A, 0xC3, + 0x5D, 0x0B, 0x92, 0x41, 0x4B, 0x95, 0x85, 0x31, + 0xAA, 0xDF, 0x46, 0x3E, 0xC6, 0x30, 0x5A, 0xE5, + 0xEC, 0xAF, 0x79, 0x17, 0x40, 0x02, 0xF2, 0x6D, + 0xDE, 0xCC, 0x81, 0x3B, 0xF3, 0x26, 0x72, 0xE8, + 0x52, 0x9D, 0x95, 0xA4, 0xE7, 0x30, 0xA7, 0xAB, + 0x4A, 0x3E, 0x8F, 0x8A, 0x8A, 0xF9, 0x79, 0xA6, + 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C, + 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15, + 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C, + 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22, + 0xD4, 0xEC, 0x14, 0x3B, 0x50, 0xF0, 0x14, 0x23, + 0xB1, 0x77, 0x89, 0x5E, 0xDE, 0xE2, 0x2B, 0xB7, + 0x39, 0xF6, 0x47, 0xEC, 0xF8, 0x5F, 0x50, 0xBC, + 0x25, 0xEF, 0x7B, 0x5A, 0x72, 0x5D, 0xEE, 0x86, + 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08, + 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21, + 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, + 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM + WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_sk[] = { + 0xda, 0x0a, 0xc7, 0xb6, 0x60, 0x40, 0x4e, 0x61, + 0x3a, 0xa1, 0xf9, 0x80, 0x38, 0x0c, 0xb3, 0x6d, + 0xba, 0x18, 0xd2, 0x32, 0x56, 0xc7, 0x26, 0x7a, + 0x00, 0xa6, 0x7b, 0xa6, 0xc2, 0xa2, 0xb1, 0x4c, + 0x41, 0x42, 0x39, 0x66, 0x2f, 0x68, 0xbd, 0x44, + 0x6c, 0x8e, 0xfd, 0xf3, 0x66, 0x56, 0xa0, 0x89, + 0x1a, 0x3c, 0xc6, 0x23, 0xfc, 0x68, 0xb6, 0x57, + 0x2f, 0x7b, 0x29, 0xa6, 0xde, 0x12, 0x80, 0x14, + 0x41, 0x1e, 0xe4, 0x19, 0x06, 0xd0, 0x80, 0x71, + 0xf9, 0x48, 0x56, 0xe3, 0x6a, 0x83, 0x2b, 0x40, + 0x33, 0x8d, 0x74, 0x35, 0x16, 0x65, 0x9b, 0xd2, + 0x58, 0x79, 0xc0, 0x07, 0xa5, 0x2b, 0xc9, 0x58, + 0x6f, 0x79, 0x87, 0x6a, 0xfa, 0xc6, 0xc9, 0xa3, + 0x0d, 0x8f, 0xac, 0x24, 0x3b, 0xd2, 0x24, 0x25, + 0xd6, 0xad, 0xce, 0x42, 0xab, 0x7e, 0xd3, 0x90, + 0x14, 0x75, 0x7a, 0x95, 0x8b, 0xc8, 0xa7, 0x45, + 0x65, 0xf0, 0x19, 0x23, 0x4f, 0xf0, 0x4b, 0x34, + 0x89, 0x3e, 0xd6, 0xd0, 0x55, 0x01, 0xc3, 0x72, + 0x55, 0x23, 0x9a, 0xae, 0x2a, 0xc1, 0x9f, 0x8c, + 0x75, 0xac, 0x59, 0x00, 0xda, 0xe8, 0x30, 0x0d, + 0xbb, 0xa7, 0x10, 0xdc, 0x2c, 0xaa, 0xe1, 0xbc, + 0xa3, 0xa3, 0x8c, 0x58, 0x34, 0x2b, 0x28, 0x6b, + 0x85, 0x18, 0xf1, 0x36, 0xad, 0x15, 0xb9, 0xf7, + 0xbc, 0xbb, 0x06, 0xa5, 0x60, 0x7d, 0xb3, 0x75, + 0xdb, 0xe9, 0x76, 0x45, 0x7c, 0x26, 0xc6, 0x59, + 0x82, 0x57, 0x53, 0x1b, 0x2c, 0xfb, 0x6e, 0xe7, + 0xf5, 0x15, 0x91, 0x84, 0x08, 0x04, 0xc3, 0x83, + 0x88, 0x37, 0x6c, 0x27, 0x14, 0x84, 0x13, 0xda, + 0x9e, 0x92, 0x92, 0x0b, 0xfd, 0x9a, 0x06, 0x9e, + 0x01, 0x8b, 0xd2, 0x72, 0x05, 0x3d, 0xa8, 0x77, + 0x5c, 0x0b, 0x73, 0x9f, 0x76, 0x1d, 0xb2, 0x10, + 0x7c, 0xf3, 0x5a, 0x43, 0x4d, 0x69, 0xb0, 0x7e, + 0x5b, 0xcd, 0xb8, 0x74, 0x34, 0x13, 0x8b, 0x0c, + 0xb5, 0x56, 0x76, 0x1b, 0xa5, 0x22, 0xa5, 0x74, + 0x7b, 0x28, 0x74, 0x7d, 0x80, 0xeb, 0x9d, 0x6c, + 0xc6, 0x73, 0xbe, 0xe5, 0x76, 0x93, 0x77, 0xb9, + 0x96, 0xd3, 0x6c, 0xeb, 0x0c, 0x0c, 0x7e, 0xd9, + 0xa6, 0x58, 0x53, 0x33, 0x24, 0x86, 0x9c, 0x18, + 0xa1, 0xa3, 0x6f, 0x31, 0x47, 0x0f, 0x14, 0xc5, + 0xae, 0x49, 0xab, 0x07, 0x05, 0x07, 0xf8, 0x24, + 0x9c, 0xe4, 0x04, 0xb4, 0x9c, 0x0a, 0x8c, 0x3e, + 0xe4, 0x2f, 0xea, 0x96, 0x31, 0xfa, 0x1a, 0x0d, + 0x10, 0xd8, 0x6b, 0x93, 0xf9, 0x86, 0xe0, 0xe3, + 0xa8, 0x2e, 0x70, 0x3b, 0x74, 0xe5, 0xae, 0x61, + 0x01, 0x24, 0x24, 0x21, 0xa8, 0x9a, 0xa0, 0x7f, + 0xe6, 0x85, 0x88, 0x46, 0x0b, 0xaa, 0x36, 0x87, + 0x86, 0x48, 0x6a, 0x72, 0xe4, 0xf2, 0x4d, 0x2d, + 0xd7, 0x6c, 0xfc, 0x03, 0xb6, 0x94, 0xa5, 0xba, + 0x91, 0xa7, 0x55, 0xa0, 0xb9, 0x8f, 0x3b, 0xf9, + 0x33, 0x07, 0xc0, 0xab, 0x64, 0x63, 0x9a, 0xea, + 0x7a, 0x64, 0x98, 0xa3, 0xc3, 0xdd, 0xc5, 0x71, + 0x14, 0x1a, 0xbc, 0xa4, 0x67, 0x8c, 0xd2, 0xe2, + 0xb8, 0x57, 0xfb, 0x88, 0xf6, 0x00, 0xca, 0xa5, + 0x96, 0xb4, 0x4b, 0xc4, 0x22, 0x25, 0x0b, 0x28, + 0x19, 0xe0, 0x51, 0x5f, 0x04, 0x72, 0x39, 0x18, + 0x53, 0x70, 0x0b, 0x01, 0xef, 0xf9, 0x45, 0x3f, + 0xd1, 0x18, 0x76, 0xb7, 0xc7, 0x59, 0xa0, 0x7d, + 0xd8, 0x45, 0xca, 0xba, 0x45, 0x55, 0x26, 0x4a, + 0x82, 0x76, 0x51, 0x93, 0xfd, 0xf8, 0x1b, 0x62, + 0x0a, 0x1e, 0x1f, 0x92, 0x3f, 0xb2, 0x44, 0x42, + 0xcd, 0x1c, 0xbe, 0x94, 0x17, 0x50, 0x03, 0xec, + 0x06, 0xce, 0x77, 0xa3, 0xc6, 0x44, 0x93, 0xc1, + 0x99, 0x98, 0x7a, 0x30, 0x0c, 0x95, 0xc5, 0x3c, + 0x00, 0x89, 0xb5, 0xd6, 0x5c, 0x92, 0xea, 0x97, + 0x1b, 0x2f, 0xfa, 0x93, 0xb5, 0x2a, 0x46, 0x1e, + 0xa2, 0xac, 0x8c, 0x19, 0x9c, 0x2f, 0x4c, 0x2b, + 0x70, 0x42, 0x97, 0xce, 0x3c, 0x39, 0x49, 0xe0, + 0x73, 0x5e, 0xa8, 0xa1, 0x4a, 0xa5, 0x9e, 0x8d, + 0xec, 0x0c, 0x87, 0x83, 0x99, 0xff, 0x70, 0x74, + 0x7a, 0xb2, 0x44, 0xce, 0x46, 0xb5, 0xf2, 0x23, + 0x04, 0x73, 0x32, 0x3d, 0x25, 0xc6, 0x6f, 0xe6, + 0xb4, 0x19, 0xb1, 0xf4, 0xa1, 0x12, 0xe5, 0x21, + 0x40, 0x35, 0x25, 0x6b, 0xc4, 0x3f, 0xfd, 0x2b, + 0x6b, 0x7b, 0x37, 0x87, 0x69, 0xa6, 0xb4, 0x70, + 0x00, 0xbf, 0xb6, 0x35, 0x7d, 0x45, 0x81, 0x4b, + 0xae, 0xf3, 0x85, 0x7d, 0x37, 0x9e, 0x2f, 0xb8, + 0xb5, 0xe5, 0x20, 0x1a, 0xb2, 0x62, 0x74, 0xbb, + 0x1b, 0x70, 0xad, 0x32, 0x2c, 0xd0, 0x43, 0x9b, + 0x2d, 0xb1, 0x09, 0xcf, 0xf0, 0xa2, 0xf8, 0xe6, + 0x00, 0x99, 0x55, 0x71, 0xff, 0xc3, 0x8c, 0x59, + 0x0b, 0xc4, 0xc7, 0x61, 0x5c, 0x69, 0xd0, 0xc9, + 0x8e, 0xf4, 0x30, 0xf3, 0x08, 0x61, 0xa7, 0x72, + 0x38, 0xff, 0xc0, 0x70, 0x61, 0xe4, 0x75, 0xd6, + 0xa3, 0x0a, 0xd1, 0xb4, 0x7f, 0xd0, 0x39, 0xc3, + 0xa4, 0x47, 0x76, 0x2d, 0xb2, 0x21, 0x1d, 0xc3, + 0x1d, 0x0a, 0xca, 0xcf, 0xd5, 0x58, 0x90, 0xa5, + 0x82, 0x47, 0x98, 0xf9, 0xae, 0xad, 0x74, 0x13, + 0xdf, 0xe0, 0x28, 0xb1, 0x01, 0x2b, 0xe8, 0xb6, + 0xca, 0x10, 0x26, 0x66, 0x6a, 0xc6, 0xbc, 0x94, + 0x40, 0xa4, 0x49, 0xb5, 0x1a, 0xd8, 0xbb, 0xa7, + 0xb0, 0x92, 0x1d, 0xd4, 0xd8, 0xb4, 0xa5, 0x78, + 0x13, 0x6d, 0x1a, 0x05, 0xdb, 0x38, 0xcc, 0x85, + 0x84, 0x37, 0xb2, 0x51, 0x61, 0xd1, 0xc3, 0xc2, + 0x8e, 0xe0, 0x7b, 0xbc, 0xf2, 0xb2, 0x49, 0x11, + 0x0d, 0x22, 0x78, 0x1d, 0xc3, 0x05, 0x0d, 0x8c, + 0xc0, 0x09, 0x00, 0x96, 0xb3, 0x8a, 0x85, 0x06, + 0x96, 0xf8, 0x6e, 0x9e, 0x6b, 0xab, 0x32, 0x52, + 0x71, 0xb2, 0x24, 0x86, 0x75, 0x01, 0x19, 0x68, + 0x50, 0x28, 0x81, 0x09, 0x04, 0x97, 0xfa, 0xc0, + 0xaf, 0x84, 0x3c, 0x1a, 0xea, 0x76, 0xdd, 0x81, + 0xcf, 0x29, 0xc0, 0x12, 0xc6, 0x62, 0x27, 0xb7, + 0xf0, 0x6d, 0x99, 0x61, 0x30, 0x9b, 0x02, 0x62, + 0xf7, 0x32, 0xc9, 0xa4, 0xd0, 0xbb, 0xd0, 0x67, + 0x27, 0xab, 0xb8, 0x37, 0x1f, 0xf2, 0xc1, 0x18, + 0x99, 0xa0, 0x98, 0x37, 0x5c, 0x46, 0x05, 0x16, + 0xb2, 0xcc, 0x88, 0xbc, 0xf6, 0x28, 0xed, 0xe3, + 0x7d, 0x8f, 0x3b, 0x33, 0x42, 0xe4, 0x49, 0x0a, + 0x85, 0x60, 0x6e, 0xc0, 0x3d, 0xa2, 0x9b, 0x02, + 0x56, 0x27, 0x53, 0x82, 0xa3, 0x31, 0x3d, 0xc0, + 0x41, 0x11, 0x48, 0x01, 0x03, 0x2c, 0x51, 0x9f, + 0x35, 0x0c, 0x3e, 0x6a, 0xba, 0xc3, 0xe3, 0x3b, + 0x93, 0xb4, 0xa1, 0x9f, 0x7c, 0x54, 0x66, 0xe5, + 0x8c, 0xb1, 0xdc, 0x14, 0xb4, 0xa9, 0x6c, 0x47, + 0x57, 0x29, 0xf9, 0x71, 0xbd, 0xf1, 0x73, 0xcd, + 0xf3, 0x54, 0x82, 0x4d, 0x01, 0x94, 0x27, 0xf9, + 0x5b, 0x3b, 0x4a, 0x4a, 0x4a, 0x95, 0x8e, 0x47, + 0x6a, 0x6e, 0x69, 0x91, 0xce, 0x6f, 0x06, 0xcb, + 0x5d, 0xfc, 0xa7, 0xd4, 0x38, 0x0c, 0x3d, 0x92, + 0x0b, 0x57, 0x11, 0xac, 0x1f, 0xcb, 0xaf, 0x4b, + 0x9a, 0xc8, 0x00, 0xb9, 0x76, 0xd1, 0xec, 0x76, + 0x6a, 0x62, 0x6c, 0xc1, 0x90, 0x0b, 0x66, 0xb3, + 0xa9, 0xdc, 0x62, 0xc5, 0xc1, 0x44, 0x52, 0x7a, + 0x29, 0x6b, 0xaf, 0x70, 0x43, 0x3b, 0xf6, 0x57, + 0xc0, 0x43, 0x7f, 0x87, 0x59, 0x7b, 0xd7, 0xc8, + 0xbb, 0xbe, 0x9a, 0xbc, 0x37, 0x05, 0x09, 0x31, + 0xa4, 0xa8, 0x69, 0x82, 0xa2, 0x02, 0x8a, 0x74, + 0x45, 0x4c, 0x9b, 0x81, 0x0c, 0x88, 0xd1, 0x70, + 0x1c, 0x8c, 0xc9, 0x8a, 0x1d, 0x4c, 0xa1, 0x07, + 0xa6, 0xb2, 0x5e, 0x96, 0x2f, 0xe4, 0xb6, 0xb0, + 0x3c, 0x95, 0x45, 0x32, 0x60, 0xb8, 0x07, 0x22, + 0x86, 0x37, 0xcc, 0x9e, 0xb1, 0x2a, 0xcc, 0x09, + 0x54, 0x95, 0x9a, 0x52, 0xae, 0x54, 0xd1, 0x97, + 0x73, 0x00, 0xab, 0xa0, 0xba, 0x2c, 0x14, 0x60, + 0x9b, 0xb2, 0x8c, 0x11, 0xd5, 0xfa, 0xc5, 0xca, + 0xc8, 0x82, 0x97, 0x60, 0x32, 0x83, 0xe8, 0x67, + 0xa3, 0x64, 0x83, 0x66, 0xc7, 0x24, 0xd9, 0x35, + 0x4c, 0xd7, 0xa1, 0x96, 0xdb, 0xd9, 0x80, 0x2f, + 0x7b, 0x88, 0xd3, 0xfa, 0x00, 0x1f, 0x9c, 0x97, + 0x73, 0x22, 0x54, 0x62, 0x23, 0x5e, 0x91, 0x35, + 0x2a, 0x20, 0x79, 0x1f, 0xd8, 0xb8, 0x7f, 0xe3, + 0x37, 0x7e, 0xc6, 0xa3, 0x94, 0x0b, 0x11, 0x30, + 0xa0, 0xbb, 0x04, 0xe7, 0x41, 0x0a, 0x34, 0xe2, + 0x58, 0x0d, 0x07, 0x1d, 0x6c, 0x56, 0x20, 0x20, + 0x86, 0x78, 0x7a, 0x65, 0x90, 0xf8, 0x43, 0x93, + 0xa8, 0xe6, 0x51, 0xa1, 0xe6, 0x85, 0xf2, 0x24, + 0x78, 0xa8, 0x95, 0x4f, 0x00, 0x7b, 0xc7, 0x71, + 0x1b, 0x93, 0x07, 0x72, 0xc7, 0x8f, 0x09, 0x2e, + 0x82, 0x87, 0x8e, 0x3e, 0x93, 0x7f, 0x36, 0x79, + 0x67, 0x53, 0x29, 0x13, 0xa8, 0xd5, 0x3d, 0xfd, + 0xf4, 0xbf, 0xb1, 0xf8, 0x84, 0x67, 0x46, 0x59, + 0x67, 0x05, 0xcf, 0x34, 0x51, 0x42, 0xb9, 0x72, + 0xa3, 0xf1, 0x63, 0x25, 0xc4, 0x0c, 0x29, 0x52, + 0xa3, 0x7b, 0x25, 0x89, 0x7e, 0x5e, 0xf3, 0x5f, + 0xba, 0xeb, 0x73, 0xa4, 0xac, 0xbe, 0xb6, 0xa0, + 0xb8, 0x99, 0x42, 0xce, 0xb1, 0x95, 0x53, 0x1c, + 0xfc, 0x0a, 0x07, 0x99, 0x39, 0x54, 0x48, 0x3e, + 0x6c, 0xbc, 0x87, 0xc0, 0x6a, 0xa7, 0x4f, 0xf0, + 0xca, 0xc5, 0x20, 0x7e, 0x53, 0x5b, 0x26, 0x0a, + 0xa9, 0x8d, 0x11, 0x98, 0xc0, 0x7d, 0xa6, 0x05, + 0xc4, 0xd1, 0x10, 0x20, 0xf6, 0xc9, 0xf7, 0xbb, + 0x68, 0xbb, 0x34, 0x56, 0xc7, 0x3a, 0x01, 0xb7, + 0x10, 0xbc, 0x99, 0xd1, 0x77, 0x39, 0xa5, 0x17, + 0x16, 0xaa, 0x01, 0x66, 0x0c, 0x8b, 0x62, 0x8b, + 0x2f, 0x56, 0x02, 0xba, 0x65, 0xf0, 0x7e, 0xa9, + 0x93, 0x33, 0x6e, 0x89, 0x6e, 0x83, 0xf2, 0xc5, + 0x73, 0x1b, 0xbf, 0x03, 0x46, 0x0c, 0x5b, 0x6c, + 0x8a, 0xfe, 0xcb, 0x74, 0x8e, 0xe3, 0x91, 0xe9, + 0x89, 0x34, 0xa2, 0xc5, 0x7d, 0x4d, 0x06, 0x9f, + 0x50, 0xd8, 0x8b, 0x30, 0xd6, 0x96, 0x6f, 0x38, + 0xc3, 0x7b, 0xc6, 0x49, 0xb8, 0x26, 0x34, 0xce, + 0x77, 0x22, 0x64, 0x5c, 0xcd, 0x62, 0x50, 0x63, + 0x36, 0x46, 0x46, 0xd6, 0xd6, 0x99, 0xdb, 0x57, + 0xb4, 0x5e, 0xb6, 0x74, 0x65, 0xe1, 0x6d, 0xe4, + 0xd4, 0x06, 0xa8, 0x18, 0xb9, 0xea, 0xe1, 0xca, + 0x91, 0x6a, 0x25, 0x94, 0x48, 0x97, 0x08, 0xa4, + 0x3c, 0xea, 0x88, 0xb0, 0x2a, 0x4c, 0x03, 0xd0, + 0x9b, 0x44, 0x81, 0x5c, 0x97, 0x10, 0x1c, 0xaf, + 0x50, 0x48, 0xbb, 0xcb, 0x24, 0x7a, 0xe2, 0x36, + 0x6c, 0xdc, 0x25, 0x4b, 0xa2, 0x21, 0x29, 0xf4, + 0x5b, 0x3b, 0x0e, 0xb3, 0x99, 0xca, 0x91, 0xa3, + 0x03, 0x40, 0x28, 0x30, 0xec, 0x01, 0xdb, 0x7b, + 0x2c, 0xa4, 0x80, 0xcf, 0x35, 0x04, 0x09, 0xb2, + 0x16, 0x09, 0x4b, 0x7b, 0x0c, 0x3a, 0xe3, 0x3c, + 0xe1, 0x0a, 0x91, 0x24, 0xe8, 0x96, 0x51, 0xab, + 0x90, 0x1e, 0xa2, 0x53, 0xc8, 0x41, 0x5b, 0xd7, + 0x82, 0x5f, 0x02, 0xbb, 0x22, 0x93, 0x69, 0xaf, + 0x97, 0x20, 0x28, 0xf2, 0x28, 0x75, 0xea, 0x55, + 0xaf, 0x16, 0xd3, 0xbc, 0x69, 0xf7, 0x0c, 0x2e, + 0xe8, 0xb7, 0x5f, 0x28, 0xb4, 0x7d, 0xd3, 0x91, + 0xf9, 0x89, 0xad, 0xe3, 0x14, 0x72, 0x9c, 0x33, + 0x1f, 0xa0, 0x4c, 0x19, 0x17, 0xb2, 0x78, 0xc3, + 0xeb, 0x60, 0x28, 0x68, 0x51, 0x28, 0x21, 0xad, + 0xc8, 0x25, 0xc6, 0x45, 0x77, 0xce, 0x1e, 0x63, + 0xb1, 0xd9, 0x64, 0x4a, 0x61, 0x29, 0x48, 0xa3, + 0x48, 0x3c, 0x7f, 0x1b, 0x9a, 0x25, 0x80, 0x00, + 0xe3, 0x01, 0x96, 0x94, 0x4a, 0x40, 0x36, 0x27, + 0x60, 0x9c, 0x76, 0xc7, 0xea, 0x6b, 0x5d, 0xe0, + 0x17, 0x64, 0xd2, 0x43, 0x79, 0x11, 0x7b, 0x9e, + 0xa2, 0x98, 0x48, 0xdc, 0x55, 0x5c, 0x45, 0x4b, + 0xce, 0xae, 0x1b, 0xa5, 0xcc, 0x72, 0xc7, 0x4a, + 0xb9, 0x6b, 0x9c, 0x91, 0xb9, 0x10, 0xd2, 0x6b, + 0x88, 0xb2, 0x56, 0x39, 0xd4, 0x77, 0x8a, 0xe2, + 0x6c, 0x7c, 0x61, 0x51, 0xa1, 0x9c, 0x6c, 0xd7, + 0x93, 0x84, 0x54, 0x37, 0x24, 0x65, 0xe4, 0xc5, + 0xec, 0x29, 0x24, 0x5a, 0xcb, 0x3d, 0xb5, 0x37, + 0x9d, 0xe3, 0xda, 0xbf, 0xa6, 0x29, 0xa7, 0xc0, + 0x4a, 0x83, 0x53, 0xa8, 0x53, 0x0c, 0x95, 0xac, + 0xb7, 0x32, 0xbb, 0x4b, 0xb8, 0x19, 0x32, 0xbb, + 0x2c, 0xa7, 0xa8, 0x48, 0xcd, 0x36, 0x68, 0x01, + 0x44, 0x4a, 0xbe, 0x23, 0xc8, 0x3b, 0x36, 0x6a, + 0x87, 0xd6, 0xa3, 0xcf, 0x36, 0x09, 0x24, 0xc0, + 0x02, 0xba, 0xe9, 0x0a, 0xf6, 0x5c, 0x48, 0x06, + 0x0b, 0x37, 0x52, 0xf2, 0xba, 0xdf, 0x1a, 0xb2, + 0x72, 0x20, 0x72, 0x55, 0x4a, 0x50, 0x59, 0x75, + 0x35, 0x94, 0xe6, 0xa7, 0x02, 0x76, 0x1f, 0xc9, + 0x76, 0x84, 0xc8, 0xc4, 0xa7, 0x54, 0x0a, 0x6b, + 0x07, 0xfb, 0xc9, 0xde, 0x87, 0xc9, 0x74, 0xaa, + 0x88, 0x09, 0xd9, 0x28, 0xc7, 0xf4, 0xcb, 0xbf, + 0x80, 0x45, 0xae, 0xa5, 0xbc, 0x66, 0x78, 0x25, + 0xfd, 0x05, 0xa5, 0x21, 0xf1, 0xa4, 0xbf, 0x53, + 0x92, 0x10, 0xc7, 0x11, 0x3b, 0xc3, 0x7b, 0x3e, + 0x58, 0xb0, 0xcb, 0xfc, 0x53, 0xc8, 0x41, 0xcb, + 0xb0, 0x37, 0x1d, 0xe2, 0xe5, 0x11, 0xb9, 0x89, + 0xcb, 0x7c, 0x70, 0xc0, 0x23, 0x36, 0x6d, 0x78, + 0xf9, 0xc3, 0x7e, 0xf0, 0x47, 0xf8, 0x72, 0x0b, + 0xe1, 0xc7, 0x59, 0xa8, 0xd9, 0x6b, 0x93, 0xf6, + 0x5a, 0x94, 0x11, 0x4f, 0xfa, 0xf6, 0x0d, 0x9a, + 0x81, 0x79, 0x5e, 0x99, 0x5c, 0x71, 0x15, 0x2a, + 0x46, 0x91, 0xa5, 0xa6, 0x02, 0xa9, 0xe1, 0xf3, + 0x59, 0x9e, 0x37, 0xc7, 0x68, 0xc7, 0xbc, 0x10, + 0x89, 0x94, 0xc0, 0x66, 0x9f, 0x3a, 0xdc, 0x95, + 0x7d, 0x46, 0xb4, 0xb6, 0x25, 0x69, 0x68, 0xe2, + 0x90, 0xd7, 0x89, 0x2e, 0xa8, 0x54, 0x64, 0xee, + 0x7a, 0x75, 0x0f, 0x39, 0xc5, 0xe3, 0x15, 0x2c, + 0x2d, 0xfc, 0x56, 0xd8, 0xb0, 0xc9, 0x24, 0xba, + 0x8a, 0x95, 0x9a, 0x68, 0x09, 0x65, 0x47, 0xf6, + 0x64, 0x23, 0xc8, 0x38, 0x98, 0x2a, 0x57, 0x94, + 0xb9, 0xe1, 0x53, 0x37, 0x71, 0x33, 0x1a, 0x9a, + 0x65, 0x6c, 0x28, 0x82, 0x8b, 0xeb, 0x91, 0x26, + 0xa6, 0x0e, 0x95, 0xe8, 0xc5, 0xd9, 0x06, 0x83, + 0x2c, 0x77, 0x10, 0x70, 0x55, 0x76, 0xb1, 0xfb, + 0x95, 0x07, 0x26, 0x9d, 0xda, 0xf8, 0xc9, 0x5c, + 0xe9, 0x71, 0x9b, 0x2c, 0xa8, 0xdd, 0x11, 0x2b, + 0xe1, 0x0b, 0xcc, 0x9f, 0x4a, 0x37, 0xbd, 0x1b, + 0x1e, 0xee, 0xb3, 0x3e, 0xcd, 0xa7, 0x6a, 0xe9, + 0xf6, 0x9a, 0x5d, 0x4b, 0x29, 0x23, 0xa8, 0x69, + 0x57, 0x67, 0x1d, 0x61, 0x93, 0x35, 0xbe, 0x1c, + 0x4c, 0x2c, 0x77, 0xce, 0x87, 0xc4, 0x1f, 0x98, + 0xa8, 0xcc, 0x46, 0x64, 0x60, 0xfa, 0x30, 0x0a, + 0xaf, 0x5b, 0x30, 0x1f, 0x0a, 0x1d, 0x09, 0xc8, + 0x8e, 0x65, 0xda, 0x4d, 0x8e, 0xe6, 0x4f, 0x68, + 0xc0, 0x21, 0x89, 0xbb, 0xb3, 0x58, 0x4b, 0xaf, + 0xf7, 0x16, 0xc8, 0x5d, 0xb6, 0x54, 0x04, 0x8a, + 0x00, 0x43, 0x33, 0x48, 0x93, 0x93, 0xa0, 0x74, + 0x27, 0xcd, 0x3e, 0x21, 0x7e, 0x6a, 0x34, 0x5f, + 0x6c, 0x2c, 0x2b, 0x13, 0xc2, 0x7b, 0x33, 0x72, + 0x71, 0xc0, 0xb2, 0x7b, 0x2d, 0xba, 0xa0, 0x0d, + 0x23, 0x76, 0x00, 0xb5, 0xb5, 0x94, 0xe8, 0xcf, + 0x2d, 0xd6, 0x25, 0xea, 0x76, 0xcf, 0x0e, 0xd8, + 0x99, 0x12, 0x2c, 0x97, 0x96, 0xb4, 0xb0, 0x18, + 0x70, 0x04, 0x25, 0x80, 0x49, 0xa4, 0x77, 0xcd, + 0x11, 0xd6, 0x8c, 0x49, 0xb9, 0xa0, 0xe7, 0xb0, + 0x0b, 0xce, 0x8c, 0xac, 0x78, 0x64, 0xcb, 0xb3, + 0x75, 0x14, 0x00, 0x84, 0x74, 0x4c, 0x93, 0x06, + 0x26, 0x94, 0xca, 0x79, 0x5c, 0x4f, 0x40, 0xe7, + 0xac, 0xc9, 0xc5, 0xa1, 0x88, 0x40, 0x72, 0xd8, + 0xc3, 0x8d, 0xaf, 0xb5, 0x01, 0xee, 0x41, 0x84, + 0xdd, 0x5a, 0x81, 0x9e, 0xc2, 0x4e, 0xc1, 0x65, + 0x12, 0x61, 0xf9, 0x62, 0xb1, 0x7a, 0x72, 0x15, + 0xaa, 0x4a, 0x74, 0x8c, 0x15, 0x83, 0x6c, 0x38, + 0x91, 0x37, 0x67, 0x82, 0x04, 0x83, 0x8d, 0x71, + 0x95, 0xa8, 0x5b, 0x4f, 0x98, 0xa1, 0xb5, 0x74, + 0xc4, 0xcd, 0x79, 0x09, 0xcd, 0x1f, 0x83, 0x3e, + 0xff, 0xd1, 0x48, 0x55, 0x43, 0x22, 0x9d, 0x37, + 0x48, 0xd9, 0xb5, 0xcd, 0x6c, 0x17, 0xb9, 0xb3, + 0xb8, 0x4a, 0xef, 0x8b, 0xce, 0x13, 0xe6, 0x83, + 0x73, 0x36, 0x59, 0xc7, 0x95, 0x42, 0xd6, 0x15, + 0x78, 0x2a, 0x71, 0xcd, 0xee, 0xe7, 0x92, 0xba, + 0xb5, 0x1b, 0xdc, 0x4b, 0xbf, 0xe8, 0x30, 0x8e, + 0x66, 0x31, 0x44, 0xed, 0xe8, 0x49, 0x18, 0x30, + 0xad, 0x98, 0xb4, 0x63, 0x4f, 0x64, 0xab, 0xa8, + 0xb9, 0xc0, 0x42, 0x27, 0x26, 0x53, 0x92, 0x0f, + 0x38, 0x0c, 0x1a, 0x17, 0xca, 0x87, 0xce, 0xd7, + 0xaa, 0xc4, 0x1c, 0x82, 0x88, 0x87, 0x93, 0x18, + 0x1a, 0x6f, 0x76, 0xe1, 0x97, 0xb7, 0xb9, 0x0e, + 0xf9, 0x09, 0x43, 0xbb, 0x38, 0x44, 0x91, 0x29, + 0x11, 0xd8, 0x55, 0x1e, 0x54, 0x66, 0xc5, 0x76, + 0x7a, 0xb0, 0xbc, 0x61, 0xa1, 0xa3, 0xf7, 0x36, + 0x16, 0x2e, 0xc0, 0x98, 0xa9, 0x00, 0xb1, 0x2d, + 0xd8, 0xfa, 0xbb, 0xfb, 0x3f, 0xe8, 0xcb, 0x1d, + 0xc4, 0xe8, 0x31, 0x5f, 0x2a, 0xf0, 0xd3, 0x2f, + 0x00, 0x17, 0xae, 0x13, 0x6e, 0x19, 0xf0, 0x28, + 0xf5, 0x72, 0x62, 0x66, 0x13, 0x58, 0xcd, 0xe8, + 0xd3, 0xeb, 0xf9, 0x90, 0xe5, 0xfd, 0x1d, 0x5b, + 0x89, 0x6c, 0x99, 0x2c, 0xcf, 0xaa, 0xdb, 0x52, + 0x56, 0xb6, 0x8b, 0xbf, 0x59, 0x43, 0xb1, 0x32, + 0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08, + 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, + 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f + }; +#endif +#ifdef WOLFSSL_MLKEM_KYBER + WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ct[] = { + 0xB5, 0x2C, 0x56, 0xB9, 0x2A, 0x4B, 0x7C, 0xE9, + 0xE4, 0xCB, 0x7C, 0x5B, 0x1B, 0x16, 0x31, 0x67, + 0xA8, 0xA1, 0x67, 0x5B, 0x2F, 0xDE, 0xF8, 0x4A, + 0x5B, 0x67, 0xCA, 0x15, 0xDB, 0x69, 0x4C, 0x9F, + 0x11, 0xBD, 0x02, 0x7C, 0x30, 0xAE, 0x22, 0xEC, + 0x92, 0x1A, 0x1D, 0x91, 0x15, 0x99, 0xAF, 0x05, + 0x85, 0xE4, 0x8D, 0x20, 0xDA, 0x70, 0xDF, 0x9F, + 0x39, 0xE3, 0x2E, 0xF9, 0x5D, 0x4C, 0x8F, 0x44, + 0xBF, 0xEF, 0xDA, 0xA5, 0xDA, 0x64, 0xF1, 0x05, + 0x46, 0x31, 0xD0, 0x4D, 0x6D, 0x3C, 0xFD, 0x0A, + 0x54, 0x0D, 0xD7, 0xBA, 0x38, 0x86, 0xE4, 0xB5, + 0xF1, 0x3E, 0x87, 0x87, 0x88, 0x60, 0x4C, 0x95, + 0xC0, 0x96, 0xEA, 0xB3, 0x91, 0x9F, 0x42, 0x75, + 0x21, 0x41, 0x9A, 0x94, 0x6C, 0x26, 0xCC, 0x04, + 0x14, 0x75, 0xD7, 0x12, 0x4C, 0xDC, 0x01, 0xD0, + 0x37, 0x3E, 0x5B, 0x09, 0xC7, 0xA7, 0x06, 0x03, + 0xCF, 0xDB, 0x4F, 0xB3, 0x40, 0x50, 0x23, 0xF2, + 0x26, 0x4D, 0xC3, 0xF9, 0x83, 0xC4, 0xFC, 0x02, + 0xA2, 0xD1, 0xB2, 0x68, 0xF2, 0x20, 0x8A, 0x1F, + 0x6E, 0x2A, 0x62, 0x09, 0xBF, 0xF1, 0x2F, 0x6F, + 0x46, 0x5F, 0x0B, 0x06, 0x9C, 0x3A, 0x7F, 0x84, + 0xF6, 0x06, 0xD8, 0xA9, 0x40, 0x64, 0x00, 0x3D, + 0x6E, 0xC1, 0x14, 0xC8, 0xE8, 0x08, 0xD3, 0x05, + 0x38, 0x84, 0xC1, 0xD5, 0xA1, 0x42, 0xFB, 0xF2, + 0x01, 0x12, 0xEB, 0x36, 0x0F, 0xDA, 0x3F, 0x0F, + 0x28, 0xB1, 0x72, 0xAE, 0x50, 0xF5, 0xE7, 0xD8, + 0x38, 0x01, 0xFB, 0x3F, 0x00, 0x64, 0xB6, 0x87, + 0x18, 0x70, 0x74, 0xBD, 0x7F, 0xE3, 0x0E, 0xDD, + 0xAA, 0x33, 0x4C, 0xF8, 0xFC, 0x04, 0xFA, 0x8C, + 0xED, 0x89, 0x9C, 0xEA, 0xDE, 0x4B, 0x4F, 0x28, + 0xB6, 0x83, 0x72, 0xBA, 0xF9, 0x8F, 0xF4, 0x82, + 0xA4, 0x15, 0xB7, 0x31, 0x15, 0x5B, 0x75, 0xCE, + 0xB9, 0x76, 0xBE, 0x0E, 0xA0, 0x28, 0x5B, 0xA0, + 0x1A, 0x27, 0xF1, 0x85, 0x7A, 0x8F, 0xB3, 0x77, + 0xA3, 0xAE, 0x0C, 0x23, 0xB2, 0xAA, 0x9A, 0x07, + 0x9B, 0xFA, 0xBF, 0xF0, 0xD5, 0xB2, 0xF1, 0xCD, + 0x9B, 0x71, 0x8B, 0xEA, 0x03, 0xC4, 0x2F, 0x34, + 0x3A, 0x39, 0xB4, 0xF1, 0x42, 0xD0, 0x1A, 0xD8, + 0xAC, 0xBB, 0x50, 0xE3, 0x88, 0x53, 0xCF, 0x9A, + 0x50, 0xC8, 0xB4, 0x4C, 0x3C, 0xF6, 0x71, 0xA4, + 0xA9, 0x04, 0x3B, 0x26, 0xDD, 0xBB, 0x24, 0x95, + 0x9A, 0xD6, 0x71, 0x5C, 0x08, 0x52, 0x18, 0x55, + 0xC7, 0x9A, 0x23, 0xB9, 0xC3, 0xD6, 0x47, 0x17, + 0x49, 0xC4, 0x07, 0x25, 0xBD, 0xD5, 0xC2, 0x77, + 0x6D, 0x43, 0xAE, 0xD2, 0x02, 0x04, 0xBA, 0xA1, + 0x41, 0xEF, 0xB3, 0x30, 0x49, 0x17, 0x47, 0x4B, + 0x7F, 0x9F, 0x7A, 0x4B, 0x08, 0xB1, 0xA9, 0x3D, + 0xAE, 0xD9, 0x8C, 0x67, 0x49, 0x53, 0x59, 0xD3, + 0x7D, 0x67, 0xF7, 0x43, 0x8B, 0xEE, 0x5E, 0x43, + 0x58, 0x56, 0x34, 0xB2, 0x6C, 0x6B, 0x38, 0x10, + 0xD7, 0xCD, 0xCB, 0xC0, 0xF6, 0xEB, 0x87, 0x7A, + 0x60, 0x87, 0xE6, 0x8A, 0xCB, 0x84, 0x80, 0xD3, + 0xA8, 0xCF, 0x69, 0x00, 0x44, 0x7E, 0x49, 0xB4, + 0x17, 0xF1, 0x5A, 0x53, 0xB6, 0x07, 0xA0, 0xE2, + 0x16, 0xB8, 0x55, 0x97, 0x0D, 0x37, 0x40, 0x68, + 0x70, 0xB4, 0x56, 0x87, 0x22, 0xDA, 0x77, 0xA4, + 0x08, 0x47, 0x03, 0x81, 0x67, 0x84, 0xE2, 0xF1, + 0x6B, 0xED, 0x18, 0x99, 0x65, 0x32, 0xC5, 0xD8, + 0xB7, 0xF5, 0xD2, 0x14, 0x46, 0x4E, 0x5F, 0x3F, + 0x6E, 0x90, 0x58, 0x67, 0xB0, 0xCE, 0x11, 0x9E, + 0x25, 0x2A, 0x66, 0x71, 0x32, 0x53, 0x54, 0x46, + 0x85, 0xD2, 0x08, 0xE1, 0x72, 0x39, 0x08, 0xA0, + 0xCE, 0x97, 0x83, 0x46, 0x52, 0xE0, 0x8A, 0xE7, + 0xBD, 0xC8, 0x81, 0xA1, 0x31, 0xB7, 0x3C, 0x71, + 0xE8, 0x4D, 0x20, 0xD6, 0x8F, 0xDE, 0xFF, 0x4F, + 0x5D, 0x70, 0xCD, 0x1A, 0xF5, 0x7B, 0x78, 0xE3, + 0x49, 0x1A, 0x98, 0x65, 0x94, 0x23, 0x21, 0x80, + 0x0A, 0x20, 0x3C, 0x05, 0xED, 0x1F, 0xEE, 0xB5, + 0xA2, 0x8E, 0x58, 0x4E, 0x19, 0xF6, 0x53, 0x5E, + 0x7F, 0x84, 0xE4, 0xA2, 0x4F, 0x84, 0xA7, 0x2D, + 0xCA, 0xF5, 0x64, 0x8B, 0x4A, 0x42, 0x35, 0xDD, + 0x66, 0x44, 0x64, 0x48, 0x2F, 0x03, 0x17, 0x6E, + 0x88, 0x8C, 0x28, 0xBF, 0xC6, 0xC1, 0xCB, 0x23, + 0x8C, 0xFF, 0xA3, 0x5A, 0x32, 0x1E, 0x71, 0x79, + 0x1D, 0x9E, 0xA8, 0xED, 0x08, 0x78, 0xC6, 0x11, + 0x21, 0xBF, 0x8D, 0x2A, 0x4A, 0xB2, 0xC1, 0xA5, + 0xE1, 0x20, 0xBC, 0x40, 0xAB, 0xB1, 0x89, 0x2D, + 0x17, 0x15, 0x09, 0x0A, 0x0E, 0xE4, 0x82, 0x52, + 0xCA, 0x29, 0x7A, 0x99, 0xAA, 0x0E, 0x51, 0x0C, + 0xF2, 0x6B, 0x1A, 0xDD, 0x06, 0xCA, 0x54, 0x3E, + 0x1C, 0x5D, 0x6B, 0xDC, 0xD3, 0xB9, 0xC5, 0x85, + 0xC8, 0x53, 0x80, 0x45, 0xDB, 0x5C, 0x25, 0x2E, + 0xC3, 0xC8, 0xC3, 0xC9, 0x54, 0xD9, 0xBE, 0x59, + 0x07, 0x09, 0x4A, 0x89, 0x4E, 0x60, 0xEA, 0xB4, + 0x35, 0x38, 0xCF, 0xEE, 0x82, 0xE8, 0xFF, 0xC0, + 0x79, 0x1B, 0x0D, 0x0F, 0x43, 0xAC, 0x16, 0x27, + 0x83, 0x0A, 0x61, 0xD5, 0x6D, 0xAD, 0x96, 0xC6, + 0x29, 0x58, 0xB0, 0xDE, 0x78, 0x0B, 0x78, 0xBD, + 0x47, 0xA6, 0x04, 0x55, 0x0D, 0xAB, 0x83, 0xFF, + 0xF2, 0x27, 0xC3, 0x24, 0x04, 0x94, 0x71, 0xF3, + 0x52, 0x48, 0xCF, 0xB8, 0x49, 0xB2, 0x57, 0x24, + 0xFF, 0x70, 0x4D, 0x52, 0x77, 0xAA, 0x35, 0x2D, + 0x55, 0x09, 0x58, 0xBE, 0x3B, 0x23, 0x7D, 0xFF, + 0x47, 0x3E, 0xC2, 0xAD, 0xBA, 0xEA, 0x48, 0xCA, + 0x26, 0x58, 0xAE, 0xFC, 0xC7, 0x7B, 0xBD, 0x42, + 0x64, 0xAB, 0x37, 0x4D, 0x70, 0xEA, 0xE5, 0xB9, + 0x64, 0x41, 0x6C, 0xE8, 0x22, 0x6A, 0x7E, 0x32, + 0x55, 0xA0, 0xF8, 0xD7, 0xE2, 0xAD, 0xCA, 0x06, + 0x2B, 0xCD, 0x6D, 0x78, 0xD6, 0x0D, 0x1B, 0x32, + 0xE1, 0x14, 0x05, 0xBE, 0x54, 0xB6, 0x6E, 0xF0, + 0xFD, 0xDD, 0x56, 0x77, 0x02, 0xA3, 0xBC, 0xCF, + 0xED, 0xE3, 0xC5, 0x84, 0x70, 0x12, 0x69, 0xED, + 0x14, 0x80, 0x9F, 0x06, 0xF8, 0x96, 0x83, 0x56, + 0xBB, 0x92, 0x67, 0xFE, 0x86, 0xE5, 0x14, 0x25, + 0x2E, 0x88, 0xBB, 0x5C, 0x30, 0xA7, 0xEC, 0xB3, + 0xD0, 0xE6, 0x21, 0x02, 0x1E, 0xE0, 0xFB, 0xF7, + 0x87, 0x1B, 0x09, 0x34, 0x2B, 0xF8, 0x4F, 0x55, + 0xC9, 0x7E, 0xAF, 0x86, 0xC4, 0x81, 0x89, 0xC7, + 0xFF, 0x4D, 0xF3, 0x89, 0xF0, 0x77, 0xE2, 0x80, + 0x6E, 0x5F, 0xA7, 0x3B, 0x3E, 0x94, 0x58, 0xA1, + 0x6C, 0x7E, 0x27, 0x5F, 0x4F, 0x60, 0x22, 0x75, + 0x58, 0x0E, 0xB7, 0xB7, 0x13, 0x5F, 0xB5, 0x37, + 0xFA, 0x0C, 0xD9, 0x5D, 0x6E, 0xA5, 0x8C, 0x10, + 0x8C, 0xD8, 0x94, 0x3D, 0x70, 0xC1, 0x64, 0x31, + 0x11, 0xF4, 0xF0, 0x1C, 0xA8, 0xA8, 0x27, 0x6A, + 0x90, 0x26, 0x66, 0xED, 0x81, 0xB7, 0x8D, 0x16, + 0x8B, 0x00, 0x6F, 0x16, 0xAA, 0xA3, 0xD8, 0xE4, + 0xCE, 0x4F, 0x4D, 0x0F, 0xB0, 0x99, 0x7E, 0x41, + 0xAE, 0xFF, 0xB5, 0xB3, 0xDA, 0xA8, 0x38, 0x73, + 0x2F, 0x35, 0x73, 0x49, 0x44, 0x7F, 0x38, 0x77, + 0x76, 0xC7, 0x93, 0xC0, 0x47, 0x9D, 0xE9, 0xE9, + 0x94, 0x98, 0xCC, 0x35, 0x6F, 0xDB, 0x00, 0x75, + 0xA7, 0x03, 0xF2, 0x3C, 0x55, 0xD4, 0x7B, 0x55, + 0x0E, 0xC8, 0x9B, 0x02, 0xAD, 0xE8, 0x93, 0x29, + 0x08, 0x6A, 0x50, 0x84, 0x34, 0x56, 0xFE, 0xDC, + 0x37, 0x88, 0xAC, 0x8D, 0x97, 0x23, 0x3C, 0x54, + 0x56, 0x04, 0x67, 0xEE, 0x1D, 0x0F, 0x02, 0x4B, + 0x18, 0x42, 0x8F, 0x0D, 0x73, 0xB3, 0x0E, 0x19, + 0xF5, 0xC6, 0x3B, 0x9A, 0xBF, 0x11, 0x41, 0x5B, + 0xEA, 0x4D, 0x01, 0x70, 0x13, 0x0B, 0xAA, 0xBD, + 0x33, 0xC0, 0x5E, 0x65, 0x24, 0xE5, 0xFB, 0x55, + 0x81, 0xB2, 0x2B, 0x04, 0x33, 0x34, 0x22, 0x48, + 0x26, 0x6D, 0x0F, 0x10, 0x53, 0xB2, 0x45, 0xCC, + 0x24, 0x62, 0xDC, 0x44, 0xD3, 0x49, 0x65, 0x10, + 0x24, 0x82, 0xA8, 0xED, 0x9E, 0x4E, 0x96, 0x4D, + 0x56, 0x83, 0xE5, 0xD4, 0x5D, 0x0C, 0x82, 0x69 + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM + WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_ct[] = { + 0xc8, 0x39, 0x10, 0x85, 0xb8, 0xd3, 0xea, 0x97, + 0x94, 0x21, 0x25, 0x41, 0xb2, 0x91, 0x4f, 0x08, + 0x96, 0x4d, 0x33, 0x52, 0x1d, 0x3f, 0x67, 0xad, + 0x66, 0x09, 0x6e, 0xbf, 0xb1, 0xf7, 0x06, 0x42, + 0x4b, 0x49, 0x55, 0x8f, 0x75, 0x5b, 0x56, 0x25, + 0xba, 0xe2, 0x36, 0xf2, 0xe0, 0x07, 0x96, 0x01, + 0xc7, 0x66, 0xf7, 0xd9, 0x60, 0x80, 0x8f, 0x7e, + 0x2b, 0xb0, 0xc7, 0xa5, 0xe0, 0x66, 0xed, 0x34, + 0x6d, 0xe6, 0x28, 0xf8, 0xc5, 0x7e, 0xeb, 0xab, + 0xbb, 0x0c, 0x22, 0xd9, 0x11, 0x54, 0x84, 0x63, + 0x69, 0x3e, 0xf3, 0xce, 0x52, 0xa5, 0x3f, 0x7f, + 0xf4, 0x15, 0xf0, 0x0e, 0x65, 0x7a, 0xe1, 0xc5, + 0xa4, 0x8f, 0xa5, 0xec, 0x6e, 0x4b, 0xe5, 0xcf, + 0x46, 0x2d, 0xaf, 0xfc, 0x84, 0xd2, 0xf6, 0xd5, + 0xff, 0x55, 0xdc, 0x9b, 0xbe, 0x8b, 0xb0, 0xd7, + 0x25, 0xec, 0x64, 0xfd, 0x4c, 0xd4, 0xbd, 0x8d, + 0xba, 0x0a, 0x84, 0x4e, 0x8b, 0x5c, 0xe4, 0xb6, + 0xa2, 0x89, 0x34, 0xd7, 0xf7, 0xa0, 0x50, 0x99, + 0x1f, 0xe1, 0x85, 0xb5, 0x06, 0xb4, 0x51, 0xda, + 0xbf, 0xad, 0x52, 0xd5, 0x2c, 0xb2, 0x11, 0x4c, + 0xa7, 0xd9, 0xa5, 0xcf, 0x98, 0x6c, 0x8f, 0xdc, + 0x1b, 0xc1, 0x0e, 0xc0, 0xc1, 0x86, 0x9e, 0x50, + 0xc0, 0x3c, 0x55, 0xa7, 0x61, 0x92, 0xa1, 0x04, + 0x9a, 0xca, 0x63, 0x6b, 0xa9, 0x02, 0x0b, 0xda, + 0xa8, 0xd0, 0xf5, 0x8c, 0x76, 0x3b, 0x0b, 0x89, + 0x84, 0x5c, 0xa0, 0x6d, 0x4c, 0x4d, 0xdc, 0x21, + 0x43, 0x3e, 0x16, 0xb9, 0xc6, 0x2e, 0x44, 0x87, + 0x1f, 0xdb, 0xc0, 0x5b, 0xa2, 0x18, 0xaf, 0x87, + 0x1f, 0xdd, 0x7d, 0xcf, 0xa4, 0x64, 0xe6, 0x0f, + 0xaa, 0x52, 0x65, 0x26, 0x4c, 0xe1, 0x39, 0x1b, + 0xd9, 0xa8, 0xc5, 0xfa, 0xa7, 0x62, 0x6d, 0x5f, + 0x15, 0x9b, 0x98, 0x05, 0xb9, 0x75, 0x71, 0x0a, + 0x35, 0x03, 0xa0, 0xb8, 0x58, 0xa1, 0x1c, 0x6a, + 0x64, 0x7c, 0xc0, 0xe1, 0x9a, 0xc8, 0x8b, 0x1b, + 0xe9, 0x05, 0x6c, 0x95, 0xb4, 0xd2, 0x08, 0x7d, + 0x09, 0x51, 0xd1, 0xd2, 0xf4, 0x99, 0x24, 0x91, + 0x11, 0x7e, 0x63, 0x47, 0x79, 0x4b, 0xa5, 0x45, + 0x71, 0xec, 0x49, 0xbb, 0xa7, 0x1a, 0xf3, 0x41, + 0x3d, 0x38, 0xa3, 0x0b, 0xf5, 0x87, 0x22, 0x48, + 0xd1, 0xf6, 0xd0, 0x7c, 0x86, 0xba, 0xf7, 0x82, + 0xe7, 0x3d, 0x26, 0x37, 0xf0, 0x43, 0xd3, 0x41, + 0xa0, 0x09, 0x21, 0x85, 0x7d, 0x8b, 0x21, 0xdd, + 0xf3, 0xe1, 0xd6, 0x31, 0x00, 0x36, 0xed, 0x27, + 0xaf, 0x49, 0xe5, 0xde, 0x1b, 0x90, 0x0f, 0xe4, + 0xde, 0x79, 0x80, 0x8f, 0xf2, 0x9f, 0x95, 0x70, + 0x85, 0x96, 0x12, 0xb1, 0x5a, 0xdc, 0x01, 0xfb, + 0xb2, 0x65, 0xb3, 0x05, 0xb1, 0xe3, 0xa1, 0x2a, + 0xe4, 0x19, 0xda, 0x5b, 0x74, 0x26, 0x1f, 0xa2, + 0x84, 0xc1, 0x01, 0xda, 0x3d, 0x8d, 0xca, 0x8b, + 0x2e, 0x45, 0x21, 0xac, 0xa5, 0x71, 0xef, 0x44, + 0xa0, 0x58, 0xe8, 0x44, 0xff, 0x32, 0xb1, 0x6d, + 0x5a, 0xae, 0xa0, 0x5f, 0x7f, 0x3a, 0xf8, 0xe2, + 0xab, 0x16, 0x22, 0x2e, 0x34, 0x76, 0x62, 0xed, + 0xdf, 0xb8, 0x91, 0xd0, 0xec, 0xc2, 0xa5, 0x5c, + 0x56, 0x38, 0xf9, 0xdd, 0xe9, 0x2d, 0x9a, 0x3d, + 0x54, 0x4a, 0x5f, 0x90, 0x1a, 0xc5, 0x01, 0xac, + 0xd1, 0xea, 0x6a, 0x01, 0x02, 0x01, 0xfc, 0xb1, + 0x0a, 0xd7, 0x02, 0xc4, 0x25, 0xa9, 0x4b, 0xdf, + 0x58, 0x90, 0xd5, 0x00, 0xa2, 0xa1, 0x47, 0xee, + 0xe1, 0xd1, 0xfc, 0xba, 0x8c, 0x3a, 0xbe, 0x7c, + 0x2d, 0xfe, 0x70, 0xf3, 0x46, 0xf0, 0x33, 0xd8, + 0x16, 0xa0, 0xb2, 0x79, 0x1b, 0x4f, 0x0b, 0x2d, + 0x95, 0x6d, 0x9e, 0xe5, 0x97, 0x17, 0x15, 0x39, + 0x9a, 0x56, 0x88, 0x30, 0x24, 0x95, 0xe2, 0xe0, + 0x7c, 0x1c, 0x8c, 0x01, 0x52, 0x71, 0x84, 0xbc, + 0xd0, 0xc2, 0x08, 0xbc, 0x15, 0x9f, 0x2e, 0x13, + 0x31, 0x8c, 0x0b, 0xb3, 0xdd, 0x24, 0xa6, 0xa7, + 0xfc, 0x84, 0x9f, 0x83, 0x38, 0x5e, 0xd4, 0xdb, + 0xa0, 0x7f, 0xe1, 0xd7, 0xbd, 0x56, 0x40, 0xcc, + 0x9e, 0xd5, 0xcc, 0xfd, 0xd6, 0x87, 0x63, 0xcb, + 0x0d, 0x0e, 0xdf, 0x61, 0xb2, 0x92, 0x17, 0x7f, + 0xc1, 0xd2, 0xd3, 0xc1, 0x1d, 0xd0, 0x49, 0x50, + 0x56, 0xbc, 0xb1, 0x25, 0x58, 0xae, 0xbc, 0xfd, + 0xde, 0xf9, 0xfe, 0xb4, 0xae, 0xbc, 0x57, 0xaf, + 0xd9, 0x02, 0x3c, 0x65, 0xcf, 0xe6, 0x5a, 0x24, + 0xe3, 0x3f, 0x1b, 0x00, 0x11, 0x1e, 0x92, 0xe6, + 0x3e, 0x01, 0x1e, 0xaf, 0x0b, 0x21, 0x2c, 0xf9, + 0x57, 0x43, 0xcd, 0x07, 0xf5, 0x18, 0x9e, 0xce, + 0x1f, 0x20, 0x5b, 0x7f, 0x6f, 0xcb, 0x2e, 0x6b, + 0x19, 0x61, 0xb5, 0x40, 0x4c, 0xeb, 0xe4, 0x7c, + 0x8c, 0xd1, 0x3b, 0x85, 0x99, 0xd5, 0xb4, 0x9e, + 0x6d, 0x87, 0xee, 0xda, 0x36, 0xe9, 0xb8, 0xfc, + 0x4c, 0x00, 0x63, 0x58, 0x96, 0xaa, 0x2b, 0x75, + 0x89, 0x6e, 0x33, 0x6d, 0x1b, 0x61, 0x2e, 0xe1, + 0x3d, 0xb8, 0x11, 0xe1, 0xf0, 0x7e, 0x61, 0x74, + 0x8d, 0x92, 0x0f, 0x48, 0x65, 0xf3, 0xf1, 0x17, + 0x41, 0x39, 0x9d, 0xc6, 0x16, 0x2c, 0x91, 0xca, + 0x16, 0x8a, 0x02, 0x32, 0x9d, 0xff, 0x82, 0x1d, + 0x58, 0x19, 0x87, 0x12, 0xdd, 0x55, 0x8a, 0xbb, + 0x09, 0x9b, 0x3a, 0x0b, 0xaf, 0x9d, 0xa1, 0xb7, + 0x30, 0xb2, 0xaa, 0x73, 0xbc, 0xf5, 0x8d, 0x74, + 0xf3, 0x57, 0xb0, 0x6f, 0x72, 0x11, 0xc8, 0x04, + 0xb6, 0xc8, 0xaf, 0x16, 0xff, 0x35, 0x09, 0xfa, + 0xd1, 0xd3, 0x5b, 0x14, 0xbf, 0xdc, 0xed, 0x7d, + 0xb8, 0xa6, 0xa2, 0x5c, 0x48, 0xe5, 0x95, 0x64, + 0x80, 0x72, 0x4d, 0xaa, 0x05, 0x7c, 0xd6, 0x60, + 0xb6, 0x7e, 0xe3, 0xe4, 0x72, 0x57, 0x41, 0x82, + 0x67, 0x9d, 0x48, 0x58, 0x38, 0xa6, 0x47, 0x6e, + 0xac, 0x02, 0x14, 0x10, 0x75, 0xc8, 0x12, 0xaf, + 0x79, 0x67, 0xba, 0x7c, 0x91, 0x85, 0xcc, 0x2a, + 0xbd, 0x2a, 0x45, 0x45, 0xb8, 0x0f, 0x3d, 0x31, + 0x04, 0xd5, 0x8d, 0x65, 0x4a, 0x57, 0x79, 0x2d, + 0xcf, 0xab, 0xbe, 0x9c, 0x07, 0x15, 0xe8, 0xde, + 0x2e, 0xf8, 0x1e, 0xf4, 0x04, 0xc8, 0x16, 0x8f, + 0xd7, 0xa4, 0x3e, 0xfa, 0xb3, 0xd4, 0x48, 0xe6, + 0x86, 0xa0, 0x88, 0xef, 0xd2, 0x6a, 0x26, 0x15, + 0x99, 0x48, 0x92, 0x67, 0x23, 0xd7, 0xec, 0xcc, + 0x39, 0xe3, 0xc1, 0xb7, 0x19, 0xcf, 0x8b, 0xec, + 0xb7, 0xbe, 0x7e, 0x96, 0x4f, 0x22, 0xcd, 0x8c, + 0xb1, 0xb7, 0xe2, 0x5e, 0x80, 0x0e, 0xa9, 0x7d, + 0x60, 0xa6, 0x4c, 0xc0, 0xbb, 0xd9, 0xcb, 0x40, + 0x7a, 0x3a, 0xb9, 0xf8, 0x8f, 0x5e, 0x29, 0x16, + 0x9e, 0xea, 0xfd, 0x4e, 0x03, 0x22, 0xfd, 0xe6, + 0x59, 0x0a, 0xe0, 0x93, 0xce, 0x8f, 0xee, 0xae, + 0x98, 0xb6, 0x22, 0xca, 0xa7, 0x55, 0x6f, 0xf4, + 0x26, 0xc9, 0xe7, 0xa4, 0x04, 0xce, 0x69, 0x35, + 0x58, 0x30, 0xa7, 0xa6, 0x77, 0x67, 0xa7, 0x6c, + 0x7d, 0x9a, 0x97, 0xb8, 0x4b, 0xfc, 0xf5, 0x0a, + 0x02, 0xf7, 0x5c, 0x23, 0x5d, 0x2f, 0x9c, 0x67, + 0x11, 0x38, 0x04, 0x9f, 0xfc, 0x7c, 0x80, 0x55, + 0x92, 0x6c, 0x03, 0xeb, 0x3f, 0xb8, 0x7f, 0x96, + 0x95, 0x18, 0x5a, 0x42, 0xec, 0xa9, 0xa4, 0x16, + 0x55, 0x87, 0x3d, 0x30, 0xa6, 0xb3, 0xbf, 0x42, + 0x8b, 0x24, 0x62, 0x23, 0x48, 0x4a, 0x8f, 0xf6, + 0x1e, 0xe3, 0xee, 0xaf, 0xff, 0x10, 0xe9, 0x9c, + 0x2c, 0x13, 0xa7, 0x62, 0x84, 0xd0, 0x63, 0xe5, + 0x6a, 0xb7, 0x11, 0xa3, 0x5a, 0x85, 0xb5, 0x38, + 0x3d, 0xf8, 0x1d, 0xa2, 0x34, 0x90, 0xf6, 0x6e, + 0x8e, 0xa3, 0xfc, 0xba, 0x06, 0x7f, 0x55, 0x30, + 0xc6, 0x54, 0x1c, 0x2b, 0x8f, 0x74, 0x71, 0x7c, + 0x35, 0x02, 0x3e, 0x7b, 0x9b, 0x39, 0x56, 0xc3, + 0xee, 0x2f, 0xf8, 0x4b, 0xa0, 0x3c, 0xcf, 0x4b, + 0x4b, 0x53, 0x21, 0xb9, 0x24, 0x08, 0x95, 0x48, + 0x1b, 0xc6, 0xd6, 0x3c, 0x16, 0x93, 0xc1, 0x84, + 0x78, 0x52, 0xf8, 0xe9, 0x7f, 0x50, 0xa1, 0x33, + 0x53, 0x2a, 0xc3, 0xee, 0x1e, 0x52, 0xd4, 0x64 + }; +#endif +#ifdef WOLFSSL_MLKEM_KYBER + WOLFSSL_SMALL_STACK_STATIC const byte kyber768_ss[] = { + 0x91, 0x4C, 0xB6, 0x7F, 0xE5, 0xC3, 0x8E, 0x73, + 0xBF, 0x74, 0x18, 0x1C, 0x0A, 0xC5, 0x04, 0x28, + 0xDE, 0xDF, 0x77, 0x50, 0xA9, 0x80, 0x58, 0xF7, + 0xD5, 0x36, 0x70, 0x87, 0x74, 0x53, 0x5B, 0x29 + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM + WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_768_ss[] = { + 0xe7, 0x18, 0x4a, 0x09, 0x75, 0xee, 0x34, 0x70, + 0x87, 0x8d, 0x2d, 0x15, 0x9e, 0xc8, 0x31, 0x29, + 0xc8, 0xae, 0xc2, 0x53, 0xd4, 0xee, 0x17, 0xb4, + 0x81, 0x03, 0x11, 0xd1, 0x98, 0xcd, 0x03, 0x68 + }; +#endif + +#ifdef WOLFSSL_SMALL_STACK + key = (MlKemKey *)XMALLOC(sizeof(MlKemKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + priv = (byte *)XMALLOC(WC_ML_KEM_768_PRIVATE_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + pub = (byte *)XMALLOC(WC_ML_KEM_768_PUBLIC_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (priv == NULL || pub == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + ct = (byte *)XMALLOC(WC_ML_KEM_768_CIPHER_TEXT_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + ss = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ct == NULL || ss == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + ss_dec = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ss_dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif +#endif + +#ifdef WOLFSSL_MLKEM_KYBER + ret = wc_KyberKey_Init(KYBER768, key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + else + key_inited = 1; + +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + ret = wc_KyberKey_MakeKeyWithRandom(key, kyber768_rand, + sizeof(kyber768_rand)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_KyberKey_EncodePublicKey(key, pub, KYBER768_PUBLIC_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_KyberKey_EncodePrivateKey(key, priv, KYBER768_PRIVATE_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(pub, kyber768_pk, sizeof(kyber768_pk)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(priv, kyber768_sk, sizeof(kyber768_sk)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)kyber768_rand; + (void)kyber768_pk; + ret = wc_KyberKey_DecodePrivateKey(key, kyber768_sk, + KYBER768_PRIVATE_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand, + sizeof(kyber768enc_rand)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(ct, kyber768_ct, sizeof(kyber768_ct)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(ss, kyber768_ss, sizeof(kyber768_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)kyber768enc_rand; +#endif + +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + ret = wc_KyberKey_Decapsulate(key, ss_dec, kyber768_ct, + sizeof(kyber768_ct)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(ss_dec, kyber768_ss, sizeof(kyber768_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)kyber768_ct; + (void)kyber768_ss; +#endif +#endif +#ifndef WOLFSSL_NO_ML_KEM + ret = wc_MlKemKey_Init(key, WC_ML_KEM_768, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + else + key_inited = 1; + +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + ret = wc_MlKemKey_MakeKeyWithRandom(key, kyber768_rand, + sizeof(kyber768_rand)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_MlKemKey_EncodePublicKey(key, pub, WC_ML_KEM_768_PUBLIC_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_MlKemKey_EncodePrivateKey(key, priv, + WC_ML_KEM_768_PRIVATE_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(pub, ml_kem_768_pk, sizeof(ml_kem_768_pk)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(priv, ml_kem_768_sk, sizeof(ml_kem_768_sk)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)kyber768_rand; + (void)ml_kem_768_pk; + ret = wc_MlKemKey_DecodePrivateKey(key, ml_kem_768_sk, + WC_ML_KEM_768_PRIVATE_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + ret = wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, kyber768enc_rand, + sizeof(kyber768enc_rand)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(ct, ml_kem_768_ct, sizeof(ml_kem_768_ct)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(ss, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)kyber768enc_rand; +#endif + +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + ret = wc_MlKemKey_Decapsulate(key, ss_dec, ml_kem_768_ct, + sizeof(ml_kem_768_ct)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(ss_dec, ml_kem_768_ss, sizeof(ml_kem_768_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)ml_kem_768_ct; + (void)ml_kem_768_ss; +#endif +#endif + +out: + + if (key_inited) + wc_MlKemKey_Free(key); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#endif + + return ret; +} +#endif /* !WOLFSSL_NO_KYBER768 && !WOLFSSL_NO_ML_KEM_768 */ + +#if !defined(WOLFSSL_NO_KYBER1024) && !defined(WOLFSSL_NO_ML_KEM_1024) +static wc_test_ret_t mlkem1024_kat(void) +{ + wc_test_ret_t ret; +#ifdef WOLFSSL_SMALL_STACK + MlKemKey *key = NULL; +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + byte *priv = NULL; + byte *pub = NULL; +#endif +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + byte *ct = NULL; + byte *ss = NULL; +#endif +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + byte *ss_dec = NULL; +#endif +#else + MlKemKey key[1]; +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + byte priv[WC_ML_KEM_1024_PRIVATE_KEY_SIZE]; + byte pub[WC_ML_KEM_1024_PUBLIC_KEY_SIZE]; +#endif +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + byte ct[WC_ML_KEM_1024_CIPHER_TEXT_SIZE]; + byte ss[WC_ML_KEM_SS_SZ]; +#endif +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + byte ss_dec[WC_ML_KEM_SS_SZ]; +#endif +#endif + int key_inited = 0; + WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_rand[] = { + 0x7c, 0x99, 0x35, 0xa0, 0xb0, 0x76, 0x94, 0xaa, + 0x0c, 0x6d, 0x10, 0xe4, 0xdb, 0x6b, 0x1a, 0xdd, + 0x2f, 0xd8, 0x1a, 0x25, 0xcc, 0xb1, 0x48, 0x03, + 0x2d, 0xcd, 0x73, 0x99, 0x36, 0x73, 0x7f, 0x2d, + 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08, + 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21, + 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, + 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F + }; + WOLFSSL_SMALL_STACK_STATIC const byte kyber1024enc_rand[] = { + 0x14, 0x7c, 0x03, 0xf7, 0xa5, 0xbe, 0xbb, 0xa4, + 0x06, 0xc8, 0xfa, 0xe1, 0x87, 0x4d, 0x7f, 0x13, + 0xc8, 0x0e, 0xfe, 0x79, 0xa3, 0xa9, 0xa8, 0x74, + 0xcc, 0x09, 0xfe, 0x76, 0xf6, 0x99, 0x76, 0x15 + }; +#ifdef WOLFSSL_MLKEM_KYBER + WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_pk[] = { + 0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC, + 0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB, + 0x43, 0x54, 0x76, 0x25, 0x41, 0x52, 0x76, 0x78, + 0xBC, 0xF6, 0x1F, 0x65, 0xC2, 0x41, 0x14, 0x6C, + 0x42, 0x6D, 0x23, 0xB9, 0xBF, 0xAA, 0x6B, 0x7D, + 0xF1, 0x8C, 0x97, 0xF2, 0x0C, 0x1B, 0x61, 0x25, + 0xBF, 0x87, 0x4B, 0x1D, 0x89, 0x47, 0x58, 0x52, + 0xC4, 0x48, 0x21, 0x5D, 0xB0, 0xEB, 0x77, 0x37, + 0xF9, 0x14, 0x80, 0xE8, 0xCE, 0xBD, 0x9A, 0x08, + 0x71, 0x57, 0x4F, 0x5A, 0xB6, 0x2D, 0x90, 0x20, + 0x17, 0x5E, 0xC6, 0x92, 0x7C, 0xA0, 0xB5, 0x4C, + 0x09, 0x81, 0x8E, 0x42, 0xCF, 0x92, 0xA3, 0x83, + 0x17, 0x24, 0x22, 0xC7, 0xDC, 0x18, 0x31, 0xD6, + 0x3B, 0x0C, 0x29, 0x5D, 0xE7, 0x51, 0x59, 0xDB, + 0x80, 0x34, 0xE9, 0xE0, 0x7F, 0x7B, 0x0B, 0x91, + 0x0C, 0x3C, 0x1E, 0x5F, 0xB6, 0x6B, 0x3D, 0xC5, + 0x23, 0xF1, 0xFA, 0x6E, 0xB4, 0x91, 0x0C, 0xB8, + 0x9A, 0x6C, 0x17, 0x56, 0x2C, 0x83, 0xAB, 0x4C, + 0x18, 0xD0, 0xCD, 0x7E, 0x07, 0x96, 0x59, 0x2A, + 0x37, 0x2A, 0xA4, 0x09, 0xB1, 0xC5, 0x57, 0x34, + 0x7C, 0xCA, 0xCD, 0xC4, 0x64, 0x4A, 0x11, 0x90, + 0x64, 0xD0, 0x6D, 0xD4, 0x74, 0x92, 0x9D, 0x1C, + 0x6F, 0xB4, 0xD6, 0x86, 0xE5, 0x49, 0x1C, 0xE4, + 0xBC, 0x89, 0xA3, 0x0B, 0xB4, 0xB8, 0xC4, 0x1B, + 0xCE, 0x51, 0x57, 0xDF, 0xC1, 0x36, 0x08, 0x23, + 0xB1, 0xAB, 0x61, 0x8C, 0x14, 0xB1, 0x0F, 0x98, + 0xC2, 0x50, 0x67, 0x39, 0x8E, 0xA7, 0x01, 0x8C, + 0x27, 0x8A, 0x4B, 0x3D, 0xF3, 0x13, 0x34, 0xD6, + 0x03, 0xB2, 0x04, 0x4E, 0xF1, 0x87, 0xCD, 0x9B, + 0xC6, 0xCE, 0x42, 0x72, 0x5B, 0xD9, 0x62, 0xC2, + 0x64, 0x98, 0x3E, 0x9E, 0x18, 0x15, 0x5A, 0x8B, + 0x9C, 0x47, 0x14, 0x3D, 0x70, 0x46, 0x0A, 0x26, + 0xA5, 0x6F, 0xE7, 0x65, 0x8C, 0x1F, 0x15, 0x03, + 0x48, 0xC6, 0x08, 0x7E, 0xF7, 0x58, 0xAD, 0x16, + 0x78, 0x87, 0x86, 0x0A, 0x00, 0x7A, 0x5F, 0xC3, + 0x73, 0x58, 0xD4, 0x3B, 0x5E, 0xBE, 0xE8, 0x20, + 0xAC, 0xEA, 0x47, 0x4F, 0x0A, 0xC0, 0x7B, 0x76, + 0x80, 0x28, 0x66, 0x19, 0x9C, 0x61, 0x23, 0x1D, + 0x5C, 0x74, 0x7C, 0x93, 0x77, 0x4D, 0x2C, 0x1E, + 0x0C, 0x1C, 0x67, 0xE6, 0xC8, 0x1B, 0x82, 0x75, + 0x21, 0x73, 0xE1, 0x25, 0xBA, 0xF3, 0x9B, 0x4F, + 0xD1, 0x9A, 0x4F, 0x45, 0x3D, 0xC5, 0x79, 0x76, + 0xB1, 0xD9, 0x7F, 0xE6, 0x99, 0x69, 0x92, 0xBB, + 0xB6, 0x5B, 0x7C, 0xB2, 0x5D, 0x07, 0x7B, 0xBA, + 0xA6, 0xA1, 0x33, 0x22, 0x89, 0x9A, 0xF6, 0x59, + 0xCF, 0x1B, 0x35, 0x58, 0xC1, 0xB5, 0x00, 0x11, + 0x54, 0xB6, 0x25, 0x80, 0x9E, 0xD8, 0x9A, 0xEE, + 0xBB, 0x89, 0xE6, 0xEA, 0x7D, 0x67, 0xF7, 0x23, + 0xD0, 0x45, 0xAB, 0x05, 0x71, 0x5C, 0x42, 0x35, + 0x5D, 0xA6, 0xA5, 0xC8, 0xDD, 0x39, 0xC8, 0xAB, + 0xE3, 0x03, 0x77, 0x51, 0xA0, 0x1E, 0xD1, 0xC7, + 0x37, 0x49, 0x19, 0xF3, 0x12, 0x1B, 0x5A, 0x52, + 0xC5, 0x3D, 0x14, 0x87, 0x31, 0x67, 0x69, 0xF8, + 0x07, 0x21, 0xDE, 0xEA, 0xAA, 0xD3, 0xC9, 0x0F, + 0x76, 0xE7, 0xAE, 0x9E, 0x12, 0xBA, 0x92, 0xB3, + 0x2B, 0x5F, 0xD4, 0x57, 0xE3, 0xC7, 0x52, 0xC2, + 0x65, 0x0D, 0xFB, 0x88, 0x57, 0x71, 0xCB, 0x77, + 0xAC, 0x3C, 0x78, 0x5A, 0x8C, 0x56, 0x2E, 0x6A, + 0x1C, 0x63, 0xC2, 0xA5, 0x5E, 0xA4, 0x7C, 0xF8, + 0xB9, 0x0E, 0xB8, 0x22, 0x5C, 0x12, 0x3C, 0x34, + 0x64, 0x52, 0x56, 0x62, 0x35, 0xB2, 0xF3, 0x18, + 0x23, 0xA3, 0x35, 0x21, 0xE0, 0x87, 0x93, 0x7A, + 0x34, 0x5D, 0x8D, 0x66, 0x3E, 0xEA, 0xA0, 0x56, + 0x58, 0x91, 0x7B, 0xBA, 0xA0, 0x08, 0xC2, 0xE3, + 0x35, 0xF8, 0x85, 0x0A, 0x90, 0xA3, 0x26, 0xD0, + 0xE6, 0x64, 0x32, 0xF4, 0x4C, 0xEB, 0x82, 0x89, + 0xE4, 0xEC, 0xB2, 0xD1, 0x29, 0x58, 0xE9, 0x84, + 0x07, 0x2E, 0xCA, 0xCB, 0x88, 0xE1, 0x34, 0x8F, + 0xF0, 0xB5, 0x56, 0x54, 0xAC, 0xBA, 0x5B, 0x54, + 0x97, 0x1C, 0xBA, 0xEB, 0xA8, 0x8E, 0xC4, 0xB9, + 0x1A, 0x94, 0xC3, 0x71, 0x92, 0xFA, 0x98, 0x2B, + 0xEC, 0xB9, 0xF3, 0xDA, 0x42, 0x16, 0x03, 0xB6, + 0x1A, 0x51, 0xBC, 0x8E, 0x36, 0xCB, 0xD0, 0x53, + 0x85, 0x1C, 0x77, 0xB1, 0xB9, 0x26, 0xB1, 0x7A, + 0x27, 0x2A, 0xA9, 0x02, 0x32, 0x46, 0xB0, 0x2B, + 0x3E, 0xD4, 0x7F, 0x66, 0xA0, 0x0B, 0xD5, 0x68, + 0x48, 0x23, 0x63, 0x4E, 0x7C, 0xE5, 0x8C, 0xF8, + 0xF3, 0x06, 0xE3, 0x5B, 0x1E, 0x53, 0x22, 0x82, + 0x4D, 0x90, 0x48, 0x01, 0xF0, 0xA2, 0xFA, 0x7C, + 0x2B, 0xC9, 0xC2, 0x52, 0xB0, 0xA5, 0x6B, 0x7B, + 0xA2, 0xAB, 0x0F, 0x63, 0x60, 0x21, 0x74, 0x5A, + 0x70, 0xA9, 0xA4, 0x3E, 0x2B, 0x0A, 0x8D, 0x61, + 0x59, 0x70, 0xB6, 0x53, 0x09, 0x62, 0x4B, 0x51, + 0x84, 0xBC, 0xC3, 0x0B, 0x91, 0x16, 0x79, 0xAE, + 0xDD, 0x76, 0x02, 0x5F, 0xE3, 0x90, 0x8F, 0xD6, + 0x78, 0x97, 0xB0, 0xCF, 0x4B, 0xE5, 0xA6, 0xF5, + 0x41, 0x3D, 0x7D, 0xD9, 0x85, 0x64, 0xB2, 0x3E, + 0x42, 0xA9, 0x3E, 0x4A, 0xA8, 0x82, 0x1C, 0xD4, + 0x50, 0x54, 0xC6, 0x43, 0xED, 0xC1, 0x15, 0x8D, + 0xB6, 0xB3, 0xDE, 0xB1, 0x3F, 0xB5, 0xA5, 0x1E, + 0xBD, 0x1A, 0x8A, 0x78, 0xB8, 0x72, 0x25, 0xA7, + 0x33, 0x8E, 0x10, 0x11, 0x04, 0xC4, 0xA2, 0x20, + 0xD9, 0xBD, 0xED, 0xD4, 0x8C, 0x85, 0xA1, 0xC2, + 0xDA, 0xE7, 0x81, 0xA8, 0x0C, 0x40, 0xE1, 0x3B, + 0x87, 0xEA, 0xC7, 0x3A, 0x76, 0x42, 0x01, 0xC9, + 0xB7, 0x60, 0xCC, 0xFB, 0x1A, 0xE3, 0x92, 0x69, + 0x9C, 0x70, 0x39, 0xD2, 0x7C, 0x39, 0x36, 0x2B, + 0x27, 0xB8, 0xFC, 0x6F, 0x07, 0xA8, 0xA3, 0xD4, + 0x41, 0x0F, 0x15, 0x47, 0xC4, 0x8A, 0x99, 0x97, + 0xF6, 0x2C, 0x61, 0x07, 0x44, 0x52, 0xEF, 0x15, + 0x15, 0xF8, 0xA6, 0x49, 0xEB, 0xCA, 0x94, 0x37, + 0x20, 0x5A, 0x4E, 0x8A, 0x61, 0x60, 0x6B, 0x41, + 0xDA, 0xF6, 0x83, 0x4D, 0x67, 0x1F, 0x4D, 0x85, + 0x2C, 0x0C, 0x9C, 0x40, 0x96, 0x61, 0x16, 0x48, + 0xC6, 0xA3, 0x17, 0x06, 0x78, 0xB1, 0x53, 0x7C, + 0xC1, 0x82, 0x8D, 0x93, 0x58, 0x0C, 0x9E, 0x58, + 0x49, 0xA9, 0x65, 0x31, 0x75, 0xAC, 0xB7, 0x53, + 0xF2, 0xBE, 0x74, 0x37, 0xBE, 0x45, 0xF6, 0xC6, + 0x03, 0xE4, 0x85, 0xF2, 0xEC, 0x30, 0x1B, 0xB4, + 0x2B, 0x6C, 0x37, 0xC2, 0x25, 0xD7, 0x49, 0x5A, + 0x58, 0x4A, 0xE2, 0x31, 0x89, 0x0A, 0xB5, 0xC8, + 0xC3, 0x5C, 0x26, 0x8C, 0xF4, 0xBB, 0xB0, 0x21, + 0x3C, 0x09, 0x60, 0x19, 0x31, 0x95, 0x61, 0xA8, + 0xA6, 0x94, 0x76, 0x37, 0xAA, 0x40, 0xD0, 0x06, + 0xB4, 0x15, 0xBB, 0x2C, 0xFA, 0x22, 0x37, 0xE0, + 0x89, 0x0B, 0x6A, 0x3B, 0xC1, 0x34, 0xAB, 0xF8, + 0xF6, 0x58, 0x5E, 0x10, 0x8D, 0x15, 0x94, 0x0F, + 0x91, 0xF4, 0xBF, 0x5B, 0x0C, 0x81, 0x80, 0x55, + 0xB2, 0x1D, 0xEA, 0x6E, 0x63, 0xB5, 0x53, 0x98, + 0x8C, 0x47, 0xF4, 0xB9, 0x4E, 0x7C, 0xF8, 0x00, + 0xA4, 0x93, 0xB4, 0x73, 0x47, 0x05, 0xED, 0xC5, + 0x6A, 0x4B, 0x60, 0x21, 0xC6, 0x29, 0x50, 0x06, + 0x75, 0x87, 0x68, 0x04, 0xCF, 0x0B, 0x95, 0x1F, + 0x03, 0x8A, 0x5C, 0x7F, 0xE5, 0x8E, 0x89, 0x77, + 0x4E, 0xF2, 0x99, 0x2F, 0xD7, 0xC6, 0x30, 0x99, + 0xD3, 0x52, 0xA7, 0xD2, 0x15, 0x60, 0xB7, 0x88, + 0xB4, 0x05, 0x70, 0x98, 0x61, 0x81, 0x7E, 0x59, + 0xA9, 0x6B, 0x3A, 0x3A, 0x83, 0xCB, 0xA8, 0x03, + 0xB1, 0x69, 0x34, 0x33, 0x10, 0x71, 0x90, 0x5B, + 0xBE, 0xC6, 0x53, 0x29, 0x00, 0x15, 0x5D, 0x8A, + 0xC8, 0x8C, 0xB3, 0x2E, 0x4E, 0x21, 0xA3, 0xBD, + 0x3A, 0x03, 0xFD, 0xEC, 0x32, 0x5A, 0x51, 0xCD, + 0x27, 0x73, 0x96, 0x4E, 0x67, 0x84, 0xFC, 0xF1, + 0x85, 0x37, 0x37, 0xAA, 0x64, 0xEB, 0x67, 0x56, + 0x47, 0x27, 0x27, 0x26, 0x61, 0xAB, 0xF8, 0x43, + 0x13, 0xA5, 0x7A, 0x44, 0xB1, 0x23, 0xC6, 0x55, + 0x09, 0xCF, 0xB7, 0xA6, 0xF6, 0x64, 0x1C, 0xDC, + 0xC3, 0xB5, 0x7F, 0xE6, 0x28, 0xC7, 0xB8, 0x19, + 0x2D, 0xB4, 0x4F, 0xFB, 0xF5, 0x79, 0x6A, 0x86, + 0x13, 0xB1, 0xFA, 0x12, 0x6F, 0x60, 0x76, 0x88, + 0x3C, 0x78, 0x3D, 0xC2, 0x4E, 0x2A, 0x44, 0x64, + 0xC4, 0x0B, 0x3A, 0x41, 0xCA, 0x70, 0xAE, 0x87, + 0x62, 0x08, 0x66, 0xCF, 0x4F, 0xCB, 0x2B, 0xD2, + 0x04, 0xBF, 0x5C, 0x28, 0x38, 0x12, 0xBA, 0x05, + 0x6A, 0xC0, 0xC3, 0x45, 0xE3, 0x79, 0xC4, 0xBA, + 0x24, 0xD7, 0x50, 0x90, 0x12, 0x79, 0xBB, 0x2F, + 0x3A, 0x16, 0xF6, 0x12, 0xBF, 0xAD, 0xB3, 0x57, + 0x03, 0x33, 0x2C, 0x7C, 0x13, 0x6F, 0x68, 0xEA, + 0xB6, 0x75, 0x5C, 0x66, 0xB6, 0xA4, 0xAD, 0x1A, + 0xAB, 0xA7, 0xB7, 0x68, 0xA5, 0x8A, 0xCA, 0xAC, + 0xC1, 0x0A, 0x45, 0x9A, 0x1C, 0xC8, 0xEF, 0x29, + 0x37, 0x7B, 0xC2, 0x00, 0xE4, 0xD3, 0x15, 0xA3, + 0x0A, 0x6B, 0xCC, 0x32, 0x56, 0xF9, 0x73, 0x4D, + 0x06, 0xE9, 0x77, 0x9C, 0xAA, 0x54, 0x42, 0xA9, + 0xA1, 0x60, 0x69, 0x08, 0x13, 0x77, 0xC7, 0x6E, + 0x75, 0x15, 0x43, 0x68, 0x07, 0x2D, 0xC4, 0x46, + 0xED, 0x6C, 0x8B, 0x8E, 0x62, 0x2A, 0x21, 0xE3, + 0x83, 0xCF, 0x9B, 0xA1, 0xFB, 0x43, 0x4E, 0x2E, + 0xCC, 0x81, 0xE7, 0xB7, 0x8C, 0xEE, 0x98, 0x6B, + 0x8F, 0xF7, 0x98, 0xAB, 0x18, 0xCF, 0x96, 0x34, + 0x54, 0x35, 0x46, 0x28, 0x4E, 0xDA, 0x2A, 0x26, + 0xB4, 0x7F, 0x05, 0xB7, 0x35, 0xBC, 0xDB, 0x12, + 0x02, 0x22, 0x00, 0x76, 0xDC, 0x8B, 0x4E, 0x4B, + 0x9F, 0x85, 0x35, 0x33, 0xC8, 0xF6, 0xC7, 0xFF, + 0x38, 0x81, 0x7B, 0xA4, 0x97, 0x12, 0x83, 0x57, + 0x85, 0xF1, 0x7F, 0x14, 0xCA, 0x01, 0xD0, 0xC1, + 0xC1, 0xE9, 0x88, 0x10, 0xFE, 0x0B, 0x36, 0xE5, + 0xB4, 0x27, 0x15, 0x7B, 0x94, 0x18, 0x44, 0x9C, + 0xED, 0xD6, 0x41, 0xA4, 0x29, 0x3C, 0x85, 0xC3, + 0x27, 0x00, 0x10, 0x2A, 0xCE, 0xC2, 0x2E, 0xBA, + 0xD9, 0x8E, 0xD1, 0x60, 0xA5, 0xF0, 0x27, 0xBD, + 0x4C, 0xDA, 0x57, 0xF1, 0xF3, 0x72, 0x0A, 0x12, + 0xC1, 0x34, 0x65, 0x4D, 0xD5, 0xE7, 0x3F, 0x82, + 0x96, 0x76, 0x49, 0x53, 0x90, 0xD0, 0xE7, 0x92, + 0x9D, 0x60, 0x34, 0xE9, 0xC5, 0x5F, 0x7D, 0x55, + 0xBA, 0x65, 0x8B, 0xC5, 0x87, 0x98, 0x8E, 0x8A, + 0xF9, 0x49, 0x60, 0xF6, 0xCF, 0xB8, 0xD5, 0xAF, + 0x7A, 0x00, 0x21, 0x53, 0x5A, 0x6E, 0x25, 0xE4, + 0x37, 0xD4, 0x9A, 0x78, 0x06, 0x98, 0xBE, 0x22, + 0xAC, 0x99, 0x53, 0x94, 0x9F, 0x57, 0x1B, 0x85, + 0xA6, 0x85, 0x72, 0x5F, 0x82, 0x07, 0xA2, 0xB0, + 0xAE, 0x84, 0x9B, 0x60, 0x1A, 0xB9, 0x1B, 0x15, + 0x9B, 0x3D, 0xF4, 0xA1, 0x54, 0xC2, 0x04, 0x1E, + 0x77, 0x60, 0x70, 0xAF, 0xC4, 0x29, 0x69, 0x32, + 0x23, 0x80, 0x91, 0x7C, 0x97, 0x51, 0x07, 0x99, + 0xF3, 0x14, 0x91, 0x31, 0x47, 0x7E, 0x16, 0x66, + 0x3D, 0x31, 0x74, 0xC7, 0xC1, 0xCA, 0xEA, 0x78, + 0x85, 0x35, 0xC6, 0xC0, 0x05, 0xA6, 0x4F, 0x28, + 0x68, 0x63, 0x1B, 0x31, 0xB6, 0x6E, 0x20, 0x5F, + 0xD3, 0x8C, 0x1D, 0x84, 0x54, 0x2D, 0x0F, 0x1B, + 0x57, 0x8F, 0x58, 0xC9, 0xBF, 0x5A, 0x0F, 0xAE, + 0xAB, 0x6A, 0xB6, 0x49, 0x48, 0x93, 0x05, 0x31, + 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C, + 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15, + 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C, + 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22 + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM + WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_pk[] = { + 0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, + 0xa8, 0x7f, 0x41, 0x58, 0x9c, 0xb2, 0x22, 0xd0, + 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0, + 0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4, + 0x64, 0x60, 0xc3, 0x18, 0x3d, 0x2b, 0xcd, 0x6d, + 0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc, + 0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2, + 0x3a, 0x3e, 0x8c, 0x33, 0x0d, 0x74, 0x21, 0x59, + 0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca, + 0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75, + 0x34, 0x99, 0xc0, 0x45, 0x2e, 0x45, 0x38, 0x15, + 0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1, + 0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27, + 0xb3, 0x8c, 0x67, 0x45, 0xf2, 0x94, 0x40, 0x16, + 0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a, + 0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05, + 0x0f, 0xfa, 0x8a, 0x06, 0xfa, 0x15, 0x4a, 0x49, + 0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7, + 0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2, + 0xc4, 0xb6, 0x20, 0x1d, 0xda, 0x80, 0xc9, 0xab, + 0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f, + 0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2, + 0x69, 0x3f, 0x31, 0x97, 0x39, 0xf4, 0x0c, 0x4f, + 0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f, + 0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5, + 0x6a, 0xc7, 0x46, 0x80, 0x1a, 0xcc, 0xcc, 0x84, + 0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6, + 0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66, + 0x50, 0x48, 0x2c, 0x8d, 0x9d, 0x95, 0x87, 0xbc, + 0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d, + 0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0, + 0x3a, 0x48, 0xd4, 0xb7, 0x44, 0x25, 0xc2, 0x6e, + 0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07, + 0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82, + 0x17, 0xd8, 0x68, 0xc7, 0xf5, 0x00, 0x2a, 0xbe, + 0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e, + 0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1, + 0x0e, 0x08, 0xec, 0xcc, 0xed, 0x3c, 0x1f, 0x7d, + 0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d, + 0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98, + 0x70, 0x58, 0x5c, 0x39, 0xd5, 0x58, 0x9a, 0x50, + 0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c, + 0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8, + 0x1b, 0x63, 0x37, 0xb5, 0x7d, 0xa3, 0xc3, 0x76, + 0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b, + 0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71, + 0x89, 0x6f, 0xf5, 0x89, 0xd4, 0xb8, 0x93, 0xe7, + 0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91, + 0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c, + 0x74, 0x69, 0x80, 0xc1, 0x2a, 0xa6, 0xb9, 0x5e, + 0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3, + 0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47, + 0x31, 0x23, 0x82, 0xca, 0x36, 0x5c, 0x5f, 0x35, + 0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95, + 0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c, + 0x1e, 0x8a, 0x17, 0x6b, 0x79, 0x49, 0x95, 0x8f, + 0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73, + 0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39, + 0xc8, 0x26, 0xcb, 0x50, 0x82, 0x08, 0x60, 0x77, + 0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c, + 0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30, + 0x9b, 0x14, 0xb0, 0x86, 0xd6, 0xe9, 0x23, 0xc5, + 0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0, + 0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7, + 0x2c, 0x9f, 0xda, 0x1c, 0xb3, 0xfb, 0x9b, 0xa0, + 0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad, + 0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56, + 0x47, 0x8a, 0xc0, 0x44, 0xef, 0x34, 0x56, 0x37, + 0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba, + 0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08, + 0x05, 0xd2, 0xd3, 0x2f, 0xfc, 0x62, 0xbf, 0x0c, + 0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04, + 0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00, + 0x62, 0x58, 0x38, 0x65, 0x38, 0x1c, 0x74, 0xdd, + 0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23, + 0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25, + 0x52, 0xa8, 0xf4, 0xb7, 0x88, 0xb4, 0xaf, 0xd1, + 0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39, + 0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94, + 0x9a, 0x75, 0x58, 0x0d, 0x04, 0x96, 0x39, 0x85, + 0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80, + 0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56, + 0xa5, 0xd6, 0x7c, 0x7e, 0xb5, 0x24, 0x10, 0xeb, + 0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4, + 0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26, + 0x93, 0x8d, 0x34, 0x94, 0x3c, 0x38, 0x08, 0xc7, + 0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b, + 0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3, + 0x34, 0x0b, 0xaa, 0x8d, 0x2e, 0x65, 0x34, 0x4f, + 0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41, + 0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93, + 0x27, 0xf9, 0x18, 0x9f, 0x7e, 0x10, 0x85, 0x6b, + 0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a, + 0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7, + 0x18, 0x50, 0xb2, 0x2e, 0x04, 0x59, 0x28, 0x27, + 0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c, + 0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76, + 0x2d, 0xc5, 0xf2, 0x0b, 0xd5, 0xd2, 0xab, 0x5b, + 0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e, + 0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a, + 0x0d, 0x80, 0x23, 0xbe, 0xd1, 0xf5, 0xca, 0xe8, + 0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a, + 0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b, + 0x6a, 0xa0, 0x48, 0x98, 0x92, 0x33, 0x07, 0x9a, + 0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58, + 0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53, + 0x75, 0x36, 0xe4, 0x6f, 0x3a, 0x6a, 0x97, 0xe7, + 0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04, + 0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87, + 0x1f, 0x5e, 0xf9, 0xb4, 0x35, 0x50, 0x73, 0xb5, + 0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81, + 0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13, + 0xb3, 0x55, 0x07, 0xb0, 0xdf, 0x57, 0x8c, 0xe2, + 0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d, + 0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c, + 0xaf, 0x92, 0xf6, 0x9a, 0x75, 0x16, 0x14, 0x06, + 0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75, + 0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4, + 0x9a, 0x81, 0x66, 0x1a, 0xa6, 0x5a, 0xc0, 0x9b, + 0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f, + 0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2, + 0xbf, 0x0f, 0x84, 0x24, 0xa1, 0x9b, 0x74, 0x08, + 0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82, + 0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12, + 0x98, 0x61, 0x1a, 0x7f, 0x5f, 0x60, 0x92, 0x2b, + 0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85, + 0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31, + 0x8b, 0x50, 0x77, 0x33, 0x45, 0xc9, 0x97, 0x46, + 0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81, + 0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5, + 0x09, 0x8b, 0xd4, 0x89, 0xd6, 0x96, 0xa0, 0xf7, + 0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b, + 0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04, + 0x72, 0x05, 0x63, 0x32, 0x12, 0x31, 0x0e, 0xe9, + 0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50, + 0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07, + 0x2e, 0xab, 0xe2, 0x37, 0x31, 0xe3, 0x4a, 0xf7, + 0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc, + 0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b, + 0xc8, 0x37, 0x57, 0x84, 0x47, 0xaa, 0xcf, 0xae, + 0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e, + 0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6, + 0x99, 0x77, 0x98, 0x50, 0x29, 0x5c, 0xa7, 0x2d, + 0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b, + 0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5, + 0x08, 0x17, 0xba, 0x25, 0x5c, 0x74, 0x74, 0xc9, + 0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8, + 0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26, + 0x5c, 0x04, 0x83, 0xa6, 0x5c, 0xa4, 0x51, 0x4e, + 0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b, + 0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb, + 0xb2, 0x10, 0x35, 0x3e, 0xfa, 0x1a, 0xa8, 0x66, + 0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04, + 0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76, + 0x5f, 0xf6, 0x0b, 0x3b, 0x80, 0x19, 0x84, 0xa9, + 0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70, + 0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5, + 0x82, 0x58, 0xb4, 0xaf, 0x71, 0x22, 0x1c, 0xd1, + 0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9, + 0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc, + 0xca, 0x70, 0x29, 0xa2, 0x30, 0xd6, 0x39, 0xdc, + 0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd, + 0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7, + 0xbb, 0x10, 0xe3, 0x03, 0x01, 0xa6, 0x5c, 0xae, + 0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb, + 0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4, + 0xa0, 0x6c, 0x81, 0x66, 0xd0, 0xb0, 0xb8, 0x12, + 0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22, + 0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c, + 0x68, 0x53, 0x68, 0x55, 0x23, 0x43, 0xbb, 0x60, + 0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46, + 0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74, + 0xba, 0x0a, 0x55, 0x1e, 0x18, 0x46, 0x20, 0xfe, + 0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43, + 0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6, + 0x71, 0xa1, 0x53, 0x76, 0xe5, 0xa6, 0x74, 0x7a, + 0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f, + 0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37, + 0x78, 0x70, 0xa6, 0x0a, 0x7a, 0x18, 0x96, 0x83, + 0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50, + 0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05, + 0xc4, 0x2d, 0xd2, 0x86, 0x33, 0x56, 0x94, 0x72, + 0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16, + 0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4, + 0x6f, 0xa7, 0x22, 0x44, 0x61, 0xa5, 0xcc, 0x27, + 0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02, + 0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8, + 0xce, 0x91, 0xc1, 0x34, 0xa6, 0x38, 0x6f, 0x86, + 0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4, + 0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b, + 0x53, 0xd2, 0x29, 0x3d, 0xf3, 0xe9, 0xa8, 0x22, + 0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca, + 0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e, + 0x41, 0x86, 0x9a, 0xbf, 0xba, 0xd1, 0x07, 0x38, + 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39, + 0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb + }; +#endif +#ifdef WOLFSSL_MLKEM_KYBER + WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_sk[] = { + 0x07, 0x63, 0x8F, 0xB6, 0x98, 0x68, 0xF3, 0xD3, + 0x20, 0xE5, 0x86, 0x2B, 0xD9, 0x69, 0x33, 0xFE, + 0xB3, 0x11, 0xB3, 0x62, 0x09, 0x3C, 0x9B, 0x5D, + 0x50, 0x17, 0x0B, 0xCE, 0xD4, 0x3F, 0x1B, 0x53, + 0x6D, 0x9A, 0x20, 0x4B, 0xB1, 0xF2, 0x26, 0x95, + 0x95, 0x0B, 0xA1, 0xF2, 0xA9, 0xE8, 0xEB, 0x82, + 0x8B, 0x28, 0x44, 0x88, 0x76, 0x0B, 0x3F, 0xC8, + 0x4F, 0xAB, 0xA0, 0x42, 0x75, 0xD5, 0x62, 0x8E, + 0x39, 0xC5, 0xB2, 0x47, 0x13, 0x74, 0x28, 0x3C, + 0x50, 0x32, 0x99, 0xC0, 0xAB, 0x49, 0xB6, 0x6B, + 0x8B, 0xBB, 0x56, 0xA4, 0x18, 0x66, 0x24, 0xF9, + 0x19, 0xA2, 0xBA, 0x59, 0xBB, 0x08, 0xD8, 0x55, + 0x18, 0x80, 0xC2, 0xBE, 0xFC, 0x4F, 0x87, 0xF2, + 0x5F, 0x59, 0xAB, 0x58, 0x7A, 0x79, 0xC3, 0x27, + 0xD7, 0x92, 0xD5, 0x4C, 0x97, 0x4A, 0x69, 0x26, + 0x2F, 0xF8, 0xA7, 0x89, 0x38, 0x28, 0x9E, 0x9A, + 0x87, 0xB6, 0x88, 0xB0, 0x83, 0xE0, 0x59, 0x5F, + 0xE2, 0x18, 0xB6, 0xBB, 0x15, 0x05, 0x94, 0x1C, + 0xE2, 0xE8, 0x1A, 0x5A, 0x64, 0xC5, 0xAA, 0xC6, + 0x04, 0x17, 0x25, 0x69, 0x85, 0x34, 0x9E, 0xE4, + 0x7A, 0x52, 0x42, 0x0A, 0x5F, 0x97, 0x47, 0x7B, + 0x72, 0x36, 0xAC, 0x76, 0xBC, 0x70, 0xE8, 0x28, + 0x87, 0x29, 0x28, 0x7E, 0xE3, 0xE3, 0x4A, 0x3D, + 0xBC, 0x36, 0x83, 0xC0, 0xB7, 0xB1, 0x00, 0x29, + 0xFC, 0x20, 0x34, 0x18, 0x53, 0x7E, 0x74, 0x66, + 0xBA, 0x63, 0x85, 0xA8, 0xFF, 0x30, 0x1E, 0xE1, + 0x27, 0x08, 0xF8, 0x2A, 0xAA, 0x1E, 0x38, 0x0F, + 0xC7, 0xA8, 0x8F, 0x8F, 0x20, 0x5A, 0xB7, 0xE8, + 0x8D, 0x7E, 0x95, 0x95, 0x2A, 0x55, 0xBA, 0x20, + 0xD0, 0x9B, 0x79, 0xA4, 0x71, 0x41, 0xD6, 0x2B, + 0xF6, 0xEB, 0x7D, 0xD3, 0x07, 0xB0, 0x8E, 0xCA, + 0x13, 0xA5, 0xBC, 0x5F, 0x6B, 0x68, 0x58, 0x1C, + 0x68, 0x65, 0xB2, 0x7B, 0xBC, 0xDD, 0xAB, 0x14, + 0x2F, 0x4B, 0x2C, 0xBF, 0xF4, 0x88, 0xC8, 0xA2, + 0x27, 0x05, 0xFA, 0xA9, 0x8A, 0x2B, 0x9E, 0xEA, + 0x35, 0x30, 0xC7, 0x66, 0x62, 0x33, 0x5C, 0xC7, + 0xEA, 0x3A, 0x00, 0x77, 0x77, 0x25, 0xEB, 0xCC, + 0xCD, 0x2A, 0x46, 0x36, 0xB2, 0xD9, 0x12, 0x2F, + 0xF3, 0xAB, 0x77, 0x12, 0x3C, 0xE0, 0x88, 0x3C, + 0x19, 0x11, 0x11, 0x5E, 0x50, 0xC9, 0xE8, 0xA9, + 0x41, 0x94, 0xE4, 0x8D, 0xD0, 0xD0, 0x9C, 0xFF, + 0xB3, 0xAD, 0xCD, 0x2C, 0x1E, 0x92, 0x43, 0x09, + 0x03, 0xD0, 0x7A, 0xDB, 0xF0, 0x05, 0x32, 0x03, + 0x15, 0x75, 0xAA, 0x7F, 0x9E, 0x7B, 0x5A, 0x1F, + 0x33, 0x62, 0xDE, 0xC9, 0x36, 0xD4, 0x04, 0x3C, + 0x05, 0xF2, 0x47, 0x6C, 0x07, 0x57, 0x8B, 0xC9, + 0xCB, 0xAF, 0x2A, 0xB4, 0xE3, 0x82, 0x72, 0x7A, + 0xD4, 0x16, 0x86, 0xA9, 0x6B, 0x25, 0x48, 0x82, + 0x0B, 0xB0, 0x3B, 0x32, 0xF1, 0x1B, 0x28, 0x11, + 0xAD, 0x62, 0xF4, 0x89, 0xE9, 0x51, 0x63, 0x2A, + 0xBA, 0x0D, 0x1D, 0xF8, 0x96, 0x80, 0xCC, 0x8A, + 0x8B, 0x53, 0xB4, 0x81, 0xD9, 0x2A, 0x68, 0xD7, + 0x0B, 0x4E, 0xA1, 0xC3, 0xA6, 0xA5, 0x61, 0xC0, + 0x69, 0x28, 0x82, 0xB5, 0xCA, 0x8C, 0xC9, 0x42, + 0xA8, 0xD4, 0x95, 0xAF, 0xCB, 0x06, 0xDE, 0x89, + 0x49, 0x8F, 0xB9, 0x35, 0xB7, 0x75, 0x90, 0x8F, + 0xE7, 0xA0, 0x3E, 0x32, 0x4D, 0x54, 0xCC, 0x19, + 0xD4, 0xE1, 0xAA, 0xBD, 0x35, 0x93, 0xB3, 0x8B, + 0x19, 0xEE, 0x13, 0x88, 0xFE, 0x49, 0x2B, 0x43, + 0x12, 0x7E, 0x5A, 0x50, 0x42, 0x53, 0x78, 0x6A, + 0x0D, 0x69, 0xAD, 0x32, 0x60, 0x1C, 0x28, 0xE2, + 0xC8, 0x85, 0x04, 0xA5, 0xBA, 0x59, 0x97, 0x06, + 0x02, 0x3A, 0x61, 0x36, 0x3E, 0x17, 0xC6, 0xB9, + 0xBB, 0x59, 0xBD, 0xC6, 0x97, 0x45, 0x2C, 0xD0, + 0x59, 0x45, 0x19, 0x83, 0xD7, 0x38, 0xCA, 0x3F, + 0xD0, 0x34, 0xE3, 0xF5, 0x98, 0x88, 0x54, 0xCA, + 0x05, 0x03, 0x1D, 0xB0, 0x96, 0x11, 0x49, 0x89, + 0x88, 0x19, 0x7C, 0x6B, 0x30, 0xD2, 0x58, 0xDF, + 0xE2, 0x62, 0x65, 0x54, 0x1C, 0x89, 0xA4, 0xB3, + 0x1D, 0x68, 0x64, 0xE9, 0x38, 0x9B, 0x03, 0xCB, + 0x74, 0xF7, 0xEC, 0x43, 0x23, 0xFB, 0x94, 0x21, + 0xA4, 0xB9, 0x79, 0x0A, 0x26, 0xD1, 0x7B, 0x03, + 0x98, 0xA2, 0x67, 0x67, 0x35, 0x09, 0x09, 0xF8, + 0x4D, 0x57, 0xB6, 0x69, 0x4D, 0xF8, 0x30, 0x66, + 0x4C, 0xA8, 0xB3, 0xC3, 0xC0, 0x3E, 0xD2, 0xAE, + 0x67, 0xB8, 0x90, 0x06, 0x86, 0x8A, 0x68, 0x52, + 0x7C, 0xCD, 0x66, 0x64, 0x59, 0xAB, 0x7F, 0x05, + 0x66, 0x71, 0x00, 0x0C, 0x61, 0x64, 0xD3, 0xA7, + 0xF2, 0x66, 0xA1, 0x4D, 0x97, 0xCB, 0xD7, 0x00, + 0x4D, 0x6C, 0x92, 0xCA, 0xCA, 0x77, 0x0B, 0x84, + 0x4A, 0x4F, 0xA9, 0xB1, 0x82, 0xE7, 0xB1, 0x8C, + 0xA8, 0x85, 0x08, 0x2A, 0xC5, 0x64, 0x6F, 0xCB, + 0x4A, 0x14, 0xE1, 0x68, 0x5F, 0xEB, 0x0C, 0x9C, + 0xE3, 0x37, 0x2A, 0xB9, 0x53, 0x65, 0xC0, 0x4F, + 0xD8, 0x30, 0x84, 0xF8, 0x0A, 0x23, 0xFF, 0x10, + 0xA0, 0x5B, 0xF1, 0x5F, 0x7F, 0xA5, 0xAC, 0xC6, + 0xC0, 0xCB, 0x46, 0x2C, 0x33, 0xCA, 0x52, 0x4F, + 0xA6, 0xB8, 0xBB, 0x35, 0x90, 0x43, 0xBA, 0x68, + 0x60, 0x9E, 0xAA, 0x25, 0x36, 0xE8, 0x1D, 0x08, + 0x46, 0x3B, 0x19, 0x65, 0x3B, 0x54, 0x35, 0xBA, + 0x94, 0x6C, 0x9A, 0xDD, 0xEB, 0x20, 0x2B, 0x04, + 0xB0, 0x31, 0xCC, 0x96, 0x0D, 0xCC, 0x12, 0xE4, + 0x51, 0x8D, 0x42, 0x8B, 0x32, 0xB2, 0x57, 0xA4, + 0xFC, 0x73, 0x13, 0xD3, 0xA7, 0x98, 0x0D, 0x80, + 0x08, 0x2E, 0x93, 0x4F, 0x9D, 0x95, 0xC3, 0x2B, + 0x0A, 0x01, 0x91, 0xA2, 0x36, 0x04, 0x38, 0x4D, + 0xD9, 0xE0, 0x79, 0xBB, 0xBA, 0xA2, 0x66, 0xD1, + 0x4C, 0x3F, 0x75, 0x6B, 0x9F, 0x21, 0x33, 0x10, + 0x74, 0x33, 0xA4, 0xE8, 0x3F, 0xA7, 0x18, 0x72, + 0x82, 0xA8, 0x09, 0x20, 0x3A, 0x4F, 0xAF, 0x84, + 0x18, 0x51, 0x83, 0x3D, 0x12, 0x1A, 0xC3, 0x83, + 0x84, 0x3A, 0x5E, 0x55, 0xBC, 0x23, 0x81, 0x42, + 0x5E, 0x16, 0xC7, 0xDB, 0x4C, 0xC9, 0xAB, 0x5C, + 0x1B, 0x0D, 0x91, 0xA4, 0x7E, 0x2B, 0x8D, 0xE0, + 0xE5, 0x82, 0xC8, 0x6B, 0x6B, 0x0D, 0x90, 0x7B, + 0xB3, 0x60, 0xB9, 0x7F, 0x40, 0xAB, 0x5D, 0x03, + 0x8F, 0x6B, 0x75, 0xC8, 0x14, 0xB2, 0x7D, 0x9B, + 0x96, 0x8D, 0x41, 0x98, 0x32, 0xBC, 0x8C, 0x2B, + 0xEE, 0x60, 0x5E, 0xF6, 0xE5, 0x05, 0x9D, 0x33, + 0x10, 0x0D, 0x90, 0x48, 0x5D, 0x37, 0x84, 0x50, + 0x01, 0x42, 0x21, 0x73, 0x6C, 0x07, 0x40, 0x7C, + 0xAC, 0x26, 0x04, 0x08, 0xAA, 0x64, 0x92, 0x66, + 0x19, 0x78, 0x8B, 0x86, 0x01, 0xC2, 0xA7, 0x52, + 0xD1, 0xA6, 0xCB, 0xF8, 0x20, 0xD7, 0xC7, 0xA0, + 0x47, 0x16, 0x20, 0x32, 0x25, 0xB3, 0x89, 0x5B, + 0x93, 0x42, 0xD1, 0x47, 0xA8, 0x18, 0x5C, 0xFC, + 0x1B, 0xB6, 0x5B, 0xA0, 0x6B, 0x41, 0x42, 0x33, + 0x99, 0x03, 0xC0, 0xAC, 0x46, 0x51, 0x38, 0x5B, + 0x45, 0xD9, 0x8A, 0x8B, 0x19, 0xD2, 0x8C, 0xD6, + 0xBA, 0xB0, 0x88, 0x78, 0x7F, 0x7E, 0xE1, 0xB1, + 0x24, 0x61, 0x76, 0x6B, 0x43, 0xCB, 0xCC, 0xB9, + 0x64, 0x34, 0x42, 0x7D, 0x93, 0xC0, 0x65, 0x55, + 0x06, 0x88, 0xF6, 0x94, 0x8E, 0xD1, 0xB5, 0x47, + 0x5A, 0x42, 0x5F, 0x1B, 0x85, 0x20, 0x9D, 0x06, + 0x1C, 0x08, 0xB5, 0x6C, 0x1C, 0xC0, 0x69, 0xF6, + 0xC0, 0xA7, 0xC6, 0xF2, 0x93, 0x58, 0xCA, 0xB9, + 0x11, 0x08, 0x77, 0x32, 0xA6, 0x49, 0xD2, 0x7C, + 0x9B, 0x98, 0xF9, 0xA4, 0x88, 0x79, 0x38, 0x7D, + 0x9B, 0x00, 0xC2, 0x59, 0x59, 0xA7, 0x16, 0x54, + 0xD6, 0xF6, 0xA9, 0x46, 0x16, 0x45, 0x13, 0xE4, + 0x7A, 0x75, 0xD0, 0x05, 0x98, 0x6C, 0x23, 0x63, + 0xC0, 0x9F, 0x6B, 0x53, 0x7E, 0xCA, 0x78, 0xB9, + 0x30, 0x3A, 0x5F, 0xA4, 0x57, 0x60, 0x8A, 0x58, + 0x6A, 0x65, 0x3A, 0x34, 0x7D, 0xB0, 0x4D, 0xFC, + 0xC1, 0x91, 0x75, 0xB3, 0xA3, 0x01, 0x17, 0x25, + 0x36, 0x06, 0x2A, 0x65, 0x8A, 0x95, 0x27, 0x75, + 0x70, 0xC8, 0x85, 0x2C, 0xA8, 0x97, 0x3F, 0x4A, + 0xE1, 0x23, 0xA3, 0x34, 0x04, 0x7D, 0xD7, 0x11, + 0xC8, 0x92, 0x7A, 0x63, 0x4A, 0x03, 0x38, 0x8A, + 0x52, 0x7B, 0x03, 0x4B, 0xF7, 0xA8, 0x17, 0x0F, + 0xA7, 0x02, 0xC1, 0xF7, 0xC2, 0x3E, 0xC3, 0x2D, + 0x18, 0xA2, 0x37, 0x48, 0x90, 0xBE, 0x9C, 0x78, + 0x7A, 0x94, 0x09, 0xC8, 0x2D, 0x19, 0x2C, 0x4B, + 0xB7, 0x05, 0xA2, 0xF9, 0x96, 0xCE, 0x40, 0x5D, + 0x85, 0xA4, 0xC1, 0xA1, 0xAB, 0x9B, 0x6A, 0xEB, + 0x49, 0xCC, 0xE1, 0xC2, 0xF8, 0xA9, 0x7C, 0x35, + 0x16, 0xC7, 0x2A, 0x00, 0xA4, 0x62, 0x63, 0xBA, + 0xA6, 0x96, 0xBF, 0x25, 0x72, 0x77, 0x19, 0xC3, + 0x21, 0x64, 0x23, 0x61, 0x8F, 0xF3, 0x33, 0x80, + 0x93, 0x4A, 0x6C, 0x10, 0x54, 0x5C, 0x4C, 0x5C, + 0x51, 0x55, 0xB1, 0x24, 0x86, 0x18, 0x1F, 0xC7, + 0xA2, 0x31, 0x98, 0x73, 0x97, 0x8B, 0x6A, 0x2A, + 0x67, 0x49, 0x0F, 0x82, 0x56, 0xBD, 0x21, 0x96, + 0xFE, 0x17, 0x92, 0xA4, 0xC0, 0x00, 0x77, 0xB8, + 0x12, 0xEA, 0xE8, 0xBE, 0xD3, 0x57, 0x24, 0x99, + 0x68, 0x4A, 0xB3, 0x37, 0x18, 0x76, 0x76, 0x1E, + 0x45, 0x0C, 0x9F, 0x9D, 0x27, 0x68, 0xA3, 0x68, + 0x06, 0xD7, 0xAB, 0x20, 0x46, 0xC9, 0x1F, 0x17, + 0x59, 0x9E, 0x9A, 0xC5, 0x92, 0x99, 0x08, 0x08, + 0xDC, 0xD7, 0xB4, 0xD0, 0x91, 0x90, 0x72, 0xF1, + 0x4E, 0xC3, 0x61, 0x77, 0x3B, 0x72, 0x52, 0x44, + 0x4C, 0x32, 0x3C, 0x30, 0x83, 0x26, 0xF4, 0xA3, + 0x0F, 0x86, 0x80, 0xD2, 0xF7, 0x48, 0xF5, 0x6A, + 0x13, 0x2B, 0x82, 0x67, 0x4E, 0xD0, 0x18, 0x46, + 0x20, 0xB8, 0x2A, 0xD2, 0xCB, 0x18, 0x2C, 0x97, + 0xB4, 0x81, 0x62, 0x66, 0x47, 0x49, 0x12, 0x90, + 0xA0, 0x11, 0xCC, 0x73, 0x82, 0x86, 0x85, 0xA8, + 0xC3, 0x67, 0xA5, 0xB9, 0xCF, 0x8D, 0x62, 0x1B, + 0x0D, 0x5C, 0x1E, 0xFF, 0x03, 0x17, 0x27, 0x58, + 0xBD, 0x00, 0x49, 0x78, 0xC2, 0x51, 0xCD, 0x51, + 0x34, 0x22, 0x28, 0x98, 0x9C, 0xAE, 0x63, 0x32, + 0xAC, 0x48, 0x64, 0x37, 0xCB, 0x5C, 0x57, 0xD4, + 0x30, 0x74, 0x62, 0x86, 0x52, 0x53, 0xBE, 0x21, + 0x7B, 0x35, 0x15, 0xC7, 0x3D, 0xF4, 0x05, 0xB7, + 0xF2, 0x82, 0x17, 0xAD, 0x0B, 0x8C, 0xF6, 0x0C, + 0x2F, 0xFF, 0xAA, 0x0A, 0x00, 0x48, 0xB1, 0xFB, + 0x4A, 0xCD, 0xCD, 0xC3, 0x8B, 0x52, 0x50, 0xCF, + 0xEC, 0x35, 0x6A, 0x6D, 0xE2, 0x6C, 0xFA, 0x7A, + 0x58, 0x8F, 0xDC, 0x86, 0xF9, 0x8C, 0x85, 0x4A, + 0xC6, 0x4C, 0x7B, 0xFA, 0xA9, 0x6F, 0x5A, 0x32, + 0xCC, 0x06, 0x10, 0x93, 0x4B, 0xAA, 0x6A, 0x58, + 0x6B, 0x9A, 0x20, 0x54, 0xF1, 0x3B, 0xA2, 0x74, + 0x17, 0x4A, 0xA0, 0xD2, 0xB3, 0xA8, 0x1B, 0x96, + 0xA9, 0x40, 0x66, 0x6F, 0x78, 0x9B, 0x5A, 0x6B, + 0xCD, 0xC0, 0xA6, 0xA0, 0x17, 0x8A, 0x0C, 0x9A, + 0x02, 0x57, 0x8A, 0x49, 0x3F, 0x6E, 0xEA, 0x0D, + 0x2E, 0x6C, 0x13, 0x95, 0x1C, 0x9F, 0x24, 0x9A, + 0x5E, 0x8D, 0xD7, 0x1D, 0xD4, 0x9A, 0x74, 0x2D, + 0x45, 0x1F, 0x1A, 0xBB, 0xA1, 0x9A, 0xF8, 0xC5, + 0x47, 0x85, 0x5E, 0x0A, 0xFC, 0x72, 0x8E, 0x90, + 0xAB, 0xB4, 0x99, 0xC9, 0xBE, 0xEB, 0x76, 0x6F, + 0x47, 0x29, 0xCD, 0xA2, 0x22, 0x63, 0xE3, 0x24, + 0xD2, 0x23, 0x02, 0xCB, 0xD3, 0x39, 0x9F, 0xAC, + 0xC6, 0x30, 0x99, 0x1F, 0xC8, 0xF2, 0x8B, 0xDB, + 0x43, 0x54, 0x76, 0x25, 0x41, 0x52, 0x76, 0x78, + 0xBC, 0xF6, 0x1F, 0x65, 0xC2, 0x41, 0x14, 0x6C, + 0x42, 0x6D, 0x23, 0xB9, 0xBF, 0xAA, 0x6B, 0x7D, + 0xF1, 0x8C, 0x97, 0xF2, 0x0C, 0x1B, 0x61, 0x25, + 0xBF, 0x87, 0x4B, 0x1D, 0x89, 0x47, 0x58, 0x52, + 0xC4, 0x48, 0x21, 0x5D, 0xB0, 0xEB, 0x77, 0x37, + 0xF9, 0x14, 0x80, 0xE8, 0xCE, 0xBD, 0x9A, 0x08, + 0x71, 0x57, 0x4F, 0x5A, 0xB6, 0x2D, 0x90, 0x20, + 0x17, 0x5E, 0xC6, 0x92, 0x7C, 0xA0, 0xB5, 0x4C, + 0x09, 0x81, 0x8E, 0x42, 0xCF, 0x92, 0xA3, 0x83, + 0x17, 0x24, 0x22, 0xC7, 0xDC, 0x18, 0x31, 0xD6, + 0x3B, 0x0C, 0x29, 0x5D, 0xE7, 0x51, 0x59, 0xDB, + 0x80, 0x34, 0xE9, 0xE0, 0x7F, 0x7B, 0x0B, 0x91, + 0x0C, 0x3C, 0x1E, 0x5F, 0xB6, 0x6B, 0x3D, 0xC5, + 0x23, 0xF1, 0xFA, 0x6E, 0xB4, 0x91, 0x0C, 0xB8, + 0x9A, 0x6C, 0x17, 0x56, 0x2C, 0x83, 0xAB, 0x4C, + 0x18, 0xD0, 0xCD, 0x7E, 0x07, 0x96, 0x59, 0x2A, + 0x37, 0x2A, 0xA4, 0x09, 0xB1, 0xC5, 0x57, 0x34, + 0x7C, 0xCA, 0xCD, 0xC4, 0x64, 0x4A, 0x11, 0x90, + 0x64, 0xD0, 0x6D, 0xD4, 0x74, 0x92, 0x9D, 0x1C, + 0x6F, 0xB4, 0xD6, 0x86, 0xE5, 0x49, 0x1C, 0xE4, + 0xBC, 0x89, 0xA3, 0x0B, 0xB4, 0xB8, 0xC4, 0x1B, + 0xCE, 0x51, 0x57, 0xDF, 0xC1, 0x36, 0x08, 0x23, + 0xB1, 0xAB, 0x61, 0x8C, 0x14, 0xB1, 0x0F, 0x98, + 0xC2, 0x50, 0x67, 0x39, 0x8E, 0xA7, 0x01, 0x8C, + 0x27, 0x8A, 0x4B, 0x3D, 0xF3, 0x13, 0x34, 0xD6, + 0x03, 0xB2, 0x04, 0x4E, 0xF1, 0x87, 0xCD, 0x9B, + 0xC6, 0xCE, 0x42, 0x72, 0x5B, 0xD9, 0x62, 0xC2, + 0x64, 0x98, 0x3E, 0x9E, 0x18, 0x15, 0x5A, 0x8B, + 0x9C, 0x47, 0x14, 0x3D, 0x70, 0x46, 0x0A, 0x26, + 0xA5, 0x6F, 0xE7, 0x65, 0x8C, 0x1F, 0x15, 0x03, + 0x48, 0xC6, 0x08, 0x7E, 0xF7, 0x58, 0xAD, 0x16, + 0x78, 0x87, 0x86, 0x0A, 0x00, 0x7A, 0x5F, 0xC3, + 0x73, 0x58, 0xD4, 0x3B, 0x5E, 0xBE, 0xE8, 0x20, + 0xAC, 0xEA, 0x47, 0x4F, 0x0A, 0xC0, 0x7B, 0x76, + 0x80, 0x28, 0x66, 0x19, 0x9C, 0x61, 0x23, 0x1D, + 0x5C, 0x74, 0x7C, 0x93, 0x77, 0x4D, 0x2C, 0x1E, + 0x0C, 0x1C, 0x67, 0xE6, 0xC8, 0x1B, 0x82, 0x75, + 0x21, 0x73, 0xE1, 0x25, 0xBA, 0xF3, 0x9B, 0x4F, + 0xD1, 0x9A, 0x4F, 0x45, 0x3D, 0xC5, 0x79, 0x76, + 0xB1, 0xD9, 0x7F, 0xE6, 0x99, 0x69, 0x92, 0xBB, + 0xB6, 0x5B, 0x7C, 0xB2, 0x5D, 0x07, 0x7B, 0xBA, + 0xA6, 0xA1, 0x33, 0x22, 0x89, 0x9A, 0xF6, 0x59, + 0xCF, 0x1B, 0x35, 0x58, 0xC1, 0xB5, 0x00, 0x11, + 0x54, 0xB6, 0x25, 0x80, 0x9E, 0xD8, 0x9A, 0xEE, + 0xBB, 0x89, 0xE6, 0xEA, 0x7D, 0x67, 0xF7, 0x23, + 0xD0, 0x45, 0xAB, 0x05, 0x71, 0x5C, 0x42, 0x35, + 0x5D, 0xA6, 0xA5, 0xC8, 0xDD, 0x39, 0xC8, 0xAB, + 0xE3, 0x03, 0x77, 0x51, 0xA0, 0x1E, 0xD1, 0xC7, + 0x37, 0x49, 0x19, 0xF3, 0x12, 0x1B, 0x5A, 0x52, + 0xC5, 0x3D, 0x14, 0x87, 0x31, 0x67, 0x69, 0xF8, + 0x07, 0x21, 0xDE, 0xEA, 0xAA, 0xD3, 0xC9, 0x0F, + 0x76, 0xE7, 0xAE, 0x9E, 0x12, 0xBA, 0x92, 0xB3, + 0x2B, 0x5F, 0xD4, 0x57, 0xE3, 0xC7, 0x52, 0xC2, + 0x65, 0x0D, 0xFB, 0x88, 0x57, 0x71, 0xCB, 0x77, + 0xAC, 0x3C, 0x78, 0x5A, 0x8C, 0x56, 0x2E, 0x6A, + 0x1C, 0x63, 0xC2, 0xA5, 0x5E, 0xA4, 0x7C, 0xF8, + 0xB9, 0x0E, 0xB8, 0x22, 0x5C, 0x12, 0x3C, 0x34, + 0x64, 0x52, 0x56, 0x62, 0x35, 0xB2, 0xF3, 0x18, + 0x23, 0xA3, 0x35, 0x21, 0xE0, 0x87, 0x93, 0x7A, + 0x34, 0x5D, 0x8D, 0x66, 0x3E, 0xEA, 0xA0, 0x56, + 0x58, 0x91, 0x7B, 0xBA, 0xA0, 0x08, 0xC2, 0xE3, + 0x35, 0xF8, 0x85, 0x0A, 0x90, 0xA3, 0x26, 0xD0, + 0xE6, 0x64, 0x32, 0xF4, 0x4C, 0xEB, 0x82, 0x89, + 0xE4, 0xEC, 0xB2, 0xD1, 0x29, 0x58, 0xE9, 0x84, + 0x07, 0x2E, 0xCA, 0xCB, 0x88, 0xE1, 0x34, 0x8F, + 0xF0, 0xB5, 0x56, 0x54, 0xAC, 0xBA, 0x5B, 0x54, + 0x97, 0x1C, 0xBA, 0xEB, 0xA8, 0x8E, 0xC4, 0xB9, + 0x1A, 0x94, 0xC3, 0x71, 0x92, 0xFA, 0x98, 0x2B, + 0xEC, 0xB9, 0xF3, 0xDA, 0x42, 0x16, 0x03, 0xB6, + 0x1A, 0x51, 0xBC, 0x8E, 0x36, 0xCB, 0xD0, 0x53, + 0x85, 0x1C, 0x77, 0xB1, 0xB9, 0x26, 0xB1, 0x7A, + 0x27, 0x2A, 0xA9, 0x02, 0x32, 0x46, 0xB0, 0x2B, + 0x3E, 0xD4, 0x7F, 0x66, 0xA0, 0x0B, 0xD5, 0x68, + 0x48, 0x23, 0x63, 0x4E, 0x7C, 0xE5, 0x8C, 0xF8, + 0xF3, 0x06, 0xE3, 0x5B, 0x1E, 0x53, 0x22, 0x82, + 0x4D, 0x90, 0x48, 0x01, 0xF0, 0xA2, 0xFA, 0x7C, + 0x2B, 0xC9, 0xC2, 0x52, 0xB0, 0xA5, 0x6B, 0x7B, + 0xA2, 0xAB, 0x0F, 0x63, 0x60, 0x21, 0x74, 0x5A, + 0x70, 0xA9, 0xA4, 0x3E, 0x2B, 0x0A, 0x8D, 0x61, + 0x59, 0x70, 0xB6, 0x53, 0x09, 0x62, 0x4B, 0x51, + 0x84, 0xBC, 0xC3, 0x0B, 0x91, 0x16, 0x79, 0xAE, + 0xDD, 0x76, 0x02, 0x5F, 0xE3, 0x90, 0x8F, 0xD6, + 0x78, 0x97, 0xB0, 0xCF, 0x4B, 0xE5, 0xA6, 0xF5, + 0x41, 0x3D, 0x7D, 0xD9, 0x85, 0x64, 0xB2, 0x3E, + 0x42, 0xA9, 0x3E, 0x4A, 0xA8, 0x82, 0x1C, 0xD4, + 0x50, 0x54, 0xC6, 0x43, 0xED, 0xC1, 0x15, 0x8D, + 0xB6, 0xB3, 0xDE, 0xB1, 0x3F, 0xB5, 0xA5, 0x1E, + 0xBD, 0x1A, 0x8A, 0x78, 0xB8, 0x72, 0x25, 0xA7, + 0x33, 0x8E, 0x10, 0x11, 0x04, 0xC4, 0xA2, 0x20, + 0xD9, 0xBD, 0xED, 0xD4, 0x8C, 0x85, 0xA1, 0xC2, + 0xDA, 0xE7, 0x81, 0xA8, 0x0C, 0x40, 0xE1, 0x3B, + 0x87, 0xEA, 0xC7, 0x3A, 0x76, 0x42, 0x01, 0xC9, + 0xB7, 0x60, 0xCC, 0xFB, 0x1A, 0xE3, 0x92, 0x69, + 0x9C, 0x70, 0x39, 0xD2, 0x7C, 0x39, 0x36, 0x2B, + 0x27, 0xB8, 0xFC, 0x6F, 0x07, 0xA8, 0xA3, 0xD4, + 0x41, 0x0F, 0x15, 0x47, 0xC4, 0x8A, 0x99, 0x97, + 0xF6, 0x2C, 0x61, 0x07, 0x44, 0x52, 0xEF, 0x15, + 0x15, 0xF8, 0xA6, 0x49, 0xEB, 0xCA, 0x94, 0x37, + 0x20, 0x5A, 0x4E, 0x8A, 0x61, 0x60, 0x6B, 0x41, + 0xDA, 0xF6, 0x83, 0x4D, 0x67, 0x1F, 0x4D, 0x85, + 0x2C, 0x0C, 0x9C, 0x40, 0x96, 0x61, 0x16, 0x48, + 0xC6, 0xA3, 0x17, 0x06, 0x78, 0xB1, 0x53, 0x7C, + 0xC1, 0x82, 0x8D, 0x93, 0x58, 0x0C, 0x9E, 0x58, + 0x49, 0xA9, 0x65, 0x31, 0x75, 0xAC, 0xB7, 0x53, + 0xF2, 0xBE, 0x74, 0x37, 0xBE, 0x45, 0xF6, 0xC6, + 0x03, 0xE4, 0x85, 0xF2, 0xEC, 0x30, 0x1B, 0xB4, + 0x2B, 0x6C, 0x37, 0xC2, 0x25, 0xD7, 0x49, 0x5A, + 0x58, 0x4A, 0xE2, 0x31, 0x89, 0x0A, 0xB5, 0xC8, + 0xC3, 0x5C, 0x26, 0x8C, 0xF4, 0xBB, 0xB0, 0x21, + 0x3C, 0x09, 0x60, 0x19, 0x31, 0x95, 0x61, 0xA8, + 0xA6, 0x94, 0x76, 0x37, 0xAA, 0x40, 0xD0, 0x06, + 0xB4, 0x15, 0xBB, 0x2C, 0xFA, 0x22, 0x37, 0xE0, + 0x89, 0x0B, 0x6A, 0x3B, 0xC1, 0x34, 0xAB, 0xF8, + 0xF6, 0x58, 0x5E, 0x10, 0x8D, 0x15, 0x94, 0x0F, + 0x91, 0xF4, 0xBF, 0x5B, 0x0C, 0x81, 0x80, 0x55, + 0xB2, 0x1D, 0xEA, 0x6E, 0x63, 0xB5, 0x53, 0x98, + 0x8C, 0x47, 0xF4, 0xB9, 0x4E, 0x7C, 0xF8, 0x00, + 0xA4, 0x93, 0xB4, 0x73, 0x47, 0x05, 0xED, 0xC5, + 0x6A, 0x4B, 0x60, 0x21, 0xC6, 0x29, 0x50, 0x06, + 0x75, 0x87, 0x68, 0x04, 0xCF, 0x0B, 0x95, 0x1F, + 0x03, 0x8A, 0x5C, 0x7F, 0xE5, 0x8E, 0x89, 0x77, + 0x4E, 0xF2, 0x99, 0x2F, 0xD7, 0xC6, 0x30, 0x99, + 0xD3, 0x52, 0xA7, 0xD2, 0x15, 0x60, 0xB7, 0x88, + 0xB4, 0x05, 0x70, 0x98, 0x61, 0x81, 0x7E, 0x59, + 0xA9, 0x6B, 0x3A, 0x3A, 0x83, 0xCB, 0xA8, 0x03, + 0xB1, 0x69, 0x34, 0x33, 0x10, 0x71, 0x90, 0x5B, + 0xBE, 0xC6, 0x53, 0x29, 0x00, 0x15, 0x5D, 0x8A, + 0xC8, 0x8C, 0xB3, 0x2E, 0x4E, 0x21, 0xA3, 0xBD, + 0x3A, 0x03, 0xFD, 0xEC, 0x32, 0x5A, 0x51, 0xCD, + 0x27, 0x73, 0x96, 0x4E, 0x67, 0x84, 0xFC, 0xF1, + 0x85, 0x37, 0x37, 0xAA, 0x64, 0xEB, 0x67, 0x56, + 0x47, 0x27, 0x27, 0x26, 0x61, 0xAB, 0xF8, 0x43, + 0x13, 0xA5, 0x7A, 0x44, 0xB1, 0x23, 0xC6, 0x55, + 0x09, 0xCF, 0xB7, 0xA6, 0xF6, 0x64, 0x1C, 0xDC, + 0xC3, 0xB5, 0x7F, 0xE6, 0x28, 0xC7, 0xB8, 0x19, + 0x2D, 0xB4, 0x4F, 0xFB, 0xF5, 0x79, 0x6A, 0x86, + 0x13, 0xB1, 0xFA, 0x12, 0x6F, 0x60, 0x76, 0x88, + 0x3C, 0x78, 0x3D, 0xC2, 0x4E, 0x2A, 0x44, 0x64, + 0xC4, 0x0B, 0x3A, 0x41, 0xCA, 0x70, 0xAE, 0x87, + 0x62, 0x08, 0x66, 0xCF, 0x4F, 0xCB, 0x2B, 0xD2, + 0x04, 0xBF, 0x5C, 0x28, 0x38, 0x12, 0xBA, 0x05, + 0x6A, 0xC0, 0xC3, 0x45, 0xE3, 0x79, 0xC4, 0xBA, + 0x24, 0xD7, 0x50, 0x90, 0x12, 0x79, 0xBB, 0x2F, + 0x3A, 0x16, 0xF6, 0x12, 0xBF, 0xAD, 0xB3, 0x57, + 0x03, 0x33, 0x2C, 0x7C, 0x13, 0x6F, 0x68, 0xEA, + 0xB6, 0x75, 0x5C, 0x66, 0xB6, 0xA4, 0xAD, 0x1A, + 0xAB, 0xA7, 0xB7, 0x68, 0xA5, 0x8A, 0xCA, 0xAC, + 0xC1, 0x0A, 0x45, 0x9A, 0x1C, 0xC8, 0xEF, 0x29, + 0x37, 0x7B, 0xC2, 0x00, 0xE4, 0xD3, 0x15, 0xA3, + 0x0A, 0x6B, 0xCC, 0x32, 0x56, 0xF9, 0x73, 0x4D, + 0x06, 0xE9, 0x77, 0x9C, 0xAA, 0x54, 0x42, 0xA9, + 0xA1, 0x60, 0x69, 0x08, 0x13, 0x77, 0xC7, 0x6E, + 0x75, 0x15, 0x43, 0x68, 0x07, 0x2D, 0xC4, 0x46, + 0xED, 0x6C, 0x8B, 0x8E, 0x62, 0x2A, 0x21, 0xE3, + 0x83, 0xCF, 0x9B, 0xA1, 0xFB, 0x43, 0x4E, 0x2E, + 0xCC, 0x81, 0xE7, 0xB7, 0x8C, 0xEE, 0x98, 0x6B, + 0x8F, 0xF7, 0x98, 0xAB, 0x18, 0xCF, 0x96, 0x34, + 0x54, 0x35, 0x46, 0x28, 0x4E, 0xDA, 0x2A, 0x26, + 0xB4, 0x7F, 0x05, 0xB7, 0x35, 0xBC, 0xDB, 0x12, + 0x02, 0x22, 0x00, 0x76, 0xDC, 0x8B, 0x4E, 0x4B, + 0x9F, 0x85, 0x35, 0x33, 0xC8, 0xF6, 0xC7, 0xFF, + 0x38, 0x81, 0x7B, 0xA4, 0x97, 0x12, 0x83, 0x57, + 0x85, 0xF1, 0x7F, 0x14, 0xCA, 0x01, 0xD0, 0xC1, + 0xC1, 0xE9, 0x88, 0x10, 0xFE, 0x0B, 0x36, 0xE5, + 0xB4, 0x27, 0x15, 0x7B, 0x94, 0x18, 0x44, 0x9C, + 0xED, 0xD6, 0x41, 0xA4, 0x29, 0x3C, 0x85, 0xC3, + 0x27, 0x00, 0x10, 0x2A, 0xCE, 0xC2, 0x2E, 0xBA, + 0xD9, 0x8E, 0xD1, 0x60, 0xA5, 0xF0, 0x27, 0xBD, + 0x4C, 0xDA, 0x57, 0xF1, 0xF3, 0x72, 0x0A, 0x12, + 0xC1, 0x34, 0x65, 0x4D, 0xD5, 0xE7, 0x3F, 0x82, + 0x96, 0x76, 0x49, 0x53, 0x90, 0xD0, 0xE7, 0x92, + 0x9D, 0x60, 0x34, 0xE9, 0xC5, 0x5F, 0x7D, 0x55, + 0xBA, 0x65, 0x8B, 0xC5, 0x87, 0x98, 0x8E, 0x8A, + 0xF9, 0x49, 0x60, 0xF6, 0xCF, 0xB8, 0xD5, 0xAF, + 0x7A, 0x00, 0x21, 0x53, 0x5A, 0x6E, 0x25, 0xE4, + 0x37, 0xD4, 0x9A, 0x78, 0x06, 0x98, 0xBE, 0x22, + 0xAC, 0x99, 0x53, 0x94, 0x9F, 0x57, 0x1B, 0x85, + 0xA6, 0x85, 0x72, 0x5F, 0x82, 0x07, 0xA2, 0xB0, + 0xAE, 0x84, 0x9B, 0x60, 0x1A, 0xB9, 0x1B, 0x15, + 0x9B, 0x3D, 0xF4, 0xA1, 0x54, 0xC2, 0x04, 0x1E, + 0x77, 0x60, 0x70, 0xAF, 0xC4, 0x29, 0x69, 0x32, + 0x23, 0x80, 0x91, 0x7C, 0x97, 0x51, 0x07, 0x99, + 0xF3, 0x14, 0x91, 0x31, 0x47, 0x7E, 0x16, 0x66, + 0x3D, 0x31, 0x74, 0xC7, 0xC1, 0xCA, 0xEA, 0x78, + 0x85, 0x35, 0xC6, 0xC0, 0x05, 0xA6, 0x4F, 0x28, + 0x68, 0x63, 0x1B, 0x31, 0xB6, 0x6E, 0x20, 0x5F, + 0xD3, 0x8C, 0x1D, 0x84, 0x54, 0x2D, 0x0F, 0x1B, + 0x57, 0x8F, 0x58, 0xC9, 0xBF, 0x5A, 0x0F, 0xAE, + 0xAB, 0x6A, 0xB6, 0x49, 0x48, 0x93, 0x05, 0x31, + 0x65, 0xEA, 0xFD, 0x46, 0x5F, 0xC6, 0x4A, 0x0C, + 0x5F, 0x8F, 0x3F, 0x90, 0x03, 0x48, 0x94, 0x15, + 0x89, 0x9D, 0x59, 0xA5, 0x43, 0xD8, 0x20, 0x8C, + 0x54, 0xA3, 0x16, 0x65, 0x29, 0xB5, 0x39, 0x22, + 0x8A, 0x39, 0xE8, 0x7D, 0x53, 0x1F, 0x35, 0x27, + 0xC2, 0x07, 0xED, 0xCC, 0x1D, 0xB7, 0xFA, 0xDD, + 0xCF, 0x96, 0x28, 0x39, 0x18, 0x79, 0xB3, 0x35, + 0xC7, 0x07, 0x83, 0x9A, 0x0D, 0xB0, 0x51, 0xA8, + 0x86, 0x26, 0xED, 0x79, 0xD4, 0x51, 0x14, 0x08, + 0x00, 0xE0, 0x3B, 0x59, 0xB9, 0x56, 0xF8, 0x21, + 0x0E, 0x55, 0x60, 0x67, 0x40, 0x7D, 0x13, 0xDC, + 0x90, 0xFA, 0x9E, 0x8B, 0x87, 0x2B, 0xFB, 0x8F + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM + WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_sk[] = { + 0x43, 0x3a, 0x70, 0xee, 0x69, 0x50, 0xf9, 0x88, + 0x2a, 0xcd, 0xd5, 0xa4, 0x78, 0x20, 0xa6, 0xa8, + 0x16, 0x37, 0x08, 0xf0, 0x4d, 0x45, 0x7c, 0x77, + 0x99, 0x79, 0xb8, 0x3f, 0xe1, 0x17, 0x22, 0x47, + 0x01, 0x49, 0x08, 0x30, 0x38, 0x66, 0x37, 0xda, + 0x33, 0x2e, 0x74, 0xb1, 0xae, 0xda, 0x0b, 0x2f, + 0x81, 0xca, 0x4f, 0x9b, 0xb2, 0xc2, 0xb0, 0x2b, + 0x0c, 0xfd, 0x68, 0x0c, 0x11, 0x48, 0x2f, 0x33, + 0x5a, 0xcf, 0x7b, 0x91, 0x39, 0xb5, 0xb8, 0x8a, + 0x34, 0xe3, 0x54, 0x2c, 0x68, 0x61, 0x37, 0x75, + 0x45, 0x98, 0x33, 0x43, 0xcd, 0x82, 0x94, 0x14, + 0xe4, 0x78, 0x64, 0x21, 0x2e, 0x78, 0xf8, 0x55, + 0xf5, 0x23, 0x90, 0x37, 0x9a, 0xcc, 0x3a, 0x62, + 0x95, 0x31, 0x31, 0xb6, 0x3e, 0xe8, 0x32, 0xad, + 0xb3, 0xbf, 0x4b, 0xf5, 0x8e, 0x24, 0x73, 0x49, + 0xb5, 0xe0, 0x97, 0xe5, 0x5a, 0xbe, 0x49, 0x7b, + 0x15, 0x98, 0x23, 0x73, 0xae, 0x73, 0x2e, 0x04, + 0x39, 0xac, 0x67, 0xd0, 0x5c, 0x7f, 0x03, 0x7c, + 0x8a, 0x73, 0x9b, 0x18, 0x14, 0x0e, 0x14, 0x4c, + 0x85, 0x1d, 0xc9, 0x61, 0x1f, 0x4b, 0xcf, 0x04, + 0xf3, 0xa2, 0x09, 0x3c, 0x19, 0x7b, 0xd6, 0x3b, + 0xb5, 0xe6, 0x19, 0x01, 0x00, 0x54, 0x5f, 0xf8, + 0x1d, 0xb7, 0xfc, 0xcd, 0xdd, 0x9a, 0x32, 0x4b, + 0x0b, 0xac, 0x3c, 0x2c, 0x23, 0x82, 0x28, 0x40, + 0x58, 0xf0, 0x8b, 0x96, 0x19, 0x52, 0xc0, 0x94, + 0x01, 0x9c, 0x10, 0xbe, 0x37, 0xa5, 0x3d, 0x5a, + 0xc7, 0x94, 0xc0, 0x10, 0xa9, 0xd0, 0x82, 0x1f, + 0x15, 0x02, 0x7a, 0x1c, 0x41, 0x9c, 0x3c, 0x71, + 0xc9, 0xa1, 0xd2, 0x8a, 0xed, 0x02, 0x59, 0x7a, + 0xb7, 0x9b, 0x87, 0x53, 0x94, 0x62, 0x6b, 0xa3, + 0x9a, 0xdc, 0x09, 0x0c, 0x3a, 0x90, 0xcf, 0x75, + 0x87, 0x1a, 0x65, 0x27, 0x5e, 0xb1, 0xc5, 0xb0, + 0x33, 0x72, 0xe1, 0x3a, 0x1a, 0x23, 0xd0, 0xcf, + 0x93, 0x74, 0x11, 0x1f, 0x80, 0xcc, 0x83, 0xa9, + 0x05, 0x62, 0x2b, 0x83, 0xfc, 0x51, 0x39, 0x71, + 0xec, 0x84, 0x19, 0xf0, 0x88, 0x0c, 0x30, 0x67, + 0x63, 0x36, 0x71, 0xb0, 0x9b, 0x54, 0x56, 0xab, + 0x60, 0x57, 0x93, 0x6d, 0x19, 0xa4, 0xa2, 0xa2, + 0x67, 0x91, 0x1b, 0x00, 0x0a, 0x13, 0x95, 0x6f, + 0xbd, 0x49, 0x38, 0x21, 0xda, 0x07, 0x2c, 0x04, + 0x64, 0x2b, 0x0c, 0x20, 0xda, 0x6c, 0xc0, 0xd9, + 0xd8, 0x64, 0xa3, 0x93, 0x65, 0xdf, 0xd6, 0x4f, + 0x10, 0x18, 0x78, 0x25, 0xfa, 0x33, 0x25, 0x07, + 0x49, 0xcb, 0xc0, 0xc9, 0x05, 0xd7, 0xb1, 0xff, + 0x3c, 0xae, 0x24, 0x12, 0xbf, 0x86, 0xb8, 0x1a, + 0x81, 0x7b, 0x86, 0xba, 0xa3, 0x0e, 0xdf, 0x78, + 0x62, 0xe5, 0xf6, 0xba, 0xc9, 0x87, 0x26, 0xe5, + 0x6b, 0x3c, 0xec, 0x60, 0x66, 0x4c, 0xaa, 0x2a, + 0x7d, 0xf6, 0x70, 0xc5, 0xe2, 0x07, 0xdf, 0xac, + 0x03, 0x82, 0x4c, 0x89, 0x89, 0x7c, 0xb4, 0x90, + 0xea, 0xa7, 0x65, 0x21, 0x22, 0x2c, 0x86, 0x20, + 0x51, 0x69, 0xc9, 0x1c, 0x32, 0x9c, 0x4a, 0x18, + 0x4d, 0x78, 0x72, 0x1a, 0xf8, 0x36, 0xad, 0x4d, + 0xb0, 0xca, 0x78, 0x46, 0x4d, 0x41, 0x71, 0x47, + 0x30, 0x12, 0xb7, 0xd1, 0x83, 0xba, 0xfa, 0x62, + 0x75, 0x85, 0xc6, 0x4b, 0xe3, 0x80, 0x9d, 0x7e, + 0x60, 0x04, 0xcb, 0xdc, 0x79, 0xa5, 0x46, 0x0f, + 0x0a, 0xd6, 0x77, 0xcb, 0x71, 0x65, 0x12, 0x40, + 0x7d, 0x3a, 0x61, 0x9a, 0xd0, 0x95, 0x43, 0xb7, + 0x39, 0x54, 0x74, 0x72, 0xa7, 0x06, 0xb3, 0x17, + 0xa5, 0x09, 0xbe, 0x5d, 0x86, 0x1f, 0xd6, 0x6c, + 0x7d, 0x0e, 0xd9, 0x4c, 0xd5, 0x00, 0x47, 0x95, + 0xc1, 0x81, 0x59, 0xe3, 0xa3, 0x3d, 0x79, 0x87, + 0x11, 0x52, 0x5f, 0x16, 0x35, 0xa6, 0x84, 0x28, + 0x17, 0x29, 0x23, 0x24, 0x96, 0x35, 0xaa, 0xd0, + 0x32, 0xb9, 0xe5, 0x66, 0x64, 0xbd, 0xd4, 0x8e, + 0xd2, 0x4a, 0xc7, 0x5c, 0x64, 0x68, 0xd1, 0x90, + 0x3e, 0x47, 0x10, 0x86, 0xc5, 0xf1, 0x56, 0x7e, + 0x83, 0x1a, 0x05, 0x08, 0xc5, 0x39, 0x63, 0x25, + 0x91, 0xab, 0x57, 0x7d, 0x32, 0x4a, 0x82, 0x42, + 0x97, 0x25, 0x80, 0x99, 0x50, 0x76, 0x1d, 0x84, + 0x34, 0x28, 0x8c, 0x14, 0x03, 0x4f, 0x1c, 0x06, + 0xc1, 0xd0, 0xaa, 0xe0, 0x9a, 0x71, 0xc7, 0x40, + 0xa5, 0x57, 0x01, 0xc2, 0x8f, 0xf8, 0x44, 0x99, + 0xf2, 0xbb, 0x18, 0xb6, 0x62, 0x8c, 0xaa, 0xa3, + 0xfe, 0x75, 0xac, 0x4d, 0xe0, 0x4c, 0x6f, 0x91, + 0x39, 0x00, 0xd8, 0x6c, 0x88, 0x12, 0x62, 0x52, + 0xa1, 0x7c, 0x4d, 0x30, 0x39, 0x91, 0xdb, 0x02, + 0x87, 0x12, 0x08, 0x81, 0xbb, 0x88, 0x47, 0x8a, + 0xaa, 0x9a, 0xf9, 0xbc, 0x53, 0xd3, 0x72, 0x98, + 0x43, 0x85, 0x8f, 0xdb, 0x46, 0x48, 0x05, 0x9c, + 0xac, 0x82, 0xc1, 0xa1, 0x08, 0x78, 0xba, 0x39, + 0x82, 0x3b, 0x04, 0x1b, 0xd0, 0xe2, 0x58, 0x48, + 0x7b, 0x56, 0xcc, 0x8a, 0x32, 0x20, 0xc1, 0xa5, + 0x8b, 0xf6, 0x6a, 0x17, 0x2b, 0x5b, 0x9a, 0x0c, + 0x63, 0x2d, 0x67, 0x4e, 0xae, 0x88, 0x5a, 0x01, + 0x5c, 0x4e, 0x37, 0xba, 0x07, 0x36, 0x80, 0xbe, + 0xde, 0x75, 0x34, 0xf3, 0xe3, 0x4b, 0x60, 0x50, + 0xc8, 0x6b, 0x21, 0xc3, 0xc0, 0x90, 0x94, 0x1f, + 0x23, 0xb7, 0xf6, 0x73, 0x1e, 0x2b, 0xda, 0x0e, + 0x6e, 0xa4, 0x64, 0x67, 0x71, 0xce, 0xc5, 0x72, + 0xb9, 0x8c, 0xa0, 0xa1, 0x58, 0x91, 0x9a, 0xdb, + 0xeb, 0x84, 0xce, 0x58, 0x5f, 0xf9, 0xf2, 0x5e, + 0xbd, 0xda, 0x6c, 0xb6, 0xf0, 0x7a, 0x8f, 0x81, + 0x12, 0x32, 0x60, 0x7e, 0x72, 0x17, 0xbb, 0x03, + 0x9b, 0xab, 0xd0, 0xd9, 0x19, 0x34, 0xa8, 0x59, + 0x40, 0x59, 0xc9, 0x68, 0x77, 0x23, 0xc0, 0x43, + 0x81, 0xbf, 0xd6, 0x27, 0xa1, 0x05, 0x17, 0xf5, + 0xf4, 0xbf, 0xc7, 0x77, 0x77, 0xaa, 0x26, 0x71, + 0xae, 0x12, 0x4f, 0x2b, 0x7a, 0x5f, 0x4d, 0x56, + 0x14, 0x02, 0x91, 0x97, 0xe6, 0x58, 0x6f, 0xa8, + 0xc1, 0x7e, 0x0a, 0xd9, 0x07, 0x81, 0xbc, 0x7b, + 0xb1, 0x9a, 0x77, 0x2d, 0x5a, 0x4e, 0xfe, 0x32, + 0xca, 0xc8, 0x9b, 0x76, 0xc4, 0x2a, 0x5e, 0xde, + 0x9b, 0xcc, 0x20, 0xc1, 0x89, 0x8c, 0x08, 0xa5, + 0xb0, 0xc0, 0x7e, 0x47, 0x8b, 0x1b, 0xbc, 0x22, + 0x6e, 0xfa, 0xd1, 0x5f, 0x2a, 0xc7, 0x37, 0x51, + 0x4b, 0x8c, 0x61, 0x49, 0x81, 0x07, 0x79, 0x22, + 0x24, 0x16, 0x53, 0x7e, 0xd0, 0x0d, 0xae, 0xab, + 0x17, 0x7e, 0x90, 0x3e, 0xad, 0x6b, 0x4a, 0xc4, + 0x23, 0x70, 0xaf, 0x1b, 0x1f, 0x50, 0xeb, 0xaf, + 0xaa, 0x1c, 0x6e, 0x64, 0x7b, 0xba, 0xcc, 0xe7, + 0x2c, 0x7d, 0x0b, 0x88, 0xae, 0xb0, 0xb0, 0x6f, + 0xc1, 0xa4, 0x54, 0x57, 0xa9, 0xc1, 0x87, 0x57, + 0x9b, 0xf1, 0x84, 0x57, 0x9c, 0xc3, 0x51, 0xc4, + 0x3d, 0xff, 0x94, 0x26, 0x05, 0xaa, 0x56, 0x04, + 0xfc, 0x85, 0xfc, 0x55, 0x83, 0xf6, 0xf1, 0x49, + 0x6f, 0xe6, 0x1d, 0x70, 0xd6, 0xcd, 0xe2, 0x32, + 0x7f, 0xee, 0x71, 0x3d, 0x86, 0xf2, 0x9b, 0x3a, + 0xfc, 0xbb, 0x54, 0xe9, 0xa9, 0x2a, 0x33, 0xa6, + 0xc1, 0xea, 0x6f, 0xfa, 0x30, 0x95, 0x66, 0xb0, + 0x68, 0x62, 0x33, 0xc0, 0xf3, 0xb1, 0xc3, 0x14, + 0x48, 0x90, 0xe4, 0xf0, 0x82, 0x9a, 0x60, 0x99, + 0xc5, 0x74, 0x9c, 0xde, 0xc8, 0x43, 0x28, 0xec, + 0x2c, 0xb6, 0x4a, 0x73, 0x85, 0xa7, 0x61, 0xd6, + 0x4b, 0x3a, 0x23, 0xc4, 0x89, 0x34, 0x33, 0x43, + 0xb9, 0x77, 0x23, 0xae, 0x78, 0xc7, 0xd8, 0x05, + 0x45, 0x8e, 0x16, 0x20, 0xf0, 0x29, 0x28, 0x97, + 0x69, 0x17, 0x04, 0xcb, 0x76, 0xe3, 0xb0, 0xb2, + 0x81, 0xa8, 0x3c, 0xf6, 0x44, 0x90, 0x49, 0x8c, + 0xbc, 0xaf, 0x04, 0x80, 0x24, 0x16, 0xb3, 0x3c, + 0x56, 0x51, 0x71, 0xd7, 0x72, 0xd3, 0xb9, 0x35, + 0x40, 0x37, 0x58, 0x76, 0x29, 0xae, 0x14, 0xa5, + 0xc5, 0x03, 0x1a, 0xc3, 0x66, 0x71, 0xa0, 0xd0, + 0xc9, 0x1c, 0xc0, 0xb4, 0xcd, 0x69, 0xd8, 0x40, + 0x2e, 0x33, 0xb9, 0xbc, 0xc2, 0xbb, 0xaf, 0x6b, + 0x97, 0x1e, 0x30, 0x3f, 0xa1, 0x37, 0xbe, 0x23, + 0x25, 0x98, 0xa4, 0x99, 0x9b, 0xc0, 0x12, 0x57, + 0x4c, 0x81, 0x65, 0x1b, 0x38, 0xb3, 0x83, 0x96, + 0xc1, 0xc3, 0x65, 0x30, 0x3a, 0xd2, 0x5d, 0x49, + 0xfc, 0x6b, 0x68, 0x99, 0x51, 0xa1, 0xcc, 0x4c, + 0x60, 0x07, 0x61, 0x30, 0x65, 0x49, 0x5f, 0x97, + 0x91, 0x0f, 0x97, 0x35, 0xd4, 0xea, 0x4e, 0x44, + 0x2a, 0xcb, 0x2f, 0xab, 0xae, 0xcf, 0xe1, 0xad, + 0xef, 0x06, 0x67, 0xba, 0x42, 0x2c, 0x95, 0x4a, + 0x05, 0xd1, 0xb6, 0x16, 0x7a, 0x26, 0x3e, 0x12, + 0x75, 0xc6, 0xad, 0xa8, 0x38, 0x59, 0x65, 0x30, + 0x4b, 0x30, 0x32, 0x40, 0x40, 0x54, 0x2c, 0xf5, + 0xa4, 0x51, 0xbc, 0xaf, 0xc7, 0x47, 0x88, 0xbe, + 0x3b, 0x9b, 0x9f, 0xcc, 0x45, 0xd4, 0x79, 0x0e, + 0x2d, 0x73, 0x35, 0xc6, 0x0a, 0x14, 0xf0, 0xa4, + 0x9d, 0x13, 0x05, 0x3f, 0x26, 0x26, 0xa6, 0x27, + 0xca, 0x19, 0x55, 0x3c, 0xb3, 0x36, 0xa2, 0xcb, + 0x4a, 0x45, 0x5d, 0x8e, 0xf3, 0x98, 0x94, 0x91, + 0x47, 0x2b, 0xa0, 0x05, 0x1e, 0xf7, 0x41, 0x6e, + 0x0b, 0xbf, 0x1a, 0x61, 0x08, 0xfa, 0x07, 0xc1, + 0x61, 0x54, 0x8e, 0x7c, 0x62, 0x33, 0x1a, 0xe5, + 0xa2, 0xb4, 0xe4, 0xa1, 0x08, 0xa5, 0x10, 0x93, + 0xd3, 0x15, 0x08, 0x21, 0xa2, 0xfb, 0x54, 0x71, + 0x70, 0xa1, 0xb7, 0x3c, 0x43, 0xc5, 0x50, 0xc6, + 0x55, 0x7a, 0x40, 0x48, 0xa5, 0x8a, 0x2c, 0xd7, + 0x7a, 0x24, 0x42, 0x34, 0xb2, 0x23, 0x51, 0x75, + 0xa0, 0x89, 0x7d, 0x50, 0x61, 0xb4, 0x61, 0x34, + 0x82, 0xdc, 0x13, 0x64, 0x14, 0x04, 0x8c, 0x11, + 0xdb, 0x37, 0xea, 0xe0, 0xa5, 0xdf, 0x87, 0xc1, + 0x93, 0x14, 0xb0, 0xe8, 0x23, 0x97, 0xa0, 0xd3, + 0x38, 0xdc, 0x21, 0x53, 0x8a, 0xf3, 0x61, 0x49, + 0xd9, 0x3f, 0x8b, 0x1a, 0x11, 0xc5, 0x3b, 0xb5, + 0xde, 0xf8, 0xb7, 0xa2, 0xcc, 0xa3, 0x36, 0x2b, + 0x7f, 0xe3, 0xa1, 0x40, 0x8a, 0x25, 0x47, 0xe2, + 0x09, 0x05, 0x8c, 0x67, 0x3a, 0x75, 0x66, 0xc2, + 0x61, 0x23, 0xa6, 0xd8, 0xb6, 0x92, 0xa5, 0xf3, + 0x3e, 0xbd, 0xcb, 0x26, 0x24, 0xb7, 0x9d, 0x87, + 0x7b, 0xce, 0x5f, 0xa1, 0x4e, 0x42, 0xe8, 0x3f, + 0xaa, 0xd8, 0x2e, 0x99, 0x00, 0x55, 0x3a, 0x3c, + 0x60, 0x45, 0xca, 0x32, 0x9f, 0xea, 0x4a, 0x50, + 0x65, 0x58, 0xc4, 0x91, 0xb6, 0xa6, 0x16, 0xc6, + 0xfd, 0x40, 0x0b, 0x42, 0x13, 0x6f, 0x44, 0xcb, + 0x0d, 0x02, 0x57, 0x65, 0x08, 0x19, 0x01, 0x8d, + 0x3c, 0x56, 0x8e, 0xf6, 0xc6, 0x0c, 0x6c, 0x40, + 0x9e, 0x70, 0xa8, 0x29, 0x28, 0x71, 0x08, 0xc1, + 0xb6, 0xa4, 0xd3, 0x2f, 0x76, 0xe5, 0xcc, 0x4d, + 0x10, 0x4b, 0x02, 0x43, 0x8e, 0xf7, 0xa4, 0x67, + 0x91, 0x23, 0x98, 0xea, 0x9c, 0x7c, 0xbd, 0x99, + 0x81, 0x58, 0x9a, 0x34, 0x18, 0x97, 0x68, 0x7b, + 0x51, 0x6a, 0x13, 0x30, 0x7d, 0x66, 0xc0, 0x68, + 0xc4, 0x44, 0xb4, 0xb9, 0x49, 0xa1, 0x74, 0x12, + 0x41, 0x33, 0x15, 0xcc, 0xf4, 0x9b, 0x99, 0x98, + 0x00, 0x34, 0xb5, 0xb8, 0xcf, 0xde, 0xc4, 0xa6, + 0x0b, 0x9c, 0x1e, 0x74, 0x55, 0xaa, 0xfb, 0xf3, + 0xa7, 0x57, 0x34, 0x69, 0x90, 0xcc, 0x32, 0xb0, + 0x59, 0x9b, 0xa2, 0x17, 0xa6, 0xc5, 0xfc, 0x39, + 0x53, 0x79, 0x11, 0x95, 0x7c, 0x12, 0x51, 0x48, + 0xa8, 0x7f, 0x41, 0x58, 0x9c, 0xb2, 0x22, 0xd0, + 0xd1, 0x92, 0x29, 0xe2, 0xcb, 0x55, 0xe1, 0xa0, + 0x44, 0x79, 0x1e, 0x7c, 0xa6, 0x11, 0x92, 0xa4, + 0x64, 0x60, 0xc3, 0x18, 0x3d, 0x2b, 0xcd, 0x6d, + 0xe0, 0x8a, 0x5e, 0x76, 0x51, 0x60, 0x3a, 0xcc, + 0x34, 0x9c, 0xa1, 0x6c, 0xba, 0x18, 0xab, 0xb2, + 0x3a, 0x3e, 0x8c, 0x33, 0x0d, 0x74, 0x21, 0x59, + 0x8a, 0x62, 0x78, 0xec, 0x7e, 0xbf, 0xab, 0xca, + 0x0e, 0xf4, 0x88, 0xb2, 0x29, 0x05, 0x54, 0x75, + 0x34, 0x99, 0xc0, 0x45, 0x2e, 0x45, 0x38, 0x15, + 0x30, 0x99, 0x55, 0xb8, 0x15, 0x0f, 0xa1, 0xa1, + 0xe3, 0x93, 0x38, 0x6d, 0xc1, 0x2f, 0xdb, 0x27, + 0xb3, 0x8c, 0x67, 0x45, 0xf2, 0x94, 0x40, 0x16, + 0xec, 0x45, 0x7f, 0x39, 0xb1, 0x8d, 0x60, 0x4a, + 0x07, 0xa1, 0xab, 0xe0, 0x7b, 0xc8, 0x44, 0x05, + 0x0f, 0xfa, 0x8a, 0x06, 0xfa, 0x15, 0x4a, 0x49, + 0xd8, 0x8f, 0xac, 0x77, 0x54, 0x52, 0xd6, 0xa7, + 0xc0, 0xe5, 0x89, 0xbf, 0xb5, 0xc3, 0x70, 0xc2, + 0xc4, 0xb6, 0x20, 0x1d, 0xda, 0x80, 0xc9, 0xab, + 0x20, 0x76, 0xec, 0xc0, 0x8b, 0x44, 0x52, 0x2f, + 0xda, 0x33, 0x26, 0xf0, 0x33, 0x80, 0x6d, 0xd2, + 0x69, 0x3f, 0x31, 0x97, 0x39, 0xf4, 0x0c, 0x4f, + 0x42, 0xb2, 0x4a, 0xca, 0x70, 0x98, 0xfb, 0x8f, + 0xf5, 0xf9, 0xac, 0x20, 0x29, 0x2d, 0x02, 0xb5, + 0x6a, 0xc7, 0x46, 0x80, 0x1a, 0xcc, 0xcc, 0x84, + 0x86, 0x3d, 0xee, 0x32, 0x87, 0x84, 0x97, 0xb6, + 0x94, 0x38, 0xbf, 0x99, 0x17, 0x76, 0x28, 0x66, + 0x50, 0x48, 0x2c, 0x8d, 0x9d, 0x95, 0x87, 0xbc, + 0x6a, 0x55, 0xb8, 0x5c, 0x4d, 0x7f, 0xa7, 0x4d, + 0x02, 0x65, 0x6b, 0x42, 0x1c, 0x9e, 0x23, 0xe0, + 0x3a, 0x48, 0xd4, 0xb7, 0x44, 0x25, 0xc2, 0x6e, + 0x4a, 0x20, 0xdd, 0x95, 0x62, 0xa4, 0xda, 0x07, + 0x93, 0xf3, 0xa3, 0x52, 0xcc, 0xc0, 0xf1, 0x82, + 0x17, 0xd8, 0x68, 0xc7, 0xf5, 0x00, 0x2a, 0xbe, + 0x76, 0x8b, 0x1f, 0xc7, 0x3f, 0x05, 0x74, 0x4e, + 0x7c, 0xc2, 0x8f, 0x10, 0x34, 0x40, 0x62, 0xc1, + 0x0e, 0x08, 0xec, 0xcc, 0xed, 0x3c, 0x1f, 0x7d, + 0x39, 0x2c, 0x01, 0xd9, 0x79, 0xdd, 0x71, 0x8d, + 0x83, 0x98, 0x37, 0x46, 0x65, 0xa1, 0x6a, 0x98, + 0x70, 0x58, 0x5c, 0x39, 0xd5, 0x58, 0x9a, 0x50, + 0xe1, 0x33, 0x38, 0x9c, 0x9b, 0x9a, 0x27, 0x6c, + 0x02, 0x42, 0x60, 0xd9, 0xfc, 0x77, 0x11, 0xc8, + 0x1b, 0x63, 0x37, 0xb5, 0x7d, 0xa3, 0xc3, 0x76, + 0xd0, 0xcd, 0x74, 0xe1, 0x4c, 0x73, 0x72, 0x7b, + 0x27, 0x66, 0x56, 0xb9, 0xd8, 0xa4, 0xeb, 0x71, + 0x89, 0x6f, 0xf5, 0x89, 0xd4, 0xb8, 0x93, 0xe7, + 0x11, 0x0f, 0x3b, 0xb9, 0x48, 0xec, 0xe2, 0x91, + 0xdd, 0x86, 0xc0, 0xb7, 0x46, 0x8a, 0x67, 0x8c, + 0x74, 0x69, 0x80, 0xc1, 0x2a, 0xa6, 0xb9, 0x5e, + 0x2b, 0x0c, 0xbe, 0x43, 0x31, 0xbb, 0x24, 0xa3, + 0x3a, 0x27, 0x01, 0x53, 0xaa, 0x47, 0x2c, 0x47, + 0x31, 0x23, 0x82, 0xca, 0x36, 0x5c, 0x5f, 0x35, + 0x25, 0x9d, 0x02, 0x57, 0x46, 0xfc, 0x65, 0x95, + 0xfe, 0x63, 0x6c, 0x76, 0x75, 0x10, 0xa6, 0x9c, + 0x1e, 0x8a, 0x17, 0x6b, 0x79, 0x49, 0x95, 0x8f, + 0x26, 0x97, 0x39, 0x94, 0x97, 0xa2, 0xfc, 0x73, + 0x64, 0xa1, 0x2c, 0x81, 0x98, 0x29, 0x52, 0x39, + 0xc8, 0x26, 0xcb, 0x50, 0x82, 0x08, 0x60, 0x77, + 0x28, 0x2e, 0xd6, 0x28, 0x65, 0x1f, 0xc0, 0x4c, + 0x63, 0x9b, 0x43, 0x85, 0x22, 0xa9, 0xde, 0x30, + 0x9b, 0x14, 0xb0, 0x86, 0xd6, 0xe9, 0x23, 0xc5, + 0x51, 0x62, 0x3b, 0xd7, 0x2a, 0x73, 0x3c, 0xb0, + 0xda, 0xbc, 0x54, 0xa9, 0x41, 0x6a, 0x99, 0xe7, + 0x2c, 0x9f, 0xda, 0x1c, 0xb3, 0xfb, 0x9b, 0xa0, + 0x6b, 0x8a, 0xdb, 0x24, 0x22, 0xd6, 0x8c, 0xad, + 0xc5, 0x53, 0xc9, 0x82, 0x02, 0xa1, 0x76, 0x56, + 0x47, 0x8a, 0xc0, 0x44, 0xef, 0x34, 0x56, 0x37, + 0x8a, 0xbc, 0xe9, 0x99, 0x1e, 0x01, 0x41, 0xba, + 0x79, 0x09, 0x4f, 0xa8, 0xf7, 0x7a, 0x30, 0x08, + 0x05, 0xd2, 0xd3, 0x2f, 0xfc, 0x62, 0xbf, 0x0c, + 0xa4, 0x55, 0x4c, 0x33, 0x0c, 0x2b, 0xb7, 0x04, + 0x2d, 0xb3, 0x51, 0x02, 0xf6, 0x8b, 0x1a, 0x00, + 0x62, 0x58, 0x38, 0x65, 0x38, 0x1c, 0x74, 0xdd, + 0x91, 0x3a, 0xf7, 0x0b, 0x26, 0xcf, 0x09, 0x23, + 0xd0, 0xc4, 0xcb, 0x97, 0x16, 0x92, 0x22, 0x25, + 0x52, 0xa8, 0xf4, 0xb7, 0x88, 0xb4, 0xaf, 0xd1, + 0x34, 0x1a, 0x9d, 0xf4, 0x15, 0xcf, 0x20, 0x39, + 0x00, 0xf5, 0xcc, 0xf7, 0xf6, 0x59, 0x88, 0x94, + 0x9a, 0x75, 0x58, 0x0d, 0x04, 0x96, 0x39, 0x85, + 0x31, 0x00, 0x85, 0x4b, 0x21, 0xf4, 0x01, 0x80, + 0x03, 0x50, 0x2b, 0xb1, 0xba, 0x95, 0xf5, 0x56, + 0xa5, 0xd6, 0x7c, 0x7e, 0xb5, 0x24, 0x10, 0xeb, + 0xa2, 0x88, 0xa6, 0xd0, 0x63, 0x5c, 0xa8, 0xa4, + 0xf6, 0xd6, 0x96, 0xd0, 0xa0, 0x20, 0xc8, 0x26, + 0x93, 0x8d, 0x34, 0x94, 0x3c, 0x38, 0x08, 0xc7, + 0x9c, 0xc0, 0x07, 0x76, 0x85, 0x33, 0x21, 0x6b, + 0xc1, 0xb2, 0x9d, 0xa6, 0xc8, 0x12, 0xef, 0xf3, + 0x34, 0x0b, 0xaa, 0x8d, 0x2e, 0x65, 0x34, 0x4f, + 0x09, 0xbd, 0x47, 0x89, 0x4f, 0x5a, 0x3a, 0x41, + 0x18, 0x71, 0x5b, 0x3c, 0x50, 0x20, 0x67, 0x93, + 0x27, 0xf9, 0x18, 0x9f, 0x7e, 0x10, 0x85, 0x6b, + 0x23, 0x8b, 0xb9, 0xb0, 0xab, 0x4c, 0xa8, 0x5a, + 0xbf, 0x4b, 0x21, 0xf5, 0xc7, 0x6b, 0xcc, 0xd7, + 0x18, 0x50, 0xb2, 0x2e, 0x04, 0x59, 0x28, 0x27, + 0x6a, 0x0f, 0x2e, 0x95, 0x1d, 0xb0, 0x70, 0x7c, + 0x6a, 0x11, 0x6d, 0xc1, 0x91, 0x13, 0xfa, 0x76, + 0x2d, 0xc5, 0xf2, 0x0b, 0xd5, 0xd2, 0xab, 0x5b, + 0xe7, 0x17, 0x44, 0xdc, 0x9c, 0xbd, 0xb5, 0x1e, + 0xa7, 0x57, 0x96, 0x3a, 0xac, 0x56, 0xa9, 0x0a, + 0x0d, 0x80, 0x23, 0xbe, 0xd1, 0xf5, 0xca, 0xe8, + 0xa6, 0x4d, 0xa0, 0x47, 0x27, 0x9b, 0x35, 0x3a, + 0x09, 0x6a, 0x83, 0x5b, 0x0b, 0x2b, 0x02, 0x3b, + 0x6a, 0xa0, 0x48, 0x98, 0x92, 0x33, 0x07, 0x9a, + 0xeb, 0x46, 0x7e, 0x52, 0x2f, 0xa2, 0x7a, 0x58, + 0x22, 0x92, 0x1e, 0x5c, 0x55, 0x1b, 0x4f, 0x53, + 0x75, 0x36, 0xe4, 0x6f, 0x3a, 0x6a, 0x97, 0xe7, + 0x2c, 0x3b, 0x06, 0x31, 0x04, 0xe0, 0x9a, 0x04, + 0x05, 0x98, 0x94, 0x0d, 0x87, 0x2f, 0x6d, 0x87, + 0x1f, 0x5e, 0xf9, 0xb4, 0x35, 0x50, 0x73, 0xb5, + 0x47, 0x69, 0xe4, 0x54, 0x54, 0xe6, 0xa0, 0x81, + 0x95, 0x99, 0x40, 0x86, 0x21, 0xab, 0x44, 0x13, + 0xb3, 0x55, 0x07, 0xb0, 0xdf, 0x57, 0x8c, 0xe2, + 0xd5, 0x11, 0xd5, 0x20, 0x58, 0xd5, 0x74, 0x9d, + 0xf3, 0x8b, 0x29, 0xd6, 0xcc, 0x58, 0x87, 0x0c, + 0xaf, 0x92, 0xf6, 0x9a, 0x75, 0x16, 0x14, 0x06, + 0xe7, 0x1c, 0x5f, 0xf9, 0x24, 0x51, 0xa7, 0x75, + 0x22, 0xb8, 0xb2, 0x96, 0x7a, 0x2d, 0x58, 0xa4, + 0x9a, 0x81, 0x66, 0x1a, 0xa6, 0x5a, 0xc0, 0x9b, + 0x08, 0xc9, 0xfe, 0x45, 0xab, 0xc3, 0x85, 0x1f, + 0x99, 0xc7, 0x30, 0xc4, 0x50, 0x03, 0xac, 0xa2, + 0xbf, 0x0f, 0x84, 0x24, 0xa1, 0x9b, 0x74, 0x08, + 0xa5, 0x37, 0xd5, 0x41, 0xc1, 0x6f, 0x56, 0x82, + 0xbf, 0xe3, 0xa7, 0xfa, 0xea, 0x56, 0x4f, 0x12, + 0x98, 0x61, 0x1a, 0x7f, 0x5f, 0x60, 0x92, 0x2b, + 0xa1, 0x9d, 0xe7, 0x3b, 0x19, 0x17, 0xf1, 0x85, + 0x32, 0x73, 0x55, 0x51, 0x99, 0xa6, 0x49, 0x31, + 0x8b, 0x50, 0x77, 0x33, 0x45, 0xc9, 0x97, 0x46, + 0x08, 0x56, 0x97, 0x2a, 0xcb, 0x43, 0xfc, 0x81, + 0xab, 0x63, 0x21, 0xb1, 0xc3, 0x3c, 0x2b, 0xb5, + 0x09, 0x8b, 0xd4, 0x89, 0xd6, 0x96, 0xa0, 0xf7, + 0x06, 0x79, 0xc1, 0x21, 0x38, 0x73, 0xd0, 0x8b, + 0xda, 0xd4, 0x28, 0x44, 0x92, 0x72, 0x16, 0x04, + 0x72, 0x05, 0x63, 0x32, 0x12, 0x31, 0x0e, 0xe9, + 0xa0, 0x6c, 0xb1, 0x00, 0x16, 0xc8, 0x05, 0x50, + 0x3c, 0x34, 0x1a, 0x36, 0xd8, 0x7e, 0x56, 0x07, + 0x2e, 0xab, 0xe2, 0x37, 0x31, 0xe3, 0x4a, 0xf7, + 0xe2, 0x32, 0x8f, 0x85, 0xcd, 0xb3, 0x70, 0xcc, + 0xaf, 0x00, 0x51, 0x5b, 0x64, 0xc9, 0xc5, 0x4b, + 0xc8, 0x37, 0x57, 0x84, 0x47, 0xaa, 0xcf, 0xae, + 0xd5, 0x96, 0x9a, 0xa3, 0x51, 0xe7, 0xda, 0x4e, + 0xfa, 0x7b, 0x11, 0x5c, 0x4c, 0x51, 0xf4, 0xa6, + 0x99, 0x77, 0x98, 0x50, 0x29, 0x5c, 0xa7, 0x2d, + 0x78, 0x1a, 0xd4, 0x1b, 0xc6, 0x80, 0x53, 0x2b, + 0x89, 0xe7, 0x10, 0xe2, 0x18, 0x9e, 0xb3, 0xc5, + 0x08, 0x17, 0xba, 0x25, 0x5c, 0x74, 0x74, 0xc9, + 0x5c, 0xa9, 0x11, 0x0c, 0xc4, 0x3b, 0x8b, 0xa8, + 0xe6, 0x82, 0xc7, 0xfb, 0x7b, 0x0f, 0xdc, 0x26, + 0x5c, 0x04, 0x83, 0xa6, 0x5c, 0xa4, 0x51, 0x4e, + 0xe4, 0xb8, 0x32, 0xaa, 0xc5, 0x80, 0x0c, 0x3b, + 0x08, 0xe7, 0x4f, 0x56, 0x39, 0x51, 0xc1, 0xfb, + 0xb2, 0x10, 0x35, 0x3e, 0xfa, 0x1a, 0xa8, 0x66, + 0x85, 0x6b, 0xc1, 0xe0, 0x34, 0x73, 0x3b, 0x04, + 0x85, 0xda, 0xb1, 0xd0, 0x20, 0xc6, 0xbf, 0x76, + 0x5f, 0xf6, 0x0b, 0x3b, 0x80, 0x19, 0x84, 0xa9, + 0x0c, 0x2f, 0xe9, 0x70, 0xbf, 0x1d, 0xe9, 0x70, + 0x04, 0xa6, 0xcf, 0x44, 0xb4, 0x98, 0x4a, 0xb5, + 0x82, 0x58, 0xb4, 0xaf, 0x71, 0x22, 0x1c, 0xd1, + 0x75, 0x30, 0xa7, 0x00, 0xc3, 0x29, 0x59, 0xc9, + 0x43, 0x63, 0x44, 0xb5, 0x31, 0x6f, 0x09, 0xcc, + 0xca, 0x70, 0x29, 0xa2, 0x30, 0xd6, 0x39, 0xdc, + 0xb0, 0x22, 0xd8, 0xba, 0x79, 0xba, 0x91, 0xcd, + 0x6a, 0xb1, 0x2a, 0xe1, 0x57, 0x9c, 0x50, 0xc7, + 0xbb, 0x10, 0xe3, 0x03, 0x01, 0xa6, 0x5c, 0xae, + 0x31, 0x01, 0xd4, 0x0c, 0x7b, 0xa9, 0x27, 0xbb, + 0x55, 0x31, 0x48, 0xd1, 0x64, 0x70, 0x24, 0xd4, + 0xa0, 0x6c, 0x81, 0x66, 0xd0, 0xb0, 0xb8, 0x12, + 0x69, 0xb7, 0xd5, 0xf4, 0xb3, 0x4f, 0xb0, 0x22, + 0xf6, 0x91, 0x52, 0xf5, 0x14, 0x00, 0x4a, 0x7c, + 0x68, 0x53, 0x68, 0x55, 0x23, 0x43, 0xbb, 0x60, + 0x36, 0x0f, 0xbb, 0x99, 0x45, 0xed, 0xf4, 0x46, + 0xd3, 0x45, 0xbd, 0xca, 0xa7, 0x45, 0x5c, 0x74, + 0xba, 0x0a, 0x55, 0x1e, 0x18, 0x46, 0x20, 0xfe, + 0xf9, 0x76, 0x88, 0x77, 0x3d, 0x50, 0xb6, 0x43, + 0x3c, 0xa7, 0xa7, 0xac, 0x5c, 0xb6, 0xb7, 0xf6, + 0x71, 0xa1, 0x53, 0x76, 0xe5, 0xa6, 0x74, 0x7a, + 0x62, 0x3f, 0xa7, 0xbc, 0x66, 0x30, 0x37, 0x3f, + 0x5b, 0x1b, 0x51, 0x26, 0x90, 0xa6, 0x61, 0x37, + 0x78, 0x70, 0xa6, 0x0a, 0x7a, 0x18, 0x96, 0x83, + 0xf9, 0xb0, 0xcf, 0x04, 0x66, 0xe1, 0xf7, 0x50, + 0x76, 0x26, 0x31, 0xc4, 0xab, 0x09, 0xf5, 0x05, + 0xc4, 0x2d, 0xd2, 0x86, 0x33, 0x56, 0x94, 0x72, + 0x73, 0x54, 0x42, 0x85, 0x1e, 0x32, 0x16, 0x16, + 0xd4, 0x00, 0x98, 0x10, 0x77, 0x7b, 0x6b, 0xd4, + 0x6f, 0xa7, 0x22, 0x44, 0x61, 0xa5, 0xcc, 0x27, + 0x40, 0x5d, 0xfb, 0xac, 0x0d, 0x39, 0xb0, 0x02, + 0xca, 0xb3, 0x34, 0x33, 0xf2, 0xa8, 0x6e, 0xb8, + 0xce, 0x91, 0xc1, 0x34, 0xa6, 0x38, 0x6f, 0x86, + 0x0a, 0x19, 0x94, 0xeb, 0x4b, 0x68, 0x75, 0xa4, + 0x6d, 0x19, 0x55, 0x81, 0xd1, 0x73, 0x85, 0x4b, + 0x53, 0xd2, 0x29, 0x3d, 0xf3, 0xe9, 0xa8, 0x22, + 0x75, 0x6c, 0xd8, 0xf2, 0x12, 0xb3, 0x25, 0xca, + 0x29, 0xb4, 0xf9, 0xf8, 0xcf, 0xba, 0xdf, 0x2e, + 0x41, 0x86, 0x9a, 0xbf, 0xba, 0xd1, 0x07, 0x38, + 0xad, 0x04, 0xcc, 0x75, 0x2b, 0xc2, 0x0c, 0x39, + 0x47, 0x46, 0x85, 0x0e, 0x0c, 0x48, 0x47, 0xdb, + 0xeb, 0xbe, 0x41, 0xcd, 0x4d, 0xea, 0x48, 0x9d, + 0xed, 0xd0, 0x0e, 0x76, 0xae, 0x0b, 0xcf, 0x54, + 0xaa, 0x85, 0x50, 0x20, 0x29, 0x20, 0xeb, 0x64, + 0xd5, 0x89, 0x2a, 0xd0, 0x2b, 0x13, 0xf2, 0xe5, + 0x86, 0x26, 0xed, 0x79, 0xd4, 0x51, 0x14, 0x08, + 0x00, 0xe0, 0x3b, 0x59, 0xb9, 0x56, 0xf8, 0x21, + 0x0e, 0x55, 0x60, 0x67, 0x40, 0x7d, 0x13, 0xdc, + 0x90, 0xfa, 0x9e, 0x8b, 0x87, 0x2b, 0xfb, 0x8f + }; +#endif +#ifdef WOLFSSL_MLKEM_KYBER + WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ct[] = { + 0xA6, 0xAF, 0x29, 0xD5, 0xF5, 0xB8, 0x0B, 0xD1, + 0x30, 0xF5, 0x18, 0xBA, 0xDD, 0xD6, 0xC8, 0xF1, + 0x75, 0x45, 0x41, 0x3D, 0x86, 0x0F, 0xB3, 0xDE, + 0x45, 0x19, 0x79, 0xEB, 0xFA, 0x5E, 0x4E, 0x31, + 0x12, 0xC7, 0xC0, 0xAD, 0xF9, 0x98, 0x24, 0xBB, + 0x52, 0x6F, 0x2C, 0x35, 0x50, 0x74, 0x8E, 0xD0, + 0xE1, 0x34, 0xF0, 0x45, 0x7A, 0x7C, 0x61, 0xF9, + 0xF5, 0x26, 0xF0, 0x02, 0xBA, 0xAD, 0xC0, 0x3F, + 0xC1, 0x3E, 0x38, 0x13, 0x12, 0x19, 0x51, 0x3C, + 0x3E, 0xDE, 0x06, 0x16, 0x61, 0xE7, 0x4F, 0x60, + 0x3C, 0x4F, 0xCF, 0x79, 0x51, 0xC8, 0xE5, 0x2C, + 0x9C, 0x21, 0x3B, 0x0D, 0x22, 0xD9, 0x29, 0x36, + 0x63, 0xD6, 0x69, 0xA6, 0xB5, 0x8E, 0xD8, 0xFC, + 0xEF, 0xCF, 0x82, 0x49, 0xD7, 0xBB, 0x52, 0x98, + 0xF5, 0x57, 0x61, 0x44, 0x5B, 0x2B, 0x83, 0xCE, + 0x7F, 0x00, 0x5C, 0xB0, 0x42, 0x48, 0xAE, 0xC8, + 0xBD, 0xA2, 0x2F, 0xD2, 0xD4, 0x2A, 0xA7, 0x66, + 0x32, 0x20, 0x14, 0xEA, 0x03, 0x8C, 0xC3, 0x2C, + 0x55, 0xC8, 0xE4, 0xB9, 0xE2, 0x8E, 0xC9, 0x11, + 0x9F, 0x52, 0x73, 0x41, 0xE4, 0xF6, 0x6A, 0x03, + 0x51, 0x21, 0x07, 0x3B, 0x85, 0xDE, 0x67, 0x06, + 0xDA, 0x19, 0xE0, 0x83, 0x8A, 0x9F, 0x33, 0xB7, + 0x19, 0xA6, 0x8F, 0x03, 0x9B, 0x66, 0x4D, 0xC0, + 0x02, 0x65, 0x9E, 0xAB, 0xFC, 0x39, 0x86, 0x79, + 0xAA, 0x70, 0x09, 0xCE, 0x0C, 0xD0, 0x1C, 0xDA, + 0xFB, 0x6C, 0xD2, 0xA2, 0x6F, 0xE4, 0x10, 0x16, + 0x72, 0xC9, 0x8F, 0xF5, 0x8F, 0x7C, 0x47, 0xD5, + 0xBD, 0xA2, 0x90, 0x66, 0x53, 0xB3, 0xA6, 0xF9, + 0x65, 0x1F, 0x7A, 0x12, 0x1E, 0xA7, 0x7E, 0xA7, + 0x47, 0x23, 0xFA, 0xE5, 0xB8, 0x73, 0xF9, 0xBB, + 0x7B, 0x66, 0x4F, 0x0C, 0x8A, 0x93, 0x83, 0x1E, + 0xF9, 0xD5, 0x1C, 0x7C, 0xC1, 0xEF, 0x44, 0xAC, + 0x0E, 0x55, 0xA5, 0x5C, 0xA7, 0x6D, 0x13, 0x7F, + 0xE9, 0xB7, 0x5F, 0x40, 0x50, 0x9C, 0xEF, 0x15, + 0x6E, 0x5A, 0xD1, 0x8F, 0x9F, 0xB9, 0x99, 0x68, + 0x00, 0x08, 0xE5, 0x47, 0xD5, 0x5E, 0xEC, 0xD5, + 0xB4, 0xD1, 0xCB, 0x1D, 0x9F, 0x07, 0x6C, 0xEC, + 0x21, 0x50, 0x1C, 0x74, 0x02, 0x50, 0x9E, 0xCB, + 0x77, 0xAF, 0xB2, 0xCB, 0x9A, 0x61, 0x34, 0x0A, + 0x8B, 0xD1, 0x51, 0x4C, 0x6E, 0x71, 0xB4, 0xAA, + 0x45, 0xE4, 0x7E, 0xC3, 0x75, 0x12, 0x27, 0x1B, + 0x91, 0x1F, 0x8F, 0xB4, 0x6C, 0x90, 0x82, 0xC9, + 0xDF, 0x07, 0x20, 0x4A, 0xBB, 0x5A, 0x50, 0xE6, + 0xE3, 0x64, 0x7A, 0x8A, 0xD4, 0xD8, 0xD5, 0xD7, + 0xBF, 0xF1, 0x9C, 0x8A, 0x50, 0x93, 0x08, 0xBC, + 0xFB, 0x89, 0x55, 0x36, 0xD0, 0x45, 0xCA, 0x2B, + 0x97, 0xCB, 0x16, 0xA2, 0x9B, 0xB7, 0x18, 0x1C, + 0xAD, 0x05, 0x09, 0xDD, 0xB9, 0x17, 0x35, 0x02, + 0x8E, 0xBA, 0x8C, 0x31, 0xD7, 0x4B, 0xD2, 0x75, + 0xEA, 0xA6, 0x5B, 0x53, 0x40, 0xB3, 0xA4, 0x3F, + 0xBF, 0xE0, 0xB3, 0x06, 0x1D, 0x6B, 0xAE, 0x7E, + 0x75, 0xB7, 0x09, 0x8C, 0xDA, 0xBE, 0x91, 0xD4, + 0xB3, 0x1E, 0x36, 0xC9, 0xAA, 0x7A, 0x82, 0x98, + 0x86, 0x2A, 0xD6, 0x3C, 0x8F, 0xD2, 0x82, 0xE0, + 0x3B, 0x46, 0x0B, 0x3A, 0xB4, 0x64, 0xCE, 0x0F, + 0x27, 0xB1, 0xC3, 0xD1, 0x11, 0x55, 0xAC, 0xAA, + 0x01, 0x1E, 0xB9, 0xE2, 0xAE, 0x3E, 0x6D, 0xDA, + 0x07, 0xD6, 0xF4, 0x91, 0x73, 0x7C, 0xBC, 0xE9, + 0xB0, 0x5F, 0x9B, 0xC5, 0x6B, 0xE2, 0x0E, 0x8D, + 0x32, 0x6B, 0xA1, 0x32, 0xC5, 0x7F, 0xB2, 0x35, + 0x16, 0x11, 0x44, 0x51, 0x9C, 0xDF, 0x40, 0x56, + 0x0F, 0xBE, 0x27, 0x9B, 0xDE, 0x41, 0x1E, 0x11, + 0x25, 0x31, 0xF8, 0x26, 0xD6, 0xAB, 0x10, 0xD4, + 0x54, 0x73, 0x50, 0xAD, 0xD2, 0xA9, 0xDE, 0x8D, + 0x62, 0xC2, 0xAC, 0x82, 0xCA, 0xBE, 0x68, 0x15, + 0x64, 0x6F, 0x4D, 0xC9, 0x74, 0x2B, 0xB0, 0xC2, + 0xA3, 0xF7, 0x7E, 0xC7, 0xB4, 0x6C, 0x6B, 0x53, + 0x76, 0x05, 0xFA, 0x31, 0x79, 0x8C, 0xD8, 0x92, + 0x81, 0x22, 0x1A, 0x33, 0xDF, 0xB9, 0x79, 0x6E, + 0x64, 0x43, 0x05, 0x63, 0x03, 0x32, 0xC2, 0xCB, + 0x93, 0x14, 0x08, 0xAB, 0x48, 0x1A, 0x16, 0xD9, + 0x53, 0xF6, 0xBE, 0xAE, 0x38, 0x91, 0xD6, 0xD9, + 0xAC, 0x1F, 0xAB, 0x38, 0x22, 0x2D, 0x92, 0x71, + 0x87, 0x2D, 0x9D, 0x0C, 0xAD, 0xB9, 0x1A, 0xBE, + 0x9B, 0x4E, 0x26, 0x5F, 0x75, 0xC6, 0xE5, 0xE8, + 0x29, 0xE1, 0x46, 0xC3, 0xD8, 0xCE, 0x1E, 0x9D, + 0x12, 0xE0, 0xD1, 0x29, 0x80, 0x19, 0x57, 0xF4, + 0x6B, 0x0D, 0x2D, 0xBE, 0x1F, 0x74, 0x9B, 0x1D, + 0x08, 0xE2, 0x34, 0x5F, 0x62, 0x39, 0xA7, 0x31, + 0x34, 0x2E, 0xB7, 0x5B, 0x0C, 0xF1, 0xBF, 0x41, + 0x17, 0x49, 0xBC, 0x2C, 0xAF, 0x28, 0x10, 0xB7, + 0x88, 0xC6, 0xB7, 0x23, 0x8B, 0x4D, 0x3D, 0xA2, + 0xD6, 0x31, 0x5C, 0xE9, 0x54, 0x2E, 0x24, 0x40, + 0x4F, 0x14, 0x57, 0x55, 0xA3, 0x0A, 0xB8, 0x51, + 0xE4, 0x44, 0x58, 0x41, 0xBD, 0x33, 0xF7, 0x16, + 0xA5, 0x86, 0x88, 0x48, 0x88, 0xEC, 0xC6, 0xBC, + 0x64, 0x98, 0xAA, 0x32, 0x91, 0x9A, 0xE8, 0x1D, + 0x20, 0xC2, 0x69, 0x73, 0xC2, 0xBD, 0x54, 0x58, + 0x2A, 0x0F, 0x6A, 0xD9, 0x8A, 0xBF, 0xD2, 0x62, + 0x7E, 0x15, 0x69, 0x0A, 0x72, 0x7E, 0x69, 0xF5, + 0x81, 0xDD, 0x2A, 0x71, 0x27, 0x98, 0x2A, 0x90, + 0xE3, 0x3E, 0x2D, 0x4A, 0x03, 0xFE, 0x33, 0x91, + 0x42, 0xC7, 0xE4, 0x4C, 0x32, 0x6A, 0xC4, 0x6E, + 0xD3, 0x95, 0xA2, 0x25, 0xD3, 0x03, 0x33, 0x89, + 0x91, 0x73, 0x28, 0xB4, 0x53, 0x16, 0xB1, 0x58, + 0x5A, 0x01, 0xB2, 0xC3, 0x04, 0xB2, 0x94, 0x4E, + 0x90, 0x3A, 0xBB, 0xB3, 0xEC, 0x56, 0x19, 0x44, + 0x1C, 0xFC, 0x89, 0x65, 0xA4, 0x46, 0xDF, 0x75, + 0xDE, 0xFA, 0x80, 0xC6, 0xE1, 0x5A, 0xDB, 0xD5, + 0x06, 0xB7, 0xAB, 0x2D, 0xE1, 0x2D, 0xDA, 0x9B, + 0xC8, 0x14, 0x41, 0xCF, 0xC8, 0x90, 0x52, 0xE2, + 0xE5, 0x80, 0x8F, 0x71, 0x26, 0xC6, 0xFD, 0x3A, + 0xC6, 0xAC, 0x80, 0x81, 0x25, 0x8A, 0x84, 0xA0, + 0x9A, 0xE5, 0x0F, 0x6C, 0xD7, 0xCC, 0x0F, 0x4A, + 0xF3, 0x36, 0xFD, 0x1D, 0x64, 0x3E, 0x99, 0x07, + 0x99, 0x96, 0x26, 0x8C, 0x2D, 0x32, 0xD9, 0x09, + 0xF2, 0x2E, 0x35, 0x04, 0xF0, 0x7F, 0xBB, 0x56, + 0x31, 0x96, 0xD4, 0x31, 0x2F, 0xDD, 0xB9, 0x33, + 0x5D, 0x5C, 0x1D, 0x36, 0xE8, 0xC5, 0xEE, 0xA2, + 0x27, 0x8D, 0xBA, 0x23, 0xB9, 0x4D, 0x19, 0x3C, + 0x94, 0x7C, 0xC4, 0x1C, 0xA9, 0x93, 0xDC, 0x7D, + 0xB1, 0x39, 0x63, 0x40, 0xAD, 0x9C, 0x4F, 0xE6, + 0x87, 0xDD, 0x7B, 0x8D, 0x0C, 0x7A, 0x51, 0x20, + 0xAE, 0x02, 0x04, 0xF2, 0xC6, 0x65, 0xBD, 0x5F, + 0x47, 0x3D, 0x64, 0x4C, 0x7F, 0xF2, 0x6B, 0xFF, + 0xBA, 0x7A, 0x36, 0x98, 0x08, 0x30, 0x70, 0x21, + 0x28, 0xA7, 0xE6, 0x61, 0xD6, 0x77, 0xA0, 0x92, + 0xA3, 0x6E, 0x74, 0x28, 0xA4, 0x13, 0x9F, 0xB2, + 0x9B, 0x00, 0x95, 0xCC, 0x11, 0x08, 0x6F, 0x44, + 0x7D, 0x2A, 0x9E, 0xF6, 0xC9, 0xB1, 0x61, 0xF1, + 0x89, 0xC6, 0x29, 0x9E, 0x08, 0x4C, 0xB7, 0xAA, + 0x00, 0xFA, 0xF7, 0x87, 0x79, 0x7B, 0xFB, 0x06, + 0x9F, 0xBC, 0x08, 0x7F, 0xDE, 0x26, 0x25, 0x2A, + 0x16, 0x64, 0xF1, 0x9C, 0x5A, 0x8A, 0x22, 0xEC, + 0x5E, 0xE1, 0xAE, 0xB0, 0x76, 0x35, 0x7B, 0x7D, + 0xC3, 0x7E, 0x6B, 0x0F, 0x15, 0x20, 0xF9, 0x58, + 0xF7, 0x85, 0x1B, 0xAC, 0xB9, 0x2C, 0x89, 0xFD, + 0x11, 0x4A, 0x72, 0xFE, 0xAC, 0x54, 0x65, 0x2D, + 0x45, 0xB0, 0x9E, 0x1A, 0xE7, 0x65, 0x1A, 0xBD, + 0x16, 0x4B, 0xCD, 0x53, 0x7D, 0x58, 0xFA, 0x39, + 0xD3, 0xEC, 0x8A, 0xCD, 0xCD, 0xF9, 0x84, 0x25, + 0x00, 0x58, 0x62, 0xFA, 0x59, 0x69, 0x2D, 0xE1, + 0x62, 0xB7, 0x7E, 0x62, 0x97, 0xC6, 0x62, 0x33, + 0x34, 0x84, 0x08, 0xA8, 0xAB, 0x69, 0x5C, 0xE2, + 0xF2, 0x72, 0x8D, 0xB9, 0xFB, 0xE2, 0x7E, 0x95, + 0x89, 0x67, 0xEC, 0x59, 0x74, 0x76, 0x7C, 0x5A, + 0x66, 0x02, 0x30, 0x74, 0xB4, 0xA7, 0x1A, 0xFD, + 0x26, 0x4A, 0xD2, 0x89, 0x0E, 0x97, 0x0A, 0x1F, + 0x31, 0xD6, 0xE3, 0x31, 0x1B, 0x73, 0x6F, 0x9F, + 0x94, 0x88, 0x79, 0x3D, 0xDC, 0x88, 0xF2, 0x34, + 0x58, 0x06, 0x42, 0x54, 0xC8, 0x2A, 0x1D, 0x9E, + 0x59, 0xEA, 0xD2, 0xFC, 0xEC, 0x40, 0xB4, 0x30, + 0x68, 0x7C, 0x4B, 0x7E, 0x28, 0x96, 0x09, 0x26, + 0xAF, 0xCA, 0xCC, 0x9B, 0xD7, 0x56, 0xA7, 0x10, + 0x88, 0xC7, 0x84, 0x50, 0xE2, 0x0A, 0x2E, 0x98, + 0x0A, 0xED, 0xE9, 0xEB, 0xED, 0xFE, 0x7F, 0xAB, + 0xD6, 0xAB, 0xFE, 0x96, 0xF9, 0x34, 0xC4, 0xB0, + 0x2C, 0x01, 0xCA, 0x19, 0x4D, 0x01, 0xB7, 0x3C, + 0x25, 0xD5, 0x99, 0x70, 0x39, 0xD3, 0xFC, 0xD0, + 0xF0, 0x99, 0x52, 0x1F, 0x70, 0xCA, 0xEE, 0x69, + 0x11, 0x0A, 0xC1, 0xFC, 0x5A, 0x99, 0x91, 0x7A, + 0xD7, 0x52, 0xFC, 0x96, 0xAD, 0xFA, 0xD7, 0x18, + 0x6D, 0x0A, 0x7C, 0x9C, 0xFE, 0x56, 0x01, 0xC0, + 0x75, 0x14, 0xEA, 0x64, 0x48, 0xD6, 0x61, 0xC5, + 0x7A, 0xA2, 0x02, 0x42, 0x10, 0x3C, 0x42, 0x76, + 0xA0, 0x70, 0xA4, 0x89, 0xA4, 0xCB, 0x6B, 0xCA, + 0x0F, 0x9E, 0xCC, 0x43, 0x79, 0xFB, 0x22, 0x02, + 0x15, 0xFD, 0x91, 0xF8, 0x10, 0x19, 0xD5, 0xB0, + 0xAE, 0x61, 0x93, 0x58, 0xB5, 0x24, 0x68, 0xF2, + 0x72, 0xC1, 0x78, 0xE3, 0xA7, 0x4C, 0xF6, 0x77, + 0x5A, 0xA9, 0x24, 0xFE, 0x32, 0x9C, 0x31, 0x75, + 0xD9, 0xE4, 0xC3, 0xE2, 0x1A, 0xB9, 0xEC, 0x83, + 0x6E, 0xDC, 0x3A, 0xCA, 0xB2, 0xE3, 0x89, 0x1E, + 0xE8, 0xDE, 0xDA, 0x51, 0x5D, 0x39, 0xAF, 0x9B, + 0x8D, 0xDD, 0x0E, 0xE7, 0xB0, 0x16, 0x4F, 0x80, + 0x5C, 0x38, 0x35, 0xF6, 0xD2, 0xBA, 0xBD, 0xB3, + 0x0E, 0xAB, 0x47, 0x56, 0xE7, 0xEC, 0x7F, 0x82, + 0x9E, 0xCE, 0x01, 0xE8, 0xEA, 0xDF, 0xBB, 0xED, + 0x12, 0xFC, 0x28, 0x3B, 0x3D, 0x4C, 0x69, 0xF5, + 0x75, 0xE7, 0xF8, 0x04, 0x17, 0x68, 0x9F, 0xDF, + 0xCF, 0xC7, 0xBE, 0x27, 0xEE, 0x3B, 0x8C, 0xDF, + 0x57, 0xAA, 0xEB, 0xEC, 0x4A, 0x95, 0xB7, 0xE5, + 0xBB, 0x58, 0x5B, 0x85, 0x22, 0x7F, 0x7C, 0x32, + 0xBE, 0x30, 0xDB, 0x3E, 0x65, 0xE4, 0x2E, 0x30, + 0xDC, 0xF5, 0xA5, 0xFA, 0x07, 0x3D, 0xBA, 0x39, + 0x9D, 0x94, 0x2F, 0x22, 0x22, 0xAD, 0xB9, 0xB9, + 0x89, 0x81, 0x02, 0xAF, 0xE5, 0x43, 0x2E, 0xDC, + 0x7F, 0x04, 0xAE, 0x34, 0xA8, 0xFE, 0xC2, 0xD8, + 0x1C, 0xB4, 0x9A, 0x9A, 0x9B, 0x43, 0x81, 0x4C, + 0xE7, 0x1D, 0x97, 0xF7, 0x26, 0xE2, 0xB1, 0xE8, + 0xF6, 0x4B, 0x50, 0xE6, 0x5D, 0xFB, 0x48, 0x16, + 0xE1, 0x2E, 0x82, 0xA3, 0x19, 0x74, 0x84, 0xA4, + 0xE9, 0xBB, 0xA4, 0xD2, 0xD6, 0x9E, 0x3F, 0x19, + 0xD0, 0xB7, 0x5C, 0x21, 0xE2, 0xBF, 0xFE, 0x9F, + 0xC0, 0xC9, 0x8C, 0xF4, 0x8A, 0x3A, 0xAF, 0x08, + 0xD4, 0x67, 0xF7, 0x26, 0x87, 0xDF, 0x01, 0x78, + 0x17, 0x4B, 0x78, 0x97, 0xF7, 0x34, 0x34, 0x9B, + 0x18, 0x1E, 0xCA, 0x86, 0xA5, 0x98, 0xA0, 0xC5, + 0xE8, 0xC2, 0x59, 0x46, 0xF2, 0x4D, 0xC5, 0x57, + 0x2B, 0xD3, 0x24, 0xA4, 0x04, 0x58, 0xA7, 0x88, + 0xE5, 0x13, 0x7F, 0x3C, 0x7A, 0x7C, 0x97, 0xFC, + 0x9F, 0x12, 0xA3, 0xC4, 0x63, 0xA8, 0xFE, 0x94, + 0x49, 0x10, 0x1C, 0xCE, 0x96, 0x6D, 0x7C, 0x00, + 0x93, 0x23, 0x93, 0x29, 0x98, 0xD5, 0x6E, 0xF4, + 0x30, 0xC7, 0x3B, 0xC2, 0x4F, 0x5D, 0x95, 0xF7, + 0x37, 0x85, 0x8D, 0xDC, 0x4F, 0x32, 0xC0, 0x13 + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM + WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_ct[] = { + 0xc9, 0xbe, 0xad, 0x6b, 0x0c, 0x11, 0x14, 0x38, + 0x9b, 0xd4, 0x76, 0x1c, 0x73, 0xab, 0x90, 0x95, + 0xb5, 0x80, 0x9d, 0xaa, 0xc9, 0xf6, 0x59, 0xbb, + 0x56, 0x4a, 0xf2, 0x26, 0x17, 0x30, 0x52, 0xa4, + 0xa3, 0xe7, 0xf2, 0xe5, 0xfd, 0x47, 0xd2, 0xb0, + 0x2a, 0xae, 0xb5, 0x18, 0x9e, 0x06, 0xb9, 0xf4, + 0xae, 0x98, 0xb6, 0x19, 0xcb, 0x63, 0xef, 0xbd, + 0xf3, 0x98, 0x9a, 0x94, 0xb3, 0x6e, 0x8e, 0xa0, + 0xd7, 0x00, 0x63, 0x3b, 0x95, 0x0a, 0x0a, 0xe2, + 0xa7, 0x8e, 0xd9, 0x2e, 0x85, 0xc8, 0x5c, 0x70, + 0xe1, 0x3e, 0x62, 0x6f, 0xb2, 0x63, 0xfa, 0xc9, + 0x68, 0x15, 0x21, 0xc3, 0xab, 0x22, 0xfd, 0xab, + 0x29, 0x17, 0x3c, 0x96, 0x16, 0xa2, 0xb0, 0x37, + 0x08, 0x3f, 0xf7, 0xb2, 0xe0, 0x19, 0xb5, 0xbc, + 0xde, 0x06, 0x8f, 0xac, 0x25, 0x7e, 0xf8, 0xf1, + 0x27, 0x98, 0x41, 0x16, 0x93, 0xc1, 0xbd, 0xcc, + 0x65, 0x42, 0x09, 0x97, 0xa5, 0x13, 0xa8, 0xa6, + 0x95, 0x02, 0x62, 0x0b, 0xe8, 0xe4, 0xce, 0x73, + 0x62, 0xe4, 0x12, 0xa7, 0x6c, 0xf5, 0x1c, 0x1f, + 0x24, 0x33, 0xf1, 0xab, 0x64, 0xce, 0x0e, 0x5d, + 0x2f, 0x56, 0xd7, 0xc9, 0xad, 0xe9, 0x94, 0xd0, + 0xe3, 0x5d, 0x0a, 0xee, 0xf3, 0xac, 0x51, 0x5b, + 0x48, 0x24, 0x37, 0x66, 0x4d, 0x8c, 0x1d, 0x25, + 0xe5, 0xa5, 0x50, 0x7c, 0xf8, 0x0f, 0x97, 0x0d, + 0x3e, 0xa7, 0x22, 0x6a, 0xac, 0xdc, 0x45, 0x7c, + 0xbf, 0x88, 0xa0, 0x56, 0x0a, 0xa3, 0x5b, 0xb2, + 0xc5, 0xc4, 0x55, 0x86, 0x7e, 0x21, 0x59, 0x91, + 0x0a, 0x35, 0x81, 0x0b, 0xef, 0xe3, 0xaa, 0x10, + 0xeb, 0x04, 0xd8, 0xd5, 0x71, 0x47, 0xcb, 0x8f, + 0x66, 0xd2, 0xb0, 0x70, 0xba, 0xc4, 0x3d, 0x1f, + 0x1f, 0xfd, 0xd5, 0x7a, 0x93, 0x99, 0x95, 0x1f, + 0x64, 0x96, 0x57, 0x27, 0xbc, 0xb9, 0xf6, 0x6a, + 0xd4, 0x23, 0x09, 0xda, 0xfc, 0x79, 0x9c, 0x1c, + 0x54, 0x0a, 0xf1, 0xaf, 0x93, 0xef, 0xf6, 0x8a, + 0x86, 0xd6, 0x1f, 0x51, 0x15, 0xdb, 0x66, 0x2d, + 0xee, 0x7a, 0xc9, 0xa3, 0x62, 0x67, 0x77, 0x62, + 0xb6, 0xa1, 0x64, 0xa0, 0xfa, 0x0a, 0x4d, 0x85, + 0x9e, 0x4b, 0x8c, 0x8d, 0xbd, 0xb4, 0xe1, 0x83, + 0xf5, 0xe6, 0x80, 0x8f, 0xc5, 0x22, 0x29, 0x65, + 0x0c, 0xaf, 0x7c, 0xf3, 0xe1, 0x6d, 0xe3, 0xd8, + 0x95, 0xd1, 0x48, 0xc3, 0x54, 0x48, 0xab, 0x8c, + 0x27, 0x53, 0xc9, 0x83, 0x1b, 0x24, 0xbd, 0x49, + 0x21, 0x49, 0x7e, 0xaa, 0x19, 0x25, 0x65, 0xca, + 0xbf, 0xd8, 0x3c, 0x0c, 0x68, 0xdf, 0xe7, 0xd3, + 0x92, 0xab, 0xf5, 0xe5, 0xe6, 0xf8, 0x4b, 0xb9, + 0xf5, 0xaf, 0x4b, 0x71, 0x18, 0xc0, 0xb5, 0x58, + 0x10, 0x5f, 0x9c, 0x10, 0xc9, 0xb6, 0xd7, 0x06, + 0x82, 0xe1, 0xde, 0x6e, 0x06, 0x89, 0xd7, 0x10, + 0x6a, 0x63, 0x74, 0xbd, 0x34, 0xae, 0xd7, 0x22, + 0x9e, 0x6c, 0xb3, 0x56, 0xf2, 0xea, 0x65, 0xe6, + 0x80, 0xce, 0x7b, 0x1e, 0x2c, 0x37, 0x04, 0xe1, + 0x16, 0xa3, 0x85, 0x42, 0x82, 0x6e, 0x8a, 0x00, + 0x11, 0x41, 0xba, 0xf2, 0xe3, 0x4d, 0xe3, 0x7a, + 0x03, 0x04, 0x09, 0x86, 0xd4, 0xc0, 0xcd, 0x5d, + 0x57, 0xf0, 0x70, 0x1c, 0xe9, 0x30, 0x98, 0x6f, + 0xd9, 0x52, 0x5b, 0x58, 0xe2, 0xe5, 0x9f, 0x45, + 0xb8, 0xdd, 0x04, 0xc0, 0xf3, 0x5b, 0x0f, 0x47, + 0x97, 0x0c, 0xc6, 0x70, 0x79, 0x61, 0x8e, 0xb9, + 0xe6, 0xd9, 0x1e, 0x9b, 0x0f, 0x8c, 0x6d, 0x2e, + 0x16, 0x5c, 0xf4, 0x48, 0xa2, 0xc1, 0xeb, 0xf7, + 0x1b, 0x65, 0x37, 0xe0, 0xf3, 0x75, 0x18, 0x5d, + 0xfa, 0xfe, 0xf6, 0x98, 0xb6, 0x23, 0x9b, 0xb3, + 0x55, 0x80, 0xb3, 0x15, 0xbc, 0xb5, 0xed, 0x40, + 0x8c, 0x35, 0x7f, 0x19, 0x2d, 0xef, 0x89, 0xbc, + 0x1b, 0x75, 0xcd, 0xd6, 0xaa, 0xe8, 0xb5, 0xfa, + 0xf0, 0xc3, 0xe1, 0x38, 0x03, 0xf6, 0xbd, 0xfa, + 0x76, 0xfb, 0x40, 0x7f, 0xcb, 0xda, 0x79, 0x0c, + 0x32, 0x9b, 0x3e, 0xe4, 0x2f, 0xd3, 0xd3, 0xb0, + 0x3b, 0xd5, 0x00, 0x3f, 0x0b, 0xc4, 0x32, 0xf7, + 0xba, 0x39, 0x63, 0x11, 0x12, 0x45, 0x2d, 0xfd, + 0x12, 0x14, 0x04, 0x33, 0xff, 0x89, 0x80, 0xeb, + 0x6a, 0x52, 0x6b, 0xa8, 0x5e, 0xf9, 0x94, 0x77, + 0x37, 0x8b, 0x4d, 0xc7, 0x66, 0x35, 0xa5, 0xcd, + 0x50, 0x40, 0xe4, 0x3b, 0x8c, 0x1f, 0xe4, 0xee, + 0x5e, 0x15, 0x8e, 0x42, 0x3b, 0xfc, 0x0c, 0x89, + 0x3c, 0x1d, 0x56, 0x13, 0xbe, 0xd0, 0x8d, 0xa7, + 0x19, 0xc9, 0x07, 0x31, 0x84, 0xee, 0xb3, 0x6f, + 0xd3, 0x57, 0x38, 0x0f, 0xb1, 0x87, 0x3d, 0x8c, + 0xbd, 0x36, 0xe2, 0x25, 0x5e, 0x98, 0x5b, 0x1b, + 0x76, 0x81, 0x97, 0x43, 0xa6, 0x58, 0x4a, 0x9b, + 0x3a, 0x58, 0x09, 0x96, 0xc9, 0xc2, 0xee, 0xd9, + 0xbb, 0xbf, 0xff, 0x78, 0xa6, 0x20, 0x4b, 0x5e, + 0x5e, 0xea, 0xe5, 0xf4, 0xef, 0xd2, 0x66, 0x00, + 0x78, 0xb3, 0x7f, 0x07, 0x54, 0xab, 0x5d, 0xa8, + 0x62, 0xe6, 0x66, 0xb1, 0x45, 0xb5, 0xf2, 0x3f, + 0x3d, 0x09, 0x77, 0x79, 0x99, 0x29, 0xdf, 0xa2, + 0xae, 0xdd, 0xa5, 0x3d, 0x15, 0x2e, 0xda, 0x1d, + 0x0d, 0x0e, 0x4e, 0xa4, 0x3f, 0x6e, 0xd8, 0x89, + 0xbb, 0x96, 0x5e, 0xef, 0xe0, 0xa7, 0xc6, 0x85, + 0xbb, 0x36, 0x77, 0x0e, 0xaa, 0x87, 0x42, 0x42, + 0xc0, 0xe2, 0x29, 0xcf, 0x6c, 0xe5, 0x6d, 0xef, + 0xa5, 0xae, 0xae, 0x64, 0xd0, 0xc4, 0x0d, 0xda, + 0x8a, 0xa2, 0x6e, 0xae, 0xb3, 0x14, 0x58, 0xf0, + 0x70, 0xa3, 0xbc, 0x72, 0xe1, 0x61, 0x9e, 0xe9, + 0xb5, 0xf6, 0x42, 0x29, 0x1c, 0x56, 0xdf, 0x5b, + 0x7e, 0x43, 0xdb, 0x6c, 0x80, 0x2f, 0xc7, 0x4f, + 0x4f, 0x3f, 0x9b, 0x5c, 0x0d, 0x35, 0x5c, 0x3a, + 0xae, 0x52, 0x0a, 0xa3, 0x12, 0x29, 0xd1, 0x2f, + 0x3e, 0x7c, 0xc5, 0xd4, 0x8e, 0x69, 0x11, 0x91, + 0xa3, 0x6b, 0x28, 0x37, 0x65, 0xf4, 0x13, 0x3f, + 0x0f, 0xf1, 0xfe, 0x2f, 0x01, 0xc6, 0x64, 0x8b, + 0x27, 0x98, 0xa7, 0x4e, 0xb5, 0xd8, 0x42, 0xa2, + 0x48, 0xf5, 0x24, 0xa7, 0xe7, 0xf8, 0x97, 0x42, + 0x11, 0x29, 0x7b, 0x44, 0xf0, 0xdd, 0x19, 0xf3, + 0x86, 0xe8, 0x6b, 0xe6, 0xba, 0x78, 0x2d, 0xe7, + 0x7f, 0xde, 0x88, 0x72, 0x26, 0xf3, 0x7a, 0x1c, + 0x77, 0xbc, 0x5e, 0xdd, 0xee, 0xe5, 0xbf, 0x46, + 0xb6, 0x7f, 0xb7, 0x47, 0x8d, 0x55, 0x98, 0x65, + 0xf2, 0x62, 0xca, 0xa8, 0x4d, 0x64, 0xa8, 0xce, + 0x59, 0xe4, 0xdf, 0x08, 0x18, 0xe1, 0x48, 0x61, + 0x52, 0x6a, 0xcd, 0x34, 0x83, 0x60, 0x0f, 0x3d, + 0xae, 0x79, 0x59, 0xd3, 0x5d, 0x81, 0x81, 0xca, + 0x6a, 0x81, 0xce, 0x79, 0x1b, 0xe0, 0x07, 0x52, + 0xda, 0x77, 0x59, 0x44, 0x6a, 0x2c, 0xfb, 0xe0, + 0x0b, 0x82, 0x48, 0xb9, 0x34, 0x91, 0xde, 0xbd, + 0x52, 0x02, 0x20, 0xb7, 0x55, 0x41, 0x6d, 0x2f, + 0xc6, 0xb7, 0xc8, 0xaf, 0x2f, 0xf7, 0x5e, 0x5b, + 0xcb, 0xb8, 0xe7, 0x53, 0x73, 0x80, 0xa5, 0x72, + 0x1c, 0x77, 0x48, 0x49, 0x57, 0xa6, 0x92, 0x71, + 0xd8, 0xba, 0xfc, 0xe0, 0xf1, 0x66, 0x73, 0x5f, + 0xf8, 0x69, 0x23, 0x2d, 0xe5, 0xd3, 0x81, 0xaf, + 0xbf, 0x0e, 0x44, 0xd6, 0x91, 0x72, 0xb7, 0x9a, + 0x35, 0x19, 0x19, 0x49, 0xde, 0x09, 0x70, 0x3b, + 0x94, 0x22, 0x2b, 0x13, 0xc3, 0x85, 0xc6, 0x08, + 0x1e, 0x6d, 0x2e, 0xde, 0x1e, 0x57, 0xfe, 0x18, + 0x4e, 0xf8, 0xf6, 0x01, 0x96, 0xb9, 0xa3, 0xa7, + 0xb7, 0xef, 0xf7, 0x49, 0x71, 0x91, 0xca, 0x87, + 0x41, 0xb5, 0xa0, 0x1e, 0x79, 0xcb, 0x69, 0xa6, + 0x11, 0x42, 0xe6, 0xf5, 0xd0, 0x80, 0xfb, 0xb3, + 0xe5, 0x66, 0xf7, 0x9e, 0x14, 0x6f, 0x75, 0xc8, + 0xa1, 0x09, 0x78, 0x60, 0x84, 0x1b, 0x47, 0x47, + 0xdf, 0x60, 0x4d, 0xba, 0x95, 0x4e, 0x4a, 0x8d, + 0x9e, 0x0d, 0xcc, 0xc1, 0xf6, 0x09, 0xd0, 0x5c, + 0xf8, 0xd3, 0x12, 0x19, 0xec, 0xd6, 0x0c, 0x31, + 0x2d, 0xe6, 0x84, 0x55, 0x2f, 0x09, 0x22, 0x7c, + 0xb8, 0x29, 0x29, 0x1c, 0x64, 0x57, 0x32, 0xc5, + 0xf5, 0xd4, 0xd7, 0x11, 0x63, 0x9f, 0x42, 0xa2, + 0x30, 0x80, 0xaa, 0x34, 0xfe, 0x14, 0x20, 0xf2, + 0x19, 0xbd, 0x6b, 0xcf, 0x4e, 0x3b, 0x29, 0xb9, + 0xd0, 0x22, 0x93, 0xb2, 0xda, 0x81, 0x38, 0x3e, + 0x0a, 0x51, 0xd2, 0xbb, 0x18, 0x6c, 0x7b, 0x0a, + 0x21, 0x1a, 0x0c, 0xd6, 0x3a, 0xcb, 0xfc, 0x02, + 0x10, 0x40, 0x1e, 0x98, 0x5d, 0x43, 0x6b, 0x38, + 0x03, 0xd5, 0x60, 0x1c, 0x24, 0x13, 0x6a, 0xfd, + 0x15, 0x62, 0x52, 0x2e, 0x45, 0xb4, 0x57, 0xcb, + 0x43, 0x91, 0x78, 0xbe, 0x4a, 0x87, 0xcc, 0xe4, + 0x03, 0x46, 0xd3, 0x4a, 0xe0, 0xf3, 0xc3, 0x91, + 0x03, 0xc8, 0xa3, 0xeb, 0xc9, 0xc8, 0x6c, 0x8d, + 0xb8, 0xfc, 0x55, 0x61, 0xeb, 0x0f, 0x3a, 0x14, + 0x3d, 0x4e, 0x9f, 0xe9, 0x3a, 0x5c, 0xba, 0x6f, + 0x6f, 0xca, 0xe5, 0x65, 0x0d, 0x3f, 0x43, 0xd2, + 0x66, 0x8a, 0x59, 0x56, 0xc9, 0x22, 0x89, 0x3b, + 0x81, 0x66, 0x47, 0xde, 0xd0, 0xaf, 0xc0, 0x52, + 0xa6, 0xc3, 0xd9, 0xd0, 0x1a, 0x3d, 0x3a, 0xf0, + 0xf1, 0xba, 0x80, 0x7f, 0xf1, 0x04, 0x91, 0xe1, + 0x31, 0xdc, 0x15, 0xe1, 0x65, 0xcf, 0xd0, 0x65, + 0x0a, 0x1f, 0x2c, 0x31, 0x3d, 0x79, 0x56, 0x14, + 0x1e, 0xdc, 0xc6, 0x1c, 0xb9, 0x0e, 0x9e, 0x7a, + 0xbf, 0x2f, 0xe3, 0x5f, 0xc9, 0xdc, 0x1b, 0xde, + 0x88, 0x93, 0x9f, 0xa1, 0x1f, 0x7b, 0xbe, 0x3e, + 0xb4, 0xd8, 0xff, 0xa6, 0x43, 0xb0, 0x74, 0xd7, + 0x4f, 0x45, 0x11, 0x35, 0x86, 0xe9, 0xbb, 0x12, + 0x06, 0x00, 0x03, 0xd7, 0x19, 0x41, 0xf2, 0xda, + 0x09, 0x8d, 0xc0, 0xe9, 0x6c, 0xad, 0x32, 0x55, + 0xcf, 0x32, 0x8e, 0xa2, 0xd3, 0x30, 0x8c, 0x1f, + 0x45, 0x85, 0xe8, 0x9c, 0x61, 0x3c, 0x42, 0x6b, + 0x7e, 0x79, 0x8e, 0x1e, 0xc4, 0xe9, 0x8f, 0xe6, + 0xc7, 0x1e, 0x74, 0x91, 0xf5, 0xec, 0xa0, 0xcd, + 0x05, 0x11, 0x58, 0x61, 0xbd, 0x16, 0x0e, 0x3f, + 0xe7, 0x3a, 0x58, 0xa0, 0x26, 0xba, 0x53, 0x8e, + 0x0e, 0x25, 0x6b, 0x92, 0xf1, 0xd7, 0xa2, 0x49, + 0x75, 0x70, 0x59, 0x48, 0x56, 0x86, 0x0f, 0xfd, + 0x06, 0xb6, 0x01, 0xac, 0x57, 0x55, 0x92, 0xf4, + 0xac, 0x61, 0x2b, 0x5d, 0xe7, 0x86, 0x60, 0x42, + 0x12, 0x3e, 0xbc, 0x60, 0xc5, 0x57, 0x68, 0xe3, + 0xa7, 0x60, 0x0a, 0x32, 0x60, 0x55, 0x1f, 0x2b, + 0xea, 0x22, 0xbb, 0xf6, 0xb6, 0xc8, 0x24, 0x6e, + 0x80, 0xf9, 0x12, 0x5c, 0x4b, 0xb9, 0xdb, 0x35, + 0x4d, 0xd6, 0x4a, 0xe6, 0x95, 0xc1, 0x5f, 0x50, + 0x71, 0xf4, 0xab, 0xb9, 0x63, 0x92, 0x07, 0xca, + 0xc7, 0x33, 0x1b, 0x31, 0x0f, 0x69, 0xa0, 0x5f, + 0x54, 0xb9, 0x95, 0xde, 0x52, 0x9a, 0x02, 0x3f, + 0x03, 0x3b, 0x05, 0x5d, 0xb9, 0x52, 0x87, 0xa1, + 0x4b, 0xa3, 0x0a, 0x7c, 0xc5, 0x26, 0xbb, 0x72, + 0x4c, 0x41, 0x7f, 0xba, 0x29, 0x06, 0x36, 0xa9, + 0x96, 0xf2, 0x86, 0xe3, 0xe9, 0xe9, 0x39, 0xe4, + 0xfe, 0x1c, 0x39, 0x8b, 0x5c, 0x65, 0x99, 0x95, + 0x9d, 0x0b, 0x44, 0x45, 0xa3, 0x27, 0xec, 0x46, + 0x9a, 0x16, 0x53, 0xcf, 0xae, 0xa7, 0x55, 0x2c, + 0xec, 0xec, 0x08, 0x5c, 0xca, 0xa6, 0x89, 0x38, + 0xae, 0x4a, 0xc3, 0xc4, 0x24, 0xf7, 0xe4, 0x80, + 0x43, 0x9e, 0xbd, 0x2c, 0x99, 0x2b, 0x5f, 0x6f, + 0x95, 0xec, 0x24, 0x4b, 0x65, 0x7d, 0xbd, 0xea, + 0xa9, 0xae, 0x11, 0x0a, 0xaf, 0x4d, 0x68, 0xbf, + 0x4e, 0x27, 0x41, 0x0d, 0x43, 0xce, 0xef, 0x3e, + 0x88, 0xe9, 0xc7, 0x17, 0xdd, 0x44, 0xc9, 0xee + }; +#endif +#ifdef WOLFSSL_MLKEM_KYBER + WOLFSSL_SMALL_STACK_STATIC const byte kyber1024_ss[] = { + 0xB1, 0x0F, 0x73, 0x94, 0x92, 0x6A, 0xD3, 0xB4, + 0x9C, 0x5D, 0x62, 0xD5, 0xAE, 0xB5, 0x31, 0xD5, + 0x75, 0x75, 0x38, 0xBC, 0xC0, 0xDA, 0x9E, 0x55, + 0x0D, 0x43, 0x8F, 0x1B, 0x61, 0xBD, 0x74, 0x19 + }; +#endif +#ifndef WOLFSSL_NO_ML_KEM + WOLFSSL_SMALL_STACK_STATIC const byte ml_kem_1024_ss[] = { + 0x48, 0x9d, 0xd1, 0xe9, 0xc2, 0xbe, 0x4a, 0xf3, + 0x48, 0x2b, 0xdb, 0x35, 0xbb, 0x26, 0xce, 0x76, + 0x0e, 0x6e, 0x41, 0x4d, 0xa6, 0xec, 0xbe, 0x48, + 0x99, 0x85, 0x74, 0x8a, 0x82, 0x5f, 0x1c, 0xd6 + }; +#endif + +#ifdef WOLFSSL_SMALL_STACK + key = (MlKemKey *)XMALLOC(sizeof(MlKemKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + priv = (byte *)XMALLOC(WC_ML_KEM_1024_PRIVATE_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + pub = (byte *)XMALLOC(WC_ML_KEM_1024_PUBLIC_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (priv == NULL || pub == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + ct = (byte *)XMALLOC(WC_ML_KEM_1024_CIPHER_TEXT_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + ss = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ct == NULL || ss == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + ss_dec = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ss_dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif +#endif + +#ifdef WOLFSSL_MLKEM_KYBER + ret = wc_KyberKey_Init(KYBER1024, key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + else + key_inited = 1; + +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + ret = wc_KyberKey_MakeKeyWithRandom(key, kyber1024_rand, + sizeof(kyber1024_rand)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_KyberKey_EncodePublicKey(key, pub, KYBER_MAX_PUBLIC_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_KyberKey_EncodePrivateKey(key, priv, KYBER_MAX_PRIVATE_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(pub, kyber1024_pk, sizeof(kyber1024_pk)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(priv, kyber1024_sk, sizeof(kyber1024_sk)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)kyber1024_rand; + (void)kyber1024_pk; + ret = wc_KyberKey_DecodePrivateKey(key, kyber1024_sk, + KYBER1024_PRIVATE_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + ret = wc_KyberKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand, + sizeof(kyber1024enc_rand)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(ct, kyber1024_ct, sizeof(kyber1024_ct)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(ss, kyber1024_ss, sizeof(kyber1024_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)kyber1024enc_rand; +#endif + +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + ret = wc_KyberKey_Decapsulate(key, ss_dec, kyber1024_ct, + sizeof(kyber1024_ct)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(ss_dec, kyber1024_ss, sizeof(kyber1024_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)kyber1024_ct; + (void)kyber1024_ss; +#endif +#endif +#ifndef WOLFSSL_NO_ML_KEM + ret = wc_MlKemKey_Init(key, WC_ML_KEM_1024, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + else + key_inited = 1; + +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + ret = wc_MlKemKey_MakeKeyWithRandom(key, kyber1024_rand, + sizeof(kyber1024_rand)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_MlKemKey_EncodePublicKey(key, pub, WC_ML_KEM_MAX_PUBLIC_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_MlKemKey_EncodePrivateKey(key, priv, + WC_ML_KEM_MAX_PRIVATE_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(pub, ml_kem_1024_pk, sizeof(ml_kem_1024_pk)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(priv, ml_kem_1024_sk, sizeof(ml_kem_1024_sk)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)kyber1024_rand; + (void)ml_kem_1024_pk; + ret = wc_MlKemKey_DecodePrivateKey(key, ml_kem_1024_sk, + WC_ML_KEM_1024_PRIVATE_KEY_SIZE); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + ret = wc_MlKemKey_EncapsulateWithRandom(key, ct, ss, kyber1024enc_rand, + sizeof(kyber1024enc_rand)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(ct, ml_kem_1024_ct, sizeof(ml_kem_1024_ct)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (XMEMCMP(ss, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)kyber1024enc_rand; +#endif + +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + ret = wc_MlKemKey_Decapsulate(key, ss_dec, ml_kem_1024_ct, + sizeof(ml_kem_1024_ct)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + if (XMEMCMP(ss_dec, ml_kem_1024_ss, sizeof(ml_kem_1024_ss)) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#else + (void)ml_kem_1024_ct; + (void)ml_kem_1024_ss; +#endif +#endif + +out: + + if (key_inited) + wc_MlKemKey_Free(key); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#endif + + return ret; +} +#endif /* !WOLFSSL_NO_KYBER1024 && !WOLFSSL_NO_ML_KEM_1024 */ +#endif /* WOLFSSL_WC_MLKEM */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void) +{ + wc_test_ret_t ret; + WC_RNG rng; + int i; +#ifdef WOLFSSL_SMALL_STACK + MlKemKey *key = NULL; +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + byte *priv = NULL; + byte *pub = NULL; + byte *priv2 = NULL; + byte *pub2 = NULL; +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + byte *ct = NULL; + byte *ss = NULL; +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + byte *ss_dec = NULL; +#endif +#endif +#endif +#else + MlKemKey key[1]; +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + byte priv[WC_ML_KEM_MAX_PRIVATE_KEY_SIZE]; + byte pub[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE]; + byte priv2[WC_ML_KEM_MAX_PRIVATE_KEY_SIZE]; + byte pub2[WC_ML_KEM_MAX_PUBLIC_KEY_SIZE]; +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + byte ct[WC_ML_KEM_MAX_CIPHER_TEXT_SIZE]; + byte ss[WC_ML_KEM_SS_SZ]; +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + byte ss_dec[WC_ML_KEM_SS_SZ]; +#endif +#endif +#endif +#endif +#if defined(WOLFSSL_WC_MLKEM) && !defined(WOLFSSL_NO_MALLOC) && \ + !defined(WOLFSSL_MLKEM_NO_MAKE_KEY) + MlKemKey *tmpKey = NULL; +#endif + int key_inited = 0; + static const int testData[][4] = { +#ifndef WOLFSSL_NO_ML_KEM + #ifdef WOLFSSL_WC_ML_KEM_512 + { WC_ML_KEM_512, WC_ML_KEM_512_PRIVATE_KEY_SIZE, + WC_ML_KEM_512_PUBLIC_KEY_SIZE, WC_ML_KEM_512_CIPHER_TEXT_SIZE }, + #endif + #ifdef WOLFSSL_WC_ML_KEM_768 + { WC_ML_KEM_768, WC_ML_KEM_768_PRIVATE_KEY_SIZE, + WC_ML_KEM_768_PUBLIC_KEY_SIZE, WC_ML_KEM_768_CIPHER_TEXT_SIZE }, + #endif + #ifdef WOLFSSL_WC_ML_KEM_1024 + { WC_ML_KEM_1024, WC_ML_KEM_1024_PRIVATE_KEY_SIZE, + WC_ML_KEM_1024_PUBLIC_KEY_SIZE, WC_ML_KEM_1024_CIPHER_TEXT_SIZE }, + #endif +#endif +#ifdef WOLFSSL_MLKEM_KYBER + #ifdef WOLFSSL_KYBER512 + { KYBER512, KYBER512_PRIVATE_KEY_SIZE, KYBER512_PUBLIC_KEY_SIZE, + KYBER512_CIPHER_TEXT_SIZE }, + #endif + #ifdef WOLFSSL_KYBER768 + { KYBER768, KYBER768_PRIVATE_KEY_SIZE, KYBER768_PUBLIC_KEY_SIZE, + KYBER768_CIPHER_TEXT_SIZE }, + #endif + #ifdef WOLFSSL_KYBER1024 + { KYBER1024, KYBER1024_PRIVATE_KEY_SIZE, KYBER1024_PUBLIC_KEY_SIZE, + KYBER1024_CIPHER_TEXT_SIZE }, + #endif +#endif + }; + WOLFSSL_ENTER("mlkem_test"); + +#ifdef WOLFSSL_SMALL_STACK + key = (MlKemKey *)XMALLOC(sizeof(MlKemKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + priv = (byte *)XMALLOC(WC_ML_KEM_MAX_PRIVATE_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (priv == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + pub = (byte *)XMALLOC(WC_ML_KEM_MAX_PUBLIC_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (pub == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + priv2 = (byte *)XMALLOC(WC_ML_KEM_MAX_PRIVATE_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (priv2 == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + pub2 = (byte *)XMALLOC(WC_ML_KEM_MAX_PUBLIC_KEY_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (pub2 == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + ct = (byte *)XMALLOC(WC_ML_KEM_MAX_CIPHER_TEXT_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ct == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ss = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ss == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + ss_dec = (byte *)XMALLOC(WC_ML_KEM_SS_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ss_dec == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif +#endif +#endif +#endif + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) { + ret = wc_MlKemKey_Init(key, testData[i][0], HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + else + key_inited = 1; + +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + ret = wc_MlKemKey_MakeKey(key, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + ret = wc_MlKemKey_EncodePublicKey(key, pub, testData[i][2]); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + ret = wc_MlKemKey_EncodePrivateKey(key, priv, testData[i][1]); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + ret = wc_MlKemKey_Init(key, testData[i][0], HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + ret = wc_MlKemKey_DecodePublicKey(key, pub, testData[i][2]); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + ret = wc_MlKemKey_Encapsulate(key, ct, ss, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); +#endif + + ret = wc_MlKemKey_EncodePublicKey(key, pub2, testData[i][2]); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + if (XMEMCMP(pub, pub2, testData[i][2]) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + ret = wc_MlKemKey_Init(key, testData[i][0], HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + ret = wc_MlKemKey_DecodePrivateKey(key, priv, testData[i][1]); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + +#if !defined(WOLFSSL_MLKEM_NO_ENCAPSULATE) && \ + !defined(WOLFSSL_MLKEM_NO_DECAPSULATE) + ret = wc_MlKemKey_Decapsulate(key, ss_dec, ct, testData[i][3]); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + if (XMEMCMP(ss, ss_dec, WC_ML_KEM_SS_SZ) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); +#endif + + ret = wc_MlKemKey_EncodePrivateKey(key, priv2, testData[i][1]); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + + if (XMEMCMP(priv, priv2, testData[i][2]) != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + +#if defined(WOLFSSL_WC_MLKEM) && !defined(WOLFSSL_NO_MALLOC) + tmpKey = wc_MlKemKey_New(testData[i][0], HEAP_HINT, devId); + if (tmpKey == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_MlKemKey_Delete(tmpKey, &tmpKey); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); +#endif +#endif + } + + wc_FreeRng(&rng); + +#ifdef WOLFSSL_WC_MLKEM +#if !defined(WOLFSSL_NO_KYBER512) && !defined(WOLFSSL_NO_ML_KEM_512) + ret = mlkem512_kat(); + if (ret != 0) + goto out; +#endif +#if !defined(WOLFSSL_NO_KYBER768) && !defined(WOLFSSL_NO_ML_KEM_768) + ret = mlkem768_kat(); + if (ret != 0) + goto out; +#endif +#if !defined(WOLFSSL_NO_KYBER1024) && !defined(WOLFSSL_NO_ML_KEM_1024) + ret = mlkem1024_kat(); + if (ret != 0) + goto out; +#endif +#endif /* WOLFSSL_WC_MLKEM */ + +out: + + if (key_inited) + wc_MlKemKey_Free(key); + +#ifdef WOLFSSL_SMALL_STACK + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifndef WOLFSSL_MLKEM_NO_MAKE_KEY + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(priv2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pub2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifndef WOLFSSL_MLKEM_NO_ENCAPSULATE + XFREE(ct, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(ss, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#ifndef WOLFSSL_MLKEM_NO_DECAPSULATE + XFREE(ss_dec, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#endif +#endif +#endif + + return ret; +} +#endif /* WOLFSSL_HAVE_MLKEM */ + +#ifdef HAVE_DILITHIUM +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY +static wc_test_ret_t dilithium_param_vfy_test(int param, const byte* pubKey, + word32 pubKeyLen, const byte* sig, word32 sigLen) +{ + #ifndef DILITHIUM_TEST_MSG_SZ + #define DILITHIUM_TEST_MSG_SZ 512 + #endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* msg = NULL; + dilithium_key* key = NULL; + byte* pubExported = NULL; +#else + byte msg[DILITHIUM_TEST_MSG_SZ]; + dilithium_key key[1]; + byte pubExported[DILITHIUM_MAX_PUB_KEY_SIZE]; +#endif + wc_test_ret_t ret; + int i; + int res = 0; + word32 lenExported = pubKeyLen; + int n_diff = 0; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + msg = (byte*)XMALLOC(DILITHIUM_TEST_MSG_SZ, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + key = (dilithium_key*)XMALLOC(sizeof(*key), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + pubExported = (byte*)XMALLOC(pubKeyLen, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (msg == NULL || key == NULL || pubExported == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } +#endif + + /* make dummy msg */ + for (i = 0; i < DILITHIUM_TEST_MSG_SZ; i++) { + msg[i] = (byte)i; + } + + ret = wc_dilithium_init(key); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + return ret; + } + + ret = wc_dilithium_set_level(key, param); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_dilithium_import_public(pubKey, pubKeyLen, key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (param >= WC_ML_DSA_DRAFT) { + ret = wc_dilithium_verify_msg(sig, sigLen, msg, DILITHIUM_TEST_MSG_SZ, + &res, key); + } + else +#endif + { + ret = wc_dilithium_verify_ctx_msg(sig, sigLen, NULL, 0, msg, + DILITHIUM_TEST_MSG_SZ, &res, key); + } + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (res != 1) + ERROR_OUT(WC_TEST_RET_ENC_EC(res), out); + + /* Now test the export pub raw API, verify we recover the original pub. */ + ret = wc_dilithium_export_public(key, pubExported, &lenExported); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + if (lenExported <= 0 || lenExported != pubKeyLen) { + ERROR_OUT(WC_TEST_RET_ENC_EC(lenExported), out); + } + + n_diff = XMEMCMP(pubExported, pubKey, pubKeyLen); + + if (n_diff) { + ERROR_OUT(WC_TEST_RET_ENC_EC(n_diff), out); + } + +out: + wc_dilithium_free(key); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(msg, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(pubExported, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; +} + +#ifndef WOLFSSL_NO_ML_DSA_44 +static wc_test_ret_t dilithium_param_44_vfy_test(void) +{ + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_pub_key[] = { + 0xd8, 0xac, 0xaf, 0xd8, 0x2e, 0x14, 0x23, 0x78, 0xf7, 0x0d, 0x9a, 0x04, + 0x2b, 0x92, 0x48, 0x67, 0x60, 0x55, 0x34, 0xd9, 0xac, 0x0b, 0xc4, 0x1f, + 0x46, 0xe8, 0x85, 0xb9, 0x2e, 0x1b, 0x10, 0x3a, 0x75, 0x7a, 0xc2, 0xbc, + 0x76, 0xf0, 0x6d, 0x05, 0xa4, 0x78, 0x48, 0x84, 0x26, 0x69, 0xbd, 0x26, + 0x1d, 0x73, 0x60, 0xaa, 0x57, 0x9d, 0x8c, 0x66, 0xb1, 0x19, 0xea, 0x11, + 0xff, 0xbb, 0xf6, 0xeb, 0x26, 0x26, 0xac, 0x78, 0x74, 0x46, 0x6d, 0x51, + 0x6e, 0x92, 0xdf, 0x6a, 0x98, 0x41, 0xe9, 0x10, 0xf2, 0xcc, 0xa8, 0x7a, + 0x50, 0xdb, 0x1f, 0x4c, 0x42, 0x19, 0xd5, 0xbc, 0x76, 0x20, 0x6f, 0x2f, + 0xbf, 0xc2, 0xc9, 0x1b, 0x02, 0xb5, 0xb1, 0x09, 0x46, 0x06, 0x87, 0x02, + 0xac, 0x3d, 0xcf, 0xc3, 0xa5, 0x1b, 0xf0, 0xce, 0xd4, 0x9e, 0x84, 0x34, + 0x3c, 0x24, 0x7d, 0x89, 0xf3, 0xbf, 0x9c, 0x18, 0x9d, 0x1b, 0x1d, 0xd4, + 0xf6, 0xda, 0xc9, 0xa4, 0x14, 0xc4, 0x6b, 0xd7, 0x05, 0x6d, 0xed, 0x54, + 0x42, 0x6b, 0x5f, 0x6d, 0x1e, 0xda, 0x6b, 0x47, 0x70, 0xe5, 0x4e, 0xe7, + 0x25, 0x06, 0xf8, 0x28, 0x24, 0x34, 0xd6, 0xe5, 0xbe, 0xc5, 0x4f, 0x9e, + 0x5d, 0x33, 0xfc, 0xef, 0xe4, 0xe9, 0x55, 0x67, 0x93, 0x1f, 0x2e, 0x11, + 0x3a, 0x2e, 0xf2, 0xbb, 0x82, 0x09, 0x8d, 0xb2, 0x09, 0xf3, 0x2f, 0xef, + 0x6f, 0x38, 0xc6, 0x56, 0xf2, 0x23, 0x08, 0x63, 0x99, 0x7f, 0x4e, 0xc0, + 0x9d, 0x08, 0x9d, 0xa1, 0x59, 0x6e, 0xe1, 0x00, 0x2c, 0x99, 0xec, 0x83, + 0x2f, 0x12, 0x97, 0x2f, 0x75, 0x04, 0x67, 0x44, 0xb5, 0x95, 0xce, 0xc6, + 0x3e, 0x7a, 0x10, 0x77, 0x5e, 0xbe, 0x9c, 0x0f, 0xb3, 0xc7, 0x38, 0xbf, + 0x9e, 0x35, 0x8f, 0xe4, 0x8d, 0x19, 0xc3, 0x41, 0xb1, 0x0b, 0x8c, 0x10, + 0x9a, 0x58, 0xec, 0x4f, 0xb3, 0xe9, 0x5b, 0x72, 0x4b, 0xb8, 0x99, 0x34, + 0x9a, 0xcd, 0xb0, 0x69, 0xd0, 0x67, 0xef, 0x96, 0xb9, 0xe5, 0x54, 0x92, + 0xb7, 0x1a, 0x52, 0xf6, 0x0a, 0xc2, 0x23, 0x8d, 0x4f, 0xad, 0x00, 0xae, + 0x0f, 0x97, 0xfa, 0xce, 0x96, 0xba, 0xe7, 0x74, 0x55, 0xd4, 0xaf, 0xbf, + 0xa1, 0x32, 0x91, 0x2d, 0x03, 0x9f, 0xe3, 0x10, 0x8c, 0x77, 0x5d, 0x26, + 0x76, 0xf1, 0x87, 0x90, 0xf0, 0x20, 0xd1, 0xea, 0xf7, 0xa4, 0xe8, 0x2c, + 0x32, 0x1c, 0x55, 0xc0, 0x5d, 0xc9, 0xcd, 0x4e, 0x8f, 0x0d, 0xef, 0x0a, + 0x27, 0xb6, 0x4f, 0xa4, 0xd3, 0xa4, 0xed, 0x33, 0x22, 0xa1, 0xd3, 0x15, + 0xac, 0x1a, 0x20, 0x4e, 0x28, 0x8c, 0x8c, 0xd0, 0x71, 0xd1, 0xf2, 0xdb, + 0x33, 0x63, 0xb6, 0xa4, 0xf2, 0x17, 0x3c, 0x12, 0xb0, 0xad, 0xef, 0x31, + 0x91, 0xfe, 0xe5, 0x53, 0x99, 0xb6, 0x85, 0x63, 0xfa, 0xe6, 0xcd, 0xf6, + 0xb9, 0xce, 0x4a, 0x7d, 0x4a, 0x49, 0x29, 0xd2, 0xd9, 0xc9, 0x47, 0x4a, + 0x8a, 0x5c, 0x14, 0x5e, 0x0f, 0x7c, 0xc3, 0x91, 0xb0, 0xab, 0x37, 0xf5, + 0x26, 0x8d, 0x46, 0x74, 0x49, 0xad, 0x51, 0xc3, 0x11, 0xfa, 0x85, 0x15, + 0xa5, 0x84, 0xc1, 0xe0, 0x3c, 0x13, 0x6d, 0x13, 0xa3, 0xe6, 0xa8, 0x3c, + 0x22, 0xac, 0x17, 0x48, 0x57, 0x7c, 0x81, 0xe2, 0x4e, 0xd8, 0x33, 0x5d, + 0x4d, 0x65, 0xf7, 0xe1, 0xb8, 0x00, 0x78, 0x09, 0x16, 0xb0, 0x0b, 0xca, + 0x15, 0x0d, 0xcd, 0x9a, 0xd8, 0x47, 0x4c, 0x9b, 0x69, 0xb2, 0xa0, 0x9d, + 0x96, 0x96, 0x52, 0x6d, 0x89, 0xad, 0xff, 0x55, 0xde, 0x7b, 0xd6, 0x3d, + 0x1d, 0x5e, 0x8d, 0xf1, 0xfc, 0x48, 0x1c, 0x50, 0x59, 0x55, 0xb9, 0x07, + 0xfd, 0x6b, 0xcb, 0x95, 0xa6, 0x14, 0x73, 0xdb, 0x40, 0x40, 0x1c, 0x44, + 0xe6, 0x79, 0x30, 0x88, 0xbd, 0xa0, 0xde, 0x9b, 0xb8, 0x76, 0xf8, 0x98, + 0x56, 0x4b, 0xb9, 0x7a, 0xf6, 0xd4, 0x73, 0x89, 0x6b, 0xf7, 0x7d, 0x05, + 0x33, 0xbe, 0xb6, 0x1c, 0x4d, 0xa7, 0x12, 0x3b, 0x3f, 0xed, 0x4a, 0x0f, + 0xae, 0xa7, 0x6a, 0x26, 0x0d, 0x01, 0x84, 0x84, 0xa8, 0x0e, 0xc1, 0xc1, + 0xfd, 0xe4, 0xa9, 0xe2, 0x3f, 0xab, 0xce, 0x20, 0x90, 0x86, 0x79, 0xa2, + 0x40, 0xd0, 0xef, 0x79, 0x34, 0x2b, 0xe8, 0xc9, 0x54, 0xa7, 0x19, 0x62, + 0xcc, 0x20, 0x79, 0x3f, 0x5b, 0x9c, 0x61, 0xc2, 0xc1, 0xd2, 0x36, 0x7c, + 0x8e, 0xe3, 0x01, 0xbe, 0xc4, 0xb2, 0xb8, 0x07, 0x51, 0x23, 0x5b, 0x5d, + 0x00, 0xe6, 0x7f, 0xd6, 0xbb, 0x32, 0xa9, 0x7e, 0xb4, 0x30, 0xeb, 0x5e, + 0x6d, 0xed, 0xb2, 0xc3, 0x88, 0x81, 0xa3, 0x3b, 0x1f, 0x1e, 0xf9, 0x48, + 0x10, 0xd6, 0x01, 0x65, 0x5f, 0x6d, 0xc5, 0xeb, 0x76, 0x5f, 0x10, 0x79, + 0xaa, 0xc0, 0x86, 0xe7, 0x44, 0x95, 0x44, 0x4b, 0x54, 0x0c, 0x46, 0x2a, + 0x98, 0x01, 0x6e, 0xc0, 0xb9, 0x59, 0x2a, 0xff, 0x8f, 0xb3, 0x80, 0x15, + 0xec, 0xcd, 0x39, 0x36, 0xd7, 0x2f, 0x20, 0x9e, 0x3a, 0xc1, 0x90, 0xe5, + 0x99, 0x27, 0x16, 0xd7, 0x6c, 0x30, 0x10, 0x12, 0x03, 0x3e, 0xdc, 0xb9, + 0x03, 0x25, 0xb0, 0x8a, 0x27, 0x4d, 0x1a, 0x32, 0x36, 0x54, 0xc0, 0xba, + 0x22, 0xb2, 0xe2, 0xf6, 0x39, 0x23, 0x03, 0xc4, 0xc9, 0xe4, 0x0d, 0x99, + 0xfb, 0x98, 0xa5, 0x9b, 0x12, 0x9b, 0x58, 0x44, 0x74, 0x9f, 0x65, 0x61, + 0x51, 0xba, 0x31, 0x60, 0x9c, 0xec, 0xf8, 0x4d, 0x36, 0x61, 0xd1, 0x33, + 0x6d, 0xa6, 0x28, 0x75, 0xba, 0x7c, 0x82, 0xcb, 0x7e, 0xbe, 0x8f, 0x2d, + 0x21, 0x84, 0xb9, 0xf2, 0x4e, 0x7b, 0x95, 0x99, 0x11, 0xf3, 0xe1, 0xc0, + 0x6a, 0x44, 0xae, 0x11, 0xcb, 0x04, 0xa0, 0xf2, 0x3e, 0x17, 0xdf, 0xb2, + 0x6a, 0xdf, 0x5c, 0xf3, 0x8a, 0xf8, 0x90, 0x86, 0x64, 0xea, 0x0a, 0x32, + 0x7f, 0x9f, 0x90, 0xa8, 0x9d, 0x33, 0x12, 0xa6, 0xa4, 0xe7, 0x74, 0xa0, + 0x75, 0xa9, 0x65, 0xf8, 0x39, 0xae, 0x14, 0x32, 0x79, 0xcc, 0xaa, 0x34, + 0x86, 0x55, 0xcc, 0x99, 0xb7, 0x00, 0x05, 0x8b, 0xe3, 0x76, 0x28, 0x12, + 0xb6, 0x2a, 0x3e, 0x44, 0x8d, 0xf4, 0xba, 0xef, 0xf6, 0xdc, 0x29, 0x08, + 0x29, 0x7d, 0xd1, 0x1d, 0x17, 0x15, 0xb6, 0xb6, 0x58, 0x67, 0xd5, 0xd3, + 0x12, 0x05, 0x4e, 0xb0, 0xc3, 0x83, 0xe0, 0x35, 0x30, 0x60, 0x59, 0xa0, + 0xc5, 0x97, 0x5b, 0x81, 0xd3, 0x68, 0x6c, 0x8c, 0x17, 0x28, 0xa9, 0x24, + 0x4f, 0x80, 0x20, 0xa5, 0x21, 0x9f, 0x8f, 0x15, 0x89, 0x2d, 0x87, 0xae, + 0x2e, 0xcc, 0x73, 0x3e, 0x06, 0x43, 0xbc, 0xb3, 0x1b, 0xa6, 0x72, 0xaa, + 0xa3, 0xaa, 0xbb, 0x6f, 0x2d, 0x68, 0x60, 0xcf, 0x05, 0x94, 0x25, 0x3e, + 0x59, 0xf3, 0x64, 0x61, 0x5e, 0x78, 0x9a, 0x7e, 0x0d, 0x50, 0x45, 0x78, + 0x51, 0xab, 0x11, 0xb1, 0xc6, 0x95, 0xfc, 0x29, 0x28, 0x10, 0x9c, 0x1a, + 0x8c, 0x37, 0xb5, 0x4f, 0x0e, 0xed, 0x4a, 0x28, 0x6c, 0xaa, 0xb7, 0x0d, + 0x12, 0xfa, 0x87, 0x5d, 0xd4, 0x9a, 0xb7, 0x2b, 0x46, 0x90, 0x58, 0x4e, + 0xd7, 0x8b, 0x41, 0x1b, 0xf8, 0xc4, 0xc2, 0xde, 0xda, 0xec, 0x61, 0xe7, + 0xbf, 0x11, 0xdd, 0x6e, 0x4e, 0x6a, 0xd4, 0x87, 0x01, 0xe4, 0xac, 0xe8, + 0xaf, 0x2b, 0x01, 0xe1, 0x09, 0x20, 0xe0, 0xbd, 0x7d, 0x03, 0x73, 0x23, + 0xdf, 0x77, 0x71, 0xa4, 0x25, 0x8b, 0x0a, 0x93, 0x49, 0x32, 0x45, 0x1a, + 0xa4, 0x94, 0x31, 0x61, 0x2e, 0x17, 0x39, 0x8a, 0x66, 0xc9, 0xf9, 0x20, + 0x2d, 0x6a, 0x97, 0x2f, 0xe7, 0x26, 0xd8, 0x01, 0x42, 0x65, 0xcf, 0xce, + 0xd4, 0x24, 0x41, 0xfb, 0x9b, 0x6f, 0xf1, 0xc2, 0x9e, 0xd5, 0x08, 0x0c, + 0xdc, 0x4d, 0x8e, 0xae, 0xcb, 0x5f, 0xd4, 0xcd, 0x7c, 0xf6, 0x82, 0xc6, + 0xee, 0xf9, 0x88, 0x3a, 0x34, 0x07, 0x04, 0xb4, 0x84, 0x69, 0xb3, 0xa4, + 0x67, 0xab, 0x09, 0xc0, 0x83, 0xfe, 0x59, 0xaf, 0x18, 0x2c, 0xc8, 0x09, + 0xc1, 0xbb, 0x13, 0x7c, 0xce, 0x01, 0x5d, 0x85, 0xaa, 0x10, 0x28, 0xa2, + 0x96, 0x98, 0x69, 0x23, 0xa3, 0xe7, 0x67, 0xbc, 0x7c, 0x7e, 0xde, 0x4b, + 0x36, 0xab, 0x94, 0xd2, 0xb8, 0xf9, 0xdf, 0xee, 0xa1, 0x69, 0xa1, 0xc8, + 0xe9, 0x83, 0x21, 0xac, 0x1b, 0x39, 0xf7, 0x6d, 0xbf, 0x8c, 0xdb, 0xd6, + 0x2f, 0xc9, 0x3c, 0x3d, 0x50, 0xcf, 0x7f, 0xbe, 0x4a, 0x8d, 0xd8, 0x14, + 0xad, 0x69, 0xb0, 0x3e, 0x8a, 0xaf, 0xeb, 0xd9, 0x1a, 0x15, 0x4a, 0xe4, + 0xdd, 0xd9, 0xb2, 0xf8, 0x6b, 0xe2, 0x42, 0x9e, 0x29, 0x16, 0xfc, 0x85, + 0x9c, 0x47, 0x4b, 0x1f, 0x3d, 0x7b, 0x8c, 0xe1, 0x6d, 0xa3, 0xb8, 0x0a, + 0xe6, 0xfa, 0x27, 0xfe, 0x52, 0x72, 0xab, 0x3a, 0xa6, 0x58, 0xd7, 0x53, + 0xaf, 0x9f, 0xee, 0x03, 0x85, 0xfc, 0xa4, 0x7a, 0x72, 0x29, 0x7e, 0x62, + 0x28, 0x08, 0x79, 0xa8, 0xb8, 0xc7, 0x51, 0x8d, 0xaa, 0x40, 0x2d, 0x4a, + 0xd9, 0x47, 0xb4, 0xa8, 0xa2, 0x0a, 0x43, 0xd0, 0xe0, 0x4a, 0x39, 0xa3, + 0x06, 0x08, 0x9a, 0xe2, 0xf3, 0xf2, 0xf8, 0xb9, 0x9f, 0x63, 0x32, 0xa0, + 0x65, 0x0b, 0xb0, 0x50, 0x96, 0xa6, 0xa8, 0x7a, 0x18, 0xdd, 0x6c, 0xd1, + 0x9b, 0xd9, 0x4e, 0x76, 0x8f, 0xfb, 0x22, 0xa6, 0x1d, 0x29, 0xfc, 0xb8, + 0x47, 0x29, 0xb6, 0xd1, 0xb1, 0x63, 0x4a, 0x36, 0x1b, 0x10, 0xe6, 0x4c, + 0x65, 0x68, 0x1f, 0xad, 0x4f, 0x7d, 0x6b, 0x01, 0x41, 0x18, 0x5f, 0xba, + 0x3d, 0xa6, 0x54, 0x28, 0x58, 0xd5, 0x81, 0x60, 0xdf, 0x84, 0x76, 0x00, + 0x21, 0x53, 0xeb, 0xd3, 0xa6, 0xec, 0x7d, 0x3c, 0xb8, 0xcd, 0x91, 0x4c, + 0x2f, 0x4b, 0x2e, 0x23, 0x4c, 0x0f, 0x0f, 0xe0, 0x14, 0xa5, 0xe7, 0xe5, + 0x70, 0x8d, 0x8b, 0x9c + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_pub_key[] = { + 0xea, 0x05, 0x24, 0x0d, 0x80, 0x72, 0x25, 0x55, 0xf4, 0x5b, + 0xc2, 0x13, 0x8b, 0x87, 0x5d, 0x31, 0x99, 0x2f, 0x1d, 0xa9, + 0x41, 0x09, 0x05, 0x76, 0xa7, 0xb7, 0x5e, 0x8c, 0x44, 0xe2, + 0x64, 0x79, 0xa0, 0xec, 0x1f, 0x24, 0xb6, 0xc8, 0x05, 0x5b, + 0xc1, 0x18, 0xb0, 0xb7, 0xcf, 0x8c, 0x60, 0x67, 0x6b, 0x81, + 0x44, 0x27, 0xb6, 0x0e, 0xfd, 0x9b, 0xc3, 0xcb, 0x52, 0x31, + 0xfa, 0xc9, 0x34, 0x8d, 0x22, 0x1e, 0x07, 0x9d, 0x96, 0x6a, + 0x63, 0x83, 0x5c, 0xd7, 0x83, 0x2d, 0x7f, 0x48, 0x64, 0x79, + 0xca, 0xb4, 0x9f, 0xa2, 0x02, 0xb7, 0x86, 0x1d, 0x0e, 0xc7, + 0xf9, 0x6c, 0x07, 0xc0, 0x35, 0x6a, 0x34, 0x79, 0x7c, 0xb8, + 0x0f, 0xed, 0x98, 0x50, 0xfb, 0x51, 0xe0, 0x36, 0x44, 0x4c, + 0xc6, 0x35, 0xa2, 0xbb, 0x55, 0xb0, 0x5c, 0x39, 0x08, 0x02, + 0x20, 0x35, 0x5c, 0x56, 0x6d, 0x2e, 0xb9, 0xef, 0x21, 0x26, + 0x87, 0x87, 0x85, 0x8a, 0x32, 0xb5, 0xa7, 0x68, 0x70, 0x3a, + 0xfd, 0x0d, 0x21, 0x48, 0x91, 0xa3, 0x29, 0xc1, 0x2a, 0x38, + 0xe5, 0x26, 0x31, 0x1f, 0x42, 0xde, 0x0b, 0x25, 0xff, 0x1d, + 0x6b, 0xb4, 0xe0, 0x5d, 0x2d, 0xcf, 0x44, 0xd5, 0x7d, 0xc4, + 0xf6, 0x95, 0xf2, 0x06, 0x4f, 0x83, 0x88, 0x9d, 0x1e, 0xeb, + 0x1c, 0x09, 0x45, 0x62, 0x67, 0x3d, 0xff, 0x51, 0x47, 0xe8, + 0xbc, 0x9b, 0x03, 0x1f, 0xc7, 0x72, 0x65, 0xce, 0xa8, 0x8c, + 0xc2, 0xa0, 0xc2, 0xbd, 0x5b, 0x7c, 0x17, 0x16, 0x8b, 0x72, + 0xfa, 0xb1, 0xbd, 0xdf, 0x49, 0xd6, 0xa1, 0x00, 0x65, 0xbe, + 0x82, 0xe7, 0x68, 0xc7, 0xe7, 0xbc, 0xc2, 0xa4, 0xdb, 0xaa, + 0xcc, 0xea, 0x41, 0x52, 0x7f, 0x56, 0xb4, 0x68, 0x1f, 0x92, + 0x96, 0x0f, 0xce, 0xd4, 0xd0, 0x87, 0x4c, 0x4a, 0x73, 0xb5, + 0x6c, 0xd4, 0x69, 0x55, 0x15, 0x47, 0xdc, 0x94, 0x7f, 0xd2, + 0x54, 0x5e, 0xb2, 0x90, 0xc2, 0x47, 0xe4, 0xf5, 0xde, 0x8b, + 0x9b, 0xc6, 0x5d, 0x50, 0x95, 0x60, 0xe0, 0xf0, 0xa7, 0x4e, + 0xe0, 0xcd, 0x41, 0x09, 0xef, 0xb3, 0x3d, 0x90, 0x5c, 0x77, + 0x54, 0xec, 0x9e, 0x5d, 0x8a, 0xe7, 0x09, 0x5c, 0xc9, 0x58, + 0x0c, 0xd0, 0x42, 0x35, 0xd2, 0x14, 0x59, 0x38, 0x69, 0xad, + 0xf9, 0xb5, 0xbf, 0x8a, 0x8e, 0x33, 0xd8, 0x5e, 0x7a, 0x55, + 0xd0, 0x53, 0x15, 0x40, 0x4e, 0xc5, 0x86, 0xd7, 0x8f, 0x5f, + 0x2f, 0x55, 0x82, 0xc2, 0x4f, 0x16, 0xe5, 0xea, 0x1c, 0xbc, + 0xff, 0x5e, 0x1f, 0x39, 0x46, 0x70, 0x54, 0x7a, 0x3a, 0x27, + 0x16, 0x1a, 0x2b, 0x6c, 0xd2, 0xb7, 0x80, 0xd3, 0xd1, 0x9d, + 0x25, 0x59, 0xed, 0xe6, 0x51, 0xb1, 0xf2, 0xad, 0x7e, 0x51, + 0x78, 0x14, 0x2b, 0x19, 0xae, 0x64, 0x72, 0x0f, 0xd8, 0x18, + 0x79, 0x8e, 0x66, 0x88, 0xd3, 0xa4, 0xa3, 0xc3, 0x76, 0x21, + 0xcb, 0xe4, 0x79, 0x5e, 0x95, 0x74, 0xe3, 0x31, 0x18, 0x79, + 0xed, 0xc7, 0xe7, 0xfb, 0x86, 0x48, 0x1b, 0x7b, 0x75, 0x5b, + 0x7f, 0x7c, 0x82, 0xc5, 0xab, 0x11, 0xb4, 0x5d, 0x59, 0x6f, + 0x78, 0xb2, 0xa5, 0x39, 0xc6, 0x63, 0x38, 0x6c, 0xeb, 0x50, + 0x06, 0x14, 0x76, 0xf0, 0xe8, 0xfb, 0x11, 0x95, 0x1f, 0x9d, + 0x9c, 0xa6, 0xe1, 0xe2, 0x0d, 0xa3, 0x66, 0xfc, 0x20, 0x83, + 0x50, 0x0e, 0x53, 0x75, 0xb5, 0x12, 0xf4, 0xdf, 0x31, 0x46, + 0x83, 0xac, 0x5b, 0xf3, 0x99, 0xa6, 0xd1, 0x7b, 0x2b, 0xc5, + 0xdc, 0x71, 0x07, 0x27, 0x33, 0x35, 0x34, 0xf5, 0x30, 0x19, + 0xc1, 0x3b, 0xba, 0x8a, 0xaf, 0x7e, 0x49, 0x93, 0x48, 0x5b, + 0x38, 0xc0, 0xbc, 0x2e, 0xc7, 0x59, 0x1b, 0xd9, 0xf5, 0xcc, + 0x86, 0xf5, 0x7b, 0x4d, 0xd7, 0x39, 0xa7, 0xa2, 0x56, 0x20, + 0x48, 0x98, 0x7d, 0x4f, 0x75, 0x56, 0x9b, 0xb8, 0x95, 0x45, + 0x17, 0xf3, 0x86, 0x3d, 0x97, 0x0a, 0x49, 0x1b, 0xca, 0xff, + 0x20, 0xc0, 0x24, 0x2c, 0x51, 0xc2, 0x0a, 0x3c, 0xbf, 0x07, + 0x60, 0x1c, 0x88, 0x85, 0x9b, 0x85, 0x2d, 0x4a, 0xfe, 0x5a, + 0x1c, 0x90, 0xf5, 0x90, 0x12, 0xd3, 0x03, 0x3c, 0x8c, 0x2e, + 0x95, 0x4a, 0x47, 0x76, 0x0f, 0x1f, 0x5d, 0x9e, 0xed, 0xc5, + 0x64, 0xc4, 0x9b, 0xbf, 0x86, 0xc5, 0x63, 0x84, 0x33, 0x00, + 0xf1, 0x26, 0x18, 0x21, 0xf3, 0x88, 0x1a, 0x08, 0x18, 0x6d, + 0x2f, 0xef, 0xd5, 0xeb, 0x2f, 0x69, 0xc8, 0x6e, 0x92, 0x34, + 0xfc, 0x72, 0x3d, 0x9a, 0xa7, 0x9e, 0x51, 0xfb, 0x56, 0xe3, + 0xdc, 0xf4, 0x8f, 0x9b, 0x6d, 0x0d, 0x2a, 0xec, 0x66, 0x12, + 0x26, 0x35, 0xbd, 0x61, 0xc2, 0x67, 0x19, 0xf5, 0x7e, 0xa1, + 0x67, 0xa2, 0x9c, 0x3b, 0x67, 0xb0, 0xc2, 0x51, 0x6a, 0x37, + 0x7c, 0x48, 0xe9, 0x4b, 0xb9, 0xa3, 0x38, 0x2f, 0xfc, 0xde, + 0xb4, 0x7c, 0xda, 0x52, 0x84, 0x0b, 0xb0, 0xd9, 0x08, 0xe9, + 0x7a, 0x4a, 0x6f, 0x79, 0x29, 0x3d, 0xc4, 0x5c, 0x78, 0xee, + 0x63, 0xb6, 0x96, 0x68, 0xd9, 0x82, 0x4e, 0xc1, 0x1b, 0x6f, + 0x52, 0xf5, 0xb3, 0xfb, 0xe8, 0xc4, 0x2a, 0x07, 0xc6, 0x3b, + 0x85, 0x0d, 0xf4, 0xbf, 0xb0, 0x6b, 0xfb, 0xce, 0x1d, 0xb4, + 0xbf, 0x63, 0x0b, 0x91, 0x67, 0xc4, 0xa3, 0x06, 0xa4, 0xaf, + 0x6c, 0xd3, 0xe5, 0x8b, 0x87, 0x4e, 0x64, 0x9c, 0xb1, 0xf3, + 0x70, 0x7c, 0x68, 0x43, 0x46, 0x13, 0x46, 0xee, 0x27, 0x75, + 0x12, 0x45, 0x42, 0xde, 0xa5, 0x8d, 0xcf, 0xf7, 0x09, 0x87, + 0xa8, 0x80, 0x3d, 0xb6, 0x45, 0xee, 0x41, 0x2d, 0x7c, 0x45, + 0x01, 0x9d, 0xaa, 0x78, 0xa8, 0x10, 0xa4, 0xfd, 0xb5, 0x5f, + 0xee, 0x0f, 0x77, 0xba, 0x73, 0xff, 0x49, 0xdc, 0xfa, 0x39, + 0xd6, 0xa3, 0x6f, 0x25, 0xb9, 0x63, 0x2c, 0x92, 0xc5, 0xdf, + 0xfb, 0xba, 0x89, 0xf9, 0xfa, 0x94, 0x5b, 0x6f, 0x5a, 0x4d, + 0x1c, 0xe4, 0xc9, 0x10, 0xf9, 0xa0, 0xe8, 0xc4, 0xcb, 0x55, + 0x1a, 0xdb, 0x56, 0x5f, 0x8e, 0x91, 0x03, 0x23, 0xca, 0xb0, + 0x1f, 0xef, 0xb8, 0x6c, 0x13, 0x5a, 0x99, 0x25, 0xf0, 0x49, + 0xa9, 0x5a, 0x45, 0xf7, 0xfd, 0x1a, 0xc2, 0x71, 0x06, 0xe3, + 0x2d, 0x25, 0x64, 0xb0, 0x52, 0x12, 0x03, 0x62, 0xc7, 0xb6, + 0xf9, 0xdc, 0x1f, 0x78, 0xff, 0x8b, 0xfa, 0xde, 0x7f, 0x71, + 0xa6, 0x35, 0x3e, 0xac, 0x20, 0x54, 0x94, 0xa7, 0x2e, 0x9d, + 0x47, 0x17, 0x4b, 0xad, 0x92, 0xb3, 0x14, 0x26, 0x8c, 0x5a, + 0xd0, 0x16, 0x4b, 0x22, 0xe9, 0x0c, 0x79, 0x6b, 0x8e, 0xac, + 0x0d, 0x12, 0xf5, 0x66, 0x8e, 0x82, 0x1a, 0x44, 0xf3, 0xe9, + 0x56, 0x5a, 0xcd, 0x1c, 0x1b, 0x81, 0x7b, 0x63, 0x59, 0xfe, + 0xc8, 0xc0, 0xe3, 0xda, 0x16, 0x6b, 0x6f, 0x0d, 0xba, 0x0e, + 0x47, 0x12, 0x86, 0x9e, 0xf0, 0x3b, 0x4d, 0x87, 0x3b, 0xf2, + 0x75, 0x73, 0x2d, 0xdf, 0xca, 0x76, 0x0b, 0xbd, 0xe7, 0xb7, + 0x74, 0x24, 0xf3, 0xc6, 0xe6, 0x75, 0x3f, 0x8b, 0x6a, 0xd9, + 0xad, 0xed, 0xc0, 0x70, 0x04, 0x1e, 0x0b, 0x8e, 0x8b, 0x7f, + 0xea, 0xbc, 0x39, 0x6b, 0x8a, 0x44, 0xa6, 0x9a, 0x2d, 0x0d, + 0x8c, 0x21, 0x60, 0x09, 0xd2, 0x4a, 0xe0, 0x62, 0xcf, 0xfa, + 0xe8, 0x9b, 0x35, 0x6f, 0x23, 0x2f, 0xb5, 0x65, 0x08, 0x60, + 0x92, 0x15, 0xd0, 0x5b, 0x63, 0xcc, 0x65, 0x05, 0xd1, 0xef, + 0x0f, 0x7e, 0x1b, 0xb3, 0x8e, 0xc6, 0x12, 0x85, 0xc9, 0x82, + 0x53, 0x79, 0x2e, 0x80, 0x5f, 0x0c, 0x7b, 0xc7, 0x1c, 0x83, + 0x41, 0x06, 0xd8, 0x41, 0xc9, 0xe7, 0xb9, 0x4b, 0xa1, 0x61, + 0xc6, 0x86, 0x67, 0xf5, 0x10, 0xf7, 0x34, 0x0d, 0x39, 0x9e, + 0x2b, 0x5f, 0x19, 0x06, 0x02, 0xa5, 0x02, 0x23, 0x71, 0xc2, + 0x12, 0x65, 0xcc, 0x81, 0x06, 0xfd, 0x8d, 0x09, 0x68, 0x37, + 0x06, 0x3b, 0xff, 0xc4, 0x24, 0xb3, 0x1f, 0xd6, 0xe6, 0x8f, + 0x9c, 0x74, 0x2c, 0x5e, 0xc5, 0xf4, 0xe9, 0xeb, 0xca, 0xd3, + 0x04, 0x5b, 0x92, 0x9e, 0x5c, 0x1a, 0x1d, 0xa1, 0xa7, 0x34, + 0xd2, 0x05, 0xae, 0xdb, 0x3d, 0x71, 0x10, 0x6e, 0x30, 0xd9, + 0xa3, 0x44, 0xa0, 0xbd, 0x9e, 0x7b, 0xb5, 0x12, 0x8a, 0x12, + 0x07, 0x60, 0xd7, 0x1f, 0x92, 0xe6, 0xfe, 0x04, 0xa9, 0x3e, + 0x62, 0x64, 0x00, 0x5f, 0x7c, 0x7b, 0x34, 0x09, 0xeb, 0x4a, + 0x18, 0x9e, 0x77, 0x72, 0x3a, 0x31, 0x1a, 0x62, 0x2a, 0xb5, + 0xcb, 0x4e, 0x53, 0xce, 0xad, 0x8b, 0x5a, 0x20, 0x4f, 0xd7, + 0x3e, 0x16, 0xf8, 0x10, 0xe2, 0xae, 0xbd, 0x3f, 0x02, 0xa9, + 0x18, 0xa0, 0x01, 0x18, 0x84, 0x95, 0x22, 0x2e, 0x93, 0x76, + 0x44, 0x4e, 0x11, 0x7b, 0x03, 0x51, 0x50, 0x19, 0x79, 0xe7, + 0xbb, 0x5c, 0x7b, 0xca, 0x74, 0xb4, 0x25, 0x26, 0xdb, 0x66, + 0xaa, 0x0b, 0x21, 0x07, 0xfb, 0x7a, 0x96, 0x10, 0x7d, 0x99, + 0xa9, 0x16, 0xcb, 0x0e, 0xba, 0x63, 0xab, 0x95, 0xfc, 0x5a, + 0xbe, 0xa6, 0x7f, 0xd8, 0xb4, 0xcd, 0x7c, 0xc5, 0xd0, 0xb1, + 0x1b, 0x48, 0x40, 0xfb, 0xe6, 0x2f, 0x2b, 0x94, 0xfe, 0x68, + 0xa2, 0xc4, 0x36, 0xd9, 0xcd, 0xc1, 0x93, 0x6d, 0xef, 0x39, + 0x5e, 0x43, 0x30, 0x5a, 0x2e, 0x66, 0xb6, 0xf2, 0xed, 0x9a, + 0x8d, 0x12, 0xdf, 0x5c, 0xae, 0xad, 0x16, 0x12, 0x7e, 0x81, + 0x82, 0x91, 0x7d, 0x2b, 0x12, 0xe9, 0x96, 0xb8, 0xb7, 0x42, + 0xcb, 0x1f, 0xf8, 0xd1, 0xfd, 0x83, 0x7a, 0xe4, 0x36, 0x1d, + 0x04, 0x27, 0x4c, 0xe5, 0xbd, 0x75, 0x24, 0xf7, 0xbd, 0xb6, + 0x6a, 0x68, 0x4e, 0x2c, 0x1b, 0x56, 0x3e, 0x60, 0xa4, 0x42, + 0xca, 0x7a, 0x54, 0xe5, 0x06, 0xe3, 0xda, 0x05, 0xf7, 0x77, + 0x36, 0x8b, 0x81, 0x26, 0x99, 0x92, 0x42, 0xda, 0x45, 0xb1, + 0xfe, 0x4b + }; +#endif + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_sig[] = { + 0x27, 0x3b, 0x58, 0xa0, 0xcf, 0x00, 0x29, 0x5e, 0x1a, 0x63, 0xbf, 0xb4, + 0x97, 0x16, 0xa1, 0x9c, 0x78, 0xd1, 0x33, 0xdc, 0x72, 0xde, 0xa3, 0xfc, + 0xf4, 0x09, 0xb1, 0x09, 0x16, 0x3f, 0x80, 0x72, 0x22, 0x68, 0x65, 0x68, + 0xb9, 0x80, 0x5a, 0x4a, 0x0d, 0x73, 0x49, 0xe1, 0xc6, 0xde, 0xca, 0x08, + 0x4f, 0xca, 0xf8, 0xb2, 0xf8, 0x45, 0x3b, 0x6b, 0x8c, 0x6c, 0xfd, 0x3a, + 0xf4, 0xde, 0xde, 0x82, 0xd8, 0x04, 0xbe, 0x4f, 0x4a, 0xdb, 0x92, 0x47, + 0x83, 0x2d, 0xc4, 0x55, 0xed, 0x20, 0x4f, 0x71, 0xb1, 0x58, 0xd9, 0x70, + 0x73, 0xbd, 0xb0, 0x3a, 0xb4, 0x8f, 0xd6, 0x9e, 0x32, 0x98, 0x2b, 0x9e, + 0xff, 0x2a, 0x7c, 0xcb, 0x05, 0x1b, 0x8e, 0xe6, 0x3a, 0x45, 0xc6, 0x7a, + 0xc8, 0xaf, 0x62, 0xd3, 0x04, 0xfa, 0x69, 0x4f, 0xda, 0x1b, 0x74, 0x16, + 0x0d, 0xb3, 0x1a, 0xee, 0x71, 0xd7, 0xb0, 0xef, 0x69, 0xf5, 0xe2, 0xe9, + 0xc2, 0xcc, 0x15, 0x66, 0x28, 0x0a, 0xac, 0xe2, 0x63, 0x06, 0xb7, 0x21, + 0x0d, 0xd8, 0x5c, 0x94, 0x63, 0xfd, 0x51, 0x18, 0x9f, 0x07, 0x19, 0x3d, + 0xa2, 0x50, 0x40, 0xd3, 0xe9, 0x05, 0xd4, 0x11, 0x13, 0x15, 0xaa, 0x46, + 0xda, 0x3e, 0x5f, 0xcd, 0x3c, 0xfa, 0x42, 0xba, 0x79, 0x4a, 0xb7, 0x43, + 0x91, 0xa5, 0xcb, 0xbc, 0xeb, 0x37, 0x94, 0xf1, 0x9c, 0xb9, 0xdb, 0x41, + 0x06, 0xd8, 0x7b, 0x5e, 0x90, 0xe3, 0x3c, 0x8a, 0x10, 0x62, 0x9a, 0x15, + 0x27, 0x78, 0xed, 0x69, 0x11, 0x2c, 0xb5, 0xb4, 0xdb, 0xc8, 0x70, 0x50, + 0x62, 0x47, 0x96, 0xcb, 0xd9, 0xb2, 0x3e, 0x59, 0x2f, 0x1c, 0xac, 0xcb, + 0xcf, 0x22, 0xc2, 0x9b, 0xc7, 0x92, 0xe9, 0x4d, 0x8d, 0x5d, 0xcf, 0x06, + 0x53, 0x7e, 0xf4, 0x4e, 0xfe, 0x9e, 0x41, 0x5d, 0x00, 0x8c, 0x08, 0xf4, + 0x02, 0x79, 0x33, 0x1c, 0x27, 0x1d, 0xe3, 0x94, 0xac, 0xe6, 0x87, 0xa0, + 0x08, 0xb4, 0x60, 0x0c, 0xff, 0x47, 0xdc, 0x16, 0x3a, 0x1d, 0x89, 0xc0, + 0x6a, 0xa4, 0x3d, 0x71, 0x33, 0xdd, 0x1e, 0x70, 0xfe, 0xd4, 0x8b, 0xed, + 0x7c, 0x91, 0xe4, 0xe2, 0x15, 0x06, 0xc1, 0x83, 0x24, 0x55, 0xa7, 0x2a, + 0x9f, 0x4e, 0xd9, 0x56, 0x7a, 0x95, 0xa8, 0xdd, 0xc4, 0xf0, 0x71, 0x3a, + 0x99, 0x65, 0x31, 0x4b, 0xb7, 0x96, 0x2c, 0x53, 0x54, 0x83, 0xec, 0xc9, + 0x97, 0x2f, 0x0c, 0xa4, 0x8f, 0xbb, 0x93, 0x9d, 0xea, 0xae, 0xf9, 0xcb, + 0xb2, 0xb9, 0xa3, 0x61, 0x5f, 0x77, 0x8c, 0xb6, 0x5a, 0x56, 0xbe, 0x5f, + 0x85, 0xd1, 0xb5, 0x0a, 0x53, 0xe2, 0xc7, 0xbf, 0x76, 0x8b, 0x97, 0x6f, + 0x10, 0xdd, 0x1f, 0x44, 0x69, 0x66, 0x03, 0xc4, 0x6b, 0x59, 0xf7, 0xb4, + 0xc1, 0x12, 0xcc, 0x00, 0x70, 0xe8, 0xbd, 0x44, 0x28, 0xf5, 0xfa, 0x96, + 0xf3, 0x59, 0xed, 0x81, 0x67, 0xe0, 0xbe, 0x47, 0x75, 0xb3, 0xa8, 0x9f, + 0x21, 0x70, 0x2e, 0x6f, 0xef, 0x54, 0x11, 0x3f, 0x34, 0xaf, 0x0d, 0x73, + 0x5b, 0x9e, 0x6d, 0x86, 0x58, 0xb7, 0x34, 0xc2, 0xc2, 0xb3, 0x64, 0xd5, + 0x9b, 0x6e, 0xb9, 0x99, 0x6a, 0xe4, 0xfd, 0xc3, 0x17, 0xf3, 0x10, 0xfc, + 0x6e, 0xf5, 0x65, 0xe1, 0x9c, 0x59, 0x15, 0x11, 0x00, 0xea, 0x96, 0x81, + 0x69, 0x9b, 0x05, 0x4d, 0xf3, 0xce, 0xf3, 0xf0, 0xa9, 0x01, 0x3f, 0x13, + 0xbb, 0xb0, 0xac, 0xc3, 0x92, 0x1c, 0x2b, 0x61, 0xe3, 0x01, 0x22, 0x45, + 0x4a, 0x23, 0x19, 0x80, 0xca, 0xb9, 0xef, 0x4e, 0x76, 0x52, 0xc5, 0x9d, + 0x91, 0x33, 0x17, 0xc4, 0x28, 0x83, 0x55, 0x61, 0x49, 0x72, 0x04, 0xaa, + 0xf8, 0xe3, 0x4b, 0x20, 0xf7, 0x6a, 0x74, 0x56, 0x64, 0xf9, 0xb3, 0xc9, + 0x67, 0x5b, 0x55, 0x29, 0x9a, 0x89, 0xa5, 0x14, 0x67, 0xea, 0x6d, 0x6a, + 0xde, 0x98, 0x58, 0x73, 0x25, 0xa3, 0xdb, 0xed, 0x3d, 0x62, 0xaa, 0xe0, + 0x79, 0x7f, 0xa3, 0xd9, 0xb5, 0x4c, 0xe9, 0xa8, 0xdf, 0xfd, 0x59, 0x31, + 0x42, 0x81, 0x9e, 0xb7, 0x81, 0x3f, 0x0e, 0xfb, 0xef, 0x80, 0x71, 0x9d, + 0xb7, 0xa5, 0xfc, 0xb1, 0x80, 0xc9, 0x7e, 0x31, 0xd9, 0x47, 0xe2, 0xca, + 0x10, 0x7b, 0xd1, 0xa1, 0x1c, 0x28, 0xc7, 0x7f, 0x51, 0x26, 0xb1, 0x4e, + 0x57, 0xdd, 0x7d, 0x76, 0x5c, 0x5a, 0x85, 0xa7, 0x7b, 0x8c, 0xc5, 0x6e, + 0xac, 0x20, 0xf8, 0x49, 0x16, 0xd6, 0x64, 0xf5, 0xf4, 0x2c, 0x32, 0xa1, + 0x5d, 0xfb, 0x87, 0xb6, 0x14, 0xfe, 0x68, 0x7c, 0x4d, 0xce, 0xd7, 0x94, + 0xf9, 0x8b, 0xf0, 0x61, 0xfd, 0xe0, 0x83, 0x7f, 0x13, 0xec, 0x7a, 0xb7, + 0x41, 0x04, 0x51, 0x6e, 0x30, 0xa2, 0x01, 0xf7, 0x30, 0x12, 0xec, 0xd2, + 0x8f, 0x73, 0xe7, 0x8e, 0x12, 0xb4, 0xe5, 0xc1, 0xff, 0xdf, 0x67, 0x14, + 0xb1, 0xe9, 0xba, 0x36, 0x19, 0x18, 0xf4, 0xaa, 0xe0, 0xe4, 0x9d, 0xcd, + 0xe8, 0xe7, 0x2b, 0x33, 0xb3, 0xdc, 0xb9, 0x19, 0xd7, 0xad, 0xa4, 0x68, + 0xcd, 0x83, 0x77, 0x98, 0x36, 0x49, 0xd9, 0x32, 0x20, 0xfd, 0xfc, 0x34, + 0xe7, 0x54, 0xd9, 0xb5, 0x05, 0xab, 0x0e, 0x08, 0x0e, 0x16, 0x8a, 0x7d, + 0x91, 0x4c, 0xaa, 0x19, 0x04, 0x37, 0x35, 0xa5, 0xab, 0x6c, 0xee, 0xc4, + 0x90, 0xf0, 0x5f, 0xc7, 0xae, 0x82, 0xfd, 0x59, 0x53, 0xe5, 0x36, 0x5a, + 0x56, 0x37, 0x61, 0x69, 0xda, 0xe5, 0x8f, 0xfd, 0x2e, 0xd4, 0x9c, 0x7f, + 0xb6, 0x39, 0xa4, 0x8d, 0x0a, 0xab, 0x82, 0x0f, 0xfe, 0x84, 0x69, 0x44, + 0x8a, 0xa6, 0xd0, 0x39, 0xf9, 0x72, 0x68, 0xe7, 0x97, 0xd8, 0x6c, 0x7b, + 0xec, 0x85, 0x8c, 0x52, 0xc9, 0x97, 0xbb, 0xc4, 0x7a, 0x67, 0x22, 0x60, + 0x46, 0x9f, 0x16, 0xf1, 0x67, 0x0e, 0x1b, 0x50, 0x7c, 0xc4, 0x29, 0x15, + 0xbc, 0x55, 0x6a, 0x67, 0xf6, 0xa8, 0x85, 0x66, 0x89, 0x9f, 0xff, 0x38, + 0x28, 0xaa, 0x87, 0x91, 0xce, 0xde, 0x8d, 0x45, 0x5c, 0xa1, 0x25, 0x95, + 0xe2, 0x86, 0xdd, 0xa1, 0x87, 0x6a, 0x0a, 0xa8, 0x3e, 0x63, 0x0e, 0x21, + 0xa5, 0x6e, 0x08, 0x4d, 0x07, 0xb6, 0x26, 0xa8, 0x92, 0xdb, 0xed, 0x13, + 0x01, 0xc3, 0xba, 0xcf, 0xad, 0x01, 0xbc, 0xe5, 0xc0, 0xba, 0xbe, 0x7c, + 0x75, 0xf1, 0xb9, 0xfe, 0xd3, 0xf0, 0xa5, 0x2c, 0x8e, 0x10, 0xff, 0x99, + 0xcb, 0xe2, 0x2d, 0xdc, 0x2f, 0x76, 0x00, 0xf8, 0x51, 0x7c, 0xcc, 0x52, + 0x16, 0x0f, 0x18, 0x98, 0xea, 0x34, 0x06, 0x7f, 0xb7, 0x2e, 0xe9, 0x40, + 0xf0, 0x2d, 0x30, 0x3d, 0xc0, 0x67, 0x4c, 0xe6, 0x63, 0x40, 0x41, 0x42, + 0x96, 0xbb, 0x0b, 0xd6, 0xc9, 0x1c, 0x22, 0x7a, 0xa9, 0x4d, 0xcc, 0x5b, + 0xaa, 0x03, 0xc6, 0x3b, 0x1e, 0x2f, 0x11, 0xae, 0x34, 0x6f, 0x0c, 0xe9, + 0x16, 0x9c, 0x82, 0x3b, 0x90, 0x4c, 0x0e, 0xf0, 0xf9, 0x7f, 0x02, 0xca, + 0xb9, 0xa9, 0x49, 0x6d, 0x27, 0x73, 0xd0, 0xbf, 0x15, 0x61, 0x52, 0xbc, + 0xd6, 0x31, 0x59, 0x2b, 0x52, 0x5b, 0xaf, 0x3c, 0xc0, 0x8f, 0xdc, 0xd5, + 0x2c, 0x1d, 0xe4, 0xe9, 0x41, 0xe8, 0xd3, 0x35, 0xd6, 0xb1, 0xf3, 0x32, + 0xe0, 0x52, 0x08, 0x73, 0x99, 0xb6, 0x6b, 0xbc, 0x26, 0xfb, 0x2e, 0xa7, + 0xb7, 0xcd, 0x14, 0xf0, 0xf9, 0xe5, 0x3a, 0xd0, 0x05, 0x5b, 0x2b, 0x38, + 0xbd, 0x7c, 0xda, 0xd4, 0x15, 0x45, 0xfa, 0x3b, 0x6f, 0x94, 0x8e, 0x22, + 0xce, 0xfa, 0x53, 0xe0, 0x5f, 0xa6, 0x9d, 0x1c, 0x26, 0x91, 0x8a, 0xab, + 0x72, 0x5b, 0x18, 0x78, 0x69, 0x98, 0x3f, 0x8d, 0x33, 0x7c, 0x21, 0x93, + 0x9e, 0xf0, 0xaf, 0xb7, 0x30, 0xc8, 0xac, 0xbc, 0xdb, 0x9c, 0x29, 0x17, + 0x6b, 0x9d, 0x0f, 0x16, 0xd6, 0xc0, 0xcc, 0x3b, 0xce, 0x11, 0xe9, 0x64, + 0xc8, 0xd4, 0x4c, 0x98, 0x7c, 0x8f, 0xf1, 0x5e, 0x84, 0xe4, 0x72, 0xf9, + 0x69, 0xf5, 0x9d, 0xad, 0x95, 0x3b, 0xfb, 0x6d, 0x30, 0x7e, 0x0a, 0x47, + 0x5b, 0x26, 0xb2, 0x4e, 0xeb, 0x1a, 0xc3, 0x37, 0x16, 0x28, 0x79, 0x62, + 0xb4, 0x36, 0x85, 0x4a, 0x15, 0x5a, 0xc3, 0x6e, 0xbe, 0x7e, 0x00, 0xe9, + 0x4a, 0xa5, 0xd7, 0x90, 0xcf, 0x59, 0x63, 0x2d, 0x2b, 0xc2, 0xc6, 0x47, + 0xe6, 0x77, 0xb7, 0x6e, 0x9b, 0xc8, 0x0d, 0x18, 0x2b, 0x45, 0x2b, 0xc9, + 0x5a, 0x6e, 0xb4, 0x50, 0xa5, 0x23, 0x7d, 0x17, 0xcc, 0x49, 0xe2, 0xb3, + 0xf4, 0x6d, 0xb4, 0xb7, 0xbb, 0x9e, 0xdd, 0x20, 0x99, 0x19, 0xf5, 0x53, + 0x1f, 0xd0, 0xff, 0x67, 0xf3, 0x8e, 0x6a, 0xcd, 0x2a, 0x6e, 0x2b, 0x0a, + 0x90, 0xd7, 0xdb, 0xe1, 0xff, 0x1c, 0x40, 0xa1, 0xb0, 0x5d, 0x94, 0x4d, + 0x20, 0x14, 0x01, 0xa1, 0xa8, 0xd1, 0x15, 0xd2, 0xd9, 0x1b, 0xbf, 0xc2, + 0x8a, 0xd0, 0x02, 0xf6, 0x16, 0xa1, 0xb7, 0x40, 0xe0, 0x36, 0x88, 0xc8, + 0x17, 0x0a, 0xf0, 0xb6, 0x0d, 0x3c, 0x53, 0xb9, 0x51, 0xed, 0xef, 0x20, + 0x6f, 0xf3, 0x0c, 0xb5, 0xce, 0x0e, 0x9e, 0xfd, 0x0f, 0x5e, 0x3f, 0x8f, + 0x3c, 0xb7, 0x2a, 0xdb, 0xc6, 0xa7, 0xf2, 0x11, 0x6e, 0xdc, 0x05, 0x33, + 0xd4, 0xd8, 0xb0, 0x2d, 0x8a, 0xe5, 0x39, 0x82, 0x00, 0x49, 0x7d, 0xfd, + 0x32, 0x29, 0xbb, 0x79, 0x5d, 0xcb, 0x21, 0x7b, 0x2d, 0x36, 0x58, 0x73, + 0x52, 0x57, 0x52, 0x96, 0x4d, 0x89, 0x61, 0xf4, 0xad, 0x1f, 0x48, 0xd5, + 0x7a, 0x4a, 0xaa, 0x1c, 0xa1, 0xf4, 0xb4, 0x9c, 0x43, 0x3b, 0x95, 0x72, + 0xd0, 0x0e, 0x35, 0x82, 0x26, 0xd4, 0x2e, 0xe3, 0x83, 0x96, 0x97, 0x5a, + 0x7b, 0xfc, 0x48, 0x17, 0x3c, 0xba, 0x9e, 0x5f, 0x46, 0x1a, 0x53, 0xe3, + 0x2e, 0x78, 0x79, 0x80, 0xf6, 0x2d, 0x24, 0xcf, 0x62, 0xb6, 0x86, 0xeb, + 0xee, 0xec, 0xf2, 0x1d, 0x00, 0xc8, 0x28, 0x9d, 0x93, 0x16, 0xa7, 0xd9, + 0x11, 0x47, 0xe3, 0xc4, 0xb6, 0xc4, 0xa0, 0x99, 0x83, 0xc1, 0x17, 0xd8, + 0x8e, 0xde, 0x69, 0x1d, 0xcb, 0xdd, 0xe7, 0x86, 0x6f, 0xf2, 0x36, 0x07, + 0x23, 0x86, 0x0d, 0xe9, 0xad, 0x87, 0xae, 0x76, 0x98, 0x95, 0x51, 0xf2, + 0xb3, 0x11, 0xc5, 0x34, 0xf0, 0x0c, 0xf8, 0x29, 0x9c, 0x84, 0x4f, 0x81, + 0x49, 0x85, 0x63, 0x25, 0x16, 0xb0, 0xc3, 0xaa, 0xd7, 0x8a, 0x2e, 0x4b, + 0x97, 0x60, 0x74, 0xf8, 0xa7, 0x39, 0xec, 0x6c, 0x2c, 0x9b, 0x33, 0x3a, + 0x11, 0xbd, 0xa6, 0x90, 0x48, 0x65, 0xb1, 0xe7, 0x38, 0x53, 0x47, 0x1b, + 0x62, 0xd5, 0xb7, 0xa8, 0xd4, 0xae, 0xf5, 0x12, 0x06, 0x12, 0x54, 0xa2, + 0xce, 0xf1, 0x6b, 0x3a, 0xda, 0x63, 0x2e, 0x37, 0x2a, 0x25, 0x89, 0x30, + 0x98, 0x77, 0x1d, 0x4b, 0x5a, 0x1e, 0xb7, 0x3d, 0xed, 0x19, 0xec, 0x9f, + 0x64, 0x46, 0xa8, 0x2a, 0x79, 0xf3, 0x70, 0x39, 0x9f, 0x8c, 0xc3, 0x28, + 0xcc, 0x2a, 0xc0, 0xd0, 0xe6, 0x80, 0xf5, 0x01, 0x78, 0x72, 0x7f, 0xe7, + 0x2e, 0x7b, 0x5f, 0x05, 0xc3, 0x41, 0x33, 0x07, 0xdb, 0x9c, 0xa8, 0x96, + 0xa7, 0x21, 0x20, 0x23, 0xd0, 0x59, 0x39, 0x06, 0x19, 0xa4, 0x29, 0xe5, + 0x72, 0x39, 0x69, 0x23, 0xe3, 0xfa, 0x28, 0x63, 0xf5, 0x42, 0x3b, 0xca, + 0x88, 0x5d, 0x7e, 0x47, 0x93, 0xa8, 0x8c, 0x75, 0xf2, 0x19, 0x44, 0x43, + 0x15, 0x39, 0x03, 0x42, 0xd8, 0x1d, 0x81, 0x30, 0x8e, 0x84, 0x31, 0x24, + 0x75, 0x67, 0x4e, 0xbe, 0xfe, 0x0a, 0xd8, 0xc3, 0xe7, 0x5b, 0xe1, 0xd5, + 0x12, 0x6a, 0x69, 0x99, 0xcd, 0x35, 0xca, 0x22, 0x02, 0x65, 0xb3, 0x0f, + 0x50, 0xb6, 0xaa, 0xc6, 0x91, 0x5c, 0x4d, 0xd4, 0x07, 0x93, 0x46, 0xf0, + 0xcc, 0xe1, 0x92, 0x14, 0x91, 0x21, 0x43, 0xc4, 0xba, 0x45, 0x1c, 0x47, + 0x29, 0xdf, 0xff, 0x89, 0x60, 0xee, 0x89, 0x1e, 0xc3, 0xb4, 0xb9, 0x0b, + 0xc9, 0x7e, 0xd9, 0x15, 0xb0, 0x80, 0x91, 0xbe, 0xb9, 0x43, 0x48, 0x12, + 0x86, 0x8e, 0x79, 0x38, 0x4d, 0xce, 0x36, 0x7f, 0xc3, 0xe8, 0xb7, 0xb9, + 0x92, 0xbf, 0x27, 0x20, 0x54, 0xc8, 0x05, 0x63, 0x3b, 0xf5, 0x48, 0x1a, + 0xa9, 0x04, 0x6c, 0xb6, 0x0e, 0x11, 0xea, 0xf3, 0x59, 0xb9, 0xa6, 0xf6, + 0xf8, 0x0b, 0x15, 0xed, 0x30, 0xf9, 0xe4, 0xe5, 0x26, 0x2d, 0xbb, 0xc6, + 0x5b, 0x36, 0xbb, 0x73, 0xa6, 0x4f, 0xf5, 0x43, 0x9f, 0xd7, 0xb9, 0x0f, + 0xbc, 0x4f, 0x8d, 0xb8, 0xec, 0x1d, 0x42, 0x19, 0x56, 0x37, 0xc4, 0xcb, + 0xd0, 0x16, 0x85, 0xff, 0xd3, 0x9b, 0xef, 0xc8, 0x75, 0x37, 0xd1, 0x92, + 0xad, 0x21, 0x94, 0x1e, 0x9a, 0xf6, 0x2f, 0x6d, 0x30, 0xba, 0x37, 0xc3, + 0xdc, 0x11, 0xe0, 0x79, 0xa4, 0x92, 0x1f, 0xe4, 0xaa, 0x7a, 0x6b, 0x2a, + 0xe4, 0x04, 0xb7, 0xf9, 0x86, 0x95, 0xdb, 0xa8, 0xfc, 0x8a, 0x53, 0x21, + 0x31, 0x14, 0xf7, 0x40, 0x01, 0x78, 0x4e, 0x73, 0x18, 0xb3, 0x54, 0xd7, + 0xa6, 0x93, 0xf0, 0x70, 0x04, 0x1c, 0xe0, 0x2b, 0xef, 0xee, 0xd4, 0x64, + 0xa7, 0xd9, 0x9f, 0x81, 0x4f, 0xe5, 0x1e, 0xbe, 0x6e, 0xd2, 0xf6, 0x3a, + 0xba, 0xcf, 0x8c, 0x96, 0x2a, 0x3d, 0xf7, 0xe5, 0x5c, 0x59, 0x40, 0x9c, + 0xe3, 0xf9, 0x2b, 0x6d, 0x3d, 0xf2, 0x6f, 0x81, 0xd6, 0xab, 0x9c, 0xab, + 0xc6, 0xf7, 0x8f, 0xaa, 0xe5, 0x71, 0xe3, 0xc9, 0x8c, 0x1a, 0xeb, 0xc5, + 0x87, 0xe7, 0xb0, 0xde, 0x18, 0xba, 0xaa, 0x1e, 0xda, 0x12, 0x32, 0x16, + 0x94, 0x3a, 0x6e, 0x4f, 0x84, 0x06, 0x8e, 0x33, 0xf7, 0xfa, 0x35, 0xb8, + 0x45, 0xe4, 0x5e, 0x9e, 0x46, 0x05, 0x7a, 0xf7, 0xf4, 0x99, 0xad, 0xb9, + 0xdd, 0x55, 0xd9, 0x52, 0x3b, 0x93, 0xe3, 0x9b, 0x54, 0x1b, 0xe6, 0xa9, + 0x70, 0xd3, 0x48, 0xf9, 0x3d, 0xdb, 0x88, 0x63, 0x66, 0xa0, 0xab, 0x72, + 0x83, 0x6e, 0x8f, 0x78, 0x9d, 0x55, 0x46, 0x21, 0xca, 0x7c, 0xb7, 0x5d, + 0x16, 0xe8, 0x66, 0x3b, 0x7b, 0xaa, 0xfe, 0x9c, 0x9c, 0x33, 0xc9, 0xc2, + 0xa4, 0x3c, 0x78, 0x97, 0xf3, 0x5b, 0xc2, 0x29, 0x36, 0x98, 0x68, 0x28, + 0xfe, 0x0a, 0xae, 0x6f, 0xe5, 0xf7, 0xfb, 0x9d, 0xf8, 0x8c, 0xd9, 0xd0, + 0x4d, 0xfe, 0xc7, 0xd0, 0xb0, 0xe3, 0x9c, 0xdb, 0xac, 0x9e, 0x1b, 0x55, + 0x7e, 0x24, 0xfe, 0xc4, 0x12, 0xcb, 0xc2, 0xdd, 0x0a, 0xda, 0x31, 0x40, + 0x41, 0xb7, 0xfc, 0x3f, 0x6d, 0xe2, 0xd3, 0x8a, 0x0f, 0x21, 0x33, 0x3a, + 0xbc, 0xa7, 0x62, 0x18, 0xb3, 0xaf, 0x48, 0xc6, 0xe2, 0xa3, 0xdd, 0x1d, + 0x20, 0x62, 0xe4, 0x4b, 0x81, 0x6b, 0x3a, 0xc5, 0xb1, 0x07, 0xe1, 0xf1, + 0xe1, 0xba, 0xf6, 0x01, 0xc6, 0xf2, 0xea, 0xc0, 0x97, 0x73, 0x79, 0x19, + 0x06, 0xaa, 0x62, 0x42, 0xcb, 0x21, 0x5f, 0x08, 0x97, 0x7d, 0x72, 0xb5, + 0x39, 0x4d, 0x99, 0xe3, 0xa2, 0x3f, 0xb9, 0xb4, 0xed, 0xf4, 0x61, 0x35, + 0xe1, 0x50, 0xfb, 0x56, 0x7c, 0x35, 0xfd, 0x44, 0x8a, 0x57, 0x22, 0xed, + 0x30, 0x33, 0xc3, 0x0b, 0xf1, 0x88, 0xe4, 0x44, 0x46, 0xf5, 0x73, 0x6d, + 0x9b, 0x98, 0x88, 0x92, 0xf5, 0x34, 0x85, 0x18, 0x66, 0xef, 0x70, 0xbe, + 0x7b, 0xc1, 0x0f, 0x1c, 0x78, 0x2d, 0x42, 0x13, 0x2d, 0x2f, 0x4d, 0x40, + 0x8e, 0xe2, 0x6f, 0xe0, 0x04, 0xdb, 0x58, 0xbc, 0x65, 0x80, 0xba, 0xfc, + 0x89, 0xee, 0xf3, 0x78, 0xb2, 0xd9, 0x78, 0x93, 0x6d, 0xbf, 0xd4, 0x74, + 0x24, 0xf4, 0x5c, 0x37, 0x89, 0x0c, 0x14, 0xd5, 0xbd, 0xc5, 0xfc, 0x37, + 0xe8, 0x8b, 0xe0, 0xc5, 0x89, 0xc9, 0x70, 0xb3, 0x76, 0x46, 0xce, 0x0d, + 0x7c, 0x3d, 0xa4, 0x5d, 0x02, 0x95, 0x03, 0xba, 0x24, 0xaa, 0xf7, 0xd0, + 0x75, 0x35, 0x78, 0x27, 0x9c, 0x6d, 0x2a, 0xef, 0xaa, 0xac, 0x85, 0xef, + 0x8d, 0xfc, 0xc0, 0xfc, 0x72, 0x02, 0xf4, 0xa3, 0xd3, 0x87, 0xfc, 0x4d, + 0xce, 0x3d, 0xcb, 0xc2, 0x74, 0x5b, 0xb0, 0x83, 0xc5, 0x72, 0x72, 0xd6, + 0xa1, 0x67, 0x4d, 0xa1, 0xd6, 0xaa, 0xe7, 0x9b, 0xe7, 0xc0, 0xfd, 0x86, + 0x91, 0x08, 0xfa, 0x48, 0x2f, 0x50, 0xce, 0x17, 0xea, 0x1c, 0xe3, 0x90, + 0x35, 0xe6, 0x6c, 0xc9, 0x66, 0x7d, 0x51, 0x32, 0x20, 0x0c, 0x2d, 0x4b, + 0xa1, 0xbf, 0x78, 0x87, 0xe1, 0x5a, 0x28, 0x0e, 0x9a, 0x85, 0xf6, 0x7e, + 0x39, 0x60, 0xbc, 0x64, 0x42, 0x5d, 0xf0, 0x0a, 0xd7, 0x3e, 0xbb, 0xa0, + 0x6d, 0x7c, 0xfa, 0x75, 0xee, 0x34, 0x39, 0x23, 0x0e, 0xbd, 0x50, 0x19, + 0x7a, 0x2a, 0xb7, 0x17, 0x3a, 0x8b, 0xb7, 0xb6, 0xf4, 0xd8, 0x47, 0x71, + 0x6b, 0x21, 0x1b, 0x56, 0xcc, 0xfb, 0x7b, 0x81, 0x99, 0x46, 0x88, 0x23, + 0x40, 0x49, 0x66, 0x8b, 0xac, 0x84, 0x16, 0x8a, 0x86, 0xae, 0x38, 0xc4, + 0x5b, 0x1f, 0x2b, 0xfa, 0xf2, 0x8b, 0x81, 0xc1, 0x22, 0x61, 0x61, 0x6c, + 0x43, 0x16, 0x8c, 0x1d, 0x37, 0xb2, 0xaf, 0x3c, 0x3a, 0x90, 0x33, 0xed, + 0xf5, 0x08, 0x78, 0xfd, 0x5a, 0xde, 0xd3, 0x38, 0x6d, 0xd7, 0x1c, 0x23, + 0xeb, 0xb4, 0x9b, 0x8e, 0xc2, 0x48, 0x47, 0x8e, 0x84, 0xbb, 0xc4, 0xd0, + 0xcc, 0xf9, 0x55, 0x5a, 0x57, 0xb9, 0x99, 0x52, 0x82, 0x21, 0x3b, 0x83, + 0xda, 0x8f, 0xa3, 0x88, 0x9c, 0x57, 0xe0, 0x4b, 0xc1, 0xce, 0xbe, 0xd3, + 0xea, 0xdd, 0xf2, 0x07, 0xc1, 0x73, 0x6f, 0xc0, 0x5e, 0x8e, 0x85, 0x72, + 0xab, 0x2f, 0xa9, 0xac, 0x39, 0xee, 0x05, 0x34, 0x13, 0x16, 0x1b, 0x1c, + 0x21, 0x24, 0x41, 0x49, 0x78, 0x87, 0x8b, 0x97, 0x9c, 0x9f, 0xa3, 0xa8, + 0xb9, 0xbc, 0xc6, 0xcc, 0xf2, 0xfd, 0x18, 0x2a, 0x46, 0x58, 0x5a, 0x88, + 0xa2, 0xb5, 0xcc, 0xd2, 0xda, 0xe1, 0xe3, 0x0d, 0x20, 0x23, 0x2b, 0x2f, + 0x47, 0x57, 0x5e, 0x64, 0x87, 0x97, 0x9c, 0xa7, 0xaa, 0xbc, 0xc1, 0xe4, + 0xe5, 0xea, 0x0b, 0x16, 0x3b, 0x3c, 0x3e, 0x45, 0x58, 0x63, 0x6a, 0x6f, + 0x7c, 0x8c, 0x8d, 0x92, 0x99, 0x9c, 0xad, 0xb5, 0xb7, 0xce, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x16, 0x23, 0x36, 0x4a + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_44_draft_sig[] = { + 0x5e, 0xc1, 0xce, 0x0e, 0x31, 0xea, 0x10, 0x52, 0xa3, 0x7a, + 0xfe, 0x4d, 0xac, 0x07, 0x89, 0x5a, 0x45, 0xbd, 0x5a, 0xe5, + 0x22, 0xed, 0x98, 0x4d, 0x2f, 0xc8, 0x27, 0x00, 0x99, 0x40, + 0x00, 0x79, 0xcd, 0x93, 0x27, 0xd0, 0x40, 0x33, 0x79, 0x4f, + 0xe5, 0x16, 0x89, 0x9f, 0xbd, 0xa6, 0x3f, 0xdd, 0x68, 0x74, + 0x73, 0xc3, 0x97, 0x54, 0x11, 0x1d, 0xc8, 0xb8, 0xc8, 0xfd, + 0x3a, 0xbe, 0xca, 0x17, 0x0f, 0x10, 0x6d, 0x89, 0x6d, 0xe0, + 0xb2, 0xff, 0x3b, 0xe5, 0xa1, 0x75, 0xea, 0x35, 0x16, 0xa3, + 0x0c, 0x6e, 0x4a, 0x7b, 0xdb, 0x28, 0xc6, 0x2a, 0x76, 0x0e, + 0x78, 0x78, 0xa0, 0x4f, 0x4e, 0xf8, 0x99, 0xff, 0xe7, 0x47, + 0x7e, 0xc4, 0x62, 0xa7, 0xb4, 0xb9, 0x2b, 0xc1, 0xc7, 0xd0, + 0x00, 0xb6, 0xaa, 0xa7, 0x37, 0xd5, 0x1e, 0x19, 0xc4, 0xc4, + 0x59, 0x2f, 0xa5, 0x09, 0xa3, 0xda, 0x5d, 0xd4, 0x48, 0x64, + 0x16, 0x0e, 0x92, 0xdf, 0x61, 0xb7, 0x25, 0x3b, 0x90, 0x5a, + 0x08, 0xb5, 0x88, 0xe8, 0x64, 0x80, 0x63, 0xee, 0xbf, 0x59, + 0x0f, 0x4a, 0x48, 0x1e, 0x77, 0xa9, 0x46, 0xc6, 0x9c, 0x0b, + 0x83, 0xad, 0xb5, 0xbf, 0xb5, 0x5b, 0x99, 0xf3, 0x55, 0xe8, + 0xe5, 0xe7, 0x5c, 0x12, 0xac, 0x06, 0x06, 0xe0, 0xc0, 0x32, + 0x5d, 0xb6, 0x9f, 0x2b, 0x8e, 0x19, 0x5c, 0x2a, 0x58, 0xbb, + 0x37, 0xf1, 0x68, 0x56, 0x8b, 0x74, 0x94, 0x58, 0x48, 0x28, + 0xee, 0xf7, 0x0a, 0x8f, 0xad, 0x43, 0x67, 0xe1, 0xa3, 0x8c, + 0x3b, 0x35, 0x48, 0xcc, 0x52, 0x14, 0x36, 0x99, 0x18, 0x71, + 0x1c, 0xb2, 0xfc, 0x82, 0xda, 0xac, 0xd5, 0x55, 0x0a, 0x77, + 0x44, 0x6a, 0x48, 0xed, 0xfc, 0x5a, 0x68, 0xa6, 0x4d, 0x65, + 0xe7, 0x30, 0xaa, 0x23, 0x66, 0x84, 0xdf, 0x83, 0xf1, 0x17, + 0x5c, 0x46, 0xfe, 0x63, 0xcb, 0xc3, 0x6e, 0x4e, 0x47, 0x8d, + 0x30, 0x48, 0x06, 0xda, 0x97, 0x6b, 0x04, 0x5d, 0x44, 0xf3, + 0xb7, 0x2a, 0x6d, 0x2b, 0xbb, 0xcd, 0x97, 0x4e, 0x26, 0x8e, + 0xc9, 0x03, 0x0b, 0x5d, 0x68, 0xed, 0x81, 0xf7, 0x19, 0x61, + 0x81, 0xe9, 0xac, 0x3a, 0x35, 0xcd, 0xe8, 0xfd, 0x99, 0xdb, + 0x89, 0x83, 0x7d, 0x23, 0x6a, 0xc1, 0xc1, 0x10, 0xe9, 0xd3, + 0xfa, 0x9e, 0x5a, 0xcd, 0x73, 0xa3, 0x0a, 0x37, 0xa3, 0x12, + 0xef, 0x72, 0xa2, 0x28, 0xd4, 0x3d, 0x67, 0x53, 0x24, 0x0d, + 0x61, 0x98, 0xbb, 0x07, 0xf3, 0xa7, 0x79, 0x22, 0x74, 0x57, + 0x99, 0xe8, 0x7a, 0xbf, 0x90, 0x84, 0xa2, 0x6b, 0x29, 0x34, + 0xac, 0xc9, 0xff, 0x67, 0x82, 0xd0, 0xd2, 0x7d, 0x69, 0xc0, + 0xf3, 0xd7, 0x4b, 0x5c, 0xf2, 0xa8, 0x53, 0x8b, 0x78, 0x57, + 0xfc, 0x74, 0xf5, 0x81, 0x6e, 0xc2, 0x5b, 0x32, 0x52, 0x9e, + 0x58, 0x84, 0xa1, 0x71, 0xd5, 0x8c, 0xf5, 0x16, 0x36, 0x4d, + 0x11, 0xd4, 0xb5, 0xc2, 0x05, 0xc4, 0x03, 0xce, 0x83, 0xea, + 0x0b, 0x6a, 0x2e, 0xf6, 0x28, 0x5e, 0xb2, 0x40, 0x8c, 0xa3, + 0x6a, 0xc7, 0xee, 0x04, 0x54, 0x93, 0x0f, 0x3b, 0xf9, 0x57, + 0x92, 0x00, 0xf1, 0xc7, 0x1b, 0x48, 0x63, 0xcb, 0xd3, 0xdd, + 0x40, 0x90, 0x46, 0xb0, 0x87, 0x2a, 0xb8, 0xec, 0xbc, 0x07, + 0x09, 0x83, 0x25, 0xb1, 0x88, 0x2c, 0xa0, 0x0a, 0x40, 0x4f, + 0xfd, 0xec, 0xfd, 0xbe, 0x18, 0xae, 0xdd, 0x83, 0x89, 0x83, + 0x2d, 0x10, 0xb4, 0x14, 0x30, 0xac, 0x6c, 0xd9, 0xc9, 0xaa, + 0xbc, 0xdb, 0x5e, 0x14, 0xab, 0x19, 0x64, 0xaa, 0xb1, 0x9c, + 0xc3, 0xf5, 0xdc, 0x2b, 0xcd, 0x26, 0x0b, 0x81, 0x1a, 0x0e, + 0x0a, 0xd6, 0x39, 0x79, 0x10, 0x06, 0xbf, 0xe0, 0xc1, 0x8b, + 0x20, 0x24, 0x90, 0x8b, 0x0f, 0xa4, 0x2d, 0x2d, 0x46, 0x2a, + 0xd4, 0xf3, 0xa9, 0x58, 0x4b, 0xd9, 0xa6, 0x6c, 0x75, 0x3d, + 0xbc, 0x36, 0x76, 0x7f, 0xef, 0x1b, 0xa1, 0x41, 0xba, 0xd0, + 0xfe, 0x16, 0x19, 0xc3, 0x92, 0xe3, 0x59, 0x07, 0x3f, 0x48, + 0x11, 0x70, 0xe0, 0x8a, 0xff, 0x97, 0xbc, 0x71, 0xd5, 0xb9, + 0x4a, 0x9b, 0x4c, 0xb8, 0x4b, 0x50, 0xd6, 0x43, 0xe8, 0x84, + 0x0a, 0x95, 0xd0, 0x20, 0x28, 0xd3, 0x20, 0x4a, 0x0e, 0x1b, + 0xe6, 0x5d, 0x2f, 0x0c, 0xdb, 0x76, 0xab, 0xa3, 0xc2, 0xad, + 0xd5, 0x86, 0xae, 0xb9, 0x26, 0xb2, 0x5d, 0x72, 0x27, 0xbb, + 0xec, 0x23, 0x9f, 0x42, 0x90, 0x58, 0xe1, 0xf8, 0xe9, 0x63, + 0xdf, 0x1a, 0x46, 0x53, 0x65, 0x05, 0xfb, 0x20, 0x21, 0xa6, + 0x64, 0xc8, 0x5c, 0x67, 0x6b, 0x41, 0x6c, 0x04, 0x34, 0xeb, + 0x05, 0x71, 0xeb, 0xbe, 0xed, 0x6d, 0xa2, 0x96, 0x67, 0x45, + 0xe7, 0x47, 0x22, 0x64, 0xaf, 0x82, 0xf8, 0x78, 0x0e, 0xe6, + 0xa1, 0x4a, 0x2d, 0x82, 0x1e, 0xd0, 0xc2, 0x79, 0x4e, 0x29, + 0x89, 0xd9, 0xf3, 0x3f, 0xb6, 0xc4, 0xee, 0x69, 0xb2, 0x8f, + 0x8b, 0xd9, 0x13, 0xd9, 0x6e, 0x3a, 0xc5, 0x9f, 0xdf, 0x25, + 0xb7, 0xc3, 0x16, 0xb8, 0xa2, 0x85, 0x17, 0xae, 0xe9, 0x95, + 0x5d, 0xb8, 0x1d, 0x21, 0xbb, 0xd9, 0x38, 0x11, 0x8f, 0x44, + 0xea, 0xe8, 0x4c, 0x91, 0x82, 0xf5, 0x45, 0xee, 0x8f, 0xf5, + 0x6a, 0x0d, 0x08, 0xe7, 0x6b, 0xb0, 0x91, 0xd5, 0x42, 0x17, + 0x8c, 0x37, 0x6a, 0x5a, 0x0a, 0x87, 0x53, 0x76, 0xc3, 0x59, + 0x35, 0x13, 0x1c, 0xf1, 0x72, 0x2c, 0x2b, 0xb2, 0x9e, 0xda, + 0x10, 0x2a, 0xce, 0x38, 0xb4, 0x67, 0x8c, 0x4b, 0x08, 0xa1, + 0xb6, 0xa3, 0x08, 0x9c, 0xeb, 0xd8, 0x93, 0x1b, 0x29, 0x5a, + 0xa7, 0x03, 0x17, 0x7e, 0xec, 0x58, 0x6b, 0x5b, 0xc5, 0x46, + 0x03, 0x33, 0x7f, 0x0e, 0x93, 0x9a, 0xdd, 0xb5, 0x89, 0xb1, + 0x16, 0x4c, 0xa7, 0xd8, 0x0e, 0x73, 0xd8, 0xc3, 0xd2, 0x36, + 0x85, 0x66, 0xcb, 0x5b, 0x64, 0xf2, 0xdc, 0xba, 0x39, 0xcc, + 0xa5, 0xe0, 0x9b, 0xaa, 0x2a, 0x95, 0x6d, 0xdc, 0x49, 0xde, + 0x3b, 0x61, 0xa2, 0x3b, 0x1f, 0xed, 0x32, 0xfa, 0x10, 0xe4, + 0x88, 0x59, 0xca, 0x5a, 0xe4, 0xf9, 0x5e, 0xe2, 0xca, 0x21, + 0x5a, 0xdc, 0x02, 0x73, 0x7a, 0xc8, 0x90, 0x7a, 0x8e, 0x91, + 0x19, 0x04, 0x53, 0x3c, 0x50, 0x15, 0x8a, 0x84, 0x93, 0x8f, + 0xac, 0x99, 0x82, 0xdd, 0xc6, 0xce, 0xfb, 0x18, 0x84, 0x29, + 0x2a, 0x8d, 0xa2, 0xc5, 0x7f, 0x87, 0xce, 0x4c, 0xf5, 0xdf, + 0x73, 0xd2, 0xba, 0xc2, 0x4f, 0xe3, 0x74, 0xa5, 0x8f, 0xc3, + 0xf4, 0x99, 0xd1, 0xe8, 0x4e, 0xb8, 0xe0, 0x2e, 0xef, 0xd6, + 0x87, 0x70, 0xcf, 0x45, 0x3b, 0xff, 0x03, 0xfd, 0x59, 0x7f, + 0x7c, 0xd0, 0x4e, 0x49, 0xf7, 0xd5, 0x08, 0xd9, 0x06, 0x53, + 0x90, 0x0a, 0x5a, 0x1b, 0x2e, 0xf5, 0xb0, 0x85, 0xb6, 0xb6, + 0x61, 0xa5, 0x71, 0x47, 0xbf, 0x4a, 0xf6, 0xae, 0x9a, 0x19, + 0x6c, 0xd8, 0x2d, 0x9b, 0xb4, 0x40, 0x9e, 0x15, 0x77, 0x2e, + 0x7e, 0xe9, 0xb4, 0x3d, 0x0f, 0x1b, 0xb5, 0x1c, 0xc2, 0x58, + 0x4e, 0x4b, 0xf6, 0x53, 0x9e, 0x6f, 0x09, 0x55, 0xa0, 0xb8, + 0x73, 0x11, 0x64, 0x70, 0x54, 0xb4, 0xcb, 0xb7, 0x27, 0xe5, + 0xdf, 0x58, 0x67, 0x5b, 0xc0, 0xd6, 0xf5, 0x64, 0xa6, 0x66, + 0x6d, 0xdf, 0xd8, 0xf8, 0xd6, 0x85, 0xba, 0xba, 0x30, 0xa7, + 0xca, 0x34, 0xf4, 0x9a, 0xba, 0x0a, 0xfb, 0x0e, 0xa0, 0x65, + 0x98, 0x78, 0xee, 0xaa, 0x14, 0x6a, 0x99, 0x77, 0x67, 0xad, + 0x01, 0x95, 0x5e, 0x50, 0x22, 0xe9, 0x74, 0x95, 0xa7, 0x13, + 0x3f, 0xdd, 0xa6, 0x69, 0x64, 0xf6, 0x50, 0x06, 0x6d, 0xba, + 0x90, 0x5a, 0x8c, 0x81, 0xa0, 0xda, 0x55, 0xe9, 0x97, 0x0e, + 0xd7, 0x10, 0x8e, 0x1f, 0x23, 0x65, 0xd9, 0x14, 0xd4, 0xde, + 0xa5, 0xf9, 0xec, 0xb6, 0xad, 0x65, 0xce, 0x0b, 0x1b, 0x0a, + 0x4c, 0x7d, 0xb0, 0x97, 0xa6, 0xfe, 0x67, 0xfb, 0x4f, 0x8f, + 0x00, 0x92, 0xb6, 0x0d, 0x20, 0x78, 0x65, 0x1d, 0x9a, 0x56, + 0x57, 0xc6, 0x15, 0x88, 0xba, 0x55, 0x02, 0x7a, 0x9a, 0xac, + 0x50, 0x4c, 0xc7, 0x9e, 0x66, 0x8b, 0xfc, 0xf3, 0x67, 0x48, + 0x07, 0xbf, 0x84, 0x94, 0x9b, 0x22, 0x2a, 0xae, 0x1b, 0x25, + 0xe9, 0x94, 0x06, 0xa7, 0xe8, 0x61, 0x52, 0x89, 0xdc, 0x93, + 0x6e, 0x89, 0xdc, 0x30, 0x6e, 0xd9, 0xee, 0xcb, 0x12, 0x38, + 0x58, 0x9d, 0x8b, 0xc5, 0x05, 0x2c, 0x50, 0x4e, 0xc8, 0xc2, + 0xe0, 0x65, 0xb6, 0x49, 0xc4, 0xf0, 0x1e, 0x5c, 0x8e, 0x3c, + 0xe9, 0x77, 0xd2, 0x9e, 0xa8, 0xd5, 0xf5, 0xd9, 0xc5, 0xad, + 0x5b, 0x74, 0x48, 0x08, 0x3a, 0x30, 0x84, 0x57, 0x71, 0x1e, + 0x69, 0x45, 0x09, 0xdd, 0xea, 0x62, 0xec, 0x7c, 0xa3, 0xf9, + 0x92, 0xee, 0x16, 0xdc, 0xe5, 0x9d, 0xcf, 0xb7, 0x08, 0x51, + 0x8a, 0x76, 0x3a, 0x23, 0x94, 0x50, 0x8e, 0x4d, 0x3a, 0xea, + 0xf3, 0xc1, 0x53, 0x2c, 0x65, 0x9c, 0x36, 0x8c, 0x10, 0xe3, + 0x9c, 0x01, 0xa4, 0xe6, 0x45, 0x77, 0xa6, 0x5d, 0x7e, 0x37, + 0x31, 0x95, 0x2f, 0xec, 0x61, 0x92, 0x69, 0x65, 0x53, 0x54, + 0x6d, 0xbe, 0x9e, 0x5a, 0x68, 0x12, 0xc4, 0xe7, 0xe4, 0x06, + 0x51, 0x5a, 0xc0, 0x63, 0xb9, 0x69, 0xb8, 0x3c, 0xd8, 0xae, + 0x8b, 0xff, 0x96, 0x4d, 0x55, 0xce, 0x25, 0x2b, 0x8b, 0x89, + 0xc9, 0x3a, 0x16, 0x48, 0x2a, 0x73, 0xb2, 0x70, 0x8b, 0x62, + 0xd5, 0xb1, 0xa0, 0x30, 0xe5, 0x46, 0xab, 0x8b, 0xc3, 0xeb, + 0x37, 0x2f, 0xbd, 0xb8, 0x4e, 0x6c, 0x30, 0xdc, 0x6c, 0x8a, + 0xf1, 0x89, 0x06, 0xce, 0x64, 0x0a, 0x3e, 0xb2, 0x16, 0x31, + 0xa1, 0xe4, 0x4b, 0x98, 0xe7, 0xf1, 0x99, 0x76, 0x00, 0x5f, + 0xd2, 0xd3, 0x30, 0xf0, 0xbf, 0xa7, 0x4a, 0xf6, 0x9e, 0xa5, + 0x75, 0x74, 0x78, 0xfe, 0xec, 0x72, 0x7c, 0x89, 0xe9, 0xf6, + 0x0d, 0x7e, 0x15, 0xd6, 0xd8, 0x79, 0x85, 0x3c, 0xcf, 0xb0, + 0x21, 0xc8, 0x9c, 0x54, 0x87, 0x63, 0xb3, 0x05, 0xbb, 0x8a, + 0x02, 0xe4, 0x79, 0xdc, 0xa1, 0xa2, 0xd3, 0x19, 0xd8, 0x86, + 0xff, 0x8a, 0x0e, 0x82, 0x89, 0xaf, 0xaa, 0x62, 0x2e, 0xd4, + 0xb2, 0xd0, 0x5d, 0x0d, 0x4f, 0x2a, 0xda, 0x0e, 0x9f, 0x8a, + 0x2b, 0x32, 0xe9, 0x09, 0xf5, 0x55, 0x51, 0xe7, 0xd5, 0x69, + 0x12, 0xdd, 0x33, 0x6b, 0x3d, 0xd7, 0xe9, 0xfd, 0xb2, 0xa7, + 0xf5, 0x97, 0x2a, 0x6d, 0x89, 0x30, 0x65, 0x2a, 0x0d, 0xf2, + 0x00, 0x81, 0xbe, 0xfb, 0xd9, 0xd7, 0x1b, 0xc2, 0x48, 0x7a, + 0x22, 0x30, 0xae, 0x35, 0xf6, 0x32, 0x41, 0x9d, 0xd9, 0x12, + 0xb3, 0xa7, 0x6d, 0xba, 0x74, 0x93, 0x2d, 0x0d, 0xb2, 0xb6, + 0xdc, 0xa9, 0x98, 0x5b, 0x3b, 0xaa, 0x2b, 0x47, 0x06, 0xc4, + 0x36, 0xfd, 0x04, 0x10, 0x94, 0x61, 0x61, 0x47, 0x1c, 0x02, + 0x54, 0x85, 0x4a, 0xcb, 0x75, 0x6b, 0x75, 0xf5, 0xb4, 0x61, + 0x26, 0xb3, 0x12, 0x43, 0x31, 0x55, 0xb5, 0xda, 0x4b, 0xb5, + 0x11, 0xb4, 0xb8, 0xfb, 0x0a, 0xd9, 0xa7, 0x0e, 0x9f, 0x2a, + 0x74, 0x01, 0xf6, 0x1a, 0x33, 0x10, 0x9e, 0x66, 0xff, 0x82, + 0xfa, 0xa9, 0xa4, 0xa0, 0x9b, 0x25, 0x2d, 0x16, 0xbf, 0x60, + 0x0d, 0x87, 0xea, 0x94, 0xad, 0xdd, 0xc4, 0xd0, 0xa8, 0xdd, + 0x2d, 0xc7, 0xc8, 0xac, 0x39, 0x9e, 0x87, 0x69, 0xc4, 0x3a, + 0xbc, 0x28, 0x7e, 0x36, 0x69, 0xfd, 0x20, 0x25, 0xac, 0xa3, + 0xa7, 0x37, 0x96, 0xe9, 0x8a, 0x65, 0xe4, 0xb0, 0x2a, 0x61, + 0x23, 0x28, 0x64, 0xff, 0x17, 0x6c, 0x36, 0x9e, 0x0a, 0xba, + 0xe4, 0x4b, 0xeb, 0x84, 0x24, 0x20, 0x57, 0x0f, 0x34, 0x05, + 0x95, 0x56, 0xc3, 0x2f, 0x2b, 0xf0, 0x36, 0xef, 0xca, 0x68, + 0xfe, 0x78, 0xf8, 0x98, 0x09, 0x4a, 0x25, 0xcc, 0x17, 0xbe, + 0x05, 0x00, 0xff, 0xf9, 0xa5, 0x5b, 0xe6, 0xaa, 0x5b, 0x56, + 0xb6, 0x89, 0x64, 0x9c, 0x16, 0x48, 0xe1, 0xcd, 0x67, 0x87, + 0xdd, 0xba, 0xbd, 0x02, 0x0d, 0xd8, 0xb4, 0xc9, 0x7c, 0x37, + 0x92, 0xd0, 0x39, 0x46, 0xd2, 0xc4, 0x78, 0x13, 0xf0, 0x76, + 0x45, 0x5f, 0xeb, 0x52, 0xd2, 0x3f, 0x61, 0x87, 0x34, 0x09, + 0xb7, 0x24, 0x4e, 0x93, 0xf3, 0xc5, 0x10, 0x19, 0x66, 0x66, + 0x3f, 0x15, 0xe3, 0x05, 0x55, 0x43, 0xb7, 0xf4, 0x62, 0x57, + 0xb4, 0xd9, 0xef, 0x46, 0x47, 0xb5, 0xfb, 0x79, 0xc9, 0x67, + 0xc5, 0xc3, 0x18, 0x91, 0x73, 0x75, 0xec, 0xd5, 0x68, 0x2b, + 0xf6, 0x42, 0xb4, 0xff, 0xfb, 0x27, 0x61, 0x77, 0x28, 0x10, + 0x6b, 0xce, 0x19, 0xad, 0x87, 0xc3, 0x85, 0xe3, 0x78, 0x00, + 0xdb, 0x21, 0xee, 0xd8, 0xfa, 0x9c, 0x81, 0x11, 0x97, 0xac, + 0xd0, 0x50, 0x89, 0x45, 0x23, 0xf6, 0x85, 0x7d, 0x60, 0xb2, + 0xad, 0x0c, 0x5d, 0xd8, 0x9e, 0xe4, 0xe1, 0x25, 0xb2, 0x13, + 0x1a, 0x54, 0x54, 0xfd, 0x7b, 0xab, 0x85, 0x20, 0xe8, 0xda, + 0x52, 0x0f, 0xac, 0x49, 0x70, 0xf1, 0x4c, 0x66, 0x74, 0x8c, + 0x87, 0x6e, 0xca, 0xc1, 0x0d, 0x92, 0xc0, 0xa8, 0x08, 0xfd, + 0x0f, 0x60, 0x55, 0xaf, 0x24, 0xcb, 0x04, 0xb7, 0xff, 0xa9, + 0xc5, 0x07, 0x26, 0xf6, 0xe2, 0x1e, 0x2f, 0xd1, 0x99, 0x6d, + 0xef, 0xc0, 0xdb, 0x5b, 0xf7, 0x06, 0x80, 0x92, 0x5f, 0x56, + 0x54, 0xdb, 0x2e, 0xba, 0x93, 0xb2, 0x94, 0xf2, 0xad, 0xbc, + 0x91, 0x6e, 0x4e, 0xce, 0x21, 0xc4, 0x8b, 0x18, 0xc4, 0xfc, + 0xab, 0xb4, 0x4f, 0xd7, 0xa2, 0xef, 0x55, 0x00, 0x6d, 0x34, + 0x17, 0x59, 0x8d, 0x79, 0x75, 0x02, 0xa3, 0x7a, 0x52, 0x57, + 0x5c, 0x26, 0xb9, 0xae, 0xd6, 0x19, 0x2e, 0x31, 0x02, 0x98, + 0x98, 0xe5, 0x3d, 0xc2, 0xa5, 0x56, 0xb6, 0x02, 0xae, 0x0d, + 0x3b, 0x35, 0x97, 0xd2, 0x43, 0x38, 0x8a, 0x65, 0xfa, 0x86, + 0x20, 0xb7, 0xb5, 0xb0, 0xda, 0x19, 0x01, 0x2f, 0x13, 0xb5, + 0x6d, 0xbd, 0xb2, 0x34, 0xa7, 0xff, 0xae, 0x7e, 0x8f, 0x98, + 0x1b, 0xc4, 0x27, 0xbd, 0xa9, 0x64, 0xdc, 0xab, 0x2a, 0xd2, + 0xb4, 0x27, 0xd0, 0x25, 0xdd, 0xff, 0xdc, 0x0a, 0x96, 0xd3, + 0x85, 0x3e, 0xc5, 0x11, 0x34, 0x60, 0xa2, 0x33, 0x92, 0x90, + 0xbb, 0x4c, 0x86, 0xdd, 0xd6, 0x1e, 0xcb, 0x0a, 0x17, 0xc6, + 0x87, 0x4e, 0x3e, 0x7a, 0x4b, 0xab, 0xef, 0x0a, 0x00, 0x3d, + 0x94, 0x34, 0x8b, 0x63, 0x36, 0xd9, 0xaf, 0x5d, 0x63, 0x40, + 0xbb, 0x32, 0x4b, 0x64, 0xf0, 0x31, 0x48, 0xdb, 0x44, 0x2b, + 0x48, 0x60, 0x6a, 0xea, 0xa4, 0x8c, 0xdd, 0xaf, 0x81, 0x3f, + 0x86, 0x81, 0x99, 0x7a, 0x98, 0xe1, 0xff, 0x21, 0x7a, 0x28, + 0xbc, 0x33, 0xe6, 0x4e, 0xb0, 0x85, 0x6b, 0xec, 0x11, 0x37, + 0x81, 0x7f, 0xf9, 0xdc, 0xbf, 0x1a, 0xa6, 0x6d, 0x4d, 0x0f, + 0x5b, 0x99, 0x73, 0xb8, 0xd2, 0x6e, 0x37, 0xf0, 0x71, 0xf1, + 0x1a, 0xc3, 0x5c, 0xea, 0x12, 0x5f, 0x2e, 0x85, 0x3f, 0xfd, + 0xd5, 0x87, 0x67, 0x9f, 0x67, 0x9f, 0xd7, 0xef, 0x9f, 0x81, + 0xa4, 0xbc, 0x63, 0x1d, 0x00, 0x81, 0xf6, 0x20, 0x77, 0xae, + 0x0b, 0x90, 0xe5, 0x9c, 0xa9, 0x44, 0xb5, 0xd7, 0xb1, 0x61, + 0x33, 0x4f, 0x75, 0xa9, 0xb7, 0xf4, 0xa4, 0x72, 0x9e, 0x72, + 0xec, 0x7b, 0xcd, 0x83, 0xb3, 0xd6, 0x22, 0x50, 0x50, 0x97, + 0x0f, 0x63, 0x0f, 0xe1, 0x15, 0xb3, 0x07, 0xb6, 0xa3, 0xfa, + 0x2f, 0xb5, 0xf3, 0x5b, 0x5d, 0x7f, 0x90, 0x20, 0xcd, 0x5f, + 0x40, 0x48, 0x87, 0x43, 0xfd, 0xa3, 0x69, 0xdc, 0xf8, 0x51, + 0x08, 0x67, 0xc2, 0x2d, 0xff, 0xfe, 0xbf, 0x85, 0x3e, 0x80, + 0xff, 0x91, 0x62, 0xc5, 0x83, 0xe0, 0x80, 0xeb, 0xce, 0xdc, + 0xff, 0xb1, 0xdb, 0x02, 0xb7, 0x01, 0x1e, 0xa6, 0xf0, 0x32, + 0xfb, 0x95, 0x6a, 0x47, 0x44, 0x84, 0x42, 0x6e, 0x3a, 0xb1, + 0xcf, 0xf9, 0x28, 0xb4, 0x3a, 0x8e, 0xa7, 0x8d, 0x48, 0x81, + 0x1c, 0x7e, 0xf5, 0x0b, 0x46, 0x7e, 0x92, 0x4e, 0xb9, 0xa8, + 0x36, 0xb8, 0x81, 0x6d, 0x8c, 0x70, 0x59, 0x33, 0x12, 0x61, + 0xbb, 0xe6, 0x10, 0x8a, 0xe4, 0xc1, 0x2c, 0x50, 0x12, 0xbf, + 0xd3, 0xc6, 0x3c, 0x53, 0x91, 0x50, 0x07, 0xc8, 0x85, 0x32, + 0x3c, 0xe1, 0x67, 0x99, 0x68, 0xc1, 0xf4, 0x74, 0x86, 0x35, + 0x8a, 0x6c, 0x75, 0x1d, 0x8f, 0x8a, 0x60, 0xe1, 0xc7, 0x59, + 0x4e, 0xb0, 0xe0, 0x45, 0x5a, 0x11, 0x05, 0x24, 0xa7, 0x8d, + 0x39, 0x93, 0x60, 0x4c, 0xc5, 0x9e, 0x8a, 0x70, 0xcc, 0x44, + 0x96, 0x92, 0xc8, 0xf7, 0x23, 0x14, 0xc7, 0xf4, 0x82, 0x9d, + 0x5b, 0x1c, 0x26, 0xd0, 0x3c, 0x76, 0x36, 0xe9, 0x98, 0x8a, + 0xbb, 0xe6, 0xa0, 0xad, 0xed, 0xf7, 0xd9, 0x06, 0x50, 0x67, + 0x79, 0x50, 0x4e, 0xd5, 0x80, 0x4e, 0x59, 0x72, 0x5d, 0x8b, + 0xcb, 0x86, 0x3b, 0x57, 0xc4, 0xb2, 0x3d, 0xbc, 0x35, 0x6d, + 0xb1, 0x50, 0xf5, 0x8c, 0xf2, 0x89, 0x72, 0x20, 0xd0, 0x47, + 0x68, 0x13, 0x42, 0x25, 0x1a, 0xb6, 0xc5, 0x07, 0xdf, 0x45, + 0x11, 0xa9, 0x05, 0x5d, 0xad, 0xf0, 0x49, 0x9e, 0x70, 0x78, + 0xed, 0xe7, 0xf9, 0x00, 0x1f, 0x62, 0x76, 0x47, 0xb5, 0x48, + 0x4f, 0x2c, 0x2e, 0xe3, 0x78, 0x6a, 0x44, 0x46, 0x1e, 0x6b, + 0x00, 0x74, 0x54, 0xb9, 0xd1, 0x4f, 0x6d, 0x45, 0xc1, 0xa6, + 0x45, 0x2e, 0x1a, 0xaf, 0x94, 0x3f, 0xd0, 0x72, 0x67, 0x0d, + 0x2e, 0xa9, 0x8d, 0x16, 0xc4, 0x05, 0x01, 0x07, 0x13, 0x1b, + 0x1c, 0x3d, 0x43, 0x71, 0x91, 0x95, 0x9a, 0xae, 0xaf, 0xc4, + 0xe5, 0xe6, 0xe9, 0xff, 0x02, 0x0c, 0x0f, 0x3e, 0x62, 0x67, + 0x68, 0x81, 0xc7, 0xd0, 0xd8, 0xdd, 0xe0, 0xf5, 0x0b, 0x25, + 0x35, 0x45, 0x4a, 0x4b, 0x63, 0x74, 0x79, 0x7e, 0x82, 0xa2, + 0xaf, 0xc6, 0xc7, 0xcc, 0xd2, 0xfa, 0x2a, 0x2d, 0x2f, 0x32, + 0x35, 0x38, 0x3f, 0x4c, 0x7f, 0x80, 0x81, 0x8b, 0x9b, 0x9c, + 0x9d, 0xa7, 0xa9, 0xcb, 0xe9, 0xf0, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x12, 0x20, 0x32, 0x46 + }; +#endif + wc_test_ret_t ret; + + ret = dilithium_param_vfy_test(WC_ML_DSA_44, ml_dsa_44_pub_key, + (word32)sizeof(ml_dsa_44_pub_key), ml_dsa_44_sig, + (word32)sizeof(ml_dsa_44_sig)); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (ret == 0) { + ret = dilithium_param_vfy_test(WC_ML_DSA_44_DRAFT, + ml_dsa_44_draft_pub_key, (word32)sizeof(ml_dsa_44_draft_pub_key), + ml_dsa_44_draft_sig, (word32)sizeof(ml_dsa_44_draft_sig)); + } +#endif + + return ret; +} +#endif + +#ifndef WOLFSSL_NO_ML_DSA_65 +static wc_test_ret_t dilithium_param_65_vfy_test(void) +{ + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_pub_key[] = { + 0x2c, 0x32, 0xfa, 0x59, 0x71, 0x16, 0x4a, 0x0e, 0x45, 0x0f, 0x21, 0xfd, + 0x65, 0xee, 0x50, 0xb0, 0xbf, 0xea, 0x8e, 0x4e, 0xa2, 0x55, 0x71, 0xa6, + 0x65, 0x48, 0x56, 0x20, 0x8a, 0x48, 0x9d, 0xd7, 0xc9, 0x2c, 0x80, 0x62, + 0x88, 0x68, 0x4d, 0x5f, 0xbe, 0x5f, 0xe5, 0xf5, 0xa4, 0x75, 0xb6, 0x88, + 0x26, 0xae, 0x7d, 0x11, 0x43, 0x89, 0xcd, 0xe9, 0x67, 0x0c, 0x91, 0x0b, + 0xd1, 0xd8, 0x8b, 0x7b, 0x73, 0x75, 0x94, 0xc1, 0xc9, 0x61, 0xc7, 0x35, + 0x21, 0x99, 0x2e, 0xab, 0xe0, 0xdf, 0x4d, 0xac, 0x0d, 0xd0, 0xa2, 0x61, + 0x5f, 0x04, 0x08, 0x83, 0x66, 0x5c, 0x67, 0x47, 0x0c, 0xab, 0x2c, 0xb7, + 0x6d, 0x0e, 0x32, 0x4c, 0x8c, 0x25, 0x80, 0xf5, 0xe5, 0x7e, 0x3b, 0xa1, + 0xc6, 0xc5, 0x87, 0xd8, 0x68, 0xb2, 0xd5, 0x67, 0xf9, 0x5a, 0x8b, 0x88, + 0xf8, 0xcd, 0x0c, 0xda, 0x4f, 0xfc, 0xd2, 0xaf, 0xb2, 0xa2, 0x38, 0x21, + 0xf9, 0xd8, 0xf1, 0x1c, 0x8d, 0xb4, 0xe8, 0xfb, 0x76, 0x36, 0x87, 0xf4, + 0x7d, 0x03, 0xc4, 0x06, 0xab, 0x87, 0xac, 0x52, 0xe8, 0xd5, 0xf7, 0x63, + 0xf0, 0xa8, 0x0b, 0x95, 0xbd, 0x07, 0xf1, 0x1d, 0x33, 0x7b, 0x8a, 0x2c, + 0xef, 0x85, 0xbe, 0xf8, 0xc1, 0x4b, 0xa2, 0xb0, 0xe0, 0x7a, 0x85, 0xfa, + 0x52, 0x36, 0x05, 0xa7, 0x65, 0x4a, 0x0c, 0x21, 0x5c, 0xc0, 0x4f, 0x18, + 0xb8, 0x66, 0x02, 0xe6, 0xd0, 0x45, 0x60, 0x56, 0xfc, 0x40, 0x94, 0xb5, + 0xa5, 0x2b, 0xc7, 0x57, 0xc3, 0xc5, 0x30, 0x72, 0x1c, 0x4c, 0x2a, 0xd5, + 0x75, 0xae, 0x43, 0x9f, 0x01, 0x71, 0xac, 0x5c, 0xdf, 0x9c, 0x0a, 0x3c, + 0xb5, 0x89, 0x07, 0x9b, 0x28, 0x25, 0x31, 0x31, 0xc5, 0xb7, 0x24, 0x53, + 0x2c, 0x3c, 0x2a, 0x96, 0xe5, 0x0d, 0xa2, 0x97, 0xa7, 0x08, 0x9d, 0x31, + 0xc0, 0xcd, 0x53, 0xd5, 0xa8, 0x58, 0xa6, 0xac, 0x43, 0x2d, 0xac, 0x39, + 0x01, 0x2c, 0x60, 0xf6, 0x82, 0x86, 0xd0, 0xaf, 0xad, 0x61, 0x3f, 0x82, + 0x80, 0xa1, 0xe1, 0x12, 0x83, 0x6e, 0x1d, 0x5e, 0xfe, 0xc6, 0x1e, 0x2a, + 0x7a, 0x44, 0xcd, 0xc2, 0x0a, 0xf5, 0xc8, 0x72, 0x3e, 0x29, 0xc7, 0x0a, + 0xd1, 0x4c, 0x17, 0xdd, 0x1f, 0xb6, 0x95, 0x34, 0xc2, 0x6c, 0xdc, 0x63, + 0xd1, 0x7e, 0xb0, 0x52, 0x06, 0x18, 0x6c, 0xb1, 0x99, 0x6a, 0xbe, 0x42, + 0xa9, 0xc0, 0x22, 0xcc, 0x09, 0x11, 0x84, 0x1f, 0x16, 0x9a, 0x0e, 0xdd, + 0x18, 0x7a, 0x39, 0x34, 0xb0, 0x49, 0x44, 0xcb, 0x88, 0x1f, 0x91, 0x93, + 0x49, 0x3f, 0xcc, 0x62, 0x56, 0x33, 0x15, 0xcb, 0x02, 0x9b, 0x33, 0xe8, + 0xd7, 0xab, 0x51, 0xc0, 0x91, 0xe0, 0x9c, 0xd2, 0xf9, 0x52, 0x05, 0x0c, + 0xbf, 0xf1, 0x97, 0x42, 0xfe, 0xd0, 0x32, 0x27, 0x34, 0xf8, 0x82, 0x2d, + 0x65, 0x3a, 0x36, 0xce, 0xd1, 0x07, 0x82, 0x3a, 0x6a, 0xaa, 0x56, 0xf1, + 0x9b, 0x98, 0xca, 0x8e, 0x55, 0xff, 0xa0, 0x74, 0xd6, 0x6a, 0x42, 0xaa, + 0x0a, 0xd4, 0x59, 0x74, 0xfb, 0xd4, 0xdb, 0x14, 0x10, 0xee, 0xca, 0x78, + 0x83, 0x83, 0x95, 0x9b, 0x77, 0xf1, 0x9a, 0x48, 0xe0, 0x8f, 0xa4, 0x5a, + 0x4d, 0xa9, 0x3f, 0x32, 0x78, 0x4a, 0x25, 0x96, 0x9c, 0x20, 0x0a, 0xcc, + 0x5b, 0xd8, 0xca, 0x19, 0x47, 0x77, 0xb8, 0x7c, 0x51, 0x3e, 0xd6, 0x30, + 0xdb, 0x45, 0xb0, 0xe6, 0x9d, 0x6f, 0xc5, 0x0a, 0x5d, 0x5f, 0x55, 0xcd, + 0x0f, 0x20, 0x22, 0x7e, 0x09, 0x99, 0xac, 0xb8, 0x9c, 0x9d, 0xf7, 0x3e, + 0x7e, 0x07, 0xd7, 0xbc, 0x21, 0x76, 0x8c, 0x27, 0x81, 0x94, 0xab, 0x57, + 0x4a, 0xe2, 0x91, 0x1c, 0xa4, 0x77, 0x4a, 0xd2, 0x96, 0x52, 0x9d, 0x33, + 0xb5, 0x58, 0x70, 0xd7, 0xff, 0x22, 0xe8, 0x14, 0xea, 0xd0, 0x8c, 0xd4, + 0x06, 0x08, 0xd8, 0x73, 0x66, 0x4b, 0x93, 0x41, 0xc9, 0x73, 0x5b, 0x07, + 0x5f, 0x31, 0xc5, 0x25, 0x98, 0x7b, 0x7b, 0xa5, 0x26, 0x83, 0x94, 0x22, + 0x42, 0x1c, 0x51, 0xe6, 0x80, 0x48, 0xca, 0xd4, 0x53, 0x40, 0x3a, 0xee, + 0x2c, 0x29, 0x07, 0xed, 0xdf, 0x97, 0x44, 0x19, 0xe5, 0xe5, 0x35, 0x66, + 0x1f, 0xbd, 0x29, 0x77, 0x0c, 0x15, 0x6c, 0x95, 0x08, 0x81, 0xe0, 0x76, + 0x86, 0x5e, 0x6d, 0x77, 0x78, 0x76, 0x07, 0xdd, 0x21, 0x97, 0x59, 0xdb, + 0xd4, 0xbd, 0xb6, 0x4c, 0x3f, 0x07, 0x93, 0xb6, 0x4a, 0xce, 0xf7, 0x08, + 0x86, 0xfd, 0x9c, 0x03, 0x08, 0x94, 0x00, 0xea, 0x4b, 0xd6, 0x1e, 0x17, + 0xfb, 0xb5, 0xba, 0xde, 0x25, 0x95, 0xe7, 0xf8, 0x97, 0x9e, 0x99, 0xae, + 0x5d, 0xdd, 0xf6, 0x32, 0x1a, 0xf2, 0x4f, 0xcf, 0x0c, 0x17, 0x55, 0xb8, + 0xfb, 0xae, 0xc8, 0x46, 0xb0, 0x3e, 0x86, 0x2b, 0x5e, 0xef, 0x36, 0xca, + 0x24, 0xed, 0x32, 0x5b, 0xc8, 0xfb, 0x88, 0x35, 0x6a, 0x26, 0xfe, 0x06, + 0x54, 0x0c, 0x3e, 0x2c, 0x71, 0xdf, 0x98, 0xf0, 0xbb, 0xb2, 0xe0, 0x9d, + 0xf7, 0xeb, 0xce, 0x07, 0xfa, 0xc4, 0xab, 0x88, 0xc3, 0x14, 0x33, 0x60, + 0x48, 0xcf, 0x39, 0x26, 0x90, 0xac, 0xfa, 0x39, 0x6f, 0x2d, 0x9d, 0x6d, + 0x15, 0x7f, 0x84, 0x6b, 0x0a, 0x1c, 0xf4, 0x6c, 0x78, 0x62, 0x52, 0x93, + 0x2c, 0x7e, 0x9f, 0x4a, 0x51, 0x7a, 0x2e, 0xad, 0xea, 0xe4, 0xe5, 0x9c, + 0x15, 0x15, 0x28, 0x4d, 0x3e, 0x5e, 0xb4, 0x3b, 0xff, 0x81, 0xe0, 0x56, + 0x44, 0x33, 0x33, 0xd9, 0x4b, 0xb2, 0x23, 0x60, 0xed, 0x0d, 0xa5, 0x4e, + 0x9f, 0x7d, 0xbc, 0x6e, 0x3a, 0xf9, 0x7e, 0x16, 0x47, 0x66, 0xb1, 0x6c, + 0xc7, 0x26, 0x62, 0x9b, 0x3c, 0x53, 0xb3, 0xa1, 0x16, 0x62, 0x31, 0x64, + 0xd2, 0xbb, 0x28, 0x5c, 0xe8, 0x21, 0xc3, 0xfc, 0xc3, 0x6d, 0xa7, 0x35, + 0x4d, 0x57, 0xe0, 0xbd, 0x54, 0x1a, 0x84, 0xf7, 0x9c, 0x8a, 0x54, 0x3d, + 0x59, 0xb3, 0xa2, 0x46, 0x3b, 0x16, 0x48, 0x3b, 0x3a, 0x3c, 0x5e, 0x88, + 0xc3, 0x60, 0x63, 0x7e, 0xca, 0x68, 0xb7, 0x2f, 0x2b, 0xb5, 0x62, 0x2e, + 0x51, 0x89, 0xbe, 0x78, 0xf7, 0xfa, 0x19, 0xcc, 0xca, 0x87, 0x9a, 0xf5, + 0xef, 0x0d, 0x21, 0x08, 0x3b, 0xd6, 0x9a, 0x94, 0xc5, 0xd1, 0x1b, 0xa9, + 0x7c, 0xc8, 0x9f, 0x9a, 0xb0, 0xb8, 0xf7, 0x02, 0x12, 0x31, 0x70, 0x52, + 0x52, 0xda, 0xb5, 0x9a, 0x08, 0x20, 0xc3, 0xc4, 0x0c, 0x6a, 0x34, 0x58, + 0x75, 0x9b, 0xdc, 0x1a, 0x6a, 0x37, 0x42, 0x9f, 0x16, 0x70, 0xbb, 0x39, + 0x86, 0xbd, 0x09, 0x9c, 0x04, 0x44, 0xbe, 0x1a, 0xe5, 0xe9, 0x50, 0x9b, + 0x14, 0x50, 0x4f, 0x00, 0xba, 0xb0, 0xf6, 0x36, 0x4d, 0x69, 0x16, 0x11, + 0x40, 0x5a, 0x4e, 0x8b, 0x39, 0xb4, 0xf1, 0xb2, 0x11, 0x36, 0x2f, 0x02, + 0x15, 0xca, 0x78, 0xde, 0x75, 0x07, 0x64, 0x72, 0xfd, 0xd4, 0x48, 0xdd, + 0xfb, 0xf5, 0x8a, 0x3d, 0xa8, 0x8e, 0x14, 0xd1, 0x69, 0xe3, 0x21, 0x50, + 0x39, 0xfd, 0xd0, 0x3b, 0xa0, 0x22, 0x61, 0x5c, 0x7e, 0x88, 0x91, 0xe1, + 0xf0, 0xf6, 0x16, 0x23, 0xdb, 0xdb, 0x50, 0x0e, 0x39, 0xcc, 0x86, 0xf1, + 0xab, 0x89, 0x60, 0xb0, 0xac, 0x28, 0xc6, 0x57, 0xe4, 0xee, 0xa9, 0x1b, + 0xae, 0x78, 0xc5, 0x67, 0x1a, 0xeb, 0xb3, 0x43, 0xbc, 0xea, 0x11, 0x0c, + 0x64, 0xf6, 0xd2, 0x52, 0xa0, 0x7e, 0xcd, 0x6d, 0x84, 0x8c, 0xf8, 0x80, + 0xb7, 0xdb, 0x26, 0x91, 0x4a, 0xa0, 0x61, 0x69, 0x2f, 0x6f, 0x1c, 0x9d, + 0x2a, 0x20, 0x44, 0xdc, 0x58, 0xaf, 0x7d, 0xfe, 0x4d, 0xa2, 0x10, 0x21, + 0x88, 0xef, 0x42, 0x2e, 0x8e, 0xfb, 0x63, 0xbc, 0xc8, 0x26, 0xe7, 0x80, + 0xa5, 0xbf, 0xe0, 0x7a, 0xcb, 0xf3, 0x31, 0x1c, 0xd9, 0xa3, 0x12, 0x00, + 0x2f, 0x20, 0xc6, 0xc1, 0x15, 0xfd, 0x5b, 0x0d, 0x8a, 0x4d, 0xfb, 0x84, + 0x4d, 0xb4, 0x64, 0xeb, 0x12, 0xf3, 0x78, 0x6b, 0x4d, 0xc6, 0x98, 0x46, + 0x4c, 0xb3, 0xb4, 0x59, 0xdc, 0xb7, 0xdc, 0xbb, 0x56, 0x0f, 0x09, 0x14, + 0x28, 0x43, 0x9f, 0xb8, 0x75, 0xed, 0xcb, 0x97, 0x25, 0xaf, 0xa5, 0xeb, + 0x46, 0x14, 0xa6, 0x38, 0x68, 0x06, 0xe0, 0x6e, 0x55, 0x68, 0x6b, 0xf3, + 0xd8, 0x6d, 0x59, 0x65, 0x65, 0xff, 0x48, 0xfd, 0xdb, 0x3d, 0xe2, 0x21, + 0xb4, 0x7b, 0x78, 0x6a, 0x2e, 0x28, 0xb8, 0x21, 0xc4, 0x72, 0xf4, 0xef, + 0xfb, 0x74, 0x43, 0x29, 0xf2, 0x30, 0xc9, 0xca, 0x78, 0x93, 0x72, 0xfd, + 0x84, 0xa4, 0x95, 0xe0, 0xcd, 0xb1, 0x48, 0x29, 0xe7, 0xd1, 0x27, 0xf7, + 0xdc, 0x31, 0x6e, 0x00, 0x04, 0xd7, 0x7c, 0xfd, 0x2d, 0x25, 0xe9, 0xdb, + 0xc2, 0xb8, 0x14, 0x26, 0xed, 0x63, 0xb1, 0x50, 0x0a, 0x3c, 0xb2, 0x79, + 0x98, 0x79, 0x81, 0x2d, 0xdb, 0x60, 0x97, 0x99, 0xc0, 0x0a, 0x89, 0x9f, + 0x90, 0x19, 0x0b, 0xb3, 0x97, 0xd2, 0xf7, 0x50, 0xa5, 0x1d, 0x7d, 0x71, + 0x75, 0xe6, 0x58, 0x62, 0x53, 0x95, 0x40, 0x9e, 0xc7, 0xd3, 0x72, 0xa1, + 0xae, 0x07, 0xb3, 0x8a, 0x56, 0x61, 0x99, 0x81, 0x3e, 0xe4, 0x5e, 0x78, + 0x57, 0xd1, 0x8a, 0xc4, 0x04, 0x38, 0x13, 0xa0, 0x5d, 0x68, 0x6d, 0x22, + 0xae, 0xda, 0xfc, 0x67, 0xbb, 0xfb, 0x8e, 0x1a, 0xdc, 0x24, 0xf7, 0xc8, + 0xf9, 0x92, 0x6f, 0x4e, 0xb5, 0xe7, 0x6d, 0x13, 0x88, 0x05, 0x5c, 0xbb, + 0xe0, 0x24, 0x2a, 0x96, 0xc6, 0x70, 0x52, 0x14, 0xd0, 0xd9, 0xd8, 0xb2, + 0x5b, 0xdc, 0x85, 0xcf, 0x62, 0xb4, 0xcf, 0x77, 0xf1, 0xe5, 0x51, 0xeb, + 0xef, 0xe9, 0x3e, 0xf0, 0x16, 0xd2, 0xcc, 0x38, 0x0a, 0x47, 0x91, 0xc0, + 0xe0, 0x14, 0x1a, 0xf9, 0x74, 0xd1, 0x32, 0x8b, 0x02, 0x36, 0x05, 0x55, + 0x62, 0xa7, 0xae, 0x77, 0xb0, 0x01, 0x3d, 0x2c, 0x91, 0xbe, 0xfa, 0xdd, + 0x9c, 0x17, 0x42, 0xc1, 0x01, 0x4d, 0xd8, 0x27, 0x3c, 0x10, 0x82, 0x66, + 0x11, 0x91, 0x8b, 0xc8, 0x52, 0xd5, 0xc1, 0x1d, 0xee, 0xb2, 0x90, 0x17, + 0xed, 0xf3, 0xad, 0xa5, 0xd5, 0xeb, 0xf2, 0x9b, 0x78, 0xbf, 0x2d, 0x5a, + 0xad, 0xe5, 0x53, 0xe6, 0xc1, 0x3b, 0xd8, 0xf3, 0x6b, 0xc5, 0x4c, 0x87, + 0x0a, 0xe3, 0xc8, 0xc7, 0xe5, 0x42, 0x2c, 0xe2, 0x13, 0x1a, 0xe7, 0x27, + 0x20, 0x3e, 0x95, 0x13, 0x1e, 0xbb, 0x03, 0xae, 0xc0, 0x84, 0x14, 0x6d, + 0x7b, 0xf7, 0x98, 0x08, 0x18, 0x12, 0xb4, 0x4f, 0x99, 0x4a, 0xcf, 0xd0, + 0x4a, 0x5d, 0x21, 0x16, 0xf6, 0xdf, 0x10, 0xc7, 0xbe, 0xe6, 0x79, 0x3b, + 0x35, 0x2a, 0xa6, 0xd6, 0x19, 0x9c, 0xde, 0xbd, 0xaf, 0x72, 0xd2, 0x25, + 0xe0, 0xa4, 0xde, 0x99, 0x44, 0x18, 0x66, 0x41, 0xc7, 0x56, 0xf7, 0xdc, + 0x32, 0x56, 0x57, 0x39, 0x18, 0x31, 0xc8, 0x75, 0x01, 0xc3, 0xf3, 0x46, + 0xcf, 0xbf, 0xc6, 0x10, 0xb5, 0x1c, 0x38, 0xf9, 0xa4, 0xa5, 0x44, 0xa1, + 0x0b, 0x25, 0x48, 0x9c, 0xd3, 0x1c, 0x55, 0x54, 0x15, 0x9f, 0xe3, 0x74, + 0x5b, 0xb1, 0x92, 0xb6, 0x52, 0x61, 0xba, 0x2f, 0x53, 0x91, 0x17, 0x44, + 0x94, 0x00, 0xe4, 0x43, 0xa0, 0xe7, 0x0d, 0xaa, 0x8a, 0x5b, 0x81, 0x43, + 0xad, 0xfb, 0x50, 0xfe, 0xcf, 0x85, 0x2d, 0xfa, 0xc8, 0x1d, 0xad, 0xc8, + 0x7a, 0x7c, 0x5e, 0xf3, 0x90, 0x35, 0x5e, 0x67, 0xce, 0x57, 0x4d, 0xa0, + 0x22, 0x9e, 0x07, 0x4a, 0xf5, 0x9e, 0x5f, 0x91, 0x45, 0xd8, 0x62, 0xe0, + 0xf3, 0x87, 0x3b, 0xb7, 0x89, 0x2f, 0xdf, 0x8b, 0x82, 0xb1, 0x86, 0xc3, + 0xa4, 0xa3, 0x68, 0xc7, 0x73, 0x9e, 0x68, 0x8d, 0x24, 0x6a, 0x29, 0x94, + 0x58, 0x57, 0x4b, 0x81, 0x00, 0xe2, 0x2b, 0x94, 0x0a, 0xf5, 0x96, 0xa3, + 0x23, 0x9a, 0x7b, 0xd0, 0x2d, 0xcb, 0x6a, 0x8e, 0xae, 0x1b, 0x1c, 0x34, + 0xed, 0x30, 0x4e, 0xca, 0x29, 0x21, 0xfc, 0x3d, 0x70, 0x11, 0xc1, 0x5f, + 0x3e, 0xc2, 0x9e, 0x88, 0x71, 0x29, 0xa3, 0x8f, 0x92, 0xf5, 0x46, 0x77, + 0xd5, 0x47, 0x2d, 0x2b, 0x66, 0x1c, 0x07, 0xf0, 0xfc, 0x7b, 0xa0, 0x13, + 0x00, 0xae, 0xa5, 0x61, 0x92, 0x36, 0xeb, 0x7e, 0x43, 0x91, 0x20, 0x72, + 0xe5, 0xba, 0x7f, 0x79, 0x23, 0x12, 0x3e, 0xb2, 0x4b, 0x13, 0xa1, 0x8c, + 0x84, 0x72, 0x3b, 0x45, 0x62, 0xcf, 0x2e, 0x78, 0xc4, 0x9c, 0x22, 0x09, + 0xfa, 0x59, 0x9d, 0xdf, 0x13, 0x54, 0x66, 0xe2, 0x6f, 0xfa, 0xb5, 0x2a, + 0x27, 0x3e, 0x17, 0x82, 0xf3, 0x2a, 0x4d, 0x36, 0xd3, 0xf0, 0x8d, 0x43, + 0x40, 0x2c, 0x84, 0x68, 0xbe, 0x40, 0x50, 0x7d, 0xa3, 0x27, 0x5e, 0xde, + 0x4d, 0x04, 0x6f, 0xe8, 0x96, 0x9c, 0x7a, 0x1d, 0xb8, 0x2b, 0x8a, 0xb1, + 0x6e, 0xe2, 0x36, 0x07, 0x22, 0x50, 0xd9, 0x71, 0x93, 0x48, 0xb5, 0x51, + 0xce, 0x2a, 0x64, 0x6b, 0x11, 0xa6, 0xb9, 0x40, 0x2d, 0x6c, 0xd2, 0x76, + 0x52, 0xc6, 0xe3, 0xa6, 0x6b, 0xd2, 0x3f, 0x39, 0xd2, 0x13, 0x28, 0xa4, + 0xa9, 0x58, 0x99, 0xe8, 0x3d, 0x08, 0xfa, 0x3c, 0x34, 0x39, 0x4d, 0x7d, + 0x5e, 0x10, 0x72, 0x51, 0x96, 0x1d, 0x4b, 0xd9, 0x3e, 0xc9, 0x22, 0x4c, + 0x72, 0x63, 0xf8, 0x87, 0x4b, 0xe7, 0x41, 0xac, 0xcd, 0xd6, 0x34, 0xa2, + 0xe1, 0xe8, 0x66, 0x81, 0x04, 0x7d, 0x70, 0x95, 0xba, 0x37, 0x86, 0x9e, + 0x1f, 0x9a, 0x1b, 0xe4, 0x35, 0xac, 0xe6, 0xcf, 0x48, 0x55, 0x6e, 0xbb, + 0x9d, 0x40, 0x79, 0x96, 0xdd, 0xac, 0xf8, 0xf5, 0x99, 0xad, 0x43, 0x0d, + 0xad, 0xa9, 0x62, 0xc0, 0x70, 0x8b, 0x50, 0x9b, 0xca, 0x0d, 0x3e, 0x54, + 0x9c, 0x27, 0xd5, 0x9e, 0x20, 0xe2, 0xe0, 0xb0, 0xb0, 0xbe, 0x8e, 0x56, + 0x43, 0x95, 0x9b, 0x34, 0xd1, 0x05, 0x28, 0xa0, 0xee, 0xd9, 0xab, 0x6a, + 0xa7, 0xbb, 0xb7, 0x1b, 0x3a, 0x5d, 0x33, 0x97, 0x25, 0x54, 0xe4, 0x0e, + 0x64, 0x79, 0xed, 0x16, 0x62, 0x89, 0x70, 0x4a, 0xa6, 0x47, 0x40, 0xd7, + 0xa3, 0xd2, 0x6f, 0x28, 0xdd, 0xc5, 0x04, 0xab, 0x7e, 0x7e, 0x1e, 0xb0, + 0x19, 0x02, 0x48, 0xb5, 0x88, 0x82, 0x75, 0xaf, 0x66, 0x74, 0xca, 0xf6, + 0xd7, 0xe8, 0x6d, 0xfa, 0x5e, 0xfa, 0xaf, 0xa8, 0x04, 0xaa, 0x2c, 0x09, + 0xf1, 0x4c, 0x36, 0x75, 0xb5, 0xdc, 0xe8, 0x04, 0x80, 0xd3, 0x14, 0x78, + 0x09, 0x5b, 0xfd, 0x52, 0x6f, 0xd9, 0x3c, 0x1c, 0x02, 0x3b, 0x77, 0xb8, + 0xa1, 0xe9, 0xa4, 0xb7, 0x42, 0x62, 0xee, 0xea, 0x43, 0xf3, 0xd8, 0xd0, + 0x7a, 0x53, 0x91, 0x34, 0x7f, 0xe7, 0x9a, 0xc6 + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_pub_key[] = { + 0x15, 0xc9, 0xe5, 0x53, 0x2f, 0xd8, 0x1f, 0xb4, 0xa3, 0x9f, + 0xae, 0xad, 0xb3, 0x10, 0xd0, 0x72, 0x69, 0xd3, 0x02, 0xf3, + 0xdf, 0x67, 0x5a, 0x31, 0x52, 0x19, 0xca, 0x39, 0x27, 0x77, + 0x61, 0x6d, 0x0f, 0xc1, 0x33, 0x26, 0x09, 0xf0, 0xf9, 0x4d, + 0x12, 0x7a, 0xef, 0xf7, 0x21, 0x26, 0x2c, 0xe0, 0xe2, 0x92, + 0x1f, 0x9d, 0xd1, 0xaa, 0xaf, 0x08, 0x14, 0xf2, 0xaa, 0x24, + 0x99, 0x0f, 0x20, 0x57, 0x35, 0x04, 0x32, 0x96, 0x8e, 0x6e, + 0x10, 0x64, 0xe3, 0xe3, 0x57, 0x26, 0x33, 0x32, 0x7b, 0xe4, + 0x18, 0x41, 0x77, 0xd3, 0x24, 0x63, 0x3d, 0x11, 0xea, 0xdc, + 0xbe, 0x59, 0xff, 0x8d, 0xc2, 0xe4, 0xc7, 0x04, 0xf3, 0xd4, + 0xe0, 0x1d, 0x5e, 0x09, 0x46, 0xbf, 0x02, 0x05, 0xc7, 0xa6, + 0xb7, 0x82, 0x40, 0x1f, 0x55, 0xe9, 0x77, 0x82, 0xc0, 0xcc, + 0x86, 0x99, 0x19, 0x99, 0xa2, 0xc9, 0x1b, 0x4f, 0xdd, 0x49, + 0x4c, 0x78, 0x0a, 0x58, 0xb8, 0xf0, 0x23, 0xac, 0x1a, 0x71, + 0x57, 0x6d, 0xd6, 0x3a, 0x3a, 0x6f, 0x93, 0xb3, 0x2b, 0x09, + 0xbe, 0xec, 0x7b, 0x5b, 0xf7, 0x3a, 0xed, 0xf9, 0xd0, 0xb1, + 0xfe, 0x9f, 0x9b, 0xec, 0x11, 0xb6, 0x6b, 0xd1, 0xb6, 0x00, + 0x72, 0x7f, 0x68, 0x9a, 0x61, 0xa5, 0xf5, 0x6e, 0xe9, 0x46, + 0xa4, 0x82, 0x08, 0x9f, 0x50, 0x4c, 0x75, 0xc3, 0x48, 0x85, + 0x76, 0x39, 0xea, 0x0c, 0xf2, 0xe8, 0x7e, 0x48, 0x69, 0xd9, + 0x6f, 0x9a, 0x89, 0x7d, 0x98, 0xc1, 0x16, 0xdc, 0x2f, 0xc7, + 0x0a, 0x11, 0xa8, 0xbb, 0xe7, 0x91, 0xb1, 0x0f, 0x0e, 0xf0, + 0xb4, 0xc8, 0x41, 0x7e, 0x62, 0x9e, 0x3c, 0x30, 0x4c, 0xbc, + 0x4c, 0xeb, 0x37, 0xaf, 0x48, 0x72, 0x59, 0x64, 0x8e, 0xfb, + 0x77, 0x11, 0x28, 0xdd, 0x30, 0x52, 0x8e, 0x69, 0x8c, 0x9f, + 0x3d, 0xec, 0xdf, 0xa7, 0x5f, 0x42, 0x18, 0xda, 0xba, 0x1a, + 0x96, 0x91, 0x7d, 0x62, 0xd5, 0x52, 0xff, 0x44, 0xc9, 0x1d, + 0x29, 0xa6, 0xb9, 0x03, 0x9a, 0x26, 0x26, 0xcf, 0x57, 0x40, + 0x70, 0x7e, 0x2b, 0xbd, 0xf0, 0x81, 0x71, 0x0f, 0x0b, 0x2e, + 0x9b, 0x03, 0xba, 0x31, 0x41, 0x68, 0x37, 0xc8, 0xff, 0xea, + 0xc4, 0x73, 0xa5, 0xf9, 0xc2, 0x92, 0x78, 0x0c, 0xe7, 0xfd, + 0x5d, 0xb2, 0x01, 0xb5, 0x8d, 0xeb, 0x64, 0xd4, 0x14, 0xea, + 0x7a, 0xd1, 0x42, 0xc8, 0x99, 0xe4, 0x7d, 0x5b, 0x7e, 0x3b, + 0x8f, 0xab, 0x82, 0x12, 0xdf, 0xbb, 0xa1, 0x45, 0x30, 0xc9, + 0x0f, 0xb9, 0xe5, 0xba, 0xe6, 0x8a, 0xf3, 0x78, 0x61, 0xcc, + 0x9f, 0xe1, 0x46, 0x2a, 0x9a, 0x18, 0x0e, 0x2a, 0x57, 0xf3, + 0xe5, 0x56, 0xd1, 0x42, 0x48, 0xe1, 0x5a, 0x8e, 0x33, 0xce, + 0x19, 0xe5, 0x3e, 0x7f, 0x00, 0x70, 0x9c, 0x4c, 0xd3, 0xe1, + 0x0c, 0xa1, 0x7e, 0xd4, 0xa9, 0x9e, 0x8b, 0xe2, 0xf0, 0xac, + 0xdb, 0xa6, 0x72, 0x75, 0x67, 0xa6, 0x57, 0xed, 0x79, 0x2e, + 0xca, 0x8d, 0xeb, 0x9b, 0x9e, 0xb7, 0xbf, 0x30, 0x02, 0x2b, + 0xb3, 0x43, 0x89, 0x9b, 0xa8, 0x88, 0xa5, 0xbb, 0x33, 0xd9, + 0x99, 0x30, 0x7c, 0xc7, 0xd4, 0x28, 0x5e, 0x5e, 0x3f, 0x9d, + 0x6d, 0x35, 0x75, 0x33, 0x8e, 0xff, 0x84, 0x2e, 0x2d, 0xda, + 0xf0, 0xff, 0x70, 0xe5, 0xb5, 0x62, 0x96, 0x33, 0x3a, 0xd9, + 0xb5, 0x82, 0x25, 0x81, 0x81, 0x40, 0x5d, 0x4f, 0x11, 0x86, + 0x63, 0x1a, 0x06, 0xc1, 0x67, 0xc7, 0x49, 0x03, 0xc7, 0xe4, + 0x6f, 0xb4, 0x13, 0x3e, 0x57, 0x62, 0xfd, 0x8a, 0xc6, 0x2b, + 0x65, 0x5b, 0xa4, 0x29, 0x57, 0x8d, 0xde, 0xa5, 0xee, 0x32, + 0xc2, 0x76, 0x03, 0xca, 0xce, 0xc1, 0x48, 0xec, 0x45, 0xcf, + 0x30, 0x21, 0x28, 0x7f, 0x10, 0x47, 0xd2, 0xdb, 0xee, 0xca, + 0x5b, 0x0f, 0xd5, 0x39, 0x3a, 0xc3, 0xa6, 0x78, 0xb2, 0x15, + 0xaf, 0x82, 0x3c, 0x2f, 0xc4, 0x51, 0x5c, 0x52, 0xad, 0xf2, + 0x89, 0x92, 0x8e, 0xf3, 0x50, 0x38, 0xed, 0xf8, 0xc9, 0x14, + 0x4c, 0xe4, 0xa3, 0x9a, 0xaf, 0xc4, 0x5c, 0xf3, 0x9f, 0xc3, + 0xa3, 0xc0, 0xbe, 0x45, 0x1b, 0x21, 0x63, 0xfa, 0xe0, 0xe0, + 0x91, 0x2b, 0x42, 0xca, 0x91, 0xfb, 0x5e, 0x97, 0x9a, 0x0a, + 0xd4, 0x88, 0xba, 0xb8, 0x22, 0xc6, 0xbf, 0x56, 0x58, 0x1e, + 0x92, 0xa9, 0x9d, 0xa7, 0xed, 0xc9, 0xab, 0x54, 0x4f, 0x75, + 0x8d, 0x42, 0xc1, 0xe1, 0x61, 0xd0, 0x91, 0x9a, 0x3a, 0x40, + 0x9a, 0xa3, 0xfb, 0x7b, 0x4e, 0xf0, 0x85, 0xf0, 0xdc, 0x40, + 0x72, 0x9f, 0x05, 0xa8, 0xbe, 0x95, 0x5a, 0x7f, 0xba, 0x75, + 0x00, 0x6e, 0x95, 0x76, 0xbd, 0xb2, 0x40, 0xf5, 0xb0, 0x64, + 0x0a, 0x2f, 0x06, 0x3d, 0x9f, 0xac, 0x6a, 0xa5, 0x46, 0x5a, + 0x85, 0xa4, 0x6f, 0xee, 0x27, 0xa0, 0xeb, 0x5f, 0x1f, 0x91, + 0xbd, 0x2b, 0x02, 0x16, 0xdf, 0x74, 0x97, 0x2c, 0xd0, 0xa8, + 0x9f, 0x3a, 0x7b, 0xdf, 0x3e, 0x98, 0x4a, 0x91, 0xdc, 0x19, + 0x96, 0x88, 0x75, 0x21, 0x1a, 0x6a, 0xa8, 0x4b, 0x1f, 0x35, + 0xd1, 0x92, 0xf5, 0x76, 0xf4, 0x72, 0x55, 0x13, 0xdb, 0x5d, + 0x07, 0x8d, 0xd9, 0x72, 0xe4, 0x75, 0xde, 0x80, 0xbc, 0xe9, + 0x9c, 0xf0, 0x5c, 0x6a, 0x8a, 0x0e, 0x34, 0xf6, 0x3f, 0x5c, + 0xef, 0x0e, 0xcc, 0x52, 0x38, 0x2d, 0x7b, 0xc2, 0x1b, 0x69, + 0x9f, 0xe5, 0xed, 0x14, 0xb0, 0x91, 0x0b, 0xe9, 0x4d, 0x34, + 0xd5, 0xaa, 0xd4, 0xd2, 0x46, 0x39, 0x45, 0x7e, 0x85, 0x2f, + 0xdb, 0x89, 0xf4, 0xff, 0x05, 0x74, 0x51, 0xba, 0xdd, 0xee, + 0xf6, 0xc2, 0xc1, 0x0a, 0x8f, 0xd9, 0xeb, 0xc7, 0x61, 0x30, + 0x8f, 0x86, 0x8b, 0x1f, 0x82, 0xc1, 0x22, 0xfd, 0x83, 0xf4, + 0x5d, 0xc5, 0x94, 0xf5, 0xd7, 0x17, 0xc7, 0x7b, 0x71, 0xf5, + 0x5e, 0x15, 0x49, 0x70, 0xb2, 0x57, 0xa0, 0xc0, 0x57, 0x63, + 0x53, 0x35, 0xb6, 0x52, 0x20, 0x7b, 0x83, 0xd4, 0x57, 0x63, + 0x25, 0x8e, 0x83, 0xb3, 0x8e, 0x26, 0x1f, 0x09, 0xde, 0x14, + 0xd6, 0xa6, 0xfc, 0xe5, 0x93, 0x3c, 0x88, 0x8e, 0xf5, 0x10, + 0x57, 0xb9, 0xc9, 0x9b, 0xff, 0x72, 0x9d, 0x3d, 0x3f, 0x97, + 0xd9, 0x3c, 0x20, 0xe2, 0x57, 0xfd, 0x2a, 0x5c, 0x17, 0x12, + 0xe6, 0x08, 0xaf, 0xe4, 0x26, 0x96, 0xb9, 0x6d, 0xc3, 0xac, + 0x22, 0xf3, 0x8b, 0x89, 0xde, 0xc7, 0x8a, 0x93, 0x06, 0xf7, + 0x1d, 0x08, 0x21, 0x36, 0x16, 0x74, 0x2b, 0x97, 0x23, 0xe4, + 0x79, 0x31, 0x08, 0x23, 0x62, 0x30, 0x67, 0xe2, 0xed, 0x30, + 0x9b, 0x0c, 0xf9, 0x08, 0x7a, 0x29, 0x73, 0xc6, 0x77, 0x8a, + 0xbb, 0x2a, 0x1c, 0x66, 0xd0, 0xdd, 0x9e, 0xa3, 0xe9, 0x62, + 0xcc, 0xb7, 0x88, 0x25, 0x4a, 0x5f, 0xbc, 0xaa, 0xe3, 0xe4, + 0x4f, 0xec, 0xa6, 0x8e, 0xa6, 0xa4, 0x1b, 0x22, 0x2b, 0x2c, + 0x8f, 0x57, 0x7f, 0xb7, 0x33, 0xfe, 0x16, 0x43, 0x85, 0xc5, + 0xd2, 0x95, 0xe6, 0xb9, 0x21, 0x68, 0x88, 0x98, 0x33, 0x8c, + 0x1d, 0x15, 0x9c, 0x4d, 0x62, 0x1f, 0x6b, 0xe8, 0x7a, 0x2d, + 0x6b, 0x0e, 0xc3, 0xde, 0x1a, 0xa8, 0xed, 0x67, 0xb3, 0xb3, + 0x36, 0x5b, 0x4b, 0xcb, 0xe8, 0xa8, 0x5c, 0x0b, 0x2f, 0xca, + 0xd7, 0x71, 0xe8, 0x85, 0xe7, 0x4d, 0xe5, 0x7b, 0x45, 0xed, + 0xb2, 0x4c, 0x69, 0x04, 0x7e, 0x4f, 0xc0, 0xef, 0x1a, 0xca, + 0x0d, 0xa6, 0xc4, 0x79, 0x15, 0x78, 0x9c, 0xd2, 0x91, 0x3c, + 0x32, 0x55, 0x40, 0xe7, 0xcb, 0x7e, 0xde, 0x07, 0xa6, 0x97, + 0x00, 0x2d, 0x70, 0xf6, 0x3d, 0x15, 0xdf, 0x29, 0x8e, 0xa3, + 0x96, 0x6d, 0xf2, 0xbb, 0xa5, 0x1b, 0x7b, 0x58, 0x30, 0xf6, + 0x17, 0xbd, 0xda, 0x13, 0xf7, 0x33, 0xc2, 0x62, 0x32, 0xd4, + 0x1c, 0x2e, 0x31, 0x74, 0x92, 0xad, 0x99, 0x8c, 0x0e, 0x7c, + 0x50, 0x21, 0xcd, 0xff, 0x41, 0xeb, 0xd1, 0xca, 0x14, 0xb7, + 0xb2, 0x31, 0x2f, 0xbe, 0x16, 0xce, 0x4f, 0x26, 0x16, 0x04, + 0xc2, 0xaf, 0xbe, 0x0d, 0x24, 0xab, 0x9a, 0x21, 0x37, 0x06, + 0xac, 0x50, 0x23, 0xf1, 0xbe, 0x5c, 0xbb, 0x64, 0xf3, 0xd3, + 0x66, 0xa3, 0xb8, 0xbe, 0x8b, 0x49, 0x8d, 0xf6, 0xc7, 0xb9, + 0x8f, 0x4e, 0x31, 0x06, 0x51, 0xe5, 0xf3, 0x0e, 0x56, 0xc4, + 0x24, 0x30, 0xf5, 0xe9, 0x36, 0x71, 0xbc, 0xc9, 0x70, 0x2c, + 0x6c, 0x4c, 0x15, 0x43, 0x44, 0xa4, 0xfc, 0xf1, 0xd2, 0x71, + 0x6c, 0x4c, 0xce, 0x30, 0x6c, 0x05, 0x7d, 0x2e, 0xb7, 0xbc, + 0xe4, 0x65, 0x76, 0x24, 0x75, 0x36, 0xdf, 0x28, 0xfc, 0xcd, + 0x9a, 0xba, 0xc2, 0xcd, 0xb0, 0x30, 0xdb, 0xe7, 0x2e, 0x3c, + 0x92, 0x63, 0x1d, 0x30, 0x23, 0x74, 0xb1, 0xb8, 0xcc, 0xd7, + 0xb6, 0x90, 0x65, 0x73, 0xa2, 0x2a, 0x6e, 0x49, 0x95, 0x0d, + 0xab, 0x24, 0xdf, 0x2d, 0xbf, 0x76, 0x46, 0x01, 0x44, 0xe4, + 0x18, 0x8e, 0xd5, 0x9a, 0x76, 0xc9, 0xc6, 0xbc, 0xdb, 0x7f, + 0x80, 0x52, 0xc6, 0x40, 0x41, 0x12, 0x36, 0x7c, 0x80, 0x69, + 0xce, 0x7b, 0xe1, 0xa0, 0x53, 0xa2, 0xd6, 0x8f, 0x3f, 0xf7, + 0xd7, 0x61, 0x09, 0x70, 0xa2, 0xa0, 0xc6, 0xaf, 0xa0, 0xd0, + 0xfa, 0x13, 0xbf, 0xc0, 0x69, 0x15, 0xce, 0x15, 0xec, 0x24, + 0x4b, 0x6b, 0xdc, 0x93, 0x51, 0xc6, 0x82, 0x19, 0x92, 0x84, + 0x5d, 0x99, 0xb0, 0x90, 0x2c, 0xcc, 0x2a, 0x81, 0x6b, 0x22, + 0x64, 0x0a, 0xcb, 0x51, 0x25, 0x82, 0x50, 0x02, 0x2d, 0x3e, + 0xd4, 0x72, 0xb3, 0x0c, 0x15, 0x77, 0xd2, 0xca, 0x98, 0x2f, + 0x41, 0x93, 0x14, 0xb2, 0x7f, 0xa1, 0x97, 0xa3, 0xb8, 0x8a, + 0x56, 0x24, 0x38, 0xa7, 0x36, 0xc5, 0x01, 0xc0, 0x9f, 0x3f, + 0x3e, 0x9a, 0xf6, 0xe9, 0x16, 0x82, 0x01, 0x58, 0x70, 0x0e, + 0x0d, 0xbc, 0xfa, 0x03, 0x57, 0x65, 0xa8, 0x5a, 0x3d, 0x57, + 0x81, 0x23, 0xbe, 0x6e, 0xa9, 0xe8, 0x22, 0xdf, 0x2f, 0x70, + 0xeb, 0x0a, 0x03, 0x96, 0x6b, 0xef, 0x20, 0x9f, 0xf2, 0x62, + 0xe7, 0xb2, 0x6e, 0x3a, 0x1e, 0x40, 0x1f, 0xd2, 0x97, 0x48, + 0xd1, 0x18, 0xf0, 0xeb, 0x52, 0x58, 0x02, 0x26, 0xce, 0x75, + 0xb1, 0x3a, 0x9d, 0x5b, 0x52, 0x94, 0xb2, 0x6e, 0x0e, 0x3f, + 0x39, 0xb6, 0xd9, 0x8a, 0x9d, 0xe8, 0x7c, 0x83, 0x32, 0xcc, + 0x43, 0x35, 0x9b, 0x7a, 0xed, 0xb2, 0x1e, 0x51, 0x37, 0x6c, + 0x14, 0xd8, 0xb8, 0x55, 0xb3, 0x91, 0xef, 0x0c, 0x3a, 0xe5, + 0x77, 0xd0, 0xbd, 0xb0, 0x7d, 0x38, 0x84, 0x2a, 0x47, 0xb2, + 0xb6, 0xda, 0xd7, 0x75, 0xd6, 0x2e, 0x60, 0xc7, 0x10, 0x52, + 0xf7, 0xdd, 0x09, 0x15, 0x6f, 0x04, 0x31, 0xc3, 0x5a, 0x6b, + 0x0c, 0x60, 0x10, 0xa8, 0x6e, 0x20, 0xa9, 0xdd, 0xb7, 0x72, + 0xc3, 0x9e, 0x85, 0xd2, 0x8f, 0x16, 0x7e, 0x3d, 0xe0, 0x63, + 0x81, 0x32, 0xfd, 0xca, 0xbc, 0x0f, 0xef, 0x3e, 0x74, 0x6a, + 0xb1, 0x60, 0xc1, 0x10, 0x50, 0x7c, 0x67, 0xa4, 0x19, 0xa7, + 0xb8, 0xed, 0xe6, 0xf5, 0x4e, 0x41, 0x53, 0xa6, 0x72, 0x1b, + 0x2c, 0x33, 0x6a, 0x37, 0xf1, 0xb5, 0x1c, 0x01, 0x7d, 0xa2, + 0x1f, 0x2c, 0x4e, 0x0a, 0xbf, 0xd4, 0x2c, 0x24, 0x91, 0x58, + 0x62, 0xfb, 0xf8, 0x63, 0xd9, 0xf8, 0x78, 0xf5, 0xc7, 0x78, + 0x32, 0xda, 0x99, 0xeb, 0x58, 0x20, 0x25, 0x19, 0xb1, 0x06, + 0x7f, 0x6a, 0x29, 0x20, 0xdb, 0xc8, 0x22, 0x48, 0xa9, 0x7f, + 0x24, 0x54, 0x8d, 0x7d, 0x8d, 0xb1, 0x69, 0xb2, 0xa3, 0x98, + 0x14, 0x0f, 0xba, 0xfa, 0xb6, 0x15, 0xe8, 0x28, 0x99, 0x3f, + 0x30, 0x04, 0x50, 0xab, 0x5a, 0x3c, 0xf1, 0x97, 0xe1, 0xc8, + 0x0f, 0x0e, 0xb4, 0x11, 0x63, 0x5a, 0x79, 0x08, 0x48, 0x75, + 0xaf, 0x9b, 0xca, 0xd9, 0x13, 0x18, 0xcc, 0xb1, 0xb3, 0xee, + 0xdd, 0x63, 0xdd, 0xf4, 0x21, 0x98, 0x76, 0xe2, 0x3e, 0xd5, + 0x86, 0x23, 0x33, 0x7e, 0xc7, 0xb4, 0x35, 0x4b, 0xc2, 0x2d, + 0xe1, 0xe2, 0xb0, 0x6c, 0x8b, 0x9b, 0x20, 0x3d, 0x48, 0x24, + 0x7c, 0xea, 0xa1, 0x75, 0x27, 0xe5, 0xf4, 0x70, 0xeb, 0x3b, + 0xc7, 0x26, 0x37, 0x04, 0xff, 0x8a, 0x7a, 0xd0, 0xc2, 0xb7, + 0x84, 0xb7, 0x29, 0xfb, 0x0e, 0xa3, 0xa8, 0x71, 0xcd, 0x58, + 0x06, 0x36, 0xe2, 0xf2, 0x77, 0xcc, 0x0f, 0x78, 0x08, 0x2b, + 0xbb, 0xe3, 0x53, 0x05, 0x71, 0xdc, 0x6c, 0x37, 0x32, 0x91, + 0x46, 0x42, 0x4f, 0x21, 0xe0, 0x34, 0xad, 0x3f, 0x30, 0x5a, + 0xc7, 0x0d, 0x17, 0x19, 0x39, 0x31, 0x58, 0x69, 0x3c, 0x8c, + 0xbe, 0xe7, 0xa6, 0x3b, 0xad, 0xfb, 0x46, 0x89, 0x06, 0xc1, + 0x8c, 0x16, 0x9a, 0x06, 0x3a, 0xd0, 0x7e, 0xd6, 0xb0, 0x7b, + 0x7d, 0xf8, 0x91, 0x7c, 0xfa, 0xd9, 0x66, 0x39, 0xfa, 0xbc, + 0x57, 0xa7, 0x78, 0x8b, 0x36, 0x78, 0xc0, 0x1c, 0x0e, 0x23, + 0x05, 0x0e, 0x04, 0x61, 0x16, 0x34, 0xf9, 0xc6, 0x63, 0x58, + 0xdf, 0xf4, 0x52, 0xce, 0xd0, 0x0f, 0x0c, 0xec, 0xb1, 0x82, + 0xf4, 0x72, 0x73, 0x72, 0x3f, 0x02, 0xbe, 0xe3, 0x9c, 0x63, + 0x73, 0xc8, 0x21, 0x65, 0xba, 0x57, 0x52, 0xa9, 0x19, 0xac, + 0x68, 0x50, 0xbd, 0x2d, 0x72, 0x5b, 0x93, 0x0f, 0x1c, 0x81, + 0x77, 0xd7, 0x2e, 0xc3, 0x93, 0x52, 0x6e, 0xdc, 0x79, 0x52, + 0x9f, 0xe3, 0xde, 0xe1, 0xba, 0x58, 0x55, 0xab, 0x8a, 0xf2, + 0x35, 0x6a, 0xcf, 0x94, 0x1f, 0x17, 0xa4, 0x23, 0x2e, 0x8e, + 0x18, 0x21, 0xbe, 0x14, 0xfa, 0xe7, 0x59, 0xc5, 0x44, 0x34, + 0xce, 0x03, 0xf4, 0xb7, 0x75, 0xd3, 0x51, 0x55, 0xdf, 0xff, + 0xcf, 0x4f, 0x44, 0xee, 0x13, 0x9b, 0xcb, 0x12, 0xae, 0xe5, + 0x5b, 0x44, 0x65, 0x28, 0xcb, 0x6a, 0x9c, 0x24, 0x1d, 0xea, + 0x2d, 0x5e, 0xa5, 0xc3, 0x78, 0xad, 0xed, 0x0c, 0x05, 0xa6, + 0xaf, 0x95, 0x04, 0xd2, 0xb5, 0x91, 0x0e, 0xa0, 0x06, 0x77, + 0xc5, 0x82, 0xf6, 0xdd, 0x72, 0x83, 0x04, 0xcc, 0xb0, 0xab, + 0x7a, 0xf0, 0xb4, 0x4d, 0x36, 0x71, 0x72, 0x1a, 0x9a, 0x0d, + 0xcd, 0xa3, 0x11, 0xa8, 0x0d, 0x7d, 0x49, 0xce, 0x9c, 0x09, + 0x1d, 0x08, 0xa4, 0x39, 0x2e, 0x03, 0xdf, 0x3a, 0xc8, 0xfe, + 0x6a, 0x2b, 0x0b, 0x07, 0x80, 0x55, 0x8a, 0xa8, 0xe6, 0x0e, + 0xc9, 0x7e, 0x83, 0xce, 0x3a, 0x98, 0x98, 0x4e, 0x3e, 0x08, + 0x20, 0x8f, 0x10, 0xfc, 0xc1, 0xc4, 0xcf, 0x37, 0x8d, 0x69, + 0xd8, 0x57, 0x9d, 0x48, 0x80, 0x6a, 0xef, 0x0c, 0xdd, 0x27, + 0x99, 0xf9, 0xe7, 0xd0, 0xd2, 0x36, 0xd8, 0xed, 0x41, 0x14, + 0x1b, 0x10 + }; +#endif + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_sig[] = { + 0xb1, 0xd1, 0x8e, 0x83, 0x0b, 0x0d, 0xd2, 0x71, 0xb2, 0xaa, 0x31, 0x38, + 0x16, 0xf0, 0xb4, 0xbc, 0x64, 0x2b, 0x97, 0xa1, 0x08, 0x19, 0x4f, 0x52, + 0xfe, 0x99, 0x1a, 0xa9, 0xd4, 0x08, 0x93, 0x99, 0x88, 0xfd, 0x6a, 0xd6, + 0xd8, 0xdb, 0xf0, 0x71, 0x2a, 0xc9, 0x04, 0x83, 0xc9, 0x45, 0x59, 0x5d, + 0xe0, 0x36, 0x59, 0x53, 0x1b, 0xb8, 0x5a, 0xa6, 0x1f, 0xb4, 0x1b, 0x0a, + 0xfb, 0x3a, 0xba, 0xe3, 0xb7, 0x5e, 0x04, 0x14, 0x59, 0x09, 0x9a, 0x8e, + 0xc2, 0x77, 0x5a, 0x3d, 0xf1, 0x43, 0x67, 0x74, 0x78, 0xfc, 0xcd, 0x34, + 0xed, 0x35, 0x16, 0x38, 0x04, 0xe6, 0xe7, 0xd6, 0xd2, 0x90, 0x1b, 0x28, + 0xb6, 0x66, 0x1b, 0x57, 0x85, 0x5e, 0xa7, 0x9f, 0x86, 0x1a, 0x0d, 0xc3, + 0x7e, 0xed, 0xbd, 0x32, 0x8a, 0x35, 0xe1, 0xb3, 0x01, 0xdc, 0x9b, 0x44, + 0x88, 0xa1, 0x0b, 0x87, 0x6e, 0x55, 0x31, 0xb1, 0x27, 0xcb, 0x85, 0xa4, + 0x27, 0x56, 0x33, 0xb0, 0x39, 0x0d, 0xd3, 0x4b, 0xd1, 0xa2, 0x47, 0x07, + 0xc6, 0xf4, 0xe6, 0x1f, 0x88, 0x70, 0x70, 0x13, 0x7e, 0x2e, 0x17, 0x32, + 0x0a, 0x6b, 0x38, 0x34, 0xcf, 0x2f, 0x00, 0x36, 0x58, 0x8d, 0xe1, 0xdd, + 0xa7, 0x94, 0x2a, 0x8f, 0x87, 0x99, 0x67, 0x02, 0x4d, 0x5b, 0x56, 0xaf, + 0xef, 0xc4, 0x3c, 0xff, 0x72, 0x53, 0x95, 0x27, 0x03, 0x49, 0x94, 0x4f, + 0x94, 0x87, 0x1f, 0x52, 0x33, 0xed, 0xb9, 0x14, 0x7b, 0xe5, 0x6c, 0xef, + 0x7a, 0x17, 0x5a, 0xa4, 0x89, 0x2a, 0xfe, 0x68, 0xda, 0xdd, 0x48, 0xc2, + 0xf0, 0x92, 0xf4, 0xe4, 0xd6, 0xa6, 0x48, 0x08, 0x2c, 0xe8, 0xcd, 0x72, + 0xf6, 0x94, 0x3e, 0xc1, 0x82, 0xb8, 0x01, 0x58, 0xb2, 0xef, 0xef, 0xf4, + 0xcb, 0x93, 0x63, 0x2e, 0x33, 0x5b, 0xc9, 0xd6, 0x6a, 0xde, 0xad, 0xe8, + 0x1e, 0x3f, 0xa3, 0xf2, 0x35, 0x87, 0xc1, 0xc9, 0x48, 0x2f, 0x1b, 0x00, + 0xea, 0x3d, 0x04, 0x29, 0xd5, 0xc0, 0xe9, 0x1a, 0xc5, 0xce, 0x5e, 0xdb, + 0xd1, 0xee, 0x16, 0x9c, 0x05, 0x40, 0xf9, 0x21, 0x13, 0x72, 0x08, 0x39, + 0x6b, 0x63, 0x19, 0xcd, 0x6f, 0x64, 0xa0, 0xc3, 0x77, 0xb7, 0x50, 0xed, + 0xe9, 0x2d, 0xd5, 0x72, 0xea, 0xa6, 0xc1, 0x97, 0xb9, 0x6b, 0xe5, 0x81, + 0x91, 0x8e, 0xd1, 0x36, 0x11, 0xee, 0xfb, 0x2b, 0x66, 0xba, 0xe4, 0x3e, + 0xd0, 0xdd, 0x17, 0xc5, 0x24, 0x3b, 0xc3, 0x5b, 0x75, 0xfc, 0xd5, 0xb6, + 0x8c, 0xba, 0x8c, 0x66, 0xb2, 0xee, 0x40, 0x45, 0x8c, 0x23, 0xbb, 0xe0, + 0xc8, 0xd6, 0x05, 0xfd, 0x71, 0x5b, 0x24, 0xbb, 0x37, 0x65, 0x5f, 0x57, + 0x92, 0x22, 0x13, 0xb2, 0x9a, 0x70, 0x22, 0x4b, 0xbe, 0x03, 0xd1, 0x54, + 0xb0, 0x3a, 0x30, 0x50, 0x71, 0x24, 0xf7, 0x81, 0x8c, 0x20, 0x67, 0x74, + 0x5a, 0xef, 0xa1, 0x6a, 0xe3, 0xd0, 0x04, 0xd6, 0xa5, 0x6e, 0xad, 0xa7, + 0x15, 0x41, 0xf3, 0x21, 0xe8, 0xd9, 0xe6, 0xe5, 0x97, 0xbd, 0xc2, 0x1b, + 0xbb, 0xd1, 0x4e, 0x7e, 0x5a, 0xd6, 0xe4, 0x19, 0xa5, 0xe4, 0x76, 0xf4, + 0xce, 0x00, 0x94, 0x76, 0xef, 0x1b, 0xb3, 0x47, 0xb9, 0xa3, 0x32, 0xf7, + 0x45, 0x6d, 0x32, 0x73, 0x06, 0xc0, 0xb9, 0xaf, 0x9c, 0x46, 0x99, 0xbe, + 0x14, 0x06, 0xcd, 0x35, 0x7c, 0x90, 0x7c, 0xe7, 0x97, 0x0a, 0x9f, 0xb4, + 0x21, 0xff, 0xf0, 0xea, 0x83, 0xc0, 0x86, 0x68, 0x9f, 0x36, 0xb0, 0xad, + 0xe1, 0x8d, 0xc5, 0x76, 0x55, 0xb5, 0xb6, 0x7e, 0x1f, 0xa7, 0x5b, 0x26, + 0x6c, 0xb5, 0xf9, 0x54, 0x1f, 0x76, 0xc1, 0x9c, 0xfc, 0x57, 0xc8, 0x86, + 0xc1, 0x7d, 0x59, 0x55, 0x92, 0xa5, 0xb8, 0x03, 0xfa, 0xa5, 0x72, 0xd1, + 0x5c, 0x8d, 0x9b, 0x2e, 0x84, 0x07, 0x18, 0xee, 0x49, 0xc5, 0x99, 0x8e, + 0x15, 0x7c, 0xbf, 0xad, 0x8b, 0x13, 0xcd, 0x97, 0xf9, 0x3c, 0xa2, 0x89, + 0x9c, 0x9c, 0x89, 0xc9, 0x7a, 0x46, 0xb3, 0x42, 0x7b, 0xd4, 0x28, 0x0d, + 0x55, 0x63, 0x28, 0xd6, 0xc1, 0x65, 0xf5, 0x34, 0x6e, 0x38, 0x2a, 0xb4, + 0x35, 0x40, 0xed, 0x7e, 0x80, 0x61, 0x9d, 0x8f, 0x68, 0x4f, 0x74, 0x0c, + 0x30, 0x35, 0x0e, 0xb3, 0x07, 0xf4, 0x92, 0xed, 0x9c, 0x7f, 0xf5, 0xed, + 0x3e, 0x17, 0x5b, 0x6e, 0x91, 0x46, 0xa1, 0x25, 0x1d, 0x83, 0x50, 0x93, + 0x35, 0x06, 0x6c, 0x2f, 0x99, 0x8b, 0x21, 0x4c, 0x5c, 0x34, 0xb1, 0xa7, + 0x82, 0xbc, 0x70, 0x28, 0x56, 0x61, 0x29, 0x35, 0x89, 0x0b, 0x41, 0x21, + 0xf0, 0xf7, 0xff, 0x69, 0x3d, 0xa4, 0x28, 0x1e, 0x0d, 0x5d, 0xa7, 0x0e, + 0xaa, 0xd3, 0x4a, 0x95, 0x49, 0xfe, 0x35, 0x5f, 0xa9, 0xc0, 0xe4, 0xe1, + 0x9a, 0x03, 0xd4, 0xac, 0x96, 0xe3, 0xea, 0x7e, 0xa6, 0x85, 0x7e, 0xb0, + 0xb8, 0xc2, 0xe8, 0x07, 0xd6, 0xd3, 0x1a, 0x84, 0x90, 0x24, 0x04, 0xef, + 0x7c, 0x93, 0x15, 0x83, 0xea, 0xe2, 0x42, 0xc6, 0xe7, 0x13, 0x45, 0xbf, + 0x35, 0xae, 0x5d, 0x50, 0x79, 0x16, 0xbb, 0x11, 0x17, 0x1b, 0xf4, 0x08, + 0x88, 0x9d, 0x66, 0x14, 0x6a, 0xa0, 0x71, 0x76, 0x80, 0x51, 0x73, 0x7c, + 0x1d, 0xb0, 0xc1, 0xad, 0x58, 0xfb, 0xbe, 0xcf, 0x73, 0xe0, 0xd9, 0xf8, + 0xd5, 0xac, 0xd7, 0x49, 0xd9, 0xc9, 0x59, 0xbf, 0xfa, 0xf5, 0xb1, 0xd2, + 0x5a, 0x01, 0xcd, 0x8b, 0x07, 0x8b, 0x59, 0x37, 0xc0, 0x8c, 0x7d, 0xa9, + 0x71, 0x83, 0xf9, 0x7c, 0x58, 0xa9, 0x77, 0x01, 0x3d, 0x39, 0x56, 0x5c, + 0x93, 0xfe, 0x40, 0x87, 0x5a, 0x31, 0x81, 0x53, 0x8e, 0x0d, 0x99, 0x7e, + 0xdf, 0x37, 0xd9, 0xe3, 0x91, 0xb8, 0x60, 0x3a, 0x5b, 0xca, 0xe8, 0x91, + 0x56, 0x89, 0x59, 0x61, 0xc6, 0x31, 0xe2, 0x6c, 0x81, 0xda, 0xc7, 0x5c, + 0x04, 0x9d, 0xe4, 0x23, 0x12, 0x73, 0xfc, 0x48, 0xfb, 0xa5, 0xce, 0x87, + 0x37, 0x47, 0x71, 0x5c, 0xd1, 0x2a, 0x63, 0x89, 0xdc, 0x07, 0xe7, 0x7f, + 0x5d, 0x48, 0xe6, 0xd2, 0x96, 0xc6, 0x6f, 0xed, 0xee, 0x8c, 0xed, 0x5e, + 0x41, 0x38, 0xbd, 0xdf, 0x21, 0xaa, 0x9e, 0x51, 0x16, 0x22, 0x4a, 0xdc, + 0xd8, 0x12, 0xdf, 0x5a, 0x83, 0xd6, 0xd0, 0x07, 0xa4, 0x42, 0x41, 0x13, + 0xe1, 0x08, 0xc9, 0x00, 0x0f, 0x37, 0xc0, 0x7d, 0xda, 0xb2, 0x25, 0xfc, + 0xc9, 0xbc, 0xa8, 0x86, 0xcc, 0x38, 0x0e, 0x06, 0x51, 0x1b, 0x37, 0xc1, + 0x0e, 0x2a, 0x58, 0x49, 0xbc, 0x7c, 0xa7, 0xf0, 0xda, 0xd7, 0x74, 0x34, + 0xf5, 0xd8, 0x99, 0x8c, 0x94, 0x86, 0xe3, 0x1e, 0x6b, 0xf5, 0x68, 0xfa, + 0xa6, 0x69, 0x63, 0x22, 0x5a, 0x3c, 0x6f, 0x29, 0xc9, 0x40, 0xc0, 0xbe, + 0x8d, 0xb5, 0xcc, 0x82, 0x6e, 0x9d, 0xd1, 0x1f, 0x13, 0x63, 0xd8, 0x24, + 0x63, 0x38, 0x59, 0xf0, 0x4a, 0x8c, 0x0f, 0x28, 0x8a, 0x77, 0x81, 0xa2, + 0xa0, 0x23, 0x11, 0x59, 0xa9, 0x5a, 0x2d, 0x71, 0x8f, 0x82, 0xa7, 0xbd, + 0x85, 0x26, 0x4d, 0xc2, 0x2f, 0x11, 0xe8, 0xff, 0x96, 0xa1, 0x2d, 0xf2, + 0xd5, 0xf3, 0x1d, 0x54, 0xd0, 0x5f, 0x71, 0x07, 0xaf, 0x22, 0xa0, 0xcd, + 0x78, 0xb3, 0x47, 0xb1, 0x40, 0x3d, 0x6b, 0xfd, 0x10, 0x1b, 0xc6, 0x60, + 0xef, 0x5c, 0x24, 0xa3, 0x1f, 0xee, 0xc0, 0x0b, 0xed, 0x1d, 0x38, 0xc8, + 0xf2, 0x8c, 0xec, 0x5e, 0xd9, 0x70, 0x1a, 0x2b, 0x25, 0xe6, 0xed, 0xa9, + 0x0c, 0xb3, 0x78, 0xe1, 0x91, 0x01, 0x41, 0x2e, 0xfe, 0x7d, 0xbd, 0xfe, + 0xcf, 0x48, 0x6d, 0x2e, 0x05, 0x31, 0x89, 0x24, 0xc4, 0xd7, 0xc4, 0x26, + 0x2f, 0x64, 0x43, 0xa3, 0xdd, 0x56, 0x11, 0x5c, 0x65, 0x76, 0x96, 0xcc, + 0x3c, 0x12, 0x42, 0xf2, 0x6b, 0x20, 0xc2, 0xe6, 0xc3, 0x5c, 0xfa, 0x91, + 0xb1, 0xbd, 0x3b, 0xd3, 0x99, 0xde, 0x59, 0x7a, 0x34, 0x40, 0x56, 0xb0, + 0x88, 0x02, 0x19, 0xc8, 0xf9, 0xf9, 0x8f, 0xe7, 0x60, 0xfb, 0x42, 0x87, + 0x57, 0xb4, 0x42, 0xb4, 0x65, 0x94, 0x0a, 0x5f, 0xdb, 0xf5, 0x32, 0xe9, + 0x49, 0x28, 0xbe, 0xa6, 0x64, 0x0d, 0x6d, 0x08, 0x43, 0x91, 0x16, 0x7a, + 0x6c, 0xa9, 0x02, 0xe4, 0x84, 0x03, 0x39, 0x48, 0x08, 0xcc, 0xcb, 0x56, + 0xad, 0x52, 0x95, 0x9e, 0x9a, 0x2b, 0xf1, 0x6d, 0x3f, 0x4b, 0x02, 0xc6, + 0x52, 0xc7, 0x09, 0x6b, 0x3f, 0xa9, 0x60, 0xe2, 0x19, 0x5d, 0x0a, 0x61, + 0xcd, 0xc8, 0x36, 0xdb, 0x8e, 0x57, 0xd2, 0x11, 0x49, 0x1c, 0x26, 0x58, + 0x04, 0x07, 0x32, 0x2a, 0x34, 0xf0, 0x6a, 0x88, 0xcf, 0x63, 0xb7, 0xef, + 0x7e, 0x93, 0xcc, 0x64, 0x07, 0x14, 0xfa, 0x63, 0x38, 0xdd, 0xc0, 0xf0, + 0xaa, 0x56, 0xa1, 0xed, 0x16, 0xaa, 0x53, 0x8c, 0x99, 0xc0, 0xd4, 0xda, + 0x94, 0x58, 0x13, 0xd9, 0x5f, 0x98, 0x9a, 0xa1, 0x57, 0xbd, 0x89, 0xca, + 0x9d, 0x3e, 0xdf, 0x75, 0x26, 0x29, 0x0f, 0xb2, 0x33, 0x4b, 0x83, 0xb3, + 0x99, 0x1f, 0x06, 0x5d, 0x10, 0xf5, 0x1c, 0x75, 0x97, 0xec, 0x5b, 0x87, + 0xc7, 0xf1, 0xd8, 0xbd, 0x0e, 0x4c, 0x1a, 0xb0, 0x59, 0x3b, 0x27, 0x73, + 0xdc, 0xde, 0xca, 0x0c, 0x2e, 0x1f, 0x42, 0x7f, 0xd8, 0x0f, 0x9b, 0x3f, + 0x49, 0x3f, 0x63, 0x7d, 0x71, 0xe3, 0x77, 0x79, 0xcc, 0x9c, 0xbf, 0xff, + 0x23, 0xa9, 0x74, 0xa2, 0xda, 0xb7, 0xca, 0x86, 0x7f, 0x12, 0xc1, 0x1b, + 0x41, 0x35, 0xb5, 0xc7, 0x10, 0x09, 0xc0, 0xa2, 0x1b, 0x41, 0x31, 0x5e, + 0x6c, 0x35, 0xb5, 0x63, 0x13, 0x19, 0x61, 0x8e, 0xbd, 0x89, 0xf6, 0x0a, + 0xbd, 0x16, 0x15, 0xd8, 0xfa, 0xcc, 0x9f, 0x97, 0x02, 0x8f, 0x1b, 0x34, + 0x40, 0xbc, 0x4a, 0xb1, 0x39, 0x12, 0xf8, 0x66, 0xda, 0x34, 0x03, 0xf2, + 0x5c, 0x33, 0x9c, 0x63, 0x0b, 0xb6, 0x8f, 0xca, 0x81, 0xa2, 0x4a, 0x43, + 0xe7, 0xe7, 0x66, 0x41, 0x45, 0x6b, 0x7c, 0xd1, 0x1d, 0xbc, 0x4f, 0x91, + 0xab, 0x24, 0x0b, 0x9f, 0x60, 0x47, 0x36, 0x04, 0x8b, 0x72, 0xb6, 0x65, + 0x35, 0xfc, 0xbf, 0xc9, 0x26, 0xaf, 0x84, 0x04, 0x30, 0x32, 0x02, 0xc0, + 0x94, 0x98, 0xbc, 0x17, 0x33, 0x99, 0xac, 0xb1, 0x4e, 0xdd, 0xf0, 0x46, + 0x68, 0x6a, 0xac, 0x6d, 0xdb, 0x85, 0xfd, 0xc6, 0x3b, 0xc8, 0x93, 0x89, + 0xbf, 0xd7, 0xd9, 0x94, 0xe4, 0xa4, 0x37, 0xb9, 0x67, 0x52, 0x84, 0xcf, + 0x88, 0xba, 0x01, 0x8b, 0xe4, 0xd4, 0x3e, 0xde, 0x94, 0xa1, 0xa9, 0xd8, + 0x15, 0xb5, 0x6e, 0xa0, 0x62, 0x92, 0x5c, 0xb1, 0x1b, 0xbf, 0x4f, 0xaf, + 0xf5, 0x99, 0x35, 0xce, 0x7d, 0xa9, 0x4b, 0xa8, 0x60, 0x31, 0xf5, 0x0a, + 0x83, 0x58, 0xf5, 0x83, 0xde, 0xb2, 0xfe, 0xf3, 0x12, 0x08, 0x3d, 0xe3, + 0x14, 0x89, 0x17, 0x93, 0x5c, 0x87, 0xe4, 0x89, 0xcb, 0xb7, 0x67, 0x3e, + 0xea, 0x0e, 0x08, 0x57, 0xf1, 0xca, 0xe0, 0x18, 0xd7, 0xae, 0x5f, 0x9e, + 0x62, 0x5c, 0xd7, 0x6a, 0x2f, 0xd6, 0x30, 0x67, 0xfb, 0x5e, 0xed, 0xcf, + 0xa9, 0x88, 0x04, 0x0a, 0xf2, 0x62, 0x50, 0xc5, 0x39, 0xc6, 0xa1, 0x3c, + 0xe4, 0x9a, 0x81, 0x55, 0x96, 0xca, 0x60, 0xb2, 0x53, 0x62, 0xee, 0xa1, + 0x1d, 0xfc, 0xd9, 0x5c, 0x51, 0xbf, 0x55, 0x65, 0x1d, 0x13, 0x2a, 0x13, + 0x58, 0xa3, 0x18, 0x52, 0x6b, 0xb4, 0xae, 0x60, 0x1c, 0x26, 0x3e, 0xb1, + 0x4c, 0xb1, 0x72, 0x1b, 0x8a, 0x4c, 0xaa, 0xb5, 0x5b, 0x8a, 0x3b, 0x2f, + 0x1f, 0xc3, 0x29, 0x41, 0xe6, 0x6d, 0xd7, 0x96, 0x26, 0xdd, 0x37, 0x67, + 0x4f, 0x9d, 0x31, 0xc6, 0x54, 0x51, 0xaa, 0xba, 0x73, 0xae, 0xd2, 0x00, + 0x0b, 0x05, 0x98, 0x73, 0xd6, 0x9c, 0xb4, 0x2e, 0x23, 0xd0, 0xc3, 0xac, + 0x46, 0x6f, 0x3e, 0x05, 0x43, 0xf8, 0x96, 0xa0, 0xe0, 0xfe, 0x17, 0x3f, + 0xfa, 0xc2, 0xc3, 0xf6, 0x1a, 0x46, 0xd0, 0x05, 0x53, 0x0e, 0xea, 0xd8, + 0xba, 0xa3, 0xab, 0xb6, 0x58, 0xd1, 0x40, 0x1c, 0x97, 0x38, 0xd4, 0x77, + 0x58, 0x03, 0xf5, 0x8a, 0xc7, 0x48, 0x19, 0x71, 0x71, 0xb5, 0x4b, 0x08, + 0x85, 0x35, 0x1c, 0xdf, 0xbd, 0xa9, 0xc9, 0xd1, 0x40, 0x62, 0xa3, 0xd6, + 0x3b, 0xa1, 0xf7, 0x4e, 0xc6, 0xfe, 0xc4, 0x07, 0x2f, 0xf5, 0xc9, 0x0c, + 0xb6, 0xa0, 0xb3, 0x25, 0x3e, 0x2a, 0x07, 0xe3, 0x63, 0xe3, 0x9e, 0x8d, + 0x0d, 0x7a, 0x70, 0x1e, 0x65, 0x95, 0x47, 0x37, 0xa8, 0xd2, 0x35, 0x09, + 0x09, 0x70, 0xf5, 0xc9, 0xc9, 0x30, 0x95, 0xd9, 0xf2, 0x5d, 0x10, 0x3c, + 0xc3, 0x66, 0x66, 0xb6, 0xdc, 0x14, 0xf6, 0x91, 0xc2, 0x7b, 0x4b, 0x71, + 0x42, 0xf9, 0x35, 0xe7, 0x08, 0x1e, 0xb6, 0x9a, 0x5c, 0x0e, 0x8b, 0x41, + 0x44, 0x7f, 0xad, 0xca, 0x8a, 0x4b, 0x6a, 0x02, 0x81, 0x96, 0xe7, 0xe1, + 0xb0, 0x5b, 0xaf, 0xf2, 0x17, 0x44, 0x7f, 0xd1, 0x49, 0x77, 0xfd, 0x07, + 0x59, 0x53, 0x8e, 0x51, 0xac, 0x0f, 0x0c, 0xb4, 0xa3, 0xf6, 0x24, 0x16, + 0x47, 0xf3, 0xa4, 0x36, 0x17, 0x3e, 0x01, 0x1e, 0xf1, 0xec, 0x78, 0x4a, + 0xcb, 0xbd, 0x2a, 0xfd, 0x01, 0xdd, 0xa5, 0xad, 0x7b, 0xef, 0x5e, 0x56, + 0xb2, 0x60, 0xb4, 0xf2, 0x27, 0xc8, 0x9b, 0x5b, 0x31, 0x49, 0x54, 0xbc, + 0x69, 0x9b, 0xc6, 0x1a, 0x79, 0xe7, 0xd4, 0x46, 0xc8, 0x50, 0xc3, 0xaa, + 0xfc, 0xb5, 0x28, 0x87, 0x1e, 0xa0, 0x0c, 0xc6, 0x1a, 0xa7, 0x34, 0xd6, + 0xbb, 0x9d, 0x9c, 0x0d, 0x90, 0x6f, 0x1a, 0x3c, 0xdc, 0x3b, 0x95, 0xc4, + 0x38, 0x25, 0x7a, 0xc6, 0x46, 0x82, 0x9f, 0x68, 0xca, 0x6a, 0x63, 0xa7, + 0x99, 0xfe, 0x64, 0xe6, 0x6f, 0x11, 0xcd, 0x2c, 0x76, 0x1e, 0xe6, 0x08, + 0xb8, 0x33, 0x64, 0x43, 0x51, 0xbd, 0x52, 0xf7, 0x05, 0x06, 0xd5, 0xcc, + 0x6a, 0xde, 0x1a, 0xa2, 0xbe, 0xf8, 0x8c, 0x44, 0x5e, 0x2d, 0xc2, 0x28, + 0xcd, 0x9a, 0x53, 0x04, 0x96, 0xcc, 0x1e, 0xbb, 0x96, 0x07, 0xc9, 0x17, + 0x04, 0xf8, 0xd8, 0xd9, 0xdd, 0x35, 0x35, 0x3d, 0x53, 0x30, 0x60, 0xb3, + 0x87, 0x5d, 0xf3, 0xe5, 0xa7, 0x20, 0x30, 0x9d, 0xb0, 0x5b, 0xc4, 0x36, + 0xf7, 0xd7, 0xb6, 0x3e, 0x44, 0x98, 0x99, 0xe7, 0xc3, 0x29, 0xcb, 0x70, + 0xc4, 0x91, 0x8b, 0xfc, 0x63, 0x60, 0x29, 0x95, 0xeb, 0x61, 0x7f, 0xdf, + 0xf7, 0x3a, 0x69, 0x3a, 0xeb, 0xa1, 0x73, 0x1d, 0x13, 0x18, 0x29, 0x2c, + 0x89, 0x82, 0x56, 0x42, 0xe7, 0xa3, 0xba, 0xe9, 0x59, 0x2e, 0xfd, 0xff, + 0xb6, 0xf7, 0xbd, 0x2a, 0xc9, 0xff, 0x4c, 0x63, 0xef, 0x54, 0x63, 0x82, + 0x7c, 0xa5, 0x11, 0x44, 0xc7, 0x68, 0xf5, 0x7b, 0x44, 0x2c, 0xee, 0xab, + 0xa3, 0x84, 0x5a, 0x99, 0x28, 0x98, 0x97, 0x2e, 0x8b, 0x07, 0x09, 0x6c, + 0xea, 0xc1, 0x81, 0x0b, 0xe0, 0xc4, 0xb7, 0xc2, 0x73, 0xbe, 0x8b, 0x72, + 0xf8, 0xc9, 0x8d, 0x50, 0x28, 0xf2, 0x95, 0x54, 0x8a, 0x3b, 0x23, 0x86, + 0xc4, 0xe8, 0xe8, 0xe5, 0x45, 0x0d, 0xdf, 0xa3, 0xe6, 0x00, 0x71, 0xe8, + 0x20, 0xd2, 0x6d, 0x22, 0x23, 0xaf, 0x37, 0x04, 0x55, 0x05, 0x8d, 0xc9, + 0x38, 0x38, 0x12, 0x4c, 0x9f, 0x28, 0x56, 0x14, 0x76, 0xe5, 0x10, 0x54, + 0xd9, 0x68, 0xca, 0xc3, 0x97, 0x9f, 0xd2, 0x25, 0x2c, 0x0d, 0xa0, 0xff, + 0xea, 0xab, 0x61, 0xd2, 0xb2, 0x06, 0xc2, 0x93, 0xfd, 0x5a, 0xfe, 0xe3, + 0x98, 0xbf, 0x37, 0x2e, 0xa5, 0x74, 0x56, 0xd0, 0x7a, 0x5a, 0x23, 0x3b, + 0xd2, 0xa0, 0x1f, 0x4b, 0xeb, 0x7f, 0x5a, 0xc5, 0x51, 0x79, 0xf6, 0x95, + 0x19, 0x50, 0xb1, 0x6a, 0x80, 0xcb, 0xcf, 0x19, 0xa4, 0x67, 0xf4, 0x08, + 0x0f, 0x6a, 0xd9, 0x3f, 0x15, 0x96, 0x2c, 0x6d, 0xd5, 0x69, 0x7a, 0x56, + 0x4d, 0x17, 0xc8, 0xcb, 0xba, 0x9b, 0x6e, 0x65, 0xa2, 0x3d, 0x66, 0xed, + 0xea, 0xe2, 0x54, 0x88, 0x6c, 0xc1, 0x1a, 0x11, 0xde, 0x4e, 0x0c, 0x8a, + 0x42, 0x04, 0xe1, 0x77, 0xc3, 0x0c, 0xff, 0x10, 0x7d, 0x4a, 0x45, 0x3f, + 0xb8, 0x40, 0xf9, 0x75, 0x76, 0x9f, 0x65, 0x42, 0x2f, 0x78, 0x5b, 0x0b, + 0x32, 0xbc, 0x45, 0xfc, 0xd4, 0x29, 0x49, 0x34, 0x76, 0xda, 0x5f, 0xe8, + 0x39, 0x35, 0x9e, 0xba, 0x7f, 0x19, 0x7e, 0x14, 0xe6, 0x71, 0x9c, 0x72, + 0x6a, 0xce, 0xcc, 0xa6, 0x72, 0x73, 0x3f, 0x4e, 0x9b, 0x9e, 0x94, 0x0c, + 0xce, 0x00, 0x15, 0xb4, 0x50, 0xff, 0xcf, 0xcd, 0x78, 0xd3, 0x08, 0x0e, + 0x95, 0x48, 0x24, 0x13, 0x16, 0x54, 0xb4, 0xe0, 0xa9, 0x29, 0xa3, 0x05, + 0x77, 0x2f, 0x5d, 0x47, 0x6a, 0xa5, 0xb0, 0x4e, 0xf3, 0xa9, 0x4a, 0x82, + 0xb9, 0x2c, 0x26, 0x07, 0x9c, 0x33, 0xc6, 0x68, 0xc2, 0xe0, 0xc0, 0x7d, + 0x70, 0x48, 0x74, 0xb9, 0xf5, 0x1e, 0x6c, 0x15, 0x7f, 0xba, 0xe5, 0xa1, + 0xb4, 0x36, 0x41, 0x20, 0xf4, 0x2d, 0x97, 0x27, 0x0b, 0x10, 0x30, 0x57, + 0x7f, 0x38, 0x66, 0xe1, 0xc4, 0xf6, 0xa4, 0xc9, 0x8d, 0xbc, 0x2b, 0x4f, + 0x14, 0xb3, 0xf0, 0x1e, 0x80, 0x70, 0xc0, 0x0f, 0x69, 0x06, 0xe7, 0x95, + 0xd1, 0x53, 0x65, 0x49, 0x1c, 0xa8, 0xfa, 0x9e, 0x2b, 0xcc, 0x33, 0x71, + 0x76, 0xa4, 0x0b, 0x4a, 0xc7, 0xea, 0xa0, 0xfa, 0x1b, 0x2b, 0xfb, 0xa5, + 0x59, 0x06, 0x2a, 0xef, 0x4b, 0xbf, 0x05, 0x4b, 0x87, 0x70, 0x3c, 0xde, + 0xc7, 0xb2, 0x4f, 0xf2, 0x5b, 0x1a, 0xbe, 0xda, 0x04, 0x31, 0x57, 0xff, + 0xf2, 0xa5, 0x43, 0x12, 0xff, 0x8d, 0xf4, 0x99, 0x05, 0xe1, 0x34, 0xa9, + 0xb9, 0x0a, 0xb3, 0x1f, 0x3d, 0x6d, 0x0d, 0xb7, 0xd3, 0x35, 0x0b, 0x04, + 0x44, 0x77, 0x60, 0xc0, 0x96, 0x99, 0x7b, 0xa8, 0x8e, 0x79, 0x4a, 0x96, + 0x24, 0xef, 0xb1, 0xf4, 0x8a, 0x2f, 0x3e, 0x08, 0xf3, 0x3d, 0xf2, 0xfe, + 0x5f, 0x0a, 0xf7, 0x0a, 0xf5, 0xd8, 0xf2, 0xa0, 0x1b, 0xe7, 0x9e, 0xc9, + 0x0b, 0xcf, 0x58, 0x97, 0x92, 0x90, 0xad, 0x3d, 0xfc, 0x42, 0xc1, 0x7f, + 0x39, 0xe8, 0xd1, 0x35, 0x14, 0x8a, 0xb3, 0x77, 0xb1, 0xa9, 0xdb, 0xb4, + 0x3a, 0x3d, 0xeb, 0x59, 0x0b, 0x5b, 0x3a, 0x63, 0x54, 0x70, 0xda, 0xf0, + 0xf0, 0xb9, 0xe6, 0x07, 0x69, 0x27, 0x9d, 0xc6, 0xb6, 0x00, 0x2d, 0xd6, + 0xc7, 0xd7, 0x2e, 0xf8, 0x9c, 0xfe, 0x4c, 0xfb, 0xc0, 0x7b, 0xbf, 0xa2, + 0x25, 0xb8, 0x2a, 0x5c, 0x06, 0xca, 0x12, 0x2c, 0x96, 0xa4, 0x27, 0xa6, + 0x73, 0x0b, 0xb8, 0x42, 0x93, 0x51, 0x87, 0xfe, 0xe6, 0x8f, 0xca, 0x00, + 0x53, 0xdc, 0xc0, 0x38, 0x03, 0x9e, 0x66, 0x13, 0x84, 0x68, 0xe7, 0x04, + 0x93, 0x79, 0x0c, 0x3e, 0x4c, 0x90, 0xe2, 0xf7, 0x81, 0x15, 0x49, 0x05, + 0xe1, 0x8f, 0xe6, 0xfc, 0xc8, 0x40, 0xae, 0x3d, 0x7a, 0x16, 0xec, 0xc6, + 0x39, 0xa5, 0x04, 0x95, 0x35, 0xac, 0xdd, 0x0d, 0x19, 0xd6, 0xa9, 0xd9, + 0xd2, 0x53, 0x71, 0x31, 0x38, 0xa2, 0xf1, 0x9c, 0x13, 0x2c, 0x8c, 0x21, + 0x9c, 0x3a, 0x1b, 0xf2, 0xd8, 0x4c, 0xeb, 0xe9, 0x8b, 0x27, 0x52, 0xd3, + 0x6c, 0x01, 0xc0, 0x60, 0x32, 0x8c, 0x6e, 0xfb, 0xd6, 0xd6, 0x1b, 0xc6, + 0x93, 0xff, 0xdc, 0xdb, 0x38, 0xf5, 0x0e, 0xd5, 0x15, 0xcd, 0x65, 0x76, + 0x78, 0x42, 0x13, 0x37, 0x6b, 0x2e, 0xe8, 0xe2, 0x54, 0x4d, 0x45, 0x34, + 0x73, 0x1b, 0x61, 0x35, 0x2c, 0xf7, 0x20, 0x3e, 0xe9, 0x7c, 0xf0, 0xf3, + 0xba, 0x41, 0xfc, 0x49, 0xe4, 0x5d, 0xd4, 0xb8, 0x07, 0x15, 0x7b, 0x16, + 0xc7, 0x7f, 0x78, 0xef, 0xd6, 0x53, 0x3f, 0xe4, 0xa6, 0x33, 0xcf, 0xcc, + 0x78, 0x53, 0x0c, 0x59, 0xf7, 0x28, 0xa5, 0x83, 0x2b, 0x5a, 0xd3, 0xd6, + 0xb7, 0xb2, 0xd1, 0x73, 0x63, 0xa9, 0xad, 0x16, 0xf2, 0xed, 0x48, 0x6e, + 0x88, 0x22, 0xbd, 0x16, 0x9d, 0x6a, 0xc2, 0x48, 0x83, 0xdf, 0x40, 0xb7, + 0x0a, 0x50, 0x23, 0x3d, 0x58, 0x50, 0x00, 0x02, 0x04, 0xd2, 0x31, 0x72, + 0x28, 0x7b, 0x10, 0x96, 0xe0, 0xe7, 0x3f, 0xe0, 0xd0, 0x61, 0x70, 0x5c, + 0x0a, 0xdb, 0xc0, 0x7b, 0xea, 0xef, 0xba, 0xc0, 0x90, 0xe0, 0xf9, 0x0e, + 0x83, 0x8c, 0x3b, 0x05, 0x2b, 0xb6, 0xcb, 0xbb, 0x37, 0xa1, 0xd3, 0x28, + 0x02, 0x40, 0xe3, 0x76, 0xbf, 0x27, 0x0b, 0x4f, 0x82, 0xb9, 0x22, 0xee, + 0x0b, 0x3a, 0xcb, 0xcc, 0x56, 0x13, 0x51, 0xb8, 0xb6, 0x2d, 0xd3, 0x6c, + 0x96, 0x10, 0xd9, 0x51, 0x24, 0x7b, 0x2b, 0xb8, 0x7b, 0xbd, 0x8d, 0xd9, + 0xf2, 0x50, 0x61, 0xbb, 0x0c, 0xb7, 0x71, 0x65, 0x3a, 0x25, 0x18, 0x09, + 0x1a, 0x9d, 0x41, 0xf4, 0xdb, 0x5a, 0x1c, 0x61, 0x0a, 0xbb, 0x43, 0x27, + 0x8a, 0xa8, 0x83, 0x60, 0x8c, 0x5d, 0x4c, 0x9b, 0xa9, 0xe5, 0xa7, 0x67, + 0x99, 0x98, 0xdc, 0x7a, 0x3a, 0x55, 0x0d, 0x25, 0x69, 0x47, 0x21, 0xb1, + 0xd7, 0x0c, 0x0c, 0x43, 0x58, 0xc9, 0xbf, 0x74, 0x91, 0x1b, 0x2b, 0xf3, + 0x29, 0x8d, 0x10, 0x41, 0xaf, 0xdd, 0x42, 0x0a, 0x71, 0xe3, 0xb8, 0x4d, + 0x3a, 0xf3, 0x9c, 0x5a, 0x46, 0x4e, 0x70, 0xbe, 0xdb, 0x0d, 0x03, 0xee, + 0xcb, 0xfb, 0x61, 0x45, 0xbd, 0x25, 0xb4, 0x72, 0xd1, 0x51, 0x03, 0x19, + 0x82, 0x53, 0x83, 0x18, 0xab, 0xa3, 0x6c, 0x9e, 0xa2, 0xe9, 0x15, 0xb1, + 0x74, 0x61, 0xa1, 0xaf, 0x09, 0x4b, 0x4a, 0x34, 0x9b, 0xd0, 0xd2, 0x80, + 0x43, 0xd9, 0x90, 0x53, 0x71, 0x38, 0xb9, 0x80, 0x58, 0x1b, 0x9f, 0x9e, + 0xfe, 0x07, 0x1b, 0x33, 0x24, 0xb2, 0x58, 0x7f, 0x01, 0xbe, 0xe8, 0x25, + 0x53, 0x08, 0x06, 0x77, 0x7d, 0x5a, 0x16, 0x83, 0x67, 0x91, 0x0b, 0xa2, + 0xd2, 0x1e, 0x5f, 0x9c, 0x39, 0xda, 0x57, 0xbc, 0x67, 0xc5, 0x39, 0xbe, + 0xb9, 0x73, 0x03, 0x19, 0x97, 0x34, 0x4f, 0x1e, 0x6b, 0x4d, 0x87, 0xef, + 0x79, 0x4f, 0xd1, 0xdd, 0x80, 0x13, 0xbe, 0x3b, 0x0f, 0xea, 0x77, 0x9a, + 0x1a, 0x46, 0x63, 0xc5, 0x2f, 0x93, 0xfe, 0x18, 0x71, 0xfb, 0x70, 0xbf, + 0x85, 0x3b, 0x3e, 0x54, 0xe6, 0xf8, 0xe0, 0xb9, 0xd0, 0x9d, 0xf5, 0x2b, + 0x12, 0x22, 0x39, 0x6a, 0x8d, 0x13, 0xa1, 0x3a, 0x95, 0xd0, 0xe7, 0x07, + 0xa4, 0x2c, 0x33, 0xba, 0x43, 0x1d, 0xd8, 0xb5, 0xd0, 0x8e, 0x6c, 0x85, + 0x6f, 0xf8, 0x8f, 0xd3, 0x72, 0x65, 0xc1, 0xff, 0x8f, 0xf6, 0xb5, 0x19, + 0x59, 0x34, 0xf9, 0xe8, 0xdb, 0xf3, 0x10, 0x68, 0xbd, 0xd5, 0x59, 0xf7, + 0xe5, 0xf2, 0x84, 0x98, 0x8d, 0xd6, 0x6f, 0xcc, 0xde, 0xc5, 0xee, 0xf7, + 0x16, 0xca, 0xec, 0xc4, 0x00, 0x89, 0x2e, 0x0d, 0x0d, 0xb6, 0xa8, 0xe0, + 0x9a, 0xb0, 0xe5, 0x8e, 0xb6, 0x64, 0x47, 0x7d, 0x01, 0x59, 0x8a, 0x90, + 0xa6, 0x9b, 0x2b, 0x63, 0xad, 0x70, 0xc8, 0x07, 0x36, 0x3e, 0xa9, 0x8f, + 0xd9, 0xc2, 0xf7, 0x4b, 0xec, 0x95, 0x53, 0xec, 0x6b, 0x2d, 0x1f, 0xb5, + 0x91, 0xbf, 0x9f, 0xc5, 0x85, 0x61, 0x3a, 0xc7, 0x5c, 0x15, 0x2a, 0x0b, + 0x4b, 0x3c, 0x38, 0x6d, 0xc9, 0x2c, 0x91, 0x11, 0xc6, 0x6b, 0x44, 0x71, + 0x9f, 0x89, 0xd5, 0xde, 0x27, 0x99, 0x81, 0xa2, 0x59, 0x8b, 0x57, 0x97, + 0x83, 0x46, 0x33, 0xe1, 0x8c, 0xdf, 0xcf, 0x5b, 0x6b, 0xb3, 0x0e, 0x17, + 0x1a, 0xb8, 0x7d, 0x6e, 0x71, 0xe5, 0xc8, 0x4c, 0xa9, 0xe2, 0x52, 0x81, + 0xf6, 0x2f, 0x3a, 0xef, 0x5a, 0x1b, 0x6b, 0x7b, 0x61, 0x51, 0xcb, 0xd5, + 0x7b, 0x5f, 0xf0, 0x1c, 0xb8, 0xeb, 0x9a, 0xe4, 0x0a, 0x6e, 0x53, 0x59, + 0x2e, 0x2d, 0x78, 0x27, 0xb7, 0x47, 0x35, 0x1a, 0x01, 0x25, 0x0a, 0xcc, + 0x67, 0xae, 0xda, 0xaf, 0xfe, 0x22, 0x63, 0xe8, 0xa2, 0x1c, 0x34, 0xe6, + 0x6b, 0x73, 0xcf, 0x6f, 0x3e, 0x0a, 0x4a, 0x36, 0xbc, 0xda, 0x43, 0xbc, + 0x5e, 0x9c, 0x91, 0xe4, 0x8b, 0x34, 0x2e, 0x09, 0x87, 0x69, 0x96, 0x93, + 0xb4, 0xff, 0x97, 0xbc, 0x4e, 0xd6, 0xa2, 0xb4, 0x16, 0x78, 0x7c, 0x62, + 0xd0, 0x78, 0x3f, 0x37, 0xdb, 0xf2, 0x92, 0xad, 0x9b, 0x51, 0x77, 0x08, + 0x19, 0xd2, 0x09, 0x12, 0xf7, 0x52, 0xe8, 0xc8, 0xb2, 0xfb, 0x6f, 0xcd, + 0x05, 0x5b, 0xd2, 0x8e, 0x0d, 0x6e, 0x0c, 0x16, 0x5b, 0x8a, 0xc2, 0x09, + 0x13, 0x3b, 0x69, 0x85, 0xbd, 0xc0, 0xcc, 0x2b, 0x48, 0x65, 0xa7, 0xc1, + 0xc3, 0xe0, 0xea, 0x14, 0x67, 0x6f, 0xa4, 0xb8, 0xc6, 0xf0, 0x12, 0x3e, + 0x96, 0x0d, 0x23, 0x2b, 0x37, 0x87, 0x8d, 0xc8, 0xf7, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x03, 0x0b, 0x13, 0x1a, 0x1d, 0x25 + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_65_draft_sig[] = { + 0x3e, 0xff, 0xf4, 0x48, 0x80, 0x2d, 0x88, 0x87, 0xf4, 0xcc, + 0xa4, 0x61, 0xe1, 0x27, 0x20, 0x55, 0x66, 0xc8, 0xfe, 0x3e, + 0xdd, 0xf5, 0x5c, 0x70, 0x6c, 0x54, 0xba, 0x50, 0x8a, 0xa2, + 0x4b, 0x88, 0xbc, 0xb8, 0x87, 0xf9, 0x4e, 0x50, 0x3a, 0x04, + 0x18, 0xb3, 0xf4, 0x5f, 0x77, 0x4a, 0x7e, 0xa8, 0xf5, 0xca, + 0x49, 0x00, 0xdc, 0x24, 0xaa, 0x05, 0x35, 0x0f, 0x34, 0xf7, + 0xbf, 0x09, 0xa6, 0xcf, 0x75, 0x37, 0x07, 0xcd, 0x07, 0x99, + 0x92, 0x1d, 0xc7, 0xc9, 0x17, 0x1c, 0xdd, 0x27, 0x8c, 0x66, + 0xf2, 0x8b, 0x75, 0xb0, 0x86, 0x2d, 0xbd, 0x51, 0x16, 0xc2, + 0x50, 0xe0, 0x7e, 0x0a, 0x21, 0x58, 0x93, 0x22, 0x06, 0xcb, + 0x85, 0x8b, 0xfd, 0x97, 0x61, 0xc0, 0xdb, 0xab, 0xfa, 0x4a, + 0x69, 0xef, 0x9c, 0xc1, 0x4e, 0xae, 0xb2, 0xb3, 0xa2, 0x74, + 0xa4, 0x94, 0x0a, 0xed, 0x39, 0x9e, 0xe8, 0x58, 0xeb, 0xfd, + 0x43, 0x05, 0x73, 0x38, 0xd6, 0xbb, 0xeb, 0xb9, 0x9d, 0x3b, + 0xf8, 0x85, 0xb4, 0x4b, 0x16, 0x5c, 0x9e, 0xfe, 0xb8, 0x13, + 0xf8, 0x68, 0x44, 0x90, 0x05, 0x61, 0xb3, 0xed, 0x6f, 0x47, + 0xc9, 0x50, 0xcf, 0x6c, 0xc0, 0xac, 0xdf, 0x4c, 0x4c, 0x1b, + 0x42, 0xce, 0x0a, 0x32, 0x69, 0xb0, 0xfd, 0x87, 0xef, 0xf3, + 0x9c, 0xcc, 0xba, 0x2f, 0x03, 0xd7, 0xdb, 0x76, 0xee, 0xa0, + 0x71, 0x4a, 0x80, 0xcb, 0x90, 0x9e, 0xbb, 0x8f, 0x00, 0x46, + 0x81, 0xe0, 0xde, 0xa6, 0x43, 0xb5, 0x37, 0x79, 0xf2, 0x35, + 0xce, 0x9e, 0xd2, 0xb1, 0x5b, 0xff, 0x91, 0xfb, 0x98, 0xc1, + 0xe1, 0x66, 0x2c, 0x00, 0x1b, 0x89, 0xf2, 0x57, 0x81, 0x73, + 0x7e, 0x9f, 0x8d, 0x50, 0xd0, 0xe0, 0xe3, 0x93, 0xf2, 0x87, + 0x41, 0x64, 0x6c, 0xb7, 0x09, 0x60, 0x91, 0x4e, 0x0b, 0xbe, + 0xbe, 0xd4, 0x98, 0xfa, 0x14, 0x8c, 0x46, 0x09, 0xfa, 0xaa, + 0x82, 0xd6, 0xdd, 0x65, 0x93, 0x39, 0x45, 0x50, 0x90, 0x10, + 0xae, 0x1b, 0xff, 0xab, 0x7e, 0x86, 0xda, 0xb9, 0x4d, 0xf1, + 0xc2, 0x00, 0x54, 0x66, 0xee, 0x40, 0xc0, 0x56, 0x2f, 0xe8, + 0x43, 0x89, 0xbb, 0xb8, 0x59, 0x24, 0x63, 0x45, 0x9a, 0xde, + 0x08, 0xf3, 0x16, 0x94, 0xd2, 0x8d, 0xee, 0xf9, 0xbe, 0x4f, + 0x29, 0xe1, 0x4b, 0x5e, 0x2b, 0x14, 0xef, 0x66, 0xe2, 0x12, + 0xf8, 0x87, 0x2e, 0xb1, 0x75, 0x8b, 0x21, 0xb5, 0x8f, 0x8e, + 0xc5, 0x0e, 0x60, 0x27, 0x15, 0xbd, 0x72, 0xe4, 0x26, 0x4e, + 0x62, 0x7d, 0x3a, 0x46, 0x49, 0x93, 0xa9, 0x52, 0x7f, 0xc2, + 0x27, 0xb9, 0x55, 0x6a, 0x45, 0x9f, 0x2c, 0x7a, 0x5a, 0xc9, + 0xf4, 0x55, 0xaf, 0x49, 0xb3, 0xd5, 0xc0, 0x84, 0xdb, 0x89, + 0x5f, 0x21, 0x04, 0xf5, 0x4c, 0x66, 0x1e, 0x2e, 0x69, 0xdf, + 0x5b, 0x14, 0x60, 0x89, 0x84, 0xf8, 0xa3, 0xaf, 0xdf, 0xb9, + 0x18, 0x5e, 0xbf, 0x81, 0x95, 0x9a, 0x5e, 0x4f, 0x24, 0x45, + 0xad, 0xab, 0xe2, 0x36, 0x7c, 0x19, 0xde, 0xc0, 0xf4, 0x1a, + 0x42, 0xb2, 0xc2, 0x58, 0x2f, 0x5f, 0xd0, 0x2e, 0x28, 0x33, + 0x59, 0x75, 0xc2, 0xde, 0x41, 0xe3, 0x9b, 0x85, 0x46, 0xad, + 0x6d, 0xf1, 0x06, 0xf0, 0x6a, 0xb9, 0xed, 0x71, 0x7b, 0xfd, + 0xf1, 0xc4, 0x56, 0xd8, 0xb3, 0x1a, 0x5f, 0x04, 0xae, 0xe8, + 0xce, 0xde, 0xa1, 0x6d, 0x46, 0x2a, 0x4f, 0x62, 0xee, 0x25, + 0xdf, 0x22, 0x21, 0xb2, 0x8f, 0x5f, 0x26, 0x33, 0x5a, 0xdd, + 0xbe, 0x08, 0xb3, 0x93, 0x16, 0x16, 0xad, 0x2e, 0x00, 0xb8, + 0x14, 0x0c, 0x10, 0xa3, 0x29, 0x89, 0x1f, 0xd7, 0x06, 0x7a, + 0x09, 0xf3, 0x84, 0xf9, 0x18, 0x04, 0x56, 0x2f, 0x7f, 0xbd, + 0x8e, 0x12, 0xdf, 0x4d, 0x58, 0x5c, 0x1d, 0x81, 0x0c, 0x7d, + 0x62, 0x02, 0xe0, 0xf9, 0x1b, 0x69, 0xe9, 0x38, 0x45, 0x84, + 0x2d, 0x9a, 0x4a, 0x3d, 0x7b, 0x48, 0xd5, 0x0d, 0x76, 0xba, + 0xff, 0x20, 0x00, 0xf8, 0x42, 0x7f, 0xd2, 0x25, 0x70, 0x90, + 0x88, 0xb3, 0x98, 0xac, 0xe9, 0xd9, 0xac, 0x58, 0xa6, 0x49, + 0xcc, 0x93, 0xa5, 0x04, 0x0c, 0x68, 0x53, 0x64, 0x72, 0x8c, + 0xfc, 0x8d, 0x61, 0xeb, 0x3f, 0x93, 0x8b, 0x85, 0x98, 0x05, + 0xce, 0x06, 0xd7, 0xbf, 0xbb, 0xa5, 0x22, 0xda, 0xe9, 0x8a, + 0x29, 0x30, 0x5e, 0x82, 0xe4, 0x46, 0x7c, 0x36, 0x5e, 0xf5, + 0xc7, 0xe3, 0x09, 0xdf, 0x20, 0x76, 0x73, 0x33, 0x31, 0x75, + 0xc2, 0x99, 0xe9, 0x74, 0x43, 0x82, 0xb1, 0xeb, 0x74, 0x6f, + 0xad, 0x59, 0x48, 0x12, 0xa0, 0x24, 0xe3, 0x38, 0x48, 0x61, + 0x0c, 0xf6, 0x38, 0x83, 0x3a, 0xcd, 0xd6, 0x45, 0x10, 0x0e, + 0x09, 0x79, 0x31, 0x30, 0x80, 0xfb, 0x34, 0x60, 0x1e, 0x72, + 0x98, 0xe9, 0x5c, 0xbf, 0xab, 0x21, 0x7f, 0xa3, 0x19, 0x7e, + 0x8c, 0xa9, 0xa7, 0xfc, 0x25, 0xe0, 0x8e, 0x6d, 0xa1, 0xb9, + 0x7b, 0x5b, 0x37, 0x33, 0x96, 0xd8, 0x6e, 0x7a, 0xce, 0xa6, + 0x1a, 0xbd, 0xe6, 0x6e, 0x62, 0xc4, 0x8c, 0x69, 0xfe, 0xe4, + 0xcb, 0x0a, 0xa1, 0x6c, 0x66, 0x0e, 0x1a, 0x5e, 0xb9, 0xd1, + 0x4a, 0xa3, 0x91, 0x39, 0xcf, 0x85, 0x07, 0x5b, 0xaf, 0x99, + 0x11, 0xca, 0xee, 0x6f, 0x2e, 0x33, 0xda, 0x60, 0xbf, 0xd6, + 0xa0, 0x7a, 0xdb, 0x91, 0x13, 0xb7, 0xa3, 0x5d, 0x0e, 0x1e, + 0x3b, 0xf9, 0x7a, 0x3e, 0x4f, 0x8d, 0xb3, 0x81, 0xe8, 0x0c, + 0x4d, 0x48, 0x61, 0x06, 0x14, 0x0f, 0x3e, 0x33, 0x9e, 0xea, + 0xa6, 0xd8, 0xd8, 0x4d, 0x9b, 0x00, 0x34, 0x0d, 0x31, 0x62, + 0x54, 0x93, 0x04, 0xd2, 0x02, 0x21, 0x38, 0x91, 0x58, 0xca, + 0x77, 0xd3, 0x6c, 0xd1, 0x94, 0x05, 0xfa, 0x30, 0x6a, 0x0b, + 0xf0, 0x52, 0x52, 0xb7, 0xdb, 0x34, 0xff, 0x18, 0x5c, 0x78, + 0x25, 0x44, 0x39, 0xe4, 0x54, 0x8a, 0xf1, 0x49, 0x04, 0xab, + 0x8a, 0x5f, 0x87, 0xe1, 0x6e, 0x1a, 0xf2, 0xba, 0x39, 0xb4, + 0x7c, 0x71, 0x5b, 0xbe, 0x8d, 0xbb, 0xed, 0x3b, 0xed, 0x20, + 0x95, 0xdf, 0xa7, 0x50, 0xb5, 0x66, 0xff, 0xd0, 0x3a, 0x92, + 0xde, 0xf2, 0xa3, 0xf2, 0xd6, 0x48, 0x6b, 0xd8, 0xef, 0x80, + 0x4d, 0xc2, 0x3c, 0xc7, 0xc6, 0x6e, 0xdf, 0xd1, 0x54, 0xfb, + 0x22, 0xac, 0x1a, 0x11, 0x81, 0x02, 0xc7, 0x66, 0xe0, 0xf3, + 0xad, 0x0b, 0xd0, 0xec, 0xae, 0x93, 0x53, 0xa5, 0xbf, 0xa5, + 0x17, 0x59, 0x14, 0x7d, 0x7e, 0x1e, 0x26, 0x15, 0x7a, 0x74, + 0xfb, 0xb1, 0x7a, 0x0e, 0xd3, 0xb5, 0x7c, 0x8c, 0x3a, 0xd7, + 0x45, 0x38, 0x55, 0xae, 0x4b, 0xe1, 0xfe, 0x5b, 0x57, 0x20, + 0x73, 0x38, 0xb9, 0x67, 0x34, 0xb1, 0xf3, 0x15, 0xb0, 0xb7, + 0x46, 0xa7, 0x1b, 0x19, 0x6d, 0xaf, 0x5e, 0x2c, 0x9c, 0x02, + 0x3f, 0x0f, 0xa3, 0x56, 0x2f, 0x9f, 0x1a, 0x82, 0x0e, 0xb4, + 0x46, 0xf5, 0x69, 0x89, 0x91, 0xf9, 0x2d, 0x99, 0x45, 0xa6, + 0x3c, 0x82, 0x74, 0xac, 0xeb, 0x58, 0x4a, 0xdd, 0x03, 0xaf, + 0xd1, 0x0a, 0xca, 0x4b, 0xe8, 0x4c, 0x63, 0xd4, 0x73, 0x94, + 0xbf, 0xd1, 0xc5, 0x8a, 0x3f, 0x6e, 0x58, 0xfc, 0x70, 0x76, + 0x69, 0x92, 0x05, 0xe0, 0xb9, 0xed, 0x5f, 0x19, 0xd7, 0x6f, + 0xd0, 0x35, 0xbb, 0x5a, 0x8d, 0x45, 0xac, 0x43, 0xcb, 0x74, + 0xcc, 0x92, 0xc3, 0x62, 0x56, 0x02, 0xb0, 0x0a, 0xb6, 0x88, + 0x40, 0x6f, 0x76, 0x1b, 0x89, 0xe4, 0x51, 0xeb, 0x7e, 0x08, + 0x8c, 0xce, 0x24, 0xc8, 0xd8, 0x58, 0xbd, 0x0e, 0x48, 0x57, + 0xc8, 0x9f, 0xad, 0x64, 0xcf, 0x69, 0x72, 0x35, 0xbf, 0x04, + 0x09, 0xfb, 0x0e, 0x62, 0x92, 0x76, 0x8b, 0x8d, 0xd5, 0x16, + 0xa2, 0x51, 0xdb, 0x71, 0xa9, 0x08, 0xb2, 0xf9, 0x1e, 0x07, + 0xe7, 0xf8, 0xf4, 0x79, 0x59, 0x2f, 0x8f, 0xf1, 0x5b, 0x45, + 0xe1, 0xb8, 0xb7, 0xef, 0x86, 0x69, 0x71, 0x51, 0x1c, 0xe5, + 0x61, 0xee, 0xb8, 0x1d, 0xa7, 0xdc, 0x48, 0xba, 0x51, 0xa5, + 0x70, 0x4d, 0xfd, 0x2c, 0x46, 0x21, 0x63, 0x0c, 0x9f, 0xb7, + 0x68, 0x58, 0x7b, 0xb3, 0x7d, 0x64, 0xfd, 0xaf, 0x87, 0x3d, + 0x86, 0x06, 0x36, 0x8a, 0x6d, 0xfe, 0xdf, 0xce, 0xa8, 0x16, + 0x42, 0x46, 0x15, 0xe5, 0xcf, 0x48, 0xa6, 0x4b, 0xe5, 0xc1, + 0xad, 0x14, 0x3a, 0x6d, 0xeb, 0xf9, 0xc9, 0x32, 0xd1, 0x82, + 0x60, 0x23, 0xf0, 0xff, 0xa7, 0xe6, 0x2e, 0xd6, 0x8d, 0x9d, + 0x4f, 0x6d, 0xb3, 0xc4, 0xad, 0xd9, 0xf0, 0xf5, 0x5c, 0x47, + 0x6c, 0x67, 0xf4, 0x0e, 0x18, 0x25, 0xbb, 0x67, 0xfa, 0x11, + 0x70, 0xd5, 0xbc, 0x3a, 0x34, 0xae, 0xa2, 0x76, 0x4b, 0x9f, + 0x59, 0x01, 0x18, 0x69, 0x44, 0xc4, 0x8a, 0xff, 0x00, 0xfc, + 0x2a, 0x45, 0xa9, 0x50, 0x8e, 0x37, 0x6b, 0x78, 0x14, 0x69, + 0xe7, 0x92, 0x3d, 0xf1, 0x34, 0xd5, 0x5c, 0x48, 0xc2, 0x50, + 0xb3, 0x0c, 0x7d, 0x54, 0x05, 0x31, 0x1e, 0xce, 0xaa, 0xc1, + 0x4c, 0xc9, 0x13, 0x33, 0x26, 0x1f, 0x56, 0x7e, 0x7e, 0x74, + 0xd3, 0x78, 0x3e, 0x00, 0x4a, 0xc8, 0xc6, 0x20, 0x5b, 0xb8, + 0x80, 0xb4, 0x13, 0x35, 0x23, 0xff, 0x50, 0xde, 0x25, 0x92, + 0x67, 0x08, 0xb8, 0xa3, 0xb6, 0x39, 0xd4, 0x30, 0xdc, 0xa5, + 0x88, 0x8a, 0x44, 0x08, 0x8b, 0x6d, 0x2e, 0xb8, 0xf3, 0x0d, + 0x23, 0xda, 0x35, 0x08, 0x5a, 0x92, 0xe1, 0x40, 0xac, 0xc7, + 0x15, 0x05, 0x8a, 0xdf, 0xe5, 0x71, 0xd8, 0xe0, 0xd7, 0x9f, + 0x58, 0x03, 0xf4, 0xec, 0x99, 0x3c, 0xb0, 0xe0, 0x07, 0x42, + 0x9b, 0xa0, 0x10, 0x7c, 0x24, 0x60, 0x19, 0xe8, 0x84, 0xd4, + 0xb1, 0x86, 0x19, 0x0a, 0x52, 0x70, 0x6e, 0xc2, 0x3c, 0xe2, + 0x73, 0x8d, 0xfe, 0xf8, 0x7e, 0xdf, 0x78, 0xe7, 0x92, 0x36, + 0x10, 0xf7, 0x2d, 0x76, 0x93, 0x8a, 0x0f, 0x20, 0xc8, 0x30, + 0x59, 0x81, 0xff, 0x3b, 0x70, 0x22, 0xce, 0x6e, 0x23, 0x68, + 0x35, 0x59, 0x0e, 0xcf, 0xf8, 0xf6, 0xcd, 0x45, 0xb6, 0x41, + 0xba, 0xda, 0xe6, 0x35, 0x0b, 0xd1, 0xef, 0xa5, 0x7c, 0xe0, + 0xb9, 0x6f, 0x5b, 0xa9, 0xab, 0x87, 0xe3, 0x3b, 0x92, 0xce, + 0xbe, 0xfe, 0xf7, 0xab, 0x82, 0xa3, 0xe6, 0xbd, 0xfe, 0xce, + 0xa6, 0x17, 0xcb, 0x4c, 0xb4, 0x4c, 0xd6, 0xfe, 0xbb, 0x1c, + 0x10, 0xde, 0x29, 0x3e, 0x92, 0x66, 0x20, 0xf8, 0xee, 0x83, + 0x86, 0x66, 0xe0, 0x66, 0x97, 0x85, 0xaf, 0x3a, 0x8f, 0xa9, + 0x97, 0x09, 0xde, 0x77, 0xda, 0xb7, 0x81, 0x41, 0x10, 0xca, + 0x66, 0x00, 0xec, 0xf8, 0x46, 0x73, 0xa6, 0x24, 0x36, 0xec, + 0x25, 0xbe, 0x93, 0x5e, 0x74, 0x9f, 0xbe, 0xf4, 0x84, 0x15, + 0x9c, 0xc5, 0x43, 0xd9, 0xea, 0x5a, 0xcc, 0x2c, 0x4e, 0x2e, + 0x4e, 0x32, 0xa6, 0x88, 0xb1, 0x25, 0x34, 0xf7, 0xba, 0xab, + 0xd3, 0xa0, 0xc2, 0x06, 0x70, 0xed, 0x66, 0x4d, 0x71, 0x34, + 0xaf, 0x10, 0x99, 0x10, 0x11, 0x4f, 0xe4, 0x7d, 0x42, 0x03, + 0x04, 0x02, 0xc2, 0x41, 0x85, 0x1e, 0xc4, 0xca, 0xae, 0xf0, + 0x83, 0x78, 0x34, 0x98, 0x55, 0x8b, 0x4c, 0xa0, 0x14, 0xea, + 0x15, 0x2c, 0xa1, 0x30, 0xd8, 0xcf, 0xac, 0xd4, 0xca, 0xf7, + 0xf4, 0xc4, 0x20, 0xca, 0xa1, 0xef, 0xce, 0x5d, 0x6b, 0x32, + 0xb6, 0xf0, 0x22, 0x08, 0x49, 0x21, 0x0c, 0x57, 0x0f, 0xf8, + 0xc0, 0xd2, 0xe3, 0xc0, 0xa6, 0x31, 0xc7, 0x87, 0x96, 0xa9, + 0xfe, 0x69, 0xa0, 0x7f, 0xf7, 0x8e, 0x31, 0x92, 0x37, 0xce, + 0xde, 0x36, 0x3f, 0xf5, 0x7d, 0x07, 0xaa, 0xa9, 0x43, 0xee, + 0x3c, 0x8c, 0xd3, 0x7d, 0x2c, 0xa6, 0xc3, 0x98, 0xab, 0xbe, + 0x90, 0x4c, 0xa5, 0x5a, 0x27, 0xeb, 0x0e, 0xed, 0xa1, 0x1e, + 0x3e, 0x44, 0xa3, 0x4b, 0x49, 0xad, 0xe4, 0x19, 0x90, 0xc8, + 0x9e, 0x6e, 0x5b, 0x68, 0xbc, 0x37, 0x54, 0xaf, 0xa6, 0xb7, + 0x71, 0x5c, 0x5d, 0x74, 0x83, 0xf4, 0xb9, 0x2f, 0xe5, 0x1a, + 0x0c, 0x73, 0x30, 0x56, 0x82, 0x04, 0xb3, 0x0e, 0x32, 0x98, + 0xfd, 0x27, 0xa0, 0xfe, 0xe0, 0xe0, 0xf5, 0xb7, 0xe0, 0x47, + 0x2a, 0xa6, 0x4a, 0xe0, 0xfc, 0xb5, 0xd8, 0xfd, 0x01, 0xfe, + 0x4e, 0x96, 0x17, 0x06, 0xcc, 0x92, 0x7c, 0xa1, 0x2f, 0xb5, + 0x04, 0x08, 0x76, 0xcc, 0x40, 0x75, 0x37, 0x4d, 0x2c, 0x74, + 0xcd, 0xc7, 0x62, 0xa6, 0xe6, 0xd8, 0x9e, 0x21, 0x7f, 0x2e, + 0xf5, 0x2c, 0xcf, 0x0b, 0x3f, 0xd7, 0xed, 0x17, 0xee, 0x92, + 0xaf, 0xf9, 0xa4, 0x71, 0x5d, 0x5f, 0x81, 0xb9, 0x2f, 0x12, + 0xe5, 0x57, 0x2d, 0x1e, 0xf1, 0x67, 0x47, 0x2a, 0xde, 0xab, + 0xf2, 0xea, 0xb7, 0xb5, 0x83, 0xdc, 0x46, 0xd4, 0xf3, 0x25, + 0x65, 0x15, 0x4d, 0x66, 0x34, 0x54, 0xab, 0x94, 0x89, 0x80, + 0x39, 0xd3, 0x39, 0xe3, 0xa2, 0xb1, 0x91, 0x2a, 0x5e, 0x55, + 0xe1, 0xa4, 0x0f, 0xc3, 0x4b, 0x5a, 0xa5, 0x4a, 0xb3, 0xc0, + 0x40, 0xea, 0x16, 0x0c, 0xd5, 0x2d, 0x83, 0x3e, 0x28, 0x20, + 0xac, 0x0a, 0x1b, 0x5b, 0x87, 0xcf, 0xf1, 0x51, 0xd6, 0xda, + 0xd1, 0xc9, 0xb1, 0x27, 0xf5, 0x62, 0x03, 0x10, 0xcf, 0x76, + 0x28, 0xa2, 0xea, 0x4b, 0x76, 0xaf, 0x9c, 0x3d, 0xf1, 0x1b, + 0x92, 0xff, 0xb0, 0xca, 0x16, 0xa2, 0x29, 0x94, 0x0e, 0x1e, + 0x51, 0xfb, 0xe1, 0x2b, 0x5a, 0x50, 0xfd, 0xaf, 0xab, 0xd7, + 0x32, 0xaa, 0x43, 0xa7, 0xcb, 0xd3, 0xd3, 0xe9, 0x1e, 0xb1, + 0x70, 0xd2, 0xbb, 0x15, 0x68, 0x49, 0xee, 0x6e, 0x1e, 0xc5, + 0x64, 0x4b, 0x26, 0x08, 0xe7, 0x32, 0x1c, 0x1d, 0x73, 0x8f, + 0x42, 0xfe, 0xeb, 0x67, 0x89, 0x42, 0x25, 0x40, 0xd6, 0x15, + 0x02, 0x55, 0x87, 0xe3, 0x87, 0xdd, 0x78, 0xc1, 0x01, 0x94, + 0xbc, 0x30, 0x5f, 0xbd, 0x89, 0xe1, 0xb0, 0x5c, 0xcd, 0xb7, + 0x68, 0xd5, 0xbb, 0xf4, 0xa0, 0x5d, 0x3d, 0xdd, 0x89, 0x12, + 0xc7, 0xb8, 0x5d, 0x51, 0x8a, 0xf4, 0xd5, 0x05, 0xc6, 0xdd, + 0x7b, 0x44, 0x38, 0xce, 0xb1, 0x24, 0x24, 0xe1, 0x9d, 0xc7, + 0x80, 0x86, 0x46, 0x2a, 0xd2, 0xa4, 0x0f, 0xec, 0xd3, 0x6b, + 0x31, 0xc0, 0x05, 0x31, 0xff, 0xf5, 0x1a, 0x33, 0x35, 0x68, + 0x2e, 0x68, 0x24, 0xbd, 0x62, 0xfc, 0x46, 0x79, 0x54, 0x5e, + 0x1e, 0x27, 0x93, 0x07, 0xed, 0x78, 0x94, 0x50, 0x42, 0x98, + 0x53, 0x88, 0xb7, 0x57, 0x04, 0x7d, 0xe2, 0xe1, 0xb5, 0x61, + 0x9e, 0x5a, 0x88, 0x31, 0x3e, 0x6c, 0x69, 0xbc, 0x8a, 0xe6, + 0xbc, 0x9d, 0x20, 0x7a, 0x86, 0xe5, 0x73, 0x93, 0x02, 0xc5, + 0xde, 0xdc, 0xcc, 0xbf, 0x89, 0x76, 0xdc, 0x4e, 0xa1, 0x89, + 0xe7, 0x95, 0x75, 0x01, 0xf7, 0x43, 0xaa, 0x3f, 0x1b, 0xb7, + 0x8c, 0x92, 0x66, 0x22, 0xbe, 0x34, 0xf1, 0x2f, 0xc3, 0xc7, + 0x21, 0xaf, 0x25, 0x57, 0x9a, 0x2c, 0x80, 0xf0, 0xb3, 0xdd, + 0xb3, 0xb2, 0x82, 0x97, 0x85, 0x73, 0xa9, 0x76, 0xe4, 0x37, + 0xa2, 0x65, 0xf9, 0xc1, 0x3d, 0x11, 0xbf, 0xcb, 0x3c, 0x8e, + 0xdd, 0xaf, 0x98, 0x57, 0x6a, 0xe1, 0x33, 0xe7, 0xf0, 0xff, + 0xed, 0x61, 0x53, 0xfe, 0x1e, 0x2d, 0x06, 0x2f, 0xb8, 0x9e, + 0xf9, 0xa5, 0x21, 0x06, 0xf3, 0x72, 0xf6, 0xa3, 0x77, 0xbb, + 0x63, 0x6e, 0x52, 0xb2, 0x42, 0x47, 0x9b, 0x92, 0x4c, 0xf8, + 0xd2, 0xe6, 0x02, 0xa5, 0x57, 0x2d, 0x6f, 0x30, 0x05, 0xe2, + 0xfd, 0x33, 0xe5, 0xb6, 0x23, 0x85, 0x89, 0x4a, 0x99, 0x20, + 0x33, 0xea, 0x2f, 0xcd, 0x28, 0x27, 0xff, 0xfd, 0x2e, 0x73, + 0x52, 0x29, 0x19, 0x7c, 0x65, 0xf5, 0x6a, 0xaa, 0x97, 0x6e, + 0xe9, 0x42, 0xa8, 0x55, 0x97, 0x56, 0x92, 0x9d, 0xd2, 0xd1, + 0xc4, 0x30, 0xaa, 0x95, 0x86, 0xba, 0x71, 0xdd, 0x2f, 0xf1, + 0xed, 0x66, 0x54, 0x78, 0x4b, 0x13, 0x31, 0xed, 0x9d, 0x2c, + 0xae, 0x0a, 0xc3, 0xca, 0xfb, 0x3f, 0x92, 0x92, 0x30, 0xa3, + 0x8e, 0xc8, 0x6d, 0x7b, 0x42, 0xd5, 0x5d, 0x99, 0x79, 0x42, + 0x28, 0x63, 0x9f, 0x97, 0x8e, 0x94, 0x6d, 0x1d, 0xb4, 0x21, + 0x39, 0xc7, 0x64, 0x48, 0x44, 0x5e, 0x15, 0x10, 0x45, 0x9f, + 0x8a, 0x01, 0x45, 0x20, 0x5c, 0xd1, 0x28, 0x0d, 0xe9, 0xfb, + 0xa9, 0x72, 0x68, 0x07, 0x31, 0x20, 0x75, 0x76, 0x82, 0x76, + 0x5d, 0x7c, 0xc1, 0x5d, 0x42, 0x40, 0xfd, 0x06, 0xa9, 0x66, + 0xb0, 0x36, 0x55, 0x86, 0x6c, 0x96, 0xbd, 0xb8, 0xf7, 0x36, + 0x87, 0xf2, 0xa1, 0x37, 0xd8, 0x2d, 0x83, 0xf5, 0xdc, 0xd8, + 0xde, 0x9e, 0x69, 0xd6, 0xe1, 0x0d, 0xd5, 0x93, 0xc5, 0xee, + 0xba, 0xd3, 0x40, 0x71, 0xbb, 0xc7, 0xbb, 0x50, 0x1a, 0x10, + 0x80, 0x99, 0x62, 0x1c, 0xe3, 0x1f, 0xa2, 0xcc, 0x98, 0xe1, + 0xaa, 0xff, 0xd9, 0x69, 0xe7, 0x87, 0x04, 0x87, 0x76, 0xec, + 0x55, 0x18, 0xaf, 0x82, 0x34, 0x4d, 0x4f, 0xf7, 0x57, 0x1f, + 0xa5, 0x43, 0xcc, 0xe9, 0x7a, 0x4a, 0xc8, 0xb4, 0x1f, 0x61, + 0x40, 0x5e, 0x1d, 0x11, 0xdd, 0xdc, 0xdc, 0xb4, 0x57, 0xf9, + 0x47, 0x96, 0xbc, 0x47, 0x29, 0xf8, 0xf2, 0x43, 0xc4, 0xa0, + 0x8c, 0x14, 0x5e, 0x73, 0x52, 0xac, 0xac, 0x39, 0x3b, 0x06, + 0x19, 0x1a, 0xca, 0x22, 0xc8, 0x96, 0x12, 0x2e, 0x4c, 0x7b, + 0xa0, 0x96, 0x53, 0x16, 0xce, 0x6d, 0x6e, 0xac, 0xb2, 0x07, + 0x17, 0x22, 0x07, 0x30, 0x20, 0x84, 0x9b, 0x0e, 0x92, 0x31, + 0x07, 0xe2, 0x77, 0xcd, 0x6a, 0x3e, 0x16, 0x4f, 0xd6, 0x12, + 0x88, 0x8a, 0x70, 0x5a, 0x87, 0xd8, 0xb9, 0xef, 0x76, 0xab, + 0x14, 0x65, 0x87, 0x3a, 0xef, 0xd8, 0x0e, 0x24, 0x40, 0x73, + 0x93, 0x2b, 0xbf, 0xac, 0xfe, 0x96, 0x8a, 0x9d, 0x12, 0xe6, + 0xc1, 0x5b, 0x00, 0x3b, 0x23, 0xee, 0xe2, 0x10, 0xb6, 0xbe, + 0x0e, 0x2f, 0xa2, 0x77, 0x16, 0x17, 0xfc, 0x4b, 0x2c, 0xd7, + 0x9c, 0xad, 0x66, 0xb4, 0xf2, 0xfd, 0xc1, 0xaf, 0x81, 0x12, + 0xd9, 0xed, 0x14, 0x32, 0xcf, 0x1b, 0xee, 0xc6, 0x63, 0xe8, + 0xe5, 0xe6, 0xb6, 0x91, 0x8d, 0x1b, 0x90, 0x75, 0x5d, 0x69, + 0x4c, 0x5d, 0xd6, 0xac, 0x79, 0xe8, 0xb6, 0xdf, 0xbf, 0x43, + 0x39, 0xd3, 0xb8, 0xf0, 0x39, 0xf4, 0x90, 0xaf, 0x73, 0x26, + 0xc7, 0x73, 0x6f, 0x93, 0xbb, 0xce, 0x6e, 0xdc, 0x1c, 0xd0, + 0x36, 0x23, 0x17, 0xb2, 0x39, 0x37, 0x15, 0xf5, 0x3a, 0x61, + 0xa9, 0x15, 0x52, 0x6e, 0xc5, 0x3a, 0x63, 0x79, 0x5d, 0x45, + 0xdc, 0x3a, 0xd5, 0x26, 0x01, 0x56, 0x97, 0x80, 0x7f, 0x83, + 0xf9, 0xec, 0xde, 0xa0, 0x2e, 0x7a, 0xb2, 0x4b, 0x04, 0x63, + 0x60, 0x05, 0xce, 0x96, 0xeb, 0xe0, 0x0a, 0x5f, 0xb0, 0x7e, + 0x6d, 0x0a, 0x24, 0x32, 0x47, 0x82, 0x7f, 0x0b, 0xd7, 0xe9, + 0xd5, 0x14, 0xa9, 0x6b, 0x10, 0x5d, 0x1e, 0x1f, 0x8a, 0xad, + 0x70, 0x91, 0xd4, 0x33, 0x1d, 0xc2, 0x3e, 0xf8, 0xc8, 0x52, + 0x9a, 0x27, 0x1f, 0x45, 0x2f, 0xb5, 0xc7, 0xb1, 0x8b, 0xf9, + 0xc6, 0x7b, 0xb5, 0x92, 0x7a, 0xdd, 0xeb, 0x07, 0x6c, 0x6f, + 0x11, 0xd7, 0x5b, 0x56, 0x56, 0xec, 0x88, 0x1c, 0xc9, 0xb4, + 0xe8, 0x43, 0xab, 0xdf, 0x0b, 0xc5, 0x28, 0xba, 0x70, 0x5d, + 0xd3, 0xb2, 0xe2, 0xcf, 0xa7, 0xbb, 0x53, 0x04, 0x6b, 0x73, + 0xdf, 0x27, 0xa6, 0x63, 0x58, 0xe1, 0x39, 0x26, 0x2a, 0x1a, + 0x21, 0xec, 0xbb, 0x5f, 0x46, 0x98, 0x3d, 0x48, 0x66, 0xfe, + 0xf3, 0xcb, 0xfc, 0x6e, 0x99, 0x82, 0x91, 0xce, 0x53, 0xfd, + 0x75, 0xc9, 0xb6, 0x08, 0xa8, 0xf3, 0xe4, 0xe0, 0xa0, 0x24, + 0x45, 0xb4, 0x69, 0x11, 0xac, 0x06, 0x1c, 0x39, 0x71, 0xcf, + 0x72, 0xfc, 0x77, 0x9b, 0x5f, 0xf4, 0x8b, 0x02, 0x31, 0xf3, + 0x67, 0xd1, 0x9b, 0xe0, 0x49, 0xa4, 0x69, 0x20, 0x99, 0x38, + 0xa7, 0xf5, 0x43, 0xd2, 0x45, 0x9f, 0x7a, 0xe7, 0xad, 0x7e, + 0x36, 0xee, 0xfd, 0x8c, 0xc5, 0x6a, 0x12, 0x58, 0x15, 0x3b, + 0x02, 0x81, 0x73, 0x8b, 0x10, 0xda, 0x21, 0xc7, 0x1d, 0x38, + 0xd8, 0x40, 0x7a, 0xa3, 0x59, 0x55, 0x35, 0x44, 0xa9, 0x9c, + 0xf5, 0xf4, 0xe4, 0x14, 0xc1, 0xc4, 0x15, 0x26, 0x01, 0xe3, + 0x31, 0xbf, 0xdc, 0xbc, 0x69, 0x0b, 0xcf, 0x71, 0x8c, 0xdb, + 0x16, 0xab, 0x36, 0x3e, 0xb3, 0xa4, 0x9f, 0xcc, 0xbf, 0xa2, + 0x93, 0x93, 0x9a, 0x3b, 0xaf, 0x72, 0x8d, 0x8b, 0x92, 0x44, + 0x5d, 0x6f, 0xc5, 0xf0, 0xdc, 0x65, 0x62, 0xea, 0xba, 0x33, + 0xe7, 0x6c, 0xa4, 0x35, 0xcf, 0xd9, 0xbc, 0x3c, 0xbf, 0x25, + 0x7b, 0x7c, 0x0b, 0x62, 0x92, 0x5a, 0x66, 0x63, 0xe1, 0x27, + 0x89, 0x12, 0xe2, 0xae, 0xb7, 0xf8, 0x04, 0x70, 0xda, 0x4a, + 0x3d, 0xa6, 0x67, 0x12, 0x14, 0x9e, 0x8e, 0xdc, 0xa2, 0xf2, + 0x3d, 0xc7, 0xd2, 0x8f, 0x18, 0x3a, 0x53, 0x8c, 0x83, 0x5d, + 0x66, 0xbb, 0x9f, 0x8c, 0xaf, 0xa8, 0x73, 0x08, 0x2e, 0x6d, + 0x30, 0xa0, 0xd0, 0x20, 0x94, 0x48, 0xad, 0x5e, 0x31, 0xfd, + 0x5e, 0xfd, 0xf9, 0xb5, 0xa2, 0x39, 0xa3, 0xb9, 0xdf, 0x4d, + 0xa4, 0xb1, 0x54, 0xcc, 0x92, 0x63, 0x2c, 0x66, 0x2d, 0x01, + 0x88, 0x8b, 0x7d, 0xc6, 0x5c, 0x9f, 0x18, 0x9a, 0x53, 0x91, + 0x59, 0x66, 0x70, 0xd7, 0x81, 0x0e, 0xa1, 0x3c, 0x7e, 0x86, + 0x85, 0x64, 0x38, 0x6f, 0xec, 0x76, 0x57, 0x80, 0x41, 0x9d, + 0xef, 0x61, 0xb8, 0xb2, 0x8a, 0xeb, 0xe9, 0x26, 0xbb, 0x69, + 0xb3, 0x8d, 0xd4, 0x6b, 0x05, 0xd8, 0x55, 0x1c, 0xbd, 0x9f, + 0x6b, 0x23, 0x46, 0x2b, 0xf7, 0xfb, 0x4d, 0x33, 0x3b, 0x21, + 0x6d, 0xea, 0x1b, 0x15, 0xaf, 0x0f, 0x8c, 0x98, 0xc8, 0xf4, + 0xd1, 0x3c, 0xdd, 0x21, 0xd0, 0x45, 0xdc, 0xaf, 0x89, 0x89, + 0xbf, 0xde, 0xbf, 0x46, 0x9e, 0x9e, 0x18, 0x56, 0x9d, 0x05, + 0x4d, 0x63, 0x5f, 0x1c, 0xd9, 0x15, 0xd1, 0x43, 0x17, 0x0c, + 0x48, 0x3d, 0x36, 0x8b, 0x14, 0x87, 0xc8, 0x10, 0x44, 0xdf, + 0x9c, 0xfd, 0x6e, 0x88, 0x88, 0xae, 0x7f, 0x7f, 0x67, 0xa3, + 0x33, 0x4d, 0xa3, 0x84, 0x8b, 0x58, 0x07, 0x17, 0xd8, 0x1d, + 0x9e, 0x43, 0xd6, 0x41, 0x9c, 0xff, 0xfa, 0x35, 0xa2, 0x42, + 0xa9, 0x5d, 0xa9, 0x4b, 0x95, 0x23, 0x6a, 0x6e, 0x42, 0xd7, + 0xa2, 0x0a, 0x70, 0x00, 0x61, 0x8b, 0x45, 0xbb, 0xac, 0x20, + 0x27, 0xcd, 0xfc, 0x61, 0x17, 0xfe, 0xab, 0x6b, 0xe8, 0xe0, + 0x51, 0xab, 0xa3, 0xbf, 0xe4, 0x85, 0x69, 0x8e, 0xd7, 0xa6, + 0x62, 0x33, 0x8f, 0x7c, 0xba, 0x48, 0xfa, 0x83, 0x94, 0xa5, + 0xdf, 0xa1, 0x76, 0xdc, 0xa9, 0x4b, 0x3c, 0x27, 0xff, 0xd9, + 0xbe, 0xf4, 0x80, 0x5a, 0xca, 0x33, 0xf3, 0x9a, 0x1d, 0xf8, + 0xf3, 0xe1, 0x83, 0x27, 0x0b, 0x59, 0x87, 0x31, 0x7d, 0x4f, + 0x5a, 0x5e, 0xe1, 0xbe, 0xa9, 0x68, 0xe9, 0x6f, 0x10, 0x0a, + 0xe2, 0x70, 0x05, 0xaa, 0xcb, 0xdd, 0x41, 0xd7, 0x49, 0x8a, + 0x98, 0xa0, 0x40, 0x2d, 0xc6, 0x56, 0x49, 0xca, 0x60, 0x16, + 0x9c, 0x38, 0xc9, 0xfe, 0x99, 0x15, 0xfb, 0x79, 0x01, 0x33, + 0xcd, 0x54, 0x2f, 0xf3, 0x70, 0x37, 0x82, 0x36, 0x32, 0x76, + 0x8f, 0x63, 0x00, 0xa2, 0x42, 0xce, 0x39, 0x90, 0xfc, 0xf8, + 0xff, 0x34, 0x38, 0x0a, 0x17, 0x5e, 0x9d, 0x34, 0x86, 0xde, + 0x33, 0x45, 0xac, 0xbf, 0x81, 0xdf, 0xd2, 0xbc, 0xc7, 0xd7, + 0xd1, 0xee, 0xde, 0x2b, 0x5b, 0x50, 0x56, 0xb5, 0x88, 0x00, + 0x92, 0x76, 0x5a, 0x34, 0x0c, 0xfe, 0x8f, 0xc5, 0xa0, 0x92, + 0xb0, 0xed, 0x43, 0xe7, 0x81, 0x39, 0x36, 0x6e, 0xb7, 0x4d, + 0x5b, 0xcf, 0xc7, 0xf0, 0x83, 0xe5, 0xdc, 0xb7, 0x74, 0xf4, + 0xf3, 0xbd, 0xa8, 0xa6, 0x7b, 0xe0, 0xc5, 0x50, 0xaa, 0xc7, + 0x83, 0x4d, 0xd9, 0xc5, 0x97, 0x03, 0x7c, 0x0c, 0x3b, 0x3a, + 0x18, 0xb2, 0x8c, 0xee, 0x67, 0x91, 0x38, 0x84, 0x8f, 0xef, + 0xb4, 0xf4, 0xe4, 0x7c, 0x1a, 0x3f, 0xa3, 0x0a, 0xd9, 0xba, + 0xff, 0x56, 0xd8, 0xe2, 0x82, 0xfc, 0x58, 0x8f, 0xf6, 0x12, + 0x10, 0x65, 0x6a, 0x68, 0x53, 0x2d, 0x9f, 0x2c, 0x77, 0xd1, + 0xb8, 0x21, 0x8a, 0xcb, 0xe9, 0xd4, 0x25, 0x18, 0x22, 0x46, + 0x3e, 0x72, 0x29, 0x2a, 0x68, 0x70, 0x73, 0xe2, 0x61, 0xa2, + 0xa8, 0x1f, 0x24, 0x48, 0x92, 0xa0, 0xd4, 0xdd, 0xde, 0xe5, + 0x02, 0x1b, 0x59, 0x5c, 0x7e, 0x92, 0x9c, 0xd8, 0xf4, 0x2d, + 0x6b, 0x79, 0x7b, 0xc7, 0xcd, 0xef, 0x21, 0x2a, 0x50, 0x7e, + 0xba, 0xdd, 0x02, 0x45, 0x7e, 0xc1, 0xdd, 0xeb, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x03, 0x0c, 0x15, 0x1c, 0x22, 0x28 + }; +#endif + wc_test_ret_t ret; + + ret = dilithium_param_vfy_test(WC_ML_DSA_65, ml_dsa_65_pub_key, + (word32)sizeof(ml_dsa_65_pub_key), ml_dsa_65_sig, + (word32)sizeof(ml_dsa_65_sig)); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (ret == 0) { + ret = dilithium_param_vfy_test(WC_ML_DSA_65_DRAFT, + ml_dsa_65_draft_pub_key, (word32)sizeof(ml_dsa_65_draft_pub_key), + ml_dsa_65_draft_sig, (word32)sizeof(ml_dsa_65_draft_sig)); + } +#endif + + return ret; +} +#endif + +#ifndef WOLFSSL_NO_ML_DSA_87 +static wc_test_ret_t dilithium_param_87_vfy_test(void) +{ + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_pub_key[] = { + 0x8a, 0x66, 0xe3, 0x6e, 0x3c, 0x11, 0x70, 0x9f, 0x82, 0xdd, 0xeb, 0x9e, + 0xc0, 0xd7, 0x25, 0x87, 0x0c, 0x65, 0x07, 0x9d, 0x47, 0x39, 0x5d, 0x04, + 0x42, 0x5c, 0xd6, 0x0a, 0xdc, 0x39, 0x44, 0x04, 0xd9, 0x79, 0x43, 0x87, + 0x98, 0x64, 0x88, 0x82, 0x3a, 0x31, 0xbd, 0xec, 0x66, 0xcb, 0x01, 0x90, + 0xf9, 0x85, 0xcc, 0xde, 0x54, 0x69, 0x7d, 0x84, 0xb3, 0x84, 0x3c, 0x42, + 0x0d, 0x09, 0x63, 0xdb, 0xe6, 0x5d, 0xc2, 0x8a, 0xcf, 0xe1, 0xf4, 0x86, + 0x13, 0x05, 0x09, 0x9a, 0x4d, 0x05, 0xd4, 0x31, 0xe7, 0x27, 0x39, 0xfd, + 0x3a, 0xdb, 0x63, 0x9f, 0x1c, 0x67, 0x0b, 0x01, 0xec, 0xf9, 0xff, 0xf3, + 0xda, 0xa9, 0xf4, 0x9a, 0x59, 0x52, 0x76, 0xc2, 0xd2, 0xd5, 0xdd, 0x8d, + 0xb1, 0xa2, 0xef, 0xb3, 0x73, 0x99, 0xe3, 0xcd, 0x1c, 0xf5, 0xca, 0x6e, + 0x39, 0xfa, 0x26, 0x83, 0x45, 0xe7, 0xd0, 0x9c, 0x1b, 0xf7, 0xb2, 0x64, + 0xf1, 0x70, 0x00, 0x10, 0xc0, 0x7c, 0x7f, 0xb2, 0x32, 0xce, 0x6d, 0x71, + 0xa5, 0x43, 0x7c, 0x40, 0x71, 0x09, 0x54, 0x74, 0xac, 0xb5, 0xeb, 0xe0, + 0x04, 0x02, 0xe5, 0x82, 0x4d, 0x5a, 0x85, 0x1e, 0x19, 0x86, 0x39, 0x33, + 0x92, 0x2f, 0xa9, 0xa8, 0x10, 0xd2, 0x31, 0x60, 0x16, 0x08, 0x99, 0xe3, + 0x2c, 0x93, 0x13, 0xc4, 0x4b, 0x10, 0xe0, 0x42, 0xca, 0x3f, 0x32, 0xa7, + 0xa4, 0xd2, 0xfc, 0x9c, 0x93, 0xb6, 0x5f, 0xe2, 0x5b, 0x6e, 0x40, 0x0c, + 0x63, 0xf8, 0xf8, 0xe1, 0x2d, 0xcd, 0x86, 0x07, 0x79, 0xdb, 0x61, 0xad, + 0x24, 0xfd, 0x1e, 0x66, 0x3e, 0x8d, 0x76, 0xba, 0x98, 0x8e, 0x94, 0xc7, + 0x57, 0xb1, 0x65, 0xce, 0x4f, 0x97, 0xfa, 0x34, 0x7c, 0x97, 0x6b, 0xcd, + 0x3c, 0x42, 0x81, 0xa4, 0xd1, 0x75, 0xeb, 0x6d, 0x0c, 0x31, 0x0e, 0x6f, + 0xd5, 0x75, 0xe7, 0xff, 0x83, 0xdd, 0x7a, 0x4d, 0x83, 0x67, 0xa7, 0x4b, + 0xc1, 0x74, 0xad, 0x37, 0x38, 0x99, 0xe0, 0xf5, 0x5a, 0x44, 0x36, 0xa2, + 0x20, 0x2b, 0xfc, 0xc9, 0xfa, 0x68, 0xcb, 0xf0, 0x6f, 0x0a, 0x46, 0x1d, + 0xb5, 0xca, 0x5b, 0x96, 0x1b, 0x3a, 0xaf, 0x7d, 0x01, 0x7a, 0xd2, 0x09, + 0xcc, 0xd4, 0xe4, 0xb1, 0x49, 0x34, 0x56, 0x68, 0x9c, 0x0f, 0x23, 0xe9, + 0xb3, 0x4b, 0xed, 0x3d, 0xe7, 0x8d, 0x19, 0x6e, 0xe6, 0xfa, 0x06, 0x55, + 0xb8, 0x06, 0x4d, 0xa8, 0x45, 0x20, 0x91, 0xf7, 0xfa, 0x0b, 0x6b, 0xce, + 0x55, 0xa7, 0x14, 0x1b, 0xf9, 0xea, 0xc5, 0x79, 0x78, 0xf7, 0x3a, 0xd9, + 0xfc, 0x07, 0x43, 0x06, 0x90, 0x94, 0x5e, 0xc9, 0x48, 0x51, 0xe5, 0x96, + 0x68, 0x78, 0xc8, 0xcb, 0xd1, 0xf3, 0x65, 0xef, 0x14, 0x91, 0xa3, 0xca, + 0x8b, 0x77, 0x40, 0x84, 0xf4, 0x2e, 0xe7, 0x56, 0xe3, 0xab, 0xa0, 0xa8, + 0x61, 0x93, 0x17, 0x95, 0x9e, 0xff, 0x3a, 0xd4, 0x12, 0xea, 0x13, 0xe6, + 0x82, 0x16, 0xed, 0x14, 0x70, 0x91, 0xcc, 0x72, 0x58, 0x99, 0xa1, 0x7f, + 0xf3, 0x84, 0x10, 0xf4, 0x01, 0x0d, 0x05, 0x45, 0x4d, 0xca, 0x05, 0x03, + 0x75, 0x7e, 0xbb, 0x44, 0x2e, 0xf5, 0xee, 0xed, 0x64, 0x9b, 0xd3, 0xde, + 0x3e, 0xfc, 0x31, 0x8c, 0xca, 0x23, 0x66, 0x25, 0xac, 0x5f, 0x0f, 0x33, + 0x0f, 0xd2, 0xe9, 0xc9, 0x96, 0x2a, 0xe2, 0xb8, 0xed, 0x93, 0xd3, 0x78, + 0xd8, 0x81, 0xe4, 0x52, 0x9a, 0xc6, 0x64, 0x1d, 0x2d, 0x5f, 0x93, 0x9a, + 0x2e, 0x73, 0xc4, 0x17, 0xae, 0xc6, 0x08, 0x0d, 0x2d, 0xe9, 0x4b, 0x10, + 0x29, 0xa8, 0x4e, 0x8c, 0x08, 0x59, 0x87, 0x10, 0x0d, 0x5d, 0xfa, 0xec, + 0xd6, 0x42, 0xf6, 0x5c, 0xa4, 0x0d, 0xaa, 0x64, 0x8e, 0x20, 0xa5, 0x50, + 0x9f, 0x0b, 0x85, 0x37, 0x57, 0x15, 0x7c, 0xb1, 0xe4, 0xdd, 0xd5, 0x19, + 0x3b, 0x10, 0x7d, 0x22, 0xdb, 0x53, 0x8b, 0x7b, 0x32, 0xf7, 0xf2, 0x24, + 0x92, 0xb2, 0x05, 0xd1, 0xfd, 0xfc, 0x11, 0xd6, 0xfd, 0x3c, 0x8d, 0xd7, + 0xb0, 0x58, 0x50, 0x06, 0x84, 0x61, 0xa6, 0x78, 0x04, 0x1d, 0x7f, 0x92, + 0x0e, 0x8b, 0xb3, 0x63, 0x43, 0xc5, 0x30, 0x4c, 0xce, 0x2b, 0x44, 0x70, + 0x53, 0x7c, 0xb5, 0xbd, 0x30, 0xcb, 0x41, 0x19, 0x27, 0x69, 0xfe, 0x41, + 0x92, 0xae, 0xf0, 0x37, 0x33, 0xf0, 0x95, 0xe4, 0xe8, 0x4f, 0x75, 0x41, + 0x64, 0x87, 0xc5, 0x68, 0xd3, 0xce, 0xfa, 0xaa, 0xe8, 0x59, 0x88, 0xfe, + 0x24, 0x46, 0x27, 0x60, 0x71, 0x36, 0x78, 0x66, 0x3c, 0x36, 0x8e, 0xdb, + 0x90, 0x67, 0xa5, 0x6a, 0xfe, 0xd3, 0x23, 0x28, 0x91, 0x34, 0x24, 0x67, + 0x4b, 0x01, 0x6a, 0x0e, 0x02, 0xb7, 0xf0, 0xa8, 0xd4, 0x76, 0xd5, 0xa8, + 0x1c, 0xd3, 0xb3, 0x7d, 0x74, 0xc6, 0x17, 0x96, 0xa7, 0xf9, 0xad, 0x24, + 0x36, 0xd2, 0xeb, 0x34, 0x5a, 0xcc, 0x9c, 0x01, 0x99, 0xbe, 0x21, 0x4f, + 0x27, 0x9d, 0x6b, 0xca, 0x27, 0x1b, 0x60, 0x51, 0x41, 0x23, 0xe1, 0xcb, + 0xfc, 0x17, 0x2e, 0x1a, 0x4d, 0x3d, 0x51, 0xb3, 0x91, 0x8c, 0x53, 0x4d, + 0xd7, 0xbc, 0xa4, 0x07, 0xd7, 0x17, 0x19, 0x18, 0x61, 0x38, 0x4e, 0x05, + 0x81, 0x3f, 0x43, 0x8a, 0x00, 0x60, 0xdc, 0x30, 0xf4, 0x38, 0x3f, 0x93, + 0x82, 0x10, 0x29, 0x73, 0xa9, 0xbd, 0x63, 0x15, 0x7d, 0xac, 0x2e, 0xc9, + 0x05, 0xc1, 0x01, 0x41, 0x18, 0x5a, 0xc0, 0xc8, 0xc7, 0x81, 0x69, 0xe7, + 0x24, 0x21, 0x57, 0xaf, 0x88, 0x73, 0x7c, 0x53, 0x29, 0xae, 0x5a, 0xdf, + 0x76, 0x37, 0x56, 0x4f, 0x1f, 0x6b, 0xfd, 0x71, 0xbb, 0x80, 0x4a, 0xd7, + 0x53, 0x50, 0x10, 0x2d, 0xfc, 0x1a, 0xaf, 0x7c, 0x1f, 0xe8, 0xd0, 0x6c, + 0xa6, 0x45, 0x3d, 0xb5, 0x3d, 0xb2, 0xfc, 0x97, 0xa9, 0xbf, 0x7c, 0x0f, + 0x32, 0x7a, 0xcc, 0xa9, 0x2f, 0xd0, 0xc6, 0xe6, 0xcd, 0x04, 0x1d, 0x71, + 0x91, 0xb9, 0x59, 0x4b, 0xad, 0xa0, 0xde, 0x9e, 0xdc, 0x9c, 0x10, 0xeb, + 0x8d, 0xd6, 0x65, 0x57, 0xbc, 0x96, 0xfd, 0x0f, 0xcc, 0x73, 0xbe, 0x39, + 0x27, 0x99, 0x94, 0xf5, 0xe1, 0xbb, 0x32, 0xcd, 0x27, 0x7e, 0x08, 0xa0, + 0xd2, 0x92, 0x39, 0xeb, 0x71, 0xc8, 0xe8, 0x34, 0x57, 0x34, 0x4b, 0x20, + 0x3f, 0xe2, 0x68, 0xec, 0xc0, 0x8a, 0x71, 0xa3, 0x16, 0xa2, 0x91, 0x77, + 0xde, 0x41, 0x12, 0xa5, 0xf5, 0x2a, 0x63, 0x60, 0x55, 0xd0, 0x33, 0xa4, + 0xa7, 0x2e, 0xcb, 0x80, 0x08, 0xe5, 0x76, 0x16, 0x75, 0x04, 0x57, 0xe3, + 0x14, 0x71, 0x4e, 0x57, 0x29, 0x23, 0x0e, 0xc0, 0xcc, 0xad, 0xba, 0xdc, + 0x96, 0x5d, 0x23, 0x49, 0x42, 0xd8, 0x91, 0x08, 0x0d, 0x52, 0xf4, 0x5f, + 0xcd, 0xb7, 0x03, 0xaa, 0x73, 0x26, 0xa8, 0xd5, 0x5b, 0x0c, 0x85, 0xc8, + 0x84, 0x50, 0x9e, 0x70, 0x18, 0x45, 0x27, 0x82, 0x20, 0x75, 0xad, 0x52, + 0x5c, 0x80, 0x4b, 0xb1, 0x0b, 0x3b, 0x30, 0x39, 0x02, 0x54, 0x18, 0x5d, + 0x02, 0x9e, 0x85, 0x31, 0x4a, 0x07, 0x9c, 0x59, 0x5d, 0xab, 0x13, 0x4f, + 0x8f, 0x6e, 0x39, 0x20, 0xb2, 0xc5, 0x31, 0x93, 0xc6, 0xcc, 0xfb, 0xdc, + 0x15, 0xba, 0x3d, 0xcc, 0xbb, 0xd2, 0x6f, 0x04, 0x21, 0xdf, 0x0b, 0x27, + 0x5c, 0xd2, 0x6e, 0xfa, 0xda, 0x86, 0x5d, 0xe4, 0xca, 0xa4, 0x90, 0x22, + 0xa2, 0x80, 0xb5, 0x33, 0x17, 0xdb, 0x9b, 0x7b, 0x0a, 0xcc, 0x0f, 0x9b, + 0x38, 0x06, 0xdf, 0x10, 0x11, 0xa1, 0xd7, 0x2c, 0x24, 0xf0, 0xa8, 0x34, + 0x24, 0xfb, 0x99, 0xba, 0x0a, 0xb5, 0xa1, 0x94, 0x6c, 0x2d, 0xf8, 0xda, + 0x74, 0xaf, 0x19, 0x59, 0x84, 0xb2, 0x68, 0x1c, 0xef, 0xa1, 0xf5, 0x18, + 0x8f, 0x10, 0xf6, 0xb3, 0x6d, 0x33, 0x87, 0xe0, 0x25, 0xc8, 0x65, 0x5c, + 0x2f, 0x51, 0x07, 0x83, 0x69, 0x1b, 0xce, 0xa8, 0xe6, 0xe4, 0x27, 0x62, + 0x5d, 0x9b, 0x7f, 0xa7, 0x07, 0xc8, 0x54, 0x86, 0x90, 0xa5, 0x06, 0x6a, + 0x94, 0x80, 0x84, 0x97, 0xaa, 0x2a, 0xb9, 0x79, 0xe5, 0x19, 0x7a, 0x91, + 0xef, 0x8b, 0x58, 0xdc, 0xf9, 0x90, 0x94, 0xa2, 0x25, 0x4c, 0x69, 0xd8, + 0x6e, 0x9e, 0xad, 0xf8, 0x82, 0x17, 0x37, 0xc9, 0x20, 0x15, 0x24, 0x40, + 0xe5, 0xc6, 0xc1, 0xc7, 0xbd, 0xd4, 0x62, 0xff, 0x16, 0x6d, 0xa5, 0xec, + 0xe9, 0x67, 0x41, 0x9d, 0x3e, 0xfb, 0x22, 0x81, 0x80, 0x61, 0x37, 0x45, + 0xa5, 0x9f, 0x70, 0xff, 0xd4, 0x99, 0x3d, 0x79, 0x45, 0xd0, 0x27, 0xc2, + 0x32, 0xbe, 0xd4, 0xe2, 0x53, 0xa8, 0x8c, 0x94, 0x8b, 0xbe, 0x8a, 0x43, + 0xf7, 0x2a, 0x28, 0x49, 0xf4, 0xce, 0x2e, 0x0b, 0x98, 0xc7, 0xaf, 0x7d, + 0x51, 0x2e, 0xda, 0xd0, 0x7a, 0xfa, 0x91, 0x3a, 0xe6, 0xe7, 0x64, 0xd6, + 0x09, 0xd8, 0x5d, 0x6a, 0x97, 0xcf, 0x89, 0x96, 0x72, 0x21, 0x97, 0x61, + 0xc5, 0x1b, 0xd8, 0xa1, 0xf0, 0xcd, 0x9d, 0xe4, 0xe9, 0x13, 0xd0, 0x16, + 0x41, 0x20, 0xa4, 0x2c, 0x33, 0xf5, 0x3d, 0xfe, 0x80, 0xe8, 0xb2, 0x52, + 0x0e, 0x18, 0x31, 0x19, 0x50, 0xeb, 0xc6, 0x99, 0x43, 0xab, 0x9a, 0x59, + 0x5d, 0x6c, 0x84, 0x00, 0x88, 0x45, 0x7c, 0x73, 0xdf, 0x56, 0x61, 0x3a, + 0xe1, 0x55, 0xb8, 0x59, 0x13, 0xcc, 0x0e, 0x53, 0xe9, 0xf4, 0x74, 0xa0, + 0xf2, 0x15, 0xd2, 0xa8, 0xf9, 0xd4, 0x0d, 0x3d, 0xe7, 0x3d, 0x7d, 0x5b, + 0x19, 0x89, 0x8b, 0x2c, 0x4d, 0x8a, 0xeb, 0xc3, 0x43, 0x31, 0x9a, 0x45, + 0x72, 0x5b, 0x25, 0xb6, 0xa2, 0xc1, 0x98, 0xe3, 0x8a, 0xd4, 0x90, 0xd0, + 0x3e, 0x13, 0xf0, 0xd7, 0x90, 0x34, 0x94, 0xcc, 0xf1, 0x0a, 0xa9, 0x30, + 0xd1, 0x95, 0x43, 0x07, 0xcd, 0xd2, 0xca, 0xb0, 0xe5, 0xd4, 0xf1, 0xa1, + 0xc5, 0x9b, 0xf4, 0x98, 0x28, 0xba, 0xde, 0x40, 0xd6, 0x98, 0x98, 0x20, + 0x9c, 0x84, 0x9e, 0xc6, 0x57, 0xd8, 0x84, 0xc4, 0xa2, 0x9b, 0x53, 0x50, + 0xa5, 0xa6, 0x0b, 0x47, 0xe8, 0x08, 0x7d, 0xd7, 0x09, 0xa4, 0x0c, 0x2b, + 0x27, 0xde, 0xf9, 0x78, 0xbc, 0xa4, 0xb6, 0xc6, 0x1b, 0xda, 0xce, 0x6a, + 0xf8, 0x1a, 0xf5, 0xfe, 0x7b, 0xab, 0x58, 0x7c, 0xdc, 0x72, 0x02, 0x94, + 0x99, 0xf0, 0x3c, 0x37, 0x87, 0x5b, 0xd2, 0x4b, 0x5a, 0x80, 0x83, 0xd7, + 0xfc, 0x9d, 0xa7, 0x51, 0x81, 0xb8, 0x62, 0xff, 0x4b, 0xb3, 0x9f, 0x07, + 0xc3, 0x54, 0xfb, 0x41, 0x85, 0x42, 0x9d, 0xac, 0x27, 0x81, 0x2e, 0xaf, + 0x98, 0x67, 0x8c, 0x23, 0xad, 0x45, 0xfe, 0x6a, 0x57, 0x9f, 0x18, 0xc5, + 0x71, 0x8c, 0xad, 0x3f, 0x30, 0x3c, 0xaa, 0x47, 0x8d, 0xba, 0xc8, 0x7f, + 0x03, 0x1c, 0x86, 0xee, 0xba, 0x3f, 0x59, 0x45, 0xd4, 0xd0, 0xf5, 0x54, + 0x9e, 0xcb, 0x08, 0xcf, 0xca, 0x40, 0x0a, 0x06, 0xc0, 0x1e, 0x60, 0x1f, + 0x33, 0xbf, 0x2c, 0xa8, 0x5f, 0xce, 0x23, 0xa0, 0xe2, 0x1c, 0x2d, 0x56, + 0x2a, 0x44, 0x61, 0x58, 0xf1, 0x84, 0x63, 0x4f, 0x0d, 0x5e, 0xfb, 0x83, + 0x0f, 0x36, 0x1b, 0xf4, 0x8f, 0x17, 0x82, 0x2e, 0x04, 0x2c, 0x77, 0x9d, + 0x32, 0x58, 0xb8, 0xb0, 0xf9, 0x44, 0xd2, 0xf6, 0x84, 0xa4, 0x8b, 0x28, + 0x53, 0xd6, 0x99, 0x81, 0x84, 0x43, 0xf0, 0xc1, 0x15, 0xc6, 0x74, 0x4f, + 0xab, 0x05, 0xcc, 0x80, 0xdf, 0xef, 0xcf, 0xaf, 0x14, 0x82, 0xdf, 0x51, + 0x7c, 0x28, 0x5e, 0x5b, 0x27, 0x5e, 0x91, 0x8b, 0x54, 0x3d, 0x54, 0x26, + 0xb0, 0x3f, 0xd7, 0xc5, 0xce, 0xf3, 0x6d, 0x2c, 0x12, 0xc6, 0xb4, 0x48, + 0x60, 0x11, 0x9c, 0xef, 0x29, 0x98, 0x9c, 0x76, 0x4e, 0x73, 0x2b, 0xd2, + 0x23, 0x53, 0x7d, 0x03, 0xc2, 0x2f, 0x8a, 0xa1, 0xe2, 0x84, 0x54, 0x2d, + 0xd8, 0xc6, 0x55, 0x77, 0x9d, 0x07, 0x67, 0x1f, 0x1a, 0xd3, 0x57, 0x4c, + 0x25, 0x79, 0x8f, 0xd8, 0x82, 0xc2, 0x4d, 0x87, 0x84, 0x33, 0xdc, 0x47, + 0xed, 0x9e, 0xfb, 0xd2, 0x62, 0xc8, 0x50, 0x76, 0xda, 0x3c, 0x3c, 0x05, + 0x0e, 0x2d, 0x30, 0x56, 0xca, 0x4d, 0x6a, 0xe2, 0x17, 0x24, 0x26, 0x9c, + 0xff, 0x09, 0xec, 0xb3, 0x94, 0xec, 0xab, 0x69, 0xb2, 0xf0, 0xa5, 0x66, + 0x18, 0x92, 0x49, 0x6b, 0x90, 0xf5, 0x77, 0x5a, 0x18, 0xe5, 0x51, 0x36, + 0x4a, 0x35, 0x54, 0x98, 0x48, 0x04, 0xa9, 0x0f, 0xcb, 0x55, 0xf1, 0x71, + 0xad, 0x1a, 0x4a, 0x2c, 0x0e, 0x5d, 0x5e, 0x77, 0x47, 0xf5, 0x46, 0x17, + 0x6b, 0x94, 0x2a, 0xbc, 0x40, 0xe5, 0xa7, 0xa6, 0x88, 0x41, 0x76, 0x22, + 0x47, 0xd1, 0xe8, 0x2b, 0x18, 0x48, 0x21, 0xc0, 0xe8, 0x4f, 0xe2, 0xb2, + 0x7e, 0x03, 0xbb, 0x25, 0x9c, 0xc8, 0x68, 0x66, 0x48, 0x25, 0x6a, 0xf2, + 0x64, 0x29, 0xec, 0x79, 0xba, 0xdb, 0x34, 0xe1, 0xd4, 0xf9, 0x52, 0x0e, + 0xfd, 0x8d, 0x86, 0x94, 0x71, 0xd8, 0xe0, 0x86, 0x02, 0x9b, 0xd4, 0x65, + 0x69, 0x5e, 0x01, 0x32, 0x87, 0x59, 0xd8, 0x6c, 0xbc, 0x8a, 0x9f, 0x58, + 0x28, 0x8c, 0x97, 0xef, 0x33, 0xb2, 0xda, 0x45, 0xa0, 0xec, 0xe5, 0x5b, + 0xac, 0xc6, 0x65, 0xc1, 0xb6, 0xcb, 0xf7, 0x85, 0x0e, 0xfa, 0x78, 0x36, + 0x30, 0x84, 0x90, 0xa8, 0xf8, 0x42, 0x25, 0xa5, 0xdd, 0xdc, 0xdc, 0x89, + 0xd3, 0xf0, 0x73, 0x9a, 0xd8, 0x95, 0x8f, 0x04, 0xbf, 0xc1, 0xfd, 0x94, + 0xff, 0xe6, 0xf8, 0x4e, 0xc6, 0x43, 0xc9, 0x60, 0x30, 0xe9, 0x68, 0xa8, + 0x76, 0xfb, 0xfa, 0xdf, 0xc0, 0x9b, 0xbc, 0xbc, 0x34, 0xe4, 0x38, 0xfd, + 0x93, 0xb0, 0x47, 0xb2, 0x3e, 0x83, 0x6c, 0xef, 0xe1, 0xaf, 0x35, 0xb4, + 0x90, 0x2a, 0x32, 0xaf, 0x25, 0x3f, 0x3e, 0x72, 0x61, 0xc0, 0x0f, 0x29, + 0xbb, 0x46, 0x6e, 0x2e, 0x94, 0x7d, 0xdd, 0xb7, 0x67, 0x1f, 0x7b, 0x64, + 0xcb, 0xa5, 0x9a, 0x58, 0x63, 0x20, 0xa7, 0xc0, 0x94, 0xa9, 0xad, 0x90, + 0x7d, 0xf3, 0x2b, 0x61, 0x2b, 0x64, 0x3d, 0x8a, 0xc3, 0xd1, 0xcb, 0xad, + 0x36, 0x44, 0xe6, 0x29, 0x8b, 0x3d, 0x95, 0x7c, 0xa7, 0xa2, 0xfa, 0x1b, + 0x16, 0x8d, 0x9e, 0xc4, 0xf8, 0x4c, 0x76, 0x20, 0x00, 0x68, 0x07, 0x99, + 0x9c, 0x60, 0xe6, 0x16, 0x6a, 0x6f, 0x8a, 0xbe, 0x71, 0x95, 0xa1, 0xcb, + 0xfe, 0x7c, 0x41, 0x59, 0x61, 0x20, 0xf9, 0x54, 0x3c, 0xb1, 0x19, 0x5c, + 0x42, 0x67, 0x3f, 0xff, 0xf3, 0x32, 0x21, 0x9c, 0x9e, 0x88, 0xf9, 0x97, + 0x00, 0x43, 0x73, 0x4a, 0xfc, 0x54, 0xeb, 0x27, 0x79, 0x14, 0x85, 0xd3, + 0xdc, 0x47, 0xb3, 0x6d, 0x24, 0xd3, 0xf7, 0x7a, 0xfb, 0x90, 0x7c, 0x6e, + 0xcd, 0x4e, 0xbf, 0x26, 0x76, 0xd2, 0xe8, 0xcc, 0x67, 0xd1, 0x23, 0x3c, + 0x94, 0x16, 0x1e, 0x07, 0x36, 0x7c, 0x96, 0xf6, 0xe8, 0x50, 0x72, 0x26, + 0x56, 0x67, 0x89, 0xa9, 0x11, 0xfb, 0x1d, 0xb8, 0xb9, 0x2a, 0x55, 0xb7, + 0x85, 0xf7, 0x40, 0xa2, 0xfc, 0x9f, 0x30, 0xec, 0x8f, 0x9a, 0x1c, 0xc8, + 0xe4, 0xc5, 0x1f, 0xcb, 0x0a, 0x60, 0x80, 0x41, 0xec, 0x88, 0x8a, 0xda, + 0x7c, 0x7a, 0xa1, 0x96, 0x51, 0x62, 0x16, 0x63, 0x75, 0x36, 0x28, 0x7c, + 0xc9, 0xd0, 0x27, 0x0c, 0x9e, 0x18, 0x4a, 0x82, 0xf7, 0x02, 0xb9, 0x40, + 0x8f, 0xd5, 0x97, 0x7a, 0x35, 0xa9, 0x3a, 0xb3, 0x8b, 0x6b, 0xf1, 0x9a, + 0xd1, 0xe7, 0x14, 0x38, 0x5e, 0xba, 0x8c, 0xbf, 0x32, 0xaa, 0x34, 0x30, + 0x7c, 0x1e, 0x11, 0xcd, 0x1f, 0x9f, 0xcf, 0x4d, 0x14, 0xce, 0x67, 0xf9, + 0x9c, 0x89, 0x07, 0x92, 0x44, 0x6e, 0x9a, 0x16, 0xe4, 0xfb, 0x67, 0x01, + 0x3f, 0x4c, 0x14, 0x89, 0x33, 0x87, 0x46, 0xc6, 0xe4, 0x66, 0x94, 0xd4, + 0x87, 0x4f, 0x2c, 0x92, 0x1b, 0xae, 0x82, 0xe7, 0x99, 0xaa, 0xb4, 0x99, + 0x81, 0x26, 0xa6, 0x6f, 0x1d, 0xc1, 0x95, 0x80, 0xe9, 0xea, 0xe3, 0x44, + 0x6a, 0x2b, 0xd2, 0xe0, 0x0d, 0x69, 0x42, 0xf7, 0x27, 0x6b, 0x4f, 0x02, + 0x7a, 0x33, 0x7b, 0x43, 0x3d, 0xef, 0x10, 0xaa, 0xab, 0xc5, 0xa2, 0xf0, + 0xbb, 0x07, 0x4b, 0x26, 0x0c, 0x58, 0xcd, 0x3b, 0xd2, 0x6d, 0xa5, 0x32, + 0x37, 0x88, 0x4e, 0x8b, 0xe3, 0x75, 0xb0, 0xbb, 0x87, 0xea, 0xa4, 0x53, + 0xf3, 0xff, 0x39, 0x92, 0x44, 0xab, 0x7b, 0x71, 0x62, 0x31, 0x6b, 0x31, + 0xca, 0x97, 0xba, 0xd7, 0x41, 0xe0, 0x47, 0x47, 0x4f, 0x77, 0xa2, 0x35, + 0x62, 0x7a, 0xc1, 0xb6, 0x69, 0x10, 0x09, 0xce, 0xfc, 0x92, 0xcc, 0xc5, + 0x7a, 0x11, 0xf1, 0xc1, 0xa0, 0x80, 0xe5, 0x42, 0x17, 0xb6, 0x3f, 0xab, + 0xc1, 0xa2, 0x41, 0xfb, 0xe3, 0x98, 0x2d, 0x7a, 0xe4, 0x1b, 0x1f, 0x7e, + 0x71, 0x3c, 0x3e, 0x90, 0x8c, 0x60, 0x30, 0xb7, 0x73, 0x06, 0x1f, 0x8a, + 0xce, 0x50, 0x20, 0x7c, 0xfa, 0x8c, 0xf2, 0x14, 0xd9, 0x00, 0xa2, 0x21, + 0xea, 0x10, 0x36, 0x21, 0x6f, 0x7f, 0x13, 0xe3, 0x6c, 0xb2, 0xd6, 0xa5, + 0xa6, 0x6e, 0xa9, 0xe7, 0x1d, 0xdf, 0xc9, 0x97, 0x60, 0x75, 0xa3, 0x55, + 0xa1, 0x2c, 0x94, 0xd7, 0x85, 0x4b, 0x44, 0xc6, 0x9c, 0x17, 0xc2, 0xad, + 0xe6, 0x56, 0x72, 0x1d, 0xb9, 0x13, 0x54, 0xfe, 0x8c, 0xec, 0xf4, 0xa3, + 0x54, 0x6b, 0x31, 0xbc, 0x55, 0x9e, 0x01, 0xd4, 0x9b, 0x24, 0x9e, 0x51, + 0xaf, 0x67, 0x76, 0x02, 0xf7, 0x34, 0x6a, 0xaa, 0xb0, 0x3c, 0x70, 0x2e, + 0xc8, 0x86, 0xfa, 0x40, 0x89, 0x12, 0xb7, 0x49, 0x38, 0x0b, 0xf7, 0x66, + 0xd2, 0x2e, 0x58, 0xf1, 0x22, 0x3b, 0xb3, 0x40, 0x6b, 0x7a, 0x68, 0x4d, + 0x42, 0xfd, 0xbf, 0xa0, 0xf7, 0x2f, 0x63, 0x4a, 0x87, 0xe7, 0x99, 0x52, + 0x6e, 0xe7, 0xdd, 0xca, 0x19, 0x71, 0xee, 0x92, 0xe2, 0x68, 0x0e, 0xe1, + 0xb7, 0x90, 0x1f, 0xc4, 0xef, 0xf8, 0xf6, 0x85, 0x53, 0x18, 0x33, 0x86, + 0x15, 0xc8, 0x29, 0x58, 0x6f, 0xf0, 0x1c, 0x14, 0x73, 0xa9, 0x8e, 0x88, + 0x74, 0xd4, 0x21, 0xf5, 0xc6, 0x7c, 0xd8, 0x96, 0x0f, 0xb0, 0xa6, 0x7b, + 0xf7, 0x72, 0x15, 0xd7, 0x30, 0x6b, 0x15, 0x1d, 0x3f, 0xb7, 0x4e, 0xaa, + 0xc0, 0x52, 0x1d, 0x84, 0xbf, 0x98, 0xbd, 0x33, 0x02, 0xab, 0x8b, 0xd0, + 0x9c, 0x85, 0x2f, 0xa3, 0xfb, 0x46, 0x8d, 0x4d, 0x97, 0x1a, 0x8a, 0x3c, + 0x73, 0x5b, 0x3b, 0x58, 0x26, 0xba, 0x6b, 0x45, 0x2e, 0x24, 0x66, 0x79, + 0x7d, 0xc4, 0xf8, 0x8c, 0x05, 0x7d, 0x5c, 0x23, 0xb9, 0xe8, 0x5d, 0xfe, + 0xc9, 0x84, 0xe5, 0x58, 0x40, 0xa4, 0xb7, 0x55, 0x74, 0x69, 0x92, 0x9c, + 0x3e, 0x19, 0xb1, 0xb6, 0x51, 0xe9, 0x71, 0xcc, 0x96, 0x2b, 0x01, 0x71, + 0xf5, 0xb9, 0xde, 0x77, 0xfe, 0x2e, 0x74, 0x9c, 0x6a, 0x52, 0x17, 0x1e, + 0xea, 0xd9, 0xc8, 0x14, 0xbe, 0x61, 0xdf, 0xe9, 0x96, 0x24, 0x5a, 0x9a, + 0xd8, 0xd7, 0xad, 0x71, 0xe0, 0xf4, 0xbb, 0x9e, 0xae, 0x95, 0xcd, 0x58, + 0x94, 0x81, 0xee, 0x46, 0x84, 0x65, 0x39, 0xb1, 0x1b, 0x1e, 0xf5, 0x50, + 0xad, 0x56, 0x58, 0xb7, 0x53, 0x9b, 0x2a, 0x2f, 0x09, 0x61, 0x57, 0xda, + 0xf5, 0xdc, 0x9f, 0x3c, 0x6c, 0x69, 0x0d, 0x61, 0x49, 0xb2, 0xe0, 0xb2, + 0xe5, 0xef, 0x19, 0xbe, 0x04, 0xf6, 0x6b, 0xad, 0x41, 0x4c, 0x5a, 0x50, + 0xf6, 0xac, 0x1b, 0x25, 0x8a, 0xdd, 0xe3, 0x57, 0xab, 0x7c, 0x92, 0xe4 + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_pub_key[] = { + 0xef, 0x49, 0x79, 0x47, 0x15, 0xc4, 0x8a, 0xa9, 0x74, 0x2a, + 0xf0, 0x36, 0x94, 0x5c, 0x91, 0x1c, 0x5d, 0xff, 0x2c, 0x83, + 0xf2, 0x8b, 0x04, 0xfc, 0x5d, 0x64, 0xbd, 0x49, 0x73, 0xcd, + 0xcc, 0x99, 0x50, 0x5f, 0x2b, 0x16, 0x3a, 0xbb, 0x98, 0xc0, + 0xa7, 0x69, 0x0e, 0x95, 0x99, 0x0b, 0xa2, 0x6c, 0xfe, 0x6c, + 0xdb, 0xc8, 0xa7, 0x09, 0x46, 0x6c, 0x90, 0x50, 0xa4, 0x75, + 0x30, 0xf7, 0x90, 0xac, 0x31, 0xb6, 0xdd, 0x21, 0xaf, 0xc6, + 0xf9, 0xfe, 0xee, 0xc6, 0x5b, 0xa8, 0x8f, 0x0a, 0x2e, 0xd0, + 0x42, 0xab, 0xa8, 0x3c, 0x8d, 0xbf, 0xf7, 0x44, 0xbd, 0x0d, + 0xcf, 0xf4, 0x68, 0xfc, 0x16, 0x67, 0xf7, 0x39, 0x48, 0x5f, + 0x56, 0xd1, 0xe7, 0x1f, 0x49, 0x80, 0x50, 0xbe, 0x54, 0xd1, + 0xb7, 0xc9, 0xd2, 0x32, 0xc7, 0x08, 0x8c, 0xde, 0x2c, 0x31, + 0xf6, 0x1d, 0xc7, 0xac, 0xb3, 0x79, 0xd7, 0x4b, 0x1b, 0x23, + 0x89, 0x0a, 0xdc, 0x8e, 0x44, 0x41, 0x14, 0x28, 0x99, 0x13, + 0xb3, 0x26, 0xa6, 0x0e, 0x83, 0x60, 0xaa, 0x8d, 0x7c, 0x23, + 0x13, 0xba, 0x6c, 0x28, 0x90, 0x56, 0x84, 0xa1, 0x23, 0x8b, + 0x81, 0x20, 0x97, 0x7c, 0x66, 0x3f, 0xed, 0x5d, 0xd0, 0xe4, + 0x5d, 0xee, 0x46, 0xbc, 0x4b, 0x3c, 0x03, 0xb5, 0xbc, 0x4d, + 0x8d, 0x37, 0xa3, 0x56, 0x4b, 0x33, 0xad, 0xef, 0xd4, 0xb6, + 0xec, 0xdb, 0x04, 0x9a, 0x19, 0x58, 0x57, 0xd8, 0x00, 0x3a, + 0x92, 0x61, 0x0c, 0x0b, 0xc8, 0x52, 0xe5, 0x04, 0x02, 0x9a, + 0x00, 0x7e, 0xec, 0x7e, 0x94, 0xaa, 0xef, 0x2d, 0x7f, 0xb6, + 0x2e, 0x7c, 0xb0, 0x73, 0xa2, 0x20, 0xc0, 0x07, 0x30, 0x41, + 0x50, 0x20, 0x14, 0x18, 0x21, 0x5e, 0x2a, 0x6f, 0x70, 0x21, + 0xd6, 0x97, 0x13, 0xb9, 0xc1, 0x9e, 0x90, 0x67, 0xcc, 0x55, + 0x8a, 0xec, 0xec, 0x0a, 0x1e, 0x90, 0xdc, 0x3f, 0xb0, 0x4d, + 0xd1, 0x18, 0xea, 0x4f, 0xcb, 0x5d, 0x15, 0x4c, 0xb8, 0x35, + 0x9b, 0x34, 0x24, 0x30, 0x06, 0x53, 0x17, 0xf0, 0xbe, 0x27, + 0x36, 0xb3, 0x04, 0x6a, 0xbd, 0xbf, 0xa7, 0x39, 0xee, 0xa9, + 0x8f, 0x0e, 0x98, 0xc5, 0xf5, 0x9f, 0x46, 0x25, 0x93, 0xc9, + 0xf2, 0xf6, 0x2b, 0x8e, 0x92, 0x06, 0x01, 0x3d, 0x81, 0x18, + 0xf2, 0xec, 0xf1, 0x05, 0x4c, 0xad, 0x4b, 0xcb, 0x98, 0xa4, + 0xb5, 0x61, 0x20, 0xda, 0x81, 0xa1, 0xfb, 0x92, 0x4c, 0xaf, + 0x87, 0x6f, 0x6e, 0xd2, 0x57, 0xec, 0xcd, 0x94, 0xb3, 0x79, + 0xbf, 0x59, 0x88, 0x17, 0x81, 0xce, 0x8a, 0x57, 0xce, 0x57, + 0xae, 0x3e, 0x82, 0x81, 0x2f, 0x83, 0x61, 0xd8, 0xf9, 0x68, + 0x21, 0xe7, 0x72, 0x5b, 0xd6, 0x80, 0x55, 0x68, 0x5d, 0x67, + 0x15, 0x0c, 0x8b, 0xdc, 0x4f, 0xc3, 0x89, 0x36, 0x3c, 0xac, + 0xaf, 0x16, 0x5e, 0x1c, 0xfa, 0x68, 0x74, 0x6a, 0xab, 0x68, + 0xd8, 0x59, 0x96, 0x2d, 0x33, 0x62, 0xe4, 0xbd, 0xb3, 0xb7, + 0x4d, 0x88, 0x35, 0xb8, 0xed, 0xb2, 0x16, 0x85, 0x97, 0x08, + 0x71, 0x71, 0x39, 0x7e, 0x0c, 0x53, 0x16, 0xda, 0x38, 0xe5, + 0x28, 0x09, 0x9c, 0xd9, 0x46, 0xec, 0x68, 0xda, 0x8d, 0xd0, + 0xad, 0xb2, 0x79, 0x28, 0x3b, 0x1e, 0x12, 0xc9, 0xdf, 0xa9, + 0x6d, 0x3d, 0x29, 0x99, 0x2f, 0x53, 0xc2, 0xd0, 0xf9, 0x88, + 0x26, 0x94, 0x47, 0xaf, 0xf6, 0x96, 0xf3, 0xe1, 0x11, 0xa6, + 0x82, 0x3d, 0x43, 0x3f, 0x1f, 0xbc, 0xf6, 0x98, 0xbe, 0xff, + 0x06, 0x86, 0x61, 0x27, 0xdc, 0x91, 0x54, 0xd4, 0xfc, 0x68, + 0x83, 0xe8, 0x35, 0x3e, 0xee, 0x94, 0x59, 0x28, 0x2f, 0xde, + 0xdd, 0x03, 0x60, 0x66, 0xc1, 0x49, 0x57, 0xdd, 0xbc, 0xd5, + 0x0a, 0x67, 0x34, 0xf1, 0xa6, 0x0a, 0x57, 0x94, 0x65, 0x02, + 0x2c, 0x52, 0x43, 0x70, 0x3b, 0xc1, 0x9a, 0xff, 0xda, 0x6f, + 0xb9, 0x54, 0x47, 0x01, 0xda, 0x27, 0xe4, 0x48, 0x4a, 0x90, + 0x9f, 0xb5, 0xc3, 0xee, 0x0e, 0x09, 0x57, 0xfe, 0x48, 0x51, + 0x08, 0x34, 0x5e, 0x8f, 0x16, 0xc9, 0x0b, 0x74, 0xd9, 0x7d, + 0x22, 0x3f, 0xd6, 0xb7, 0x5d, 0xd6, 0x76, 0x00, 0x8d, 0x4e, + 0x78, 0x73, 0x86, 0xd6, 0xdb, 0x2a, 0x65, 0xab, 0xdf, 0xb0, + 0xea, 0x11, 0xad, 0xdf, 0xba, 0x43, 0xdb, 0xa8, 0x0a, 0xfb, + 0x04, 0x38, 0x81, 0x2b, 0xa3, 0x29, 0xfc, 0x95, 0x73, 0x9a, + 0x0c, 0x6c, 0x9e, 0xcd, 0xdc, 0xcf, 0x0a, 0x0c, 0x18, 0x41, + 0x6f, 0x1d, 0xa3, 0xf6, 0x12, 0x4c, 0x13, 0xf2, 0x02, 0xc6, + 0x50, 0x99, 0x86, 0x73, 0xa7, 0xf9, 0x7e, 0x84, 0x7f, 0x4c, + 0x00, 0xce, 0x2e, 0x21, 0x76, 0x8e, 0x17, 0x7a, 0x87, 0x6f, + 0x81, 0xe6, 0xc0, 0x52, 0xa5, 0xa0, 0x3c, 0x54, 0x3c, 0xec, + 0xb0, 0x9d, 0x1c, 0x3b, 0xec, 0xe5, 0x4e, 0x4a, 0x37, 0xe7, + 0xd5, 0xa9, 0x07, 0x87, 0x23, 0x28, 0x5d, 0x3d, 0x22, 0x02, + 0x79, 0x40, 0x3f, 0x2d, 0x40, 0xc9, 0xe5, 0xa6, 0x9b, 0xa8, + 0xb8, 0x76, 0xf6, 0x77, 0x5b, 0x8d, 0x72, 0x96, 0x3e, 0x13, + 0xbf, 0x76, 0xfa, 0x7b, 0xb7, 0x82, 0x5f, 0xe7, 0x9d, 0x54, + 0x0e, 0x05, 0x1a, 0x9f, 0xa4, 0x42, 0xa5, 0xb4, 0x93, 0x23, + 0x06, 0x59, 0x43, 0xa8, 0xe8, 0x5c, 0xfc, 0x18, 0x97, 0xdb, + 0xad, 0x9a, 0x80, 0x0a, 0xf2, 0x20, 0x50, 0xac, 0xc1, 0x13, + 0x3e, 0x98, 0x09, 0xde, 0xf2, 0x70, 0x9e, 0x14, 0xc2, 0x5c, + 0xec, 0x65, 0x07, 0x0b, 0xfa, 0x02, 0x5c, 0xf8, 0x71, 0xaa, + 0x9b, 0x45, 0x62, 0xe2, 0x27, 0xaf, 0x77, 0xf8, 0xe3, 0xeb, + 0x7b, 0x24, 0x7b, 0x3c, 0x67, 0xc2, 0x6d, 0x6e, 0x17, 0xae, + 0x6e, 0x86, 0x6f, 0x98, 0xc9, 0xac, 0x13, 0x9f, 0x87, 0x64, + 0x3d, 0x4d, 0x6f, 0xa0, 0xb3, 0x39, 0xc6, 0x68, 0x1b, 0xa7, + 0xeb, 0x3e, 0x0f, 0x6b, 0xc7, 0xa4, 0xe2, 0x20, 0x27, 0x75, + 0x3f, 0x09, 0x16, 0xff, 0x1a, 0xcc, 0xa7, 0xc4, 0x6d, 0xc2, + 0xfc, 0xc3, 0x0b, 0x37, 0x63, 0xff, 0x9b, 0x10, 0xe6, 0x00, + 0xf7, 0x18, 0x43, 0x9f, 0x07, 0x50, 0x31, 0x51, 0xd4, 0xfd, + 0xad, 0xa2, 0x0f, 0x77, 0xda, 0x41, 0xc1, 0x0a, 0x6f, 0x86, + 0xd7, 0xdc, 0x8a, 0x52, 0xd6, 0xa1, 0x27, 0xdb, 0x14, 0x67, + 0x26, 0x91, 0xb3, 0xcd, 0x01, 0x5f, 0x60, 0xa1, 0x7f, 0x43, + 0x15, 0x1a, 0x82, 0x0f, 0xd3, 0x66, 0x5f, 0x60, 0x57, 0x2f, + 0xb2, 0x8c, 0x27, 0x2a, 0x9d, 0x1b, 0xf9, 0xf2, 0x59, 0x20, + 0x39, 0xd9, 0xc5, 0xaf, 0xf2, 0x36, 0x8c, 0x58, 0x00, 0x1b, + 0xd0, 0xc5, 0x8e, 0x1a, 0x49, 0xa8, 0x60, 0xbe, 0xd1, 0xd7, + 0x2a, 0xb0, 0xc2, 0xab, 0x58, 0x8a, 0x7a, 0xa9, 0x41, 0x68, + 0x70, 0xbd, 0xea, 0x73, 0xa5, 0x03, 0x11, 0xb2, 0x27, 0xd9, + 0xcd, 0xf5, 0x09, 0xe8, 0x1c, 0xe2, 0x4f, 0x50, 0x6a, 0x84, + 0x34, 0x62, 0x2e, 0x36, 0xaa, 0x4c, 0xc1, 0x83, 0x78, 0x98, + 0x35, 0x7a, 0x27, 0x7e, 0xfe, 0xf1, 0x6f, 0x59, 0x27, 0x35, + 0x73, 0xce, 0x74, 0xaa, 0xb4, 0x72, 0x82, 0xa8, 0xe2, 0x81, + 0x7a, 0x6b, 0xca, 0x33, 0xa5, 0xda, 0xa2, 0x63, 0xca, 0x2e, + 0x90, 0x03, 0x32, 0xec, 0x63, 0xdb, 0x52, 0x7b, 0x16, 0xfc, + 0x01, 0x2d, 0x30, 0x12, 0x1e, 0xf9, 0xa3, 0x72, 0x21, 0x3c, + 0x75, 0x0c, 0x61, 0x9c, 0x7e, 0x73, 0x04, 0x71, 0x41, 0x45, + 0x5d, 0x7f, 0x49, 0x1c, 0x09, 0x08, 0xa4, 0xec, 0x2f, 0xfd, + 0xc4, 0xfb, 0x59, 0x6a, 0x27, 0x7a, 0xd4, 0xfc, 0x5f, 0x20, + 0x04, 0x34, 0x7d, 0x08, 0xed, 0x82, 0x5a, 0x90, 0xe1, 0xab, + 0xfd, 0x35, 0x3a, 0x8d, 0xbb, 0x0a, 0x9d, 0x73, 0xff, 0x69, + 0xe5, 0xe9, 0x09, 0x55, 0x14, 0xd9, 0x7b, 0x6f, 0x0d, 0x99, + 0xd2, 0x7e, 0x71, 0xf8, 0x4f, 0x72, 0x2f, 0xbb, 0xc6, 0xc4, + 0x36, 0xc9, 0x01, 0xd3, 0x9b, 0x94, 0xab, 0x41, 0x0f, 0x4a, + 0x61, 0x5c, 0x68, 0xe5, 0xd7, 0x0d, 0x94, 0xaa, 0xee, 0xba, + 0x95, 0xcb, 0x8c, 0x0e, 0x85, 0x3a, 0x02, 0x6b, 0x95, 0x50, + 0xfd, 0x02, 0xfd, 0xa4, 0x58, 0x29, 0x78, 0x4f, 0xd0, 0xae, + 0x66, 0xd6, 0x5c, 0xe7, 0x45, 0xfe, 0x98, 0xb0, 0xa3, 0xe2, + 0x87, 0xc0, 0xd2, 0x81, 0x08, 0xf1, 0xf1, 0xe7, 0xda, 0x62, + 0x9e, 0xa0, 0x34, 0x86, 0xeb, 0xa1, 0x6e, 0x4a, 0x26, 0x8e, + 0x39, 0x0c, 0x51, 0x10, 0x33, 0x11, 0x87, 0xf8, 0x79, 0x3c, + 0x49, 0x7a, 0x8b, 0xce, 0xc1, 0x0a, 0x0e, 0xe1, 0xd5, 0x2a, + 0xac, 0xf0, 0x3a, 0x1d, 0x6a, 0x6a, 0xe5, 0xe1, 0x81, 0x70, + 0xad, 0xaf, 0x15, 0x4c, 0x2a, 0x70, 0x2a, 0x6b, 0x22, 0x0d, + 0x30, 0xe7, 0x56, 0xed, 0x2d, 0x4b, 0x85, 0x17, 0x49, 0x72, + 0x3a, 0x1b, 0x6f, 0x57, 0x1c, 0xf7, 0x72, 0x9e, 0x20, 0xdb, + 0x57, 0x1c, 0xfb, 0x36, 0x50, 0x52, 0xec, 0x5b, 0xd6, 0x6a, + 0x1b, 0xf8, 0x74, 0xad, 0xe6, 0x00, 0x74, 0x04, 0xc5, 0x99, + 0x83, 0xe4, 0x5a, 0x0c, 0xc3, 0xe8, 0x6d, 0x3a, 0xd7, 0x3c, + 0x3c, 0xc0, 0x1a, 0x28, 0xb3, 0x29, 0x7a, 0x10, 0x9e, 0x39, + 0x66, 0x5b, 0xc1, 0x38, 0xac, 0x21, 0x4e, 0xcd, 0x01, 0xf2, + 0xf6, 0x30, 0x2c, 0x2b, 0xb6, 0xbf, 0xf5, 0xea, 0x61, 0xaf, + 0x0c, 0xa6, 0x01, 0x11, 0x15, 0x19, 0x09, 0x8c, 0x7e, 0x69, + 0xdf, 0x3b, 0xea, 0xd3, 0x0a, 0x3a, 0xd7, 0xbd, 0xe1, 0x17, + 0xaf, 0x92, 0x3c, 0xf5, 0xfe, 0x35, 0xd6, 0xcf, 0x07, 0xa6, + 0xf7, 0xe9, 0xc1, 0x99, 0xed, 0x80, 0xe3, 0x12, 0xd5, 0x4b, + 0xb9, 0xdf, 0xaf, 0x4e, 0x52, 0xad, 0x8e, 0x66, 0x87, 0xe5, + 0x2c, 0xd0, 0x45, 0x70, 0xd9, 0x78, 0x8f, 0x4b, 0xf4, 0xe1, + 0xf1, 0x22, 0xf2, 0xe3, 0xed, 0x1f, 0xeb, 0xe9, 0x70, 0x31, + 0x4c, 0x65, 0x5f, 0x55, 0xee, 0x5d, 0xaa, 0x83, 0x87, 0x76, + 0xbe, 0x11, 0xae, 0xd7, 0xf2, 0xfb, 0x43, 0xe7, 0x17, 0x81, + 0x33, 0x15, 0x47, 0xa0, 0xf3, 0x8e, 0x84, 0x57, 0xff, 0x35, + 0x9e, 0x4a, 0x8a, 0xab, 0x50, 0x3a, 0x45, 0xe0, 0xc3, 0x73, + 0xca, 0x77, 0x61, 0x68, 0x38, 0xd0, 0xa3, 0x5f, 0x03, 0x8d, + 0x41, 0xc2, 0xd3, 0x4a, 0x17, 0xe0, 0xa8, 0xaa, 0x00, 0xf3, + 0xf2, 0x5b, 0xa8, 0xe1, 0x06, 0xa6, 0x2b, 0xdb, 0xe1, 0x74, + 0xbd, 0xc4, 0xd2, 0x2b, 0x55, 0x9a, 0xb0, 0xf8, 0x35, 0xd8, + 0x6b, 0xec, 0xdb, 0xc5, 0xf4, 0x6c, 0x40, 0x90, 0x6a, 0x68, + 0xc9, 0xb5, 0xcb, 0xbb, 0xd0, 0xb0, 0xbc, 0x9f, 0xb9, 0xaa, + 0x50, 0x14, 0x93, 0x3b, 0x9f, 0x25, 0xcb, 0x40, 0xb8, 0x08, + 0xcc, 0x13, 0xe5, 0xdc, 0x3f, 0x84, 0x96, 0xe0, 0x73, 0x7b, + 0x7d, 0x9e, 0x41, 0x92, 0x5d, 0xcc, 0xa4, 0xea, 0x4f, 0x93, + 0x0c, 0x40, 0x2e, 0x42, 0x8a, 0xe9, 0xb9, 0x12, 0x74, 0xbb, + 0x79, 0x7c, 0xb0, 0x37, 0x20, 0xb6, 0xaf, 0x43, 0x3a, 0x88, + 0x59, 0x7c, 0x68, 0x28, 0x5f, 0x98, 0xc2, 0xf0, 0x2a, 0xbc, + 0xa1, 0x61, 0x88, 0x1f, 0x43, 0xbc, 0x42, 0x8f, 0x43, 0xf3, + 0x7e, 0x16, 0x96, 0xfa, 0x92, 0x70, 0xaf, 0x3c, 0x9f, 0x4b, + 0xd9, 0x60, 0xe9, 0xf6, 0x2e, 0x84, 0xda, 0x88, 0x31, 0x34, + 0xa6, 0x85, 0x10, 0x05, 0xef, 0x40, 0xa8, 0xa5, 0x4f, 0x92, + 0x59, 0xf7, 0xe0, 0xc4, 0x2b, 0x12, 0x17, 0x71, 0xbe, 0x8c, + 0x4a, 0x02, 0xfe, 0x12, 0xb6, 0x3b, 0x85, 0x75, 0x37, 0xf3, + 0x73, 0x2d, 0x9c, 0x00, 0x5d, 0x80, 0xad, 0x20, 0x2f, 0x5a, + 0x0b, 0x17, 0x7e, 0x67, 0x72, 0x24, 0x5a, 0xb9, 0xf3, 0xb1, + 0x33, 0xa4, 0x57, 0x1d, 0x49, 0x72, 0x2c, 0x7f, 0x47, 0x15, + 0x07, 0xe0, 0x45, 0x14, 0xdd, 0x77, 0x86, 0x6d, 0x03, 0xbe, + 0x57, 0xd0, 0xaa, 0x18, 0xa6, 0xdd, 0x94, 0x18, 0x3f, 0x8a, + 0xf3, 0xb5, 0xd7, 0x5a, 0xec, 0xc8, 0x79, 0x7f, 0x51, 0x61, + 0x3c, 0x9b, 0xb2, 0x9b, 0xf3, 0xb4, 0x35, 0xd1, 0x38, 0xbf, + 0x37, 0xce, 0x54, 0xd1, 0xf8, 0xb6, 0x45, 0xeb, 0x52, 0x0d, + 0x9a, 0x09, 0x58, 0x0d, 0x2c, 0x0b, 0xb1, 0xf2, 0x30, 0x3a, + 0x95, 0xc1, 0x13, 0x91, 0xd2, 0x9f, 0x8d, 0x8d, 0xd0, 0x38, + 0x3e, 0x4c, 0xae, 0x4a, 0x55, 0xa7, 0x42, 0x11, 0x83, 0xc4, + 0x70, 0xf0, 0x2b, 0x68, 0x9e, 0x07, 0xad, 0xb7, 0x83, 0xc6, + 0x53, 0x3c, 0xfb, 0x0a, 0x5d, 0x24, 0xdc, 0xe1, 0x55, 0x72, + 0xcf, 0xce, 0x3e, 0xc8, 0xd0, 0x57, 0x8a, 0x82, 0x5e, 0x78, + 0x2b, 0x80, 0xc5, 0xb9, 0x09, 0x46, 0xf8, 0x90, 0x39, 0x52, + 0xa9, 0xce, 0x3f, 0x3d, 0x41, 0x3b, 0x28, 0x45, 0xa3, 0xb3, + 0x21, 0xc2, 0xcd, 0x14, 0x49, 0x41, 0x6c, 0x38, 0xda, 0x1b, + 0x5f, 0x16, 0x49, 0xf9, 0x65, 0x00, 0x4e, 0xb4, 0x20, 0x55, + 0x70, 0xe8, 0x58, 0x1a, 0x18, 0xbf, 0x41, 0xef, 0x31, 0xb1, + 0xe7, 0x8d, 0x89, 0xc1, 0x48, 0xe8, 0xf5, 0x57, 0x35, 0xfa, + 0xc1, 0x79, 0xee, 0x2c, 0xe8, 0x7d, 0xb6, 0x03, 0xcc, 0x66, + 0x09, 0x6f, 0x52, 0x84, 0x0a, 0x34, 0x18, 0x2c, 0x01, 0x45, + 0x81, 0x00, 0xe5, 0x5e, 0x8d, 0xae, 0x1c, 0x96, 0x8b, 0x45, + 0x73, 0x00, 0x0a, 0xb5, 0xcf, 0x8d, 0x0e, 0x35, 0x5d, 0x1a, + 0x0e, 0xbf, 0x64, 0x9a, 0x52, 0x20, 0x48, 0xc6, 0xb9, 0x40, + 0xd3, 0x2c, 0x52, 0xca, 0x93, 0xcf, 0xbb, 0x94, 0x06, 0xf3, + 0x97, 0xee, 0xcc, 0x5d, 0xa3, 0xea, 0xf8, 0x5a, 0x39, 0x77, + 0x34, 0xd7, 0xf6, 0x4e, 0xbe, 0x8a, 0x07, 0x5f, 0x51, 0x53, + 0xc5, 0x1b, 0x8c, 0x47, 0x8f, 0x34, 0x0e, 0x60, 0x0a, 0x90, + 0xe2, 0xda, 0x7b, 0xef, 0xd6, 0xf5, 0x5d, 0xe5, 0x32, 0x37, + 0x75, 0x99, 0x81, 0x4a, 0x2a, 0x78, 0x71, 0xdc, 0xf4, 0xe5, + 0xca, 0xd8, 0x6b, 0x3b, 0x90, 0x68, 0x2e, 0x93, 0xc5, 0x10, + 0x42, 0x5d, 0x38, 0x90, 0x32, 0x46, 0xea, 0x87, 0xe0, 0xbc, + 0xb8, 0x9a, 0x18, 0x20, 0x68, 0x85, 0x6d, 0x9b, 0xc9, 0x8f, + 0x9b, 0xd2, 0xbe, 0x15, 0x12, 0x68, 0xd0, 0xb0, 0x16, 0x5f, + 0xe2, 0x69, 0x1d, 0x04, 0x00, 0xfc, 0x63, 0x33, 0xcd, 0x1f, + 0x89, 0xcd, 0x52, 0xff, 0xec, 0x19, 0x69, 0x74, 0xa3, 0xce, + 0x4d, 0xab, 0x93, 0xe4, 0xc6, 0x13, 0x56, 0x27, 0xc9, 0x25, + 0x5a, 0x01, 0xb2, 0x36, 0x8b, 0x61, 0xe5, 0x8b, 0x98, 0xac, + 0xe4, 0x2a, 0xb6, 0x40, 0x9f, 0x42, 0xe4, 0x1b, 0x52, 0xf7, + 0xfd, 0xd8, 0x30, 0x07, 0x33, 0xf9, 0x47, 0xcb, 0x3c, 0xad, + 0x12, 0xc1, 0xcc, 0x29, 0x62, 0x49, 0x04, 0x0c, 0x23, 0x97, + 0x5a, 0xa4, 0x84, 0x67, 0xde, 0x5a, 0xe5, 0x36, 0xd2, 0x88, + 0xf1, 0xd4, 0xeb, 0x13, 0x81, 0x54, 0x51, 0x11, 0xe3, 0xba, + 0xbc, 0xee, 0xdd, 0x6c, 0xcd, 0xe6, 0xb4, 0xa1, 0x8b, 0x0b, + 0x66, 0xfb, 0x8e, 0x50, 0xa0, 0xda, 0x69, 0x8d, 0xcc, 0x2d, + 0xe4, 0x2c, 0xc4, 0x37, 0xdf, 0x61, 0xc0, 0x03, 0xbd, 0x8b, + 0x28, 0xca, 0xd2, 0x8c, 0x1c, 0xf1, 0xa4, 0x26, 0x69, 0xe5, + 0xcf, 0x45, 0xdb, 0x5a, 0x47, 0x79, 0xed, 0x9f, 0xf7, 0xd2, + 0xdb, 0xba, 0x46, 0x53, 0x4f, 0xce, 0xa8, 0xbe, 0x8f, 0x4a, + 0xd6, 0xdf, 0x2e, 0x06, 0xe6, 0x4c, 0x9a, 0xc1, 0xb6, 0x49, + 0xed, 0xc4, 0xeb, 0xaa, 0xa4, 0x29, 0x6d, 0xd4, 0xcc, 0x8c, + 0xb6, 0x40, 0x11, 0x39, 0x69, 0xf7, 0x75, 0xcd, 0xb1, 0x99, + 0x46, 0x4e, 0xde, 0xcb, 0xf6, 0x9d, 0x32, 0xf3, 0xc9, 0x47, + 0x47, 0x7a, 0xcb, 0xfb, 0xa3, 0x0c, 0x3b, 0xdf, 0xb7, 0xde, + 0xec, 0x99, 0xde, 0xb0, 0x26, 0x04, 0x34, 0xae, 0x6b, 0xfc, + 0x99, 0xbc, 0xde, 0xd5, 0xbe, 0xe7, 0xeb, 0xf9, 0xe7, 0xa6, + 0x01, 0x9a, 0x0c, 0x5e, 0x66, 0xe6, 0x53, 0xe4, 0xd1, 0x58, + 0xac, 0xda, 0x69, 0x77, 0x7b, 0x68, 0xd6, 0x30, 0x2a, 0x9c, + 0x6b, 0xbe, 0x9f, 0x3d, 0x71, 0xd6, 0x54, 0xcd, 0x59, 0x4e, + 0x1f, 0xe3, 0x83, 0x4e, 0xd1, 0x8e, 0xaf, 0x97, 0xa8, 0xe5, + 0xb6, 0x59, 0x77, 0xa8, 0x02, 0x20, 0xe4, 0xeb, 0x44, 0x71, + 0xbc, 0x07, 0x14, 0x79, 0x4f, 0x0c, 0x27, 0x06, 0x39, 0xcf, + 0x7c, 0xef, 0x2b, 0x9b, 0x5e, 0xc4, 0x6d, 0x79, 0x13, 0x00, + 0x43, 0x6f, 0x51, 0x77, 0xb5, 0xc3, 0x72, 0xad, 0x13, 0xa9, + 0xe5, 0x9a, 0x5b, 0x1a, 0x99, 0x74, 0xc0, 0x7a, 0xf9, 0xc5, + 0xb0, 0x58, 0x35, 0x1c, 0xa5, 0x51, 0xdb, 0xa1, 0x14, 0xcd, + 0x26, 0x71, 0xb1, 0xe7, 0xaa, 0x14, 0xa7, 0x46, 0x93, 0xd3, + 0x5c, 0x8c, 0x1a, 0x91, 0x77, 0x46, 0x2e, 0x15, 0xaa, 0x9e, + 0xf7, 0x2b, 0x79, 0x41, 0x76, 0xf7, 0x22, 0x53, 0x7d, 0x51, + 0xdb, 0x98, 0x3d, 0x5b, 0x78, 0x5f, 0xc3, 0xc9, 0x29, 0xa3, + 0xff, 0x75, 0x82, 0x06, 0x9a, 0x16, 0x5e, 0xa4, 0x79, 0x0d, + 0xd1, 0x6d, 0x08, 0xff, 0x43, 0xef, 0x9c, 0xf3, 0x1b, 0x7a, + 0x3f, 0x34, 0xbe, 0x19, 0x15, 0x06, 0x33, 0xdb, 0xa5, 0x71, + 0xcb, 0x5f, 0x6b, 0x8d, 0xbd, 0x5b, 0x32, 0x91, 0xb2, 0x37, + 0x3d, 0xb4, 0x40, 0x9e, 0x02, 0x9b, 0xb7, 0x68, 0x20, 0x58, + 0x5c, 0xab, 0xcb, 0xc8, 0x23, 0x2d, 0x77, 0xcc, 0x0b, 0xf6, + 0x78, 0x6b, 0x80, 0x06, 0x91, 0xa9, 0xfd, 0x7e, 0xfa, 0x25, + 0x98, 0x9f, 0xcc, 0x79, 0x0a, 0x1a, 0x54, 0x83, 0xac, 0x64, + 0x16, 0x90, 0xe5, 0xd9, 0xa7, 0xd7, 0x1b, 0x86, 0x0d, 0xe6, + 0xe6, 0x22, 0x2b, 0x1f, 0x44, 0x49, 0x98, 0x9c, 0x51, 0x6f, + 0xcf, 0x58, 0x4a, 0xfa, 0xfa, 0x84, 0x12, 0xa5, 0x10, 0xf4, + 0xca, 0xf0, 0x98, 0x2b, 0xc9, 0x03, 0x71, 0x37, 0xe7, 0xdc, + 0xc2, 0xb1, 0x4e, 0x64, 0xde, 0x4f, 0x46, 0x0d, 0x6b, 0x25, + 0x88, 0x5d, 0xd6, 0xff, 0x23, 0x46, 0x57, 0x36, 0x14, 0x18, + 0xa7, 0xcb, 0xb8, 0xbd, 0xf0, 0xc5, 0x37, 0x36, 0xee, 0xe1, + 0xed, 0x9f, 0x4d, 0xd4, 0x39, 0xe5, 0x92, 0xcf, 0x95, 0x4d, + 0x66, 0x36, 0x5d, 0xd0, 0xcc, 0x07, 0xcf, 0x15, 0x5a, 0xce, + 0x14, 0xb8, 0xda, 0x0d, 0x3d, 0x1b, 0x45, 0xc5, 0x2e, 0x34, + 0x43, 0x25, 0x02, 0x3a, 0xcd, 0x14, 0x45, 0xfb, 0x3e, 0xf9, + 0x88, 0x5d, 0x0d, 0x29, 0x31, 0xb9, 0xa1, 0xe6, 0x31, 0x18, + 0x52, 0x46, 0x3f, 0x22, 0x4f, 0x9f, 0x7a, 0x65, 0x36, 0x88, + 0xa3, 0x1c, 0x3e, 0x6f, 0x50, 0x7a, 0x36, 0xbe, 0x56, 0x7e, + 0x50, 0xcb, 0x7a, 0x10, 0xa0, 0xec, 0xf6, 0x82, 0xd6, 0x30, + 0x1c, 0xe8, 0x4c, 0x50, 0xf9, 0x3e, 0xdb, 0xac, 0xbe, 0x4f, + 0x90, 0xb1, 0xd5, 0x1b, 0x12, 0x95, 0xfb, 0xe8, 0x08, 0x64, + 0x56, 0x7c, 0x96, 0xcc, 0x90, 0xb1, 0xbc, 0xa0, 0xf5, 0x32, + 0x69, 0xb3, 0x5f, 0x27, 0x0f, 0xbe, 0xc9, 0xbd, 0xeb, 0xfa, + 0x4b, 0x5c, 0xc5, 0x99, 0x9e, 0x5a, 0x04, 0xcc, 0xd0, 0x4d, + 0x29, 0xe8, 0x84, 0x55, 0x8c, 0xd7, 0xc4, 0x06, 0x13, 0x4d, + 0x92, 0xe5, 0x98, 0x9c, 0x4c, 0xc1, 0xf7, 0xaf, 0x7b, 0xd5, + 0x2b, 0x92, 0x68, 0x68, 0x19, 0x70, 0x4c, 0x9e, 0x46, 0xb8, + 0x34, 0xeb, 0x01, 0x47, 0xbe, 0x59, 0xab, 0x0b, 0x22, 0x25, + 0xe7, 0x56, 0xa8, 0xb4, 0x93, 0x3c, 0xd5, 0x98, 0x9f, 0x61, + 0x2e, 0xfa, 0xcb, 0x5f, 0x5b, 0xd8, 0x09, 0x83, 0xe9, 0x40, + 0xe9, 0x0e, 0x42, 0xdd, 0x17, 0xd7, 0x6e, 0x19, 0x8d, 0x95, + 0x0a, 0x93 + }; +#endif + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_sig[] = { + 0x20, 0xff, 0x12, 0xe1, 0x87, 0xf6, 0x11, 0x38, 0xff, 0x41, 0xd0, 0x8f, + 0xcd, 0x7e, 0xd1, 0xf6, 0x21, 0x17, 0xd0, 0x46, 0xe9, 0x86, 0x83, 0x1b, + 0xaf, 0xe5, 0x2b, 0x59, 0x21, 0xd1, 0x6b, 0xc9, 0xdb, 0x34, 0xdc, 0xba, + 0xfd, 0xd3, 0xf8, 0x71, 0x49, 0xd8, 0x31, 0xbc, 0x48, 0x83, 0x22, 0x7b, + 0xfd, 0x6a, 0x93, 0xa6, 0x39, 0x4c, 0xda, 0xdb, 0x15, 0xe7, 0x41, 0x14, + 0xb4, 0xb8, 0xfe, 0xb0, 0x1f, 0xf9, 0x0a, 0x2c, 0x0b, 0xc0, 0xac, 0x09, + 0x84, 0x69, 0x5e, 0x64, 0x8c, 0xa8, 0xee, 0xa1, 0x52, 0x22, 0xde, 0x0d, + 0xc7, 0x25, 0xef, 0xa8, 0xfd, 0x8c, 0xb9, 0x45, 0x4f, 0xa4, 0x9c, 0xbc, + 0x70, 0xf2, 0x88, 0xea, 0x79, 0x13, 0xb0, 0xfc, 0xe6, 0x41, 0x48, 0x1c, + 0x33, 0x48, 0xa2, 0x77, 0x75, 0x37, 0x9f, 0xc1, 0x86, 0x94, 0xcd, 0x69, + 0x98, 0x87, 0x47, 0x49, 0x75, 0x93, 0xf1, 0xa4, 0x2d, 0x8e, 0xa8, 0x7e, + 0x0f, 0x95, 0xf5, 0x3e, 0x5d, 0x31, 0x2d, 0xc9, 0x58, 0x1c, 0x42, 0xfd, + 0x79, 0x6a, 0x49, 0xa3, 0x84, 0xc5, 0x2e, 0x8d, 0x96, 0x9c, 0xc8, 0x05, + 0x93, 0xdb, 0x6d, 0xbf, 0x83, 0x34, 0xc2, 0x81, 0x47, 0x90, 0xc9, 0xa9, + 0x82, 0xbd, 0xe1, 0xc8, 0x89, 0xa2, 0x36, 0x47, 0xed, 0xfb, 0x47, 0x57, + 0x01, 0x1a, 0x75, 0x8c, 0x6b, 0x83, 0xcf, 0x56, 0xae, 0x52, 0x66, 0x8b, + 0xab, 0x7f, 0x0c, 0xec, 0xde, 0x5c, 0x13, 0xbe, 0xbd, 0x5b, 0x74, 0x28, + 0xb5, 0xd7, 0x68, 0xd5, 0xd2, 0xe9, 0x96, 0x3b, 0x55, 0xda, 0x3a, 0x93, + 0x3c, 0xd9, 0x9f, 0x53, 0x2a, 0x31, 0x84, 0x45, 0x3f, 0xee, 0x2b, 0xfc, + 0x92, 0xb0, 0x9c, 0xc6, 0x16, 0x16, 0x4f, 0x33, 0x41, 0x17, 0x58, 0xbe, + 0x5d, 0x57, 0x4b, 0x04, 0x82, 0xe3, 0xb3, 0x68, 0xdf, 0x7c, 0x93, 0xce, + 0x9d, 0xf6, 0x7e, 0x21, 0x3d, 0x28, 0x1c, 0xf0, 0x37, 0x46, 0xf2, 0xc2, + 0x73, 0x7c, 0xbe, 0x98, 0x0e, 0x09, 0x75, 0xa7, 0x21, 0x11, 0xa9, 0xd6, + 0xd1, 0x47, 0xac, 0xd0, 0x19, 0x48, 0x3b, 0x74, 0xc1, 0x3c, 0x37, 0x43, + 0x49, 0x12, 0x62, 0xee, 0xaf, 0x5c, 0x38, 0xf7, 0x8a, 0xce, 0xb3, 0x7a, + 0x05, 0x16, 0xd4, 0x71, 0x8b, 0xbe, 0x1a, 0xe0, 0x1e, 0xbc, 0x4b, 0x54, + 0x0f, 0xb5, 0x73, 0x2b, 0xb8, 0x3a, 0x75, 0xf0, 0x26, 0xcd, 0xf9, 0xca, + 0x32, 0xf9, 0x7e, 0x15, 0x38, 0x75, 0x9c, 0x4d, 0xbc, 0x11, 0xf8, 0xea, + 0x8e, 0xe8, 0x38, 0x17, 0xc5, 0x62, 0xf4, 0x34, 0xfb, 0xd6, 0xf5, 0x76, + 0xfc, 0xa3, 0xf3, 0x44, 0xf9, 0xab, 0x2e, 0x9a, 0x68, 0xcd, 0xa1, 0x29, + 0xff, 0xda, 0xe8, 0xb5, 0xb0, 0x20, 0x5d, 0x02, 0x01, 0x62, 0x26, 0x44, + 0x32, 0xc8, 0x94, 0xf8, 0xf1, 0xaa, 0xf9, 0xc2, 0x86, 0xcb, 0x55, 0x7f, + 0x8d, 0xb3, 0xf6, 0x63, 0xb1, 0xa4, 0x95, 0x57, 0xb8, 0x1d, 0xc3, 0x42, + 0xd2, 0x4b, 0x69, 0xcd, 0x7a, 0x10, 0x5b, 0x6a, 0x13, 0xd1, 0x02, 0x98, + 0x38, 0x87, 0x9b, 0x9a, 0x5a, 0x66, 0x73, 0xcb, 0x75, 0xd0, 0x7a, 0x4b, + 0xad, 0x23, 0x06, 0x1c, 0xc8, 0x6b, 0x0c, 0xa8, 0xfe, 0x7b, 0x8f, 0x65, + 0x50, 0xd7, 0xf7, 0x76, 0x88, 0x42, 0xe0, 0x5e, 0x18, 0x91, 0x8b, 0x99, + 0x37, 0x56, 0x08, 0x91, 0xe7, 0x01, 0xe7, 0x05, 0xd5, 0xed, 0x43, 0x25, + 0x71, 0x7e, 0x3e, 0xfc, 0xc4, 0xfd, 0xed, 0x8b, 0x85, 0x16, 0x8c, 0xe3, + 0x05, 0xee, 0x51, 0x02, 0xa4, 0x4b, 0xd8, 0x3c, 0xcf, 0x4d, 0x2f, 0x2d, + 0x68, 0x6e, 0xc1, 0xd5, 0xfa, 0x91, 0xfd, 0x6a, 0xe0, 0x64, 0x85, 0x35, + 0x9c, 0x75, 0xe6, 0x0d, 0xb8, 0xec, 0x97, 0x88, 0x62, 0x98, 0x78, 0x75, + 0xc7, 0x1e, 0x68, 0xa7, 0xb9, 0x7b, 0xab, 0x75, 0x7a, 0x72, 0x3c, 0x7b, + 0xab, 0x60, 0x03, 0xb7, 0x38, 0x13, 0xe4, 0x96, 0x6e, 0xcb, 0x95, 0xcc, + 0xdc, 0x6a, 0x47, 0x67, 0x77, 0xd7, 0x95, 0xc4, 0x87, 0x66, 0xc2, 0x7e, + 0x42, 0x90, 0x59, 0x4f, 0xd6, 0xf3, 0xf4, 0xa7, 0xd0, 0x29, 0xf9, 0x5d, + 0x4b, 0x06, 0x06, 0xf7, 0x6e, 0xb2, 0xab, 0xb0, 0x8e, 0x21, 0xa6, 0xff, + 0x5e, 0x7b, 0x47, 0xb6, 0x3a, 0xa6, 0x9e, 0x19, 0xf6, 0xdf, 0x9b, 0x3b, + 0x3d, 0x07, 0x37, 0xd1, 0x0b, 0xa8, 0xf3, 0x9c, 0x43, 0x89, 0xee, 0xba, + 0x03, 0xee, 0x38, 0x74, 0x13, 0x09, 0x8e, 0x47, 0x4e, 0xa9, 0x14, 0xf5, + 0xb0, 0x55, 0xe0, 0x03, 0xe5, 0xb9, 0x53, 0xef, 0x03, 0x15, 0x60, 0xb3, + 0x4a, 0x71, 0x31, 0x4b, 0xf1, 0xc8, 0xe4, 0x63, 0x9b, 0x8b, 0x78, 0x3c, + 0x1f, 0xac, 0x27, 0x20, 0xa8, 0x53, 0x7d, 0xdd, 0x72, 0xd3, 0x90, 0x8f, + 0x71, 0xa6, 0xa7, 0xeb, 0xb0, 0xeb, 0x42, 0x96, 0xa4, 0xc3, 0xba, 0xc6, + 0x3c, 0xe7, 0x7b, 0x15, 0x1e, 0xfa, 0x15, 0x23, 0x37, 0xf3, 0xc8, 0xb2, + 0xf9, 0x46, 0x04, 0xd1, 0x5e, 0x44, 0xd7, 0x8f, 0x70, 0xb1, 0x0a, 0xde, + 0x6a, 0xe3, 0xaf, 0x9e, 0x49, 0x55, 0x78, 0x79, 0x11, 0x22, 0x87, 0xa9, + 0x54, 0x7c, 0xb4, 0x83, 0xe1, 0x25, 0xcd, 0x89, 0xa6, 0x91, 0x21, 0x7b, + 0xbe, 0x3d, 0x2f, 0x46, 0xb5, 0x5b, 0x50, 0x1a, 0xc8, 0x8d, 0x32, 0xf3, + 0x62, 0x1f, 0x24, 0x64, 0xe8, 0xb6, 0x02, 0x4f, 0x1f, 0x52, 0x3c, 0x40, + 0xfc, 0x72, 0x38, 0xd4, 0xba, 0x40, 0x8e, 0xb7, 0xc0, 0x97, 0x06, 0x16, + 0xd5, 0xe3, 0x39, 0x45, 0xd7, 0x7c, 0x0e, 0xed, 0x6b, 0x19, 0x19, 0x0a, + 0x8e, 0xcb, 0x2b, 0xee, 0x4d, 0xa1, 0x5e, 0x84, 0x22, 0x66, 0xcd, 0x4f, + 0xb9, 0x1a, 0x25, 0x85, 0x02, 0xc0, 0x67, 0xc4, 0xd5, 0x1a, 0xcb, 0xbb, + 0xde, 0x4d, 0x3c, 0x3c, 0x62, 0x9f, 0x76, 0x8f, 0x15, 0x29, 0xa5, 0xbb, + 0x5a, 0x48, 0x38, 0x66, 0xfa, 0x56, 0x0a, 0x09, 0xbd, 0xdf, 0xdf, 0x4a, + 0xe7, 0x0e, 0xa6, 0xb1, 0xb5, 0x7c, 0xe1, 0xed, 0x8d, 0x63, 0x07, 0x42, + 0xf3, 0xf8, 0x15, 0x28, 0x7c, 0x09, 0xf5, 0x02, 0x69, 0x1b, 0x88, 0x1e, + 0x3d, 0xad, 0x5f, 0x46, 0xed, 0xab, 0x2b, 0x11, 0x96, 0x73, 0xa8, 0xe8, + 0xe6, 0x64, 0x7d, 0xae, 0x13, 0xa1, 0x7d, 0x54, 0xae, 0xc0, 0x82, 0xeb, + 0x2a, 0xd1, 0x76, 0xb7, 0x9f, 0xbd, 0x33, 0x8f, 0xe7, 0xe6, 0x79, 0x92, + 0xa6, 0xaf, 0x61, 0x91, 0x49, 0xbc, 0xd2, 0x3c, 0x6f, 0x8b, 0xbe, 0x8f, + 0x5f, 0x1f, 0x00, 0x2c, 0x2e, 0x2c, 0xa0, 0x14, 0xcf, 0x34, 0x42, 0x44, + 0x41, 0x11, 0xd7, 0x37, 0xd3, 0x99, 0x44, 0x36, 0x43, 0x03, 0xb9, 0x50, + 0x4f, 0xab, 0xfe, 0x48, 0xe2, 0x4b, 0xed, 0x51, 0x8b, 0xe0, 0x04, 0x3c, + 0x93, 0x28, 0x55, 0xc8, 0x5a, 0xb3, 0x52, 0x2c, 0x56, 0xbd, 0x43, 0xb9, + 0x4a, 0x6c, 0x4c, 0xcc, 0xda, 0xba, 0x9c, 0xe6, 0x3e, 0x50, 0x8b, 0x1a, + 0xe5, 0x83, 0xc1, 0x60, 0x55, 0xb2, 0x02, 0x16, 0x54, 0x33, 0x62, 0x69, + 0x7c, 0x7d, 0x94, 0xf2, 0xb0, 0x3a, 0x22, 0xf0, 0x21, 0x46, 0xd7, 0x94, + 0x53, 0xec, 0x63, 0x4c, 0x3e, 0xc3, 0x71, 0xd1, 0xb9, 0x2e, 0x16, 0xe8, + 0x17, 0x63, 0x7e, 0x0c, 0x83, 0x05, 0x72, 0xe6, 0x20, 0x60, 0x34, 0xae, + 0x0e, 0x54, 0xa0, 0x57, 0x75, 0x93, 0x2e, 0xb8, 0x6c, 0xec, 0xda, 0x44, + 0x1b, 0xac, 0xd6, 0x75, 0xc5, 0x79, 0x3c, 0xc2, 0xa6, 0xa2, 0x7f, 0x3a, + 0xb0, 0xec, 0xeb, 0xc1, 0xe6, 0xd6, 0xae, 0xac, 0x2e, 0x55, 0x30, 0x1c, + 0x81, 0xa4, 0x4c, 0x35, 0x0e, 0xd8, 0xa6, 0x4e, 0xea, 0x0e, 0xbf, 0x79, + 0xf7, 0xdf, 0x55, 0xfc, 0xf9, 0x24, 0xb0, 0xa6, 0xba, 0xc3, 0x72, 0x42, + 0x60, 0x06, 0x44, 0x03, 0xe3, 0x40, 0x3c, 0x2a, 0x13, 0xf7, 0xdf, 0x3d, + 0xb7, 0x0d, 0x86, 0x6c, 0xb0, 0x0f, 0x2e, 0x72, 0x91, 0x16, 0x4f, 0x5f, + 0xd0, 0x3e, 0x8c, 0x36, 0xed, 0xa8, 0x6f, 0xbc, 0x65, 0xb0, 0x65, 0x99, + 0x47, 0x50, 0xa5, 0x9c, 0xea, 0xee, 0x8a, 0x44, 0x70, 0xf5, 0x31, 0x1a, + 0xe9, 0x11, 0xc1, 0xce, 0xe0, 0x21, 0x52, 0x70, 0x89, 0xf7, 0xc3, 0x35, + 0xfa, 0x55, 0x5a, 0xc5, 0x10, 0x02, 0xc4, 0xc7, 0xf7, 0xe1, 0xaf, 0x49, + 0x48, 0x61, 0xe7, 0x0d, 0xa1, 0x2d, 0x7d, 0x03, 0x00, 0x38, 0xa7, 0xd5, + 0xd3, 0xbf, 0x95, 0x29, 0xed, 0xcc, 0x70, 0x3e, 0xbe, 0x95, 0x8a, 0xdf, + 0xaf, 0xbf, 0xec, 0xf8, 0x6a, 0x4f, 0x9e, 0x69, 0xee, 0x4e, 0x3d, 0x8b, + 0x58, 0xa0, 0x2e, 0xb5, 0x83, 0x6a, 0x0e, 0x04, 0xa4, 0xa9, 0x74, 0xcb, + 0x4f, 0xb0, 0x39, 0x37, 0x8f, 0xcf, 0xbf, 0x77, 0xe4, 0x1a, 0x74, 0xcf, + 0x0e, 0x0d, 0x2d, 0x6e, 0x1d, 0xba, 0xc1, 0xf5, 0x7c, 0x54, 0x6e, 0x92, + 0xec, 0x4b, 0x03, 0xc3, 0xa4, 0x44, 0xad, 0x3e, 0x4f, 0xa4, 0xd9, 0xe9, + 0x71, 0x3c, 0xe6, 0xb6, 0xbe, 0xe7, 0xfc, 0x72, 0x76, 0x86, 0x9a, 0x73, + 0xb1, 0xb3, 0xf3, 0x84, 0xb6, 0x2a, 0x40, 0x0b, 0x8c, 0xae, 0xb3, 0xc4, + 0xdc, 0xb5, 0x21, 0x85, 0x87, 0xdc, 0x19, 0x18, 0xd5, 0xba, 0xa4, 0x5e, + 0x88, 0x89, 0xa4, 0xf4, 0x88, 0x75, 0xc2, 0x7a, 0xb4, 0xee, 0x9d, 0x54, + 0x66, 0x97, 0x70, 0x08, 0x8f, 0x99, 0x84, 0x5d, 0x5e, 0xa7, 0x6f, 0x92, + 0xe8, 0xa3, 0x65, 0xfa, 0x0e, 0x87, 0xfb, 0x3c, 0xe9, 0x17, 0x2d, 0xc7, + 0x2d, 0x30, 0x8f, 0x41, 0x82, 0x68, 0x2b, 0xf1, 0x67, 0x8e, 0xf7, 0x05, + 0x78, 0xfa, 0xc3, 0x61, 0xba, 0x35, 0xe7, 0x2f, 0x19, 0xef, 0x71, 0x36, + 0xac, 0x5b, 0xf0, 0x45, 0x30, 0x70, 0xdc, 0xc7, 0xab, 0x7b, 0x62, 0x17, + 0x9d, 0xc4, 0x43, 0x6f, 0xfc, 0x02, 0x56, 0x5f, 0x65, 0xaa, 0x68, 0x3b, + 0x5c, 0xfa, 0x71, 0x28, 0x89, 0xe9, 0x28, 0x2f, 0x95, 0x4b, 0xfc, 0xe6, + 0xe7, 0xc8, 0x44, 0x28, 0x5c, 0x3c, 0x08, 0x5f, 0x9c, 0xbc, 0x41, 0x68, + 0x91, 0x98, 0x7a, 0x00, 0x63, 0xc9, 0x5c, 0x75, 0x8f, 0xcc, 0x33, 0x77, + 0x7b, 0xd0, 0x2d, 0xe8, 0xa2, 0x98, 0xa4, 0x1b, 0xfa, 0x09, 0x67, 0x7b, + 0x25, 0x96, 0x19, 0xf4, 0x77, 0x33, 0x20, 0x4f, 0x19, 0xf6, 0x9c, 0x6c, + 0x2e, 0xd9, 0x68, 0x95, 0xb0, 0xe2, 0x18, 0x06, 0xe5, 0x84, 0x8e, 0xf7, + 0xbf, 0x6c, 0x96, 0xa8, 0x9d, 0x37, 0xc7, 0x28, 0xa1, 0x3d, 0x90, 0x8c, + 0x40, 0x3d, 0xe2, 0x51, 0xfd, 0x55, 0x09, 0xf8, 0x83, 0x43, 0x44, 0x4d, + 0x1c, 0x8a, 0x8d, 0x36, 0x84, 0x64, 0xc4, 0xfa, 0x1d, 0x72, 0x04, 0x0b, + 0x1d, 0x49, 0x13, 0x88, 0x78, 0x5f, 0x07, 0x9b, 0xc8, 0x01, 0x9c, 0x3c, + 0xfc, 0xff, 0x0f, 0xd5, 0x13, 0xcd, 0x15, 0x98, 0xcc, 0xe6, 0x59, 0x1e, + 0x83, 0x38, 0x8f, 0x6c, 0x75, 0xbe, 0xdf, 0xe9, 0x1b, 0xc5, 0xb9, 0x6b, + 0xa4, 0x5a, 0x0c, 0xae, 0x98, 0x8d, 0x93, 0xfa, 0x76, 0x7f, 0x0d, 0x0b, + 0xe8, 0xa0, 0x3b, 0x9e, 0x5e, 0xc8, 0xa8, 0xcc, 0x02, 0xc9, 0x86, 0x9c, + 0x78, 0xaf, 0x6e, 0x6a, 0xf4, 0xfe, 0x49, 0xad, 0xc5, 0x93, 0xae, 0x62, + 0xbd, 0xe3, 0x3a, 0xa8, 0xf2, 0x60, 0xb5, 0x29, 0xde, 0x5f, 0x12, 0x02, + 0x2d, 0x43, 0x90, 0xf5, 0x9d, 0x9d, 0x97, 0x29, 0xfa, 0xdd, 0x60, 0x41, + 0x64, 0xb7, 0xa5, 0x03, 0x72, 0x10, 0x2b, 0xdd, 0x5b, 0x60, 0xe6, 0xf0, + 0xe1, 0xd7, 0xa5, 0x97, 0xec, 0xb4, 0x9a, 0x4c, 0x3e, 0x16, 0xa2, 0x82, + 0xb3, 0xc3, 0x3f, 0x3e, 0x5d, 0x32, 0xac, 0x5a, 0x40, 0xb4, 0x00, 0xfa, + 0xd9, 0x47, 0xe8, 0x77, 0xa8, 0x96, 0x5c, 0x60, 0x04, 0x9c, 0x5c, 0xdf, + 0x24, 0x3b, 0xa7, 0x4a, 0x58, 0x25, 0x12, 0x9a, 0xa8, 0x7b, 0x3e, 0x14, + 0xc8, 0x06, 0x79, 0x23, 0xea, 0x91, 0x7f, 0xe1, 0x78, 0x41, 0x6c, 0xdb, + 0x8c, 0xeb, 0x66, 0x35, 0x87, 0x87, 0x81, 0x65, 0x2c, 0xef, 0x3a, 0x6e, + 0xae, 0xb3, 0x6c, 0xe9, 0x86, 0x50, 0x6d, 0x89, 0xd6, 0x27, 0x0a, 0xdb, + 0xf8, 0xd4, 0xb8, 0x85, 0x8e, 0x37, 0xa6, 0x56, 0xf7, 0x58, 0x18, 0x4c, + 0x44, 0xcf, 0xeb, 0xc4, 0x79, 0x19, 0xfc, 0x2e, 0x53, 0x18, 0x0e, 0x7b, + 0x51, 0x86, 0xf3, 0x59, 0x13, 0xb2, 0xaf, 0xd3, 0xee, 0xf4, 0xd5, 0xbf, + 0x2c, 0xb8, 0x6d, 0x71, 0x74, 0x7c, 0x67, 0x54, 0xa7, 0x4b, 0x03, 0xa9, + 0x1b, 0x62, 0x95, 0x9f, 0xc3, 0xf0, 0x71, 0x39, 0x2d, 0x26, 0xaf, 0xaf, + 0xa7, 0xa5, 0x58, 0xf8, 0xf8, 0x8a, 0xe0, 0x62, 0x90, 0x3f, 0x72, 0x9d, + 0x21, 0x82, 0x76, 0x3e, 0x4c, 0x5d, 0xe0, 0xb5, 0x67, 0x23, 0xe3, 0x13, + 0x1a, 0x29, 0xa3, 0xda, 0xa4, 0xb4, 0x5c, 0x1d, 0x47, 0xdf, 0xdf, 0xc9, + 0x93, 0x6c, 0xb2, 0xb5, 0x22, 0xb3, 0x47, 0x2b, 0xcf, 0xf0, 0x36, 0x87, + 0x51, 0x3c, 0x79, 0x41, 0x70, 0xbd, 0xea, 0x70, 0xa2, 0x29, 0x90, 0x55, + 0x30, 0x6f, 0x3e, 0x50, 0xc8, 0x38, 0xd6, 0xfa, 0x6f, 0xe3, 0x39, 0x67, + 0x88, 0x52, 0x1f, 0xd3, 0x52, 0xbf, 0x3e, 0x7b, 0x2a, 0xe5, 0x1e, 0xcd, + 0xf9, 0xf1, 0x91, 0x1d, 0x04, 0x61, 0x25, 0xbb, 0xe1, 0x33, 0xe3, 0x66, + 0x46, 0xed, 0x06, 0x8d, 0xc3, 0x4f, 0x20, 0xc6, 0x24, 0xa7, 0xb5, 0x49, + 0x3b, 0xc7, 0xe6, 0xa0, 0x77, 0x58, 0xd9, 0x70, 0xb1, 0xf5, 0xec, 0x94, + 0x19, 0xf3, 0x5b, 0x0f, 0x9a, 0xe4, 0xad, 0x37, 0x81, 0xaf, 0x68, 0x7b, + 0xe5, 0x67, 0xb5, 0xae, 0x7f, 0x2d, 0x64, 0x78, 0x68, 0x5a, 0xd1, 0x8f, + 0x1c, 0xc0, 0xc3, 0x5b, 0x21, 0x77, 0xe4, 0xa8, 0x5d, 0x05, 0x50, 0xc1, + 0x92, 0xee, 0x36, 0x2d, 0xd2, 0xff, 0xee, 0xc2, 0x11, 0x99, 0xee, 0xd7, + 0x48, 0xfb, 0x6a, 0xa3, 0xc9, 0xb7, 0x0c, 0xc1, 0xe5, 0x12, 0xbf, 0x6f, + 0x58, 0x66, 0x35, 0x34, 0x26, 0xaa, 0xbe, 0xc3, 0x33, 0x86, 0xfd, 0xc0, + 0x1c, 0xa5, 0xe4, 0x1e, 0x91, 0xc4, 0x55, 0x4e, 0xf1, 0xcb, 0xd2, 0x0b, + 0xe8, 0x0d, 0x89, 0x6a, 0x00, 0xbd, 0x7b, 0xf5, 0x3d, 0x1a, 0x4a, 0x48, + 0xfc, 0xf0, 0x5b, 0xcd, 0xdb, 0xb2, 0xa0, 0x27, 0x4b, 0x8f, 0xf7, 0x87, + 0x78, 0x13, 0xdb, 0x3f, 0xfb, 0x0b, 0xda, 0x22, 0xb3, 0x2b, 0x3a, 0x38, + 0xd2, 0x29, 0x73, 0x77, 0xb8, 0xd6, 0xec, 0xab, 0xb4, 0xfe, 0xbe, 0xbb, + 0x6e, 0xe2, 0xc8, 0x45, 0x7b, 0x0d, 0x36, 0x28, 0x0f, 0x45, 0x72, 0xea, + 0x6d, 0x38, 0x02, 0x5e, 0x48, 0x89, 0x12, 0x24, 0x1b, 0x33, 0x0f, 0xe9, + 0xf4, 0xce, 0xf8, 0x27, 0x16, 0x37, 0x29, 0xae, 0xe8, 0x22, 0x03, 0x31, + 0xa9, 0xa0, 0x73, 0x0c, 0x40, 0xe4, 0xfc, 0x6b, 0xe2, 0x1c, 0x8d, 0x7c, + 0x40, 0x82, 0x72, 0x28, 0xd0, 0x7d, 0xe5, 0xef, 0x05, 0x14, 0x80, 0x28, + 0x11, 0x32, 0x0d, 0x63, 0x8a, 0xc3, 0x7c, 0xfe, 0xf5, 0x06, 0x0e, 0xb0, + 0x78, 0x5c, 0x3a, 0xb6, 0x54, 0x37, 0x46, 0xa7, 0x43, 0x4f, 0x05, 0xec, + 0xe4, 0x9f, 0xd8, 0x55, 0x1f, 0x70, 0xb3, 0xe6, 0xbc, 0x46, 0x34, 0x9e, + 0xfc, 0xa4, 0x57, 0x8f, 0x0f, 0x25, 0x6f, 0x9f, 0xb3, 0x80, 0x21, 0x0b, + 0xa1, 0xca, 0x59, 0xcd, 0x37, 0xf7, 0xc9, 0xcb, 0xbe, 0x91, 0xad, 0x07, + 0x4f, 0xc7, 0x4e, 0x04, 0xbd, 0x38, 0x8b, 0x63, 0xb5, 0x51, 0xac, 0xc8, + 0x83, 0x3a, 0xa7, 0xe1, 0x77, 0xbc, 0xa4, 0x0c, 0x6c, 0x50, 0xeb, 0x46, + 0xe1, 0x45, 0x9a, 0x7b, 0x01, 0xca, 0x54, 0xf0, 0x0f, 0xa0, 0x1f, 0x43, + 0x9a, 0x19, 0x70, 0x2e, 0x70, 0x5a, 0xcf, 0x3b, 0x1b, 0x41, 0xfd, 0xd3, + 0x9a, 0xa2, 0x36, 0x14, 0xf0, 0xdd, 0xb0, 0x12, 0x6d, 0xcf, 0x55, 0x3f, + 0xef, 0x0a, 0xc1, 0x80, 0xa9, 0x68, 0xc3, 0x98, 0x03, 0x46, 0x34, 0xce, + 0x91, 0xb2, 0x7a, 0x94, 0xd2, 0xe7, 0xb9, 0x9c, 0x56, 0xb8, 0xf8, 0xd6, + 0xff, 0xbf, 0x8b, 0x39, 0x45, 0x04, 0x45, 0xc9, 0xa2, 0xe2, 0xbb, 0x50, + 0x68, 0x13, 0x32, 0x1e, 0x09, 0x51, 0xb7, 0xb9, 0xcf, 0x5f, 0xcc, 0x54, + 0xd2, 0xf3, 0xc1, 0x9d, 0xa0, 0x8d, 0x22, 0xc8, 0x7e, 0x1b, 0xc6, 0x14, + 0xde, 0x5f, 0x52, 0xb4, 0x69, 0x71, 0xca, 0x58, 0x1d, 0x1e, 0x89, 0xcb, + 0x56, 0x78, 0x7a, 0x85, 0xee, 0xfd, 0xf6, 0x7e, 0xbe, 0x49, 0x9b, 0xb1, + 0x05, 0x95, 0x12, 0xe9, 0x63, 0xbd, 0x61, 0x9a, 0x26, 0xf9, 0x0b, 0x9f, + 0x23, 0x0a, 0x59, 0x55, 0x93, 0xd3, 0x2d, 0xca, 0x66, 0x45, 0x03, 0xb7, + 0xf0, 0x88, 0x9e, 0xc1, 0x11, 0xbb, 0x62, 0x2c, 0x6f, 0xac, 0x3e, 0x87, + 0xd7, 0xe6, 0x4a, 0x44, 0x83, 0x04, 0x5d, 0x5d, 0xbc, 0x3c, 0xce, 0x83, + 0x2b, 0x11, 0x42, 0x02, 0x73, 0x1c, 0x24, 0x90, 0xd9, 0x1a, 0x7d, 0x96, + 0x82, 0x33, 0x75, 0x1e, 0x59, 0xea, 0xa7, 0x99, 0xe1, 0x5b, 0xdc, 0xe4, + 0x07, 0xc5, 0x48, 0x07, 0xb4, 0xbc, 0x80, 0x0e, 0xbd, 0x63, 0x6e, 0x66, + 0xf1, 0x12, 0xb6, 0x67, 0xe0, 0x14, 0x74, 0x9f, 0xbb, 0xb3, 0xb8, 0x16, + 0xd0, 0x25, 0xe9, 0x21, 0x80, 0x1a, 0x32, 0xb0, 0x58, 0x9a, 0x62, 0x17, + 0x18, 0x9d, 0x64, 0x2d, 0x47, 0x89, 0x82, 0x3b, 0x8c, 0x5d, 0x60, 0xc4, + 0x54, 0x69, 0xaa, 0xb4, 0x6a, 0x1d, 0x16, 0xb0, 0xe2, 0x5d, 0x7d, 0xeb, + 0xb9, 0x80, 0x37, 0xcd, 0x5b, 0xf0, 0xa1, 0xa8, 0x39, 0xb2, 0xd6, 0x3a, + 0xc8, 0xcd, 0xca, 0xaf, 0xcb, 0x3b, 0x54, 0xc2, 0x67, 0x49, 0xf3, 0xf1, + 0x11, 0x4d, 0x53, 0x7c, 0x46, 0x8d, 0x22, 0xf6, 0x9a, 0x0d, 0x9e, 0xda, + 0x37, 0xc6, 0x06, 0x00, 0xca, 0xb6, 0xb6, 0x99, 0xc5, 0xb6, 0x81, 0x7e, + 0x87, 0x62, 0xcf, 0x07, 0x76, 0xc1, 0x5f, 0xfe, 0x86, 0xfc, 0x5b, 0xa0, + 0xac, 0xca, 0xcb, 0x7d, 0xf5, 0x5a, 0xc2, 0x5e, 0x41, 0x48, 0x35, 0xc4, + 0x71, 0x9d, 0xc4, 0x0a, 0x79, 0x6f, 0xe3, 0x6d, 0x47, 0xd4, 0xaa, 0xfd, + 0x97, 0xe7, 0xb0, 0x7e, 0x61, 0xf1, 0x7d, 0x7e, 0xf8, 0x78, 0x4c, 0x2e, + 0x65, 0x51, 0xeb, 0x99, 0xd0, 0x3e, 0x24, 0x4c, 0xe0, 0x40, 0x7e, 0x2d, + 0xf7, 0x00, 0x9d, 0x50, 0x87, 0xce, 0x1f, 0x9a, 0xd2, 0x76, 0x00, 0x09, + 0xeb, 0x10, 0x1b, 0x4c, 0xf1, 0x43, 0x0e, 0x35, 0xbb, 0x23, 0x2e, 0x26, + 0x3d, 0x66, 0xa3, 0x0f, 0xf6, 0x10, 0x8b, 0x67, 0xce, 0x66, 0xfd, 0xb5, + 0x07, 0xdc, 0x04, 0x69, 0xad, 0xe0, 0x4d, 0xdf, 0xdb, 0x2f, 0x87, 0xf7, + 0xde, 0xc3, 0x77, 0x89, 0x71, 0xfd, 0x70, 0x38, 0xed, 0xe6, 0x27, 0xb1, + 0xbd, 0x94, 0x5f, 0x39, 0x20, 0x72, 0x59, 0xc4, 0x39, 0xd0, 0x20, 0x5d, + 0xe2, 0xe7, 0xe0, 0x00, 0x61, 0xc7, 0x65, 0xbd, 0xef, 0x05, 0xb3, 0xc7, + 0x7e, 0xae, 0xc5, 0x83, 0x7f, 0xc1, 0x32, 0x4e, 0x2a, 0x17, 0x64, 0x4e, + 0x2a, 0x9a, 0x2d, 0x26, 0x99, 0xa2, 0xd7, 0x37, 0x3a, 0x10, 0x6a, 0x89, + 0x72, 0x43, 0x0e, 0x3a, 0x03, 0x4c, 0xf9, 0xfe, 0xe8, 0xfc, 0x87, 0x71, + 0x37, 0x71, 0x5a, 0x05, 0xbc, 0x4e, 0x20, 0x4c, 0xd7, 0xf9, 0x8d, 0x4e, + 0xb8, 0xb8, 0x56, 0x07, 0xc8, 0x6e, 0x34, 0x6d, 0x45, 0x83, 0x34, 0xf0, + 0x77, 0xfb, 0x18, 0xec, 0x72, 0xf6, 0x4c, 0xfb, 0xba, 0x84, 0xe9, 0x89, + 0x3d, 0xfd, 0xb7, 0x0d, 0x70, 0xae, 0xa4, 0x48, 0x6b, 0x39, 0xf8, 0x62, + 0xc0, 0x7f, 0x0c, 0xf2, 0xa3, 0xfa, 0x7a, 0x64, 0x83, 0x57, 0x7d, 0x4c, + 0x04, 0x96, 0xd7, 0x9d, 0x10, 0x8b, 0x34, 0x48, 0x17, 0xff, 0x74, 0x5c, + 0x9c, 0xbe, 0xeb, 0xe5, 0x52, 0x94, 0x6a, 0x34, 0x6f, 0xf7, 0x95, 0x32, + 0x38, 0x5a, 0x9b, 0x08, 0xf6, 0xda, 0x8c, 0x0f, 0x9c, 0x5d, 0x04, 0x45, + 0xd4, 0xe9, 0xa4, 0x7a, 0xc4, 0xfd, 0x70, 0xfe, 0xa1, 0x3d, 0x21, 0xa0, + 0x01, 0xe5, 0x21, 0xca, 0xa7, 0xd9, 0xf1, 0x9f, 0x45, 0xe1, 0xe8, 0x2d, + 0x27, 0xe6, 0x87, 0xc8, 0x0d, 0xad, 0x13, 0xdb, 0xfe, 0x2f, 0xaa, 0x2b, + 0xdc, 0xa6, 0x1a, 0xc9, 0x19, 0x78, 0x1a, 0x1f, 0x10, 0xcf, 0x31, 0xe1, + 0x06, 0x28, 0x66, 0xb3, 0xa7, 0xa2, 0xa6, 0xf1, 0x3b, 0x2d, 0xd3, 0x81, + 0xaf, 0x6f, 0xc9, 0x88, 0x76, 0xe9, 0x83, 0x6c, 0x52, 0xb9, 0x70, 0x51, + 0x87, 0x6b, 0x8b, 0xbd, 0x5b, 0x9c, 0xa9, 0xf3, 0xcb, 0x55, 0xd1, 0x76, + 0x40, 0xe1, 0x90, 0xb9, 0x4c, 0xbd, 0xab, 0x1d, 0xa0, 0x5b, 0x5b, 0x34, + 0x14, 0x2f, 0x87, 0x8f, 0x63, 0xa0, 0x2d, 0x29, 0x4e, 0x50, 0x4b, 0x18, + 0x5f, 0x86, 0xac, 0x1b, 0x93, 0xe9, 0x59, 0x38, 0xa1, 0x2a, 0x36, 0x21, + 0xb2, 0xa4, 0xc0, 0x79, 0xc1, 0x60, 0xfc, 0x0f, 0xbf, 0x99, 0x04, 0x9d, + 0x4b, 0x17, 0x60, 0x5b, 0xcd, 0x78, 0x03, 0xd7, 0x7c, 0x4b, 0x9b, 0x17, + 0x58, 0x24, 0x60, 0xb8, 0x08, 0x92, 0x48, 0x4f, 0x66, 0x42, 0x9a, 0x98, + 0x2a, 0x99, 0x9a, 0x8f, 0xdd, 0xd7, 0x09, 0xf3, 0x22, 0x66, 0x62, 0xef, + 0xe5, 0x64, 0xd3, 0xdf, 0x31, 0xaa, 0x84, 0x4c, 0xa5, 0x3f, 0x4e, 0x27, + 0x48, 0x37, 0x96, 0x63, 0xbf, 0x8d, 0xe1, 0xf0, 0xd1, 0xef, 0x95, 0x1a, + 0xe6, 0xf4, 0x02, 0x61, 0xbf, 0xe3, 0xbc, 0x8b, 0x3d, 0x0b, 0x77, 0x91, + 0xc0, 0x5d, 0xfb, 0xe6, 0x7e, 0xab, 0x5e, 0xc5, 0x1c, 0x5b, 0x16, 0xfd, + 0x88, 0xa4, 0x78, 0x4c, 0x06, 0x77, 0xc3, 0x6e, 0x84, 0x0c, 0xda, 0xbf, + 0xf3, 0x8e, 0xd3, 0x61, 0x65, 0xac, 0xf2, 0x18, 0x70, 0x68, 0x84, 0x6f, + 0x9f, 0x3a, 0x94, 0x81, 0xa6, 0xc7, 0xc3, 0x92, 0xee, 0x4b, 0x20, 0x15, + 0x4e, 0x03, 0x76, 0x51, 0x5b, 0x4e, 0xe1, 0x5c, 0x51, 0x5e, 0x1b, 0x9c, + 0x30, 0x25, 0x79, 0xdd, 0x70, 0x12, 0xec, 0xdc, 0x45, 0x95, 0x45, 0x43, + 0xcd, 0xbb, 0xae, 0xa0, 0x0d, 0x43, 0xb4, 0xc9, 0x8c, 0x62, 0xfd, 0x7b, + 0xed, 0x50, 0x78, 0xb7, 0xa6, 0x94, 0xcb, 0x98, 0xb0, 0xbe, 0x09, 0xd9, + 0x0c, 0xb2, 0xc4, 0x8b, 0x96, 0x93, 0xd9, 0x26, 0xc6, 0x6d, 0x26, 0x93, + 0x32, 0x4e, 0x86, 0x72, 0x74, 0x92, 0x00, 0x72, 0x0b, 0x20, 0xa3, 0x2b, + 0x94, 0xe6, 0x10, 0x56, 0x5a, 0x41, 0x71, 0x92, 0x08, 0xce, 0x6c, 0xc4, + 0x1d, 0x9e, 0x71, 0x82, 0x64, 0x23, 0xe5, 0x15, 0xef, 0x4a, 0x7c, 0x4d, + 0xe3, 0x92, 0xbc, 0xa3, 0xa2, 0x29, 0xb7, 0x46, 0xfa, 0x8f, 0x9f, 0xc2, + 0x5d, 0xe4, 0xc0, 0x9c, 0x3f, 0x40, 0x17, 0xae, 0x44, 0xf3, 0x28, 0x10, + 0x29, 0x24, 0xa9, 0x1c, 0x9e, 0xd2, 0x55, 0x4c, 0xee, 0x45, 0xfe, 0x4a, + 0x45, 0x12, 0xf5, 0xde, 0xc7, 0x64, 0x15, 0xc3, 0x4a, 0x77, 0x63, 0x05, + 0x8d, 0xa6, 0x31, 0xa0, 0xad, 0x64, 0xaf, 0x3c, 0x69, 0x2c, 0x25, 0x78, + 0xae, 0xa0, 0x88, 0x96, 0x8a, 0xc2, 0x9b, 0x8d, 0xee, 0x6f, 0x2e, 0x79, + 0x1f, 0xec, 0x32, 0x35, 0x75, 0x83, 0x19, 0x8b, 0xda, 0xca, 0xd0, 0xaf, + 0x6a, 0x6c, 0x42, 0xe8, 0x81, 0xb5, 0x69, 0x31, 0x0b, 0x7d, 0xbc, 0xd8, + 0xd2, 0xb7, 0x7a, 0x8f, 0xfa, 0xcf, 0x91, 0x07, 0x1f, 0xda, 0xa9, 0x1f, + 0xb7, 0x2d, 0xff, 0x50, 0x15, 0x2a, 0xef, 0x8c, 0xa1, 0xe3, 0x7f, 0x08, + 0x95, 0xf2, 0x99, 0x83, 0x1f, 0x97, 0x71, 0x3e, 0x35, 0x3c, 0x8c, 0xe7, + 0x08, 0xd8, 0xa6, 0x1f, 0x0c, 0xa6, 0x52, 0xdc, 0x73, 0xa0, 0xfc, 0xd2, + 0x73, 0xe9, 0x27, 0x9d, 0xfd, 0x7a, 0x4a, 0x29, 0xd3, 0x12, 0x26, 0x13, + 0x0f, 0xce, 0xea, 0x56, 0x99, 0x61, 0x78, 0x47, 0x2c, 0xa0, 0x16, 0xa0, + 0xe2, 0x64, 0x97, 0x57, 0x31, 0xf0, 0x32, 0x5b, 0x44, 0x93, 0x76, 0x8b, + 0x59, 0x63, 0x5c, 0x5b, 0x0f, 0xe1, 0xe7, 0x74, 0x98, 0x11, 0x2d, 0x90, + 0xe4, 0xde, 0xd4, 0x3a, 0xc2, 0xfd, 0x24, 0xe3, 0x1f, 0x7a, 0xf4, 0x40, + 0xbb, 0x51, 0x92, 0x8f, 0x68, 0x9c, 0x51, 0xab, 0xdc, 0xf6, 0x1e, 0x96, + 0xca, 0x56, 0x5c, 0x92, 0xca, 0xb2, 0x1b, 0x2e, 0x6d, 0x20, 0x28, 0xb3, + 0x0a, 0x8e, 0xfd, 0xa9, 0xa2, 0x38, 0x74, 0x60, 0x37, 0xa6, 0x96, 0x02, + 0x20, 0x8a, 0x9a, 0x2b, 0x8c, 0xb9, 0x6d, 0xec, 0xff, 0xbf, 0x88, 0xbd, + 0x6c, 0xb4, 0x10, 0xbd, 0xfa, 0x5a, 0xeb, 0xb2, 0x6b, 0x74, 0x13, 0x2d, + 0xa5, 0xdb, 0x60, 0x93, 0xc6, 0xed, 0x39, 0x4f, 0xc5, 0x63, 0xe1, 0x9e, + 0x57, 0x1f, 0xe7, 0x47, 0xa4, 0xfb, 0x7f, 0xfa, 0x3a, 0x46, 0x50, 0x3a, + 0xd8, 0xd3, 0x83, 0xf5, 0xe6, 0x5e, 0xf8, 0x09, 0x0d, 0xfa, 0x33, 0xe1, + 0x50, 0xe4, 0x36, 0x3e, 0x0a, 0x5d, 0xe6, 0xf8, 0x2e, 0x17, 0x87, 0x8f, + 0xe1, 0x8c, 0x82, 0x73, 0xbd, 0xdd, 0x3b, 0x77, 0x47, 0x9f, 0x42, 0xd7, + 0xf4, 0x2d, 0x6c, 0xef, 0xcc, 0x22, 0x15, 0x3c, 0xe9, 0x26, 0xea, 0xbc, + 0xee, 0x09, 0xd3, 0xea, 0x84, 0x0f, 0x46, 0xa8, 0xe0, 0xda, 0xc5, 0x57, + 0x02, 0x54, 0xb6, 0x88, 0x2b, 0x37, 0xe5, 0x96, 0xc5, 0x33, 0xb7, 0x45, + 0x5d, 0xb7, 0xc7, 0xfd, 0xa0, 0xfa, 0x85, 0x1b, 0x2f, 0xe1, 0xec, 0x89, + 0xc6, 0xb2, 0x51, 0x71, 0xcb, 0x08, 0x82, 0x3e, 0xc9, 0xed, 0x80, 0x9d, + 0x37, 0x31, 0x9d, 0x15, 0xde, 0x24, 0x6f, 0xbd, 0x0e, 0x73, 0xa2, 0xb8, + 0x7e, 0x29, 0x7e, 0x96, 0xe4, 0xbb, 0xd6, 0x23, 0x17, 0xff, 0x33, 0x97, + 0x9c, 0x87, 0xe0, 0xe5, 0x0f, 0xb9, 0xb6, 0x31, 0x33, 0xad, 0xf8, 0xd8, + 0xdb, 0xa0, 0x71, 0x13, 0xe4, 0x1c, 0xce, 0xd0, 0x7e, 0x65, 0x7b, 0xa0, + 0x38, 0x17, 0x53, 0x4f, 0x71, 0x75, 0x6d, 0x02, 0x61, 0xc4, 0x52, 0xf8, + 0xe4, 0x2e, 0xbc, 0x52, 0xc1, 0xb1, 0x7e, 0x83, 0x0a, 0xa1, 0xd1, 0xcd, + 0x2f, 0xa0, 0x30, 0xfd, 0x41, 0x86, 0x7f, 0x26, 0xd1, 0xe7, 0xfc, 0xd7, + 0xc7, 0x37, 0xe5, 0x11, 0xa6, 0xc0, 0x9a, 0x75, 0x18, 0x04, 0x36, 0xca, + 0x8e, 0x26, 0x7d, 0xcf, 0xa2, 0x6a, 0x94, 0x9b, 0xc4, 0xf7, 0xc7, 0xeb, + 0x51, 0x13, 0xa3, 0x6f, 0x8c, 0x80, 0x5f, 0xae, 0xf0, 0x18, 0xa0, 0x88, + 0xe0, 0x8d, 0xb7, 0x80, 0x4e, 0x8c, 0xec, 0xc8, 0x7b, 0xeb, 0xac, 0x29, + 0xb7, 0x4a, 0x0f, 0x33, 0xdd, 0x9d, 0x89, 0x0a, 0x10, 0xb0, 0xce, 0x74, + 0x59, 0xa2, 0x62, 0x91, 0xc9, 0xac, 0x56, 0xcd, 0x69, 0xd3, 0x01, 0x6d, + 0x51, 0xe7, 0x04, 0xc3, 0xfb, 0xe9, 0x79, 0x1b, 0x72, 0x72, 0x1a, 0x90, + 0x0a, 0x20, 0x55, 0x85, 0xc1, 0x8b, 0xeb, 0x1e, 0x9f, 0x9f, 0x4a, 0x81, + 0x47, 0x97, 0x96, 0xbc, 0xc2, 0xe4, 0xc2, 0xfe, 0xa0, 0x20, 0xda, 0x70, + 0x0c, 0x2b, 0xe2, 0xd4, 0xc8, 0xcb, 0x46, 0x00, 0xb6, 0x7c, 0xfb, 0xbd, + 0x56, 0x94, 0x3d, 0x7f, 0x64, 0xf7, 0x88, 0xb5, 0xa7, 0xfe, 0xbe, 0x64, + 0x8a, 0xe4, 0x00, 0x08, 0x82, 0x5b, 0x8f, 0x98, 0x77, 0x87, 0xda, 0xaf, + 0x16, 0x25, 0x4a, 0x9a, 0xed, 0xfb, 0x50, 0x18, 0x45, 0x46, 0x2b, 0x73, + 0xff, 0xb9, 0xb9, 0xab, 0xa2, 0x8f, 0x3a, 0xaf, 0xc5, 0x0a, 0x14, 0x91, + 0xb2, 0x3f, 0xa6, 0x93, 0xf4, 0x81, 0x20, 0x77, 0xfa, 0x51, 0x79, 0x62, + 0xe8, 0xe6, 0x89, 0x52, 0x39, 0xd5, 0x01, 0xa2, 0x87, 0xa3, 0x53, 0x74, + 0x3c, 0x36, 0x8a, 0xc3, 0xb4, 0x44, 0x3b, 0x15, 0x21, 0xf6, 0xdc, 0x18, + 0x02, 0xd2, 0x57, 0xe5, 0x10, 0xf0, 0x3d, 0x61, 0xa7, 0x16, 0x85, 0x6f, + 0x71, 0x07, 0x75, 0x50, 0x4b, 0x21, 0x53, 0x47, 0x38, 0x35, 0x9e, 0xa7, + 0xd8, 0xfd, 0x74, 0x59, 0x15, 0x32, 0x7b, 0x89, 0xd0, 0x2c, 0xd9, 0xf6, + 0x40, 0x49, 0x79, 0xdc, 0xfb, 0x0a, 0x64, 0x59, 0x9b, 0x17, 0x47, 0x36, + 0xcb, 0xf0, 0xc3, 0xcc, 0x14, 0x8e, 0x1f, 0xa8, 0x12, 0xaa, 0xb7, 0x6a, + 0xba, 0x45, 0xf9, 0xc4, 0x44, 0xe7, 0xb5, 0x7c, 0xdd, 0xbe, 0x16, 0x76, + 0x52, 0x92, 0x3d, 0x78, 0xb7, 0xec, 0x81, 0x96, 0xd8, 0x7f, 0x34, 0x2a, + 0xa2, 0x64, 0x5f, 0xfd, 0xb1, 0x42, 0x4c, 0x79, 0x98, 0xc9, 0x17, 0x48, + 0x74, 0x12, 0x72, 0x2c, 0xde, 0x91, 0x7e, 0xa9, 0x49, 0x2a, 0xcc, 0x5c, + 0x60, 0x05, 0x25, 0x09, 0x72, 0x20, 0x80, 0x42, 0x7b, 0x18, 0xc2, 0xfc, + 0x2a, 0x5e, 0x3e, 0x2d, 0x61, 0xa6, 0xf6, 0x82, 0x42, 0x83, 0x81, 0x66, + 0x4d, 0xa6, 0xe1, 0xf9, 0xf6, 0x48, 0xd4, 0xc8, 0x69, 0xed, 0xee, 0xb5, + 0x7a, 0xcb, 0xf6, 0x0a, 0x76, 0x0e, 0x61, 0x8b, 0xf2, 0x1a, 0x8a, 0xa7, + 0x88, 0xb0, 0x90, 0xd5, 0x23, 0xaa, 0xe0, 0x2b, 0xd6, 0xd0, 0xef, 0x49, + 0x13, 0x88, 0xc7, 0x50, 0xf0, 0x9e, 0xd5, 0x28, 0xe1, 0xaa, 0x1d, 0xaf, + 0xd9, 0x73, 0xb3, 0x9e, 0xa7, 0xd8, 0xfc, 0xb9, 0x22, 0x97, 0x0e, 0x21, + 0xa0, 0xb9, 0xf9, 0xea, 0x1e, 0x95, 0x88, 0xda, 0x85, 0x7c, 0x32, 0x7c, + 0xbd, 0xef, 0xf8, 0x44, 0x25, 0x5f, 0x23, 0xfd, 0x14, 0x78, 0xc6, 0xdb, + 0x86, 0xee, 0xf8, 0xda, 0xc0, 0xae, 0x92, 0x6a, 0x03, 0xa9, 0x0a, 0xee, + 0x4a, 0x22, 0x5a, 0x6c, 0x39, 0xd3, 0x91, 0x7d, 0x91, 0x43, 0xac, 0x79, + 0xad, 0xab, 0xb7, 0x91, 0xb1, 0x20, 0x84, 0x7f, 0x0a, 0xd7, 0xa8, 0x62, + 0x95, 0xab, 0x04, 0xb6, 0xb2, 0xf1, 0xd4, 0xb0, 0xac, 0x52, 0x89, 0xb0, + 0x93, 0xdf, 0xdf, 0x80, 0x26, 0x0c, 0x32, 0x31, 0xb3, 0xba, 0xa1, 0xba, + 0x6f, 0xa3, 0x14, 0x5c, 0xfa, 0x37, 0x3b, 0x6a, 0xf2, 0xc4, 0x34, 0x27, + 0x08, 0x1a, 0xe4, 0xfc, 0x89, 0x58, 0x79, 0x34, 0x36, 0xe4, 0xad, 0x4b, + 0x3f, 0x57, 0x7b, 0xc1, 0x59, 0x2d, 0xb6, 0x54, 0x44, 0xbe, 0x4e, 0x5d, + 0x0d, 0x6a, 0xf3, 0xcd, 0xbf, 0xcd, 0x4d, 0x9f, 0x9a, 0x50, 0x09, 0xa4, + 0x6b, 0x8b, 0xb3, 0x01, 0x69, 0x6c, 0x69, 0x5d, 0x28, 0x73, 0x9e, 0xb5, + 0xc2, 0xc7, 0x6e, 0xff, 0x4c, 0x5c, 0x6b, 0x93, 0x22, 0xc1, 0x9f, 0xa6, + 0x71, 0xbf, 0x4d, 0x2d, 0x4e, 0x4e, 0x98, 0xa3, 0x6d, 0xab, 0x05, 0xa0, + 0xde, 0x34, 0x41, 0x28, 0xa4, 0x38, 0x75, 0x4e, 0xdf, 0x7f, 0xc9, 0xdd, + 0xbf, 0x5a, 0xd4, 0xcd, 0x38, 0x0c, 0x89, 0xe7, 0x0e, 0xfc, 0x0f, 0x27, + 0x39, 0x21, 0xa4, 0xa6, 0x07, 0x7b, 0x2a, 0x13, 0x56, 0xe7, 0x4e, 0x55, + 0x57, 0x71, 0x98, 0xb9, 0x3d, 0x59, 0xb5, 0xa8, 0x24, 0x18, 0x08, 0xa2, + 0x6e, 0x9a, 0xe5, 0x97, 0xa7, 0x38, 0xd9, 0x43, 0x9b, 0x19, 0x17, 0x34, + 0x03, 0xd6, 0xba, 0xe9, 0x71, 0x38, 0x26, 0x90, 0x78, 0x9e, 0x1c, 0x41, + 0x8d, 0x60, 0xdd, 0x0e, 0x12, 0x46, 0x37, 0xb4, 0x79, 0x87, 0x33, 0x12, + 0x24, 0xc4, 0x5a, 0x6c, 0x70, 0xa2, 0xb2, 0x58, 0xbb, 0xe7, 0xd6, 0x88, + 0x42, 0x2d, 0x49, 0xc8, 0x67, 0x1e, 0xc5, 0xed, 0x16, 0xa8, 0x1f, 0x36, + 0x2b, 0xfb, 0x0d, 0x51, 0x96, 0xc8, 0x78, 0xf2, 0xab, 0x82, 0xa1, 0xe2, + 0xaf, 0x8c, 0xa4, 0x13, 0x54, 0x90, 0xf1, 0xe7, 0xbb, 0xd1, 0x09, 0x23, + 0x76, 0x0e, 0x50, 0x32, 0xc5, 0x54, 0xbb, 0x1e, 0x12, 0x5d, 0x59, 0xf3, + 0xe9, 0xc9, 0xa4, 0xaa, 0xbc, 0x13, 0x1d, 0xf0, 0x79, 0x54, 0xae, 0x70, + 0xc0, 0xea, 0xcb, 0x21, 0x32, 0xe6, 0xe6, 0x8e, 0xaa, 0x51, 0x46, 0x25, + 0x1e, 0xf1, 0x3f, 0x9f, 0xf6, 0xff, 0x19, 0x53, 0x97, 0xbc, 0xa2, 0xb6, + 0x91, 0x59, 0x27, 0x1e, 0x39, 0x76, 0x76, 0x02, 0x0b, 0x03, 0x25, 0x6b, + 0x00, 0x02, 0xfa, 0x7d, 0x69, 0x5e, 0xde, 0x64, 0x33, 0xbf, 0xab, 0x3e, + 0x3f, 0x24, 0x32, 0x68, 0xbf, 0x90, 0x8f, 0x0f, 0xc5, 0x36, 0x58, 0x9e, + 0x9b, 0x11, 0xd1, 0x2a, 0x8a, 0x0d, 0xac, 0x3a, 0x23, 0xe2, 0x8e, 0xd6, + 0x0d, 0x4a, 0x8b, 0x45, 0x04, 0x47, 0xd9, 0x5a, 0x46, 0x6c, 0x70, 0x82, + 0xc7, 0x81, 0x67, 0xdc, 0xa6, 0xfa, 0x6a, 0x86, 0xfd, 0x01, 0xed, 0x90, + 0xf6, 0xe6, 0x26, 0x6d, 0xac, 0x52, 0x03, 0x4a, 0x91, 0x08, 0x7b, 0xa5, + 0x9c, 0xca, 0xd3, 0x2d, 0x79, 0xf1, 0xed, 0xcb, 0xaa, 0x8f, 0x77, 0xc8, + 0x17, 0xa8, 0xfb, 0x6c, 0x15, 0x62, 0xab, 0x34, 0xd1, 0xdd, 0x94, 0x3e, + 0xd4, 0x0c, 0x47, 0xed, 0x04, 0x91, 0xd2, 0xd7, 0x98, 0xb4, 0x43, 0x57, + 0xd1, 0x54, 0xef, 0x63, 0xba, 0xe3, 0x8a, 0x72, 0xc5, 0xb9, 0xf4, 0x30, + 0xfa, 0x16, 0x3c, 0xe1, 0xbb, 0xbe, 0x57, 0x90, 0xb9, 0xa1, 0xa0, 0x23, + 0xfa, 0xdd, 0xbe, 0x2f, 0xb3, 0xec, 0x41, 0x8b, 0x64, 0xeb, 0xc5, 0x41, + 0xea, 0xa8, 0x16, 0x76, 0x6f, 0x28, 0xda, 0x2b, 0x5f, 0x03, 0x0b, 0xe8, + 0x1c, 0x29, 0x71, 0xd8, 0x4e, 0x41, 0xdf, 0x39, 0x8e, 0x6a, 0x95, 0x79, + 0x85, 0x9c, 0xa9, 0x79, 0xd9, 0x8f, 0x33, 0xaf, 0x15, 0x3b, 0x5a, 0x82, + 0x56, 0x32, 0x98, 0x0c, 0xf6, 0xf6, 0x64, 0x42, 0xd4, 0x6a, 0x15, 0x0f, + 0xb9, 0x75, 0x22, 0xbd, 0x9a, 0x58, 0xa6, 0x01, 0x3a, 0x63, 0xf0, 0x80, + 0x78, 0x22, 0x80, 0xa0, 0x14, 0xe1, 0x37, 0x6b, 0xd4, 0x99, 0x3f, 0xc2, + 0xba, 0x2b, 0x8f, 0xf3, 0x56, 0xc8, 0x1b, 0xe4, 0x7a, 0x5e, 0x96, 0x60, + 0xee, 0x74, 0x54, 0xb6, 0x6d, 0x5c, 0x3d, 0x3e, 0x05, 0xf0, 0x9a, 0xf6, + 0xcd, 0xdd, 0x06, 0xdb, 0x8c, 0x21, 0xb9, 0xf5, 0x28, 0x57, 0x9c, 0x4f, + 0xb4, 0x08, 0xcf, 0xac, 0x6c, 0xfe, 0x30, 0xaf, 0xa2, 0xef, 0xcf, 0x93, + 0x15, 0xdd, 0x12, 0x16, 0x19, 0x7d, 0xbc, 0x57, 0xd9, 0xce, 0xbe, 0x0e, + 0xfc, 0xe1, 0xf0, 0x4a, 0x7c, 0xaa, 0xbf, 0x20, 0x64, 0x00, 0x34, 0x59, + 0xed, 0xea, 0x12, 0x58, 0x46, 0x4c, 0xc6, 0x2f, 0x77, 0x62, 0x1d, 0x82, + 0x5c, 0xe8, 0x98, 0x0d, 0xef, 0x5c, 0x0e, 0xec, 0x5d, 0x2e, 0x5f, 0xd2, + 0x22, 0x43, 0x2d, 0xe1, 0x02, 0xd5, 0x4a, 0x0a, 0x79, 0x6f, 0xa5, 0xec, + 0x48, 0xaa, 0xee, 0xf8, 0xe3, 0x5f, 0xdd, 0xe7, 0x26, 0x87, 0xb5, 0xc4, + 0xcf, 0xd9, 0x7f, 0xa8, 0xaa, 0xb6, 0xbe, 0xe9, 0x02, 0x49, 0x5d, 0x5f, + 0x81, 0x8b, 0xb9, 0xbd, 0xc0, 0xc9, 0xd5, 0xfe, 0x36, 0x3e, 0x49, 0x56, + 0x63, 0x8b, 0xce, 0xef, 0x48, 0x6e, 0xc0, 0xd4, 0x04, 0x0c, 0x33, 0x45, + 0x6e, 0x97, 0x9e, 0xa3, 0xae, 0xbc, 0xc2, 0xce, 0xdc, 0xe3, 0xff, 0x48, + 0x51, 0x68, 0x89, 0xad, 0xae, 0xc7, 0xd1, 0xde, 0xe2, 0xf9, 0xfe, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x06, + 0x0c, 0x18, 0x20, 0x24, 0x2f, 0x33, 0x3f + }; +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + WOLFSSL_SMALL_STACK_STATIC const byte ml_dsa_87_draft_sig[] = { + 0x78, 0xed, 0x1a, 0x3f, 0x41, 0xab, 0xf8, 0x93, 0x80, 0xf0, + 0xc6, 0xbf, 0x4a, 0xde, 0xaf, 0x29, 0x93, 0xe5, 0x9a, 0xbf, + 0x38, 0x08, 0x18, 0x33, 0xca, 0x7d, 0x5e, 0x65, 0xa4, 0xd2, + 0xd7, 0x45, 0xe3, 0xe7, 0x58, 0xfb, 0x05, 0xab, 0x65, 0x57, + 0xac, 0x6f, 0xf5, 0x43, 0x28, 0x5f, 0x9c, 0x9a, 0x3e, 0x35, + 0x84, 0xe4, 0xef, 0xa5, 0x57, 0x17, 0xad, 0x51, 0x44, 0x70, + 0x09, 0x00, 0x81, 0xbe, 0xfe, 0x14, 0x01, 0xfe, 0x0c, 0x94, + 0xbe, 0xa9, 0x89, 0xfd, 0x47, 0xfc, 0xb9, 0xd8, 0x17, 0x4d, + 0xd8, 0x73, 0xd5, 0x50, 0x9f, 0x13, 0x6c, 0x07, 0x71, 0x47, + 0xaa, 0x3c, 0xc0, 0x64, 0x00, 0x19, 0x2e, 0x74, 0x51, 0x0e, + 0x0f, 0x25, 0x30, 0x7f, 0x13, 0x96, 0xc6, 0xc5, 0xbf, 0xd4, + 0x82, 0xd3, 0x0d, 0xd3, 0x65, 0x4c, 0x72, 0x67, 0xe2, 0x37, + 0x6b, 0x3c, 0x8e, 0xa3, 0x36, 0x84, 0xe9, 0xaa, 0xac, 0x7d, + 0xf3, 0xac, 0xfc, 0x01, 0x50, 0x87, 0x88, 0xf6, 0xbf, 0x84, + 0xc3, 0xa0, 0x23, 0xe4, 0xe8, 0x01, 0x38, 0x39, 0x30, 0x8a, + 0xf3, 0xba, 0x92, 0x62, 0x37, 0xd7, 0x20, 0xd7, 0xf7, 0x41, + 0xff, 0xae, 0x81, 0x02, 0x29, 0x2a, 0x66, 0x8b, 0x20, 0xbe, + 0x61, 0x8d, 0xfb, 0x7c, 0x70, 0x14, 0xad, 0xf4, 0x94, 0x8c, + 0xee, 0x64, 0x3b, 0x9f, 0xe1, 0x6e, 0x68, 0x17, 0x07, 0xb8, + 0xfc, 0x99, 0xdc, 0xde, 0x69, 0x58, 0x8c, 0x97, 0x7d, 0xb3, + 0x2c, 0x9e, 0x90, 0x33, 0x2e, 0x7b, 0xbf, 0xf8, 0x6f, 0xf8, + 0x12, 0x64, 0xda, 0xc0, 0xfb, 0x30, 0xe6, 0xbf, 0x7b, 0x9a, + 0xde, 0xb5, 0xac, 0x9d, 0x6b, 0xcb, 0xe1, 0x0d, 0xf1, 0xbb, + 0xf3, 0x97, 0xc5, 0x08, 0xd3, 0x3e, 0xe3, 0xa4, 0xeb, 0x6f, + 0x6b, 0x62, 0x61, 0xc5, 0x0b, 0xa8, 0x02, 0xc2, 0xf1, 0xbe, + 0xbb, 0x93, 0x13, 0xa5, 0x8d, 0x7b, 0x5a, 0x6d, 0x1f, 0x28, + 0xbc, 0x35, 0xd8, 0xe8, 0xcf, 0x80, 0x8b, 0x4b, 0x02, 0x80, + 0x3b, 0xdc, 0x00, 0xce, 0x88, 0xb0, 0x62, 0x35, 0x7d, 0x51, + 0x7f, 0x5c, 0xb2, 0x23, 0x85, 0x47, 0x7e, 0x73, 0x88, 0x65, + 0xfd, 0x0d, 0x47, 0x33, 0xef, 0xb9, 0x75, 0x05, 0x86, 0x5d, + 0xd3, 0x98, 0xa6, 0x91, 0xe6, 0x8c, 0xe2, 0x71, 0x7a, 0x95, + 0xe0, 0x8c, 0x54, 0x4b, 0x68, 0x4d, 0x5a, 0xec, 0xad, 0xae, + 0x54, 0x4e, 0x3b, 0x0e, 0xcd, 0x70, 0xe6, 0x81, 0xbf, 0xf4, + 0x86, 0xab, 0xfe, 0xd8, 0xed, 0x69, 0xdd, 0x0f, 0x75, 0x8f, + 0x8e, 0xcd, 0x72, 0x40, 0x21, 0xee, 0x80, 0x6f, 0x9e, 0xa0, + 0x80, 0xf7, 0xf6, 0xa2, 0xf5, 0x04, 0x82, 0xea, 0xb6, 0xb1, + 0xa3, 0xfe, 0xa2, 0x2d, 0x83, 0xc7, 0x01, 0x4b, 0x27, 0x19, + 0x6a, 0x31, 0x04, 0x70, 0xce, 0x75, 0x22, 0x4b, 0x7a, 0x21, + 0x29, 0xfd, 0xe9, 0xcb, 0xbb, 0xca, 0x95, 0x0a, 0xd8, 0xcd, + 0x20, 0x2a, 0xb7, 0xbe, 0xdf, 0x2f, 0x0f, 0xfa, 0xf1, 0xc0, + 0x39, 0xf3, 0x74, 0x22, 0x05, 0x33, 0xca, 0x2a, 0x9c, 0x9f, + 0x06, 0x71, 0x90, 0x1e, 0x74, 0x4b, 0xbe, 0x9a, 0xc7, 0x1e, + 0x37, 0x9b, 0x96, 0x19, 0xfd, 0xa0, 0x61, 0x87, 0x93, 0xab, + 0x75, 0x79, 0xac, 0x2f, 0x83, 0xe1, 0x8c, 0x70, 0x54, 0x70, + 0x01, 0x93, 0xce, 0x76, 0x7a, 0x08, 0xe7, 0x75, 0xfb, 0x5e, + 0xa4, 0xcc, 0xd6, 0xeb, 0x90, 0xe2, 0x57, 0x07, 0x53, 0x88, + 0x8f, 0x7f, 0x29, 0x39, 0x80, 0xc4, 0x7f, 0x70, 0x6f, 0xff, + 0x44, 0x25, 0x2b, 0x9e, 0xa1, 0xbb, 0xda, 0x43, 0x53, 0x14, + 0xf8, 0x97, 0x08, 0xa4, 0xaf, 0xa0, 0xa5, 0x0c, 0xfa, 0xcc, + 0xba, 0xcd, 0x4f, 0xd3, 0x90, 0x28, 0x02, 0x25, 0xbe, 0xc6, + 0x35, 0x66, 0x99, 0xb0, 0x69, 0x46, 0xe5, 0xbf, 0x7e, 0x4f, + 0x53, 0x11, 0x1f, 0xa5, 0x2c, 0x9b, 0xd1, 0x70, 0x90, 0x34, + 0x66, 0xaa, 0x9f, 0xa8, 0x02, 0x3a, 0x05, 0x2b, 0x0a, 0xd0, + 0x72, 0x5d, 0x01, 0x7b, 0x02, 0xce, 0x18, 0xb9, 0x63, 0xd1, + 0x7d, 0xd2, 0x34, 0xa3, 0x2d, 0xaa, 0x78, 0xf0, 0x30, 0x6e, + 0x59, 0xe3, 0xf1, 0x1e, 0xf1, 0x33, 0x41, 0xde, 0xc4, 0x4e, + 0x88, 0x61, 0xc3, 0xb4, 0x6b, 0x21, 0x5d, 0xcc, 0x69, 0x44, + 0xf3, 0xb0, 0x84, 0x54, 0x2a, 0x23, 0x22, 0xa2, 0xc4, 0xba, + 0xad, 0x00, 0x57, 0x5b, 0xdf, 0xa0, 0xf7, 0x1c, 0x00, 0xc3, + 0x23, 0x93, 0xc0, 0x2f, 0x3b, 0x9d, 0x6e, 0x8c, 0x38, 0xa6, + 0x5e, 0xd8, 0x98, 0x7a, 0x6c, 0x90, 0xd5, 0x40, 0x3f, 0x8c, + 0xc3, 0xf0, 0x92, 0x66, 0xc4, 0xe5, 0xa8, 0x42, 0x25, 0x4c, + 0x56, 0x42, 0x37, 0x9a, 0xa4, 0x1d, 0xf5, 0xb0, 0xe3, 0x8a, + 0x9c, 0x57, 0x52, 0x63, 0xdc, 0xd9, 0xb0, 0xbf, 0xc3, 0xfc, + 0xfc, 0x6c, 0xab, 0x41, 0xae, 0xec, 0xc7, 0x40, 0x80, 0xb6, + 0x0b, 0x3c, 0xa9, 0xf5, 0x4f, 0x2d, 0xf6, 0x72, 0xe3, 0xba, + 0x13, 0x2c, 0x73, 0x61, 0x98, 0x66, 0x6f, 0x03, 0x88, 0x3b, + 0xe6, 0x95, 0x43, 0x33, 0x3b, 0xfe, 0xfd, 0x63, 0x8c, 0x00, + 0x8a, 0x67, 0x1c, 0x46, 0x0e, 0x0b, 0x51, 0x26, 0x79, 0x4f, + 0x7b, 0xb1, 0x36, 0x34, 0x52, 0x41, 0x7e, 0x74, 0xbb, 0x71, + 0x52, 0x8f, 0xcc, 0xf2, 0x99, 0x24, 0x3f, 0x18, 0xe6, 0xcf, + 0xdf, 0x6b, 0xfe, 0x77, 0xfa, 0xa8, 0x3f, 0xe3, 0x6b, 0xb7, + 0x32, 0x30, 0x8e, 0x16, 0x08, 0x59, 0x66, 0xdf, 0x95, 0x75, + 0x7d, 0xa3, 0x80, 0xf0, 0x0c, 0x1a, 0xa8, 0xe7, 0x87, 0x2f, + 0xe3, 0x39, 0x11, 0x82, 0x00, 0x3e, 0xe5, 0x71, 0x05, 0x7d, + 0x0c, 0x90, 0xae, 0xbc, 0xbf, 0xe0, 0x4b, 0x8f, 0x91, 0x85, + 0x1d, 0x0a, 0xa2, 0x36, 0x66, 0x18, 0x78, 0xd0, 0x0a, 0xa0, + 0xaf, 0x0f, 0x1c, 0x01, 0xdb, 0xb2, 0x21, 0x96, 0x25, 0xf7, + 0x9e, 0x3a, 0x9e, 0xc3, 0xe8, 0x92, 0x34, 0xaf, 0x7e, 0x3b, + 0x5f, 0xd9, 0x23, 0x97, 0x09, 0xf1, 0x87, 0x31, 0x3a, 0x94, + 0xc8, 0x9b, 0x52, 0xf4, 0x57, 0x54, 0x7b, 0x3e, 0x50, 0xd3, + 0x75, 0x2a, 0xba, 0x97, 0xd7, 0xec, 0x95, 0x6c, 0x35, 0x63, + 0xa4, 0xa1, 0x8f, 0xf5, 0xcc, 0xbe, 0x42, 0x65, 0x4e, 0x69, + 0x35, 0x55, 0xa5, 0x3e, 0xc4, 0xf0, 0xde, 0x60, 0x54, 0xdf, + 0xbb, 0x83, 0xad, 0xdf, 0xa5, 0x24, 0x8f, 0xbe, 0x0b, 0x16, + 0xfc, 0xf2, 0x64, 0xd5, 0x79, 0x68, 0xf3, 0x91, 0x81, 0x2a, + 0xd7, 0x1c, 0xc0, 0xdd, 0xe6, 0xb6, 0xb3, 0xa2, 0x4f, 0xc0, + 0x6d, 0x77, 0x02, 0xee, 0x43, 0xd6, 0x5e, 0x82, 0x66, 0x7f, + 0xb4, 0xe6, 0x5c, 0xff, 0x87, 0x1e, 0x1d, 0x6f, 0x1d, 0x96, + 0x6d, 0xbd, 0x90, 0x57, 0x65, 0xc2, 0x01, 0x35, 0xfa, 0x9a, + 0xc6, 0xe0, 0x4e, 0x2c, 0x4b, 0x16, 0xfa, 0x0d, 0x38, 0x87, + 0x39, 0x2c, 0x2b, 0x48, 0x14, 0x92, 0x3d, 0x83, 0x00, 0xa9, + 0x1a, 0x3d, 0x4d, 0x30, 0x23, 0x48, 0xcd, 0xd5, 0xcd, 0x01, + 0xb1, 0x45, 0x85, 0xcc, 0x66, 0x47, 0x1d, 0x63, 0x3d, 0x70, + 0xb8, 0x0c, 0xfd, 0xe3, 0xb2, 0x0f, 0x64, 0x6e, 0xb9, 0x2b, + 0xe5, 0xb0, 0x4d, 0x44, 0x4d, 0x66, 0x1a, 0xfa, 0x49, 0xbb, + 0xc3, 0xb8, 0xad, 0x64, 0x23, 0x7e, 0x71, 0x9f, 0x59, 0xec, + 0x25, 0xa8, 0x5e, 0x11, 0xd6, 0x6e, 0xc9, 0x09, 0xe7, 0xb9, + 0x6a, 0x63, 0x91, 0xaa, 0x5d, 0xd2, 0x8c, 0x91, 0xe8, 0x8d, + 0x35, 0x6d, 0x10, 0xf6, 0xfc, 0x6a, 0x3c, 0x77, 0x90, 0xf8, + 0x2a, 0x49, 0x13, 0x7f, 0xdb, 0xf5, 0x0c, 0xe9, 0xc8, 0x57, + 0xc6, 0xfd, 0x26, 0x8d, 0x79, 0xb5, 0xdd, 0x47, 0x74, 0x6e, + 0xe8, 0x8f, 0x50, 0xf5, 0xa7, 0x9e, 0xd1, 0x74, 0x10, 0xbb, + 0xf4, 0x8f, 0x8f, 0x0d, 0xcd, 0x1f, 0xf6, 0x59, 0xb8, 0x6c, + 0xd2, 0x37, 0x83, 0x28, 0xb2, 0x36, 0xc1, 0x39, 0x5b, 0xde, + 0x59, 0xee, 0x77, 0xa2, 0x6e, 0x67, 0xc6, 0xea, 0x1d, 0x2b, + 0x41, 0x8f, 0x6f, 0x96, 0x94, 0x1b, 0x5d, 0xab, 0x30, 0x53, + 0x1e, 0xf8, 0x17, 0x06, 0xea, 0xcc, 0x98, 0xa8, 0xdf, 0x81, + 0xe1, 0x80, 0xb7, 0xad, 0x69, 0xcb, 0x8f, 0x81, 0x1e, 0x76, + 0x75, 0x3c, 0x11, 0x9b, 0x38, 0x95, 0xa7, 0x87, 0x1f, 0xd9, + 0x76, 0x82, 0x21, 0x13, 0x25, 0x20, 0x42, 0xd3, 0x8c, 0xd9, + 0x1c, 0x64, 0xed, 0xe9, 0x55, 0xb5, 0x29, 0x98, 0x85, 0x7c, + 0x01, 0x94, 0xaa, 0xdd, 0x8c, 0x78, 0x08, 0x99, 0x99, 0x5a, + 0xf6, 0x61, 0x4c, 0xe0, 0x99, 0xf8, 0x15, 0x74, 0x2e, 0x0d, + 0x14, 0x89, 0x11, 0x84, 0xcd, 0x78, 0x0c, 0x6b, 0x48, 0xde, + 0xb4, 0xd6, 0x05, 0xbd, 0x99, 0x58, 0xb7, 0xe5, 0xc5, 0x7a, + 0x43, 0x18, 0x55, 0x33, 0x16, 0x2b, 0xfa, 0x27, 0xf5, 0xbb, + 0xaa, 0x52, 0xb5, 0x28, 0x5c, 0xfe, 0x61, 0x7f, 0x7a, 0x70, + 0xc2, 0x32, 0x4b, 0x05, 0x8d, 0x7b, 0x4d, 0x22, 0x57, 0x25, + 0x40, 0x46, 0x7c, 0xad, 0x2f, 0x8a, 0xc8, 0x16, 0xd6, 0xac, + 0x4e, 0xe3, 0xe3, 0x29, 0xe4, 0xe8, 0x00, 0x2b, 0xc9, 0xe3, + 0x3a, 0x6f, 0x66, 0xf1, 0x37, 0x37, 0x52, 0x88, 0x77, 0xf6, + 0xbd, 0x59, 0x5f, 0xf8, 0x11, 0x46, 0x7b, 0x12, 0x88, 0x2f, + 0x4b, 0x0d, 0x16, 0x89, 0x3e, 0x2a, 0x56, 0x58, 0xa8, 0x1c, + 0xee, 0x23, 0xd5, 0x66, 0x86, 0x5f, 0x59, 0x55, 0xac, 0x07, + 0xfd, 0xda, 0x6b, 0xf1, 0xc7, 0x01, 0x19, 0xdb, 0xff, 0x63, + 0x6f, 0x27, 0xdb, 0xa1, 0xc7, 0xe9, 0xe0, 0xdb, 0xe4, 0x9a, + 0xce, 0xf5, 0xac, 0x68, 0xab, 0x59, 0x0c, 0x83, 0xa3, 0x1c, + 0x2a, 0x86, 0x55, 0xe2, 0xaa, 0xa1, 0xb3, 0xed, 0xc2, 0x2d, + 0x43, 0xc5, 0x13, 0x68, 0xe4, 0x83, 0x3e, 0xd5, 0x7f, 0xf7, + 0xd5, 0xd0, 0x60, 0xd3, 0x70, 0x7f, 0x88, 0xaa, 0xca, 0x74, + 0xcc, 0x50, 0x8d, 0x55, 0x9c, 0xfe, 0x4a, 0xc6, 0xc9, 0x36, + 0xf7, 0x27, 0x26, 0x64, 0xd3, 0x6c, 0xdb, 0x16, 0x31, 0x81, + 0xe9, 0xce, 0x73, 0x60, 0x61, 0x9c, 0x0f, 0xb5, 0x6e, 0x68, + 0xbc, 0xb1, 0x9e, 0x9f, 0xcd, 0x6c, 0x27, 0x31, 0x2d, 0x40, + 0x36, 0xce, 0x91, 0xee, 0x47, 0xdc, 0xa0, 0x4f, 0xd7, 0x14, + 0x4f, 0x93, 0x00, 0xc4, 0x34, 0xca, 0xd4, 0x42, 0x21, 0x90, + 0xf6, 0x9d, 0xea, 0x45, 0x15, 0xfe, 0x2d, 0xd6, 0xab, 0xc2, + 0x36, 0x47, 0xc0, 0x5b, 0xd2, 0xae, 0x53, 0x33, 0xb0, 0x2d, + 0x29, 0xa3, 0x14, 0xda, 0xa4, 0x48, 0xc1, 0x57, 0x0c, 0xdc, + 0x72, 0x4a, 0xd0, 0xf5, 0x5b, 0x9a, 0x57, 0x1d, 0x06, 0xc8, + 0x0f, 0xc7, 0x5b, 0x70, 0xbb, 0x27, 0xf4, 0xe2, 0xf4, 0xf3, + 0x3c, 0xdc, 0xba, 0x43, 0xc4, 0x4e, 0xe2, 0x96, 0xd4, 0x6c, + 0x33, 0x3e, 0xbf, 0x85, 0xf7, 0x3c, 0x1d, 0x46, 0x59, 0x4e, + 0xa1, 0xa7, 0xa3, 0x76, 0x55, 0x8a, 0x72, 0x83, 0xd0, 0x45, + 0x86, 0x38, 0xa5, 0x4d, 0xc8, 0x62, 0xe4, 0x8a, 0xd5, 0x8e, + 0xb7, 0x4c, 0x6e, 0xaf, 0xa4, 0xbe, 0x88, 0x87, 0x77, 0xd1, + 0x7b, 0xb2, 0x1d, 0xe0, 0x1e, 0x53, 0x30, 0x31, 0x15, 0x6c, + 0x10, 0x81, 0x03, 0x55, 0xa7, 0x69, 0xb6, 0xa5, 0x48, 0xf4, + 0xb2, 0x3b, 0x76, 0x8b, 0x2e, 0x42, 0xa6, 0xaa, 0x7e, 0x66, + 0x57, 0xc2, 0x11, 0xc5, 0x2c, 0x7d, 0x96, 0xdf, 0xe3, 0x58, + 0x12, 0x98, 0x18, 0x0d, 0x87, 0xbd, 0x64, 0xbd, 0xfe, 0x6d, + 0xad, 0x6d, 0x1e, 0xf6, 0x34, 0x01, 0xb5, 0x56, 0xe8, 0x6a, + 0xb3, 0x8c, 0x70, 0x84, 0x36, 0x17, 0xd6, 0x4b, 0xaa, 0x57, + 0xab, 0xb3, 0x45, 0x30, 0x36, 0x10, 0xd4, 0xee, 0x8a, 0xc9, + 0x29, 0xd1, 0x92, 0x9b, 0xe2, 0x7c, 0x12, 0xd1, 0x29, 0x62, + 0x41, 0x69, 0xae, 0x3a, 0x50, 0xcc, 0x89, 0x50, 0x2e, 0xe6, + 0x07, 0xf8, 0x9c, 0x98, 0x80, 0xd5, 0xa3, 0xc8, 0x74, 0xfb, + 0xfc, 0x91, 0x16, 0x02, 0xdc, 0xf0, 0x42, 0x49, 0xbc, 0xc9, + 0x2f, 0x7f, 0x8d, 0x93, 0xf7, 0xf0, 0x74, 0xb7, 0xd1, 0x55, + 0xfc, 0x79, 0x03, 0x37, 0xfb, 0xf6, 0x7d, 0x2f, 0x2d, 0xf8, + 0x6b, 0xc5, 0xf9, 0x66, 0x38, 0xf5, 0xfd, 0x64, 0xc6, 0x08, + 0x99, 0xb3, 0x25, 0xad, 0xf4, 0xfd, 0x69, 0x2f, 0xf1, 0x18, + 0x46, 0xd6, 0x5c, 0x1a, 0x37, 0xcd, 0xee, 0xa3, 0xbf, 0x0f, + 0x57, 0x5c, 0xc3, 0x97, 0x94, 0x84, 0x89, 0xbe, 0x00, 0xf6, + 0x40, 0xe9, 0x5a, 0x52, 0xaf, 0x3a, 0x5b, 0xf4, 0x56, 0xb0, + 0x04, 0x49, 0xc6, 0x32, 0x8c, 0xa1, 0x0a, 0xd8, 0x88, 0xa1, + 0xc3, 0xb7, 0x8b, 0x96, 0xc3, 0x39, 0x51, 0x50, 0x83, 0xa6, + 0xf0, 0x6d, 0xe7, 0x6e, 0x20, 0xff, 0x9d, 0xac, 0x03, 0x57, + 0xbc, 0xcb, 0x6a, 0x19, 0xa7, 0xc5, 0xd2, 0x44, 0x4f, 0x17, + 0x1e, 0x9a, 0x8d, 0x97, 0x25, 0x55, 0x52, 0x49, 0xe2, 0x48, + 0xae, 0x4b, 0x3f, 0x94, 0x5a, 0xb2, 0x2d, 0x40, 0xd9, 0x85, + 0xef, 0x03, 0xa0, 0xd3, 0x66, 0x9a, 0x8f, 0x7b, 0xc0, 0x8d, + 0x54, 0x95, 0x42, 0x49, 0xeb, 0x15, 0x00, 0xf3, 0x6d, 0x6f, + 0x40, 0xf2, 0x8b, 0xc1, 0x50, 0xa6, 0x22, 0x3b, 0xd6, 0x88, + 0xa1, 0xf7, 0xb0, 0x1f, 0xcd, 0x20, 0x4e, 0x5b, 0xad, 0x66, + 0x4a, 0xda, 0x40, 0xee, 0x4c, 0x4c, 0x3e, 0xa7, 0x75, 0x51, + 0x90, 0xba, 0xee, 0x59, 0xbc, 0xe3, 0xcd, 0x4d, 0xb9, 0x57, + 0xb7, 0xf8, 0xc1, 0xb9, 0x8d, 0x0f, 0x58, 0x2c, 0x4c, 0x98, + 0xa6, 0x9c, 0xd9, 0x0e, 0x25, 0x4f, 0xea, 0x4c, 0x15, 0x0b, + 0x89, 0xe4, 0xac, 0xa1, 0x5a, 0xa1, 0xfd, 0x5b, 0xc6, 0xfe, + 0xf0, 0xf1, 0x4c, 0xa7, 0x60, 0xbc, 0xc3, 0xa5, 0x80, 0x00, + 0x3b, 0x3f, 0x22, 0x38, 0x60, 0x40, 0x76, 0x52, 0x83, 0x32, + 0xee, 0x20, 0x6a, 0xf9, 0x1e, 0x6b, 0x99, 0x52, 0xe7, 0x04, + 0xdc, 0x5a, 0x9d, 0x77, 0x8a, 0xdd, 0x9b, 0x53, 0x19, 0xff, + 0x69, 0x8c, 0xbc, 0xc6, 0xe0, 0x79, 0x0d, 0x3d, 0x3d, 0x54, + 0x5b, 0xe0, 0x47, 0x5b, 0x71, 0x05, 0x98, 0x8f, 0xbb, 0x65, + 0xe1, 0x31, 0x9a, 0xc8, 0x1e, 0x7a, 0x4a, 0xf8, 0xcb, 0x17, + 0xd1, 0x83, 0x58, 0xb1, 0xc0, 0xe4, 0xb1, 0x85, 0xca, 0xa5, + 0xf8, 0x0e, 0xd1, 0x0c, 0xe8, 0x71, 0xc3, 0xfa, 0xbf, 0x1d, + 0xd6, 0x98, 0x03, 0xed, 0x77, 0x3b, 0x55, 0xaf, 0x69, 0x72, + 0x6b, 0x42, 0x31, 0x98, 0x95, 0xd5, 0x79, 0xa5, 0x4c, 0x51, + 0xcf, 0x02, 0x65, 0x93, 0xf2, 0x71, 0xdc, 0xde, 0x9a, 0xa3, + 0x86, 0xa7, 0xea, 0xcf, 0xd7, 0xe5, 0x00, 0xde, 0x40, 0x02, + 0xcd, 0x6b, 0x46, 0x0b, 0xbb, 0xbf, 0x77, 0x5f, 0x9d, 0x7c, + 0xa4, 0x7f, 0x7c, 0x8a, 0xba, 0xd6, 0x99, 0xc5, 0xaa, 0x06, + 0x36, 0xe1, 0x7e, 0x9c, 0x6f, 0x28, 0xd4, 0x6e, 0x1d, 0x5b, + 0xdd, 0x01, 0x24, 0xbd, 0x6c, 0x5d, 0x87, 0x3c, 0xc1, 0xf6, + 0x93, 0x37, 0xe2, 0x3b, 0x70, 0xc4, 0xd8, 0x10, 0x0e, 0x44, + 0x37, 0x00, 0xe3, 0x07, 0xbd, 0x67, 0xd3, 0x9d, 0xe6, 0xe7, + 0x48, 0x1b, 0xe0, 0x79, 0xb3, 0x30, 0x91, 0x89, 0x0f, 0x89, + 0x77, 0xfa, 0x13, 0x85, 0xd0, 0x32, 0xbd, 0xc1, 0x9e, 0x52, + 0x04, 0x80, 0x54, 0xb1, 0x08, 0x39, 0x20, 0xda, 0x3e, 0xf1, + 0xd9, 0x15, 0x74, 0x55, 0x06, 0xfc, 0x4d, 0x85, 0xd4, 0x98, + 0x02, 0x64, 0x10, 0x86, 0xd7, 0xcd, 0x01, 0x0d, 0x85, 0xa0, + 0x78, 0xb0, 0x58, 0x99, 0x7b, 0xdf, 0xe4, 0x8c, 0x3f, 0xab, + 0xc0, 0xbc, 0xa5, 0x30, 0x28, 0xe1, 0x4e, 0x02, 0x98, 0xab, + 0x03, 0xf3, 0x21, 0xe7, 0xa7, 0xe7, 0xc3, 0x5f, 0x98, 0xc0, + 0x83, 0x02, 0xe8, 0x8a, 0x30, 0x75, 0x95, 0xcf, 0x77, 0x83, + 0xfb, 0x32, 0x5a, 0xf9, 0x13, 0xed, 0xdb, 0xda, 0xc3, 0x84, + 0x4b, 0x8f, 0x1a, 0xf0, 0xad, 0x8e, 0xcf, 0xe3, 0xa7, 0x2b, + 0xb5, 0x44, 0x75, 0xd6, 0xda, 0x33, 0x81, 0x22, 0xa7, 0x6a, + 0xbd, 0x21, 0x64, 0x85, 0xfa, 0x65, 0x8e, 0xc4, 0x58, 0xec, + 0xc4, 0x18, 0x90, 0xa3, 0xcc, 0x2e, 0xaa, 0xa2, 0x2e, 0x46, + 0x7a, 0x4a, 0x35, 0xbf, 0x58, 0x78, 0x2b, 0x1e, 0x72, 0xe5, + 0x80, 0xc9, 0xe0, 0x9e, 0x43, 0x01, 0xcc, 0xe1, 0x0c, 0x00, + 0xe9, 0xc1, 0xa5, 0x1a, 0x9b, 0x4e, 0x6e, 0x34, 0x32, 0xfd, + 0x86, 0xb7, 0xae, 0xc3, 0x6e, 0x69, 0x04, 0xf6, 0x6a, 0x92, + 0x78, 0xb1, 0x1f, 0x9d, 0x5e, 0x0c, 0xf9, 0xc4, 0x1a, 0xf6, + 0xb4, 0x8a, 0x63, 0xb5, 0x87, 0x5b, 0xfb, 0x50, 0xbf, 0xd5, + 0x17, 0x97, 0x8e, 0x55, 0x1c, 0xfe, 0x82, 0xf6, 0xa7, 0x9c, + 0x0b, 0xc9, 0x0a, 0xf6, 0x7f, 0x70, 0xd1, 0x00, 0xed, 0x1c, + 0x6c, 0x3a, 0x95, 0xed, 0x61, 0xa4, 0xd6, 0x57, 0xfb, 0x57, + 0xf8, 0x9b, 0x4c, 0xce, 0x50, 0x26, 0x5c, 0x19, 0xd2, 0xa7, + 0xd6, 0xe8, 0x3c, 0x29, 0x34, 0xfb, 0x26, 0x7f, 0xc5, 0x78, + 0xbf, 0xfe, 0xb6, 0x2a, 0x5a, 0x62, 0x8e, 0x31, 0x9b, 0x57, + 0xa4, 0xe7, 0x4d, 0x3d, 0x18, 0x05, 0xf0, 0x94, 0xbb, 0x04, + 0xfa, 0x0a, 0x92, 0xf4, 0xc6, 0x7f, 0x16, 0xa2, 0x31, 0xed, + 0xc1, 0xb4, 0x62, 0x54, 0x3a, 0x23, 0x12, 0x6a, 0x76, 0xcc, + 0x8c, 0x91, 0x89, 0x58, 0x8c, 0x20, 0x23, 0xd9, 0xaa, 0x0d, + 0x80, 0xbe, 0xb9, 0xb4, 0x40, 0x1e, 0xff, 0xa9, 0xf7, 0x71, + 0x0a, 0xa0, 0x0a, 0xdf, 0x11, 0x0b, 0x66, 0x3f, 0xf2, 0x4d, + 0x5d, 0x39, 0x7c, 0x77, 0xe1, 0xb1, 0x09, 0xa1, 0x6b, 0x2e, + 0x30, 0x43, 0x33, 0x80, 0x6e, 0x6a, 0x1d, 0x47, 0xd9, 0xd6, + 0xac, 0xdc, 0x3f, 0x16, 0xb1, 0x58, 0x11, 0x9f, 0x67, 0xd7, + 0x15, 0x45, 0xd8, 0xc3, 0x69, 0x24, 0x8d, 0xac, 0xff, 0xc3, + 0x43, 0xfd, 0x24, 0xaf, 0xf1, 0xc8, 0x3a, 0xc7, 0xd6, 0x1f, + 0x56, 0x26, 0x16, 0xe6, 0x30, 0xcd, 0x6e, 0x0a, 0x63, 0x2a, + 0x7b, 0x86, 0xd7, 0x65, 0x39, 0x45, 0x7c, 0xe6, 0xa0, 0xe6, + 0x38, 0xed, 0x54, 0x84, 0x00, 0x4d, 0x8e, 0xc2, 0xba, 0x56, + 0x9b, 0xf3, 0xe1, 0xe8, 0x7d, 0xfe, 0x47, 0xf0, 0x58, 0xe7, + 0x59, 0x60, 0x97, 0x2e, 0x57, 0x1a, 0x09, 0x1f, 0x8b, 0x2b, + 0x0b, 0x47, 0x75, 0xc0, 0xb3, 0x79, 0xce, 0x10, 0x47, 0x6d, + 0xfc, 0xcb, 0x22, 0x61, 0x5c, 0x39, 0xc4, 0x3f, 0xc5, 0xef, + 0xb8, 0xc8, 0x88, 0x52, 0xce, 0x90, 0x17, 0xf5, 0x3c, 0xa9, + 0x87, 0x6f, 0xcb, 0x2f, 0x11, 0x53, 0x65, 0x9b, 0x74, 0x21, + 0x3e, 0xdd, 0x7b, 0x1f, 0x19, 0x9f, 0x53, 0xe6, 0xab, 0xc0, + 0x56, 0xba, 0x80, 0x19, 0x5d, 0x3f, 0xc7, 0xe2, 0xfb, 0x8c, + 0xe2, 0x93, 0xe0, 0x31, 0xc9, 0x33, 0x31, 0x23, 0x31, 0xa1, + 0x36, 0x4c, 0x62, 0xd8, 0x0a, 0xfd, 0x85, 0x97, 0xae, 0xa9, + 0xe9, 0x58, 0x29, 0x17, 0x33, 0x09, 0x5a, 0x8e, 0xa3, 0x90, + 0x41, 0xd3, 0xfc, 0x24, 0x98, 0x61, 0x4d, 0x30, 0x1f, 0x76, + 0x8f, 0xfc, 0xd0, 0x96, 0x8b, 0x2e, 0x9b, 0x24, 0x73, 0x35, + 0x00, 0xb7, 0xf6, 0xe8, 0xba, 0xec, 0x98, 0x74, 0x41, 0xa4, + 0x47, 0x10, 0x0d, 0xbc, 0xba, 0xd1, 0xe7, 0xdb, 0x12, 0xcb, + 0x5f, 0x02, 0xb1, 0xa6, 0xa0, 0xd7, 0x28, 0x30, 0x3e, 0x0a, + 0x5c, 0x5f, 0xe6, 0x2f, 0x3c, 0xde, 0x46, 0x60, 0xaf, 0x07, + 0x5f, 0xed, 0x08, 0xc0, 0x06, 0x58, 0xba, 0xd7, 0x36, 0x5b, + 0xa0, 0x4a, 0xf7, 0xa1, 0x05, 0x9b, 0x00, 0xda, 0x49, 0xdc, + 0xbf, 0xea, 0xe1, 0x03, 0xda, 0x95, 0x95, 0xa0, 0xfa, 0x2e, + 0xf1, 0x60, 0x11, 0x47, 0xdd, 0xb3, 0xfb, 0x0b, 0xa2, 0x92, + 0xcf, 0x73, 0xbb, 0xce, 0x82, 0x71, 0xbc, 0xbd, 0x50, 0x64, + 0xf1, 0x96, 0x48, 0x48, 0x93, 0xf8, 0xdc, 0x1c, 0x18, 0x12, + 0xc6, 0x17, 0x6a, 0xa9, 0xc1, 0x4d, 0x6f, 0x76, 0xda, 0x2f, + 0x4e, 0x59, 0xdd, 0x8b, 0x1c, 0xa5, 0x30, 0xb6, 0xe9, 0x88, + 0x8f, 0x75, 0x0c, 0xcd, 0xd8, 0x61, 0xf4, 0x28, 0xc5, 0x9a, + 0xcd, 0x77, 0x0d, 0x36, 0x5f, 0x75, 0xa5, 0x0a, 0x77, 0x20, + 0x28, 0x5a, 0xac, 0x5f, 0xa1, 0x83, 0x67, 0x70, 0xb7, 0xd8, + 0x23, 0x48, 0x60, 0xa8, 0xd0, 0xaf, 0xee, 0x7a, 0xb8, 0x25, + 0xd7, 0x8f, 0x82, 0x8c, 0xd0, 0x81, 0x7a, 0x49, 0x69, 0xe4, + 0x22, 0x73, 0x29, 0x48, 0xc8, 0x09, 0x72, 0x16, 0xf8, 0x3d, + 0xff, 0x13, 0xac, 0x98, 0x03, 0x76, 0x33, 0xcb, 0x19, 0xb0, + 0x22, 0x5b, 0x1e, 0x16, 0x29, 0xb9, 0xcc, 0xa6, 0x92, 0xd8, + 0xed, 0x93, 0x0f, 0xbd, 0x10, 0x98, 0x53, 0x0a, 0x07, 0x7f, + 0xd6, 0x51, 0x76, 0xda, 0xdc, 0x0c, 0xeb, 0x2a, 0x95, 0xd0, + 0x3e, 0xa6, 0xc4, 0xc6, 0xd8, 0xfb, 0x1b, 0x2a, 0x7f, 0xf1, + 0x08, 0xbe, 0xd3, 0xed, 0x67, 0x63, 0x5f, 0x1d, 0x29, 0xdb, + 0x47, 0x03, 0x4a, 0xf4, 0x6b, 0xb4, 0x46, 0x02, 0x28, 0x4f, + 0x88, 0x9b, 0x46, 0x66, 0x40, 0x56, 0x34, 0x4c, 0xec, 0x8e, + 0x0b, 0x5d, 0x14, 0x94, 0x91, 0xfc, 0xdc, 0x0c, 0xdc, 0x5b, + 0x45, 0x12, 0x7e, 0xa1, 0xe9, 0x75, 0x38, 0xcb, 0xd3, 0x6b, + 0xd7, 0xa4, 0x24, 0x94, 0x78, 0x09, 0x7f, 0x77, 0xc8, 0x6d, + 0xe1, 0x82, 0x1c, 0x1c, 0x91, 0xc6, 0x38, 0x9e, 0x3b, 0x3d, + 0x31, 0xdd, 0x9e, 0x46, 0x58, 0x7a, 0x42, 0x16, 0x6f, 0xfd, + 0x7d, 0x8c, 0xf5, 0xf0, 0x9f, 0x92, 0x6e, 0xbe, 0x47, 0xa6, + 0x1e, 0x8e, 0x82, 0x15, 0x24, 0xc3, 0x1b, 0xb0, 0xd1, 0x68, + 0xf9, 0xd1, 0x7c, 0x60, 0x98, 0x86, 0xd9, 0x53, 0xa2, 0x38, + 0x62, 0xf4, 0x72, 0x71, 0xcb, 0xb9, 0x35, 0xef, 0xb9, 0x49, + 0x3a, 0x73, 0xb2, 0xd7, 0x0f, 0x90, 0xf5, 0x2c, 0x5b, 0xf5, + 0xfd, 0x39, 0x17, 0xf7, 0xe4, 0x69, 0x81, 0x0f, 0x6b, 0xe7, + 0x32, 0xd2, 0xdc, 0x5d, 0x40, 0xbf, 0x41, 0x95, 0x89, 0x81, + 0x29, 0x80, 0x40, 0xa3, 0xac, 0xd2, 0xc7, 0xf7, 0xe8, 0xd0, + 0x45, 0xed, 0x48, 0x43, 0x3a, 0xed, 0x8d, 0xef, 0x37, 0xe1, + 0x24, 0x9a, 0x67, 0x9a, 0x6b, 0x71, 0x4f, 0x9a, 0xb9, 0x2c, + 0x1b, 0x10, 0x48, 0xe2, 0x31, 0x1e, 0xbb, 0xf2, 0x4a, 0xad, + 0x04, 0xc7, 0xd7, 0xf2, 0xe8, 0x83, 0x5f, 0xe8, 0xa2, 0x81, + 0x95, 0xf9, 0x60, 0x51, 0x9c, 0x99, 0x76, 0x69, 0x76, 0x4e, + 0xbd, 0x44, 0x52, 0x36, 0xca, 0xd8, 0x6e, 0xf7, 0x1a, 0xa1, + 0x54, 0xdf, 0x90, 0x52, 0x94, 0xb6, 0x3a, 0xcb, 0x43, 0x56, + 0x11, 0xde, 0xa0, 0xe1, 0x45, 0x8a, 0x80, 0x2d, 0xaf, 0x1f, + 0x24, 0x3f, 0x80, 0x17, 0x1f, 0x28, 0xbb, 0xcc, 0x1a, 0xd2, + 0x2d, 0xa6, 0x9e, 0xe0, 0xdc, 0xf0, 0x98, 0x16, 0x58, 0x88, + 0xc6, 0xf1, 0x81, 0x71, 0x91, 0x8f, 0xa2, 0xab, 0xa5, 0xe6, + 0x68, 0x1f, 0xa5, 0x86, 0xb5, 0xd9, 0x05, 0xba, 0x50, 0x67, + 0x0b, 0x1e, 0xfe, 0x42, 0x50, 0xf8, 0x01, 0xf8, 0x38, 0x92, + 0x57, 0x86, 0x08, 0x47, 0xee, 0x23, 0x11, 0x60, 0x61, 0x1a, + 0x77, 0x3c, 0x1a, 0x8e, 0x08, 0xe3, 0xaf, 0x84, 0x04, 0x75, + 0x15, 0x47, 0x7a, 0x83, 0x8e, 0x92, 0x3e, 0xe8, 0xf0, 0xc2, + 0x81, 0x89, 0x3b, 0x73, 0x81, 0xe5, 0xe8, 0x97, 0x97, 0x63, + 0x64, 0xf3, 0xa9, 0x1b, 0x61, 0x65, 0x7f, 0x0e, 0x47, 0x6b, + 0x14, 0x57, 0x29, 0x8f, 0x91, 0x35, 0x43, 0x10, 0x12, 0x86, + 0x99, 0xec, 0xc8, 0x9e, 0x67, 0x90, 0x20, 0x21, 0x3c, 0x83, + 0xdb, 0x73, 0x4e, 0x8e, 0x7d, 0x86, 0xde, 0xb8, 0xd8, 0xfa, + 0x23, 0x1f, 0x5a, 0xe4, 0xc7, 0x0c, 0x1d, 0x5e, 0xd1, 0x10, + 0x58, 0xd5, 0x86, 0xfa, 0x40, 0x30, 0x0a, 0x78, 0x0a, 0xa5, + 0x56, 0xd5, 0xe6, 0x86, 0xd4, 0x14, 0x77, 0x32, 0xcd, 0x07, + 0xf9, 0xbe, 0x7a, 0xd8, 0xbc, 0x91, 0xe0, 0xda, 0x76, 0x6b, + 0x97, 0x10, 0xda, 0xea, 0x27, 0xa2, 0x67, 0x6d, 0x94, 0x27, + 0x6e, 0xea, 0xca, 0x56, 0x45, 0x32, 0x1d, 0x38, 0x12, 0x21, + 0x33, 0x2c, 0x3c, 0x5c, 0x33, 0xb0, 0x9e, 0x80, 0x0b, 0x4e, + 0xbb, 0x09, 0x5e, 0x56, 0x54, 0xb0, 0x9b, 0x7e, 0xb6, 0x00, + 0xe8, 0x63, 0x19, 0x85, 0xf1, 0x4d, 0x65, 0x9d, 0x1f, 0x8d, + 0x18, 0xcc, 0x63, 0xc6, 0xd9, 0xa6, 0xbc, 0xe7, 0x42, 0x55, + 0x12, 0xdc, 0x8c, 0x26, 0x2d, 0x8d, 0xc2, 0xe9, 0x3b, 0xbc, + 0xed, 0x06, 0x08, 0x31, 0xb0, 0xe0, 0x99, 0xe2, 0x86, 0x81, + 0x88, 0x4a, 0xac, 0x1f, 0x4a, 0xb2, 0x1e, 0x1e, 0x4c, 0xb2, + 0x9f, 0x27, 0xa0, 0xd9, 0x8a, 0x7e, 0xe7, 0xa3, 0xad, 0xeb, + 0x2c, 0xfd, 0x14, 0xc6, 0x4b, 0x26, 0xce, 0x38, 0xb9, 0x01, + 0x9e, 0xde, 0xc8, 0x7b, 0x82, 0x2f, 0xaa, 0x72, 0x80, 0xbe, + 0x3a, 0x35, 0x95, 0xc8, 0xf3, 0x7c, 0x36, 0x68, 0x02, 0xdc, + 0xa2, 0xda, 0xef, 0xd7, 0xf1, 0x3e, 0x81, 0xb3, 0x5d, 0x2f, + 0xcf, 0x7e, 0xe6, 0x9c, 0xa0, 0x32, 0x29, 0x8b, 0x52, 0x24, + 0xbd, 0x0d, 0x36, 0xdc, 0x1d, 0xcc, 0x6a, 0x0a, 0x74, 0x52, + 0x1b, 0x68, 0x4d, 0x15, 0x05, 0x47, 0xe1, 0x2f, 0x97, 0x45, + 0x52, 0x17, 0x4b, 0x2a, 0x3b, 0x74, 0xc5, 0x20, 0x35, 0x5c, + 0x37, 0xae, 0xe6, 0xa7, 0x24, 0x0f, 0x34, 0x70, 0xea, 0x7c, + 0x03, 0xa3, 0xde, 0x2d, 0x22, 0x55, 0x88, 0x01, 0x45, 0xf2, + 0x5f, 0x1f, 0xaf, 0x3b, 0xb1, 0xa6, 0x5d, 0xcd, 0x93, 0xfb, + 0xf8, 0x2f, 0x87, 0xcc, 0x26, 0xc5, 0x36, 0xde, 0x06, 0x9b, + 0xe9, 0xa7, 0x66, 0x7e, 0x8c, 0xcd, 0x99, 0x6b, 0x51, 0x1c, + 0xb0, 0xa0, 0xfa, 0xc7, 0x46, 0xfe, 0x65, 0xe4, 0x80, 0x5b, + 0x5f, 0x24, 0x3b, 0xa4, 0xe6, 0x81, 0x31, 0xe5, 0x87, 0x2c, + 0xa4, 0x83, 0xaf, 0x8b, 0x9f, 0x89, 0xb4, 0x3c, 0x7a, 0xbe, + 0x4c, 0xb3, 0xbf, 0x3d, 0xec, 0x78, 0xb0, 0x8a, 0xdd, 0xc8, + 0x43, 0x8c, 0x45, 0xa1, 0xa3, 0x3a, 0x82, 0x7d, 0x06, 0xdf, + 0x20, 0x27, 0x9b, 0x4e, 0x09, 0x90, 0x6a, 0x23, 0xbf, 0x1b, + 0x04, 0x1d, 0x50, 0xe2, 0xb4, 0xff, 0xe0, 0xd0, 0x9b, 0x40, + 0x2b, 0xc0, 0x52, 0xc1, 0x39, 0x29, 0x60, 0x83, 0x06, 0x9b, + 0x48, 0xb8, 0xa7, 0xe1, 0x2b, 0xfb, 0xf0, 0x2b, 0x82, 0xf1, + 0xda, 0xc9, 0x30, 0x47, 0x3f, 0xf5, 0xf9, 0xf7, 0x6c, 0xf0, + 0x0f, 0xe7, 0xb1, 0x4d, 0x46, 0x49, 0xf8, 0xb3, 0xe1, 0xfe, + 0x85, 0x61, 0xcc, 0xf7, 0xfa, 0xd2, 0xf1, 0xbc, 0xf0, 0x7f, + 0x3b, 0xe6, 0x45, 0xa2, 0x1b, 0x55, 0xf6, 0x0c, 0x02, 0x95, + 0xdc, 0x78, 0x94, 0xa0, 0xc4, 0x6a, 0x21, 0x7e, 0xa8, 0x5f, + 0xbd, 0xc3, 0xb3, 0x4d, 0x9b, 0x30, 0x31, 0x1d, 0x5b, 0x8b, + 0x45, 0x3c, 0x18, 0xe9, 0x61, 0xe8, 0x76, 0x3e, 0x91, 0xd2, + 0xfd, 0x1a, 0xd7, 0x30, 0x4d, 0xfe, 0xef, 0x7f, 0xc0, 0x7e, + 0x45, 0x43, 0xe9, 0xf9, 0x23, 0xfe, 0xd8, 0xef, 0xbc, 0xd6, + 0x99, 0x79, 0x54, 0xed, 0x7a, 0x8b, 0x39, 0xa6, 0xe7, 0x9d, + 0x3f, 0x9f, 0x35, 0xe1, 0xe4, 0xd5, 0x26, 0x31, 0x3a, 0x44, + 0x03, 0x79, 0xde, 0xdc, 0x29, 0x1e, 0x8e, 0x26, 0x41, 0xc6, + 0x60, 0xaa, 0xfd, 0xe1, 0x5e, 0xa6, 0xc0, 0x2f, 0x90, 0x1e, + 0x3b, 0xc1, 0xe6, 0xf6, 0xde, 0x60, 0x87, 0x57, 0x51, 0x11, + 0x6a, 0x8e, 0x9d, 0x70, 0x9d, 0x6d, 0x36, 0x21, 0x05, 0x55, + 0xc1, 0x56, 0x9b, 0xc9, 0x91, 0x50, 0x3e, 0xb4, 0xbd, 0x19, + 0x53, 0x44, 0x99, 0xc7, 0xb8, 0xce, 0xce, 0x86, 0x06, 0x5d, + 0x99, 0x85, 0x33, 0xd4, 0x16, 0x21, 0x4a, 0xe9, 0x7e, 0x2e, + 0xcc, 0x7e, 0x3f, 0xc1, 0x47, 0x3b, 0x32, 0xd0, 0x57, 0x1c, + 0xc2, 0x26, 0x67, 0xf0, 0xd9, 0xc4, 0x9e, 0xbb, 0x65, 0xa4, + 0xf7, 0xf7, 0x8d, 0x7d, 0x08, 0xd4, 0x9c, 0x1e, 0x0f, 0xb9, + 0xff, 0x24, 0x2f, 0xaf, 0xfa, 0x24, 0x26, 0xb7, 0xb1, 0x78, + 0xc1, 0xd1, 0xfe, 0x85, 0x55, 0xa0, 0x86, 0x77, 0xf6, 0xc2, + 0xe0, 0x12, 0xe4, 0x45, 0x85, 0xd0, 0xe7, 0x68, 0xf0, 0x31, + 0x4c, 0x9c, 0xb0, 0x5f, 0x89, 0xca, 0xfe, 0xc2, 0xf0, 0x1e, + 0xeb, 0xee, 0x75, 0x64, 0xea, 0x09, 0xd4, 0x1c, 0x72, 0x12, + 0xd4, 0x31, 0xf0, 0x89, 0x71, 0x74, 0x6e, 0x01, 0x32, 0xca, + 0x8a, 0x91, 0x0c, 0xdf, 0xd7, 0x05, 0xe9, 0x35, 0xed, 0x06, + 0x1a, 0x17, 0x5a, 0xf3, 0x65, 0xc5, 0xbd, 0x37, 0xf2, 0x53, + 0x49, 0x2f, 0xcd, 0xc6, 0x15, 0xb3, 0x36, 0x88, 0xd8, 0x7a, + 0x2f, 0xfa, 0x21, 0x7f, 0x55, 0x20, 0xc6, 0xf4, 0x23, 0x59, + 0x6b, 0x3c, 0xeb, 0xe5, 0xd3, 0x78, 0xdc, 0x31, 0xeb, 0x87, + 0x86, 0x3d, 0x7c, 0x10, 0x64, 0x66, 0xa4, 0xad, 0x07, 0xe1, + 0x93, 0x15, 0x07, 0x4c, 0xe4, 0xb4, 0x4a, 0x06, 0xca, 0x2a, + 0x50, 0xa2, 0x85, 0xc6, 0xa1, 0x19, 0x89, 0x7f, 0x8a, 0x05, + 0x00, 0x23, 0x72, 0x5f, 0x89, 0x74, 0x8e, 0x22, 0xa1, 0x5d, + 0x26, 0xf9, 0xfe, 0xdf, 0x6d, 0x98, 0x3a, 0xc4, 0x7c, 0x93, + 0xcf, 0xc4, 0xfe, 0xed, 0x98, 0xb0, 0x31, 0x4c, 0x81, 0x83, + 0x0d, 0x5d, 0x3d, 0x0c, 0x27, 0x4e, 0xca, 0xcf, 0x38, 0x0c, + 0x37, 0xb0, 0xf8, 0xc5, 0xc8, 0x52, 0x14, 0xec, 0x53, 0x80, + 0xb9, 0xd8, 0x8a, 0x05, 0x4e, 0x31, 0x3d, 0x67, 0x57, 0xf0, + 0x7a, 0xa2, 0xc5, 0xc9, 0x02, 0x25, 0x69, 0x83, 0xb9, 0x3e, + 0x1b, 0x04, 0xbf, 0xb2, 0xe6, 0x97, 0x7a, 0x6b, 0x8e, 0x37, + 0x77, 0x2e, 0x16, 0x8b, 0x33, 0xe1, 0xea, 0x2b, 0x30, 0x01, + 0x6e, 0xa0, 0x28, 0x14, 0x17, 0xe9, 0x98, 0xa8, 0x89, 0x72, + 0x68, 0x64, 0x81, 0x60, 0xa8, 0xf7, 0x72, 0xdf, 0x1a, 0xae, + 0xf5, 0xf0, 0x9f, 0x69, 0x35, 0xbc, 0x58, 0x27, 0x38, 0xd6, + 0x7f, 0x7a, 0xd4, 0xc4, 0xf1, 0xcf, 0xee, 0x59, 0x49, 0x31, + 0xda, 0xc1, 0x08, 0x46, 0x65, 0x68, 0xe9, 0x44, 0x18, 0x2b, + 0xf2, 0x2a, 0x13, 0x60, 0x07, 0xae, 0xe4, 0x96, 0xdb, 0x0a, + 0x6f, 0x52, 0x23, 0x9a, 0xcf, 0x9d, 0xa4, 0xc5, 0xc1, 0x74, + 0xa8, 0x0e, 0xe1, 0x5e, 0xfa, 0xa4, 0x06, 0x9c, 0x2e, 0x70, + 0x08, 0x22, 0x25, 0x4f, 0xc1, 0xf1, 0x13, 0x5a, 0x66, 0xa0, + 0x6c, 0x59, 0xa3, 0xfc, 0x03, 0x9c, 0x8a, 0x23, 0x01, 0x00, + 0xa9, 0x49, 0xf0, 0x22, 0xa3, 0x8f, 0x6c, 0xef, 0xcb, 0x69, + 0x06, 0x3a, 0x69, 0x99, 0x96, 0xd2, 0xa7, 0xa0, 0x0b, 0x7e, + 0x44, 0x7d, 0x04, 0xff, 0x7e, 0x9e, 0x1e, 0x77, 0xa0, 0x30, + 0xd1, 0xdf, 0x18, 0xe4, 0xd8, 0xa5, 0x64, 0xbe, 0x8c, 0x80, + 0x28, 0xe2, 0x98, 0x5e, 0xec, 0x9e, 0xb1, 0x0a, 0xb5, 0x25, + 0xaa, 0xb8, 0x0f, 0x78, 0x30, 0x48, 0x06, 0xe5, 0x76, 0xf9, + 0x24, 0x96, 0x87, 0x2a, 0x91, 0x89, 0xb6, 0xce, 0x04, 0xdf, + 0xfc, 0x13, 0x42, 0x19, 0xba, 0x14, 0x46, 0x20, 0x08, 0x47, + 0xe1, 0x82, 0x57, 0x51, 0x74, 0x3b, 0x5b, 0x23, 0x5c, 0xb2, + 0x85, 0x8c, 0xed, 0xe6, 0xda, 0x4d, 0x56, 0xe8, 0x61, 0x31, + 0xec, 0x97, 0x27, 0xeb, 0xf2, 0xa7, 0x7c, 0x13, 0x1b, 0xc5, + 0x44, 0xfe, 0x63, 0x4b, 0x2b, 0x33, 0x22, 0x23, 0x60, 0x86, + 0x7c, 0x3b, 0x57, 0xba, 0x16, 0xde, 0x47, 0x04, 0x3e, 0x2b, + 0xe5, 0xbd, 0x23, 0xa0, 0xab, 0xdf, 0x5d, 0x6e, 0x20, 0xb1, + 0x37, 0x44, 0xcb, 0xbd, 0x03, 0xa9, 0x5c, 0xe6, 0x92, 0x5e, + 0x2f, 0x6f, 0x95, 0xc6, 0x5b, 0x6d, 0xab, 0x39, 0xdd, 0x1e, + 0x34, 0xd5, 0x21, 0xca, 0x92, 0xee, 0x59, 0xf0, 0xb9, 0x65, + 0xe6, 0x81, 0x49, 0xf8, 0x11, 0xec, 0x45, 0x14, 0x6a, 0x19, + 0xb4, 0xce, 0xbf, 0x9e, 0xf7, 0x32, 0x8d, 0x99, 0x78, 0xc3, + 0x07, 0x3d, 0xfd, 0x18, 0x2d, 0x0e, 0x06, 0x2f, 0x27, 0x24, + 0x6f, 0x16, 0xd8, 0x01, 0x33, 0xc8, 0xbb, 0x7f, 0x7d, 0xfa, + 0x73, 0xf6, 0x7d, 0x54, 0xf2, 0xd4, 0x8a, 0x53, 0xe1, 0x62, + 0x45, 0xf4, 0x01, 0xa6, 0x31, 0x6b, 0x3a, 0x06, 0x56, 0xfd, + 0x79, 0x7f, 0x58, 0xd8, 0x47, 0x33, 0x53, 0xc5, 0x78, 0x70, + 0xce, 0x81, 0x7f, 0x66, 0xa1, 0x58, 0x7c, 0x5a, 0xdb, 0x4a, + 0xad, 0x29, 0xff, 0x93, 0x75, 0x95, 0x35, 0xa9, 0xd2, 0xb1, + 0xeb, 0xa0, 0x4f, 0x10, 0x0a, 0xc9, 0x38, 0x69, 0xc8, 0x8d, + 0x57, 0xef, 0x99, 0x0f, 0xa5, 0x69, 0x86, 0xa6, 0xfb, 0x2b, + 0x37, 0xe4, 0xc7, 0xab, 0x3e, 0xcd, 0x8f, 0x3f, 0x93, 0x8c, + 0x0b, 0xc4, 0x4d, 0x16, 0xe0, 0xb0, 0x94, 0x5a, 0x0d, 0x17, + 0xaf, 0x6e, 0x4b, 0x2e, 0x18, 0x29, 0x0e, 0xe0, 0xf5, 0x72, + 0x1a, 0x21, 0x37, 0xef, 0x7d, 0x6a, 0x39, 0xe9, 0xa8, 0xd7, + 0x96, 0xd6, 0xb3, 0x7d, 0x83, 0x0c, 0x13, 0x30, 0x49, 0x03, + 0xe8, 0x6b, 0xe6, 0x77, 0xe8, 0x69, 0x48, 0x56, 0x5f, 0x39, + 0x63, 0xbc, 0x86, 0xa8, 0x26, 0xa1, 0xbd, 0x4b, 0x24, 0xbd, + 0xdd, 0xe8, 0x02, 0x64, 0xcb, 0xae, 0x24, 0x17, 0x62, 0xbd, + 0x27, 0xa7, 0x22, 0x60, 0x51, 0x0c, 0x53, 0xff, 0x9d, 0x63, + 0x1b, 0xf9, 0xff, 0x76, 0x3b, 0x74, 0x05, 0x98, 0x46, 0x0b, + 0xe8, 0xcb, 0xd4, 0x0a, 0xcd, 0x91, 0xdb, 0x5b, 0x21, 0x4d, + 0xa1, 0x87, 0xbd, 0xb7, 0x58, 0xec, 0x28, 0x00, 0x92, 0xc2, + 0x98, 0xe4, 0x8c, 0x1f, 0x9d, 0xa4, 0x80, 0x83, 0x40, 0xb9, + 0x63, 0xfe, 0xc9, 0x18, 0x3f, 0xd6, 0xab, 0x34, 0x00, 0x2c, + 0x53, 0x40, 0x38, 0x0e, 0xb1, 0x69, 0xa8, 0xb8, 0xa9, 0x2e, + 0x9b, 0x7b, 0x89, 0x8d, 0xff, 0x86, 0x01, 0x51, 0x42, 0xde, + 0x04, 0xd6, 0x1d, 0xd1, 0x29, 0x8d, 0x42, 0x46, 0x5f, 0xd6, + 0x02, 0xde, 0x73, 0xee, 0x2d, 0xe9, 0x6e, 0xb0, 0x3f, 0xf0, + 0x47, 0x72, 0xfe, 0x45, 0xff, 0x05, 0x82, 0x2d, 0xc6, 0x4f, + 0xc9, 0xd3, 0xec, 0xf9, 0x5a, 0x22, 0x50, 0x6c, 0x4f, 0x1e, + 0xc8, 0x5f, 0xfc, 0x2c, 0x04, 0x4f, 0xdf, 0xce, 0xe4, 0x18, + 0xd2, 0xd7, 0x8b, 0x67, 0x83, 0x39, 0x96, 0x47, 0x5e, 0x5b, + 0xad, 0x7f, 0x5d, 0x42, 0x56, 0x97, 0x71, 0x39, 0x28, 0x44, + 0x9d, 0x35, 0xde, 0xde, 0x03, 0x20, 0x34, 0x44, 0xdb, 0xdf, + 0xfc, 0xff, 0x1e, 0x3d, 0x58, 0x5f, 0x7a, 0x8e, 0x90, 0xa1, + 0xd3, 0xeb, 0x0c, 0x23, 0x3f, 0x4e, 0x61, 0x77, 0x79, 0xb2, + 0xdc, 0xfb, 0x21, 0x46, 0x5c, 0x82, 0xb6, 0xf6, 0x34, 0x3c, + 0x3f, 0x45, 0x4b, 0x80, 0x9e, 0xa4, 0xe6, 0x02, 0x13, 0x38, + 0x40, 0x7e, 0x87, 0x92, 0x96, 0x51, 0x63, 0x87, 0xae, 0xc8, + 0x02, 0x6a, 0x70, 0xc8, 0xcd, 0xd0, 0xe2, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x08, + 0x12, 0x1c, 0x22, 0x2b, 0x33, 0x38, 0x3f + }; +#endif + wc_test_ret_t ret; + + ret = dilithium_param_vfy_test(WC_ML_DSA_87, ml_dsa_87_pub_key, + (word32)sizeof(ml_dsa_87_pub_key), ml_dsa_87_sig, + (word32)sizeof(ml_dsa_87_sig)); +#ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT + if (ret == 0) { + ret = dilithium_param_vfy_test(WC_ML_DSA_87_DRAFT, + ml_dsa_87_draft_pub_key, (word32)sizeof(ml_dsa_87_draft_pub_key), + ml_dsa_87_draft_sig, (word32)sizeof(ml_dsa_87_draft_sig)); + } +#endif + + return ret; +} +#endif +#endif + +#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY +static wc_test_ret_t dilithium_param_test(int param, WC_RNG* rng) +{ + wc_test_ret_t ret; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + dilithium_key* key = NULL; + byte* sig = NULL; +#else + dilithium_key key[1]; +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + byte sig[DILITHIUM_MAX_SIG_SIZE]; +#endif +#endif +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + word32 sigLen; + byte msg[] = { 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + int res = 0; +#endif +#endif + dilithium_key* tmpKey = NULL; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + key = (dilithium_key*)XMALLOC(sizeof(*key), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + sig = (byte*)XMALLOC(DILITHIUM_MAX_SIG_SIZE, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL || sig == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } +#endif + + ret = wc_dilithium_init(key); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + ret = wc_dilithium_set_level(key, param); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_dilithium_make_key(key, rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#ifndef WOLFSSL_DILITHIUM_NO_SIGN + sigLen = wc_dilithium_sig_size(key); + if (sigLen <= 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_dilithium_sign_msg(msg, (word32)sizeof(msg), sig, &sigLen, key, + rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + ret = wc_dilithium_verify_msg(sig, sigLen, msg, (word32)sizeof(msg), &res, + key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (res != 1) + ERROR_OUT(WC_TEST_RET_ENC_EC(res), out); +#endif +#endif + + tmpKey = wc_dilithium_new(HEAP_HINT, devId); + if (tmpKey == NULL) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_dilithium_delete(tmpKey, &tmpKey); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +out: + wc_dilithium_free(key); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; +} +#endif + + +#if (defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN)) || \ + (defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY)) +/* Tests decoding a key from DER without the security level specified */ +static wc_test_ret_t test_dilithium_decode_level(const byte* rawKey, + word32 rawKeySz, + int expectedLevel, + int isPublicOnlyKey) +{ + int ret = 0; +#if !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) + /* Size the buffer to accommodate the largest encoded key size */ + const word32 maxDerSz = DILITHIUM_MAX_PRV_KEY_DER_SIZE; + word32 derSz; + word32 idx; + #if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte* der = NULL; + #else + byte der[DILITHIUM_MAX_PRV_KEY_DER_SIZE]; + #endif +#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + dilithium_key *key = NULL; +#else + dilithium_key key[1]; +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + /* Allocate DER buffer */ + der = (byte*)XMALLOC(maxDerSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + key = (dilithium_key *)XMALLOC(sizeof(*key), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (der == NULL || key == NULL) { + ret = MEMORY_E; + } +#endif + + /* Initialize key */ + if (ret == 0) { + ret = wc_dilithium_init(key); + } + + /* Import raw key, setting the security level */ + if (ret == 0) { + ret = wc_dilithium_set_level(key, expectedLevel); + } + + if (ret == 0) { +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + if (isPublicOnlyKey) { + ret = wc_dilithium_import_public(rawKey, rawKeySz, key); + } +#endif +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY + if (!isPublicOnlyKey) { + ret = wc_dilithium_import_private(rawKey, rawKeySz, key); + } +#endif + } + +#if !defined(WOLFSSL_DILITHIUM_NO_ASN1) && defined(WOLFSSL_ASN_TEMPLATE) + /* Export raw key as DER */ + if (ret == 0) { +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + if (isPublicOnlyKey) { + ret = wc_Dilithium_PublicKeyToDer(key, der, maxDerSz, 1); + } +#endif +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY + if (!isPublicOnlyKey) { + ret = wc_Dilithium_PrivateKeyToDer(key, der, maxDerSz); + } +#endif + if (ret >= 0) { + derSz = ret; + ret = 0; + } + } + + /* Free and reinit key to test fresh decode */ + if (ret == 0) { + wc_dilithium_free(key); + ret = wc_dilithium_init(key); + } + + /* First test decoding when security level is set externally */ + if (ret == 0) { + ret = wc_dilithium_set_level(key, expectedLevel); + } + + if (ret == 0) { + idx = 0; +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + if (isPublicOnlyKey) { + ret = wc_Dilithium_PublicKeyDecode(der, &idx, key, derSz); + } +#endif +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY + if (!isPublicOnlyKey) { + ret = wc_Dilithium_PrivateKeyDecode(der, &idx, key, derSz); + } +#endif + } + + /* Free and reinit key to test fresh decode */ + if (ret == 0) { + wc_dilithium_free(key); + ret = wc_dilithium_init(key); + } + +#ifndef WOLFSSL_DILITHIUM_FIPS204_DRAFT + /* Test decoding without setting security level - should auto-detect */ + if (ret == 0) { + idx = 0; +#ifdef WOLFSSL_DILITHIUM_PUBLIC_KEY + if (isPublicOnlyKey) { + ret = wc_Dilithium_PublicKeyDecode(der, &idx, key, derSz); + } +#endif +#ifdef WOLFSSL_DILITHIUM_PRIVATE_KEY + if (!isPublicOnlyKey) { + ret = wc_Dilithium_PrivateKeyDecode(der, &idx, key, derSz); + } +#endif + } + + /* Verify auto-detected security level */ + if (ret == 0 && key->level != expectedLevel) { + printf("Dilithium key decode failed to detect level.\n" + "\tExpected level=%d\n\tGot level=%d\n", + expectedLevel, key->level); + ret = WC_TEST_RET_ENC_NC; + } +#endif /* !WOLFSSL_DILITHIUM_FIPS204_DRAFT */ +#endif /* !WOLFSSL_DILITHIUM_NO_ASN1 && WOLFSSL_ASN_TEMPLATE */ + + /* Cleanup */ + wc_dilithium_free(key); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(der, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + return ret; +} + +/* Test Dilithium key decoding and security level detection */ +static wc_test_ret_t dilithium_decode_test(void) +{ + wc_test_ret_t ret; + const byte* key; + word32 keySz; + +#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) + const int isPrvKey = 0; +#endif +#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + const int isPubKey = 1; +#endif + +#ifndef WOLFSSL_NO_ML_DSA_44 +#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) + /* Test ML-DSA-44 */ + key = bench_dilithium_level2_key; + keySz = sizeof_bench_dilithium_level2_key; + ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_44, isPrvKey); + if (ret != 0) { + return ret; + } +#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */ + +#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + key = bench_dilithium_level2_pubkey; + keySz = sizeof_bench_dilithium_level2_pubkey; + ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_44, isPubKey); + if (ret != 0) { + return ret; + } +#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */ +#endif /* WOLFSSL_NO_ML_DSA_44 */ + +#ifndef WOLFSSL_NO_ML_DSA_65 +#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) + /* Test ML-DSA-65 */ + key = bench_dilithium_level3_key; + keySz = sizeof_bench_dilithium_level3_key; + ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_65, isPrvKey); + if (ret != 0) { + return ret; + } +#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */ + +#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + key = bench_dilithium_level3_pubkey; + keySz = sizeof_bench_dilithium_level3_pubkey; + ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_65, isPubKey); + if (ret != 0) { + return ret; + } +#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */ +#endif /* WOLFSSL_NO_ML_DSA_65 */ + +#ifndef WOLFSSL_NO_ML_DSA_87 +#if defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN) + /* Test ML-DSA-87 */ + key = bench_dilithium_level5_key; + keySz = sizeof_bench_dilithium_level5_key; + ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_87, isPrvKey); + if (ret != 0) { + return ret; + } +#endif /* WOLFSSL_DILITHIUM_PRIVATE_KEY */ + +#if defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) + key = bench_dilithium_level5_pubkey; + keySz = sizeof_bench_dilithium_level5_pubkey; + ret = test_dilithium_decode_level(key, keySz, WC_ML_DSA_87, isPubKey); + if (ret != 0) { + return ret; + } +#endif /* WOLFSSL_DILITHIUM_PUBLIC_KEY */ +#endif /* WOLFSSL_NO_ML_DSA_87 */ + + return ret; +} +#endif /* (WOLFSSL_DILITHIUM_PUBLIC_KEY && !WOLFSSL_DILITHIUM_NO_VERIFY) || + * (WOLFSSL_DILITHIUM_PRIVATE_KEY && !WOLFSSL_DILITHIUM_NO_SIGN) */ + + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void) +{ + wc_test_ret_t ret; + WC_RNG rng; + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + return ret; + } + +#ifndef WOLFSSL_NO_ML_DSA_44 +#ifdef WOLFSSL_WC_DILITHIUM +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + ret = dilithium_param_44_vfy_test(); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#endif +#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY + ret = dilithium_param_test(WC_ML_DSA_44, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#endif +#ifndef WOLFSSL_NO_ML_DSA_65 +#ifdef WOLFSSL_WC_DILITHIUM +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + ret = dilithium_param_65_vfy_test(); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#endif +#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY + ret = dilithium_param_test(WC_ML_DSA_65, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#endif +#ifndef WOLFSSL_NO_ML_DSA_87 +#ifdef WOLFSSL_WC_DILITHIUM +#ifndef WOLFSSL_DILITHIUM_NO_VERIFY + ret = dilithium_param_87_vfy_test(); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#endif +#ifndef WOLFSSL_DILITHIUM_NO_MAKE_KEY + ret = dilithium_param_test(WC_ML_DSA_87, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif +#endif + +#if (defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_SIGN)) || \ + (defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) && \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY)) + ret = dilithium_decode_test(); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } +#endif /* (WOLFSSL_DILITHIUM_PUBLIC_KEY && !WOLFSSL_DILITHIUM_NO_VERIFY) || + * (WOLFSSL_DILITHIUM_PRIVATE_KEY && !WOLFSSL_DILITHIUM_NO_SIGN) */ + +#if !defined(WOLFSSL_DILITHIUM_NO_MAKE_KEY) || \ + !defined(WOLFSSL_DILITHIUM_NO_VERIFY) || \ + defined(WOLFSSL_DILITHIUM_PRIVATE_KEY) || \ + defined(WOLFSSL_DILITHIUM_PUBLIC_KEY) +out: +#endif + wc_FreeRng(&rng); + return ret; +} +#endif /* HAVE_DILITHIUM */ + +#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY) +static enum wc_XmssRc xmss_write_key_mem(const byte * priv, word32 privSz, + void *context) +{ + /* WARNING: THIS IS AN INSECURE WRITE CALLBACK THAT SHOULD ONLY + * BE USED FOR TESTING PURPOSES! Production applications should + * write only to non-volatile storage. */ + XMEMCPY(context, priv, privSz); + return WC_XMSS_RC_SAVED_TO_NV_MEMORY; +} + +static enum wc_XmssRc xmss_read_key_mem(byte * priv, word32 privSz, + void *context) +{ + /* WARNING: THIS IS AN INSECURE READ CALLBACK THAT SHOULD ONLY + * BE USED FOR TESTING PURPOSES! */ + XMEMCPY(priv, context, privSz); + return WC_XMSS_RC_READ_TO_MEMORY; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void) +{ + int i = 0; + int j = 0; + XmssKey signingKey; + XmssKey verifyKey; + WC_RNG rng; + word32 pkSz = 0; + word32 skSz = 0; + word32 sigSz = 0; + word32 bufSz = 0; + unsigned char * sk = NULL; + unsigned char * old_sk = NULL; + const char * msg = "XMSS post quantum signature test"; + word32 msgSz = (word32) XSTRLEN(msg); +#if WOLFSSL_XMSS_MIN_HEIGHT <= 10 + const char * param = "XMSS-SHA2_10_256"; +#elif WOLFSSL_XMSS_MIN_HEIGHT <= 20 + const char * param = "XMSSMT-SHA2_20/4_256"; +#elif WOLFSSL_XMSS_MIN_HEIGHT <= 40 + const char * param = "XMSSMT-SHA2_40/8_256"; +#else + const char * param = "XMSSMT-SHA2_60/12_256"; +#endif + byte * sig = NULL; + int ret2 = -1; + int ret = WC_TEST_RET_ENC_NC; + WOLFSSL_ENTER("xmss_test"); + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } + + ret = wc_XmssKey_Init(&signingKey, NULL, devId); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + ret = wc_XmssKey_Init(&verifyKey, NULL, devId); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + /* Set the parameter string to the signing key, and + * get sizes for secret key, pub key, and signature. */ + ret = wc_XmssKey_SetParamStr(&signingKey, param); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + ret = wc_XmssKey_GetPubLen(&signingKey, &pkSz); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + if (pkSz != XMSS_SHA256_PUBLEN) { + ERROR_OUT(WC_TEST_RET_ENC_I(pkSz), out); + } + + ret = wc_XmssKey_GetPrivLen(&signingKey, &skSz); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + ret = wc_XmssKey_GetSigLen(&signingKey, &sigSz); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + /* Allocate signature array. */ + sig = (byte *)XMALLOC(sigSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (sig == NULL) { ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); } + + bufSz = sigSz; + +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK) + fprintf(stderr, "param: %s\n", param); + fprintf(stderr, "pkSz: %d\n", pkSz); + fprintf(stderr, "skSz: %d\n", skSz); + fprintf(stderr, "sigSz: %d\n", sigSz); +#endif + + /* Allocate current and old secret keys.*/ + sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (sk == NULL) { ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); } + + old_sk = (unsigned char *)XMALLOC(skSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (old_sk == NULL) { ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); } + + XMEMSET(sk, 0, skSz); + XMEMSET(old_sk, 0, skSz); + XMEMSET(sig, 0, sigSz); + + ret = wc_XmssKey_SetWriteCb(&signingKey, xmss_write_key_mem); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + ret = wc_XmssKey_SetReadCb(&signingKey, xmss_read_key_mem); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + ret = wc_XmssKey_SetContext(&signingKey, (void *) sk); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + ret = wc_XmssKey_MakeKey(&signingKey, &rng); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + /* Export the pub to a verify key. */ + ret = wc_XmssKey_ExportPub(&verifyKey, &signingKey); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + /* Repeat a few times to check that: + * 1. The secret key is mutated on each sign. + * 2. We can verify each new signature. + * Only do a few times, because the full signature space + * for this parameter set is huge. */ + for (i = 0; i < 10; ++i) { + XMEMCPY(old_sk, sk, skSz); + + ret = wc_XmssKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } + if (sigSz != bufSz) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } + + /* Old secret key and current secret key should not match. */ + ret = XMEMCMP(old_sk, sk, skSz); + if (ret == 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } + + ret = wc_XmssKey_Verify(&verifyKey, sig, sigSz, (byte *) msg, msgSz); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } + + /* Flip bits in a few places throughout the signature, stepping in multiple + * of hash size. These should all fail with -1. */ + for (j = 0; j < (int) sigSz; j+= 4 * 32) { + sig[j] ^= 1; + + ret2 = wc_XmssKey_Verify(&verifyKey, sig, sigSz, (byte *) msg, + msgSz); + if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) { + /* Verify passed when it should have failed. */ + ERROR_OUT(WC_TEST_RET_ENC_I(j), out); + } + + /* Flip this spot back. */ + sig[j] ^= 1; + } + } + +out: + + /* Cleanup everything. */ + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + sig = NULL; + + XFREE(sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + sk = NULL; + + XFREE(old_sk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + old_sk = NULL; + + wc_XmssKey_Free(&signingKey); + wc_XmssKey_Free(&verifyKey); + wc_FreeRng(&rng); + + return ret; +} +#endif /*if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_XMSS_VERIFY_ONLY)*/ + +#if defined(WOLFSSL_HAVE_XMSS) && !defined(WOLFSSL_SMALL_STACK) && \ + WOLFSSL_XMSS_MIN_HEIGHT <= 10 + +/* A simple xmss verify only test using: + * XMSS-SHA2_10_256 + * pub len: 68 + * msg len: 32 + * sig len: 2500 + * + * These were generated with the test xmss_fast, from the unpatched + * xmss-reference repository: + * https://github.com/XMSS/xmss-reference + * */ + +static const byte xmss_pub[XMSS_SHA256_PUBLEN] = +{ + 0x00,0x00,0x00,0x01,0xA5,0x41,0x31,0x96, + 0x0A,0xF9,0xF3,0xB2,0x4B,0x2E,0x5B,0x3E, + 0xCA,0x74,0xAD,0x6C,0xA5,0x89,0xAD,0x2C, + 0x0E,0x96,0xB3,0x54,0xFB,0x5B,0x63,0x50, + 0x96,0x81,0xE2,0x59,0x72,0x10,0x09,0x54, + 0xBB,0x39,0xAC,0xEE,0x78,0xEF,0x95,0xEC, + 0x01,0x1D,0xF0,0x36,0x68,0xE2,0xC4,0xA5, + 0x2F,0x60,0x42,0x7E,0xD3,0x8E,0xAA,0x27, + 0xC9,0xB7,0x39,0x4E +}; + +static /* not const */ byte xmss_msg[32] = +{ + 0x07,0x9F,0x80,0x86,0xDB,0x76,0x27,0xDF, + 0xED,0x5B,0x2A,0x81,0x60,0x60,0x7D,0xB4, + 0xE8,0x7A,0x69,0x45,0x20,0x6B,0xA2,0x96, + 0xC0,0x21,0xA5,0x46,0x29,0x63,0x9B,0x37 +}; + +/* This was actually the 5th signature produced from + * xmss_fast test in xmss-reference. */ +static /* not const */ byte xmss_sig[2500] = +{ + 0x00,0x00,0x00,0x05,0xF0,0x15,0x34,0xBA, + 0x92,0x03,0x6A,0xB9,0xA5,0x23,0x86,0x11, + 0xAE,0x65,0x0A,0x5C,0x78,0x2C,0xC9,0xBE, + 0x7E,0xA6,0xDC,0xA2,0x8B,0xA9,0x9C,0x50, + 0xF6,0x61,0x8D,0x9D,0xD7,0xE9,0xC0,0xF8, + 0x67,0xCD,0x8A,0xC4,0x9B,0x74,0x96,0x07, + 0x5D,0xF2,0xC9,0xCC,0x28,0x05,0xB1,0xBE, + 0x5E,0xA4,0xBA,0xBE,0xAB,0xD8,0x21,0x6B, + 0x21,0x5F,0xAB,0xB7,0x6C,0xEC,0x2F,0xC8, + 0xC6,0x74,0x3E,0x97,0x1B,0xC3,0x45,0x57, + 0xAF,0xAA,0x1E,0xA8,0xF2,0x86,0xA8,0xAA, + 0x43,0x6D,0x66,0xE9,0x81,0x14,0xDE,0x09, + 0x39,0xD2,0xAF,0xD1,0x4C,0xE7,0x75,0x18, + 0x0D,0xAA,0x29,0xA1,0x92,0x53,0xCC,0xE9, + 0xF3,0x0B,0x1E,0x3B,0xE2,0xAE,0x80,0x0C, + 0xE7,0x7A,0x7C,0x13,0x8A,0x28,0xC6,0x5F, + 0x0A,0xA4,0xA3,0x73,0x0A,0x3A,0xC2,0xA6, + 0x3B,0xB4,0x30,0x67,0xC0,0x36,0x18,0xA1, + 0x58,0xCD,0xAD,0x54,0x36,0x64,0xCE,0xFD, + 0x52,0xFF,0x70,0x7E,0x09,0xFB,0x13,0xA2, + 0xEA,0xDF,0x67,0x8D,0x6C,0x42,0xB2,0x78, + 0xF5,0x7D,0x5C,0x4B,0xF7,0x8E,0xCF,0x3E, + 0xB7,0xC6,0xC1,0x23,0xFA,0x65,0xDE,0xD2, + 0xFA,0x40,0x51,0x97,0x0D,0x52,0x32,0x76, + 0x7E,0x82,0x8D,0xD0,0xB9,0x1E,0x62,0xD9, + 0x1E,0xC1,0xDB,0x40,0x43,0x37,0x4A,0x23, + 0x8A,0x1D,0x35,0xFA,0xF4,0x53,0x11,0x5A, + 0xB5,0x6D,0x1E,0x8B,0x22,0xC8,0x7D,0x2A, + 0xE4,0x94,0xAA,0x25,0x20,0x40,0x96,0xDB, + 0x82,0x62,0xBA,0x8F,0x8B,0x45,0xCB,0x4F, + 0x35,0x88,0x33,0xEB,0xEF,0xB3,0xBA,0xA7, + 0x09,0x72,0xB3,0x4C,0xEC,0xF2,0xC3,0xC7, + 0x5E,0x02,0x6C,0x41,0x93,0xCB,0x3C,0x89, + 0x12,0x09,0x68,0x54,0x8E,0xEC,0x6A,0x7E, + 0x20,0xE1,0x70,0x3D,0x8C,0xEB,0xB4,0x36, + 0xBE,0x91,0xBE,0x97,0xB5,0xA6,0x34,0x16, + 0x95,0x0F,0x10,0x26,0xA9,0x13,0x80,0x88, + 0x9C,0xAA,0x68,0xEC,0x34,0x70,0x4A,0x15, + 0x9B,0x5E,0x57,0x05,0x87,0x1C,0xF8,0x35, + 0x45,0x29,0xE9,0x6E,0xF2,0x70,0x13,0x42, + 0x89,0x4E,0x77,0xC0,0x18,0xC7,0x55,0x6D, + 0xE7,0xFA,0x0D,0x63,0x83,0x16,0x19,0x01, + 0x2D,0xFD,0x31,0x14,0x94,0xCA,0x3E,0x0E, + 0xD6,0x11,0x34,0x81,0x57,0x58,0xEC,0x24, + 0xA4,0x17,0x63,0xD3,0x25,0x00,0xBF,0x7D, + 0x78,0x5D,0xC5,0xD8,0xC6,0xC1,0xBD,0x8C, + 0xD0,0x94,0x0A,0xB1,0x33,0xA5,0x4B,0x31, + 0x25,0xF5,0xAF,0xE7,0x84,0x26,0xAA,0x05, + 0xBB,0xF3,0x9A,0xAF,0x58,0x36,0x40,0xEF, + 0x3D,0xA2,0xBD,0xCA,0xA1,0x8D,0x2F,0x6D, + 0x54,0xD2,0x62,0x33,0x09,0xAE,0xE6,0x73, + 0xD6,0x44,0xE8,0x7C,0x5C,0x39,0x2B,0x78, + 0x94,0x14,0xC7,0xC9,0xAF,0xEC,0x77,0x36, + 0xA1,0x61,0x61,0xF1,0xD0,0x09,0xA2,0xEE, + 0xE7,0x55,0xD7,0x35,0x89,0x89,0x9B,0xCF, + 0xFA,0xA6,0x09,0x1E,0x3B,0xBD,0x5D,0xD9, + 0x25,0xE7,0xED,0xDD,0x7C,0xF0,0x1C,0x57, + 0xE0,0x06,0xBB,0x08,0x39,0x59,0xDF,0xD7, + 0xAF,0x4B,0x88,0x0D,0x87,0x8F,0x4A,0xF3, + 0x1C,0xD4,0x4B,0xB3,0xE2,0xF3,0x1B,0x86, + 0x4F,0xCD,0x35,0x75,0xE2,0x03,0xF9,0x1D, + 0xBF,0x3E,0xD1,0x7B,0xC7,0x23,0x11,0x75, + 0x5F,0x92,0x0D,0x98,0xEE,0x14,0xE1,0xDA, + 0x7A,0x02,0x17,0x47,0x6B,0x41,0xEA,0x47, + 0xA1,0xAF,0x06,0x79,0x1A,0x52,0x6F,0x19, + 0x31,0x70,0x71,0xBD,0xC2,0x61,0x8D,0xB7, + 0xEE,0x6B,0x69,0x2A,0xE8,0x21,0x7A,0x95, + 0xBE,0x86,0x2A,0xA1,0xF4,0xE2,0x2F,0x17, + 0x02,0xFD,0xAD,0x17,0x9F,0x0A,0x0A,0x78, + 0xA9,0x92,0x30,0x21,0x72,0x2B,0x28,0xF8, + 0xF2,0x3E,0x05,0xD5,0xAC,0xC0,0x82,0xF8, + 0xD2,0xDA,0xD0,0xA3,0xBC,0x93,0xDB,0xA5, + 0x46,0xDE,0x14,0x1E,0xD4,0x3A,0x5D,0x79, + 0x3D,0x31,0x4B,0x06,0xCE,0x22,0x29,0x3C, + 0x98,0xB6,0x18,0x8A,0xAE,0xF7,0xBA,0x22, + 0x88,0xA1,0xEE,0xC0,0x14,0x4C,0x4A,0xA0, + 0x57,0x0A,0xD3,0x18,0xA2,0x3D,0xDD,0xC7, + 0x83,0x73,0xFC,0x38,0x9B,0x31,0xA3,0xE1, + 0x17,0x76,0xA1,0xA2,0x69,0xFC,0xAB,0x08, + 0x80,0x72,0x8D,0xF5,0xE4,0x14,0xB7,0x6B, + 0x03,0xFF,0xE8,0x11,0x4B,0x06,0x55,0x7E, + 0x36,0x21,0x2F,0xD7,0x54,0x82,0xC9,0x31, + 0xB4,0x85,0x68,0x41,0xEF,0x75,0xB0,0x3A, + 0xEA,0x4F,0xE0,0xEC,0x72,0xCC,0x33,0x96, + 0xCE,0x7D,0xAD,0xDD,0x0D,0x27,0x05,0x6E, + 0xA2,0xD4,0x11,0x07,0xD8,0x7D,0x27,0xD4, + 0x80,0x8F,0x00,0x22,0xE4,0xFC,0x2C,0x9D, + 0xD5,0xD8,0x18,0x7F,0x4E,0xF4,0xB9,0x7F, + 0xEF,0xD6,0x00,0x08,0x5C,0x05,0x04,0x1E, + 0x9A,0xC6,0x8D,0xCC,0x19,0xD9,0x0B,0x06, + 0xCC,0x6A,0x17,0xE2,0x03,0x23,0xDB,0x1C, + 0xBC,0xA2,0xB9,0xA2,0x95,0x3C,0x73,0xD8, + 0xFF,0xE6,0x0E,0xAE,0x04,0xB2,0xFC,0x91, + 0x4F,0xEF,0x8A,0x58,0xB7,0x31,0x68,0x4C, + 0x1E,0xD0,0x5B,0x85,0xCC,0x03,0xDC,0xF4, + 0xAC,0xDB,0x03,0x9B,0x35,0x33,0x08,0x71, + 0xD0,0x50,0x8D,0xDC,0xE3,0x3A,0x98,0x40, + 0x41,0x80,0xDD,0x35,0xE1,0xA2,0xAF,0x14, + 0x9A,0xDB,0xD3,0x68,0x14,0xE2,0x50,0x7A, + 0x76,0x3F,0xE4,0xA4,0x1B,0xAA,0xC1,0x06, + 0x87,0x9A,0x92,0xF9,0xBE,0x9E,0x86,0x8C, + 0x92,0x1D,0x74,0xB1,0x7F,0x27,0x43,0xC0, + 0xEE,0x2E,0xC2,0x6C,0x6D,0xAA,0x0C,0x0E, + 0x71,0xC9,0x56,0xD6,0x3A,0x56,0xCB,0x90, + 0xD1,0x7E,0x6E,0x1C,0x6A,0x00,0x2D,0x02, + 0x2C,0x96,0xF0,0x2A,0x37,0x37,0x18,0x07, + 0x0B,0xF4,0xB4,0x8C,0x30,0xF2,0xA4,0xAB, + 0x66,0xFB,0x8B,0x22,0xC0,0x00,0x7E,0x05, + 0xB6,0xF9,0x95,0x49,0x33,0xA1,0xDC,0x97, + 0x0C,0x5C,0x61,0x46,0xE2,0xD7,0x87,0x4B, + 0xC4,0xC7,0x5F,0x26,0x06,0x84,0xD7,0x47, + 0x05,0xF1,0x33,0xFF,0x85,0x85,0xB2,0xBD, + 0x1F,0x44,0xC6,0xC2,0x7D,0x51,0xBE,0x0E, + 0xB5,0xC4,0x44,0x2F,0xFE,0x73,0x5F,0xF4, + 0xA4,0xEF,0xE2,0xF1,0x73,0x0B,0xEF,0x3E, + 0x2B,0xD7,0xCC,0x9F,0xDA,0x1A,0x7E,0x92, + 0x39,0xA1,0x55,0xBF,0x60,0x0A,0xDB,0x23, + 0x74,0xFE,0xE7,0x05,0x63,0xA9,0x85,0x52, + 0x9F,0xCC,0xC3,0xFF,0xF6,0x6C,0x1B,0x4E, + 0x4F,0x01,0xBD,0xC3,0xEB,0x37,0xEC,0x29, + 0x21,0x3B,0x2C,0xC9,0x2E,0x93,0x20,0x3E, + 0x19,0xC0,0x8B,0xE8,0x33,0xCD,0xC6,0x6A, + 0x6E,0x72,0x13,0x15,0xA1,0x90,0x20,0x0C, + 0x14,0x66,0xED,0xCC,0xA4,0xDD,0x7F,0x58, + 0x53,0xBC,0x4A,0x68,0xFC,0x86,0x3E,0xAA, + 0xF1,0x17,0x0F,0x3E,0x20,0x54,0x93,0xF4, + 0x98,0xBF,0xB4,0x07,0x05,0xBD,0x70,0xE7, + 0xD7,0x34,0xFD,0xE3,0x69,0xDF,0xCD,0xF5, + 0x1A,0x73,0x6E,0xC9,0x2B,0x21,0xFB,0xB8, + 0x7E,0x44,0x10,0x83,0x56,0xCE,0xD5,0x15, + 0x9A,0x75,0xFC,0x91,0x8E,0x6B,0x9E,0x1A, + 0x3A,0x33,0x39,0x35,0xB4,0x0D,0x74,0xF4, + 0xFB,0x4C,0x0E,0x37,0xFE,0x82,0x95,0x46, + 0x6B,0xD2,0x6E,0xEE,0xCD,0x4D,0x38,0xAF, + 0x0A,0xAA,0xF1,0xD5,0xA4,0x7C,0x04,0xD8, + 0xB9,0xDB,0x11,0x68,0x88,0x35,0x41,0xDE, + 0x31,0x33,0x0C,0xDC,0x2D,0x4C,0xA8,0x20, + 0xCC,0x2C,0x4C,0x63,0xAB,0xBA,0xDF,0x48, + 0x84,0xD5,0x25,0xBC,0x70,0xE3,0x49,0xAA, + 0x43,0xCA,0x8B,0xE7,0x9F,0xDD,0x20,0x76, + 0x9B,0x38,0xF4,0xBA,0x4D,0x4E,0x34,0x4A, + 0xAF,0x81,0xE7,0x0B,0xEC,0xE9,0x59,0xC1, + 0x35,0x22,0x7F,0x69,0x46,0x62,0xD2,0x18, + 0x6E,0x1F,0x79,0xD1,0xAD,0xC3,0x84,0x95, + 0x96,0xB2,0x18,0x58,0x5E,0x7E,0x0C,0x25, + 0x0A,0x0F,0x69,0xA3,0x1D,0xEC,0x29,0xCB, + 0xDA,0xA2,0xD1,0x1A,0x10,0xA5,0x52,0xC3, + 0x62,0x1E,0xC5,0x83,0xFF,0xA3,0x56,0xC2, + 0xFD,0x87,0x3B,0x57,0x52,0x98,0x36,0x95, + 0x77,0x6B,0xE5,0x49,0x10,0x8E,0x39,0xDD, + 0xCA,0x4B,0xB3,0x9F,0x4C,0x0C,0x11,0x62, + 0xF3,0x22,0x78,0xDB,0x48,0xEB,0x68,0xFE, + 0xE4,0x2A,0xE9,0xAA,0x8F,0x7A,0x2F,0x69, + 0xA5,0xC5,0x03,0x2D,0xEF,0x62,0xA8,0x71, + 0x65,0x06,0x40,0x84,0x10,0x0F,0xF2,0xED, + 0xBC,0x70,0x71,0x69,0x24,0xA2,0xBF,0x83, + 0x39,0xDD,0xFA,0xA2,0x7B,0xE5,0xEC,0x3D, + 0xFE,0x3B,0x52,0x6E,0x3D,0x82,0xA6,0x2A, + 0x86,0x01,0x61,0x51,0x63,0xBF,0xF9,0x0A, + 0x06,0x72,0xF1,0xD5,0x39,0x0C,0xBA,0xC9, + 0x78,0xC6,0x77,0x22,0xE4,0x96,0x6E,0xB1, + 0x48,0x62,0x84,0x62,0x2D,0xEA,0x49,0x56, + 0x50,0x86,0x3F,0x90,0xC3,0x01,0x42,0x45, + 0xED,0xE6,0x9A,0x65,0x19,0x93,0x7F,0x48, + 0x16,0xF2,0x50,0xA7,0x70,0xB3,0xF5,0xDB, + 0x0E,0x5E,0x22,0x9E,0x64,0x04,0x26,0x69, + 0xC1,0x16,0xEE,0x65,0x08,0x82,0x27,0x65, + 0xEC,0x3D,0xDF,0x51,0x5E,0x2D,0xE8,0x76, + 0xF2,0xE3,0xE4,0x24,0x04,0x88,0x06,0x0F, + 0xB2,0x7B,0x9B,0x72,0x3D,0x4C,0x7D,0x6A, + 0x1F,0xB2,0xA2,0xD2,0x35,0xD6,0x40,0x25, + 0xC2,0x0B,0x25,0xF9,0xDF,0x26,0xE4,0xDC, + 0xFB,0xB1,0x84,0x84,0x77,0x1B,0x45,0x51, + 0x60,0xD5,0xF0,0xB6,0x09,0xE6,0xBC,0xE3, + 0x1C,0x70,0x96,0x2C,0xD3,0x9D,0x7D,0x7F, + 0xB1,0x70,0xDA,0x79,0xB8,0x74,0x99,0xBF, + 0x84,0x95,0xCC,0x93,0xD7,0x51,0xDD,0x66, + 0xD3,0x70,0x0C,0x75,0x86,0x09,0x06,0xFD, + 0x66,0x14,0x80,0xCD,0xF3,0x59,0xB4,0x92, + 0x5F,0xE4,0xEE,0x00,0xA8,0xB0,0x8B,0x5C, + 0x3E,0xDB,0x8A,0x9C,0x0B,0xB5,0x99,0xC2, + 0x0D,0x81,0x09,0x06,0x6C,0x28,0xC0,0x7E, + 0xA5,0x07,0x70,0x64,0xD7,0x41,0xF4,0xC3, + 0x66,0x61,0x1C,0xA8,0x51,0xF6,0x3C,0xBA, + 0xE0,0x94,0xA3,0x11,0x8C,0x2E,0xBA,0x13, + 0xB2,0x47,0x48,0x93,0xB4,0x1A,0x2C,0x9A, + 0x6E,0x8E,0x30,0x66,0x7B,0xD3,0xBB,0x3B, + 0x5D,0x97,0x0D,0xE4,0xEA,0x24,0x28,0x9E, + 0xB4,0x88,0xCE,0x1D,0x7D,0x6F,0x39,0xB3, + 0x87,0x21,0xE5,0x08,0x93,0xF0,0xD4,0x9D, + 0x2D,0x91,0xC9,0xFD,0x0C,0x74,0x34,0xB4, + 0x1F,0xFE,0xDA,0xDC,0x10,0x5B,0x8D,0x2B, + 0x87,0xD3,0x42,0xB4,0xAE,0x32,0x9C,0xAE, + 0x4C,0x99,0xD8,0xED,0x44,0x41,0x07,0xE0, + 0x8F,0xBD,0xA5,0x7C,0x5A,0xDF,0x91,0x29, + 0x00,0xB5,0x4B,0xC3,0x3A,0x40,0x6C,0x48, + 0xAB,0x2A,0xF3,0x02,0xCB,0xB3,0x69,0xDA, + 0x06,0x0C,0x4D,0x5C,0x45,0xC3,0x28,0xAC, + 0x7A,0x01,0xD4,0xF8,0xCB,0x07,0x63,0x89, + 0x09,0x34,0x78,0xA7,0x14,0x39,0xCF,0x2D, + 0x94,0x8D,0x7A,0x4E,0x4E,0xBD,0xC4,0x32, + 0xAB,0x21,0xC9,0xDA,0x3F,0x5F,0x04,0x6B, + 0x14,0x40,0x18,0x18,0x2F,0xF9,0x46,0x17, + 0x57,0x54,0x9B,0x28,0x7B,0xBD,0xF9,0xA2, + 0x13,0xAC,0x69,0x24,0xB1,0x31,0x39,0xBF, + 0x8D,0x75,0xC3,0xFD,0x03,0x54,0x5A,0xFD, + 0xD4,0x7A,0xB7,0x56,0x4F,0x66,0x43,0x57, + 0x1B,0xFB,0xF9,0x92,0x7A,0x83,0xE6,0xFF, + 0xB4,0xBA,0x83,0xD2,0x61,0x8E,0x4A,0x82, + 0x82,0xA8,0xF5,0x0C,0xD2,0x43,0x53,0xA8, + 0x85,0x0A,0xD4,0x69,0x7B,0x04,0x71,0x3B, + 0x80,0x49,0x27,0x47,0x12,0xB6,0xB0,0xEA, + 0x90,0x0A,0xFA,0xA8,0xC8,0x78,0x61,0xDE, + 0x30,0x12,0xBB,0xDC,0xA6,0x57,0x56,0x30, + 0x6E,0xF1,0xA8,0x3B,0xF6,0x09,0x07,0xEA, + 0x31,0xE2,0x08,0x23,0x31,0x0F,0xD4,0x34, + 0xE3,0x60,0xC2,0x2B,0xDB,0x5A,0x99,0xCF, + 0xD4,0x6B,0x4E,0x75,0x65,0x35,0xE8,0x8B, + 0x93,0x7D,0xCA,0x11,0x47,0xF0,0x3E,0x11, + 0x5C,0xD1,0xEE,0x4B,0x11,0xB4,0x65,0x2B, + 0x6B,0x79,0xC0,0x86,0x60,0xA4,0x4B,0x24, + 0xA0,0x5C,0x70,0x34,0xC3,0x7C,0xE7,0x4F, + 0x97,0x89,0x4D,0xFE,0x22,0x89,0x3A,0xE9, + 0x07,0xB9,0x1A,0x86,0xB8,0x7A,0x12,0x38, + 0xE1,0x24,0x46,0xBC,0x9B,0x21,0xCD,0xAC, + 0x30,0xAB,0x98,0x21,0x31,0xC5,0x17,0x3F, + 0x1E,0x56,0xC3,0x18,0xCE,0xF0,0xA1,0xCC, + 0xFF,0x9D,0xA8,0x53,0xAF,0x74,0x77,0x54, + 0x02,0x9A,0x8F,0xA4,0xD4,0xBD,0xB2,0x1A, + 0xBA,0x52,0x2E,0x19,0xBE,0x49,0x11,0x45, + 0x02,0x01,0x7A,0xBF,0x28,0xD6,0x18,0xED, + 0xBD,0xCE,0xE4,0xDE,0xB5,0xF1,0x53,0x5D, + 0x65,0xF9,0x5F,0x83,0x8F,0x2D,0xF2,0x82, + 0xA0,0x2D,0x28,0xD3,0x0A,0x9E,0x0F,0x7F, + 0xC7,0xC4,0x43,0x7F,0xC3,0x0E,0x06,0xEB, + 0x4E,0xB4,0x2D,0xFA,0xDD,0x48,0xAB,0xF4, + 0x7D,0x41,0x48,0x33,0x5A,0xE6,0x70,0x02, + 0xE7,0x71,0x8D,0xD9,0x6B,0x0C,0x5A,0x8F, + 0xA4,0xC1,0xB7,0x4E,0x96,0x83,0xD6,0xA7, + 0x1D,0xF1,0x88,0xB3,0x6E,0xF4,0x12,0xA9, + 0xF6,0x31,0x69,0x66,0xFE,0xFE,0x02,0xF2, + 0x86,0x6D,0xBB,0x57,0x51,0x8C,0x4C,0xE9, + 0x7C,0x92,0x3E,0x3A,0xD3,0x2D,0xA8,0x82, + 0x53,0x84,0x26,0x89,0xBB,0xCC,0x13,0x12, + 0x3D,0x94,0xBB,0xDF,0x3D,0x4C,0xDF,0x27, + 0x9B,0x1F,0xB8,0xB6,0xE4,0xEA,0xA2,0x07, + 0xF8,0x4D,0x42,0x8F,0x29,0x90,0xFE,0x21, + 0x20,0xE9,0x55,0x02,0xAD,0x90,0xA7,0x77, + 0x4E,0x29,0xB6,0xD9,0x14,0x94,0xB2,0x25, + 0xA4,0xB2,0x0E,0x96,0x31,0xAB,0x9E,0x93, + 0x49,0xAC,0xA9,0xCB,0x68,0x22,0xBA,0xB8, + 0x57,0x5C,0x9D,0x65,0xC1,0xF1,0xFC,0x99, + 0x7C,0x3C,0xE9,0xEA,0x4B,0x29,0x22,0x2F, + 0xDB,0x17,0x21,0x8D,0xB0,0x13,0xBF,0xEE, + 0x7D,0xE4,0x8B,0x6D,0x17,0xE0,0x53,0x92, + 0x0B,0x32,0x6B,0xB1,0x65,0x2E,0xA7,0x83, + 0xFD,0x62,0x62,0xE3,0xAA,0x81,0xE8,0xD6, + 0xF7,0xB1,0x30,0x65,0x80,0x9F,0x77,0x1E, + 0x4A,0xEA,0xE8,0x45,0x32,0x12,0x3A,0xFB, + 0x22,0xE9,0xA9,0xF6,0xCB,0xAB,0xA8,0x0C, + 0x20,0xA8,0x7C,0xF9,0xF7,0x53,0xC1,0xB4, + 0xC0,0x5D,0x06,0x45,0xDD,0x7E,0xA7,0x34, + 0xA1,0x21,0xC2,0x62,0xAB,0x22,0x45,0x3D, + 0x73,0x4C,0x26,0xD1,0x1A,0xB2,0xF0,0xB2, + 0x6D,0x11,0x70,0x58,0xAA,0xF5,0xA4,0xF5, + 0xF8,0x0B,0x3D,0xC1,0xF6,0x17,0x70,0x15, + 0xCD,0x72,0x02,0x7E,0x4E,0x94,0x96,0x0A, + 0x56,0xCC,0xA5,0xA3,0xB3,0x7E,0xDD,0x5A, + 0x72,0xD2,0xFB,0xAC,0x3D,0x0E,0x66,0x65, + 0xE9,0x08,0x6C,0xB0,0x1C,0xE2,0x1A,0x82, + 0xF6,0xF3,0x34,0x89,0x73,0x02,0x5B,0x42, + 0x6D,0x40,0x61,0xB6,0xE0,0xE6,0x53,0x32, + 0xA5,0x72,0x17,0x4F,0x3B,0x51,0x4F,0xBC, + 0x00,0xE0,0x69,0x26,0xA9,0xAE,0x83,0xE3, + 0x73,0x7F,0x71,0x97,0xE0,0xDC,0x7C,0x63, + 0x9C,0x85,0x5F,0xDF,0x7D,0xE4,0x6C,0xD8, + 0xA9,0x3A,0x6F,0x5E,0x4A,0x2E,0xB0,0xE7, + 0x8B,0x45,0xE2,0x90,0x05,0x37,0xE8,0xAB, + 0x49,0x48,0x4C,0xC0,0x59,0x1D,0x8C,0x46, + 0x5B,0x84,0xE0,0x83,0xCE,0xEA,0x4B,0xF9, + 0xD4,0xDC,0x63,0xDF,0x79,0xB7,0x5C,0x11, + 0x25,0x7F,0x90,0x2E,0x0A,0x38,0x03,0xEA, + 0xEA,0xA1,0x26,0x52,0x20,0x19,0xA3,0xBE, + 0xFC,0x9D,0xB7,0x6E,0xA6,0x58,0x8E,0x6D, + 0xC5,0x58,0xE9,0xED,0x2F,0x55,0x43,0x8B, + 0x03,0x8B,0xE6,0xA4,0xC2,0x25,0x4B,0x36, + 0xBA,0xD3,0x27,0x48,0x40,0x2E,0x87,0xA2, + 0xD4,0x12,0xC6,0x05,0x36,0x03,0x11,0x51, + 0xD1,0xF2,0xAC,0x71,0x2C,0xB6,0xC3,0xA5, + 0x57,0x0F,0xAF,0x4B,0xBD,0xCD,0x47,0x4C, + 0x3A,0x52,0x6F,0x47,0xE7,0x0B,0xB7,0xD5, + 0xF7,0xA6,0x39,0x63,0x82,0x08,0x4C,0x41, + 0x0E,0x2A,0x52,0x42,0x5A,0xEA,0x59,0xC7, + 0x94,0xFB,0xD0,0x88,0x47,0x27,0xF6,0x97, + 0x03,0x9E,0x29,0xB8,0x3A,0x67,0xE6,0xF3, + 0x95,0xA7,0x42,0xC1,0x96,0xD1,0x9A,0xA6, + 0xF0,0x09,0x0C,0xEA,0xE0,0xAB,0x0F,0x15, + 0xE9,0xC3,0xEB,0xA5,0x89,0x86,0x98,0x32, + 0x83,0xAB,0x30,0x33,0xAE,0x90,0x8D,0x2E, + 0xB3,0xAA,0x91,0xA6,0xD9,0xA4,0x4A,0x54, + 0xE0,0xD3,0x08,0xCC,0x79,0xCE,0xE4,0x15, + 0x31,0xA6,0xCE,0x61,0xCF,0x03,0x06,0xEE, + 0x8E,0xE2,0x64,0x29,0xD1,0x54,0x9B,0xD0, + 0x5F,0x09,0x2B,0x8B,0xD5,0xF8,0xD4,0x7D, + 0xF1,0x97,0x32,0xD9,0xEA,0x5A,0x0E,0x10, + 0x8C,0x4D,0xFB,0x55,0xE6,0x27,0x0C,0xBA, + 0xC1,0x73,0xC1,0x73,0xE3,0x1C,0x09,0xB3, + 0x6F,0xB4,0x12,0xFA,0xF3,0x29,0xDC,0x23, + 0x32,0xED,0x80,0x87,0x83,0xC2,0xF6,0x07, + 0xB5,0xA9,0x22,0xDE,0x66,0x1A,0xA7,0x4A, + 0x86,0xF1,0x39,0x9B,0xF4,0xE7,0x50,0x15, + 0x4A,0x55,0x3C,0x93,0xB9,0xF9,0xFD,0xDC, + 0xB3,0x5D,0x73,0x52 +}; + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void) +{ + XmssKey verifyKey; + unsigned char pub_raw[XMSS_SHA256_PUBLEN]; + word32 pub_len = sizeof(pub_raw); + word32 pkSz = 0; + word32 sigSz = 0; + const char * param = "XMSS-SHA2_10_256"; + int j = 0; + int ret2 = WC_TEST_RET_ENC_NC; + int ret = WC_TEST_RET_ENC_NC; + int n_diff = 0; + WOLFSSL_ENTER("xmss_test_verify_only"); + + XMEMSET(pub_raw, 0, sizeof(pub_raw)); + + ret = wc_XmssKey_Init(&verifyKey, NULL, devId); + if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } + + ret = wc_XmssKey_SetParamStr(&verifyKey, param); + if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } + + ret = wc_XmssKey_GetPubLen(&verifyKey, &pkSz); + if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } + + if (pkSz != XMSS_SHA256_PUBLEN) { + return WC_TEST_RET_ENC_EC(pkSz); + } + + ret = wc_XmssKey_GetSigLen(&verifyKey, &sigSz); + if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } + +#if defined(DEBUG_WOLFSSL) || defined(WOLFSSL_DEBUG_NONBLOCK) + fprintf(stderr, "param: %s\n", param); + fprintf(stderr, "pkSz: %d\n", pkSz); + fprintf(stderr, "sigSz: %d\n", sigSz); +#endif + + if (sigSz != sizeof(xmss_sig)) { + return WC_TEST_RET_ENC_EC(sigSz); + } + + ret = wc_XmssKey_ImportPubRaw(&verifyKey, xmss_pub, XMSS_SHA256_PUBLEN); + if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } + + ret = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig), + (byte *) xmss_msg, sizeof(xmss_msg)); + if (ret != 0) { + printf("error: wc_XmssKey_Verify returned %d, expected 0\n", ret); + return WC_TEST_RET_ENC_EC(ret); + } + + /* Now test the ExportPubRaw API, verify we recover the original pub. */ + ret = wc_XmssKey_ExportPubRaw(&verifyKey, pub_raw, &pub_len); + if (ret != 0) { + printf("error: wc_XmssKey_ExportPubRaw returned %d, expected 0\n", ret); + return WC_TEST_RET_ENC_EC(ret); + } + + if (pub_len != XMSS_SHA256_PUBLEN) { + printf("error: xmss pub len %u, expected %d\n", pub_len, + XMSS_SHA256_PUBLEN); + return WC_TEST_RET_ENC_EC(pub_len); + } + + n_diff = XMEMCMP(pub_raw, xmss_pub, sizeof(xmss_pub)); + + if (n_diff != 0) { + printf("error: exported and imported pub raw do not match: %d\n", + n_diff); + return WC_TEST_RET_ENC_EC(n_diff); + } + + /* Flip bits in message. This should fail. */ + xmss_msg[sizeof(xmss_msg) / 2] ^= 1; + ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig), + (byte *) xmss_msg, sizeof(xmss_msg)); + if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) { + printf("error: wc_XmssKey_Verify returned %d, expected -1\n", ret2); + return WC_TEST_RET_ENC_EC(ret2); + } + + /* Flip it back. This should pass again. */ + xmss_msg[sizeof(xmss_msg) / 2] ^= 1; + ret = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig), + (byte *) xmss_msg, sizeof(xmss_msg)); + if (ret != 0) { + printf("error: wc_XmssKey_Verify returned %d, expected 0\n", ret); + return WC_TEST_RET_ENC_EC(ret); + } + + /* Flip bits in a few places throughout the signature, stepping in multiple + * of hash size. These should all fail with -1. */ + for (j = 0; j < (int) sizeof(xmss_sig); j+= 4 * 32) { + xmss_sig[j] ^= 1; + + ret2 = wc_XmssKey_Verify(&verifyKey, xmss_sig, sizeof(xmss_sig), + (byte *) xmss_msg, sizeof(xmss_msg)); + if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) { + /* Verify passed when it should have failed. */ + return WC_TEST_RET_ENC_I(j); + } + + /* Flip this spot back. */ + xmss_sig[j] ^= 1; + } + + /* Cleanup everything. */ + wc_XmssKey_Free(&verifyKey); + + return ret; +} +#endif /* WOLFSSL_HAVE_XMSS && !WOLFSSL_SMALL_STACK && + * WOLFSSL_XMSS_MIN_HEIGHT <= 10 */ + + +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) +static int lms_write_key_mem(const byte * priv, word32 privSz, void *context) +{ + /* WARNING: THIS IS AN INSECURE WRITE CALLBACK THAT SHOULD ONLY + * BE USED FOR TESTING PURPOSES! Production applications should + * write only to non-volatile storage. */ + XMEMCPY(context, priv, privSz); + return WC_LMS_RC_SAVED_TO_NV_MEMORY; +} + +static int lms_read_key_mem(byte * priv, word32 privSz, void *context) +{ + /* WARNING: THIS IS AN INSECURE READ CALLBACK THAT SHOULD ONLY + * BE USED FOR TESTING PURPOSES! */ + XMEMCPY(priv, context, privSz); + return WC_LMS_RC_READ_TO_MEMORY; +} + +/* LMS signature sizes are a function of their parameters. This + * test has a signature of 8688 bytes. */ +#ifndef WOLFSSL_NO_LMS_SHA256_256 +#define WC_TEST_LMS_SIG_LEN (8688) +#else +#define WC_TEST_LMS_SIG_LEN (4960) +#endif + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void) +{ + int i = 0; + int j = 0; + int ret = WC_TEST_RET_ENC_NC; + int ret2 = WC_TEST_RET_ENC_NC; + int sigsLeft = 0; + LmsKey signingKey; + LmsKey verifyKey; + WC_RNG rng; + word32 sigSz = 0; + const char * msg = "LMS HSS post quantum signature test"; + word32 msgSz = (word32) XSTRLEN(msg); +#ifndef WOLFSSL_WC_LMS_SERIALIZE_STATE + unsigned char priv[HSS_MAX_PRIVATE_KEY_LEN]; + unsigned char old_priv[HSS_MAX_PRIVATE_KEY_LEN]; +#else + static unsigned char priv[64 * 1024 + HSS_MAX_PRIVATE_KEY_LEN]; + static unsigned char old_priv[64 * 1024 + HSS_MAX_PRIVATE_KEY_LEN]; +#endif +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte * sig = (byte*)XMALLOC(WC_TEST_LMS_SIG_LEN, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); +#else + byte sig[WC_TEST_LMS_SIG_LEN]; +#endif +#if !defined(HAVE_LIBLMS) + const byte * kid; + word32 kidSz; +#endif + + WOLFSSL_ENTER("lms_test"); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (sig == NULL) { + return WC_TEST_RET_ENC_ERRNO; + } +#endif + + XMEMSET(priv, 0, sizeof(priv)); + XMEMSET(old_priv, 0, sizeof(old_priv)); + XMEMSET(sig, 0, WC_TEST_LMS_SIG_LEN); + XMEMSET(&rng, 0, sizeof(rng)); + XMEMSET(&signingKey, 0, sizeof(signingKey)); + XMEMSET(&verifyKey, 0, sizeof(verifyKey)); + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + /* This test: + * levels: 1 + * height: 5 + * winternitz: 1 + * + * max sigs: 2 ** (1 * 5) = 32 + * signature length: 8688 + */ + + ret = wc_LmsKey_Init(&signingKey, NULL, devId); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + ret = wc_LmsKey_Init(&verifyKey, NULL, devId); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + ret = wc_LmsKey_SetParameters(&signingKey, 1, 5, 1); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + ret = wc_LmsKey_SetWriteCb(&signingKey, lms_write_key_mem); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + ret = wc_LmsKey_SetReadCb(&signingKey, lms_read_key_mem); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + ret = wc_LmsKey_SetContext(&signingKey, (void *) priv); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + ret = wc_LmsKey_MakeKey(&signingKey, &rng); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + XMEMCPY(old_priv, priv, sizeof(priv)); + +#if !defined(HAVE_LIBLMS) + ret = wc_LmsKey_GetKid(NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_LmsKey_GetKid(&signingKey, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_LmsKey_GetKid(NULL, &kid, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_LmsKey_GetKid(NULL, NULL, &kidSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_LmsKey_GetKid(&signingKey, &kid, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_LmsKey_GetKid(&signingKey, NULL, &kidSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_LmsKey_GetKid(NULL, &kid, &kidSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_LmsKey_GetKid(&signingKey, &kid, &kidSz); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + if (kidSz != WC_LMS_I_LEN) { + ERROR_OUT(WC_TEST_RET_ENC_I(kidSz), out); + } +#endif + + ret = wc_LmsKey_ExportPub(&verifyKey, &signingKey); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + ret = wc_LmsKey_GetSigLen(&verifyKey, &sigSz); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); } + + if (sigSz != WC_TEST_LMS_SIG_LEN) { + printf("error: got %u, expected %d\n", sigSz, WC_TEST_LMS_SIG_LEN); + ERROR_OUT(WC_TEST_RET_ENC_I(sigSz), out); + } + + /* 2 ** 5 should be the max number of signatures */ + for (i = 0; i < 32; ++i) { + /* We should have remaining signstures. */ + sigsLeft = wc_LmsKey_SigsLeft(&signingKey); + if (sigsLeft == 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + + /* Sign with key. The private key will be updated on every signature. */ + ret = wc_LmsKey_Sign(&signingKey, sig, &sigSz, (byte *) msg, msgSz); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } + + /* The updated private key should not match the old one. */ + if (XMEMCMP(old_priv, priv, sizeof(priv)) == 0) { + printf("error: current priv key should not match old: %d\n", i); + ERROR_OUT(WC_TEST_RET_ENC_I(i), out); + } + + XMEMCPY(old_priv, priv, sizeof(priv)); + + ret = wc_LmsKey_Verify(&verifyKey, sig, sigSz, (byte *) msg, msgSz); + if (ret != 0) { ERROR_OUT(WC_TEST_RET_ENC_I(i), out); } + + /* Flip bits in a few places throughout the signature, stepping in multiple + * of hash size. These should all fail with -1. */ + for (j = 0; j < (int) sigSz; j+= 4 * 32) { + sig[j] ^= 1; + + ret2 = wc_LmsKey_Verify(&verifyKey, sig, sigSz, (byte *) msg, + msgSz); + if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) { + /* Verify passed when it should have failed. */ + ERROR_OUT(WC_TEST_RET_ENC_I(j), out); + } + + /* Flip this spot back. */ + sig[j] ^= 1; + } + } + + /* This should be the last signature. */ + sigsLeft = wc_LmsKey_SigsLeft(&signingKey); + if (sigsLeft != 0) { + ERROR_OUT(WC_TEST_RET_ENC_I(sigsLeft), out); + } + +out: + + wc_LmsKey_Free(&signingKey); + wc_LmsKey_Free(&verifyKey); + + wc_FreeRng(&rng); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(sig, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_LMS_VERIFY_ONLY) */ + +#if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) +#if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ + !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) + +/* A simple LMS verify only test. + * + * Note: LMS signature sizes are a function of their parameters. This + * test has a signature of 1456 bytes: + * levels: 1 + * height: 10 + * winternitz: 8 + * max sigs: 2 ** (1 * 10) = 1024 + * signature length: 1456 + * */ + +/* "wolfSSL LMS example message!" without null terminator. */ +static byte lms_msg[28] = +{ + 0x77,0x6F,0x6C,0x66,0x53,0x53,0x4C,0x20, + 0x4C,0x4D,0x53,0x20,0x65,0x78,0x61,0x6D, + 0x70,0x6C,0x65,0x20,0x6D,0x65,0x73,0x73, + 0x61,0x67,0x65,0x21 +}; + +static const byte lms_L1H10W8_pub[HSS_MAX_PUBLIC_KEY_LEN] = +{ + 0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x06, + 0x00,0x00,0x00,0x04,0xA1,0x26,0x76,0xF8, + 0xBB,0x0B,0xC0,0x82,0x21,0x71,0x0B,0x2E, + 0x8C,0xA6,0xEF,0x12,0xED,0x41,0x0E,0x8C, + 0xAF,0x11,0x93,0x34,0x7B,0x49,0x79,0xB7, + 0xDE,0x63,0x1C,0xFE,0x1F,0xD1,0x17,0x49, + 0xCD,0x5C,0xD4,0x26,0xA0,0x53,0x26,0x1A, + 0xC5,0xB4,0x8F,0x23 +}; + +#define LMS_L1H10W8_SIGLEN (1456) + +static byte lms_L1H10W8_sig[LMS_L1H10W8_SIGLEN] = +{ + 0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x01, + 0x00,0x00,0x00,0x04,0x18,0x70,0x09,0x2E, + 0x21,0xC9,0x6A,0xC9,0x5C,0xB6,0xB0,0xAA, + 0xC3,0xED,0x6E,0x66,0x2F,0xCC,0x45,0x81, + 0xBC,0xBA,0x44,0x96,0x1C,0xBF,0x4E,0xFB, + 0x7A,0x46,0xFB,0xBE,0x9A,0x0C,0xE4,0x50, + 0x90,0xC7,0x92,0xAC,0x53,0xAE,0x53,0x76, + 0x29,0xA6,0x65,0xF1,0x09,0xED,0x1A,0x8E, + 0x03,0x2E,0x5A,0x06,0x51,0xE3,0x1E,0xE6, + 0xF6,0xFE,0x3A,0x6E,0xD1,0x92,0x31,0x1D, + 0xA1,0x6A,0x5C,0x30,0x3A,0xC7,0xFD,0x5B, + 0xFE,0x71,0x2C,0x5C,0x2F,0x5B,0x5B,0xCF, + 0xBC,0x7F,0xBF,0x6C,0xAF,0x44,0x8A,0xAE, + 0x14,0x60,0xAB,0x88,0xED,0x0E,0x4F,0xF8, + 0xC7,0x1B,0x74,0x28,0x72,0xB3,0x96,0xA6, + 0xE6,0x46,0x22,0x82,0xCF,0x1F,0x4D,0xA6, + 0xEA,0x22,0x06,0x07,0x52,0xF5,0x26,0x16, + 0x0B,0x90,0xE3,0xFF,0x64,0xA9,0xE4,0x61, + 0x1E,0x9C,0x12,0x9C,0xF6,0xD4,0x63,0x29, + 0xEA,0x02,0xF7,0x18,0x52,0x79,0x6C,0x43, + 0xDC,0xCF,0x43,0x23,0xB9,0xCC,0x4A,0x25, + 0x9D,0x10,0xAF,0xA3,0xE6,0x47,0x5A,0x1C, + 0xFE,0x68,0x89,0xAF,0x1B,0x2D,0x88,0x3E, + 0xCA,0xDC,0x70,0xEA,0xAC,0x11,0x00,0x8A, + 0x6E,0xE0,0xC7,0xD0,0xD2,0x1A,0x36,0x18, + 0x97,0xB3,0x5F,0x0E,0x75,0x48,0x28,0xF8, + 0xA8,0xF5,0x90,0xD1,0xA1,0x84,0xFB,0xA4, + 0xAD,0x50,0xBE,0xE9,0x39,0x8C,0xC5,0xA1, + 0x67,0x51,0xA1,0x8C,0xD6,0x6B,0x97,0x1F, + 0x47,0x99,0xEE,0xE0,0x70,0x01,0xC7,0x07, + 0x50,0xF3,0x5E,0x3F,0xE7,0x06,0xD6,0x8D, + 0x26,0xD6,0x5A,0x59,0x18,0x72,0x6B,0x12, + 0xD2,0xAF,0x9B,0xB4,0x2B,0xD0,0xB2,0xF2, + 0x96,0x2F,0x40,0xEA,0xBE,0xE6,0xAC,0x1F, + 0xB8,0x33,0xC2,0x76,0xDC,0x8C,0xAC,0xC1, + 0x46,0x5E,0x04,0x84,0x1B,0xC8,0xB9,0x65, + 0x8D,0xAD,0x96,0xB5,0xB1,0xF6,0x17,0x4A, + 0x19,0x87,0xE7,0xBF,0x29,0xC7,0x9B,0xB9, + 0xD6,0x11,0x2C,0x92,0x2F,0xB7,0x24,0xD5, + 0x01,0x1D,0x80,0x37,0x54,0xED,0x33,0x32, + 0xAB,0x7A,0x12,0xD4,0x02,0x1D,0x27,0x52, + 0x89,0xDB,0x32,0xBF,0x61,0xD4,0xBB,0xB4, + 0x46,0x78,0x1B,0x64,0x17,0x84,0x4B,0x8A, + 0xBA,0xC6,0xC1,0xCF,0xC7,0x5D,0x8F,0x93, + 0xC5,0x9A,0x27,0x90,0xAC,0x17,0x98,0xFF, + 0xC8,0x22,0x59,0x55,0x90,0xB2,0x29,0x39, + 0xA0,0xBE,0x00,0x23,0x55,0x6B,0xDA,0x83, + 0xD8,0x5B,0x57,0x7C,0x67,0x1B,0xC3,0x6B, + 0x6D,0xC7,0x9B,0x2B,0x9E,0xB7,0x95,0xB3, + 0xF0,0x1B,0x89,0x5A,0xD7,0x4B,0x67,0xAF, + 0xDC,0x9E,0xCF,0x7E,0x1A,0xBA,0x1B,0xB9, + 0x3B,0x7A,0xDD,0x3F,0x0D,0xEE,0x4C,0x0B, + 0xD1,0x4F,0x34,0xF2,0x93,0xF7,0x21,0x64, + 0x2C,0x07,0x00,0x15,0x4F,0xE3,0x6A,0x9F, + 0x08,0x52,0xC2,0x65,0x47,0x1F,0x34,0x64, + 0x66,0x07,0xBC,0xEA,0xAF,0x9B,0xAA,0x39, + 0x15,0x8B,0x08,0x8C,0x24,0x41,0x9B,0x46, + 0x1B,0x5B,0x91,0x11,0xC4,0xFD,0xA9,0x88, + 0x35,0x0E,0x7D,0xAF,0xFD,0xB7,0x90,0x7E, + 0xD7,0x29,0x02,0x0A,0xDC,0xC8,0x3F,0xC0, + 0xFD,0x97,0xAF,0x50,0x49,0xA6,0x5E,0x12, + 0xC1,0xCD,0xEC,0x52,0xC5,0x51,0xF2,0x80, + 0x17,0x61,0xC7,0x7E,0xBE,0xD1,0x1B,0x65, + 0xA4,0xAB,0x92,0x8D,0x89,0xB2,0xC5,0x8F, + 0xFF,0xA5,0x6F,0xFA,0x62,0x75,0xE4,0xA1, + 0xD4,0x22,0xA8,0x9E,0x40,0x04,0x27,0x1F, + 0xCC,0x81,0xBA,0x28,0x67,0xA0,0x1C,0x80, + 0xEB,0xCA,0xB0,0x61,0xA5,0x48,0xD0,0x8A, + 0x25,0xEB,0x9E,0x67,0x8C,0x8E,0x9B,0xD1, + 0xAD,0xBB,0xC3,0xEA,0xD3,0xD4,0xC5,0x12, + 0x7B,0xDD,0x00,0x57,0x7F,0xF6,0xF7,0xF6, + 0x3C,0x05,0xCF,0xFC,0x12,0xE1,0x93,0x05, + 0xE5,0x9B,0x79,0x87,0x69,0xD8,0x82,0xD9, + 0xD7,0x1D,0x41,0x73,0xE4,0x52,0x1D,0x3E, + 0xE5,0x8C,0x8D,0x34,0xE1,0x75,0xA9,0xF1, + 0x9D,0x09,0xA2,0x5B,0xEF,0xDA,0x96,0x6E, + 0x76,0x3D,0xEA,0x50,0xD9,0xCF,0x4F,0xAC, + 0xAD,0x1D,0x35,0x72,0x1B,0x88,0x8B,0xCD, + 0x8C,0x8A,0x8A,0xE0,0x96,0x04,0xD8,0xBB, + 0x28,0x43,0x16,0x77,0x60,0x98,0x63,0xF9, + 0xB9,0x71,0x46,0xB7,0xE1,0xA7,0xA9,0x84, + 0xC3,0x65,0x82,0xE1,0x1B,0x67,0x04,0x2D, + 0x55,0x6B,0xF9,0xC0,0x79,0x09,0x09,0xE7, + 0xFD,0x06,0x4D,0x09,0x9B,0x1A,0xCE,0x35, + 0xFA,0x27,0x6F,0x2F,0x01,0x65,0x0D,0xA0, + 0x97,0x59,0x11,0xF0,0x48,0xD2,0xE7,0x46, + 0xBE,0xB4,0x0A,0xA3,0xE2,0x75,0x0E,0x09, + 0x94,0xD9,0x69,0x28,0xD4,0xDA,0x64,0xBA, + 0xFE,0xA4,0xB9,0xF0,0xBA,0xEB,0xBA,0xAC, + 0xA8,0xF9,0xD3,0x82,0x4C,0x36,0x80,0xFA, + 0xE5,0xF6,0x76,0xC3,0x80,0xFA,0x90,0x29, + 0xF4,0x85,0xA4,0xC6,0x25,0x22,0x79,0x7E, + 0x39,0x1E,0x30,0xB8,0x65,0x72,0xCF,0xE1, + 0x99,0xF0,0x75,0xE8,0x09,0xB4,0x92,0x96, + 0x1B,0x68,0x50,0x88,0xF1,0x2C,0x97,0xE3, + 0x2D,0x26,0x8F,0xC5,0x30,0xCF,0x24,0xCB, + 0xB2,0x60,0x77,0xDC,0x02,0x72,0x0D,0xD9, + 0x2E,0xF2,0x52,0xEA,0x00,0xF6,0x32,0x65, + 0xA5,0xC6,0x43,0x29,0x29,0x69,0xAB,0x27, + 0x0C,0x39,0xDF,0x76,0x3E,0x93,0x95,0xB1, + 0x2C,0xA2,0x0D,0x18,0xCE,0xA0,0x97,0x10, + 0x3C,0x90,0xC0,0xEF,0x0E,0x04,0xA6,0xC8, + 0xA0,0x21,0x3C,0x0B,0x22,0x77,0x7A,0x66, + 0xA5,0x90,0x25,0xA4,0x09,0x3E,0xD5,0x27, + 0x1F,0x6C,0x99,0x85,0x5C,0xA2,0x99,0x7A, + 0x25,0xEE,0x8D,0x32,0x3D,0xD3,0xDC,0xF5, + 0x00,0x5A,0x34,0x61,0xB6,0xCD,0x4E,0xBC, + 0x26,0x36,0xFB,0x44,0x97,0x35,0xBD,0x06, + 0x7D,0x2E,0x4A,0xA2,0xDC,0x24,0xFE,0x70, + 0x0A,0xF9,0x57,0xE3,0xEE,0xAB,0xD1,0x17, + 0xF3,0x7C,0xD6,0x37,0x26,0xFA,0x83,0x9F, + 0xDD,0xB2,0xE1,0xD7,0xF9,0xC7,0x0E,0x15, + 0x01,0xA6,0x58,0x32,0x98,0x04,0x32,0xD4, + 0xDE,0xB9,0xEF,0x09,0xFA,0xE4,0x5A,0xD7, + 0xDD,0x09,0x1C,0xC9,0xAC,0xB8,0x6A,0xF5, + 0x00,0x5D,0x6B,0x95,0x12,0x8C,0x2F,0xCC, + 0xD8,0xB9,0x50,0x3A,0xEB,0x74,0x86,0xD2, + 0x3F,0xA1,0x05,0x8F,0x6E,0xEF,0xF5,0xA4, + 0xD6,0x6E,0x53,0xFA,0x9E,0xFA,0xCE,0xDB, + 0x99,0x46,0xE7,0xC5,0xDA,0x92,0x51,0x4F, + 0x22,0x07,0xF3,0xA5,0x38,0x26,0xD3,0xEC, + 0xD6,0x01,0xDD,0x31,0x3A,0x48,0x93,0xF6, + 0x69,0x4F,0xD8,0xF6,0xC2,0x91,0xA5,0x7C, + 0xDF,0x51,0x64,0xF1,0x3B,0x79,0xBC,0x0A, + 0x2C,0xDC,0x33,0x5A,0x29,0xF6,0xB2,0x09, + 0x66,0xCA,0x24,0x9F,0x1A,0x18,0xF3,0x76, + 0x4C,0x5E,0x0B,0x81,0x7F,0x29,0x84,0xD8, + 0x7A,0xA8,0xD6,0x11,0xAC,0xEC,0xD9,0x07, + 0x91,0xEC,0xB6,0x6D,0xEC,0xDB,0xBE,0x6F, + 0x9F,0xC5,0x19,0x5E,0x56,0x87,0x20,0x80, + 0x75,0xD5,0x64,0xE9,0x80,0xBF,0x2D,0xD5, + 0x94,0x9F,0x8C,0xA4,0x54,0x41,0xAB,0xB1, + 0x8E,0xAD,0x51,0xE4,0x3C,0x24,0xF7,0x1D, + 0xFE,0x02,0x48,0x7C,0x6D,0xED,0xF1,0xAC, + 0xD9,0x79,0x42,0xE5,0x3A,0xCF,0x6A,0x4C, + 0x6D,0xE2,0x13,0xD2,0x2B,0x9D,0xAB,0x1F, + 0x70,0xD3,0xC0,0x6F,0x81,0xE9,0x9A,0x86, + 0x33,0x39,0x60,0xE7,0x6A,0x00,0x1F,0x97, + 0xEB,0xE5,0x1D,0x0D,0x66,0x15,0xC9,0xA2, + 0xB1,0xC0,0xF0,0x2E,0xF4,0x07,0xA2,0x2E, + 0x49,0x92,0x95,0x13,0xA3,0x18,0x46,0x25, + 0xB9,0x3C,0xA1,0x4B,0x00,0x00,0x00,0x06, + 0xAB,0xAA,0xF9,0x3F,0x7E,0x21,0xF4,0x0E, + 0xCE,0xFD,0xE0,0x44,0xAC,0xC7,0x1A,0x30, + 0x22,0x9D,0x0A,0xD7,0x96,0x2D,0x8F,0x9A, + 0x99,0x1F,0x40,0x75,0x7F,0x62,0xF9,0xC1, + 0x81,0x7B,0x4A,0x1B,0xFA,0xD6,0x87,0xB9, + 0xEF,0x58,0x48,0xE4,0x5C,0x79,0xE5,0xB1, + 0x2C,0x59,0xA4,0x42,0xDB,0xA6,0x53,0x70, + 0x80,0x61,0x17,0xD4,0xD3,0x77,0xBD,0x53, + 0x26,0x7C,0x0E,0x0E,0xFF,0x30,0x4B,0xD0, + 0x86,0xFC,0x02,0x20,0x24,0x46,0x5B,0xF5, + 0xE3,0x99,0x73,0x85,0x60,0x00,0x36,0x47, + 0x17,0xEE,0x0C,0xD2,0x80,0x71,0x46,0x0E, + 0x2B,0xB0,0xEF,0x7F,0xFE,0x3B,0xE5,0xE1, + 0x87,0xC2,0xAF,0x1A,0x6F,0x63,0xF4,0x5A, + 0xC4,0x16,0xF7,0xAD,0x07,0x70,0x71,0x85, + 0x7D,0x3D,0x67,0x08,0xB8,0xD8,0xE2,0xF0, + 0xA1,0xAC,0xD2,0x94,0x7D,0x93,0x03,0xDD, + 0x54,0xF9,0x64,0x19,0xB3,0xED,0x24,0x22, + 0x01,0xD7,0x12,0x5E,0xC1,0x2B,0x39,0x10, + 0x13,0xE2,0x56,0x1C,0xEE,0xF4,0x2A,0x49, + 0x7B,0xFB,0x36,0x8D,0xF8,0xAF,0x60,0xDF, + 0x10,0xF0,0x72,0xA2,0xED,0xB6,0x53,0x88, + 0xA9,0x0C,0xED,0x9C,0x18,0x33,0x7D,0x65, + 0x9B,0xB2,0x9C,0x3E,0xE9,0x1E,0x43,0x51, + 0x7E,0xBE,0x01,0x95,0xF6,0x60,0x65,0xBE, + 0xD1,0xF4,0xE2,0x83,0x6B,0xCA,0x7A,0x70, + 0x41,0x83,0x72,0xC0,0x23,0x51,0x13,0x11, + 0x2D,0xF9,0xC0,0x0D,0x7D,0x73,0x76,0xA5, + 0x30,0x83,0x68,0x10,0x35,0xA2,0x18,0x22, + 0x4E,0x21,0x93,0x27,0x6A,0x19,0x28,0x83, + 0x7F,0xDD,0xDD,0xFF,0xC3,0x8A,0x64,0x00, + 0x5F,0x1C,0x0D,0xF8,0xBB,0xD7,0x15,0xB9, + 0xEF,0xE0,0x07,0x62,0x05,0x9E,0xCF,0xFC, + 0x08,0x52,0x1E,0x65,0x41,0x56,0x6A,0xEB, + 0x81,0x53,0x30,0x7B,0xF2,0xFD,0x65,0xFF, + 0xA2,0x14,0xF5,0x62,0x1E,0x24,0x48,0x47, + 0xA5,0x41,0x80,0xB4,0xC5,0xDC,0xB2,0xB4, + 0x2D,0x17,0xE7,0xBE,0x49,0x53,0x7A,0x25, + 0xC5,0x0D,0x19,0x59,0xF4,0x88,0x59,0xED, + 0x92,0x13,0xEE,0x7A,0x4F,0x12,0x98,0x4C +}; + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void) +{ + LmsKey verifyKey; + unsigned char pub_raw[HSS_MAX_PUBLIC_KEY_LEN]; + word32 pub_len = sizeof(pub_raw); + word32 sigSz = 0; + word32 msgSz = sizeof(lms_msg); + word32 pubSz = 0; + int levels = 0; + int height = 0; + int winternitz = 0; + int ret = WC_TEST_RET_ENC_NC; + int ret2 = WC_TEST_RET_ENC_NC; + int j = 0; + int n_diff = 0; + WOLFSSL_ENTER("lms_test_verify_only"); + + XMEMSET(pub_raw, 0, sizeof(pub_raw)); + + ret = wc_LmsKey_Init(&verifyKey, NULL, devId); + if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } + + ret = wc_LmsKey_SetParameters(&verifyKey, 1, 10, 8); + if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } + + ret = wc_LmsKey_ImportPubRaw(&verifyKey, lms_L1H10W8_pub, + HSS_MAX_PUBLIC_KEY_LEN); + if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } + + /* Verify parameters, pub length, and sig length are correct. */ + ret = wc_LmsKey_GetParameters(&verifyKey, &levels, &height, &winternitz); + if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } + + if (levels != 1 || height != 10 || winternitz != 8) { + printf("error: invalid LMS parameters: L%d-H%d-W%d\n", levels, height, + winternitz); + return WC_TEST_RET_ENC_NC; + } + + ret = wc_LmsKey_GetPubLen(&verifyKey, &pubSz); + if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } + + if (pubSz != HSS_MAX_PUBLIC_KEY_LEN) { + printf("error: got %u, expected %d\n", pubSz, HSS_MAX_PUBLIC_KEY_LEN); + return WC_TEST_RET_ENC_EC(pubSz); + } + + ret = wc_LmsKey_GetSigLen(&verifyKey, &sigSz); + if (ret != 0) { return WC_TEST_RET_ENC_EC(ret); } + + if (sigSz != LMS_L1H10W8_SIGLEN) { + printf("error: got %u, expected %d\n", sigSz, LMS_L1H10W8_SIGLEN); + return WC_TEST_RET_ENC_EC(sigSz); + } + + ret = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN, + (byte *) lms_msg, msgSz); + if (ret != 0) { + printf("error: wc_LmsKey_Verify returned %d\n", ret); + return WC_TEST_RET_ENC_EC(ret); + } + + /* Now test the ExportPubRaw API, verify we recover the original pub. */ + ret = wc_LmsKey_ExportPubRaw(&verifyKey, pub_raw, &pub_len); + if (ret != 0) { + printf("error: wc_LmsKey_ExportPubRaw returned %d, expected 0\n", ret); + return WC_TEST_RET_ENC_EC(ret); + } + + if (pub_len != HSS_MAX_PUBLIC_KEY_LEN) { + printf("error: LMS pub len %u, expected %d\n", pub_len, + HSS_MAX_PUBLIC_KEY_LEN); + return WC_TEST_RET_ENC_EC(pub_len); + } + + n_diff = XMEMCMP(pub_raw, lms_L1H10W8_pub, sizeof(lms_L1H10W8_pub)); + + if (n_diff != 0) { + printf("error: exported and imported pub raw do not match: %d\n", + n_diff); + return WC_TEST_RET_ENC_EC(n_diff); + } + + /* Flip bits in message. This should fail. */ + lms_msg[msgSz / 2] ^= 1; + ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN, + (byte *) lms_msg, msgSz); + if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) { + printf("error: wc_LmsKey_Verify returned %d, expected -1\n", ret2); + return WC_TEST_RET_ENC_EC(ret); + } + + /* Flip it back. This should pass again. */ + lms_msg[msgSz / 2] ^= 1; + ret = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, LMS_L1H10W8_SIGLEN, + (byte *) lms_msg, msgSz); + if (ret != 0) { + printf("error: wc_LmsKey_Verify returned %d, expected 0\n", ret); + return WC_TEST_RET_ENC_EC(ret); + } + + /* Flip bits in a few places throughout the signature, stepping in multiple + * of hash size. These should all fail with -1. */ + for (j = 0; j < (int) sigSz; j+= 4 * 32) { + lms_L1H10W8_sig[j] ^= 1; + + ret2 = wc_LmsKey_Verify(&verifyKey, lms_L1H10W8_sig, + LMS_L1H10W8_SIGLEN, + (byte *) lms_msg, msgSz); + if ((ret2 != -1) && (ret2 != WC_NO_ERR_TRACE(SIG_VERIFY_E))) { + /* Verify passed when it should have failed. */ + return WC_TEST_RET_ENC_I(j); + } + + /* Flip this spot back. */ + lms_L1H10W8_sig[j] ^= 1; + } + + wc_LmsKey_Free(&verifyKey); + return ret; +} + +#endif +#endif /* if defined(WOLFSSL_HAVE_LMS) && !defined(WOLFSSL_SMALL_STACK) */ + + /* source code reference point -- see print_fiducials() below. */ +static WC_MAYBE_UNUSED const int fiducial3 = WC_TEST_RET_LN; + +#ifdef WOLFCRYPT_HAVE_ECCSI +static wc_test_ret_t eccsi_api_test(WC_RNG* rng, EccsiKey* key, mp_int* ssk, + ecc_point* pvt) +{ + wc_test_ret_t ret; + byte id[1] = { 0x00 }; + int valid; + word32 sz; + byte data[256]; + byte hash[WC_MAX_DIGEST_SIZE]; + byte hashSz; + byte sig[257]; + word32 sigSz; + + ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, devId); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_InitEccsiKey_ex(NULL, 32, ECC_SECP256R1, HEAP_HINT, devId); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_InitEccsiKey(NULL, NULL, devId); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_InitEccsiKey(NULL, HEAP_HINT, devId); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + wc_FreeEccsiKey(NULL); + + /* Create a valid key. */ + ret = wc_InitEccsiKey(key, NULL, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_MakeEccsiKey(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeEccsiKey(key, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeEccsiKey(NULL, rng); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_MakeEccsiPair(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, + NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeEccsiPair(key, NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeEccsiPair(NULL, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + /* No key set */ + ret = wc_MakeEccsiPair(key, rng, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt); + if (ret != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL, + NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt, + NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, NULL, + &valid); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, NULL, pvt, + &valid); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, NULL, 1, ssk, pvt, + &valid); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ValidateEccsiPair(NULL, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt, + &valid); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + /* No key set */ + ret = wc_ValidateEccsiPair(key, WC_HASH_TYPE_SHA256, id, 1, ssk, pvt, + &valid); + if (ret != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ValidateEccsiPvt(NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ValidateEccsiPvt(key, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ValidateEccsiPvt(NULL, pvt, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ValidateEccsiPvt(NULL, NULL, &valid); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ValidateEccsiPvt(key, pvt, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ValidateEccsiPvt(key, NULL, &valid); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ValidateEccsiPvt(NULL, pvt, &valid); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_EncodeEccsiPair(NULL, NULL, NULL, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_EncodeEccsiPair(key, ssk, pvt, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_EncodeEccsiPair(key, ssk, NULL, data, &sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_EncodeEccsiPair(key, NULL, pvt, data, &sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_EncodeEccsiPair(NULL, ssk, pvt, data, &sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + /* No key created so no curve information. */ + ret = wc_EncodeEccsiPair(key, ssk, pvt, NULL, &sz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_EncodeEccsiSsk(NULL, NULL, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_EncodeEccsiSsk(key, ssk, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_EncodeEccsiSsk(key, NULL, data, &sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_EncodeEccsiSsk(NULL, ssk, data, &sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_EncodeEccsiPvt(NULL, NULL, data, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_EncodeEccsiPvt(key, pvt, data, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_EncodeEccsiPvt(key, NULL, data, &sz, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_EncodeEccsiPvt(NULL, pvt, data, &sz, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_DecodeEccsiPair(NULL, NULL, 0, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeEccsiPair(key, data, 0, ssk, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeEccsiPair(key, data, 0, NULL, pvt); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeEccsiPair(key, NULL, 0, ssk, pvt); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeEccsiPair(NULL, data, 0, ssk, pvt); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_DecodeEccsiSsk(NULL, NULL, 0, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeEccsiSsk(key, data, 0, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeEccsiSsk(key, NULL, 0, ssk); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeEccsiSsk(NULL, data, 0, ssk); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeEccsiPvt(NULL, NULL, 0, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeEccsiPvt(key, data, 0, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeEccsiPvt(key, NULL, 0, pvt); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeEccsiPvt(NULL, data, 0, pvt); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_DecodeEccsiPvtFromSig(NULL, NULL, 0, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeEccsiPvtFromSig(key, data, 0, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeEccsiPvtFromSig(key, NULL, 0, pvt); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeEccsiPvtFromSig(NULL, data, 0, pvt); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ExportEccsiKey(NULL, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ExportEccsiKey(key, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ExportEccsiKey(NULL, data, &sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + /* No key to export */ + ret = wc_ExportEccsiKey(key, NULL, &sz); + if (ret != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ImportEccsiKey(NULL, NULL, 0); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportEccsiKey(key, NULL, 0); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportEccsiKey(NULL, data, 0); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ExportEccsiPrivateKey(NULL, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ExportEccsiPrivateKey(key, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ExportEccsiPrivateKey(NULL, data, &sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + /* No key to export */ + ret = wc_ExportEccsiPrivateKey(key, NULL, &sz); + if (ret != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ImportEccsiPrivateKey(NULL, NULL, 0); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportEccsiPrivateKey(key, NULL, 0); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportEccsiPrivateKey(NULL, data, 0); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ExportEccsiPublicKey(NULL, data, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ExportEccsiPublicKey(key, data, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ExportEccsiPublicKey(NULL, data, &sz, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + /* No key to export */ + ret = wc_ExportEccsiPublicKey(key, data, &sz, 1); + if (ret != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ImportEccsiPublicKey(NULL, NULL, 0, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportEccsiPublicKey(key, NULL, 0, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportEccsiPublicKey(NULL, data, 0, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, NULL, 1, NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, NULL, &hashSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, NULL, hash, &hashSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, NULL, 1, pvt, hash, + &hashSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HashEccsiId(NULL, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, 1, pvt, hash, &hashSz); + if (ret != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SetEccsiHash(NULL, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetEccsiHash(key, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetEccsiHash(NULL, hash, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SetEccsiPair(NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetEccsiPair(key, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetEccsiPair(NULL, ssk, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetEccsiPair(NULL, NULL, pvt); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetEccsiPair(key, ssk, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetEccsiPair(key, NULL, pvt); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetEccsiPair(NULL, ssk, pvt); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignEccsiHash(NULL, NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, sig, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, NULL, 0, sig, + &sigSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignEccsiHash(key, NULL, WC_HASH_TYPE_SHA256, data, 0, sig, + &sigSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SignEccsiHash(NULL, rng, WC_HASH_TYPE_SHA256, data, 0, sig, + &sigSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + /* Key not set. */ + ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL, + &sigSz); + if (ret != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, NULL, 0, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, NULL, 0, NULL, 0, + &valid); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, NULL, 0, + &valid); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, NULL, 0, sig, 0, + &valid); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_VerifyEccsiHash(NULL, WC_HASH_TYPE_SHA256, data, 0, sig, 0, + &valid); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, data, 0, sig, 0, + &valid); + if (ret != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SetEccsiPair(key, ssk, pvt); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + /* Identity hash not set. */ + ret = wc_SignEccsiHash(key, rng, WC_HASH_TYPE_SHA256, data, 0, NULL, + &sigSz); + if (ret != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(ret); + + wc_FreeEccsiKey(key); + + return 0; +} + +/* RFC 6507: Appendix A */ +static wc_test_ret_t eccsi_kat_verify_test(EccsiKey* key, ecc_point* pvt) +{ + wc_test_ret_t ret; + int verified; + const byte msg[] = { 0x6D, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x00 }; + word32 msgSz = sizeof(msg); + byte hash[WC_SHA256_DIGEST_SIZE]; + byte hashSz = WC_SHA256_DIGEST_SIZE; + static const byte id[] = { + 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00, + 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37, + 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32, + 0x33, 0x00 + }; + word32 idSz = sizeof(id); + static const byte sig[] = { + 0x26, 0x9D, 0x4C, 0x8F, 0xDE, 0xB6, 0x6A, 0x74, + 0xE4, 0xEF, 0x8C, 0x0D, 0x5D, 0xCC, 0x59, 0x7D, + 0xDF, 0xE6, 0x02, 0x9C, 0x2A, 0xFF, 0xC4, 0x93, + 0x60, 0x08, 0xCD, 0x2C, 0xC1, 0x04, 0x5D, 0x81, + 0xE0, 0x9B, 0x52, 0x8D, 0x0E, 0xF8, 0xD6, 0xDF, + 0x1A, 0xA3, 0xEC, 0xBF, 0x80, 0x11, 0x0C, 0xFC, + 0xEC, 0x9F, 0xC6, 0x82, 0x52, 0xCE, 0xBB, 0x67, + 0x9F, 0x41, 0x34, 0x84, 0x69, 0x40, 0xCC, 0xFD, + 0x04, + 0x75, 0x8A, 0x14, 0x27, 0x79, 0xBE, 0x89, 0xE8, + 0x29, 0xE7, 0x19, 0x84, 0xCB, 0x40, 0xEF, 0x75, + 0x8C, 0xC4, 0xAD, 0x77, 0x5F, 0xC5, 0xB9, 0xA3, + 0xE1, 0xC8, 0xED, 0x52, 0xF6, 0xFA, 0x36, 0xD9, + 0xA7, 0x9D, 0x24, 0x76, 0x92, 0xF4, 0xED, 0xA3, + 0xA6, 0xBD, 0xAB, 0x77, 0xD6, 0xAA, 0x64, 0x74, + 0xA4, 0x64, 0xAE, 0x49, 0x34, 0x66, 0x3C, 0x52, + 0x65, 0xBA, 0x70, 0x18, 0xBA, 0x09, 0x1F, 0x79 + }; + word32 sigSz = sizeof(sig); + static const byte pubData[] = { + 0x50, 0xD4, 0x67, 0x0B, 0xDE, 0x75, 0x24, 0x4F, + 0x28, 0xD2, 0x83, 0x8A, 0x0D, 0x25, 0x55, 0x8A, + 0x7A, 0x72, 0x68, 0x6D, 0x45, 0x22, 0xD4, 0xC8, + 0x27, 0x3F, 0xB6, 0x44, 0x2A, 0xEB, 0xFA, 0x93, + 0xDB, 0xDD, 0x37, 0x55, 0x1A, 0xFD, 0x26, 0x3B, + 0x5D, 0xFD, 0x61, 0x7F, 0x39, 0x60, 0xC6, 0x5A, + 0x8C, 0x29, 0x88, 0x50, 0xFF, 0x99, 0xF2, 0x03, + 0x66, 0xDC, 0xE7, 0xD4, 0x36, 0x72, 0x17, 0xF4 + }; + static const byte expHash[] = { + 0x49, 0x0f, 0x3f, 0xeb, 0xbc, 0x1c, 0x90, 0x2f, + 0x62, 0x89, 0x72, 0x3d, 0x7f, 0x8c, 0xbf, 0x79, + 0xdb, 0x88, 0x93, 0x08, 0x49, 0xd1, 0x9f, 0x38, + 0xf0, 0x29, 0x5b, 0x5c, 0x27, 0x6c, 0x14, 0xd1 + }; + + ret = wc_ImportEccsiPublicKey(key, pubData, sizeof(pubData), 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_DecodeEccsiPvtFromSig(key, sig, sigSz, pvt); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_HashEccsiId(key, WC_HASH_TYPE_SHA256, id, idSz, pvt, hash, + &hashSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (hashSz != sizeof(expHash)) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(hash, expHash, hashSz) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_SetEccsiHash(key, hash, hashSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_VerifyEccsiHash(key, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz, + &verified); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (!verified) + return WC_TEST_RET_ENC_NC; + + return 0; +} +static wc_test_ret_t eccsi_enc_dec_pair_test(EccsiKey* priv, mp_int* ssk, ecc_point* pvt) +{ + wc_test_ret_t ret; + byte data[32 * 3]; + word32 sz; + ecc_point* decPvt = NULL; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + mp_int *decSsk = (mp_int *)XMALLOC(sizeof(*decSsk), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (decSsk == NULL) + return WC_TEST_RET_ENC_ERRNO; +#else + mp_int decSsk[1]; +#endif + + ret = mp_init(decSsk); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + decPvt = wc_ecc_new_point(); + if (decPvt == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + + ret = wc_EncodeEccsiPair(priv, ssk, pvt, NULL, &sz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (sz != 32 * 3) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + ret = wc_EncodeEccsiPair(priv, ssk, pvt, data, &sz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (sz != 32* 3) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + ret = wc_DecodeEccsiPair(priv, data, sz, decSsk, decPvt); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = mp_cmp(ssk, decSsk); + if (ret != MP_EQ) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + ret = wc_ecc_cmp_point(pvt, decPvt); + if (ret != MP_EQ) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_EncodeEccsiSsk(priv, ssk, NULL, &sz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (sz != 32) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + ret = wc_EncodeEccsiSsk(priv, ssk, data, &sz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (sz != 32) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + ret = wc_DecodeEccsiSsk(priv, data, sz, decSsk); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = mp_cmp(ssk, decSsk); + if (ret != MP_EQ) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = wc_EncodeEccsiPvt(priv, pvt, NULL, &sz, 1); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (sz != 32 * 2) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (sz != 32 * 2) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_ecc_cmp_point(pvt, decPvt); + if (ret != MP_EQ) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + sz = sizeof(data); + ret = wc_EncodeEccsiPvt(priv, pvt, data, &sz, 0); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (sz != 32 * 2 + 1) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + ret = wc_DecodeEccsiPvt(priv, data, sz, decPvt); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_ecc_cmp_point(pvt, decPvt); + if (ret != MP_EQ) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + wc_ecc_del_point(decPvt); + +out: + + mp_free(decSsk); +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(decSsk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +static wc_test_ret_t eccsi_imp_exp_key_test(EccsiKey* priv) +{ + wc_test_ret_t ret; + byte data[32 * 3]; + byte out[32 * 3]; + word32 sz; + + ret = wc_ExportEccsiKey(priv, NULL, &sz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 32 * 3) + return WC_TEST_RET_ENC_NC; + ret = wc_ExportEccsiKey(priv, data, &sz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportEccsiKey(priv, data, sz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ExportEccsiKey(priv, NULL, &sz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 32 * 3) + return WC_TEST_RET_ENC_NC; + ret = wc_ExportEccsiKey(priv, out, &sz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 32 * 3) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(data, out, sz) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 32) + return WC_TEST_RET_ENC_NC; + ret = wc_ExportEccsiPrivateKey(priv, data, &sz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportEccsiPrivateKey(priv, data, sz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ExportEccsiPrivateKey(priv, NULL, &sz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 32) + return WC_TEST_RET_ENC_NC; + ret = wc_ExportEccsiPrivateKey(priv, out, &sz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 32) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(data, out, sz) != 0) + return WC_TEST_RET_ENC_NC; + + return 0; +} + +static wc_test_ret_t eccsi_imp_exp_pubkey_test(EccsiKey* key1, EccsiKey* key2) +{ + wc_test_ret_t ret; + byte data[32 * 2 + 1]; + byte pubData[32 * 2 + 1]; + word32 sz; + + ret = wc_ExportEccsiPublicKey(key1, NULL, &sz, 1); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 32 * 2) + return WC_TEST_RET_ENC_NC; + + ret = wc_ExportEccsiPublicKey(key1, data, &sz, 1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ImportEccsiPublicKey(key2, data, sz, 1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + sz = sizeof(pubData); + ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 32 * 2) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(data, pubData, sz) != 0) + return WC_TEST_RET_ENC_NC; + + sz = sizeof(pubData); + ret = wc_ExportEccsiPublicKey(key2, pubData, &sz, 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 32 * 2 + 1) + return WC_TEST_RET_ENC_NC; + if (pubData[0] != 0x04) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(pubData + 1, data, sz - 1) != 0) + return WC_TEST_RET_ENC_NC; + ret = wc_ImportEccsiPublicKey(key2, pubData, sz, 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + return 0; +} + +static wc_test_ret_t eccsi_make_key_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng, + mp_int* ssk, ecc_point* pvt) +{ + wc_test_ret_t ret; + char mail[] = "test@wolfssl.com"; + byte* id = (byte*)mail; + word32 idSz = (word32) XSTRLEN(mail); + int valid; + + ret = wc_MakeEccsiKey(priv, rng); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = eccsi_imp_exp_key_test(priv); + if (ret < 0) + return ret; + + ret = eccsi_imp_exp_pubkey_test(priv, pub); + if (ret < 0) + return ret; + + ret = wc_MakeEccsiPair(priv, rng, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt, + &valid); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (!valid) + return WC_TEST_RET_ENC_NC; + + ret = eccsi_enc_dec_pair_test(priv, ssk, pvt); + if (ret != 0) + return ret; + + return 0; +} + +static wc_test_ret_t eccsi_sign_verify_test(EccsiKey* priv, EccsiKey* pub, WC_RNG* rng, + mp_int* ssk, ecc_point* pvt) +{ + wc_test_ret_t ret; + byte hashPriv[WC_MAX_DIGEST_SIZE]; + byte hashPub[WC_MAX_DIGEST_SIZE]; + byte hashSz; + byte sig[144]; + word32 sigSz; + int verified, valid; + char mail[] = "test@wolfssl.com"; + byte* id = (byte*)mail; + word32 idSz = (word32) XSTRLEN(mail); + byte msg[] = { 0x00 }; + word32 msgSz = sizeof(msg); + +#ifdef WOLFSSL_SHA384 + ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA384, id, idSz, pvt, hashPriv, + &hashSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); +#endif + ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPriv, + &hashSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (hashSz != 32) + return WC_TEST_RET_ENC_NC; + ret = wc_HashEccsiId(priv, WC_HASH_TYPE_SHA256, id, idSz, pvt, hashPub, + &hashSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (hashSz != 32) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(hashPriv, hashPub, hashSz) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_SetEccsiHash(priv, hashPriv, hashSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetEccsiPair(priv, ssk, pvt); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, NULL, + &sigSz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + if (sigSz != 129) + return WC_TEST_RET_ENC_NC; + ret = wc_SignEccsiHash(priv, rng, WC_HASH_TYPE_SHA256, msg, msgSz, sig, + &sigSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SetEccsiHash(pub, hashPub, hashSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz, + &verified); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (!verified) + return WC_TEST_RET_ENC_NC; + + /* Check that changing HS results in verification failure. */ + hashPub[0] ^= 0x80; + ret = wc_SetEccsiHash(pub, hashPub, hashSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz, + &verified); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (verified) + return WC_TEST_RET_ENC_NC; + hashPub[0] ^= 0x80; + ret = wc_SetEccsiHash(pub, hashPub, hashSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Check that changing msg results in verification failure. */ + msg[0] ^= 0x80; + ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz, + &verified); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (verified) + return WC_TEST_RET_ENC_NC; + msg[0] ^= 0x80; + /* Check that changing signature results in verification failure. */ + sig[0] ^= 0x80; + ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz, + &verified); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (verified) + return WC_TEST_RET_ENC_NC; + sig[0] ^= 0x80; + + /* Check that key state hasn't been invalidated. */ + ret = wc_VerifyEccsiHash(pub, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz, + &verified); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (!verified) + return WC_TEST_RET_ENC_NC; + + /* Check that verifying with the private key works. */ + ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz, + &verified); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (!verified) + return WC_TEST_RET_ENC_NC; + + /* Check that the KPAK is converted from montgomery form. */ + ret = eccsi_imp_exp_key_test(priv); + if (ret != 0) + return ret; + + /* Check that KPAK can converted to Montgomery form again. */ + ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz, + &verified); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (!verified) + return WC_TEST_RET_ENC_NC; + + /* Check that the KPAK is converted from montgomery form. */ + ret = wc_ValidateEccsiPair(pub, WC_HASH_TYPE_SHA256, id, idSz, ssk, pvt, + &valid); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (!valid) + return WC_TEST_RET_ENC_NC; + + /* Check that KPAK can converted to Montgomery form again. */ + ret = wc_VerifyEccsiHash(priv, WC_HASH_TYPE_SHA256, msg, msgSz, sig, sigSz, + &verified); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (!verified) + return WC_TEST_RET_ENC_NC; + + /* Check that the KPAK is converted from montgomery form. */ + ret = eccsi_imp_exp_pubkey_test(priv, pub); + if (ret != 0) + return ret; + + return 0; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void) +{ + wc_test_ret_t ret = 0; + WC_RNG rng; + int rng_inited = 0; + EccsiKey* priv = NULL; + EccsiKey* pub = NULL; + mp_int* ssk = NULL; + ecc_point* pvt = NULL; + WOLFSSL_ENTER("eccsi_test"); + + priv = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (priv == NULL) + ret = WC_TEST_RET_ENC_NC; + else + XMEMSET(priv, 0, sizeof(*priv)); + + if (ret == 0) { + pub = (EccsiKey*)XMALLOC(sizeof(EccsiKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (pub == NULL) + ret = WC_TEST_RET_ENC_NC; + else + XMEMSET(pub, 0, sizeof(*pub)); + } + + if (ret == 0) { + ssk = (mp_int*)XMALLOC(sizeof(mp_int), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ssk == NULL) + ret = WC_TEST_RET_ENC_NC; + else + XMEMSET(ssk, 0, sizeof(*ssk)); + } + + if (ret == 0) { + #ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); + #else + ret = wc_InitRng(&rng); + #endif + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + else + rng_inited = 1; + } + + if (ret == 0) { + pvt = wc_ecc_new_point(); + if (pvt == NULL) + ret = WC_TEST_RET_ENC_NC; + } + + if (ret == 0) { + ret = mp_init(ssk); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = eccsi_api_test(&rng, priv, ssk, pvt); + } + + if (ret == 0) { + ret = wc_InitEccsiKey(pub, HEAP_HINT, devId); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = wc_InitEccsiKey(priv, HEAP_HINT, devId); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = eccsi_kat_verify_test(pub, pvt); + } + + if (ret == 0) { + ret = eccsi_make_key_test(priv, pub, &rng, ssk, pvt); + } + + if (ret == 0) { + ret = eccsi_sign_verify_test(priv, pub, &rng, ssk, pvt); + } + + if (pvt != NULL) + wc_ecc_del_point(pvt); + if (rng_inited) + wc_FreeRng(&rng); + if (ssk != NULL) { + mp_free(ssk); + XFREE(ssk, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (pub != NULL) { + wc_FreeEccsiKey(pub); + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (priv != NULL) { + wc_FreeEccsiKey(priv); + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + + return ret; +} +#endif /* WOLFCRYPT_HAVE_ECCSI */ + +#ifdef WOLFCRYPT_HAVE_SAKKE +static wc_test_ret_t sakke_api_test(WC_RNG* rng, SakkeKey* key, ecc_point* rsk) +{ + wc_test_ret_t ret; + byte id[1] = { 0x00 }; + int valid; + byte data[256]; + word32 sz; + byte auth[257]; + word16 authSz; + byte ssv[256]; + word16 ssvSz; + word32 len; + + ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, NULL, devId); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_InitSakkeKey_ex(NULL, 128, ECC_SAKKE_1, HEAP_HINT, devId); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + wc_FreeSakkeKey(NULL); + + XMEMSET(key, 0, sizeof(*key)); + wc_FreeSakkeKey(key); + + ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, HEAP_HINT, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_MakeSakkeKey(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkeKey(key, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkeKey(NULL, rng); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_MakeSakkePublicKey(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkePublicKey(key, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkePublicKey(NULL, rsk); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_MakeSakkeRsk(NULL, NULL, 1, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkeRsk(key, id, 1, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkeRsk(key, NULL, 1, rsk); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkeRsk(NULL, id, 1, rsk); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ValidateSakkeRsk(NULL, NULL, 1, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ValidateSakkeRsk(key, id, 1, rsk, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ValidateSakkeRsk(NULL, id, 1, rsk, &valid); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ExportSakkeKey(NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ExportSakkeKey(key, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ExportSakkeKey(NULL, data, &sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ImportSakkeKey(NULL, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportSakkeKey(key, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportSakkeKey(NULL, data, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ExportSakkePrivateKey(NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ExportSakkePrivateKey(key, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ExportSakkePrivateKey(NULL, data, &sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ImportSakkePrivateKey(NULL, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportSakkePrivateKey(key, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportSakkePrivateKey(NULL, data, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + sz = sizeof(data); + ret = wc_EncodeSakkeRsk(NULL, NULL, data, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_EncodeSakkeRsk(key, rsk, data, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_EncodeSakkeRsk(key, NULL, data, &sz, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_EncodeSakkeRsk(NULL, rsk, data, &sz, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_DecodeSakkeRsk(NULL, NULL, sz, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeSakkeRsk(key, data, sz, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeSakkeRsk(key, NULL, sz, rsk); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DecodeSakkeRsk(NULL, data, sz, rsk); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ImportSakkeRsk(NULL, NULL, sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportSakkeRsk(key, NULL, sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportSakkeRsk(NULL, data, sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportSakkeRsk(key, data, 1); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_GenerateSakkeRskTable(NULL, NULL, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GenerateSakkeRskTable(key, NULL, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GenerateSakkeRskTable(NULL, rsk, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GenerateSakkeRskTable(NULL, NULL, data, &len); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GenerateSakkeRskTable(key, rsk, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GenerateSakkeRskTable(key, NULL, data, &len); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GenerateSakkeRskTable(NULL, rsk, data, &len); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + len--; + ret = wc_GenerateSakkeRskTable(key, rsk, data, &len); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ExportSakkePublicKey(NULL, data, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ExportSakkePublicKey(key, data, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ExportSakkePublicKey(NULL, data, &sz, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ImportSakkePublicKey(NULL, NULL, sz, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportSakkePublicKey(key, NULL, sz, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_ImportSakkePublicKey(NULL, data, sz, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_GetSakkeAuthSize(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GetSakkeAuthSize(key, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GetSakkeAuthSize(NULL, &authSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_MakeSakkePointI(NULL, NULL, SAKKE_ID_MAX_SIZE + 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkePointI(key, NULL, SAKKE_ID_MAX_SIZE + 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkePointI(NULL, id, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkePointI(NULL, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkePointI(key, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkePointI(NULL, id, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_GenerateSakkePointITable(NULL, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GenerateSakkePointITable(key, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GenerateSakkePointITable(NULL, data, &len); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GenerateSakkePointITable(key, NULL, &len); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + len--; + ret = wc_GenerateSakkePointITable(key, data, &len); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SetSakkePointITable(NULL, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkePointITable(key, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkePointITable(NULL, data, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkePointITable(key, data, 1); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ClearSakkePointITable(NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_GetSakkePointI(NULL, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GetSakkePointI(key, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GetSakkePointI(NULL, data, &sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + sz = 1; + ret = wc_GetSakkePointI(key, data, &sz); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + + sz = 256; + ret = wc_SetSakkePointI(NULL, NULL, 1, NULL, sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkePointI(key, NULL, 1, NULL, sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkePointI(NULL, id, 1, NULL, sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkePointI(NULL, NULL, 1, data, sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkePointI(key, id, 1, NULL, sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkePointI(key, NULL, 1, data, sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkePointI(NULL, id, 1, data, sz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkePointI(key, id, SAKKE_ID_MAX_SIZE + 1, data, sz); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkePointI(key, id, 1, data, sz - 1); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SetSakkeIdentity(NULL, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkeIdentity(key, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkeIdentity(NULL, id, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ssvSz = sizeof(ssv); + ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, + auth, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, + auth, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, + auth, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, + auth, &authSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, + auth, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, + auth, &authSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkeEncapsulatedSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, + auth, &authSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, + auth, &authSz); + if (ret != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_GenerateSakkeSSV(NULL, NULL, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GenerateSakkeSSV(key, rng, data, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GenerateSakkeSSV(key, NULL, data, &ssvSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_GenerateSakkeSSV(NULL, rng, data, &ssvSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SetSakkeRsk(NULL, NULL, data, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkeRsk(key, NULL, data, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkeRsk(NULL, rsk, data, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ssvSz = sizeof(ssv); + authSz = sizeof(auth); + ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL, + authSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, NULL, + authSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL, + authSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth, + authSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, NULL, + authSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, NULL, ssvSz, auth, + authSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DeriveSakkeSSV(NULL, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth, + authSz); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth, + authSz); + if (ret != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SetSakkeIdentity(key, id, 1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth, + authSz); + if (ret != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkeIdentity(key, id, 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SetSakkeRsk(key, rsk, data, 1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth, + authSz); + if (ret != WC_NO_ERR_TRACE(BAD_STATE_E)) + return WC_TEST_RET_ENC_EC(ret); + + wc_FreeSakkeKey(key); + + return 0; +} + +static wc_test_ret_t sakke_kat_derive_test(SakkeKey* key, ecc_point* rsk) +{ + WOLFSSL_SMALL_STACK_STATIC const byte pubData[] = { + 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09, + 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A, + 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F, + 0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3, + 0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60, + 0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5, + 0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B, + 0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97, + 0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6, + 0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD, + 0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A, + 0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7, + 0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9, + 0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9, + 0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5, + 0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2, + 0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8, + 0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF, + 0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06, + 0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B, + 0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A, + 0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E, + 0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA, + 0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED, + 0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95, + 0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30, + 0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA, + 0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F, + 0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49, + 0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A, + 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A, + 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE + }; + WOLFSSL_SMALL_STACK_STATIC const byte rskData[] = { + 0x93, 0xAF, 0x67, 0xE5, 0x00, 0x7B, 0xA6, 0xE6, + 0xA8, 0x0D, 0xA7, 0x93, 0xDA, 0x30, 0x0F, 0xA4, + 0xB5, 0x2D, 0x0A, 0x74, 0xE2, 0x5E, 0x6E, 0x7B, + 0x2B, 0x3D, 0x6E, 0xE9, 0xD1, 0x8A, 0x9B, 0x5C, + 0x50, 0x23, 0x59, 0x7B, 0xD8, 0x2D, 0x80, 0x62, + 0xD3, 0x40, 0x19, 0x56, 0x3B, 0xA1, 0xD2, 0x5C, + 0x0D, 0xC5, 0x6B, 0x7B, 0x97, 0x9D, 0x74, 0xAA, + 0x50, 0xF2, 0x9F, 0xBF, 0x11, 0xCC, 0x2C, 0x93, + 0xF5, 0xDF, 0xCA, 0x61, 0x5E, 0x60, 0x92, 0x79, + 0xF6, 0x17, 0x5C, 0xEA, 0xDB, 0x00, 0xB5, 0x8C, + 0x6B, 0xEE, 0x1E, 0x7A, 0x2A, 0x47, 0xC4, 0xF0, + 0xC4, 0x56, 0xF0, 0x52, 0x59, 0xA6, 0xFA, 0x94, + 0xA6, 0x34, 0xA4, 0x0D, 0xAE, 0x1D, 0xF5, 0x93, + 0xD4, 0xFE, 0xCF, 0x68, 0x8D, 0x5F, 0xC6, 0x78, + 0xBE, 0x7E, 0xFC, 0x6D, 0xF3, 0xD6, 0x83, 0x53, + 0x25, 0xB8, 0x3B, 0x2C, 0x6E, 0x69, 0x03, 0x6B, + 0x15, 0x5F, 0x0A, 0x27, 0x24, 0x10, 0x94, 0xB0, + 0x4B, 0xFB, 0x0B, 0xDF, 0xAC, 0x6C, 0x67, 0x0A, + 0x65, 0xC3, 0x25, 0xD3, 0x9A, 0x06, 0x9F, 0x03, + 0x65, 0x9D, 0x44, 0xCA, 0x27, 0xD3, 0xBE, 0x8D, + 0xF3, 0x11, 0x17, 0x2B, 0x55, 0x41, 0x60, 0x18, + 0x1C, 0xBE, 0x94, 0xA2, 0xA7, 0x83, 0x32, 0x0C, + 0xED, 0x59, 0x0B, 0xC4, 0x26, 0x44, 0x70, 0x2C, + 0xF3, 0x71, 0x27, 0x1E, 0x49, 0x6B, 0xF2, 0x0F, + 0x58, 0x8B, 0x78, 0xA1, 0xBC, 0x01, 0xEC, 0xBB, + 0x65, 0x59, 0x93, 0x4B, 0xDD, 0x2F, 0xB6, 0x5D, + 0x28, 0x84, 0x31, 0x8A, 0x33, 0xD1, 0xA4, 0x2A, + 0xDF, 0x5E, 0x33, 0xCC, 0x58, 0x00, 0x28, 0x0B, + 0x28, 0x35, 0x64, 0x97, 0xF8, 0x71, 0x35, 0xBA, + 0xB9, 0x61, 0x2A, 0x17, 0x26, 0x04, 0x24, 0x40, + 0x9A, 0xC1, 0x5F, 0xEE, 0x99, 0x6B, 0x74, 0x4C, + 0x33, 0x21, 0x51, 0x23, 0x5D, 0xEC, 0xB0, 0xF5 + + }; + WOLFSSL_SMALL_STACK_STATIC const byte id[] = { + 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00, + 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37, + 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32, + 0x33, 0x00 + }; + WOLFSSL_SMALL_STACK_STATIC const byte ssv[] = { + 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, + 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0 + }; + WOLFSSL_SMALL_STACK_STATIC const byte auth[] = { + 0x04, + 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6, + 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7, + 0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D, + 0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3, + 0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74, + 0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7, + 0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D, + 0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB, + 0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0, + 0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6, + 0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32, + 0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7, + 0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD, + 0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01, + 0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49, + 0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE, + 0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4, + 0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12, + 0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6, + 0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C, + 0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4, + 0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7, + 0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8, + 0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5, + 0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29, + 0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B, + 0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED, + 0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99, + 0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2, + 0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB, + 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3, + 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86 + }; + WOLFSSL_SMALL_STACK_STATIC const byte encSsv[] = { + 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16, + 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07 + }; + wc_test_ret_t ret; + int valid; + byte pubKey[sizeof(pubData) + 1]; + word32 sz = sizeof(pubKey); + byte tmpSsv[sizeof(encSsv)]; + byte* iTable = NULL; + word32 iTableLen; + byte* table = NULL; + word32 len; + + ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_DecodeSakkeRsk(key, rskData, sizeof(rskData), rsk); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ValidateSakkeRsk(key, id, sizeof(id), rsk, &valid); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (valid != 1) + return WC_TEST_RET_ENC_NC; + + ret = wc_SetSakkeRsk(key, rsk, NULL, 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkeIdentity(key, id, sizeof(id)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + XMEMCPY(tmpSsv, encSsv, sizeof(encSsv)); + ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv), + auth, sizeof(auth)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_MakeSakkePointI(key, id, sizeof(id)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + iTableLen = 0; + ret = wc_GenerateSakkePointITable(key, NULL, &iTableLen); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + if (iTableLen != 0) { + iTable = (byte*)XMALLOC(iTableLen, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (iTable == NULL) + return WC_TEST_RET_ENC_ERRNO; + ret = wc_GenerateSakkePointITable(key, iTable, &iTableLen); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + } + len = 0; + ret = wc_GenerateSakkeRskTable(key, rsk, NULL, &len); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + if (len > 0) { + table = (byte*)XMALLOC(len, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (table == NULL) + return WC_TEST_RET_ENC_ERRNO; + ret = wc_GenerateSakkeRskTable(key, rsk, table, &len); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + } + + ret = wc_SetSakkeRsk(key, rsk, table, len); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + XMEMCPY(tmpSsv, encSsv, sizeof(encSsv)); + ret = wc_DeriveSakkeSSV(key, WC_HASH_TYPE_SHA256, tmpSsv, sizeof(tmpSsv), + auth, sizeof(auth)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(tmpSsv, ssv, sizeof(ssv)) != 0) + return WC_TEST_RET_ENC_NC; + + /* Don't reference table that is about to be freed. */ + ret = wc_ClearSakkePointITable(key); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + /* Dispose of tables */ + XFREE(iTable, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(table, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + /* Make sure the key public key is exportable - convert to Montgomery form + * in Validation. + */ + ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (sz != sizeof(pubData)) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(pubKey, pubData, sizeof(pubData)) != 0) + return WC_TEST_RET_ENC_NC; + + sz = sizeof(pubData) + 1; + ret = wc_ExportSakkePublicKey(key, pubKey, &sz, 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (sz != sizeof(pubData) + 1) + return WC_TEST_RET_ENC_NC; + if (pubKey[0] != 0x04) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(pubKey + 1, pubData, sizeof(pubData)) != 0) + return WC_TEST_RET_ENC_NC; + + return 0; +} + +static wc_test_ret_t sakke_kat_encapsulate_test(SakkeKey* key) +{ + static const byte pubData[] = { + 0x59, 0x58, 0xEF, 0x1B, 0x16, 0x79, 0xBF, 0x09, + 0x9B, 0x3A, 0x03, 0x0D, 0xF2, 0x55, 0xAA, 0x6A, + 0x23, 0xC1, 0xD8, 0xF1, 0x43, 0xD4, 0xD2, 0x3F, + 0x75, 0x3E, 0x69, 0xBD, 0x27, 0xA8, 0x32, 0xF3, + 0x8C, 0xB4, 0xAD, 0x53, 0xDD, 0xEF, 0x42, 0x60, + 0xB0, 0xFE, 0x8B, 0xB4, 0x5C, 0x4C, 0x1F, 0xF5, + 0x10, 0xEF, 0xFE, 0x30, 0x03, 0x67, 0xA3, 0x7B, + 0x61, 0xF7, 0x01, 0xD9, 0x14, 0xAE, 0xF0, 0x97, + 0x24, 0x82, 0x5F, 0xA0, 0x70, 0x7D, 0x61, 0xA6, + 0xDF, 0xF4, 0xFB, 0xD7, 0x27, 0x35, 0x66, 0xCD, + 0xDE, 0x35, 0x2A, 0x0B, 0x04, 0xB7, 0xC1, 0x6A, + 0x78, 0x30, 0x9B, 0xE6, 0x40, 0x69, 0x7D, 0xE7, + 0x47, 0x61, 0x3A, 0x5F, 0xC1, 0x95, 0xE8, 0xB9, + 0xF3, 0x28, 0x85, 0x2A, 0x57, 0x9D, 0xB8, 0xF9, + 0x9B, 0x1D, 0x00, 0x34, 0x47, 0x9E, 0xA9, 0xC5, + 0x59, 0x5F, 0x47, 0xC4, 0xB2, 0xF5, 0x4F, 0xF2, + 0x15, 0x08, 0xD3, 0x75, 0x14, 0xDC, 0xF7, 0xA8, + 0xE1, 0x43, 0xA6, 0x05, 0x8C, 0x09, 0xA6, 0xBF, + 0x2C, 0x98, 0x58, 0xCA, 0x37, 0xC2, 0x58, 0x06, + 0x5A, 0xE6, 0xBF, 0x75, 0x32, 0xBC, 0x8B, 0x5B, + 0x63, 0x38, 0x38, 0x66, 0xE0, 0x75, 0x3C, 0x5A, + 0xC0, 0xE7, 0x27, 0x09, 0xF8, 0x44, 0x5F, 0x2E, + 0x61, 0x78, 0xE0, 0x65, 0x85, 0x7E, 0x0E, 0xDA, + 0x10, 0xF6, 0x82, 0x06, 0xB6, 0x35, 0x05, 0xED, + 0x87, 0xE5, 0x34, 0xFB, 0x28, 0x31, 0xFF, 0x95, + 0x7F, 0xB7, 0xDC, 0x61, 0x9D, 0xAE, 0x61, 0x30, + 0x1E, 0xEA, 0xCC, 0x2F, 0xDA, 0x36, 0x80, 0xEA, + 0x49, 0x99, 0x25, 0x8A, 0x83, 0x3C, 0xEA, 0x8F, + 0xC6, 0x7C, 0x6D, 0x19, 0x48, 0x7F, 0xB4, 0x49, + 0x05, 0x9F, 0x26, 0xCC, 0x8A, 0xAB, 0x65, 0x5A, + 0xB5, 0x8B, 0x7C, 0xC7, 0x96, 0xE2, 0x4E, 0x9A, + 0x39, 0x40, 0x95, 0x75, 0x4F, 0x5F, 0x8B, 0xAE + }; + static const byte id[] = { + 0x32, 0x30, 0x31, 0x31, 0x2D, 0x30, 0x32, 0x00, + 0x74, 0x65, 0x6C, 0x3A, 0x2B, 0x34, 0x34, 0x37, + 0x37, 0x30, 0x30, 0x39, 0x30, 0x30, 0x31, 0x32, + 0x33, 0x00 + }; + static const word32 idSz = sizeof(id); + byte ssv[] = { + 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0, + 0x12, 0x34, 0x56, 0x78, 0x9A, 0xBC, 0xDE, 0xF0 + }; + static const word16 ssvSz = sizeof(ssv); + static const byte expAuth[] = { + 0x04, + 0x44, 0xE8, 0xAD, 0x44, 0xAB, 0x85, 0x92, 0xA6, + 0xA5, 0xA3, 0xDD, 0xCA, 0x5C, 0xF8, 0x96, 0xC7, + 0x18, 0x04, 0x36, 0x06, 0xA0, 0x1D, 0x65, 0x0D, + 0xEF, 0x37, 0xA0, 0x1F, 0x37, 0xC2, 0x28, 0xC3, + 0x32, 0xFC, 0x31, 0x73, 0x54, 0xE2, 0xC2, 0x74, + 0xD4, 0xDA, 0xF8, 0xAD, 0x00, 0x10, 0x54, 0xC7, + 0x6C, 0xE5, 0x79, 0x71, 0xC6, 0xF4, 0x48, 0x6D, + 0x57, 0x23, 0x04, 0x32, 0x61, 0xC5, 0x06, 0xEB, + 0xF5, 0xBE, 0x43, 0x8F, 0x53, 0xDE, 0x04, 0xF0, + 0x67, 0xC7, 0x76, 0xE0, 0xDD, 0x3B, 0x71, 0xA6, + 0x29, 0x01, 0x33, 0x28, 0x37, 0x25, 0xA5, 0x32, + 0xF2, 0x1A, 0xF1, 0x45, 0x12, 0x6D, 0xC1, 0xD7, + 0x77, 0xEC, 0xC2, 0x7B, 0xE5, 0x08, 0x35, 0xBD, + 0x28, 0x09, 0x8B, 0x8A, 0x73, 0xD9, 0xF8, 0x01, + 0xD8, 0x93, 0x79, 0x3A, 0x41, 0xFF, 0x5C, 0x49, + 0xB8, 0x7E, 0x79, 0xF2, 0xBE, 0x4D, 0x56, 0xCE, + 0x55, 0x7E, 0x13, 0x4A, 0xD8, 0x5B, 0xB1, 0xD4, + 0xB9, 0xCE, 0x4F, 0x8B, 0xE4, 0xB0, 0x8A, 0x12, + 0xBA, 0xBF, 0x55, 0xB1, 0xD6, 0xF1, 0xD7, 0xA6, + 0x38, 0x01, 0x9E, 0xA2, 0x8E, 0x15, 0xAB, 0x1C, + 0x9F, 0x76, 0x37, 0x5F, 0xDD, 0x12, 0x10, 0xD4, + 0xF4, 0x35, 0x1B, 0x9A, 0x00, 0x94, 0x86, 0xB7, + 0xF3, 0xED, 0x46, 0xC9, 0x65, 0xDE, 0xD2, 0xD8, + 0x0D, 0xAD, 0xE4, 0xF3, 0x8C, 0x67, 0x21, 0xD5, + 0x2C, 0x3A, 0xD1, 0x03, 0xA1, 0x0E, 0xBD, 0x29, + 0x59, 0x24, 0x8B, 0x4E, 0xF0, 0x06, 0x83, 0x6B, + 0xF0, 0x97, 0x44, 0x8E, 0x61, 0x07, 0xC9, 0xED, + 0xEE, 0x9F, 0xB7, 0x04, 0x82, 0x3D, 0xF1, 0x99, + 0xF8, 0x32, 0xC9, 0x05, 0xAE, 0x45, 0xF8, 0xA2, + 0x47, 0xA0, 0x72, 0xD8, 0xEF, 0x72, 0x9E, 0xAB, + 0xC5, 0xE2, 0x75, 0x74, 0xB0, 0x77, 0x39, 0xB3, + 0x4B, 0xE7, 0x4A, 0x53, 0x2F, 0x74, 0x7B, 0x86 + }; + static const byte encSsv[] = { + 0x89, 0xE0, 0xBC, 0x66, 0x1A, 0xA1, 0xE9, 0x16, + 0x38, 0xE6, 0xAC, 0xC8, 0x4E, 0x49, 0x65, 0x07 + }; + wc_test_ret_t ret; + byte auth[257]; + word16 authSz = sizeof(auth); + + ret = wc_ImportSakkePublicKey(key, pubData, sizeof(pubData), 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SetSakkeIdentity(key, id, idSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_MakeSakkeEncapsulatedSSV(key, WC_HASH_TYPE_SHA256, ssv, ssvSz, + auth, &authSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (authSz != 257) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(ssv, encSsv, ssvSz) != 0) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(auth, expAuth, authSz) != 0) + return WC_TEST_RET_ENC_NC; + + return 0; +} + +static wc_test_ret_t sakke_make_key_test(SakkeKey* priv, SakkeKey* pub, SakkeKey* key, + WC_RNG* rng, ecc_point* rsk) +{ + wc_test_ret_t ret; + byte data[440]; + byte pubData[257]; + word32 sz; + char mail[] = "test@wolfssl.com"; + byte* id = (byte*)mail; + word32 idSz = (word32)XSTRLEN(mail); + int valid; + ecc_point* pubKey = rsk; + + ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_MakeSakkeKey(priv, rng); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ExportSakkeKey(priv, NULL, &sz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 384) + return WC_TEST_RET_ENC_NC; + sz--; + ret = wc_ExportSakkeKey(priv, data, &sz); + if (ret == 0) + return WC_TEST_RET_ENC_NC; + sz++; + ret = wc_ExportSakkeKey(priv, data, &sz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 384) + return WC_TEST_RET_ENC_NC; + + ret = wc_ImportSakkeKey(key, data, sz - 1); + if (ret == 0) + return WC_TEST_RET_ENC_NC; + ret = wc_ImportSakkeKey(key, data, sz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + wc_FreeSakkeKey(key); + ret = wc_InitSakkeKey_ex(key, 128, ECC_SAKKE_1, NULL, devId); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ExportSakkePrivateKey(priv, NULL, &sz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 128) + return WC_TEST_RET_ENC_NC; + sz--; + ret = wc_ExportSakkePrivateKey(priv, data, &sz); + if (ret == 0) + return WC_TEST_RET_ENC_NC; + sz++; + ret = wc_ExportSakkePrivateKey(priv, data, &sz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 128) + return WC_TEST_RET_ENC_NC; + + ret = wc_ImportSakkePrivateKey(key, data, sz - 1); + if (ret == 0) + return WC_TEST_RET_ENC_NC; + ret = wc_ImportSakkePrivateKey(key, data, sz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkePublicKey(key, pubKey); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ExportSakkePublicKey(priv, NULL, &sz, 1); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 256) + return WC_TEST_RET_ENC_NC; + sz--; + ret = wc_ExportSakkePublicKey(priv, data, &sz, 1); + if (ret == 0) + return WC_TEST_RET_ENC_NC; + sz++; + ret = wc_ExportSakkePublicKey(priv, data, &sz, 1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 256) + return WC_TEST_RET_ENC_NC; + + ret = wc_ImportSakkePublicKey(pub, data, sz - 1, 1); + if (ret == 0) + return WC_TEST_RET_ENC_NC; + ret = wc_ImportSakkePublicKey(pub, data, sz, 1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ExportSakkePublicKey(pub, pubData, &sz, 1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 256) + return WC_TEST_RET_ENC_NC; + if (XMEMCMP(data, pubData, sz) != 0) + return WC_TEST_RET_ENC_NC; + + ret = wc_MakeSakkeRsk(priv, id, idSz, rsk); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_ValidateSakkeRsk(priv, id, idSz, rsk, &valid); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (valid != 1) + return WC_TEST_RET_ENC_NC; + + ret = wc_ValidateSakkeRsk(pub, id, idSz, rsk, &valid); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (valid != 1) + return WC_TEST_RET_ENC_NC; + + sz = sizeof(data); + ret = wc_EncodeSakkeRsk(priv, rsk, data, &sz, 1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 256) + return WC_TEST_RET_ENC_NC; + ret = wc_DecodeSakkeRsk(priv, data, sz, rsk); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + sz = sizeof(pubData); + ret = wc_EncodeSakkeRsk(priv, rsk, pubData, &sz, 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (sz != sizeof(pubData)) + return WC_TEST_RET_ENC_NC; + ret = wc_DecodeSakkeRsk(priv, pubData, sz, rsk); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + wc_FreeSakkeKey(key); + + return 0; +} + +static wc_test_ret_t sakke_op_test(SakkeKey* priv, SakkeKey* pub, WC_RNG* rng, + ecc_point* rsk) +{ + wc_test_ret_t ret; + byte ssv[16]; + word16 ssvSz; + byte auth[257]; + word16 authSz; + char mail[] = "test@wolfssl.com"; + byte* id = (byte*)mail; + word32 idSz = (word32)XSTRLEN(mail); + byte pointI[256]; + word32 sz; + + ret = wc_GenerateSakkeSSV(pub, rng, NULL, &ssvSz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + if (ssvSz != 16) + return WC_TEST_RET_ENC_NC; + + ssvSz += 128; + ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz); + if (ret == 0) + return WC_TEST_RET_ENC_NC; + ssvSz -= 128; + ret = wc_GenerateSakkeSSV(pub, rng, ssv, &ssvSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (ssvSz != 16) + return WC_TEST_RET_ENC_NC; + + ret = wc_GetSakkeAuthSize(pub, &authSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SetSakkeIdentity(pub, id, idSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz, + NULL, &authSz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + if (authSz != 257) + return WC_TEST_RET_ENC_NC; + + authSz--; + ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz, + auth, &authSz); + if (ret == 0) + return WC_TEST_RET_ENC_NC; + authSz++; + ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz, + auth, &authSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (authSz != 257) + return WC_TEST_RET_ENC_NC; + + ret = wc_GetSakkePointI(pub, NULL, &sz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 256) + return WC_TEST_RET_ENC_NC; + ret = wc_GetSakkePointI(pub, pointI, &sz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (sz != 256) + return WC_TEST_RET_ENC_NC; + + /* Bogus identity - make it check and regenerate I. */ + ret = wc_MakeSakkePointI(pub, ssv, ssvSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_MakeSakkeEncapsulatedSSV(pub, WC_HASH_TYPE_SHA256, ssv, ssvSz, + auth, &authSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (authSz != 257) + return WC_TEST_RET_ENC_NC; + + ret = wc_SetSakkeRsk(priv, rsk, NULL, 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SetSakkeIdentity(priv, id, idSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + authSz--; + ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth, + authSz); + if (ret == 0) + return WC_TEST_RET_ENC_NC; + authSz++; + ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth, + authSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ssv[0] ^= 0x80; + ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth, + authSz); + if (ret != WC_NO_ERR_TRACE(SAKKE_VERIFY_FAIL_E)) + return WC_TEST_RET_ENC_EC(ret); + ssv[0] ^= 0x80; + + /* Bogus identity - make it check and regenerate I. */ + ret = wc_MakeSakkePointI(pub, ssv, idSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_DeriveSakkeSSV(priv, WC_HASH_TYPE_SHA256, ssv, ssvSz, auth, + authSz); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + return 0; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void) +{ + wc_test_ret_t ret = 0; + WC_RNG rng; + int rng_inited = 0; + SakkeKey* priv = NULL; + SakkeKey* pub = NULL; + SakkeKey* key = NULL; + ecc_point* rsk = NULL; + WOLFSSL_ENTER("sakke_test"); + + priv = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (priv == NULL) + ret = WC_TEST_RET_ENC_NC; + else + XMEMSET(priv, 0, sizeof(*priv)); + + if (ret == 0) { + pub = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (pub == NULL) + ret = WC_TEST_RET_ENC_NC; + else + XMEMSET(pub, 0, sizeof(*pub)); + } + + if (ret == 0) { + key = (SakkeKey*)XMALLOC(sizeof(SakkeKey), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (key == NULL) + ret = WC_TEST_RET_ENC_NC; + else + XMEMSET(key, 0, sizeof(*key)); + } + + if (ret == 0) { + #ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); + #else + ret = wc_InitRng(&rng); + #endif + if (ret == 0) + rng_inited = 1; + else + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + rsk = wc_ecc_new_point(); + if (rsk == NULL) + ret = WC_TEST_RET_ENC_NC; + } + + if (ret == 0) { + ret = wc_InitSakkeKey(pub, HEAP_HINT, devId); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = wc_InitSakkeKey(priv, HEAP_HINT, devId); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret == 0) { + ret = sakke_api_test(&rng, key, rsk); + } + + if (ret == 0) { + ret = sakke_kat_derive_test(pub, rsk); + } + + if (ret == 0) { + ret = sakke_kat_encapsulate_test(pub); + } + + if (ret == 0) { + ret = sakke_make_key_test(priv, pub, key, &rng, rsk); + } + + if (ret == 0) { + ret = sakke_op_test(priv, pub, &rng, rsk); + } + + if (rsk != NULL) { + wc_ecc_forcezero_point(rsk); + wc_ecc_del_point(rsk); + } + if (rng_inited) + wc_FreeRng(&rng); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pub != NULL) { + wc_FreeSakkeKey(pub); + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (priv != NULL) { + wc_FreeSakkeKey(priv); + XFREE(priv, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + + return ret; +} +#endif /* WOLFCRYPT_HAVE_SAKKE */ + + +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) + +typedef struct CMAC_Test_Case { + int type; + int partial; + const byte* m; + word32 mSz; + const byte* k; + word32 kSz; + const byte* t; + word32 tSz; +} CMAC_Test_Case; + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void) +{ +#ifdef WOLFSSL_AES_128 + WOLFSSL_SMALL_STACK_STATIC const byte k128[] = + { + 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, + 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c + }; + #define KLEN_128 (sizeof(k128)) +#endif +#ifdef WOLFSSL_AES_192 + WOLFSSL_SMALL_STACK_STATIC const byte k192[] = + { + 0x8e, 0x73, 0xb0, 0xf7, 0xda, 0x0e, 0x64, 0x52, + 0xc8, 0x10, 0xf3, 0x2b, 0x80, 0x90, 0x79, 0xe5, + 0x62, 0xf8, 0xea, 0xd2, 0x52, 0x2c, 0x6b, 0x7b + }; + #define KLEN_192 (sizeof(k192)) +#endif +#ifdef WOLFSSL_AES_256 + WOLFSSL_SMALL_STACK_STATIC const byte k256[] = + { + 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, + 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, + 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, + 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 + }; + #define KLEN_256 (sizeof(k256)) +#endif + + WOLFSSL_SMALL_STACK_STATIC const byte m[] = + { + 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, + 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, + 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, + 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, + 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, + 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, + 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, + 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 + }; + #define MLEN_0 (0) + #define MLEN_128 (128/8) + #define MLEN_320 (320/8) + #define MLEN_319 (MLEN_320 - 1) + #define MLEN_512 (512/8) + +#ifdef WOLFSSL_AES_128 + WOLFSSL_SMALL_STACK_STATIC const byte t128_0[] = + { + 0xbb, 0x1d, 0x69, 0x29, 0xe9, 0x59, 0x37, 0x28, + 0x7f, 0xa3, 0x7d, 0x12, 0x9b, 0x75, 0x67, 0x46 + }; + WOLFSSL_SMALL_STACK_STATIC const byte t128_128[] = + { + 0x07, 0x0a, 0x16, 0xb4, 0x6b, 0x4d, 0x41, 0x44, + 0xf7, 0x9b, 0xdd, 0x9d, 0xd0, 0x4a, 0x28, 0x7c + }; + WOLFSSL_SMALL_STACK_STATIC const byte t128_319[] = + { + 0x2c, 0x17, 0x84, 0x4c, 0x93, 0x1c, 0x07, 0x95, + 0x15, 0x92, 0x73, 0x0a, 0x34, 0xd0, 0xd9, 0xd2 + }; + WOLFSSL_SMALL_STACK_STATIC const byte t128_320[] = + { + 0xdf, 0xa6, 0x67, 0x47, 0xde, 0x9a, 0xe6, 0x30, + 0x30, 0xca, 0x32, 0x61, 0x14, 0x97, 0xc8, 0x27 + }; + WOLFSSL_SMALL_STACK_STATIC const byte t128_512[] = + { + 0x51, 0xf0, 0xbe, 0xbf, 0x7e, 0x3b, 0x9d, 0x92, + 0xfc, 0x49, 0x74, 0x17, 0x79, 0x36, 0x3c, 0xfe + }; +#endif +#ifdef WOLFSSL_AES_192 + WOLFSSL_SMALL_STACK_STATIC const byte t192_0[] = + { + 0xd1, 0x7d, 0xdf, 0x46, 0xad, 0xaa, 0xcd, 0xe5, + 0x31, 0xca, 0xc4, 0x83, 0xde, 0x7a, 0x93, 0x67 + }; + WOLFSSL_SMALL_STACK_STATIC const byte t192_128[] = + { + 0x9e, 0x99, 0xa7, 0xbf, 0x31, 0xe7, 0x10, 0x90, + 0x06, 0x62, 0xf6, 0x5e, 0x61, 0x7c, 0x51, 0x84 + }; + WOLFSSL_SMALL_STACK_STATIC const byte t192_320[] = + { + 0x8a, 0x1d, 0xe5, 0xbe, 0x2e, 0xb3, 0x1a, 0xad, + 0x08, 0x9a, 0x82, 0xe6, 0xee, 0x90, 0x8b, 0x0e + }; + WOLFSSL_SMALL_STACK_STATIC const byte t192_512[] = + { + 0xa1, 0xd5, 0xdf, 0x0e, 0xed, 0x79, 0x0f, 0x79, + 0x4d, 0x77, 0x58, 0x96, 0x59, 0xf3, 0x9a, 0x11 + }; +#endif +#ifdef WOLFSSL_AES_256 + WOLFSSL_SMALL_STACK_STATIC const byte t256_0[] = + { + 0x02, 0x89, 0x62, 0xf6, 0x1b, 0x7b, 0xf8, 0x9e, + 0xfc, 0x6b, 0x55, 0x1f, 0x46, 0x67, 0xd9, 0x83 + }; + WOLFSSL_SMALL_STACK_STATIC const byte t256_128[] = + { + 0x28, 0xa7, 0x02, 0x3f, 0x45, 0x2e, 0x8f, 0x82, + 0xbd, 0x4b, 0xf2, 0x8d, 0x8c, 0x37, 0xc3, 0x5c + }; + WOLFSSL_SMALL_STACK_STATIC const byte t256_320[] = + { + 0xaa, 0xf3, 0xd8, 0xf1, 0xde, 0x56, 0x40, 0xc2, + 0x32, 0xf5, 0xb1, 0x69, 0xb9, 0xc9, 0x11, 0xe6 + }; + WOLFSSL_SMALL_STACK_STATIC const byte t256_512[] = + { + 0xe1, 0x99, 0x21, 0x90, 0x54, 0x9f, 0x6e, 0xd5, + 0x69, 0x6a, 0x2c, 0x05, 0x6c, 0x31, 0x54, 0x10 + }; +#endif + const CMAC_Test_Case testCases[] = + { +#ifdef WOLFSSL_AES_128 + {WC_CMAC_AES, 0, m, MLEN_0, k128, KLEN_128, t128_0, WC_AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_128, k128, KLEN_128, t128_128, WC_AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_320, k128, KLEN_128, t128_320, WC_AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_512, k128, KLEN_128, t128_512, WC_AES_BLOCK_SIZE}, + {WC_CMAC_AES, 5, m, MLEN_512, k128, KLEN_128, t128_512, WC_AES_BLOCK_SIZE}, +#endif +#ifdef WOLFSSL_AES_192 + {WC_CMAC_AES, 0, m, MLEN_0, k192, KLEN_192, t192_0, WC_AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_128, k192, KLEN_192, t192_128, WC_AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_320, k192, KLEN_192, t192_320, WC_AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_512, k192, KLEN_192, t192_512, WC_AES_BLOCK_SIZE}, +#endif +#ifdef WOLFSSL_AES_256 + {WC_CMAC_AES, 0, m, MLEN_0, k256, KLEN_256, t256_0, WC_AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_128, k256, KLEN_256, t256_128, WC_AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_320, k256, KLEN_256, t256_320, WC_AES_BLOCK_SIZE}, + {WC_CMAC_AES, 0, m, MLEN_512, k256, KLEN_256, t256_512, WC_AES_BLOCK_SIZE}, +#endif +#ifdef WOLFSSL_AES_128 + {WC_CMAC_AES, 0, m, MLEN_319, k128, KLEN_128, t128_319, WC_AES_BLOCK_SIZE} +#endif + }; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Cmac *cmac; +#else + Cmac cmac[1]; +#endif + byte tag[WC_AES_BLOCK_SIZE]; + const CMAC_Test_Case* tc; + word32 i, tagSz; + wc_test_ret_t ret; + WOLFSSL_ENTER("cmac_test"); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((cmac = (Cmac *)XMALLOC(sizeof *cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC)) == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); +#endif + + for (i = 0, tc = testCases; + i < sizeof(testCases)/sizeof(CMAC_Test_Case); + i++, tc++) { + + XMEMSET(tag, 0, sizeof(tag)); + tagSz = WC_AES_BLOCK_SIZE; + +#if !defined(HAVE_FIPS) || \ + defined(HAVE_FIPS_VERSION) && (HAVE_FIPS_VERSION >= 3) + ret = wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId); +#else + ret = wc_InitCmac(cmac, tc->k, tc->kSz, tc->type, NULL); +#endif + if (ret != 0) + { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + if (tc->partial) { + ret = wc_CmacUpdate(cmac, tc->m, + tc->mSz/2 - tc->partial); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = wc_CmacUpdate(cmac, tc->m + tc->mSz/2 - tc->partial, + tc->mSz/2 + tc->partial); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + else { + ret = wc_CmacUpdate(cmac, tc->m, tc->mSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + ret = wc_CmacFinal(cmac, tag, &tagSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(tag, tc->t, WC_AES_BLOCK_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + XMEMSET(tag, 0, sizeof(tag)); + tagSz = sizeof(tag); +#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0) + ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz, + tc->k, tc->kSz, NULL, devId); +#else + ret = wc_AesCmacGenerate(tag, &tagSz, tc->m, tc->mSz, + tc->k, tc->kSz); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (XMEMCMP(tag, tc->t, WC_AES_BLOCK_SIZE) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); +#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0) + ret = wc_AesCmacVerify_ex(cmac, tc->t, tc->tSz, tc->m, tc->mSz, + tc->k, tc->kSz, HEAP_HINT, devId); +#else + ret = wc_AesCmacVerify(tc->t, tc->tSz, tc->m, tc->mSz, + tc->k, tc->kSz); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#if !defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0) + /* Test that keyless generate with init is the same */ + XMEMSET(tag, 0, sizeof(tag)); + tagSz = sizeof(tag); + ret = wc_InitCmac_ex(cmac, tc->k, tc->kSz, tc->type, NULL, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + ret = wc_AesCmacGenerate_ex(cmac, tag, &tagSz, tc->m, tc->mSz, + NULL, 0, HEAP_HINT, devId); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } +#endif + +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) + (void)wc_CmacFree(cmac); +#endif + } + + ret = 0; + + out: + +#if !defined(HAVE_FIPS) || FIPS_VERSION3_GE(6,0,0) + (void)wc_CmacFree(cmac); +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(cmac, HEAP_HINT, DYNAMIC_TYPE_CMAC); +#endif + + return ret; +} + +#endif /* !NO_AES && WOLFSSL_CMAC */ + +#if defined(WOLFSSL_SIPHASH) + +#if WOLFSSL_SIPHASH_CROUNDS == 2 && WOLFSSL_SIPHASH_DROUNDS == 4 +/* Test vectors from: + * https://github.com/veorq/SipHash/blob/master/vectors.h + */ +static const unsigned char siphash_key[SIPHASH_KEY_SIZE] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f +}; +static const unsigned char siphash_msg[64] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, + 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, + 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, + 0x20, 0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, + 0x28, 0x29, 0x2a, 0x2b, 0x2c, 0x2d, 0x2e, 0x2f, + 0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, + 0x38, 0x39, 0x3a, 0x3b, 0x3c, 0x3d, 0x3e, 0x3f +}; +static const unsigned char siphash_r8[64][SIPHASH_MAC_SIZE_8] = { + { 0x31, 0x0e, 0x0e, 0xdd, 0x47, 0xdb, 0x6f, 0x72, }, + { 0xfd, 0x67, 0xdc, 0x93, 0xc5, 0x39, 0xf8, 0x74, }, + { 0x5a, 0x4f, 0xa9, 0xd9, 0x09, 0x80, 0x6c, 0x0d, }, + { 0x2d, 0x7e, 0xfb, 0xd7, 0x96, 0x66, 0x67, 0x85, }, + { 0xb7, 0x87, 0x71, 0x27, 0xe0, 0x94, 0x27, 0xcf, }, + { 0x8d, 0xa6, 0x99, 0xcd, 0x64, 0x55, 0x76, 0x18, }, + { 0xce, 0xe3, 0xfe, 0x58, 0x6e, 0x46, 0xc9, 0xcb, }, + { 0x37, 0xd1, 0x01, 0x8b, 0xf5, 0x00, 0x02, 0xab, }, + { 0x62, 0x24, 0x93, 0x9a, 0x79, 0xf5, 0xf5, 0x93, }, + { 0xb0, 0xe4, 0xa9, 0x0b, 0xdf, 0x82, 0x00, 0x9e, }, + { 0xf3, 0xb9, 0xdd, 0x94, 0xc5, 0xbb, 0x5d, 0x7a, }, + { 0xa7, 0xad, 0x6b, 0x22, 0x46, 0x2f, 0xb3, 0xf4, }, + { 0xfb, 0xe5, 0x0e, 0x86, 0xbc, 0x8f, 0x1e, 0x75, }, + { 0x90, 0x3d, 0x84, 0xc0, 0x27, 0x56, 0xea, 0x14, }, + { 0xee, 0xf2, 0x7a, 0x8e, 0x90, 0xca, 0x23, 0xf7, }, + { 0xe5, 0x45, 0xbe, 0x49, 0x61, 0xca, 0x29, 0xa1, }, + { 0xdb, 0x9b, 0xc2, 0x57, 0x7f, 0xcc, 0x2a, 0x3f, }, + { 0x94, 0x47, 0xbe, 0x2c, 0xf5, 0xe9, 0x9a, 0x69, }, + { 0x9c, 0xd3, 0x8d, 0x96, 0xf0, 0xb3, 0xc1, 0x4b, }, + { 0xbd, 0x61, 0x79, 0xa7, 0x1d, 0xc9, 0x6d, 0xbb, }, + { 0x98, 0xee, 0xa2, 0x1a, 0xf2, 0x5c, 0xd6, 0xbe, }, + { 0xc7, 0x67, 0x3b, 0x2e, 0xb0, 0xcb, 0xf2, 0xd0, }, + { 0x88, 0x3e, 0xa3, 0xe3, 0x95, 0x67, 0x53, 0x93, }, + { 0xc8, 0xce, 0x5c, 0xcd, 0x8c, 0x03, 0x0c, 0xa8, }, + { 0x94, 0xaf, 0x49, 0xf6, 0xc6, 0x50, 0xad, 0xb8, }, + { 0xea, 0xb8, 0x85, 0x8a, 0xde, 0x92, 0xe1, 0xbc, }, + { 0xf3, 0x15, 0xbb, 0x5b, 0xb8, 0x35, 0xd8, 0x17, }, + { 0xad, 0xcf, 0x6b, 0x07, 0x63, 0x61, 0x2e, 0x2f, }, + { 0xa5, 0xc9, 0x1d, 0xa7, 0xac, 0xaa, 0x4d, 0xde, }, + { 0x71, 0x65, 0x95, 0x87, 0x66, 0x50, 0xa2, 0xa6, }, + { 0x28, 0xef, 0x49, 0x5c, 0x53, 0xa3, 0x87, 0xad, }, + { 0x42, 0xc3, 0x41, 0xd8, 0xfa, 0x92, 0xd8, 0x32, }, + { 0xce, 0x7c, 0xf2, 0x72, 0x2f, 0x51, 0x27, 0x71, }, + { 0xe3, 0x78, 0x59, 0xf9, 0x46, 0x23, 0xf3, 0xa7, }, + { 0x38, 0x12, 0x05, 0xbb, 0x1a, 0xb0, 0xe0, 0x12, }, + { 0xae, 0x97, 0xa1, 0x0f, 0xd4, 0x34, 0xe0, 0x15, }, + { 0xb4, 0xa3, 0x15, 0x08, 0xbe, 0xff, 0x4d, 0x31, }, + { 0x81, 0x39, 0x62, 0x29, 0xf0, 0x90, 0x79, 0x02, }, + { 0x4d, 0x0c, 0xf4, 0x9e, 0xe5, 0xd4, 0xdc, 0xca, }, + { 0x5c, 0x73, 0x33, 0x6a, 0x76, 0xd8, 0xbf, 0x9a, }, + { 0xd0, 0xa7, 0x04, 0x53, 0x6b, 0xa9, 0x3e, 0x0e, }, + { 0x92, 0x59, 0x58, 0xfc, 0xd6, 0x42, 0x0c, 0xad, }, + { 0xa9, 0x15, 0xc2, 0x9b, 0xc8, 0x06, 0x73, 0x18, }, + { 0x95, 0x2b, 0x79, 0xf3, 0xbc, 0x0a, 0xa6, 0xd4, }, + { 0xf2, 0x1d, 0xf2, 0xe4, 0x1d, 0x45, 0x35, 0xf9, }, + { 0x87, 0x57, 0x75, 0x19, 0x04, 0x8f, 0x53, 0xa9, }, + { 0x10, 0xa5, 0x6c, 0xf5, 0xdf, 0xcd, 0x9a, 0xdb, }, + { 0xeb, 0x75, 0x09, 0x5c, 0xcd, 0x98, 0x6c, 0xd0, }, + { 0x51, 0xa9, 0xcb, 0x9e, 0xcb, 0xa3, 0x12, 0xe6, }, + { 0x96, 0xaf, 0xad, 0xfc, 0x2c, 0xe6, 0x66, 0xc7, }, + { 0x72, 0xfe, 0x52, 0x97, 0x5a, 0x43, 0x64, 0xee, }, + { 0x5a, 0x16, 0x45, 0xb2, 0x76, 0xd5, 0x92, 0xa1, }, + { 0xb2, 0x74, 0xcb, 0x8e, 0xbf, 0x87, 0x87, 0x0a, }, + { 0x6f, 0x9b, 0xb4, 0x20, 0x3d, 0xe7, 0xb3, 0x81, }, + { 0xea, 0xec, 0xb2, 0xa3, 0x0b, 0x22, 0xa8, 0x7f, }, + { 0x99, 0x24, 0xa4, 0x3c, 0xc1, 0x31, 0x57, 0x24, }, + { 0xbd, 0x83, 0x8d, 0x3a, 0xaf, 0xbf, 0x8d, 0xb7, }, + { 0x0b, 0x1a, 0x2a, 0x32, 0x65, 0xd5, 0x1a, 0xea, }, + { 0x13, 0x50, 0x79, 0xa3, 0x23, 0x1c, 0xe6, 0x60, }, + { 0x93, 0x2b, 0x28, 0x46, 0xe4, 0xd7, 0x06, 0x66, }, + { 0xe1, 0x91, 0x5f, 0x5c, 0xb1, 0xec, 0xa4, 0x6c, }, + { 0xf3, 0x25, 0x96, 0x5c, 0xa1, 0x6d, 0x62, 0x9f, }, + { 0x57, 0x5f, 0xf2, 0x8e, 0x60, 0x38, 0x1b, 0xe5, }, + { 0x72, 0x45, 0x06, 0xeb, 0x4c, 0x32, 0x8a, 0x95, }, +}; +static const unsigned char siphash_r16[64][SIPHASH_MAC_SIZE_16] = { + { 0xa3, 0x81, 0x7f, 0x04, 0xba, 0x25, 0xa8, 0xe6, + 0x6d, 0xf6, 0x72, 0x14, 0xc7, 0x55, 0x02, 0x93, }, + { 0xda, 0x87, 0xc1, 0xd8, 0x6b, 0x99, 0xaf, 0x44, + 0x34, 0x76, 0x59, 0x11, 0x9b, 0x22, 0xfc, 0x45, }, + { 0x81, 0x77, 0x22, 0x8d, 0xa4, 0xa4, 0x5d, 0xc7, + 0xfc, 0xa3, 0x8b, 0xde, 0xf6, 0x0a, 0xff, 0xe4, }, + { 0x9c, 0x70, 0xb6, 0x0c, 0x52, 0x67, 0xa9, 0x4e, + 0x5f, 0x33, 0xb6, 0xb0, 0x29, 0x85, 0xed, 0x51, }, + { 0xf8, 0x81, 0x64, 0xc1, 0x2d, 0x9c, 0x8f, 0xaf, + 0x7d, 0x0f, 0x6e, 0x7c, 0x7b, 0xcd, 0x55, 0x79, }, + { 0x13, 0x68, 0x87, 0x59, 0x80, 0x77, 0x6f, 0x88, + 0x54, 0x52, 0x7a, 0x07, 0x69, 0x0e, 0x96, 0x27, }, + { 0x14, 0xee, 0xca, 0x33, 0x8b, 0x20, 0x86, 0x13, + 0x48, 0x5e, 0xa0, 0x30, 0x8f, 0xd7, 0xa1, 0x5e, }, + { 0xa1, 0xf1, 0xeb, 0xbe, 0xd8, 0xdb, 0xc1, 0x53, + 0xc0, 0xb8, 0x4a, 0xa6, 0x1f, 0xf0, 0x82, 0x39, }, + { 0x3b, 0x62, 0xa9, 0xba, 0x62, 0x58, 0xf5, 0x61, + 0x0f, 0x83, 0xe2, 0x64, 0xf3, 0x14, 0x97, 0xb4, }, + { 0x26, 0x44, 0x99, 0x06, 0x0a, 0xd9, 0xba, 0xab, + 0xc4, 0x7f, 0x8b, 0x02, 0xbb, 0x6d, 0x71, 0xed, }, + { 0x00, 0x11, 0x0d, 0xc3, 0x78, 0x14, 0x69, 0x56, + 0xc9, 0x54, 0x47, 0xd3, 0xf3, 0xd0, 0xfb, 0xba, }, + { 0x01, 0x51, 0xc5, 0x68, 0x38, 0x6b, 0x66, 0x77, + 0xa2, 0xb4, 0xdc, 0x6f, 0x81, 0xe5, 0xdc, 0x18, }, + { 0xd6, 0x26, 0xb2, 0x66, 0x90, 0x5e, 0xf3, 0x58, + 0x82, 0x63, 0x4d, 0xf6, 0x85, 0x32, 0xc1, 0x25, }, + { 0x98, 0x69, 0xe2, 0x47, 0xe9, 0xc0, 0x8b, 0x10, + 0xd0, 0x29, 0x93, 0x4f, 0xc4, 0xb9, 0x52, 0xf7, }, + { 0x31, 0xfc, 0xef, 0xac, 0x66, 0xd7, 0xde, 0x9c, + 0x7e, 0xc7, 0x48, 0x5f, 0xe4, 0x49, 0x49, 0x02, }, + { 0x54, 0x93, 0xe9, 0x99, 0x33, 0xb0, 0xa8, 0x11, + 0x7e, 0x08, 0xec, 0x0f, 0x97, 0xcf, 0xc3, 0xd9, }, + { 0x6e, 0xe2, 0xa4, 0xca, 0x67, 0xb0, 0x54, 0xbb, + 0xfd, 0x33, 0x15, 0xbf, 0x85, 0x23, 0x05, 0x77, }, + { 0x47, 0x3d, 0x06, 0xe8, 0x73, 0x8d, 0xb8, 0x98, + 0x54, 0xc0, 0x66, 0xc4, 0x7a, 0xe4, 0x77, 0x40, }, + { 0xa4, 0x26, 0xe5, 0xe4, 0x23, 0xbf, 0x48, 0x85, + 0x29, 0x4d, 0xa4, 0x81, 0xfe, 0xae, 0xf7, 0x23, }, + { 0x78, 0x01, 0x77, 0x31, 0xcf, 0x65, 0xfa, 0xb0, + 0x74, 0xd5, 0x20, 0x89, 0x52, 0x51, 0x2e, 0xb1, }, + { 0x9e, 0x25, 0xfc, 0x83, 0x3f, 0x22, 0x90, 0x73, + 0x3e, 0x93, 0x44, 0xa5, 0xe8, 0x38, 0x39, 0xeb, }, + { 0x56, 0x8e, 0x49, 0x5a, 0xbe, 0x52, 0x5a, 0x21, + 0x8a, 0x22, 0x14, 0xcd, 0x3e, 0x07, 0x1d, 0x12, }, + { 0x4a, 0x29, 0xb5, 0x45, 0x52, 0xd1, 0x6b, 0x9a, + 0x46, 0x9c, 0x10, 0x52, 0x8e, 0xff, 0x0a, 0xae, }, + { 0xc9, 0xd1, 0x84, 0xdd, 0xd5, 0xa9, 0xf5, 0xe0, + 0xcf, 0x8c, 0xe2, 0x9a, 0x9a, 0xbf, 0x69, 0x1c, }, + { 0x2d, 0xb4, 0x79, 0xae, 0x78, 0xbd, 0x50, 0xd8, + 0x88, 0x2a, 0x8a, 0x17, 0x8a, 0x61, 0x32, 0xad, }, + { 0x8e, 0xce, 0x5f, 0x04, 0x2d, 0x5e, 0x44, 0x7b, + 0x50, 0x51, 0xb9, 0xea, 0xcb, 0x8d, 0x8f, 0x6f, }, + { 0x9c, 0x0b, 0x53, 0xb4, 0xb3, 0xc3, 0x07, 0xe8, + 0x7e, 0xae, 0xe0, 0x86, 0x78, 0x14, 0x1f, 0x66, }, + { 0xab, 0xf2, 0x48, 0xaf, 0x69, 0xa6, 0xea, 0xe4, + 0xbf, 0xd3, 0xeb, 0x2f, 0x12, 0x9e, 0xeb, 0x94, }, + { 0x06, 0x64, 0xda, 0x16, 0x68, 0x57, 0x4b, 0x88, + 0xb9, 0x35, 0xf3, 0x02, 0x73, 0x58, 0xae, 0xf4, }, + { 0xaa, 0x4b, 0x9d, 0xc4, 0xbf, 0x33, 0x7d, 0xe9, + 0x0c, 0xd4, 0xfd, 0x3c, 0x46, 0x7c, 0x6a, 0xb7, }, + { 0xea, 0x5c, 0x7f, 0x47, 0x1f, 0xaf, 0x6b, 0xde, + 0x2b, 0x1a, 0xd7, 0xd4, 0x68, 0x6d, 0x22, 0x87, }, + { 0x29, 0x39, 0xb0, 0x18, 0x32, 0x23, 0xfa, 0xfc, + 0x17, 0x23, 0xde, 0x4f, 0x52, 0xc4, 0x3d, 0x35, }, + { 0x7c, 0x39, 0x56, 0xca, 0x5e, 0xea, 0xfc, 0x3e, + 0x36, 0x3e, 0x9d, 0x55, 0x65, 0x46, 0xeb, 0x68, }, + { 0x77, 0xc6, 0x07, 0x71, 0x46, 0xf0, 0x1c, 0x32, + 0xb6, 0xb6, 0x9d, 0x5f, 0x4e, 0xa9, 0xff, 0xcf, }, + { 0x37, 0xa6, 0x98, 0x6c, 0xb8, 0x84, 0x7e, 0xdf, + 0x09, 0x25, 0xf0, 0xf1, 0x30, 0x9b, 0x54, 0xde, }, + { 0xa7, 0x05, 0xf0, 0xe6, 0x9d, 0xa9, 0xa8, 0xf9, + 0x07, 0x24, 0x1a, 0x2e, 0x92, 0x3c, 0x8c, 0xc8, }, + { 0x3d, 0xc4, 0x7d, 0x1f, 0x29, 0xc4, 0x48, 0x46, + 0x1e, 0x9e, 0x76, 0xed, 0x90, 0x4f, 0x67, 0x11, }, + { 0x0d, 0x62, 0xbf, 0x01, 0xe6, 0xfc, 0x0e, 0x1a, + 0x0d, 0x3c, 0x47, 0x51, 0xc5, 0xd3, 0x69, 0x2b, }, + { 0x8c, 0x03, 0x46, 0x8b, 0xca, 0x7c, 0x66, 0x9e, + 0xe4, 0xfd, 0x5e, 0x08, 0x4b, 0xbe, 0xe7, 0xb5, }, + { 0x52, 0x8a, 0x5b, 0xb9, 0x3b, 0xaf, 0x2c, 0x9c, + 0x44, 0x73, 0xcc, 0xe5, 0xd0, 0xd2, 0x2b, 0xd9, }, + { 0xdf, 0x6a, 0x30, 0x1e, 0x95, 0xc9, 0x5d, 0xad, + 0x97, 0xae, 0x0c, 0xc8, 0xc6, 0x91, 0x3b, 0xd8, }, + { 0x80, 0x11, 0x89, 0x90, 0x2c, 0x85, 0x7f, 0x39, + 0xe7, 0x35, 0x91, 0x28, 0x5e, 0x70, 0xb6, 0xdb, }, + { 0xe6, 0x17, 0x34, 0x6a, 0xc9, 0xc2, 0x31, 0xbb, + 0x36, 0x50, 0xae, 0x34, 0xcc, 0xca, 0x0c, 0x5b, }, + { 0x27, 0xd9, 0x34, 0x37, 0xef, 0xb7, 0x21, 0xaa, + 0x40, 0x18, 0x21, 0xdc, 0xec, 0x5a, 0xdf, 0x89, }, + { 0x89, 0x23, 0x7d, 0x9d, 0xed, 0x9c, 0x5e, 0x78, + 0xd8, 0xb1, 0xc9, 0xb1, 0x66, 0xcc, 0x73, 0x42, }, + { 0x4a, 0x6d, 0x80, 0x91, 0xbf, 0x5e, 0x7d, 0x65, + 0x11, 0x89, 0xfa, 0x94, 0xa2, 0x50, 0xb1, 0x4c, }, + { 0x0e, 0x33, 0xf9, 0x60, 0x55, 0xe7, 0xae, 0x89, + 0x3f, 0xfc, 0x0e, 0x3d, 0xcf, 0x49, 0x29, 0x02, }, + { 0xe6, 0x1c, 0x43, 0x2b, 0x72, 0x0b, 0x19, 0xd1, + 0x8e, 0xc8, 0xd8, 0x4b, 0xdc, 0x63, 0x15, 0x1b, }, + { 0xf7, 0xe5, 0xae, 0xf5, 0x49, 0xf7, 0x82, 0xcf, + 0x37, 0x90, 0x55, 0xa6, 0x08, 0x26, 0x9b, 0x16, }, + { 0x43, 0x8d, 0x03, 0x0f, 0xd0, 0xb7, 0xa5, 0x4f, + 0xa8, 0x37, 0xf2, 0xad, 0x20, 0x1a, 0x64, 0x03, }, + { 0xa5, 0x90, 0xd3, 0xee, 0x4f, 0xbf, 0x04, 0xe3, + 0x24, 0x7e, 0x0d, 0x27, 0xf2, 0x86, 0x42, 0x3f, }, + { 0x5f, 0xe2, 0xc1, 0xa1, 0x72, 0xfe, 0x93, 0xc4, + 0xb1, 0x5c, 0xd3, 0x7c, 0xae, 0xf9, 0xf5, 0x38, }, + { 0x2c, 0x97, 0x32, 0x5c, 0xbd, 0x06, 0xb3, 0x6e, + 0xb2, 0x13, 0x3d, 0xd0, 0x8b, 0x3a, 0x01, 0x7c, }, + { 0x92, 0xc8, 0x14, 0x22, 0x7a, 0x6b, 0xca, 0x94, + 0x9f, 0xf0, 0x65, 0x9f, 0x00, 0x2a, 0xd3, 0x9e, }, + { 0xdc, 0xe8, 0x50, 0x11, 0x0b, 0xd8, 0x32, 0x8c, + 0xfb, 0xd5, 0x08, 0x41, 0xd6, 0x91, 0x1d, 0x87, }, + { 0x67, 0xf1, 0x49, 0x84, 0xc7, 0xda, 0x79, 0x12, + 0x48, 0xe3, 0x2b, 0xb5, 0x92, 0x25, 0x83, 0xda, }, + { 0x19, 0x38, 0xf2, 0xcf, 0x72, 0xd5, 0x4e, 0xe9, + 0x7e, 0x94, 0x16, 0x6f, 0xa9, 0x1d, 0x2a, 0x36, }, + { 0x74, 0x48, 0x1e, 0x96, 0x46, 0xed, 0x49, 0xfe, + 0x0f, 0x62, 0x24, 0x30, 0x16, 0x04, 0x69, 0x8e, }, + { 0x57, 0xfc, 0xa5, 0xde, 0x98, 0xa9, 0xd6, 0xd8, + 0x00, 0x64, 0x38, 0xd0, 0x58, 0x3d, 0x8a, 0x1d, }, + { 0x9f, 0xec, 0xde, 0x1c, 0xef, 0xdc, 0x1c, 0xbe, + 0xd4, 0x76, 0x36, 0x74, 0xd9, 0x57, 0x53, 0x59, }, + { 0xe3, 0x04, 0x0c, 0x00, 0xeb, 0x28, 0xf1, 0x53, + 0x66, 0xca, 0x73, 0xcb, 0xd8, 0x72, 0xe7, 0x40, }, + { 0x76, 0x97, 0x00, 0x9a, 0x6a, 0x83, 0x1d, 0xfe, + 0xcc, 0xa9, 0x1c, 0x59, 0x93, 0x67, 0x0f, 0x7a, }, + { 0x58, 0x53, 0x54, 0x23, 0x21, 0xf5, 0x67, 0xa0, + 0x05, 0xd5, 0x47, 0xa4, 0xf0, 0x47, 0x59, 0xbd, }, + { 0x51, 0x50, 0xd1, 0x77, 0x2f, 0x50, 0x83, 0x4a, + 0x50, 0x3e, 0x06, 0x9a, 0x97, 0x3f, 0xbd, 0x7c, }, +}; +#endif + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void) +{ + wc_test_ret_t ret = 0; + int i; +#if WOLFSSL_SIPHASH_CROUNDS == 2 && WOLFSSL_SIPHASH_DROUNDS == 4 + unsigned char res[SIPHASH_MAC_SIZE_16]; + unsigned char tmp[SIPHASH_MAC_SIZE_8]; + SipHash siphash; + WOLFSSL_ENTER("siphash_test (1)"); + + for (i = 0; i < 64; i++) { + ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + ret = wc_SipHashUpdate(&siphash, siphash_msg, (word32)i); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_8); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + if (XMEMCMP(res, siphash_r8[i], SIPHASH_MAC_SIZE_8) != 0) + return WC_TEST_RET_ENC_I(i); + ret = wc_SipHash(siphash_key, siphash_msg, (word32)i, res, SIPHASH_MAC_SIZE_8); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + if (XMEMCMP(res, siphash_r8[i], SIPHASH_MAC_SIZE_8) != 0) + return WC_TEST_RET_ENC_I(i); + } + for (i = 0; i < 64; i++) { + ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_16); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + ret = wc_SipHashUpdate(&siphash, siphash_msg, (word32)i); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0) + return WC_TEST_RET_ENC_I(i); + ret = wc_SipHash(siphash_key, siphash_msg, (word32)i, res, SIPHASH_MAC_SIZE_16); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + if (XMEMCMP(res, siphash_r16[i], SIPHASH_MAC_SIZE_16) != 0) + return WC_TEST_RET_ENC_I(i); + } +#else + WOLFSSL_ENTER("siphash_test (1)"); +#endif + + /* Testing bad parameters. */ + ret = wc_InitSipHash(NULL, NULL, SIPHASH_MAC_SIZE_8); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_InitSipHash(NULL, siphash_key, SIPHASH_MAC_SIZE_8); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_InitSipHash(&siphash, NULL, SIPHASH_MAC_SIZE_8); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_InitSipHash(&siphash, siphash_key, 7); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SipHashUpdate(NULL, NULL, 0); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SipHashUpdate(&siphash, NULL, 1); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SipHashFinal(NULL, NULL, SIPHASH_MAC_SIZE_8); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SipHashFinal(&siphash, NULL, SIPHASH_MAC_SIZE_8); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SipHashFinal(NULL, res, SIPHASH_MAC_SIZE_8); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_16); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + ret = wc_SipHash(NULL, NULL, 0, NULL, SIPHASH_MAC_SIZE_16); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SipHash(siphash_key, NULL, 0, NULL, SIPHASH_MAC_SIZE_16); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SipHash(NULL, NULL, 0, res, SIPHASH_MAC_SIZE_16); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SipHash(siphash_key, NULL, 0, res, 15); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SipHash(siphash_key, NULL, 1, res, SIPHASH_MAC_SIZE_16); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + /* Test cache with multiple non blocksize bytes */ + ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SipHashUpdate(&siphash, siphash_msg, 5); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SipHashUpdate(&siphash, siphash_msg + 5, 4); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SipHashFinal(&siphash, res, SIPHASH_MAC_SIZE_8); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_InitSipHash(&siphash, siphash_key, SIPHASH_MAC_SIZE_8); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SipHashUpdate(&siphash, siphash_msg, 9); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_SipHashFinal(&siphash, tmp, SIPHASH_MAC_SIZE_8); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(res, tmp, SIPHASH_MAC_SIZE_8) != 0) + return WC_TEST_RET_ENC_NC; + + return 0; +} + +#endif /* WOLFSSL_SIPHASH */ + +#ifdef HAVE_LIBZ + +static const byte sample_text[] = + "Biodiesel cupidatat marfa, cliche aute put a bird on it incididunt elit\n" + "polaroid. Sunt tattooed bespoke reprehenderit. Sint twee organic id\n" + "marfa. Commodo veniam ad esse gastropub. 3 wolf moon sartorial vero,\n" + "plaid delectus biodiesel squid +1 vice. Post-ironic keffiyeh leggings\n" + "selfies cray fap hoodie, forage anim. Carles cupidatat shoreditch, VHS\n" + "small batch meggings kogi dolore food truck bespoke gastropub.\n" + "\n" + "Terry richardson adipisicing actually typewriter tumblr, twee whatever\n" + "four loko you probably haven't heard of them high life. Messenger bag\n" + "whatever tattooed deep v mlkshk. Brooklyn pinterest assumenda chillwave\n" + "et, banksy ullamco messenger bag umami pariatur direct trade forage.\n" + "Typewriter culpa try-hard, pariatur sint brooklyn meggings. Gentrify\n" + "food truck next level, tousled irony non semiotics PBR ethical anim cred\n" + "readymade. Mumblecore brunch lomo odd future, portland organic terry\n" + "richardson elit leggings adipisicing ennui raw denim banjo hella. Godard\n" + "mixtape polaroid, pork belly readymade organic cray typewriter helvetica\n" + "four loko whatever street art yr farm-to-table.\n" + "\n" + "Vinyl keytar vice tofu. Locavore you probably haven't heard of them pug\n" + "pickled, hella tonx labore truffaut DIY mlkshk elit cosby sweater sint\n" + "et mumblecore. Elit swag semiotics, reprehenderit DIY sartorial nisi ugh\n" + "nesciunt pug pork belly wayfarers selfies delectus. Ethical hoodie\n" + "seitan fingerstache kale chips. Terry richardson artisan williamsburg,\n" + "eiusmod fanny pack irony tonx ennui lo-fi incididunt tofu YOLO\n" + "readymade. 8-bit sed ethnic beard officia. Pour-over iphone DIY butcher,\n" + "ethnic art party qui letterpress nisi proident jean shorts mlkshk\n" + "locavore.\n" + "\n" + "Narwhal flexitarian letterpress, do gluten-free voluptate next level\n" + "banh mi tonx incididunt carles DIY. Odd future nulla 8-bit beard ut\n" + "cillum pickled velit, YOLO officia you probably haven't heard of them\n" + "trust fund gastropub. Nisi adipisicing tattooed, Austin mlkshk 90's\n" + "small batch american apparel. Put a bird on it cosby sweater before they\n" + "sold out pork belly kogi hella. Street art mollit sustainable polaroid,\n" + "DIY ethnic ea pug beard dreamcatcher cosby sweater magna scenester nisi.\n" + "Sed pork belly skateboard mollit, labore proident eiusmod. Sriracha\n" + "excepteur cosby sweater, anim deserunt laborum eu aliquip ethical et\n" + "neutra PBR selvage.\n" + "\n" + "Raw denim pork belly truffaut, irony plaid sustainable put a bird on it\n" + "next level jean shorts exercitation. Hashtag keytar whatever, nihil\n" + "authentic aliquip disrupt laborum. Tattooed selfies deserunt trust fund\n" + "wayfarers. 3 wolf moon synth church-key sartorial, gastropub leggings\n" + "tattooed. Labore high life commodo, meggings raw denim fingerstache pug\n" + "trust fund leggings seitan forage. Nostrud ullamco duis, reprehenderit\n" + "incididunt flannel sustainable helvetica pork belly pug banksy you\n" + "probably haven't heard of them nesciunt farm-to-table. Disrupt nostrud\n" + "mollit magna, sriracha sartorial helvetica.\n" + "\n" + "Nulla kogi reprehenderit, skateboard sustainable duis adipisicing viral\n" + "ad fanny pack salvia. Fanny pack trust fund you probably haven't heard\n" + "of them YOLO vice nihil. Keffiyeh cray lo-fi pinterest cardigan aliqua,\n" + "reprehenderit aute. Culpa tousled williamsburg, marfa lomo actually anim\n" + "skateboard. Iphone aliqua ugh, semiotics pariatur vero readymade\n" + "organic. Marfa squid nulla, in laborum disrupt laboris irure gastropub.\n" + "Veniam sunt food truck leggings, sint vinyl fap.\n" + "\n" + "Hella dolore pork belly, truffaut carles you probably haven't heard of\n" + "them PBR helvetica in sapiente. Fashion axe ugh bushwick american\n" + "apparel. Fingerstache sed iphone, jean shorts blue bottle nisi bushwick\n" + "flexitarian officia veniam plaid bespoke fap YOLO lo-fi. Blog\n" + "letterpress mumblecore, food truck id cray brooklyn cillum ad sed.\n" + "Assumenda chambray wayfarers vinyl mixtape sustainable. VHS vinyl\n" + "delectus, culpa williamsburg polaroid cliche swag church-key synth kogi\n" + "magna pop-up literally. Swag thundercats ennui shoreditch vegan\n" + "pitchfork neutra truffaut etsy, sed single-origin coffee craft beer.\n" + "\n" + "Odio letterpress brooklyn elit. Nulla single-origin coffee in occaecat\n" + "meggings. Irony meggings 8-bit, chillwave lo-fi adipisicing cred\n" + "dreamcatcher veniam. Put a bird on it irony umami, trust fund bushwick\n" + "locavore kale chips. Sriracha swag thundercats, chillwave disrupt\n" + "tousled beard mollit mustache leggings portland next level. Nihil esse\n" + "est, skateboard art party etsy thundercats sed dreamcatcher ut iphone\n" + "swag consectetur et. Irure skateboard banjo, nulla deserunt messenger\n" + "bag dolor terry richardson sapiente.\n"; + +static const byte sample_text_gz[] = { + 0x1F, 0x8B, 0x08, 0x08, 0xC5, 0x49, 0xB5, 0x5B, 0x00, 0x03, 0x63, 0x69, 0x70, + 0x68, 0x65, 0x72, 0x74, 0x65, 0x78, 0x74, 0x2E, 0x74, 0x78, 0x74, 0x00, 0x8D, + 0x58, 0xCB, 0x92, 0xE4, 0xB6, 0x11, 0xBC, 0xE3, 0x2B, 0xEA, 0xA6, 0x83, 0xD9, + 0x1D, 0x72, 0xF8, 0x22, 0x1F, 0xB5, 0x96, 0xA5, 0xDD, 0x90, 0xBC, 0xAB, 0xD0, + 0x28, 0x36, 0x42, 0x47, 0x90, 0x2C, 0x36, 0xA1, 0x06, 0x09, 0x0A, 0x8F, 0xEE, + 0xE1, 0xDF, 0x3B, 0x0B, 0xE0, 0x73, 0x2C, 0x4B, 0xBA, 0xCD, 0xCE, 0x80, 0x78, + 0x64, 0x65, 0x65, 0x66, 0xED, 0x3B, 0xE3, 0x5A, 0xC3, 0x81, 0x2D, 0x35, 0x69, + 0x32, 0xAD, 0x8E, 0x3A, 0xD2, 0xA0, 0x7D, 0xA7, 0x2B, 0x6A, 0xAC, 0x69, 0x7A, + 0x26, 0x9D, 0x22, 0xD3, 0x94, 0x22, 0x69, 0xAA, 0x8D, 0x6F, 0xC9, 0x8D, 0x64, + 0x22, 0x99, 0xB1, 0x31, 0xAD, 0x69, 0xD3, 0x18, 0x89, 0xAD, 0x89, 0x6A, 0x72, + 0x56, 0x7B, 0x67, 0xDA, 0x2B, 0xBD, 0xC8, 0xEF, 0xB0, 0x4D, 0x74, 0x8E, 0x5B, + 0xAA, 0x39, 0x4C, 0xEE, 0xCE, 0xE4, 0x79, 0xF2, 0xDC, 0xF3, 0xD8, 0xB2, 0x37, + 0x11, 0x8B, 0x8C, 0x2C, 0x7A, 0x32, 0x93, 0xF3, 0x37, 0x3D, 0x9A, 0x86, 0x4C, + 0xAB, 0xF2, 0xB9, 0x57, 0xFA, 0x97, 0x1B, 0x06, 0xD7, 0x3A, 0x7A, 0xF0, 0x68, + 0xF4, 0x40, 0xBA, 0x25, 0x0E, 0x81, 0xE9, 0xA6, 0x43, 0xF4, 0x6E, 0x4A, 0xF5, + 0x95, 0xFE, 0x41, 0x4F, 0x67, 0x3B, 0x1A, 0x1C, 0xEE, 0x12, 0xB4, 0x8F, 0xCE, + 0x1B, 0x6D, 0xB1, 0xDE, 0xBB, 0x4A, 0x4D, 0x56, 0x9B, 0x96, 0x5A, 0xB6, 0xDC, + 0xC4, 0x14, 0x70, 0xE5, 0xF5, 0x7D, 0xE1, 0xB7, 0x84, 0x3F, 0xFC, 0xED, 0xEF, + 0xF4, 0x30, 0x0D, 0x5F, 0xE9, 0x47, 0x17, 0xE2, 0xC5, 0x78, 0x27, 0x67, 0xDF, + 0xB9, 0xEB, 0xCC, 0xCC, 0x3D, 0x59, 0xBE, 0xDD, 0xCC, 0x78, 0x0B, 0x0A, 0x1F, + 0x74, 0xF8, 0x8C, 0x1A, 0xAF, 0x67, 0xEA, 0xF4, 0x44, 0xBD, 0x93, 0x7D, 0x2A, + 0xEA, 0x9C, 0xD7, 0x37, 0x80, 0x32, 0x9A, 0x01, 0x37, 0xD5, 0xDE, 0xCA, 0xA2, + 0x0D, 0xB9, 0xD0, 0x3B, 0xCF, 0xAD, 0x89, 0x4D, 0x5F, 0xD1, 0xE7, 0xF7, 0x2F, + 0x2A, 0x0C, 0xDA, 0x5A, 0xAA, 0x35, 0x7E, 0x41, 0xC3, 0xB2, 0x37, 0xDD, 0xDD, + 0xCD, 0x50, 0xEB, 0x2C, 0x96, 0x62, 0x3B, 0xD7, 0x52, 0xF4, 0xA9, 0xB9, 0x6F, + 0x48, 0xED, 0xEF, 0x54, 0xEA, 0x67, 0xF6, 0x7E, 0x26, 0x8F, 0x3A, 0x68, 0xDF, + 0x06, 0xBC, 0x56, 0xB7, 0x66, 0x32, 0xC1, 0x34, 0xD8, 0x88, 0x34, 0x1E, 0x88, + 0xED, 0x67, 0x8A, 0xF3, 0xC4, 0x4F, 0xC0, 0xCA, 0x9E, 0x62, 0x1A, 0x6A, 0xEB, + 0xAB, 0x02, 0xED, 0xB3, 0xD7, 0x91, 0x81, 0x8A, 0xEA, 0x5C, 0xF2, 0x64, 0xDD, + 0xDD, 0xD1, 0xEC, 0x12, 0x4D, 0xDE, 0xD5, 0xBA, 0xC6, 0x77, 0xBD, 0x06, 0xC4, + 0x5F, 0x44, 0xEA, 0x59, 0x4B, 0x5D, 0x3B, 0x8A, 0x3D, 0x0F, 0xD4, 0x9B, 0x1B, + 0x80, 0x30, 0x1D, 0x30, 0xFA, 0x8F, 0x00, 0x3F, 0xDE, 0xB0, 0x6F, 0xAD, 0x6F, + 0x6A, 0xDD, 0x6E, 0x2F, 0x6E, 0xCB, 0x3C, 0xD1, 0x83, 0x06, 0x7B, 0x0F, 0xFD, + 0xFD, 0x4A, 0xEF, 0xBC, 0x73, 0x77, 0x3B, 0x8F, 0x34, 0xA1, 0xBA, 0xEC, 0x39, + 0x80, 0x33, 0x21, 0xA4, 0x01, 0x55, 0xD7, 0xD4, 0xF4, 0xC6, 0xDA, 0x27, 0x4E, + 0x54, 0x1C, 0x2B, 0xEC, 0x37, 0xDE, 0xC3, 0x4C, 0xC9, 0x5A, 0x3D, 0x34, 0x0E, + 0xD8, 0x1C, 0x0E, 0xA2, 0x34, 0xE8, 0xC1, 0xD0, 0xA4, 0x51, 0xD5, 0x88, 0x8B, + 0xB7, 0xC6, 0xA3, 0x96, 0x40, 0x49, 0xB7, 0xBC, 0xE0, 0x7F, 0x55, 0x3F, 0xEF, + 0x6F, 0x6E, 0x92, 0x9D, 0x34, 0xFE, 0x3C, 0x5F, 0x04, 0xA5, 0x6A, 0xFF, 0x30, + 0x08, 0xC9, 0xEA, 0xF5, 0x52, 0x2B, 0xFE, 0x57, 0xFA, 0x8E, 0xC7, 0xE8, 0x4D, + 0x37, 0xAB, 0x03, 0xFA, 0x23, 0xBF, 0x46, 0x94, 0xFF, 0xC1, 0x16, 0xE0, 0xB9, + 0x14, 0x2C, 0x9E, 0x27, 0xEC, 0x98, 0x69, 0x14, 0x92, 0xF1, 0x60, 0x5C, 0x34, + 0x4D, 0xA0, 0x1F, 0xDF, 0xFD, 0x44, 0x1C, 0x7B, 0xD3, 0x80, 0x70, 0x42, 0x02, + 0x30, 0x84, 0x5B, 0xE5, 0x59, 0xB7, 0xF3, 0x80, 0xFB, 0x01, 0x33, 0xA9, 0x00, + 0x37, 0x52, 0xDC, 0xDA, 0xA7, 0x11, 0x85, 0xB7, 0x6E, 0x70, 0xE4, 0xDA, 0x96, + 0xBA, 0x84, 0x5B, 0x81, 0x43, 0x93, 0xF3, 0xD1, 0xEA, 0xB1, 0xDD, 0xB8, 0x1F, + 0xA5, 0xCC, 0xEA, 0x50, 0x66, 0x69, 0xA9, 0x8D, 0x8C, 0xA7, 0xA2, 0xF3, 0x38, + 0x26, 0x43, 0x5E, 0x3F, 0x01, 0xBE, 0x1C, 0x0F, 0x20, 0x7F, 0x75, 0xA8, 0x20, + 0x80, 0xC4, 0xC3, 0x5C, 0x8B, 0x0D, 0xD4, 0x60, 0x5E, 0xA3, 0x9E, 0xD0, 0xB4, + 0x4B, 0x4F, 0xE6, 0x13, 0x85, 0x60, 0x42, 0x96, 0xED, 0xAA, 0xDB, 0xE9, 0x99, + 0xE3, 0x07, 0x0E, 0x61, 0xB3, 0x07, 0xE3, 0xB1, 0xFA, 0xC0, 0x9B, 0xAD, 0xF6, + 0xE0, 0x26, 0x33, 0xEA, 0xEA, 0x23, 0xCD, 0x1E, 0x9D, 0xE1, 0x87, 0x4B, 0x74, + 0x97, 0x08, 0x3E, 0xA1, 0x28, 0xEA, 0xB3, 0x19, 0x67, 0x8B, 0x76, 0x9A, 0xA3, + 0xF6, 0xB9, 0xCF, 0x80, 0x65, 0x97, 0xAE, 0xF4, 0x83, 0x6B, 0xF4, 0x43, 0x20, + 0xF9, 0x0B, 0xFC, 0x9B, 0xD2, 0x4D, 0x4D, 0xA6, 0xB9, 0xA3, 0x02, 0x55, 0x79, + 0x18, 0x36, 0x19, 0x5F, 0xC9, 0xEA, 0x5A, 0x76, 0x40, 0xB9, 0xBA, 0x0E, 0x9A, + 0x44, 0xDF, 0x7C, 0xF8, 0x65, 0x61, 0x5E, 0x81, 0xAB, 0x71, 0xA1, 0x9E, 0x29, + 0x3C, 0x59, 0xCB, 0x23, 0xA4, 0xF6, 0x60, 0x1A, 0x0D, 0x5B, 0x39, 0xAE, 0xF4, + 0x6F, 0x59, 0x16, 0x9E, 0x60, 0xD8, 0x56, 0xCF, 0xEA, 0x2C, 0x4C, 0x79, 0xD3, + 0x5D, 0x51, 0x46, 0xA0, 0x4E, 0xE9, 0xD6, 0xAB, 0x91, 0x43, 0x63, 0x44, 0xD7, + 0x70, 0xB9, 0x23, 0x98, 0x4F, 0x3D, 0x03, 0x02, 0xF6, 0x81, 0x56, 0xC1, 0x58, + 0x85, 0x07, 0xA7, 0x2D, 0x2C, 0x29, 0xCA, 0x01, 0x45, 0x31, 0x51, 0x8F, 0xD4, + 0x19, 0xA1, 0x79, 0x88, 0x5A, 0xA4, 0xF5, 0xAE, 0x2D, 0x4B, 0x63, 0x4C, 0x58, + 0xFE, 0xBF, 0xAD, 0xEE, 0xA3, 0x09, 0xF8, 0xE2, 0x89, 0xBE, 0x81, 0x0E, 0x86, + 0x3A, 0xF9, 0x5B, 0xA5, 0xD8, 0xA4, 0x00, 0x75, 0x04, 0xF2, 0x23, 0xB8, 0x39, + 0x69, 0x50, 0xB7, 0xD0, 0x34, 0x63, 0x54, 0xD8, 0x61, 0xDD, 0xA5, 0x33, 0x47, + 0x85, 0x96, 0x22, 0xD0, 0x2F, 0x9F, 0x7E, 0xF8, 0x74, 0x24, 0xEA, 0x57, 0x97, + 0x5A, 0xE0, 0x00, 0xCF, 0xC1, 0x67, 0xE1, 0x41, 0xBD, 0x94, 0xA1, 0x03, 0xD3, + 0xB4, 0x08, 0x64, 0xF2, 0x17, 0x27, 0x35, 0x37, 0x53, 0xEF, 0x46, 0xCE, 0xD8, + 0xD4, 0x09, 0x52, 0xC6, 0x1E, 0xF7, 0x28, 0xDF, 0x08, 0x0F, 0xD0, 0x6F, 0x71, + 0xA6, 0xDF, 0xE4, 0x60, 0x8E, 0xC0, 0x1E, 0x78, 0x86, 0x50, 0xB0, 0x9B, 0x84, + 0x7E, 0xE8, 0x36, 0xFA, 0x95, 0xF1, 0x12, 0x51, 0xC7, 0x18, 0x96, 0xA2, 0x29, + 0xBB, 0x70, 0x02, 0xB4, 0xF9, 0xA8, 0x3D, 0x08, 0x66, 0xA9, 0xB3, 0xFC, 0x0A, + 0x94, 0x80, 0xFD, 0x78, 0xDC, 0xAB, 0x82, 0x5A, 0xD2, 0xCD, 0xC2, 0x87, 0xC6, + 0x4B, 0x07, 0xFA, 0xD1, 0xC3, 0xD9, 0x34, 0x41, 0x85, 0xF8, 0xD0, 0xB6, 0x0A, + 0x9D, 0x00, 0x91, 0x35, 0x05, 0x88, 0xC3, 0xE3, 0x9B, 0x22, 0xD2, 0xB8, 0xFD, + 0x95, 0x3E, 0x6D, 0x5D, 0x48, 0xA3, 0x68, 0xCF, 0x02, 0x42, 0x79, 0x79, 0x8A, + 0xAA, 0x01, 0xD6, 0x09, 0x14, 0x2C, 0xF4, 0x83, 0xA3, 0x80, 0x31, 0x55, 0x46, + 0x6E, 0xC5, 0xE5, 0x2F, 0x30, 0x58, 0x81, 0xA2, 0x90, 0xBE, 0x2E, 0xA1, 0xC3, + 0x0F, 0xA6, 0xF5, 0x51, 0x00, 0x39, 0xB6, 0xF2, 0x2A, 0xA3, 0x15, 0x7D, 0x8D, + 0xF5, 0x66, 0x5C, 0xD9, 0xFC, 0xCF, 0x2F, 0xBF, 0x08, 0x27, 0xE7, 0xD0, 0x03, + 0xB8, 0xD9, 0x00, 0x13, 0x3D, 0x01, 0x6B, 0xB6, 0xA8, 0xCD, 0x5B, 0x3B, 0x3E, + 0x93, 0xBF, 0xE6, 0x2E, 0xB7, 0x4A, 0xCF, 0xB3, 0x0A, 0xCE, 0x62, 0x11, 0xD6, + 0x1F, 0x68, 0x9B, 0x1D, 0x68, 0xD1, 0x8C, 0x97, 0xBD, 0xA1, 0x07, 0x67, 0x73, + 0x87, 0xE0, 0x36, 0xDA, 0x8C, 0xD2, 0xD2, 0xBB, 0x84, 0x28, 0xA9, 0xFE, 0x52, + 0x74, 0xD6, 0xB9, 0x0F, 0x0A, 0x6A, 0x2D, 0x28, 0x35, 0x34, 0x3A, 0xD3, 0xE2, + 0xCD, 0x35, 0x06, 0x7D, 0x1B, 0x35, 0x85, 0x86, 0xD1, 0x3E, 0xF2, 0x6F, 0xA1, + 0xC4, 0x55, 0xBD, 0x00, 0xD8, 0xC3, 0x5D, 0xC2, 0x1D, 0x6B, 0x6B, 0x27, 0x5B, + 0x95, 0xF3, 0xAB, 0xB5, 0xD3, 0x37, 0xF2, 0x2C, 0x9C, 0xC7, 0x5D, 0xBD, 0xF1, + 0x68, 0x1C, 0xAD, 0xF8, 0xB5, 0xE1, 0x29, 0x72, 0x7A, 0x73, 0x62, 0x55, 0x24, + 0xB9, 0x85, 0xDF, 0x7B, 0x29, 0x7D, 0xDE, 0x08, 0xF5, 0xE4, 0x44, 0xDA, 0x1A, + 0x30, 0x74, 0xDA, 0xB4, 0x9B, 0x23, 0x9A, 0x3A, 0xC1, 0x53, 0xB2, 0xA2, 0xA3, + 0x7B, 0x1F, 0xD9, 0x56, 0xD4, 0x4F, 0x9B, 0xB2, 0x1E, 0xEE, 0xB8, 0x6A, 0x4E, + 0xB5, 0xF4, 0x5A, 0xC9, 0x18, 0x27, 0x9C, 0xDE, 0x14, 0x44, 0xED, 0xC4, 0x3C, + 0x71, 0x9F, 0x5F, 0xD9, 0x37, 0xA0, 0x78, 0x34, 0x6E, 0xBC, 0xD2, 0x7B, 0x1D, + 0xFA, 0x08, 0x39, 0x5A, 0x04, 0x73, 0x15, 0xD9, 0x0A, 0x48, 0xC1, 0x2D, 0x15, + 0x4E, 0x84, 0x30, 0x45, 0x69, 0xB3, 0xE5, 0xF6, 0xAD, 0x09, 0x1E, 0xCC, 0x5F, + 0x1F, 0x06, 0xD5, 0x58, 0xAD, 0x78, 0xD7, 0x9F, 0xE5, 0xED, 0x3B, 0x09, 0xD5, + 0xA6, 0x52, 0x6F, 0x92, 0xD3, 0x3C, 0xC6, 0x1E, 0xF2, 0x93, 0x7C, 0xD3, 0x5F, + 0x70, 0x85, 0x5D, 0xF8, 0xAA, 0x9D, 0xB7, 0x7B, 0x24, 0x5A, 0xE9, 0x0A, 0x35, + 0x2F, 0xF5, 0xD9, 0x82, 0x02, 0x8A, 0x90, 0x13, 0x5B, 0xB5, 0x67, 0x9C, 0xDD, + 0xA0, 0x4E, 0x82, 0x27, 0xDA, 0x7E, 0xE8, 0x8E, 0xCD, 0xE1, 0x56, 0x71, 0x2C, + 0xE6, 0x4E, 0x1F, 0x91, 0xCD, 0x7C, 0x6A, 0xB7, 0x78, 0xD0, 0x26, 0xF3, 0x56, + 0xA9, 0xD5, 0xA1, 0xC3, 0x3B, 0x98, 0xE9, 0x28, 0x09, 0xEF, 0x50, 0x90, 0xCD, + 0xC4, 0x8E, 0x75, 0xCC, 0xAC, 0x2D, 0xC9, 0x03, 0x6D, 0xAC, 0xFE, 0xC4, 0x88, + 0x36, 0xD1, 0x3F, 0xBB, 0x1C, 0x7D, 0xB3, 0x14, 0x61, 0x2C, 0xB7, 0x54, 0x4B, + 0xDB, 0x64, 0xB6, 0x57, 0x14, 0x16, 0x8E, 0x1E, 0x6C, 0x64, 0xBB, 0x8B, 0x48, + 0x5D, 0x96, 0x9D, 0xDC, 0x80, 0xA7, 0xF7, 0x54, 0xC7, 0x46, 0x38, 0x3E, 0x44, + 0xDE, 0x7E, 0x92, 0x8D, 0x07, 0xF6, 0x07, 0x37, 0x4E, 0x16, 0x10, 0xB4, 0x7D, + 0x88, 0x66, 0x7F, 0xBB, 0xFF, 0xEA, 0x00, 0xF3, 0xFF, 0x97, 0x2C, 0xB5, 0xBE, + 0x35, 0x4B, 0x5C, 0x36, 0xEC, 0x4C, 0xBD, 0x2B, 0x7D, 0xBF, 0x46, 0xE2, 0x9C, + 0x0E, 0x8A, 0xA3, 0xEC, 0xB1, 0x0E, 0x9A, 0xDA, 0x9A, 0x9B, 0x28, 0x92, 0x10, + 0x53, 0x57, 0xEA, 0xEC, 0xA2, 0x32, 0x32, 0x20, 0x1D, 0x97, 0x5C, 0xB6, 0x84, + 0xA9, 0x93, 0x8D, 0x95, 0x11, 0xA3, 0x24, 0xA3, 0x2D, 0xC6, 0x4A, 0xEF, 0xAA, + 0x1D, 0x85, 0x2B, 0x7D, 0x28, 0xBE, 0x53, 0xCE, 0x10, 0x1F, 0xAE, 0x0E, 0x41, + 0x6C, 0x4B, 0x79, 0x12, 0xFB, 0xF7, 0x54, 0xA3, 0x96, 0x54, 0x83, 0x20, 0x96, + 0x8F, 0x28, 0xA9, 0x3F, 0x8B, 0x3D, 0xBA, 0x77, 0xDC, 0x24, 0xE1, 0xD4, 0x49, + 0x40, 0xD8, 0x78, 0x31, 0x85, 0x43, 0xF6, 0xFE, 0x5C, 0xA6, 0x8F, 0x90, 0x09, + 0xB0, 0xE7, 0xC4, 0x95, 0xB2, 0x55, 0x49, 0x97, 0x8F, 0x1C, 0x78, 0x30, 0x20, + 0xA0, 0xB4, 0xEF, 0x73, 0x56, 0x59, 0x82, 0xFD, 0xCE, 0xBA, 0x6A, 0x8F, 0x2C, + 0x8B, 0x15, 0xFD, 0xA1, 0x85, 0xA8, 0x5C, 0x0F, 0x11, 0xA5, 0x9D, 0xC2, 0x46, + 0xC6, 0x9C, 0xC9, 0x40, 0x0B, 0x58, 0x6A, 0x1C, 0x7A, 0x23, 0xF9, 0xE0, 0x95, + 0x05, 0x13, 0x58, 0x72, 0xE8, 0x9F, 0x30, 0xAC, 0xCD, 0x26, 0xD4, 0x66, 0x13, + 0xDF, 0x1E, 0x7B, 0x4F, 0x9C, 0xBE, 0x38, 0x79, 0x75, 0x92, 0xA4, 0xDA, 0x26, + 0x44, 0x55, 0x17, 0xA3, 0xE5, 0x62, 0xDA, 0xEB, 0x86, 0xEA, 0x68, 0xC7, 0xAB, + 0xFD, 0x2D, 0x43, 0x59, 0x51, 0xC0, 0x75, 0x64, 0x91, 0x01, 0x29, 0x33, 0x28, + 0xF3, 0x04, 0x83, 0x80, 0x75, 0x37, 0x75, 0x0C, 0x03, 0x7B, 0x0A, 0xAB, 0x8E, + 0x60, 0x62, 0x8B, 0x4C, 0xAF, 0x2D, 0xA3, 0x2F, 0xFE, 0xAB, 0x45, 0xCF, 0xDA, + 0xAB, 0xFA, 0xFA, 0x30, 0x3D, 0xE8, 0xA1, 0x96, 0xA5, 0x7B, 0xE2, 0x2A, 0xD0, + 0xAF, 0x59, 0xF7, 0xD0, 0x32, 0x57, 0x19, 0xBD, 0xCA, 0x9F, 0xD5, 0x1A, 0xC7, + 0xAA, 0x65, 0x4A, 0x38, 0xB2, 0x70, 0x33, 0xB7, 0x75, 0xD2, 0xCD, 0xD1, 0xF0, + 0xA8, 0x87, 0x59, 0x20, 0xA5, 0x57, 0x55, 0xB1, 0xB2, 0xC9, 0x4D, 0x97, 0x34, + 0x41, 0xF3, 0xF0, 0x30, 0xA1, 0x2C, 0x1C, 0x49, 0x3E, 0x89, 0x7D, 0x12, 0xE2, + 0xC3, 0x04, 0xC3, 0x92, 0xC0, 0xF6, 0x39, 0x10, 0x80, 0x81, 0x8F, 0x08, 0xB4, + 0xF8, 0xB9, 0x13, 0x4E, 0x2C, 0xAE, 0xB3, 0x71, 0x82, 0x63, 0x98, 0xAB, 0x5C, + 0x1C, 0x10, 0xEA, 0x66, 0xF9, 0x02, 0x3A, 0x82, 0x61, 0xD0, 0xD4, 0xAE, 0x43, + 0xD4, 0x01, 0x3E, 0x9D, 0x04, 0x14, 0xF6, 0x60, 0xD8, 0xA7, 0xD6, 0xB8, 0x53, + 0xC8, 0xDA, 0x80, 0x93, 0xA0, 0x02, 0xDD, 0xCC, 0xE2, 0xF2, 0xBB, 0xFB, 0xE0, + 0x27, 0xD7, 0x34, 0x9A, 0x71, 0x49, 0xB5, 0x4F, 0x42, 0x1F, 0xB2, 0x9D, 0x6D, + 0xAA, 0x9D, 0xD3, 0x50, 0xB5, 0x8F, 0x6A, 0x4B, 0xDF, 0x1F, 0xD5, 0x27, 0x8F, + 0x3B, 0x27, 0xCF, 0x2F, 0x8C, 0xF8, 0x9D, 0x4C, 0x52, 0xBC, 0x32, 0x0F, 0x73, + 0xD5, 0x51, 0x8E, 0x36, 0x7E, 0xAD, 0x09, 0xF0, 0x94, 0x83, 0x5F, 0x36, 0xFD, + 0x7C, 0x03, 0xED, 0xF1, 0x5E, 0x4B, 0xF7, 0xAA, 0x55, 0x5C, 0x4A, 0x14, 0x59, + 0x85, 0x38, 0x2D, 0x8C, 0xDF, 0xEC, 0x65, 0x1B, 0xB8, 0x76, 0x57, 0x96, 0x3C, + 0x86, 0xED, 0xF2, 0x7F, 0x2D, 0x28, 0x48, 0xDA, 0x49, 0x7F, 0xF7, 0x54, 0x2B, + 0xD5, 0x39, 0xD5, 0x57, 0x0A, 0x75, 0x7A, 0x3E, 0x5E, 0x5D, 0xBA, 0x4A, 0x15, + 0xFA, 0xB8, 0x31, 0x80, 0x71, 0x2C, 0xCA, 0xC4, 0x51, 0x10, 0x16, 0x5D, 0x39, + 0xEC, 0x9D, 0x07, 0xB6, 0x6A, 0x89, 0x9F, 0x9B, 0x5B, 0x6F, 0x03, 0xB0, 0x92, + 0x01, 0x38, 0x6B, 0x48, 0x99, 0x0A, 0x8F, 0x13, 0xC1, 0xA6, 0x01, 0xEA, 0xBF, + 0x6F, 0x86, 0x43, 0x51, 0xB6, 0x11, 0x00, 0x00 +}; + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void) +{ + wc_test_ret_t ret = 0; + word32 dSz = sizeof(sample_text); + word32 cSz = (dSz + (word32)(dSz * 0.001) + 12); + byte *c; + byte *d; + WOLFSSL_ENTER("compress_test"); + + c = (byte *)XMALLOC(cSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + d = (byte *)XMALLOC(dSz * sizeof(byte), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (c == NULL || d == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit); + } + + /* follow calloc and initialize to 0 */ + XMEMSET(c, 0, cSz); + XMEMSET(d, 0, dSz); + + if ((ret = wc_Compress(c, cSz, sample_text, dSz, 0)) < 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + cSz = (word32)ret; + + if ((ret = wc_DeCompress(d, dSz, c, cSz)) != (int)dSz) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + } + dSz = (word32)ret; + + if (XMEMCMP(d, sample_text, dSz) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } + + /* GZIP tests */ + cSz = (dSz + (word32)(dSz * 0.001) + 12); /* reset cSz */ + XMEMSET(c, 0, cSz); + XMEMSET(d, 0, dSz); + + ret = wc_Compress_ex(c, cSz, sample_text, dSz, 0, LIBZ_WINBITS_GZIP); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + cSz = (word32)ret; + + ret = wc_DeCompress_ex(d, dSz, c, cSz, LIBZ_WINBITS_GZIP); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + + if (XMEMCMP(d, sample_text, dSz) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } + + /* Try with gzip generated output */ + XMEMSET(d, 0, dSz); + ret = wc_DeCompress_ex(d, dSz, sample_text_gz, sizeof(sample_text_gz), + LIBZ_WINBITS_GZIP); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit); + dSz = (word32)ret; + + if (XMEMCMP(d, sample_text, dSz) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit); + } + + ret = 0; /* success */ + +exit: + XFREE(c, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(d, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +#endif /* HAVE_LIBZ */ + +#ifdef HAVE_PKCS7 + +/* External Debugging/Testing Note: + * + * PKCS#7 test functions can output generated PKCS#7/CMS bundles for + * additional testing. To dump bundles to files DER encoded files, please + * define: + * + * #define PKCS7_OUTPUT_TEST_BUNDLES + */ + + +/* Loads certs and keys for use with PKCS7 tests, from either files + * or buffers. + * + * rsaClientCertBuf - output buffer for RSA client cert + * rsaClientCertBufSz - IN/OUT size of output buffer, size of RSA client cert + * rsaClientPrivKeyBuf - output buffer for RSA client private key + * rsaClientPrivKeyBufSz - IN/OUT size of output buffer, size of RSA client key + * + * rsaServerCertBuf - output buffer for RSA server cert + * rsaServerCertBufSz - IN/OUT size of output buffer, size of RSA server cert + * rsaServerPrivKeyBuf - output buffer for RSA server private key + * rsaServerPrivKeyBufSz - IN/OUT size of output buffer, size of RSA server key + * + * rsaCaCertBuf - output buffer for RSA CA cert + * rsaCaCertBufSz - IN/OUT size of output buffer, size of RSA ca cert + * rsaCaPrivKeyBuf - output buffer for RSA CA private key + * rsaCaPrivKeyBufSz - IN/OUT size of output buffer, size of RSA CA key + * + * eccClientCertBuf - output buffer for ECC cert + * eccClientCertBufSz - IN/OUT size of output buffer, size of ECC cert + * eccClientPrivKeyBuf - output buffer for ECC private key + * eccClientPrivKeyBufSz - IN/OUT size of output buffer, size of ECC private key + * + * Returns 0 on success, negative on error + */ +static wc_test_ret_t pkcs7_load_certs_keys( + byte* rsaClientCertBuf, word32* rsaClientCertBufSz, + byte* rsaClientPrivKeyBuf, word32* rsaClientPrivKeyBufSz, + byte* rsaServerCertBuf, word32* rsaServerCertBufSz, + byte* rsaServerPrivKeyBuf, word32* rsaServerPrivKeyBufSz, + byte* rsaCaCertBuf, word32* rsaCaCertBufSz, + byte* rsaCaPrivKeyBuf, word32* rsaCaPrivKeyBufSz, + byte* eccClientCertBuf, word32* eccClientCertBufSz, + byte* eccClientPrivKeyBuf, word32* eccClientPrivKeyBufSz) +{ +#ifndef NO_FILESYSTEM + XFILE certFile; + XFILE keyFile; + + (void)certFile; + (void)keyFile; +#endif + +#ifndef NO_RSA + if (rsaClientCertBuf == NULL || rsaClientCertBufSz == NULL || + rsaClientPrivKeyBuf == NULL || rsaClientPrivKeyBufSz == NULL) + return BAD_FUNC_ARG; +#endif + +#ifdef HAVE_ECC + if (eccClientCertBuf == NULL || eccClientCertBufSz == NULL || + eccClientPrivKeyBuf == NULL || eccClientPrivKeyBufSz == NULL) + return BAD_FUNC_ARG; +#endif + +/* RSA */ +#ifndef NO_RSA + +#ifdef USE_CERT_BUFFERS_1024 + if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_1024) + return WC_TEST_RET_ENC_NC; + + XMEMCPY(rsaClientCertBuf, client_cert_der_1024, + sizeof_client_cert_der_1024); + *rsaClientCertBufSz = sizeof_client_cert_der_1024; + + if (rsaServerCertBuf != NULL) { + if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_1024) + return WC_TEST_RET_ENC_NC; + + XMEMCPY(rsaServerCertBuf, server_cert_der_1024, + sizeof_server_cert_der_1024); + *rsaServerCertBufSz = sizeof_server_cert_der_1024; + } + + if (rsaCaCertBuf != NULL) { + if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_1024) + return WC_TEST_RET_ENC_NC; + + XMEMCPY(rsaCaCertBuf, ca_cert_der_1024, sizeof_ca_cert_der_1024); + *rsaCaCertBufSz = sizeof_ca_cert_der_1024; + } +#elif defined(USE_CERT_BUFFERS_2048) + if (*rsaClientCertBufSz < (word32)sizeof_client_cert_der_2048) + return WC_TEST_RET_ENC_NC; + + XMEMCPY(rsaClientCertBuf, client_cert_der_2048, + sizeof_client_cert_der_2048); + *rsaClientCertBufSz = sizeof_client_cert_der_2048; + + if (rsaServerCertBuf != NULL) { + if (*rsaServerCertBufSz < (word32)sizeof_server_cert_der_2048) + return WC_TEST_RET_ENC_NC; + + XMEMCPY(rsaServerCertBuf, server_cert_der_2048, + sizeof_server_cert_der_2048); + *rsaServerCertBufSz = sizeof_server_cert_der_2048; + } + + if (rsaCaCertBuf != NULL) { + if (*rsaCaCertBufSz < (word32)sizeof_ca_cert_der_2048) + return WC_TEST_RET_ENC_NC; + + XMEMCPY(rsaCaCertBuf, ca_cert_der_2048, sizeof_ca_cert_der_2048); + *rsaCaCertBufSz = sizeof_ca_cert_der_2048; + } +#else + certFile = XFOPEN(clientCert, "rb"); + if (!certFile) + return WC_TEST_RET_ENC_ERRNO; + + *rsaClientCertBufSz = (word32)XFREAD(rsaClientCertBuf, 1, + *rsaClientCertBufSz, certFile); + XFCLOSE(certFile); + if (*rsaClientCertBufSz == 0) + return WC_TEST_RET_ENC_ERRNO; + + if (rsaServerCertBuf != NULL) { + certFile = XFOPEN(rsaServerCertDerFile, "rb"); + if (!certFile) + return WC_TEST_RET_ENC_ERRNO; + + *rsaServerCertBufSz = (word32)XFREAD(rsaServerCertBuf, 1, + *rsaServerCertBufSz, certFile); + XFCLOSE(certFile); + if (*rsaServerCertBufSz == 0) + return WC_TEST_RET_ENC_ERRNO; + } + + if (rsaCaCertBuf != NULL) { + certFile = XFOPEN(rsaCaCertDerFile, "rb"); + if (!certFile) + return WC_TEST_RET_ENC_ERRNO; + + *rsaCaCertBufSz = (word32)XFREAD(rsaCaCertBuf, 1, *rsaCaCertBufSz, + certFile); + XFCLOSE(certFile); + if (*rsaCaCertBufSz == 0) + return WC_TEST_RET_ENC_ERRNO; + } +#endif + +#ifdef USE_CERT_BUFFERS_1024 + if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_1024) + return WC_TEST_RET_ENC_NC; + + XMEMCPY(rsaClientPrivKeyBuf, client_key_der_1024, + sizeof_client_key_der_1024); + *rsaClientPrivKeyBufSz = sizeof_client_key_der_1024; + + if (rsaServerPrivKeyBuf != NULL) { + if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_1024) + return WC_TEST_RET_ENC_NC; + + XMEMCPY(rsaServerPrivKeyBuf, server_key_der_1024, + sizeof_server_key_der_1024); + *rsaServerPrivKeyBufSz = sizeof_server_key_der_1024; + } + + if (rsaCaPrivKeyBuf != NULL) { + if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_1024) + return WC_TEST_RET_ENC_NC; + + XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_1024, sizeof_ca_key_der_1024); + *rsaCaPrivKeyBufSz = sizeof_ca_key_der_1024; + } +#elif defined(USE_CERT_BUFFERS_2048) + if (*rsaClientPrivKeyBufSz < (word32)sizeof_client_key_der_2048) + return WC_TEST_RET_ENC_NC; + + XMEMCPY(rsaClientPrivKeyBuf, client_key_der_2048, + sizeof_client_key_der_2048); + *rsaClientPrivKeyBufSz = sizeof_client_key_der_2048; + + if (rsaServerPrivKeyBuf != NULL) { + if (*rsaServerPrivKeyBufSz < (word32)sizeof_server_key_der_2048) + return WC_TEST_RET_ENC_NC; + + XMEMCPY(rsaServerPrivKeyBuf, server_key_der_2048, + sizeof_server_key_der_2048); + *rsaServerPrivKeyBufSz = sizeof_server_key_der_2048; + } + + if (rsaCaPrivKeyBuf != NULL) { + if (*rsaCaPrivKeyBufSz < (word32)sizeof_ca_key_der_2048) + return WC_TEST_RET_ENC_NC; + + XMEMCPY(rsaCaPrivKeyBuf, ca_key_der_2048, sizeof_ca_key_der_2048); + *rsaCaPrivKeyBufSz = sizeof_ca_key_der_2048; + } +#else + keyFile = XFOPEN(clientKey, "rb"); + if (!keyFile) + return WC_TEST_RET_ENC_ERRNO; + + *rsaClientPrivKeyBufSz = (word32)XFREAD(rsaClientPrivKeyBuf, 1, + *rsaClientPrivKeyBufSz, keyFile); + XFCLOSE(keyFile); + if (*rsaClientPrivKeyBufSz == 0) + return WC_TEST_RET_ENC_ERRNO; + + if (rsaServerPrivKeyBuf != NULL) { + keyFile = XFOPEN(rsaServerKeyDerFile, "rb"); + if (!keyFile) + return WC_TEST_RET_ENC_ERRNO; + + *rsaServerPrivKeyBufSz = (word32)XFREAD(rsaServerPrivKeyBuf, 1, + *rsaServerPrivKeyBufSz, keyFile); + XFCLOSE(keyFile); + if (*rsaServerPrivKeyBufSz == 0) + return WC_TEST_RET_ENC_ERRNO; + } + + if (rsaCaPrivKeyBuf != NULL) { + keyFile = XFOPEN(rsaCaKeyFile, "rb"); + if (!keyFile) + return WC_TEST_RET_ENC_ERRNO; + + *rsaCaPrivKeyBufSz = (word32)XFREAD(rsaCaPrivKeyBuf, 1, + *rsaCaPrivKeyBufSz, keyFile); + XFCLOSE(keyFile); + if (*rsaCaPrivKeyBufSz == 0) + return WC_TEST_RET_ENC_ERRNO; + } +#endif /* USE_CERT_BUFFERS */ + +#endif /* NO_RSA */ + +/* ECC */ +#ifdef HAVE_ECC + +#ifdef USE_CERT_BUFFERS_256 + if (*eccClientCertBufSz < (word32)sizeof_cliecc_cert_der_256) + return WC_TEST_RET_ENC_NC; + + XMEMCPY(eccClientCertBuf, cliecc_cert_der_256, sizeof_cliecc_cert_der_256); + *eccClientCertBufSz = sizeof_cliecc_cert_der_256; +#else + certFile = XFOPEN(eccClientCert, "rb"); + if (!certFile) + return WC_TEST_RET_ENC_ERRNO; + + *eccClientCertBufSz = (word32)XFREAD(eccClientCertBuf, 1, + *eccClientCertBufSz, certFile); + XFCLOSE(certFile); + if (*eccClientCertBufSz == 0) + return WC_TEST_RET_ENC_ERRNO; +#endif /* USE_CERT_BUFFERS_256 */ + +#ifdef USE_CERT_BUFFERS_256 + if (*eccClientPrivKeyBufSz < (word32)sizeof_ecc_clikey_der_256) + return WC_TEST_RET_ENC_NC; + + XMEMCPY(eccClientPrivKeyBuf, ecc_clikey_der_256, sizeof_ecc_clikey_der_256); + *eccClientPrivKeyBufSz = sizeof_ecc_clikey_der_256; +#else + keyFile = XFOPEN(eccClientKey, "rb"); + if (!keyFile) + return WC_TEST_RET_ENC_ERRNO; + + *eccClientPrivKeyBufSz = (word32)XFREAD(eccClientPrivKeyBuf, 1, + *eccClientPrivKeyBufSz, keyFile); + XFCLOSE(keyFile); + if (*eccClientPrivKeyBufSz == 0) + return WC_TEST_RET_ENC_ERRNO; +#endif /* USE_CERT_BUFFERS_256 */ +#endif /* HAVE_ECC */ + +#ifdef NO_RSA + (void)rsaClientCertBuf; + (void)rsaClientCertBufSz; + (void)rsaClientPrivKeyBuf; + (void)rsaClientPrivKeyBufSz; + (void)rsaServerCertBuf; + (void)rsaServerCertBufSz; + (void)rsaServerPrivKeyBuf; + (void)rsaServerPrivKeyBufSz; + (void)rsaCaCertBuf; + (void)rsaCaCertBufSz; + (void)rsaCaPrivKeyBuf; + (void)rsaCaPrivKeyBufSz; +#endif +#ifndef HAVE_ECC + (void)eccClientCertBuf; + (void)eccClientCertBufSz; + (void)eccClientPrivKeyBuf; + (void)eccClientPrivKeyBufSz; +#endif +#ifndef NO_FILESYSTEM + (void)certFile; + (void)keyFile; +#endif + return 0; +} + + +typedef struct { + const byte* content; + word32 contentSz; + int contentOID; + int encryptOID; + int keyWrapOID; + int keyAgreeOID; + byte* cert; + size_t certSz; + byte* privateKey; + word32 privateKeySz; + byte* optionalUkm; + word32 optionalUkmSz; + int ktriOptions; /* KTRI options flags */ + int kariOptions; /* KARI options flags */ + + /* KEKRI specific */ + const byte* secretKey; /* key, only for kekri RecipientInfo types */ + word32 secretKeySz; /* size of secretKey, bytes */ + const byte* secretKeyId; /* key identifier */ + word32 secretKeyIdSz; /* size of key identifier, bytes */ + void* timePtr; /* time_t pointer */ + byte* otherAttrOID; /* OPTIONAL, other attribute OID */ + word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */ + byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */ + word32 otherAttrSz; /* size of otherAttr, bytes */ + int kekriOptions; /* KEKRI options flags */ + + /* PWRI specific */ + const char* password; + word32 passwordSz; + const byte* salt; + word32 saltSz; + int kdfOID; + int hashOID; + int kdfIterations; + int pwriOptions; /* PWRI options flags */ + + /* ORI specific */ + int isOri; + int oriOptions; /* ORI options flags */ + + const char* outFileName; +} pkcs7EnvelopedVector; + + +static const byte asnDataOid[] = { + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, 0x01, 0x07, 0x01 +}; + +/* ORI encrypt callback, responsible for encrypting content-encryption key (CEK) + * and giving wolfCrypt the value for oriOID and oriValue to place in + * OtherRecipientInfo. + * + * Returns 0 on success, negative upon error. */ +static int myOriEncryptCb(wc_PKCS7* pkcs7, byte* cek, word32 cekSz, byte* oriType, + word32* oriTypeSz, byte* oriValue, word32* oriValueSz, + void* ctx) +{ + int i; + + /* make sure buffers are large enough */ + if (*oriValueSz < (2 + cekSz)) + return WC_TEST_RET_ENC_NC; + if (*oriTypeSz < sizeof(asnDataOid)) + return WC_TEST_RET_ENC_NC; + + /* our simple encryption algorithm will be take the bitwise complement */ + oriValue[0] = 0x04; /*ASN OCTET STRING */ + oriValue[1] = (byte)cekSz; /* length */ + for (i = 0; i < (int)cekSz; i++) { + oriValue[2 + i] = ~cek[i]; + } + *oriValueSz = 2 + cekSz; + + /* set oriType to ASN.1 encoded data OID */ + XMEMCPY(oriType, asnDataOid, sizeof(asnDataOid)); + *oriTypeSz = sizeof(asnDataOid); + + (void)pkcs7; + (void)ctx; + + return 0; +} + + +/* ORI decrypt callback, responsible for providing a decrypted content + * encryption key (CEK) placed into decryptedKey and size placed into + * decryptedKeySz. oriOID and oriValue are given to the callback to help + * in decrypting the encrypted CEK. + * + * Returns 0 on success, negative upon error. */ +static int myOriDecryptCb(wc_PKCS7* pkcs7, byte* oriType, word32 oriTypeSz, + byte* oriValue, word32 oriValueSz, byte* decryptedKey, + word32* decryptedKeySz, void* ctx) +{ + int i; + + /* make sure oriType matches what we expect */ + if (oriTypeSz != sizeof(asnDataOid)) + return WC_TEST_RET_ENC_NC; + + if (XMEMCMP(oriType, asnDataOid, sizeof(asnDataOid)) != 0) + return WC_TEST_RET_ENC_NC; + + /* make sure decrypted buffer is large enough */ + if (*decryptedKeySz < oriValueSz) + return WC_TEST_RET_ENC_NC; + + /* decrypt encrypted CEK using simple bitwise complement, + only for example */ + for (i = 0; i < (int)oriValueSz - 2; i++) { + decryptedKey[i] = ~oriValue[2 + i]; + } + + *decryptedKeySz = oriValueSz - 2; + + (void)pkcs7; + (void)ctx; + + return 0; +} + + +#if !defined(NO_AES) && defined(HAVE_AES_CBC) +/* returns 0 on success */ +static int myDecryptionFunc(wc_PKCS7* pkcs7, int encryptOID, byte* iv, int ivSz, + byte* aad, word32 aadSz, byte* authTag, word32 authTagSz, + byte* in, int inSz, byte* out, void* usrCtx) +{ + wc_test_ret_t ret; + int keyId = -1, keySz; + word32 keyIdSz = 8; + const byte* key; + byte keyIdRaw[8]; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + Aes *aes; +#else + Aes aes[1]; +#endif + + /* looking for KEY ID + * fwDecryptKeyID OID "1.2.840.113549.1.9.16.2.37 + */ + WOLFSSL_SMALL_STACK_STATIC const unsigned char OID[] = { + /* 0x06, 0x0B do not pass in tag and length */ + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x10, 0x02, 0x25 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte defKey[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 + }; + + WOLFSSL_SMALL_STACK_STATIC const byte altKey[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 + }; + + /* test user context passed in */ + if (usrCtx == NULL || *(int*)usrCtx != 1) { + return WC_TEST_RET_ENC_NC; + } + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((aes = (Aes *)XMALLOC(sizeof *aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) + return WC_TEST_RET_ENC_ERRNO; +#endif + + /* if needing to find keyIdSz can call with NULL */ + ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), NULL, + &keyIdSz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + printf("Unexpected error %d when getting keyIdSz\n", ret); + printf("Possibly no KEY ID attribute set\n"); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + else { + XMEMSET(keyIdRaw, 0, sizeof(keyIdRaw)); + ret = wc_PKCS7_GetAttributeValue(pkcs7, OID, sizeof(OID), keyIdRaw, + &keyIdSz); + if (ret < 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + if (keyIdSz < 3) { + printf("keyIdSz is smaller than expected\n"); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + if (keyIdSz > 2 + sizeof(int)) { + printf("example case was only expecting a keyId of int size\n"); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + + /* keyIdRaw[0] OCTET TAG */ + /* keyIdRaw[1] Length */ +#ifdef BIG_ENDIAN_ORDER + if (keyIdRaw[1] == 0x01) { + keyId = 1; + } +#else + XMEMCPY(&keyId, keyIdRaw + 2, sizeof(keyId)); +#endif + } + + + /* Use keyID here if found to select key and decrypt in HSM or in this + * example just select key and do software decryption */ + if (keyId == 1) { + key = altKey; + keySz = sizeof(altKey); + } + else { + key = defKey; + keySz = sizeof(defKey); + } + + switch (encryptOID) { + #ifdef WOLFSSL_AES_256 + case AES256CBCb: + if ((keySz != 32 ) || (ivSz != WC_AES_BLOCK_SIZE)) + WARNING_OUT(BAD_FUNC_ARG, out); + break; + #endif + #ifdef WOLFSSL_AES_128 + case AES128CBCb: + if ((keySz != 16 ) || (ivSz != WC_AES_BLOCK_SIZE)) + ERROR_OUT(BAD_FUNC_ARG, out); + break; + #endif + + default: + printf("Unsupported content cipher type for example"); + ERROR_OUT(ALGO_ID_E, out); + }; + + ret = wc_AesInit(aes, HEAP_HINT, devId); + if (ret == 0) { + ret = wc_AesSetKey(aes, key, (word32)keySz, iv, AES_DECRYPTION); + if (ret == 0) + ret = wc_AesCbcDecrypt(aes, out, in, (word32)inSz); + wc_AesFree(aes); + } + + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(aes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + (void)aad; + (void)aadSz; + (void)authTag; + (void)authTagSz; + return (int)ret; +} +#endif /* !NO_AES && HAVE_AES_CBC */ + + +#define PKCS7_BUF_SIZE 2048 + +static wc_test_ret_t pkcs7enveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, + byte* rsaPrivKey, word32 rsaPrivKeySz, + byte* eccCert, word32 eccCertSz, + byte* eccPrivKey, word32 eccPrivKeySz) +{ + wc_test_ret_t ret = 0; + int testSz = 0, i; + int envelopedSz, decodedSz; + + byte *enveloped = NULL; + byte *decoded = NULL; + wc_PKCS7* pkcs7 = NULL; +#ifdef ECC_TIMING_RESISTANT + WC_RNG rng; +#endif +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + XFILE pkcs7File; +#endif + + WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \ + defined(HAVE_ECC) && defined(WOLFSSL_SHA512) && \ + defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF) + byte optionalUkm[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + }; +#endif /* !NO_AES */ + +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + !defined(NO_SHA) && defined(HAVE_AES_KEYWRAP) + /* encryption key for kekri recipient types */ + WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + }; + + /* encryption key identifier */ + WOLFSSL_SMALL_STACK_STATIC const byte secretKeyId[] = { + 0x02,0x02,0x03,0x04 + }; +#endif + +#if !defined(NO_PWDBASED) && !defined(NO_SHA) && \ + !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) + + #ifndef HAVE_FIPS + WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; /* NOTE: Password is too short for FIPS */ + #else + WOLFSSL_SMALL_STACK_STATIC const char password[] = "passwordFIPS_MODE"; + #endif + + WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { + 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12 + }; +#endif + + #define MAX_TESTVECTORS_LEN 13 + #define ADD_PKCS7ENVELOPEDVECTOR(...) { \ + pkcs7EnvelopedVector _this_vector = { __VA_ARGS__ }; \ + if (testSz == MAX_TESTVECTORS_LEN) { \ + ret = WC_TEST_RET_ENC_NC; \ + goto out; \ + } \ + XMEMCPY(&testVectors[testSz++], &_this_vector, sizeof _this_vector);\ + } + + pkcs7EnvelopedVector *testVectors = NULL; + +#ifdef ECC_TIMING_RESISTANT + XMEMSET(&rng, 0, sizeof(rng)); +#endif + + testVectors = (pkcs7EnvelopedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors), + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (testVectors == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + goto out; + } + + { + /* key transport key encryption technique */ +#ifndef NO_RSA + #ifndef NO_DES3 + ADD_PKCS7ENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, DES3b, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, + 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataDES3.der"); + #endif + + #if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP) + #ifdef WOLFSSL_AES_128 + ADD_PKCS7ENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, + 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES128CBC.der"); + #endif + #ifdef WOLFSSL_AES_192 + ADD_PKCS7ENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES192CBCb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, + 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES192CBC.der"); + #endif + #ifdef WOLFSSL_AES_256 + ADD_PKCS7ENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, + 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES256CBC.der"); + + /* explicitly using SKID for SubjectKeyIdentifier */ + ADD_PKCS7ENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_SKID, 0, NULL, 0, NULL, 0, NULL, + NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES256CBC_SKID.der"); + + /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */ + ADD_PKCS7ENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES256CBCb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, CMS_ISSUER_AND_SERIAL_NUMBER, 0, + NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, + 0, 0, 0, 0, "pkcs7envelopedDataAES256CBC_IANDS.der"); + #endif + #endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */ +#endif + + /* key agreement key encryption technique*/ +#if defined(HAVE_ECC) && defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF) + #if !defined(NO_AES) && defined(HAVE_AES_CBC) + #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) + ADD_PKCS7ENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, + dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, + 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES128CBC_ECDH_SHA1KDF.der"); + #endif + + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) + ADD_PKCS7ENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, + 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES256CBC_ECDH_SHA256KDF.der"); + #endif /* NO_SHA256 && WOLFSSL_AES_256 */ + + #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256) + ADD_PKCS7ENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP, + dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, + 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF.der"); + + /* with optional user keying material (ukm) */ + ADD_PKCS7ENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES256CBCb, AES256_WRAP, + dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, optionalUkm, sizeof(optionalUkm), 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES256CBC_ECDH_SHA512KDF_ukm.der"); + #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ + #endif /* !NO_AES && HAVE_AES_CBC */ +#endif + + /* kekri (KEKRecipientInfo) recipient types */ +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(HAVE_AES_KEYWRAP) + #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) + ADD_PKCS7ENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES128CBCb, AES128_WRAP, 0, + NULL, 0, NULL, 0, NULL, 0, 0, 0, secretKey, sizeof(secretKey), + secretKeyId, sizeof(secretKeyId), NULL, NULL, 0, NULL, 0, + 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, + "pkcs7envelopedDataAES128CBC_KEKRI.der"); + #endif +#endif /* !NO_AES && HAVE_AES_CBC && HAVE_AES_KEYWRAP */ + + /* pwri (PasswordRecipientInfo) recipient types */ +#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AES_CBC) + #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) + ADD_PKCS7ENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, + NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, password, + (word32)XSTRLEN(password), salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5, + 0, 0, 0, "pkcs7envelopedDataAES128CBC_PWRI.der"); + #endif +#endif + +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) + /* ori (OtherRecipientInfo) recipient types */ + ADD_PKCS7ENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES128CBCb, 0, 0, NULL, 0, NULL, 0, + NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, + NULL, 0, 0, 0, 0, 0, 1, 0, "pkcs7envelopedDataAES128CBC_ORI.der"); +#endif + }; + + #undef MAX_TESTVECTORS_LEN + #undef ADD_PKCS7ENVELOPEDVECTOR + + enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if ((! enveloped) || (! decoded)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + +#ifdef ECC_TIMING_RESISTANT +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#endif + + for (i = 0; i < testSz; i++) { + pkcs7 = wc_PKCS7_New(HEAP_HINT, + #ifdef WOLFSSL_ASYNC_CRYPT + INVALID_DEVID /* async PKCS7 is not supported */ + #else + devId + #endif + ); + if (pkcs7 == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + + if (testVectors[i].secretKey != NULL) { + /* KEKRI recipient type */ + + ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; + + ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID, + (byte *)testVectors[i].secretKey, testVectors[i].secretKeySz, + (byte *)testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz, + testVectors[i].timePtr, testVectors[i].otherAttrOID, + testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr, + testVectors[i].otherAttrSz, testVectors[i].kekriOptions); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + /* set key, for decryption */ + ret = wc_PKCS7_SetKey(pkcs7, (byte *)testVectors[i].secretKey, + testVectors[i].secretKeySz); + + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + } else if (testVectors[i].password != NULL) { + #if !defined(NO_PWDBASED) && !defined(NO_SHA) + /* PWRI recipient type */ + + ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; + + ret = wc_PKCS7_AddRecipient_PWRI(pkcs7, + (byte *)testVectors[i].password, testVectors[i].passwordSz, + (byte *)testVectors[i].salt, testVectors[i].saltSz, + testVectors[i].kdfOID, + testVectors[i].hashOID, testVectors[i].kdfIterations, + testVectors[i].encryptOID, testVectors[i].pwriOptions); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + /* set password, for decryption */ + ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password, + testVectors[i].passwordSz); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + #endif /* ! NO_PWDBASED && ! NO_SHA */ + + } else if (testVectors[i].isOri == 1) { + /* ORI recipient type */ + + ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + + ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb, + testVectors[i].oriOptions); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + /* set decrypt callback for decryption */ + ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + } else { + /* KTRI or KARI recipient types */ + + ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, + (word32)testVectors[i].certSz); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + pkcs7->keyWrapOID = testVectors[i].keyWrapOID; + pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID; + pkcs7->privateKey = testVectors[i].privateKey; + pkcs7->privateKeySz = testVectors[i].privateKeySz; + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; + + /* set SubjectIdentifier type for KTRI types */ + if (testVectors[i].ktriOptions & CMS_SKID) { + + ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + } else if (testVectors[i].ktriOptions & + CMS_ISSUER_AND_SERIAL_NUMBER) { + + ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, + CMS_ISSUER_AND_SERIAL_NUMBER); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + } + } + +#ifdef ECC_TIMING_RESISTANT + pkcs7->rng = &rng; +#endif + /* encode envelopedData */ + envelopedSz = wc_PKCS7_EncodeEnvelopedData(pkcs7, enveloped, + PKCS7_BUF_SIZE); + if (envelopedSz <= 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(envelopedSz), out); + } + + /* decode envelopedData */ + pkcs7->contentOID = 0; + decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped, (word32)envelopedSz, + decoded, PKCS7_BUF_SIZE); + if (pkcs7->contentOID != testVectors[i].contentOID || + decodedSz <= 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out); + } + + /* test decode result */ + if (XMEMCMP(decoded, data, sizeof(data)) != 0){ + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + +#ifndef NO_PKCS7_STREAM + { /* test reading byte by byte */ + int z; + for (z = 0; z < envelopedSz; z++) { + decodedSz = wc_PKCS7_DecodeEnvelopedData(pkcs7, enveloped + z, 1, + decoded, PKCS7_BUF_SIZE); + if (decodedSz <= 0 && + decodedSz != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) + { + printf("unexpected error %d\n", decodedSz); + ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out); + } + } + /* test decode result */ + if (XMEMCMP(decoded, data, sizeof(data)) != 0) { + printf("stream read compare failed\n"); + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } +#endif +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + /* output pkcs7 envelopedData for external testing */ + pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); + if (!pkcs7File) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + + ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File); + XFCLOSE(pkcs7File); + if (ret != envelopedSz) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } else { + /* reset ret to 0 for success */ + ret = 0; + } +#endif /* PKCS7_OUTPUT_TEST_BUNDLES */ + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + } + +#ifdef ECC_TIMING_RESISTANT + wc_FreeRng(&rng); +#endif + + (void)eccCert; + (void)eccCertSz; + (void)eccPrivKey; + (void)eccPrivKeySz; + (void)rsaCert; + (void)rsaCertSz; + (void)rsaPrivKey; + (void)rsaPrivKeySz; + + out: + XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7enveloped_test(void) +{ + wc_test_ret_t ret = 0; + + byte* rsaCert = NULL; + byte* rsaPrivKey = NULL; + word32 rsaCertSz = 0; + word32 rsaPrivKeySz = 0; + + byte* eccCert = NULL; + byte* eccPrivKey = NULL; + word32 eccCertSz = 0; + word32 eccPrivKeySz = 0; + WOLFSSL_ENTER("pkcs7enveloped_test"); + +#ifndef NO_RSA + /* read client RSA cert and key in DER format */ + rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (rsaCert == NULL) + return WC_TEST_RET_ENC_ERRNO; + + rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (rsaPrivKey == NULL) { + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return WC_TEST_RET_ENC_NC; + } + + rsaCertSz = FOURK_BUF; + rsaPrivKeySz = FOURK_BUF; +#endif /* NO_RSA */ + +#ifdef HAVE_ECC + /* read client ECC cert and key in DER format */ + eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (eccCert == NULL) { + #ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return WC_TEST_RET_ENC_NC; + } + + eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (eccPrivKey == NULL) { + #ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return WC_TEST_RET_ENC_NC; + } + + eccCertSz = FOURK_BUF; + eccPrivKeySz = FOURK_BUF; +#endif /* HAVE_ECC */ + + ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey, + &rsaPrivKeySz, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, eccCert, &eccCertSz, + eccPrivKey, &eccPrivKeySz); + if (ret < 0) { + #ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + #ifdef HAVE_ECC + XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return WC_TEST_RET_ENC_EC(ret); + } + + ret = pkcs7enveloped_run_vectors(rsaCert, (word32)rsaCertSz, + rsaPrivKey, (word32)rsaPrivKeySz, + eccCert, (word32)eccCertSz, + eccPrivKey, (word32)eccPrivKeySz); + +#ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#ifdef HAVE_ECC + XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + + +#if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + +typedef struct { + const byte* content; + word32 contentSz; + int contentOID; + int encryptOID; + int keyWrapOID; + int keyAgreeOID; + byte* cert; + size_t certSz; + byte* privateKey; + word32 privateKeySz; + PKCS7Attrib* authAttribs; + word32 authAttribsSz; + PKCS7Attrib* unauthAttribs; + word32 unauthAttribsSz; + + /* KARI / KTRI specific */ + byte* optionalUkm; + word32 optionalUkmSz; + int ktriOptions; /* KTRI options flags */ + int kariOptions; /* KARI options flags */ + + /* KEKRI specific */ + byte* secretKey; /* key, only for kekri RecipientInfo types */ + word32 secretKeySz; /* size of secretKey, bytes */ + byte* secretKeyId; /* key identifier */ + word32 secretKeyIdSz; /* size of key identifier, bytes */ + void* timePtr; /* time_t pointer */ + byte* otherAttrOID; /* OPTIONAL, other attribute OID */ + word32 otherAttrOIDSz; /* size of otherAttrOID, bytes */ + byte* otherAttr; /* OPTIONAL, other attribute, ASN.1 encoded */ + word32 otherAttrSz; /* size of otherAttr, bytes */ + int kekriOptions; /* KEKRI options flags */ + + /* PWRI specific */ + char* password; /* password */ + word32 passwordSz; /* password size, bytes */ + byte* salt; /* KDF salt */ + word32 saltSz; /* KDF salt size, bytes */ + int kdfOID; /* KDF OID */ + int hashOID; /* KDF hash algorithm OID */ + int kdfIterations; /* KDF iterations */ + int kekEncryptOID; /* KEK encryption algorithm OID */ + int pwriOptions; /* PWRI options flags */ + + /* ORI specific */ + int isOri; + int oriOptions; /* ORI options flags */ + + const char* outFileName; +} pkcs7AuthEnvelopedVector; + + +static wc_test_ret_t pkcs7authenveloped_run_vectors(byte* rsaCert, word32 rsaCertSz, + byte* rsaPrivKey, word32 rsaPrivKeySz, + byte* eccCert, word32 eccCertSz, + byte* eccPrivKey, word32 eccPrivKeySz) +{ + wc_test_ret_t ret = 0; + int testSz = 0, i; + int envelopedSz, decodedSz; + + byte *enveloped = NULL; + byte *decoded = NULL; + WC_RNG rng; + wc_PKCS7* pkcs7; +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + XFILE pkcs7File; +#endif + + WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + byte senderNonce[PKCS7_NONCE_SZ + 2]; +#ifdef HAVE_ECC + #if !defined(NO_AES) && defined(HAVE_AESGCM) && \ + defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF) + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) + WOLFSSL_SMALL_STACK_STATIC const byte senderNonceOid[] = + { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, + 0x09, 0x05 }; + + PKCS7Attrib attribs[] = + { + { senderNonceOid, sizeof(senderNonceOid), senderNonce, + sizeof(senderNonce) } + }; + #endif + #endif +#endif + +#if !defined(NO_AES) && defined(WOLFSSL_AES_256) && defined(HAVE_ECC) && \ + defined(WOLFSSL_SHA512) && defined(HAVE_AESGCM) && \ + defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF) + WOLFSSL_SMALL_STACK_STATIC const byte optionalUkm[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + }; +#endif /* !NO_AES */ + +#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) + /* encryption key for kekri recipient types */ + WOLFSSL_SMALL_STACK_STATIC const byte secretKey[] = { + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07, + 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07 + }; + + /* encryption key identifier */ + WOLFSSL_SMALL_STACK_STATIC const byte secretKeyId[] = { + 0x02,0x02,0x03,0x04 + }; +#endif + +#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ + !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) + + #ifndef HAVE_FIPS + WOLFSSL_SMALL_STACK_STATIC const char password[] = "password"; + #else + WOLFSSL_SMALL_STACK_STATIC const char password[] = "passwordFIPS_MODE"; + #endif + + WOLFSSL_SMALL_STACK_STATIC const byte salt[] = { + 0x12, 0x34, 0x56, 0x78, 0x78, 0x56, 0x34, 0x12 + }; +#endif + + #define MAX_TESTVECTORS_LEN 20 + #define ADD_PKCS7AUTHENVELOPEDVECTOR(...) { \ + pkcs7AuthEnvelopedVector _this_vector = { __VA_ARGS__ }; \ + if (testSz == MAX_TESTVECTORS_LEN) { \ + ret = WC_TEST_RET_ENC_NC; \ + goto out; \ + } \ + XMEMCPY(&testVectors[testSz++], &_this_vector, \ + sizeof _this_vector); \ + } + + pkcs7AuthEnvelopedVector *testVectors = NULL; + + XMEMSET(&rng, 0, sizeof(rng)); + + testVectors = (pkcs7AuthEnvelopedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors), + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (testVectors == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + goto out; + } + + { + /* key transport key encryption technique */ +#ifndef NO_RSA + #if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) + #ifdef WOLFSSL_AES_128 + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, + 0, 0, "pkcs7authEnvelopedDataAES128GCM.der"); + #endif + #ifdef WOLFSSL_AES_192 + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES192GCMb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, + 0, 0, "pkcs7authEnvelopedDataAES192GCM.der"); + #endif + #ifdef WOLFSSL_AES_256 + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, + 0, 0, "pkcs7authEnvelopedDataAES256GCM.der"); + + /* test with contentType set to FirmwarePkgData */ + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, 0, 0, + rsaCert, rsaCertSz, rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, + 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, + 0, 0, 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_firmwarePkgData.der"); + + /* explicitly using SKID for SubjectKeyIdentifier */ + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, CMS_SKID, 0, + NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, + 0, 0, 0, 0, 0, "pkcs7authEnvelopedDataAES256GCM_SKID.der"); + + /* explicitly using IssuerAndSerialNumber for SubjectKeyIdentifier */ + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES256GCMb, 0, 0, rsaCert, rsaCertSz, + rsaPrivKey, rsaPrivKeySz, NULL, 0, NULL, 0, NULL, 0, + CMS_ISSUER_AND_SERIAL_NUMBER, 0, NULL, 0, NULL, 0, NULL, NULL, 0, + NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_IANDS.der"); + #endif + #else + (void)rsaCert; + (void)rsaCertSz; + (void)rsaPrivKey; + (void)rsaPrivKeySz; + #endif /* !NO_AES && !HAVE_AESGCM && HAVE_AES_KEYWRAP */ +#endif + + /* key agreement key encryption technique*/ +#ifdef HAVE_ECC + #if !defined(NO_AES) && defined(HAVE_AESGCM) && \ + defined(HAVE_AES_KEYWRAP) && defined(HAVE_X963_KDF) + #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, + dhSinglePass_stdDH_sha1kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, + NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES128GCM_ECDH_SHA1KDF.der"); + #endif + + #if !defined(NO_SHA256) && defined(WOLFSSL_AES_256) + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, + NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF.der"); + + /* with authenticated attributes */ + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), + NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, + 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_authAttribs.der"); + + /* with unauthenticated attributes */ + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, attribs, + (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, + 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_unauthAttribs.der"); + + /* with authenticated AND unauthenticated attributes */ + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), + attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, + NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, + 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_bothAttribs.der"); + + /* with authenticated AND unauthenticated attributes AND + * contentType of FirmwarePkgData */ + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha256kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), + attribs, (sizeof(attribs) / sizeof(PKCS7Attrib)), NULL, 0, 0, 0, + NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, + 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA256KDF_fw_bothAttribs.der"); + #endif /* NO_SHA256 && WOLFSSL_AES_256 */ + + #if defined(WOLFSSL_SHA512) && defined(WOLFSSL_AES_256) + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, + NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF.der"); + + /* with optional user keying material (ukm) */ + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES256GCMb, AES256_WRAP, + dhSinglePass_stdDH_sha512kdf_scheme, eccCert, eccCertSz, eccPrivKey, + eccPrivKeySz, NULL, 0, NULL, 0, (byte *)optionalUkm, sizeof(optionalUkm), 0, + 0, NULL, 0, NULL, 0, NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, + 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES256GCM_ECDH_SHA512KDF_ukm.der"); + #endif /* WOLFSSL_SHA512 && WOLFSSL_AES_256 */ + #endif /* !NO_AES && HAVE_AESGCM && HAVE_AES_KEYWRAP */ +#endif + + /* kekri (KEKRecipientInfo) recipient types */ +#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) + #if !defined(NO_SHA) && defined(WOLFSSL_AES_128) + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES128GCMb, AES128_WRAP, 0, + NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, + (byte *)secretKey, sizeof(secretKey), (byte *)secretKeyId, sizeof(secretKeyId), + NULL, NULL, 0, NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 0, 0, + "pkcs7authEnvelopedDataAES128GCM_KEKRI.der"); + #endif +#endif + + /* pwri (PasswordRecipientInfo) recipient types */ +#if !defined(NO_PWDBASED) && !defined(NO_AES) && defined(HAVE_AESGCM) && \ + defined(HAVE_AES_KEYWRAP) + #if !defined(NO_SHA) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_128) + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, + NULL, 0, NULL, 0, NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, + NULL, 0, NULL, NULL, 0, NULL, 0, 0, (char *)password, + (word32)XSTRLEN(password), (byte *)salt, sizeof(salt), PBKDF2_OID, WC_SHA, 5, + AES128CBCb, 0, 0, 0, "pkcs7authEnvelopedDataAES128GCM_PWRI.der"); + #endif +#endif + +#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_KEYWRAP) + #ifdef WOLFSSL_AES_128 + /* ori (OtherRecipientInfo) recipient types */ + ADD_PKCS7AUTHENVELOPEDVECTOR( + data, (word32)sizeof(data), DATA, AES128GCMb, 0, 0, NULL, 0, NULL, 0, + NULL, 0, NULL, 0, NULL, 0, 0, 0, NULL, 0, NULL, 0, NULL, NULL, 0, + NULL, 0, 0, NULL, 0, NULL, 0, 0, 0, 0, 0, 0, 1, 0, + "pkcs7authEnvelopedDataAES128GCM_ORI.der"); + #endif +#endif + } + + #undef MAX_TESTVECTORS_LEN + #undef ADD_PKCS7AUTHENVELOPEDVECTOR + + enveloped = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if ((! enveloped) || (! decoded)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + + /* generate senderNonce */ + { +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + senderNonce[0] = 0x04; + senderNonce[1] = PKCS7_NONCE_SZ; + + ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); + if (ret != 0) { + wc_FreeRng(&rng); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + } + + for (i = 0; i < testSz; i++) { + pkcs7 = wc_PKCS7_New(HEAP_HINT, + #ifdef WOLFSSL_ASYNC_CRYPT + INVALID_DEVID /* async PKCS7 is not supported */ + #else + devId + #endif + ); + if (pkcs7 == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + + if (testVectors[i].secretKey != NULL) { + /* KEKRI recipient type */ + + ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; + pkcs7->authAttribs = testVectors[i].authAttribs; + pkcs7->authAttribsSz = testVectors[i].authAttribsSz; + pkcs7->unauthAttribs = testVectors[i].unauthAttribs; + pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; + + ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, testVectors[i].keyWrapOID, + testVectors[i].secretKey, testVectors[i].secretKeySz, + testVectors[i].secretKeyId, testVectors[i].secretKeyIdSz, + testVectors[i].timePtr, testVectors[i].otherAttrOID, + testVectors[i].otherAttrOIDSz, testVectors[i].otherAttr, + testVectors[i].otherAttrSz, testVectors[i].kekriOptions); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + /* set key, for decryption */ + ret = wc_PKCS7_SetKey(pkcs7, testVectors[i].secretKey, + testVectors[i].secretKeySz); + + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + } else if (testVectors[i].password != NULL) { + #if !defined(NO_PWDBASED) && !defined(NO_SHA) + /* PWRI recipient type */ + + ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; + pkcs7->authAttribs = testVectors[i].authAttribs; + pkcs7->authAttribsSz = testVectors[i].authAttribsSz; + pkcs7->unauthAttribs = testVectors[i].unauthAttribs; + pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; + + ret = wc_PKCS7_AddRecipient_PWRI(pkcs7, + (byte*)testVectors[i].password, + testVectors[i].passwordSz, testVectors[i].salt, + testVectors[i].saltSz, testVectors[i].kdfOID, + testVectors[i].hashOID, testVectors[i].kdfIterations, + testVectors[i].kekEncryptOID, testVectors[i].pwriOptions); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + /* set password, for decryption */ + ret = wc_PKCS7_SetPassword(pkcs7, (byte*)testVectors[i].password, + testVectors[i].passwordSz); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + #endif /* ! NO_PWDBASED && ! NO_SHA */ + } else if (testVectors[i].isOri == 1) { + /* ORI recipient type */ + + ret = wc_PKCS7_Init(pkcs7, pkcs7->heap, pkcs7->devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->authAttribs = testVectors[i].authAttribs; + pkcs7->authAttribsSz = testVectors[i].authAttribsSz; + pkcs7->unauthAttribs = testVectors[i].unauthAttribs; + pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; + + ret = wc_PKCS7_AddRecipient_ORI(pkcs7, myOriEncryptCb, + testVectors[i].oriOptions); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + /* set decrypt callback for decryption */ + ret = wc_PKCS7_SetOriDecryptCb(pkcs7, myOriDecryptCb); + + if (ret < 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + } else { + /* KTRI or KARI recipient types */ + + ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, + (word32)testVectors[i].certSz); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + pkcs7->keyWrapOID = testVectors[i].keyWrapOID; + pkcs7->keyAgreeOID = testVectors[i].keyAgreeOID; + pkcs7->privateKey = testVectors[i].privateKey; + pkcs7->privateKeySz = testVectors[i].privateKeySz; + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->ukm = testVectors[i].optionalUkm; + pkcs7->ukmSz = testVectors[i].optionalUkmSz; + pkcs7->authAttribs = testVectors[i].authAttribs; + pkcs7->authAttribsSz = testVectors[i].authAttribsSz; + pkcs7->unauthAttribs = testVectors[i].unauthAttribs; + pkcs7->unauthAttribsSz = testVectors[i].unauthAttribsSz; + + /* set SubjectIdentifier type for KTRI types */ + if (testVectors[i].ktriOptions & CMS_SKID) { + + ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + } else if (testVectors[i].ktriOptions & + CMS_ISSUER_AND_SERIAL_NUMBER) { + + ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, + CMS_ISSUER_AND_SERIAL_NUMBER); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + } + } + +#ifdef ECC_TIMING_RESISTANT + pkcs7->rng = &rng; +#endif + + /* encode envelopedData */ + envelopedSz = wc_PKCS7_EncodeAuthEnvelopedData(pkcs7, enveloped, + PKCS7_BUF_SIZE); + if (envelopedSz <= 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(envelopedSz), out); + } +#ifndef NO_PKCS7_STREAM + { /* test reading byte by byte */ + int z; + for (z = 0; z < envelopedSz; z++) { + decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, + enveloped + z, 1, decoded, PKCS7_BUF_SIZE); + if (decodedSz <= 0 && + decodedSz != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) + { + printf("unexpected error %d\n", decodedSz); + ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out); + } + } + /* test decode result */ + if (XMEMCMP(decoded, data, sizeof(data)) != 0) { + printf("stream read compare failed\n"); + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } +#endif + /* decode envelopedData */ + decodedSz = wc_PKCS7_DecodeAuthEnvelopedData(pkcs7, enveloped, + (word32)envelopedSz, decoded, + PKCS7_BUF_SIZE); + if (decodedSz <= 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out); + } + + /* test decode result */ + if (XMEMCMP(decoded, data, sizeof(data)) != 0){ + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + /* output pkcs7 envelopedData for external testing */ + pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); + if (!pkcs7File) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + + ret = (int)XFWRITE(enveloped, 1, envelopedSz, pkcs7File); + XFCLOSE(pkcs7File); + if (ret != envelopedSz) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } else { + /* reset ret to 0 for success */ + ret = 0; + } +#endif /* PKCS7_OUTPUT_TEST_BUNDLES */ + + wc_PKCS7_Free(pkcs7); + pkcs7 = NULL; + } + + wc_FreeRng(&rng); + + (void)eccCert; + (void)eccCertSz; + (void)eccPrivKey; + (void)eccPrivKeySz; +#if !defined(NO_AES) && !defined(NO_SHA) && defined(WOLFSSL_AES_128) && \ + defined(HAVE_AES_KEYWRAP) + (void)secretKey; + (void)secretKeyId; +#endif +#ifdef NO_RSA + (void)rsaCert; + (void)rsaCertSz; + (void)rsaPrivKey; + (void)rsaPrivKeySz; +#endif + + out: + XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(enveloped, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void) +{ + wc_test_ret_t ret = 0; + + byte* rsaCert = NULL; + byte* rsaPrivKey = NULL; + word32 rsaCertSz = 0; + word32 rsaPrivKeySz = 0; + + byte* eccCert = NULL; + byte* eccPrivKey = NULL; + word32 eccCertSz = 0; + word32 eccPrivKeySz = 0; + WOLFSSL_ENTER("pkcs7authenveloped_test"); + +#ifndef NO_RSA + /* read client RSA cert and key in DER format */ + rsaCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (rsaCert == NULL) + return WC_TEST_RET_ENC_ERRNO; + + rsaPrivKey = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (rsaPrivKey == NULL) { + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return WC_TEST_RET_ENC_NC; + } + + rsaCertSz = FOURK_BUF; + rsaPrivKeySz = FOURK_BUF; +#endif /* NO_RSA */ + +#ifdef HAVE_ECC + /* read client ECC cert and key in DER format */ + eccCert = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (eccCert == NULL) { + #ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return WC_TEST_RET_ENC_NC; + } + + eccPrivKey =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (eccPrivKey == NULL) { + #ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + return WC_TEST_RET_ENC_NC; + } + + eccCertSz = FOURK_BUF; + eccPrivKeySz = FOURK_BUF; +#endif /* HAVE_ECC */ + + ret = pkcs7_load_certs_keys(rsaCert, &rsaCertSz, rsaPrivKey, + &rsaPrivKeySz, NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, eccCert, &eccCertSz, + eccPrivKey, &eccPrivKeySz); + if (ret < 0) { + #ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + #ifdef HAVE_ECC + XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + return WC_TEST_RET_ENC_EC(ret); + } + + ret = pkcs7authenveloped_run_vectors(rsaCert, (word32)rsaCertSz, + rsaPrivKey, (word32)rsaPrivKeySz, + eccCert, (word32)eccCertSz, + eccPrivKey, (word32)eccPrivKeySz); + +#ifndef NO_RSA + XFREE(rsaCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif +#ifdef HAVE_ECC + XFREE(eccCert, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(eccPrivKey, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + +#endif /* HAVE_AESGCM || HAVE_AESCCM */ + +#if !defined(NO_AES) && defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) && \ + defined(HAVE_AES_KEYWRAP) +static const byte p7DefKey[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 +}; + +static const byte p7AltKey[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 +}; + +static int myCEKwrapFunc(wc_PKCS7* pkcs7, byte* cek, word32 cekSz, byte* keyId, + word32 keyIdSz, byte* orginKey, word32 orginKeySz, + byte* out, word32 outSz, int keyWrapAlgo, int type, int direction) +{ + wc_test_ret_t ret; + + if (cek == NULL || out == NULL) + return BAD_FUNC_ARG; + + /* test case sanity checks */ + if (keyIdSz != 1) { + return WC_TEST_RET_ENC_NC; + } + + if (keyId[0] != 0x00) { + return WC_TEST_RET_ENC_NC; + } + + if (type != (int)PKCS7_KEKRI) { + return WC_TEST_RET_ENC_NC; + } + + switch (keyWrapAlgo) { + case AES256_WRAP: + ret = wc_AesKeyUnWrap(p7DefKey, sizeof(p7DefKey), cek, cekSz, + out, outSz, NULL); + if (ret <= 0) + return (int)ret; + break; + + default: + WOLFSSL_MSG("Unsupported key wrap algorithm in example"); + return BAD_KEYWRAP_ALG_E; + }; + + (void)pkcs7; + (void)direction; + (void)orginKey; /* used with KAKRI */ + (void)orginKeySz; + return (int)ret; +} + + +/* returns key size on success */ +static wc_test_ret_t getFirmwareKey(wc_PKCS7* pkcs7, byte* key, word32 keySz) +{ + wc_test_ret_t ret; + word32 atrSz; + byte atr[256]; + + /* Additionally can look for fwWrappedFirmwareKey + * 1.2.840.113529.1.9.16.1.16 */ + const unsigned char fwWrappedFirmwareKey[] = { + /* 0x06, 0x0B */ + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x10, 0x02, 0x27 + }; + + /* find keyID in fwWrappedFirmwareKey */ + ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey, + sizeof(fwWrappedFirmwareKey), NULL, &atrSz); + if (ret == WC_NO_ERR_TRACE(LENGTH_ONLY_E)) { + XMEMSET(atr, 0, sizeof(atr)); + ret = wc_PKCS7_GetAttributeValue(pkcs7, fwWrappedFirmwareKey, + sizeof(fwWrappedFirmwareKey), atr, &atrSz); + + /* keyIdRaw[0] OCTET TAG */ + /* keyIdRaw[1] Length */ + + if (ret > 0) { + wc_PKCS7* envPkcs7; + + envPkcs7 = wc_PKCS7_New(NULL, 0); + if (envPkcs7 == NULL) { + return MEMORY_E; + } + + wc_PKCS7_Init(envPkcs7, NULL, 0); + ret = wc_PKCS7_SetWrapCEKCb(envPkcs7, myCEKwrapFunc); + if (ret == 0) { + /* expecting FIRMWARE_PKG_DATA content */ + envPkcs7->contentOID = FIRMWARE_PKG_DATA; + ret = wc_PKCS7_DecodeEnvelopedData(envPkcs7, atr, atrSz, + key, keySz); + if (envPkcs7->contentOID != FIRMWARE_PKG_DATA) { + /* the contentOID should have been set to the inner + * FIRMWARE_PKG_DATA content */ + ret = BAD_STATE_E; + } + } + wc_PKCS7_Free(envPkcs7); + } + } + + return ret; +} + +/* create a KEKRI enveloped data + * return size on success */ +static wc_test_ret_t envelopedData_encrypt(byte* in, word32 inSz, byte* out, + word32 outSz) +{ + wc_test_ret_t ret; + wc_PKCS7* pkcs7; + WOLFSSL_SMALL_STACK_STATIC const byte keyId[] = { 0x00 }; + + pkcs7 = wc_PKCS7_New(NULL, devId); + if (pkcs7 == NULL) + return WC_TEST_RET_ENC_ERRNO; + + pkcs7->content = in; + pkcs7->contentSz = inSz; + pkcs7->contentOID = FIRMWARE_PKG_DATA; + pkcs7->encryptOID = AES256CBCb; + pkcs7->ukm = NULL; + pkcs7->ukmSz = 0; + + /* add recipient (KEKRI type) */ + ret = wc_PKCS7_AddRecipient_KEKRI(pkcs7, AES256_WRAP, (byte*)p7DefKey, + sizeof(p7DefKey), (byte*)keyId, + sizeof(keyId), NULL, NULL, 0, NULL, 0, 0); + if (ret < 0) { + printf("wc_PKCS7_AddRecipient_KEKRI() failed\n"); + wc_PKCS7_Free(pkcs7); + return WC_TEST_RET_ENC_EC(ret); + } + + /* encode envelopedData, returns size */ + ret = wc_PKCS7_EncodeEnvelopedData(pkcs7, out, outSz); + if (ret <= 0) { + printf("wc_PKCS7_EncodeEnvelopedData() failed\n"); + wc_PKCS7_Free(pkcs7); + return WC_TEST_RET_ENC_EC(ret); + + } + + wc_PKCS7_Free(pkcs7); + + return ret; +} + + +/* + * keyHint is the KeyID to be set in the fwDecryptKeyID attribute + * returns size of buffer output on success + */ +static wc_test_ret_t generateBundle(byte* out, word32 *outSz, const byte* encryptKey, + word32 encryptKeySz, byte keyHint, byte* cert, word32 certSz, + byte* key, word32 keySz) +{ + wc_test_ret_t ret; + int attribNum = 1; + wc_PKCS7* pkcs7; + + /* KEY ID + * fwDecryptKeyID OID 1.2.840.113549.1.9.16.2.37 + */ + const unsigned char fwDecryptKeyID[] = { + 0x06, 0x0B, + 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x10, 0x02, 0x25 + }; + + /* fwWrappedFirmwareKey 1.2.840.113529.1.9.16.1.16 */ + const unsigned char fwWrappedFirmwareKey[] = { + 0x06, 0x0B, 0x2A, 0x86, 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x10, 0x02, 0x27 + }; + + byte keyID[] = { 0x04, 0x01, 0x00 }; + byte env[256]; + char data[] = "Test of wolfSSL PKCS7 decrypt callback"; + + PKCS7Attrib attribs[] = + { + { fwDecryptKeyID, sizeof(fwDecryptKeyID), keyID, sizeof(keyID) }, + { fwWrappedFirmwareKey, sizeof(fwWrappedFirmwareKey), env, 0 } + }; + + keyID[2] = keyHint; + + /* If using keyHint 0 then create a bundle with fwWrappedFirmwareKey */ + if (keyHint == 0) { + ret = envelopedData_encrypt((byte*)p7DefKey, sizeof(p7DefKey), env, + sizeof(env)); + if (ret <= 0) { + return ret; + } + attribs[1].valueSz = (word32)ret; + attribNum++; + } + + /* init PKCS7 */ + pkcs7 = wc_PKCS7_New(NULL, devId); + if (pkcs7 == NULL) + return WC_TEST_RET_ENC_ERRNO; + + ret = wc_PKCS7_InitWithCert(pkcs7, cert, certSz); + if (ret != 0) { + printf("ERROR: wc_PKCS7_InitWithCert() failed, ret = %d\n", ret); + wc_PKCS7_Free(pkcs7); + return WC_TEST_RET_ENC_EC(ret); + } + + ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); + if (ret != 0) { + wc_PKCS7_Free(pkcs7); + return WC_TEST_RET_ENC_EC(ret); + } + + /* encode Signed Encrypted FirmwarePkgData */ + if (encryptKeySz == 16) { + ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey, + encryptKeySz, key, keySz, AES128CBCb, RSAk, SHA256h, + (byte*)data, sizeof(data), NULL, 0, + attribs, (word32)attribNum, out, *outSz); + } + else { + ret = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, (byte*)encryptKey, + encryptKeySz, key, keySz, AES256CBCb, RSAk, SHA256h, + (byte*)data, sizeof(data), NULL, 0, + attribs, (word32)attribNum, out, *outSz); + } + if (ret <= 0) { + printf("ERROR: wc_PKCS7_EncodeSignedEncryptedFPD() failed, " + "ret = %d\n", ret); + wc_PKCS7_Free(pkcs7); + return WC_TEST_RET_ENC_EC(ret); + + } else { + *outSz = (word32)ret; + } + + wc_PKCS7_Free(pkcs7); + + return ret; +} + + +/* test verification and decryption of PKCS7 bundle + * return 0 on success + */ +static wc_test_ret_t verifyBundle(byte* derBuf, word32 derSz, int keyHint) +{ + wc_test_ret_t ret = 0; + int usrCtx = 1; /* test value to pass as user context to callback */ + wc_PKCS7* pkcs7 = NULL; + byte* sid = NULL; + word32 sidSz; + byte key[256]; + word32 keySz = sizeof(key); + + byte *decoded = NULL; + int decodedSz = FOURK_BUF/2; + + WOLFSSL_SMALL_STACK_STATIC const byte expectedSid[] = { +#ifdef NO_SHA +#ifdef USE_CERT_BUFFERS_1024 + 0x70, 0xe7, 0x79, 0x60, 0x8f, 0x41, 0xdc, 0xe9, + 0xad, 0x8b, 0x3d, 0x0c, 0x20, 0xf4, 0xc3, 0xf2, + 0x8e, 0x05, 0xe8, 0xa1, 0xb6, 0x68, 0x74, 0x06, + 0xbc, 0xe7, 0xc5, 0x3c, 0x13, 0x99, 0x79, 0xb9 +#else + 0xce, 0x06, 0x07, 0xbe, 0xf1, 0xa6, 0x1e, 0x36, + 0xef, 0xfa, 0xbc, 0x89, 0x71, 0xf3, 0x23, 0x9e, + 0x34, 0x6d, 0xae, 0x86, 0xae, 0x2b, 0xdc, 0xf4, + 0x4a, 0x27, 0xd5, 0x63, 0x59, 0x4f, 0x4a, 0x71 +#endif +#else /* !NO_SHA */ +#ifdef USE_CERT_BUFFERS_1024 + 0x81, 0x69, 0x0f, 0xf8, 0xdf, 0xdd, 0xcf, 0x34, + 0x29, 0xd5, 0x67, 0x75, 0x71, 0x85, 0xc7, 0x75, + 0x10, 0x69, 0x59, 0xec, +#else + 0x33, 0xD8, 0x45, 0x66, 0xD7, 0x68, 0x87, 0x18, + 0x7E, 0x54, 0x0D, 0x70, 0x27, 0x91, 0xC7, 0x26, + 0xD7, 0x85, 0x65, 0xC0 +#endif +#endif /* !NO_SHA */ + }; + + decoded = (byte *)XMALLOC((word32)decodedSz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (decoded == NULL) { + ret = MEMORY_E; + goto out; + } + + pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); + if (pkcs7 == NULL) { + ret = MEMORY_E; + goto out; + } + + /* Test verify */ + ret = wc_PKCS7_Init(pkcs7, HEAP_HINT, devId); + if (ret != 0) + goto out; + ret = wc_PKCS7_InitWithCert(pkcs7, NULL, 0); + if (ret != 0) + goto out; + ret = wc_PKCS7_VerifySignedData(pkcs7, derBuf, derSz); + if (ret != 0) + goto out; + + /* Get size of SID and print it out */ + ret = wc_PKCS7_GetSignerSID(pkcs7, NULL, &sidSz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + goto out; + + sid = (byte*)XMALLOC(sidSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (sid == NULL) { + ret = MEMORY_E; + goto out; + } + + ret = wc_PKCS7_GetSignerSID(pkcs7, sid, &sidSz); + if (ret != 0) + goto out; + ret = XMEMCMP(sid, expectedSid, sidSz); + if (ret != 0) { + ret = PKCS7_NO_SIGNER_E; /* close enough */ + goto out; + } + + /* get expected fwWrappedFirmwareKey */ + if (keyHint == 0) { + ret = getFirmwareKey(pkcs7, key, keySz); + if (ret < 0) + goto out; + pkcs7->encryptionKey = key; + pkcs7->encryptionKeySz = (word32)ret; + } + else { + decodedSz = PKCS7_BUF_SIZE; + ret = wc_PKCS7_SetDecodeEncryptedCb(pkcs7, myDecryptionFunc); + if (ret != 0) + goto out; + + ret = wc_PKCS7_SetDecodeEncryptedCtx(pkcs7, (void*)&usrCtx); + if (ret != 0) + goto out; + } + + decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content, + pkcs7->contentSz, decoded, (word32)decodedSz); + if (decodedSz < 0) { + ret = decodedSz; + goto out; + } + + ret = 0; + + out: + + XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (pkcs7) + wc_PKCS7_Free(pkcs7); + XFREE(sid, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 certSz, byte* key, word32 keySz) +{ + + wc_test_ret_t ret = 0; + word32 derSz; + byte *derBuf = (byte *)XMALLOC(FOURK_BUF, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + WOLFSSL_ENTER("pkcs7callback_test"); + + if (! derBuf) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* Doing default generation and verify */ + derSz = FOURK_BUF; + ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 0, cert, + certSz, key, keySz); + if (ret <= 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + ret = verifyBundle(derBuf, derSz, 0); + if (ret != 0) + ERROR_OUT(ret, out); + + /* test choosing other key with keyID */ + derSz = FOURK_BUF; + ret = generateBundle(derBuf, &derSz, p7AltKey, sizeof(p7AltKey), 1, + cert, certSz, key, keySz); + if (ret <= 0) { + ERROR_OUT(ret, out); + } + + ret = verifyBundle(derBuf, derSz, 1); + if (ret != 0) + ERROR_OUT(ret, out); + + /* test fail case with wrong keyID */ + derSz = FOURK_BUF; + ret = generateBundle(derBuf, &derSz, p7DefKey, sizeof(p7DefKey), 1, + cert, certSz, key, keySz); + if (ret <= 0) { + ERROR_OUT(ret, out); + } + + ret = verifyBundle(derBuf, derSz, 1); + if (ret == 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + + ret = 0; + + out: + XFREE(derBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} +#endif /* !NO_AES && HAVE_AES_CBC && WOLFSSL_AES_256 && HAVE_AES_KEYWRAP */ + +#ifndef NO_PKCS7_ENCRYPTED_DATA + +typedef struct { + const byte* content; + word32 contentSz; + int contentOID; + int encryptOID; + byte* encryptionKey; + word32 encryptionKeySz; + PKCS7Attrib* attribs; + word32 attribsSz; + const char* outFileName; +} pkcs7EncryptedVector; + + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void) +{ + wc_test_ret_t ret = 0; + int i, testSz; + int encryptedSz, decodedSz; + word32 attribIdx; + wc_PKCS7* pkcs7; + byte *encrypted; + byte *decoded; +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + XFILE pkcs7File; +#endif + + PKCS7Attrib* expectedAttrib; + PKCS7DecodedAttrib* decodedAttrib; + + WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + +#ifndef NO_DES3 + byte desKey[] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef + }; + byte des3Key[] = { + 0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef, + 0xfe,0xde,0xba,0x98,0x76,0x54,0x32,0x10, + 0x89,0xab,0xcd,0xef,0x01,0x23,0x45,0x67 + }; +#endif + +#if !defined(NO_AES) && defined(HAVE_AES_CBC) +#ifdef WOLFSSL_AES_128 + byte aes128Key[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 + }; +#endif +#ifdef WOLFSSL_AES_192 + byte aes192Key[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 + }; +#endif +#ifdef WOLFSSL_AES_256 + byte aes256Key[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 + }; +#endif + +#ifdef WOLFSSL_AES_256 + /* Attribute example from RFC 4134, Section 7.2 + * OID = 1.2.5555 + * OCTET STRING = 'This is a test General ASN Attribute, number 1.' */ + static const byte genAttrOid[] = { 0x06, 0x03, 0x2a, 0xab, 0x33 }; + static const byte genAttr[] = { 0x04, 47, + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47, + 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41, + 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75, + 0x6d, 0x62, 0x65, 0x72, 0x20, 0x31, 0x2e }; + + static const byte genAttrOid2[] = { 0x06, 0x03, 0x2a, 0xab, 0x34 }; + static const byte genAttr2[] = { 0x04, 47, + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, + 0x61, 0x20, 0x74, 0x65, 0x73, 0x74, 0x20, 0x47, + 0x65, 0x6e, 0x65, 0x72, 0x61, 0x6c, 0x20, 0x41, + 0x53, 0x4e, 0x20, 0x41, 0x74, 0x74, 0x72, 0x69, + 0x62, 0x75, 0x74, 0x65, 0x2c, 0x20, 0x6e, 0x75, + 0x6d, 0x62, 0x65, 0x72, 0x20, 0x32, 0x2e }; + + PKCS7Attrib attribs[] = + { + { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) } + }; + + PKCS7Attrib multiAttribs[] = + { + { genAttrOid, sizeof(genAttrOid), genAttr, sizeof(genAttr) }, + { genAttrOid2, sizeof(genAttrOid2), genAttr2, sizeof(genAttr2) } + }; +#endif +#endif /* NO_AES */ + + const pkcs7EncryptedVector testVectors[] = + { +#ifndef NO_DES3 + {data, (word32)sizeof(data), DATA, DES3b, des3Key, sizeof(des3Key), + NULL, 0, "pkcs7encryptedDataDES3.der"}, + + {data, (word32)sizeof(data), DATA, DESb, desKey, sizeof(desKey), + NULL, 0, "pkcs7encryptedDataDES.der"}, +#endif /* NO_DES3 */ + +#if !defined(NO_AES) && defined(HAVE_AES_CBC) + #ifdef WOLFSSL_AES_128 + {data, (word32)sizeof(data), DATA, AES128CBCb, aes128Key, + sizeof(aes128Key), NULL, 0, "pkcs7encryptedDataAES128CBC.der"}, + #endif + #ifdef WOLFSSL_AES_192 + {data, (word32)sizeof(data), DATA, AES192CBCb, aes192Key, + sizeof(aes192Key), NULL, 0, "pkcs7encryptedDataAES192CBC.der"}, + #endif + #ifdef WOLFSSL_AES_256 + {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key, + sizeof(aes256Key), NULL, 0, "pkcs7encryptedDataAES256CBC.der"}, + + /* test with optional unprotected attributes */ + {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key, + sizeof(aes256Key), attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7encryptedDataAES256CBC_attribs.der"}, + + /* test with multiple optional unprotected attributes */ + {data, (word32)sizeof(data), DATA, AES256CBCb, aes256Key, + sizeof(aes256Key), multiAttribs, + (sizeof(multiAttribs)/sizeof(PKCS7Attrib)), + "pkcs7encryptedDataAES256CBC_multi_attribs.der"}, + + /* test with contentType set to FirmwarePkgData */ + {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, AES256CBCb, aes256Key, + sizeof(aes256Key), NULL, 0, + "pkcs7encryptedDataAES256CBC_firmwarePkgData.der"}, + #endif +#endif /* !NO_AES && HAVE_AES_CBC */ + }; + WOLFSSL_ENTER("pkcs7encrypted_test"); + + encrypted = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if ((! encrypted) || (! decoded)) { + ERROR_OUT(MEMORY_E, out); + } + + testSz = sizeof(testVectors) / sizeof(pkcs7EncryptedVector); + + for (i = 0; i < testSz; i++) { + pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); + if (pkcs7 == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->encryptOID = testVectors[i].encryptOID; + pkcs7->encryptionKey = testVectors[i].encryptionKey; + pkcs7->encryptionKeySz = testVectors[i].encryptionKeySz; + pkcs7->unprotectedAttribs = testVectors[i].attribs; + pkcs7->unprotectedAttribsSz = testVectors[i].attribsSz; + + /* encode encryptedData */ + encryptedSz = wc_PKCS7_EncodeEncryptedData(pkcs7, encrypted, + PKCS7_BUF_SIZE); + if (encryptedSz <= 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(encryptedSz), out); + } + + /* decode encryptedData */ +#ifndef NO_PKCS7_STREAM + { /* test reading byte by byte */ + int z; + for (z = 0; z < encryptedSz; z++) { + decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted + z, 1, + decoded, PKCS7_BUF_SIZE); + if (decodedSz <= 0 && + decodedSz != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) + { + printf("unexpected error %d\n", decodedSz); + ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out); + } + } + /* test decode result */ + if (XMEMCMP(decoded, data, sizeof(data)) != 0) { + printf("stream read failed\n"); + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } +#endif + decodedSz = wc_PKCS7_DecodeEncryptedData(pkcs7, encrypted, (word32)encryptedSz, + decoded, PKCS7_BUF_SIZE); + if (decodedSz <= 0){ + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out); + } + + /* test decode result */ + if (XMEMCMP(decoded, data, sizeof(data)) != 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + + /* verify decoded unprotected attributes */ + if (pkcs7->decodedAttrib != NULL) { + decodedAttrib = pkcs7->decodedAttrib; + attribIdx = 1; + + while (decodedAttrib != NULL) { + + /* expected attribute, stored list is reversed */ + expectedAttrib = &(pkcs7->unprotectedAttribs + [pkcs7->unprotectedAttribsSz - attribIdx]); + + /* verify oid */ + if (XMEMCMP(decodedAttrib->oid, expectedAttrib->oid, + decodedAttrib->oidSz) != 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + + /* verify value */ + if (XMEMCMP(decodedAttrib->value, expectedAttrib->value, + decodedAttrib->valueSz) != 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + + decodedAttrib = decodedAttrib->next; + attribIdx++; + } + } + +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + /* output pkcs7 envelopedData for external testing */ + pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); + if (!pkcs7File) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + + ret = (int)XFWRITE(encrypted, encryptedSz, 1, pkcs7File); + + if (ret < 0) + ret = WC_TEST_RET_ENC_ERRNO; + else + ret = 0; + + XFCLOSE(pkcs7File); +#endif + + wc_PKCS7_Free(pkcs7); + } + + out: + XFREE(encrypted, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +#endif /* NO_PKCS7_ENCRYPTED_DATA */ + + +#if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + +typedef struct { + const byte* content; + word32 contentSz; + int contentOID; + const char* outFileName; +} pkcs7CompressedVector; + + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void) +{ + wc_test_ret_t ret = 0; + int i, testSz; + int compressedSz, decodedSz; + wc_PKCS7* pkcs7; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + byte *compressed; + byte *decoded; +#else + byte compressed[PKCS7_BUF_SIZE]; + byte decoded[PKCS7_BUF_SIZE]; +#endif + +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + XFILE pkcs7File; +#endif + + WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + + const pkcs7CompressedVector testVectors[] = + { + {data, (word32)sizeof(data), DATA, + "pkcs7compressedData_data_zlib.der"}, + {data, (word32)sizeof(data), FIRMWARE_PKG_DATA, + "pkcs7compressedData_firmwarePkgData_zlib.der"}, + }; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + compressed = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + decoded = (byte *)XMALLOC(PKCS7_BUF_SIZE, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if ((! compressed) || (! decoded)) { + ERROR_OUT(MEMORY_E, out); + } +#endif + WOLFSSL_ENTER("pkcs7compressed_test"); + + testSz = sizeof(testVectors) / sizeof(pkcs7CompressedVector); + + for (i = 0; i < testSz; i++) { + pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); + if (pkcs7 == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + + /* encode compressedData */ + compressedSz = wc_PKCS7_EncodeCompressedData(pkcs7, compressed, + PKCS7_BUF_SIZE); + if (compressedSz <= 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(compressedSz), out); + } + + /* decode compressedData */ + decodedSz = wc_PKCS7_DecodeCompressedData(pkcs7, compressed, + compressedSz, decoded, + PKCS7_BUF_SIZE); + if (decodedSz <= 0){ + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_EC(decodedSz), out); + } + + /* test decode result */ + if (XMEMCMP(decoded, testVectors[i].content, + testVectors[i].contentSz) != 0) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + + /* make sure content type is the same */ + if (testVectors[i].contentOID != pkcs7->contentOID) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + /* output pkcs7 compressedData for external testing */ + pkcs7File = XFOPEN(testVectors[i].outFileName, "wb"); + if (!pkcs7File) { + wc_PKCS7_Free(pkcs7); + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + + ret = (int)XFWRITE(compressed, compressedSz, 1, pkcs7File); + + if (ret < 0) + ret = WC_TEST_RET_ENC_ERRNO; + else + ret = 0; + + XFCLOSE(pkcs7File); +#endif + + wc_PKCS7_Free(pkcs7); + } + + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(compressed, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(decoded, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} /* pkcs7compressed_test() */ + +#undef PKCS7_BUF_SIZE + +#endif /* HAVE_LIBZ */ + + +typedef struct { + const byte* content; + word32 contentSz; + int hashOID; + int signOID; + byte* privateKey; + word32 privateKeySz; + byte* cert; + size_t certSz; + byte* caCert; + size_t caCertSz; + PKCS7Attrib* signedAttribs; + word32 signedAttribsSz; + const char* outFileName; + int contentOID; + const byte* contentType; + word32 contentTypeSz; + int sidType; + int encryptOID; /* for single-shot encrypt alg OID */ + int encCompFlag; /* for single-shot. 1 = enc, 2 = comp, 3 = both*/ + const byte* encryptKey; /* for single-shot, encryptedData */ + word32 encryptKeySz; /* for single-shot, encryptedData */ + PKCS7Attrib* unprotectedAttribs; /* for single-shot, encryptedData */ + word32 unprotectedAttribsSz; /* for single-shot, encryptedData */ + word16 detachedSignature; /* generate detached signature (0:1) */ +} pkcs7SignedVector; + + +static wc_test_ret_t pkcs7signed_run_vectors( + byte* rsaClientCertBuf, word32 rsaClientCertBufSz, + byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz, + byte* rsaServerCertBuf, word32 rsaServerCertBufSz, + byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz, + byte* rsaCaCertBuf, word32 rsaCaCertBufSz, + byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz, + byte* eccClientCertBuf, word32 eccClientCertBufSz, + byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz) +{ + wc_test_ret_t ret; + int testSz = 0, i; + int encodedSz; + byte* out = NULL; + word32 outSz; + WC_RNG rng; + wc_PKCS7* pkcs7 = NULL; +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + XFILE file; +#endif + + WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + + static const byte transIdOid[] = + { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, + 0x09, 0x07 }; + static const byte messageTypeOid[] = + { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, + 0x09, 0x02 }; + static const byte senderNonceOid[] = + { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, + 0x09, 0x05 }; +#ifndef NO_SHA + byte transId[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1]; +#else + byte transId[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1]; +#endif + static const byte messageType[] = { 0x13, 2, '1', '9' }; + byte senderNonce[PKCS7_NONCE_SZ + 2]; + + PKCS7Attrib attribs[] = + { + { transIdOid, sizeof(transIdOid), transId, + sizeof(transId) - 1 }, /* take off the null */ + { messageTypeOid, sizeof(messageTypeOid), messageType, + sizeof(messageType) }, + { senderNonceOid, sizeof(senderNonceOid), senderNonce, + sizeof(senderNonce) } + }; + + /* for testing custom contentType, FirmwarePkgData */ + static const byte customContentType[] = { 0x06, 0x0B, 0x2A, 0x86, + 0x48, 0x86, 0xF7, 0x0D, + 0x01, 0x09, 0x10, 0x01, 0x10 }; + + #define MAX_TESTVECTORS_LEN 20 + #define ADD_PKCS7SIGNEDVECTOR(...) { \ + const pkcs7SignedVector _this_vector = { __VA_ARGS__ }; \ + if (testSz == MAX_TESTVECTORS_LEN) { \ + ret = WC_TEST_RET_ENC_NC; \ + goto out; \ + } \ + XMEMCPY(&testVectors[testSz++], &_this_vector, \ + sizeof _this_vector); \ + } + + pkcs7SignedVector *testVectors = NULL; + + XMEMSET(&rng, 0, sizeof(rng)); + + testVectors = (pkcs7SignedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors), + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (testVectors == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + goto out; + } + + { +#ifndef NO_RSA + #ifndef NO_SHA + /* RSA with SHA */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, NULL, + 0, 0); + + /* RSA with SHA, no signed attributes */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHAh, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, + NULL, 0, NULL, 0, + "pkcs7signedData_RSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0); + #endif + #ifdef WOLFSSL_SHA224 + /* RSA with SHA224 */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA224h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0); + #endif + #ifndef NO_SHA256 + /* RSA with SHA256 */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0); + + /* RSA with SHA256, detached signature */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA256_detachedSig.der", 0, NULL, 0, 0, 0, 0, + NULL, 0, NULL, 0, 1); + + /* RSA with SHA256 and SubjectKeyIdentifier in SignerIdentifier */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0, + NULL, 0, NULL, 0, 0); + + /* RSA with SHA256 and custom contentType */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA256_custom_contentType.der", 0, + customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0, + NULL, 0, 0); + + /* RSA with SHA256 and FirmwarePkgData contentType */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA256_firmwarePkgData.der", + FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0); + + /* RSA with SHA256 using server cert and ca cert */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf, + rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz, + rsaCaCertBuf, rsaCaCertBufSz, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA256_with_ca_cert.der", 0, NULL, 0, 0, 0, 0, + NULL, 0, NULL, 0, 0); + #endif + #if defined(WOLFSSL_SHA384) + /* RSA with SHA384 */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA384h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0); + #endif + #if defined(WOLFSSL_SHA512) + /* RSA with SHA512 */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA512h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_RSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0); + #endif +#endif /* NO_RSA */ + +#ifdef HAVE_ECC + #ifndef NO_SHA + /* ECDSA with SHA */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0); + + /* ECDSA with SHA, no signed attributes */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHAh, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, + NULL, 0, NULL, 0, + "pkcs7signedData_ECDSA_SHA_noattr.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0); + #endif + #ifdef WOLFSSL_SHA224 + /* ECDSA with SHA224 */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA224h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA224.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0); + #endif + #ifndef NO_SHA256 + /* ECDSA with SHA256 */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA256.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0); + + /* ECDSA with SHA256 and SubjectKeyIdentifier in SigherIdentifier */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA256_SKID.der", 0, NULL, 0, CMS_SKID, 0, 0, + NULL, 0, NULL, 0, 0); + + /* ECDSA with SHA256 and custom contentType */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA256_custom_contentType.der", 0, + customContentType, sizeof(customContentType), 0, 0, 0, NULL, 0, + NULL, 0, 0); + + /* ECDSA with SHA256 and FirmwarePkgData contentType */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA256_firmwarePkgData.der", + FIRMWARE_PKG_DATA, NULL, 0, 0, 0, 0, NULL, 0, NULL, 0, 0); + #endif + #ifdef WOLFSSL_SHA384 + /* ECDSA with SHA384 */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA384h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA384.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0); + #endif + #ifdef WOLFSSL_SHA512 + /* ECDSA with SHA512 */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA512h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedData_ECDSA_SHA512.der", 0, NULL, 0, 0, 0, 0, NULL, 0, + NULL, 0, 0); + #endif +#endif /* HAVE_ECC */ + }; + + #undef MAX_TESTVECTORS_LEN + #undef ADD_PKCS7SIGNEDVECTOR + + outSz = FOURK_BUF; + out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (out == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + + XMEMSET(out, 0, outSz); + + /* test inner pad size error with block size being 0 */ + ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 0); + if (ret > 0) + ERROR_OUT(-1, out); + + ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (i = 0; i < testSz; i++) { + if (pkcs7) + wc_PKCS7_Free(pkcs7); + pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); + if (pkcs7 == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + + ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, + (word32)testVectors[i].certSz); + + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* load CA certificate, if present */ + if (testVectors[i].caCert != NULL) { + ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert, + (word32)testVectors[i].caCertSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + pkcs7->rng = &rng; + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + pkcs7->contentOID = testVectors[i].contentOID; + pkcs7->hashOID = testVectors[i].hashOID; + pkcs7->encryptOID = testVectors[i].signOID; + pkcs7->privateKey = testVectors[i].privateKey; + pkcs7->privateKeySz = testVectors[i].privateKeySz; + pkcs7->signedAttribs = testVectors[i].signedAttribs; + pkcs7->signedAttribsSz = testVectors[i].signedAttribsSz; + + /* optional custom contentType, default is DATA, + overrides contentOID if set */ + if (testVectors[i].contentType != NULL) { + ret = wc_PKCS7_SetContentType(pkcs7, + (byte *)testVectors[i].contentType, + testVectors[i].contentTypeSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + /* set SignerIdentifier to use SubjectKeyIdentifier if desired, + default is IssuerAndSerialNumber */ + if (testVectors[i].sidType == CMS_SKID) { + ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + /* generate senderNonce */ + { + senderNonce[0] = 0x04; + senderNonce[1] = PKCS7_NONCE_SZ; + + ret = wc_RNG_GenerateBlock(&rng, &senderNonce[2], PKCS7_NONCE_SZ); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + /* generate transactionID (used with SCEP) */ + { + #ifndef NO_SHA + wc_Sha sha; + byte digest[WC_SHA_DIGEST_SIZE]; + #else + wc_Sha256 sha; + byte digest[WC_SHA256_DIGEST_SIZE]; + #endif + int j,k; + + transId[0] = 0x13; + transId[1] = sizeof(digest) * 2; + + #ifndef NO_SHA + ret = wc_InitSha_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + wc_ShaUpdate(&sha, pkcs7->publicKey, pkcs7->publicKeySz); + wc_ShaFinal(&sha, digest); + wc_ShaFree(&sha); + #else + ret = wc_InitSha256_ex(&sha, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + wc_Sha256Update(&sha, pkcs7->publicKey, pkcs7->publicKeySz); + wc_Sha256Final(&sha, digest); + wc_Sha256Free(&sha); + #endif + + for (j = 0, k = 2; j < (int)sizeof(digest); j++, k += 2) { + (void)XSNPRINTF((char*)&transId[k], 3, "%02x", digest[j]); + } + } + + /* enable detached signature generation, if set */ + if (testVectors[i].detachedSignature == 1) { + ret = wc_PKCS7_SetDetached(pkcs7, 1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + encodedSz = wc_PKCS7_EncodeSignedData(pkcs7, out, outSz); + if (encodedSz < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out); + + #ifdef PKCS7_OUTPUT_TEST_BUNDLES + /* write PKCS#7 to output file for more testing */ + file = XFOPEN(testVectors[i].outFileName, "wb"); + if (!file) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + } + ret = (int)XFWRITE(out, 1, encodedSz, file); + XFCLOSE(file); + if (ret != (int)encodedSz) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ + + wc_PKCS7_Free(pkcs7); + + pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); + if (pkcs7 == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + wc_PKCS7_InitWithCert(pkcs7, NULL, 0); + + if (testVectors[i].detachedSignature == 1) { + /* set content for verifying detached signatures */ + pkcs7->content = (byte*)testVectors[i].content; + pkcs7->contentSz = testVectors[i].contentSz; + } + + ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + /* verify contentType extracted successfully for custom content types */ + if (testVectors[i].contentTypeSz > 0) { + if (pkcs7->contentTypeSz != testVectors[i].contentTypeSz) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } else if (XMEMCMP(pkcs7->contentType, testVectors[i].contentType, + pkcs7->contentTypeSz) != 0) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + } + + if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + { + /* check getting signed attributes */ + #ifndef NO_SHA + byte buf[(WC_SHA_DIGEST_SIZE + 1) * 2 + 1]; + #else + byte buf[(WC_SHA256_DIGEST_SIZE + 1) * 2 + 1]; + #endif + const byte* oidPt = transIdOid + 2; /* skip object id tag and size */ + int oidSz = (int)sizeof(transIdOid) - 2; + int bufSz = 0; + + if (testVectors[i].signedAttribs != NULL) { + ret = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, (word32)oidSz, + NULL, (word32*)&bufSz); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + ret = 0; + } + + if (bufSz > (int)sizeof(buf)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + bufSz = wc_PKCS7_GetAttributeValue(pkcs7, oidPt, (word32)oidSz, + buf, (word32*)&bufSz); + if ((testVectors[i].signedAttribs != NULL && bufSz < 0) || + (testVectors[i].signedAttribs == NULL && bufSz > 0)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + + #ifdef PKCS7_OUTPUT_TEST_BUNDLES + file = XFOPEN("./pkcs7cert.der", "wb"); + if (!file) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ret = (int)XFWRITE(pkcs7->singleCert, 1, pkcs7->singleCertSz, file); + + if (ret < 0) + ret = WC_TEST_RET_ENC_ERRNO; + else + ret = 0; + + XFCLOSE(file); + + #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ + + } + + out: + + if (pkcs7 != NULL) + wc_PKCS7_Free(pkcs7); + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRng(&rng); + + if (ret > 0) + return 0; + + (void)rsaClientCertBuf; + (void)rsaClientCertBufSz; + (void)rsaClientPrivKeyBuf; + (void)rsaClientPrivKeyBufSz; + (void)rsaServerCertBuf; + (void)rsaServerCertBufSz; + (void)rsaServerPrivKeyBuf; + (void)rsaServerPrivKeyBufSz; + (void)rsaCaCertBuf; + (void)rsaCaCertBufSz; + (void)rsaCaPrivKeyBuf; + (void)rsaCaPrivKeyBufSz; + (void)eccClientCertBuf; + (void)eccClientCertBufSz; + (void)eccClientPrivKeyBuf; + (void)eccClientPrivKeyBufSz; + + return ret; +} + + +static wc_test_ret_t pkcs7signed_run_SingleShotVectors( + byte* rsaClientCertBuf, word32 rsaClientCertBufSz, + byte* rsaClientPrivKeyBuf, word32 rsaClientPrivKeyBufSz, + byte* rsaServerCertBuf, word32 rsaServerCertBufSz, + byte* rsaServerPrivKeyBuf, word32 rsaServerPrivKeyBufSz, + byte* rsaCaCertBuf, word32 rsaCaCertBufSz, + byte* rsaCaPrivKeyBuf, word32 rsaCaPrivKeyBufSz, + byte* eccClientCertBuf, word32 eccClientCertBufSz, + byte* eccClientPrivKeyBuf, word32 eccClientPrivKeyBufSz) +{ + wc_test_ret_t ret; + int testSz = 0, i; + int encodedSz; + byte* out = NULL; + word32 outSz; + WC_RNG rng; + wc_PKCS7* pkcs7 = NULL; +#ifdef PKCS7_OUTPUT_TEST_BUNDLES + XFILE file; +#endif + #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \ + !defined(NO_PKCS7_ENCRYPTED_DATA) + byte* encryptedTmp = NULL; + int encryptedTmpSz; + #endif + + WOLFSSL_SMALL_STACK_STATIC const byte data[] = { /* Hello World */ + 0x48,0x65,0x6c,0x6c,0x6f,0x20,0x57,0x6f, + 0x72,0x6c,0x64 + }; + +#if !defined(NO_PKCS7_ENCRYPTED_DATA) && \ + defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) + static const byte aes256Key[] = { + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08, + 0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08 + }; +#endif + + static const byte messageTypeOid[] = + { 0x06, 0x0a, 0x60, 0x86, 0x48, 0x01, 0x86, 0xF8, 0x45, 0x01, + 0x09, 0x02 }; + static const byte messageType[] = { 0x13, 2, '1', '9' }; + + PKCS7Attrib attribs[] = + { + { messageTypeOid, sizeof(messageTypeOid), messageType, + sizeof(messageType) }, + }; + + #define MAX_TESTVECTORS_LEN 19 + #define ADD_PKCS7SIGNEDVECTOR(...) { \ + pkcs7SignedVector _this_vector = { __VA_ARGS__ }; \ + if (testSz == MAX_TESTVECTORS_LEN) { \ + ret = WC_TEST_RET_ENC_NC; \ + goto out; \ + } \ + XMEMCPY(&testVectors[testSz++], &_this_vector, \ + sizeof _this_vector); \ + } + + pkcs7SignedVector *testVectors = NULL; + + XMEMSET(&rng, 0, sizeof(rng)); + + testVectors = (pkcs7SignedVector *)XMALLOC(MAX_TESTVECTORS_LEN * sizeof(*testVectors), + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (testVectors == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + goto out; + } + + { +#ifndef NO_RSA + #ifndef NO_SHA256 + /* Signed FirmwarePkgData, RSA, SHA256, no attribs */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + NULL, 0, + "pkcs7signedFirmwarePkgData_RSA_SHA256_noattr.der", 0, NULL, 0, 0, + 0, 0, NULL, 0, NULL, 0, 0); + + /* Signed FirmwarePkgData, RSA, SHA256, attrs */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedFirmwarePkgData_RSA_SHA256.der", 0, NULL, 0, 0, 0, 0, + NULL, 0, NULL, 0, 0); + + /* Signed FirmwarePkgData, RSA, SHA256, SubjectKeyIdentifier, attrs */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedFirmwarePkgData_RSA_SHA256_SKID.der", 0, NULL, + 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0); + + /* Signed FirmwraePkgData, RSA, SHA256, server cert and ca cert, attr */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, RSAk, rsaServerPrivKeyBuf, + rsaServerPrivKeyBufSz, rsaServerCertBuf, rsaServerCertBufSz, + rsaCaCertBuf, rsaCaCertBufSz, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedFirmwarePkgData_RSA_SHA256_with_ca_cert.der", 0, NULL, + 0, 0, 0, 0, NULL, 0, NULL, 0, 0); + + #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \ + defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) + /* Signed Encrypted FirmwarePkgData, RSA, SHA256, no attribs */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + NULL, 0, + "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256_noattr.der", 0, + NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0); + + /* Signed Encrypted FirmwarePkgData, RSA, SHA256, attribs */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedEncryptedFirmwarePkgData_RSA_SHA256.der", 0, + NULL, 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0); + #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */ + + #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + /* Signed Compressed FirmwarePkgData, RSA, SHA256, no attribs */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + NULL, 0, + "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", 0, + NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0); + + /* Signed Compressed FirmwarePkgData, RSA, SHA256, attribs */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedCompressedFirmwarePkgData_RSA_SHA256.der", 0, + NULL, 0, 0, 0, 2, NULL, 0, NULL, 0, 0); + + #ifndef NO_PKCS7_ENCRYPTED_DATA + /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256, + no attribs */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + NULL, 0, + "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256_noattr.der", + 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL, + 0, 0); + + /* Signed Encrypted Compressed FirmwarePkgData, RSA, SHA256, + attribs */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, RSAk, rsaClientPrivKeyBuf, + rsaClientPrivKeyBufSz, rsaClientCertBuf, rsaClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedEncryptedCompressedFirmwarePkgData_RSA_SHA256.der", + 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0); + #endif /* !NO_PKCS7_ENCRYPTED_DATA */ + + #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ + + #endif /* NO_SHA256 */ +#endif /* NO_RSA */ + +#ifdef HAVE_ECC + #ifndef NO_SHA256 + /* Signed FirmwarePkgData, ECDSA, SHA256, no attribs */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + NULL, 0, + "pkcs7signedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL, + 0, 0, 0, 0, NULL, 0, NULL, 0, 0); + + /* Signed FirmwarePkgData, ECDSA, SHA256, attribs */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL, + 0, 0, 0, 0, NULL, 0, NULL, 0, 0); + + /* Signed FirmwarePkgData, ECDSA, SHA256, SubjectKeyIdentifier, attr */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedFirmwarePkgData_ECDSA_SHA256_SKID.der", 0, NULL, + 0, CMS_SKID, 0, 0, NULL, 0, NULL, 0, 0); + + #if !defined(NO_PKCS7_ENCRYPTED_DATA) && \ + defined(HAVE_AES_CBC) && defined(WOLFSSL_AES_256) + /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, no attribs */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + NULL, 0, + "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL, + 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), NULL, 0, 0); + + /* Signed Encrypted FirmwarePkgData, ECDSA, SHA256, attribs */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedEncryptedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL, + 0, 0, AES256CBCb, 1, aes256Key, sizeof(aes256Key), + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0); + #endif /* WOLFSSL_AES_256 && !NO_PKCS7_ENCRYPTED_DATA */ + + #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, no attribs */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + NULL, 0, + "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", 0, NULL, + 0, 0, 0, 2, NULL, 0, NULL, 0, 0); + + /* Signed Compressed FirmwarePkgData, ECDSA, SHA256, attrib */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedCompressedFirmwarePkgData_ECDSA_SHA256.der", 0, NULL, + 0, 0, 0, 2, NULL, 0, NULL, 0, 0); + + #ifndef NO_PKCS7_ENCRYPTED_DATA + /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256, + no attribs */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + NULL, 0, + "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256_noattr.der", + 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), NULL, + 0, 0); + + /* Signed Encrypted Compressed FirmwarePkgData, ECDSA, SHA256, + attribs */ + ADD_PKCS7SIGNEDVECTOR( + data, (word32)sizeof(data), SHA256h, ECDSAk, eccClientPrivKeyBuf, + eccClientPrivKeyBufSz, eccClientCertBuf, eccClientCertBufSz, NULL, 0, + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), + "pkcs7signedEncryptedCompressedFirmwarePkgData_ECDSA_SHA256.der", + 0, NULL, 0, 0, AES256CBCb, 3, aes256Key, sizeof(aes256Key), + attribs, (sizeof(attribs)/sizeof(PKCS7Attrib)), 0); + #endif /* !NO_PKCS7_ENCRYPTED_DATA */ + + #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ + + #endif /* NO_SHA256 */ +#endif /* HAVE_ECC */ + }; + + #undef MAX_TESTVECTORS_LEN + #undef ADD_PKCS7SIGNEDVECTOR + + outSz = FOURK_BUF; + out = (byte*)XMALLOC(outSz, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (out == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + + XMEMSET(out, 0, outSz); + + ret = wc_PKCS7_PadData((byte*)data, sizeof(data), out, outSz, 16); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + for (i = 0; i < testSz; i++) { + if (pkcs7) + wc_PKCS7_Free(pkcs7); + pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); + if (pkcs7 == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + + ret = wc_PKCS7_InitWithCert(pkcs7, testVectors[i].cert, + (word32)testVectors[i].certSz); + + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* load CA certificate, if present */ + if (testVectors[i].caCert != NULL) { + ret = wc_PKCS7_AddCertificate(pkcs7, testVectors[i].caCert, + (word32)testVectors[i].caCertSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + /* set SignerIdentifier to use SubjectKeyIdentifier if desired, + default is IssuerAndSerialNumber */ + if (testVectors[i].sidType == CMS_SKID) { + ret = wc_PKCS7_SetSignerIdentifierType(pkcs7, CMS_SKID); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + + if (testVectors[i].encCompFlag == 0) { + + /* encode Signed FirmwarePkgData */ + encodedSz = wc_PKCS7_EncodeSignedFPD(pkcs7, + testVectors[i].privateKey, testVectors[i].privateKeySz, + testVectors[i].signOID, testVectors[i].hashOID, + (byte*)testVectors[i].content, testVectors[i].contentSz, + testVectors[i].signedAttribs, + testVectors[i].signedAttribsSz, out, outSz); + + if (encodedSz < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out); + + #ifndef NO_PKCS7_ENCRYPTED_DATA + + } else if (testVectors[i].encCompFlag == 1) { + + /* encode Signed Encrypted FirmwarePkgData */ + encodedSz = wc_PKCS7_EncodeSignedEncryptedFPD(pkcs7, + (byte *)testVectors[i].encryptKey, testVectors[i].encryptKeySz, + testVectors[i].privateKey, testVectors[i].privateKeySz, + testVectors[i].encryptOID, testVectors[i].signOID, + testVectors[i].hashOID, (byte*)testVectors[i].content, + testVectors[i].contentSz, testVectors[i].unprotectedAttribs, + testVectors[i].unprotectedAttribsSz, + testVectors[i].signedAttribs, + testVectors[i].signedAttribsSz, out, outSz); + + if (encodedSz <= 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out); + #endif + + #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + } else if (testVectors[i].encCompFlag == 2) { + + /* encode Signed Compressed FirmwarePkgData */ + encodedSz = wc_PKCS7_EncodeSignedCompressedFPD(pkcs7, + testVectors[i].privateKey, testVectors[i].privateKeySz, + testVectors[i].signOID, testVectors[i].hashOID, + (byte*)testVectors[i].content, testVectors[i].contentSz, + testVectors[i].signedAttribs, + testVectors[i].signedAttribsSz, out, outSz); + + if (encodedSz <= 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out); + + #ifndef NO_PKCS7_ENCRYPTED_DATA + } else if (testVectors[i].encCompFlag == 3) { + + /* encode Signed Encrypted Compressed FirmwarePkgData */ + encodedSz = wc_PKCS7_EncodeSignedEncryptedCompressedFPD(pkcs7, + (byte*)testVectors[i].encryptKey, testVectors[i].encryptKeySz, + testVectors[i].privateKey, testVectors[i].privateKeySz, + testVectors[i].encryptOID, testVectors[i].signOID, + testVectors[i].hashOID, (byte*)testVectors[i].content, + testVectors[i].contentSz, testVectors[i].unprotectedAttribs, + testVectors[i].unprotectedAttribsSz, + testVectors[i].signedAttribs, + testVectors[i].signedAttribsSz, out, outSz); + + if (encodedSz <= 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(encodedSz), out); + + #endif /* NO_PKCS7_ENCRYPTED_DATA */ + #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ + + } else { + /* unsupported SignedData single-shot combination */ + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + + #ifdef PKCS7_OUTPUT_TEST_BUNDLES + /* write PKCS#7 to output file for more testing */ + file = XFOPEN(testVectors[i].outFileName, "wb"); + if (!file) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + ret = (int)XFWRITE(out, 1, encodedSz, file); + XFCLOSE(file); + file = NULL; + if (ret != (int)encodedSz) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + #endif /* PKCS7_OUTPUT_TEST_BUNDLES */ + + wc_PKCS7_Free(pkcs7); + + pkcs7 = wc_PKCS7_New(HEAP_HINT, devId); + if (pkcs7 == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + wc_PKCS7_InitWithCert(pkcs7, NULL, 0); + + ret = wc_PKCS7_VerifySignedData(pkcs7, out, outSz); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); +#ifndef NO_PKCS7_STREAM + { + word32 z; + for (z = 0; z < outSz && ret != 0; z++) { + ret = wc_PKCS7_VerifySignedData(pkcs7, out + z, 1); + if (ret < 0 && ret != WC_NO_ERR_TRACE(WC_PKCS7_WANT_READ_E)) { + printf("unexpected error %d\n", ret); + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + } + } + } +#endif + + if (pkcs7->singleCert == NULL || pkcs7->singleCertSz == 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + if (testVectors[i].encCompFlag == 0) { + /* verify decoded content matches expected */ + if ((pkcs7->contentSz != testVectors[i].contentSz) || + XMEMCMP(pkcs7->content, testVectors[i].content, + pkcs7->contentSz)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + + } + #ifndef NO_PKCS7_ENCRYPTED_DATA + else if (testVectors[i].encCompFlag == 1) { + + /* decrypt inner encryptedData */ + pkcs7->encryptionKey = (byte *)testVectors[i].encryptKey; + pkcs7->encryptionKeySz = testVectors[i].encryptKeySz; + + ret = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content, + pkcs7->contentSz, out, outSz); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + /* compare decrypted to expected */ + if (((word32)ret != testVectors[i].contentSz) || + XMEMCMP(out, testVectors[i].content, (word32)ret)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + #endif + #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + else if (testVectors[i].encCompFlag == 2) { + + /* decompress inner compressedData */ + ret = wc_PKCS7_DecodeCompressedData(pkcs7, pkcs7->content, + pkcs7->contentSz, out, outSz); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + /* compare decompressed to expected */ + if (((word32)ret != testVectors[i].contentSz) || + XMEMCMP(out, testVectors[i].content, ret)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + #ifndef NO_PKCS7_ENCRYPTED_DATA + else if (testVectors[i].encCompFlag == 3) { + + encryptedTmpSz = FOURK_BUF; + encryptedTmp = (byte*)XMALLOC(encryptedTmpSz, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (encryptedTmp == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, out); + + XMEMSET(encryptedTmp, 0, encryptedTmpSz); + + /* decrypt inner encryptedData */ + pkcs7->encryptionKey = (byte*)testVectors[i].encryptKey; + pkcs7->encryptionKeySz = testVectors[i].encryptKeySz; + + encryptedTmpSz = wc_PKCS7_DecodeEncryptedData(pkcs7, pkcs7->content, + pkcs7->contentSz, encryptedTmp, + encryptedTmpSz); + + if (encryptedTmpSz < 0 || pkcs7->contentOID != COMPRESSED_DATA) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* decompress inner compressedData */ + ret = wc_PKCS7_DecodeCompressedData(pkcs7, encryptedTmp, + encryptedTmpSz, out, outSz); + if (ret < 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + /* compare decompressed to expected */ + if (((word32)ret != testVectors[i].contentSz) || + XMEMCMP(out, testVectors[i].content, ret)) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + } + #endif /* NO_PKCS7_ENCRYPTED_DATA */ + #endif /* HAVE_LIBZ && !NO_PKCS7_COMPRESSED_DATA */ + + } + + out: + + if (pkcs7 != NULL) + wc_PKCS7_Free(pkcs7); + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) && \ + !defined(NO_PKCS7_ENCRYPTED_DATA) + XFREE(encryptedTmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif + XFREE(testVectors, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + wc_FreeRng(&rng); + + if (ret > 0) + return 0; + + (void)eccClientCertBuf; + (void)eccClientCertBufSz; + (void)eccClientPrivKeyBuf; + (void)eccClientPrivKeyBufSz; + + (void)rsaClientCertBuf; + (void)rsaClientCertBufSz; + (void)rsaClientPrivKeyBuf; + (void)rsaClientPrivKeyBufSz; + (void)rsaServerCertBuf; + (void)rsaServerCertBufSz; + (void)rsaServerPrivKeyBuf; + (void)rsaServerPrivKeyBufSz; + (void)rsaCaCertBuf; + (void)rsaCaCertBufSz; + (void)rsaCaPrivKeyBuf; + (void)rsaCaPrivKeyBufSz; + + return ret; +} + + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void) +{ + wc_test_ret_t ret = 0; + + byte* rsaClientCertBuf = NULL; + byte* rsaServerCertBuf = NULL; + byte* rsaCaCertBuf = NULL; + byte* eccClientCertBuf = NULL; + byte* rsaClientPrivKeyBuf = NULL; + byte* rsaServerPrivKeyBuf = NULL; + byte* rsaCaPrivKeyBuf = NULL; + byte* eccClientPrivKeyBuf = NULL; + + word32 rsaClientCertBufSz = 0; + word32 rsaServerCertBufSz = 0; + word32 rsaCaCertBufSz = 0; + word32 eccClientCertBufSz = 0; + word32 rsaClientPrivKeyBufSz = 0; + word32 rsaServerPrivKeyBufSz = 0; + word32 rsaCaPrivKeyBufSz = 0; + word32 eccClientPrivKeyBufSz = 0; + WOLFSSL_ENTER("pkcs7signed_test"); + +#ifndef NO_RSA + /* read client RSA cert and key in DER format */ + rsaClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (rsaClientCertBuf == NULL) + ret = WC_TEST_RET_ENC_NC; + + rsaClientPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ret == 0 && rsaClientPrivKeyBuf == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + } + + rsaClientCertBufSz = FOURK_BUF; + rsaClientPrivKeyBufSz = FOURK_BUF; + + /* read server RSA cert and key in DER format */ + rsaServerCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ret == 0 && rsaServerCertBuf == NULL) + ret = WC_TEST_RET_ENC_NC; + + rsaServerPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ret == 0 && rsaServerPrivKeyBuf == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + } + + rsaServerCertBufSz = FOURK_BUF; + rsaServerPrivKeyBufSz = FOURK_BUF; + + /* read CA RSA cert and key in DER format, for use with server cert */ + rsaCaCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ret == 0 && rsaCaCertBuf == NULL) + ret = WC_TEST_RET_ENC_NC; + + rsaCaPrivKeyBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ret == 0 && rsaCaPrivKeyBuf == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + } + + rsaCaCertBufSz = FOURK_BUF; + rsaCaPrivKeyBufSz = FOURK_BUF; +#endif /* NO_RSA */ + +#ifdef HAVE_ECC + /* read client ECC cert and key in DER format */ + eccClientCertBuf = (byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ret == 0 && eccClientCertBuf == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + } + + eccClientPrivKeyBuf =(byte*)XMALLOC(FOURK_BUF, HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if (ret == 0 && eccClientPrivKeyBuf == NULL) { + ret = WC_TEST_RET_ENC_ERRNO; + } + + eccClientCertBufSz = FOURK_BUF; + eccClientPrivKeyBufSz = FOURK_BUF; +#endif /* HAVE_ECC */ + + if (ret >= 0) + ret = pkcs7_load_certs_keys(rsaClientCertBuf, &rsaClientCertBufSz, + rsaClientPrivKeyBuf, &rsaClientPrivKeyBufSz, + rsaServerCertBuf, &rsaServerCertBufSz, + rsaServerPrivKeyBuf, &rsaServerPrivKeyBufSz, + rsaCaCertBuf, &rsaCaCertBufSz, + rsaCaPrivKeyBuf, &rsaCaPrivKeyBufSz, + eccClientCertBuf, &eccClientCertBufSz, + eccClientPrivKeyBuf, &eccClientPrivKeyBufSz); + if (ret < 0) { + ret = WC_TEST_RET_ENC_EC(ret); + } + + if (ret >= 0) + ret = pkcs7signed_run_vectors(rsaClientCertBuf, (word32)rsaClientCertBufSz, + rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz, + rsaServerCertBuf, (word32)rsaServerCertBufSz, + rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz, + rsaCaCertBuf, (word32)rsaCaCertBufSz, + rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz, + eccClientCertBuf, (word32)eccClientCertBufSz, + eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz); + + if (ret >= 0) + ret = pkcs7signed_run_SingleShotVectors( + rsaClientCertBuf, (word32)rsaClientCertBufSz, + rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz, + rsaServerCertBuf, (word32)rsaServerCertBufSz, + rsaServerPrivKeyBuf, (word32)rsaServerPrivKeyBufSz, + rsaCaCertBuf, (word32)rsaCaCertBufSz, + rsaCaPrivKeyBuf, (word32)rsaCaPrivKeyBufSz, + eccClientCertBuf, (word32)eccClientCertBufSz, + eccClientPrivKeyBuf, (word32)eccClientPrivKeyBufSz); + +#if !defined(NO_RSA) && !defined(NO_AES) && defined(HAVE_AES_CBC) && \ + defined(WOLFSSL_AES_256) && defined(HAVE_AES_KEYWRAP) + if (ret >= 0) + ret = pkcs7callback_test( + rsaClientCertBuf, (word32)rsaClientCertBufSz, + rsaClientPrivKeyBuf, (word32)rsaClientPrivKeyBufSz); +#endif + + XFREE(rsaClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaServerCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaServerPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaCaCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(rsaCaPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(eccClientCertBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(eccClientPrivKeyBuf, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + return ret; +} + +#endif /* HAVE_PKCS7 */ + +#if defined(WOLFSSL_PUBLIC_MP) && \ + ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(USE_FAST_MATH)) + +/* Maximum number of bytes in a number to test. */ +#define MP_MAX_TEST_BYTE_LEN 32 + +static wc_test_ret_t randNum(mp_int* n, int len, WC_RNG* rng, void* heap) +{ + byte d[MP_MAX_TEST_BYTE_LEN]; + wc_test_ret_t ret; + + (void)heap; + + do { + ret = wc_RNG_GenerateBlock(rng, d, (word32)len); + if (ret != 0) + return ret; + ret = mp_read_unsigned_bin(n, d, (word32)len); + if (ret != 0) + return ret; + } while (mp_iszero(n)); + + return 0; +} + +#if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH) +static wc_test_ret_t mp_test_div_3(mp_int* a, mp_int* r, WC_RNG* rng) +{ + int i, j; + mp_digit rem; + mp_digit rem2; + wc_test_ret_t ret; + +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) + for (i = 0; i < 10; i++) { + for (j = 1; j < 10; j++) { + ret = randNum(a, j, rng, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div_3(a, r, &rem); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mul_d(r, 3, r); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_add_d(r, rem, r); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp(r, a); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + } + } + + ret = mp_div_3(a, r, &rem); + if (ret != 0) + return WC_TEST_RET_ENC_NC; + ret = mp_div_3(a, a, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_NC; + ret = mp_cmp(r, a); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; +#endif + +#if defined(WOLFSSL_SP_MATH_ALL) + ret = mp_div_d(a, 10, r, &rem); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div_d(a, 10, a, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp(r, a); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + + ret = mp_div_d(a, 12, r, &rem); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div_d(a, 12, a, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp(r, a); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + + ret = mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), r, &rem); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), NULL, &rem2); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div_d(a, (mp_digit)1 << (DIGIT_BIT / 2), a, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp(r, a); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + if (rem != rem2) + return WC_TEST_RET_ENC_NC; +#endif + + (void)a; + (void)r; + (void)rng; + (void)i; + (void)j; + (void)rem; + (void)rem2; + (void)ret; + + return 0; +} +#endif /* WOLFSSL_SP_MATH || !USE_FAST_MATH */ + +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + (!defined WOLFSSL_SP_MATH && !defined(WOLFSSL_SP_MATH_ALL) && \ + (defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC))) +static wc_test_ret_t mp_test_radix_10(mp_int* a, mp_int* r, WC_RNG* rng) +{ + wc_test_ret_t ret; + int i, j; + int size; + char str[30]; + WOLFSSL_SMALL_STACK_STATIC const char* badStr1 = "A"; + WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "a"; + WOLFSSL_SMALL_STACK_STATIC const char* empty2 = " "; + WOLFSSL_SMALL_STACK_STATIC const char* zeros = "000"; + WOLFSSL_SMALL_STACK_STATIC const char* empty = ""; + + for (i = 0; i < 10; i++) { + for (j = 2; j < 12; j++) { + ret = randNum(a, j, rng, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_radix_size(a, MP_RADIX_DEC, &size); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_toradix(a, str, MP_RADIX_DEC); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if ((int)XSTRLEN(str) != size - 1) + return WC_TEST_RET_ENC_NC; + ret = mp_read_radix(r, str, MP_RADIX_DEC); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp(a, r); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + } + } + + ret = mp_read_radix(r, badStr1, MP_RADIX_DEC); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_read_radix(r, badStr2, MP_RADIX_DEC); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_read_radix(r, empty2, MP_RADIX_DEC); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_read_radix(r, zeros, MP_RADIX_DEC); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r)) + return WC_TEST_RET_ENC_NC; + mp_set(r, 1); + ret = mp_read_radix(r, empty, MP_RADIX_DEC); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r)) + return WC_TEST_RET_ENC_NC; + + mp_zero(a); + ret = mp_radix_size(a, MP_RADIX_DEC, &size); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (size != 2) + return WC_TEST_RET_ENC_NC; + ret = mp_toradix(a, str, MP_RADIX_DEC); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if ((int)XSTRLEN(str) != size - 1) + return WC_TEST_RET_ENC_NC; + ret = mp_read_radix(r, str, MP_RADIX_DEC); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r)) + return WC_TEST_RET_ENC_NC; + + return 0; +} +#endif + +#if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \ + defined(HAVE_ECC)) +static wc_test_ret_t mp_test_radix_16(mp_int* a, mp_int* r, WC_RNG* rng) +{ + wc_test_ret_t ret; + int i, j; + int size; + char str[30]; +#if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH) + static char longStr[2 * sizeof(a->dp) + 2]; +#endif + WOLFSSL_SMALL_STACK_STATIC const char* empty2 = " "; + WOLFSSL_SMALL_STACK_STATIC const char* badStr2 = "}"; + WOLFSSL_SMALL_STACK_STATIC const char* empty = ""; + + for (i = 0; i < 10; i++) { + for (j = 2; j < 12; j++) { + ret = randNum(a, j, rng, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_radix_size(a, MP_RADIX_HEX, &size); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_toradix(a, str, MP_RADIX_HEX); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if ((int)XSTRLEN(str) != size - 1) + return WC_TEST_RET_ENC_NC; + mp_read_radix(r, str, MP_RADIX_HEX); + ret = mp_cmp(a, r); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + } + } + + ret = mp_read_radix(r, empty2, MP_RADIX_HEX); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_read_radix(r, badStr2, MP_RADIX_HEX); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + mp_set(r, 1); + ret = mp_read_radix(r, empty, MP_RADIX_HEX); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r)) + return WC_TEST_RET_ENC_NC; + +#if defined(WOLFSSL_SP_MATH) || defined(USE_FAST_MATH) + /* Fixed MP data size - string can be too long. */ + longStr[0] = '8'; + XMEMSET(longStr+1, '0', sizeof(longStr) - 2); + longStr[sizeof(longStr)-1] = '\0'; + ret = mp_read_radix(r, longStr, MP_RADIX_HEX); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + + mp_zero(a); + ret = mp_radix_size(a, MP_RADIX_HEX, &size); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); +#ifndef WC_DISABLE_RADIX_ZERO_PAD + if (size != 3) +#else + if (size != 2) +#endif + return WC_TEST_RET_ENC_NC; + ret = mp_toradix(a, str, MP_RADIX_HEX); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if ((int)XSTRLEN(str) != size - 1) + return WC_TEST_RET_ENC_NC; + ret = mp_read_radix(r, str, MP_RADIX_HEX); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r)) + return WC_TEST_RET_ENC_NC; + +#ifdef WOLFSSL_SP_MATH + ret = mp_toradix(a, str, 8); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_radix_size(a, 8, &size); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + + return 0; +} +#endif + +static wc_test_ret_t mp_test_shift(mp_int* a, mp_int* r1, WC_RNG* rng) +{ + int i; + wc_test_ret_t ret; + + ret = randNum(a, 4, rng, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + for (i = 0; i < 4; i++) { + ret = mp_copy(r1, a); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); +#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \ + defined(WC_RSA_BLINDING) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) + ret = mp_lshd(r1, i); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + #ifndef WOLFSSL_SP_MATH + mp_rshd(r1, i); + #else + mp_rshb(r1, i * SP_WORD_SIZE); + #endif + ret = mp_cmp(a, r1); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; +#endif + } +#ifndef WOLFSSL_SP_MATH + for (i = 0; i < DIGIT_BIT+1; i++) { + ret = mp_mul_2d(a, i, r1); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + mp_rshb(r1, i); + ret = mp_cmp(a, r1); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + } +#endif + + return 0; +} + +#if !(defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)) || \ + (defined(WOLFSSL_SP_ADD_D) && defined(WOLFSSL_SP_SUB_D)) +static wc_test_ret_t mp_test_add_sub_d(mp_int* a, mp_int* r1) +{ + int i, j; + wc_test_ret_t ret; + + for (i = 0; i <= DIGIT_BIT * 2; i++) { + mp_zero(a); + mp_set_bit(a, i); + if ((int)a->used != (i + DIGIT_BIT) / DIGIT_BIT) + return WC_TEST_RET_ENC_NC; + for (j = 0; j < i && j < DIGIT_BIT; j++) { + mp_zero(r1); + mp_set_bit(r1, i); + ret = mp_sub_d(r1, (mp_digit)1 << j, r1); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_add_d(r1, (mp_digit)1 << j, r1); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp(a, r1); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + } + } + + mp_zero(r1); + ret = mp_add_d(r1, 1, r1); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (r1->used != 1) + return WC_TEST_RET_ENC_NC; + ret = mp_sub_d(r1, 1, r1); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (r1->used != 0) + return WC_TEST_RET_ENC_NC; + + return 0; +} +#endif + +static wc_test_ret_t mp_test_read_to_bin(mp_int* a) +{ + WOLFSSL_SMALL_STACK_STATIC const byte in[16] = { + 0x91, 0xa2, 0xb3, 0xc4, 0xd5, 0xe6, 0xf7, 0x08, + 0x93, 0xa4, 0xb4, 0xc5, 0xd6, 0xe7, 0xf8, 0x09 + }; + byte out[24]; + int i, j, k; + const byte* p; + wc_test_ret_t ret; + + for (i = 0; i < (int)sizeof(in); i++) { + p = in + sizeof(in) - i; + ret = mp_read_unsigned_bin(a, p, (word32)i); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + for (j = i; j < (int)sizeof(out); j++) { + XMEMSET(out, 0xff, sizeof(out)); + ret = mp_to_unsigned_bin_len(a, out, j); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + for (k = 0; k < j - i; k++) { + if (out[k] != 0) + return WC_TEST_RET_ENC_NC; + } + for (; k < j; k++) { + if (out[k] != p[k - (j - i)]) + return WC_TEST_RET_ENC_NC; + } + } + } + + /* Length too small. */ + ret = mp_to_unsigned_bin_len(a, out, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_read_unsigned_bin(a, NULL, 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(a)) + return WC_TEST_RET_ENC_NC; + + return 0; +} + +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) +static wc_test_ret_t mp_test_set_int(mp_int* a) +{ +#if SP_ULONG_BITS == 64 + unsigned long n = 0xfedcba9876543210UL; + byte exp[8] = { 0xfe, 0xdc, 0xba, 0x98, 0x76, 0x54, 0x32, 0x10 }; + byte out[8] = { 0 }; +#elif SP_ULONG_BITS == 32 + unsigned long n = 0xfedcba98UL; + byte exp[4] = { 0xfe, 0xdc, 0xba, 0x98 }; + byte out[4] = { 0 }; +#elif SP_ULONG_BITS == 16 + unsigned long n = 0xfedc; + byte exp[2] = { 0xfe, 0xdc }; + byte out[2] = { 0 }; +#elif SP_ULONG_BITS == 8 + unsigned long n = 0xfe; + byte exp[1] = { 0xfe }; + byte out[1] = { 0 }; +#endif + wc_test_ret_t ret; + + ret = mp_set_int(a, n); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_unsigned_bin_size(a); + if (ret != sizeof(exp)) + return WC_TEST_RET_ENC_NC; + ret = mp_to_unsigned_bin(a, out); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (XMEMCMP(exp, out, sizeof(exp)) != 0) + return WC_TEST_RET_ENC_NC; + + return 0; +} +#endif + +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) +static wc_test_ret_t mp_test_param(mp_int* a, mp_int* b, mp_int* r, WC_RNG* rng) +{ + byte buffer[16]; +#if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL) + char hexStr[] = "abcdef0123456789"; +#ifndef WOLFSSL_SP_INT_NEGATIVE + char negStr[] = "-1234"; +#endif +#endif +#if !defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_KEY_GEN) || \ + defined(HAVE_COMP_KEY) + char decStr[] = "0987654321"; +#endif + wc_test_ret_t ret; +#ifdef WOLFSSL_SP_MATH_ALL + mp_digit rho; + int size; +#endif +#ifdef WOLFSSL_SP_PRIME_GEN + int result; +#endif +#if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \ + (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN)) + mp_digit rd; +#endif + + (void)rng; + (void)r; + + ret = mp_init(NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + +#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC)) + ret = mp_init_multi(NULL, NULL, NULL, NULL, NULL, NULL); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); +#endif + + mp_free(NULL); + +#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + !defined(NO_DH) || defined(HAVE_ECC) + ret = mp_grow(NULL, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#ifdef WOLFSSL_SP_MATH + ret = mp_grow(a, SP_INT_DIGITS + 1); + if (ret != WC_NO_ERR_TRACE(MP_MEM)) + return WC_TEST_RET_ENC_EC(ret); +#endif +#endif + + mp_clear(NULL); + + ret = mp_abs(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_abs(a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_abs(NULL, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_unsigned_bin_size(NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* clear buffer to avoid provoking uninitvar errors. */ + XMEMSET(buffer, 0, sizeof(buffer)); + + ret = mp_read_unsigned_bin(NULL, NULL, sizeof(buffer)); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_read_unsigned_bin(NULL, buffer, sizeof(buffer)); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_read_unsigned_bin(a, NULL, sizeof(buffer)); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_read_unsigned_bin(a, buffer, SP_INT_DIGITS * SP_WORD_SIZEOF + 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + +#if defined(HAVE_ECC) || defined(WOLFSSL_SP_MATH_ALL) + ret = mp_read_radix(NULL, NULL, 16); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_read_radix(a, NULL, 16); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_read_radix(NULL, hexStr, 16); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#ifndef WOLFSSL_SP_INT_NEGATIVE + ret = mp_read_radix(a, negStr, 16); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#ifdef WOLFSSL_SP_MATH_ALL + ret = mp_read_radix(a, negStr, 10); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif /* WOLFSSL_SP_MATH_ALL */ +#endif /* WOLFSSL_SP_INT_NEGATIVE */ +#endif +#ifndef WOLFSSL_SP_MATH_ALL + /* Radix 10 only supported with ALL. */ + ret = mp_read_radix(a, decStr, 10); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + /* Radix 8 not supported SP_INT. */ + ret = mp_read_radix(a, "0123", 8); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_count_bits(NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_is_bit_set(NULL, 0); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_leading_bit(NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + mp_zero(a); + ret = mp_leading_bit(a); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + +#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \ + defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) || defined(OPENSSL_EXTRA) || \ + !defined(NO_RSA) + ret = mp_set_bit(NULL, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if !defined(NO_DH) || defined(HAVE_ECC) || defined(WC_RSA_BLINDING) || \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) + ret = mp_to_unsigned_bin(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_to_unsigned_bin(a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_to_unsigned_bin(NULL, buffer); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + + ret = mp_to_unsigned_bin_len(NULL, NULL, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_to_unsigned_bin_len(a, NULL, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_to_unsigned_bin_len(NULL, buffer, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + +#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) + ret = mp_to_unsigned_bin_at_pos(0, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_to_unsigned_bin_at_pos(0, a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_to_unsigned_bin_at_pos(0, NULL, buffer); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_to_unsigned_bin_at_pos(0, a, buffer); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) || (!defined(NO_DH) || defined(HAVE_ECC)) + ret = mp_copy(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_copy(a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_copy(NULL, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) + ret = sp_2expt(NULL, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + + ret = mp_set(NULL, 0); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_cmp_d(NULL, 0); + if (ret != MP_LT) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_cmp(NULL, NULL); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + ret = mp_cmp(a, NULL); + if (ret != MP_GT) + return WC_TEST_RET_ENC_NC; + ret = mp_cmp(NULL, b); + if (ret != MP_LT) + return WC_TEST_RET_ENC_NC; + +#ifdef WOLFSSL_SP_MATH_ALL + mp_rshd(NULL, 1); +#endif + + mp_zero(NULL); + +#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \ + (defined(WC_RSA_BLINDING) || !defined(WOLFSSL_RSA_PUBLIC_ONLY))) + ret = mp_lshd(NULL, 0); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_lshd(a, SP_INT_DIGITS + 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if defined(WOLFSSL_SP_MATH_ALL) + ret = mp_div(NULL, NULL, a, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div(a, NULL, a, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div(NULL, b, a, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div(a, b, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) + ret = mp_mod(NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mod(a, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mod(NULL, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mod(NULL, NULL, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mod(a, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mod(a, NULL, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mod(NULL, b, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if !defined(NO_RSA) || defined(WOLFSSL_SP_MATH_ALL) + ret = mp_set_int(NULL, 0); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \ + (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA) + ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(NULL, a, 1, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(NULL, NULL, 1, a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(a, a, 1, a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(a, a, 1, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(a, NULL, 1, a, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(NULL, a, 1, a, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_exptmod_nct(NULL, NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(a, NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(NULL, a, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(NULL, NULL, a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(NULL, NULL, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(a, a, a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(a, a, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(a, NULL, a, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(NULL, a, a, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \ + !defined(WC_NO_RNG) + ret = mp_rand_prime(NULL, 32, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_rand_prime(a, 32, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_rand_prime(NULL, 32, rng, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_rand_prime(a, 0, rng, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) + ret = mp_mul(NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mul(a, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mul(NULL, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mul(NULL, NULL, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mul(a, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mul(a, NULL, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mul(NULL, b, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \ + defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) + ret = mp_sqr(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sqr(a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sqr(NULL, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) + ret = mp_sqrmod(NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sqrmod(a, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sqrmod(NULL, a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sqrmod(NULL, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sqrmod(a, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sqrmod(a, NULL, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sqrmod(NULL, a, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_mulmod(NULL, NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mulmod(a, NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mulmod(NULL, a, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mulmod(NULL, NULL, a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mulmod(NULL, NULL, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mulmod(a, b, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mulmod(a, b, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mulmod(a, NULL, b, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mulmod(NULL, b, b, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if !defined(NO_PWDBASED) || defined(WOLFSSL_KEY_GEN) || !defined(NO_DH) || \ + !defined(NO_RSA) || !defined(NO_DSA) + ret = mp_add_d(NULL, 1, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_add_d(a, 1, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_add_d(NULL, 1, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + !defined(NO_DH) || defined(HAVE_ECC) || !defined(NO_DSA) + ret = mp_sub_d(NULL, 1, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sub_d(a, 1, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sub_d(NULL, 1, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) + ret = mp_div_d(NULL, 0, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div_d(a, 0, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div_d(NULL, 1, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || \ + (defined(OPENSSL_EXTRA) && defined(WOLFSSL_KEY_GEN)) + ret = mp_mod_d(NULL, 0, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mod_d(a, 0, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mod_d(NULL, 0, &rd); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) + ret = mp_gcd(NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_gcd(a, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_gcd(NULL, a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_gcd(NULL, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_gcd(a, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_gcd(a, NULL, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_gcd(NULL, a, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC) + ret = mp_div_2_mod_ct(NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div_2_mod_ct(a, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div_2_mod_ct(NULL, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div_2_mod_ct(NULL, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div_2_mod_ct(a, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div_2_mod_ct(a, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div_2_mod_ct(NULL, b, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_div_2(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div_2(a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div_2(NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY) && \ + !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \ + defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) + ret = mp_invmod(NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_invmod(a, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_invmod(NULL, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_invmod(NULL, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_invmod(a, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_invmod(a, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_invmod(NULL, b, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if !defined(WOLFSSL_SP_MATH) && defined(HAVE_ECC) + ret = mp_invmod_mont_ct(NULL, NULL, NULL, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_invmod_mont_ct(a, NULL, NULL, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_invmod_mont_ct(NULL, b, NULL, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_invmod_mont_ct(NULL, NULL, a, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_invmod_mont_ct(a, b, NULL, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_invmod_mont_ct(a, NULL, a, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_invmod_mont_ct(NULL, b, a, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING) + ret = mp_lcm(NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_lcm(a, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_lcm(NULL, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_lcm(NULL, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_lcm(a, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_lcm(a, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_lcm(NULL, b, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) + ret = mp_exptmod_ex(NULL, NULL, 1, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(a, NULL, 1, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(NULL, b, 1, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(NULL, NULL, 1, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(NULL, NULL, 1, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(a, b, 1, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(a, b, 1, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(a, NULL, 1, b, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(NULL, b, 1, b, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_exptmod(NULL, NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod(a, NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod(NULL, b, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod(NULL, NULL, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod(NULL, NULL, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod(a, b, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod(a, b, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod(a, NULL, b, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod(NULL, b, b, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_exptmod_nct(NULL, NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(a, NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(NULL, b, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(NULL, NULL, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(NULL, NULL, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(a, b, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(a, b, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(a, NULL, b, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(NULL, b, b, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if defined(HAVE_ECC) && defined(HAVE_COMP_KEY) + ret = mp_cnt_lsb(NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#ifdef WOLFSSL_SP_PRIME_GEN + ret = mp_prime_is_prime(NULL, 1, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_prime_is_prime(a, 1, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_prime_is_prime(NULL, 1, &result); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_prime_is_prime(a, 0, &result); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_prime_is_prime(a, 1024, &result); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_prime_is_prime_ex(NULL, 1, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_prime_is_prime_ex(a, 1, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_prime_is_prime_ex(NULL, 1, &result, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_prime_is_prime_ex(NULL, 1, NULL, rng); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_prime_is_prime_ex(a, 1, &result, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_prime_is_prime_ex(a, 1, NULL, rng); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_prime_is_prime_ex(NULL, 1, &result, rng); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || !defined(NO_DSA) + ret = mp_exch(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exch(a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exch(NULL, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if (defined(WOLFSSL_KEY_GEN) && !defined(NO_RSA)) || \ + defined(WOLFSSL_SP_MATH_ALL) + ret = mp_mul_d(NULL, 1, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mul_d(a, 1, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mul_d(NULL, 1, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if !defined(WOLFSSL_RSA_VERIFY_ONLY) + ret = mp_add(NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_add(a, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_add(NULL, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_add(NULL, NULL, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_add(a, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_add(a, NULL, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_add(NULL, b, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if defined(WOLFSSL_SP_MATH_ALL) || !defined(NO_DH) || defined(HAVE_ECC) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) + ret = mp_sub(NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sub(a, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sub(NULL, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sub(NULL, NULL, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sub(a, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sub(a, NULL, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sub(NULL, b, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + + +#if defined(WOLFSSL_SP_MATH_ALL) || (!defined(WOLFSSL_SP_MATH) && \ + defined(WOLFSSL_CUSTOM_CURVES)) + ret = mp_addmod(NULL, NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_addmod(a, NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_addmod(NULL, b, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_addmod(NULL, NULL, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_addmod(NULL, NULL, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_addmod(a, b, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_addmod(a, b, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_addmod(a, NULL, b, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_addmod(NULL, b, b, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#ifdef WOLFSSL_SP_MATH_ALL + ret = mp_submod(NULL, NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_submod(a, NULL, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_submod(NULL, b, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_submod(NULL, NULL, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_submod(NULL, NULL, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_submod(a, b, b, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_submod(a, b, NULL, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_submod(a, NULL, b, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_submod(NULL, b, b, a); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#ifdef WOLFSSL_SP_MATH_ALL + ret = mp_div_2d(NULL, 1, a, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_mod_2d(NULL, 1, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mod_2d(a, 1, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mod_2d(NULL, 1, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_mul_2d(NULL, 1, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mul_2d(a, 1, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mul_2d(NULL, 1, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \ + defined(HAVE_ECC) || (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) + ret = mp_montgomery_reduce(NULL, NULL, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_montgomery_reduce(a, NULL, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_montgomery_reduce(NULL, b, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + mp_zero(b); + ret = mp_montgomery_reduce(a, b, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#ifdef WOLFSSL_SP_MATH_ALL + ret = mp_montgomery_setup(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_montgomery_setup(a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_montgomery_setup(NULL, &rho); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_montgomery_calc_normalization(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_montgomery_calc_normalization(a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_montgomery_calc_normalization(NULL, b); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + + ret = mp_unsigned_bin_size(NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + +#if defined(WC_MP_TO_RADIX) || defined(WOLFSSL_SP_MATH_ALL) + ret = mp_tohex(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_tohex(a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_tohex(NULL, hexStr); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if defined(WOLFSSL_KEY_GEN) || defined(HAVE_COMP_KEY) + ret = mp_todecimal(NULL, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_todecimal(a, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_todecimal(NULL, decStr); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#ifdef WOLFSSL_SP_MATH_ALL + ret = mp_toradix(NULL, NULL, MP_RADIX_HEX); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_toradix(a, NULL, MP_RADIX_HEX); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_toradix(NULL, hexStr, MP_RADIX_HEX); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_toradix(a, hexStr, 3); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_radix_size(NULL, MP_RADIX_HEX, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_radix_size(a, MP_RADIX_HEX, NULL); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_radix_size(NULL, MP_RADIX_HEX, &size); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_radix_size(a, 3, &size); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + + return 0; +} +#endif + +#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) +static wc_test_ret_t mp_test_set_is_bit(mp_int* a) +{ + int i, j; + wc_test_ret_t ret; + + mp_zero(a); + for (i = 0; i <= DIGIT_BIT * 2; i++) { + if (mp_is_bit_set(a, i)) + return WC_TEST_RET_ENC_NC; + for (j = 0; j < i; j++) { + if (!mp_is_bit_set(a, j)) + return WC_TEST_RET_ENC_NC; + } + if (mp_set_bit(a, i) != 0) + return WC_TEST_RET_ENC_NC; + if (!mp_is_bit_set(a, i)) + return WC_TEST_RET_ENC_NC; + } + + mp_zero(a); + for (i = 0; i <= DIGIT_BIT * 2; i++) { + if (mp_is_bit_set(a, i)) + return WC_TEST_RET_ENC_NC; + } + + for (i = 0; i <= DIGIT_BIT * 2; i++) { + mp_zero(a); + if (mp_set_bit(a, i) != 0) + return WC_TEST_RET_ENC_NC; + for (j = 0; j < i; j++) { + if (mp_is_bit_set(a, j)) + return WC_TEST_RET_ENC_NC; + } + if (!mp_is_bit_set(a, i)) + return WC_TEST_RET_ENC_NC; + } + +#ifdef WOLFSSL_KEY_GEN + for (i = 0; i < DIGIT_BIT * 2; i++) { + mp_set(a, 1); + ret = mp_2expt(a, i); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + for (j = 0; j < i; j++) { + if (mp_is_bit_set(a, j)) + return WC_TEST_RET_ENC_NC; + } + if (!mp_is_bit_set(a, i)) + return WC_TEST_RET_ENC_NC; + } +#endif + +#ifdef WOLFSSL_SP_MATH + mp_zero(a); + for (j = 1; j <= 3; j++) { + i = SP_INT_MAX_BITS - j; + if (mp_is_bit_set(a, i)) + return WC_TEST_RET_ENC_NC; + if (mp_set_bit(a, i) != 0) + return WC_TEST_RET_ENC_NC; + if (!mp_is_bit_set(a, i)) + return WC_TEST_RET_ENC_NC; + #ifdef WOLFSSL_KEY_GEN + ret = mp_2expt(a, i); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_is_bit_set(a, i)) + return WC_TEST_RET_ENC_NC; + #endif + } + + mp_zero(a); + for (j = 0; j <= 3; j++) { + i = SP_INT_MAX_BITS + j; + if (mp_is_bit_set(a, i)) + return WC_TEST_RET_ENC_NC; + if (mp_set_bit(a, i) != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_NC; + #ifdef WOLFSSL_KEY_GEN + ret = mp_2expt(a, i); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + #endif + } +#endif + + (void)ret; + + return 0; +} +#endif /* !WOLFSSL_SP_MATH || WOLFSSL_SP_MATH_ALL */ + +static wc_test_ret_t mp_test_cmp(mp_int* a, mp_int* b) +{ + wc_test_ret_t ret; + + mp_zero(a); + mp_zero(b); + + ret = mp_cmp_d(a, 0); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp_d(a, 1); + if (ret != MP_LT) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_cmp(a, b); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + + mp_set(a, 1); + ret = mp_cmp_d(a, 0); + if (ret != MP_GT) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp_d(a, 1); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp_d(a, 2); + if (ret != MP_LT) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_cmp(a, b); + if (ret != MP_GT) + return WC_TEST_RET_ENC_NC; + +#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC) + mp_read_radix(b, "1234567890123456789", MP_RADIX_HEX); + ret = mp_cmp_d(b, -1); + if (ret != MP_GT) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_cmp(a, b); + if (ret != MP_LT) + return WC_TEST_RET_ENC_NC; + ret = mp_cmp(b, a); + if (ret != MP_GT) + return WC_TEST_RET_ENC_NC; + ret = mp_cmp(b, b); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; +#endif + +#if (!defined(WOLFSSL_SP_MATH) && !defined(WOLFSSL_SP_MATH_ALL)) || \ + defined(WOLFSSL_SP_INT_NEGATIVE) + +#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC) + mp_read_radix(a, "-1", MP_RADIX_HEX); + mp_read_radix(a, "1", MP_RADIX_HEX); + ret = mp_cmp(a, b); + if (ret != MP_LT) + return WC_TEST_RET_ENC_NC; + ret = mp_cmp(b, a); + if (ret != MP_GT) + return WC_TEST_RET_ENC_NC; + + mp_read_radix(b, "-2", MP_RADIX_HEX); + ret = mp_cmp(a, b); + if (ret != MP_GT) + return WC_TEST_RET_ENC_NC; + ret = mp_cmp(b, a); + if (ret != MP_LT) + return WC_TEST_RET_ENC_NC; +#endif + +#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC) + mp_read_radix(a, "-2", MP_RADIX_HEX); + ret = mp_cmp(a, b); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; +#endif +#endif + +#if defined(HAVE_ECC) && !defined(WC_NO_RNG) && \ + defined(WOLFSSL_ECC_GEN_REJECT_SAMPLING) + mp_zero(a); + mp_zero(b); + ret = mp_cmp_ct(a, b, 1); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp_ct(a, a, a->used); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_EC(ret); + +#ifdef WOLFSSL_SP_MATH_ALL + ret = mp_cmp_ct(a, NULL, a->used); + if (ret != MP_GT) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp_ct(NULL, a, a->used); + if (ret != MP_LT) + return WC_TEST_RET_ENC_EC(ret); +#endif + + mp_read_radix(a, "1", MP_RADIX_HEX); + ret = mp_cmp_ct(a, b, 1); + if (ret != MP_GT) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp_ct(b, a, 1); + if (ret != MP_LT) + return WC_TEST_RET_ENC_EC(ret); + + mp_read_radix(a, "0123456789abcdef0123456789abcdef", MP_RADIX_HEX); + ret = mp_cmp_ct(a, b, a->used); + if (ret != MP_GT) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp_ct(b, a, a->used); + if (ret != MP_LT) + return WC_TEST_RET_ENC_EC(ret); + + mp_read_radix(b, "1123456789abcdef0123456789abcdef", MP_RADIX_HEX); + ret = mp_cmp_ct(b, a, a->used); + if (ret != MP_GT) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp_ct(a, b, a->used); + if (ret != MP_LT) + return WC_TEST_RET_ENC_EC(ret); + + mp_read_radix(b, "0123456789abcdef0123456789abcdf0", MP_RADIX_HEX); + ret = mp_cmp_ct(b, a, a->used); + if (ret != MP_GT) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp_ct(a, b, a->used); + if (ret != MP_LT) + return WC_TEST_RET_ENC_EC(ret); + + mp_read_radix(b, "0123456789abcdf0", MP_RADIX_HEX); + ret = mp_cmp_ct(a, b, a->used); + if (ret != MP_GT) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp_ct(b, a, a->used); + if (ret != MP_LT) + return WC_TEST_RET_ENC_EC(ret); +#endif + + return 0; +} + +#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) +static wc_test_ret_t mp_test_shbd(mp_int* a, mp_int* b, WC_RNG* rng) +{ + wc_test_ret_t ret; + int i, j, k; + +#ifndef WOLFSSL_SP_MATH + for (i = 0; i < 10; i++) { + for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) { + ret = randNum(a, j, rng, NULL); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_copy(a, b); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + for (k = 0; k <= DIGIT_BIT * 2; k++) { + ret = mp_mul_2d(a, k, a); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + mp_rshb(a, k); + ret = mp_cmp(a, b); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + } + } + } +#endif + + for (i = 0; i < 10; i++) { + for (j = 1; j < (DIGIT_BIT + 7) / 8 * 3; j++) { + ret = randNum(a, j, rng, NULL); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_copy(a, b); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + for (k = 0; k < 10; k++) { + ret = mp_lshd(a, k); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); +#ifndef WOLFSSL_SP_MATH + mp_rshd(a, k); +#else + mp_rshb(a, k * SP_WORD_SIZE); +#endif + ret = mp_cmp(a, b); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + } + } + } + +#ifndef WOLFSSL_SP_MATH + mp_zero(a); + mp_rshd(a, 1); + if (!mp_iszero(a)) + return WC_TEST_RET_ENC_NC; + + mp_set(a, 1); + mp_rshd(a, 1); + if (!mp_iszero(a)) + return WC_TEST_RET_ENC_NC; + + mp_set(a, 1); + mp_rshd(a, 2); + if (!mp_iszero(a)) + return WC_TEST_RET_ENC_NC; +#endif + + return 0; +} +#endif + +#if !defined(NO_DH) || defined(HAVE_ECC) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) +static wc_test_ret_t mp_test_div(mp_int* a, mp_int* d, mp_int* r, mp_int* rem, + WC_RNG* rng) +{ + wc_test_ret_t ret; + int i, j, k; + + mp_zero(a); + mp_zero(d); + + ret = mp_div(a, d, r, rem); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + mp_set(d, 1); + ret = mp_div(a, d, r, rem); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r)) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(rem)) + return WC_TEST_RET_ENC_EC(ret); + + mp_set(a, 1); + ret = mp_div(a, d, r, rem); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_isone(r)) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(rem)) + return WC_TEST_RET_ENC_EC(ret); + + for (i = 0; i < 100; i++) { + for (j = 1; j < (DIGIT_BIT + 7) / 8 * 2; j++) { + ret = randNum(d, j, rng, NULL); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + for (k = 1; k < (DIGIT_BIT + 7) / 8 * 2 + 1; k++) { + ret = randNum(a, k, rng, NULL); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_div(a, d, NULL, rem); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div(a, d, r, NULL); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div(a, d, r, rem); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + + mp_mul(r, d, r); + mp_add(r, rem, r); + + if (mp_cmp(r, a) != MP_EQ) + return WC_TEST_RET_ENC_NC; + } + } + } + + ret = randNum(d, (DIGIT_BIT + 7) / 8 * 2, rng, NULL); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + mp_add(d, d, a); + + mp_set(rem, 1); + mp_div(a, d, NULL, rem); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(rem)) + return WC_TEST_RET_ENC_EC(ret); + + mp_set(r, 1); + mp_div(a, d, r, NULL); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (mp_cmp_d(r, 2) != MP_EQ) + return WC_TEST_RET_ENC_EC(ret); + + mp_set(r, 1); + mp_set(rem, 1); + mp_div(a, d, r, rem); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (mp_cmp_d(r, 2) != MP_EQ) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(rem)) + return WC_TEST_RET_ENC_EC(ret); + + mp_set(a, 0xfe); + mp_lshd(a, 3); + mp_add_d(a, 0xff, a); + mp_set(d, 0xfe); + mp_lshd(d, 2); + ret = mp_div(a, d, r, rem); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + mp_mul(r, d, d); + mp_add(rem, d, d); + if (mp_cmp(a, d) != MP_EQ) + return WC_TEST_RET_ENC_NC; + + /* Force (hi | lo) / d to be (d | 0) / d which will would not fit in + * a digit. So mp_div must detect and handle. + * For example: 0x800000 / 0x8001, DIGIT_BIT = 8 + */ + mp_zero(a); + mp_set_bit(a, DIGIT_BIT * 3 - 1); + mp_zero(d); + mp_set_bit(d, DIGIT_BIT * 2 - 1); + mp_add_d(d, 1, d); + ret = mp_div(a, d, r, rem); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + + /* Make sure [d | d] / d is handled. */ + mp_zero(a); + mp_set_bit(a, DIGIT_BIT * 2 - 1); + mp_set_bit(a, DIGIT_BIT * 1 - 1); + mp_zero(d); + mp_set_bit(d, DIGIT_BIT - 1); + ret = mp_div(a, d, r, rem); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + mp_zero(a); + mp_set_bit(a, DIGIT_BIT); + mp_set_bit(a, 0); + mp_zero(d); + if (mp_cmp(r, a) != MP_EQ) + return WC_TEST_RET_ENC_NC; + if (mp_cmp(rem, d) != MP_EQ) + return WC_TEST_RET_ENC_NC; + + return 0; +} +#endif + +#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \ + !defined(WC_NO_RNG) +static wc_test_ret_t mp_test_prime(mp_int* a, WC_RNG* rng) +{ + wc_test_ret_t ret; + int res; + + ret = mp_rand_prime(a, 1, rng, NULL); +#if defined(WOLFSSL_SP_MATH_ALL) + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); +#else + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_NC; +#endif +#ifndef WOLFSSL_SP_MATH + ret = mp_rand_prime(a, -5, rng, NULL); + if (ret != 0 || (a->dp[0] & 3) != 3) + return WC_TEST_RET_ENC_NC; +#endif + ret = mp_prime_is_prime(a, 1, &res); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); +#ifndef WOLFSSL_SP_MATH + if (res != MP_YES) + return WC_TEST_RET_ENC_EC(res); +#else + if (res != MP_NO) + return WC_TEST_RET_ENC_EC(res); +#endif + + ret = mp_prime_is_prime(a, 0, &res); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_prime_is_prime(a, -1, &res); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_prime_is_prime(a, 257, &res); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + mp_set(a, 1); + ret = mp_prime_is_prime(a, 1, &res); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (res != MP_NO) + return WC_TEST_RET_ENC_EC(res); + ret = mp_prime_is_prime_ex(a, 1, &res, rng); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (res != MP_NO) + return WC_TEST_RET_ENC_EC(res); + + mp_set(a, 2); + ret = mp_prime_is_prime(a, 1, &res); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (res != MP_YES) + return WC_TEST_RET_ENC_EC(res); + ret = mp_prime_is_prime_ex(a, 1, &res, rng); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (res != MP_YES) + return WC_TEST_RET_ENC_EC(res); + + mp_set(a, 0xfb); + ret = mp_prime_is_prime(a, 1, &res); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (res != MP_YES) + return WC_TEST_RET_ENC_EC(res); + ret = mp_prime_is_prime_ex(a, 1, &res, rng); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (res != MP_YES) + return WC_TEST_RET_ENC_EC(res); + + mp_set(a, 0x6); + ret = mp_prime_is_prime(a, 1, &res); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (res != MP_NO) + return WC_TEST_RET_ENC_EC(res); + ret = mp_prime_is_prime_ex(a, 1, &res, rng); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (res != MP_NO) + return WC_TEST_RET_ENC_EC(res); + + mp_set_int(a, 0x655 * 0x65b); + ret = mp_prime_is_prime(a, 10, &res); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (res != MP_NO) + return WC_TEST_RET_ENC_EC(res); + ret = mp_prime_is_prime_ex(a, 10, &res, rng); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (res != MP_NO) + return WC_TEST_RET_ENC_EC(res); + + return 0; +} +#endif + +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING) +static wc_test_ret_t mp_test_lcm_gcd(mp_int* a, mp_int* b, mp_int* r, mp_int* exp, + WC_RNG* rng) +{ + wc_test_ret_t ret; + int i; + WOLFSSL_SMALL_STACK_STATIC const int kat[][3] = { + { 1, 1, 1 }, { 2, 1, 2 }, { 1, 2, 2 }, { 2, 4, 4 }, { 4, 2, 4 }, + { 12, 56, 168 }, { 56, 12, 168 } + }; + + (void)exp; + + mp_set(a, 0); + mp_set(b, 1); + ret = mp_lcm(a, a, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_lcm(a, b, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_lcm(b, a, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + for (i = 0; i < (int)(sizeof(kat) / sizeof(*kat)); i++) { + mp_set(a, kat[i][0]); + mp_set(b, kat[i][1]); + ret = mp_lcm(a, b, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + mp_set(exp, kat[i][2]); + ret = mp_cmp(r, exp); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + } + + (void)rng; +#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \ + !defined(WC_NO_RNG) + ret = mp_rand_prime(a, 20, rng, NULL); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_rand_prime(b, 20, rng, NULL); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mul(a, b, exp); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_lcm(a, b, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp(r, exp); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + ret = mp_lcm(b, a, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp(r, exp); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; +#endif + + mp_set(a, 11); + mp_zero(b); + ret = mp_gcd(a, b, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp_d(r, 11); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_gcd(b, a, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp_d(r, 11); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_gcd(b, b, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + return 0; +} +#endif + +#if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \ + defined(WOLFSSL_SP_MATH_ALL) +static wc_test_ret_t mp_test_mod_2d(mp_int* a, mp_int* r, mp_int* t, WC_RNG* rng) +{ + wc_test_ret_t ret; + int i; + int j; + + mp_set(a, 10); + ret = mp_mod_2d(a, 0, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r)) + return WC_TEST_RET_ENC_NC; + + ret = mp_mod_2d(a, 1, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r)) + return WC_TEST_RET_ENC_NC; + + ret = mp_mod_2d(a, 2, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp_d(r, 2); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + for (i = 2; i < 20; i++) { + ret = randNum(a, i, rng, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + for (j = 1; j <= mp_count_bits(a); j++) { + /* Get top part */ + ret = mp_div_2d(a, j, t, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mul_2d(t, j, t); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Get bottom part */ + ret = mp_mod_2d(a, j, r); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* Reassemble */ + ret = mp_add(t, r, r); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp(a, r); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + } + } + +#if !defined(WOLFSSL_SP_MATH) && defined(WOLFSSL_SP_INT_NEGATIVE) + /* Test negative value being moded. */ + for (j = 0; j < 20; j++) { + ret = randNum(a, 2, rng, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + a->sign = MP_NEG; + for (i = 1; i < DIGIT_BIT * 3 + 1; i++) { + ret = mp_mod_2d(a, i, r); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + mp_zero(t); + ret = mp_set_bit(t, i); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mod(a, t, t); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp(r, t); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + } + } +#endif + + return 0; +} +#endif + +#if defined(WOLFSSL_SP_MATH_ALL) || defined(OPENSSL_EXTRA) || \ + (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) +static wc_test_ret_t mp_test_mod_d(mp_int* a, WC_RNG* rng) +{ + wc_test_ret_t ret; + mp_digit r; +#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) + mp_digit rem; + int i; +#endif + + (void)rng; + + ret = mp_set(a, 1); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mod_d(a, 0, &r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + mp_zero(a); + ret = mp_mod_d(a, 1, &r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mod_d(a, 3, &r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mod_d(a, 5, &r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + +#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH) + for (i = MP_MAX_TEST_BYTE_LEN - 16; i <= MP_MAX_TEST_BYTE_LEN; i++) { + ret = randNum(a, i, rng, NULL); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mod_d(a, 3, &r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_div_d(a, 3, a, &rem); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (r != rem) + return WC_TEST_RET_ENC_NC; + } +#endif + + return 0; +} +#endif + +static wc_test_ret_t mp_test_mul_sqr(mp_int* a, mp_int* b, mp_int* r1, mp_int* r2, + WC_RNG* rng) +{ + wc_test_ret_t ret; + int i; + + for (i = 1; i < 16; i++) { + ret = randNum(a, i, rng, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_mul(a, a, r1); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sqr(a, r2); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_cmp(r1, r2); + if (ret != MP_EQ) + return WC_TEST_RET_ENC_NC; + } + + ret = mp_set(b, 0); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mul(a, b, r1); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r1)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sqr(b, r1); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r1)) + return WC_TEST_RET_ENC_NC; + +#ifdef WOLFSSL_SP_MATH_ALL + ret = mp_set(a, 1); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + i = (SP_INT_DIGITS / 2) + 1; + ret = mp_mul_2d(a, i * SP_WORD_SIZE - 1, a); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_set(b, 1); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mul_2d(b, (SP_INT_DIGITS - 1 - i) * SP_WORD_SIZE - 1, b); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_mul(a, b, r1); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mul(a, a, r1); + if (ret == MP_OKAY) + return WC_TEST_RET_ENC_NC; + ret = mp_sqr(a, r1); + if (ret == MP_OKAY) + return WC_TEST_RET_ENC_NC; + ret = mp_sqr(b, r1); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + +#if defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_HAVE_SP_DH) || \ + (defined(HAVE_ECC) && defined(FP_ECC)) + ret = mp_mulmod(a, b, b, r1); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_mulmod(a, a, b, r1); + if (ret == MP_OKAY) + return WC_TEST_RET_ENC_NC; +#if defined(HAVE_ECC) && (defined(ECC_SHAMIR) || defined(FP_ECC)) + ret = mp_sqrmod(a, b, r1); + if (ret == MP_OKAY) + return WC_TEST_RET_ENC_NC; + ret = mp_sqrmod(b, a, r1); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); +#endif /* HAVE_ECC && (ECC_SHAMIR || FP_ECC) */ +#endif /* WOLFSSL_SP_MATH_ALL || WOLFSSL_HAVE_SP_DH || (HAVE_ECC && FP_ECC) */ +#endif /* WOLFSSL_SP_MATH_ALL */ + + return 0; +} + +#if (!defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \ + defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) +static wc_test_ret_t mp_test_invmod(mp_int* a, mp_int* m, mp_int* r) +{ + wc_test_ret_t ret; + + mp_set(a, 0); + mp_set(m, 1); + ret = mp_invmod(a, m, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_invmod(m, a, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + mp_set(a, 2); + mp_set(m, 4); + ret = mp_invmod(a, m, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + mp_set(a, 3); + mp_set(m, 6); + ret = mp_invmod(a, m, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + mp_set(a, 5*9); + mp_set(m, 6*9); + ret = mp_invmod(a, m, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + mp_set(a, 1); + mp_set(m, 4); + ret = mp_invmod(a, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_isone(r)) + return WC_TEST_RET_ENC_NC; + + mp_set(a, 3); + mp_set(m, 4); + ret = mp_invmod(a, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_cmp_d(r, 3); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + mp_set(a, 3); + mp_set(m, 5); + ret = mp_invmod(a, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) + /* Maximum 'a' */ + mp_set(a, 0); + mp_set_bit(a, (r->size / 2)* SP_WORD_SIZE - 1); + mp_sub_d(a, 1, a); + /* Modulus too big. */ + mp_set(m, 0); + mp_set_bit(m, (r->size / 2) * SP_WORD_SIZE); + ret = mp_invmod(a, m, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + /* Maximum modulus - even. */ + mp_set(m, 0); + mp_set_bit(m, (r->size / 2) * SP_WORD_SIZE - 1); + ret = mp_invmod(a, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_INT_NEGATIVE) + +#if defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC) + mp_read_radix(a, "-3", 16); + ret = mp_invmod(a, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); +#endif + +#endif + +#if defined(WOLFSSL_SP_MATH_ALL) && defined(HAVE_ECC) + mp_set(a, 0); + mp_set(m, 3); + ret = mp_invmod_mont_ct(a, m, r, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + mp_set(a, 1); + mp_set(m, 0); + ret = mp_invmod_mont_ct(a, m, r, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + mp_set(a, 1); + mp_set(m, 1); + ret = mp_invmod_mont_ct(a, m, r, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + mp_set(a, 1); + mp_set(m, 2); + ret = mp_invmod_mont_ct(a, m, r, 1); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + mp_set(a, 1); + mp_set(m, 3); + ret = mp_invmod_mont_ct(a, m, r, 1); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); +#endif + + return 0; +} +#endif /* !NO_RSA || HAVE_ECC || !NO_DSA || OPENSSL_EXTRA */ + +#if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \ + (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA) +static wc_test_ret_t mp_test_exptmod(mp_int* b, mp_int* e, mp_int* m, mp_int* r) +{ + wc_test_ret_t ret; + + mp_set(b, 0x2); + mp_set(e, 0x3); + mp_set(m, 0x0); + ret = mp_exptmod_ex(b, e, 1, m, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(b, e, m, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + + + mp_set(b, 0x2); + mp_set(e, 0x3); + mp_set(m, 0x1); + ret = mp_exptmod_ex(b, e, 1, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r)) + return WC_TEST_RET_ENC_NC; + ret = mp_exptmod_nct(b, e, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r)) + return WC_TEST_RET_ENC_NC; + + mp_set(b, 0x2); + mp_set(e, 0x0); + mp_set(m, 0x7); + ret = mp_exptmod_ex(b, e, 1, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_isone(r)) + return WC_TEST_RET_ENC_NC; + ret = mp_exptmod_nct(b, e, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_isone(r)) + return WC_TEST_RET_ENC_NC; + + mp_set(b, 0x0); + mp_set(e, 0x3); + mp_set(m, 0x7); + ret = mp_exptmod_ex(b, e, 1, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r)) + return WC_TEST_RET_ENC_NC; + ret = mp_exptmod_nct(b, e, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r)) + return WC_TEST_RET_ENC_NC; + + mp_set(b, 0x10); + mp_set(e, 0x3); + mp_set(m, 0x7); + ret = mp_exptmod_ex(b, e, 1, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(b, e, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + + mp_set(b, 0x7); + mp_set(e, 0x3); + mp_set(m, 0x7); + ret = mp_exptmod_ex(b, e, 1, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r)) + return WC_TEST_RET_ENC_NC; + ret = mp_exptmod_nct(b, e, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r)) + return WC_TEST_RET_ENC_NC; + +#ifndef WOLFSSL_SP_MATH + mp_set(b, 0x01); + mp_mul_2d(b, DIGIT_BIT, b); + mp_add_d(b, 1, b); + mp_set(e, 0x3); + ret = mp_copy(b, m); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_ex(b, e, 1, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r)) + return WC_TEST_RET_ENC_NC; + ret = mp_exptmod_nct(b, e, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + if (!mp_iszero(r)) + return WC_TEST_RET_ENC_NC; +#endif + + mp_set(b, 0x2); + mp_set(e, 0x3); + mp_set(m, 0x7); + ret = mp_exptmod_ex(b, e, 1, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(b, e, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + +#ifdef WOLFSSL_SP_MATH_ALL + mp_set(b, 0x2); + mp_set(e, 0x3); + mp_set(m, 0x01); + mp_mul_2d(m, SP_WORD_SIZE * SP_INT_DIGITS / 2, m); + mp_add_d(m, 0x01, m); + ret = mp_exptmod_ex(b, e, 1, m, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_exptmod_nct(b, e, m, r); + if (ret != WC_NO_ERR_TRACE(MP_VAL)) + return WC_TEST_RET_ENC_EC(ret); +#endif + + return 0; +} +#endif /* !NO_RSA || !NO_DSA || !NO_DH || (HAVE_ECC && HAVE_COMP_KEY) || + * OPENSSL_EXTRA */ + +#if defined(HAVE_ECC) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) +static wc_test_ret_t mp_test_mont(mp_int* a, mp_int* m, mp_int* n, mp_int* r, WC_RNG* rng) +{ + wc_test_ret_t ret; + mp_digit mp; + static int exp[] = { 7, 8, 16, 27, 32, 64, + 127, 128, 255, 256, +#if defined(SP_WORD_SIZE) && SP_WORD_SIZE > 8 + 383, 384, 2033, 2048 +#endif + }; + static mp_digit sub[] = { 0x01, 0x05, 0x0f, 0x27, 0x05, 0x3b, + 0x01, 0x9f, 0x13, 0xbd, +#if defined(SP_WORD_SIZE) && SP_WORD_SIZE > 8 + 0x1f, 0x13d, 0x45, 0x615 +#endif + }; + int bits[] = { 256, 384, +#if defined(SP_INT_MAX_BITS) && SP_INT_MAX_BITS > 4096 + 2048, +#endif +#if defined(SP_INT_MAX_BITS) && SP_INT_MAX_BITS > 6144 + 3072 +#endif + }; + int i; + int j; + + for (i = 0; i < (int)(sizeof(exp) / sizeof(*exp)); i++) { + if (exp[i] >= DIGIT_BIT) + continue; + + mp_zero(m); + ret = mp_set_bit(m, exp[i]); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_sub_d(m, sub[i], m); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_montgomery_setup(m, &mp); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_montgomery_calc_normalization(n, m); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + + for (j = 0; j < 10; j++) { + ret = randNum(a, (exp[i] + DIGIT_BIT - 1) / DIGIT_BIT, rng, NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_mod(a, m, a); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + /* r = a * a */ + ret = mp_sqrmod(a, m, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + + /* Convert to Montgomery form = a*n */ + ret = mp_mulmod(a, n, m, a); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + + /* a*a mod m == ((a*n) * (a*n)) / n / n */ + ret = mp_sqr(a, a); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_montgomery_reduce(a, m, mp); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + ret = mp_montgomery_reduce(a, m, mp); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + + if (mp_cmp(a, r) != MP_EQ) + return WC_TEST_RET_ENC_NC; + } + } + + /* Force carries. */ + for (i = 0; i < (int)(sizeof(bits) / sizeof(*bits)); i++) { + /* a = 2^(bits*2) - 1 */ + mp_zero(a); + mp_set_bit(a, bits[i] * 2); + ret = mp_sub_d(a, 1, a); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + + /* m = 2^(bits) - 1 */ + mp_zero(m); + mp_set_bit(m, bits[i]); + ret = mp_sub_d(m, 1, m); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + + mp = 1; + /* result = r = 2^(bits) - 1 */ + mp_zero(r); + mp_set_bit(r, bits[i]); + ret = mp_sub_d(r, 1, r); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + + ret = mp_montgomery_reduce(a, m, mp); + if (ret != MP_OKAY) + return WC_TEST_RET_ENC_EC(ret); + + /* Result is m or 0 if reduced to range of modulus. */ + if (mp_cmp(a, r) != MP_EQ && mp_iszero(a) != MP_YES) + return WC_TEST_RET_ENC_NC; + } + + return 0; +} +#endif + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void) +{ + WC_RNG rng; + int rng_inited = 0; + wc_test_ret_t ret; +#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) + int i, j; +#ifndef WOLFSSL_SP_MATH + int k; +#endif + mp_digit d = 0; +#endif + +#ifdef WOLFSSL_SMALL_STACK + mp_int *a = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER), + *b = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER), + *r1 = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER), + *r2 = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER), + *p = (mp_int *)XMALLOC(sizeof(mp_int), HEAP_HINT, + DYNAMIC_TYPE_TMP_BUFFER); + if ((a == NULL) || + (b == NULL) || + (r1 == NULL) || + (r2 == NULL) || + (p == NULL)) + { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, done); + } +#else + mp_int a[1], b[1], r1[1], r2[1], p[1]; +#endif + WOLFSSL_ENTER("mp_test"); + +#if !defined(WOLFSSL_RSA_PUBLIC_ONLY) || !defined(NO_DH) || defined(HAVE_ECC) + ret = mp_init_multi(a, b, r1, r2, NULL, NULL); +#else + ret = mp_init(a); + ret |= mp_init(b); + ret |= mp_init(r1); + ret |= mp_init(r2); +#endif + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + +#ifdef WOLFSSL_SP_MATH_ALL + mp_init_copy(p, a); +#else + ret = mp_init(p); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); +#endif + +#ifndef HAVE_FIPS + ret = wc_InitRng_ex(&rng, HEAP_HINT, devId); +#else + ret = wc_InitRng(&rng); +#endif + if (ret != 0) + goto done; + rng_inited = 1; + +#if defined(HAVE_ECC) || defined(WOLFSSL_KEY_GEN) + mp_set_int(a, 0); + if (a->used != 0 || a->dp[0] != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + + for (j = 1; j <= MP_MAX_TEST_BYTE_LEN; j++) { + for (i = 0; i < 4 * j; i++) { + /* New values to use. */ + ret = randNum(p, j, &rng, NULL); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = randNum(a, j, &rng, NULL); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = randNum(b, j, &rng, NULL); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = wc_RNG_GenerateBlock(&rng, (byte*)&d, sizeof(d)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + d &= MP_MASK; + + #if !defined(WOLFSSL_SP_MATH) || (defined(HAVE_ECC) && \ + (defined(ECC_SHAMIR) || defined(FP_ECC))) + /* Ensure sqrmod produce same result as mulmod. */ + ret = mp_sqrmod(a, p, r1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = mp_mulmod(a, a, p, r2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (mp_cmp(r1, r2) != 0) { + WOLFSSL_MSG("Fail: mp_mulmod result does not match mp_sqrmod!"); + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + #endif + + #if defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY) + #if defined(WOLFSSL_SP_MATH) || (defined(WOLFSSL_SP_MATH_ALL) && \ + !defined(WOLFSSL_SP_INT_NEGATIVE)) + ret = mp_addmod(a, b, p, r1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = mp_submod(r1, b, p, r2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = mp_mod(a, p, r1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (mp_cmp(r1, r2) != MP_EQ) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + #else + /* Ensure add with mod produce same result as sub with mod. */ + ret = mp_addmod(a, b, p, r1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + b->sign ^= 1; + ret = mp_submod(a, b, p, r2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (mp_cmp(r1, r2) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + #endif + #endif + + #if !(defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)) || \ + (defined(WOLFSSL_SP_ADD_D) && defined(WOLFSSL_SP_SUB_D) && \ + defined(WOLFSSL_SP_INVMOD)) + /* Ensure add digit produce same result as sub digit. */ + ret = mp_add_d(a, d, r1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + ret = mp_sub_d(r1, d, r2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (mp_cmp(a, r2) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + + /* Invert - if p is even it will use the slow impl. + * - if p and a are even it will fail. + */ + ret = mp_invmod(a, p, r1); + if (ret != 0 && ret != WC_NO_ERR_TRACE(MP_VAL)) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + #endif + + #ifndef WOLFSSL_SP_MATH + /* Shift up and down number all bits in a digit. */ + for (k = 0; k < DIGIT_BIT; k++) { + mp_mul_2d(a, k, r1); + mp_div_2d(r1, k, r2, p); + if (mp_cmp(a, r2) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + if (!mp_iszero(p)) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + mp_rshb(r1, k); + if (mp_cmp(a, r1) != 0) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + #endif + } + } + +#if !(defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)) || \ + (defined(WOLFSSL_SP_ADD_D) && defined(WOLFSSL_SP_SUB_D)) + /* Test adding and subtracting zero from zero. */ + mp_zero(a); + ret = mp_add_d(a, 0, r1); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (!mp_iszero(r1)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } + ret = mp_sub_d(a, 0, r2); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), done); + if (!mp_iszero(r2)) { + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } +#endif + +#if DIGIT_BIT >= 32 + /* Check that setting a 32-bit digit works. */ + d &= 0xffffffffU; + mp_set_int(a, d); + if (a->used != 1 || a->dp[0] != d) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); +#endif + + /* Check setting a bit and testing a bit works. */ + for (i = 0; i < MP_MAX_TEST_BYTE_LEN * 8; i++) { + mp_zero(a); + mp_set_bit(a, i); + if (!mp_is_bit_set(a, i)) + ERROR_OUT(WC_TEST_RET_ENC_NC, done); + } +#endif + +#if defined(HAVE_ECC) && defined(HAVE_COMP_KEY) + mp_zero(a); + i = mp_cnt_lsb(a); + if (i != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), done); + mp_set(a, 1); + i = mp_cnt_lsb(a); + if (i != 0) + ERROR_OUT(WC_TEST_RET_ENC_I(i), done); + + mp_set(a, 32); + i = mp_cnt_lsb(a); + if (i != 5) + ERROR_OUT(WC_TEST_RET_ENC_I(i), done); + + mp_zero(a); + mp_set_bit(a, 129); + i = mp_cnt_lsb(a); + if (i != 129) + ERROR_OUT(WC_TEST_RET_ENC_I(i), done); +#endif + +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) + if ((ret = mp_test_param(a, b, r1, &rng)) != 0) + goto done; +#endif + +#if defined(WOLFSSL_SP_MATH_ALL) || !defined(USE_FAST_MATH) + if ((ret = mp_test_div_3(a, r1, &rng)) != 0) + goto done; +#endif +#if (defined(WOLFSSL_SP_MATH_ALL) && !defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + (!defined WOLFSSL_SP_MATH && !defined(WOLFSSL_SP_MATH_ALL) && \ + (defined(OPENSSL_EXTRA) || !defined(NO_DSA) || defined(HAVE_ECC))) + if ((ret = mp_test_radix_10(a, r1, &rng)) != 0) + goto done; +#endif +#if defined(WOLFSSL_SP_MATH_ALL) || (!defined WOLFSSL_SP_MATH && \ + defined(HAVE_ECC)) + if ((ret = mp_test_radix_16(a, r1, &rng)) != 0) + goto done; +#endif + + if ((ret = mp_test_shift(a, r1, &rng)) != 0) + goto done; +#if !(defined(WOLFSSL_SP_MATH_ALL) || defined(WOLFSSL_SP_MATH)) || \ + (defined(WOLFSSL_SP_ADD_D) && defined(WOLFSSL_SP_SUB_D)) + if ((ret = mp_test_add_sub_d(a, r1)) != 0) + goto done; +#endif + if ((ret = mp_test_read_to_bin(a)) != 0) + goto done; +#if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) + if ((ret = mp_test_set_int(a)) != 0) + goto done; +#endif + if ((ret = mp_test_cmp(a, r1)) != 0) + goto done; +#if !defined(NO_DH) || defined(HAVE_ECC) || (!defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) + if ((ret = mp_test_shbd(a, b, &rng)) != 0) + goto done; +#endif +#if !defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) + if ((ret = mp_test_set_is_bit(a)) != 0) + goto done; +#endif +#if !defined(NO_DH) || defined(HAVE_ECC) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) + if ((ret = mp_test_div(a, b, r1, r2, &rng)) != 0) + goto done; +#endif +#if defined(WOLFSSL_KEY_GEN) && (!defined(NO_DH) || !defined(NO_DSA)) && \ + !defined(WC_NO_RNG) + if ((ret = mp_test_prime(a, &rng)) != 0) + goto done; +#endif +#if !defined(NO_RSA) && defined(WOLFSSL_KEY_GEN) && !defined(WC_RSA_BLINDING) + if ((ret = mp_test_lcm_gcd(a, b, r1, r2, &rng)) != 0) + goto done; +#endif +#if (!defined(WOLFSSL_SP_MATH) && !defined(USE_FAST_MATH)) || \ + defined(WOLFSSL_SP_MATH_ALL) + if ((ret = mp_test_mod_2d(a, r1, p, &rng)) != 0) + goto done; +#endif +#if defined(WOLFSSL_SP_MATH_ALL) || defined(OPENSSL_EXTRA) || \ + (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) + if ((ret = mp_test_mod_d(a, &rng)) != 0) + goto done; +#endif + if ((ret = mp_test_mul_sqr(a, b, r1, r2, &rng)) != 0) + goto done; +#if (!defined(NO_RSA) && \ + !defined(WOLFSSL_RSA_VERIFY_ONLY) && !defined(WOLFSSL_RSA_PUBLIC_ONLY)) || \ + defined(HAVE_ECC) || !defined(NO_DSA) || defined(OPENSSL_EXTRA) + if ((ret = mp_test_invmod(a, b, r1)) != 0) + goto done; +#endif +#if !defined(NO_RSA) || !defined(NO_DSA) || !defined(NO_DH) || \ + (defined(HAVE_ECC) && defined(HAVE_COMP_KEY)) || defined(OPENSSL_EXTRA) + if ((ret = mp_test_exptmod(a, b, r1, r2)) != 0) + goto done; +#endif +#if defined(HAVE_ECC) || \ + (!defined(NO_RSA) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) + if ((ret = mp_test_mont(a, b, r1, r2, &rng)) != 0) + goto done; +#endif + +done: + +#ifdef WOLFSSL_SMALL_STACK + if (p) { + mp_clear(p); + XFREE(p, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (r2) { + mp_clear(r2); + XFREE(r2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (r1) { + mp_clear(r1); + XFREE(r1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (b) { + mp_clear(b); + XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (a) { + mp_clear(a); + XFREE(a, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + mp_clear(p); + mp_clear(r2); + mp_clear(r1); + mp_clear(b); + mp_clear(a); +#endif + + if (rng_inited) + wc_FreeRng(&rng); + return ret; +} + +#endif /* WOLFSSL_PUBLIC_MP && ((WOLFSSL_SP_MATH_ALL && + * !WOLFSSL_RSA_VERIFY_ONLY) || USE_FAST_MATH) */ + + +#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) + +typedef struct pairs_t { + const unsigned char* coeff; + int coeffSz; + int exp; +} pairs_t; + + +#if (!defined(NO_DH) || !defined(NO_DSA)) && !defined(WC_NO_RNG) +/* +n =p1p2p3, where pi = ki(p1-1)+1 with (k2,k3) = (173,293) +p1 = 2^192 * 0x000000000000e24fd4f6d6363200bf2323ec46285cac1d3a + + 2^0 * 0x0b2488b0c29d96c5e67f8bec15b54b189ae5636efe89b45b +*/ + +static const unsigned char c192a[] = +{ + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xe2, 0x4f, + 0xd4, 0xf6, 0xd6, 0x36, 0x32, 0x00, 0xbf, 0x23, + 0x23, 0xec, 0x46, 0x28, 0x5c, 0xac, 0x1d, 0x3a +}; +static const unsigned char c0a[] = +{ + 0x0b, 0x24, 0x88, 0xb0, 0xc2, 0x9d, 0x96, 0xc5, + 0xe6, 0x7f, 0x8b, 0xec, 0x15, 0xb5, 0x4b, 0x18, + 0x9a, 0xe5, 0x63, 0x6e, 0xfe, 0x89, 0xb4, 0x5b +}; + +static const pairs_t ecPairsA[] = +{ + {c192a, sizeof(c192a), 192}, + {c0a, sizeof(c0a), 0} +}; + +static const int kA[] = {173, 293}; + +static const unsigned char controlPrime[] = { + 0xe1, 0x76, 0x45, 0x80, 0x59, 0xb6, 0xd3, 0x49, + 0xdf, 0x0a, 0xef, 0x12, 0xd6, 0x0f, 0xf0, 0xb7, + 0xcb, 0x2a, 0x37, 0xbf, 0xa7, 0xf8, 0xb5, 0x4d, + 0xf5, 0x31, 0x35, 0xad, 0xe4, 0xa3, 0x94, 0xa1, + 0xdb, 0xf1, 0x96, 0xad, 0xb5, 0x05, 0x64, 0x85, + 0x83, 0xfc, 0x1b, 0x5b, 0x29, 0xaa, 0xbe, 0xf8, + 0x26, 0x3f, 0x76, 0x7e, 0xad, 0x1c, 0xf0, 0xcb, + 0xd7, 0x26, 0xb4, 0x1b, 0x05, 0x8e, 0x56, 0x86, + 0x7e, 0x08, 0x62, 0x21, 0xc1, 0x86, 0xd6, 0x47, + 0x79, 0x3e, 0xb7, 0x5d, 0xa4, 0xc6, 0x3a, 0xd7, + 0xb1, 0x74, 0x20, 0xf6, 0x50, 0x97, 0x41, 0x04, + 0x53, 0xed, 0x3f, 0x26, 0xd6, 0x6f, 0x91, 0xfa, + 0x68, 0x26, 0xec, 0x2a, 0xdc, 0x9a, 0xf1, 0xe7, + 0xdc, 0xfb, 0x73, 0xf0, 0x79, 0x43, 0x1b, 0x21, + 0xa3, 0x59, 0x04, 0x63, 0x52, 0x07, 0xc9, 0xd7, + 0xe6, 0xd1, 0x1b, 0x5d, 0x5e, 0x96, 0xfa, 0x53 +}; + +static const unsigned char testOne[] = { 1 }; + + +static wc_test_ret_t GenerateNextP(mp_int* p1, mp_int* p2, int k) +{ + wc_test_ret_t ret; +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + mp_int *ki = (mp_int *)XMALLOC(sizeof(*ki), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + + if (ki == NULL) + return MEMORY_E; +#else + mp_int ki[1]; +#endif + + ret = mp_init(ki); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + if (ret == 0) { + ret = mp_set(ki, (mp_digit)k); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + ret = mp_sub_d(p1, 1, p2); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + ret = mp_mul(p2, ki, p2); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + ret = mp_add_d(p2, 1, p2); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + mp_clear(ki); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + XFREE(ki, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#endif + + return ret; +} + + +static wc_test_ret_t GenerateP(mp_int* p1, mp_int* p2, mp_int* p3, + const pairs_t* ecPairs, int ecPairsSz, + const int* k) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + mp_int *x = NULL, *y = NULL; +#else + mp_int x[1], y[1]; +#endif + wc_test_ret_t ret; + int i; + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (((x = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL) || + ((y = (mp_int *)XMALLOC(sizeof(*x), HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER)) == NULL)) { + ret = MEMORY_E; + goto out; + } +#endif + + ret = mp_init_multi(x, y, NULL, NULL, NULL, NULL); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + goto out; + } + for (i = 0; ret == 0 && i < ecPairsSz; i++) { + ret = mp_read_unsigned_bin(x, ecPairs[i].coeff, (word32)ecPairs[i].coeffSz); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + break; + } + /* p1 = 2^exp */ + ret = mp_2expt(y, ecPairs[i].exp); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + break; + } + /* p1 = p1 * m */ + ret = mp_mul(x, y, x); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + break; + } + /* p1 += */ + ret = mp_add(p1, x, p1); + if (ret != 0) { + ret = WC_TEST_RET_ENC_EC(ret); + break; + } + mp_zero(x); + mp_zero(y); + } + + if (ret == 0) + ret = GenerateNextP(p1, p2, k[0]); + if (ret == 0) + ret = GenerateNextP(p1, p3, k[1]); + + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (x != NULL) { + mp_clear(x); + XFREE(x, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (y != NULL) { + mp_clear(y); + XFREE(y, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + mp_clear(x); + mp_clear(y); +#endif + + return ret; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void) +{ +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + mp_int *n = (mp_int *)XMALLOC(sizeof *n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER), + *p1 = (mp_int *)XMALLOC(sizeof *p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER), + *p2 = (mp_int *)XMALLOC(sizeof *p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER), + *p3 = (mp_int *)XMALLOC(sizeof *p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + mp_int n[1], + p1[1], + p2[1], + p3[1]; +#endif + wc_test_ret_t ret; + int isPrime = 0; + WC_RNG rng; + int rng_inited = 0; + WOLFSSL_ENTER("prime_test"); + + ret = mp_init_multi(n, p1, p2, p3, NULL, NULL); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if ((n == NULL) || + (p1 == NULL) || + (p2 == NULL) || + (p3 == NULL)) + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), out); +#endif + + ret = wc_InitRng(&rng); + if (ret == 0) + rng_inited = 1; + else + ret = WC_TEST_RET_ENC_EC(ret); + if (ret == 0) + ret = GenerateP(p1, p2, p3, + ecPairsA, sizeof(ecPairsA) / sizeof(ecPairsA[0]), kA); + if (ret == 0) { + ret = mp_mul(p1, p2, n); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret == 0) { + ret = mp_mul(n, p3, n); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); + } + if (ret != 0) + ERROR_OUT(ret, out); + + /* Check the old prime test using the number that false positives. + * This test result should indicate as not prime. */ + ret = mp_prime_is_prime(n, 40, &isPrime); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (isPrime) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* This test result should fail. It should indicate the value as prime. */ + ret = mp_prime_is_prime(n, 8, &isPrime); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (!isPrime) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* This test result should indicate the value as not prime. */ + ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (isPrime) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = mp_read_unsigned_bin(n, controlPrime, sizeof(controlPrime)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* This test result should indicate the value as prime. */ + ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (!isPrime) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + /* This test result should indicate the value as prime. */ + isPrime = -1; + ret = mp_prime_is_prime(n, 8, &isPrime); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (!isPrime) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = mp_read_unsigned_bin(n, testOne, sizeof(testOne)); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + + /* This test result should indicate the value as not prime. */ + ret = mp_prime_is_prime_ex(n, 8, &isPrime, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (isPrime) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = mp_prime_is_prime(n, 8, &isPrime); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out); + if (isPrime) + ERROR_OUT(WC_TEST_RET_ENC_NC, out); + + ret = 0; + + out: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (n != NULL) { + mp_clear(n); + XFREE(n, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (p1 != NULL) { + mp_clear(p1); + XFREE(p1, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (p2 != NULL) { + mp_clear(p2); + XFREE(p2, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + if (p3 != NULL) { + mp_clear(p3); + XFREE(p3, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } +#else + mp_clear(p3); + mp_clear(p2); + mp_clear(p1); + mp_clear(n); +#endif + + if (rng_inited) + wc_FreeRng(&rng); + + return ret; +} +#endif + +#endif /* WOLFSSL_PUBLIC_MP */ + + +#if defined(ASN_BER_TO_DER) && \ + (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) +/* wc_BerToDer is only public facing in the case of test cert or opensslextra */ +typedef struct berDerTestData { + const byte *in; + word32 inSz; + const byte *out; + word32 outSz; +} berDerTestData; + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void) +{ + wc_test_ret_t ret; + int i; + word32 len = 0, l; + byte out[32]; + static const byte good1_in[] = { 0x30, 0x80, 0x00, 0x00 }; + static const byte good1_out[] = { 0x30, 0x00 }; + static const byte good2_in[] = { 0x30, 0x80, 0x02, 0x01, 0x01, 0x00, 0x00 }; + static const byte good2_out[] = { 0x30, 0x03, 0x02, 0x01, 0x01 }; + static const byte good3_in[] = { + 0x24, 0x80, 0x04, 0x01, 0x01, 0x00, 0x00 + }; + static const byte good3_out[] = { 0x04, 0x1, 0x01 }; + static const byte good4_in[] = { + 0x30, 0x80, + 0x02, 0x01, 0x01, + 0x30, 0x80, + 0x24, 0x80, + 0x04, 0x01, 0x01, + 0x04, 0x02, 0x02, 0x03, + 0x00, 0x00, + 0x06, 0x01, 0x01, + 0x00, 0x00, + 0x31, 0x80, + 0x06, 0x01, 0x01, + 0x00, 0x00, + 0x00, 0x00, + }; + static const byte good4_out[] = { + 0x30, 0x12, + 0x02, 0x01, 0x01, + 0x30, 0x08, + 0x04, 0x03, 0x01, 0x02, 0x03, + 0x06, 0x01, 0x01, + 0x31, 0x03, + 0x06, 0x01, 0x01 + }; + static const byte good5_in[] = { 0x30, 0x03, 0x02, 0x01, 0x01 }; + + static berDerTestData testData[] = { + { good1_in, sizeof(good1_in), good1_out, sizeof(good1_out) }, + { good2_in, sizeof(good2_in), good2_out, sizeof(good2_out) }, + { good3_in, sizeof(good3_in), good3_out, sizeof(good3_out) }, + { good4_in, sizeof(good4_in), good4_out, sizeof(good4_out) }, + { good5_in, sizeof(good5_in), good5_in , sizeof(good5_in ) }, + }; + WOLFSSL_ENTER("berder_test"); + + for (i = 0; i < (int)(sizeof(testData) / sizeof(*testData)); i++) { + ret = wc_BerToDer(testData[i].in, testData[i].inSz, NULL, &len); + if (ret != WC_NO_ERR_TRACE(LENGTH_ONLY_E)) + return WC_TEST_RET_ENC_I(i); + if (len != testData[i].outSz) + return WC_TEST_RET_ENC_I(i); + len = testData[i].outSz; + ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &len); + if (ret != 0) + return WC_TEST_RET_ENC_I(i); + if (XMEMCMP(out, testData[i].out, len) != 0) + return WC_TEST_RET_ENC_I(i); + + for (l = 1; l < testData[i].inSz; l++) { + ret = wc_BerToDer(testData[i].in, l, NULL, &len); + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) + return WC_TEST_RET_ENC_EC(ret); + len = testData[i].outSz; + ret = wc_BerToDer(testData[i].in, l, out, &len); + if (ret != WC_NO_ERR_TRACE(ASN_PARSE_E)) + return WC_TEST_RET_ENC_EC(ret); + } + + for (l = 0; l < testData[i].outSz-1; l++) { + ret = wc_BerToDer(testData[i].in, testData[i].inSz, out, &l); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + } + } + + ret = wc_BerToDer(NULL, 4, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_BerToDer(out, 4, NULL, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_BerToDer(NULL, 4, NULL, &len); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_BerToDer(NULL, 4, out, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_BerToDer(out, 4, out, NULL); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_BerToDer(NULL, 4, out, &len); + if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG)) + return WC_TEST_RET_ENC_EC(ret); + + for (l = 1; l < sizeof(good4_out); l++) { + len = l; + ret = wc_BerToDer(good4_in, sizeof(good4_in), out, &len); + if (ret != WC_NO_ERR_TRACE(BUFFER_E)) + return WC_TEST_RET_ENC_EC(ret); + } + + return 0; +} +#endif /* ASN_BER_TO_DER && (WOLFSSL_TEST_CERT || OPENSSL_EXTRA || + OPENSSL_EXTRA_X509_SMALL */ + +#ifdef DEBUG_WOLFSSL +static THREAD_LS_T int log_cnt = 0; +static void my_Logging_cb(const int logLevel, const char *const logMessage) +{ + (void)logLevel; + (void)logMessage; + log_cnt++; +} +#endif /* DEBUG_WOLFSSL */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void) +{ + wc_test_ret_t ret; +#ifdef DEBUG_WOLFSSL + const char* msg = "Testing, testing. 1, 2, 3, 4 ..."; + byte a[8] = { 1, 2, 3, 4, 5, 6, 7, 8 }; + byte b[256]; + int i; + WOLFSSL_ENTER("logging_test (debug)"); + + /* LIBBITCOIN: fix narrowing implicit cast warning. */ + for (i = 0; i < (int)sizeof(b); i++) + b[i] = (byte)i; + + ret = wolfSSL_Debugging_ON(); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + ret = wolfSSL_SetLoggingCb(my_Logging_cb); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + WOLFSSL_MSG(msg); + WOLFSSL_BUFFER(a, sizeof(a)); + WOLFSSL_BUFFER(b, sizeof(b)); + WOLFSSL_BUFFER(NULL, 0); + WOLFSSL_ERROR(MEMORY_E); + WOLFSSL_ERROR_MSG(msg); + + /* turn off logs */ + wolfSSL_Debugging_OFF(); + + /* capture log count */ + i = log_cnt; + + /* validate no logs are output when disabled */ + WOLFSSL_MSG(msg); + WOLFSSL_BUFFER(a, sizeof(a)); + WOLFSSL_BUFFER(b, sizeof(b)); + WOLFSSL_BUFFER(NULL, 0); + WOLFSSL_ERROR(MEMORY_E); + WOLFSSL_ERROR_MSG(msg); + + /* check the logs were disabled */ + if (i != log_cnt) + return WC_TEST_RET_ENC_NC; + + /* restore callback and leave logging enabled */ + wolfSSL_SetLoggingCb(NULL); + wolfSSL_Debugging_ON(); + + /* suppress unused args */ + (void)a; + (void)b; + +#else + WOLFSSL_ENTER("logging_test"); + ret = wolfSSL_Debugging_ON(); + if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN)) + return WC_TEST_RET_ENC_EC(ret); + wolfSSL_Debugging_OFF(); + ret = wolfSSL_SetLoggingCb(NULL); + if (ret != WC_NO_ERR_TRACE(NOT_COMPILED_IN)) + return WC_TEST_RET_ENC_EC(ret); +#endif /* DEBUG_WOLFSSL */ + return 0; +} + +#if defined(__INCLUDE_NUTTX_CONFIG_H) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t wolfcrypt_mutex_test(void) +#else +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void) +#endif +{ +#ifdef WOLFSSL_PTHREADS + wolfSSL_Mutex m; +#endif +#if defined(WOLFSSL_PTHREADS) || (!defined(WOLFSSL_NO_MALLOC) && \ + !defined(WOLFSSL_USER_MUTEX) && defined(WOLFSSL_STATIC_MEMORY)) + wc_test_ret_t ret; +#endif + +#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_USER_MUTEX) + #ifndef WOLFSSL_STATIC_MEMORY + wolfSSL_Mutex *mm = wc_InitAndAllocMutex(); + WOLFSSL_ENTER("[wolfcrypt_]mutex_test (1)"); + #else + wolfSSL_Mutex *mm = (wolfSSL_Mutex*) XMALLOC(sizeof(wolfSSL_Mutex), + HEAP_HINT, DYNAMIC_TYPE_MUTEX); + WOLFSSL_ENTER("[wolfcrypt_]mutex_test (2)"); + if (mm != NULL) { + ret = wc_InitMutex(mm); + if (ret != 0) { + WOLFSSL_MSG("Init Mutex failed"); + XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX); + return WC_TEST_RET_ENC_EC(ret); + } + } + #endif + if (mm == NULL) + return WC_TEST_RET_ENC_ERRNO; + wc_FreeMutex(mm); + XFREE(mm, HEAP_HINT, DYNAMIC_TYPE_MUTEX); +#endif + + /* Can optionally enable advanced pthread tests using "ENABLE_PTHREAD_LOCKFREE_TESTS" */ +#ifdef WOLFSSL_PTHREADS + ret = wc_InitMutex(&m); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_LockMutex(&m); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); +#if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS) + /* trying to free a locked mutex is not portable behavior with pthread */ + /* Attempting to destroy a locked mutex results in undefined behavior */ + ret = wc_FreeMutex(&m); + if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E)) + return WC_TEST_RET_ENC_EC(ret); +#endif + ret = wc_UnLockMutex(&m); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_FreeMutex(&m); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); +#if !defined(WOLFSSL_SOLARIS) && defined(ENABLE_PTHREAD_LOCKFREE_TESTS) + /* Trying to use a pthread after free'ing is not portable behavior */ + ret = wc_LockMutex(&m); + if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E)) + return WC_TEST_RET_ENC_EC(ret); + ret = wc_UnLockMutex(&m); + if (ret != WC_NO_ERR_TRACE(BAD_MUTEX_E)) + return WC_TEST_RET_ENC_EC(ret); +#endif +#endif + + return 0; +} + +#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS) + +#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_KERNEL_MODE) && \ + !defined(WOLFSSL_STATIC_MEMORY) +static wc_test_ret_t malloc_cnt = 0; +static wc_test_ret_t realloc_cnt = 0; +static wc_test_ret_t free_cnt = 0; + +#ifdef WOLFSSL_DEBUG_MEMORY +static void *my_Malloc_cb(size_t size, const char* func, unsigned int line) +{ + (void) func; + (void) line; +#else +static void *my_Malloc_cb(size_t size) +{ +#endif + malloc_cnt++; + #ifndef WOLFSSL_NO_MALLOC + return malloc(size); /* native heap */ + #else + WOLFSSL_MSG("No malloc available"); + (void)size; + return NULL; + #endif +} + +#ifdef WOLFSSL_DEBUG_MEMORY +static void my_Free_cb(void *ptr, const char* func, unsigned int line) +{ + (void) func; + (void) line; +#else +static void my_Free_cb(void *ptr) +{ +#endif + free_cnt++; + #ifndef WOLFSSL_NO_MALLOC + free(ptr); /* native heap */ + #else + WOLFSSL_MSG("No free available"); + (void)ptr; + #endif +} + +#ifdef WOLFSSL_DEBUG_MEMORY +static void *my_Realloc_cb(void *ptr, size_t size, const char* func, unsigned int line) +{ + (void) func; + (void) line; +#else +static void *my_Realloc_cb(void *ptr, size_t size) +{ +#endif + realloc_cnt++; + #ifndef WOLFSSL_NO_MALLOC + return realloc(ptr, size); /* native heap */ + #else + WOLFSSL_MSG("No realloc available"); + (void)ptr; + (void)size; + return NULL; + #endif +} +#endif /* !WOLFSSL_NO_MALLOC */ + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void) +{ + wc_test_ret_t ret = 0; +#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_NO_REALLOC) && \ + !defined(WOLFSSL_KERNEL_MODE) && !defined(WOLFSSL_STATIC_MEMORY) + byte* b = NULL; +#endif + wolfSSL_Malloc_cb mc; + wolfSSL_Free_cb fc; + wolfSSL_Realloc_cb rc; + WOLFSSL_ENTER("memcb_test"); + + /* Save existing memory callbacks */ + ret = wolfSSL_GetAllocators(&mc, &fc, &rc); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + +#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_NO_REALLOC) && \ + !defined(WOLFSSL_KERNEL_MODE) && !defined(WOLFSSL_STATIC_MEMORY) + + /* test realloc */ + b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (b == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_memcb); + } + XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + b = NULL; + + /* Use API. */ + ret = wolfSSL_SetAllocators((wolfSSL_Malloc_cb)my_Malloc_cb, + (wolfSSL_Free_cb)my_Free_cb, + (wolfSSL_Realloc_cb)my_Realloc_cb); + if (ret != 0) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_memcb); + } + + b = (byte*)XMALLOC(1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + { + byte *new_b = (byte*)XREALLOC(b, 1024, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (new_b) + b = new_b; + else { + XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ERROR_OUT(WC_TEST_RET_ENC_EC(MEMORY_E), exit_memcb); + } + } + XFREE(b, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + +#ifndef WOLFSSL_STATIC_MEMORY +#ifndef WOLFSSL_CHECK_MEM_ZERO + if (malloc_cnt != 1 || free_cnt != 1 || realloc_cnt != 1) +#else + /* Checking zeroized memory means realloc is a malloc and free. */ + if (malloc_cnt != 2 || free_cnt != 2 || realloc_cnt != 0) +#endif +#else + if (malloc_cnt != 0 || free_cnt != 0 || realloc_cnt != 0) +#endif + ret = WC_TEST_RET_ENC_NC; +#endif /* !WOLFSSL_NO_MALLOC */ + +#if !defined(WOLFSSL_NO_MALLOC) && !defined(WOLFSSL_NO_REALLOC) && \ + !defined(WOLFSSL_KERNEL_MODE) && !defined(WOLFSSL_STATIC_MEMORY) +exit_memcb: + + /* reset malloc/free/realloc counts */ + malloc_cnt = 0; + free_cnt = 0; + realloc_cnt = 0; +#endif + + /* restore memory callbacks */ + wolfSSL_SetAllocators(mc, fc, rc); + + return ret; +} +#endif /* USE_WOLFSSL_MEMORY && !WOLFSSL_NO_MALLOC */ + + +#if defined(WOLFSSL_CAAM_BLOB) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void) +{ + wc_test_ret_t ret = 0; + byte out[112]; + byte blob[112]; + word32 outSz; + + WOLFSSL_SMALL_STACK_STATIC const byte iv[] = + { + 0xf0,0xf1,0xf2,0xf3,0xf4,0xf5,0xf6,0xf7, + 0xf8,0xf9,0xfa,0xfb,0xfc,0xfd,0xfe,0xff + }; + + WOLFSSL_SMALL_STACK_STATIC const byte text[] = + { + 0x6b,0xc1,0xbe,0xe2,0x2e,0x40,0x9f,0x96, + 0xe9,0x3d,0x7e,0x11,0x73,0x93,0x17,0x2a, + 0xae,0x2d,0x8a,0x57,0x1e,0x03,0xac,0x9c, + 0x9e,0xb7,0x6f,0xac,0x45,0xaf,0x8e,0x51, + 0x30,0xc8,0x1c,0x46,0xa3,0x5c,0xe4,0x11, + 0xe5,0xfb,0xc1,0x19,0x1a,0x0a,0x52,0xef, + 0xf6,0x9f,0x24,0x45,0xdf,0x4f,0x9b,0x17, + 0xad,0x2b,0x41,0x7b,0xe6,0x6c,0x37,0x10 + }; + WOLFSSL_ENTER("blob_test"); + + XMEMSET(blob, 0, sizeof(blob)); + XMEMSET(out, 0, sizeof(out)); + outSz = sizeof(blob); + ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob); + + blob[outSz - 2] += 1; + ret = wc_caamOpenBlob(blob, outSz, out, &outSz); + if (ret == 0) { /* should fail with altered blob */ + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_blob); + } + + XMEMSET(blob, 0, sizeof(blob)); + outSz = sizeof(blob); + ret = wc_caamCreateBlob((byte*)iv, sizeof(iv), blob, &outSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob); + + ret = wc_caamOpenBlob(blob, outSz, out, &outSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob); + + if (XMEMCMP(out, iv, sizeof(iv))) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_blob); + } + + XMEMSET(blob, 0, sizeof(blob)); + outSz = sizeof(blob); + ret = wc_caamCreateBlob((byte*)text, sizeof(text), blob, &outSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob); + + ret = wc_caamOpenBlob(blob, outSz, out, &outSz); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_blob); + + if (XMEMCMP(out, text, sizeof(text))) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_blob); + } + + exit_blob: + + return ret; +} +#endif /* WOLFSSL_CAAM_BLOB */ + +#ifdef WOLF_CRYPTO_CB + +/* Example custom context for crypto callback */ +typedef struct { + int exampleVar; /* flag for testing if only crypt is enabled. */ +} myCryptoDevCtx; + +#ifdef WOLF_CRYPTO_CB_ONLY_RSA +/* Testing rsa cb when CB_ONLY_RSA is enabled + * When CB_ONLY_RSA is enabled, software imple. is not available. + * + * ctx callback ctx + * returen 0 on success, otherwise return negative + */ +static wc_test_ret_t rsa_onlycb_test(myCryptoDevCtx *ctx) +{ + wc_test_ret_t ret = 0; +#if !defined(NO_RSA) + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + RsaKey *key = (RsaKey *)XMALLOC(sizeof *key, + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte* tmp = NULL; +#else + RsaKey key[1]; + byte tmp[FOURK_BUF]; +#endif + size_t bytes; + const word32 inLen = (word32)TEST_STRING_SZ; + word32 idx = 0; + + word32 sigSz; + WOLFSSL_SMALL_STACK_STATIC const byte in[] = TEST_STRING; + byte out[RSA_TEST_BYTES]; + +#if !defined(USE_CERT_BUFFERS_1024) && !defined(USE_CERT_BUFFERS_2048) && \ + !defined(USE_CERT_BUFFERS_3072) && !defined(USE_CERT_BUFFERS_4096) && \ + !defined(NO_FILESYSTEM) + XFILE file; +#endif + +#ifdef WOLFSSL_KEY_GEN + WC_RNG rng; + word32 keySz = 2048; +#endif + +#ifdef USE_CERT_BUFFERS_1024 + bytes = (size_t)sizeof_client_key_der_1024; + if (bytes < (size_t)sizeof_client_cert_der_1024) + bytes = (size_t)sizeof_client_cert_der_1024; +#elif defined(USE_CERT_BUFFERS_2048) + bytes = (size_t)sizeof_client_key_der_2048; + if (bytes < (size_t)sizeof_client_cert_der_2048) + bytes = (size_t)sizeof_client_cert_der_2048; +#elif defined(USE_CERT_BUFFERS_3072) + bytes = (size_t)sizeof_client_key_der_3072; + if (bytes < (size_t)sizeof_client_cert_der_3072) + bytes = (size_t)sizeof_client_cert_der_3072; +#elif defined(USE_CERT_BUFFERS_4096) + bytes = (size_t)sizeof_client_key_der_4096; + if (bytes < (size_t)sizeof_client_cert_der_4096) + bytes = (size_t)sizeof_client_cert_der_4096; +#else + bytes = FOURK_BUF; +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + tmp = (byte*)XMALLOC(bytes, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + if (tmp == NULL) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb); +#endif + +#ifdef USE_CERT_BUFFERS_1024 + XMEMCPY(tmp, client_key_der_1024, (size_t)sizeof_client_key_der_1024); +#elif defined(USE_CERT_BUFFERS_2048) + XMEMCPY(tmp, client_key_der_2048, (size_t)sizeof_client_key_der_2048); +#elif defined(USE_CERT_BUFFERS_3072) + XMEMCPY(tmp, client_key_der_3072, (size_t)sizeof_client_key_der_3072); +#elif defined(USE_CERT_BUFFERS_4096) + XMEMCPY(tmp, client_key_der_4096, (size_t)sizeof_client_key_der_4096); +#elif !defined(NO_FILESYSTEM) + file = XFOPEN(clientKey, "rb"); + if (!file) { + ret = WC_TEST_RET_ENC_ERRNO; + err_sys("can't open ./certs/client-key.der, " + "Please run from wolfSSL home dir", ret); + ERROR_OUT(ret, exit_onlycb); + } + bytes = XFREAD(tmp, 1, FOURK_BUF, file); + XFCLOSE(file); + if (bytes == 0) + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb); +#endif + +#ifdef WOLFSSL_KEY_GEN + /* wc_CryptoCb_MakeRsaKey cb test, no actual making key + * wc_MakeRsaKey() -> rsa cb -> + * myCryptoDevCb -> wc_MakeRsaKey(CBONLY_TEST_DEVID) + * wc_MakeRsaKey(CBONLY_TEST_DEVID) expects to return 0(success) + */ + ctx->exampleVar = 99; + ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, &rng); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + /* wc_MakeRsaKey() -> rsa cb -> + * myCryptoDevCb -> wc_MakeRsaKey(INVALID_DEVID) + * wc_MakeRsaKey(CBONLY_TEST_DEVID) expects to return NO_VALID_DEVID(failure) + */ + ctx->exampleVar = 1; + ret = wc_MakeRsaKey(key, keySz, WC_RSA_EXPONENT, &rng); + if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + } else + /* reset return code */ + ret = 0; +#endif + ret = wc_InitRsaKey_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + ret = wc_RsaPrivateKeyDecode(tmp, &idx, key, (word32)bytes); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + + sigSz = (word32)wc_RsaEncryptSize(key); + + /* wc_CryptoCb_Rsa cb test, no actual rsa operation */ + if (ret == 0) { + /* wc_SignatureGenerate() -> rsa cb -> + * myCryptoDevCb -> wc_RsaFunction(CBONLY_TEST_DEVID) + * wc_RsaFunction(CBONLY_TEST_DEVID) expects to return 0(success) + */ + ctx->exampleVar = 99; + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, + in, inLen, out, &sigSz, key, sizeof(*key), NULL); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + } + if (ret == 0) { + /* wc_SignatureGenerate() -> rsa cb -> + * myCryptoDevCb -> wc_RsaFunction(INVALID_DEVID) + * wc_SignatureGenerate(INVALID_DEVID) expects to + * return NO_VALID_DEVID(failure) + */ + ctx->exampleVar = 1; + ret = wc_SignatureGenerate(WC_HASH_TYPE_SHA256, WC_SIGNATURE_TYPE_RSA, + in, inLen, out, &sigSz, key, sizeof(*key), NULL); + if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + } else + /* reset return code */ + ret = 0; + } + +exit_onlycb: + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (key != NULL) { + wc_FreeRsaKey(key); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + XFREE(tmp, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); +#else + wc_FreeRsaKey(key); +#endif + +#endif + return ret; +} +#endif + +#ifdef WOLF_CRYPTO_CB_ONLY_ECC +/* Testing rsa cb when CB_ONLY_ECC is enabled + * When CB_ONLY_ECC is enabled, software imple. is not available. + * + * ctx callback ctx + * returen 0 on success, otherwise return negative + */ +static wc_test_ret_t ecc_onlycb_test(myCryptoDevCtx *ctx) +{ + wc_test_ret_t ret = 0; +#if defined(HAVE_ECC) +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + ecc_key* key = (ecc_key *)XMALLOC(sizeof(*key), + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + ecc_key* pub = (ecc_key *)XMALLOC(sizeof(*pub), + HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + byte* out = (byte*)XMALLOC(256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) + byte* check = (byte*)XMALLOC(256, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #endif +#else + ecc_key key[1]; + #ifdef HAVE_ECC_DHE + ecc_key pub[1]; + #endif + #if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY) + byte out[256]; + #endif + #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) + byte check[256]; + #endif +#endif +#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) + WOLFSSL_EVP_PKEY* privKey = NULL; + WOLFSSL_EVP_PKEY* pubKey = NULL; + #ifdef USE_CERT_BUFFERS_256 + ecc_key* pkey; + const unsigned char* cp; + #endif + WOLFSSL_EVP_MD_CTX mdCtx; + const char testData[] = "Hi There"; + size_t checkSz = -1; + const unsigned char* p; + const unsigned char check_v[256] = { + 0x30,0x45,0x02,0x20,0x1b,0x5c,0x2a,0xf0,0x18,0x09, + 0x74,0x65,0xa1,0x04,0x76,0x3a,0xce,0xcc,0xe5,0x34, + 0x5e,0x89,0xed,0x40,0x1e,0x5a,0xb1,0x53,0xb4,0xff, + 0xc7,0x18,0xfe,0x0f,0xc7,0xa6,0x02,0x21,0x00,0xe5, + 0x70,0x21,0xfc,0xf9,0x63,0x36,0xfd,0x16,0x18,0x08, + 0x9a,0x63,0x61,0x0f,0xe7,0x7c,0xa3,0xc9,0x14,0xa3, + 0x30,0x87,0xf7,0xf5,0x70,0x19,0xaf,0x56,0x96,0x9b, + 0xd8,0x64,0xcd,0xd9,0xff,0x7b,0x2a,0x55,0x52,0xca, + 0x41,0xb2,0xa6,0xa4,0x8a,0x3b,0x02,0x20,0x8c,0xc5, + 0xf9,0xc1,0x7d,0x2a,0x65,0x6c,0xe6,0x5a,0xe3,0x76, + 0x9b,0xab,0x0b,0x9f,0xaf,0x62,0x5d,0xb2,0x60,0xd7, + 0xeb,0xb4,0x1b,0x73,0xdc,0x01,0x7d,0x7b,0xab,0xc1, + 0x0c,0x74,0x96,0x41,0xe6,0x3f,0xc5,0x86,0xe6,0x7d, + 0x2b,0x9d,0x54,0x6b,0xcd,0x31,0x35,0x1f,0xdb,0x49, + 0x1f,0x32,0x34,0xf8,0x57,0x12,0x86,0x5c,0x0e,0x80, + 0x55,0x8d,0xff,0xd8,0xbd,0xdf,0x32,0x26,0x62,0x42, + 0x09,0xda,0xf7,0x74,0xf2,0x3f,0xe6,0xf1,0x77,0x82, + 0xce,0xe4,0xbb,0x61,0xa6,0xc0,0x17,0x0c,0x6c,0x47, + 0x2a,0x40,0x1c,0x2b,0xe0,0x98,0x3b,0xbf,0xc6,0xf8, + 0x6d,0xfd,0xd0,0xfa,0xc1,0x02,0xfb,0x5f,0xfb,0xb0, + 0xcb,0xd9,0xa3,0x59,0x94,0xe9,0x0f,0x74,0xbb,0x3f, + 0x64,0xa3,0x83,0xc4,0x2b,0xf7,0xd2,0x97,0xbf,0x3b, + 0xcf,0xbb,0x60,0x81,0x33,0x94,0xfa,0x0d,0x35,0xd2, + 0x3d,0xb9,0x99,0xe3,0x12,0xf8,0xf4,0xa3,0x74,0xf4, + 0x94,0x1d,0x7a,0x66,0xf8,0xd1,0x1d,0xcf,0xb0,0x48, + 0xef,0x8c,0x94,0x6f,0xdd,0x62, + }; +#endif +#ifdef HAVE_ECC_DHE + WC_RNG rng; +#endif + EncryptedInfo encInfo; + int keyFormat = 0; +#ifdef USE_CERT_BUFFERS_256 + word32 keyIdx = 0; +#endif +#if defined(HAVE_ECC_SIGN) && defined(HAVE_ECC_VERIFY) + byte in[] = "Everyone gets Friday off. ecc p"; + word32 inLen = (word32)XSTRLEN((char*)in); + word32 outLen; + int verify; +#endif + +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (key == NULL || pub == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_ERRNO, exit_onlycb); + } +#endif + ret = wc_ecc_init_ex(key, HEAP_HINT, devId); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + + /* wc_CryptoCb_MakeEccKey cb test, no actual testing */ +#ifdef HAVE_ECC_DHE + ctx->exampleVar = 99; + ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key); + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + ctx->exampleVar = 1; + ret = wc_ecc_make_key(&rng, ECC_KEYGEN_SIZE, key); + if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + } else + /* reset return code */ + ret = 0; +#endif +#ifdef USE_CERT_BUFFERS_256 + if (ret == 0) { + /* load ECC private key and perform private transform */ + ret = wc_EccPrivateKeyDecode(ecc_key_der_256, &keyIdx, + key, sizeof_ecc_key_der_256); + } + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); +#endif + +#ifdef HAVE_ECC_SIGN + /* wc_CryptoCb_EccSign cb test, no actual testing */ + ctx->exampleVar = 99; + if (ret == 0) { + ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key); + } + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + ctx->exampleVar = 1; + if (ret == 0) { + ret = wc_ecc_sign_hash(in, inLen, out, &outLen, &rng, key); + } + if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + } + else + ret = 0; + +#ifdef HAVE_ECC_VERIFY + /* wc_CryptoCb_EccVerify cb test, no actual testing */ + ctx->exampleVar = 99; + if (ret == 0) { + ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key); + } + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + + ctx->exampleVar = 1; + if (ret == 0) { + ret = wc_ecc_verify_hash(in, inLen, out, outLen, &verify, key); + } + if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + } + else + ret = 0; +#endif /* HAVE_ECC_VERIFY */ +#endif /* HAVE_ECC_SIGN */ + +#ifdef HAVE_ECC_DHE + /* wc_CryptoCb_Ecdh cb test, no actual testing */ + + /* make public key for shared secret */ + wc_ecc_init_ex(pub, HEAP_HINT, devId); + + ctx->exampleVar = 99; + if (ret == 0) { + ret = wc_ecc_shared_secret(key, pub, out, &outLen); + } + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + ctx->exampleVar = 1; + if (ret == 0) { + ret = wc_ecc_shared_secret(key, pub, out, &outLen); + } + if (ret != WC_NO_ERR_TRACE(NO_VALID_DEVID)) { + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + } + else + ret = 0; + +#endif /* HAVE_ECC_DHE */ + +#if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) + (void)pkey; + cp = ecc_clikey_der_256; + privKey = d2i_PrivateKey(WC_EVP_PKEY_EC, NULL, &cp, + sizeof_ecc_clikey_der_256); + if (privKey == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb); + } + pkey = (ecc_key*)privKey->ecc->internal; + pkey->devId = devId; + + p = ecc_clikeypub_der_256; + pubKey = d2i_PUBKEY(NULL, &p, sizeof_ecc_clikeypub_der_256); + if (pubKey == NULL) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb); + } + pkey = (ecc_key*)pubKey->ecc->internal; + pkey->devId = devId; + + /* sign */ + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + ret = EVP_DigestSignInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, privKey); + if (ret != WOLFSSL_SUCCESS) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb); + } + + ret = EVP_DigestSignUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)); + if (ret != WOLFSSL_SUCCESS) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb); + } + + ret = EVP_DigestSignFinal(&mdCtx, NULL, &checkSz); + if (ret != WOLFSSL_SUCCESS) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb); + } + + ctx->exampleVar = 99; + ret = EVP_DigestSignFinal(&mdCtx, check, &checkSz); + /* just called crypt callback as dummy + * EVP_DigestSignFinal returns 0 internally. + */ + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + ctx->exampleVar = 1; + ret = EVP_DigestSignFinal(&mdCtx, check, &checkSz); + /* just called crypt callback as dummy + * EVP_DigestSignFinal returns 0 internally. + */ + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + /* restore checkSz for verify */ + checkSz = 71; + + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + if (ret != WOLFSSL_SUCCESS) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb); + } + + /* verify */ + wolfSSL_EVP_MD_CTX_init(&mdCtx); + + if (ret == WOLFSSL_SUCCESS) { + ret = EVP_DigestVerifyInit(&mdCtx, NULL, wolfSSL_EVP_sha256(), NULL, pubKey); + } + if (ret != WOLFSSL_SUCCESS) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb); + } + if (ret == WOLFSSL_SUCCESS) { + ret = EVP_DigestVerifyUpdate(&mdCtx, testData, + (unsigned int)XSTRLEN(testData)); + } + if (ret != WOLFSSL_SUCCESS) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb); + } + ctx->exampleVar = 99; + ret = EVP_DigestVerifyFinal(&mdCtx, check_v, checkSz); + /* just called crypt callback as dummy + * EVP_DigestSignFinal returns 0 internally. + */ + if (ret != 0) + ERROR_OUT(WC_TEST_RET_ENC_EC(ret), exit_onlycb); + ctx->exampleVar = 1; + ret = EVP_DigestVerifyFinal(&mdCtx, check_v, checkSz); + /* just called crypt callback as dummy + * EVP_DigestVerifyFinal returns -1 internally rather than NO_VALID_DEVID. + */ + if (ret != -1) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb); + } + ret = wolfSSL_EVP_MD_CTX_cleanup(&mdCtx); + if (ret != WOLFSSL_SUCCESS) { + ERROR_OUT(WC_TEST_RET_ENC_NC, exit_onlycb); + } else + ret = 0; +#endif /* !WOLFCRYPT_ONLY && OPENSSL_EXTRA */ + + (void)keyFormat; + (void)encInfo; + (void)ctx; + +exit_onlycb: +#if defined(WOLFSSL_SMALL_STACK) && !defined(WOLFSSL_NO_MALLOC) + if (key != NULL) { + wc_ecc_free(key); + XFREE(key, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + XFREE(pub, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + XFREE(out, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) + if (check) { + FREE(check, HEAP_HINT, DYNAMIC_TYPE_TMP_BUFFER); + } + #endif +#else + wc_ecc_free(key); + #if !defined(WOLFCRYPT_ONLY) && defined(OPENSSL_EXTRA) + if (privKey) + wolfSSL_EVP_PKEY_free(privKey); + if (pubKey) + wolfSSL_EVP_PKEY_free(pubKey); + #endif +#endif + +#endif /* HAVE_ECC */ + return ret; +} +#endif + +/* Example crypto dev callback function that calls software version */ +static int myCryptoDevCb(int devIdArg, wc_CryptoInfo* info, void* ctx) +{ + int ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); /* return this to bypass HW and + use SW */ + myCryptoDevCtx* myCtx = (myCryptoDevCtx*)ctx; + + if (info == NULL) + return BAD_FUNC_ARG; + +#ifdef DEBUG_WOLFSSL + WOLFSSL_MSG_EX("CryptoDevCb: Algo Type %d\n", info->algo_type); +#endif + + if (info->algo_type == WC_ALGO_TYPE_RNG) { + #if defined(WOLF_CRYPTO_CB) && !defined(HAVE_HASHDRBG) && \ + !defined(WC_NO_RNG) && !defined(CUSTOM_RAND_GENERATE_BLOCK) + /* if RNG only supports crypto callback, just use seed */ + ret = wc_GenerateSeed(&info->rng.rng->seed, + info->rng.out, info->rng.sz); + #elif !defined(WC_NO_RNG) + /* set devId to invalid, so software is used */ + info->rng.rng->devId = INVALID_DEVID; + + ret = wc_RNG_GenerateBlock(info->rng.rng, + info->rng.out, info->rng.sz); + + /* reset devId */ + info->rng.rng->devId = devIdArg; + #endif + } + else if (info->algo_type == WC_ALGO_TYPE_SEED) { + #ifndef WC_NO_RNG + ALIGN32 static byte seed[sizeof(word32)] = { 0x00, 0x00, 0x00, 0x01 }; + word32* seedWord32 = (word32*)seed; + word32 len; + + /* wc_GenerateSeed is a local symbol so we need to fake the entropy. */ + while (info->seed.sz > 0) { + len = (word32)sizeof(seed); + if (info->seed.sz < len) + len = info->seed.sz; + XMEMCPY(info->seed.seed, seed, sizeof(seed)); + info->seed.seed += len; + info->seed.sz -= len; + (*seedWord32)++; + } + + ret = 0; + #endif + } + else if (info->algo_type == WC_ALGO_TYPE_PK) { + #ifdef DEBUG_WOLFSSL + WOLFSSL_MSG_EX("CryptoDevCb: Pk Type %d\n", info->pk.type); + #endif + + #ifndef NO_RSA + if (info->pk.type == WC_PK_TYPE_RSA) { + /* set devId to invalid, so software is used */ + info->pk.rsa.key->devId = INVALID_DEVID; + #if defined(WOLF_CRYPTO_CB_ONLY_RSA) + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar); + #endif + if (myCtx->exampleVar == 99) { + info->pk.rsa.key->devId = devIdArg; + return 0; + } + #endif + switch (info->pk.rsa.type) { + case RSA_PUBLIC_ENCRYPT: + case RSA_PUBLIC_DECRYPT: + /* perform software based RSA public op */ + ret = wc_RsaFunction( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, info->pk.rsa.outLen, + info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); + break; + case RSA_PRIVATE_ENCRYPT: + case RSA_PRIVATE_DECRYPT: + /* perform software based RSA private op */ + ret = wc_RsaFunction( + info->pk.rsa.in, info->pk.rsa.inLen, + info->pk.rsa.out, info->pk.rsa.outLen, + info->pk.rsa.type, info->pk.rsa.key, info->pk.rsa.rng); + break; + } + + /* reset devId */ + info->pk.rsa.key->devId = devIdArg; + } + #ifdef WOLFSSL_KEY_GEN + else if (info->pk.type == WC_PK_TYPE_RSA_KEYGEN) { + info->pk.rsakg.key->devId = INVALID_DEVID; + #if defined(WOLF_CRYPTO_CB_ONLY_RSA) + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar); + #endif + if (myCtx->exampleVar == 99) { + info->pk.rsakg.key->devId = devIdArg; + return 0; + } + #endif +#ifdef HAVE_FIPS + for (;;) { +#endif + ret = wc_MakeRsaKey(info->pk.rsakg.key, info->pk.rsakg.size, + info->pk.rsakg.e, info->pk.rsakg.rng); +#ifdef HAVE_FIPS + if (ret == WC_NO_ERR_TRACE(PRIME_GEN_E)) + continue; + break; + } +#endif + + /* reset devId */ + info->pk.rsakg.key->devId = devIdArg; + } + #endif + #endif /* !NO_RSA */ + #ifdef HAVE_ECC + if (info->pk.type == WC_PK_TYPE_EC_KEYGEN) { + #ifdef HAVE_ECC_DHE + /* set devId to invalid, so software is used */ + info->pk.eckg.key->devId = INVALID_DEVID; + #if defined(WOLF_CRYPTO_CB_ONLY_ECC) + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar); + #endif + if (myCtx->exampleVar == 99) { + info->pk.eckg.key->devId = devIdArg; + return 0; + } + #endif + ret = wc_ecc_make_key_ex(info->pk.eckg.rng, info->pk.eckg.size, + info->pk.eckg.key, info->pk.eckg.curveId); + + /* reset devId */ + info->pk.eckg.key->devId = devIdArg; + #endif + } + else if (info->pk.type == WC_PK_TYPE_ECDSA_SIGN) { + #ifdef HAVE_ECC_SIGN + /* set devId to invalid, so software is used */ + info->pk.eccsign.key->devId = INVALID_DEVID; + #if defined(WOLF_CRYPTO_CB_ONLY_ECC) + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar); + #endif + if (myCtx->exampleVar == 99) { + info->pk.eccsign.key->devId = devIdArg; + return 0; + } + #endif + ret = wc_ecc_sign_hash( + info->pk.eccsign.in, info->pk.eccsign.inlen, + info->pk.eccsign.out, info->pk.eccsign.outlen, + info->pk.eccsign.rng, info->pk.eccsign.key); + + /* reset devId */ + info->pk.eccsign.key->devId = devIdArg; + #endif + } + else if (info->pk.type == WC_PK_TYPE_ECDSA_VERIFY) { + #ifdef HAVE_ECC_VERIFY + /* set devId to invalid, so software is used */ + info->pk.eccverify.key->devId = INVALID_DEVID; + #if defined(WOLF_CRYPTO_CB_ONLY_ECC) + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar); + #endif + if (myCtx->exampleVar == 99) { + info->pk.eccverify.key->devId = devIdArg; + return 0; + } + #endif + ret = wc_ecc_verify_hash( + info->pk.eccverify.sig, info->pk.eccverify.siglen, + info->pk.eccverify.hash, info->pk.eccverify.hashlen, + info->pk.eccverify.res, info->pk.eccverify.key); + + /* reset devId */ + info->pk.eccverify.key->devId = devIdArg; + #endif + } + else if (info->pk.type == WC_PK_TYPE_ECDH) { + #ifdef HAVE_ECC_DHE + /* set devId to invalid, so software is used */ + info->pk.ecdh.private_key->devId = INVALID_DEVID; + #if defined(WOLF_CRYPTO_CB_ONLY_ECC) + #ifdef DEBUG_WOLFSSL + printf("CryptoDevCb: exampleVar %d\n", myCtx->exampleVar); + #endif + if (myCtx->exampleVar == 99) { + info->pk.ecdh.private_key->devId = devIdArg; + return 0; + } + #endif + ret = wc_ecc_shared_secret( + info->pk.ecdh.private_key, info->pk.ecdh.public_key, + info->pk.ecdh.out, info->pk.ecdh.outlen); + + /* reset devId */ + info->pk.ecdh.private_key->devId = devIdArg; + #endif + } + #endif /* HAVE_ECC */ + #ifdef HAVE_CURVE25519 + if (info->pk.type == WC_PK_TYPE_CURVE25519_KEYGEN) { + /* set devId to invalid, so software is used */ + info->pk.curve25519kg.key->devId = INVALID_DEVID; + + ret = wc_curve25519_make_key(info->pk.curve25519kg.rng, + info->pk.curve25519kg.size, info->pk.curve25519kg.key); + + /* reset devId */ + info->pk.curve25519kg.key->devId = devIdArg; + } + else if (info->pk.type == WC_PK_TYPE_CURVE25519) { + /* set devId to invalid, so software is used */ + info->pk.curve25519.private_key->devId = INVALID_DEVID; + + ret = wc_curve25519_shared_secret_ex( + info->pk.curve25519.private_key, info->pk.curve25519.public_key, + info->pk.curve25519.out, info->pk.curve25519.outlen, + info->pk.curve25519.endian); + + /* reset devId */ + info->pk.curve25519.private_key->devId = devIdArg; + } + #endif /* HAVE_CURVE25519 */ + #if defined(HAVE_ED25519) && defined(HAVE_ED25519_MAKE_KEY) + if (info->pk.type == WC_PK_TYPE_ED25519_KEYGEN) { + /* set devId to invalid, so software is used */ + info->pk.ed25519kg.key->devId = INVALID_DEVID; + + ret = wc_ed25519_make_key(info->pk.ed25519kg.rng, + info->pk.ed25519kg.size, info->pk.ed25519kg.key); + + /* reset devId */ + info->pk.ed25519kg.key->devId = devIdArg; + } + #ifdef HAVE_ED25519_SIGN + else if (info->pk.type == WC_PK_TYPE_ED25519_SIGN) { + /* set devId to invalid, so software is used */ + info->pk.ed25519sign.key->devId = INVALID_DEVID; + + ret = wc_ed25519_sign_msg_ex( + info->pk.ed25519sign.in, info->pk.ed25519sign.inLen, + info->pk.ed25519sign.out, info->pk.ed25519sign.outLen, + info->pk.ed25519sign.key, info->pk.ed25519sign.type, + info->pk.ed25519sign.context, info->pk.ed25519sign.contextLen); + + /* reset devId */ + info->pk.ed25519sign.key->devId = devIdArg; + } + #endif + #ifdef HAVE_ED25519_VERIFY + else if (info->pk.type == WC_PK_TYPE_ED25519_VERIFY) { + /* set devId to invalid, so software is used */ + info->pk.ed25519verify.key->devId = INVALID_DEVID; + + ret = wc_ed25519_verify_msg_ex( + info->pk.ed25519verify.sig, info->pk.ed25519verify.sigLen, + info->pk.ed25519verify.msg, info->pk.ed25519verify.msgLen, + info->pk.ed25519verify.res, info->pk.ed25519verify.key, + info->pk.ed25519verify.type, info->pk.ed25519verify.context, + info->pk.ed25519verify.contextLen); + + /* reset devId */ + info->pk.ed25519verify.key->devId = devIdArg; + } + #endif + #endif /* HAVE_ED25519 */ + } + else if (info->algo_type == WC_ALGO_TYPE_CIPHER) { +#if !defined(NO_AES) || !defined(NO_DES3) + #ifdef HAVE_AESGCM + if (info->cipher.type == WC_CIPHER_AES_GCM) { + if (info->cipher.enc) { + /* set devId to invalid, so software is used */ + info->cipher.aesgcm_enc.aes->devId = INVALID_DEVID; + + ret = wc_AesGcmEncrypt( + info->cipher.aesgcm_enc.aes, + info->cipher.aesgcm_enc.out, + info->cipher.aesgcm_enc.in, + info->cipher.aesgcm_enc.sz, + info->cipher.aesgcm_enc.iv, + info->cipher.aesgcm_enc.ivSz, + info->cipher.aesgcm_enc.authTag, + info->cipher.aesgcm_enc.authTagSz, + info->cipher.aesgcm_enc.authIn, + info->cipher.aesgcm_enc.authInSz); + + /* reset devId */ + info->cipher.aesgcm_enc.aes->devId = devIdArg; + } + else { + /* set devId to invalid, so software is used */ + info->cipher.aesgcm_dec.aes->devId = INVALID_DEVID; + + ret = wc_AesGcmDecrypt( + info->cipher.aesgcm_dec.aes, + info->cipher.aesgcm_dec.out, + info->cipher.aesgcm_dec.in, + info->cipher.aesgcm_dec.sz, + info->cipher.aesgcm_dec.iv, + info->cipher.aesgcm_dec.ivSz, + info->cipher.aesgcm_dec.authTag, + info->cipher.aesgcm_dec.authTagSz, + info->cipher.aesgcm_dec.authIn, + info->cipher.aesgcm_dec.authInSz); + + /* reset devId */ + info->cipher.aesgcm_dec.aes->devId = devIdArg; + } + } + #endif /* HAVE_AESGCM */ + #ifdef HAVE_AES_CBC + if (info->cipher.type == WC_CIPHER_AES_CBC) { + if (info->cipher.enc) { + /* set devId to invalid, so software is used */ + info->cipher.aescbc.aes->devId = INVALID_DEVID; + + ret = wc_AesCbcEncrypt( + info->cipher.aescbc.aes, + info->cipher.aescbc.out, + info->cipher.aescbc.in, + info->cipher.aescbc.sz); + + /* reset devId */ + info->cipher.aescbc.aes->devId = devIdArg; + } + else { + /* set devId to invalid, so software is used */ + info->cipher.aescbc.aes->devId = INVALID_DEVID; + + ret = wc_AesCbcDecrypt( + info->cipher.aescbc.aes, + info->cipher.aescbc.out, + info->cipher.aescbc.in, + info->cipher.aescbc.sz); + + /* reset devId */ + info->cipher.aescbc.aes->devId = devIdArg; + } + } + #endif /* HAVE_AES_CBC */ + #if defined(HAVE_AES_ECB) && !defined(HAVE_FIPS) && !defined(HAVE_SELFTEST) + if (info->cipher.type == WC_CIPHER_AES_ECB) { + if (info->cipher.enc) { + /* set devId to invalid, so software is used */ + info->cipher.aesecb.aes->devId = INVALID_DEVID; + + ret = wc_AesEcbEncrypt( + info->cipher.aesecb.aes, + info->cipher.aesecb.out, + info->cipher.aesecb.in, + info->cipher.aesecb.sz); + + /* reset devId */ + info->cipher.aesecb.aes->devId = devIdArg; + } + else { + /* set devId to invalid, so software is used */ + info->cipher.aesecb.aes->devId = INVALID_DEVID; + + ret = wc_AesEcbDecrypt( + info->cipher.aesecb.aes, + info->cipher.aesecb.out, + info->cipher.aesecb.in, + info->cipher.aesecb.sz); + + /* reset devId */ + info->cipher.aesecb.aes->devId = devIdArg; + } + } + #endif /* HAVE_AES_ECB */ + #if defined(WOLFSSL_AES_COUNTER) && !defined(HAVE_FIPS) && \ + !defined(HAVE_SELFTEST) + if (info->cipher.type == WC_CIPHER_AES_CTR) { + /* set devId to invalid, so software is used */ + info->cipher.aesctr.aes->devId = INVALID_DEVID; + + ret = wc_AesCtrEncrypt( + info->cipher.aesctr.aes, + info->cipher.aesctr.out, + info->cipher.aesctr.in, + info->cipher.aesctr.sz); + + /* reset devId */ + info->cipher.aesctr.aes->devId = devIdArg; + } + #endif /* WOLFSSL_AES_COUNTER */ + #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) + if (info->cipher.type == WC_CIPHER_AES_CCM) { + if (info->cipher.enc) { + /* set devId to invalid, so software is used */ + info->cipher.aesccm_enc.aes->devId = INVALID_DEVID; + + ret = wc_AesCcmEncrypt( + info->cipher.aesccm_enc.aes, + info->cipher.aesccm_enc.out, + info->cipher.aesccm_enc.in, + info->cipher.aesccm_enc.sz, + info->cipher.aesccm_enc.nonce, + info->cipher.aesccm_enc.nonceSz, + info->cipher.aesccm_enc.authTag, + info->cipher.aesccm_enc.authTagSz, + info->cipher.aesccm_enc.authIn, + info->cipher.aesccm_enc.authInSz); + + /* reset devId */ + info->cipher.aesccm_enc.aes->devId = devIdArg; + } + else { + /* set devId to invalid, so software is used */ + info->cipher.aesccm_dec.aes->devId = INVALID_DEVID; + + ret = wc_AesCcmDecrypt( + info->cipher.aesccm_dec.aes, + info->cipher.aesccm_dec.out, + info->cipher.aesccm_dec.in, + info->cipher.aesccm_dec.sz, + info->cipher.aesccm_dec.nonce, + info->cipher.aesccm_dec.nonceSz, + info->cipher.aesccm_dec.authTag, + info->cipher.aesccm_dec.authTagSz, + info->cipher.aesccm_dec.authIn, + info->cipher.aesccm_dec.authInSz); + + /* reset devId */ + info->cipher.aesccm_dec.aes->devId = devIdArg; + } + } + #endif + #ifndef NO_DES3 + if (info->cipher.type == WC_CIPHER_DES3) { + if (info->cipher.enc) { + /* set devId to invalid, so software is used */ + info->cipher.des3.des->devId = INVALID_DEVID; + + ret = wc_Des3_CbcEncrypt( + info->cipher.des3.des, + info->cipher.des3.out, + info->cipher.des3.in, + info->cipher.des3.sz); + + /* reset devId */ + info->cipher.des3.des->devId = devIdArg; + } + else { + /* set devId to invalid, so software is used */ + info->cipher.des3.des->devId = INVALID_DEVID; + + ret = wc_Des3_CbcDecrypt( + info->cipher.des3.des, + info->cipher.des3.out, + info->cipher.des3.in, + info->cipher.des3.sz); + + /* reset devId */ + info->cipher.des3.des->devId = devIdArg; + } + } + #endif /* !NO_DES3 */ +#endif /* !NO_AES || !NO_DES3 */ + } +#if !defined(NO_SHA) || !defined(NO_SHA256) || \ + defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512) + else if (info->algo_type == WC_ALGO_TYPE_HASH) { + #if !defined(NO_SHA) + if (info->hash.type == WC_HASH_TYPE_SHA) { + if (info->hash.sha1 == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hash.sha1->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_ShaUpdate( + info->hash.sha1, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_ShaFinal( + info->hash.sha1, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha1->devId = devIdArg; + } + else + #endif + #if !defined(NO_SHA256) + if (info->hash.type == WC_HASH_TYPE_SHA256) { + if (info->hash.sha256 == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hash.sha256->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_Sha256Update( + info->hash.sha256, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_Sha256Final( + info->hash.sha256, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha256->devId = devIdArg; + } + else + #endif + #ifdef WOLFSSL_SHA384 + if (info->hash.type == WC_HASH_TYPE_SHA384) { + if (info->hash.sha384 == NULL) + return NOT_COMPILED_IN; + + #ifndef NO_SHA2_CRYPTO_CB + /* set devId to invalid, so software is used */ + info->hash.sha384->devId = INVALID_DEVID; + #endif + + if (info->hash.in != NULL) { + ret = wc_Sha384Update( + info->hash.sha384, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_Sha384Final( + info->hash.sha384, + info->hash.digest); + } + + #ifndef NO_SHA2_CRYPTO_CB + /* reset devId */ + info->hash.sha384->devId = devIdArg; + #endif + } + else + #endif + #ifdef WOLFSSL_SHA512 + if (info->hash.type == WC_HASH_TYPE_SHA512) { + if (info->hash.sha512 == NULL) + return NOT_COMPILED_IN; + + #ifndef NO_SHA2_CRYPTO_CB + /* set devId to invalid, so software is used */ + info->hash.sha512->devId = INVALID_DEVID; + #endif + + if (info->hash.in != NULL) { + ret = wc_Sha512Update( + info->hash.sha512, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_Sha512Final( + info->hash.sha512, + info->hash.digest); + } + + #ifndef NO_SHA2_CRYPTO_CB + /* reset devId */ + info->hash.sha512->devId = devIdArg; + #endif + } + else + #endif + #if defined(WOLFSSL_SHA3) && (!defined(HAVE_FIPS) || FIPS_VERSION_GE(6, 0)) + if (info->hash.type == WC_HASH_TYPE_SHA3_224) { + if (info->hash.sha3 == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hash.sha3->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_Sha3_224_Update( + info->hash.sha3, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_Sha3_224_Final( + info->hash.sha3, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha3->devId = devIdArg; + } + else if (info->hash.type == WC_HASH_TYPE_SHA3_256) { + if (info->hash.sha3 == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hash.sha3->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_Sha3_256_Update( + info->hash.sha3, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_Sha3_256_Final( + info->hash.sha3, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha3->devId = devIdArg; + } + else if (info->hash.type == WC_HASH_TYPE_SHA3_384) { + if (info->hash.sha3 == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hash.sha3->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_Sha3_384_Update( + info->hash.sha3, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_Sha3_384_Final( + info->hash.sha3, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha3->devId = devIdArg; + } + else if (info->hash.type == WC_HASH_TYPE_SHA3_512) { + if (info->hash.sha3 == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hash.sha3->devId = INVALID_DEVID; + + if (info->hash.in != NULL) { + ret = wc_Sha3_512_Update( + info->hash.sha3, + info->hash.in, + info->hash.inSz); + } + if (info->hash.digest != NULL) { + ret = wc_Sha3_512_Final( + info->hash.sha3, + info->hash.digest); + } + + /* reset devId */ + info->hash.sha3->devId = devIdArg; + } + else + #endif + { + } + } +#endif /* !NO_SHA || !NO_SHA256 */ +#ifdef WOLF_CRYPTO_CB_COPY + else if (info->algo_type == WC_ALGO_TYPE_COPY) { +#ifdef DEBUG_WOLFSSL + WOLFSSL_MSG_EX("CryptoDevCb: Copy Algo=%d Type=%d\n", + info->copy.algo, info->copy.type); +#endif + if (info->copy.algo == WC_ALGO_TYPE_HASH) { + switch (info->copy.type) { +#ifndef NO_SHA + case WC_HASH_TYPE_SHA: + { + wc_Sha* src = (wc_Sha*)info->copy.src; + wc_Sha* dst = (wc_Sha*)info->copy.dst; + src->devId = INVALID_DEVID; + ret = wc_ShaCopy(src, dst); + src->devId = devIdArg; + if (ret == 0) { + dst->devId = devIdArg; + } + break; + } +#endif +#ifdef WOLFSSL_SHA224 + case WC_HASH_TYPE_SHA224: + { + wc_Sha224* src = (wc_Sha224*)info->copy.src; + wc_Sha224* dst = (wc_Sha224*)info->copy.dst; + src->devId = INVALID_DEVID; + ret = wc_Sha224Copy(src, dst); + src->devId = devIdArg; + if (ret == 0) { + dst->devId = devIdArg; + } + break; + } +#endif +#ifndef NO_SHA256 + case WC_HASH_TYPE_SHA256: + { + /* Cast the source and destination to the correct type */ + /* Given as a void pointer initially for abstraction */ + wc_Sha256* src = (wc_Sha256*)info->copy.src; + wc_Sha256* dst = (wc_Sha256*)info->copy.dst; + /* set devId to invalid, so software is used */ + src->devId = INVALID_DEVID; + ret = wc_Sha256Copy(src, dst); + + /* reset devId */ + src->devId = devIdArg; + if (ret == 0) { + /* Set the devId of the destination to the same as the */ + /* since we used the software implementation of copy */ + /* so dst would have been set to INVALID_DEVID */ + dst->devId = devIdArg; + } + + break; + } +#endif /* !NO_SHA256 */ +#ifdef WOLFSSL_SHA384 + case WC_HASH_TYPE_SHA384: + { + wc_Sha384* src = (wc_Sha384*)info->copy.src; + wc_Sha384* dst = (wc_Sha384*)info->copy.dst; + src->devId = INVALID_DEVID; + ret = wc_Sha384Copy(src, dst); + src->devId = devIdArg; + if (ret == 0) { + dst->devId = devIdArg; + } + break; + } +#endif +#ifdef WOLFSSL_SHA512 + case WC_HASH_TYPE_SHA512: + { + wc_Sha512* src = (wc_Sha512*)info->copy.src; + wc_Sha512* dst = (wc_Sha512*)info->copy.dst; + src->devId = INVALID_DEVID; + ret = wc_Sha512Copy(src, dst); + src->devId = devIdArg; + if (ret == 0) { + dst->devId = devIdArg; + } + break; + } +#endif +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) + case WC_HASH_TYPE_SHA3_224: + { + wc_Sha3* src = (wc_Sha3*)info->copy.src; + wc_Sha3* dst = (wc_Sha3*)info->copy.dst; + src->devId = INVALID_DEVID; + ret = wc_Sha3_224_Copy(src, dst); + src->devId = devIdArg; + if (ret == 0) { + dst->devId = devIdArg; + } + break; + } +#endif +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + case WC_HASH_TYPE_SHA3_256: + { + wc_Sha3* src = (wc_Sha3*)info->copy.src; + wc_Sha3* dst = (wc_Sha3*)info->copy.dst; + src->devId = INVALID_DEVID; + ret = wc_Sha3_256_Copy(src, dst); + src->devId = devIdArg; + if (ret == 0) { + dst->devId = devIdArg; + } + break; + } +#endif +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) + case WC_HASH_TYPE_SHA3_384: + { + wc_Sha3* src = (wc_Sha3*)info->copy.src; + wc_Sha3* dst = (wc_Sha3*)info->copy.dst; + src->devId = INVALID_DEVID; + ret = wc_Sha3_384_Copy(src, dst); + src->devId = devIdArg; + if (ret == 0) { + dst->devId = devIdArg; + } + break; + } +#endif +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) + case WC_HASH_TYPE_SHA3_512: + { + wc_Sha3* src = (wc_Sha3*)info->copy.src; + wc_Sha3* dst = (wc_Sha3*)info->copy.dst; + src->devId = INVALID_DEVID; + ret = wc_Sha3_512_Copy(src, dst); + src->devId = devIdArg; + if (ret == 0) { + dst->devId = devIdArg; + } + break; + } +#endif + default: + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + break; + } + } + else { + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + } + } +#endif /* WOLF_CRYPTO_CB_COPY */ +#ifdef WOLF_CRYPTO_CB_FREE + else if (info->algo_type == WC_ALGO_TYPE_FREE) { +#ifdef DEBUG_WOLFSSL + WOLFSSL_MSG_EX("CryptoDevCb: Free Algo=%d Type=%d\n", + info->free.algo, info->free.type); +#endif + + if (info->free.algo == WC_ALGO_TYPE_HASH) { + switch (info->free.type) { +#ifndef NO_SHA + case WC_HASH_TYPE_SHA: + { + wc_Sha* sha = (wc_Sha*)info->free.obj; + sha->devId = INVALID_DEVID; + wc_ShaFree(sha); + ret = 0; + break; + } +#endif +#ifdef WOLFSSL_SHA224 + case WC_HASH_TYPE_SHA224: + { + wc_Sha224* sha = (wc_Sha224*)info->free.obj; + sha->devId = INVALID_DEVID; + wc_Sha224Free(sha); + ret = 0; + break; + } +#endif +#ifndef NO_SHA256 + case WC_HASH_TYPE_SHA256: + { + wc_Sha256* sha = (wc_Sha256*)info->free.obj; + /* set devId to invalid, so software is used */ + sha->devId = INVALID_DEVID; + + /* Call the actual free function */ + wc_Sha256Free(sha); + + /* Note: devId doesn't need to be restored as object is freed */ + ret = 0; + break; + } +#endif +#ifdef WOLFSSL_SHA384 + case WC_HASH_TYPE_SHA384: + { + wc_Sha384* sha = (wc_Sha384*)info->free.obj; + sha->devId = INVALID_DEVID; + wc_Sha384Free(sha); + ret = 0; + break; + } +#endif +#ifdef WOLFSSL_SHA512 + case WC_HASH_TYPE_SHA512: + { + wc_Sha512* sha = (wc_Sha512*)info->free.obj; + sha->devId = INVALID_DEVID; + wc_Sha512Free(sha); + ret = 0; + break; + } +#endif +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_224) + case WC_HASH_TYPE_SHA3_224: + { + wc_Sha3* sha = (wc_Sha3*)info->free.obj; + sha->devId = INVALID_DEVID; + wc_Sha3_224_Free(sha); + ret = 0; + break; + } +#endif +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_256) + case WC_HASH_TYPE_SHA3_256: + { + wc_Sha3* sha = (wc_Sha3*)info->free.obj; + sha->devId = INVALID_DEVID; + wc_Sha3_256_Free(sha); + ret = 0; + break; + } +#endif +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_384) + case WC_HASH_TYPE_SHA3_384: + { + wc_Sha3* sha = (wc_Sha3*)info->free.obj; + sha->devId = INVALID_DEVID; + wc_Sha3_384_Free(sha); + ret = 0; + break; + } +#endif +#if defined(WOLFSSL_SHA3) && !defined(WOLFSSL_NOSHA3_512) + case WC_HASH_TYPE_SHA3_512: + { + wc_Sha3* sha = (wc_Sha3*)info->free.obj; + sha->devId = INVALID_DEVID; + wc_Sha3_512_Free(sha); + ret = 0; + break; + } +#endif + default: + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + break; + } + } + else { + ret = WC_NO_ERR_TRACE(NOT_COMPILED_IN); + } + } +#endif /* WOLF_CRYPTO_CB_FREE */ +#ifndef NO_HMAC + else if (info->algo_type == WC_ALGO_TYPE_HMAC) { + if (info->hmac.hmac == NULL) + return NOT_COMPILED_IN; + + /* set devId to invalid, so software is used */ + info->hmac.hmac->devId = INVALID_DEVID; + + if (info->hmac.in != NULL) { + ret = wc_HmacUpdate( + info->hmac.hmac, + info->hmac.in, + info->hmac.inSz); + } + else if (info->hmac.digest != NULL) { + ret = wc_HmacFinal( + info->hmac.hmac, + info->hmac.digest); + } + + /* reset devId */ + info->hmac.hmac->devId = devIdArg; + } +#endif +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) + else if (info->algo_type == WC_ALGO_TYPE_CMAC) { + if (info->cmac.cmac == NULL) { + return NOT_COMPILED_IN; + } + + /* set devId to invalid so software is used */ + info->cmac.cmac->devId = INVALID_DEVID; + + /* Handle one-shot cases */ + if (info->cmac.key != NULL && info->cmac.in != NULL + && info->cmac.out != NULL) { + ret = wc_AesCmacGenerate(info->cmac.out, + info->cmac.outSz, + info->cmac.in, + info->cmac.inSz, + info->cmac.key, + info->cmac.keySz); + /* Sequentially handle incremental cases */ + } else { + if (info->cmac.key != NULL) { + ret = wc_InitCmac(info->cmac.cmac, + info->cmac.key, + info->cmac.keySz, + info->cmac.type, + NULL); + } + if ((ret == 0) && (info->cmac.in != NULL)) { + ret = wc_CmacUpdate(info->cmac.cmac, + info->cmac.in, + info->cmac.inSz); + } + if ((ret ==0) && (info->cmac.out != NULL)) { + ret = wc_CmacFinal(info->cmac.cmac, + info->cmac.out, + info->cmac.outSz); + } + } + + /* reset devId */ + info->cmac.cmac->devId = devIdArg; + } +#endif /* WOLFSSL_CMAC && !(NO_AES) && WOLFSSL_AES_DIRECT */ + else if (info->algo_type == WC_ALGO_TYPE_KDF) { + #if defined(HAVE_HKDF) && !defined(NO_HMAC) + if (info->kdf.type == WC_KDF_TYPE_HKDF) { + /* Redirect to software implementation for testing */ + #if !defined(HAVE_SELFTEST) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(7,0)) + ret = wc_HKDF_ex(info->kdf.hkdf.hashType, + info->kdf.hkdf.inKey, info->kdf.hkdf.inKeySz, + info->kdf.hkdf.salt, info->kdf.hkdf.saltSz, + info->kdf.hkdf.info, info->kdf.hkdf.infoSz, + info->kdf.hkdf.out, info->kdf.hkdf.outSz, + NULL, INVALID_DEVID); + #else + ret = wc_HKDF(info->kdf.hkdf.hashType, + info->kdf.hkdf.inKey, info->kdf.hkdf.inKeySz, + info->kdf.hkdf.salt, info->kdf.hkdf.saltSz, + info->kdf.hkdf.info, info->kdf.hkdf.infoSz, + info->kdf.hkdf.out, info->kdf.hkdf.outSz); + #endif + } + #endif /* HAVE_HKDF && !NO_HMAC */ + #if defined(HAVE_CMAC_KDF) + if (info->kdf.type == WC_KDF_TYPE_TWOSTEP_CMAC) { + /* Redirect to software implementation for testing */ + ret = wc_KDA_KDF_twostep_cmac( + info->kdf.twostep_cmac.salt, info->kdf.twostep_cmac.saltSz, + info->kdf.twostep_cmac.z, info->kdf.twostep_cmac.zSz, + info->kdf.twostep_cmac.fixedInfo, info->kdf.twostep_cmac.fixedInfoSz, + info->kdf.twostep_cmac.out, info->kdf.twostep_cmac.outSz, + NULL, INVALID_DEVID); + } + #endif /* HAVE_CMAC_KDF */ + } + + + (void)devIdArg; + (void)myCtx; + + return ret; +} + + +#ifdef WOLF_CRYPTO_CB_FIND +static int myCryptoCbFind(int currentId, int algoType) +{ + /* can have algo specific overrides here + switch (algoType) { + + i.e. + WC_ALGO_TYPE_CMAC + WC_ALGO_TYPE_SEED + WC_ALGO_TYPE_HMAC + WC_ALGO_TYPE_HASH + WC_ALGO_TYPE_CIPHER + WC_ALGO_TYPE_PK + + } + */ + (void)algoType; + + if (currentId == INVALID_DEVID) { + /* can override invalid devid found with 1 */ + } + return currentId; +} +#endif /* WOLF_CRYPTO_CB_FIND */ + + +#if !defined(WC_TEST_NO_CRYPTOCB_SW_TEST) +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void) +{ + wc_test_ret_t ret = 0; + int origDevId = devId; + myCryptoDevCtx myCtx; + WOLFSSL_ENTER("cryptocb_test"); + + /* example data for callback */ + myCtx.exampleVar = 1; + + /* set devId to something other than INVALID_DEVID */ + devId = 1; + ret = wc_CryptoCb_RegisterDevice(devId, myCryptoDevCb, &myCtx); + if (ret != 0) + ret = WC_TEST_RET_ENC_EC(ret); +#ifdef WOLF_CRYPTO_CB_FIND + wc_CryptoCb_SetDeviceFindCb(myCryptoCbFind); +#endif /* WOLF_CRYPTO_CB_FIND */ +#ifndef WC_NO_RNG + if (ret == 0) + ret = random_test(); +#endif /* WC_NO_RNG */ +#if !defined(NO_RSA) + PRIVATE_KEY_UNLOCK(); + if (ret == 0) + ret = rsa_test(); + PRIVATE_KEY_LOCK(); +#endif +#if defined(WOLF_CRYPTO_CB_ONLY_RSA) + PRIVATE_KEY_UNLOCK(); + if (ret == 0) + ret = rsa_onlycb_test(&myCtx); + PRIVATE_KEY_LOCK(); +#endif +#if defined(HAVE_ECC) + PRIVATE_KEY_UNLOCK(); + if (ret == 0) + ret = ecc_test(); + PRIVATE_KEY_LOCK(); +#endif +#if defined(WOLF_CRYPTO_CB_ONLY_ECC) + PRIVATE_KEY_UNLOCK(); + if (ret == 0) + ret = ecc_onlycb_test(&myCtx); + PRIVATE_KEY_LOCK(); +#endif +#ifdef HAVE_ED25519 + PRIVATE_KEY_UNLOCK(); + if (ret == 0) + ret = ed25519_test(); + PRIVATE_KEY_LOCK(); +#endif +#ifdef HAVE_CURVE25519 + if (ret == 0) + ret = curve25519_test(); +#endif +#ifndef NO_AES + #ifdef HAVE_AESGCM + if (ret == 0) + ret = aesgcm_test(); + #endif + #ifdef HAVE_AES_CBC + if (ret == 0) + ret = aes_test(); + #endif + #ifdef WOLFSSL_AES_XTS + if (ret == 0) + ret = aes_xts_test(); + #endif + #if defined(HAVE_AESCCM) && defined(WOLFSSL_AES_128) + if (ret == 0) + ret = aesccm_test(); + #endif +#endif /* !NO_AES */ +#ifndef NO_DES3 + if (ret == 0) + ret = des3_test(); +#endif /* !NO_DES3 */ +#ifndef NO_SHA + if (ret == 0) + ret = sha_test(); +#endif +#ifdef WOLFSSL_SHA224 + if (ret == 0) + ret = sha224_test(); +#endif +#ifndef NO_SHA256 + if (ret == 0) + ret = sha256_test(); +#endif +#ifdef WOLFSSL_SHA384 + if (ret == 0) + ret = sha384_test(); +#endif +#ifdef WOLFSSL_SHA512 + if (ret == 0) + ret = sha512_test(); +#ifdef WOLFSSL_SHA3 + if (ret == 0) + ret = sha3_test(); +#endif +#endif +#ifndef NO_HMAC + #ifndef NO_SHA + if (ret == 0) + ret = hmac_sha_test(); + #endif + #ifndef NO_SHA256 + if (ret == 0) + ret = hmac_sha256_test(); + #endif + #ifdef WOLFSSL_SHA3 + if (ret == 0) + ret = hmac_sha3_test(); + #endif +#endif +#if defined(HAVE_HKDF) && !defined(NO_HMAC) + if (ret == 0) + ret = hkdf_test(); +#endif +#if defined(HAVE_CMAC_KDF) + if (ret == 0) + ret = nist_sp80056c_twostep_cmac(); +#endif /* HAVE_CMAC_KDF */ +#ifndef NO_PWDBASED + #if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC) + PRIVATE_KEY_UNLOCK(); + if (ret == 0) + ret = pbkdf2_test(); + PRIVATE_KEY_LOCK(); + #endif +#endif +#if defined(WOLFSSL_CMAC) && !defined(NO_AES) + if (ret == 0) + ret = cmac_test(); +#endif + + wc_CryptoCb_UnRegisterDevice(devId); + + /* restore devId */ + devId = origDevId; + + return ret; +} +#endif /* ! WC_TEST_NO_CRYPTOCB_SW_TEST */ +#endif /* WOLF_CRYPTO_CB */ + +#ifdef WOLFSSL_CERT_PIV +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void) +{ + wc_test_ret_t ret; + wc_CertPIV piv; + + /* Template for Identiv PIV cert, nonce and signature */ + WOLFSSL_SMALL_STACK_STATIC const byte pivCertIdentiv[] = { + 0x0A, 0x0B, + 0x53, 0x09, /* NIST PIV Cert */ + 0x70, 0x02, /* Certificate */ + 0x30, 0x00, + 0x71, 0x01, 0x05, /* Cert Info */ + 0xFE, 0x00, /* Error Detection */ + 0x0B, 0x01, 0x00, /* Nonce */ + 0x0C, 0x01, 0x00, /* Signed Nonce */ + }; + /* PIV certificate data including certificate, info and error detection. */ + WOLFSSL_SMALL_STACK_STATIC const byte pivCert[] = { + 0x53, 0x09, /* NIST PIV Cert */ + 0x70, 0x02, /* Certificate */ + 0x30, 0x00, + 0x71, 0x01, 0x04, /* Cert Info */ + 0xFE, 0x00, /* Error Detection */ + }; + WOLFSSL_ENTER("certpiv_test"); + + XMEMSET(&piv, 0, sizeof(piv)); + /* Test with Identiv 0x0A, 0x0B and 0x0C markers */ + ret = wc_ParseCertPIV(&piv, pivCertIdentiv, sizeof(pivCertIdentiv)); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + if (!piv.isIdentiv) { + return WC_TEST_RET_ENC_NC; + } + if ((piv.cert == NULL) || (piv.certSz != 2)) { + return WC_TEST_RET_ENC_NC; + } + if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) { + return WC_TEST_RET_ENC_NC; + } + if ((piv.compression != ASN_PIV_CERT_INFO_GZIP)) { + return WC_TEST_RET_ENC_NC; + } + if (!piv.isX509) { + return WC_TEST_RET_ENC_NC; + } + if ((piv.nonce == NULL) || (piv.nonceSz != 1)) { + return WC_TEST_RET_ENC_NC; + } + if ((piv.signedNonce == NULL) || (piv.signedNonceSz != 1)) { + return WC_TEST_RET_ENC_NC; + } + + XMEMSET(&piv, 0, sizeof(piv)); + /* Test with NIST PIV format */ + ret = wc_ParseCertPIV(&piv, pivCert, sizeof(pivCert)); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + if (piv.isIdentiv) { + return WC_TEST_RET_ENC_NC; + } + if ((piv.cert == NULL) || (piv.certSz != 2)) { + return WC_TEST_RET_ENC_NC; + } + if ((piv.certErrDet == NULL) || (piv.certErrDetSz != 0)) { + return WC_TEST_RET_ENC_NC; + } + if ((piv.compression != 0)) { + return WC_TEST_RET_ENC_NC; + } + if (!piv.isX509) { + return WC_TEST_RET_ENC_NC; + } + + return ret; +} +#endif /* WOLFSSL_CERT_PIV */ + +#if !defined(NO_ASN) && !defined(NO_ASN_TIME) +static time_t time_cb(time_t* t) +{ + if (t != NULL) { + *t = 99; + } + + return 99; +} + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t time_test(void) +{ + time_t t; + wc_test_ret_t ret; + WOLFSSL_ENTER("time_test"); + + ret = wc_SetTimeCb(time_cb); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + t = wc_Time(NULL); + if (t != 99) + return WC_TEST_RET_ENC_NC; + ret = wc_GetTime(&t, sizeof(time_t)); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + if (t != 99) + return WC_TEST_RET_ENC_NC; + ret = wc_SetTimeCb(NULL); + if (ret != 0) + return WC_TEST_RET_ENC_EC(ret); + + return 0; +} +#endif + +#if defined(WOLFSSL_AES_SIV) && defined(WOLFSSL_AES_128) + +typedef struct { + const byte key[33]; + word32 keySz; + const byte nonce[49]; + word32 nonceSz; + byte numAssoc; + const byte assoc1[81]; + word32 assoc1Sz; + const byte assoc2[11]; + word32 assoc2Sz; + const byte plaintext[83]; + word32 plaintextSz; + const byte siv[WC_AES_BLOCK_SIZE+1]; + const byte ciphertext[82]; + word32 ciphertextSz; +} AesSivTestVector; + +#define AES_SIV_TEST_VECTORS 9 + +WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void) +{ + WOLFSSL_SMALL_STACK_STATIC const AesSivTestVector testVectors[AES_SIV_TEST_VECTORS] = { + /* These test vectors come from chrony 4.1's SIV unit tests. */ + { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde" + "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32, + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16, + 1, + "", 0, + "", 0, + "", 0, + "\x22\x3e\xb5\x94\xe0\xe0\x25\x4b\x00\x25\x8e\x21\x9a\x1c\xa4\x21", + "", 0 + }, + { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde" + "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32, + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16, + 1, + "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16, + "", 0, + "", 0, + "\xd7\x20\x19\x89\xc6\xdb\xc6\xd6\x61\xfc\x62\xbc\x86\x5e\xee\xef", + "", 0 + }, + { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde" + "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32, + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16, + 1, + "", 0, + "", 0, + "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16, + "\xb6\xc1\x60\xe9\xc2\xfd\x2a\xe8\xde\xc5\x36\x8b\x2a\x33\xed\xe1", + "\x14\xff\xb3\x97\x34\x5c\xcb\xe4\x4a\xa4\xde\xac\xd9\x36\x90\x46", 16 + }, + { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde" + "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32, + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e", 15, + 1, + "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c", 15, + "", 0, + "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4", 15, + "\x03\x8c\x41\x51\xba\x7a\x8f\x77\x6e\x56\x31\x99\x42\x0b\xc7\x03", + "\xe7\x6c\x67\xc9\xda\xb7\x0d\x5b\x44\x06\x26\x5a\xd0\xd2\x3b", 15 + }, + { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde" + "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32, + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f", 16, + 1, + "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b", 16, + "", 0, + "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7", 16, + "\x5c\x05\x23\x65\xf4\x57\x0a\xa0\xfb\x38\x3e\xce\x9b\x75\x85\xeb", + "\x68\x85\x19\x36\x0c\x7c\x48\x11\x40\xcb\x9b\x57\x9a\x0e\x65\x32", 16 + }, + { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde" + "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32, + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" + "\xd5", 17, + 1, + "\x4c\x9d\x4f\xca\xed\x8a\xe2\xba\xad\x3f\x3e\xa6\xe9\x3c\x8c\x8b" + "\xa0", 17, + "", 0, + "\xba\x99\x79\x31\x23\x7e\x3c\x53\x58\x7e\xd4\x93\x02\xab\xe4\xa7" + "\x08", 17, + "\xaf\x58\x4b\xe7\x82\x1e\x96\x19\x29\x91\x25\xe0\xdd\x80\x3b\x49", + "\xa5\x11\xcd\xb6\x08\xf3\x76\xa0\xb6\xfa\x15\x82\xf3\x95\xe1\xeb" + "\xbd", 17 + }, + { "\x01\x23\x45\x67\x89\xab\xcd\xef\xf0\x12\x34\x56\x78\x9a\xbc\xde" + "\xef\x01\x23\x45\x67\x89\xab\xcd\xde\xf0\x12\x34\x56\x78\x9a\xbc", 32, + "\xb0\x5a\x1b\xc7\x56\xe7\xb6\x2c\xb4\x85\xe5\x56\xa5\x28\xc0\x6c" + "\x2f\x3b\x0b\x9d\x1a\x0c\xdf\x69\x47\xe0\xcc\xc0\x87\xaa\x5c\x09" + "\x98\x48\x8d\x6a\x8e\x1e\x05\xd7\x8b\x68\x74\x83\xb5\x1d\xf1\x2c", 48, + 1, + "\xe5\x8b\xd2\x6a\x30\xc5\xc5\x61\xcc\xbd\x7c\x27\xbf\xfe\xf9\x06" + "\x00\x5b\xd7\xfc\x11\x0b\xcf\x16\x61\xef\xac\x05\xa7\xaf\xec\x27" + "\x41\xc8\x5e\x9e\x0d\xf9\x2f\xaf\x20\x79\x17\xe5\x17\x91\x2a\x27" + "\x34\x1c\xbc\xaf\xeb\xef\x7f\x52\xe7\x1e\x4c\x2a\xca\xbd\x2b\xbe" + "\x34\xd6\xfb\x69\xd3\x3e\x49\x59\x60\xb4\x26\xc9\xb8\xce\xba", 79, + "", 0, + "\x6c\xe7\xcf\x7e\xab\x7b\xa0\xe1\xa7\x22\xcb\x88\xde\x5e\x42\xd2" + "\xec\x79\xe0\xa2\xcf\x5f\x0f\x6f\x6b\x89\x57\xcd\xae\x17\xd4\xc2" + "\xf3\x1b\xa2\xa8\x13\x78\x23\x2f\x83\xa8\xd4\x0c\xc0\xd2\xf3\x99" + "\xae\x81\xa1\xca\x5b\x5f\x45\xa6\x6f\x0c\x8a\xf3\xd4\x67\x40\x81" + "\x26\xe2\x01\x86\xe8\x5a\xd5\xf8\x58\x80\x9f\x56\xaa\x76\x96\xbf" + "\x31", 81, + "\x9a\x06\x33\xe0\xee\x00\x6a\x9b\xc8\x20\xd5\xe2\xc2\xed\xb5\x75", + "\xfa\x9e\x42\x2a\x31\x6b\xda\xca\xaa\x7d\x31\x8b\x84\x7a\xb8\xd7" + "\x8a\x81\x25\x64\xed\x41\x9b\xa9\x77\x10\xbd\x05\x0c\x4e\xc5\x31" + "\x0c\xa2\x86\xec\x8a\x94\xc8\x24\x23\x3c\x13\xee\xa5\x51\xc9\xdf" + "\x48\xc9\x55\xc5\x2f\x40\x73\x3f\x98\xbb\x8d\x69\x78\x46\x64\x17" + "\x8d\x49\x2f\x14\x62\xa4\x7c\x2a\x57\x38\x87\xce\xc6\x72\xd3\x5c" + "\xa1", 81 + }, + /* Example A.1 from RFC5297 */ + { + "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0" + "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff", 32, + "", 0, + 1, + "\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f" + "\x20\x21\x22\x23\x24\x25\x26\x27", 24, + "", 0, + "\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee", 14, + "\x85\x63\x2d\x07\xc6\xe8\xf3\x7f\x95\x0a\xcd\x32\x0a\x2e\xcc\x93", + "\x40\xc0\x2b\x96\x90\xc4\xdc\x04\xda\xef\x7f\x6a\xfe\x5c", 14 + }, + /* Example A.2 from RFC5297 */ + { + "\x7f\x7e\x7d\x7c\x7b\x7a\x79\x78\x77\x76\x75\x74\x73\x72\x71\x70" + "\x40\x41\x42\x43\x44\x45\x46\x47\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f", 32, + "\x09\xf9\x11\x02\x9d\x74\xe3\x5b\xd8\x41\x56\xc5\x63\x56\x88\xc0", 16, + 2, + "\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff" + "\xde\xad\xda\xda\xde\xad\xda\xda\xff\xee\xdd\xcc\xbb\xaa\x99\x88" + "\x77\x66\x55\x44\x33\x22\x11\x00", 40, + "\x10\x20\x30\x40\x50\x60\x70\x80\x90\xa0", 10, + "\x74\x68\x69\x73\x20\x69\x73\x20\x73\x6f\x6d\x65\x20\x70\x6c\x61" + "\x69\x6e\x74\x65\x78\x74\x20\x74\x6f\x20\x65\x6e\x63\x72\x79\x70" + "\x74\x20\x75\x73\x69\x6e\x67\x20\x53\x49\x56\x2d\x41\x45\x53", 47, + "\x7b\xdb\x6e\x3b\x43\x26\x67\xeb\x06\xf4\xd1\x4b\xff\x2f\xbd\x0f", + "\xcb\x90\x0f\x2f\xdd\xbe\x40\x43\x26\x60\x19\x65\xc8\x89\xbf\x17" + "\xdb\xa7\x7c\xeb\x09\x4f\xa6\x63\xb7\xa3\xf7\x48\xba\x8a\xf8\x29" + "\xea\x64\xad\x54\x4a\x27\x2e\x9c\x48\x5b\x62\xa3\xfd\x5c\x0d", 47 + } + }; + int i; + byte computedCiphertext[82]; + byte computedPlaintext[82]; + byte siv[WC_AES_BLOCK_SIZE]; + wc_test_ret_t ret = 0; + WOLFSSL_ENTER("aes_siv_test"); + + /* First test legacy "exactly one Assoc" interface. */ + for (i = 0; i < AES_SIV_TEST_VECTORS; ++i) { + if (testVectors[i].numAssoc != 1) + continue; + + ret = wc_AesSivEncrypt(testVectors[i].key, testVectors[i].keySz, + testVectors[i].assoc1, testVectors[i].assoc1Sz, + testVectors[i].nonce, testVectors[i].nonceSz, + testVectors[i].plaintext, + testVectors[i].plaintextSz, siv, + computedCiphertext); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + ret = XMEMCMP(siv, testVectors[i].siv, WC_AES_BLOCK_SIZE); + if (ret != 0) { + return WC_TEST_RET_ENC_NC; + } + ret = XMEMCMP(computedCiphertext, testVectors[i].ciphertext, + testVectors[i].ciphertextSz); + if (ret != 0) { + return WC_TEST_RET_ENC_NC; + } + ret = wc_AesSivDecrypt(testVectors[i].key, testVectors[i].keySz, + testVectors[i].assoc1, testVectors[i].assoc1Sz, + testVectors[i].nonce, testVectors[i].nonceSz, + computedCiphertext, testVectors[i].plaintextSz, + siv, computedPlaintext); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + ret = XMEMCMP(computedPlaintext, testVectors[i].plaintext, + testVectors[i].plaintextSz); + if (ret != 0) { + return WC_TEST_RET_ENC_NC; + } + } + + /* Then test "multiple Assoc" interface. */ + for (i = 0; i < AES_SIV_TEST_VECTORS; ++i) { + const struct AesSivAssoc assoc[2] = { + { testVectors[i].assoc1, testVectors[i].assoc1Sz }, + { testVectors[i].assoc2, testVectors[i].assoc2Sz } + }; + + ret = wc_AesSivEncrypt_ex(testVectors[i].key, testVectors[i].keySz, + assoc, testVectors[i].numAssoc, + testVectors[i].nonce, testVectors[i].nonceSz, + testVectors[i].plaintext, + testVectors[i].plaintextSz, siv, + computedCiphertext); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + ret = XMEMCMP(siv, testVectors[i].siv, WC_AES_BLOCK_SIZE); + if (ret != 0) { + return WC_TEST_RET_ENC_NC; + } + ret = XMEMCMP(computedCiphertext, testVectors[i].ciphertext, + testVectors[i].ciphertextSz); + if (ret != 0) { + return WC_TEST_RET_ENC_NC; + } + ret = wc_AesSivDecrypt_ex(testVectors[i].key, testVectors[i].keySz, + assoc, testVectors[i].numAssoc, + testVectors[i].nonce, testVectors[i].nonceSz, + computedCiphertext, + testVectors[i].plaintextSz, siv, + computedPlaintext); + if (ret != 0) { + return WC_TEST_RET_ENC_EC(ret); + } + ret = XMEMCMP(computedPlaintext, testVectors[i].plaintext, + testVectors[i].plaintextSz); + if (ret != 0) { + return WC_TEST_RET_ENC_NC; + } + } + + return 0; +} +#endif + +#undef ERROR_OUT + +static WC_MAYBE_UNUSED const int fiducial4 = WC_TEST_RET_LN; + +/* print the fiducial line numbers assigned above, allowing confirmation of + * source code version match when in doubt. + */ +static void print_fiducials(void) { + printf(" [fiducial line numbers: %d %d %d %d]\n", + fiducial1, fiducial2, fiducial3, fiducial4); +} + +#else /* NO_CRYPT_TEST && !WC_TEST_EXPORT_SUBTESTS */ + #ifndef NO_MAIN_DRIVER + int main(void) { return 0; } + #endif +#endif /* NO_CRYPT_TEST && !WC_TEST_EXPORT_SUBTESTS */ diff --git a/test/ssl/wolfssl/wolfcrypt/test/test.h b/test/ssl/wolfssl/wolfcrypt/test/test.h new file mode 100644 index 000000000..55058f63c --- /dev/null +++ b/test/ssl/wolfssl/wolfcrypt/test/test.h @@ -0,0 +1,397 @@ +/* wolfcrypt/test/test.h + * + * Copyright (C) 2006-2025 wolfSSL Inc. + * + * This file is part of wolfSSL. + * + * wolfSSL is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * wolfSSL is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA + */ + + +#ifndef WOLFCRYPT_TEST_H +#define WOLFCRYPT_TEST_H + +#include + +#ifdef __cplusplus + extern "C" { +#endif + +#ifdef WC_TEST_RET_CUSTOM_TYPE + typedef WC_TEST_RET_CUSTOM_TYPE wc_test_ret_t; +#else + typedef sword32 wc_test_ret_t; +#endif + +#include + +#include + +#ifdef HAVE_STACK_SIZE +THREAD_RETURN WOLFSSL_THREAD wolfcrypt_test(void* args); +#else +wc_test_ret_t wolfcrypt_test(void* args); +#endif + +void wc_test_render_error_message(const char* msg, wc_test_ret_t es); + +#ifndef NO_MAIN_DRIVER +wc_test_ret_t wolfcrypt_test_main(int argc, char** argv); +#endif + +#if defined(WOLFSSL_ESPIDF) || defined(_WIN32_WCE) +int wolf_test_task(void); +#endif + +#ifndef WC_TEST_RET_HAVE_CUSTOM_MACROS + +#define WC_TEST_RET_TAG_NC 0L +#define WC_TEST_RET_TAG_EC 1L +#define WC_TEST_RET_TAG_ERRNO 2L +#define WC_TEST_RET_TAG_I 3L + +wc_static_assert(-(long)MIN_CODE_E < 0x7ffL); + +#define WC_TEST_RET_ENC(line, i, tag) \ + ((wc_test_ret_t)(-((wc_test_ret_t)(line) + ((wc_test_ret_t)((word32)(i) & 0x7ffL) * 100000L) + ((wc_test_ret_t)(tag) << 29L)))) + +#ifndef WC_TEST_RET_LN +#define WC_TEST_RET_LN __LINE__ +#endif + +/* encode no code */ +#define WC_TEST_RET_ENC_NC WC_TEST_RET_ENC(WC_TEST_RET_LN, 0, WC_TEST_RET_TAG_NC) + +/* encode positive integer */ +#define WC_TEST_RET_ENC_I(i) WC_TEST_RET_ENC(WC_TEST_RET_LN, i, WC_TEST_RET_TAG_I) + +/* encode error code (negative integer) */ +#define WC_TEST_RET_ENC_EC(ec) WC_TEST_RET_ENC(WC_TEST_RET_LN, -(ec), WC_TEST_RET_TAG_EC) + +/* encode system/libc error code */ +#if defined(HAVE_ERRNO_H) && !defined(NO_FILESYSTEM) && \ + !defined(NO_STDIO_FILESYSTEM) && !defined(WOLFSSL_USER_IO) +#include +#define WC_TEST_RET_ENC_ERRNO WC_TEST_RET_ENC(WC_TEST_RET_LN, errno, WC_TEST_RET_TAG_ERRNO) +#else +#define WC_TEST_RET_ENC_ERRNO WC_TEST_RET_ENC_NC +#endif + +#define WC_TEST_RET_DEC_TAG(x) ((-(x)) >> 29L) + +/* decode line number */ +#define WC_TEST_RET_DEC_LN(x) ((int)(((-(x)) & ~(3L << 29L)) % 100000L)) + +/* decode integer or errno */ +#define WC_TEST_RET_DEC_I(x) ((int)((((-(x)) & ~(3L << 29L)) / 100000L))) + +/* decode error code */ +#define WC_TEST_RET_DEC_EC(x) ((int)(-WC_TEST_RET_DEC_I(x))) + +#endif /* !WC_TEST_RET_HAVE_CUSTOM_MACROS */ + +#ifdef WC_TEST_EXPORT_SUBTESTS + +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base64_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t base16_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t asn_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md2_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md5_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t md4_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha224_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha256_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_test(void); +#if !defined(WOLFSSL_NOSHA512_224) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_224_test(void); +#endif +#if !defined(WOLFSSL_NOSHA512_256) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha512_256_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha384_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sha3_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake128_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t shake256_test(void); +#ifdef WOLFSSL_SM3 +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm3_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hash_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_md5_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha224_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha256_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha384_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha512_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hmac_sha3_test(void); +#if defined(HAVE_HKDF) && !defined(NO_HMAC) +#if defined(WOLFSSL_AFALG_XILINX) || defined(WOLFSSL_AFALG_XILINX_AES) || \ + defined(WOLFSSL_AFALG_XILINX_SHA3) || defined(WOLFSSL_AFALG_HASH_KEEP) || \ + defined(WOLFSSL_AFALG_XILINX_RSA) +/* hkdf_test has issue with extern WOLFSSL_TEST_SUBROUTINE set on Xilinx with afalg */ +static wc_test_ret_t hkdf_test(void); +#else +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void); +#endif +#endif /* HAVE_HKDF && ! NO_HMAC */ +#ifdef WOLFSSL_HAVE_PRF +#if defined(HAVE_HKDF) && !defined(NO_HMAC) +#ifdef WOLFSSL_BASE16 +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls12_kdf_test(void); +#endif /* WOLFSSL_BASE16 */ +#endif /* WOLFSSL_HAVE_HKDF && !NO_HMAC */ +#endif /* WOLFSSL_HAVE_PRF */ +#if defined(WOLFSSL_HAVE_PRF) && !defined(NO_HMAC) && defined(WOLFSSL_SHA384) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prf_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sshkdf_test(void); +#ifdef WOLFSSL_TLS13 +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t tls13_kdf_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t x963kdf_test(void); +#if defined(HAVE_HPKE) && defined(HAVE_ECC) && defined(HAVE_AESGCM) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hpke_test(void); +#endif +#ifdef WC_SRTP_KDF +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t arc4_test(void); +#ifdef WC_RC2 +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rc2_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t chacha20_poly1305_aead_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t XChaCha20Poly1305_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t des3_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cbc_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_ctr_test(void); +#if defined(WOLFSSL_AES_CFB) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_cfb_test(void); +#endif +#ifdef WOLFSSL_AES_XTS +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_xts_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes192_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes256_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesofb_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cmac_test(void); +#ifdef HAVE_ASCON +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_hash256_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ascon_aead128_test(void); +#endif +#if defined(WOLFSSL_SIPHASH) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t siphash_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t poly1305_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesgcm_default_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t gmac_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aesccm_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aeskeywrap_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t camellia_test(void); +#ifdef WOLFSSL_SM4 +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sm4_test(void); +#endif +#ifdef WC_RSA_NO_PADDING +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_no_pad_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t rsa_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dh_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dsa_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srp_test(void); +#ifndef WC_NO_RNG +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t random_test(void); +#endif /* WC_NO_RNG */ +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pwdbased_test(void); +#if defined(USE_CERT_BUFFERS_2048) && \ + defined(HAVE_PKCS12) && \ + !defined(NO_ASN) && !defined(NO_PWDBASED) && !defined(NO_HMAC) && \ + !defined(NO_CERTS) && !defined(NO_DES3) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ripemd_test(void); +#if defined(OPENSSL_EXTRA) && !defined(WOLFCRYPT_ONLY) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_test(void); /* test mini api */ + +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey0_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_pkey1_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openSSL_evpMD_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t openssl_evpSig_test(void); +#endif + +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf1_test(void); +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs12_pbkdf_test(void); +#if defined(HAVE_PBKDF2) && !defined(NO_SHA256) && !defined(NO_HMAC) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pbkdf2_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t scrypt_test(void); +#ifdef HAVE_ECC + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test(void); + #if defined(HAVE_ECC_ENCRYPT) && defined(HAVE_AES_CBC) && \ + (defined(WOLFSSL_AES_128) || defined(WOLFSSL_AES_256)) + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_encrypt_test(void); + #endif + #if defined(USE_CERT_BUFFERS_256) && !defined(WOLFSSL_ATECC508A) && \ + !defined(WOLFSSL_ATECC608A) && !defined(NO_ECC256) && \ + defined(HAVE_ECC_VERIFY) && defined(HAVE_ECC_SIGN) && \ + !defined(WOLF_CRYPTO_CB_ONLY_ECC) && !defined(NO_ECC_SECP) + /* skip for ATECC508/608A, cannot import private key buffers */ + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ecc_test_buffers(void); + #endif +#endif +#ifdef HAVE_CURVE25519 + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve25519_test(void); +#endif +#ifdef HAVE_ED25519 + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed25519_test(void); +#endif +#ifdef HAVE_CURVE448 + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t curve448_test(void); +#endif +#ifdef HAVE_ED448 + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t ed448_test(void); +#endif +#ifdef WOLFSSL_HAVE_MLKEM + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mlkem_test(void); +#endif +#ifdef HAVE_DILITHIUM + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t dilithium_test(void); +#endif +#if defined(WOLFSSL_HAVE_XMSS) + #if !defined(WOLFSSL_SMALL_STACK) && WOLFSSL_XMSS_MIN_HEIGHT <= 10 + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test_verify_only(void); + #endif + #if !defined(WOLFSSL_XMSS_VERIFY_ONLY) + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t xmss_test(void); + #endif +#endif +#if defined(WOLFSSL_HAVE_LMS) + #if !defined(WOLFSSL_SMALL_STACK) + #if (defined(WOLFSSL_WC_LMS) && (LMS_MAX_HEIGHT >= 10) && \ + !defined(WOLFSSL_NO_LMS_SHA256_256)) || defined(HAVE_LIBLMS) + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test_verify_only(void); + #endif + #endif + #if !defined(WOLFSSL_LMS_VERIFY_ONLY) + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t lms_test(void); + #endif +#endif +#ifdef WOLFCRYPT_HAVE_ECCSI + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t eccsi_test(void); +#endif +#ifdef WOLFCRYPT_HAVE_SAKKE + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t sakke_test(void); +#endif +#ifdef HAVE_BLAKE2 + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2b_test(void); +#endif +#ifdef HAVE_BLAKE2S + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blake2s_test(void); +#endif +#ifdef HAVE_LIBZ + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t compress_test(void); +#endif +#ifdef HAVE_PKCS7 + #ifndef NO_PKCS7_ENCRYPTED_DATA + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7encrypted_test(void); + #endif + #if defined(HAVE_LIBZ) && !defined(NO_PKCS7_COMPRESSED_DATA) + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7compressed_test(void); + #endif + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7signed_test(void); + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7enveloped_test(void); + #if defined(HAVE_AESGCM) || defined(HAVE_AESCCM) + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7authenveloped_test(void); + #endif + #if !defined(NO_AES) && defined(HAVE_AES_CBC) + extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t pkcs7callback_test(byte* cert, word32 certSz, byte* key, + word32 keySz); + #endif +#endif +#if !defined(NO_ASN_TIME) && !defined(NO_RSA) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cert_test(void); +#endif +#if defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_TEST_CERT) && \ + !defined(NO_FILESYSTEM) && !defined(NO_RSA) && defined(WOLFSSL_GEN_CERT) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certext_test(void); +#endif +#if defined(WOLFSSL_CERT_GEN_CACHE) && defined(WOLFSSL_TEST_CERT) && \ + defined(WOLFSSL_CERT_EXT) && defined(WOLFSSL_CERT_GEN) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t decodedCertCache_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memory_test(void); +#if defined(WOLFSSL_PUBLIC_MP) && \ + ((defined(WOLFSSL_SP_MATH_ALL) && !defined(WOLFSSL_RSA_VERIFY_ONLY)) || \ + defined(USE_FAST_MATH)) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mp_test(void); +#endif +#if defined(WOLFSSL_PUBLIC_MP) && defined(WOLFSSL_KEY_GEN) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t prime_test(void); +#endif +#if defined(ASN_BER_TO_DER) && \ + (defined(WOLFSSL_TEST_CERT) || defined(OPENSSL_EXTRA) || \ + defined(OPENSSL_EXTRA_X509_SMALL)) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t berder_test(void); +#endif +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t logging_test(void); +#if !defined(NO_ASN) && !defined(NO_ASN_TIME) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t time_test(void); +#endif +#if defined(__INCLUDE_NUTTX_CONFIG_H) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t wolfcrypt_mutex_test(void); +#else +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t mutex_test(void); +#endif +#if defined(USE_WOLFSSL_MEMORY) && !defined(FREERTOS) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t memcb_test(void); +#endif +#ifdef WOLFSSL_CAAM_BLOB +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t blob_test(void); +#endif +#ifdef HAVE_ARIA +#include "wolfssl/wolfcrypt/port/aria/aria-crypt.h" +void printOutput(const char *strName, unsigned char *data, unsigned int dataSz); +extern WOLFSSL_TEST_SUBROUTINE int ariagcm_test(MC_ALGID); +#endif + +#if defined(WOLF_CRYPTO_CB) && !defined(WC_TEST_NO_CRYPTOCB_SW_TEST) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t cryptocb_test(void); +#endif +#ifdef WOLFSSL_CERT_PIV +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t certpiv_test(void); +#endif +#ifdef WOLFSSL_AES_SIV +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_siv_test(void); +#endif + +#if defined(WOLFSSL_AES_EAX) && \ + (!defined(HAVE_FIPS) || FIPS_VERSION_GE(5, 3)) && !defined(HAVE_SELFTEST) +extern WOLFSSL_TEST_SUBROUTINE wc_test_ret_t aes_eax_test(void); +#endif /* WOLFSSL_AES_EAX */ + +#endif /* WC_TEST_EXPORT_SUBTESTS */ + +#ifdef __cplusplus + } /* extern "C" */ +#endif + + +#endif /* WOLFCRYPT_TEST_H */ diff --git a/test/test.cpp b/test/test.cpp index 4e84c5a69..da3e37935 100644 --- a/test/test.cpp +++ b/test/test.cpp @@ -39,6 +39,7 @@ std::ostream& operator<<(std::ostream& stream, namespace test { +// CERT_WRITE_TEMP_DIR defined by build should match as "tests/". const std::string directory = "tests"; bool clear(const std::filesystem::path& file_directory) NOEXCEPT diff --git a/test/test.hpp b/test/test.hpp index 406b741d6..3005e92c3 100644 --- a/test/test.hpp +++ b/test/test.hpp @@ -23,8 +23,9 @@ #include #include +#include - // copied from libbitcoin-system-test +// copied from libbitcoin-system-test #define TEST_NAME \ boost::unit_test::framework::current_test_case().p_name.get() @@ -109,12 +110,39 @@ struct directory_setup_fixture { BOOST_REQUIRE(clear(directory)); } + ~directory_setup_fixture() NOEXCEPT { BOOST_REQUIRE(clear(directory)); } }; +struct current_directory_setup_fixture +{ + DELETE_COPY_MOVE(current_directory_setup_fixture); + + current_directory_setup_fixture() NOEXCEPT + : error_{}, previous_(std::filesystem::current_path(error_)) + { + BOOST_REQUIRE(!error_); + + BOOST_REQUIRE(clear(directory)); + std::filesystem::current_path(directory, error_); + BOOST_REQUIRE(!error_); + } + + ~current_directory_setup_fixture() NOEXCEPT + { + std::filesystem::current_path(previous_, error_); + BOOST_REQUIRE(!error_); + BOOST_REQUIRE(clear(directory)); + } + +private: + std::error_code error_; + std::filesystem::path previous_; +}; + } // namespace test #endif